Documentation/frv/kernel-ABI.txt

			=================================
			INTERNAL KERNEL ABI FOR FR-V ARCH
			=================================

The internal FRV kernel ABI is not quite the same as the userspace ABI. A
number of the registers are used for special purposed, and the ABI is not
consistent between modules vs core, and MMU vs no-MMU.

This partly stems from the fact that FRV CPUs do not have a separate
supervisor stack pointer, and most of them do not have any scratch
registers, thus requiring at least one general purpose register to be
clobbered in such an event. Also, within the kernel core, it is possible to
simply jump or call directly between functions using a relative offset.
This cannot be extended to modules for the displacement is likely to be too
far. Thus in modules the address of a function to call must be calculated
in a register and then used, requiring two extra instructions.

This document has the following sections:

 (*) System call register ABI
 (*) CPU operating modes
 (*) Internal kernel-mode register ABI
 (*) Internal debug-mode register ABI
 (*) Virtual interrupt handling


========================
SYSTEM CALL REGISTER ABI
========================

When a system call is made, the following registers are effective:

	REGISTERS	CALL			RETURN
	===============	=======================	=======================
	GR7		System call number	Preserved
	GR8		Syscall arg #1		Return value
	GR9-GR13	Syscall arg #2-6	Preserved


===================
CPU OPERATING MODES
===================

The FR-V CPU has three basic operating modes. In order of increasing
capability:

  (1) User mode.

      Basic userspace running mode.

  (2) Kernel mode.

      Normal kernel mode. There are many additional control registers
      available that may be accessed in this mode, in addition to all the
      stuff available to user mode. This has two submodes:

      (a) Exceptions enabled (PSR.T == 1).

	  Exceptions will invoke the appropriate normal kernel mode
	  handler. On entry to the handler, the PSR.T bit will be cleared.

      (b) Exceptions disabled (PSR.T == 0).

	  No exceptions or interrupts may happen. Any mandatory exceptions
	  will cause the CPU to halt unless the CPU is told to jump into
	  debug mode instead.

  (3) Debug mode.

      No exceptions may happen in this mode. Memory protection and
      management exceptions will be flagged for later consideration, but
      the exception handler won't be invoked. Debugging traps such as
      hardware breakpoints and watchpoints will be ignored. This mode is
      entered only by debugging events obtained from the other two modes.

      All kernel mode registers may be accessed, plus a few extra debugging
      specific registers.


=================================
INTERNAL KERNEL-MODE REGISTER ABI
=================================

There are a number of permanent register assignments that are set up by
entry.S in the exception prologue. Note that there is a complete set of
exception prologues for each of user->kernel transition and kernel->kernel
transition. There are also user->debug and kernel->debug mode transition
prologues.


	REGISTER	FLAVOUR	USE
	===============	=======	==============================================
	GR1			Supervisor stack pointer
	GR15			Current thread info pointer
	GR16			GP-Rel base register for small data
	GR28			Current exception frame pointer (__frame)
	GR29			Current task pointer (current)
	GR30			Destroyed by kernel mode entry
	GR31		NOMMU	Destroyed by debug mode entry
	GR31		MMU	Destroyed by TLB miss kernel mode entry
	CCR.ICC2		Virtual interrupt disablement tracking
	CCCR.CC3		Cleared by exception prologue 
				(atomic op emulation)
	SCR0		MMU	See mmu-layout.txt.
	SCR1		MMU	See mmu-layout.txt.
	SCR2		MMU	Save for EAR0 (destroyed by icache insns 
					       in debug mode)
	SCR3		MMU	Save for GR31 during debug exceptions
	DAMR/IAMR	NOMMU	Fixed memory protection layout.
	DAMR/IAMR	MMU	See mmu-layout.txt.


Certain registers are also used or modified across function calls:

	REGISTER	CALL				RETURN
	===============	===============================	======================
	GR0		Fixed Zero			-
	GR2		Function call frame pointer
	GR3		Special				Preserved
	GR3-GR7		-				Clobbered
	GR8		Function call arg #1		Return value 
							(or clobbered)
	GR9		Function call arg #2		Return value MSW 
							(or clobbered)
	GR10-GR13	Function call arg #3-#6		Clobbered
	GR14		-				Clobbered
	GR15-GR16	Special				Preserved
	GR17-GR27	-				Preserved
	GR28-GR31	Special				Only accessed 
							explicitly
	LR		Return address after CALL	Clobbered
	CCR/CCCR	-				Mostly Clobbered


================================
INTERNAL DEBUG-MODE REGISTER ABI
================================

This is the same as the kernel-mode register ABI for functions calls. The
difference is that in debug-mode there's a different stack and a different
exception frame. Almost all the global registers from kernel-mode
(including the stack pointer) may be changed.

