xref: /openbmc/linux/arch/powerpc/kernel/head_40x.S (revision 6db6b729) 
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 *    Copyright (c) 1995-1996 Gary Thomas <gdt@linuxppc.org>
4 *      Initial PowerPC version.
5 *    Copyright (c) 1996 Cort Dougan <cort@cs.nmt.edu>
6 *      Rewritten for PReP
7 *    Copyright (c) 1996 Paul Mackerras <paulus@cs.anu.edu.au>
8 *      Low-level exception handers, MMU support, and rewrite.
9 *    Copyright (c) 1997 Dan Malek <dmalek@jlc.net>
10 *      PowerPC 8xx modifications.
11 *    Copyright (c) 1998-1999 TiVo, Inc.
12 *      PowerPC 403GCX modifications.
13 *    Copyright (c) 1999 Grant Erickson <grant@lcse.umn.edu>
14 *      PowerPC 403GCX/405GP modifications.
15 *    Copyright 2000 MontaVista Software Inc.
16 *	PPC405 modifications
17 *      PowerPC 403GCX/405GP modifications.
18 * 	Author: MontaVista Software, Inc.
19 *         	frank_rowand@mvista.com or source@mvista.com
20 * 	   	debbie_chu@mvista.com
21 *
22 *    Module name: head_4xx.S
23 *
24 *    Description:
25 *      Kernel execution entry point code.
26 */
27
28#include <linux/init.h>
29#include <linux/pgtable.h>
30#include <linux/sizes.h>
31#include <linux/linkage.h>
32
33#include <asm/processor.h>
34#include <asm/page.h>
35#include <asm/mmu.h>
36#include <asm/cputable.h>
37#include <asm/thread_info.h>
38#include <asm/ppc_asm.h>
39#include <asm/asm-offsets.h>
40#include <asm/ptrace.h>
41
42#include "head_32.h"
43
44/* As with the other PowerPC ports, it is expected that when code
45 * execution begins here, the following registers contain valid, yet
46 * optional, information:
47 *
48 *   r3 - Board info structure pointer (DRAM, frequency, MAC address, etc.)
49 *   r4 - Starting address of the init RAM disk
50 *   r5 - Ending address of the init RAM disk
51 *   r6 - Start of kernel command line string (e.g. "mem=96m")
52 *   r7 - End of kernel command line string
53 *
54 * This is all going to change RSN when we add bi_recs.......  -- Dan
55 */
56	__HEAD
57_GLOBAL(_stext);
58_GLOBAL(_start);
59
60	mr	r31,r3			/* save device tree ptr */
61
62	/* We have to turn on the MMU right away so we get cache modes
63	 * set correctly.
64	 */
65	bl	initial_mmu
66
67/* We now have the lower 16 Meg mapped into TLB entries, and the caches
68 * ready to work.
69 */
70turn_on_mmu:
71	lis	r0,MSR_KERNEL@h
72	ori	r0,r0,MSR_KERNEL@l
73	mtspr	SPRN_SRR1,r0
74	lis	r0,start_here@h
75	ori	r0,r0,start_here@l
76	mtspr	SPRN_SRR0,r0
77	rfi				/* enables MMU */
78	b	.			/* prevent prefetch past rfi */
79
80/*
81 * This area is used for temporarily saving registers during the
82 * critical exception prolog.
83 */
84	. = 0xc0
85crit_save:
86_GLOBAL(crit_r10)
87	.space	4
88_GLOBAL(crit_r11)
89	.space	4
90_GLOBAL(crit_srr0)
91	.space	4
92_GLOBAL(crit_srr1)
93	.space	4
94_GLOBAL(crit_r1)
95	.space	4
96_GLOBAL(crit_dear)
97	.space	4
98_GLOBAL(crit_esr)
99	.space	4
100
101/*
102 * Exception prolog for critical exceptions.  This is a little different
103 * from the normal exception prolog above since a critical exception
104 * can potentially occur at any point during normal exception processing.
