1/* SPDX-License-Identifier: GPL-2.0-only */ 2/* 3 * linux/arch/arm/boot/compressed/head.S 4 * 5 * Copyright (C) 1996-2002 Russell King 6 * Copyright (C) 2004 Hyok S. Choi (MPU support) 7 */ 8#include <linux/linkage.h> 9#include <asm/assembler.h> 10#include <asm/v7m.h> 11 12#include "efi-header.S" 13 14 AR_CLASS( .arch armv7-a ) 15 M_CLASS( .arch armv7-m ) 16 17/* 18 * Debugging stuff 19 * 20 * Note that these macros must not contain any code which is not 21 * 100% relocatable. Any attempt to do so will result in a crash. 22 * Please select one of the following when turning on debugging. 23 */ 24#ifdef DEBUG 25 26#if defined(CONFIG_DEBUG_ICEDCC) 27 28#if defined(CONFIG_CPU_V6) || defined(CONFIG_CPU_V6K) || defined(CONFIG_CPU_V7) 29 .macro loadsp, rb, tmp1, tmp2 30 .endm 31 .macro writeb, ch, rb, tmp 32 mcr p14, 0, \ch, c0, c5, 0 33 .endm 34#elif defined(CONFIG_CPU_XSCALE) 35 .macro loadsp, rb, tmp1, tmp2 36 .endm 37 .macro writeb, ch, rb, tmp 38 mcr p14, 0, \ch, c8, c0, 0 39 .endm 40#else 41 .macro loadsp, rb, tmp1, tmp2 42 .endm 43 .macro writeb, ch, rb, tmp 44 mcr p14, 0, \ch, c1, c0, 0 45 .endm 46#endif 47 48#else 49 50#include CONFIG_DEBUG_LL_INCLUDE 51 52 .macro writeb, ch, rb, tmp 53#ifdef CONFIG_DEBUG_UART_FLOW_CONTROL 54 waituartcts \tmp, \rb 55#endif 56 waituarttxrdy \tmp, \rb 57 senduart \ch, \rb 58 busyuart \tmp, \rb 59 .endm 60 61#if defined(CONFIG_ARCH_SA1100) 62 .macro loadsp, rb, tmp1, tmp2 63 mov \rb, #0x80000000 @ physical base address 64#ifdef CONFIG_DEBUG_LL_SER3 65 add \rb, \rb, #0x00050000 @ Ser3 66#else 67 add \rb, \rb, #0x00010000 @ Ser1 68#endif 69 .endm 70#else 71 .macro loadsp, rb, tmp1, tmp2 72 addruart \rb, \tmp1, \tmp2 73 .endm 74#endif 75#endif 76#endif 77 78 .macro kputc,val 79 mov r0, \val 80 bl putc 81 .endm 82 83 .macro kphex,val,len 84 mov r0, \val 85 mov r1, #\len 86 bl phex 87 .endm 88 89 /* 90 * Debug kernel copy by printing the memory addresses involved 91 */ 92 .macro dbgkc, begin, end, cbegin, cend 93#ifdef DEBUG 94 kputc #'C' 95 kputc #':' 96 kputc #'0' 97 kputc #'x' 98 kphex \begin, 8 /* Start of compressed kernel */ 99 kputc #'-' 100 kputc #'0' 101 kputc #'x' 102 kphex \end, 8 /* End of compressed kernel */ 103 kputc #'-' 104 kputc #'>' 105 kputc #'0' 106 kputc #'x' 107 kphex \cbegin, 8 /* Start of kernel copy */ 108 kputc #'-' 109 kputc #'0' 110 kputc #'x' 111 kphex \cend, 8 /* End of kernel copy */ 112 kputc #'\n' 113#endif 114 .endm 115 116 /* 117 * Debug print of the final appended DTB location 118 */ 119 .macro dbgadtb, begin, size 120#ifdef DEBUG 121 kputc #'D' 122 kputc #'T' 123 kputc #'B' 124 kputc #':' 125 kputc #'0' 126 kputc #'x' 127 kphex \begin, 8 /* Start of appended DTB */ 128 kputc #' ' 129 kputc #'(' 130 kputc #'0' 131 kputc #'x' 132 kphex \size, 8 /* Size of appended DTB */ 133 kputc #')' 134 kputc #'\n' 135#endif 136 .endm 137 138 .macro enable_cp15_barriers, reg 139 mrc p15, 0, \reg, c1, c0, 0 @ read SCTLR 140 tst \reg, #(1 << 5) @ CP15BEN bit set? 141 bne .L_\@ 142 orr \reg, \reg, #(1 << 5) @ CP15 barrier instructions 143 mcr p15, 0, \reg, c1, c0, 0 @ write SCTLR 144 ARM( .inst 0xf57ff06f @ v7+ isb ) 145 THUMB( isb ) 146.L_\@: 147 .endm 148 149 /* 150 * The kernel build system appends the size of the 151 * decompressed kernel at the end of the compressed data 152 * in little-endian form. 153 */ 154 .macro get_inflated_image_size, res:req, tmp1:req, tmp2:req 155 adr \res, .Linflated_image_size_offset 156 ldr \tmp1, [\res] 157 add \tmp1, \tmp1, \res @ address of inflated image size 158 159 ldrb \res, [\tmp1] @ get_unaligned_le32 160 ldrb \tmp2, [\tmp1, #1] 161 orr \res, \res, \tmp2, lsl #8 162 ldrb \tmp2, [\tmp1, #2] 163 ldrb \tmp1, [\tmp1, #3] 164 orr \res, \res, \tmp2, lsl #16 165 orr \res, \res, \tmp1, lsl #24 166 .endm 167 168 .macro be32tocpu, val, tmp 169#ifndef __ARMEB__ 170 /* convert to little endian */ 171 rev_l \val, \tmp 172#endif 173 .endm 174 175 .section ".start", "ax" 176/* 177 * sort out different calling conventions 178 */ 179 .align 180 /* 181 * Always enter in ARM state for CPUs that support the ARM ISA. 182 * As of today (2014) that's exactly the members of the A and R 183 * classes. 184 */ 185 AR_CLASS( .arm ) 186start: 187 .type start,#function 188 /* 189 * These 7 nops along with the 1 nop immediately below for 190 * !THUMB2 form 8 nops that make the compressed kernel bootable 191 * on legacy ARM systems that were assuming the kernel in a.out 192 * binary format. The boot loaders on these systems would 193 * jump 32 bytes into the image to skip the a.out header. 194 * with these 8 nops filling exactly 32 bytes, things still 195 * work as expected on these legacy systems. Thumb2 mode keeps 196 * 7 of the nops as it turns out that some boot loaders 197 * were patching the initial instructions of the kernel, i.e 198 * had started to exploit this "patch area". 