ARMv8Linux内核head.S主要工作内容:
1、 从el2特权级退回到el1
2、 确认处理器类型
3、 计算内核镜像的起始物理地址及物理地址与虚拟地址之间的偏移
4、 验证设备树的地址是否有效
5、 创建页表,用于启动内核
6、 设置CPU(cpu_setup),用于使能MMU
7、 使能MMU
8、 交换数据段
9、 跳转到start_kernel函数继续运行。
/*
*Low-level CPU initialisation
*Based on arch/arm/kernel/head.S
*
*Copyright (C) 1994-2002 Russell King
*Copyright (C) 2003-2012 ARM Ltd.
*Authors: Catalin Marinas<[email protected]>
* Will Deacon<[email protected]>
*
*This program is free software; you can redistribute it and/or modify
* itunder the terms of the GNU General Public License version 2 as
*published by the Free Software Foundation.
*
*This program is distributed in the hope that it will be useful,
*but WITHOUT ANY WARRANTY; without even the implied warranty of
*MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
*GNU General Public License for more details.
*
*You should have received a copy of the GNU General Public License
*along with this program. If not, see<http://www.gnu.org/licenses/>.
*/
#include <linux/linkage.h>
#include <linux/init.h>
#include <asm/assembler.h>
#include <asm/ptrace.h>
#include <asm/asm-offsets.h>
#include <asm/memory.h>
#include <asm/thread_info.h>
#include <asm/pgtable-hwdef.h>
#include <asm/pgtable.h>
#include <asm/page.h>
/*
*swapper_pg_dir is the virtual address of the initial page table. We place
*the page tables 3 * PAGE_SIZE below KERNEL_RAM_VADDR. The idmap_pg_dir has
* 2pages and is placed below swapper_pg_dir.
*/
#define KERNEL_RAM_VADDR (PAGE_OFFSET + TEXT_OFFSET)
#if (KERNEL_RAM_VADDR & 0xfffff) !=0x80000
#error KERNEL_RAM_VADDR must start at0xXXX80000
#endif
#define SWAPPER_DIR_SIZE (3 * PAGE_SIZE)
#define IDMAP_DIR_SIZE (2 * PAGE_SIZE)
.globl swapper_pg_dir
.equ swapper_pg_dir, KERNEL_RAM_VADDR -SWAPPER_DIR_SIZE
.globl idmap_pg_dir
.equ idmap_pg_dir, swapper_pg_dir - IDMAP_DIR_SIZE
.macro pgtbl, ttb0, ttb1, phys
add \ttb1, \phys, #TEXT_OFFSET - SWAPPER_DIR_SIZE
sub \ttb0, \ttb1, #IDMAP_DIR_SIZE
.endm
#ifdef CONFIG_ARM64_64K_PAGES
#define BLOCK_SHIFT PAGE_SHIFT
#define BLOCK_SIZE PAGE_SIZE
#else
#define BLOCK_SHIFT SECTION_SHIFT
#define BLOCK_SIZE SECTION_SIZE
#endif
#define KERNEL_START KERNEL_RAM_VADDR
#define KERNEL_END _end
/*
*Initial memory map attributes.
*/
#ifndef CONFIG_SMP
#define PTE_FLAGS PTE_TYPE_PAGE | PTE_AF
#define PMD_FLAGS PMD_TYPE_SECT | PMD_SECT_AF
#else
#define PTE_FLAGS PTE_TYPE_PAGE | PTE_AF | PTE_SHARED
#define PMD_FLAGS PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S
#endif
#ifdef CONFIG_ARM64_64K_PAGES
#define MM_MMUFLAGS PTE_ATTRINDX(MT_NORMAL) | PTE_FLAGS
#define IO_MMUFLAGS PTE_ATTRINDX(MT_DEVICE_nGnRE) | PTE_XN | PTE_FLAGS
#else
#define MM_MMUFLAGS PMD_ATTRINDX(MT_NORMAL) | PMD_FLAGS
#define IO_MMUFLAGS PMD_ATTRINDX(MT_DEVICE_nGnRE) | PMD_SECT_XN | PMD_FLAGS
#endif
/*
*Kernel startup entry point.
*---------------------------
*
*The requirements are:
* MMU= off, D-cache = off, I-cache = on or off,
* x0 =physical address to the FDT blob.
*
*This code is mostly position independent so you call this at
*__pa(PAGE_OFFSET + TEXT_OFFSET).
*
*Note that the callee-saved registers are used for storing variables
*that are useful before the MMU is enabled. The allocations are described
* inthe entry routines.
