xref: /openbmc/linux/arch/xtensa/kernel/entry.S (revision 86db9f28)
1/*
2 * Low-level exception handling
3 *
4 * This file is subject to the terms and conditions of the GNU General Public
5 * License.  See the file "COPYING" in the main directory of this archive
6 * for more details.
7 *
8 * Copyright (C) 2004 - 2008 by Tensilica Inc.
9 * Copyright (C) 2015 Cadence Design Systems Inc.
10 *
11 * Chris Zankel <chris@zankel.net>
12 *
13 */
14
15#include <linux/linkage.h>
16#include <asm/asm-offsets.h>
17#include <asm/asmmacro.h>
18#include <asm/processor.h>
19#include <asm/coprocessor.h>
20#include <asm/thread_info.h>
21#include <asm/asm-uaccess.h>
22#include <asm/unistd.h>
23#include <asm/ptrace.h>
24#include <asm/current.h>
25#include <asm/pgtable.h>
26#include <asm/page.h>
27#include <asm/signal.h>
28#include <asm/tlbflush.h>
29#include <variant/tie-asm.h>
30
31/* Unimplemented features. */
32
33#undef KERNEL_STACK_OVERFLOW_CHECK
34
35/* Not well tested.
36 *
37 * - fast_coprocessor
38 */
39
40/*
41 * Macro to find first bit set in WINDOWBASE from the left + 1
42 *
43 * 100....0 -> 1
44 * 010....0 -> 2
45 * 000....1 -> WSBITS
46 */
47
48	.macro ffs_ws bit mask
49
50#if XCHAL_HAVE_NSA
51	nsau    \bit, \mask			# 32-WSBITS ... 31 (32 iff 0)
52	addi    \bit, \bit, WSBITS - 32 + 1   	# uppest bit set -> return 1
53#else
54	movi    \bit, WSBITS
55#if WSBITS > 16
56	_bltui  \mask, 0x10000, 99f
57	addi    \bit, \bit, -16
58	extui   \mask, \mask, 16, 16
59#endif
60#if WSBITS > 8
6199:	_bltui  \mask, 0x100, 99f
62	addi    \bit, \bit, -8
63	srli    \mask, \mask, 8
64#endif
6599:	_bltui  \mask, 0x10, 99f
66	addi    \bit, \bit, -4
67	srli    \mask, \mask, 4
6899:	_bltui  \mask, 0x4, 99f
69	addi    \bit, \bit, -2
70	srli    \mask, \mask, 2
7199:	_bltui  \mask, 0x2, 99f
72	addi    \bit, \bit, -1
7399:
74
75#endif
76	.endm
77
78
79	.macro	irq_save flags tmp
80#if XTENSA_FAKE_NMI
81#if defined(CONFIG_DEBUG_KERNEL) && (LOCKLEVEL | TOPLEVEL) >= XCHAL_DEBUGLEVEL
82	rsr	\flags, ps
83	extui	\tmp, \flags, PS_INTLEVEL_SHIFT, PS_INTLEVEL_WIDTH
84	bgei	\tmp, LOCKLEVEL, 99f
85	rsil	\tmp, LOCKLEVEL
8699:
87#else
88	movi	\tmp, LOCKLEVEL
89	rsr	\flags, ps
90	or	\flags, \flags, \tmp
91	xsr	\flags, ps
92	rsync
93#endif
94#else
95	rsil	\flags, LOCKLEVEL
96#endif
97	.endm
98
99/* ----------------- DEFAULT FIRST LEVEL EXCEPTION HANDLERS ----------------- */
100
101/*
102 * First-level exception handler for user exceptions.
103 * Save some special registers, extra states and all registers in the AR
104 * register file that were in use in the user task, and jump to the common
105 * exception code.
106 * We save SAR (used to calculate WMASK), and WB and WS (we don't have to
107 * save them for kernel exceptions).
108 *
109 * Entry condition for user_exception:
110 *
111 *   a0:	trashed, original value saved on stack (PT_AREG0)
112 *   a1:	a1
113 *   a2:	new stack pointer, original value in depc
114 *   a3:	a3
115 *   depc:	a2, original value saved on stack (PT_DEPC)
116 *   excsave1:	dispatch table
117 *
118 *   PT_DEPC >= VALID_DOUBLE_EXCEPTION_ADDRESS: double exception, DEPC
119 *	     <  VALID_DOUBLE_EXCEPTION_ADDRESS: regular exception
120 *
121 * Entry condition for _user_exception:
122 *
123 *   a0-a3 and depc have been saved to PT_AREG0...PT_AREG3 and PT_DEPC
124 *   excsave has been restored, and
125 *   stack pointer (a1) has been set.
126 *
127 * Note: _user_exception might be at an odd address. Don't use call0..call12
128 */
129	.literal_position
130
131ENTRY(user_exception)
132
133	/* Save a1, a2, a3, and set SP. */
134
135	rsr	a0, depc
136	s32i	a1, a2, PT_AREG1
137	s32i	a0, a2, PT_AREG2
138	s32i	a3, a2, PT_AREG3
139	mov	a1, a2
140
141	.globl _user_exception
142_user_exception:
143
144	/* Save SAR and turn off single stepping */
145
146	movi	a2, 0
147	wsr	a2, depc		# terminate user stack trace with 0
148	rsr	a3, sar
149	xsr	a2, icountlevel
150	s32i	a3, a1, PT_SAR
151	s32i	a2, a1, PT_ICOUNTLEVEL
152
153#if XCHAL_HAVE_THREADPTR
154	rur	a2, threadptr
155	s32i	a2, a1, PT_THREADPTR
156#endif
157
158	/* Rotate ws so that the current windowbase is at bit0. */
159	/* Assume ws = xxwww1yyyy. Rotate ws right, so that a2 = yyyyxxwww1 */
160
161	rsr	a2, windowbase
162	rsr	a3, windowstart
163	ssr	a2
164	s32i	a2, a1, PT_WINDOWBASE
165	s32i	a3, a1, PT_WINDOWSTART
166	slli	a2, a3, 32-WSBITS
167	src	a2, a3, a2
168	srli	a2, a2, 32-WSBITS
169	s32i	a2, a1, PT_WMASK	# needed for restoring registers
170
171	/* Save only live registers. */
172
173	_bbsi.l	a2, 1, 1f
174	s32i	a4, a1, PT_AREG4
175	s32i	a5, a1, PT_AREG5
176	s32i	a6, a1, PT_AREG6
177	s32i	a7, a1, PT_AREG7
178	_bbsi.l	a2, 2, 1f
179	s32i	a8, a1, PT_AREG8
180	s32i	a9, a1, PT_AREG9
181	s32i	a10, a1, PT_AREG10
182	s32i	a11, a1, PT_AREG11
183	_bbsi.l	a2, 3, 1f
184	s32i	a12, a1, PT_AREG12
185	s32i	a13, a1, PT_AREG13
186	s32i	a14, a1, PT_AREG14
187	s32i	a15, a1, PT_AREG15
188	_bnei	a2, 1, 1f		# only one valid frame?
189
190	/* Only one valid frame, skip saving regs. */
191
192	j	2f
193
194	/* Save the remaining registers.
195	 * We have to save all registers up to the first '1' from
196	 * the right, except the current frame (bit 0).
197	 * Assume a2 is:  001001000110001
198	 * All register frames starting from the top field to the marked '1'
199	 * must be saved.
200	 */
201
2021:	addi	a3, a2, -1		# eliminate '1' in bit 0: yyyyxxww0
203	neg	a3, a3			# yyyyxxww0 -> YYYYXXWW1+1
204	and	a3, a3, a2		# max. only one bit is set
205
206	/* Find number of frames to save */
207
208	ffs_ws	a0, a3			# number of frames to the '1' from left
209
210	/* Store information into WMASK:
211	 * bits 0..3: xxx1 masked lower 4 bits of the rotated windowstart,
212	 * bits 4...: number of valid 4-register frames
213	 */
214
215	slli	a3, a0, 4		# number of frames to save in bits 8..4
216	extui	a2, a2, 0, 4		# mask for the first 16 registers
217	or	a2, a3, a2
218	s32i	a2, a1, PT_WMASK	# needed when we restore the reg-file
219
220	/* Save 4 registers at a time */
221
2221:	rotw	-1
223	s32i	a0, a5, PT_AREG_END - 16
224	s32i	a1, a5, PT_AREG_END - 12
225	s32i	a2, a5, PT_AREG_END - 8
226	s32i	a3, a5, PT_AREG_END - 4
227	addi	a0, a4, -1
228	addi	a1, a5, -16
229	_bnez	a0, 1b
230
231	/* WINDOWBASE still in SAR! */
232
233	rsr	a2, sar			# original WINDOWBASE
234	movi	a3, 1
235	ssl	a2
236	sll	a3, a3
237	wsr	a3, windowstart		# set corresponding WINDOWSTART bit
238	wsr	a2, windowbase		# and WINDOWSTART
239	rsync
240
241	/* We are back to the original stack pointer (a1) */
242
2432:	/* Now, jump to the common exception handler. */
244
245	j	common_exception
246
247ENDPROC(user_exception)
248
249/*
250 * First-level exit handler for kernel exceptions
251 * Save special registers and the live window frame.
252 * Note: Even though we changes the stack pointer, we don't have to do a
253 *	 MOVSP here, as we do that when we return from the exception.
254 *	 (See comment in the kernel exception exit code)
255 *
256 * Entry condition for kernel_exception:
257 *
258 *   a0:	trashed, original value saved on stack (PT_AREG0)
259 *   a1:	a1
260 *   a2:	new stack pointer, original in DEPC
261 *   a3:	a3
262 *   depc:	a2, original value saved on stack (PT_DEPC)
263 *   excsave_1:	dispatch table
264 *
265 *   PT_DEPC >= VALID_DOUBLE_EXCEPTION_ADDRESS: double exception, DEPC
266 *	     <  VALID_DOUBLE_EXCEPTION_ADDRESS: regular exception
267 *
268 * Entry condition for _kernel_exception:
269 *
270 *   a0-a3 and depc have been saved to PT_AREG0...PT_AREG3 and PT_DEPC
271 *   excsave has been restored, and
272 *   stack pointer (a1) has been set.
