1/* SPDX-License-Identifier: GPL-2.0-only */ 2/* 3 * linux/arch/arm/boot/compressed/head.S 4 * 5 * Copyright (C) 1996-2002 Russell King 6 * Copyright (C) 2004 Hyok S. Choi (MPU support) 7 */ 8#include <linux/linkage.h> 9#include <asm/assembler.h> 10#include <asm/v7m.h> 11 12#include "efi-header.S" 13 14#ifdef __ARMEB__ 15#define OF_DT_MAGIC 0xd00dfeed 16#else 17#define OF_DT_MAGIC 0xedfe0dd0 18#endif 19 20 AR_CLASS( .arch armv7-a ) 21 M_CLASS( .arch armv7-m ) 22 23/* 24 * Debugging stuff 25 * 26 * Note that these macros must not contain any code which is not 27 * 100% relocatable. Any attempt to do so will result in a crash. 28 * Please select one of the following when turning on debugging. 29 */ 30#ifdef DEBUG 31 32#if defined(CONFIG_DEBUG_ICEDCC) 33 34#if defined(CONFIG_CPU_V6) || defined(CONFIG_CPU_V6K) || defined(CONFIG_CPU_V7) 35 .macro loadsp, rb, tmp1, tmp2 36 .endm 37 .macro writeb, ch, rb, tmp 38 mcr p14, 0, \ch, c0, c5, 0 39 .endm 40#elif defined(CONFIG_CPU_XSCALE) 41 .macro loadsp, rb, tmp1, tmp2 42 .endm 43 .macro writeb, ch, rb, tmp 44 mcr p14, 0, \ch, c8, c0, 0 45 .endm 46#else 47 .macro loadsp, rb, tmp1, tmp2 48 .endm 49 .macro writeb, ch, rb, tmp 50 mcr p14, 0, \ch, c1, c0, 0 51 .endm 52#endif 53 54#else 55 56#include CONFIG_DEBUG_LL_INCLUDE 57 58 .macro writeb, ch, rb, tmp 59#ifdef CONFIG_DEBUG_UART_FLOW_CONTROL 60 waituartcts \tmp, \rb 61#endif 62 waituarttxrdy \tmp, \rb 63 senduart \ch, \rb 64 busyuart \tmp, \rb 65 .endm 66 67#if defined(CONFIG_ARCH_SA1100) 68 .macro loadsp, rb, tmp1, tmp2 69 mov \rb, #0x80000000 @ physical base address 70#ifdef CONFIG_DEBUG_LL_SER3 71 add \rb, \rb, #0x00050000 @ Ser3 72#else 73 add \rb, \rb, #0x00010000 @ Ser1 74#endif 75 .endm 76#else 77 .macro loadsp, rb, tmp1, tmp2 78 addruart \rb, \tmp1, \tmp2 79 .endm 80#endif 81#endif 82#endif 83 84 .macro kputc,val 85 mov r0, \val 86 bl putc 87 .endm 88 89 .macro kphex,val,len 90 mov r0, \val 91 mov r1, #\len 92 bl phex 93 .endm 94 95 /* 96 * Debug kernel copy by printing the memory addresses involved 97 */ 98 .macro dbgkc, begin, end, cbegin, cend 99#ifdef DEBUG 100 kputc #'C' 101 kputc #':' 102 kputc #'0' 103 kputc #'x' 104 kphex \begin, 8 /* Start of compressed kernel */ 105 kputc #'-' 106 kputc #'0' 107 kputc #'x' 108 kphex \end, 8 /* End of compressed kernel */ 109 kputc #'-' 110 kputc #'>' 111 kputc #'0' 112 kputc #'x' 113 kphex \cbegin, 8 /* Start of kernel copy */ 114 kputc #'-' 115 kputc #'0' 116 kputc #'x' 117 kphex \cend, 8 /* End of kernel copy */ 118 kputc #'\n' 119#endif 120 .endm 121 122 /* 123 * Debug print of the final appended DTB location 124 */ 125 .macro dbgadtb, begin, size 126#ifdef DEBUG 127 kputc #'D' 128 kputc #'T' 129 kputc #'B' 130 kputc #':' 131 kputc #'0' 132 kputc #'x' 133 kphex \begin, 8 /* Start of appended DTB */ 134 kputc #' ' 135 kputc #'(' 136 kputc #'0' 137 kputc #'x' 138 kphex \size, 8 /* Size of appended DTB */ 139 kputc #')' 140 kputc #'\n' 141#endif 142 .endm 143 144 .macro enable_cp15_barriers, reg 145 mrc p15, 0, \reg, c1, c0, 0 @ read SCTLR 146 tst \reg, #(1 << 5) @ CP15BEN bit set? 147 bne .L_\@ 148 orr \reg, \reg, #(1 << 5) @ CP15 barrier instructions 149 mcr p15, 0, \reg, c1, c0, 0 @ write SCTLR 150 ARM( .inst 0xf57ff06f @ v7+ isb ) 151 THUMB( isb ) 152.L_\@: 153 .endm 154 155 /* 156 * The kernel build system appends the size of the 157 * decompressed kernel at the end of the compressed data 158 * in little-endian form. 159 */ 160 .macro get_inflated_image_size, res:req, tmp1:req, tmp2:req 161 adr \res, .Linflated_image_size_offset 162 ldr \tmp1, [\res] 163 add \tmp1, \tmp1, \res @ address of inflated image size 164 165 ldrb \res, [\tmp1] @ get_unaligned_le32 166 ldrb \tmp2, [\tmp1, #1] 167 orr \res, \res, \tmp2, lsl #8 168 ldrb \tmp2, [\tmp1, #2] 169 ldrb \tmp1, [\tmp1, #3] 170 orr \res, \res, \tmp2, lsl #16 171 orr \res, \res, \tmp1, lsl #24 172 .endm 173 174 .macro be32tocpu, val, tmp 175#ifndef __ARMEB__ 176 /* convert to little endian */ 177 rev_l \val, \tmp 178#endif 179 .endm 180 181 .section ".start", "ax" 182/* 183 * sort out different calling conventions 184 */ 185 .align 186 /* 187 * Always enter in ARM state for CPUs that support the ARM ISA. 188 * As of today (2014) that's exactly the members of the A and R 189 * classes. 190 */ 191 AR_CLASS( .arm ) 192start: 193 .type start,#function 194 /* 195 * These 7 nops along with the 1 nop immediately below for 196 * !THUMB2 form 8 nops that make the compressed kernel bootable 197 * on legacy ARM systems that were assuming the kernel in a.out 198 * binary format. The boot loaders on these systems would 199 * jump 32 bytes into the image to skip the a.out header. 200 * with these 8 nops filling exactly 32 bytes, things still 201 * work as expected on these legacy systems. Thumb2 mode keeps 202 * 7 of the nops as it turns out that some boot loaders 203 * were patching the initial instructions of the kernel, i.e 204 * had started to exploit this "patch area". 