xref: /openbmc/linux/arch/xtensa/kernel/entry.S (revision e23feb16)
1/*
2 * arch/xtensa/kernel/entry.S
3 *
4 * Low-level exception handling
5 *
6 * This file is subject to the terms and conditions of the GNU General Public
7 * License.  See the file "COPYING" in the main directory of this archive
8 * for more details.
9 *
10 * Copyright (C) 2004 - 2008 by Tensilica Inc.
11 *
12 * Chris Zankel <chris@zankel.net>
13 *
14 */
15
16#include <linux/linkage.h>
17#include <asm/asm-offsets.h>
18#include <asm/processor.h>
19#include <asm/coprocessor.h>
20#include <asm/thread_info.h>
21#include <asm/uaccess.h>
22#include <asm/unistd.h>
23#include <asm/ptrace.h>
24#include <asm/current.h>
25#include <asm/pgtable.h>
26#include <asm/page.h>
27#include <asm/signal.h>
28#include <asm/tlbflush.h>
29#include <variant/tie-asm.h>
30
31/* Unimplemented features. */
32
33#undef KERNEL_STACK_OVERFLOW_CHECK
34
35/* Not well tested.
36 *
37 * - fast_coprocessor
38 */
39
40/*
41 * Macro to find first bit set in WINDOWBASE from the left + 1
42 *
43 * 100....0 -> 1
44 * 010....0 -> 2
45 * 000....1 -> WSBITS
46 */
47
48	.macro ffs_ws bit mask
49
50#if XCHAL_HAVE_NSA
51	nsau    \bit, \mask			# 32-WSBITS ... 31 (32 iff 0)
52	addi    \bit, \bit, WSBITS - 32 + 1   	# uppest bit set -> return 1
53#else
54	movi    \bit, WSBITS
55#if WSBITS > 16
56	_bltui  \mask, 0x10000, 99f
57	addi    \bit, \bit, -16
58	extui   \mask, \mask, 16, 16
59#endif
60#if WSBITS > 8
6199:	_bltui  \mask, 0x100, 99f
62	addi    \bit, \bit, -8
63	srli    \mask, \mask, 8
64#endif
6599:	_bltui  \mask, 0x10, 99f
66	addi    \bit, \bit, -4
67	srli    \mask, \mask, 4
6899:	_bltui  \mask, 0x4, 99f
69	addi    \bit, \bit, -2
70	srli    \mask, \mask, 2
7199:	_bltui  \mask, 0x2, 99f
72	addi    \bit, \bit, -1
7399:
74
75#endif
76	.endm
77
78/* ----------------- DEFAULT FIRST LEVEL EXCEPTION HANDLERS ----------------- */
79
80/*
81 * First-level exception handler for user exceptions.
82 * Save some special registers, extra states and all registers in the AR
83 * register file that were in use in the user task, and jump to the common
84 * exception code.
85 * We save SAR (used to calculate WMASK), and WB and WS (we don't have to
86 * save them for kernel exceptions).
87 *
88 * Entry condition for user_exception:
89 *
90 *   a0:	trashed, original value saved on stack (PT_AREG0)
91 *   a1:	a1
92 *   a2:	new stack pointer, original value in depc
93 *   a3:	a3
94 *   depc:	a2, original value saved on stack (PT_DEPC)
95 *   excsave1:	dispatch table
96 *
97 *   PT_DEPC >= VALID_DOUBLE_EXCEPTION_ADDRESS: double exception, DEPC
98 *	     <  VALID_DOUBLE_EXCEPTION_ADDRESS: regular exception
99 *
100 * Entry condition for _user_exception:
101 *
102 *   a0-a3 and depc have been saved to PT_AREG0...PT_AREG3 and PT_DEPC
103 *   excsave has been restored, and
104 *   stack pointer (a1) has been set.
105 *
106 * Note: _user_exception might be at an odd address. Don't use call0..call12
107 */
108
109ENTRY(user_exception)
110
111	/* Save a1, a2, a3, and set SP. */
112
113	rsr	a0, depc
114	s32i	a1, a2, PT_AREG1
115	s32i	a0, a2, PT_AREG2
116	s32i	a3, a2, PT_AREG3
117	mov	a1, a2
118
119	.globl _user_exception
120_user_exception:
121
122	/* Save SAR and turn off single stepping */
123
124	movi	a2, 0
125	rsr	a3, sar
126	xsr	a2, icountlevel
127	s32i	a3, a1, PT_SAR
128	s32i	a2, a1, PT_ICOUNTLEVEL
129
130#if XCHAL_HAVE_THREADPTR
131	rur	a2, threadptr
132	s32i	a2, a1, PT_THREADPTR
133#endif
134
135	/* Rotate ws so that the current windowbase is at bit0. */
136	/* Assume ws = xxwww1yyyy. Rotate ws right, so that a2 = yyyyxxwww1 */
137
138	rsr	a2, windowbase
139	rsr	a3, windowstart
140	ssr	a2
141	s32i	a2, a1, PT_WINDOWBASE
142	s32i	a3, a1, PT_WINDOWSTART
143	slli	a2, a3, 32-WSBITS
144	src	a2, a3, a2
145	srli	a2, a2, 32-WSBITS
146	s32i	a2, a1, PT_WMASK	# needed for restoring registers
147
148	/* Save only live registers. */
149
150	_bbsi.l	a2, 1, 1f
151	s32i	a4, a1, PT_AREG4
152	s32i	a5, a1, PT_AREG5
153	s32i	a6, a1, PT_AREG6
154	s32i	a7, a1, PT_AREG7
155	_bbsi.l	a2, 2, 1f
156	s32i	a8, a1, PT_AREG8
157	s32i	a9, a1, PT_AREG9
158	s32i	a10, a1, PT_AREG10
159	s32i	a11, a1, PT_AREG11
160	_bbsi.l	a2, 3, 1f
161	s32i	a12, a1, PT_AREG12
162	s32i	a13, a1, PT_AREG13
163	s32i	a14, a1, PT_AREG14
164	s32i	a15, a1, PT_AREG15
165	_bnei	a2, 1, 1f		# only one valid frame?
166
167	/* Only one valid frame, skip saving regs. */
168
169	j	2f
170
171	/* Save the remaining registers.
172	 * We have to save all registers up to the first '1' from
173	 * the right, except the current frame (bit 0).
174	 * Assume a2 is:  001001000110001
175	 * All register frames starting from the top field to the marked '1'
176	 * must be saved.
177	 */
178
1791:	addi	a3, a2, -1		# eliminate '1' in bit 0: yyyyxxww0
180	neg	a3, a3			# yyyyxxww0 -> YYYYXXWW1+1
181	and	a3, a3, a2		# max. only one bit is set
182
183	/* Find number of frames to save */
184
185	ffs_ws	a0, a3			# number of frames to the '1' from left
186
187	/* Store information into WMASK:
188	 * bits 0..3: xxx1 masked lower 4 bits of the rotated windowstart,
189	 * bits 4...: number of valid 4-register frames
190	 */
191
192	slli	a3, a0, 4		# number of frames to save in bits 8..4
193	extui	a2, a2, 0, 4		# mask for the first 16 registers
194	or	a2, a3, a2
195	s32i	a2, a1, PT_WMASK	# needed when we restore the reg-file
196
197	/* Save 4 registers at a time */
198
1991:	rotw	-1
200	s32i	a0, a5, PT_AREG_END - 16
201	s32i	a1, a5, PT_AREG_END - 12
202	s32i	a2, a5, PT_AREG_END - 8
203	s32i	a3, a5, PT_AREG_END - 4
204	addi	a0, a4, -1
205	addi	a1, a5, -16
206	_bnez	a0, 1b
207
208	/* WINDOWBASE still in SAR! */
209
210	rsr	a2, sar			# original WINDOWBASE
211	movi	a3, 1
212	ssl	a2
213	sll	a3, a3
214	wsr	a3, windowstart		# set corresponding WINDOWSTART bit
215	wsr	a2, windowbase		# and WINDOWSTART
216	rsync
217
218	/* We are back to the original stack pointer (a1) */
219
2202:	/* Now, jump to the common exception handler. */
221
222	j	common_exception
223
224ENDPROC(user_exception)
225
226/*
227 * First-level exit handler for kernel exceptions
228 * Save special registers and the live window frame.
229 * Note: Even though we changes the stack pointer, we don't have to do a
230 *	 MOVSP here, as we do that when we return from the exception.
