xref: /linux/arch/arm/boot/compressed/head.S (revision 48dea9a700c8728cc31a1dd44588b97578de86ee)
1/* SPDX-License-Identifier: GPL-2.0-only */
2/*
3 *  linux/arch/arm/boot/compressed/head.S
4 *
5 *  Copyright (C) 1996-2002 Russell King
6 *  Copyright (C) 2004 Hyok S. Choi (MPU support)
7 */
8#include <linux/linkage.h>
9#include <asm/assembler.h>
10#include <asm/v7m.h>
11
12#include "efi-header.S"
13
14 AR_CLASS(	.arch	armv7-a	)
15 M_CLASS(	.arch	armv7-m	)
16
17/*
18 * Debugging stuff
19 *
20 * Note that these macros must not contain any code which is not
21 * 100% relocatable.  Any attempt to do so will result in a crash.
22 * Please select one of the following when turning on debugging.
23 */
24#ifdef DEBUG
25
26#if defined(CONFIG_DEBUG_ICEDCC)
27
28#if defined(CONFIG_CPU_V6) || defined(CONFIG_CPU_V6K) || defined(CONFIG_CPU_V7)
29		.macro	loadsp, rb, tmp1, tmp2
30		.endm
31		.macro	writeb, ch, rb
32		mcr	p14, 0, \ch, c0, c5, 0
33		.endm
34#elif defined(CONFIG_CPU_XSCALE)
35		.macro	loadsp, rb, tmp1, tmp2
36		.endm
37		.macro	writeb, ch, rb
38		mcr	p14, 0, \ch, c8, c0, 0
39		.endm
40#else
41		.macro	loadsp, rb, tmp1, tmp2
42		.endm
43		.macro	writeb, ch, rb
44		mcr	p14, 0, \ch, c1, c0, 0
45		.endm
46#endif
47
48#else
49
50#include CONFIG_DEBUG_LL_INCLUDE
51
52		.macro	writeb,	ch, rb
53		senduart \ch, \rb
54		.endm
55
56#if defined(CONFIG_ARCH_SA1100)
57		.macro	loadsp, rb, tmp1, tmp2
58		mov	\rb, #0x80000000	@ physical base address
59#ifdef CONFIG_DEBUG_LL_SER3
60		add	\rb, \rb, #0x00050000	@ Ser3
61#else
62		add	\rb, \rb, #0x00010000	@ Ser1
63#endif
64		.endm
65#else
66		.macro	loadsp,	rb, tmp1, tmp2
67		addruart \rb, \tmp1, \tmp2
68		.endm
69#endif
70#endif
71#endif
72
73		.macro	kputc,val
74		mov	r0, \val
75		bl	putc
76		.endm
77
78		.macro	kphex,val,len
79		mov	r0, \val
80		mov	r1, #\len
81		bl	phex
82		.endm
83
84		.macro	debug_reloc_start
85#ifdef DEBUG
86		kputc	#'\n'
87		kphex	r6, 8		/* processor id */
88		kputc	#':'
89		kphex	r7, 8		/* architecture id */
90#ifdef CONFIG_CPU_CP15
91		kputc	#':'
92		mrc	p15, 0, r0, c1, c0
93		kphex	r0, 8		/* control reg */
94#endif
95		kputc	#'\n'
96		kphex	r5, 8		/* decompressed kernel start */
97		kputc	#'-'
98		kphex	r9, 8		/* decompressed kernel end  */
99		kputc	#'>'
100		kphex	r4, 8		/* kernel execution address */
101		kputc	#'\n'
102#endif
103		.endm
104
105		.macro	debug_reloc_end
106#ifdef DEBUG
107		kphex	r5, 8		/* end of kernel */
108		kputc	#'\n'
109		mov	r0, r4
110		bl	memdump		/* dump 256 bytes at start of kernel */
111#endif
112		.endm
113
114		/*
115		 * Debug kernel copy by printing the memory addresses involved
116		 */
117		.macro dbgkc, begin, end, cbegin, cend
118#ifdef DEBUG
119		kputc   #'\n'
120		kputc   #'C'
121		kputc   #':'
122		kputc   #'0'
123		kputc   #'x'
124		kphex   \begin, 8	/* Start of compressed kernel */
125		kputc	#'-'
126		kputc	#'0'
127		kputc	#'x'
128		kphex	\end, 8		/* End of compressed kernel */
129		kputc	#'-'
130		kputc	#'>'
131		kputc   #'0'
132		kputc   #'x'
133		kphex   \cbegin, 8	/* Start of kernel copy */
134		kputc	#'-'
135		kputc	#'0'
136		kputc	#'x'
137		kphex	\cend, 8	/* End of kernel copy */
138		kputc	#'\n'
139		kputc	#'\r'
140#endif
141		.endm
142
143		.macro	enable_cp15_barriers, reg
144		mrc	p15, 0, \reg, c1, c0, 0	@ read SCTLR
145		tst	\reg, #(1 << 5)		@ CP15BEN bit set?
146		bne	.L_\@
147		orr	\reg, \reg, #(1 << 5)	@ CP15 barrier instructions
148		mcr	p15, 0, \reg, c1, c0, 0	@ write SCTLR
149 ARM(		.inst   0xf57ff06f		@ v7+ isb	)
150 THUMB(		isb						)
151.L_\@:
152		.endm
153
154		/*
155		 * The kernel build system appends the size of the
156		 * decompressed kernel at the end of the compressed data
157		 * in little-endian form.
158		 */
159		.macro	get_inflated_image_size, res:req, tmp1:req, tmp2:req
160		adr	\res, .Linflated_image_size_offset
161		ldr	\tmp1, [\res]
162		add	\tmp1, \tmp1, \res	@ address of inflated image size
163
164		ldrb	\res, [\tmp1]		@ get_unaligned_le32
165		ldrb	\tmp2, [\tmp1, #1]
166		orr	\res, \res, \tmp2, lsl #8
167		ldrb	\tmp2, [\tmp1, #2]
168		ldrb	\tmp1, [\tmp1, #3]
169		orr	\res, \res, \tmp2, lsl #16
170		orr	\res, \res, \tmp1, lsl #24
171		.endm
172
173		.section ".start", "ax"
174/*
175 * sort out different calling conventions
176 */
177		.align
178		/*
179		 * Always enter in ARM state for CPUs that support the ARM ISA.
180		 * As of today (2014) that's exactly the members of the A and R
181		 * classes.
182		 */
183 AR_CLASS(	.arm	)
184start:
185		.type	start,#function
186		/*
187		 * These 7 nops along with the 1 nop immediately below for
188		 * !THUMB2 form 8 nops that make the compressed kernel bootable
189		 * on legacy ARM systems that were assuming the kernel in a.out
190		 * binary format. The boot loaders on these systems would
191		 * jump 32 bytes into the image to skip the a.out header.
192		 * with these 8 nops filling exactly 32 bytes, things still
193		 * work as expected on these legacy systems. Thumb2 mode keeps
194		 * 7 of the nops as it turns out that some boot loaders
195		 * were patching the initial instructions of the kernel, i.e
196		 * had started to exploit this "patch area".
