xref: /openbmc/linux/arch/powerpc/kernel/head_85xx.S (revision a266ef69b890f099069cf51bb40572611c435a54)
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 * Kernel execution entry point code.
4 *
5 *    Copyright (c) 1995-1996 Gary Thomas <gdt@linuxppc.org>
6 *	Initial PowerPC version.
7 *    Copyright (c) 1996 Cort Dougan <cort@cs.nmt.edu>
8 *	Rewritten for PReP
9 *    Copyright (c) 1996 Paul Mackerras <paulus@cs.anu.edu.au>
10 *	Low-level exception handers, MMU support, and rewrite.
11 *    Copyright (c) 1997 Dan Malek <dmalek@jlc.net>
12 *	PowerPC 8xx modifications.
13 *    Copyright (c) 1998-1999 TiVo, Inc.
14 *	PowerPC 403GCX modifications.
15 *    Copyright (c) 1999 Grant Erickson <grant@lcse.umn.edu>
16 *	PowerPC 403GCX/405GP modifications.
17 *    Copyright 2000 MontaVista Software Inc.
18 *	PPC405 modifications
19 *	PowerPC 403GCX/405GP modifications.
20 *	Author: MontaVista Software, Inc.
21 *		frank_rowand@mvista.com or source@mvista.com
22 *		debbie_chu@mvista.com
23 *    Copyright 2002-2004 MontaVista Software, Inc.
24 *	PowerPC 44x support, Matt Porter <mporter@kernel.crashing.org>
25 *    Copyright 2004 Freescale Semiconductor, Inc
26 *	PowerPC e500 modifications, Kumar Gala <galak@kernel.crashing.org>
27 */
28
29#include <linux/init.h>
30#include <linux/threads.h>
31#include <linux/pgtable.h>
32#include <linux/linkage.h>
33
34#include <asm/processor.h>
35#include <asm/page.h>
36#include <asm/mmu.h>
37#include <asm/cputable.h>
38#include <asm/thread_info.h>
39#include <asm/ppc_asm.h>
40#include <asm/asm-offsets.h>
41#include <asm/cache.h>
42#include <asm/ptrace.h>
43#include <asm/export.h>
44#include <asm/feature-fixups.h>
45#include "head_booke.h"
46
47/* As with the other PowerPC ports, it is expected that when code
48 * execution begins here, the following registers contain valid, yet
49 * optional, information:
50 *
51 *   r3 - Board info structure pointer (DRAM, frequency, MAC address, etc.)
52 *   r4 - Starting address of the init RAM disk
53 *   r5 - Ending address of the init RAM disk
54 *   r6 - Start of kernel command line string (e.g. "mem=128")
55 *   r7 - End of kernel command line string
56 *
57 */
58	__HEAD
59_GLOBAL(_stext);
60_GLOBAL(_start);
61	/*
62	 * Reserve a word at a fixed location to store the address
63	 * of abatron_pteptrs
64	 */
65	nop
66
67	/* Translate device tree address to physical, save in r30/r31 */
68	bl	get_phys_addr
69	mr	r30,r3
70	mr	r31,r4
71
72	li	r25,0			/* phys kernel start (low) */
73	li	r24,0			/* CPU number */
74	li	r23,0			/* phys kernel start (high) */
75
76#ifdef CONFIG_RELOCATABLE
77	LOAD_REG_ADDR_PIC(r3, _stext)	/* Get our current runtime base */
78
79	/* Translate _stext address to physical, save in r23/r25 */
80	bl	get_phys_addr
81	mr	r23,r3
82	mr	r25,r4
83
84	bcl	20,31,$+4
850:	mflr	r8
86	addis	r3,r8,(is_second_reloc - 0b)@ha
87	lwz	r19,(is_second_reloc - 0b)@l(r3)
88
89	/* Check if this is the second relocation. */
90	cmpwi	r19,1
91	bne	1f
92
93	/*
94	 * For the second relocation, we already get the real memstart_addr
95	 * from device tree. So we will map PAGE_OFFSET to memstart_addr,
96	 * then the virtual address of start kernel should be:
97	 *          PAGE_OFFSET + (kernstart_addr - memstart_addr)
98	 * Since the offset between kernstart_addr and memstart_addr should
99	 * never be beyond 1G, so we can just use the lower 32bit of them
100	 * for the calculation.
101	 */
102	lis	r3,PAGE_OFFSET@h
103
104	addis	r4,r8,(kernstart_addr - 0b)@ha
105	addi	r4,r4,(kernstart_addr - 0b)@l
106	lwz	r5,4(r4)
107
108	addis	r6,r8,(memstart_addr - 0b)@ha
109	addi	r6,r6,(memstart_addr - 0b)@l
110	lwz	r7,4(r6)
111
112	subf	r5,r7,r5
113	add	r3,r3,r5
114	b	2f
115
1161:
117	/*
118	 * We have the runtime (virtual) address of our base.
119	 * We calculate our shift of offset from a 64M page.
120	 * We could map the 64M page we belong to at PAGE_OFFSET and
121	 * get going from there.
122	 */
123	lis	r4,KERNELBASE@h
124	ori	r4,r4,KERNELBASE@l
125	rlwinm	r6,r25,0,0x3ffffff		/* r6 = PHYS_START % 64M */
126	rlwinm	r5,r4,0,0x3ffffff		/* r5 = KERNELBASE % 64M */
127	subf	r3,r5,r6			/* r3 = r6 - r5 */
128	add	r3,r4,r3			/* Required Virtual Address */
129
1302:	bl	relocate
131
132	/*
133	 * For the second relocation, we already set the right tlb entries
134	 * for the kernel space, so skip the code in 85xx_entry_mapping.S
135	*/
136	cmpwi	r19,1
137	beq	set_ivor
138#endif
139
140/* We try to not make any assumptions about how the boot loader
141 * setup or used the TLBs.  We invalidate all mappings from the
142 * boot loader and load a single entry in TLB1[0] to map the
143 * first 64M of kernel memory.  Any boot info passed from the
144 * bootloader needs to live in this first 64M.
145 *
146 * Requirement on bootloader:
147 *  - The page we're executing in needs to reside in TLB1 and
148 *    have IPROT=1.  If not an invalidate broadcast could
149 *    evict the entry we're currently executing in.