273 *
274 * Note: _kernel_exception might be at an odd address. Don't use call0..call12
275 */
276
277ENTRY(kernel_exception)
278
279	/* Save a1, a2, a3, and set SP. */
280
281	rsr	a0, depc		# get a2
282	s32i	a1, a2, PT_AREG1
283	s32i	a0, a2, PT_AREG2
284	s32i	a3, a2, PT_AREG3
285	mov	a1, a2
286
287	.globl _kernel_exception
288_kernel_exception:
289
290	/* Save SAR and turn off single stepping */
291
292	movi	a2, 0
293	rsr	a3, sar
294	xsr	a2, icountlevel
295	s32i	a3, a1, PT_SAR
296	s32i	a2, a1, PT_ICOUNTLEVEL
297
298	/* Rotate ws so that the current windowbase is at bit0. */
299	/* Assume ws = xxwww1yyyy. Rotate ws right, so that a2 = yyyyxxwww1 */
300
301	rsr	a2, windowbase		# don't need to save these, we only
302	rsr	a3, windowstart		# need shifted windowstart: windowmask
303	ssr	a2
304	slli	a2, a3, 32-WSBITS
305	src	a2, a3, a2
306	srli	a2, a2, 32-WSBITS
307	s32i	a2, a1, PT_WMASK	# needed for kernel_exception_exit
308
309	/* Save only the live window-frame */
310
311	_bbsi.l	a2, 1, 1f
312	s32i	a4, a1, PT_AREG4
313	s32i	a5, a1, PT_AREG5
314	s32i	a6, a1, PT_AREG6
315	s32i	a7, a1, PT_AREG7
316	_bbsi.l	a2, 2, 1f
317	s32i	a8, a1, PT_AREG8
318	s32i	a9, a1, PT_AREG9
319	s32i	a10, a1, PT_AREG10
320	s32i	a11, a1, PT_AREG11
321	_bbsi.l	a2, 3, 1f
322	s32i	a12, a1, PT_AREG12
323	s32i	a13, a1, PT_AREG13
324	s32i	a14, a1, PT_AREG14
325	s32i	a15, a1, PT_AREG15
326
327	_bnei	a2, 1, 1f
328
329	/* Copy spill slots of a0 and a1 to imitate movsp
330	 * in order to keep exception stack continuous
331	 */
332	l32i	a3, a1, PT_SIZE
333	l32i	a0, a1, PT_SIZE + 4
334	s32e	a3, a1, -16
335	s32e	a0, a1, -12
3361:
337	l32i	a0, a1, PT_AREG0	# restore saved a0
338	wsr	a0, depc
339
340#ifdef KERNEL_STACK_OVERFLOW_CHECK
341
342	/*  Stack overflow check, for debugging  */
343	extui	a2, a1, TASK_SIZE_BITS,XX
344	movi	a3, SIZE??
345	_bge	a2, a3, out_of_stack_panic
346
347#endif
348
349/*
350 * This is the common exception handler.
351 * We get here from the user exception handler or simply by falling through
352 * from the kernel exception handler.
353 * Save the remaining special registers, switch to kernel mode, and jump
354 * to the second-level exception handler.
355 *
356 */
357
358common_exception:
359
360	/* Save some registers, disable loops and clear the syscall flag. */
361
362	rsr	a2, debugcause
363	rsr	a3, epc1
364	s32i	a2, a1, PT_DEBUGCAUSE
365	s32i	a3, a1, PT_PC
366
367	movi	a2, NO_SYSCALL
368	rsr	a3, excvaddr
369	s32i	a2, a1, PT_SYSCALL
370	movi	a2, 0
371	s32i	a3, a1, PT_EXCVADDR
372#if XCHAL_HAVE_LOOPS
373	xsr	a2, lcount
374	s32i	a2, a1, PT_LCOUNT
375#endif
376
377	/* It is now save to restore the EXC_TABLE_FIXUP variable. */
378
379	rsr	a2, exccause
380	movi	a3, 0
381	rsr	a0, excsave1
382	s32i	a2, a1, PT_EXCCAUSE
383	s32i	a3, a0, EXC_TABLE_FIXUP
384
385	/* All unrecoverable states are saved on stack, now, and a1 is valid.
386	 * Now we can allow exceptions again. In case we've got an interrupt
387	 * PS.INTLEVEL is set to LOCKLEVEL disabling furhter interrupts,
388	 * otherwise it's left unchanged.
389	 *
390	 * Set PS(EXCM = 0, UM = 0, RING = 0, OWB = 0, WOE = 1, INTLEVEL = X)
391	 */
392
393	rsr	a3, ps
394	s32i	a3, a1, PT_PS		# save ps
395
396#if XTENSA_FAKE_NMI
397	/* Correct PS needs to be saved in the PT_PS:
398	 * - in case of exception or level-1 interrupt it's in the PS,
399	 *   and is already saved.
400	 * - in case of medium level interrupt it's in the excsave2.
401	 */
402	movi	a0, EXCCAUSE_MAPPED_NMI
403	extui	a3, a3, PS_INTLEVEL_SHIFT, PS_INTLEVEL_WIDTH
404	beq	a2, a0, .Lmedium_level_irq
405	bnei	a2, EXCCAUSE_LEVEL1_INTERRUPT, .Lexception
406	beqz	a3, .Llevel1_irq	# level-1 IRQ sets ps.intlevel to 0
407
408.Lmedium_level_irq:
409	rsr	a0, excsave2
410	s32i	a0, a1, PT_PS		# save medium-level interrupt ps
411	bgei	a3, LOCKLEVEL, .Lexception
412
413.Llevel1_irq:
414	movi	a3, LOCKLEVEL
415
416.Lexception:
417	movi	a0, PS_WOE_MASK
418	or	a3, a3, a0
419#else
420	addi	a2, a2, -EXCCAUSE_LEVEL1_INTERRUPT
421	movi	a0, LOCKLEVEL
422	extui	a3, a3, PS_INTLEVEL_SHIFT, PS_INTLEVEL_WIDTH
423					# a3 = PS.INTLEVEL
424	moveqz	a3, a0, a2		# a3 = LOCKLEVEL iff interrupt
425	movi	a2, PS_WOE_MASK
426	or	a3, a3, a2
427	rsr	a2, exccause
428#endif
429
430	/* restore return address (or 0 if return to userspace) */
431	rsr	a0, depc
432	wsr	a3, ps
433	rsync				# PS.WOE => rsync => overflow
434
435	/* Save lbeg, lend */
436#if XCHAL_HAVE_LOOPS
437	rsr	a4, lbeg
438	rsr	a3, lend
439	s32i	a4, a1, PT_LBEG
440	s32i	a3, a1, PT_LEND
441#endif
442
443	/* Save SCOMPARE1 */
444
445#if XCHAL_HAVE_S32C1I
446	rsr     a3, scompare1
447	s32i    a3, a1, PT_SCOMPARE1
448#endif
449
450	/* Save optional registers. */
451
452	save_xtregs_opt a1 a3 a4 a5 a6 a7 PT_XTREGS_OPT
453
454	/* Go to second-level dispatcher. Set up parameters to pass to the
455	 * exception handler and call the exception handler.
456	 */
457
458	rsr	a4, excsave1
459	mov	a6, a1			# pass stack frame
460	mov	a7, a2			# pass EXCCAUSE
461	addx4	a4, a2, a4
462	l32i	a4, a4, EXC_TABLE_DEFAULT		# load handler
463
464	/* Call the second-level handler */
465
466	callx4	a4
467
468	/* Jump here for exception exit */
469	.global common_exception_return
470common_exception_return:
471
472#if XTENSA_FAKE_NMI
473	l32i	a2, a1, PT_EXCCAUSE
474	movi	a3, EXCCAUSE_MAPPED_NMI
475	beq	a2, a3, .LNMIexit
476#endif
4771:
478	irq_save a2, a3
479#ifdef CONFIG_TRACE_IRQFLAGS
480	call4	trace_hardirqs_off
481#endif
482
483	/* Jump if we are returning from kernel exceptions. */
484
485	l32i	a3, a1, PT_PS
486	GET_THREAD_INFO(a2, a1)
487	l32i	a4, a2, TI_FLAGS
488	_bbci.l	a3, PS_UM_BIT, 6f
489
490	/* Specific to a user exception exit:
491	 * We need to check some flags for signal handling and rescheduling,
492	 * and have to restore WB and WS, extra states, and all registers
493	 * in the register file that were in use in the user task.
494	 * Note that we don't disable interrupts here.
