linux/arch/arm/kernel/head.S代码分析

时间:2021-04-06 16:38:27

/*
ARMLinux源代码分析(1)--head.S

TigerZ(tigerz@yeah.net)
http://emblinux.org/

1. 分析环境

    kernel: 2.6.10
    board: SMDK2410 1.32, 64M SDRAM, 128M SM卡

2. head.S
*/

/*
 * linux/arch/arm/kernel/head.S
 *
 *  Copyright (C) 1994-2002 Russell King
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 *  Kernel startup code for all 32-bit CPUs
 */
#include <linux/config.h>
#include <linux/linkage.h>
#include <linux/init.h>

#include <asm/assembler.h>
#include <asm/mach-types.h>
#include <asm/procinfo.h>
#include <asm/ptrace.h>
#include <asm/constants.h>

#ifndef CONFIG_XIP_KERNEL /* 我在的平台, 这个宏没有定义 */
/*
 * We place the page tables 16K below TEXTADDR.  Therefore, we must make sure
 * that TEXTADDR is correctly set.  Currently, we expect the least significant
 * 16 bits to be 0x8000, but we could probably relax this restriction to
 * TEXTADDR >= PAGE_OFFSET + 0x4000
 *
 * 页表放在比TEXTADDR低16K的地方, 所以我们必须要确认TEXTADDR被正确设定. 目前,
 * 我们希望低16位为0x8000, 不过我们可以放松这个限制为
 * TEXTADDR >= PAGE_OFFSET + 0x4000
 *
 * Note that swapper_pg_dir is the virtual address of the page tables, and
 * pgtbl gives us a position-independent reference to these tables.  We can
 * do this because stext == TEXTADDR
 *
 * 注意swapper_pg_dir是页表的虚拟地址, pgtbl给我们一个位置无关的页表地址, 这是
 * 因为stext == TEXTADDR.
 */
#if (TEXTADDR & 0xffff) != 0x8000
    #error TEXTADDR must start at 0xXXXX8000
#endif

    /* swapper_pg_dir = 0x30008000 - 0x4000 */
    .globl swapper_pg_dir
    .equ    swapper_pg_dir, TEXTADDR - 0x4000

    /* rd = stext - 0x4000, 这里stext == TEXTADDR */
    /* adr指令是在pc值上+/-一个标号的偏移得到的, 所以得到的地址只跟pc和标号到
     * pc的偏移相关, 跟编译地址无关. 在MMU打开前, 代码要是地址无关的, 会经常
     * 用到adr.
     */
    .macro pgtbl, rd, phys
    adr     \rd, stext
    sub     \rd, \rd, #0x4000
    .endm
#else
/*
* XIP Kernel:
*
* We place the page tables 16K below DATAADDR.  Therefore, we must make sure
* that DATAADDR is correctly set.  Currently, we expect the least significant
* 16 bits to be 0x8000, but we could probably relax this restriction to
* DATAADDR >= PAGE_OFFSET + 0x4000
*
* Note that pgtbl is meant to return the physical address of swapper_pg_dir.
* We can't make it relative to the kernel position in this case since
* the kernel can physically be anywhere.
*/
#if (DATAADDR & 0xffff) != 0x8000
#error DATAADDR must start at 0xXXXX8000
#endif

.globl swapper_pg_dir
.equ swapper_pg_dir, DATAADDR - 0x4000

.macro pgtbl, rd, phys
ldr \rd, =((DATAADDR - 0x4000) - VIRT_OFFSET)
add \rd, \rd, \phys
.endm
#endif