197		 */
198		.rept	7
199		__nop
200		.endr
201#ifndef CONFIG_THUMB2_KERNEL
202		__nop
203#else
204 AR_CLASS(	sub	pc, pc, #3	)	@ A/R: switch to Thumb2 mode
205  M_CLASS(	nop.w			)	@ M: already in Thumb2 mode
206		.thumb
207#endif
208		W(b)	1f
209
210		.word	_magic_sig	@ Magic numbers to help the loader
211		.word	_magic_start	@ absolute load/run zImage address
212		.word	_magic_end	@ zImage end address
213		.word	0x04030201	@ endianness flag
214		.word	0x45454545	@ another magic number to indicate
215		.word	_magic_table	@ additional data table
216
217		__EFI_HEADER
2181:
219 ARM_BE8(	setend	be		)	@ go BE8 if compiled for BE8
220 AR_CLASS(	mrs	r9, cpsr	)
221#ifdef CONFIG_ARM_VIRT_EXT
222		bl	__hyp_stub_install	@ get into SVC mode, reversibly
223#endif
224		mov	r7, r1			@ save architecture ID
225		mov	r8, r2			@ save atags pointer
226
227#ifndef CONFIG_CPU_V7M
228		/*
229		 * Booting from Angel - need to enter SVC mode and disable
230		 * FIQs/IRQs (numeric definitions from angel arm.h source).
231		 * We only do this if we were in user mode on entry.
232		 */
233		mrs	r2, cpsr		@ get current mode
234		tst	r2, #3			@ not user?
235		bne	not_angel
236		mov	r0, #0x17		@ angel_SWIreason_EnterSVC
237 ARM(		swi	0x123456	)	@ angel_SWI_ARM
238 THUMB(		svc	0xab		)	@ angel_SWI_THUMB
239not_angel:
240		safe_svcmode_maskall r0
241		msr	spsr_cxsf, r9		@ Save the CPU boot mode in
242						@ SPSR
243#endif
244		/*
245		 * Note that some cache flushing and other stuff may
246		 * be needed here - is there an Angel SWI call for this?
247		 */
248
249		/*
250		 * some architecture specific code can be inserted
251		 * by the linker here, but it should preserve r7, r8, and r9.
252		 */
253
254		.text
255
256#ifdef CONFIG_AUTO_ZRELADDR
257		/*
258		 * Find the start of physical memory.  As we are executing
259		 * without the MMU on, we are in the physical address space.
260		 * We just need to get rid of any offset by aligning the
261		 * address.
262		 *
263		 * This alignment is a balance between the requirements of
264		 * different platforms - we have chosen 128MB to allow
265		 * platforms which align the start of their physical memory
266		 * to 128MB to use this feature, while allowing the zImage
267		 * to be placed within the first 128MB of memory on other
268		 * platforms.  Increasing the alignment means we place
269		 * stricter alignment requirements on the start of physical
270		 * memory, but relaxing it means that we break people who
271		 * are already placing their zImage in (eg) the top 64MB
272		 * of this range.
273		 */
274		mov	r4, pc
275		and	r4, r4, #0xf8000000
276		/* Determine final kernel image address. */
277		add	r4, r4, #TEXT_OFFSET
278#else
279		ldr	r4, =zreladdr
280#endif
281
282		/*
283		 * Set up a page table only if it won't overwrite ourself.
284		 * That means r4 < pc || r4 - 16k page directory > &_end.
285		 * Given that r4 > &_end is most unfrequent, we add a rough
286		 * additional 1MB of room for a possible appended DTB.
287		 */
288		mov	r0, pc
289		cmp	r0, r4
290		ldrcc	r0, .Lheadroom
291		addcc	r0, r0, pc
292		cmpcc	r4, r0
293		orrcc	r4, r4, #1		@ remember we skipped cache_on
294		blcs	cache_on
295
296restart:	adr	r0, LC1
297		ldr	sp, [r0]
298		ldr	r6, [r0, #4]
299		add	sp, sp, r0
300		add	r6, r6, r0
301
302		get_inflated_image_size	r9, r10, lr
303
304#ifndef CONFIG_ZBOOT_ROM
305		/* malloc space is above the relocated stack (64k max) */
306		add	r10, sp, #0x10000
307#else
308		/*
309		 * With ZBOOT_ROM the bss/stack is non relocatable,
310		 * but someone could still run this code from RAM,
311		 * in which case our reference is _edata.
312		 */
313		mov	r10, r6
314#endif
315
316		mov	r5, #0			@ init dtb size to 0
317#ifdef CONFIG_ARM_APPENDED_DTB
318/*
319 *   r4  = final kernel address (possibly with LSB set)
320 *   r5  = appended dtb size (still unknown)
321 *   r6  = _edata
322 *   r7  = architecture ID
323 *   r8  = atags/device tree pointer
324 *   r9  = size of decompressed image
325 *   r10 = end of this image, including  bss/stack/malloc space if non XIP
326 *   sp  = stack pointer
327 *
328 * if there are device trees (dtb) appended to zImage, advance r10 so that the
329 * dtb data will get relocated along with the kernel if necessary.
330 */
331
332		ldr	lr, [r6, #0]
333#ifndef __ARMEB__
334		ldr	r1, =0xedfe0dd0		@ sig is 0xd00dfeed big endian
335#else
336		ldr	r1, =0xd00dfeed
337#endif
338		cmp	lr, r1
339		bne	dtb_check_done		@ not found
340
341#ifdef CONFIG_ARM_ATAG_DTB_COMPAT
342		/*
343		 * OK... Let's do some funky business here.
344		 * If we do have a DTB appended to zImage, and we do have
345		 * an ATAG list around, we want the later to be translated
346		 * and folded into the former here. No GOT fixup has occurred
347		 * yet, but none of the code we're about to call uses any
348		 * global variable.
349		*/
350
351		/* Get the initial DTB size */
352		ldr	r5, [r6, #4]
353#ifndef __ARMEB__
354		/* convert to little endian */
355		eor	r1, r5, r5, ror #16
356		bic	r1, r1, #0x00ff0000
357		mov	r5, r5, ror #8
358		eor	r5, r5, r1, lsr #8
359#endif
360		/* 50% DTB growth should be good enough */
361		add	r5, r5, r5, lsr #1
362		/* preserve 64-bit alignment */
363		add	r5, r5, #7
364		bic	r5, r5, #7
365		/* clamp to 32KB min and 1MB max */
366		cmp	r5, #(1 << 15)
367		movlo	r5, #(1 << 15)
368		cmp	r5, #(1 << 20)
369		movhi	r5, #(1 << 20)
370		/* temporarily relocate the stack past the DTB work space */
371		add	sp, sp, r5
372
373		mov	r0, r8
374		mov	r1, r6
375		mov	r2, r5
376		bl	atags_to_fdt
377
378		/*
379		 * If returned value is 1, there is no ATAG at the location
380		 * pointed by r8.  Try the typical 0x100 offset from start
381		 * of RAM and hope for the best.
382		 */
383		cmp	r0, #1
384		sub	r0, r4, #TEXT_OFFSET
385		bic	r0, r0, #1
386		add	r0, r0, #0x100
387		mov	r1, r6
388		mov	r2, r5
389		bleq	atags_to_fdt
390
391		sub	sp, sp, r5
392#endif
393
394		mov	r8, r6			@ use the appended device tree
395
396		/*
397		 * Make sure that the DTB doesn't end up in the final
398		 * kernel's .bss area. To do so, we adjust the decompressed
399		 * kernel size to compensate if that .bss size is larger
400		 * than the relocated code.
401		 */
402		ldr	r5, =_kernel_bss_size
403		adr	r1, wont_overwrite
404		sub	r1, r6, r1
405		subs	r1, r5, r1
406		addhi	r9, r9, r1
407
408		/* Get the current DTB size */
409		ldr	r5, [r6, #4]
410#ifndef __ARMEB__
411		/* convert r5 (dtb size) to little endian */
412		eor	r1, r5, r5, ror #16
413		bic	r1, r1, #0x00ff0000
414		mov	r5, r5, ror #8
415		eor	r5, r5, r1, lsr #8
416#endif
417
418		/* preserve 64-bit alignment */
419		add	r5, r5, #7
420		bic	r5, r5, #7
421
422		/* relocate some pointers past the appended dtb */
423		add	r6, r6, r5
424		add	r10, r10, r5
425		add	sp, sp, r5
426dtb_check_done:
427#endif
428
429/*
430 * Check to see if we will overwrite ourselves.
