linux/arch/arm/boot/compressed/head.S
<<
>>
Prefs
   1/* SPDX-License-Identifier: GPL-2.0-only */
   2/*
   3 *  linux/arch/arm/boot/compressed/head.S
   4 *
   5 *  Copyright (C) 1996-2002 Russell King
   6 *  Copyright (C) 2004 Hyok S. Choi (MPU support)
   7 */
   8#include <linux/linkage.h>
   9#include <asm/assembler.h>
  10#include <asm/v7m.h>
  11
  12#include "efi-header.S"
  13
  14#ifdef __ARMEB__
  15#define OF_DT_MAGIC 0xd00dfeed
  16#else
  17#define OF_DT_MAGIC 0xedfe0dd0
  18#endif
  19
  20 AR_CLASS(      .arch   armv7-a )
  21 M_CLASS(       .arch   armv7-m )
  22
  23/*
  24 * Debugging stuff
  25 *
  26 * Note that these macros must not contain any code which is not
  27 * 100% relocatable.  Any attempt to do so will result in a crash.
  28 * Please select one of the following when turning on debugging.
  29 */
  30#ifdef DEBUG
  31
  32#if defined(CONFIG_DEBUG_ICEDCC)
  33
  34#if defined(CONFIG_CPU_V6) || defined(CONFIG_CPU_V6K) || defined(CONFIG_CPU_V7)
  35                .macro  loadsp, rb, tmp1, tmp2
  36                .endm
  37                .macro  writeb, ch, rb, tmp
  38                mcr     p14, 0, \ch, c0, c5, 0
  39                .endm
  40#elif defined(CONFIG_CPU_XSCALE)
  41                .macro  loadsp, rb, tmp1, tmp2
  42                .endm
  43                .macro  writeb, ch, rb, tmp
  44                mcr     p14, 0, \ch, c8, c0, 0
  45                .endm
  46#else
  47                .macro  loadsp, rb, tmp1, tmp2
  48                .endm
  49                .macro  writeb, ch, rb, tmp
  50                mcr     p14, 0, \ch, c1, c0, 0
  51                .endm
  52#endif
  53
  54#else
  55
  56#include CONFIG_DEBUG_LL_INCLUDE
  57
  58                .macro  writeb, ch, rb, tmp
  59#ifdef CONFIG_DEBUG_UART_FLOW_CONTROL
  60                waituartcts \tmp, \rb
  61#endif
  62                waituarttxrdy \tmp, \rb
  63                senduart \ch, \rb
  64                busyuart \tmp, \rb
  65                .endm
  66
  67#if defined(CONFIG_ARCH_SA1100)
  68                .macro  loadsp, rb, tmp1, tmp2
  69                mov     \rb, #0x80000000        @ physical base address
  70#ifdef CONFIG_DEBUG_LL_SER3
  71                add     \rb, \rb, #0x00050000   @ Ser3
  72#else
  73                add     \rb, \rb, #0x00010000   @ Ser1
  74#endif
  75                .endm
  76#else
  77                .macro  loadsp, rb, tmp1, tmp2
  78                addruart \rb, \tmp1, \tmp2
  79                .endm
  80#endif
  81#endif
  82#endif
  83
  84                .macro  kputc,val
  85                mov     r0, \val
  86                bl      putc
  87                .endm
  88
  89                .macro  kphex,val,len
  90                mov     r0, \val
  91                mov     r1, #\len
  92                bl      phex
  93                .endm
  94
  95                /*
  96                 * Debug kernel copy by printing the memory addresses involved
  97                 */
  98                .macro dbgkc, begin, end, cbegin, cend
  99#ifdef DEBUG
 100                kputc   #'C'
 101                kputc   #':'
 102                kputc   #'0'
 103                kputc   #'x'
 104                kphex   \begin, 8       /* Start of compressed kernel */
 105                kputc   #'-'
 106                kputc   #'0'
 107                kputc   #'x'
 108                kphex   \end, 8         /* End of compressed kernel */
 109                kputc   #'-'
 110                kputc   #'>'
 111                kputc   #'0'
 112                kputc   #'x'
 113                kphex   \cbegin, 8      /* Start of kernel copy */
 114                kputc   #'-'
 115                kputc   #'0'
 116                kputc   #'x'
 117                kphex   \cend, 8        /* End of kernel copy */
 118                kputc   #'\n'
 119#endif
 120                .endm
 121
 122                /*
 123                 * Debug print of the final appended DTB location
 124                 */
 125                .macro dbgadtb, begin, size
 126#ifdef DEBUG
 127                kputc   #'D'
 128                kputc   #'T'
 129                kputc   #'B'
 130                kputc   #':'
 131                kputc   #'0'
 132                kputc   #'x'
 133                kphex   \begin, 8       /* Start of appended DTB */
 134                kputc   #' '
 135                kputc   #'('
 136                kputc   #'0'
 137                kputc   #'x'
 138                kphex   \size, 8        /* Size of appended DTB */
 139                kputc   #')'
 140                kputc   #'\n'
 141#endif
 142                .endm
 143
 144                .macro  enable_cp15_barriers, reg
 145                mrc     p15, 0, \reg, c1, c0, 0 @ read SCTLR
 146                tst     \reg, #(1 << 5)         @ CP15BEN bit set?
 147                bne     .L_\@
 148                orr     \reg, \reg, #(1 << 5)   @ CP15 barrier instructions
 149                mcr     p15, 0, \reg, c1, c0, 0 @ write SCTLR
 150 ARM(           .inst   0xf57ff06f              @ v7+ isb       )
 151 THUMB(         isb                                             )
 152.L_\@:
 153                .endm
 154
 155                /*
 156                 * The kernel build system appends the size of the
 157                 * decompressed kernel at the end of the compressed data
 158                 * in little-endian form.
 159                 */
 160                .macro  get_inflated_image_size, res:req, tmp1:req, tmp2:req
 161                adr     \res, .Linflated_image_size_offset
 162                ldr     \tmp1, [\res]
 163                add     \tmp1, \tmp1, \res      @ address of inflated image size
 164
 165                ldrb    \res, [\tmp1]           @ get_unaligned_le32
 166                ldrb    \tmp2, [\tmp1, #1]
 167                orr     \res, \res, \tmp2, lsl #8
 168                ldrb    \tmp2, [\tmp1, #2]
 169                ldrb    \tmp1, [\tmp1, #3]
 170                orr     \res, \res, \tmp2, lsl #16
 171                orr     \res, \res, \tmp1, lsl #24
 172                .endm
 173
 174                .macro  be32tocpu, val, tmp
 175#ifndef __ARMEB__
 176                /* convert to little endian */
 177                rev_l   \val, \tmp
 178#endif
 179                .endm
 180
 181                .section ".start", "ax"
 182/*
 183 * sort out different calling conventions
 184 */
 185                .align
 186                /*
 187                 * Always enter in ARM state for CPUs that support the ARM ISA.
 188                 * As of today (2014) that's exactly the members of the A and R
 189                 * classes.
 190                 */
 191 AR_CLASS(      .arm    )
 192start:
 193                .type   start,#function
 194                /*
 195                 * These 7 nops along with the 1 nop immediately below for
 196                 * !THUMB2 form 8 nops that make the compressed kernel bootable
 197                 * on legacy ARM systems that were assuming the kernel in a.out
 198                 * binary format. The boot loaders on these systems would
 199                 * jump 32 bytes into the image to skip the a.out header.
 200                 * with these 8 nops filling exactly 32 bytes, things still
 201                 * work as expected on these legacy systems. Thumb2 mode keeps
 202                 * 7 of the nops as it turns out that some boot loaders
 203                 * were patching the initial instructions of the kernel, i.e
 204                 * had started to exploit this "patch area".
