1 /* SPDX-License-Identifier: GPL-2.0-or-later */
3 * Copyright (c) 1995-1996 Gary Thomas <gdt@linuxppc.org>
4 * Initial PowerPC version.
5 * Copyright (c) 1996 Cort Dougan <cort@cs.nmt.edu>
7 * Copyright (c) 1996 Paul Mackerras <paulus@cs.anu.edu.au>
8 * Low-level exception handers, MMU support, and rewrite.
9 * Copyright (c) 1997 Dan Malek <dmalek@jlc.net>
10 * PowerPC 8xx modifications.
11 * Copyright (c) 1998-1999 TiVo, Inc.
12 * PowerPC 403GCX modifications.
13 * Copyright (c) 1999 Grant Erickson <grant@lcse.umn.edu>
14 * PowerPC 403GCX/405GP modifications.
15 * Copyright 2000 MontaVista Software Inc.
16 * PPC405 modifications
17 * PowerPC 403GCX/405GP modifications.
18 * Author: MontaVista Software, Inc.
19 * frank_rowand@mvista.com or source@mvista.com
20 * debbie_chu@mvista.com
22 * Module name: head_4xx.S
25 * Kernel execution entry point code.
28 #include <linux/init.h>
29 #include <linux/pgtable.h>
30 #include <asm/processor.h>
33 #include <asm/cputable.h>
34 #include <asm/thread_info.h>
35 #include <asm/ppc_asm.h>
36 #include <asm/asm-offsets.h>
37 #include <asm/ptrace.h>
38 #include <asm/export.h>
42 /* As with the other PowerPC ports, it is expected that when code
43 * execution begins here, the following registers contain valid, yet
44 * optional, information:
46 * r3 - Board info structure pointer (DRAM, frequency, MAC address, etc.)
47 * r4 - Starting address of the init RAM disk
48 * r5 - Ending address of the init RAM disk
49 * r6 - Start of kernel command line string (e.g. "mem=96m")
50 * r7 - End of kernel command line string
52 * This is all going to change RSN when we add bi_recs....... -- Dan
58 mr r31,r3 /* save device tree ptr */
60 /* We have to turn on the MMU right away so we get cache modes
65 /* We now have the lower 16 Meg mapped into TLB entries, and the caches
70 ori r0,r0,MSR_KERNEL@l
73 ori r0,r0,start_here@l
76 b . /* prevent prefetch past rfi */
79 * This area is used for temporarily saving registers during the
80 * critical exception prolog.
92 _ENTRY(saved_ksp_limit)
96 * Exception prolog for critical exceptions. This is a little different
97 * from the normal exception prolog above since a critical exception
98 * can potentially occur at any point during normal exception processing.
99 * Thus we cannot use the same SPRG registers as the normal prolog above.
100 * Instead we use a couple of words of memory at low physical addresses.
101 * This is OK since we don't support SMP on these processors.
103 #define CRITICAL_EXCEPTION_PROLOG \
104 stw r10,crit_r10@l(0); /* save two registers to work with */\
105 stw r11,crit_r11@l(0); \
106 mfcr r10; /* save CR in r10 for now */\
107 mfspr r11,SPRN_SRR3; /* check whether user or kernel */\
108 andi. r11,r11,MSR_PR; \
109 lis r11,critirq_ctx@ha; \
111 lwz r11,critirq_ctx@l(r11); \
113 /* COMING FROM USER MODE */ \
114 mfspr r11,SPRN_SPRG_THREAD; /* if from user, start at top of */\
115 lwz r11,TASK_STACK-THREAD(r11); /* this thread's kernel stack */\
116 1: addi r11,r11,THREAD_SIZE-INT_FRAME_SIZE; /* Alloc an excpt frm */\
118 stw r10,_CCR(r11); /* save various registers */\
119 stw r12,GPR12(r11); \
122 stw r10,_LINK(r11); \
123 mfspr r12,SPRN_DEAR; /* save DEAR and ESR in the frame */\
124 stw r12,_DEAR(r11); /* since they may have had stuff */\
125 mfspr r9,SPRN_ESR; /* in them at the point where the */\
126 stw r9,_ESR(r11); /* exception was taken */\
127 mfspr r12,SPRN_SRR2; \
129 mfspr r9,SPRN_SRR3; \
132 rlwinm r9,r9,0,14,12; /* clear MSR_WE (necessary?) */\