495	 */
496
497	_bbsi.l	a4, TIF_NEED_RESCHED, 3f
498	_bbsi.l	a4, TIF_NOTIFY_RESUME, 2f
499	_bbci.l	a4, TIF_SIGPENDING, 5f
500
5012:	l32i	a4, a1, PT_DEPC
502	bgeui	a4, VALID_DOUBLE_EXCEPTION_ADDRESS, 4f
503
504	/* Call do_signal() */
505
506#ifdef CONFIG_TRACE_IRQFLAGS
507	call4	trace_hardirqs_on
508#endif
509	rsil	a2, 0
510	mov	a6, a1
511	call4	do_notify_resume	# int do_notify_resume(struct pt_regs*)
512	j	1b
513
5143:	/* Reschedule */
515
516#ifdef CONFIG_TRACE_IRQFLAGS
517	call4	trace_hardirqs_on
518#endif
519	rsil	a2, 0
520	call4	schedule	# void schedule (void)
521	j	1b
522
523#ifdef CONFIG_PREEMPT
5246:
525	_bbci.l	a4, TIF_NEED_RESCHED, 4f
526
527	/* Check current_thread_info->preempt_count */
528
529	l32i	a4, a2, TI_PRE_COUNT
530	bnez	a4, 4f
531	call4	preempt_schedule_irq
532	j	1b
533#endif
534
535#if XTENSA_FAKE_NMI
536.LNMIexit:
537	l32i	a3, a1, PT_PS
538	_bbci.l	a3, PS_UM_BIT, 4f
539#endif
540
5415:
542#ifdef CONFIG_HAVE_HW_BREAKPOINT
543	_bbci.l	a4, TIF_DB_DISABLED, 7f
544	call4	restore_dbreak
5457:
546#endif
547#ifdef CONFIG_DEBUG_TLB_SANITY
548	l32i	a4, a1, PT_DEPC
549	bgeui	a4, VALID_DOUBLE_EXCEPTION_ADDRESS, 4f
550	call4	check_tlb_sanity
551#endif
5526:
5534:
554#ifdef CONFIG_TRACE_IRQFLAGS
555	extui	a4, a3, PS_INTLEVEL_SHIFT, PS_INTLEVEL_WIDTH
556	bgei	a4, LOCKLEVEL, 1f
557	call4	trace_hardirqs_on
5581:
559#endif
560	/* Restore optional registers. */
561
562	load_xtregs_opt a1 a2 a4 a5 a6 a7 PT_XTREGS_OPT
563
564	/* Restore SCOMPARE1 */
565
566#if XCHAL_HAVE_S32C1I
567	l32i    a2, a1, PT_SCOMPARE1
568	wsr     a2, scompare1
569#endif
570	wsr	a3, ps		/* disable interrupts */
571
572	_bbci.l	a3, PS_UM_BIT, kernel_exception_exit
573
574user_exception_exit:
575
576	/* Restore the state of the task and return from the exception. */
577
578	/* Switch to the user thread WINDOWBASE. Save SP temporarily in DEPC */
579
580	l32i	a2, a1, PT_WINDOWBASE
581	l32i	a3, a1, PT_WINDOWSTART
582	wsr	a1, depc		# use DEPC as temp storage
583	wsr	a3, windowstart		# restore WINDOWSTART
584	ssr	a2			# preserve user's WB in the SAR
585	wsr	a2, windowbase		# switch to user's saved WB
586	rsync
587	rsr	a1, depc		# restore stack pointer
588	l32i	a2, a1, PT_WMASK	# register frames saved (in bits 4...9)
589	rotw	-1			# we restore a4..a7
590	_bltui	a6, 16, 1f		# only have to restore current window?
591
592	/* The working registers are a0 and a3.  We are restoring to
593	 * a4..a7.  Be careful not to destroy what we have just restored.
594	 * Note: wmask has the format YYYYM:
595	 *       Y: number of registers saved in groups of 4
596	 *       M: 4 bit mask of first 16 registers
597	 */
598
599	mov	a2, a6
600	mov	a3, a5
601
6022:	rotw	-1			# a0..a3 become a4..a7
603	addi	a3, a7, -4*4		# next iteration
604	addi	a2, a6, -16		# decrementing Y in WMASK
605	l32i	a4, a3, PT_AREG_END + 0
606	l32i	a5, a3, PT_AREG_END + 4
607	l32i	a6, a3, PT_AREG_END + 8
608	l32i	a7, a3, PT_AREG_END + 12
609	_bgeui	a2, 16, 2b
610
611	/* Clear unrestored registers (don't leak anything to user-land */
612
6131:	rsr	a0, windowbase
614	rsr	a3, sar
615	sub	a3, a0, a3
616	beqz	a3, 2f
617	extui	a3, a3, 0, WBBITS
618
6191:	rotw	-1
620	addi	a3, a7, -1
621	movi	a4, 0
622	movi	a5, 0
623	movi	a6, 0
624	movi	a7, 0
625	bgei	a3, 1, 1b
626
627	/* We are back were we were when we started.
628	 * Note: a2 still contains WMASK (if we've returned to the original
629	 *	 frame where we had loaded a2), or at least the lower 4 bits
630	 *	 (if we have restored WSBITS-1 frames).
631	 */
632
6332:
634#if XCHAL_HAVE_THREADPTR
635	l32i	a3, a1, PT_THREADPTR
636	wur	a3, threadptr
637#endif
638
639	j	common_exception_exit
640
641	/* This is the kernel exception exit.
642	 * We avoided to do a MOVSP when we entered the exception, but we
643	 * have to do it here.
644	 */
645
646kernel_exception_exit:
647
648	/* Check if we have to do a movsp.
649	 *
650	 * We only have to do a movsp if the previous window-frame has
651	 * been spilled to the *temporary* exception stack instead of the
652	 * task's stack. This is the case if the corresponding bit in
653	 * WINDOWSTART for the previous window-frame was set before
654	 * (not spilled) but is zero now (spilled).
655	 * If this bit is zero, all other bits except the one for the
656	 * current window frame are also zero. So, we can use a simple test:
657	 * 'and' WINDOWSTART and WINDOWSTART-1:
658	 *
659	 *  (XXXXXX1[0]* - 1) AND XXXXXX1[0]* = XXXXXX0[0]*
660	 *
661	 * The result is zero only if one bit was set.
662	 *
663	 * (Note: We might have gone through several task switches before
664	 *        we come back to the current task, so WINDOWBASE might be
665	 *        different from the time the exception occurred.)
666	 */
667
668	/* Test WINDOWSTART before and after the exception.
669	 * We actually have WMASK, so we only have to test if it is 1 or not.
670	 */
671
672	l32i	a2, a1, PT_WMASK
673	_beqi	a2, 1, common_exception_exit	# Spilled before exception,jump
674
675	/* Test WINDOWSTART now. If spilled, do the movsp */
676
677	rsr     a3, windowstart
678	addi	a0, a3, -1
679	and     a3, a3, a0
680	_bnez	a3, common_exception_exit
681
682	/* Do a movsp (we returned from a call4, so we have at least a0..a7) */
683
684	addi    a0, a1, -16
685	l32i    a3, a0, 0
686	l32i    a4, a0, 4
687	s32i    a3, a1, PT_SIZE+0
688	s32i    a4, a1, PT_SIZE+4
689	l32i    a3, a0, 8
690	l32i    a4, a0, 12
691	s32i    a3, a1, PT_SIZE+8
692	s32i    a4, a1, PT_SIZE+12
693
694	/* Common exception exit.
695	 * We restore the special register and the current window frame, and
696	 * return from the exception.
697	 *
698	 * Note: We expect a2 to hold PT_WMASK
699	 */
700
701common_exception_exit:
702
703	/* Restore address registers. */
704
705	_bbsi.l	a2, 1, 1f
706	l32i	a4,  a1, PT_AREG4
707	l32i	a5,  a1, PT_AREG5
708	l32i	a6,  a1, PT_AREG6
709	l32i	a7,  a1, PT_AREG7
710	_bbsi.l	a2, 2, 1f
711	l32i	a8,  a1, PT_AREG8
712	l32i	a9,  a1, PT_AREG9
713	l32i	a10, a1, PT_AREG10
714	l32i	a11, a1, PT_AREG11
715	_bbsi.l	a2, 3, 1f
716	l32i	a12, a1, PT_AREG12
717	l32i	a13, a1, PT_AREG13
718	l32i	a14, a1, PT_AREG14
719	l32i	a15, a1, PT_AREG15
720
721	/* Restore PC, SAR */
722
7231:	l32i	a2, a1, PT_PC
724	l32i	a3, a1, PT_SAR
725	wsr	a2, epc1
726	wsr	a3, sar
727
728	/* Restore LBEG, LEND, LCOUNT */
729#if XCHAL_HAVE_LOOPS
730	l32i	a2, a1, PT_LBEG
731	l32i	a3, a1, PT_LEND
732	wsr	a2, lbeg
733	l32i	a2, a1, PT_LCOUNT
734	wsr	a3, lend
735	wsr	a2, lcount
736#endif
737
738	/* We control single stepping through the ICOUNTLEVEL register. */
739
740	l32i	a2, a1, PT_ICOUNTLEVEL
741	movi	a3, -2
742	wsr	a2, icountlevel
743	wsr	a3, icount
744
745	/* Check if it was double exception. */
746
747	l32i	a0, a1, PT_DEPC
748	l32i	a3, a1, PT_AREG3
749	l32i	a2, a1, PT_AREG2
750	_bgeui	a0, VALID_DOUBLE_EXCEPTION_ADDRESS, 1f
751
752	/* Restore a0...a3 and return */
753
754	l32i	a0, a1, PT_AREG0
755	l32i	a1, a1, PT_AREG1
756	rfe
757
7581: 	wsr	a0, depc
759	l32i	a0, a1, PT_AREG0
760	l32i	a1, a1, PT_AREG1
761	rfde
762
763ENDPROC(kernel_exception)
764
765/*
766 * Debug exception handler.
767 *
768 * Currently, we don't support KGDB, so only user application can be debugged.
