[XFS] Fix double free of log tickets
[linux-2.6] / arch / s390 / kernel / head.S
1 /*
2  *  arch/s390/kernel/head.S
3  *
4  * Copyright (C) IBM Corp. 1999,2006
5  *
6  *    Author(s): Hartmut Penner <hp@de.ibm.com>
7  *               Martin Schwidefsky <schwidefsky@de.ibm.com>
8  *               Rob van der Heij <rvdhei@iae.nl>
9  *               Heiko Carstens <heiko.carstens@de.ibm.com>
10  *
11  * There are 5 different IPL methods
12  *  1) load the image directly into ram at address 0 and do an PSW restart
13  *  2) linload will load the image from address 0x10000 to memory 0x10000
14  *     and start the code thru LPSW 0x0008000080010000 (VM only, deprecated)
15  *  3) generate the tape ipl header, store the generated image on a tape
16  *     and ipl from it
17  *     In case of SL tape you need to IPL 5 times to get past VOL1 etc
18  *  4) generate the vm reader ipl header, move the generated image to the
19  *     VM reader (use option NOH!) and do a ipl from reader (VM only)
20  *  5) direct call of start by the SALIPL loader
21  *  We use the cpuid to distinguish between VM and native ipl
22  *  params for kernel are pushed to 0x10400 (see setup.h)
23  *
24  */
25
26 #include <asm/setup.h>
27 #include <asm/lowcore.h>
28 #include <asm/asm-offsets.h>
29 #include <asm/thread_info.h>
30 #include <asm/page.h>
31
32 #ifdef CONFIG_64BIT
33 #define ARCH_OFFSET     4
34 #else
35 #define ARCH_OFFSET     0
36 #endif
37
38 .section ".text.head","ax"
39 #ifndef CONFIG_IPL
40         .org   0
41         .long  0x00080000,0x80000000+startup    # Just a restart PSW
42 #else
43 #ifdef CONFIG_IPL_TAPE
44 #define IPL_BS 1024
45         .org   0
46         .long  0x00080000,0x80000000+iplstart   # The first 24 bytes are loaded
47         .long  0x27000000,0x60000001            # by ipl to addresses 0-23.
48         .long  0x02000000,0x20000000+IPL_BS     # (a PSW and two CCWs).
49         .long  0x00000000,0x00000000            # external old psw
50         .long  0x00000000,0x00000000            # svc old psw
51         .long  0x00000000,0x00000000            # program check old psw
52         .long  0x00000000,0x00000000            # machine check old psw
53         .long  0x00000000,0x00000000            # io old psw
54         .long  0x00000000,0x00000000
55         .long  0x00000000,0x00000000
56         .long  0x00000000,0x00000000
57         .long  0x000a0000,0x00000058            # external new psw
58         .long  0x000a0000,0x00000060            # svc new psw
59         .long  0x000a0000,0x00000068            # program check new psw
60         .long  0x000a0000,0x00000070            # machine check new psw
61         .long  0x00080000,0x80000000+.Lioint    # io new psw
62
63         .org   0x100
64 #
65 # subroutine for loading from tape
66 # Paramters:
67 #  R1 = device number
68 #  R2 = load address
69 .Lloader:
70         st      %r14,.Lldret
71         la      %r3,.Lorbread           # r3 = address of orb
72         la      %r5,.Lirb               # r5 = address of irb
73         st      %r2,.Lccwread+4         # initialize CCW data addresses
74         lctl    %c6,%c6,.Lcr6
75         slr     %r2,%r2
76 .Lldlp:
77         la      %r6,3                   # 3 retries
78 .Lssch:
79         ssch    0(%r3)                  # load chunk of IPL_BS bytes
80         bnz     .Llderr
81 .Lw4end:
82         bas     %r14,.Lwait4io
83         tm      8(%r5),0x82             # do we have a problem ?
84         bnz     .Lrecov
85         slr     %r7,%r7
86         icm     %r7,3,10(%r5)           # get residual count
87         lcr     %r7,%r7
88         la      %r7,IPL_BS(%r7)         # IPL_BS-residual=#bytes read
89         ar      %r2,%r7                 # add to total size
90         tm      8(%r5),0x01             # found a tape mark ?