150 *
151 *  r3 = Index of TLB1 were executing in
152 *  r4 = Current MSR[IS]
153 *  r5 = Index of TLB1 temp mapping
154 *
155 * Later in mapin_ram we will correctly map lowmem, and resize TLB1[0]
156 * if needed
157 */
158
159_GLOBAL(__early_start)
160	LOAD_REG_ADDR_PIC(r20, kernstart_virt_addr)
161	lwz     r20,0(r20)
162
163#define ENTRY_MAPPING_BOOT_SETUP
164#include "85xx_entry_mapping.S"
165#undef ENTRY_MAPPING_BOOT_SETUP
166
167set_ivor:
168	/* Establish the interrupt vector offsets */
169	SET_IVOR(0,  CriticalInput);
170	SET_IVOR(1,  MachineCheck);
171	SET_IVOR(2,  DataStorage);
172	SET_IVOR(3,  InstructionStorage);
173	SET_IVOR(4,  ExternalInput);
174	SET_IVOR(5,  Alignment);
175	SET_IVOR(6,  Program);
176	SET_IVOR(7,  FloatingPointUnavailable);
177	SET_IVOR(8,  SystemCall);
178	SET_IVOR(9,  AuxillaryProcessorUnavailable);
179	SET_IVOR(10, Decrementer);
180	SET_IVOR(11, FixedIntervalTimer);
181	SET_IVOR(12, WatchdogTimer);
182	SET_IVOR(13, DataTLBError);
183	SET_IVOR(14, InstructionTLBError);
184	SET_IVOR(15, DebugCrit);
185
186	/* Establish the interrupt vector base */
187	lis	r4,interrupt_base@h	/* IVPR only uses the high 16-bits */
188	mtspr	SPRN_IVPR,r4
189
190	/* Setup the defaults for TLB entries */
191	li	r2,(MAS4_TSIZED(BOOK3E_PAGESZ_4K))@l
192	mtspr	SPRN_MAS4, r2
193
194#if !defined(CONFIG_BDI_SWITCH)
195	/*
196	 * The Abatron BDI JTAG debugger does not tolerate others
197	 * mucking with the debug registers.
198	 */
199	lis	r2,DBCR0_IDM@h
200	mtspr	SPRN_DBCR0,r2
201	isync
202	/* clear any residual debug events */
203	li	r2,-1
204	mtspr	SPRN_DBSR,r2
205#endif
206
207#ifdef CONFIG_SMP
208	/* Check to see if we're the second processor, and jump
209	 * to the secondary_start code if so
210	 */
211	LOAD_REG_ADDR_PIC(r24, boot_cpuid)
212	lwz	r24, 0(r24)
213	cmpwi	r24, -1
214	mfspr   r24,SPRN_PIR
215	bne	__secondary_start
216#endif
217
218	/*
219	 * This is where the main kernel code starts.
220	 */
221
222	/* ptr to current */
223	lis	r2,init_task@h
224	ori	r2,r2,init_task@l
225
226	/* ptr to current thread */
227	addi	r4,r2,THREAD	/* init task's THREAD */
228	mtspr	SPRN_SPRG_THREAD,r4
229
230	/* stack */
231	lis	r1,init_thread_union@h
232	ori	r1,r1,init_thread_union@l
233	li	r0,0
234	stwu	r0,THREAD_SIZE-STACK_FRAME_MIN_SIZE(r1)
235
236#ifdef CONFIG_SMP
237	stw	r24, TASK_CPU(r2)
238#endif
239
240	bl	early_init
241
242#ifdef CONFIG_KASAN
243	bl	kasan_early_init
244#endif
245#ifdef CONFIG_RELOCATABLE
246	mr	r3,r30
247	mr	r4,r31
248#ifdef CONFIG_PHYS_64BIT
249	mr	r5,r23
250	mr	r6,r25
251#else
252	mr	r5,r25
253#endif
254	bl	relocate_init
255#endif
256
257#ifdef CONFIG_DYNAMIC_MEMSTART
258	lis	r3,kernstart_addr@ha
259	la	r3,kernstart_addr@l(r3)
260#ifdef CONFIG_PHYS_64BIT
261	stw	r23,0(r3)
262	stw	r25,4(r3)
263#else
264	stw	r25,0(r3)
265#endif
266#endif
267
268/*
269 * Decide what sort of machine this is and initialize the MMU.
270 */
271	mr	r3,r30
272	mr	r4,r31
273	bl	machine_init
274	bl	MMU_init
275
276	/* Setup PTE pointers for the Abatron bdiGDB */
277	lis	r6, swapper_pg_dir@h
278	ori	r6, r6, swapper_pg_dir@l
279	lis	r5, abatron_pteptrs@h
280	ori	r5, r5, abatron_pteptrs@l
281	lis     r3, kernstart_virt_addr@ha
282	lwz     r4, kernstart_virt_addr@l(r3)
283	stw	r5, 0(r4)	/* Save abatron_pteptrs at a fixed location */
284	stw	r6, 0(r5)
285
286	/* Let's move on */
287	lis	r4,start_kernel@h
288	ori	r4,r4,start_kernel@l
289	lis	r3,MSR_KERNEL@h
290	ori	r3,r3,MSR_KERNEL@l
291	mtspr	SPRN_SRR0,r4
292	mtspr	SPRN_SRR1,r3
293	rfi			/* change context and jump to start_kernel */
294
295/* Macros to hide the PTE size differences
296 *
297 * FIND_PTE -- walks the page tables given EA & pgdir pointer
298 *   r10 -- EA of fault
299 *   r11 -- PGDIR pointer
300 *   r12 -- free
301 *   label 2: is the bailout case
302 *
303 * if we find the pte (fall through):
304 *   r11 is low pte word
305 *   r12 is pointer to the pte
306 *   r10 is the pshift from the PGD, if we're a hugepage
307 */
308#ifdef CONFIG_PTE_64BIT
309#ifdef CONFIG_HUGETLB_PAGE
310#define FIND_PTE	\
311	rlwinm	r12, r10, 13, 19, 29;	/* Compute pgdir/pmd offset */	\
312	lwzx	r11, r12, r11;		/* Get pgd/pmd entry */		\
313	rlwinm.	r12, r11, 0, 0, 20;	/* Extract pt base address */	\
314	blt	1000f;			/* Normal non-huge page */	\
315	beq	2f;			/* Bail if no table */		\
316	oris	r11, r11, PD_HUGE@h;	/* Put back address bit */	\
317	andi.	r10, r11, HUGEPD_SHIFT_MASK@l; /* extract size field */	\
318	xor	r12, r10, r11;		/* drop size bits from pointer */ \
319	b	1001f;							\
3201000:	rlwimi	r12, r10, 23, 20, 28;	/* Compute pte address */	\
321	li	r10, 0;			/* clear r10 */			\
3221001:	lwz	r11, 4(r12);		/* Get pte entry */
323#else
324#define FIND_PTE	\
325	rlwinm	r12, r10, 13, 19, 29;	/* Compute pgdir/pmd offset */	\
326	lwzx	r11, r12, r11;		/* Get pgd/pmd entry */		\
327	rlwinm.	r12, r11, 0, 0, 20;	/* Extract pt base address */	\
328	beq	2f;			/* Bail if no table */		\
329	rlwimi	r12, r10, 23, 20, 28;	/* Compute pte address */	\
330	lwz	r11, 4(r12);		/* Get pte entry */
331#endif /* HUGEPAGE */
332#else /* !PTE_64BIT */
333#define FIND_PTE	\
334	rlwimi	r11, r10, 12, 20, 29;	/* Create L1 (pgdir/pmd) address */	\
335	lwz	r11, 0(r11);		/* Get L1 entry */			\
336	rlwinm.	r12, r11, 0, 0, 19;	/* Extract L2 (pte) base address */	\
337	beq	2f;			/* Bail if no table */			\
338	rlwimi	r12, r10, 22, 20, 29;	/* Compute PTE address */		\
339	lwz	r11, 0(r12);		/* Get Linux PTE */
340#endif
341
342/*
343 * Interrupt vector entry code
344 *
345 * The Book E MMUs are always on so we don't need to handle
346 * interrupts in real mode as with previous PPC processors. In
347 * this case we handle interrupts in the kernel virtual address
348 * space.
