xref: /openbmc/linux/arch/xtensa/kernel/vectors.S (revision 5bd8e16d) 
1/*
2 * arch/xtensa/kernel/vectors.S
3 *
4 * This file contains all exception vectors (user, kernel, and double),
5 * as well as the window vectors (overflow and underflow), and the debug
6 * vector. These are the primary vectors executed by the processor if an
7 * exception occurs.
8 *
9 * This file is subject to the terms and conditions of the GNU General
10 * Public License.  See the file "COPYING" in the main directory of
11 * this archive for more details.
12 *
13 * Copyright (C) 2005 - 2008 Tensilica, Inc.
14 *
15 * Chris Zankel <chris@zankel.net>
16 *
17 */
18
19/*
20 * We use a two-level table approach. The user and kernel exception vectors
21 * use a first-level dispatch table to dispatch the exception to a registered
22 * fast handler or the default handler, if no fast handler was registered.
23 * The default handler sets up a C-stack and dispatches the exception to a
24 * registerd C handler in the second-level dispatch table.
25 *
26 * Fast handler entry condition:
27 *
28 *   a0:	trashed, original value saved on stack (PT_AREG0)
29 *   a1:	a1
30 *   a2:	new stack pointer, original value in depc
31 *   a3:	dispatch table
32 *   depc:	a2, original value saved on stack (PT_DEPC)
33 *   excsave_1:	a3
34 *
35 * The value for PT_DEPC saved to stack also functions as a boolean to
36 * indicate that the exception is either a double or a regular exception:
37 *
38 *   PT_DEPC	>= VALID_DOUBLE_EXCEPTION_ADDRESS: double exception
39 *		<  VALID_DOUBLE_EXCEPTION_ADDRESS: regular exception
40 *
41 * Note:  Neither the kernel nor the user exception handler generate literals.
42 *
43 */
44
45#include <linux/linkage.h>
46#include <asm/ptrace.h>
47#include <asm/current.h>
48#include <asm/asm-offsets.h>
49#include <asm/pgtable.h>
50#include <asm/processor.h>
51#include <asm/page.h>
52#include <asm/thread_info.h>
53#include <asm/vectors.h>
54
55#define WINDOW_VECTORS_SIZE   0x180
56
57
58/*
59 * User exception vector. (Exceptions with PS.UM == 1, PS.EXCM == 0)
60 *
61 * We get here when an exception occurred while we were in userland.
62 * We switch to the kernel stack and jump to the first level handler
63 * associated to the exception cause.
64 *
65 * Note: the saved kernel stack pointer (EXC_TABLE_KSTK) is already
66 *       decremented by PT_USER_SIZE.
67 */
68
69	.section .UserExceptionVector.text, "ax"
70
71ENTRY(_UserExceptionVector)
72
73	xsr	a3, excsave1		# save a3 and get dispatch table
74	wsr	a2, depc		# save a2
75	l32i	a2, a3, EXC_TABLE_KSTK	# load kernel stack to a2
76	s32i	a0, a2, PT_AREG0	# save a0 to ESF
77	rsr	a0, exccause		# retrieve exception cause
78	s32i	a0, a2, PT_DEPC		# mark it as a regular exception
79	addx4	a0, a0, a3		# find entry in table
80	l32i	a0, a0, EXC_TABLE_FAST_USER	# load handler
81	xsr	a3, excsave1		# restore a3 and dispatch table
82	jx	a0
83
84ENDPROC(_UserExceptionVector)
85
86/*
87 * Kernel exception vector. (Exceptions with PS.UM == 0, PS.EXCM == 0)
88 *
89 * We get this exception when we were already in kernel space.
90 * We decrement the current stack pointer (kernel) by PT_SIZE and
91 * jump to the first-level handler associated with the exception cause.
92 *
93 * Note: we need to preserve space for the spill region.
