xref: /linux/arch/powerpc/kernel/head_64.S (revision 0883c2c06fb5bcf5b9e008270827e63c09a88c1e)
1/*
2 *  PowerPC version
3 *    Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
4 *
5 *  Rewritten by Cort Dougan (cort@cs.nmt.edu) for PReP
6 *    Copyright (C) 1996 Cort Dougan <cort@cs.nmt.edu>
7 *  Adapted for Power Macintosh by Paul Mackerras.
8 *  Low-level exception handlers and MMU support
9 *  rewritten by Paul Mackerras.
10 *    Copyright (C) 1996 Paul Mackerras.
11 *
12 *  Adapted for 64bit PowerPC by Dave Engebretsen, Peter Bergner, and
13 *    Mike Corrigan {engebret|bergner|mikejc}@us.ibm.com
14 *
15 *  This file contains the entry point for the 64-bit kernel along
16 *  with some early initialization code common to all 64-bit powerpc
17 *  variants.
18 *
19 *  This program is free software; you can redistribute it and/or
20 *  modify it under the terms of the GNU General Public License
21 *  as published by the Free Software Foundation; either version
22 *  2 of the License, or (at your option) any later version.
23 */
24
25#include <linux/threads.h>
26#include <linux/init.h>
27#include <asm/reg.h>
28#include <asm/page.h>
29#include <asm/mmu.h>
30#include <asm/ppc_asm.h>
31#include <asm/asm-offsets.h>
32#include <asm/bug.h>
33#include <asm/cputable.h>
34#include <asm/setup.h>
35#include <asm/hvcall.h>
36#include <asm/thread_info.h>
37#include <asm/firmware.h>
38#include <asm/page_64.h>
39#include <asm/irqflags.h>
40#include <asm/kvm_book3s_asm.h>
41#include <asm/ptrace.h>
42#include <asm/hw_irq.h>
43#include <asm/cputhreads.h>
44#include <asm/ppc-opcode.h>
45
46/* The physical memory is laid out such that the secondary processor
47 * spin code sits at 0x0000...0x00ff. On server, the vectors follow
48 * using the layout described in exceptions-64s.S
49 */
50
51/*
52 * Entering into this code we make the following assumptions:
53 *
54 *  For pSeries or server processors:
55 *   1. The MMU is off & open firmware is running in real mode.
56 *   2. The kernel is entered at __start
57 * -or- For OPAL entry:
58 *   1. The MMU is off, processor in HV mode, primary CPU enters at 0
59 *      with device-tree in gpr3. We also get OPAL base in r8 and
60 *	entry in r9 for debugging purposes
61 *   2. Secondary processors enter at 0x60 with PIR in gpr3
62 *
63 *  For Book3E processors:
64 *   1. The MMU is on running in AS0 in a state defined in ePAPR
65 *   2. The kernel is entered at __start
66 */
67
68	.text
69	.globl  _stext
70_stext:
71_GLOBAL(__start)
72	/* NOP this out unconditionally */
73BEGIN_FTR_SECTION
74	FIXUP_ENDIAN
75	b	__start_initialization_multiplatform
76END_FTR_SECTION(0, 1)
77
78	/* Catch branch to 0 in real mode */
79	trap
80
81	/* Secondary processors spin on this value until it becomes non-zero.
82	 * When non-zero, it contains the real address of the function the cpu
83	 * should jump to.
84	 */
85	.balign 8
86	.globl  __secondary_hold_spinloop
87__secondary_hold_spinloop:
88	.llong	0x0
89
90	/* Secondary processors write this value with their cpu # */
91	/* after they enter the spin loop immediately below.	  */
92	.globl	__secondary_hold_acknowledge
93__secondary_hold_acknowledge:
94	.llong	0x0
95
96#ifdef CONFIG_RELOCATABLE
97	/* This flag is set to 1 by a loader if the kernel should run
98	 * at the loaded address instead of the linked address.  This
99	 * is used by kexec-tools to keep the the kdump kernel in the
100	 * crash_kernel region.  The loader is responsible for
101	 * observing the alignment requirement.
102	 */
103	/* Do not move this variable as kexec-tools knows about it. */
104	. = 0x5c
105	.globl	__run_at_load
106__run_at_load:
107	.long	0x72756e30	/* "run0" -- relocate to 0 by default */
108#endif
109
110	. = 0x60
111/*
112 * The following code is used to hold secondary processors
113 * in a spin loop after they have entered the kernel, but
114 * before the bulk of the kernel has been relocated.  This code
115 * is relocated to physical address 0x60 before prom_init is run.
