aa1258d914
commit c119565a15a628efdfa51352f9f6c5186e506a1c upstream.
On book3s/32, page protection is defined by the PP bits in the PTE
which provide the following protection depending on the access
keys defined in the matching segment register:
- PP 00 means RW with key 0 and N/A with key 1.
- PP 01 means RW with key 0 and RO with key 1.
- PP 10 means RW with both key 0 and key 1.
- PP 11 means RO with both key 0 and key 1.
Since the implementation of kernel userspace access protection,
PP bits have been set as follows:
- PP00 for pages without _PAGE_USER
- PP01 for pages with _PAGE_USER and _PAGE_RW
- PP11 for pages with _PAGE_USER and without _PAGE_RW
For kernelspace segments, kernel accesses are performed with key 0
and user accesses are performed with key 1. As PP00 is used for
non _PAGE_USER pages, user can't access kernel pages not flagged
_PAGE_USER while kernel can.
For userspace segments, both kernel and user accesses are performed
with key 0, therefore pages not flagged _PAGE_USER are still
accessible to the user.
This shouldn't be an issue, because userspace is expected to be
accessible to the user. But unlike most other architectures, powerpc
implements PROT_NONE protection by removing _PAGE_USER flag instead of
flagging the page as not valid. This means that pages in userspace
that are not flagged _PAGE_USER shall remain inaccessible.
To get the expected behaviour, just mimic other architectures in the
TLB miss handler by checking _PAGE_USER permission on userspace
accesses as if it was the _PAGE_PRESENT bit.
Note that this problem only is only for 603 cores. The 604+ have
an hash table, and hash_page() function already implement the
verification of _PAGE_USER permission on userspace pages.
Fixes: f342adca3a
("powerpc/32s: Prepare Kernel Userspace Access Protection")
Cc: stable@vger.kernel.org # v5.2+
Reported-by: Christoph Plattner <christoph.plattner@thalesgroup.com>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/4a0c6e3bb8f0c162457bf54d9bc6fd8d7b55129f.1612160907.git.christophe.leroy@csgroup.eu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1347 lines
35 KiB
ArmAsm
1347 lines
35 KiB
ArmAsm
/* SPDX-License-Identifier: GPL-2.0-or-later */
|
|
/*
|
|
* PowerPC version
|
|
* Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
|
|
*
|
|
* Rewritten by Cort Dougan (cort@cs.nmt.edu) for PReP
|
|
* Copyright (C) 1996 Cort Dougan <cort@cs.nmt.edu>
|
|
* Adapted for Power Macintosh by Paul Mackerras.
|
|
* Low-level exception handlers and MMU support
|
|
* rewritten by Paul Mackerras.
|
|
* Copyright (C) 1996 Paul Mackerras.
|
|
* MPC8xx modifications Copyright (C) 1997 Dan Malek (dmalek@jlc.net).
|
|
*
|
|
* This file contains the low-level support and setup for the
|
|
* PowerPC platform, including trap and interrupt dispatch.
|
|
* (The PPC 8xx embedded CPUs use head_8xx.S instead.)
|
|
*/
|
|
|
|
#include <linux/init.h>
|
|
#include <linux/pgtable.h>
|
|
#include <asm/reg.h>
|
|
#include <asm/page.h>
|
|
#include <asm/mmu.h>
|
|
#include <asm/cputable.h>
|
|
#include <asm/cache.h>
|
|
#include <asm/thread_info.h>
|
|
#include <asm/ppc_asm.h>
|
|
#include <asm/asm-offsets.h>
|
|
#include <asm/ptrace.h>
|
|
#include <asm/bug.h>
|
|
#include <asm/kvm_book3s_asm.h>
|
|
#include <asm/export.h>
|
|
#include <asm/feature-fixups.h>
|
|
|
|
#include "head_32.h"
|
|
|
|
#define LOAD_BAT(n, reg, RA, RB) \
|
|
/* see the comment for clear_bats() -- Cort */ \
|
|
li RA,0; \
|
|
mtspr SPRN_IBAT##n##U,RA; \
|
|
mtspr SPRN_DBAT##n##U,RA; \
|
|
lwz RA,(n*16)+0(reg); \
|
|
lwz RB,(n*16)+4(reg); \
|
|
mtspr SPRN_IBAT##n##U,RA; \
|
|
mtspr SPRN_IBAT##n##L,RB; \
|
|
lwz RA,(n*16)+8(reg); \
|
|
lwz RB,(n*16)+12(reg); \
|
|
mtspr SPRN_DBAT##n##U,RA; \
|
|
mtspr SPRN_DBAT##n##L,RB
|
|
|
|
__HEAD
|
|
.stabs "arch/powerpc/kernel/",N_SO,0,0,0f
|
|
.stabs "head_book3s_32.S",N_SO,0,0,0f
|
|
0:
|
|
_ENTRY(_stext);
|
|
|
|
/*
|
|
* _start is defined this way because the XCOFF loader in the OpenFirmware
|
|
* on the powermac expects the entry point to be a procedure descriptor.
|
|
*/
|
|
_ENTRY(_start);
|
|
/*
|
|
* These are here for legacy reasons, the kernel used to
|
|
* need to look like a coff function entry for the pmac
|
|
* but we're always started by some kind of bootloader now.
|
|
* -- Cort
|
|
*/
|
|
nop /* used by __secondary_hold on prep (mtx) and chrp smp */
|
|
nop /* used by __secondary_hold on prep (mtx) and chrp smp */
|
|
nop
|
|
|
|
/* PMAC
|
|
* Enter here with the kernel text, data and bss loaded starting at
|
|
* 0, running with virtual == physical mapping.
|
|
* r5 points to the prom entry point (the client interface handler
|
|
* address). Address translation is turned on, with the prom
|
|
* managing the hash table. Interrupts are disabled. The stack
|
|
* pointer (r1) points to just below the end of the half-meg region
|
|
* from 0x380000 - 0x400000, which is mapped in already.
|
|
*
|
|
* If we are booted from MacOS via BootX, we enter with the kernel
|
|
* image loaded somewhere, and the following values in registers:
|
|
* r3: 'BooX' (0x426f6f58)
|
|
* r4: virtual address of boot_infos_t
|
|
* r5: 0
|
|
*
|
|
* PREP
|
|
* This is jumped to on prep systems right after the kernel is relocated
|
|
* to its proper place in memory by the boot loader. The expected layout
|
|
* of the regs is:
|
|
* r3: ptr to residual data
|
|
* r4: initrd_start or if no initrd then 0
|
|
* r5: initrd_end - unused if r4 is 0
|
|
* r6: Start of command line string
|
|
* r7: End of command line string
|
|
*
|
|
* This just gets a minimal mmu environment setup so we can call
|
|
* start_here() to do the real work.
|
|
* -- Cort
|
|
*/
|
|
|
|
.globl __start
|
|
__start:
|
|
/*
|
|
* We have to do any OF calls before we map ourselves to KERNELBASE,
|
|
* because OF may have I/O devices mapped into that area
|
|
* (particularly on CHRP).
