1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3 * Low-level CPU initialisation
4 * Based on arch/arm/kernel/head.S
5 *
6 * Copyright (C) 1994-2002 Russell King
7 * Copyright (C) 2003-2012 ARM Ltd.
8 * Authors: Catalin Marinas <catalin.marinas@arm.com>
9 * Will Deacon <will.deacon@arm.com>
10 */
11
12 #include <linux/linkage.h>
13 #include <linux/init.h>
14 #include <linux/irqchip/arm-gic-v3.h>
15
16 #include <asm/assembler.h>
17 #include <asm/boot.h>
18 #include <asm/ptrace.h>
19 #include <asm/asm-offsets.h>
20 #include <asm/cache.h>
21 #include <asm/cputype.h>
22 #include <asm/elf.h>
23 #include <asm/image.h>
24 #include <asm/kernel-pgtable.h>
25 #include <asm/kvm_arm.h>
26 #include <asm/memory.h>
27 #include <asm/pgtable-hwdef.h>
28 #include <asm/pgtable.h>
29 #include <asm/page.h>
30 #include <asm/smp.h>
31 #include <asm/sysreg.h>
32 #include <asm/thread_info.h>
33 #include <asm/virt.h>
34
35 #include "efi-header.S"
36
37 #define __PHYS_OFFSET (KERNEL_START - TEXT_OFFSET)
38
39 #if (TEXT_OFFSET & 0xfff) != 0
40 #error TEXT_OFFSET must be at least 4KB aligned
41 #elif (PAGE_OFFSET & 0x1fffff) != 0
42 #error PAGE_OFFSET must be at least 2MB aligned
43 #elif TEXT_OFFSET > 0x1fffff
44 #error TEXT_OFFSET must be less than 2MB
45 #endif
46
47 /*
48 * Kernel startup entry point.
49 * ---------------------------
50 *
51 * The requirements are:
52 * MMU = off, D-cache = off, I-cache = on or off,
53 * x0 = physical address to the FDT blob.
54 *
55 * This code is mostly position independent so you call this at
56 * __pa(PAGE_OFFSET + TEXT_OFFSET).
57 *
58 * Note that the callee-saved registers are used for storing variables
59 * that are useful before the MMU is enabled. The allocations are described
60 * in the entry routines.
61 */
62 __HEAD
63 _head:
64 /*
65 * DO NOT MODIFY. Image header expected by Linux boot-loaders.
66 */
67 #ifdef CONFIG_EFI
68 /*
69 * This add instruction has no meaningful effect except that
70 * its opcode forms the magic "MZ" signature required by UEFI.
71 */
72 add x13, x18, #0x16
73 b stext
74 #else
75 b stext // branch to kernel start, magic
76 .long 0 // reserved
77 #endif
78 le64sym _kernel_offset_le // Image load offset from start of RAM, little-endian
79 le64sym _kernel_size_le // Effective size of kernel image, little-endian
80 le64sym _kernel_flags_le // Informative flags, little-endian
81 .quad 0 // reserved
82 .quad 0 // reserved
83 .quad 0 // reserved
84 .ascii ARM64_IMAGE_MAGIC // Magic number
85 #ifdef CONFIG_EFI
86 .long pe_header - _head // Offset to the PE header.
87
88 pe_header:
89 __EFI_PE_HEADER
90 #else
91 .long 0 // reserved
92 #endif
93
94 __INIT
95
96 /*
97 * The following callee saved general purpose registers are used on the
98 * primary lowlevel boot path:
99 *
100 * Register Scope Purpose
101 * x21 stext() .. start_kernel() FDT pointer passed at boot in x0
102 * x23 stext() .. start_kernel() physical misalignment/KASLR offset
103 * x28 __create_page_tables() callee preserved temp register
104 * x19/x20 __primary_switch() callee preserved temp registers
105 * x24 __primary_switch() .. relocate_kernel()
106 * current RELR displacement
107 */
108 ENTRY(stext)
109 bl preserve_boot_args
110 bl el2_setup // Drop to EL1, w0=cpu_boot_mode
111 adrp x23, __PHYS_OFFSET
112 and x23, x23, MIN_KIMG_ALIGN - 1 // KASLR offset, defaults to 0
113 bl set_cpu_boot_mode_flag
114 bl __create_page_tables
115 /*
116 * The following calls CPU setup code, see arch/arm64/mm/proc.S for
117 * details.
118 * On return, the CPU will be ready for the MMU to be turned on and
119 * the TCR will have been set.
120 */
121 bl __cpu_setup // initialise processor
122 b __primary_switch
123 ENDPROC(stext)
124
125 /*
126 * Preserve the arguments passed by the bootloader in x0 .. x3
127 */
128 preserve_boot_args:
129 mov x21, x0 // x21=FDT
130
131 adr_l x0, boot_args // record the contents of
132 stp x21, x1, [x0] // x0 .. x3 at kernel entry
133 stp x2, x3, [x0, #16]
134
135 dmb sy // needed before dc ivac with
136 // MMU off
137
138 mov x1, #0x20 // 4 x 8 bytes
139 b __inval_dcache_area // tail call
140 ENDPROC(preserve_boot_args)
141
142 /*
143 * Macro to create a table entry to the next page.