205 */ 206 .rept 7 207 __nop 208 .endr 209#ifndef CONFIG_THUMB2_KERNEL 210 __nop 211#else 212 AR_CLASS( sub pc, pc, #3 ) @ A/R: switch to Thumb2 mode 213 M_CLASS( nop.w ) @ M: already in Thumb2 mode 214 .thumb 215#endif 216 W(b) 1f 217 218 .word _magic_sig @ Magic numbers to help the loader 219 .word _magic_start @ absolute load/run zImage address 220 .word _magic_end @ zImage end address 221 .word 0x04030201 @ endianness flag 222 .word 0x45454545 @ another magic number to indicate 223 .word _magic_table @ additional data table 224 225 __EFI_HEADER 2261: 227 ARM_BE8( setend be ) @ go BE8 if compiled for BE8 228 AR_CLASS( mrs r9, cpsr ) 229#ifdef CONFIG_ARM_VIRT_EXT 230 bl __hyp_stub_install @ get into SVC mode, reversibly 231#endif 232 mov r7, r1 @ save architecture ID 233 mov r8, r2 @ save atags pointer 234 235#ifndef CONFIG_CPU_V7M 236 /* 237 * Booting from Angel - need to enter SVC mode and disable 238 * FIQs/IRQs (numeric definitions from angel arm.h source). 239 * We only do this if we were in user mode on entry. 240 */ 241 mrs r2, cpsr @ get current mode 242 tst r2, #3 @ not user? 243 bne not_angel 244 mov r0, #0x17 @ angel_SWIreason_EnterSVC 245 ARM( swi 0x123456 ) @ angel_SWI_ARM 246 THUMB( svc 0xab ) @ angel_SWI_THUMB 247not_angel: 248 safe_svcmode_maskall r0 249 msr spsr_cxsf, r9 @ Save the CPU boot mode in 250 @ SPSR 251#endif 252 /* 253 * Note that some cache flushing and other stuff may 254 * be needed here - is there an Angel SWI call for this? 255 */ 256 257 /* 258 * some architecture specific code can be inserted 259 * by the linker here, but it should preserve r7, r8, and r9. 260 */ 261 262 .text 263 264#ifdef CONFIG_AUTO_ZRELADDR 265 /* 266 * Find the start of physical memory. As we are executing 267 * without the MMU on, we are in the physical address space. 268 * We just need to get rid of any offset by aligning the 269 * address. 270 * 271 * This alignment is a balance between the requirements of 272 * different platforms - we have chosen 128MB to allow 273 * platforms which align the start of their physical memory 274 * to 128MB to use this feature, while allowing the zImage 275 * to be placed within the first 128MB of memory on other 276 * platforms. Increasing the alignment means we place 277 * stricter alignment requirements on the start of physical 278 * memory, but relaxing it means that we break people who 279 * are already placing their zImage in (eg) the top 64MB 280 * of this range. 281 */ 282 mov r0, pc 283 and r0, r0, #0xf8000000 284#ifdef CONFIG_USE_OF 285 adr r1, LC1 286#ifdef CONFIG_ARM_APPENDED_DTB 287 /* 288 * Look for an appended DTB. If found, we cannot use it to 289 * validate the calculated start of physical memory, as its 290 * memory nodes may need to be augmented by ATAGS stored at 291 * an offset from the same start of physical memory. 292 */ 293 ldr r2, [r1, #4] @ get &_edata 294 add r2, r2, r1 @ relocate it 295 ldr r2, [r2] @ get DTB signature 296 ldr r3, =OF_DT_MAGIC 297 cmp r2, r3 @ do we have a DTB there? 298 beq 1f @ if yes, skip validation 299#endif /* CONFIG_ARM_APPENDED_DTB */ 300 301 /* 302 * Make sure we have some stack before calling C code. 303 * No GOT fixup has occurred yet, but none of the code we're 304 * about to call uses any global variables. 305 */ 306 ldr sp, [r1] @ get stack location 307 add sp, sp, r1 @ apply relocation 308 309 /* Validate calculated start against passed DTB */ 310 mov r1, r8 311 bl fdt_check_mem_start 3121: 313#endif /* CONFIG_USE_OF */ 314 /* Determine final kernel image address. */ 315 add r4, r0, #TEXT_OFFSET 316#else 317 ldr r4, =zreladdr 318#endif 319 320 /* 321 * Set up a page table only if it won't overwrite ourself. 322 * That means r4 < pc || r4 - 16k page directory > &_end. 323 * Given that r4 > &_end is most unfrequent, we add a rough 324 * additional 1MB of room for a possible appended DTB. 325 */ 326 mov r0, pc 327 cmp r0, r4 328 ldrcc r0, .Lheadroom 329 addcc r0, r0, pc 330 cmpcc r4, r0 331 orrcc r4, r4, #1 @ remember we skipped cache_on 332 blcs cache_on 333 334restart: adr r0, LC1 335 ldr sp, [r0] 336 ldr r6, [r0, #4] 337 add sp, sp, r0 338 add r6, r6, r0 339 340 get_inflated_image_size r9, r10, lr 341 342#ifndef CONFIG_ZBOOT_ROM 343 /* malloc space is above the relocated stack (64k max) */ 344 add r10, sp, #MALLOC_SIZE 345#else 346 /* 347 * With ZBOOT_ROM the bss/stack is non relocatable, 348 * but someone could still run this code from RAM, 349 * in which case our reference is _edata. 350 */ 351 mov r10, r6 352#endif 353 354 mov r5, #0 @ init dtb size to 0 355#ifdef CONFIG_ARM_APPENDED_DTB 356/* 357 * r4 = final kernel address (possibly with LSB set) 358 * r5 = appended dtb size (still unknown) 359 * r6 = _edata 360 * r7 = architecture ID 361 * r8 = atags/device tree pointer 362 * r9 = size of decompressed image 363 * r10 = end of this image, including bss/stack/malloc space if non XIP 364 * sp = stack pointer 365 * 366 * if there are device trees (dtb) appended to zImage, advance r10 so that the 367 * dtb data will get relocated along with the kernel if necessary. 368 */ 369 370 ldr lr, [r6, #0] 371 ldr r1, =OF_DT_MAGIC 372 cmp lr, r1 373 bne dtb_check_done @ not found 374 375#ifdef CONFIG_ARM_ATAG_DTB_COMPAT 376 /* 377 * OK... Let's do some funky business here. 378 * If we do have a DTB appended to zImage, and we do have 379 * an ATAG list around, we want the later to be translated 380 * and folded into the former here. No GOT fixup has occurred 381 * yet, but none of the code we're about to call uses any 382 * global variable. 