*/
__HEAD //这是一个宏定义;#define__HEAD .section ".head.text","ax"; .section是伪指令ax代表允许执行
/*
* DO NOT MODIFY. Image header expected byLinux boot-loaders.
*/
b stext //branch to kernel start, magic
.long 0 //reserved
.quad TEXT_OFFSET // Image load offset from start of RAM
.quad 0 //reserved
.quad 0 //reserved
ENTRY(stext)
mov x21, x0 //x21=FDT,x21中保存的是由Uboot传进来的,设备树在内存中的地址。
bl el2_setup //Drop to EL1,从当前特权级跳入EL1,具体函数内容请看下面el2_setup函数。
mrs x22, midr_el1 //x22=cpuid,x22中保存着cpuid,用以判断运行当前这段代码的CPU是哪一个。
mov x0, x22 //x0=cpuid,用于传送参数给函数lookup_processor_type。
bl lookup_processor_type //查看处理器类型,见后面具体定义
mov x23, x0 //x23=current cpu_table 把函数lookup_processor_type返回的cpu_table地址给x23
cbz x23, __error_p // invalid processor (x23=0)?
bl __calc_phys_offset //计算起始物理地址,返回的值中x24=PHYS_OFFSET, x28=PHYS_OFFSET-PAGE_OFFSET
bl __vet_fdt //返回后的x21中要么是无效保存0,要么是有效地fdt地址
bl __create_page_tables //为内核创建临时页表 x25=TTBR0,x26=TTBR1,本函数所建立的页表在后面paging_init会销毁重建。
/*
* The following calls CPU specific code in aposition independent
* manner. See arch/arm64/mm/proc.S fordetails. x23 = base of
* cpu_info structure selected bylookup_processor_type above.
* On return, the CPU will be ready for the MMUto be turned on and
* the TCR will have been set.
*/
ldr x27, __switch_data //由函数__enable_mmu中调用,此时MMU已经开启
adr lr, __enable_mmu //返回“地址无关”的地址,由函数__cpu_setup返回时调用,该函数中执行brx27调用__switch_data函数
ldr x12, [x23,#CPU_INFO_SETUP]
add x12, x12, x28 // __virt_to_phys
br x12 //x12中存放的是cpu_info结构体的cpu_setup字段
//该字段在cpu_table中被初始化为__cpu_setup函数,所里这里调用cpu_setup,不在本文件中暂不分析
//该函数返回后会把lr给pc,即直接调用上面的__enable_mmu
ENDPROC(stext)
/*
* If we're fortunate enough to boot at EL2,ensure that the world is
* sane before dropping to EL1.
*/
ENTRY(el2_setup)
mrs x0, CurrentEL //获得当前特权级
cmp x0, #PSR_MODE_EL2t //对比当前特权级是否为EL2
ccmp x0,#PSR_MODE_EL2h, #0x4, ne //NZCV= if notequal then CMP(x0,# PSR_MODE_EL2h) else 0x4
b.eq 1f
ret
/* Hyp configuration. */
1: mov x0, #(1 << 31) // 64-bit EL1,配置hypervisor模式控制寄存器
msr hcr_el2, x0
/* Generic timers. */ //配置通用时钟控制寄存器,使能EL1物理时钟
mrs x0, cnthctl_el2
orr x0, x0, #3 // Enable EL1 physicaltimers
msr cnthctl_el2, x0
/* Populate ID registers. */ //把ID寄存器移植到相应的虚拟化id配置寄存器中
mrs x0, midr_el1
mrs x1, mpidr_el1
msr vpidr_el2, x0
msr vmpidr_el2, x1
/* sctlr_el1 */ //把0x30d00800赋值给sctlr_el1寄存器
mov x0, #0x0800 // Set/clear RES{1,0} bits
movk x0,#0x30d0, lsl #16
msr sctlr_el1, x0
/* Coprocessor traps. */ //关闭协处理器异常陷入到EL2
mov x0, #0x33ff
msr cptr_el2, x0 // Disable copro. traps toEL2
#ifdef CONFIG_COMPAT
msr hstr_el2, xzr // Disable CP15 traps toEL2
#endif
/* spsr */
mov x0, #(PSR_F_BIT |PSR_I_BIT | PSR_A_BIT | PSR_D_BIT |\
PSR_MODE_EL1h)
msr spsr_el2, x0 //设置状态寄存器,退出EL2,进入EL1
msr elr_el2, lr
eret
ENDPROC(el2_setup)
.align 3
2: .quad .
