[GitHub/mt8127/android_kernel_alcatel_ttab.git] / arch / arm / boot / compressed / head.S

/*
 *  linux/arch/arm/boot/compressed/head.S
 *
 *  Copyright (C) 1996-2002 Russell King
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */
#include <linux/config.h>
#include <linux/linkage.h>

/*
 * Debugging stuff
 *
 * Note that these macros must not contain any code which is not
 * 100% relocatable.  Any attempt to do so will result in a crash.
 * Please select one of the following when turning on debugging.
 */
#ifdef DEBUG

#if defined(CONFIG_DEBUG_ICEDCC)
		.macro	loadsp, rb
		.endm
		.macro	writeb, ch, rb
		mcr	p14, 0, \ch, c0, c1, 0
		.endm
#else

#include <asm/arch/debug-macro.S>

		.macro	writeb,	ch, rb
		senduart \ch, \rb
		.endm

#if defined(CONFIG_ARCH_SA1100)
		.macro	loadsp, rb
		mov	\rb, #0x80000000	@ physical base address
#ifdef CONFIG_DEBUG_LL_SER3
		add	\rb, \rb, #0x00050000	@ Ser3
#else
		add	\rb, \rb, #0x00010000	@ Ser1
#endif
		.endm
#elif defined(CONFIG_ARCH_IOP331)
		.macro loadsp, rb
                mov   	\rb, #0xff000000
                orr     \rb, \rb, #0x00ff0000
                orr     \rb, \rb, #0x0000f700   @ location of the UART
		.endm
#elif defined(CONFIG_ARCH_S3C2410)
		.macro loadsp, rb
		mov	\rb, #0x50000000
		add	\rb, \rb, #0x4000 * CONFIG_S3C2410_LOWLEVEL_UART_PORT
		.endm
#else
		.macro	loadsp,	rb
		addruart \rb
		.endm
#endif
#endif
#endif

		.macro	kputc,val
		mov	r0, \val
		bl	putc
		.endm

		.macro	kphex,val,len
		mov	r0, \val
		mov	r1, #\len
		bl	phex
		.endm

		.macro	debug_reloc_start
#ifdef DEBUG
		kputc	#'\n'
		kphex	r6, 8		/* processor id */
		kputc	#':'
		kphex	r7, 8		/* architecture id */
		kputc	#':'
		mrc	p15, 0, r0, c1, c0
		kphex	r0, 8		/* control reg */
		kputc	#'\n'
		kphex	r5, 8		/* decompressed kernel start */
		kputc	#'-'
		kphex	r8, 8		/* decompressed kernel end  */
		kputc	#'>'
		kphex	r4, 8		/* kernel execution address */
		kputc	#'\n'
#endif
		.endm

		.macro	debug_reloc_end
#ifdef DEBUG
		kphex	r5, 8		/* end of kernel */
		kputc	#'\n'
		mov	r0, r4
		bl	memdump		/* dump 256 bytes at start of kernel */
#endif
		.endm

		.section ".start", #alloc, #execinstr
/*
 * sort out different calling conventions
 */
		.align
start:
		.type	start,#function
		.rept	8
		mov	r0, r0
		.endr

		b	1f
		.word	0x016f2818		@ Magic numbers to help the loader
		.word	start			@ absolute load/run zImage address
		.word	_edata			@ zImage end address
1:		mov	r7, r1			@ save architecture ID
		mov	r8, #0			@ save r0

#ifndef __ARM_ARCH_2__
		/*
		 * Booting from Angel - need to enter SVC mode and disable
		 * FIQs/IRQs (numeric definitions from angel arm.h source).
		 * We only do this if we were in user mode on entry.
		 */
		mrs	r2, cpsr		@ get current mode
		tst	r2, #3			@ not user?
		bne	not_angel
		mov	r0, #0x17		@ angel_SWIreason_EnterSVC
		swi	0x123456		@ angel_SWI_ARM
not_angel:
		mrs	r2, cpsr		@ turn off interrupts to
		orr	r2, r2, #0xc0		@ prevent angel from running
		msr	cpsr_c, r2
#else
		teqp	pc, #0x0c000003		@ turn off interrupts
#endif

		/*
		 * Note that some cache flushing and other stuff may
		 * be needed here - is there an Angel SWI call for this?
		 */

		/*
		 * some architecture specific code can be inserted
		 * by the linker here, but it should preserve r7 and r8.
		 */

		.text
		adr	r0, LC0
		ldmia	r0, {r1, r2, r3, r4, r5, r6, ip, sp}
		subs	r0, r0, r1		@ calculate the delta offset

						@ if delta is zero, we are
		beq	not_relocated		@ running at the address we
						@ were linked at.

		/*
		 * We're running at a different address.  We need to fix
		 * up various pointers:
		 *   r5 - zImage base address
		 *   r6 - GOT start
		 *   ip - GOT end
		 */
		add	r5, r5, r0
		add	r6, r6, r0
		add	ip, ip, r0

#ifndef CONFIG_ZBOOT_ROM
		/*
		 * If we're running fully PIC === CONFIG_ZBOOT_ROM = n,
		 * we need to fix up pointers into the BSS region.
		 *   r2 - BSS start
		 *   r3 - BSS end
		 *   sp - stack pointer
		 */
		add	r2, r2, r0
		add	r3, r3, r0
		add	sp, sp, r0

		/*
		 * Relocate all entries in the GOT table.
		 */
1:		ldr	r1, [r6, #0]		@ relocate entries in the GOT
		add	r1, r1, r0		@ table.  This fixes up the
		str	r1, [r6], #4		@ C references.
		cmp	r6, ip
		blo	1b
#else

