xref: /openbmc/linux/arch/powerpc/kernel/head_8xx.S (revision c819e2cf)
1/*
2 *  PowerPC version
3 *    Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
4 *  Rewritten by Cort Dougan (cort@cs.nmt.edu) for PReP
5 *    Copyright (C) 1996 Cort Dougan <cort@cs.nmt.edu>
6 *  Low-level exception handlers and MMU support
7 *  rewritten by Paul Mackerras.
8 *    Copyright (C) 1996 Paul Mackerras.
9 *  MPC8xx modifications by Dan Malek
10 *    Copyright (C) 1997 Dan Malek (dmalek@jlc.net).
11 *
12 *  This file contains low-level support and setup for PowerPC 8xx
13 *  embedded processors, including trap and interrupt dispatch.
14 *
15 *  This program is free software; you can redistribute it and/or
16 *  modify it under the terms of the GNU General Public License
17 *  as published by the Free Software Foundation; either version
18 *  2 of the License, or (at your option) any later version.
19 *
20 */
21
22#include <linux/init.h>
23#include <asm/processor.h>
24#include <asm/page.h>
25#include <asm/mmu.h>
26#include <asm/cache.h>
27#include <asm/pgtable.h>
28#include <asm/cputable.h>
29#include <asm/thread_info.h>
30#include <asm/ppc_asm.h>
31#include <asm/asm-offsets.h>
32#include <asm/ptrace.h>
33
34/* Macro to make the code more readable. */
35#ifdef CONFIG_8xx_CPU6
36#define SPRN_MI_TWC_ADDR	0x2b80
37#define SPRN_MI_RPN_ADDR	0x2d80
38#define SPRN_MD_TWC_ADDR	0x3b80
39#define SPRN_MD_RPN_ADDR	0x3d80
40
41#define MTSPR_CPU6(spr, reg, treg)	\
42	li	treg, spr##_ADDR;	\
43	stw	treg, 12(r0);		\
44	lwz	treg, 12(r0);		\
45	mtspr	spr, reg
46#else
47#define MTSPR_CPU6(spr, reg, treg)	\
48	mtspr	spr, reg
49#endif
50
51/*
52 * Value for the bits that have fixed value in RPN entries.
53 * Also used for tagging DAR for DTLBerror.
54 */
55#ifdef CONFIG_PPC_16K_PAGES
56#define RPN_PATTERN	(0x00f0 | MD_SPS16K)
57#else
58#define RPN_PATTERN	0x00f0
59#endif
60
61	__HEAD
62_ENTRY(_stext);
63_ENTRY(_start);
64
65/* MPC8xx
66 * This port was done on an MBX board with an 860.  Right now I only
67 * support an ELF compressed (zImage) boot from EPPC-Bug because the
68 * code there loads up some registers before calling us:
69 *   r3: ptr to board info data
70 *   r4: initrd_start or if no initrd then 0
71 *   r5: initrd_end - unused if r4 is 0
72 *   r6: Start of command line string
73 *   r7: End of command line string
74 *
75 * I decided to use conditional compilation instead of checking PVR and
76 * adding more processor specific branches around code I don't need.
77 * Since this is an embedded processor, I also appreciate any memory
78 * savings I can get.
79 *
80 * The MPC8xx does not have any BATs, but it supports large page sizes.
81 * We first initialize the MMU to support 8M byte pages, then load one
82 * entry into each of the instruction and data TLBs to map the first
83 * 8M 1:1.  I also mapped an additional I/O space 1:1 so we can get to
84 * the "internal" processor registers before MMU_init is called.
85 *
86 *	-- Dan
87 */
88	.globl	__start
89__start:
90	mr	r31,r3			/* save device tree ptr */
91
92	/* We have to turn on the MMU right away so we get cache modes
93	 * set correctly.
94	 */
95	bl	initial_mmu
96
97/* We now have the lower 8 Meg mapped into TLB entries, and the caches
98 * ready to work.
99 */
100
101turn_on_mmu:
102	mfmsr	r0
103	ori	r0,r0,MSR_DR|MSR_IR
104	mtspr	SPRN_SRR1,r0
105	lis	r0,start_here@h
106	ori	r0,r0,start_here@l
107	mtspr	SPRN_SRR0,r0
108	SYNC
109	rfi				/* enables MMU */
110
111/*
112 * Exception entry code.  This code runs with address translation
113 * turned off, i.e. using physical addresses.
114 * We assume sprg3 has the physical address of the current
115 * task's thread_struct.
