ARMv8 Linux內核head.S源碼分析

時間 2019-11-19

標籤 armv8 armv linux 內核 head.s head 源碼分析欄目 Linux 简体版

原文原文鏈接

ARMv8Linux內核head.S主要工做內容：linux

一、從el2特權級退回到el1redis

二、確認處理器類型app

三、計算內核鏡像的起始物理地址及物理地址與虛擬地址之間的偏移tcp

四、驗證設備樹的地址是否有效ide

五、建立頁表，用於啓動內核函數

六、設置CPU（cpu_setup），用於使能MMU測試

七、使能MMUui

八、交換數據段this

九、跳轉到start_kernel函數繼續運行。spa

*Low-level CPU initialisation

*Based on arch/arm/kernel/head.S

*Authors: Catalin Marinas<catalin.marinas@arm.com>

* Will Deacon<will.deacon@arm.com>

*This program is free software; you can redistribute it and/or modify

* itunder the terms of the GNU General Public License version 2 as

*published by the Free Software Foundation.

*This program is distributed in the hope that it will be useful,

*but WITHOUT ANY WARRANTY; without even the implied warranty of

*MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

*GNU General Public License for more details.

*You should have received a copy of the GNU General Public License

*along with this program. If not, see<http://www.gnu.org/licenses/>.

#include <linux/linkage.h>

#include <linux/init.h>

#include <asm/assembler.h>

#include <asm/ptrace.h>

#include <asm/asm-offsets.h>

#include <asm/memory.h>

#include <asm/thread_info.h>

#include <asm/pgtable-hwdef.h>

#include <asm/pgtable.h>

#include <asm/page.h>

*swapper_pg_dir is the virtual address of the initial page table. We place

*the page tables 3 * PAGE_SIZE below KERNEL_RAM_VADDR. The idmap_pg_dir has

* 2pages and is placed below swapper_pg_dir.

#define KERNEL_RAM_VADDR (PAGE_OFFSET + TEXT_OFFSET)

#if (KERNEL_RAM_VADDR & 0xfffff) !=0x80000

#error KERNEL_RAM_VADDR must start at0xXXX80000

#endif

#define SWAPPER_DIR_SIZE (3 * PAGE_SIZE)

#define IDMAP_DIR_SIZE (2 * PAGE_SIZE)

.globl swapper_pg_dir

.equ swapper_pg_dir, KERNEL_RAM_VADDR -SWAPPER_DIR_SIZE

.globl idmap_pg_dir

.equ idmap_pg_dir, swapper_pg_dir - IDMAP_DIR_SIZE

.macro pgtbl, ttb0, ttb1, phys

add \ttb1, \phys, #TEXT_OFFSET - SWAPPER_DIR_SIZE

sub \ttb0, \ttb1, #IDMAP_DIR_SIZE

.endm

#ifdef CONFIG_ARM64_64K_PAGES

#define BLOCK_SHIFT PAGE_SHIFT

#define BLOCK_SIZE PAGE_SIZE

#else

#define BLOCK_SHIFT SECTION_SHIFT

#define BLOCK_SIZE SECTION_SIZE

#endif

#define KERNEL_START KERNEL_RAM_VADDR

#define KERNEL_END _end

*Initial memory map attributes.

#ifndef CONFIG_SMP

#define PTE_FLAGS PTE_TYPE_PAGE | PTE_AF

#define PMD_FLAGS PMD_TYPE_SECT | PMD_SECT_AF

#else

#define PTE_FLAGS PTE_TYPE_PAGE | PTE_AF | PTE_SHARED

#define PMD_FLAGS PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S

#endif

#ifdef CONFIG_ARM64_64K_PAGES

#define MM_MMUFLAGS PTE_ATTRINDX(MT_NORMAL) | PTE_FLAGS

#define IO_MMUFLAGS PTE_ATTRINDX(MT_DEVICE_nGnRE) | PTE_XN | PTE_FLAGS

#else

#define MM_MMUFLAGS PMD_ATTRINDX(MT_NORMAL) | PMD_FLAGS

#define IO_MMUFLAGS PMD_ATTRINDX(MT_DEVICE_nGnRE) | PMD_SECT_XN | PMD_FLAGS

#endif

*Kernel startup entry point.

*---------------------------

*The requirements are:

* MMU= off, D-cache = off, I-cache = on or off,

* x0 =physical address to the FDT blob.

*This code is mostly position independent so you call this at

*__pa(PAGE_OFFSET + TEXT_OFFSET).