105 * Thus we cannot use the same SPRG registers as the normal prolog above.
106 * Instead we use a couple of words of memory at low physical addresses.
107 * This is OK since we don't support SMP on these processors.
108 */
109.macro CRITICAL_EXCEPTION_PROLOG trapno name
110	stw	r10,crit_r10@l(0)	/* save two registers to work with */
111	stw	r11,crit_r11@l(0)
112	mfspr	r10,SPRN_SRR0
113	mfspr	r11,SPRN_SRR1
114	stw	r10,crit_srr0@l(0)
115	stw	r11,crit_srr1@l(0)
116	mfspr	r10,SPRN_DEAR
117	mfspr	r11,SPRN_ESR
118	stw	r10,crit_dear@l(0)
119	stw	r11,crit_esr@l(0)
120	mfcr	r10			/* save CR in r10 for now	   */
121	mfspr	r11,SPRN_SRR3		/* check whether user or kernel    */
122	andi.	r11,r11,MSR_PR
123	lis	r11,(critirq_ctx-PAGE_OFFSET)@ha
124	lwz	r11,(critirq_ctx-PAGE_OFFSET)@l(r11)
125	beq	1f
126	/* COMING FROM USER MODE */
127	mfspr	r11,SPRN_SPRG_THREAD	/* if from user, start at top of   */
128	lwz	r11,TASK_STACK-THREAD(r11) /* this thread's kernel stack */
1291:	stw	r1,crit_r1@l(0)
130	addi	r1,r11,THREAD_SIZE-INT_FRAME_SIZE /* Alloc an excpt frm  */
131	LOAD_REG_IMMEDIATE(r11, MSR_KERNEL & ~(MSR_ME|MSR_DE|MSR_CE)) /* re-enable MMU */
132	mtspr	SPRN_SRR1, r11
133	lis	r11, 1f@h
134	ori	r11, r11, 1f@l
135	mtspr	SPRN_SRR0, r11
136	rfi
137
138	.text
1391:
140\name\()_virt:
141	lwz	r11,crit_r1@l(0)
142	stw	r11,GPR1(r1)
143	stw	r11,0(r1)
144	mr	r11,r1
145	stw	r10,_CCR(r11)		/* save various registers	   */
146	stw	r12,GPR12(r11)
147	stw	r9,GPR9(r11)
148	mflr	r10
149	stw	r10,_LINK(r11)
150	lis	r9,PAGE_OFFSET@ha
151	lwz	r10,crit_r10@l(r9)
152	lwz	r12,crit_r11@l(r9)
153	stw	r10,GPR10(r11)
154	stw	r12,GPR11(r11)
155	lwz	r12,crit_dear@l(r9)
156	lwz	r9,crit_esr@l(r9)
157	stw	r12,_DEAR(r11)		/* since they may have had stuff   */
158	stw	r9,_ESR(r11)		/* exception was taken		   */
159	mfspr	r12,SPRN_SRR2
160	mfspr	r9,SPRN_SRR3
161	rlwinm	r9,r9,0,14,12		/* clear MSR_WE (necessary?)	   */
162	COMMON_EXCEPTION_PROLOG_END \trapno + 2
163_ASM_NOKPROBE_SYMBOL(\name\()_virt)
164.endm
165
166	/*
167	 * State at this point:
168	 * r9 saved in stack frame, now saved SRR3 & ~MSR_WE
169	 * r10 saved in crit_r10 and in stack frame, trashed
170	 * r11 saved in crit_r11 and in stack frame,
171	 *	now phys stack/exception frame pointer
172	 * r12 saved in stack frame, now saved SRR2
173	 * CR saved in stack frame, CR0.EQ = !SRR3.PR
174	 * LR, DEAR, ESR in stack frame
175	 * r1 saved in stack frame, now virt stack/excframe pointer
176	 * r0, r3-r8 saved in stack frame
177	 */
178
179/*
180 * Exception vectors.
