xref: /openbmc/linux/arch/powerpc/kernel/head_8xx.S (revision e4781421e883340b796da5a724bda7226817990b) 
1/*
2 *  PowerPC version
3 *    Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
4 *  Rewritten by Cort Dougan (cort@cs.nmt.edu) for PReP
5 *    Copyright (C) 1996 Cort Dougan <cort@cs.nmt.edu>
6 *  Low-level exception handlers and MMU support
7 *  rewritten by Paul Mackerras.
8 *    Copyright (C) 1996 Paul Mackerras.
9 *  MPC8xx modifications by Dan Malek
10 *    Copyright (C) 1997 Dan Malek (dmalek@jlc.net).
11 *
12 *  This file contains low-level support and setup for PowerPC 8xx
13 *  embedded processors, including trap and interrupt dispatch.
14 *
15 *  This program is free software; you can redistribute it and/or
16 *  modify it under the terms of the GNU General Public License
17 *  as published by the Free Software Foundation; either version
18 *  2 of the License, or (at your option) any later version.
19 *
20 */
21
22#include <linux/init.h>
23#include <asm/processor.h>
24#include <asm/page.h>
25#include <asm/mmu.h>
26#include <asm/cache.h>
27#include <asm/pgtable.h>
28#include <asm/cputable.h>
29#include <asm/thread_info.h>
30#include <asm/ppc_asm.h>
31#include <asm/asm-offsets.h>
32#include <asm/ptrace.h>
33#include <asm/fixmap.h>
34#include <asm/export.h>
35
36/* Macro to make the code more readable. */
37#ifdef CONFIG_8xx_CPU6
38#define SPRN_MI_TWC_ADDR	0x2b80
39#define SPRN_MI_RPN_ADDR	0x2d80
40#define SPRN_MD_TWC_ADDR	0x3b80
41#define SPRN_MD_RPN_ADDR	0x3d80
42
43#define MTSPR_CPU6(spr, reg, treg)	\
44	li	treg, spr##_ADDR;	\
45	stw	treg, 12(r0);		\
46	lwz	treg, 12(r0);		\
47	mtspr	spr, reg
48#else
49#define MTSPR_CPU6(spr, reg, treg)	\
50	mtspr	spr, reg
51#endif
52
53/* Macro to test if an address is a kernel address */
54#if CONFIG_TASK_SIZE <= 0x80000000 && CONFIG_PAGE_OFFSET >= 0x80000000
55#define IS_KERNEL(tmp, addr)		\
56	andis.	tmp, addr, 0x8000	/* Address >= 0x80000000 */
57#define BRANCH_UNLESS_KERNEL(label)	beq	label
58#else
59#define IS_KERNEL(tmp, addr)		\
60	rlwinm	tmp, addr, 16, 16, 31;	\
61	cmpli	cr0, tmp, PAGE_OFFSET >> 16
62#define BRANCH_UNLESS_KERNEL(label)	blt	label
63#endif
64
65
66/*
67 * Value for the bits that have fixed value in RPN entries.
68 * Also used for tagging DAR for DTLBerror.
69 */
70#ifdef CONFIG_PPC_16K_PAGES
71#define RPN_PATTERN	(0x00f0 | MD_SPS16K)
72#else
73#define RPN_PATTERN	0x00f0
74#endif
75
76#define PAGE_SHIFT_512K		19
77#define PAGE_SHIFT_8M		23
78
79	__HEAD
80_ENTRY(_stext);
81_ENTRY(_start);
82
83/* MPC8xx
84 * This port was done on an MBX board with an 860.  Right now I only
85 * support an ELF compressed (zImage) boot from EPPC-Bug because the
86 * code there loads up some registers before calling us:
87 *   r3: ptr to board info data
88 *   r4: initrd_start or if no initrd then 0
89 *   r5: initrd_end - unused if r4 is 0
90 *   r6: Start of command line string
91 *   r7: End of command line string
92 *
93 * I decided to use conditional compilation instead of checking PVR and
94 * adding more processor specific branches around code I don't need.
95 * Since this is an embedded processor, I also appreciate any memory
96 * savings I can get.
97 *
98 * The MPC8xx does not have any BATs, but it supports large page sizes.
99 * We first initialize the MMU to support 8M byte pages, then load one
100 * entry into each of the instruction and data TLBs to map the first
101 * 8M 1:1.  I also mapped an additional I/O space 1:1 so we can get to
102 * the "internal" processor registers before MMU_init is called.
103 *
104 *	-- Dan
105 */
106	.globl	__start
107__start:
108	mr	r31,r3			/* save device tree ptr */
109
110	/* We have to turn on the MMU right away so we get cache modes
111	 * set correctly.
112	 */
113	bl	initial_mmu
114
115/* We now have the lower 8 Meg mapped into TLB entries, and the caches
116 * ready to work.
117 */
118
119turn_on_mmu:
120	mfmsr	r0
121	ori	r0,r0,MSR_DR|MSR_IR
122	mtspr	SPRN_SRR1,r0
123	lis	r0,start_here@h
124	ori	r0,r0,start_here@l
125	mtspr	SPRN_SRR0,r0
126	SYNC
127	rfi				/* enables MMU */
128
129/*
130 * Exception entry code.  This code runs with address translation
131 * turned off, i.e. using physical addresses.
132 * We assume sprg3 has the physical address of the current
133 * task's thread_struct.
