xref: /openbmc/linux/arch/powerpc/kernel/head_44x.S (revision 0ad53fe3) 
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 * Kernel execution entry point code.
4 *
5 *    Copyright (c) 1995-1996 Gary Thomas <gdt@linuxppc.org>
6 *      Initial PowerPC version.
7 *    Copyright (c) 1996 Cort Dougan <cort@cs.nmt.edu>
8 *      Rewritten for PReP
9 *    Copyright (c) 1996 Paul Mackerras <paulus@cs.anu.edu.au>
10 *      Low-level exception handers, MMU support, and rewrite.
11 *    Copyright (c) 1997 Dan Malek <dmalek@jlc.net>
12 *      PowerPC 8xx modifications.
13 *    Copyright (c) 1998-1999 TiVo, Inc.
14 *      PowerPC 403GCX modifications.
15 *    Copyright (c) 1999 Grant Erickson <grant@lcse.umn.edu>
16 *      PowerPC 403GCX/405GP modifications.
17 *    Copyright 2000 MontaVista Software Inc.
18 *	PPC405 modifications
19 *      PowerPC 403GCX/405GP modifications.
20 * 	Author: MontaVista Software, Inc.
21 *         	frank_rowand@mvista.com or source@mvista.com
22 * 	   	debbie_chu@mvista.com
23 *    Copyright 2002-2005 MontaVista Software, Inc.
24 *      PowerPC 44x support, Matt Porter <mporter@kernel.crashing.org>
25 */
26
27#include <linux/init.h>
28#include <linux/pgtable.h>
29#include <asm/processor.h>
30#include <asm/page.h>
31#include <asm/mmu.h>
32#include <asm/cputable.h>
33#include <asm/thread_info.h>
34#include <asm/ppc_asm.h>
35#include <asm/asm-offsets.h>
36#include <asm/ptrace.h>
37#include <asm/synch.h>
38#include <asm/export.h>
39#include <asm/code-patching-asm.h>
40#include "head_booke.h"
41
42
43/* As with the other PowerPC ports, it is expected that when code
44 * execution begins here, the following registers contain valid, yet
45 * optional, information:
46 *
47 *   r3 - Board info structure pointer (DRAM, frequency, MAC address, etc.)
48 *   r4 - Starting address of the init RAM disk
49 *   r5 - Ending address of the init RAM disk
50 *   r6 - Start of kernel command line string (e.g. "mem=128")
51 *   r7 - End of kernel command line string
52 *
53 */
54	__HEAD
55_ENTRY(_stext);
56_ENTRY(_start);
57	/*
58	 * Reserve a word at a fixed location to store the address
59	 * of abatron_pteptrs
60	 */
61	nop
62	mr	r31,r3		/* save device tree ptr */
63	li	r24,0		/* CPU number */
64
65#ifdef CONFIG_RELOCATABLE
66/*
67 * Relocate ourselves to the current runtime address.
68 * This is called only by the Boot CPU.
69 * "relocate" is called with our current runtime virutal
70 * address.
71 * r21 will be loaded with the physical runtime address of _stext
72 */
73	bcl	20,31,$+4			/* Get our runtime address */
740:	mflr	r21				/* Make it accessible */
75	addis	r21,r21,(_stext - 0b)@ha
76	addi	r21,r21,(_stext - 0b)@l 	/* Get our current runtime base */
77
78	/*
79	 * We have the runtime (virutal) address of our base.
80	 * We calculate our shift of offset from a 256M page.
81	 * We could map the 256M page we belong to at PAGE_OFFSET and
82	 * get going from there.
83	 */
84	lis	r4,KERNELBASE@h
85	ori	r4,r4,KERNELBASE@l
86	rlwinm	r6,r21,0,4,31			/* r6 = PHYS_START % 256M */
87	rlwinm	r5,r4,0,4,31			/* r5 = KERNELBASE % 256M */
88	subf	r3,r5,r6			/* r3 = r6 - r5 */
89	add	r3,r4,r3			/* Required Virutal Address */
90
91	bl	relocate
92#endif
93
94	bl	init_cpu_state
95
96	/*
97	 * This is where the main kernel code starts.
98	 */
99
100	/* ptr to current */
101	lis	r2,init_task@h
102	ori	r2,r2,init_task@l
103
104	/* ptr to current thread */
105	addi	r4,r2,THREAD	/* init task's THREAD */
106	mtspr	SPRN_SPRG_THREAD,r4
107
108	/* stack */
109	lis	r1,init_thread_union@h
110	ori	r1,r1,init_thread_union@l
111	li	r0,0
112	stwu	r0,THREAD_SIZE-STACK_FRAME_OVERHEAD(r1)
113
114	bl	early_init
115
116#ifdef CONFIG_RELOCATABLE
117	/*
118	 * Relocatable kernel support based on processing of dynamic
119	 * relocation entries.
120	 *
121	 * r25 will contain RPN/ERPN for the start address of memory
122	 * r21 will contain the current offset of _stext
123	 */
124	lis	r3,kernstart_addr@ha
125	la	r3,kernstart_addr@l(r3)
126
127	/*
128	 * Compute the kernstart_addr.
129	 * kernstart_addr => (r6,r8)
130	 * kernstart_addr & ~0xfffffff => (r6,r7)
131	 */
132	rlwinm	r6,r25,0,28,31	/* ERPN. Bits 32-35 of Address */
133	rlwinm	r7,r25,0,0,3	/* RPN - assuming 256 MB page size */
134	rlwinm	r8,r21,0,4,31	/* r8 = (_stext & 0xfffffff) */
135	or	r8,r7,r8	/* Compute the lower 32bit of kernstart_addr */
136
137	/* Store kernstart_addr */
138	stw	r6,0(r3)	/* higher 32bit */
139	stw	r8,4(r3)	/* lower 32bit  */
140
141	/*
142	 * Compute the virt_phys_offset :
143	 * virt_phys_offset = stext.run - kernstart_addr
144	 *
145	 * stext.run = (KERNELBASE & ~0xfffffff) + (kernstart_addr & 0xfffffff)
146	 * When we relocate, we have :
147	 *
148	 *	(kernstart_addr & 0xfffffff) = (stext.run & 0xfffffff)
149	 *
150	 * hence:
151	 *  virt_phys_offset = (KERNELBASE & ~0xfffffff) - (kernstart_addr & ~0xfffffff)
152	 *
153	 */
154
155	/* KERNELBASE&~0xfffffff => (r4,r5) */
156	li	r4, 0		/* higer 32bit */
157	lis	r5,KERNELBASE@h
158	rlwinm	r5,r5,0,0,3	/* Align to 256M, lower 32bit */
159
160	/*
161	 * 64bit subtraction.
