linux/arch/powerpc/kernel/exceptions-64e.S

/* SPDX-License-Identifier: GPL-2.0-or-later */
/*
 *  Boot code and exception vectors for Book3E processors
 *
 *  Copyright (C) 2007 Ben. Herrenschmidt ([email protected]), IBM Corp.
 */

#include <linux/linkage.h>
#include <linux/threads.h>
#include <asm/reg.h>
#include <asm/page.h>
#include <asm/ppc_asm.h>
#include <asm/asm-offsets.h>
#include <asm/cputable.h>
#include <asm/setup.h>
#include <asm/thread_info.h>
#include <asm/exception-64e.h>
#include <asm/bug.h>
#include <asm/irqflags.h>
#include <asm/ptrace.h>
#include <asm/ppc-opcode.h>
#include <asm/mmu.h>
#include <asm/hw_irq.h>
#include <asm/kvm_asm.h>
#include <asm/kvm_booke_hv_asm.h>
#include <asm/feature-fixups.h>
#include <asm/context_tracking.h>

/* 64e interrupt returns always use SRR registers */
#define fast_interrupt_return fast_interrupt_return_srr
#define interrupt_return interrupt_return_srr

/* XXX This will ultimately add space for a special exception save
 *     structure used to save things like SRR0/SRR1, SPRGs, MAS, etc...
 *     when taking special interrupts. For now we don't support that,
 *     special interrupts from within a non-standard level will probably
 *     blow you up
 */
#define SPECIAL_EXC_SRR0	0
#define SPECIAL_EXC_SRR1	1
#define SPECIAL_EXC_SPRG_GEN	2
#define SPECIAL_EXC_SPRG_TLB	3
#define SPECIAL_EXC_MAS0	4
#define SPECIAL_EXC_MAS1	5
#define SPECIAL_EXC_MAS2	6
#define SPECIAL_EXC_MAS3	7
#define SPECIAL_EXC_MAS6	8
#define SPECIAL_EXC_MAS7	9
#define SPECIAL_EXC_MAS5	10	/* E.HV only */
#define SPECIAL_EXC_MAS8	11	/* E.HV only */
#define SPECIAL_EXC_IRQHAPPENED	12
#define SPECIAL_EXC_DEAR	13
#define SPECIAL_EXC_ESR		14
#define SPECIAL_EXC_SOFTE	15
#define SPECIAL_EXC_CSRR0	16
#define SPECIAL_EXC_CSRR1	17
/* must be even to keep 16-byte stack alignment */
#define SPECIAL_EXC_END		18

#define SPECIAL_EXC_FRAME_SIZE	(INT_FRAME_SIZE + SPECIAL_EXC_END * 8)
#define SPECIAL_EXC_FRAME_OFFS  (INT_FRAME_SIZE - 288)

#define SPECIAL_EXC_STORE(reg, name) \
	std	reg, (SPECIAL_EXC_##name * 8 + SPECIAL_EXC_FRAME_OFFS)(r1)

#define SPECIAL_EXC_LOAD(reg, name) \
	ld	reg, (SPECIAL_EXC_##name * 8 + SPECIAL_EXC_FRAME_OFFS)(r1)

SYM_CODE_START_LOCAL(special_reg_save)
	/*
	 * We only need (or have stack space) to save this stuff if
	 * we interrupted the kernel.
	 */
	ld	r3,_MSR(r1)
	andi.	r3,r3,MSR_PR
	bnelr

	/*
	 * Advance to the next TLB exception frame for handler
	 * types that don't do it automatically.
	 */
	LOAD_REG_ADDR(r11,extlb_level_exc)
	lwz	r12,0(r11)
	mfspr	r10,SPRN_SPRG_TLB_EXFRAME
	add	r10,r10,r12
	mtspr	SPRN_SPRG_TLB_EXFRAME,r10

	/*
	 * Save registers needed to allow nesting of certain exceptions
	 * (such as TLB misses) inside special exception levels
	 */
	mfspr	r10,SPRN_SRR0
	SPECIAL_EXC_STORE(r10,SRR0)
	mfspr	r10,SPRN_SRR1
	SPECIAL_EXC_STORE(r10,SRR1)
	mfspr	r10,SPRN_SPRG_GEN_SCRATCH
	SPECIAL_EXC_STORE(r10,SPRG_GEN)
	mfspr	r10,SPRN_SPRG_TLB_SCRATCH
	SPECIAL_EXC_STORE(r10,SPRG_TLB)
	mfspr	r10,SPRN_MAS0
	SPECIAL_EXC_STORE(r10,MAS0)
	mfspr	r10,SPRN_MAS1
	SPECIAL_EXC_STORE(r10,MAS1)
	mfspr	r10,SPRN_MAS2
	SPECIAL_EXC_STORE(r10,MAS2)
	mfspr	r10,SPRN_MAS3
	SPECIAL_EXC_STORE(r10,MAS3)
	mfspr	r10,SPRN_MAS6
	SPECIAL_EXC_STORE(r10,MAS6)
	mfspr	r10,SPRN_MAS7
	SPECIAL_EXC_STORE(r10,MAS7)
BEGIN_FTR_SECTION
	mfspr	r10,SPRN_MAS5
	SPECIAL_EXC_STORE(r10,MAS5)
	mfspr	r10,SPRN_MAS8
	SPECIAL_EXC_STORE(r10,MAS8)

	/* MAS5/8 could have inappropriate values if we interrupted KVM code */
	li	r10,0
	mtspr	SPRN_MAS5,r10
	mtspr	SPRN_MAS8,r10
END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
	mfspr	r10,SPRN_DEAR
	SPECIAL_EXC_STORE(r10,DEAR)
	mfspr	r10,SPRN_ESR
	SPECIAL_EXC_STORE(r10,ESR)

	ld	r10,_NIP(r1)
	SPECIAL_EXC_STORE(r10,CSRR0)
	ld	r10,_MSR(r1)
	SPECIAL_EXC_STORE(r10,CSRR1)

	blr
SYM_CODE_END(special_reg_save)

SYM_CODE_START_LOCAL(ret_from_level_except)
	ld	r3,_MSR(r1)
	andi.	r3,r3,MSR_PR
	beq	1f
	REST_NVGPRS(r1)
	b	interrupt_return
1:

	LOAD_REG_ADDR(r11,extlb_level_exc)
	lwz	r12,0(r11)
	mfspr	r10,SPRN_SPRG_TLB_EXFRAME
	sub	r10,r10,r12
	mtspr	SPRN_SPRG_TLB_EXFRAME,r10

	/*
	 * It's possible that the special level exception interrupted a
	 * TLB miss handler, and inserted the same entry that the
	 * interrupted handler was about to insert.  On CPUs without TLB
	 * write conditional, this can result in a duplicate TLB entry.
	 * Wipe all non-bolted entries to be safe.
	 *
	 * Note that this doesn't protect against any TLB misses
	 * we may take accessing the stack from here to the end of
	 * the special level exception.  It's not clear how we can
	 * reasonably protect against that, but only CPUs with
	 * neither TLB write conditional nor bolted kernel memory
	 * are affected.  Do any such CPUs even exist?
	 */
	PPC_TLBILX_ALL(0,R0)

	REST_NVGPRS(r1)

	SPECIAL_EXC_LOAD(r10,SRR0)
	mtspr	SPRN_SRR0,r10
	SPECIAL_EXC_LOAD(r10,SRR1)
	mtspr	SPRN_SRR1,r10
	SPECIAL_EXC_LOAD(r10,SPRG_GEN)
	mtspr	SPRN_SPRG_GEN_SCRATCH,r10
	SPECIAL_EXC_LOAD(r10,SPRG_TLB)
	mtspr	SPRN_SPRG_TLB_SCRATCH,r10
	SPECIAL_EXC_LOAD(r10,MAS0)
	mtspr	SPRN_MAS0,r10
	SPECIAL_EXC_LOAD(r10,MAS1)
	mtspr	SPRN_MAS1,r10
	SPECIAL_EXC_LOAD(r10,MAS2)
	mtspr	SPRN_MAS2,r10
	SPECIAL_EXC_LOAD(r10,MAS3)
	mtspr	SPRN_MAS3,r10
	SPECIAL_EXC_LOAD(r10,MAS6)
	mtspr	SPRN_MAS6,r10
	SPECIAL_EXC_LOAD(r10,MAS7)
	mtspr	SPRN_MAS7,r10
BEGIN_FTR_SECTION
	SPECIAL_EXC_LOAD(r10,MAS5)
	mtspr	SPRN_MAS5,r10
	SPECIAL_EXC_LOAD(r10,MAS8)
	mtspr	SPRN_MAS8,r10
END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)