349 *
350 * Interrupt vectors are dynamically placed relative to the
351 * interrupt prefix as determined by the address of interrupt_base.
352 * The interrupt vectors offsets are programmed using the labels
353 * for each interrupt vector entry.
354 *
355 * Interrupt vectors must be aligned on a 16 byte boundary.
356 * We align on a 32 byte cache line boundary for good measure.
357 */
358
359interrupt_base:
360	/* Critical Input Interrupt */
361	CRITICAL_EXCEPTION(0x0100, CRITICAL, CriticalInput, unknown_exception)
362
363	/* Machine Check Interrupt */
364	MCHECK_EXCEPTION(0x0200, MachineCheck, machine_check_exception)
365
366	/* Data Storage Interrupt */
367	START_EXCEPTION(DataStorage)
368	NORMAL_EXCEPTION_PROLOG(0x300, DATA_STORAGE)
369	mfspr	r5,SPRN_ESR		/* Grab the ESR, save it */
370	stw	r5,_ESR(r11)
371	mfspr	r4,SPRN_DEAR		/* Grab the DEAR, save it */
372	stw	r4, _DEAR(r11)
373	andis.	r10,r5,(ESR_ILK|ESR_DLK)@h
374	bne	1f
375	prepare_transfer_to_handler
376	bl	do_page_fault
377	b	interrupt_return
3781:
379	prepare_transfer_to_handler
380	bl	CacheLockingException
381	b	interrupt_return
382
383	/* Instruction Storage Interrupt */
384	INSTRUCTION_STORAGE_EXCEPTION
385
386	/* External Input Interrupt */
387	EXCEPTION(0x0500, EXTERNAL, ExternalInput, do_IRQ)
388
389	/* Alignment Interrupt */
390	ALIGNMENT_EXCEPTION
391
392	/* Program Interrupt */
393	PROGRAM_EXCEPTION
394
395	/* Floating Point Unavailable Interrupt */
396#ifdef CONFIG_PPC_FPU
397	FP_UNAVAILABLE_EXCEPTION
398#else
399	EXCEPTION(0x0800, FP_UNAVAIL, FloatingPointUnavailable, unknown_exception)
400#endif
401
402	/* System Call Interrupt */
403	START_EXCEPTION(SystemCall)
404	SYSCALL_ENTRY   0xc00 BOOKE_INTERRUPT_SYSCALL SPRN_SRR1
405
406	/* Auxiliary Processor Unavailable Interrupt */
407	EXCEPTION(0x2900, AP_UNAVAIL, AuxillaryProcessorUnavailable, unknown_exception)
408
409	/* Decrementer Interrupt */
410	DECREMENTER_EXCEPTION
411
412	/* Fixed Internal Timer Interrupt */
413	/* TODO: Add FIT support */
414	EXCEPTION(0x3100, FIT, FixedIntervalTimer, unknown_exception)
415
416	/* Watchdog Timer Interrupt */
417#ifdef CONFIG_BOOKE_WDT
418	CRITICAL_EXCEPTION(0x3200, WATCHDOG, WatchdogTimer, WatchdogException)
419#else
420	CRITICAL_EXCEPTION(0x3200, WATCHDOG, WatchdogTimer, unknown_exception)
421#endif
422
423	/* Data TLB Error Interrupt */
424	START_EXCEPTION(DataTLBError)
425	mtspr	SPRN_SPRG_WSCRATCH0, r10 /* Save some working registers */
426	mfspr	r10, SPRN_SPRG_THREAD
427	stw	r11, THREAD_NORMSAVE(0)(r10)
428#ifdef CONFIG_KVM_BOOKE_HV
429BEGIN_FTR_SECTION
430	mfspr	r11, SPRN_SRR1
431END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
432#endif
433	stw	r12, THREAD_NORMSAVE(1)(r10)
434	stw	r13, THREAD_NORMSAVE(2)(r10)
435	mfcr	r13
436	stw	r13, THREAD_NORMSAVE(3)(r10)
437	DO_KVM	BOOKE_INTERRUPT_DTLB_MISS SPRN_SRR1
438START_BTB_FLUSH_SECTION
439	mfspr r11, SPRN_SRR1
440	andi. r10,r11,MSR_PR
441	beq 1f
442	BTB_FLUSH(r10)
4431:
444END_BTB_FLUSH_SECTION
445	mfspr	r10, SPRN_DEAR		/* Get faulting address */
446
447	/* If we are faulting a kernel address, we have to use the
448	 * kernel page tables.