199 */ 200 __initial_nops 201 .rept 5 202 __nop 203 .endr 204#ifndef CONFIG_THUMB2_KERNEL 205 __nop 206#else 207 AR_CLASS( sub pc, pc, #3 ) @ A/R: switch to Thumb2 mode 208 M_CLASS( nop.w ) @ M: already in Thumb2 mode 209 .thumb 210#endif 211 W(b) 1f 212 213 .word _magic_sig @ Magic numbers to help the loader 214 .word _magic_start @ absolute load/run zImage address 215 .word _magic_end @ zImage end address 216 .word 0x04030201 @ endianness flag 217 .word 0x45454545 @ another magic number to indicate 218 .word _magic_table @ additional data table 219 220 __EFI_HEADER 2211: 222 ARM_BE8( setend be ) @ go BE8 if compiled for BE8 223 AR_CLASS( mrs r9, cpsr ) 224#ifdef CONFIG_ARM_VIRT_EXT 225 bl __hyp_stub_install @ get into SVC mode, reversibly 226#endif 227 mov r7, r1 @ save architecture ID 228 mov r8, r2 @ save atags pointer 229 230#ifndef CONFIG_CPU_V7M 231 /* 232 * Booting from Angel - need to enter SVC mode and disable 233 * FIQs/IRQs (numeric definitions from angel arm.h source). 234 * We only do this if we were in user mode on entry. 235 */ 236 mrs r2, cpsr @ get current mode 237 tst r2, #3 @ not user? 238 bne not_angel 239 mov r0, #0x17 @ angel_SWIreason_EnterSVC 240 ARM( swi 0x123456 ) @ angel_SWI_ARM 241 THUMB( svc 0xab ) @ angel_SWI_THUMB 242not_angel: 243 safe_svcmode_maskall r0 244 msr spsr_cxsf, r9 @ Save the CPU boot mode in 245 @ SPSR 246#endif 247 /* 248 * Note that some cache flushing and other stuff may 249 * be needed here - is there an Angel SWI call for this? 250 */ 251 252 /* 253 * some architecture specific code can be inserted 254 * by the linker here, but it should preserve r7, r8, and r9. 255 */ 256 257 .text 258 259#ifdef CONFIG_AUTO_ZRELADDR 260 /* 261 * Find the start of physical memory. As we are executing 262 * without the MMU on, we are in the physical address space. 263 * We just need to get rid of any offset by aligning the 264 * address. 265 * 266 * This alignment is a balance between the requirements of 267 * different platforms - we have chosen 128MB to allow 268 * platforms which align the start of their physical memory 269 * to 128MB to use this feature, while allowing the zImage 270 * to be placed within the first 128MB of memory on other 271 * platforms. Increasing the alignment means we place 272 * stricter alignment requirements on the start of physical 273 * memory, but relaxing it means that we break people who 274 * are already placing their zImage in (eg) the top 64MB 275 * of this range. 276 */ 277 mov r4, pc 278 and r4, r4, #0xf8000000 279 /* Determine final kernel image address. */ 280 add r4, r4, #(TEXT_OFFSET & 0xffff0000) 281 add r4, r4, #(TEXT_OFFSET & 0x0000ffff) 282#else 283 ldr r4, =zreladdr 284#endif 285 286 /* 287 * Set up a page table only if it won't overwrite ourself. 288 * That means r4 < pc || r4 - 16k page directory > &_end. 289 * Given that r4 > &_end is most unfrequent, we add a rough 290 * additional 1MB of room for a possible appended DTB. 291 */ 292 mov r0, pc 293 cmp r0, r4 294 ldrcc r0, .Lheadroom 295 addcc r0, r0, pc 296 cmpcc r4, r0 297 orrcc r4, r4, #1 @ remember we skipped cache_on 298 blcs cache_on 299 300restart: adr r0, LC1 301 ldr sp, [r0] 302 ldr r6, [r0, #4] 303 add sp, sp, r0 304 add r6, r6, r0 305 306 get_inflated_image_size r9, r10, lr 307 308#ifndef CONFIG_ZBOOT_ROM 309 /* malloc space is above the relocated stack (64k max) */ 310 add r10, sp, #MALLOC_SIZE 311#else 312 /* 313 * With ZBOOT_ROM the bss/stack is non relocatable, 314 * but someone could still run this code from RAM, 315 * in which case our reference is _edata. 316 */ 317 mov r10, r6 318#endif 319 320 mov r5, #0 @ init dtb size to 0 321#ifdef CONFIG_ARM_APPENDED_DTB 322/* 323 * r4 = final kernel address (possibly with LSB set) 324 * r5 = appended dtb size (still unknown) 325 * r6 = _edata 326 * r7 = architecture ID 327 * r8 = atags/device tree pointer 328 * r9 = size of decompressed image 329 * r10 = end of this image, including bss/stack/malloc space if non XIP 330 * sp = stack pointer 331 * 332 * if there are device trees (dtb) appended to zImage, advance r10 so that the 333 * dtb data will get relocated along with the kernel if necessary. 334 */ 335 336 ldr lr, [r6, #0] 337#ifndef __ARMEB__ 338 ldr r1, =0xedfe0dd0 @ sig is 0xd00dfeed big endian 339#else 340 ldr r1, =0xd00dfeed 341#endif 342 cmp lr, r1 343 bne dtb_check_done @ not found 344 345#ifdef CONFIG_ARM_ATAG_DTB_COMPAT 346 /* 347 * OK... Let's do some funky business here. 348 * If we do have a DTB appended to zImage, and we do have 349 * an ATAG list around, we want the later to be translated 350 * and folded into the former here. No GOT fixup has occurred 351 * yet, but none of the code we're about to call uses any 352 * global variable. 353 */ 354 355 /* Get the initial DTB size */ 356 ldr r5, [r6, #4] 357 be32tocpu r5, r1 358 dbgadtb r6, r5 359 /* 50% DTB growth should be good enough */ 360 add r5, r5, r5, lsr #1 361 /* preserve 64-bit alignment */ 362 add r5, r5, #7 363 bic r5, r5, #7 364 /* clamp to 32KB min and 1MB max */ 365 cmp r5, #(1 << 15) 366 movlo r5, #(1 << 15) 367 cmp r5, #(1 << 20) 368 movhi r5, #(1 << 20) 369 /* temporarily relocate the stack past the DTB work space */ 370 add sp, sp, r5 371 372 mov r0, r8 373 mov r1, r6 374 mov r2, r5 375 bl atags_to_fdt 376 377 /* 378 * If returned value is 1, there is no ATAG at the location 379 * pointed by r8. Try the typical 0x100 offset from start 380 * of RAM and hope for the best. 381 */ 382 cmp r0, #1 383 sub r0, r4, #(TEXT_OFFSET & 0xffff0000) 384 sub r0, r0, #(TEXT_OFFSET & 0x0000ffff) 385 bic r0, r0, #1 386 add r0, r0, #0x100 387 mov r1, r6 388 mov r2, r5 389 bleq atags_to_fdt 