head_85xx.S source code [linux/arch/powerpc/kernel/head_85xx.S]

1	/ SPDX-License-Identifier: GPL-2.0-or-later /
2	/*
3	* Kernel execution entry point code.
4	*
5	* Copyright (c) 1995-1996 Gary Thomas <gdt@linuxppc.org>
6	* Initial PowerPC version.
7	* Copyright (c) 1996 Cort Dougan <cort@cs.nmt.edu>
8	* Rewritten for PReP
9	* Copyright (c) 1996 Paul Mackerras <paulus@cs.anu.edu.au>
10	* Low-level exception handers, MMU support, and rewrite.
11	* Copyright (c) 1997 Dan Malek <dmalek@jlc.net>
12	* PowerPC 8xx modifications.
13	* Copyright (c) 1998-1999 TiVo, Inc.
14	* PowerPC 403GCX modifications.
15	* Copyright (c) 1999 Grant Erickson <grant@lcse.umn.edu>
16	* PowerPC 403GCX/405GP modifications.
17	* Copyright 2000 MontaVista Software Inc.
18	* PPC405 modifications
19	* PowerPC 403GCX/405GP modifications.
20	* Author: MontaVista Software, Inc.
21	* frank_rowand@mvista.com or source@mvista.com
22	* debbie_chu@mvista.com
23	* Copyright 2002-2004 MontaVista Software, Inc.
24	* PowerPC 44x support, Matt Porter <mporter@kernel.crashing.org>
25	* Copyright 2004 Freescale Semiconductor, Inc
26	* PowerPC e500 modifications, Kumar Gala <galak@kernel.crashing.org>
27	*/
28
29	#include <linux/init.h>
30	#include <linux/threads.h>
31	#include <linux/pgtable.h>
32	#include <linux/linkage.h>
33
34	#include <asm/processor.h>
35	#include <asm/page.h>
36	#include <asm/mmu.h>
37	#include <asm/cputable.h>
38	#include <asm/thread_info.h>
39	#include <asm/ppc_asm.h>
40	#include <asm/asm-offsets.h>
41	#include <asm/cache.h>
42	#include <asm/ptrace.h>
43	#include <asm/feature-fixups.h>
44	#include "head_booke.h"
45
46	/ As with the other PowerPC ports, it is expected that when code*
47	* execution begins here, the following registers contain valid, yet
48	* optional, information:
49	*
50	* r3 - Board info structure pointer (DRAM, frequency, MAC address, etc.)
51	* r4 - Starting address of the init RAM disk
52	* r5 - Ending address of the init RAM disk
53	* r6 - Start of kernel command line string (e.g. "mem=128")
54	* r7 - End of kernel command line string
55	*
56	*/
57	__HEAD
58	_GLOBAL(_stext);
59	_GLOBAL(_start);
60	/*
61	* Reserve a word at a fixed location to store the address
62	* of abatron_pteptrs
63	*/
64	nop
65
66	/ Translate device tree address to physical, save in r30/r31 /
67	bl get_phys_addr
68	mr r30,r3
69	mr r31,r4
70
71	li r25,`0` / phys kernel start (low) /
72	li r24,`0` / CPU number /
73	li r23,`0` / phys kernel start (high) /
74
75	#ifdef CONFIG_RELOCATABLE
76	LOAD_REG_ADDR_PIC(r3, _stext) / Get our current runtime base /
77
78	/ Translate _stext address to physical, save in r23/r25 /
79	bl get_phys_addr
80	mr r23,r3
81	mr r25,r4
82
83	bcl `20`,`31`,$+`4`
84	`0`: mflr r8
85	addis r3,r8,(is_second_reloc - `0b`)@ha
86	lwz r19,(is_second_reloc - `0b`)@l(r3)
87
88	/ Check if this is the second relocation. /
89	cmpwi r19,`1`
90	bne `1f`
91
92	/*
93	* For the second relocation, we already get the real memstart_addr
94	* from device tree. So we will map PAGE_OFFSET to memstart_addr,
95	* then the virtual address of start kernel should be:
96	* PAGE_OFFSET + (kernstart_addr - memstart_addr)
97	* Since the offset between kernstart_addr and memstart_addr should
98	* never be beyond 1G, so we can just use the lower 32bit of them
99	* for the calculation.
100	*/
101	lis r3,PAGE_OFFSET@h
102
103	addis r4,r8,(kernstart_addr - `0b`)@ha
104	addi r4,r4,(kernstart_addr - `0b`)@l
105	lwz r5,`4`(r4)
106
107	addis r6,r8,(memstart_addr - `0b`)@ha
108	addi r6,r6,(memstart_addr - `0b`)@l
109	lwz r7,`4`(r6)
110
111	subf r5,r7,r5
112	add r3,r3,r5
113	b `2f`
114
115	`1`:
116	/*
117	* We have the runtime (virtual) address of our base.
118	* We calculate our shift of offset from a 64M page.
119	* We could map the 64M page we belong to at PAGE_OFFSET and
120	* get going from there.
121	*/
122	lis r4,KERNELBASE@h
123	ori r4,r4,KERNELBASE@l
124	rlwinm r6,r25,`0`,`0x3ffffff` / r6 = PHYS_START % 64M /
125	rlwinm r5,r4,`0`,`0x3ffffff` / r5 = KERNELBASE % 64M /
126	subf r3,r5,r6 / r3 = r6 - r5 /
127	add r3,r4,r3 / Required Virtual Address /
128
129	`2`: bl relocate
130
131	/*
132	* For the second relocation, we already set the right tlb entries
133	* for the kernel space, so skip the code in 85xx_entry_mapping.S
134	*/
135	cmpwi r19,`1`
136	beq set_ivor
137	#endif
138
139	/ We try to not make any assumptions about how the boot loader*
140	* setup or used the TLBs. We invalidate all mappings from the
141	* boot loader and load a single entry in TLB1[0] to map the
142	* first 64M of kernel memory. Any boot info passed from the
143	* bootloader needs to live in this first 64M.
144	*
145	* Requirement on bootloader:
146	* - The page we're executing in needs to reside in TLB1 and
147	* have IPROT=1. If not an invalidate broadcast could
148	* evict the entry we're currently executing in.