*Note that the callee-saved registers are used for storing variables

*that are useful before the MMU is enabled. The allocations are described

* inthe entry routines.

__HEAD //這是一個宏定義；#define__HEAD .section ".head.text","ax"; .section是僞指令ax表明容許執行

* DO NOT MODIFY. Image header expected byLinux boot-loaders.

b stext //branch to kernel start, magic

.long 0 //reserved

.quad TEXT_OFFSET // Image load offset from start of RAM

.quad 0 //reserved

ENTRY(stext)

mov x21, x0 //x21=FDT，x21中保存的是由Uboot傳進來的，設備樹在內存中的地址。

bl el2_setup //Drop to EL1，從當前特權級跳入EL1，具體函數內容請看下面el2_setup函數。

mrs x22, midr_el1 //x22=cpuid，x22中保存着cpuid，用以判斷運行當前這段代碼的CPU是哪個。

mov x0, x22 //x0=cpuid，用於傳送參數給函數lookup_processor_type。

bl lookup_processor_type //查看處理器類型，見後面具體定義

mov x23, x0 //x23=current cpu_table 把函數lookup_processor_type返回的cpu_table地址給x23

cbz x23, __error_p // invalid processor (x23=0)?

bl __calc_phys_offset //計算起始物理地址，返回的值中x24=PHYS_OFFSET, x28=PHYS_OFFSET-PAGE_OFFSET

bl __vet_fdt //返回後的x21中要麼是無效保存0，要麼是有效地fdt地址

bl __create_page_tables //爲內核建立臨時頁表 x25=TTBR0,x26=TTBR1，本函數所創建的頁表在後面paging_init會銷燬重建。

* The following calls CPU specific code in aposition independent

* manner. See arch/arm64/mm/proc.S fordetails. x23 = base of

* cpu_info structure selected bylookup_processor_type above.

* On return, the CPU will be ready for the MMUto be turned on and

* the TCR will have been set.

ldr x27, __switch_data //由函數__enable_mmu中調用，此時MMU已經開啓

adr lr, __enable_mmu //返回「地址無關」的地址,由函數__cpu_setup返回時調用，該函數中執行brx27調用__switch_data函數

ldr x12, [x23,#CPU_INFO_SETUP]

add x12, x12, x28 // __virt_to_phys

br x12 //x12中存放的是cpu_info結構體的cpu_setup字段

//該字段在cpu_table中被初始化爲__cpu_setup函數，所裏這裏調用cpu_setup，不在本文件中暫不分析

//該函數返回後會把lr給pc，即直接調用上面的__enable_mmu

ENDPROC(stext)

* If we're fortunate enough to boot at EL2,ensure that the world is

* sane before dropping to EL1.

ENTRY(el2_setup)

mrs x0, CurrentEL //得到當前特權級

cmp x0, #PSR_MODE_EL2t //對比當前特權級是否爲EL2

ccmp x0,#PSR_MODE_EL2h, #0x4, ne //NZCV= if notequal then CMP（x0,# PSR_MODE_EL2h） else 0x4

b.eq 1f

ret

/* Hyp configuration. */

1: mov x0, #(1 << 31) // 64-bit EL1，配置hypervisor模式控制寄存器

msr hcr_el2, x0

/* Generic timers. */ //配置通用時鐘控制寄存器，使能EL1物理時鐘

mrs x0, cnthctl_el2

orr x0, x0, #3 // Enable EL1 physicaltimers

msr cnthctl_el2, x0

/* Populate ID registers. */ //把ID寄存器移植到相應的虛擬化id配置寄存器中

mrs x0, midr_el1

mrs x1, mpidr_el1

msr vpidr_el2, x0

msr vmpidr_el2, x1

/* sctlr_el1 */ //把0x30d00800賦值給sctlr_el1寄存器

mov x0, #0x0800 // Set/clear RES{1,0} bits

movk x0,#0x30d0, lsl #16

msr sctlr_el1, x0

/* Coprocessor traps. */ //關閉協處理器異常陷入到EL2

mov x0, #0x33ff

msr cptr_el2, x0 // Disable copro. traps toEL2

#ifdef CONFIG_COMPAT

msr hstr_el2, xzr // Disable CP15 traps toEL2

#endif

/* spsr */

mov x0, #(PSR_F_BIT |PSR_I_BIT | PSR_A_BIT | PSR_D_BIT |\

PSR_MODE_EL1h)

msr spsr_el2, x0 //設置狀態寄存器，退出EL2，進入EL1

msr elr_el2, lr

eret

ENDPROC(el2_setup)

.align 3

2: .quad .

