1/* 2 * Low-level CPU initialisation 3 * Based on arch/arm/kernel/head.S 4 * 5 * Copyright (C) 1994-2002 Russell King 6 * Copyright (C) 2003-2012 ARM Ltd. 7 * Authors: Catalin Marinas <catalin.marinas@arm.com> 8 * Will Deacon <will.deacon@arm.com> 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License version 2 as 12 * published by the Free Software Foundation. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program. If not, see <http://www.gnu.org/licenses/>. 21 */ 22 23#include <linux/linkage.h> 24#include <linux/init.h> 25#include <linux/irqchip/arm-gic-v3.h> 26 27#include <asm/assembler.h> 28#include <asm/boot.h> 29#include <asm/ptrace.h> 30#include <asm/asm-offsets.h> 31#include <asm/cache.h> 32#include <asm/cputype.h> 33#include <asm/elf.h> 34#include <asm/kernel-pgtable.h> 35#include <asm/kvm_arm.h> 36#include <asm/memory.h> 37#include <asm/pgtable-hwdef.h> 38#include <asm/pgtable.h> 39#include <asm/page.h> 40#include <asm/smp.h> 41#include <asm/sysreg.h> 42#include <asm/thread_info.h> 43#include <asm/virt.h> 44 45#include "efi-header.S" 46 47#define __PHYS_OFFSET (KERNEL_START - TEXT_OFFSET) 48 49#if (TEXT_OFFSET & 0xfff) != 0 50#error TEXT_OFFSET must be at least 4KB aligned 51#elif (PAGE_OFFSET & 0x1fffff) != 0 52#error PAGE_OFFSET must be at least 2MB aligned 53#elif TEXT_OFFSET > 0x1fffff 54#error TEXT_OFFSET must be less than 2MB 55#endif 56 57/* 58 * Kernel startup entry point. 59 * --------------------------- 60 * 61 * The requirements are: 62 * MMU = off, D-cache = off, I-cache = on or off, 63 * x0 = physical address to the FDT blob. 64 * 65 * This code is mostly position independent so you call this at 66 * __pa(PAGE_OFFSET + TEXT_OFFSET). 67 * 68 * Note that the callee-saved registers are used for storing variables 69 * that are useful before the MMU is enabled. The allocations are described 70 * in the entry routines. 71 */ 72 __HEAD 73_head: 74 /* 75 * DO NOT MODIFY. Image header expected by Linux boot-loaders. 76 */ 77#ifdef CONFIG_EFI 78 /* 79 * This add instruction has no meaningful effect except that 80 * its opcode forms the magic "MZ" signature required by UEFI. 81 */ 82 add x13, x18, #0x16 83 b stext 84#else 85 b stext // branch to kernel start, magic 86 .long 0 // reserved 87#endif 88 le64sym _kernel_offset_le // Image load offset from start of RAM, little-endian 89 le64sym _kernel_size_le // Effective size of kernel image, little-endian 90 le64sym _kernel_flags_le // Informative flags, little-endian 91 .quad 0 // reserved 92 .quad 0 // reserved 93 .quad 0 // reserved 94 .ascii "ARM\x64" // Magic number 95#ifdef CONFIG_EFI 96 .long pe_header - _head // Offset to the PE header. 97 98pe_header: 99 __EFI_PE_HEADER 100#else 101 .long 0 // reserved 102#endif 103 104 __INIT 105 106 /* 107 * The following callee saved general purpose registers are used on the 108 * primary lowlevel boot path: 109 * 110 * Register Scope Purpose 111 * x21 stext() .. start_kernel() FDT pointer passed at boot in x0 112 * x23 stext() .. start_kernel() physical misalignment/KASLR offset 113 * x28 __create_page_tables() callee preserved temp register 114 * x19/x20 __primary_switch() callee preserved temp registers 115 */ 116ENTRY(stext) 117 bl preserve_boot_args 118 bl el2_setup // Drop to EL1, w0=cpu_boot_mode 119 adrp x23, __PHYS_OFFSET 120 and x23, x23, MIN_KIMG_ALIGN - 1 // KASLR offset, defaults to 0 121 bl set_cpu_boot_mode_flag 122 bl __create_page_tables 123 /* 124 * The following calls CPU setup code, see arch/arm64/mm/proc.S for 125 * details. 