1 /* SPDX-License-Identifier: GPL-2.0-or-later */
3 * Copyright (c) 1995-1996 Gary Thomas <gdt@linuxppc.org>
4 * Initial PowerPC version.
5 * Copyright (c) 1996 Cort Dougan <cort@cs.nmt.edu>
7 * Copyright (c) 1996 Paul Mackerras <paulus@cs.anu.edu.au>
8 * Low-level exception handers, MMU support, and rewrite.
9 * Copyright (c) 1997 Dan Malek <dmalek@jlc.net>
10 * PowerPC 8xx modifications.
11 * Copyright (c) 1998-1999 TiVo, Inc.
12 * PowerPC 403GCX modifications.
13 * Copyright (c) 1999 Grant Erickson <grant@lcse.umn.edu>
14 * PowerPC 403GCX/405GP modifications.
15 * Copyright 2000 MontaVista Software Inc.
16 * PPC405 modifications
17 * PowerPC 403GCX/405GP modifications.
18 * Author: MontaVista Software, Inc.
19 * frank_rowand@mvista.com or source@mvista.com
20 * debbie_chu@mvista.com
22 * Module name: head_4xx.S
25 * Kernel execution entry point code.
28 #include <linux/init.h>
29 #include <linux/pgtable.h>
30 #include <asm/processor.h>
33 #include <asm/cputable.h>
34 #include <asm/thread_info.h>
35 #include <asm/ppc_asm.h>
36 #include <asm/asm-offsets.h>
37 #include <asm/ptrace.h>
38 #include <asm/export.h>
42 /* As with the other PowerPC ports, it is expected that when code
43 * execution begins here, the following registers contain valid, yet
44 * optional, information:
46 * r3 - Board info structure pointer (DRAM, frequency, MAC address, etc.)
47 * r4 - Starting address of the init RAM disk
48 * r5 - Ending address of the init RAM disk
49 * r6 - Start of kernel command line string (e.g. "mem=96m")
50 * r7 - End of kernel command line string
52 * This is all going to change RSN when we add bi_recs....... -- Dan
58 mr r31,r3 /* save device tree ptr */
60 /* We have to turn on the MMU right away so we get cache modes
65 /* We now have the lower 16 Meg mapped into TLB entries, and the caches
70 ori r0,r0,MSR_KERNEL@l
73 ori r0,r0,start_here@l
76 b . /* prevent prefetch past rfi */
79 * This area is used for temporarily saving registers during the
80 * critical exception prolog.
100 * Exception prolog for critical exceptions. This is a little different
101 * from the normal exception prolog above since a critical exception
102 * can potentially occur at any point during normal exception processing.
103 * Thus we cannot use the same SPRG registers as the normal prolog above.
104 * Instead we use a couple of words of memory at low physical addresses.
105 * This is OK since we don't support SMP on these processors.
107 .macro CRITICAL_EXCEPTION_PROLOG trapno name
108 stw r10,crit_r10@l(0) /* save two registers to work with */
109 stw r11,crit_r11@l(0)
112 stw r10,crit_srr0@l(0)
113 stw r11,crit_srr1@l(0)
116 stw r10,crit_dear@l(0)
117 stw r11,crit_esr@l(0)
118 mfcr r10 /* save CR in r10 for now */
119 mfspr r11,SPRN_SRR3 /* check whether user or kernel */
121 lis r11,(critirq_ctx-PAGE_OFFSET)@ha
122 lwz r11,(critirq_ctx-PAGE_OFFSET)@l(r11)
124 /* COMING FROM USER MODE */
125 mfspr r11,SPRN_SPRG_THREAD /* if from user, start at top of */
126 lwz r11,TASK_STACK-THREAD(r11) /* this thread's kernel stack */
127 1: stw r1,crit_r1@l(0)
128 addi r1,r11,THREAD_SIZE-INT_FRAME_SIZE /* Alloc an excpt frm */
129 LOAD_REG_IMMEDIATE(r11, MSR_KERNEL & ~(MSR_ME|MSR_DE|MSR_CE)) /* re-enable MMU */
143 stw r10,_CCR(r11) /* save various registers */
148 lis r9,PAGE_OFFSET@ha
149 lwz r10,crit_r10@l(r9)
150 lwz r12,crit_r11@l(r9)
153 lwz r12,crit_dear@l(r9)
154 lwz r9,crit_esr@l(r9)
155 stw r12,_DEAR(r11) /* since they may have had stuff */
156 stw r9,_ESR(r11) /* exception was taken */
