xref: /openbmc/linux/arch/powerpc/kernel/head_8xx.S (revision 9fa996c5f003beae0d8ca323caf06a2b73e471ec)
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 *  PowerPC version
4 *    Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
5 *  Rewritten by Cort Dougan (cort@cs.nmt.edu) for PReP
6 *    Copyright (C) 1996 Cort Dougan <cort@cs.nmt.edu>
7 *  Low-level exception handlers and MMU support
8 *  rewritten by Paul Mackerras.
9 *    Copyright (C) 1996 Paul Mackerras.
10 *  MPC8xx modifications by Dan Malek
11 *    Copyright (C) 1997 Dan Malek (dmalek@jlc.net).
12 *
13 *  This file contains low-level support and setup for PowerPC 8xx
14 *  embedded processors, including trap and interrupt dispatch.
15 */
16
17#include <linux/init.h>
18#include <linux/magic.h>
19#include <linux/pgtable.h>
20#include <linux/sizes.h>
21#include <asm/processor.h>
22#include <asm/page.h>
23#include <asm/mmu.h>
24#include <asm/cache.h>
25#include <asm/cputable.h>
26#include <asm/thread_info.h>
27#include <asm/ppc_asm.h>
28#include <asm/asm-offsets.h>
29#include <asm/ptrace.h>
30#include <asm/export.h>
31#include <asm/code-patching-asm.h>
32#include <asm/interrupt.h>
33
34/*
35 * Value for the bits that have fixed value in RPN entries.
36 * Also used for tagging DAR for DTLBerror.
37 */
38#define RPN_PATTERN	0x00f0
39
40#include "head_32.h"
41
42.macro compare_to_kernel_boundary scratch, addr
43#if CONFIG_TASK_SIZE <= 0x80000000 && CONFIG_PAGE_OFFSET >= 0x80000000
44/* By simply checking Address >= 0x80000000, we know if its a kernel address */
45	not.	\scratch, \addr
46#else
47	rlwinm	\scratch, \addr, 16, 0xfff8
48	cmpli	cr0, \scratch, PAGE_OFFSET@h
49#endif
50.endm
51
52#define PAGE_SHIFT_512K		19
53#define PAGE_SHIFT_8M		23
54
55	__HEAD
56_ENTRY(_stext);
57_ENTRY(_start);
58
59/* MPC8xx
60 * This port was done on an MBX board with an 860.  Right now I only
61 * support an ELF compressed (zImage) boot from EPPC-Bug because the
62 * code there loads up some registers before calling us:
63 *   r3: ptr to board info data
64 *   r4: initrd_start or if no initrd then 0
65 *   r5: initrd_end - unused if r4 is 0
66 *   r6: Start of command line string
67 *   r7: End of command line string
68 *
69 * I decided to use conditional compilation instead of checking PVR and
70 * adding more processor specific branches around code I don't need.
71 * Since this is an embedded processor, I also appreciate any memory
72 * savings I can get.
73 *
74 * The MPC8xx does not have any BATs, but it supports large page sizes.
75 * We first initialize the MMU to support 8M byte pages, then load one
76 * entry into each of the instruction and data TLBs to map the first
77 * 8M 1:1.  I also mapped an additional I/O space 1:1 so we can get to
78 * the "internal" processor registers before MMU_init is called.
79 *
80 *	-- Dan
81 */
82	.globl	__start
83__start:
84	mr	r31,r3			/* save device tree ptr */
85
86	/* We have to turn on the MMU right away so we get cache modes
87	 * set correctly.
88	 */
89	bl	initial_mmu
90
91/* We now have the lower 8 Meg mapped into TLB entries, and the caches
92 * ready to work.
