xref: /openbmc/linux/arch/powerpc/kernel/head_40x.S (revision 9ac17575) 
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 *    Copyright (c) 1995-1996 Gary Thomas <gdt@linuxppc.org>
4 *      Initial PowerPC version.
5 *    Copyright (c) 1996 Cort Dougan <cort@cs.nmt.edu>
6 *      Rewritten for PReP
7 *    Copyright (c) 1996 Paul Mackerras <paulus@cs.anu.edu.au>
8 *      Low-level exception handers, MMU support, and rewrite.
9 *    Copyright (c) 1997 Dan Malek <dmalek@jlc.net>
10 *      PowerPC 8xx modifications.
11 *    Copyright (c) 1998-1999 TiVo, Inc.
12 *      PowerPC 403GCX modifications.
13 *    Copyright (c) 1999 Grant Erickson <grant@lcse.umn.edu>
14 *      PowerPC 403GCX/405GP modifications.
15 *    Copyright 2000 MontaVista Software Inc.
16 *	PPC405 modifications
17 *      PowerPC 403GCX/405GP modifications.
18 * 	Author: MontaVista Software, Inc.
19 *         	frank_rowand@mvista.com or source@mvista.com
20 * 	   	debbie_chu@mvista.com
21 *
22 *    Module name: head_4xx.S
23 *
24 *    Description:
25 *      Kernel execution entry point code.
26 */
27
28#include <linux/init.h>
29#include <asm/processor.h>
30#include <asm/page.h>
31#include <asm/mmu.h>
32#include <asm/pgtable.h>
33#include <asm/cputable.h>
34#include <asm/thread_info.h>
35#include <asm/ppc_asm.h>
36#include <asm/asm-offsets.h>
37#include <asm/ptrace.h>
38#include <asm/export.h>
39#include <asm/asm-405.h>
40
41#include "head_32.h"
42
43/* As with the other PowerPC ports, it is expected that when code
44 * execution begins here, the following registers contain valid, yet
45 * optional, information:
46 *
47 *   r3 - Board info structure pointer (DRAM, frequency, MAC address, etc.)
48 *   r4 - Starting address of the init RAM disk
49 *   r5 - Ending address of the init RAM disk
50 *   r6 - Start of kernel command line string (e.g. "mem=96m")
51 *   r7 - End of kernel command line string
52 *
53 * This is all going to change RSN when we add bi_recs.......  -- Dan
54 */
55	__HEAD
56_ENTRY(_stext);
57_ENTRY(_start);
58
59	mr	r31,r3			/* save device tree ptr */
60
61	/* We have to turn on the MMU right away so we get cache modes
62	 * set correctly.
63	 */
64	bl	initial_mmu
65
66/* We now have the lower 16 Meg mapped into TLB entries, and the caches
67 * ready to work.
68 */
69turn_on_mmu:
70	lis	r0,MSR_KERNEL@h
71	ori	r0,r0,MSR_KERNEL@l
72	mtspr	SPRN_SRR1,r0
73	lis	r0,start_here@h
74	ori	r0,r0,start_here@l
75	mtspr	SPRN_SRR0,r0
76	SYNC
77	rfi				/* enables MMU */
78	b	.			/* prevent prefetch past rfi */
79
80/*
81 * This area is used for temporarily saving registers during the
82 * critical exception prolog.
83 */
84	. = 0xc0
85crit_save:
86_ENTRY(crit_r10)
87	.space	4
88_ENTRY(crit_r11)
89	.space	4
90_ENTRY(crit_srr0)
91	.space	4
92_ENTRY(crit_srr1)
93	.space	4
94_ENTRY(saved_ksp_limit)
95	.space	4
96
97/*
98 * Exception prolog for critical exceptions.  This is a little different
99 * from the normal exception prolog above since a critical exception
100 * can potentially occur at any point during normal exception processing.
101 * Thus we cannot use the same SPRG registers as the normal prolog above.
102 * Instead we use a couple of words of memory at low physical addresses.
103 * This is OK since we don't support SMP on these processors.
