ARMv8 Linux内核head.S源码分析

ARMv8Linux内核head.S主要工作内容:

1、 从el2特权级退回到el1

2、 确认处理器类型

3、 计算内核镜像的起始物理地址及物理地址与虚拟地址之间的偏移

4、 验证设备树的地址是否有效

5、 创建页表,用于启动内核

6、 设置CPU(cpu_setup),用于使能MMU

7、 使能MMU

8、 交换数据段

9、 跳转到start_kernel函数继续运行。

 

 

 

/*

 *Low-level CPU initialisation

 *Based on arch/arm/kernel/head.S

 *

 *Copyright (C) 1994-2002 Russell King

 *Copyright (C) 2003-2012 ARM Ltd.

 *Authors:     Catalin Marinas<[email protected]>

 *             Will Deacon<[email protected]>

 *

 *This program is free software; you can redistribute it and/or modify

 * itunder the terms of the GNU General Public License version 2 as

 *published by the Free Software Foundation.

 *

 *This program is distributed in the hope that it will be useful,

 *but WITHOUT ANY WARRANTY; without even the implied warranty of

 *MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *GNU General Public License for more details.

 *

 *You should have received a copy of the GNU General Public License

 *along with this program.  If not, see<http://www.gnu.org/licenses/>.

 */

 

#include <linux/linkage.h>

#include <linux/init.h>

 

#include <asm/assembler.h>

#include <asm/ptrace.h>

#include <asm/asm-offsets.h>

#include <asm/memory.h>

#include <asm/thread_info.h>

#include <asm/pgtable-hwdef.h>

#include <asm/pgtable.h>

#include <asm/page.h>

 

/*

 *swapper_pg_dir is the virtual address of the initial page table. We place

 *the page tables 3 * PAGE_SIZE below KERNEL_RAM_VADDR. The idmap_pg_dir has

 * 2pages and is placed below swapper_pg_dir.

 */

#define KERNEL_RAM_VADDR      (PAGE_OFFSET + TEXT_OFFSET)

 

#if (KERNEL_RAM_VADDR & 0xfffff) !=0x80000

#error KERNEL_RAM_VADDR must start at0xXXX80000

#endif

 

#define SWAPPER_DIR_SIZE  (3 * PAGE_SIZE)

#define IDMAP_DIR_SIZE                (2 * PAGE_SIZE)

 

         .globl       swapper_pg_dir

         .equ swapper_pg_dir, KERNEL_RAM_VADDR -SWAPPER_DIR_SIZE

 

         .globl       idmap_pg_dir

         .equ idmap_pg_dir, swapper_pg_dir - IDMAP_DIR_SIZE

 

         .macro     pgtbl, ttb0, ttb1, phys

         add  \ttb1, \phys, #TEXT_OFFSET - SWAPPER_DIR_SIZE

         sub   \ttb0, \ttb1, #IDMAP_DIR_SIZE

         .endm

 

#ifdef CONFIG_ARM64_64K_PAGES

#define BLOCK_SHIFT    PAGE_SHIFT

#define BLOCK_SIZE       PAGE_SIZE

#else

#define BLOCK_SHIFT    SECTION_SHIFT

#define BLOCK_SIZE       SECTION_SIZE

#endif

 

#define KERNEL_START KERNEL_RAM_VADDR

#define KERNEL_END     _end

 

/*

 *Initial memory map attributes.

 */

#ifndef CONFIG_SMP

#define PTE_FLAGS         PTE_TYPE_PAGE | PTE_AF

#define PMD_FLAGS       PMD_TYPE_SECT | PMD_SECT_AF

#else

#define PTE_FLAGS         PTE_TYPE_PAGE | PTE_AF | PTE_SHARED

#define PMD_FLAGS       PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S

#endif

 

#ifdef CONFIG_ARM64_64K_PAGES

#define MM_MMUFLAGS      PTE_ATTRINDX(MT_NORMAL) | PTE_FLAGS

#define IO_MMUFLAGS PTE_ATTRINDX(MT_DEVICE_nGnRE) | PTE_XN | PTE_FLAGS

#else

#define MM_MMUFLAGS      PMD_ATTRINDX(MT_NORMAL) | PMD_FLAGS

#define IO_MMUFLAGS PMD_ATTRINDX(MT_DEVICE_nGnRE) | PMD_SECT_XN | PMD_FLAGS

#endif

 

/*

 *Kernel startup entry point.