383 */ 384 385 /* Get the initial DTB size */ 386 ldr r5, [r6, #4] 387 be32tocpu r5, r1 388 dbgadtb r6, r5 389 /* 50% DTB growth should be good enough */ 390 add r5, r5, r5, lsr #1 391 /* preserve 64-bit alignment */ 392 add r5, r5, #7 393 bic r5, r5, #7 394 /* clamp to 32KB min and 1MB max */ 395 cmp r5, #(1 << 15) 396 movlo r5, #(1 << 15) 397 cmp r5, #(1 << 20) 398 movhi r5, #(1 << 20) 399 /* temporarily relocate the stack past the DTB work space */ 400 add sp, sp, r5 401 402 mov r0, r8 403 mov r1, r6 404 mov r2, r5 405 bl atags_to_fdt 406 407 /* 408 * If returned value is 1, there is no ATAG at the location 409 * pointed by r8. Try the typical 0x100 offset from start 410 * of RAM and hope for the best. 411 */ 412 cmp r0, #1 413 sub r0, r4, #TEXT_OFFSET 414 bic r0, r0, #1 415 add r0, r0, #0x100 416 mov r1, r6 417 mov r2, r5 418 bleq atags_to_fdt 419 420 sub sp, sp, r5 421#endif 422 423 mov r8, r6 @ use the appended device tree 424 425 /* 426 * Make sure that the DTB doesn't end up in the final 427 * kernel's .bss area. To do so, we adjust the decompressed 428 * kernel size to compensate if that .bss size is larger 429 * than the relocated code. 430 */ 431 ldr r5, =_kernel_bss_size 432 adr r1, wont_overwrite 433 sub r1, r6, r1 434 subs r1, r5, r1 435 addhi r9, r9, r1 436 437 /* Get the current DTB size */ 438 ldr r5, [r6, #4] 439 be32tocpu r5, r1 440 441 /* preserve 64-bit alignment */ 442 add r5, r5, #7 443 bic r5, r5, #7 444 445 /* relocate some pointers past the appended dtb */ 446 add r6, r6, r5 447 add r10, r10, r5 448 add sp, sp, r5 449dtb_check_done: 450#endif 451 452/* 453 * Check to see if we will overwrite ourselves. 454 * r4 = final kernel address (possibly with LSB set) 455 * r9 = size of decompressed image 456 * r10 = end of this image, including bss/stack/malloc space if non XIP 457 * We basically want: 458 * r4 - 16k page directory >= r10 -> OK 459 * r4 + image length <= address of wont_overwrite -> OK 460 * Note: the possible LSB in r4 is harmless here. 461 */ 462 add r10, r10, #16384 463 cmp r4, r10 464 bhs wont_overwrite 465 add r10, r4, r9 466 adr r9, wont_overwrite 467 cmp r10, r9 468 bls wont_overwrite 469 470/* 471 * Relocate ourselves past the end of the decompressed kernel. 472 * r6 = _edata 473 * r10 = end of the decompressed kernel 474 * Because we always copy ahead, we need to do it from the end and go 475 * backward in case the source and destination overlap. 476 */ 477 /* 478 * Bump to the next 256-byte boundary with the size of 479 * the relocation code added. This avoids overwriting 480 * ourself when the offset is small. 481 */ 482 add r10, r10, #((reloc_code_end - restart + 256) & ~255) 483 bic r10, r10, #255 484 485 /* Get start of code we want to copy and align it down. */ 486 adr r5, restart 487 bic r5, r5, #31 488 489/* Relocate the hyp vector base if necessary */ 490#ifdef CONFIG_ARM_VIRT_EXT 491 mrs r0, spsr 492 and r0, r0, #MODE_MASK 493 cmp r0, #HYP_MODE 494 bne 1f 495 496 /* 497 * Compute the address of the hyp vectors after relocation. 498 * Call __hyp_set_vectors with the new address so that we 499 * can HVC again after the copy. 500 */ 501 adr_l r0, __hyp_stub_vectors 502 sub r0, r0, r5 503 add r0, r0, r10 504 bl __hyp_set_vectors 5051: 506#endif 507 508 sub r9, r6, r5 @ size to copy 509 add r9, r9, #31 @ rounded up to a multiple 510 bic r9, r9, #31 @ ... of 32 bytes 511 add r6, r9, r5 512 add r9, r9, r10 513 514#ifdef DEBUG 515 sub r10, r6, r5 516 sub r10, r9, r10 517 /* 518 * We are about to copy the kernel to a new memory area. 519 * The boundaries of the new memory area can be found in 520 * r10 and r9, whilst r5 and r6 contain the boundaries 521 * of the memory we are going to copy. 522 * Calling dbgkc will help with the printing of this 523 * information. 524 */ 525 dbgkc r5, r6, r10, r9 526#endif 527 5281: ldmdb r6!, {r0 - r3, r10 - r12, lr} 529 cmp r6, r5 530 stmdb r9!, {r0 - r3, r10 - r12, lr} 531 bhi 1b 532 533 /* Preserve offset to relocated code. */ 534 sub r6, r9, r6 535 536 mov r0, r9 @ start of relocated zImage 537 add r1, sp, r6 @ end of relocated zImage 538 bl cache_clean_flush 539 540 badr r0, restart 541 add r0, r0, r6 542 mov pc, r0 543 544wont_overwrite: 545 adr r0, LC0 546 ldmia r0, {r1, r2, r3, r11, r12} 547 sub r0, r0, r1 @ calculate the delta offset 548 549/* 550 * If delta is zero, we are running at the address we were linked at. 551 * r0 = delta 552 * r2 = BSS start 553 * r3 = BSS end 554 * r4 = kernel execution address (possibly with LSB set) 555 * r5 = appended dtb size (0 if not present) 556 * r7 = architecture ID 557 * r8 = atags pointer 558 * r11 = GOT start 559 * r12 = GOT end 560 * sp = stack pointer 561 */ 562 orrs r1, r0, r5 563 beq not_relocated 564 565 add r11, r11, r0 566 add r12, r12, r0 567 568#ifndef CONFIG_ZBOOT_ROM 569 /* 570 * If we're running fully PIC === CONFIG_ZBOOT_ROM = n, 571 * we need to fix up pointers into the BSS region. 572 * Note that the stack pointer has already been fixed up. 573 */ 574 add r2, r2, r0 575 add r3, r3, r0 576 577 /* 578 * Relocate all entries in the GOT table. 579 * Bump bss entries to _edata + dtb size 580 */ 5811: ldr r1, [r11, #0] @ relocate entries in the GOT 582 add r1, r1, r0 @ This fixes up C references 583 cmp r1, r2 @ if entry >= bss_start && 584 cmphs r3, r1 @ bss_end > entry 585 addhi r1, r1, r5 @ entry += dtb size 586 str r1, [r11], #4 @ next entry 587 cmp r11, r12 588 blo 1b 589 590 /* bump our bss pointers too */ 591 add r2, r2, r5 592 add r3, r3, r5 593 594#else 595 596 /* 597 * Relocate entries in the GOT table. We only relocate 598 * the entries that are outside the (relocated) BSS region. 