134 */
135#define EXCEPTION_PROLOG	\
136	EXCEPTION_PROLOG_0;	\
137	mfcr	r10;		\
138	EXCEPTION_PROLOG_1;	\
139	EXCEPTION_PROLOG_2
140
141#define EXCEPTION_PROLOG_0	\
142	mtspr	SPRN_SPRG_SCRATCH0,r10;	\
143	mtspr	SPRN_SPRG_SCRATCH1,r11
144
145#define EXCEPTION_PROLOG_1	\
146	mfspr	r11,SPRN_SRR1;		/* check whether user or kernel */ \
147	andi.	r11,r11,MSR_PR;	\
148	tophys(r11,r1);			/* use tophys(r1) if kernel */ \
149	beq	1f;		\
150	mfspr	r11,SPRN_SPRG_THREAD;	\
151	lwz	r11,THREAD_INFO-THREAD(r11);	\
152	addi	r11,r11,THREAD_SIZE;	\
153	tophys(r11,r11);	\
1541:	subi	r11,r11,INT_FRAME_SIZE	/* alloc exc. frame */
155
156
157#define EXCEPTION_PROLOG_2	\
158	stw	r10,_CCR(r11);		/* save registers */ \
159	stw	r12,GPR12(r11);	\
160	stw	r9,GPR9(r11);	\
161	mfspr	r10,SPRN_SPRG_SCRATCH0;	\
162	stw	r10,GPR10(r11);	\
163	mfspr	r12,SPRN_SPRG_SCRATCH1;	\
164	stw	r12,GPR11(r11);	\
165	mflr	r10;		\
166	stw	r10,_LINK(r11);	\
167	mfspr	r12,SPRN_SRR0;	\
168	mfspr	r9,SPRN_SRR1;	\
169	stw	r1,GPR1(r11);	\
170	stw	r1,0(r11);	\
171	tovirt(r1,r11);			/* set new kernel sp */	\
172	li	r10,MSR_KERNEL & ~(MSR_IR|MSR_DR); /* can take exceptions */ \
173	MTMSRD(r10);			/* (except for mach check in rtas) */ \
174	stw	r0,GPR0(r11);	\
175	SAVE_4GPRS(3, r11);	\
176	SAVE_2GPRS(7, r11)
177
178/*
179 * Exception exit code.
180 */
181#define EXCEPTION_EPILOG_0	\
182	mfspr	r10,SPRN_SPRG_SCRATCH0;	\
183	mfspr	r11,SPRN_SPRG_SCRATCH1
184
185/*
186 * Note: code which follows this uses cr0.eq (set if from kernel),
187 * r11, r12 (SRR0), and r9 (SRR1).
188 *
189 * Note2: once we have set r1 we are in a position to take exceptions
190 * again, and we could thus set MSR:RI at that point.
191 */
192
193/*
194 * Exception vectors.
195 */
196#define EXCEPTION(n, label, hdlr, xfer)		\
197	. = n;					\
198label:						\
199	EXCEPTION_PROLOG;			\
200	addi	r3,r1,STACK_FRAME_OVERHEAD;	\
201	xfer(n, hdlr)
202
203#define EXC_XFER_TEMPLATE(n, hdlr, trap, copyee, tfer, ret)	\
204	li	r10,trap;					\
205	stw	r10,_TRAP(r11);					\
206	li	r10,MSR_KERNEL;					\
207	copyee(r10, r9);					\
208	bl	tfer;						\
209i##n:								\
210	.long	hdlr;						\
211	.long	ret
212
213#define COPY_EE(d, s)		rlwimi d,s,0,16,16
214#define NOCOPY(d, s)
215
216#define EXC_XFER_STD(n, hdlr)		\
217	EXC_XFER_TEMPLATE(n, hdlr, n, NOCOPY, transfer_to_handler_full,	\
218			  ret_from_except_full)
219
220#define EXC_XFER_LITE(n, hdlr)		\
221	EXC_XFER_TEMPLATE(n, hdlr, n+1, NOCOPY, transfer_to_handler, \
222			  ret_from_except)
223
224#define EXC_XFER_EE(n, hdlr)		\
225	EXC_XFER_TEMPLATE(n, hdlr, n, COPY_EE, transfer_to_handler_full, \
226			  ret_from_except_full)
227
228#define EXC_XFER_EE_LITE(n, hdlr)	\
229	EXC_XFER_TEMPLATE(n, hdlr, n+1, COPY_EE, transfer_to_handler, \
230			  ret_from_except)
231
232/* System reset */
233	EXCEPTION(0x100, Reset, system_reset_exception, EXC_XFER_STD)
234
235/* Machine check */
236	. = 0x200
237MachineCheck:
238	EXCEPTION_PROLOG
239	mfspr r4,SPRN_DAR
240	stw r4,_DAR(r11)
241	li r5,RPN_PATTERN
242	mtspr SPRN_DAR,r5	/* Tag DAR, to be used in DTLB Error */
243	mfspr r5,SPRN_DSISR
244	stw r5,_DSISR(r11)
245	addi r3,r1,STACK_FRAME_OVERHEAD
246	EXC_XFER_STD(0x200, machine_check_exception)
247
248/* Data access exception.
249 * This is "never generated" by the MPC8xx.
250 */
251	. = 0x300
252DataAccess:
253
254/* Instruction access exception.
255 * This is "never generated" by the MPC8xx.
256 */
257	. = 0x400
258InstructionAccess:
259
260/* External interrupt */
261	EXCEPTION(0x500, HardwareInterrupt, do_IRQ, EXC_XFER_LITE)
262
263/* Alignment exception */
264	. = 0x600
265Alignment:
266	EXCEPTION_PROLOG
267	mfspr	r4,SPRN_DAR
268	stw	r4,_DAR(r11)
269	li	r5,RPN_PATTERN
270	mtspr	SPRN_DAR,r5	/* Tag DAR, to be used in DTLB Error */
271	mfspr	r5,SPRN_DSISR
272	stw	r5,_DSISR(r11)
273	addi	r3,r1,STACK_FRAME_OVERHEAD
274	EXC_XFER_EE(0x600, alignment_exception)
275
276/* Program check exception */
277	EXCEPTION(0x700, ProgramCheck, program_check_exception, EXC_XFER_STD)
278
279/* No FPU on MPC8xx.  This exception is not supposed to happen.
280*/
281	EXCEPTION(0x800, FPUnavailable, unknown_exception, EXC_XFER_STD)
282
283/* Decrementer */
284	EXCEPTION(0x900, Decrementer, timer_interrupt, EXC_XFER_LITE)
285
286	EXCEPTION(0xa00, Trap_0a, unknown_exception, EXC_XFER_EE)
287	EXCEPTION(0xb00, Trap_0b, unknown_exception, EXC_XFER_EE)
288
289/* System call */
290	. = 0xc00
291SystemCall:
292	EXCEPTION_PROLOG
293	EXC_XFER_EE_LITE(0xc00, DoSyscall)
294
295/* Single step - not used on 601 */
296	EXCEPTION(0xd00, SingleStep, single_step_exception, EXC_XFER_STD)
297	EXCEPTION(0xe00, Trap_0e, unknown_exception, EXC_XFER_EE)
298	EXCEPTION(0xf00, Trap_0f, unknown_exception, EXC_XFER_EE)
299
300/* On the MPC8xx, this is a software emulation interrupt.  It occurs
301 * for all unimplemented and illegal instructions.