		/*
		 * Relocate entries in the GOT table.  We only relocate
		 * the entries that are outside the (relocated) BSS region.
		 */
1:		ldr	r1, [r6, #0]		@ relocate entries in the GOT
		cmp	r1, r2			@ entry < bss_start ||
		cmphs	r3, r1			@ _end < entry
		addlo	r1, r1, r0		@ table.  This fixes up the
		str	r1, [r6], #4		@ C references.
		cmp	r6, ip
		blo	1b
#endif

not_relocated:	mov	r0, #0
1:		str	r0, [r2], #4		@ clear bss
		str	r0, [r2], #4
		str	r0, [r2], #4
		str	r0, [r2], #4
		cmp	r2, r3
		blo	1b

		/*
		 * The C runtime environment should now be setup
		 * sufficiently.  Turn the cache on, set up some
		 * pointers, and start decompressing.
		 */
		bl	cache_on

		mov	r1, sp			@ malloc space above stack
		add	r2, sp, #0x10000	@ 64k max

/*
 * Check to see if we will overwrite ourselves.
 *   r4 = final kernel address
 *   r5 = start of this image
 *   r2 = end of malloc space (and therefore this image)
 * We basically want:
 *   r4 >= r2 -> OK
 *   r4 + image length <= r5 -> OK
 */
		cmp	r4, r2
		bhs	wont_overwrite
		add	r0, r4, #4096*1024	@ 4MB largest kernel size
		cmp	r0, r5
		bls	wont_overwrite

		mov	r5, r2			@ decompress after malloc space
		mov	r0, r5
		mov	r3, r7
		bl	decompress_kernel

		add	r0, r0, #127
		bic	r0, r0, #127		@ align the kernel length
/*
 * r0     = decompressed kernel length
 * r1-r3  = unused
 * r4     = kernel execution address
 * r5     = decompressed kernel start
 * r6     = processor ID
 * r7     = architecture ID
 * r8-r14 = unused
 */
		add	r1, r5, r0		@ end of decompressed kernel
		adr	r2, reloc_start
		ldr	r3, LC1
		add	r3, r2, r3
1:		ldmia	r2!, {r8 - r13}		@ copy relocation code
		stmia	r1!, {r8 - r13}
		ldmia	r2!, {r8 - r13}
		stmia	r1!, {r8 - r13}
		cmp	r2, r3
		blo	1b

		bl	cache_clean_flush
		add	pc, r5, r0		@ call relocation code

/*
 * We're not in danger of overwriting ourselves.  Do this the simple way.
 *
 * r4     = kernel execution address
 * r7     = architecture ID
 */
wont_overwrite:	mov	r0, r4
		mov	r3, r7
		bl	decompress_kernel
		b	call_kernel

		.type	LC0, #object
LC0:		.word	LC0			@ r1
		.word	__bss_start		@ r2
		.word	_end			@ r3
		.word	zreladdr		@ r4
		.word	_start			@ r5
		.word	_got_start		@ r6
		.word	_got_end		@ ip
		.word	user_stack+4096		@ sp
LC1:		.word	reloc_end - reloc_start
		.size	LC0, . - LC0

#ifdef CONFIG_ARCH_RPC
		.globl	params
params:		ldr	r0, =params_phys
		mov	pc, lr
		.ltorg
		.align
#endif

/*
 * Turn on the cache.  We need to setup some page tables so that we
 * can have both the I and D caches on.
 *
 * We place the page tables 16k down from the kernel execution address,
 * and we hope that nothing else is using it.  If we're using it, we
 * will go pop!
 *
 * On entry,
 *  r4 = kernel execution address
 *  r6 = processor ID
 *  r7 = architecture number
 *  r8 = run-time address of "start"
 * On exit,
 *  r1, r2, r3, r8, r9, r12 corrupted
 * This routine must preserve:
 *  r4, r5, r6, r7
 */
		.align	5
cache_on:	mov	r3, #8			@ cache_on function
		b	call_cache_fn

__setup_mmu:	sub	r3, r4, #16384		@ Page directory size
		bic	r3, r3, #0xff		@ Align the pointer
		bic	r3, r3, #0x3f00
/*
 * Initialise the page tables, turning on the cacheable and bufferable
 * bits for the RAM area only.
 */
		mov	r0, r3
		mov	r8, r0, lsr #18
		mov	r8, r8, lsl #18		@ start of RAM
		add	r9, r8, #0x10000000	@ a reasonable RAM size
		mov	r1, #0x12
		orr	r1, r1, #3 << 10
		add	r2, r3, #16384
1:		cmp	r1, r8			@ if virt > start of RAM
		orrhs	r1, r1, #0x0c		@ set cacheable, bufferable
		cmp	r1, r9			@ if virt > end of RAM
		bichs	r1, r1, #0x0c		@ clear cacheable, bufferable
		str	r1, [r0], #4		@ 1:1 mapping
		add	r1, r1, #1048576
		teq	r0, r2
		bne	1b
/*
 * If ever we are running from Flash, then we surely want the cache
 * to be enabled also for our execution instance...  We map 2MB of it
 * so there is no map overlap problem for up to 1 MB compressed kernel.
 * If the execution is in RAM then we would only be duplicating the above.
 */
		mov	r1, #0x1e
		orr	r1, r1, #3 << 10
		mov	r2, pc, lsr #20
		orr	r1, r1, r2, lsl #20
		add	r0, r3, r2, lsl #2
		str	r1, [r0], #4
		add	r1, r1, #1048576
		str	r1, [r0]
		mov	pc, lr

__armv4_cache_on:
		mov	r12, lr
		bl	__setup_mmu
		mov	r0, #0
		mcr	p15, 0, r0, c7, c10, 4	@ drain write buffer
		mcr	p15, 0, r0, c8, c7, 0	@ flush I,D TLBs
		mrc	p15, 0, r0, c1, c0, 0	@ read control reg
		orr	r0, r0, #0x5000		@ I-cache enable, RR cache replacement
		orr	r0, r0, #0x0030
		bl	__common_cache_on
		mov	r0, #0
		mcr	p15, 0, r0, c8, c7, 0	@ flush I,D TLBs
		mov	pc, r12

