arch/powerpc/kvm/book3s_hv_rmhandlers.S at v6.15

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / arch / powerpc / kvm / book3s_hv_rmhandlers.S
at v6.15 3024 lines 74 kB view raw
wrap content
   1/* SPDX-License-Identifier: GPL-2.0-only */
   2/*
   3 *
   4 * Copyright 2011 Paul Mackerras, IBM Corp. <paulus@au1.ibm.com>
   5 *
   6 * Derived from book3s_rmhandlers.S and other files, which are:
   7 *
   8 * Copyright SUSE Linux Products GmbH 2009
   9 *
  10 * Authors: Alexander Graf <agraf@suse.de>
  11 */
  12
  13#include <linux/export.h>
  14#include <linux/linkage.h>
  15#include <linux/objtool.h>
  16#include <asm/ppc_asm.h>
  17#include <asm/code-patching-asm.h>
  18#include <asm/kvm_asm.h>
  19#include <asm/reg.h>
  20#include <asm/mmu.h>
  21#include <asm/page.h>
  22#include <asm/ptrace.h>
  23#include <asm/hvcall.h>
  24#include <asm/asm-offsets.h>
  25#include <asm/exception-64s.h>
  26#include <asm/kvm_book3s_asm.h>
  27#include <asm/book3s/64/mmu-hash.h>
  28#include <asm/tm.h>
  29#include <asm/opal.h>
  30#include <asm/thread_info.h>
  31#include <asm/asm-compat.h>
  32#include <asm/feature-fixups.h>
  33#include <asm/cpuidle.h>
  34
  35/* Values in HSTATE_NAPPING(r13) */
  36#define NAPPING_CEDE	1
  37#define NAPPING_NOVCPU	2
  38#define NAPPING_UNSPLIT	3
  39
  40/* Stack frame offsets for kvmppc_hv_entry */
  41#define SFS			160
  42#define STACK_SLOT_TRAP		(SFS-4)
  43#define STACK_SLOT_TID		(SFS-16)
  44#define STACK_SLOT_PSSCR	(SFS-24)
  45#define STACK_SLOT_PID		(SFS-32)
  46#define STACK_SLOT_IAMR		(SFS-40)
  47#define STACK_SLOT_CIABR	(SFS-48)
  48#define STACK_SLOT_DAWR0	(SFS-56)
  49#define STACK_SLOT_DAWRX0	(SFS-64)
  50#define STACK_SLOT_HFSCR	(SFS-72)
  51#define STACK_SLOT_AMR		(SFS-80)
  52#define STACK_SLOT_UAMOR	(SFS-88)
  53#define STACK_SLOT_FSCR		(SFS-96)
  54
  55/*
  56 * Use the last LPID (all implemented LPID bits = 1) for partition switching.
  57 * This is reserved in the LPID allocator. POWER7 only implements 0x3ff, but
  58 * we write 0xfff into the LPID SPR anyway, which seems to work and just
  59 * ignores the top bits.
  60 */
  61#define   LPID_RSVD		0xfff
  62
  63/*
  64 * Call kvmppc_hv_entry in real mode.
  65 * Must be called with interrupts hard-disabled.
  66 *
  67 * Input Registers:
  68 *
  69 * LR = return address to continue at after eventually re-enabling MMU
  70 */
  71_GLOBAL_TOC(kvmppc_hv_entry_trampoline)
  72	mflr	r0
  73	std	r0, PPC_LR_STKOFF(r1)
  74	stdu	r1, -112(r1)
  75	mfmsr	r10
  76	std	r10, HSTATE_HOST_MSR(r13)
  77	LOAD_REG_ADDR(r5, kvmppc_call_hv_entry)
  78	li	r0,MSR_RI
  79	andc	r0,r10,r0
  80	li	r6,MSR_IR | MSR_DR
  81	andc	r6,r10,r6
  82	mtmsrd	r0,1		/* clear RI in MSR */
  83	mtsrr0	r5
  84	mtsrr1	r6
  85	RFI_TO_KERNEL
  86
  87kvmppc_call_hv_entry:
  88	ld	r4, HSTATE_KVM_VCPU(r13)
  89	bl	kvmppc_hv_entry
  90
  91	/* Back from guest - restore host state and return to caller */
  92
  93BEGIN_FTR_SECTION
  94	/* Restore host DABR and DABRX */
  95	ld	r5,HSTATE_DABR(r13)
  96	li	r6,7
  97	mtspr	SPRN_DABR,r5
  98	mtspr	SPRN_DABRX,r6
  99END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
 100
 101	/* Restore SPRG3 */
 102	ld	r3,PACA_SPRG_VDSO(r13)
 103	mtspr	SPRN_SPRG_VDSO_WRITE,r3
 104
 105	/* Reload the host's PMU registers */
 106	bl	kvmhv_load_host_pmu
 107
 108	/*
 109	 * Reload DEC.  HDEC interrupts were disabled when
 110	 * we reloaded the host's LPCR value.
 111	 */
 112	ld	r3, HSTATE_DECEXP(r13)
 113	mftb	r4
 114	subf	r4, r4, r3
 115	mtspr	SPRN_DEC, r4
 116
 117	/* hwthread_req may have got set by cede or no vcpu, so clear it */
 118	li	r0, 0
 119	stb	r0, HSTATE_HWTHREAD_REQ(r13)
 120
 121	/*
 122	 * For external interrupts we need to call the Linux
 123	 * handler to process the interrupt. We do that by jumping
 124	 * to absolute address 0x500 for external interrupts.
 125	 * The [h]rfid at the end of the handler will return to
 126	 * the book3s_hv_interrupts.S code. For other interrupts
 127	 * we do the rfid to get back to the book3s_hv_interrupts.S
 128	 * code here.
 129	 */
 130	ld	r8, 112+PPC_LR_STKOFF(r1)
 131	addi	r1, r1, 112
 132	ld	r7, HSTATE_HOST_MSR(r13)
 133
 134	/* Return the trap number on this thread as the return value */
 135	mr	r3, r12
 136
 137	/* RFI into the highmem handler */
 138	mfmsr	r6
 139	li	r0, MSR_RI
 140	andc	r6, r6, r0
 141	mtmsrd	r6, 1			/* Clear RI in MSR */
 142	mtsrr0	r8
 143	mtsrr1	r7
 144	RFI_TO_KERNEL
 145
 146kvmppc_primary_no_guest:
 147	/* We handle this much like a ceded vcpu */
 148	/* put the HDEC into the DEC, since HDEC interrupts don't wake us */
 149	/* HDEC may be larger than DEC for arch >= v3.00, but since the */
 150	/* HDEC value came from DEC in the first place, it will fit */
 151	mfspr	r3, SPRN_HDEC
 152	mtspr	SPRN_DEC, r3
 153	/*
 154	 * Make sure the primary has finished the MMU switch.
 155	 * We should never get here on a secondary thread, but
 156	 * check it for robustness' sake.
 157	 */
 158	ld	r5, HSTATE_KVM_VCORE(r13)
 15965:	lbz	r0, VCORE_IN_GUEST(r5)
 160	cmpwi	r0, 0
 161	beq	65b
 162	/* Set LPCR. */
 163	ld	r8,VCORE_LPCR(r5)
 164	mtspr	SPRN_LPCR,r8
 165	isync
 166	/* set our bit in napping_threads */
 167	ld	r5, HSTATE_KVM_VCORE(r13)
 168	lbz	r7, HSTATE_PTID(r13)
 169	li	r0, 1
 170	sld	r0, r0, r7
 171	addi	r6, r5, VCORE_NAPPING_THREADS
 1721:	lwarx	r3, 0, r6
 173	or	r3, r3, r0
 174	stwcx.	r3, 0, r6
 175	bne	1b
 176	/* order napping_threads update vs testing entry_exit_map */
 177	isync
 178	li	r12, 0
 179	lwz	r7, VCORE_ENTRY_EXIT(r5)
 180	cmpwi	r7, 0x100
 181	bge	kvm_novcpu_exit	/* another thread already exiting */
 182	li	r3, NAPPING_NOVCPU
 183	stb	r3, HSTATE_NAPPING(r13)
 184
 185	li	r3, 0		/* Don't wake on privileged (OS) doorbell */
 186	b	kvm_do_nap
 187
 188/*
 189 * kvm_novcpu_wakeup
 190 *	Entered from kvm_start_guest if kvm_hstate.napping is set
 191 *	to NAPPING_NOVCPU
 192 *		r2 = kernel TOC
 193 *		r13 = paca
 194 */
 195kvm_novcpu_wakeup:
 196	ld	r1, HSTATE_HOST_R1(r13)
 197	ld	r5, HSTATE_KVM_VCORE(r13)
 198	li	r0, 0
 199	stb	r0, HSTATE_NAPPING(r13)
 200
 201	/* check the wake reason */
 202	bl	kvmppc_check_wake_reason
 203
 204	/*
 205	 * Restore volatile registers since we could have called
 206	 * a C routine in kvmppc_check_wake_reason.
 207	 *	r5 = VCORE
 208	 */
 209	ld	r5, HSTATE_KVM_VCORE(r13)
 210
 211	/* see if any other thread is already exiting */
 212	lwz	r0, VCORE_ENTRY_EXIT(r5)
 213	cmpwi	r0, 0x100
 214	bge	kvm_novcpu_exit
 215
 216	/* clear our bit in napping_threads */
 217	lbz	r7, HSTATE_PTID(r13)
 218	li	r0, 1
 219	sld	r0, r0, r7
 220	addi	r6, r5, VCORE_NAPPING_THREADS
 2214:	lwarx	r7, 0, r6
 222	andc	r7, r7, r0
 223	stwcx.	r7, 0, r6
 224	bne	4b
 225
 226	/* See if the wake reason means we need to exit */
 227	cmpdi	r3, 0
 228	bge	kvm_novcpu_exit
 229
 230	/* See if our timeslice has expired (HDEC is negative) */
 231	mfspr	r0, SPRN_HDEC
 232	extsw	r0, r0
 233	li	r12, BOOK3S_INTERRUPT_HV_DECREMENTER
 234	cmpdi	r0, 0
 235	blt	kvm_novcpu_exit
 236
 237	/* Got an IPI but other vcpus aren't yet exiting, must be a latecomer */
 238	ld	r4, HSTATE_KVM_VCPU(r13)
 239	cmpdi	r4, 0
 240	beq	kvmppc_primary_no_guest
 241
 242#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
 243	addi	r3, r4, VCPU_TB_RMENTRY
 244	bl	kvmhv_start_timing
 245#endif
 246	b	kvmppc_got_guest
 247
 248kvm_novcpu_exit:
 249#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
 250	ld	r4, HSTATE_KVM_VCPU(r13)
 251	cmpdi	r4, 0
 252	beq	13f
 253	addi	r3, r4, VCPU_TB_RMEXIT
 254	bl	kvmhv_accumulate_time
 255#endif
 25613:	mr	r3, r12
 257	stw	r12, STACK_SLOT_TRAP(r1)
 258	bl	kvmhv_commence_exit
 259	nop
 260	b	kvmhv_switch_to_host
 261
 262/*
 263 * We come in here when wakened from Linux offline idle code.
 264 * Relocation is off
 265 * r3 contains the SRR1 wakeup value, SRR1 is trashed.
 266 */
 267_GLOBAL(idle_kvm_start_guest)
 268	mfcr	r5
 269	mflr	r0
 270	std	r5, 8(r1)	// Save CR in caller's frame
 271	std	r0, 16(r1)	// Save LR in caller's frame
 272	// Create frame on emergency stack
 273	ld	r4, PACAEMERGSP(r13)
 274	stdu	r1, -SWITCH_FRAME_SIZE(r4)
 275	// Switch to new frame on emergency stack
 276	mr	r1, r4
 277	std	r3, 32(r1)	// Save SRR1 wakeup value
 278	SAVE_NVGPRS(r1)
 279
 280	/*
 281	 * Could avoid this and pass it through in r3. For now,
 282	 * code expects it to be in SRR1.
 283	 */
 284	mtspr	SPRN_SRR1,r3
 285
 286	li	r0,0
 287	stb	r0,PACA_FTRACE_ENABLED(r13)
 288
 289	li	r0,KVM_HWTHREAD_IN_KVM
 290	stb	r0,HSTATE_HWTHREAD_STATE(r13)
 291
 292	/* kvm cede / napping does not come through here */
 293	lbz	r0,HSTATE_NAPPING(r13)
 294	twnei	r0,0
 295
 296	b	1f
 297
 298kvm_unsplit_wakeup:
 299	li	r0, 0
 300	stb	r0, HSTATE_NAPPING(r13)
 301
 3021:
 303
 304	/*
 305	 * We weren't napping due to cede, so this must be a secondary
 306	 * thread being woken up to run a guest, or being woken up due
 307	 * to a stray IPI.  (Or due to some machine check or hypervisor
 308	 * maintenance interrupt while the core is in KVM.)