116 */
117#define EXCEPTION_PROLOG	\
118	EXCEPTION_PROLOG_0;	\
119	EXCEPTION_PROLOG_1;	\
120	EXCEPTION_PROLOG_2
121
122#define EXCEPTION_PROLOG_0	\
123	mtspr	SPRN_SPRG_SCRATCH0,r10;	\
124	mtspr	SPRN_SPRG_SCRATCH1,r11;	\
125	mfcr	r10
126
127#define EXCEPTION_PROLOG_1	\
128	mfspr	r11,SPRN_SRR1;		/* check whether user or kernel */ \
129	andi.	r11,r11,MSR_PR;	\
130	tophys(r11,r1);			/* use tophys(r1) if kernel */ \
131	beq	1f;		\
132	mfspr	r11,SPRN_SPRG_THREAD;	\
133	lwz	r11,THREAD_INFO-THREAD(r11);	\
134	addi	r11,r11,THREAD_SIZE;	\
135	tophys(r11,r11);	\
1361:	subi	r11,r11,INT_FRAME_SIZE	/* alloc exc. frame */
137
138
139#define EXCEPTION_PROLOG_2	\
140	CLR_TOP32(r11);		\
141	stw	r10,_CCR(r11);		/* save registers */ \
142	stw	r12,GPR12(r11);	\
143	stw	r9,GPR9(r11);	\
144	mfspr	r10,SPRN_SPRG_SCRATCH0;	\
145	stw	r10,GPR10(r11);	\
146	mfspr	r12,SPRN_SPRG_SCRATCH1;	\
147	stw	r12,GPR11(r11);	\
148	mflr	r10;		\
149	stw	r10,_LINK(r11);	\
150	mfspr	r12,SPRN_SRR0;	\
151	mfspr	r9,SPRN_SRR1;	\
152	stw	r1,GPR1(r11);	\
153	stw	r1,0(r11);	\
154	tovirt(r1,r11);			/* set new kernel sp */	\
155	li	r10,MSR_KERNEL & ~(MSR_IR|MSR_DR); /* can take exceptions */ \
156	MTMSRD(r10);			/* (except for mach check in rtas) */ \
157	stw	r0,GPR0(r11);	\
158	SAVE_4GPRS(3, r11);	\
159	SAVE_2GPRS(7, r11)
160
161/*
162 * Exception exit code.
163 */
164#define EXCEPTION_EPILOG_0	\
165	mtcr	r10;		\
166	mfspr	r10,SPRN_SPRG_SCRATCH0;	\
167	mfspr	r11,SPRN_SPRG_SCRATCH1
168
169/*
170 * Note: code which follows this uses cr0.eq (set if from kernel),
171 * r11, r12 (SRR0), and r9 (SRR1).
172 *
173 * Note2: once we have set r1 we are in a position to take exceptions
174 * again, and we could thus set MSR:RI at that point.
175 */
176
177/*
178 * Exception vectors.
179 */
180#define EXCEPTION(n, label, hdlr, xfer)		\
181	. = n;					\
182label:						\
183	EXCEPTION_PROLOG;			\
184	addi	r3,r1,STACK_FRAME_OVERHEAD;	\
185	xfer(n, hdlr)
186
187#define EXC_XFER_TEMPLATE(n, hdlr, trap, copyee, tfer, ret)	\
188	li	r10,trap;					\
189	stw	r10,_TRAP(r11);					\
190	li	r10,MSR_KERNEL;					\
191	copyee(r10, r9);					\
192	bl	tfer;						\
193i##n:								\
194	.long	hdlr;						\
195	.long	ret
196
197#define COPY_EE(d, s)		rlwimi d,s,0,16,16
198#define NOCOPY(d, s)
199
200#define EXC_XFER_STD(n, hdlr)		\
201	EXC_XFER_TEMPLATE(n, hdlr, n, NOCOPY, transfer_to_handler_full,	\
202			  ret_from_except_full)
203
204#define EXC_XFER_LITE(n, hdlr)		\
205	EXC_XFER_TEMPLATE(n, hdlr, n+1, NOCOPY, transfer_to_handler, \
206			  ret_from_except)
207
208#define EXC_XFER_EE(n, hdlr)		\
209	EXC_XFER_TEMPLATE(n, hdlr, n, COPY_EE, transfer_to_handler_full, \
210			  ret_from_except_full)
211
212#define EXC_XFER_EE_LITE(n, hdlr)	\
213	EXC_XFER_TEMPLATE(n, hdlr, n+1, COPY_EE, transfer_to_handler, \
214			  ret_from_except)
215
216/* System reset */
217	EXCEPTION(0x100, Reset, unknown_exception, EXC_XFER_STD)
218
219/* Machine check */
220	. = 0x200
221MachineCheck:
222	EXCEPTION_PROLOG
223	mfspr r4,SPRN_DAR
224	stw r4,_DAR(r11)
225	li r5,RPN_PATTERN
226	mtspr SPRN_DAR,r5	/* Tag DAR, to be used in DTLB Error */
227	mfspr r5,SPRN_DSISR
228	stw r5,_DSISR(r11)
229	addi r3,r1,STACK_FRAME_OVERHEAD
230	EXC_XFER_STD(0x200, machine_check_exception)
231
232/* Data access exception.
233 * This is "never generated" by the MPC8xx.
234 */
235	. = 0x300
236DataAccess:
237
238/* Instruction access exception.
239 * This is "never generated" by the MPC8xx.
240 */
241	. = 0x400
242InstructionAccess:
243
244/* External interrupt */
245	EXCEPTION(0x500, HardwareInterrupt, do_IRQ, EXC_XFER_LITE)
246
247/* Alignment exception */
248	. = 0x600
249Alignment:
250	EXCEPTION_PROLOG
251	mfspr	r4,SPRN_DAR
252	stw	r4,_DAR(r11)
253	li	r5,RPN_PATTERN
254	mtspr	SPRN_DAR,r5	/* Tag DAR, to be used in DTLB Error */
255	mfspr	r5,SPRN_DSISR
256	stw	r5,_DSISR(r11)
257	addi	r3,r1,STACK_FRAME_OVERHEAD
258	EXC_XFER_EE(0x600, alignment_exception)
259
260/* Program check exception */
261	EXCEPTION(0x700, ProgramCheck, program_check_exception, EXC_XFER_STD)
262
263/* No FPU on MPC8xx.  This exception is not supposed to happen.