.quad PAGE_OFFSET
//如果不是对称多处理(SMP)系统,则下面的次级CPU初始化功能都不做
#ifdef CONFIG_SMP
.pushsection .smp.pen.text, "ax"
.align 3
1: .quad .
.quad secondary_holding_pen_release
/*
* This provides a "holding pen" forplatforms to hold all secondary
* cores are held until we're ready for them toinitialise.
*/
ENTRY(secondary_holding_pen)
bl el2_setup //Drop to EL1
mrs x0, mpidr_el1
and x0, x0, #15 //CPU number
adr x1, 1b
ldp x2, x3, [x1]
sub x1, x1, x2
add x3, x3, x1
pen: ldr x4, [x3]
cmp x4, x0
b.eq secondary_startup
wfe
b pen
ENDPROC(secondary_holding_pen)
.popsection
ENTRY(secondary_startup)
/*
* Common entry point for secondary CPUs.
*/
mrs x22, midr_el1 //x22=cpuid
mov x0, x22
bl lookup_processor_type
mov x23, x0 //x23=current cpu_table
cbz x23, __error_p // invalid processor (x23=0)?
bl __calc_phys_offset // x24=phys offset
pgtbl x25, x26, x24 // x25=TTBR0, x26=TTBR1
ldr x12, [x23, #CPU_INFO_SETUP]
add x12, x12, x28 //__virt_to_phys
blr x12 //initialise processor
ldr x21, =secondary_data
ldr x27, =__secondary_switched // address to jump to after enablingthe MMU
b __enable_mmu
ENDPROC(secondary_startup)
ENTRY(__secondary_switched)
ldr x0, [x21] //get secondary_data.stack
mov sp, x0
mov x29, #0
b secondary_start_kernel
ENDPROC(__secondary_switched)
#endif /* CONFIG_SMP */
/*
* Setup common bits before finally enablingthe MMU. Essentially this is just
* loading the page table pointer and vectorbase registers.
*
* On entry to this code, x0 must contain theSCTLR_EL1 value for turning on
* the MMU.
*/
__enable_mmu:
ldr x5, =vectors
msr vbar_el1, x5
msr ttbr0_el1, x25 // load TTBR0
msr ttbr1_el1, x26 // load TTBR1
isb
b __turn_mmu_on
ENDPROC(__enable_mmu)
/*
* Enable the MMU. This completely changes thestructure of the visible memory
* space. You will not be able to traceexecution through this.
*
* x0 = system control register
* x27 =*virtual* address to jump to upon completion
*
* other registers depend on the functioncalled upon completion
*/
.align 6
__turn_mmu_on:
msr sctlr_el1, x0
isb
br x27
ENDPROC(__turn_mmu_on)
/*
* Calculate the start of physical memory.
*/
__calc_phys_offset: //计算起始物理地址值
adr x0, 1f //把标号1处地址给x0,因为adr指令是相对当前pc寄存器的偏移,而pc即物理地址所以这里是1f处的物理地址
ldp x1, x2, [x0] //把标号1处的前八字节给x1,后八字节给x2
sub x28, x0, x1 // 利用x0-x1计算虚拟物理地址之间的偏移。x28 = PHYS_OFFSET - PAGE_OFFSET,
add x24, x2, x28 // x24 = PHYS_OFFSET,计算出起始物理地址给x24
ret
ENDPROC(__calc_phys_offset)
.align 3
1: .quad .
.quad PAGE_OFFSET
/*
* Macro to populate the PGD for thecorresponding block entry in the next
* level (tbl) for the given virtual address.
*
* Preserves: pgd,tbl, virt
* Corrupts: tmp1,tmp2
*/
.macro create_pgd_entry,pgd, tbl, virt, tmp1, tmp2
lsr \tmp1, \virt,#PGDIR_SHIFT
and \tmp1, \tmp1, #PTRS_PER_PGD- 1 // PGD index
orr \tmp2, \tbl, #3 // PGD entry tabletype
str \tmp2, [\pgd,\tmp1, lsl #3]
.endm
/*
* Macro to populate block entries in the pagetable for the start..end
* virtual range (inclusive).