181 */
182#define CRITICAL_EXCEPTION(n, label, hdlr)			\
183	START_EXCEPTION(n, label);				\
184	CRITICAL_EXCEPTION_PROLOG n label;				\
185	prepare_transfer_to_handler;				\
186	bl	hdlr;						\
187	b	ret_from_crit_exc
188
189/*
190 * 0x0100 - Critical Interrupt Exception
191 */
192	CRITICAL_EXCEPTION(0x0100, CriticalInterrupt, unknown_exception)
193
194/*
195 * 0x0200 - Machine Check Exception
196 */
197	CRITICAL_EXCEPTION(0x0200, MachineCheck, machine_check_exception)
198
199/*
200 * 0x0300 - Data Storage Exception
201 * This happens for just a few reasons.  U0 set (but we don't do that),
202 * or zone protection fault (user violation, write to protected page).
203 * The other Data TLB exceptions bail out to this point
204 * if they can't resolve the lightweight TLB fault.
205 */
206	START_EXCEPTION(0x0300,	DataStorage)
207	EXCEPTION_PROLOG 0x300 DataStorage handle_dar_dsisr=1
208	prepare_transfer_to_handler
209	bl	do_page_fault
210	b	interrupt_return
211
212/*
213 * 0x0400 - Instruction Storage Exception
214 * This is caused by a fetch from non-execute or guarded pages.
215 */
216	START_EXCEPTION(0x0400, InstructionAccess)
217	EXCEPTION_PROLOG 0x400 InstructionAccess
218	li	r5,0
219	stw	r5, _ESR(r11)		/* Zero ESR */
220	stw	r12, _DEAR(r11)		/* SRR0 as DEAR */
221	prepare_transfer_to_handler
222	bl	do_page_fault
223	b	interrupt_return
224
225/* 0x0500 - External Interrupt Exception */
226	EXCEPTION(0x0500, HardwareInterrupt, do_IRQ)
227
228/* 0x0600 - Alignment Exception */
229	START_EXCEPTION(0x0600, Alignment)
230	EXCEPTION_PROLOG 0x600 Alignment handle_dar_dsisr=1
231	prepare_transfer_to_handler
232	bl	alignment_exception
233	REST_NVGPRS(r1)
234	b	interrupt_return
235
236/* 0x0700 - Program Exception */
237	START_EXCEPTION(0x0700, ProgramCheck)
238	EXCEPTION_PROLOG 0x700 ProgramCheck handle_dar_dsisr=1
239	prepare_transfer_to_handler
240	bl	program_check_exception
241	REST_NVGPRS(r1)
242	b	interrupt_return
243
244	EXCEPTION(0x0800, Trap_08, unknown_exception)
245	EXCEPTION(0x0900, Trap_09, unknown_exception)
246	EXCEPTION(0x0A00, Trap_0A, unknown_exception)
247	EXCEPTION(0x0B00, Trap_0B, unknown_exception)
248
249/* 0x0C00 - System Call Exception */
250	START_EXCEPTION(0x0C00,	SystemCall)
251	SYSCALL_ENTRY	0xc00
252/*	Trap_0D is commented out to get more space for system call exception */
253
254/*	EXCEPTION(0x0D00, Trap_0D, unknown_exception) */
255	EXCEPTION(0x0E00, Trap_0E, unknown_exception)
256	EXCEPTION(0x0F00, Trap_0F, unknown_exception)
257
258/* 0x1000 - Programmable Interval Timer (PIT) Exception */
259	START_EXCEPTION(0x1000, DecrementerTrap)
260	b Decrementer
261
262/* 0x1010 - Fixed Interval Timer (FIT) Exception */
263	START_EXCEPTION(0x1010, FITExceptionTrap)
264	b FITException
265
266/* 0x1020 - Watchdog Timer (WDT) Exception */
267	START_EXCEPTION(0x1020, WDTExceptionTrap)
268	b WDTException
269
270/* 0x1100 - Data TLB Miss Exception
271 * As the name implies, translation is not in the MMU, so search the
272 * page tables and fix it.  The only purpose of this function is to
273 * load TLB entries from the page table if they exist.