264*/
265	EXCEPTION(0x800, FPUnavailable, unknown_exception, EXC_XFER_STD)
266
267/* Decrementer */
268	EXCEPTION(0x900, Decrementer, timer_interrupt, EXC_XFER_LITE)
269
270	EXCEPTION(0xa00, Trap_0a, unknown_exception, EXC_XFER_EE)
271	EXCEPTION(0xb00, Trap_0b, unknown_exception, EXC_XFER_EE)
272
273/* System call */
274	. = 0xc00
275SystemCall:
276	EXCEPTION_PROLOG
277	EXC_XFER_EE_LITE(0xc00, DoSyscall)
278
279/* Single step - not used on 601 */
280	EXCEPTION(0xd00, SingleStep, single_step_exception, EXC_XFER_STD)
281	EXCEPTION(0xe00, Trap_0e, unknown_exception, EXC_XFER_EE)
282	EXCEPTION(0xf00, Trap_0f, unknown_exception, EXC_XFER_EE)
283
284/* On the MPC8xx, this is a software emulation interrupt.  It occurs
285 * for all unimplemented and illegal instructions.
286 */
287	EXCEPTION(0x1000, SoftEmu, SoftwareEmulation, EXC_XFER_STD)
288
289	. = 0x1100
290/*
291 * For the MPC8xx, this is a software tablewalk to load the instruction
292 * TLB.  The task switch loads the M_TW register with the pointer to the first
293 * level table.
294 * If we discover there is no second level table (value is zero) or if there
295 * is an invalid pte, we load that into the TLB, which causes another fault
296 * into the TLB Error interrupt where we can handle such problems.
297 * We have to use the MD_xxx registers for the tablewalk because the
298 * equivalent MI_xxx registers only perform the attribute functions.
299 */
300InstructionTLBMiss:
301#ifdef CONFIG_8xx_CPU6
302	mtspr	SPRN_DAR, r3
303#endif
304	EXCEPTION_PROLOG_0
305	mtspr	SPRN_SPRG_SCRATCH2, r10
306	mfspr	r10, SPRN_SRR0	/* Get effective address of fault */
307#ifdef CONFIG_8xx_CPU15
308	addi	r11, r10, PAGE_SIZE
309	tlbie	r11
310	addi	r11, r10, -PAGE_SIZE
311	tlbie	r11
312#endif
313
314	/* If we are faulting a kernel address, we have to use the
315	 * kernel page tables.
316	 */
317#ifdef CONFIG_MODULES
318	/* Only modules will cause ITLB Misses as we always
319	 * pin the first 8MB of kernel memory */
320	andis.	r11, r10, 0x8000	/* Address >= 0x80000000 */
321#endif
322	mfspr	r11, SPRN_M_TW	/* Get level 1 table base address */
323#ifdef CONFIG_MODULES
324	beq	3f
325	lis	r11, (swapper_pg_dir-PAGE_OFFSET)@h
326	ori	r11, r11, (swapper_pg_dir-PAGE_OFFSET)@l
3273:
328#endif
329	/* Extract level 1 index */
330	rlwinm	r10, r10, 32 - ((PAGE_SHIFT - 2) << 1), (PAGE_SHIFT - 2) << 1, 29
331	lwzx	r11, r10, r11	/* Get the level 1 entry */
332	rlwinm.	r10, r11,0,0,19	/* Extract page descriptor page address */
333	beq	2f		/* If zero, don't try to find a pte */
334
335	/* We have a pte table, so load the MI_TWC with the attributes
336	 * for this "segment."
337	 */
338	MTSPR_CPU6(SPRN_MI_TWC, r11, r3)	/* Set segment attributes */
339	mfspr	r11, SPRN_SRR0	/* Get effective address of fault */
340	/* Extract level 2 index */
341	rlwinm	r11, r11, 32 - (PAGE_SHIFT - 2), 32 - PAGE_SHIFT, 29
342	lwzx	r10, r10, r11	/* Get the pte */
343
344#ifdef CONFIG_SWAP
345	andi.	r11, r10, _PAGE_ACCESSED | _PAGE_PRESENT
346	cmpwi	cr0, r11, _PAGE_ACCESSED | _PAGE_PRESENT
347	li	r11, RPN_PATTERN
348	bne-	cr0, 2f
349#else
350	li	r11, RPN_PATTERN
351#endif
352	/* The Linux PTE won't go exactly into the MMU TLB.
353	 * Software indicator bits 21 and 28 must be clear.
354	 * Software indicator bits 24, 25, 26, and 27 must be
355	 * set.  All other Linux PTE bits control the behavior
356	 * of the MMU.