159 rlwinm r9,r9,0,14,12 /* clear MSR_WE (necessary?) */
161 lis r10, STACK_FRAME_REGS_MARKER@ha /* exception frame marker */
162 addi r10, r10, STACK_FRAME_REGS_MARKER@l
168 _ASM_NOKPROBE_SYMBOL(\name\()_virt)
172 * State at this point:
173 * r9 saved in stack frame, now saved SRR3 & ~MSR_WE
174 * r10 saved in crit_r10 and in stack frame, trashed
175 * r11 saved in crit_r11 and in stack frame,
176 * now phys stack/exception frame pointer
177 * r12 saved in stack frame, now saved SRR2
178 * CR saved in stack frame, CR0.EQ = !SRR3.PR
179 * LR, DEAR, ESR in stack frame
180 * r1 saved in stack frame, now virt stack/excframe pointer
181 * r0, r3-r8 saved in stack frame
187 #define CRITICAL_EXCEPTION(n, label, hdlr) \
188 START_EXCEPTION(n, label); \
189 CRITICAL_EXCEPTION_PROLOG n label; \
190 EXC_XFER_TEMPLATE(hdlr, n+2, (MSR_KERNEL & ~(MSR_ME|MSR_DE|MSR_CE)), \
191 crit_transfer_to_handler, ret_from_crit_exc)
194 * 0x0100 - Critical Interrupt Exception
196 CRITICAL_EXCEPTION(0x0100, CriticalInterrupt, unknown_exception)
199 * 0x0200 - Machine Check Exception
201 CRITICAL_EXCEPTION(0x0200, MachineCheck, machine_check_exception)
204 * 0x0300 - Data Storage Exception
205 * This happens for just a few reasons. U0 set (but we don't do that),
206 * or zone protection fault (user violation, write to protected page).
207 * The other Data TLB exceptions bail out to this point
208 * if they can't resolve the lightweight TLB fault.
210 START_EXCEPTION(0x0300, DataStorage)
211 EXCEPTION_PROLOG 0x300 DataStorage handle_dar_dsisr=1
212 EXC_XFER_LITE(0x300, do_page_fault)
215 * 0x0400 - Instruction Storage Exception
216 * This is caused by a fetch from non-execute or guarded pages.
218 START_EXCEPTION(0x0400, InstructionAccess)
219 EXCEPTION_PROLOG 0x400 InstructionAccess
221 stw r5, _ESR(r11) /* Zero ESR */
222 stw r12, _DEAR(r11) /* SRR0 as DEAR */
223 EXC_XFER_LITE(0x400, do_page_fault)
225 /* 0x0500 - External Interrupt Exception */
226 EXCEPTION(0x0500, HardwareInterrupt, do_IRQ, EXC_XFER_LITE)
228 /* 0x0600 - Alignment Exception */
229 START_EXCEPTION(0x0600, Alignment)
230 EXCEPTION_PROLOG 0x600 Alignment handle_dar_dsisr=1
231 prepare_transfer_to_handler
232 bl alignment_exception
236 /* 0x0700 - Program Exception */
237 START_EXCEPTION(0x0700, ProgramCheck)
238 EXCEPTION_PROLOG 0x700 ProgramCheck handle_dar_dsisr=1
239 prepare_transfer_to_handler
240 bl program_check_exception
244 EXCEPTION(0x0800, Trap_08, unknown_exception, EXC_XFER_STD)
245 EXCEPTION(0x0900, Trap_09, unknown_exception, EXC_XFER_STD)
246 EXCEPTION(0x0A00, Trap_0A, unknown_exception, EXC_XFER_STD)
247 EXCEPTION(0x0B00, Trap_0B, unknown_exception, EXC_XFER_STD)
249 /* 0x0C00 - System Call Exception */
250 START_EXCEPTION(0x0C00, SystemCall)
252 /* Trap_0D is commented out to get more space for system call exception */
254 /* EXCEPTION(0x0D00, Trap_0D, unknown_exception, EXC_XFER_STD) */
255 EXCEPTION(0x0E00, Trap_0E, unknown_exception, EXC_XFER_STD)
256 EXCEPTION(0x0F00, Trap_0F, unknown_exception, EXC_XFER_STD)
258 /* 0x1000 - Programmable Interval Timer (PIT) Exception */
259 START_EXCEPTION(0x1000, DecrementerTrap)
262 /* 0x1010 - Fixed Interval Timer (FIT) Exception */
263 START_EXCEPTION(0x1010, FITExceptionTrap)
266 /* 0x1020 - Watchdog Timer (WDT) Exception */
267 START_EXCEPTION(0x1020, WDTExceptionTrap)
270 /* 0x1100 - Data TLB Miss Exception
271 * As the name implies, translation is not in the MMU, so search the
272 * page tables and fix it. The only purpose of this function is to
273 * load TLB entries from the page table if they exist.
