1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 *    Copyright (c) 1995-1996 Gary Thomas <gdt@linuxppc.org>
4 *      Initial PowerPC version.
5 *    Copyright (c) 1996 Cort Dougan <cort@cs.nmt.edu>
6 *      Rewritten for PReP
7 *    Copyright (c) 1996 Paul Mackerras <paulus@cs.anu.edu.au>
8 *      Low-level exception handers, MMU support, and rewrite.
9 *    Copyright (c) 1997 Dan Malek <dmalek@jlc.net>
10 *      PowerPC 8xx modifications.
11 *    Copyright (c) 1998-1999 TiVo, Inc.
12 *      PowerPC 403GCX modifications.
13 *    Copyright (c) 1999 Grant Erickson <grant@lcse.umn.edu>
14 *      PowerPC 403GCX/405GP modifications.
15 *    Copyright 2000 MontaVista Software Inc.
16 *	PPC405 modifications
17 *      PowerPC 403GCX/405GP modifications.
18 * 	Author: MontaVista Software, Inc.
19 *         	frank_rowand@mvista.com or source@mvista.com
20 * 	   	debbie_chu@mvista.com
21 *
22 *    Module name: head_4xx.S
23 *
24 *    Description:
25 *      Kernel execution entry point code.
26 */
27
28#include <linux/init.h>
29#include <asm/processor.h>
30#include <asm/page.h>
31#include <asm/mmu.h>
32#include <asm/pgtable.h>
33#include <asm/cputable.h>
34#include <asm/thread_info.h>
35#include <asm/ppc_asm.h>
36#include <asm/asm-offsets.h>
37#include <asm/ptrace.h>
38#include <asm/export.h>
39#include <asm/asm-405.h>
40
41#include "head_32.h"
42
43/* As with the other PowerPC ports, it is expected that when code
44 * execution begins here, the following registers contain valid, yet
45 * optional, information:
46 *
47 *   r3 - Board info structure pointer (DRAM, frequency, MAC address, etc.)
48 *   r4 - Starting address of the init RAM disk
49 *   r5 - Ending address of the init RAM disk
50 *   r6 - Start of kernel command line string (e.g. "mem=96m")
51 *   r7 - End of kernel command line string
52 *
53 * This is all going to change RSN when we add bi_recs.......  -- Dan
54 */
55	__HEAD
56_ENTRY(_stext);
57_ENTRY(_start);
58
59	mr	r31,r3			/* save device tree ptr */
60
61	/* We have to turn on the MMU right away so we get cache modes
62	 * set correctly.
63	 */
64	bl	initial_mmu
65
66/* We now have the lower 16 Meg mapped into TLB entries, and the caches
67 * ready to work.
68 */
69turn_on_mmu:
70	lis	r0,MSR_KERNEL@h
71	ori	r0,r0,MSR_KERNEL@l
72	mtspr	SPRN_SRR1,r0
73	lis	r0,start_here@h
74	ori	r0,r0,start_here@l
75	mtspr	SPRN_SRR0,r0
76	SYNC
77	rfi				/* enables MMU */
78	b	.			/* prevent prefetch past rfi */
79
80/*
81 * This area is used for temporarily saving registers during the
82 * critical exception prolog.
83 */
84	. = 0xc0
85crit_save:
86_ENTRY(crit_r10)
87	.space	4
88_ENTRY(crit_r11)
89	.space	4
90_ENTRY(crit_srr0)
91	.space	4
92_ENTRY(crit_srr1)
93	.space	4
94_ENTRY(saved_ksp_limit)
95	.space	4
96
97/*
98 * Exception prolog for critical exceptions.  This is a little different
99 * from the normal exception prolog above since a critical exception
100 * can potentially occur at any point during normal exception processing.
101 * Thus we cannot use the same SPRG registers as the normal prolog above.
102 * Instead we use a couple of words of memory at low physical addresses.
103 * This is OK since we don't support SMP on these processors.