431 *   r4  = final kernel address (possibly with LSB set)
432 *   r9  = size of decompressed image
433 *   r10 = end of this image, including  bss/stack/malloc space if non XIP
434 * We basically want:
435 *   r4 - 16k page directory >= r10 -> OK
436 *   r4 + image length <= address of wont_overwrite -> OK
437 * Note: the possible LSB in r4 is harmless here.
438 */
439		add	r10, r10, #16384
440		cmp	r4, r10
441		bhs	wont_overwrite
442		add	r10, r4, r9
443		adr	r9, wont_overwrite
444		cmp	r10, r9
445		bls	wont_overwrite
446
447/*
448 * Relocate ourselves past the end of the decompressed kernel.
449 *   r6  = _edata
450 *   r10 = end of the decompressed kernel
451 * Because we always copy ahead, we need to do it from the end and go
452 * backward in case the source and destination overlap.
453 */
454		/*
455		 * Bump to the next 256-byte boundary with the size of
456		 * the relocation code added. This avoids overwriting
457		 * ourself when the offset is small.
458		 */
459		add	r10, r10, #((reloc_code_end - restart + 256) & ~255)
460		bic	r10, r10, #255
461
462		/* Get start of code we want to copy and align it down. */
463		adr	r5, restart
464		bic	r5, r5, #31
465
466/* Relocate the hyp vector base if necessary */
467#ifdef CONFIG_ARM_VIRT_EXT
468		mrs	r0, spsr
469		and	r0, r0, #MODE_MASK
470		cmp	r0, #HYP_MODE
471		bne	1f
472
473		/*
474		 * Compute the address of the hyp vectors after relocation.
475		 * This requires some arithmetic since we cannot directly
476		 * reference __hyp_stub_vectors in a PC-relative way.
477		 * Call __hyp_set_vectors with the new address so that we
478		 * can HVC again after the copy.
479		 */
4800:		adr	r0, 0b
481		movw	r1, #:lower16:__hyp_stub_vectors - 0b
482		movt	r1, #:upper16:__hyp_stub_vectors - 0b
483		add	r0, r0, r1
484		sub	r0, r0, r5
485		add	r0, r0, r10
486		bl	__hyp_set_vectors
4871:
488#endif
489
490		sub	r9, r6, r5		@ size to copy
491		add	r9, r9, #31		@ rounded up to a multiple
492		bic	r9, r9, #31		@ ... of 32 bytes
493		add	r6, r9, r5
494		add	r9, r9, r10
495
496#ifdef DEBUG
497		sub     r10, r6, r5
498		sub     r10, r9, r10
499		/*
500		 * We are about to copy the kernel to a new memory area.
501		 * The boundaries of the new memory area can be found in
502		 * r10 and r9, whilst r5 and r6 contain the boundaries
503		 * of the memory we are going to copy.
504		 * Calling dbgkc will help with the printing of this
505		 * information.
506		 */
507		dbgkc	r5, r6, r10, r9
508#endif
509
5101:		ldmdb	r6!, {r0 - r3, r10 - r12, lr}
511		cmp	r6, r5
512		stmdb	r9!, {r0 - r3, r10 - r12, lr}
513		bhi	1b
514
515		/* Preserve offset to relocated code. */
516		sub	r6, r9, r6
517
518		mov	r0, r9			@ start of relocated zImage
519		add	r1, sp, r6		@ end of relocated zImage
520		bl	cache_clean_flush
521
522		badr	r0, restart
523		add	r0, r0, r6
524		mov	pc, r0
525
526wont_overwrite:
527		adr	r0, LC0
528		ldmia	r0, {r1, r2, r3, r11, r12}
529		sub	r0, r0, r1		@ calculate the delta offset
530
531/*
532 * If delta is zero, we are running at the address we were linked at.
533 *   r0  = delta
534 *   r2  = BSS start
535 *   r3  = BSS end
536 *   r4  = kernel execution address (possibly with LSB set)
537 *   r5  = appended dtb size (0 if not present)
538 *   r7  = architecture ID
539 *   r8  = atags pointer
540 *   r11 = GOT start
541 *   r12 = GOT end
542 *   sp  = stack pointer
543 */
544		orrs	r1, r0, r5
545		beq	not_relocated
546
547		add	r11, r11, r0
548		add	r12, r12, r0
549
550#ifndef CONFIG_ZBOOT_ROM
551		/*
552		 * If we're running fully PIC === CONFIG_ZBOOT_ROM = n,
553		 * we need to fix up pointers into the BSS region.
554		 * Note that the stack pointer has already been fixed up.
555		 */
556		add	r2, r2, r0
557		add	r3, r3, r0
558
559		/*
560		 * Relocate all entries in the GOT table.
561		 * Bump bss entries to _edata + dtb size
562		 */
5631:		ldr	r1, [r11, #0]		@ relocate entries in the GOT
564		add	r1, r1, r0		@ This fixes up C references
565		cmp	r1, r2			@ if entry >= bss_start &&
566		cmphs	r3, r1			@       bss_end > entry
567		addhi	r1, r1, r5		@    entry += dtb size
568		str	r1, [r11], #4		@ next entry
569		cmp	r11, r12
570		blo	1b
571
572		/* bump our bss pointers too */
573		add	r2, r2, r5
574		add	r3, r3, r5
575
576#else
577
578		/*
579		 * Relocate entries in the GOT table.  We only relocate
580		 * the entries that are outside the (relocated) BSS region.
581		 */
5821:		ldr	r1, [r11, #0]		@ relocate entries in the GOT
583		cmp	r1, r2			@ entry < bss_start ||
584		cmphs	r3, r1			@ _end < entry
585		addlo	r1, r1, r0		@ table.  This fixes up the
586		str	r1, [r11], #4		@ C references.
587		cmp	r11, r12
588		blo	1b
589#endif
590
591not_relocated:	mov	r0, #0
5921:		str	r0, [r2], #4		@ clear bss
593		str	r0, [r2], #4
594		str	r0, [r2], #4
595		str	r0, [r2], #4
596		cmp	r2, r3
597		blo	1b
598
599		/*
600		 * Did we skip the cache setup earlier?
601		 * That is indicated by the LSB in r4.
602		 * Do it now if so.
603		 */
604		tst	r4, #1
605		bic	r4, r4, #1
606		blne	cache_on
607
608/*
609 * The C runtime environment should now be setup sufficiently.
610 * Set up some pointers, and start decompressing.
611 *   r4  = kernel execution address
612 *   r7  = architecture ID
613 *   r8  = atags pointer
614 */
615		mov	r0, r4
616		mov	r1, sp			@ malloc space above stack
617		add	r2, sp, #0x10000	@ 64k max
618		mov	r3, r7
619		bl	decompress_kernel
620
621		get_inflated_image_size	r1, r2, r3
622
623		mov	r0, r4			@ start of inflated image
624		add	r1, r1, r0		@ end of inflated image
625		bl	cache_clean_flush
626		bl	cache_off
627
628#ifdef CONFIG_ARM_VIRT_EXT
629		mrs	r0, spsr		@ Get saved CPU boot mode
630		and	r0, r0, #MODE_MASK
631		cmp	r0, #HYP_MODE		@ if not booted in HYP mode...