104 */
105#define CRITICAL_EXCEPTION_PROLOG					     \
106	stw	r10,crit_r10@l(0);	/* save two registers to work with */\
107	stw	r11,crit_r11@l(0);					     \
108	mfcr	r10;			/* save CR in r10 for now	   */\
109	mfspr	r11,SPRN_SRR3;		/* check whether user or kernel    */\
110	andi.	r11,r11,MSR_PR;						     \
111	lis	r11,critirq_ctx@ha;					     \
112	tophys(r11,r11);						     \
113	lwz	r11,critirq_ctx@l(r11);					     \
114	beq	1f;							     \
115	/* COMING FROM USER MODE */					     \
116	mfspr	r11,SPRN_SPRG_THREAD;	/* if from user, start at top of   */\
117	lwz	r11,TASK_STACK-THREAD(r11); /* this thread's kernel stack */\
1181:	addi	r11,r11,THREAD_SIZE-INT_FRAME_SIZE; /* Alloc an excpt frm  */\
119	tophys(r11,r11);						     \
120	stw	r10,_CCR(r11);          /* save various registers	   */\
121	stw	r12,GPR12(r11);						     \
122	stw	r9,GPR9(r11);						     \
123	mflr	r10;							     \
124	stw	r10,_LINK(r11);						     \
125	mfspr	r12,SPRN_DEAR;		/* save DEAR and ESR in the frame  */\
126	stw	r12,_DEAR(r11);		/* since they may have had stuff   */\
127	mfspr	r9,SPRN_ESR;		/* in them at the point where the  */\
128	stw	r9,_ESR(r11);		/* exception was taken		   */\
129	mfspr	r12,SPRN_SRR2;						     \
130	stw	r1,GPR1(r11);						     \
131	mfspr	r9,SPRN_SRR3;						     \
132	stw	r1,0(r11);						     \
133	tovirt(r1,r11);							     \
134	rlwinm	r9,r9,0,14,12;		/* clear MSR_WE (necessary?)	   */\
135	stw	r0,GPR0(r11);						     \
136	lis	r10, STACK_FRAME_REGS_MARKER@ha; /* exception frame marker */\
137	addi	r10, r10, STACK_FRAME_REGS_MARKER@l;			     \
138	stw	r10, 8(r11);						     \
139	SAVE_4GPRS(3, r11);						     \
140	SAVE_2GPRS(7, r11)
141
142	/*
143	 * State at this point:
144	 * r9 saved in stack frame, now saved SRR3 & ~MSR_WE
145	 * r10 saved in crit_r10 and in stack frame, trashed
146	 * r11 saved in crit_r11 and in stack frame,
147	 *	now phys stack/exception frame pointer
148	 * r12 saved in stack frame, now saved SRR2
149	 * CR saved in stack frame, CR0.EQ = !SRR3.PR
150	 * LR, DEAR, ESR in stack frame
151	 * r1 saved in stack frame, now virt stack/excframe pointer
152	 * r0, r3-r8 saved in stack frame
153	 */
154
155/*
156 * Exception vectors.
157 */
158#define CRITICAL_EXCEPTION(n, label, hdlr)			\
159	START_EXCEPTION(n, label);				\
160	CRITICAL_EXCEPTION_PROLOG;				\
161	addi	r3,r1,STACK_FRAME_OVERHEAD;			\
162	EXC_XFER_TEMPLATE(hdlr, n+2, (MSR_KERNEL & ~(MSR_ME|MSR_DE|MSR_CE)), \
163			  crit_transfer_to_handler, ret_from_crit_exc)
164
165/*
166 * 0x0100 - Critical Interrupt Exception
167 */
168	CRITICAL_EXCEPTION(0x0100, CriticalInterrupt, unknown_exception)
169
170/*
171 * 0x0200 - Machine Check Exception
172 */
173	CRITICAL_EXCEPTION(0x0200, MachineCheck, machine_check_exception)
174
175/*
176 * 0x0300 - Data Storage Exception
177 * This happens for just a few reasons.  U0 set (but we don't do that),
178 * or zone protection fault (user violation, write to protected page).
179 * If this is just an update of modified status, we do that quickly
180 * and exit.  Otherwise, we call heavywight functions to do the work.
181 */
182	START_EXCEPTION(0x0300,	DataStorage)
183	mtspr	SPRN_SPRG_SCRATCH0, r10 /* Save some working registers */
184	mtspr	SPRN_SPRG_SCRATCH1, r11
185#ifdef CONFIG_403GCX
186	stw     r12, 0(r0)
187	stw     r9, 4(r0)
188	mfcr    r11
189	mfspr   r12, SPRN_PID
190	stw     r11, 8(r0)
191	stw     r12, 12(r0)
192#else
193	mtspr	SPRN_SPRG_SCRATCH3, r12
194	mtspr	SPRN_SPRG_SCRATCH4, r9
195	mfcr	r11
196	mfspr	r12, SPRN_PID
197	mtspr	SPRN_SPRG_SCRATCH6, r11
198	mtspr	SPRN_SPRG_SCRATCH5, r12
199#endif
200
201	/* First, check if it was a zone fault (which means a user
202	* tried to access a kernel or read-protected page - always
203	* a SEGV).  All other faults here must be stores, so no
204	* need to check ESR_DST as well. */
205	mfspr	r10, SPRN_ESR
206	andis.	r10, r10, ESR_DIZ@h
207	bne	2f
208
209	mfspr	r10, SPRN_DEAR		/* Get faulting address */
210
211	/* If we are faulting a kernel address, we have to use the
212	 * kernel page tables.
213	 */
214	lis	r11, PAGE_OFFSET@h
215	cmplw	r10, r11
216	blt+	3f
217	lis	r11, swapper_pg_dir@h
218	ori	r11, r11, swapper_pg_dir@l
219	li	r9, 0
220	mtspr	SPRN_PID, r9		/* TLB will have 0 TID */
221	b	4f
222
223	/* Get the PGD for the current thread.