	SPECIAL_EXC_LOAD(r10,DEAR)
	mtspr	SPRN_DEAR,r10
	SPECIAL_EXC_LOAD(r10,ESR)
	mtspr	SPRN_ESR,r10

	stdcx.	r0,0,r1		/* to clear the reservation */

	REST_GPRS(2, 9, r1)

	ld	r10,_CTR(r1)
	ld	r11,_XER(r1)
	mtctr	r10
	mtxer	r11

	blr
SYM_CODE_END(ret_from_level_except)

.macro ret_from_level srr0 srr1 paca_ex scratch
	bl	ret_from_level_except

	ld	r10,_LINK(r1)
	ld	r11,_CCR(r1)
	ld	r0,GPR13(r1)
	mtlr	r10
	mtcr	r11

	REST_GPRS(10, 12, r1)
	mtspr	\scratch,r0

	std	r10,\paca_ex+EX_R10(r13);
	std	r11,\paca_ex+EX_R11(r13);
	ld	r10,_NIP(r1)
	ld	r11,_MSR(r1)
	REST_GPR(0, r1)
	REST_GPR(1, r1)
	mtspr	\srr0,r10
	mtspr	\srr1,r11
	ld	r10,\paca_ex+EX_R10(r13)
	ld	r11,\paca_ex+EX_R11(r13)
	mfspr	r13,\scratch
.endm

SYM_CODE_START_LOCAL(ret_from_crit_except)
	ret_from_level SPRN_CSRR0 SPRN_CSRR1 PACA_EXCRIT SPRN_SPRG_CRIT_SCRATCH
	rfci
SYM_CODE_END(ret_from_crit_except)

SYM_CODE_START_LOCAL(ret_from_mc_except)
	ret_from_level SPRN_MCSRR0 SPRN_MCSRR1 PACA_EXMC SPRN_SPRG_MC_SCRATCH
	rfmci
SYM_CODE_END(ret_from_mc_except)

/* Exception prolog code for all exceptions */
#define EXCEPTION_PROLOG(n, intnum, type, addition)	    		    \
	mtspr	SPRN_SPRG_##type##_SCRATCH,r13;	/* get spare registers */   \
	mfspr	r13,SPRN_SPRG_PACA;	/* get PACA */			    \
	std	r10,PACA_EX##type+EX_R10(r13);				    \
	std	r11,PACA_EX##type+EX_R11(r13);				    \
	mfcr	r10;			/* save CR */			    \
	mfspr	r11,SPRN_##type##_SRR1;/* what are we coming from */	    \
	DO_KVM	intnum,SPRN_##type##_SRR1;    /* KVM hook */		    \
	stw	r10,PACA_EX##type+EX_CR(r13); /* save old CR in the PACA */ \
	addition;			/* additional code for that exc. */ \
	std	r1,PACA_EX##type+EX_R1(r13); /* save old r1 in the PACA */  \
	type##_SET_KSTACK;		/* get special stack if necessary */\
	andi.	r10,r11,MSR_PR;		/* save stack pointer */	    \
	beq	1f;			/* branch around if supervisor */   \
	ld	r1,PACAKSAVE(r13);	/* get kernel stack coming from usr */\
1:	type##_BTB_FLUSH		\
	cmpdi	cr1,r1,0;		/* check if SP makes sense */	    \
	bge-	cr1,exc_##n##_bad_stack;/* bad stack (TODO: out of line) */ \
	mfspr	r10,SPRN_##type##_SRR0;	/* read SRR0 before touching stack */

/* Exception type-specific macros */
#define	GEN_SET_KSTACK							    \
	subi	r1,r1,INT_FRAME_SIZE;	/* alloc frame on kernel stack */
#define SPRN_GEN_SRR0	SPRN_SRR0
#define SPRN_GEN_SRR1	SPRN_SRR1

#define	GDBELL_SET_KSTACK	GEN_SET_KSTACK
#define SPRN_GDBELL_SRR0	SPRN_GSRR0
#define SPRN_GDBELL_SRR1	SPRN_GSRR1

#define CRIT_SET_KSTACK						            \
	ld	r1,PACA_CRIT_STACK(r13);				    \
	subi	r1,r1,SPECIAL_EXC_FRAME_SIZE
#define SPRN_CRIT_SRR0	SPRN_CSRR0
#define SPRN_CRIT_SRR1	SPRN_CSRR1

#define DBG_SET_KSTACK						            \
	ld	r1,PACA_DBG_STACK(r13);					    \
	subi	r1,r1,SPECIAL_EXC_FRAME_SIZE
#define SPRN_DBG_SRR0	SPRN_DSRR0
#define SPRN_DBG_SRR1	SPRN_DSRR1

#define MC_SET_KSTACK						            \
	ld	r1,PACA_MC_STACK(r13);					    \
	subi	r1,r1,SPECIAL_EXC_FRAME_SIZE
#define SPRN_MC_SRR0	SPRN_MCSRR0
#define SPRN_MC_SRR1	SPRN_MCSRR1

#define GEN_BTB_FLUSH			\
	START_BTB_FLUSH_SECTION		\
		beq 1f;			\
		BTB_FLUSH(r10)			\
		1:		\
	END_BTB_FLUSH_SECTION

#define CRIT_BTB_FLUSH			\
	START_BTB_FLUSH_SECTION		\
		BTB_FLUSH(r10)		\
	END_BTB_FLUSH_SECTION

#define DBG_BTB_FLUSH CRIT_BTB_FLUSH
#define MC_BTB_FLUSH CRIT_BTB_FLUSH
#define GDBELL_BTB_FLUSH GEN_BTB_FLUSH

#define NORMAL_EXCEPTION_PROLOG(n, intnum, addition)			    \
	EXCEPTION_PROLOG(n, intnum, GEN, addition##_GEN(n))

#define CRIT_EXCEPTION_PROLOG(n, intnum, addition)			    \
	EXCEPTION_PROLOG(n, intnum, CRIT, addition##_CRIT(n))

#define DBG_EXCEPTION_PROLOG(n, intnum, addition)			    \
	EXCEPTION_PROLOG(n, intnum, DBG, addition##_DBG(n))

#define MC_EXCEPTION_PROLOG(n, intnum, addition)			    \
	EXCEPTION_PROLOG(n, intnum, MC, addition##_MC(n))

#define GDBELL_EXCEPTION_PROLOG(n, intnum, addition)			    \
	EXCEPTION_PROLOG(n, intnum, GDBELL, addition##_GDBELL(n))

/* Variants of the "addition" argument for the prolog
 */
#define PROLOG_ADDITION_NONE_GEN(n)
#define PROLOG_ADDITION_NONE_GDBELL(n)
#define PROLOG_ADDITION_NONE_CRIT(n)
#define PROLOG_ADDITION_NONE_DBG(n)
#define PROLOG_ADDITION_NONE_MC(n)

#define PROLOG_ADDITION_MASKABLE_GEN(n)					    \
	lbz	r10,PACAIRQSOFTMASK(r13);	/* are irqs soft-masked? */ \
	andi.	r10,r10,IRQS_DISABLED;	/* yes -> go out of line */ \
	bne	masked_interrupt_book3e_##n

/*
 * Additional regs must be re-loaded from paca before EXCEPTION_COMMON* is
 * called, because that does SAVE_NVGPRS which must see the original register
 * values, otherwise the scratch values might be restored when exiting the
 * interrupt.
 */
#define PROLOG_ADDITION_2REGS_GEN(n)					    \
	std	r14,PACA_EXGEN+EX_R14(r13);				    \
	std	r15,PACA_EXGEN+EX_R15(r13)

#define PROLOG_ADDITION_1REG_GEN(n)					    \
	std	r14,PACA_EXGEN+EX_R14(r13);

#define PROLOG_ADDITION_2REGS_CRIT(n)					    \
	std	r14,PACA_EXCRIT+EX_R14(r13);				    \
	std	r15,PACA_EXCRIT+EX_R15(r13)

#define PROLOG_ADDITION_2REGS_DBG(n)					    \
	std	r14,PACA_EXDBG+EX_R14(r13);				    \
	std	r15,PACA_EXDBG+EX_R15(r13)

#define PROLOG_ADDITION_2REGS_MC(n)					    \
	std	r14,PACA_EXMC+EX_R14(r13);				    \
	std	r15,PACA_EXMC+EX_R15(r13)