93 */
94
95turn_on_mmu:
96	mfmsr	r0
97	ori	r0,r0,MSR_DR|MSR_IR
98	mtspr	SPRN_SRR1,r0
99	lis	r0,start_here@h
100	ori	r0,r0,start_here@l
101	mtspr	SPRN_SRR0,r0
102	rfi				/* enables MMU */
103
104
105#ifdef CONFIG_PERF_EVENTS
106	.align	4
107
108	.globl	itlb_miss_counter
109itlb_miss_counter:
110	.space	4
111
112	.globl	dtlb_miss_counter
113dtlb_miss_counter:
114	.space	4
115
116	.globl	instruction_counter
117instruction_counter:
118	.space	4
119#endif
120
121/* System reset */
122	EXCEPTION(INTERRUPT_SYSTEM_RESET, Reset, system_reset_exception)
123
124/* Machine check */
125	START_EXCEPTION(INTERRUPT_MACHINE_CHECK, MachineCheck)
126	EXCEPTION_PROLOG INTERRUPT_MACHINE_CHECK MachineCheck handle_dar_dsisr=1
127	prepare_transfer_to_handler
128	bl	machine_check_exception
129	b	interrupt_return
130
131/* External interrupt */
132	EXCEPTION(INTERRUPT_EXTERNAL, HardwareInterrupt, do_IRQ)
133
134/* Alignment exception */
135	START_EXCEPTION(INTERRUPT_ALIGNMENT, Alignment)
136	EXCEPTION_PROLOG INTERRUPT_ALIGNMENT Alignment handle_dar_dsisr=1
137	prepare_transfer_to_handler
138	bl	alignment_exception
139	REST_NVGPRS(r1)
140	b	interrupt_return
141
142/* Program check exception */
143	START_EXCEPTION(INTERRUPT_PROGRAM, ProgramCheck)
144	EXCEPTION_PROLOG INTERRUPT_PROGRAM ProgramCheck
145	prepare_transfer_to_handler
146	bl	program_check_exception
147	REST_NVGPRS(r1)
148	b	interrupt_return
149
150/* Decrementer */
151	EXCEPTION(INTERRUPT_DECREMENTER, Decrementer, timer_interrupt)
152
153/* System call */
154	START_EXCEPTION(INTERRUPT_SYSCALL, SystemCall)
155	SYSCALL_ENTRY	INTERRUPT_SYSCALL
156
157/* Single step - not used on 601 */
158	EXCEPTION(INTERRUPT_TRACE, SingleStep, single_step_exception)
159
160/* On the MPC8xx, this is a software emulation interrupt.  It occurs
161 * for all unimplemented and illegal instructions.
162 */
163	START_EXCEPTION(INTERRUPT_SOFT_EMU_8xx, SoftEmu)
164	EXCEPTION_PROLOG INTERRUPT_SOFT_EMU_8xx SoftEmu
165	prepare_transfer_to_handler
166	bl	emulation_assist_interrupt
167	REST_NVGPRS(r1)
168	b	interrupt_return
169
170/*
171 * For the MPC8xx, this is a software tablewalk to load the instruction
172 * TLB.  The task switch loads the M_TWB register with the pointer to the first
173 * level table.
174 * If we discover there is no second level table (value is zero) or if there
175 * is an invalid pte, we load that into the TLB, which causes another fault
176 * into the TLB Error interrupt where we can handle such problems.
177 * We have to use the MD_xxx registers for the tablewalk because the
178 * equivalent MI_xxx registers only perform the attribute functions.
179 */
180
181#ifdef CONFIG_8xx_CPU15
182#define INVALIDATE_ADJACENT_PAGES_CPU15(addr, tmp)	\
183	addi	tmp, addr, PAGE_SIZE;	\
184	tlbie	tmp;			\
185	addi	tmp, addr, -PAGE_SIZE;	\
186	tlbie	tmp
187#else
188#define INVALIDATE_ADJACENT_PAGES_CPU15(addr, tmp)
189#endif
190
191	START_EXCEPTION(INTERRUPT_INST_TLB_MISS_8xx, InstructionTLBMiss)
192	mtspr	SPRN_SPRG_SCRATCH2, r10
193	mtspr	SPRN_M_TW, r11
194
195	/* If we are faulting a kernel address, we have to use the
196	 * kernel page tables.
197	 */
198	mfspr	r10, SPRN_SRR0	/* Get effective address of fault */
199	INVALIDATE_ADJACENT_PAGES_CPU15(r10, r11)
200	mtspr	SPRN_MD_EPN, r10
201#ifdef CONFIG_MODULES
202	mfcr	r11
203	compare_to_kernel_boundary r10, r10
204#endif
205	mfspr	r10, SPRN_M_TWB	/* Get level 1 table */
206#ifdef CONFIG_MODULES
207	blt+	3f
208	rlwinm	r10, r10, 0, 20, 31
209	oris	r10, r10, (swapper_pg_dir - PAGE_OFFSET)@ha
2103:
211	mtcr	r11
212#endif
213	lwz	r11, (swapper_pg_dir-PAGE_OFFSET)@l(r10)	/* Get level 1 entry */
214	mtspr	SPRN_MD_TWC, r11
215	mfspr	r10, SPRN_MD_TWC
216	lwz	r10, 0(r10)	/* Get the pte */
217	rlwimi	r11, r10, 0, _PAGE_GUARDED | _PAGE_ACCESSED
218	rlwimi	r11, r10, 32 - 9, _PMD_PAGE_512K
219	mtspr	SPRN_MI_TWC, r11
220	/* The Linux PTE won't go exactly into the MMU TLB.
221	 * Software indicator bits 20 and 23 must be clear.
222	 * Software indicator bits 22, 24, 25, 26, and 27 must be
223	 * set.  All other Linux PTE bits control the behavior
224	 * of the MMU.