.quad PAGE_OFFSET

//若是不是對稱多處理（SMP）系統，則下面的次級CPU初始化功能都不作

#ifdef CONFIG_SMP

.pushsection .smp.pen.text, "ax"

.align 3

1: .quad .

.quad secondary_holding_pen_release

* This provides a "holding pen" forplatforms to hold all secondary

* cores are held until we're ready for them toinitialise.

ENTRY(secondary_holding_pen)

bl el2_setup //Drop to EL1

mrs x0, mpidr_el1

and x0, x0, #15 //CPU number

adr x1, 1b

ldp x2, x3, [x1]

sub x1, x1, x2

add x3, x3, x1

pen: ldr x4, [x3]

cmp x4, x0

b.eq secondary_startup

wfe

b pen

ENDPROC(secondary_holding_pen)

.popsection

ENTRY(secondary_startup)

* Common entry point for secondary CPUs.

mrs x22, midr_el1 //x22=cpuid

mov x0, x22

bl lookup_processor_type

mov x23, x0 //x23=current cpu_table

cbz x23, __error_p // invalid processor (x23=0)?

bl __calc_phys_offset // x24=phys offset

pgtbl x25, x26, x24 // x25=TTBR0, x26=TTBR1

ldr x12, [x23, #CPU_INFO_SETUP]

add x12, x12, x28 //__virt_to_phys

blr x12 //initialise processor

ldr x21, =secondary_data

ldr x27, =__secondary_switched // address to jump to after enablingthe MMU

b __enable_mmu

ENDPROC(secondary_startup)

ENTRY(__secondary_switched)

ldr x0, [x21] //get secondary_data.stack

mov sp, x0

mov x29, #0

b secondary_start_kernel

ENDPROC(__secondary_switched)

#endif /* CONFIG_SMP */

* Setup common bits before finally enablingthe MMU. Essentially this is just

* loading the page table pointer and vectorbase registers.

* On entry to this code, x0 must contain theSCTLR_EL1 value for turning on

* the MMU.

__enable_mmu:

ldr x5, =vectors

msr vbar_el1, x5

msr ttbr0_el1, x25 // load TTBR0

msr ttbr1_el1, x26 // load TTBR1

isb

b __turn_mmu_on

ENDPROC(__enable_mmu)

* Enable the MMU. This completely changes thestructure of the visible memory

* space. You will not be able to traceexecution through this.

* x0 = system control register

* x27 =*virtual* address to jump to upon completion

* other registers depend on the functioncalled upon completion

.align 6

__turn_mmu_on:

msr sctlr_el1, x0

isb

br x27

ENDPROC(__turn_mmu_on)

* Calculate the start of physical memory.

__calc_phys_offset: //計算起始物理地址值

adr x0, 1f //把標號1處地址給x0，由於adr指令是相對當前pc寄存器的偏移，而pc即物理地址因此這裏是1f處的物理地址

ldp x1, x2, [x0] //把標號1處的前八字節給x1，後八字節給x2

sub x28, x0, x1 // 利用x0-x1計算虛擬物理地址之間的偏移。x28 = PHYS_OFFSET - PAGE_OFFSET，

add x24, x2, x28 // x24 = PHYS_OFFSET，計算出起始物理地址給x24

ret

ENDPROC(__calc_phys_offset)

.align 3

1: .quad .

.quad PAGE_OFFSET

* Macro to populate the PGD for thecorresponding block entry in the next

* level (tbl) for the given virtual address.

* Preserves: pgd,tbl, virt

* Corrupts: tmp1,tmp2

.macro create_pgd_entry,pgd, tbl, virt, tmp1, tmp2

lsr \tmp1, \virt,#PGDIR_SHIFT

and \tmp1, \tmp1, #PTRS_PER_PGD- 1 // PGD index

orr \tmp2, \tbl, #3 // PGD entry tabletype

str \tmp2, [\pgd,\tmp1, lsl #3]

.endm

* Macro to populate block entries in the pagetable for the start..end

* virtual range (inclusive).

