root/arch/powerpc/kvm/book3s_hv_rmhandlers.S

   1 /* SPDX-License-Identifier: GPL-2.0-only */
   2 /*
   3  *
   4  * Copyright 2011 Paul Mackerras, IBM Corp. <paulus@au1.ibm.com>
   5  *
   6  * Derived from book3s_rmhandlers.S and other files, which are:
   7  *
   8  * Copyright SUSE Linux Products GmbH 2009
   9  *
  10  * Authors: Alexander Graf <agraf@suse.de>
  11  */
  12 
  13 #include <asm/ppc_asm.h>
  14 #include <asm/code-patching-asm.h>
  15 #include <asm/kvm_asm.h>
  16 #include <asm/reg.h>
  17 #include <asm/mmu.h>
  18 #include <asm/page.h>
  19 #include <asm/ptrace.h>
  20 #include <asm/hvcall.h>
  21 #include <asm/asm-offsets.h>
  22 #include <asm/exception-64s.h>
  23 #include <asm/kvm_book3s_asm.h>
  24 #include <asm/book3s/64/mmu-hash.h>
  25 #include <asm/export.h>
  26 #include <asm/tm.h>
  27 #include <asm/opal.h>
  28 #include <asm/xive-regs.h>
  29 #include <asm/thread_info.h>
  30 #include <asm/asm-compat.h>
  31 #include <asm/feature-fixups.h>
  32 #include <asm/cpuidle.h>
  33 #include <asm/ultravisor-api.h>
  34 
  35 /* Sign-extend HDEC if not on POWER9 */
  36 #define EXTEND_HDEC(reg)                        \
  37 BEGIN_FTR_SECTION;                              \
  38         extsw   reg, reg;                       \
  39 END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_300)
  40 
  41 /* Values in HSTATE_NAPPING(r13) */
  42 #define NAPPING_CEDE    1
  43 #define NAPPING_NOVCPU  2
  44 #define NAPPING_UNSPLIT 3
  45 
  46 /* Stack frame offsets for kvmppc_hv_entry */
  47 #define SFS                     208
  48 #define STACK_SLOT_TRAP         (SFS-4)
  49 #define STACK_SLOT_SHORT_PATH   (SFS-8)
  50 #define STACK_SLOT_TID          (SFS-16)
  51 #define STACK_SLOT_PSSCR        (SFS-24)
  52 #define STACK_SLOT_PID          (SFS-32)
  53 #define STACK_SLOT_IAMR         (SFS-40)
  54 #define STACK_SLOT_CIABR        (SFS-48)
  55 #define STACK_SLOT_DAWR         (SFS-56)
  56 #define STACK_SLOT_DAWRX        (SFS-64)
  57 #define STACK_SLOT_HFSCR        (SFS-72)
  58 #define STACK_SLOT_AMR          (SFS-80)
  59 #define STACK_SLOT_UAMOR        (SFS-88)
  60 /* the following is used by the P9 short path */
  61 #define STACK_SLOT_NVGPRS       (SFS-152)       /* 18 gprs */
  62 
  63 /*
  64  * Call kvmppc_hv_entry in real mode.
  65  * Must be called with interrupts hard-disabled.
  66  *
  67  * Input Registers:
  68  *
  69  * LR = return address to continue at after eventually re-enabling MMU
  70  */
  71 _GLOBAL_TOC(kvmppc_hv_entry_trampoline)
  72         mflr    r0
  73         std     r0, PPC_LR_STKOFF(r1)
  74         stdu    r1, -112(r1)
  75         mfmsr   r10
  76         std     r10, HSTATE_HOST_MSR(r13)
  77         LOAD_REG_ADDR(r5, kvmppc_call_hv_entry)
  78         li      r0,MSR_RI
  79         andc    r0,r10,r0
  80         li      r6,MSR_IR | MSR_DR
  81         andc    r6,r10,r6
  82         mtmsrd  r0,1            /* clear RI in MSR */
  83         mtsrr0  r5
  84         mtsrr1  r6
  85         RFI_TO_KERNEL
  86 
  87 kvmppc_call_hv_entry:
  88 BEGIN_FTR_SECTION
  89         /* On P9, do LPCR setting, if necessary */
  90         ld      r3, HSTATE_SPLIT_MODE(r13)
  91         cmpdi   r3, 0
  92         beq     46f
  93         lwz     r4, KVM_SPLIT_DO_SET(r3)
  94         cmpwi   r4, 0
  95         beq     46f
  96         bl      kvmhv_p9_set_lpcr
  97         nop
  98 46:
  99 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300)
 100 
 101         ld      r4, HSTATE_KVM_VCPU(r13)
 102         bl      kvmppc_hv_entry
 103 
 104         /* Back from guest - restore host state and return to caller */
 105 
 106 BEGIN_FTR_SECTION
 107         /* Restore host DABR and DABRX */
 108         ld      r5,HSTATE_DABR(r13)
 109         li      r6,7
 110         mtspr   SPRN_DABR,r5
 111         mtspr   SPRN_DABRX,r6
 112 END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
 113 
 114         /* Restore SPRG3 */
 115         ld      r3,PACA_SPRG_VDSO(r13)
 116         mtspr   SPRN_SPRG_VDSO_WRITE,r3
 117 
 118         /* Reload the host's PMU registers */
 119         bl      kvmhv_load_host_pmu
 120 
 121         /*
 122          * Reload DEC.  HDEC interrupts were disabled when
 123          * we reloaded the host's LPCR value.
 124          */
 125         ld      r3, HSTATE_DECEXP(r13)
 126         mftb    r4
 127         subf    r4, r4, r3
 128         mtspr   SPRN_DEC, r4
 129 
 130         /* hwthread_req may have got set by cede or no vcpu, so clear it */
 131         li      r0, 0
 132         stb     r0, HSTATE_HWTHREAD_REQ(r13)
 133 
 134         /*
 135          * For external interrupts we need to call the Linux
 136          * handler to process the interrupt. We do that by jumping
 137          * to absolute address 0x500 for external interrupts.
 138          * The [h]rfid at the end of the handler will return to
 139          * the book3s_hv_interrupts.S code. For other interrupts
 140          * we do the rfid to get back to the book3s_hv_interrupts.S
 141          * code here.
 142          */
 143         ld      r8, 112+PPC_LR_STKOFF(r1)
 144         addi    r1, r1, 112
 145         ld      r7, HSTATE_HOST_MSR(r13)
 146 
 147         /* Return the trap number on this thread as the return value */
 148         mr      r3, r12
 149 
 150         /*
 151          * If we came back from the guest via a relocation-on interrupt,
 152          * we will be in virtual mode at this point, which makes it a
 153          * little easier to get back to the caller.
 154          */
 155         mfmsr   r0
 156         andi.   r0, r0, MSR_IR          /* in real mode? */
 157         bne     .Lvirt_return
 158 
 159         /* RFI into the highmem handler */
 160         mfmsr   r6
 161         li      r0, MSR_RI
 162         andc    r6, r6, r0
 163         mtmsrd  r6, 1                   /* Clear RI in MSR */
 164         mtsrr0  r8
 165         mtsrr1  r7
 166         RFI_TO_KERNEL
 167 
 168         /* Virtual-mode return */
 169 .Lvirt_return:
 170         mtlr    r8
 171         blr
 172 
 173 kvmppc_primary_no_guest:
 174         /* We handle this much like a ceded vcpu */
 175         /* put the HDEC into the DEC, since HDEC interrupts don't wake us */
 176         /* HDEC may be larger than DEC for arch >= v3.00, but since the */
 177         /* HDEC value came from DEC in the first place, it will fit */
 178         mfspr   r3, SPRN_HDEC
 179         mtspr   SPRN_DEC, r3
 180         /*
 181          * Make sure the primary has finished the MMU switch.
 182          * We should never get here on a secondary thread, but
 183          * check it for robustness' sake.
 184          */
 185         ld      r5, HSTATE_KVM_VCORE(r13)
 186 65:     lbz     r0, VCORE_IN_GUEST(r5)
 187         cmpwi   r0, 0
 188         beq     65b
 189         /* Set LPCR. */
 190         ld      r8,VCORE_LPCR(r5)
 191         mtspr   SPRN_LPCR,r8
 192         isync
 193         /* set our bit in napping_threads */
 194         ld      r5, HSTATE_KVM_VCORE(r13)
 195         lbz     r7, HSTATE_PTID(r13)
 196         li      r0, 1
 197         sld     r0, r0, r7
 198         addi    r6, r5, VCORE_NAPPING_THREADS
 199 1:      lwarx   r3, 0, r6
 200         or      r3, r3, r0
 201         stwcx.  r3, 0, r6
 202         bne     1b
 203         /* order napping_threads update vs testing entry_exit_map */
 204         isync
 205         li      r12, 0
 206         lwz     r7, VCORE_ENTRY_EXIT(r5)
 207         cmpwi   r7, 0x100
 208         bge     kvm_novcpu_exit /* another thread already exiting */
 209         li      r3, NAPPING_NOVCPU
 210         stb     r3, HSTATE_NAPPING(r13)
 211 
 212         li      r3, 0           /* Don't wake on privileged (OS) doorbell */
 213         b       kvm_do_nap
 214 
 215 /*
 216  * kvm_novcpu_wakeup
 217  *      Entered from kvm_start_guest if kvm_hstate.napping is set
 218  *      to NAPPING_NOVCPU
 219  *              r2 = kernel TOC
 220  *              r13 = paca
 221  */
 222 kvm_novcpu_wakeup:
 223         ld      r1, HSTATE_HOST_R1(r13)
 224         ld      r5, HSTATE_KVM_VCORE(r13)
 225         li      r0, 0
 226         stb     r0, HSTATE_NAPPING(r13)
 227 
 228         /* check the wake reason */
 229         bl      kvmppc_check_wake_reason
 230 
 231         /*
 232          * Restore volatile registers since we could have called
 233          * a C routine in kvmppc_check_wake_reason.
 234          *      r5 = VCORE
 235          */
 236         ld      r5, HSTATE_KVM_VCORE(r13)
 237 
 238         /* see if any other thread is already exiting */
 239         lwz     r0, VCORE_ENTRY_EXIT(r5)
 240         cmpwi   r0, 0x100
 241         bge     kvm_novcpu_exit
 242 
 243         /* clear our bit in napping_threads */
 244         lbz     r7, HSTATE_PTID(r13)
 245         li      r0, 1
 246         sld     r0, r0, r7
 247         addi    r6, r5, VCORE_NAPPING_THREADS
 248 4:      lwarx   r7, 0, r6
 249         andc    r7, r7, r0
 250         stwcx.  r7, 0, r6
 251         bne     4b
 252 
 253         /* See if the wake reason means we need to exit */
 254         cmpdi   r3, 0
 255         bge     kvm_novcpu_exit
 256 
 257         /* See if our timeslice has expired (HDEC is negative) */
 258         mfspr   r0, SPRN_HDEC
 259         EXTEND_HDEC(r0)
 260         li      r12, BOOK3S_INTERRUPT_HV_DECREMENTER
 261         cmpdi   r0, 0
 262         blt     kvm_novcpu_exit
 263 
 264         /* Got an IPI but other vcpus aren't yet exiting, must be a latecomer */
 265         ld      r4, HSTATE_KVM_VCPU(r13)
 266         cmpdi   r4, 0
 267         beq     kvmppc_primary_no_guest
 268 
 269 #ifdef CONFIG_KVM_BOOK3S_HV_EXIT_TIMING
 270         addi    r3, r4, VCPU_TB_RMENTRY
 271         bl      kvmhv_start_timing
 272 #endif
 273         b       kvmppc_got_guest
 274 
 275 kvm_novcpu_exit:
 276 #ifdef CONFIG_KVM_BOOK3S_HV_EXIT_TIMING
 277         ld      r4, HSTATE_KVM_VCPU(r13)
 278         cmpdi   r4, 0
 279         beq     13f
 280         addi    r3, r4, VCPU_TB_RMEXIT
 281         bl      kvmhv_accumulate_time
 282 #endif
 283 13:     mr      r3, r12
 284         stw     r12, STACK_SLOT_TRAP(r1)
 285         bl      kvmhv_commence_exit
 286         nop
 287         b       kvmhv_switch_to_host
 288 
 289 /*
 290  * We come in here when wakened from Linux offline idle code.
 291  * Relocation is off
 292  * r3 contains the SRR1 wakeup value, SRR1 is trashed.
 293  */
 294 _GLOBAL(idle_kvm_start_guest)
 295         ld      r4,PACAEMERGSP(r13)
 296         mfcr    r5
 297         mflr    r0
 298         std     r1,0(r4)
 299         std     r5,8(r4)
 300         std     r0,16(r4)
 301         subi    r1,r4,STACK_FRAME_OVERHEAD
 302         SAVE_NVGPRS(r1)
 303 
 304         /*
 305          * Could avoid this and pass it through in r3. For now,
 306          * code expects it to be in SRR1.
 307          */
 308         mtspr   SPRN_SRR1,r3
 309 
 310         li      r0,0
 311         stb     r0,PACA_FTRACE_ENABLED(r13)
 312 
 313         li      r0,KVM_HWTHREAD_IN_KVM
 314         stb     r0,HSTATE_HWTHREAD_STATE(r13)
 315 
 316         /* kvm cede / napping does not come through here */
 317         lbz     r0,HSTATE_NAPPING(r13)
 318         twnei   r0,0
 319 
 320         b       1f
 321 
 322 kvm_unsplit_wakeup:
 323         li      r0, 0
 324         stb     r0, HSTATE_NAPPING(r13)
 325 
 326 1:
 327 
 328         /*
 329          * We weren't napping due to cede, so this must be a secondary
 330          * thread being woken up to run a guest, or being woken up due
 331          * to a stray IPI.  (Or due to some machine check or hypervisor
 332          * maintenance interrupt while the core is in KVM.)
 333          */
 334 
 335         /* Check the wake reason in SRR1 to see why we got here */
 336         bl      kvmppc_check_wake_reason
 337         /*
 338          * kvmppc_check_wake_reason could invoke a C routine, but we
 339          * have no volatile registers to restore when we return.
 340          */
 341 
 342         cmpdi   r3, 0
 343         bge     kvm_no_guest
 344 
 345         /* get vcore pointer, NULL if we have nothing to run */
 346         ld      r5,HSTATE_KVM_VCORE(r13)
 347         cmpdi   r5,0
 348         /* if we have no vcore to run, go back to sleep */
 349         beq     kvm_no_guest
 350 
 351 kvm_secondary_got_guest:
 352 
 353         /* Set HSTATE_DSCR(r13) to something sensible */
 354         ld      r6, PACA_DSCR_DEFAULT(r13)
 355         std     r6, HSTATE_DSCR(r13)
 356 
 357         /* On thread 0 of a subcore, set HDEC to max */
 358         lbz     r4, HSTATE_PTID(r13)
 359         cmpwi   r4, 0
 360         bne     63f
 361         LOAD_REG_ADDR(r6, decrementer_max)
 362         ld      r6, 0(r6)
 363         mtspr   SPRN_HDEC, r6
 364         /* and set per-LPAR registers, if doing dynamic micro-threading */
 365         ld      r6, HSTATE_SPLIT_MODE(r13)
 366         cmpdi   r6, 0
 367         beq     63f
 368 BEGIN_FTR_SECTION
 369         ld      r0, KVM_SPLIT_RPR(r6)
 370         mtspr   SPRN_RPR, r0
 371         ld      r0, KVM_SPLIT_PMMAR(r6)
 372         mtspr   SPRN_PMMAR, r0
 373         ld      r0, KVM_SPLIT_LDBAR(r6)
 374         mtspr   SPRN_LDBAR, r0
 375         isync
 376 FTR_SECTION_ELSE
 377         /* On P9 we use the split_info for coordinating LPCR changes */
 378         lwz     r4, KVM_SPLIT_DO_SET(r6)
 379         cmpwi   r4, 0
 380         beq     1f
 381         mr      r3, r6
 382         bl      kvmhv_p9_set_lpcr
 383         nop
 384 1:
 385 ALT_FTR_SECTION_END_IFCLR(CPU_FTR_ARCH_300)
 386 63:
 387         /* Order load of vcpu after load of vcore */
 388         lwsync
 389         ld      r4, HSTATE_KVM_VCPU(r13)
 390         bl      kvmppc_hv_entry
 391 
 392         /* Back from the guest, go back to nap */
 393         /* Clear our vcpu and vcore pointers so we don't come back in early */
 394         li      r0, 0
 395         std     r0, HSTATE_KVM_VCPU(r13)
 396         /*
 397          * Once we clear HSTATE_KVM_VCORE(r13), the code in
 398          * kvmppc_run_core() is going to assume that all our vcpu
 399          * state is visible in memory.  This lwsync makes sure
 400          * that that is true.
 401          */
 402         lwsync
 403         std     r0, HSTATE_KVM_VCORE(r13)
 404 
 405         /*
 406          * All secondaries exiting guest will fall through this path.
 407          * Before proceeding, just check for HMI interrupt and
 408          * invoke opal hmi handler. By now we are sure that the
 409          * primary thread on this core/subcore has already made partition
 410          * switch/TB resync and we are good to call opal hmi handler.
 411          */
 412         cmpwi   r12, BOOK3S_INTERRUPT_HMI
 413         bne     kvm_no_guest
 414 
 415         li      r3,0                    /* NULL argument */
 416         bl      hmi_exception_realmode
 417 /*
 418  * At this point we have finished executing in the guest.
 419  * We need to wait for hwthread_req to become zero, since
 420  * we may not turn on the MMU while hwthread_req is non-zero.
 421  * While waiting we also need to check if we get given a vcpu to run.
 422  */
 423 kvm_no_guest:
 424         lbz     r3, HSTATE_HWTHREAD_REQ(r13)
 425         cmpwi   r3, 0
 426         bne     53f
 427         HMT_MEDIUM
 428         li      r0, KVM_HWTHREAD_IN_KERNEL
 429         stb     r0, HSTATE_HWTHREAD_STATE(r13)
 430         /* need to recheck hwthread_req after a barrier, to avoid race */
 431         sync
 432         lbz     r3, HSTATE_HWTHREAD_REQ(r13)
 433         cmpwi   r3, 0
 434         bne     54f
 435 
 436         /*
 437          * Jump to idle_return_gpr_loss, which returns to the
 438          * idle_kvm_start_guest caller.
 439          */
 440         li      r3, LPCR_PECE0
 441         mfspr   r4, SPRN_LPCR
 442         rlwimi  r4, r3, 0, LPCR_PECE0 | LPCR_PECE1
 443         mtspr   SPRN_LPCR, r4
 444         /* set up r3 for return */
 445         mfspr   r3,SPRN_SRR1
 446         REST_NVGPRS(r1)
 447         addi    r1, r1, STACK_FRAME_OVERHEAD
 448         ld      r0, 16(r1)
 449         ld      r5, 8(r1)
 450         ld      r1, 0(r1)
 451         mtlr    r0
 452         mtcr    r5
 453         blr
 454 
 455 53:     HMT_LOW
 456         ld      r5, HSTATE_KVM_VCORE(r13)
 457         cmpdi   r5, 0
 458         bne     60f
 459         ld      r3, HSTATE_SPLIT_MODE(r13)
 460         cmpdi   r3, 0
 461         beq     kvm_no_guest
 462         lwz     r0, KVM_SPLIT_DO_SET(r3)
 463         cmpwi   r0, 0
 464         bne     kvmhv_do_set
 465         lwz     r0, KVM_SPLIT_DO_RESTORE(r3)
 466         cmpwi   r0, 0
 467         bne     kvmhv_do_restore
 468         lbz     r0, KVM_SPLIT_DO_NAP(r3)
 469         cmpwi   r0, 0
 470         beq     kvm_no_guest
 471         HMT_MEDIUM
 472         b       kvm_unsplit_nap
 473 60:     HMT_MEDIUM
 474         b       kvm_secondary_got_guest
 475 
 476 54:     li      r0, KVM_HWTHREAD_IN_KVM
 477         stb     r0, HSTATE_HWTHREAD_STATE(r13)
 478         b       kvm_no_guest
 479 
 480 kvmhv_do_set:
 481         /* Set LPCR, LPIDR etc. on P9 */
 482         HMT_MEDIUM
 483         bl      kvmhv_p9_set_lpcr
 484         nop
 485         b       kvm_no_guest
 486 
 487 kvmhv_do_restore:
 488         HMT_MEDIUM
 489         bl      kvmhv_p9_restore_lpcr
 490         nop
 491         b       kvm_no_guest
 492 
 493 /*
 494  * Here the primary thread is trying to return the core to
 495  * whole-core mode, so we need to nap.
