xref: /openbmc/linux/arch/powerpc/kernel/head_8xx.S (revision 6491d698) 
1/*
2 *  PowerPC version
3 *    Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
4 *  Rewritten by Cort Dougan (cort@cs.nmt.edu) for PReP
5 *    Copyright (C) 1996 Cort Dougan <cort@cs.nmt.edu>
6 *  Low-level exception handlers and MMU support
7 *  rewritten by Paul Mackerras.
8 *    Copyright (C) 1996 Paul Mackerras.
9 *  MPC8xx modifications by Dan Malek
10 *    Copyright (C) 1997 Dan Malek (dmalek@jlc.net).
11 *
12 *  This file contains low-level support and setup for PowerPC 8xx
13 *  embedded processors, including trap and interrupt dispatch.
14 *
15 *  This program is free software; you can redistribute it and/or
16 *  modify it under the terms of the GNU General Public License
17 *  as published by the Free Software Foundation; either version
18 *  2 of the License, or (at your option) any later version.
19 *
20 */
21
22#include <linux/init.h>
23#include <asm/processor.h>
24#include <asm/page.h>
25#include <asm/mmu.h>
26#include <asm/cache.h>
27#include <asm/pgtable.h>
28#include <asm/cputable.h>
29#include <asm/thread_info.h>
30#include <asm/ppc_asm.h>
31#include <asm/asm-offsets.h>
32#include <asm/ptrace.h>
33#include <asm/export.h>
34#include <asm/code-patching-asm.h>
35
36#if CONFIG_TASK_SIZE <= 0x80000000 && CONFIG_PAGE_OFFSET >= 0x80000000
37/* By simply checking Address >= 0x80000000, we know if its a kernel address */
38#define SIMPLE_KERNEL_ADDRESS		1
39#endif
40
41/*
42 * We need an ITLB miss handler for kernel addresses if:
43 * - Either we have modules
44 * - Or we have not pinned the first 8M
45 */
46#if defined(CONFIG_MODULES) || !defined(CONFIG_PIN_TLB_TEXT) || \
47    defined(CONFIG_DEBUG_PAGEALLOC)
48#define ITLB_MISS_KERNEL	1
49#endif
50
51/*
52 * Value for the bits that have fixed value in RPN entries.
53 * Also used for tagging DAR for DTLBerror.
54 */
55#define RPN_PATTERN	0x00f0
56
57#define PAGE_SHIFT_512K		19
58#define PAGE_SHIFT_8M		23
59
60	__HEAD
61_ENTRY(_stext);
62_ENTRY(_start);
63
64/* MPC8xx
65 * This port was done on an MBX board with an 860.  Right now I only
66 * support an ELF compressed (zImage) boot from EPPC-Bug because the
67 * code there loads up some registers before calling us:
68 *   r3: ptr to board info data
69 *   r4: initrd_start or if no initrd then 0
70 *   r5: initrd_end - unused if r4 is 0
71 *   r6: Start of command line string
72 *   r7: End of command line string
73 *
74 * I decided to use conditional compilation instead of checking PVR and
75 * adding more processor specific branches around code I don't need.
76 * Since this is an embedded processor, I also appreciate any memory
77 * savings I can get.
78 *
79 * The MPC8xx does not have any BATs, but it supports large page sizes.
80 * We first initialize the MMU to support 8M byte pages, then load one
81 * entry into each of the instruction and data TLBs to map the first
82 * 8M 1:1.  I also mapped an additional I/O space 1:1 so we can get to
83 * the "internal" processor registers before MMU_init is called.
84 *
85 *	-- Dan
86 */
87	.globl	__start
88__start:
89	mr	r31,r3			/* save device tree ptr */
90
91	/* We have to turn on the MMU right away so we get cache modes
92	 * set correctly.
93	 */
94	bl	initial_mmu
95
96/* We now have the lower 8 Meg mapped into TLB entries, and the caches
97 * ready to work.
98 */
99
100turn_on_mmu:
101	mfmsr	r0
102	ori	r0,r0,MSR_DR|MSR_IR
103	mtspr	SPRN_SRR1,r0
104	lis	r0,start_here@h
105	ori	r0,r0,start_here@l
106	mtspr	SPRN_SRR0,r0
107	rfi				/* enables MMU */
108
109
110#ifdef CONFIG_PERF_EVENTS
111	.align	4
112
113	.globl	itlb_miss_counter
114itlb_miss_counter:
115	.space	4
116
117	.globl	dtlb_miss_counter
118dtlb_miss_counter:
119	.space	4
120
121	.globl	instruction_counter
122instruction_counter:
123	.space	4
124#endif
125
126/*
127 * Exception entry code.  This code runs with address translation
128 * turned off, i.e. using physical addresses.
129 * We assume sprg3 has the physical address of the current
130 * task's thread_struct.