224	 */
2253:
226	mfspr	r11,SPRN_SPRG_THREAD
227	lwz	r11,PGDIR(r11)
2284:
229	tophys(r11, r11)
230	rlwimi	r11, r10, 12, 20, 29	/* Create L1 (pgdir/pmd) address */
231	lwz	r11, 0(r11)		/* Get L1 entry */
232	rlwinm.	r12, r11, 0, 0, 19	/* Extract L2 (pte) base address */
233	beq	2f			/* Bail if no table */
234
235	rlwimi	r12, r10, 22, 20, 29	/* Compute PTE address */
236	lwz	r11, 0(r12)		/* Get Linux PTE */
237
238	andi.	r9, r11, _PAGE_RW	/* Is it writeable? */
239	beq	2f			/* Bail if not */
240
241	/* Update 'changed'.
242	*/
243	ori	r11, r11, _PAGE_DIRTY|_PAGE_ACCESSED|_PAGE_HWWRITE
244	stw	r11, 0(r12)		/* Update Linux page table */
245
246	/* Most of the Linux PTE is ready to load into the TLB LO.
247	 * We set ZSEL, where only the LS-bit determines user access.
248	 * We set execute, because we don't have the granularity to
249	 * properly set this at the page level (Linux problem).
250	 * If shared is set, we cause a zero PID->TID load.
251	 * Many of these bits are software only.  Bits we don't set
252	 * here we (properly should) assume have the appropriate value.
253	 */
254	li	r12, 0x0ce2
255	andc	r11, r11, r12		/* Make sure 20, 21 are zero */
256
257	/* find the TLB index that caused the fault.  It has to be here.
258	*/
259	tlbsx	r9, 0, r10
260
261	tlbwe	r11, r9, TLB_DATA		/* Load TLB LO */
262
263	/* Done...restore registers and get out of here.
264	*/
265#ifdef CONFIG_403GCX
266	lwz     r12, 12(r0)
267	lwz     r11, 8(r0)
268	mtspr   SPRN_PID, r12
269	mtcr    r11
270	lwz     r9, 4(r0)
271	lwz     r12, 0(r0)
272#else
273	mfspr	r12, SPRN_SPRG_SCRATCH5
274	mfspr	r11, SPRN_SPRG_SCRATCH6
275	mtspr	SPRN_PID, r12
276	mtcr	r11
277	mfspr	r9, SPRN_SPRG_SCRATCH4
278	mfspr	r12, SPRN_SPRG_SCRATCH3
279#endif
280	mfspr	r11, SPRN_SPRG_SCRATCH1
281	mfspr	r10, SPRN_SPRG_SCRATCH0
282	PPC405_ERR77_SYNC
283	rfi			/* Should sync shadow TLBs */
284	b	.		/* prevent prefetch past rfi */
285
2862:
287	/* The bailout.  Restore registers to pre-exception conditions
288	 * and call the heavyweights to help us out.
289	 */
290#ifdef CONFIG_403GCX
291	lwz     r12, 12(r0)
292	lwz     r11, 8(r0)
293	mtspr   SPRN_PID, r12
294	mtcr    r11
295	lwz     r9, 4(r0)
296	lwz     r12, 0(r0)
297#else
298	mfspr	r12, SPRN_SPRG_SCRATCH5
299	mfspr	r11, SPRN_SPRG_SCRATCH6
300	mtspr	SPRN_PID, r12
301	mtcr	r11
302	mfspr	r9, SPRN_SPRG_SCRATCH4
303	mfspr	r12, SPRN_SPRG_SCRATCH3
304#endif
305	mfspr	r11, SPRN_SPRG_SCRATCH1
306	mfspr	r10, SPRN_SPRG_SCRATCH0
307	b	DataAccess
308
309/*
310 * 0x0400 - Instruction Storage Exception
311 * This is caused by a fetch from non-execute or guarded pages.