 496  */
 497 kvm_unsplit_nap:
 498         /*
 499          * When secondaries are napping in kvm_unsplit_nap() with
 500          * hwthread_req = 1, HMI goes ignored even though subcores are
 501          * already exited the guest. Hence HMI keeps waking up secondaries
 502          * from nap in a loop and secondaries always go back to nap since
 503          * no vcore is assigned to them. This makes impossible for primary
 504          * thread to get hold of secondary threads resulting into a soft
 505          * lockup in KVM path.
 506          *
 507          * Let us check if HMI is pending and handle it before we go to nap.
 508          */
 509         cmpwi   r12, BOOK3S_INTERRUPT_HMI
 510         bne     55f
 511         li      r3, 0                   /* NULL argument */
 512         bl      hmi_exception_realmode
 513 55:
 514         /*
 515          * Ensure that secondary doesn't nap when it has
 516          * its vcore pointer set.
 517          */
 518         sync            /* matches smp_mb() before setting split_info.do_nap */
 519         ld      r0, HSTATE_KVM_VCORE(r13)
 520         cmpdi   r0, 0
 521         bne     kvm_no_guest
 522         /* clear any pending message */
 523 BEGIN_FTR_SECTION
 524         lis     r6, (PPC_DBELL_SERVER << (63-36))@h
 525         PPC_MSGCLR(6)
 526 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
 527         /* Set kvm_split_mode.napped[tid] = 1 */
 528         ld      r3, HSTATE_SPLIT_MODE(r13)
 529         li      r0, 1
 530         lbz     r4, HSTATE_TID(r13)
 531         addi    r4, r4, KVM_SPLIT_NAPPED
 532         stbx    r0, r3, r4
 533         /* Check the do_nap flag again after setting napped[] */
 534         sync
 535         lbz     r0, KVM_SPLIT_DO_NAP(r3)
 536         cmpwi   r0, 0
 537         beq     57f
 538         li      r3, NAPPING_UNSPLIT
 539         stb     r3, HSTATE_NAPPING(r13)
 540         li      r3, (LPCR_PECEDH | LPCR_PECE0) >> 4
 541         mfspr   r5, SPRN_LPCR
 542         rlwimi  r5, r3, 4, (LPCR_PECEDP | LPCR_PECEDH | LPCR_PECE0 | LPCR_PECE1)
 543         b       kvm_nap_sequence
 544 
 545 57:     li      r0, 0
 546         stbx    r0, r3, r4
 547         b       kvm_no_guest
 548 
 549 /******************************************************************************
 550  *                                                                            *
 551  *                               Entry code                                   *
 552  *                                                                            *
 553  *****************************************************************************/
 554 
 555 .global kvmppc_hv_entry
 556 kvmppc_hv_entry:
 557 
 558         /* Required state:
 559          *
 560          * R4 = vcpu pointer (or NULL)
 561          * MSR = ~IR|DR
 562          * R13 = PACA
 563          * R1 = host R1
 564          * R2 = TOC
 565          * all other volatile GPRS = free
 566          * Does not preserve non-volatile GPRs or CR fields
 567          */
 568         mflr    r0
 569         std     r0, PPC_LR_STKOFF(r1)
 570         stdu    r1, -SFS(r1)
 571 
 572         /* Save R1 in the PACA */
 573         std     r1, HSTATE_HOST_R1(r13)
 574 
 575         li      r6, KVM_GUEST_MODE_HOST_HV
 576         stb     r6, HSTATE_IN_GUEST(r13)
 577 
 578 #ifdef CONFIG_KVM_BOOK3S_HV_EXIT_TIMING
 579         /* Store initial timestamp */
 580         cmpdi   r4, 0
 581         beq     1f
 582         addi    r3, r4, VCPU_TB_RMENTRY
 583         bl      kvmhv_start_timing
 584 1:
 585 #endif
 586 
 587         ld      r5, HSTATE_KVM_VCORE(r13)
 588         ld      r9, VCORE_KVM(r5)       /* pointer to struct kvm */
 589 
 590         /*
 591          * POWER7/POWER8 host -> guest partition switch code.
 592          * We don't have to lock against concurrent tlbies,
 593          * but we do have to coordinate across hardware threads.
 594          */
 595         /* Set bit in entry map iff exit map is zero. */
 596         li      r7, 1
 597         lbz     r6, HSTATE_PTID(r13)
 598         sld     r7, r7, r6
 599         addi    r8, r5, VCORE_ENTRY_EXIT
 600 21:     lwarx   r3, 0, r8
 601         cmpwi   r3, 0x100               /* any threads starting to exit? */
 602         bge     secondary_too_late      /* if so we're too late to the party */
 603         or      r3, r3, r7
 604         stwcx.  r3, 0, r8
 605         bne     21b
 606 
 607         /* Primary thread switches to guest partition. */
 608         cmpwi   r6,0
 609         bne     10f
 610 
 611         lwz     r7,KVM_LPID(r9)
 612 BEGIN_FTR_SECTION
 613         ld      r6,KVM_SDR1(r9)
 614         li      r0,LPID_RSVD            /* switch to reserved LPID */
 615         mtspr   SPRN_LPID,r0
 616         ptesync
 617         mtspr   SPRN_SDR1,r6            /* switch to partition page table */
 618 END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_300)
 619         mtspr   SPRN_LPID,r7
 620         isync
 621 
 622         /* See if we need to flush the TLB. */
 623         mr      r3, r9                  /* kvm pointer */
 624         lhz     r4, PACAPACAINDEX(r13)  /* physical cpu number */
 625         li      r5, 0                   /* nested vcpu pointer */
 626         bl      kvmppc_check_need_tlb_flush
 627         nop
 628         ld      r5, HSTATE_KVM_VCORE(r13)
 629 
 630         /* Add timebase offset onto timebase */
 631 22:     ld      r8,VCORE_TB_OFFSET(r5)
 632         cmpdi   r8,0
 633         beq     37f
 634         std     r8, VCORE_TB_OFFSET_APPL(r5)
 635         mftb    r6              /* current host timebase */
 636         add     r8,r8,r6
 637         mtspr   SPRN_TBU40,r8   /* update upper 40 bits */
 638         mftb    r7              /* check if lower 24 bits overflowed */
 639         clrldi  r6,r6,40
 640         clrldi  r7,r7,40
 641         cmpld   r7,r6
 642         bge     37f
 643         addis   r8,r8,0x100     /* if so, increment upper 40 bits */
 644         mtspr   SPRN_TBU40,r8
 645 
 646         /* Load guest PCR value to select appropriate compat mode */
 647 37:     ld      r7, VCORE_PCR(r5)
 648         LOAD_REG_IMMEDIATE(r6, PCR_MASK)
 649         cmpld   r7, r6
 650         beq     38f
 651         or      r7, r7, r6
 652         mtspr   SPRN_PCR, r7
 653 38:
 654 
 655 BEGIN_FTR_SECTION
 656         /* DPDES and VTB are shared between threads */
 657         ld      r8, VCORE_DPDES(r5)
 658         ld      r7, VCORE_VTB(r5)
 659         mtspr   SPRN_DPDES, r8
 660         mtspr   SPRN_VTB, r7
 661 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
 662 
 663         /* Mark the subcore state as inside guest */
 664         bl      kvmppc_subcore_enter_guest
 665         nop
 666         ld      r5, HSTATE_KVM_VCORE(r13)
 667         ld      r4, HSTATE_KVM_VCPU(r13)
 668         li      r0,1
 669         stb     r0,VCORE_IN_GUEST(r5)   /* signal secondaries to continue */
 670 
 671         /* Do we have a guest vcpu to run? */
 672 10:     cmpdi   r4, 0
 673         beq     kvmppc_primary_no_guest
 674 kvmppc_got_guest:
 675         /* Increment yield count if they have a VPA */
 676         ld      r3, VCPU_VPA(r4)
 677         cmpdi   r3, 0
 678         beq     25f
 679         li      r6, LPPACA_YIELDCOUNT
 680         LWZX_BE r5, r3, r6
 681         addi    r5, r5, 1
 682         STWX_BE r5, r3, r6
 683         li      r6, 1
 684         stb     r6, VCPU_VPA_DIRTY(r4)
 685 25:
 686 
 687         /* Save purr/spurr */
 688         mfspr   r5,SPRN_PURR
 689         mfspr   r6,SPRN_SPURR
 690         std     r5,HSTATE_PURR(r13)
 691         std     r6,HSTATE_SPURR(r13)
 692         ld      r7,VCPU_PURR(r4)
 693         ld      r8,VCPU_SPURR(r4)
 694         mtspr   SPRN_PURR,r7
 695         mtspr   SPRN_SPURR,r8
 696 
 697         /* Save host values of some registers */
 698 BEGIN_FTR_SECTION
 699         mfspr   r5, SPRN_TIDR
 700         mfspr   r6, SPRN_PSSCR
 701         mfspr   r7, SPRN_PID
 702         std     r5, STACK_SLOT_TID(r1)
 703         std     r6, STACK_SLOT_PSSCR(r1)
 704         std     r7, STACK_SLOT_PID(r1)
 705         mfspr   r5, SPRN_HFSCR
 706         std     r5, STACK_SLOT_HFSCR(r1)
 707 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300)
 708 BEGIN_FTR_SECTION
 709         mfspr   r5, SPRN_CIABR
 710         mfspr   r6, SPRN_DAWR
 711         mfspr   r7, SPRN_DAWRX
 712         mfspr   r8, SPRN_IAMR
 713         std     r5, STACK_SLOT_CIABR(r1)
 714         std     r6, STACK_SLOT_DAWR(r1)
 715         std     r7, STACK_SLOT_DAWRX(r1)
 716         std     r8, STACK_SLOT_IAMR(r1)
 717 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
 718 
 719         mfspr   r5, SPRN_AMR
 720         std     r5, STACK_SLOT_AMR(r1)
 721         mfspr   r6, SPRN_UAMOR
 722         std     r6, STACK_SLOT_UAMOR(r1)
 723 
 724 BEGIN_FTR_SECTION
 725         /* Set partition DABR */
 726         /* Do this before re-enabling PMU to avoid P7 DABR corruption bug */
 727         lwz     r5,VCPU_DABRX(r4)
 728         ld      r6,VCPU_DABR(r4)
 729         mtspr   SPRN_DABRX,r5
 730         mtspr   SPRN_DABR,r6
 731         isync
 732 END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
 733 
 734 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
 735 /*
 736  * Branch around the call if both CPU_FTR_TM and
 737  * CPU_FTR_P9_TM_HV_ASSIST are off.
 738  */
 739 BEGIN_FTR_SECTION
 740         b       91f
 741 END_FTR_SECTION(CPU_FTR_TM | CPU_FTR_P9_TM_HV_ASSIST, 0)
 742         /*
 743          * NOTE THAT THIS TRASHES ALL NON-VOLATILE REGISTERS (but not CR)
 744          */
 745         mr      r3, r4
 746         ld      r4, VCPU_MSR(r3)
 747         li      r5, 0                   /* don't preserve non-vol regs */
 748         bl      kvmppc_restore_tm_hv
 749         nop
 750         ld      r4, HSTATE_KVM_VCPU(r13)
 751 91:
 752 #endif
 753 
 754         /* Load guest PMU registers; r4 = vcpu pointer here */
 755         mr      r3, r4
 756         bl      kvmhv_load_guest_pmu
 757 
 758         /* Load up FP, VMX and VSX registers */
 759         ld      r4, HSTATE_KVM_VCPU(r13)
 760         bl      kvmppc_load_fp
 761 
 762         ld      r14, VCPU_GPR(R14)(r4)
 763         ld      r15, VCPU_GPR(R15)(r4)
 764         ld      r16, VCPU_GPR(R16)(r4)
 765         ld      r17, VCPU_GPR(R17)(r4)
 766         ld      r18, VCPU_GPR(R18)(r4)
 767         ld      r19, VCPU_GPR(R19)(r4)
 768         ld      r20, VCPU_GPR(R20)(r4)
 769         ld      r21, VCPU_GPR(R21)(r4)
 770         ld      r22, VCPU_GPR(R22)(r4)
 771         ld      r23, VCPU_GPR(R23)(r4)
 772         ld      r24, VCPU_GPR(R24)(r4)
 773         ld      r25, VCPU_GPR(R25)(r4)
 774         ld      r26, VCPU_GPR(R26)(r4)
 775         ld      r27, VCPU_GPR(R27)(r4)
 776         ld      r28, VCPU_GPR(R28)(r4)
 777         ld      r29, VCPU_GPR(R29)(r4)
 778         ld      r30, VCPU_GPR(R30)(r4)
 779         ld      r31, VCPU_GPR(R31)(r4)
 780 
 781         /* Switch DSCR to guest value */
 782         ld      r5, VCPU_DSCR(r4)
 783         mtspr   SPRN_DSCR, r5
 784 
 785 BEGIN_FTR_SECTION
 786         /* Skip next section on POWER7 */
 787         b       8f
 788 END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
 789         /* Load up POWER8-specific registers */
 790         ld      r5, VCPU_IAMR(r4)
 791         lwz     r6, VCPU_PSPB(r4)
 792         ld      r7, VCPU_FSCR(r4)
 793         mtspr   SPRN_IAMR, r5
 794         mtspr   SPRN_PSPB, r6
 795         mtspr   SPRN_FSCR, r7
 796         /*
 797          * Handle broken DAWR case by not writing it. This means we
 798          * can still store the DAWR register for migration.
 799          */
 800         LOAD_REG_ADDR(r5, dawr_force_enable)
 801         lbz     r5, 0(r5)
 802         cmpdi   r5, 0
 803         beq     1f
 804         ld      r5, VCPU_DAWR(r4)
 805         ld      r6, VCPU_DAWRX(r4)
 806         mtspr   SPRN_DAWR, r5
 807         mtspr   SPRN_DAWRX, r6
 808 1:
 809         ld      r7, VCPU_CIABR(r4)
 810         ld      r8, VCPU_TAR(r4)
 811         mtspr   SPRN_CIABR, r7
 812         mtspr   SPRN_TAR, r8
 813         ld      r5, VCPU_IC(r4)
 814         ld      r8, VCPU_EBBHR(r4)
 815         mtspr   SPRN_IC, r5
 816         mtspr   SPRN_EBBHR, r8
 817         ld      r5, VCPU_EBBRR(r4)
 818         ld      r6, VCPU_BESCR(r4)
 819         lwz     r7, VCPU_GUEST_PID(r4)
 820         ld      r8, VCPU_WORT(r4)
 821         mtspr   SPRN_EBBRR, r5
 822         mtspr   SPRN_BESCR, r6
 823         mtspr   SPRN_PID, r7
 824         mtspr   SPRN_WORT, r8
 825 BEGIN_FTR_SECTION
 826         /* POWER8-only registers */
 827         ld      r5, VCPU_TCSCR(r4)
 828         ld      r6, VCPU_ACOP(r4)
 829         ld      r7, VCPU_CSIGR(r4)
 830         ld      r8, VCPU_TACR(r4)
 831         mtspr   SPRN_TCSCR, r5
 832         mtspr   SPRN_ACOP, r6
 833         mtspr   SPRN_CSIGR, r7
 834         mtspr   SPRN_TACR, r8
 835         nop
 836 FTR_SECTION_ELSE
 837         /* POWER9-only registers */
 838         ld      r5, VCPU_TID(r4)
 839         ld      r6, VCPU_PSSCR(r4)
 840         lbz     r8, HSTATE_FAKE_SUSPEND(r13)
 841         oris    r6, r6, PSSCR_EC@h      /* This makes stop trap to HV */
 842         rldimi  r6, r8, PSSCR_FAKE_SUSPEND_LG, 63 - PSSCR_FAKE_SUSPEND_LG
 843         ld      r7, VCPU_HFSCR(r4)
 844         mtspr   SPRN_TIDR, r5
 845         mtspr   SPRN_PSSCR, r6
 846         mtspr   SPRN_HFSCR, r7
 847 ALT_FTR_SECTION_END_IFCLR(CPU_FTR_ARCH_300)
 848 8:
 849 
 850         ld      r5, VCPU_SPRG0(r4)
 851         ld      r6, VCPU_SPRG1(r4)
 852         ld      r7, VCPU_SPRG2(r4)
 853         ld      r8, VCPU_SPRG3(r4)
 854         mtspr   SPRN_SPRG0, r5
 855         mtspr   SPRN_SPRG1, r6
 856         mtspr   SPRN_SPRG2, r7
 857         mtspr   SPRN_SPRG3, r8
 858 
 859         /* Load up DAR and DSISR */
 860         ld      r5, VCPU_DAR(r4)
 861         lwz     r6, VCPU_DSISR(r4)
 862         mtspr   SPRN_DAR, r5
 863         mtspr   SPRN_DSISR, r6
 864 
 865         /* Restore AMR and UAMOR, set AMOR to all 1s */
 866         ld      r5,VCPU_AMR(r4)
 867         ld      r6,VCPU_UAMOR(r4)
 868         li      r7,-1
 869         mtspr   SPRN_AMR,r5
 870         mtspr   SPRN_UAMOR,r6
 871         mtspr   SPRN_AMOR,r7
 872 
 873         /* Restore state of CTRL run bit; assume 1 on entry */
 874         lwz     r5,VCPU_CTRL(r4)
 875         andi.   r5,r5,1
 876         bne     4f
 877         mfspr   r6,SPRN_CTRLF
 878         clrrdi  r6,r6,1
 879         mtspr   SPRN_CTRLT,r6
 880 4:
 881         /* Secondary threads wait for primary to have done partition switch */
 882         ld      r5, HSTATE_KVM_VCORE(r13)
 883         lbz     r6, HSTATE_PTID(r13)
 884         cmpwi   r6, 0
 885         beq     21f
 886         lbz     r0, VCORE_IN_GUEST(r5)
 887         cmpwi   r0, 0
 888         bne     21f
 889         HMT_LOW
 890 20:     lwz     r3, VCORE_ENTRY_EXIT(r5)
 891         cmpwi   r3, 0x100
 892         bge     no_switch_exit
 893         lbz     r0, VCORE_IN_GUEST(r5)
 894         cmpwi   r0, 0
 895         beq     20b
 896         HMT_MEDIUM
 897 21:
 898         /* Set LPCR. */
 899         ld      r8,VCORE_LPCR(r5)
 900         mtspr   SPRN_LPCR,r8
 901         isync
 902 
 903         /*
 904          * Set the decrementer to the guest decrementer.
 905          */
 906         ld      r8,VCPU_DEC_EXPIRES(r4)
 907         /* r8 is a host timebase value here, convert to guest TB */
 908         ld      r5,HSTATE_KVM_VCORE(r13)
 909         ld      r6,VCORE_TB_OFFSET_APPL(r5)
 910         add     r8,r8,r6
 911         mftb    r7
 912         subf    r3,r7,r8
 913         mtspr   SPRN_DEC,r3
 914 
 915         /* Check if HDEC expires soon */
 916         mfspr   r3, SPRN_HDEC
 917         EXTEND_HDEC(r3)
 918         cmpdi   r3, 512         /* 1 microsecond */
 919         blt     hdec_soon
 920 
 921         /* For hash guest, clear out and reload the SLB */
 922         ld      r6, VCPU_KVM(r4)
 923         lbz     r0, KVM_RADIX(r6)
 924         cmpwi   r0, 0
 925         bne     9f
 926         li      r6, 0
 927         slbmte  r6, r6
 928         slbia
 929         ptesync
 930 
 931         /* Load up guest SLB entries (N.B. slb_max will be 0 for radix) */
 932         lwz     r5,VCPU_SLB_MAX(r4)
 933         cmpwi   r5,0
 934         beq     9f
 935         mtctr   r5
 936         addi    r6,r4,VCPU_SLB
 937 1:      ld      r8,VCPU_SLB_E(r6)
 938         ld      r9,VCPU_SLB_V(r6)
 939         slbmte  r9,r8
 940         addi    r6,r6,VCPU_SLB_SIZE
 941         bdnz    1b
 942 9:
 943 
 944 #ifdef CONFIG_KVM_XICS
 945         /* We are entering the guest on that thread, push VCPU to XIVE */
 946         ld      r11, VCPU_XIVE_SAVED_STATE(r4)
 947         li      r9, TM_QW1_OS
 948         lwz     r8, VCPU_XIVE_CAM_WORD(r4)
 949         cmpwi   r8, 0
 950         beq     no_xive
 951         li      r7, TM_QW1_OS + TM_WORD2
 952         mfmsr   r0
 953         andi.   r0, r0, MSR_DR          /* in real mode? */
 954         beq     2f
 955         ld      r10, HSTATE_XIVE_TIMA_VIRT(r13)
 956         cmpldi  cr1, r10, 0
 957         beq     cr1, no_xive
 958         eieio
 959         stdx    r11,r9,r10
 960         stwx    r8,r7,r10
 961         b       3f
 962 2:      ld      r10, HSTATE_XIVE_TIMA_PHYS(r13)
 963         cmpldi  cr1, r10, 0
 964         beq     cr1, no_xive
 965         eieio
 966         stdcix  r11,r9,r10
 967         stwcix  r8,r7,r10
 968 3:      li      r9, 1
 969         stb     r9, VCPU_XIVE_PUSHED(r4)
 970         eieio
 971 
 972         /*
 973          * We clear the irq_pending flag. There is a small chance of a
 974          * race vs. the escalation interrupt happening on another
 975          * processor setting it again, but the only consequence is to
 976          * cause a spurrious wakeup on the next H_CEDE which is not an
 977          * issue.
