linux-libre/arch/sh/kernel/cpu/sh5/entry.S

/*
 * arch/sh/kernel/cpu/sh5/entry.S
 *
 * Copyright (C) 2000, 2001  Paolo Alberelli
 * Copyright (C) 2004 - 2008  Paul Mundt
 * Copyright (C) 2003, 2004  Richard Curnow
 *
 * This file is subject to the terms and conditions of the GNU General Public
 * License.  See the file "COPYING" in the main directory of this archive
 * for more details.
 */
#include <linux/errno.h>
#include <linux/init.h>
#include <linux/sys.h>
#include <cpu/registers.h>
#include <asm/processor.h>
#include <asm/unistd.h>
#include <asm/thread_info.h>
#include <asm/asm-offsets.h>

/*
 * SR fields.
 */
#define SR_ASID_MASK	0x00ff0000
#define SR_FD_MASK	0x00008000
#define SR_SS		0x08000000
#define SR_BL		0x10000000
#define SR_MD		0x40000000

/*
 * Event code.
 */
#define	EVENT_INTERRUPT		0
#define	EVENT_FAULT_TLB		1
#define	EVENT_FAULT_NOT_TLB	2
#define	EVENT_DEBUG		3

/* EXPEVT values */
#define	RESET_CAUSE		0x20
#define DEBUGSS_CAUSE		0x980

/*
 * Frame layout. Quad index.
 */
#define	FRAME_T(x)	FRAME_TBASE+(x*8)
#define	FRAME_R(x)	FRAME_RBASE+(x*8)
#define	FRAME_S(x)	FRAME_SBASE+(x*8)
#define FSPC		0
#define FSSR		1
#define FSYSCALL_ID	2

/* Arrange the save frame to be a multiple of 32 bytes long */
#define FRAME_SBASE	0
#define FRAME_RBASE	(FRAME_SBASE+(3*8))	/* SYSCALL_ID - SSR - SPC */
#define FRAME_TBASE	(FRAME_RBASE+(63*8))	/* r0 - r62 */
#define FRAME_PBASE	(FRAME_TBASE+(8*8))	/* tr0 -tr7 */
#define	FRAME_SIZE	(FRAME_PBASE+(2*8))	/* pad0-pad1 */

#define FP_FRAME_SIZE	FP_FRAME_BASE+(33*8)	/* dr0 - dr31 + fpscr */
#define FP_FRAME_BASE	0

#define	SAVED_R2	0*8
#define	SAVED_R3	1*8
#define	SAVED_R4	2*8
#define	SAVED_R5	3*8
#define	SAVED_R18	4*8
#define	SAVED_R6	5*8
#define	SAVED_TR0	6*8

/* These are the registers saved in the TLB path that aren't saved in the first
   level of the normal one. */
#define	TLB_SAVED_R25	7*8
#define	TLB_SAVED_TR1	8*8
#define	TLB_SAVED_TR2	9*8
#define	TLB_SAVED_TR3	10*8
#define	TLB_SAVED_TR4	11*8
/* Save R0/R1 : PT-migrating compiler currently dishounours -ffixed-r0 and -ffixed-r1 causing
   breakage otherwise. */
#define	TLB_SAVED_R0	12*8
#define	TLB_SAVED_R1	13*8

#define CLI()				\
	getcon	SR, r6;			\
	ori	r6, 0xf0, r6;		\
	putcon	r6, SR;

#define STI()				\
	getcon	SR, r6;			\
	andi	r6, ~0xf0, r6;		\
	putcon	r6, SR;

#ifdef CONFIG_PREEMPT
#  define preempt_stop()	CLI()
#else
#  define preempt_stop()
#  define resume_kernel		restore_all
#endif

	.section	.data, "aw"

#define FAST_TLBMISS_STACK_CACHELINES 4
#define FAST_TLBMISS_STACK_QUADWORDS (4*FAST_TLBMISS_STACK_CACHELINES)

/* Register back-up area for all exceptions */
	.balign	32
	/* Allow for 16 quadwords to be pushed by fast tlbmiss handling
	 * register saves etc. */
	.fill FAST_TLBMISS_STACK_QUADWORDS, 8, 0x0
/* This is 32 byte aligned by construction */
/* Register back-up area for all exceptions */
reg_save_area:
	.quad	0
	.quad	0
	.quad	0
	.quad	0

	.quad	0
	.quad	0
	.quad	0
	.quad	0

	.quad	0
	.quad	0
	.quad	0
	.quad	0

	.quad	0
	.quad   0

/* Save area for RESVEC exceptions. We cannot use reg_save_area because of
 * reentrancy. Note this area may be accessed via physical address.
 * Align so this fits a whole single cache line, for ease of purging.
 */
	.balign 32,0,32
resvec_save_area:
	.quad	0
	.quad	0
	.quad	0
	.quad	0
	.quad	0
	.balign 32,0,32

/* Jump table of 3rd level handlers  */
trap_jtable:
	.long	do_exception_error		/* 0x000 */
	.long	do_exception_error		/* 0x020 */
#ifdef CONFIG_MMU
	.long	tlb_miss_load				/* 0x040 */
	.long	tlb_miss_store				/* 0x060 */
#else
	.long	do_exception_error
	.long	do_exception_error
#endif
	! ARTIFICIAL pseudo-EXPEVT setting
	.long	do_debug_interrupt		/* 0x080 */
#ifdef CONFIG_MMU
	.long	tlb_miss_load				/* 0x0A0 */
	.long	tlb_miss_store				/* 0x0C0 */
#else
	.long	do_exception_error
	.long	do_exception_error
#endif
	.long	do_address_error_load	/* 0x0E0 */
	.long	do_address_error_store	/* 0x100 */
#ifdef CONFIG_SH_FPU
	.long	do_fpu_error		/* 0x120 */
#else
	.long	do_exception_error		/* 0x120 */
#endif
	.long	do_exception_error		/* 0x140 */
	.long	system_call				/* 0x160 */
	.long	do_reserved_inst		/* 0x180 */
	.long	do_illegal_slot_inst	/* 0x1A0 */
	.long	do_exception_error		/* 0x1C0 - NMI */
	.long	do_exception_error		/* 0x1E0 */
	.rept 15
		.long do_IRQ		/* 0x200 - 0x3C0 */
	.endr
	.long	do_exception_error		/* 0x3E0 */
	.rept 32
		.long do_IRQ		/* 0x400 - 0x7E0 */
	.endr
	.long	fpu_error_or_IRQA			/* 0x800 */
	.long	fpu_error_or_IRQB			/* 0x820 */
	.long	do_IRQ			/* 0x840 */
	.long	do_IRQ			/* 0x860 */
	.rept 6
		.long do_exception_error	/* 0x880 - 0x920 */
	.endr
	.long	breakpoint_trap_handler	/* 0x940 */
	.long	do_exception_error		/* 0x960 */
	.long	do_single_step		/* 0x980 */

	.rept 3
		.long do_exception_error	/* 0x9A0 - 0x9E0 */
	.endr
	.long	do_IRQ			/* 0xA00 */
	.long	do_IRQ			/* 0xA20 */
#ifdef CONFIG_MMU
	.long	itlb_miss_or_IRQ			/* 0xA40 */
#else
	.long	do_IRQ
#endif
	.long	do_IRQ			/* 0xA60 */
	.long	do_IRQ			/* 0xA80 */
#ifdef CONFIG_MMU
	.long	itlb_miss_or_IRQ			/* 0xAA0 */
#else
	.long	do_IRQ
#endif
	.long	do_exception_error		/* 0xAC0 */
	.long	do_address_error_exec	/* 0xAE0 */
	.rept 8
		.long do_exception_error	/* 0xB00 - 0xBE0 */
	.endr
	.rept 18
		.long do_IRQ		/* 0xC00 - 0xE20 */
	.endr

	.section	.text64, "ax"

/*
 * --- Exception/Interrupt/Event Handling Section
 */

/*
 * VBR and RESVEC blocks.
 *
 * First level handler for VBR-based exceptions.
 *
 * To avoid waste of space, align to the maximum text block size.
 * This is assumed to be at most 128 bytes or 32 instructions.
 * DO NOT EXCEED 32 instructions on the first level handlers !
 *
 * Also note that RESVEC is contained within the VBR block
 * where the room left (1KB - TEXT_SIZE) allows placing
 * the RESVEC block (at most 512B + TEXT_SIZE).
 *
 * So first (and only) level handler for RESVEC-based exceptions.
 *
 * Where the fault/interrupt is handled (not_a_tlb_miss, tlb_miss
 * and interrupt) we are a lot tight with register space until
 * saving onto the stack frame, which is done in handle_exception().
 *
 */