390 391 sub sp, sp, r5 392#endif 393 394 mov r8, r6 @ use the appended device tree 395 396 /* 397 * Make sure that the DTB doesn't end up in the final 398 * kernel's .bss area. To do so, we adjust the decompressed 399 * kernel size to compensate if that .bss size is larger 400 * than the relocated code. 401 */ 402 ldr r5, =_kernel_bss_size 403 adr r1, wont_overwrite 404 sub r1, r6, r1 405 subs r1, r5, r1 406 addhi r9, r9, r1 407 408 /* Get the current DTB size */ 409 ldr r5, [r6, #4] 410 be32tocpu r5, r1 411 412 /* preserve 64-bit alignment */ 413 add r5, r5, #7 414 bic r5, r5, #7 415 416 /* relocate some pointers past the appended dtb */ 417 add r6, r6, r5 418 add r10, r10, r5 419 add sp, sp, r5 420dtb_check_done: 421#endif 422 423/* 424 * Check to see if we will overwrite ourselves. 425 * r4 = final kernel address (possibly with LSB set) 426 * r9 = size of decompressed image 427 * r10 = end of this image, including bss/stack/malloc space if non XIP 428 * We basically want: 429 * r4 - 16k page directory >= r10 -> OK 430 * r4 + image length <= address of wont_overwrite -> OK 431 * Note: the possible LSB in r4 is harmless here. 432 */ 433 add r10, r10, #16384 434 cmp r4, r10 435 bhs wont_overwrite 436 add r10, r4, r9 437 adr r9, wont_overwrite 438 cmp r10, r9 439 bls wont_overwrite 440 441/* 442 * Relocate ourselves past the end of the decompressed kernel. 443 * r6 = _edata 444 * r10 = end of the decompressed kernel 445 * Because we always copy ahead, we need to do it from the end and go 446 * backward in case the source and destination overlap. 447 */ 448 /* 449 * Bump to the next 256-byte boundary with the size of 450 * the relocation code added. This avoids overwriting 451 * ourself when the offset is small. 452 */ 453 add r10, r10, #((reloc_code_end - restart + 256) & ~255) 454 bic r10, r10, #255 455 456 /* Get start of code we want to copy and align it down. */ 457 adr r5, restart 458 bic r5, r5, #31 459 460/* Relocate the hyp vector base if necessary */ 461#ifdef CONFIG_ARM_VIRT_EXT 462 mrs r0, spsr 463 and r0, r0, #MODE_MASK 464 cmp r0, #HYP_MODE 465 bne 1f 466 467 /* 468 * Compute the address of the hyp vectors after relocation. 469 * This requires some arithmetic since we cannot directly 470 * reference __hyp_stub_vectors in a PC-relative way. 471 * Call __hyp_set_vectors with the new address so that we 472 * can HVC again after the copy. 473 */ 4740: adr r0, 0b 475 movw r1, #:lower16:__hyp_stub_vectors - 0b 476 movt r1, #:upper16:__hyp_stub_vectors - 0b 477 add r0, r0, r1 478 sub r0, r0, r5 479 add r0, r0, r10 480 bl __hyp_set_vectors 4811: 482#endif 483 484 sub r9, r6, r5 @ size to copy 485 add r9, r9, #31 @ rounded up to a multiple 486 bic r9, r9, #31 @ ... of 32 bytes 487 add r6, r9, r5 488 add r9, r9, r10 489 490#ifdef DEBUG 491 sub r10, r6, r5 492 sub r10, r9, r10 493 /* 494 * We are about to copy the kernel to a new memory area. 495 * The boundaries of the new memory area can be found in 496 * r10 and r9, whilst r5 and r6 contain the boundaries 497 * of the memory we are going to copy. 498 * Calling dbgkc will help with the printing of this 499 * information. 500 */ 501 dbgkc r5, r6, r10, r9 502#endif 503 5041: ldmdb r6!, {r0 - r3, r10 - r12, lr} 505 cmp r6, r5 506 stmdb r9!, {r0 - r3, r10 - r12, lr} 507 bhi 1b 508 509 /* Preserve offset to relocated code. */ 510 sub r6, r9, r6 511 512 mov r0, r9 @ start of relocated zImage 513 add r1, sp, r6 @ end of relocated zImage 514 bl cache_clean_flush 515 516 badr r0, restart 517 add r0, r0, r6 518 mov pc, r0 519 520wont_overwrite: 521 adr r0, LC0 522 ldmia r0, {r1, r2, r3, r11, r12} 523 sub r0, r0, r1 @ calculate the delta offset 524 525/* 526 * If delta is zero, we are running at the address we were linked at. 527 * r0 = delta 528 * r2 = BSS start 529 * r3 = BSS end 530 * r4 = kernel execution address (possibly with LSB set) 531 * r5 = appended dtb size (0 if not present) 532 * r7 = architecture ID 533 * r8 = atags pointer 534 * r11 = GOT start 535 * r12 = GOT end 536 * sp = stack pointer 537 */ 538 orrs r1, r0, r5 539 beq not_relocated 540 541 add r11, r11, r0 542 add r12, r12, r0 543 544#ifndef CONFIG_ZBOOT_ROM 545 /* 546 * If we're running fully PIC === CONFIG_ZBOOT_ROM = n, 547 * we need to fix up pointers into the BSS region. 548 * Note that the stack pointer has already been fixed up. 549 */ 550 add r2, r2, r0 551 add r3, r3, r0 552 553 /* 554 * Relocate all entries in the GOT table. 555 * Bump bss entries to _edata + dtb size 556 */ 5571: ldr r1, [r11, #0] @ relocate entries in the GOT 558 add r1, r1, r0 @ This fixes up C references 559 cmp r1, r2 @ if entry >= bss_start && 560 cmphs r3, r1 @ bss_end > entry 561 addhi r1, r1, r5 @ entry += dtb size 562 str r1, [r11], #4 @ next entry 563 cmp r11, r12 564 blo 1b 565 566 /* bump our bss pointers too */ 567 add r2, r2, r5 568 add r3, r3, r5 569 570#else 571 572 /* 573 * Relocate entries in the GOT table. We only relocate 574 * the entries that are outside the (relocated) BSS region. 575 */ 5761: ldr r1, [r11, #0] @ relocate entries in the GOT 577 cmp r1, r2 @ entry < bss_start || 578 cmphs r3, r1 @ _end < entry 579 addlo r1, r1, r0 @ table. This fixes up the 580 str r1, [r11], #4 @ C references. 