231 *	 (See comment in the kernel exception exit code)
232 *
233 * Entry condition for kernel_exception:
234 *
235 *   a0:	trashed, original value saved on stack (PT_AREG0)
236 *   a1:	a1
237 *   a2:	new stack pointer, original in DEPC
238 *   a3:	a3
239 *   depc:	a2, original value saved on stack (PT_DEPC)
240 *   excsave_1:	dispatch table
241 *
242 *   PT_DEPC >= VALID_DOUBLE_EXCEPTION_ADDRESS: double exception, DEPC
243 *	     <  VALID_DOUBLE_EXCEPTION_ADDRESS: regular exception
244 *
245 * Entry condition for _kernel_exception:
246 *
247 *   a0-a3 and depc have been saved to PT_AREG0...PT_AREG3 and PT_DEPC
248 *   excsave has been restored, and
249 *   stack pointer (a1) has been set.
250 *
251 * Note: _kernel_exception might be at an odd address. Don't use call0..call12
252 */
253
254ENTRY(kernel_exception)
255
256	/* Save a1, a2, a3, and set SP. */
257
258	rsr	a0, depc		# get a2
259	s32i	a1, a2, PT_AREG1
260	s32i	a0, a2, PT_AREG2
261	s32i	a3, a2, PT_AREG3
262	mov	a1, a2
263
264	.globl _kernel_exception
265_kernel_exception:
266
267	/* Save SAR and turn off single stepping */
268
269	movi	a2, 0
270	rsr	a3, sar
271	xsr	a2, icountlevel
272	s32i	a3, a1, PT_SAR
273	s32i	a2, a1, PT_ICOUNTLEVEL
274
275	/* Rotate ws so that the current windowbase is at bit0. */
276	/* Assume ws = xxwww1yyyy. Rotate ws right, so that a2 = yyyyxxwww1 */
277
278	rsr	a2, windowbase		# don't need to save these, we only
279	rsr	a3, windowstart		# need shifted windowstart: windowmask
280	ssr	a2
281	slli	a2, a3, 32-WSBITS
282	src	a2, a3, a2
283	srli	a2, a2, 32-WSBITS
284	s32i	a2, a1, PT_WMASK	# needed for kernel_exception_exit
285
286	/* Save only the live window-frame */
287
288	_bbsi.l	a2, 1, 1f
289	s32i	a4, a1, PT_AREG4
290	s32i	a5, a1, PT_AREG5
291	s32i	a6, a1, PT_AREG6
292	s32i	a7, a1, PT_AREG7
293	_bbsi.l	a2, 2, 1f
294	s32i	a8, a1, PT_AREG8
295	s32i	a9, a1, PT_AREG9
296	s32i	a10, a1, PT_AREG10
297	s32i	a11, a1, PT_AREG11
298	_bbsi.l	a2, 3, 1f
299	s32i	a12, a1, PT_AREG12
300	s32i	a13, a1, PT_AREG13
301	s32i	a14, a1, PT_AREG14
302	s32i	a15, a1, PT_AREG15
303
3041:
305
306#ifdef KERNEL_STACK_OVERFLOW_CHECK
307
308	/*  Stack overflow check, for debugging  */
309	extui	a2, a1, TASK_SIZE_BITS,XX
310	movi	a3, SIZE??
311	_bge	a2, a3, out_of_stack_panic
312
313#endif
314
315/*
316 * This is the common exception handler.
317 * We get here from the user exception handler or simply by falling through
318 * from the kernel exception handler.
319 * Save the remaining special registers, switch to kernel mode, and jump
320 * to the second-level exception handler.
321 *
322 */
323
324common_exception:
325
326	/* Save some registers, disable loops and clear the syscall flag. */
327
328	rsr	a2, debugcause
329	rsr	a3, epc1
330	s32i	a2, a1, PT_DEBUGCAUSE
331	s32i	a3, a1, PT_PC
332
333	movi	a2, -1
334	rsr	a3, excvaddr
335	s32i	a2, a1, PT_SYSCALL
336	movi	a2, 0
337	s32i	a3, a1, PT_EXCVADDR
338	xsr	a2, lcount
339	s32i	a2, a1, PT_LCOUNT
340
341	/* It is now save to restore the EXC_TABLE_FIXUP variable. */
342
343	rsr	a0, exccause
344	movi	a3, 0
345	rsr	a2, excsave1
346	s32i	a0, a1, PT_EXCCAUSE
347	s32i	a3, a2, EXC_TABLE_FIXUP
348
349	/* All unrecoverable states are saved on stack, now, and a1 is valid,
350	 * so we can allow exceptions and interrupts (*) again.
351	 * Set PS(EXCM = 0, UM = 0, RING = 0, OWB = 0, WOE = 1, INTLEVEL = X)
352	 *
353	 * (*) We only allow interrupts if they were previously enabled and
354	 *     we're not handling an IRQ
355	 */
356
357	rsr	a3, ps
358	addi	a0, a0, -EXCCAUSE_LEVEL1_INTERRUPT
359	movi	a2, LOCKLEVEL
360	extui	a3, a3, PS_INTLEVEL_SHIFT, PS_INTLEVEL_WIDTH
361					# a3 = PS.INTLEVEL
362	moveqz	a3, a2, a0		# a3 = LOCKLEVEL iff interrupt
363	movi	a2, 1 << PS_WOE_BIT
364	or	a3, a3, a2
365	rsr	a0, exccause
366	xsr	a3, ps
367
368	s32i	a3, a1, PT_PS		# save ps
369
370	/* Save lbeg, lend */
371
372	rsr	a2, lbeg
373	rsr	a3, lend
374	s32i	a2, a1, PT_LBEG
375	s32i	a3, a1, PT_LEND
376
377	/* Save SCOMPARE1 */
378
379#if XCHAL_HAVE_S32C1I
380	rsr     a2, scompare1
381	s32i    a2, a1, PT_SCOMPARE1
382#endif
383
384	/* Save optional registers. */
385
386	save_xtregs_opt a1 a2 a4 a5 a6 a7 PT_XTREGS_OPT
387
388#ifdef CONFIG_TRACE_IRQFLAGS
389	l32i	a4, a1, PT_DEPC
390	/* Double exception means we came here with an exception
391	 * while PS.EXCM was set, i.e. interrupts disabled.
392	 */
393	bgeui	a4, VALID_DOUBLE_EXCEPTION_ADDRESS, 1f
394	l32i	a4, a1, PT_EXCCAUSE
395	bnei	a4, EXCCAUSE_LEVEL1_INTERRUPT, 1f
396	/* We came here with an interrupt means interrupts were enabled
397	 * and we've just disabled them.
398	 */
399	movi	a4, trace_hardirqs_off
400	callx4	a4
4011:
402#endif
403
404	/* Go to second-level dispatcher. Set up parameters to pass to the
405	 * exception handler and call the exception handler.
406	 */
407
408	rsr	a4, excsave1
409	mov	a6, a1			# pass stack frame
410	mov	a7, a0			# pass EXCCAUSE
411	addx4	a4, a0, a4
412	l32i	a4, a4, EXC_TABLE_DEFAULT		# load handler
413
414	/* Call the second-level handler */
415
416	callx4	a4
417
418	/* Jump here for exception exit */
419	.global common_exception_return
420common_exception_return:
421
4221:
423	rsil	a2, LOCKLEVEL
424
425	/* Jump if we are returning from kernel exceptions. */
426
427	l32i	a3, a1, PT_PS
428	GET_THREAD_INFO(a2, a1)
429	l32i	a4, a2, TI_FLAGS
430	_bbci.l	a3, PS_UM_BIT, 6f
431
432	/* Specific to a user exception exit:
433	 * We need to check some flags for signal handling and rescheduling,
434	 * and have to restore WB and WS, extra states, and all registers
435	 * in the register file that were in use in the user task.
436	 * Note that we don't disable interrupts here.
437	 */
438
439	_bbsi.l	a4, TIF_NEED_RESCHED, 3f
440	_bbsi.l	a4, TIF_NOTIFY_RESUME, 2f
441	_bbci.l	a4, TIF_SIGPENDING, 5f
442
4432:	l32i	a4, a1, PT_DEPC
444	bgeui	a4, VALID_DOUBLE_EXCEPTION_ADDRESS, 4f
445
446	/* Call do_signal() */
447
448	rsil	a2, 0
449	movi	a4, do_notify_resume	# int do_notify_resume(struct pt_regs*)
450	mov	a6, a1
451	callx4	a4
452	j	1b
453
4543:	/* Reschedule */
455
456	rsil	a2, 0
457	movi	a4, schedule	# void schedule (void)
458	callx4	a4
459	j	1b
460
461#ifdef CONFIG_PREEMPT
4626:
463	_bbci.l	a4, TIF_NEED_RESCHED, 4f
464
465	/* Check current_thread_info->preempt_count */
466
467	l32i	a4, a2, TI_PRE_COUNT
468	bnez	a4, 4f
469	movi	a4, preempt_schedule_irq
470	callx4	a4
471	j	1b
472#endif
473
4745:
475#ifdef CONFIG_DEBUG_TLB_SANITY
476	l32i	a4, a1, PT_DEPC
477	bgeui	a4, VALID_DOUBLE_EXCEPTION_ADDRESS, 4f
478	movi	a4, check_tlb_sanity
479	callx4	a4
480#endif
4816:
4824:
483#ifdef CONFIG_TRACE_IRQFLAGS
484	l32i	a4, a1, PT_DEPC
485	/* Double exception means we came here with an exception
486	 * while PS.EXCM was set, i.e. interrupts disabled.