769 *
770 * When we get here,  a0 is trashed and saved to excsave[debuglevel]
771 */
772
773	.literal_position
774
775ENTRY(debug_exception)
776
777	rsr	a0, SREG_EPS + XCHAL_DEBUGLEVEL
778	bbsi.l	a0, PS_EXCM_BIT, 1f	# exception mode
779
780	/* Set EPC1 and EXCCAUSE */
781
782	wsr	a2, depc		# save a2 temporarily
783	rsr	a2, SREG_EPC + XCHAL_DEBUGLEVEL
784	wsr	a2, epc1
785
786	movi	a2, EXCCAUSE_MAPPED_DEBUG
787	wsr	a2, exccause
788
789	/* Restore PS to the value before the debug exc but with PS.EXCM set.*/
790
791	movi	a2, 1 << PS_EXCM_BIT
792	or	a2, a0, a2
793	wsr	a2, ps
794
795	/* Switch to kernel/user stack, restore jump vector, and save a0 */
796
797	bbsi.l	a2, PS_UM_BIT, 2f	# jump if user mode
798
799	addi	a2, a1, -16-PT_SIZE	# assume kernel stack
8003:
801	l32i	a0, a3, DT_DEBUG_SAVE
802	s32i	a1, a2, PT_AREG1
803	s32i	a0, a2, PT_AREG0
804	movi	a0, 0
805	s32i	a0, a2, PT_DEPC		# mark it as a regular exception
806	xsr	a3, SREG_EXCSAVE + XCHAL_DEBUGLEVEL
807	xsr	a0, depc
808	s32i	a3, a2, PT_AREG3
809	s32i	a0, a2, PT_AREG2
810	mov	a1, a2
811
812	/* Debug exception is handled as an exception, so interrupts will
813	 * likely be enabled in the common exception handler. Disable
814	 * preemption if we have HW breakpoints to preserve DEBUGCAUSE.DBNUM
815	 * meaning.
816	 */
817#if defined(CONFIG_PREEMPT_COUNT) && defined(CONFIG_HAVE_HW_BREAKPOINT)
818	GET_THREAD_INFO(a2, a1)
819	l32i	a3, a2, TI_PRE_COUNT
820	addi	a3, a3, 1
821	s32i	a3, a2, TI_PRE_COUNT
822#endif
823
824	rsr	a2, ps
825	bbsi.l	a2, PS_UM_BIT, _user_exception
826	j	_kernel_exception
827
8282:	rsr	a2, excsave1
829	l32i	a2, a2, EXC_TABLE_KSTK	# load kernel stack pointer
830	j	3b
831
832#ifdef CONFIG_HAVE_HW_BREAKPOINT
833	/* Debug exception while in exception mode. This may happen when
834	 * window overflow/underflow handler or fast exception handler hits
835	 * data breakpoint, in which case save and disable all data
836	 * breakpoints, single-step faulting instruction and restore data
837	 * breakpoints.
838	 */
8391:
840	bbci.l	a0, PS_UM_BIT, 1b	# jump if kernel mode
841
842	rsr	a0, debugcause
843	bbsi.l	a0, DEBUGCAUSE_DBREAK_BIT, .Ldebug_save_dbreak
844
845	.set	_index, 0
846	.rept	XCHAL_NUM_DBREAK
847	l32i	a0, a3, DT_DBREAKC_SAVE + _index * 4
848	wsr	a0, SREG_DBREAKC + _index
849	.set	_index, _index + 1
850	.endr
851
852	l32i	a0, a3, DT_ICOUNT_LEVEL_SAVE
853	wsr	a0, icountlevel
854
855	l32i	a0, a3, DT_ICOUNT_SAVE
856	xsr	a0, icount
857
858	l32i	a0, a3, DT_DEBUG_SAVE
859	xsr	a3, SREG_EXCSAVE + XCHAL_DEBUGLEVEL
860	rfi	XCHAL_DEBUGLEVEL
861
862.Ldebug_save_dbreak:
863	.set	_index, 0
864	.rept	XCHAL_NUM_DBREAK
865	movi	a0, 0
866	xsr	a0, SREG_DBREAKC + _index
867	s32i	a0, a3, DT_DBREAKC_SAVE + _index * 4
868	.set	_index, _index + 1
869	.endr
870
871	movi	a0, XCHAL_EXCM_LEVEL + 1
872	xsr	a0, icountlevel
873	s32i	a0, a3, DT_ICOUNT_LEVEL_SAVE
874
875	movi	a0, 0xfffffffe
876	xsr	a0, icount
877	s32i	a0, a3, DT_ICOUNT_SAVE
878
879	l32i	a0, a3, DT_DEBUG_SAVE
880	xsr	a3, SREG_EXCSAVE + XCHAL_DEBUGLEVEL
881	rfi	XCHAL_DEBUGLEVEL
882#else
883	/* Debug exception while in exception mode. Should not happen. */
8841:	j	1b	// FIXME!!
885#endif
886
887ENDPROC(debug_exception)
888
889/*
890 * We get here in case of an unrecoverable exception.
891 * The only thing we can do is to be nice and print a panic message.
892 * We only produce a single stack frame for panic, so ???
893 *
894 *
895 * Entry conditions:
896 *
897 *   - a0 contains the caller address; original value saved in excsave1.
898 *   - the original a0 contains a valid return address (backtrace) or 0.
899 *   - a2 contains a valid stackpointer
900 *
901 * Notes:
902 *
903 *   - If the stack pointer could be invalid, the caller has to setup a
904 *     dummy stack pointer (e.g. the stack of the init_task)
905 *
906 *   - If the return address could be invalid, the caller has to set it
907 *     to 0, so the backtrace would stop.
908 *
909 */
910	.align 4
911unrecoverable_text:
912	.ascii "Unrecoverable error in exception handler\0"
913
914	.literal_position
915
916ENTRY(unrecoverable_exception)
917
918	movi	a0, 1
919	movi	a1, 0
920
921	wsr	a0, windowstart
922	wsr	a1, windowbase
923	rsync
924
925	movi	a1, PS_WOE_MASK | LOCKLEVEL
926	wsr	a1, ps
927	rsync
928
929	movi	a1, init_task
930	movi	a0, 0
931	addi	a1, a1, PT_REGS_OFFSET
932
933	movi	a6, unrecoverable_text
934	call4	panic
935
9361:	j	1b
937
938ENDPROC(unrecoverable_exception)
939
940/* -------------------------- FAST EXCEPTION HANDLERS ----------------------- */
941
942/*
943 * Fast-handler for alloca exceptions
944 *
945 *  The ALLOCA handler is entered when user code executes the MOVSP
946 *  instruction and the caller's frame is not in the register file.
947 *
948 * This algorithm was taken from the Ross Morley's RTOS Porting Layer:
949 *
950 *    /home/ross/rtos/porting/XtensaRTOS-PortingLayer-20090507/xtensa_vectors.S
951 *
952 * It leverages the existing window spill/fill routines and their support for
953 * double exceptions. The 'movsp' instruction will only cause an exception if
954 * the next window needs to be loaded. In fact this ALLOCA exception may be
955 * replaced at some point by changing the hardware to do a underflow exception
956 * of the proper size instead.
957 *
958 * This algorithm simply backs out the register changes started by the user
959 * excpetion handler, makes it appear that we have started a window underflow
960 * by rotating the window back and then setting the old window base (OWB) in
961 * the 'ps' register with the rolled back window base. The 'movsp' instruction
962 * will be re-executed and this time since the next window frames is in the
963 * active AR registers it won't cause an exception.
964 *
965 * If the WindowUnderflow code gets a TLB miss the page will get mapped
966 * the the partial windeowUnderflow will be handeled in the double exception
967 * handler.
968 *
969 * Entry condition:
970 *
971 *   a0:	trashed, original value saved on stack (PT_AREG0)
972 *   a1:	a1
973 *   a2:	new stack pointer, original in DEPC
974 *   a3:	a3
975 *   depc:	a2, original value saved on stack (PT_DEPC)
976 *   excsave_1:	dispatch table
977 *
978 *   PT_DEPC >= VALID_DOUBLE_EXCEPTION_ADDRESS: double exception, DEPC
979 *	     <  VALID_DOUBLE_EXCEPTION_ADDRESS: regular exception
980 */
981
982ENTRY(fast_alloca)
983	rsr	a0, windowbase
984	rotw	-1
985	rsr	a2, ps
986	extui	a3, a2, PS_OWB_SHIFT, PS_OWB_WIDTH
987	xor	a3, a3, a4
988	l32i	a4, a6, PT_AREG0
989	l32i	a1, a6, PT_DEPC
990	rsr	a6, depc
991	wsr	a1, depc
992	slli	a3, a3, PS_OWB_SHIFT
993	xor	a2, a2, a3
994	wsr	a2, ps
995	rsync
996
997	_bbci.l	a4, 31, 4f
998	rotw	-1
999	_bbci.l	a8, 30, 8f
1000	rotw	-1
1001	j	_WindowUnderflow12
10028:	j	_WindowUnderflow8
10034:	j	_WindowUnderflow4
1004ENDPROC(fast_alloca)
1005
1006#ifdef CONFIG_USER_ABI_CALL0_PROBE
1007/*
1008 * fast illegal instruction handler.
1009 *
1010 * This is used to fix up user PS.WOE on the exception caused
1011 * by the first opcode related to register window. If PS.WOE is
1012 * already set it goes directly to the common user exception handler.
1013 *
1014 * Entry condition:
1015 *
1016 *   a0:	trashed, original value saved on stack (PT_AREG0)
1017 *   a1:	a1
1018 *   a2:	new stack pointer, original in DEPC
1019 *   a3:	a3
1020 *   depc:	a2, original value saved on stack (PT_DEPC)
1021 *   excsave_1:	dispatch table
1022 */
1023
1024ENTRY(fast_illegal_instruction_user)
1025
1026	rsr	a0, ps
1027	bbsi.l	a0, PS_WOE_BIT, user_exception
1028	s32i	a3, a2, PT_AREG3
1029	movi	a3, PS_WOE_MASK
1030	or	a0, a0, a3
1031	wsr	a0, ps
1032	l32i	a3, a2, PT_AREG3
1033	l32i	a0, a2, PT_AREG0
1034	rsr	a2, depc
1035	rfe
1036
1037ENDPROC(fast_illegal_instruction_user)
1038#endif
1039
1040	/*
1041 * fast system calls.
1042 *
1043 * WARNING:  The kernel doesn't save the entire user context before
1044 * handling a fast system call.  These functions are small and short,
1045 * usually offering some functionality not available to user tasks.
1046 *
1047 * BE CAREFUL TO PRESERVE THE USER'S CONTEXT.