149	*
150	* r3 = Index of TLB1 were executing in
151	* r4 = Current MSR[IS]
152	* r5 = Index of TLB1 temp mapping
153	*
154	* Later in mapin_ram we will correctly map lowmem, and resize TLB1[0]
155	* if needed
156	*/
157
158	_GLOBAL(__early_start)
159	LOAD_REG_ADDR_PIC(r20, kernstart_virt_addr)
160	lwz r20,`0`(r20)
161
162	#define ENTRY_MAPPING_BOOT_SETUP
163	#include "85xx_entry_mapping.S"
164	#undef ENTRY_MAPPING_BOOT_SETUP
165
166	set_ivor:
167	/ Establish the interrupt vector offsets /
168	SET_IVOR(`0`, CriticalInput);
169	SET_IVOR(`1`, MachineCheck);
170	SET_IVOR(`2`, DataStorage);
171	SET_IVOR(`3`, InstructionStorage);
172	SET_IVOR(`4`, ExternalInput);
173	SET_IVOR(`5`, Alignment);
174	SET_IVOR(`6`, Program);
175	SET_IVOR(`7`, FloatingPointUnavailable);
176	SET_IVOR(`8`, SystemCall);
177	SET_IVOR(`9`, AuxillaryProcessorUnavailable);
178	SET_IVOR(`10`, Decrementer);
179	SET_IVOR(`11`, FixedIntervalTimer);
180	SET_IVOR(`12`, WatchdogTimer);
181	SET_IVOR(`13`, DataTLBError);
182	SET_IVOR(`14`, InstructionTLBError);
183	SET_IVOR(`15`, DebugCrit);
184
185	/ Establish the interrupt vector base /
186	lis r4,interrupt_base@h / IVPR only uses the high 16-bits /
187	mtspr SPRN_IVPR,r4
188
189	/ Setup the defaults for TLB entries /
190	li r2,(MAS4_TSIZED(BOOK3E_PAGESZ_4K))@l
191	mtspr SPRN_MAS4, r2
192
193	#if !defined(CONFIG_BDI_SWITCH)
194	/*
195	* The Abatron BDI JTAG debugger does not tolerate others
196	* mucking with the debug registers.
197	*/
198	lis r2,DBCR0_IDM@h
199	mtspr SPRN_DBCR0,r2
200	isync
201	/ clear any residual debug events /
202	li r2,-`1`
203	mtspr SPRN_DBSR,r2
204	#endif
205
206	#ifdef CONFIG_SMP
207	/ Check to see if we're the second processor, and jump*
208	* to the secondary_start code if so
209	*/
210	LOAD_REG_ADDR_PIC(r24, boot_cpuid)
211	lwz r24, `0`(r24)
212	cmpwi r24, -`1`
213	mfspr r24,SPRN_PIR
214	bne __secondary_start
215	#endif
216
217	/*
218	* This is where the main kernel code starts.
219	*/
220
221	/ ptr to current /
222	lis r2,init_task@h
223	ori r2,r2,init_task@l
224
225	/ ptr to current thread /
226	addi r4,r2,THREAD / init task's THREAD /
227	mtspr SPRN_SPRG_THREAD,r4
228
229	/ stack /
230	lis r1,init_thread_union@h
231	ori r1,r1,init_thread_union@l
232	li r0,`0`
233	stwu r0,THREAD_SIZE-STACK_FRAME_MIN_SIZE(r1)
234
235	#ifdef CONFIG_SMP
236	stw r24, TASK_CPU(r2)
237	#endif
238
239	bl early_init
240
241	#ifdef CONFIG_KASAN
242	bl kasan_early_init
243	#endif
244	#ifdef CONFIG_RELOCATABLE
245	mr r3,r30
246	mr r4,r31
247	#ifdef CONFIG_PHYS_64BIT
248	mr r5,r23
249	mr r6,r25
250	#else
251	mr r5,r25
252	#endif
253	bl relocate_init
254	#endif
255
256	#ifdef CONFIG_DYNAMIC_MEMSTART
257	lis r3,kernstart_addr@ha
258	la r3,kernstart_addr@l(r3)
259	#ifdef CONFIG_PHYS_64BIT
260	stw r23,`0`(r3)
261	stw r25,`4`(r3)
262	#else
263	stw r25,`0`(r3)
264	#endif
265	#endif
266
267	/*
268	* Decide what sort of machine this is and initialize the MMU.
269	*/
270	mr r3,r30
271	mr r4,r31
272	bl machine_init
273	bl MMU_init
274
275	/ Setup PTE pointers for the Abatron bdiGDB /
276	lis r6, swapper_pg_dir@h
277	ori r6, r6, swapper_pg_dir@l
278	lis r5, abatron_pteptrs@h
279	ori r5, r5, abatron_pteptrs@l
280	lis r3, kernstart_virt_addr@ha
281	lwz r4, kernstart_virt_addr@l(r3)
282	stw r5, `0`(r4) / Save abatron_pteptrs at a fixed location /
283	stw r6, `0`(r5)
284
285	/ Let's move on /
286	lis r4,start_kernel@h
287	ori r4,r4,start_kernel@l
288	lis r3,MSR_KERNEL@h
289	ori r3,r3,MSR_KERNEL@l
290	mtspr SPRN_SRR0,r4
291	mtspr SPRN_SRR1,r3
292	rfi / change context and jump to start_kernel /
293
294	/ Macros to hide the PTE size differences*
295	*
296	* FIND_PTE -- walks the page tables given EA & pgdir pointer
297	* r10 -- EA of fault
298	* r11 -- PGDIR pointer
299	* r12 -- free
300	* label 2: is the bailout case
301	*
302	* if we find the pte (fall through):
303	* r11 is low pte word
304	* r12 is pointer to the pte
305	* r10 is the pshift from the PGD, if we're a hugepage
306	*/
307	#ifdef CONFIG_PTE_64BIT
308	#ifdef CONFIG_HUGETLB_PAGE
309	#define FIND_PTE \
310	rlwinm r12, r10, 13, 19, 29; /* Compute pgdir/pmd offset */ \
311	lwzx r11, r12, r11; /* Get pgd/pmd entry */ \
312	rlwinm. r12, r11, 0, 0, 20; /* Extract pt base address */ \
313	blt 1000f; /* Normal non-huge page */ \
314	beq 2f; /* Bail if no table */ \
315	oris r11, r11, PD_HUGE@h; /* Put back address bit */ \
316	andi. r10, r11, HUGEPD_SHIFT_MASK@l; /* extract size field */ \
317	xor r12, r10, r11; /* drop size bits from pointer */ \
318	b 1001f; \
319	1000: rlwimi r12, r10, 23, 20, 28; /* Compute pte address */ \
320	li r10, 0; /* clear r10 */ \
321	1001: lwz r11, 4(r12); /* Get pte entry */
322	#else
323	#define FIND_PTE \
324	rlwinm r12, r10, 13, 19, 29; /* Compute pgdir/pmd offset */ \
325	lwzx r11, r12, r11; /* Get pgd/pmd entry */ \
326	rlwinm. r12, r11, 0, 0, 20; /* Extract pt base address */ \
327	beq 2f; /* Bail if no table */ \
328	rlwimi r12, r10, 23, 20, 28; /* Compute pte address */ \
329	lwz r11, 4(r12); /* Get pte entry */
330	#endif /* HUGEPAGE */
331	#else /* !PTE_64BIT */
332	#define FIND_PTE \
333	rlwimi r11, r10, 12, 20, 29; /* Create L1 (pgdir/pmd) address */ \
334	lwz r11, 0(r11); /* Get L1 entry */ \
335	rlwinm. r12, r11, 0, 0, 19; /* Extract L2 (pte) base address */ \
336	beq 2f; /* Bail if no table */ \
337	rlwimi r12, r10, 22, 20, 29; /* Compute PTE address */ \
338	lwz r11, 0(r12); /* Get Linux PTE */
339	#endif
340
341	/*
342	* Interrupt vector entry code
343	*
344	* The Book E MMUs are always on so we don't need to handle
345	* interrupts in real mode as with previous PPC processors. In
346	* this case we handle interrupts in the kernel virtual address
347	* space.