487	 */
488	bgeui	a4, VALID_DOUBLE_EXCEPTION_ADDRESS, 1f
489	l32i	a4, a1, PT_EXCCAUSE
490	bnei	a4, EXCCAUSE_LEVEL1_INTERRUPT, 1f
491	/* We came here with an interrupt means interrupts were enabled
492	 * and we'll reenable them on return.
493	 */
494	movi	a4, trace_hardirqs_on
495	callx4	a4
4961:
497#endif
498	/* Restore optional registers. */
499
500	load_xtregs_opt a1 a2 a4 a5 a6 a7 PT_XTREGS_OPT
501
502	/* Restore SCOMPARE1 */
503
504#if XCHAL_HAVE_S32C1I
505	l32i    a2, a1, PT_SCOMPARE1
506	wsr     a2, scompare1
507#endif
508	wsr	a3, ps		/* disable interrupts */
509
510	_bbci.l	a3, PS_UM_BIT, kernel_exception_exit
511
512user_exception_exit:
513
514	/* Restore the state of the task and return from the exception. */
515
516	/* Switch to the user thread WINDOWBASE. Save SP temporarily in DEPC */
517
518	l32i	a2, a1, PT_WINDOWBASE
519	l32i	a3, a1, PT_WINDOWSTART
520	wsr	a1, depc		# use DEPC as temp storage
521	wsr	a3, windowstart		# restore WINDOWSTART
522	ssr	a2			# preserve user's WB in the SAR
523	wsr	a2, windowbase		# switch to user's saved WB
524	rsync
525	rsr	a1, depc		# restore stack pointer
526	l32i	a2, a1, PT_WMASK	# register frames saved (in bits 4...9)
527	rotw	-1			# we restore a4..a7
528	_bltui	a6, 16, 1f		# only have to restore current window?
529
530	/* The working registers are a0 and a3.  We are restoring to
531	 * a4..a7.  Be careful not to destroy what we have just restored.
532	 * Note: wmask has the format YYYYM:
533	 *       Y: number of registers saved in groups of 4
534	 *       M: 4 bit mask of first 16 registers
535	 */
536
537	mov	a2, a6
538	mov	a3, a5
539
5402:	rotw	-1			# a0..a3 become a4..a7
541	addi	a3, a7, -4*4		# next iteration
542	addi	a2, a6, -16		# decrementing Y in WMASK
543	l32i	a4, a3, PT_AREG_END + 0
544	l32i	a5, a3, PT_AREG_END + 4
545	l32i	a6, a3, PT_AREG_END + 8
546	l32i	a7, a3, PT_AREG_END + 12
547	_bgeui	a2, 16, 2b
548
549	/* Clear unrestored registers (don't leak anything to user-land */
550
5511:	rsr	a0, windowbase
552	rsr	a3, sar
553	sub	a3, a0, a3
554	beqz	a3, 2f
555	extui	a3, a3, 0, WBBITS
556
5571:	rotw	-1
558	addi	a3, a7, -1
559	movi	a4, 0
560	movi	a5, 0
561	movi	a6, 0
562	movi	a7, 0
563	bgei	a3, 1, 1b
564
565	/* We are back were we were when we started.
566	 * Note: a2 still contains WMASK (if we've returned to the original
567	 *	 frame where we had loaded a2), or at least the lower 4 bits
568	 *	 (if we have restored WSBITS-1 frames).
569	 */
570
571#if XCHAL_HAVE_THREADPTR
572	l32i	a3, a1, PT_THREADPTR
573	wur	a3, threadptr
574#endif
575
5762:	j	common_exception_exit
577
578	/* This is the kernel exception exit.
579	 * We avoided to do a MOVSP when we entered the exception, but we
580	 * have to do it here.
581	 */
582
583kernel_exception_exit:
584
585	/* Check if we have to do a movsp.
586	 *
587	 * We only have to do a movsp if the previous window-frame has
588	 * been spilled to the *temporary* exception stack instead of the
589	 * task's stack. This is the case if the corresponding bit in
590	 * WINDOWSTART for the previous window-frame was set before
591	 * (not spilled) but is zero now (spilled).
592	 * If this bit is zero, all other bits except the one for the
593	 * current window frame are also zero. So, we can use a simple test:
594	 * 'and' WINDOWSTART and WINDOWSTART-1:
595	 *
596	 *  (XXXXXX1[0]* - 1) AND XXXXXX1[0]* = XXXXXX0[0]*
597	 *
598	 * The result is zero only if one bit was set.
599	 *
600	 * (Note: We might have gone through several task switches before
601	 *        we come back to the current task, so WINDOWBASE might be
602	 *        different from the time the exception occurred.)
603	 */
604
605	/* Test WINDOWSTART before and after the exception.
606	 * We actually have WMASK, so we only have to test if it is 1 or not.
607	 */
608
609	l32i	a2, a1, PT_WMASK
610	_beqi	a2, 1, common_exception_exit	# Spilled before exception,jump
611
612	/* Test WINDOWSTART now. If spilled, do the movsp */
613
614	rsr     a3, windowstart
615	addi	a0, a3, -1
616	and     a3, a3, a0
617	_bnez	a3, common_exception_exit
618
619	/* Do a movsp (we returned from a call4, so we have at least a0..a7) */
620
621	addi    a0, a1, -16
622	l32i    a3, a0, 0
623	l32i    a4, a0, 4
624	s32i    a3, a1, PT_SIZE+0
625	s32i    a4, a1, PT_SIZE+4
626	l32i    a3, a0, 8
627	l32i    a4, a0, 12
628	s32i    a3, a1, PT_SIZE+8
629	s32i    a4, a1, PT_SIZE+12
630
631	/* Common exception exit.
632	 * We restore the special register and the current window frame, and
633	 * return from the exception.
634	 *
635	 * Note: We expect a2 to hold PT_WMASK
636	 */
637
638common_exception_exit:
639
640	/* Restore address registers. */
641
642	_bbsi.l	a2, 1, 1f
643	l32i	a4,  a1, PT_AREG4
644	l32i	a5,  a1, PT_AREG5
645	l32i	a6,  a1, PT_AREG6
646	l32i	a7,  a1, PT_AREG7
647	_bbsi.l	a2, 2, 1f
648	l32i	a8,  a1, PT_AREG8
649	l32i	a9,  a1, PT_AREG9
650	l32i	a10, a1, PT_AREG10
651	l32i	a11, a1, PT_AREG11
652	_bbsi.l	a2, 3, 1f
653	l32i	a12, a1, PT_AREG12
654	l32i	a13, a1, PT_AREG13
655	l32i	a14, a1, PT_AREG14
656	l32i	a15, a1, PT_AREG15
657
658	/* Restore PC, SAR */
659
6601:	l32i	a2, a1, PT_PC
661	l32i	a3, a1, PT_SAR
662	wsr	a2, epc1
663	wsr	a3, sar
664
665	/* Restore LBEG, LEND, LCOUNT */
666
667	l32i	a2, a1, PT_LBEG
668	l32i	a3, a1, PT_LEND
669	wsr	a2, lbeg
670	l32i	a2, a1, PT_LCOUNT
671	wsr	a3, lend
672	wsr	a2, lcount
673
674	/* We control single stepping through the ICOUNTLEVEL register. */
675
676	l32i	a2, a1, PT_ICOUNTLEVEL
677	movi	a3, -2
678	wsr	a2, icountlevel
679	wsr	a3, icount
680
681	/* Check if it was double exception. */
682
683	l32i	a0, a1, PT_DEPC
684	l32i	a3, a1, PT_AREG3
685	l32i	a2, a1, PT_AREG2
686	_bgeui	a0, VALID_DOUBLE_EXCEPTION_ADDRESS, 1f
687
688	/* Restore a0...a3 and return */
689
690	l32i	a0, a1, PT_AREG0
691	l32i	a1, a1, PT_AREG1
692	rfe
693
6941: 	wsr	a0, depc
695	l32i	a0, a1, PT_AREG0
696	l32i	a1, a1, PT_AREG1
697	rfde
698
699ENDPROC(kernel_exception)
700
701/*
702 * Debug exception handler.
703 *
704 * Currently, we don't support KGDB, so only user application can be debugged.