162	 */
163	subfc	r5,r7,r5
164	subfe	r4,r6,r4
165
166	/* Store virt_phys_offset */
167	lis	r3,virt_phys_offset@ha
168	la	r3,virt_phys_offset@l(r3)
169
170	stw	r4,0(r3)
171	stw	r5,4(r3)
172
173#elif defined(CONFIG_DYNAMIC_MEMSTART)
174	/*
175	 * Mapping based, page aligned dynamic kernel loading.
176	 *
177	 * r25 will contain RPN/ERPN for the start address of memory
178	 *
179	 * Add the difference between KERNELBASE and PAGE_OFFSET to the
180	 * start of physical memory to get kernstart_addr.
181	 */
182	lis	r3,kernstart_addr@ha
183	la	r3,kernstart_addr@l(r3)
184
185	lis	r4,KERNELBASE@h
186	ori	r4,r4,KERNELBASE@l
187	lis	r5,PAGE_OFFSET@h
188	ori	r5,r5,PAGE_OFFSET@l
189	subf	r4,r5,r4
190
191	rlwinm	r6,r25,0,28,31	/* ERPN */
192	rlwinm	r7,r25,0,0,3	/* RPN - assuming 256 MB page size */
193	add	r7,r7,r4
194
195	stw	r6,0(r3)
196	stw	r7,4(r3)
197#endif
198
199/*
200 * Decide what sort of machine this is and initialize the MMU.
201 */
202#ifdef CONFIG_KASAN
203	bl	kasan_early_init
204#endif
205	li	r3,0
206	mr	r4,r31
207	bl	machine_init
208	bl	MMU_init
209
210	/* Setup PTE pointers for the Abatron bdiGDB */
211	lis	r6, swapper_pg_dir@h
212	ori	r6, r6, swapper_pg_dir@l
213	lis	r5, abatron_pteptrs@h
214	ori	r5, r5, abatron_pteptrs@l
215	lis	r4, KERNELBASE@h
216	ori	r4, r4, KERNELBASE@l
217	stw	r5, 0(r4)	/* Save abatron_pteptrs at a fixed location */
218	stw	r6, 0(r5)
219
220	/* Clear the Machine Check Syndrome Register */
221	li	r0,0
222	mtspr	SPRN_MCSR,r0
223
224	/* Let's move on */
225	lis	r4,start_kernel@h
226	ori	r4,r4,start_kernel@l
227	lis	r3,MSR_KERNEL@h
228	ori	r3,r3,MSR_KERNEL@l
229	mtspr	SPRN_SRR0,r4
230	mtspr	SPRN_SRR1,r3
231	rfi			/* change context and jump to start_kernel */
232
233/*
234 * Interrupt vector entry code
235 *
236 * The Book E MMUs are always on so we don't need to handle
237 * interrupts in real mode as with previous PPC processors. In
238 * this case we handle interrupts in the kernel virtual address
239 * space.
240 *
241 * Interrupt vectors are dynamically placed relative to the
242 * interrupt prefix as determined by the address of interrupt_base.
243 * The interrupt vectors offsets are programmed using the labels
244 * for each interrupt vector entry.
245 *
246 * Interrupt vectors must be aligned on a 16 byte boundary.
247 * We align on a 32 byte cache line boundary for good measure.
248 */
249
250interrupt_base:
251	/* Critical Input Interrupt */
252	CRITICAL_EXCEPTION(0x0100, CRITICAL, CriticalInput, unknown_exception)
253
254	/* Machine Check Interrupt */
255	CRITICAL_EXCEPTION(0x0200, MACHINE_CHECK, MachineCheck, \
256			   machine_check_exception)
257	MCHECK_EXCEPTION(0x0210, MachineCheckA, machine_check_exception)
258
259	/* Data Storage Interrupt */
260	DATA_STORAGE_EXCEPTION
261
262		/* Instruction Storage Interrupt */
263	INSTRUCTION_STORAGE_EXCEPTION
264
265	/* External Input Interrupt */
266	EXCEPTION(0x0500, BOOKE_INTERRUPT_EXTERNAL, ExternalInput, do_IRQ)
267
268	/* Alignment Interrupt */
269	ALIGNMENT_EXCEPTION
270
271	/* Program Interrupt */
272	PROGRAM_EXCEPTION
273
274	/* Floating Point Unavailable Interrupt */
275#ifdef CONFIG_PPC_FPU
276	FP_UNAVAILABLE_EXCEPTION
277#else
278	EXCEPTION(0x2010, BOOKE_INTERRUPT_FP_UNAVAIL, \
279		  FloatingPointUnavailable, unknown_exception)
280#endif
281	/* System Call Interrupt */
282	START_EXCEPTION(SystemCall)
283	SYSCALL_ENTRY   0xc00 BOOKE_INTERRUPT_SYSCALL
284
285	/* Auxiliary Processor Unavailable Interrupt */
286	EXCEPTION(0x2020, BOOKE_INTERRUPT_AP_UNAVAIL, \
287		  AuxillaryProcessorUnavailable, unknown_exception)
288
289	/* Decrementer Interrupt */
290	DECREMENTER_EXCEPTION
291
292	/* Fixed Internal Timer Interrupt */
293	/* TODO: Add FIT support */
294	EXCEPTION(0x1010, BOOKE_INTERRUPT_FIT, FixedIntervalTimer, unknown_exception)
295
296	/* Watchdog Timer Interrupt */
297	/* TODO: Add watchdog support */
298#ifdef CONFIG_BOOKE_WDT
299	CRITICAL_EXCEPTION(0x1020, WATCHDOG, WatchdogTimer, WatchdogException)
300#else
301	CRITICAL_EXCEPTION(0x1020, WATCHDOG, WatchdogTimer, unknown_exception)
302#endif
303
304	/* Data TLB Error Interrupt */
305	START_EXCEPTION(DataTLBError44x)
306	mtspr	SPRN_SPRG_WSCRATCH0, r10		/* Save some working registers */
307	mtspr	SPRN_SPRG_WSCRATCH1, r11
308	mtspr	SPRN_SPRG_WSCRATCH2, r12
309	mtspr	SPRN_SPRG_WSCRATCH3, r13
310	mfcr	r11
311	mtspr	SPRN_SPRG_WSCRATCH4, r11
312	mfspr	r10, SPRN_DEAR		/* Get faulting address */
313
314	/* If we are faulting a kernel address, we have to use the
315	 * kernel page tables.