348	*
349	* Interrupt vectors are dynamically placed relative to the
350	* interrupt prefix as determined by the address of interrupt_base.
351	* The interrupt vectors offsets are programmed using the labels
352	* for each interrupt vector entry.
353	*
354	* Interrupt vectors must be aligned on a 16 byte boundary.
355	* We align on a 32 byte cache line boundary for good measure.
356	*/
357
358	interrupt_base:
359	/ Critical Input Interrupt /
360	CRITICAL_EXCEPTION(`0x0100`, CRITICAL, CriticalInput, unknown_exception)
361
362	/ Machine Check Interrupt /
363	MCHECK_EXCEPTION(`0x0200`, MachineCheck, machine_check_exception)
364
365	/ Data Storage Interrupt /
366	START_EXCEPTION(DataStorage)
367	NORMAL_EXCEPTION_PROLOG(`0x300`, DATA_STORAGE)
368	mfspr r5,SPRN_ESR / Grab the ESR, save it /
369	stw r5,_ESR(r11)
370	mfspr r4,SPRN_DEAR / Grab the DEAR, save it /
371	stw r4, _DEAR(r11)
372	andis. r10,r5,(ESR_ILK\|ESR_DLK)@h
373	bne `1f`
374	prepare_transfer_to_handler
375	bl do_page_fault
376	b interrupt_return
377	`1`:
378	prepare_transfer_to_handler
379	bl CacheLockingException
380	b interrupt_return
381
382	/ Instruction Storage Interrupt /
383	INSTRUCTION_STORAGE_EXCEPTION
384
385	/ External Input Interrupt /
386	EXCEPTION(`0x0500`, EXTERNAL, ExternalInput, do_IRQ)
387
388	/ Alignment Interrupt /
389	ALIGNMENT_EXCEPTION
390
391	/ Program Interrupt /
392	PROGRAM_EXCEPTION
393
394	/ Floating Point Unavailable Interrupt /
395	#ifdef CONFIG_PPC_FPU
396	FP_UNAVAILABLE_EXCEPTION
397	#else
398	EXCEPTION(`0x0800`, FP_UNAVAIL, FloatingPointUnavailable, emulation_assist_interrupt)
399	#endif
400
401	/ System Call Interrupt /
402	START_EXCEPTION(SystemCall)
403	SYSCALL_ENTRY `0xc00` BOOKE_INTERRUPT_SYSCALL SPRN_SRR1
404
405	/ Auxiliary Processor Unavailable Interrupt /
406	EXCEPTION(`0x2900`, AP_UNAVAIL, AuxillaryProcessorUnavailable, unknown_exception)
407
408	/ Decrementer Interrupt /
409	DECREMENTER_EXCEPTION
410
411	/ Fixed Internal Timer Interrupt /
412	/ TODO: Add FIT support /
413	EXCEPTION(`0x3100`, FIT, FixedIntervalTimer, unknown_exception)
414
415	/ Watchdog Timer Interrupt /
416	#ifdef CONFIG_BOOKE_WDT
417	CRITICAL_EXCEPTION(`0x3200`, WATCHDOG, WatchdogTimer, WatchdogException)
418	#else
419	CRITICAL_EXCEPTION(`0x3200`, WATCHDOG, WatchdogTimer, unknown_exception)
420	#endif
421
422	/ Data TLB Error Interrupt /
423	START_EXCEPTION(DataTLBError)
424	mtspr SPRN_SPRG_WSCRATCH0, r10 / Save some working registers /
425	mfspr r10, SPRN_SPRG_THREAD
426	stw r11, THREAD_NORMSAVE(`0`)(r10)
427	#ifdef CONFIG_KVM_BOOKE_HV
428	BEGIN_FTR_SECTION
429	mfspr r11, SPRN_SRR1
430	END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
431	#endif
432	stw r12, THREAD_NORMSAVE(`1`)(r10)
433	stw r13, THREAD_NORMSAVE(`2`)(r10)
434	mfcr r13
435	stw r13, THREAD_NORMSAVE(`3`)(r10)
436	DO_KVM BOOKE_INTERRUPT_DTLB_MISS SPRN_SRR1
437	START_BTB_FLUSH_SECTION
438	mfspr r11, SPRN_SRR1
439	andi. r10,r11,MSR_PR
440	beq `1f`
441	BTB_FLUSH(r10)
442	`1`:
443	END_BTB_FLUSH_SECTION
444	mfspr r10, SPRN_DEAR / Get faulting address /
445
446	/ If we are faulting a kernel address, we have to use the*
447	* kernel page tables.
448	*/
449	lis r11, PAGE_OFFSET@h
450	cmplw `5`, r10, r11
451	blt `5`, `3f`
452	lis r11, swapper_pg_dir@h
453	ori r11, r11, swapper_pg_dir@l
454
455	mfspr r12,SPRN_MAS1 / Set TID to 0 /
456	rlwinm r12,r12,`0`,`16`,`1`
457	mtspr SPRN_MAS1,r12
458
459	b `4f`
460
461	/ Get the PGD for the current thread /
462	`3`:
463	mfspr r11,SPRN_SPRG_THREAD
464	lwz r11,PGDIR(r11)
465
466	#ifdef CONFIG_PPC_KUAP
467	mfspr r12, SPRN_MAS1
468	rlwinm. r12,r12,`0`,`0x3fff0000`
469	beq `2f` / KUAP fault /
470	#endif
471
472	`4`:
473	/ Mask of required permission bits. Note that while we*
474	* do copy ESR:ST to _PAGE_WRITE position as trying to write
475	* to an RO page is pretty common, we don't do it with
476	* _PAGE_DIRTY. We could do it, but it's a fairly rare
477	* event so I'd rather take the overhead when it happens
478	* rather than adding an instruction here. We should measure
479	* whether the whole thing is worth it in the first place
480	* as we could avoid loading SPRN_ESR completely in the first
481	* place...