#define	TEXT_SIZE 	128
#define	BLOCK_SIZE 	1664 		/* Dynamic check, 13*128 */

	.balign TEXT_SIZE
LVBR_block:
	.space	256, 0			/* Power-on class handler, */
					/* not required here       */
not_a_tlb_miss:
	synco	/* TAKum03020 (but probably a good idea anyway.) */
	/* Save original stack pointer into KCR1 */
	putcon	SP, KCR1

	/* Save other original registers into reg_save_area */
        movi  reg_save_area, SP
	st.q	SP, SAVED_R2, r2
	st.q	SP, SAVED_R3, r3
	st.q	SP, SAVED_R4, r4
	st.q	SP, SAVED_R5, r5
	st.q	SP, SAVED_R6, r6
	st.q	SP, SAVED_R18, r18
	gettr	tr0, r3
	st.q	SP, SAVED_TR0, r3

	/* Set args for Non-debug, Not a TLB miss class handler */
	getcon	EXPEVT, r2
	movi	ret_from_exception, r3
	ori	r3, 1, r3
	movi	EVENT_FAULT_NOT_TLB, r4
	or	SP, ZERO, r5
	getcon	KCR1, SP
	pta	handle_exception, tr0
	blink	tr0, ZERO

	.balign 256
	! VBR+0x200
	nop
	.balign 256
	! VBR+0x300
	nop
	.balign 256
	/*
	 * Instead of the natural .balign 1024 place RESVEC here
	 * respecting the final 1KB alignment.
	 */
	.balign TEXT_SIZE
	/*
	 * Instead of '.space 1024-TEXT_SIZE' place the RESVEC
	 * block making sure the final alignment is correct.
	 */
#ifdef CONFIG_MMU
tlb_miss:
	synco	/* TAKum03020 (but probably a good idea anyway.) */
	putcon	SP, KCR1
	movi	reg_save_area, SP
	/* SP is guaranteed 32-byte aligned. */
	st.q	SP, TLB_SAVED_R0 , r0
	st.q	SP, TLB_SAVED_R1 , r1
	st.q	SP, SAVED_R2 , r2
	st.q	SP, SAVED_R3 , r3
	st.q	SP, SAVED_R4 , r4
	st.q	SP, SAVED_R5 , r5
	st.q	SP, SAVED_R6 , r6
	st.q	SP, SAVED_R18, r18

	/* Save R25 for safety; as/ld may want to use it to achieve the call to
	 * the code in mm/tlbmiss.c */
	st.q	SP, TLB_SAVED_R25, r25
	gettr	tr0, r2
	gettr	tr1, r3
	gettr	tr2, r4
	gettr	tr3, r5
	gettr	tr4, r18
	st.q	SP, SAVED_TR0 , r2
	st.q	SP, TLB_SAVED_TR1 , r3
	st.q	SP, TLB_SAVED_TR2 , r4
	st.q	SP, TLB_SAVED_TR3 , r5
	st.q	SP, TLB_SAVED_TR4 , r18

	pt	do_fast_page_fault, tr0
	getcon	SSR, r2
	getcon	EXPEVT, r3
	getcon	TEA, r4
	shlri	r2, 30, r2
	andi	r2, 1, r2	/* r2 = SSR.MD */
	blink 	tr0, LINK

	pt	fixup_to_invoke_general_handler, tr1

	/* If the fast path handler fixed the fault, just drop through quickly
	   to the restore code right away to return to the excepting context.
	   */
	bnei/u	r2, 0, tr1

fast_tlb_miss_restore:
	ld.q	SP, SAVED_TR0, r2
	ld.q	SP, TLB_SAVED_TR1, r3
	ld.q	SP, TLB_SAVED_TR2, r4

	ld.q	SP, TLB_SAVED_TR3, r5
	ld.q	SP, TLB_SAVED_TR4, r18

	ptabs	r2, tr0
	ptabs	r3, tr1
	ptabs	r4, tr2
	ptabs	r5, tr3
	ptabs	r18, tr4

	ld.q	SP, TLB_SAVED_R0, r0
	ld.q	SP, TLB_SAVED_R1, r1
	ld.q	SP, SAVED_R2, r2
	ld.q	SP, SAVED_R3, r3
	ld.q	SP, SAVED_R4, r4
	ld.q	SP, SAVED_R5, r5
	ld.q	SP, SAVED_R6, r6
	ld.q	SP, SAVED_R18, r18
	ld.q	SP, TLB_SAVED_R25, r25

	getcon	KCR1, SP
	rte
	nop /* for safety, in case the code is run on sh5-101 cut1.x */

fixup_to_invoke_general_handler:

	/* OK, new method.  Restore stuff that's not expected to get saved into
	   the 'first-level' reg save area, then just fall through to setting
	   up the registers and calling the second-level handler. */

	/* 2nd level expects r2,3,4,5,6,18,tr0 to be saved.  So we must restore
	   r25,tr1-4 and save r6 to get into the right state.  */

	ld.q	SP, TLB_SAVED_TR1, r3
	ld.q	SP, TLB_SAVED_TR2, r4
	ld.q	SP, TLB_SAVED_TR3, r5
	ld.q	SP, TLB_SAVED_TR4, r18
	ld.q	SP, TLB_SAVED_R25, r25

	ld.q	SP, TLB_SAVED_R0, r0
	ld.q	SP, TLB_SAVED_R1, r1

	ptabs/u	r3, tr1
	ptabs/u	r4, tr2
	ptabs/u	r5, tr3
	ptabs/u	r18, tr4

	/* Set args for Non-debug, TLB miss class handler */
	getcon	EXPEVT, r2
	movi	ret_from_exception, r3
	ori	r3, 1, r3
	movi	EVENT_FAULT_TLB, r4
	or	SP, ZERO, r5
	getcon	KCR1, SP
	pta	handle_exception, tr0
	blink	tr0, ZERO
#else /* CONFIG_MMU */
	.balign 256
#endif

/* NB TAKE GREAT CARE HERE TO ENSURE THAT THE INTERRUPT CODE
   DOES END UP AT VBR+0x600 */
	nop
	nop
	nop
	nop
	nop
	nop

	.balign 256
	/* VBR + 0x600 */

interrupt:
	synco	/* TAKum03020 (but probably a good idea anyway.) */
	/* Save original stack pointer into KCR1 */
	putcon	SP, KCR1

	/* Save other original registers into reg_save_area */
        movi  reg_save_area, SP
	st.q	SP, SAVED_R2, r2
	st.q	SP, SAVED_R3, r3
	st.q	SP, SAVED_R4, r4
	st.q	SP, SAVED_R5, r5
	st.q	SP, SAVED_R6, r6
	st.q	SP, SAVED_R18, r18
	gettr	tr0, r3
	st.q	SP, SAVED_TR0, r3

	/* Set args for interrupt class handler */
	getcon	INTEVT, r2
	movi	ret_from_irq, r3
	ori	r3, 1, r3
	movi	EVENT_INTERRUPT, r4
	or	SP, ZERO, r5
	getcon	KCR1, SP
	pta	handle_exception, tr0
	blink	tr0, ZERO
	.balign	TEXT_SIZE		/* let's waste the bare minimum */

LVBR_block_end:				/* Marker. Used for total checking */

	.balign 256
LRESVEC_block:
	/* Panic handler. Called with MMU off. Possible causes/actions:
	 * - Reset:		Jump to program start.
	 * - Single Step:	Turn off Single Step & return.
	 * - Others:		Call panic handler, passing PC as arg.
	 *			(this may need to be extended...)
	 */
reset_or_panic:
	synco	/* TAKum03020 (but probably a good idea anyway.) */
	putcon	SP, DCR
	/* First save r0-1 and tr0, as we need to use these */
	movi	resvec_save_area-CONFIG_PAGE_OFFSET, SP
	st.q	SP, 0, r0
	st.q	SP, 8, r1
	gettr	tr0, r0
	st.q	SP, 32, r0

	/* Check cause */
	getcon	EXPEVT, r0
	movi	RESET_CAUSE, r1
	sub	r1, r0, r1		/* r1=0 if reset */
	movi	_stext-CONFIG_PAGE_OFFSET, r0
	ori	r0, 1, r0
	ptabs	r0, tr0
	beqi	r1, 0, tr0		/* Jump to start address if reset */

	getcon	EXPEVT, r0
	movi	DEBUGSS_CAUSE, r1
	sub	r1, r0, r1		/* r1=0 if single step */
	pta	single_step_panic, tr0
	beqi	r1, 0, tr0		/* jump if single step */

