1
/* SPDX-License-Identifier: GPL-2.0-only */
2
/*
3
 *
4
 * Copyright 2011 Paul Mackerras, IBM Corp. <[email protected]>
5
 *
6
 * Derived from book3s_rmhandlers.S and other files, which are:
7
 *
8
 * Copyright SUSE Linux Products GmbH 2009
9
 *
10
 * Authors: Alexander Graf <[email protected]>
11
 */
12

13
#include <linux/export.h>
14
#include <linux/linkage.h>
15
#include <linux/objtool.h>
16
#include <asm/ppc_asm.h>
17
#include <asm/code-patching-asm.h>
18
#include <asm/kvm_asm.h>
19
#include <asm/reg.h>
20
#include <asm/mmu.h>
21
#include <asm/page.h>
22
#include <asm/ptrace.h>
23
#include <asm/hvcall.h>
24
#include <asm/asm-offsets.h>
25
#include <asm/exception-64s.h>
26
#include <asm/kvm_book3s_asm.h>
27
#include <asm/book3s/64/mmu-hash.h>
28
#include <asm/tm.h>
29
#include <asm/opal.h>
30
#include <asm/thread_info.h>
31
#include <asm/asm-compat.h>
32
#include <asm/feature-fixups.h>
33
#include <asm/cpuidle.h>
34

35
/* Values in HSTATE_NAPPING(r13) */
36
#define NAPPING_CEDE	1
37
#define NAPPING_NOVCPU	2
38
#define NAPPING_UNSPLIT	3
39

40
/* Stack frame offsets for kvmppc_hv_entry */
41
#define SFS			160
42
#define STACK_SLOT_TRAP		(SFS-4)
43
#define STACK_SLOT_TID		(SFS-16)
44
#define STACK_SLOT_PSSCR	(SFS-24)
45
#define STACK_SLOT_PID		(SFS-32)
46
#define STACK_SLOT_IAMR		(SFS-40)
47
#define STACK_SLOT_CIABR	(SFS-48)
48
#define STACK_SLOT_DAWR0	(SFS-56)
49
#define STACK_SLOT_DAWRX0	(SFS-64)
50
#define STACK_SLOT_HFSCR	(SFS-72)
51
#define STACK_SLOT_AMR		(SFS-80)
52
#define STACK_SLOT_UAMOR	(SFS-88)
53
#define STACK_SLOT_FSCR		(SFS-96)
54

55
/*
56
 * Use the last LPID (all implemented LPID bits = 1) for partition switching.
57
 * This is reserved in the LPID allocator. POWER7 only implements 0x3ff, but
58
 * we write 0xfff into the LPID SPR anyway, which seems to work and just
59
 * ignores the top bits.
60
 */
61
#define   LPID_RSVD		0xfff
62

63
/*
64
 * Call kvmppc_hv_entry in real mode.
65
 * Must be called with interrupts hard-disabled.
66
 *
67
 * Input Registers:
68
 *
69
 * LR = return address to continue at after eventually re-enabling MMU
70
 */
71
_GLOBAL_TOC(kvmppc_hv_entry_trampoline)
72
	mflr	r0
73
	std	r0, PPC_LR_STKOFF(r1)
74
	stdu	r1, -112(r1)
75
	mfmsr	r10
76
	std	r10, HSTATE_HOST_MSR(r13)
77
	LOAD_REG_ADDR(r5, kvmppc_call_hv_entry)
78
	li	r0,MSR_RI
79
	andc	r0,r10,r0
80
	li	r6,MSR_IR | MSR_DR
81
	andc	r6,r10,r6
82
	mtmsrd	r0,1		/* clear RI in MSR */
83
	mtsrr0	r5
84
	mtsrr1	r6
85
	RFI_TO_KERNEL
86

87
kvmppc_call_hv_entry:
88
	ld	r4, HSTATE_KVM_VCPU(r13)
89
	bl	kvmppc_hv_entry
90

91
	/* Back from guest - restore host state and return to caller */
92

93
BEGIN_FTR_SECTION
94
	/* Restore host DABR and DABRX */
95
	ld	r5,HSTATE_DABR(r13)
96
	li	r6,7
97
	mtspr	SPRN_DABR,r5
98
	mtspr	SPRN_DABRX,r6
99
END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
100

101
	/* Restore SPRG3 */
102
	ld	r3,PACA_SPRG_VDSO(r13)
103
	mtspr	SPRN_SPRG_VDSO_WRITE,r3
104

105
	/* Reload the host's PMU registers */
106
	bl	kvmhv_load_host_pmu
107

108
	/*
109
	 * Reload DEC.  HDEC interrupts were disabled when
110
	 * we reloaded the host's LPCR value.
111
	 */
112
	ld	r3, HSTATE_DECEXP(r13)
113
	mftb	r4
114
	subf	r4, r4, r3
115
	mtspr	SPRN_DEC, r4
116

117
	/* hwthread_req may have got set by cede or no vcpu, so clear it */
118
	li	r0, 0
119
	stb	r0, HSTATE_HWTHREAD_REQ(r13)
120

121
	/*
122
	 * For external interrupts we need to call the Linux
123
	 * handler to process the interrupt. We do that by jumping
124
	 * to absolute address 0x500 for external interrupts.
125
	 * The [h]rfid at the end of the handler will return to
126
	 * the book3s_hv_interrupts.S code. For other interrupts
127
	 * we do the rfid to get back to the book3s_hv_interrupts.S
128
	 * code here.
129
	 */
130
	ld	r8, 112+PPC_LR_STKOFF(r1)
131
	addi	r1, r1, 112
132
	ld	r7, HSTATE_HOST_MSR(r13)
133

134
	/* Return the trap number on this thread as the return value */
135
	mr	r3, r12
136

137
	/* RFI into the highmem handler */
138
	mfmsr	r6
139
	li	r0, MSR_RI
140
	andc	r6, r6, r0
141
	mtmsrd	r6, 1			/* Clear RI in MSR */
142
	mtsrr0	r8
143
	mtsrr1	r7
144
	RFI_TO_KERNEL
145

146
kvmppc_primary_no_guest:
147
	/* We handle this much like a ceded vcpu */
148
	/* put the HDEC into the DEC, since HDEC interrupts don't wake us */
149
	/* HDEC may be larger than DEC for arch >= v3.00, but since the */
150
	/* HDEC value came from DEC in the first place, it will fit */
151
	mfspr	r3, SPRN_HDEC
152
	mtspr	SPRN_DEC, r3
153
	/*
154
	 * Make sure the primary has finished the MMU switch.
155
	 * We should never get here on a secondary thread, but
156
	 * check it for robustness' sake.
157
	 */
158
	ld	r5, HSTATE_KVM_VCORE(r13)
159
65:	lbz	r0, VCORE_IN_GUEST(r5)
160
	cmpwi	r0, 0
161
	beq	65b
162
	/* Set LPCR. */
163
	ld	r8,VCORE_LPCR(r5)
164
	mtspr	SPRN_LPCR,r8
165
	isync
166
	/* set our bit in napping_threads */
167
	ld	r5, HSTATE_KVM_VCORE(r13)
168
	lbz	r7, HSTATE_PTID(r13)
169
	li	r0, 1
170
	sld	r0, r0, r7
171
	addi	r6, r5, VCORE_NAPPING_THREADS
172
1:	lwarx	r3, 0, r6
173
	or	r3, r3, r0
174
	stwcx.	r3, 0, r6
175
	bne	1b
176
	/* order napping_threads update vs testing entry_exit_map */
177
	isync
178
	li	r12, 0
179
	lwz	r7, VCORE_ENTRY_EXIT(r5)
180
	cmpwi	r7, 0x100
181
	bge	kvm_novcpu_exit	/* another thread already exiting */
182
	li	r3, NAPPING_NOVCPU
183
	stb	r3, HSTATE_NAPPING(r13)
184

185
	li	r3, 0		/* Don't wake on privileged (OS) doorbell */
186
	b	kvm_do_nap
187

188
/*
189
 * kvm_novcpu_wakeup
190
 *	Entered from kvm_start_guest if kvm_hstate.napping is set
191
 *	to NAPPING_NOVCPU
192
 *		r2 = kernel TOC
193
 *		r13 = paca
194
 */
195
kvm_novcpu_wakeup:
196
	ld	r1, HSTATE_HOST_R1(r13)
197
	ld	r5, HSTATE_KVM_VCORE(r13)
198
	li	r0, 0
199
	stb	r0, HSTATE_NAPPING(r13)
200

201
	/* check the wake reason */
202
	bl	kvmppc_check_wake_reason
203

204
	/*
205
	 * Restore volatile registers since we could have called
206
	 * a C routine in kvmppc_check_wake_reason.
207
	 *	r5 = VCORE
208
	 */
209
	ld	r5, HSTATE_KVM_VCORE(r13)
210

211
	/* see if any other thread is already exiting */
212
	lwz	r0, VCORE_ENTRY_EXIT(r5)
213
	cmpwi	r0, 0x100
214
	bge	kvm_novcpu_exit
215

216
	/* clear our bit in napping_threads */
217
	lbz	r7, HSTATE_PTID(r13)
218
	li	r0, 1
219
	sld	r0, r0, r7
220
	addi	r6, r5, VCORE_NAPPING_THREADS
221
4:	lwarx	r7, 0, r6
222
	andc	r7, r7, r0
223
	stwcx.	r7, 0, r6
224
	bne	4b
225

226
	/* See if the wake reason means we need to exit */
227
	cmpdi	r3, 0
228
	bge	kvm_novcpu_exit
229

230
	/* See if our timeslice has expired (HDEC is negative) */
231
	mfspr	r0, SPRN_HDEC
232
	extsw	r0, r0
233
	li	r12, BOOK3S_INTERRUPT_HV_DECREMENTER
234
	cmpdi	r0, 0
235
	blt	kvm_novcpu_exit
236

237
	/* Got an IPI but other vcpus aren't yet exiting, must be a latecomer */
238
	ld	r4, HSTATE_KVM_VCPU(r13)
239
	cmpdi	r4, 0
240
	beq	kvmppc_primary_no_guest
241

242
#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
243
	addi	r3, r4, VCPU_TB_RMENTRY
244
	bl	kvmhv_start_timing
245
#endif
246
	b	kvmppc_got_guest
247

248
kvm_novcpu_exit:
249
#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
250
	ld	r4, HSTATE_KVM_VCPU(r13)
251
	cmpdi	r4, 0
252
	beq	13f
253
	addi	r3, r4, VCPU_TB_RMEXIT
254
	bl	kvmhv_accumulate_time
255
#endif
256
13:	mr	r3, r12
257
	stw	r12, STACK_SLOT_TRAP(r1)
258
	bl	kvmhv_commence_exit
259
	nop
260
	b	kvmhv_switch_to_host
261

262
/*
263
 * We come in here when wakened from Linux offline idle code.
264
 * Relocation is off
265
 * r3 contains the SRR1 wakeup value, SRR1 is trashed.
266
 */
267
_GLOBAL(idle_kvm_start_guest)
268
	mfcr	r5
269
	mflr	r0
270
	std	r5, 8(r1)	// Save CR in caller's frame
271
	std	r0, 16(r1)	// Save LR in caller's frame
272
	// Create frame on emergency stack
273
	ld	r4, PACAEMERGSP(r13)
274
	stdu	r1, -SWITCH_FRAME_SIZE(r4)
275
	// Switch to new frame on emergency stack
276
	mr	r1, r4
277
	std	r3, 32(r1)	// Save SRR1 wakeup value
278
	SAVE_NVGPRS(r1)
279

280
	/*
281
	 * Could avoid this and pass it through in r3. For now,
282
	 * code expects it to be in SRR1.
283
	 */
284
	mtspr	SPRN_SRR1,r3
285

286
	li	r0,0
287
	stb	r0,PACA_FTRACE_ENABLED(r13)
288

289
	li	r0,KVM_HWTHREAD_IN_KVM
290
	stb	r0,HSTATE_HWTHREAD_STATE(r13)
291

292
	/* kvm cede / napping does not come through here */
293
	lbz	r0,HSTATE_NAPPING(r13)
294
	twnei	r0,0
295

296
	b	1f
297

298
kvm_unsplit_wakeup:
299
	li	r0, 0
300
	stb	r0, HSTATE_NAPPING(r13)
301

302
1:
303

304
	/*
305
	 * We weren't napping due to cede, so this must be a secondary
306
	 * thread being woken up to run a guest, or being woken up due
307
	 * to a stray IPI.  (Or due to some machine check or hypervisor
308
	 * maintenance interrupt while the core is in KVM.)
309
	 */
310

311
	/* Check the wake reason in SRR1 to see why we got here */
312
	bl	kvmppc_check_wake_reason
313
	/*
314
	 * kvmppc_check_wake_reason could invoke a C routine, but we
315
	 * have no volatile registers to restore when we return.
316
	 */
317

318
	cmpdi	r3, 0
319
	bge	kvm_no_guest
320

321
	/* get vcore pointer, NULL if we have nothing to run */
322
	ld	r5,HSTATE_KVM_VCORE(r13)
323
	cmpdi	r5,0
324
	/* if we have no vcore to run, go back to sleep */
325
	beq	kvm_no_guest
326

327
kvm_secondary_got_guest:
328

329
	// About to go to guest, clear saved SRR1
330
	li	r0, 0
331
	std	r0, 32(r1)
332

333
	/* Set HSTATE_DSCR(r13) to something sensible */
334
	ld	r6, PACA_DSCR_DEFAULT(r13)
335
	std	r6, HSTATE_DSCR(r13)
336

337
	/* On thread 0 of a subcore, set HDEC to max */
338
	lbz	r4, HSTATE_PTID(r13)
339
	cmpwi	r4, 0
340
	bne	63f
341
	lis	r6,0x7fff		/* MAX_INT@h */
342
	mtspr	SPRN_HDEC, r6
343
	/* and set per-LPAR registers, if doing dynamic micro-threading */
344
	ld	r6, HSTATE_SPLIT_MODE(r13)
345
	cmpdi	r6, 0
346
	beq	63f
347
	ld	r0, KVM_SPLIT_RPR(r6)
348
	mtspr	SPRN_RPR, r0
349
	ld	r0, KVM_SPLIT_PMMAR(r6)
350
	mtspr	SPRN_PMMAR, r0
351
	ld	r0, KVM_SPLIT_LDBAR(r6)
352
	mtspr	SPRN_LDBAR, r0
353
	isync
354
63:
355
	/* Order load of vcpu after load of vcore */
356
	lwsync
357
	ld	r4, HSTATE_KVM_VCPU(r13)
358
	bl	kvmppc_hv_entry
359

360
	/* Back from the guest, go back to nap */
361
	/* Clear our vcpu and vcore pointers so we don't come back in early */
362
	li	r0, 0
363
	std	r0, HSTATE_KVM_VCPU(r13)
364
	/*
365
	 * Once we clear HSTATE_KVM_VCORE(r13), the code in
366
	 * kvmppc_run_core() is going to assume that all our vcpu
367
	 * state is visible in memory.  This lwsync makes sure
368
	 * that that is true.
369
	 */
370
	lwsync
371
	std	r0, HSTATE_KVM_VCORE(r13)
372

373
	/*
374
	 * All secondaries exiting guest will fall through this path.
375
	 * Before proceeding, just check for HMI interrupt and
376
	 * invoke opal hmi handler. By now we are sure that the
377
	 * primary thread on this core/subcore has already made partition
378
	 * switch/TB resync and we are good to call opal hmi handler.
379
	 */
380
	cmpwi	r12, BOOK3S_INTERRUPT_HMI
381
	bne	kvm_no_guest
382

383
	li	r3,0			/* NULL argument */
384
	bl	CFUNC(hmi_exception_realmode)
385
/*
386
 * At this point we have finished executing in the guest.
387
 * We need to wait for hwthread_req to become zero, since
388
 * we may not turn on the MMU while hwthread_req is non-zero.
389
 * While waiting we also need to check if we get given a vcpu to run.
390
 */
391
kvm_no_guest:
392
	lbz	r3, HSTATE_HWTHREAD_REQ(r13)
393
	cmpwi	r3, 0
394
	bne	53f
395
	HMT_MEDIUM
396
	li	r0, KVM_HWTHREAD_IN_KERNEL
397
	stb	r0, HSTATE_HWTHREAD_STATE(r13)
398
	/* need to recheck hwthread_req after a barrier, to avoid race */
399
	sync
400
	lbz	r3, HSTATE_HWTHREAD_REQ(r13)
401
	cmpwi	r3, 0
402
	bne	54f
403

404
	/*
405
	 * Jump to idle_return_gpr_loss, which returns to the
406
	 * idle_kvm_start_guest caller.
407
	 */
408
	li	r3, LPCR_PECE0
409
	mfspr	r4, SPRN_LPCR
410
	rlwimi	r4, r3, 0, LPCR_PECE0 | LPCR_PECE1
411
	mtspr	SPRN_LPCR, r4
412
	// Return SRR1 wakeup value, or 0 if we went into the guest
413
	ld	r3, 32(r1)
414
	REST_NVGPRS(r1)
415
	ld	r1, 0(r1)	// Switch back to caller stack
416
	ld	r0, 16(r1)	// Reload LR
417
	ld	r5, 8(r1)	// Reload CR
418
	mtlr	r0
419
	mtcr	r5
420
	blr
421