482	*
483	* TODO: Is it worth doing that mfspr & rlwimi in the first
484	* place or can we save a couple of instructions here ?
485	*/
486	mfspr r12,SPRN_ESR
487	#ifdef CONFIG_PTE_64BIT
488	li r13,_PAGE_PRESENT\|_PAGE_BAP_SR
489	oris r13,r13,_PAGE_ACCESSED@h
490	#else
491	li r13,_PAGE_PRESENT\|_PAGE_READ\|_PAGE_ACCESSED
492	#endif
493	rlwimi r13,r12,`11`,`29`,`29`
494
495	FIND_PTE
496	andc. r13,r13,r11 / Check permission /
497
498	#ifdef CONFIG_PTE_64BIT
499	#ifdef CONFIG_SMP
500	subf r13,r11,r12 / create false data dep /
501	lwzx r13,r11,r13 / Get upper pte bits /
502	#else
503	lwz r13,`0`(r12) / Get upper pte bits /
504	#endif
505	#endif
506
507	bne `2f` / Bail if permission/valid mismatch /
508
509	/ Jump to common tlb load /
510	b finish_tlb_load
511	`2`:
512	/ The bailout. Restore registers to pre-exception conditions*
513	* and call the heavyweights to help us out.
514	*/
515	mfspr r10, SPRN_SPRG_THREAD
516	lwz r11, THREAD_NORMSAVE(`3`)(r10)
517	mtcr r11
518	lwz r13, THREAD_NORMSAVE(`2`)(r10)
519	lwz r12, THREAD_NORMSAVE(`1`)(r10)
520	lwz r11, THREAD_NORMSAVE(`0`)(r10)
521	mfspr r10, SPRN_SPRG_RSCRATCH0
522	b DataStorage
523
524	/ Instruction TLB Error Interrupt /
525	/*
526	* Nearly the same as above, except we get our
527	* information from different registers and bailout
528	* to a different point.
529	*/
530	START_EXCEPTION(InstructionTLBError)
531	mtspr SPRN_SPRG_WSCRATCH0, r10 / Save some working registers /
532	mfspr r10, SPRN_SPRG_THREAD
533	stw r11, THREAD_NORMSAVE(`0`)(r10)
534	#ifdef CONFIG_KVM_BOOKE_HV
535	BEGIN_FTR_SECTION
536	mfspr r11, SPRN_SRR1
537	END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
538	#endif
539	stw r12, THREAD_NORMSAVE(`1`)(r10)
540	stw r13, THREAD_NORMSAVE(`2`)(r10)
541	mfcr r13
542	stw r13, THREAD_NORMSAVE(`3`)(r10)
543	DO_KVM BOOKE_INTERRUPT_ITLB_MISS SPRN_SRR1
544	START_BTB_FLUSH_SECTION
545	mfspr r11, SPRN_SRR1
546	andi. r10,r11,MSR_PR
547	beq `1f`
548	BTB_FLUSH(r10)
549	`1`:
550	END_BTB_FLUSH_SECTION
551
552	mfspr r10, SPRN_SRR0 / Get faulting address /
553
554	/ If we are faulting a kernel address, we have to use the*
555	* kernel page tables.
556	*/
557	lis r11, PAGE_OFFSET@h
558	cmplw `5`, r10, r11
559	blt `5`, `3f`
560	lis r11, swapper_pg_dir@h
561	ori r11, r11, swapper_pg_dir@l
562
563	mfspr r12,SPRN_MAS1 / Set TID to 0 /
564	rlwinm r12,r12,`0`,`16`,`1`
565	mtspr SPRN_MAS1,r12
566
567	/ Make up the required permissions for kernel code /
568	#ifdef CONFIG_PTE_64BIT
569	li r13,_PAGE_PRESENT \| _PAGE_BAP_SX
570	oris r13,r13,_PAGE_ACCESSED@h
571	#else
572	li r13,_PAGE_PRESENT \| _PAGE_ACCESSED \| _PAGE_EXEC
573	#endif
574	b `4f`
575
576	/ Get the PGD for the current thread /
577	`3`:
578	mfspr r11,SPRN_SPRG_THREAD
579	lwz r11,PGDIR(r11)
580
581	#ifdef CONFIG_PPC_KUAP
582	mfspr r12, SPRN_MAS1
583	rlwinm. r12,r12,`0`,`0x3fff0000`
584	beq `2f` / KUAP fault /
585	#endif
586
587	/ Make up the required permissions for user code /
588	#ifdef CONFIG_PTE_64BIT
589	li r13,_PAGE_PRESENT \| _PAGE_BAP_UX
590	oris r13,r13,_PAGE_ACCESSED@h
591	#else
592	li r13,_PAGE_PRESENT \| _PAGE_ACCESSED \| _PAGE_EXEC
593	#endif
594
595	`4`:
596	FIND_PTE
597	andc. r13,r13,r11 / Check permission /
598
599	#ifdef CONFIG_PTE_64BIT
600	#ifdef CONFIG_SMP
601	subf r13,r11,r12 / create false data dep /
602	lwzx r13,r11,r13 / Get upper pte bits /
603	#else
604	lwz r13,`0`(r12) / Get upper pte bits /
605	#endif
606	#endif
607
608	bne `2f` / Bail if permission mismatch /
609
610	/ Jump to common TLB load point /
611	b finish_tlb_load
612
613	`2`:
614	/ The bailout. Restore registers to pre-exception conditions*
615	* and call the heavyweights to help us out.