274 */
275	START_EXCEPTION(0x1100,	DTLBMiss)
276	mtspr	SPRN_SPRG_SCRATCH5, r10 /* Save some working registers */
277	mtspr	SPRN_SPRG_SCRATCH6, r11
278	mtspr	SPRN_SPRG_SCRATCH3, r12
279	mtspr	SPRN_SPRG_SCRATCH4, r9
280	mfcr	r12
281	mfspr	r9, SPRN_PID
282	rlwimi	r12, r9, 0, 0xff
283	mfspr	r10, SPRN_DEAR		/* Get faulting address */
284
285	/* If we are faulting a kernel address, we have to use the
286	 * kernel page tables.
287	 */
288	lis	r11, PAGE_OFFSET@h
289	cmplw	r10, r11
290	blt+	3f
291	lis	r11, swapper_pg_dir@h
292	ori	r11, r11, swapper_pg_dir@l
293	li	r9, 0
294	mtspr	SPRN_PID, r9		/* TLB will have 0 TID */
295	b	4f
296
297	/* Get the PGD for the current thread.
298	 */
2993:
300	mfspr	r11,SPRN_SPRG_THREAD
301	lwz	r11,PGDIR(r11)
302#ifdef CONFIG_PPC_KUAP
303	rlwinm.	r9, r9, 0, 0xff
304	beq	5f			/* Kuap fault */
305#endif
3064:
307	tophys(r11, r11)
308	rlwimi	r11, r10, 12, 20, 29	/* Create L1 (pgdir/pmd) address */
309	lwz	r11, 0(r11)		/* Get L1 entry */
310	andi.	r9, r11, _PMD_PRESENT	/* Check if it points to a PTE page */
311	beq	2f			/* Bail if no table */
312
313	rlwimi	r11, r10, 22, 20, 29	/* Compute PTE address */
314	lwz	r11, 0(r11)		/* Get Linux PTE */
315	li	r9, _PAGE_PRESENT | _PAGE_ACCESSED
316	andc.	r9, r9, r11		/* Check permission */
317	bne	5f
318
319	rlwinm	r9, r11, 1, _PAGE_RW	/* dirty => rw */
320	and	r9, r9, r11		/* hwwrite = dirty & rw */
321	rlwimi	r11, r9, 0, _PAGE_RW	/* replace rw by hwwrite */
322
323	/* Create TLB tag.  This is the faulting address plus a static
324	 * set of bits.  These are size, valid, E, U0.
325	*/
326	li	r9, 0x00c0
327	rlwimi	r10, r9, 0, 20, 31
328
329	b	finish_tlb_load
330
3312:	/* Check for possible large-page pmd entry */
332	rlwinm.	r9, r11, 2, 22, 24
333	beq	5f
334
335	/* Create TLB tag.  This is the faulting address, plus a static
336	 * set of bits (valid, E, U0) plus the size from the PMD.
337	 */
338	ori	r9, r9, 0x40
339	rlwimi	r10, r9, 0, 20, 31
340
341	b	finish_tlb_load
342
3435:
344	/* The bailout.  Restore registers to pre-exception conditions
345	 * and call the heavyweights to help us out.
346	 */
347	mtspr	SPRN_PID, r12
348	mtcrf	0x80, r12
349	mfspr	r9, SPRN_SPRG_SCRATCH4
350	mfspr	r12, SPRN_SPRG_SCRATCH3
351	mfspr	r11, SPRN_SPRG_SCRATCH6
352	mfspr	r10, SPRN_SPRG_SCRATCH5
353	b	DataStorage
354
355/* 0x1200 - Instruction TLB Miss Exception
356 * Nearly the same as above, except we get our information from different
357 * registers and bailout to a different point.