225	 */
226	rlwinm	r10, r10, 0, ~0x0f00	/* Clear bits 20-23 */
227	rlwimi	r10, r10, 4, 0x0400	/* Copy _PAGE_EXEC into bit 21 */
228	ori	r10, r10, RPN_PATTERN | 0x200 /* Set 22 and 24-27 */
229	mtspr	SPRN_MI_RPN, r10	/* Update TLB entry */
230
231	/* Restore registers */
2320:	mfspr	r10, SPRN_SPRG_SCRATCH2
233	mfspr	r11, SPRN_M_TW
234	rfi
235	patch_site	0b, patch__itlbmiss_exit_1
236
237#ifdef CONFIG_PERF_EVENTS
238	patch_site	0f, patch__itlbmiss_perf
2390:	lwz	r10, (itlb_miss_counter - PAGE_OFFSET)@l(0)
240	addi	r10, r10, 1
241	stw	r10, (itlb_miss_counter - PAGE_OFFSET)@l(0)
242	mfspr	r10, SPRN_SPRG_SCRATCH2
243	mfspr	r11, SPRN_M_TW
244	rfi
245#endif
246
247	START_EXCEPTION(INTERRUPT_DATA_TLB_MISS_8xx, DataStoreTLBMiss)
248	mtspr	SPRN_SPRG_SCRATCH2, r10
249	mtspr	SPRN_M_TW, r11
250	mfcr	r11
251
252	/* If we are faulting a kernel address, we have to use the
253	 * kernel page tables.
254	 */
255	mfspr	r10, SPRN_MD_EPN
256	compare_to_kernel_boundary r10, r10
257	mfspr	r10, SPRN_M_TWB	/* Get level 1 table */
258	blt+	3f
259	rlwinm	r10, r10, 0, 20, 31
260	oris	r10, r10, (swapper_pg_dir - PAGE_OFFSET)@ha
2613:
262	mtcr	r11
263	lwz	r11, (swapper_pg_dir-PAGE_OFFSET)@l(r10)	/* Get level 1 entry */
264
265	mtspr	SPRN_MD_TWC, r11
266	mfspr	r10, SPRN_MD_TWC
267	lwz	r10, 0(r10)	/* Get the pte */
268
269	/* Insert Guarded and Accessed flags into the TWC from the Linux PTE.
270	 * It is bit 27 of both the Linux PTE and the TWC (at least
271	 * I got that right :-).  It will be better when we can put
272	 * this into the Linux pgd/pmd and load it in the operation
273	 * above.
274	 */
275	rlwimi	r11, r10, 0, _PAGE_GUARDED | _PAGE_ACCESSED
276	rlwimi	r11, r10, 32 - 9, _PMD_PAGE_512K
277	mtspr	SPRN_MD_TWC, r11
278
279	/* The Linux PTE won't go exactly into the MMU TLB.
280	 * Software indicator bits 24, 25, 26, and 27 must be
281	 * set.  All other Linux PTE bits control the behavior
282	 * of the MMU.
283	 */
284	li	r11, RPN_PATTERN
285	rlwimi	r10, r11, 0, 24, 27	/* Set 24-27 */
286	mtspr	SPRN_MD_RPN, r10	/* Update TLB entry */
287	mtspr	SPRN_DAR, r11		/* Tag DAR */
288
289	/* Restore registers */
290
2910:	mfspr	r10, SPRN_SPRG_SCRATCH2
292	mfspr	r11, SPRN_M_TW
293	rfi
294	patch_site	0b, patch__dtlbmiss_exit_1
295
296#ifdef CONFIG_PERF_EVENTS
297	patch_site	0f, patch__dtlbmiss_perf
2980:	lwz	r10, (dtlb_miss_counter - PAGE_OFFSET)@l(0)
299	addi	r10, r10, 1
300	stw	r10, (dtlb_miss_counter - PAGE_OFFSET)@l(0)
301	mfspr	r10, SPRN_SPRG_SCRATCH2
302	mfspr	r11, SPRN_M_TW
303	rfi
304#endif
305
306/* This is an instruction TLB error on the MPC8xx.  This could be due
307 * to many reasons, such as executing guarded memory or illegal instruction
308 * addresses.  There is nothing to do but handle a big time error fault.
309 */
310	START_EXCEPTION(INTERRUPT_INST_TLB_ERROR_8xx, InstructionTLBError)
311	/* 0x400 is InstructionAccess exception, needed by bad_page_fault() */
312	EXCEPTION_PROLOG INTERRUPT_INST_STORAGE InstructionTLBError
313	andis.	r5,r9,DSISR_SRR1_MATCH_32S@h /* Filter relevant SRR1 bits */
314	andis.	r10,r9,SRR1_ISI_NOPT@h
315	beq+	.Litlbie
316	tlbie	r12
317.Litlbie:
318	stw	r12, _DAR(r11)
319	stw	r5, _DSISR(r11)
320	prepare_transfer_to_handler
321	bl	do_page_fault
322	b	interrupt_return
323
324/* This is the data TLB error on the MPC8xx.  This could be due to
325 * many reasons, including a dirty update to a pte.  We bail out to
326 * a higher level function that can handle it.