616	*/
617	mfspr r10, SPRN_SPRG_THREAD
618	lwz r11, THREAD_NORMSAVE(`3`)(r10)
619	mtcr r11
620	lwz r13, THREAD_NORMSAVE(`2`)(r10)
621	lwz r12, THREAD_NORMSAVE(`1`)(r10)
622	lwz r11, THREAD_NORMSAVE(`0`)(r10)
623	mfspr r10, SPRN_SPRG_RSCRATCH0
624	b InstructionStorage
625
626	/ Define SPE handlers for e500v2 /
627	#ifdef CONFIG_SPE
628	/ SPE Unavailable /
629	START_EXCEPTION(SPEUnavailable)
630	NORMAL_EXCEPTION_PROLOG(`0x2010`, SPE_UNAVAIL)
631	beq `1f`
632	bl load_up_spe
633	b fast_exception_return
634	`1`: prepare_transfer_to_handler
635	bl KernelSPE
636	b interrupt_return
637	#elif defined(CONFIG_SPE_POSSIBLE)
638	EXCEPTION(`0x2020`, SPE_UNAVAIL, SPEUnavailable, unknown_exception)
639	#endif /* CONFIG_SPE_POSSIBLE */
640
641	/ SPE Floating Point Data /
642	#ifdef CONFIG_SPE
643	START_EXCEPTION(SPEFloatingPointData)
644	NORMAL_EXCEPTION_PROLOG(`0x2030`, SPE_FP_DATA)
645	prepare_transfer_to_handler
646	bl SPEFloatingPointException
647	REST_NVGPRS(r1)
648	b interrupt_return
649
650	/ SPE Floating Point Round /
651	START_EXCEPTION(SPEFloatingPointRound)
652	NORMAL_EXCEPTION_PROLOG(`0x2050`, SPE_FP_ROUND)
653	prepare_transfer_to_handler
654	bl SPEFloatingPointRoundException
655	REST_NVGPRS(r1)
656	b interrupt_return
657	#elif defined(CONFIG_SPE_POSSIBLE)
658	EXCEPTION(`0x2040`, SPE_FP_DATA, SPEFloatingPointData, unknown_exception)
659	EXCEPTION(`0x2050`, SPE_FP_ROUND, SPEFloatingPointRound, unknown_exception)
660	#endif /* CONFIG_SPE_POSSIBLE */
661
662
663	/ Performance Monitor /
664	EXCEPTION(`0x2060`, PERFORMANCE_MONITOR, PerformanceMonitor, \
665	performance_monitor_exception)
666
667	EXCEPTION(`0x2070`, DOORBELL, Doorbell, doorbell_exception)
668
669	CRITICAL_EXCEPTION(`0x2080`, DOORBELL_CRITICAL, \
670	CriticalDoorbell, unknown_exception)
671
672	/ Debug Interrupt /
673	DEBUG_DEBUG_EXCEPTION
674	DEBUG_CRIT_EXCEPTION
675
676	GUEST_DOORBELL_EXCEPTION
677
678	CRITICAL_EXCEPTION(`0`, GUEST_DBELL_CRIT, CriticalGuestDoorbell, \
679	unknown_exception)
680
681	/ Hypercall /
682	EXCEPTION(`0`, HV_SYSCALL, Hypercall, unknown_exception)
683
684	/ Embedded Hypervisor Privilege /
685	EXCEPTION(`0`, HV_PRIV, Ehvpriv, unknown_exception)
686
687	interrupt_end:
688
689	/*
690	* Local functions
691	*/
692
693	/*
694	* Both the instruction and data TLB miss get to this
695	* point to load the TLB.
696	* r10 - tsize encoding (if HUGETLB_PAGE) or available to use
697	* r11 - TLB (info from Linux PTE)
698	* r12 - available to use
699	* r13 - upper bits of PTE (if PTE_64BIT) or available to use
700	* CR5 - results of addr >= PAGE_OFFSET
701	* MAS0, MAS1 - loaded with proper value when we get here
702	* MAS2, MAS3 - will need additional info from Linux PTE
703	* Upon exit, we reload everything and RFI.
704	*/
705	finish_tlb_load:
706	#ifdef CONFIG_HUGETLB_PAGE
707	cmpwi `6`, r10, `0` / check for huge page /
708	beq `6`, finish_tlb_load_cont / !huge /
709
710	/ Alas, we need more scratch registers for hugepages /
711	mfspr r12, SPRN_SPRG_THREAD
712	stw r14, THREAD_NORMSAVE(`4`)(r12)
713	stw r15, THREAD_NORMSAVE(`5`)(r12)
714	stw r16, THREAD_NORMSAVE(`6`)(r12)
715	stw r17, THREAD_NORMSAVE(`7`)(r12)
716
717	/ Get the next_tlbcam_idx percpu var /
718	#ifdef CONFIG_SMP
719	lwz r15, TASK_CPU-THREAD(r12)
720	lis r14, __per_cpu_offset@h
721	ori r14, r14, __per_cpu_offset@l
722	rlwinm r15, r15, `2`, `0`, `29`
723	lwzx r16, r14, r15
724	#else
725	li r16, `0`
726	#endif
727	lis r17, next_tlbcam_idx@h
728	ori r17, r17, next_tlbcam_idx@l
729	add r17, r17, r16 / r17 = next_tlbcam_idx /*
730	lwz r15, `0`(r17) / r15 = next_tlbcam_idx /
731
732	lis r14, MAS0_TLBSEL(`1`)@h / select TLB1 (TLBCAM) /
733	rlwimi r14, r15, `16`, `4`, `15` / next_tlbcam_idx entry /
734	mtspr SPRN_MAS0, r14
735
736	/ Extract TLB1CFG(NENTRY) /
737	mfspr r16, SPRN_TLB1CFG
738	andi. r16, r16, `0xfff`
739
740	/ Update next_tlbcam_idx, wrapping when necessary /
741	addi r15, r15, `1`
742	cmpw r15, r16
743	blt `100f`
744	lis r14, tlbcam_index@h
745	ori r14, r14, tlbcam_index@l
746	lwz r15, `0`(r14)
747	`100`: stw r15, `0`(r17)
748
749	/*
750	* Calc MAS1_TSIZE from r10 (which has pshift encoded)
751	* tlb_enc = (pshift - 10).
752	*/
753	subi r15, r10, `10`
754	mfspr r16, SPRN_MAS1
755	rlwimi r16, r15, `7`, `20`, `24`
756	mtspr SPRN_MAS1, r16
757
758	/ copy the pshift for use later /
759	mr r14, r10
760
761	/ fall through /
762
763	#endif /* CONFIG_HUGETLB_PAGE */
764
765	/*
766	* We set execute, because we don't have the granularity to
767	* properly set this at the page level (Linux problem).
768	* Many of these bits are software only. Bits we don't set
769	* here we (properly should) assume have the appropriate value.