705 *
706 * When we get here,  a0 is trashed and saved to excsave[debuglevel]
707 */
708
709ENTRY(debug_exception)
710
711	rsr	a0, SREG_EPS + XCHAL_DEBUGLEVEL
712	bbsi.l	a0, PS_EXCM_BIT, 1f	# exception mode
713
714	/* Set EPC1 and EXCCAUSE */
715
716	wsr	a2, depc		# save a2 temporarily
717	rsr	a2, SREG_EPC + XCHAL_DEBUGLEVEL
718	wsr	a2, epc1
719
720	movi	a2, EXCCAUSE_MAPPED_DEBUG
721	wsr	a2, exccause
722
723	/* Restore PS to the value before the debug exc but with PS.EXCM set.*/
724
725	movi	a2, 1 << PS_EXCM_BIT
726	or	a2, a0, a2
727	movi	a0, debug_exception	# restore a3, debug jump vector
728	wsr	a2, ps
729	xsr	a0, SREG_EXCSAVE + XCHAL_DEBUGLEVEL
730
731	/* Switch to kernel/user stack, restore jump vector, and save a0 */
732
733	bbsi.l	a2, PS_UM_BIT, 2f	# jump if user mode
734
735	addi	a2, a1, -16-PT_SIZE	# assume kernel stack
736	s32i	a0, a2, PT_AREG0
737	movi	a0, 0
738	s32i	a1, a2, PT_AREG1
739	s32i	a0, a2, PT_DEPC		# mark it as a regular exception
740	xsr	a0, depc
741	s32i	a3, a2, PT_AREG3
742	s32i	a0, a2, PT_AREG2
743	mov	a1, a2
744	j	_kernel_exception
745
7462:	rsr	a2, excsave1
747	l32i	a2, a2, EXC_TABLE_KSTK	# load kernel stack pointer
748	s32i	a0, a2, PT_AREG0
749	movi	a0, 0
750	s32i	a1, a2, PT_AREG1
751	s32i	a0, a2, PT_DEPC
752	xsr	a0, depc
753	s32i	a3, a2, PT_AREG3
754	s32i	a0, a2, PT_AREG2
755	mov	a1, a2
756	j	_user_exception
757
758	/* Debug exception while in exception mode. */
7591:	j	1b	// FIXME!!
760
761ENDPROC(debug_exception)
762
763/*
764 * We get here in case of an unrecoverable exception.
765 * The only thing we can do is to be nice and print a panic message.
766 * We only produce a single stack frame for panic, so ???
767 *
768 *
769 * Entry conditions:
770 *
771 *   - a0 contains the caller address; original value saved in excsave1.
772 *   - the original a0 contains a valid return address (backtrace) or 0.
773 *   - a2 contains a valid stackpointer
774 *
775 * Notes:
776 *
777 *   - If the stack pointer could be invalid, the caller has to setup a
778 *     dummy stack pointer (e.g. the stack of the init_task)
779 *
780 *   - If the return address could be invalid, the caller has to set it
781 *     to 0, so the backtrace would stop.
782 *
783 */
784	.align 4
785unrecoverable_text:
786	.ascii "Unrecoverable error in exception handler\0"
787
788ENTRY(unrecoverable_exception)
789
790	movi	a0, 1
791	movi	a1, 0
792
793	wsr	a0, windowstart
794	wsr	a1, windowbase
795	rsync
796
797	movi	a1, (1 << PS_WOE_BIT) | LOCKLEVEL
798	wsr	a1, ps
799	rsync
800
801	movi	a1, init_task
802	movi	a0, 0
803	addi	a1, a1, PT_REGS_OFFSET
804
805	movi	a4, panic
806	movi	a6, unrecoverable_text
807
808	callx4	a4
809
8101:	j	1b
811
812ENDPROC(unrecoverable_exception)
813
814/* -------------------------- FAST EXCEPTION HANDLERS ----------------------- */
815
816/*
817 * Fast-handler for alloca exceptions
818 *
819 *  The ALLOCA handler is entered when user code executes the MOVSP
820 *  instruction and the caller's frame is not in the register file.
821 *
822 * This algorithm was taken from the Ross Morley's RTOS Porting Layer:
823 *
824 *    /home/ross/rtos/porting/XtensaRTOS-PortingLayer-20090507/xtensa_vectors.S
825 *
826 * It leverages the existing window spill/fill routines and their support for
827 * double exceptions. The 'movsp' instruction will only cause an exception if
828 * the next window needs to be loaded. In fact this ALLOCA exception may be
829 * replaced at some point by changing the hardware to do a underflow exception
830 * of the proper size instead.
831 *
832 * This algorithm simply backs out the register changes started by the user
833 * excpetion handler, makes it appear that we have started a window underflow
834 * by rotating the window back and then setting the old window base (OWB) in
835 * the 'ps' register with the rolled back window base. The 'movsp' instruction
836 * will be re-executed and this time since the next window frames is in the
837 * active AR registers it won't cause an exception.
838 *
839 * If the WindowUnderflow code gets a TLB miss the page will get mapped
840 * the the partial windeowUnderflow will be handeled in the double exception
841 * handler.
842 *
843 * Entry condition:
844 *
845 *   a0:	trashed, original value saved on stack (PT_AREG0)
846 *   a1:	a1
847 *   a2:	new stack pointer, original in DEPC
848 *   a3:	a3
849 *   depc:	a2, original value saved on stack (PT_DEPC)
850 *   excsave_1:	dispatch table
851 *
852 *   PT_DEPC >= VALID_DOUBLE_EXCEPTION_ADDRESS: double exception, DEPC
853 *	     <  VALID_DOUBLE_EXCEPTION_ADDRESS: regular exception
854 */
855
856ENTRY(fast_alloca)
857	rsr	a0, windowbase
858	rotw	-1
859	rsr	a2, ps
860	extui	a3, a2, PS_OWB_SHIFT, PS_OWB_WIDTH
861	xor	a3, a3, a4
862	l32i	a4, a6, PT_AREG0
863	l32i	a1, a6, PT_DEPC
864	rsr	a6, depc
865	wsr	a1, depc
866	slli	a3, a3, PS_OWB_SHIFT
867	xor	a2, a2, a3
868	wsr	a2, ps
869	rsync
870
871	_bbci.l	a4, 31, 4f
872	rotw	-1
873	_bbci.l	a8, 30, 8f
874	rotw	-1
875	j	_WindowUnderflow12
8768:	j	_WindowUnderflow8
8774:	j	_WindowUnderflow4
878ENDPROC(fast_alloca)
879
880/*
881 * fast system calls.
882 *
883 * WARNING:  The kernel doesn't save the entire user context before
884 * handling a fast system call.  These functions are small and short,
885 * usually offering some functionality not available to user tasks.
886 *
887 * BE CAREFUL TO PRESERVE THE USER'S CONTEXT.
888 *
889 * Entry condition:
890 *
891 *   a0:	trashed, original value saved on stack (PT_AREG0)
892 *   a1:	a1
893 *   a2:	new stack pointer, original in DEPC
894 *   a3:	a3
895 *   depc:	a2, original value saved on stack (PT_DEPC)
896 *   excsave_1:	dispatch table
897 */
898
899ENTRY(fast_syscall_kernel)
900
901	/* Skip syscall. */
902
903	rsr	a0, epc1
904	addi	a0, a0, 3
905	wsr	a0, epc1
906
907	l32i	a0, a2, PT_DEPC
908	bgeui	a0, VALID_DOUBLE_EXCEPTION_ADDRESS, fast_syscall_unrecoverable
909
910	rsr	a0, depc			# get syscall-nr
911	_beqz	a0, fast_syscall_spill_registers
912	_beqi	a0, __NR_xtensa, fast_syscall_xtensa
913
914	j	kernel_exception
915
916ENDPROC(fast_syscall_kernel)
917
918ENTRY(fast_syscall_user)
919
920	/* Skip syscall. */
921
922	rsr	a0, epc1
923	addi	a0, a0, 3
924	wsr	a0, epc1
925
926	l32i	a0, a2, PT_DEPC
927	bgeui	a0, VALID_DOUBLE_EXCEPTION_ADDRESS, fast_syscall_unrecoverable
928
929	rsr	a0, depc			# get syscall-nr
930	_beqz	a0, fast_syscall_spill_registers
931	_beqi	a0, __NR_xtensa, fast_syscall_xtensa
932
933	j	user_exception
934
935ENDPROC(fast_syscall_user)
936
937ENTRY(fast_syscall_unrecoverable)
938
939	/* Restore all states. */
940
941	l32i    a0, a2, PT_AREG0        # restore a0
942	xsr     a2, depc                # restore a2, depc
943
944	wsr     a0, excsave1
945	movi    a0, unrecoverable_exception
946	callx0  a0
947
948ENDPROC(fast_syscall_unrecoverable)
949
950/*
951 * sysxtensa syscall handler
952 *
953 * int sysxtensa (SYS_XTENSA_ATOMIC_SET,     ptr, val,    unused);
954 * int sysxtensa (SYS_XTENSA_ATOMIC_ADD,     ptr, val,    unused);
955 * int sysxtensa (SYS_XTENSA_ATOMIC_EXG_ADD, ptr, val,    unused);
956 * int sysxtensa (SYS_XTENSA_ATOMIC_CMP_SWP, ptr, oldval, newval);
957 *        a2            a6                   a3    a4      a5
958 *
959 * Entry condition:
960 *
961 *   a0:	a2 (syscall-nr), original value saved on stack (PT_AREG0)
962 *   a1:	a1
963 *   a2:	new stack pointer, original in a0 and DEPC
964 *   a3:	a3
965 *   a4..a15:	unchanged
966 *   depc:	a2, original value saved on stack (PT_DEPC)
967 *   excsave_1:	dispatch table
968 *
969 *   PT_DEPC >= VALID_DOUBLE_EXCEPTION_ADDRESS: double exception, DEPC
970 *	     <  VALID_DOUBLE_EXCEPTION_ADDRESS: regular exception
971 *
972 * Note: we don't have to save a2; a2 holds the return value
973 *
974 * We use the two macros TRY and CATCH:
975 *
976 * TRY	 adds an entry to the __ex_table fixup table for the immediately
977 *	 following instruction.