312 */
313	START_EXCEPTION(0x0400, InstructionAccess)
314	EXCEPTION_PROLOG
315	mr	r4,r12			/* Pass SRR0 as arg2 */
316	stw	r4, _DEAR(r11)
317	li	r5,0			/* Pass zero as arg3 */
318	EXC_XFER_LITE(0x400, handle_page_fault)
319
320/* 0x0500 - External Interrupt Exception */
321	EXCEPTION(0x0500, HardwareInterrupt, do_IRQ, EXC_XFER_LITE)
322
323/* 0x0600 - Alignment Exception */
324	START_EXCEPTION(0x0600, Alignment)
325	EXCEPTION_PROLOG
326	mfspr	r4,SPRN_DEAR		/* Grab the DEAR and save it */
327	stw	r4,_DEAR(r11)
328	addi	r3,r1,STACK_FRAME_OVERHEAD
329	EXC_XFER_STD(0x600, alignment_exception)
330
331/* 0x0700 - Program Exception */
332	START_EXCEPTION(0x0700, ProgramCheck)
333	EXCEPTION_PROLOG
334	mfspr	r4,SPRN_ESR		/* Grab the ESR and save it */
335	stw	r4,_ESR(r11)
336	addi	r3,r1,STACK_FRAME_OVERHEAD
337	EXC_XFER_STD(0x700, program_check_exception)
338
339	EXCEPTION(0x0800, Trap_08, unknown_exception, EXC_XFER_STD)
340	EXCEPTION(0x0900, Trap_09, unknown_exception, EXC_XFER_STD)
341	EXCEPTION(0x0A00, Trap_0A, unknown_exception, EXC_XFER_STD)
342	EXCEPTION(0x0B00, Trap_0B, unknown_exception, EXC_XFER_STD)
343
344/* 0x0C00 - System Call Exception */
345	START_EXCEPTION(0x0C00,	SystemCall)
346	SYSCALL_ENTRY	0xc00
347/*	Trap_0D is commented out to get more space for system call exception */
348
349/*	EXCEPTION(0x0D00, Trap_0D, unknown_exception, EXC_XFER_STD) */
350	EXCEPTION(0x0E00, Trap_0E, unknown_exception, EXC_XFER_STD)
351	EXCEPTION(0x0F00, Trap_0F, unknown_exception, EXC_XFER_STD)
352
353/* 0x1000 - Programmable Interval Timer (PIT) Exception */
354	. = 0x1000
355	b Decrementer
356
357/* 0x1010 - Fixed Interval Timer (FIT) Exception
358*/
359	. = 0x1010
360	b FITException
361
362/* 0x1020 - Watchdog Timer (WDT) Exception
363*/
364	. = 0x1020
365	b WDTException
366
367/* 0x1100 - Data TLB Miss Exception
368 * As the name implies, translation is not in the MMU, so search the
369 * page tables and fix it.  The only purpose of this function is to
370 * load TLB entries from the page table if they exist.
371 */
372	START_EXCEPTION(0x1100,	DTLBMiss)
373	mtspr	SPRN_SPRG_SCRATCH0, r10 /* Save some working registers */
374	mtspr	SPRN_SPRG_SCRATCH1, r11
375#ifdef CONFIG_403GCX
376	stw     r12, 0(r0)
377	stw     r9, 4(r0)
378	mfcr    r11
379	mfspr   r12, SPRN_PID
380	stw     r11, 8(r0)
381	stw     r12, 12(r0)
382#else
383	mtspr	SPRN_SPRG_SCRATCH3, r12
384	mtspr	SPRN_SPRG_SCRATCH4, r9
385	mfcr	r11
386	mfspr	r12, SPRN_PID
387	mtspr	SPRN_SPRG_SCRATCH6, r11
388	mtspr	SPRN_SPRG_SCRATCH5, r12
389#endif
390	mfspr	r10, SPRN_DEAR		/* Get faulting address */
391
392	/* If we are faulting a kernel address, we have to use the
393	 * kernel page tables.
394	 */
395	lis	r11, PAGE_OFFSET@h
396	cmplw	r10, r11
397	blt+	3f
398	lis	r11, swapper_pg_dir@h
399	ori	r11, r11, swapper_pg_dir@l
400	li	r9, 0
401	mtspr	SPRN_PID, r9		/* TLB will have 0 TID */
402	b	4f
403
404	/* Get the PGD for the current thread.
405	 */
4063:
407	mfspr	r11,SPRN_SPRG_THREAD
408	lwz	r11,PGDIR(r11)
4094:
410	tophys(r11, r11)
411	rlwimi	r11, r10, 12, 20, 29	/* Create L1 (pgdir/pmd) address */
412	lwz	r12, 0(r11)		/* Get L1 entry */
413	andi.	r9, r12, _PMD_PRESENT	/* Check if it points to a PTE page */
414	beq	2f			/* Bail if no table */
415
416	rlwimi	r12, r10, 22, 20, 29	/* Compute PTE address */
417	lwz	r11, 0(r12)		/* Get Linux PTE */
418	andi.	r9, r11, _PAGE_PRESENT
419	beq	5f
420
421	ori	r11, r11, _PAGE_ACCESSED
422	stw	r11, 0(r12)
423
424	/* Create TLB tag.  This is the faulting address plus a static
425	 * set of bits.  These are size, valid, E, U0.
426	*/
427	li	r12, 0x00c0
428	rlwimi	r10, r12, 0, 20, 31
429
430	b	finish_tlb_load
431
4322:	/* Check for possible large-page pmd entry */
433	rlwinm.	r9, r12, 2, 22, 24
434	beq	5f
435
436	/* Create TLB tag.  This is the faulting address, plus a static
437	 * set of bits (valid, E, U0) plus the size from the PMD.
438	 */
439	ori	r9, r9, 0x40
440	rlwimi	r10, r9, 0, 20, 31
441	mr	r11, r12
442
443	b	finish_tlb_load
444
4455:
446	/* The bailout.  Restore registers to pre-exception conditions
447	 * and call the heavyweights to help us out.