144 *
145 * tbl: page table address
146 * virt: virtual address
147 * shift: #imm page table shift
148 * ptrs: #imm pointers per table page
149 *
150 * Preserves: virt
151 * Corrupts: ptrs, tmp1, tmp2
152 * Returns: tbl -> next level table page address
153 */
154 .macro create_table_entry, tbl, virt, shift, ptrs, tmp1, tmp2
155 add \tmp1, \tbl, #PAGE_SIZE
156 phys_to_pte \tmp2, \tmp1
157 orr \tmp2, \tmp2, #PMD_TYPE_TABLE // address of next table and entry type
158 lsr \tmp1, \virt, #\shift
159 sub \ptrs, \ptrs, #1
160 and \tmp1, \tmp1, \ptrs // table index
161 str \tmp2, [\tbl, \tmp1, lsl #3]
162 add \tbl, \tbl, #PAGE_SIZE // next level table page
163 .endm
164
165 /*
166 * Macro to populate page table entries, these entries can be pointers to the next level
167 * or last level entries pointing to physical memory.
168 *
169 * tbl: page table address
170 * rtbl: pointer to page table or physical memory
171 * index: start index to write
172 * eindex: end index to write - [index, eindex] written to
173 * flags: flags for pagetable entry to or in
174 * inc: increment to rtbl between each entry
175 * tmp1: temporary variable
176 *
177 * Preserves: tbl, eindex, flags, inc
178 * Corrupts: index, tmp1
179 * Returns: rtbl
180 */
181 .macro populate_entries, tbl, rtbl, index, eindex, flags, inc, tmp1
182 .Lpe\@: phys_to_pte \tmp1, \rtbl
183 orr \tmp1, \tmp1, \flags // tmp1 = table entry
184 str \tmp1, [\tbl, \index, lsl #3]
185 add \rtbl, \rtbl, \inc // rtbl = pa next level
186 add \index, \index, #1
187 cmp \index, \eindex
188 b.ls .Lpe\@
189 .endm
190
191 /*
192 * Compute indices of table entries from virtual address range. If multiple entries
193 * were needed in the previous page table level then the next page table level is assumed
194 * to be composed of multiple pages. (This effectively scales the end index).
195 *
196 * vstart: virtual address of start of range
197 * vend: virtual address of end of range
198 * shift: shift used to transform virtual address into index
199 * ptrs: number of entries in page table
200 * istart: index in table corresponding to vstart
201 * iend: index in table corresponding to vend
202 * count: On entry: how many extra entries were required in previous level, scales
203 * our end index.
204 * On exit: returns how many extra entries required for next page table level
205 *
206 * Preserves: vstart, vend, shift, ptrs
207 * Returns: istart, iend, count
208 */
209 .macro compute_indices, vstart, vend, shift, ptrs, istart, iend, count
210 lsr \iend, \vend, \shift
211 mov \istart, \ptrs
212 sub \istart, \istart, #1
213 and \iend, \iend, \istart // iend = (vend >> shift) & (ptrs - 1)
214 mov \istart, \ptrs
215 mul \istart, \istart, \count
216 add \iend, \iend, \istart // iend += (count - 1) * ptrs
217 // our entries span multiple tables
218
219 lsr \istart, \vstart, \shift
220 mov \count, \ptrs
221 sub \count, \count, #1
222 and \istart, \istart, \count
223
224 sub \count, \iend, \istart
225 .endm
226
227 /*
228 * Map memory for specified virtual address range. Each level of page table needed supports
229 * multiple entries. If a level requires n entries the next page table level is assumed to be
230 * formed from n pages.
