| ================================= |
| INTERNAL KERNEL ABI FOR FR-V ARCH |
| ================================= |
| |
| The internal FRV kernel ABI is not quite the same as the userspace ABI. A |
| number of the registers are used for special purposed, and the ABI is not |
| consistent between modules vs core, and MMU vs no-MMU. |
| |
| This partly stems from the fact that FRV CPUs do not have a separate |
| supervisor stack pointer, and most of them do not have any scratch |
| registers, thus requiring at least one general purpose register to be |
| clobbered in such an event. Also, within the kernel core, it is possible to |
| simply jump or call directly between functions using a relative offset. |
| This cannot be extended to modules for the displacement is likely to be too |
| far. Thus in modules the address of a function to call must be calculated |
| in a register and then used, requiring two extra instructions. |
| |
| This document has the following sections: |
| |
| (*) System call register ABI |
| (*) CPU operating modes |
| (*) Internal kernel-mode register ABI |
| (*) Internal debug-mode register ABI |
| (*) Virtual interrupt handling |
| |
| |
| ======================== |
| SYSTEM CALL REGISTER ABI |
| ======================== |
| |
| When a system call is made, the following registers are effective: |
| |
| REGISTERS CALL RETURN |
| =============== ======================= ======================= |
| GR7 System call number Preserved |
| GR8 Syscall arg #1 Return value |
| GR9-GR13 Syscall arg #2-6 Preserved |
| |
| |
| =================== |
| CPU OPERATING MODES |
| =================== |
| |
| The FR-V CPU has three basic operating modes. In order of increasing |
| capability: |
| |
| (1) User mode. |
| |
| Basic userspace running mode. |
| |
| (2) Kernel mode. |
| |
| Normal kernel mode. There are many additional control registers |
| available that may be accessed in this mode, in addition to all the |
| stuff available to user mode. This has two submodes: |
| |
| (a) Exceptions enabled (PSR.T == 1). |
| |
| Exceptions will invoke the appropriate normal kernel mode |
| handler. On entry to the handler, the PSR.T bit will be cleared. |
| |
| (b) Exceptions disabled (PSR.T == 0). |
| |
| No exceptions or interrupts may happen. Any mandatory exceptions |
| will cause the CPU to halt unless the CPU is told to jump into |
| debug mode instead. |
| |
| (3) Debug mode. |
| |
| No exceptions may happen in this mode. Memory protection and |
| management exceptions will be flagged for later consideration, but |
| the exception handler won't be invoked. Debugging traps such as |
| hardware breakpoints and watchpoints will be ignored. This mode is |
| entered only by debugging events obtained from the other two modes. |
| |
| All kernel mode registers may be accessed, plus a few extra debugging |
| specific registers. |
| |
| |
| ================================= |
| INTERNAL KERNEL-MODE REGISTER ABI |
| ================================= |
| |
| There are a number of permanent register assignments that are set up by |
| entry.S in the exception prologue. Note that there is a complete set of |
| exception prologues for each of user->kernel transition and kernel->kernel |
| transition. There are also user->debug and kernel->debug mode transition |
| prologues. |
| |
| |
| REGISTER FLAVOUR USE |
| =============== ======= ============================================== |
| GR1 Supervisor stack pointer |
| GR15 Current thread info pointer |
| GR16 GP-Rel base register for small data |
| GR28 Current exception frame pointer (__frame) |
| GR29 Current task pointer (current) |
| GR30 Destroyed by kernel mode entry |
| GR31 NOMMU Destroyed by debug mode entry |
| GR31 MMU Destroyed by TLB miss kernel mode entry |
| CCR.ICC2 Virtual interrupt disablement tracking |
| CCCR.CC3 Cleared by exception prologue |
| (atomic op emulation) |
| SCR0 MMU See mmu-layout.txt. |
| SCR1 MMU See mmu-layout.txt. |
| SCR2 MMU Save for EAR0 (destroyed by icache insns |
| in debug mode) |
| SCR3 MMU Save for GR31 during debug exceptions |
| DAMR/IAMR NOMMU Fixed memory protection layout. |
| DAMR/IAMR MMU See mmu-layout.txt. |
| |
| |
| Certain registers are also used or modified across function calls: |
| |
| REGISTER CALL RETURN |
| =============== =============================== ====================== |
| GR0 Fixed Zero - |
| GR2 Function call frame pointer |
| GR3 Special Preserved |
| GR3-GR7 - Clobbered |
| GR8 Function call arg #1 Return value |
| (or clobbered) |
| GR9 Function call arg #2 Return value MSW |
| (or clobbered) |
| GR10-GR13 Function call arg #3-#6 Clobbered |
| GR14 - Clobbered |
| GR15-GR16 Special Preserved |
| GR17-GR27 - Preserved |
| GR28-GR31 Special Only accessed |
| explicitly |
| LR Return address after CALL Clobbered |
| CCR/CCCR - Mostly Clobbered |
| |
| |
| ================================ |
| INTERNAL DEBUG-MODE REGISTER ABI |
| ================================ |
| |