*
* Preserves: tbl,flags
* Corrupts: phys,start, end, pstate
*/
.macro create_block_map,tbl, flags, phys, start, end, idmap=0
lsr \phys, \phys,#BLOCK_SHIFT
.if \idmap
and \start, \phys,#PTRS_PER_PTE - 1 // table index
.else
lsr \start, \start,#BLOCK_SHIFT
and \start, \start,#PTRS_PER_PTE - 1 // table index
.endif
orr \phys, \flags,\phys, lsl #BLOCK_SHIFT // table entry
.ifnc \start,\end
lsr \end, \end,#BLOCK_SHIFT
and \end, \end,#PTRS_PER_PTE - 1 // table endindex
.endif
9999: str \phys, [\tbl,\start, lsl #3] // storethe entry
.ifnc \start,\end
add \start, \start, #1 // next entry
add \phys, \phys,#BLOCK_SIZE // next block
cmp \start, \end
b.ls 9999b
.endif
.endm
/*
*设置初始化页表。我们只设置使内核能跑起来的最少数量的页表
*以下内容是必须的
* - 一致性映射用于使能MMU(低地址,TTBR0)
* -前几MB的内核线性映射包含FDT块(TTBR1)
* 为了解释更清楚,找了个网图,该图地址从下网上递增
*/
//内核镜像里的所有符号都是虚拟地址,在完成了基本初始化,内核需要跳到C语言的start_kernel运行,
//此时如果不开启MMU,则符号的地址当成物理地址,直接使用会导致内核崩溃。
//ARMv8页表建立过程请参看我的另一篇博文;ARMv8(aarch64)页表建立过程详细分析
__create_page_tables:
pgtbl x25,x26, x24 //idmap_pg_dir and swapper_pg_dir addresses看前面pgtbl宏,
//x25:ttbr0(两个page), x26:ttbr1(3个page) x24:内核起始物理地址。
//这里宏的意思是,在上图KERNEL_RAM_PADDR下面,PHYS_OFFSET上面开辟3个页面,起始地址给x26,
//然后再开辟2个页面,起始地址给x25
/*
* Clear the idmap andswapper page tables.
*/
mov x0, x25
add x6, x26,#SWAPPER_DIR_SIZE //以下内容就是清空上面申请的五个页面
1: stp xzr, xzr, [x0], #16
stp xzr, xzr, [x0],#16
stp xzr, xzr, [x0],#16
stp xzr, xzr, [x0],#16
cmp x0, x6
b.lo 1b
ldr x7, =MM_MMUFLAGS //内核中该标号定义是:#defineMM_MMUFLAGS PTE_ATTRINDX(MT_NORMAL)| PTE_FLAGS
//#define MT_NORMAL 4; #definePTE_FLAGS PTE_TYPE_PAGE | PTE_AF |PTE_SHARED
/*
* Create the identitymapping.
*/
add x0, x25,#PAGE_SIZE // section tableaddress
adr x3, __turn_mmu_on // virtual/physical address
create_pgd_entry x25, x0, x3, x5, x6
create_block_map x0, x7, x3, x5, x5, idmap=1
/*
* Map the kernelimage (starting with PHYS_OFFSET).
*/
add x0, x26,#PAGE_SIZE // section tableaddress
mov x5, #PAGE_OFFSET
create_pgd_entry x26, x0, x5, x3, x6
ldr x6, =KERNEL_END- 1
mov x3, x24 // phys offset
create_block_map x0, x7, x3, x5, x6
/*
* Map the FDT blob(maximum 2MB; must be within 512MB of
* PHYS_OFFSET).
*/
mov x3, x21 // FDT physaddress
and x3, x3, #~((1<< 21) - 1) // 2MB aligned
mov x6, #PAGE_OFFSET
sub x5, x3, x24 // subtract PHYS_OFFSET
tst x5, #~((1<< 29) - 1) //within 512MB?