1048 *
1049 * Entry condition:
1050 *
1051 *   a0:	trashed, original value saved on stack (PT_AREG0)
1052 *   a1:	a1
1053 *   a2:	new stack pointer, original in DEPC
1054 *   a3:	a3
1055 *   depc:	a2, original value saved on stack (PT_DEPC)
1056 *   excsave_1:	dispatch table
1057 */
1058
1059ENTRY(fast_syscall_user)
1060
1061	/* Skip syscall. */
1062
1063	rsr	a0, epc1
1064	addi	a0, a0, 3
1065	wsr	a0, epc1
1066
1067	l32i	a0, a2, PT_DEPC
1068	bgeui	a0, VALID_DOUBLE_EXCEPTION_ADDRESS, fast_syscall_unrecoverable
1069
1070	rsr	a0, depc			# get syscall-nr
1071	_beqz	a0, fast_syscall_spill_registers
1072	_beqi	a0, __NR_xtensa, fast_syscall_xtensa
1073
1074	j	user_exception
1075
1076ENDPROC(fast_syscall_user)
1077
1078ENTRY(fast_syscall_unrecoverable)
1079
1080	/* Restore all states. */
1081
1082	l32i    a0, a2, PT_AREG0        # restore a0
1083	xsr     a2, depc                # restore a2, depc
1084
1085	wsr     a0, excsave1
1086	call0	unrecoverable_exception
1087
1088ENDPROC(fast_syscall_unrecoverable)
1089
1090/*
1091 * sysxtensa syscall handler
1092 *
1093 * int sysxtensa (SYS_XTENSA_ATOMIC_SET,     ptr, val,    unused);
1094 * int sysxtensa (SYS_XTENSA_ATOMIC_ADD,     ptr, val,    unused);
1095 * int sysxtensa (SYS_XTENSA_ATOMIC_EXG_ADD, ptr, val,    unused);
1096 * int sysxtensa (SYS_XTENSA_ATOMIC_CMP_SWP, ptr, oldval, newval);
1097 *        a2            a6                   a3    a4      a5
1098 *
1099 * Entry condition:
1100 *
1101 *   a0:	a2 (syscall-nr), original value saved on stack (PT_AREG0)
1102 *   a1:	a1
1103 *   a2:	new stack pointer, original in a0 and DEPC
1104 *   a3:	a3
1105 *   a4..a15:	unchanged
1106 *   depc:	a2, original value saved on stack (PT_DEPC)
1107 *   excsave_1:	dispatch table
1108 *
1109 *   PT_DEPC >= VALID_DOUBLE_EXCEPTION_ADDRESS: double exception, DEPC
1110 *	     <  VALID_DOUBLE_EXCEPTION_ADDRESS: regular exception
1111 *
1112 * Note: we don't have to save a2; a2 holds the return value
1113 */
1114
1115	.literal_position
1116
1117#ifdef CONFIG_FAST_SYSCALL_XTENSA
1118
1119ENTRY(fast_syscall_xtensa)
1120
1121	s32i	a7, a2, PT_AREG7	# we need an additional register
1122	movi	a7, 4			# sizeof(unsigned int)
1123	access_ok a3, a7, a0, a2, .Leac	# a0: scratch reg, a2: sp
1124
1125	_bgeui	a6, SYS_XTENSA_COUNT, .Lill
1126	_bnei	a6, SYS_XTENSA_ATOMIC_CMP_SWP, .Lnswp
1127
1128	/* Fall through for ATOMIC_CMP_SWP. */
1129
1130.Lswp:	/* Atomic compare and swap */
1131
1132EX(.Leac) l32i	a0, a3, 0		# read old value
1133	bne	a0, a4, 1f		# same as old value? jump
1134EX(.Leac) s32i	a5, a3, 0		# different, modify value
1135	l32i	a7, a2, PT_AREG7	# restore a7
1136	l32i	a0, a2, PT_AREG0	# restore a0
1137	movi	a2, 1			# and return 1
1138	rfe
1139
11401:	l32i	a7, a2, PT_AREG7	# restore a7
1141	l32i	a0, a2, PT_AREG0	# restore a0
1142	movi	a2, 0			# return 0 (note that we cannot set
1143	rfe
1144
1145.Lnswp:	/* Atomic set, add, and exg_add. */
1146
1147EX(.Leac) l32i	a7, a3, 0		# orig
1148	addi	a6, a6, -SYS_XTENSA_ATOMIC_SET
1149	add	a0, a4, a7		# + arg
1150	moveqz	a0, a4, a6		# set
1151	addi	a6, a6, SYS_XTENSA_ATOMIC_SET
1152EX(.Leac) s32i	a0, a3, 0		# write new value
1153
1154	mov	a0, a2
1155	mov	a2, a7
1156	l32i	a7, a0, PT_AREG7	# restore a7
1157	l32i	a0, a0, PT_AREG0	# restore a0
1158	rfe
1159
1160.Leac:	l32i	a7, a2, PT_AREG7	# restore a7
1161	l32i	a0, a2, PT_AREG0	# restore a0
1162	movi	a2, -EFAULT
1163	rfe
1164
1165.Lill:	l32i	a7, a2, PT_AREG7	# restore a7
1166	l32i	a0, a2, PT_AREG0	# restore a0
1167	movi	a2, -EINVAL
1168	rfe
1169
1170ENDPROC(fast_syscall_xtensa)
1171
1172#else /* CONFIG_FAST_SYSCALL_XTENSA */
1173
1174ENTRY(fast_syscall_xtensa)
1175
1176	l32i    a0, a2, PT_AREG0        # restore a0
1177	movi	a2, -ENOSYS
1178	rfe
1179
1180ENDPROC(fast_syscall_xtensa)
1181
1182#endif /* CONFIG_FAST_SYSCALL_XTENSA */
1183
1184
1185/* fast_syscall_spill_registers.
1186 *
1187 * Entry condition:
1188 *
1189 *   a0:	trashed, original value saved on stack (PT_AREG0)
1190 *   a1:	a1
1191 *   a2:	new stack pointer, original in DEPC
1192 *   a3:	a3
1193 *   depc:	a2, original value saved on stack (PT_DEPC)
1194 *   excsave_1:	dispatch table
1195 *
1196 * Note: We assume the stack pointer is EXC_TABLE_KSTK in the fixup handler.
1197 */
1198
1199#ifdef CONFIG_FAST_SYSCALL_SPILL_REGISTERS
1200
1201ENTRY(fast_syscall_spill_registers)
1202
1203	/* Register a FIXUP handler (pass current wb as a parameter) */
1204
1205	xsr	a3, excsave1
1206	movi	a0, fast_syscall_spill_registers_fixup
1207	s32i	a0, a3, EXC_TABLE_FIXUP
1208	rsr	a0, windowbase
1209	s32i	a0, a3, EXC_TABLE_PARAM
1210	xsr	a3, excsave1		# restore a3 and excsave_1
1211
1212	/* Save a3, a4 and SAR on stack. */
1213
1214	rsr	a0, sar
1215	s32i	a3, a2, PT_AREG3
1216	s32i	a0, a2, PT_SAR
1217
1218	/* The spill routine might clobber a4, a7, a8, a11, a12, and a15. */
1219
1220	s32i	a4, a2, PT_AREG4
1221	s32i	a7, a2, PT_AREG7
1222	s32i	a8, a2, PT_AREG8
1223	s32i	a11, a2, PT_AREG11
1224	s32i	a12, a2, PT_AREG12
1225	s32i	a15, a2, PT_AREG15
1226
1227	/*
1228	 * Rotate ws so that the current windowbase is at bit 0.
1229	 * Assume ws = xxxwww1yy (www1 current window frame).
1230	 * Rotate ws right so that a4 = yyxxxwww1.
1231	 */
1232
1233	rsr	a0, windowbase
1234	rsr	a3, windowstart		# a3 = xxxwww1yy
1235	ssr	a0			# holds WB
1236	slli	a0, a3, WSBITS
1237	or	a3, a3, a0		# a3 = xxxwww1yyxxxwww1yy
1238	srl	a3, a3			# a3 = 00xxxwww1yyxxxwww1
1239
1240	/* We are done if there are no more than the current register frame. */
1241
1242	extui	a3, a3, 1, WSBITS-1	# a3 = 0yyxxxwww
1243	movi	a0, (1 << (WSBITS-1))
1244	_beqz	a3, .Lnospill		# only one active frame? jump
1245
1246	/* We want 1 at the top, so that we return to the current windowbase */
1247
1248	or	a3, a3, a0		# 1yyxxxwww
1249
1250	/* Skip empty frames - get 'oldest' WINDOWSTART-bit. */
1251
1252	wsr	a3, windowstart		# save shifted windowstart
1253	neg	a0, a3
1254	and	a3, a0, a3		# first bit set from right: 000010000
1255
1256	ffs_ws	a0, a3			# a0: shifts to skip empty frames
1257	movi	a3, WSBITS
1258	sub	a0, a3, a0		# WSBITS-a0:number of 0-bits from right
1259	ssr	a0			# save in SAR for later.
1260
1261	rsr	a3, windowbase
1262	add	a3, a3, a0
1263	wsr	a3, windowbase
1264	rsync
1265
1266	rsr	a3, windowstart
1267	srl	a3, a3			# shift windowstart
1268
1269	/* WB is now just one frame below the oldest frame in the register
1270	   window. WS is shifted so the oldest frame is in bit 0, thus, WB
1271	   and WS differ by one 4-register frame. */
1272
1273	/* Save frames. Depending what call was used (call4, call8, call12),
1274	 * we have to save 4,8. or 12 registers.