91         bnz     .Ldone
92         l       %r0,.Lccwread+4         # update CCW data addresses
93         ar      %r0,%r7
94         st      %r0,.Lccwread+4
95         b       .Lldlp
96 .Ldone:
97         l       %r14,.Lldret
98         br      %r14                    # r2 contains the total size
99 .Lrecov:
100         bas     %r14,.Lsense            # do the sensing
101         bct     %r6,.Lssch              # dec. retry count & branch
102         b       .Llderr
103 #
104 # Sense subroutine
105 #
106 .Lsense:
107         st      %r14,.Lsnsret
108         la      %r7,.Lorbsense
109         ssch    0(%r7)                  # start sense command
110         bnz     .Llderr
111         bas     %r14,.Lwait4io
112         l       %r14,.Lsnsret
113         tm      8(%r5),0x82             # do we have a problem ?
114         bnz     .Llderr
115         br      %r14
116 #
117 # Wait for interrupt subroutine
118 #
119 .Lwait4io:
120         lpsw    .Lwaitpsw
121 .Lioint:
122         c       %r1,0xb8                # compare subchannel number
123         bne     .Lwait4io
124         tsch    0(%r5)
125         slr     %r0,%r0
126         tm      8(%r5),0x82             # do we have a problem ?
127         bnz     .Lwtexit
128         tm      8(%r5),0x04             # got device end ?
129         bz      .Lwait4io
130 .Lwtexit:
131         br      %r14
132 .Llderr:
133         lpsw    .Lcrash
134
135         .align  8
136 .Lorbread:
137         .long   0x00000000,0x0080ff00,.Lccwread
138         .align  8
139 .Lorbsense:
140         .long   0x00000000,0x0080ff00,.Lccwsense
141         .align  8
142 .Lccwread:
143         .long   0x02200000+IPL_BS,0x00000000
144 .Lccwsense:
145         .long   0x04200001,0x00000000
146 .Lwaitpsw:
147         .long   0x020a0000,0x80000000+.Lioint
148
149 .Lirb:  .long   0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
150 .Lcr6:  .long   0xff000000
151         .align  8
152 .Lcrash:.long   0x000a0000,0x00000000
153 .Lldret:.long   0
154 .Lsnsret: .long 0
155 #endif  /* CONFIG_IPL_TAPE */
156
157 #ifdef CONFIG_IPL_VM
158 #define IPL_BS  0x730
159         .org    0
160         .long   0x00080000,0x80000000+iplstart  # The first 24 bytes are loaded
161         .long   0x02000018,0x60000050           # by ipl to addresses 0-23.
162         .long   0x02000068,0x60000050           # (a PSW and two CCWs).
163         .fill   80-24,1,0x40                    # bytes 24-79 are discarded !!
164         .long   0x020000f0,0x60000050           # The next 160 byte are loaded
165         .long   0x02000140,0x60000050           # to addresses 0x18-0xb7
166         .long   0x02000190,0x60000050           # They form the continuation
167         .long   0x020001e0,0x60000050           # of the CCW program started
168         .long   0x02000230,0x60000050           # by ipl and load the range
169         .long   0x02000280,0x60000050           # 0x0f0-0x730 from the image
170         .long   0x020002d0,0x60000050           # to the range 0x0f0-0x730
171         .long   0x02000320,0x60000050           # in memory. At the end of
172         .long   0x02000370,0x60000050           # the channel program the PSW
173         .long   0x020003c0,0x60000050           # at location 0 is loaded.
174         .long   0x02000410,0x60000050           # Initial processing starts
175         .long   0x02000460,0x60000050           # at 0xf0 = iplstart.