|
|
*/
|
|
cmpwi 0,r5,0
|
|
beq 1f
|
|
|
|
#ifdef CONFIG_PPC_OF_BOOT_TRAMPOLINE
|
|
/* find out where we are now */
|
|
bcl 20,31,$+4
|
|
0: mflr r8 /* r8 = runtime addr here */
|
|
addis r8,r8,(_stext - 0b)@ha
|
|
addi r8,r8,(_stext - 0b)@l /* current runtime base addr */
|
|
bl prom_init
|
|
#endif /* CONFIG_PPC_OF_BOOT_TRAMPOLINE */
|
|
|
|
/* We never return. We also hit that trap if trying to boot
|
|
* from OF while CONFIG_PPC_OF_BOOT_TRAMPOLINE isn't selected */
|
|
trap
|
|
|
|
/*
|
|
* Check for BootX signature when supporting PowerMac and branch to
|
|
* appropriate trampoline if it's present
|
|
*/
|
|
#ifdef CONFIG_PPC_PMAC
|
|
1: lis r31,0x426f
|
|
ori r31,r31,0x6f58
|
|
cmpw 0,r3,r31
|
|
bne 1f
|
|
bl bootx_init
|
|
trap
|
|
#endif /* CONFIG_PPC_PMAC */
|
|
|
|
1: mr r31,r3 /* save device tree ptr */
|
|
li r24,0 /* cpu # */
|
|
|
|
/*
|
|
* early_init() does the early machine identification and does
|
|
* the necessary low-level setup and clears the BSS
|
|
* -- Cort <cort@fsmlabs.com>
|
|
*/
|
|
bl early_init
|
|
|
|
/* Switch MMU off, clear BATs and flush TLB. At this point, r3 contains
|
|
* the physical address we are running at, returned by early_init()
|
|
*/
|
|
bl mmu_off
|
|
__after_mmu_off:
|
|
bl clear_bats
|
|
bl flush_tlbs
|
|
|
|
bl initial_bats
|
|
bl load_segment_registers
|
|
BEGIN_MMU_FTR_SECTION
|
|
bl reloc_offset
|
|
bl early_hash_table
|
|
END_MMU_FTR_SECTION_IFSET(MMU_FTR_HPTE_TABLE)
|
|
#if defined(CONFIG_BOOTX_TEXT)
|
|
bl setup_disp_bat
|
|
#endif
|
|
#ifdef CONFIG_PPC_EARLY_DEBUG_CPM
|
|
bl setup_cpm_bat
|
|
#endif
|
|
#ifdef CONFIG_PPC_EARLY_DEBUG_USBGECKO
|
|
bl setup_usbgecko_bat
|
|
#endif
|
|
|
|
/*
|
|
* Call setup_cpu for CPU 0 and initialize 6xx Idle
|
|
*/
|
|
bl reloc_offset
|
|
li r24,0 /* cpu# */
|
|
bl call_setup_cpu /* Call setup_cpu for this CPU */
|
|
bl reloc_offset
|
|
bl init_idle_6xx
|
|
|
|
|
|
/*
|
|
* We need to run with _start at physical address 0.
|
|
* On CHRP, we are loaded at 0x10000 since OF on CHRP uses
|
|
* the exception vectors at 0 (and therefore this copy
|
|
* overwrites OF's exception vectors with our own).
|
|
* The MMU is off at this point.
|
|
*/
|
|
bl reloc_offset
|
|
mr r26,r3
|
|
addis r4,r3,KERNELBASE@h /* current address of _start */
|
|
lis r5,PHYSICAL_START@h
|
|
cmplw 0,r4,r5 /* already running at PHYSICAL_START? */
|
|
bne relocate_kernel
|
|
/*
|
|
* we now have the 1st 16M of ram mapped with the bats.
|
|
* prep needs the mmu to be turned on here, but pmac already has it on.
|
|
* this shouldn't bother the pmac since it just gets turned on again
|
|
* as we jump to our code at KERNELBASE. -- Cort
|
|
* Actually no, pmac doesn't have it on any more. BootX enters with MMU
|
|
* off, and in other cases, we now turn it off before changing BATs above.
|
|
*/
|
|
turn_on_mmu:
|
|
mfmsr r0
|
|
ori r0,r0,MSR_DR|MSR_IR|MSR_RI
|
|
mtspr SPRN_SRR1,r0
|
|
lis r0,start_here@h
|
|
ori r0,r0,start_here@l
|
|
mtspr SPRN_SRR0,r0
|
|
RFI /* enables MMU */
|
|
|
|
/*
|
|
* We need __secondary_hold as a place to hold the other cpus on
|
|
* an SMP machine, even when we are running a UP kernel.
|
|
*/
|
|
. = 0xc0 /* for prep bootloader */
|
|
li r3,1 /* MTX only has 1 cpu */
|
|
.globl __secondary_hold
|
|
__secondary_hold:
|
|
/* tell the master we're here */
|
|
stw r3,__secondary_hold_acknowledge@l(0)
|
|
#ifdef CONFIG_SMP
|
|
100: lwz r4,0(0)
|
|
/* wait until we're told to start */
|
|
cmpw 0,r4,r3
|
|
bne 100b
|
|
/* our cpu # was at addr 0 - go */
|
|
mr r24,r3 /* cpu # */
|
|
b __secondary_start
|
|
#else
|
|
b .
|
|
#endif /* CONFIG_SMP */
|
|
|
|
.globl __secondary_hold_spinloop
|
|
__secondary_hold_spinloop:
|
|
.long 0
|
|
.globl __secondary_hold_acknowledge
|
|
__secondary_hold_acknowledge:
|
|
.long -1
|
|
|
|
/* System reset */
|
|
/* core99 pmac starts the seconary here by changing the vector, and
|
|
putting it back to what it was (unknown_exception) when done. */
|
|
EXCEPTION(0x100, Reset, unknown_exception, EXC_XFER_STD)
|
|
|
|
/* Machine check */
|
|
/*
|
|
* On CHRP, this is complicated by the fact that we could get a
|
|
* machine check inside RTAS, and we have no guarantee that certain
|
|
* critical registers will have the values we expect. The set of
|
|
* registers that might have bad values includes all the GPRs
|
|
* and all the BATs. We indicate that we are in RTAS by putting
|
|
* a non-zero value, the address of the exception frame to use,
|
|
* in thread.rtas_sp. The machine check handler checks thread.rtas_sp
|
|
* and uses its value if it is non-zero.
|
|
* (Other exception handlers assume that r1 is a valid kernel stack
|
|
* pointer when we take an exception from supervisor mode.)
|
|
* -- paulus.
|
|
*/
|
|
. = 0x200
|
|
DO_KVM 0x200
|
|
MachineCheck:
|
|
EXCEPTION_PROLOG_0
|
|
#ifdef CONFIG_PPC_CHRP
|
|
#ifdef CONFIG_VMAP_STACK
|
|
mr r11, r1
|
|
mfspr r1, SPRN_SPRG_THREAD
|
|
lwz r1, RTAS_SP(r1)
|
|
cmpwi cr1, r1, 0
|
|
bne cr1, 7f
|
|
mr r1, r11
|
|
#else
|
|
mfspr r11, SPRN_SPRG_THREAD
|
|
lwz r11, RTAS_SP(r11)
|
|
cmpwi cr1, r11, 0
|
|
bne cr1, 7f
|
|
#endif
|
|
#endif /* CONFIG_PPC_CHRP */
|