358 */
359	START_EXCEPTION(0x1200,	ITLBMiss)
360	mtspr	SPRN_SPRG_SCRATCH5, r10	 /* Save some working registers */
361	mtspr	SPRN_SPRG_SCRATCH6, r11
362	mtspr	SPRN_SPRG_SCRATCH3, r12
363	mtspr	SPRN_SPRG_SCRATCH4, r9
364	mfcr	r12
365	mfspr	r9, SPRN_PID
366	rlwimi	r12, r9, 0, 0xff
367	mfspr	r10, SPRN_SRR0		/* Get faulting address */
368
369	/* If we are faulting a kernel address, we have to use the
370	 * kernel page tables.
371	 */
372	lis	r11, PAGE_OFFSET@h
373	cmplw	r10, r11
374	blt+	3f
375	lis	r11, swapper_pg_dir@h
376	ori	r11, r11, swapper_pg_dir@l
377	li	r9, 0
378	mtspr	SPRN_PID, r9		/* TLB will have 0 TID */
379	b	4f
380
381	/* Get the PGD for the current thread.
382	 */
3833:
384	mfspr	r11,SPRN_SPRG_THREAD
385	lwz	r11,PGDIR(r11)
386#ifdef CONFIG_PPC_KUAP
387	rlwinm.	r9, r9, 0, 0xff
388	beq	5f			/* Kuap fault */
389#endif
3904:
391	tophys(r11, r11)
392	rlwimi	r11, r10, 12, 20, 29	/* Create L1 (pgdir/pmd) address */
393	lwz	r11, 0(r11)		/* Get L1 entry */
394	andi.	r9, r11, _PMD_PRESENT	/* Check if it points to a PTE page */
395	beq	2f			/* Bail if no table */
396
397	rlwimi	r11, r10, 22, 20, 29	/* Compute PTE address */
398	lwz	r11, 0(r11)		/* Get Linux PTE */
399	li	r9, _PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_EXEC
400	andc.	r9, r9, r11		/* Check permission */
401	bne	5f
402
403	rlwinm	r9, r11, 1, _PAGE_RW	/* dirty => rw */
404	and	r9, r9, r11		/* hwwrite = dirty & rw */
405	rlwimi	r11, r9, 0, _PAGE_RW	/* replace rw by hwwrite */
406
407	/* Create TLB tag.  This is the faulting address plus a static
408	 * set of bits.  These are size, valid, E, U0.
409	*/
410	li	r9, 0x00c0
411	rlwimi	r10, r9, 0, 20, 31
412
413	b	finish_tlb_load
414
4152:	/* Check for possible large-page pmd entry */
416	rlwinm.	r9, r11, 2, 22, 24
417	beq	5f
418
419	/* Create TLB tag.  This is the faulting address, plus a static
420	 * set of bits (valid, E, U0) plus the size from the PMD.
421	 */
422	ori	r9, r9, 0x40
423	rlwimi	r10, r9, 0, 20, 31
424
425	b	finish_tlb_load
426
4275:
428	/* The bailout.  Restore registers to pre-exception conditions
429	 * and call the heavyweights to help us out.
430	 */
431	mtspr	SPRN_PID, r12
432	mtcrf	0x80, r12
433	mfspr	r9, SPRN_SPRG_SCRATCH4
434	mfspr	r12, SPRN_SPRG_SCRATCH3
435	mfspr	r11, SPRN_SPRG_SCRATCH6
436	mfspr	r10, SPRN_SPRG_SCRATCH5
437	b	InstructionAccess
438
439	EXCEPTION(0x1300, Trap_13, unknown_exception)
440	EXCEPTION(0x1400, Trap_14, unknown_exception)
441	EXCEPTION(0x1500, Trap_15, unknown_exception)
442	EXCEPTION(0x1600, Trap_16, unknown_exception)
443	EXCEPTION(0x1700, Trap_17, unknown_exception)
444	EXCEPTION(0x1800, Trap_18, unknown_exception)
445	EXCEPTION(0x1900, Trap_19, unknown_exception)
446	EXCEPTION(0x1A00, Trap_1A, unknown_exception)
447	EXCEPTION(0x1B00, Trap_1B, unknown_exception)
448	EXCEPTION(0x1C00, Trap_1C, unknown_exception)
449	EXCEPTION(0x1D00, Trap_1D, unknown_exception)
450	EXCEPTION(0x1E00, Trap_1E, unknown_exception)
451	EXCEPTION(0x1F00, Trap_1F, unknown_exception)
452
453/* Check for a single step debug exception while in an exception
454 * handler before state has been saved.  This is to catch the case
455 * where an instruction that we are trying to single step causes
456 * an exception (eg ITLB/DTLB miss) and thus the first instruction of
457 * the exception handler generates a single step debug exception.