770	*/
771	finish_tlb_load_cont:
772	#ifdef CONFIG_PTE_64BIT
773	rlwinm r12, r11, `32`-`2`, `26`, `31` / Move in perm bits /
774	andi. r10, r11, _PAGE_DIRTY
775	bne `1f`
776	li r10, MAS3_SW \| MAS3_UW
777	andc r12, r12, r10
778	`1`: rlwimi r12, r13, `20`, `0`, `11` / grab RPN[32:43] /
779	rlwimi r12, r11, `20`, `12`, `19` / grab RPN[44:51] /
780	`2`: mtspr SPRN_MAS3, r12
781	BEGIN_MMU_FTR_SECTION
782	srwi r10, r13, `12` / grab RPN[12:31] /
783	mtspr SPRN_MAS7, r10
784	END_MMU_FTR_SECTION_IFSET(MMU_FTR_BIG_PHYS)
785	#else
786	li r10, (_PAGE_EXEC \| _PAGE_READ)
787	mr r13, r11
788	rlwimi r10, r11, `31`, `29`, `29` / extract _PAGE_DIRTY into SW /
789	and r12, r11, r10
790	mcrf cr0, cr5 / Test for user page /
791	slwi r10, r12, `1`
792	or r10, r10, r12
793	rlwinm r10, r10, `0`, ~_PAGE_EXEC / Clear SX on user pages /
794	isellt r12, r10, r12
795	rlwimi r13, r12, `0`, `20`, `31` / Get RPN from PTE, merge w/ perms /
796	mtspr SPRN_MAS3, r13
797	#endif
798
799	mfspr r12, SPRN_MAS2
800	#ifdef CONFIG_PTE_64BIT
801	rlwimi r12, r11, `32`-`19`, `27`, `31` / extract WIMGE from pte /
802	#else
803	rlwimi r12, r11, `26`, `27`, `31` / extract WIMGE from pte /
804	#endif
805	#ifdef CONFIG_HUGETLB_PAGE
806	beq `6`, `3f` / don't mask if page isn't huge /
807	li r13, `1`
808	slw r13, r13, r14
809	subi r13, r13, `1`
810	rlwinm r13, r13, `0`, `0`, `19` / bottom bits used for WIMGE/etc /
811	andc r12, r12, r13 / mask off ea bits within the page /
812	#endif
813	`3`: mtspr SPRN_MAS2, r12
814
815	tlb_write_entry:
816	tlbwe
817
818	/ Done...restore registers and get out of here. /
819	mfspr r10, SPRN_SPRG_THREAD
820	#ifdef CONFIG_HUGETLB_PAGE
821	beq `6`, `8f` / skip restore for 4k page faults /
822	lwz r14, THREAD_NORMSAVE(`4`)(r10)
823	lwz r15, THREAD_NORMSAVE(`5`)(r10)
824	lwz r16, THREAD_NORMSAVE(`6`)(r10)
825	lwz r17, THREAD_NORMSAVE(`7`)(r10)
826	#endif
827	`8`: lwz r11, THREAD_NORMSAVE(`3`)(r10)
828	mtcr r11
829	lwz r13, THREAD_NORMSAVE(`2`)(r10)
830	lwz r12, THREAD_NORMSAVE(`1`)(r10)
831	lwz r11, THREAD_NORMSAVE(`0`)(r10)
832	mfspr r10, SPRN_SPRG_RSCRATCH0
833	rfi / Force context change /
834
835	#ifdef CONFIG_SPE
836	/ Note that the SPE support is closely modeled after the AltiVec*
837	* support. Changes to one are likely to be applicable to the
838	* other! */
839	_GLOBAL(load_up_spe)
840	/*
841	* Disable SPE for the task which had SPE previously,
842	* and save its SPE registers in its thread_struct.
843	* Enables SPE for use in the kernel on return.
844	* On SMP we know the SPE units are free, since we give it up every
845	* switch. -- Kumar
846	*/
847	mfmsr r5
848	oris r5,r5,MSR_SPE@h
849	mtmsr r5 / enable use of SPE now /
850	isync
851	/ enable use of SPE after return /
852	oris r9,r9,MSR_SPE@h
853	mfspr r5,SPRN_SPRG_THREAD / current task's THREAD (phys) /
854	li r4,`1`
855	li r10,THREAD_ACC
856	stw r4,THREAD_USED_SPE(r5)
857	evlddx evr4,r10,r5
858	evmra evr4,evr4
859	REST_32EVRS(`0`,r10,r5,THREAD_EVR0)
860	blr
861
862	/*
863	* SPE unavailable trap from kernel - print a message, but let
864	* the task use SPE in the kernel until it returns to user mode.
865	*/
866	SYM_FUNC_START_LOCAL(KernelSPE)
867	lwz r3,_MSR(r1)
868	oris r3,r3,MSR_SPE@h
869	stw r3,_MSR(r1) / enable use of SPE after return /
870	#ifdef CONFIG_PRINTK
871	lis r3,`87f`@h
872	ori r3,r3,`87f`@l
873	mr r4,r2 / current /
874	lwz r5,_NIP(r1)
875	bl _printk
876	#endif
877	b interrupt_return
878	#ifdef CONFIG_PRINTK
879	`87`: .string "SPE used in kernel (task=%p, pc=%x) \n"
880	#endif
881	.align `4`,`0`
882
883	SYM_FUNC_END(KernelSPE)
884	#endif /* CONFIG_SPE */
885
886	/*
887	* Translate the effec addr in r3 to phys addr. The phys addr will be put
888	* into r3(higher 32bit) and r4(lower 32bit)
889	*/
890	SYM_FUNC_START_LOCAL(get_phys_addr)
891	mfmsr r8
892	mfspr r9,SPRN_PID
893	rlwinm r9,r9,`16`,`0x3fff0000` / turn PID into MAS6[SPID] /
894	rlwimi r9,r8,`28`,`0x00000001` / turn MSR[DS] into MAS6[SAS] /
895	mtspr SPRN_MAS6,r9
896
897	tlbsx `0`,r3 / must succeed /
898
899	mfspr r8,SPRN_MAS1
900	mfspr r12,SPRN_MAS3
901	rlwinm r9,r8,`25`,`0x1f` / r9 = log2(page size) /
902	li r10,`1024`
903	slw r10,r10,r9 / r10 = page size /
904	addi r10,r10,-`1`
905	and r11,r3,r10 / r11 = page offset /