632		bne	__enter_kernel		@ boot kernel directly
633
634		adr	r12, .L__hyp_reentry_vectors_offset
635		ldr	r0, [r12]
636		add	r0, r0, r12
637
638		bl	__hyp_set_vectors
639		__HVC(0)			@ otherwise bounce to hyp mode
640
641		b	.			@ should never be reached
642
643		.align	2
644.L__hyp_reentry_vectors_offset:	.long	__hyp_reentry_vectors - .
645#else
646		b	__enter_kernel
647#endif
648
649		.align	2
650		.type	LC0, #object
651LC0:		.word	LC0			@ r1
652		.word	__bss_start		@ r2
653		.word	_end			@ r3
654		.word	_got_start		@ r11
655		.word	_got_end		@ ip
656		.size	LC0, . - LC0
657
658		.type	LC1, #object
659LC1:		.word	.L_user_stack_end - LC1	@ sp
660		.word	_edata - LC1		@ r6
661		.size	LC1, . - LC1
662
663.Lheadroom:
664		.word	_end - restart + 16384 + 1024*1024
665
666.Linflated_image_size_offset:
667		.long	(input_data_end - 4) - .
668
669#ifdef CONFIG_ARCH_RPC
670		.globl	params
671params:		ldr	r0, =0x10000100		@ params_phys for RPC
672		mov	pc, lr
673		.ltorg
674		.align
675#endif
676
677/*
678 * dcache_line_size - get the minimum D-cache line size from the CTR register
679 * on ARMv7.
680 */
681		.macro	dcache_line_size, reg, tmp
682#ifdef CONFIG_CPU_V7M
683		movw	\tmp, #:lower16:BASEADDR_V7M_SCB + V7M_SCB_CTR
684		movt	\tmp, #:upper16:BASEADDR_V7M_SCB + V7M_SCB_CTR
685		ldr	\tmp, [\tmp]
686#else
687		mrc	p15, 0, \tmp, c0, c0, 1		@ read ctr
688#endif
689		lsr	\tmp, \tmp, #16
690		and	\tmp, \tmp, #0xf		@ cache line size encoding
691		mov	\reg, #4			@ bytes per word
692		mov	\reg, \reg, lsl \tmp		@ actual cache line size
693		.endm
694
695/*
696 * Turn on the cache.  We need to setup some page tables so that we
697 * can have both the I and D caches on.
698 *
699 * We place the page tables 16k down from the kernel execution address,
700 * and we hope that nothing else is using it.  If we're using it, we
701 * will go pop!
702 *
703 * On entry,
704 *  r4 = kernel execution address
705 *  r7 = architecture number
706 *  r8 = atags pointer
707 * On exit,
708 *  r0, r1, r2, r3, r9, r10, r12 corrupted
709 * This routine must preserve:
710 *  r4, r7, r8
711 */
712		.align	5
713cache_on:	mov	r3, #8			@ cache_on function
714		b	call_cache_fn
715
716/*
717 * Initialize the highest priority protection region, PR7
718 * to cover all 32bit address and cacheable and bufferable.
719 */
720__armv4_mpu_cache_on:
721		mov	r0, #0x3f		@ 4G, the whole
722		mcr	p15, 0, r0, c6, c7, 0	@ PR7 Area Setting
723		mcr 	p15, 0, r0, c6, c7, 1
724
725		mov	r0, #0x80		@ PR7
726		mcr	p15, 0, r0, c2, c0, 0	@ D-cache on
727		mcr	p15, 0, r0, c2, c0, 1	@ I-cache on
728		mcr	p15, 0, r0, c3, c0, 0	@ write-buffer on
729
730		mov	r0, #0xc000
731		mcr	p15, 0, r0, c5, c0, 1	@ I-access permission
732		mcr	p15, 0, r0, c5, c0, 0	@ D-access permission
733
734		mov	r0, #0
735		mcr	p15, 0, r0, c7, c10, 4	@ drain write buffer
736		mcr	p15, 0, r0, c7, c5, 0	@ flush(inval) I-Cache
737		mcr	p15, 0, r0, c7, c6, 0	@ flush(inval) D-Cache
738		mrc	p15, 0, r0, c1, c0, 0	@ read control reg
739						@ ...I .... ..D. WC.M
740		orr	r0, r0, #0x002d		@ .... .... ..1. 11.1
741		orr	r0, r0, #0x1000		@ ...1 .... .... ....
742
743		mcr	p15, 0, r0, c1, c0, 0	@ write control reg
744
745		mov	r0, #0
746		mcr	p15, 0, r0, c7, c5, 0	@ flush(inval) I-Cache
747		mcr	p15, 0, r0, c7, c6, 0	@ flush(inval) D-Cache
748		mov	pc, lr
749
750__armv3_mpu_cache_on:
751		mov	r0, #0x3f		@ 4G, the whole
752		mcr	p15, 0, r0, c6, c7, 0	@ PR7 Area Setting
753
754		mov	r0, #0x80		@ PR7
755		mcr	p15, 0, r0, c2, c0, 0	@ cache on
756		mcr	p15, 0, r0, c3, c0, 0	@ write-buffer on
757
758		mov	r0, #0xc000
759		mcr	p15, 0, r0, c5, c0, 0	@ access permission
760
761		mov	r0, #0
762		mcr	p15, 0, r0, c7, c0, 0	@ invalidate whole cache v3
763		/*
764		 * ?? ARMv3 MMU does not allow reading the control register,
765		 * does this really work on ARMv3 MPU?
766		 */
767		mrc	p15, 0, r0, c1, c0, 0	@ read control reg
768						@ .... .... .... WC.M
769		orr	r0, r0, #0x000d		@ .... .... .... 11.1
770		/* ?? this overwrites the value constructed above? */
771		mov	r0, #0
772		mcr	p15, 0, r0, c1, c0, 0	@ write control reg
773
774		/* ?? invalidate for the second time? */
775		mcr	p15, 0, r0, c7, c0, 0	@ invalidate whole cache v3
776		mov	pc, lr
777
778#ifdef CONFIG_CPU_DCACHE_WRITETHROUGH
779#define CB_BITS 0x08
780#else
781#define CB_BITS 0x0c
782#endif
783
784__setup_mmu:	sub	r3, r4, #16384		@ Page directory size
785		bic	r3, r3, #0xff		@ Align the pointer
786		bic	r3, r3, #0x3f00
787/*
788 * Initialise the page tables, turning on the cacheable and bufferable
789 * bits for the RAM area only.
790 */
791		mov	r0, r3
792		mov	r9, r0, lsr #18
793		mov	r9, r9, lsl #18		@ start of RAM
794		add	r10, r9, #0x10000000	@ a reasonable RAM size
795		mov	r1, #0x12		@ XN|U + section mapping
796		orr	r1, r1, #3 << 10	@ AP=11
797		add	r2, r3, #16384
7981:		cmp	r1, r9			@ if virt > start of RAM
799		cmphs	r10, r1			@   && end of RAM > virt
800		bic	r1, r1, #0x1c		@ clear XN|U + C + B
801		orrlo	r1, r1, #0x10		@ Set XN|U for non-RAM
802		orrhs	r1, r1, r6		@ set RAM section settings
803		str	r1, [r0], #4		@ 1:1 mapping
804		add	r1, r1, #1048576
805		teq	r0, r2
806		bne	1b
807/*
808 * If ever we are running from Flash, then we surely want the cache
809 * to be enabled also for our execution instance...  We map 2MB of it
810 * so there is no map overlap problem for up to 1 MB compressed kernel.
811 * If the execution is in RAM then we would only be duplicating the above.