	/* Now jump to where we save the registers. */
	movi	panic_stash_regs-CONFIG_PAGE_OFFSET, r1
	ptabs	r1, tr0
	blink	tr0, r63

single_step_panic:
	/* We are in a handler with Single Step set. We need to resume the
	 * handler, by turning on MMU & turning off Single Step. */
	getcon	SSR, r0
	movi	SR_MMU, r1
	or	r0, r1, r0
	movi	~SR_SS, r1
	and	r0, r1, r0
	putcon	r0, SSR
	/* Restore EXPEVT, as the rte won't do this */
	getcon	PEXPEVT, r0
	putcon	r0, EXPEVT
	/* Restore regs */
	ld.q	SP, 32, r0
	ptabs	r0, tr0
	ld.q	SP, 0, r0
	ld.q	SP, 8, r1
	getcon	DCR, SP
	synco
	rte


	.balign	256
debug_exception:
	synco	/* TAKum03020 (but probably a good idea anyway.) */
	/*
	 * Single step/software_break_point first level handler.
	 * Called with MMU off, so the first thing we do is enable it
	 * by doing an rte with appropriate SSR.
	 */
	putcon	SP, DCR
	/* Save SSR & SPC, together with R0 & R1, as we need to use 2 regs. */
	movi	resvec_save_area-CONFIG_PAGE_OFFSET, SP

	/* With the MMU off, we are bypassing the cache, so purge any
         * data that will be made stale by the following stores.
         */
	ocbp	SP, 0
	synco

	st.q	SP, 0, r0
	st.q	SP, 8, r1
	getcon	SPC, r0
	st.q	SP, 16, r0
	getcon	SSR, r0
	st.q	SP, 24, r0

	/* Enable MMU, block exceptions, set priv mode, disable single step */
	movi	SR_MMU | SR_BL | SR_MD, r1
	or	r0, r1, r0
	movi	~SR_SS, r1
	and	r0, r1, r0
	putcon	r0, SSR
	/* Force control to debug_exception_2 when rte is executed */
	movi	debug_exeception_2, r0
	ori	r0, 1, r0      /* force SHmedia, just in case */
	putcon	r0, SPC
	getcon	DCR, SP
	synco
	rte
debug_exeception_2:
	/* Restore saved regs */
	putcon	SP, KCR1
	movi	resvec_save_area, SP
	ld.q	SP, 24, r0
	putcon	r0, SSR
	ld.q	SP, 16, r0
	putcon	r0, SPC
	ld.q	SP, 0, r0
	ld.q	SP, 8, r1

	/* Save other original registers into reg_save_area */
        movi  reg_save_area, SP
	st.q	SP, SAVED_R2, r2
	st.q	SP, SAVED_R3, r3
	st.q	SP, SAVED_R4, r4
	st.q	SP, SAVED_R5, r5
	st.q	SP, SAVED_R6, r6
	st.q	SP, SAVED_R18, r18
	gettr	tr0, r3
	st.q	SP, SAVED_TR0, r3

	/* Set args for debug class handler */
	getcon	EXPEVT, r2
	movi	ret_from_exception, r3
	ori	r3, 1, r3
	movi	EVENT_DEBUG, r4
	or	SP, ZERO, r5
	getcon	KCR1, SP
	pta	handle_exception, tr0
	blink	tr0, ZERO

	.balign	256
debug_interrupt:
	/* !!! WE COME HERE IN REAL MODE !!! */
	/* Hook-up debug interrupt to allow various debugging options to be
	 * hooked into its handler. */
	/* Save original stack pointer into KCR1 */
	synco
	putcon	SP, KCR1
	movi	resvec_save_area-CONFIG_PAGE_OFFSET, SP
	ocbp	SP, 0
	ocbp	SP, 32
	synco

	/* Save other original registers into reg_save_area thru real addresses */
	st.q	SP, SAVED_R2, r2
	st.q	SP, SAVED_R3, r3
	st.q	SP, SAVED_R4, r4
	st.q	SP, SAVED_R5, r5
	st.q	SP, SAVED_R6, r6
	st.q	SP, SAVED_R18, r18
	gettr	tr0, r3
	st.q	SP, SAVED_TR0, r3

	/* move (spc,ssr)->(pspc,pssr).  The rte will shift
	   them back again, so that they look like the originals
	   as far as the real handler code is concerned. */
	getcon	spc, r6
	putcon	r6, pspc
	getcon	ssr, r6
	putcon	r6, pssr

	! construct useful SR for handle_exception
	movi	3, r6
	shlli	r6, 30, r6
	getcon	sr, r18
	or	r18, r6, r6
	putcon	r6, ssr

	! SSR is now the current SR with the MD and MMU bits set
	! i.e. the rte will switch back to priv mode and put
	! the mmu back on

	! construct spc
	movi	handle_exception, r18
	ori	r18, 1, r18		! for safety (do we need this?)
	putcon	r18, spc

	/* Set args for Non-debug, Not a TLB miss class handler */

	! EXPEVT==0x80 is unused, so 'steal' this value to put the
	! debug interrupt handler in the vectoring table
	movi	0x80, r2
	movi	ret_from_exception, r3
	ori	r3, 1, r3
	movi	EVENT_FAULT_NOT_TLB, r4

	or	SP, ZERO, r5
	movi	CONFIG_PAGE_OFFSET, r6
	add	r6, r5, r5
	getcon	KCR1, SP

	synco	! for safety
	rte	! -> handle_exception, switch back to priv mode again

LRESVEC_block_end:			/* Marker. Unused. */

	.balign	TEXT_SIZE

/*
 * Second level handler for VBR-based exceptions. Pre-handler.
 * In common to all stack-frame sensitive handlers.
 *
 * Inputs:
 * (KCR0) Current [current task union]
 * (KCR1) Original SP
 * (r2)   INTEVT/EXPEVT
 * (r3)   appropriate return address
 * (r4)   Event (0 = interrupt, 1 = TLB miss fault, 2 = Not TLB miss fault, 3=debug)
 * (r5)   Pointer to reg_save_area
 * (SP)   Original SP
 *
 * Available registers:
 * (r6)
 * (r18)
 * (tr0)
 *
 */
handle_exception:
	/* Common 2nd level handler. */

	/* First thing we need an appropriate stack pointer */
	getcon	SSR, r6
	shlri	r6, 30, r6
	andi	r6, 1, r6
	pta	stack_ok, tr0
	bne	r6, ZERO, tr0		/* Original stack pointer is fine */

	/* Set stack pointer for user fault */
	getcon	KCR0, SP
	movi	THREAD_SIZE, r6		/* Point to the end */
	add	SP, r6, SP

stack_ok:

/* DEBUG : check for underflow/overflow of the kernel stack */
	pta	no_underflow, tr0
	getcon  KCR0, r6
	movi	1024, r18
	add	r6, r18, r6
	bge	SP, r6, tr0 	! ? below 1k from bottom of stack : danger zone

/* Just panic to cause a crash. */
bad_sp:
	ld.b	r63, 0, r6
	nop

no_underflow:
	pta	bad_sp, tr0
	getcon	kcr0, r6
	movi	THREAD_SIZE, r18
	add	r18, r6, r6
	bgt	SP, r6, tr0	! sp above the stack

	/* Make some room for the BASIC frame. */
	movi	-(FRAME_SIZE), r6
	add	SP, r6, SP

/* Could do this with no stalling if we had another spare register, but the
   code below will be OK. */
	ld.q	r5, SAVED_R2, r6
	ld.q	r5, SAVED_R3, r18
	st.q	SP, FRAME_R(2), r6
	ld.q	r5, SAVED_R4, r6
	st.q	SP, FRAME_R(3), r18
	ld.q	r5, SAVED_R5, r18
	st.q	SP, FRAME_R(4), r6
	ld.q	r5, SAVED_R6, r6
	st.q	SP, FRAME_R(5), r18
	ld.q	r5, SAVED_R18, r18
	st.q	SP, FRAME_R(6), r6
	ld.q	r5, SAVED_TR0, r6
	st.q	SP, FRAME_R(18), r18
	st.q	SP, FRAME_T(0), r6

	/* Keep old SP around */
	getcon	KCR1, r6

	/* Save the rest of the general purpose registers */
	st.q	SP, FRAME_R(0), r0
	st.q	SP, FRAME_R(1), r1
	st.q	SP, FRAME_R(7), r7
	st.q	SP, FRAME_R(8), r8
	st.q	SP, FRAME_R(9), r9
	st.q	SP, FRAME_R(10), r10
	st.q	SP, FRAME_R(11), r11
	st.q	SP, FRAME_R(12), r12
	st.q	SP, FRAME_R(13), r13
	st.q	SP, FRAME_R(14), r14