316	 */
317	lis	r11, PAGE_OFFSET@h
318	cmplw	r10, r11
319	blt+	3f
320	lis	r11, swapper_pg_dir@h
321	ori	r11, r11, swapper_pg_dir@l
322
323	mfspr	r12,SPRN_MMUCR
324	rlwinm	r12,r12,0,0,23		/* Clear TID */
325
326	b	4f
327
328	/* Get the PGD for the current thread */
3293:
330	mfspr	r11,SPRN_SPRG_THREAD
331	lwz	r11,PGDIR(r11)
332
333	/* Load PID into MMUCR TID */
334	mfspr	r12,SPRN_MMUCR
335	mfspr   r13,SPRN_PID		/* Get PID */
336	rlwimi	r12,r13,0,24,31		/* Set TID */
337
3384:
339	mtspr	SPRN_MMUCR,r12
340
341	/* Mask of required permission bits. Note that while we
342	 * do copy ESR:ST to _PAGE_RW position as trying to write
343	 * to an RO page is pretty common, we don't do it with
344	 * _PAGE_DIRTY. We could do it, but it's a fairly rare
345	 * event so I'd rather take the overhead when it happens
346	 * rather than adding an instruction here. We should measure
347	 * whether the whole thing is worth it in the first place
348	 * as we could avoid loading SPRN_ESR completely in the first
349	 * place...
350	 *
351	 * TODO: Is it worth doing that mfspr & rlwimi in the first
352	 *       place or can we save a couple of instructions here ?
353	 */
354	mfspr	r12,SPRN_ESR
355	li	r13,_PAGE_PRESENT|_PAGE_ACCESSED
356	rlwimi	r13,r12,10,30,30
357
358	/* Load the PTE */
359	/* Compute pgdir/pmd offset */
360	rlwinm  r12, r10, PPC44x_PGD_OFF_SHIFT, PPC44x_PGD_OFF_MASK_BIT, 29
361	lwzx	r11, r12, r11		/* Get pgd/pmd entry */
362	rlwinm.	r12, r11, 0, 0, 20	/* Extract pt base address */
363	beq	2f			/* Bail if no table */
364
365	/* Compute pte address */
366	rlwimi  r12, r10, PPC44x_PTE_ADD_SHIFT, PPC44x_PTE_ADD_MASK_BIT, 28
367	lwz	r11, 0(r12)		/* Get high word of pte entry */
368	lwz	r12, 4(r12)		/* Get low word of pte entry */
369
370	lis	r10,tlb_44x_index@ha
371
372	andc.	r13,r13,r12		/* Check permission */
373
374	/* Load the next available TLB index */
375	lwz	r13,tlb_44x_index@l(r10)
376
377	bne	2f			/* Bail if permission mismatch */
378
379	/* Increment, rollover, and store TLB index */
380	addi	r13,r13,1
381
382	patch_site 0f, patch__tlb_44x_hwater_D
383	/* Compare with watermark (instruction gets patched) */
3840:	cmpwi	0,r13,1			/* reserve entries */
385	ble	5f
386	li	r13,0
3875:
388	/* Store the next available TLB index */
389	stw	r13,tlb_44x_index@l(r10)
390
391	/* Re-load the faulting address */
392	mfspr	r10,SPRN_DEAR
393
394	 /* Jump to common tlb load */
395	b	finish_tlb_load_44x
396
3972:
398	/* The bailout.  Restore registers to pre-exception conditions
399	 * and call the heavyweights to help us out.
400	 */
401	mfspr	r11, SPRN_SPRG_RSCRATCH4
402	mtcr	r11
403	mfspr	r13, SPRN_SPRG_RSCRATCH3
404	mfspr	r12, SPRN_SPRG_RSCRATCH2
405	mfspr	r11, SPRN_SPRG_RSCRATCH1
406	mfspr	r10, SPRN_SPRG_RSCRATCH0
407	b	DataStorage
408
409	/* Instruction TLB Error Interrupt */
410	/*
411	 * Nearly the same as above, except we get our
412	 * information from different registers and bailout
413	 * to a different point.
414	 */
415	START_EXCEPTION(InstructionTLBError44x)
416	mtspr	SPRN_SPRG_WSCRATCH0, r10 /* Save some working registers */
417	mtspr	SPRN_SPRG_WSCRATCH1, r11
418	mtspr	SPRN_SPRG_WSCRATCH2, r12
419	mtspr	SPRN_SPRG_WSCRATCH3, r13
420	mfcr	r11
421	mtspr	SPRN_SPRG_WSCRATCH4, r11
422	mfspr	r10, SPRN_SRR0		/* Get faulting address */
423
424	/* If we are faulting a kernel address, we have to use the
425	 * kernel page tables.
426	 */
427	lis	r11, PAGE_OFFSET@h
428	cmplw	r10, r11
429	blt+	3f
430	lis	r11, swapper_pg_dir@h
431	ori	r11, r11, swapper_pg_dir@l
432
433	mfspr	r12,SPRN_MMUCR
434	rlwinm	r12,r12,0,0,23		/* Clear TID */
435
436	b	4f
437
438	/* Get the PGD for the current thread */
4393:
440	mfspr	r11,SPRN_SPRG_THREAD
441	lwz	r11,PGDIR(r11)
442
443	/* Load PID into MMUCR TID */
444	mfspr	r12,SPRN_MMUCR
445	mfspr   r13,SPRN_PID		/* Get PID */
446	rlwimi	r12,r13,0,24,31		/* Set TID */
447
4484:
449	mtspr	SPRN_MMUCR,r12
450
451	/* Make up the required permissions */
452	li	r13,_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_EXEC
453
454	/* Compute pgdir/pmd offset */
455	rlwinm 	r12, r10, PPC44x_PGD_OFF_SHIFT, PPC44x_PGD_OFF_MASK_BIT, 29
456	lwzx	r11, r12, r11		/* Get pgd/pmd entry */
457	rlwinm.	r12, r11, 0, 0, 20	/* Extract pt base address */
458	beq	2f			/* Bail if no table */
459
460	/* Compute pte address */
461	rlwimi	r12, r10, PPC44x_PTE_ADD_SHIFT, PPC44x_PTE_ADD_MASK_BIT, 28
462	lwz	r11, 0(r12)		/* Get high word of pte entry */
463	lwz	r12, 4(r12)		/* Get low word of pte entry */
464
465	lis	r10,tlb_44x_index@ha
466
467	andc.	r13,r13,r12		/* Check permission */
468
469	/* Load the next available TLB index */
470	lwz	r13,tlb_44x_index@l(r10)
471
472	bne	2f			/* Bail if permission mismatch */
473
474	/* Increment, rollover, and store TLB index */
475	addi	r13,r13,1
476
477	patch_site 0f, patch__tlb_44x_hwater_I
478	/* Compare with watermark (instruction gets patched) */
4790:	cmpwi	0,r13,1			/* reserve entries */
480	ble	5f
481	li	r13,0
4825:
483	/* Store the next available TLB index */
484	stw	r13,tlb_44x_index@l(r10)
485
486	/* Re-load the faulting address */
487	mfspr	r10,SPRN_SRR0
488
489	/* Jump to common TLB load point */
490	b	finish_tlb_load_44x
491
4922:
493	/* The bailout.  Restore registers to pre-exception conditions
494	 * and call the heavyweights to help us out.