812 */
813		orr	r1, r6, #0x04		@ ensure B is set for this
814		orr	r1, r1, #3 << 10
815		mov	r2, pc
816		mov	r2, r2, lsr #20
817		orr	r1, r1, r2, lsl #20
818		add	r0, r3, r2, lsl #2
819		str	r1, [r0], #4
820		add	r1, r1, #1048576
821		str	r1, [r0]
822		mov	pc, lr
823ENDPROC(__setup_mmu)
824
825@ Enable unaligned access on v6, to allow better code generation
826@ for the decompressor C code:
827__armv6_mmu_cache_on:
828		mrc	p15, 0, r0, c1, c0, 0	@ read SCTLR
829		bic	r0, r0, #2		@ A (no unaligned access fault)
830		orr	r0, r0, #1 << 22	@ U (v6 unaligned access model)
831		mcr	p15, 0, r0, c1, c0, 0	@ write SCTLR
832		b	__armv4_mmu_cache_on
833
834__arm926ejs_mmu_cache_on:
835#ifdef CONFIG_CPU_DCACHE_WRITETHROUGH
836		mov	r0, #4			@ put dcache in WT mode
837		mcr	p15, 7, r0, c15, c0, 0
838#endif
839
840__armv4_mmu_cache_on:
841		mov	r12, lr
842#ifdef CONFIG_MMU
843		mov	r6, #CB_BITS | 0x12	@ U
844		bl	__setup_mmu
845		mov	r0, #0
846		mcr	p15, 0, r0, c7, c10, 4	@ drain write buffer
847		mcr	p15, 0, r0, c8, c7, 0	@ flush I,D TLBs
848		mrc	p15, 0, r0, c1, c0, 0	@ read control reg
849		orr	r0, r0, #0x5000		@ I-cache enable, RR cache replacement
850		orr	r0, r0, #0x0030
851 ARM_BE8(	orr	r0, r0, #1 << 25 )	@ big-endian page tables
852		bl	__common_mmu_cache_on
853		mov	r0, #0
854		mcr	p15, 0, r0, c8, c7, 0	@ flush I,D TLBs
855#endif
856		mov	pc, r12
857
858__armv7_mmu_cache_on:
859		enable_cp15_barriers	r11
860		mov	r12, lr
861#ifdef CONFIG_MMU
862		mrc	p15, 0, r11, c0, c1, 4	@ read ID_MMFR0
863		tst	r11, #0xf		@ VMSA
864		movne	r6, #CB_BITS | 0x02	@ !XN
865		blne	__setup_mmu
866		mov	r0, #0
867		mcr	p15, 0, r0, c7, c10, 4	@ drain write buffer
868		tst	r11, #0xf		@ VMSA
869		mcrne	p15, 0, r0, c8, c7, 0	@ flush I,D TLBs
870#endif
871		mrc	p15, 0, r0, c1, c0, 0	@ read control reg
872		bic	r0, r0, #1 << 28	@ clear SCTLR.TRE
873		orr	r0, r0, #0x5000		@ I-cache enable, RR cache replacement
874		orr	r0, r0, #0x003c		@ write buffer
875		bic	r0, r0, #2		@ A (no unaligned access fault)
876		orr	r0, r0, #1 << 22	@ U (v6 unaligned access model)
877						@ (needed for ARM1176)
878#ifdef CONFIG_MMU
879 ARM_BE8(	orr	r0, r0, #1 << 25 )	@ big-endian page tables
880		mrcne   p15, 0, r6, c2, c0, 2   @ read ttb control reg
881		orrne	r0, r0, #1		@ MMU enabled
882		movne	r1, #0xfffffffd		@ domain 0 = client
883		bic     r6, r6, #1 << 31        @ 32-bit translation system
884		bic     r6, r6, #(7 << 0) | (1 << 4)	@ use only ttbr0
885		mcrne	p15, 0, r3, c2, c0, 0	@ load page table pointer
886		mcrne	p15, 0, r1, c3, c0, 0	@ load domain access control
887		mcrne   p15, 0, r6, c2, c0, 2   @ load ttb control
888#endif
889		mcr	p15, 0, r0, c7, c5, 4	@ ISB
890		mcr	p15, 0, r0, c1, c0, 0	@ load control register
891		mrc	p15, 0, r0, c1, c0, 0	@ and read it back
892		mov	r0, #0
893		mcr	p15, 0, r0, c7, c5, 4	@ ISB
894		mov	pc, r12
895
896__fa526_cache_on:
897		mov	r12, lr
898		mov	r6, #CB_BITS | 0x12	@ U
899		bl	__setup_mmu
900		mov	r0, #0
901		mcr	p15, 0, r0, c7, c7, 0	@ Invalidate whole cache
902		mcr	p15, 0, r0, c7, c10, 4	@ drain write buffer
903		mcr	p15, 0, r0, c8, c7, 0	@ flush UTLB
904		mrc	p15, 0, r0, c1, c0, 0	@ read control reg
905		orr	r0, r0, #0x1000		@ I-cache enable
906		bl	__common_mmu_cache_on
907		mov	r0, #0
908		mcr	p15, 0, r0, c8, c7, 0	@ flush UTLB
909		mov	pc, r12
910
911__common_mmu_cache_on:
912#ifndef CONFIG_THUMB2_KERNEL
913#ifndef DEBUG
914		orr	r0, r0, #0x000d		@ Write buffer, mmu
915#endif
916		mov	r1, #-1
917		mcr	p15, 0, r3, c2, c0, 0	@ load page table pointer
918		mcr	p15, 0, r1, c3, c0, 0	@ load domain access control
919		b	1f
920		.align	5			@ cache line aligned
9211:		mcr	p15, 0, r0, c1, c0, 0	@ load control register
922		mrc	p15, 0, r0, c1, c0, 0	@ and read it back to
923		sub	pc, lr, r0, lsr #32	@ properly flush pipeline
924#endif
925
926#define PROC_ENTRY_SIZE (4*5)
927
928/*
929 * Here follow the relocatable cache support functions for the
930 * various processors.  This is a generic hook for locating an
931 * entry and jumping to an instruction at the specified offset
932 * from the start of the block.  Please note this is all position
933 * independent code.
934 *
935 *  r1  = corrupted
936 *  r2  = corrupted
937 *  r3  = block offset
938 *  r9  = corrupted
939 *  r12 = corrupted
940 */
941
942call_cache_fn:	adr	r12, proc_types
943#ifdef CONFIG_CPU_CP15
944		mrc	p15, 0, r9, c0, c0	@ get processor ID
945#elif defined(CONFIG_CPU_V7M)
946		/*
947		 * On v7-M the processor id is located in the V7M_SCB_CPUID
948		 * register, but as cache handling is IMPLEMENTATION DEFINED on
949		 * v7-M (if existant at all) we just return early here.
950		 * If V7M_SCB_CPUID were used the cpu ID functions (i.e.
951		 * __armv7_mmu_cache_{on,off,flush}) would be selected which
952		 * use cp15 registers that are not implemented on v7-M.
953		 */
954		bx	lr
955#else
956		ldr	r9, =CONFIG_PROCESSOR_ID
957#endif
9581:		ldr	r1, [r12, #0]		@ get value
959		ldr	r2, [r12, #4]		@ get mask
960		eor	r1, r1, r9		@ (real ^ match)
961		tst	r1, r2			@       & mask
962 ARM(		addeq	pc, r12, r3		) @ call cache function
963 THUMB(		addeq	r12, r3			)
964 THUMB(		moveq	pc, r12			) @ call cache function
965		add	r12, r12, #PROC_ENTRY_SIZE
966		b	1b
967
968/*
969 * Table for cache operations.  This is basically:
970 *   - CPU ID match
971 *   - CPU ID mask
972 *   - 'cache on' method instruction
973 *   - 'cache off' method instruction
974 *   - 'cache flush' method instruction
975 *
976 * We match an entry using: ((real_id ^ match) & mask) == 0
977 *
978 * Writethrough caches generally only need 'on' and 'off'
979 * methods.  Writeback caches _must_ have the flush method
980 * defined.