906	andc r4,r12,r10 / r4 = page base /
907	or r4,r4,r11 / r4 = devtree phys addr /
908	#ifdef CONFIG_PHYS_64BIT
909	mfspr r3,SPRN_MAS7
910	#endif
911	blr
912	SYM_FUNC_END(get_phys_addr)
913
914	/*
915	* Global functions
916	*/
917
918	#ifdef CONFIG_PPC_E500
919	#ifndef CONFIG_PPC_E500MC
920	/ Adjust or setup IVORs for e500v1/v2 /
921	_GLOBAL(__setup_e500_ivors)
922	li r3,DebugCrit@l
923	mtspr SPRN_IVOR15,r3
924	li r3,SPEUnavailable@l
925	mtspr SPRN_IVOR32,r3
926	li r3,SPEFloatingPointData@l
927	mtspr SPRN_IVOR33,r3
928	li r3,SPEFloatingPointRound@l
929	mtspr SPRN_IVOR34,r3
930	li r3,PerformanceMonitor@l
931	mtspr SPRN_IVOR35,r3
932	sync
933	blr
934	#else
935	/ Adjust or setup IVORs for e500mc /
936	_GLOBAL(__setup_e500mc_ivors)
937	li r3,DebugDebug@l
938	mtspr SPRN_IVOR15,r3
939	li r3,PerformanceMonitor@l
940	mtspr SPRN_IVOR35,r3
941	li r3,Doorbell@l
942	mtspr SPRN_IVOR36,r3
943	li r3,CriticalDoorbell@l
944	mtspr SPRN_IVOR37,r3
945	sync
946	blr
947
948	/ setup ehv ivors for /
949	_GLOBAL(__setup_ehv_ivors)
950	li r3,GuestDoorbell@l
951	mtspr SPRN_IVOR38,r3
952	li r3,CriticalGuestDoorbell@l
953	mtspr SPRN_IVOR39,r3
954	li r3,Hypercall@l
955	mtspr SPRN_IVOR40,r3
956	li r3,Ehvpriv@l
957	mtspr SPRN_IVOR41,r3
958	sync
959	blr
960	#endif /* CONFIG_PPC_E500MC */
961	#endif /* CONFIG_PPC_E500 */
962
963	#ifdef CONFIG_SPE
964	/*
965	* extern void __giveup_spe(struct task_struct *prev)
966	*
967	*/
968	_GLOBAL(__giveup_spe)
969	addi r3,r3,THREAD / want THREAD of task /
970	lwz r5,PT_REGS(r3)
971	cmpi `0`,r5,`0`
972	SAVE_32EVRS(`0`, r4, r3, THREAD_EVR0)
973	evxor evr6, evr6, evr6 / clear out evr6 /
974	evmwumiaa evr6, evr6, evr6 / evr6 <- ACC = 0 * 0 + ACC /
975	li r4,THREAD_ACC
976	evstddx evr6, r4, r3 / save off accumulator /
977	beq `1f`
978	lwz r4,_MSR-STACK_INT_FRAME_REGS(r5)
979	lis r3,MSR_SPE@h
980	andc r4,r4,r3 / disable SPE for previous task /
981	stw r4,_MSR-STACK_INT_FRAME_REGS(r5)
982	`1`:
983	blr
984	#endif /* CONFIG_SPE */
985
986	/*
987	* extern void abort(void)
988	*
989	* At present, this routine just applies a system reset.
990	*/
991	_GLOBAL(abort)
992	li r13,`0`
993	mtspr SPRN_DBCR0,r13 / disable all debug events /
994	isync
995	mfmsr r13
996	ori r13,r13,MSR_DE@l / Enable Debug Events /
997	mtmsr r13
998	isync
999	mfspr r13,SPRN_DBCR0
1000	lis r13,(DBCR0_IDM\|DBCR0_RST_CHIP)@h
1001	mtspr SPRN_DBCR0,r13
1002	isync
1003
1004	#ifdef CONFIG_SMP
1005	/ When we get here, r24 needs to hold the CPU # /
1006	.globl __secondary_start
1007	__secondary_start:
1008	LOAD_REG_ADDR_PIC(r3, tlbcam_index)
1009	lwz r3,`0`(r3)
1010	mtctr r3
1011	li r26,`0` / r26 safe? /
1012
1013	bl switch_to_as1
1014	mr r27,r3 / tlb entry /
1015	/ Load each CAM entry /
1016	`1`: mr r3,r26
1017	bl loadcam_entry
1018	addi r26,r26,`1`
1019	bdnz `1b`
1020	mr r3,r27 / tlb entry /
1021	LOAD_REG_ADDR_PIC(r4, memstart_addr)
1022	lwz r4,`0`(r4)
1023	mr r5,r25 / phys kernel start /
1024	rlwinm r5,r5,`0`,~`0x3ffffff` / aligned 64M /
1025	subf r4,r5,r4 / memstart_addr - phys kernel start /
1026	lis r7,KERNELBASE@h
1027	ori r7,r7,KERNELBASE@l
1028	cmpw r20,r7 / if kernstart_virt_addr != KERNELBASE, randomized /
1029	beq `2f`
1030	li r4,`0`
1031	`2`: li r5,`0` / no device tree /
1032	li r6,`0` / not boot cpu /
1033	bl restore_to_as0
1034
1035
1036	lis r3,__secondary_hold_acknowledge@h
1037	ori r3,r3,__secondary_hold_acknowledge@l
1038	stw r24,`0`(r3)
1039
1040	li r3,`0`
1041	mr r4,r24 / Why? /
1042	bl call_setup_cpu
1043
1044	/ get current's stack and current /
1045	lis r2,secondary_current@ha
1046	lwz r2,secondary_current@l(r2)
1047	lwz r1,TASK_STACK(r2)
1048
1049	/ stack /
1050	addi r1,r1,THREAD_SIZE-STACK_FRAME_MIN_SIZE
1051	li r0,`0`
1052	stw r0,`0`(r1)
1053
1054	/ ptr to current thread /
1055	addi r4,r2,THREAD / address of our thread_struct /
1056	mtspr SPRN_SPRG_THREAD,r4
1057
1058	/ Setup the defaults for TLB entries /
1059	li r4,(MAS4_TSIZED(BOOK3E_PAGESZ_4K))@l
1060	mtspr SPRN_MAS4,r4
1061
1062	/ Jump to start_secondary /
1063	lis r4,MSR_KERNEL@h
1064	ori r4,r4,MSR_KERNEL@l
1065	lis r3,start_secondary@h
1066	ori r3,r3,start_secondary@l
1067	mtspr SPRN_SRR0,r3
1068	mtspr SPRN_SRR1,r4
1069	sync
1070	rfi
1071	sync
1072
1073	.globl __secondary_hold_acknowledge