/* Core exception code for all exceptions except TLB misses. */
#define EXCEPTION_COMMON_LVL(n, scratch, excf)				    \
exc_##n##_common:							    \
	SAVE_GPR(0, r1);		/* save r0 in stackframe */	    \
	SAVE_GPRS(2, 9, r1);		/* save r2 - r9 in stackframe */    \
	std	r10,_NIP(r1);		/* save SRR0 to stackframe */	    \
	std	r11,_MSR(r1);		/* save SRR1 to stackframe */	    \
	beq	2f;			/* if from kernel mode */	    \
2:	ld	r3,excf+EX_R10(r13);	/* get back r10 */		    \
	ld	r4,excf+EX_R11(r13);	/* get back r11 */		    \
	mfspr	r5,scratch;		/* get back r13 */		    \
	SAVE_GPR(12, r1);		/* save r12 in stackframe */	    \
	LOAD_PACA_TOC();		/* get kernel TOC into r2 */	    \
	mflr	r6;			/* save LR in stackframe */	    \
	mfctr	r7;			/* save CTR in stackframe */	    \
	mfspr	r8,SPRN_XER;		/* save XER in stackframe */	    \
	ld	r9,excf+EX_R1(r13);	/* load orig r1 back from PACA */   \
	lwz	r10,excf+EX_CR(r13);	/* load orig CR back from PACA	*/  \
	lbz	r11,PACAIRQSOFTMASK(r13); /* get current IRQ softe */	    \
	LOAD_REG_IMMEDIATE(r12, STACK_FRAME_REGS_MARKER);		    \
	ZEROIZE_GPR(0);							    \
	std	r3,GPR10(r1);		/* save r10 to stackframe */	    \
	std	r4,GPR11(r1);		/* save r11 to stackframe */	    \
	std	r5,GPR13(r1);		/* save it to stackframe */	    \
	std	r6,_LINK(r1);						    \
	std	r7,_CTR(r1);						    \
	std	r8,_XER(r1);						    \
	li	r3,(n);			/* regs.trap vector */		    \
	std	r9,0(r1);		/* store stack frame back link */   \
	std	r10,_CCR(r1);		/* store orig CR in stackframe */   \
	std	r9,GPR1(r1);		/* store stack frame back link */   \
	std	r11,SOFTE(r1);		/* and save it to stackframe */     \
	std	r12,STACK_INT_FRAME_MARKER(r1); /* mark the frame */	    \
	std	r3,_TRAP(r1);		/* set trap number		*/  \
	std	r0,RESULT(r1);		/* clear regs->result */	    \
	SAVE_NVGPRS(r1);						    \
	SANITIZE_NVGPRS();		/* minimise speculation influence */

#define EXCEPTION_COMMON(n) \
	EXCEPTION_COMMON_LVL(n, SPRN_SPRG_GEN_SCRATCH, PACA_EXGEN)
#define EXCEPTION_COMMON_CRIT(n) \
	EXCEPTION_COMMON_LVL(n, SPRN_SPRG_CRIT_SCRATCH, PACA_EXCRIT)
#define EXCEPTION_COMMON_MC(n) \
	EXCEPTION_COMMON_LVL(n, SPRN_SPRG_MC_SCRATCH, PACA_EXMC)
#define EXCEPTION_COMMON_DBG(n) \
	EXCEPTION_COMMON_LVL(n, SPRN_SPRG_DBG_SCRATCH, PACA_EXDBG)

/* XXX FIXME: Restore r14/r15 when necessary */
#define BAD_STACK_TRAMPOLINE(n)						    \
exc_##n##_bad_stack:							    \
	li	r1,(n);			/* get exception number */	    \
	sth	r1,PACA_TRAP_SAVE(r13);	/* store trap */		    \
	b	bad_stack_book3e;	/* bad stack error */

/* WARNING: If you change the layout of this stub, make sure you check
	*   the debug exception handler which handles single stepping
	*   into exceptions from userspace, and the MM code in
	*   arch/powerpc/mm/tlb_nohash.c which patches the branch here
	*   and would need to be updated if that branch is moved
	*/
#define	EXCEPTION_STUB(loc, label)					\
	. = interrupt_base_book3e + loc;				\
	nop;	/* To make debug interrupts happy */			\
	b	exc_##label##_book3e;

#define ACK_NONE(r)
#define ACK_DEC(r)							\
	lis	r,TSR_DIS@h;						\
	mtspr	SPRN_TSR,r
#define ACK_FIT(r)							\
	lis	r,TSR_FIS@h;						\
	mtspr	SPRN_TSR,r

/* Used by asynchronous interrupt that may happen in the idle loop.
 *
 * This check if the thread was in the idle loop, and if yes, returns
 * to the caller rather than the PC. This is to avoid a race if
 * interrupts happen before the wait instruction.
 */
#define CHECK_NAPPING()							\
	ld	r11, PACA_THREAD_INFO(r13);				\
	ld	r10,TI_LOCAL_FLAGS(r11);				\
	andi.	r9,r10,_TLF_NAPPING;					\
	beq+	1f;							\
	ld	r8,_LINK(r1);						\
	rlwinm	r7,r10,0,~_TLF_NAPPING;					\
	std	r8,_NIP(r1);						\
	std	r7,TI_LOCAL_FLAGS(r11);					\
1:


#define MASKABLE_EXCEPTION(trapnum, intnum, label, hdlr, ack)		\
	START_EXCEPTION(label);						\
	NORMAL_EXCEPTION_PROLOG(trapnum, intnum, PROLOG_ADDITION_MASKABLE)\
	EXCEPTION_COMMON(trapnum)					\
	ack(r8);							\
	CHECK_NAPPING();						\
	addi	r3,r1,STACK_INT_FRAME_REGS;				\
	bl	hdlr;							\
	b	interrupt_return

/*
 * And here we have the exception vectors !
 */

	.text
	.balign	0x1000
	.globl interrupt_base_book3e
interrupt_base_book3e:					/* fake trap */
	EXCEPTION_STUB(0x000, machine_check)
	EXCEPTION_STUB(0x020, critical_input)		/* 0x0100 */
	EXCEPTION_STUB(0x040, debug_crit)		/* 0x0d00 */
	EXCEPTION_STUB(0x060, data_storage)		/* 0x0300 */
	EXCEPTION_STUB(0x080, instruction_storage)	/* 0x0400 */
	EXCEPTION_STUB(0x0a0, external_input)		/* 0x0500 */
	EXCEPTION_STUB(0x0c0, alignment)		/* 0x0600 */
	EXCEPTION_STUB(0x0e0, program)			/* 0x0700 */
	EXCEPTION_STUB(0x100, fp_unavailable)		/* 0x0800 */
	EXCEPTION_STUB(0x120, system_call)		/* 0x0c00 */
	EXCEPTION_STUB(0x140, ap_unavailable)		/* 0x0f20 */
	EXCEPTION_STUB(0x160, decrementer)		/* 0x0900 */
	EXCEPTION_STUB(0x180, fixed_interval)		/* 0x0980 */
	EXCEPTION_STUB(0x1a0, watchdog)			/* 0x09f0 */
	EXCEPTION_STUB(0x1c0, data_tlb_miss_bolted)
	EXCEPTION_STUB(0x1e0, instruction_tlb_miss_bolted)
	EXCEPTION_STUB(0x200, altivec_unavailable)
	EXCEPTION_STUB(0x220, altivec_assist)
	EXCEPTION_STUB(0x260, perfmon)
	EXCEPTION_STUB(0x280, doorbell)
	EXCEPTION_STUB(0x2a0, doorbell_crit)
	EXCEPTION_STUB(0x2c0, guest_doorbell)
	EXCEPTION_STUB(0x2e0, guest_doorbell_crit)
	EXCEPTION_STUB(0x300, hypercall)
	EXCEPTION_STUB(0x320, ehpriv)
	EXCEPTION_STUB(0x340, lrat_error)

	.globl __end_interrupts
__end_interrupts:

/* Critical Input Interrupt */
	START_EXCEPTION(critical_input);
	CRIT_EXCEPTION_PROLOG(0x100, BOOKE_INTERRUPT_CRITICAL,
			      PROLOG_ADDITION_NONE)
	EXCEPTION_COMMON_CRIT(0x100)
	bl	special_reg_save
	CHECK_NAPPING();
	addi	r3,r1,STACK_INT_FRAME_REGS
	bl	unknown_nmi_exception
	b	ret_from_crit_except