 309	 */
 310
 311	/* Check the wake reason in SRR1 to see why we got here */
 312	bl	kvmppc_check_wake_reason
 313	/*
 314	 * kvmppc_check_wake_reason could invoke a C routine, but we
 315	 * have no volatile registers to restore when we return.
 316	 */
 317
 318	cmpdi	r3, 0
 319	bge	kvm_no_guest
 320
 321	/* get vcore pointer, NULL if we have nothing to run */
 322	ld	r5,HSTATE_KVM_VCORE(r13)
 323	cmpdi	r5,0
 324	/* if we have no vcore to run, go back to sleep */
 325	beq	kvm_no_guest
 326
 327kvm_secondary_got_guest:
 328
 329	// About to go to guest, clear saved SRR1
 330	li	r0, 0
 331	std	r0, 32(r1)
 332
 333	/* Set HSTATE_DSCR(r13) to something sensible */
 334	ld	r6, PACA_DSCR_DEFAULT(r13)
 335	std	r6, HSTATE_DSCR(r13)
 336
 337	/* On thread 0 of a subcore, set HDEC to max */
 338	lbz	r4, HSTATE_PTID(r13)
 339	cmpwi	r4, 0
 340	bne	63f
 341	lis	r6,0x7fff		/* MAX_INT@h */
 342	mtspr	SPRN_HDEC, r6
 343	/* and set per-LPAR registers, if doing dynamic micro-threading */
 344	ld	r6, HSTATE_SPLIT_MODE(r13)
 345	cmpdi	r6, 0
 346	beq	63f
 347	ld	r0, KVM_SPLIT_RPR(r6)
 348	mtspr	SPRN_RPR, r0
 349	ld	r0, KVM_SPLIT_PMMAR(r6)
 350	mtspr	SPRN_PMMAR, r0
 351	ld	r0, KVM_SPLIT_LDBAR(r6)
 352	mtspr	SPRN_LDBAR, r0
 353	isync
 35463:
 355	/* Order load of vcpu after load of vcore */
 356	lwsync
 357	ld	r4, HSTATE_KVM_VCPU(r13)
 358	bl	kvmppc_hv_entry
 359
 360	/* Back from the guest, go back to nap */
 361	/* Clear our vcpu and vcore pointers so we don't come back in early */
 362	li	r0, 0
 363	std	r0, HSTATE_KVM_VCPU(r13)
 364	/*
 365	 * Once we clear HSTATE_KVM_VCORE(r13), the code in
 366	 * kvmppc_run_core() is going to assume that all our vcpu
 367	 * state is visible in memory.  This lwsync makes sure
 368	 * that that is true.
 369	 */
 370	lwsync
 371	std	r0, HSTATE_KVM_VCORE(r13)
 372
 373	/*
 374	 * All secondaries exiting guest will fall through this path.
 375	 * Before proceeding, just check for HMI interrupt and
 376	 * invoke opal hmi handler. By now we are sure that the
 377	 * primary thread on this core/subcore has already made partition
 378	 * switch/TB resync and we are good to call opal hmi handler.
 379	 */
 380	cmpwi	r12, BOOK3S_INTERRUPT_HMI
 381	bne	kvm_no_guest
 382
 383	li	r3,0			/* NULL argument */
 384	bl	CFUNC(hmi_exception_realmode)
 385/*
 386 * At this point we have finished executing in the guest.
 387 * We need to wait for hwthread_req to become zero, since
 388 * we may not turn on the MMU while hwthread_req is non-zero.
 389 * While waiting we also need to check if we get given a vcpu to run.
 390 */
 391kvm_no_guest:
 392	lbz	r3, HSTATE_HWTHREAD_REQ(r13)
 393	cmpwi	r3, 0
 394	bne	53f
 395	HMT_MEDIUM
 396	li	r0, KVM_HWTHREAD_IN_KERNEL
 397	stb	r0, HSTATE_HWTHREAD_STATE(r13)
 398	/* need to recheck hwthread_req after a barrier, to avoid race */
 399	sync
 400	lbz	r3, HSTATE_HWTHREAD_REQ(r13)
 401	cmpwi	r3, 0
 402	bne	54f
 403
 404	/*
 405	 * Jump to idle_return_gpr_loss, which returns to the
 406	 * idle_kvm_start_guest caller.
 407	 */
 408	li	r3, LPCR_PECE0
 409	mfspr	r4, SPRN_LPCR
 410	rlwimi	r4, r3, 0, LPCR_PECE0 | LPCR_PECE1
 411	mtspr	SPRN_LPCR, r4
 412	// Return SRR1 wakeup value, or 0 if we went into the guest
 413	ld	r3, 32(r1)
 414	REST_NVGPRS(r1)
 415	ld	r1, 0(r1)	// Switch back to caller stack
 416	ld	r0, 16(r1)	// Reload LR
 417	ld	r5, 8(r1)	// Reload CR
 418	mtlr	r0
 419	mtcr	r5
 420	blr
 421
 42253:
 423	HMT_LOW
 424	ld	r5, HSTATE_KVM_VCORE(r13)
 425	cmpdi	r5, 0
 426	bne	60f
 427	ld	r3, HSTATE_SPLIT_MODE(r13)
 428	cmpdi	r3, 0
 429	beq	kvm_no_guest
 430	lbz	r0, KVM_SPLIT_DO_NAP(r3)
 431	cmpwi	r0, 0
 432	beq	kvm_no_guest
 433	HMT_MEDIUM
 434	b	kvm_unsplit_nap
 43560:	HMT_MEDIUM
 436	b	kvm_secondary_got_guest
 437
 43854:	li	r0, KVM_HWTHREAD_IN_KVM
 439	stb	r0, HSTATE_HWTHREAD_STATE(r13)
 440	b	kvm_no_guest
 441
 442/*
 443 * Here the primary thread is trying to return the core to
 444 * whole-core mode, so we need to nap.
 445 */
 446kvm_unsplit_nap:
 447	/*
 448	 * When secondaries are napping in kvm_unsplit_nap() with
 449	 * hwthread_req = 1, HMI goes ignored even though subcores are
 450	 * already exited the guest. Hence HMI keeps waking up secondaries
 451	 * from nap in a loop and secondaries always go back to nap since
 452	 * no vcore is assigned to them. This makes impossible for primary
 453	 * thread to get hold of secondary threads resulting into a soft
 454	 * lockup in KVM path.
 455	 *
 456	 * Let us check if HMI is pending and handle it before we go to nap.
 457	 */
 458	cmpwi	r12, BOOK3S_INTERRUPT_HMI
 459	bne	55f
 460	li	r3, 0			/* NULL argument */
 461	bl	CFUNC(hmi_exception_realmode)
 46255:
 463	/*
 464	 * Ensure that secondary doesn't nap when it has
 465	 * its vcore pointer set.
 466	 */
 467	sync		/* matches smp_mb() before setting split_info.do_nap */
 468	ld	r0, HSTATE_KVM_VCORE(r13)
 469	cmpdi	r0, 0
 470	bne	kvm_no_guest
 471	/* clear any pending message */
 472BEGIN_FTR_SECTION
 473	lis	r6, (PPC_DBELL_SERVER << (63-36))@h
 474	PPC_MSGCLR(6)
 475END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
 476	/* Set kvm_split_mode.napped[tid] = 1 */
 477	ld	r3, HSTATE_SPLIT_MODE(r13)
 478	li	r0, 1
 479	lhz	r4, PACAPACAINDEX(r13)
 480	clrldi	r4, r4, 61	/* micro-threading => P8 => 8 threads/core */
 481	addi	r4, r4, KVM_SPLIT_NAPPED
 482	stbx	r0, r3, r4
 483	/* Check the do_nap flag again after setting napped[] */
 484	sync
 485	lbz	r0, KVM_SPLIT_DO_NAP(r3)
 486	cmpwi	r0, 0
 487	beq	57f
 488	li	r3, NAPPING_UNSPLIT
 489	stb	r3, HSTATE_NAPPING(r13)
 490	li	r3, (LPCR_PECEDH | LPCR_PECE0) >> 4
 491	mfspr	r5, SPRN_LPCR
 492	rlwimi	r5, r3, 4, (LPCR_PECEDP | LPCR_PECEDH | LPCR_PECE0 | LPCR_PECE1)
 493	b	kvm_nap_sequence
 494
 49557:	li	r0, 0
 496	stbx	r0, r3, r4
 497	b	kvm_no_guest
 498
 499/******************************************************************************
 500 *                                                                            *
 501 *                               Entry code                                   *
 502 *                                                                            *
 503 *****************************************************************************/
 504
 505SYM_CODE_START_LOCAL(kvmppc_hv_entry)
 506
 507	/* Required state:
 508	 *
 509	 * R4 = vcpu pointer (or NULL)
 510	 * MSR = ~IR|DR
 511	 * R13 = PACA
 512	 * R1 = host R1
 513	 * R2 = TOC
 514	 * all other volatile GPRS = free
 515	 * Does not preserve non-volatile GPRs or CR fields
 516	 */
 517	mflr	r0
 518	std	r0, PPC_LR_STKOFF(r1)
 519	stdu	r1, -SFS(r1)
 520
 521	/* Save R1 in the PACA */
 522	std	r1, HSTATE_HOST_R1(r13)
 523
 524	li	r6, KVM_GUEST_MODE_HOST_HV
 525	stb	r6, HSTATE_IN_GUEST(r13)
 526
 527#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
 528	/* Store initial timestamp */
 529	cmpdi	r4, 0
 530	beq	1f
 531	addi	r3, r4, VCPU_TB_RMENTRY
 532	bl	kvmhv_start_timing
 5331:
 534#endif
 535
 536	ld	r5, HSTATE_KVM_VCORE(r13)
 537	ld	r9, VCORE_KVM(r5)	/* pointer to struct kvm */
 538
 539	/*
 540	 * POWER7/POWER8 host -> guest partition switch code.
 541	 * We don't have to lock against concurrent tlbies,
 542	 * but we do have to coordinate across hardware threads.