104 */
105#define CRITICAL_EXCEPTION_PROLOG					     \
106	stw	r10,crit_r10@l(0);	/* save two registers to work with */\
107	stw	r11,crit_r11@l(0);					     \
108	mfcr	r10;			/* save CR in r10 for now	   */\
109	mfspr	r11,SPRN_SRR3;		/* check whether user or kernel    */\
110	andi.	r11,r11,MSR_PR;						     \
111	lis	r11,critirq_ctx@ha;					     \
112	tophys(r11,r11);						     \
113	lwz	r11,critirq_ctx@l(r11);					     \
114	beq	1f;							     \
115	/* COMING FROM USER MODE */					     \
116	mfspr	r11,SPRN_SPRG_THREAD;	/* if from user, start at top of   */\
117	lwz	r11,TASK_STACK-THREAD(r11); /* this thread's kernel stack */\
1181:	addi	r11,r11,THREAD_SIZE-INT_FRAME_SIZE; /* Alloc an excpt frm  */\
119	tophys(r11,r11);						     \
120	stw	r10,_CCR(r11);          /* save various registers	   */\
121	stw	r12,GPR12(r11);						     \
122	stw	r9,GPR9(r11);						     \
123	mflr	r10;							     \
124	stw	r10,_LINK(r11);						     \
125	mfspr	r12,SPRN_DEAR;		/* save DEAR and ESR in the frame  */\
126	stw	r12,_DEAR(r11);		/* since they may have had stuff   */\
127	mfspr	r9,SPRN_ESR;		/* in them at the point where the  */\
128	stw	r9,_ESR(r11);		/* exception was taken		   */\
129	mfspr	r12,SPRN_SRR2;						     \
130	stw	r1,GPR1(r11);						     \
131	mfspr	r9,SPRN_SRR3;						     \
132	stw	r1,0(r11);						     \
133	tovirt(r1,r11);							     \
134	rlwinm	r9,r9,0,14,12;		/* clear MSR_WE (necessary?)	   */\
135	stw	r0,GPR0(r11);						     \
136	lis	r10, STACK_FRAME_REGS_MARKER@ha; /* exception frame marker */\
137	addi	r10, r10, STACK_FRAME_REGS_MARKER@l;			     \
138	stw	r10, 8(r11);						     \
139	SAVE_4GPRS(3, r11);						     \
140	SAVE_2GPRS(7, r11)
141
142	/*
143	 * State at this point:
144	 * r9 saved in stack frame, now saved SRR3 & ~MSR_WE
145	 * r10 saved in crit_r10 and in stack frame, trashed
146	 * r11 saved in crit_r11 and in stack frame,
147	 *	now phys stack/exception frame pointer
148	 * r12 saved in stack frame, now saved SRR2
149	 * CR saved in stack frame, CR0.EQ = !SRR3.PR
150	 * LR, DEAR, ESR in stack frame
151	 * r1 saved in stack frame, now virt stack/excframe pointer
152	 * r0, r3-r8 saved in stack frame
153	 */
154
155/*
156 * Exception vectors.
157 */
158#define CRITICAL_EXCEPTION(n, label, hdlr)			\
159	START_EXCEPTION(n, label);				\
160	CRITICAL_EXCEPTION_PROLOG;				\
161	addi	r3,r1,STACK_FRAME_OVERHEAD;			\
162	EXC_XFER_TEMPLATE(hdlr, n+2, (MSR_KERNEL & ~(MSR_ME|MSR_DE|MSR_CE)), \
163			  crit_transfer_to_handler, ret_from_crit_exc)
164
165/*
166 * 0x0100 - Critical Interrupt Exception
167 */
168	CRITICAL_EXCEPTION(0x0100, CriticalInterrupt, unknown_exception)
169
170/*
171 * 0x0200 - Machine Check Exception
172 */
173	CRITICAL_EXCEPTION(0x0200, MachineCheck, machine_check_exception)
174
175/*
176 * 0x0300 - Data Storage Exception
177 * This happens for just a few reasons.  U0 set (but we don't do that),
178 * or zone protection fault (user violation, write to protected page).
179 * If this is just an update of modified status, we do that quickly
180 * and exit.  Otherwise, we call heavywight functions to do the work.
181 */
182	START_EXCEPTION(0x0300,	DataStorage)
183	mtspr	SPRN_SPRG_SCRATCH0, r10 /* Save some working registers */
184	mtspr	SPRN_SPRG_SCRATCH1, r11
185#ifdef CONFIG_403GCX
186	stw     r12, 0(r0)
187	stw     r9, 4(r0)
188	mfcr    r11
189	mfspr   r12, SPRN_PID
190	stw     r11, 8(r0)
191	stw     r12, 12(r0)
192#else
193	mtspr	SPRN_SPRG_SCRATCH3, r12
194	mtspr	SPRN_SPRG_SCRATCH4, r9
195	mfcr	r11
196	mfspr	r12, SPRN_PID
197	mtspr	SPRN_SPRG_SCRATCH6, r11
198	mtspr	SPRN_SPRG_SCRATCH5, r12
199#endif
200
201	/* First, check if it was a zone fault (which means a user
202	* tried to access a kernel or read-protected page - always
203	* a SEGV).  All other faults here must be stores, so no
204	* need to check ESR_DST as well. */
205	mfspr	r10, SPRN_ESR
206	andis.	r10, r10, ESR_DIZ@h
207	bne	2f
208
209	mfspr	r10, SPRN_DEAR		/* Get faulting address */
210
211	/* If we are faulting a kernel address, we have to use the
212	 * kernel page tables.
213	 */
214	lis	r11, PAGE_OFFSET@h
215	cmplw	r10, r11
216	blt+	3f
217	lis	r11, swapper_pg_dir@h
218	ori	r11, r11, swapper_pg_dir@l
219	li	r9, 0
220	mtspr	SPRN_PID, r9		/* TLB will have 0 TID */
221	b	4f
222
223	/* Get the PGD for the current thread.