94 */
95
96	.section .KernelExceptionVector.text, "ax"
97
98ENTRY(_KernelExceptionVector)
99
100	xsr	a3, excsave1		# save a3, and get dispatch table
101	wsr	a2, depc		# save a2
102	addi	a2, a1, -16-PT_SIZE	# adjust stack pointer
103	s32i	a0, a2, PT_AREG0	# save a0 to ESF
104	rsr	a0, exccause		# retrieve exception cause
105	s32i	a0, a2, PT_DEPC		# mark it as a regular exception
106	addx4	a0, a0, a3		# find entry in table
107	l32i	a0, a0, EXC_TABLE_FAST_KERNEL	# load handler address
108	xsr	a3, excsave1		# restore a3 and dispatch table
109	jx	a0
110
111ENDPROC(_KernelExceptionVector)
112
113/*
114 * Double exception vector (Exceptions with PS.EXCM == 1)
115 * We get this exception when another exception occurs while were are
116 * already in an exception, such as window overflow/underflow exception,
117 * or 'expected' exceptions, for example memory exception when we were trying
118 * to read data from an invalid address in user space.
119 *
120 * Note that this vector is never invoked for level-1 interrupts, because such
121 * interrupts are disabled (masked) when PS.EXCM is set.
122 *
123 * We decode the exception and take the appropriate action.  However, the
124 * double exception vector is much more careful, because a lot more error
125 * cases go through the double exception vector than through the user and
126 * kernel exception vectors.
127 *
128 * Occasionally, the kernel expects a double exception to occur.  This usually
129 * happens when accessing user-space memory with the user's permissions
130 * (l32e/s32e instructions).  The kernel state, though, is not always suitable
131 * for immediate transfer of control to handle_double, where "normal" exception
132 * processing occurs. Also in kernel mode, TLB misses can occur if accessing
133 * vmalloc memory, possibly requiring repair in a double exception handler.
134 *
135 * The variable at TABLE_FIXUP offset from the pointer in EXCSAVE_1 doubles as
136 * a boolean variable and a pointer to a fixup routine. If the variable
137 * EXC_TABLE_FIXUP is non-zero, this handler jumps to that address. A value of
138 * zero indicates to use the default kernel/user exception handler.
139 * There is only one exception, when the value is identical to the exc_table
140 * label, the kernel is in trouble. This mechanism is used to protect critical
141 * sections, mainly when the handler writes to the stack to assert the stack
142 * pointer is valid. Once the fixup/default handler leaves that area, the
143 * EXC_TABLE_FIXUP variable is reset to the fixup handler or zero.
144 *
145 * Procedures wishing to use this mechanism should set EXC_TABLE_FIXUP to the
146 * nonzero address of a fixup routine before it could cause a double exception
147 * and reset it before it returns.
148 *
149 * Some other things to take care of when a fast exception handler doesn't
150 * specify a particular fixup handler but wants to use the default handlers:
151 *
152 *  - The original stack pointer (in a1) must not be modified. The fast
153 *    exception handler should only use a2 as the stack pointer.
154 *
155 *  - If the fast handler manipulates the stack pointer (in a2), it has to
156 *    register a valid fixup handler and cannot use the default handlers.
157 *
158 *  - The handler can use any other generic register from a3 to a15, but it
159 *    must save the content of these registers to stack (PT_AREG3...PT_AREGx)
160 *
161 *  - These registers must be saved before a double exception can occur.
162 *
163 *  - If we ever implement handling signals while in double exceptions, the
164 *    number of registers a fast handler has saved (excluding a0 and a1) must
165 *    be written to  PT_AREG1. (1 if only a3 is used, 2 for a3 and a4, etc. )
166 *
167 * The fixup handlers are special handlers:
168 *
169 *  - Fixup entry conditions differ from regular exceptions:
170 *
171 *	a0:	   DEPC
172 *	a1: 	   a1
173 *	a2:	   trashed, original value in EXC_TABLE_DOUBLE_SAVE
174 *	a3:	   exctable
175 *	depc:	   a0
176 *	excsave_1: a3
177 *
178 *  - When the kernel enters the fixup handler, it still assumes it is in a
179 *    critical section, so EXC_TABLE_FIXUP variable is set to exc_table.
180 *    The fixup handler, therefore, has to re-register itself as the fixup
181 *    handler before it returns from the double exception.
182 *
183 *  - Fixup handler can share the same exception frame with the fast handler.
184 *    The kernel stack pointer is not changed when entering the fixup handler.
185 *
186 *  - Fixup handlers can jump to the default kernel and user exception
187 *    handlers. Before it jumps, though, it has to setup a exception frame
188 *    on stack. Because the default handler resets the register fixup handler
189 *    the fixup handler must make sure that the default handler returns to
190 *    it instead of the exception address, so it can re-register itself as
191 *    the fixup handler.