495	 */
496	mfspr	r11, SPRN_SPRG_RSCRATCH4
497	mtcr	r11
498	mfspr	r13, SPRN_SPRG_RSCRATCH3
499	mfspr	r12, SPRN_SPRG_RSCRATCH2
500	mfspr	r11, SPRN_SPRG_RSCRATCH1
501	mfspr	r10, SPRN_SPRG_RSCRATCH0
502	b	InstructionStorage
503
504/*
505 * Both the instruction and data TLB miss get to this
506 * point to load the TLB.
507 * 	r10 - EA of fault
508 * 	r11 - PTE high word value
509 *	r12 - PTE low word value
510 *	r13 - TLB index
511 *	MMUCR - loaded with proper value when we get here
512 *	Upon exit, we reload everything and RFI.
513 */
514finish_tlb_load_44x:
515	/* Combine RPN & ERPN an write WS 0 */
516	rlwimi	r11,r12,0,0,31-PAGE_SHIFT
517	tlbwe	r11,r13,PPC44x_TLB_XLAT
518
519	/*
520	 * Create WS1. This is the faulting address (EPN),
521	 * page size, and valid flag.
522	 */
523	li	r11,PPC44x_TLB_VALID | PPC44x_TLBE_SIZE
524	/* Insert valid and page size */
525	rlwimi	r10,r11,0,PPC44x_PTE_ADD_MASK_BIT,31
526	tlbwe	r10,r13,PPC44x_TLB_PAGEID	/* Write PAGEID */
527
528	/* And WS 2 */
529	li	r10,0xf85			/* Mask to apply from PTE */
530	rlwimi	r10,r12,29,30,30		/* DIRTY -> SW position */
531	and	r11,r12,r10			/* Mask PTE bits to keep */
532	andi.	r10,r12,_PAGE_USER		/* User page ? */
533	beq	1f				/* nope, leave U bits empty */
534	rlwimi	r11,r11,3,26,28			/* yes, copy S bits to U */
535#ifdef CONFIG_PPC_KUEP
5360:	rlwinm	r11,r11,0,~PPC44x_TLB_SX	/* Clear SX if User page */
537	patch_site 0b, patch__tlb_44x_kuep
538#endif
5391:	tlbwe	r11,r13,PPC44x_TLB_ATTRIB	/* Write ATTRIB */
540
541	/* Done...restore registers and get out of here.
542	*/
543	mfspr	r11, SPRN_SPRG_RSCRATCH4
544	mtcr	r11
545	mfspr	r13, SPRN_SPRG_RSCRATCH3
546	mfspr	r12, SPRN_SPRG_RSCRATCH2
547	mfspr	r11, SPRN_SPRG_RSCRATCH1
548	mfspr	r10, SPRN_SPRG_RSCRATCH0
549	rfi					/* Force context change */
550
551/* TLB error interrupts for 476
552 */
553#ifdef CONFIG_PPC_47x
554	START_EXCEPTION(DataTLBError47x)
555	mtspr	SPRN_SPRG_WSCRATCH0,r10	/* Save some working registers */
556	mtspr	SPRN_SPRG_WSCRATCH1,r11
557	mtspr	SPRN_SPRG_WSCRATCH2,r12
558	mtspr	SPRN_SPRG_WSCRATCH3,r13
559	mfcr	r11
560	mtspr	SPRN_SPRG_WSCRATCH4,r11
561	mfspr	r10,SPRN_DEAR		/* Get faulting address */
562
563	/* If we are faulting a kernel address, we have to use the
564	 * kernel page tables.
565	 */
566	lis	r11,PAGE_OFFSET@h
567	cmplw	cr0,r10,r11
568	blt+	3f
569	lis	r11,swapper_pg_dir@h
570	ori	r11,r11, swapper_pg_dir@l
571	li	r12,0			/* MMUCR = 0 */
572	b	4f
573
574	/* Get the PGD for the current thread and setup MMUCR */
5753:	mfspr	r11,SPRN_SPRG3
576	lwz	r11,PGDIR(r11)
577	mfspr   r12,SPRN_PID		/* Get PID */
5784:	mtspr	SPRN_MMUCR,r12		/* Set MMUCR */
579
580	/* Mask of required permission bits. Note that while we
581	 * do copy ESR:ST to _PAGE_RW position as trying to write
582	 * to an RO page is pretty common, we don't do it with
583	 * _PAGE_DIRTY. We could do it, but it's a fairly rare
584	 * event so I'd rather take the overhead when it happens
585	 * rather than adding an instruction here. We should measure
586	 * whether the whole thing is worth it in the first place
587	 * as we could avoid loading SPRN_ESR completely in the first
588	 * place...
589	 *
590	 * TODO: Is it worth doing that mfspr & rlwimi in the first
591	 *       place or can we save a couple of instructions here ?