 *---------------------------

 *

 *The requirements are:

 *   MMU= off, D-cache = off, I-cache = on or off,

 *   x0 =physical address to the FDT blob.

 *

 *This code is mostly position independent so you call this at

 *__pa(PAGE_OFFSET + TEXT_OFFSET).

 *

 *Note that the callee-saved registers are used for storing variables

 *that are useful before the MMU is enabled. The allocations are described

 * inthe entry routines.

 */

         __HEAD                    //这是一个宏定义;#define__HEAD          .section         ".head.text","ax"; .section是伪指令ax代表允许执行

 

         /*

          * DO NOT MODIFY. Image header expected byLinux boot-loaders.

          */

         b       stext                                   //branch to kernel start, magic

         .long        0                                 //reserved

         .quad       TEXT_OFFSET                   // Image load offset from start of RAM

         .quad       0                                 //reserved

         .quad       0                                 //reserved

 

ENTRY(stext)

         mov x21, x0                               //x21=FDT,x21中保存的是由Uboot传进来的,设备树在内存中的地址。

         bl      el2_setup                          //Drop to EL1,从当前特权级跳入EL1,具体函数内容请看下面el2_setup函数。

         mrs  x22, midr_el1                   //x22=cpuid,x22中保存着cpuid,用以判断运行当前这段代码的CPU是哪一个。

         mov x0, x22                               //x0=cpuid,用于传送参数给函数lookup_processor_type。

         bl      lookup_processor_type //查看处理器类型,见后面具体定义

         mov x23, x0                               //x23=current cpu_table       把函数lookup_processor_type返回的cpu_table地址给x23

         cbz   x23, __error_p                          // invalid processor (x23=0)?

         bl      __calc_phys_offset                 //计算起始物理地址,返回的值中x24=PHYS_OFFSET, x28=PHYS_OFFSET-PAGE_OFFSET

         bl      __vet_fdt                                   //返回后的x21中要么是无效保存0,要么是有效地fdt地址

         bl      __create_page_tables            //为内核创建临时页表 x25=TTBR0,x26=TTBR1,本函数所建立的页表在后面paging_init会销毁重建。

         /*

          * The following calls CPU specific code in aposition independent

          * manner. See arch/arm64/mm/proc.S fordetails. x23 = base of

          * cpu_info structure selected bylookup_processor_type above.

          * On return, the CPU will be ready for the MMUto be turned on and

          * the TCR will have been set.

          */

         ldr    x27, __switch_data                 //由函数__enable_mmu中调用,此时MMU已经开启

         adr   lr, __enable_mmu           //返回“地址无关”的地址,由函数__cpu_setup返回时调用,该函数中执行brx27调用__switch_data函数

         ldr    x12, [x23,#CPU_INFO_SETUP]

         add  x12, x12, x28                    // __virt_to_phys

         br     x12                             //x12中存放的是cpu_info结构体的cpu_setup字段

                                                     //该字段在cpu_table中被初始化为__cpu_setup函数,所里这里调用cpu_setup,不在本文件中暂不分析

                                                     //该函数返回后会把lr给pc,即直接调用上面的__enable_mmu

ENDPROC(stext)

 

/*

 * If we're fortunate enough to boot at EL2,ensure that the world is

 * sane before dropping to EL1.