357	 */
358	rlwimi	r10, r11, 0, 0x07f8	/* Set 24-27, clear 21-23,28 */
359	MTSPR_CPU6(SPRN_MI_RPN, r10, r3)	/* Update TLB entry */
360
361	/* Restore registers */
362#ifdef CONFIG_8xx_CPU6
363	mfspr	r3, SPRN_DAR
364	mtspr	SPRN_DAR, r11	/* Tag DAR */
365#endif
366	mfspr	r10, SPRN_SPRG_SCRATCH2
367	EXCEPTION_EPILOG_0
368	rfi
3692:
370	mfspr	r10, SPRN_SRR1
371	/* clear all error bits as TLB Miss
372	 * sets a few unconditionally
373	*/
374	rlwinm	r10, r10, 0, 0xffff
375	mtspr	SPRN_SRR1, r10
376
377	/* Restore registers */
378#ifdef CONFIG_8xx_CPU6
379	mfspr	r3, SPRN_DAR
380	mtspr	SPRN_DAR, r11	/* Tag DAR */
381#endif
382	mfspr	r10, SPRN_SPRG_SCRATCH2
383	b	InstructionTLBError1
384
385	. = 0x1200
386DataStoreTLBMiss:
387#ifdef CONFIG_8xx_CPU6
388	mtspr	SPRN_DAR, r3
389#endif
390	EXCEPTION_PROLOG_0
391	mtspr	SPRN_SPRG_SCRATCH2, r10
392	mfspr	r10, SPRN_MD_EPN
393
394	/* If we are faulting a kernel address, we have to use the
395	 * kernel page tables.
396	 */
397	andis.	r11, r10, 0x8000
398	mfspr	r11, SPRN_M_TW	/* Get level 1 table base address */
399	beq	3f
400	lis	r11, (swapper_pg_dir-PAGE_OFFSET)@h
401	ori	r11, r11, (swapper_pg_dir-PAGE_OFFSET)@l
4023:
403	/* Extract level 1 index */
404	rlwinm	r10, r10, 32 - ((PAGE_SHIFT - 2) << 1), (PAGE_SHIFT - 2) << 1, 29
405	lwzx	r11, r10, r11	/* Get the level 1 entry */
406	rlwinm.	r10, r11,0,0,19	/* Extract page descriptor page address */
407	beq	2f		/* If zero, don't try to find a pte */
408
409	/* We have a pte table, so load fetch the pte from the table.
410	 */
411	mfspr	r10, SPRN_MD_EPN	/* Get address of fault */
412	/* Extract level 2 index */
413	rlwinm	r10, r10, 32 - (PAGE_SHIFT - 2), 32 - PAGE_SHIFT, 29
414	rlwimi	r10, r11, 0, 0, 32 - PAGE_SHIFT - 1	/* Add level 2 base */
415	lwz	r10, 0(r10)	/* Get the pte */
416
417	/* Insert the Guarded flag into the TWC from the Linux PTE.
418	 * It is bit 27 of both the Linux PTE and the TWC (at least
419	 * I got that right :-).  It will be better when we can put
420	 * this into the Linux pgd/pmd and load it in the operation
421	 * above.
422	 */
423	rlwimi	r11, r10, 0, 27, 27
424	/* Insert the WriteThru flag into the TWC from the Linux PTE.
425	 * It is bit 25 in the Linux PTE and bit 30 in the TWC
426	 */
427	rlwimi	r11, r10, 32-5, 30, 30
428	MTSPR_CPU6(SPRN_MD_TWC, r11, r3)
429
430	/* Both _PAGE_ACCESSED and _PAGE_PRESENT has to be set.
431	 * We also need to know if the insn is a load/store, so:
432	 * Clear _PAGE_PRESENT and load that which will
433	 * trap into DTLB Error with store bit set accordinly.
434	 */
435	/* PRESENT=0x1, ACCESSED=0x20
436	 * r11 = ((r10 & PRESENT) & ((r10 & ACCESSED) >> 5));
437	 * r10 = (r10 & ~PRESENT) | r11;
438	 */
439#ifdef CONFIG_SWAP
440	rlwinm	r11, r10, 32-5, _PAGE_PRESENT
441	and	r11, r11, r10
442	rlwimi	r10, r11, 0, _PAGE_PRESENT
443#endif
444	/* invert RW */
445	xori	r10, r10, _PAGE_RW
446
447	/* The Linux PTE won't go exactly into the MMU TLB.
448	 * Software indicator bits 22 and 28 must be clear.
449	 * Software indicator bits 24, 25, 26, and 27 must be
450	 * set.  All other Linux PTE bits control the behavior
451	 * of the MMU.
452	 */
4532:	li	r11, RPN_PATTERN
454	rlwimi	r10, r11, 0, 24, 28	/* Set 24-27, clear 28 */
455	MTSPR_CPU6(SPRN_MD_RPN, r10, r3)	/* Update TLB entry */
456
457	/* Restore registers */
458#ifdef CONFIG_8xx_CPU6
459	mfspr	r3, SPRN_DAR
460#endif
461	mtspr	SPRN_DAR, r11	/* Tag DAR */
462	mfspr	r10, SPRN_SPRG_SCRATCH2
463	EXCEPTION_EPILOG_0
464	rfi
465
466/* This is an instruction TLB error on the MPC8xx.  This could be due
467 * to many reasons, such as executing guarded memory or illegal instruction
468 * addresses.  There is nothing to do but handle a big time error fault.
469 */
470	. = 0x1300
471InstructionTLBError:
472	EXCEPTION_PROLOG_0
473InstructionTLBError1:
474	EXCEPTION_PROLOG_1
475	EXCEPTION_PROLOG_2
476	mr	r4,r12
477	mr	r5,r9
478	andis.	r10,r5,0x4000
479	beq+	1f
480	tlbie	r4
481	/* 0x400 is InstructionAccess exception, needed by bad_page_fault() */
4821:	EXC_XFER_LITE(0x400, handle_page_fault)
483
484/* This is the data TLB error on the MPC8xx.  This could be due to
485 * many reasons, including a dirty update to a pte.  We bail out to
486 * a higher level function that can handle it.