231 *
232 * tbl: location of page table
233 * rtbl: address to be used for first level page table entry (typically tbl + PAGE_SIZE)
234 * vstart: start address to map
235 * vend: end address to map - we map [vstart, vend]
236 * flags: flags to use to map last level entries
237 * phys: physical address corresponding to vstart - physical memory is contiguous
238 * pgds: the number of pgd entries
239 *
240 * Temporaries: istart, iend, tmp, count, sv - these need to be different registers
241 * Preserves: vstart, vend, flags
242 * Corrupts: tbl, rtbl, istart, iend, tmp, count, sv
243 */
244 .macro map_memory, tbl, rtbl, vstart, vend, flags, phys, pgds, istart, iend, tmp, count, sv
245 add \rtbl, \tbl, #PAGE_SIZE
246 mov \sv, \rtbl
247 mov \count, #0
248 compute_indices \vstart, \vend, #PGDIR_SHIFT, \pgds, \istart, \iend, \count
249 populate_entries \tbl, \rtbl, \istart, \iend, #PMD_TYPE_TABLE, #PAGE_SIZE, \tmp
250 mov \tbl, \sv
251 mov \sv, \rtbl
252
253 #if SWAPPER_PGTABLE_LEVELS > 3
254 compute_indices \vstart, \vend, #PUD_SHIFT, #PTRS_PER_PUD, \istart, \iend, \count
255 populate_entries \tbl, \rtbl, \istart, \iend, #PMD_TYPE_TABLE, #PAGE_SIZE, \tmp
256 mov \tbl, \sv
257 mov \sv, \rtbl
258 #endif
259
260 #if SWAPPER_PGTABLE_LEVELS > 2
261 compute_indices \vstart, \vend, #SWAPPER_TABLE_SHIFT, #PTRS_PER_PMD, \istart, \iend, \count
262 populate_entries \tbl, \rtbl, \istart, \iend, #PMD_TYPE_TABLE, #PAGE_SIZE, \tmp
263 mov \tbl, \sv
264 #endif
265
266 compute_indices \vstart, \vend, #SWAPPER_BLOCK_SHIFT, #PTRS_PER_PTE, \istart, \iend, \count
267 bic \count, \phys, #SWAPPER_BLOCK_SIZE - 1
268 populate_entries \tbl, \count, \istart, \iend, \flags, #SWAPPER_BLOCK_SIZE, \tmp
269 .endm
270
271 /*
272 * Setup the initial page tables. We only setup the barest amount which is
273 * required to get the kernel running. The following sections are required:
274 * - identity mapping to enable the MMU (low address, TTBR0)
275 * - first few MB of the kernel linear mapping to jump to once the MMU has
276 * been enabled
277 */
278 __create_page_tables:
279 mov x28, lr
280
281 /*
282 * Invalidate the init page tables to avoid potential dirty cache lines
283 * being evicted. Other page tables are allocated in rodata as part of
284 * the kernel image, and thus are clean to the PoC per the boot
285 * protocol.
286 */
287 adrp x0, init_pg_dir
288 adrp x1, init_pg_end
289 sub x1, x1, x0
290 bl __inval_dcache_area
291
292 /*
293 * Clear the init page tables.
294 */
295 adrp x0, init_pg_dir
296 adrp x1, init_pg_end
297 sub x1, x1, x0
298 1: stp xzr, xzr, [x0], #16
299 stp xzr, xzr, [x0], #16
300 stp xzr, xzr, [x0], #16
301 stp xzr, xzr, [x0], #16
302 subs x1, x1, #64
303 b.ne 1b
304
305 mov x7, SWAPPER_MM_MMUFLAGS
306
307 /*
308 * Create the identity mapping.
309 */
310 adrp x0, idmap_pg_dir
311 adrp x3, __idmap_text_start // __pa(__idmap_text_start)
312
313 #ifdef CONFIG_ARM64_VA_BITS_52
314 mrs_s x6, SYS_ID_AA64MMFR2_EL1
315 and x6, x6, #(0xf << ID_AA64MMFR2_LVA_SHIFT)
316 mov x5, #52
317 cbnz x6, 1f
318 #endif
319 mov x5, #VA_BITS_MIN
320 1:
321 adr_l x6, vabits_actual
322 str x5, [x6]
323 dmb sy
324 dc ivac, x6 // Invalidate potentially stale cache line
325
326 /*
327 * VA_BITS may be too small to allow for an ID mapping to be created
328 * that covers system RAM if that is located sufficiently high in the
329 * physical address space. So for the ID map, use an extended virtual
330 * range in that case, and configure an additional translation level
331 * if needed.
332 *
333 * Calculate the maximum allowed value for TCR_EL1.T0SZ so that the
334 * entire ID map region can be mapped. As T0SZ == (64 - #bits used),
335 * this number conveniently equals the number of leading zeroes in
336 * the physical address of __idmap_text_end.
337 */
338 adrp x5, __idmap_text_end
339 clz x5, x5
340 cmp x5, TCR_T0SZ(VA_BITS) // default T0SZ small enough?
341 b.ge 1f // .. then skip VA range extension
342
343 adr_l x6, idmap_t0sz
344 str x5, [x6]
345 dmb sy
346 dc ivac, x6 // Invalidate potentially stale cache line
347
348 #if (VA_BITS < 48)
349 #define EXTRA_SHIFT (PGDIR_SHIFT + PAGE_SHIFT - 3)
350 #define EXTRA_PTRS (1 << (PHYS_MASK_SHIFT - EXTRA_SHIFT))
351
352 /*
353 * If VA_BITS < 48, we have to configure an additional table level.
354 * First, we have to verify our assumption that the current value of
355 * VA_BITS was chosen such that all translation levels are fully
356 * utilised, and that lowering T0SZ will always result in an additional
357 * translation level to be configured.