458 *
459 * If we get a debug trap on the first instruction of an exception handler,
460 * we reset the MSR_DE in the _exception handler's_ MSR (the debug trap is
461 * a critical exception, so we are using SPRN_CSRR1 to manipulate the MSR).
462 * The exception handler was handling a non-critical interrupt, so it will
463 * save (and later restore) the MSR via SPRN_SRR1, which will still have
464 * the MSR_DE bit set.
465 */
466	/* 0x2000 - Debug Exception */
467	START_EXCEPTION(0x2000, DebugTrap)
468	CRITICAL_EXCEPTION_PROLOG 0x2000 DebugTrap
469
470	/*
471	 * If this is a single step or branch-taken exception in an
472	 * exception entry sequence, it was probably meant to apply to
473	 * the code where the exception occurred (since exception entry
474	 * doesn't turn off DE automatically).  We simulate the effect
475	 * of turning off DE on entry to an exception handler by turning
476	 * off DE in the SRR3 value and clearing the debug status.
477	 */
478	mfspr	r10,SPRN_DBSR		/* check single-step/branch taken */
479	andis.	r10,r10,DBSR_IC@h
480	beq+	2f
481
482	andi.	r10,r9,MSR_IR|MSR_PR	/* check supervisor + MMU off */
483	beq	1f			/* branch and fix it up */
484
485	mfspr   r10,SPRN_SRR2		/* Faulting instruction address */
486	cmplwi  r10,0x2100
487	bgt+    2f			/* address above exception vectors */
488
489	/* here it looks like we got an inappropriate debug exception. */
4901:	rlwinm	r9,r9,0,~MSR_DE		/* clear DE in the SRR3 value */
491	lis	r10,DBSR_IC@h		/* clear the IC event */
492	mtspr	SPRN_DBSR,r10
493	/* restore state and get out */
494	lwz	r10,_CCR(r11)
495	lwz	r0,GPR0(r11)
496	lwz	r1,GPR1(r11)
497	mtcrf	0x80,r10
498	mtspr	SPRN_SRR2,r12
499	mtspr	SPRN_SRR3,r9
500	lwz	r9,GPR9(r11)
501	lwz	r12,GPR12(r11)
502	lwz	r10,crit_r10@l(0)
503	lwz	r11,crit_r11@l(0)
504	rfci
505	b	.
506
507	/* continue normal handling for a critical exception... */
5082:	mfspr	r4,SPRN_DBSR
509	stw	r4,_ESR(r11)		/* DebugException takes DBSR in _ESR */
510	prepare_transfer_to_handler
511	bl	DebugException
512	b	ret_from_crit_exc
513
514	/* Programmable Interval Timer (PIT) Exception. (from 0x1000) */
515	__HEAD
516Decrementer:
517	EXCEPTION_PROLOG 0x1000 Decrementer
518	lis	r0,TSR_PIS@h
519	mtspr	SPRN_TSR,r0		/* Clear the PIT exception */
520	prepare_transfer_to_handler
521	bl	timer_interrupt
522	b	interrupt_return
523
524	/* Fixed Interval Timer (FIT) Exception. (from 0x1010) */
525	__HEAD
526FITException:
527	EXCEPTION_PROLOG 0x1010 FITException
528	prepare_transfer_to_handler
529	bl	unknown_exception
530	b	interrupt_return
531
532	/* Watchdog Timer (WDT) Exception. (from 0x1020) */
533	__HEAD
534WDTException:
535	CRITICAL_EXCEPTION_PROLOG 0x1020 WDTException
536	prepare_transfer_to_handler
537	bl	WatchdogException
538	b	ret_from_crit_exc
539
540/* Other PowerPC processors, namely those derived from the 6xx-series
541 * have vectors from 0x2100 through 0x2F00 defined, but marked as reserved.