581 cmp r11, r12 582 blo 1b 583#endif 584 585not_relocated: mov r0, #0 5861: str r0, [r2], #4 @ clear bss 587 str r0, [r2], #4 588 str r0, [r2], #4 589 str r0, [r2], #4 590 cmp r2, r3 591 blo 1b 592 593 /* 594 * Did we skip the cache setup earlier? 595 * That is indicated by the LSB in r4. 596 * Do it now if so. 597 */ 598 tst r4, #1 599 bic r4, r4, #1 600 blne cache_on 601 602/* 603 * The C runtime environment should now be setup sufficiently. 604 * Set up some pointers, and start decompressing. 605 * r4 = kernel execution address 606 * r7 = architecture ID 607 * r8 = atags pointer 608 */ 609 mov r0, r4 610 mov r1, sp @ malloc space above stack 611 add r2, sp, #MALLOC_SIZE @ 64k max 612 mov r3, r7 613 bl decompress_kernel 614 615 get_inflated_image_size r1, r2, r3 616 617 mov r0, r4 @ start of inflated image 618 add r1, r1, r0 @ end of inflated image 619 bl cache_clean_flush 620 bl cache_off 621 622#ifdef CONFIG_ARM_VIRT_EXT 623 mrs r0, spsr @ Get saved CPU boot mode 624 and r0, r0, #MODE_MASK 625 cmp r0, #HYP_MODE @ if not booted in HYP mode... 626 bne __enter_kernel @ boot kernel directly 627 628 adr r12, .L__hyp_reentry_vectors_offset 629 ldr r0, [r12] 630 add r0, r0, r12 631 632 bl __hyp_set_vectors 633 __HVC(0) @ otherwise bounce to hyp mode 634 635 b . @ should never be reached 636 637 .align 2 638.L__hyp_reentry_vectors_offset: .long __hyp_reentry_vectors - . 639#else 640 b __enter_kernel 641#endif 642 643 .align 2 644 .type LC0, #object 645LC0: .word LC0 @ r1 646 .word __bss_start @ r2 647 .word _end @ r3 648 .word _got_start @ r11 649 .word _got_end @ ip 650 .size LC0, . - LC0 651 652 .type LC1, #object 653LC1: .word .L_user_stack_end - LC1 @ sp 654 .word _edata - LC1 @ r6 655 .size LC1, . - LC1 656 657.Lheadroom: 658 .word _end - restart + 16384 + 1024*1024 659 660.Linflated_image_size_offset: 661 .long (input_data_end - 4) - . 662 663#ifdef CONFIG_ARCH_RPC 664 .globl params 665params: ldr r0, =0x10000100 @ params_phys for RPC 666 mov pc, lr 667 .ltorg 668 .align 669#endif 670 671/* 672 * dcache_line_size - get the minimum D-cache line size from the CTR register 673 * on ARMv7. 674 */ 675 .macro dcache_line_size, reg, tmp 676#ifdef CONFIG_CPU_V7M 677 movw \tmp, #:lower16:BASEADDR_V7M_SCB + V7M_SCB_CTR 678 movt \tmp, #:upper16:BASEADDR_V7M_SCB + V7M_SCB_CTR 679 ldr \tmp, [\tmp] 680#else 681 mrc p15, 0, \tmp, c0, c0, 1 @ read ctr 682#endif 683 lsr \tmp, \tmp, #16 684 and \tmp, \tmp, #0xf @ cache line size encoding 685 mov \reg, #4 @ bytes per word 686 mov \reg, \reg, lsl \tmp @ actual cache line size 687 .endm 688 689/* 690 * Turn on the cache. We need to setup some page tables so that we 691 * can have both the I and D caches on. 692 * 693 * We place the page tables 16k down from the kernel execution address, 694 * and we hope that nothing else is using it. If we're using it, we 695 * will go pop! 696 * 697 * On entry, 698 * r4 = kernel execution address 699 * r7 = architecture number 700 * r8 = atags pointer 701 * On exit, 702 * r0, r1, r2, r3, r9, r10, r12 corrupted 703 * This routine must preserve: 704 * r4, r7, r8 705 */ 706 .align 5 707cache_on: mov r3, #8 @ cache_on function 708 b call_cache_fn 709 710/* 711 * Initialize the highest priority protection region, PR7 712 * to cover all 32bit address and cacheable and bufferable. 713 */ 714__armv4_mpu_cache_on: 715 mov r0, #0x3f @ 4G, the whole 716 mcr p15, 0, r0, c6, c7, 0 @ PR7 Area Setting 717 mcr p15, 0, r0, c6, c7, 1 718 719 mov r0, #0x80 @ PR7 720 mcr p15, 0, r0, c2, c0, 0 @ D-cache on 721 mcr p15, 0, r0, c2, c0, 1 @ I-cache on 722 mcr p15, 0, r0, c3, c0, 0 @ write-buffer on 723 724 mov r0, #0xc000 725 mcr p15, 0, r0, c5, c0, 1 @ I-access permission 726 mcr p15, 0, r0, c5, c0, 0 @ D-access permission 727 728 mov r0, #0 729 mcr p15, 0, r0, c7, c10, 4 @ drain write buffer 730 mcr p15, 0, r0, c7, c5, 0 @ flush(inval) I-Cache 731 mcr p15, 0, r0, c7, c6, 0 @ flush(inval) D-Cache 732 mrc p15, 0, r0, c1, c0, 0 @ read control reg 733 @ ...I .... ..D. WC.M 734 orr r0, r0, #0x002d @ .... .... ..1. 11.1 735 orr r0, r0, #0x1000 @ ...1 .... .... .... 736 737 mcr p15, 0, r0, c1, c0, 0 @ write control reg 738 739 mov r0, #0 740 mcr p15, 0, r0, c7, c5, 0 @ flush(inval) I-Cache 741 mcr p15, 0, r0, c7, c6, 0 @ flush(inval) D-Cache 742 mov pc, lr 743 744__armv3_mpu_cache_on: 745 mov r0, #0x3f @ 4G, the whole 746 mcr p15, 0, r0, c6, c7, 0 @ PR7 Area Setting 747 748 mov r0, #0x80 @ PR7 749 mcr p15, 0, r0, c2, c0, 0 @ cache on 750 mcr p15, 0, r0, c3, c0, 0 @ write-buffer on 751 752 mov r0, #0xc000 753 mcr p15, 0, r0, c5, c0, 0 @ access permission 754 755 mov r0, #0 756 mcr p15, 0, r0, c7, c0, 0 @ invalidate whole cache v3 757 /* 758 * ?? ARMv3 MMU does not allow reading the control register, 759 * does this really work on ARMv3 MPU? 760 */ 761 mrc p15, 0, r0, c1, c0, 0 @ read control reg 762 @ .... .... .... WC.M 763 orr r0, r0, #0x000d @ .... .... .... 