|
EXCEPTION_PROLOG_1 for_rtas=1
|
|
7: EXCEPTION_PROLOG_2
|
|
addi r3,r1,STACK_FRAME_OVERHEAD
|
|
#ifdef CONFIG_PPC_CHRP
|
|
beq cr1, machine_check_tramp
|
|
twi 31, 0, 0
|
|
#else
|
|
b machine_check_tramp
|
|
#endif
|
|
|
|
/* Data access exception. */
|
|
. = 0x300
|
|
DO_KVM 0x300
|
|
DataAccess:
|
|
#ifdef CONFIG_VMAP_STACK
|
|
mtspr SPRN_SPRG_SCRATCH0,r10
|
|
mfspr r10, SPRN_SPRG_THREAD
|
|
BEGIN_MMU_FTR_SECTION
|
|
stw r11, THR11(r10)
|
|
mfspr r10, SPRN_DSISR
|
|
mfcr r11
|
|
#ifdef CONFIG_PPC_KUAP
|
|
andis. r10, r10, (DSISR_BAD_FAULT_32S | DSISR_DABRMATCH | DSISR_PROTFAULT)@h
|
|
#else
|
|
andis. r10, r10, (DSISR_BAD_FAULT_32S | DSISR_DABRMATCH)@h
|
|
#endif
|
|
mfspr r10, SPRN_SPRG_THREAD
|
|
beq hash_page_dsi
|
|
.Lhash_page_dsi_cont:
|
|
mtcr r11
|
|
lwz r11, THR11(r10)
|
|
END_MMU_FTR_SECTION_IFSET(MMU_FTR_HPTE_TABLE)
|
|
mtspr SPRN_SPRG_SCRATCH1,r11
|
|
mfspr r11, SPRN_DAR
|
|
stw r11, DAR(r10)
|
|
mfspr r11, SPRN_DSISR
|
|
stw r11, DSISR(r10)
|
|
mfspr r11, SPRN_SRR0
|
|
stw r11, SRR0(r10)
|
|
mfspr r11, SPRN_SRR1 /* check whether user or kernel */
|
|
stw r11, SRR1(r10)
|
|
mfcr r10
|
|
andi. r11, r11, MSR_PR
|
|
|
|
EXCEPTION_PROLOG_1
|
|
b handle_page_fault_tramp_1
|
|
#else /* CONFIG_VMAP_STACK */
|
|
EXCEPTION_PROLOG handle_dar_dsisr=1
|
|
get_and_save_dar_dsisr_on_stack r4, r5, r11
|
|
BEGIN_MMU_FTR_SECTION
|
|
#ifdef CONFIG_PPC_KUAP
|
|
andis. r0, r5, (DSISR_BAD_FAULT_32S | DSISR_DABRMATCH | DSISR_PROTFAULT)@h
|
|
#else
|
|
andis. r0, r5, (DSISR_BAD_FAULT_32S | DSISR_DABRMATCH)@h
|
|
#endif
|
|
bne handle_page_fault_tramp_2 /* if not, try to put a PTE */
|
|
rlwinm r3, r5, 32 - 15, 21, 21 /* DSISR_STORE -> _PAGE_RW */
|
|
bl hash_page
|
|
b handle_page_fault_tramp_1
|
|
FTR_SECTION_ELSE
|
|
b handle_page_fault_tramp_2
|
|
ALT_MMU_FTR_SECTION_END_IFSET(MMU_FTR_HPTE_TABLE)
|
|
#endif /* CONFIG_VMAP_STACK */
|
|
|
|
/* Instruction access exception. */
|
|
. = 0x400
|
|
DO_KVM 0x400
|
|
InstructionAccess:
|
|
#ifdef CONFIG_VMAP_STACK
|
|
mtspr SPRN_SPRG_SCRATCH0,r10
|
|
mtspr SPRN_SPRG_SCRATCH1,r11
|
|
mfspr r10, SPRN_SPRG_THREAD
|
|
mfspr r11, SPRN_SRR0
|
|
stw r11, SRR0(r10)
|
|
mfspr r11, SPRN_SRR1 /* check whether user or kernel */
|
|
stw r11, SRR1(r10)
|
|
mfcr r10
|
|
BEGIN_MMU_FTR_SECTION
|
|
andis. r11, r11, SRR1_ISI_NOPT@h /* no pte found? */
|
|
bne hash_page_isi
|
|
.Lhash_page_isi_cont:
|
|
mfspr r11, SPRN_SRR1 /* check whether user or kernel */
|
|
END_MMU_FTR_SECTION_IFSET(MMU_FTR_HPTE_TABLE)
|
|
andi. r11, r11, MSR_PR
|
|
|
|
EXCEPTION_PROLOG_1
|
|
EXCEPTION_PROLOG_2
|
|
#else /* CONFIG_VMAP_STACK */
|
|
EXCEPTION_PROLOG
|
|
andis. r0,r9,SRR1_ISI_NOPT@h /* no pte found? */
|
|
beq 1f /* if so, try to put a PTE */
|
|
li r3,0 /* into the hash table */
|
|
mr r4,r12 /* SRR0 is fault address */
|
|
BEGIN_MMU_FTR_SECTION
|
|
bl hash_page
|
|
END_MMU_FTR_SECTION_IFSET(MMU_FTR_HPTE_TABLE)
|
|
#endif /* CONFIG_VMAP_STACK */
|
|
1: mr r4,r12
|
|
andis. r5,r9,DSISR_SRR1_MATCH_32S@h /* Filter relevant SRR1 bits */
|
|
stw r4, _DAR(r11)
|
|
EXC_XFER_LITE(0x400, handle_page_fault)
|
|
|
|
/* External interrupt */
|
|
EXCEPTION(0x500, HardwareInterrupt, do_IRQ, EXC_XFER_LITE)
|
|
|
|
/* Alignment exception */
|
|
. = 0x600
|
|
DO_KVM 0x600
|
|
Alignment:
|
|
EXCEPTION_PROLOG handle_dar_dsisr=1
|
|
save_dar_dsisr_on_stack r4, r5, r11
|
|
addi r3,r1,STACK_FRAME_OVERHEAD
|
|
b alignment_exception_tramp
|
|
|
|
/* Program check exception */
|
|
EXCEPTION(0x700, ProgramCheck, program_check_exception, EXC_XFER_STD)
|
|
|
|
/* Floating-point unavailable */
|
|
. = 0x800
|
|
DO_KVM 0x800
|
|
FPUnavailable:
|
|
BEGIN_FTR_SECTION
|
|
/*
|
|
* Certain Freescale cores don't have a FPU and treat fp instructions
|
|
* as a FP Unavailable exception. Redirect to illegal/emulation handling.
|
|
*/
|
|
b ProgramCheck
|
|
END_FTR_SECTION_IFSET(CPU_FTR_FPU_UNAVAILABLE)
|
|
EXCEPTION_PROLOG
|
|
beq 1f
|
|
bl load_up_fpu /* if from user, just load it up */
|
|
b fast_exception_return
|
|
1: addi r3,r1,STACK_FRAME_OVERHEAD
|
|
EXC_XFER_LITE(0x800, kernel_fp_unavailable_exception)
|
|
|
|
/* Decrementer */
|
|
EXCEPTION(0x900, Decrementer, timer_interrupt, EXC_XFER_LITE)
|
|
|
|
EXCEPTION(0xa00, Trap_0a, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0xb00, Trap_0b, unknown_exception, EXC_XFER_STD)
|
|
|
|
/* System call */
|
|
. = 0xc00
|
|
DO_KVM 0xc00
|
|
SystemCall:
|
|
SYSCALL_ENTRY 0xc00
|
|
|
|
EXCEPTION(0xd00, SingleStep, single_step_exception, EXC_XFER_STD)
|
|
EXCEPTION(0xe00, Trap_0e, unknown_exception, EXC_XFER_STD)
|
|
|
|
/*
|
|
* The Altivec unavailable trap is at 0x0f20. Foo.
|
|
* We effectively remap it to 0x3000.
|
|
* We include an altivec unavailable exception vector even if
|
|
* not configured for Altivec, so that you can't panic a
|
|
* non-altivec kernel running on a machine with altivec just
|
|
* by executing an altivec instruction.
|
|
*/
|
|
. = 0xf00
|
|
DO_KVM 0xf00
|
|
b PerformanceMonitor
|
|
|
|
. = 0xf20
|
|
DO_KVM 0xf20
|
|
b AltiVecUnavailable
|
|
|
|
/*
|
|
* Handle TLB miss for instruction on 603/603e.
|
|
* Note: we get an alternate set of r0 - r3 to use automatically.