448	 */
449#ifdef CONFIG_403GCX
450	lwz     r12, 12(r0)
451	lwz     r11, 8(r0)
452	mtspr   SPRN_PID, r12
453	mtcr    r11
454	lwz     r9, 4(r0)
455	lwz     r12, 0(r0)
456#else
457	mfspr	r12, SPRN_SPRG_SCRATCH5
458	mfspr	r11, SPRN_SPRG_SCRATCH6
459	mtspr	SPRN_PID, r12
460	mtcr	r11
461	mfspr	r9, SPRN_SPRG_SCRATCH4
462	mfspr	r12, SPRN_SPRG_SCRATCH3
463#endif
464	mfspr	r11, SPRN_SPRG_SCRATCH1
465	mfspr	r10, SPRN_SPRG_SCRATCH0
466	b	DataAccess
467
468/* 0x1200 - Instruction TLB Miss Exception
469 * Nearly the same as above, except we get our information from different
470 * registers and bailout to a different point.
471 */
472	START_EXCEPTION(0x1200,	ITLBMiss)
473	mtspr	SPRN_SPRG_SCRATCH0, r10	 /* Save some working registers */
474	mtspr	SPRN_SPRG_SCRATCH1, r11
475#ifdef CONFIG_403GCX
476	stw     r12, 0(r0)
477	stw     r9, 4(r0)
478	mfcr    r11
479	mfspr   r12, SPRN_PID
480	stw     r11, 8(r0)
481	stw     r12, 12(r0)
482#else
483	mtspr	SPRN_SPRG_SCRATCH3, r12
484	mtspr	SPRN_SPRG_SCRATCH4, r9
485	mfcr	r11
486	mfspr	r12, SPRN_PID
487	mtspr	SPRN_SPRG_SCRATCH6, r11
488	mtspr	SPRN_SPRG_SCRATCH5, r12
489#endif
490	mfspr	r10, SPRN_SRR0		/* Get faulting address */
491
492	/* If we are faulting a kernel address, we have to use the
493	 * kernel page tables.
494	 */
495	lis	r11, PAGE_OFFSET@h
496	cmplw	r10, r11
497	blt+	3f
498	lis	r11, swapper_pg_dir@h
499	ori	r11, r11, swapper_pg_dir@l
500	li	r9, 0
501	mtspr	SPRN_PID, r9		/* TLB will have 0 TID */
502	b	4f
503
504	/* Get the PGD for the current thread.
505	 */
5063:
507	mfspr	r11,SPRN_SPRG_THREAD
508	lwz	r11,PGDIR(r11)
5094:
510	tophys(r11, r11)
511	rlwimi	r11, r10, 12, 20, 29	/* Create L1 (pgdir/pmd) address */
512	lwz	r12, 0(r11)		/* Get L1 entry */
513	andi.	r9, r12, _PMD_PRESENT	/* Check if it points to a PTE page */
514	beq	2f			/* Bail if no table */
515
516	rlwimi	r12, r10, 22, 20, 29	/* Compute PTE address */
517	lwz	r11, 0(r12)		/* Get Linux PTE */
518	andi.	r9, r11, _PAGE_PRESENT
519	beq	5f
520
521	ori	r11, r11, _PAGE_ACCESSED
522	stw	r11, 0(r12)
523
524	/* Create TLB tag.  This is the faulting address plus a static
525	 * set of bits.  These are size, valid, E, U0.
526	*/
527	li	r12, 0x00c0
528	rlwimi	r10, r12, 0, 20, 31
529
530	b	finish_tlb_load
531
5322:	/* Check for possible large-page pmd entry */
533	rlwinm.	r9, r12, 2, 22, 24
534	beq	5f
535
536	/* Create TLB tag.  This is the faulting address, plus a static
537	 * set of bits (valid, E, U0) plus the size from the PMD.
538	 */
539	ori	r9, r9, 0x40
540	rlwimi	r10, r9, 0, 20, 31
541	mr	r11, r12
542
543	b	finish_tlb_load
544
5455:
546	/* The bailout.  Restore registers to pre-exception conditions
547	 * and call the heavyweights to help us out.