599 */ 6001: ldr r1, [r11, #0] @ relocate entries in the GOT 601 cmp r1, r2 @ entry < bss_start || 602 cmphs r3, r1 @ _end < entry 603 addlo r1, r1, r0 @ table. This fixes up the 604 str r1, [r11], #4 @ C references. 605 cmp r11, r12 606 blo 1b 607#endif 608 609not_relocated: mov r0, #0 6101: str r0, [r2], #4 @ clear bss 611 str r0, [r2], #4 612 str r0, [r2], #4 613 str r0, [r2], #4 614 cmp r2, r3 615 blo 1b 616 617 /* 618 * Did we skip the cache setup earlier? 619 * That is indicated by the LSB in r4. 620 * Do it now if so. 621 */ 622 tst r4, #1 623 bic r4, r4, #1 624 blne cache_on 625 626/* 627 * The C runtime environment should now be setup sufficiently. 628 * Set up some pointers, and start decompressing. 629 * r4 = kernel execution address 630 * r7 = architecture ID 631 * r8 = atags pointer 632 */ 633 mov r0, r4 634 mov r1, sp @ malloc space above stack 635 add r2, sp, #MALLOC_SIZE @ 64k max 636 mov r3, r7 637 bl decompress_kernel 638 639 get_inflated_image_size r1, r2, r3 640 641 mov r0, r4 @ start of inflated image 642 add r1, r1, r0 @ end of inflated image 643 bl cache_clean_flush 644 bl cache_off 645 646#ifdef CONFIG_ARM_VIRT_EXT 647 mrs r0, spsr @ Get saved CPU boot mode 648 and r0, r0, #MODE_MASK 649 cmp r0, #HYP_MODE @ if not booted in HYP mode... 650 bne __enter_kernel @ boot kernel directly 651 652 adr_l r0, __hyp_reentry_vectors 653 bl __hyp_set_vectors 654 __HVC(0) @ otherwise bounce to hyp mode 655 656 b . @ should never be reached 657#else 658 b __enter_kernel 659#endif 660 661 .align 2 662 .type LC0, #object 663LC0: .word LC0 @ r1 664 .word __bss_start @ r2 665 .word _end @ r3 666 .word _got_start @ r11 667 .word _got_end @ ip 668 .size LC0, . - LC0 669 670 .type LC1, #object 671LC1: .word .L_user_stack_end - LC1 @ sp 672 .word _edata - LC1 @ r6 673 .size LC1, . - LC1 674 675.Lheadroom: 676 .word _end - restart + 16384 + 1024*1024 677 678.Linflated_image_size_offset: 679 .long (input_data_end - 4) - . 680 681#ifdef CONFIG_ARCH_RPC 682 .globl params 683params: ldr r0, =0x10000100 @ params_phys for RPC 684 mov pc, lr 685 .ltorg 686 .align 687#endif 688 689/* 690 * dcache_line_size - get the minimum D-cache line size from the CTR register 691 * on ARMv7. 692 */ 693 .macro dcache_line_size, reg, tmp 694#ifdef CONFIG_CPU_V7M 695 movw \tmp, #:lower16:BASEADDR_V7M_SCB + V7M_SCB_CTR 696 movt \tmp, #:upper16:BASEADDR_V7M_SCB + V7M_SCB_CTR 697 ldr \tmp, [\tmp] 698#else 699 mrc p15, 0, \tmp, c0, c0, 1 @ read ctr 700#endif 701 lsr \tmp, \tmp, #16 702 and \tmp, \tmp, #0xf @ cache line size encoding 703 mov \reg, #4 @ bytes per word 704 mov \reg, \reg, lsl \tmp @ actual cache line size 705 .endm 706 707/* 708 * Turn on the cache. We need to setup some page tables so that we 709 * can have both the I and D caches on. 710 * 711 * We place the page tables 16k down from the kernel execution address, 712 * and we hope that nothing else is using it. If we're using it, we 713 * will go pop! 714 * 715 * On entry, 716 * r4 = kernel execution address 717 * r7 = architecture number 718 * r8 = atags pointer 719 * On exit, 720 * r0, r1, r2, r3, r9, r10, r12 corrupted 721 * This routine must preserve: 722 * r4, r7, r8 723 */ 724 .align 5 725cache_on: mov r3, #8 @ cache_on function 726 b call_cache_fn 727 728/* 729 * Initialize the highest priority protection region, PR7 730 * to cover all 32bit address and cacheable and bufferable. 731 */ 732__armv4_mpu_cache_on: 733 mov r0, #0x3f @ 4G, the whole 734 mcr p15, 0, r0, c6, c7, 0 @ PR7 Area Setting 735 mcr p15, 0, r0, c6, c7, 1 736 737 mov r0, #0x80 @ PR7 738 mcr p15, 0, r0, c2, c0, 0 @ D-cache on 739 mcr p15, 0, r0, c2, c0, 1 @ I-cache on 740 mcr p15, 0, r0, c3, c0, 0 @ write-buffer on 741 742 mov r0, #0xc000 743 mcr p15, 0, r0, c5, c0, 1 @ I-access permission 744 mcr p15, 0, r0, c5, c0, 0 @ D-access permission 745 746 mov r0, #0 747 mcr p15, 0, r0, c7, c10, 4 @ drain write buffer 748 mcr p15, 0, r0, c7, c5, 0 @ flush(inval) I-Cache 749 mcr p15, 0, r0, c7, c6, 0 @ flush(inval) D-Cache 750 mrc p15, 0, r0, c1, c0, 0 @ read control reg 751 @ ...I .... ..D. WC.M 752 orr r0, r0, #0x002d @ .... .... ..1. 11.1 753 orr r0, r0, #0x1000 @ ...1 .... .... .... 754 755 mcr p15, 0, r0, c1, c0, 0 @ write control reg 756 757 mov r0, #0 758 mcr p15, 0, r0, c7, c5, 0 @ flush(inval) I-Cache 759 mcr p15, 0, r0, c7, c6, 0 @ flush(inval) D-Cache 760 mov pc, lr 761 762__armv3_mpu_cache_on: 763 mov r0, #0x3f @ 4G, the whole 764 mcr p15, 0, r0, c6, c7, 0 @ PR7 Area Setting 765 766 mov r0, #0x80 @ PR7 767 mcr p15, 0, r0, c2, c0, 0 @ cache on 768 mcr p15, 0, r0, c3, c0, 0 @ write-buffer on 769 770 mov r0, #0xc000 771 mcr p15, 0, r0, c5, c0, 0 @ access permission 772 773 mov r0, #0 774 mcr p15, 0, r0, c7, c0, 0 @ invalidate whole cache v3 775 /* 776 * ?? ARMv3 MMU does not allow reading the control register, 777 * does this really work on ARMv3 MPU? 778 */ 779 mrc p15, 0, r0, c1, c0, 0 @ read control reg 780 @ .... .... .... WC.M 781 orr r0, r0, #0x000d @ .... .... .... 