192 *
193 * In case of a critical condition where the kernel cannot recover, we jump
194 * to unrecoverable_exception with the following entry conditions.
195 * All registers a0...a15 are unchanged from the last exception, except:
196 *
197 *	a0:	   last address before we jumped to the unrecoverable_exception.
198 *	excsave_1: a0
199 *
200 *
201 * See the handle_alloca_user and spill_registers routines for example clients.
202 *
203 * FIXME: Note: we currently don't allow signal handling coming from a double
204 *        exception, so the item markt with (*) is not required.
205 */
206
207	.section .DoubleExceptionVector.text, "ax"
208	.begin literal_prefix .DoubleExceptionVector
209	.globl _DoubleExceptionVector_WindowUnderflow
210	.globl _DoubleExceptionVector_WindowOverflow
211
212ENTRY(_DoubleExceptionVector)
213
214	xsr	a3, excsave1
215	s32i	a2, a3, EXC_TABLE_DOUBLE_SAVE
216
217	/* Check for kernel double exception (usually fatal). */
218
219	rsr	a2, ps
220	_bbci.l	a2, PS_UM_BIT, .Lksp
221
222	/* Check if we are currently handling a window exception. */
223	/* Note: We don't need to indicate that we enter a critical section. */
224
225	xsr	a0, depc		# get DEPC, save a0
226
227	movi	a2, WINDOW_VECTORS_VADDR
228	_bltu	a0, a2, .Lfixup
229	addi	a2, a2, WINDOW_VECTORS_SIZE
230	_bgeu	a0, a2, .Lfixup
231
232	/* Window overflow/underflow exception. Get stack pointer. */
233
234	l32i	a2, a3, EXC_TABLE_KSTK
235
236	/* Check for overflow/underflow exception, jump if overflow. */
237
238	_bbci.l	a0, 6, _DoubleExceptionVector_WindowOverflow
239
240	/*
241	 * Restart window underflow exception.
242	 * Currently:
243	 *	depc = orig a0,
244	 *	a0 = orig DEPC,
245	 *	a2 = new sp based on KSTK from exc_table
246	 *	a3 = excsave_1
247	 *	excsave_1 = orig a3
248	 *
249	 * We return to the instruction in user space that caused the window
250	 * underflow exception. Therefore, we change window base to the value
251	 * before we entered the window underflow exception and prepare the
252	 * registers to return as if we were coming from a regular exception
253	 * by changing depc (in a0).
254	 * Note: We can trash the current window frame (a0...a3) and depc!
255	 */
256_DoubleExceptionVector_WindowUnderflow:
257	xsr	a3, excsave1
258	wsr	a2, depc		# save stack pointer temporarily
259	rsr	a0, ps
260	extui	a0, a0, PS_OWB_SHIFT, PS_OWB_WIDTH
261	wsr	a0, windowbase
262	rsync
263
264	/* We are now in the previous window frame. Save registers again. */
265
266	xsr	a2, depc		# save a2 and get stack pointer
267	s32i	a0, a2, PT_AREG0
268	xsr	a3, excsave1
269	rsr	a0, exccause
270	s32i	a0, a2, PT_DEPC		# mark it as a regular exception
271	addx4	a0, a0, a3
272	xsr	a3, excsave1
273	l32i	a0, a0, EXC_TABLE_FAST_USER
274	jx	a0
275
276	/*
277	 * We only allow the ITLB miss exception if we are in kernel space.
278	 * All other exceptions are unexpected and thus unrecoverable!