302 */
303	EXCEPTION(0x1000, SoftEmu, SoftwareEmulation, EXC_XFER_STD)
304
305	. = 0x1100
306/*
307 * For the MPC8xx, this is a software tablewalk to load the instruction
308 * TLB.  The task switch loads the M_TW register with the pointer to the first
309 * level table.
310 * If we discover there is no second level table (value is zero) or if there
311 * is an invalid pte, we load that into the TLB, which causes another fault
312 * into the TLB Error interrupt where we can handle such problems.
313 * We have to use the MD_xxx registers for the tablewalk because the
314 * equivalent MI_xxx registers only perform the attribute functions.
315 */
316
317#ifdef CONFIG_8xx_CPU15
318#define INVALIDATE_ADJACENT_PAGES_CPU15(tmp, addr)	\
319	addi	tmp, addr, PAGE_SIZE;	\
320	tlbie	tmp;			\
321	addi	tmp, addr, -PAGE_SIZE;	\
322	tlbie	tmp
323#else
324#define INVALIDATE_ADJACENT_PAGES_CPU15(tmp, addr)
325#endif
326
327InstructionTLBMiss:
328#if defined(CONFIG_8xx_CPU6) || defined(CONFIG_MODULES) || defined (CONFIG_DEBUG_PAGEALLOC) || defined (CONFIG_HUGETLB_PAGE)
329	mtspr	SPRN_SPRG_SCRATCH2, r3
330#endif
331	EXCEPTION_PROLOG_0
332
333	/* If we are faulting a kernel address, we have to use the
334	 * kernel page tables.
335	 */
336	mfspr	r10, SPRN_SRR0	/* Get effective address of fault */
337	INVALIDATE_ADJACENT_PAGES_CPU15(r11, r10)
338	/* Only modules will cause ITLB Misses as we always
339	 * pin the first 8MB of kernel memory */
340#if defined(CONFIG_MODULES) || defined (CONFIG_DEBUG_PAGEALLOC) || defined (CONFIG_HUGETLB_PAGE)
341	mfcr	r3
342#endif
343#if defined(CONFIG_MODULES) || defined (CONFIG_DEBUG_PAGEALLOC)
344	IS_KERNEL(r11, r10)
345#endif
346	mfspr	r11, SPRN_M_TW	/* Get level 1 table */
347#if defined(CONFIG_MODULES) || defined (CONFIG_DEBUG_PAGEALLOC)
348	BRANCH_UNLESS_KERNEL(3f)
349	lis	r11, (swapper_pg_dir-PAGE_OFFSET)@ha
3503:
351#endif
352	/* Insert level 1 index */
353	rlwimi	r11, r10, 32 - ((PAGE_SHIFT - 2) << 1), (PAGE_SHIFT - 2) << 1, 29
354	lwz	r11, (swapper_pg_dir-PAGE_OFFSET)@l(r11)	/* Get the level 1 entry */
355
356	/* Extract level 2 index */
357	rlwinm	r10, r10, 32 - (PAGE_SHIFT - 2), 32 - PAGE_SHIFT, 29
358#ifdef CONFIG_HUGETLB_PAGE
359	mtcr	r11
360	bt-	28, 10f		/* bit 28 = Large page (8M) */
361	bt-	29, 20f		/* bit 29 = Large page (8M or 512k) */
362#endif
363	rlwimi	r10, r11, 0, 0, 32 - PAGE_SHIFT - 1	/* Add level 2 base */
364	lwz	r10, 0(r10)	/* Get the pte */
3654:
366#if defined(CONFIG_MODULES) || defined (CONFIG_DEBUG_PAGEALLOC) || defined (CONFIG_HUGETLB_PAGE)
367	mtcr	r3
368#endif
369	/* Insert the APG into the TWC from the Linux PTE. */
370	rlwimi	r11, r10, 0, 25, 26
371	/* Load the MI_TWC with the attributes for this "segment." */
372	MTSPR_CPU6(SPRN_MI_TWC, r11, r3)	/* Set segment attributes */
373
374#if defined (CONFIG_HUGETLB_PAGE) && defined (CONFIG_PPC_4K_PAGES)
375	rlwimi	r10, r11, 1, MI_SPS16K
376#endif
377#ifdef CONFIG_SWAP
378	rlwinm	r11, r10, 32-5, _PAGE_PRESENT
379	and	r11, r11, r10
380	rlwimi	r10, r11, 0, _PAGE_PRESENT
381#endif
382	li	r11, RPN_PATTERN
383	/* The Linux PTE won't go exactly into the MMU TLB.
384	 * Software indicator bits 20-23 and 28 must be clear.
385	 * Software indicator bits 24, 25, 26, and 27 must be
386	 * set.  All other Linux PTE bits control the behavior
387	 * of the MMU.