134 lis r10, STACK_FRAME_REGS_MARKER@ha; /* exception frame marker */\
135 addi r10, r10, STACK_FRAME_REGS_MARKER@l; \
137 SAVE_4GPRS(3, r11); \
141 * State at this point:
142 * r9 saved in stack frame, now saved SRR3 & ~MSR_WE
143 * r10 saved in crit_r10 and in stack frame, trashed
144 * r11 saved in crit_r11 and in stack frame,
145 * now phys stack/exception frame pointer
146 * r12 saved in stack frame, now saved SRR2
147 * CR saved in stack frame, CR0.EQ = !SRR3.PR
148 * LR, DEAR, ESR in stack frame
149 * r1 saved in stack frame, now virt stack/excframe pointer
150 * r0, r3-r8 saved in stack frame
156 #define CRITICAL_EXCEPTION(n, label, hdlr) \
157 START_EXCEPTION(n, label); \
158 CRITICAL_EXCEPTION_PROLOG; \
159 addi r3,r1,STACK_FRAME_OVERHEAD; \
160 EXC_XFER_TEMPLATE(hdlr, n+2, (MSR_KERNEL & ~(MSR_ME|MSR_DE|MSR_CE)), \
161 crit_transfer_to_handler, ret_from_crit_exc)
164 * 0x0100 - Critical Interrupt Exception
166 CRITICAL_EXCEPTION(0x0100, CriticalInterrupt, unknown_exception)
169 * 0x0200 - Machine Check Exception
171 CRITICAL_EXCEPTION(0x0200, MachineCheck, machine_check_exception)
174 * 0x0300 - Data Storage Exception
175 * This happens for just a few reasons. U0 set (but we don't do that),
176 * or zone protection fault (user violation, write to protected page).
177 * The other Data TLB exceptions bail out to this point
178 * if they can't resolve the lightweight TLB fault.
180 START_EXCEPTION(0x0300, DataStorage)
182 mfspr r5, SPRN_ESR /* Grab the ESR, save it, pass arg3 */
184 mfspr r4, SPRN_DEAR /* Grab the DEAR, save it, pass arg2 */
186 EXC_XFER_LITE(0x300, handle_page_fault)
189 * 0x0400 - Instruction Storage Exception
190 * This is caused by a fetch from non-execute or guarded pages.
192 START_EXCEPTION(0x0400, InstructionAccess)
194 mr r4,r12 /* Pass SRR0 as arg2 */
196 li r5,0 /* Pass zero as arg3 */
197 EXC_XFER_LITE(0x400, handle_page_fault)
199 /* 0x0500 - External Interrupt Exception */
200 EXCEPTION(0x0500, HardwareInterrupt, do_IRQ, EXC_XFER_LITE)
202 /* 0x0600 - Alignment Exception */
203 START_EXCEPTION(0x0600, Alignment)
205 mfspr r4,SPRN_DEAR /* Grab the DEAR and save it */
207 addi r3,r1,STACK_FRAME_OVERHEAD
208 EXC_XFER_STD(0x600, alignment_exception)
210 /* 0x0700 - Program Exception */
211 START_EXCEPTION(0x0700, ProgramCheck)
213 mfspr r4,SPRN_ESR /* Grab the ESR and save it */
215 addi r3,r1,STACK_FRAME_OVERHEAD
216 EXC_XFER_STD(0x700, program_check_exception)
218 EXCEPTION(0x0800, Trap_08, unknown_exception, EXC_XFER_STD)
219 EXCEPTION(0x0900, Trap_09, unknown_exception, EXC_XFER_STD)
220 EXCEPTION(0x0A00, Trap_0A, unknown_exception, EXC_XFER_STD)
221 EXCEPTION(0x0B00, Trap_0B, unknown_exception, EXC_XFER_STD)
223 /* 0x0C00 - System Call Exception */
224 START_EXCEPTION(0x0C00, SystemCall)
226 /* Trap_0D is commented out to get more space for system call exception */
228 /* EXCEPTION(0x0D00, Trap_0D, unknown_exception, EXC_XFER_STD) */
229 EXCEPTION(0x0E00, Trap_0E, unknown_exception, EXC_XFER_STD)
230 EXCEPTION(0x0F00, Trap_0F, unknown_exception, EXC_XFER_STD)
232 /* 0x1000 - Programmable Interval Timer (PIT) Exception */
236 /* 0x1010 - Fixed Interval Timer (FIT) Exception
241 /* 0x1020 - Watchdog Timer (WDT) Exception
246 /* 0x1100 - Data TLB Miss Exception
247 * As the name implies, translation is not in the MMU, so search the
248 * page tables and fix it. The only purpose of this function is to
249 * load TLB entries from the page table if they exist.