279	 */
280
281#ifdef CONFIG_MMU
282	.extern fast_second_level_miss_double_kernel
283
284.Lksp:	/* a0: a0, a1: a1, a2: a2, a3: trashed, depc: depc, excsave: a3 */
285
286	rsr	a3, exccause
287	beqi	a3, EXCCAUSE_ITLB_MISS, 1f
288	addi	a3, a3, -EXCCAUSE_DTLB_MISS
289	bnez	a3, .Lunrecoverable
2901:	movi	a3, fast_second_level_miss_double_kernel
291	jx	a3
292#else
293.equ	.Lksp,	.Lunrecoverable
294#endif
295
296	/* Critical! We can't handle this situation. PANIC! */
297
298	.extern unrecoverable_exception
299
300.Lunrecoverable_fixup:
301	l32i	a2, a3, EXC_TABLE_DOUBLE_SAVE
302	xsr	a0, depc
303
304.Lunrecoverable:
305	rsr	a3, excsave1
306	wsr	a0, excsave1
307	movi	a0, unrecoverable_exception
308	callx0	a0
309
310.Lfixup:/* Check for a fixup handler or if we were in a critical section. */
311
312	/* a0: depc, a1: a1, a2: trash, a3: exctable, depc: a0, excsave1: a3 */
313
314	/* Enter critical section. */
315
316	l32i	a2, a3, EXC_TABLE_FIXUP
317	s32i	a3, a3, EXC_TABLE_FIXUP
318	beq	a2, a3, .Lunrecoverable_fixup	# critical section
319	beqz	a2, .Ldflt			# no handler was registered
320
321	/* a0: depc, a1: a1, a2: trash, a3: exctable, depc: a0, excsave: a3 */
322
323	jx	a2
324
325.Ldflt:	/* Get stack pointer. */
326
327	l32i	a2, a3, EXC_TABLE_DOUBLE_SAVE
328	addi	a2, a2, -PT_USER_SIZE
329
330	/* a0: depc, a1: a1, a2: kstk, a3: exctable, depc: a0, excsave: a3 */
331
332	s32i	a0, a2, PT_DEPC
333	l32i	a0, a3, EXC_TABLE_DOUBLE_SAVE
334	xsr	a0, depc
335	s32i	a0, a2, PT_AREG0
336
337	/* a0: avail, a1: a1, a2: kstk, a3: exctable, depc: a2, excsave: a3 */
338
339	rsr	a0, exccause
340	addx4	a0, a0, a3
341	xsr	a3, excsave1
342	l32i	a0, a0, EXC_TABLE_FAST_USER
343	jx	a0
344
345	/*
346	 * Restart window OVERFLOW exception.
347	 * Currently:
348	 *	depc = orig a0,
349	 *	a0 = orig DEPC,
350	 *	a2 = new sp based on KSTK from exc_table
351	 *	a3 = EXCSAVE_1
352	 *	excsave_1 = orig a3
353	 *
354	 * We return to the instruction in user space that caused the window
355	 * overflow exception. Therefore, we change window base to the value
356	 * before we entered the window overflow exception and prepare the
357	 * registers to return as if we were coming from a regular exception
358	 * by changing DEPC (in a0).
359	 *
360	 * NOTE: We CANNOT trash the current window frame (a0...a3), but we
361	 * can clobber depc.
362	 *
363	 * The tricky part here is that overflow8 and overflow12 handlers
364	 * save a0, then clobber a0.  To restart the handler, we have to restore
365	 * a0 if the double exception was past the point where a0 was clobbered.
366	 *
367	 * To keep things simple, we take advantage of the fact all overflow
368	 * handlers save a0 in their very first instruction.  If DEPC was past
369	 * that instruction, we can safely restore a0 from where it was saved
370	 * on the stack.
371	 *
372	 * a0: depc, a1: a1, a2: kstk, a3: exc_table, depc: a0, excsave1: a3
373	 */
374_DoubleExceptionVector_WindowOverflow:
375	extui	a2, a0, 0, 6	# get offset into 64-byte vector handler
376	beqz	a2, 1f		# if at start of vector, don't restore
377
378	addi	a0, a0, -128
379	bbsi	a0, 8, 1f	# don't restore except for overflow 8 and 12
380	bbsi	a0, 7, 2f
381
382	/*
383	 * Restore a0 as saved by _WindowOverflow8().
384	 *
385	 * FIXME:  we really need a fixup handler for this L32E,
386	 * for the extremely unlikely case where the overflow handler's
387	 * reference thru a0 gets a hardware TLB refill that bumps out
388	 * the (distinct, aliasing) TLB entry that mapped its prior
389	 * references thru a9, and where our reference now thru a9
390	 * gets a 2nd-level miss exception (not hardware TLB refill).
391	 */
392
393	l32e	a2, a9, -16
394	wsr	a2, depc	# replace the saved a0
395	j	1f
396
3972:
398	/*
399	 * Restore a0 as saved by _WindowOverflow12().
400	 *
401	 * FIXME:  we really need a fixup handler for this L32E,
402	 * for the extremely unlikely case where the overflow handler's
403	 * reference thru a0 gets a hardware TLB refill that bumps out
404	 * the (distinct, aliasing) TLB entry that mapped its prior
405	 * references thru a13, and where our reference now thru a13
406	 * gets a 2nd-level miss exception (not hardware TLB refill).