/* Machine Check Interrupt */
	START_EXCEPTION(machine_check);
	MC_EXCEPTION_PROLOG(0x000, BOOKE_INTERRUPT_MACHINE_CHECK,
			    PROLOG_ADDITION_NONE)
	EXCEPTION_COMMON_MC(0x000)
	bl	special_reg_save
	CHECK_NAPPING();
	addi	r3,r1,STACK_INT_FRAME_REGS
	bl	machine_check_exception
	b	ret_from_mc_except

/* Data Storage Interrupt */
	START_EXCEPTION(data_storage)
	NORMAL_EXCEPTION_PROLOG(0x300, BOOKE_INTERRUPT_DATA_STORAGE,
				PROLOG_ADDITION_2REGS)
	mfspr	r14,SPRN_DEAR
	mfspr	r15,SPRN_ESR
	std	r14,_DEAR(r1)
	std	r15,_ESR(r1)
	ld	r14,PACA_EXGEN+EX_R14(r13)
	ld	r15,PACA_EXGEN+EX_R15(r13)
	EXCEPTION_COMMON(0x300)
	b	storage_fault_common

/* Instruction Storage Interrupt */
	START_EXCEPTION(instruction_storage);
	NORMAL_EXCEPTION_PROLOG(0x400, BOOKE_INTERRUPT_INST_STORAGE,
				PROLOG_ADDITION_2REGS)
	li	r15,0
	mr	r14,r10
	std	r14,_DEAR(r1)
	std	r15,_ESR(r1)
	ld	r14,PACA_EXGEN+EX_R14(r13)
	ld	r15,PACA_EXGEN+EX_R15(r13)
	EXCEPTION_COMMON(0x400)
	b	storage_fault_common

/* External Input Interrupt */
	MASKABLE_EXCEPTION(0x500, BOOKE_INTERRUPT_EXTERNAL,
			   external_input, do_IRQ, ACK_NONE)

/* Alignment */
	START_EXCEPTION(alignment);
	NORMAL_EXCEPTION_PROLOG(0x600, BOOKE_INTERRUPT_ALIGNMENT,
				PROLOG_ADDITION_2REGS)
	mfspr	r14,SPRN_DEAR
	mfspr	r15,SPRN_ESR
	std	r14,_DEAR(r1)
	std	r15,_ESR(r1)
	ld	r14,PACA_EXGEN+EX_R14(r13)
	ld	r15,PACA_EXGEN+EX_R15(r13)
	EXCEPTION_COMMON(0x600)
	b	alignment_more	/* no room, go out of line */

/* Program Interrupt */
	START_EXCEPTION(program);
	NORMAL_EXCEPTION_PROLOG(0x700, BOOKE_INTERRUPT_PROGRAM,
				PROLOG_ADDITION_1REG)
	mfspr	r14,SPRN_ESR
	std	r14,_ESR(r1)
	ld	r14,PACA_EXGEN+EX_R14(r13)
	EXCEPTION_COMMON(0x700)
	addi	r3,r1,STACK_INT_FRAME_REGS
	bl	program_check_exception
	REST_NVGPRS(r1)
	b	interrupt_return

/* Floating Point Unavailable Interrupt */
	START_EXCEPTION(fp_unavailable);
	NORMAL_EXCEPTION_PROLOG(0x800, BOOKE_INTERRUPT_FP_UNAVAIL,
				PROLOG_ADDITION_NONE)
	/* we can probably do a shorter exception entry for that one... */
	EXCEPTION_COMMON(0x800)
	ld	r12,_MSR(r1)
	andi.	r0,r12,MSR_PR;
	beq-	1f
	bl	load_up_fpu
	b	fast_interrupt_return
1:	addi	r3,r1,STACK_INT_FRAME_REGS
	bl	kernel_fp_unavailable_exception
	b	interrupt_return

/* Altivec Unavailable Interrupt */
	START_EXCEPTION(altivec_unavailable);
	NORMAL_EXCEPTION_PROLOG(0x200, BOOKE_INTERRUPT_ALTIVEC_UNAVAIL,
				PROLOG_ADDITION_NONE)
	/* we can probably do a shorter exception entry for that one... */
	EXCEPTION_COMMON(0x200)
#ifdef CONFIG_ALTIVEC
BEGIN_FTR_SECTION
	ld	r12,_MSR(r1)
	andi.	r0,r12,MSR_PR;
	beq-	1f
	bl	load_up_altivec
	b	fast_interrupt_return
1:
END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
#endif
	addi	r3,r1,STACK_INT_FRAME_REGS
	bl	altivec_unavailable_exception
	b	interrupt_return

/* AltiVec Assist */
	START_EXCEPTION(altivec_assist);
	NORMAL_EXCEPTION_PROLOG(0x220,
				BOOKE_INTERRUPT_ALTIVEC_ASSIST,
				PROLOG_ADDITION_NONE)
	EXCEPTION_COMMON(0x220)
	addi	r3,r1,STACK_INT_FRAME_REGS
#ifdef CONFIG_ALTIVEC
BEGIN_FTR_SECTION
	bl	altivec_assist_exception
END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
	REST_NVGPRS(r1)
#else
	bl	unknown_exception
#endif
	b	interrupt_return


/* Decrementer Interrupt */
	MASKABLE_EXCEPTION(0x900, BOOKE_INTERRUPT_DECREMENTER,
			   decrementer, timer_interrupt, ACK_DEC)

/* Fixed Interval Timer Interrupt */
	MASKABLE_EXCEPTION(0x980, BOOKE_INTERRUPT_FIT,
			   fixed_interval, unknown_exception, ACK_FIT)

/* Watchdog Timer Interrupt */
	START_EXCEPTION(watchdog);
	CRIT_EXCEPTION_PROLOG(0x9f0, BOOKE_INTERRUPT_WATCHDOG,
			      PROLOG_ADDITION_NONE)
	EXCEPTION_COMMON_CRIT(0x9f0)
	bl	special_reg_save
	CHECK_NAPPING();
	addi	r3,r1,STACK_INT_FRAME_REGS
#ifdef CONFIG_BOOKE_WDT
	bl	WatchdogException
#else
	bl	unknown_nmi_exception
#endif
	b	ret_from_crit_except

/* System Call Interrupt */
	START_EXCEPTION(system_call)
	mr	r9,r13			/* keep a copy of userland r13 */
	mfspr	r11,SPRN_SRR0		/* get return address */
	mfspr	r12,SPRN_SRR1		/* get previous MSR */
	mfspr	r13,SPRN_SPRG_PACA	/* get our PACA */
	b	system_call_common

/* Auxiliary Processor Unavailable Interrupt */
	START_EXCEPTION(ap_unavailable);
	NORMAL_EXCEPTION_PROLOG(0xf20, BOOKE_INTERRUPT_AP_UNAVAIL,
				PROLOG_ADDITION_NONE)
	EXCEPTION_COMMON(0xf20)
	addi	r3,r1,STACK_INT_FRAME_REGS
	bl	unknown_exception
	b	interrupt_return

/* Debug exception as a critical interrupt*/
	START_EXCEPTION(debug_crit);
	CRIT_EXCEPTION_PROLOG(0xd00, BOOKE_INTERRUPT_DEBUG,
			      PROLOG_ADDITION_2REGS)

	/*
	 * If there is a single step or branch-taken exception in an
	 * exception entry sequence, it was probably meant to apply to
	 * the code where the exception occurred (since exception entry
	 * doesn't turn off DE automatically).  We simulate the effect
	 * of turning off DE on entry to an exception handler by turning
	 * off DE in the CSRR1 value and clearing the debug status.
	 */

	mfspr	r14,SPRN_DBSR		/* check single-step/branch taken */
	andis.	r15,r14,(DBSR_IC|DBSR_BT)@h
	beq+	1f

#ifdef CONFIG_RELOCATABLE
	__LOAD_PACA_TOC(r15)
	LOAD_REG_ADDR_ALTTOC(r14, r15, interrupt_base_book3e)
	LOAD_REG_ADDR_ALTTOC(r15, r15, __end_interrupts)
	cmpld	cr0,r10,r14
	cmpld	cr1,r10,r15
#else
	LOAD_REG_IMMEDIATE_SYM(r14, r15, interrupt_base_book3e)
	cmpld	cr0, r10, r14
	LOAD_REG_IMMEDIATE_SYM(r14, r15, __end_interrupts)
	cmpld	cr1, r10, r14
#endif
	blt+	cr0,1f
	bge+	cr1,1f