|
|
*/
|
|
. = 0x1000
|
|
InstructionTLBMiss:
|
|
/*
|
|
* r0: scratch
|
|
* r1: linux style pte ( later becomes ppc hardware pte )
|
|
* r2: ptr to linux-style pte
|
|
* r3: scratch
|
|
*/
|
|
/* Get PTE (linux-style) and check access */
|
|
mfspr r3,SPRN_IMISS
|
|
#if defined(CONFIG_MODULES) || defined(CONFIG_DEBUG_PAGEALLOC)
|
|
lis r1, TASK_SIZE@h /* check if kernel address */
|
|
cmplw 0,r1,r3
|
|
#endif
|
|
mfspr r2, SPRN_SPRG_PGDIR
|
|
li r1,_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_EXEC | _PAGE_USER
|
|
#if defined(CONFIG_MODULES) || defined(CONFIG_DEBUG_PAGEALLOC)
|
|
bgt- 112f
|
|
lis r2, (swapper_pg_dir - PAGE_OFFSET)@ha /* if kernel address, use */
|
|
li r1,_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_EXEC
|
|
addi r2, r2, (swapper_pg_dir - PAGE_OFFSET)@l /* kernel page table */
|
|
#endif
|
|
112: rlwimi r2,r3,12,20,29 /* insert top 10 bits of address */
|
|
lwz r2,0(r2) /* get pmd entry */
|
|
rlwinm. r2,r2,0,0,19 /* extract address of pte page */
|
|
beq- InstructionAddressInvalid /* return if no mapping */
|
|
rlwimi r2,r3,22,20,29 /* insert next 10 bits of address */
|
|
lwz r0,0(r2) /* get linux-style pte */
|
|
andc. r1,r1,r0 /* check access & ~permission */
|
|
bne- InstructionAddressInvalid /* return if access not permitted */
|
|
/* Convert linux-style PTE to low word of PPC-style PTE */
|
|
rlwimi r0,r0,32-2,31,31 /* _PAGE_USER -> PP lsb */
|
|
ori r1, r1, 0xe06 /* clear out reserved bits */
|
|
andc r1, r0, r1 /* PP = user? 1 : 0 */
|
|
BEGIN_FTR_SECTION
|
|
rlwinm r1,r1,0,~_PAGE_COHERENT /* clear M (coherence not required) */
|
|
END_FTR_SECTION_IFCLR(CPU_FTR_NEED_COHERENT)
|
|
mtspr SPRN_RPA,r1
|
|
tlbli r3
|
|
mfspr r3,SPRN_SRR1 /* Need to restore CR0 */
|
|
mtcrf 0x80,r3
|
|
rfi
|
|
InstructionAddressInvalid:
|
|
mfspr r3,SPRN_SRR1
|
|
rlwinm r1,r3,9,6,6 /* Get load/store bit */
|
|
|
|
addis r1,r1,0x2000
|
|
mtspr SPRN_DSISR,r1 /* (shouldn't be needed) */
|
|
andi. r2,r3,0xFFFF /* Clear upper bits of SRR1 */
|
|
or r2,r2,r1
|
|
mtspr SPRN_SRR1,r2
|
|
mfspr r1,SPRN_IMISS /* Get failing address */
|
|
rlwinm. r2,r2,0,31,31 /* Check for little endian access */
|
|
rlwimi r2,r2,1,30,30 /* change 1 -> 3 */
|
|
xor r1,r1,r2
|
|
mtspr SPRN_DAR,r1 /* Set fault address */
|
|
mfmsr r0 /* Restore "normal" registers */
|
|
xoris r0,r0,MSR_TGPR>>16
|
|
mtcrf 0x80,r3 /* Restore CR0 */
|
|
mtmsr r0
|
|
b InstructionAccess
|
|
|
|
/*
|
|
* Handle TLB miss for DATA Load operation on 603/603e
|
|
*/
|
|
. = 0x1100
|
|
DataLoadTLBMiss:
|
|
/*
|
|
* r0: scratch
|
|
* r1: linux style pte ( later becomes ppc hardware pte )
|
|
* r2: ptr to linux-style pte
|
|
* r3: scratch
|
|
*/
|
|
/* Get PTE (linux-style) and check access */
|
|
mfspr r3,SPRN_DMISS
|
|
lis r1, TASK_SIZE@h /* check if kernel address */
|
|
cmplw 0,r1,r3
|
|
mfspr r2, SPRN_SPRG_PGDIR
|
|
li r1, _PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_USER
|
|
bgt- 112f
|
|
lis r2, (swapper_pg_dir - PAGE_OFFSET)@ha /* if kernel address, use */
|
|
li r1, _PAGE_PRESENT | _PAGE_ACCESSED
|
|
addi r2, r2, (swapper_pg_dir - PAGE_OFFSET)@l /* kernel page table */
|
|
112: rlwimi r2,r3,12,20,29 /* insert top 10 bits of address */
|
|
lwz r2,0(r2) /* get pmd entry */
|
|
rlwinm. r2,r2,0,0,19 /* extract address of pte page */
|
|
beq- DataAddressInvalid /* return if no mapping */
|
|
rlwimi r2,r3,22,20,29 /* insert next 10 bits of address */
|
|
lwz r0,0(r2) /* get linux-style pte */
|
|
andc. r1,r1,r0 /* check access & ~permission */
|
|
bne- DataAddressInvalid /* return if access not permitted */
|
|
/*
|
|
* NOTE! We are assuming this is not an SMP system, otherwise
|
|
* we would need to update the pte atomically with lwarx/stwcx.
|
|
*/
|
|
/* Convert linux-style PTE to low word of PPC-style PTE */
|
|
rlwinm r1,r0,32-9,30,30 /* _PAGE_RW -> PP msb */
|
|
rlwimi r0,r0,32-1,30,30 /* _PAGE_USER -> PP msb */
|
|
rlwimi r0,r0,32-1,31,31 /* _PAGE_USER -> PP lsb */
|
|
ori r1,r1,0xe04 /* clear out reserved bits */
|
|
andc r1,r0,r1 /* PP = user? rw? 1: 3: 0 */
|
|
BEGIN_FTR_SECTION
|
|
rlwinm r1,r1,0,~_PAGE_COHERENT /* clear M (coherence not required) */
|
|
END_FTR_SECTION_IFCLR(CPU_FTR_NEED_COHERENT)
|
|
mtspr SPRN_RPA,r1
|
|
mfspr r2,SPRN_SRR1 /* Need to restore CR0 */
|
|
mtcrf 0x80,r2
|
|
BEGIN_MMU_FTR_SECTION
|
|
li r0,1
|
|
mfspr r1,SPRN_SPRG_603_LRU
|
|
rlwinm r2,r3,20,27,31 /* Get Address bits 15:19 */
|
|
slw r0,r0,r2
|
|
xor r1,r0,r1
|
|
srw r0,r1,r2
|
|
mtspr SPRN_SPRG_603_LRU,r1
|
|
mfspr r2,SPRN_SRR1
|
|
rlwimi r2,r0,31-14,14,14
|
|
mtspr SPRN_SRR1,r2
|
|
END_MMU_FTR_SECTION_IFSET(MMU_FTR_NEED_DTLB_SW_LRU)
|
|
tlbld r3
|
|
rfi
|
|
DataAddressInvalid:
|
|
mfspr r3,SPRN_SRR1
|
|
rlwinm r1,r3,9,6,6 /* Get load/store bit */
|
|
addis r1,r1,0x2000
|
|
mtspr SPRN_DSISR,r1
|
|
andi. r2,r3,0xFFFF /* Clear upper bits of SRR1 */
|
|
mtspr SPRN_SRR1,r2
|
|
mfspr r1,SPRN_DMISS /* Get failing address */
|
|
rlwinm. r2,r2,0,31,31 /* Check for little endian access */
|
|
beq 20f /* Jump if big endian */
|
|
xori r1,r1,3
|
|
20: mtspr SPRN_DAR,r1 /* Set fault address */
|
|
mfmsr r0 /* Restore "normal" registers */
|
|
xoris r0,r0,MSR_TGPR>>16
|
|
mtcrf 0x80,r3 /* Restore CR0 */
|
|
mtmsr r0
|
|
b DataAccess
|
|
|
|
/*
|
|
* Handle TLB miss for DATA Store on 603/603e
|
|
*/
|
|
. = 0x1200
|
|
DataStoreTLBMiss:
|
|
/*
|
|
* r0: scratch
|
|
* r1: linux style pte ( later becomes ppc hardware pte )
|
|
* r2: ptr to linux-style pte
|
|
* r3: scratch
|
|
*/
|
|
/* Get PTE (linux-style) and check access */
|
|
mfspr r3,SPRN_DMISS
|
|
lis r1, TASK_SIZE@h /* check if kernel address */
|
|
cmplw 0,r1,r3
|
|
mfspr r2, SPRN_SPRG_PGDIR
|
|
li r1, _PAGE_RW | _PAGE_DIRTY | _PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_USER
|
|
bgt- 112f
|
|
lis r2, (swapper_pg_dir - PAGE_OFFSET)@ha /* if kernel address, use */
|
|
li r1, _PAGE_RW | _PAGE_DIRTY | _PAGE_PRESENT | _PAGE_ACCESSED
|
|
addi r2, r2, (swapper_pg_dir - PAGE_OFFSET)@l /* kernel page table */
|
|
112: rlwimi r2,r3,12,20,29 /* insert top 10 bits of address */
|
|
lwz r2,0(r2) /* get pmd entry */
|
|
rlwinm. r2,r2,0,0,19 /* extract address of pte page */
|
|
beq- DataAddressInvalid /* return if no mapping */
|
|
rlwimi r2,r3,22,20,29 /* insert next 10 bits of address */
|
|
lwz r0,0(r2) /* get linux-style pte */
|
|
andc. r1,r1,r0 /* check access & ~permission */
|
|
bne- DataAddressInvalid /* return if access not permitted */
|
|
/*
|
|
* NOTE! We are assuming this is not an SMP system, otherwise
|
|
* we would need to update the pte atomically with lwarx/stwcx.