 205                 */
 206                __initial_nops
 207                .rept   5
 208                __nop
 209                .endr
 210#ifndef CONFIG_THUMB2_KERNEL
 211                __nop
 212#else
 213 AR_CLASS(      sub     pc, pc, #3      )       @ A/R: switch to Thumb2 mode
 214  M_CLASS(      nop.w                   )       @ M: already in Thumb2 mode
 215                .thumb
 216#endif
 217                W(b)    1f
 218
 219                .word   _magic_sig      @ Magic numbers to help the loader
 220                .word   _magic_start    @ absolute load/run zImage address
 221                .word   _magic_end      @ zImage end address
 222                .word   0x04030201      @ endianness flag
 223                .word   0x45454545      @ another magic number to indicate
 224                .word   _magic_table    @ additional data table
 225
 226                __EFI_HEADER
 2271:
 228 ARM_BE8(       setend  be              )       @ go BE8 if compiled for BE8
 229 AR_CLASS(      mrs     r9, cpsr        )
 230#ifdef CONFIG_ARM_VIRT_EXT
 231                bl      __hyp_stub_install      @ get into SVC mode, reversibly
 232#endif
 233                mov     r7, r1                  @ save architecture ID
 234                mov     r8, r2                  @ save atags pointer
 235
 236#ifndef CONFIG_CPU_V7M
 237                /*
 238                 * Booting from Angel - need to enter SVC mode and disable
 239                 * FIQs/IRQs (numeric definitions from angel arm.h source).
 240                 * We only do this if we were in user mode on entry.
 241                 */
 242                mrs     r2, cpsr                @ get current mode
 243                tst     r2, #3                  @ not user?
 244                bne     not_angel
 245                mov     r0, #0x17               @ angel_SWIreason_EnterSVC
 246 ARM(           swi     0x123456        )       @ angel_SWI_ARM
 247 THUMB(         svc     0xab            )       @ angel_SWI_THUMB
 248not_angel:
 249                safe_svcmode_maskall r0
 250                msr     spsr_cxsf, r9           @ Save the CPU boot mode in
 251                                                @ SPSR
 252#endif
 253                /*
 254                 * Note that some cache flushing and other stuff may
 255                 * be needed here - is there an Angel SWI call for this?
 256                 */
 257
 258                /*
 259                 * some architecture specific code can be inserted
 260                 * by the linker here, but it should preserve r7, r8, and r9.
 261                 */
 262
 263                .text
 264
 265#ifdef CONFIG_AUTO_ZRELADDR
 266                /*
 267                 * Find the start of physical memory.  As we are executing
 268                 * without the MMU on, we are in the physical address space.
 269                 * We just need to get rid of any offset by aligning the
 270                 * address.
 271                 *
 272                 * This alignment is a balance between the requirements of
 273                 * different platforms - we have chosen 128MB to allow
 274                 * platforms which align the start of their physical memory
 275                 * to 128MB to use this feature, while allowing the zImage
 276                 * to be placed within the first 128MB of memory on other
 277                 * platforms.  Increasing the alignment means we place
 278                 * stricter alignment requirements on the start of physical
 279                 * memory, but relaxing it means that we break people who
 280                 * are already placing their zImage in (eg) the top 64MB
 281                 * of this range.
 282                 */
 283                mov     r0, pc
 284                and     r0, r0, #0xf8000000
 285#ifdef CONFIG_USE_OF
 286                adr     r1, LC1
 287#ifdef CONFIG_ARM_APPENDED_DTB
 288                /*
 289                 * Look for an appended DTB.  If found, we cannot use it to
 290                 * validate the calculated start of physical memory, as its
 291                 * memory nodes may need to be augmented by ATAGS stored at
 292                 * an offset from the same start of physical memory.
 293                 */
 294                ldr     r2, [r1, #4]    @ get &_edata
 295                add     r2, r2, r1      @ relocate it
 296                ldr     r2, [r2]        @ get DTB signature
 297                ldr     r3, =OF_DT_MAGIC
 298                cmp     r2, r3          @ do we have a DTB there?
 299                beq     1f              @ if yes, skip validation
 300#endif /* CONFIG_ARM_APPENDED_DTB */
 301
 302                /*
 303                 * Make sure we have some stack before calling C code.
 304                 * No GOT fixup has occurred yet, but none of the code we're
 305                 * about to call uses any global variables.
 306                 */
 307                ldr     sp, [r1]        @ get stack location
 308                add     sp, sp, r1      @ apply relocation
 309
 310                /* Validate calculated start against passed DTB */
 311                mov     r1, r8
 312                bl      fdt_check_mem_start
 3131:
 314#endif /* CONFIG_USE_OF */
 315                /* Determine final kernel image address. */
 316                add     r4, r0, #TEXT_OFFSET
 317#else
 318                ldr     r4, =zreladdr
 319#endif
 320
 321                /*
 322                 * Set up a page table only if it won't overwrite ourself.
 323                 * That means r4 < pc || r4 - 16k page directory > &_end.
 324                 * Given that r4 > &_end is most unfrequent, we add a rough
 325                 * additional 1MB of room for a possible appended DTB.
 326                 */
 327                mov     r0, pc
 328                cmp     r0, r4
 329                ldrcc   r0, .Lheadroom
 330                addcc   r0, r0, pc
 331                cmpcc   r4, r0
 332                orrcc   r4, r4, #1              @ remember we skipped cache_on
 333                blcs    cache_on
 334
 335restart:        adr     r0, LC1
 336                ldr     sp, [r0]
 337                ldr     r6, [r0, #4]
 338                add     sp, sp, r0
 339                add     r6, r6, r0
 340
 341                get_inflated_image_size r9, r10, lr
 342
 343#ifndef CONFIG_ZBOOT_ROM
 344                /* malloc space is above the relocated stack (64k max) */
 345                add     r10, sp, #MALLOC_SIZE
 346#else
 347                /*
 348                 * With ZBOOT_ROM the bss/stack is non relocatable,
 349                 * but someone could still run this code from RAM,
 350                 * in which case our reference is _edata.
 351                 */
 352                mov     r10, r6
 353#endif
 354
 355                mov     r5, #0                  @ init dtb size to 0
 356#ifdef CONFIG_ARM_APPENDED_DTB
 357/*
 358 *   r4  = final kernel address (possibly with LSB set)
 359 *   r5  = appended dtb size (still unknown)
 360 *   r6  = _edata
 361 *   r7  = architecture ID
 362 *   r8  = atags/device tree pointer
 363 *   r9  = size of decompressed image
 364 *   r10 = end of this image, including  bss/stack/malloc space if non XIP
 365 *   sp  = stack pointer
 366 *
 367 * if there are device trees (dtb) appended to zImage, advance r10 so that the
 368 * dtb data will get relocated along with the kernel if necessary.
 369 */
 370
 371                ldr     lr, [r6, #0]
 372                ldr     r1, =OF_DT_MAGIC
 373                cmp     lr, r1
 374                bne     dtb_check_done          @ not found
 375
 376#ifdef CONFIG_ARM_ATAG_DTB_COMPAT
 377                /*
 378                 * OK... Let's do some funky business here.
 379                 * If we do have a DTB appended to zImage, and we do have
 380                 * an ATAG list around, we want the later to be translated
 381                 * and folded into the former here. No GOT fixup has occurred
 382                 * yet, but none of the code we're about to call uses any
 383                 * global variable.
 384                */
 385
 386                /* Get the initial DTB size */
 387                ldr     r5, [r6, #4]
 388                be32tocpu r5, r1
 389                dbgadtb r6, r5
 390                /* 50% DTB growth should be good enough */
 391                add     r5, r5, r5, lsr #1
 392                /* preserve 64-bit alignment */
 393                add     r5, r5, #7
 394                bic     r5, r5, #7
 395                /* clamp to 32KB min and 1MB max */
 396                cmp     r5, #(1 << 15)
 397                movlo   r5, #(1 << 15)
 398                cmp     r5, #(1 << 20)
 399                movhi   r5, #(1 << 20)
 400                /* temporarily relocate the stack past the DTB work space */
 401                add     sp, sp, r5
 402
 403                mov     r0, r8
 404                mov     r1, r6
 405                mov     r2, r5
 406                bl      atags_to_fdt
 407
 408                /*
 409                 * If returned value is 1, there is no ATAG at the location
 410                 * pointed by r8.  Try the typical 0x100 offset from start
 411                 * of RAM and hope for the best.