116 * All of it must fit below the first exception vector at 0x100.
117 * Use .globl here not _GLOBAL because we want __secondary_hold
118 * to be the actual text address, not a descriptor.
119 */
120	.globl	__secondary_hold
121__secondary_hold:
122	FIXUP_ENDIAN
123#ifndef CONFIG_PPC_BOOK3E
124	mfmsr	r24
125	ori	r24,r24,MSR_RI
126	mtmsrd	r24			/* RI on */
127#endif
128	/* Grab our physical cpu number */
129	mr	r24,r3
130	/* stash r4 for book3e */
131	mr	r25,r4
132
133	/* Tell the master cpu we're here */
134	/* Relocation is off & we are located at an address less */
135	/* than 0x100, so only need to grab low order offset.    */
136	std	r24,__secondary_hold_acknowledge-_stext(0)
137	sync
138
139	li	r26,0
140#ifdef CONFIG_PPC_BOOK3E
141	tovirt(r26,r26)
142#endif
143	/* All secondary cpus wait here until told to start. */
144100:	ld	r12,__secondary_hold_spinloop-_stext(r26)
145	cmpdi	0,r12,0
146	beq	100b
147
148#if defined(CONFIG_SMP) || defined(CONFIG_KEXEC)
149#ifdef CONFIG_PPC_BOOK3E
150	tovirt(r12,r12)
151#endif
152	mtctr	r12
153	mr	r3,r24
154	/*
155	 * it may be the case that other platforms have r4 right to
156	 * begin with, this gives us some safety in case it is not
157	 */
158#ifdef CONFIG_PPC_BOOK3E
159	mr	r4,r25
160#else
161	li	r4,0
162#endif
163	/* Make sure that patched code is visible */
164	isync
165	bctr
166#else
167	BUG_OPCODE
168#endif
169
170/* This value is used to mark exception frames on the stack. */
171	.section ".toc","aw"
172exception_marker:
173	.tc	ID_72656773_68657265[TC],0x7265677368657265
174	.text
175
176/*
177 * On server, we include the exception vectors code here as it
178 * relies on absolute addressing which is only possible within
179 * this compilation unit
180 */
181#ifdef CONFIG_PPC_BOOK3S
182#include "exceptions-64s.S"
183#endif
184
185#ifdef CONFIG_PPC_BOOK3E
186/*
187 * The booting_thread_hwid holds the thread id we want to boot in cpu
188 * hotplug case. It is set by cpu hotplug code, and is invalid by default.
189 * The thread id is the same as the initial value of SPRN_PIR[THREAD_ID]
190 * bit field.
191 */
192	.globl	booting_thread_hwid
193booting_thread_hwid:
194	.long  INVALID_THREAD_HWID
195	.align 3
196/*
197 * start a thread in the same core
198 * input parameters:
199 * r3 = the thread physical id
200 * r4 = the entry point where thread starts
201 */
202_GLOBAL(book3e_start_thread)
203	LOAD_REG_IMMEDIATE(r5, MSR_KERNEL)
204	cmpi	0, r3, 0
205	beq	10f
206	cmpi	0, r3, 1
207	beq	11f
208	/* If the thread id is invalid, just exit. */
209	b	13f
21010:
211	MTTMR(TMRN_IMSR0, 5)
212	MTTMR(TMRN_INIA0, 4)
213	b	12f
21411:
215	MTTMR(TMRN_IMSR1, 5)
216	MTTMR(TMRN_INIA1, 4)
21712:
218	isync
219	li	r6, 1
220	sld	r6, r6, r3
221	mtspr	SPRN_TENS, r6
22213:
223	blr
224
225/*
226 * stop a thread in the same core
227 * input parameter:
228 * r3 = the thread physical id
229 */
230_GLOBAL(book3e_stop_thread)
231	cmpi	0, r3, 0
232	beq	10f
233	cmpi	0, r3, 1
234	beq	10f
235	/* If the thread id is invalid, just exit. */
236	b	13f
23710:
238	li	r4, 1
239	sld	r4, r4, r3
240	mtspr	SPRN_TENC, r4
24113:
242	blr
243
244_GLOBAL(fsl_secondary_thread_init)
245	mfspr	r4,SPRN_BUCSR
246
247	/* Enable branch prediction */
248	lis     r3,BUCSR_INIT@h
249	ori     r3,r3,BUCSR_INIT@l
250	mtspr   SPRN_BUCSR,r3
251	isync
252
253	/*
254	 * Fix PIR to match the linear numbering in the device tree.