 978          */
 979         li      r0,0
 980         stb     r0, VCPU_IRQ_PENDING(r4)
 981 
 982         /*
 983          * In single escalation mode, if the escalation interrupt is
 984          * on, we mask it.
 985          */
 986         lbz     r0, VCPU_XIVE_ESC_ON(r4)
 987         cmpwi   cr1, r0,0
 988         beq     cr1, 1f
 989         li      r9, XIVE_ESB_SET_PQ_01
 990         beq     4f                      /* in real mode? */
 991         ld      r10, VCPU_XIVE_ESC_VADDR(r4)
 992         ldx     r0, r10, r9
 993         b       5f
 994 4:      ld      r10, VCPU_XIVE_ESC_RADDR(r4)
 995         ldcix   r0, r10, r9
 996 5:      sync
 997 
 998         /* We have a possible subtle race here: The escalation interrupt might
 999          * have fired and be on its way to the host queue while we mask it,
1000          * and if we unmask it early enough (re-cede right away), there is
1001          * a theorical possibility that it fires again, thus landing in the
1002          * target queue more than once which is a big no-no.
1003          *
1004          * Fortunately, solving this is rather easy. If the above load setting
1005          * PQ to 01 returns a previous value where P is set, then we know the
1006          * escalation interrupt is somewhere on its way to the host. In that
1007          * case we simply don't clear the xive_esc_on flag below. It will be
1008          * eventually cleared by the handler for the escalation interrupt.
1009          *
1010          * Then, when doing a cede, we check that flag again before re-enabling
1011          * the escalation interrupt, and if set, we abort the cede.
1012          */
1013         andi.   r0, r0, XIVE_ESB_VAL_P
1014         bne-    1f
1015 
1016         /* Now P is 0, we can clear the flag */
1017         li      r0, 0
1018         stb     r0, VCPU_XIVE_ESC_ON(r4)
1019 1:
1020 no_xive:
1021 #endif /* CONFIG_KVM_XICS */
1022 
1023         li      r0, 0
1024         stw     r0, STACK_SLOT_SHORT_PATH(r1)
1025 
1026 deliver_guest_interrupt:        /* r4 = vcpu, r13 = paca */
1027         /* Check if we can deliver an external or decrementer interrupt now */
1028         ld      r0, VCPU_PENDING_EXC(r4)
1029 BEGIN_FTR_SECTION
1030         /* On POWER9, also check for emulated doorbell interrupt */
1031         lbz     r3, VCPU_DBELL_REQ(r4)
1032         or      r0, r0, r3
1033 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300)
1034         cmpdi   r0, 0
1035         beq     71f
1036         mr      r3, r4
1037         bl      kvmppc_guest_entry_inject_int
1038         ld      r4, HSTATE_KVM_VCPU(r13)
1039 71:
1040         ld      r6, VCPU_SRR0(r4)
1041         ld      r7, VCPU_SRR1(r4)
1042         mtspr   SPRN_SRR0, r6
1043         mtspr   SPRN_SRR1, r7
1044 
1045 fast_guest_entry_c:
1046         ld      r10, VCPU_PC(r4)
1047         ld      r11, VCPU_MSR(r4)
1048         /* r11 = vcpu->arch.msr & ~MSR_HV */
1049         rldicl  r11, r11, 63 - MSR_HV_LG, 1
1050         rotldi  r11, r11, 1 + MSR_HV_LG
1051         ori     r11, r11, MSR_ME
1052 
1053         ld      r6, VCPU_CTR(r4)
1054         ld      r7, VCPU_XER(r4)
1055         mtctr   r6
1056         mtxer   r7
1057 
1058 /*
1059  * Required state:
1060  * R4 = vcpu
1061  * R10: value for HSRR0
1062  * R11: value for HSRR1
1063  * R13 = PACA
1064  */
1065 fast_guest_return:
1066         li      r0,0
1067         stb     r0,VCPU_CEDED(r4)       /* cancel cede */
1068         mtspr   SPRN_HSRR0,r10
1069         mtspr   SPRN_HSRR1,r11
1070 
1071         /* Activate guest mode, so faults get handled by KVM */
1072         li      r9, KVM_GUEST_MODE_GUEST_HV
1073         stb     r9, HSTATE_IN_GUEST(r13)
1074 
1075 #ifdef CONFIG_KVM_BOOK3S_HV_EXIT_TIMING
1076         /* Accumulate timing */
1077         addi    r3, r4, VCPU_TB_GUEST
1078         bl      kvmhv_accumulate_time
1079 #endif
1080 
1081         /* Enter guest */
1082 
1083 BEGIN_FTR_SECTION
1084         ld      r5, VCPU_CFAR(r4)
1085         mtspr   SPRN_CFAR, r5
1086 END_FTR_SECTION_IFSET(CPU_FTR_CFAR)
1087 BEGIN_FTR_SECTION
1088         ld      r0, VCPU_PPR(r4)
1089 END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR)
1090 
1091         ld      r5, VCPU_LR(r4)
1092         mtlr    r5
1093 
1094         ld      r1, VCPU_GPR(R1)(r4)
1095         ld      r5, VCPU_GPR(R5)(r4)
1096         ld      r8, VCPU_GPR(R8)(r4)
1097         ld      r9, VCPU_GPR(R9)(r4)
1098         ld      r10, VCPU_GPR(R10)(r4)
1099         ld      r11, VCPU_GPR(R11)(r4)
1100         ld      r12, VCPU_GPR(R12)(r4)
1101         ld      r13, VCPU_GPR(R13)(r4)
1102 
1103 BEGIN_FTR_SECTION
1104         mtspr   SPRN_PPR, r0
1105 END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR)
1106 
1107 /* Move canary into DSISR to check for later */
1108 BEGIN_FTR_SECTION
1109         li      r0, 0x7fff
1110         mtspr   SPRN_HDSISR, r0
1111 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300)
1112 
1113         ld      r6, VCPU_KVM(r4)
1114         lbz     r7, KVM_SECURE_GUEST(r6)
1115         cmpdi   r7, 0
1116         ld      r6, VCPU_GPR(R6)(r4)
1117         ld      r7, VCPU_GPR(R7)(r4)
1118         bne     ret_to_ultra
1119 
1120         ld      r0, VCPU_CR(r4)
1121         mtcr    r0
1122 
1123         ld      r0, VCPU_GPR(R0)(r4)
1124         ld      r2, VCPU_GPR(R2)(r4)
1125         ld      r3, VCPU_GPR(R3)(r4)
1126         ld      r4, VCPU_GPR(R4)(r4)
1127         HRFI_TO_GUEST
1128         b       .
1129 /*
1130  * Use UV_RETURN ultracall to return control back to the Ultravisor after
1131  * processing an hypercall or interrupt that was forwarded (a.k.a. reflected)
1132  * to the Hypervisor.
1133  *
1134  * All registers have already been loaded, except:
1135  *   R0 = hcall result
1136  *   R2 = SRR1, so UV can detect a synthesized interrupt (if any)
1137  *   R3 = UV_RETURN
1138  */
1139 ret_to_ultra:
1140         ld      r0, VCPU_CR(r4)
1141         mtcr    r0
1142 
1143         ld      r0, VCPU_GPR(R3)(r4)
1144         mfspr   r2, SPRN_SRR1
1145         li      r3, 0
1146         ori     r3, r3, UV_RETURN
1147         ld      r4, VCPU_GPR(R4)(r4)
1148         sc      2
1149 
1150 /*
1151  * Enter the guest on a P9 or later system where we have exactly
1152  * one vcpu per vcore and we don't need to go to real mode
1153  * (which implies that host and guest are both using radix MMU mode).
1154  * r3 = vcpu pointer
1155  * Most SPRs and all the VSRs have been loaded already.
1156  */
1157 _GLOBAL(__kvmhv_vcpu_entry_p9)
1158 EXPORT_SYMBOL_GPL(__kvmhv_vcpu_entry_p9)
1159         mflr    r0
1160         std     r0, PPC_LR_STKOFF(r1)
1161         stdu    r1, -SFS(r1)
1162 
1163         li      r0, 1
1164         stw     r0, STACK_SLOT_SHORT_PATH(r1)
1165 
1166         std     r3, HSTATE_KVM_VCPU(r13)
1167         mfcr    r4
1168         stw     r4, SFS+8(r1)
1169 
1170         std     r1, HSTATE_HOST_R1(r13)
1171 
1172         reg = 14
1173         .rept   18
1174         std     reg, STACK_SLOT_NVGPRS + ((reg - 14) * 8)(r1)
1175         reg = reg + 1
1176         .endr
1177 
1178         reg = 14
1179         .rept   18
1180         ld      reg, __VCPU_GPR(reg)(r3)
1181         reg = reg + 1
1182         .endr
1183 
1184         mfmsr   r10
1185         std     r10, HSTATE_HOST_MSR(r13)
1186 
1187         mr      r4, r3
1188         b       fast_guest_entry_c
1189 guest_exit_short_path:
1190 
1191         li      r0, KVM_GUEST_MODE_NONE
1192         stb     r0, HSTATE_IN_GUEST(r13)
1193 
1194         reg = 14
1195         .rept   18
1196         std     reg, __VCPU_GPR(reg)(r9)
1197         reg = reg + 1
1198         .endr
1199 
1200         reg = 14
1201         .rept   18
1202         ld      reg, STACK_SLOT_NVGPRS + ((reg - 14) * 8)(r1)
1203         reg = reg + 1
1204         .endr
1205 
1206         lwz     r4, SFS+8(r1)
1207         mtcr    r4
1208 
1209         mr      r3, r12         /* trap number */
1210 
1211         addi    r1, r1, SFS
1212         ld      r0, PPC_LR_STKOFF(r1)
1213         mtlr    r0
1214 
1215         /* If we are in real mode, do a rfid to get back to the caller */
1216         mfmsr   r4
1217         andi.   r5, r4, MSR_IR
1218         bnelr
1219         rldicl  r5, r4, 64 - MSR_TS_S_LG, 62    /* extract TS field */
1220         mtspr   SPRN_SRR0, r0
1221         ld      r10, HSTATE_HOST_MSR(r13)
1222         rldimi  r10, r5, MSR_TS_S_LG, 63 - MSR_TS_T_LG
1223         mtspr   SPRN_SRR1, r10
1224         RFI_TO_KERNEL
1225         b       .
1226 
1227 secondary_too_late:
1228         li      r12, 0
1229         stw     r12, STACK_SLOT_TRAP(r1)
1230         cmpdi   r4, 0
1231         beq     11f
1232         stw     r12, VCPU_TRAP(r4)
1233 #ifdef CONFIG_KVM_BOOK3S_HV_EXIT_TIMING
1234         addi    r3, r4, VCPU_TB_RMEXIT
1235         bl      kvmhv_accumulate_time
1236 #endif
1237 11:     b       kvmhv_switch_to_host
1238 
1239 no_switch_exit:
1240         HMT_MEDIUM
1241         li      r12, 0
1242         b       12f
1243 hdec_soon:
1244         li      r12, BOOK3S_INTERRUPT_HV_DECREMENTER
1245 12:     stw     r12, VCPU_TRAP(r4)
1246         mr      r9, r4
1247 #ifdef CONFIG_KVM_BOOK3S_HV_EXIT_TIMING
1248         addi    r3, r4, VCPU_TB_RMEXIT
1249         bl      kvmhv_accumulate_time
1250 #endif
1251         b       guest_bypass
1252 
1253 /******************************************************************************
1254  *                                                                            *
1255  *                               Exit code                                    *
1256  *                                                                            *
1257  *****************************************************************************/
1258 
1259 /*
1260  * We come here from the first-level interrupt handlers.
1261  */
1262         .globl  kvmppc_interrupt_hv
1263 kvmppc_interrupt_hv:
1264         /*
1265          * Register contents:
1266          * R12          = (guest CR << 32) | interrupt vector
1267          * R13          = PACA
1268          * guest R12 saved in shadow VCPU SCRATCH0
1269          * guest CTR saved in shadow VCPU SCRATCH1 if RELOCATABLE
1270          * guest R13 saved in SPRN_SCRATCH0
1271          */
1272         std     r9, HSTATE_SCRATCH2(r13)
1273         lbz     r9, HSTATE_IN_GUEST(r13)
1274         cmpwi   r9, KVM_GUEST_MODE_HOST_HV
1275         beq     kvmppc_bad_host_intr
1276 #ifdef CONFIG_KVM_BOOK3S_PR_POSSIBLE
1277         cmpwi   r9, KVM_GUEST_MODE_GUEST
1278         ld      r9, HSTATE_SCRATCH2(r13)
1279         beq     kvmppc_interrupt_pr
1280 #endif
1281         /* We're now back in the host but in guest MMU context */
1282         li      r9, KVM_GUEST_MODE_HOST_HV
1283         stb     r9, HSTATE_IN_GUEST(r13)
1284 
1285         ld      r9, HSTATE_KVM_VCPU(r13)
1286 
1287         /* Save registers */
1288 
1289         std     r0, VCPU_GPR(R0)(r9)
1290         std     r1, VCPU_GPR(R1)(r9)
1291         std     r2, VCPU_GPR(R2)(r9)
1292         std     r3, VCPU_GPR(R3)(r9)
1293         std     r4, VCPU_GPR(R4)(r9)
1294         std     r5, VCPU_GPR(R5)(r9)
1295         std     r6, VCPU_GPR(R6)(r9)
1296         std     r7, VCPU_GPR(R7)(r9)
1297         std     r8, VCPU_GPR(R8)(r9)
1298         ld      r0, HSTATE_SCRATCH2(r13)
1299         std     r0, VCPU_GPR(R9)(r9)
1300         std     r10, VCPU_GPR(R10)(r9)
1301         std     r11, VCPU_GPR(R11)(r9)
1302         ld      r3, HSTATE_SCRATCH0(r13)
1303         std     r3, VCPU_GPR(R12)(r9)
1304         /* CR is in the high half of r12 */
1305         srdi    r4, r12, 32
1306         std     r4, VCPU_CR(r9)
1307 BEGIN_FTR_SECTION
1308         ld      r3, HSTATE_CFAR(r13)
1309         std     r3, VCPU_CFAR(r9)
1310 END_FTR_SECTION_IFSET(CPU_FTR_CFAR)
1311 BEGIN_FTR_SECTION
1312         ld      r4, HSTATE_PPR(r13)
1313         std     r4, VCPU_PPR(r9)
1314 END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR)
1315 
1316         /* Restore R1/R2 so we can handle faults */
1317         ld      r1, HSTATE_HOST_R1(r13)
1318         ld      r2, PACATOC(r13)
1319 
1320         mfspr   r10, SPRN_SRR0
1321         mfspr   r11, SPRN_SRR1
1322         std     r10, VCPU_SRR0(r9)
1323         std     r11, VCPU_SRR1(r9)
1324         /* trap is in the low half of r12, clear CR from the high half */
1325         clrldi  r12, r12, 32
1326         andi.   r0, r12, 2              /* need to read HSRR0/1? */
1327         beq     1f
1328         mfspr   r10, SPRN_HSRR0
1329         mfspr   r11, SPRN_HSRR1
1330         clrrdi  r12, r12, 2
1331 1:      std     r10, VCPU_PC(r9)
1332         std     r11, VCPU_MSR(r9)
1333 
1334         GET_SCRATCH0(r3)
1335         mflr    r4
1336         std     r3, VCPU_GPR(R13)(r9)
1337         std     r4, VCPU_LR(r9)
1338 
1339         stw     r12,VCPU_TRAP(r9)
1340 
1341         /*
1342          * Now that we have saved away SRR0/1 and HSRR0/1,
1343          * interrupts are recoverable in principle, so set MSR_RI.
1344          * This becomes important for relocation-on interrupts from
1345          * the guest, which we can get in radix mode on POWER9.