358 */
359 #if VA_BITS != EXTRA_SHIFT
360 #error "Mismatch between VA_BITS and page size/number of translation levels"
361 #endif
362
363 mov x4, EXTRA_PTRS
364 create_table_entry x0, x3, EXTRA_SHIFT, x4, x5, x6
365 #else
366 /*
367 * If VA_BITS == 48, we don't have to configure an additional
368 * translation level, but the top-level table has more entries.
369 */
370 mov x4, #1 << (PHYS_MASK_SHIFT - PGDIR_SHIFT)
371 str_l x4, idmap_ptrs_per_pgd, x5
372 #endif
373 1:
374 ldr_l x4, idmap_ptrs_per_pgd
375 mov x5, x3 // __pa(__idmap_text_start)
376 adr_l x6, __idmap_text_end // __pa(__idmap_text_end)
377
378 map_memory x0, x1, x3, x6, x7, x3, x4, x10, x11, x12, x13, x14
379
380 /*
381 * Map the kernel image (starting with PHYS_OFFSET).
382 */
383 adrp x0, init_pg_dir
384 mov_q x5, KIMAGE_VADDR + TEXT_OFFSET // compile time __va(_text)
385 add x5, x5, x23 // add KASLR displacement
386 mov x4, PTRS_PER_PGD
387 adrp x6, _end // runtime __pa(_end)
388 adrp x3, _text // runtime __pa(_text)
389 sub x6, x6, x3 // _end - _text
390 add x6, x6, x5 // runtime __va(_end)
391
392 map_memory x0, x1, x5, x6, x7, x3, x4, x10, x11, x12, x13, x14
393
394 /*
395 * Since the page tables have been populated with non-cacheable
396 * accesses (MMU disabled), invalidate the idmap and swapper page
397 * tables again to remove any speculatively loaded cache lines.
398 */
399 adrp x0, idmap_pg_dir
400 adrp x1, init_pg_end
401 sub x1, x1, x0
402 dmb sy
403 bl __inval_dcache_area
404
405 ret x28
406 ENDPROC(__create_page_tables)
407 .ltorg
408
409 /*
410 * The following fragment of code is executed with the MMU enabled.
411 *
412 * x0 = __PHYS_OFFSET
413 */
414 __primary_switched:
415 adrp x4, init_thread_union
416 add sp, x4, #THREAD_SIZE
417 adr_l x5, init_task
418 msr sp_el0, x5 // Save thread_info
419
420 adr_l x8, vectors // load VBAR_EL1 with virtual
421 msr vbar_el1, x8 // vector table address
422 isb
423
424 stp xzr, x30, [sp, #-16]!
425 mov x29, sp
426
427 str_l x21, __fdt_pointer, x5 // Save FDT pointer
428
429 ldr_l x4, kimage_vaddr // Save the offset between
430 sub x4, x4, x0 // the kernel virtual and
431 str_l x4, kimage_voffset, x5 // physical mappings
432
433 // Clear BSS
434 adr_l x0, __bss_start
435 mov x1, xzr
436 adr_l x2, __bss_stop
437 sub x2, x2, x0
438 bl __pi_memset
439 dsb ishst // Make zero page visible to PTW
440
441 #ifdef CONFIG_KASAN
442 bl kasan_early_init
443 #endif
444 #ifdef CONFIG_RANDOMIZE_BASE
445 tst x23, ~(MIN_KIMG_ALIGN - 1) // already running randomized?
446 b.ne 0f
447 mov x0, x21 // pass FDT address in x0
448 bl kaslr_early_init // parse FDT for KASLR options
449 cbz x0, 0f // KASLR disabled? just proceed
450 orr x23, x23, x0 // record KASLR offset
451 ldp x29, x30, [sp], #16 // we must enable KASLR, return
452 ret // to __primary_switch()
453 0:
454 #endif
455 add sp, sp, #16
456 mov x29, #0
457 mov x30, #0
458 b start_kernel
459 ENDPROC(__primary_switched)
460
461 /*
462 * end early head section, begin head code that is also used for
463 * hotplug and needs to have the same protections as the text region
464 */
465 .section ".idmap.text","awx"
466
467 ENTRY(kimage_vaddr)
468 .quad _text - TEXT_OFFSET
469 EXPORT_SYMBOL(kimage_vaddr)
470
471 /*
472 * If we're fortunate enough to boot at EL2, ensure that the world is
473 * sane before dropping to EL1.
474 *
475 * Returns either BOOT_CPU_MODE_EL1 or BOOT_CPU_MODE_EL2 in w0 if
476 * booted in EL1 or EL2 respectively.
477 */
478 ENTRY(el2_setup)
479 msr SPsel, #1 // We want to use SP_EL{1,2}
480 mrs x0, CurrentEL
481 cmp x0, #CurrentEL_EL2
482 b.eq 1f
483 mov_q x0, (SCTLR_EL1_RES1 | ENDIAN_SET_EL1)
484 msr sctlr_el1, x0
485 mov w0, #BOOT_CPU_MODE_EL1 // This cpu booted in EL1
486 isb
487 ret
488
489 1: mov_q x0, (SCTLR_EL2_RES1 | ENDIAN_SET_EL2)
490 msr sctlr_el2, x0
491
492 #ifdef CONFIG_ARM64_VHE
493 /*
494 * Check for VHE being present. For the rest of the EL2 setup,
495 * x2 being non-zero indicates that we do have VHE, and that the
496 * kernel is intended to run at EL2.