 412                 */
 413                cmp     r0, #1
 414                sub     r0, r4, #TEXT_OFFSET
 415                bic     r0, r0, #1
 416                add     r0, r0, #0x100
 417                mov     r1, r6
 418                mov     r2, r5
 419                bleq    atags_to_fdt
 420
 421                sub     sp, sp, r5
 422#endif
 423
 424                mov     r8, r6                  @ use the appended device tree
 425
 426                /*
 427                 * Make sure that the DTB doesn't end up in the final
 428                 * kernel's .bss area. To do so, we adjust the decompressed
 429                 * kernel size to compensate if that .bss size is larger
 430                 * than the relocated code.
 431                 */
 432                ldr     r5, =_kernel_bss_size
 433                adr     r1, wont_overwrite
 434                sub     r1, r6, r1
 435                subs    r1, r5, r1
 436                addhi   r9, r9, r1
 437
 438                /* Get the current DTB size */
 439                ldr     r5, [r6, #4]
 440                be32tocpu r5, r1
 441
 442                /* preserve 64-bit alignment */
 443                add     r5, r5, #7
 444                bic     r5, r5, #7
 445
 446                /* relocate some pointers past the appended dtb */
 447                add     r6, r6, r5
 448                add     r10, r10, r5
 449                add     sp, sp, r5
 450dtb_check_done:
 451#endif
 452
 453/*
 454 * Check to see if we will overwrite ourselves.
 455 *   r4  = final kernel address (possibly with LSB set)
 456 *   r9  = size of decompressed image
 457 *   r10 = end of this image, including  bss/stack/malloc space if non XIP
 458 * We basically want:
 459 *   r4 - 16k page directory >= r10 -> OK
 460 *   r4 + image length <= address of wont_overwrite -> OK
 461 * Note: the possible LSB in r4 is harmless here.
 462 */
 463                add     r10, r10, #16384
 464                cmp     r4, r10
 465                bhs     wont_overwrite
 466                add     r10, r4, r9
 467                adr     r9, wont_overwrite
 468                cmp     r10, r9
 469                bls     wont_overwrite
 470
 471/*
 472 * Relocate ourselves past the end of the decompressed kernel.
 473 *   r6  = _edata
 474 *   r10 = end of the decompressed kernel
 475 * Because we always copy ahead, we need to do it from the end and go
 476 * backward in case the source and destination overlap.
 477 */
 478                /*
 479                 * Bump to the next 256-byte boundary with the size of
 480                 * the relocation code added. This avoids overwriting
 481                 * ourself when the offset is small.
 482                 */
 483                add     r10, r10, #((reloc_code_end - restart + 256) & ~255)
 484                bic     r10, r10, #255
 485
 486                /* Get start of code we want to copy and align it down. */
 487                adr     r5, restart
 488                bic     r5, r5, #31
 489
 490/* Relocate the hyp vector base if necessary */
 491#ifdef CONFIG_ARM_VIRT_EXT
 492                mrs     r0, spsr
 493                and     r0, r0, #MODE_MASK
 494                cmp     r0, #HYP_MODE
 495                bne     1f
 496
 497                /*
 498                 * Compute the address of the hyp vectors after relocation.
 499                 * Call __hyp_set_vectors with the new address so that we
 500                 * can HVC again after the copy.
 501                 */
 502                adr_l   r0, __hyp_stub_vectors
 503                sub     r0, r0, r5
 504                add     r0, r0, r10
 505                bl      __hyp_set_vectors
 5061:
 507#endif
 508
 509                sub     r9, r6, r5              @ size to copy
 510                add     r9, r9, #31             @ rounded up to a multiple
 511                bic     r9, r9, #31             @ ... of 32 bytes
 512                add     r6, r9, r5
 513                add     r9, r9, r10
 514
 515#ifdef DEBUG
 516                sub     r10, r6, r5
 517                sub     r10, r9, r10
 518                /*
 519                 * We are about to copy the kernel to a new memory area.
 520                 * The boundaries of the new memory area can be found in
 521                 * r10 and r9, whilst r5 and r6 contain the boundaries
 522                 * of the memory we are going to copy.
 523                 * Calling dbgkc will help with the printing of this
 524                 * information.
 525                 */
 526                dbgkc   r5, r6, r10, r9
 527#endif
 528
 5291:              ldmdb   r6!, {r0 - r3, r10 - r12, lr}
 530                cmp     r6, r5
 531                stmdb   r9!, {r0 - r3, r10 - r12, lr}
 532                bhi     1b
 533
 534                /* Preserve offset to relocated code. */
 535                sub     r6, r9, r6
 536
 537                mov     r0, r9                  @ start of relocated zImage
 538                add     r1, sp, r6              @ end of relocated zImage
 539                bl      cache_clean_flush
 540
 541                badr    r0, restart
 542                add     r0, r0, r6
 543                mov     pc, r0
 544
 545wont_overwrite:
 546                adr     r0, LC0
 547                ldmia   r0, {r1, r2, r3, r11, r12}
 548                sub     r0, r0, r1              @ calculate the delta offset
 549
 550/*
 551 * If delta is zero, we are running at the address we were linked at.
 552 *   r0  = delta
 553 *   r2  = BSS start
 554 *   r3  = BSS end
 555 *   r4  = kernel execution address (possibly with LSB set)
 556 *   r5  = appended dtb size (0 if not present)
 557 *   r7  = architecture ID
 558 *   r8  = atags pointer
 559 *   r11 = GOT start
 560 *   r12 = GOT end
 561 *   sp  = stack pointer
 562 */
 563                orrs    r1, r0, r5
 564                beq     not_relocated
 565
 566                add     r11, r11, r0
 567                add     r12, r12, r0
 568
 569#ifndef CONFIG_ZBOOT_ROM
 570                /*
 571                 * If we're running fully PIC === CONFIG_ZBOOT_ROM = n,
 572                 * we need to fix up pointers into the BSS region.
 573                 * Note that the stack pointer has already been fixed up.
 574                 */
 575                add     r2, r2, r0
 576                add     r3, r3, r0
 577
 578                /*
 579                 * Relocate all entries in the GOT table.
 580                 * Bump bss entries to _edata + dtb size
 581                 */
 5821:              ldr     r1, [r11, #0]           @ relocate entries in the GOT
 583                add     r1, r1, r0              @ This fixes up C references
 584                cmp     r1, r2                  @ if entry >= bss_start &&
 585                cmphs   r3, r1                  @       bss_end > entry
 586                addhi   r1, r1, r5              @    entry += dtb size
 587                str     r1, [r11], #4           @ next entry
 588                cmp     r11, r12
 589                blo     1b
 590
 591                /* bump our bss pointers too */
 592                add     r2, r2, r5
 593                add     r3, r3, r5
 594
 595#else
 596
 597                /*
 598                 * Relocate entries in the GOT table.  We only relocate
 599                 * the entries that are outside the (relocated) BSS region.
 600                 */
 6011:              ldr     r1, [r11, #0]           @ relocate entries in the GOT
 602                cmp     r1, r2                  @ entry < bss_start ||
 603                cmphs   r3, r1                  @ _end < entry
 604                addlo   r1, r1, r0              @ table.  This fixes up the
 605                str     r1, [r11], #4           @ C references.
 606                cmp     r11, r12
 607                blo     1b
 608#endif
 609
 610not_relocated:  mov     r0, #0
 6111:              str     r0, [r2], #4            @ clear bss
 612                str     r0, [r2], #4
 613                str     r0, [r2], #4
 614                str     r0, [r2], #4
 615                cmp     r2, r3
 616                blo     1b
 617
 618                /*
 619                 * Did we skip the cache setup earlier?
 620                 * That is indicated by the LSB in r4.
 621                 * Do it now if so.
 622                 */
 623                tst     r4, #1
 624                bic     r4, r4, #1
 625                blne    cache_on
 626
 627/*
 628 * The C runtime environment should now be setup sufficiently.