131 */
132#define EXCEPTION_PROLOG	\
133	mtspr	SPRN_SPRG_SCRATCH0, r10;	\
134	mtspr	SPRN_SPRG_SCRATCH1, r11;	\
135	mfcr	r10;		\
136	EXCEPTION_PROLOG_1;	\
137	EXCEPTION_PROLOG_2
138
139#define EXCEPTION_PROLOG_1	\
140	mfspr	r11,SPRN_SRR1;		/* check whether user or kernel */ \
141	andi.	r11,r11,MSR_PR;	\
142	tophys(r11,r1);			/* use tophys(r1) if kernel */ \
143	beq	1f;		\
144	mfspr	r11,SPRN_SPRG_THREAD;	\
145	lwz	r11,TASK_STACK-THREAD(r11);	\
146	addi	r11,r11,THREAD_SIZE;	\
147	tophys(r11,r11);	\
1481:	subi	r11,r11,INT_FRAME_SIZE	/* alloc exc. frame */
149
150
151#define EXCEPTION_PROLOG_2	\
152	stw	r10,_CCR(r11);		/* save registers */ \
153	stw	r12,GPR12(r11);	\
154	stw	r9,GPR9(r11);	\
155	mfspr	r10,SPRN_SPRG_SCRATCH0;	\
156	stw	r10,GPR10(r11);	\
157	mfspr	r12,SPRN_SPRG_SCRATCH1;	\
158	stw	r12,GPR11(r11);	\
159	mflr	r10;		\
160	stw	r10,_LINK(r11);	\
161	mfspr	r12,SPRN_SRR0;	\
162	mfspr	r9,SPRN_SRR1;	\
163	stw	r1,GPR1(r11);	\
164	stw	r1,0(r11);	\
165	tovirt(r1,r11);			/* set new kernel sp */	\
166	li	r10,MSR_KERNEL & ~(MSR_IR|MSR_DR); /* can take exceptions */ \
167	mtmsr	r10;		\
168	stw	r0,GPR0(r11);	\
169	lis	r10, STACK_FRAME_REGS_MARKER@ha; /* exception frame marker */ \
170	addi	r10, r10, STACK_FRAME_REGS_MARKER@l; \
171	stw	r10, 8(r11);	\
172	SAVE_4GPRS(3, r11);	\
173	SAVE_2GPRS(7, r11)
174
175/*
176 * Note: code which follows this uses cr0.eq (set if from kernel),
177 * r11, r12 (SRR0), and r9 (SRR1).
178 *
179 * Note2: once we have set r1 we are in a position to take exceptions
180 * again, and we could thus set MSR:RI at that point.
181 */
182
183/*
184 * Exception vectors.
185 */
186#define EXCEPTION(n, label, hdlr, xfer)		\
187	. = n;					\
188label:						\
189	EXCEPTION_PROLOG;			\
190	addi	r3,r1,STACK_FRAME_OVERHEAD;	\
191	xfer(n, hdlr)
192
193#define EXC_XFER_TEMPLATE(n, hdlr, trap, copyee, tfer, ret)	\
194	li	r10,trap;					\
195	stw	r10,_TRAP(r11);					\
196	li	r10,MSR_KERNEL;					\
197	copyee(r10, r9);					\
198	bl	tfer;						\
199i##n:								\
200	.long	hdlr;						\
201	.long	ret
202
203#define COPY_EE(d, s)		rlwimi d,s,0,16,16
204#define NOCOPY(d, s)
205
206#define EXC_XFER_STD(n, hdlr)		\
207	EXC_XFER_TEMPLATE(n, hdlr, n, NOCOPY, transfer_to_handler_full,	\
208			  ret_from_except_full)
209
210#define EXC_XFER_LITE(n, hdlr)		\
211	EXC_XFER_TEMPLATE(n, hdlr, n+1, NOCOPY, transfer_to_handler, \
212			  ret_from_except)
213
214#define EXC_XFER_EE(n, hdlr)		\
215	EXC_XFER_TEMPLATE(n, hdlr, n, COPY_EE, transfer_to_handler_full, \
216			  ret_from_except_full)
217
218#define EXC_XFER_EE_LITE(n, hdlr)	\
219	EXC_XFER_TEMPLATE(n, hdlr, n+1, COPY_EE, transfer_to_handler, \
220			  ret_from_except)
221
222/* System reset */
223	EXCEPTION(0x100, Reset, system_reset_exception, EXC_XFER_STD)
224
225/* Machine check */
226	. = 0x200
227MachineCheck:
228	EXCEPTION_PROLOG
229	mfspr r4,SPRN_DAR
230	stw r4,_DAR(r11)
231	li r5,RPN_PATTERN
232	mtspr SPRN_DAR,r5	/* Tag DAR, to be used in DTLB Error */
233	mfspr r5,SPRN_DSISR
234	stw r5,_DSISR(r11)
235	addi r3,r1,STACK_FRAME_OVERHEAD
236	EXC_XFER_STD(0x200, machine_check_exception)
237
238/* Data access exception.
239 * This is "never generated" by the MPC8xx.
240 */
241	. = 0x300
242DataAccess:
243
244/* Instruction access exception.
245 * This is "never generated" by the MPC8xx.
246 */
247	. = 0x400
248InstructionAccess:
249
250/* External interrupt */
251	EXCEPTION(0x500, HardwareInterrupt, do_IRQ, EXC_XFER_LITE)
252
253/* Alignment exception */
254	. = 0x600
255Alignment:
256	EXCEPTION_PROLOG
257	mfspr	r4,SPRN_DAR
258	stw	r4,_DAR(r11)
259	li	r5,RPN_PATTERN
260	mtspr	SPRN_DAR,r5	/* Tag DAR, to be used in DTLB Error */
261	mfspr	r5,SPRN_DSISR
262	stw	r5,_DSISR(r11)
263	addi	r3,r1,STACK_FRAME_OVERHEAD
264	EXC_XFER_EE(0x600, alignment_exception)
265
266/* Program check exception */
267	EXCEPTION(0x700, ProgramCheck, program_check_exception, EXC_XFER_STD)
268
269/* No FPU on MPC8xx.  This exception is not supposed to happen.
270*/
271	EXCEPTION(0x800, FPUnavailable, unknown_exception, EXC_XFER_STD)
272
273/* Decrementer */
274	EXCEPTION(0x900, Decrementer, timer_interrupt, EXC_XFER_LITE)
275
276	EXCEPTION(0xa00, Trap_0a, unknown_exception, EXC_XFER_EE)
277	EXCEPTION(0xb00, Trap_0b, unknown_exception, EXC_XFER_EE)
278
279/* System call */
280	. = 0xc00
281SystemCall:
282	EXCEPTION_PROLOG
283	EXC_XFER_EE_LITE(0xc00, DoSyscall)
284
285/* Single step - not used on 601 */
286	EXCEPTION(0xd00, SingleStep, single_step_exception, EXC_XFER_STD)
287	EXCEPTION(0xe00, Trap_0e, unknown_exception, EXC_XFER_EE)
288	EXCEPTION(0xf00, Trap_0f, unknown_exception, EXC_XFER_EE)
289
290/* On the MPC8xx, this is a software emulation interrupt.  It occurs
291 * for all unimplemented and illegal instructions.