255	 *
256	 * On e6500, the reset value of PIR uses the low three bits for
257	 * the thread within a core, and the upper bits for the core
258	 * number.  There are two threads per core, so shift everything
259	 * but the low bit right by two bits so that the cpu numbering is
260	 * continuous.
261	 *
262	 * If the old value of BUCSR is non-zero, this thread has run
263	 * before.  Thus, we assume we are coming from kexec or a similar
264	 * scenario, and PIR is already set to the correct value.  This
265	 * is a bit of a hack, but there are limited opportunities for
266	 * getting information into the thread and the alternatives
267	 * seemed like they'd be overkill.  We can't tell just by looking
268	 * at the old PIR value which state it's in, since the same value
269	 * could be valid for one thread out of reset and for a different
270	 * thread in Linux.
271	 */
272
273	mfspr	r3, SPRN_PIR
274	cmpwi	r4,0
275	bne	1f
276	rlwimi	r3, r3, 30, 2, 30
277	mtspr	SPRN_PIR, r3
2781:
279#endif
280
281_GLOBAL(generic_secondary_thread_init)
282	mr	r24,r3
283
284	/* turn on 64-bit mode */
285	bl	enable_64b_mode
286
287	/* get a valid TOC pointer, wherever we're mapped at */
288	bl	relative_toc
289	tovirt(r2,r2)
290
291#ifdef CONFIG_PPC_BOOK3E
292	/* Book3E initialization */
293	mr	r3,r24
294	bl	book3e_secondary_thread_init
295#endif
296	b	generic_secondary_common_init
297
298/*
299 * On pSeries and most other platforms, secondary processors spin
300 * in the following code.
301 * At entry, r3 = this processor's number (physical cpu id)
302 *
303 * On Book3E, r4 = 1 to indicate that the initial TLB entry for
304 * this core already exists (setup via some other mechanism such
305 * as SCOM before entry).
306 */
307_GLOBAL(generic_secondary_smp_init)
308	FIXUP_ENDIAN
309	mr	r24,r3
310	mr	r25,r4
311
312	/* turn on 64-bit mode */
313	bl	enable_64b_mode
314
315	/* get a valid TOC pointer, wherever we're mapped at */
316	bl	relative_toc
317	tovirt(r2,r2)
318
319#ifdef CONFIG_PPC_BOOK3E
320	/* Book3E initialization */
321	mr	r3,r24
322	mr	r4,r25
323	bl	book3e_secondary_core_init
324
325/*
326 * After common core init has finished, check if the current thread is the
327 * one we wanted to boot. If not, start the specified thread and stop the
328 * current thread.
329 */
330	LOAD_REG_ADDR(r4, booting_thread_hwid)
331	lwz     r3, 0(r4)
332	li	r5, INVALID_THREAD_HWID
333	cmpw	r3, r5
334	beq	20f
335
336	/*
337	 * The value of booting_thread_hwid has been stored in r3,
338	 * so make it invalid.
339	 */
340	stw	r5, 0(r4)
341
342	/*
343	 * Get the current thread id and check if it is the one we wanted.
344	 * If not, start the one specified in booting_thread_hwid and stop
345	 * the current thread.
346	 */
347	mfspr	r8, SPRN_TIR
348	cmpw	r3, r8
349	beq	20f
350
351	/* start the specified thread */
352	LOAD_REG_ADDR(r5, fsl_secondary_thread_init)
353	ld	r4, 0(r5)
354	bl	book3e_start_thread
355
356	/* stop the current thread */
357	mr	r3, r8
358	bl	book3e_stop_thread
35910:
360	b	10b
36120:
362#endif
363
364generic_secondary_common_init:
365	/* Set up a paca value for this processor. Since we have the
366	 * physical cpu id in r24, we need to search the pacas to find
367	 * which logical id maps to our physical one.