126 * On return, the CPU will be ready for the MMU to be turned on and 127 * the TCR will have been set. 128 */ 129 bl __cpu_setup // initialise processor 130 b __primary_switch 131ENDPROC(stext) 132 133/* 134 * Preserve the arguments passed by the bootloader in x0 .. x3 135 */ 136preserve_boot_args: 137 mov x21, x0 // x21=FDT 138 139 adr_l x0, boot_args // record the contents of 140 stp x21, x1, [x0] // x0 .. x3 at kernel entry 141 stp x2, x3, [x0, #16] 142 143 dmb sy // needed before dc ivac with 144 // MMU off 145 146 mov x1, #0x20 // 4 x 8 bytes 147 b __inval_dcache_area // tail call 148ENDPROC(preserve_boot_args) 149 150/* 151 * Macro to create a table entry to the next page. 152 * 153 * tbl: page table address 154 * virt: virtual address 155 * shift: #imm page table shift 156 * ptrs: #imm pointers per table page 157 * 158 * Preserves: virt 159 * Corrupts: ptrs, tmp1, tmp2 160 * Returns: tbl -> next level table page address 161 */ 162 .macro create_table_entry, tbl, virt, shift, ptrs, tmp1, tmp2 163 add \tmp1, \tbl, #PAGE_SIZE 164 phys_to_pte \tmp2, \tmp1 165 orr \tmp2, \tmp2, #PMD_TYPE_TABLE // address of next table and entry type 166 lsr \tmp1, \virt, #\shift 167 sub \ptrs, \ptrs, #1 168 and \tmp1, \tmp1, \ptrs // table index 169 str \tmp2, [\tbl, \tmp1, lsl #3] 170 add \tbl, \tbl, #PAGE_SIZE // next level table page 171 .endm 172 173/* 174 * Macro to populate page table entries, these entries can be pointers to the next level 175 * or last level entries pointing to physical memory. 176 * 177 * tbl: page table address 178 * rtbl: pointer to page table or physical memory 179 * index: start index to write 180 * eindex: end index to write - [index, eindex] written to 181 * flags: flags for pagetable entry to or in 182 * inc: increment to rtbl between each entry 183 * tmp1: temporary variable 184 * 185 * Preserves: tbl, eindex, flags, inc 186 * Corrupts: index, tmp1 187 * Returns: rtbl 188 */ 189 .macro populate_entries, tbl, rtbl, index, eindex, flags, inc, tmp1 190.Lpe\@: phys_to_pte \tmp1, \rtbl 191 orr \tmp1, \tmp1, \flags // tmp1 = table entry 192 str \tmp1, [\tbl, \index, lsl #3] 193 add \rtbl, \rtbl, \inc // rtbl = pa next level 194 add \index, \index, #1 195 cmp \index, \eindex 196 b.ls .Lpe\@ 197 .endm 198 199/* 200 * Compute indices of table entries from virtual address range. If multiple entries 201 * were needed in the previous page table level then the next page table level is assumed 202 * to be composed of multiple pages. (This effectively scales the end index). 203 * 204 * vstart: virtual address of start of range 205 * vend: virtual address of end of range 206 * shift: shift used to transform virtual address into index 207 * ptrs: number of entries in page table 208 * istart: index in table corresponding to vstart 209 * iend: index in table corresponding to vend 210 * count: On entry: how many extra entries were required in previous level, scales 211 * our end index. 