422
53:
423
	HMT_LOW
424
	ld	r5, HSTATE_KVM_VCORE(r13)
425
	cmpdi	r5, 0
426
	bne	60f
427
	ld	r3, HSTATE_SPLIT_MODE(r13)
428
	cmpdi	r3, 0
429
	beq	kvm_no_guest
430
	lbz	r0, KVM_SPLIT_DO_NAP(r3)
431
	cmpwi	r0, 0
432
	beq	kvm_no_guest
433
	HMT_MEDIUM
434
	b	kvm_unsplit_nap
435
60:	HMT_MEDIUM
436
	b	kvm_secondary_got_guest
437

438
54:	li	r0, KVM_HWTHREAD_IN_KVM
439
	stb	r0, HSTATE_HWTHREAD_STATE(r13)
440
	b	kvm_no_guest
441

442
/*
443
 * Here the primary thread is trying to return the core to
444
 * whole-core mode, so we need to nap.
445
 */
446
kvm_unsplit_nap:
447
	/*
448
	 * When secondaries are napping in kvm_unsplit_nap() with
449
	 * hwthread_req = 1, HMI goes ignored even though subcores are
450
	 * already exited the guest. Hence HMI keeps waking up secondaries
451
	 * from nap in a loop and secondaries always go back to nap since
452
	 * no vcore is assigned to them. This makes impossible for primary
453
	 * thread to get hold of secondary threads resulting into a soft
454
	 * lockup in KVM path.
455
	 *
456
	 * Let us check if HMI is pending and handle it before we go to nap.
457
	 */
458
	cmpwi	r12, BOOK3S_INTERRUPT_HMI
459
	bne	55f
460
	li	r3, 0			/* NULL argument */
461
	bl	CFUNC(hmi_exception_realmode)
462
55:
463
	/*
464
	 * Ensure that secondary doesn't nap when it has
465
	 * its vcore pointer set.
466
	 */
467
	sync		/* matches smp_mb() before setting split_info.do_nap */
468
	ld	r0, HSTATE_KVM_VCORE(r13)
469
	cmpdi	r0, 0
470
	bne	kvm_no_guest
471
	/* clear any pending message */
472
BEGIN_FTR_SECTION
473
	lis	r6, (PPC_DBELL_SERVER << (63-36))@h
474
	PPC_MSGCLR(6)
475
END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
476
	/* Set kvm_split_mode.napped[tid] = 1 */
477
	ld	r3, HSTATE_SPLIT_MODE(r13)
478
	li	r0, 1
479
	lhz	r4, PACAPACAINDEX(r13)
480
	clrldi	r4, r4, 61	/* micro-threading => P8 => 8 threads/core */
481
	addi	r4, r4, KVM_SPLIT_NAPPED
482
	stbx	r0, r3, r4
483
	/* Check the do_nap flag again after setting napped[] */
484
	sync
485
	lbz	r0, KVM_SPLIT_DO_NAP(r3)
486
	cmpwi	r0, 0
487
	beq	57f
488
	li	r3, NAPPING_UNSPLIT
489
	stb	r3, HSTATE_NAPPING(r13)
490
	li	r3, (LPCR_PECEDH | LPCR_PECE0) >> 4
491
	mfspr	r5, SPRN_LPCR
492
	rlwimi	r5, r3, 4, (LPCR_PECEDP | LPCR_PECEDH | LPCR_PECE0 | LPCR_PECE1)
493
	b	kvm_nap_sequence
494

495
57:	li	r0, 0
496
	stbx	r0, r3, r4
497
	b	kvm_no_guest
498

499
/******************************************************************************
500
 *                                                                            *
501
 *                               Entry code                                   *
502
 *                                                                            *
503
 *****************************************************************************/
504

505
SYM_CODE_START_LOCAL(kvmppc_hv_entry)
506

507
	/* Required state:
508
	 *
509
	 * R4 = vcpu pointer (or NULL)
510
	 * MSR = ~IR|DR
511
	 * R13 = PACA
512
	 * R1 = host R1
513
	 * R2 = TOC
514
	 * all other volatile GPRS = free
515
	 * Does not preserve non-volatile GPRs or CR fields
516
	 */
517
	mflr	r0
518
	std	r0, PPC_LR_STKOFF(r1)
519
	stdu	r1, -SFS(r1)
520

521
	/* Save R1 in the PACA */
522
	std	r1, HSTATE_HOST_R1(r13)
523

524
	li	r6, KVM_GUEST_MODE_HOST_HV
525
	stb	r6, HSTATE_IN_GUEST(r13)
526

527
#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
528
	/* Store initial timestamp */
529
	cmpdi	r4, 0
530
	beq	1f
531
	addi	r3, r4, VCPU_TB_RMENTRY
532
	bl	kvmhv_start_timing
533
1:
534
#endif
535

536
	ld	r5, HSTATE_KVM_VCORE(r13)
537
	ld	r9, VCORE_KVM(r5)	/* pointer to struct kvm */
538

539
	/*
540
	 * POWER7/POWER8 host -> guest partition switch code.
541
	 * We don't have to lock against concurrent tlbies,
542
	 * but we do have to coordinate across hardware threads.
543
	 */
544
	/* Set bit in entry map iff exit map is zero. */
545
	li	r7, 1
546
	lbz	r6, HSTATE_PTID(r13)
547
	sld	r7, r7, r6
548
	addi	r8, r5, VCORE_ENTRY_EXIT
549
21:	lwarx	r3, 0, r8
550
	cmpwi	r3, 0x100		/* any threads starting to exit? */
551
	bge	secondary_too_late	/* if so we're too late to the party */
552
	or	r3, r3, r7
553
	stwcx.	r3, 0, r8
554
	bne	21b
555

556
	/* Primary thread switches to guest partition. */
557
	cmpwi	r6,0
558
	bne	10f
559

560
	lwz	r7,KVM_LPID(r9)
561
	ld	r6,KVM_SDR1(r9)
562
	li	r0,LPID_RSVD		/* switch to reserved LPID */
563
	mtspr	SPRN_LPID,r0
564
	ptesync
565
	mtspr	SPRN_SDR1,r6		/* switch to partition page table */
566
	mtspr	SPRN_LPID,r7
567
	isync
568

569
	/* See if we need to flush the TLB. */
570
	mr	r3, r9			/* kvm pointer */
571
	lhz	r4, PACAPACAINDEX(r13)	/* physical cpu number */
572
	li	r5, 0			/* nested vcpu pointer */
573
	bl	kvmppc_check_need_tlb_flush
574
	nop
575
	ld	r5, HSTATE_KVM_VCORE(r13)
576

577
	/* Add timebase offset onto timebase */
578
22:	ld	r8,VCORE_TB_OFFSET(r5)
579
	cmpdi	r8,0
580
	beq	37f
581
	std	r8, VCORE_TB_OFFSET_APPL(r5)
582
	mftb	r6		/* current host timebase */
583
	add	r8,r8,r6
584
	mtspr	SPRN_TBU40,r8	/* update upper 40 bits */
585
	mftb	r7		/* check if lower 24 bits overflowed */
586
	clrldi	r6,r6,40
587
	clrldi	r7,r7,40
588
	cmpld	r7,r6
589
	bge	37f
590
	addis	r8,r8,0x100	/* if so, increment upper 40 bits */
591
	mtspr	SPRN_TBU40,r8
592

593
	/* Load guest PCR value to select appropriate compat mode */
594
37:	ld	r7, VCORE_PCR(r5)
595
	LOAD_REG_IMMEDIATE(r6, PCR_MASK)
596
	cmpld	r7, r6
597
	beq	38f
598
	or	r7, r7, r6
599
	mtspr	SPRN_PCR, r7
600
38:
601

602
BEGIN_FTR_SECTION
603
	/* DPDES and VTB are shared between threads */
604
	ld	r8, VCORE_DPDES(r5)
605
	ld	r7, VCORE_VTB(r5)
606
	mtspr	SPRN_DPDES, r8
607
	mtspr	SPRN_VTB, r7
608
END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
609

610
	/* Mark the subcore state as inside guest */
611
	bl	kvmppc_subcore_enter_guest
612
	nop
613
	ld	r5, HSTATE_KVM_VCORE(r13)
614
	ld	r4, HSTATE_KVM_VCPU(r13)
615
	li	r0,1
616
	stb	r0,VCORE_IN_GUEST(r5)	/* signal secondaries to continue */
617

618
	/* Do we have a guest vcpu to run? */
619
10:	cmpdi	r4, 0
620
	beq	kvmppc_primary_no_guest
621
kvmppc_got_guest:
622
	/* Increment yield count if they have a VPA */
623
	ld	r3, VCPU_VPA(r4)
624
	cmpdi	r3, 0
625
	beq	25f
626
	li	r6, LPPACA_YIELDCOUNT
627
	LWZX_BE	r5, r3, r6
628
	addi	r5, r5, 1
629
	STWX_BE	r5, r3, r6
630
	li	r6, 1
631
	stb	r6, VCPU_VPA_DIRTY(r4)
632
25:
633

634
	/* Save purr/spurr */
635
	mfspr	r5,SPRN_PURR
636
	mfspr	r6,SPRN_SPURR
637
	std	r5,HSTATE_PURR(r13)
638
	std	r6,HSTATE_SPURR(r13)
639
	ld	r7,VCPU_PURR(r4)
640
	ld	r8,VCPU_SPURR(r4)
641
	mtspr	SPRN_PURR,r7
642
	mtspr	SPRN_SPURR,r8
643

644
	/* Save host values of some registers */
645
BEGIN_FTR_SECTION
646
	mfspr	r5, SPRN_CIABR
647
	mfspr	r6, SPRN_DAWR0
648
	mfspr	r7, SPRN_DAWRX0
649
	mfspr	r8, SPRN_IAMR
650
	std	r5, STACK_SLOT_CIABR(r1)
651
	std	r6, STACK_SLOT_DAWR0(r1)
652
	std	r7, STACK_SLOT_DAWRX0(r1)
653
	std	r8, STACK_SLOT_IAMR(r1)
654
	mfspr	r5, SPRN_FSCR
655
	std	r5, STACK_SLOT_FSCR(r1)
656
END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
657

658
	mfspr	r5, SPRN_AMR
659
	std	r5, STACK_SLOT_AMR(r1)
660
	mfspr	r6, SPRN_UAMOR
661
	std	r6, STACK_SLOT_UAMOR(r1)
662

663
BEGIN_FTR_SECTION
664
	/* Set partition DABR */
665
	/* Do this before re-enabling PMU to avoid P7 DABR corruption bug */
666
	lwz	r5,VCPU_DABRX(r4)
667
	ld	r6,VCPU_DABR(r4)
668
	mtspr	SPRN_DABRX,r5
669
	mtspr	SPRN_DABR,r6
670
	isync
671
END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
672

673
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
674
BEGIN_FTR_SECTION
675
	b	91f
676
END_FTR_SECTION_IFCLR(CPU_FTR_TM)
677
	/*
678
	 * NOTE THAT THIS TRASHES ALL NON-VOLATILE REGISTERS (but not CR)
679
	 */
680
	mr      r3, r4
681
	ld      r4, VCPU_MSR(r3)
682
	li	r5, 0			/* don't preserve non-vol regs */
683
	bl	kvmppc_restore_tm_hv
684
	nop
685
	ld	r4, HSTATE_KVM_VCPU(r13)
686
91:
687
#endif
688

689
	/* Load guest PMU registers; r4 = vcpu pointer here */
690
	mr	r3, r4
691
	bl	kvmhv_load_guest_pmu
692

693
	/* Load up FP, VMX and VSX registers */
694
	ld	r4, HSTATE_KVM_VCPU(r13)
695
	bl	kvmppc_load_fp
696

697
	ld	r14, VCPU_GPR(R14)(r4)
698
	ld	r15, VCPU_GPR(R15)(r4)
699
	ld	r16, VCPU_GPR(R16)(r4)
700
	ld	r17, VCPU_GPR(R17)(r4)
701
	ld	r18, VCPU_GPR(R18)(r4)
702
	ld	r19, VCPU_GPR(R19)(r4)
703
	ld	r20, VCPU_GPR(R20)(r4)
704
	ld	r21, VCPU_GPR(R21)(r4)
705
	ld	r22, VCPU_GPR(R22)(r4)
706
	ld	r23, VCPU_GPR(R23)(r4)
707
	ld	r24, VCPU_GPR(R24)(r4)
708
	ld	r25, VCPU_GPR(R25)(r4)
709
	ld	r26, VCPU_GPR(R26)(r4)
710
	ld	r27, VCPU_GPR(R27)(r4)
711
	ld	r28, VCPU_GPR(R28)(r4)
712
	ld	r29, VCPU_GPR(R29)(r4)
713
	ld	r30, VCPU_GPR(R30)(r4)
714
	ld	r31, VCPU_GPR(R31)(r4)
715

716
	/* Switch DSCR to guest value */
717
	ld	r5, VCPU_DSCR(r4)
718
	mtspr	SPRN_DSCR, r5
719

720
BEGIN_FTR_SECTION
721
	/* Skip next section on POWER7 */
722
	b	8f
723
END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
724
	/* Load up POWER8-specific registers */
725
	ld	r5, VCPU_IAMR(r4)
726
	lwz	r6, VCPU_PSPB(r4)
727
	ld	r7, VCPU_FSCR(r4)
728
	mtspr	SPRN_IAMR, r5
729
	mtspr	SPRN_PSPB, r6
730
	mtspr	SPRN_FSCR, r7
731
	/*
732
	 * Handle broken DAWR case by not writing it. This means we
733
	 * can still store the DAWR register for migration.
734
	 */
735
	LOAD_REG_ADDR(r5, dawr_force_enable)
736
	lbz	r5, 0(r5)
737
	cmpdi	r5, 0
738
	beq	1f
739
	ld	r5, VCPU_DAWR0(r4)
740
	ld	r6, VCPU_DAWRX0(r4)
741
	mtspr	SPRN_DAWR0, r5
742
	mtspr	SPRN_DAWRX0, r6
743
1:
744
	ld	r7, VCPU_CIABR(r4)
745
	ld	r8, VCPU_TAR(r4)
746
	mtspr	SPRN_CIABR, r7
747
	mtspr	SPRN_TAR, r8
748
	ld	r5, VCPU_IC(r4)
749
	ld	r8, VCPU_EBBHR(r4)
750
	mtspr	SPRN_IC, r5
751
	mtspr	SPRN_EBBHR, r8
752
	ld	r5, VCPU_EBBRR(r4)
753
	ld	r6, VCPU_BESCR(r4)
754
	lwz	r7, VCPU_GUEST_PID(r4)
755
	ld	r8, VCPU_WORT(r4)
756
	mtspr	SPRN_EBBRR, r5
757
	mtspr	SPRN_BESCR, r6
758
	mtspr	SPRN_PID, r7
759
	mtspr	SPRN_WORT, r8
760
	/* POWER8-only registers */
761
	ld	r5, VCPU_TCSCR(r4)
762
	ld	r6, VCPU_ACOP(r4)
763
	ld	r7, VCPU_CSIGR(r4)
764
	ld	r8, VCPU_TACR(r4)
765
	mtspr	SPRN_TCSCR, r5
766
	mtspr	SPRN_ACOP, r6
767
	mtspr	SPRN_CSIGR, r7
768
	mtspr	SPRN_TACR, r8
769
	nop
770
8:
771

772
	ld	r5, VCPU_SPRG0(r4)
773
	ld	r6, VCPU_SPRG1(r4)
774
	ld	r7, VCPU_SPRG2(r4)
775
	ld	r8, VCPU_SPRG3(r4)
776
	mtspr	SPRN_SPRG0, r5
777
	mtspr	SPRN_SPRG1, r6
778
	mtspr	SPRN_SPRG2, r7
779
	mtspr	SPRN_SPRG3, r8
780

781
	/* Load up DAR and DSISR */
782
	ld	r5, VCPU_DAR(r4)
783
	lwz	r6, VCPU_DSISR(r4)
784
	mtspr	SPRN_DAR, r5
785
	mtspr	SPRN_DSISR, r6
786

787
	/* Restore AMR and UAMOR, set AMOR to all 1s */
788
	ld	r5,VCPU_AMR(r4)
789
	ld	r6,VCPU_UAMOR(r4)
790
	mtspr	SPRN_AMR,r5
791
	mtspr	SPRN_UAMOR,r6
792

793
	/* Restore state of CTRL run bit; the host currently has it set to 1 */
794
	lwz	r5,VCPU_CTRL(r4)
795
	andi.	r5,r5,1
796
	bne	4f
797
	li	r6,0
798
	mtspr	SPRN_CTRLT,r6
799
4:
800
	/* Secondary threads wait for primary to have done partition switch */
801
	ld	r5, HSTATE_KVM_VCORE(r13)
802
	lbz	r6, HSTATE_PTID(r13)
803
	cmpwi	r6, 0
804
	beq	21f
805
	lbz	r0, VCORE_IN_GUEST(r5)
806
	cmpwi	r0, 0
807
	bne	21f
808
	HMT_LOW
809
20:	lwz	r3, VCORE_ENTRY_EXIT(r5)
810
	cmpwi	r3, 0x100
811
	bge	no_switch_exit
812
	lbz	r0, VCORE_IN_GUEST(r5)
813
	cmpwi	r0, 0
814
	beq	20b
815
	HMT_MEDIUM
816
21:
817
	/* Set LPCR. */
818
	ld	r8,VCORE_LPCR(r5)
819
	mtspr	SPRN_LPCR,r8
820
	isync
821