487 */
488	. = 0x1400
489DataTLBError:
490	EXCEPTION_PROLOG_0
491
492	mfspr	r11, SPRN_DAR
493	cmpwi	cr0, r11, RPN_PATTERN
494	beq-	FixupDAR	/* must be a buggy dcbX, icbi insn. */
495DARFixed:/* Return from dcbx instruction bug workaround */
496	EXCEPTION_PROLOG_1
497	EXCEPTION_PROLOG_2
498	mfspr	r5,SPRN_DSISR
499	stw	r5,_DSISR(r11)
500	mfspr	r4,SPRN_DAR
501	andis.	r10,r5,0x4000
502	beq+	1f
503	tlbie	r4
5041:	li	r10,RPN_PATTERN
505	mtspr	SPRN_DAR,r10	/* Tag DAR, to be used in DTLB Error */
506	/* 0x300 is DataAccess exception, needed by bad_page_fault() */
507	EXC_XFER_LITE(0x300, handle_page_fault)
508
509	EXCEPTION(0x1500, Trap_15, unknown_exception, EXC_XFER_EE)
510	EXCEPTION(0x1600, Trap_16, unknown_exception, EXC_XFER_EE)
511	EXCEPTION(0x1700, Trap_17, unknown_exception, EXC_XFER_EE)
512	EXCEPTION(0x1800, Trap_18, unknown_exception, EXC_XFER_EE)
513	EXCEPTION(0x1900, Trap_19, unknown_exception, EXC_XFER_EE)
514	EXCEPTION(0x1a00, Trap_1a, unknown_exception, EXC_XFER_EE)
515	EXCEPTION(0x1b00, Trap_1b, unknown_exception, EXC_XFER_EE)
516
517/* On the MPC8xx, these next four traps are used for development
518 * support of breakpoints and such.  Someday I will get around to
519 * using them.
520 */
521	EXCEPTION(0x1c00, Trap_1c, unknown_exception, EXC_XFER_EE)
522	EXCEPTION(0x1d00, Trap_1d, unknown_exception, EXC_XFER_EE)
523	EXCEPTION(0x1e00, Trap_1e, unknown_exception, EXC_XFER_EE)
524	EXCEPTION(0x1f00, Trap_1f, unknown_exception, EXC_XFER_EE)
525
526	. = 0x2000
527
528/* This is the procedure to calculate the data EA for buggy dcbx,dcbi instructions
529 * by decoding the registers used by the dcbx instruction and adding them.
530 * DAR is set to the calculated address.
531 */
532 /* define if you don't want to use self modifying code */
533#define NO_SELF_MODIFYING_CODE
534FixupDAR:/* Entry point for dcbx workaround. */
535#ifdef CONFIG_8xx_CPU6
536	mtspr	SPRN_DAR, r3
537#endif
538	mtspr	SPRN_SPRG_SCRATCH2, r10
539	/* fetch instruction from memory. */
540	mfspr	r10, SPRN_SRR0
541	andis.	r11, r10, 0x8000	/* Address >= 0x80000000 */
542	mfspr	r11, SPRN_M_TW	/* Get level 1 table base address */
543	beq-	3f		/* Branch if user space */
544	lis	r11, (swapper_pg_dir-PAGE_OFFSET)@h
545	ori	r11, r11, (swapper_pg_dir-PAGE_OFFSET)@l
546	/* Extract level 1 index */
5473:	rlwinm	r10, r10, 32 - ((PAGE_SHIFT - 2) << 1), (PAGE_SHIFT - 2) << 1, 29
548	lwzx	r11, r10, r11	/* Get the level 1 entry */
549	rlwinm	r10, r11,0,0,19	/* Extract page descriptor page address */
550	mfspr	r11, SPRN_SRR0	/* Get effective address of fault */
551	/* Extract level 2 index */
552	rlwinm	r11, r11, 32 - (PAGE_SHIFT - 2), 32 - PAGE_SHIFT, 29
553	lwzx	r11, r10, r11	/* Get the pte */
554#ifdef CONFIG_8xx_CPU6
555	mfspr	r3, SPRN_DAR
556#endif
557	/* concat physical page address(r11) and page offset(r10) */
558	mfspr	r10, SPRN_SRR0
559	rlwimi	r11, r10, 0, 32 - PAGE_SHIFT, 31
560	lwz	r11,0(r11)
561/* Check if it really is a dcbx instruction. */
562/* dcbt and dcbtst does not generate DTLB Misses/Errors,
563 * no need to include them here */
564	xoris	r10, r11, 0x7c00	/* check if major OP code is 31 */
565	rlwinm	r10, r10, 0, 21, 5
566	cmpwi	cr0, r10, 2028	/* Is dcbz? */
567	beq+	142f
568	cmpwi	cr0, r10, 940	/* Is dcbi? */
569	beq+	142f
570	cmpwi	cr0, r10, 108	/* Is dcbst? */
571	beq+	144f		/* Fix up store bit! */
572	cmpwi	cr0, r10, 172	/* Is dcbf? */
573	beq+	142f
574	cmpwi	cr0, r10, 1964	/* Is icbi? */
575	beq+	142f
576141:	mfspr	r10,SPRN_SPRG_SCRATCH2
577	b	DARFixed	/* Nope, go back to normal TLB processing */
578
579144:	mfspr	r10, SPRN_DSISR
580	rlwinm	r10, r10,0,7,5	/* Clear store bit for buggy dcbst insn */
581	mtspr	SPRN_DSISR, r10
582142:	/* continue, it was a dcbx, dcbi instruction. */