212 * On exit: returns how many extra entries required for next page table level 213 * 214 * Preserves: vstart, vend, shift, ptrs 215 * Returns: istart, iend, count 216 */ 217 .macro compute_indices, vstart, vend, shift, ptrs, istart, iend, count 218 lsr \iend, \vend, \shift 219 mov \istart, \ptrs 220 sub \istart, \istart, #1 221 and \iend, \iend, \istart // iend = (vend >> shift) & (ptrs - 1) 222 mov \istart, \ptrs 223 mul \istart, \istart, \count 224 add \iend, \iend, \istart // iend += (count - 1) * ptrs 225 // our entries span multiple tables 226 227 lsr \istart, \vstart, \shift 228 mov \count, \ptrs 229 sub \count, \count, #1 230 and \istart, \istart, \count 231 232 sub \count, \iend, \istart 233 .endm 234 235/* 236 * Map memory for specified virtual address range. Each level of page table needed supports 237 * multiple entries. If a level requires n entries the next page table level is assumed to be 238 * formed from n pages. 239 * 240 * tbl: location of page table 241 * rtbl: address to be used for first level page table entry (typically tbl + PAGE_SIZE) 242 * vstart: start address to map 243 * vend: end address to map - we map [vstart, vend] 244 * flags: flags to use to map last level entries 245 * phys: physical address corresponding to vstart - physical memory is contiguous 246 * pgds: the number of pgd entries 247 * 248 * Temporaries: istart, iend, tmp, count, sv - these need to be different registers 249 * Preserves: vstart, vend, flags 250 * Corrupts: tbl, rtbl, istart, iend, tmp, count, sv 251 */ 252 .macro map_memory, tbl, rtbl, vstart, vend, flags, phys, pgds, istart, iend, tmp, count, sv 253 add \rtbl, \tbl, #PAGE_SIZE 254 mov \sv, \rtbl 255 mov \count, #0 256 compute_indices \vstart, \vend, #PGDIR_SHIFT, \pgds, \istart, \iend, \count 257 populate_entries \tbl, \rtbl, \istart, \iend, #PMD_TYPE_TABLE, #PAGE_SIZE, \tmp 258 mov \tbl, \sv 259 mov \sv, \rtbl 260 261#if SWAPPER_PGTABLE_LEVELS > 3 262 compute_indices \vstart, \vend, #PUD_SHIFT, #PTRS_PER_PUD, \istart, \iend, \count 263 populate_entries \tbl, \rtbl, \istart, \iend, #PMD_TYPE_TABLE, #PAGE_SIZE, \tmp 264 mov \tbl, \sv 265 mov \sv, \rtbl 266#endif 267 268#if SWAPPER_PGTABLE_LEVELS > 2 269 compute_indices \vstart, \vend, #SWAPPER_TABLE_SHIFT, #PTRS_PER_PMD, \istart, \iend, \count 270 populate_entries \tbl, \rtbl, \istart, \iend, #PMD_TYPE_TABLE, #PAGE_SIZE, \tmp 271 mov \tbl, \sv 272#endif 273 274 compute_indices \vstart, \vend, #SWAPPER_BLOCK_SHIFT, #PTRS_PER_PTE, \istart, \iend, \count 275 bic \count, \phys, #SWAPPER_BLOCK_SIZE - 1 276 populate_entries \tbl, \count, \istart, \iend, \flags, #SWAPPER_BLOCK_SIZE, \tmp 277 .endm 278 279/* 280 * Setup the initial page tables. We only setup the barest amount which is 281 * required to get the kernel running. The following sections are required: 282 * - identity mapping to enable the MMU (low address, TTBR0) 283 * - first few MB of the kernel linear mapping to jump to once the MMU has 284 * been enabled 285 */ 286__create_page_tables: 287 mov x28, lr 288 289 /* 290 * Invalidate the idmap and swapper page tables to avoid potential 291 * dirty cache lines being evicted. 292 */ 293 adrp x0, idmap_pg_dir 294 adrp x1, swapper_pg_end 295 sub x1, x1, x0 296 bl __inval_dcache_area 297 298 /* 299 * Clear the idmap and swapper page tables. 