176         .long   0x020004b0,0x60000050
177         .long   0x02000500,0x60000050
178         .long   0x02000550,0x60000050
179         .long   0x020005a0,0x60000050
180         .long   0x020005f0,0x60000050
181         .long   0x02000640,0x60000050
182         .long   0x02000690,0x60000050
183         .long   0x020006e0,0x20000050
184
185         .org    0xf0
186 #
187 # subroutine for loading cards from the reader
188 #
189 .Lloader:
190         la      %r3,.Lorb               # r2 = address of orb into r2
191         la      %r5,.Lirb               # r4 = address of irb
192         la      %r6,.Lccws
193         la      %r7,20
194 .Linit:
195         st      %r2,4(%r6)              # initialize CCW data addresses
196         la      %r2,0x50(%r2)
197         la      %r6,8(%r6)
198         bct     7,.Linit
199
200         lctl    %c6,%c6,.Lcr6           # set IO subclass mask
201         slr     %r2,%r2
202 .Lldlp:
203         ssch    0(%r3)                  # load chunk of 1600 bytes
204         bnz     .Llderr
205 .Lwait4irq:
206         mvc     0x78(8),.Lnewpsw        # set up IO interrupt psw
207         lpsw    .Lwaitpsw
208 .Lioint:
209         c       %r1,0xb8                # compare subchannel number
210         bne     .Lwait4irq
211         tsch    0(%r5)
212
213         slr     %r0,%r0
214         ic      %r0,8(%r5)              # get device status
215         chi     %r0,8                   # channel end ?
216         be      .Lcont
217         chi     %r0,12                  # channel end + device end ?
218         be      .Lcont
219
220         l       %r0,4(%r5)
221         s       %r0,8(%r3)              # r0/8 = number of ccws executed
222         mhi     %r0,10                  # *10 = number of bytes in ccws
223         lh      %r3,10(%r5)             # get residual count
224         sr      %r0,%r3                 # #ccws*80-residual=#bytes read
225         ar      %r2,%r0
226
227         br      %r14                    # r2 contains the total size
228
229 .Lcont:
230         ahi     %r2,0x640               # add 0x640 to total size
231         la      %r6,.Lccws
232         la      %r7,20
233 .Lincr:
234         l       %r0,4(%r6)              # update CCW data addresses
235         ahi     %r0,0x640
236         st      %r0,4(%r6)
237         ahi     %r6,8
238         bct     7,.Lincr
239
240         b       .Lldlp
241 .Llderr:
242         lpsw    .Lcrash
243
244         .align  8
245 .Lorb:  .long   0x00000000,0x0080ff00,.Lccws
246 .Lirb:  .long   0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
247 .Lcr6:  .long   0xff000000
248 .Lloadp:.long   0,0
249         .align  8
250 .Lcrash:.long   0x000a0000,0x00000000
251 .Lnewpsw:
252         .long   0x00080000,0x80000000+.Lioint
253 .Lwaitpsw:
254         .long   0x020a0000,0x80000000+.Lioint
255
256         .align  8
257 .Lccws: .rept   19
258         .long   0x02600050,0x00000000
259         .endr
260         .long   0x02200050,0x00000000
261 #endif  /* CONFIG_IPL_VM */
262
263 iplstart:
264         lh      %r1,0xb8                # test if subchannel number
265         bct     %r1,.Lnoload            #  is valid
266         l       %r1,0xb8                # load ipl subchannel number
267         la      %r2,IPL_BS              # load start address
268         bas     %r14,.Lloader           # load rest of ipl image
269         l       %r12,.Lparm             # pointer to parameter area
270         st      %r1,IPL_DEVICE+ARCH_OFFSET-PARMAREA(%r12) # save ipl device number
271
272 #
273 # load parameter file from ipl device
274 #
275 .Lagain1:
276         l       %r2,.Linitrd            # ramdisk loc. is temp
277         bas     %r14,.Lloader           # load parameter file
278         ltr     %r2,%r2                 # got anything ?
279         bz      .Lnopf
280         chi     %r2,895
281         bnh     .Lnotrunc
282         la      %r2,895
283 .Lnotrunc:
284         l       %r4,.Linitrd
285         clc     0(3,%r4),.L_hdr         # if it is HDRx
286         bz      .Lagain1                # skip dataset header
287         clc     0(3,%r4),.L_eof         # if it is EOFx
288         bz      .Lagain1                # skip dateset trailer
289         la      %r5,0(%r4,%r2)
290         lr      %r3,%r2
291 .Lidebc:
292         tm      0(%r5),0x80             # high order bit set ?