981 */
982		.align	2
983		.type	proc_types,#object
984proc_types:
985		.word	0x41000000		@ old ARM ID
986		.word	0xff00f000
987		mov	pc, lr
988 THUMB(		nop				)
989		mov	pc, lr
990 THUMB(		nop				)
991		mov	pc, lr
992 THUMB(		nop				)
993
994		.word	0x41007000		@ ARM7/710
995		.word	0xfff8fe00
996		mov	pc, lr
997 THUMB(		nop				)
998		mov	pc, lr
999 THUMB(		nop				)
1000		mov	pc, lr
1001 THUMB(		nop				)
1002
1003		.word	0x41807200		@ ARM720T (writethrough)
1004		.word	0xffffff00
1005		W(b)	__armv4_mmu_cache_on
1006		W(b)	__armv4_mmu_cache_off
1007		mov	pc, lr
1008 THUMB(		nop				)
1009
1010		.word	0x41007400		@ ARM74x
1011		.word	0xff00ff00
1012		W(b)	__armv3_mpu_cache_on
1013		W(b)	__armv3_mpu_cache_off
1014		W(b)	__armv3_mpu_cache_flush
1015
1016		.word	0x41009400		@ ARM94x
1017		.word	0xff00ff00
1018		W(b)	__armv4_mpu_cache_on
1019		W(b)	__armv4_mpu_cache_off
1020		W(b)	__armv4_mpu_cache_flush
1021
1022		.word	0x41069260		@ ARM926EJ-S (v5TEJ)
1023		.word	0xff0ffff0
1024		W(b)	__arm926ejs_mmu_cache_on
1025		W(b)	__armv4_mmu_cache_off
1026		W(b)	__armv5tej_mmu_cache_flush
1027
1028		.word	0x00007000		@ ARM7 IDs
1029		.word	0x0000f000
1030		mov	pc, lr
1031 THUMB(		nop				)
1032		mov	pc, lr
1033 THUMB(		nop				)
1034		mov	pc, lr
1035 THUMB(		nop				)
1036
1037		@ Everything from here on will be the new ID system.
1038
1039		.word	0x4401a100		@ sa110 / sa1100
1040		.word	0xffffffe0
1041		W(b)	__armv4_mmu_cache_on
1042		W(b)	__armv4_mmu_cache_off
1043		W(b)	__armv4_mmu_cache_flush
1044
1045		.word	0x6901b110		@ sa1110
1046		.word	0xfffffff0
1047		W(b)	__armv4_mmu_cache_on
1048		W(b)	__armv4_mmu_cache_off
1049		W(b)	__armv4_mmu_cache_flush
1050
1051		.word	0x56056900
1052		.word	0xffffff00		@ PXA9xx
1053		W(b)	__armv4_mmu_cache_on
1054		W(b)	__armv4_mmu_cache_off
1055		W(b)	__armv4_mmu_cache_flush
1056
1057		.word	0x56158000		@ PXA168
1058		.word	0xfffff000
1059		W(b)	__armv4_mmu_cache_on
1060		W(b)	__armv4_mmu_cache_off
1061		W(b)	__armv5tej_mmu_cache_flush
1062
1063		.word	0x56050000		@ Feroceon
1064		.word	0xff0f0000
1065		W(b)	__armv4_mmu_cache_on
1066		W(b)	__armv4_mmu_cache_off
1067		W(b)	__armv5tej_mmu_cache_flush
1068
1069#ifdef CONFIG_CPU_FEROCEON_OLD_ID
1070		/* this conflicts with the standard ARMv5TE entry */
1071		.long	0x41009260		@ Old Feroceon
1072		.long	0xff00fff0
1073		b	__armv4_mmu_cache_on
1074		b	__armv4_mmu_cache_off
1075		b	__armv5tej_mmu_cache_flush
1076#endif
1077
1078		.word	0x66015261		@ FA526
1079		.word	0xff01fff1
1080		W(b)	__fa526_cache_on
1081		W(b)	__armv4_mmu_cache_off
1082		W(b)	__fa526_cache_flush
1083
1084		@ These match on the architecture ID
1085
1086		.word	0x00020000		@ ARMv4T
1087		.word	0x000f0000
1088		W(b)	__armv4_mmu_cache_on
1089		W(b)	__armv4_mmu_cache_off
1090		W(b)	__armv4_mmu_cache_flush
1091
1092		.word	0x00050000		@ ARMv5TE
1093		.word	0x000f0000
1094		W(b)	__armv4_mmu_cache_on
1095		W(b)	__armv4_mmu_cache_off
1096		W(b)	__armv4_mmu_cache_flush
1097
1098		.word	0x00060000		@ ARMv5TEJ
1099		.word	0x000f0000
1100		W(b)	__armv4_mmu_cache_on
1101		W(b)	__armv4_mmu_cache_off
1102		W(b)	__armv5tej_mmu_cache_flush
1103
1104		.word	0x0007b000		@ ARMv6
1105		.word	0x000ff000
1106		W(b)	__armv6_mmu_cache_on
1107		W(b)	__armv4_mmu_cache_off
1108		W(b)	__armv6_mmu_cache_flush
1109
1110		.word	0x000f0000		@ new CPU Id
1111		.word	0x000f0000
1112		W(b)	__armv7_mmu_cache_on
1113		W(b)	__armv7_mmu_cache_off
1114		W(b)	__armv7_mmu_cache_flush
1115
1116		.word	0			@ unrecognised type
1117		.word	0
1118		mov	pc, lr
1119 THUMB(		nop				)
1120		mov	pc, lr
1121 THUMB(		nop				)
1122		mov	pc, lr
1123 THUMB(		nop				)
1124
1125		.size	proc_types, . - proc_types
1126
1127		/*
1128		 * If you get a "non-constant expression in ".if" statement"
1129		 * error from the assembler on this line, check that you have
1130		 * not accidentally written a "b" instruction where you should
1131		 * have written W(b).
1132		 */
1133		.if (. - proc_types) % PROC_ENTRY_SIZE != 0
1134		.error "The size of one or more proc_types entries is wrong."
1135		.endif
1136
1137/*
1138 * Turn off the Cache and MMU.  ARMv3 does not support
1139 * reading the control register, but ARMv4 does.