 */

ENTRY(el2_setup)

         mrs  x0, CurrentEL                                     //获得当前特权级

         cmp x0, #PSR_MODE_EL2t                      //对比当前特权级是否为EL2

         ccmp        x0,#PSR_MODE_EL2h, #0x4, ne   //NZCV= if notequal then CMP(x0,# PSR_MODE_EL2h) else 0x4

         b.eq 1f

         ret

 

         /* Hyp configuration. */

1:     mov x0, #(1 << 31)                   // 64-bit EL1,配置hypervisor模式控制寄存器

         msr  hcr_el2, x0

 

         /* Generic timers. */               //配置通用时钟控制寄存器,使能EL1物理时钟

         mrs  x0, cnthctl_el2

         orr   x0, x0, #3                          // Enable EL1 physicaltimers

         msr  cnthctl_el2, x0

 

         /* Populate ID registers. */            //把ID寄存器移植到相应的虚拟化id配置寄存器中

         mrs  x0, midr_el1

         mrs  x1, mpidr_el1

         msr  vpidr_el2, x0

         msr  vmpidr_el2, x1

 

         /* sctlr_el1 */                           //把0x30d00800赋值给sctlr_el1寄存器

         mov x0, #0x0800                      // Set/clear RES{1,0} bits

         movk        x0,#0x30d0, lsl #16

         msr  sctlr_el1, x0

 

         /* Coprocessor traps. */                 //关闭协处理器异常陷入到EL2

         mov x0, #0x33ff

         msr  cptr_el2, x0                      // Disable copro. traps toEL2

 

#ifdef CONFIG_COMPAT

         msr  hstr_el2, xzr                      // Disable CP15 traps toEL2

#endif

 

         /* spsr */

         mov x0, #(PSR_F_BIT |PSR_I_BIT | PSR_A_BIT | PSR_D_BIT |\

                       PSR_MODE_EL1h)

         msr  spsr_el2, x0              //设置状态寄存器,退出EL2,进入EL1

         msr  elr_el2, lr

         eret

ENDPROC(el2_setup)

 

         .align        3

2:     .quad       .

         .quad       PAGE_OFFSET

//如果不是对称多处理(SMP)系统,则下面的次级CPU初始化功能都不做

#ifdef CONFIG_SMP

         .pushsection    .smp.pen.text, "ax"

         .align        3

1:     .quad       .

         .quad       secondary_holding_pen_release

 

         /*

          * This provides a "holding pen" forplatforms to hold all secondary

          * cores are held until we're ready for them toinitialise.

          */

ENTRY(secondary_holding_pen)

         bl      el2_setup                          //Drop to EL1

         mrs  x0, mpidr_el1

         and  x0, x0, #15                        //CPU number

         adr   x1, 1b

         ldp   x2, x3, [x1]

         sub   x1, x1, x2

         add  x3, x3, x1

pen: ldr    x4, [x3]

         cmp x4, x0

         b.eq secondary_startup

         wfe

         b       pen

ENDPROC(secondary_holding_pen)

         .popsection

 

ENTRY(secondary_startup)

         /*

          * Common entry point for secondary CPUs.

          */

         mrs  x22, midr_el1                   //x22=cpuid

         mov x0, x22

         bl      lookup_processor_type

         mov x23, x0                               //x23=current cpu_table

         cbz   x23, __error_p                          // invalid processor (x23=0)?

 

         bl      __calc_phys_offset                 // x24=phys offset

         pgtbl        x25, x26, x24                    // x25=TTBR0, x26=TTBR1

         ldr    x12, [x23, #CPU_INFO_SETUP]

         add  x12, x12, x28                    //__virt_to_phys

         blr    x12                             //initialise processor

 

         ldr    x21, =secondary_data

         ldr    x27, =__secondary_switched         // address to jump to after enablingthe MMU

         b       __enable_mmu

ENDPROC(secondary_startup)

 

ENTRY(__secondary_switched)

         ldr    x0, [x21]                   //get secondary_data.stack

         mov sp, x0

         mov x29, #0

         b       secondary_start_kernel

ENDPROC(__secondary_switched)

#endif      /* CONFIG_SMP */

 

/*

 * Setup common bits before finally enablingthe MMU. Essentially this is just

 * loading the page table pointer and vectorbase registers.

 *

 * On entry to this code, x0 must contain theSCTLR_EL1 value for turning on

 * the MMU.

 */

__enable_mmu:

         ldr    x5, =vectors

         msr  vbar_el1, x5

         msr  ttbr0_el1, x25                  // load TTBR0

         msr  ttbr1_el1, x26                  // load TTBR1

         isb

         b       __turn_mmu_on

ENDPROC(__enable_mmu)

 

/*

 * Enable the MMU. This completely changes thestructure of the visible memory

 * space. You will not be able to traceexecution through this.