11.1 764 /* ?? this overwrites the value constructed above? */ 765 mov r0, #0 766 mcr p15, 0, r0, c1, c0, 0 @ write control reg 767 768 /* ?? invalidate for the second time? */ 769 mcr p15, 0, r0, c7, c0, 0 @ invalidate whole cache v3 770 mov pc, lr 771 772#ifdef CONFIG_CPU_DCACHE_WRITETHROUGH 773#define CB_BITS 0x08 774#else 775#define CB_BITS 0x0c 776#endif 777 778__setup_mmu: sub r3, r4, #16384 @ Page directory size 779 bic r3, r3, #0xff @ Align the pointer 780 bic r3, r3, #0x3f00 781/* 782 * Initialise the page tables, turning on the cacheable and bufferable 783 * bits for the RAM area only. 784 */ 785 mov r0, r3 786 mov r9, r0, lsr #20 787 mov r9, r9, lsl #20 @ start of RAM 788 add r10, r9, #0x10000000 @ a reasonable RAM size 789 mov r1, #0x12 @ XN|U + section mapping 790 orr r1, r1, #3 << 10 @ AP=11 791 add r2, r3, #16384 7921: cmp r1, r9 @ if virt > start of RAM 793 cmphs r10, r1 @ && end of RAM > virt 794 bic r1, r1, #0x1c @ clear XN|U + C + B 795 orrlo r1, r1, #0x10 @ Set XN|U for non-RAM 796 orrhs r1, r1, r6 @ set RAM section settings 797 str r1, [r0], #4 @ 1:1 mapping 798 add r1, r1, #1048576 799 teq r0, r2 800 bne 1b 801/* 802 * If ever we are running from Flash, then we surely want the cache 803 * to be enabled also for our execution instance... We map 2MB of it 804 * so there is no map overlap problem for up to 1 MB compressed kernel. 805 * If the execution is in RAM then we would only be duplicating the above. 806 */ 807 orr r1, r6, #0x04 @ ensure B is set for this 808 orr r1, r1, #3 << 10 809 mov r2, pc 810 mov r2, r2, lsr #20 811 orr r1, r1, r2, lsl #20 812 add r0, r3, r2, lsl #2 813 str r1, [r0], #4 814 add r1, r1, #1048576 815 str r1, [r0] 816 mov pc, lr 817ENDPROC(__setup_mmu) 818 819@ Enable unaligned access on v6, to allow better code generation 820@ for the decompressor C code: 821__armv6_mmu_cache_on: 822 mrc p15, 0, r0, c1, c0, 0 @ read SCTLR 823 bic r0, r0, #2 @ A (no unaligned access fault) 824 orr r0, r0, #1 << 22 @ U (v6 unaligned access model) 825 mcr p15, 0, r0, c1, c0, 0 @ write SCTLR 826 b __armv4_mmu_cache_on 827 828__arm926ejs_mmu_cache_on: 829#ifdef CONFIG_CPU_DCACHE_WRITETHROUGH 830 mov r0, #4 @ put dcache in WT mode 831 mcr p15, 7, r0, c15, c0, 0 832#endif 833 834__armv4_mmu_cache_on: 835 mov r12, lr 836#ifdef CONFIG_MMU 837 mov r6, #CB_BITS | 0x12 @ U 838 bl __setup_mmu 839 mov r0, #0 840 mcr p15, 0, r0, c7, c10, 4 @ drain write buffer 841 mcr p15, 0, r0, c8, c7, 0 @ flush I,D TLBs 842 mrc p15, 0, r0, c1, c0, 0 @ read control reg 843 orr r0, r0, #0x5000 @ I-cache enable, RR cache replacement 844 orr r0, r0, #0x0030 845 ARM_BE8( orr r0, r0, #1 << 25 ) @ big-endian page tables 846 bl __common_mmu_cache_on 847 mov r0, #0 848 mcr p15, 0, r0, c8, c7, 0 @ flush I,D TLBs 849#endif 850 mov pc, r12 851 852__armv7_mmu_cache_on: 853 enable_cp15_barriers r11 854 mov r12, lr 855#ifdef CONFIG_MMU 856 mrc p15, 0, r11, c0, c1, 4 @ read ID_MMFR0 857 tst r11, #0xf @ VMSA 858 movne r6, #CB_BITS | 0x02 @ !XN 859 blne __setup_mmu 860 mov r0, #0 861 mcr p15, 0, r0, c7, c10, 4 @ drain write buffer 862 tst r11, #0xf @ VMSA 863 mcrne p15, 0, r0, c8, c7, 0 @ flush I,D TLBs 864#endif 865 mrc p15, 0, r0, c1, c0, 0 @ read control reg 866 bic r0, r0, #1 << 28 @ clear SCTLR.TRE 867 orr r0, r0, #0x5000 @ I-cache enable, RR cache replacement 868 orr r0, r0, #0x003c @ write buffer 869 bic r0, r0, #2 @ A (no unaligned access fault) 870 orr r0, r0, #1 << 22 @ U (v6 unaligned access model) 871 @ (needed for ARM1176) 872#ifdef CONFIG_MMU 873 ARM_BE8( orr r0, r0, #1 << 25 ) @ big-endian page tables 874 mrcne p15, 0, r6, c2, c0, 2 @ read ttb control reg 875 orrne r0, r0, #1 @ MMU enabled 876 movne r1, #0xfffffffd @ domain 0 = client 877 bic r6, r6, #1 << 31 @ 32-bit translation system 878 bic r6, r6, #(7 << 0) | (1 << 4) @ use only ttbr0 879 mcrne p15, 0, r3, c2, c0, 0 @ load page table pointer 880 mcrne p15, 0, r1, c3, c0, 0 @ load domain access control 881 mcrne p15, 0, r6, c2, c0, 2 @ load ttb control 882#endif 883 mcr p15, 0, r0, c7, c5, 4 @ ISB 884 mcr p15, 0, r0, c1, c0, 0 @ load control register 885 mrc p15, 0, r0, c1, c0, 0 @ and read it back 886 mov r0, #0 887 mcr p15, 0, r0, c7, c5, 4 @ ISB 888 mov pc, r12 889 890__fa526_cache_on: 891 mov r12, lr 892 mov r6, #CB_BITS | 0x12 @ U 893 bl __setup_mmu 894 mov r0, #0 895 mcr p15, 0, r0, c7, c7, 0 @ Invalidate whole cache 896 mcr p15, 0, r0, c7, c10, 4 @ drain write buffer 897 mcr p15, 0, r0, c8, c7, 0 @ flush UTLB 898 mrc p15, 0, r0, c1, c0, 0 @ read control reg 899 orr r0, r0, #0x1000 @ I-cache enable 900 bl __common_mmu_cache_on 901 mov r0, #0 902 mcr p15, 0, r0, c8, c7, 0 @ flush UTLB 903 mov pc, r12 904 905__common_mmu_cache_on: 906#ifndef CONFIG_THUMB2_KERNEL 907#ifndef DEBUG 908 orr r0, r0, #0x000d @ Write buffer, mmu 909#endif 910 mov r1, #-1 911 mcr p15, 0, r3, c2, c0, 0 @ load page table pointer 912 mcr p15, 0, r1, c3, c0, 0 @ load domain access control 913 b 1f 914 .align 5 @ cache line aligned 9151: mcr p15, 0, r0, c1, c0, 0 @ load control register 916 mrc p15, 0, r0, c1, c0, 0 @ and read it back to 917 sub pc, lr, r0, lsr #32 @ properly flush pipeline 918#endif 919 920#define PROC_ENTRY_SIZE (4*5) 921 922/* 923 * Here follow the relocatable cache support functions for the 924 * various processors. This is a generic hook for locating an 925 * entry and jumping to an instruction at the specified offset 926 * from the start of the block. Please note this is all position 927 * independent code. 928 * 929 * r1 = corrupted 930 * r2 = corrupted 931 * r3 = block offset 932 * r9 = corrupted 933 * r12 = corrupted 934 */ 935 936call_cache_fn: adr r12, proc_types 