	REGISTER	FLAVOUR	USE
	===============	=======	==============================================
	GR1			Debug stack pointer
	GR16			GP-Rel base register for small data
	GR31			Current debug exception frame pointer 
				(__debug_frame)
	SCR3		MMU	Saved value of GR31


Note that debug mode is able to interfere with the kernel's emulated atomic
ops, so it must be exceedingly careful not to do any that would interact
with the main kernel in this regard. Hence the debug mode code (gdbstub) is
almost completely self-contained. The only external code used is the
sprintf family of functions.

Furthermore, break.S is so complicated because single-step mode does not
switch off on entry to an exception. That means unless manually disabled,
single-stepping will blithely go on stepping into things like interrupts.
See gdbstub.txt for more information.


==========================
VIRTUAL INTERRUPT HANDLING
==========================

Because accesses to the PSR is so slow, and to disable interrupts we have
to access it twice (once to read and once to write), we don't actually
disable interrupts at all if we don't have to. What we do instead is use
the ICC2 condition code flags to note virtual disablement, such that if we
then do take an interrupt, we note the flag, really disable interrupts, set
another flag and resume execution at the point the interrupt happened.
Setting condition flags as a side effect of an arithmetic or logical
instruction is really fast. This use of the ICC2 only occurs within the
kernel - it does not affect userspace.

The flags we use are:

 (*) CCR.ICC2.Z [Zero flag]

     Set to virtually disable interrupts, clear when interrupts are
     virtually enabled. Can be modified by logical instructions without
     affecting the Carry flag.

 (*) CCR.ICC2.C [Carry flag]

     Clear to indicate hardware interrupts are really disabled, set otherwise.


What happens is this:

 (1) Normal kernel-mode operation.

	ICC2.Z is 0, ICC2.C is 1.

 (2) An interrupt occurs. The exception prologue examines ICC2.Z and
     determines that nothing needs doing. This is done simply with an
     unlikely BEQ instruction.

 (3) The interrupts are disabled (local_irq_disable)

	ICC2.Z is set to 1.

 (4) If interrupts were then re-enabled (local_irq_enable):

	ICC2.Z would be set to 0.

     A TIHI #2 instruction (trap #2 if condition HI - Z==0 && C==0) would
     be used to trap if interrupts were now virtually enabled, but
     physically disabled - which they're not, so the trap isn't taken. The
     kernel would then be back to state (1).

 (5) An interrupt occurs. The exception prologue examines ICC2.Z and
     determines that the interrupt shouldn't actually have happened. It
     jumps aside, and there disabled interrupts by setting PSR.PIL to 14
     and then it clears ICC2.C.

 (6) If interrupts were then saved and disabled again (local_irq_save):

	ICC2.Z would be shifted into the save variable and masked off 
	(giving a 1).

	ICC2.Z would then be set to 1 (thus unchanged), and ICC2.C would be
	unaffected (ie: 0).

 (7) If interrupts were then restored from state (6) (local_irq_restore):

	ICC2.Z would be set to indicate the result of XOR'ing the saved
	value (ie: 1) with 1, which gives a result of 0 - thus leaving
	ICC2.Z set.

	ICC2.C would remain unaffected (ie: 0).

     A TIHI #2 instruction would be used to again assay the current state,
     but this would do nothing as Z==1.

 (8) If interrupts were then enabled (local_irq_enable):

	ICC2.Z would be cleared. ICC2.C would be left unaffected. Both
	flags would now be 0.

     A TIHI #2 instruction again issued to assay the current state would
     then trap as both Z==0 [interrupts virtually enabled] and C==0
     [interrupts really disabled] would then be true.

 (9) The trap #2 handler would simply enable hardware interrupts 
     (set PSR.PIL to 0), set ICC2.C to 1 and return.

(10) Immediately upon returning, the pending interrupt would be taken.

(11) The interrupt handler would take the path of actually processing the
     interrupt (ICC2.Z is clear, BEQ fails as per step (2)).

(12) The interrupt handler would then set ICC2.C to 1 since hardware
     interrupts are definitely enabled - or else the kernel wouldn't be here.

(13) On return from the interrupt handler, things would be back to state (1).

This trap (#2) is only available in kernel mode. In user mode it will
result in SIGILL.