497 */
498 mrs x2, id_aa64mmfr1_el1
499 ubfx x2, x2, #ID_AA64MMFR1_VHE_SHIFT, #4
500 #else
501 mov x2, xzr
502 #endif
503
504 /* Hyp configuration. */
505 mov_q x0, HCR_HOST_NVHE_FLAGS
506 cbz x2, set_hcr
507 mov_q x0, HCR_HOST_VHE_FLAGS
508 set_hcr:
509 msr hcr_el2, x0
510 isb
511
512 /*
513 * Allow Non-secure EL1 and EL0 to access physical timer and counter.
514 * This is not necessary for VHE, since the host kernel runs in EL2,
515 * and EL0 accesses are configured in the later stage of boot process.
516 * Note that when HCR_EL2.E2H == 1, CNTHCTL_EL2 has the same bit layout
517 * as CNTKCTL_EL1, and CNTKCTL_EL1 accessing instructions are redefined
518 * to access CNTHCTL_EL2. This allows the kernel designed to run at EL1
519 * to transparently mess with the EL0 bits via CNTKCTL_EL1 access in
520 * EL2.
521 */
522 cbnz x2, 1f
523 mrs x0, cnthctl_el2
524 orr x0, x0, #3 // Enable EL1 physical timers
525 msr cnthctl_el2, x0
526 1:
527 msr cntvoff_el2, xzr // Clear virtual offset
528
529 #ifdef CONFIG_ARM_GIC_V3
530 /* GICv3 system register access */
531 mrs x0, id_aa64pfr0_el1
532 ubfx x0, x0, #ID_AA64PFR0_GIC_SHIFT, #4
533 cbz x0, 3f
534
535 mrs_s x0, SYS_ICC_SRE_EL2
536 orr x0, x0, #ICC_SRE_EL2_SRE // Set ICC_SRE_EL2.SRE==1
537 orr x0, x0, #ICC_SRE_EL2_ENABLE // Set ICC_SRE_EL2.Enable==1
538 msr_s SYS_ICC_SRE_EL2, x0
539 isb // Make sure SRE is now set
540 mrs_s x0, SYS_ICC_SRE_EL2 // Read SRE back,
541 tbz x0, #0, 3f // and check that it sticks
542 msr_s SYS_ICH_HCR_EL2, xzr // Reset ICC_HCR_EL2 to defaults
543
544 3:
545 #endif
546
547 /* Populate ID registers. */
548 mrs x0, midr_el1
549 mrs x1, mpidr_el1
550 msr vpidr_el2, x0
551 msr vmpidr_el2, x1
552
553 #ifdef CONFIG_COMPAT
554 msr hstr_el2, xzr // Disable CP15 traps to EL2
555 #endif
556
557 /* EL2 debug */
558 mrs x1, id_aa64dfr0_el1
559 sbfx x0, x1, #ID_AA64DFR0_PMUVER_SHIFT, #4
560 cmp x0, #1
561 b.lt 4f // Skip if no PMU present
562 mrs x0, pmcr_el0 // Disable debug access traps
563 ubfx x0, x0, #11, #5 // to EL2 and allow access to
564 4:
565 csel x3, xzr, x0, lt // all PMU counters from EL1
566
567 /* Statistical profiling */
568 ubfx x0, x1, #ID_AA64DFR0_PMSVER_SHIFT, #4
569 cbz x0, 7f // Skip if SPE not present
570 cbnz x2, 6f // VHE?
571 mrs_s x4, SYS_PMBIDR_EL1 // If SPE available at EL2,
572 and x4, x4, #(1 << SYS_PMBIDR_EL1_P_SHIFT)
573 cbnz x4, 5f // then permit sampling of physical
574 mov x4, #(1 << SYS_PMSCR_EL2_PCT_SHIFT | \
575 1 << SYS_PMSCR_EL2_PA_SHIFT)
576 msr_s SYS_PMSCR_EL2, x4 // addresses and physical counter
577 5:
578 mov x1, #(MDCR_EL2_E2PB_MASK << MDCR_EL2_E2PB_SHIFT)
579 orr x3, x3, x1 // If we don't have VHE, then
580 b 7f // use EL1&0 translation.