388	 */
389#if defined (CONFIG_HUGETLB_PAGE) && defined (CONFIG_PPC_4K_PAGES)
390	rlwimi	r10, r11, 0, 0x0ff0	/* Set 24-27, clear 20-23 */
391#else
392	rlwimi	r10, r11, 0, 0x0ff8	/* Set 24-27, clear 20-23,28 */
393#endif
394	MTSPR_CPU6(SPRN_MI_RPN, r10, r3)	/* Update TLB entry */
395
396	/* Restore registers */
397#if defined(CONFIG_8xx_CPU6) || defined(CONFIG_MODULES) || defined (CONFIG_DEBUG_PAGEALLOC) || defined (CONFIG_HUGETLB_PAGE)
398	mfspr	r3, SPRN_SPRG_SCRATCH2
399#endif
400	EXCEPTION_EPILOG_0
401	rfi
402
403#ifdef CONFIG_HUGETLB_PAGE
40410:	/* 8M pages */
405#ifdef CONFIG_PPC_16K_PAGES
406	/* Extract level 2 index */
407	rlwinm	r10, r10, 32 - (PAGE_SHIFT_8M - PAGE_SHIFT), 32 + PAGE_SHIFT_8M - (PAGE_SHIFT << 1), 29
408	/* Add level 2 base */
409	rlwimi	r10, r11, 0, 0, 32 + PAGE_SHIFT_8M - (PAGE_SHIFT << 1) - 1
410#else
411	/* Level 2 base */
412	rlwinm	r10, r11, 0, ~HUGEPD_SHIFT_MASK
413#endif
414	lwz	r10, 0(r10)	/* Get the pte */
415	rlwinm	r11, r11, 0, 0xf
416	b	4b
417
41820:	/* 512k pages */
419	/* Extract level 2 index */
420	rlwinm	r10, r10, 32 - (PAGE_SHIFT_512K - PAGE_SHIFT), 32 + PAGE_SHIFT_512K - (PAGE_SHIFT << 1), 29
421	/* Add level 2 base */
422	rlwimi	r10, r11, 0, 0, 32 + PAGE_SHIFT_512K - (PAGE_SHIFT << 1) - 1
423	lwz	r10, 0(r10)	/* Get the pte */
424	rlwinm	r11, r11, 0, 0xf
425	b	4b
426#endif
427
428	. = 0x1200
429DataStoreTLBMiss:
430	mtspr	SPRN_SPRG_SCRATCH2, r3
431	EXCEPTION_PROLOG_0
432	mfcr	r3
433
434	/* If we are faulting a kernel address, we have to use the
435	 * kernel page tables.
436	 */
437	mfspr	r10, SPRN_MD_EPN
438	rlwinm	r10, r10, 16, 0xfff8
439	cmpli	cr0, r10, PAGE_OFFSET@h
440	mfspr	r11, SPRN_M_TW	/* Get level 1 table */
441	blt+	3f
442#ifndef CONFIG_PIN_TLB_IMMR
443	cmpli	cr0, r10, VIRT_IMMR_BASE@h
444#endif
445_ENTRY(DTLBMiss_cmp)
446	cmpli	cr7, r10, (PAGE_OFFSET + 0x1800000)@h
447	lis	r11, (swapper_pg_dir-PAGE_OFFSET)@ha
448#ifndef CONFIG_PIN_TLB_IMMR
449_ENTRY(DTLBMiss_jmp)
450	beq-	DTLBMissIMMR
451#endif
452	blt	cr7, DTLBMissLinear
4533:
454	mfspr	r10, SPRN_MD_EPN
455
456	/* Insert level 1 index */
457	rlwimi	r11, r10, 32 - ((PAGE_SHIFT - 2) << 1), (PAGE_SHIFT - 2) << 1, 29
458	lwz	r11, (swapper_pg_dir-PAGE_OFFSET)@l(r11)	/* Get the level 1 entry */
459
460	/* We have a pte table, so load fetch the pte from the table.
461	 */
462	/* Extract level 2 index */
463	rlwinm	r10, r10, 32 - (PAGE_SHIFT - 2), 32 - PAGE_SHIFT, 29
464#ifdef CONFIG_HUGETLB_PAGE
465	mtcr	r11
466	bt-	28, 10f		/* bit 28 = Large page (8M) */
467	bt-	29, 20f		/* bit 29 = Large page (8M or 512k) */
468#endif
469	rlwimi	r10, r11, 0, 0, 32 - PAGE_SHIFT - 1	/* Add level 2 base */
470	lwz	r10, 0(r10)	/* Get the pte */
4714:
472	mtcr	r3
473
474	/* Insert the Guarded flag and APG into the TWC from the Linux PTE.
475	 * It is bit 26-27 of both the Linux PTE and the TWC (at least
476	 * I got that right :-).  It will be better when we can put
477	 * this into the Linux pgd/pmd and load it in the operation
478	 * above.
479	 */
480	rlwimi	r11, r10, 0, 26, 27
481	/* Insert the WriteThru flag into the TWC from the Linux PTE.
482	 * It is bit 25 in the Linux PTE and bit 30 in the TWC
483	 */
484	rlwimi	r11, r10, 32-5, 30, 30
485	MTSPR_CPU6(SPRN_MD_TWC, r11, r3)
486
487	/* In 4k pages mode, SPS (bit 28) in RPN must match PS[1] (bit 29)
488	 * In 16k pages mode, SPS is always 1 */
489#if defined (CONFIG_HUGETLB_PAGE) && defined (CONFIG_PPC_4K_PAGES)
490	rlwimi	r10, r11, 1, MD_SPS16K
491#endif
492	/* Both _PAGE_ACCESSED and _PAGE_PRESENT has to be set.
493	 * We also need to know if the insn is a load/store, so:
494	 * Clear _PAGE_PRESENT and load that which will
495	 * trap into DTLB Error with store bit set accordinly.
496	 */
497	/* PRESENT=0x1, ACCESSED=0x20
498	 * r11 = ((r10 & PRESENT) & ((r10 & ACCESSED) >> 5));
499	 * r10 = (r10 & ~PRESENT) | r11;
500	 */
501#ifdef CONFIG_SWAP
502	rlwinm	r11, r10, 32-5, _PAGE_PRESENT
503	and	r11, r11, r10
504	rlwimi	r10, r11, 0, _PAGE_PRESENT
505#endif
506	/* The Linux PTE won't go exactly into the MMU TLB.
507	 * Software indicator bits 22 and 28 must be clear.
508	 * Software indicator bits 24, 25, 26, and 27 must be
509	 * set.  All other Linux PTE bits control the behavior
510	 * of the MMU.