275 START_EXCEPTION(0x1100, DTLBMiss)
276 mtspr SPRN_SPRG_SCRATCH5, r10 /* Save some working registers */
277 mtspr SPRN_SPRG_SCRATCH6, r11
278 mtspr SPRN_SPRG_SCRATCH3, r12
279 mtspr SPRN_SPRG_SCRATCH4, r9
282 rlwimi r12, r9, 0, 0xff
283 mfspr r10, SPRN_DEAR /* Get faulting address */
285 /* If we are faulting a kernel address, we have to use the
286 * kernel page tables.
288 lis r11, PAGE_OFFSET@h
291 lis r11, swapper_pg_dir@h
292 ori r11, r11, swapper_pg_dir@l
294 mtspr SPRN_PID, r9 /* TLB will have 0 TID */
297 /* Get the PGD for the current thread.
300 mfspr r11,SPRN_SPRG_THREAD
304 rlwimi r11, r10, 12, 20, 29 /* Create L1 (pgdir/pmd) address */
305 lwz r11, 0(r11) /* Get L1 entry */
306 andi. r9, r11, _PMD_PRESENT /* Check if it points to a PTE page */
307 beq 2f /* Bail if no table */
309 rlwimi r11, r10, 22, 20, 29 /* Compute PTE address */
310 lwz r11, 0(r11) /* Get Linux PTE */
311 li r9, _PAGE_PRESENT | _PAGE_ACCESSED
312 andc. r9, r9, r11 /* Check permission */
315 rlwinm r9, r11, 1, _PAGE_RW /* dirty => rw */
316 and r9, r9, r11 /* hwwrite = dirty & rw */
317 rlwimi r11, r9, 0, _PAGE_RW /* replace rw by hwwrite */
319 /* Create TLB tag. This is the faulting address plus a static
320 * set of bits. These are size, valid, E, U0.
323 rlwimi r10, r9, 0, 20, 31
327 2: /* Check for possible large-page pmd entry */
328 rlwinm. r9, r11, 2, 22, 24
331 /* Create TLB tag. This is the faulting address, plus a static
332 * set of bits (valid, E, U0) plus the size from the PMD.
335 rlwimi r10, r9, 0, 20, 31
340 /* The bailout. Restore registers to pre-exception conditions
341 * and call the heavyweights to help us out.
345 mfspr r9, SPRN_SPRG_SCRATCH4
346 mfspr r12, SPRN_SPRG_SCRATCH3
347 mfspr r11, SPRN_SPRG_SCRATCH6
348 mfspr r10, SPRN_SPRG_SCRATCH5
351 /* 0x1200 - Instruction TLB Miss Exception
352 * Nearly the same as above, except we get our information from different
353 * registers and bailout to a different point.
355 START_EXCEPTION(0x1200, ITLBMiss)
356 mtspr SPRN_SPRG_SCRATCH5, r10 /* Save some working registers */
357 mtspr SPRN_SPRG_SCRATCH6, r11
358 mtspr SPRN_SPRG_SCRATCH3, r12
359 mtspr SPRN_SPRG_SCRATCH4, r9
362 rlwimi r12, r9, 0, 0xff
363 mfspr r10, SPRN_SRR0 /* Get faulting address */
365 /* If we are faulting a kernel address, we have to use the
366 * kernel page tables.