937#ifdef CONFIG_CPU_CP15 938 mrc p15, 0, r9, c0, c0 @ get processor ID 939#elif defined(CONFIG_CPU_V7M) 940 /* 941 * On v7-M the processor id is located in the V7M_SCB_CPUID 942 * register, but as cache handling is IMPLEMENTATION DEFINED on 943 * v7-M (if existant at all) we just return early here. 944 * If V7M_SCB_CPUID were used the cpu ID functions (i.e. 945 * __armv7_mmu_cache_{on,off,flush}) would be selected which 946 * use cp15 registers that are not implemented on v7-M. 947 */ 948 bx lr 949#else 950 ldr r9, =CONFIG_PROCESSOR_ID 951#endif 9521: ldr r1, [r12, #0] @ get value 953 ldr r2, [r12, #4] @ get mask 954 eor r1, r1, r9 @ (real ^ match) 955 tst r1, r2 @ & mask 956 ARM( addeq pc, r12, r3 ) @ call cache function 957 THUMB( addeq r12, r3 ) 958 THUMB( moveq pc, r12 ) @ call cache function 959 add r12, r12, #PROC_ENTRY_SIZE 960 b 1b 961 962/* 963 * Table for cache operations. This is basically: 964 * - CPU ID match 965 * - CPU ID mask 966 * - 'cache on' method instruction 967 * - 'cache off' method instruction 968 * - 'cache flush' method instruction 969 * 970 * We match an entry using: ((real_id ^ match) & mask) == 0 971 * 972 * Writethrough caches generally only need 'on' and 'off' 973 * methods. Writeback caches _must_ have the flush method 974 * defined. 975 */ 976 .align 2 977 .type proc_types,#object 978proc_types: 979 .word 0x41000000 @ old ARM ID 980 .word 0xff00f000 981 mov pc, lr 982 THUMB( nop ) 983 mov pc, lr 984 THUMB( nop ) 985 mov pc, lr 986 THUMB( nop ) 987 988 .word 0x41007000 @ ARM7/710 989 .word 0xfff8fe00 990 mov pc, lr 991 THUMB( nop ) 992 mov pc, lr 993 THUMB( nop ) 994 mov pc, lr 995 THUMB( nop ) 996 997 .word 0x41807200 @ ARM720T (writethrough) 998 .word 0xffffff00 999 W(b) __armv4_mmu_cache_on 1000 W(b) __armv4_mmu_cache_off 1001 mov pc, lr 1002 THUMB( nop ) 1003 1004 .word 0x41007400 @ ARM74x 1005 .word 0xff00ff00 1006 W(b) __armv3_mpu_cache_on 1007 W(b) __armv3_mpu_cache_off 1008 W(b) __armv3_mpu_cache_flush 1009 1010 .word 0x41009400 @ ARM94x 1011 .word 0xff00ff00 1012 W(b) __armv4_mpu_cache_on 1013 W(b) __armv4_mpu_cache_off 1014 W(b) __armv4_mpu_cache_flush 1015 1016 .word 0x41069260 @ ARM926EJ-S (v5TEJ) 1017 .word 0xff0ffff0 1018 W(b) __arm926ejs_mmu_cache_on 1019 W(b) __armv4_mmu_cache_off 1020 W(b) __armv5tej_mmu_cache_flush 1021 1022 .word 0x00007000 @ ARM7 IDs 1023 .word 0x0000f000 1024 mov pc, lr 1025 THUMB( nop ) 1026 mov pc, lr 1027 THUMB( nop ) 1028 mov pc, lr 1029 THUMB( nop ) 1030 1031 @ Everything from here on will be the new ID system. 1032 1033 .word 0x4401a100 @ sa110 / sa1100 1034 .word 0xffffffe0 1035 W(b) __armv4_mmu_cache_on 1036 W(b) __armv4_mmu_cache_off 1037 W(b) __armv4_mmu_cache_flush 1038 1039 .word 0x6901b110 @ sa1110 1040 .word 0xfffffff0 1041 W(b) __armv4_mmu_cache_on 1042 W(b) __armv4_mmu_cache_off 1043 W(b) __armv4_mmu_cache_flush 1044 1045 .word 0x56056900 1046 .word 0xffffff00 @ PXA9xx 1047 W(b) __armv4_mmu_cache_on 1048 W(b) __armv4_mmu_cache_off 1049 W(b) __armv4_mmu_cache_flush 1050 1051 .word 0x56158000 @ PXA168 1052 .word 0xfffff000 1053 W(b) __armv4_mmu_cache_on 1054 W(b) __armv4_mmu_cache_off 1055 W(b) __armv5tej_mmu_cache_flush 1056 1057 .word 0x56050000 @ Feroceon 1058 .word 0xff0f0000 1059 W(b) __armv4_mmu_cache_on 1060 W(b) __armv4_mmu_cache_off 1061 W(b) __armv5tej_mmu_cache_flush 1062 1063#ifdef CONFIG_CPU_FEROCEON_OLD_ID 1064 /* this conflicts with the standard ARMv5TE entry */ 1065 .long 0x41009260 @ Old Feroceon 1066 .long 0xff00fff0 1067 b __armv4_mmu_cache_on 1068 b __armv4_mmu_cache_off 1069 b __armv5tej_mmu_cache_flush 1070#endif 1071 1072 .word 0x66015261 @ FA526 1073 .word 0xff01fff1 1074 W(b) __fa526_cache_on 1075 W(b) __armv4_mmu_cache_off 1076 W(b) __fa526_cache_flush 1077 1078 @ These match on the architecture ID 1079 1080 .word 0x00020000 @ ARMv4T 1081 .word 0x000f0000 1082 W(b) __armv4_mmu_cache_on 1083 W(b) __armv4_mmu_cache_off 1084 W(b) __armv4_mmu_cache_flush 1085 1086 .word 0x00050000 @ ARMv5TE 1087 .word 0x000f0000 1088 W(b) __armv4_mmu_cache_on 1089 W(b) __armv4_mmu_cache_off 1090 W(b) __armv4_mmu_cache_flush 1091 1092 .word 0x00060000 @ ARMv5TEJ 1093 .word 0x000f0000 1094 W(b) __armv4_mmu_cache_on 1095 W(b) __armv4_mmu_cache_off 1096 W(b) __armv5tej_mmu_cache_flush 1097 1098 .word 0x0007b000 @ ARMv6 1099 .word 0x000ff000 1100 W(b) __armv6_mmu_cache_on 1101 W(b) __armv4_mmu_cache_off 1102 W(b) __armv6_mmu_cache_flush 1103 1104 .word 0x000f0000 @ new CPU Id 1105 .word 0x000f0000 1106 W(b) __armv7_mmu_cache_on 1107 W(b) __armv7_mmu_cache_off 1108 W(b) __armv7_mmu_cache_flush 1109 1110 .word 0 @ unrecognised type 1111 .word 0 1112 mov pc, lr 1113 THUMB( nop ) 1114 mov pc, lr 1115 THUMB( nop ) 1116 mov pc, lr 1117 THUMB( nop ) 1118 1119 .size proc_types, . - proc_types 1120 1121 /* 1122 * If you get a "non-constant expression in ".if" statement" 1123 * error from the assembler on this line, check that you have 1124 * not accidentally written a "b" instruction where you should 1125 * have written W(b). 1126 */ 1127 .if (. - proc_types) % PROC_ENTRY_SIZE != 0 1128 .error "The size of one or more proc_types entries is wrong." 