 *

 * x0  = system control register

 *  x27 =*virtual* address to jump to upon completion

 *

 * other registers depend on the functioncalled upon completion

 */

         .align        6

__turn_mmu_on:

         msr  sctlr_el1, x0

         isb

         br     x27

ENDPROC(__turn_mmu_on)

 

/*

 * Calculate the start of physical memory.

 */

__calc_phys_offset:                                  //计算起始物理地址值

         adr   x0, 1f                                  //把标号1处地址给x0,因为adr指令是相对当前pc寄存器的偏移,而pc即物理地址所以这里是1f处的物理地址

         ldp   x1, x2, [x0]                        //把标号1处的前八字节给x1,后八字节给x2

         sub   x28, x0, x1                        // 利用x0-x1计算虚拟物理地址之间的偏移。x28 = PHYS_OFFSET - PAGE_OFFSET,

         add  x24, x2, x28                      // x24 = PHYS_OFFSET,计算出起始物理地址给x24

         ret

ENDPROC(__calc_phys_offset)

 

         .align 3

1:     .quad       .

         .quad       PAGE_OFFSET

 

/*

 * Macro to populate the PGD for thecorresponding block entry in the next

 * level (tbl) for the given virtual address.

 *

 * Preserves:  pgd,tbl, virt

 * Corrupts:    tmp1,tmp2

 */

         .macro     create_pgd_entry,pgd, tbl, virt, tmp1, tmp2

         lsr     \tmp1, \virt,#PGDIR_SHIFT

         and  \tmp1, \tmp1, #PTRS_PER_PGD- 1       // PGD index

         orr   \tmp2, \tbl, #3                          // PGD entry tabletype

         str    \tmp2, [\pgd,\tmp1, lsl #3]

         .endm

 

/*

 * Macro to populate block entries in the pagetable for the start..end

 * virtual range (inclusive).

 *

 * Preserves:  tbl,flags

 * Corrupts:    phys,start, end, pstate

 */

         .macro     create_block_map,tbl, flags, phys, start, end, idmap=0

         lsr     \phys, \phys,#BLOCK_SHIFT

         .if     \idmap

         and  \start, \phys,#PTRS_PER_PTE - 1 // table index

         .else

         lsr     \start, \start,#BLOCK_SHIFT

         and  \start, \start,#PTRS_PER_PTE - 1 // table index

         .endif

         orr   \phys, \flags,\phys, lsl #BLOCK_SHIFT // table entry

         .ifnc \start,\end

         lsr     \end, \end,#BLOCK_SHIFT

         and  \end, \end,#PTRS_PER_PTE - 1             // table endindex

         .endif

9999:       str    \phys, [\tbl,\start, lsl #3]                // storethe entry

         .ifnc \start,\end

         add  \start, \start, #1                       // next entry

         add  \phys, \phys,#BLOCK_SIZE             // next block

         cmp \start, \end

         b.ls   9999b

         .endif

         .endm

 

/*

 *设置初始化页表。我们只设置使内核能跑起来的最少数量的页表

*以下内容是必须的

 *   - 一致性映射用于使能MMU(低地址,TTBR0)

*   -前几MB的内核线性映射包含FDT块(TTBR1)

* 为了解释更清楚,找了个网图,该图地址从下网上递增

 */

//内核镜像里的所有符号都是虚拟地址,在完成了基本初始化,内核需要跳到C语言的start_kernel运行,

//此时如果不开启MMU,则符号的地址当成物理地址,直接使用会导致内核崩溃。

//ARMv8页表建立过程请参看我的另一篇博文;ARMv8(aarch64)页表建立过程详细分析

__create_page_tables:

         pgtbl        x25,x26, x24                    //idmap_pg_dir and swapper_pg_dir addresses看前面pgtbl宏,

                                                                      //x25:ttbr0(两个page), x26:ttbr1(3个page)  x24:内核起始物理地址。

                                                                      //这里宏的意思是,在上图KERNEL_RAM_PADDR下面,PHYS_OFFSET上面开辟3个页面,起始地址给x26,

//然后再开辟2个页面,起始地址给x25

 

         /*

          * Clear the idmap andswapper page tables.