368 lis r11, PAGE_OFFSET@h
371 lis r11, swapper_pg_dir@h
372 ori r11, r11, swapper_pg_dir@l
374 mtspr SPRN_PID, r9 /* TLB will have 0 TID */
377 /* Get the PGD for the current thread.
380 mfspr r11,SPRN_SPRG_THREAD
384 rlwimi r11, r10, 12, 20, 29 /* Create L1 (pgdir/pmd) address */
385 lwz r11, 0(r11) /* Get L1 entry */
386 andi. r9, r11, _PMD_PRESENT /* Check if it points to a PTE page */
387 beq 2f /* Bail if no table */
389 rlwimi r11, r10, 22, 20, 29 /* Compute PTE address */
390 lwz r11, 0(r11) /* Get Linux PTE */
391 li r9, _PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_EXEC
392 andc. r9, r9, r11 /* Check permission */
395 rlwinm r9, r11, 1, _PAGE_RW /* dirty => rw */
396 and r9, r9, r11 /* hwwrite = dirty & rw */
397 rlwimi r11, r9, 0, _PAGE_RW /* replace rw by hwwrite */
399 /* Create TLB tag. This is the faulting address plus a static
400 * set of bits. These are size, valid, E, U0.
403 rlwimi r10, r9, 0, 20, 31
407 2: /* Check for possible large-page pmd entry */
408 rlwinm. r9, r11, 2, 22, 24
411 /* Create TLB tag. This is the faulting address, plus a static
412 * set of bits (valid, E, U0) plus the size from the PMD.
415 rlwimi r10, r9, 0, 20, 31
420 /* The bailout. Restore registers to pre-exception conditions
421 * and call the heavyweights to help us out.
425 mfspr r9, SPRN_SPRG_SCRATCH4
426 mfspr r12, SPRN_SPRG_SCRATCH3
427 mfspr r11, SPRN_SPRG_SCRATCH6
428 mfspr r10, SPRN_SPRG_SCRATCH5
431 EXCEPTION(0x1300, Trap_13, unknown_exception, EXC_XFER_STD)
432 EXCEPTION(0x1400, Trap_14, unknown_exception, EXC_XFER_STD)
433 EXCEPTION(0x1500, Trap_15, unknown_exception, EXC_XFER_STD)
434 EXCEPTION(0x1600, Trap_16, unknown_exception, EXC_XFER_STD)
435 EXCEPTION(0x1700, Trap_17, unknown_exception, EXC_XFER_STD)
436 EXCEPTION(0x1800, Trap_18, unknown_exception, EXC_XFER_STD)
437 EXCEPTION(0x1900, Trap_19, unknown_exception, EXC_XFER_STD)
438 EXCEPTION(0x1A00, Trap_1A, unknown_exception, EXC_XFER_STD)
439 EXCEPTION(0x1B00, Trap_1B, unknown_exception, EXC_XFER_STD)
440 EXCEPTION(0x1C00, Trap_1C, unknown_exception, EXC_XFER_STD)
441 EXCEPTION(0x1D00, Trap_1D, unknown_exception, EXC_XFER_STD)
442 EXCEPTION(0x1E00, Trap_1E, unknown_exception, EXC_XFER_STD)
443 EXCEPTION(0x1F00, Trap_1F, unknown_exception, EXC_XFER_STD)
445 /* Check for a single step debug exception while in an exception
446 * handler before state has been saved. This is to catch the case
447 * where an instruction that we are trying to single step causes
448 * an exception (eg ITLB/DTLB miss) and thus the first instruction of
449 * the exception handler generates a single step debug exception.
451 * If we get a debug trap on the first instruction of an exception handler,
452 * we reset the MSR_DE in the _exception handler's_ MSR (the debug trap is
453 * a critical exception, so we are using SPRN_CSRR1 to manipulate the MSR).
454 * The exception handler was handling a non-critical interrupt, so it will
455 * save (and later restore) the MSR via SPRN_SRR1, which will still have
456 * the MSR_DE bit set.