1129 .endif 1130 1131/* 1132 * Turn off the Cache and MMU. ARMv3 does not support 1133 * reading the control register, but ARMv4 does. 1134 * 1135 * On exit, 1136 * r0, r1, r2, r3, r9, r12 corrupted 1137 * This routine must preserve: 1138 * r4, r7, r8 1139 */ 1140 .align 5 1141cache_off: mov r3, #12 @ cache_off function 1142 b call_cache_fn 1143 1144__armv4_mpu_cache_off: 1145 mrc p15, 0, r0, c1, c0 1146 bic r0, r0, #0x000d 1147 mcr p15, 0, r0, c1, c0 @ turn MPU and cache off 1148 mov r0, #0 1149 mcr p15, 0, r0, c7, c10, 4 @ drain write buffer 1150 mcr p15, 0, r0, c7, c6, 0 @ flush D-Cache 1151 mcr p15, 0, r0, c7, c5, 0 @ flush I-Cache 1152 mov pc, lr 1153 1154__armv3_mpu_cache_off: 1155 mrc p15, 0, r0, c1, c0 1156 bic r0, r0, #0x000d 1157 mcr p15, 0, r0, c1, c0, 0 @ turn MPU and cache off 1158 mov r0, #0 1159 mcr p15, 0, r0, c7, c0, 0 @ invalidate whole cache v3 1160 mov pc, lr 1161 1162__armv4_mmu_cache_off: 1163#ifdef CONFIG_MMU 1164 mrc p15, 0, r0, c1, c0 1165 bic r0, r0, #0x000d 1166 mcr p15, 0, r0, c1, c0 @ turn MMU and cache off 1167 mov r0, #0 1168 mcr p15, 0, r0, c7, c7 @ invalidate whole cache v4 1169 mcr p15, 0, r0, c8, c7 @ invalidate whole TLB v4 1170#endif 1171 mov pc, lr 1172 1173__armv7_mmu_cache_off: 1174 mrc p15, 0, r0, c1, c0 1175#ifdef CONFIG_MMU 1176 bic r0, r0, #0x0005 1177#else 1178 bic r0, r0, #0x0004 1179#endif 1180 mcr p15, 0, r0, c1, c0 @ turn MMU and cache off 1181 mov r0, #0 1182#ifdef CONFIG_MMU 1183 mcr p15, 0, r0, c8, c7, 0 @ invalidate whole TLB 1184#endif 1185 mcr p15, 0, r0, c7, c5, 6 @ invalidate BTC 1186 mcr p15, 0, r0, c7, c10, 4 @ DSB 1187 mcr p15, 0, r0, c7, c5, 4 @ ISB 1188 mov pc, lr 1189 1190/* 1191 * Clean and flush the cache to maintain consistency. 1192 * 1193 * On entry, 1194 * r0 = start address 1195 * r1 = end address (exclusive) 1196 * On exit, 1197 * r1, r2, r3, r9, r10, r11, r12 corrupted 1198 * This routine must preserve: 1199 * r4, r6, r7, r8 1200 */ 1201 .align 5 1202cache_clean_flush: 1203 mov r3, #16 1204 mov r11, r1 1205 b call_cache_fn 1206 1207__armv4_mpu_cache_flush: 1208 tst r4, #1 1209 movne pc, lr 1210 mov r2, #1 1211 mov r3, #0 1212 mcr p15, 0, ip, c7, c6, 0 @ invalidate D cache 1213 mov r1, #7 << 5 @ 8 segments 12141: orr r3, r1, #63 << 26 @ 64 entries 12152: mcr p15, 0, r3, c7, c14, 2 @ clean & invalidate D index 1216 subs r3, r3, #1 << 26 1217 bcs 2b @ entries 63 to 0 1218 subs r1, r1, #1 << 5 1219 bcs 1b @ segments 7 to 0 1220 1221 teq r2, #0 1222 mcrne p15, 0, ip, c7, c5, 0 @ invalidate I cache 1223 mcr p15, 0, ip, c7, c10, 4 @ drain WB 1224 mov pc, lr 1225 1226__fa526_cache_flush: 1227 tst r4, #1 1228 movne pc, lr 1229 mov r1, #0 1230 mcr p15, 0, r1, c7, c14, 0 @ clean and invalidate D cache 1231 mcr p15, 0, r1, c7, c5, 0 @ flush I cache 1232 mcr p15, 0, r1, c7, c10, 4 @ drain WB 1233 mov pc, lr 1234 1235__armv6_mmu_cache_flush: 1236 mov r1, #0 1237 tst r4, #1 1238 mcreq p15, 0, r1, c7, c14, 0 @ clean+invalidate D 1239 mcr p15, 0, r1, c7, c5, 0 @ invalidate I+BTB 1240 mcreq p15, 0, r1, c7, c15, 0 @ clean+invalidate unified 1241 mcr p15, 0, r1, c7, c10, 4 @ drain WB 1242 mov pc, lr 1243 1244__armv7_mmu_cache_flush: 1245 enable_cp15_barriers r10 1246 tst r4, #1 1247 bne iflush 1248 mrc p15, 0, r10, c0, c1, 5 @ read ID_MMFR1 1249 tst r10, #0xf << 16 @ hierarchical cache (ARMv7) 1250 mov r10, #0 1251 beq hierarchical 1252 mcr p15, 0, r10, c7, c14, 0 @ clean+invalidate D 1253 b iflush 1254hierarchical: 1255 dcache_line_size r1, r2 @ r1 := dcache min line size 1256 sub r2, r1, #1 @ r2 := line size mask 1257 bic r0, r0, r2 @ round down start to line size 1258 sub r11, r11, #1 @ end address is exclusive 1259 bic r11, r11, r2 @ round down end to line size 12600: cmp r0, r11 @ finished? 1261 bgt iflush 1262 mcr p15, 0, r0, c7, c14, 1 @ Dcache clean/invalidate by VA 1263 add r0, r0, r1 1264 b 0b 1265iflush: 1266 mcr p15, 0, r10, c7, c10, 4 @ DSB 1267 mcr p15, 0, r10, c7, c5, 0 @ invalidate I+BTB 1268 mcr p15, 0, r10, c7, c10, 4 @ DSB 1269 mcr p15, 0, r10, c7, c5, 4 @ ISB 1270 mov pc, lr 1271 1272__armv5tej_mmu_cache_flush: 1273 tst r4, #1 1274 movne pc, lr 12751: mrc p15, 0, APSR_nzcv, c7, c14, 3 @ test,clean,invalidate D cache 1276 bne 1b 1277 mcr p15, 0, r0, c7, c5, 0 @ flush I cache 1278 mcr p15, 0, r0, c7, c10, 4 @ drain WB 1279 mov pc, lr 1280 1281__armv4_mmu_cache_flush: 1282 tst r4, #1 1283 movne pc, lr 1284 mov r2, #64*1024 @ default: 32K dcache size (*2) 1285 mov r11, #32 @ default: 32 byte line size 1286 mrc p15, 0, r3, c0, c0, 1 @ read cache type 1287 teq r3, r9 @ cache ID register present? 1288 beq no_cache_id 1289 mov r1, r3, lsr #18 1290 and r1, r1, #7 1291 mov r2, #1024 1292 mov r2, r2, lsl r1 @ base dcache size *2 1293 tst r3, #1 << 14 @ test M bit 1294 addne r2, r2, r2, lsr #1 @ +1/2 size if M == 1 1295 mov r3, r3, lsr #12 1296 and r3, r3, #3 1297 mov r11, #8 1298 mov r11, r11, lsl r3 @ cache line size in bytes 1299no_cache_id: 1300 mov r1, pc 1301 bic r1, r1, #63 @ align to longest cache line 1302 add r2, r1, r2 13031: 1304 ARM( ldr r3, [r1], r11 ) @ s/w flush D cache 1305 THUMB( ldr r3, [r1] ) @ s/w flush D cache 1306 THUMB( add r1, r1, r11 ) 1307 teq r1, r2 1308 bne 1b 1309 1310 mcr p15, 0, r1, c7, c5, 0 @ flush I cache 1311 mcr p15, 0, r1, c7, c6, 0 @ flush D cache 1312 mcr p15, 0, r1, c7, c10, 4 @ drain WB 1313 mov pc, lr 1314 1315__armv3_mmu_cache_flush: 1316__armv3_mpu_cache_flush: 1317 tst r4, #1 1318 movne pc, lr 1319 mov r1, #0 1320 mcr p15, 0, r1, c7, c0, 0 @ invalidate whole cache v3 1321 mov pc, lr 1322 1323/* 1324 * Various debugging routines for printing hex characters and 1325 * memory, which again must be relocatable. 