 543	 */
 544	/* Set bit in entry map iff exit map is zero. */
 545	li	r7, 1
 546	lbz	r6, HSTATE_PTID(r13)
 547	sld	r7, r7, r6
 548	addi	r8, r5, VCORE_ENTRY_EXIT
 54921:	lwarx	r3, 0, r8
 550	cmpwi	r3, 0x100		/* any threads starting to exit? */
 551	bge	secondary_too_late	/* if so we're too late to the party */
 552	or	r3, r3, r7
 553	stwcx.	r3, 0, r8
 554	bne	21b
 555
 556	/* Primary thread switches to guest partition. */
 557	cmpwi	r6,0
 558	bne	10f
 559
 560	lwz	r7,KVM_LPID(r9)
 561	ld	r6,KVM_SDR1(r9)
 562	li	r0,LPID_RSVD		/* switch to reserved LPID */
 563	mtspr	SPRN_LPID,r0
 564	ptesync
 565	mtspr	SPRN_SDR1,r6		/* switch to partition page table */
 566	mtspr	SPRN_LPID,r7
 567	isync
 568
 569	/* See if we need to flush the TLB. */
 570	mr	r3, r9			/* kvm pointer */
 571	lhz	r4, PACAPACAINDEX(r13)	/* physical cpu number */
 572	li	r5, 0			/* nested vcpu pointer */
 573	bl	kvmppc_check_need_tlb_flush
 574	nop
 575	ld	r5, HSTATE_KVM_VCORE(r13)
 576
 577	/* Add timebase offset onto timebase */
 57822:	ld	r8,VCORE_TB_OFFSET(r5)
 579	cmpdi	r8,0
 580	beq	37f
 581	std	r8, VCORE_TB_OFFSET_APPL(r5)
 582	mftb	r6		/* current host timebase */
 583	add	r8,r8,r6
 584	mtspr	SPRN_TBU40,r8	/* update upper 40 bits */
 585	mftb	r7		/* check if lower 24 bits overflowed */
 586	clrldi	r6,r6,40
 587	clrldi	r7,r7,40
 588	cmpld	r7,r6
 589	bge	37f
 590	addis	r8,r8,0x100	/* if so, increment upper 40 bits */
 591	mtspr	SPRN_TBU40,r8
 592
 593	/* Load guest PCR value to select appropriate compat mode */
 59437:	ld	r7, VCORE_PCR(r5)
 595	LOAD_REG_IMMEDIATE(r6, PCR_MASK)
 596	cmpld	r7, r6
 597	beq	38f
 598	or	r7, r7, r6
 599	mtspr	SPRN_PCR, r7
 60038:
 601
 602BEGIN_FTR_SECTION
 603	/* DPDES and VTB are shared between threads */
 604	ld	r8, VCORE_DPDES(r5)
 605	ld	r7, VCORE_VTB(r5)
 606	mtspr	SPRN_DPDES, r8
 607	mtspr	SPRN_VTB, r7
 608END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
 609
 610	/* Mark the subcore state as inside guest */
 611	bl	kvmppc_subcore_enter_guest
 612	nop
 613	ld	r5, HSTATE_KVM_VCORE(r13)
 614	ld	r4, HSTATE_KVM_VCPU(r13)
 615	li	r0,1
 616	stb	r0,VCORE_IN_GUEST(r5)	/* signal secondaries to continue */
 617
 618	/* Do we have a guest vcpu to run? */
 61910:	cmpdi	r4, 0
 620	beq	kvmppc_primary_no_guest
 621kvmppc_got_guest:
 622	/* Increment yield count if they have a VPA */
 623	ld	r3, VCPU_VPA(r4)
 624	cmpdi	r3, 0
 625	beq	25f
 626	li	r6, LPPACA_YIELDCOUNT
 627	LWZX_BE	r5, r3, r6
 628	addi	r5, r5, 1
 629	STWX_BE	r5, r3, r6
 630	li	r6, 1
 631	stb	r6, VCPU_VPA_DIRTY(r4)
 63225:
 633
 634	/* Save purr/spurr */
 635	mfspr	r5,SPRN_PURR
 636	mfspr	r6,SPRN_SPURR
 637	std	r5,HSTATE_PURR(r13)
 638	std	r6,HSTATE_SPURR(r13)
 639	ld	r7,VCPU_PURR(r4)
 640	ld	r8,VCPU_SPURR(r4)
 641	mtspr	SPRN_PURR,r7
 642	mtspr	SPRN_SPURR,r8
 643
 644	/* Save host values of some registers */
 645BEGIN_FTR_SECTION
 646	mfspr	r5, SPRN_CIABR
 647	mfspr	r6, SPRN_DAWR0
 648	mfspr	r7, SPRN_DAWRX0
 649	mfspr	r8, SPRN_IAMR
 650	std	r5, STACK_SLOT_CIABR(r1)
 651	std	r6, STACK_SLOT_DAWR0(r1)
 652	std	r7, STACK_SLOT_DAWRX0(r1)
 653	std	r8, STACK_SLOT_IAMR(r1)
 654	mfspr	r5, SPRN_FSCR
 655	std	r5, STACK_SLOT_FSCR(r1)
 656END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
 657
 658	mfspr	r5, SPRN_AMR
 659	std	r5, STACK_SLOT_AMR(r1)
 660	mfspr	r6, SPRN_UAMOR
 661	std	r6, STACK_SLOT_UAMOR(r1)
 662
 663BEGIN_FTR_SECTION
 664	/* Set partition DABR */
 665	/* Do this before re-enabling PMU to avoid P7 DABR corruption bug */
 666	lwz	r5,VCPU_DABRX(r4)
 667	ld	r6,VCPU_DABR(r4)
 668	mtspr	SPRN_DABRX,r5
 669	mtspr	SPRN_DABR,r6
 670	isync
 671END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
 672
 673#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
 674BEGIN_FTR_SECTION
 675	b	91f
 676END_FTR_SECTION_IFCLR(CPU_FTR_TM)
 677	/*
 678	 * NOTE THAT THIS TRASHES ALL NON-VOLATILE REGISTERS (but not CR)
 679	 */
 680	mr      r3, r4
 681	ld      r4, VCPU_MSR(r3)
 682	li	r5, 0			/* don't preserve non-vol regs */
 683	bl	kvmppc_restore_tm_hv
 684	nop
 685	ld	r4, HSTATE_KVM_VCPU(r13)
 68691:
 687#endif
 688
 689	/* Load guest PMU registers; r4 = vcpu pointer here */
 690	mr	r3, r4
 691	bl	kvmhv_load_guest_pmu
 692
 693	/* Load up FP, VMX and VSX registers */
 694	ld	r4, HSTATE_KVM_VCPU(r13)
 695	bl	kvmppc_load_fp
 696
 697	ld	r14, VCPU_GPR(R14)(r4)
 698	ld	r15, VCPU_GPR(R15)(r4)
 699	ld	r16, VCPU_GPR(R16)(r4)
 700	ld	r17, VCPU_GPR(R17)(r4)
 701	ld	r18, VCPU_GPR(R18)(r4)
 702	ld	r19, VCPU_GPR(R19)(r4)
 703	ld	r20, VCPU_GPR(R20)(r4)
 704	ld	r21, VCPU_GPR(R21)(r4)
 705	ld	r22, VCPU_GPR(R22)(r4)
 706	ld	r23, VCPU_GPR(R23)(r4)
 707	ld	r24, VCPU_GPR(R24)(r4)
 708	ld	r25, VCPU_GPR(R25)(r4)
 709	ld	r26, VCPU_GPR(R26)(r4)
 710	ld	r27, VCPU_GPR(R27)(r4)
 711	ld	r28, VCPU_GPR(R28)(r4)
 712	ld	r29, VCPU_GPR(R29)(r4)
 713	ld	r30, VCPU_GPR(R30)(r4)
 714	ld	r31, VCPU_GPR(R31)(r4)
 715
 716	/* Switch DSCR to guest value */
 717	ld	r5, VCPU_DSCR(r4)
 718	mtspr	SPRN_DSCR, r5
 719
 720BEGIN_FTR_SECTION
 721	/* Skip next section on POWER7 */
 722	b	8f
 723END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
 724	/* Load up POWER8-specific registers */
 725	ld	r5, VCPU_IAMR(r4)
 726	lwz	r6, VCPU_PSPB(r4)
 727	ld	r7, VCPU_FSCR(r4)
 728	mtspr	SPRN_IAMR, r5
 729	mtspr	SPRN_PSPB, r6
 730	mtspr	SPRN_FSCR, r7
 731	/*
 732	 * Handle broken DAWR case by not writing it. This means we
 733	 * can still store the DAWR register for migration.
 734	 */
 735	LOAD_REG_ADDR(r5, dawr_force_enable)
 736	lbz	r5, 0(r5)
 737	cmpdi	r5, 0
 738	beq	1f
 739	ld	r5, VCPU_DAWR0(r4)
 740	ld	r6, VCPU_DAWRX0(r4)
 741	mtspr	SPRN_DAWR0, r5
 742	mtspr	SPRN_DAWRX0, r6
 7431:
 744	ld	r7, VCPU_CIABR(r4)
 745	ld	r8, VCPU_TAR(r4)
 746	mtspr	SPRN_CIABR, r7
 747	mtspr	SPRN_TAR, r8
 748	ld	r5, VCPU_IC(r4)
 749	ld	r8, VCPU_EBBHR(r4)
 750	mtspr	SPRN_IC, r5
 751	mtspr	SPRN_EBBHR, r8
 752	ld	r5, VCPU_EBBRR(r4)
 753	ld	r6, VCPU_BESCR(r4)
 754	lwz	r7, VCPU_GUEST_PID(r4)
 755	ld	r8, VCPU_WORT(r4)
 756	mtspr	SPRN_EBBRR, r5
 757	mtspr	SPRN_BESCR, r6
 758	mtspr	SPRN_PID, r7
 759	mtspr	SPRN_WORT, r8
 760	/* POWER8-only registers */
 761	ld	r5, VCPU_TCSCR(r4)
 762	ld	r6, VCPU_ACOP(r4)
 763	ld	r7, VCPU_CSIGR(r4)
 764	ld	r8, VCPU_TACR(r4)
 765	mtspr	SPRN_TCSCR, r5
 766	mtspr	SPRN_ACOP, r6
 767	mtspr	SPRN_CSIGR, r7
 768	mtspr	SPRN_TACR, r8
 769	nop
 7708:
 771
 772	ld	r5, VCPU_SPRG0(r4)
 773	ld	r6, VCPU_SPRG1(r4)
 774	ld	r7, VCPU_SPRG2(r4)
 775	ld	r8, VCPU_SPRG3(r4)
 776	mtspr	SPRN_SPRG0, r5
 777	mtspr	SPRN_SPRG1, r6
 778	mtspr	SPRN_SPRG2, r7
 779	mtspr	SPRN_SPRG3, r8
 780
 781	/* Load up DAR and DSISR */
 782	ld	r5, VCPU_DAR(r4)
 783	lwz	r6, VCPU_DSISR(r4)
 784	mtspr	SPRN_DAR, r5
 785	mtspr	SPRN_DSISR, r6
 786
 787	/* Restore AMR and UAMOR, set AMOR to all 1s */
 788	ld	r5,VCPU_AMR(r4)
 789	ld	r6,VCPU_UAMOR(r4)
 790	mtspr	SPRN_AMR,r5
 791	mtspr	SPRN_UAMOR,r6
 792
 793	/* Restore state of CTRL run bit; the host currently has it set to 1 */
 794	lwz	r5,VCPU_CTRL(r4)
 795	andi.	r5,r5,1
 796	bne	4f
 797	li	r6,0
 798	mtspr	SPRN_CTRLT,r6
 7994:
 800	/* Secondary threads wait for primary to have done partition switch */
 801	ld	r5, HSTATE_KVM_VCORE(r13)
 802	lbz	r6, HSTATE_PTID(r13)
 803	cmpwi	r6, 0
 804	beq	21f
 805	lbz	r0, VCORE_IN_GUEST(r5)
 806	cmpwi	r0, 0
 807	bne	21f
 808	HMT_LOW
 80920:	lwz	r3, VCORE_ENTRY_EXIT(r5)
 810	cmpwi	r3, 0x100
 811	bge	no_switch_exit
 812	lbz	r0, VCORE_IN_GUEST(r5)
 813	cmpwi	r0, 0
 814	beq	20b
 815	HMT_MEDIUM
 81621:
 817	/* Set LPCR. */
 818	ld	r8,VCORE_LPCR(r5)
 819	mtspr	SPRN_LPCR,r8
 820	isync
 821
 822	/*
 823	 * Set the decrementer to the guest decrementer.