 629 * Set up some pointers, and start decompressing.
 630 *   r4  = kernel execution address
 631 *   r7  = architecture ID
 632 *   r8  = atags pointer
 633 */
 634                mov     r0, r4
 635                mov     r1, sp                  @ malloc space above stack
 636                add     r2, sp, #MALLOC_SIZE    @ 64k max
 637                mov     r3, r7
 638                bl      decompress_kernel
 639
 640                get_inflated_image_size r1, r2, r3
 641
 642                mov     r0, r4                  @ start of inflated image
 643                add     r1, r1, r0              @ end of inflated image
 644                bl      cache_clean_flush
 645                bl      cache_off
 646
 647#ifdef CONFIG_ARM_VIRT_EXT
 648                mrs     r0, spsr                @ Get saved CPU boot mode
 649                and     r0, r0, #MODE_MASK
 650                cmp     r0, #HYP_MODE           @ if not booted in HYP mode...
 651                bne     __enter_kernel          @ boot kernel directly
 652
 653                adr_l   r0, __hyp_reentry_vectors
 654                bl      __hyp_set_vectors
 655                __HVC(0)                        @ otherwise bounce to hyp mode
 656
 657                b       .                       @ should never be reached
 658#else
 659                b       __enter_kernel
 660#endif
 661
 662                .align  2
 663                .type   LC0, #object
 664LC0:            .word   LC0                     @ r1
 665                .word   __bss_start             @ r2
 666                .word   _end                    @ r3
 667                .word   _got_start              @ r11
 668                .word   _got_end                @ ip
 669                .size   LC0, . - LC0
 670
 671                .type   LC1, #object
 672LC1:            .word   .L_user_stack_end - LC1 @ sp
 673                .word   _edata - LC1            @ r6
 674                .size   LC1, . - LC1
 675
 676.Lheadroom:
 677                .word   _end - restart + 16384 + 1024*1024
 678
 679.Linflated_image_size_offset:
 680                .long   (input_data_end - 4) - .
 681
 682#ifdef CONFIG_ARCH_RPC
 683                .globl  params
 684params:         ldr     r0, =0x10000100         @ params_phys for RPC
 685                mov     pc, lr
 686                .ltorg
 687                .align
 688#endif
 689
 690/*
 691 * dcache_line_size - get the minimum D-cache line size from the CTR register
 692 * on ARMv7.
 693 */
 694                .macro  dcache_line_size, reg, tmp
 695#ifdef CONFIG_CPU_V7M
 696                movw    \tmp, #:lower16:BASEADDR_V7M_SCB + V7M_SCB_CTR
 697                movt    \tmp, #:upper16:BASEADDR_V7M_SCB + V7M_SCB_CTR
 698                ldr     \tmp, [\tmp]
 699#else
 700                mrc     p15, 0, \tmp, c0, c0, 1         @ read ctr
 701#endif
 702                lsr     \tmp, \tmp, #16
 703                and     \tmp, \tmp, #0xf                @ cache line size encoding
 704                mov     \reg, #4                        @ bytes per word
 705                mov     \reg, \reg, lsl \tmp            @ actual cache line size
 706                .endm
 707
 708/*
 709 * Turn on the cache.  We need to setup some page tables so that we
 710 * can have both the I and D caches on.
 711 *
 712 * We place the page tables 16k down from the kernel execution address,
 713 * and we hope that nothing else is using it.  If we're using it, we
 714 * will go pop!
 715 *
 716 * On entry,
 717 *  r4 = kernel execution address
 718 *  r7 = architecture number
 719 *  r8 = atags pointer
 720 * On exit,
 721 *  r0, r1, r2, r3, r9, r10, r12 corrupted
 722 * This routine must preserve:
 723 *  r4, r7, r8
 724 */
 725                .align  5
 726cache_on:       mov     r3, #8                  @ cache_on function
 727                b       call_cache_fn
 728
 729/*
 730 * Initialize the highest priority protection region, PR7
 731 * to cover all 32bit address and cacheable and bufferable.
 732 */
 733__armv4_mpu_cache_on:
 734                mov     r0, #0x3f               @ 4G, the whole
 735                mcr     p15, 0, r0, c6, c7, 0   @ PR7 Area Setting
 736                mcr     p15, 0, r0, c6, c7, 1
 737
 738                mov     r0, #0x80               @ PR7
 739                mcr     p15, 0, r0, c2, c0, 0   @ D-cache on
 740                mcr     p15, 0, r0, c2, c0, 1   @ I-cache on
 741                mcr     p15, 0, r0, c3, c0, 0   @ write-buffer on
 742
 743                mov     r0, #0xc000
 744                mcr     p15, 0, r0, c5, c0, 1   @ I-access permission
 745                mcr     p15, 0, r0, c5, c0, 0   @ D-access permission
 746
 747                mov     r0, #0
 748                mcr     p15, 0, r0, c7, c10, 4  @ drain write buffer
 749                mcr     p15, 0, r0, c7, c5, 0   @ flush(inval) I-Cache
 750                mcr     p15, 0, r0, c7, c6, 0   @ flush(inval) D-Cache
 751                mrc     p15, 0, r0, c1, c0, 0   @ read control reg
 752                                                @ ...I .... ..D. WC.M
 753                orr     r0, r0, #0x002d         @ .... .... ..1. 11.1
 754                orr     r0, r0, #0x1000         @ ...1 .... .... ....
 755
 756                mcr     p15, 0, r0, c1, c0, 0   @ write control reg
 757
 758                mov     r0, #0
 759                mcr     p15, 0, r0, c7, c5, 0   @ flush(inval) I-Cache
 760                mcr     p15, 0, r0, c7, c6, 0   @ flush(inval) D-Cache
 761                mov     pc, lr
 762
 763__armv3_mpu_cache_on:
 764                mov     r0, #0x3f               @ 4G, the whole
 765                mcr     p15, 0, r0, c6, c7, 0   @ PR7 Area Setting
 766
 767                mov     r0, #0x80               @ PR7
 768                mcr     p15, 0, r0, c2, c0, 0   @ cache on
 769                mcr     p15, 0, r0, c3, c0, 0   @ write-buffer on
 770
 771                mov     r0, #0xc000
 772                mcr     p15, 0, r0, c5, c0, 0   @ access permission
 773
 774                mov     r0, #0
 775                mcr     p15, 0, r0, c7, c0, 0   @ invalidate whole cache v3
 776                /*
 777                 * ?? ARMv3 MMU does not allow reading the control register,
 778                 * does this really work on ARMv3 MPU?
 779                 */
 780                mrc     p15, 0, r0, c1, c0, 0   @ read control reg
 781                                                @ .... .... .... WC.M
 782                orr     r0, r0, #0x000d         @ .... .... .... 11.1
 783                /* ?? this overwrites the value constructed above? */
 784                mov     r0, #0
 785                mcr     p15, 0, r0, c1, c0, 0   @ write control reg
 786
 787                /* ?? invalidate for the second time? */
 788                mcr     p15, 0, r0, c7, c0, 0   @ invalidate whole cache v3
 789                mov     pc, lr
 790
 791#ifdef CONFIG_CPU_DCACHE_WRITETHROUGH
 792#define CB_BITS 0x08
 793#else
 794#define CB_BITS 0x0c
 795#endif
 796
 797__setup_mmu:    sub     r3, r4, #16384          @ Page directory size
 798                bic     r3, r3, #0xff           @ Align the pointer
 799                bic     r3, r3, #0x3f00
 800/*
 801 * Initialise the page tables, turning on the cacheable and bufferable
 802 * bits for the RAM area only.