822
	/*
823
	 * Set the decrementer to the guest decrementer.
824
	 */
825
	ld	r8,VCPU_DEC_EXPIRES(r4)
826
	mftb	r7
827
	subf	r3,r7,r8
828
	mtspr	SPRN_DEC,r3
829

830
	/* Check if HDEC expires soon */
831
	mfspr	r3, SPRN_HDEC
832
	extsw	r3, r3
833
	cmpdi	r3, 512		/* 1 microsecond */
834
	blt	hdec_soon
835

836
	/* Clear out and reload the SLB */
837
	li	r6, 0
838
	slbmte	r6, r6
839
	PPC_SLBIA(6)
840
	ptesync
841

842
	/* Load up guest SLB entries (N.B. slb_max will be 0 for radix) */
843
	lwz	r5,VCPU_SLB_MAX(r4)
844
	cmpwi	r5,0
845
	beq	9f
846
	mtctr	r5
847
	addi	r6,r4,VCPU_SLB
848
1:	ld	r8,VCPU_SLB_E(r6)
849
	ld	r9,VCPU_SLB_V(r6)
850
	slbmte	r9,r8
851
	addi	r6,r6,VCPU_SLB_SIZE
852
	bdnz	1b
853
9:
854

855
deliver_guest_interrupt:	/* r4 = vcpu, r13 = paca */
856
	/* Check if we can deliver an external or decrementer interrupt now */
857
	ld	r0, VCPU_PENDING_EXC(r4)
858
	cmpdi	r0, 0
859
	beq	71f
860
	mr	r3, r4
861
	bl	CFUNC(kvmppc_guest_entry_inject_int)
862
	ld	r4, HSTATE_KVM_VCPU(r13)
863
71:
864
	ld	r6, VCPU_SRR0(r4)
865
	ld	r7, VCPU_SRR1(r4)
866
	mtspr	SPRN_SRR0, r6
867
	mtspr	SPRN_SRR1, r7
868

869
	ld	r10, VCPU_PC(r4)
870
	ld	r11, VCPU_MSR(r4)
871
	/* r11 = vcpu->arch.msr & ~MSR_HV */
872
	rldicl	r11, r11, 63 - MSR_HV_LG, 1
873
	rotldi	r11, r11, 1 + MSR_HV_LG
874
	ori	r11, r11, MSR_ME
875

876
	ld	r6, VCPU_CTR(r4)
877
	ld	r7, VCPU_XER(r4)
878
	mtctr	r6
879
	mtxer	r7
880

881
/*
882
 * Required state:
883
 * R4 = vcpu
884
 * R10: value for HSRR0
885
 * R11: value for HSRR1
886
 * R13 = PACA
887
 */
888
fast_guest_return:
889
	li	r0,0
890
	stb	r0,VCPU_CEDED(r4)	/* cancel cede */
891
	mtspr	SPRN_HSRR0,r10
892
	mtspr	SPRN_HSRR1,r11
893

894
	/* Activate guest mode, so faults get handled by KVM */
895
	li	r9, KVM_GUEST_MODE_GUEST_HV
896
	stb	r9, HSTATE_IN_GUEST(r13)
897

898
#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
899
	/* Accumulate timing */
900
	addi	r3, r4, VCPU_TB_GUEST
901
	bl	kvmhv_accumulate_time
902
#endif
903

904
	/* Enter guest */
905

906
BEGIN_FTR_SECTION
907
	ld	r5, VCPU_CFAR(r4)
908
	mtspr	SPRN_CFAR, r5
909
END_FTR_SECTION_IFSET(CPU_FTR_CFAR)
910
BEGIN_FTR_SECTION
911
	ld	r0, VCPU_PPR(r4)
912
END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR)
913

914
	ld	r5, VCPU_LR(r4)
915
	mtlr	r5
916

917
	ld	r1, VCPU_GPR(R1)(r4)
918
	ld	r5, VCPU_GPR(R5)(r4)
919
	ld	r8, VCPU_GPR(R8)(r4)
920
	ld	r9, VCPU_GPR(R9)(r4)
921
	ld	r10, VCPU_GPR(R10)(r4)
922
	ld	r11, VCPU_GPR(R11)(r4)
923
	ld	r12, VCPU_GPR(R12)(r4)
924
	ld	r13, VCPU_GPR(R13)(r4)
925

926
BEGIN_FTR_SECTION
927
	mtspr	SPRN_PPR, r0
928
END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR)
929

930
	ld	r6, VCPU_GPR(R6)(r4)
931
	ld	r7, VCPU_GPR(R7)(r4)
932

933
	ld	r0, VCPU_CR(r4)
934
	mtcr	r0
935

936
	ld	r0, VCPU_GPR(R0)(r4)
937
	ld	r2, VCPU_GPR(R2)(r4)
938
	ld	r3, VCPU_GPR(R3)(r4)
939
	ld	r4, VCPU_GPR(R4)(r4)
940
	HRFI_TO_GUEST
941
	b	.
942
SYM_CODE_END(kvmppc_hv_entry)
943

944
secondary_too_late:
945
	li	r12, 0
946
	stw	r12, STACK_SLOT_TRAP(r1)
947
	cmpdi	r4, 0
948
	beq	11f
949
	stw	r12, VCPU_TRAP(r4)
950
#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
951
	addi	r3, r4, VCPU_TB_RMEXIT
952
	bl	kvmhv_accumulate_time
953
#endif
954
11:	b	kvmhv_switch_to_host
955

956
no_switch_exit:
957
	HMT_MEDIUM
958
	li	r12, 0
959
	b	12f
960
hdec_soon:
961
	li	r12, BOOK3S_INTERRUPT_HV_DECREMENTER
962
12:	stw	r12, VCPU_TRAP(r4)
963
	mr	r9, r4
964
#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
965
	addi	r3, r4, VCPU_TB_RMEXIT
966
	bl	kvmhv_accumulate_time
967
#endif
968
	b	guest_bypass
969

970
/******************************************************************************
971
 *                                                                            *
972
 *                               Exit code                                    *
973
 *                                                                            *
974
 *****************************************************************************/
975

976
/*
977
 * We come here from the first-level interrupt handlers.
978
 */
979
	.globl	kvmppc_interrupt_hv
980
kvmppc_interrupt_hv:
981
	/*
982
	 * Register contents:
983
	 * R9		= HSTATE_IN_GUEST
984
	 * R12		= (guest CR << 32) | interrupt vector
985
	 * R13		= PACA
986
	 * guest R12 saved in shadow VCPU SCRATCH0
987
	 * guest R13 saved in SPRN_SCRATCH0
988
	 * guest R9 saved in HSTATE_SCRATCH2
989
	 */
990
	/* We're now back in the host but in guest MMU context */
991
	cmpwi	r9,KVM_GUEST_MODE_HOST_HV
992
	beq	kvmppc_bad_host_intr
993
	li	r9, KVM_GUEST_MODE_HOST_HV
994
	stb	r9, HSTATE_IN_GUEST(r13)
995

996
	ld	r9, HSTATE_KVM_VCPU(r13)
997

998
	/* Save registers */
999

1000
	std	r0, VCPU_GPR(R0)(r9)
1001
	std	r1, VCPU_GPR(R1)(r9)
1002
	std	r2, VCPU_GPR(R2)(r9)
1003
	std	r3, VCPU_GPR(R3)(r9)
1004
	std	r4, VCPU_GPR(R4)(r9)
1005
	std	r5, VCPU_GPR(R5)(r9)
1006
	std	r6, VCPU_GPR(R6)(r9)
1007
	std	r7, VCPU_GPR(R7)(r9)
1008
	std	r8, VCPU_GPR(R8)(r9)
1009
	ld	r0, HSTATE_SCRATCH2(r13)
1010
	std	r0, VCPU_GPR(R9)(r9)
1011
	std	r10, VCPU_GPR(R10)(r9)
1012
	std	r11, VCPU_GPR(R11)(r9)
1013
	ld	r3, HSTATE_SCRATCH0(r13)
1014
	std	r3, VCPU_GPR(R12)(r9)
1015
	/* CR is in the high half of r12 */
1016
	srdi	r4, r12, 32
1017
	std	r4, VCPU_CR(r9)
1018
BEGIN_FTR_SECTION
1019
	ld	r3, HSTATE_CFAR(r13)
1020
	std	r3, VCPU_CFAR(r9)
1021
END_FTR_SECTION_IFSET(CPU_FTR_CFAR)
1022
BEGIN_FTR_SECTION
1023
	ld	r4, HSTATE_PPR(r13)
1024
	std	r4, VCPU_PPR(r9)
1025
END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR)
1026

1027
	/* Restore R1/R2 so we can handle faults */
1028
	ld	r1, HSTATE_HOST_R1(r13)
1029
	LOAD_PACA_TOC()
1030

1031
	mfspr	r10, SPRN_SRR0
1032
	mfspr	r11, SPRN_SRR1
1033
	std	r10, VCPU_SRR0(r9)
1034
	std	r11, VCPU_SRR1(r9)
1035
	/* trap is in the low half of r12, clear CR from the high half */
1036
	clrldi	r12, r12, 32
1037
	andi.	r0, r12, 2		/* need to read HSRR0/1? */
1038
	beq	1f
1039
	mfspr	r10, SPRN_HSRR0
1040
	mfspr	r11, SPRN_HSRR1
1041
	clrrdi	r12, r12, 2
1042
1:	std	r10, VCPU_PC(r9)
1043
	std	r11, VCPU_MSR(r9)
1044

1045
	GET_SCRATCH0(r3)
1046
	mflr	r4
1047
	std	r3, VCPU_GPR(R13)(r9)
1048
	std	r4, VCPU_LR(r9)
1049

1050
	stw	r12,VCPU_TRAP(r9)
1051

1052
	/*
1053
	 * Now that we have saved away SRR0/1 and HSRR0/1,
1054
	 * interrupts are recoverable in principle, so set MSR_RI.
1055
	 * This becomes important for relocation-on interrupts from
1056
	 * the guest, which we can get in radix mode on POWER9.
1057
	 */
1058
	li	r0, MSR_RI
1059
	mtmsrd	r0, 1
1060

1061
#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
1062
	addi	r3, r9, VCPU_TB_RMINTR
1063
	mr	r4, r9
1064
	bl	kvmhv_accumulate_time
1065
	ld	r5, VCPU_GPR(R5)(r9)
1066
	ld	r6, VCPU_GPR(R6)(r9)
1067
	ld	r7, VCPU_GPR(R7)(r9)
1068
	ld	r8, VCPU_GPR(R8)(r9)
1069
#endif
1070

1071
	/* Save HEIR (HV emulation assist reg) in emul_inst
1072
	   if this is an HEI (HV emulation interrupt, e40) */
1073
	li	r3,KVM_INST_FETCH_FAILED
1074
	std	r3,VCPU_LAST_INST(r9)
1075
	cmpwi	r12,BOOK3S_INTERRUPT_H_EMUL_ASSIST
1076
	bne	11f
1077
	mfspr	r3,SPRN_HEIR
1078
11:	std	r3,VCPU_HEIR(r9)
1079

1080
	/* these are volatile across C function calls */
1081
	mfctr	r3
1082
	mfxer	r4
1083
	std	r3, VCPU_CTR(r9)
1084
	std	r4, VCPU_XER(r9)
1085

1086
	/* Save more register state  */
1087
	mfdar	r3
1088
	mfdsisr	r4
1089
	std	r3, VCPU_DAR(r9)
1090
	stw	r4, VCPU_DSISR(r9)
1091

1092
	/* If this is a page table miss then see if it's theirs or ours */
1093
	cmpwi	r12, BOOK3S_INTERRUPT_H_DATA_STORAGE
1094
	beq	kvmppc_hdsi
1095
	std	r3, VCPU_FAULT_DAR(r9)
1096
	stw	r4, VCPU_FAULT_DSISR(r9)
1097
	cmpwi	r12, BOOK3S_INTERRUPT_H_INST_STORAGE
1098
	beq	kvmppc_hisi
1099

1100
	/* See if this is a leftover HDEC interrupt */
1101
	cmpwi	r12,BOOK3S_INTERRUPT_HV_DECREMENTER
1102
	bne	2f
1103
	mfspr	r3,SPRN_HDEC
1104
	extsw	r3, r3
1105
	cmpdi	r3,0
1106
	mr	r4,r9
1107
	bge	fast_guest_return
1108
2:
1109
	/* See if this is an hcall we can handle in real mode */
1110
	cmpwi	r12,BOOK3S_INTERRUPT_SYSCALL
1111
	beq	hcall_try_real_mode
1112

1113
	/* Hypervisor doorbell - exit only if host IPI flag set */
1114
	cmpwi	r12, BOOK3S_INTERRUPT_H_DOORBELL
1115
	bne	3f
1116
	lbz	r0, HSTATE_HOST_IPI(r13)
1117
	cmpwi	r0, 0
1118
	beq	maybe_reenter_guest
1119
	b	guest_exit_cont
1120
3:
1121
	/* If it's a hypervisor facility unavailable interrupt, save HFSCR */
1122
	cmpwi	r12, BOOK3S_INTERRUPT_H_FAC_UNAVAIL
1123
	bne	14f
1124
	mfspr	r3, SPRN_HFSCR
1125
	std	r3, VCPU_HFSCR(r9)
1126
	b	guest_exit_cont
1127
14:
1128
	/* External interrupt ? */
1129
	cmpwi	r12, BOOK3S_INTERRUPT_EXTERNAL
1130
	beq	kvmppc_guest_external
1131
	/* See if it is a machine check */
1132
	cmpwi	r12, BOOK3S_INTERRUPT_MACHINE_CHECK
1133
	beq	machine_check_realmode
1134
	/* Or a hypervisor maintenance interrupt */
1135
	cmpwi	r12, BOOK3S_INTERRUPT_HMI
1136
	beq	hmi_realmode
1137

1138
guest_exit_cont:		/* r9 = vcpu, r12 = trap, r13 = paca */
1139

1140
#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
1141
	addi	r3, r9, VCPU_TB_RMEXIT
1142
	mr	r4, r9
1143
	bl	kvmhv_accumulate_time
1144
#endif
1145

1146
	/*
1147
	 * Possibly flush the link stack here, before we do a blr in
1148
	 * kvmhv_switch_to_host.
1149
	 */
1150
1:	nop
1151
	patch_site 1b patch__call_kvm_flush_link_stack
1152

1153
	/* For hash guest, read the guest SLB and save it away */
1154
	li	r5, 0
1155
	lwz	r0,VCPU_SLB_NR(r9)	/* number of entries in SLB */
1156
	mtctr	r0
1157
	li	r6,0
1158
	addi	r7,r9,VCPU_SLB
1159
1:	slbmfee	r8,r6
1160
	andis.	r0,r8,SLB_ESID_V@h
1161
	beq	2f
1162
	add	r8,r8,r6		/* put index in */
1163
	slbmfev	r3,r6
1164
	std	r8,VCPU_SLB_E(r7)
1165
	std	r3,VCPU_SLB_V(r7)
1166
	addi	r7,r7,VCPU_SLB_SIZE
1167
	addi	r5,r5,1
1168
2:	addi	r6,r6,1
1169
	bdnz	1b
1170
	/* Finally clear out the SLB */
1171
	li	r0,0
1172
	slbmte	r0,r0
1173
	PPC_SLBIA(6)
1174
	ptesync
1175
	stw	r5,VCPU_SLB_MAX(r9)
1176

1177
	/* load host SLB entries */
1178
	ld	r8,PACA_SLBSHADOWPTR(r13)
1179

1180
	.rept	SLB_NUM_BOLTED
1181
	li	r3, SLBSHADOW_SAVEAREA
1182
	LDX_BE	r5, r8, r3
1183
	addi	r3, r3, 8
1184
	LDX_BE	r6, r8, r3
1185
	andis.	r7,r5,SLB_ESID_V@h
1186
	beq	1f
1187
	slbmte	r6,r5
1188
1:	addi	r8,r8,16
1189
	.endr
1190

1191
guest_bypass:
1192
	stw	r12, STACK_SLOT_TRAP(r1)
1193

1194
	/* Save DEC */
1195
	/* Do this before kvmhv_commence_exit so we know TB is guest TB */
1196
	ld	r3, HSTATE_KVM_VCORE(r13)
1197
	mfspr	r5,SPRN_DEC
1198
	mftb	r6
1199
	extsw	r5,r5
1200
16:	add	r5,r5,r6
1201
	std	r5,VCPU_DEC_EXPIRES(r9)
1202

1203
	/* Increment exit count, poke other threads to exit */
1204
	mr 	r3, r12
1205
	bl	kvmhv_commence_exit
1206
	nop
1207
	ld	r9, HSTATE_KVM_VCPU(r13)
1208