300 */ 301 adrp x0, idmap_pg_dir 302 adrp x1, swapper_pg_end 303 sub x1, x1, x0 3041: stp xzr, xzr, [x0], #16 305 stp xzr, xzr, [x0], #16 306 stp xzr, xzr, [x0], #16 307 stp xzr, xzr, [x0], #16 308 subs x1, x1, #64 309 b.ne 1b 310 311 mov x7, SWAPPER_MM_MMUFLAGS 312 313 /* 314 * Create the identity mapping. 315 */ 316 adrp x0, idmap_pg_dir 317 adrp x3, __idmap_text_start // __pa(__idmap_text_start) 318 319 /* 320 * VA_BITS may be too small to allow for an ID mapping to be created 321 * that covers system RAM if that is located sufficiently high in the 322 * physical address space. So for the ID map, use an extended virtual 323 * range in that case, and configure an additional translation level 324 * if needed. 325 * 326 * Calculate the maximum allowed value for TCR_EL1.T0SZ so that the 327 * entire ID map region can be mapped. As T0SZ == (64 - #bits used), 328 * this number conveniently equals the number of leading zeroes in 329 * the physical address of __idmap_text_end. 330 */ 331 adrp x5, __idmap_text_end 332 clz x5, x5 333 cmp x5, TCR_T0SZ(VA_BITS) // default T0SZ small enough? 334 b.ge 1f // .. then skip VA range extension 335 336 adr_l x6, idmap_t0sz 337 str x5, [x6] 338 dmb sy 339 dc ivac, x6 // Invalidate potentially stale cache line 340 341#if (VA_BITS < 48) 342#define EXTRA_SHIFT (PGDIR_SHIFT + PAGE_SHIFT - 3) 343#define EXTRA_PTRS (1 << (PHYS_MASK_SHIFT - EXTRA_SHIFT)) 344 345 /* 346 * If VA_BITS < 48, we have to configure an additional table level. 347 * First, we have to verify our assumption that the current value of 348 * VA_BITS was chosen such that all translation levels are fully 349 * utilised, and that lowering T0SZ will always result in an additional 350 * translation level to be configured. 351 */ 352#if VA_BITS != EXTRA_SHIFT 353#error "Mismatch between VA_BITS and page size/number of translation levels" 354#endif 355 356 mov x4, EXTRA_PTRS 357 create_table_entry x0, x3, EXTRA_SHIFT, x4, x5, x6 358#else 359 /* 360 * If VA_BITS == 48, we don't have to configure an additional 361 * translation level, but the top-level table has more entries. 362 */ 363 mov x4, #1 << (PHYS_MASK_SHIFT - PGDIR_SHIFT) 364 str_l x4, idmap_ptrs_per_pgd, x5 365#endif 3661: 367 ldr_l x4, idmap_ptrs_per_pgd 368 mov x5, x3 // __pa(__idmap_text_start) 369 adr_l x6, __idmap_text_end // __pa(__idmap_text_end) 370 371 map_memory x0, x1, x3, x6, x7, x3, x4, x10, x11, x12, x13, x14 372 373 /* 374 * Map the kernel image (starting with PHYS_OFFSET). 375 */ 376 adrp x0, swapper_pg_dir 377 mov_q x5, KIMAGE_VADDR + TEXT_OFFSET // compile time __va(_text) 378 add x5, x5, x23 // add KASLR displacement 379 mov x4, PTRS_PER_PGD 380 adrp x6, _end // runtime __pa(_end) 381 adrp x3, _text // runtime __pa(_text) 382 sub x6, x6, x3 // _end - _text 383 add x6, x6, x5 // runtime __va(_end) 384 385 map_memory x0, x1, x5, x6, x7, x3, x4, x10, x11, x12, x13, x14 386 387 /* 388 * Since the page tables have been populated with non-cacheable 389 * accesses (MMU disabled), invalidate the idmap and swapper page 390 * tables again to remove any speculatively loaded cache lines. 