592	 */
593	mfspr	r12,SPRN_ESR
594	li	r13,_PAGE_PRESENT|_PAGE_ACCESSED
595	rlwimi	r13,r12,10,30,30
596
597	/* Load the PTE */
598	/* Compute pgdir/pmd offset */
599	rlwinm  r12,r10,PPC44x_PGD_OFF_SHIFT,PPC44x_PGD_OFF_MASK_BIT,29
600	lwzx	r11,r12,r11		/* Get pgd/pmd entry */
601
602	/* Word 0 is EPN,V,TS,DSIZ */
603	li	r12,PPC47x_TLB0_VALID | PPC47x_TLBE_SIZE
604	rlwimi	r10,r12,0,32-PAGE_SHIFT,31	/* Insert valid and page size*/
605	li	r12,0
606	tlbwe	r10,r12,0
607
608	/* XXX can we do better ? Need to make sure tlbwe has established
609	 * latch V bit in MMUCR0 before the PTE is loaded further down */
610#ifdef CONFIG_SMP
611	isync
612#endif
613
614	rlwinm.	r12,r11,0,0,20		/* Extract pt base address */
615	/* Compute pte address */
616	rlwimi  r12,r10,PPC44x_PTE_ADD_SHIFT,PPC44x_PTE_ADD_MASK_BIT,28
617	beq	2f			/* Bail if no table */
618	lwz	r11,0(r12)		/* Get high word of pte entry */
619
620	/* XXX can we do better ? maybe insert a known 0 bit from r11 into the
621	 * bottom of r12 to create a data dependency... We can also use r10
622	 * as destination nowadays
623	 */
624#ifdef CONFIG_SMP
625	lwsync
626#endif
627	lwz	r12,4(r12)		/* Get low word of pte entry */
628
629	andc.	r13,r13,r12		/* Check permission */
630
631	 /* Jump to common tlb load */
632	beq	finish_tlb_load_47x
633
6342:	/* The bailout.  Restore registers to pre-exception conditions
635	 * and call the heavyweights to help us out.
636	 */
637	mfspr	r11,SPRN_SPRG_RSCRATCH4
638	mtcr	r11
639	mfspr	r13,SPRN_SPRG_RSCRATCH3
640	mfspr	r12,SPRN_SPRG_RSCRATCH2
641	mfspr	r11,SPRN_SPRG_RSCRATCH1
642	mfspr	r10,SPRN_SPRG_RSCRATCH0
643	b	DataStorage
644
645	/* Instruction TLB Error Interrupt */
646	/*
647	 * Nearly the same as above, except we get our
648	 * information from different registers and bailout
649	 * to a different point.
650	 */
651	START_EXCEPTION(InstructionTLBError47x)
652	mtspr	SPRN_SPRG_WSCRATCH0,r10	/* Save some working registers */
653	mtspr	SPRN_SPRG_WSCRATCH1,r11
654	mtspr	SPRN_SPRG_WSCRATCH2,r12
655	mtspr	SPRN_SPRG_WSCRATCH3,r13
656	mfcr	r11
657	mtspr	SPRN_SPRG_WSCRATCH4,r11
658	mfspr	r10,SPRN_SRR0		/* Get faulting address */
659
660	/* If we are faulting a kernel address, we have to use the
661	 * kernel page tables.
662	 */
663	lis	r11,PAGE_OFFSET@h
664	cmplw	cr0,r10,r11
665	blt+	3f
666	lis	r11,swapper_pg_dir@h
667	ori	r11,r11, swapper_pg_dir@l
668	li	r12,0			/* MMUCR = 0 */
669	b	4f
670
671	/* Get the PGD for the current thread and setup MMUCR */
6723:	mfspr	r11,SPRN_SPRG_THREAD
673	lwz	r11,PGDIR(r11)
674	mfspr   r12,SPRN_PID		/* Get PID */
6754:	mtspr	SPRN_MMUCR,r12		/* Set MMUCR */
676
677	/* Make up the required permissions */
678	li	r13,_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_EXEC
679
680	/* Load PTE */
681	/* Compute pgdir/pmd offset */
682	rlwinm  r12,r10,PPC44x_PGD_OFF_SHIFT,PPC44x_PGD_OFF_MASK_BIT,29
683	lwzx	r11,r12,r11		/* Get pgd/pmd entry */
684
685	/* Word 0 is EPN,V,TS,DSIZ */
686	li	r12,PPC47x_TLB0_VALID | PPC47x_TLBE_SIZE
687	rlwimi	r10,r12,0,32-PAGE_SHIFT,31	/* Insert valid and page size*/
688	li	r12,0
689	tlbwe	r10,r12,0
690
691	/* XXX can we do better ? Need to make sure tlbwe has established
692	 * latch V bit in MMUCR0 before the PTE is loaded further down */
693#ifdef CONFIG_SMP
694	isync
695#endif
696
697	rlwinm.	r12,r11,0,0,20		/* Extract pt base address */
698	/* Compute pte address */
699	rlwimi  r12,r10,PPC44x_PTE_ADD_SHIFT,PPC44x_PTE_ADD_MASK_BIT,28
700	beq	2f			/* Bail if no table */
701
702	lwz	r11,0(r12)		/* Get high word of pte entry */
703	/* XXX can we do better ? maybe insert a known 0 bit from r11 into the
704	 * bottom of r12 to create a data dependency... We can also use r10
705	 * as destination nowadays
706	 */
707#ifdef CONFIG_SMP
708	lwsync
709#endif
710	lwz	r12,4(r12)		/* Get low word of pte entry */
711
712	andc.	r13,r13,r12		/* Check permission */
713
714	/* Jump to common TLB load point */
715	beq	finish_tlb_load_47x
716
7172:	/* The bailout.  Restore registers to pre-exception conditions
718	 * and call the heavyweights to help us out.
719	 */
720	mfspr	r11, SPRN_SPRG_RSCRATCH4
721	mtcr	r11
722	mfspr	r13, SPRN_SPRG_RSCRATCH3
723	mfspr	r12, SPRN_SPRG_RSCRATCH2
724	mfspr	r11, SPRN_SPRG_RSCRATCH1
725	mfspr	r10, SPRN_SPRG_RSCRATCH0
726	b	InstructionStorage
727
728/*
729 * Both the instruction and data TLB miss get to this
730 * point to load the TLB.
731 * 	r10 - free to use
732 * 	r11 - PTE high word value
733 *	r12 - PTE low word value
734 *      r13 - free to use
735 *	MMUCR - loaded with proper value when we get here
736 *	Upon exit, we reload everything and RFI.
737 */
738finish_tlb_load_47x:
739	/* Combine RPN & ERPN an write WS 1 */
740	rlwimi	r11,r12,0,0,31-PAGE_SHIFT
741	tlbwe	r11,r13,1
742
743	/* And make up word 2 */
744	li	r10,0xf85			/* Mask to apply from PTE */
745	rlwimi	r10,r12,29,30,30		/* DIRTY -> SW position */
746	and	r11,r12,r10			/* Mask PTE bits to keep */
747	andi.	r10,r12,_PAGE_USER		/* User page ? */
748	beq	1f				/* nope, leave U bits empty */
749	rlwimi	r11,r11,3,26,28			/* yes, copy S bits to U */
750#ifdef CONFIG_PPC_KUEP
7510:	rlwinm	r11,r11,0,~PPC47x_TLB2_SX	/* Clear SX if User page */
752	patch_site 0b, patch__tlb_47x_kuep
753#endif
7541:	tlbwe	r11,r13,2
755
756	/* Done...restore registers and get out of here.