251 START_EXCEPTION(0x1100, DTLBMiss)
252 mtspr SPRN_SPRG_SCRATCH0, r10 /* Save some working registers */
253 mtspr SPRN_SPRG_SCRATCH1, r11
254 mtspr SPRN_SPRG_SCRATCH3, r12
255 mtspr SPRN_SPRG_SCRATCH4, r9
258 mtspr SPRN_SPRG_SCRATCH5, r9
259 mfspr r10, SPRN_DEAR /* Get faulting address */
261 /* If we are faulting a kernel address, we have to use the
262 * kernel page tables.
264 lis r11, PAGE_OFFSET@h
267 lis r11, swapper_pg_dir@h
268 ori r11, r11, swapper_pg_dir@l
270 mtspr SPRN_PID, r9 /* TLB will have 0 TID */
273 /* Get the PGD for the current thread.
276 mfspr r11,SPRN_SPRG_THREAD
280 rlwimi r11, r10, 12, 20, 29 /* Create L1 (pgdir/pmd) address */
281 lwz r11, 0(r11) /* Get L1 entry */
282 andi. r9, r11, _PMD_PRESENT /* Check if it points to a PTE page */
283 beq 2f /* Bail if no table */
285 rlwimi r11, r10, 22, 20, 29 /* Compute PTE address */
286 lwz r11, 0(r11) /* Get Linux PTE */
287 li r9, _PAGE_PRESENT | _PAGE_ACCESSED
288 andc. r9, r9, r11 /* Check permission */
291 rlwinm r9, r11, 1, _PAGE_RW /* dirty => rw */
292 and r9, r9, r11 /* hwwrite = dirty & rw */
293 rlwimi r11, r9, 0, _PAGE_RW /* replace rw by hwwrite */
295 /* Create TLB tag. This is the faulting address plus a static
296 * set of bits. These are size, valid, E, U0.
299 rlwimi r10, r9, 0, 20, 31
303 2: /* Check for possible large-page pmd entry */
304 rlwinm. r9, r11, 2, 22, 24
307 /* Create TLB tag. This is the faulting address, plus a static
308 * set of bits (valid, E, U0) plus the size from the PMD.
311 rlwimi r10, r9, 0, 20, 31
316 /* The bailout. Restore registers to pre-exception conditions
317 * and call the heavyweights to help us out.
319 mfspr r9, SPRN_SPRG_SCRATCH5
322 mfspr r9, SPRN_SPRG_SCRATCH4
323 mfspr r12, SPRN_SPRG_SCRATCH3
324 mfspr r11, SPRN_SPRG_SCRATCH1
325 mfspr r10, SPRN_SPRG_SCRATCH0
328 /* 0x1200 - Instruction TLB Miss Exception
329 * Nearly the same as above, except we get our information from different
330 * registers and bailout to a different point.
332 START_EXCEPTION(0x1200, ITLBMiss)
333 mtspr SPRN_SPRG_SCRATCH0, r10 /* Save some working registers */
334 mtspr SPRN_SPRG_SCRATCH1, r11
335 mtspr SPRN_SPRG_SCRATCH3, r12
336 mtspr SPRN_SPRG_SCRATCH4, r9
339 mtspr SPRN_SPRG_SCRATCH5, r9
340 mfspr r10, SPRN_SRR0 /* Get faulting address */
342 /* If we are faulting a kernel address, we have to use the
343 * kernel page tables.