368	 */
369	LOAD_REG_ADDR(r13, paca)	/* Load paca pointer		 */
370	ld	r13,0(r13)		/* Get base vaddr of paca array	 */
371#ifndef CONFIG_SMP
372	addi	r13,r13,PACA_SIZE	/* know r13 if used accidentally */
373	b	kexec_wait		/* wait for next kernel if !SMP	 */
374#else
375	LOAD_REG_ADDR(r7, nr_cpu_ids)	/* Load nr_cpu_ids address       */
376	lwz	r7,0(r7)		/* also the max paca allocated 	 */
377	li	r5,0			/* logical cpu id                */
3781:	lhz	r6,PACAHWCPUID(r13)	/* Load HW procid from paca      */
379	cmpw	r6,r24			/* Compare to our id             */
380	beq	2f
381	addi	r13,r13,PACA_SIZE	/* Loop to next PACA on miss     */
382	addi	r5,r5,1
383	cmpw	r5,r7			/* Check if more pacas exist     */
384	blt	1b
385
386	mr	r3,r24			/* not found, copy phys to r3	 */
387	b	kexec_wait		/* next kernel might do better	 */
388
3892:	SET_PACA(r13)
390#ifdef CONFIG_PPC_BOOK3E
391	addi	r12,r13,PACA_EXTLB	/* and TLB exc frame in another  */
392	mtspr	SPRN_SPRG_TLB_EXFRAME,r12
393#endif
394
395	/* From now on, r24 is expected to be logical cpuid */
396	mr	r24,r5
397
398	/* See if we need to call a cpu state restore handler */
399	LOAD_REG_ADDR(r23, cur_cpu_spec)
400	ld	r23,0(r23)
401	ld	r12,CPU_SPEC_RESTORE(r23)
402	cmpdi	0,r12,0
403	beq	3f
404#ifdef PPC64_ELF_ABI_v1
405	ld	r12,0(r12)
406#endif
407	mtctr	r12
408	bctrl
409
4103:	LOAD_REG_ADDR(r3, spinning_secondaries) /* Decrement spinning_secondaries */
411	lwarx	r4,0,r3
412	subi	r4,r4,1
413	stwcx.	r4,0,r3
414	bne	3b
415	isync
416
4174:	HMT_LOW
418	lbz	r23,PACAPROCSTART(r13)	/* Test if this processor should */
419					/* start.			 */
420	cmpwi	0,r23,0
421	beq	4b			/* Loop until told to go	 */
422
423	sync				/* order paca.run and cur_cpu_spec */
424	isync				/* In case code patching happened */
425
426	/* Create a temp kernel stack for use before relocation is on.	*/
427	ld	r1,PACAEMERGSP(r13)
428	subi	r1,r1,STACK_FRAME_OVERHEAD
429
430	b	__secondary_start
431#endif /* SMP */
432
433/*
434 * Turn the MMU off.
435 * Assumes we're mapped EA == RA if the MMU is on.
436 */
437#ifdef CONFIG_PPC_BOOK3S
438__mmu_off:
439	mfmsr	r3
440	andi.	r0,r3,MSR_IR|MSR_DR
441	beqlr
442	mflr	r4
443	andc	r3,r3,r0
444	mtspr	SPRN_SRR0,r4
445	mtspr	SPRN_SRR1,r3
446	sync
447	rfid
448	b	.	/* prevent speculative execution */
449#endif
450
451
452/*
453 * Here is our main kernel entry point. We support currently 2 kind of entries
454 * depending on the value of r5.
455 *
456 *   r5 != NULL -> OF entry, we go to prom_init, "legacy" parameter content
457 *                 in r3...r7
458 *
459 *   r5 == NULL -> kexec style entry. r3 is a physical pointer to the
460 *                 DT block, r4 is a physical pointer to the kernel itself
461 *
462 */
463__start_initialization_multiplatform:
464	/* Make sure we are running in 64 bits mode */
465	bl	enable_64b_mode
466
467	/* Get TOC pointer (current runtime address) */
468	bl	relative_toc
469
470	/* find out where we are now */
471	bcl	20,31,$+4
4720:	mflr	r26			/* r26 = runtime addr here */
473	addis	r26,r26,(_stext - 0b)@ha
474	addi	r26,r26,(_stext - 0b)@l	/* current runtime base addr */
475
476	/*
477	 * Are we booted from a PROM Of-type client-interface ?