292 */
293	EXCEPTION(0x1000, SoftEmu, program_check_exception, EXC_XFER_STD)
294
295/* Called from DataStoreTLBMiss when perf TLB misses events are activated */
296#ifdef CONFIG_PERF_EVENTS
297	patch_site	0f, patch__dtlbmiss_perf
2980:	lwz	r10, (dtlb_miss_counter - PAGE_OFFSET)@l(0)
299	addi	r10, r10, 1
300	stw	r10, (dtlb_miss_counter - PAGE_OFFSET)@l(0)
301	mfspr	r10, SPRN_SPRG_SCRATCH0
302	mfspr	r11, SPRN_SPRG_SCRATCH1
303	rfi
304#endif
305
306	. = 0x1100
307/*
308 * For the MPC8xx, this is a software tablewalk to load the instruction
309 * TLB.  The task switch loads the M_TWB register with the pointer to the first
310 * level table.
311 * If we discover there is no second level table (value is zero) or if there
312 * is an invalid pte, we load that into the TLB, which causes another fault
313 * into the TLB Error interrupt where we can handle such problems.
314 * We have to use the MD_xxx registers for the tablewalk because the
315 * equivalent MI_xxx registers only perform the attribute functions.
316 */
317
318#ifdef CONFIG_8xx_CPU15
319#define INVALIDATE_ADJACENT_PAGES_CPU15(addr)	\
320	addi	addr, addr, PAGE_SIZE;	\
321	tlbie	addr;			\
322	addi	addr, addr, -(PAGE_SIZE << 1);	\
323	tlbie	addr;			\
324	addi	addr, addr, PAGE_SIZE
325#else
326#define INVALIDATE_ADJACENT_PAGES_CPU15(addr)
327#endif
328
329InstructionTLBMiss:
330	mtspr	SPRN_SPRG_SCRATCH0, r10
331#if defined(ITLB_MISS_KERNEL) || defined(CONFIG_SWAP)
332	mtspr	SPRN_SPRG_SCRATCH1, r11
333#endif
334
335	/* If we are faulting a kernel address, we have to use the
336	 * kernel page tables.
337	 */
338	mfspr	r10, SPRN_SRR0	/* Get effective address of fault */
339	INVALIDATE_ADJACENT_PAGES_CPU15(r10)
340	mtspr	SPRN_MD_EPN, r10
341	/* Only modules will cause ITLB Misses as we always
342	 * pin the first 8MB of kernel memory */
343#ifdef ITLB_MISS_KERNEL
344	mfcr	r11
345#if defined(SIMPLE_KERNEL_ADDRESS) && defined(CONFIG_PIN_TLB_TEXT)
346	cmpi	cr0, r10, 0	/* Address >= 0x80000000 */
347#else
348	rlwinm	r10, r10, 16, 0xfff8
349	cmpli	cr0, r10, PAGE_OFFSET@h
350#ifndef CONFIG_PIN_TLB_TEXT
351	/* It is assumed that kernel code fits into the first 32M */
3520:	cmpli	cr7, r10, (PAGE_OFFSET + 0x2000000)@h
353	patch_site	0b, patch__itlbmiss_linmem_top
354#endif
355#endif
356#endif
357	mfspr	r10, SPRN_M_TWB	/* Get level 1 table */
358#ifdef ITLB_MISS_KERNEL
359#if defined(SIMPLE_KERNEL_ADDRESS) && defined(CONFIG_PIN_TLB_TEXT)
360	bge+	3f
361#else
362	blt+	3f
363#endif
364#ifndef CONFIG_PIN_TLB_TEXT
365	blt	cr7, ITLBMissLinear
366#endif
367	rlwinm	r10, r10, 0, 20, 31
368	oris	r10, r10, (swapper_pg_dir - PAGE_OFFSET)@ha
3693:
370#endif
371	lwz	r10, (swapper_pg_dir-PAGE_OFFSET)@l(r10)	/* Get level 1 entry */
372	mtspr	SPRN_MI_TWC, r10	/* Set segment attributes */
373
374	mtspr	SPRN_MD_TWC, r10
375	mfspr	r10, SPRN_MD_TWC
376	lwz	r10, 0(r10)	/* Get the pte */
377#ifdef ITLB_MISS_KERNEL
378	mtcr	r11
379#endif
380#ifdef CONFIG_SWAP
381	rlwinm	r11, r10, 32-5, _PAGE_PRESENT
382	and	r11, r11, r10
383	rlwimi	r10, r11, 0, _PAGE_PRESENT
384#endif
385	/* The Linux PTE won't go exactly into the MMU TLB.
386	 * Software indicator bits 20 and 23 must be clear.
387	 * Software indicator bits 22, 24, 25, 26, and 27 must be
388	 * set.  All other Linux PTE bits control the behavior
389	 * of the MMU.