__arm6_cache_on:
		mov	r12, lr
		bl	__setup_mmu
		mov	r0, #0
		mcr	p15, 0, r0, c7, c0, 0	@ invalidate whole cache v3
		mcr	p15, 0, r0, c5, c0, 0	@ invalidate whole TLB v3
		mov	r0, #0x30
		bl	__common_cache_on
		mov	r0, #0
		mcr	p15, 0, r0, c5, c0, 0	@ invalidate whole TLB v3
		mov	pc, r12

__common_cache_on:
#ifndef DEBUG
		orr	r0, r0, #0x000d		@ Write buffer, mmu
#endif
		mov	r1, #-1
		mcr	p15, 0, r3, c2, c0, 0	@ load page table pointer
		mcr	p15, 0, r1, c3, c0, 0	@ load domain access control
		mcr	p15, 0, r0, c1, c0, 0	@ load control register
		mov	pc, lr

/*
 * All code following this line is relocatable.  It is relocated by
 * the above code to the end of the decompressed kernel image and
 * executed there.  During this time, we have no stacks.
 *
 * r0     = decompressed kernel length
 * r1-r3  = unused
 * r4     = kernel execution address
 * r5     = decompressed kernel start
 * r6     = processor ID
 * r7     = architecture ID
 * r8-r14 = unused
 */
		.align	5
reloc_start:	add	r8, r5, r0
		debug_reloc_start
		mov	r1, r4
1:
		.rept	4
		ldmia	r5!, {r0, r2, r3, r9 - r13}	@ relocate kernel
		stmia	r1!, {r0, r2, r3, r9 - r13}
		.endr

		cmp	r5, r8
		blo	1b
		debug_reloc_end

call_kernel:	bl	cache_clean_flush
		bl	cache_off
		mov	r0, #0
		mov	r1, r7			@ restore architecture number
		mov	pc, r4			@ call kernel

/*
 * Here follow the relocatable cache support functions for the
 * various processors.  This is a generic hook for locating an
 * entry and jumping to an instruction at the specified offset
 * from the start of the block.  Please note this is all position
 * independent code.
 *
 *  r1  = corrupted
 *  r2  = corrupted
 *  r3  = block offset
 *  r6  = corrupted
 *  r12 = corrupted
 */

call_cache_fn:	adr	r12, proc_types
		mrc	p15, 0, r6, c0, c0	@ get processor ID
1:		ldr	r1, [r12, #0]		@ get value
		ldr	r2, [r12, #4]		@ get mask
		eor	r1, r1, r6		@ (real ^ match)
		tst	r1, r2			@       & mask
		addeq	pc, r12, r3		@ call cache function
		add	r12, r12, #4*5
		b	1b

/*
 * Table for cache operations.  This is basically:
 *   - CPU ID match
 *   - CPU ID mask
 *   - 'cache on' method instruction
 *   - 'cache off' method instruction
 *   - 'cache flush' method instruction
 *
 * We match an entry using: ((real_id ^ match) & mask) == 0
 *
 * Writethrough caches generally only need 'on' and 'off'
 * methods.  Writeback caches _must_ have the flush method
 * defined.
 */
		.type	proc_types,#object
proc_types:
		.word	0x41560600		@ ARM6/610
		.word	0xffffffe0
		b	__arm6_cache_off	@ works, but slow
		b	__arm6_cache_off
		mov	pc, lr
@		b	__arm6_cache_on		@ untested
@		b	__arm6_cache_off
@		b	__armv3_cache_flush

		.word	0x00000000		@ old ARM ID
		.word	0x0000f000
		mov	pc, lr
		mov	pc, lr
		mov	pc, lr

		.word	0x41007000		@ ARM7/710
		.word	0xfff8fe00
		b	__arm7_cache_off
		b	__arm7_cache_off
		mov	pc, lr

		.word	0x41807200		@ ARM720T (writethrough)
		.word	0xffffff00
		b	__armv4_cache_on
		b	__armv4_cache_off
		mov	pc, lr

		.word	0x00007000		@ ARM7 IDs
		.word	0x0000f000
		mov	pc, lr
		mov	pc, lr
		mov	pc, lr

		@ Everything from here on will be the new ID system.

		.word	0x4401a100		@ sa110 / sa1100
		.word	0xffffffe0
		b	__armv4_cache_on
		b	__armv4_cache_off
		b	__armv4_cache_flush

		.word	0x6901b110		@ sa1110
		.word	0xfffffff0
		b	__armv4_cache_on
		b	__armv4_cache_off
		b	__armv4_cache_flush

		@ These match on the architecture ID

		.word	0x00020000		@ ARMv4T
		.word	0x000f0000
		b	__armv4_cache_on
		b	__armv4_cache_off
		b	__armv4_cache_flush

		.word	0x00050000		@ ARMv5TE
		.word	0x000f0000
		b	__armv4_cache_on
		b	__armv4_cache_off
		b	__armv4_cache_flush

		.word	0x00060000		@ ARMv5TEJ
		.word	0x000f0000
		b	__armv4_cache_on
		b	__armv4_cache_off
		b	__armv4_cache_flush

		.word	0x00070000		@ ARMv6
		.word	0x000f0000
		b	__armv4_cache_on
		b	__armv4_cache_off
		b	__armv6_cache_flush

		.word	0			@ unrecognised type
		.word	0
		mov	pc, lr
		mov	pc, lr
		mov	pc, lr

		.size	proc_types, . - proc_types

/*
 * Turn off the Cache and MMU.  ARMv3 does not support
 * reading the control register, but ARMv4 does.
 *
 * On entry,  r6 = processor ID
 * On exit,   r0, r1, r2, r3, r12 corrupted
 * This routine must preserve: r4, r6, r7
 */
		.align	5
cache_off:	mov	r3, #12			@ cache_off function
		b	call_cache_fn

__armv4_cache_off:
		mrc	p15, 0, r0, c1, c0
		bic	r0, r0, #0x000d
		mcr	p15, 0, r0, c1, c0	@ turn MMU and cache off
		mov	r0, #0
		mcr	p15, 0, r0, c7, c7	@ invalidate whole cache v4
		mcr	p15, 0, r0, c8, c7	@ invalidate whole TLB v4
		mov	pc, lr