548	 */
549#ifdef CONFIG_403GCX
550	lwz     r12, 12(r0)
551	lwz     r11, 8(r0)
552	mtspr   SPRN_PID, r12
553	mtcr    r11
554	lwz     r9, 4(r0)
555	lwz     r12, 0(r0)
556#else
557	mfspr	r12, SPRN_SPRG_SCRATCH5
558	mfspr	r11, SPRN_SPRG_SCRATCH6
559	mtspr	SPRN_PID, r12
560	mtcr	r11
561	mfspr	r9, SPRN_SPRG_SCRATCH4
562	mfspr	r12, SPRN_SPRG_SCRATCH3
563#endif
564	mfspr	r11, SPRN_SPRG_SCRATCH1
565	mfspr	r10, SPRN_SPRG_SCRATCH0
566	b	InstructionAccess
567
568	EXCEPTION(0x1300, Trap_13, unknown_exception, EXC_XFER_STD)
569	EXCEPTION(0x1400, Trap_14, unknown_exception, EXC_XFER_STD)
570	EXCEPTION(0x1500, Trap_15, unknown_exception, EXC_XFER_STD)
571	EXCEPTION(0x1600, Trap_16, unknown_exception, EXC_XFER_STD)
572#ifdef CONFIG_IBM405_ERR51
573	/* 405GP errata 51 */
574	START_EXCEPTION(0x1700, Trap_17)
575	b DTLBMiss
576#else
577	EXCEPTION(0x1700, Trap_17, unknown_exception, EXC_XFER_STD)
578#endif
579	EXCEPTION(0x1800, Trap_18, unknown_exception, EXC_XFER_STD)
580	EXCEPTION(0x1900, Trap_19, unknown_exception, EXC_XFER_STD)
581	EXCEPTION(0x1A00, Trap_1A, unknown_exception, EXC_XFER_STD)
582	EXCEPTION(0x1B00, Trap_1B, unknown_exception, EXC_XFER_STD)
583	EXCEPTION(0x1C00, Trap_1C, unknown_exception, EXC_XFER_STD)
584	EXCEPTION(0x1D00, Trap_1D, unknown_exception, EXC_XFER_STD)
585	EXCEPTION(0x1E00, Trap_1E, unknown_exception, EXC_XFER_STD)
586	EXCEPTION(0x1F00, Trap_1F, unknown_exception, EXC_XFER_STD)
587
588/* Check for a single step debug exception while in an exception
589 * handler before state has been saved.  This is to catch the case
590 * where an instruction that we are trying to single step causes
591 * an exception (eg ITLB/DTLB miss) and thus the first instruction of
592 * the exception handler generates a single step debug exception.
593 *
594 * If we get a debug trap on the first instruction of an exception handler,
595 * we reset the MSR_DE in the _exception handler's_ MSR (the debug trap is
596 * a critical exception, so we are using SPRN_CSRR1 to manipulate the MSR).
597 * The exception handler was handling a non-critical interrupt, so it will
598 * save (and later restore) the MSR via SPRN_SRR1, which will still have
599 * the MSR_DE bit set.
600 */
601	/* 0x2000 - Debug Exception */
602	START_EXCEPTION(0x2000, DebugTrap)
603	CRITICAL_EXCEPTION_PROLOG
604
605	/*
606	 * If this is a single step or branch-taken exception in an
607	 * exception entry sequence, it was probably meant to apply to
608	 * the code where the exception occurred (since exception entry
609	 * doesn't turn off DE automatically).  We simulate the effect
610	 * of turning off DE on entry to an exception handler by turning
611	 * off DE in the SRR3 value and clearing the debug status.
612	 */
613	mfspr	r10,SPRN_DBSR		/* check single-step/branch taken */
614	andis.	r10,r10,DBSR_IC@h
615	beq+	2f
616
617	andi.	r10,r9,MSR_IR|MSR_PR	/* check supervisor + MMU off */
618	beq	1f			/* branch and fix it up */
619
620	mfspr   r10,SPRN_SRR2		/* Faulting instruction address */
621	cmplwi  r10,0x2100
622	bgt+    2f			/* address above exception vectors */
623
624	/* here it looks like we got an inappropriate debug exception. */
6251:	rlwinm	r9,r9,0,~MSR_DE		/* clear DE in the SRR3 value */
626	lis	r10,DBSR_IC@h		/* clear the IC event */
627	mtspr	SPRN_DBSR,r10
628	/* restore state and get out */
629	lwz	r10,_CCR(r11)
630	lwz	r0,GPR0(r11)
631	lwz	r1,GPR1(r11)
632	mtcrf	0x80,r10
633	mtspr	SPRN_SRR2,r12
634	mtspr	SPRN_SRR3,r9
635	lwz	r9,GPR9(r11)
636	lwz	r12,GPR12(r11)
637	lwz	r10,crit_r10@l(0)
638	lwz	r11,crit_r11@l(0)
639	PPC405_ERR77_SYNC
640	rfci
641	b	.