|
|
*/
|
|
/* Convert linux-style PTE to low word of PPC-style PTE */
|
|
rlwimi r0,r0,32-2,31,31 /* _PAGE_USER -> PP lsb */
|
|
li r1,0xe06 /* clear out reserved bits & PP msb */
|
|
andc r1,r0,r1 /* PP = user? 1: 0 */
|
|
BEGIN_FTR_SECTION
|
|
rlwinm r1,r1,0,~_PAGE_COHERENT /* clear M (coherence not required) */
|
|
END_FTR_SECTION_IFCLR(CPU_FTR_NEED_COHERENT)
|
|
mtspr SPRN_RPA,r1
|
|
mfspr r2,SPRN_SRR1 /* Need to restore CR0 */
|
|
mtcrf 0x80,r2
|
|
BEGIN_MMU_FTR_SECTION
|
|
li r0,1
|
|
mfspr r1,SPRN_SPRG_603_LRU
|
|
rlwinm r2,r3,20,27,31 /* Get Address bits 15:19 */
|
|
slw r0,r0,r2
|
|
xor r1,r0,r1
|
|
srw r0,r1,r2
|
|
mtspr SPRN_SPRG_603_LRU,r1
|
|
mfspr r2,SPRN_SRR1
|
|
rlwimi r2,r0,31-14,14,14
|
|
mtspr SPRN_SRR1,r2
|
|
END_MMU_FTR_SECTION_IFSET(MMU_FTR_NEED_DTLB_SW_LRU)
|
|
tlbld r3
|
|
rfi
|
|
|
|
#ifndef CONFIG_ALTIVEC
|
|
#define altivec_assist_exception unknown_exception
|
|
#endif
|
|
|
|
#ifndef CONFIG_TAU_INT
|
|
#define TAUException unknown_exception
|
|
#endif
|
|
|
|
EXCEPTION(0x1300, Trap_13, instruction_breakpoint_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x1400, SMI, SMIException, EXC_XFER_STD)
|
|
EXCEPTION(0x1500, Trap_15, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x1600, Trap_16, altivec_assist_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x1700, Trap_17, TAUException, EXC_XFER_STD)
|
|
EXCEPTION(0x1800, Trap_18, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x1900, Trap_19, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x1a00, Trap_1a, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x1b00, Trap_1b, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x1c00, Trap_1c, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x1d00, Trap_1d, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x1e00, Trap_1e, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x1f00, Trap_1f, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x2000, RunMode, RunModeException, EXC_XFER_STD)
|
|
EXCEPTION(0x2100, Trap_21, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x2200, Trap_22, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x2300, Trap_23, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x2400, Trap_24, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x2500, Trap_25, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x2600, Trap_26, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x2700, Trap_27, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x2800, Trap_28, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x2900, Trap_29, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x2a00, Trap_2a, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x2b00, Trap_2b, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x2c00, Trap_2c, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x2d00, Trap_2d, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x2e00, Trap_2e, unknown_exception, EXC_XFER_STD)
|
|
EXCEPTION(0x2f00, Trap_2f, unknown_exception, EXC_XFER_STD)
|
|
|
|
. = 0x3000
|
|
|
|
machine_check_tramp:
|
|
EXC_XFER_STD(0x200, machine_check_exception)
|
|
|
|
alignment_exception_tramp:
|
|
EXC_XFER_STD(0x600, alignment_exception)
|
|
|
|
handle_page_fault_tramp_1:
|
|
#ifdef CONFIG_VMAP_STACK
|
|
EXCEPTION_PROLOG_2 handle_dar_dsisr=1
|
|
#endif
|
|
lwz r4, _DAR(r11)
|
|
lwz r5, _DSISR(r11)
|
|
/* fall through */
|
|
handle_page_fault_tramp_2:
|
|
EXC_XFER_LITE(0x300, handle_page_fault)
|
|
|
|
#ifdef CONFIG_VMAP_STACK
|
|
.macro save_regs_thread thread
|
|
stw r0, THR0(\thread)
|
|
stw r3, THR3(\thread)
|
|
stw r4, THR4(\thread)
|
|
stw r5, THR5(\thread)
|
|
stw r6, THR6(\thread)
|
|
stw r8, THR8(\thread)
|
|
stw r9, THR9(\thread)
|
|
mflr r0
|
|
stw r0, THLR(\thread)
|
|
mfctr r0
|
|
stw r0, THCTR(\thread)
|
|
.endm
|
|
|
|
.macro restore_regs_thread thread
|
|
lwz r0, THLR(\thread)
|
|
mtlr r0
|
|
lwz r0, THCTR(\thread)
|
|
mtctr r0
|
|
lwz r0, THR0(\thread)
|
|
lwz r3, THR3(\thread)
|
|
lwz r4, THR4(\thread)
|
|
lwz r5, THR5(\thread)
|
|
lwz r6, THR6(\thread)
|
|
lwz r8, THR8(\thread)
|
|
lwz r9, THR9(\thread)
|
|
.endm
|
|
|
|
hash_page_dsi:
|
|
save_regs_thread r10
|
|
mfdsisr r3
|
|
mfdar r4
|
|
mfsrr0 r5
|
|
mfsrr1 r9
|
|
rlwinm r3, r3, 32 - 15, _PAGE_RW /* DSISR_STORE -> _PAGE_RW */
|
|
bl hash_page
|
|
mfspr r10, SPRN_SPRG_THREAD
|
|
restore_regs_thread r10
|
|
b .Lhash_page_dsi_cont
|
|
|
|
hash_page_isi:
|
|
mr r11, r10
|
|
mfspr r10, SPRN_SPRG_THREAD
|
|
save_regs_thread r10
|
|
li r3, 0
|
|
lwz r4, SRR0(r10)
|
|
lwz r9, SRR1(r10)
|
|
bl hash_page
|
|
mfspr r10, SPRN_SPRG_THREAD
|
|
restore_regs_thread r10
|
|
mr r10, r11
|
|
b .Lhash_page_isi_cont
|
|
|
|
.globl fast_hash_page_return
|
|
fast_hash_page_return:
|
|
andis. r10, r9, SRR1_ISI_NOPT@h /* Set on ISI, cleared on DSI */
|
|
mfspr r10, SPRN_SPRG_THREAD
|
|
restore_regs_thread r10
|
|
bne 1f
|
|
|
|
/* DSI */
|
|
mtcr r11
|
|
lwz r11, THR11(r10)
|
|
mfspr r10, SPRN_SPRG_SCRATCH0
|
|
RFI
|
|
|
|
1: /* ISI */
|
|
mtcr r11
|
|
mfspr r11, SPRN_SPRG_SCRATCH1
|
|
mfspr r10, SPRN_SPRG_SCRATCH0
|
|
RFI
|
|
|
|
stack_overflow:
|
|
vmap_stack_overflow_exception
|
|
#endif
|
|
|
|
AltiVecUnavailable:
|
|
EXCEPTION_PROLOG
|
|
#ifdef CONFIG_ALTIVEC
|
|
beq 1f
|
|
bl load_up_altivec /* if from user, just load it up */
|
|
b fast_exception_return
|
|
#endif /* CONFIG_ALTIVEC */
|
|
1: addi r3,r1,STACK_FRAME_OVERHEAD
|
|
EXC_XFER_LITE(0xf20, altivec_unavailable_exception)
|
|
|
|
PerformanceMonitor:
|
|
EXCEPTION_PROLOG
|
|
addi r3,r1,STACK_FRAME_OVERHEAD
|
|
EXC_XFER_STD(0xf00, performance_monitor_exception)
|
|
|
|
|
|
/*
|
|
* This code is jumped to from the startup code to copy
|
|
* the kernel image to physical address PHYSICAL_START.