1140 *
1141 * On exit,
1142 *  r0, r1, r2, r3, r9, r12 corrupted
1143 * This routine must preserve:
1144 *  r4, r7, r8
1145 */
1146		.align	5
1147cache_off:	mov	r3, #12			@ cache_off function
1148		b	call_cache_fn
1149
1150__armv4_mpu_cache_off:
1151		mrc	p15, 0, r0, c1, c0
1152		bic	r0, r0, #0x000d
1153		mcr	p15, 0, r0, c1, c0	@ turn MPU and cache off
1154		mov	r0, #0
1155		mcr	p15, 0, r0, c7, c10, 4	@ drain write buffer
1156		mcr	p15, 0, r0, c7, c6, 0	@ flush D-Cache
1157		mcr	p15, 0, r0, c7, c5, 0	@ flush I-Cache
1158		mov	pc, lr
1159
1160__armv3_mpu_cache_off:
1161		mrc	p15, 0, r0, c1, c0
1162		bic	r0, r0, #0x000d
1163		mcr	p15, 0, r0, c1, c0, 0	@ turn MPU and cache off
1164		mov	r0, #0
1165		mcr	p15, 0, r0, c7, c0, 0	@ invalidate whole cache v3
1166		mov	pc, lr
1167
1168__armv4_mmu_cache_off:
1169#ifdef CONFIG_MMU
1170		mrc	p15, 0, r0, c1, c0
1171		bic	r0, r0, #0x000d
1172		mcr	p15, 0, r0, c1, c0	@ turn MMU and cache off
1173		mov	r0, #0
1174		mcr	p15, 0, r0, c7, c7	@ invalidate whole cache v4
1175		mcr	p15, 0, r0, c8, c7	@ invalidate whole TLB v4
1176#endif
1177		mov	pc, lr
1178
1179__armv7_mmu_cache_off:
1180		mrc	p15, 0, r0, c1, c0
1181#ifdef CONFIG_MMU
1182		bic	r0, r0, #0x000d
1183#else
1184		bic	r0, r0, #0x000c
1185#endif
1186		mcr	p15, 0, r0, c1, c0	@ turn MMU and cache off
1187		mov	r0, #0
1188#ifdef CONFIG_MMU
1189		mcr	p15, 0, r0, c8, c7, 0	@ invalidate whole TLB
1190#endif
1191		mcr	p15, 0, r0, c7, c5, 6	@ invalidate BTC
1192		mcr	p15, 0, r0, c7, c10, 4	@ DSB
1193		mcr	p15, 0, r0, c7, c5, 4	@ ISB
1194		mov	pc, lr
1195
1196/*
1197 * Clean and flush the cache to maintain consistency.
1198 *
1199 * On entry,
1200 *  r0 = start address
1201 *  r1 = end address (exclusive)
1202 * On exit,
1203 *  r1, r2, r3, r9, r10, r11, r12 corrupted
1204 * This routine must preserve:
1205 *  r4, r6, r7, r8
1206 */
1207		.align	5
1208cache_clean_flush:
1209		mov	r3, #16
1210		mov	r11, r1
1211		b	call_cache_fn
1212
1213__armv4_mpu_cache_flush:
1214		tst	r4, #1
1215		movne	pc, lr
1216		mov	r2, #1
1217		mov	r3, #0
1218		mcr	p15, 0, ip, c7, c6, 0	@ invalidate D cache
1219		mov	r1, #7 << 5		@ 8 segments
12201:		orr	r3, r1, #63 << 26	@ 64 entries
12212:		mcr	p15, 0, r3, c7, c14, 2	@ clean & invalidate D index
1222		subs	r3, r3, #1 << 26
1223		bcs	2b			@ entries 63 to 0
1224		subs 	r1, r1, #1 << 5
1225		bcs	1b			@ segments 7 to 0
1226
1227		teq	r2, #0
1228		mcrne	p15, 0, ip, c7, c5, 0	@ invalidate I cache
1229		mcr	p15, 0, ip, c7, c10, 4	@ drain WB
1230		mov	pc, lr
1231
1232__fa526_cache_flush:
1233		tst	r4, #1
1234		movne	pc, lr
1235		mov	r1, #0
1236		mcr	p15, 0, r1, c7, c14, 0	@ clean and invalidate D cache
1237		mcr	p15, 0, r1, c7, c5, 0	@ flush I cache
1238		mcr	p15, 0, r1, c7, c10, 4	@ drain WB
1239		mov	pc, lr
1240
1241__armv6_mmu_cache_flush:
1242		mov	r1, #0
1243		tst	r4, #1
1244		mcreq	p15, 0, r1, c7, c14, 0	@ clean+invalidate D
1245		mcr	p15, 0, r1, c7, c5, 0	@ invalidate I+BTB
1246		mcreq	p15, 0, r1, c7, c15, 0	@ clean+invalidate unified
1247		mcr	p15, 0, r1, c7, c10, 4	@ drain WB
1248		mov	pc, lr
1249
1250__armv7_mmu_cache_flush:
1251		enable_cp15_barriers	r10
1252		tst	r4, #1
1253		bne	iflush
1254		mrc	p15, 0, r10, c0, c1, 5	@ read ID_MMFR1
1255		tst	r10, #0xf << 16		@ hierarchical cache (ARMv7)
1256		mov	r10, #0
1257		beq	hierarchical
1258		mcr	p15, 0, r10, c7, c14, 0	@ clean+invalidate D
1259		b	iflush
1260hierarchical:
1261		dcache_line_size r1, r2		@ r1 := dcache min line size
1262		sub	r2, r1, #1		@ r2 := line size mask
1263		bic	r0, r0, r2		@ round down start to line size
1264		sub	r11, r11, #1		@ end address is exclusive
1265		bic	r11, r11, r2		@ round down end to line size
12660:		cmp	r0, r11			@ finished?
1267		bgt	iflush
1268		mcr	p15, 0, r0, c7, c14, 1	@ Dcache clean/invalidate by VA
1269		add	r0, r0, r1
1270		b	0b
1271iflush:
1272		mcr	p15, 0, r10, c7, c10, 4	@ DSB
1273		mcr	p15, 0, r10, c7, c5, 0	@ invalidate I+BTB
1274		mcr	p15, 0, r10, c7, c10, 4	@ DSB
1275		mcr	p15, 0, r10, c7, c5, 4	@ ISB
1276		mov	pc, lr
1277
1278__armv5tej_mmu_cache_flush:
1279		tst	r4, #1
1280		movne	pc, lr
12811:		mrc	p15, 0, APSR_nzcv, c7, c14, 3	@ test,clean,invalidate D cache
1282		bne	1b
1283		mcr	p15, 0, r0, c7, c5, 0	@ flush I cache
1284		mcr	p15, 0, r0, c7, c10, 4	@ drain WB
1285		mov	pc, lr
1286
1287__armv4_mmu_cache_flush:
1288		tst	r4, #1
1289		movne	pc, lr
1290		mov	r2, #64*1024		@ default: 32K dcache size (*2)
1291		mov	r11, #32		@ default: 32 byte line size
1292		mrc	p15, 0, r3, c0, c0, 1	@ read cache type
1293		teq	r3, r9			@ cache ID register present?
1294		beq	no_cache_id
1295		mov	r1, r3, lsr #18
1296		and	r1, r1, #7
1297		mov	r2, #1024
1298		mov	r2, r2, lsl r1		@ base dcache size *2
1299		tst	r3, #1 << 14		@ test M bit
1300		addne	r2, r2, r2, lsr #1	@ +1/2 size if M == 1
1301		mov	r3, r3, lsr #12
1302		and	r3, r3, #3
1303		mov	r11, #8
1304		mov	r11, r11, lsl r3	@ cache line size in bytes
1305no_cache_id:
1306		mov	r1, pc
1307		bic	r1, r1, #63		@ align to longest cache line
1308		add	r2, r1, r2
13091:
1310 ARM(		ldr	r3, [r1], r11		) @ s/w flush D cache
1311 THUMB(		ldr     r3, [r1]		) @ s/w flush D cache
1312 THUMB(		add     r1, r1, r11		)
1313		teq	r1, r2
1314		bne	1b
1315
1316		mcr	p15, 0, r1, c7, c5, 0	@ flush I cache
1317		mcr	p15, 0, r1, c7, c6, 0	@ flush D cache
1318		mcr	p15, 0, r1, c7, c10, 4	@ drain WB
1319		mov	pc, lr
1320
1321__armv3_mmu_cache_flush:
1322__armv3_mpu_cache_flush:
1323		tst	r4, #1
1324		movne	pc, lr
1325		mov	r1, #0
1326		mcr	p15, 0, r1, c7, c0, 0	@ invalidate whole cache v3
1327		mov	pc, lr
1328
1329/*
1330 * Various debugging routines for printing hex characters and
1331 * memory, which again must be relocatable.