478	 */
479	cmpldi	cr0,r5,0
480	beq	1f
481	b	__boot_from_prom		/* yes -> prom */
4821:
483	/* Save parameters */
484	mr	r31,r3
485	mr	r30,r4
486#ifdef CONFIG_PPC_EARLY_DEBUG_OPAL
487	/* Save OPAL entry */
488	mr	r28,r8
489	mr	r29,r9
490#endif
491
492#ifdef CONFIG_PPC_BOOK3E
493	bl	start_initialization_book3e
494	b	__after_prom_start
495#else
496	/* Setup some critical 970 SPRs before switching MMU off */
497	mfspr	r0,SPRN_PVR
498	srwi	r0,r0,16
499	cmpwi	r0,0x39		/* 970 */
500	beq	1f
501	cmpwi	r0,0x3c		/* 970FX */
502	beq	1f
503	cmpwi	r0,0x44		/* 970MP */
504	beq	1f
505	cmpwi	r0,0x45		/* 970GX */
506	bne	2f
5071:	bl	__cpu_preinit_ppc970
5082:
509
510	/* Switch off MMU if not already off */
511	bl	__mmu_off
512	b	__after_prom_start
513#endif /* CONFIG_PPC_BOOK3E */
514
515__boot_from_prom:
516#ifdef CONFIG_PPC_OF_BOOT_TRAMPOLINE
517	/* Save parameters */
518	mr	r31,r3
519	mr	r30,r4
520	mr	r29,r5
521	mr	r28,r6
522	mr	r27,r7
523
524	/*
525	 * Align the stack to 16-byte boundary
526	 * Depending on the size and layout of the ELF sections in the initial
527	 * boot binary, the stack pointer may be unaligned on PowerMac
528	 */
529	rldicr	r1,r1,0,59
530
531#ifdef CONFIG_RELOCATABLE
532	/* Relocate code for where we are now */
533	mr	r3,r26
534	bl	relocate
535#endif
536
537	/* Restore parameters */
538	mr	r3,r31
539	mr	r4,r30
540	mr	r5,r29
541	mr	r6,r28
542	mr	r7,r27
543
544	/* Do all of the interaction with OF client interface */
545	mr	r8,r26
546	bl	prom_init
547#endif /* #CONFIG_PPC_OF_BOOT_TRAMPOLINE */
548
549	/* We never return. We also hit that trap if trying to boot
550	 * from OF while CONFIG_PPC_OF_BOOT_TRAMPOLINE isn't selected */
551	trap
552
553__after_prom_start:
554#ifdef CONFIG_RELOCATABLE
555	/* process relocations for the final address of the kernel */
556	lis	r25,PAGE_OFFSET@highest	/* compute virtual base of kernel */
557	sldi	r25,r25,32
558#if defined(CONFIG_PPC_BOOK3E)
559	tovirt(r26,r26)		/* on booke, we already run at PAGE_OFFSET */
560#endif
561	lwz	r7,__run_at_load-_stext(r26)
562#if defined(CONFIG_PPC_BOOK3E)
563	tophys(r26,r26)
564#endif
565	cmplwi	cr0,r7,1	/* flagged to stay where we are ? */
566	bne	1f
567	add	r25,r25,r26
5681:	mr	r3,r25
569	bl	relocate
570#if defined(CONFIG_PPC_BOOK3E)
571	/* IVPR needs to be set after relocation. */
572	bl	init_core_book3e
573#endif
574#endif
575
576/*
577 * We need to run with _stext at physical address PHYSICAL_START.
578 * This will leave some code in the first 256B of
579 * real memory, which are reserved for software use.
580 *
581 * Note: This process overwrites the OF exception vectors.
582 */
583	li	r3,0			/* target addr */
584#ifdef CONFIG_PPC_BOOK3E
585	tovirt(r3,r3)		/* on booke, we already run at PAGE_OFFSET */
586#endif
587	mr.	r4,r26			/* In some cases the loader may  */
588#if defined(CONFIG_PPC_BOOK3E)
589	tovirt(r4,r4)
590#endif
591	beq	9f			/* have already put us at zero */
592	li	r6,0x100		/* Start offset, the first 0x100 */
593					/* bytes were copied earlier.	 */
594
595#ifdef CONFIG_RELOCATABLE
596/*
597 * Check if the kernel has to be running as relocatable kernel based on the
598 * variable __run_at_load, if it is set the kernel is treated as relocatable
599 * kernel, otherwise it will be moved to PHYSICAL_START
600 */
601#if defined(CONFIG_PPC_BOOK3E)
602	tovirt(r26,r26)		/* on booke, we already run at PAGE_OFFSET */
603#endif
604	lwz	r7,__run_at_load-_stext(r26)
605	cmplwi	cr0,r7,1
606	bne	3f
607
608#ifdef CONFIG_PPC_BOOK3E
609	LOAD_REG_ADDR(r5, __end_interrupts)
610	LOAD_REG_ADDR(r11, _stext)
611	sub	r5,r5,r11
612#else
613	/* just copy interrupts */
614	LOAD_REG_IMMEDIATE(r5, __end_interrupts - _stext)
615#endif
616	b	5f
6173:
618#endif
619	lis	r5,(copy_to_here - _stext)@ha
620	addi	r5,r5,(copy_to_here - _stext)@l /* # bytes of memory to copy */
621
622	bl	copy_and_flush		/* copy the first n bytes	 */
623					/* this includes the code being	 */
624					/* executed here.		 */
625	addis	r8,r3,(4f - _stext)@ha	/* Jump to the copy of this code */
626	addi	r12,r8,(4f - _stext)@l	/* that we just made */
627	mtctr	r12
628	bctr
629
630.balign 8
631p_end:	.llong	_end - _stext
632
6334:	/* Now copy the rest of the kernel up to _end */
634	addis	r5,r26,(p_end - _stext)@ha
635	ld	r5,(p_end - _stext)@l(r5)	/* get _end */
6365:	bl	copy_and_flush		/* copy the rest */
637
6389:	b	start_here_multiplatform
639
640/*
641 * Copy routine used to copy the kernel to start at physical address 0
642 * and flush and invalidate the caches as needed.