11.1 782 /* ?? this overwrites the value constructed above? */ 783 mov r0, #0 784 mcr p15, 0, r0, c1, c0, 0 @ write control reg 785 786 /* ?? invalidate for the second time? */ 787 mcr p15, 0, r0, c7, c0, 0 @ invalidate whole cache v3 788 mov pc, lr 789 790#ifdef CONFIG_CPU_DCACHE_WRITETHROUGH 791#define CB_BITS 0x08 792#else 793#define CB_BITS 0x0c 794#endif 795 796__setup_mmu: sub r3, r4, #16384 @ Page directory size 797 bic r3, r3, #0xff @ Align the pointer 798 bic r3, r3, #0x3f00 799/* 800 * Initialise the page tables, turning on the cacheable and bufferable 801 * bits for the RAM area only. 802 */ 803 mov r0, r3 804 mov r9, r0, lsr #18 805 mov r9, r9, lsl #18 @ start of RAM 806 add r10, r9, #0x10000000 @ a reasonable RAM size 807 mov r1, #0x12 @ XN|U + section mapping 808 orr r1, r1, #3 << 10 @ AP=11 809 add r2, r3, #16384 8101: cmp r1, r9 @ if virt > start of RAM 811 cmphs r10, r1 @ && end of RAM > virt 812 bic r1, r1, #0x1c @ clear XN|U + C + B 813 orrlo r1, r1, #0x10 @ Set XN|U for non-RAM 814 orrhs r1, r1, r6 @ set RAM section settings 815 str r1, [r0], #4 @ 1:1 mapping 816 add r1, r1, #1048576 817 teq r0, r2 818 bne 1b 819/* 820 * If ever we are running from Flash, then we surely want the cache 821 * to be enabled also for our execution instance... We map 2MB of it 822 * so there is no map overlap problem for up to 1 MB compressed kernel. 823 * If the execution is in RAM then we would only be duplicating the above. 824 */ 825 orr r1, r6, #0x04 @ ensure B is set for this 826 orr r1, r1, #3 << 10 827 mov r2, pc 828 mov r2, r2, lsr #20 829 orr r1, r1, r2, lsl #20 830 add r0, r3, r2, lsl #2 831 str r1, [r0], #4 832 add r1, r1, #1048576 833 str r1, [r0] 834 mov pc, lr 835ENDPROC(__setup_mmu) 836 837@ Enable unaligned access on v6, to allow better code generation 838@ for the decompressor C code: 839__armv6_mmu_cache_on: 840 mrc p15, 0, r0, c1, c0, 0 @ read SCTLR 841 bic r0, r0, #2 @ A (no unaligned access fault) 842 orr r0, r0, #1 << 22 @ U (v6 unaligned access model) 843 mcr p15, 0, r0, c1, c0, 0 @ write SCTLR 844 b __armv4_mmu_cache_on 845 846__arm926ejs_mmu_cache_on: 847#ifdef CONFIG_CPU_DCACHE_WRITETHROUGH 848 mov r0, #4 @ put dcache in WT mode 849 mcr p15, 7, r0, c15, c0, 0 850#endif 851 852__armv4_mmu_cache_on: 853 mov r12, lr 854#ifdef CONFIG_MMU 855 mov r6, #CB_BITS | 0x12 @ U 856 bl __setup_mmu 857 mov r0, #0 858 mcr p15, 0, r0, c7, c10, 4 @ drain write buffer 859 mcr p15, 0, r0, c8, c7, 0 @ flush I,D TLBs 860 mrc p15, 0, r0, c1, c0, 0 @ read control reg 861 orr r0, r0, #0x5000 @ I-cache enable, RR cache replacement 862 orr r0, r0, #0x0030 863 ARM_BE8( orr r0, r0, #1 << 25 ) @ big-endian page tables 864 bl __common_mmu_cache_on 865 mov r0, #0 866 mcr p15, 0, r0, c8, c7, 0 @ flush I,D TLBs 867#endif 868 mov pc, r12 869 870__armv7_mmu_cache_on: 871 enable_cp15_barriers r11 872 mov r12, lr 873#ifdef CONFIG_MMU 874 mrc p15, 0, r11, c0, c1, 4 @ read ID_MMFR0 875 tst r11, #0xf @ VMSA 876 movne r6, #CB_BITS | 0x02 @ !XN 877 blne __setup_mmu 878 mov r0, #0 879 mcr p15, 0, r0, c7, c10, 4 @ drain write buffer 880 tst r11, #0xf @ VMSA 881 mcrne p15, 0, r0, c8, c7, 0 @ flush I,D TLBs 882#endif 883 mrc p15, 0, r0, c1, c0, 0 @ read control reg 884 bic r0, r0, #1 << 28 @ clear SCTLR.TRE 885 orr r0, r0, #0x5000 @ I-cache enable, RR cache replacement 886 orr r0, r0, #0x003c @ write buffer 887 bic r0, r0, #2 @ A (no unaligned access fault) 888 orr r0, r0, #1 << 22 @ U (v6 unaligned access model) 889 @ (needed for ARM1176) 890#ifdef CONFIG_MMU 891 ARM_BE8( orr r0, r0, #1 << 25 ) @ big-endian page tables 892 mrcne p15, 0, r6, c2, c0, 2 @ read ttb control reg 893 orrne r0, r0, #1 @ MMU enabled 894 movne r1, #0xfffffffd @ domain 0 = client 895 bic r6, r6, #1 << 31 @ 32-bit translation system 896 bic r6, r6, #(7 << 0) | (1 << 4) @ use only ttbr0 897 mcrne p15, 0, r3, c2, c0, 0 @ load page table pointer 898 mcrne p15, 0, r1, c3, c0, 0 @ load domain access control 899 mcrne p15, 0, r6, c2, c0, 2 @ load ttb control 900#endif 901 mcr p15, 0, r0, c7, c5, 4 @ ISB 902 mcr p15, 0, r0, c1, c0, 0 @ load control register 903 mrc p15, 0, r0, c1, c0, 0 @ and read it back 904 mov r0, #0 905 mcr p15, 0, r0, c7, c5, 4 @ ISB 906 mov pc, r12 907 908__fa526_cache_on: 909 mov r12, lr 910 mov r6, #CB_BITS | 0x12 @ U 911 bl __setup_mmu 912 mov r0, #0 913 mcr p15, 0, r0, c7, c7, 0 @ Invalidate whole cache 914 mcr p15, 0, r0, c7, c10, 4 @ drain write buffer 915 mcr p15, 0, r0, c8, c7, 0 @ flush UTLB 916 mrc p15, 0, r0, c1, c0, 0 @ read control reg 917 orr r0, r0, #0x1000 @ I-cache enable 918 bl __common_mmu_cache_on 919 mov r0, #0 920 mcr p15, 0, r0, c8, c7, 0 @ flush UTLB 921 mov pc, r12 922 923__common_mmu_cache_on: 924#ifndef CONFIG_THUMB2_KERNEL 925#ifndef DEBUG 926 orr r0, r0, #0x000d @ Write buffer, mmu 927#endif 928 mov r1, #-1 929 mcr p15, 0, r3, c2, c0, 0 @ load page table pointer 930 mcr p15, 0, r1, c3, c0, 0 @ load domain access control 931 b 1f 932 .align 5 @ cache line aligned 9331: mcr p15, 0, r0, c1, c0, 0 @ load control register 934 mrc p15, 0, r0, c1, c0, 0 @ and read it back to 935 sub pc, lr, r0, lsr #32 @ properly flush pipeline 936#endif 937 938#define PROC_ENTRY_SIZE (4*5) 939 940/* 941 * Here follow the relocatable cache support functions for the 942 * various processors. This is a generic hook for locating an 943 * entry and jumping to an instruction at the specified offset 944 * from the start of the block. Please note this is all position 945 * independent code. 946 * 947 * r1 = corrupted 948 * r2 = corrupted 949 * r3 = block offset 950 * r9 = corrupted 951 * r12 = corrupted 952 */ 953 954call_cache_fn: adr r12, proc_types 955#ifdef CONFIG_CPU_CP15 956 mrc p15, 0, r9, c0, c0 @ get processor ID 957#elif defined(CONFIG_CPU_V7M) 958 /* 959 * On v7-M the processor id is located in the V7M_SCB_CPUID 960 * register, but as cache handling is IMPLEMENTATION DEFINED on 961 * v7-M (if existant at all) we just return early here. 962 * If V7M_SCB_CPUID were used the cpu ID functions (i.e. 963 * __armv7_mmu_cache_{on,off,flush}) would be selected which 964 * use cp15 registers that are not implemented on v7-M. 965 */ 966 bx lr 967#else 968 ldr r9, =CONFIG_PROCESSOR_ID 969#endif 9701: ldr r1, [r12, #0] @ get value 971 ldr r2, [r12, #4] @ get mask 972 eor r1, r1, r9 @ (real ^ match) 973 tst r1, r2 @ & mask 974 ARM( addeq pc, r12, r3 ) @ call cache function 975 THUMB( addeq r12, r3 ) 976 THUMB( moveq pc, r12 ) @ call cache function 977 add r12, r12, #PROC_ENTRY_SIZE 978 b 1b 979 980/* 981 * Table for cache operations. This is basically: 982 * - CPU ID match 983 * - CPU ID mask 984 * - 'cache on' method instruction 985 * - 'cache off' method instruction 986 * - 'cache flush' method instruction 987 * 988 * We match an entry using: ((real_id ^ match) & mask) == 0 989 * 990 * Writethrough caches generally only need 'on' and 'off' 991 * methods. Writeback caches _must_ have the flush method 992 * defined. 993 */ 994 .align 2 995 .type proc_types,#object 996proc_types: 997 .word 0x41000000 @ old ARM ID 998 .word 0xff00f000 999 mov pc, lr 1000 THUMB( nop ) 1001 mov pc, lr 1002 THUMB( nop ) 1003 mov pc, lr 1004 THUMB( nop ) 1005 1006 .word 0x41007000 @ ARM7/710 1007 .word 0xfff8fe00 1008 mov pc, lr 1009 THUMB( nop ) 1010 mov pc, lr 1011 THUMB( nop ) 1012 mov pc, lr 1013 THUMB( nop ) 1014 1015 .word 0x41807200 @ ARM720T (writethrough) 1016 .word 0xffffff00 1017 W(b) __armv4_mmu_cache_on 1018 W(b) __armv4_mmu_cache_off 1019 mov pc, lr 1020 THUMB( nop ) 1021 1022 .word 0x41007400 @ ARM74x 1023 .word 0xff00ff00 1024 W(b) __armv3_mpu_cache_on 1025 W(b) __armv3_mpu_cache_off 1026 W(b) __armv3_mpu_cache_flush 1027 1028 .word 0x41009400 @ ARM94x 1029 .word 0xff00ff00 1030 W(b) __armv4_mpu_cache_on 1031 W(b) __armv4_mpu_cache_off 1032 W(b) __armv4_mpu_cache_flush 1033 1034 .word 0x41069260 @ ARM926EJ-S (v5TEJ) 1035 .word 0xff0ffff0 1036 W(b) __arm926ejs_mmu_cache_on 1037 W(b) __armv4_mmu_cache_off 1038 W(b) __armv5tej_mmu_cache_flush 1039 1040 .word 0x00007000 @ ARM7 IDs 1041 .word 0x0000f000 1042 mov pc, lr 1043 THUMB( nop ) 1044 mov pc, lr 1045 THUMB( nop ) 1046 mov pc, lr 1047 THUMB( nop ) 1048 1049 @ Everything from here on will be the new ID system. 1050 1051 .word 0x4401a100 @ sa110 / sa1100 1052 .word 0xffffffe0 1053 W(b) __armv4_mmu_cache_on 1054 W(b) __armv4_mmu_cache_off 1055 W(b) __armv4_mmu_cache_flush 1056 1057 .word 0x6901b110 @ sa1110 1058 .word 0xfffffff0 1059 W(b) __armv4_mmu_cache_on 1060 W(b) __armv4_mmu_cache_off 1061 W(b) __armv4_mmu_cache_flush 1062 1063 .word 0x56056900 1064 .word 0xffffff00 @ PXA9xx 1065 W(b) __armv4_mmu_cache_on 1066 W(b) __armv4_mmu_cache_off 1067 W(b) __armv4_mmu_cache_flush 1068 1069 .word 0x56158000 @ PXA168 1070 .word 0xfffff000 1071 W(b) __armv4_mmu_cache_on 1072 W(b) __armv4_mmu_cache_off 1073 W(b) __armv5tej_mmu_cache_flush 1074 1075 .word 0x56050000 @ Feroceon 1076 .word 0xff0f0000 1077 W(b) __armv4_mmu_cache_on 1078 W(b) __armv4_mmu_cache_off 1079 W(b) __armv5tej_mmu_cache_flush 1080 1081#ifdef CONFIG_CPU_FEROCEON_OLD_ID 1082 /* this conflicts with the standard ARMv5TE entry */ 1083 .long 0x41009260 @ Old Feroceon 1084 .long 0xff00fff0 1085 b __armv4_mmu_cache_on 1086 b __armv4_mmu_cache_off 1087 b __armv5tej_mmu_cache_flush 1088#endif 1089 1090 .word 0x66015261 @ FA526 1091 .word 0xff01fff1 1092 W(b) __fa526_cache_on 1093 W(b) __armv4_mmu_cache_off 1094 W(b) __fa526_cache_flush 1095 1096 @ These match on the architecture ID 1097 1098 .word 0x00020000 @ ARMv4T 1099 .word 0x000f0000 1100 W(b) __armv4_mmu_cache_on 1101 W(b) __armv4_mmu_cache_off 1102 W(b) __armv4_mmu_cache_flush 1103 1104 .word 0x00050000 @ ARMv5TE 1105 .word 0x000f0000 1106 W(b) __armv4_mmu_cache_on 1107 W(b) __armv4_mmu_cache_off 1108 W(b) __armv4_mmu_cache_flush 1109 1110 .word 0x00060000 @ ARMv5TEJ 1111 .word 0x000f0000 1112 W(b) __armv4_mmu_cache_on 1113 W(b) __armv4_mmu_cache_off 1114 W(b) __armv5tej_mmu_cache_flush 1115 1116 .word 0x0007b000 @ ARMv6 1117 .word 0x000ff000 1118 W(b) __armv6_mmu_cache_on 1119 W(b) __armv4_mmu_cache_off 1120 W(b) __armv6_mmu_cache_flush 1121 1122 .word 0x000f0000 @ new CPU Id 1123 .word 0x000f0000 1124 W(b) __armv7_mmu_cache_on 1125 W(b) __armv7_mmu_cache_off 1126 W(b) __armv7_mmu_cache_flush 1127 1128 .word 0 @ unrecognised type 1129 .word 0 1130 mov pc, lr 1131 THUMB( nop ) 1132 mov pc, lr 1133 THUMB( nop ) 1134 mov pc, lr 1135 THUMB( nop ) 1136 1137 .size proc_types, . - proc_types 1138 1139 /* 1140 * If you get a "non-constant expression in ".if" statement" 1141 * error from the assembler on this line, check that you have 1142 * not accidentally written a "b" instruction where you should 1143 * have written W(b). 1144 */ 1145 .if (. - proc_types) % PROC_ENTRY_SIZE != 0 1146 .error "The size of one or more proc_types entries is wrong." 