	/* here it looks like we got an inappropriate debug exception. */
	lis	r14,(DBSR_IC|DBSR_BT)@h		/* clear the event */
	rlwinm	r11,r11,0,~MSR_DE	/* clear DE in the CSRR1 value */
	mtspr	SPRN_DBSR,r14
	mtspr	SPRN_CSRR1,r11
	lwz	r10,PACA_EXCRIT+EX_CR(r13)	/* restore registers */
	ld	r1,PACA_EXCRIT+EX_R1(r13)
	ld	r14,PACA_EXCRIT+EX_R14(r13)
	ld	r15,PACA_EXCRIT+EX_R15(r13)
	mtcr	r10
	ld	r10,PACA_EXCRIT+EX_R10(r13)	/* restore registers */
	ld	r11,PACA_EXCRIT+EX_R11(r13)
	mfspr	r13,SPRN_SPRG_CRIT_SCRATCH
	rfci

	/* Normal debug exception */
	/* XXX We only handle coming from userspace for now since we can't
	 *     quite save properly an interrupted kernel state yet
	 */
1:	andi.	r14,r11,MSR_PR;		/* check for userspace again */
	beq	kernel_dbg_exc;		/* if from kernel mode */

	/* Now we mash up things to make it look like we are coming on a
	 * normal exception
	 */
	mfspr	r14,SPRN_DBSR
	std	r14,_DSISR(r1)
	ld	r14,PACA_EXCRIT+EX_R14(r13)
	ld	r15,PACA_EXCRIT+EX_R15(r13)
	EXCEPTION_COMMON_CRIT(0xd00)
	addi	r3,r1,STACK_INT_FRAME_REGS
	bl	DebugException
	REST_NVGPRS(r1)
	b	interrupt_return

kernel_dbg_exc:
	b	.	/* NYI */

/* Debug exception as a debug interrupt*/
	START_EXCEPTION(debug_debug);
	DBG_EXCEPTION_PROLOG(0xd00, BOOKE_INTERRUPT_DEBUG,
						 PROLOG_ADDITION_2REGS)

	/*
	 * If there is a single step or branch-taken exception in an
	 * exception entry sequence, it was probably meant to apply to
	 * the code where the exception occurred (since exception entry
	 * doesn't turn off DE automatically).  We simulate the effect
	 * of turning off DE on entry to an exception handler by turning
	 * off DE in the DSRR1 value and clearing the debug status.
	 */

	mfspr	r14,SPRN_DBSR		/* check single-step/branch taken */
	andis.	r15,r14,(DBSR_IC|DBSR_BT)@h
	beq+	1f

#ifdef CONFIG_RELOCATABLE
	__LOAD_PACA_TOC(r15)
	LOAD_REG_ADDR_ALTTOC(r14, r15, interrupt_base_book3e)
	LOAD_REG_ADDR_ALTTOC(r15, r15, __end_interrupts)
	cmpld	cr0,r10,r14
	cmpld	cr1,r10,r15
#else
	LOAD_REG_IMMEDIATE_SYM(r14, r15, interrupt_base_book3e)
	cmpld	cr0, r10, r14
	LOAD_REG_IMMEDIATE_SYM(r14, r15,__end_interrupts)
	cmpld	cr1, r10, r14
#endif
	blt+	cr0,1f
	bge+	cr1,1f

	/* here it looks like we got an inappropriate debug exception. */
	lis	r14,(DBSR_IC|DBSR_BT)@h		/* clear the event */
	rlwinm	r11,r11,0,~MSR_DE	/* clear DE in the DSRR1 value */
	mtspr	SPRN_DBSR,r14
	mtspr	SPRN_DSRR1,r11
	lwz	r10,PACA_EXDBG+EX_CR(r13)	/* restore registers */
	ld	r1,PACA_EXDBG+EX_R1(r13)
	ld	r14,PACA_EXDBG+EX_R14(r13)
	ld	r15,PACA_EXDBG+EX_R15(r13)
	mtcr	r10
	ld	r10,PACA_EXDBG+EX_R10(r13)	/* restore registers */
	ld	r11,PACA_EXDBG+EX_R11(r13)
	mfspr	r13,SPRN_SPRG_DBG_SCRATCH
	rfdi

	/* Normal debug exception */
	/* XXX We only handle coming from userspace for now since we can't
	 *     quite save properly an interrupted kernel state yet
	 */
1:	andi.	r14,r11,MSR_PR;		/* check for userspace again */
	beq	kernel_dbg_exc;		/* if from kernel mode */

	/* Now we mash up things to make it look like we are coming on a
	 * normal exception
	 */
	mfspr	r14,SPRN_DBSR
	std	r14,_DSISR(r1)
	ld	r14,PACA_EXDBG+EX_R14(r13)
	ld	r15,PACA_EXDBG+EX_R15(r13)
	EXCEPTION_COMMON_DBG(0xd08)
	addi	r3,r1,STACK_INT_FRAME_REGS
	bl	DebugException
	REST_NVGPRS(r1)
	b	interrupt_return

	START_EXCEPTION(perfmon);
	NORMAL_EXCEPTION_PROLOG(0x260, BOOKE_INTERRUPT_PERFORMANCE_MONITOR,
				PROLOG_ADDITION_NONE)
	EXCEPTION_COMMON(0x260)
	CHECK_NAPPING()
	addi	r3,r1,STACK_INT_FRAME_REGS
	/*
	 * XXX: Returning from performance_monitor_exception taken as a
	 * soft-NMI (Linux irqs disabled) may be risky to use interrupt_return
	 * and could cause bugs in return or elsewhere. That case should just
	 * restore registers and return. There is a workaround for one known
	 * problem in interrupt_exit_kernel_prepare().
	 */
	bl	performance_monitor_exception
	b	interrupt_return

/* Doorbell interrupt */
	MASKABLE_EXCEPTION(0x280, BOOKE_INTERRUPT_DOORBELL,
			   doorbell, doorbell_exception, ACK_NONE)

/* Doorbell critical Interrupt */
	START_EXCEPTION(doorbell_crit);
	CRIT_EXCEPTION_PROLOG(0x2a0, BOOKE_INTERRUPT_DOORBELL_CRITICAL,
			      PROLOG_ADDITION_NONE)
	EXCEPTION_COMMON_CRIT(0x2a0)
	bl	special_reg_save
	CHECK_NAPPING();
	addi	r3,r1,STACK_INT_FRAME_REGS
	bl	unknown_nmi_exception
	b	ret_from_crit_except

/*
 *	Guest doorbell interrupt
 *	This general exception use GSRRx save/restore registers
 */
	START_EXCEPTION(guest_doorbell);
	GDBELL_EXCEPTION_PROLOG(0x2c0, BOOKE_INTERRUPT_GUEST_DBELL,
			        PROLOG_ADDITION_NONE)
	EXCEPTION_COMMON(0x2c0)
	addi	r3,r1,STACK_INT_FRAME_REGS
	bl	unknown_exception
	b	interrupt_return

/* Guest Doorbell critical Interrupt */
	START_EXCEPTION(guest_doorbell_crit);
	CRIT_EXCEPTION_PROLOG(0x2e0, BOOKE_INTERRUPT_GUEST_DBELL_CRIT,
			      PROLOG_ADDITION_NONE)
	EXCEPTION_COMMON_CRIT(0x2e0)
	bl	special_reg_save
	CHECK_NAPPING();
	addi	r3,r1,STACK_INT_FRAME_REGS
	bl	unknown_nmi_exception
	b	ret_from_crit_except

/* Hypervisor call */
	START_EXCEPTION(hypercall);
	NORMAL_EXCEPTION_PROLOG(0x310, BOOKE_INTERRUPT_HV_SYSCALL,
			        PROLOG_ADDITION_NONE)
	EXCEPTION_COMMON(0x310)
	addi	r3,r1,STACK_INT_FRAME_REGS
	bl	unknown_exception
	b	interrupt_return

/* Embedded Hypervisor priviledged  */
	START_EXCEPTION(ehpriv);
	NORMAL_EXCEPTION_PROLOG(0x320, BOOKE_INTERRUPT_HV_PRIV,
			        PROLOG_ADDITION_NONE)
	EXCEPTION_COMMON(0x320)
	addi	r3,r1,STACK_INT_FRAME_REGS
	bl	unknown_exception
	b	interrupt_return

/* LRAT Error interrupt */
	START_EXCEPTION(lrat_error);
	NORMAL_EXCEPTION_PROLOG(0x340, BOOKE_INTERRUPT_LRAT_ERROR,
			        PROLOG_ADDITION_NONE)
	EXCEPTION_COMMON(0x340)
	addi	r3,r1,STACK_INT_FRAME_REGS
	bl	unknown_exception
	b	interrupt_return