327 */
328	START_EXCEPTION(INTERRUPT_DATA_TLB_ERROR_8xx, DataTLBError)
329	EXCEPTION_PROLOG_0 handle_dar_dsisr=1
330	mfspr	r11, SPRN_DAR
331	cmpwi	cr1, r11, RPN_PATTERN
332	beq-	cr1, FixupDAR	/* must be a buggy dcbX, icbi insn. */
333DARFixed:/* Return from dcbx instruction bug workaround */
334	EXCEPTION_PROLOG_1
335	/* 0x300 is DataAccess exception, needed by bad_page_fault() */
336	EXCEPTION_PROLOG_2 INTERRUPT_DATA_STORAGE DataTLBError handle_dar_dsisr=1
337	lwz	r4, _DAR(r11)
338	lwz	r5, _DSISR(r11)
339	andis.	r10,r5,DSISR_NOHPTE@h
340	beq+	.Ldtlbie
341	tlbie	r4
342.Ldtlbie:
343	prepare_transfer_to_handler
344	bl	do_page_fault
345	b	interrupt_return
346
347#ifdef CONFIG_VMAP_STACK
348	vmap_stack_overflow_exception
349#endif
350
351/* On the MPC8xx, these next four traps are used for development
352 * support of breakpoints and such.  Someday I will get around to
353 * using them.
354 */
355	START_EXCEPTION(INTERRUPT_DATA_BREAKPOINT_8xx, DataBreakpoint)
356	EXCEPTION_PROLOG_0 handle_dar_dsisr=1
357	mfspr	r11, SPRN_SRR0
358	cmplwi	cr1, r11, (.Ldtlbie - PAGE_OFFSET)@l
359	cmplwi	cr7, r11, (.Litlbie - PAGE_OFFSET)@l
360	cror	4*cr1+eq, 4*cr1+eq, 4*cr7+eq
361	bne	cr1, 1f
362	mtcr	r10
363	mfspr	r10, SPRN_SPRG_SCRATCH0
364	mfspr	r11, SPRN_SPRG_SCRATCH1
365	rfi
366
3671:	EXCEPTION_PROLOG_1
368	EXCEPTION_PROLOG_2 INTERRUPT_DATA_BREAKPOINT_8xx DataBreakpoint handle_dar_dsisr=1
369	mfspr	r4,SPRN_BAR
370	stw	r4,_DAR(r11)
371	prepare_transfer_to_handler
372	bl	do_break
373	REST_NVGPRS(r1)
374	b	interrupt_return
375
376#ifdef CONFIG_PERF_EVENTS
377	START_EXCEPTION(INTERRUPT_INST_BREAKPOINT_8xx, InstructionBreakpoint)
378	mtspr	SPRN_SPRG_SCRATCH0, r10
379	lwz	r10, (instruction_counter - PAGE_OFFSET)@l(0)
380	addi	r10, r10, -1
381	stw	r10, (instruction_counter - PAGE_OFFSET)@l(0)
382	lis	r10, 0xffff
383	ori	r10, r10, 0x01
384	mtspr	SPRN_COUNTA, r10
385	mfspr	r10, SPRN_SPRG_SCRATCH0
386	rfi
387#else
388	EXCEPTION(INTERRUPT_INST_BREAKPOINT_8xx, Trap_1d, unknown_exception)
389#endif
390	EXCEPTION(0x1e00, Trap_1e, unknown_exception)
391	EXCEPTION(0x1f00, Trap_1f, unknown_exception)
392
393	__HEAD
394	. = 0x2000
395
396/* This is the procedure to calculate the data EA for buggy dcbx,dcbi instructions
397 * by decoding the registers used by the dcbx instruction and adding them.
398 * DAR is set to the calculated address.