1346          */
1347         li      r0, MSR_RI
1348         mtmsrd  r0, 1
1349 
1350 #ifdef CONFIG_KVM_BOOK3S_HV_EXIT_TIMING
1351         addi    r3, r9, VCPU_TB_RMINTR
1352         mr      r4, r9
1353         bl      kvmhv_accumulate_time
1354         ld      r5, VCPU_GPR(R5)(r9)
1355         ld      r6, VCPU_GPR(R6)(r9)
1356         ld      r7, VCPU_GPR(R7)(r9)
1357         ld      r8, VCPU_GPR(R8)(r9)
1358 #endif
1359 
1360         /* Save HEIR (HV emulation assist reg) in emul_inst
1361            if this is an HEI (HV emulation interrupt, e40) */
1362         li      r3,KVM_INST_FETCH_FAILED
1363         stw     r3,VCPU_LAST_INST(r9)
1364         cmpwi   r12,BOOK3S_INTERRUPT_H_EMUL_ASSIST
1365         bne     11f
1366         mfspr   r3,SPRN_HEIR
1367 11:     stw     r3,VCPU_HEIR(r9)
1368 
1369         /* these are volatile across C function calls */
1370 #ifdef CONFIG_RELOCATABLE
1371         ld      r3, HSTATE_SCRATCH1(r13)
1372         mtctr   r3
1373 #else
1374         mfctr   r3
1375 #endif
1376         mfxer   r4
1377         std     r3, VCPU_CTR(r9)
1378         std     r4, VCPU_XER(r9)
1379 
1380         /* Save more register state  */
1381         mfdar   r3
1382         mfdsisr r4
1383         std     r3, VCPU_DAR(r9)
1384         stw     r4, VCPU_DSISR(r9)
1385 
1386         /* If this is a page table miss then see if it's theirs or ours */
1387         cmpwi   r12, BOOK3S_INTERRUPT_H_DATA_STORAGE
1388         beq     kvmppc_hdsi
1389         std     r3, VCPU_FAULT_DAR(r9)
1390         stw     r4, VCPU_FAULT_DSISR(r9)
1391         cmpwi   r12, BOOK3S_INTERRUPT_H_INST_STORAGE
1392         beq     kvmppc_hisi
1393 
1394 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
1395         /* For softpatch interrupt, go off and do TM instruction emulation */
1396         cmpwi   r12, BOOK3S_INTERRUPT_HV_SOFTPATCH
1397         beq     kvmppc_tm_emul
1398 #endif
1399 
1400         /* See if this is a leftover HDEC interrupt */
1401         cmpwi   r12,BOOK3S_INTERRUPT_HV_DECREMENTER
1402         bne     2f
1403         mfspr   r3,SPRN_HDEC
1404         EXTEND_HDEC(r3)
1405         cmpdi   r3,0
1406         mr      r4,r9
1407         bge     fast_guest_return
1408 2:
1409         /* See if this is an hcall we can handle in real mode */
1410         cmpwi   r12,BOOK3S_INTERRUPT_SYSCALL
1411         beq     hcall_try_real_mode
1412 
1413         /* Hypervisor doorbell - exit only if host IPI flag set */
1414         cmpwi   r12, BOOK3S_INTERRUPT_H_DOORBELL
1415         bne     3f
1416 BEGIN_FTR_SECTION
1417         PPC_MSGSYNC
1418         lwsync
1419         /* always exit if we're running a nested guest */
1420         ld      r0, VCPU_NESTED(r9)
1421         cmpdi   r0, 0
1422         bne     guest_exit_cont
1423 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300)
1424         lbz     r0, HSTATE_HOST_IPI(r13)
1425         cmpwi   r0, 0
1426         beq     maybe_reenter_guest
1427         b       guest_exit_cont
1428 3:
1429         /* If it's a hypervisor facility unavailable interrupt, save HFSCR */
1430         cmpwi   r12, BOOK3S_INTERRUPT_H_FAC_UNAVAIL
1431         bne     14f
1432         mfspr   r3, SPRN_HFSCR
1433         std     r3, VCPU_HFSCR(r9)
1434         b       guest_exit_cont
1435 14:
1436         /* External interrupt ? */
1437         cmpwi   r12, BOOK3S_INTERRUPT_EXTERNAL
1438         beq     kvmppc_guest_external
1439         /* See if it is a machine check */
1440         cmpwi   r12, BOOK3S_INTERRUPT_MACHINE_CHECK
1441         beq     machine_check_realmode
1442         /* Or a hypervisor maintenance interrupt */
1443         cmpwi   r12, BOOK3S_INTERRUPT_HMI
1444         beq     hmi_realmode
1445 
1446 guest_exit_cont:                /* r9 = vcpu, r12 = trap, r13 = paca */
1447 
1448 #ifdef CONFIG_KVM_BOOK3S_HV_EXIT_TIMING
1449         addi    r3, r9, VCPU_TB_RMEXIT
1450         mr      r4, r9
1451         bl      kvmhv_accumulate_time
1452 #endif
1453 #ifdef CONFIG_KVM_XICS
1454         /* We are exiting, pull the VP from the XIVE */
1455         lbz     r0, VCPU_XIVE_PUSHED(r9)
1456         cmpwi   cr0, r0, 0
1457         beq     1f
1458         li      r7, TM_SPC_PULL_OS_CTX
1459         li      r6, TM_QW1_OS
1460         mfmsr   r0
1461         andi.   r0, r0, MSR_DR          /* in real mode? */
1462         beq     2f
1463         ld      r10, HSTATE_XIVE_TIMA_VIRT(r13)
1464         cmpldi  cr0, r10, 0
1465         beq     1f
1466         /* First load to pull the context, we ignore the value */
1467         eieio
1468         lwzx    r11, r7, r10
1469         /* Second load to recover the context state (Words 0 and 1) */
1470         ldx     r11, r6, r10
1471         b       3f
1472 2:      ld      r10, HSTATE_XIVE_TIMA_PHYS(r13)
1473         cmpldi  cr0, r10, 0
1474         beq     1f
1475         /* First load to pull the context, we ignore the value */
1476         eieio
1477         lwzcix  r11, r7, r10
1478         /* Second load to recover the context state (Words 0 and 1) */
1479         ldcix   r11, r6, r10
1480 3:      std     r11, VCPU_XIVE_SAVED_STATE(r9)
1481         /* Fixup some of the state for the next load */
1482         li      r10, 0
1483         li      r0, 0xff
1484         stb     r10, VCPU_XIVE_PUSHED(r9)
1485         stb     r10, (VCPU_XIVE_SAVED_STATE+3)(r9)
1486         stb     r0, (VCPU_XIVE_SAVED_STATE+4)(r9)
1487         eieio
1488 1:
1489 #endif /* CONFIG_KVM_XICS */
1490 
1491         /*
1492          * Possibly flush the link stack here, before we do a blr in
1493          * guest_exit_short_path.
1494          */
1495 1:      nop
1496         patch_site 1b patch__call_kvm_flush_link_stack
1497 
1498         /* If we came in through the P9 short path, go back out to C now */
1499         lwz     r0, STACK_SLOT_SHORT_PATH(r1)
1500         cmpwi   r0, 0
1501         bne     guest_exit_short_path
1502 
1503         /* For hash guest, read the guest SLB and save it away */
1504         ld      r5, VCPU_KVM(r9)
1505         lbz     r0, KVM_RADIX(r5)
1506         li      r5, 0
1507         cmpwi   r0, 0
1508         bne     3f                      /* for radix, save 0 entries */
1509         lwz     r0,VCPU_SLB_NR(r9)      /* number of entries in SLB */
1510         mtctr   r0
1511         li      r6,0
1512         addi    r7,r9,VCPU_SLB
1513 1:      slbmfee r8,r6
1514         andis.  r0,r8,SLB_ESID_V@h
1515         beq     2f
1516         add     r8,r8,r6                /* put index in */
1517         slbmfev r3,r6
1518         std     r8,VCPU_SLB_E(r7)
1519         std     r3,VCPU_SLB_V(r7)
1520         addi    r7,r7,VCPU_SLB_SIZE
1521         addi    r5,r5,1
1522 2:      addi    r6,r6,1
1523         bdnz    1b
1524         /* Finally clear out the SLB */
1525         li      r0,0
1526         slbmte  r0,r0
1527         slbia
1528         ptesync
1529 3:      stw     r5,VCPU_SLB_MAX(r9)
1530 
1531         /* load host SLB entries */
1532 BEGIN_MMU_FTR_SECTION
1533         b       0f
1534 END_MMU_FTR_SECTION_IFSET(MMU_FTR_TYPE_RADIX)
1535         ld      r8,PACA_SLBSHADOWPTR(r13)
1536 
1537         .rept   SLB_NUM_BOLTED
1538         li      r3, SLBSHADOW_SAVEAREA
1539         LDX_BE  r5, r8, r3
1540         addi    r3, r3, 8
1541         LDX_BE  r6, r8, r3
1542         andis.  r7,r5,SLB_ESID_V@h
1543         beq     1f
1544         slbmte  r6,r5
1545 1:      addi    r8,r8,16
1546         .endr
1547 0:
1548 
1549 guest_bypass:
1550         stw     r12, STACK_SLOT_TRAP(r1)
1551 
1552         /* Save DEC */
1553         /* Do this before kvmhv_commence_exit so we know TB is guest TB */
1554         ld      r3, HSTATE_KVM_VCORE(r13)
1555         mfspr   r5,SPRN_DEC
1556         mftb    r6
1557         /* On P9, if the guest has large decr enabled, don't sign extend */
1558 BEGIN_FTR_SECTION
1559         ld      r4, VCORE_LPCR(r3)
1560         andis.  r4, r4, LPCR_LD@h
1561         bne     16f
1562 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300)
1563         extsw   r5,r5
1564 16:     add     r5,r5,r6
1565         /* r5 is a guest timebase value here, convert to host TB */
1566         ld      r4,VCORE_TB_OFFSET_APPL(r3)
1567         subf    r5,r4,r5
1568         std     r5,VCPU_DEC_EXPIRES(r9)
1569 
1570         /* Increment exit count, poke other threads to exit */
1571         mr      r3, r12
1572         bl      kvmhv_commence_exit
1573         nop
1574         ld      r9, HSTATE_KVM_VCPU(r13)
1575 
1576         /* Stop others sending VCPU interrupts to this physical CPU */
1577         li      r0, -1
1578         stw     r0, VCPU_CPU(r9)
1579         stw     r0, VCPU_THREAD_CPU(r9)
1580 
1581         /* Save guest CTRL register, set runlatch to 1 */
1582         mfspr   r6,SPRN_CTRLF
1583         stw     r6,VCPU_CTRL(r9)
1584         andi.   r0,r6,1
1585         bne     4f
1586         ori     r6,r6,1
1587         mtspr   SPRN_CTRLT,r6
1588 4:
1589         /*
1590          * Save the guest PURR/SPURR
1591          */
1592         mfspr   r5,SPRN_PURR
1593         mfspr   r6,SPRN_SPURR
1594         ld      r7,VCPU_PURR(r9)
1595         ld      r8,VCPU_SPURR(r9)
1596         std     r5,VCPU_PURR(r9)
1597         std     r6,VCPU_SPURR(r9)
1598         subf    r5,r7,r5
1599         subf    r6,r8,r6
1600 
1601         /*
1602          * Restore host PURR/SPURR and add guest times
1603          * so that the time in the guest gets accounted.
1604          */
1605         ld      r3,HSTATE_PURR(r13)
1606         ld      r4,HSTATE_SPURR(r13)
1607         add     r3,r3,r5
1608         add     r4,r4,r6
1609         mtspr   SPRN_PURR,r3
1610         mtspr   SPRN_SPURR,r4
1611 
1612 BEGIN_FTR_SECTION
1613         b       8f
1614 END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
1615         /* Save POWER8-specific registers */
1616         mfspr   r5, SPRN_IAMR
1617         mfspr   r6, SPRN_PSPB
1618         mfspr   r7, SPRN_FSCR
1619         std     r5, VCPU_IAMR(r9)
1620         stw     r6, VCPU_PSPB(r9)
1621         std     r7, VCPU_FSCR(r9)
1622         mfspr   r5, SPRN_IC
1623         mfspr   r7, SPRN_TAR
1624         std     r5, VCPU_IC(r9)
1625         std     r7, VCPU_TAR(r9)
1626         mfspr   r8, SPRN_EBBHR
1627         std     r8, VCPU_EBBHR(r9)
1628         mfspr   r5, SPRN_EBBRR
1629         mfspr   r6, SPRN_BESCR
1630         mfspr   r7, SPRN_PID
1631         mfspr   r8, SPRN_WORT
1632         std     r5, VCPU_EBBRR(r9)
1633         std     r6, VCPU_BESCR(r9)
1634         stw     r7, VCPU_GUEST_PID(r9)
1635         std     r8, VCPU_WORT(r9)
1636 BEGIN_FTR_SECTION
1637         mfspr   r5, SPRN_TCSCR
1638         mfspr   r6, SPRN_ACOP
1639         mfspr   r7, SPRN_CSIGR
1640         mfspr   r8, SPRN_TACR
1641         std     r5, VCPU_TCSCR(r9)
1642         std     r6, VCPU_ACOP(r9)
1643         std     r7, VCPU_CSIGR(r9)
1644         std     r8, VCPU_TACR(r9)
1645 FTR_SECTION_ELSE
1646         mfspr   r5, SPRN_TIDR
1647         mfspr   r6, SPRN_PSSCR
1648         std     r5, VCPU_TID(r9)
1649         rldicl  r6, r6, 4, 50           /* r6 &= PSSCR_GUEST_VIS */
1650         rotldi  r6, r6, 60
1651         std     r6, VCPU_PSSCR(r9)
1652         /* Restore host HFSCR value */
1653         ld      r7, STACK_SLOT_HFSCR(r1)
1654         mtspr   SPRN_HFSCR, r7
1655 ALT_FTR_SECTION_END_IFCLR(CPU_FTR_ARCH_300)
1656         /*
1657          * Restore various registers to 0, where non-zero values
1658          * set by the guest could disrupt the host.
1659          */
1660         li      r0, 0
1661         mtspr   SPRN_PSPB, r0
1662         mtspr   SPRN_WORT, r0
1663 BEGIN_FTR_SECTION
1664         mtspr   SPRN_TCSCR, r0
1665         /* Set MMCRS to 1<<31 to freeze and disable the SPMC counters */
1666         li      r0, 1
1667         sldi    r0, r0, 31
1668         mtspr   SPRN_MMCRS, r0
1669 END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_300)
1670 
1671         /* Save and restore AMR, IAMR and UAMOR before turning on the MMU */
1672         ld      r8, STACK_SLOT_IAMR(r1)
1673         mtspr   SPRN_IAMR, r8
1674 
1675 8:      /* Power7 jumps back in here */
1676         mfspr   r5,SPRN_AMR
1677         mfspr   r6,SPRN_UAMOR
1678         std     r5,VCPU_AMR(r9)
1679         std     r6,VCPU_UAMOR(r9)
1680         ld      r5,STACK_SLOT_AMR(r1)
1681         ld      r6,STACK_SLOT_UAMOR(r1)
1682         mtspr   SPRN_AMR, r5
1683         mtspr   SPRN_UAMOR, r6
1684 
1685         /* Switch DSCR back to host value */
1686         mfspr   r8, SPRN_DSCR
1687         ld      r7, HSTATE_DSCR(r13)
1688         std     r8, VCPU_DSCR(r9)
1689         mtspr   SPRN_DSCR, r7
1690 
1691         /* Save non-volatile GPRs */
1692         std     r14, VCPU_GPR(R14)(r9)
1693         std     r15, VCPU_GPR(R15)(r9)
1694         std     r16, VCPU_GPR(R16)(r9)
1695         std     r17, VCPU_GPR(R17)(r9)
1696         std     r18, VCPU_GPR(R18)(r9)
1697         std     r19, VCPU_GPR(R19)(r9)
1698         std     r20, VCPU_GPR(R20)(r9)
1699         std     r21, VCPU_GPR(R21)(r9)
1700         std     r22, VCPU_GPR(R22)(r9)
1701         std     r23, VCPU_GPR(R23)(r9)
1702         std     r24, VCPU_GPR(R24)(r9)
1703         std     r25, VCPU_GPR(R25)(r9)
1704         std     r26, VCPU_GPR(R26)(r9)
1705         std     r27, VCPU_GPR(R27)(r9)
1706         std     r28, VCPU_GPR(R28)(r9)
1707         std     r29, VCPU_GPR(R29)(r9)
1708         std     r30, VCPU_GPR(R30)(r9)
1709         std     r31, VCPU_GPR(R31)(r9)
1710 
1711         /* Save SPRGs */
1712         mfspr   r3, SPRN_SPRG0
1713         mfspr   r4, SPRN_SPRG1
1714         mfspr   r5, SPRN_SPRG2
1715         mfspr   r6, SPRN_SPRG3
1716         std     r3, VCPU_SPRG0(r9)
1717         std     r4, VCPU_SPRG1(r9)
1718         std     r5, VCPU_SPRG2(r9)
1719         std     r6, VCPU_SPRG3(r9)
1720 
1721         /* save FP state */
1722         mr      r3, r9
1723         bl      kvmppc_save_fp
1724 
1725 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
1726 /*
1727  * Branch around the call if both CPU_FTR_TM and
1728  * CPU_FTR_P9_TM_HV_ASSIST are off.
1729  */
1730 BEGIN_FTR_SECTION
1731         b       91f
1732 END_FTR_SECTION(CPU_FTR_TM | CPU_FTR_P9_TM_HV_ASSIST, 0)
1733         /*
1734          * NOTE THAT THIS TRASHES ALL NON-VOLATILE REGISTERS (but not CR)
1735          */
1736         mr      r3, r9
1737         ld      r4, VCPU_MSR(r3)
1738         li      r5, 0                   /* don't preserve non-vol regs */
1739         bl      kvmppc_save_tm_hv
1740         nop
1741         ld      r9, HSTATE_KVM_VCPU(r13)
1742 91:
1743 #endif
1744 
1745         /* Increment yield count if they have a VPA */
1746         ld      r8, VCPU_VPA(r9)        /* do they have a VPA? */
1747         cmpdi   r8, 0
1748         beq     25f
1749         li      r4, LPPACA_YIELDCOUNT
1750         LWZX_BE r3, r8, r4
1751         addi    r3, r3, 1
1752         STWX_BE r3, r8, r4
1753         li      r3, 1
1754         stb     r3, VCPU_VPA_DIRTY(r9)
1755 25:
1756         /* Save PMU registers if requested */
1757         /* r8 and cr0.eq are live here */
1758         mr      r3, r9
1759         li      r4, 1
1760         beq     21f                     /* if no VPA, save PMU stuff anyway */
1761         lbz     r4, LPPACA_PMCINUSE(r8)
1762 21:     bl      kvmhv_save_guest_pmu
1763         ld      r9, HSTATE_KVM_VCPU(r13)
1764 
1765         /* Restore host values of some registers */
1766 BEGIN_FTR_SECTION
1767         ld      r5, STACK_SLOT_CIABR(r1)
1768         ld      r6, STACK_SLOT_DAWR(r1)
1769         ld      r7, STACK_SLOT_DAWRX(r1)
1770         mtspr   SPRN_CIABR, r5
1771         /*
1772          * If the DAWR doesn't work, it's ok to write these here as
1773          * this value should always be zero
1774         */
1775         mtspr   SPRN_DAWR, r6
1776         mtspr   SPRN_DAWRX, r7
1777 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
1778 BEGIN_FTR_SECTION
1779         ld      r5, STACK_SLOT_TID(r1)
1780         ld      r6, STACK_SLOT_PSSCR(r1)
1781         ld      r7, STACK_SLOT_PID(r1)
1782         mtspr   SPRN_TIDR, r5
1783         mtspr   SPRN_PSSCR, r6
1784         mtspr   SPRN_PID, r7
1785 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300)
1786 
1787 #ifdef CONFIG_PPC_RADIX_MMU
1788         /*
1789          * Are we running hash or radix ?
1790          */
1791         ld      r5, VCPU_KVM(r9)
1792         lbz     r0, KVM_RADIX(r5)
1793         cmpwi   cr2, r0, 0
1794         beq     cr2, 2f
1795 
1796         /*
1797          * Radix: do eieio; tlbsync; ptesync sequence in case we
1798          * interrupted the guest between a tlbie and a ptesync.
1799          */
1800         eieio
1801         tlbsync
1802         ptesync
1803 
1804         /* Radix: Handle the case where the guest used an illegal PID */
1805         LOAD_REG_ADDR(r4, mmu_base_pid)
1806         lwz     r3, VCPU_GUEST_PID(r9)
1807         lwz     r5, 0(r4)
1808         cmpw    cr0,r3,r5
1809         blt     2f
1810 
1811         /*
1812          * Illegal PID, the HW might have prefetched and cached in the TLB
1813          * some translations for the  LPID 0 / guest PID combination which
1814          * Linux doesn't know about, so we need to flush that PID out of
1815          * the TLB. First we need to set LPIDR to 0 so tlbiel applies to
1816          * the right context.
1817         */
1818         li      r0,0
1819         mtspr   SPRN_LPID,r0
1820         isync
1821 
1822         /* Then do a congruence class local flush */
1823         ld      r6,VCPU_KVM(r9)
1824         lwz     r0,KVM_TLB_SETS(r6)
1825         mtctr   r0
1826         li      r7,0x400                /* IS field = 0b01 */
1827         ptesync
1828         sldi    r0,r3,32                /* RS has PID */
1829 1:      PPC_TLBIEL(7,0,2,1,1)           /* RIC=2, PRS=1, R=1 */
1830         addi    r7,r7,0x1000
1831         bdnz    1b
1832         ptesync
1833 
1834 2:
1835 #endif /* CONFIG_PPC_RADIX_MMU */
1836 
1837         /*
1838          * POWER7/POWER8 guest -> host partition switch code.
1839          * We don't have to lock against tlbies but we do
1840          * have to coordinate the hardware threads.
1841          * Here STACK_SLOT_TRAP(r1) contains the trap number.