407	 */
408
409	l32e	a2, a13, -16
410	wsr	a2, depc	# replace the saved a0
4111:
412	/*
413	 * Restore WindowBase while leaving all address registers restored.
414	 * We have to use ROTW for this, because WSR.WINDOWBASE requires
415	 * an address register (which would prevent restore).
416	 *
417	 * Window Base goes from 0 ... 7 (Module 8)
418	 * Window Start is 8 bits; Ex: (0b1010 1010):0x55 from series of call4s
419	 */
420
421	rsr	a0, ps
422	extui	a0, a0, PS_OWB_SHIFT, PS_OWB_WIDTH
423	rsr	a2, windowbase
424	sub	a0, a2, a0
425	extui	a0, a0, 0, 3
426
427	l32i	a2, a3, EXC_TABLE_DOUBLE_SAVE
428	xsr	a3, excsave1
429	beqi	a0, 1, .L1pane
430	beqi	a0, 3, .L3pane
431
432	rsr	a0, depc
433	rotw	-2
434
435	/*
436	 * We are now in the user code's original window frame.
437	 * Process the exception as a user exception as if it was
438	 * taken by the user code.
439	 *
440	 * This is similar to the user exception vector,
441	 * except that PT_DEPC isn't set to EXCCAUSE.
442	 */
4431:
444	xsr	a3, excsave1
445	wsr	a2, depc
446	l32i	a2, a3, EXC_TABLE_KSTK
447	s32i	a0, a2, PT_AREG0
448	rsr	a0, exccause
449
450	s32i	a0, a2, PT_DEPC
451
452	addx4	a0, a0, a3
453	l32i	a0, a0, EXC_TABLE_FAST_USER
454	xsr	a3, excsave1
455	jx	a0
456
457.L1pane:
458	rsr	a0, depc
459	rotw	-1
460	j	1b
461
462.L3pane:
463	rsr	a0, depc
464	rotw	-3
465	j	1b
466
467	.end literal_prefix
468
469ENDPROC(_DoubleExceptionVector)
470
471/*
472 * Debug interrupt vector
473 *
474 * There is not much space here, so simply jump to another handler.
475 * EXCSAVE[DEBUGLEVEL] has been set to that handler.
476 */
477
478	.section .DebugInterruptVector.text, "ax"
479
480ENTRY(_DebugInterruptVector)
481
482	xsr	a0, SREG_EXCSAVE + XCHAL_DEBUGLEVEL
483	jx	a0
484
485ENDPROC(_DebugInterruptVector)
486
487
488
489/*
490 * Medium priority level interrupt vectors
491 *
492 * Each takes less than 16 (0x10) bytes, no literals, by placing
493 * the extra 8 bytes that would otherwise be required in the window
494 * vectors area where there is space.  With relocatable vectors,
495 * all vectors are within ~ 4 kB range of each other, so we can
496 * simply jump (J) to another vector without having to use JX.
497 *
498 * common_exception code gets current IRQ level in PS.INTLEVEL
499 * and preserves it for the IRQ handling time.
500 */
501
502	.macro	irq_entry_level level
503
504	.if	XCHAL_EXCM_LEVEL >= \level
505	.section .Level\level\()InterruptVector.text, "ax"
506ENTRY(_Level\level\()InterruptVector)
507	wsr	a0, excsave2
508	rsr	a0, epc\level
509	wsr	a0, epc1
510	movi	a0, EXCCAUSE_LEVEL1_INTERRUPT
511	wsr	a0, exccause
512	rsr	a0, eps\level
513					# branch to user or kernel vector
514	j	_SimulateUserKernelVectorException
515	.endif
516
517	.endm
518
519	irq_entry_level 2
520	irq_entry_level 3
521	irq_entry_level 4
522	irq_entry_level 5
523	irq_entry_level 6
524
525
526/* Window overflow and underflow handlers.
527 * The handlers must be 64 bytes apart, first starting with the underflow
528 * handlers underflow-4 to underflow-12, then the overflow handlers
529 * overflow-4 to overflow-12.
530 *
531 * Note: We rerun the underflow handlers if we hit an exception, so
532 *	 we try to access any page that would cause a page fault early.