399 */
400FixupDAR:/* Entry point for dcbx workaround. */
401	mtspr	SPRN_M_TW, r10
402	/* fetch instruction from memory. */
403	mfspr	r10, SPRN_SRR0
404	mtspr	SPRN_MD_EPN, r10
405	rlwinm	r11, r10, 16, 0xfff8
406	cmpli	cr1, r11, PAGE_OFFSET@h
407	mfspr	r11, SPRN_M_TWB	/* Get level 1 table */
408	blt+	cr1, 3f
409
410	/* create physical page address from effective address */
411	tophys(r11, r10)
412	mfspr	r11, SPRN_M_TWB	/* Get level 1 table */
413	rlwinm	r11, r11, 0, 20, 31
414	oris	r11, r11, (swapper_pg_dir - PAGE_OFFSET)@ha
4153:
416	lwz	r11, (swapper_pg_dir-PAGE_OFFSET)@l(r11)	/* Get the level 1 entry */
417	mtspr	SPRN_MD_TWC, r11
418	mtcrf	0x01, r11
419	mfspr	r11, SPRN_MD_TWC
420	lwz	r11, 0(r11)	/* Get the pte */
421	bt	28,200f		/* bit 28 = Large page (8M) */
422	/* concat physical page address(r11) and page offset(r10) */
423	rlwimi	r11, r10, 0, 32 - PAGE_SHIFT, 31
424201:	lwz	r11,0(r11)
425/* Check if it really is a dcbx instruction. */
426/* dcbt and dcbtst does not generate DTLB Misses/Errors,
427 * no need to include them here */
428	xoris	r10, r11, 0x7c00	/* check if major OP code is 31 */
429	rlwinm	r10, r10, 0, 21, 5
430	cmpwi	cr1, r10, 2028	/* Is dcbz? */
431	beq+	cr1, 142f
432	cmpwi	cr1, r10, 940	/* Is dcbi? */
433	beq+	cr1, 142f
434	cmpwi	cr1, r10, 108	/* Is dcbst? */
435	beq+	cr1, 144f		/* Fix up store bit! */
436	cmpwi	cr1, r10, 172	/* Is dcbf? */
437	beq+	cr1, 142f
438	cmpwi	cr1, r10, 1964	/* Is icbi? */
439	beq+	cr1, 142f
440141:	mfspr	r10,SPRN_M_TW
441	b	DARFixed	/* Nope, go back to normal TLB processing */
442
443200:
444	/* concat physical page address(r11) and page offset(r10) */
445	rlwimi	r11, r10, 0, 32 - PAGE_SHIFT_8M, 31
446	b	201b
447
448144:	mfspr	r10, SPRN_DSISR
449	rlwinm	r10, r10,0,7,5	/* Clear store bit for buggy dcbst insn */
450	mtspr	SPRN_DSISR, r10
451142:	/* continue, it was a dcbx, dcbi instruction. */
452	mfctr	r10
453	mtdar	r10			/* save ctr reg in DAR */
454	rlwinm	r10, r11, 24, 24, 28	/* offset into jump table for reg RB */
455	addi	r10, r10, 150f@l	/* add start of table */
456	mtctr	r10			/* load ctr with jump address */
457	xor	r10, r10, r10		/* sum starts at zero */
458	bctr				/* jump into table */
459150:
460	add	r10, r10, r0	;b	151f
461	add	r10, r10, r1	;b	151f
462	add	r10, r10, r2	;b	151f
463	add	r10, r10, r3	;b	151f
464	add	r10, r10, r4	;b	151f
465	add	r10, r10, r5	;b	151f
466	add	r10, r10, r6	;b	151f
467	add	r10, r10, r7	;b	151f
468	add	r10, r10, r8	;b	151f
469	add	r10, r10, r9	;b	151f
470	mtctr	r11	;b	154f	/* r10 needs special handling */
471	mtctr	r11	;b	153f	/* r11 needs special handling */
472	add	r10, r10, r12	;b	151f
473	add	r10, r10, r13	;b	151f
474	add	r10, r10, r14	;b	151f
475	add	r10, r10, r15	;b	151f
476	add	r10, r10, r16	;b	151f
477	add	r10, r10, r17	;b	151f
478	add	r10, r10, r18	;b	151f
479	add	r10, r10, r19	;b	151f
480	add	r10, r10, r20	;b	151f
481	add	r10, r10, r21	;b	151f
482	add	r10, r10, r22	;b	151f
483	add	r10, r10, r23	;b	151f
484	add	r10, r10, r24	;b	151f
485	add	r10, r10, r25	;b	151f
486	add	r10, r10, r26	;b	151f
487	add	r10, r10, r27	;b	151f
488	add	r10, r10, r28	;b	151f
489	add	r10, r10, r29	;b	151f
490	add	r10, r10, r30	;b	151f
491	add	r10, r10, r31
492151:
493	rlwinm	r11,r11,19,24,28	/* offset into jump table for reg RA */
494	cmpwi	cr1, r11, 0
495	beq	cr1, 152f		/* if reg RA is zero, don't add it */
496	addi	r11, r11, 150b@l	/* add start of table */
497	mtctr	r11			/* load ctr with jump address */
498	rlwinm	r11,r11,0,16,10		/* make sure we don't execute this more than once */
499	bctr				/* jump into table */
500152:
501	mfdar	r11
502	mtctr	r11			/* restore ctr reg from DAR */
503	mfspr	r11, SPRN_SPRG_THREAD
504	stw	r10, DAR(r11)
505	mfspr	r10, SPRN_DSISR
506	stw	r10, DSISR(r11)
507	mfspr	r10,SPRN_M_TW
508	b	DARFixed		/* Go back to normal TLB handling */
509
510	/* special handling for r10,r11 since these are modified already */
511153:	mfspr	r11, SPRN_SPRG_SCRATCH1	/* load r11 from SPRN_SPRG_SCRATCH1 */
512	add	r10, r10, r11	/* add it */
513	mfctr	r11		/* restore r11 */
514	b	151b
515154:	mfspr	r11, SPRN_SPRG_SCRATCH0	/* load r10 from SPRN_SPRG_SCRATCH0 */
516	add	r10, r10, r11	/* add it */
517	mfctr	r11		/* restore r11 */
518	b	151b
519
520/*
521 * This is where the main kernel code starts.