449	 */
450	lis	r11, PAGE_OFFSET@h
451	cmplw	5, r10, r11
452	blt	5, 3f
453	lis	r11, swapper_pg_dir@h
454	ori	r11, r11, swapper_pg_dir@l
455
456	mfspr	r12,SPRN_MAS1		/* Set TID to 0 */
457	rlwinm	r12,r12,0,16,1
458	mtspr	SPRN_MAS1,r12
459
460	b	4f
461
462	/* Get the PGD for the current thread */
4633:
464	mfspr	r11,SPRN_SPRG_THREAD
465	lwz	r11,PGDIR(r11)
466
467#ifdef CONFIG_PPC_KUAP
468	mfspr	r12, SPRN_MAS1
469	rlwinm.	r12,r12,0,0x3fff0000
470	beq	2f			/* KUAP fault */
471#endif
472
4734:
474	/* Mask of required permission bits. Note that while we
475	 * do copy ESR:ST to _PAGE_RW position as trying to write
476	 * to an RO page is pretty common, we don't do it with
477	 * _PAGE_DIRTY. We could do it, but it's a fairly rare
478	 * event so I'd rather take the overhead when it happens
479	 * rather than adding an instruction here. We should measure
480	 * whether the whole thing is worth it in the first place
481	 * as we could avoid loading SPRN_ESR completely in the first
482	 * place...
483	 *
484	 * TODO: Is it worth doing that mfspr & rlwimi in the first
485	 *       place or can we save a couple of instructions here ?
486	 */
487	mfspr	r12,SPRN_ESR
488#ifdef CONFIG_PTE_64BIT
489	li	r13,_PAGE_PRESENT
490	oris	r13,r13,_PAGE_ACCESSED@h
491#else
492	li	r13,_PAGE_PRESENT|_PAGE_ACCESSED
493#endif
494	rlwimi	r13,r12,11,29,29
495
496	FIND_PTE
497	andc.	r13,r13,r11		/* Check permission */
498
499#ifdef CONFIG_PTE_64BIT
500#ifdef CONFIG_SMP
501	subf	r13,r11,r12		/* create false data dep */
502	lwzx	r13,r11,r13		/* Get upper pte bits */
503#else
504	lwz	r13,0(r12)		/* Get upper pte bits */
505#endif
506#endif
507
508	bne	2f			/* Bail if permission/valid mismatch */
509
510	/* Jump to common tlb load */
511	b	finish_tlb_load
5122:
513	/* The bailout.  Restore registers to pre-exception conditions
514	 * and call the heavyweights to help us out.
515	 */
516	mfspr	r10, SPRN_SPRG_THREAD
517	lwz	r11, THREAD_NORMSAVE(3)(r10)
518	mtcr	r11
519	lwz	r13, THREAD_NORMSAVE(2)(r10)
520	lwz	r12, THREAD_NORMSAVE(1)(r10)
521	lwz	r11, THREAD_NORMSAVE(0)(r10)
522	mfspr	r10, SPRN_SPRG_RSCRATCH0
523	b	DataStorage
524
525	/* Instruction TLB Error Interrupt */
526	/*
527	 * Nearly the same as above, except we get our
528	 * information from different registers and bailout
529	 * to a different point.
530	 */
531	START_EXCEPTION(InstructionTLBError)
532	mtspr	SPRN_SPRG_WSCRATCH0, r10 /* Save some working registers */
533	mfspr	r10, SPRN_SPRG_THREAD
534	stw	r11, THREAD_NORMSAVE(0)(r10)
535#ifdef CONFIG_KVM_BOOKE_HV
536BEGIN_FTR_SECTION
537	mfspr	r11, SPRN_SRR1
538END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
539#endif
540	stw	r12, THREAD_NORMSAVE(1)(r10)
541	stw	r13, THREAD_NORMSAVE(2)(r10)
542	mfcr	r13
543	stw	r13, THREAD_NORMSAVE(3)(r10)
544	DO_KVM	BOOKE_INTERRUPT_ITLB_MISS SPRN_SRR1
545START_BTB_FLUSH_SECTION
546	mfspr r11, SPRN_SRR1
547	andi. r10,r11,MSR_PR
548	beq 1f
549	BTB_FLUSH(r10)
5501:
551END_BTB_FLUSH_SECTION
552
553	mfspr	r10, SPRN_SRR0		/* Get faulting address */
554
555	/* If we are faulting a kernel address, we have to use the
556	 * kernel page tables.
557	 */
558	lis	r11, PAGE_OFFSET@h
559	cmplw	5, r10, r11
560	blt	5, 3f
561	lis	r11, swapper_pg_dir@h
562	ori	r11, r11, swapper_pg_dir@l
563
564	mfspr	r12,SPRN_MAS1		/* Set TID to 0 */
565	rlwinm	r12,r12,0,16,1
566	mtspr	SPRN_MAS1,r12
567
568	/* Make up the required permissions for kernel code */
569#ifdef CONFIG_PTE_64BIT
570	li	r13,_PAGE_PRESENT | _PAGE_BAP_SX
571	oris	r13,r13,_PAGE_ACCESSED@h
572#else
573	li	r13,_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_EXEC
574#endif
575	b	4f
576
577	/* Get the PGD for the current thread */
5783:
579	mfspr	r11,SPRN_SPRG_THREAD
580	lwz	r11,PGDIR(r11)
581
582#ifdef CONFIG_PPC_KUAP
583	mfspr	r12, SPRN_MAS1
584	rlwinm.	r12,r12,0,0x3fff0000
585	beq	2f			/* KUAP fault */
586#endif
587
588	/* Make up the required permissions for user code */
589#ifdef CONFIG_PTE_64BIT
590	li	r13,_PAGE_PRESENT | _PAGE_BAP_UX
591	oris	r13,r13,_PAGE_ACCESSED@h
592#else
593	li	r13,_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_EXEC
594#endif
595
5964:
597	FIND_PTE
598	andc.	r13,r13,r11		/* Check permission */
599
600#ifdef CONFIG_PTE_64BIT
601#ifdef CONFIG_SMP
602	subf	r13,r11,r12		/* create false data dep */
603	lwzx	r13,r11,r13		/* Get upper pte bits */
604#else
605	lwz	r13,0(r12)		/* Get upper pte bits */
606#endif
607#endif
608
609	bne	2f			/* Bail if permission mismatch */
610
611	/* Jump to common TLB load point */
612	b	finish_tlb_load
613
6142:
615	/* The bailout.  Restore registers to pre-exception conditions
616	 * and call the heavyweights to help us out.