/*
 * Kernel startup entry point.
 * ---------------------------
 * Kernel的启动入口.
 *
 * This is normally called from the decompressor code.  The requirements
 * are: MMU = off, D-cache = off, I-cache = dont care, r0 = 0,
 * r1 = machine nr.
 *
 * 这里一般由解压缩代码调用. 它需要: MMU = off, D-cache = off,
 * I-cache = 不关心, r0 = 0, r1 = 机器号.
 *
 * This code is mostly position independent, so if you link the kernel at
 * 0xc0008000, you call this at __pa(0xc0008000).
 *
 * 这里的代码通常是位置无关的, 所以如果你在0xc0008000链接kernel, 直接调用
 * __pa(0xc0008000).
 *
 * See linux/arch/arm/tools/mach-types for the complete list of machine
 * numbers for r1.
 *
 * 在linux/arch/arm/tools/mach-types里查看机器号r1的完整列表.
 *
 * We're trying to keep crap to a minimum; DO NOT add any machine specific
 * crap here - that's what the boot loader (or in extreme, well justified
 * circumstances, zImage) is for.
 *
 */
    __INIT
    .type   stext, #function
ENTRY(stext)
    mov     r12, r0
    mov     r0, #PSR_F_BIT | PSR_I_BIT | MODE_SVC   @ make sure svc mode
                                                /* 确认是SVC模式 */
    msr     cpsr_c, r0          @ and all irqs disabled
                            /* 关闭所有irq */
    bl      __lookup_processor_type     /* 查看处理器类型 */
    teq     r10, #0             @ invalid processor?
                            /* 无效的处理器? */
    moveq r0, #'p'        @ yes, error 'p'
                            /* 如果是, 错误码'p' */
    beq     __error
    bl      __lookup_architecture_type /* 查看体系类型 */
    teq     r7, #0              @ invalid architecture?
                            /* 无效体系? */
    moveq r0, #'a'        @ yes, error 'a'
                            /* 如果是, 错误码'a' */
    beq     __error
    bl      __create_page_tables    /* 建立页表 */

    /*
     * The following calls CPU specific code in a position independent
     * manner.  See arch/arm/mm/proc-*.S for details.  r10 = base of
     * xxx_proc_info structure selected by __lookup_architecture_type
     * above.  On return, the CPU will be ready for the MMU to be
     * turned on, and r0 will hold the CPU control register value.
     *
     * 下面的代码按位置无关的方式调用特定的CPU代码, 详细信息查看
     * arch/arm/mm/proc-*.S. r0 = xxx_proc_info结构起始地址, 该结构由上面
     * 的__lookup_architecture_type选择. 在返回时, CPU已经准备好打开MMU,
     * r0将保存CPU控制寄存器的值.
     */
    adr     lr, __turn_mmu_on       @ return (PIC) address
                                    /* 调用完下面的__arm920_setup后返回到
                                       __turn_mmu_on */
    add     pc, r10, #12            /* 调用__arm920_setup , 详见
                                       arch/arm/mm/proc-arm920.S */

    .type   __switch_data, %object
__switch_data:
    .long   __mmap_switched
    .long   __data_loc              @ r2
    .long   __data_start            @ r3
    .long   __bss_start             @ r4
    .long   _end                    @ r5
    .long   processor_id            @ r6
    .long   __machine_arch_type     @ r7
    .long   cr_alignment            @ r8
    .long   init_thread_union+8192  @ sp

    /*
     * Enable the MMU.  This completely changes the structure of the visible
     * memory space.  You will not be able to trace execution through this.
     * If you have an enquiry about this, *please* check the linux-arm-kernel
     * mailing list archives BEFORE sending another post to the list.
     *
     * 打开MMU. 这将完全改变可见存储空间的结构, 你不能跟踪运行情况.
     * 如果你有疑问, 请先查看linux-arm-kernel邮件列表, 在你发邮件到这个列表前.
     */
    .align 5
    .type   __turn_mmu_on, %function
__turn_mmu_on:
    ldr     lr, __switch_data                   /* 完成后跳到__switch_data偏移0存放的地址,
                                                   即__mmap_switched */
    #ifdef CONFIG_ALIGNMENT_TRAP
    orr     r0, r0, #2                          @ ...........A.
                                                /* 访问非对齐地址产生一个TRAP */
    #endif
    mcr     p15, 0, r0, c1, c0, 0               @ write control reg
    mrc     p15, 0, r3, c0, c0, 0               @ read id reg
    mov     r3, r3
    mov     r3, r3
    mov     pc, lr