757	*/
758	mfspr	r11, SPRN_SPRG_RSCRATCH4
759	mtcr	r11
760	mfspr	r13, SPRN_SPRG_RSCRATCH3
761	mfspr	r12, SPRN_SPRG_RSCRATCH2
762	mfspr	r11, SPRN_SPRG_RSCRATCH1
763	mfspr	r10, SPRN_SPRG_RSCRATCH0
764	rfi
765
766#endif /* CONFIG_PPC_47x */
767
768	/* Debug Interrupt */
769	/*
770	 * This statement needs to exist at the end of the IVPR
771	 * definition just in case you end up taking a debug
772	 * exception within another exception.
773	 */
774	DEBUG_CRIT_EXCEPTION
775
776interrupt_end:
777
778/*
779 * Global functions
780 */
781
782/*
783 * Adjust the machine check IVOR on 440A cores
784 */
785_GLOBAL(__fixup_440A_mcheck)
786	li	r3,MachineCheckA@l
787	mtspr	SPRN_IVOR1,r3
788	sync
789	blr
790
791/*
792 * Init CPU state. This is called at boot time or for secondary CPUs
793 * to setup initial TLB entries, setup IVORs, etc...
794 *
795 */
796_GLOBAL(init_cpu_state)
797	mflr	r22
798#ifdef CONFIG_PPC_47x
799	/* We use the PVR to differentiate 44x cores from 476 */
800	mfspr	r3,SPRN_PVR
801	srwi	r3,r3,16
802	cmplwi	cr0,r3,PVR_476FPE@h
803	beq	head_start_47x
804	cmplwi	cr0,r3,PVR_476@h
805	beq	head_start_47x
806	cmplwi	cr0,r3,PVR_476_ISS@h
807	beq	head_start_47x
808#endif /* CONFIG_PPC_47x */
809
810/*
811 * In case the firmware didn't do it, we apply some workarounds
812 * that are good for all 440 core variants here
813 */
814	mfspr	r3,SPRN_CCR0
815	rlwinm	r3,r3,0,0,27	/* disable icache prefetch */
816	isync
817	mtspr	SPRN_CCR0,r3
818	isync
819	sync
820
821/*
822 * Set up the initial MMU state for 44x
823 *
824 * We are still executing code at the virtual address
825 * mappings set by the firmware for the base of RAM.
826 *
827 * We first invalidate all TLB entries but the one
828 * we are running from.  We then load the KERNELBASE
829 * mappings so we can begin to use kernel addresses
830 * natively and so the interrupt vector locations are
831 * permanently pinned (necessary since Book E
832 * implementations always have translation enabled).
833 *
834 * TODO: Use the known TLB entry we are running from to
835 *	 determine which physical region we are located
836 *	 in.  This can be used to determine where in RAM
837 *	 (on a shared CPU system) or PCI memory space
838 *	 (on a DRAMless system) we are located.
839 *       For now, we assume a perfect world which means
840 *	 we are located at the base of DRAM (physical 0).
841 */
842
843/*
844 * Search TLB for entry that we are currently using.
845 * Invalidate all entries but the one we are using.
846 */
847	/* Load our current PID->MMUCR TID and MSR IS->MMUCR STS */
848	mfspr	r3,SPRN_PID			/* Get PID */
849	mfmsr	r4				/* Get MSR */
850	andi.	r4,r4,MSR_IS@l			/* TS=1? */
851	beq	wmmucr				/* If not, leave STS=0 */
852	oris	r3,r3,PPC44x_MMUCR_STS@h	/* Set STS=1 */
853wmmucr:	mtspr	SPRN_MMUCR,r3			/* Put MMUCR */
854	sync
855
856	bcl	20,31,$+4			/* Find our address */
857invstr:	mflr	r5				/* Make it accessible */
858	tlbsx	r23,0,r5			/* Find entry we are in */
859	li	r4,0				/* Start at TLB entry 0 */
860	li	r3,0				/* Set PAGEID inval value */
8611:	cmpw	r23,r4				/* Is this our entry? */
862	beq	skpinv				/* If so, skip the inval */
863	tlbwe	r3,r4,PPC44x_TLB_PAGEID		/* If not, inval the entry */
864skpinv:	addi	r4,r4,1				/* Increment */
865	cmpwi	r4,64				/* Are we done? */
866	bne	1b				/* If not, repeat */
867	isync					/* If so, context change */
868
869/*
870 * Configure and load pinned entry into TLB slot 63.
871 */
872#ifdef CONFIG_NONSTATIC_KERNEL
873	/*
874	 * In case of a NONSTATIC_KERNEL we reuse the TLB XLAT
875	 * entries of the initial mapping set by the boot loader.