1209
	/* Stop others sending VCPU interrupts to this physical CPU */
1210
	li	r0, -1
1211
	stw	r0, VCPU_CPU(r9)
1212
	stw	r0, VCPU_THREAD_CPU(r9)
1213

1214
	/* Save guest CTRL register, set runlatch to 1 if it was clear */
1215
	mfspr	r6,SPRN_CTRLF
1216
	stw	r6,VCPU_CTRL(r9)
1217
	andi.	r0,r6,1
1218
	bne	4f
1219
	li	r6,1
1220
	mtspr	SPRN_CTRLT,r6
1221
4:
1222
	/*
1223
	 * Save the guest PURR/SPURR
1224
	 */
1225
	mfspr	r5,SPRN_PURR
1226
	mfspr	r6,SPRN_SPURR
1227
	ld	r7,VCPU_PURR(r9)
1228
	ld	r8,VCPU_SPURR(r9)
1229
	std	r5,VCPU_PURR(r9)
1230
	std	r6,VCPU_SPURR(r9)
1231
	subf	r5,r7,r5
1232
	subf	r6,r8,r6
1233

1234
	/*
1235
	 * Restore host PURR/SPURR and add guest times
1236
	 * so that the time in the guest gets accounted.
1237
	 */
1238
	ld	r3,HSTATE_PURR(r13)
1239
	ld	r4,HSTATE_SPURR(r13)
1240
	add	r3,r3,r5
1241
	add	r4,r4,r6
1242
	mtspr	SPRN_PURR,r3
1243
	mtspr	SPRN_SPURR,r4
1244

1245
BEGIN_FTR_SECTION
1246
	b	8f
1247
END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
1248
	/* Save POWER8-specific registers */
1249
	mfspr	r5, SPRN_IAMR
1250
	mfspr	r6, SPRN_PSPB
1251
	mfspr	r7, SPRN_FSCR
1252
	std	r5, VCPU_IAMR(r9)
1253
	stw	r6, VCPU_PSPB(r9)
1254
	std	r7, VCPU_FSCR(r9)
1255
	mfspr	r5, SPRN_IC
1256
	mfspr	r7, SPRN_TAR
1257
	std	r5, VCPU_IC(r9)
1258
	std	r7, VCPU_TAR(r9)
1259
	mfspr	r8, SPRN_EBBHR
1260
	std	r8, VCPU_EBBHR(r9)
1261
	mfspr	r5, SPRN_EBBRR
1262
	mfspr	r6, SPRN_BESCR
1263
	mfspr	r7, SPRN_PID
1264
	mfspr	r8, SPRN_WORT
1265
	std	r5, VCPU_EBBRR(r9)
1266
	std	r6, VCPU_BESCR(r9)
1267
	stw	r7, VCPU_GUEST_PID(r9)
1268
	std	r8, VCPU_WORT(r9)
1269
	mfspr	r5, SPRN_TCSCR
1270
	mfspr	r6, SPRN_ACOP
1271
	mfspr	r7, SPRN_CSIGR
1272
	mfspr	r8, SPRN_TACR
1273
	std	r5, VCPU_TCSCR(r9)
1274
	std	r6, VCPU_ACOP(r9)
1275
	std	r7, VCPU_CSIGR(r9)
1276
	std	r8, VCPU_TACR(r9)
1277
BEGIN_FTR_SECTION
1278
	ld	r5, STACK_SLOT_FSCR(r1)
1279
	mtspr	SPRN_FSCR, r5
1280
END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
1281
	/*
1282
	 * Restore various registers to 0, where non-zero values
1283
	 * set by the guest could disrupt the host.
1284
	 */
1285
	li	r0, 0
1286
	mtspr	SPRN_PSPB, r0
1287
	mtspr	SPRN_WORT, r0
1288
	mtspr	SPRN_TCSCR, r0
1289
	/* Set MMCRS to 1<<31 to freeze and disable the SPMC counters */
1290
	li	r0, 1
1291
	sldi	r0, r0, 31
1292
	mtspr	SPRN_MMCRS, r0
1293

1294
	/* Save and restore AMR, IAMR and UAMOR before turning on the MMU */
1295
	ld	r8, STACK_SLOT_IAMR(r1)
1296
	mtspr	SPRN_IAMR, r8
1297

1298
8:	/* Power7 jumps back in here */
1299
	mfspr	r5,SPRN_AMR
1300
	mfspr	r6,SPRN_UAMOR
1301
	std	r5,VCPU_AMR(r9)
1302
	std	r6,VCPU_UAMOR(r9)
1303
	ld	r5,STACK_SLOT_AMR(r1)
1304
	ld	r6,STACK_SLOT_UAMOR(r1)
1305
	mtspr	SPRN_AMR, r5
1306
	mtspr	SPRN_UAMOR, r6
1307

1308
	/* Switch DSCR back to host value */
1309
	mfspr	r8, SPRN_DSCR
1310
	ld	r7, HSTATE_DSCR(r13)
1311
	std	r8, VCPU_DSCR(r9)
1312
	mtspr	SPRN_DSCR, r7
1313

1314
	/* Save non-volatile GPRs */
1315
	std	r14, VCPU_GPR(R14)(r9)
1316
	std	r15, VCPU_GPR(R15)(r9)
1317
	std	r16, VCPU_GPR(R16)(r9)
1318
	std	r17, VCPU_GPR(R17)(r9)
1319
	std	r18, VCPU_GPR(R18)(r9)
1320
	std	r19, VCPU_GPR(R19)(r9)
1321
	std	r20, VCPU_GPR(R20)(r9)
1322
	std	r21, VCPU_GPR(R21)(r9)
1323
	std	r22, VCPU_GPR(R22)(r9)
1324
	std	r23, VCPU_GPR(R23)(r9)
1325
	std	r24, VCPU_GPR(R24)(r9)
1326
	std	r25, VCPU_GPR(R25)(r9)
1327
	std	r26, VCPU_GPR(R26)(r9)
1328
	std	r27, VCPU_GPR(R27)(r9)
1329
	std	r28, VCPU_GPR(R28)(r9)
1330
	std	r29, VCPU_GPR(R29)(r9)
1331
	std	r30, VCPU_GPR(R30)(r9)
1332
	std	r31, VCPU_GPR(R31)(r9)
1333

1334
	/* Save SPRGs */
1335
	mfspr	r3, SPRN_SPRG0
1336
	mfspr	r4, SPRN_SPRG1
1337
	mfspr	r5, SPRN_SPRG2
1338
	mfspr	r6, SPRN_SPRG3
1339
	std	r3, VCPU_SPRG0(r9)
1340
	std	r4, VCPU_SPRG1(r9)
1341
	std	r5, VCPU_SPRG2(r9)
1342
	std	r6, VCPU_SPRG3(r9)
1343

1344
	/* save FP state */
1345
	mr	r3, r9
1346
	bl	kvmppc_save_fp
1347

1348
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
1349
BEGIN_FTR_SECTION
1350
	b	91f
1351
END_FTR_SECTION_IFCLR(CPU_FTR_TM)
1352
	/*
1353
	 * NOTE THAT THIS TRASHES ALL NON-VOLATILE REGISTERS (but not CR)
1354
	 */
1355
	mr      r3, r9
1356
	ld      r4, VCPU_MSR(r3)
1357
	li	r5, 0			/* don't preserve non-vol regs */
1358
	bl	kvmppc_save_tm_hv
1359
	nop
1360
	ld	r9, HSTATE_KVM_VCPU(r13)
1361
91:
1362
#endif
1363

1364
	/* Increment yield count if they have a VPA */
1365
	ld	r8, VCPU_VPA(r9)	/* do they have a VPA? */
1366
	cmpdi	r8, 0
1367
	beq	25f
1368
	li	r4, LPPACA_YIELDCOUNT
1369
	LWZX_BE	r3, r8, r4
1370
	addi	r3, r3, 1
1371
	STWX_BE	r3, r8, r4
1372
	li	r3, 1
1373
	stb	r3, VCPU_VPA_DIRTY(r9)
1374
25:
1375
	/* Save PMU registers if requested */
1376
	/* r8 and cr0.eq are live here */
1377
	mr	r3, r9
1378
	li	r4, 1
1379
	beq	21f			/* if no VPA, save PMU stuff anyway */
1380
	lbz	r4, LPPACA_PMCINUSE(r8)
1381
21:	bl	kvmhv_save_guest_pmu
1382
	ld	r9, HSTATE_KVM_VCPU(r13)
1383

1384
	/* Restore host values of some registers */
1385
BEGIN_FTR_SECTION
1386
	ld	r5, STACK_SLOT_CIABR(r1)
1387
	ld	r6, STACK_SLOT_DAWR0(r1)
1388
	ld	r7, STACK_SLOT_DAWRX0(r1)
1389
	mtspr	SPRN_CIABR, r5
1390
	/*
1391
	 * If the DAWR doesn't work, it's ok to write these here as
1392
	 * this value should always be zero
1393
	*/
1394
	mtspr	SPRN_DAWR0, r6
1395
	mtspr	SPRN_DAWRX0, r7
1396
END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
1397

1398
	/*
1399
	 * POWER7/POWER8 guest -> host partition switch code.
1400
	 * We don't have to lock against tlbies but we do
1401
	 * have to coordinate the hardware threads.
1402
	 * Here STACK_SLOT_TRAP(r1) contains the trap number.
1403
	 */
1404
kvmhv_switch_to_host:
1405
	/* Secondary threads wait for primary to do partition switch */
1406
	ld	r5,HSTATE_KVM_VCORE(r13)
1407
	ld	r4,VCORE_KVM(r5)	/* pointer to struct kvm */
1408
	lbz	r3,HSTATE_PTID(r13)
1409
	cmpwi	r3,0
1410
	beq	15f
1411
	HMT_LOW
1412
13:	lbz	r3,VCORE_IN_GUEST(r5)
1413
	cmpwi	r3,0
1414
	bne	13b
1415
	HMT_MEDIUM
1416
	b	16f
1417

1418
	/* Primary thread waits for all the secondaries to exit guest */
1419
15:	lwz	r3,VCORE_ENTRY_EXIT(r5)
1420
	rlwinm	r0,r3,32-8,0xff
1421
	clrldi	r3,r3,56
1422
	cmpw	r3,r0
1423
	bne	15b
1424
	isync
1425

1426
	/* Did we actually switch to the guest at all? */
1427
	lbz	r6, VCORE_IN_GUEST(r5)
1428
	cmpwi	r6, 0
1429
	beq	19f
1430

1431
	/* Primary thread switches back to host partition */
1432
	lwz	r7,KVM_HOST_LPID(r4)
1433
	ld	r6,KVM_HOST_SDR1(r4)
1434
	li	r8,LPID_RSVD		/* switch to reserved LPID */
1435
	mtspr	SPRN_LPID,r8
1436
	ptesync
1437
	mtspr	SPRN_SDR1,r6		/* switch to host page table */
1438
	mtspr	SPRN_LPID,r7
1439
	isync
1440

1441
BEGIN_FTR_SECTION
1442
	/* DPDES and VTB are shared between threads */
1443
	mfspr	r7, SPRN_DPDES
1444
	mfspr	r8, SPRN_VTB
1445
	std	r7, VCORE_DPDES(r5)
1446
	std	r8, VCORE_VTB(r5)
1447
	/* clear DPDES so we don't get guest doorbells in the host */
1448
	li	r8, 0
1449
	mtspr	SPRN_DPDES, r8
1450
END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
1451

1452
	/* Subtract timebase offset from timebase */
1453
	ld	r8, VCORE_TB_OFFSET_APPL(r5)
1454
	cmpdi	r8,0
1455
	beq	17f
1456
	li	r0, 0
1457
	std	r0, VCORE_TB_OFFSET_APPL(r5)
1458
	mftb	r6			/* current guest timebase */
1459
	subf	r8,r8,r6
1460
	mtspr	SPRN_TBU40,r8		/* update upper 40 bits */
1461
	mftb	r7			/* check if lower 24 bits overflowed */
1462
	clrldi	r6,r6,40
1463
	clrldi	r7,r7,40
1464
	cmpld	r7,r6
1465
	bge	17f
1466
	addis	r8,r8,0x100		/* if so, increment upper 40 bits */
1467
	mtspr	SPRN_TBU40,r8
1468

1469
17:
1470
	/*
1471
	 * If this is an HMI, we called kvmppc_realmode_hmi_handler
1472
	 * above, which may or may not have already called
1473
	 * kvmppc_subcore_exit_guest.  Fortunately, all that
1474
	 * kvmppc_subcore_exit_guest does is clear a flag, so calling
1475
	 * it again here is benign even if kvmppc_realmode_hmi_handler
1476
	 * has already called it.
1477
	 */
1478
	bl	kvmppc_subcore_exit_guest
1479
	nop
1480
30:	ld	r5,HSTATE_KVM_VCORE(r13)
1481
	ld	r4,VCORE_KVM(r5)	/* pointer to struct kvm */
1482

1483
	/* Reset PCR */
1484
	ld	r0, VCORE_PCR(r5)
1485
	LOAD_REG_IMMEDIATE(r6, PCR_MASK)
1486
	cmpld	r0, r6
1487
	beq	18f
1488
	mtspr	SPRN_PCR, r6
1489
18:
1490
	/* Signal secondary CPUs to continue */
1491
	li	r0, 0
1492
	stb	r0,VCORE_IN_GUEST(r5)
1493
19:	lis	r8,0x7fff		/* MAX_INT@h */
1494
	mtspr	SPRN_HDEC,r8
1495

1496
16:	ld	r8,KVM_HOST_LPCR(r4)
1497
	mtspr	SPRN_LPCR,r8
1498
	isync
1499

1500
#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
1501
	/* Finish timing, if we have a vcpu */
1502
	ld	r4, HSTATE_KVM_VCPU(r13)
1503
	cmpdi	r4, 0
1504
	li	r3, 0
1505
	beq	2f
1506
	bl	kvmhv_accumulate_time
1507
2:
1508
#endif
1509
	/* Unset guest mode */
1510
	li	r0, KVM_GUEST_MODE_NONE
1511
	stb	r0, HSTATE_IN_GUEST(r13)
1512

1513
	lwz	r12, STACK_SLOT_TRAP(r1)	/* return trap # in r12 */
1514
	ld	r0, SFS+PPC_LR_STKOFF(r1)
1515
	addi	r1, r1, SFS
1516
	mtlr	r0
1517
	blr
1518

1519
.balign 32
1520
.global kvm_flush_link_stack
1521
kvm_flush_link_stack:
1522
	/* Save LR into r0 */
1523
	mflr	r0
1524

1525
	/* Flush the link stack. On Power8 it's up to 32 entries in size. */
1526
	.rept 32
1527
	bl	.+4
1528
	.endr
1529

1530
	/* And on Power9 it's up to 64. */
1531
BEGIN_FTR_SECTION
1532
	.rept 32
1533
	bl	.+4
1534
	.endr
1535
END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300)
1536

1537
	/* Restore LR */
1538
	mtlr	r0
1539
	blr
1540

1541
kvmppc_guest_external:
1542
	/* External interrupt, first check for host_ipi. If this is
1543
	 * set, we know the host wants us out so let's do it now
1544
	 */
1545
	bl	CFUNC(kvmppc_read_intr)
1546

1547
	/*
1548
	 * Restore the active volatile registers after returning from
1549
	 * a C function.
1550
	 */
1551
	ld	r9, HSTATE_KVM_VCPU(r13)
1552
	li	r12, BOOK3S_INTERRUPT_EXTERNAL
1553

1554
	/*
1555
	 * kvmppc_read_intr return codes:
1556
	 *
1557
	 * Exit to host (r3 > 0)
1558
	 *   1 An interrupt is pending that needs to be handled by the host
1559
	 *     Exit guest and return to host by branching to guest_exit_cont
1560
	 *
1561
	 *   2 Passthrough that needs completion in the host
1562
	 *     Exit guest and return to host by branching to guest_exit_cont
1563
	 *     However, we also set r12 to BOOK3S_INTERRUPT_HV_RM_HARD
1564
	 *     to indicate to the host to complete handling the interrupt
1565
	 *
1566
	 * Before returning to guest, we check if any CPU is heading out
1567
	 * to the host and if so, we head out also. If no CPUs are heading
1568
	 * check return values <= 0.
1569
	 *
1570
	 * Return to guest (r3 <= 0)
1571
	 *  0 No external interrupt is pending
1572
	 * -1 A guest wakeup IPI (which has now been cleared)
1573
	 *    In either case, we return to guest to deliver any pending
1574
	 *    guest interrupts.
1575
	 *
1576
	 * -2 A PCI passthrough external interrupt was handled
1577
	 *    (interrupt was delivered directly to guest)
1578
	 *    Return to guest to deliver any pending guest interrupts.
1579
	 */
1580

1581
	cmpdi	r3, 1
1582
	ble	1f
1583

1584
	/* Return code = 2 */
1585
	li	r12, BOOK3S_INTERRUPT_HV_RM_HARD
1586
	stw	r12, VCPU_TRAP(r9)
1587
	b	guest_exit_cont
1588