293         bo      .Ldocv                  #  yes -> convert from EBCDIC
294         ahi     %r5,-1
295         bct     %r3,.Lidebc
296         b       .Lnocv
297 .Ldocv:
298         l       %r3,.Lcvtab
299         tr      0(256,%r4),0(%r3)       # convert parameters to ascii
300         tr      256(256,%r4),0(%r3)
301         tr      512(256,%r4),0(%r3)
302         tr      768(122,%r4),0(%r3)
303 .Lnocv: la      %r3,COMMAND_LINE-PARMAREA(%r12) # load adr. of command line
304         mvc     0(256,%r3),0(%r4)
305         mvc     256(256,%r3),256(%r4)
306         mvc     512(256,%r3),512(%r4)
307         mvc     768(122,%r3),768(%r4)
308         slr     %r0,%r0
309         b       .Lcntlp
310 .Ldelspc:
311         ic      %r0,0(%r2,%r3)
312         chi     %r0,0x20                # is it a space ?
313         be      .Lcntlp
314         ahi     %r2,1
315         b       .Leolp
316 .Lcntlp:
317         brct    %r2,.Ldelspc
318 .Leolp:
319         slr     %r0,%r0
320         stc     %r0,0(%r2,%r3)          # terminate buffer
321 .Lnopf:
322
323 #
324 # load ramdisk from ipl device
325 #
326 .Lagain2:
327         l       %r2,.Linitrd            # addr of ramdisk
328         st      %r2,INITRD_START+ARCH_OFFSET-PARMAREA(%r12)
329         bas     %r14,.Lloader           # load ramdisk
330         st      %r2,INITRD_SIZE+ARCH_OFFSET-PARMAREA(%r12) # store size of rd
331         ltr     %r2,%r2
332         bnz     .Lrdcont
333         st      %r2,INITRD_START+ARCH_OFFSET-PARMAREA(%r12) # no ramdisk found
334 .Lrdcont:
335         l       %r2,.Linitrd
336
337         clc     0(3,%r2),.L_hdr         # skip HDRx and EOFx
338         bz      .Lagain2
339         clc     0(3,%r2),.L_eof
340         bz      .Lagain2
341
342 #ifdef CONFIG_IPL_VM
343 #
344 # reset files in VM reader
345 #
346         stidp   __LC_CPUID              # store cpuid
347         tm      __LC_CPUID,0xff         # running VM ?
348         bno     .Lnoreset
349         la      %r2,.Lreset
350         lhi     %r3,26
351         diag    %r2,%r3,8
352         la      %r5,.Lirb
353         stsch   0(%r5)                  # check if irq is pending
354         tm      30(%r5),0x0f            # by verifying if any of the
355         bnz     .Lwaitforirq            # activity or status control
356         tm      31(%r5),0xff            # bits is set in the schib
357         bz      .Lnoreset
358 .Lwaitforirq:
359         mvc     0x78(8),.Lrdrnewpsw     # set up IO interrupt psw
360 .Lwaitrdrirq:
361         lpsw    .Lrdrwaitpsw
362 .Lrdrint:
363         c       %r1,0xb8                # compare subchannel number
364         bne     .Lwaitrdrirq
365         la      %r5,.Lirb
366         tsch    0(%r5)
367 .Lnoreset:
368         b       .Lnoload
369
370         .align  8
371 .Lrdrnewpsw:
372         .long   0x00080000,0x80000000+.Lrdrint
373 .Lrdrwaitpsw:
374         .long   0x020a0000,0x80000000+.Lrdrint
375 #endif
376
377 #
378 # everything loaded, go for it
379 #
380 .Lnoload:
381         l       %r1,.Lstartup
382         br      %r1
383
384 .Linitrd:.long _end + 0x400000          # default address of initrd
385 .Lparm: .long  PARMAREA
386 .Lstartup: .long startup
387 .Lcvtab:.long   _ebcasc                 # ebcdic to ascii table
388 .Lreset:.byte   0xc3,0xc8,0xc1,0xd5,0xc7,0xc5,0x40,0xd9,0xc4,0xd9,0x40
389         .byte   0xc1,0xd3,0xd3,0x40,0xd2,0xc5,0xc5,0xd7,0x40,0xd5,0xd6
390         .byte   0xc8,0xd6,0xd3,0xc4     # "change rdr all keep nohold"
391 .L_eof: .long   0xc5d6c600       /* C'EOF' */
392 .L_hdr: .long   0xc8c4d900       /* C'HDR' */
393
394 #endif  /* CONFIG_IPL */
395
396 #
397 # SALIPL loader support. Based on a patch by Rob van der Heij.