224	 */
2253:
226	mfspr	r11,SPRN_SPRG_THREAD
227	lwz	r11,PGDIR(r11)
2284:
229	tophys(r11, r11)
230	rlwimi	r11, r10, 12, 20, 29	/* Create L1 (pgdir/pmd) address */
231	lwz	r11, 0(r11)		/* Get L1 entry */
232	rlwinm.	r12, r11, 0, 0, 19	/* Extract L2 (pte) base address */
233	beq	2f			/* Bail if no table */
234
235	rlwimi	r12, r10, 22, 20, 29	/* Compute PTE address */
236	lwz	r11, 0(r12)		/* Get Linux PTE */
237
238	andi.	r9, r11, _PAGE_RW	/* Is it writeable? */
239	beq	2f			/* Bail if not */
240
241	/* Update 'changed'.
242	*/
243	ori	r11, r11, _PAGE_DIRTY|_PAGE_ACCESSED|_PAGE_HWWRITE
244	stw	r11, 0(r12)		/* Update Linux page table */
245
246	/* Most of the Linux PTE is ready to load into the TLB LO.
247	 * We set ZSEL, where only the LS-bit determines user access.
248	 * We set execute, because we don't have the granularity to
249	 * properly set this at the page level (Linux problem).
250	 * If shared is set, we cause a zero PID->TID load.
251	 * Many of these bits are software only.  Bits we don't set
252	 * here we (properly should) assume have the appropriate value.
253	 */
254	li	r12, 0x0ce2
255	andc	r11, r11, r12		/* Make sure 20, 21 are zero */
256
257	/* find the TLB index that caused the fault.  It has to be here.
258	*/
259	tlbsx	r9, 0, r10
260
261	tlbwe	r11, r9, TLB_DATA		/* Load TLB LO */
262
263	/* Done...restore registers and get out of here.
264	*/
265#ifdef CONFIG_403GCX
266	lwz     r12, 12(r0)
267	lwz     r11, 8(r0)
268	mtspr   SPRN_PID, r12
269	mtcr    r11
270	lwz     r9, 4(r0)
271	lwz     r12, 0(r0)
272#else
273	mfspr	r12, SPRN_SPRG_SCRATCH5
274	mfspr	r11, SPRN_SPRG_SCRATCH6
275	mtspr	SPRN_PID, r12
276	mtcr	r11
277	mfspr	r9, SPRN_SPRG_SCRATCH4
278	mfspr	r12, SPRN_SPRG_SCRATCH3
279#endif
280	mfspr	r11, SPRN_SPRG_SCRATCH1
281	mfspr	r10, SPRN_SPRG_SCRATCH0
282	PPC405_ERR77_SYNC
283	rfi			/* Should sync shadow TLBs */
284	b	.		/* prevent prefetch past rfi */
285
2862:
287	/* The bailout.  Restore registers to pre-exception conditions
288	 * and call the heavyweights to help us out.
289	 */
290#ifdef CONFIG_403GCX
291	lwz     r12, 12(r0)
292	lwz     r11, 8(r0)
293	mtspr   SPRN_PID, r12
294	mtcr    r11
295	lwz     r9, 4(r0)
296	lwz     r12, 0(r0)
297#else
298	mfspr	r12, SPRN_SPRG_SCRATCH5
299	mfspr	r11, SPRN_SPRG_SCRATCH6
300	mtspr	SPRN_PID, r12
301	mtcr	r11
302	mfspr	r9, SPRN_SPRG_SCRATCH4
303	mfspr	r12, SPRN_SPRG_SCRATCH3
304#endif
305	mfspr	r11, SPRN_SPRG_SCRATCH1
306	mfspr	r10, SPRN_SPRG_SCRATCH0
307	b	DataAccess
308
309/*
310 * 0x0400 - Instruction Storage Exception
311 * This is caused by a fetch from non-execute or guarded pages.