533 */
534
535#define ENTRY_ALIGN64(name)	\
536	.globl name;		\
537	.align 64;		\
538	name:
539
540	.section		.WindowVectors.text, "ax"
541
542
543/* 4-Register Window Overflow Vector (Handler) */
544
545ENTRY_ALIGN64(_WindowOverflow4)
546
547	s32e	a0, a5, -16
548	s32e	a1, a5, -12
549	s32e	a2, a5,  -8
550	s32e	a3, a5,  -4
551	rfwo
552
553ENDPROC(_WindowOverflow4)
554
555
556#if XCHAL_EXCM_LEVEL >= 2
557	/*  Not a window vector - but a convenient location
558	 *  (where we know there's space) for continuation of
559	 *  medium priority interrupt dispatch code.
560	 *  On entry here, a0 contains PS, and EPC2 contains saved a0:
561	 */
562	.align 4
563_SimulateUserKernelVectorException:
564	addi	a0, a0, (1 << PS_EXCM_BIT)
565	wsr	a0, ps
566	bbsi.l	a0, PS_UM_BIT, 1f	# branch if user mode
567	rsr	a0, excsave2		# restore a0
568	j	_KernelExceptionVector	# simulate kernel vector exception
5691:	rsr	a0, excsave2		# restore a0
570	j	_UserExceptionVector	# simulate user vector exception
571#endif
572
573
574/* 4-Register Window Underflow Vector (Handler) */
575
576ENTRY_ALIGN64(_WindowUnderflow4)
577
578	l32e	a0, a5, -16
579	l32e	a1, a5, -12
580	l32e	a2, a5,  -8
581	l32e	a3, a5,  -4
582	rfwu
583
584ENDPROC(_WindowUnderflow4)
585
586/* 8-Register Window Overflow Vector (Handler) */
587
588ENTRY_ALIGN64(_WindowOverflow8)
589
590	s32e	a0, a9, -16
591	l32e	a0, a1, -12
592	s32e	a2, a9,  -8
593	s32e	a1, a9, -12
594	s32e	a3, a9,  -4
595	s32e	a4, a0, -32
596	s32e	a5, a0, -28
597	s32e	a6, a0, -24
598	s32e	a7, a0, -20
599	rfwo
600
601ENDPROC(_WindowOverflow8)
602
603/* 8-Register Window Underflow Vector (Handler) */
604
605ENTRY_ALIGN64(_WindowUnderflow8)
606
607	l32e	a1, a9, -12
608	l32e	a0, a9, -16
609	l32e	a7, a1, -12
610	l32e	a2, a9,  -8
611	l32e	a4, a7, -32
612	l32e	a3, a9,  -4
613	l32e	a5, a7, -28
614	l32e	a6, a7, -24
615	l32e	a7, a7, -20
616	rfwu
617
618ENDPROC(_WindowUnderflow8)
619
620/* 12-Register Window Overflow Vector (Handler) */
621
622ENTRY_ALIGN64(_WindowOverflow12)
623
624	s32e	a0,  a13, -16
625	l32e	a0,  a1,  -12
626	s32e	a1,  a13, -12
627	s32e	a2,  a13,  -8
628	s32e	a3,  a13,  -4
629	s32e	a4,  a0,  -48
630	s32e	a5,  a0,  -44
631	s32e	a6,  a0,  -40
632	s32e	a7,  a0,  -36
633	s32e	a8,  a0,  -32
634	s32e	a9,  a0,  -28
635	s32e	a10, a0,  -24
636	s32e	a11, a0,  -20
637	rfwo
638
639ENDPROC(_WindowOverflow12)
640
641/* 12-Register Window Underflow Vector (Handler) */
642
643ENTRY_ALIGN64(_WindowUnderflow12)
644
645	l32e	a1,  a13, -12
646	l32e	a0,  a13, -16
647	l32e	a11, a1,  -12
648	l32e	a2,  a13,  -8
649	l32e	a4,  a11, -48
650	l32e	a8,  a11, -32
651	l32e	a3,  a13,  -4
652	l32e	a5,  a11, -44
653	l32e	a6,  a11, -40
654	l32e	a7,  a11, -36
655	l32e	a9,  a11, -28
656	l32e	a10, a11, -24
657	l32e	a11, a11, -20
658	rfwu
659
660ENDPROC(_WindowUnderflow12)
661
662	.text
663