978 *
979 * CATCH catches any exception that occurred at one of the preceding TRY
980 *       statements and continues from there
981 *
982 * Usage TRY	l32i	a0, a1, 0
983 *		<other code>
984 *	 done:	rfe
985 *	 CATCH	<set return code>
986 *		j done
987 */
988
989#define TRY								\
990	.section __ex_table, "a";					\
991	.word	66f, 67f;						\
992	.text;								\
99366:
994
995#define CATCH								\
99667:
997
998ENTRY(fast_syscall_xtensa)
999
1000	s32i	a7, a2, PT_AREG7	# we need an additional register
1001	movi	a7, 4			# sizeof(unsigned int)
1002	access_ok a3, a7, a0, a2, .Leac	# a0: scratch reg, a2: sp
1003
1004	addi	a6, a6, -1		# assuming SYS_XTENSA_ATOMIC_SET = 1
1005	_bgeui	a6, SYS_XTENSA_COUNT - 1, .Lill
1006	_bnei	a6, SYS_XTENSA_ATOMIC_CMP_SWP - 1, .Lnswp
1007
1008	/* Fall through for ATOMIC_CMP_SWP. */
1009
1010.Lswp:	/* Atomic compare and swap */
1011
1012TRY	l32i	a0, a3, 0		# read old value
1013	bne	a0, a4, 1f		# same as old value? jump
1014TRY	s32i	a5, a3, 0		# different, modify value
1015	l32i	a7, a2, PT_AREG7	# restore a7
1016	l32i	a0, a2, PT_AREG0	# restore a0
1017	movi	a2, 1			# and return 1
1018	addi	a6, a6, 1		# restore a6 (really necessary?)
1019	rfe
1020
10211:	l32i	a7, a2, PT_AREG7	# restore a7
1022	l32i	a0, a2, PT_AREG0	# restore a0
1023	movi	a2, 0			# return 0 (note that we cannot set
1024	addi	a6, a6, 1		# restore a6 (really necessary?)
1025	rfe
1026
1027.Lnswp:	/* Atomic set, add, and exg_add. */
1028
1029TRY	l32i	a7, a3, 0		# orig
1030	add	a0, a4, a7		# + arg
1031	moveqz	a0, a4, a6		# set
1032TRY	s32i	a0, a3, 0		# write new value
1033
1034	mov	a0, a2
1035	mov	a2, a7
1036	l32i	a7, a0, PT_AREG7	# restore a7
1037	l32i	a0, a0, PT_AREG0	# restore a0
1038	addi	a6, a6, 1		# restore a6 (really necessary?)
1039	rfe
1040
1041CATCH
1042.Leac:	l32i	a7, a2, PT_AREG7	# restore a7
1043	l32i	a0, a2, PT_AREG0	# restore a0
1044	movi	a2, -EFAULT
1045	rfe
1046
1047.Lill:	l32i	a7, a2, PT_AREG0	# restore a7
1048	l32i	a0, a2, PT_AREG0	# restore a0
1049	movi	a2, -EINVAL
1050	rfe
1051
1052ENDPROC(fast_syscall_xtensa)
1053
1054
1055/* fast_syscall_spill_registers.
1056 *
1057 * Entry condition:
1058 *
1059 *   a0:	trashed, original value saved on stack (PT_AREG0)
1060 *   a1:	a1
1061 *   a2:	new stack pointer, original in DEPC
1062 *   a3:	a3
1063 *   depc:	a2, original value saved on stack (PT_DEPC)
1064 *   excsave_1:	dispatch table
1065 *
1066 * Note: We assume the stack pointer is EXC_TABLE_KSTK in the fixup handler.
1067 */
1068
1069ENTRY(fast_syscall_spill_registers)
1070
1071	/* Register a FIXUP handler (pass current wb as a parameter) */
1072
1073	xsr	a3, excsave1
1074	movi	a0, fast_syscall_spill_registers_fixup
1075	s32i	a0, a3, EXC_TABLE_FIXUP
1076	rsr	a0, windowbase
1077	s32i	a0, a3, EXC_TABLE_PARAM
1078	xsr	a3, excsave1		# restore a3 and excsave_1
1079
1080	/* Save a3, a4 and SAR on stack. */
1081
1082	rsr	a0, sar
1083	s32i	a3, a2, PT_AREG3
1084	s32i	a4, a2, PT_AREG4
1085	s32i	a0, a2, PT_AREG5	# store SAR to PT_AREG5
1086
1087	/* The spill routine might clobber a7, a11, and a15. */
1088
1089	s32i	a7, a2, PT_AREG7
1090	s32i	a11, a2, PT_AREG11
1091	s32i	a15, a2, PT_AREG15
1092
1093	call0	_spill_registers	# destroys a3, a4, and SAR
1094
1095	/* Advance PC, restore registers and SAR, and return from exception. */
1096
1097	l32i	a3, a2, PT_AREG5
1098	l32i	a4, a2, PT_AREG4
1099	l32i	a0, a2, PT_AREG0
1100	wsr	a3, sar
1101	l32i	a3, a2, PT_AREG3
1102
1103	/* Restore clobbered registers. */
1104
1105	l32i	a7, a2, PT_AREG7
1106	l32i	a11, a2, PT_AREG11
1107	l32i	a15, a2, PT_AREG15
1108
1109	movi	a2, 0
1110	rfe
1111
1112ENDPROC(fast_syscall_spill_registers)
1113
1114/* Fixup handler.
1115 *
1116 * We get here if the spill routine causes an exception, e.g. tlb miss.
1117 * We basically restore WINDOWBASE and WINDOWSTART to the condition when
1118 * we entered the spill routine and jump to the user exception handler.
1119 *
1120 * a0: value of depc, original value in depc
1121 * a2: trashed, original value in EXC_TABLE_DOUBLE_SAVE
1122 * a3: exctable, original value in excsave1
1123 */
1124
1125fast_syscall_spill_registers_fixup:
1126
1127	rsr	a2, windowbase	# get current windowbase (a2 is saved)
1128	xsr	a0, depc	# restore depc and a0
1129	ssl	a2		# set shift (32 - WB)
1130
1131	/* We need to make sure the current registers (a0-a3) are preserved.
1132	 * To do this, we simply set the bit for the current window frame
1133	 * in WS, so that the exception handlers save them to the task stack.
1134	 */
1135
1136	xsr	a3, excsave1	# get spill-mask
1137	slli	a2, a3, 1	# shift left by one
1138
1139	slli	a3, a2, 32-WSBITS
1140	src	a2, a2, a3	# a1 = xxwww1yyxxxwww1yy......
1141	wsr	a2, windowstart	# set corrected windowstart
1142
1143	rsr	a3, excsave1
1144	l32i	a2, a3, EXC_TABLE_DOUBLE_SAVE	# restore a2
1145	l32i	a3, a3, EXC_TABLE_PARAM	# original WB (in user task)
1146
1147	/* Return to the original (user task) WINDOWBASE.
1148	 * We leave the following frame behind:
1149	 * a0, a1, a2	same
1150	 * a3:		trashed (saved in excsave_1)
1151	 * depc:	depc (we have to return to that address)
1152	 * excsave_1:	a3
1153	 */
1154
1155	wsr	a3, windowbase
1156	rsync
1157
1158	/* We are now in the original frame when we entered _spill_registers:
1159	 *  a0: return address
1160	 *  a1: used, stack pointer
1161	 *  a2: kernel stack pointer
1162	 *  a3: available, saved in EXCSAVE_1
1163	 *  depc: exception address
1164	 *  excsave: a3
1165	 * Note: This frame might be the same as above.