458 /* 0x2000 - Debug Exception */
459 START_EXCEPTION(0x2000, DebugTrap)
460 CRITICAL_EXCEPTION_PROLOG 0x2000 DebugTrap
463 * If this is a single step or branch-taken exception in an
464 * exception entry sequence, it was probably meant to apply to
465 * the code where the exception occurred (since exception entry
466 * doesn't turn off DE automatically). We simulate the effect
467 * of turning off DE on entry to an exception handler by turning
468 * off DE in the SRR3 value and clearing the debug status.
470 mfspr r10,SPRN_DBSR /* check single-step/branch taken */
471 andis. r10,r10,DBSR_IC@h
474 andi. r10,r9,MSR_IR|MSR_PR /* check supervisor + MMU off */
475 beq 1f /* branch and fix it up */
477 mfspr r10,SPRN_SRR2 /* Faulting instruction address */
479 bgt+ 2f /* address above exception vectors */
481 /* here it looks like we got an inappropriate debug exception. */
482 1: rlwinm r9,r9,0,~MSR_DE /* clear DE in the SRR3 value */
483 lis r10,DBSR_IC@h /* clear the IC event */
485 /* restore state and get out */
494 lwz r10,crit_r10@l(0)
495 lwz r11,crit_r11@l(0)
499 /* continue normal handling for a critical exception... */
500 2: mfspr r4,SPRN_DBSR
501 stw r4,_ESR(r11) /* DebugException takes DBSR in _ESR */
502 EXC_XFER_TEMPLATE(DebugException, 0x2002, \
503 (MSR_KERNEL & ~(MSR_ME|MSR_DE|MSR_CE)), \
504 crit_transfer_to_handler, ret_from_crit_exc)
506 /* Programmable Interval Timer (PIT) Exception. (from 0x1000) */
509 EXCEPTION_PROLOG 0x1000 Decrementer
511 mtspr SPRN_TSR,r0 /* Clear the PIT exception */
512 EXC_XFER_LITE(0x1000, timer_interrupt)
514 /* Fixed Interval Timer (FIT) Exception. (from 0x1010) */
517 EXCEPTION_PROLOG 0x1010 FITException
518 EXC_XFER_STD(0x1010, unknown_exception)
520 /* Watchdog Timer (WDT) Exception. (from 0x1020) */
523 CRITICAL_EXCEPTION_PROLOG 0x1020 WDTException
524 EXC_XFER_TEMPLATE(WatchdogException, 0x1020+2,
525 (MSR_KERNEL & ~(MSR_ME|MSR_DE|MSR_CE)),
526 crit_transfer_to_handler, ret_from_crit_exc)
528 /* Other PowerPC processors, namely those derived from the 6xx-series
529 * have vectors from 0x2100 through 0x2F00 defined, but marked as reserved.
530 * However, for the 4xx-series processors these are neither defined nor
535 /* Damn, I came up one instruction too many to fit into the
536 * exception space :-). Both the instruction and data TLB
537 * miss get to this point to load the TLB.
538 * r10 - TLB_TAG value
540 * r9 - available to use
541 * PID - loaded with proper value when we get here
542 * Upon exit, we reload everything and RFI.
543 * Actually, it will fit now, but oh well.....a common place
550 * Clear out the software-only bits in the PTE to generate the
551 * TLB_DATA value. These are the bottom 2 bits of the RPM, the
552 * top 3 bits of the zone field, and M.
557 /* load the next available TLB index. */
558 lwz r9, tlb_4xx_index@l(0)
560 andi. r9, r9, PPC40X_TLB_SIZE - 1
561 stw r9, tlb_4xx_index@l(0)
563 tlbwe r11, r9, TLB_DATA /* Load TLB LO */
564 tlbwe r10, r9, TLB_TAG /* Load TLB HI */
566 /* Done...restore registers and get out of here.
570 mfspr r9, SPRN_SPRG_SCRATCH4
571 mfspr r12, SPRN_SPRG_SCRATCH3
572 mfspr r11, SPRN_SPRG_SCRATCH6
573 mfspr r10, SPRN_SPRG_SCRATCH5
574 rfi /* Should sync shadow TLBs */
575 b . /* prevent prefetch past rfi */
577 /* This is where the main kernel code starts.