__arm6_cache_off:
		mov	r0, #0x00000030		@ ARM6 control reg.
		b	__armv3_cache_off

__arm7_cache_off:
		mov	r0, #0x00000070		@ ARM7 control reg.
		b	__armv3_cache_off

__armv3_cache_off:
		mcr	p15, 0, r0, c1, c0, 0	@ turn MMU and cache off
		mov	r0, #0
		mcr	p15, 0, r0, c7, c0, 0	@ invalidate whole cache v3
		mcr	p15, 0, r0, c5, c0, 0	@ invalidate whole TLB v3
		mov	pc, lr

/*
 * Clean and flush the cache to maintain consistency.
 *
 * On entry,
 *  r6 = processor ID
 * On exit,
 *  r1, r2, r3, r11, r12 corrupted
 * This routine must preserve:
 *  r0, r4, r5, r6, r7
 */
		.align	5
cache_clean_flush:
		mov	r3, #16
		b	call_cache_fn

__armv6_cache_flush:
		mov	r1, #0
		mcr	p15, 0, r1, c7, c14, 0	@ clean+invalidate D
		mcr	p15, 0, r1, c7, c5, 0	@ invalidate I+BTB
		mcr	p15, 0, r1, c7, c15, 0	@ clean+invalidate unified
		mcr	p15, 0, r1, c7, c10, 4	@ drain WB
		mov	pc, lr

__armv4_cache_flush:
		mov	r2, #64*1024		@ default: 32K dcache size (*2)
		mov	r11, #32		@ default: 32 byte line size
		mrc	p15, 0, r3, c0, c0, 1	@ read cache type
		teq	r3, r6			@ cache ID register present?
		beq	no_cache_id
		mov	r1, r3, lsr #18
		and	r1, r1, #7
		mov	r2, #1024
		mov	r2, r2, lsl r1		@ base dcache size *2
		tst	r3, #1 << 14		@ test M bit
		addne	r2, r2, r2, lsr #1	@ +1/2 size if M == 1
		mov	r3, r3, lsr #12
		and	r3, r3, #3
		mov	r11, #8
		mov	r11, r11, lsl r3	@ cache line size in bytes
no_cache_id:
		bic	r1, pc, #63		@ align to longest cache line
		add	r2, r1, r2
1:		ldr	r3, [r1], r11		@ s/w flush D cache
		teq	r1, r2
		bne	1b

		mcr	p15, 0, r1, c7, c5, 0	@ flush I cache
		mcr	p15, 0, r1, c7, c6, 0	@ flush D cache
		mcr	p15, 0, r1, c7, c10, 4	@ drain WB
		mov	pc, lr

__armv3_cache_flush:
		mov	r1, #0
		mcr	p15, 0, r0, c7, c0, 0	@ invalidate whole cache v3
		mov	pc, lr

/*
 * Various debugging routines for printing hex characters and
 * memory, which again must be relocatable.
 */
#ifdef DEBUG
		.type	phexbuf,#object
phexbuf:	.space	12
		.size	phexbuf, . - phexbuf

phex:		adr	r3, phexbuf
		mov	r2, #0
		strb	r2, [r3, r1]
1:		subs	r1, r1, #1
		movmi	r0, r3
		bmi	puts
		and	r2, r0, #15
		mov	r0, r0, lsr #4
		cmp	r2, #10
		addge	r2, r2, #7
		add	r2, r2, #'0'
		strb	r2, [r3, r1]
		b	1b

puts:		loadsp	r3
1:		ldrb	r2, [r0], #1
		teq	r2, #0
		moveq	pc, lr
2:		writeb	r2, r3
		mov	r1, #0x00020000
3:		subs	r1, r1, #1
		bne	3b
		teq	r2, #'\n'
		moveq	r2, #'\r'
		beq	2b
		teq	r0, #0
		bne	1b
		mov	pc, lr
putc:
		mov	r2, r0
		mov	r0, #0
		loadsp	r3
		b	2b

memdump:	mov	r12, r0
		mov	r10, lr
		mov	r11, #0
2:		mov	r0, r11, lsl #2
		add	r0, r0, r12
		mov	r1, #8
		bl	phex
		mov	r0, #':'
		bl	putc
1:		mov	r0, #' '
		bl	putc
		ldr	r0, [r12, r11, lsl #2]
		mov	r1, #8
		bl	phex
		and	r0, r11, #7
		teq	r0, #3
		moveq	r0, #' '
		bleq	putc
		and	r0, r11, #7
		add	r11, r11, #1
		teq	r0, #7
		bne	1b
		mov	r0, #'\n'
		bl	putc
		cmp	r11, #64
		blt	2b
		mov	pc, r10
#endif

reloc_end:

		.align
		.section ".stack", "w"
user_stack:	.space	4096
Commit	Line	Data
1da177e4 LT	1	/*
	2	* linux/arch/arm/boot/compressed/head.S
	3	*
	4	* Copyright (C) 1996-2002 Russell King
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License version 2 as
	8	* published by the Free Software Foundation.
	9	*/
	10	#include <linux/config.h>
	11	#include <linux/linkage.h>
	12
	13	/*
	14	* Debugging stuff
	15	*
	16	* Note that these macros must not contain any code which is not
	17	* 100% relocatable. Any attempt to do so will result in a crash.
	18	* Please select one of the following when turning on debugging.
	19	*/
	20	#ifdef DEBUG
5cd0c344	21
5cd0c344	22	#if defined(CONFIG_DEBUG_ICEDCC)
1da177e4 LT	23	.macro loadsp, rb
1da177e4 LT	24	.endm
224b5be6	25	.macro writeb, ch, rb
5cd0c344	26	mcr p14, 0, \ch, c0, c1, 0
1da177e4	27	.endm
5cd0c344	28	#else
224b5be6 RK	29
	30	#include <asm/arch/debug-macro.S>
	31
5cd0c344 RK	32	.macro writeb, ch, rb
5cd0c344 RK	33	senduart \ch, \rb
1da177e4	34	.endm
5cd0c344	35
224b5be6	36	#if defined(CONFIG_ARCH_SA1100)
1da177e4 LT	37	.macro loadsp, rb
1da177e4 LT	38	mov \rb, #0x80000000 @ physical base address
224b5be6	39	#ifdef CONFIG_DEBUG_LL_SER3
1da177e4	40	add \rb, \rb, #0x00050000 @ Ser3
224b5be6	41	#else
1da177e4	42	add \rb, \rb, #0x00010000 @ Ser1
224b5be6	43	#endif
1da177e4	44	.endm
1da177e4 LT	45	#elif defined(CONFIG_ARCH_IOP331)
	46	.macro loadsp, rb
	47	mov \rb, #0xff000000
	48	orr \rb, \rb, #0x00ff0000
	49	orr \rb, \rb, #0x0000f700 @ location of the UART
	50	.endm
1da177e4	51	#elif defined(CONFIG_ARCH_S3C2410)
5cd0c344	52	.macro loadsp, rb
1da177e4 LT	53	mov \rb, #0x50000000
	54	add \rb, \rb, #0x4000 * CONFIG_S3C2410_LOWLEVEL_UART_PORT
	55	.endm
1da177e4	56	#else
224b5be6 RK	57	.macro loadsp, rb
	58	addruart \rb
	59	.endm
1da177e4	60	#endif
5cd0c344	61	#endif
1da177e4 LT	62	#endif
	63
	64	.macro kputc,val
	65	mov r0, \val
	66	bl putc
	67	.endm
	68
	69	.macro kphex,val,len
	70	mov r0, \val
	71	mov r1, #\len
	72	bl phex
	73	.endm
	74
	75	.macro debug_reloc_start
	76	#ifdef DEBUG
	77	kputc #'\n'
	78	kphex r6, 8 /* processor id */
	79	kputc #':'
	80	kphex r7, 8 /* architecture id */
	81	kputc #':'
	82	mrc p15, 0, r0, c1, c0
	83	kphex r0, 8 /* control reg */
	84	kputc #'\n'
	85	kphex r5, 8 /* decompressed kernel start */
	86	kputc #'-'
	87	kphex r8, 8 /* decompressed kernel end */
	88	kputc #'>'
	89	kphex r4, 8 /* kernel execution address */
	90	kputc #'\n'
	91	#endif
	92	.endm
	93
	94	.macro debug_reloc_end
	95	#ifdef DEBUG
	96	kphex r5, 8 /* end of kernel */
	97	kputc #'\n'
	98	mov r0, r4
	99	bl memdump /* dump 256 bytes at start of kernel */
	100	#endif
	101	.endm
	102
	103	.section ".start", #alloc, #execinstr
	104	/*
	105	* sort out different calling conventions
	106	*/
	107	.align
	108	start:
	109	.type start,#function
	110	.rept 8
	111	mov r0, r0
	112	.endr
	113
	114	b 1f
	115	.word 0x016f2818 @ Magic numbers to help the loader
	116	.word start @ absolute load/run zImage address
	117	.word _edata @ zImage end address
	118	1: mov r7, r1 @ save architecture ID
	119	mov r8, #0 @ save r0
	120
	121	#ifndef __ARM_ARCH_2__
	122	/*
	123	* Booting from Angel - need to enter SVC mode and disable
	124	* FIQs/IRQs (numeric definitions from angel arm.h source).
	125	* We only do this if we were in user mode on entry.
126	*/
127	mrs r2, cpsr @ get current mode
128	tst r2, #3 @ not user?
129	bne not_angel
130	mov r0, #0x17 @ angel_SWIreason_EnterSVC
131	swi 0x123456 @ angel_SWI_ARM
132	not_angel:
133	mrs r2, cpsr @ turn off interrupts to
134	orr r2, r2, #0xc0 @ prevent angel from running
135	msr cpsr_c, r2
136	#else
137	teqp pc, #0x0c000003 @ turn off interrupts
138	#endif
139
140	/*
141	* Note that some cache flushing and other stuff may
142	* be needed here - is there an Angel SWI call for this?
143	*/
144
145	/*
146	* some architecture specific code can be inserted
147	* by the linker here, but it should preserve r7 and r8.
148	*/
149
150	.text
151	adr r0, LC0
152	ldmia r0, {r1, r2, r3, r4, r5, r6, ip, sp}
153	subs r0, r0, r1 @ calculate the delta offset
154
155	@ if delta is zero, we are
156	beq not_relocated @ running at the address we
157	@ were linked at.
158
159	/*
160	* We're running at a different address. We need to fix
161	* up various pointers:
162	* r5 - zImage base address
163	* r6 - GOT start
164	* ip - GOT end
165	*/
166	add r5, r5, r0
167	add r6, r6, r0
168	add ip, ip, r0
169
170	#ifndef CONFIG_ZBOOT_ROM
171	/*
172	* If we're running fully PIC === CONFIG_ZBOOT_ROM = n,
173	* we need to fix up pointers into the BSS region.