1589
1:	/* Return code <= 1 */
1590
	cmpdi	r3, 0
1591
	bgt	guest_exit_cont
1592

1593
	/* Return code <= 0 */
1594
maybe_reenter_guest:
1595
	ld	r5, HSTATE_KVM_VCORE(r13)
1596
	lwz	r0, VCORE_ENTRY_EXIT(r5)
1597
	cmpwi	r0, 0x100
1598
	mr	r4, r9
1599
	blt	deliver_guest_interrupt
1600
	b	guest_exit_cont
1601

1602
/*
1603
 * Check whether an HDSI is an HPTE not found fault or something else.
1604
 * If it is an HPTE not found fault that is due to the guest accessing
1605
 * a page that they have mapped but which we have paged out, then
1606
 * we continue on with the guest exit path.  In all other cases,
1607
 * reflect the HDSI to the guest as a DSI.
1608
 */
1609
kvmppc_hdsi:
1610
	mfspr	r4, SPRN_HDAR
1611
	mfspr	r6, SPRN_HDSISR
1612
	/* HPTE not found fault or protection fault? */
1613
	andis.	r0, r6, (DSISR_NOHPTE | DSISR_PROTFAULT)@h
1614
	beq	1f			/* if not, send it to the guest */
1615
	andi.	r0, r11, MSR_DR		/* data relocation enabled? */
1616
	beq	3f
1617
	clrrdi	r0, r4, 28
1618
	PPC_SLBFEE_DOT(R5, R0)		/* if so, look up SLB */
1619
	li	r0, BOOK3S_INTERRUPT_DATA_SEGMENT
1620
	bne	7f			/* if no SLB entry found */
1621
4:	std	r4, VCPU_FAULT_DAR(r9)
1622
	stw	r6, VCPU_FAULT_DSISR(r9)
1623

1624
	/* Search the hash table. */
1625
	mr	r3, r9			/* vcpu pointer */
1626
	li	r7, 1			/* data fault */
1627
	bl	CFUNC(kvmppc_hpte_hv_fault)
1628
	ld	r9, HSTATE_KVM_VCPU(r13)
1629
	ld	r10, VCPU_PC(r9)
1630
	ld	r11, VCPU_MSR(r9)
1631
	li	r12, BOOK3S_INTERRUPT_H_DATA_STORAGE
1632
	cmpdi	r3, 0			/* retry the instruction */
1633
	beq	6f
1634
	cmpdi	r3, -1			/* handle in kernel mode */
1635
	beq	guest_exit_cont
1636
	cmpdi	r3, -2			/* MMIO emulation; need instr word */
1637
	beq	2f
1638

1639
	/* Synthesize a DSI (or DSegI) for the guest */
1640
	ld	r4, VCPU_FAULT_DAR(r9)
1641
	mr	r6, r3
1642
1:	li	r0, BOOK3S_INTERRUPT_DATA_STORAGE
1643
	mtspr	SPRN_DSISR, r6
1644
7:	mtspr	SPRN_DAR, r4
1645
	mtspr	SPRN_SRR0, r10
1646
	mtspr	SPRN_SRR1, r11
1647
	mr	r10, r0
1648
	bl	kvmppc_msr_interrupt
1649
fast_interrupt_c_return:
1650
6:	ld	r7, VCPU_CTR(r9)
1651
	ld	r8, VCPU_XER(r9)
1652
	mtctr	r7
1653
	mtxer	r8
1654
	mr	r4, r9
1655
	b	fast_guest_return
1656

1657
3:	ld	r5, VCPU_KVM(r9)	/* not relocated, use VRMA */
1658
	ld	r5, KVM_VRMA_SLB_V(r5)
1659
	b	4b
1660

1661
	/* If this is for emulated MMIO, load the instruction word */
1662
2:	li	r8, KVM_INST_FETCH_FAILED	/* In case lwz faults */
1663

1664
	/* Set guest mode to 'jump over instruction' so if lwz faults
1665
	 * we'll just continue at the next IP. */
1666
	li	r0, KVM_GUEST_MODE_SKIP
1667
	stb	r0, HSTATE_IN_GUEST(r13)
1668

1669
	/* Do the access with MSR:DR enabled */
1670
	mfmsr	r3
1671
	ori	r4, r3, MSR_DR		/* Enable paging for data */
1672
	mtmsrd	r4
1673
	lwz	r8, 0(r10)
1674
	mtmsrd	r3
1675

1676
	/* Store the result */
1677
	std	r8, VCPU_LAST_INST(r9)
1678

1679
	/* Unset guest mode. */
1680
	li	r0, KVM_GUEST_MODE_HOST_HV
1681
	stb	r0, HSTATE_IN_GUEST(r13)
1682
	b	guest_exit_cont
1683

1684
/*
1685
 * Similarly for an HISI, reflect it to the guest as an ISI unless
1686
 * it is an HPTE not found fault for a page that we have paged out.
1687
 */
1688
kvmppc_hisi:
1689
	andis.	r0, r11, SRR1_ISI_NOPT@h
1690
	beq	1f
1691
	andi.	r0, r11, MSR_IR		/* instruction relocation enabled? */
1692
	beq	3f
1693
	clrrdi	r0, r10, 28
1694
	PPC_SLBFEE_DOT(R5, R0)		/* if so, look up SLB */
1695
	li	r0, BOOK3S_INTERRUPT_INST_SEGMENT
1696
	bne	7f			/* if no SLB entry found */
1697
4:
1698
	/* Search the hash table. */
1699
	mr	r3, r9			/* vcpu pointer */
1700
	mr	r4, r10
1701
	mr	r6, r11
1702
	li	r7, 0			/* instruction fault */
1703
	bl	CFUNC(kvmppc_hpte_hv_fault)
1704
	ld	r9, HSTATE_KVM_VCPU(r13)
1705
	ld	r10, VCPU_PC(r9)
1706
	ld	r11, VCPU_MSR(r9)
1707
	li	r12, BOOK3S_INTERRUPT_H_INST_STORAGE
1708
	cmpdi	r3, 0			/* retry the instruction */
1709
	beq	fast_interrupt_c_return
1710
	cmpdi	r3, -1			/* handle in kernel mode */
1711
	beq	guest_exit_cont
1712

1713
	/* Synthesize an ISI (or ISegI) for the guest */
1714
	mr	r11, r3
1715
1:	li	r0, BOOK3S_INTERRUPT_INST_STORAGE
1716
7:	mtspr	SPRN_SRR0, r10
1717
	mtspr	SPRN_SRR1, r11
1718
	mr	r10, r0
1719
	bl	kvmppc_msr_interrupt
1720
	b	fast_interrupt_c_return
1721

1722
3:	ld	r6, VCPU_KVM(r9)	/* not relocated, use VRMA */
1723
	ld	r5, KVM_VRMA_SLB_V(r6)
1724
	b	4b
1725

1726
/*
1727
 * Try to handle an hcall in real mode.
1728
 * Returns to the guest if we handle it, or continues on up to
1729
 * the kernel if we can't (i.e. if we don't have a handler for
1730
 * it, or if the handler returns H_TOO_HARD).
1731
 *
1732
 * r5 - r8 contain hcall args,
1733
 * r9 = vcpu, r10 = pc, r11 = msr, r12 = trap, r13 = paca
1734
 */
1735
hcall_try_real_mode:
1736
	ld	r3,VCPU_GPR(R3)(r9)
1737
	andi.	r0,r11,MSR_PR
1738
	/* sc 1 from userspace - reflect to guest syscall */
1739
	bne	sc_1_fast_return
1740
	clrrdi	r3,r3,2
1741
	cmpldi	r3,hcall_real_table_end - hcall_real_table
1742
	bge	guest_exit_cont
1743
	/* See if this hcall is enabled for in-kernel handling */
1744
	ld	r4, VCPU_KVM(r9)
1745
	srdi	r0, r3, 8	/* r0 = (r3 / 4) >> 6 */
1746
	sldi	r0, r0, 3	/* index into kvm->arch.enabled_hcalls[] */
1747
	add	r4, r4, r0
1748
	ld	r0, KVM_ENABLED_HCALLS(r4)
1749
	rlwinm	r4, r3, 32-2, 0x3f	/* r4 = (r3 / 4) & 0x3f */
1750
	srd	r0, r0, r4
1751
	andi.	r0, r0, 1
1752
	beq	guest_exit_cont
1753
	/* Get pointer to handler, if any, and call it */
1754
	LOAD_REG_ADDR(r4, hcall_real_table)
1755
	lwax	r3,r3,r4
1756
	cmpwi	r3,0
1757
	beq	guest_exit_cont
1758
	add	r12,r3,r4
1759
	mtctr	r12
1760
	mr	r3,r9		/* get vcpu pointer */
1761
	ld	r4,VCPU_GPR(R4)(r9)
1762
	bctrl
1763
	cmpdi	r3,H_TOO_HARD
1764
	beq	hcall_real_fallback
1765
	ld	r4,HSTATE_KVM_VCPU(r13)
1766
	std	r3,VCPU_GPR(R3)(r4)
1767
	ld	r10,VCPU_PC(r4)
1768
	ld	r11,VCPU_MSR(r4)
1769
	b	fast_guest_return
1770

1771
sc_1_fast_return:
1772
	mtspr	SPRN_SRR0,r10
1773
	mtspr	SPRN_SRR1,r11
1774
	li	r10, BOOK3S_INTERRUPT_SYSCALL
1775
	bl	kvmppc_msr_interrupt
1776
	mr	r4,r9
1777
	b	fast_guest_return
1778

1779
	/* We've attempted a real mode hcall, but it's punted it back
1780
	 * to userspace.  We need to restore some clobbered volatiles
1781
	 * before resuming the pass-it-to-qemu path */
1782
hcall_real_fallback:
1783
	li	r12,BOOK3S_INTERRUPT_SYSCALL
1784
	ld	r9, HSTATE_KVM_VCPU(r13)
1785

1786
	b	guest_exit_cont
1787

1788
	.globl	hcall_real_table
1789
hcall_real_table:
1790
	.long	0		/* 0 - unused */
1791
	.long	DOTSYM(kvmppc_h_remove) - hcall_real_table
1792
	.long	DOTSYM(kvmppc_h_enter) - hcall_real_table
1793
	.long	DOTSYM(kvmppc_h_read) - hcall_real_table
1794
	.long	DOTSYM(kvmppc_h_clear_mod) - hcall_real_table
1795
	.long	DOTSYM(kvmppc_h_clear_ref) - hcall_real_table
1796
	.long	DOTSYM(kvmppc_h_protect) - hcall_real_table
1797
	.long	0		/* 0x1c */
1798
	.long	0		/* 0x20 */
1799
	.long	0		/* 0x24 - H_SET_SPRG0 */
1800
	.long	DOTSYM(kvmppc_h_set_dabr) - hcall_real_table
1801
	.long	DOTSYM(kvmppc_rm_h_page_init) - hcall_real_table
1802
	.long	0		/* 0x30 */
1803
	.long	0		/* 0x34 */
1804
	.long	0		/* 0x38 */
1805
	.long	0		/* 0x3c */
1806
	.long	0		/* 0x40 */
1807
	.long	0		/* 0x44 */
1808
	.long	0		/* 0x48 */
1809
	.long	0		/* 0x4c */
1810
	.long	0		/* 0x50 */
1811
	.long	0		/* 0x54 */
1812
	.long	0		/* 0x58 */
1813
	.long	0		/* 0x5c */
1814
	.long	0		/* 0x60 */
1815
#ifdef CONFIG_KVM_XICS
1816
	.long	DOTSYM(xics_rm_h_eoi) - hcall_real_table
1817
	.long	DOTSYM(xics_rm_h_cppr) - hcall_real_table
1818
	.long	DOTSYM(xics_rm_h_ipi) - hcall_real_table
1819
	.long	0		/* 0x70 - H_IPOLL */
1820
	.long	DOTSYM(xics_rm_h_xirr) - hcall_real_table
1821
#else
1822
	.long	0		/* 0x64 - H_EOI */
1823
	.long	0		/* 0x68 - H_CPPR */
1824
	.long	0		/* 0x6c - H_IPI */
1825
	.long	0		/* 0x70 - H_IPOLL */
1826
	.long	0		/* 0x74 - H_XIRR */
1827
#endif
1828
	.long	0		/* 0x78 */
1829
	.long	0		/* 0x7c */
1830
	.long	0		/* 0x80 */
1831
	.long	0		/* 0x84 */
1832
	.long	0		/* 0x88 */
1833
	.long	0		/* 0x8c */
1834
	.long	0		/* 0x90 */
1835
	.long	0		/* 0x94 */
1836
	.long	0		/* 0x98 */
1837
	.long	0		/* 0x9c */
1838
	.long	0		/* 0xa0 */
1839
	.long	0		/* 0xa4 */
1840
	.long	0		/* 0xa8 */
1841
	.long	0		/* 0xac */
1842
	.long	0		/* 0xb0 */
1843
	.long	0		/* 0xb4 */
1844
	.long	0		/* 0xb8 */
1845
	.long	0		/* 0xbc */
1846
	.long	0		/* 0xc0 */
1847
	.long	0		/* 0xc4 */
1848
	.long	0		/* 0xc8 */
1849
	.long	0		/* 0xcc */
1850
	.long	0		/* 0xd0 */
1851
	.long	0		/* 0xd4 */
1852
	.long	0		/* 0xd8 */
1853
	.long	0		/* 0xdc */
1854
	.long	DOTSYM(kvmppc_h_cede) - hcall_real_table
1855
	.long	DOTSYM(kvmppc_rm_h_confer) - hcall_real_table
1856
	.long	0		/* 0xe8 */
1857
	.long	0		/* 0xec */
1858
	.long	0		/* 0xf0 */
1859
	.long	0		/* 0xf4 */
1860
	.long	0		/* 0xf8 */
1861
	.long	0		/* 0xfc */
1862
	.long	0		/* 0x100 */
1863
	.long	0		/* 0x104 */
1864
	.long	0		/* 0x108 */
1865
	.long	0		/* 0x10c */
1866
	.long	0		/* 0x110 */
1867
	.long	0		/* 0x114 */
1868
	.long	0		/* 0x118 */
1869
	.long	0		/* 0x11c */
1870
	.long	0		/* 0x120 */
1871
	.long	DOTSYM(kvmppc_h_bulk_remove) - hcall_real_table
1872
	.long	0		/* 0x128 */
1873
	.long	0		/* 0x12c */
1874
	.long	0		/* 0x130 */
1875
	.long	DOTSYM(kvmppc_h_set_xdabr) - hcall_real_table
1876
	.long	0		/* 0x138 */
1877
	.long	0		/* 0x13c */
1878
	.long	0		/* 0x140 */
1879
	.long	0		/* 0x144 */
1880
	.long	0		/* 0x148 */
1881
	.long	0		/* 0x14c */
1882
	.long	0		/* 0x150 */
1883
	.long	0		/* 0x154 */
1884
	.long	0		/* 0x158 */
1885
	.long	0		/* 0x15c */
1886
	.long	0		/* 0x160 */
1887
	.long	0		/* 0x164 */
1888
	.long	0		/* 0x168 */
1889
	.long	0		/* 0x16c */
1890
	.long	0		/* 0x170 */
1891
	.long	0		/* 0x174 */
1892
	.long	0		/* 0x178 */
1893
	.long	0		/* 0x17c */
1894
	.long	0		/* 0x180 */
1895
	.long	0		/* 0x184 */
1896
	.long	0		/* 0x188 */
1897
	.long	0		/* 0x18c */
1898
	.long	0		/* 0x190 */
1899
	.long	0		/* 0x194 */
1900
	.long	0		/* 0x198 */
1901
	.long	0		/* 0x19c */
1902
	.long	0		/* 0x1a0 */
1903
	.long	0		/* 0x1a4 */
1904
	.long	0		/* 0x1a8 */
1905
	.long	0		/* 0x1ac */
1906
	.long	0		/* 0x1b0 */
1907
	.long	0		/* 0x1b4 */
1908
	.long	0		/* 0x1b8 */
1909
	.long	0		/* 0x1bc */
1910
	.long	0		/* 0x1c0 */
1911
	.long	0		/* 0x1c4 */
1912
	.long	0		/* 0x1c8 */
1913
	.long	0		/* 0x1cc */
1914
	.long	0		/* 0x1d0 */
1915
	.long	0		/* 0x1d4 */
1916
	.long	0		/* 0x1d8 */
1917
	.long	0		/* 0x1dc */
1918
	.long	0		/* 0x1e0 */
1919
	.long	0		/* 0x1e4 */
1920
	.long	0		/* 0x1e8 */
1921
	.long	0		/* 0x1ec */
1922
	.long	0		/* 0x1f0 */
1923
	.long	0		/* 0x1f4 */
1924
	.long	0		/* 0x1f8 */
1925
	.long	0		/* 0x1fc */
1926
	.long	0		/* 0x200 */
1927
	.long	0		/* 0x204 */
1928
	.long	0		/* 0x208 */
1929
	.long	0		/* 0x20c */
1930
	.long	0		/* 0x210 */
1931
	.long	0		/* 0x214 */
1932
	.long	0		/* 0x218 */
1933
	.long	0		/* 0x21c */
1934
	.long	0		/* 0x220 */
1935
	.long	0		/* 0x224 */
1936
	.long	0		/* 0x228 */
1937
	.long	0		/* 0x22c */
1938
	.long	0		/* 0x230 */
1939
	.long	0		/* 0x234 */
1940
	.long	0		/* 0x238 */
1941
	.long	0		/* 0x23c */
1942
	.long	0		/* 0x240 */
1943
	.long	0		/* 0x244 */
1944
	.long	0		/* 0x248 */
1945
	.long	0		/* 0x24c */
1946
	.long	0		/* 0x250 */
1947
	.long	0		/* 0x254 */
1948
	.long	0		/* 0x258 */
1949
	.long	0		/* 0x25c */
1950
	.long	0		/* 0x260 */
1951
	.long	0		/* 0x264 */
1952
	.long	0		/* 0x268 */
1953
	.long	0		/* 0x26c */
1954
	.long	0		/* 0x270 */
1955
	.long	0		/* 0x274 */
1956
	.long	0		/* 0x278 */
1957
	.long	0		/* 0x27c */
1958
	.long	0		/* 0x280 */
1959
	.long	0		/* 0x284 */
1960
	.long	0		/* 0x288 */
1961
	.long	0		/* 0x28c */
1962
	.long	0		/* 0x290 */
1963
	.long	0		/* 0x294 */
1964
	.long	0		/* 0x298 */
1965
	.long	0		/* 0x29c */
1966
	.long	0		/* 0x2a0 */
1967
	.long	0		/* 0x2a4 */
1968
	.long	0		/* 0x2a8 */
1969
	.long	0		/* 0x2ac */
1970
	.long	0		/* 0x2b0 */
1971
	.long	0		/* 0x2b4 */
1972
	.long	0		/* 0x2b8 */
1973
	.long	0		/* 0x2bc */
1974
	.long	0		/* 0x2c0 */
1975
	.long	0		/* 0x2c4 */
1976
	.long	0		/* 0x2c8 */
1977
	.long	0		/* 0x2cc */
1978
	.long	0		/* 0x2d0 */
1979
	.long	0		/* 0x2d4 */
1980
	.long	0		/* 0x2d8 */
1981
	.long	0		/* 0x2dc */
1982
	.long	0		/* 0x2e0 */
1983
	.long	0		/* 0x2e4 */
1984
	.long	0		/* 0x2e8 */
1985
	.long	0		/* 0x2ec */
1986
	.long	0		/* 0x2f0 */
1987
	.long	0		/* 0x2f4 */
1988
	.long	0		/* 0x2f8 */
1989
#ifdef CONFIG_KVM_XICS
1990
	.long	DOTSYM(xics_rm_h_xirr_x) - hcall_real_table
1991
#else
1992
	.long	0		/* 0x2fc - H_XIRR_X*/
1993
#endif
1994
	.long	DOTSYM(kvmppc_rm_h_random) - hcall_real_table
1995
	.globl	hcall_real_table_end
1996
hcall_real_table_end:
1997