511	 */
512	li	r11, RPN_PATTERN
513#if defined (CONFIG_HUGETLB_PAGE) && defined (CONFIG_PPC_4K_PAGES)
514	rlwimi	r10, r11, 0, 24, 27	/* Set 24-27 */
515#else
516	rlwimi	r10, r11, 0, 24, 28	/* Set 24-27, clear 28 */
517#endif
518	rlwimi	r10, r11, 0, 20, 20	/* clear 20 */
519	MTSPR_CPU6(SPRN_MD_RPN, r10, r3)	/* Update TLB entry */
520
521	/* Restore registers */
522	mfspr	r3, SPRN_SPRG_SCRATCH2
523	mtspr	SPRN_DAR, r11	/* Tag DAR */
524	EXCEPTION_EPILOG_0
525	rfi
526
527#ifdef CONFIG_HUGETLB_PAGE
52810:	/* 8M pages */
529	/* Extract level 2 index */
530#ifdef CONFIG_PPC_16K_PAGES
531	rlwinm	r10, r10, 32 - (PAGE_SHIFT_8M - PAGE_SHIFT), 32 + PAGE_SHIFT_8M - (PAGE_SHIFT << 1), 29
532	/* Add level 2 base */
533	rlwimi	r10, r11, 0, 0, 32 + PAGE_SHIFT_8M - (PAGE_SHIFT << 1) - 1
534#else
535	/* Level 2 base */
536	rlwinm	r10, r11, 0, ~HUGEPD_SHIFT_MASK
537#endif
538	lwz	r10, 0(r10)	/* Get the pte */
539	rlwinm	r11, r11, 0, 0xf
540	b	4b
541
54220:	/* 512k pages */
543	/* Extract level 2 index */
544	rlwinm	r10, r10, 32 - (PAGE_SHIFT_512K - PAGE_SHIFT), 32 + PAGE_SHIFT_512K - (PAGE_SHIFT << 1), 29
545	/* Add level 2 base */
546	rlwimi	r10, r11, 0, 0, 32 + PAGE_SHIFT_512K - (PAGE_SHIFT << 1) - 1
547	lwz	r10, 0(r10)	/* Get the pte */
548	rlwinm	r11, r11, 0, 0xf
549	b	4b
550#endif
551
552/* This is an instruction TLB error on the MPC8xx.  This could be due
553 * to many reasons, such as executing guarded memory or illegal instruction
554 * addresses.  There is nothing to do but handle a big time error fault.
555 */
556	. = 0x1300
557InstructionTLBError:
558	EXCEPTION_PROLOG
559	mr	r4,r12
560	mr	r5,r9
561	andis.	r10,r5,0x4000
562	beq+	1f
563	tlbie	r4
564	/* 0x400 is InstructionAccess exception, needed by bad_page_fault() */
5651:	EXC_XFER_LITE(0x400, handle_page_fault)
566
567/* This is the data TLB error on the MPC8xx.  This could be due to
568 * many reasons, including a dirty update to a pte.  We bail out to
569 * a higher level function that can handle it.
570 */
571	. = 0x1400
572DataTLBError:
573	EXCEPTION_PROLOG_0
574	mfcr	r10
575
576	mfspr	r11, SPRN_DAR
577	cmpwi	cr0, r11, RPN_PATTERN
578	beq-	FixupDAR	/* must be a buggy dcbX, icbi insn. */
579DARFixed:/* Return from dcbx instruction bug workaround */
580	EXCEPTION_PROLOG_1
581	EXCEPTION_PROLOG_2
582	mfspr	r5,SPRN_DSISR
583	stw	r5,_DSISR(r11)
584	mfspr	r4,SPRN_DAR
585	andis.	r10,r5,0x4000
586	beq+	1f
587	tlbie	r4
5881:	li	r10,RPN_PATTERN
589	mtspr	SPRN_DAR,r10	/* Tag DAR, to be used in DTLB Error */
590	/* 0x300 is DataAccess exception, needed by bad_page_fault() */
591	EXC_XFER_LITE(0x300, handle_page_fault)
592
593	EXCEPTION(0x1500, Trap_15, unknown_exception, EXC_XFER_EE)
594	EXCEPTION(0x1600, Trap_16, unknown_exception, EXC_XFER_EE)
595	EXCEPTION(0x1700, Trap_17, unknown_exception, EXC_XFER_EE)
596	EXCEPTION(0x1800, Trap_18, unknown_exception, EXC_XFER_EE)
597	EXCEPTION(0x1900, Trap_19, unknown_exception, EXC_XFER_EE)
598	EXCEPTION(0x1a00, Trap_1a, unknown_exception, EXC_XFER_EE)
599	EXCEPTION(0x1b00, Trap_1b, unknown_exception, EXC_XFER_EE)
600
601/* On the MPC8xx, these next four traps are used for development
602 * support of breakpoints and such.  Someday I will get around to
603 * using them.
604 */
605	EXCEPTION(0x1c00, Trap_1c, unknown_exception, EXC_XFER_EE)
606	EXCEPTION(0x1d00, Trap_1d, unknown_exception, EXC_XFER_EE)
607	EXCEPTION(0x1e00, Trap_1e, unknown_exception, EXC_XFER_EE)
608	EXCEPTION(0x1f00, Trap_1f, unknown_exception, EXC_XFER_EE)
609
610	. = 0x2000
611
612/*
613 * Bottom part of DataStoreTLBMiss handlers for IMMR area and linear RAM.
614 * not enough space in the DataStoreTLBMiss area.