642
643	/* continue normal handling for a critical exception... */
6442:	mfspr	r4,SPRN_DBSR
645	addi	r3,r1,STACK_FRAME_OVERHEAD
646	EXC_XFER_TEMPLATE(DebugException, 0x2002, \
647		(MSR_KERNEL & ~(MSR_ME|MSR_DE|MSR_CE)), \
648		crit_transfer_to_handler, ret_from_crit_exc)
649
650	/* Programmable Interval Timer (PIT) Exception. (from 0x1000) */
651Decrementer:
652	EXCEPTION_PROLOG
653	lis	r0,TSR_PIS@h
654	mtspr	SPRN_TSR,r0		/* Clear the PIT exception */
655	addi	r3,r1,STACK_FRAME_OVERHEAD
656	EXC_XFER_LITE(0x1000, timer_interrupt)
657
658	/* Fixed Interval Timer (FIT) Exception. (from 0x1010) */
659FITException:
660	EXCEPTION_PROLOG
661	addi	r3,r1,STACK_FRAME_OVERHEAD;
662	EXC_XFER_STD(0x1010, unknown_exception)
663
664	/* Watchdog Timer (WDT) Exception. (from 0x1020) */
665WDTException:
666	CRITICAL_EXCEPTION_PROLOG;
667	addi	r3,r1,STACK_FRAME_OVERHEAD;
668	EXC_XFER_TEMPLATE(WatchdogException, 0x1020+2,
669	                  (MSR_KERNEL & ~(MSR_ME|MSR_DE|MSR_CE)),
670			  crit_transfer_to_handler, ret_from_crit_exc)
671
672/*
673 * The other Data TLB exceptions bail out to this point
674 * if they can't resolve the lightweight TLB fault.
675 */
676DataAccess:
677	EXCEPTION_PROLOG
678	mfspr	r5,SPRN_ESR		/* Grab the ESR, save it, pass arg3 */
679	stw	r5,_ESR(r11)
680	mfspr	r4,SPRN_DEAR		/* Grab the DEAR, save it, pass arg2 */
681	stw	r4, _DEAR(r11)
682	EXC_XFER_LITE(0x300, handle_page_fault)
683
684/* Other PowerPC processors, namely those derived from the 6xx-series
685 * have vectors from 0x2100 through 0x2F00 defined, but marked as reserved.
686 * However, for the 4xx-series processors these are neither defined nor
687 * reserved.
688 */
689
690	/* Damn, I came up one instruction too many to fit into the
691	 * exception space :-).  Both the instruction and data TLB
692	 * miss get to this point to load the TLB.
693	 * 	r10 - TLB_TAG value
694	 * 	r11 - Linux PTE
695	 *	r12, r9 - available to use
696	 *	PID - loaded with proper value when we get here
697	 *	Upon exit, we reload everything and RFI.
698	 * Actually, it will fit now, but oh well.....a common place
699	 * to load the TLB.
700	 */
701tlb_4xx_index:
702	.long	0
703finish_tlb_load:
704	/* load the next available TLB index.
705	*/
706	lwz	r9, tlb_4xx_index@l(0)
707	addi	r9, r9, 1
708	andi.	r9, r9, (PPC40X_TLB_SIZE-1)
709	stw	r9, tlb_4xx_index@l(0)
710
7116:
712	/*
713	 * Clear out the software-only bits in the PTE to generate the
714	 * TLB_DATA value.  These are the bottom 2 bits of the RPM, the
715	 * top 3 bits of the zone field, and M.
716	 */
717	li	r12, 0x0ce2
718	andc	r11, r11, r12
719
720	tlbwe	r11, r9, TLB_DATA		/* Load TLB LO */
721	tlbwe	r10, r9, TLB_TAG		/* Load TLB HI */
722
723	/* Done...restore registers and get out of here.
724	*/
725#ifdef CONFIG_403GCX
726	lwz     r12, 12(r0)
727	lwz     r11, 8(r0)
728	mtspr   SPRN_PID, r12
729	mtcr    r11
730	lwz     r9, 4(r0)
731	lwz     r12, 0(r0)
732#else
733	mfspr	r12, SPRN_SPRG_SCRATCH5
734	mfspr	r11, SPRN_SPRG_SCRATCH6
735	mtspr	SPRN_PID, r12
736	mtcr	r11
737	mfspr	r9, SPRN_SPRG_SCRATCH4
738	mfspr	r12, SPRN_SPRG_SCRATCH3
739#endif
740	mfspr	r11, SPRN_SPRG_SCRATCH1
741	mfspr	r10, SPRN_SPRG_SCRATCH0
742	PPC405_ERR77_SYNC
743	rfi			/* Should sync shadow TLBs */
744	b	.		/* prevent prefetch past rfi */
745
746/* This is where the main kernel code starts.
747 */
748start_here:
749
750	/* ptr to current */
751	lis	r2,init_task@h
752	ori	r2,r2,init_task@l
753
754	/* ptr to phys current thread */
755	tophys(r4,r2)
756	addi	r4,r4,THREAD	/* init task's THREAD */
757	mtspr	SPRN_SPRG_THREAD,r4
758
759	/* stack */
760	lis	r1,init_thread_union@ha
761	addi	r1,r1,init_thread_union@l
762	li	r0,0
763	stwu	r0,THREAD_SIZE-STACK_FRAME_OVERHEAD(r1)
764
765	bl	early_init	/* We have to do this with MMU on */
766
767/*
768 * Decide what sort of machine this is and initialize the MMU.
769 */
770#ifdef CONFIG_KASAN
771	bl	kasan_early_init
772#endif
773	li	r3,0
774	mr	r4,r31
775	bl	machine_init
776	bl	MMU_init
777
778/* Go back to running unmapped so we can load up new values
779 * and change to using our exception vectors.