1074	__secondary_hold_acknowledge:
1075	.long -`1`
1076	#endif
1077
1078	/*
1079	* Create a 64M tlb by address and entry
1080	* r3 - entry
1081	* r4 - virtual address
1082	* r5/r6 - physical address
1083	*/
1084	_GLOBAL(create_kaslr_tlb_entry)
1085	lis r7,`0x1000` / Set MAS0(TLBSEL) = 1 /
1086	rlwimi r7,r3,`16`,`4`,`15` / Setup MAS0 = TLBSEL \| ESEL(r6) /
1087	mtspr SPRN_MAS0,r7 / Write MAS0 /
1088
1089	lis r3,(MAS1_VALID\|MAS1_IPROT)@h
1090	ori r3,r3,(MAS1_TSIZE(BOOK3E_PAGESZ_64M))@l
1091	mtspr SPRN_MAS1,r3 / Write MAS1 /
1092
1093	lis r3,MAS2_EPN_MASK(BOOK3E_PAGESZ_64M)@h
1094	ori r3,r3,MAS2_EPN_MASK(BOOK3E_PAGESZ_64M)@l
1095	and r3,r3,r4
1096	ori r3,r3,MAS2_M_IF_NEEDED@l
1097	mtspr SPRN_MAS2,r3 / Write MAS2(EPN) /
1098
1099	#ifdef CONFIG_PHYS_64BIT
1100	ori r8,r6,(MAS3_SW\|MAS3_SR\|MAS3_SX)
1101	mtspr SPRN_MAS3,r8 / Write MAS3(RPN) /
1102	mtspr SPRN_MAS7,r5
1103	#else
1104	ori r8,r5,(MAS3_SW\|MAS3_SR\|MAS3_SX)
1105	mtspr SPRN_MAS3,r8 / Write MAS3(RPN) /
1106	#endif
1107
1108	tlbwe / Write TLB /
1109	isync
1110	sync
1111	blr
1112
1113	/*
1114	* Return to the start of the relocated kernel and run again
1115	* r3 - virtual address of fdt
1116	* r4 - entry of the kernel
1117	*/
1118	_GLOBAL(reloc_kernel_entry)
1119	mfmsr r7
1120	rlwinm r7, r7, `0`, ~(MSR_IS \| MSR_DS)
1121
1122	mtspr SPRN_SRR0,r4
1123	mtspr SPRN_SRR1,r7
1124	rfi
1125
1126	/*
1127	* Create a tlb entry with the same effective and physical address as
1128	* the tlb entry used by the current running code. But set the TS to 1.
1129	* Then switch to the address space 1. It will return with the r3 set to
1130	* the ESEL of the new created tlb.
1131	*/
1132	_GLOBAL(switch_to_as1)
1133	mflr r5
1134
1135	/ Find a entry not used /
1136	mfspr r3,SPRN_TLB1CFG
1137	andi. r3,r3,`0xfff`
1138	mfspr r4,SPRN_PID
1139	rlwinm r4,r4,`16`,`0x3fff0000` / turn PID into MAS6[SPID] /
1140	mtspr SPRN_MAS6,r4
1141	`1`: lis r4,`0x1000` / Set MAS0(TLBSEL) = 1 /
1142	addi r3,r3,-`1`
1143	rlwimi r4,r3,`16`,`4`,`15` / Setup MAS0 = TLBSEL \| ESEL(r3) /
1144	mtspr SPRN_MAS0,r4
1145	tlbre
1146	mfspr r4,SPRN_MAS1
1147	andis. r4,r4,MAS1_VALID@h
1148	bne `1b`
1149
1150	/ Get the tlb entry used by the current running code /
1151	bcl `20`,`31`,$+`4`
1152	`0`: mflr r4
1153	tlbsx `0`,r4
1154
1155	mfspr r4,SPRN_MAS1
1156	ori r4,r4,MAS1_TS / Set the TS = 1 /
1157	mtspr SPRN_MAS1,r4
1158
1159	mfspr r4,SPRN_MAS0
1160	rlwinm r4,r4,`0`,~MAS0_ESEL_MASK
1161	rlwimi r4,r3,`16`,`4`,`15` / Setup MAS0 = TLBSEL \| ESEL(r3) /
1162	mtspr SPRN_MAS0,r4
1163	tlbwe
1164	isync
1165	sync
1166
1167	mfmsr r4
1168	ori r4,r4,MSR_IS \| MSR_DS
1169	mtspr SPRN_SRR0,r5
1170	mtspr SPRN_SRR1,r4
1171	sync
1172	rfi
1173
1174	/*
1175	* Restore to the address space 0 and also invalidate the tlb entry created
1176	* by switch_to_as1.
1177	* r3 - the tlb entry which should be invalidated
1178	* r4 - __pa(PAGE_OFFSET in AS1) - __pa(PAGE_OFFSET in AS0)
1179	* r5 - device tree virtual address. If r4 is 0, r5 is ignored.
1180	* r6 - boot cpu
1181	*/
1182	_GLOBAL(restore_to_as0)
1183	mflr r0
1184
1185	bcl `20`,`31`,$+`4`
1186	`0`: mflr r9
1187	addi r9,r9,`1f` - `0b`
1188
1189	/*
1190	* We may map the PAGE_OFFSET in AS0 to a different physical address,
1191	* so we need calculate the right jump and device tree address based
1192	* on the offset passed by r4.
1193	*/
1194	add r9,r9,r4
1195	add r5,r5,r4
1196	add r0,r0,r4
1197
1198	`2`: mfmsr r7
1199	li r8,(MSR_IS \| MSR_DS)
1200	andc r7,r7,r8
1201
1202	mtspr SPRN_SRR0,r9
1203	mtspr SPRN_SRR1,r7
1204	sync
1205	rfi
1206
1207	/ Invalidate the temporary tlb entry for AS1 /
1208	`1`: lis r9,`0x1000` / Set MAS0(TLBSEL) = 1 /
1209	rlwimi r9,r3,`16`,`4`,`15` / Setup MAS0 = TLBSEL \| ESEL(r3) /
1210	mtspr SPRN_MAS0,r9
1211	tlbre
1212	mfspr r9,SPRN_MAS1
1213	rlwinm r9,r9,`0`,`2`,`31` / Clear MAS1 Valid and IPPROT /
1214	mtspr SPRN_MAS1,r9
1215	tlbwe
1216	isync
1217
1218	cmpwi r4,`0`
1219	cmpwi cr1,r6,`0`
1220	cror eq,`4`*cr1+eq,eq
1221	bne `3f` / offset != 0 && is_boot_cpu /
1222	mtlr r0
1223	blr
1224
1225	/*
1226	* The PAGE_OFFSET will map to a different physical address,
1227	* jump to _start to do another relocation again.
1228	*/
1229	`3`: mr r3,r5
1230	bl _start
1231

source code of linux/arch/powerpc/kernel/head_85xx.S