391 */ 392 adrp x0, idmap_pg_dir 393 adrp x1, swapper_pg_end 394 sub x1, x1, x0 395 dmb sy 396 bl __inval_dcache_area 397 398 ret x28 399ENDPROC(__create_page_tables) 400 .ltorg 401 402/* 403 * The following fragment of code is executed with the MMU enabled. 404 * 405 * x0 = __PHYS_OFFSET 406 */ 407__primary_switched: 408 adrp x4, init_thread_union 409 add sp, x4, #THREAD_SIZE 410 adr_l x5, init_task 411 msr sp_el0, x5 // Save thread_info 412 413 adr_l x8, vectors // load VBAR_EL1 with virtual 414 msr vbar_el1, x8 // vector table address 415 isb 416 417 stp xzr, x30, [sp, #-16]! 418 mov x29, sp 419 420 str_l x21, __fdt_pointer, x5 // Save FDT pointer 421 422 ldr_l x4, kimage_vaddr // Save the offset between 423 sub x4, x4, x0 // the kernel virtual and 424 str_l x4, kimage_voffset, x5 // physical mappings 425 426 // Clear BSS 427 adr_l x0, __bss_start 428 mov x1, xzr 429 adr_l x2, __bss_stop 430 sub x2, x2, x0 431 bl __pi_memset 432 dsb ishst // Make zero page visible to PTW 433 434#ifdef CONFIG_KASAN 435 bl kasan_early_init 436#endif 437#ifdef CONFIG_RANDOMIZE_BASE 438 tst x23, ~(MIN_KIMG_ALIGN - 1) // already running randomized? 439 b.ne 0f 440 mov x0, x21 // pass FDT address in x0 441 bl kaslr_early_init // parse FDT for KASLR options 442 cbz x0, 0f // KASLR disabled? just proceed 443 orr x23, x23, x0 // record KASLR offset 444 ldp x29, x30, [sp], #16 // we must enable KASLR, return 445 ret // to __primary_switch() 4460: 447#endif 448 add sp, sp, #16 449 mov x29, #0 450 mov x30, #0 451 b start_kernel 452ENDPROC(__primary_switched) 453 454/* 455 * end early head section, begin head code that is also used for 456 * hotplug and needs to have the same protections as the text region 457 */ 458 .section ".idmap.text","awx" 459 460ENTRY(kimage_vaddr) 461 .quad _text - TEXT_OFFSET 462 463/* 464 * If we're fortunate enough to boot at EL2, ensure that the world is 465 * sane before dropping to EL1. 466 * 467 * Returns either BOOT_CPU_MODE_EL1 or BOOT_CPU_MODE_EL2 in w0 if 468 * booted in EL1 or EL2 respectively. 469 */ 470ENTRY(el2_setup) 471 msr SPsel, #1 // We want to use SP_EL{1,2} 472 mrs x0, CurrentEL 473 cmp x0, #CurrentEL_EL2 474 b.eq 1f 475 mov_q x0, (SCTLR_EL1_RES1 | ENDIAN_SET_EL1) 476 msr sctlr_el1, x0 477 mov w0, #BOOT_CPU_MODE_EL1 // This cpu booted in EL1 478 isb 479 ret 480 4811: mov_q x0, (SCTLR_EL2_RES1 | ENDIAN_SET_EL2) 482 msr sctlr_el2, x0 483 484#ifdef CONFIG_ARM64_VHE 485 /* 486 * Check for VHE being present. For the rest of the EL2 setup, 487 * x2 being non-zero indicates that we do have VHE, and that the 488 * kernel is intended to run at EL2. 489 */ 490 mrs x2, id_aa64mmfr1_el1 491 ubfx x2, x2, #8, #4 492#else 493 mov x2, xzr 494#endif 495 496 /* Hyp configuration. */ 497 mov x0, #HCR_RW // 64-bit EL1 498 cbz x2, set_hcr 499 orr x0, x0, #HCR_TGE // Enable Host Extensions 500 orr x0, x0, #HCR_E2H 501set_hcr: 502 msr hcr_el2, x0 503 isb 504 505 /* 506 * Allow Non-secure EL1 and EL0 to access physical timer and counter. 507 * This is not necessary for VHE, since the host kernel runs in EL2, 508 * and EL0 accesses are configured in the later stage of boot process. 509 * Note that when HCR_EL2.E2H == 1, CNTHCTL_EL2 has the same bit layout 510 * as CNTKCTL_EL1, and CNTKCTL_EL1 accessing instructions are redefined 511 * to access CNTHCTL_EL2. This allows the kernel designed to run at EL1 512 * to transparently mess with the EL0 bits via CNTKCTL_EL1 access in 513 * EL2. 