|
|
*/
|
|
relocate_kernel:
|
|
addis r9,r26,klimit@ha /* fetch klimit */
|
|
lwz r25,klimit@l(r9)
|
|
addis r25,r25,-KERNELBASE@h
|
|
lis r3,PHYSICAL_START@h /* Destination base address */
|
|
li r6,0 /* Destination offset */
|
|
li r5,0x4000 /* # bytes of memory to copy */
|
|
bl copy_and_flush /* copy the first 0x4000 bytes */
|
|
addi r0,r3,4f@l /* jump to the address of 4f */
|
|
mtctr r0 /* in copy and do the rest. */
|
|
bctr /* jump to the copy */
|
|
4: mr r5,r25
|
|
bl copy_and_flush /* copy the rest */
|
|
b turn_on_mmu
|
|
|
|
/*
|
|
* Copy routine used to copy the kernel to start at physical address 0
|
|
* and flush and invalidate the caches as needed.
|
|
* r3 = dest addr, r4 = source addr, r5 = copy limit, r6 = start offset
|
|
* on exit, r3, r4, r5 are unchanged, r6 is updated to be >= r5.
|
|
*/
|
|
_ENTRY(copy_and_flush)
|
|
addi r5,r5,-4
|
|
addi r6,r6,-4
|
|
4: li r0,L1_CACHE_BYTES/4
|
|
mtctr r0
|
|
3: addi r6,r6,4 /* copy a cache line */
|
|
lwzx r0,r6,r4
|
|
stwx r0,r6,r3
|
|
bdnz 3b
|
|
dcbst r6,r3 /* write it to memory */
|
|
sync
|
|
icbi r6,r3 /* flush the icache line */
|
|
cmplw 0,r6,r5
|
|
blt 4b
|
|
sync /* additional sync needed on g4 */
|
|
isync
|
|
addi r5,r5,4
|
|
addi r6,r6,4
|
|
blr
|
|
|
|
#ifdef CONFIG_SMP
|
|
.globl __secondary_start_mpc86xx
|
|
__secondary_start_mpc86xx:
|
|
mfspr r3, SPRN_PIR
|
|
stw r3, __secondary_hold_acknowledge@l(0)
|
|
mr r24, r3 /* cpu # */
|
|
b __secondary_start
|
|
|
|
.globl __secondary_start_pmac_0
|
|
__secondary_start_pmac_0:
|
|
/* NB the entries for cpus 0, 1, 2 must each occupy 8 bytes. */
|
|
li r24,0
|
|
b 1f
|
|
li r24,1
|
|
b 1f
|
|
li r24,2
|
|
b 1f
|
|
li r24,3
|
|
1:
|
|
/* on powersurge, we come in here with IR=0 and DR=1, and DBAT 0
|
|
set to map the 0xf0000000 - 0xffffffff region */
|
|
mfmsr r0
|
|
rlwinm r0,r0,0,28,26 /* clear DR (0x10) */
|
|
mtmsr r0
|
|
isync
|
|
|
|
.globl __secondary_start
|
|
__secondary_start:
|
|
/* Copy some CPU settings from CPU 0 */
|
|
bl __restore_cpu_setup
|
|
|
|
lis r3,-KERNELBASE@h
|
|
mr r4,r24
|
|
bl call_setup_cpu /* Call setup_cpu for this CPU */
|
|
lis r3,-KERNELBASE@h
|
|
bl init_idle_6xx
|
|
|
|
/* get current's stack and current */
|
|
lis r2,secondary_current@ha
|
|
tophys(r2,r2)
|
|
lwz r2,secondary_current@l(r2)
|
|
tophys(r1,r2)
|
|
lwz r1,TASK_STACK(r1)
|
|
|
|
/* stack */
|
|
addi r1,r1,THREAD_SIZE-STACK_FRAME_OVERHEAD
|
|
li r0,0
|
|
tophys(r3,r1)
|
|
stw r0,0(r3)
|
|
|
|
/* load up the MMU */
|
|
bl load_segment_registers
|
|
bl load_up_mmu
|
|
|
|
/* ptr to phys current thread */
|
|
tophys(r4,r2)
|
|
addi r4,r4,THREAD /* phys address of our thread_struct */
|
|
mtspr SPRN_SPRG_THREAD,r4
|
|
lis r4, (swapper_pg_dir - PAGE_OFFSET)@h
|
|
ori r4, r4, (swapper_pg_dir - PAGE_OFFSET)@l
|
|
mtspr SPRN_SPRG_PGDIR, r4
|
|
|
|
/* enable MMU and jump to start_secondary */
|
|
li r4,MSR_KERNEL
|
|
lis r3,start_secondary@h
|
|
ori r3,r3,start_secondary@l
|
|
mtspr SPRN_SRR0,r3
|
|
mtspr SPRN_SRR1,r4
|
|
RFI
|
|
#endif /* CONFIG_SMP */
|
|
|
|
#ifdef CONFIG_KVM_BOOK3S_HANDLER
|
|
#include "../kvm/book3s_rmhandlers.S"
|
|
#endif
|
|
|
|
/*
|
|
* Load stuff into the MMU. Intended to be called with
|
|
* IR=0 and DR=0.
|
|
*/
|
|
early_hash_table:
|
|
sync /* Force all PTE updates to finish */
|
|
isync
|
|
tlbia /* Clear all TLB entries */
|
|
sync /* wait for tlbia/tlbie to finish */
|
|
TLBSYNC /* ... on all CPUs */
|
|
/* Load the SDR1 register (hash table base & size) */
|
|
lis r6, early_hash - PAGE_OFFSET@h
|
|
ori r6, r6, 3 /* 256kB table */
|
|
mtspr SPRN_SDR1, r6
|
|
lis r6, early_hash@h
|
|
addis r3, r3, Hash@ha
|
|
stw r6, Hash@l(r3)
|
|
blr
|
|
|
|
load_up_mmu:
|
|
sync /* Force all PTE updates to finish */
|
|
isync
|
|
tlbia /* Clear all TLB entries */
|
|
sync /* wait for tlbia/tlbie to finish */
|
|
TLBSYNC /* ... on all CPUs */
|
|
/* Load the SDR1 register (hash table base & size) */
|
|
lis r6,_SDR1@ha
|
|
tophys(r6,r6)
|
|
lwz r6,_SDR1@l(r6)
|
|
mtspr SPRN_SDR1,r6
|
|
|
|
/* Load the BAT registers with the values set up by MMU_init. */
|
|
lis r3,BATS@ha
|
|
addi r3,r3,BATS@l
|
|
tophys(r3,r3)
|
|
LOAD_BAT(0,r3,r4,r5)
|
|
LOAD_BAT(1,r3,r4,r5)
|
|
LOAD_BAT(2,r3,r4,r5)
|
|
LOAD_BAT(3,r3,r4,r5)
|
|
BEGIN_MMU_FTR_SECTION
|
|
LOAD_BAT(4,r3,r4,r5)
|
|
LOAD_BAT(5,r3,r4,r5)
|
|
LOAD_BAT(6,r3,r4,r5)
|
|
LOAD_BAT(7,r3,r4,r5)
|
|
END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_HIGH_BATS)
|
|
blr
|
|
|
|
_GLOBAL(load_segment_registers)
|
|
li r0, NUM_USER_SEGMENTS /* load up user segment register values */
|
|
mtctr r0 /* for context 0 */
|
|
li r3, 0 /* Kp = 0, Ks = 0, VSID = 0 */
|
|
#ifdef CONFIG_PPC_KUEP
|
|
oris r3, r3, SR_NX@h /* Set Nx */
|
|
#endif
|
|
#ifdef CONFIG_PPC_KUAP
|
|
oris r3, r3, SR_KS@h /* Set Ks */
|
|
#endif
|
|
li r4, 0
|
|
3: mtsrin r3, r4
|
|
addi r3, r3, 0x111 /* increment VSID */
|
|
addis r4, r4, 0x1000 /* address of next segment */
|
|
bdnz 3b
|
|
li r0, 16 - NUM_USER_SEGMENTS /* load up kernel segment registers */
|
|
mtctr r0 /* for context 0 */
|
|
rlwinm r3, r3, 0, ~SR_NX /* Nx = 0 */
|
|
rlwinm r3, r3, 0, ~SR_KS /* Ks = 0 */
|
|
oris r3, r3, SR_KP@h /* Kp = 1 */
|
|
3: mtsrin r3, r4
|
|
addi r3, r3, 0x111 /* increment VSID */
|
|
addis r4, r4, 0x1000 /* address of next segment */
|
|
bdnz 3b
|
|
blr
|
|
|
|
/*
|
|
* This is where the main kernel code starts.