1842          */
1843 kvmhv_switch_to_host:
1844         /* Secondary threads wait for primary to do partition switch */
1845         ld      r5,HSTATE_KVM_VCORE(r13)
1846         ld      r4,VCORE_KVM(r5)        /* pointer to struct kvm */
1847         lbz     r3,HSTATE_PTID(r13)
1848         cmpwi   r3,0
1849         beq     15f
1850         HMT_LOW
1851 13:     lbz     r3,VCORE_IN_GUEST(r5)
1852         cmpwi   r3,0
1853         bne     13b
1854         HMT_MEDIUM
1855         b       16f
1856 
1857         /* Primary thread waits for all the secondaries to exit guest */
1858 15:     lwz     r3,VCORE_ENTRY_EXIT(r5)
1859         rlwinm  r0,r3,32-8,0xff
1860         clrldi  r3,r3,56
1861         cmpw    r3,r0
1862         bne     15b
1863         isync
1864 
1865         /* Did we actually switch to the guest at all? */
1866         lbz     r6, VCORE_IN_GUEST(r5)
1867         cmpwi   r6, 0
1868         beq     19f
1869 
1870         /* Primary thread switches back to host partition */
1871         lwz     r7,KVM_HOST_LPID(r4)
1872 BEGIN_FTR_SECTION
1873         ld      r6,KVM_HOST_SDR1(r4)
1874         li      r8,LPID_RSVD            /* switch to reserved LPID */
1875         mtspr   SPRN_LPID,r8
1876         ptesync
1877         mtspr   SPRN_SDR1,r6            /* switch to host page table */
1878 END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_300)
1879         mtspr   SPRN_LPID,r7
1880         isync
1881 
1882 BEGIN_FTR_SECTION
1883         /* DPDES and VTB are shared between threads */
1884         mfspr   r7, SPRN_DPDES
1885         mfspr   r8, SPRN_VTB
1886         std     r7, VCORE_DPDES(r5)
1887         std     r8, VCORE_VTB(r5)
1888         /* clear DPDES so we don't get guest doorbells in the host */
1889         li      r8, 0
1890         mtspr   SPRN_DPDES, r8
1891 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
1892 
1893         /* Subtract timebase offset from timebase */
1894         ld      r8, VCORE_TB_OFFSET_APPL(r5)
1895         cmpdi   r8,0
1896         beq     17f
1897         li      r0, 0
1898         std     r0, VCORE_TB_OFFSET_APPL(r5)
1899         mftb    r6                      /* current guest timebase */
1900         subf    r8,r8,r6
1901         mtspr   SPRN_TBU40,r8           /* update upper 40 bits */
1902         mftb    r7                      /* check if lower 24 bits overflowed */
1903         clrldi  r6,r6,40
1904         clrldi  r7,r7,40
1905         cmpld   r7,r6
1906         bge     17f
1907         addis   r8,r8,0x100             /* if so, increment upper 40 bits */
1908         mtspr   SPRN_TBU40,r8
1909 
1910 17:
1911         /*
1912          * If this is an HMI, we called kvmppc_realmode_hmi_handler
1913          * above, which may or may not have already called
1914          * kvmppc_subcore_exit_guest.  Fortunately, all that
1915          * kvmppc_subcore_exit_guest does is clear a flag, so calling
1916          * it again here is benign even if kvmppc_realmode_hmi_handler
1917          * has already called it.
1918          */
1919         bl      kvmppc_subcore_exit_guest
1920         nop
1921 30:     ld      r5,HSTATE_KVM_VCORE(r13)
1922         ld      r4,VCORE_KVM(r5)        /* pointer to struct kvm */
1923 
1924         /* Reset PCR */
1925         ld      r0, VCORE_PCR(r5)
1926         LOAD_REG_IMMEDIATE(r6, PCR_MASK)
1927         cmpld   r0, r6
1928         beq     18f
1929         mtspr   SPRN_PCR, r6
1930 18:
1931         /* Signal secondary CPUs to continue */
1932         li      r0, 0
1933         stb     r0,VCORE_IN_GUEST(r5)
1934 19:     lis     r8,0x7fff               /* MAX_INT@h */
1935         mtspr   SPRN_HDEC,r8
1936 
1937 16:
1938 BEGIN_FTR_SECTION
1939         /* On POWER9 with HPT-on-radix we need to wait for all other threads */
1940         ld      r3, HSTATE_SPLIT_MODE(r13)
1941         cmpdi   r3, 0
1942         beq     47f
1943         lwz     r8, KVM_SPLIT_DO_RESTORE(r3)
1944         cmpwi   r8, 0
1945         beq     47f
1946         bl      kvmhv_p9_restore_lpcr
1947         nop
1948         b       48f
1949 47:
1950 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300)
1951         ld      r8,KVM_HOST_LPCR(r4)
1952         mtspr   SPRN_LPCR,r8
1953         isync
1954 48:
1955 #ifdef CONFIG_KVM_BOOK3S_HV_EXIT_TIMING
1956         /* Finish timing, if we have a vcpu */
1957         ld      r4, HSTATE_KVM_VCPU(r13)
1958         cmpdi   r4, 0
1959         li      r3, 0
1960         beq     2f
1961         bl      kvmhv_accumulate_time
1962 2:
1963 #endif
1964         /* Unset guest mode */
1965         li      r0, KVM_GUEST_MODE_NONE
1966         stb     r0, HSTATE_IN_GUEST(r13)
1967 
1968         lwz     r12, STACK_SLOT_TRAP(r1)        /* return trap # in r12 */
1969         ld      r0, SFS+PPC_LR_STKOFF(r1)
1970         addi    r1, r1, SFS
1971         mtlr    r0
1972         blr
1973 
1974 .balign 32
1975 .global kvm_flush_link_stack
1976 kvm_flush_link_stack:
1977         /* Save LR into r0 */
1978         mflr    r0
1979 
1980         /* Flush the link stack. On Power8 it's up to 32 entries in size. */
1981         .rept 32
1982         bl      .+4
1983         .endr
1984 
1985         /* And on Power9 it's up to 64. */
1986 BEGIN_FTR_SECTION
1987         .rept 32
1988         bl      .+4
1989         .endr
1990 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300)
1991 
1992         /* Restore LR */
1993         mtlr    r0
1994         blr
1995 
1996 kvmppc_guest_external:
1997         /* External interrupt, first check for host_ipi. If this is
1998          * set, we know the host wants us out so let's do it now
1999          */
2000         bl      kvmppc_read_intr
2001 
2002         /*
2003          * Restore the active volatile registers after returning from
2004          * a C function.
2005          */
2006         ld      r9, HSTATE_KVM_VCPU(r13)
2007         li      r12, BOOK3S_INTERRUPT_EXTERNAL
2008 
2009         /*
2010          * kvmppc_read_intr return codes:
2011          *
2012          * Exit to host (r3 > 0)
2013          *   1 An interrupt is pending that needs to be handled by the host
2014          *     Exit guest and return to host by branching to guest_exit_cont
2015          *
2016          *   2 Passthrough that needs completion in the host
2017          *     Exit guest and return to host by branching to guest_exit_cont
2018          *     However, we also set r12 to BOOK3S_INTERRUPT_HV_RM_HARD
2019          *     to indicate to the host to complete handling the interrupt
2020          *
2021          * Before returning to guest, we check if any CPU is heading out
2022          * to the host and if so, we head out also. If no CPUs are heading
2023          * check return values <= 0.
2024          *
2025          * Return to guest (r3 <= 0)
2026          *  0 No external interrupt is pending
2027          * -1 A guest wakeup IPI (which has now been cleared)
2028          *    In either case, we return to guest to deliver any pending
2029          *    guest interrupts.
2030          *
2031          * -2 A PCI passthrough external interrupt was handled
2032          *    (interrupt was delivered directly to guest)
2033          *    Return to guest to deliver any pending guest interrupts.
2034          */
2035 
2036         cmpdi   r3, 1
2037         ble     1f
2038 
2039         /* Return code = 2 */
2040         li      r12, BOOK3S_INTERRUPT_HV_RM_HARD
2041         stw     r12, VCPU_TRAP(r9)
2042         b       guest_exit_cont
2043 
2044 1:      /* Return code <= 1 */
2045         cmpdi   r3, 0
2046         bgt     guest_exit_cont
2047 
2048         /* Return code <= 0 */
2049 maybe_reenter_guest:
2050         ld      r5, HSTATE_KVM_VCORE(r13)
2051         lwz     r0, VCORE_ENTRY_EXIT(r5)
2052         cmpwi   r0, 0x100
2053         mr      r4, r9
2054         blt     deliver_guest_interrupt
2055         b       guest_exit_cont
2056 
2057 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
2058 /*
2059  * Softpatch interrupt for transactional memory emulation cases
2060  * on POWER9 DD2.2.  This is early in the guest exit path - we
2061  * haven't saved registers or done a treclaim yet.
2062  */
2063 kvmppc_tm_emul:
2064         /* Save instruction image in HEIR */
2065         mfspr   r3, SPRN_HEIR
2066         stw     r3, VCPU_HEIR(r9)
2067 
2068         /*
2069          * The cases we want to handle here are those where the guest
2070          * is in real suspend mode and is trying to transition to
2071          * transactional mode.
2072          */
2073         lbz     r0, HSTATE_FAKE_SUSPEND(r13)
2074         cmpwi   r0, 0           /* keep exiting guest if in fake suspend */
2075         bne     guest_exit_cont
2076         rldicl  r3, r11, 64 - MSR_TS_S_LG, 62
2077         cmpwi   r3, 1           /* or if not in suspend state */
2078         bne     guest_exit_cont
2079 
2080         /* Call C code to do the emulation */
2081         mr      r3, r9
2082         bl      kvmhv_p9_tm_emulation_early
2083         nop
2084         ld      r9, HSTATE_KVM_VCPU(r13)
2085         li      r12, BOOK3S_INTERRUPT_HV_SOFTPATCH
2086         cmpwi   r3, 0
2087         beq     guest_exit_cont         /* continue exiting if not handled */
2088         ld      r10, VCPU_PC(r9)
2089         ld      r11, VCPU_MSR(r9)
2090         b       fast_interrupt_c_return /* go back to guest if handled */
2091 #endif /* CONFIG_PPC_TRANSACTIONAL_MEM */
2092 
2093 /*
2094  * Check whether an HDSI is an HPTE not found fault or something else.
2095  * If it is an HPTE not found fault that is due to the guest accessing
2096  * a page that they have mapped but which we have paged out, then
2097  * we continue on with the guest exit path.  In all other cases,
2098  * reflect the HDSI to the guest as a DSI.
2099  */
2100 kvmppc_hdsi:
2101         ld      r3, VCPU_KVM(r9)
2102         lbz     r0, KVM_RADIX(r3)
2103         mfspr   r4, SPRN_HDAR
2104         mfspr   r6, SPRN_HDSISR
2105 BEGIN_FTR_SECTION
2106         /* Look for DSISR canary. If we find it, retry instruction */
2107         cmpdi   r6, 0x7fff
2108         beq     6f
2109 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300)
2110         cmpwi   r0, 0
2111         bne     .Lradix_hdsi            /* on radix, just save DAR/DSISR/ASDR */
2112         /* HPTE not found fault or protection fault? */
2113         andis.  r0, r6, (DSISR_NOHPTE | DSISR_PROTFAULT)@h
2114         beq     1f                      /* if not, send it to the guest */
2115         andi.   r0, r11, MSR_DR         /* data relocation enabled? */
2116         beq     3f
2117 BEGIN_FTR_SECTION
2118         mfspr   r5, SPRN_ASDR           /* on POWER9, use ASDR to get VSID */
2119         b       4f
2120 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300)
2121         clrrdi  r0, r4, 28
2122         PPC_SLBFEE_DOT(R5, R0)          /* if so, look up SLB */
2123         li      r0, BOOK3S_INTERRUPT_DATA_SEGMENT
2124         bne     7f                      /* if no SLB entry found */
2125 4:      std     r4, VCPU_FAULT_DAR(r9)
2126         stw     r6, VCPU_FAULT_DSISR(r9)
2127 
2128         /* Search the hash table. */
2129         mr      r3, r9                  /* vcpu pointer */
2130         li      r7, 1                   /* data fault */
2131         bl      kvmppc_hpte_hv_fault
2132         ld      r9, HSTATE_KVM_VCPU(r13)
2133         ld      r10, VCPU_PC(r9)
2134         ld      r11, VCPU_MSR(r9)
2135         li      r12, BOOK3S_INTERRUPT_H_DATA_STORAGE
2136         cmpdi   r3, 0                   /* retry the instruction */
2137         beq     6f
2138         cmpdi   r3, -1                  /* handle in kernel mode */
2139         beq     guest_exit_cont
2140         cmpdi   r3, -2                  /* MMIO emulation; need instr word */
2141         beq     2f
2142 
2143         /* Synthesize a DSI (or DSegI) for the guest */
2144         ld      r4, VCPU_FAULT_DAR(r9)
2145         mr      r6, r3
2146 1:      li      r0, BOOK3S_INTERRUPT_DATA_STORAGE
2147         mtspr   SPRN_DSISR, r6
2148 7:      mtspr   SPRN_DAR, r4
2149         mtspr   SPRN_SRR0, r10
2150         mtspr   SPRN_SRR1, r11
2151         mr      r10, r0
2152         bl      kvmppc_msr_interrupt
2153 fast_interrupt_c_return:
2154 6:      ld      r7, VCPU_CTR(r9)
2155         ld      r8, VCPU_XER(r9)
2156         mtctr   r7
2157         mtxer   r8
2158         mr      r4, r9
2159         b       fast_guest_return
2160 
2161 3:      ld      r5, VCPU_KVM(r9)        /* not relocated, use VRMA */
2162         ld      r5, KVM_VRMA_SLB_V(r5)
2163         b       4b
2164 
2165         /* If this is for emulated MMIO, load the instruction word */
2166 2:      li      r8, KVM_INST_FETCH_FAILED       /* In case lwz faults */
2167 
2168         /* Set guest mode to 'jump over instruction' so if lwz faults
2169          * we'll just continue at the next IP. */
2170         li      r0, KVM_GUEST_MODE_SKIP
2171         stb     r0, HSTATE_IN_GUEST(r13)
2172 
2173         /* Do the access with MSR:DR enabled */
2174         mfmsr   r3
2175         ori     r4, r3, MSR_DR          /* Enable paging for data */
2176         mtmsrd  r4
2177         lwz     r8, 0(r10)
2178         mtmsrd  r3
2179 
2180         /* Store the result */
2181         stw     r8, VCPU_LAST_INST(r9)
2182 
2183         /* Unset guest mode. */
2184         li      r0, KVM_GUEST_MODE_HOST_HV
2185         stb     r0, HSTATE_IN_GUEST(r13)
2186         b       guest_exit_cont
2187 
2188 .Lradix_hdsi:
2189         std     r4, VCPU_FAULT_DAR(r9)
2190         stw     r6, VCPU_FAULT_DSISR(r9)
2191 .Lradix_hisi:
2192         mfspr   r5, SPRN_ASDR
2193         std     r5, VCPU_FAULT_GPA(r9)
2194         b       guest_exit_cont
2195 
2196 /*
2197  * Similarly for an HISI, reflect it to the guest as an ISI unless
2198  * it is an HPTE not found fault for a page that we have paged out.
2199  */
2200 kvmppc_hisi:
2201         ld      r3, VCPU_KVM(r9)
2202         lbz     r0, KVM_RADIX(r3)
2203         cmpwi   r0, 0
2204         bne     .Lradix_hisi            /* for radix, just save ASDR */
2205         andis.  r0, r11, SRR1_ISI_NOPT@h
2206         beq     1f
2207         andi.   r0, r11, MSR_IR         /* instruction relocation enabled? */
2208         beq     3f
2209 BEGIN_FTR_SECTION
2210         mfspr   r5, SPRN_ASDR           /* on POWER9, use ASDR to get VSID */
2211         b       4f
2212 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300)
2213         clrrdi  r0, r10, 28
2214         PPC_SLBFEE_DOT(R5, R0)          /* if so, look up SLB */
2215         li      r0, BOOK3S_INTERRUPT_INST_SEGMENT
2216         bne     7f                      /* if no SLB entry found */
2217 4:
2218         /* Search the hash table. */
2219         mr      r3, r9                  /* vcpu pointer */
2220         mr      r4, r10
2221         mr      r6, r11
2222         li      r7, 0                   /* instruction fault */
2223         bl      kvmppc_hpte_hv_fault
2224         ld      r9, HSTATE_KVM_VCPU(r13)
2225         ld      r10, VCPU_PC(r9)
2226         ld      r11, VCPU_MSR(r9)
2227         li      r12, BOOK3S_INTERRUPT_H_INST_STORAGE
2228         cmpdi   r3, 0                   /* retry the instruction */
2229         beq     fast_interrupt_c_return
2230         cmpdi   r3, -1                  /* handle in kernel mode */
2231         beq     guest_exit_cont
2232 
2233         /* Synthesize an ISI (or ISegI) for the guest */
2234         mr      r11, r3
2235 1:      li      r0, BOOK3S_INTERRUPT_INST_STORAGE
2236 7:      mtspr   SPRN_SRR0, r10
2237         mtspr   SPRN_SRR1, r11
2238         mr      r10, r0
2239         bl      kvmppc_msr_interrupt
2240         b       fast_interrupt_c_return
2241 
2242 3:      ld      r6, VCPU_KVM(r9)        /* not relocated, use VRMA */
2243         ld      r5, KVM_VRMA_SLB_V(r6)
2244         b       4b
2245 
2246 /*
2247  * Try to handle an hcall in real mode.
2248  * Returns to the guest if we handle it, or continues on up to
2249  * the kernel if we can't (i.e. if we don't have a handler for
2250  * it, or if the handler returns H_TOO_HARD).