312 */
313	START_EXCEPTION(0x0400, InstructionAccess)
314	EXCEPTION_PROLOG
315	mr	r4,r12			/* Pass SRR0 as arg2 */
316	li	r5,0			/* Pass zero as arg3 */
317	EXC_XFER_LITE(0x400, handle_page_fault)
318
319/* 0x0500 - External Interrupt Exception */
320	EXCEPTION(0x0500, HardwareInterrupt, do_IRQ, EXC_XFER_LITE)
321
322/* 0x0600 - Alignment Exception */
323	START_EXCEPTION(0x0600, Alignment)
324	EXCEPTION_PROLOG
325	mfspr	r4,SPRN_DEAR		/* Grab the DEAR and save it */
326	stw	r4,_DEAR(r11)
327	addi	r3,r1,STACK_FRAME_OVERHEAD
328	EXC_XFER_STD(0x600, alignment_exception)
329
330/* 0x0700 - Program Exception */
331	START_EXCEPTION(0x0700, ProgramCheck)
332	EXCEPTION_PROLOG
333	mfspr	r4,SPRN_ESR		/* Grab the ESR and save it */
334	stw	r4,_ESR(r11)
335	addi	r3,r1,STACK_FRAME_OVERHEAD
336	EXC_XFER_STD(0x700, program_check_exception)
337
338	EXCEPTION(0x0800, Trap_08, unknown_exception, EXC_XFER_STD)
339	EXCEPTION(0x0900, Trap_09, unknown_exception, EXC_XFER_STD)
340	EXCEPTION(0x0A00, Trap_0A, unknown_exception, EXC_XFER_STD)
341	EXCEPTION(0x0B00, Trap_0B, unknown_exception, EXC_XFER_STD)
342
343/* 0x0C00 - System Call Exception */
344	START_EXCEPTION(0x0C00,	SystemCall)
345	SYSCALL_ENTRY	0xc00
346
347	EXCEPTION(0x0D00, Trap_0D, unknown_exception, EXC_XFER_STD)
348	EXCEPTION(0x0E00, Trap_0E, unknown_exception, EXC_XFER_STD)
349	EXCEPTION(0x0F00, Trap_0F, unknown_exception, EXC_XFER_STD)
350
351/* 0x1000 - Programmable Interval Timer (PIT) Exception */
352	. = 0x1000
353	b Decrementer
354
355/* 0x1010 - Fixed Interval Timer (FIT) Exception
356*/
357	. = 0x1010
358	b FITException
359
360/* 0x1020 - Watchdog Timer (WDT) Exception
361*/
362	. = 0x1020
363	b WDTException
364
365/* 0x1100 - Data TLB Miss Exception
366 * As the name implies, translation is not in the MMU, so search the
367 * page tables and fix it.  The only purpose of this function is to
368 * load TLB entries from the page table if they exist.
369 */
370	START_EXCEPTION(0x1100,	DTLBMiss)
371	mtspr	SPRN_SPRG_SCRATCH0, r10 /* Save some working registers */
372	mtspr	SPRN_SPRG_SCRATCH1, r11
373#ifdef CONFIG_403GCX
374	stw     r12, 0(r0)
375	stw     r9, 4(r0)
376	mfcr    r11
377	mfspr   r12, SPRN_PID
378	stw     r11, 8(r0)
379	stw     r12, 12(r0)
380#else
381	mtspr	SPRN_SPRG_SCRATCH3, r12
382	mtspr	SPRN_SPRG_SCRATCH4, r9
383	mfcr	r11
384	mfspr	r12, SPRN_PID
385	mtspr	SPRN_SPRG_SCRATCH6, r11
386	mtspr	SPRN_SPRG_SCRATCH5, r12
387#endif
388	mfspr	r10, SPRN_DEAR		/* Get faulting address */
389
390	/* If we are faulting a kernel address, we have to use the
391	 * kernel page tables.
392	 */
393	lis	r11, PAGE_OFFSET@h
394	cmplw	r10, r11
395	blt+	3f
396	lis	r11, swapper_pg_dir@h
397	ori	r11, r11, swapper_pg_dir@l
398	li	r9, 0
399	mtspr	SPRN_PID, r9		/* TLB will have 0 TID */
400	b	4f
401
402	/* Get the PGD for the current thread.
403	 */
4043:
405	mfspr	r11,SPRN_SPRG_THREAD
406	lwz	r11,PGDIR(r11)
4074:
408	tophys(r11, r11)
409	rlwimi	r11, r10, 12, 20, 29	/* Create L1 (pgdir/pmd) address */
410	lwz	r12, 0(r11)		/* Get L1 entry */
411	andi.	r9, r12, _PMD_PRESENT	/* Check if it points to a PTE page */
412	beq	2f			/* Bail if no table */
413
414	rlwimi	r12, r10, 22, 20, 29	/* Compute PTE address */
415	lwz	r11, 0(r12)		/* Get Linux PTE */
416	andi.	r9, r11, _PAGE_PRESENT
417	beq	5f
418
419	ori	r11, r11, _PAGE_ACCESSED
420	stw	r11, 0(r12)
421
422	/* Create TLB tag.  This is the faulting address plus a static
423	 * set of bits.  These are size, valid, E, U0.
424	*/
425	li	r12, 0x00c0
426	rlwimi	r10, r12, 0, 20, 31
427
428	b	finish_tlb_load
429
4302:	/* Check for possible large-page pmd entry */
431	rlwinm.	r9, r12, 2, 22, 24
432	beq	5f
433
434	/* Create TLB tag.  This is the faulting address, plus a static
435	 * set of bits (valid, E, U0) plus the size from the PMD.
436	 */
437	ori	r9, r9, 0x40
438	rlwimi	r10, r9, 0, 20, 31
439	mr	r11, r12
440
441	b	finish_tlb_load
442
4435:
444	/* The bailout.  Restore registers to pre-exception conditions
445	 * and call the heavyweights to help us out.