390	 */
391	rlwimi	r10, r10, 0, 0x0f00	/* Clear bits 20-23 */
392	rlwimi	r10, r10, 4, 0x0400	/* Copy _PAGE_EXEC into bit 21 */
393	ori	r10, r10, RPN_PATTERN | 0x200 /* Set 22 and 24-27 */
394	mtspr	SPRN_MI_RPN, r10	/* Update TLB entry */
395
396	/* Restore registers */
3970:	mfspr	r10, SPRN_SPRG_SCRATCH0
398#if defined(ITLB_MISS_KERNEL) || defined(CONFIG_SWAP)
399	mfspr	r11, SPRN_SPRG_SCRATCH1
400#endif
401	rfi
402	patch_site	0b, patch__itlbmiss_exit_1
403
404#ifdef CONFIG_PERF_EVENTS
405	patch_site	0f, patch__itlbmiss_perf
4060:	lwz	r10, (itlb_miss_counter - PAGE_OFFSET)@l(0)
407	addi	r10, r10, 1
408	stw	r10, (itlb_miss_counter - PAGE_OFFSET)@l(0)
409	mfspr	r10, SPRN_SPRG_SCRATCH0
410#if defined(ITLB_MISS_KERNEL) || defined(CONFIG_SWAP)
411	mfspr	r11, SPRN_SPRG_SCRATCH1
412#endif
413	rfi
414#endif
415
416#ifndef CONFIG_PIN_TLB_TEXT
417ITLBMissLinear:
418	mtcr	r11
419#if defined(CONFIG_STRICT_KERNEL_RWX) && CONFIG_ETEXT_SHIFT < 23
420	patch_site	0f, patch__itlbmiss_linmem_top8
421
422	mfspr	r10, SPRN_SRR0
4230:	subis	r11, r10, (PAGE_OFFSET - 0x80000000)@ha
424	rlwinm	r11, r11, 4, MI_PS8MEG ^ MI_PS512K
425	ori	r11, r11, MI_PS512K | MI_SVALID
426	rlwinm	r10, r10, 0, 0x0ff80000	/* 8xx supports max 256Mb RAM */
427#else
428	/* Set 8M byte page and mark it valid */
429	li	r11, MI_PS8MEG | MI_SVALID
430	rlwinm	r10, r10, 20, 0x0f800000	/* 8xx supports max 256Mb RAM */
431#endif
432	mtspr	SPRN_MI_TWC, r11
433	ori	r10, r10, 0xf0 | MI_SPS16K | _PAGE_SH | _PAGE_DIRTY | \
434			  _PAGE_PRESENT
435	mtspr	SPRN_MI_RPN, r10	/* Update TLB entry */
436
4370:	mfspr	r10, SPRN_SPRG_SCRATCH0
438	mfspr	r11, SPRN_SPRG_SCRATCH1
439	rfi
440	patch_site	0b, patch__itlbmiss_exit_2
441#endif
442
443	. = 0x1200
444DataStoreTLBMiss:
445	mtspr	SPRN_SPRG_SCRATCH0, r10
446	mtspr	SPRN_SPRG_SCRATCH1, r11
447	mfcr	r11
448
449	/* If we are faulting a kernel address, we have to use the
450	 * kernel page tables.
451	 */
452	mfspr	r10, SPRN_MD_EPN
453	rlwinm	r10, r10, 16, 0xfff8
454	cmpli	cr0, r10, PAGE_OFFSET@h
455#ifndef CONFIG_PIN_TLB_IMMR
456	cmpli	cr6, r10, VIRT_IMMR_BASE@h
457#endif
4580:	cmpli	cr7, r10, (PAGE_OFFSET + 0x2000000)@h
459	patch_site	0b, patch__dtlbmiss_linmem_top
460
461	mfspr	r10, SPRN_M_TWB	/* Get level 1 table */
462	blt+	3f
463#ifndef CONFIG_PIN_TLB_IMMR
4640:	beq-	cr6, DTLBMissIMMR
465	patch_site	0b, patch__dtlbmiss_immr_jmp
466#endif
467	blt	cr7, DTLBMissLinear
468	rlwinm	r10, r10, 0, 20, 31
469	oris	r10, r10, (swapper_pg_dir - PAGE_OFFSET)@ha
4703:
471	mtcr	r11
472	lwz	r11, (swapper_pg_dir-PAGE_OFFSET)@l(r10)	/* Get level 1 entry */
473
474	mtspr	SPRN_MD_TWC, r11
475	mfspr	r10, SPRN_MD_TWC
476	lwz	r10, 0(r10)	/* Get the pte */
477
478	/* Insert the Guarded flag into the TWC from the Linux PTE.
479	 * It is bit 27 of both the Linux PTE and the TWC (at least
480	 * I got that right :-).  It will be better when we can put
481	 * this into the Linux pgd/pmd and load it in the operation
482	 * above.
483	 */
484	rlwimi	r11, r10, 0, _PAGE_GUARDED
485	mtspr	SPRN_MD_TWC, r11
486
487	/* Both _PAGE_ACCESSED and _PAGE_PRESENT has to be set.
488	 * We also need to know if the insn is a load/store, so:
489	 * Clear _PAGE_PRESENT and load that which will
490	 * trap into DTLB Error with store bit set accordinly.
491	 */
492	/* PRESENT=0x1, ACCESSED=0x20
493	 * r11 = ((r10 & PRESENT) & ((r10 & ACCESSED) >> 5));
494	 * r10 = (r10 & ~PRESENT) | r11;
495	 */
496#ifdef CONFIG_SWAP
497	rlwinm	r11, r10, 32-5, _PAGE_PRESENT
498	and	r11, r11, r10
499	rlwimi	r10, r11, 0, _PAGE_PRESENT
500#endif
501	/* The Linux PTE won't go exactly into the MMU TLB.
502	 * Software indicator bits 24, 25, 26, and 27 must be
503	 * set.  All other Linux PTE bits control the behavior
504	 * of the MMU.