 824	 */
 825	ld	r8,VCPU_DEC_EXPIRES(r4)
 826	mftb	r7
 827	subf	r3,r7,r8
 828	mtspr	SPRN_DEC,r3
 829
 830	/* Check if HDEC expires soon */
 831	mfspr	r3, SPRN_HDEC
 832	extsw	r3, r3
 833	cmpdi	r3, 512		/* 1 microsecond */
 834	blt	hdec_soon
 835
 836	/* Clear out and reload the SLB */
 837	li	r6, 0
 838	slbmte	r6, r6
 839	PPC_SLBIA(6)
 840	ptesync
 841
 842	/* Load up guest SLB entries (N.B. slb_max will be 0 for radix) */
 843	lwz	r5,VCPU_SLB_MAX(r4)
 844	cmpwi	r5,0
 845	beq	9f
 846	mtctr	r5
 847	addi	r6,r4,VCPU_SLB
 8481:	ld	r8,VCPU_SLB_E(r6)
 849	ld	r9,VCPU_SLB_V(r6)
 850	slbmte	r9,r8
 851	addi	r6,r6,VCPU_SLB_SIZE
 852	bdnz	1b
 8539:
 854
 855deliver_guest_interrupt:	/* r4 = vcpu, r13 = paca */
 856	/* Check if we can deliver an external or decrementer interrupt now */
 857	ld	r0, VCPU_PENDING_EXC(r4)
 858	cmpdi	r0, 0
 859	beq	71f
 860	mr	r3, r4
 861	bl	CFUNC(kvmppc_guest_entry_inject_int)
 862	ld	r4, HSTATE_KVM_VCPU(r13)
 86371:
 864	ld	r6, VCPU_SRR0(r4)
 865	ld	r7, VCPU_SRR1(r4)
 866	mtspr	SPRN_SRR0, r6
 867	mtspr	SPRN_SRR1, r7
 868
 869	ld	r10, VCPU_PC(r4)
 870	ld	r11, VCPU_MSR(r4)
 871	/* r11 = vcpu->arch.msr & ~MSR_HV */
 872	rldicl	r11, r11, 63 - MSR_HV_LG, 1
 873	rotldi	r11, r11, 1 + MSR_HV_LG
 874	ori	r11, r11, MSR_ME
 875
 876	ld	r6, VCPU_CTR(r4)
 877	ld	r7, VCPU_XER(r4)
 878	mtctr	r6
 879	mtxer	r7
 880
 881/*
 882 * Required state:
 883 * R4 = vcpu
 884 * R10: value for HSRR0
 885 * R11: value for HSRR1
 886 * R13 = PACA
 887 */
 888fast_guest_return:
 889	li	r0,0
 890	stb	r0,VCPU_CEDED(r4)	/* cancel cede */
 891	mtspr	SPRN_HSRR0,r10
 892	mtspr	SPRN_HSRR1,r11
 893
 894	/* Activate guest mode, so faults get handled by KVM */
 895	li	r9, KVM_GUEST_MODE_GUEST_HV
 896	stb	r9, HSTATE_IN_GUEST(r13)
 897
 898#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
 899	/* Accumulate timing */
 900	addi	r3, r4, VCPU_TB_GUEST
 901	bl	kvmhv_accumulate_time
 902#endif
 903
 904	/* Enter guest */
 905
 906BEGIN_FTR_SECTION
 907	ld	r5, VCPU_CFAR(r4)
 908	mtspr	SPRN_CFAR, r5
 909END_FTR_SECTION_IFSET(CPU_FTR_CFAR)
 910BEGIN_FTR_SECTION
 911	ld	r0, VCPU_PPR(r4)
 912END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR)
 913
 914	ld	r5, VCPU_LR(r4)
 915	mtlr	r5
 916
 917	ld	r1, VCPU_GPR(R1)(r4)
 918	ld	r5, VCPU_GPR(R5)(r4)
 919	ld	r8, VCPU_GPR(R8)(r4)
 920	ld	r9, VCPU_GPR(R9)(r4)
 921	ld	r10, VCPU_GPR(R10)(r4)
 922	ld	r11, VCPU_GPR(R11)(r4)
 923	ld	r12, VCPU_GPR(R12)(r4)
 924	ld	r13, VCPU_GPR(R13)(r4)
 925
 926BEGIN_FTR_SECTION
 927	mtspr	SPRN_PPR, r0
 928END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR)
 929
 930	ld	r6, VCPU_GPR(R6)(r4)
 931	ld	r7, VCPU_GPR(R7)(r4)
 932
 933	ld	r0, VCPU_CR(r4)
 934	mtcr	r0
 935
 936	ld	r0, VCPU_GPR(R0)(r4)
 937	ld	r2, VCPU_GPR(R2)(r4)
 938	ld	r3, VCPU_GPR(R3)(r4)
 939	ld	r4, VCPU_GPR(R4)(r4)
 940	HRFI_TO_GUEST
 941	b	.
 942SYM_CODE_END(kvmppc_hv_entry)
 943
 944secondary_too_late:
 945	li	r12, 0
 946	stw	r12, STACK_SLOT_TRAP(r1)
 947	cmpdi	r4, 0
 948	beq	11f
 949	stw	r12, VCPU_TRAP(r4)
 950#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
 951	addi	r3, r4, VCPU_TB_RMEXIT
 952	bl	kvmhv_accumulate_time
 953#endif
 95411:	b	kvmhv_switch_to_host
 955
 956no_switch_exit:
 957	HMT_MEDIUM
 958	li	r12, 0
 959	b	12f
 960hdec_soon:
 961	li	r12, BOOK3S_INTERRUPT_HV_DECREMENTER
 96212:	stw	r12, VCPU_TRAP(r4)
 963	mr	r9, r4
 964#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
 965	addi	r3, r4, VCPU_TB_RMEXIT
 966	bl	kvmhv_accumulate_time
 967#endif
 968	b	guest_bypass
 969
 970/******************************************************************************
 971 *                                                                            *
 972 *                               Exit code                                    *
 973 *                                                                            *
 974 *****************************************************************************/
 975
 976/*
 977 * We come here from the first-level interrupt handlers.
 978 */
 979	.globl	kvmppc_interrupt_hv
 980kvmppc_interrupt_hv:
 981	/*
 982	 * Register contents:
 983	 * R9		= HSTATE_IN_GUEST
 984	 * R12		= (guest CR << 32) | interrupt vector
 985	 * R13		= PACA
 986	 * guest R12 saved in shadow VCPU SCRATCH0
 987	 * guest R13 saved in SPRN_SCRATCH0
 988	 * guest R9 saved in HSTATE_SCRATCH2
 989	 */
 990	/* We're now back in the host but in guest MMU context */
 991	cmpwi	r9,KVM_GUEST_MODE_HOST_HV
 992	beq	kvmppc_bad_host_intr
 993	li	r9, KVM_GUEST_MODE_HOST_HV
 994	stb	r9, HSTATE_IN_GUEST(r13)
 995
 996	ld	r9, HSTATE_KVM_VCPU(r13)
 997
 998	/* Save registers */
 999
1000	std	r0, VCPU_GPR(R0)(r9)
1001	std	r1, VCPU_GPR(R1)(r9)
1002	std	r2, VCPU_GPR(R2)(r9)
1003	std	r3, VCPU_GPR(R3)(r9)
1004	std	r4, VCPU_GPR(R4)(r9)
1005	std	r5, VCPU_GPR(R5)(r9)
1006	std	r6, VCPU_GPR(R6)(r9)
1007	std	r7, VCPU_GPR(R7)(r9)
1008	std	r8, VCPU_GPR(R8)(r9)
1009	ld	r0, HSTATE_SCRATCH2(r13)
1010	std	r0, VCPU_GPR(R9)(r9)
1011	std	r10, VCPU_GPR(R10)(r9)
1012	std	r11, VCPU_GPR(R11)(r9)
1013	ld	r3, HSTATE_SCRATCH0(r13)
1014	std	r3, VCPU_GPR(R12)(r9)
1015	/* CR is in the high half of r12 */
1016	srdi	r4, r12, 32
1017	std	r4, VCPU_CR(r9)
1018BEGIN_FTR_SECTION
1019	ld	r3, HSTATE_CFAR(r13)
1020	std	r3, VCPU_CFAR(r9)
1021END_FTR_SECTION_IFSET(CPU_FTR_CFAR)
1022BEGIN_FTR_SECTION
1023	ld	r4, HSTATE_PPR(r13)
1024	std	r4, VCPU_PPR(r9)
1025END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR)
1026
1027	/* Restore R1/R2 so we can handle faults */
1028	ld	r1, HSTATE_HOST_R1(r13)
1029	LOAD_PACA_TOC()
1030
1031	mfspr	r10, SPRN_SRR0
1032	mfspr	r11, SPRN_SRR1
1033	std	r10, VCPU_SRR0(r9)
1034	std	r11, VCPU_SRR1(r9)
1035	/* trap is in the low half of r12, clear CR from the high half */
1036	clrldi	r12, r12, 32
1037	andi.	r0, r12, 2		/* need to read HSRR0/1? */
1038	beq	1f
1039	mfspr	r10, SPRN_HSRR0
1040	mfspr	r11, SPRN_HSRR1
1041	clrrdi	r12, r12, 2
10421:	std	r10, VCPU_PC(r9)
1043	std	r11, VCPU_MSR(r9)
1044
1045	GET_SCRATCH0(r3)
1046	mflr	r4
1047	std	r3, VCPU_GPR(R13)(r9)
1048	std	r4, VCPU_LR(r9)
1049
1050	stw	r12,VCPU_TRAP(r9)
1051
1052	/*
1053	 * Now that we have saved away SRR0/1 and HSRR0/1,
1054	 * interrupts are recoverable in principle, so set MSR_RI.
1055	 * This becomes important for relocation-on interrupts from
1056	 * the guest, which we can get in radix mode on POWER9.
1057	 */
1058	li	r0, MSR_RI
1059	mtmsrd	r0, 1
1060
1061#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
1062	addi	r3, r9, VCPU_TB_RMINTR
1063	mr	r4, r9
1064	bl	kvmhv_accumulate_time
1065	ld	r5, VCPU_GPR(R5)(r9)
1066	ld	r6, VCPU_GPR(R6)(r9)
1067	ld	r7, VCPU_GPR(R7)(r9)
1068	ld	r8, VCPU_GPR(R8)(r9)
1069#endif
1070
1071	/* Save HEIR (HV emulation assist reg) in emul_inst
1072	   if this is an HEI (HV emulation interrupt, e40) */
1073	li	r3,KVM_INST_FETCH_FAILED
1074	std	r3,VCPU_LAST_INST(r9)
1075	cmpwi	r12,BOOK3S_INTERRUPT_H_EMUL_ASSIST
1076	bne	11f
1077	mfspr	r3,SPRN_HEIR
107811:	std	r3,VCPU_HEIR(r9)
1079
1080	/* these are volatile across C function calls */
1081	mfctr	r3
1082	mfxer	r4
1083	std	r3, VCPU_CTR(r9)
1084	std	r4, VCPU_XER(r9)
1085
1086	/* Save more register state  */
1087	mfdar	r3
1088	mfdsisr	r4
1089	std	r3, VCPU_DAR(r9)
1090	stw	r4, VCPU_DSISR(r9)
1091
1092	/* If this is a page table miss then see if it's theirs or ours */
1093	cmpwi	r12, BOOK3S_INTERRUPT_H_DATA_STORAGE
1094	beq	kvmppc_hdsi
1095	std	r3, VCPU_FAULT_DAR(r9)
1096	stw	r4, VCPU_FAULT_DSISR(r9)
1097	cmpwi	r12, BOOK3S_INTERRUPT_H_INST_STORAGE
1098	beq	kvmppc_hisi
1099
1100	/* See if this is a leftover HDEC interrupt */
1101	cmpwi	r12,BOOK3S_INTERRUPT_HV_DECREMENTER
1102	bne	2f
1103	mfspr	r3,SPRN_HDEC
1104	extsw	r3, r3
1105	cmpdi	r3,0
1106	mr	r4,r9
1107	bge	fast_guest_return
11082:
1109	/* See if this is an hcall we can handle in real mode */
1110	cmpwi	r12,BOOK3S_INTERRUPT_SYSCALL
1111	beq	hcall_try_real_mode
1112
1113	/* Hypervisor doorbell - exit only if host IPI flag set */
1114	cmpwi	r12, BOOK3S_INTERRUPT_H_DOORBELL
1115	bne	3f
1116	lbz	r0, HSTATE_HOST_IPI(r13)
1117	cmpwi	r0, 0
1118	beq	maybe_reenter_guest
1119	b	guest_exit_cont
11203:
1121	/* If it's a hypervisor facility unavailable interrupt, save HFSCR */
1122	cmpwi	r12, BOOK3S_INTERRUPT_H_FAC_UNAVAIL
1123	bne	14f
1124	mfspr	r3, SPRN_HFSCR
1125	std	r3, VCPU_HFSCR(r9)
1126	b	guest_exit_cont
112714:
1128	/* External interrupt ? */
1129	cmpwi	r12, BOOK3S_INTERRUPT_EXTERNAL
1130	beq	kvmppc_guest_external
1131	/* See if it is a machine check */
1132	cmpwi	r12, BOOK3S_INTERRUPT_MACHINE_CHECK
1133	beq	machine_check_realmode
1134	/* Or a hypervisor maintenance interrupt */
1135	cmpwi	r12, BOOK3S_INTERRUPT_HMI
1136	beq	hmi_realmode
1137
1138guest_exit_cont:		/* r9 = vcpu, r12 = trap, r13 = paca */
1139
1140#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
1141	addi	r3, r9, VCPU_TB_RMEXIT
1142	mr	r4, r9
1143	bl	kvmhv_accumulate_time
1144#endif
1145
1146	/*
1147	 * Possibly flush the link stack here, before we do a blr in
1148	 * kvmhv_switch_to_host.