615 */
616DTLBMissIMMR:
617	mtcr	r3
618	/* Set 512k byte guarded page and mark it valid */
619	li	r10, MD_PS512K | MD_GUARDED | MD_SVALID
620	MTSPR_CPU6(SPRN_MD_TWC, r10, r11)
621	mfspr	r10, SPRN_IMMR			/* Get current IMMR */
622	rlwinm	r10, r10, 0, 0xfff80000		/* Get 512 kbytes boundary */
623	ori	r10, r10, 0xf0 | MD_SPS16K | _PAGE_SHARED | _PAGE_DIRTY	| \
624			  _PAGE_PRESENT | _PAGE_NO_CACHE
625	MTSPR_CPU6(SPRN_MD_RPN, r10, r11)	/* Update TLB entry */
626
627	li	r11, RPN_PATTERN
628	mtspr	SPRN_DAR, r11	/* Tag DAR */
629	mfspr	r3, SPRN_SPRG_SCRATCH2
630	EXCEPTION_EPILOG_0
631	rfi
632
633DTLBMissLinear:
634	mtcr	r3
635	/* Set 8M byte page and mark it valid */
636	li	r11, MD_PS8MEG | MD_SVALID
637	MTSPR_CPU6(SPRN_MD_TWC, r11, r3)
638	rlwinm	r10, r10, 16, 0x0f800000	/* 8xx supports max 256Mb RAM */
639	ori	r10, r10, 0xf0 | MD_SPS16K | _PAGE_SHARED | _PAGE_DIRTY	| \
640			  _PAGE_PRESENT
641	MTSPR_CPU6(SPRN_MD_RPN, r10, r11)	/* Update TLB entry */
642
643	li	r11, RPN_PATTERN
644	mtspr	SPRN_DAR, r11	/* Tag DAR */
645	mfspr	r3, SPRN_SPRG_SCRATCH2
646	EXCEPTION_EPILOG_0
647	rfi
648
649/* This is the procedure to calculate the data EA for buggy dcbx,dcbi instructions
650 * by decoding the registers used by the dcbx instruction and adding them.
651 * DAR is set to the calculated address.
652 */
653 /* define if you don't want to use self modifying code */
654#define NO_SELF_MODIFYING_CODE
655FixupDAR:/* Entry point for dcbx workaround. */
656	mtspr	SPRN_SPRG_SCRATCH2, r10
657	/* fetch instruction from memory. */
658	mfspr	r10, SPRN_SRR0
659	IS_KERNEL(r11, r10)
660	mfspr	r11, SPRN_M_TW	/* Get level 1 table */
661	BRANCH_UNLESS_KERNEL(3f)
662	rlwinm	r11, r10, 16, 0xfff8
663_ENTRY(FixupDAR_cmp)
664	cmpli	cr7, r11, (PAGE_OFFSET + 0x1800000)@h
665	/* create physical page address from effective address */
666	tophys(r11, r10)
667	blt-	cr7, 201f
668	lis	r11, (swapper_pg_dir-PAGE_OFFSET)@ha
669	/* Insert level 1 index */
6703:	rlwimi	r11, r10, 32 - ((PAGE_SHIFT - 2) << 1), (PAGE_SHIFT - 2) << 1, 29
671	lwz	r11, (swapper_pg_dir-PAGE_OFFSET)@l(r11)	/* Get the level 1 entry */
672	mtcr	r11
673	bt	28,200f		/* bit 28 = Large page (8M) */
674	bt	29,202f		/* bit 29 = Large page (8M or 512K) */
675	rlwinm	r11, r11,0,0,19	/* Extract page descriptor page address */
676	/* Insert level 2 index */
677	rlwimi	r11, r10, 32 - (PAGE_SHIFT - 2), 32 - PAGE_SHIFT, 29
678	lwz	r11, 0(r11)	/* Get the pte */
679	/* concat physical page address(r11) and page offset(r10) */
680	rlwimi	r11, r10, 0, 32 - PAGE_SHIFT, 31
681201:	lwz	r11,0(r11)
682/* Check if it really is a dcbx instruction. */
683/* dcbt and dcbtst does not generate DTLB Misses/Errors,
684 * no need to include them here */
685	xoris	r10, r11, 0x7c00	/* check if major OP code is 31 */
686	rlwinm	r10, r10, 0, 21, 5
687	cmpwi	cr0, r10, 2028	/* Is dcbz? */
688	beq+	142f
689	cmpwi	cr0, r10, 940	/* Is dcbi? */
690	beq+	142f
691	cmpwi	cr0, r10, 108	/* Is dcbst? */
692	beq+	144f		/* Fix up store bit! */
693	cmpwi	cr0, r10, 172	/* Is dcbf? */
694	beq+	142f
695	cmpwi	cr0, r10, 1964	/* Is icbi? */
696	beq+	142f
697141:	mfspr	r10,SPRN_SPRG_SCRATCH2
698	b	DARFixed	/* Nope, go back to normal TLB processing */
699
700	/* concat physical page address(r11) and page offset(r10) */
701200:
702#ifdef CONFIG_PPC_16K_PAGES
703	rlwinm	r11, r11, 0, 0, 32 + PAGE_SHIFT_8M - (PAGE_SHIFT << 1) - 1
704	rlwimi	r11, r10, 32 - (PAGE_SHIFT_8M - 2), 32 + PAGE_SHIFT_8M - (PAGE_SHIFT << 1), 29
705#else
706	rlwinm	r11, r10, 0, ~HUGEPD_SHIFT_MASK
707#endif
708	lwz	r11, 0(r11)	/* Get the pte */
709	/* concat physical page address(r11) and page offset(r10) */
710	rlwimi	r11, r10, 0, 32 - PAGE_SHIFT_8M, 31
711	b	201b
712
713202:
714	rlwinm	r11, r11, 0, 0, 32 + PAGE_SHIFT_512K - (PAGE_SHIFT << 1) - 1
715	rlwimi	r11, r10, 32 - (PAGE_SHIFT_512K - 2), 32 + PAGE_SHIFT_512K - (PAGE_SHIFT << 1), 29
716	lwz	r11, 0(r11)	/* Get the pte */
717	/* concat physical page address(r11) and page offset(r10) */
718	rlwimi	r11, r10, 0, 32 - PAGE_SHIFT_512K, 31
719	b	201b
720
721144:	mfspr	r10, SPRN_DSISR
722	rlwinm	r10, r10,0,7,5	/* Clear store bit for buggy dcbst insn */
723	mtspr	SPRN_DSISR, r10
724142:	/* continue, it was a dcbx, dcbi instruction. */
725#ifndef NO_SELF_MODIFYING_CODE
726	andis.	r10,r11,0x1f	/* test if reg RA is r0 */
727	li	r10,modified_instr@l
728	dcbtst	r0,r10		/* touch for store */
729	rlwinm	r11,r11,0,0,20	/* Zero lower 10 bits */
730	oris	r11,r11,640	/* Transform instr. to a "add r10,RA,RB" */
731	ori	r11,r11,532
732	stw	r11,0(r10)	/* store add/and instruction */