1998
_GLOBAL_TOC(kvmppc_h_set_xdabr)
1999
EXPORT_SYMBOL_GPL(kvmppc_h_set_xdabr)
2000
	andi.	r0, r5, DABRX_USER | DABRX_KERNEL
2001
	beq	6f
2002
	li	r0, DABRX_USER | DABRX_KERNEL | DABRX_BTI
2003
	andc.	r0, r5, r0
2004
	beq	3f
2005
6:	li	r3, H_PARAMETER
2006
	blr
2007

2008
_GLOBAL_TOC(kvmppc_h_set_dabr)
2009
EXPORT_SYMBOL_GPL(kvmppc_h_set_dabr)
2010
	li	r5, DABRX_USER | DABRX_KERNEL
2011
3:
2012
BEGIN_FTR_SECTION
2013
	b	2f
2014
END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
2015
	std	r4,VCPU_DABR(r3)
2016
	stw	r5, VCPU_DABRX(r3)
2017
	mtspr	SPRN_DABRX, r5
2018
	/* Work around P7 bug where DABR can get corrupted on mtspr */
2019
1:	mtspr	SPRN_DABR,r4
2020
	mfspr	r5, SPRN_DABR
2021
	cmpd	r4, r5
2022
	bne	1b
2023
	isync
2024
	li	r3,0
2025
	blr
2026

2027
2:
2028
	LOAD_REG_ADDR(r11, dawr_force_enable)
2029
	lbz	r11, 0(r11)
2030
	cmpdi	r11, 0
2031
	bne	3f
2032
	li	r3, H_HARDWARE
2033
	blr
2034
3:
2035
	/* Emulate H_SET_DABR/X on P8 for the sake of compat mode guests */
2036
	rlwimi	r5, r4, 5, DAWRX_DR | DAWRX_DW
2037
	rlwimi	r5, r4, 2, DAWRX_WT
2038
	clrrdi	r4, r4, 3
2039
	std	r4, VCPU_DAWR0(r3)
2040
	std	r5, VCPU_DAWRX0(r3)
2041
	/*
2042
	 * If came in through the real mode hcall handler then it is necessary
2043
	 * to write the registers since the return path won't. Otherwise it is
2044
	 * sufficient to store then in the vcpu struct as they will be loaded
2045
	 * next time the vcpu is run.
2046
	 */
2047
	mfmsr	r6
2048
	andi.	r6, r6, MSR_DR		/* in real mode? */
2049
	bne	4f
2050
	mtspr	SPRN_DAWR0, r4
2051
	mtspr	SPRN_DAWRX0, r5
2052
4:	li	r3, 0
2053
	blr
2054

2055
_GLOBAL(kvmppc_h_cede)		/* r3 = vcpu pointer, r11 = msr, r13 = paca */
2056
	ori	r11,r11,MSR_EE
2057
	std	r11,VCPU_MSR(r3)
2058
	li	r0,1
2059
	stb	r0,VCPU_CEDED(r3)
2060
	sync			/* order setting ceded vs. testing prodded */
2061
	lbz	r5,VCPU_PRODDED(r3)
2062
	cmpwi	r5,0
2063
	bne	kvm_cede_prodded
2064
	li	r12,0		/* set trap to 0 to say hcall is handled */
2065
	stw	r12,VCPU_TRAP(r3)
2066
	li	r0,H_SUCCESS
2067
	std	r0,VCPU_GPR(R3)(r3)
2068

2069
	/*
2070
	 * Set our bit in the bitmask of napping threads unless all the
2071
	 * other threads are already napping, in which case we send this
2072
	 * up to the host.
2073
	 */
2074
	ld	r5,HSTATE_KVM_VCORE(r13)
2075
	lbz	r6,HSTATE_PTID(r13)
2076
	lwz	r8,VCORE_ENTRY_EXIT(r5)
2077
	clrldi	r8,r8,56
2078
	li	r0,1
2079
	sld	r0,r0,r6
2080
	addi	r6,r5,VCORE_NAPPING_THREADS
2081
31:	lwarx	r4,0,r6
2082
	or	r4,r4,r0
2083
	cmpw	r4,r8
2084
	beq	kvm_cede_exit
2085
	stwcx.	r4,0,r6
2086
	bne	31b
2087
	/* order napping_threads update vs testing entry_exit_map */
2088
	isync
2089
	li	r0,NAPPING_CEDE
2090
	stb	r0,HSTATE_NAPPING(r13)
2091
	lwz	r7,VCORE_ENTRY_EXIT(r5)
2092
	cmpwi	r7,0x100
2093
	bge	33f		/* another thread already exiting */
2094

2095
/*
2096
 * Although not specifically required by the architecture, POWER7
2097
 * preserves the following registers in nap mode, even if an SMT mode
2098
 * switch occurs: SLB entries, PURR, SPURR, AMOR, UAMOR, AMR, SPRG0-3,
2099
 * DAR, DSISR, DABR, DABRX, DSCR, PMCx, MMCRx, SIAR, SDAR.
2100
 */
2101
	/* Save non-volatile GPRs */
2102
	std	r14, VCPU_GPR(R14)(r3)
2103
	std	r15, VCPU_GPR(R15)(r3)
2104
	std	r16, VCPU_GPR(R16)(r3)
2105
	std	r17, VCPU_GPR(R17)(r3)
2106
	std	r18, VCPU_GPR(R18)(r3)
2107
	std	r19, VCPU_GPR(R19)(r3)
2108
	std	r20, VCPU_GPR(R20)(r3)
2109
	std	r21, VCPU_GPR(R21)(r3)
2110
	std	r22, VCPU_GPR(R22)(r3)
2111
	std	r23, VCPU_GPR(R23)(r3)
2112
	std	r24, VCPU_GPR(R24)(r3)
2113
	std	r25, VCPU_GPR(R25)(r3)
2114
	std	r26, VCPU_GPR(R26)(r3)
2115
	std	r27, VCPU_GPR(R27)(r3)
2116
	std	r28, VCPU_GPR(R28)(r3)
2117
	std	r29, VCPU_GPR(R29)(r3)
2118
	std	r30, VCPU_GPR(R30)(r3)
2119
	std	r31, VCPU_GPR(R31)(r3)
2120

2121
	/* save FP state */
2122
	bl	kvmppc_save_fp
2123

2124
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
2125
BEGIN_FTR_SECTION
2126
	b	91f
2127
END_FTR_SECTION_IFCLR(CPU_FTR_TM)
2128
	/*
2129
	 * NOTE THAT THIS TRASHES ALL NON-VOLATILE REGISTERS (but not CR)
2130
	 */
2131
	ld	r3, HSTATE_KVM_VCPU(r13)
2132
	ld      r4, VCPU_MSR(r3)
2133
	li	r5, 0			/* don't preserve non-vol regs */
2134
	bl	kvmppc_save_tm_hv
2135
	nop
2136
91:
2137
#endif
2138

2139
	/*
2140
	 * Set DEC to the smaller of DEC and HDEC, so that we wake
2141
	 * no later than the end of our timeslice (HDEC interrupts
2142
	 * don't wake us from nap).
2143
	 */
2144
	mfspr	r3, SPRN_DEC
2145
	mfspr	r4, SPRN_HDEC
2146
	mftb	r5
2147
	extsw	r3, r3
2148
	extsw	r4, r4
2149
	cmpd	r3, r4
2150
	ble	67f
2151
	mtspr	SPRN_DEC, r4
2152
67:
2153
	/* save expiry time of guest decrementer */
2154
	add	r3, r3, r5
2155
	ld	r4, HSTATE_KVM_VCPU(r13)
2156
	std	r3, VCPU_DEC_EXPIRES(r4)
2157

2158
#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
2159
	ld	r4, HSTATE_KVM_VCPU(r13)
2160
	addi	r3, r4, VCPU_TB_CEDE
2161
	bl	kvmhv_accumulate_time
2162
#endif
2163

2164
	lis	r3, LPCR_PECEDP@h	/* Do wake on privileged doorbell */
2165

2166
	/* Go back to host stack */
2167
	ld	r1, HSTATE_HOST_R1(r13)
2168

2169
	/*
2170
	 * Take a nap until a decrementer or external or doobell interrupt
2171
	 * occurs, with PECE1 and PECE0 set in LPCR.
2172
	 * On POWER8, set PECEDH, and if we are ceding, also set PECEDP.
2173
	 * Also clear the runlatch bit before napping.
2174
	 */
2175
kvm_do_nap:
2176
	li	r0,0
2177
	mtspr	SPRN_CTRLT, r0
2178

2179
	li	r0,1
2180
	stb	r0,HSTATE_HWTHREAD_REQ(r13)
2181
	mfspr	r5,SPRN_LPCR
2182
	ori	r5,r5,LPCR_PECE0 | LPCR_PECE1
2183
BEGIN_FTR_SECTION
2184
	ori	r5, r5, LPCR_PECEDH
2185
	rlwimi	r5, r3, 0, LPCR_PECEDP
2186
END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
2187

2188
kvm_nap_sequence:		/* desired LPCR value in r5 */
2189
	li	r3, PNV_THREAD_NAP
2190
	mtspr	SPRN_LPCR,r5
2191
	isync
2192

2193
	bl	isa206_idle_insn_mayloss
2194

2195
	li	r0,1
2196
	mtspr	SPRN_CTRLT, r0
2197

2198
	mtspr	SPRN_SRR1, r3
2199

2200
	li	r0, 0
2201
	stb	r0, PACA_FTRACE_ENABLED(r13)
2202

2203
	li	r0, KVM_HWTHREAD_IN_KVM
2204
	stb	r0, HSTATE_HWTHREAD_STATE(r13)
2205

2206
	lbz	r0, HSTATE_NAPPING(r13)
2207
	cmpwi	r0, NAPPING_CEDE
2208
	beq	kvm_end_cede
2209
	cmpwi	r0, NAPPING_NOVCPU
2210
	beq	kvm_novcpu_wakeup
2211
	cmpwi	r0, NAPPING_UNSPLIT
2212
	beq	kvm_unsplit_wakeup
2213
	twi	31,0,0 /* Nap state must not be zero */
2214

2215
33:	mr	r4, r3
2216
	li	r3, 0
2217
	li	r12, 0
2218
	b	34f
2219

2220
kvm_end_cede:
2221
	/* Woken by external or decrementer interrupt */
2222

2223
	/* get vcpu pointer */
2224
	ld	r4, HSTATE_KVM_VCPU(r13)
2225

2226
#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
2227
	addi	r3, r4, VCPU_TB_RMINTR
2228
	bl	kvmhv_accumulate_time
2229
#endif
2230

2231
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
2232
BEGIN_FTR_SECTION
2233
	b	91f
2234
END_FTR_SECTION_IFCLR(CPU_FTR_TM)
2235
	/*
2236
	 * NOTE THAT THIS TRASHES ALL NON-VOLATILE REGISTERS (but not CR)
2237
	 */
2238
	mr      r3, r4
2239
	ld      r4, VCPU_MSR(r3)
2240
	li	r5, 0			/* don't preserve non-vol regs */
2241
	bl	kvmppc_restore_tm_hv
2242
	nop
2243
	ld	r4, HSTATE_KVM_VCPU(r13)
2244
91:
2245
#endif
2246

2247
	/* load up FP state */
2248
	bl	kvmppc_load_fp
2249

2250
	/* Restore guest decrementer */
2251
	ld	r3, VCPU_DEC_EXPIRES(r4)
2252
	mftb	r7
2253
	subf	r3, r7, r3
2254
	mtspr	SPRN_DEC, r3
2255

2256
	/* Load NV GPRS */
2257
	ld	r14, VCPU_GPR(R14)(r4)
2258
	ld	r15, VCPU_GPR(R15)(r4)
2259
	ld	r16, VCPU_GPR(R16)(r4)
2260
	ld	r17, VCPU_GPR(R17)(r4)
2261
	ld	r18, VCPU_GPR(R18)(r4)
2262
	ld	r19, VCPU_GPR(R19)(r4)
2263
	ld	r20, VCPU_GPR(R20)(r4)
2264
	ld	r21, VCPU_GPR(R21)(r4)
2265
	ld	r22, VCPU_GPR(R22)(r4)
2266
	ld	r23, VCPU_GPR(R23)(r4)
2267
	ld	r24, VCPU_GPR(R24)(r4)
2268
	ld	r25, VCPU_GPR(R25)(r4)
2269
	ld	r26, VCPU_GPR(R26)(r4)
2270
	ld	r27, VCPU_GPR(R27)(r4)
2271
	ld	r28, VCPU_GPR(R28)(r4)
2272
	ld	r29, VCPU_GPR(R29)(r4)
2273
	ld	r30, VCPU_GPR(R30)(r4)
2274
	ld	r31, VCPU_GPR(R31)(r4)
2275

2276
	/* Check the wake reason in SRR1 to see why we got here */
2277
	bl	kvmppc_check_wake_reason
2278

2279
	/*
2280
	 * Restore volatile registers since we could have called a
2281
	 * C routine in kvmppc_check_wake_reason
2282
	 *	r4 = VCPU
2283
	 * r3 tells us whether we need to return to host or not
2284
	 * WARNING: it gets checked further down:
2285
	 * should not modify r3 until this check is done.
2286
	 */
2287
	ld	r4, HSTATE_KVM_VCPU(r13)
2288

2289
	/* clear our bit in vcore->napping_threads */
2290
34:	ld	r5,HSTATE_KVM_VCORE(r13)
2291
	lbz	r7,HSTATE_PTID(r13)
2292
	li	r0,1
2293
	sld	r0,r0,r7
2294
	addi	r6,r5,VCORE_NAPPING_THREADS
2295
32:	lwarx	r7,0,r6
2296
	andc	r7,r7,r0
2297
	stwcx.	r7,0,r6
2298
	bne	32b
2299
	li	r0,0
2300
	stb	r0,HSTATE_NAPPING(r13)
2301

2302
	/* See if the wake reason saved in r3 means we need to exit */
2303
	stw	r12, VCPU_TRAP(r4)
2304
	mr	r9, r4
2305
	cmpdi	r3, 0
2306
	bgt	guest_exit_cont
2307
	b	maybe_reenter_guest
2308