583#ifndef NO_SELF_MODIFYING_CODE
584	andis.	r10,r11,0x1f	/* test if reg RA is r0 */
585	li	r10,modified_instr@l
586	dcbtst	r0,r10		/* touch for store */
587	rlwinm	r11,r11,0,0,20	/* Zero lower 10 bits */
588	oris	r11,r11,640	/* Transform instr. to a "add r10,RA,RB" */
589	ori	r11,r11,532
590	stw	r11,0(r10)	/* store add/and instruction */
591	dcbf	0,r10		/* flush new instr. to memory. */
592	icbi	0,r10		/* invalidate instr. cache line */
593	mfspr	r11, SPRN_SPRG_SCRATCH1	/* restore r11 */
594	mfspr	r10, SPRN_SPRG_SCRATCH0	/* restore r10 */
595	isync			/* Wait until new instr is loaded from memory */
596modified_instr:
597	.space	4		/* this is where the add instr. is stored */
598	bne+	143f
599	subf	r10,r0,r10	/* r10=r10-r0, only if reg RA is r0 */
600143:	mtdar	r10		/* store faulting EA in DAR */
601	mfspr	r10,SPRN_SPRG_SCRATCH2
602	b	DARFixed	/* Go back to normal TLB handling */
603#else
604	mfctr	r10
605	mtdar	r10			/* save ctr reg in DAR */
606	rlwinm	r10, r11, 24, 24, 28	/* offset into jump table for reg RB */
607	addi	r10, r10, 150f@l	/* add start of table */
608	mtctr	r10			/* load ctr with jump address */
609	xor	r10, r10, r10		/* sum starts at zero */
610	bctr				/* jump into table */
611150:
612	add	r10, r10, r0	;b	151f
613	add	r10, r10, r1	;b	151f
614	add	r10, r10, r2	;b	151f
615	add	r10, r10, r3	;b	151f
616	add	r10, r10, r4	;b	151f
617	add	r10, r10, r5	;b	151f
618	add	r10, r10, r6	;b	151f
619	add	r10, r10, r7	;b	151f
620	add	r10, r10, r8	;b	151f
621	add	r10, r10, r9	;b	151f
622	mtctr	r11	;b	154f	/* r10 needs special handling */
623	mtctr	r11	;b	153f	/* r11 needs special handling */
624	add	r10, r10, r12	;b	151f
625	add	r10, r10, r13	;b	151f
626	add	r10, r10, r14	;b	151f
627	add	r10, r10, r15	;b	151f
628	add	r10, r10, r16	;b	151f
629	add	r10, r10, r17	;b	151f
630	add	r10, r10, r18	;b	151f
631	add	r10, r10, r19	;b	151f
632	add	r10, r10, r20	;b	151f
633	add	r10, r10, r21	;b	151f
634	add	r10, r10, r22	;b	151f
635	add	r10, r10, r23	;b	151f
636	add	r10, r10, r24	;b	151f
637	add	r10, r10, r25	;b	151f
638	add	r10, r10, r26	;b	151f
639	add	r10, r10, r27	;b	151f
640	add	r10, r10, r28	;b	151f
641	add	r10, r10, r29	;b	151f
642	add	r10, r10, r30	;b	151f
643	add	r10, r10, r31
644151:
645	rlwinm. r11,r11,19,24,28	/* offset into jump table for reg RA */
646	beq	152f			/* if reg RA is zero, don't add it */
647	addi	r11, r11, 150b@l	/* add start of table */
648	mtctr	r11			/* load ctr with jump address */
649	rlwinm	r11,r11,0,16,10		/* make sure we don't execute this more than once */
650	bctr				/* jump into table */
651152:
652	mfdar	r11
653	mtctr	r11			/* restore ctr reg from DAR */
654	mtdar	r10			/* save fault EA to DAR */
655	mfspr	r10,SPRN_SPRG_SCRATCH2
656	b	DARFixed		/* Go back to normal TLB handling */
657
658	/* special handling for r10,r11 since these are modified already */
659153:	mfspr	r11, SPRN_SPRG_SCRATCH1	/* load r11 from SPRN_SPRG_SCRATCH1 */
660	add	r10, r10, r11	/* add it */
661	mfctr	r11		/* restore r11 */
662	b	151b
663154:	mfspr	r11, SPRN_SPRG_SCRATCH0	/* load r10 from SPRN_SPRG_SCRATCH0 */
664	add	r10, r10, r11	/* add it */
665	mfctr	r11		/* restore r11 */
666	b	151b
667#endif
668
669/*
670 * This is where the main kernel code starts.
671 */
672start_here:
673	/* ptr to current */
674	lis	r2,init_task@h
675	ori	r2,r2,init_task@l
676
677	/* ptr to phys current thread */
678	tophys(r4,r2)
679	addi	r4,r4,THREAD	/* init task's THREAD */
680	mtspr	SPRN_SPRG_THREAD,r4
681
682	/* stack */
683	lis	r1,init_thread_union@ha
684	addi	r1,r1,init_thread_union@l
685	li	r0,0
686	stwu	r0,THREAD_SIZE-STACK_FRAME_OVERHEAD(r1)
687
688	bl	early_init	/* We have to do this with MMU on */
689
690/*
691 * Decide what sort of machine this is and initialize the MMU.