617	 */
618	mfspr	r10, SPRN_SPRG_THREAD
619	lwz	r11, THREAD_NORMSAVE(3)(r10)
620	mtcr	r11
621	lwz	r13, THREAD_NORMSAVE(2)(r10)
622	lwz	r12, THREAD_NORMSAVE(1)(r10)
623	lwz	r11, THREAD_NORMSAVE(0)(r10)
624	mfspr	r10, SPRN_SPRG_RSCRATCH0
625	b	InstructionStorage
626
627/* Define SPE handlers for e500v2 */
628#ifdef CONFIG_SPE
629	/* SPE Unavailable */
630	START_EXCEPTION(SPEUnavailable)
631	NORMAL_EXCEPTION_PROLOG(0x2010, SPE_UNAVAIL)
632	beq	1f
633	bl	load_up_spe
634	b	fast_exception_return
6351:	prepare_transfer_to_handler
636	bl	KernelSPE
637	b	interrupt_return
638#elif defined(CONFIG_SPE_POSSIBLE)
639	EXCEPTION(0x2020, SPE_UNAVAIL, SPEUnavailable, unknown_exception)
640#endif /* CONFIG_SPE_POSSIBLE */
641
642	/* SPE Floating Point Data */
643#ifdef CONFIG_SPE
644	START_EXCEPTION(SPEFloatingPointData)
645	NORMAL_EXCEPTION_PROLOG(0x2030, SPE_FP_DATA)
646	prepare_transfer_to_handler
647	bl	SPEFloatingPointException
648	REST_NVGPRS(r1)
649	b	interrupt_return
650
651	/* SPE Floating Point Round */
652	START_EXCEPTION(SPEFloatingPointRound)
653	NORMAL_EXCEPTION_PROLOG(0x2050, SPE_FP_ROUND)
654	prepare_transfer_to_handler
655	bl	SPEFloatingPointRoundException
656	REST_NVGPRS(r1)
657	b	interrupt_return
658#elif defined(CONFIG_SPE_POSSIBLE)
659	EXCEPTION(0x2040, SPE_FP_DATA, SPEFloatingPointData, unknown_exception)
660	EXCEPTION(0x2050, SPE_FP_ROUND, SPEFloatingPointRound, unknown_exception)
661#endif /* CONFIG_SPE_POSSIBLE */
662
663
664	/* Performance Monitor */
665	EXCEPTION(0x2060, PERFORMANCE_MONITOR, PerformanceMonitor, \
666		  performance_monitor_exception)
667
668	EXCEPTION(0x2070, DOORBELL, Doorbell, doorbell_exception)
669
670	CRITICAL_EXCEPTION(0x2080, DOORBELL_CRITICAL, \
671			   CriticalDoorbell, unknown_exception)
672
673	/* Debug Interrupt */
674	DEBUG_DEBUG_EXCEPTION
675	DEBUG_CRIT_EXCEPTION
676
677	GUEST_DOORBELL_EXCEPTION
678
679	CRITICAL_EXCEPTION(0, GUEST_DBELL_CRIT, CriticalGuestDoorbell, \
680			   unknown_exception)
681
682	/* Hypercall */
683	EXCEPTION(0, HV_SYSCALL, Hypercall, unknown_exception)
684
685	/* Embedded Hypervisor Privilege */
686	EXCEPTION(0, HV_PRIV, Ehvpriv, unknown_exception)
687
688interrupt_end:
689
690/*
691 * Local functions
692 */
693
694/*
695 * Both the instruction and data TLB miss get to this
696 * point to load the TLB.
697 *	r10 - tsize encoding (if HUGETLB_PAGE) or available to use
698 *	r11 - TLB (info from Linux PTE)
699 *	r12 - available to use
700 *	r13 - upper bits of PTE (if PTE_64BIT) or available to use
701 *	CR5 - results of addr >= PAGE_OFFSET
702 *	MAS0, MAS1 - loaded with proper value when we get here
703 *	MAS2, MAS3 - will need additional info from Linux PTE
704 *	Upon exit, we reload everything and RFI.
705 */
706finish_tlb_load:
707#ifdef CONFIG_HUGETLB_PAGE
708	cmpwi	6, r10, 0			/* check for huge page */
709	beq	6, finish_tlb_load_cont    	/* !huge */
710
711	/* Alas, we need more scratch registers for hugepages */
712	mfspr	r12, SPRN_SPRG_THREAD
713	stw	r14, THREAD_NORMSAVE(4)(r12)
714	stw	r15, THREAD_NORMSAVE(5)(r12)
715	stw	r16, THREAD_NORMSAVE(6)(r12)
716	stw	r17, THREAD_NORMSAVE(7)(r12)
717
718	/* Get the next_tlbcam_idx percpu var */
719#ifdef CONFIG_SMP
720	lwz	r15, TASK_CPU-THREAD(r12)
721	lis     r14, __per_cpu_offset@h
722	ori     r14, r14, __per_cpu_offset@l
723	rlwinm  r15, r15, 2, 0, 29
724	lwzx    r16, r14, r15
725#else
726	li	r16, 0
727#endif
728	lis     r17, next_tlbcam_idx@h
729	ori	r17, r17, next_tlbcam_idx@l
730	add	r17, r17, r16			/* r17 = *next_tlbcam_idx */
731	lwz     r15, 0(r17)			/* r15 = next_tlbcam_idx */
732
733	lis	r14, MAS0_TLBSEL(1)@h		/* select TLB1 (TLBCAM) */
734	rlwimi	r14, r15, 16, 4, 15		/* next_tlbcam_idx entry */
735	mtspr	SPRN_MAS0, r14
736
737	/* Extract TLB1CFG(NENTRY) */
738	mfspr	r16, SPRN_TLB1CFG
739	andi.	r16, r16, 0xfff
740
741	/* Update next_tlbcam_idx, wrapping when necessary */
742	addi	r15, r15, 1
743	cmpw	r15, r16
744	blt 	100f
745	lis	r14, tlbcam_index@h
746	ori	r14, r14, tlbcam_index@l
747	lwz	r15, 0(r14)
748100:	stw	r15, 0(r17)
749
750	/*
751	 * Calc MAS1_TSIZE from r10 (which has pshift encoded)
752	 * tlb_enc = (pshift - 10).
753	 */
754	subi	r15, r10, 10
755	mfspr	r16, SPRN_MAS1
756	rlwimi	r16, r15, 7, 20, 24
757	mtspr	SPRN_MAS1, r16
758
759	/* copy the pshift for use later */
760	mr	r14, r10
761
762	/* fall through */
763
764#endif /* CONFIG_HUGETLB_PAGE */
765
766	/*
767	 * We set execute, because we don't have the granularity to
768	 * properly set this at the page level (Linux problem).
769	 * Many of these bits are software only.  Bits we don't set
770	 * here we (properly should) assume have the appropriate value.