/*
 * The following fragment of code is executed with the MMU on, and uses
 * absolute addresses; this is not position independent.
 *
 * 下面的代码在MMU打开的情况下运行, 是绝对地址, 不是位置无关的.
 *  r0  = processor control register
 *  r1  = machine ID
 *  r9  = processor ID
 *  r12 = value of r0 when kernel was called (currently always zero)
 *
 * 这里主要是为调用C函数start_kernel做准备. 在调用这部分代码前, 我们必须
 * 打开MMU, 因为kernel的位置相关代码是要以0xc0008000为起始地址的, 所以在这
 * 之前, 我们建立了页表, 并打开MMU.
 */
    .align 5
__mmap_switched:
    adr         r2, __switch_data + 4
    ldmia       r2, {r2, r3, r4, r5, r6, r7, r8, sp}

    cmp         r2, r3              @ Copy data segment if needed
1:  cmpne       r3, r4
    ldrne       fp, [r2], #4
    strne       fp, [r3], #4
    bne         1b

    mov         fp, #0              @ Clear BSS (and zero fp)
1:  cmp         r4, r5
    strcc       fp, [r4],#4
    bcc         1b

    str         r9, [r6]   @ Save processor ID
    str         r1, [r7]   @ Save machine type
    bic         r2, r0, #2   @ Clear 'A' bit
    stmia       r8, {r0, r2}   @ Save control register values
    b           start_kernel


/*
 * Setup the initial page tables.  We only setup the barest
 * amount which are required to get the kernel running, which
 * generally means mapping in the kernel code.
 *
 * 设置初始化页表, 我们只设置kernel运行所需少量内存, 通常就是
 * 映射kernel的代码.
 *
 * r5 = physical address of start of RAM
 * r6 = physical IO address
 * r7 = byte offset into page tables for IO
 * r8 = page table flags
 */
__create_page_tables:
        /* 取页表地址到r4, 这里r4 = 0x30004000 */
        pgtbl r4, r5                          @ page table address

        /*
         * Clear the 16K level 1 swapper page table
         *
         * 清空页表
         */
        mov     r0, r4
        mov r3, #0
        add r2, r0, #0x4000
1: str r3, [r0], #4
        str r3, [r0], #4
        str r3, [r0], #4
        str r3, [r0], #4
        teq r0, r2
        bne 1b

        /*
         * Create identity mapping for first MB of kernel to
         * cater for the MMU enable.  This identity mapping
         * will be removed by paging_init().  We use our current program
         * counter to determine corresponding section base address.\
         *
         * kernel的第1M建立等价映射, 为打开MMU做准备. 这个等价映射将在
         * paging_init()中移除. 我们用pc来确定对应的段地址.
         */
        mov r2, pc, lsr #20   @ start of kernel section
        add r3, r8, r2, lsl #20  @ flags + kernel base (flags = 0x00000c1e)
        str r3, [r4, r2, lsl #2]  @ identity mapping
        /*
         *           r4           +  (pc >> 20) << 2
         * 31                   14 13           2 1 0
         * -------------------------------------------
         * |   Translatioin base  | Table index  |0|0|
         * -------------------------------------------
         * 这一个表项把kernel section的虚地址和实地址等同起来.
         * r3 = 0x00000c1e + 0x30000000 = 0x30000c1e
         * r4 = 0x30004000
         * r2 >> 18 = 0x30000000 >> 18 = 0xc00
         * [0x30004000 + 0xc00] = 0x30000c1e
         */