876	 * The XLAT entry is stored in r25
877	 */
878
879	/* Read the XLAT entry for our current mapping */
880	tlbre	r25,r23,PPC44x_TLB_XLAT
881
882	lis	r3,KERNELBASE@h
883	ori	r3,r3,KERNELBASE@l
884
885	/* Use our current RPN entry */
886	mr	r4,r25
887#else
888
889	lis	r3,PAGE_OFFSET@h
890	ori	r3,r3,PAGE_OFFSET@l
891
892	/* Kernel is at the base of RAM */
893	li r4, 0			/* Load the kernel physical address */
894#endif
895
896	/* Load the kernel PID = 0 */
897	li	r0,0
898	mtspr	SPRN_PID,r0
899	sync
900
901	/* Initialize MMUCR */
902	li	r5,0
903	mtspr	SPRN_MMUCR,r5
904	sync
905
906	/* pageid fields */
907	clrrwi	r3,r3,10		/* Mask off the effective page number */
908	ori	r3,r3,PPC44x_TLB_VALID | PPC44x_TLB_256M
909
910	/* xlat fields */
911	clrrwi	r4,r4,10		/* Mask off the real page number */
912					/* ERPN is 0 for first 4GB page */
913
914	/* attrib fields */
915	/* Added guarded bit to protect against speculative loads/stores */
916	li	r5,0
917	ori	r5,r5,(PPC44x_TLB_SW | PPC44x_TLB_SR | PPC44x_TLB_SX | PPC44x_TLB_G)
918
919        li      r0,63                    /* TLB slot 63 */
920
921	tlbwe	r3,r0,PPC44x_TLB_PAGEID	/* Load the pageid fields */
922	tlbwe	r4,r0,PPC44x_TLB_XLAT	/* Load the translation fields */
923	tlbwe	r5,r0,PPC44x_TLB_ATTRIB	/* Load the attrib/access fields */
924
925	/* Force context change */
926	mfmsr	r0
927	mtspr	SPRN_SRR1, r0
928	lis	r0,3f@h
929	ori	r0,r0,3f@l
930	mtspr	SPRN_SRR0,r0
931	sync
932	rfi
933
934	/* If necessary, invalidate original entry we used */
9353:	cmpwi	r23,63
936	beq	4f
937	li	r6,0
938	tlbwe   r6,r23,PPC44x_TLB_PAGEID
939	isync
940
9414:
942#ifdef CONFIG_PPC_EARLY_DEBUG_44x
943	/* Add UART mapping for early debug. */
944
945	/* pageid fields */
946	lis	r3,PPC44x_EARLY_DEBUG_VIRTADDR@h
947	ori	r3,r3,PPC44x_TLB_VALID|PPC44x_TLB_TS|PPC44x_TLB_64K
948
949	/* xlat fields */
950	lis	r4,CONFIG_PPC_EARLY_DEBUG_44x_PHYSLOW@h
951	ori	r4,r4,CONFIG_PPC_EARLY_DEBUG_44x_PHYSHIGH
952
953	/* attrib fields */
954	li	r5,(PPC44x_TLB_SW|PPC44x_TLB_SR|PPC44x_TLB_I|PPC44x_TLB_G)
955        li      r0,62                    /* TLB slot 0 */
956
957	tlbwe	r3,r0,PPC44x_TLB_PAGEID
958	tlbwe	r4,r0,PPC44x_TLB_XLAT
959	tlbwe	r5,r0,PPC44x_TLB_ATTRIB
960
961	/* Force context change */
962	isync
963#endif /* CONFIG_PPC_EARLY_DEBUG_44x */
964
965	/* Establish the interrupt vector offsets */
966	SET_IVOR(0,  CriticalInput);
967	SET_IVOR(1,  MachineCheck);
968	SET_IVOR(2,  DataStorage);
969	SET_IVOR(3,  InstructionStorage);
970	SET_IVOR(4,  ExternalInput);
971	SET_IVOR(5,  Alignment);
972	SET_IVOR(6,  Program);
973	SET_IVOR(7,  FloatingPointUnavailable);
974	SET_IVOR(8,  SystemCall);
975	SET_IVOR(9,  AuxillaryProcessorUnavailable);
976	SET_IVOR(10, Decrementer);
977	SET_IVOR(11, FixedIntervalTimer);
978	SET_IVOR(12, WatchdogTimer);
979	SET_IVOR(13, DataTLBError44x);
980	SET_IVOR(14, InstructionTLBError44x);
981	SET_IVOR(15, DebugCrit);
982
983	b	head_start_common
984
985
986#ifdef CONFIG_PPC_47x
987
988#ifdef CONFIG_SMP
989
990/* Entry point for secondary 47x processors */
991_GLOBAL(start_secondary_47x)
992        mr      r24,r3          /* CPU number */
993
994	bl	init_cpu_state
995
996	/* Now we need to bolt the rest of kernel memory which
997	 * is done in C code. We must be careful because our task
998	 * struct or our stack can (and will probably) be out
999	 * of reach of the initial 256M TLB entry, so we use a
1000	 * small temporary stack in .bss for that. This works
1001	 * because only one CPU at a time can be in this code
1002	 */
1003	lis	r1,temp_boot_stack@h
1004	ori	r1,r1,temp_boot_stack@l
1005	addi	r1,r1,1024-STACK_FRAME_OVERHEAD
1006	li	r0,0
1007	stw	r0,0(r1)
1008	bl	mmu_init_secondary
1009
1010	/* Now we can get our task struct and real stack pointer */
1011
1012	/* Get current's stack and current */
1013	lis	r2,secondary_current@ha
1014	lwz	r2,secondary_current@l(r2)
1015	lwz	r1,TASK_STACK(r2)
1016
1017	/* Current stack pointer */
1018	addi	r1,r1,THREAD_SIZE-STACK_FRAME_OVERHEAD
1019	li	r0,0
1020	stw	r0,0(r1)
1021
1022	/* Kernel stack for exception entry in SPRG3 */
1023	addi	r4,r2,THREAD	/* init task's THREAD */
1024	mtspr	SPRN_SPRG3,r4
1025
1026	b	start_secondary
1027
1028#endif /* CONFIG_SMP */
1029
1030/*
1031 * Set up the initial MMU state for 44x
1032 *
1033 * We are still executing code at the virtual address
1034 * mappings set by the firmware for the base of RAM.
1035 */
1036
1037head_start_47x:
1038	/* Load our current PID->MMUCR TID and MSR IS->MMUCR STS */
1039	mfspr	r3,SPRN_PID			/* Get PID */
1040	mfmsr	r4				/* Get MSR */
1041	andi.	r4,r4,MSR_IS@l			/* TS=1? */
1042	beq	1f				/* If not, leave STS=0 */
1043	oris	r3,r3,PPC47x_MMUCR_STS@h	/* Set STS=1 */
10441:	mtspr	SPRN_MMUCR,r3			/* Put MMUCR */
1045	sync
1046
1047	/* Find the entry we are running from */
1048	bcl	20,31,$+4
10491:	mflr	r23
1050	tlbsx	r23,0,r23
1051	tlbre	r24,r23,0
1052	tlbre	r25,r23,1
1053	tlbre	r26,r23,2
1054
1055/*
1056 * Cleanup time
1057 */
1058
1059	/* Initialize MMUCR */
1060	li	r5,0
1061	mtspr	SPRN_MMUCR,r5
1062	sync
1063
1064clear_all_utlb_entries:
1065
1066	#; Set initial values.
1067
1068	addis		r3,0,0x8000
1069	addi		r4,0,0
1070	addi		r5,0,0
1071	b		clear_utlb_entry
1072
1073	#; Align the loop to speed things up.