1166	 */
1167
1168	/* Setup stack pointer. */
1169
1170	addi	a2, a2, -PT_USER_SIZE
1171	s32i	a0, a2, PT_AREG0
1172
1173	/* Make sure we return to this fixup handler. */
1174
1175	movi	a3, fast_syscall_spill_registers_fixup_return
1176	s32i	a3, a2, PT_DEPC		# setup depc
1177
1178	/* Jump to the exception handler. */
1179
1180	rsr	a3, excsave1
1181	rsr	a0, exccause
1182	addx4	a0, a0, a3              	# find entry in table
1183	l32i	a0, a0, EXC_TABLE_FAST_USER     # load handler
1184	jx	a0
1185
1186fast_syscall_spill_registers_fixup_return:
1187
1188	/* When we return here, all registers have been restored (a2: DEPC) */
1189
1190	wsr	a2, depc		# exception address
1191
1192	/* Restore fixup handler. */
1193
1194	xsr	a3, excsave1
1195	movi	a2, fast_syscall_spill_registers_fixup
1196	s32i	a2, a3, EXC_TABLE_FIXUP
1197	s32i	a0, a3, EXC_TABLE_DOUBLE_SAVE
1198	rsr	a2, windowbase
1199	s32i	a2, a3, EXC_TABLE_PARAM
1200	l32i	a2, a3, EXC_TABLE_KSTK
1201
1202	/* Load WB at the time the exception occurred. */
1203
1204	rsr	a3, sar			# WB is still in SAR
1205	neg	a3, a3
1206	wsr	a3, windowbase
1207	rsync
1208
1209	rfde
1210
1211
1212/*
1213 * spill all registers.
1214 *
1215 * This is not a real function. The following conditions must be met:
1216 *
1217 *  - must be called with call0.
1218 *  - uses a3, a4 and SAR.
1219 *  - the last 'valid' register of each frame are clobbered.
1220 *  - the caller must have registered a fixup handler
1221 *    (or be inside a critical section)
1222 *  - PS_EXCM must be set (PS_WOE cleared?)
1223 */
1224
1225ENTRY(_spill_registers)
1226
1227	/*
1228	 * Rotate ws so that the current windowbase is at bit 0.
1229	 * Assume ws = xxxwww1yy (www1 current window frame).
1230	 * Rotate ws right so that a4 = yyxxxwww1.
1231	 */
1232
1233	rsr	a4, windowbase
1234	rsr	a3, windowstart		# a3 = xxxwww1yy
1235	ssr	a4			# holds WB
1236	slli	a4, a3, WSBITS
1237	or	a3, a3, a4		# a3 = xxxwww1yyxxxwww1yy
1238	srl	a3, a3			# a3 = 00xxxwww1yyxxxwww1
1239
1240	/* We are done if there are no more than the current register frame. */
1241
1242	extui	a3, a3, 1, WSBITS-1	# a3 = 0yyxxxwww
1243	movi	a4, (1 << (WSBITS-1))
1244	_beqz	a3, .Lnospill		# only one active frame? jump
1245
1246	/* We want 1 at the top, so that we return to the current windowbase */
1247
1248	or	a3, a3, a4		# 1yyxxxwww
1249
1250	/* Skip empty frames - get 'oldest' WINDOWSTART-bit. */
1251
1252	wsr	a3, windowstart		# save shifted windowstart
1253	neg	a4, a3
1254	and	a3, a4, a3		# first bit set from right: 000010000
1255
1256	ffs_ws	a4, a3			# a4: shifts to skip empty frames
1257	movi	a3, WSBITS
1258	sub	a4, a3, a4		# WSBITS-a4:number of 0-bits from right
1259	ssr	a4			# save in SAR for later.
1260
1261	rsr	a3, windowbase
1262	add	a3, a3, a4
1263	wsr	a3, windowbase
1264	rsync
1265
1266	rsr	a3, windowstart
1267	srl	a3, a3			# shift windowstart
1268
1269	/* WB is now just one frame below the oldest frame in the register
1270	   window. WS is shifted so the oldest frame is in bit 0, thus, WB
1271	   and WS differ by one 4-register frame. */
1272
1273	/* Save frames. Depending what call was used (call4, call8, call12),
1274	 * we have to save 4,8. or 12 registers.
1275	 */
1276
1277	_bbsi.l	a3, 1, .Lc4
1278	_bbsi.l	a3, 2, .Lc8
1279
1280	/* Special case: we have a call12-frame starting at a4. */
1281
1282	_bbci.l	a3, 3, .Lc12	# bit 3 shouldn't be zero! (Jump to Lc12 first)
1283
1284	s32e	a4, a1, -16	# a1 is valid with an empty spill area
1285	l32e	a4, a5, -12
1286	s32e	a8, a4, -48
1287	mov	a8, a4
1288	l32e	a4, a1, -16
1289	j	.Lc12c
1290
1291.Lnospill:
1292	ret
1293
1294.Lloop: _bbsi.l	a3, 1, .Lc4
1295	_bbci.l	a3, 2, .Lc12
1296
1297.Lc8:	s32e	a4, a13, -16
1298	l32e	a4, a5, -12
1299	s32e	a8, a4, -32
1300	s32e	a5, a13, -12
1301	s32e	a6, a13, -8
1302	s32e	a7, a13, -4
1303	s32e	a9, a4, -28
1304	s32e	a10, a4, -24
1305	s32e	a11, a4, -20
1306
1307	srli	a11, a3, 2		# shift windowbase by 2
1308	rotw	2
1309	_bnei	a3, 1, .Lloop
1310
1311.Lexit: /* Done. Do the final rotation, set WS, and return. */
1312
1313	rotw	1
1314	rsr	a3, windowbase
1315	ssl	a3
1316	movi	a3, 1
1317	sll	a3, a3
1318	wsr	a3, windowstart
1319	ret
1320
1321.Lc4:	s32e	a4, a9, -16
1322	s32e	a5, a9, -12
1323	s32e	a6, a9, -8
1324	s32e	a7, a9, -4
1325
1326	srli	a7, a3, 1
1327	rotw	1
1328	_bnei	a3, 1, .Lloop
1329	j	.Lexit
1330
1331.Lc12:	_bbci.l	a3, 3, .Linvalid_mask	# bit 2 shouldn't be zero!
1332
1333	/* 12-register frame (call12) */
1334
1335	l32e	a2, a5, -12
1336	s32e	a8, a2, -48
1337	mov	a8, a2
1338
1339.Lc12c: s32e	a9, a8, -44
1340	s32e	a10, a8, -40
1341	s32e	a11, a8, -36
1342	s32e	a12, a8, -32
1343	s32e	a13, a8, -28
1344	s32e	a14, a8, -24
1345	s32e	a15, a8, -20
1346	srli	a15, a3, 3
1347
1348	/* The stack pointer for a4..a7 is out of reach, so we rotate the
1349	 * window, grab the stackpointer, and rotate back.
1350	 * Alternatively, we could also use the following approach, but that
1351	 * makes the fixup routine much more complicated:
1352	 * rotw	1
1353	 * s32e	a0, a13, -16
1354	 * ...
1355	 * rotw 2
1356	 */
1357
1358	rotw	1
1359	mov	a5, a13
1360	rotw	-1
1361
1362	s32e	a4, a9, -16
1363	s32e	a5, a9, -12
1364	s32e	a6, a9, -8
1365	s32e	a7, a9, -4
1366
1367	rotw	3
1368
1369	_beqi	a3, 1, .Lexit
1370	j	.Lloop
1371
1372.Linvalid_mask:
1373
1374	/* We get here because of an unrecoverable error in the window
1375	 * registers. If we are in user space, we kill the application,
1376	 * however, this condition is unrecoverable in kernel space.
1377	 */
1378
1379	rsr	a0, ps
1380	_bbci.l	a0, PS_UM_BIT, 1f
1381
1382	/* User space: Setup a dummy frame and kill application.
1383	 * Note: We assume EXC_TABLE_KSTK contains a valid stack pointer.
1384	 */
1385
1386	movi	a0, 1
1387	movi	a1, 0
1388
1389	wsr	a0, windowstart
1390	wsr	a1, windowbase
1391	rsync
1392
1393	movi	a0, 0
1394
1395	rsr	a3, excsave1
1396	l32i	a1, a3, EXC_TABLE_KSTK
1397
1398	movi	a4, (1 << PS_WOE_BIT) | LOCKLEVEL
1399	wsr	a4, ps
1400	rsync
1401
1402	movi	a6, SIGSEGV
1403	movi	a4, do_exit
1404	callx4	a4
1405
14061:	/* Kernel space: PANIC! */
1407
1408	wsr	a0, excsave1
1409	movi	a0, unrecoverable_exception
1410	callx0	a0		# should not return
14111:	j	1b
1412
1413ENDPROC(_spill_registers)
1414
1415#ifdef CONFIG_MMU
1416/*
1417 * We should never get here. Bail out!