771	 */
772finish_tlb_load_cont:
773#ifdef CONFIG_PTE_64BIT
774	rlwinm	r12, r11, 32-2, 26, 31	/* Move in perm bits */
775	andi.	r10, r11, _PAGE_DIRTY
776	bne	1f
777	li	r10, MAS3_SW | MAS3_UW
778	andc	r12, r12, r10
7791:	rlwimi	r12, r13, 20, 0, 11	/* grab RPN[32:43] */
780	rlwimi	r12, r11, 20, 12, 19	/* grab RPN[44:51] */
7812:	mtspr	SPRN_MAS3, r12
782BEGIN_MMU_FTR_SECTION
783	srwi	r10, r13, 12		/* grab RPN[12:31] */
784	mtspr	SPRN_MAS7, r10
785END_MMU_FTR_SECTION_IFSET(MMU_FTR_BIG_PHYS)
786#else
787	li	r10, (_PAGE_EXEC | _PAGE_PRESENT)
788	mr	r13, r11
789	rlwimi	r10, r11, 31, 29, 29	/* extract _PAGE_DIRTY into SW */
790	and	r12, r11, r10
791	andi.	r10, r11, _PAGE_USER	/* Test for _PAGE_USER */
792	slwi	r10, r12, 1
793	or	r10, r10, r12
794	rlwinm	r10, r10, 0, ~_PAGE_EXEC	/* Clear SX on user pages */
795	iseleq	r12, r12, r10
796	rlwimi	r13, r12, 0, 20, 31	/* Get RPN from PTE, merge w/ perms */
797	mtspr	SPRN_MAS3, r13
798#endif
799
800	mfspr	r12, SPRN_MAS2
801#ifdef CONFIG_PTE_64BIT
802	rlwimi	r12, r11, 32-19, 27, 31	/* extract WIMGE from pte */
803#else
804	rlwimi	r12, r11, 26, 27, 31	/* extract WIMGE from pte */
805#endif
806#ifdef CONFIG_HUGETLB_PAGE
807	beq	6, 3f			/* don't mask if page isn't huge */
808	li	r13, 1
809	slw	r13, r13, r14
810	subi	r13, r13, 1
811	rlwinm	r13, r13, 0, 0, 19	/* bottom bits used for WIMGE/etc */
812	andc	r12, r12, r13		/* mask off ea bits within the page */
813#endif
8143:	mtspr	SPRN_MAS2, r12
815
816tlb_write_entry:
817	tlbwe
818
819	/* Done...restore registers and get out of here.  */
820	mfspr	r10, SPRN_SPRG_THREAD
821#ifdef CONFIG_HUGETLB_PAGE
822	beq	6, 8f /* skip restore for 4k page faults */
823	lwz	r14, THREAD_NORMSAVE(4)(r10)
824	lwz	r15, THREAD_NORMSAVE(5)(r10)
825	lwz	r16, THREAD_NORMSAVE(6)(r10)
826	lwz	r17, THREAD_NORMSAVE(7)(r10)
827#endif
8288:	lwz	r11, THREAD_NORMSAVE(3)(r10)
829	mtcr	r11
830	lwz	r13, THREAD_NORMSAVE(2)(r10)
831	lwz	r12, THREAD_NORMSAVE(1)(r10)
832	lwz	r11, THREAD_NORMSAVE(0)(r10)
833	mfspr	r10, SPRN_SPRG_RSCRATCH0
834	rfi					/* Force context change */
835
836#ifdef CONFIG_SPE
837/* Note that the SPE support is closely modeled after the AltiVec
838 * support.  Changes to one are likely to be applicable to the
839 * other!  */
840_GLOBAL(load_up_spe)
841/*
842 * Disable SPE for the task which had SPE previously,
843 * and save its SPE registers in its thread_struct.
844 * Enables SPE for use in the kernel on return.
845 * On SMP we know the SPE units are free, since we give it up every
846 * switch.  -- Kumar
847 */
848	mfmsr	r5
849	oris	r5,r5,MSR_SPE@h
850	mtmsr	r5			/* enable use of SPE now */
851	isync
852	/* enable use of SPE after return */
853	oris	r9,r9,MSR_SPE@h
854	mfspr	r5,SPRN_SPRG_THREAD	/* current task's THREAD (phys) */
855	li	r4,1
856	li	r10,THREAD_ACC
857	stw	r4,THREAD_USED_SPE(r5)
858	evlddx	evr4,r10,r5
859	evmra	evr4,evr4
860	REST_32EVRS(0,r10,r5,THREAD_EVR0)
861	blr
862
863/*
864 * SPE unavailable trap from kernel - print a message, but let
865 * the task use SPE in the kernel until it returns to user mode.
866 */
867KernelSPE:
868	lwz	r3,_MSR(r1)
869	oris	r3,r3,MSR_SPE@h
870	stw	r3,_MSR(r1)	/* enable use of SPE after return */
871#ifdef CONFIG_PRINTK
872	lis	r3,87f@h
873	ori	r3,r3,87f@l
874	mr	r4,r2		/* current */
875	lwz	r5,_NIP(r1)
876	bl	_printk
877#endif
878	b	interrupt_return
879#ifdef CONFIG_PRINTK
88087:	.string	"SPE used in kernel  (task=%p, pc=%x)  \n"
881#endif
882	.align	4,0
883
884#endif /* CONFIG_SPE */
885
886/*
887 * Translate the effec addr in r3 to phys addr. The phys addr will be put
888 * into r3(higher 32bit) and r4(lower 32bit)
889 */
890SYM_FUNC_START_LOCAL(get_phys_addr)
891	mfmsr	r8
892	mfspr	r9,SPRN_PID
893	rlwinm	r9,r9,16,0x3fff0000	/* turn PID into MAS6[SPID] */
894	rlwimi	r9,r8,28,0x00000001	/* turn MSR[DS] into MAS6[SAS] */
895	mtspr	SPRN_MAS6,r9
896
897	tlbsx	0,r3			/* must succeed */
898
899	mfspr	r8,SPRN_MAS1
900	mfspr	r12,SPRN_MAS3
901	rlwinm	r9,r8,25,0x1f		/* r9 = log2(page size) */
902	li	r10,1024
903	slw	r10,r10,r9		/* r10 = page size */
904	addi	r10,r10,-1
905	and	r11,r3,r10		/* r11 = page offset */
906	andc	r4,r12,r10		/* r4 = page base */
907	or	r4,r4,r11		/* r4 = devtree phys addr */