581 6: // For VHE, use EL2 translation
582 orr x3, x3, #MDCR_EL2_TPMS // and disable access from EL1
583 7:
584 msr mdcr_el2, x3 // Configure debug traps
585
586 /* LORegions */
587 mrs x1, id_aa64mmfr1_el1
588 ubfx x0, x1, #ID_AA64MMFR1_LOR_SHIFT, 4
589 cbz x0, 1f
590 msr_s SYS_LORC_EL1, xzr
591 1:
592
593 /* Stage-2 translation */
594 msr vttbr_el2, xzr
595
596 cbz x2, install_el2_stub
597
598 mov w0, #BOOT_CPU_MODE_EL2 // This CPU booted in EL2
599 isb
600 ret
601
602 install_el2_stub:
603 /*
604 * When VHE is not in use, early init of EL2 and EL1 needs to be
605 * done here.
606 * When VHE _is_ in use, EL1 will not be used in the host and
607 * requires no configuration, and all non-hyp-specific EL2 setup
608 * will be done via the _EL1 system register aliases in __cpu_setup.
609 */
610 mov_q x0, (SCTLR_EL1_RES1 | ENDIAN_SET_EL1)
611 msr sctlr_el1, x0
612
613 /* Coprocessor traps. */
614 mov x0, #0x33ff
615 msr cptr_el2, x0 // Disable copro. traps to EL2
616
617 /* SVE register access */
618 mrs x1, id_aa64pfr0_el1
619 ubfx x1, x1, #ID_AA64PFR0_SVE_SHIFT, #4
620 cbz x1, 7f
621
622 bic x0, x0, #CPTR_EL2_TZ // Also disable SVE traps
623 msr cptr_el2, x0 // Disable copro. traps to EL2
624 isb
625 mov x1, #ZCR_ELx_LEN_MASK // SVE: Enable full vector
626 msr_s SYS_ZCR_EL2, x1 // length for EL1.
627
628 /* Hypervisor stub */
629 7: adr_l x0, __hyp_stub_vectors
630 msr vbar_el2, x0
631
632 /* spsr */
633 mov x0, #(PSR_F_BIT | PSR_I_BIT | PSR_A_BIT | PSR_D_BIT |\
634 PSR_MODE_EL1h)
635 msr spsr_el2, x0
636 msr elr_el2, lr
637 mov w0, #BOOT_CPU_MODE_EL2 // This CPU booted in EL2
638 eret
639 ENDPROC(el2_setup)
640
641 /*
642 * Sets the __boot_cpu_mode flag depending on the CPU boot mode passed
643 * in w0. See arch/arm64/include/asm/virt.h for more info.
644 */
645 set_cpu_boot_mode_flag:
646 adr_l x1, __boot_cpu_mode
647 cmp w0, #BOOT_CPU_MODE_EL2
648 b.ne 1f
649 add x1, x1, #4
650 1: str w0, [x1] // This CPU has booted in EL1
651 dmb sy
652 dc ivac, x1 // Invalidate potentially stale cache line
653 ret
654 ENDPROC(set_cpu_boot_mode_flag)
655
656 /*
657 * These values are written with the MMU off, but read with the MMU on.
658 * Writers will invalidate the corresponding address, discarding up to a
659 * 'Cache Writeback Granule' (CWG) worth of data. The linker script ensures
660 * sufficient alignment that the CWG doesn't overlap another section.
661 */
662 .pushsection ".mmuoff.data.write", "aw"
663 /*
664 * We need to find out the CPU boot mode long after boot, so we need to
665 * store it in a writable variable.
666 *
667 * This is not in .bss, because we set it sufficiently early that the boot-time
668 * zeroing of .bss would clobber it.
669 */
670 ENTRY(__boot_cpu_mode)
671 .long BOOT_CPU_MODE_EL2
672 .long BOOT_CPU_MODE_EL1
673 /*
674 * The booting CPU updates the failed status @__early_cpu_boot_status,
675 * with MMU turned off.
676 */
677 ENTRY(__early_cpu_boot_status)
678 .quad 0
679
680 .popsection
681
682 /*
683 * This provides a "holding pen" for platforms to hold all secondary
684 * cores are held until we're ready for them to initialise.
685 */
686 ENTRY(secondary_holding_pen)
687 bl el2_setup // Drop to EL1, w0=cpu_boot_mode
688 bl set_cpu_boot_mode_flag
689 mrs x0, mpidr_el1
690 mov_q x1, MPIDR_HWID_BITMASK
691 and x0, x0, x1
692 adr_l x3, secondary_holding_pen_release
693 pen: ldr x4, [x3]
694 cmp x4, x0
695 b.eq secondary_startup
696 wfe
697 b pen
698 ENDPROC(secondary_holding_pen)
699
700 /*
701 * Secondary entry point that jumps straight into the kernel. Only to
702 * be used where CPUs are brought online dynamically by the kernel.
703 */
704 ENTRY(secondary_entry)
705 bl el2_setup // Drop to EL1
706 bl set_cpu_boot_mode_flag
707 b secondary_startup
708 ENDPROC(secondary_entry)
709
710 secondary_startup:
711 /*
712 * Common entry point for secondary CPUs.