* Preserves: tbl,flags

* Corrupts: phys,start, end, pstate

.macro create_block_map,tbl, flags, phys, start, end, idmap=0

lsr \phys, \phys,#BLOCK_SHIFT

.if \idmap

and \start, \phys,#PTRS_PER_PTE - 1 // table index

.else

lsr \start, \start,#BLOCK_SHIFT

and \start, \start,#PTRS_PER_PTE - 1 // table index

.endif

orr \phys, \flags,\phys, lsl #BLOCK_SHIFT // table entry

.ifnc \start,\end

lsr \end, \end,#BLOCK_SHIFT

and \end, \end,#PTRS_PER_PTE - 1 // table endindex

.endif

9999: str \phys, [\tbl,\start, lsl #3] // storethe entry

.ifnc \start,\end

add \start, \start, #1 // next entry

add \phys, \phys,#BLOCK_SIZE // next block

cmp \start, \end

b.ls 9999b

.endif

.endm

*設置初始化頁表。咱們只設置使內核能跑起來的最少數量的頁表

*如下內容是必須的

* - 一致性映射用於使能MMU（低地址，TTBR0）

* -前幾MB的內核線性映射包含FDT塊（TTBR1）

* 爲了解釋更清楚，找了個網圖，該圖地址從下網上遞增

//內核鏡像裏的全部符號都是虛擬地址，在完成了基本初始化，內核須要跳到C語言的start_kernel運行，

//此時若是不開啓MMU，則符號的地址當成物理地址，直接使用會致使內核崩潰。

//ARMv8頁表創建過程請參看個人另外一篇博文；ARMv8(aarch64)頁表創建過程詳細分析

__create_page_tables:

pgtbl x25,x26, x24 //idmap_pg_dir and swapper_pg_dir addresses看前面pgtbl宏，

//x25:ttbr0（兩個page）, x26:ttbr1（3個page） x24:內核起始物理地址。

//這裏宏的意思是，在上圖KERNEL_RAM_PADDR下面,PHYS_OFFSET上面開闢3個頁面，起始地址給x26，

//而後再開闢2個頁面，起始地址給x25

* Clear the idmap andswapper page tables.

mov x0, x25

add x6, x26,#SWAPPER_DIR_SIZE //如下內容就是清空上面申請的五個頁面

1: stp xzr, xzr, [x0], #16

stp xzr, xzr, [x0],#16

cmp x0, x6

b.lo 1b

ldr x7, =MM_MMUFLAGS //內核中該標號定義是：#defineMM_MMUFLAGS PTE_ATTRINDX(MT_NORMAL)| PTE_FLAGS

//#define MT_NORMAL 4; #definePTE_FLAGS PTE_TYPE_PAGE | PTE_AF |PTE_SHARED

* Create the identitymapping.

add x0, x25,#PAGE_SIZE // section tableaddress

adr x3, __turn_mmu_on // virtual/physical address

create_pgd_entry x25, x0, x3, x5, x6

create_block_map x0, x7, x3, x5, x5, idmap=1

* Map the kernelimage (starting with PHYS_OFFSET).

add x0, x26,#PAGE_SIZE // section tableaddress

mov x5, #PAGE_OFFSET

create_pgd_entry x26, x0, x5, x3, x6

ldr x6, =KERNEL_END- 1

mov x3, x24 // phys offset

create_block_map x0, x7, x3, x5, x6

* Map the FDT blob(maximum 2MB; must be within 512MB of

* PHYS_OFFSET).

mov x3, x21 // FDT physaddress

and x3, x3, #~((1<< 21) - 1) // 2MB aligned

mov x6, #PAGE_OFFSET

sub x5, x3, x24 // subtract PHYS_OFFSET

tst x5, #~((1<< 29) - 1) //within 512MB?

csel x21, xzr, x21, ne // zero the FDT pointer

b.ne 1f

add x5, x5, x6 // __va(FDT blob)

add x6, x5, #1<< 21 // 2MB for theFDT blob

sub x6, x6, #1 // inclusive range

create_block_map x0, x7, x3, x5, x6

ret

ENDPROC(__create_page_tables)

.ltorg

.align 3

.type __switch_data,%object

__switch_data: //先定義一些標號

.quad __mmap_switched

.quad __data_loc // x4

.quad _data // x5

.quad __bss_start // x6

.quad _end // x7

.quad processor_id // x4

.quad __fdt_pointer // x5

.quad memstart_addr // x6

.quad init_thread_union+ THREAD_START_SP // sp

*該函數在MMU開啓後執行，用於設置C語言運行時的環境，例如執行重定位，設置堆棧，清空BSS段等

__mmap_switched:

adr x3, __switch_data+ 8 //x3指向__data_loc起始處

ldp x4, x5, [x3], #16 //x4=__data_loc;x5=_data

ldp x6, x7, [x3], #16 //x6=__bss_start;x7=_end

這段代碼比較難懂,直接翻譯過來以下：

if(__data_loc==_data)

b 2f

else

if _data==__bss_start

b 2f

else

memcpy(_data, __data_loc,8)