908#ifdef CONFIG_PHYS_64BIT
909	mfspr	r3,SPRN_MAS7
910#endif
911	blr
912SYM_FUNC_END(get_phys_addr)
913
914/*
915 * Global functions
916 */
917
918#ifdef CONFIG_PPC_E500
919#ifndef CONFIG_PPC_E500MC
920/* Adjust or setup IVORs for e500v1/v2 */
921_GLOBAL(__setup_e500_ivors)
922	li	r3,DebugCrit@l
923	mtspr	SPRN_IVOR15,r3
924	li	r3,SPEUnavailable@l
925	mtspr	SPRN_IVOR32,r3
926	li	r3,SPEFloatingPointData@l
927	mtspr	SPRN_IVOR33,r3
928	li	r3,SPEFloatingPointRound@l
929	mtspr	SPRN_IVOR34,r3
930	li	r3,PerformanceMonitor@l
931	mtspr	SPRN_IVOR35,r3
932	sync
933	blr
934#else
935/* Adjust or setup IVORs for e500mc */
936_GLOBAL(__setup_e500mc_ivors)
937	li	r3,DebugDebug@l
938	mtspr	SPRN_IVOR15,r3
939	li	r3,PerformanceMonitor@l
940	mtspr	SPRN_IVOR35,r3
941	li	r3,Doorbell@l
942	mtspr	SPRN_IVOR36,r3
943	li	r3,CriticalDoorbell@l
944	mtspr	SPRN_IVOR37,r3
945	sync
946	blr
947
948/* setup ehv ivors for */
949_GLOBAL(__setup_ehv_ivors)
950	li	r3,GuestDoorbell@l
951	mtspr	SPRN_IVOR38,r3
952	li	r3,CriticalGuestDoorbell@l
953	mtspr	SPRN_IVOR39,r3
954	li	r3,Hypercall@l
955	mtspr	SPRN_IVOR40,r3
956	li	r3,Ehvpriv@l
957	mtspr	SPRN_IVOR41,r3
958	sync
959	blr
960#endif /* CONFIG_PPC_E500MC */
961#endif /* CONFIG_PPC_E500 */
962
963#ifdef CONFIG_SPE
964/*
965 * extern void __giveup_spe(struct task_struct *prev)
966 *
967 */
968_GLOBAL(__giveup_spe)
969	addi	r3,r3,THREAD		/* want THREAD of task */
970	lwz	r5,PT_REGS(r3)
971	cmpi	0,r5,0
972	SAVE_32EVRS(0, r4, r3, THREAD_EVR0)
973	evxor	evr6, evr6, evr6	/* clear out evr6 */
974	evmwumiaa evr6, evr6, evr6	/* evr6 <- ACC = 0 * 0 + ACC */
975	li	r4,THREAD_ACC
976	evstddx	evr6, r4, r3		/* save off accumulator */
977	beq	1f
978	lwz	r4,_MSR-STACK_INT_FRAME_REGS(r5)
979	lis	r3,MSR_SPE@h
980	andc	r4,r4,r3		/* disable SPE for previous task */
981	stw	r4,_MSR-STACK_INT_FRAME_REGS(r5)
9821:
983	blr
984#endif /* CONFIG_SPE */
985
986/*
987 * extern void abort(void)
988 *
989 * At present, this routine just applies a system reset.
990 */
991_GLOBAL(abort)
992	li	r13,0
993	mtspr	SPRN_DBCR0,r13		/* disable all debug events */
994	isync
995	mfmsr	r13
996	ori	r13,r13,MSR_DE@l	/* Enable Debug Events */
997	mtmsr	r13
998	isync
999	mfspr	r13,SPRN_DBCR0
1000	lis	r13,(DBCR0_IDM|DBCR0_RST_CHIP)@h
1001	mtspr	SPRN_DBCR0,r13
1002	isync
1003
1004#ifdef CONFIG_SMP
1005/* When we get here, r24 needs to hold the CPU # */
1006	.globl __secondary_start
1007__secondary_start:
1008	LOAD_REG_ADDR_PIC(r3, tlbcam_index)
1009	lwz	r3,0(r3)
1010	mtctr	r3
1011	li	r26,0		/* r26 safe? */
1012
1013	bl	switch_to_as1
1014	mr	r27,r3		/* tlb entry */
1015	/* Load each CAM entry */
10161:	mr	r3,r26
1017	bl	loadcam_entry
1018	addi	r26,r26,1
1019	bdnz	1b
1020	mr	r3,r27		/* tlb entry */
1021	LOAD_REG_ADDR_PIC(r4, memstart_addr)
1022	lwz	r4,0(r4)
1023	mr	r5,r25		/* phys kernel start */
1024	rlwinm	r5,r5,0,~0x3ffffff	/* aligned 64M */
1025	subf	r4,r5,r4	/* memstart_addr - phys kernel start */
1026	lis	r7,KERNELBASE@h
1027	ori	r7,r7,KERNELBASE@l
1028	cmpw	r20,r7		/* if kernstart_virt_addr != KERNELBASE, randomized */
1029	beq	2f
1030	li	r4,0
10312:	li	r5,0		/* no device tree */
1032	li	r6,0		/* not boot cpu */
1033	bl	restore_to_as0
1034
1035
1036	lis	r3,__secondary_hold_acknowledge@h
1037	ori	r3,r3,__secondary_hold_acknowledge@l
1038	stw	r24,0(r3)
1039
1040	li	r3,0
1041	mr	r4,r24		/* Why? */
1042	bl	call_setup_cpu
1043
1044	/* get current's stack and current */
1045	lis	r2,secondary_current@ha
1046	lwz	r2,secondary_current@l(r2)
1047	lwz	r1,TASK_STACK(r2)
1048
1049	/* stack */
1050	addi	r1,r1,THREAD_SIZE-STACK_FRAME_MIN_SIZE
1051	li	r0,0
1052	stw	r0,0(r1)
1053
1054	/* ptr to current thread */
1055	addi	r4,r2,THREAD	/* address of our thread_struct */
1056	mtspr	SPRN_SPRG_THREAD,r4
1057
1058	/* Setup the defaults for TLB entries */
1059	li	r4,(MAS4_TSIZED(BOOK3E_PAGESZ_4K))@l
1060	mtspr	SPRN_MAS4,r4
1061
1062	/* Jump to start_secondary */
1063	lis	r4,MSR_KERNEL@h
1064	ori	r4,r4,MSR_KERNEL@l
1065	lis	r3,start_secondary@h
1066	ori	r3,r3,start_secondary@l
1067	mtspr	SPRN_SRR0,r3
1068	mtspr	SPRN_SRR1,r4
1069	sync
1070	rfi
1071	sync
1072
1073	.globl __secondary_hold_acknowledge
1074__secondary_hold_acknowledge:
1075	.long	-1
1076#endif
1077