1074
1075	.align		6
1076
1077clear_utlb_entry:
1078
1079	tlbwe		r4,r3,0
1080	tlbwe		r5,r3,1
1081	tlbwe		r5,r3,2
1082	addis		r3,r3,0x2000
1083	cmpwi		r3,0
1084	bne		clear_utlb_entry
1085	addis		r3,0,0x8000
1086	addis		r4,r4,0x100
1087	cmpwi		r4,0
1088	bne		clear_utlb_entry
1089
1090	#; Restore original entry.
1091
1092	oris	r23,r23,0x8000  /* specify the way */
1093	tlbwe		r24,r23,0
1094	tlbwe		r25,r23,1
1095	tlbwe		r26,r23,2
1096
1097/*
1098 * Configure and load pinned entry into TLB for the kernel core
1099 */
1100
1101	lis	r3,PAGE_OFFSET@h
1102	ori	r3,r3,PAGE_OFFSET@l
1103
1104	/* Load the kernel PID = 0 */
1105	li	r0,0
1106	mtspr	SPRN_PID,r0
1107	sync
1108
1109	/* Word 0 */
1110	clrrwi	r3,r3,12		/* Mask off the effective page number */
1111	ori	r3,r3,PPC47x_TLB0_VALID | PPC47x_TLB0_256M
1112
1113	/* Word 1 - use r25.  RPN is the same as the original entry */
1114
1115	/* Word 2 */
1116	li	r5,0
1117	ori	r5,r5,PPC47x_TLB2_S_RWX
1118#ifdef CONFIG_SMP
1119	ori	r5,r5,PPC47x_TLB2_M
1120#endif
1121
1122	/* We write to way 0 and bolted 0 */
1123	lis	r0,0x8800
1124	tlbwe	r3,r0,0
1125	tlbwe	r25,r0,1
1126	tlbwe	r5,r0,2
1127
1128/*
1129 * Configure SSPCR, ISPCR and USPCR for now to search everything, we can fix
1130 * them up later
1131 */
1132	LOAD_REG_IMMEDIATE(r3, 0x9abcdef0)
1133	mtspr	SPRN_SSPCR,r3
1134	mtspr	SPRN_USPCR,r3
1135	LOAD_REG_IMMEDIATE(r3, 0x12345670)
1136	mtspr	SPRN_ISPCR,r3
1137
1138	/* Force context change */
1139	mfmsr	r0
1140	mtspr	SPRN_SRR1, r0
1141	lis	r0,3f@h
1142	ori	r0,r0,3f@l
1143	mtspr	SPRN_SRR0,r0
1144	sync
1145	rfi
1146
1147	/* Invalidate original entry we used */
11483:
1149	rlwinm	r24,r24,0,21,19 /* clear the "valid" bit */
1150	tlbwe	r24,r23,0
1151	addi	r24,0,0
1152	tlbwe	r24,r23,1
1153	tlbwe	r24,r23,2
1154	isync                   /* Clear out the shadow TLB entries */
1155
1156#ifdef CONFIG_PPC_EARLY_DEBUG_44x
1157	/* Add UART mapping for early debug. */
1158
1159	/* Word 0 */
1160	lis	r3,PPC44x_EARLY_DEBUG_VIRTADDR@h
1161	ori	r3,r3,PPC47x_TLB0_VALID | PPC47x_TLB0_TS | PPC47x_TLB0_1M
1162
1163	/* Word 1 */
1164	lis	r4,CONFIG_PPC_EARLY_DEBUG_44x_PHYSLOW@h
1165	ori	r4,r4,CONFIG_PPC_EARLY_DEBUG_44x_PHYSHIGH
1166
1167	/* Word 2 */
1168	li	r5,(PPC47x_TLB2_S_RW | PPC47x_TLB2_IMG)
1169
1170	/* Bolted in way 0, bolt slot 5, we -hope- we don't hit the same
1171	 * congruence class as the kernel, we need to make sure of it at
1172	 * some point
1173	 */
1174        lis	r0,0x8d00
1175	tlbwe	r3,r0,0
1176	tlbwe	r4,r0,1
1177	tlbwe	r5,r0,2
1178
1179	/* Force context change */
1180	isync
1181#endif /* CONFIG_PPC_EARLY_DEBUG_44x */
1182
1183	/* Establish the interrupt vector offsets */
1184	SET_IVOR(0,  CriticalInput);
1185	SET_IVOR(1,  MachineCheckA);
1186	SET_IVOR(2,  DataStorage);
1187	SET_IVOR(3,  InstructionStorage);
1188	SET_IVOR(4,  ExternalInput);
1189	SET_IVOR(5,  Alignment);
1190	SET_IVOR(6,  Program);
1191	SET_IVOR(7,  FloatingPointUnavailable);
1192	SET_IVOR(8,  SystemCall);
1193	SET_IVOR(9,  AuxillaryProcessorUnavailable);
1194	SET_IVOR(10, Decrementer);
1195	SET_IVOR(11, FixedIntervalTimer);
1196	SET_IVOR(12, WatchdogTimer);
1197	SET_IVOR(13, DataTLBError47x);
1198	SET_IVOR(14, InstructionTLBError47x);
1199	SET_IVOR(15, DebugCrit);
1200
1201	/* We configure icbi to invalidate 128 bytes at a time since the
1202	 * current 32-bit kernel code isn't too happy with icache != dcache
1203	 * block size. We also disable the BTAC as this can cause errors
1204	 * in some circumstances (see IBM Erratum 47).
1205	 */
1206	mfspr	r3,SPRN_CCR0
1207	oris	r3,r3,0x0020
1208	ori	r3,r3,0x0040
1209	mtspr	SPRN_CCR0,r3
1210	isync
1211
1212#endif /* CONFIG_PPC_47x */
1213
1214/*
1215 * Here we are back to code that is common between 44x and 47x
1216 *
1217 * We proceed to further kernel initialization and return to the
1218 * main kernel entry
1219 */
1220head_start_common:
1221	/* Establish the interrupt vector base */
1222	lis	r4,interrupt_base@h	/* IVPR only uses the high 16-bits */
1223	mtspr	SPRN_IVPR,r4
1224
1225	/*
1226	 * If the kernel was loaded at a non-zero 256 MB page, we need to
1227	 * mask off the most significant 4 bits to get the relative address
1228	 * from the start of physical memory
1229	 */
1230	rlwinm	r22,r22,0,4,31
1231	addis	r22,r22,PAGE_OFFSET@h
1232	mtlr	r22
1233	isync
1234	blr
1235
1236#ifdef CONFIG_SMP
1237	.data
1238	.align	12
1239temp_boot_stack:
1240	.space	1024
1241#endif /* CONFIG_SMP */
1242