.macro SEARCH_RESTART_TABLE
#ifdef CONFIG_RELOCATABLE
	__LOAD_PACA_TOC(r11)
	LOAD_REG_ADDR_ALTTOC(r14, r11, __start___restart_table)
	LOAD_REG_ADDR_ALTTOC(r15, r11, __stop___restart_table)
#else
	LOAD_REG_IMMEDIATE_SYM(r14, r11, __start___restart_table)
	LOAD_REG_IMMEDIATE_SYM(r15, r11, __stop___restart_table)
#endif
300:
	cmpd	r14,r15
	beq	302f
	ld	r11,0(r14)
	cmpld	r10,r11
	blt	301f
	ld	r11,8(r14)
	cmpld	r10,r11
	bge	301f
	ld	r11,16(r14)
	b	303f
301:
	addi	r14,r14,24
	b	300b
302:
	li	r11,0
303:
.endm

/*
 * An interrupt came in while soft-disabled; We mark paca->irq_happened
 * accordingly and if the interrupt is level sensitive, we hard disable
 * hard disable (full_mask) corresponds to PACA_IRQ_MUST_HARD_MASK, so
 * keep these in synch.
 */

.macro masked_interrupt_book3e paca_irq full_mask
	std	r14,PACA_EXGEN+EX_R14(r13)
	std	r15,PACA_EXGEN+EX_R15(r13)

	lbz	r10,PACAIRQHAPPENED(r13)
	.if \full_mask == 1
	ori	r10,r10,\paca_irq | PACA_IRQ_HARD_DIS
	.else
	ori	r10,r10,\paca_irq
	.endif
	stb	r10,PACAIRQHAPPENED(r13)

	.if \full_mask == 1
	xori	r11,r11,MSR_EE		/* clear MSR_EE */
	mtspr	SPRN_SRR1,r11
	.endif

	mfspr	r10,SPRN_SRR0
	SEARCH_RESTART_TABLE
	cmpdi	r11,0
	beq	1f
	mtspr	SPRN_SRR0,r11		/* return to restart address */
1:

	lwz	r11,PACA_EXGEN+EX_CR(r13)
	mtcr	r11
	ld	r10,PACA_EXGEN+EX_R10(r13)
	ld	r11,PACA_EXGEN+EX_R11(r13)
	ld	r14,PACA_EXGEN+EX_R14(r13)
	ld	r15,PACA_EXGEN+EX_R15(r13)
	mfspr	r13,SPRN_SPRG_GEN_SCRATCH
	rfi
	b	.
.endm

masked_interrupt_book3e_0x500:
	masked_interrupt_book3e PACA_IRQ_EE 1

masked_interrupt_book3e_0x900:
	ACK_DEC(r10);
	masked_interrupt_book3e PACA_IRQ_DEC 0

masked_interrupt_book3e_0x980:
	ACK_FIT(r10);
	masked_interrupt_book3e PACA_IRQ_DEC 0

masked_interrupt_book3e_0x280:
masked_interrupt_book3e_0x2c0:
	masked_interrupt_book3e PACA_IRQ_DBELL 0

/*
 * This is called from 0x300 and 0x400 handlers after the prologs with
 * r14 and r15 containing the fault address and error code, with the
 * original values stashed away in the PACA
 */
SYM_CODE_START_LOCAL(storage_fault_common)
	addi	r3,r1,STACK_INT_FRAME_REGS
	bl	do_page_fault
	b	interrupt_return
SYM_CODE_END(storage_fault_common)

/*
 * Alignment exception doesn't fit entirely in the 0x100 bytes so it
 * continues here.
 */
SYM_CODE_START_LOCAL(alignment_more)
	addi	r3,r1,STACK_INT_FRAME_REGS
	bl	alignment_exception
	REST_NVGPRS(r1)
	b	interrupt_return
SYM_CODE_END(alignment_more)

/*
 * Trampolines used when spotting a bad kernel stack pointer in
 * the exception entry code.
 *
 * TODO: move some bits like SRR0 read to trampoline, pass PACA
 * index around, etc... to handle crit & mcheck
 */
BAD_STACK_TRAMPOLINE(0x000)
BAD_STACK_TRAMPOLINE(0x100)
BAD_STACK_TRAMPOLINE(0x200)
BAD_STACK_TRAMPOLINE(0x220)
BAD_STACK_TRAMPOLINE(0x260)
BAD_STACK_TRAMPOLINE(0x280)
BAD_STACK_TRAMPOLINE(0x2a0)
BAD_STACK_TRAMPOLINE(0x2c0)
BAD_STACK_TRAMPOLINE(0x2e0)
BAD_STACK_TRAMPOLINE(0x300)
BAD_STACK_TRAMPOLINE(0x310)
BAD_STACK_TRAMPOLINE(0x320)
BAD_STACK_TRAMPOLINE(0x340)
BAD_STACK_TRAMPOLINE(0x400)
BAD_STACK_TRAMPOLINE(0x500)
BAD_STACK_TRAMPOLINE(0x600)
BAD_STACK_TRAMPOLINE(0x700)
BAD_STACK_TRAMPOLINE(0x800)
BAD_STACK_TRAMPOLINE(0x900)
BAD_STACK_TRAMPOLINE(0x980)
BAD_STACK_TRAMPOLINE(0x9f0)
BAD_STACK_TRAMPOLINE(0xa00)
BAD_STACK_TRAMPOLINE(0xb00)
BAD_STACK_TRAMPOLINE(0xc00)
BAD_STACK_TRAMPOLINE(0xd00)
BAD_STACK_TRAMPOLINE(0xd08)
BAD_STACK_TRAMPOLINE(0xe00)
BAD_STACK_TRAMPOLINE(0xf00)
BAD_STACK_TRAMPOLINE(0xf20)

_GLOBAL(bad_stack_book3e)
	/* XXX: Needs to make SPRN_SPRG_GEN depend on exception type */
	mfspr	r10,SPRN_SRR0;		  /* read SRR0 before touching stack */
	ld	r1,PACAEMERGSP(r13)
	subi	r1,r1,64+INT_FRAME_SIZE
	std	r10,_NIP(r1)
	std	r11,_MSR(r1)
	ld	r10,PACA_EXGEN+EX_R1(r13) /* FIXME for crit & mcheck */
	lwz	r11,PACA_EXGEN+EX_CR(r13) /* FIXME for crit & mcheck */
	std	r10,GPR1(r1)
	std	r11,_CCR(r1)
	mfspr	r10,SPRN_DEAR
	mfspr	r11,SPRN_ESR
	std	r10,_DEAR(r1)
	std	r11,_ESR(r1)
	SAVE_GPR(0, r1);		/* save r0 in stackframe */	    \
	SAVE_GPRS(2, 9, r1);		/* save r2 - r9 in stackframe */    \
	ld	r3,PACA_EXGEN+EX_R10(r13);/* get back r10 */		    \
	ld	r4,PACA_EXGEN+EX_R11(r13);/* get back r11 */		    \
	mfspr	r5,SPRN_SPRG_GEN_SCRATCH;/* get back r13 XXX can be wrong */ \
	std	r3,GPR10(r1);		/* save r10 to stackframe */	    \
	std	r4,GPR11(r1);		/* save r11 to stackframe */	    \
	SAVE_GPR(12, r1);		/* save r12 in stackframe */	    \
	std	r5,GPR13(r1);		/* save it to stackframe */	    \
	mflr	r10
	mfctr	r11
	mfxer	r12
	std	r10,_LINK(r1)
	std	r11,_CTR(r1)
	std	r12,_XER(r1)
	SAVE_NVGPRS(r1)
	lhz	r12,PACA_TRAP_SAVE(r13)
	std	r12,_TRAP(r1)
	addi	r11,r1,INT_FRAME_SIZE
	std	r11,0(r1)
	ZEROIZE_GPR(12)
	std	r12,0(r11)
	LOAD_PACA_TOC()
1:	addi	r3,r1,STACK_INT_FRAME_REGS
	bl	kernel_bad_stack
	b	1b

/*
 * Setup the initial TLB for a core. This current implementation
 * assume that whatever we are running off will not conflict with
 * the new mapping at PAGE_OFFSET.
 */
_GLOBAL(initial_tlb_book3e)