1332 */
1333#ifdef DEBUG
1334		.align	2
1335		.type	phexbuf,#object
1336phexbuf:	.space	12
1337		.size	phexbuf, . - phexbuf
1338
1339@ phex corrupts {r0, r1, r2, r3}
1340phex:		adr	r3, phexbuf
1341		mov	r2, #0
1342		strb	r2, [r3, r1]
13431:		subs	r1, r1, #1
1344		movmi	r0, r3
1345		bmi	puts
1346		and	r2, r0, #15
1347		mov	r0, r0, lsr #4
1348		cmp	r2, #10
1349		addge	r2, r2, #7
1350		add	r2, r2, #'0'
1351		strb	r2, [r3, r1]
1352		b	1b
1353
1354@ puts corrupts {r0, r1, r2, r3}
1355puts:		loadsp	r3, r2, r1
13561:		ldrb	r2, [r0], #1
1357		teq	r2, #0
1358		moveq	pc, lr
13592:		writeb	r2, r3
1360		mov	r1, #0x00020000
13613:		subs	r1, r1, #1
1362		bne	3b
1363		teq	r2, #'\n'
1364		moveq	r2, #'\r'
1365		beq	2b
1366		teq	r0, #0
1367		bne	1b
1368		mov	pc, lr
1369@ putc corrupts {r0, r1, r2, r3}
1370putc:
1371		mov	r2, r0
1372		loadsp	r3, r1, r0
1373		mov	r0, #0
1374		b	2b
1375
1376@ memdump corrupts {r0, r1, r2, r3, r10, r11, r12, lr}
1377memdump:	mov	r12, r0
1378		mov	r10, lr
1379		mov	r11, #0
13802:		mov	r0, r11, lsl #2
1381		add	r0, r0, r12
1382		mov	r1, #8
1383		bl	phex
1384		mov	r0, #':'
1385		bl	putc
13861:		mov	r0, #' '
1387		bl	putc
1388		ldr	r0, [r12, r11, lsl #2]
1389		mov	r1, #8
1390		bl	phex
1391		and	r0, r11, #7
1392		teq	r0, #3
1393		moveq	r0, #' '
1394		bleq	putc
1395		and	r0, r11, #7
1396		add	r11, r11, #1
1397		teq	r0, #7
1398		bne	1b
1399		mov	r0, #'\n'
1400		bl	putc
1401		cmp	r11, #64
1402		blt	2b
1403		mov	pc, r10
1404#endif
1405
1406		.ltorg
1407
1408#ifdef CONFIG_ARM_VIRT_EXT
1409.align 5
1410__hyp_reentry_vectors:
1411		W(b)	.			@ reset
1412		W(b)	.			@ undef
1413#ifdef CONFIG_EFI_STUB
1414		W(b)	__enter_kernel_from_hyp	@ hvc from HYP
1415#else
1416		W(b)	.			@ svc
1417#endif
1418		W(b)	.			@ pabort
1419		W(b)	.			@ dabort
1420		W(b)	__enter_kernel		@ hyp
1421		W(b)	.			@ irq
1422		W(b)	.			@ fiq
1423#endif /* CONFIG_ARM_VIRT_EXT */
1424
1425__enter_kernel:
1426		mov	r0, #0			@ must be 0
1427		mov	r1, r7			@ restore architecture number
1428		mov	r2, r8			@ restore atags pointer
1429 ARM(		mov	pc, r4		)	@ call kernel
1430 M_CLASS(	add	r4, r4, #1	)	@ enter in Thumb mode for M class
1431 THUMB(		bx	r4		)	@ entry point is always ARM for A/R classes
1432
1433reloc_code_end:
1434
1435#ifdef CONFIG_EFI_STUB
1436__enter_kernel_from_hyp:
1437		mrc	p15, 4, r0, c1, c0, 0	@ read HSCTLR
1438		bic	r0, r0, #0x5		@ disable MMU and caches
1439		mcr	p15, 4, r0, c1, c0, 0	@ write HSCTLR
1440		isb
1441		b	__enter_kernel
1442
1443ENTRY(efi_enter_kernel)
1444		mov	r4, r0			@ preserve image base
1445		mov	r8, r1			@ preserve DT pointer
1446
1447 ARM(		adrl	r0, call_cache_fn	)
1448 THUMB(		adr	r0, call_cache_fn	)
1449		adr	r1, 0f			@ clean the region of code we
1450		bl	cache_clean_flush	@ may run with the MMU off
1451
1452#ifdef CONFIG_ARM_VIRT_EXT
1453		@
1454		@ The EFI spec does not support booting on ARM in HYP mode,
1455		@ since it mandates that the MMU and caches are on, with all
1456		@ 32-bit addressable DRAM mapped 1:1 using short descriptors.
1457		@
1458		@ While the EDK2 reference implementation adheres to this,
1459		@ U-Boot might decide to enter the EFI stub in HYP mode
1460		@ anyway, with the MMU and caches either on or off.
1461		@
1462		mrs	r0, cpsr		@ get the current mode
1463		msr	spsr_cxsf, r0		@ record boot mode
1464		and	r0, r0, #MODE_MASK	@ are we running in HYP mode?
1465		cmp	r0, #HYP_MODE
1466		bne	.Lefi_svc
1467
1468		mrc	p15, 4, r1, c1, c0, 0	@ read HSCTLR
1469		tst	r1, #0x1		@ MMU enabled at HYP?
1470		beq	1f
1471
1472		@
1473		@ When running in HYP mode with the caches on, we're better
1474		@ off just carrying on using the cached 1:1 mapping that the
1475		@ firmware provided. Set up the HYP vectors so HVC instructions
1476		@ issued from HYP mode take us to the correct handler code. We
1477		@ will disable the MMU before jumping to the kernel proper.
1478		@
1479		adr	r0, __hyp_reentry_vectors
1480		mcr	p15, 4, r0, c12, c0, 0	@ set HYP vector base (HVBAR)
1481		isb
1482		b	.Lefi_hyp
1483
1484		@
1485		@ When running in HYP mode with the caches off, we need to drop
1486		@ into SVC mode now, and let the decompressor set up its cached
1487		@ 1:1 mapping as usual.
1488		@
14891:		mov	r9, r4			@ preserve image base
1490		bl	__hyp_stub_install	@ install HYP stub vectors
1491		safe_svcmode_maskall	r1	@ drop to SVC mode
1492		msr	spsr_cxsf, r0		@ record boot mode
1493		orr	r4, r9, #1		@ restore image base and set LSB
1494		b	.Lefi_hyp
1495.Lefi_svc:
1496#endif
1497		mrc	p15, 0, r0, c1, c0, 0	@ read SCTLR
1498		tst	r0, #0x1		@ MMU enabled?
1499		orreq	r4, r4, #1		@ set LSB if not
1500
1501.Lefi_hyp:
1502		mov	r0, r8			@ DT start
1503		add	r1, r8, r2		@ DT end
1504		bl	cache_clean_flush
1505
1506		adr	r0, 0f			@ switch to our stack
1507		ldr	sp, [r0]
1508		add	sp, sp, r0
1509
1510		mov	r5, #0			@ appended DTB size
1511		mov	r7, #0xFFFFFFFF		@ machine ID
1512		b	wont_overwrite
1513ENDPROC(efi_enter_kernel)
15140:		.long	.L_user_stack_end - .
1515#endif
1516
1517		.align
1518		.section ".stack", "aw", %nobits
1519.L_user_stack:	.space	4096
1520.L_user_stack_end:
1521