          */

         mov x0, x25

         add  x6, x26,#SWAPPER_DIR_SIZE                 //以下内容就是清空上面申请的五个页面

1:     stp   xzr, xzr, [x0], #16

         stp   xzr, xzr, [x0],#16

         stp   xzr, xzr, [x0],#16

         stp   xzr, xzr, [x0],#16

         cmp x0, x6

         b.lo  1b

 

         ldr    x7, =MM_MMUFLAGS            //内核中该标号定义是:#defineMM_MMUFLAGS         PTE_ATTRINDX(MT_NORMAL)| PTE_FLAGS

                                                                      //#define MT_NORMAL                 4; #definePTE_FLAGS         PTE_TYPE_PAGE | PTE_AF |PTE_SHARED

 

         /*

          * Create the identitymapping.

          */

         add  x0, x25,#PAGE_SIZE                // section tableaddress

         adr   x3, __turn_mmu_on                // virtual/physical address

         create_pgd_entry x25, x0, x3, x5, x6

         create_block_map x0, x7, x3, x5, x5, idmap=1

 

         /*

          * Map the kernelimage (starting with PHYS_OFFSET).

          */

         add  x0, x26,#PAGE_SIZE                // section tableaddress

         mov x5, #PAGE_OFFSET

         create_pgd_entry x26, x0, x5, x3, x6

         ldr    x6, =KERNEL_END- 1

         mov x3, x24                               // phys offset

         create_block_map x0, x7, x3, x5, x6

 

         /*

          * Map the FDT blob(maximum 2MB; must be within 512MB of

          * PHYS_OFFSET).

          */

         mov x3, x21                               // FDT physaddress

         and  x3, x3, #~((1<< 21) - 1)  // 2MB aligned

         mov x6, #PAGE_OFFSET

         sub   x5, x3, x24                        // subtract PHYS_OFFSET

         tst    x5, #~((1<< 29) - 1)                  //within 512MB?

         csel  x21, xzr, x21, ne               // zero the FDT pointer

         b.ne 1f

         add  x5, x5, x6                  // __va(FDT blob)

         add  x6, x5, #1<< 21               // 2MB for theFDT blob

         sub   x6, x6, #1                          // inclusive range

         create_block_map x0, x7, x3, x5, x6

1:

         ret

ENDPROC(__create_page_tables)

         .ltorg

 

         .align        3

         .type        __switch_data,%object

__switch_data:                         //先定义一些标号

         .quad       __mmap_switched

         .quad       __data_loc                       // x4

         .quad       _data                                 // x5

         .quad       __bss_start                       // x6

         .quad       _end                                   // x7

         .quad       processor_id                    // x4

         .quad       __fdt_pointer                   // x5

         .quad       memstart_addr                        // x6

         .quad       init_thread_union+ THREAD_START_SP // sp

 

/*

 *该函数在MMU开启后执行,用于设置C语言运行时的环境,例如执行重定位,设置堆栈,清空BSS段等

 */

__mmap_switched:

         adr   x3, __switch_data+ 8             //x3指向__data_loc起始处

 

         ldp   x4, x5, [x3], #16                       //x4=__data_loc;x5=_data

         ldp   x6, x7, [x3], #16                       //x6=__bss_start;x7=_end

 

         /*

这段代码比较难懂,直接翻译过来如下:

if(__data_loc==_data)          

b       2f

else

if _data==__bss_start

                  b       2f

else

         memcpy(_data, __data_loc,8)

         效果等同于:

                  if (__data_loc == _data || _data != _bass_start)  

memcpy(_data, __data_loc, 8);

*/

         cmp x4, x5                                 // Copy datasegment if needed,

1:     ccmp        x5, x6, #4, ne

         b.eq 2f

         ldr    x16, [x4], #8

         str    x16, [x5], #8

         b       1b

2:

1:     cmp x6, x7

         b.hs 2f

         str    xzr, [x6], #8                       // Clear BSS

         b       1b

2:

         ldp   x4, x5, [x3], #16

         ldr    x6, [x3], #8

         ldr    x16, [x3]

         mov sp, x16                      //设置栈指针

         str    x22, [x4]                   // Save processor ID

         str    x21, [x5]                   // Save FDT pointer

         str    x24, [x6]                   // Save PHYS_OFFSET

         mov x29, #0

         b       start_kernel             //跳到start_kernel继续运行

ENDPROC(__mmap_switched)

 

/*

 * Exception handling. Something went wrong andwe can't proceed. We ought to

 * tell the user, but since we don't have anyguarantee that we're even

 * running on the right architecture, we dovirtually nothing.