692 */
693	li	r3,0
694	mr	r4,r31
695	bl	machine_init
696	bl	MMU_init
697
698/*
699 * Go back to running unmapped so we can load up new values
700 * and change to using our exception vectors.
701 * On the 8xx, all we have to do is invalidate the TLB to clear
702 * the old 8M byte TLB mappings and load the page table base register.
703 */
704	/* The right way to do this would be to track it down through
705	 * init's THREAD like the context switch code does, but this is
706	 * easier......until someone changes init's static structures.
707	 */
708	lis	r6, swapper_pg_dir@h
709	ori	r6, r6, swapper_pg_dir@l
710	tophys(r6,r6)
711#ifdef CONFIG_8xx_CPU6
712	lis	r4, cpu6_errata_word@h
713	ori	r4, r4, cpu6_errata_word@l
714	li	r3, 0x3f80
715	stw	r3, 12(r4)
716	lwz	r3, 12(r4)
717#endif
718	mtspr	SPRN_M_TW, r6
719	lis	r4,2f@h
720	ori	r4,r4,2f@l
721	tophys(r4,r4)
722	li	r3,MSR_KERNEL & ~(MSR_IR|MSR_DR)
723	mtspr	SPRN_SRR0,r4
724	mtspr	SPRN_SRR1,r3
725	rfi
726/* Load up the kernel context */
7272:
728	SYNC			/* Force all PTE updates to finish */
729	tlbia			/* Clear all TLB entries */
730	sync			/* wait for tlbia/tlbie to finish */
731	TLBSYNC			/* ... on all CPUs */
732
733	/* set up the PTE pointers for the Abatron bdiGDB.
734	*/
735	tovirt(r6,r6)
736	lis	r5, abatron_pteptrs@h
737	ori	r5, r5, abatron_pteptrs@l
738	stw	r5, 0xf0(r0)	/* Must match your Abatron config file */
739	tophys(r5,r5)
740	stw	r6, 0(r5)
741
742/* Now turn on the MMU for real! */
743	li	r4,MSR_KERNEL
744	lis	r3,start_kernel@h
745	ori	r3,r3,start_kernel@l
746	mtspr	SPRN_SRR0,r3
747	mtspr	SPRN_SRR1,r4
748	rfi			/* enable MMU and jump to start_kernel */
749
750/* Set up the initial MMU state so we can do the first level of
751 * kernel initialization.  This maps the first 8 MBytes of memory 1:1
752 * virtual to physical.  Also, set the cache mode since that is defined
753 * by TLB entries and perform any additional mapping (like of the IMMR).
754 * If configured to pin some TLBs, we pin the first 8 Mbytes of kernel,
755 * 24 Mbytes of data, and the 8M IMMR space.  Anything not covered by
756 * these mappings is mapped by page tables.
757 */
758initial_mmu:
759	tlbia			/* Invalidate all TLB entries */
760/* Always pin the first 8 MB ITLB to prevent ITLB
761   misses while mucking around with SRR0/SRR1 in asm
762*/
763	lis	r8, MI_RSV4I@h
764	ori	r8, r8, 0x1c00
765
766	mtspr	SPRN_MI_CTR, r8	/* Set instruction MMU control */
767
768#ifdef CONFIG_PIN_TLB
769	lis	r10, (MD_RSV4I | MD_RESETVAL)@h
770	ori	r10, r10, 0x1c00
771	mr	r8, r10
772#else
773	lis	r10, MD_RESETVAL@h
774#endif
775#ifndef CONFIG_8xx_COPYBACK
776	oris	r10, r10, MD_WTDEF@h
777#endif
778	mtspr	SPRN_MD_CTR, r10	/* Set data TLB control */
779
780	/* Now map the lower 8 Meg into the TLBs.  For this quick hack,
781	 * we can load the instruction and data TLB registers with the
782	 * same values.
783	 */
784	lis	r8, KERNELBASE@h	/* Create vaddr for TLB */
785	ori	r8, r8, MI_EVALID	/* Mark it valid */
786	mtspr	SPRN_MI_EPN, r8
787	mtspr	SPRN_MD_EPN, r8
788	li	r8, MI_PS8MEG		/* Set 8M byte page */
789	ori	r8, r8, MI_SVALID	/* Make it valid */
790	mtspr	SPRN_MI_TWC, r8
791	mtspr	SPRN_MD_TWC, r8
792	li	r8, MI_BOOTINIT		/* Create RPN for address 0 */
793	mtspr	SPRN_MI_RPN, r8		/* Store TLB entry */
794	mtspr	SPRN_MD_RPN, r8
795	lis	r8, MI_Kp@h		/* Set the protection mode */
796	mtspr	SPRN_MI_AP, r8
797	mtspr	SPRN_MD_AP, r8
798
799	/* Map another 8 MByte at the IMMR to get the processor
800	 * internal registers (among other things).
801	 */
802#ifdef CONFIG_PIN_TLB
803	addi	r10, r10, 0x0100
804	mtspr	SPRN_MD_CTR, r10
805#endif
806	mfspr	r9, 638			/* Get current IMMR */
807	andis.	r9, r9, 0xff80		/* Get 8Mbyte boundary */
808
809	mr	r8, r9			/* Create vaddr for TLB */
810	ori	r8, r8, MD_EVALID	/* Mark it valid */
811	mtspr	SPRN_MD_EPN, r8
812	li	r8, MD_PS8MEG		/* Set 8M byte page */
813	ori	r8, r8, MD_SVALID	/* Make it valid */
814	mtspr	SPRN_MD_TWC, r8
815	mr	r8, r9			/* Create paddr for TLB */
816	ori	r8, r8, MI_BOOTINIT|0x2 /* Inhibit cache -- Cort */
817	mtspr	SPRN_MD_RPN, r8
818
819#ifdef CONFIG_PIN_TLB
820	/* Map two more 8M kernel data pages.