398 # This entry point is called directly from the SALIPL loader and
399 # doesn't need a builtin ipl record.
400 #
401         .org    0x800
402         .globl  start
403 start:
404         stm     %r0,%r15,0x07b0         # store registers
405         basr    %r12,%r0
406 .base:
407         l       %r11,.parm
408         l       %r8,.cmd                # pointer to command buffer
409
410         ltr     %r9,%r9                 # do we have SALIPL parameters?
411         bp      .sk8x8
412
413         mvc     0(64,%r8),0x00b0        # copy saved registers
414         xc      64(240-64,%r8),0(%r8)   # remainder of buffer
415         tr      0(64,%r8),.lowcase
416         b       .gotr
417 .sk8x8:
418         mvc     0(240,%r8),0(%r9)       # copy iplparms into buffer
419 .gotr:
420         l       %r10,.tbl               # EBCDIC to ASCII table
421         tr      0(240,%r8),0(%r10)
422         slr     %r0,%r0
423         st      %r0,INITRD_SIZE+ARCH_OFFSET-PARMAREA(%r11)
424         st      %r0,INITRD_START+ARCH_OFFSET-PARMAREA(%r11)
425         j       startup                 # continue with startup
426 .tbl:   .long   _ebcasc                 # translate table
427 .cmd:   .long   COMMAND_LINE            # address of command line buffer
428 .parm:  .long   PARMAREA
429 .lowcase:
430         .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
431         .byte 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
432         .byte 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17
433         .byte 0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f
434         .byte 0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27
435         .byte 0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f
436         .byte 0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37
437         .byte 0x38,0x39,0x3a,0x3b,0x3c,0x3d,0x3e,0x3f
438         .byte 0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47
439         .byte 0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f
440         .byte 0x50,0x51,0x52,0x53,0x54,0x55,0x56,0x57
441         .byte 0x58,0x59,0x5a,0x5b,0x5c,0x5d,0x5e,0x5f
442         .byte 0x60,0x61,0x62,0x63,0x64,0x65,0x66,0x67
443         .byte 0x68,0x69,0x6a,0x6b,0x6c,0x6d,0x6e,0x6f
444         .byte 0x70,0x71,0x72,0x73,0x74,0x75,0x76,0x77
445         .byte 0x78,0x79,0x7a,0x7b,0x7c,0x7d,0x7e,0x7f
446
447         .byte 0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87
448         .byte 0x88,0x89,0x8a,0x8b,0x8c,0x8d,0x8e,0x8f
449         .byte 0x90,0x91,0x92,0x93,0x94,0x95,0x96,0x97
450         .byte 0x98,0x99,0x9a,0x9b,0x9c,0x9d,0x9e,0x9f
451         .byte 0xa0,0xa1,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7
452         .byte 0xa8,0xa9,0xaa,0xab,0xac,0xad,0xae,0xaf
453         .byte 0xb0,0xb1,0xb2,0xb3,0xb4,0xb5,0xb6,0xb7
454         .byte 0xb8,0xb9,0xba,0xbb,0xbc,0xbd,0xbe,0xbf
455         .byte 0xc0,0x81,0x82,0x83,0x84,0x85,0x86,0x87   # .abcdefg
456         .byte 0x88,0x89,0xca,0xcb,0xcc,0xcd,0xce,0xcf   # hi
457         .byte 0xd0,0x91,0x92,0x93,0x94,0x95,0x96,0x97   # .jklmnop
458         .byte 0x98,0x99,0xda,0xdb,0xdc,0xdd,0xde,0xdf   # qr
459         .byte 0xe0,0xe1,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7   # ..stuvwx
460         .byte 0xa8,0xa9,0xea,0xeb,0xec,0xed,0xee,0xef   # yz
461         .byte 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7
462         .byte 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
463
464 #ifdef CONFIG_64BIT
465 #include "head64.S"
466 #else
467 #include "head31.S"
468 #endif