345 lis r11, PAGE_OFFSET@h
348 lis r11, swapper_pg_dir@h
349 ori r11, r11, swapper_pg_dir@l
351 mtspr SPRN_PID, r9 /* TLB will have 0 TID */
354 /* Get the PGD for the current thread.
357 mfspr r11,SPRN_SPRG_THREAD
361 rlwimi r11, r10, 12, 20, 29 /* Create L1 (pgdir/pmd) address */
362 lwz r11, 0(r11) /* Get L1 entry */
363 andi. r9, r11, _PMD_PRESENT /* Check if it points to a PTE page */
364 beq 2f /* Bail if no table */
366 rlwimi r11, r10, 22, 20, 29 /* Compute PTE address */
367 lwz r11, 0(r11) /* Get Linux PTE */
368 li r9, _PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_EXEC
369 andc. r9, r9, r11 /* Check permission */
372 rlwinm r9, r11, 1, _PAGE_RW /* dirty => rw */
373 and r9, r9, r11 /* hwwrite = dirty & rw */
374 rlwimi r11, r9, 0, _PAGE_RW /* replace rw by hwwrite */
376 /* Create TLB tag. This is the faulting address plus a static
377 * set of bits. These are size, valid, E, U0.
380 rlwimi r10, r9, 0, 20, 31
384 2: /* Check for possible large-page pmd entry */
385 rlwinm. r9, r11, 2, 22, 24
388 /* Create TLB tag. This is the faulting address, plus a static
389 * set of bits (valid, E, U0) plus the size from the PMD.
392 rlwimi r10, r9, 0, 20, 31
397 /* The bailout. Restore registers to pre-exception conditions
398 * and call the heavyweights to help us out.
400 mfspr r9, SPRN_SPRG_SCRATCH5
403 mfspr r9, SPRN_SPRG_SCRATCH4
404 mfspr r12, SPRN_SPRG_SCRATCH3
405 mfspr r11, SPRN_SPRG_SCRATCH1
406 mfspr r10, SPRN_SPRG_SCRATCH0
409 EXCEPTION(0x1300, Trap_13, unknown_exception, EXC_XFER_STD)
410 EXCEPTION(0x1400, Trap_14, unknown_exception, EXC_XFER_STD)
411 EXCEPTION(0x1500, Trap_15, unknown_exception, EXC_XFER_STD)
412 EXCEPTION(0x1600, Trap_16, unknown_exception, EXC_XFER_STD)
413 EXCEPTION(0x1700, Trap_17, unknown_exception, EXC_XFER_STD)
414 EXCEPTION(0x1800, Trap_18, unknown_exception, EXC_XFER_STD)
415 EXCEPTION(0x1900, Trap_19, unknown_exception, EXC_XFER_STD)
416 EXCEPTION(0x1A00, Trap_1A, unknown_exception, EXC_XFER_STD)
417 EXCEPTION(0x1B00, Trap_1B, unknown_exception, EXC_XFER_STD)
418 EXCEPTION(0x1C00, Trap_1C, unknown_exception, EXC_XFER_STD)
419 EXCEPTION(0x1D00, Trap_1D, unknown_exception, EXC_XFER_STD)
420 EXCEPTION(0x1E00, Trap_1E, unknown_exception, EXC_XFER_STD)
421 EXCEPTION(0x1F00, Trap_1F, unknown_exception, EXC_XFER_STD)
423 /* Check for a single step debug exception while in an exception
424 * handler before state has been saved. This is to catch the case
425 * where an instruction that we are trying to single step causes
426 * an exception (eg ITLB/DTLB miss) and thus the first instruction of
427 * the exception handler generates a single step debug exception.
429 * If we get a debug trap on the first instruction of an exception handler,
430 * we reset the MSR_DE in the _exception handler's_ MSR (the debug trap is
431 * a critical exception, so we are using SPRN_CSRR1 to manipulate the MSR).
432 * The exception handler was handling a non-critical interrupt, so it will
433 * save (and later restore) the MSR via SPRN_SRR1, which will still have
434 * the MSR_DE bit set.