1149	 */
11501:	nop
1151	patch_site 1b patch__call_kvm_flush_link_stack
1152
1153	/* For hash guest, read the guest SLB and save it away */
1154	li	r5, 0
1155	lwz	r0,VCPU_SLB_NR(r9)	/* number of entries in SLB */
1156	mtctr	r0
1157	li	r6,0
1158	addi	r7,r9,VCPU_SLB
11591:	slbmfee	r8,r6
1160	andis.	r0,r8,SLB_ESID_V@h
1161	beq	2f
1162	add	r8,r8,r6		/* put index in */
1163	slbmfev	r3,r6
1164	std	r8,VCPU_SLB_E(r7)
1165	std	r3,VCPU_SLB_V(r7)
1166	addi	r7,r7,VCPU_SLB_SIZE
1167	addi	r5,r5,1
11682:	addi	r6,r6,1
1169	bdnz	1b
1170	/* Finally clear out the SLB */
1171	li	r0,0
1172	slbmte	r0,r0
1173	PPC_SLBIA(6)
1174	ptesync
1175	stw	r5,VCPU_SLB_MAX(r9)
1176
1177	/* load host SLB entries */
1178	ld	r8,PACA_SLBSHADOWPTR(r13)
1179
1180	.rept	SLB_NUM_BOLTED
1181	li	r3, SLBSHADOW_SAVEAREA
1182	LDX_BE	r5, r8, r3
1183	addi	r3, r3, 8
1184	LDX_BE	r6, r8, r3
1185	andis.	r7,r5,SLB_ESID_V@h
1186	beq	1f
1187	slbmte	r6,r5
11881:	addi	r8,r8,16
1189	.endr
1190
1191guest_bypass:
1192	stw	r12, STACK_SLOT_TRAP(r1)
1193
1194	/* Save DEC */
1195	/* Do this before kvmhv_commence_exit so we know TB is guest TB */
1196	ld	r3, HSTATE_KVM_VCORE(r13)
1197	mfspr	r5,SPRN_DEC
1198	mftb	r6
1199	extsw	r5,r5
120016:	add	r5,r5,r6
1201	std	r5,VCPU_DEC_EXPIRES(r9)
1202
1203	/* Increment exit count, poke other threads to exit */
1204	mr 	r3, r12
1205	bl	kvmhv_commence_exit
1206	nop
1207	ld	r9, HSTATE_KVM_VCPU(r13)
1208
1209	/* Stop others sending VCPU interrupts to this physical CPU */
1210	li	r0, -1
1211	stw	r0, VCPU_CPU(r9)
1212	stw	r0, VCPU_THREAD_CPU(r9)
1213
1214	/* Save guest CTRL register, set runlatch to 1 if it was clear */
1215	mfspr	r6,SPRN_CTRLF
1216	stw	r6,VCPU_CTRL(r9)
1217	andi.	r0,r6,1
1218	bne	4f
1219	li	r6,1
1220	mtspr	SPRN_CTRLT,r6
12214:
1222	/*
1223	 * Save the guest PURR/SPURR
1224	 */
1225	mfspr	r5,SPRN_PURR
1226	mfspr	r6,SPRN_SPURR
1227	ld	r7,VCPU_PURR(r9)
1228	ld	r8,VCPU_SPURR(r9)
1229	std	r5,VCPU_PURR(r9)
1230	std	r6,VCPU_SPURR(r9)
1231	subf	r5,r7,r5
1232	subf	r6,r8,r6
1233
1234	/*
1235	 * Restore host PURR/SPURR and add guest times
1236	 * so that the time in the guest gets accounted.
1237	 */
1238	ld	r3,HSTATE_PURR(r13)
1239	ld	r4,HSTATE_SPURR(r13)
1240	add	r3,r3,r5
1241	add	r4,r4,r6
1242	mtspr	SPRN_PURR,r3
1243	mtspr	SPRN_SPURR,r4
1244
1245BEGIN_FTR_SECTION
1246	b	8f
1247END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
1248	/* Save POWER8-specific registers */
1249	mfspr	r5, SPRN_IAMR
1250	mfspr	r6, SPRN_PSPB
1251	mfspr	r7, SPRN_FSCR
1252	std	r5, VCPU_IAMR(r9)
1253	stw	r6, VCPU_PSPB(r9)
1254	std	r7, VCPU_FSCR(r9)
1255	mfspr	r5, SPRN_IC
1256	mfspr	r7, SPRN_TAR
1257	std	r5, VCPU_IC(r9)
1258	std	r7, VCPU_TAR(r9)
1259	mfspr	r8, SPRN_EBBHR
1260	std	r8, VCPU_EBBHR(r9)
1261	mfspr	r5, SPRN_EBBRR
1262	mfspr	r6, SPRN_BESCR
1263	mfspr	r7, SPRN_PID
1264	mfspr	r8, SPRN_WORT
1265	std	r5, VCPU_EBBRR(r9)
1266	std	r6, VCPU_BESCR(r9)
1267	stw	r7, VCPU_GUEST_PID(r9)
1268	std	r8, VCPU_WORT(r9)
1269	mfspr	r5, SPRN_TCSCR
1270	mfspr	r6, SPRN_ACOP
1271	mfspr	r7, SPRN_CSIGR
1272	mfspr	r8, SPRN_TACR
1273	std	r5, VCPU_TCSCR(r9)
1274	std	r6, VCPU_ACOP(r9)
1275	std	r7, VCPU_CSIGR(r9)
1276	std	r8, VCPU_TACR(r9)
1277BEGIN_FTR_SECTION
1278	ld	r5, STACK_SLOT_FSCR(r1)
1279	mtspr	SPRN_FSCR, r5
1280END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
1281	/*
1282	 * Restore various registers to 0, where non-zero values
1283	 * set by the guest could disrupt the host.
1284	 */
1285	li	r0, 0
1286	mtspr	SPRN_PSPB, r0
1287	mtspr	SPRN_WORT, r0
1288	mtspr	SPRN_TCSCR, r0
1289	/* Set MMCRS to 1<<31 to freeze and disable the SPMC counters */
1290	li	r0, 1
1291	sldi	r0, r0, 31
1292	mtspr	SPRN_MMCRS, r0
1293
1294	/* Save and restore AMR, IAMR and UAMOR before turning on the MMU */
1295	ld	r8, STACK_SLOT_IAMR(r1)
1296	mtspr	SPRN_IAMR, r8
1297
12988:	/* Power7 jumps back in here */
1299	mfspr	r5,SPRN_AMR
1300	mfspr	r6,SPRN_UAMOR
1301	std	r5,VCPU_AMR(r9)
1302	std	r6,VCPU_UAMOR(r9)
1303	ld	r5,STACK_SLOT_AMR(r1)
1304	ld	r6,STACK_SLOT_UAMOR(r1)
1305	mtspr	SPRN_AMR, r5
1306	mtspr	SPRN_UAMOR, r6
1307
1308	/* Switch DSCR back to host value */
1309	mfspr	r8, SPRN_DSCR
1310	ld	r7, HSTATE_DSCR(r13)
1311	std	r8, VCPU_DSCR(r9)
1312	mtspr	SPRN_DSCR, r7
1313
1314	/* Save non-volatile GPRs */
1315	std	r14, VCPU_GPR(R14)(r9)
1316	std	r15, VCPU_GPR(R15)(r9)
1317	std	r16, VCPU_GPR(R16)(r9)
1318	std	r17, VCPU_GPR(R17)(r9)
1319	std	r18, VCPU_GPR(R18)(r9)
1320	std	r19, VCPU_GPR(R19)(r9)
1321	std	r20, VCPU_GPR(R20)(r9)
1322	std	r21, VCPU_GPR(R21)(r9)
1323	std	r22, VCPU_GPR(R22)(r9)
1324	std	r23, VCPU_GPR(R23)(r9)
1325	std	r24, VCPU_GPR(R24)(r9)
1326	std	r25, VCPU_GPR(R25)(r9)
1327	std	r26, VCPU_GPR(R26)(r9)
1328	std	r27, VCPU_GPR(R27)(r9)
1329	std	r28, VCPU_GPR(R28)(r9)
1330	std	r29, VCPU_GPR(R29)(r9)
1331	std	r30, VCPU_GPR(R30)(r9)
1332	std	r31, VCPU_GPR(R31)(r9)
1333
1334	/* Save SPRGs */
1335	mfspr	r3, SPRN_SPRG0
1336	mfspr	r4, SPRN_SPRG1
1337	mfspr	r5, SPRN_SPRG2
1338	mfspr	r6, SPRN_SPRG3
1339	std	r3, VCPU_SPRG0(r9)
1340	std	r4, VCPU_SPRG1(r9)
1341	std	r5, VCPU_SPRG2(r9)
1342	std	r6, VCPU_SPRG3(r9)
1343
1344	/* save FP state */
1345	mr	r3, r9
1346	bl	kvmppc_save_fp
1347
1348#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
1349BEGIN_FTR_SECTION
1350	b	91f
1351END_FTR_SECTION_IFCLR(CPU_FTR_TM)
1352	/*
1353	 * NOTE THAT THIS TRASHES ALL NON-VOLATILE REGISTERS (but not CR)
1354	 */
1355	mr      r3, r9
1356	ld      r4, VCPU_MSR(r3)
1357	li	r5, 0			/* don't preserve non-vol regs */
1358	bl	kvmppc_save_tm_hv
1359	nop
1360	ld	r9, HSTATE_KVM_VCPU(r13)
136191:
1362#endif
1363
1364	/* Increment yield count if they have a VPA */
1365	ld	r8, VCPU_VPA(r9)	/* do they have a VPA? */
1366	cmpdi	r8, 0
1367	beq	25f
1368	li	r4, LPPACA_YIELDCOUNT
1369	LWZX_BE	r3, r8, r4
1370	addi	r3, r3, 1
1371	STWX_BE	r3, r8, r4
1372	li	r3, 1
1373	stb	r3, VCPU_VPA_DIRTY(r9)
137425:
1375	/* Save PMU registers if requested */
1376	/* r8 and cr0.eq are live here */
1377	mr	r3, r9
1378	li	r4, 1
1379	beq	21f			/* if no VPA, save PMU stuff anyway */
1380	lbz	r4, LPPACA_PMCINUSE(r8)
138121:	bl	kvmhv_save_guest_pmu
1382	ld	r9, HSTATE_KVM_VCPU(r13)
1383
1384	/* Restore host values of some registers */
1385BEGIN_FTR_SECTION
1386	ld	r5, STACK_SLOT_CIABR(r1)
1387	ld	r6, STACK_SLOT_DAWR0(r1)
1388	ld	r7, STACK_SLOT_DAWRX0(r1)
1389	mtspr	SPRN_CIABR, r5
1390	/*
1391	 * If the DAWR doesn't work, it's ok to write these here as
1392	 * this value should always be zero
1393	*/
1394	mtspr	SPRN_DAWR0, r6
1395	mtspr	SPRN_DAWRX0, r7
1396END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
1397
1398	/*
1399	 * POWER7/POWER8 guest -> host partition switch code.
1400	 * We don't have to lock against tlbies but we do
1401	 * have to coordinate the hardware threads.
1402	 * Here STACK_SLOT_TRAP(r1) contains the trap number.
1403	 */
1404kvmhv_switch_to_host:
1405	/* Secondary threads wait for primary to do partition switch */
1406	ld	r5,HSTATE_KVM_VCORE(r13)
1407	ld	r4,VCORE_KVM(r5)	/* pointer to struct kvm */
1408	lbz	r3,HSTATE_PTID(r13)
1409	cmpwi	r3,0
1410	beq	15f
1411	HMT_LOW
141213:	lbz	r3,VCORE_IN_GUEST(r5)
1413	cmpwi	r3,0
1414	bne	13b
1415	HMT_MEDIUM
1416	b	16f
1417
1418	/* Primary thread waits for all the secondaries to exit guest */
141915:	lwz	r3,VCORE_ENTRY_EXIT(r5)
1420	rlwinm	r0,r3,32-8,0xff
1421	clrldi	r3,r3,56
1422	cmpw	r3,r0
1423	bne	15b
1424	isync
1425
1426	/* Did we actually switch to the guest at all? */
1427	lbz	r6, VCORE_IN_GUEST(r5)
1428	cmpwi	r6, 0
1429	beq	19f
1430
1431	/* Primary thread switches back to host partition */
1432	lwz	r7,KVM_HOST_LPID(r4)
1433	ld	r6,KVM_HOST_SDR1(r4)
1434	li	r8,LPID_RSVD		/* switch to reserved LPID */
1435	mtspr	SPRN_LPID,r8
1436	ptesync
1437	mtspr	SPRN_SDR1,r6		/* switch to host page table */
1438	mtspr	SPRN_LPID,r7
1439	isync
1440
1441BEGIN_FTR_SECTION
1442	/* DPDES and VTB are shared between threads */
1443	mfspr	r7, SPRN_DPDES
1444	mfspr	r8, SPRN_VTB
1445	std	r7, VCORE_DPDES(r5)
1446	std	r8, VCORE_VTB(r5)
1447	/* clear DPDES so we don't get guest doorbells in the host */
1448	li	r8, 0
1449	mtspr	SPRN_DPDES, r8
1450END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
1451
1452	/* Subtract timebase offset from timebase */
1453	ld	r8, VCORE_TB_OFFSET_APPL(r5)
1454	cmpdi	r8,0
1455	beq	17f
1456	li	r0, 0
1457	std	r0, VCORE_TB_OFFSET_APPL(r5)
1458	mftb	r6			/* current guest timebase */
1459	subf	r8,r8,r6
1460	mtspr	SPRN_TBU40,r8		/* update upper 40 bits */
1461	mftb	r7			/* check if lower 24 bits overflowed */
1462	clrldi	r6,r6,40
1463	clrldi	r7,r7,40
1464	cmpld	r7,r6
1465	bge	17f
1466	addis	r8,r8,0x100		/* if so, increment upper 40 bits */
1467	mtspr	SPRN_TBU40,r8
1468
146917:
1470	/*
1471	 * If this is an HMI, we called kvmppc_realmode_hmi_handler
1472	 * above, which may or may not have already called
1473	 * kvmppc_subcore_exit_guest.  Fortunately, all that
1474	 * kvmppc_subcore_exit_guest does is clear a flag, so calling
1475	 * it again here is benign even if kvmppc_realmode_hmi_handler
1476	 * has already called it.