 803 */
 804                mov     r0, r3
 805                mov     r9, r0, lsr #18
 806                mov     r9, r9, lsl #18         @ start of RAM
 807                add     r10, r9, #0x10000000    @ a reasonable RAM size
 808                mov     r1, #0x12               @ XN|U + section mapping
 809                orr     r1, r1, #3 << 10        @ AP=11
 810                add     r2, r3, #16384
 8111:              cmp     r1, r9                  @ if virt > start of RAM
 812                cmphs   r10, r1                 @   && end of RAM > virt
 813                bic     r1, r1, #0x1c           @ clear XN|U + C + B
 814                orrlo   r1, r1, #0x10           @ Set XN|U for non-RAM
 815                orrhs   r1, r1, r6              @ set RAM section settings
 816                str     r1, [r0], #4            @ 1:1 mapping
 817                add     r1, r1, #1048576
 818                teq     r0, r2
 819                bne     1b
 820/*
 821 * If ever we are running from Flash, then we surely want the cache
 822 * to be enabled also for our execution instance...  We map 2MB of it
 823 * so there is no map overlap problem for up to 1 MB compressed kernel.
 824 * If the execution is in RAM then we would only be duplicating the above.
 825 */
 826                orr     r1, r6, #0x04           @ ensure B is set for this
 827                orr     r1, r1, #3 << 10
 828                mov     r2, pc
 829                mov     r2, r2, lsr #20
 830                orr     r1, r1, r2, lsl #20
 831                add     r0, r3, r2, lsl #2
 832                str     r1, [r0], #4
 833                add     r1, r1, #1048576
 834                str     r1, [r0]
 835                mov     pc, lr
 836ENDPROC(__setup_mmu)
 837
 838@ Enable unaligned access on v6, to allow better code generation
 839@ for the decompressor C code:
 840__armv6_mmu_cache_on:
 841                mrc     p15, 0, r0, c1, c0, 0   @ read SCTLR
 842                bic     r0, r0, #2              @ A (no unaligned access fault)
 843                orr     r0, r0, #1 << 22        @ U (v6 unaligned access model)
 844                mcr     p15, 0, r0, c1, c0, 0   @ write SCTLR
 845                b       __armv4_mmu_cache_on
 846
 847__arm926ejs_mmu_cache_on:
 848#ifdef CONFIG_CPU_DCACHE_WRITETHROUGH
 849                mov     r0, #4                  @ put dcache in WT mode
 850                mcr     p15, 7, r0, c15, c0, 0
 851#endif
 852
 853__armv4_mmu_cache_on:
 854                mov     r12, lr
 855#ifdef CONFIG_MMU
 856                mov     r6, #CB_BITS | 0x12     @ U
 857                bl      __setup_mmu
 858                mov     r0, #0
 859                mcr     p15, 0, r0, c7, c10, 4  @ drain write buffer
 860                mcr     p15, 0, r0, c8, c7, 0   @ flush I,D TLBs
 861                mrc     p15, 0, r0, c1, c0, 0   @ read control reg
 862                orr     r0, r0, #0x5000         @ I-cache enable, RR cache replacement
 863                orr     r0, r0, #0x0030
 864 ARM_BE8(       orr     r0, r0, #1 << 25 )      @ big-endian page tables
 865                bl      __common_mmu_cache_on
 866                mov     r0, #0
 867                mcr     p15, 0, r0, c8, c7, 0   @ flush I,D TLBs
 868#endif
 869                mov     pc, r12
 870
 871__armv7_mmu_cache_on:
 872                enable_cp15_barriers    r11
 873                mov     r12, lr
 874#ifdef CONFIG_MMU
 875                mrc     p15, 0, r11, c0, c1, 4  @ read ID_MMFR0
 876                tst     r11, #0xf               @ VMSA
 877                movne   r6, #CB_BITS | 0x02     @ !XN
 878                blne    __setup_mmu
 879                mov     r0, #0
 880                mcr     p15, 0, r0, c7, c10, 4  @ drain write buffer
 881                tst     r11, #0xf               @ VMSA
 882                mcrne   p15, 0, r0, c8, c7, 0   @ flush I,D TLBs
 883#endif
 884                mrc     p15, 0, r0, c1, c0, 0   @ read control reg
 885                bic     r0, r0, #1 << 28        @ clear SCTLR.TRE
 886                orr     r0, r0, #0x5000         @ I-cache enable, RR cache replacement
 887                orr     r0, r0, #0x003c         @ write buffer
 888                bic     r0, r0, #2              @ A (no unaligned access fault)
 889                orr     r0, r0, #1 << 22        @ U (v6 unaligned access model)
 890                                                @ (needed for ARM1176)
 891#ifdef CONFIG_MMU
 892 ARM_BE8(       orr     r0, r0, #1 << 25 )      @ big-endian page tables
 893                mrcne   p15, 0, r6, c2, c0, 2   @ read ttb control reg
 894                orrne   r0, r0, #1              @ MMU enabled
 895                movne   r1, #0xfffffffd         @ domain 0 = client
 896                bic     r6, r6, #1 << 31        @ 32-bit translation system
 897                bic     r6, r6, #(7 << 0) | (1 << 4)    @ use only ttbr0
 898                mcrne   p15, 0, r3, c2, c0, 0   @ load page table pointer
 899                mcrne   p15, 0, r1, c3, c0, 0   @ load domain access control
 900                mcrne   p15, 0, r6, c2, c0, 2   @ load ttb control
 901#endif
 902                mcr     p15, 0, r0, c7, c5, 4   @ ISB
 903                mcr     p15, 0, r0, c1, c0, 0   @ load control register
 904                mrc     p15, 0, r0, c1, c0, 0   @ and read it back
 905                mov     r0, #0
 906                mcr     p15, 0, r0, c7, c5, 4   @ ISB
 907                mov     pc, r12
 908
 909__fa526_cache_on:
 910                mov     r12, lr
 911                mov     r6, #CB_BITS | 0x12     @ U
 912                bl      __setup_mmu
 913                mov     r0, #0
 914                mcr     p15, 0, r0, c7, c7, 0   @ Invalidate whole cache
 915                mcr     p15, 0, r0, c7, c10, 4  @ drain write buffer
 916                mcr     p15, 0, r0, c8, c7, 0   @ flush UTLB
 917                mrc     p15, 0, r0, c1, c0, 0   @ read control reg
 918                orr     r0, r0, #0x1000         @ I-cache enable
 919                bl      __common_mmu_cache_on
 920                mov     r0, #0
 921                mcr     p15, 0, r0, c8, c7, 0   @ flush UTLB
 922                mov     pc, r12
 923
 924__common_mmu_cache_on:
 925#ifndef CONFIG_THUMB2_KERNEL
 926#ifndef DEBUG
 927                orr     r0, r0, #0x000d         @ Write buffer, mmu
 928#endif
 929                mov     r1, #-1
 930                mcr     p15, 0, r3, c2, c0, 0   @ load page table pointer
 931                mcr     p15, 0, r1, c3, c0, 0   @ load domain access control
 932                b       1f
 933                .align  5                       @ cache line aligned
 9341:              mcr     p15, 0, r0, c1, c0, 0   @ load control register
 935                mrc     p15, 0, r0, c1, c0, 0   @ and read it back to
 936                sub     pc, lr, r0, lsr #32     @ properly flush pipeline
 937#endif
 938
 939#define PROC_ENTRY_SIZE (4*5)
 940
 941/*
 942 * Here follow the relocatable cache support functions for the
 943 * various processors.  This is a generic hook for locating an
 944 * entry and jumping to an instruction at the specified offset
 945 * from the start of the block.  Please note this is all position
 946 * independent code.
 947 *
 948 *  r1  = corrupted
 949 *  r2  = corrupted
 950 *  r3  = block offset
 951 *  r9  = corrupted
 952 *  r12 = corrupted
 953 */
 954
 955call_cache_fn:  adr     r12, proc_types
 956#ifdef CONFIG_CPU_CP15
 957                mrc     p15, 0, r9, c0, c0      @ get processor ID
 958#elif defined(CONFIG_CPU_V7M)
 959                /*
 960                 * On v7-M the processor id is located in the V7M_SCB_CPUID
 961                 * register, but as cache handling is IMPLEMENTATION DEFINED on
 962                 * v7-M (if existant at all) we just return early here.
 963                 * If V7M_SCB_CPUID were used the cpu ID functions (i.e.
 964                 * __armv7_mmu_cache_{on,off,flush}) would be selected which
 965                 * use cp15 registers that are not implemented on v7-M.