542 * However, for the 4xx-series processors these are neither defined nor
543 * reserved.
544 */
545
546	__HEAD
547	/* Damn, I came up one instruction too many to fit into the
548	 * exception space :-).  Both the instruction and data TLB
549	 * miss get to this point to load the TLB.
550	 * 	r10 - TLB_TAG value
551	 * 	r11 - Linux PTE
552	 *	r9 - available to use
553	 *	PID - loaded with proper value when we get here
554	 *	Upon exit, we reload everything and RFI.
555	 * Actually, it will fit now, but oh well.....a common place
556	 * to load the TLB.
557	 */
558tlb_4xx_index:
559	.long	0
560finish_tlb_load:
561	/*
562	 * Clear out the software-only bits in the PTE to generate the
563	 * TLB_DATA value.  These are the bottom 2 bits of the RPM, the
564	 * top 3 bits of the zone field, and M.
565	 */
566	li	r9, 0x0ce2
567	andc	r11, r11, r9
568
569	/* load the next available TLB index. */
570	lwz	r9, tlb_4xx_index@l(0)
571	addi	r9, r9, 1
572	andi.	r9, r9, PPC40X_TLB_SIZE - 1
573	stw	r9, tlb_4xx_index@l(0)
574
575	tlbwe	r11, r9, TLB_DATA		/* Load TLB LO */
576	tlbwe	r10, r9, TLB_TAG		/* Load TLB HI */
577
578	/* Done...restore registers and get out of here.
579	*/
580	mtspr	SPRN_PID, r12
581	mtcrf	0x80, r12
582	mfspr	r9, SPRN_SPRG_SCRATCH4
583	mfspr	r12, SPRN_SPRG_SCRATCH3
584	mfspr	r11, SPRN_SPRG_SCRATCH6
585	mfspr	r10, SPRN_SPRG_SCRATCH5
586	rfi			/* Should sync shadow TLBs */
587	b	.		/* prevent prefetch past rfi */
588
589/* This is where the main kernel code starts.
590 */
591start_here:
592
593	/* ptr to current */
594	lis	r2,init_task@h
595	ori	r2,r2,init_task@l
596
597	/* ptr to phys current thread */
598	tophys(r4,r2)
599	addi	r4,r4,THREAD	/* init task's THREAD */
600	mtspr	SPRN_SPRG_THREAD,r4
601
602	/* stack */
603	lis	r1,init_thread_union@ha
604	addi	r1,r1,init_thread_union@l
605	li	r0,0
606	stwu	r0,THREAD_SIZE-STACK_FRAME_MIN_SIZE(r1)
607
608	bl	early_init	/* We have to do this with MMU on */
609
610/*
611 * Decide what sort of machine this is and initialize the MMU.
612 */
613#ifdef CONFIG_KASAN
614	bl	kasan_early_init
615#endif
616	li	r3,0
617	mr	r4,r31
618	bl	machine_init
619	bl	MMU_init
620
621/* Go back to running unmapped so we can load up new values
622 * and change to using our exception vectors.
623 * On the 4xx, all we have to do is invalidate the TLB to clear
624 * the old 16M byte TLB mappings.