	/* Look for the first TLB with IPROT set */
	mfspr	r4,SPRN_TLB0CFG
	andi.	r3,r4,TLBnCFG_IPROT
	lis	r3,MAS0_TLBSEL(0)@h
	bne	found_iprot

	mfspr	r4,SPRN_TLB1CFG
	andi.	r3,r4,TLBnCFG_IPROT
	lis	r3,MAS0_TLBSEL(1)@h
	bne	found_iprot

	mfspr	r4,SPRN_TLB2CFG
	andi.	r3,r4,TLBnCFG_IPROT
	lis	r3,MAS0_TLBSEL(2)@h
	bne	found_iprot

	lis	r3,MAS0_TLBSEL(3)@h
	mfspr	r4,SPRN_TLB3CFG
	/* fall through */

found_iprot:
	andi.	r5,r4,TLBnCFG_HES
	bne	have_hes

	mflr	r8				/* save LR */
/* 1. Find the index of the entry we're executing in
 *
 * r3 = MAS0_TLBSEL (for the iprot array)
 * r4 = SPRN_TLBnCFG
 */
	bcl	20,31,$+4			/* Find our address */
invstr:	mflr	r6				/* Make it accessible */
	mfmsr	r7
	rlwinm	r5,r7,27,31,31			/* extract MSR[IS] */
	mfspr	r7,SPRN_PID
	slwi	r7,r7,16
	or	r7,r7,r5
	mtspr	SPRN_MAS6,r7
	tlbsx	0,r6				/* search MSR[IS], SPID=PID */

	mfspr	r3,SPRN_MAS0
	rlwinm	r5,r3,16,20,31			/* Extract MAS0(Entry) */

	mfspr	r7,SPRN_MAS1			/* Insure IPROT set */
	oris	r7,r7,MAS1_IPROT@h
	mtspr	SPRN_MAS1,r7
	tlbwe

/* 2. Invalidate all entries except the entry we're executing in
 *
 * r3 = MAS0 w/TLBSEL & ESEL for the entry we are running in
 * r4 = SPRN_TLBnCFG
 * r5 = ESEL of entry we are running in
 */
	andi.	r4,r4,TLBnCFG_N_ENTRY		/* Extract # entries */
	li	r6,0				/* Set Entry counter to 0 */
1:	mr	r7,r3				/* Set MAS0(TLBSEL) */
	rlwimi	r7,r6,16,4,15			/* Setup MAS0 = TLBSEL | ESEL(r6) */
	mtspr	SPRN_MAS0,r7
	tlbre
	mfspr	r7,SPRN_MAS1
	rlwinm	r7,r7,0,2,31			/* Clear MAS1 Valid and IPROT */
	cmpw	r5,r6
	beq	skpinv				/* Dont update the current execution TLB */
	mtspr	SPRN_MAS1,r7
	tlbwe
	isync
skpinv:	addi	r6,r6,1				/* Increment */
	cmpw	r6,r4				/* Are we done? */
	bne	1b				/* If not, repeat */

	/* Invalidate all TLBs */
	PPC_TLBILX_ALL(0,R0)
	sync
	isync

/* 3. Setup a temp mapping and jump to it
 *
 * r3 = MAS0 w/TLBSEL & ESEL for the entry we are running in
 * r5 = ESEL of entry we are running in
 */
	andi.	r7,r5,0x1	/* Find an entry not used and is non-zero */
	addi	r7,r7,0x1
	mr	r4,r3		/* Set MAS0(TLBSEL) = 1 */
	mtspr	SPRN_MAS0,r4
	tlbre

	rlwimi	r4,r7,16,4,15	/* Setup MAS0 = TLBSEL | ESEL(r7) */
	mtspr	SPRN_MAS0,r4

	mfspr	r7,SPRN_MAS1
	xori	r6,r7,MAS1_TS		/* Setup TMP mapping in the other Address space */
	mtspr	SPRN_MAS1,r6

	tlbwe

	mfmsr	r6
	xori	r6,r6,MSR_IS
	mtspr	SPRN_SRR1,r6
	bcl	20,31,$+4	/* Find our address */
1:	mflr	r6
	addi	r6,r6,(2f - 1b)
	mtspr	SPRN_SRR0,r6
	rfi
2:

/* 4. Clear out PIDs & Search info
 *
 * r3 = MAS0 w/TLBSEL & ESEL for the entry we started in
 * r4 = MAS0 w/TLBSEL & ESEL for the temp mapping
 * r5 = MAS3
 */
	li	r6,0
	mtspr   SPRN_MAS6,r6
	mtspr	SPRN_PID,r6

/* 5. Invalidate mapping we started in
 *
 * r3 = MAS0 w/TLBSEL & ESEL for the entry we started in
 * r4 = MAS0 w/TLBSEL & ESEL for the temp mapping
 * r5 = MAS3
 */
	mtspr	SPRN_MAS0,r3
	tlbre
	mfspr	r6,SPRN_MAS1
	rlwinm	r6,r6,0,2,31	/* clear IPROT and VALID */
	mtspr	SPRN_MAS1,r6
	tlbwe
	sync
	isync

/* 6. Setup KERNELBASE mapping in TLB[0]
 *
 * r3 = MAS0 w/TLBSEL & ESEL for the entry we started in
 * r4 = MAS0 w/TLBSEL & ESEL for the temp mapping
 * r5 = MAS3
 */
	rlwinm	r3,r3,0,16,3	/* clear ESEL */
	mtspr	SPRN_MAS0,r3
	lis	r6,(MAS1_VALID|MAS1_IPROT)@h
	ori	r6,r6,(MAS1_TSIZE(BOOK3E_PAGESZ_1GB))@l
	mtspr	SPRN_MAS1,r6

	LOAD_REG_IMMEDIATE(r6, PAGE_OFFSET | MAS2_M_IF_NEEDED)
	mtspr	SPRN_MAS2,r6

	rlwinm	r5,r5,0,0,25
	ori	r5,r5,MAS3_SR | MAS3_SW | MAS3_SX
	mtspr	SPRN_MAS3,r5
	li	r5,-1
	rlwinm	r5,r5,0,0,25

	tlbwe

/* 7. Jump to KERNELBASE mapping
 *
 * r4 = MAS0 w/TLBSEL & ESEL for the temp mapping
 */
	/* Now we branch the new virtual address mapped by this entry */
	bcl	20,31,$+4	/* Find our address */
1:	mflr	r6
	addi	r6,r6,(2f - 1b)
	tovirt(r6,r6)
	lis	r7,MSR_KERNEL@h
	ori	r7,r7,MSR_KERNEL@l
	mtspr	SPRN_SRR0,r6
	mtspr	SPRN_SRR1,r7
	rfi				/* start execution out of TLB1[0] entry */
2:

/* 8. Clear out the temp mapping
 *
 * r4 = MAS0 w/TLBSEL & ESEL for the entry we are running in
 */
	mtspr	SPRN_MAS0,r4
	tlbre
	mfspr	r5,SPRN_MAS1
	rlwinm	r5,r5,0,2,31	/* clear IPROT and VALID */
	mtspr	SPRN_MAS1,r5
	tlbwe
	sync
	isync

	/* We translate LR and return */
	tovirt(r8,r8)
	mtlr	r8
	blr

have_hes:
	/* Setup MAS 0,1,2,3 and 7 for tlbwe of a 1G entry that maps the
	 * kernel linear mapping. We also set MAS8 once for all here though
	 * that will have to be made dependent on whether we are running under
	 * a hypervisor I suppose.
	 */

	/* BEWARE, MAGIC
	 * This code is called as an ordinary function on the boot CPU. But to
	 * avoid duplication, this code is also used in SCOM bringup of
	 * secondary CPUs. We read the code between the initial_tlb_code_start
	 * and initial_tlb_code_end labels one instruction at a time and RAM it
	 * into the new core via SCOM. That doesn't process branches, so there
	 * must be none between those two labels. It also means if this code
	 * ever takes any parameters, the SCOM code must also be updated to
	 * provide them.
	 */
_GLOBAL(a2_tlbinit_code_start)

	ori	r11,r3,MAS0_WQ_ALLWAYS
	oris	r11,r11,MAS0_ESEL(3)@h /* Use way 3: workaround A2 erratum 376 */
	mtspr	SPRN_MAS0,r11
	lis	r3,(MAS1_VALID | MAS1_IPROT)@h
	ori	r3,r3,BOOK3E_PAGESZ_1GB << MAS1_TSIZE_SHIFT
	mtspr	SPRN_MAS1,r3
	LOAD_REG_IMMEDIATE(r3, PAGE_OFFSET | MAS2_M)
	mtspr	SPRN_MAS2,r3
	li	r3,MAS3_SR | MAS3_SW | MAS3_SX
	mtspr	SPRN_MAS7_MAS3,r3
	li	r3,0
	mtspr	SPRN_MAS8,r3