1477	 */
1478	bl	kvmppc_subcore_exit_guest
1479	nop
148030:	ld	r5,HSTATE_KVM_VCORE(r13)
1481	ld	r4,VCORE_KVM(r5)	/* pointer to struct kvm */
1482
1483	/* Reset PCR */
1484	ld	r0, VCORE_PCR(r5)
1485	LOAD_REG_IMMEDIATE(r6, PCR_MASK)
1486	cmpld	r0, r6
1487	beq	18f
1488	mtspr	SPRN_PCR, r6
148918:
1490	/* Signal secondary CPUs to continue */
1491	li	r0, 0
1492	stb	r0,VCORE_IN_GUEST(r5)
149319:	lis	r8,0x7fff		/* MAX_INT@h */
1494	mtspr	SPRN_HDEC,r8
1495
149616:	ld	r8,KVM_HOST_LPCR(r4)
1497	mtspr	SPRN_LPCR,r8
1498	isync
1499
1500#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
1501	/* Finish timing, if we have a vcpu */
1502	ld	r4, HSTATE_KVM_VCPU(r13)
1503	cmpdi	r4, 0
1504	li	r3, 0
1505	beq	2f
1506	bl	kvmhv_accumulate_time
15072:
1508#endif
1509	/* Unset guest mode */
1510	li	r0, KVM_GUEST_MODE_NONE
1511	stb	r0, HSTATE_IN_GUEST(r13)
1512
1513	lwz	r12, STACK_SLOT_TRAP(r1)	/* return trap # in r12 */
1514	ld	r0, SFS+PPC_LR_STKOFF(r1)
1515	addi	r1, r1, SFS
1516	mtlr	r0
1517	blr
1518
1519.balign 32
1520.global kvm_flush_link_stack
1521kvm_flush_link_stack:
1522	/* Save LR into r0 */
1523	mflr	r0
1524
1525	/* Flush the link stack. On Power8 it's up to 32 entries in size. */
1526	.rept 32
1527	bl	.+4
1528	.endr
1529
1530	/* And on Power9 it's up to 64. */
1531BEGIN_FTR_SECTION
1532	.rept 32
1533	bl	.+4
1534	.endr
1535END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300)
1536
1537	/* Restore LR */
1538	mtlr	r0
1539	blr
1540
1541kvmppc_guest_external:
1542	/* External interrupt, first check for host_ipi. If this is
1543	 * set, we know the host wants us out so let's do it now
1544	 */
1545	bl	CFUNC(kvmppc_read_intr)
1546
1547	/*
1548	 * Restore the active volatile registers after returning from
1549	 * a C function.
1550	 */
1551	ld	r9, HSTATE_KVM_VCPU(r13)
1552	li	r12, BOOK3S_INTERRUPT_EXTERNAL
1553
1554	/*
1555	 * kvmppc_read_intr return codes:
1556	 *
1557	 * Exit to host (r3 > 0)
1558	 *   1 An interrupt is pending that needs to be handled by the host
1559	 *     Exit guest and return to host by branching to guest_exit_cont
1560	 *
1561	 *   2 Passthrough that needs completion in the host
1562	 *     Exit guest and return to host by branching to guest_exit_cont
1563	 *     However, we also set r12 to BOOK3S_INTERRUPT_HV_RM_HARD
1564	 *     to indicate to the host to complete handling the interrupt
1565	 *
1566	 * Before returning to guest, we check if any CPU is heading out
1567	 * to the host and if so, we head out also. If no CPUs are heading
1568	 * check return values <= 0.
1569	 *
1570	 * Return to guest (r3 <= 0)
1571	 *  0 No external interrupt is pending
1572	 * -1 A guest wakeup IPI (which has now been cleared)
1573	 *    In either case, we return to guest to deliver any pending
1574	 *    guest interrupts.
1575	 *
1576	 * -2 A PCI passthrough external interrupt was handled
1577	 *    (interrupt was delivered directly to guest)
1578	 *    Return to guest to deliver any pending guest interrupts.
1579	 */
1580
1581	cmpdi	r3, 1
1582	ble	1f
1583
1584	/* Return code = 2 */
1585	li	r12, BOOK3S_INTERRUPT_HV_RM_HARD
1586	stw	r12, VCPU_TRAP(r9)
1587	b	guest_exit_cont
1588
15891:	/* Return code <= 1 */
1590	cmpdi	r3, 0
1591	bgt	guest_exit_cont
1592
1593	/* Return code <= 0 */
1594maybe_reenter_guest:
1595	ld	r5, HSTATE_KVM_VCORE(r13)
1596	lwz	r0, VCORE_ENTRY_EXIT(r5)
1597	cmpwi	r0, 0x100
1598	mr	r4, r9
1599	blt	deliver_guest_interrupt
1600	b	guest_exit_cont
1601
1602/*
1603 * Check whether an HDSI is an HPTE not found fault or something else.
1604 * If it is an HPTE not found fault that is due to the guest accessing
1605 * a page that they have mapped but which we have paged out, then
1606 * we continue on with the guest exit path.  In all other cases,
1607 * reflect the HDSI to the guest as a DSI.
1608 */
1609kvmppc_hdsi:
1610	mfspr	r4, SPRN_HDAR
1611	mfspr	r6, SPRN_HDSISR
1612	/* HPTE not found fault or protection fault? */
1613	andis.	r0, r6, (DSISR_NOHPTE | DSISR_PROTFAULT)@h
1614	beq	1f			/* if not, send it to the guest */
1615	andi.	r0, r11, MSR_DR		/* data relocation enabled? */
1616	beq	3f
1617	clrrdi	r0, r4, 28
1618	PPC_SLBFEE_DOT(R5, R0)		/* if so, look up SLB */
1619	li	r0, BOOK3S_INTERRUPT_DATA_SEGMENT
1620	bne	7f			/* if no SLB entry found */
16214:	std	r4, VCPU_FAULT_DAR(r9)
1622	stw	r6, VCPU_FAULT_DSISR(r9)
1623
1624	/* Search the hash table. */
1625	mr	r3, r9			/* vcpu pointer */
1626	li	r7, 1			/* data fault */
1627	bl	CFUNC(kvmppc_hpte_hv_fault)
1628	ld	r9, HSTATE_KVM_VCPU(r13)
1629	ld	r10, VCPU_PC(r9)
1630	ld	r11, VCPU_MSR(r9)
1631	li	r12, BOOK3S_INTERRUPT_H_DATA_STORAGE
1632	cmpdi	r3, 0			/* retry the instruction */
1633	beq	6f
1634	cmpdi	r3, -1			/* handle in kernel mode */
1635	beq	guest_exit_cont
1636	cmpdi	r3, -2			/* MMIO emulation; need instr word */
1637	beq	2f
1638
1639	/* Synthesize a DSI (or DSegI) for the guest */
1640	ld	r4, VCPU_FAULT_DAR(r9)
1641	mr	r6, r3
16421:	li	r0, BOOK3S_INTERRUPT_DATA_STORAGE
1643	mtspr	SPRN_DSISR, r6
16447:	mtspr	SPRN_DAR, r4
1645	mtspr	SPRN_SRR0, r10
1646	mtspr	SPRN_SRR1, r11
1647	mr	r10, r0
1648	bl	kvmppc_msr_interrupt
1649fast_interrupt_c_return:
16506:	ld	r7, VCPU_CTR(r9)
1651	ld	r8, VCPU_XER(r9)
1652	mtctr	r7
1653	mtxer	r8
1654	mr	r4, r9
1655	b	fast_guest_return
1656
16573:	ld	r5, VCPU_KVM(r9)	/* not relocated, use VRMA */
1658	ld	r5, KVM_VRMA_SLB_V(r5)
1659	b	4b
1660
1661	/* If this is for emulated MMIO, load the instruction word */
16622:	li	r8, KVM_INST_FETCH_FAILED	/* In case lwz faults */
1663
1664	/* Set guest mode to 'jump over instruction' so if lwz faults
1665	 * we'll just continue at the next IP. */
1666	li	r0, KVM_GUEST_MODE_SKIP
1667	stb	r0, HSTATE_IN_GUEST(r13)
1668
1669	/* Do the access with MSR:DR enabled */
1670	mfmsr	r3
1671	ori	r4, r3, MSR_DR		/* Enable paging for data */
1672	mtmsrd	r4
1673	lwz	r8, 0(r10)
1674	mtmsrd	r3
1675
1676	/* Store the result */
1677	std	r8, VCPU_LAST_INST(r9)
1678
1679	/* Unset guest mode. */
1680	li	r0, KVM_GUEST_MODE_HOST_HV
1681	stb	r0, HSTATE_IN_GUEST(r13)
1682	b	guest_exit_cont
1683
1684/*
1685 * Similarly for an HISI, reflect it to the guest as an ISI unless
1686 * it is an HPTE not found fault for a page that we have paged out.
1687 */
1688kvmppc_hisi:
1689	andis.	r0, r11, SRR1_ISI_NOPT@h
1690	beq	1f
1691	andi.	r0, r11, MSR_IR		/* instruction relocation enabled? */
1692	beq	3f
1693	clrrdi	r0, r10, 28
1694	PPC_SLBFEE_DOT(R5, R0)		/* if so, look up SLB */
1695	li	r0, BOOK3S_INTERRUPT_INST_SEGMENT
1696	bne	7f			/* if no SLB entry found */
16974:
1698	/* Search the hash table. */
1699	mr	r3, r9			/* vcpu pointer */
1700	mr	r4, r10
1701	mr	r6, r11
1702	li	r7, 0			/* instruction fault */
1703	bl	CFUNC(kvmppc_hpte_hv_fault)
1704	ld	r9, HSTATE_KVM_VCPU(r13)
1705	ld	r10, VCPU_PC(r9)
1706	ld	r11, VCPU_MSR(r9)
1707	li	r12, BOOK3S_INTERRUPT_H_INST_STORAGE
1708	cmpdi	r3, 0			/* retry the instruction */
1709	beq	fast_interrupt_c_return
1710	cmpdi	r3, -1			/* handle in kernel mode */
1711	beq	guest_exit_cont
1712
1713	/* Synthesize an ISI (or ISegI) for the guest */
1714	mr	r11, r3
17151:	li	r0, BOOK3S_INTERRUPT_INST_STORAGE
17167:	mtspr	SPRN_SRR0, r10
1717	mtspr	SPRN_SRR1, r11
1718	mr	r10, r0
1719	bl	kvmppc_msr_interrupt
1720	b	fast_interrupt_c_return
1721
17223:	ld	r6, VCPU_KVM(r9)	/* not relocated, use VRMA */
1723	ld	r5, KVM_VRMA_SLB_V(r6)
1724	b	4b
1725
1726/*
1727 * Try to handle an hcall in real mode.
1728 * Returns to the guest if we handle it, or continues on up to
1729 * the kernel if we can't (i.e. if we don't have a handler for
1730 * it, or if the handler returns H_TOO_HARD).