效果等同於：

if (__data_loc == _data || _data != _bass_start)

memcpy(_data, __data_loc, 8);

cmp x4, x5 // Copy datasegment if needed，

1: ccmp x5, x6, #4, ne

b.eq 2f

ldr x16, [x4], #8

str x16, [x5], #8

b 1b

1: cmp x6, x7

b.hs 2f

str xzr, [x6], #8 // Clear BSS

b 1b

ldp x4, x5, [x3], #16

ldr x6, [x3], #8

ldr x16, [x3]

mov sp, x16 //設置棧指針

str x22, [x4] // Save processor ID

str x21, [x5] // Save FDT pointer

str x24, [x6] // Save PHYS_OFFSET

mov x29, #0

b start_kernel //跳到start_kernel繼續運行

ENDPROC(__mmap_switched)

* Exception handling. Something went wrong andwe can't proceed. We ought to

* tell the user, but since we don't have anyguarantee that we're even

* running on the right architecture, we dovirtually nothing.

__error_p:

ENDPROC(__error_p)

__error:

1: nop

b 1b

ENDPROC(__error)

* This function gets the processor ID in w0and searches the cpu_table[] for

* a match. It returns a pointer to the structcpu_info it found. The

* cpu_table[] must end with an empty (allzeros) structure.

* This routine can be called via C code and itneeds to work with the MMU

* both disabled and enabled (the offset iscalculated automatically).

ENTRY(lookup_processor_type)

adr x1,__lookup_processor_type_data //把標號__lookup_processor_type_data的虛擬地址給x1，見下面標號內容

ldp x2, x3, [x1] //把x1地址處的內容前16字節分別給x3，x2。X2中存儲前八字節

sub x1, x1, x2 // get offset between VA andPA x1減去x2就是虛擬地址與物理地址的差值，

//再加上x3，就是cpu_table結構體在內存中的物理地址，在賦值給x3.

add x3, x3, x1 // convert VA to PA

/*結構體cpu_info內容：

*struct cpu_info {

*unsigned int cpu_id_val;

*unsigned int cpu_id_mask;

*const char *cpu_name;

*unsigned long (*cpu_setup)(void);};

ldp w5, w6, [x3] // load cpu_id_val andcpu_id_mask 把cpu_table這個結構體的前八字節分別給w6,w5，w5存儲前4字節。即cpu id

cbz w5, 2f // end of list?，若是w5寄存器值爲0，則跳轉到前面2標號處

and w6, w6, w0 //把cpu id mask與w0寄存器（CPUID）作與運算，w0就是前面mrs x22,midr_el1執行結果，即cpuid

cmp w5, w6 //對比操做系統中設定的CPUID與實際的處理器ID是否相同

b.eq 3f //相同則跳轉到標號3處

add x3, x3,#CPU_INFO_SZ //不然把x3的值加上sizeof(cpuinfo)【=sizeof(cpu_table)】，再跳轉到後面標號1處作比對。

b 1b

mov x3, #0 // unknownprocessor，因爲cpu id爲零，沒法識別處理器

mov x0, x3 //把x3中內容存到x0中，當作參數返回。X3存儲的是cpu_table的物理地址

ret

ENDPROC(lookup_processor_type)

.align 3

.type __lookup_processor_type_data,%object

__lookup_processor_type_data:

.quad .

.quad cpu_table

.size __lookup_processor_type_data,. - __lookup_processor_type_data

* Determine validity of the x21 FDT pointer.

* The dtb must be 8-byte aligned and live inthe first 512M of memory.

* 判斷x21寄存器中的FDT指針是否有效；dtb必須是8字節對齊而且在內存前512M中

__vet_fdt:

tst x21, #0x7 //前面提到過x21中存放fdt地址，測試低三位

b.ne 1f

cmp x21, x24 //對比x21地址與內核鏡像起始物理地址PHYS_OFFSET比對，若小於則無效

b.lt 1f

mov x0, #(1 <<29) //1<<29=512M

add x0, x0, x24 //對比x21與起始物理地址+512M

cmp x21, x0

b.ge 1f //若是大於512M則無效

ret //不然返回

mov x21, #0 //清空x21並返回

ret

ENDPROC(__vet_fdt)

但願你們有問題留言給我，一塊兒討論共同進步:）

參考網址：http://blog.csdn.net/tommy_wxie/article/details/7238748

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。