	/* SP is somewhere else */
	st.q	SP, FRAME_R(15), r6

	st.q	SP, FRAME_R(16), r16
	st.q	SP, FRAME_R(17), r17
	/* r18 is saved earlier. */
	st.q	SP, FRAME_R(19), r19
	st.q	SP, FRAME_R(20), r20
	st.q	SP, FRAME_R(21), r21
	st.q	SP, FRAME_R(22), r22
	st.q	SP, FRAME_R(23), r23
	st.q	SP, FRAME_R(24), r24
	st.q	SP, FRAME_R(25), r25
	st.q	SP, FRAME_R(26), r26
	st.q	SP, FRAME_R(27), r27
	st.q	SP, FRAME_R(28), r28
	st.q	SP, FRAME_R(29), r29
	st.q	SP, FRAME_R(30), r30
	st.q	SP, FRAME_R(31), r31
	st.q	SP, FRAME_R(32), r32
	st.q	SP, FRAME_R(33), r33
	st.q	SP, FRAME_R(34), r34
	st.q	SP, FRAME_R(35), r35
	st.q	SP, FRAME_R(36), r36
	st.q	SP, FRAME_R(37), r37
	st.q	SP, FRAME_R(38), r38
	st.q	SP, FRAME_R(39), r39
	st.q	SP, FRAME_R(40), r40
	st.q	SP, FRAME_R(41), r41
	st.q	SP, FRAME_R(42), r42
	st.q	SP, FRAME_R(43), r43
	st.q	SP, FRAME_R(44), r44
	st.q	SP, FRAME_R(45), r45
	st.q	SP, FRAME_R(46), r46
	st.q	SP, FRAME_R(47), r47
	st.q	SP, FRAME_R(48), r48
	st.q	SP, FRAME_R(49), r49
	st.q	SP, FRAME_R(50), r50
	st.q	SP, FRAME_R(51), r51
	st.q	SP, FRAME_R(52), r52
	st.q	SP, FRAME_R(53), r53
	st.q	SP, FRAME_R(54), r54
	st.q	SP, FRAME_R(55), r55
	st.q	SP, FRAME_R(56), r56
	st.q	SP, FRAME_R(57), r57
	st.q	SP, FRAME_R(58), r58
	st.q	SP, FRAME_R(59), r59
	st.q	SP, FRAME_R(60), r60
	st.q	SP, FRAME_R(61), r61
	st.q	SP, FRAME_R(62), r62

	/*
	 * Save the S* registers.
	 */
	getcon	SSR, r61
	st.q	SP, FRAME_S(FSSR), r61
	getcon	SPC, r62
	st.q	SP, FRAME_S(FSPC), r62
	movi	-1, r62			/* Reset syscall_nr */
	st.q	SP, FRAME_S(FSYSCALL_ID), r62

	/* Save the rest of the target registers */
	gettr	tr1, r6
	st.q	SP, FRAME_T(1), r6
	gettr	tr2, r6
	st.q	SP, FRAME_T(2), r6
	gettr	tr3, r6
	st.q	SP, FRAME_T(3), r6
	gettr	tr4, r6
	st.q	SP, FRAME_T(4), r6
	gettr	tr5, r6
	st.q	SP, FRAME_T(5), r6
	gettr	tr6, r6
	st.q	SP, FRAME_T(6), r6
	gettr	tr7, r6
	st.q	SP, FRAME_T(7), r6

	! setup FP so that unwinder can wind back through nested kernel mode
	! exceptions
	add	SP, ZERO, r14

	/* For syscall and debug race condition, get TRA now */
	getcon	TRA, r5

	/* We are in a safe position to turn SR.BL off, but set IMASK=0xf
	 * Also set FD, to catch FPU usage in the kernel.
	 *
	 * benedict.gaster@superh.com 29/07/2002
	 *
	 * On all SH5-101 revisions it is unsafe to raise the IMASK and at the
	 * same time change BL from 1->0, as any pending interrupt of a level
	 * higher than he previous value of IMASK will leak through and be
	 * taken unexpectedly.
	 *
	 * To avoid this we raise the IMASK and then issue another PUTCON to
	 * enable interrupts.
         */
	getcon	SR, r6
	movi	SR_IMASK | SR_FD, r7
	or	r6, r7, r6
	putcon	r6, SR
	movi	SR_UNBLOCK_EXC, r7
	and	r6, r7, r6
	putcon	r6, SR


	/* Now call the appropriate 3rd level handler */
	or	r3, ZERO, LINK
	movi	trap_jtable, r3
	shlri	r2, 3, r2
	ldx.l	r2, r3, r3
	shlri	r2, 2, r2
	ptabs	r3, tr0
	or	SP, ZERO, r3
	blink	tr0, ZERO

/*
 * Second level handler for VBR-based exceptions. Post-handlers.
 *
 * Post-handlers for interrupts (ret_from_irq), exceptions
 * (ret_from_exception) and common reentrance doors (restore_all
 * to get back to the original context, ret_from_syscall loop to
 * check kernel exiting).
 *
 * ret_with_reschedule and work_notifysig are an inner lables of
 * the ret_from_syscall loop.
 *
 * In common to all stack-frame sensitive handlers.
 *
 * Inputs:
 * (SP)   struct pt_regs *, original register's frame pointer (basic)
 *
 */
	.global ret_from_irq
ret_from_irq:
	ld.q	SP, FRAME_S(FSSR), r6
	shlri	r6, 30, r6
	andi	r6, 1, r6
	pta	resume_kernel, tr0
	bne	r6, ZERO, tr0		/* no further checks */
	STI()
	pta	ret_with_reschedule, tr0
	blink	tr0, ZERO		/* Do not check softirqs */

	.global ret_from_exception
ret_from_exception:
	preempt_stop()

	ld.q	SP, FRAME_S(FSSR), r6
	shlri	r6, 30, r6
	andi	r6, 1, r6
	pta	resume_kernel, tr0
	bne	r6, ZERO, tr0		/* no further checks */

	/* Check softirqs */

#ifdef CONFIG_PREEMPT
	pta   ret_from_syscall, tr0
	blink   tr0, ZERO

resume_kernel:
	CLI()

	pta	restore_all, tr0

	getcon	KCR0, r6
	ld.l	r6, TI_PRE_COUNT, r7
	beq/u	r7, ZERO, tr0

need_resched:
	ld.l	r6, TI_FLAGS, r7
	movi	(1 << TIF_NEED_RESCHED), r8
	and	r8, r7, r8
	bne	r8, ZERO, tr0

	getcon	SR, r7
	andi	r7, 0xf0, r7
	bne	r7, ZERO, tr0

	movi	preempt_schedule_irq, r7
	ori	r7, 1, r7
	ptabs	r7, tr1
	blink	tr1, LINK

	pta	need_resched, tr1
	blink	tr1, ZERO
#endif

	.global ret_from_syscall
ret_from_syscall:

ret_with_reschedule:
	getcon	KCR0, r6		! r6 contains current_thread_info
	ld.l	r6, TI_FLAGS, r7	! r7 contains current_thread_info->flags

	movi	_TIF_NEED_RESCHED, r8
	and	r8, r7, r8
	pta	work_resched, tr0
	bne	r8, ZERO, tr0

	pta	restore_all, tr1

	movi	(_TIF_SIGPENDING|_TIF_NOTIFY_RESUME), r8
	and	r8, r7, r8
	pta	work_notifysig, tr0
	bne	r8, ZERO, tr0

	blink	tr1, ZERO

work_resched:
	pta	ret_from_syscall, tr0
	gettr	tr0, LINK
	movi	schedule, r6
	ptabs	r6, tr0
	blink	tr0, ZERO		/* Call schedule(), return on top */

work_notifysig:
	gettr	tr1, LINK

	movi	do_notify_resume, r6
	ptabs	r6, tr0
	or	SP, ZERO, r2
	or	r7, ZERO, r3
	blink	tr0, LINK	    /* Call do_notify_resume(regs, current_thread_info->flags), return here */

restore_all:
	/* Do prefetches */

	ld.q	SP, FRAME_T(0), r6
	ld.q	SP, FRAME_T(1), r7
	ld.q	SP, FRAME_T(2), r8
	ld.q	SP, FRAME_T(3), r9
	ptabs	r6, tr0
	ptabs	r7, tr1
	ptabs	r8, tr2
	ptabs	r9, tr3
	ld.q	SP, FRAME_T(4), r6
	ld.q	SP, FRAME_T(5), r7
	ld.q	SP, FRAME_T(6), r8
	ld.q	SP, FRAME_T(7), r9
	ptabs	r6, tr4
	ptabs	r7, tr5
	ptabs	r8, tr6
	ptabs	r9, tr7