2309
	/* cede when already previously prodded case */
2310
kvm_cede_prodded:
2311
	li	r0,0
2312
	stb	r0,VCPU_PRODDED(r3)
2313
	sync			/* order testing prodded vs. clearing ceded */
2314
	stb	r0,VCPU_CEDED(r3)
2315
	li	r3,H_SUCCESS
2316
	blr
2317

2318
	/* we've ceded but we want to give control to the host */
2319
kvm_cede_exit:
2320
	ld	r9, HSTATE_KVM_VCPU(r13)
2321
	b	guest_exit_cont
2322

2323
	/* Try to do machine check recovery in real mode */
2324
machine_check_realmode:
2325
	mr	r3, r9		/* get vcpu pointer */
2326
	bl	kvmppc_realmode_machine_check
2327
	nop
2328
	/* all machine checks go to virtual mode for further handling */
2329
	ld	r9, HSTATE_KVM_VCPU(r13)
2330
	li	r12, BOOK3S_INTERRUPT_MACHINE_CHECK
2331
	b	guest_exit_cont
2332

2333
/*
2334
 * Call C code to handle a HMI in real mode.
2335
 * Only the primary thread does the call, secondary threads are handled
2336
 * by calling hmi_exception_realmode() after kvmppc_hv_entry returns.
2337
 * r9 points to the vcpu on entry
2338
 */
2339
hmi_realmode:
2340
	lbz	r0, HSTATE_PTID(r13)
2341
	cmpwi	r0, 0
2342
	bne	guest_exit_cont
2343
	bl	CFUNC(kvmppc_realmode_hmi_handler)
2344
	ld	r9, HSTATE_KVM_VCPU(r13)
2345
	li	r12, BOOK3S_INTERRUPT_HMI
2346
	b	guest_exit_cont
2347

2348
/*
2349
 * Check the reason we woke from nap, and take appropriate action.
2350
 * Returns (in r3):
2351
 *	0 if nothing needs to be done
2352
 *	1 if something happened that needs to be handled by the host
2353
 *	-1 if there was a guest wakeup (IPI or msgsnd)
2354
 *	-2 if we handled a PCI passthrough interrupt (returned by
2355
 *		kvmppc_read_intr only)
2356
 *
2357
 * Also sets r12 to the interrupt vector for any interrupt that needs
2358
 * to be handled now by the host (0x500 for external interrupt), or zero.
2359
 * Modifies all volatile registers (since it may call a C function).
2360
 * This routine calls kvmppc_read_intr, a C function, if an external
2361
 * interrupt is pending.
2362
 */
2363
SYM_FUNC_START_LOCAL(kvmppc_check_wake_reason)
2364
	mfspr	r6, SPRN_SRR1
2365
BEGIN_FTR_SECTION
2366
	rlwinm	r6, r6, 45-31, 0xf	/* extract wake reason field (P8) */
2367
FTR_SECTION_ELSE
2368
	rlwinm	r6, r6, 45-31, 0xe	/* P7 wake reason field is 3 bits */
2369
ALT_FTR_SECTION_END_IFSET(CPU_FTR_ARCH_207S)
2370
	cmpwi	r6, 8			/* was it an external interrupt? */
2371
	beq	7f			/* if so, see what it was */
2372
	li	r3, 0
2373
	li	r12, 0
2374
	cmpwi	r6, 6			/* was it the decrementer? */
2375
	beq	0f
2376
BEGIN_FTR_SECTION
2377
	cmpwi	r6, 5			/* privileged doorbell? */
2378
	beq	0f
2379
	cmpwi	r6, 3			/* hypervisor doorbell? */
2380
	beq	3f
2381
END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
2382
	cmpwi	r6, 0xa			/* Hypervisor maintenance ? */
2383
	beq	4f
2384
	li	r3, 1			/* anything else, return 1 */
2385
0:	blr
2386

2387
	/* hypervisor doorbell */
2388
3:	li	r12, BOOK3S_INTERRUPT_H_DOORBELL
2389

2390
	/*
2391
	 * Clear the doorbell as we will invoke the handler
2392
	 * explicitly in the guest exit path.
2393
	 */
2394
	lis	r6, (PPC_DBELL_SERVER << (63-36))@h
2395
	PPC_MSGCLR(6)
2396
	/* see if it's a host IPI */
2397
	li	r3, 1
2398
	lbz	r0, HSTATE_HOST_IPI(r13)
2399
	cmpwi	r0, 0
2400
	bnelr
2401
	/* if not, return -1 */
2402
	li	r3, -1
2403
	blr
2404

2405
	/* Woken up due to Hypervisor maintenance interrupt */
2406
4:	li	r12, BOOK3S_INTERRUPT_HMI
2407
	li	r3, 1
2408
	blr
2409

2410
	/* external interrupt - create a stack frame so we can call C */
2411
7:	mflr	r0
2412
	std	r0, PPC_LR_STKOFF(r1)
2413
	stdu	r1, -PPC_MIN_STKFRM(r1)
2414
	bl	CFUNC(kvmppc_read_intr)
2415
	nop
2416
	li	r12, BOOK3S_INTERRUPT_EXTERNAL
2417
	cmpdi	r3, 1
2418
	ble	1f
2419

2420
	/*
2421
	 * Return code of 2 means PCI passthrough interrupt, but
2422
	 * we need to return back to host to complete handling the
2423
	 * interrupt. Trap reason is expected in r12 by guest
2424
	 * exit code.
2425
	 */
2426
	li	r12, BOOK3S_INTERRUPT_HV_RM_HARD
2427
1:
2428
	ld	r0, PPC_MIN_STKFRM+PPC_LR_STKOFF(r1)
2429
	addi	r1, r1, PPC_MIN_STKFRM
2430
	mtlr	r0
2431
	blr
2432
SYM_FUNC_END(kvmppc_check_wake_reason)
2433

2434
/*
2435
 * Save away FP, VMX and VSX registers.
2436
 * r3 = vcpu pointer
2437
 * N.B. r30 and r31 are volatile across this function,
2438
 * thus it is not callable from C.
2439
 */
2440
SYM_FUNC_START_LOCAL(kvmppc_save_fp)
2441
	mflr	r30
2442
	mr	r31,r3
2443
	mfmsr	r5
2444
	ori	r8,r5,MSR_FP
2445
#ifdef CONFIG_ALTIVEC
2446
BEGIN_FTR_SECTION
2447
	oris	r8,r8,MSR_VEC@h
2448
END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
2449
#endif
2450
#ifdef CONFIG_VSX
2451
BEGIN_FTR_SECTION
2452
	oris	r8,r8,MSR_VSX@h
2453
END_FTR_SECTION_IFSET(CPU_FTR_VSX)
2454
#endif
2455
	mtmsrd	r8
2456
	addi	r3,r3,VCPU_FPRS
2457
	bl	store_fp_state
2458
#ifdef CONFIG_ALTIVEC
2459
BEGIN_FTR_SECTION
2460
	addi	r3,r31,VCPU_VRS
2461
	bl	store_vr_state
2462
END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
2463
#endif
2464
	mfspr	r6,SPRN_VRSAVE
2465
	stw	r6,VCPU_VRSAVE(r31)
2466
	mtlr	r30
2467
	blr
2468
SYM_FUNC_END(kvmppc_save_fp)
2469

2470
/*
2471
 * Load up FP, VMX and VSX registers
2472
 * r4 = vcpu pointer
2473
 * N.B. r30 and r31 are volatile across this function,
2474
 * thus it is not callable from C.
2475
 */
2476
SYM_FUNC_START_LOCAL(kvmppc_load_fp)
2477
	mflr	r30
2478
	mr	r31,r4
2479
	mfmsr	r9
2480
	ori	r8,r9,MSR_FP
2481
#ifdef CONFIG_ALTIVEC
2482
BEGIN_FTR_SECTION
2483
	oris	r8,r8,MSR_VEC@h
2484
END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
2485
#endif
2486
#ifdef CONFIG_VSX
2487
BEGIN_FTR_SECTION
2488
	oris	r8,r8,MSR_VSX@h
2489
END_FTR_SECTION_IFSET(CPU_FTR_VSX)
2490
#endif
2491
	mtmsrd	r8
2492
	addi	r3,r4,VCPU_FPRS
2493
	bl	load_fp_state
2494
#ifdef CONFIG_ALTIVEC
2495
BEGIN_FTR_SECTION
2496
	addi	r3,r31,VCPU_VRS
2497
	bl	load_vr_state
2498
END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
2499
#endif
2500
	lwz	r7,VCPU_VRSAVE(r31)
2501
	mtspr	SPRN_VRSAVE,r7
2502
	mtlr	r30
2503
	mr	r4,r31
2504
	blr
2505
SYM_FUNC_END(kvmppc_load_fp)
2506

2507
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
2508
/*
2509
 * Save transactional state and TM-related registers.
2510
 * Called with r3 pointing to the vcpu struct and r4 containing
2511
 * the guest MSR value.
2512
 * r5 is non-zero iff non-volatile register state needs to be maintained.
2513
 * If r5 == 0, this can modify all checkpointed registers, but
2514
 * restores r1 and r2 before exit.
2515
 */
2516
_GLOBAL_TOC(kvmppc_save_tm_hv)
2517
EXPORT_SYMBOL_GPL(kvmppc_save_tm_hv)
2518
	/* See if we need to handle fake suspend mode */
2519
BEGIN_FTR_SECTION
2520
	b	__kvmppc_save_tm
2521
END_FTR_SECTION_IFCLR(CPU_FTR_P9_TM_HV_ASSIST)
2522

2523
	lbz	r0, HSTATE_FAKE_SUSPEND(r13) /* Were we fake suspended? */
2524
	cmpwi	r0, 0
2525
	beq	__kvmppc_save_tm
2526

2527
	/* The following code handles the fake_suspend = 1 case */
2528
	mflr	r0
2529
	std	r0, PPC_LR_STKOFF(r1)
2530
	stdu	r1, -TM_FRAME_SIZE(r1)
2531

2532
	/* Turn on TM. */
2533
	mfmsr	r8
2534
	li	r0, 1
2535
	rldimi	r8, r0, MSR_TM_LG, 63-MSR_TM_LG
2536
	mtmsrd	r8
2537

2538
	rldicl. r8, r8, 64 - MSR_TS_S_LG, 62 /* Did we actually hrfid? */
2539
	beq	4f
2540
BEGIN_FTR_SECTION
2541
	bl	pnv_power9_force_smt4_catch
2542
END_FTR_SECTION_IFSET(CPU_FTR_P9_TM_XER_SO_BUG)
2543
	nop
2544

2545
	/*
2546
	 * It's possible that treclaim. may modify registers, if we have lost
2547
	 * track of fake-suspend state in the guest due to it using rfscv.
2548
	 * Save and restore registers in case this occurs.
2549
	 */
2550
	mfspr	r3, SPRN_DSCR
2551
	mfspr	r4, SPRN_XER
2552
	mfspr	r5, SPRN_AMR
2553
	/* SPRN_TAR would need to be saved here if the kernel ever used it */
2554
	mfcr	r12
2555
	SAVE_NVGPRS(r1)
2556
	SAVE_GPR(2, r1)
2557
	SAVE_GPR(3, r1)
2558
	SAVE_GPR(4, r1)
2559
	SAVE_GPR(5, r1)
2560
	stw	r12, 8(r1)
2561
	std	r1, HSTATE_HOST_R1(r13)
2562

2563
	/* We have to treclaim here because that's the only way to do S->N */
2564
	li	r3, TM_CAUSE_KVM_RESCHED
2565
	TRECLAIM(R3)
2566

2567
	GET_PACA(r13)
2568
	ld	r1, HSTATE_HOST_R1(r13)
2569
	REST_GPR(2, r1)
2570
	REST_GPR(3, r1)
2571
	REST_GPR(4, r1)
2572
	REST_GPR(5, r1)
2573
	lwz	r12, 8(r1)
2574
	REST_NVGPRS(r1)
2575
	mtspr	SPRN_DSCR, r3
2576
	mtspr	SPRN_XER, r4
2577
	mtspr	SPRN_AMR, r5
2578
	mtcr	r12
2579
	HMT_MEDIUM
2580

2581
	/*
2582
	 * We were in fake suspend, so we are not going to save the
2583
	 * register state as the guest checkpointed state (since
2584
	 * we already have it), therefore we can now use any volatile GPR.
2585
	 * In fact treclaim in fake suspend state doesn't modify
2586
	 * any registers.
2587
	 */
2588

2589
BEGIN_FTR_SECTION
2590
	bl	pnv_power9_force_smt4_release
2591
END_FTR_SECTION_IFSET(CPU_FTR_P9_TM_XER_SO_BUG)
2592
	nop
2593

2594
4:
2595
	mfspr	r3, SPRN_PSSCR
2596
	/* PSSCR_FAKE_SUSPEND is a write-only bit, but clear it anyway */
2597
	li	r0, PSSCR_FAKE_SUSPEND
2598
	andc	r3, r3, r0
2599
	mtspr	SPRN_PSSCR, r3
2600

2601
	/* Don't save TEXASR, use value from last exit in real suspend state */
2602
	ld	r9, HSTATE_KVM_VCPU(r13)
2603
	mfspr	r5, SPRN_TFHAR
2604
	mfspr	r6, SPRN_TFIAR
2605
	std	r5, VCPU_TFHAR(r9)
2606
	std	r6, VCPU_TFIAR(r9)
2607

2608
	addi	r1, r1, TM_FRAME_SIZE
2609
	ld	r0, PPC_LR_STKOFF(r1)
2610
	mtlr	r0
2611
	blr
2612

2613
/*
2614
 * Restore transactional state and TM-related registers.
2615
 * Called with r3 pointing to the vcpu struct
2616
 * and r4 containing the guest MSR value.
2617
 * r5 is non-zero iff non-volatile register state needs to be maintained.
2618
 * This potentially modifies all checkpointed registers.
2619
 * It restores r1 and r2 from the PACA.
2620
 */
2621
_GLOBAL_TOC(kvmppc_restore_tm_hv)
2622
EXPORT_SYMBOL_GPL(kvmppc_restore_tm_hv)
2623
	/*
2624
	 * If we are doing TM emulation for the guest on a POWER9 DD2,
2625
	 * then we don't actually do a trechkpt -- we either set up
2626
	 * fake-suspend mode, or emulate a TM rollback.
2627
	 */
2628
BEGIN_FTR_SECTION
2629
	b	__kvmppc_restore_tm
2630
END_FTR_SECTION_IFCLR(CPU_FTR_P9_TM_HV_ASSIST)
2631
	mflr	r0
2632
	std	r0, PPC_LR_STKOFF(r1)
2633

2634
	li	r0, 0
2635
	stb	r0, HSTATE_FAKE_SUSPEND(r13)
2636

2637
	/* Turn on TM so we can restore TM SPRs */
2638
	mfmsr	r5
2639
	li	r0, 1
2640
	rldimi	r5, r0, MSR_TM_LG, 63-MSR_TM_LG
2641
	mtmsrd	r5
2642

2643
	/*
2644
	 * The user may change these outside of a transaction, so they must
2645
	 * always be context switched.
2646
	 */
2647
	ld	r5, VCPU_TFHAR(r3)
2648
	ld	r6, VCPU_TFIAR(r3)
2649
	ld	r7, VCPU_TEXASR(r3)
2650
	mtspr	SPRN_TFHAR, r5
2651
	mtspr	SPRN_TFIAR, r6
2652
	mtspr	SPRN_TEXASR, r7
2653

2654
	rldicl. r5, r4, 64 - MSR_TS_S_LG, 62
2655
	beqlr		/* TM not active in guest */
2656

2657
	/* Make sure the failure summary is set */
2658
	oris	r7, r7, (TEXASR_FS)@h
2659
	mtspr	SPRN_TEXASR, r7
2660

2661
	cmpwi	r5, 1		/* check for suspended state */
2662
	bgt	10f
2663
	stb	r5, HSTATE_FAKE_SUSPEND(r13)
2664
	b	9f		/* and return */
2665
10:	stdu	r1, -PPC_MIN_STKFRM(r1)
2666
	/* guest is in transactional state, so simulate rollback */
2667
	bl	kvmhv_emulate_tm_rollback
2668
	nop
2669
	addi	r1, r1, PPC_MIN_STKFRM
2670
9:	ld	r0, PPC_LR_STKOFF(r1)
2671
	mtlr	r0
2672
	blr
2673
#endif /* CONFIG_PPC_TRANSACTIONAL_MEM */
2674