        /*
         * Now setup the pagetables for our kernel direct
         * mapped region.  We round TEXTADDR down to the
         * nearest megabyte boundary.  It is assumed that
         * the kernel fits within 4 contigous 1MB sections.
         *
         * 现在为kernel设置页表, 把TEXTADDR完整成MB, 这里假设
         * kernel在4个连续的1MB段内.
         */
        /* TEXTADDR = 0xc0000000 */
        add r0, r4,  #(TEXTADDR & 0xff000000) >> 18 @ start of kernel
        /* r0 = 0x30004000 + 0x3000 */
        str r3, [r0, #(TEXTADDR & 0x00f00000) >> 18]!
        /* [0x30004000 + 0x3000] = 0x30000c1e */
        /*
         * add r0, r4, #(TEXTADDR & 0xfff00000) >> 18
         * str r3, [r0]
         * 上2行的意思同这2行相同, 为什么不这样做?
         */
        add r3, r3, #1 << 20
        str r3, [r0, #4]!   @ KERNEL + 1MB
        /* [0x30004000 + 0x3004] = 0x30100c1e */
        add r3, r3, #1 << 20
        str r3, [r0, #4]!   @ KERNEL + 2MB
        /* [0x30004000 + 0x3008] = 0x30200c1e */
        add r3, r3, #1 << 20
        str r3, [r0, #4]   @ KERNEL + 3MB
        /* [0x30004000 + 0x300c] = 0x30300c1e */

        /*
         * Then map first 1MB of ram in case it contains our boot params.
         *
         * 因为RAM的第1MB存放有boot参数, 所以也需要映射. (当前boot参数所在
         * 的段与前面pc值所在段相等, 但这不是一定的.
         */
        add r0, r4, #VIRT_OFFSET >> 18
        add r2, r5, r8
        str r2, [r0]

/* 下面代码略过 */
#ifdef CONFIG_XIP_KERNEL
/*
* Map some ram to cover our .data and .bss areas.
* Mapping 3MB should be plenty.
*/
sub r3, r4, r5
mov r3, r3, lsr #20
add r0, r0, r3, lsl #2
add r2, r2, r3, lsl #20
str r2, [r0], #4
add r2, r2, #(1 << 20)
str r2, [r0], #4
add r2, r2, #(1 << 20)
str r2, [r0]
#endif

bic r8, r8, #0x0c   @ turn off cacheable
@ and bufferable bits
#ifdef CONFIG_DEBUG_LL
/*
* Map in IO space for serial debugging.
* This allows debug messages to be output
* via a serial console before paging_init.
*/
add r0, r4, r7
rsb r3, r7, #0x4000   @ PTRS_PER_PGD*sizeof(long)
cmp r3, #0x0800
addge r2, r0, #0x0800
addlt r2, r0, r3
orr r3, r6, r8
1: str r3, [r0], #4
add r3, r3, #1 << 20
teq r0, r2
bne 1b
#if defined(CONFIG_ARCH_NETWINDER) || defined(CONFIG_ARCH_CATS)
/*
* If we're using the NetWinder, we need to map in
* the 16550-type serial port for the debug messages
*/
teq r1, #MACH_TYPE_NETWINDER
teqne r1, #MACH_TYPE_CATS
bne 1f
add r0, r4, #0x3fc0   @ ff000000
mov r3, #0x7c000000
orr r3, r3, r8
str r3, [r0], #4
add r3, r3, #1 << 20
str r3, [r0], #4
1:
#endif
#endif
#ifdef CONFIG_ARCH_RPC
/*
* Map in screen at 0x02000000 & SCREEN2_BASE
* Similar reasons here - for debug.  This is
* only for Acorn RiscPC architectures.
*/
add r0, r4, #0x80   @ 02000000
mov r3, #0x02000000
orr r3, r3, r8
str r3, [r0]
add r0, r4, #0x3600   @ d8000000
str r3, [r0]
#endif
        /* 返回 */
        mov pc, lr
        .ltorg

/*
 * Exception handling.  Something went wrong and we can't proceed.  We
 * ought to tell the user, but since we don't have any guarantee that
 * we're even running on the right architecture, we do virtually nothing.
 *
 * 异常处理. 一些东西错了就不能继续, 我们应该告诉用户, 但因为我们甚至不能
 * 保证运行在正确的体系上, 我们实际在做无用功.
 *
 * r0 = ascii error character:
 * a = invalid architecture
 * p = invalid processor
 * i = invalid calling convention
 *
 * Generally, only serious errors cause this.
 */
__error:
        #ifdef CONFIG_DEBUG_LL
        mov r8, r0    @ preserve r0
        adr r0, err_str
        bl printascii
        mov r0, r8
        bl printch
        #endif