514 */ 515 cbnz x2, 1f 516 mrs x0, cnthctl_el2 517 orr x0, x0, #3 // Enable EL1 physical timers 518 msr cnthctl_el2, x0 5191: 520 msr cntvoff_el2, xzr // Clear virtual offset 521 522#ifdef CONFIG_ARM_GIC_V3 523 /* GICv3 system register access */ 524 mrs x0, id_aa64pfr0_el1 525 ubfx x0, x0, #24, #4 526 cmp x0, #1 527 b.ne 3f 528 529 mrs_s x0, SYS_ICC_SRE_EL2 530 orr x0, x0, #ICC_SRE_EL2_SRE // Set ICC_SRE_EL2.SRE==1 531 orr x0, x0, #ICC_SRE_EL2_ENABLE // Set ICC_SRE_EL2.Enable==1 532 msr_s SYS_ICC_SRE_EL2, x0 533 isb // Make sure SRE is now set 534 mrs_s x0, SYS_ICC_SRE_EL2 // Read SRE back, 535 tbz x0, #0, 3f // and check that it sticks 536 msr_s SYS_ICH_HCR_EL2, xzr // Reset ICC_HCR_EL2 to defaults 537 5383: 539#endif 540 541 /* Populate ID registers. */ 542 mrs x0, midr_el1 543 mrs x1, mpidr_el1 544 msr vpidr_el2, x0 545 msr vmpidr_el2, x1 546 547#ifdef CONFIG_COMPAT 548 msr hstr_el2, xzr // Disable CP15 traps to EL2 549#endif 550 551 /* EL2 debug */ 552 mrs x1, id_aa64dfr0_el1 // Check ID_AA64DFR0_EL1 PMUVer 553 sbfx x0, x1, #8, #4 554 cmp x0, #1 555 b.lt 4f // Skip if no PMU present 556 mrs x0, pmcr_el0 // Disable debug access traps 557 ubfx x0, x0, #11, #5 // to EL2 and allow access to 5584: 559 csel x3, xzr, x0, lt // all PMU counters from EL1 560 561 /* Statistical profiling */ 562 ubfx x0, x1, #32, #4 // Check ID_AA64DFR0_EL1 PMSVer 563 cbz x0, 7f // Skip if SPE not present 564 cbnz x2, 6f // VHE? 565 mrs_s x4, SYS_PMBIDR_EL1 // If SPE available at EL2, 566 and x4, x4, #(1 << SYS_PMBIDR_EL1_P_SHIFT) 567 cbnz x4, 5f // then permit sampling of physical 568 mov x4, #(1 << SYS_PMSCR_EL2_PCT_SHIFT | \ 569 1 << SYS_PMSCR_EL2_PA_SHIFT) 570 msr_s SYS_PMSCR_EL2, x4 // addresses and physical counter 5715: 572 mov x1, #(MDCR_EL2_E2PB_MASK << MDCR_EL2_E2PB_SHIFT) 573 orr x3, x3, x1 // If we don't have VHE, then 574 b 7f // use EL1&0 translation. 5756: // For VHE, use EL2 translation 576 orr x3, x3, #MDCR_EL2_TPMS // and disable access from EL1 5777: 578 msr mdcr_el2, x3 // Configure debug traps 579 580 /* LORegions */ 581 mrs x1, id_aa64mmfr1_el1 582 ubfx x0, x1, #ID_AA64MMFR1_LOR_SHIFT, 4 583 cbz x0, 1f 584 msr_s SYS_LORC_EL1, xzr 5851: 586 587 /* Stage-2 translation */ 588 msr vttbr_el2, xzr 589 590 cbz x2, install_el2_stub 591 592 mov w0, #BOOT_CPU_MODE_EL2 // This CPU booted in EL2 593 isb 594 ret 595 596install_el2_stub: 597 /* 598 * When VHE is not in use, early init of EL2 and EL1 needs to be 599 * done here. 600 * When VHE _is_ in use, EL1 will not be used in the host and 601 * requires no configuration, and all non-hyp-specific EL2 setup 602 * will be done via the _EL1 system register aliases in __cpu_setup. 603 */ 604 mov_q x0, (SCTLR_EL1_RES1 | ENDIAN_SET_EL1) 605 msr sctlr_el1, x0 606 607 /* Coprocessor traps. */ 608 mov x0, #0x33ff 609 msr cptr_el2, x0 // Disable copro. traps to EL2 610 611 /* SVE register access */ 612 mrs x1, id_aa64pfr0_el1 613 ubfx x1, x1, #ID_AA64PFR0_SVE_SHIFT, #4 614 cbz x1, 7f 615 616 bic x0, x0, #CPTR_EL2_TZ // Also disable SVE traps 617 msr cptr_el2, x0 // Disable copro. traps to EL2 618 isb 619 mov x1, #ZCR_ELx_LEN_MASK // SVE: Enable full vector 620 msr_s SYS_ZCR_EL2, x1 // length for EL1. 