625 */
626	lis	r4,2f@h
627	ori	r4,r4,2f@l
628	tophys(r4,r4)
629	lis	r3,(MSR_KERNEL & ~(MSR_IR|MSR_DR))@h
630	ori	r3,r3,(MSR_KERNEL & ~(MSR_IR|MSR_DR))@l
631	mtspr	SPRN_SRR0,r4
632	mtspr	SPRN_SRR1,r3
633	rfi
634	b	.		/* prevent prefetch past rfi */
635
636/* Load up the kernel context */
6372:
638	sync			/* Flush to memory before changing TLB */
639	tlbia
640	isync			/* Flush shadow TLBs */
641
642	/* set up the PTE pointers for the Abatron bdiGDB.
643	*/
644	lis	r6, swapper_pg_dir@h
645	ori	r6, r6, swapper_pg_dir@l
646	lis	r5, abatron_pteptrs@h
647	ori	r5, r5, abatron_pteptrs@l
648	stw	r5, 0xf0(0)	/* Must match your Abatron config file */
649	tophys(r5,r5)
650	stw	r6, 0(r5)
651
652/* Now turn on the MMU for real! */
653	lis	r4,MSR_KERNEL@h
654	ori	r4,r4,MSR_KERNEL@l
655	lis	r3,start_kernel@h
656	ori	r3,r3,start_kernel@l
657	mtspr	SPRN_SRR0,r3
658	mtspr	SPRN_SRR1,r4
659	rfi			/* enable MMU and jump to start_kernel */
660	b	.		/* prevent prefetch past rfi */
661
662/* Set up the initial MMU state so we can do the first level of
663 * kernel initialization.  This maps the first 32 MBytes of memory 1:1
664 * virtual to physical and more importantly sets the cache mode.
665 */
666SYM_FUNC_START_LOCAL(initial_mmu)
667	tlbia			/* Invalidate all TLB entries */
668	isync
669
670	/* We should still be executing code at physical address 0x0000xxxx
671	 * at this point. However, start_here is at virtual address
672	 * 0xC000xxxx. So, set up a TLB mapping to cover this once
673	 * translation is enabled.
674	 */
675
676	lis	r3,KERNELBASE@h		/* Load the kernel virtual address */
677	ori	r3,r3,KERNELBASE@l
678	tophys(r4,r3)			/* Load the kernel physical address */
679
680	iccci	r0,r3			/* Invalidate the i-cache before use */
681
682	/* Load the kernel PID.
683	*/
684	li	r0,0
685	mtspr	SPRN_PID,r0
686	sync
687
688	/* Configure and load one entry into TLB slots 63 */
689	clrrwi	r4,r4,10		/* Mask off the real page number */
690	ori	r4,r4,(TLB_WR | TLB_EX)	/* Set the write and execute bits */
691
692	clrrwi	r3,r3,10		/* Mask off the effective page number */
693	ori	r3,r3,(TLB_VALID | TLB_PAGESZ(PAGESZ_16M))
694
695        li      r0,63                    /* TLB slot 63 */
696
697	tlbwe	r4,r0,TLB_DATA		/* Load the data portion of the entry */
698	tlbwe	r3,r0,TLB_TAG		/* Load the tag portion of the entry */
699
700	li	r0,62			/* TLB slot 62 */
701	addis	r4,r4,SZ_16M@h
702	addis	r3,r3,SZ_16M@h
703	tlbwe	r4,r0,TLB_DATA		/* Load the data portion of the entry */
704	tlbwe	r3,r0,TLB_TAG		/* Load the tag portion of the entry */
705
706	isync
707
708	/* Establish the exception vector base
709	*/
710	lis	r4,KERNELBASE@h		/* EVPR only uses the high 16-bits */
711	tophys(r0,r4)			/* Use the physical address */
712	mtspr	SPRN_EVPR,r0
713
714	blr
715SYM_FUNC_END(initial_mmu)
716
717_GLOBAL(abort)
718        mfspr   r13,SPRN_DBCR0
719        oris    r13,r13,DBCR0_RST_SYSTEM@h
720        mtspr   SPRN_DBCR0,r13
721