436 /* 0x2000 - Debug Exception */
437 START_EXCEPTION(0x2000, DebugTrap)
438 CRITICAL_EXCEPTION_PROLOG
441 * If this is a single step or branch-taken exception in an
442 * exception entry sequence, it was probably meant to apply to
443 * the code where the exception occurred (since exception entry
444 * doesn't turn off DE automatically). We simulate the effect
445 * of turning off DE on entry to an exception handler by turning
446 * off DE in the SRR3 value and clearing the debug status.
448 mfspr r10,SPRN_DBSR /* check single-step/branch taken */
449 andis. r10,r10,DBSR_IC@h
452 andi. r10,r9,MSR_IR|MSR_PR /* check supervisor + MMU off */
453 beq 1f /* branch and fix it up */
455 mfspr r10,SPRN_SRR2 /* Faulting instruction address */
457 bgt+ 2f /* address above exception vectors */
459 /* here it looks like we got an inappropriate debug exception. */
460 1: rlwinm r9,r9,0,~MSR_DE /* clear DE in the SRR3 value */
461 lis r10,DBSR_IC@h /* clear the IC event */
463 /* restore state and get out */
472 lwz r10,crit_r10@l(0)
473 lwz r11,crit_r11@l(0)
477 /* continue normal handling for a critical exception... */
478 2: mfspr r4,SPRN_DBSR
479 addi r3,r1,STACK_FRAME_OVERHEAD
480 EXC_XFER_TEMPLATE(DebugException, 0x2002, \
481 (MSR_KERNEL & ~(MSR_ME|MSR_DE|MSR_CE)), \
482 crit_transfer_to_handler, ret_from_crit_exc)
484 /* Programmable Interval Timer (PIT) Exception. (from 0x1000) */
488 mtspr SPRN_TSR,r0 /* Clear the PIT exception */
489 addi r3,r1,STACK_FRAME_OVERHEAD
490 EXC_XFER_LITE(0x1000, timer_interrupt)
492 /* Fixed Interval Timer (FIT) Exception. (from 0x1010) */
495 addi r3,r1,STACK_FRAME_OVERHEAD;
496 EXC_XFER_STD(0x1010, unknown_exception)
498 /* Watchdog Timer (WDT) Exception. (from 0x1020) */
500 CRITICAL_EXCEPTION_PROLOG;
501 addi r3,r1,STACK_FRAME_OVERHEAD;
502 EXC_XFER_TEMPLATE(WatchdogException, 0x1020+2,
503 (MSR_KERNEL & ~(MSR_ME|MSR_DE|MSR_CE)),
504 crit_transfer_to_handler, ret_from_crit_exc)
506 /* Other PowerPC processors, namely those derived from the 6xx-series
507 * have vectors from 0x2100 through 0x2F00 defined, but marked as reserved.
508 * However, for the 4xx-series processors these are neither defined nor
512 /* Damn, I came up one instruction too many to fit into the
513 * exception space :-). Both the instruction and data TLB
514 * miss get to this point to load the TLB.
515 * r10 - TLB_TAG value
517 * r9 - available to use
518 * PID - loaded with proper value when we get here
519 * Upon exit, we reload everything and RFI.
520 * Actually, it will fit now, but oh well.....a common place
527 * Clear out the software-only bits in the PTE to generate the
528 * TLB_DATA value. These are the bottom 2 bits of the RPM, the
529 * top 3 bits of the zone field, and M.
534 /* load the next available TLB index. */
535 lwz r9, tlb_4xx_index@l(0)
537 andi. r9, r9, PPC40X_TLB_SIZE - 1
538 stw r9, tlb_4xx_index@l(0)
540 tlbwe r11, r9, TLB_DATA /* Load TLB LO */
541 tlbwe r10, r9, TLB_TAG /* Load TLB HI */
543 /* Done...restore registers and get out of here.
545 mfspr r9, SPRN_SPRG_SCRATCH5
548 mfspr r9, SPRN_SPRG_SCRATCH4
549 mfspr r12, SPRN_SPRG_SCRATCH3
550 mfspr r11, SPRN_SPRG_SCRATCH1
551 mfspr r10, SPRN_SPRG_SCRATCH0
552 rfi /* Should sync shadow TLBs */
553 b . /* prevent prefetch past rfi */
555 /* This is where the main kernel code starts.