2675
/*
2676
 * We come here if we get any exception or interrupt while we are
2677
 * executing host real mode code while in guest MMU context.
2678
 * r12 is (CR << 32) | vector
2679
 * r13 points to our PACA
2680
 * r12 is saved in HSTATE_SCRATCH0(r13)
2681
 * r9 is saved in HSTATE_SCRATCH2(r13)
2682
 * r13 is saved in HSPRG1
2683
 * cfar is saved in HSTATE_CFAR(r13)
2684
 * ppr is saved in HSTATE_PPR(r13)
2685
 */
2686
kvmppc_bad_host_intr:
2687
	/*
2688
	 * Switch to the emergency stack, but start half-way down in
2689
	 * case we were already on it.
2690
	 */
2691
	mr	r9, r1
2692
	std	r1, PACAR1(r13)
2693
	ld	r1, PACAEMERGSP(r13)
2694
	subi	r1, r1, THREAD_SIZE/2 + INT_FRAME_SIZE
2695
	std	r9, 0(r1)
2696
	std	r0, GPR0(r1)
2697
	std	r9, GPR1(r1)
2698
	std	r2, GPR2(r1)
2699
	SAVE_GPRS(3, 8, r1)
2700
	srdi	r0, r12, 32
2701
	clrldi	r12, r12, 32
2702
	std	r0, _CCR(r1)
2703
	std	r12, _TRAP(r1)
2704
	andi.	r0, r12, 2
2705
	beq	1f
2706
	mfspr	r3, SPRN_HSRR0
2707
	mfspr	r4, SPRN_HSRR1
2708
	mfspr	r5, SPRN_HDAR
2709
	mfspr	r6, SPRN_HDSISR
2710
	b	2f
2711
1:	mfspr	r3, SPRN_SRR0
2712
	mfspr	r4, SPRN_SRR1
2713
	mfspr	r5, SPRN_DAR
2714
	mfspr	r6, SPRN_DSISR
2715
2:	std	r3, _NIP(r1)
2716
	std	r4, _MSR(r1)
2717
	std	r5, _DAR(r1)
2718
	std	r6, _DSISR(r1)
2719
	ld	r9, HSTATE_SCRATCH2(r13)
2720
	ld	r12, HSTATE_SCRATCH0(r13)
2721
	GET_SCRATCH0(r0)
2722
	SAVE_GPRS(9, 12, r1)
2723
	std	r0, GPR13(r1)
2724
	SAVE_NVGPRS(r1)
2725
	ld	r5, HSTATE_CFAR(r13)
2726
	std	r5, ORIG_GPR3(r1)
2727
	mflr	r3
2728
	mfctr	r4
2729
	mfxer	r5
2730
	lbz	r6, PACAIRQSOFTMASK(r13)
2731
	std	r3, _LINK(r1)
2732
	std	r4, _CTR(r1)
2733
	std	r5, _XER(r1)
2734
	std	r6, SOFTE(r1)
2735
	LOAD_PACA_TOC()
2736
	LOAD_REG_IMMEDIATE(3, STACK_FRAME_REGS_MARKER)
2737
	std	r3, STACK_INT_FRAME_MARKER(r1)
2738

2739
	/*
2740
	 * XXX On POWER7 and POWER8, we just spin here since we don't
2741
	 * know what the other threads are doing (and we don't want to
2742
	 * coordinate with them) - but at least we now have register state
2743
	 * in memory that we might be able to look at from another CPU.
2744
	 */
2745
	b	.
2746

2747
/*
2748
 * This mimics the MSR transition on IRQ delivery.  The new guest MSR is taken
2749
 * from VCPU_INTR_MSR and is modified based on the required TM state changes.
2750
 *   r11 has the guest MSR value (in/out)
2751
 *   r9 has a vcpu pointer (in)
2752
 *   r0 is used as a scratch register
2753
 */
2754
SYM_FUNC_START_LOCAL(kvmppc_msr_interrupt)
2755
	rldicl	r0, r11, 64 - MSR_TS_S_LG, 62
2756
	cmpwi	r0, 2 /* Check if we are in transactional state..  */
2757
	ld	r11, VCPU_INTR_MSR(r9)
2758
	bne	1f
2759
	/* ... if transactional, change to suspended */
2760
	li	r0, 1
2761
1:	rldimi	r11, r0, MSR_TS_S_LG, 63 - MSR_TS_T_LG
2762
	blr
2763
SYM_FUNC_END(kvmppc_msr_interrupt)
2764

2765
/*
2766
 * void kvmhv_load_guest_pmu(struct kvm_vcpu *vcpu)
2767
 *
2768
 * Load up guest PMU state.  R3 points to the vcpu struct.
2769
 */
2770
SYM_FUNC_START_LOCAL(kvmhv_load_guest_pmu)
2771
	mr	r4, r3
2772
	mflr	r0
2773
	li	r3, 1
2774
	sldi	r3, r3, 31		/* MMCR0_FC (freeze counters) bit */
2775
	mtspr	SPRN_MMCR0, r3		/* freeze all counters, disable ints */
2776
	isync
2777
BEGIN_FTR_SECTION
2778
	ld	r3, VCPU_MMCR(r4)
2779
	andi.	r5, r3, MMCR0_PMAO_SYNC | MMCR0_PMAO
2780
	cmpwi	r5, MMCR0_PMAO
2781
	beql	kvmppc_fix_pmao
2782
END_FTR_SECTION_IFSET(CPU_FTR_PMAO_BUG)
2783
	lwz	r3, VCPU_PMC(r4)	/* always load up guest PMU registers */
2784
	lwz	r5, VCPU_PMC + 4(r4)	/* to prevent information leak */
2785
	lwz	r6, VCPU_PMC + 8(r4)
2786
	lwz	r7, VCPU_PMC + 12(r4)
2787
	lwz	r8, VCPU_PMC + 16(r4)
2788
	lwz	r9, VCPU_PMC + 20(r4)
2789
	mtspr	SPRN_PMC1, r3
2790
	mtspr	SPRN_PMC2, r5
2791
	mtspr	SPRN_PMC3, r6
2792
	mtspr	SPRN_PMC4, r7
2793
	mtspr	SPRN_PMC5, r8
2794
	mtspr	SPRN_PMC6, r9
2795
	ld	r3, VCPU_MMCR(r4)
2796
	ld	r5, VCPU_MMCR + 8(r4)
2797
	ld	r6, VCPU_MMCRA(r4)
2798
	ld	r7, VCPU_SIAR(r4)
2799
	ld	r8, VCPU_SDAR(r4)
2800
	mtspr	SPRN_MMCR1, r5
2801
	mtspr	SPRN_MMCRA, r6
2802
	mtspr	SPRN_SIAR, r7
2803
	mtspr	SPRN_SDAR, r8
2804
BEGIN_FTR_SECTION
2805
	ld	r5, VCPU_MMCR + 16(r4)
2806
	ld	r6, VCPU_SIER(r4)
2807
	mtspr	SPRN_MMCR2, r5
2808
	mtspr	SPRN_SIER, r6
2809
	lwz	r7, VCPU_PMC + 24(r4)
2810
	lwz	r8, VCPU_PMC + 28(r4)
2811
	ld	r9, VCPU_MMCRS(r4)
2812
	mtspr	SPRN_SPMC1, r7
2813
	mtspr	SPRN_SPMC2, r8
2814
	mtspr	SPRN_MMCRS, r9
2815
END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
2816
	mtspr	SPRN_MMCR0, r3
2817
	isync
2818
	mtlr	r0
2819
	blr
2820
SYM_FUNC_END(kvmhv_load_guest_pmu)
2821

2822
/*
2823
 * void kvmhv_load_host_pmu(void)
2824
 *
2825
 * Reload host PMU state saved in the PACA by kvmhv_save_host_pmu.
2826
 */
2827
SYM_FUNC_START_LOCAL(kvmhv_load_host_pmu)
2828
	mflr	r0
2829
	lbz	r4, PACA_PMCINUSE(r13) /* is the host using the PMU? */
2830
	cmpwi	r4, 0
2831
	beq	23f			/* skip if not */
2832
BEGIN_FTR_SECTION
2833
	ld	r3, HSTATE_MMCR0(r13)
2834
	andi.	r4, r3, MMCR0_PMAO_SYNC | MMCR0_PMAO
2835
	cmpwi	r4, MMCR0_PMAO
2836
	beql	kvmppc_fix_pmao
2837
END_FTR_SECTION_IFSET(CPU_FTR_PMAO_BUG)
2838
	lwz	r3, HSTATE_PMC1(r13)
2839
	lwz	r4, HSTATE_PMC2(r13)
2840
	lwz	r5, HSTATE_PMC3(r13)
2841
	lwz	r6, HSTATE_PMC4(r13)
2842
	lwz	r8, HSTATE_PMC5(r13)
2843
	lwz	r9, HSTATE_PMC6(r13)
2844
	mtspr	SPRN_PMC1, r3
2845
	mtspr	SPRN_PMC2, r4
2846
	mtspr	SPRN_PMC3, r5
2847
	mtspr	SPRN_PMC4, r6
2848
	mtspr	SPRN_PMC5, r8
2849
	mtspr	SPRN_PMC6, r9
2850
	ld	r3, HSTATE_MMCR0(r13)
2851
	ld	r4, HSTATE_MMCR1(r13)
2852
	ld	r5, HSTATE_MMCRA(r13)
2853
	ld	r6, HSTATE_SIAR(r13)
2854
	ld	r7, HSTATE_SDAR(r13)
2855
	mtspr	SPRN_MMCR1, r4
2856
	mtspr	SPRN_MMCRA, r5
2857
	mtspr	SPRN_SIAR, r6
2858
	mtspr	SPRN_SDAR, r7
2859
BEGIN_FTR_SECTION
2860
	ld	r8, HSTATE_MMCR2(r13)
2861
	ld	r9, HSTATE_SIER(r13)
2862
	mtspr	SPRN_MMCR2, r8
2863
	mtspr	SPRN_SIER, r9
2864
END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
2865
	mtspr	SPRN_MMCR0, r3
2866
	isync
2867
	mtlr	r0
2868
23:	blr
2869
SYM_FUNC_END(kvmhv_load_host_pmu)
2870

2871
/*
2872
 * void kvmhv_save_guest_pmu(struct kvm_vcpu *vcpu, bool pmu_in_use)
2873
 *
2874
 * Save guest PMU state into the vcpu struct.
2875
 * r3 = vcpu, r4 = full save flag (PMU in use flag set in VPA)
2876
 */
2877
SYM_FUNC_START_LOCAL(kvmhv_save_guest_pmu)
2878
	mr	r9, r3
2879
	mr	r8, r4
2880
BEGIN_FTR_SECTION
2881
	/*
2882
	 * POWER8 seems to have a hardware bug where setting
2883
	 * MMCR0[PMAE] along with MMCR0[PMC1CE] and/or MMCR0[PMCjCE]
2884
	 * when some counters are already negative doesn't seem
2885
	 * to cause a performance monitor alert (and hence interrupt).
2886
	 * The effect of this is that when saving the PMU state,
2887
	 * if there is no PMU alert pending when we read MMCR0
2888
	 * before freezing the counters, but one becomes pending
2889
	 * before we read the counters, we lose it.
2890
	 * To work around this, we need a way to freeze the counters
2891
	 * before reading MMCR0.  Normally, freezing the counters
2892
	 * is done by writing MMCR0 (to set MMCR0[FC]) which
2893
	 * unavoidably writes MMCR0[PMA0] as well.  On POWER8,
2894
	 * we can also freeze the counters using MMCR2, by writing
2895
	 * 1s to all the counter freeze condition bits (there are
2896
	 * 9 bits each for 6 counters).
2897
	 */
2898
	li	r3, -1			/* set all freeze bits */
2899
	clrrdi	r3, r3, 10
2900
	mfspr	r10, SPRN_MMCR2
2901
	mtspr	SPRN_MMCR2, r3
2902
	isync
2903
END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
2904
	li	r3, 1
2905
	sldi	r3, r3, 31		/* MMCR0_FC (freeze counters) bit */
2906
	mfspr	r4, SPRN_MMCR0		/* save MMCR0 */
2907
	mtspr	SPRN_MMCR0, r3		/* freeze all counters, disable ints */
2908
	mfspr	r6, SPRN_MMCRA
2909
	/* Clear MMCRA in order to disable SDAR updates */
2910
	li	r7, 0
2911
	mtspr	SPRN_MMCRA, r7
2912
	isync
2913
	cmpwi	r8, 0			/* did they ask for PMU stuff to be saved? */
2914
	bne	21f
2915
	std	r3, VCPU_MMCR(r9)	/* if not, set saved MMCR0 to FC */
2916
	b	22f
2917
21:	mfspr	r5, SPRN_MMCR1
2918
	mfspr	r7, SPRN_SIAR
2919
	mfspr	r8, SPRN_SDAR
2920
	std	r4, VCPU_MMCR(r9)
2921
	std	r5, VCPU_MMCR + 8(r9)
2922
	std	r6, VCPU_MMCRA(r9)
2923
BEGIN_FTR_SECTION
2924
	std	r10, VCPU_MMCR + 16(r9)
2925
END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
2926
	std	r7, VCPU_SIAR(r9)
2927
	std	r8, VCPU_SDAR(r9)
2928
	mfspr	r3, SPRN_PMC1
2929
	mfspr	r4, SPRN_PMC2
2930
	mfspr	r5, SPRN_PMC3
2931
	mfspr	r6, SPRN_PMC4
2932
	mfspr	r7, SPRN_PMC5
2933
	mfspr	r8, SPRN_PMC6
2934
	stw	r3, VCPU_PMC(r9)
2935
	stw	r4, VCPU_PMC + 4(r9)
2936
	stw	r5, VCPU_PMC + 8(r9)
2937
	stw	r6, VCPU_PMC + 12(r9)
2938
	stw	r7, VCPU_PMC + 16(r9)
2939
	stw	r8, VCPU_PMC + 20(r9)
2940
BEGIN_FTR_SECTION
2941
	mfspr	r5, SPRN_SIER
2942
	std	r5, VCPU_SIER(r9)
2943
	mfspr	r6, SPRN_SPMC1
2944
	mfspr	r7, SPRN_SPMC2
2945
	mfspr	r8, SPRN_MMCRS
2946
	stw	r6, VCPU_PMC + 24(r9)
2947
	stw	r7, VCPU_PMC + 28(r9)
2948
	std	r8, VCPU_MMCRS(r9)
2949
	lis	r4, 0x8000
2950
	mtspr	SPRN_MMCRS, r4
2951
END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
2952
22:	blr
2953
SYM_FUNC_END(kvmhv_save_guest_pmu)
2954

2955
/*
2956
 * This works around a hardware bug on POWER8E processors, where
2957
 * writing a 1 to the MMCR0[PMAO] bit doesn't generate a
2958
 * performance monitor interrupt.  Instead, when we need to have
2959
 * an interrupt pending, we have to arrange for a counter to overflow.
2960
 */
2961
kvmppc_fix_pmao:
2962
	li	r3, 0
2963
	mtspr	SPRN_MMCR2, r3
2964
	lis	r3, (MMCR0_PMXE | MMCR0_FCECE)@h
2965
	ori	r3, r3, MMCR0_PMCjCE | MMCR0_C56RUN
2966
	mtspr	SPRN_MMCR0, r3
2967
	lis	r3, 0x7fff
2968
	ori	r3, r3, 0xffff
2969
	mtspr	SPRN_PMC6, r3
2970
	isync
2971
	blr
2972

2973
#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
2974
/*
2975
 * Start timing an activity
2976
 * r3 = pointer to time accumulation struct, r4 = vcpu
2977
 */
2978
kvmhv_start_timing:
2979
	ld	r5, HSTATE_KVM_VCORE(r13)
2980
	ld	r6, VCORE_TB_OFFSET_APPL(r5)
2981
	mftb	r5
2982
	subf	r5, r6, r5	/* subtract current timebase offset */
2983
	std	r3, VCPU_CUR_ACTIVITY(r4)
2984
	std	r5, VCPU_ACTIVITY_START(r4)
2985
	blr
2986

2987
/*
2988
 * Accumulate time to one activity and start another.
2989
 * r3 = pointer to new time accumulation struct, r4 = vcpu
2990
 */
2991
kvmhv_accumulate_time:
2992
	ld	r5, HSTATE_KVM_VCORE(r13)
2993
	ld	r8, VCORE_TB_OFFSET_APPL(r5)
2994
	ld	r5, VCPU_CUR_ACTIVITY(r4)
2995
	ld	r6, VCPU_ACTIVITY_START(r4)
2996
	std	r3, VCPU_CUR_ACTIVITY(r4)
2997
	mftb	r7
2998
	subf	r7, r8, r7	/* subtract current timebase offset */
2999
	std	r7, VCPU_ACTIVITY_START(r4)
3000
	cmpdi	r5, 0
3001
	beqlr
3002
	subf	r3, r6, r7
3003
	ld	r8, TAS_SEQCOUNT(r5)
3004
	cmpdi	r8, 0
3005
	addi	r8, r8, 1
3006
	std	r8, TAS_SEQCOUNT(r5)
3007
	lwsync
3008
	ld	r7, TAS_TOTAL(r5)
3009
	add	r7, r7, r3
3010
	std	r7, TAS_TOTAL(r5)
3011
	ld	r6, TAS_MIN(r5)
3012
	ld	r7, TAS_MAX(r5)
3013
	beq	3f
3014
	cmpd	r3, r6
3015
	bge	1f
3016
3:	std	r3, TAS_MIN(r5)
3017
1:	cmpd	r3, r7
3018
	ble	2f
3019
	std	r3, TAS_MAX(r5)
3020
2:	lwsync
3021
	addi	r8, r8, 1
3022
	std	r8, TAS_SEQCOUNT(r5)
3023
	blr
3024
#endif
3025

3026