2251  *
2252  * r5 - r8 contain hcall args,
2253  * r9 = vcpu, r10 = pc, r11 = msr, r12 = trap, r13 = paca
2254  */
2255 hcall_try_real_mode:
2256         ld      r3,VCPU_GPR(R3)(r9)
2257         andi.   r0,r11,MSR_PR
2258         /* sc 1 from userspace - reflect to guest syscall */
2259         bne     sc_1_fast_return
2260         /* sc 1 from nested guest - give it to L1 to handle */
2261         ld      r0, VCPU_NESTED(r9)
2262         cmpdi   r0, 0
2263         bne     guest_exit_cont
2264         clrrdi  r3,r3,2
2265         cmpldi  r3,hcall_real_table_end - hcall_real_table
2266         bge     guest_exit_cont
2267         /* See if this hcall is enabled for in-kernel handling */
2268         ld      r4, VCPU_KVM(r9)
2269         srdi    r0, r3, 8       /* r0 = (r3 / 4) >> 6 */
2270         sldi    r0, r0, 3       /* index into kvm->arch.enabled_hcalls[] */
2271         add     r4, r4, r0
2272         ld      r0, KVM_ENABLED_HCALLS(r4)
2273         rlwinm  r4, r3, 32-2, 0x3f      /* r4 = (r3 / 4) & 0x3f */
2274         srd     r0, r0, r4
2275         andi.   r0, r0, 1
2276         beq     guest_exit_cont
2277         /* Get pointer to handler, if any, and call it */
2278         LOAD_REG_ADDR(r4, hcall_real_table)
2279         lwax    r3,r3,r4
2280         cmpwi   r3,0
2281         beq     guest_exit_cont
2282         add     r12,r3,r4
2283         mtctr   r12
2284         mr      r3,r9           /* get vcpu pointer */
2285         ld      r4,VCPU_GPR(R4)(r9)
2286         bctrl
2287         cmpdi   r3,H_TOO_HARD
2288         beq     hcall_real_fallback
2289         ld      r4,HSTATE_KVM_VCPU(r13)
2290         std     r3,VCPU_GPR(R3)(r4)
2291         ld      r10,VCPU_PC(r4)
2292         ld      r11,VCPU_MSR(r4)
2293         b       fast_guest_return
2294 
2295 sc_1_fast_return:
2296         mtspr   SPRN_SRR0,r10
2297         mtspr   SPRN_SRR1,r11
2298         li      r10, BOOK3S_INTERRUPT_SYSCALL
2299         bl      kvmppc_msr_interrupt
2300         mr      r4,r9
2301         b       fast_guest_return
2302 
2303         /* We've attempted a real mode hcall, but it's punted it back
2304          * to userspace.  We need to restore some clobbered volatiles
2305          * before resuming the pass-it-to-qemu path */
2306 hcall_real_fallback:
2307         li      r12,BOOK3S_INTERRUPT_SYSCALL
2308         ld      r9, HSTATE_KVM_VCPU(r13)
2309 
2310         b       guest_exit_cont
2311 
2312         .globl  hcall_real_table
2313 hcall_real_table:
2314         .long   0               /* 0 - unused */
2315         .long   DOTSYM(kvmppc_h_remove) - hcall_real_table
2316         .long   DOTSYM(kvmppc_h_enter) - hcall_real_table
2317         .long   DOTSYM(kvmppc_h_read) - hcall_real_table
2318         .long   DOTSYM(kvmppc_h_clear_mod) - hcall_real_table
2319         .long   DOTSYM(kvmppc_h_clear_ref) - hcall_real_table
2320         .long   DOTSYM(kvmppc_h_protect) - hcall_real_table
2321 #ifdef CONFIG_SPAPR_TCE_IOMMU
2322         .long   DOTSYM(kvmppc_h_get_tce) - hcall_real_table
2323         .long   DOTSYM(kvmppc_rm_h_put_tce) - hcall_real_table
2324 #else
2325         .long   0               /* 0x1c */
2326         .long   0               /* 0x20 */
2327 #endif
2328         .long   0               /* 0x24 - H_SET_SPRG0 */
2329         .long   DOTSYM(kvmppc_h_set_dabr) - hcall_real_table
2330         .long   DOTSYM(kvmppc_rm_h_page_init) - hcall_real_table
2331         .long   0               /* 0x30 */
2332         .long   0               /* 0x34 */
2333         .long   0               /* 0x38 */
2334         .long   0               /* 0x3c */
2335         .long   0               /* 0x40 */
2336         .long   0               /* 0x44 */
2337         .long   0               /* 0x48 */
2338         .long   0               /* 0x4c */
2339         .long   0               /* 0x50 */
2340         .long   0               /* 0x54 */
2341         .long   0               /* 0x58 */
2342         .long   0               /* 0x5c */
2343         .long   0               /* 0x60 */
2344 #ifdef CONFIG_KVM_XICS
2345         .long   DOTSYM(kvmppc_rm_h_eoi) - hcall_real_table
2346         .long   DOTSYM(kvmppc_rm_h_cppr) - hcall_real_table
2347         .long   DOTSYM(kvmppc_rm_h_ipi) - hcall_real_table
2348         .long   DOTSYM(kvmppc_rm_h_ipoll) - hcall_real_table
2349         .long   DOTSYM(kvmppc_rm_h_xirr) - hcall_real_table
2350 #else
2351         .long   0               /* 0x64 - H_EOI */
2352         .long   0               /* 0x68 - H_CPPR */
2353         .long   0               /* 0x6c - H_IPI */
2354         .long   0               /* 0x70 - H_IPOLL */
2355         .long   0               /* 0x74 - H_XIRR */
2356 #endif
2357         .long   0               /* 0x78 */
2358         .long   0               /* 0x7c */
2359         .long   0               /* 0x80 */
2360         .long   0               /* 0x84 */
2361         .long   0               /* 0x88 */
2362         .long   0               /* 0x8c */
2363         .long   0               /* 0x90 */
2364         .long   0               /* 0x94 */
2365         .long   0               /* 0x98 */
2366         .long   0               /* 0x9c */
2367         .long   0               /* 0xa0 */
2368         .long   0               /* 0xa4 */
2369         .long   0               /* 0xa8 */
2370         .long   0               /* 0xac */
2371         .long   0               /* 0xb0 */
2372         .long   0               /* 0xb4 */
2373         .long   0               /* 0xb8 */
2374         .long   0               /* 0xbc */
2375         .long   0               /* 0xc0 */
2376         .long   0               /* 0xc4 */
2377         .long   0               /* 0xc8 */
2378         .long   0               /* 0xcc */
2379         .long   0               /* 0xd0 */
2380         .long   0               /* 0xd4 */
2381         .long   0               /* 0xd8 */
2382         .long   0               /* 0xdc */
2383         .long   DOTSYM(kvmppc_h_cede) - hcall_real_table
2384         .long   DOTSYM(kvmppc_rm_h_confer) - hcall_real_table
2385         .long   0               /* 0xe8 */
2386         .long   0               /* 0xec */
2387         .long   0               /* 0xf0 */
2388         .long   0               /* 0xf4 */
2389         .long   0               /* 0xf8 */
2390         .long   0               /* 0xfc */
2391         .long   0               /* 0x100 */
2392         .long   0               /* 0x104 */
2393         .long   0               /* 0x108 */
2394         .long   0               /* 0x10c */
2395         .long   0               /* 0x110 */
2396         .long   0               /* 0x114 */
2397         .long   0               /* 0x118 */
2398         .long   0               /* 0x11c */
2399         .long   0               /* 0x120 */
2400         .long   DOTSYM(kvmppc_h_bulk_remove) - hcall_real_table
2401         .long   0               /* 0x128 */
2402         .long   0               /* 0x12c */
2403         .long   0               /* 0x130 */
2404         .long   DOTSYM(kvmppc_h_set_xdabr) - hcall_real_table
2405 #ifdef CONFIG_SPAPR_TCE_IOMMU
2406         .long   DOTSYM(kvmppc_rm_h_stuff_tce) - hcall_real_table
2407         .long   DOTSYM(kvmppc_rm_h_put_tce_indirect) - hcall_real_table
2408 #else
2409         .long   0               /* 0x138 */
2410         .long   0               /* 0x13c */
2411 #endif
2412         .long   0               /* 0x140 */
2413         .long   0               /* 0x144 */
2414         .long   0               /* 0x148 */
2415         .long   0               /* 0x14c */
2416         .long   0               /* 0x150 */
2417         .long   0               /* 0x154 */
2418         .long   0               /* 0x158 */
2419         .long   0               /* 0x15c */
2420         .long   0               /* 0x160 */
2421         .long   0               /* 0x164 */
2422         .long   0               /* 0x168 */
2423         .long   0               /* 0x16c */
2424         .long   0               /* 0x170 */
2425         .long   0               /* 0x174 */
2426         .long   0               /* 0x178 */
2427         .long   0               /* 0x17c */
2428         .long   0               /* 0x180 */
2429         .long   0               /* 0x184 */
2430         .long   0               /* 0x188 */
2431         .long   0               /* 0x18c */
2432         .long   0               /* 0x190 */
2433         .long   0               /* 0x194 */
2434         .long   0               /* 0x198 */
2435         .long   0               /* 0x19c */
2436         .long   0               /* 0x1a0 */
2437         .long   0               /* 0x1a4 */
2438         .long   0               /* 0x1a8 */
2439         .long   0               /* 0x1ac */
2440         .long   0               /* 0x1b0 */
2441         .long   0               /* 0x1b4 */
2442         .long   0               /* 0x1b8 */
2443         .long   0               /* 0x1bc */
2444         .long   0               /* 0x1c0 */
2445         .long   0               /* 0x1c4 */
2446         .long   0               /* 0x1c8 */
2447         .long   0               /* 0x1cc */
2448         .long   0               /* 0x1d0 */
2449         .long   0               /* 0x1d4 */
2450         .long   0               /* 0x1d8 */
2451         .long   0               /* 0x1dc */
2452         .long   0               /* 0x1e0 */
2453         .long   0               /* 0x1e4 */
2454         .long   0               /* 0x1e8 */
2455         .long   0               /* 0x1ec */
2456         .long   0               /* 0x1f0 */
2457         .long   0               /* 0x1f4 */
2458         .long   0               /* 0x1f8 */
2459         .long   0               /* 0x1fc */
2460         .long   0               /* 0x200 */
2461         .long   0               /* 0x204 */
2462         .long   0               /* 0x208 */
2463         .long   0               /* 0x20c */
2464         .long   0               /* 0x210 */
2465         .long   0               /* 0x214 */
2466         .long   0               /* 0x218 */
2467         .long   0               /* 0x21c */
2468         .long   0               /* 0x220 */
2469         .long   0               /* 0x224 */
2470         .long   0               /* 0x228 */
2471         .long   0               /* 0x22c */
2472         .long   0               /* 0x230 */
2473         .long   0               /* 0x234 */
2474         .long   0               /* 0x238 */
2475         .long   0               /* 0x23c */
2476         .long   0               /* 0x240 */
2477         .long   0               /* 0x244 */
2478         .long   0               /* 0x248 */
2479         .long   0               /* 0x24c */
2480         .long   0               /* 0x250 */
2481         .long   0               /* 0x254 */
2482         .long   0               /* 0x258 */
2483         .long   0               /* 0x25c */
2484         .long   0               /* 0x260 */
2485         .long   0               /* 0x264 */
2486         .long   0               /* 0x268 */
2487         .long   0               /* 0x26c */
2488         .long   0               /* 0x270 */
2489         .long   0               /* 0x274 */
2490         .long   0               /* 0x278 */
2491         .long   0               /* 0x27c */
2492         .long   0               /* 0x280 */
2493         .long   0               /* 0x284 */
2494         .long   0               /* 0x288 */
2495         .long   0               /* 0x28c */
2496         .long   0               /* 0x290 */
2497         .long   0               /* 0x294 */
2498         .long   0               /* 0x298 */
2499         .long   0               /* 0x29c */
2500         .long   0               /* 0x2a0 */
2501         .long   0               /* 0x2a4 */
2502         .long   0               /* 0x2a8 */
2503         .long   0               /* 0x2ac */
2504         .long   0               /* 0x2b0 */
2505         .long   0               /* 0x2b4 */
2506         .long   0               /* 0x2b8 */
2507         .long   0               /* 0x2bc */
2508         .long   0               /* 0x2c0 */
2509         .long   0               /* 0x2c4 */
2510         .long   0               /* 0x2c8 */
2511         .long   0               /* 0x2cc */
2512         .long   0               /* 0x2d0 */
2513         .long   0               /* 0x2d4 */
2514         .long   0               /* 0x2d8 */
2515         .long   0               /* 0x2dc */
2516         .long   0               /* 0x2e0 */
2517         .long   0               /* 0x2e4 */
2518         .long   0               /* 0x2e8 */
2519         .long   0               /* 0x2ec */
2520         .long   0               /* 0x2f0 */
2521         .long   0               /* 0x2f4 */
2522         .long   0               /* 0x2f8 */
2523 #ifdef CONFIG_KVM_XICS
2524         .long   DOTSYM(kvmppc_rm_h_xirr_x) - hcall_real_table
2525 #else
2526         .long   0               /* 0x2fc - H_XIRR_X*/
2527 #endif
2528         .long   DOTSYM(kvmppc_h_random) - hcall_real_table
2529         .globl  hcall_real_table_end
2530 hcall_real_table_end:
2531 
2532 _GLOBAL(kvmppc_h_set_xdabr)
2533 EXPORT_SYMBOL_GPL(kvmppc_h_set_xdabr)
2534         andi.   r0, r5, DABRX_USER | DABRX_KERNEL
2535         beq     6f
2536         li      r0, DABRX_USER | DABRX_KERNEL | DABRX_BTI
2537         andc.   r0, r5, r0
2538         beq     3f
2539 6:      li      r3, H_PARAMETER
2540         blr
2541 
2542 _GLOBAL(kvmppc_h_set_dabr)
2543 EXPORT_SYMBOL_GPL(kvmppc_h_set_dabr)
2544         li      r5, DABRX_USER | DABRX_KERNEL
2545 3:
2546 BEGIN_FTR_SECTION
2547         b       2f
2548 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
2549         std     r4,VCPU_DABR(r3)
2550         stw     r5, VCPU_DABRX(r3)
2551         mtspr   SPRN_DABRX, r5
2552         /* Work around P7 bug where DABR can get corrupted on mtspr */
2553 1:      mtspr   SPRN_DABR,r4
2554         mfspr   r5, SPRN_DABR
2555         cmpd    r4, r5
2556         bne     1b
2557         isync
2558         li      r3,0
2559         blr
2560 
2561 2:
2562         LOAD_REG_ADDR(r11, dawr_force_enable)
2563         lbz     r11, 0(r11)
2564         cmpdi   r11, 0
2565         bne     3f
2566         li      r3, H_HARDWARE
2567         blr
2568 3:
2569         /* Emulate H_SET_DABR/X on P8 for the sake of compat mode guests */
2570         rlwimi  r5, r4, 5, DAWRX_DR | DAWRX_DW
2571         rlwimi  r5, r4, 2, DAWRX_WT
2572         clrrdi  r4, r4, 3
2573         std     r4, VCPU_DAWR(r3)
2574         std     r5, VCPU_DAWRX(r3)
2575         /*
2576          * If came in through the real mode hcall handler then it is necessary
2577          * to write the registers since the return path won't. Otherwise it is
2578          * sufficient to store then in the vcpu struct as they will be loaded
2579          * next time the vcpu is run.
2580          */
2581         mfmsr   r6
2582         andi.   r6, r6, MSR_DR          /* in real mode? */
2583         bne     4f
2584         mtspr   SPRN_DAWR, r4
2585         mtspr   SPRN_DAWRX, r5
2586 4:      li      r3, 0
2587         blr
2588 
2589 _GLOBAL(kvmppc_h_cede)          /* r3 = vcpu pointer, r11 = msr, r13 = paca */
2590         ori     r11,r11,MSR_EE
2591         std     r11,VCPU_MSR(r3)
2592         li      r0,1
2593         stb     r0,VCPU_CEDED(r3)
2594         sync                    /* order setting ceded vs. testing prodded */
2595         lbz     r5,VCPU_PRODDED(r3)
2596         cmpwi   r5,0
2597         bne     kvm_cede_prodded
2598         li      r12,0           /* set trap to 0 to say hcall is handled */
2599         stw     r12,VCPU_TRAP(r3)
2600         li      r0,H_SUCCESS
2601         std     r0,VCPU_GPR(R3)(r3)
2602 
2603         /*
2604          * Set our bit in the bitmask of napping threads unless all the
2605          * other threads are already napping, in which case we send this
2606          * up to the host.
2607          */
2608         ld      r5,HSTATE_KVM_VCORE(r13)
2609         lbz     r6,HSTATE_PTID(r13)
2610         lwz     r8,VCORE_ENTRY_EXIT(r5)
2611         clrldi  r8,r8,56
2612         li      r0,1
2613         sld     r0,r0,r6
2614         addi    r6,r5,VCORE_NAPPING_THREADS
2615 31:     lwarx   r4,0,r6
2616         or      r4,r4,r0
2617         cmpw    r4,r8
2618         beq     kvm_cede_exit
2619         stwcx.  r4,0,r6
2620         bne     31b
2621         /* order napping_threads update vs testing entry_exit_map */
2622         isync
2623         li      r0,NAPPING_CEDE
2624         stb     r0,HSTATE_NAPPING(r13)
2625         lwz     r7,VCORE_ENTRY_EXIT(r5)
2626         cmpwi   r7,0x100
2627         bge     33f             /* another thread already exiting */
2628 
2629 /*
2630  * Although not specifically required by the architecture, POWER7
2631  * preserves the following registers in nap mode, even if an SMT mode
2632  * switch occurs: SLB entries, PURR, SPURR, AMOR, UAMOR, AMR, SPRG0-3,
2633  * DAR, DSISR, DABR, DABRX, DSCR, PMCx, MMCRx, SIAR, SDAR.
2634  */
2635         /* Save non-volatile GPRs */
2636         std     r14, VCPU_GPR(R14)(r3)
2637         std     r15, VCPU_GPR(R15)(r3)
2638         std     r16, VCPU_GPR(R16)(r3)
2639         std     r17, VCPU_GPR(R17)(r3)
2640         std     r18, VCPU_GPR(R18)(r3)
2641         std     r19, VCPU_GPR(R19)(r3)
2642         std     r20, VCPU_GPR(R20)(r3)
2643         std     r21, VCPU_GPR(R21)(r3)
2644         std     r22, VCPU_GPR(R22)(r3)
2645         std     r23, VCPU_GPR(R23)(r3)
2646         std     r24, VCPU_GPR(R24)(r3)
2647         std     r25, VCPU_GPR(R25)(r3)
2648         std     r26, VCPU_GPR(R26)(r3)
2649         std     r27, VCPU_GPR(R27)(r3)
2650         std     r28, VCPU_GPR(R28)(r3)
2651         std     r29, VCPU_GPR(R29)(r3)
2652         std     r30, VCPU_GPR(R30)(r3)
2653         std     r31, VCPU_GPR(R31)(r3)
2654 
2655         /* save FP state */
2656         bl      kvmppc_save_fp
2657 
2658 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
2659 /*
2660  * Branch around the call if both CPU_FTR_TM and
2661  * CPU_FTR_P9_TM_HV_ASSIST are off.
2662  */
2663 BEGIN_FTR_SECTION
2664         b       91f
2665 END_FTR_SECTION(CPU_FTR_TM | CPU_FTR_P9_TM_HV_ASSIST, 0)
2666         /*
2667          * NOTE THAT THIS TRASHES ALL NON-VOLATILE REGISTERS (but not CR)
2668          */
2669         ld      r3, HSTATE_KVM_VCPU(r13)
2670         ld      r4, VCPU_MSR(r3)
2671         li      r5, 0                   /* don't preserve non-vol regs */
2672         bl      kvmppc_save_tm_hv
2673         nop
2674 91:
2675 #endif
2676 
2677         /*
2678          * Set DEC to the smaller of DEC and HDEC, so that we wake
2679          * no later than the end of our timeslice (HDEC interrupts
2680          * don't wake us from nap).
2681          */
2682         mfspr   r3, SPRN_DEC
2683         mfspr   r4, SPRN_HDEC
2684         mftb    r5
2685 BEGIN_FTR_SECTION
2686         /* On P9 check whether the guest has large decrementer mode enabled */
2687         ld      r6, HSTATE_KVM_VCORE(r13)
2688         ld      r6, VCORE_LPCR(r6)
2689         andis.  r6, r6, LPCR_LD@h
2690         bne     68f
2691 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300)
2692         extsw   r3, r3
2693 68:     EXTEND_HDEC(r4)
2694         cmpd    r3, r4
2695         ble     67f
2696         mtspr   SPRN_DEC, r4
2697 67:
2698         /* save expiry time of guest decrementer */
2699         add     r3, r3, r5
2700         ld      r4, HSTATE_KVM_VCPU(r13)
2701         ld      r5, HSTATE_KVM_VCORE(r13)
2702         ld      r6, VCORE_TB_OFFSET_APPL(r5)
2703         subf    r3, r6, r3      /* convert to host TB value */
2704         std     r3, VCPU_DEC_EXPIRES(r4)
2705 
2706 #ifdef CONFIG_KVM_BOOK3S_HV_EXIT_TIMING
2707         ld      r4, HSTATE_KVM_VCPU(r13)
2708         addi    r3, r4, VCPU_TB_CEDE
2709         bl      kvmhv_accumulate_time
2710 #endif
2711 
2712         lis     r3, LPCR_PECEDP@h       /* Do wake on privileged doorbell */
2713 
2714         /* Go back to host stack */
2715         ld      r1, HSTATE_HOST_R1(r13)
2716 
2717         /*
2718          * Take a nap until a decrementer or external or doobell interrupt
2719          * occurs, with PECE1 and PECE0 set in LPCR.
2720          * On POWER8, set PECEDH, and if we are ceding, also set PECEDP.
2721          * Also clear the runlatch bit before napping.
2722          */
2723 kvm_do_nap:
2724         mfspr   r0, SPRN_CTRLF
2725         clrrdi  r0, r0, 1
2726         mtspr   SPRN_CTRLT, r0
2727 
2728         li      r0,1
2729         stb     r0,HSTATE_HWTHREAD_REQ(r13)
2730         mfspr   r5,SPRN_LPCR
2731         ori     r5,r5,LPCR_PECE0 | LPCR_PECE1
2732 BEGIN_FTR_SECTION
2733         ori     r5, r5, LPCR_PECEDH
2734         rlwimi  r5, r3, 0, LPCR_PECEDP
2735 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
2736 
2737 kvm_nap_sequence:               /* desired LPCR value in r5 */
2738 BEGIN_FTR_SECTION
2739         /*
2740          * PSSCR bits:  exit criterion = 1 (wakeup based on LPCR at sreset)
2741          *              enable state loss = 1 (allow SMT mode switch)
2742          *              requested level = 0 (just stop dispatching)
2743          */
2744         lis     r3, (PSSCR_EC | PSSCR_ESL)@h
2745         /* Set LPCR_PECE_HVEE bit to enable wakeup by HV interrupts */
2746         li      r4, LPCR_PECE_HVEE@higher
2747         sldi    r4, r4, 32
2748         or      r5, r5, r4
2749 FTR_SECTION_ELSE
2750         li      r3, PNV_THREAD_NAP
2751 ALT_FTR_SECTION_END_IFSET(CPU_FTR_ARCH_300)
2752         mtspr   SPRN_LPCR,r5
2753         isync
2754 
2755 BEGIN_FTR_SECTION
2756         bl      isa300_idle_stop_mayloss
2757 FTR_SECTION_ELSE
2758         bl      isa206_idle_insn_mayloss
2759 ALT_FTR_SECTION_END_IFSET(CPU_FTR_ARCH_300)
2760 
2761         mfspr   r0, SPRN_CTRLF
2762         ori     r0, r0, 1
2763         mtspr   SPRN_CTRLT, r0
2764 
2765         mtspr   SPRN_SRR1, r3
2766 
2767         li      r0, 0
2768         stb     r0, PACA_FTRACE_ENABLED(r13)
2769 
2770         li      r0, KVM_HWTHREAD_IN_KVM
2771         stb     r0, HSTATE_HWTHREAD_STATE(r13)
2772 
2773         lbz     r0, HSTATE_NAPPING(r13)
2774         cmpwi   r0, NAPPING_CEDE
2775         beq     kvm_end_cede
2776         cmpwi   r0, NAPPING_NOVCPU
2777         beq     kvm_novcpu_wakeup
2778         cmpwi   r0, NAPPING_UNSPLIT
2779         beq     kvm_unsplit_wakeup
2780         twi     31,0,0 /* Nap state must not be zero */
2781 
2782 33:     mr      r4, r3
2783         li      r3, 0
2784         li      r12, 0
2785         b       34f
2786 
2787 kvm_end_cede:
2788         /* Woken by external or decrementer interrupt */
2789 
2790         /* get vcpu pointer */
2791         ld      r4, HSTATE_KVM_VCPU(r13)
2792 
2793 #ifdef CONFIG_KVM_BOOK3S_HV_EXIT_TIMING
2794         addi    r3, r4, VCPU_TB_RMINTR
2795         bl      kvmhv_accumulate_time
2796 #endif
2797 
2798 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
2799 /*
2800  * Branch around the call if both CPU_FTR_TM and
2801  * CPU_FTR_P9_TM_HV_ASSIST are off.