	ld.q	SP, FRAME_R(0), r0
	ld.q	SP, FRAME_R(1), r1
	ld.q	SP, FRAME_R(2), r2
	ld.q	SP, FRAME_R(3), r3
	ld.q	SP, FRAME_R(4), r4
	ld.q	SP, FRAME_R(5), r5
	ld.q	SP, FRAME_R(6), r6
	ld.q	SP, FRAME_R(7), r7
	ld.q	SP, FRAME_R(8), r8
	ld.q	SP, FRAME_R(9), r9
	ld.q	SP, FRAME_R(10), r10
	ld.q	SP, FRAME_R(11), r11
	ld.q	SP, FRAME_R(12), r12
	ld.q	SP, FRAME_R(13), r13
	ld.q	SP, FRAME_R(14), r14

	ld.q	SP, FRAME_R(16), r16
	ld.q	SP, FRAME_R(17), r17
	ld.q	SP, FRAME_R(18), r18
	ld.q	SP, FRAME_R(19), r19
	ld.q	SP, FRAME_R(20), r20
	ld.q	SP, FRAME_R(21), r21
	ld.q	SP, FRAME_R(22), r22
	ld.q	SP, FRAME_R(23), r23
	ld.q	SP, FRAME_R(24), r24
	ld.q	SP, FRAME_R(25), r25
	ld.q	SP, FRAME_R(26), r26
	ld.q	SP, FRAME_R(27), r27
	ld.q	SP, FRAME_R(28), r28
	ld.q	SP, FRAME_R(29), r29
	ld.q	SP, FRAME_R(30), r30
	ld.q	SP, FRAME_R(31), r31
	ld.q	SP, FRAME_R(32), r32
	ld.q	SP, FRAME_R(33), r33
	ld.q	SP, FRAME_R(34), r34
	ld.q	SP, FRAME_R(35), r35
	ld.q	SP, FRAME_R(36), r36
	ld.q	SP, FRAME_R(37), r37
	ld.q	SP, FRAME_R(38), r38
	ld.q	SP, FRAME_R(39), r39
	ld.q	SP, FRAME_R(40), r40
	ld.q	SP, FRAME_R(41), r41
	ld.q	SP, FRAME_R(42), r42
	ld.q	SP, FRAME_R(43), r43
	ld.q	SP, FRAME_R(44), r44
	ld.q	SP, FRAME_R(45), r45
	ld.q	SP, FRAME_R(46), r46
	ld.q	SP, FRAME_R(47), r47
	ld.q	SP, FRAME_R(48), r48
	ld.q	SP, FRAME_R(49), r49
	ld.q	SP, FRAME_R(50), r50
	ld.q	SP, FRAME_R(51), r51
	ld.q	SP, FRAME_R(52), r52
	ld.q	SP, FRAME_R(53), r53
	ld.q	SP, FRAME_R(54), r54
	ld.q	SP, FRAME_R(55), r55
	ld.q	SP, FRAME_R(56), r56
	ld.q	SP, FRAME_R(57), r57
	ld.q	SP, FRAME_R(58), r58

	getcon	SR, r59
	movi	SR_BLOCK_EXC, r60
	or	r59, r60, r59
	putcon	r59, SR			/* SR.BL = 1, keep nesting out */
	ld.q	SP, FRAME_S(FSSR), r61
	ld.q	SP, FRAME_S(FSPC), r62
	movi	SR_ASID_MASK, r60
	and	r59, r60, r59
	andc	r61, r60, r61		/* Clear out older ASID */
	or	r59, r61, r61		/* Retain current ASID */
	putcon	r61, SSR
	putcon	r62, SPC

	/* Ignore FSYSCALL_ID */

	ld.q	SP, FRAME_R(59), r59
	ld.q	SP, FRAME_R(60), r60
	ld.q	SP, FRAME_R(61), r61
	ld.q	SP, FRAME_R(62), r62

	/* Last touch */
	ld.q	SP, FRAME_R(15), SP
	rte
	nop

/*
 * Third level handlers for VBR-based exceptions. Adapting args to
 * and/or deflecting to fourth level handlers.
 *
 * Fourth level handlers interface.
 * Most are C-coded handlers directly pointed by the trap_jtable.
 * (Third = Fourth level)
 * Inputs:
 * (r2)   fault/interrupt code, entry number (e.g. NMI = 14,
 *	  IRL0-3 (0000) = 16, RTLBMISS = 2, SYSCALL = 11, etc ...)
 * (r3)   struct pt_regs *, original register's frame pointer
 * (r4)   Event (0 = interrupt, 1 = TLB miss fault, 2 = Not TLB miss fault)
 * (r5)   TRA control register (for syscall/debug benefit only)
 * (LINK) return address
 * (SP)   = r3
 *
 * Kernel TLB fault handlers will get a slightly different interface.
 * (r2)   struct pt_regs *, original register's frame pointer
 * (r3)   page fault error code (see asm/thread_info.h)
 * (r4)   Effective Address of fault
 * (LINK) return address
 * (SP)   = r2
 *
 * fpu_error_or_IRQ? is a helper to deflect to the right cause.
 *
 */
#ifdef CONFIG_MMU
tlb_miss_load:
	or	SP, ZERO, r2
	or	ZERO, ZERO, r3		/* Read */
	getcon	TEA, r4
	pta	call_do_page_fault, tr0
	beq	ZERO, ZERO, tr0

tlb_miss_store:
	or	SP, ZERO, r2
	movi	FAULT_CODE_WRITE, r3		/* Write */
	getcon	TEA, r4
	pta	call_do_page_fault, tr0
	beq	ZERO, ZERO, tr0

itlb_miss_or_IRQ:
	pta	its_IRQ, tr0
	beqi/u	r4, EVENT_INTERRUPT, tr0

	/* ITLB miss */
	or	SP, ZERO, r2
	movi	FAULT_CODE_ITLB, r3
	getcon	TEA, r4
	/* Fall through */

call_do_page_fault:
	movi	do_page_fault, r6
        ptabs	r6, tr0
        blink	tr0, ZERO
#endif /* CONFIG_MMU */

fpu_error_or_IRQA:
	pta	its_IRQ, tr0
	beqi/l	r4, EVENT_INTERRUPT, tr0
#ifdef CONFIG_SH_FPU
	movi	fpu_state_restore_trap_handler, r6
#else
	movi	do_exception_error, r6
#endif
	ptabs	r6, tr0
	blink	tr0, ZERO

fpu_error_or_IRQB:
	pta	its_IRQ, tr0
	beqi/l	r4, EVENT_INTERRUPT, tr0
#ifdef CONFIG_SH_FPU
	movi	fpu_state_restore_trap_handler, r6
#else
	movi	do_exception_error, r6
#endif
	ptabs	r6, tr0
	blink	tr0, ZERO

its_IRQ:
	movi	do_IRQ, r6
	ptabs	r6, tr0
	blink	tr0, ZERO

/*
 * system_call/unknown_trap third level handler:
 *
 * Inputs:
 * (r2)   fault/interrupt code, entry number (TRAP = 11)
 * (r3)   struct pt_regs *, original register's frame pointer
 * (r4)   Not used. Event (0=interrupt, 1=TLB miss fault, 2=Not TLB miss fault)
 * (r5)   TRA Control Reg (0x00xyzzzz: x=1 SYSCALL, y = #args, z=nr)
 * (SP)   = r3
 * (LINK) return address: ret_from_exception
 * (*r3)  Syscall parms: SC#, arg0, arg1, ..., arg5 in order (Saved r2/r7)
 *
 * Outputs:
 * (*r3)  Syscall reply (Saved r2)
 * (LINK) In case of syscall only it can be scrapped.
 *        Common second level post handler will be ret_from_syscall.
 *        Common (non-trace) exit point to that is syscall_ret (saving
 *        result to r2). Common bad exit point is syscall_bad (returning
 *        ENOSYS then saved to r2).
 *
 */

unknown_trap:
	/* Unknown Trap or User Trace */
	movi	do_unknown_trapa, r6
	ptabs	r6, tr0
        ld.q    r3, FRAME_R(9), r2	/* r2 = #arg << 16 | syscall # */
        andi    r2, 0x1ff, r2		/* r2 = syscall # */
	blink	tr0, LINK

	pta	syscall_ret, tr0
	blink	tr0, ZERO

        /* New syscall implementation*/
system_call:
	pta	unknown_trap, tr0
        or      r5, ZERO, r4            /* TRA (=r5) -> r4 */
        shlri   r4, 20, r4
	bnei	r4, 1, tr0		/* unknown_trap if not 0x1yzzzz */

        /* It's a system call */
	st.q    r3, FRAME_S(FSYSCALL_ID), r5 	/* ID (0x1yzzzz) -> stack */
	andi    r5, 0x1ff, r5			/* syscall # -> r5	  */