 966                 */
 967                bx      lr
 968#else
 969                ldr     r9, =CONFIG_PROCESSOR_ID
 970#endif
 9711:              ldr     r1, [r12, #0]           @ get value
 972                ldr     r2, [r12, #4]           @ get mask
 973                eor     r1, r1, r9              @ (real ^ match)
 974                tst     r1, r2                  @       & mask
 975 ARM(           addeq   pc, r12, r3             ) @ call cache function
 976 THUMB(         addeq   r12, r3                 )
 977 THUMB(         moveq   pc, r12                 ) @ call cache function
 978                add     r12, r12, #PROC_ENTRY_SIZE
 979                b       1b
 980
 981/*
 982 * Table for cache operations.  This is basically:
 983 *   - CPU ID match
 984 *   - CPU ID mask
 985 *   - 'cache on' method instruction
 986 *   - 'cache off' method instruction
 987 *   - 'cache flush' method instruction
 988 *
 989 * We match an entry using: ((real_id ^ match) & mask) == 0
 990 *
 991 * Writethrough caches generally only need 'on' and 'off'
 992 * methods.  Writeback caches _must_ have the flush method
 993 * defined.
 994 */
 995                .align  2
 996                .type   proc_types,#object
 997proc_types:
 998                .word   0x41000000              @ old ARM ID
 999                .word   0xff00f000
1000                mov     pc, lr
1001 THUMB(         nop                             )
1002                mov     pc, lr
1003 THUMB(         nop                             )
1004                mov     pc, lr
1005 THUMB(         nop                             )
1006
1007                .word   0x41007000              @ ARM7/710
1008                .word   0xfff8fe00
1009                mov     pc, lr
1010 THUMB(         nop                             )
1011                mov     pc, lr
1012 THUMB(         nop                             )
1013                mov     pc, lr
1014 THUMB(         nop                             )
1015
1016                .word   0x41807200              @ ARM720T (writethrough)
1017                .word   0xffffff00
1018                W(b)    __armv4_mmu_cache_on
1019                W(b)    __armv4_mmu_cache_off
1020                mov     pc, lr
1021 THUMB(         nop                             )
1022
1023                .word   0x41007400              @ ARM74x
1024                .word   0xff00ff00
1025                W(b)    __armv3_mpu_cache_on
1026                W(b)    __armv3_mpu_cache_off
1027                W(b)    __armv3_mpu_cache_flush
1028                
1029                .word   0x41009400              @ ARM94x
1030                .word   0xff00ff00
1031                W(b)    __armv4_mpu_cache_on
1032                W(b)    __armv4_mpu_cache_off
1033                W(b)    __armv4_mpu_cache_flush
1034
1035                .word   0x41069260              @ ARM926EJ-S (v5TEJ)
1036                .word   0xff0ffff0
1037                W(b)    __arm926ejs_mmu_cache_on
1038                W(b)    __armv4_mmu_cache_off
1039                W(b)    __armv5tej_mmu_cache_flush
1040
1041                .word   0x00007000              @ ARM7 IDs
1042                .word   0x0000f000
1043                mov     pc, lr
1044 THUMB(         nop                             )
1045                mov     pc, lr
1046 THUMB(         nop                             )
1047                mov     pc, lr
1048 THUMB(         nop                             )
1049
1050                @ Everything from here on will be the new ID system.
1051
1052                .word   0x4401a100              @ sa110 / sa1100
1053                .word   0xffffffe0
1054                W(b)    __armv4_mmu_cache_on
1055                W(b)    __armv4_mmu_cache_off
1056                W(b)    __armv4_mmu_cache_flush
1057
1058                .word   0x6901b110              @ sa1110
1059                .word   0xfffffff0
1060                W(b)    __armv4_mmu_cache_on
1061                W(b)    __armv4_mmu_cache_off
1062                W(b)    __armv4_mmu_cache_flush
1063
1064                .word   0x56056900
1065                .word   0xffffff00              @ PXA9xx
1066                W(b)    __armv4_mmu_cache_on
1067                W(b)    __armv4_mmu_cache_off
1068                W(b)    __armv4_mmu_cache_flush
1069
1070                .word   0x56158000              @ PXA168
1071                .word   0xfffff000
1072                W(b)    __armv4_mmu_cache_on
1073                W(b)    __armv4_mmu_cache_off
1074                W(b)    __armv5tej_mmu_cache_flush
1075
1076                .word   0x56050000              @ Feroceon
1077                .word   0xff0f0000
1078                W(b)    __armv4_mmu_cache_on
1079                W(b)    __armv4_mmu_cache_off
1080                W(b)    __armv5tej_mmu_cache_flush
1081
1082#ifdef CONFIG_CPU_FEROCEON_OLD_ID
1083                /* this conflicts with the standard ARMv5TE entry */
1084                .long   0x41009260              @ Old Feroceon
1085                .long   0xff00fff0
1086                b       __armv4_mmu_cache_on
1087                b       __armv4_mmu_cache_off
1088                b       __armv5tej_mmu_cache_flush
1089#endif
1090
1091                .word   0x66015261              @ FA526
1092                .word   0xff01fff1
1093                W(b)    __fa526_cache_on
1094                W(b)    __armv4_mmu_cache_off
1095                W(b)    __fa526_cache_flush
1096
1097                @ These match on the architecture ID
1098
1099                .word   0x00020000              @ ARMv4T
1100                .word   0x000f0000
1101                W(b)    __armv4_mmu_cache_on
1102                W(b)    __armv4_mmu_cache_off
1103                W(b)    __armv4_mmu_cache_flush
1104
1105                .word   0x00050000              @ ARMv5TE
1106                .word   0x000f0000
1107                W(b)    __armv4_mmu_cache_on
1108                W(b)    __armv4_mmu_cache_off
1109                W(b)    __armv4_mmu_cache_flush
1110
1111                .word   0x00060000              @ ARMv5TEJ
1112                .word   0x000f0000
1113                W(b)    __armv4_mmu_cache_on
1114                W(b)    __armv4_mmu_cache_off
1115                W(b)    __armv5tej_mmu_cache_flush
1116
1117                .word   0x0007b000              @ ARMv6
1118                .word   0x000ff000
1119                W(b)    __armv6_mmu_cache_on
1120                W(b)    __armv4_mmu_cache_off
1121                W(b)    __armv6_mmu_cache_flush
1122
1123                .word   0x000f0000              @ new CPU Id
1124                .word   0x000f0000
1125                W(b)    __armv7_mmu_cache_on
1126                W(b)    __armv7_mmu_cache_off
1127                W(b)    __armv7_mmu_cache_flush
1128
1129                .word   0                       @ unrecognised type
1130                .word   0
1131                mov     pc, lr
1132 THUMB(         nop                             )
1133                mov     pc, lr
1134 THUMB(         nop                             )
1135                mov     pc, lr
1136 THUMB(         nop                             )
1137
1138                .size   proc_types, . - proc_types
1139
1140                /*
1141                 * If you get a "non-constant expression in ".if" statement"
1142                 * error from the assembler on this line, check that you have
1143                 * not accidentally written a "b" instruction where you should
1144                 * have written W(b).
1145                 */
1146                .if (. - proc_types) % PROC_ENTRY_SIZE != 0
1147                .error "The size of one or more proc_types entries is wrong."
1148                .endif
1149
1150/*
1151 * Turn off the Cache and MMU.  ARMv3 does not support
1152 * reading the control register, but ARMv4 does.