174	* r2 - BSS start
175	* r3 - BSS end
176	* sp - stack pointer
177	*/
178	add r2, r2, r0
179	add r3, r3, r0
180	add sp, sp, r0
181
182	/*
183	* Relocate all entries in the GOT table.
184	*/
185	1: ldr r1, [r6, #0] @ relocate entries in the GOT
186	add r1, r1, r0 @ table. This fixes up the
187	str r1, [r6], #4 @ C references.
188	cmp r6, ip
189	blo 1b
190	#else
191
192	/*
193	* Relocate entries in the GOT table. We only relocate
194	* the entries that are outside the (relocated) BSS region.
195	*/
196	1: ldr r1, [r6, #0] @ relocate entries in the GOT
197	cmp r1, r2 @ entry < bss_start \|\|
198	cmphs r3, r1 @ _end < entry
199	addlo r1, r1, r0 @ table. This fixes up the
200	str r1, [r6], #4 @ C references.
201	cmp r6, ip
202	blo 1b
203	#endif
204
205	not_relocated: mov r0, #0
206	1: str r0, [r2], #4 @ clear bss
207	str r0, [r2], #4
208	str r0, [r2], #4
209	str r0, [r2], #4
210	cmp r2, r3
211	blo 1b
212
213	/*
214	* The C runtime environment should now be setup
215	* sufficiently. Turn the cache on, set up some
216	* pointers, and start decompressing.
217	*/
218	bl cache_on
219
220	mov r1, sp @ malloc space above stack
221	add r2, sp, #0x10000 @ 64k max
222
223	/*
224	* Check to see if we will overwrite ourselves.
225	* r4 = final kernel address
226	* r5 = start of this image
227	* r2 = end of malloc space (and therefore this image)
228	* We basically want:
229	* r4 >= r2 -> OK
230	* r4 + image length <= r5 -> OK
231	*/
232	cmp r4, r2
233	bhs wont_overwrite
234	add r0, r4, #4096*1024 @ 4MB largest kernel size
235	cmp r0, r5
236	bls wont_overwrite
237
238	mov r5, r2 @ decompress after malloc space
239	mov r0, r5
240	mov r3, r7
241	bl decompress_kernel
242
243	add r0, r0, #127
244	bic r0, r0, #127 @ align the kernel length
245	/*
246	* r0 = decompressed kernel length
247	* r1-r3 = unused
248	* r4 = kernel execution address
249	* r5 = decompressed kernel start
250	* r6 = processor ID
251	* r7 = architecture ID
252	* r8-r14 = unused
253	*/
254	add r1, r5, r0 @ end of decompressed kernel
255	adr r2, reloc_start
256	ldr r3, LC1
257	add r3, r2, r3
258	1: ldmia r2!, {r8 - r13} @ copy relocation code
259	stmia r1!, {r8 - r13}
260	ldmia r2!, {r8 - r13}
261	stmia r1!, {r8 - r13}
262	cmp r2, r3
263	blo 1b
264
265	bl cache_clean_flush
266	add pc, r5, r0 @ call relocation code
267
268	/*
269	* We're not in danger of overwriting ourselves. Do this the simple way.
270	*
271	* r4 = kernel execution address
272	* r7 = architecture ID
273	*/
274	wont_overwrite: mov r0, r4
275	mov r3, r7
276	bl decompress_kernel
277	b call_kernel
278
279	.type LC0, #object
280	LC0: .word LC0 @ r1
281	.word __bss_start @ r2
282	.word _end @ r3
283	.word zreladdr @ r4
284	.word _start @ r5
285	.word _got_start @ r6
286	.word _got_end @ ip
287	.word user_stack+4096 @ sp
288	LC1: .word reloc_end - reloc_start
289	.size LC0, . - LC0
290
291	#ifdef CONFIG_ARCH_RPC
292	.globl params
293	params: ldr r0, =params_phys
294	mov pc, lr
295	.ltorg
296	.align
297	#endif
298
299	/*
300	* Turn on the cache. We need to setup some page tables so that we
301	* can have both the I and D caches on.
302	*
303	* We place the page tables 16k down from the kernel execution address,
304	* and we hope that nothing else is using it. If we're using it, we
305	* will go pop!
306	*
307	* On entry,
308	* r4 = kernel execution address
309	* r6 = processor ID
310	* r7 = architecture number
311	* r8 = run-time address of "start"
312	* On exit,
313	* r1, r2, r3, r8, r9, r12 corrupted
314	* This routine must preserve:
315	* r4, r5, r6, r7
316	*/
317	.align 5
318	cache_on: mov r3, #8 @ cache_on function
319	b call_cache_fn
320
321	__setup_mmu: sub r3, r4, #16384 @ Page directory size
322	bic r3, r3, #0xff @ Align the pointer
323	bic r3, r3, #0x3f00
324	/*
325	* Initialise the page tables, turning on the cacheable and bufferable
326	* bits for the RAM area only.
327	*/
328	mov r0, r3
329	mov r8, r0, lsr #18
330	mov r8, r8, lsl #18 @ start of RAM
331	add r9, r8, #0x10000000 @ a reasonable RAM size
332	mov r1, #0x12
333	orr r1, r1, #3 << 10
334	add r2, r3, #16384
335	1: cmp r1, r8 @ if virt > start of RAM
336	orrhs r1, r1, #0x0c @ set cacheable, bufferable
337	cmp r1, r9 @ if virt > end of RAM
338	bichs r1, r1, #0x0c @ clear cacheable, bufferable
339	str r1, [r0], #4 @ 1:1 mapping
340	add r1, r1, #1048576
341	teq r0, r2
342	bne 1b
343	/*
344	* If ever we are running from Flash, then we surely want the cache
345	* to be enabled also for our execution instance... We map 2MB of it