780 * On the 4xx, all we have to do is invalidate the TLB to clear
781 * the old 16M byte TLB mappings.
782 */
783	lis	r4,2f@h
784	ori	r4,r4,2f@l
785	tophys(r4,r4)
786	lis	r3,(MSR_KERNEL & ~(MSR_IR|MSR_DR))@h
787	ori	r3,r3,(MSR_KERNEL & ~(MSR_IR|MSR_DR))@l
788	mtspr	SPRN_SRR0,r4
789	mtspr	SPRN_SRR1,r3
790	rfi
791	b	.		/* prevent prefetch past rfi */
792
793/* Load up the kernel context */
7942:
795	sync			/* Flush to memory before changing TLB */
796	tlbia
797	isync			/* Flush shadow TLBs */
798
799	/* set up the PTE pointers for the Abatron bdiGDB.
800	*/
801	lis	r6, swapper_pg_dir@h
802	ori	r6, r6, swapper_pg_dir@l
803	lis	r5, abatron_pteptrs@h
804	ori	r5, r5, abatron_pteptrs@l
805	stw	r5, 0xf0(r0)	/* Must match your Abatron config file */
806	tophys(r5,r5)
807	stw	r6, 0(r5)
808
809/* Now turn on the MMU for real! */
810	lis	r4,MSR_KERNEL@h
811	ori	r4,r4,MSR_KERNEL@l
812	lis	r3,start_kernel@h
813	ori	r3,r3,start_kernel@l
814	mtspr	SPRN_SRR0,r3
815	mtspr	SPRN_SRR1,r4
816	rfi			/* enable MMU and jump to start_kernel */
817	b	.		/* prevent prefetch past rfi */
818
819/* Set up the initial MMU state so we can do the first level of
820 * kernel initialization.  This maps the first 16 MBytes of memory 1:1
821 * virtual to physical and more importantly sets the cache mode.
822 */
823initial_mmu:
824	tlbia			/* Invalidate all TLB entries */
825	isync
826
827	/* We should still be executing code at physical address 0x0000xxxx
828	 * at this point. However, start_here is at virtual address
829	 * 0xC000xxxx. So, set up a TLB mapping to cover this once
830	 * translation is enabled.
831	 */
832
833	lis	r3,KERNELBASE@h		/* Load the kernel virtual address */
834	ori	r3,r3,KERNELBASE@l
835	tophys(r4,r3)			/* Load the kernel physical address */
836
837	iccci	r0,r3			/* Invalidate the i-cache before use */
838
839	/* Load the kernel PID.
840	*/
841	li	r0,0
842	mtspr	SPRN_PID,r0
843	sync
844
845	/* Configure and load one entry into TLB slots 63 */
846	clrrwi	r4,r4,10		/* Mask off the real page number */
847	ori	r4,r4,(TLB_WR | TLB_EX)	/* Set the write and execute bits */
848
849	clrrwi	r3,r3,10		/* Mask off the effective page number */
850	ori	r3,r3,(TLB_VALID | TLB_PAGESZ(PAGESZ_16M))
851
852        li      r0,63                    /* TLB slot 63 */
853
854	tlbwe	r4,r0,TLB_DATA		/* Load the data portion of the entry */
855	tlbwe	r3,r0,TLB_TAG		/* Load the tag portion of the entry */
856
857	isync
858
859	/* Establish the exception vector base
860	*/
861	lis	r4,KERNELBASE@h		/* EVPR only uses the high 16-bits */
862	tophys(r0,r4)			/* Use the physical address */
863	mtspr	SPRN_EVPR,r0
864
865	blr
866
867_GLOBAL(abort)
868        mfspr   r13,SPRN_DBCR0
869        oris    r13,r13,DBCR0_RST_SYSTEM@h
870        mtspr   SPRN_DBCR0,r13
871
872_GLOBAL(set_context)
873
874#ifdef CONFIG_BDI_SWITCH
875	/* Context switch the PTE pointer for the Abatron BDI2000.
876	 * The PGDIR is the second parameter.
877	 */
878	lis	r5, abatron_pteptrs@ha
879	stw	r4, abatron_pteptrs@l + 0x4(r5)
880#endif
881	sync
882	mtspr	SPRN_PID,r3
883	isync				/* Need an isync to flush shadow */
884					/* TLBs after changing PID */
885	blr
886
887/* We put a few things here that have to be page-aligned. This stuff
888 * goes at the beginning of the data segment, which is page-aligned.
889 */
890	.data
891	.align	12
892	.globl	sdata
893sdata:
894	.globl	empty_zero_page
895empty_zero_page:
896	.space	4096
897EXPORT_SYMBOL(empty_zero_page)
898	.globl	swapper_pg_dir
899swapper_pg_dir:
900	.space	PGD_TABLE_SIZE
901
902/* Room for two PTE pointers, usually the kernel and current user pointers
903 * to their respective root page table.
904 */
905abatron_pteptrs:
906	.space	8
907