1153 *
1154 * On exit,
1155 *  r0, r1, r2, r3, r9, r12 corrupted
1156 * This routine must preserve:
1157 *  r4, r7, r8
1158 */
1159                .align  5
1160cache_off:      mov     r3, #12                 @ cache_off function
1161                b       call_cache_fn
1162
1163__armv4_mpu_cache_off:
1164                mrc     p15, 0, r0, c1, c0
1165                bic     r0, r0, #0x000d
1166                mcr     p15, 0, r0, c1, c0      @ turn MPU and cache off
1167                mov     r0, #0
1168                mcr     p15, 0, r0, c7, c10, 4  @ drain write buffer
1169                mcr     p15, 0, r0, c7, c6, 0   @ flush D-Cache
1170                mcr     p15, 0, r0, c7, c5, 0   @ flush I-Cache
1171                mov     pc, lr
1172
1173__armv3_mpu_cache_off:
1174                mrc     p15, 0, r0, c1, c0
1175                bic     r0, r0, #0x000d
1176                mcr     p15, 0, r0, c1, c0, 0   @ turn MPU and cache off
1177                mov     r0, #0
1178                mcr     p15, 0, r0, c7, c0, 0   @ invalidate whole cache v3
1179                mov     pc, lr
1180
1181__armv4_mmu_cache_off:
1182#ifdef CONFIG_MMU
1183                mrc     p15, 0, r0, c1, c0
1184                bic     r0, r0, #0x000d
1185                mcr     p15, 0, r0, c1, c0      @ turn MMU and cache off
1186                mov     r0, #0
1187                mcr     p15, 0, r0, c7, c7      @ invalidate whole cache v4
1188                mcr     p15, 0, r0, c8, c7      @ invalidate whole TLB v4
1189#endif
1190                mov     pc, lr
1191
1192__armv7_mmu_cache_off:
1193                mrc     p15, 0, r0, c1, c0
1194#ifdef CONFIG_MMU
1195                bic     r0, r0, #0x0005
1196#else
1197                bic     r0, r0, #0x0004
1198#endif
1199                mcr     p15, 0, r0, c1, c0      @ turn MMU and cache off
1200                mov     r0, #0
1201#ifdef CONFIG_MMU
1202                mcr     p15, 0, r0, c8, c7, 0   @ invalidate whole TLB
1203#endif
1204                mcr     p15, 0, r0, c7, c5, 6   @ invalidate BTC
1205                mcr     p15, 0, r0, c7, c10, 4  @ DSB
1206                mcr     p15, 0, r0, c7, c5, 4   @ ISB
1207                mov     pc, lr
1208
1209/*
1210 * Clean and flush the cache to maintain consistency.
1211 *
1212 * On entry,
1213 *  r0 = start address
1214 *  r1 = end address (exclusive)
1215 * On exit,
1216 *  r1, r2, r3, r9, r10, r11, r12 corrupted
1217 * This routine must preserve:
1218 *  r4, r6, r7, r8
1219 */
1220                .align  5
1221cache_clean_flush:
1222                mov     r3, #16
1223                mov     r11, r1
1224                b       call_cache_fn
1225
1226__armv4_mpu_cache_flush:
1227                tst     r4, #1
1228                movne   pc, lr
1229                mov     r2, #1
1230                mov     r3, #0
1231                mcr     p15, 0, ip, c7, c6, 0   @ invalidate D cache
1232                mov     r1, #7 << 5             @ 8 segments
12331:              orr     r3, r1, #63 << 26       @ 64 entries
12342:              mcr     p15, 0, r3, c7, c14, 2  @ clean & invalidate D index
1235                subs    r3, r3, #1 << 26
1236                bcs     2b                      @ entries 63 to 0
1237                subs    r1, r1, #1 << 5
1238                bcs     1b                      @ segments 7 to 0
1239
1240                teq     r2, #0
1241                mcrne   p15, 0, ip, c7, c5, 0   @ invalidate I cache
1242                mcr     p15, 0, ip, c7, c10, 4  @ drain WB
1243                mov     pc, lr
1244                
1245__fa526_cache_flush:
1246                tst     r4, #1
1247                movne   pc, lr
1248                mov     r1, #0
1249                mcr     p15, 0, r1, c7, c14, 0  @ clean and invalidate D cache
1250                mcr     p15, 0, r1, c7, c5, 0   @ flush I cache
1251                mcr     p15, 0, r1, c7, c10, 4  @ drain WB
1252                mov     pc, lr
1253
1254__armv6_mmu_cache_flush:
1255                mov     r1, #0
1256                tst     r4, #1
1257                mcreq   p15, 0, r1, c7, c14, 0  @ clean+invalidate D
1258                mcr     p15, 0, r1, c7, c5, 0   @ invalidate I+BTB
1259                mcreq   p15, 0, r1, c7, c15, 0  @ clean+invalidate unified
1260                mcr     p15, 0, r1, c7, c10, 4  @ drain WB
1261                mov     pc, lr
1262
1263__armv7_mmu_cache_flush:
1264                enable_cp15_barriers    r10
1265                tst     r4, #1
1266                bne     iflush
1267                mrc     p15, 0, r10, c0, c1, 5  @ read ID_MMFR1
1268                tst     r10, #0xf << 16         @ hierarchical cache (ARMv7)
1269                mov     r10, #0
1270                beq     hierarchical
1271                mcr     p15, 0, r10, c7, c14, 0 @ clean+invalidate D
1272                b       iflush
1273hierarchical:
1274                dcache_line_size r1, r2         @ r1 := dcache min line size
1275                sub     r2, r1, #1              @ r2 := line size mask
1276                bic     r0, r0, r2              @ round down start to line size
1277                sub     r11, r11, #1            @ end address is exclusive
1278                bic     r11, r11, r2            @ round down end to line size
12790:              cmp     r0, r11                 @ finished?
1280                bgt     iflush
1281                mcr     p15, 0, r0, c7, c14, 1  @ Dcache clean/invalidate by VA
1282                add     r0, r0, r1
1283                b       0b
1284iflush:
1285                mcr     p15, 0, r10, c7, c10, 4 @ DSB
1286                mcr     p15, 0, r10, c7, c5, 0  @ invalidate I+BTB
1287                mcr     p15, 0, r10, c7, c10, 4 @ DSB
1288                mcr     p15, 0, r10, c7, c5, 4  @ ISB
1289                mov     pc, lr
1290
1291__armv5tej_mmu_cache_flush:
1292                tst     r4, #1
1293                movne   pc, lr
12941:              mrc     p15, 0, APSR_nzcv, c7, c14, 3   @ test,clean,invalidate D cache
1295                bne     1b
1296                mcr     p15, 0, r0, c7, c5, 0   @ flush I cache
1297                mcr     p15, 0, r0, c7, c10, 4  @ drain WB
1298                mov     pc, lr
1299
1300__armv4_mmu_cache_flush:
1301                tst     r4, #1
1302                movne   pc, lr
1303                mov     r2, #64*1024            @ default: 32K dcache size (*2)
1304                mov     r11, #32                @ default: 32 byte line size
1305                mrc     p15, 0, r3, c0, c0, 1   @ read cache type
1306                teq     r3, r9                  @ cache ID register present?
1307                beq     no_cache_id
1308                mov     r1, r3, lsr #18
1309                and     r1, r1, #7
1310                mov     r2, #1024
1311                mov     r2, r2, lsl r1          @ base dcache size *2
1312                tst     r3, #1 << 14            @ test M bit
1313                addne   r2, r2, r2, lsr #1      @ +1/2 size if M == 1
1314                mov     r3, r3, lsr #12
1315                and     r3, r3, #3
1316                mov     r11, #8
1317                mov     r11, r11, lsl r3        @ cache line size in bytes
1318no_cache_id:
1319                mov     r1, pc
1320                bic     r1, r1, #63             @ align to longest cache line
1321                add     r2, r1, r2
13221:
1323 ARM(           ldr     r3, [r1], r11           ) @ s/w flush D cache
1324 THUMB(         ldr     r3, [r1]                ) @ s/w flush D cache
1325 THUMB(         add     r1, r1, r11             )
1326                teq     r1, r2
1327                bne     1b
1328
1329                mcr     p15, 0, r1, c7, c5, 0   @ flush I cache
1330                mcr     p15, 0, r1, c7, c6, 0   @ flush D cache
1331                mcr     p15, 0, r1, c7, c10, 4  @ drain WB
1332                mov     pc, lr
1333
1334__armv3_mmu_cache_flush:
1335__armv3_mpu_cache_flush:
1336                tst     r4, #1
1337                movne   pc, lr
1338                mov     r1, #0
1339                mcr     p15, 0, r1, c7, c0, 0   @ invalidate whole cache v3
1340                mov     pc, lr
1341
1342/*
1343 * Various debugging routines for printing hex characters and
1344 * memory, which again must be relocatable.