561 ori r2,r2,init_task@l
563 /* ptr to phys current thread */
565 addi r4,r4,THREAD /* init task's THREAD */
566 mtspr SPRN_SPRG_THREAD,r4
569 lis r1,init_thread_union@ha
570 addi r1,r1,init_thread_union@l
572 stwu r0,THREAD_SIZE-STACK_FRAME_OVERHEAD(r1)
574 bl early_init /* We have to do this with MMU on */
577 * Decide what sort of machine this is and initialize the MMU.
587 /* Go back to running unmapped so we can load up new values
588 * and change to using our exception vectors.
589 * On the 4xx, all we have to do is invalidate the TLB to clear
590 * the old 16M byte TLB mappings.
595 lis r3,(MSR_KERNEL & ~(MSR_IR|MSR_DR))@h
596 ori r3,r3,(MSR_KERNEL & ~(MSR_IR|MSR_DR))@l
600 b . /* prevent prefetch past rfi */
602 /* Load up the kernel context */
604 sync /* Flush to memory before changing TLB */
606 isync /* Flush shadow TLBs */
608 /* set up the PTE pointers for the Abatron bdiGDB.
610 lis r6, swapper_pg_dir@h
611 ori r6, r6, swapper_pg_dir@l
612 lis r5, abatron_pteptrs@h
613 ori r5, r5, abatron_pteptrs@l
614 stw r5, 0xf0(0) /* Must match your Abatron config file */
618 /* Now turn on the MMU for real! */
620 ori r4,r4,MSR_KERNEL@l
621 lis r3,start_kernel@h
622 ori r3,r3,start_kernel@l
625 rfi /* enable MMU and jump to start_kernel */
626 b . /* prevent prefetch past rfi */
628 /* Set up the initial MMU state so we can do the first level of
629 * kernel initialization. This maps the first 16 MBytes of memory 1:1
630 * virtual to physical and more importantly sets the cache mode.
633 tlbia /* Invalidate all TLB entries */
636 /* We should still be executing code at physical address 0x0000xxxx
637 * at this point. However, start_here is at virtual address
638 * 0xC000xxxx. So, set up a TLB mapping to cover this once
639 * translation is enabled.
642 lis r3,KERNELBASE@h /* Load the kernel virtual address */
643 ori r3,r3,KERNELBASE@l
644 tophys(r4,r3) /* Load the kernel physical address */
646 iccci r0,r3 /* Invalidate the i-cache before use */
648 /* Load the kernel PID.
654 /* Configure and load one entry into TLB slots 63 */
655 clrrwi r4,r4,10 /* Mask off the real page number */
656 ori r4,r4,(TLB_WR | TLB_EX) /* Set the write and execute bits */
658 clrrwi r3,r3,10 /* Mask off the effective page number */
659 ori r3,r3,(TLB_VALID | TLB_PAGESZ(PAGESZ_16M))
661 li r0,63 /* TLB slot 63 */
663 tlbwe r4,r0,TLB_DATA /* Load the data portion of the entry */
664 tlbwe r3,r0,TLB_TAG /* Load the tag portion of the entry */
668 /* Establish the exception vector base
670 lis r4,KERNELBASE@h /* EVPR only uses the high 16-bits */
671 tophys(r0,r4) /* Use the physical address */
678 oris r13,r13,DBCR0_RST_SYSTEM@h
683 #ifdef CONFIG_BDI_SWITCH
684 /* Context switch the PTE pointer for the Abatron BDI2000.
685 * The PGDIR is the second parameter.
687 lis r5, abatron_pteptrs@ha
688 stw r4, abatron_pteptrs@l + 0x4(r5)
692 isync /* Need an isync to flush shadow */
693 /* TLBs after changing PID */
696 /* We put a few things here that have to be page-aligned. This stuff
697 * goes at the beginning of the data segment, which is page-aligned.
703 .globl empty_zero_page
706 EXPORT_SYMBOL(empty_zero_page)
707 .globl swapper_pg_dir
709 .space PGD_TABLE_SIZE
711 /* Room for two PTE pointers, usually the kernel and current user pointers
712 * to their respective root page table.
projects / linux-2.6-microblaze.git / blob