733	dcbf	0,r10		/* flush new instr. to memory. */
734	icbi	0,r10		/* invalidate instr. cache line */
735	mfspr	r11, SPRN_SPRG_SCRATCH1	/* restore r11 */
736	mfspr	r10, SPRN_SPRG_SCRATCH0	/* restore r10 */
737	isync			/* Wait until new instr is loaded from memory */
738modified_instr:
739	.space	4		/* this is where the add instr. is stored */
740	bne+	143f
741	subf	r10,r0,r10	/* r10=r10-r0, only if reg RA is r0 */
742143:	mtdar	r10		/* store faulting EA in DAR */
743	mfspr	r10,SPRN_SPRG_SCRATCH2
744	b	DARFixed	/* Go back to normal TLB handling */
745#else
746	mfctr	r10
747	mtdar	r10			/* save ctr reg in DAR */
748	rlwinm	r10, r11, 24, 24, 28	/* offset into jump table for reg RB */
749	addi	r10, r10, 150f@l	/* add start of table */
750	mtctr	r10			/* load ctr with jump address */
751	xor	r10, r10, r10		/* sum starts at zero */
752	bctr				/* jump into table */
753150:
754	add	r10, r10, r0	;b	151f
755	add	r10, r10, r1	;b	151f
756	add	r10, r10, r2	;b	151f
757	add	r10, r10, r3	;b	151f
758	add	r10, r10, r4	;b	151f
759	add	r10, r10, r5	;b	151f
760	add	r10, r10, r6	;b	151f
761	add	r10, r10, r7	;b	151f
762	add	r10, r10, r8	;b	151f
763	add	r10, r10, r9	;b	151f
764	mtctr	r11	;b	154f	/* r10 needs special handling */
765	mtctr	r11	;b	153f	/* r11 needs special handling */
766	add	r10, r10, r12	;b	151f
767	add	r10, r10, r13	;b	151f
768	add	r10, r10, r14	;b	151f
769	add	r10, r10, r15	;b	151f
770	add	r10, r10, r16	;b	151f
771	add	r10, r10, r17	;b	151f
772	add	r10, r10, r18	;b	151f
773	add	r10, r10, r19	;b	151f
774	add	r10, r10, r20	;b	151f
775	add	r10, r10, r21	;b	151f
776	add	r10, r10, r22	;b	151f
777	add	r10, r10, r23	;b	151f
778	add	r10, r10, r24	;b	151f
779	add	r10, r10, r25	;b	151f
780	add	r10, r10, r26	;b	151f
781	add	r10, r10, r27	;b	151f
782	add	r10, r10, r28	;b	151f
783	add	r10, r10, r29	;b	151f
784	add	r10, r10, r30	;b	151f
785	add	r10, r10, r31
786151:
787	rlwinm. r11,r11,19,24,28	/* offset into jump table for reg RA */
788	beq	152f			/* if reg RA is zero, don't add it */
789	addi	r11, r11, 150b@l	/* add start of table */
790	mtctr	r11			/* load ctr with jump address */
791	rlwinm	r11,r11,0,16,10		/* make sure we don't execute this more than once */
792	bctr				/* jump into table */
793152:
794	mfdar	r11
795	mtctr	r11			/* restore ctr reg from DAR */
796	mtdar	r10			/* save fault EA to DAR */
797	mfspr	r10,SPRN_SPRG_SCRATCH2
798	b	DARFixed		/* Go back to normal TLB handling */
799
800	/* special handling for r10,r11 since these are modified already */
801153:	mfspr	r11, SPRN_SPRG_SCRATCH1	/* load r11 from SPRN_SPRG_SCRATCH1 */
802	add	r10, r10, r11	/* add it */
803	mfctr	r11		/* restore r11 */
804	b	151b
805154:	mfspr	r11, SPRN_SPRG_SCRATCH0	/* load r10 from SPRN_SPRG_SCRATCH0 */
806	add	r10, r10, r11	/* add it */
807	mfctr	r11		/* restore r11 */
808	b	151b
809#endif
810
811/*
812 * This is where the main kernel code starts.
813 */
814start_here:
815	/* ptr to current */
816	lis	r2,init_task@h
817	ori	r2,r2,init_task@l
818
819	/* ptr to phys current thread */
820	tophys(r4,r2)
821	addi	r4,r4,THREAD	/* init task's THREAD */
822	mtspr	SPRN_SPRG_THREAD,r4
823
824	/* stack */
825	lis	r1,init_thread_union@ha
826	addi	r1,r1,init_thread_union@l
827	li	r0,0
828	stwu	r0,THREAD_SIZE-STACK_FRAME_OVERHEAD(r1)
829
830	bl	early_init	/* We have to do this with MMU on */
831
832/*
833 * Decide what sort of machine this is and initialize the MMU.
834 */
835	li	r3,0
836	mr	r4,r31
837	bl	machine_init
838	bl	MMU_init
839
840/*
841 * Go back to running unmapped so we can load up new values
842 * and change to using our exception vectors.
843 * On the 8xx, all we have to do is invalidate the TLB to clear
844 * the old 8M byte TLB mappings and load the page table base register.
845 */
846	/* The right way to do this would be to track it down through
847	 * init's THREAD like the context switch code does, but this is
848	 * easier......until someone changes init's static structures.
849	 */
850	lis	r6, swapper_pg_dir@ha
851	tophys(r6,r6)
852#ifdef CONFIG_8xx_CPU6
853	lis	r4, cpu6_errata_word@h
854	ori	r4, r4, cpu6_errata_word@l
855	li	r3, 0x3f80
856	stw	r3, 12(r4)
857	lwz	r3, 12(r4)
858#endif
859	mtspr	SPRN_M_TW, r6
860	lis	r4,2f@h
861	ori	r4,r4,2f@l
862	tophys(r4,r4)
863	li	r3,MSR_KERNEL & ~(MSR_IR|MSR_DR)
864	mtspr	SPRN_SRR0,r4
865	mtspr	SPRN_SRR1,r3
866	rfi
867/* Load up the kernel context */
8682:
869	SYNC			/* Force all PTE updates to finish */
870	tlbia			/* Clear all TLB entries */
871	sync			/* wait for tlbia/tlbie to finish */
872	TLBSYNC			/* ... on all CPUs */
873
874	/* set up the PTE pointers for the Abatron bdiGDB.