505	 */
506	li	r11, RPN_PATTERN
507	rlwimi	r10, r11, 0, 24, 27	/* Set 24-27 */
508	mtspr	SPRN_MD_RPN, r10	/* Update TLB entry */
509
510	/* Restore registers */
511	mtspr	SPRN_DAR, r11	/* Tag DAR */
512
5130:	mfspr	r10, SPRN_SPRG_SCRATCH0
514	mfspr	r11, SPRN_SPRG_SCRATCH1
515	rfi
516	patch_site	0b, patch__dtlbmiss_exit_1
517
518DTLBMissIMMR:
519	mtcr	r11
520	/* Set 512k byte guarded page and mark it valid */
521	li	r10, MD_PS512K | MD_GUARDED | MD_SVALID
522	mtspr	SPRN_MD_TWC, r10
523	mfspr	r10, SPRN_IMMR			/* Get current IMMR */
524	rlwinm	r10, r10, 0, 0xfff80000		/* Get 512 kbytes boundary */
525	ori	r10, r10, 0xf0 | MD_SPS16K | _PAGE_SH | _PAGE_DIRTY | \
526			  _PAGE_PRESENT | _PAGE_NO_CACHE
527	mtspr	SPRN_MD_RPN, r10	/* Update TLB entry */
528
529	li	r11, RPN_PATTERN
530	mtspr	SPRN_DAR, r11	/* Tag DAR */
531
5320:	mfspr	r10, SPRN_SPRG_SCRATCH0
533	mfspr	r11, SPRN_SPRG_SCRATCH1
534	rfi
535	patch_site	0b, patch__dtlbmiss_exit_2
536
537DTLBMissLinear:
538	mtcr	r11
539	rlwinm	r10, r10, 20, 0x0f800000	/* 8xx supports max 256Mb RAM */
540#if defined(CONFIG_STRICT_KERNEL_RWX) && CONFIG_DATA_SHIFT < 23
541	patch_site	0f, patch__dtlbmiss_romem_top8
542
5430:	subis	r11, r10, (PAGE_OFFSET - 0x80000000)@ha
544	rlwinm	r11, r11, 0, 0xff800000
545	neg	r10, r11
546	or	r11, r11, r10
547	rlwinm	r11, r11, 4, MI_PS8MEG ^ MI_PS512K
548	ori	r11, r11, MI_PS512K | MI_SVALID
549	mfspr	r10, SPRN_MD_EPN
550	rlwinm	r10, r10, 0, 0x0ff80000	/* 8xx supports max 256Mb RAM */
551#else
552	/* Set 8M byte page and mark it valid */
553	li	r11, MD_PS8MEG | MD_SVALID
554#endif
555	mtspr	SPRN_MD_TWC, r11
556#ifdef CONFIG_STRICT_KERNEL_RWX
557	patch_site	0f, patch__dtlbmiss_romem_top
558
5590:	subis	r11, r10, 0
560	rlwimi	r10, r11, 11, _PAGE_RO
561#endif
562	ori	r10, r10, 0xf0 | MD_SPS16K | _PAGE_SH | _PAGE_DIRTY | \
563			  _PAGE_PRESENT
564	mtspr	SPRN_MD_RPN, r10	/* Update TLB entry */
565
566	li	r11, RPN_PATTERN
567	mtspr	SPRN_DAR, r11	/* Tag DAR */
568
5690:	mfspr	r10, SPRN_SPRG_SCRATCH0
570	mfspr	r11, SPRN_SPRG_SCRATCH1
571	rfi
572	patch_site	0b, patch__dtlbmiss_exit_3
573
574/* This is an instruction TLB error on the MPC8xx.  This could be due
575 * to many reasons, such as executing guarded memory or illegal instruction
576 * addresses.  There is nothing to do but handle a big time error fault.
577 */
578	. = 0x1300
579InstructionTLBError:
580	EXCEPTION_PROLOG
581	mr	r4,r12
582	andis.	r5,r9,DSISR_SRR1_MATCH_32S@h /* Filter relevant SRR1 bits */
583	andis.	r10,r9,SRR1_ISI_NOPT@h
584	beq+	.Litlbie
585	tlbie	r4
586	/* 0x400 is InstructionAccess exception, needed by bad_page_fault() */
587.Litlbie:
588	EXC_XFER_LITE(0x400, handle_page_fault)
589
590/* This is the data TLB error on the MPC8xx.  This could be due to
591 * many reasons, including a dirty update to a pte.  We bail out to
592 * a higher level function that can handle it.
593 */
594	. = 0x1400
595DataTLBError:
596	mtspr	SPRN_SPRG_SCRATCH0, r10
597	mtspr	SPRN_SPRG_SCRATCH1, r11
598	mfcr	r10
599
600	mfspr	r11, SPRN_DAR
601	cmpwi	cr0, r11, RPN_PATTERN
602	beq-	FixupDAR	/* must be a buggy dcbX, icbi insn. */
603DARFixed:/* Return from dcbx instruction bug workaround */
604	EXCEPTION_PROLOG_1
605	EXCEPTION_PROLOG_2
606	mfspr	r5,SPRN_DSISR
607	stw	r5,_DSISR(r11)
608	mfspr	r4,SPRN_DAR
609	andis.	r10,r5,DSISR_NOHPTE@h
610	beq+	.Ldtlbie
611	tlbie	r4
612.Ldtlbie:
613	li	r10,RPN_PATTERN
614	mtspr	SPRN_DAR,r10	/* Tag DAR, to be used in DTLB Error */
615	/* 0x300 is DataAccess exception, needed by bad_page_fault() */
616	EXC_XFER_LITE(0x300, handle_page_fault)
617
618	EXCEPTION(0x1500, Trap_15, unknown_exception, EXC_XFER_EE)
619	EXCEPTION(0x1600, Trap_16, unknown_exception, EXC_XFER_EE)
620	EXCEPTION(0x1700, Trap_17, unknown_exception, EXC_XFER_EE)
621	EXCEPTION(0x1800, Trap_18, unknown_exception, EXC_XFER_EE)
622	EXCEPTION(0x1900, Trap_19, unknown_exception, EXC_XFER_EE)
623	EXCEPTION(0x1a00, Trap_1a, unknown_exception, EXC_XFER_EE)
624	EXCEPTION(0x1b00, Trap_1b, unknown_exception, EXC_XFER_EE)
625
626/* On the MPC8xx, these next four traps are used for development
627 * support of breakpoints and such.  Someday I will get around to
628 * using them.