	STI()

	pta	syscall_allowed, tr0
	movi	NR_syscalls - 1, r4	/* Last valid */
	bgeu/l	r4, r5, tr0

syscall_bad:
	/* Return ENOSYS ! */
	movi	-(ENOSYS), r2		/* Fall-through */

	.global syscall_ret
syscall_ret:
	st.q	SP, FRAME_R(9), r2	/* Expecting SP back to BASIC frame */
	ld.q	SP, FRAME_S(FSPC), r2
	addi	r2, 4, r2		/* Move PC, being pre-execution event */
	st.q	SP, FRAME_S(FSPC), r2
	pta	ret_from_syscall, tr0
	blink	tr0, ZERO


/*  A different return path for ret_from_fork, because we now need
 *  to call schedule_tail with the later kernels. Because prev is
 *  loaded into r2 by switch_to() means we can just call it straight  away
 */

.global	ret_from_fork
ret_from_fork:

	movi	schedule_tail,r5
	ori	r5, 1, r5
	ptabs	r5, tr0
	blink	tr0, LINK

	ld.q	SP, FRAME_S(FSPC), r2
	addi	r2, 4, r2		/* Move PC, being pre-execution event */
	st.q	SP, FRAME_S(FSPC), r2
	pta	ret_from_syscall, tr0
	blink	tr0, ZERO

.global	ret_from_kernel_thread
ret_from_kernel_thread:

	movi	schedule_tail,r5
	ori	r5, 1, r5
	ptabs	r5, tr0
	blink	tr0, LINK

	ld.q	SP, FRAME_R(2), r2
	ld.q	SP, FRAME_R(3), r3
	ptabs	r3, tr0
	blink	tr0, LINK

	ld.q	SP, FRAME_S(FSPC), r2
	addi	r2, 4, r2		/* Move PC, being pre-execution event */
	st.q	SP, FRAME_S(FSPC), r2
	pta	ret_from_syscall, tr0
	blink	tr0, ZERO

syscall_allowed:
	/* Use LINK to deflect the exit point, default is syscall_ret */
	pta	syscall_ret, tr0
	gettr	tr0, LINK
	pta	syscall_notrace, tr0

	getcon	KCR0, r2
	ld.l	r2, TI_FLAGS, r4
	movi	_TIF_WORK_SYSCALL_MASK, r6
	and	r6, r4, r6
	beq/l	r6, ZERO, tr0

	/* Trace it by calling syscall_trace before and after */
	movi	do_syscall_trace_enter, r4
	or	SP, ZERO, r2
	ptabs	r4, tr0
	blink	tr0, LINK

	/* Save the retval */
	st.q	SP, FRAME_R(2), r2

	/* Reload syscall number as r5 is trashed by do_syscall_trace_enter */
	ld.q	SP, FRAME_S(FSYSCALL_ID), r5
	andi	r5, 0x1ff, r5

	pta	syscall_ret_trace, tr0
	gettr	tr0, LINK

syscall_notrace:
	/* Now point to the appropriate 4th level syscall handler */
	movi	sys_call_table, r4
	shlli	r5, 2, r5
	ldx.l	r4, r5, r5
	ptabs	r5, tr0

	/* Prepare original args */
	ld.q	SP, FRAME_R(2), r2
	ld.q	SP, FRAME_R(3), r3
	ld.q	SP, FRAME_R(4), r4
	ld.q	SP, FRAME_R(5), r5
	ld.q	SP, FRAME_R(6), r6
	ld.q	SP, FRAME_R(7), r7

	/* And now the trick for those syscalls requiring regs * ! */
	or	SP, ZERO, r8

	/* Call it */
	blink	tr0, ZERO	/* LINK is already properly set */

syscall_ret_trace:
	/* We get back here only if under trace */
	st.q	SP, FRAME_R(9), r2	/* Save return value */

	movi	do_syscall_trace_leave, LINK
	or	SP, ZERO, r2
	ptabs	LINK, tr0
	blink	tr0, LINK

	/* This needs to be done after any syscall tracing */
	ld.q	SP, FRAME_S(FSPC), r2
	addi	r2, 4, r2	/* Move PC, being pre-execution event */
	st.q	SP, FRAME_S(FSPC), r2

	pta	ret_from_syscall, tr0
	blink	tr0, ZERO		/* Resume normal return sequence */

/*
 * --- Switch to running under a particular ASID and return the previous ASID value
 * --- The caller is assumed to have done a cli before calling this.
 *
 * Input r2 : new ASID
 * Output r2 : old ASID
 */

	.global switch_and_save_asid
switch_and_save_asid:
	getcon	sr, r0
	movi	255, r4
	shlli 	r4, 16, r4	/* r4 = mask to select ASID */
	and	r0, r4, r3	/* r3 = shifted old ASID */
	andi	r2, 255, r2	/* mask down new ASID */
	shlli	r2, 16, r2	/* align new ASID against SR.ASID */
	andc	r0, r4, r0	/* efface old ASID from SR */
	or	r0, r2, r0	/* insert the new ASID */
	putcon	r0, ssr
	movi	1f, r0
	putcon	r0, spc
	rte
	nop
1:
	ptabs	LINK, tr0
	shlri	r3, 16, r2	/* r2 = old ASID */
	blink tr0, r63

	.global	route_to_panic_handler
route_to_panic_handler:
	/* Switch to real mode, goto panic_handler, don't return.  Useful for
	   last-chance debugging, e.g. if no output wants to go to the console.
	   */

	movi	panic_handler - CONFIG_PAGE_OFFSET, r1
	ptabs	r1, tr0
	pta	1f, tr1
	gettr	tr1, r0
	putcon	r0, spc
	getcon	sr, r0
	movi	1, r1
	shlli	r1, 31, r1
	andc	r0, r1, r0
	putcon	r0, ssr
	rte
	nop
1:	/* Now in real mode */
	blink tr0, r63
	nop

	.global peek_real_address_q
peek_real_address_q:
	/* Two args:
	   r2 : real mode address to peek
	   r2(out) : result quadword

	   This is provided as a cheapskate way of manipulating device
	   registers for debugging (to avoid the need to ioremap the debug
	   module, and to avoid the need to ioremap the watchpoint
	   controller in a way that identity maps sufficient bits to avoid the
	   SH5-101 cut2 silicon defect).

	   This code is not performance critical
	*/

	add.l	r2, r63, r2	/* sign extend address */
	getcon	sr, r0		/* r0 = saved original SR */
	movi	1, r1
	shlli	r1, 28, r1
	or	r0, r1, r1	/* r0 with block bit set */
	putcon	r1, sr		/* now in critical section */
	movi	1, r36
	shlli	r36, 31, r36
	andc	r1, r36, r1	/* turn sr.mmu off in real mode section */

	putcon	r1, ssr
	movi	.peek0 - CONFIG_PAGE_OFFSET, r36 /* real mode target address */
	movi	1f, r37		/* virtual mode return addr */
	putcon	r36, spc

	synco
	rte
	nop

.peek0:	/* come here in real mode, don't touch caches!!
           still in critical section (sr.bl==1) */
	putcon	r0, ssr
	putcon	r37, spc
	/* Here's the actual peek.  If the address is bad, all bets are now off
	 * what will happen (handlers invoked in real-mode = bad news) */
	ld.q	r2, 0, r2
	synco
	rte	/* Back to virtual mode */
	nop

1:
	ptabs	LINK, tr0
	blink	tr0, r63

	.global poke_real_address_q
poke_real_address_q:
	/* Two args:
	   r2 : real mode address to poke
	   r3 : quadword value to write.

	   This is provided as a cheapskate way of manipulating device
	   registers for debugging (to avoid the need to ioremap the debug
	   module, and to avoid the need to ioremap the watchpoint
	   controller in a way that identity maps sufficient bits to avoid the
	   SH5-101 cut2 silicon defect).