643 * r3 = dest addr, r4 = source addr, r5 = copy limit, r6 = start offset
644 * on exit, r3, r4, r5 are unchanged, r6 is updated to be >= r5.
645 *
646 * Note: this routine *only* clobbers r0, r6 and lr
647 */
648_GLOBAL(copy_and_flush)
649	addi	r5,r5,-8
650	addi	r6,r6,-8
6514:	li	r0,8			/* Use the smallest common	*/
652					/* denominator cache line	*/
653					/* size.  This results in	*/
654					/* extra cache line flushes	*/
655					/* but operation is correct.	*/
656					/* Can't get cache line size	*/
657					/* from NACA as it is being	*/
658					/* moved too.			*/
659
660	mtctr	r0			/* put # words/line in ctr	*/
6613:	addi	r6,r6,8			/* copy a cache line		*/
662	ldx	r0,r6,r4
663	stdx	r0,r6,r3
664	bdnz	3b
665	dcbst	r6,r3			/* write it to memory		*/
666	sync
667	icbi	r6,r3			/* flush the icache line	*/
668	cmpld	0,r6,r5
669	blt	4b
670	sync
671	addi	r5,r5,8
672	addi	r6,r6,8
673	isync
674	blr
675
676.align 8
677copy_to_here:
678
679#ifdef CONFIG_SMP
680#ifdef CONFIG_PPC_PMAC
681/*
682 * On PowerMac, secondary processors starts from the reset vector, which
683 * is temporarily turned into a call to one of the functions below.
684 */
685	.section ".text";
686	.align 2 ;
687
688	.globl	__secondary_start_pmac_0
689__secondary_start_pmac_0:
690	/* NB the entries for cpus 0, 1, 2 must each occupy 8 bytes. */
691	li	r24,0
692	b	1f
693	li	r24,1
694	b	1f
695	li	r24,2
696	b	1f
697	li	r24,3
6981:
699
700_GLOBAL(pmac_secondary_start)
701	/* turn on 64-bit mode */
702	bl	enable_64b_mode
703
704	li	r0,0
705	mfspr	r3,SPRN_HID4
706	rldimi	r3,r0,40,23	/* clear bit 23 (rm_ci) */
707	sync
708	mtspr	SPRN_HID4,r3
709	isync
710	sync
711	slbia
712
713	/* get TOC pointer (real address) */
714	bl	relative_toc
715	tovirt(r2,r2)
716
717	/* Copy some CPU settings from CPU 0 */
718	bl	__restore_cpu_ppc970
719
720	/* pSeries do that early though I don't think we really need it */
721	mfmsr	r3
722	ori	r3,r3,MSR_RI
723	mtmsrd	r3			/* RI on */
724
725	/* Set up a paca value for this processor. */
726	LOAD_REG_ADDR(r4,paca)		/* Load paca pointer		*/
727	ld	r4,0(r4)		/* Get base vaddr of paca array	*/
728	mulli	r13,r24,PACA_SIZE	/* Calculate vaddr of right paca */
729	add	r13,r13,r4		/* for this processor.		*/
730	SET_PACA(r13)			/* Save vaddr of paca in an SPRG*/
731
732	/* Mark interrupts soft and hard disabled (they might be enabled
733	 * in the PACA when doing hotplug)
734	 */
735	li	r0,0
736	stb	r0,PACASOFTIRQEN(r13)
737	li	r0,PACA_IRQ_HARD_DIS
738	stb	r0,PACAIRQHAPPENED(r13)
739
740	/* Create a temp kernel stack for use before relocation is on.	*/
741	ld	r1,PACAEMERGSP(r13)
742	subi	r1,r1,STACK_FRAME_OVERHEAD
743
744	b	__secondary_start
745
746#endif /* CONFIG_PPC_PMAC */
747
748/*
749 * This function is called after the master CPU has released the
750 * secondary processors.  The execution environment is relocation off.