522 */
523start_here:
524	/* ptr to current */
525	lis	r2,init_task@h
526	ori	r2,r2,init_task@l
527
528	/* ptr to phys current thread */
529	tophys(r4,r2)
530	addi	r4,r4,THREAD	/* init task's THREAD */
531	mtspr	SPRN_SPRG_THREAD,r4
532
533	/* stack */
534	lis	r1,init_thread_union@ha
535	addi	r1,r1,init_thread_union@l
536	lis	r0, STACK_END_MAGIC@h
537	ori	r0, r0, STACK_END_MAGIC@l
538	stw	r0, 0(r1)
539	li	r0,0
540	stwu	r0,THREAD_SIZE-STACK_FRAME_OVERHEAD(r1)
541
542	lis	r6, swapper_pg_dir@ha
543	tophys(r6,r6)
544	mtspr	SPRN_M_TWB, r6
545
546	bl	early_init	/* We have to do this with MMU on */
547
548/*
549 * Decide what sort of machine this is and initialize the MMU.
550 */
551#ifdef CONFIG_KASAN
552	bl	kasan_early_init
553#endif
554	li	r3,0
555	mr	r4,r31
556	bl	machine_init
557	bl	MMU_init
558
559/*
560 * Go back to running unmapped so we can load up new values
561 * and change to using our exception vectors.
562 * On the 8xx, all we have to do is invalidate the TLB to clear
563 * the old 8M byte TLB mappings and load the page table base register.
564 */
565	/* The right way to do this would be to track it down through
566	 * init's THREAD like the context switch code does, but this is
567	 * easier......until someone changes init's static structures.
568	 */
569	lis	r4,2f@h
570	ori	r4,r4,2f@l
571	tophys(r4,r4)
572	li	r3,MSR_KERNEL & ~(MSR_IR|MSR_DR)
573	mtspr	SPRN_SRR0,r4
574	mtspr	SPRN_SRR1,r3
575	rfi
576/* Load up the kernel context */
5772:
578#ifdef CONFIG_PIN_TLB_IMMR
579	lis	r0, MD_TWAM@h
580	oris	r0, r0, 0x1f00
581	mtspr	SPRN_MD_CTR, r0
582	LOAD_REG_IMMEDIATE(r0, VIRT_IMMR_BASE | MD_EVALID)
583	tlbie	r0
584	mtspr	SPRN_MD_EPN, r0
585	LOAD_REG_IMMEDIATE(r0, MD_SVALID | MD_PS512K | MD_GUARDED)
586	mtspr	SPRN_MD_TWC, r0
587	mfspr   r0, SPRN_IMMR
588	rlwinm	r0, r0, 0, 0xfff80000
589	ori	r0, r0, 0xf0 | _PAGE_DIRTY | _PAGE_SPS | _PAGE_SH | \
590			_PAGE_NO_CACHE | _PAGE_PRESENT
591	mtspr	SPRN_MD_RPN, r0
592	lis	r0, (MD_TWAM | MD_RSV4I)@h
593	mtspr	SPRN_MD_CTR, r0
594#endif
595#if !defined(CONFIG_PIN_TLB_DATA) && !defined(CONFIG_PIN_TLB_IMMR)
596	lis	r0, MD_TWAM@h
597	mtspr	SPRN_MD_CTR, r0
598#endif
599	tlbia			/* Clear all TLB entries */
600	sync			/* wait for tlbia/tlbie to finish */
601
602	/* set up the PTE pointers for the Abatron bdiGDB.
603	*/
604	lis	r5, abatron_pteptrs@h
605	ori	r5, r5, abatron_pteptrs@l
606	stw	r5, 0xf0(0)	/* Must match your Abatron config file */
607	tophys(r5,r5)
608	lis	r6, swapper_pg_dir@h
609	ori	r6, r6, swapper_pg_dir@l
610	stw	r6, 0(r5)
611
612/* Now turn on the MMU for real! */
613	li	r4,MSR_KERNEL
614	lis	r3,start_kernel@h
615	ori	r3,r3,start_kernel@l
616	mtspr	SPRN_SRR0,r3
617	mtspr	SPRN_SRR1,r4
618	rfi			/* enable MMU and jump to start_kernel */
619
620/* Set up the initial MMU state so we can do the first level of
621 * kernel initialization.  This maps the first 8 MBytes of memory 1:1
622 * virtual to physical.  Also, set the cache mode since that is defined
623 * by TLB entries and perform any additional mapping (like of the IMMR).