2802  */
2803 BEGIN_FTR_SECTION
2804         b       91f
2805 END_FTR_SECTION(CPU_FTR_TM | CPU_FTR_P9_TM_HV_ASSIST, 0)
2806         /*
2807          * NOTE THAT THIS TRASHES ALL NON-VOLATILE REGISTERS (but not CR)
2808          */
2809         mr      r3, r4
2810         ld      r4, VCPU_MSR(r3)
2811         li      r5, 0                   /* don't preserve non-vol regs */
2812         bl      kvmppc_restore_tm_hv
2813         nop
2814         ld      r4, HSTATE_KVM_VCPU(r13)
2815 91:
2816 #endif
2817 
2818         /* load up FP state */
2819         bl      kvmppc_load_fp
2820 
2821         /* Restore guest decrementer */
2822         ld      r3, VCPU_DEC_EXPIRES(r4)
2823         ld      r5, HSTATE_KVM_VCORE(r13)
2824         ld      r6, VCORE_TB_OFFSET_APPL(r5)
2825         add     r3, r3, r6      /* convert host TB to guest TB value */
2826         mftb    r7
2827         subf    r3, r7, r3
2828         mtspr   SPRN_DEC, r3
2829 
2830         /* Load NV GPRS */
2831         ld      r14, VCPU_GPR(R14)(r4)
2832         ld      r15, VCPU_GPR(R15)(r4)
2833         ld      r16, VCPU_GPR(R16)(r4)
2834         ld      r17, VCPU_GPR(R17)(r4)
2835         ld      r18, VCPU_GPR(R18)(r4)
2836         ld      r19, VCPU_GPR(R19)(r4)
2837         ld      r20, VCPU_GPR(R20)(r4)
2838         ld      r21, VCPU_GPR(R21)(r4)
2839         ld      r22, VCPU_GPR(R22)(r4)
2840         ld      r23, VCPU_GPR(R23)(r4)
2841         ld      r24, VCPU_GPR(R24)(r4)
2842         ld      r25, VCPU_GPR(R25)(r4)
2843         ld      r26, VCPU_GPR(R26)(r4)
2844         ld      r27, VCPU_GPR(R27)(r4)
2845         ld      r28, VCPU_GPR(R28)(r4)
2846         ld      r29, VCPU_GPR(R29)(r4)
2847         ld      r30, VCPU_GPR(R30)(r4)
2848         ld      r31, VCPU_GPR(R31)(r4)
2849 
2850         /* Check the wake reason in SRR1 to see why we got here */
2851         bl      kvmppc_check_wake_reason
2852 
2853         /*
2854          * Restore volatile registers since we could have called a
2855          * C routine in kvmppc_check_wake_reason
2856          *      r4 = VCPU
2857          * r3 tells us whether we need to return to host or not
2858          * WARNING: it gets checked further down:
2859          * should not modify r3 until this check is done.
2860          */
2861         ld      r4, HSTATE_KVM_VCPU(r13)
2862 
2863         /* clear our bit in vcore->napping_threads */
2864 34:     ld      r5,HSTATE_KVM_VCORE(r13)
2865         lbz     r7,HSTATE_PTID(r13)
2866         li      r0,1
2867         sld     r0,r0,r7
2868         addi    r6,r5,VCORE_NAPPING_THREADS
2869 32:     lwarx   r7,0,r6
2870         andc    r7,r7,r0
2871         stwcx.  r7,0,r6
2872         bne     32b
2873         li      r0,0
2874         stb     r0,HSTATE_NAPPING(r13)
2875 
2876         /* See if the wake reason saved in r3 means we need to exit */
2877         stw     r12, VCPU_TRAP(r4)
2878         mr      r9, r4
2879         cmpdi   r3, 0
2880         bgt     guest_exit_cont
2881         b       maybe_reenter_guest
2882 
2883         /* cede when already previously prodded case */
2884 kvm_cede_prodded:
2885         li      r0,0
2886         stb     r0,VCPU_PRODDED(r3)
2887         sync                    /* order testing prodded vs. clearing ceded */
2888         stb     r0,VCPU_CEDED(r3)
2889         li      r3,H_SUCCESS
2890         blr
2891 
2892         /* we've ceded but we want to give control to the host */
2893 kvm_cede_exit:
2894         ld      r9, HSTATE_KVM_VCPU(r13)
2895 #ifdef CONFIG_KVM_XICS
2896         /* are we using XIVE with single escalation? */
2897         ld      r10, VCPU_XIVE_ESC_VADDR(r9)
2898         cmpdi   r10, 0
2899         beq     3f
2900         li      r6, XIVE_ESB_SET_PQ_00
2901         /*
2902          * If we still have a pending escalation, abort the cede,
2903          * and we must set PQ to 10 rather than 00 so that we don't
2904          * potentially end up with two entries for the escalation
2905          * interrupt in the XIVE interrupt queue.  In that case
2906          * we also don't want to set xive_esc_on to 1 here in
2907          * case we race with xive_esc_irq().
2908          */
2909         lbz     r5, VCPU_XIVE_ESC_ON(r9)
2910         cmpwi   r5, 0
2911         beq     4f
2912         li      r0, 0
2913         stb     r0, VCPU_CEDED(r9)
2914         li      r6, XIVE_ESB_SET_PQ_10
2915         b       5f
2916 4:      li      r0, 1
2917         stb     r0, VCPU_XIVE_ESC_ON(r9)
2918         /* make sure store to xive_esc_on is seen before xive_esc_irq runs */
2919         sync
2920 5:      /* Enable XIVE escalation */
2921         mfmsr   r0
2922         andi.   r0, r0, MSR_DR          /* in real mode? */
2923         beq     1f
2924         ldx     r0, r10, r6
2925         b       2f
2926 1:      ld      r10, VCPU_XIVE_ESC_RADDR(r9)
2927         ldcix   r0, r10, r6
2928 2:      sync
2929 #endif /* CONFIG_KVM_XICS */
2930 3:      b       guest_exit_cont
2931 
2932         /* Try to do machine check recovery in real mode */
2933 machine_check_realmode:
2934         mr      r3, r9          /* get vcpu pointer */
2935         bl      kvmppc_realmode_machine_check
2936         nop
2937         /* all machine checks go to virtual mode for further handling */
2938         ld      r9, HSTATE_KVM_VCPU(r13)
2939         li      r12, BOOK3S_INTERRUPT_MACHINE_CHECK
2940         b       guest_exit_cont
2941 
2942 /*
2943  * Call C code to handle a HMI in real mode.
2944  * Only the primary thread does the call, secondary threads are handled
2945  * by calling hmi_exception_realmode() after kvmppc_hv_entry returns.
2946  * r9 points to the vcpu on entry
2947  */
2948 hmi_realmode:
2949         lbz     r0, HSTATE_PTID(r13)
2950         cmpwi   r0, 0
2951         bne     guest_exit_cont
2952         bl      kvmppc_realmode_hmi_handler
2953         ld      r9, HSTATE_KVM_VCPU(r13)
2954         li      r12, BOOK3S_INTERRUPT_HMI
2955         b       guest_exit_cont
2956 
2957 /*
2958  * Check the reason we woke from nap, and take appropriate action.
2959  * Returns (in r3):
2960  *      0 if nothing needs to be done
2961  *      1 if something happened that needs to be handled by the host
2962  *      -1 if there was a guest wakeup (IPI or msgsnd)
2963  *      -2 if we handled a PCI passthrough interrupt (returned by
2964  *              kvmppc_read_intr only)
2965  *
2966  * Also sets r12 to the interrupt vector for any interrupt that needs
2967  * to be handled now by the host (0x500 for external interrupt), or zero.
2968  * Modifies all volatile registers (since it may call a C function).
2969  * This routine calls kvmppc_read_intr, a C function, if an external
2970  * interrupt is pending.
2971  */
2972 kvmppc_check_wake_reason:
2973         mfspr   r6, SPRN_SRR1
2974 BEGIN_FTR_SECTION
2975         rlwinm  r6, r6, 45-31, 0xf      /* extract wake reason field (P8) */
2976 FTR_SECTION_ELSE
2977         rlwinm  r6, r6, 45-31, 0xe      /* P7 wake reason field is 3 bits */
2978 ALT_FTR_SECTION_END_IFSET(CPU_FTR_ARCH_207S)
2979         cmpwi   r6, 8                   /* was it an external interrupt? */
2980         beq     7f                      /* if so, see what it was */
2981         li      r3, 0
2982         li      r12, 0
2983         cmpwi   r6, 6                   /* was it the decrementer? */
2984         beq     0f
2985 BEGIN_FTR_SECTION
2986         cmpwi   r6, 5                   /* privileged doorbell? */
2987         beq     0f
2988         cmpwi   r6, 3                   /* hypervisor doorbell? */
2989         beq     3f
2990 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
2991         cmpwi   r6, 0xa                 /* Hypervisor maintenance ? */
2992         beq     4f
2993         li      r3, 1                   /* anything else, return 1 */
2994 0:      blr
2995 
2996         /* hypervisor doorbell */
2997 3:      li      r12, BOOK3S_INTERRUPT_H_DOORBELL
2998 
2999         /*
3000          * Clear the doorbell as we will invoke the handler
3001          * explicitly in the guest exit path.
3002          */
3003         lis     r6, (PPC_DBELL_SERVER << (63-36))@h
3004         PPC_MSGCLR(6)
3005         /* see if it's a host IPI */
3006         li      r3, 1
3007 BEGIN_FTR_SECTION
3008         PPC_MSGSYNC
3009         lwsync
3010 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300)
3011         lbz     r0, HSTATE_HOST_IPI(r13)
3012         cmpwi   r0, 0
3013         bnelr
3014         /* if not, return -1 */
3015         li      r3, -1
3016         blr
3017 
3018         /* Woken up due to Hypervisor maintenance interrupt */
3019 4:      li      r12, BOOK3S_INTERRUPT_HMI
3020         li      r3, 1
3021         blr
3022 
3023         /* external interrupt - create a stack frame so we can call C */
3024 7:      mflr    r0
3025         std     r0, PPC_LR_STKOFF(r1)
3026         stdu    r1, -PPC_MIN_STKFRM(r1)
3027         bl      kvmppc_read_intr
3028         nop
3029         li      r12, BOOK3S_INTERRUPT_EXTERNAL
3030         cmpdi   r3, 1
3031         ble     1f
3032 
3033         /*
3034          * Return code of 2 means PCI passthrough interrupt, but
3035          * we need to return back to host to complete handling the
3036          * interrupt. Trap reason is expected in r12 by guest
3037          * exit code.
3038          */
3039         li      r12, BOOK3S_INTERRUPT_HV_RM_HARD
3040 1:
3041         ld      r0, PPC_MIN_STKFRM+PPC_LR_STKOFF(r1)
3042         addi    r1, r1, PPC_MIN_STKFRM
3043         mtlr    r0
3044         blr
3045 
3046 /*
3047  * Save away FP, VMX and VSX registers.
3048  * r3 = vcpu pointer
3049  * N.B. r30 and r31 are volatile across this function,
3050  * thus it is not callable from C.
3051  */
3052 kvmppc_save_fp:
3053         mflr    r30
3054         mr      r31,r3
3055         mfmsr   r5
3056         ori     r8,r5,MSR_FP
3057 #ifdef CONFIG_ALTIVEC
3058 BEGIN_FTR_SECTION
3059         oris    r8,r8,MSR_VEC@h
3060 END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
3061 #endif
3062 #ifdef CONFIG_VSX
3063 BEGIN_FTR_SECTION
3064         oris    r8,r8,MSR_VSX@h
3065 END_FTR_SECTION_IFSET(CPU_FTR_VSX)
3066 #endif
3067         mtmsrd  r8
3068         addi    r3,r3,VCPU_FPRS
3069         bl      store_fp_state
3070 #ifdef CONFIG_ALTIVEC
3071 BEGIN_FTR_SECTION
3072         addi    r3,r31,VCPU_VRS
3073         bl      store_vr_state
3074 END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
3075 #endif
3076         mfspr   r6,SPRN_VRSAVE
3077         stw     r6,VCPU_VRSAVE(r31)
3078         mtlr    r30
3079         blr
3080 
3081 /*
3082  * Load up FP, VMX and VSX registers
3083  * r4 = vcpu pointer
3084  * N.B. r30 and r31 are volatile across this function,
3085  * thus it is not callable from C.
3086  */
3087 kvmppc_load_fp:
3088         mflr    r30
3089         mr      r31,r4
3090         mfmsr   r9
3091         ori     r8,r9,MSR_FP
3092 #ifdef CONFIG_ALTIVEC
3093 BEGIN_FTR_SECTION
3094         oris    r8,r8,MSR_VEC@h
3095 END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
3096 #endif
3097 #ifdef CONFIG_VSX
3098 BEGIN_FTR_SECTION
3099         oris    r8,r8,MSR_VSX@h
3100 END_FTR_SECTION_IFSET(CPU_FTR_VSX)
3101 #endif
3102         mtmsrd  r8
3103         addi    r3,r4,VCPU_FPRS
3104         bl      load_fp_state
3105 #ifdef CONFIG_ALTIVEC
3106 BEGIN_FTR_SECTION
3107         addi    r3,r31,VCPU_VRS
3108         bl      load_vr_state
3109 END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
3110 #endif
3111         lwz     r7,VCPU_VRSAVE(r31)
3112         mtspr   SPRN_VRSAVE,r7
3113         mtlr    r30
3114         mr      r4,r31
3115         blr
3116 
3117 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
3118 /*
3119  * Save transactional state and TM-related registers.
3120  * Called with r3 pointing to the vcpu struct and r4 containing
3121  * the guest MSR value.
3122  * r5 is non-zero iff non-volatile register state needs to be maintained.
3123  * If r5 == 0, this can modify all checkpointed registers, but
3124  * restores r1 and r2 before exit.
3125  */
3126 _GLOBAL_TOC(kvmppc_save_tm_hv)
3127 EXPORT_SYMBOL_GPL(kvmppc_save_tm_hv)
3128         /* See if we need to handle fake suspend mode */
3129 BEGIN_FTR_SECTION
3130         b       __kvmppc_save_tm
3131 END_FTR_SECTION_IFCLR(CPU_FTR_P9_TM_HV_ASSIST)
3132 
3133         lbz     r0, HSTATE_FAKE_SUSPEND(r13) /* Were we fake suspended? */
3134         cmpwi   r0, 0
3135         beq     __kvmppc_save_tm
3136 
3137         /* The following code handles the fake_suspend = 1 case */
3138         mflr    r0
3139         std     r0, PPC_LR_STKOFF(r1)
3140         stdu    r1, -PPC_MIN_STKFRM(r1)
3141 
3142         /* Turn on TM. */
3143         mfmsr   r8
3144         li      r0, 1
3145         rldimi  r8, r0, MSR_TM_LG, 63-MSR_TM_LG
3146         mtmsrd  r8
3147 
3148         rldicl. r8, r8, 64 - MSR_TS_S_LG, 62 /* Did we actually hrfid? */
3149         beq     4f
3150 BEGIN_FTR_SECTION
3151         bl      pnv_power9_force_smt4_catch
3152 END_FTR_SECTION_IFSET(CPU_FTR_P9_TM_XER_SO_BUG)
3153         nop
3154 
3155         /* We have to treclaim here because that's the only way to do S->N */
3156         li      r3, TM_CAUSE_KVM_RESCHED
3157         TRECLAIM(R3)
3158 
3159         /*
3160          * We were in fake suspend, so we are not going to save the
3161          * register state as the guest checkpointed state (since
3162          * we already have it), therefore we can now use any volatile GPR.
3163          * In fact treclaim in fake suspend state doesn't modify
3164          * any registers.
3165          */
3166 
3167 BEGIN_FTR_SECTION
3168         bl      pnv_power9_force_smt4_release
3169 END_FTR_SECTION_IFSET(CPU_FTR_P9_TM_XER_SO_BUG)
3170         nop
3171 
3172 4:
3173         mfspr   r3, SPRN_PSSCR
3174         /* PSSCR_FAKE_SUSPEND is a write-only bit, but clear it anyway */
3175         li      r0, PSSCR_FAKE_SUSPEND
3176         andc    r3, r3, r0
3177         mtspr   SPRN_PSSCR, r3
3178 
3179         /* Don't save TEXASR, use value from last exit in real suspend state */
3180         ld      r9, HSTATE_KVM_VCPU(r13)
3181         mfspr   r5, SPRN_TFHAR
3182         mfspr   r6, SPRN_TFIAR
3183         std     r5, VCPU_TFHAR(r9)
3184         std     r6, VCPU_TFIAR(r9)
3185 
3186         addi    r1, r1, PPC_MIN_STKFRM
3187         ld      r0, PPC_LR_STKOFF(r1)
3188         mtlr    r0
3189         blr
3190 
3191 /*
3192  * Restore transactional state and TM-related registers.
3193  * Called with r3 pointing to the vcpu struct
3194  * and r4 containing the guest MSR value.
3195  * r5 is non-zero iff non-volatile register state needs to be maintained.
3196  * This potentially modifies all checkpointed registers.
3197  * It restores r1 and r2 from the PACA.
3198  */
3199 _GLOBAL_TOC(kvmppc_restore_tm_hv)
3200 EXPORT_SYMBOL_GPL(kvmppc_restore_tm_hv)
3201         /*
3202          * If we are doing TM emulation for the guest on a POWER9 DD2,
3203          * then we don't actually do a trechkpt -- we either set up
3204          * fake-suspend mode, or emulate a TM rollback.
3205          */
3206 BEGIN_FTR_SECTION
3207         b       __kvmppc_restore_tm
3208 END_FTR_SECTION_IFCLR(CPU_FTR_P9_TM_HV_ASSIST)
3209         mflr    r0
3210         std     r0, PPC_LR_STKOFF(r1)
3211 
3212         li      r0, 0
3213         stb     r0, HSTATE_FAKE_SUSPEND(r13)
3214 
3215         /* Turn on TM so we can restore TM SPRs */
3216         mfmsr   r5
3217         li      r0, 1
3218         rldimi  r5, r0, MSR_TM_LG, 63-MSR_TM_LG
3219         mtmsrd  r5
3220 
3221         /*
3222          * The user may change these outside of a transaction, so they must
3223          * always be context switched.