621 622 /* Hypervisor stub */ 6237: adr_l x0, __hyp_stub_vectors 624 msr vbar_el2, x0 625 626 /* spsr */ 627 mov x0, #(PSR_F_BIT | PSR_I_BIT | PSR_A_BIT | PSR_D_BIT |\ 628 PSR_MODE_EL1h) 629 msr spsr_el2, x0 630 msr elr_el2, lr 631 mov w0, #BOOT_CPU_MODE_EL2 // This CPU booted in EL2 632 eret 633ENDPROC(el2_setup) 634 635/* 636 * Sets the __boot_cpu_mode flag depending on the CPU boot mode passed 637 * in w0. See arch/arm64/include/asm/virt.h for more info. 638 */ 639set_cpu_boot_mode_flag: 640 adr_l x1, __boot_cpu_mode 641 cmp w0, #BOOT_CPU_MODE_EL2 642 b.ne 1f 643 add x1, x1, #4 6441: str w0, [x1] // This CPU has booted in EL1 645 dmb sy 646 dc ivac, x1 // Invalidate potentially stale cache line 647 ret 648ENDPROC(set_cpu_boot_mode_flag) 649 650/* 651 * These values are written with the MMU off, but read with the MMU on. 652 * Writers will invalidate the corresponding address, discarding up to a 653 * 'Cache Writeback Granule' (CWG) worth of data. The linker script ensures 654 * sufficient alignment that the CWG doesn't overlap another section. 655 */ 656 .pushsection ".mmuoff.data.write", "aw" 657/* 658 * We need to find out the CPU boot mode long after boot, so we need to 659 * store it in a writable variable. 660 * 661 * This is not in .bss, because we set it sufficiently early that the boot-time 662 * zeroing of .bss would clobber it. 663 */ 664ENTRY(__boot_cpu_mode) 665 .long BOOT_CPU_MODE_EL2 666 .long BOOT_CPU_MODE_EL1 667/* 668 * The booting CPU updates the failed status @__early_cpu_boot_status, 669 * with MMU turned off. 670 */ 671ENTRY(__early_cpu_boot_status) 672 .long 0 673 674 .popsection 675 676 /* 677 * This provides a "holding pen" for platforms to hold all secondary 678 * cores are held until we're ready for them to initialise. 679 */ 680ENTRY(secondary_holding_pen) 681 bl el2_setup // Drop to EL1, w0=cpu_boot_mode 682 bl set_cpu_boot_mode_flag 683 mrs x0, mpidr_el1 684 mov_q x1, MPIDR_HWID_BITMASK 685 and x0, x0, x1 686 adr_l x3, secondary_holding_pen_release 687pen: ldr x4, [x3] 688 cmp x4, x0 689 b.eq secondary_startup 690 wfe 691 b pen 692ENDPROC(secondary_holding_pen) 693 694 /* 695 * Secondary entry point that jumps straight into the kernel. Only to 696 * be used where CPUs are brought online dynamically by the kernel. 697 */ 698ENTRY(secondary_entry) 699 bl el2_setup // Drop to EL1 700 bl set_cpu_boot_mode_flag 701 b secondary_startup 702ENDPROC(secondary_entry) 703 704secondary_startup: 705 /* 706 * Common entry point for secondary CPUs. 707 */ 708 bl __cpu_setup // initialise processor 709 bl __enable_mmu 710 ldr x8, =__secondary_switched 711 br x8 712ENDPROC(secondary_startup) 713 714__secondary_switched: 715 adr_l x5, vectors 716 msr vbar_el1, x5 717 isb 718 719 adr_l x0, secondary_data 720 ldr x1, [x0, #CPU_BOOT_STACK] // get secondary_data.stack 721 mov sp, x1 722 ldr x2, [x0, #CPU_BOOT_TASK] 723 msr sp_el0, x2 724 mov x29, #0 725 mov x30, #0 726 b secondary_start_kernel 727ENDPROC(__secondary_switched) 728 729/* 730 * The booting CPU updates the failed status @__early_cpu_boot_status, 731 * with MMU turned off. 732 * 733 * update_early_cpu_boot_status tmp, status 734 * - Corrupts tmp1, tmp2 735 * - Writes 'status' to __early_cpu_boot_status and makes sure 736 * it is committed to memory. 