624 * If configured to pin some TLBs, we pin the first 8 Mbytes of kernel,
625 * 24 Mbytes of data, and the 512k IMMR space.  Anything not covered by
626 * these mappings is mapped by page tables.
627 */
628initial_mmu:
629	li	r8, 0
630	mtspr	SPRN_MI_CTR, r8		/* remove PINNED ITLB entries */
631	lis	r10, MD_TWAM@h
632	mtspr	SPRN_MD_CTR, r10	/* remove PINNED DTLB entries */
633
634	tlbia			/* Invalidate all TLB entries */
635
636	lis	r8, MI_APG_INIT@h	/* Set protection modes */
637	ori	r8, r8, MI_APG_INIT@l
638	mtspr	SPRN_MI_AP, r8
639	lis	r8, MD_APG_INIT@h
640	ori	r8, r8, MD_APG_INIT@l
641	mtspr	SPRN_MD_AP, r8
642
643	/* Map the lower RAM (up to 32 Mbytes) into the ITLB and DTLB */
644	lis	r8, MI_RSV4I@h
645	ori	r8, r8, 0x1c00
646	oris	r12, r10, MD_RSV4I@h
647	ori	r12, r12, 0x1c00
648	li	r9, 4				/* up to 4 pages of 8M */
649	mtctr	r9
650	lis	r9, KERNELBASE@h		/* Create vaddr for TLB */
651	li	r10, MI_PS8MEG | _PMD_ACCESSED | MI_SVALID
652	li	r11, MI_BOOTINIT		/* Create RPN for address 0 */
6531:
654	mtspr	SPRN_MI_CTR, r8	/* Set instruction MMU control */
655	addi	r8, r8, 0x100
656	ori	r0, r9, MI_EVALID		/* Mark it valid */
657	mtspr	SPRN_MI_EPN, r0
658	mtspr	SPRN_MI_TWC, r10
659	mtspr	SPRN_MI_RPN, r11		/* Store TLB entry */
660	mtspr	SPRN_MD_CTR, r12
661	addi	r12, r12, 0x100
662	mtspr	SPRN_MD_EPN, r0
663	mtspr	SPRN_MD_TWC, r10
664	mtspr	SPRN_MD_RPN, r11
665	addis	r9, r9, 0x80
666	addis	r11, r11, 0x80
667
668	bdnz	1b
669
670	/* Since the cache is enabled according to the information we
671	 * just loaded into the TLB, invalidate and enable the caches here.
672	 * We should probably check/set other modes....later.
673	 */
674	lis	r8, IDC_INVALL@h
675	mtspr	SPRN_IC_CST, r8
676	mtspr	SPRN_DC_CST, r8
677	lis	r8, IDC_ENABLE@h
678	mtspr	SPRN_IC_CST, r8
679	mtspr	SPRN_DC_CST, r8
680	/* Disable debug mode entry on breakpoints */
681	mfspr	r8, SPRN_DER
682#ifdef CONFIG_PERF_EVENTS
683	rlwinm	r8, r8, 0, ~0xc
684#else
685	rlwinm	r8, r8, 0, ~0x8
686#endif
687	mtspr	SPRN_DER, r8
688	blr
689
690_GLOBAL(mmu_pin_tlb)
691	lis	r9, (1f - PAGE_OFFSET)@h
692	ori	r9, r9, (1f - PAGE_OFFSET)@l
693	mfmsr	r10
694	mflr	r11
695	li	r12, MSR_KERNEL & ~(MSR_IR | MSR_DR | MSR_RI)
696	rlwinm	r0, r10, 0, ~MSR_RI
697	rlwinm	r0, r0, 0, ~MSR_EE
698	mtmsr	r0
699	isync
700	.align	4
701	mtspr	SPRN_SRR0, r9
702	mtspr	SPRN_SRR1, r12
703	rfi
7041:
705	li	r5, 0
706	lis	r6, MD_TWAM@h
707	mtspr	SPRN_MI_CTR, r5
708	mtspr	SPRN_MD_CTR, r6
709	tlbia
710
711	LOAD_REG_IMMEDIATE(r5, 28 << 8)
712	LOAD_REG_IMMEDIATE(r6, PAGE_OFFSET)
713	LOAD_REG_IMMEDIATE(r7, MI_SVALID | MI_PS8MEG | _PMD_ACCESSED)