346	* so there is no map overlap problem for up to 1 MB compressed kernel.
347	* If the execution is in RAM then we would only be duplicating the above.
348	*/
349	mov r1, #0x1e
350	orr r1, r1, #3 << 10
351	mov r2, pc, lsr #20
352	orr r1, r1, r2, lsl #20
353	add r0, r3, r2, lsl #2
354	str r1, [r0], #4
355	add r1, r1, #1048576
356	str r1, [r0]
357	mov pc, lr
358
359	__armv4_cache_on:
360	mov r12, lr
361	bl __setup_mmu
362	mov r0, #0
363	mcr p15, 0, r0, c7, c10, 4 @ drain write buffer
364	mcr p15, 0, r0, c8, c7, 0 @ flush I,D TLBs
365	mrc p15, 0, r0, c1, c0, 0 @ read control reg
366	orr r0, r0, #0x5000 @ I-cache enable, RR cache replacement
367	orr r0, r0, #0x0030
368	bl __common_cache_on
369	mov r0, #0
370	mcr p15, 0, r0, c8, c7, 0 @ flush I,D TLBs
371	mov pc, r12
372
373	__arm6_cache_on:
374	mov r12, lr
375	bl __setup_mmu
376	mov r0, #0
377	mcr p15, 0, r0, c7, c0, 0 @ invalidate whole cache v3
378	mcr p15, 0, r0, c5, c0, 0 @ invalidate whole TLB v3
379	mov r0, #0x30
380	bl __common_cache_on
381	mov r0, #0
382	mcr p15, 0, r0, c5, c0, 0 @ invalidate whole TLB v3
383	mov pc, r12
384
385	__common_cache_on:
386	#ifndef DEBUG
387	orr r0, r0, #0x000d @ Write buffer, mmu
388	#endif
389	mov r1, #-1
390	mcr p15, 0, r3, c2, c0, 0 @ load page table pointer
391	mcr p15, 0, r1, c3, c0, 0 @ load domain access control
392	mcr p15, 0, r0, c1, c0, 0 @ load control register
393	mov pc, lr
394
395	/*
396	* All code following this line is relocatable. It is relocated by
397	* the above code to the end of the decompressed kernel image and
398	* executed there. During this time, we have no stacks.
399	*
400	* r0 = decompressed kernel length
401	* r1-r3 = unused
402	* r4 = kernel execution address
403	* r5 = decompressed kernel start
404	* r6 = processor ID
405	* r7 = architecture ID
406	* r8-r14 = unused
407	*/
408	.align 5
409	reloc_start: add r8, r5, r0
410	debug_reloc_start
411	mov r1, r4
412	1:
413	.rept 4
414	ldmia r5!, {r0, r2, r3, r9 - r13} @ relocate kernel
415	stmia r1!, {r0, r2, r3, r9 - r13}
416	.endr
417
418	cmp r5, r8
419	blo 1b
420	debug_reloc_end
421
422	call_kernel: bl cache_clean_flush
423	bl cache_off
424	mov r0, #0
425	mov r1, r7 @ restore architecture number
426	mov pc, r4 @ call kernel
427
428	/*
429	* Here follow the relocatable cache support functions for the
430	* various processors. This is a generic hook for locating an
431	* entry and jumping to an instruction at the specified offset
432	* from the start of the block. Please note this is all position
433	* independent code.
434	*
435	* r1 = corrupted
436	* r2 = corrupted
437	* r3 = block offset
438	* r6 = corrupted
439	* r12 = corrupted
440	*/
441
442	call_cache_fn: adr r12, proc_types
443	mrc p15, 0, r6, c0, c0 @ get processor ID
444	1: ldr r1, [r12, #0] @ get value
445	ldr r2, [r12, #4] @ get mask
446	eor r1, r1, r6 @ (real ^ match)
447	tst r1, r2 @ & mask
448	addeq pc, r12, r3 @ call cache function
449	add r12, r12, #4*5
450	b 1b
451
452	/*
453	* Table for cache operations. This is basically:
454	* - CPU ID match
455	* - CPU ID mask
456	* - 'cache on' method instruction
457	* - 'cache off' method instruction
458	* - 'cache flush' method instruction
459	*
460	* We match an entry using: ((real_id ^ match) & mask) == 0
461	*
462	* Writethrough caches generally only need 'on' and 'off'
463	* methods. Writeback caches _must_ have the flush method
464	* defined.
465	*/
466	.type proc_types,#object
467	proc_types:
468	.word 0x41560600 @ ARM6/610
469	.word 0xffffffe0
470	b __arm6_cache_off @ works, but slow
471	b __arm6_cache_off
472	mov pc, lr
473	@ b __arm6_cache_on @ untested
474	@ b __arm6_cache_off
475	@ b __armv3_cache_flush
476
477	.word 0x00000000 @ old ARM ID
478	.word 0x0000f000
479	mov pc, lr
480	mov pc, lr
481	mov pc, lr
482
483	.word 0x41007000 @ ARM7/710
484	.word 0xfff8fe00
485	b __arm7_cache_off
486	b __arm7_cache_off
487	mov pc, lr
488
489	.word 0x41807200 @ ARM720T (writethrough)
490	.word 0xffffff00
491	b __armv4_cache_on
492	b __armv4_cache_off
493	mov pc, lr
494
495	.word 0x00007000 @ ARM7 IDs
496	.word 0x0000f000
497	mov pc, lr
498	mov pc, lr
499	mov pc, lr
500
501	@ Everything from here on will be the new ID system.
502
503	.word 0x4401a100 @ sa110 / sa1100
504	.word 0xffffffe0
505	b __armv4_cache_on
506	b __armv4_cache_off
507	b __armv4_cache_flush
508
509	.word 0x6901b110 @ sa1110
510	.word 0xfffffff0
511	b __armv4_cache_on
512	b __armv4_cache_off
513	b __armv4_cache_flush
514
515	@ These match on the architecture ID
516
517	.word 0x00020000 @ ARMv4T
518	.word 0x000f0000
519	b __armv4_cache_on
520	b __armv4_cache_off