737 */ 738 739 .macro update_early_cpu_boot_status status, tmp1, tmp2 740 mov \tmp2, #\status 741 adr_l \tmp1, __early_cpu_boot_status 742 str \tmp2, [\tmp1] 743 dmb sy 744 dc ivac, \tmp1 // Invalidate potentially stale cache line 745 .endm 746 747/* 748 * Enable the MMU. 749 * 750 * x0 = SCTLR_EL1 value for turning on the MMU. 751 * 752 * Returns to the caller via x30/lr. This requires the caller to be covered 753 * by the .idmap.text section. 754 * 755 * Checks if the selected granule size is supported by the CPU. 756 * If it isn't, park the CPU 757 */ 758ENTRY(__enable_mmu) 759 mrs x1, ID_AA64MMFR0_EL1 760 ubfx x2, x1, #ID_AA64MMFR0_TGRAN_SHIFT, 4 761 cmp x2, #ID_AA64MMFR0_TGRAN_SUPPORTED 762 b.ne __no_granule_support 763 update_early_cpu_boot_status 0, x1, x2 764 adrp x1, idmap_pg_dir 765 adrp x2, swapper_pg_dir 766 phys_to_ttbr x3, x1 767 phys_to_ttbr x4, x2 768 msr ttbr0_el1, x3 // load TTBR0 769 msr ttbr1_el1, x4 // load TTBR1 770 isb 771 msr sctlr_el1, x0 772 isb 773 /* 774 * Invalidate the local I-cache so that any instructions fetched 775 * speculatively from the PoC are discarded, since they may have 776 * been dynamically patched at the PoU. 777 */ 778 ic iallu 779 dsb nsh 780 isb 781 ret 782ENDPROC(__enable_mmu) 783 784__no_granule_support: 785 /* Indicate that this CPU can't boot and is stuck in the kernel */ 786 update_early_cpu_boot_status CPU_STUCK_IN_KERNEL, x1, x2 7871: 788 wfe 789 wfi 790 b 1b 791ENDPROC(__no_granule_support) 792 793#ifdef CONFIG_RELOCATABLE 794__relocate_kernel: 795 /* 796 * Iterate over each entry in the relocation table, and apply the 797 * relocations in place. 798 */ 799 ldr w9, =__rela_offset // offset to reloc table 800 ldr w10, =__rela_size // size of reloc table 801 802 mov_q x11, KIMAGE_VADDR // default virtual offset 803 add x11, x11, x23 // actual virtual offset 804 add x9, x9, x11 // __va(.rela) 805 add x10, x9, x10 // __va(.rela) + sizeof(.rela) 806 8070: cmp x9, x10 808 b.hs 1f 809 ldp x11, x12, [x9], #24 810 ldr x13, [x9, #-8] 811 cmp w12, #R_AARCH64_RELATIVE 812 b.ne 0b 813 add x13, x13, x23 // relocate 814 str x13, [x11, x23] 815 b 0b 8161: ret 817ENDPROC(__relocate_kernel) 818#endif 819 820__primary_switch: 821#ifdef CONFIG_RANDOMIZE_BASE 822 mov x19, x0 // preserve new SCTLR_EL1 value 823 mrs x20, sctlr_el1 // preserve old SCTLR_EL1 value 824#endif 825 826 bl __enable_mmu 827#ifdef CONFIG_RELOCATABLE 828 bl __relocate_kernel 829#ifdef CONFIG_RANDOMIZE_BASE 830 ldr x8, =__primary_switched 831 adrp x0, __PHYS_OFFSET 832 blr x8 833 834 /* 835 * If we return here, we have a KASLR displacement in x23 which we need 836 * to take into account by discarding the current kernel mapping and 837 * creating a new one. 838 */ 839 pre_disable_mmu_workaround 840 msr sctlr_el1, x20 // disable the MMU 841 isb 842 bl __create_page_tables // recreate kernel mapping 843 844 tlbi vmalle1 // Remove any stale TLB entries 845 dsb nsh 846 847 msr sctlr_el1, x19 // re-enable the MMU 848 isb 849 ic iallu // flush instructions fetched 850 dsb nsh // via old mapping 851 isb 852 853 bl __relocate_kernel 854#endif 855#endif 856 ldr x8, =__primary_switched 857 adrp x0, __PHYS_OFFSET 858 br x8 859ENDPROC(__primary_switch) 860