714	LOAD_REG_IMMEDIATE(r8, 0xf0 | _PAGE_RO | _PAGE_SPS | _PAGE_SH | _PAGE_PRESENT)
715	LOAD_REG_ADDR(r9, _sinittext)
716	li	r0, 4
717	mtctr	r0
718
7192:	ori	r0, r6, MI_EVALID
720	mtspr	SPRN_MI_CTR, r5
721	mtspr	SPRN_MI_EPN, r0
722	mtspr	SPRN_MI_TWC, r7
723	mtspr	SPRN_MI_RPN, r8
724	addi	r5, r5, 0x100
725	addis	r6, r6, SZ_8M@h
726	addis	r8, r8, SZ_8M@h
727	cmplw	r6, r9
728	bdnzt	lt, 2b
729	lis	r0, MI_RSV4I@h
730	mtspr	SPRN_MI_CTR, r0
731
732	LOAD_REG_IMMEDIATE(r5, 28 << 8 | MD_TWAM)
733#ifdef CONFIG_PIN_TLB_DATA
734	LOAD_REG_IMMEDIATE(r6, PAGE_OFFSET)
735	LOAD_REG_IMMEDIATE(r7, MI_SVALID | MI_PS8MEG | _PMD_ACCESSED)
736#ifdef CONFIG_PIN_TLB_IMMR
737	li	r0, 3
738#else
739	li	r0, 4
740#endif
741	mtctr	r0
742	cmpwi	r4, 0
743	beq	4f
744	LOAD_REG_IMMEDIATE(r8, 0xf0 | _PAGE_RO | _PAGE_SPS | _PAGE_SH | _PAGE_PRESENT)
745	LOAD_REG_ADDR(r9, _sinittext)
746
7472:	ori	r0, r6, MD_EVALID
748	mtspr	SPRN_MD_CTR, r5
749	mtspr	SPRN_MD_EPN, r0
750	mtspr	SPRN_MD_TWC, r7
751	mtspr	SPRN_MD_RPN, r8
752	addi	r5, r5, 0x100
753	addis	r6, r6, SZ_8M@h
754	addis	r8, r8, SZ_8M@h
755	cmplw	r6, r9
756	bdnzt	lt, 2b
757
7584:	LOAD_REG_IMMEDIATE(r8, 0xf0 | _PAGE_SPS | _PAGE_SH | _PAGE_PRESENT)
7592:	ori	r0, r6, MD_EVALID
760	mtspr	SPRN_MD_CTR, r5
761	mtspr	SPRN_MD_EPN, r0
762	mtspr	SPRN_MD_TWC, r7
763	mtspr	SPRN_MD_RPN, r8
764	addi	r5, r5, 0x100
765	addis	r6, r6, SZ_8M@h
766	addis	r8, r8, SZ_8M@h
767	cmplw	r6, r3
768	bdnzt	lt, 2b
769#endif
770#ifdef CONFIG_PIN_TLB_IMMR
771	LOAD_REG_IMMEDIATE(r0, VIRT_IMMR_BASE | MD_EVALID)
772	LOAD_REG_IMMEDIATE(r7, MD_SVALID | MD_PS512K | MD_GUARDED | _PMD_ACCESSED)
773	mfspr   r8, SPRN_IMMR
774	rlwinm	r8, r8, 0, 0xfff80000
775	ori	r8, r8, 0xf0 | _PAGE_DIRTY | _PAGE_SPS | _PAGE_SH | \
776			_PAGE_NO_CACHE | _PAGE_PRESENT
777	mtspr	SPRN_MD_CTR, r5
778	mtspr	SPRN_MD_EPN, r0
779	mtspr	SPRN_MD_TWC, r7
780	mtspr	SPRN_MD_RPN, r8
781#endif
782#if defined(CONFIG_PIN_TLB_IMMR) || defined(CONFIG_PIN_TLB_DATA)
783	lis	r0, (MD_RSV4I | MD_TWAM)@h
784	mtspr	SPRN_MI_CTR, r0
785#endif
786	mtspr	SPRN_SRR1, r10
787	mtspr	SPRN_SRR0, r11
788	rfi
789
790/*
791 * We put a few things here that have to be page-aligned.
792 * This stuff goes at the beginning of the data segment,
793 * which is page-aligned.
794 */
795	.data
796	.globl	sdata
797sdata:
798	.globl	empty_zero_page
799	.align	PAGE_SHIFT
800empty_zero_page:
801	.space	PAGE_SIZE
802EXPORT_SYMBOL(empty_zero_page)
803
804	.globl	swapper_pg_dir
805swapper_pg_dir:
806	.space	PGD_TABLE_SIZE
807
808/* Room for two PTE table pointers, usually the kernel and current user
809 * pointer to their respective root page table (pgdir).
810 */
811	.globl	abatron_pteptrs
812abatron_pteptrs:
813	.space	8
814