629 */
630	. = 0x1c00
631DataBreakpoint:
632	mtspr	SPRN_SPRG_SCRATCH0, r10
633	mtspr	SPRN_SPRG_SCRATCH1, r11
634	mfcr	r10
635	mfspr	r11, SPRN_SRR0
636	cmplwi	cr0, r11, (.Ldtlbie - PAGE_OFFSET)@l
637	cmplwi	cr7, r11, (.Litlbie - PAGE_OFFSET)@l
638	beq-	cr0, 11f
639	beq-	cr7, 11f
640	EXCEPTION_PROLOG_1
641	EXCEPTION_PROLOG_2
642	addi	r3,r1,STACK_FRAME_OVERHEAD
643	mfspr	r4,SPRN_BAR
644	stw	r4,_DAR(r11)
645	mfspr	r5,SPRN_DSISR
646	EXC_XFER_EE(0x1c00, do_break)
64711:
648	mtcr	r10
649	mfspr	r10, SPRN_SPRG_SCRATCH0
650	mfspr	r11, SPRN_SPRG_SCRATCH1
651	rfi
652
653#ifdef CONFIG_PERF_EVENTS
654	. = 0x1d00
655InstructionBreakpoint:
656	mtspr	SPRN_SPRG_SCRATCH0, r10
657	lwz	r10, (instruction_counter - PAGE_OFFSET)@l(0)
658	addi	r10, r10, -1
659	stw	r10, (instruction_counter - PAGE_OFFSET)@l(0)
660	lis	r10, 0xffff
661	ori	r10, r10, 0x01
662	mtspr	SPRN_COUNTA, r10
663	mfspr	r10, SPRN_SPRG_SCRATCH0
664	rfi
665#else
666	EXCEPTION(0x1d00, Trap_1d, unknown_exception, EXC_XFER_EE)
667#endif
668	EXCEPTION(0x1e00, Trap_1e, unknown_exception, EXC_XFER_EE)
669	EXCEPTION(0x1f00, Trap_1f, unknown_exception, EXC_XFER_EE)
670
671	. = 0x2000
672
673/* This is the procedure to calculate the data EA for buggy dcbx,dcbi instructions
674 * by decoding the registers used by the dcbx instruction and adding them.
675 * DAR is set to the calculated address.
676 */
677 /* define if you don't want to use self modifying code */
678#define NO_SELF_MODIFYING_CODE
679FixupDAR:/* Entry point for dcbx workaround. */
680	mtspr	SPRN_M_TW, r10
681	/* fetch instruction from memory. */
682	mfspr	r10, SPRN_SRR0
683	mtspr	SPRN_MD_EPN, r10
684	rlwinm	r11, r10, 16, 0xfff8
685	cmpli	cr0, r11, PAGE_OFFSET@h
686	mfspr	r11, SPRN_M_TWB	/* Get level 1 table */
687	blt+	3f
688	rlwinm	r11, r10, 16, 0xfff8
689
6900:	cmpli	cr7, r11, (PAGE_OFFSET + 0x1800000)@h
691	patch_site	0b, patch__fixupdar_linmem_top
692
693	/* create physical page address from effective address */
694	tophys(r11, r10)
695	blt-	cr7, 201f
696	mfspr	r11, SPRN_M_TWB	/* Get level 1 table */
697	rlwinm	r11, r11, 0, 20, 31
698	oris	r11, r11, (swapper_pg_dir - PAGE_OFFSET)@ha
6993:
700	lwz	r11, (swapper_pg_dir-PAGE_OFFSET)@l(r11)	/* Get the level 1 entry */
701	mtspr	SPRN_MD_TWC, r11
702	mtcr	r11
703	mfspr	r11, SPRN_MD_TWC
704	lwz	r11, 0(r11)	/* Get the pte */
705	bt	28,200f		/* bit 28 = Large page (8M) */
706	bt	29,202f		/* bit 29 = Large page (8M or 512K) */
707	/* concat physical page address(r11) and page offset(r10) */
708	rlwimi	r11, r10, 0, 32 - PAGE_SHIFT, 31
709201:	lwz	r11,0(r11)
710/* Check if it really is a dcbx instruction. */
711/* dcbt and dcbtst does not generate DTLB Misses/Errors,
712 * no need to include them here */
713	xoris	r10, r11, 0x7c00	/* check if major OP code is 31 */
714	rlwinm	r10, r10, 0, 21, 5
715	cmpwi	cr0, r10, 2028	/* Is dcbz? */
716	beq+	142f
717	cmpwi	cr0, r10, 940	/* Is dcbi? */
718	beq+	142f
719	cmpwi	cr0, r10, 108	/* Is dcbst? */
720	beq+	144f		/* Fix up store bit! */
721	cmpwi	cr0, r10, 172	/* Is dcbf? */
722	beq+	142f
723	cmpwi	cr0, r10, 1964	/* Is icbi? */
724	beq+	142f
725141:	mfspr	r10,SPRN_M_TW
726	b	DARFixed	/* Nope, go back to normal TLB processing */
727
728200:
729	/* concat physical page address(r11) and page offset(r10) */
730	rlwimi	r11, r10, 0, 32 - PAGE_SHIFT_8M, 31
731	b	201b
732
733202:
734	/* concat physical page address(r11) and page offset(r10) */
735	rlwimi	r11, r10, 0, 32 - PAGE_SHIFT_512K, 31
736	b	201b
737
738144:	mfspr	r10, SPRN_DSISR
739	rlwinm	r10, r10,0,7,5	/* Clear store bit for buggy dcbst insn */
740	mtspr	SPRN_DSISR, r10
741142:	/* continue, it was a dcbx, dcbi instruction. */
742#ifndef NO_SELF_MODIFYING_CODE
743	andis.	r10,r11,0x1f	/* test if reg RA is r0 */
744	li	r10,modified_instr@l
745	dcbtst	r0,r10		/* touch for store */
746	rlwinm	r11,r11,0,0,20	/* Zero lower 10 bits */
747	oris	r11,r11,640	/* Transform instr. to a "add r10,RA,RB" */
748	ori	r11,r11,532
749	stw	r11,0(r10)	/* store add/and instruction */
750	dcbf	0,r10		/* flush new instr. to memory. */
751	icbi	0,r10		/* invalidate instr. cache line */
752	mfspr	r11, SPRN_SPRG_SCRATCH1	/* restore r11 */
753	mfspr	r10, SPRN_SPRG_SCRATCH0	/* restore r10 */
754	isync			/* Wait until new instr is loaded from memory */
755modified_instr:
756	.space	4		/* this is where the add instr. is stored */
757	bne+	143f
758	subf	r10,r0,r10	/* r10=r10-r0, only if reg RA is r0 */
759143:	mtdar	r10		/* store faulting EA in DAR */
760	mfspr	r10,SPRN_M_TW
761	b	DARFixed	/* Go back to normal TLB handling */
762#else