1275	 */
1276
1277
1278.Lloop: _bbsi.l	a3, 1, .Lc4
1279	_bbci.l	a3, 2, .Lc12
1280
1281.Lc8:	s32e	a4, a13, -16
1282	l32e	a4, a5, -12
1283	s32e	a8, a4, -32
1284	s32e	a5, a13, -12
1285	s32e	a6, a13, -8
1286	s32e	a7, a13, -4
1287	s32e	a9, a4, -28
1288	s32e	a10, a4, -24
1289	s32e	a11, a4, -20
1290	srli	a11, a3, 2		# shift windowbase by 2
1291	rotw	2
1292	_bnei	a3, 1, .Lloop
1293	j	.Lexit
1294
1295.Lc4:	s32e	a4, a9, -16
1296	s32e	a5, a9, -12
1297	s32e	a6, a9, -8
1298	s32e	a7, a9, -4
1299
1300	srli	a7, a3, 1
1301	rotw	1
1302	_bnei	a3, 1, .Lloop
1303	j	.Lexit
1304
1305.Lc12:	_bbci.l	a3, 3, .Linvalid_mask	# bit 2 shouldn't be zero!
1306
1307	/* 12-register frame (call12) */
1308
1309	l32e	a0, a5, -12
1310	s32e	a8, a0, -48
1311	mov	a8, a0
1312
1313	s32e	a9, a8, -44
1314	s32e	a10, a8, -40
1315	s32e	a11, a8, -36
1316	s32e	a12, a8, -32
1317	s32e	a13, a8, -28
1318	s32e	a14, a8, -24
1319	s32e	a15, a8, -20
1320	srli	a15, a3, 3
1321
1322	/* The stack pointer for a4..a7 is out of reach, so we rotate the
1323	 * window, grab the stackpointer, and rotate back.
1324	 * Alternatively, we could also use the following approach, but that
1325	 * makes the fixup routine much more complicated:
1326	 * rotw	1
1327	 * s32e	a0, a13, -16
1328	 * ...
1329	 * rotw 2
1330	 */
1331
1332	rotw	1
1333	mov	a4, a13
1334	rotw	-1
1335
1336	s32e	a4, a8, -16
1337	s32e	a5, a8, -12
1338	s32e	a6, a8, -8
1339	s32e	a7, a8, -4
1340
1341	rotw	3
1342
1343	_beqi	a3, 1, .Lexit
1344	j	.Lloop
1345
1346.Lexit:
1347
1348	/* Done. Do the final rotation and set WS */
1349
1350	rotw	1
1351	rsr	a3, windowbase
1352	ssl	a3
1353	movi	a3, 1
1354	sll	a3, a3
1355	wsr	a3, windowstart
1356.Lnospill:
1357
1358	/* Advance PC, restore registers and SAR, and return from exception. */
1359
1360	l32i	a3, a2, PT_SAR
1361	l32i	a0, a2, PT_AREG0
1362	wsr	a3, sar
1363	l32i	a3, a2, PT_AREG3
1364
1365	/* Restore clobbered registers. */
1366
1367	l32i	a4, a2, PT_AREG4
1368	l32i	a7, a2, PT_AREG7
1369	l32i	a8, a2, PT_AREG8
1370	l32i	a11, a2, PT_AREG11
1371	l32i	a12, a2, PT_AREG12
1372	l32i	a15, a2, PT_AREG15
1373
1374	movi	a2, 0
1375	rfe
1376
1377.Linvalid_mask:
1378
1379	/* We get here because of an unrecoverable error in the window
1380	 * registers, so set up a dummy frame and kill the user application.
1381	 * Note: We assume EXC_TABLE_KSTK contains a valid stack pointer.
1382	 */
1383
1384	movi	a0, 1
1385	movi	a1, 0
1386
1387	wsr	a0, windowstart
1388	wsr	a1, windowbase
1389	rsync
1390
1391	movi	a0, 0
1392
1393	rsr	a3, excsave1
1394	l32i	a1, a3, EXC_TABLE_KSTK
1395
1396	movi	a4, PS_WOE_MASK | LOCKLEVEL
1397	wsr	a4, ps
1398	rsync
1399
1400	movi	a6, SIGSEGV
1401	call4	do_exit
1402
1403	/* shouldn't return, so panic */
1404
1405	wsr	a0, excsave1
1406	call0	unrecoverable_exception		# should not return
14071:	j	1b
1408
1409
1410ENDPROC(fast_syscall_spill_registers)
1411
1412/* Fixup handler.
1413 *
1414 * We get here if the spill routine causes an exception, e.g. tlb miss.
1415 * We basically restore WINDOWBASE and WINDOWSTART to the condition when
1416 * we entered the spill routine and jump to the user exception handler.
1417 *
1418 * Note that we only need to restore the bits in windowstart that have not
1419 * been spilled yet by the _spill_register routine. Luckily, a3 contains a
1420 * rotated windowstart with only those bits set for frames that haven't been
1421 * spilled yet. Because a3 is rotated such that bit 0 represents the register
1422 * frame for the current windowbase - 1, we need to rotate a3 left by the
1423 * value of the current windowbase + 1 and move it to windowstart.
1424 *
1425 * a0: value of depc, original value in depc
1426 * a2: trashed, original value in EXC_TABLE_DOUBLE_SAVE
1427 * a3: exctable, original value in excsave1
1428 */
1429
1430ENTRY(fast_syscall_spill_registers_fixup)
1431
1432	rsr	a2, windowbase	# get current windowbase (a2 is saved)
1433	xsr	a0, depc	# restore depc and a0
1434	ssl	a2		# set shift (32 - WB)
1435
1436	/* We need to make sure the current registers (a0-a3) are preserved.
1437	 * To do this, we simply set the bit for the current window frame
1438	 * in WS, so that the exception handlers save them to the task stack.
1439	 *
1440	 * Note: we use a3 to set the windowbase, so we take a special care
1441	 * of it, saving it in the original _spill_registers frame across
1442	 * the exception handler call.
1443	 */
1444
1445	xsr	a3, excsave1	# get spill-mask
1446	slli	a3, a3, 1	# shift left by one
1447	addi	a3, a3, 1	# set the bit for the current window frame
1448
1449	slli	a2, a3, 32-WSBITS
1450	src	a2, a3, a2	# a2 = xxwww1yyxxxwww1yy......
1451	wsr	a2, windowstart	# set corrected windowstart
1452
1453	srli	a3, a3, 1
1454	rsr	a2, excsave1
1455	l32i	a2, a2, EXC_TABLE_DOUBLE_SAVE	# restore a2
1456	xsr	a2, excsave1
1457	s32i	a3, a2, EXC_TABLE_DOUBLE_SAVE	# save a3
1458	l32i	a3, a2, EXC_TABLE_PARAM	# original WB (in user task)
1459	xsr	a2, excsave1
1460
1461	/* Return to the original (user task) WINDOWBASE.
1462	 * We leave the following frame behind:
1463	 * a0, a1, a2	same
1464	 * a3:		trashed (saved in EXC_TABLE_DOUBLE_SAVE)
1465	 * depc:	depc (we have to return to that address)
1466	 * excsave_1:	exctable
1467	 */
1468
1469	wsr	a3, windowbase
1470	rsync
1471
1472	/* We are now in the original frame when we entered _spill_registers:
1473	 *  a0: return address
1474	 *  a1: used, stack pointer
1475	 *  a2: kernel stack pointer
1476	 *  a3: available
1477	 *  depc: exception address
1478	 *  excsave: exctable
1479	 * Note: This frame might be the same as above.
1480	 */
1481
1482	/* Setup stack pointer. */
1483
1484	addi	a2, a2, -PT_USER_SIZE
1485	s32i	a0, a2, PT_AREG0
1486
1487	/* Make sure we return to this fixup handler. */
1488
1489	movi	a3, fast_syscall_spill_registers_fixup_return
1490	s32i	a3, a2, PT_DEPC		# setup depc
1491
1492	/* Jump to the exception handler. */
1493
1494	rsr	a3, excsave1
1495	rsr	a0, exccause
1496	addx4	a0, a0, a3              	# find entry in table
1497	l32i	a0, a0, EXC_TABLE_FAST_USER     # load handler
1498	l32i	a3, a3, EXC_TABLE_DOUBLE_SAVE
1499	jx	a0
1500
1501ENDPROC(fast_syscall_spill_registers_fixup)
1502
1503ENTRY(fast_syscall_spill_registers_fixup_return)
1504
1505	/* When we return here, all registers have been restored (a2: DEPC) */
1506
1507	wsr	a2, depc		# exception address
1508
1509	/* Restore fixup handler. */
1510
1511	rsr	a2, excsave1
1512	s32i	a3, a2, EXC_TABLE_DOUBLE_SAVE
1513	movi	a3, fast_syscall_spill_registers_fixup
1514	s32i	a3, a2, EXC_TABLE_FIXUP
1515	rsr	a3, windowbase
1516	s32i	a3, a2, EXC_TABLE_PARAM
1517	l32i	a2, a2, EXC_TABLE_KSTK
1518
1519	/* Load WB at the time the exception occurred. */
1520
1521	rsr	a3, sar			# WB is still in SAR
1522	neg	a3, a3
1523	wsr	a3, windowbase
1524	rsync
1525
1526	rsr	a3, excsave1
1527	l32i	a3, a3, EXC_TABLE_DOUBLE_SAVE
1528
1529	rfde
1530
1531ENDPROC(fast_syscall_spill_registers_fixup_return)
1532
1533#else /* CONFIG_FAST_SYSCALL_SPILL_REGISTERS */
1534
1535ENTRY(fast_syscall_spill_registers)
1536
1537	l32i    a0, a2, PT_AREG0        # restore a0
1538	movi	a2, -ENOSYS
1539	rfe
1540
1541ENDPROC(fast_syscall_spill_registers)
1542
1543#endif /* CONFIG_FAST_SYSCALL_SPILL_REGISTERS */
1544
1545#ifdef CONFIG_MMU
1546/*
1547 * We should never get here. Bail out!