| This is the same as the kernel-mode register ABI for functions calls. The |
| difference is that in debug-mode there's a different stack and a different |
| exception frame. Almost all the global registers from kernel-mode |
| (including the stack pointer) may be changed. |
| |
| REGISTER FLAVOUR USE |
| =============== ======= ============================================== |
| GR1 Debug stack pointer |
| GR16 GP-Rel base register for small data |
| GR31 Current debug exception frame pointer |
| (__debug_frame) |
| SCR3 MMU Saved value of GR31 |
| |
| |
| Note that debug mode is able to interfere with the kernel's emulated atomic |
| ops, so it must be exceedingly careful not to do any that would interact |
| with the main kernel in this regard. Hence the debug mode code (gdbstub) is |
| almost completely self-contained. The only external code used is the |
| sprintf family of functions. |
| |
| Furthermore, break.S is so complicated because single-step mode does not |
| switch off on entry to an exception. That means unless manually disabled, |
| single-stepping will blithely go on stepping into things like interrupts. |
| See gdbstub.txt for more information. |
| |
| |
| ========================== |
| VIRTUAL INTERRUPT HANDLING |
| ========================== |
| |
| Because accesses to the PSR is so slow, and to disable interrupts we have |
| to access it twice (once to read and once to write), we don't actually |
| disable interrupts at all if we don't have to. What we do instead is use |
| the ICC2 condition code flags to note virtual disablement, such that if we |
| then do take an interrupt, we note the flag, really disable interrupts, set |
| another flag and resume execution at the point the interrupt happened. |
| Setting condition flags as a side effect of an arithmetic or logical |
| instruction is really fast. This use of the ICC2 only occurs within the |
| kernel - it does not affect userspace. |
| |
| The flags we use are: |
| |
| (*) CCR.ICC2.Z [Zero flag] |
| |
| Set to virtually disable interrupts, clear when interrupts are |
| virtually enabled. Can be modified by logical instructions without |
| affecting the Carry flag. |
| |
| (*) CCR.ICC2.C [Carry flag] |
| |
| Clear to indicate hardware interrupts are really disabled, set otherwise. |
| |
| |
| What happens is this: |
| |
| (1) Normal kernel-mode operation. |
| |
| ICC2.Z is 0, ICC2.C is 1. |
| |
| (2) An interrupt occurs. The exception prologue examines ICC2.Z and |
| determines that nothing needs doing. This is done simply with an |
| unlikely BEQ instruction. |
| |
| (3) The interrupts are disabled (local_irq_disable) |
| |
| ICC2.Z is set to 1. |
| |
| (4) If interrupts were then re-enabled (local_irq_enable): |
| |
| ICC2.Z would be set to 0. |
| |
| A TIHI #2 instruction (trap #2 if condition HI - Z==0 && C==0) would |
| be used to trap if interrupts were now virtually enabled, but |
| physically disabled - which they're not, so the trap isn't taken. The |
| kernel would then be back to state (1). |
| |
| (5) An interrupt occurs. The exception prologue examines ICC2.Z and |
| determines that the interrupt shouldn't actually have happened. It |
| jumps aside, and there disabled interrupts by setting PSR.PIL to 14 |
| and then it clears ICC2.C. |
| |
| (6) If interrupts were then saved and disabled again (local_irq_save): |
| |
| ICC2.Z would be shifted into the save variable and masked off |
| (giving a 1). |
| |
| ICC2.Z would then be set to 1 (thus unchanged), and ICC2.C would be |
| unaffected (ie: 0). |
| |
| (7) If interrupts were then restored from state (6) (local_irq_restore): |
| |
| ICC2.Z would be set to indicate the result of XOR'ing the saved |
| value (ie: 1) with 1, which gives a result of 0 - thus leaving |
| ICC2.Z set. |
| |
| ICC2.C would remain unaffected (ie: 0). |
| |
| A TIHI #2 instruction would be used to again assay the current state, |
| but this would do nothing as Z==1. |
| |
| (8) If interrupts were then enabled (local_irq_enable): |
| |
| ICC2.Z would be cleared. ICC2.C would be left unaffected. Both |
| flags would now be 0. |
| |
| A TIHI #2 instruction again issued to assay the current state would |
| then trap as both Z==0 [interrupts virtually enabled] and C==0 |
| [interrupts really disabled] would then be true. |
| |
| (9) The trap #2 handler would simply enable hardware interrupts |
| (set PSR.PIL to 0), set ICC2.C to 1 and return. |
| |
| (10) Immediately upon returning, the pending interrupt would be taken. |
| |
| (11) The interrupt handler would take the path of actually processing the |
| interrupt (ICC2.Z is clear, BEQ fails as per step (2)). |
| |
| (12) The interrupt handler would then set ICC2.C to 1 since hardware |
| interrupts are definitely enabled - or else the kernel wouldn't be here. |
| |
| (13) On return from the interrupt handler, things would be back to state (1). |
| |
| This trap (#2) is only available in kernel mode. In user mode it will |
| result in SIGILL. |