751 * The paca for this processor has the following fields initialized at
752 * this point:
753 *   1. Processor number
754 *   2. Segment table pointer (virtual address)
755 * On entry the following are set:
756 *   r1	       = stack pointer (real addr of temp stack)
757 *   r24       = cpu# (in Linux terms)
758 *   r13       = paca virtual address
759 *   SPRG_PACA = paca virtual address
760 */
761	.section ".text";
762	.align 2 ;
763
764	.globl	__secondary_start
765__secondary_start:
766	/* Set thread priority to MEDIUM */
767	HMT_MEDIUM
768
769	/* Initialize the kernel stack */
770	LOAD_REG_ADDR(r3, current_set)
771	sldi	r28,r24,3		/* get current_set[cpu#]	 */
772	ldx	r14,r3,r28
773	addi	r14,r14,THREAD_SIZE-STACK_FRAME_OVERHEAD
774	std	r14,PACAKSAVE(r13)
775
776	/* Do early setup for that CPU (SLB and hash table pointer) */
777	bl	early_setup_secondary
778
779	/*
780	 * setup the new stack pointer, but *don't* use this until
781	 * translation is on.
782	 */
783	mr	r1, r14
784
785	/* Clear backchain so we get nice backtraces */
786	li	r7,0
787	mtlr	r7
788
789	/* Mark interrupts soft and hard disabled (they might be enabled
790	 * in the PACA when doing hotplug)
791	 */
792	stb	r7,PACASOFTIRQEN(r13)
793	li	r0,PACA_IRQ_HARD_DIS
794	stb	r0,PACAIRQHAPPENED(r13)
795
796	/* enable MMU and jump to start_secondary */
797	LOAD_REG_ADDR(r3, start_secondary_prolog)
798	LOAD_REG_IMMEDIATE(r4, MSR_KERNEL)
799
800	mtspr	SPRN_SRR0,r3
801	mtspr	SPRN_SRR1,r4
802	RFI
803	b	.	/* prevent speculative execution */
804
805/*
806 * Running with relocation on at this point.  All we want to do is
807 * zero the stack back-chain pointer and get the TOC virtual address
808 * before going into C code.
809 */
810start_secondary_prolog:
811	ld	r2,PACATOC(r13)
812	li	r3,0
813	std	r3,0(r1)		/* Zero the stack frame pointer	*/
814	bl	start_secondary
815	b	.
816/*
817 * Reset stack pointer and call start_secondary
818 * to continue with online operation when woken up
819 * from cede in cpu offline.
820 */
821_GLOBAL(start_secondary_resume)
822	ld	r1,PACAKSAVE(r13)	/* Reload kernel stack pointer */
823	li	r3,0
824	std	r3,0(r1)		/* Zero the stack frame pointer	*/
825	bl	start_secondary
826	b	.
827#endif
828
829/*
830 * This subroutine clobbers r11 and r12
831 */
832enable_64b_mode:
833	mfmsr	r11			/* grab the current MSR */
834#ifdef CONFIG_PPC_BOOK3E
835	oris	r11,r11,0x8000		/* CM bit set, we'll set ICM later */
836	mtmsr	r11
837#else /* CONFIG_PPC_BOOK3E */
838	li	r12,(MSR_64BIT | MSR_ISF)@highest
839	sldi	r12,r12,48
840	or	r11,r11,r12
841	mtmsrd	r11
842	isync
843#endif
844	blr
845
846/*
847 * This puts the TOC pointer into r2, offset by 0x8000 (as expected
848 * by the toolchain).  It computes the correct value for wherever we
849 * are running at the moment, using position-independent code.
850 *
851 * Note: The compiler constructs pointers using offsets from the
852 * TOC in -mcmodel=medium mode. After we relocate to 0 but before
853 * the MMU is on we need our TOC to be a virtual address otherwise
854 * these pointers will be real addresses which may get stored and
855 * accessed later with the MMU on. We use tovirt() at the call
856 * sites to handle this.