875	*/
876	tovirt(r6,r6)
877	lis	r5, abatron_pteptrs@h
878	ori	r5, r5, abatron_pteptrs@l
879	stw	r5, 0xf0(r0)	/* Must match your Abatron config file */
880	tophys(r5,r5)
881	stw	r6, 0(r5)
882
883/* Now turn on the MMU for real! */
884	li	r4,MSR_KERNEL
885	lis	r3,start_kernel@h
886	ori	r3,r3,start_kernel@l
887	mtspr	SPRN_SRR0,r3
888	mtspr	SPRN_SRR1,r4
889	rfi			/* enable MMU and jump to start_kernel */
890
891/* Set up the initial MMU state so we can do the first level of
892 * kernel initialization.  This maps the first 8 MBytes of memory 1:1
893 * virtual to physical.  Also, set the cache mode since that is defined
894 * by TLB entries and perform any additional mapping (like of the IMMR).
895 * If configured to pin some TLBs, we pin the first 8 Mbytes of kernel,
896 * 24 Mbytes of data, and the 512k IMMR space.  Anything not covered by
897 * these mappings is mapped by page tables.
898 */
899initial_mmu:
900	li	r8, 0
901	mtspr	SPRN_MI_CTR, r8		/* remove PINNED ITLB entries */
902	lis	r10, MD_RESETVAL@h
903#ifndef CONFIG_8xx_COPYBACK
904	oris	r10, r10, MD_WTDEF@h
905#endif
906	mtspr	SPRN_MD_CTR, r10	/* remove PINNED DTLB entries */
907
908	tlbia			/* Invalidate all TLB entries */
909/* Always pin the first 8 MB ITLB to prevent ITLB
910   misses while mucking around with SRR0/SRR1 in asm
911*/
912	lis	r8, MI_RSV4I@h
913	ori	r8, r8, 0x1c00
914
915	mtspr	SPRN_MI_CTR, r8	/* Set instruction MMU control */
916
917#ifdef CONFIG_PIN_TLB
918	oris	r10, r10, MD_RSV4I@h
919	mtspr	SPRN_MD_CTR, r10	/* Set data TLB control */
920#endif
921
922	/* Now map the lower 8 Meg into the ITLB. */
923	lis	r8, KERNELBASE@h	/* Create vaddr for TLB */
924	ori	r8, r8, MI_EVALID	/* Mark it valid */
925	mtspr	SPRN_MI_EPN, r8
926	li	r8, MI_PS8MEG | (2 << 5)	/* Set 8M byte page, APG 2 */
927	ori	r8, r8, MI_SVALID	/* Make it valid */
928	mtspr	SPRN_MI_TWC, r8
929	li	r8, MI_BOOTINIT		/* Create RPN for address 0 */
930	mtspr	SPRN_MI_RPN, r8		/* Store TLB entry */
931
932	lis	r8, MI_APG_INIT@h	/* Set protection modes */
933	ori	r8, r8, MI_APG_INIT@l
934	mtspr	SPRN_MI_AP, r8
935	lis	r8, MD_APG_INIT@h
936	ori	r8, r8, MD_APG_INIT@l
937	mtspr	SPRN_MD_AP, r8
938
939	/* Map a 512k page for the IMMR to get the processor
940	 * internal registers (among other things).
941	 */
942#ifdef CONFIG_PIN_TLB_IMMR
943	ori	r10, r10, 0x1c00
944	mtspr	SPRN_MD_CTR, r10
945
946	mfspr	r9, 638			/* Get current IMMR */
947	andis.	r9, r9, 0xfff8		/* Get 512 kbytes boundary */
948
949	lis	r8, VIRT_IMMR_BASE@h	/* Create vaddr for TLB */
950	ori	r8, r8, MD_EVALID	/* Mark it valid */
951	mtspr	SPRN_MD_EPN, r8
952	li	r8, MD_PS512K | MD_GUARDED	/* Set 512k byte page */
953	ori	r8, r8, MD_SVALID	/* Make it valid */
954	mtspr	SPRN_MD_TWC, r8
955	mr	r8, r9			/* Create paddr for TLB */
956	ori	r8, r8, MI_BOOTINIT|0x2 /* Inhibit cache -- Cort */
957	mtspr	SPRN_MD_RPN, r8
958#endif
959
960	/* Since the cache is enabled according to the information we
961	 * just loaded into the TLB, invalidate and enable the caches here.
962	 * We should probably check/set other modes....later.
963	 */
964	lis	r8, IDC_INVALL@h
965	mtspr	SPRN_IC_CST, r8
966	mtspr	SPRN_DC_CST, r8
967	lis	r8, IDC_ENABLE@h
968	mtspr	SPRN_IC_CST, r8
969#ifdef CONFIG_8xx_COPYBACK
970	mtspr	SPRN_DC_CST, r8
971#else
972	/* For a debug option, I left this here to easily enable
973	 * the write through cache mode
974	 */
975	lis	r8, DC_SFWT@h
976	mtspr	SPRN_DC_CST, r8
977	lis	r8, IDC_ENABLE@h
978	mtspr	SPRN_DC_CST, r8
979#endif
980	blr
981
982
983/*
984 * We put a few things here that have to be page-aligned.
985 * This stuff goes at the beginning of the data segment,
986 * which is page-aligned.
987 */
988	.data
989	.globl	sdata
990sdata:
991	.globl	empty_zero_page
992	.align	PAGE_SHIFT
993empty_zero_page:
994	.space	PAGE_SIZE
995EXPORT_SYMBOL(empty_zero_page)
996
997	.globl	swapper_pg_dir
998swapper_pg_dir:
999	.space	PGD_TABLE_SIZE
1000
1001/* Room for two PTE table poiners, usually the kernel and current user
1002 * pointer to their respective root page table (pgdir).
1003 */
1004abatron_pteptrs:
1005	.space	8
1006
1007#ifdef CONFIG_8xx_CPU6
1008	.globl	cpu6_errata_word
1009cpu6_errata_word:
1010	.space	16
1011#endif
1012
1013