1078/*
1079 * Create a 64M tlb by address and entry
1080 * r3 - entry
1081 * r4 - virtual address
1082 * r5/r6 - physical address
1083 */
1084_GLOBAL(create_kaslr_tlb_entry)
1085	lis     r7,0x1000               /* Set MAS0(TLBSEL) = 1 */
1086	rlwimi  r7,r3,16,4,15           /* Setup MAS0 = TLBSEL | ESEL(r6) */
1087	mtspr   SPRN_MAS0,r7            /* Write MAS0 */
1088
1089	lis     r3,(MAS1_VALID|MAS1_IPROT)@h
1090	ori     r3,r3,(MAS1_TSIZE(BOOK3E_PAGESZ_64M))@l
1091	mtspr   SPRN_MAS1,r3            /* Write MAS1 */
1092
1093	lis     r3,MAS2_EPN_MASK(BOOK3E_PAGESZ_64M)@h
1094	ori     r3,r3,MAS2_EPN_MASK(BOOK3E_PAGESZ_64M)@l
1095	and     r3,r3,r4
1096	ori	r3,r3,MAS2_M_IF_NEEDED@l
1097	mtspr   SPRN_MAS2,r3            /* Write MAS2(EPN) */
1098
1099#ifdef CONFIG_PHYS_64BIT
1100	ori     r8,r6,(MAS3_SW|MAS3_SR|MAS3_SX)
1101	mtspr   SPRN_MAS3,r8            /* Write MAS3(RPN) */
1102	mtspr	SPRN_MAS7,r5
1103#else
1104	ori     r8,r5,(MAS3_SW|MAS3_SR|MAS3_SX)
1105	mtspr   SPRN_MAS3,r8            /* Write MAS3(RPN) */
1106#endif
1107
1108	tlbwe                           /* Write TLB */
1109	isync
1110	sync
1111	blr
1112
1113/*
1114 * Return to the start of the relocated kernel and run again
1115 * r3 - virtual address of fdt
1116 * r4 - entry of the kernel
1117 */
1118_GLOBAL(reloc_kernel_entry)
1119	mfmsr	r7
1120	rlwinm	r7, r7, 0, ~(MSR_IS | MSR_DS)
1121
1122	mtspr	SPRN_SRR0,r4
1123	mtspr	SPRN_SRR1,r7
1124	rfi
1125
1126/*
1127 * Create a tlb entry with the same effective and physical address as
1128 * the tlb entry used by the current running code. But set the TS to 1.
1129 * Then switch to the address space 1. It will return with the r3 set to
1130 * the ESEL of the new created tlb.
1131 */
1132_GLOBAL(switch_to_as1)
1133	mflr	r5
1134
1135	/* Find a entry not used */
1136	mfspr	r3,SPRN_TLB1CFG
1137	andi.	r3,r3,0xfff
1138	mfspr	r4,SPRN_PID
1139	rlwinm	r4,r4,16,0x3fff0000	/* turn PID into MAS6[SPID] */
1140	mtspr	SPRN_MAS6,r4
11411:	lis	r4,0x1000		/* Set MAS0(TLBSEL) = 1 */
1142	addi	r3,r3,-1
1143	rlwimi	r4,r3,16,4,15		/* Setup MAS0 = TLBSEL | ESEL(r3) */
1144	mtspr	SPRN_MAS0,r4
1145	tlbre
1146	mfspr	r4,SPRN_MAS1
1147	andis.	r4,r4,MAS1_VALID@h
1148	bne	1b
1149
1150	/* Get the tlb entry used by the current running code */
1151	bcl	20,31,$+4
11520:	mflr	r4
1153	tlbsx	0,r4
1154
1155	mfspr	r4,SPRN_MAS1
1156	ori	r4,r4,MAS1_TS		/* Set the TS = 1 */
1157	mtspr	SPRN_MAS1,r4
1158
1159	mfspr	r4,SPRN_MAS0
1160	rlwinm	r4,r4,0,~MAS0_ESEL_MASK
1161	rlwimi	r4,r3,16,4,15		/* Setup MAS0 = TLBSEL | ESEL(r3) */
1162	mtspr	SPRN_MAS0,r4
1163	tlbwe
1164	isync
1165	sync
1166
1167	mfmsr	r4
1168	ori	r4,r4,MSR_IS | MSR_DS
1169	mtspr	SPRN_SRR0,r5
1170	mtspr	SPRN_SRR1,r4
1171	sync
1172	rfi
1173
1174/*
1175 * Restore to the address space 0 and also invalidate the tlb entry created
1176 * by switch_to_as1.
1177 * r3 - the tlb entry which should be invalidated
1178 * r4 - __pa(PAGE_OFFSET in AS1) - __pa(PAGE_OFFSET in AS0)
1179 * r5 - device tree virtual address. If r4 is 0, r5 is ignored.
1180 * r6 - boot cpu
1181*/
1182_GLOBAL(restore_to_as0)
1183	mflr	r0
1184
1185	bcl	20,31,$+4
11860:	mflr	r9
1187	addi	r9,r9,1f - 0b
1188
1189	/*
1190	 * We may map the PAGE_OFFSET in AS0 to a different physical address,
1191	 * so we need calculate the right jump and device tree address based
1192	 * on the offset passed by r4.
1193	 */
1194	add	r9,r9,r4
1195	add	r5,r5,r4
1196	add	r0,r0,r4
1197
11982:	mfmsr	r7
1199	li	r8,(MSR_IS | MSR_DS)
1200	andc	r7,r7,r8
1201
1202	mtspr	SPRN_SRR0,r9
1203	mtspr	SPRN_SRR1,r7
1204	sync
1205	rfi
1206
1207	/* Invalidate the temporary tlb entry for AS1 */
12081:	lis	r9,0x1000		/* Set MAS0(TLBSEL) = 1 */
1209	rlwimi	r9,r3,16,4,15		/* Setup MAS0 = TLBSEL | ESEL(r3) */
1210	mtspr	SPRN_MAS0,r9
1211	tlbre
1212	mfspr	r9,SPRN_MAS1
1213	rlwinm	r9,r9,0,2,31		/* Clear MAS1 Valid and IPPROT */
1214	mtspr	SPRN_MAS1,r9
1215	tlbwe
1216	isync
1217
1218	cmpwi	r4,0
1219	cmpwi	cr1,r6,0
1220	cror	eq,4*cr1+eq,eq
1221	bne	3f			/* offset != 0 && is_boot_cpu */
1222	mtlr	r0
1223	blr
1224
1225	/*
1226	 * The PAGE_OFFSET will map to a different physical address,
1227	 * jump to _start to do another relocation again.
1228	*/
12293:	mr	r3,r5
1230	bl	_start
1231