1548 */
1549
1550ENTRY(fast_second_level_miss_double_kernel)
1551
15521:
1553	call0	unrecoverable_exception		# should not return
15541:	j	1b
1555
1556ENDPROC(fast_second_level_miss_double_kernel)
1557
1558/* First-level entry handler for user, kernel, and double 2nd-level
1559 * TLB miss exceptions.  Note that for now, user and kernel miss
1560 * exceptions share the same entry point and are handled identically.
1561 *
1562 * An old, less-efficient C version of this function used to exist.
1563 * We include it below, interleaved as comments, for reference.
1564 *
1565 * Entry condition:
1566 *
1567 *   a0:	trashed, original value saved on stack (PT_AREG0)
1568 *   a1:	a1
1569 *   a2:	new stack pointer, original in DEPC
1570 *   a3:	a3
1571 *   depc:	a2, original value saved on stack (PT_DEPC)
1572 *   excsave_1:	dispatch table
1573 *
1574 *   PT_DEPC >= VALID_DOUBLE_EXCEPTION_ADDRESS: double exception, DEPC
1575 *	     <  VALID_DOUBLE_EXCEPTION_ADDRESS: regular exception
1576 */
1577
1578ENTRY(fast_second_level_miss)
1579
1580	/* Save a1 and a3. Note: we don't expect a double exception. */
1581
1582	s32i	a1, a2, PT_AREG1
1583	s32i	a3, a2, PT_AREG3
1584
1585	/* We need to map the page of PTEs for the user task.  Find
1586	 * the pointer to that page.  Also, it's possible for tsk->mm
1587	 * to be NULL while tsk->active_mm is nonzero if we faulted on
1588	 * a vmalloc address.  In that rare case, we must use
1589	 * active_mm instead to avoid a fault in this handler.  See
1590	 *
1591	 * http://mail.nl.linux.org/linux-mm/2002-08/msg00258.html
1592	 *   (or search Internet on "mm vs. active_mm")
1593	 *
1594	 *	if (!mm)
1595	 *		mm = tsk->active_mm;
1596	 *	pgd = pgd_offset (mm, regs->excvaddr);
1597	 *	pmd = pmd_offset (pgd, regs->excvaddr);
1598	 *	pmdval = *pmd;
1599	 */
1600
1601	GET_CURRENT(a1,a2)
1602	l32i	a0, a1, TASK_MM		# tsk->mm
1603	beqz	a0, 9f
1604
16058:	rsr	a3, excvaddr		# fault address
1606	_PGD_OFFSET(a0, a3, a1)
1607	l32i	a0, a0, 0		# read pmdval
1608	beqz	a0, 2f
1609
1610	/* Read ptevaddr and convert to top of page-table page.
1611	 *
1612	 * 	vpnval = read_ptevaddr_register() & PAGE_MASK;
1613	 * 	vpnval += DTLB_WAY_PGTABLE;
1614	 *	pteval = mk_pte (virt_to_page(pmd_val(pmdval)), PAGE_KERNEL);
1615	 *	write_dtlb_entry (pteval, vpnval);
1616	 *
1617	 * The messy computation for 'pteval' above really simplifies
1618	 * into the following:
1619	 *
1620	 * pteval = ((pmdval - PAGE_OFFSET + PHYS_OFFSET) & PAGE_MASK)
1621	 *                 | PAGE_DIRECTORY
1622	 */
1623
1624	movi	a1, (PHYS_OFFSET - PAGE_OFFSET) & 0xffffffff
1625	add	a0, a0, a1		# pmdval - PAGE_OFFSET
1626	extui	a1, a0, 0, PAGE_SHIFT	# ... & PAGE_MASK
1627	xor	a0, a0, a1
1628
1629	movi	a1, _PAGE_DIRECTORY
1630	or	a0, a0, a1		# ... | PAGE_DIRECTORY
1631
1632	/*
1633	 * We utilize all three wired-ways (7-9) to hold pmd translations.
1634	 * Memory regions are mapped to the DTLBs according to bits 28 and 29.
1635	 * This allows to map the three most common regions to three different
1636	 * DTLBs:
1637	 *  0,1 -> way 7	program (0040.0000) and virtual (c000.0000)
1638	 *  2   -> way 8	shared libaries (2000.0000)
1639	 *  3   -> way 0	stack (3000.0000)
1640	 */
1641
1642	extui	a3, a3, 28, 2		# addr. bit 28 and 29	0,1,2,3
1643	rsr	a1, ptevaddr
1644	addx2	a3, a3, a3		# ->			0,3,6,9
1645	srli	a1, a1, PAGE_SHIFT
1646	extui	a3, a3, 2, 2		# ->			0,0,1,2
1647	slli	a1, a1, PAGE_SHIFT	# ptevaddr & PAGE_MASK
1648	addi	a3, a3, DTLB_WAY_PGD
1649	add	a1, a1, a3		# ... + way_number
1650
16513:	wdtlb	a0, a1
1652	dsync
1653
1654	/* Exit critical section. */
1655
16564:	rsr	a3, excsave1
1657	movi	a0, 0
1658	s32i	a0, a3, EXC_TABLE_FIXUP
1659
1660	/* Restore the working registers, and return. */
1661
1662	l32i	a0, a2, PT_AREG0
1663	l32i	a1, a2, PT_AREG1
1664	l32i	a3, a2, PT_AREG3
1665	l32i	a2, a2, PT_DEPC
1666
1667	bgeui	a2, VALID_DOUBLE_EXCEPTION_ADDRESS, 1f
1668
1669	/* Restore excsave1 and return. */
1670
1671	rsr	a2, depc
1672	rfe
1673
1674	/* Return from double exception. */
1675
16761:	xsr	a2, depc
1677	esync
1678	rfde
1679
16809:	l32i	a0, a1, TASK_ACTIVE_MM	# unlikely case mm == 0
1681	bnez	a0, 8b
1682
1683	/* Even more unlikely case active_mm == 0.
1684	 * We can get here with NMI in the middle of context_switch that
1685	 * touches vmalloc area.
1686	 */
1687	movi	a0, init_mm
1688	j	8b
1689
1690#if (DCACHE_WAY_SIZE > PAGE_SIZE)
1691
16922:	/* Special case for cache aliasing.
1693	 * We (should) only get here if a clear_user_page, copy_user_page
1694	 * or the aliased cache flush functions got preemptively interrupted
1695	 * by another task. Re-establish temporary mapping to the
1696	 * TLBTEMP_BASE areas.
1697	 */
1698
1699	/* We shouldn't be in a double exception */
1700
1701	l32i	a0, a2, PT_DEPC
1702	bgeui	a0, VALID_DOUBLE_EXCEPTION_ADDRESS, 2f
1703
1704	/* Make sure the exception originated in the special functions */
1705
1706	movi	a0, __tlbtemp_mapping_start
1707	rsr	a3, epc1
1708	bltu	a3, a0, 2f
1709	movi	a0, __tlbtemp_mapping_end
1710	bgeu	a3, a0, 2f
1711
1712	/* Check if excvaddr was in one of the TLBTEMP_BASE areas. */
1713
1714	movi	a3, TLBTEMP_BASE_1
1715	rsr	a0, excvaddr
1716	bltu	a0, a3, 2f
1717
1718	addi	a1, a0, -TLBTEMP_SIZE
1719	bgeu	a1, a3, 2f
1720
1721	/* Check if we have to restore an ITLB mapping. */
1722
1723	movi	a1, __tlbtemp_mapping_itlb
1724	rsr	a3, epc1
1725	sub	a3, a3, a1
1726
1727	/* Calculate VPN */
1728
1729	movi	a1, PAGE_MASK
1730	and	a1, a1, a0
1731
1732	/* Jump for ITLB entry */
1733
1734	bgez	a3, 1f
1735
1736	/* We can use up to two TLBTEMP areas, one for src and one for dst. */
1737
1738	extui	a3, a0, PAGE_SHIFT + DCACHE_ALIAS_ORDER, 1
1739	add	a1, a3, a1
1740
1741	/* PPN is in a6 for the first TLBTEMP area and in a7 for the second. */
1742
1743	mov	a0, a6
1744	movnez	a0, a7, a3
1745	j	3b
1746
1747	/* ITLB entry. We only use dst in a6. */
1748
17491:	witlb	a6, a1
1750	isync
1751	j	4b
1752
1753
1754#endif	// DCACHE_WAY_SIZE > PAGE_SIZE
1755
1756
17572:	/* Invalid PGD, default exception handling */
1758
1759	rsr	a1, depc
1760	s32i	a1, a2, PT_AREG2
1761	mov	a1, a2
1762
1763	rsr	a2, ps
1764	bbsi.l	a2, PS_UM_BIT, 1f
1765	j	_kernel_exception
17661:	j	_user_exception
1767
1768ENDPROC(fast_second_level_miss)
1769
1770/*
1771 * StoreProhibitedException
1772 *
1773 * Update the pte and invalidate the itlb mapping for this pte.
1774 *
1775 * Entry condition:
1776 *
1777 *   a0:	trashed, original value saved on stack (PT_AREG0)
1778 *   a1:	a1
1779 *   a2:	new stack pointer, original in DEPC
1780 *   a3:	a3
1781 *   depc:	a2, original value saved on stack (PT_DEPC)
1782 *   excsave_1:	dispatch table
1783 *
1784 *   PT_DEPC >= VALID_DOUBLE_EXCEPTION_ADDRESS: double exception, DEPC
1785 *	     <  VALID_DOUBLE_EXCEPTION_ADDRESS: regular exception
1786 */
1787
1788ENTRY(fast_store_prohibited)
1789
1790	/* Save a1 and a3. */
1791
1792	s32i	a1, a2, PT_AREG1
1793	s32i	a3, a2, PT_AREG3
1794
1795	GET_CURRENT(a1,a2)
1796	l32i	a0, a1, TASK_MM		# tsk->mm
1797	beqz	a0, 9f
1798
17998:	rsr	a1, excvaddr		# fault address
1800	_PGD_OFFSET(a0, a1, a3)
1801	l32i	a0, a0, 0
1802	beqz	a0, 2f
1803
1804	/*
1805	 * Note that we test _PAGE_WRITABLE_BIT only if PTE is present
1806	 * and is not PAGE_NONE. See pgtable.h for possible PTE layouts.