	   This code is not performance critical
	*/

	add.l	r2, r63, r2	/* sign extend address */
	getcon	sr, r0		/* r0 = saved original SR */
	movi	1, r1
	shlli	r1, 28, r1
	or	r0, r1, r1	/* r0 with block bit set */
	putcon	r1, sr		/* now in critical section */
	movi	1, r36
	shlli	r36, 31, r36
	andc	r1, r36, r1	/* turn sr.mmu off in real mode section */

	putcon	r1, ssr
	movi	.poke0-CONFIG_PAGE_OFFSET, r36 /* real mode target address */
	movi	1f, r37		/* virtual mode return addr */
	putcon	r36, spc

	synco
	rte
	nop

.poke0:	/* come here in real mode, don't touch caches!!
           still in critical section (sr.bl==1) */
	putcon	r0, ssr
	putcon	r37, spc
	/* Here's the actual poke.  If the address is bad, all bets are now off
	 * what will happen (handlers invoked in real-mode = bad news) */
	st.q	r2, 0, r3
	synco
	rte	/* Back to virtual mode */
	nop

1:
	ptabs	LINK, tr0
	blink	tr0, r63

#ifdef CONFIG_MMU
/*
 * --- User Access Handling Section
 */

/*
 * User Access support. It all moved to non inlined Assembler
 * functions in here.
 *
 * __kernel_size_t __copy_user(void *__to, const void *__from,
 *			       __kernel_size_t __n)
 *
 * Inputs:
 * (r2)  target address
 * (r3)  source address
 * (r4)  size in bytes
 *
 * Ouputs:
 * (*r2) target data
 * (r2)  non-copied bytes
 *
 * If a fault occurs on the user pointer, bail out early and return the
 * number of bytes not copied in r2.
 * Strategy : for large blocks, call a real memcpy function which can
 * move >1 byte at a time using unaligned ld/st instructions, and can
 * manipulate the cache using prefetch + alloco to improve the speed
 * further.  If a fault occurs in that function, just revert to the
 * byte-by-byte approach used for small blocks; this is rare so the
 * performance hit for that case does not matter.
 *
 * For small blocks it's not worth the overhead of setting up and calling
 * the memcpy routine; do the copy a byte at a time.
 *
 */
	.global	__copy_user
__copy_user:
	pta	__copy_user_byte_by_byte, tr1
	movi	16, r0 ! this value is a best guess, should tune it by benchmarking
	bge/u	r0, r4, tr1
	pta copy_user_memcpy, tr0
	addi	SP, -32, SP
	/* Save arguments in case we have to fix-up unhandled page fault */
	st.q	SP, 0, r2
	st.q	SP, 8, r3
	st.q	SP, 16, r4
	st.q	SP, 24, r35 ! r35 is callee-save
	/* Save LINK in a register to reduce RTS time later (otherwise
	   ld SP,*,LINK;ptabs LINK;trn;blink trn,r63 becomes a critical path) */
	ori	LINK, 0, r35
	blink	tr0, LINK

	/* Copy completed normally if we get back here */
	ptabs	r35, tr0
	ld.q	SP, 24, r35
	/* don't restore r2-r4, pointless */
	/* set result=r2 to zero as the copy must have succeeded. */
	or	r63, r63, r2
	addi	SP, 32, SP
	blink	tr0, r63 ! RTS

	.global __copy_user_fixup
__copy_user_fixup:
	/* Restore stack frame */
	ori	r35, 0, LINK
	ld.q	SP, 24, r35
	ld.q	SP, 16, r4
	ld.q	SP,  8, r3
	ld.q	SP,  0, r2
	addi	SP, 32, SP
	/* Fall through to original code, in the 'same' state we entered with */

/* The slow byte-by-byte method is used if the fast copy traps due to a bad
   user address.  In that rare case, the speed drop can be tolerated. */
__copy_user_byte_by_byte:
	pta	___copy_user_exit, tr1
	pta	___copy_user1, tr0
	beq/u	r4, r63, tr1	/* early exit for zero length copy */
	sub	r2, r3, r0
	addi	r0, -1, r0

___copy_user1:
	ld.b	r3, 0, r5		/* Fault address 1 */

	/* Could rewrite this to use just 1 add, but the second comes 'free'
	   due to load latency */
	addi	r3, 1, r3
	addi	r4, -1, r4		/* No real fixup required */
___copy_user2:
	stx.b	r3, r0, r5		/* Fault address 2 */
	bne     r4, ZERO, tr0

___copy_user_exit:
	or	r4, ZERO, r2
	ptabs	LINK, tr0
	blink	tr0, ZERO

/*
 * __kernel_size_t __clear_user(void *addr, __kernel_size_t size)
 *
 * Inputs:
 * (r2)  target address
 * (r3)  size in bytes
 *
 * Ouputs:
 * (*r2) zero-ed target data
 * (r2)  non-zero-ed bytes
 */
	.global	__clear_user
__clear_user:
	pta	___clear_user_exit, tr1
	pta	___clear_user1, tr0
	beq/u	r3, r63, tr1

___clear_user1:
	st.b	r2, 0, ZERO		/* Fault address */
	addi	r2, 1, r2
	addi	r3, -1, r3		/* No real fixup required */
	bne     r3, ZERO, tr0

___clear_user_exit:
	or	r3, ZERO, r2
	ptabs	LINK, tr0
	blink	tr0, ZERO

#endif /* CONFIG_MMU */

/*
 * extern long __get_user_asm_?(void *val, long addr)
 *
 * Inputs:
 * (r2)  dest address
 * (r3)  source address (in User Space)
 *
 * Ouputs:
 * (r2)  -EFAULT (faulting)
 *       0 	 (not faulting)
 */
	.global	__get_user_asm_b
__get_user_asm_b:
	or	r2, ZERO, r4
	movi	-(EFAULT), r2		/* r2 = reply, no real fixup */

___get_user_asm_b1:
	ld.b	r3, 0, r5		/* r5 = data */
	st.b	r4, 0, r5
	or	ZERO, ZERO, r2

___get_user_asm_b_exit:
	ptabs	LINK, tr0
	blink	tr0, ZERO


	.global	__get_user_asm_w
__get_user_asm_w:
	or	r2, ZERO, r4
	movi	-(EFAULT), r2		/* r2 = reply, no real fixup */

___get_user_asm_w1:
	ld.w	r3, 0, r5		/* r5 = data */
	st.w	r4, 0, r5
	or	ZERO, ZERO, r2

___get_user_asm_w_exit:
	ptabs	LINK, tr0
	blink	tr0, ZERO


	.global	__get_user_asm_l
__get_user_asm_l:
	or	r2, ZERO, r4
	movi	-(EFAULT), r2		/* r2 = reply, no real fixup */

___get_user_asm_l1:
	ld.l	r3, 0, r5		/* r5 = data */
	st.l	r4, 0, r5
	or	ZERO, ZERO, r2

___get_user_asm_l_exit:
	ptabs	LINK, tr0
	blink	tr0, ZERO


	.global	__get_user_asm_q
__get_user_asm_q:
	or	r2, ZERO, r4
	movi	-(EFAULT), r2		/* r2 = reply, no real fixup */

___get_user_asm_q1:
	ld.q	r3, 0, r5		/* r5 = data */
	st.q	r4, 0, r5
	or	ZERO, ZERO, r2

___get_user_asm_q_exit:
	ptabs	LINK, tr0
	blink	tr0, ZERO

/*
 * extern long __put_user_asm_?(void *pval, long addr)
 *
 * Inputs:
 * (r2)  kernel pointer to value
 * (r3)  dest address (in User Space)
 *
 * Ouputs:
 * (r2)  -EFAULT (faulting)
 *       0 	 (not faulting)
 */
	.global	__put_user_asm_b
__put_user_asm_b:
	ld.b	r2, 0, r4		/* r4 = data */
	movi	-(EFAULT), r2		/* r2 = reply, no real fixup */

___put_user_asm_b1:
	st.b	r3, 0, r4
	or	ZERO, ZERO, r2

___put_user_asm_b_exit:
	ptabs	LINK, tr0
	blink	tr0, ZERO


	.global	__put_user_asm_w
__put_user_asm_w:
	ld.w	r2, 0, r4		/* r4 = data */
	movi	-(EFAULT), r2		/* r2 = reply, no real fixup */

___put_user_asm_w1:
	st.w	r3, 0, r4
	or	ZERO, ZERO, r2

___put_user_asm_w_exit:
	ptabs	LINK, tr0
	blink	tr0, ZERO


	.global	__put_user_asm_l
__put_user_asm_l:
	ld.l	r2, 0, r4		/* r4 = data */
	movi	-(EFAULT), r2		/* r2 = reply, no real fixup */

___put_user_asm_l1:
	st.l	r3, 0, r4
	or	ZERO, ZERO, r2

___put_user_asm_l_exit:
	ptabs	LINK, tr0
	blink	tr0, ZERO


	.global	__put_user_asm_q
__put_user_asm_q:
	ld.q	r2, 0, r4		/* r4 = data */
	movi	-(EFAULT), r2		/* r2 = reply, no real fixup */

___put_user_asm_q1:
	st.q	r3, 0, r4
	or	ZERO, ZERO, r2

___put_user_asm_q_exit:
	ptabs	LINK, tr0
	blink	tr0, ZERO

panic_stash_regs:
	/* The idea is : when we get an unhandled panic, we dump the registers
	   to a known memory location, the just sit in a tight loop.
	   This allows the human to look at the memory region through the GDB
	   session (assuming the debug module's SHwy initiator isn't locked up
	   or anything), to hopefully analyze the cause of the panic. */