1326 */ 1327#ifdef DEBUG 1328 .align 2 1329 .type phexbuf,#object 1330phexbuf: .space 12 1331 .size phexbuf, . - phexbuf 1332 1333@ phex corrupts {r0, r1, r2, r3} 1334phex: adr r3, phexbuf 1335 mov r2, #0 1336 strb r2, [r3, r1] 13371: subs r1, r1, #1 1338 movmi r0, r3 1339 bmi puts 1340 and r2, r0, #15 1341 mov r0, r0, lsr #4 1342 cmp r2, #10 1343 addge r2, r2, #7 1344 add r2, r2, #'0' 1345 strb r2, [r3, r1] 1346 b 1b 1347 1348@ puts corrupts {r0, r1, r2, r3} 1349puts: loadsp r3, r2, r1 13501: ldrb r2, [r0], #1 1351 teq r2, #0 1352 moveq pc, lr 13532: writeb r2, r3, r1 1354 mov r1, #0x00020000 13553: subs r1, r1, #1 1356 bne 3b 1357 teq r2, #'\n' 1358 moveq r2, #'\r' 1359 beq 2b 1360 teq r0, #0 1361 bne 1b 1362 mov pc, lr 1363@ putc corrupts {r0, r1, r2, r3} 1364putc: 1365 mov r2, r0 1366 loadsp r3, r1, r0 1367 mov r0, #0 1368 b 2b 1369 1370@ memdump corrupts {r0, r1, r2, r3, r10, r11, r12, lr} 1371memdump: mov r12, r0 1372 mov r10, lr 1373 mov r11, #0 13742: mov r0, r11, lsl #2 1375 add r0, r0, r12 1376 mov r1, #8 1377 bl phex 1378 mov r0, #':' 1379 bl putc 13801: mov r0, #' ' 1381 bl putc 1382 ldr r0, [r12, r11, lsl #2] 1383 mov r1, #8 1384 bl phex 1385 and r0, r11, #7 1386 teq r0, #3 1387 moveq r0, #' ' 1388 bleq putc 1389 and r0, r11, #7 1390 add r11, r11, #1 1391 teq r0, #7 1392 bne 1b 1393 mov r0, #'\n' 1394 bl putc 1395 cmp r11, #64 1396 blt 2b 1397 mov pc, r10 1398#endif 1399 1400 .ltorg 1401 1402#ifdef CONFIG_ARM_VIRT_EXT 1403.align 5 1404__hyp_reentry_vectors: 1405 W(b) . @ reset 1406 W(b) . @ undef 1407#ifdef CONFIG_EFI_STUB 1408 W(b) __enter_kernel_from_hyp @ hvc from HYP 1409#else 1410 W(b) . @ svc 1411#endif 1412 W(b) . @ pabort 1413 W(b) . @ dabort 1414 W(b) __enter_kernel @ hyp 1415 W(b) . @ irq 1416 W(b) . @ fiq 1417#endif /* CONFIG_ARM_VIRT_EXT */ 1418 1419__enter_kernel: 1420 mov r0, #0 @ must be 0 1421 mov r1, r7 @ restore architecture number 1422 mov r2, r8 @ restore atags pointer 1423 ARM( mov pc, r4 ) @ call kernel 1424 M_CLASS( add r4, r4, #1 ) @ enter in Thumb mode for M class 1425 THUMB( bx r4 ) @ entry point is always ARM for A/R classes 1426 1427reloc_code_end: 1428 1429#ifdef CONFIG_EFI_STUB 1430__enter_kernel_from_hyp: 1431 mrc p15, 4, r0, c1, c0, 0 @ read HSCTLR 1432 bic r0, r0, #0x5 @ disable MMU and caches 1433 mcr p15, 4, r0, c1, c0, 0 @ write HSCTLR 1434 isb 1435 b __enter_kernel 1436 1437ENTRY(efi_enter_kernel) 1438 mov r4, r0 @ preserve image base 1439 mov r8, r1 @ preserve DT pointer 1440 1441 adr_l r0, call_cache_fn 1442 adr r1, 0f @ clean the region of code we 1443 bl cache_clean_flush @ may run with the MMU off 1444 1445#ifdef CONFIG_ARM_VIRT_EXT 1446 @ 1447 @ The EFI spec does not support booting on ARM in HYP mode, 1448 @ since it mandates that the MMU and caches are on, with all 1449 @ 32-bit addressable DRAM mapped 1:1 using short descriptors. 1450 @ 1451 @ While the EDK2 reference implementation adheres to this, 1452 @ U-Boot might decide to enter the EFI stub in HYP mode 1453 @ anyway, with the MMU and caches either on or off. 1454 @ 1455 mrs r0, cpsr @ get the current mode 1456 msr spsr_cxsf, r0 @ record boot mode 1457 and r0, r0, #MODE_MASK @ are we running in HYP mode? 1458 cmp r0, #HYP_MODE 1459 bne .Lefi_svc 1460 1461 mrc p15, 4, r1, c1, c0, 0 @ read HSCTLR 1462 tst r1, #0x1 @ MMU enabled at HYP? 1463 beq 1f 1464 1465 @ 1466 @ When running in HYP mode with the caches on, we're better 1467 @ off just carrying on using the cached 1:1 mapping that the 1468 @ firmware provided. Set up the HYP vectors so HVC instructions 1469 @ issued from HYP mode take us to the correct handler code. We 1470 @ will disable the MMU before jumping to the kernel proper. 1471 @ 1472 ARM( bic r1, r1, #(1 << 30) ) @ clear HSCTLR.TE 1473 THUMB( orr r1, r1, #(1 << 30) ) @ set HSCTLR.TE 1474 mcr p15, 4, r1, c1, c0, 0 1475 adr r0, __hyp_reentry_vectors 1476 mcr p15, 4, r0, c12, c0, 0 @ set HYP vector base (HVBAR) 1477 isb 1478 b .Lefi_hyp 1479 1480 @ 1481 @ When running in HYP mode with the caches off, we need to drop 1482 @ into SVC mode now, and let the decompressor set up its cached 1483 @ 1:1 mapping as usual. 1484 @ 14851: mov r9, r4 @ preserve image base 1486 bl __hyp_stub_install @ install HYP stub vectors 1487 safe_svcmode_maskall r1 @ drop to SVC mode 1488 msr spsr_cxsf, r0 @ record boot mode 1489 orr r4, r9, #1 @ restore image base and set LSB 1490 b .Lefi_hyp 1491.Lefi_svc: 1492#endif 1493 mrc p15, 0, r0, c1, c0, 0 @ read SCTLR 1494 tst r0, #0x1 @ MMU enabled? 1495 orreq r4, r4, #1 @ set LSB if not 1496 1497.Lefi_hyp: 1498 mov r0, r8 @ DT start 1499 add r1, r8, r2 @ DT end 1500 bl cache_clean_flush 1501 1502 adr r0, 0f @ switch to our stack 1503 ldr sp, [r0] 1504 add sp, sp, r0 1505 1506 mov r5, #0 @ appended DTB size 1507 mov r7, #0xFFFFFFFF @ machine ID 1508 b wont_overwrite 1509ENDPROC(efi_enter_kernel) 15100: .long .L_user_stack_end - . 1511#endif 1512 1513 .align 1514 .section ".stack", "aw", %nobits 1515.L_user_stack: .space 4096 1516.L_user_stack_end: 1517