446	 */
447#ifdef CONFIG_403GCX
448	lwz     r12, 12(r0)
449	lwz     r11, 8(r0)
450	mtspr   SPRN_PID, r12
451	mtcr    r11
452	lwz     r9, 4(r0)
453	lwz     r12, 0(r0)
454#else
455	mfspr	r12, SPRN_SPRG_SCRATCH5
456	mfspr	r11, SPRN_SPRG_SCRATCH6
457	mtspr	SPRN_PID, r12
458	mtcr	r11
459	mfspr	r9, SPRN_SPRG_SCRATCH4
460	mfspr	r12, SPRN_SPRG_SCRATCH3
461#endif
462	mfspr	r11, SPRN_SPRG_SCRATCH1
463	mfspr	r10, SPRN_SPRG_SCRATCH0
464	b	DataAccess
465
466/* 0x1200 - Instruction TLB Miss Exception
467 * Nearly the same as above, except we get our information from different
468 * registers and bailout to a different point.
469 */
470	START_EXCEPTION(0x1200,	ITLBMiss)
471	mtspr	SPRN_SPRG_SCRATCH0, r10	 /* Save some working registers */
472	mtspr	SPRN_SPRG_SCRATCH1, r11
473#ifdef CONFIG_403GCX
474	stw     r12, 0(r0)
475	stw     r9, 4(r0)
476	mfcr    r11
477	mfspr   r12, SPRN_PID
478	stw     r11, 8(r0)
479	stw     r12, 12(r0)
480#else
481	mtspr	SPRN_SPRG_SCRATCH3, r12
482	mtspr	SPRN_SPRG_SCRATCH4, r9
483	mfcr	r11
484	mfspr	r12, SPRN_PID
485	mtspr	SPRN_SPRG_SCRATCH6, r11
486	mtspr	SPRN_SPRG_SCRATCH5, r12
487#endif
488	mfspr	r10, SPRN_SRR0		/* Get faulting address */
489
490	/* If we are faulting a kernel address, we have to use the
491	 * kernel page tables.
492	 */
493	lis	r11, PAGE_OFFSET@h
494	cmplw	r10, r11
495	blt+	3f
496	lis	r11, swapper_pg_dir@h
497	ori	r11, r11, swapper_pg_dir@l
498	li	r9, 0
499	mtspr	SPRN_PID, r9		/* TLB will have 0 TID */
500	b	4f
501
502	/* Get the PGD for the current thread.
503	 */
5043:
505	mfspr	r11,SPRN_SPRG_THREAD
506	lwz	r11,PGDIR(r11)
5074:
508	tophys(r11, r11)
509	rlwimi	r11, r10, 12, 20, 29	/* Create L1 (pgdir/pmd) address */
510	lwz	r12, 0(r11)		/* Get L1 entry */
511	andi.	r9, r12, _PMD_PRESENT	/* Check if it points to a PTE page */
512	beq	2f			/* Bail if no table */
513
514	rlwimi	r12, r10, 22, 20, 29	/* Compute PTE address */
515	lwz	r11, 0(r12)		/* Get Linux PTE */
516	andi.	r9, r11, _PAGE_PRESENT
517	beq	5f
518
519	ori	r11, r11, _PAGE_ACCESSED
520	stw	r11, 0(r12)
521
522	/* Create TLB tag.  This is the faulting address plus a static
523	 * set of bits.  These are size, valid, E, U0.
524	*/
525	li	r12, 0x00c0
526	rlwimi	r10, r12, 0, 20, 31
527
528	b	finish_tlb_load
529
5302:	/* Check for possible large-page pmd entry */
531	rlwinm.	r9, r12, 2, 22, 24
532	beq	5f
533
534	/* Create TLB tag.  This is the faulting address, plus a static
535	 * set of bits (valid, E, U0) plus the size from the PMD.
536	 */
537	ori	r9, r9, 0x40
538	rlwimi	r10, r9, 0, 20, 31
539	mr	r11, r12
540
541	b	finish_tlb_load
542
5435:
544	/* The bailout.  Restore registers to pre-exception conditions
545	 * and call the heavyweights to help us out.