713 */
714 bl __cpu_secondary_check52bitva
715 bl __cpu_setup // initialise processor
716 adrp x1, swapper_pg_dir
717 bl __enable_mmu
718 ldr x8, =__secondary_switched
719 br x8
720 ENDPROC(secondary_startup)
721
722 __secondary_switched:
723 adr_l x5, vectors
724 msr vbar_el1, x5
725 isb
726
727 adr_l x0, secondary_data
728 ldr x1, [x0, #CPU_BOOT_STACK] // get secondary_data.stack
729 cbz x1, __secondary_too_slow
730 mov sp, x1
731 ldr x2, [x0, #CPU_BOOT_TASK]
732 cbz x2, __secondary_too_slow
733 msr sp_el0, x2
734 mov x29, #0
735 mov x30, #0
736 b secondary_start_kernel
737 ENDPROC(__secondary_switched)
738
739 __secondary_too_slow:
740 wfe
741 wfi
742 b __secondary_too_slow
743 ENDPROC(__secondary_too_slow)
744
745 /*
746 * The booting CPU updates the failed status @__early_cpu_boot_status,
747 * with MMU turned off.
748 *
749 * update_early_cpu_boot_status tmp, status
750 * - Corrupts tmp1, tmp2
751 * - Writes 'status' to __early_cpu_boot_status and makes sure
752 * it is committed to memory.
753 */
754
755 .macro update_early_cpu_boot_status status, tmp1, tmp2
756 mov \tmp2, #\status
757 adr_l \tmp1, __early_cpu_boot_status
758 str \tmp2, [\tmp1]
759 dmb sy
760 dc ivac, \tmp1 // Invalidate potentially stale cache line
761 .endm
762
763 /*
764 * Enable the MMU.
765 *
766 * x0 = SCTLR_EL1 value for turning on the MMU.
767 * x1 = TTBR1_EL1 value
768 *
769 * Returns to the caller via x30/lr. This requires the caller to be covered
770 * by the .idmap.text section.
771 *
772 * Checks if the selected granule size is supported by the CPU.
773 * If it isn't, park the CPU
774 */
775 ENTRY(__enable_mmu)
776 mrs x2, ID_AA64MMFR0_EL1
777 ubfx x2, x2, #ID_AA64MMFR0_TGRAN_SHIFT, 4
778 cmp x2, #ID_AA64MMFR0_TGRAN_SUPPORTED
779 b.ne __no_granule_support
780 update_early_cpu_boot_status 0, x2, x3
781 adrp x2, idmap_pg_dir
782 phys_to_ttbr x1, x1
783 phys_to_ttbr x2, x2
784 msr ttbr0_el1, x2 // load TTBR0
785 offset_ttbr1 x1, x3
786 msr ttbr1_el1, x1 // load TTBR1
787 isb
788 msr sctlr_el1, x0
789 isb
790 /*
791 * Invalidate the local I-cache so that any instructions fetched
792 * speculatively from the PoC are discarded, since they may have
793 * been dynamically patched at the PoU.
794 */
795 ic iallu
796 dsb nsh
797 isb
798 ret
799 ENDPROC(__enable_mmu)
800
801 ENTRY(__cpu_secondary_check52bitva)
802 #ifdef CONFIG_ARM64_VA_BITS_52
803 ldr_l x0, vabits_actual
804 cmp x0, #52
805 b.ne 2f
806
807 mrs_s x0, SYS_ID_AA64MMFR2_EL1
808 and x0, x0, #(0xf << ID_AA64MMFR2_LVA_SHIFT)
809 cbnz x0, 2f
810
811 update_early_cpu_boot_status \
812 CPU_STUCK_IN_KERNEL | CPU_STUCK_REASON_52_BIT_VA, x0, x1
813 1: wfe
814 wfi
815 b 1b
816
817 #endif
818 2: ret
819 ENDPROC(__cpu_secondary_check52bitva)
820
821 __no_granule_support:
822 /* Indicate that this CPU can't boot and is stuck in the kernel */
823 update_early_cpu_boot_status \
824 CPU_STUCK_IN_KERNEL | CPU_STUCK_REASON_NO_GRAN, x1, x2
825 1:
826 wfe
827 wfi
828 b 1b
829 ENDPROC(__no_granule_support)
830
831 #ifdef CONFIG_RELOCATABLE
832 __relocate_kernel:
833 /*
834 * Iterate over each entry in the relocation table, and apply the
835 * relocations in place.
836 */
837 ldr w9, =__rela_offset // offset to reloc table
838 ldr w10, =__rela_size // size of reloc table
839
840 mov_q x11, KIMAGE_VADDR // default virtual offset
841 add x11, x11, x23 // actual virtual offset
842 add x9, x9, x11 // __va(.rela)
843 add x10, x9, x10 // __va(.rela) + sizeof(.rela)
844
845 0: cmp x9, x10
846 b.hs 1f
847 ldp x12, x13, [x9], #24
848 ldr x14, [x9, #-8]
849 cmp w13, #R_AARCH64_RELATIVE
850 b.ne 0b
851 add x14, x14, x23 // relocate
852 str x14, [x12, x23]
853 b 0b
854
855 1:
856 #ifdef CONFIG_RELR
857 /*
858 * Apply RELR relocations.