1147 .endif 1148 1149/* 1150 * Turn off the Cache and MMU. ARMv3 does not support 1151 * reading the control register, but ARMv4 does. 1152 * 1153 * On exit, 1154 * r0, r1, r2, r3, r9, r12 corrupted 1155 * This routine must preserve: 1156 * r4, r7, r8 1157 */ 1158 .align 5 1159cache_off: mov r3, #12 @ cache_off function 1160 b call_cache_fn 1161 1162__armv4_mpu_cache_off: 1163 mrc p15, 0, r0, c1, c0 1164 bic r0, r0, #0x000d 1165 mcr p15, 0, r0, c1, c0 @ turn MPU and cache off 1166 mov r0, #0 1167 mcr p15, 0, r0, c7, c10, 4 @ drain write buffer 1168 mcr p15, 0, r0, c7, c6, 0 @ flush D-Cache 1169 mcr p15, 0, r0, c7, c5, 0 @ flush I-Cache 1170 mov pc, lr 1171 1172__armv3_mpu_cache_off: 1173 mrc p15, 0, r0, c1, c0 1174 bic r0, r0, #0x000d 1175 mcr p15, 0, r0, c1, c0, 0 @ turn MPU and cache off 1176 mov r0, #0 1177 mcr p15, 0, r0, c7, c0, 0 @ invalidate whole cache v3 1178 mov pc, lr 1179 1180__armv4_mmu_cache_off: 1181#ifdef CONFIG_MMU 1182 mrc p15, 0, r0, c1, c0 1183 bic r0, r0, #0x000d 1184 mcr p15, 0, r0, c1, c0 @ turn MMU and cache off 1185 mov r0, #0 1186 mcr p15, 0, r0, c7, c7 @ invalidate whole cache v4 1187 mcr p15, 0, r0, c8, c7 @ invalidate whole TLB v4 1188#endif 1189 mov pc, lr 1190 1191__armv7_mmu_cache_off: 1192 mrc p15, 0, r0, c1, c0 1193#ifdef CONFIG_MMU 1194 bic r0, r0, #0x0005 1195#else 1196 bic r0, r0, #0x0004 1197#endif 1198 mcr p15, 0, r0, c1, c0 @ turn MMU and cache off 1199 mov r0, #0 1200#ifdef CONFIG_MMU 1201 mcr p15, 0, r0, c8, c7, 0 @ invalidate whole TLB 1202#endif 1203 mcr p15, 0, r0, c7, c5, 6 @ invalidate BTC 1204 mcr p15, 0, r0, c7, c10, 4 @ DSB 1205 mcr p15, 0, r0, c7, c5, 4 @ ISB 1206 mov pc, lr 1207 1208/* 1209 * Clean and flush the cache to maintain consistency. 1210 * 1211 * On entry, 1212 * r0 = start address 1213 * r1 = end address (exclusive) 1214 * On exit, 1215 * r1, r2, r3, r9, r10, r11, r12 corrupted 1216 * This routine must preserve: 1217 * r4, r6, r7, r8 1218 */ 1219 .align 5 1220cache_clean_flush: 1221 mov r3, #16 1222 mov r11, r1 1223 b call_cache_fn 1224 1225__armv4_mpu_cache_flush: 1226 tst r4, #1 1227 movne pc, lr 1228 mov r2, #1 1229 mov r3, #0 1230 mcr p15, 0, ip, c7, c6, 0 @ invalidate D cache 1231 mov r1, #7 << 5 @ 8 segments 12321: orr r3, r1, #63 << 26 @ 64 entries 12332: mcr p15, 0, r3, c7, c14, 2 @ clean & invalidate D index 1234 subs r3, r3, #1 << 26 1235 bcs 2b @ entries 63 to 0 1236 subs r1, r1, #1 << 5 1237 bcs 1b @ segments 7 to 0 1238 1239 teq r2, #0 1240 mcrne p15, 0, ip, c7, c5, 0 @ invalidate I cache 1241 mcr p15, 0, ip, c7, c10, 4 @ drain WB 1242 mov pc, lr 1243 1244__fa526_cache_flush: 1245 tst r4, #1 1246 movne pc, lr 1247 mov r1, #0 1248 mcr p15, 0, r1, c7, c14, 0 @ clean and invalidate D cache 1249 mcr p15, 0, r1, c7, c5, 0 @ flush I cache 1250 mcr p15, 0, r1, c7, c10, 4 @ drain WB 1251 mov pc, lr 1252 1253__armv6_mmu_cache_flush: 1254 mov r1, #0 1255 tst r4, #1 1256 mcreq p15, 0, r1, c7, c14, 0 @ clean+invalidate D 1257 mcr p15, 0, r1, c7, c5, 0 @ invalidate I+BTB 1258 mcreq p15, 0, r1, c7, c15, 0 @ clean+invalidate unified 1259 mcr p15, 0, r1, c7, c10, 4 @ drain WB 1260 mov pc, lr 1261 1262__armv7_mmu_cache_flush: 1263 enable_cp15_barriers r10 1264 tst r4, #1 1265 bne iflush 1266 mrc p15, 0, r10, c0, c1, 5 @ read ID_MMFR1 1267 tst r10, #0xf << 16 @ hierarchical cache (ARMv7) 1268 mov r10, #0 1269 beq hierarchical 1270 mcr p15, 0, r10, c7, c14, 0 @ clean+invalidate D 1271 b iflush 1272hierarchical: 1273 dcache_line_size r1, r2 @ r1 := dcache min line size 1274 sub r2, r1, #1 @ r2 := line size mask 1275 bic r0, r0, r2 @ round down start to line size 1276 sub r11, r11, #1 @ end address is exclusive 1277 bic r11, r11, r2 @ round down end to line size 12780: cmp r0, r11 @ finished? 1279 bgt iflush 1280 mcr p15, 0, r0, c7, c14, 1 @ Dcache clean/invalidate by VA 1281 add r0, r0, r1 1282 b 0b 1283iflush: 1284 mcr p15, 0, r10, c7, c10, 4 @ DSB 1285 mcr p15, 0, r10, c7, c5, 0 @ invalidate I+BTB 1286 mcr p15, 0, r10, c7, c10, 4 @ DSB 1287 mcr p15, 0, r10, c7, c5, 4 @ ISB 1288 mov pc, lr 1289 1290__armv5tej_mmu_cache_flush: 1291 tst r4, #1 1292 movne pc, lr 12931: mrc p15, 0, APSR_nzcv, c7, c14, 3 @ test,clean,invalidate D cache 1294 bne 1b 1295 mcr p15, 0, r0, c7, c5, 0 @ flush I cache 1296 mcr p15, 0, r0, c7, c10, 4 @ drain WB 1297 mov pc, lr 1298 1299__armv4_mmu_cache_flush: 1300 tst r4, #1 1301 movne pc, lr 1302 mov r2, #64*1024 @ default: 32K dcache size (*2) 1303 mov r11, #32 @ default: 32 byte line size 1304 mrc p15, 0, r3, c0, c0, 1 @ read cache type 1305 teq r3, r9 @ cache ID register present? 1306 beq no_cache_id 1307 mov r1, r3, lsr #18 1308 and r1, r1, #7 1309 mov r2, #1024 1310 mov r2, r2, lsl r1 @ base dcache size *2 1311 tst r3, #1 << 14 @ test M bit 1312 addne r2, r2, r2, lsr #1 @ +1/2 size if M == 1 1313 mov r3, r3, lsr #12 1314 and r3, r3, #3 1315 mov r11, #8 1316 mov r11, r11, lsl r3 @ cache line size in bytes 1317no_cache_id: 1318 mov r1, pc 1319 bic r1, r1, #63 @ align to longest cache line 1320 add r2, r1, r2 13211: 1322 ARM( ldr r3, [r1], r11 ) @ s/w flush D cache 1323 THUMB( ldr r3, [r1] ) @ s/w flush D cache 1324 THUMB( add r1, r1, r11 ) 1325 teq r1, r2 1326 bne 1b 1327 1328 mcr p15, 0, r1, c7, c5, 0 @ flush I cache 1329 mcr p15, 0, r1, c7, c6, 0 @ flush D cache 1330 mcr p15, 0, r1, c7, c10, 4 @ drain WB 1331 mov pc, lr 1332 1333__armv3_mmu_cache_flush: 1334__armv3_mpu_cache_flush: 1335 tst r4, #1 1336 movne pc, lr 1337 mov r1, #0 1338 mcr p15, 0, r1, c7, c0, 0 @ invalidate whole cache v3 1339 mov pc, lr 1340 1341/* 1342 * Various debugging routines for printing hex characters and 1343 * memory, which again must be relocatable. 