	/* On entry, former r15 (SP) is in DCR
	   former r0  is at resvec_saved_area + 0
	   former r1  is at resvec_saved_area + 8
	   former tr0 is at resvec_saved_area + 32
	   DCR is the only register whose value is lost altogether.
	*/

	movi	0xffffffff80000000, r0 ! phy of dump area
	ld.q	SP, 0x000, r1	! former r0
	st.q	r0,  0x000, r1
	ld.q	SP, 0x008, r1	! former r1
	st.q	r0,  0x008, r1
	st.q	r0,  0x010, r2
	st.q	r0,  0x018, r3
	st.q	r0,  0x020, r4
	st.q	r0,  0x028, r5
	st.q	r0,  0x030, r6
	st.q	r0,  0x038, r7
	st.q	r0,  0x040, r8
	st.q	r0,  0x048, r9
	st.q	r0,  0x050, r10
	st.q	r0,  0x058, r11
	st.q	r0,  0x060, r12
	st.q	r0,  0x068, r13
	st.q	r0,  0x070, r14
	getcon	dcr, r14
	st.q	r0,  0x078, r14
	st.q	r0,  0x080, r16
	st.q	r0,  0x088, r17
	st.q	r0,  0x090, r18
	st.q	r0,  0x098, r19
	st.q	r0,  0x0a0, r20
	st.q	r0,  0x0a8, r21
	st.q	r0,  0x0b0, r22
	st.q	r0,  0x0b8, r23
	st.q	r0,  0x0c0, r24
	st.q	r0,  0x0c8, r25
	st.q	r0,  0x0d0, r26
	st.q	r0,  0x0d8, r27
	st.q	r0,  0x0e0, r28
	st.q	r0,  0x0e8, r29
	st.q	r0,  0x0f0, r30
	st.q	r0,  0x0f8, r31
	st.q	r0,  0x100, r32
	st.q	r0,  0x108, r33
	st.q	r0,  0x110, r34
	st.q	r0,  0x118, r35
	st.q	r0,  0x120, r36
	st.q	r0,  0x128, r37
	st.q	r0,  0x130, r38
	st.q	r0,  0x138, r39
	st.q	r0,  0x140, r40
	st.q	r0,  0x148, r41
	st.q	r0,  0x150, r42
	st.q	r0,  0x158, r43
	st.q	r0,  0x160, r44
	st.q	r0,  0x168, r45
	st.q	r0,  0x170, r46
	st.q	r0,  0x178, r47
	st.q	r0,  0x180, r48
	st.q	r0,  0x188, r49
	st.q	r0,  0x190, r50
	st.q	r0,  0x198, r51
	st.q	r0,  0x1a0, r52
	st.q	r0,  0x1a8, r53
	st.q	r0,  0x1b0, r54
	st.q	r0,  0x1b8, r55
	st.q	r0,  0x1c0, r56
	st.q	r0,  0x1c8, r57
	st.q	r0,  0x1d0, r58
	st.q	r0,  0x1d8, r59
	st.q	r0,  0x1e0, r60
	st.q	r0,  0x1e8, r61
	st.q	r0,  0x1f0, r62
	st.q	r0,  0x1f8, r63	! bogus, but for consistency's sake...

	ld.q	SP, 0x020, r1  ! former tr0
	st.q	r0,  0x200, r1
	gettr	tr1, r1
	st.q	r0,  0x208, r1
	gettr	tr2, r1
	st.q	r0,  0x210, r1
	gettr	tr3, r1
	st.q	r0,  0x218, r1
	gettr	tr4, r1
	st.q	r0,  0x220, r1
	gettr	tr5, r1
	st.q	r0,  0x228, r1
	gettr	tr6, r1
	st.q	r0,  0x230, r1
	gettr	tr7, r1
	st.q	r0,  0x238, r1

	getcon	sr,  r1
	getcon	ssr,  r2
	getcon	pssr,  r3
	getcon	spc,  r4
	getcon	pspc,  r5
	getcon	intevt,  r6
	getcon	expevt,  r7
	getcon	pexpevt,  r8
	getcon	tra,  r9
	getcon	tea,  r10
	getcon	kcr0, r11
	getcon	kcr1, r12
	getcon	vbr,  r13
	getcon	resvec,  r14

	st.q	r0,  0x240, r1
	st.q	r0,  0x248, r2
	st.q	r0,  0x250, r3
	st.q	r0,  0x258, r4
	st.q	r0,  0x260, r5
	st.q	r0,  0x268, r6
	st.q	r0,  0x270, r7
	st.q	r0,  0x278, r8
	st.q	r0,  0x280, r9
	st.q	r0,  0x288, r10
	st.q	r0,  0x290, r11
	st.q	r0,  0x298, r12
	st.q	r0,  0x2a0, r13
	st.q	r0,  0x2a8, r14

	getcon	SPC,r2
	getcon	SSR,r3
	getcon	EXPEVT,r4
	/* Prepare to jump to C - physical address */
	movi	panic_handler-CONFIG_PAGE_OFFSET, r1
	ori	r1, 1, r1
	ptabs   r1, tr0
	getcon	DCR, SP
	blink	tr0, ZERO
	nop
	nop
	nop
	nop




/*
 * --- Signal Handling Section
 */

/*
 * extern long long _sa_default_rt_restorer
 * extern long long _sa_default_restorer
 *
 *		 or, better,
 *
 * extern void _sa_default_rt_restorer(void)
 * extern void _sa_default_restorer(void)
 *
 * Code prototypes to do a sys_rt_sigreturn() or sys_sysreturn()
 * from user space. Copied into user space by signal management.
 * Both must be quad aligned and 2 quad long (4 instructions).
 *
 */
	.balign 8
	.global sa_default_rt_restorer
sa_default_rt_restorer:
	movi	0x10, r9
	shori	__NR_rt_sigreturn, r9
	trapa	r9
	nop

	.balign 8
	.global sa_default_restorer
sa_default_restorer:
	movi	0x10, r9
	shori	__NR_sigreturn, r9
	trapa	r9
	nop

/*
 * --- __ex_table Section
 */

/*
 * User Access Exception Table.
 */
	.section	__ex_table,  "a"

	.global asm_uaccess_start	/* Just a marker */
asm_uaccess_start:

#ifdef CONFIG_MMU
	.long	___copy_user1, ___copy_user_exit
	.long	___copy_user2, ___copy_user_exit
	.long	___clear_user1, ___clear_user_exit
#endif
	.long	___get_user_asm_b1, ___get_user_asm_b_exit
	.long	___get_user_asm_w1, ___get_user_asm_w_exit
	.long	___get_user_asm_l1, ___get_user_asm_l_exit
	.long	___get_user_asm_q1, ___get_user_asm_q_exit
	.long	___put_user_asm_b1, ___put_user_asm_b_exit
	.long	___put_user_asm_w1, ___put_user_asm_w_exit
	.long	___put_user_asm_l1, ___put_user_asm_l_exit
	.long	___put_user_asm_q1, ___put_user_asm_q_exit

	.global asm_uaccess_end		/* Just a marker */
asm_uaccess_end:




/*
 * --- .init.text Section
 */

	__INIT

/*
 * void trap_init (void)
 *
 */
	.global	trap_init
trap_init:
	addi	SP, -24, SP			/* Room to save r28/r29/r30 */
	st.q	SP, 0, r28
	st.q	SP, 8, r29
	st.q	SP, 16, r30

	/* Set VBR and RESVEC */
	movi	LVBR_block, r19
	andi	r19, -4, r19			/* reset MMUOFF + reserved */
	/* For RESVEC exceptions we force the MMU off, which means we need the
	   physical address. */
	movi	LRESVEC_block-CONFIG_PAGE_OFFSET, r20
	andi	r20, -4, r20			/* reset reserved */
	ori	r20, 1, r20			/* set MMUOFF */
	putcon	r19, VBR
	putcon	r20, RESVEC

	/* Sanity check */
	movi	LVBR_block_end, r21
	andi	r21, -4, r21
	movi	BLOCK_SIZE, r29			/* r29 = expected size */
	or	r19, ZERO, r30
	add	r19, r29, r19

	/*
	 * Ugly, but better loop forever now than crash afterwards.
	 * We should print a message, but if we touch LVBR or
	 * LRESVEC blocks we should not be surprised if we get stuck
	 * in trap_init().
	 */
	pta	trap_init_loop, tr1
	gettr	tr1, r28			/* r28 = trap_init_loop */
	sub	r21, r30, r30			/* r30 = actual size */

	/*
	 * VBR/RESVEC handlers overlap by being bigger than
	 * allowed. Very bad. Just loop forever.
	 * (r28) panic/loop address
	 * (r29) expected size
	 * (r30) actual size
	 */
trap_init_loop:
	bne	r19, r21, tr1

	/* Now that exception vectors are set up reset SR.BL */
	getcon 	SR, r22
	movi	SR_UNBLOCK_EXC, r23
	and	r22, r23, r22
	putcon	r22, SR

	addi	SP, 24, SP
	ptabs	LINK, tr0
	blink	tr0, ZERO