1731 *
1732 * r5 - r8 contain hcall args,
1733 * r9 = vcpu, r10 = pc, r11 = msr, r12 = trap, r13 = paca
1734 */
1735hcall_try_real_mode:
1736	ld	r3,VCPU_GPR(R3)(r9)
1737	andi.	r0,r11,MSR_PR
1738	/* sc 1 from userspace - reflect to guest syscall */
1739	bne	sc_1_fast_return
1740	clrrdi	r3,r3,2
1741	cmpldi	r3,hcall_real_table_end - hcall_real_table
1742	bge	guest_exit_cont
1743	/* See if this hcall is enabled for in-kernel handling */
1744	ld	r4, VCPU_KVM(r9)
1745	srdi	r0, r3, 8	/* r0 = (r3 / 4) >> 6 */
1746	sldi	r0, r0, 3	/* index into kvm->arch.enabled_hcalls[] */
1747	add	r4, r4, r0
1748	ld	r0, KVM_ENABLED_HCALLS(r4)
1749	rlwinm	r4, r3, 32-2, 0x3f	/* r4 = (r3 / 4) & 0x3f */
1750	srd	r0, r0, r4
1751	andi.	r0, r0, 1
1752	beq	guest_exit_cont
1753	/* Get pointer to handler, if any, and call it */
1754	LOAD_REG_ADDR(r4, hcall_real_table)
1755	lwax	r3,r3,r4
1756	cmpwi	r3,0
1757	beq	guest_exit_cont
1758	add	r12,r3,r4
1759	mtctr	r12
1760	mr	r3,r9		/* get vcpu pointer */
1761	ld	r4,VCPU_GPR(R4)(r9)
1762	bctrl
1763	cmpdi	r3,H_TOO_HARD
1764	beq	hcall_real_fallback
1765	ld	r4,HSTATE_KVM_VCPU(r13)
1766	std	r3,VCPU_GPR(R3)(r4)
1767	ld	r10,VCPU_PC(r4)
1768	ld	r11,VCPU_MSR(r4)
1769	b	fast_guest_return
1770
1771sc_1_fast_return:
1772	mtspr	SPRN_SRR0,r10
1773	mtspr	SPRN_SRR1,r11
1774	li	r10, BOOK3S_INTERRUPT_SYSCALL
1775	bl	kvmppc_msr_interrupt
1776	mr	r4,r9
1777	b	fast_guest_return
1778
1779	/* We've attempted a real mode hcall, but it's punted it back
1780	 * to userspace.  We need to restore some clobbered volatiles
1781	 * before resuming the pass-it-to-qemu path */
1782hcall_real_fallback:
1783	li	r12,BOOK3S_INTERRUPT_SYSCALL
1784	ld	r9, HSTATE_KVM_VCPU(r13)
1785
1786	b	guest_exit_cont
1787
1788	.globl	hcall_real_table
1789hcall_real_table:
1790	.long	0		/* 0 - unused */
1791	.long	DOTSYM(kvmppc_h_remove) - hcall_real_table
1792	.long	DOTSYM(kvmppc_h_enter) - hcall_real_table
1793	.long	DOTSYM(kvmppc_h_read) - hcall_real_table
1794	.long	DOTSYM(kvmppc_h_clear_mod) - hcall_real_table
1795	.long	DOTSYM(kvmppc_h_clear_ref) - hcall_real_table
1796	.long	DOTSYM(kvmppc_h_protect) - hcall_real_table
1797	.long	0		/* 0x1c */
1798	.long	0		/* 0x20 */
1799	.long	0		/* 0x24 - H_SET_SPRG0 */
1800	.long	DOTSYM(kvmppc_h_set_dabr) - hcall_real_table
1801	.long	DOTSYM(kvmppc_rm_h_page_init) - hcall_real_table
1802	.long	0		/* 0x30 */
1803	.long	0		/* 0x34 */
1804	.long	0		/* 0x38 */
1805	.long	0		/* 0x3c */
1806	.long	0		/* 0x40 */
1807	.long	0		/* 0x44 */
1808	.long	0		/* 0x48 */
1809	.long	0		/* 0x4c */
1810	.long	0		/* 0x50 */
1811	.long	0		/* 0x54 */
1812	.long	0		/* 0x58 */
1813	.long	0		/* 0x5c */
1814	.long	0		/* 0x60 */
1815#ifdef CONFIG_KVM_XICS
1816	.long	DOTSYM(xics_rm_h_eoi) - hcall_real_table
1817	.long	DOTSYM(xics_rm_h_cppr) - hcall_real_table
1818	.long	DOTSYM(xics_rm_h_ipi) - hcall_real_table
1819	.long	0		/* 0x70 - H_IPOLL */
1820	.long	DOTSYM(xics_rm_h_xirr) - hcall_real_table
1821#else
1822	.long	0		/* 0x64 - H_EOI */
1823	.long	0		/* 0x68 - H_CPPR */
1824	.long	0		/* 0x6c - H_IPI */
1825	.long	0		/* 0x70 - H_IPOLL */
1826	.long	0		/* 0x74 - H_XIRR */
1827#endif
1828	.long	0		/* 0x78 */
1829	.long	0		/* 0x7c */
1830	.long	0		/* 0x80 */
1831	.long	0		/* 0x84 */
1832	.long	0		/* 0x88 */
1833	.long	0		/* 0x8c */
1834	.long	0		/* 0x90 */
1835	.long	0		/* 0x94 */
1836	.long	0		/* 0x98 */
1837	.long	0		/* 0x9c */
1838	.long	0		/* 0xa0 */
1839	.long	0		/* 0xa4 */
1840	.long	0		/* 0xa8 */
1841	.long	0		/* 0xac */
1842	.long	0		/* 0xb0 */
1843	.long	0		/* 0xb4 */
1844	.long	0		/* 0xb8 */
1845	.long	0		/* 0xbc */
1846	.long	0		/* 0xc0 */
1847	.long	0		/* 0xc4 */
1848	.long	0		/* 0xc8 */
1849	.long	0		/* 0xcc */
1850	.long	0		/* 0xd0 */
1851	.long	0		/* 0xd4 */
1852	.long	0		/* 0xd8 */
1853	.long	0		/* 0xdc */
1854	.long	DOTSYM(kvmppc_h_cede) - hcall_real_table
1855	.long	DOTSYM(kvmppc_rm_h_confer) - hcall_real_table
1856	.long	0		/* 0xe8 */
1857	.long	0		/* 0xec */
1858	.long	0		/* 0xf0 */
1859	.long	0		/* 0xf4 */
1860	.long	0		/* 0xf8 */
1861	.long	0		/* 0xfc */
1862	.long	0		/* 0x100 */
1863	.long	0		/* 0x104 */
1864	.long	0		/* 0x108 */
1865	.long	0		/* 0x10c */
1866	.long	0		/* 0x110 */
1867	.long	0		/* 0x114 */
1868	.long	0		/* 0x118 */
1869	.long	0		/* 0x11c */
1870	.long	0		/* 0x120 */
1871	.long	DOTSYM(kvmppc_h_bulk_remove) - hcall_real_table
1872	.long	0		/* 0x128 */
1873	.long	0		/* 0x12c */
1874	.long	0		/* 0x130 */
1875	.long	DOTSYM(kvmppc_h_set_xdabr) - hcall_real_table
1876	.long	0		/* 0x138 */
1877	.long	0		/* 0x13c */
1878	.long	0		/* 0x140 */
1879	.long	0		/* 0x144 */
1880	.long	0		/* 0x148 */
1881	.long	0		/* 0x14c */
1882	.long	0		/* 0x150 */
1883	.long	0		/* 0x154 */
1884	.long	0		/* 0x158 */
1885	.long	0		/* 0x15c */
1886	.long	0		/* 0x160 */
1887	.long	0		/* 0x164 */
1888	.long	0		/* 0x168 */
1889	.long	0		/* 0x16c */
1890	.long	0		/* 0x170 */
1891	.long	0		/* 0x174 */
1892	.long	0		/* 0x178 */
1893	.long	0		/* 0x17c */
1894	.long	0		/* 0x180 */
1895	.long	0		/* 0x184 */
1896	.long	0		/* 0x188 */
1897	.long	0		/* 0x18c */
1898	.long	0		/* 0x190 */
1899	.long	0		/* 0x194 */
1900	.long	0		/* 0x198 */
1901	.long	0		/* 0x19c */
1902	.long	0		/* 0x1a0 */
1903	.long	0		/* 0x1a4 */
1904	.long	0		/* 0x1a8 */
1905	.long	0		/* 0x1ac */
1906	.long	0		/* 0x1b0 */
1907	.long	0		/* 0x1b4 */
1908	.long	0		/* 0x1b8 */
1909	.long	0		/* 0x1bc */
1910	.long	0		/* 0x1c0 */
1911	.long	0		/* 0x1c4 */
1912	.long	0		/* 0x1c8 */
1913	.long	0		/* 0x1cc */
1914	.long	0		/* 0x1d0 */
1915	.long	0		/* 0x1d4 */
1916	.long	0		/* 0x1d8 */
1917	.long	0		/* 0x1dc */
1918	.long	0		/* 0x1e0 */
1919	.long	0		/* 0x1e4 */
1920	.long	0		/* 0x1e8 */
1921	.long	0		/* 0x1ec */
1922	.long	0		/* 0x1f0 */
1923	.long	0		/* 0x1f4 */
1924	.long	0		/* 0x1f8 */
1925	.long	0		/* 0x1fc */
1926	.long	0		/* 0x200 */
1927	.long	0		/* 0x204 */
1928	.long	0		/* 0x208 */
1929	.long	0		/* 0x20c */
1930	.long	0		/* 0x210 */
1931	.long	0		/* 0x214 */
1932	.long	0		/* 0x218 */
1933	.long	0		/* 0x21c */
1934	.long	0		/* 0x220 */
1935	.long	0		/* 0x224 */
1936	.long	0		/* 0x228 */
1937	.long	0		/* 0x22c */
1938	.long	0		/* 0x230 */
1939	.long	0		/* 0x234 */
1940	.long	0		/* 0x238 */
1941	.long	0		/* 0x23c */
1942	.long	0		/* 0x240 */
1943	.long	0		/* 0x244 */
1944	.long	0		/* 0x248 */
1945	.long	0		/* 0x24c */
1946	.long	0		/* 0x250 */
1947	.long	0		/* 0x254 */
1948	.long	0		/* 0x258 */
1949	.long	0		/* 0x25c */
1950	.long	0		/* 0x260 */
1951	.long	0		/* 0x264 */
1952	.long	0		/* 0x268 */
1953	.long	0		/* 0x26c */
1954	.long	0		/* 0x270 */
1955	.long	0		/* 0x274 */
1956	.long	0		/* 0x278 */
1957	.long	0		/* 0x27c */
1958	.long	0		/* 0x280 */
1959	.long	0		/* 0x284 */
1960	.long	0		/* 0x288 */
1961	.long	0		/* 0x28c */
1962	.long	0		/* 0x290 */
1963	.long	0		/* 0x294 */
1964	.long	0		/* 0x298 */
1965	.long	0		/* 0x29c */
1966	.long	0		/* 0x2a0 */
1967	.long	0		/* 0x2a4 */
1968	.long	0		/* 0x2a8 */
1969	.long	0		/* 0x2ac */
1970	.long	0		/* 0x2b0 */
1971	.long	0		/* 0x2b4 */
1972	.long	0		/* 0x2b8 */
1973	.long	0		/* 0x2bc */
1974	.long	0		/* 0x2c0 */
1975	.long	0		/* 0x2c4 */
1976	.long	0		/* 0x2c8 */
1977	.long	0		/* 0x2cc */
1978	.long	0		/* 0x2d0 */
1979	.long	0		/* 0x2d4 */
1980	.long	0		/* 0x2d8 */
1981	.long	0		/* 0x2dc */
1982	.long	0		/* 0x2e0 */
1983	.long	0		/* 0x2e4 */
1984	.long	0		/* 0x2e8 */
1985	.long	0		/* 0x2ec */
1986	.long	0		/* 0x2f0 */
1987	.long	0		/* 0x2f4 */
1988	.long	0		/* 0x2f8 */
1989#ifdef CONFIG_KVM_XICS
1990	.long	DOTSYM(xics_rm_h_xirr_x) - hcall_real_table
1991#else
1992	.long	0		/* 0x2fc - H_XIRR_X*/
1993#endif
1994	.long	DOTSYM(kvmppc_rm_h_random) - hcall_real_table
1995	.globl	hcall_real_table_end
1996hcall_real_table_end:
1997
1998_GLOBAL_TOC(kvmppc_h_set_xdabr)
1999EXPORT_SYMBOL_GPL(kvmppc_h_set_xdabr)
2000	andi.	r0, r5, DABRX_USER | DABRX_KERNEL
2001	beq	6f
2002	li	r0, DABRX_USER | DABRX_KERNEL | DABRX_BTI
2003	andc.	r0, r5, r0
2004	beq	3f
20056:	li	r3, H_PARAMETER
2006	blr
2007
2008_GLOBAL_TOC(kvmppc_h_set_dabr)
2009EXPORT_SYMBOL_GPL(kvmppc_h_set_dabr)
2010	li	r5, DABRX_USER | DABRX_KERNEL
20113:
2012BEGIN_FTR_SECTION
2013	b	2f
2014END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
2015	std	r4,VCPU_DABR(r3)
2016	stw	r5, VCPU_DABRX(r3)
2017	mtspr	SPRN_DABRX, r5
2018	/* Work around P7 bug where DABR can get corrupted on mtspr */
20191:	mtspr	SPRN_DABR,r4
2020	mfspr	r5, SPRN_DABR
2021	cmpd	r4, r5
2022	bne	1b
2023	isync
2024	li	r3,0
2025	blr
2026
20272:
2028	LOAD_REG_ADDR(r11, dawr_force_enable)
2029	lbz	r11, 0(r11)
2030	cmpdi	r11, 0
2031	bne	3f
2032	li	r3, H_HARDWARE
2033	blr
20343:
2035	/* Emulate H_SET_DABR/X on P8 for the sake of compat mode guests */
2036	rlwimi	r5, r4, 5, DAWRX_DR | DAWRX_DW
2037	rlwimi	r5, r4, 2, DAWRX_WT
2038	clrrdi	r4, r4, 3
2039	std	r4, VCPU_DAWR0(r3)
2040	std	r5, VCPU_DAWRX0(r3)
2041	/*
2042	 * If came in through the real mode hcall handler then it is necessary
2043	 * to write the registers since the return path won't. Otherwise it is
2044	 * sufficient to store then in the vcpu struct as they will be loaded
2045	 * next time the vcpu is run.