1807	 */
1808
1809	_PTE_OFFSET(a0, a1, a3)
1810	l32i	a3, a0, 0		# read pteval
1811	movi	a1, _PAGE_CA_INVALID
1812	ball	a3, a1, 2f
1813	bbci.l	a3, _PAGE_WRITABLE_BIT, 2f
1814
1815	movi	a1, _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_HW_WRITE
1816	or	a3, a3, a1
1817	rsr	a1, excvaddr
1818	s32i	a3, a0, 0
1819
1820	/* We need to flush the cache if we have page coloring. */
1821#if (DCACHE_WAY_SIZE > PAGE_SIZE) && XCHAL_DCACHE_IS_WRITEBACK
1822	dhwb	a0, 0
1823#endif
1824	pdtlb	a0, a1
1825	wdtlb	a3, a0
1826
1827	/* Exit critical section. */
1828
1829	movi	a0, 0
1830	rsr	a3, excsave1
1831	s32i	a0, a3, EXC_TABLE_FIXUP
1832
1833	/* Restore the working registers, and return. */
1834
1835	l32i	a3, a2, PT_AREG3
1836	l32i	a1, a2, PT_AREG1
1837	l32i	a0, a2, PT_AREG0
1838	l32i	a2, a2, PT_DEPC
1839
1840	bgeui	a2, VALID_DOUBLE_EXCEPTION_ADDRESS, 1f
1841
1842	rsr	a2, depc
1843	rfe
1844
1845	/* Double exception. Restore FIXUP handler and return. */
1846
18471:	xsr	a2, depc
1848	esync
1849	rfde
1850
18519:	l32i	a0, a1, TASK_ACTIVE_MM	# unlikely case mm == 0
1852	j	8b
1853
18542:	/* If there was a problem, handle fault in C */
1855
1856	rsr	a3, depc	# still holds a2
1857	s32i	a3, a2, PT_AREG2
1858	mov	a1, a2
1859
1860	rsr	a2, ps
1861	bbsi.l	a2, PS_UM_BIT, 1f
1862	j	_kernel_exception
18631:	j	_user_exception
1864
1865ENDPROC(fast_store_prohibited)
1866
1867#endif /* CONFIG_MMU */
1868
1869/*
1870 * System Calls.
1871 *
1872 * void system_call (struct pt_regs* regs, int exccause)
1873 *                            a2                 a3
1874 */
1875	.literal_position
1876
1877ENTRY(system_call)
1878
1879	/* reserve 4 bytes on stack for function parameter */
1880	abi_entry(4)
1881
1882	/* regs->syscall = regs->areg[2] */
1883
1884	l32i	a7, a2, PT_AREG2
1885	s32i	a7, a2, PT_SYSCALL
1886
1887	GET_THREAD_INFO(a4, a1)
1888	l32i	a3, a4, TI_FLAGS
1889	movi	a4, _TIF_WORK_MASK
1890	and	a3, a3, a4
1891	beqz	a3, 1f
1892
1893	mov	a6, a2
1894	call4	do_syscall_trace_enter
1895	l32i	a7, a2, PT_SYSCALL
1896
18971:
1898	s32i	a7, a1, 4
1899
1900	/* syscall = sys_call_table[syscall_nr] */
1901
1902	movi	a4, sys_call_table
1903	movi	a5, __NR_syscalls
1904	movi	a6, -ENOSYS
1905	bgeu	a7, a5, 1f
1906
1907	addx4	a4, a7, a4
1908	l32i	a4, a4, 0
1909	movi	a5, sys_ni_syscall;
1910	beq	a4, a5, 1f
1911
1912	/* Load args: arg0 - arg5 are passed via regs. */
1913
1914	l32i	a6, a2, PT_AREG6
1915	l32i	a7, a2, PT_AREG3
1916	l32i	a8, a2, PT_AREG4
1917	l32i	a9, a2, PT_AREG5
1918	l32i	a10, a2, PT_AREG8
1919	l32i	a11, a2, PT_AREG9
1920
1921	/* Pass one additional argument to the syscall: pt_regs (on stack) */
1922	s32i	a2, a1, 0
1923
1924	callx4	a4
1925
19261:	/* regs->areg[2] = return_value */
1927
1928	s32i	a6, a2, PT_AREG2
1929	bnez	a3, 1f
1930	abi_ret(4)
1931
19321:
1933	l32i	a4, a1, 4
1934	l32i	a3, a2, PT_SYSCALL
1935	s32i	a4, a2, PT_SYSCALL
1936	mov	a6, a2
1937	call4	do_syscall_trace_leave
1938	s32i	a3, a2, PT_SYSCALL
1939	abi_ret(4)
1940
1941ENDPROC(system_call)
1942
1943/*
1944 * Spill live registers on the kernel stack macro.
1945 *
1946 * Entry condition: ps.woe is set, ps.excm is cleared
1947 * Exit condition: windowstart has single bit set
1948 * May clobber: a12, a13
1949 */
1950	.macro	spill_registers_kernel
1951
1952#if XCHAL_NUM_AREGS > 16
1953	call12	1f
1954	_j	2f
1955	retw
1956	.align	4
19571:
1958	_entry	a1, 48
1959	addi	a12, a0, 3
1960#if XCHAL_NUM_AREGS > 32
1961	.rept	(XCHAL_NUM_AREGS - 32) / 12
1962	_entry	a1, 48
1963	mov	a12, a0
1964	.endr
1965#endif
1966	_entry	a1, 16
1967#if XCHAL_NUM_AREGS % 12 == 0
1968	mov	a8, a8
1969#elif XCHAL_NUM_AREGS % 12 == 4
1970	mov	a12, a12
1971#elif XCHAL_NUM_AREGS % 12 == 8
1972	mov	a4, a4
1973#endif
1974	retw
19752:
1976#else
1977	mov	a12, a12
1978#endif
1979	.endm
1980
1981/*
1982 * Task switch.
1983 *
1984 * struct task*  _switch_to (struct task* prev, struct task* next)
1985 *         a2                              a2                 a3
1986 */
1987
1988ENTRY(_switch_to)
1989
1990	abi_entry(XTENSA_SPILL_STACK_RESERVE)
1991
1992	mov	a11, a3			# and 'next' (a3)
1993
1994	l32i	a4, a2, TASK_THREAD_INFO
1995	l32i	a5, a3, TASK_THREAD_INFO
1996
1997	save_xtregs_user a4 a6 a8 a9 a12 a13 THREAD_XTREGS_USER
1998
1999#if THREAD_RA > 1020 || THREAD_SP > 1020
2000	addi	a10, a2, TASK_THREAD
2001	s32i	a0, a10, THREAD_RA - TASK_THREAD	# save return address
2002	s32i	a1, a10, THREAD_SP - TASK_THREAD	# save stack pointer
2003#else
2004	s32i	a0, a2, THREAD_RA	# save return address
2005	s32i	a1, a2, THREAD_SP	# save stack pointer
2006#endif
2007
2008#if defined(CONFIG_STACKPROTECTOR) && !defined(CONFIG_SMP)
2009	movi	a6, __stack_chk_guard
2010	l32i	a8, a3, TASK_STACK_CANARY
2011	s32i	a8, a6, 0
2012#endif
2013
2014	/* Disable ints while we manipulate the stack pointer. */
2015
2016	irq_save a14, a3
2017	rsync
2018
2019	/* Switch CPENABLE */
2020
2021#if (XTENSA_HAVE_COPROCESSORS || XTENSA_HAVE_IO_PORTS)
2022	l32i	a3, a5, THREAD_CPENABLE
2023	xsr	a3, cpenable
2024	s32i	a3, a4, THREAD_CPENABLE
2025#endif
2026
2027	/* Flush register file. */
2028
2029	spill_registers_kernel
2030
2031	/* Set kernel stack (and leave critical section)
2032	 * Note: It's save to set it here. The stack will not be overwritten
2033	 *       because the kernel stack will only be loaded again after
2034	 *       we return from kernel space.
2035	 */
2036
2037	rsr	a3, excsave1		# exc_table
2038	addi	a7, a5, PT_REGS_OFFSET
2039	s32i	a7, a3, EXC_TABLE_KSTK
2040
2041	/* restore context of the task 'next' */
2042
2043	l32i	a0, a11, THREAD_RA	# restore return address
2044	l32i	a1, a11, THREAD_SP	# restore stack pointer
2045
2046	load_xtregs_user a5 a6 a8 a9 a12 a13 THREAD_XTREGS_USER
2047
2048	wsr	a14, ps
2049	rsync
2050
2051	abi_ret(XTENSA_SPILL_STACK_RESERVE)
2052
2053ENDPROC(_switch_to)
2054
2055ENTRY(ret_from_fork)
2056
2057	/* void schedule_tail (struct task_struct *prev)
2058	 * Note: prev is still in a6 (return value from fake call4 frame)
2059	 */
2060	call4	schedule_tail
2061
2062	mov	a6, a1
2063	call4	do_syscall_trace_leave
2064
2065	j	common_exception_return
2066
2067ENDPROC(ret_from_fork)
2068
2069/*
2070 * Kernel thread creation helper
2071 * On entry, set up by copy_thread: a2 = thread_fn, a3 = thread_fn arg
2072 *           left from _switch_to: a6 = prev
2073 */
2074ENTRY(ret_from_kernel_thread)
2075
2076	call4	schedule_tail
2077	mov	a6, a3
2078	callx4	a2
2079	j	common_exception_return
2080
2081ENDPROC(ret_from_kernel_thread)
2082