763	mfctr	r10
764	mtdar	r10			/* save ctr reg in DAR */
765	rlwinm	r10, r11, 24, 24, 28	/* offset into jump table for reg RB */
766	addi	r10, r10, 150f@l	/* add start of table */
767	mtctr	r10			/* load ctr with jump address */
768	xor	r10, r10, r10		/* sum starts at zero */
769	bctr				/* jump into table */
770150:
771	add	r10, r10, r0	;b	151f
772	add	r10, r10, r1	;b	151f
773	add	r10, r10, r2	;b	151f
774	add	r10, r10, r3	;b	151f
775	add	r10, r10, r4	;b	151f
776	add	r10, r10, r5	;b	151f
777	add	r10, r10, r6	;b	151f
778	add	r10, r10, r7	;b	151f
779	add	r10, r10, r8	;b	151f
780	add	r10, r10, r9	;b	151f
781	mtctr	r11	;b	154f	/* r10 needs special handling */
782	mtctr	r11	;b	153f	/* r11 needs special handling */
783	add	r10, r10, r12	;b	151f
784	add	r10, r10, r13	;b	151f
785	add	r10, r10, r14	;b	151f
786	add	r10, r10, r15	;b	151f
787	add	r10, r10, r16	;b	151f
788	add	r10, r10, r17	;b	151f
789	add	r10, r10, r18	;b	151f
790	add	r10, r10, r19	;b	151f
791	add	r10, r10, r20	;b	151f
792	add	r10, r10, r21	;b	151f
793	add	r10, r10, r22	;b	151f
794	add	r10, r10, r23	;b	151f
795	add	r10, r10, r24	;b	151f
796	add	r10, r10, r25	;b	151f
797	add	r10, r10, r26	;b	151f
798	add	r10, r10, r27	;b	151f
799	add	r10, r10, r28	;b	151f
800	add	r10, r10, r29	;b	151f
801	add	r10, r10, r30	;b	151f
802	add	r10, r10, r31
803151:
804	rlwinm. r11,r11,19,24,28	/* offset into jump table for reg RA */
805	beq	152f			/* if reg RA is zero, don't add it */
806	addi	r11, r11, 150b@l	/* add start of table */
807	mtctr	r11			/* load ctr with jump address */
808	rlwinm	r11,r11,0,16,10		/* make sure we don't execute this more than once */
809	bctr				/* jump into table */
810152:
811	mfdar	r11
812	mtctr	r11			/* restore ctr reg from DAR */
813	mtdar	r10			/* save fault EA to DAR */
814	mfspr	r10,SPRN_M_TW
815	b	DARFixed		/* Go back to normal TLB handling */
816
817	/* special handling for r10,r11 since these are modified already */
818153:	mfspr	r11, SPRN_SPRG_SCRATCH1	/* load r11 from SPRN_SPRG_SCRATCH1 */
819	add	r10, r10, r11	/* add it */
820	mfctr	r11		/* restore r11 */
821	b	151b
822154:	mfspr	r11, SPRN_SPRG_SCRATCH0	/* load r10 from SPRN_SPRG_SCRATCH0 */
823	add	r10, r10, r11	/* add it */
824	mfctr	r11		/* restore r11 */
825	b	151b
826#endif
827
828/*
829 * This is where the main kernel code starts.
830 */
831start_here:
832	/* ptr to current */
833	lis	r2,init_task@h
834	ori	r2,r2,init_task@l
835
836	/* ptr to phys current thread */
837	tophys(r4,r2)
838	addi	r4,r4,THREAD	/* init task's THREAD */
839	mtspr	SPRN_SPRG_THREAD,r4
840
841	/* stack */
842	lis	r1,init_thread_union@ha
843	addi	r1,r1,init_thread_union@l
844	li	r0,0
845	stwu	r0,THREAD_SIZE-STACK_FRAME_OVERHEAD(r1)
846
847	lis	r6, swapper_pg_dir@ha
848	tophys(r6,r6)
849	mtspr	SPRN_M_TWB, r6
850
851	bl	early_init	/* We have to do this with MMU on */
852
853/*
854 * Decide what sort of machine this is and initialize the MMU.
855 */
856	li	r3,0
857	mr	r4,r31
858	bl	machine_init
859	bl	MMU_init
860
861/*
862 * Go back to running unmapped so we can load up new values
863 * and change to using our exception vectors.
864 * On the 8xx, all we have to do is invalidate the TLB to clear
865 * the old 8M byte TLB mappings and load the page table base register.
866 */
867	/* The right way to do this would be to track it down through
868	 * init's THREAD like the context switch code does, but this is
869	 * easier......until someone changes init's static structures.
870	 */
871	lis	r4,2f@h
872	ori	r4,r4,2f@l
873	tophys(r4,r4)
874	li	r3,MSR_KERNEL & ~(MSR_IR|MSR_DR)
875	mtspr	SPRN_SRR0,r4
876	mtspr	SPRN_SRR1,r3
877	rfi
878/* Load up the kernel context */
8792:
880	tlbia			/* Clear all TLB entries */
881	sync			/* wait for tlbia/tlbie to finish */
882
883	/* set up the PTE pointers for the Abatron bdiGDB.
884	*/
885	lis	r5, abatron_pteptrs@h
886	ori	r5, r5, abatron_pteptrs@l
887	stw	r5, 0xf0(0)	/* Must match your Abatron config file */
888	tophys(r5,r5)
889	lis	r6, swapper_pg_dir@h
890	ori	r6, r6, swapper_pg_dir@l
891	stw	r6, 0(r5)
892
893/* Now turn on the MMU for real! */
894	li	r4,MSR_KERNEL
895	lis	r3,start_kernel@h
896	ori	r3,r3,start_kernel@l
897	mtspr	SPRN_SRR0,r3
898	mtspr	SPRN_SRR1,r4
899	rfi			/* enable MMU and jump to start_kernel */
900
901/* Set up the initial MMU state so we can do the first level of
902 * kernel initialization.  This maps the first 8 MBytes of memory 1:1
903 * virtual to physical.  Also, set the cache mode since that is defined
904 * by TLB entries and perform any additional mapping (like of the IMMR).