	/* Write the TLB entry */
	tlbwe

	.globl a2_tlbinit_after_linear_map
a2_tlbinit_after_linear_map:

	/* Now we branch the new virtual address mapped by this entry */
#ifdef CONFIG_RELOCATABLE
	__LOAD_PACA_TOC(r5)
	LOAD_REG_ADDR_ALTTOC(r3, r5, 1f)
#else
	LOAD_REG_IMMEDIATE_SYM(r3, r5, 1f)
#endif
	mtctr	r3
	bctr

1:	/* We are now running at PAGE_OFFSET, clean the TLB of everything
	 * else (including IPROTed things left by firmware)
	 * r4 = TLBnCFG
	 * r3 = current address (more or less)
	 */

	li	r5,0
	mtspr	SPRN_MAS6,r5
	tlbsx	0,r3

	rlwinm	r9,r4,0,TLBnCFG_N_ENTRY
	rlwinm	r10,r4,8,0xff
	addi	r10,r10,-1	/* Get inner loop mask */

	li	r3,1

	mfspr	r5,SPRN_MAS1
	rlwinm	r5,r5,0,(~(MAS1_VALID|MAS1_IPROT))

	mfspr	r6,SPRN_MAS2
	rldicr	r6,r6,0,51		/* Extract EPN */

	mfspr	r7,SPRN_MAS0
	rlwinm	r7,r7,0,0xffff0fff	/* Clear HES and WQ */

	rlwinm	r8,r7,16,0xfff		/* Extract ESEL */

2:	add	r4,r3,r8
	and	r4,r4,r10

	rlwimi	r7,r4,16,MAS0_ESEL_MASK

	mtspr	SPRN_MAS0,r7
	mtspr	SPRN_MAS1,r5
	mtspr	SPRN_MAS2,r6
	tlbwe

	addi	r3,r3,1
	and.	r4,r3,r10

	bne	3f
	addis	r6,r6,(1<<30)@h
3:
	cmpw	r3,r9
	blt	2b

	.globl  a2_tlbinit_after_iprot_flush
a2_tlbinit_after_iprot_flush:

	PPC_TLBILX(0,0,R0)
	sync
	isync

	.globl a2_tlbinit_code_end
a2_tlbinit_code_end:

	/* We translate LR and return */
	mflr	r3
	tovirt(r3,r3)
	mtlr	r3
	blr

/*
 * Main entry (boot CPU, thread 0)
 *
 * We enter here from head_64.S, possibly after the prom_init trampoline
 * with r3 and r4 already saved to r31 and 30 respectively and in 64 bits
 * mode. Anything else is as it was left by the bootloader
 *
 * Initial requirements of this port:
 *
 * - Kernel loaded at 0 physical
 * - A good lump of memory mapped 0:0 by UTLB entry 0
 * - MSR:IS & MSR:DS set to 0
 *
 * Note that some of the above requirements will be relaxed in the future
 * as the kernel becomes smarter at dealing with different initial conditions
 * but for now you have to be careful
 */
_GLOBAL(start_initialization_book3e)
	mflr	r28

	/* First, we need to setup some initial TLBs to map the kernel
	 * text, data and bss at PAGE_OFFSET. We don't have a real mode
	 * and always use AS 0, so we just set it up to match our link
	 * address and never use 0 based addresses.
	 */
	bl	initial_tlb_book3e

	/* Init global core bits */
	bl	init_core_book3e

	/* Init per-thread bits */
	bl	init_thread_book3e

	/* Return to common init code */
	tovirt(r28,r28)
	mtlr	r28
	blr


/*
 * Secondary core/processor entry
 *
 * This is entered for thread 0 of a secondary core, all other threads
 * are expected to be stopped. It's similar to start_initialization_book3e
 * except that it's generally entered from the holding loop in head_64.S
 * after CPUs have been gathered by Open Firmware.
 *
 * We assume we are in 32 bits mode running with whatever TLB entry was
 * set for us by the firmware or POR engine.
 */
_GLOBAL(book3e_secondary_core_init_tlb_set)
	li	r4,1
	b	generic_secondary_smp_init

_GLOBAL(book3e_secondary_core_init)
	mflr	r28

	/* Do we need to setup initial TLB entry ? */
	cmplwi	r4,0
	bne	2f

	/* Setup TLB for this core */
	bl	initial_tlb_book3e

	/* We can return from the above running at a different
	 * address, so recalculate r2 (TOC)
	 */
	bl	relative_toc

	/* Init global core bits */
2:	bl	init_core_book3e

	/* Init per-thread bits */
3:	bl	init_thread_book3e

	/* Return to common init code at proper virtual address.
	 *
	 * Due to various previous assumptions, we know we entered this
	 * function at either the final PAGE_OFFSET mapping or using a
	 * 1:1 mapping at 0, so we don't bother doing a complicated check
	 * here, we just ensure the return address has the right top bits.
	 *
	 * Note that if we ever want to be smarter about where we can be
	 * started from, we have to be careful that by the time we reach
	 * the code below we may already be running at a different location
	 * than the one we were called from since initial_tlb_book3e can
	 * have moved us already.
	 */
	cmpdi	cr0,r28,0
	blt	1f
	lis	r3,PAGE_OFFSET@highest
	sldi	r3,r3,32
	or	r28,r28,r3
1:	mtlr	r28
	blr

_GLOBAL(book3e_secondary_thread_init)
	mflr	r28
	b	3b

_GLOBAL(init_core_book3e)
	/* Establish the interrupt vector base */
	tovirt(r2,r2)
	LOAD_REG_ADDR(r3, interrupt_base_book3e)
	mtspr	SPRN_IVPR,r3
	sync
	blr

SYM_CODE_START_LOCAL(init_thread_book3e)
	lis	r3,(SPRN_EPCR_ICM | SPRN_EPCR_GICM)@h
	mtspr	SPRN_EPCR,r3

	/* Make sure interrupts are off */
	wrteei	0

	/* disable all timers and clear out status */
	li	r3,0
	mtspr	SPRN_TCR,r3
	mfspr	r3,SPRN_TSR
	mtspr	SPRN_TSR,r3

	blr
SYM_CODE_END(init_thread_book3e)

_GLOBAL(__setup_base_ivors)
	SET_IVOR(0, 0x020) /* Critical Input */
	SET_IVOR(1, 0x000) /* Machine Check */
	SET_IVOR(2, 0x060) /* Data Storage */ 
	SET_IVOR(3, 0x080) /* Instruction Storage */
	SET_IVOR(4, 0x0a0) /* External Input */ 
	SET_IVOR(5, 0x0c0) /* Alignment */ 
	SET_IVOR(6, 0x0e0) /* Program */ 
	SET_IVOR(7, 0x100) /* FP Unavailable */ 
	SET_IVOR(8, 0x120) /* System Call */ 
	SET_IVOR(9, 0x140) /* Auxiliary Processor Unavailable */ 
	SET_IVOR(10, 0x160) /* Decrementer */ 
	SET_IVOR(11, 0x180) /* Fixed Interval Timer */ 
	SET_IVOR(12, 0x1a0) /* Watchdog Timer */ 
	SET_IVOR(13, 0x1c0) /* Data TLB Error */ 
	SET_IVOR(14, 0x1e0) /* Instruction TLB Error */
	SET_IVOR(15, 0x040) /* Debug */

	sync

	blr

_GLOBAL(setup_altivec_ivors)
	SET_IVOR(32, 0x200) /* AltiVec Unavailable */
	SET_IVOR(33, 0x220) /* AltiVec Assist */
	blr

_GLOBAL(setup_perfmon_ivor)
	SET_IVOR(35, 0x260) /* Performance Monitor */
	blr

_GLOBAL(setup_doorbell_ivors)
	SET_IVOR(36, 0x280) /* Processor Doorbell */
	SET_IVOR(37, 0x2a0) /* Processor Doorbell Crit */
	blr

_GLOBAL(setup_ehv_ivors)
	SET_IVOR(40, 0x300) /* Embedded Hypervisor System Call */
	SET_IVOR(41, 0x320) /* Embedded Hypervisor Privilege */
	SET_IVOR(38, 0x2c0) /* Guest Processor Doorbell */
	SET_IVOR(39, 0x2e0) /* Guest Processor Doorbell Crit/MC */
	blr

_GLOBAL(setup_lrat_ivor)
	SET_IVOR(42, 0x340) /* LRAT Error */
	blr