1345 */
1346#ifdef DEBUG
1347                .align  2
1348                .type   phexbuf,#object
1349phexbuf:        .space  12
1350                .size   phexbuf, . - phexbuf
1351
1352@ phex corrupts {r0, r1, r2, r3}
1353phex:           adr     r3, phexbuf
1354                mov     r2, #0
1355                strb    r2, [r3, r1]
13561:              subs    r1, r1, #1
1357                movmi   r0, r3
1358                bmi     puts
1359                and     r2, r0, #15
1360                mov     r0, r0, lsr #4
1361                cmp     r2, #10
1362                addge   r2, r2, #7
1363                add     r2, r2, #'0'
1364                strb    r2, [r3, r1]
1365                b       1b
1366
1367@ puts corrupts {r0, r1, r2, r3}
1368puts:           loadsp  r3, r2, r1
13691:              ldrb    r2, [r0], #1
1370                teq     r2, #0
1371                moveq   pc, lr
13722:              writeb  r2, r3, r1
1373                mov     r1, #0x00020000
13743:              subs    r1, r1, #1
1375                bne     3b
1376                teq     r2, #'\n'
1377                moveq   r2, #'\r'
1378                beq     2b
1379                teq     r0, #0
1380                bne     1b
1381                mov     pc, lr
1382@ putc corrupts {r0, r1, r2, r3}
1383putc:
1384                mov     r2, r0
1385                loadsp  r3, r1, r0
1386                mov     r0, #0
1387                b       2b
1388
1389@ memdump corrupts {r0, r1, r2, r3, r10, r11, r12, lr}
1390memdump:        mov     r12, r0
1391                mov     r10, lr
1392                mov     r11, #0
13932:              mov     r0, r11, lsl #2
1394                add     r0, r0, r12
1395                mov     r1, #8
1396                bl      phex
1397                mov     r0, #':'
1398                bl      putc
13991:              mov     r0, #' '
1400                bl      putc
1401                ldr     r0, [r12, r11, lsl #2]
1402                mov     r1, #8
1403                bl      phex
1404                and     r0, r11, #7
1405                teq     r0, #3
1406                moveq   r0, #' '
1407                bleq    putc
1408                and     r0, r11, #7
1409                add     r11, r11, #1
1410                teq     r0, #7
1411                bne     1b
1412                mov     r0, #'\n'
1413                bl      putc
1414                cmp     r11, #64
1415                blt     2b
1416                mov     pc, r10
1417#endif
1418
1419                .ltorg
1420
1421#ifdef CONFIG_ARM_VIRT_EXT
1422.align 5
1423__hyp_reentry_vectors:
1424                W(b)    .                       @ reset
1425                W(b)    .                       @ undef
1426#ifdef CONFIG_EFI_STUB
1427                W(b)    __enter_kernel_from_hyp @ hvc from HYP
1428#else
1429                W(b)    .                       @ svc
1430#endif
1431                W(b)    .                       @ pabort
1432                W(b)    .                       @ dabort
1433                W(b)    __enter_kernel          @ hyp
1434                W(b)    .                       @ irq
1435                W(b)    .                       @ fiq
1436#endif /* CONFIG_ARM_VIRT_EXT */
1437
1438__enter_kernel:
1439                mov     r0, #0                  @ must be 0
1440                mov     r1, r7                  @ restore architecture number
1441                mov     r2, r8                  @ restore atags pointer
1442 ARM(           mov     pc, r4          )       @ call kernel
1443 M_CLASS(       add     r4, r4, #1      )       @ enter in Thumb mode for M class
1444 THUMB(         bx      r4              )       @ entry point is always ARM for A/R classes
1445
1446reloc_code_end:
1447
1448#ifdef CONFIG_EFI_STUB
1449__enter_kernel_from_hyp:
1450                mrc     p15, 4, r0, c1, c0, 0   @ read HSCTLR
1451                bic     r0, r0, #0x5            @ disable MMU and caches
1452                mcr     p15, 4, r0, c1, c0, 0   @ write HSCTLR
1453                isb
1454                b       __enter_kernel
1455
1456ENTRY(efi_enter_kernel)
1457                mov     r4, r0                  @ preserve image base
1458                mov     r8, r1                  @ preserve DT pointer
1459
1460                adr_l   r0, call_cache_fn
1461                adr     r1, 0f                  @ clean the region of code we
1462                bl      cache_clean_flush       @ may run with the MMU off
1463
1464#ifdef CONFIG_ARM_VIRT_EXT
1465                @
1466                @ The EFI spec does not support booting on ARM in HYP mode,
1467                @ since it mandates that the MMU and caches are on, with all
1468                @ 32-bit addressable DRAM mapped 1:1 using short descriptors.
1469                @
1470                @ While the EDK2 reference implementation adheres to this,
1471                @ U-Boot might decide to enter the EFI stub in HYP mode
1472                @ anyway, with the MMU and caches either on or off.
1473                @
1474                mrs     r0, cpsr                @ get the current mode
1475                msr     spsr_cxsf, r0           @ record boot mode
1476                and     r0, r0, #MODE_MASK      @ are we running in HYP mode?
1477                cmp     r0, #HYP_MODE
1478                bne     .Lefi_svc
1479
1480                mrc     p15, 4, r1, c1, c0, 0   @ read HSCTLR
1481                tst     r1, #0x1                @ MMU enabled at HYP?
1482                beq     1f
1483
1484                @
1485                @ When running in HYP mode with the caches on, we're better
1486                @ off just carrying on using the cached 1:1 mapping that the
1487                @ firmware provided. Set up the HYP vectors so HVC instructions
1488                @ issued from HYP mode take us to the correct handler code. We
1489                @ will disable the MMU before jumping to the kernel proper.
1490                @
1491 ARM(           bic     r1, r1, #(1 << 30)      ) @ clear HSCTLR.TE
1492 THUMB(         orr     r1, r1, #(1 << 30)      ) @ set HSCTLR.TE
1493                mcr     p15, 4, r1, c1, c0, 0
1494                adr     r0, __hyp_reentry_vectors
1495                mcr     p15, 4, r0, c12, c0, 0  @ set HYP vector base (HVBAR)
1496                isb
1497                b       .Lefi_hyp
1498
1499                @
1500                @ When running in HYP mode with the caches off, we need to drop
1501                @ into SVC mode now, and let the decompressor set up its cached
1502                @ 1:1 mapping as usual.
1503                @
15041:              mov     r9, r4                  @ preserve image base
1505                bl      __hyp_stub_install      @ install HYP stub vectors
1506                safe_svcmode_maskall    r1      @ drop to SVC mode
1507                msr     spsr_cxsf, r0           @ record boot mode
1508                orr     r4, r9, #1              @ restore image base and set LSB
1509                b       .Lefi_hyp
1510.Lefi_svc:
1511#endif
1512                mrc     p15, 0, r0, c1, c0, 0   @ read SCTLR
1513                tst     r0, #0x1                @ MMU enabled?
1514                orreq   r4, r4, #1              @ set LSB if not
1515
1516.Lefi_hyp:
1517                mov     r0, r8                  @ DT start
1518                add     r1, r8, r2              @ DT end
1519                bl      cache_clean_flush
1520
1521                adr     r0, 0f                  @ switch to our stack
1522                ldr     sp, [r0]
1523                add     sp, sp, r0
1524
1525                mov     r5, #0                  @ appended DTB size
1526                mov     r7, #0xFFFFFFFF         @ machine ID
1527                b       wont_overwrite
1528ENDPROC(efi_enter_kernel)
15290:              .long   .L_user_stack_end - .
1530#endif
1531
1532                .align
1533                .section ".stack", "aw", %nobits
1534.L_user_stack:  .space  4096
1535.L_user_stack_end:
1536