859 *
860 * RELR is a compressed format for storing relative relocations. The
861 * encoded sequence of entries looks like:
862 * [ AAAAAAAA BBBBBBB1 BBBBBBB1 ... AAAAAAAA BBBBBB1 ... ]
863 *
864 * i.e. start with an address, followed by any number of bitmaps. The
865 * address entry encodes 1 relocation. The subsequent bitmap entries
866 * encode up to 63 relocations each, at subsequent offsets following
867 * the last address entry.
868 *
869 * The bitmap entries must have 1 in the least significant bit. The
870 * assumption here is that an address cannot have 1 in lsb. Odd
871 * addresses are not supported. Any odd addresses are stored in the RELA
872 * section, which is handled above.
873 *
874 * Excluding the least significant bit in the bitmap, each non-zero
875 * bit in the bitmap represents a relocation to be applied to
876 * a corresponding machine word that follows the base address
877 * word. The second least significant bit represents the machine
878 * word immediately following the initial address, and each bit
879 * that follows represents the next word, in linear order. As such,
880 * a single bitmap can encode up to 63 relocations in a 64-bit object.
881 *
882 * In this implementation we store the address of the next RELR table
883 * entry in x9, the address being relocated by the current address or
884 * bitmap entry in x13 and the address being relocated by the current
885 * bit in x14.
886 *
887 * Because addends are stored in place in the binary, RELR relocations
888 * cannot be applied idempotently. We use x24 to keep track of the
889 * currently applied displacement so that we can correctly relocate if
890 * __relocate_kernel is called twice with non-zero displacements (i.e.
891 * if there is both a physical misalignment and a KASLR displacement).
892 */
893 ldr w9, =__relr_offset // offset to reloc table
894 ldr w10, =__relr_size // size of reloc table
895 add x9, x9, x11 // __va(.relr)
896 add x10, x9, x10 // __va(.relr) + sizeof(.relr)
897
898 sub x15, x23, x24 // delta from previous offset
899 cbz x15, 7f // nothing to do if unchanged
900 mov x24, x23 // save new offset
901
902 2: cmp x9, x10
903 b.hs 7f
904 ldr x11, [x9], #8
905 tbnz x11, #0, 3f // branch to handle bitmaps
906 add x13, x11, x23
907 ldr x12, [x13] // relocate address entry
908 add x12, x12, x15
909 str x12, [x13], #8 // adjust to start of bitmap
910 b 2b
911
912 3: mov x14, x13
913 4: lsr x11, x11, #1
914 cbz x11, 6f
915 tbz x11, #0, 5f // skip bit if not set
916 ldr x12, [x14] // relocate bit
917 add x12, x12, x15
918 str x12, [x14]
919
920 5: add x14, x14, #8 // move to next bit's address
921 b 4b
922
923 6: /*
924 * Move to the next bitmap's address. 8 is the word size, and 63 is the
925 * number of significant bits in a bitmap entry.
926 */
927 add x13, x13, #(8 * 63)
928 b 2b
929
930 7:
931 #endif
932 ret
933
934 ENDPROC(__relocate_kernel)
935 #endif
936
937 __primary_switch:
938 #ifdef CONFIG_RANDOMIZE_BASE
939 mov x19, x0 // preserve new SCTLR_EL1 value
940 mrs x20, sctlr_el1 // preserve old SCTLR_EL1 value
941 #endif
942
943 adrp x1, init_pg_dir
944 bl __enable_mmu
945 #ifdef CONFIG_RELOCATABLE
946 #ifdef CONFIG_RELR
947 mov x24, #0 // no RELR displacement yet
948 #endif
949 bl __relocate_kernel
950 #ifdef CONFIG_RANDOMIZE_BASE
951 ldr x8, =__primary_switched
952 adrp x0, __PHYS_OFFSET
953 blr x8
954
955 /*
956 * If we return here, we have a KASLR displacement in x23 which we need
957 * to take into account by discarding the current kernel mapping and
958 * creating a new one.
959 */
960 pre_disable_mmu_workaround
961 msr sctlr_el1, x20 // disable the MMU
962 isb
963 bl __create_page_tables // recreate kernel mapping
964
965 tlbi vmalle1 // Remove any stale TLB entries
966 dsb nsh
967
968 msr sctlr_el1, x19 // re-enable the MMU
969 isb
970 ic iallu // flush instructions fetched
971 dsb nsh // via old mapping
972 isb
973
974 bl __relocate_kernel
975 #endif
976 #endif
977 ldr x8, =__primary_switched
978 adrp x0, __PHYS_OFFSET
979 br x8
980 ENDPROC(__primary_switch)