546	 */
547#ifdef CONFIG_403GCX
548	lwz     r12, 12(r0)
549	lwz     r11, 8(r0)
550	mtspr   SPRN_PID, r12
551	mtcr    r11
552	lwz     r9, 4(r0)
553	lwz     r12, 0(r0)
554#else
555	mfspr	r12, SPRN_SPRG_SCRATCH5
556	mfspr	r11, SPRN_SPRG_SCRATCH6
557	mtspr	SPRN_PID, r12
558	mtcr	r11
559	mfspr	r9, SPRN_SPRG_SCRATCH4
560	mfspr	r12, SPRN_SPRG_SCRATCH3
561#endif
562	mfspr	r11, SPRN_SPRG_SCRATCH1
563	mfspr	r10, SPRN_SPRG_SCRATCH0
564	b	InstructionAccess
565
566	EXCEPTION(0x1300, Trap_13, unknown_exception, EXC_XFER_STD)
567	EXCEPTION(0x1400, Trap_14, unknown_exception, EXC_XFER_STD)
568	EXCEPTION(0x1500, Trap_15, unknown_exception, EXC_XFER_STD)
569	EXCEPTION(0x1600, Trap_16, unknown_exception, EXC_XFER_STD)
570#ifdef CONFIG_IBM405_ERR51
571	/* 405GP errata 51 */
572	START_EXCEPTION(0x1700, Trap_17)
573	b DTLBMiss
574#else
575	EXCEPTION(0x1700, Trap_17, unknown_exception, EXC_XFER_STD)
576#endif
577	EXCEPTION(0x1800, Trap_18, unknown_exception, EXC_XFER_STD)
578	EXCEPTION(0x1900, Trap_19, unknown_exception, EXC_XFER_STD)
579	EXCEPTION(0x1A00, Trap_1A, unknown_exception, EXC_XFER_STD)
580	EXCEPTION(0x1B00, Trap_1B, unknown_exception, EXC_XFER_STD)
581	EXCEPTION(0x1C00, Trap_1C, unknown_exception, EXC_XFER_STD)
582	EXCEPTION(0x1D00, Trap_1D, unknown_exception, EXC_XFER_STD)
583	EXCEPTION(0x1E00, Trap_1E, unknown_exception, EXC_XFER_STD)
584	EXCEPTION(0x1F00, Trap_1F, unknown_exception, EXC_XFER_STD)
585
586/* Check for a single step debug exception while in an exception
587 * handler before state has been saved.  This is to catch the case
588 * where an instruction that we are trying to single step causes
589 * an exception (eg ITLB/DTLB miss) and thus the first instruction of
590 * the exception handler generates a single step debug exception.
591 *
592 * If we get a debug trap on the first instruction of an exception handler,
593 * we reset the MSR_DE in the _exception handler's_ MSR (the debug trap is
594 * a critical exception, so we are using SPRN_CSRR1 to manipulate the MSR).
595 * The exception handler was handling a non-critical interrupt, so it will
596 * save (and later restore) the MSR via SPRN_SRR1, which will still have
597 * the MSR_DE bit set.
598 */
599	/* 0x2000 - Debug Exception */
600	START_EXCEPTION(0x2000, DebugTrap)
601	CRITICAL_EXCEPTION_PROLOG
602
603	/*
604	 * If this is a single step or branch-taken exception in an
605	 * exception entry sequence, it was probably meant to apply to
606	 * the code where the exception occurred (since exception entry
607	 * doesn't turn off DE automatically).  We simulate the effect
608	 * of turning off DE on entry to an exception handler by turning
609	 * off DE in the SRR3 value and clearing the debug status.
610	 */
611	mfspr	r10,SPRN_DBSR		/* check single-step/branch taken */
612	andis.	r10,r10,DBSR_IC@h
613	beq+	2f
614
615	andi.	r10,r9,MSR_IR|MSR_PR	/* check supervisor + MMU off */
616	beq	1f			/* branch and fix it up */
617
618	mfspr   r10,SPRN_SRR2		/* Faulting instruction address */
619	cmplwi  r10,0x2100
620	bgt+    2f			/* address above exception vectors */
621
622	/* here it looks like we got an inappropriate debug exception. */
6231:	rlwinm	r9,r9,0,~MSR_DE		/* clear DE in the SRR3 value */
624	lis	r10,DBSR_IC@h		/* clear the IC event */
625	mtspr	SPRN_DBSR,r10
626	/* restore state and get out */
627	lwz	r10,_CCR(r11)
628	lwz	r0,GPR0(r11)
629	lwz	r1,GPR1(r11)
630	mtcrf	0x80,r10
631	mtspr	SPRN_SRR2,r12
632	mtspr	SPRN_SRR3,r9
633	lwz	r9,GPR9(r11)
634	lwz	r12,GPR12(r11)
635	lwz	r10,crit_r10@l(0)
636	lwz	r11,crit_r11@l(0)
637	PPC405_ERR77_SYNC
638	rfci
639	b	.