3224          */
3225         ld      r5, VCPU_TFHAR(r3)
3226         ld      r6, VCPU_TFIAR(r3)
3227         ld      r7, VCPU_TEXASR(r3)
3228         mtspr   SPRN_TFHAR, r5
3229         mtspr   SPRN_TFIAR, r6
3230         mtspr   SPRN_TEXASR, r7
3231 
3232         rldicl. r5, r4, 64 - MSR_TS_S_LG, 62
3233         beqlr           /* TM not active in guest */
3234 
3235         /* Make sure the failure summary is set */
3236         oris    r7, r7, (TEXASR_FS)@h
3237         mtspr   SPRN_TEXASR, r7
3238 
3239         cmpwi   r5, 1           /* check for suspended state */
3240         bgt     10f
3241         stb     r5, HSTATE_FAKE_SUSPEND(r13)
3242         b       9f              /* and return */
3243 10:     stdu    r1, -PPC_MIN_STKFRM(r1)
3244         /* guest is in transactional state, so simulate rollback */
3245         bl      kvmhv_emulate_tm_rollback
3246         nop
3247         addi    r1, r1, PPC_MIN_STKFRM
3248 9:      ld      r0, PPC_LR_STKOFF(r1)
3249         mtlr    r0
3250         blr
3251 #endif /* CONFIG_PPC_TRANSACTIONAL_MEM */
3252 
3253 /*
3254  * We come here if we get any exception or interrupt while we are
3255  * executing host real mode code while in guest MMU context.
3256  * r12 is (CR << 32) | vector
3257  * r13 points to our PACA
3258  * r12 is saved in HSTATE_SCRATCH0(r13)
3259  * ctr is saved in HSTATE_SCRATCH1(r13) if RELOCATABLE
3260  * r9 is saved in HSTATE_SCRATCH2(r13)
3261  * r13 is saved in HSPRG1
3262  * cfar is saved in HSTATE_CFAR(r13)
3263  * ppr is saved in HSTATE_PPR(r13)
3264  */
3265 kvmppc_bad_host_intr:
3266         /*
3267          * Switch to the emergency stack, but start half-way down in
3268          * case we were already on it.
3269          */
3270         mr      r9, r1
3271         std     r1, PACAR1(r13)
3272         ld      r1, PACAEMERGSP(r13)
3273         subi    r1, r1, THREAD_SIZE/2 + INT_FRAME_SIZE
3274         std     r9, 0(r1)
3275         std     r0, GPR0(r1)
3276         std     r9, GPR1(r1)
3277         std     r2, GPR2(r1)
3278         SAVE_4GPRS(3, r1)
3279         SAVE_2GPRS(7, r1)
3280         srdi    r0, r12, 32
3281         clrldi  r12, r12, 32
3282         std     r0, _CCR(r1)
3283         std     r12, _TRAP(r1)
3284         andi.   r0, r12, 2
3285         beq     1f
3286         mfspr   r3, SPRN_HSRR0
3287         mfspr   r4, SPRN_HSRR1
3288         mfspr   r5, SPRN_HDAR
3289         mfspr   r6, SPRN_HDSISR
3290         b       2f
3291 1:      mfspr   r3, SPRN_SRR0
3292         mfspr   r4, SPRN_SRR1
3293         mfspr   r5, SPRN_DAR
3294         mfspr   r6, SPRN_DSISR
3295 2:      std     r3, _NIP(r1)
3296         std     r4, _MSR(r1)
3297         std     r5, _DAR(r1)
3298         std     r6, _DSISR(r1)
3299         ld      r9, HSTATE_SCRATCH2(r13)
3300         ld      r12, HSTATE_SCRATCH0(r13)
3301         GET_SCRATCH0(r0)
3302         SAVE_4GPRS(9, r1)
3303         std     r0, GPR13(r1)
3304         SAVE_NVGPRS(r1)
3305         ld      r5, HSTATE_CFAR(r13)
3306         std     r5, ORIG_GPR3(r1)
3307         mflr    r3
3308 #ifdef CONFIG_RELOCATABLE
3309         ld      r4, HSTATE_SCRATCH1(r13)
3310 #else
3311         mfctr   r4
3312 #endif
3313         mfxer   r5
3314         lbz     r6, PACAIRQSOFTMASK(r13)
3315         std     r3, _LINK(r1)
3316         std     r4, _CTR(r1)
3317         std     r5, _XER(r1)
3318         std     r6, SOFTE(r1)
3319         ld      r2, PACATOC(r13)
3320         LOAD_REG_IMMEDIATE(3, 0x7265677368657265)
3321         std     r3, STACK_FRAME_OVERHEAD-16(r1)
3322 
3323         /*
3324          * On POWER9 do a minimal restore of the MMU and call C code,
3325          * which will print a message and panic.
3326          * XXX On POWER7 and POWER8, we just spin here since we don't
3327          * know what the other threads are doing (and we don't want to
3328          * coordinate with them) - but at least we now have register state
3329          * in memory that we might be able to look at from another CPU.
3330          */
3331 BEGIN_FTR_SECTION
3332         b       .
3333 END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_300)
3334         ld      r9, HSTATE_KVM_VCPU(r13)
3335         ld      r10, VCPU_KVM(r9)
3336 
3337         li      r0, 0
3338         mtspr   SPRN_AMR, r0
3339         mtspr   SPRN_IAMR, r0
3340         mtspr   SPRN_CIABR, r0
3341         mtspr   SPRN_DAWRX, r0
3342 
3343 BEGIN_MMU_FTR_SECTION
3344         b       4f
3345 END_MMU_FTR_SECTION_IFSET(MMU_FTR_TYPE_RADIX)
3346 
3347         slbmte  r0, r0
3348         slbia
3349         ptesync
3350         ld      r8, PACA_SLBSHADOWPTR(r13)
3351         .rept   SLB_NUM_BOLTED
3352         li      r3, SLBSHADOW_SAVEAREA
3353         LDX_BE  r5, r8, r3
3354         addi    r3, r3, 8
3355         LDX_BE  r6, r8, r3
3356         andis.  r7, r5, SLB_ESID_V@h
3357         beq     3f
3358         slbmte  r6, r5
3359 3:      addi    r8, r8, 16
3360         .endr
3361 
3362 4:      lwz     r7, KVM_HOST_LPID(r10)
3363         mtspr   SPRN_LPID, r7
3364         mtspr   SPRN_PID, r0
3365         ld      r8, KVM_HOST_LPCR(r10)
3366         mtspr   SPRN_LPCR, r8
3367         isync
3368         li      r0, KVM_GUEST_MODE_NONE
3369         stb     r0, HSTATE_IN_GUEST(r13)
3370 
3371         /*
3372          * Turn on the MMU and jump to C code
3373          */
3374         bcl     20, 31, .+4
3375 5:      mflr    r3
3376         addi    r3, r3, 9f - 5b
3377         li      r4, -1
3378         rldimi  r3, r4, 62, 0   /* ensure 0xc000000000000000 bits are set */
3379         ld      r4, PACAKMSR(r13)
3380         mtspr   SPRN_SRR0, r3
3381         mtspr   SPRN_SRR1, r4
3382         RFI_TO_KERNEL
3383 9:      addi    r3, r1, STACK_FRAME_OVERHEAD
3384         bl      kvmppc_bad_interrupt
3385         b       9b
3386 
3387 /*
3388  * This mimics the MSR transition on IRQ delivery.  The new guest MSR is taken
3389  * from VCPU_INTR_MSR and is modified based on the required TM state changes.
3390  *   r11 has the guest MSR value (in/out)
3391  *   r9 has a vcpu pointer (in)
3392  *   r0 is used as a scratch register
3393  */
3394 kvmppc_msr_interrupt:
3395         rldicl  r0, r11, 64 - MSR_TS_S_LG, 62
3396         cmpwi   r0, 2 /* Check if we are in transactional state..  */
3397         ld      r11, VCPU_INTR_MSR(r9)
3398         bne     1f
3399         /* ... if transactional, change to suspended */
3400         li      r0, 1
3401 1:      rldimi  r11, r0, MSR_TS_S_LG, 63 - MSR_TS_T_LG
3402         blr
3403 
3404 /*
3405  * Load up guest PMU state.  R3 points to the vcpu struct.
3406  */
3407 _GLOBAL(kvmhv_load_guest_pmu)
3408 EXPORT_SYMBOL_GPL(kvmhv_load_guest_pmu)
3409         mr      r4, r3
3410         mflr    r0
3411         li      r3, 1
3412         sldi    r3, r3, 31              /* MMCR0_FC (freeze counters) bit */
3413         mtspr   SPRN_MMCR0, r3          /* freeze all counters, disable ints */
3414         isync
3415 BEGIN_FTR_SECTION
3416         ld      r3, VCPU_MMCR(r4)
3417         andi.   r5, r3, MMCR0_PMAO_SYNC | MMCR0_PMAO
3418         cmpwi   r5, MMCR0_PMAO
3419         beql    kvmppc_fix_pmao
3420 END_FTR_SECTION_IFSET(CPU_FTR_PMAO_BUG)
3421         lwz     r3, VCPU_PMC(r4)        /* always load up guest PMU registers */
3422         lwz     r5, VCPU_PMC + 4(r4)    /* to prevent information leak */
3423         lwz     r6, VCPU_PMC + 8(r4)
3424         lwz     r7, VCPU_PMC + 12(r4)
3425         lwz     r8, VCPU_PMC + 16(r4)
3426         lwz     r9, VCPU_PMC + 20(r4)
3427         mtspr   SPRN_PMC1, r3
3428         mtspr   SPRN_PMC2, r5
3429         mtspr   SPRN_PMC3, r6
3430         mtspr   SPRN_PMC4, r7
3431         mtspr   SPRN_PMC5, r8
3432         mtspr   SPRN_PMC6, r9
3433         ld      r3, VCPU_MMCR(r4)
3434         ld      r5, VCPU_MMCR + 8(r4)
3435         ld      r6, VCPU_MMCR + 16(r4)
3436         ld      r7, VCPU_SIAR(r4)
3437         ld      r8, VCPU_SDAR(r4)
3438         mtspr   SPRN_MMCR1, r5
3439         mtspr   SPRN_MMCRA, r6
3440         mtspr   SPRN_SIAR, r7
3441         mtspr   SPRN_SDAR, r8
3442 BEGIN_FTR_SECTION
3443         ld      r5, VCPU_MMCR + 24(r4)
3444         ld      r6, VCPU_SIER(r4)
3445         mtspr   SPRN_MMCR2, r5
3446         mtspr   SPRN_SIER, r6
3447 BEGIN_FTR_SECTION_NESTED(96)
3448         lwz     r7, VCPU_PMC + 24(r4)
3449         lwz     r8, VCPU_PMC + 28(r4)
3450         ld      r9, VCPU_MMCR + 32(r4)
3451         mtspr   SPRN_SPMC1, r7
3452         mtspr   SPRN_SPMC2, r8
3453         mtspr   SPRN_MMCRS, r9
3454 END_FTR_SECTION_NESTED(CPU_FTR_ARCH_300, 0, 96)
3455 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
3456         mtspr   SPRN_MMCR0, r3
3457         isync
3458         mtlr    r0
3459         blr
3460 
3461 /*
3462  * Reload host PMU state saved in the PACA by kvmhv_save_host_pmu.
3463  */
3464 _GLOBAL(kvmhv_load_host_pmu)
3465 EXPORT_SYMBOL_GPL(kvmhv_load_host_pmu)
3466         mflr    r0
3467         lbz     r4, PACA_PMCINUSE(r13) /* is the host using the PMU? */
3468         cmpwi   r4, 0
3469         beq     23f                     /* skip if not */
3470 BEGIN_FTR_SECTION
3471         ld      r3, HSTATE_MMCR0(r13)
3472         andi.   r4, r3, MMCR0_PMAO_SYNC | MMCR0_PMAO
3473         cmpwi   r4, MMCR0_PMAO
3474         beql    kvmppc_fix_pmao
3475 END_FTR_SECTION_IFSET(CPU_FTR_PMAO_BUG)
3476         lwz     r3, HSTATE_PMC1(r13)
3477         lwz     r4, HSTATE_PMC2(r13)
3478         lwz     r5, HSTATE_PMC3(r13)
3479         lwz     r6, HSTATE_PMC4(r13)
3480         lwz     r8, HSTATE_PMC5(r13)
3481         lwz     r9, HSTATE_PMC6(r13)
3482         mtspr   SPRN_PMC1, r3
3483         mtspr   SPRN_PMC2, r4
3484         mtspr   SPRN_PMC3, r5
3485         mtspr   SPRN_PMC4, r6
3486         mtspr   SPRN_PMC5, r8
3487         mtspr   SPRN_PMC6, r9
3488         ld      r3, HSTATE_MMCR0(r13)
3489         ld      r4, HSTATE_MMCR1(r13)
3490         ld      r5, HSTATE_MMCRA(r13)
3491         ld      r6, HSTATE_SIAR(r13)
3492         ld      r7, HSTATE_SDAR(r13)
3493         mtspr   SPRN_MMCR1, r4
3494         mtspr   SPRN_MMCRA, r5
3495         mtspr   SPRN_SIAR, r6
3496         mtspr   SPRN_SDAR, r7
3497 BEGIN_FTR_SECTION
3498         ld      r8, HSTATE_MMCR2(r13)
3499         ld      r9, HSTATE_SIER(r13)
3500         mtspr   SPRN_MMCR2, r8
3501         mtspr   SPRN_SIER, r9
3502 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
3503         mtspr   SPRN_MMCR0, r3
3504         isync
3505         mtlr    r0
3506 23:     blr
3507 
3508 /*
3509  * Save guest PMU state into the vcpu struct.
3510  * r3 = vcpu, r4 = full save flag (PMU in use flag set in VPA)
3511  */
3512 _GLOBAL(kvmhv_save_guest_pmu)
3513 EXPORT_SYMBOL_GPL(kvmhv_save_guest_pmu)
3514         mr      r9, r3
3515         mr      r8, r4
3516 BEGIN_FTR_SECTION
3517         /*
3518          * POWER8 seems to have a hardware bug where setting
3519          * MMCR0[PMAE] along with MMCR0[PMC1CE] and/or MMCR0[PMCjCE]
3520          * when some counters are already negative doesn't seem
3521          * to cause a performance monitor alert (and hence interrupt).
3522          * The effect of this is that when saving the PMU state,
3523          * if there is no PMU alert pending when we read MMCR0
3524          * before freezing the counters, but one becomes pending
3525          * before we read the counters, we lose it.
3526          * To work around this, we need a way to freeze the counters
3527          * before reading MMCR0.  Normally, freezing the counters
3528          * is done by writing MMCR0 (to set MMCR0[FC]) which
3529          * unavoidably writes MMCR0[PMA0] as well.  On POWER8,
3530          * we can also freeze the counters using MMCR2, by writing
3531          * 1s to all the counter freeze condition bits (there are
3532          * 9 bits each for 6 counters).
3533          */
3534         li      r3, -1                  /* set all freeze bits */
3535         clrrdi  r3, r3, 10
3536         mfspr   r10, SPRN_MMCR2
3537         mtspr   SPRN_MMCR2, r3
3538         isync
3539 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
3540         li      r3, 1
3541         sldi    r3, r3, 31              /* MMCR0_FC (freeze counters) bit */
3542         mfspr   r4, SPRN_MMCR0          /* save MMCR0 */
3543         mtspr   SPRN_MMCR0, r3          /* freeze all counters, disable ints */
3544         mfspr   r6, SPRN_MMCRA
3545         /* Clear MMCRA in order to disable SDAR updates */
3546         li      r7, 0
3547         mtspr   SPRN_MMCRA, r7
3548         isync
3549         cmpwi   r8, 0                   /* did they ask for PMU stuff to be saved? */
3550         bne     21f
3551         std     r3, VCPU_MMCR(r9)       /* if not, set saved MMCR0 to FC */
3552         b       22f
3553 21:     mfspr   r5, SPRN_MMCR1
3554         mfspr   r7, SPRN_SIAR
3555         mfspr   r8, SPRN_SDAR
3556         std     r4, VCPU_MMCR(r9)
3557         std     r5, VCPU_MMCR + 8(r9)
3558         std     r6, VCPU_MMCR + 16(r9)
3559 BEGIN_FTR_SECTION
3560         std     r10, VCPU_MMCR + 24(r9)
3561 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
3562         std     r7, VCPU_SIAR(r9)
3563         std     r8, VCPU_SDAR(r9)
3564         mfspr   r3, SPRN_PMC1
3565         mfspr   r4, SPRN_PMC2
3566         mfspr   r5, SPRN_PMC3
3567         mfspr   r6, SPRN_PMC4
3568         mfspr   r7, SPRN_PMC5
3569         mfspr   r8, SPRN_PMC6
3570         stw     r3, VCPU_PMC(r9)
3571         stw     r4, VCPU_PMC + 4(r9)
3572         stw     r5, VCPU_PMC + 8(r9)
3573         stw     r6, VCPU_PMC + 12(r9)
3574         stw     r7, VCPU_PMC + 16(r9)
3575         stw     r8, VCPU_PMC + 20(r9)
3576 BEGIN_FTR_SECTION
3577         mfspr   r5, SPRN_SIER
3578         std     r5, VCPU_SIER(r9)
3579 BEGIN_FTR_SECTION_NESTED(96)
3580         mfspr   r6, SPRN_SPMC1
3581         mfspr   r7, SPRN_SPMC2
3582         mfspr   r8, SPRN_MMCRS
3583         stw     r6, VCPU_PMC + 24(r9)
3584         stw     r7, VCPU_PMC + 28(r9)
3585         std     r8, VCPU_MMCR + 32(r9)
3586         lis     r4, 0x8000
3587         mtspr   SPRN_MMCRS, r4
3588 END_FTR_SECTION_NESTED(CPU_FTR_ARCH_300, 0, 96)
3589 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
3590 22:     blr
3591 
3592 /*
3593  * This works around a hardware bug on POWER8E processors, where
3594  * writing a 1 to the MMCR0[PMAO] bit doesn't generate a
3595  * performance monitor interrupt.  Instead, when we need to have
3596  * an interrupt pending, we have to arrange for a counter to overflow.
3597  */
3598 kvmppc_fix_pmao:
3599         li      r3, 0
3600         mtspr   SPRN_MMCR2, r3
3601         lis     r3, (MMCR0_PMXE | MMCR0_FCECE)@h
3602         ori     r3, r3, MMCR0_PMCjCE | MMCR0_C56RUN
3603         mtspr   SPRN_MMCR0, r3
3604         lis     r3, 0x7fff
3605         ori     r3, r3, 0xffff
3606         mtspr   SPRN_PMC6, r3
3607         isync
3608         blr
3609 
3610 #ifdef CONFIG_KVM_BOOK3S_HV_EXIT_TIMING
3611 /*
3612  * Start timing an activity
3613  * r3 = pointer to time accumulation struct, r4 = vcpu
3614  */
3615 kvmhv_start_timing:
3616         ld      r5, HSTATE_KVM_VCORE(r13)
3617         ld      r6, VCORE_TB_OFFSET_APPL(r5)
3618         mftb    r5
3619         subf    r5, r6, r5      /* subtract current timebase offset */
3620         std     r3, VCPU_CUR_ACTIVITY(r4)
3621         std     r5, VCPU_ACTIVITY_START(r4)
3622         blr
3623 
3624 /*
3625  * Accumulate time to one activity and start another.
3626  * r3 = pointer to new time accumulation struct, r4 = vcpu
3627  */
3628 kvmhv_accumulate_time:
3629         ld      r5, HSTATE_KVM_VCORE(r13)
3630         ld      r8, VCORE_TB_OFFSET_APPL(r5)
3631         ld      r5, VCPU_CUR_ACTIVITY(r4)
3632         ld      r6, VCPU_ACTIVITY_START(r4)
3633         std     r3, VCPU_CUR_ACTIVITY(r4)
3634         mftb    r7
3635         subf    r7, r8, r7      /* subtract current timebase offset */
3636         std     r7, VCPU_ACTIVITY_START(r4)
3637         cmpdi   r5, 0
3638         beqlr
3639         subf    r3, r6, r7
3640         ld      r8, TAS_SEQCOUNT(r5)
3641         cmpdi   r8, 0
3642         addi    r8, r8, 1
3643         std     r8, TAS_SEQCOUNT(r5)
3644         lwsync
3645         ld      r7, TAS_TOTAL(r5)
3646         add     r7, r7, r3
3647         std     r7, TAS_TOTAL(r5)
3648         ld      r6, TAS_MIN(r5)
3649         ld      r7, TAS_MAX(r5)
3650         beq     3f
3651         cmpd    r3, r6
3652         bge     1f
3653 3:      std     r3, TAS_MIN(r5)
3654 1:      cmpd    r3, r7
3655         ble     2f
3656         std     r3, TAS_MAX(r5)
3657 2:      lwsync
3658         addi    r8, r8, 1
3659         std     r8, TAS_SEQCOUNT(r5)
3660         blr
3661 #endif