583 ori r2,r2,init_task@l
585 /* ptr to phys current thread */
587 addi r4,r4,THREAD /* init task's THREAD */
588 mtspr SPRN_SPRG_THREAD,r4
591 lis r1,init_thread_union@ha
592 addi r1,r1,init_thread_union@l
594 stwu r0,THREAD_SIZE-STACK_FRAME_OVERHEAD(r1)
596 bl early_init /* We have to do this with MMU on */
599 * Decide what sort of machine this is and initialize the MMU.
609 /* Go back to running unmapped so we can load up new values
610 * and change to using our exception vectors.
611 * On the 4xx, all we have to do is invalidate the TLB to clear
612 * the old 16M byte TLB mappings.
617 lis r3,(MSR_KERNEL & ~(MSR_IR|MSR_DR))@h
618 ori r3,r3,(MSR_KERNEL & ~(MSR_IR|MSR_DR))@l
622 b . /* prevent prefetch past rfi */
624 /* Load up the kernel context */
626 sync /* Flush to memory before changing TLB */
628 isync /* Flush shadow TLBs */
630 /* set up the PTE pointers for the Abatron bdiGDB.
632 lis r6, swapper_pg_dir@h
633 ori r6, r6, swapper_pg_dir@l
634 lis r5, abatron_pteptrs@h
635 ori r5, r5, abatron_pteptrs@l
636 stw r5, 0xf0(0) /* Must match your Abatron config file */
640 /* Now turn on the MMU for real! */
642 ori r4,r4,MSR_KERNEL@l
643 lis r3,start_kernel@h
644 ori r3,r3,start_kernel@l
647 rfi /* enable MMU and jump to start_kernel */
648 b . /* prevent prefetch past rfi */
650 /* Set up the initial MMU state so we can do the first level of
651 * kernel initialization. This maps the first 16 MBytes of memory 1:1
652 * virtual to physical and more importantly sets the cache mode.
655 tlbia /* Invalidate all TLB entries */
658 /* We should still be executing code at physical address 0x0000xxxx
659 * at this point. However, start_here is at virtual address
660 * 0xC000xxxx. So, set up a TLB mapping to cover this once
661 * translation is enabled.
664 lis r3,KERNELBASE@h /* Load the kernel virtual address */
665 ori r3,r3,KERNELBASE@l
666 tophys(r4,r3) /* Load the kernel physical address */
668 iccci r0,r3 /* Invalidate the i-cache before use */
670 /* Load the kernel PID.
676 /* Configure and load one entry into TLB slots 63 */
677 clrrwi r4,r4,10 /* Mask off the real page number */
678 ori r4,r4,(TLB_WR | TLB_EX) /* Set the write and execute bits */
680 clrrwi r3,r3,10 /* Mask off the effective page number */
681 ori r3,r3,(TLB_VALID | TLB_PAGESZ(PAGESZ_16M))
683 li r0,63 /* TLB slot 63 */
685 tlbwe r4,r0,TLB_DATA /* Load the data portion of the entry */
686 tlbwe r3,r0,TLB_TAG /* Load the tag portion of the entry */
690 /* Establish the exception vector base
692 lis r4,KERNELBASE@h /* EVPR only uses the high 16-bits */
693 tophys(r0,r4) /* Use the physical address */
700 oris r13,r13,DBCR0_RST_SYSTEM@h
705 #ifdef CONFIG_BDI_SWITCH
706 /* Context switch the PTE pointer for the Abatron BDI2000.
707 * The PGDIR is the second parameter.
709 lis r5, abatron_pteptrs@ha
710 stw r4, abatron_pteptrs@l + 0x4(r5)
714 isync /* Need an isync to flush shadow */
715 /* TLBs after changing PID */
718 /* We put a few things here that have to be page-aligned. This stuff
719 * goes at the beginning of the data segment, which is page-aligned.
725 .globl empty_zero_page
728 EXPORT_SYMBOL(empty_zero_page)
729 .globl swapper_pg_dir
731 .space PGD_TABLE_SIZE
733 /* Room for two PTE pointers, usually the kernel and current user pointers
734 * to their respective root page table.
projects / linux-2.6-microblaze.git / blob