640
641	/* continue normal handling for a critical exception... */
6422:	mfspr	r4,SPRN_DBSR
643	addi	r3,r1,STACK_FRAME_OVERHEAD
644	EXC_XFER_TEMPLATE(DebugException, 0x2002, \
645		(MSR_KERNEL & ~(MSR_ME|MSR_DE|MSR_CE)), \
646		crit_transfer_to_handler, ret_from_crit_exc)
647
648	/* Programmable Interval Timer (PIT) Exception. (from 0x1000) */
649Decrementer:
650	EXCEPTION_PROLOG
651	lis	r0,TSR_PIS@h
652	mtspr	SPRN_TSR,r0		/* Clear the PIT exception */
653	addi	r3,r1,STACK_FRAME_OVERHEAD
654	EXC_XFER_LITE(0x1000, timer_interrupt)
655
656	/* Fixed Interval Timer (FIT) Exception. (from 0x1010) */
657FITException:
658	EXCEPTION_PROLOG
659	addi	r3,r1,STACK_FRAME_OVERHEAD;
660	EXC_XFER_STD(0x1010, unknown_exception)
661
662	/* Watchdog Timer (WDT) Exception. (from 0x1020) */
663WDTException:
664	CRITICAL_EXCEPTION_PROLOG;
665	addi	r3,r1,STACK_FRAME_OVERHEAD;
666	EXC_XFER_TEMPLATE(WatchdogException, 0x1020+2,
667	                  (MSR_KERNEL & ~(MSR_ME|MSR_DE|MSR_CE)),
668			  crit_transfer_to_handler, ret_from_crit_exc)
669
670/*
671 * The other Data TLB exceptions bail out to this point
672 * if they can't resolve the lightweight TLB fault.
673 */
674DataAccess:
675	EXCEPTION_PROLOG
676	mfspr	r5,SPRN_ESR		/* Grab the ESR, save it, pass arg3 */
677	stw	r5,_ESR(r11)
678	mfspr	r4,SPRN_DEAR		/* Grab the DEAR, save it, pass arg2 */
679	EXC_XFER_LITE(0x300, handle_page_fault)
680
681/* Other PowerPC processors, namely those derived from the 6xx-series
682 * have vectors from 0x2100 through 0x2F00 defined, but marked as reserved.
683 * However, for the 4xx-series processors these are neither defined nor
684 * reserved.
685 */
686
687	/* Damn, I came up one instruction too many to fit into the
688	 * exception space :-).  Both the instruction and data TLB
689	 * miss get to this point to load the TLB.
690	 * 	r10 - TLB_TAG value
691	 * 	r11 - Linux PTE
692	 *	r12, r9 - available to use
693	 *	PID - loaded with proper value when we get here
694	 *	Upon exit, we reload everything and RFI.
695	 * Actually, it will fit now, but oh well.....a common place
696	 * to load the TLB.
697	 */
698tlb_4xx_index:
699	.long	0
700finish_tlb_load:
701	/* load the next available TLB index.
702	*/
703	lwz	r9, tlb_4xx_index@l(0)
704	addi	r9, r9, 1
705	andi.	r9, r9, (PPC40X_TLB_SIZE-1)
706	stw	r9, tlb_4xx_index@l(0)
707
7086:
709	/*
710	 * Clear out the software-only bits in the PTE to generate the
711	 * TLB_DATA value.  These are the bottom 2 bits of the RPM, the
712	 * top 3 bits of the zone field, and M.
713	 */
714	li	r12, 0x0ce2
715	andc	r11, r11, r12
716
717	tlbwe	r11, r9, TLB_DATA		/* Load TLB LO */
718	tlbwe	r10, r9, TLB_TAG		/* Load TLB HI */
719
720	/* Done...restore registers and get out of here.
721	*/
722#ifdef CONFIG_403GCX
723	lwz     r12, 12(r0)
724	lwz     r11, 8(r0)
725	mtspr   SPRN_PID, r12
726	mtcr    r11
727	lwz     r9, 4(r0)
728	lwz     r12, 0(r0)
729#else
730	mfspr	r12, SPRN_SPRG_SCRATCH5
731	mfspr	r11, SPRN_SPRG_SCRATCH6
732	mtspr	SPRN_PID, r12
733	mtcr	r11
734	mfspr	r9, SPRN_SPRG_SCRATCH4
735	mfspr	r12, SPRN_SPRG_SCRATCH3
736#endif
737	mfspr	r11, SPRN_SPRG_SCRATCH1
738	mfspr	r10, SPRN_SPRG_SCRATCH0
739	PPC405_ERR77_SYNC
740	rfi			/* Should sync shadow TLBs */
741	b	.		/* prevent prefetch past rfi */
742
743/* This is where the main kernel code starts.
744 */
745start_here:
746
747	/* ptr to current */
748	lis	r2,init_task@h
749	ori	r2,r2,init_task@l
750
751	/* ptr to phys current thread */
752	tophys(r4,r2)
753	addi	r4,r4,THREAD	/* init task's THREAD */
754	mtspr	SPRN_SPRG_THREAD,r4
755
756	/* stack */
757	lis	r1,init_thread_union@ha
758	addi	r1,r1,init_thread_union@l
759	li	r0,0
760	stwu	r0,THREAD_SIZE-STACK_FRAME_OVERHEAD(r1)
761
762	bl	early_init	/* We have to do this with MMU on */
763
764/*
765 * Decide what sort of machine this is and initialize the MMU.
766 */
767#ifdef CONFIG_KASAN
768	bl	kasan_early_init
769#endif
770	li	r3,0
771	mr	r4,r31
772	bl	machine_init
773	bl	MMU_init
774
775/* Go back to running unmapped so we can load up new values
776 * and change to using our exception vectors.