|
|
*/
|
|
start_here:
|
|
/* ptr to current */
|
|
lis r2,init_task@h
|
|
ori r2,r2,init_task@l
|
|
/* Set up for using our exception vectors */
|
|
/* ptr to phys current thread */
|
|
tophys(r4,r2)
|
|
addi r4,r4,THREAD /* init task's THREAD */
|
|
mtspr SPRN_SPRG_THREAD,r4
|
|
lis r4, (swapper_pg_dir - PAGE_OFFSET)@h
|
|
ori r4, r4, (swapper_pg_dir - PAGE_OFFSET)@l
|
|
mtspr SPRN_SPRG_PGDIR, r4
|
|
|
|
/* stack */
|
|
lis r1,init_thread_union@ha
|
|
addi r1,r1,init_thread_union@l
|
|
li r0,0
|
|
stwu r0,THREAD_SIZE-STACK_FRAME_OVERHEAD(r1)
|
|
/*
|
|
* Do early platform-specific initialization,
|
|
* and set up the MMU.
|
|
*/
|
|
#ifdef CONFIG_KASAN
|
|
bl kasan_early_init
|
|
#endif
|
|
li r3,0
|
|
mr r4,r31
|
|
bl machine_init
|
|
bl __save_cpu_setup
|
|
bl MMU_init
|
|
bl MMU_init_hw_patch
|
|
|
|
/*
|
|
* Go back to running unmapped so we can load up new values
|
|
* for SDR1 (hash table pointer) and the segment registers
|
|
* and change to using our exception vectors.
|
|
*/
|
|
lis r4,2f@h
|
|
ori r4,r4,2f@l
|
|
tophys(r4,r4)
|
|
li r3,MSR_KERNEL & ~(MSR_IR|MSR_DR)
|
|
|
|
.align 4
|
|
mtspr SPRN_SRR0,r4
|
|
mtspr SPRN_SRR1,r3
|
|
RFI
|
|
/* Load up the kernel context */
|
|
2: bl load_up_mmu
|
|
|
|
#ifdef CONFIG_BDI_SWITCH
|
|
/* Add helper information for the Abatron bdiGDB debugger.
|
|
* We do this here because we know the mmu is disabled, and
|
|
* will be enabled for real in just a few instructions.
|
|
*/
|
|
lis r5, abatron_pteptrs@h
|
|
ori r5, r5, abatron_pteptrs@l
|
|
stw r5, 0xf0(0) /* This much match your Abatron config */
|
|
lis r6, swapper_pg_dir@h
|
|
ori r6, r6, swapper_pg_dir@l
|
|
tophys(r5, r5)
|
|
stw r6, 0(r5)
|
|
#endif /* CONFIG_BDI_SWITCH */
|
|
|
|
/* Now turn on the MMU for real! */
|
|
li r4,MSR_KERNEL
|
|
lis r3,start_kernel@h
|
|
ori r3,r3,start_kernel@l
|
|
mtspr SPRN_SRR0,r3
|
|
mtspr SPRN_SRR1,r4
|
|
RFI
|
|
|
|
/*
|
|
* void switch_mmu_context(struct mm_struct *prev, struct mm_struct *next);
|
|
*
|
|
* Set up the segment registers for a new context.
|
|
*/
|
|
_ENTRY(switch_mmu_context)
|
|
lwz r3,MMCONTEXTID(r4)
|
|
cmpwi cr0,r3,0
|
|
blt- 4f
|
|
mulli r3,r3,897 /* multiply context by skew factor */
|
|
rlwinm r3,r3,4,8,27 /* VSID = (context & 0xfffff) << 4 */
|
|
#ifdef CONFIG_PPC_KUEP
|
|
oris r3, r3, SR_NX@h /* Set Nx */
|
|
#endif
|
|
#ifdef CONFIG_PPC_KUAP
|
|
oris r3, r3, SR_KS@h /* Set Ks */
|
|
#endif
|
|
li r0,NUM_USER_SEGMENTS
|
|
mtctr r0
|
|
|
|
lwz r4, MM_PGD(r4)
|
|
#ifdef CONFIG_BDI_SWITCH
|
|
/* Context switch the PTE pointer for the Abatron BDI2000.
|
|
* The PGDIR is passed as second argument.
|
|
*/
|
|
lis r5, abatron_pteptrs@ha
|
|
stw r4, abatron_pteptrs@l + 0x4(r5)
|
|
#endif
|
|
tophys(r4, r4)
|
|
mtspr SPRN_SPRG_PGDIR, r4
|
|
li r4,0
|
|
isync
|
|
3:
|
|
mtsrin r3,r4
|
|
addi r3,r3,0x111 /* next VSID */
|
|
rlwinm r3,r3,0,8,3 /* clear out any overflow from VSID field */
|
|
addis r4,r4,0x1000 /* address of next segment */
|
|
bdnz 3b
|
|
sync
|
|
isync
|
|
blr
|
|
4: trap
|
|
EMIT_BUG_ENTRY 4b,__FILE__,__LINE__,0
|
|
blr
|
|
EXPORT_SYMBOL(switch_mmu_context)
|
|
|
|
/*
|
|
* An undocumented "feature" of 604e requires that the v bit
|
|
* be cleared before changing BAT values.
|
|
*
|
|
* Also, newer IBM firmware does not clear bat3 and 4 so
|
|
* this makes sure it's done.
|
|
* -- Cort
|
|
*/
|
|
clear_bats:
|
|
li r10,0
|
|
|
|
mtspr SPRN_DBAT0U,r10
|
|
mtspr SPRN_DBAT0L,r10
|
|
mtspr SPRN_DBAT1U,r10
|
|
mtspr SPRN_DBAT1L,r10
|
|
mtspr SPRN_DBAT2U,r10
|
|
mtspr SPRN_DBAT2L,r10
|
|
mtspr SPRN_DBAT3U,r10
|
|
mtspr SPRN_DBAT3L,r10
|
|
mtspr SPRN_IBAT0U,r10
|
|
mtspr SPRN_IBAT0L,r10
|
|
mtspr SPRN_IBAT1U,r10
|
|
mtspr SPRN_IBAT1L,r10
|
|
mtspr SPRN_IBAT2U,r10
|
|
mtspr SPRN_IBAT2L,r10
|
|
mtspr SPRN_IBAT3U,r10
|
|
mtspr SPRN_IBAT3L,r10
|
|
BEGIN_MMU_FTR_SECTION
|
|
/* Here's a tweak: at this point, CPU setup have
|
|
* not been called yet, so HIGH_BAT_EN may not be
|
|
* set in HID0 for the 745x processors. However, it
|
|
* seems that doesn't affect our ability to actually
|
|
* write to these SPRs.