1418 */
1419
1420ENTRY(fast_second_level_miss_double_kernel)
1421
14221:	movi	a0, unrecoverable_exception
1423	callx0	a0		# should not return
14241:	j	1b
1425
1426ENDPROC(fast_second_level_miss_double_kernel)
1427
1428/* First-level entry handler for user, kernel, and double 2nd-level
1429 * TLB miss exceptions.  Note that for now, user and kernel miss
1430 * exceptions share the same entry point and are handled identically.
1431 *
1432 * An old, less-efficient C version of this function used to exist.
1433 * We include it below, interleaved as comments, for reference.
1434 *
1435 * Entry condition:
1436 *
1437 *   a0:	trashed, original value saved on stack (PT_AREG0)
1438 *   a1:	a1
1439 *   a2:	new stack pointer, original in DEPC
1440 *   a3:	a3
1441 *   depc:	a2, original value saved on stack (PT_DEPC)
1442 *   excsave_1:	dispatch table
1443 *
1444 *   PT_DEPC >= VALID_DOUBLE_EXCEPTION_ADDRESS: double exception, DEPC
1445 *	     <  VALID_DOUBLE_EXCEPTION_ADDRESS: regular exception
1446 */
1447
1448ENTRY(fast_second_level_miss)
1449
1450	/* Save a1 and a3. Note: we don't expect a double exception. */
1451
1452	s32i	a1, a2, PT_AREG1
1453	s32i	a3, a2, PT_AREG3
1454
1455	/* We need to map the page of PTEs for the user task.  Find
1456	 * the pointer to that page.  Also, it's possible for tsk->mm
1457	 * to be NULL while tsk->active_mm is nonzero if we faulted on
1458	 * a vmalloc address.  In that rare case, we must use
1459	 * active_mm instead to avoid a fault in this handler.  See
1460	 *
1461	 * http://mail.nl.linux.org/linux-mm/2002-08/msg00258.html
1462	 *   (or search Internet on "mm vs. active_mm")
1463	 *
1464	 *	if (!mm)
1465	 *		mm = tsk->active_mm;
1466	 *	pgd = pgd_offset (mm, regs->excvaddr);
1467	 *	pmd = pmd_offset (pgd, regs->excvaddr);
1468	 *	pmdval = *pmd;
1469	 */
1470
1471	GET_CURRENT(a1,a2)
1472	l32i	a0, a1, TASK_MM		# tsk->mm
1473	beqz	a0, 9f
1474
14758:	rsr	a3, excvaddr		# fault address
1476	_PGD_OFFSET(a0, a3, a1)
1477	l32i	a0, a0, 0		# read pmdval
1478	beqz	a0, 2f
1479
1480	/* Read ptevaddr and convert to top of page-table page.
1481	 *
1482	 * 	vpnval = read_ptevaddr_register() & PAGE_MASK;
1483	 * 	vpnval += DTLB_WAY_PGTABLE;
1484	 *	pteval = mk_pte (virt_to_page(pmd_val(pmdval)), PAGE_KERNEL);
1485	 *	write_dtlb_entry (pteval, vpnval);
1486	 *
1487	 * The messy computation for 'pteval' above really simplifies
1488	 * into the following:
1489	 *
1490	 * pteval = ((pmdval - PAGE_OFFSET) & PAGE_MASK) | PAGE_DIRECTORY
1491	 */
1492
1493	movi	a1, (-PAGE_OFFSET) & 0xffffffff
1494	add	a0, a0, a1		# pmdval - PAGE_OFFSET
1495	extui	a1, a0, 0, PAGE_SHIFT	# ... & PAGE_MASK
1496	xor	a0, a0, a1
1497
1498	movi	a1, _PAGE_DIRECTORY
1499	or	a0, a0, a1		# ... | PAGE_DIRECTORY
1500
1501	/*
1502	 * We utilize all three wired-ways (7-9) to hold pmd translations.
1503	 * Memory regions are mapped to the DTLBs according to bits 28 and 29.
1504	 * This allows to map the three most common regions to three different
1505	 * DTLBs:
1506	 *  0,1 -> way 7	program (0040.0000) and virtual (c000.0000)
1507	 *  2   -> way 8	shared libaries (2000.0000)
1508	 *  3   -> way 0	stack (3000.0000)
1509	 */
1510
1511	extui	a3, a3, 28, 2		# addr. bit 28 and 29	0,1,2,3
1512	rsr	a1, ptevaddr
1513	addx2	a3, a3, a3		# ->			0,3,6,9
1514	srli	a1, a1, PAGE_SHIFT
1515	extui	a3, a3, 2, 2		# ->			0,0,1,2
1516	slli	a1, a1, PAGE_SHIFT	# ptevaddr & PAGE_MASK
1517	addi	a3, a3, DTLB_WAY_PGD
1518	add	a1, a1, a3		# ... + way_number
1519
15203:	wdtlb	a0, a1
1521	dsync
1522
1523	/* Exit critical section. */
1524
15254:	rsr	a3, excsave1
1526	movi	a0, 0
1527	s32i	a0, a3, EXC_TABLE_FIXUP
1528
1529	/* Restore the working registers, and return. */
1530
1531	l32i	a0, a2, PT_AREG0
1532	l32i	a1, a2, PT_AREG1
1533	l32i	a3, a2, PT_AREG3
1534	l32i	a2, a2, PT_DEPC
1535
1536	bgeui	a2, VALID_DOUBLE_EXCEPTION_ADDRESS, 1f
1537
1538	/* Restore excsave1 and return. */
1539
1540	rsr	a2, depc
1541	rfe
1542
1543	/* Return from double exception. */
1544
15451:	xsr	a2, depc
1546	esync
1547	rfde
1548
15499:	l32i	a0, a1, TASK_ACTIVE_MM	# unlikely case mm == 0
1550	j	8b
1551
1552#if (DCACHE_WAY_SIZE > PAGE_SIZE)
1553
15542:	/* Special case for cache aliasing.
1555	 * We (should) only get here if a clear_user_page, copy_user_page
1556	 * or the aliased cache flush functions got preemptively interrupted
1557	 * by another task. Re-establish temporary mapping to the
1558	 * TLBTEMP_BASE areas.
1559	 */
1560
1561	/* We shouldn't be in a double exception */
1562
1563	l32i	a0, a2, PT_DEPC
1564	bgeui	a0, VALID_DOUBLE_EXCEPTION_ADDRESS, 2f
1565
1566	/* Make sure the exception originated in the special functions */
1567
1568	movi	a0, __tlbtemp_mapping_start
1569	rsr	a3, epc1
1570	bltu	a3, a0, 2f
1571	movi	a0, __tlbtemp_mapping_end
1572	bgeu	a3, a0, 2f
1573
1574	/* Check if excvaddr was in one of the TLBTEMP_BASE areas. */
1575
1576	movi	a3, TLBTEMP_BASE_1
1577	rsr	a0, excvaddr
1578	bltu	a0, a3, 2f
1579
1580	addi	a1, a0, -(2 << (DCACHE_ALIAS_ORDER + PAGE_SHIFT))
1581	bgeu	a1, a3, 2f
1582
1583	/* Check if we have to restore an ITLB mapping. */
1584
1585	movi	a1, __tlbtemp_mapping_itlb
1586	rsr	a3, epc1
1587	sub	a3, a3, a1
1588
1589	/* Calculate VPN */
1590
1591	movi	a1, PAGE_MASK
1592	and	a1, a1, a0
1593
1594	/* Jump for ITLB entry */
1595
1596	bgez	a3, 1f
1597
1598	/* We can use up to two TLBTEMP areas, one for src and one for dst. */
1599
1600	extui	a3, a0, PAGE_SHIFT + DCACHE_ALIAS_ORDER, 1
1601	add	a1, a3, a1
1602
1603	/* PPN is in a6 for the first TLBTEMP area and in a7 for the second. */
1604
1605	mov	a0, a6
1606	movnez	a0, a7, a3
1607	j	3b
1608
1609	/* ITLB entry. We only use dst in a6. */
1610
16111:	witlb	a6, a1
1612	isync
1613	j	4b
1614
1615
1616#endif	// DCACHE_WAY_SIZE > PAGE_SIZE
1617
1618
16192:	/* Invalid PGD, default exception handling */
1620
1621	rsr	a1, depc
1622	s32i	a1, a2, PT_AREG2
1623	mov	a1, a2
1624
1625	rsr	a2, ps
1626	bbsi.l	a2, PS_UM_BIT, 1f
1627	j	_kernel_exception
16281:	j	_user_exception
1629
1630ENDPROC(fast_second_level_miss)
1631
1632/*
1633 * StoreProhibitedException
1634 *
1635 * Update the pte and invalidate the itlb mapping for this pte.