521	b __armv4_cache_flush
522
523	.word 0x00050000 @ ARMv5TE
524	.word 0x000f0000
525	b __armv4_cache_on
526	b __armv4_cache_off
527	b __armv4_cache_flush
528
529	.word 0x00060000 @ ARMv5TEJ
530	.word 0x000f0000
531	b __armv4_cache_on
532	b __armv4_cache_off
533	b __armv4_cache_flush
534
535	.word 0x00070000 @ ARMv6
536	.word 0x000f0000
537	b __armv4_cache_on
538	b __armv4_cache_off
539	b __armv6_cache_flush
540
541	.word 0 @ unrecognised type
542	.word 0
543	mov pc, lr
544	mov pc, lr
545	mov pc, lr
546
547	.size proc_types, . - proc_types
548
549	/*
550	* Turn off the Cache and MMU. ARMv3 does not support
551	* reading the control register, but ARMv4 does.
552	*
553	* On entry, r6 = processor ID
554	* On exit, r0, r1, r2, r3, r12 corrupted
555	* This routine must preserve: r4, r6, r7
556	*/
557	.align 5
558	cache_off: mov r3, #12 @ cache_off function
559	b call_cache_fn
560
561	__armv4_cache_off:
562	mrc p15, 0, r0, c1, c0
563	bic r0, r0, #0x000d
564	mcr p15, 0, r0, c1, c0 @ turn MMU and cache off
565	mov r0, #0
566	mcr p15, 0, r0, c7, c7 @ invalidate whole cache v4
567	mcr p15, 0, r0, c8, c7 @ invalidate whole TLB v4
568	mov pc, lr
569
570	__arm6_cache_off:
571	mov r0, #0x00000030 @ ARM6 control reg.
572	b __armv3_cache_off
573
574	__arm7_cache_off:
575	mov r0, #0x00000070 @ ARM7 control reg.
576	b __armv3_cache_off
577
578	__armv3_cache_off:
579	mcr p15, 0, r0, c1, c0, 0 @ turn MMU and cache off
580	mov r0, #0
581	mcr p15, 0, r0, c7, c0, 0 @ invalidate whole cache v3
582	mcr p15, 0, r0, c5, c0, 0 @ invalidate whole TLB v3
583	mov pc, lr
584
585	/*
586	* Clean and flush the cache to maintain consistency.
587	*
588	* On entry,
589	* r6 = processor ID
590	* On exit,
591	* r1, r2, r3, r11, r12 corrupted
592	* This routine must preserve:
593	* r0, r4, r5, r6, r7
594	*/
595	.align 5
596	cache_clean_flush:
597	mov r3, #16
598	b call_cache_fn
599
600	__armv6_cache_flush:
601	mov r1, #0
602	mcr p15, 0, r1, c7, c14, 0 @ clean+invalidate D
603	mcr p15, 0, r1, c7, c5, 0 @ invalidate I+BTB
604	mcr p15, 0, r1, c7, c15, 0 @ clean+invalidate unified
605	mcr p15, 0, r1, c7, c10, 4 @ drain WB
606	mov pc, lr
607
608	__armv4_cache_flush:
609	mov r2, #641024 @ default: 32K dcache size (2)
610	mov r11, #32 @ default: 32 byte line size
611	mrc p15, 0, r3, c0, c0, 1 @ read cache type
612	teq r3, r6 @ cache ID register present?
613	beq no_cache_id
614	mov r1, r3, lsr #18
615	and r1, r1, #7
616	mov r2, #1024
617	mov r2, r2, lsl r1 @ base dcache size *2
618	tst r3, #1 << 14 @ test M bit
619	addne r2, r2, r2, lsr #1 @ +1/2 size if M == 1
620	mov r3, r3, lsr #12
621	and r3, r3, #3
622	mov r11, #8
623	mov r11, r11, lsl r3 @ cache line size in bytes
624	no_cache_id:
625	bic r1, pc, #63 @ align to longest cache line
626	add r2, r1, r2
627	1: ldr r3, [r1], r11 @ s/w flush D cache
628	teq r1, r2
629	bne 1b
630
631	mcr p15, 0, r1, c7, c5, 0 @ flush I cache
632	mcr p15, 0, r1, c7, c6, 0 @ flush D cache
633	mcr p15, 0, r1, c7, c10, 4 @ drain WB
634	mov pc, lr
635
636	__armv3_cache_flush:
637	mov r1, #0
638	mcr p15, 0, r0, c7, c0, 0 @ invalidate whole cache v3
639	mov pc, lr
640
641	/*
642	* Various debugging routines for printing hex characters and
643	* memory, which again must be relocatable.
644	*/
645	#ifdef DEBUG
646	.type phexbuf,#object
647	phexbuf: .space 12
648	.size phexbuf, . - phexbuf
649
650	phex: adr r3, phexbuf
651	mov r2, #0
652	strb r2, [r3, r1]
653	1: subs r1, r1, #1
654	movmi r0, r3
655	bmi puts
656	and r2, r0, #15
657	mov r0, r0, lsr #4
658	cmp r2, #10
659	addge r2, r2, #7
660	add r2, r2, #'0'
661	strb r2, [r3, r1]
662	b 1b
663
664	puts: loadsp r3
665	1: ldrb r2, [r0], #1
666	teq r2, #0
667	moveq pc, lr
5cd0c344	668	2: writeb r2, r3
1da177e4 LT	669	mov r1, #0x00020000
	670	3: subs r1, r1, #1
	671	bne 3b
	672	teq r2, #'\n'
	673	moveq r2, #'\r'
	674	beq 2b
	675	teq r0, #0
	676	bne 1b
	677	mov pc, lr
	678	putc:
	679	mov r2, r0
	680	mov r0, #0
	681	loadsp r3
	682	b 2b
	683
	684	memdump: mov r12, r0
	685	mov r10, lr
	686	mov r11, #0
	687	2: mov r0, r11, lsl #2
	688	add r0, r0, r12
	689	mov r1, #8
	690	bl phex
	691	mov r0, #':'
	692	bl putc
	693	1: mov r0, #' '
	694	bl putc
	695	ldr r0, [r12, r11, lsl #2]
	696	mov r1, #8
	697	bl phex
	698	and r0, r11, #7
	699	teq r0, #3
	700	moveq r0, #' '
	701	bleq putc
	702	and r0, r11, #7
	703	add r11, r11, #1
	704	teq r0, #7
	705	bne 1b
	706	mov r0, #'\n'
	707	bl putc
	708	cmp r11, #64
	709	blt 2b
	710	mov pc, r10
	711	#endif
	712
	713	reloc_end:
	714
	715	.align
	716	.section ".stack", "w"
	717	user_stack: .space 4096