 */

__error_p:

ENDPROC(__error_p)

 

__error:

1:     nop

         b       1b

ENDPROC(__error)

 

/*

 * This function gets the processor ID in w0and searches the cpu_table[] for

 * a match. It returns a pointer to the structcpu_info it found. The

 * cpu_table[] must end with an empty (allzeros) structure.

 *

 * This routine can be called via C code and itneeds to work with the MMU

 * both disabled and enabled (the offset iscalculated automatically).

 */

ENTRY(lookup_processor_type)

         adr   x1,__lookup_processor_type_data              //把标号__lookup_processor_type_data的虚拟地址给x1,见下面标号内容

         ldp   x2, x3, [x1]                                                           //把x1地址处的内容前16字节分别给x3,x2。X2中存储前八字节

         sub   x1, x1, x2                  // get offset between VA andPA   x1减去x2就是虚拟地址与物理地址的差值,

//再加上x3,就是cpu_table结构体在内存中的物理地址,在赋值给x3.

         add  x3, x3, x1                  // convert VA to PA

1:

         /*结构体cpu_info内容:

*struct cpu_info {

          *unsigned int         cpu_id_val;

          *unsigned int         cpu_id_mask;

          *const char   *cpu_name;

          *unsigned long     (*cpu_setup)(void);};

         */

         ldp   w5, w6, [x3]                     // load cpu_id_val andcpu_id_mask 把cpu_table这个结构体的前八字节分别给w6,w5,w5存储前4字节。即cpu id

         cbz   w5, 2f                                // end of list?,如果w5寄存器值为0,则跳转到前面2标号处

         and  w6, w6, w0                       //把cpu id mask与w0寄存器(CPUID)做与运算,w0就是前面mrs        x22,midr_el1执行结果,即cpuid

         cmp w5, w6                               //对比操作系统中设定的CPUID与实际的处理器ID是否相同

         b.eq 3f                                        //相同则跳转到标号3处

         add  x3, x3,#CPU_INFO_SZ   //否则把x3的值加上sizeof(cpuinfo)【=sizeof(cpu_table)】,再跳转到后面标号1处做比对。

         b       1b

2:

         mov x3, #0                                 // unknownprocessor,由于cpu id为零,无法识别处理器

3:

         mov x0, x3                                 //把x3中内容存到x0中,当做参数返回。X3存储的是cpu_table的物理地址

         ret

ENDPROC(lookup_processor_type)

 

         .align        3

         .type        __lookup_processor_type_data,%object

__lookup_processor_type_data:

         .quad       .

         .quad       cpu_table

         .size __lookup_processor_type_data,. - __lookup_processor_type_data

 

/*

 * Determine validity of the x21 FDT pointer.

 * The dtb must be 8-byte aligned and live inthe first 512M of memory.

 * 判断x21寄存器中的FDT指针是否有效;dtb必须是8字节对齐并且在内存前512M中

 */

__vet_fdt:

         tst    x21, #0x7                          //前面提到过x21中存放fdt地址,测试低三位

         b.ne 1f

         cmp x21, x24                    //对比x21地址与内核镜像起始物理地址PHYS_OFFSET比对,若小于则无效

         b.lt   1f

         mov x0, #(1 <<29)           //1<<29=512M

         add  x0, x0, x24                //对比x21与起始物理地址+512M

         cmp x21, x0                     

         b.ge 1f                               //如果大于512M则无效

         ret                                       //否则返回

1:

         mov x21, #0             //清空x21并返回

         ret

ENDPROC(__vet_fdt)

你可能感兴趣的:(ARMv8 Linux内核head.S源码分析)