1636 *
1637 * Entry condition:
1638 *
1639 *   a0:	trashed, original value saved on stack (PT_AREG0)
1640 *   a1:	a1
1641 *   a2:	new stack pointer, original in DEPC
1642 *   a3:	a3
1643 *   depc:	a2, original value saved on stack (PT_DEPC)
1644 *   excsave_1:	dispatch table
1645 *
1646 *   PT_DEPC >= VALID_DOUBLE_EXCEPTION_ADDRESS: double exception, DEPC
1647 *	     <  VALID_DOUBLE_EXCEPTION_ADDRESS: regular exception
1648 */
1649
1650ENTRY(fast_store_prohibited)
1651
1652	/* Save a1 and a3. */
1653
1654	s32i	a1, a2, PT_AREG1
1655	s32i	a3, a2, PT_AREG3
1656
1657	GET_CURRENT(a1,a2)
1658	l32i	a0, a1, TASK_MM		# tsk->mm
1659	beqz	a0, 9f
1660
16618:	rsr	a1, excvaddr		# fault address
1662	_PGD_OFFSET(a0, a1, a3)
1663	l32i	a0, a0, 0
1664	beqz	a0, 2f
1665
1666	/*
1667	 * Note that we test _PAGE_WRITABLE_BIT only if PTE is present
1668	 * and is not PAGE_NONE. See pgtable.h for possible PTE layouts.
1669	 */
1670
1671	_PTE_OFFSET(a0, a1, a3)
1672	l32i	a3, a0, 0		# read pteval
1673	movi	a1, _PAGE_CA_INVALID
1674	ball	a3, a1, 2f
1675	bbci.l	a3, _PAGE_WRITABLE_BIT, 2f
1676
1677	movi	a1, _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_HW_WRITE
1678	or	a3, a3, a1
1679	rsr	a1, excvaddr
1680	s32i	a3, a0, 0
1681
1682	/* We need to flush the cache if we have page coloring. */
1683#if (DCACHE_WAY_SIZE > PAGE_SIZE) && XCHAL_DCACHE_IS_WRITEBACK
1684	dhwb	a0, 0
1685#endif
1686	pdtlb	a0, a1
1687	wdtlb	a3, a0
1688
1689	/* Exit critical section. */
1690
1691	movi	a0, 0
1692	rsr	a3, excsave1
1693	s32i	a0, a3, EXC_TABLE_FIXUP
1694
1695	/* Restore the working registers, and return. */
1696
1697	l32i	a3, a2, PT_AREG3
1698	l32i	a1, a2, PT_AREG1
1699	l32i	a0, a2, PT_AREG0
1700	l32i	a2, a2, PT_DEPC
1701
1702	bgeui	a2, VALID_DOUBLE_EXCEPTION_ADDRESS, 1f
1703
1704	rsr	a2, depc
1705	rfe
1706
1707	/* Double exception. Restore FIXUP handler and return. */
1708
17091:	xsr	a2, depc
1710	esync
1711	rfde
1712
17139:	l32i	a0, a1, TASK_ACTIVE_MM	# unlikely case mm == 0
1714	j	8b
1715
17162:	/* If there was a problem, handle fault in C */
1717
1718	rsr	a3, depc	# still holds a2
1719	s32i	a3, a2, PT_AREG2
1720	mov	a1, a2
1721
1722	rsr	a2, ps
1723	bbsi.l	a2, PS_UM_BIT, 1f
1724	j	_kernel_exception
17251:	j	_user_exception
1726
1727ENDPROC(fast_store_prohibited)
1728
1729#endif /* CONFIG_MMU */
1730
1731/*
1732 * System Calls.
1733 *
1734 * void system_call (struct pt_regs* regs, int exccause)
1735 *                            a2                 a3
1736 */
1737
1738ENTRY(system_call)
1739
1740	entry	a1, 32
1741
1742	/* regs->syscall = regs->areg[2] */
1743
1744	l32i	a3, a2, PT_AREG2
1745	mov	a6, a2
1746	movi	a4, do_syscall_trace_enter
1747	s32i	a3, a2, PT_SYSCALL
1748	callx4	a4
1749
1750	/* syscall = sys_call_table[syscall_nr] */
1751
1752	movi	a4, sys_call_table;
1753	movi	a5, __NR_syscall_count
1754	movi	a6, -ENOSYS
1755	bgeu	a3, a5, 1f
1756
1757	addx4	a4, a3, a4
1758	l32i	a4, a4, 0
1759	movi	a5, sys_ni_syscall;
1760	beq	a4, a5, 1f
1761
1762	/* Load args: arg0 - arg5 are passed via regs. */
1763
1764	l32i	a6, a2, PT_AREG6
1765	l32i	a7, a2, PT_AREG3
1766	l32i	a8, a2, PT_AREG4
1767	l32i	a9, a2, PT_AREG5
1768	l32i	a10, a2, PT_AREG8
1769	l32i	a11, a2, PT_AREG9
1770
1771	/* Pass one additional argument to the syscall: pt_regs (on stack) */
1772	s32i	a2, a1, 0
1773
1774	callx4	a4
1775
17761:	/* regs->areg[2] = return_value */
1777
1778	s32i	a6, a2, PT_AREG2
1779	movi	a4, do_syscall_trace_leave
1780	mov	a6, a2
1781	callx4	a4
1782	retw
1783
1784ENDPROC(system_call)
1785
1786
1787/*
1788 * Task switch.
1789 *
1790 * struct task*  _switch_to (struct task* prev, struct task* next)
1791 *         a2                              a2                 a3
1792 */
1793
1794ENTRY(_switch_to)
1795
1796	entry	a1, 16
1797
1798	mov	a12, a2			# preserve 'prev' (a2)
1799	mov	a13, a3			# and 'next' (a3)
1800
1801	l32i	a4, a2, TASK_THREAD_INFO
1802	l32i	a5, a3, TASK_THREAD_INFO
1803
1804	save_xtregs_user a4 a6 a8 a9 a10 a11 THREAD_XTREGS_USER
1805
1806	s32i	a0, a12, THREAD_RA	# save return address
1807	s32i	a1, a12, THREAD_SP	# save stack pointer
1808
1809	/* Disable ints while we manipulate the stack pointer. */
1810
1811	movi	a14, (1 << PS_EXCM_BIT) | LOCKLEVEL
1812	xsr	a14, ps
1813	rsr	a3, excsave1
1814	rsync
1815	s32i	a3, a3, EXC_TABLE_FIXUP	/* enter critical section */
1816
1817	/* Switch CPENABLE */
1818
1819#if (XTENSA_HAVE_COPROCESSORS || XTENSA_HAVE_IO_PORTS)
1820	l32i	a3, a5, THREAD_CPENABLE
1821	xsr	a3, cpenable
1822	s32i	a3, a4, THREAD_CPENABLE
1823#endif
1824
1825	/* Flush register file. */
1826
1827	call0	_spill_registers	# destroys a3, a4, and SAR
1828
1829	/* Set kernel stack (and leave critical section)
1830	 * Note: It's save to set it here. The stack will not be overwritten
1831	 *       because the kernel stack will only be loaded again after
1832	 *       we return from kernel space.
1833	 */
1834
1835	rsr	a3, excsave1		# exc_table
1836	movi	a6, 0
1837	addi	a7, a5, PT_REGS_OFFSET
1838	s32i	a6, a3, EXC_TABLE_FIXUP
1839	s32i	a7, a3, EXC_TABLE_KSTK
1840
1841	/* restore context of the task 'next' */
1842
1843	l32i	a0, a13, THREAD_RA	# restore return address
1844	l32i	a1, a13, THREAD_SP	# restore stack pointer
1845
1846	load_xtregs_user a5 a6 a8 a9 a10 a11 THREAD_XTREGS_USER
1847
1848	wsr	a14, ps
1849	mov	a2, a12			# return 'prev'
1850	rsync
1851
1852	retw
1853
1854ENDPROC(_switch_to)
1855
1856ENTRY(ret_from_fork)
1857
1858	/* void schedule_tail (struct task_struct *prev)
1859	 * Note: prev is still in a6 (return value from fake call4 frame)
1860	 */
1861	movi	a4, schedule_tail
1862	callx4	a4
1863
1864	movi	a4, do_syscall_trace_leave
1865	mov	a6, a1
1866	callx4	a4
1867
1868	j	common_exception_return
1869
1870ENDPROC(ret_from_fork)
1871
1872/*
1873 * Kernel thread creation helper
1874 * On entry, set up by copy_thread: a2 = thread_fn, a3 = thread_fn arg
1875 *           left from _switch_to: a6 = prev
1876 */
1877ENTRY(ret_from_kernel_thread)
1878
1879	call4	schedule_tail
1880	mov	a6, a3
1881	callx4	a2
1882	j	common_exception_return
1883
1884ENDPROC(ret_from_kernel_thread)
1885