1344 */ 1345#ifdef DEBUG 1346 .align 2 1347 .type phexbuf,#object 1348phexbuf: .space 12 1349 .size phexbuf, . - phexbuf 1350 1351@ phex corrupts {r0, r1, r2, r3} 1352phex: adr r3, phexbuf 1353 mov r2, #0 1354 strb r2, [r3, r1] 13551: subs r1, r1, #1 1356 movmi r0, r3 1357 bmi puts 1358 and r2, r0, #15 1359 mov r0, r0, lsr #4 1360 cmp r2, #10 1361 addge r2, r2, #7 1362 add r2, r2, #'0' 1363 strb r2, [r3, r1] 1364 b 1b 1365 1366@ puts corrupts {r0, r1, r2, r3} 1367puts: loadsp r3, r2, r1 13681: ldrb r2, [r0], #1 1369 teq r2, #0 1370 moveq pc, lr 13712: writeb r2, r3, r1 1372 mov r1, #0x00020000 13733: subs r1, r1, #1 1374 bne 3b 1375 teq r2, #'\n' 1376 moveq r2, #'\r' 1377 beq 2b 1378 teq r0, #0 1379 bne 1b 1380 mov pc, lr 1381@ putc corrupts {r0, r1, r2, r3} 1382putc: 1383 mov r2, r0 1384 loadsp r3, r1, r0 1385 mov r0, #0 1386 b 2b 1387 1388@ memdump corrupts {r0, r1, r2, r3, r10, r11, r12, lr} 1389memdump: mov r12, r0 1390 mov r10, lr 1391 mov r11, #0 13922: mov r0, r11, lsl #2 1393 add r0, r0, r12 1394 mov r1, #8 1395 bl phex 1396 mov r0, #':' 1397 bl putc 13981: mov r0, #' ' 1399 bl putc 1400 ldr r0, [r12, r11, lsl #2] 1401 mov r1, #8 1402 bl phex 1403 and r0, r11, #7 1404 teq r0, #3 1405 moveq r0, #' ' 1406 bleq putc 1407 and r0, r11, #7 1408 add r11, r11, #1 1409 teq r0, #7 1410 bne 1b 1411 mov r0, #'\n' 1412 bl putc 1413 cmp r11, #64 1414 blt 2b 1415 mov pc, r10 1416#endif 1417 1418 .ltorg 1419 1420#ifdef CONFIG_ARM_VIRT_EXT 1421.align 5 1422__hyp_reentry_vectors: 1423 W(b) . @ reset 1424 W(b) . @ undef 1425#ifdef CONFIG_EFI_STUB 1426 W(b) __enter_kernel_from_hyp @ hvc from HYP 1427#else 1428 W(b) . @ svc 1429#endif 1430 W(b) . @ pabort 1431 W(b) . @ dabort 1432 W(b) __enter_kernel @ hyp 1433 W(b) . @ irq 1434 W(b) . @ fiq 1435#endif /* CONFIG_ARM_VIRT_EXT */ 1436 1437__enter_kernel: 1438 mov r0, #0 @ must be 0 1439 mov r1, r7 @ restore architecture number 1440 mov r2, r8 @ restore atags pointer 1441 ARM( mov pc, r4 ) @ call kernel 1442 M_CLASS( add r4, r4, #1 ) @ enter in Thumb mode for M class 1443 THUMB( bx r4 ) @ entry point is always ARM for A/R classes 1444 1445reloc_code_end: 1446 1447#ifdef CONFIG_EFI_STUB 1448__enter_kernel_from_hyp: 1449 mrc p15, 4, r0, c1, c0, 0 @ read HSCTLR 1450 bic r0, r0, #0x5 @ disable MMU and caches 1451 mcr p15, 4, r0, c1, c0, 0 @ write HSCTLR 1452 isb 1453 b __enter_kernel 1454 1455ENTRY(efi_enter_kernel) 1456 mov r4, r0 @ preserve image base 1457 mov r8, r1 @ preserve DT pointer 1458 1459 adr_l r0, call_cache_fn 1460 adr r1, 0f @ clean the region of code we 1461 bl cache_clean_flush @ may run with the MMU off 1462 1463#ifdef CONFIG_ARM_VIRT_EXT 1464 @ 1465 @ The EFI spec does not support booting on ARM in HYP mode, 1466 @ since it mandates that the MMU and caches are on, with all 1467 @ 32-bit addressable DRAM mapped 1:1 using short descriptors. 1468 @ 1469 @ While the EDK2 reference implementation adheres to this, 1470 @ U-Boot might decide to enter the EFI stub in HYP mode 1471 @ anyway, with the MMU and caches either on or off. 1472 @ 1473 mrs r0, cpsr @ get the current mode 1474 msr spsr_cxsf, r0 @ record boot mode 1475 and r0, r0, #MODE_MASK @ are we running in HYP mode? 1476 cmp r0, #HYP_MODE 1477 bne .Lefi_svc 1478 1479 mrc p15, 4, r1, c1, c0, 0 @ read HSCTLR 1480 tst r1, #0x1 @ MMU enabled at HYP? 1481 beq 1f 1482 1483 @ 1484 @ When running in HYP mode with the caches on, we're better 1485 @ off just carrying on using the cached 1:1 mapping that the 1486 @ firmware provided. Set up the HYP vectors so HVC instructions 1487 @ issued from HYP mode take us to the correct handler code. We 1488 @ will disable the MMU before jumping to the kernel proper. 1489 @ 1490 ARM( bic r1, r1, #(1 << 30) ) @ clear HSCTLR.TE 1491 THUMB( orr r1, r1, #(1 << 30) ) @ set HSCTLR.TE 1492 mcr p15, 4, r1, c1, c0, 0 1493 adr r0, __hyp_reentry_vectors 1494 mcr p15, 4, r0, c12, c0, 0 @ set HYP vector base (HVBAR) 1495 isb 1496 b .Lefi_hyp 1497 1498 @ 1499 @ When running in HYP mode with the caches off, we need to drop 1500 @ into SVC mode now, and let the decompressor set up its cached 1501 @ 1:1 mapping as usual. 1502 @ 15031: mov r9, r4 @ preserve image base 1504 bl __hyp_stub_install @ install HYP stub vectors 1505 safe_svcmode_maskall r1 @ drop to SVC mode 1506 msr spsr_cxsf, r0 @ record boot mode 1507 orr r4, r9, #1 @ restore image base and set LSB 1508 b .Lefi_hyp 1509.Lefi_svc: 1510#endif 1511 mrc p15, 0, r0, c1, c0, 0 @ read SCTLR 1512 tst r0, #0x1 @ MMU enabled? 1513 orreq r4, r4, #1 @ set LSB if not 1514 1515.Lefi_hyp: 1516 mov r0, r8 @ DT start 1517 add r1, r8, r2 @ DT end 1518 bl cache_clean_flush 1519 1520 adr r0, 0f @ switch to our stack 1521 ldr sp, [r0] 1522 add sp, sp, r0 1523 1524 mov r5, #0 @ appended DTB size 1525 mov r7, #0xFFFFFFFF @ machine ID 1526 b wont_overwrite 1527ENDPROC(efi_enter_kernel) 15280: .long .L_user_stack_end - . 1529#endif 1530 1531 .align 1532 .section ".stack", "aw", %nobits 1533.L_user_stack: .space 4096 1534.L_user_stack_end: 1535