821	*/
822	addi	r10, r10, 0x0100
823	mtspr	SPRN_MD_CTR, r10
824
825	lis	r8, KERNELBASE@h	/* Create vaddr for TLB */
826	addis	r8, r8, 0x0080		/* Add 8M */
827	ori	r8, r8, MI_EVALID	/* Mark it valid */
828	mtspr	SPRN_MD_EPN, r8
829	li	r9, MI_PS8MEG		/* Set 8M byte page */
830	ori	r9, r9, MI_SVALID	/* Make it valid */
831	mtspr	SPRN_MD_TWC, r9
832	li	r11, MI_BOOTINIT	/* Create RPN for address 0 */
833	addis	r11, r11, 0x0080	/* Add 8M */
834	mtspr	SPRN_MD_RPN, r11
835
836	addi	r10, r10, 0x0100
837	mtspr	SPRN_MD_CTR, r10
838
839	addis	r8, r8, 0x0080		/* Add 8M */
840	mtspr	SPRN_MD_EPN, r8
841	mtspr	SPRN_MD_TWC, r9
842	addis	r11, r11, 0x0080	/* Add 8M */
843	mtspr	SPRN_MD_RPN, r11
844#endif
845
846	/* Since the cache is enabled according to the information we
847	 * just loaded into the TLB, invalidate and enable the caches here.
848	 * We should probably check/set other modes....later.
849	 */
850	lis	r8, IDC_INVALL@h
851	mtspr	SPRN_IC_CST, r8
852	mtspr	SPRN_DC_CST, r8
853	lis	r8, IDC_ENABLE@h
854	mtspr	SPRN_IC_CST, r8
855#ifdef CONFIG_8xx_COPYBACK
856	mtspr	SPRN_DC_CST, r8
857#else
858	/* For a debug option, I left this here to easily enable
859	 * the write through cache mode
860	 */
861	lis	r8, DC_SFWT@h
862	mtspr	SPRN_DC_CST, r8
863	lis	r8, IDC_ENABLE@h
864	mtspr	SPRN_DC_CST, r8
865#endif
866	blr
867
868
869/*
870 * Set up to use a given MMU context.
871 * r3 is context number, r4 is PGD pointer.
872 *
873 * We place the physical address of the new task page directory loaded
874 * into the MMU base register, and set the ASID compare register with
875 * the new "context."
876 */
877_GLOBAL(set_context)
878
879#ifdef CONFIG_BDI_SWITCH
880	/* Context switch the PTE pointer for the Abatron BDI2000.
881	 * The PGDIR is passed as second argument.
882	 */
883	lis	r5, KERNELBASE@h
884	lwz	r5, 0xf0(r5)
885	stw	r4, 0x4(r5)
886#endif
887
888#ifdef CONFIG_8xx_CPU6
889	lis	r6, cpu6_errata_word@h
890	ori	r6, r6, cpu6_errata_word@l
891	tophys	(r4, r4)
892	li	r7, 0x3f80
893	stw	r7, 12(r6)
894	lwz	r7, 12(r6)
895        mtspr   SPRN_M_TW, r4               /* Update MMU base address */
896	li	r7, 0x3380
897	stw	r7, 12(r6)
898	lwz	r7, 12(r6)
899        mtspr   SPRN_M_CASID, r3             /* Update context */
900#else
901        mtspr   SPRN_M_CASID,r3		/* Update context */
902	tophys	(r4, r4)
903	mtspr	SPRN_M_TW, r4		/* and pgd */
904#endif
905	SYNC
906	blr
907
908#ifdef CONFIG_8xx_CPU6
909/* It's here because it is unique to the 8xx.
910 * It is important we get called with interrupts disabled.  I used to
911 * do that, but it appears that all code that calls this already had
912 * interrupt disabled.
913 */
914	.globl	set_dec_cpu6
915set_dec_cpu6:
916	lis	r7, cpu6_errata_word@h
917	ori	r7, r7, cpu6_errata_word@l
918	li	r4, 0x2c00
919	stw	r4, 8(r7)
920	lwz	r4, 8(r7)
921        mtspr   22, r3		/* Update Decrementer */
922	SYNC
923	blr
924#endif
925
926/*
927 * We put a few things here that have to be page-aligned.
928 * This stuff goes at the beginning of the data segment,
929 * which is page-aligned.
930 */
931	.data
932	.globl	sdata
933sdata:
934	.globl	empty_zero_page
935	.align	PAGE_SHIFT
936empty_zero_page:
937	.space	PAGE_SIZE
938
939	.globl	swapper_pg_dir
940swapper_pg_dir:
941	.space	PGD_TABLE_SIZE
942
943/* Room for two PTE table poiners, usually the kernel and current user
944 * pointer to their respective root page table (pgdir).
945 */
946abatron_pteptrs:
947	.space	8
948
949#ifdef CONFIG_8xx_CPU6
950	.globl	cpu6_errata_word
951cpu6_errata_word:
952	.space	16
953#endif
954
955