857 */
858_GLOBAL(relative_toc)
859	mflr	r0
860	bcl	20,31,$+4
8610:	mflr	r11
862	ld	r2,(p_toc - 0b)(r11)
863	add	r2,r2,r11
864	mtlr	r0
865	blr
866
867.balign 8
868p_toc:	.llong	__toc_start + 0x8000 - 0b
869
870/*
871 * This is where the main kernel code starts.
872 */
873start_here_multiplatform:
874	/* set up the TOC */
875	bl      relative_toc
876	tovirt(r2,r2)
877
878	/* Clear out the BSS. It may have been done in prom_init,
879	 * already but that's irrelevant since prom_init will soon
880	 * be detached from the kernel completely. Besides, we need
881	 * to clear it now for kexec-style entry.
882	 */
883	LOAD_REG_ADDR(r11,__bss_stop)
884	LOAD_REG_ADDR(r8,__bss_start)
885	sub	r11,r11,r8		/* bss size			*/
886	addi	r11,r11,7		/* round up to an even double word */
887	srdi.	r11,r11,3		/* shift right by 3		*/
888	beq	4f
889	addi	r8,r8,-8
890	li	r0,0
891	mtctr	r11			/* zero this many doublewords	*/
8923:	stdu	r0,8(r8)
893	bdnz	3b
8944:
895
896#ifdef CONFIG_PPC_EARLY_DEBUG_OPAL
897	/* Setup OPAL entry */
898	LOAD_REG_ADDR(r11, opal)
899	std	r28,0(r11);
900	std	r29,8(r11);
901#endif
902
903#ifndef CONFIG_PPC_BOOK3E
904	mfmsr	r6
905	ori	r6,r6,MSR_RI
906	mtmsrd	r6			/* RI on */
907#endif
908
909#ifdef CONFIG_RELOCATABLE
910	/* Save the physical address we're running at in kernstart_addr */
911	LOAD_REG_ADDR(r4, kernstart_addr)
912	clrldi	r0,r25,2
913	std	r0,0(r4)
914#endif
915
916	/* The following gets the stack set up with the regs */
917	/* pointing to the real addr of the kernel stack.  This is   */
918	/* all done to support the C function call below which sets  */
919	/* up the htab.  This is done because we have relocated the  */
920	/* kernel but are still running in real mode. */
921
922	LOAD_REG_ADDR(r3,init_thread_union)
923
924	/* set up a stack pointer */
925	addi	r1,r3,THREAD_SIZE
926	li	r0,0
927	stdu	r0,-STACK_FRAME_OVERHEAD(r1)
928
929	/*
930	 * Do very early kernel initializations, including initial hash table
931	 * and SLB setup before we turn on relocation.
932	 */
933
934	/* Restore parameters passed from prom_init/kexec */
935	mr	r3,r31
936	bl	early_setup		/* also sets r13 and SPRG_PACA */
937
938	LOAD_REG_ADDR(r3, start_here_common)
939	ld	r4,PACAKMSR(r13)
940	mtspr	SPRN_SRR0,r3
941	mtspr	SPRN_SRR1,r4
942	RFI
943	b	.	/* prevent speculative execution */
944
945	/* This is where all platforms converge execution */
946
947start_here_common:
948	/* relocation is on at this point */
949	std	r1,PACAKSAVE(r13)
950
951	/* Load the TOC (virtual address) */
952	ld	r2,PACATOC(r13)
953
954	/* Do more system initializations in virtual mode */
955	bl	setup_system
956
957	/* Mark interrupts soft and hard disabled (they might be enabled
958	 * in the PACA when doing hotplug)
959	 */
960	li	r0,0
961	stb	r0,PACASOFTIRQEN(r13)
962	li	r0,PACA_IRQ_HARD_DIS
963	stb	r0,PACAIRQHAPPENED(r13)
964
965	/* Generic kernel entry */
966	bl	start_kernel
967
968	/* Not reached */
969	BUG_OPCODE
970
971/*
972 * We put a few things here that have to be page-aligned.
973 * This stuff goes at the beginning of the bss, which is page-aligned.
974 */
975	.section ".bss"
976/*
977 * pgd dir should be aligned to PGD_TABLE_SIZE which is 64K.
978 * We will need to find a better way to fix this
979 */
980	.align	16
981
982	.globl	swapper_pg_dir
983swapper_pg_dir:
984	.space	PGD_TABLE_SIZE
985
986	.globl	empty_zero_page
987empty_zero_page:
988	.space	PAGE_SIZE
989