#ifdef CONFIG_ARCH_RPC
/*
* Turn the screen red on a error - RiscPC only.
*/
mov r0, #0x02000000
mov r3, #0x11
orr r3, r3, r3, lsl #8
orr r3, r3, r3, lsl #16
str r3, [r0], #4
str r3, [r0], #4
str r3, [r0], #4
str r3, [r0], #4
#endif

1: mov r0, r0
        b 1b

#ifdef CONFIG_DEBUG_LL
err_str:
        .asciz "\nError: "
        .align
#endif

/*
 * Read processor ID register (CP#15, CR0), and look up in the linker-built
 * supported processor list.  Note that we can't use the absolute addresses
 * for the __proc_info lists since we aren't running with the MMU on
 * (and therefore, we are not in the correct address space).  We have to
 * calculate the offset.
 *
 * 读取处理器ID寄存器(CP#15, CR0), 在链接时建立的已支持处理器列表中查找.
 * 注意, 我们不能使用__proc_info的绝对地址, 因为我们还没有运行MMU,
 * (因此, 我们不在正确的地址空间). 我们必须计算偏移.
 *
 * Returns:
 * r5, r6, r7 corrupted
 * r8  = page table flags
 * r9  = processor ID
 * r10 = pointer to processor structure
 */
__lookup_processor_type:
        adr r5, 2f                          /* 取2f的相对地址 */
        ldmia r5, {r7, r9, r10}               /* r7 = __proc_info_end,
                                                   r9 = __proc_info_begin,
                                                   r10 = 2 */
        sub r5, r5, r10   @ convert addresses
                                                /* r5 = 2的相对地址 - 2的绝对地址 */
        add r7, r7, r5   @ to our address space
                                                /* r7 += r5, 把r7从绝对地址转化为
                                                   相对地址 */
        add r10, r9, r5                     /* 绝对转相对 */
        mrc p15, 0, r9, c0, c0  @ get processor id
1: ldmia r10, {r5, r6, r8}  @ value, mask, mmuflags
        and r6, r6, r9   @ mask wanted bits
        teq r5, r6
        moveq pc, lr
        add r10, r10, #PROC_INFO_SZ  @ sizeof(proc_info_list)
        cmp r10, r7
        blt 1b
        mov r10, #0    @ unknown processor
        mov pc, lr

        /*
         * Look in include/asm-arm/procinfo.h and arch/arm/kernel/arch.[ch] for
         * more information about the __proc_info and __arch_info structures.
         */
2: .long __proc_info_end
        .long __proc_info_begin
        .long 2b
        .long __arch_info_begin
        .long __arch_info_end

/*
 * Lookup machine architecture in the linker-build list of architectures.
 * Note that we can't use the absolute addresses for the __arch_info
 * lists since we aren't running with the MMU on (and therefore, we are
 * not in the correct address space).  We have to calculate the offset.
 *
 * 在链接时建立的机器列表中查找机器结构. 注意我们不能使用__arch_info的绝对地址,
 * 因为我们没有打开MMU(因此, 我们不在正确的地址空间). 我们必须计算偏移.
 *
 *  r1 = machine architecture number
 * Returns:
 *  r2, r3, r4 corrupted
 *  r5 = physical start address of RAM
 *  r6 = physical address of IO
 *  r7 = byte offset into page tables for IO
 */
__lookup_architecture_type:
        adr r4, 2b                          /* 这里的做法同__lookup_processor_type */
        ldmia r4, {r2, r3, r5, r6, r7} @ throw away r2, r3
        sub r5, r4, r5   @ convert addresses
        add r4, r6, r5   @ to our address space
        add r7, r7, r5
1: ldr r5, [r4]   @ get machine type
        teq r5, r1    @ matches loader number?
        beq 2f    @ found
        add r4, r4, #SIZEOF_MACHINE_DESC @ next machine_desc
        cmp r4, r7
        blt 1b
        mov r7, #0    @ unknown architecture
        mov pc, lr
2: ldmib r4, {r5, r6, r7}  @ found, get results
        mov pc, lr

zhuanzi:http://www.cnitblog.com/zouzheng/articles/14673.html