905 * If configured to pin some TLBs, we pin the first 8 Mbytes of kernel,
906 * 24 Mbytes of data, and the 512k IMMR space.  Anything not covered by
907 * these mappings is mapped by page tables.
908 */
909initial_mmu:
910	li	r8, 0
911	mtspr	SPRN_MI_CTR, r8		/* remove PINNED ITLB entries */
912	lis	r10, MD_RESETVAL@h
913#ifndef CONFIG_8xx_COPYBACK
914	oris	r10, r10, MD_WTDEF@h
915#endif
916	mtspr	SPRN_MD_CTR, r10	/* remove PINNED DTLB entries */
917
918	tlbia			/* Invalidate all TLB entries */
919#ifdef CONFIG_PIN_TLB_DATA
920	oris	r10, r10, MD_RSV4I@h
921	mtspr	SPRN_MD_CTR, r10	/* Set data TLB control */
922#endif
923
924	lis	r8, MI_APG_INIT@h	/* Set protection modes */
925	ori	r8, r8, MI_APG_INIT@l
926	mtspr	SPRN_MI_AP, r8
927	lis	r8, MD_APG_INIT@h
928	ori	r8, r8, MD_APG_INIT@l
929	mtspr	SPRN_MD_AP, r8
930
931	/* Map a 512k page for the IMMR to get the processor
932	 * internal registers (among other things).
933	 */
934#ifdef CONFIG_PIN_TLB_IMMR
935	oris	r10, r10, MD_RSV4I@h
936	ori	r10, r10, 0x1c00
937	mtspr	SPRN_MD_CTR, r10
938
939	mfspr	r9, 638			/* Get current IMMR */
940	andis.	r9, r9, 0xfff8		/* Get 512 kbytes boundary */
941
942	lis	r8, VIRT_IMMR_BASE@h	/* Create vaddr for TLB */
943	ori	r8, r8, MD_EVALID	/* Mark it valid */
944	mtspr	SPRN_MD_EPN, r8
945	li	r8, MD_PS512K | MD_GUARDED	/* Set 512k byte page */
946	ori	r8, r8, MD_SVALID	/* Make it valid */
947	mtspr	SPRN_MD_TWC, r8
948	mr	r8, r9			/* Create paddr for TLB */
949	ori	r8, r8, MI_BOOTINIT|0x2 /* Inhibit cache -- Cort */
950	mtspr	SPRN_MD_RPN, r8
951#endif
952
953	/* Now map the lower RAM (up to 32 Mbytes) into the ITLB. */
954#ifdef CONFIG_PIN_TLB_TEXT
955	lis	r8, MI_RSV4I@h
956	ori	r8, r8, 0x1c00
957#endif
958	li	r9, 4				/* up to 4 pages of 8M */
959	mtctr	r9
960	lis	r9, KERNELBASE@h		/* Create vaddr for TLB */
961	li	r10, MI_PS8MEG | MI_SVALID	/* Set 8M byte page */
962	li	r11, MI_BOOTINIT		/* Create RPN for address 0 */
963	lis	r12, _einittext@h
964	ori	r12, r12, _einittext@l
9651:
966#ifdef CONFIG_PIN_TLB_TEXT
967	mtspr	SPRN_MI_CTR, r8	/* Set instruction MMU control */
968	addi	r8, r8, 0x100
969#endif
970
971	ori	r0, r9, MI_EVALID		/* Mark it valid */
972	mtspr	SPRN_MI_EPN, r0
973	mtspr	SPRN_MI_TWC, r10
974	mtspr	SPRN_MI_RPN, r11		/* Store TLB entry */
975	addis	r9, r9, 0x80
976	addis	r11, r11, 0x80
977
978	cmpl	cr0, r9, r12
979	bdnzf	gt, 1b
980
981	/* Since the cache is enabled according to the information we
982	 * just loaded into the TLB, invalidate and enable the caches here.
983	 * We should probably check/set other modes....later.
984	 */
985	lis	r8, IDC_INVALL@h
986	mtspr	SPRN_IC_CST, r8
987	mtspr	SPRN_DC_CST, r8
988	lis	r8, IDC_ENABLE@h
989	mtspr	SPRN_IC_CST, r8
990#ifdef CONFIG_8xx_COPYBACK
991	mtspr	SPRN_DC_CST, r8
992#else
993	/* For a debug option, I left this here to easily enable
994	 * the write through cache mode
995	 */
996	lis	r8, DC_SFWT@h
997	mtspr	SPRN_DC_CST, r8
998	lis	r8, IDC_ENABLE@h
999	mtspr	SPRN_DC_CST, r8
1000#endif
1001	/* Disable debug mode entry on breakpoints */
1002	mfspr	r8, SPRN_DER
1003#ifdef CONFIG_PERF_EVENTS
1004	rlwinm	r8, r8, 0, ~0xc
1005#else
1006	rlwinm	r8, r8, 0, ~0x8
1007#endif
1008	mtspr	SPRN_DER, r8
1009	blr
1010
1011
1012/*
1013 * We put a few things here that have to be page-aligned.
1014 * This stuff goes at the beginning of the data segment,
1015 * which is page-aligned.
1016 */
1017	.data
1018	.globl	sdata
1019sdata:
1020	.globl	empty_zero_page
1021	.align	PAGE_SHIFT
1022empty_zero_page:
1023	.space	PAGE_SIZE
1024EXPORT_SYMBOL(empty_zero_page)
1025
1026	.globl	swapper_pg_dir
1027swapper_pg_dir:
1028	.space	PGD_TABLE_SIZE
1029
1030/* Room for two PTE table poiners, usually the kernel and current user
1031 * pointer to their respective root page table (pgdir).
1032 */
1033	.globl	abatron_pteptrs
1034abatron_pteptrs:
1035	.space	8
1036