csel x21, xzr, x21, ne // zero the FDT pointer
b.ne 1f
add x5, x5, x6 // __va(FDT blob)
add x6, x5, #1<< 21 // 2MB for theFDT blob
sub x6, x6, #1 // inclusive range
create_block_map x0, x7, x3, x5, x6
1:
ret
ENDPROC(__create_page_tables)
.ltorg
.align 3
.type __switch_data,%object
__switch_data: //先定义一些标号
.quad __mmap_switched
.quad __data_loc // x4
.quad _data // x5
.quad __bss_start // x6
.quad _end // x7
.quad processor_id // x4
.quad __fdt_pointer // x5
.quad memstart_addr // x6
.quad init_thread_union+ THREAD_START_SP // sp
/*
*该函数在MMU开启后执行,用于设置C语言运行时的环境,例如执行重定位,设置堆栈,清空BSS段等
*/
__mmap_switched:
adr x3, __switch_data+ 8 //x3指向__data_loc起始处
ldp x4, x5, [x3], #16 //x4=__data_loc;x5=_data
ldp x6, x7, [x3], #16 //x6=__bss_start;x7=_end
/*
这段代码比较难懂,直接翻译过来如下:
if(__data_loc==_data)
b 2f
else
if _data==__bss_start
b 2f
else
memcpy(_data, __data_loc,8)
效果等同于:
if (__data_loc == _data || _data != _bass_start)
memcpy(_data, __data_loc, 8);
*/
cmp x4, x5 // Copy datasegment if needed,
1: ccmp x5, x6, #4, ne
b.eq 2f
ldr x16, [x4], #8
str x16, [x5], #8
b 1b
2:
1: cmp x6, x7
b.hs 2f
str xzr, [x6], #8 // Clear BSS
b 1b
2:
ldp x4, x5, [x3], #16
ldr x6, [x3], #8
ldr x16, [x3]
mov sp, x16 //设置栈指针
str x22, [x4] // Save processor ID
str x21, [x5] // Save FDT pointer
str x24, [x6] // Save PHYS_OFFSET
mov x29, #0
b start_kernel //跳到start_kernel继续运行
ENDPROC(__mmap_switched)
/*
* Exception handling. Something went wrong andwe can't proceed. We ought to
* tell the user, but since we don't have anyguarantee that we're even
* running on the right architecture, we dovirtually nothing.
*/
__error_p:
ENDPROC(__error_p)
__error:
1: nop
b 1b
ENDPROC(__error)
/*
* This function gets the processor ID in w0and searches the cpu_table[] for
* a match. It returns a pointer to the structcpu_info it found. The
* cpu_table[] must end with an empty (allzeros) structure.
*
* This routine can be called via C code and itneeds to work with the MMU
* both disabled and enabled (the offset iscalculated automatically).
*/
ENTRY(lookup_processor_type)
adr x1,__lookup_processor_type_data //把标号__lookup_processor_type_data的虚拟地址给x1,见下面标号内容
ldp x2, x3, [x1] //把x1地址处的内容前16字节分别给x3,x2。X2中存储前八字节
sub x1, x1, x2 // get offset between VA andPA x1减去x2就是虚拟地址与物理地址的差值,
//再加上x3,就是cpu_table结构体在内存中的物理地址,在赋值给x3.
add x3, x3, x1 // convert VA to PA
1:
/*结构体cpu_info内容:
*struct cpu_info {
*unsigned int cpu_id_val;
*unsigned int cpu_id_mask;
*const char *cpu_name;
*unsigned long (*cpu_setup)(void);};
*/
ldp w5, w6, [x3] // load cpu_id_val andcpu_id_mask 把cpu_table这个结构体的前八字节分别给w6,w5,w5存储前4字节。即cpu id
cbz w5, 2f // end of list?,如果w5寄存器值为0,则跳转到前面2标号处
and w6, w6, w0 //把cpu id mask与w0寄存器(CPUID)做与运算,w0就是前面mrs x22,midr_el1执行结果,即cpuid
cmp w5, w6 //对比操作系统中设定的CPUID与实际的处理器ID是否相同
b.eq 3f //相同则跳转到标号3处
add x3, x3,#CPU_INFO_SZ //否则把x3的值加上sizeof(cpuinfo)【=sizeof(cpu_table)】,再跳转到后面标号1处做比对。
b 1b
2:
mov x3, #0 // unknownprocessor,由于cpu id为零,无法识别处理器
3:
mov x0, x3 //把x3中内容存到x0中,当做参数返回。X3存储的是cpu_table的物理地址
ret
ENDPROC(lookup_processor_type)
.align 3
.type __lookup_processor_type_data,%object
__lookup_processor_type_data:
.quad .
.quad cpu_table
.size __lookup_processor_type_data,. - __lookup_processor_type_data
/*
* Determine validity of the x21 FDT pointer.
* The dtb must be 8-byte aligned and live inthe first 512M of memory.
* 判断x21寄存器中的FDT指针是否有效;dtb必须是8字节对齐并且在内存前512M中
*/
__vet_fdt:
tst x21, #0x7 //前面提到过x21中存放fdt地址,测试低三位
b.ne 1f
cmp x21, x24 //对比x21地址与内核镜像起始物理地址PHYS_OFFSET比对,若小于则无效
b.lt 1f
mov x0, #(1 <<29) //1<<29=512M
add x0, x0, x24 //对比x21与起始物理地址+512M
cmp x21, x0
b.ge 1f //如果大于512M则无效
ret //否则返回
1:
mov x21, #0 //清空x21并返回
ret
ENDPROC(__vet_fdt)