|
|
*/
|
|
mtspr SPRN_DBAT4U,r10
|
|
mtspr SPRN_DBAT4L,r10
|
|
mtspr SPRN_DBAT5U,r10
|
|
mtspr SPRN_DBAT5L,r10
|
|
mtspr SPRN_DBAT6U,r10
|
|
mtspr SPRN_DBAT6L,r10
|
|
mtspr SPRN_DBAT7U,r10
|
|
mtspr SPRN_DBAT7L,r10
|
|
mtspr SPRN_IBAT4U,r10
|
|
mtspr SPRN_IBAT4L,r10
|
|
mtspr SPRN_IBAT5U,r10
|
|
mtspr SPRN_IBAT5L,r10
|
|
mtspr SPRN_IBAT6U,r10
|
|
mtspr SPRN_IBAT6L,r10
|
|
mtspr SPRN_IBAT7U,r10
|
|
mtspr SPRN_IBAT7L,r10
|
|
END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_HIGH_BATS)
|
|
blr
|
|
|
|
_ENTRY(update_bats)
|
|
lis r4, 1f@h
|
|
ori r4, r4, 1f@l
|
|
tophys(r4, r4)
|
|
mfmsr r6
|
|
mflr r7
|
|
li r3, MSR_KERNEL & ~(MSR_IR | MSR_DR)
|
|
rlwinm r0, r6, 0, ~MSR_RI
|
|
rlwinm r0, r0, 0, ~MSR_EE
|
|
mtmsr r0
|
|
|
|
.align 4
|
|
mtspr SPRN_SRR0, r4
|
|
mtspr SPRN_SRR1, r3
|
|
RFI
|
|
1: bl clear_bats
|
|
lis r3, BATS@ha
|
|
addi r3, r3, BATS@l
|
|
tophys(r3, r3)
|
|
LOAD_BAT(0, r3, r4, r5)
|
|
LOAD_BAT(1, r3, r4, r5)
|
|
LOAD_BAT(2, r3, r4, r5)
|
|
LOAD_BAT(3, r3, r4, r5)
|
|
BEGIN_MMU_FTR_SECTION
|
|
LOAD_BAT(4, r3, r4, r5)
|
|
LOAD_BAT(5, r3, r4, r5)
|
|
LOAD_BAT(6, r3, r4, r5)
|
|
LOAD_BAT(7, r3, r4, r5)
|
|
END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_HIGH_BATS)
|
|
li r3, MSR_KERNEL & ~(MSR_IR | MSR_DR | MSR_RI)
|
|
mtmsr r3
|
|
mtspr SPRN_SRR0, r7
|
|
mtspr SPRN_SRR1, r6
|
|
RFI
|
|
|
|
flush_tlbs:
|
|
lis r10, 0x40
|
|
1: addic. r10, r10, -0x1000
|
|
tlbie r10
|
|
bgt 1b
|
|
sync
|
|
blr
|
|
|
|
mmu_off:
|
|
addi r4, r3, __after_mmu_off - _start
|
|
mfmsr r3
|
|
andi. r0,r3,MSR_DR|MSR_IR /* MMU enabled? */
|
|
beqlr
|
|
andc r3,r3,r0
|
|
|
|
.align 4
|
|
mtspr SPRN_SRR0,r4
|
|
mtspr SPRN_SRR1,r3
|
|
sync
|
|
RFI
|
|
|
|
/* We use one BAT to map up to 256M of RAM at _PAGE_OFFSET */
|
|
initial_bats:
|
|
lis r11,PAGE_OFFSET@h
|
|
tophys(r8,r11)
|
|
#ifdef CONFIG_SMP
|
|
ori r8,r8,0x12 /* R/W access, M=1 */
|
|
#else
|
|
ori r8,r8,2 /* R/W access */
|
|
#endif /* CONFIG_SMP */
|
|
ori r11,r11,BL_256M<<2|0x2 /* set up BAT registers for 604 */
|
|
|
|
mtspr SPRN_DBAT0L,r8 /* N.B. 6xx have valid */
|
|
mtspr SPRN_DBAT0U,r11 /* bit in upper BAT register */
|
|
mtspr SPRN_IBAT0L,r8
|
|
mtspr SPRN_IBAT0U,r11
|
|
isync
|
|
blr
|
|
|
|
#ifdef CONFIG_BOOTX_TEXT
|
|
setup_disp_bat:
|
|
/*
|
|
* setup the display bat prepared for us in prom.c
|
|
*/
|
|
mflr r8
|
|
bl reloc_offset
|
|
mtlr r8
|
|
addis r8,r3,disp_BAT@ha
|
|
addi r8,r8,disp_BAT@l
|
|
cmpwi cr0,r8,0
|
|
beqlr
|
|
lwz r11,0(r8)
|
|
lwz r8,4(r8)
|
|
mtspr SPRN_DBAT3L,r8
|
|
mtspr SPRN_DBAT3U,r11
|
|
blr
|
|
#endif /* CONFIG_BOOTX_TEXT */
|
|
|
|
#ifdef CONFIG_PPC_EARLY_DEBUG_CPM
|
|
setup_cpm_bat:
|
|
lis r8, 0xf000
|
|
ori r8, r8, 0x002a
|
|
mtspr SPRN_DBAT1L, r8
|
|
|
|
lis r11, 0xf000
|
|
ori r11, r11, (BL_1M << 2) | 2
|
|
mtspr SPRN_DBAT1U, r11
|
|
|
|
blr
|
|
#endif
|
|
|
|
#ifdef CONFIG_PPC_EARLY_DEBUG_USBGECKO
|
|
setup_usbgecko_bat:
|
|
/* prepare a BAT for early io */
|
|
#if defined(CONFIG_GAMECUBE)
|
|
lis r8, 0x0c00
|
|
#elif defined(CONFIG_WII)
|
|
lis r8, 0x0d00
|
|
#else
|
|
#error Invalid platform for USB Gecko based early debugging.
|
|
#endif
|
|
/*
|
|
* The virtual address used must match the virtual address
|
|
* associated to the fixmap entry FIX_EARLY_DEBUG_BASE.
|
|
*/
|
|
lis r11, 0xfffe /* top 128K */
|
|
ori r8, r8, 0x002a /* uncached, guarded ,rw */
|
|
ori r11, r11, 0x2 /* 128K, Vs=1, Vp=0 */
|
|
mtspr SPRN_DBAT1L, r8
|
|
mtspr SPRN_DBAT1U, r11
|
|
blr
|
|
#endif
|
|
|
|
#ifdef CONFIG_8260
|
|
/* Jump into the system reset for the rom.
|
|
* We first disable the MMU, and then jump to the ROM reset address.
|
|
*
|
|
* r3 is the board info structure, r4 is the location for starting.
|
|
* I use this for building a small kernel that can load other kernels,
|
|
* rather than trying to write or rely on a rom monitor that can tftp load.
|
|
*/
|
|
.globl m8260_gorom
|
|
m8260_gorom:
|
|
mfmsr r0
|
|
rlwinm r0,r0,0,17,15 /* clear MSR_EE in r0 */
|
|
sync
|
|
mtmsr r0
|
|
sync
|
|
mfspr r11, SPRN_HID0
|
|
lis r10, 0
|
|
ori r10,r10,HID0_ICE|HID0_DCE
|
|
andc r11, r11, r10
|
|
mtspr SPRN_HID0, r11
|
|
isync
|
|
li r5, MSR_ME|MSR_RI
|
|
lis r6,2f@h
|
|
addis r6,r6,-KERNELBASE@h
|
|
ori r6,r6,2f@l
|
|
mtspr SPRN_SRR0,r6
|
|
mtspr SPRN_SRR1,r5
|
|
isync
|
|
sync
|
|
rfi
|
|
2:
|
|
mtlr r4
|
|
blr
|
|
#endif
|
|
|
|
|
|
/*
|
|
* We put a few things here that have to be page-aligned.
|
|
* This stuff goes at the beginning of the data segment,
|
|
* which is page-aligned.
|
|
*/
|
|
.data
|
|
.globl sdata
|
|
sdata:
|
|
.globl empty_zero_page
|
|
empty_zero_page:
|
|
.space 4096
|
|
EXPORT_SYMBOL(empty_zero_page)
|
|
|
|
.globl swapper_pg_dir
|
|
swapper_pg_dir:
|
|
.space PGD_TABLE_SIZE
|
|
|
|
/* Room for two PTE pointers, usually the kernel and current user pointers
|
|
* to their respective root page table.
|
|
*/
|
|
abatron_pteptrs:
|
|
.space 8
|