777 * On the 4xx, all we have to do is invalidate the TLB to clear
778 * the old 16M byte TLB mappings.
779 */
780	lis	r4,2f@h
781	ori	r4,r4,2f@l
782	tophys(r4,r4)
783	lis	r3,(MSR_KERNEL & ~(MSR_IR|MSR_DR))@h
784	ori	r3,r3,(MSR_KERNEL & ~(MSR_IR|MSR_DR))@l
785	mtspr	SPRN_SRR0,r4
786	mtspr	SPRN_SRR1,r3
787	rfi
788	b	.		/* prevent prefetch past rfi */
789
790/* Load up the kernel context */
7912:
792	sync			/* Flush to memory before changing TLB */
793	tlbia
794	isync			/* Flush shadow TLBs */
795
796	/* set up the PTE pointers for the Abatron bdiGDB.
797	*/
798	lis	r6, swapper_pg_dir@h
799	ori	r6, r6, swapper_pg_dir@l
800	lis	r5, abatron_pteptrs@h
801	ori	r5, r5, abatron_pteptrs@l
802	stw	r5, 0xf0(r0)	/* Must match your Abatron config file */
803	tophys(r5,r5)
804	stw	r6, 0(r5)
805
806/* Now turn on the MMU for real! */
807	lis	r4,MSR_KERNEL@h
808	ori	r4,r4,MSR_KERNEL@l
809	lis	r3,start_kernel@h
810	ori	r3,r3,start_kernel@l
811	mtspr	SPRN_SRR0,r3
812	mtspr	SPRN_SRR1,r4
813	rfi			/* enable MMU and jump to start_kernel */
814	b	.		/* prevent prefetch past rfi */
815
816/* Set up the initial MMU state so we can do the first level of
817 * kernel initialization.  This maps the first 16 MBytes of memory 1:1
818 * virtual to physical and more importantly sets the cache mode.
819 */
820initial_mmu:
821	tlbia			/* Invalidate all TLB entries */
822	isync
823
824	/* We should still be executing code at physical address 0x0000xxxx
825	 * at this point. However, start_here is at virtual address
826	 * 0xC000xxxx. So, set up a TLB mapping to cover this once
827	 * translation is enabled.
828	 */
829
830	lis	r3,KERNELBASE@h		/* Load the kernel virtual address */
831	ori	r3,r3,KERNELBASE@l
832	tophys(r4,r3)			/* Load the kernel physical address */
833
834	iccci	r0,r3			/* Invalidate the i-cache before use */
835
836	/* Load the kernel PID.
837	*/
838	li	r0,0
839	mtspr	SPRN_PID,r0
840	sync
841
842	/* Configure and load one entry into TLB slots 63 */
843	clrrwi	r4,r4,10		/* Mask off the real page number */
844	ori	r4,r4,(TLB_WR | TLB_EX)	/* Set the write and execute bits */
845
846	clrrwi	r3,r3,10		/* Mask off the effective page number */
847	ori	r3,r3,(TLB_VALID | TLB_PAGESZ(PAGESZ_16M))
848
849        li      r0,63                    /* TLB slot 63 */
850
851	tlbwe	r4,r0,TLB_DATA		/* Load the data portion of the entry */
852	tlbwe	r3,r0,TLB_TAG		/* Load the tag portion of the entry */
853
854	isync
855
856	/* Establish the exception vector base
857	*/
858	lis	r4,KERNELBASE@h		/* EVPR only uses the high 16-bits */
859	tophys(r0,r4)			/* Use the physical address */
860	mtspr	SPRN_EVPR,r0
861
862	blr
863
864_GLOBAL(abort)
865        mfspr   r13,SPRN_DBCR0
866        oris    r13,r13,DBCR0_RST_SYSTEM@h
867        mtspr   SPRN_DBCR0,r13
868
869_GLOBAL(set_context)
870
871#ifdef CONFIG_BDI_SWITCH
872	/* Context switch the PTE pointer for the Abatron BDI2000.
873	 * The PGDIR is the second parameter.
874	 */
875	lis	r5, abatron_pteptrs@ha
876	stw	r4, abatron_pteptrs@l + 0x4(r5)
877#endif
878	sync
879	mtspr	SPRN_PID,r3
880	isync				/* Need an isync to flush shadow */
881					/* TLBs after changing PID */
882	blr
883
884/* We put a few things here that have to be page-aligned. This stuff
885 * goes at the beginning of the data segment, which is page-aligned.
886 */
887	.data
888	.align	12
889	.globl	sdata
890sdata:
891	.globl	empty_zero_page
892empty_zero_page:
893	.space	4096
894EXPORT_SYMBOL(empty_zero_page)
895	.globl	swapper_pg_dir
896swapper_pg_dir:
897	.space	PGD_TABLE_SIZE
898
899/* Room for two PTE pointers, usually the kernel and current user pointers
900 * to their respective root page table.
901 */
902abatron_pteptrs:
903	.space	8
904