2046	 */
2047	mfmsr	r6
2048	andi.	r6, r6, MSR_DR		/* in real mode? */
2049	bne	4f
2050	mtspr	SPRN_DAWR0, r4
2051	mtspr	SPRN_DAWRX0, r5
20524:	li	r3, 0
2053	blr
2054
2055_GLOBAL(kvmppc_h_cede)		/* r3 = vcpu pointer, r11 = msr, r13 = paca */
2056	ori	r11,r11,MSR_EE
2057	std	r11,VCPU_MSR(r3)
2058	li	r0,1
2059	stb	r0,VCPU_CEDED(r3)
2060	sync			/* order setting ceded vs. testing prodded */
2061	lbz	r5,VCPU_PRODDED(r3)
2062	cmpwi	r5,0
2063	bne	kvm_cede_prodded
2064	li	r12,0		/* set trap to 0 to say hcall is handled */
2065	stw	r12,VCPU_TRAP(r3)
2066	li	r0,H_SUCCESS
2067	std	r0,VCPU_GPR(R3)(r3)
2068
2069	/*
2070	 * Set our bit in the bitmask of napping threads unless all the
2071	 * other threads are already napping, in which case we send this
2072	 * up to the host.
2073	 */
2074	ld	r5,HSTATE_KVM_VCORE(r13)
2075	lbz	r6,HSTATE_PTID(r13)
2076	lwz	r8,VCORE_ENTRY_EXIT(r5)
2077	clrldi	r8,r8,56
2078	li	r0,1
2079	sld	r0,r0,r6
2080	addi	r6,r5,VCORE_NAPPING_THREADS
208131:	lwarx	r4,0,r6
2082	or	r4,r4,r0
2083	cmpw	r4,r8
2084	beq	kvm_cede_exit
2085	stwcx.	r4,0,r6
2086	bne	31b
2087	/* order napping_threads update vs testing entry_exit_map */
2088	isync
2089	li	r0,NAPPING_CEDE
2090	stb	r0,HSTATE_NAPPING(r13)
2091	lwz	r7,VCORE_ENTRY_EXIT(r5)
2092	cmpwi	r7,0x100
2093	bge	33f		/* another thread already exiting */
2094
2095/*
2096 * Although not specifically required by the architecture, POWER7
2097 * preserves the following registers in nap mode, even if an SMT mode
2098 * switch occurs: SLB entries, PURR, SPURR, AMOR, UAMOR, AMR, SPRG0-3,
2099 * DAR, DSISR, DABR, DABRX, DSCR, PMCx, MMCRx, SIAR, SDAR.
2100 */
2101	/* Save non-volatile GPRs */
2102	std	r14, VCPU_GPR(R14)(r3)
2103	std	r15, VCPU_GPR(R15)(r3)
2104	std	r16, VCPU_GPR(R16)(r3)
2105	std	r17, VCPU_GPR(R17)(r3)
2106	std	r18, VCPU_GPR(R18)(r3)
2107	std	r19, VCPU_GPR(R19)(r3)
2108	std	r20, VCPU_GPR(R20)(r3)
2109	std	r21, VCPU_GPR(R21)(r3)
2110	std	r22, VCPU_GPR(R22)(r3)
2111	std	r23, VCPU_GPR(R23)(r3)
2112	std	r24, VCPU_GPR(R24)(r3)
2113	std	r25, VCPU_GPR(R25)(r3)
2114	std	r26, VCPU_GPR(R26)(r3)
2115	std	r27, VCPU_GPR(R27)(r3)
2116	std	r28, VCPU_GPR(R28)(r3)
2117	std	r29, VCPU_GPR(R29)(r3)
2118	std	r30, VCPU_GPR(R30)(r3)
2119	std	r31, VCPU_GPR(R31)(r3)
2120
2121	/* save FP state */
2122	bl	kvmppc_save_fp
2123
2124#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
2125BEGIN_FTR_SECTION
2126	b	91f
2127END_FTR_SECTION_IFCLR(CPU_FTR_TM)
2128	/*
2129	 * NOTE THAT THIS TRASHES ALL NON-VOLATILE REGISTERS (but not CR)
2130	 */
2131	ld	r3, HSTATE_KVM_VCPU(r13)
2132	ld      r4, VCPU_MSR(r3)
2133	li	r5, 0			/* don't preserve non-vol regs */
2134	bl	kvmppc_save_tm_hv
2135	nop
213691:
2137#endif
2138
2139	/*
2140	 * Set DEC to the smaller of DEC and HDEC, so that we wake
2141	 * no later than the end of our timeslice (HDEC interrupts
2142	 * don't wake us from nap).
2143	 */
2144	mfspr	r3, SPRN_DEC
2145	mfspr	r4, SPRN_HDEC
2146	mftb	r5
2147	extsw	r3, r3
2148	extsw	r4, r4
2149	cmpd	r3, r4
2150	ble	67f
2151	mtspr	SPRN_DEC, r4
215267:
2153	/* save expiry time of guest decrementer */
2154	add	r3, r3, r5
2155	ld	r4, HSTATE_KVM_VCPU(r13)
2156	std	r3, VCPU_DEC_EXPIRES(r4)
2157
2158#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
2159	ld	r4, HSTATE_KVM_VCPU(r13)
2160	addi	r3, r4, VCPU_TB_CEDE
2161	bl	kvmhv_accumulate_time
2162#endif
2163
2164	lis	r3, LPCR_PECEDP@h	/* Do wake on privileged doorbell */
2165
2166	/* Go back to host stack */
2167	ld	r1, HSTATE_HOST_R1(r13)
2168
2169	/*
2170	 * Take a nap until a decrementer or external or doobell interrupt
2171	 * occurs, with PECE1 and PECE0 set in LPCR.
2172	 * On POWER8, set PECEDH, and if we are ceding, also set PECEDP.
2173	 * Also clear the runlatch bit before napping.
2174	 */
2175kvm_do_nap:
2176	li	r0,0
2177	mtspr	SPRN_CTRLT, r0
2178
2179	li	r0,1
2180	stb	r0,HSTATE_HWTHREAD_REQ(r13)
2181	mfspr	r5,SPRN_LPCR
2182	ori	r5,r5,LPCR_PECE0 | LPCR_PECE1
2183BEGIN_FTR_SECTION
2184	ori	r5, r5, LPCR_PECEDH
2185	rlwimi	r5, r3, 0, LPCR_PECEDP
2186END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
2187
2188kvm_nap_sequence:		/* desired LPCR value in r5 */
2189	li	r3, PNV_THREAD_NAP
2190	mtspr	SPRN_LPCR,r5
2191	isync
2192
2193	bl	isa206_idle_insn_mayloss
2194
2195	li	r0,1
2196	mtspr	SPRN_CTRLT, r0
2197
2198	mtspr	SPRN_SRR1, r3
2199
2200	li	r0, 0
2201	stb	r0, PACA_FTRACE_ENABLED(r13)
2202
2203	li	r0, KVM_HWTHREAD_IN_KVM
2204	stb	r0, HSTATE_HWTHREAD_STATE(r13)
2205
2206	lbz	r0, HSTATE_NAPPING(r13)
2207	cmpwi	r0, NAPPING_CEDE
2208	beq	kvm_end_cede
2209	cmpwi	r0, NAPPING_NOVCPU
2210	beq	kvm_novcpu_wakeup
2211	cmpwi	r0, NAPPING_UNSPLIT
2212	beq	kvm_unsplit_wakeup
2213	twi	31,0,0 /* Nap state must not be zero */
2214
221533:	mr	r4, r3
2216	li	r3, 0
2217	li	r12, 0
2218	b	34f
2219
2220kvm_end_cede:
2221	/* Woken by external or decrementer interrupt */
2222
2223	/* get vcpu pointer */
2224	ld	r4, HSTATE_KVM_VCPU(r13)
2225
2226#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
2227	addi	r3, r4, VCPU_TB_RMINTR
2228	bl	kvmhv_accumulate_time
2229#endif
2230
2231#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
2232BEGIN_FTR_SECTION
2233	b	91f
2234END_FTR_SECTION_IFCLR(CPU_FTR_TM)
2235	/*
2236	 * NOTE THAT THIS TRASHES ALL NON-VOLATILE REGISTERS (but not CR)
2237	 */
2238	mr      r3, r4
2239	ld      r4, VCPU_MSR(r3)
2240	li	r5, 0			/* don't preserve non-vol regs */
2241	bl	kvmppc_restore_tm_hv
2242	nop
2243	ld	r4, HSTATE_KVM_VCPU(r13)
224491:
2245#endif
2246
2247	/* load up FP state */
2248	bl	kvmppc_load_fp
2249
2250	/* Restore guest decrementer */
2251	ld	r3, VCPU_DEC_EXPIRES(r4)
2252	mftb	r7
2253	subf	r3, r7, r3
2254	mtspr	SPRN_DEC, r3
2255
2256	/* Load NV GPRS */
2257	ld	r14, VCPU_GPR(R14)(r4)
2258	ld	r15, VCPU_GPR(R15)(r4)
2259	ld	r16, VCPU_GPR(R16)(r4)
2260	ld	r17, VCPU_GPR(R17)(r4)
2261	ld	r18, VCPU_GPR(R18)(r4)
2262	ld	r19, VCPU_GPR(R19)(r4)
2263	ld	r20, VCPU_GPR(R20)(r4)
2264	ld	r21, VCPU_GPR(R21)(r4)
2265	ld	r22, VCPU_GPR(R22)(r4)
2266	ld	r23, VCPU_GPR(R23)(r4)
2267	ld	r24, VCPU_GPR(R24)(r4)
2268	ld	r25, VCPU_GPR(R25)(r4)
2269	ld	r26, VCPU_GPR(R26)(r4)
2270	ld	r27, VCPU_GPR(R27)(r4)
2271	ld	r28, VCPU_GPR(R28)(r4)
2272	ld	r29, VCPU_GPR(R29)(r4)
2273	ld	r30, VCPU_GPR(R30)(r4)
2274	ld	r31, VCPU_GPR(R31)(r4)
2275
2276	/* Check the wake reason in SRR1 to see why we got here */
2277	bl	kvmppc_check_wake_reason
2278
2279	/*
2280	 * Restore volatile registers since we could have called a
2281	 * C routine in kvmppc_check_wake_reason
2282	 *	r4 = VCPU
2283	 * r3 tells us whether we need to return to host or not
2284	 * WARNING: it gets checked further down:
2285	 * should not modify r3 until this check is done.
2286	 */
2287	ld	r4, HSTATE_KVM_VCPU(r13)
2288
2289	/* clear our bit in vcore->napping_threads */
229034:	ld	r5,HSTATE_KVM_VCORE(r13)
2291	lbz	r7,HSTATE_PTID(r13)
2292	li	r0,1
2293	sld	r0,r0,r7
2294	addi	r6,r5,VCORE_NAPPING_THREADS
229532:	lwarx	r7,0,r6
2296	andc	r7,r7,r0
2297	stwcx.	r7,0,r6
2298	bne	32b
2299	li	r0,0
2300	stb	r0,HSTATE_NAPPING(r13)
2301
2302	/* See if the wake reason saved in r3 means we need to exit */
2303	stw	r12, VCPU_TRAP(r4)
2304	mr	r9, r4
2305	cmpdi	r3, 0
2306	bgt	guest_exit_cont
2307	b	maybe_reenter_guest
2308
2309	/* cede when already previously prodded case */
2310kvm_cede_prodded:
2311	li	r0,0
2312	stb	r0,VCPU_PRODDED(r3)
2313	sync			/* order testing prodded vs. clearing ceded */
2314	stb	r0,VCPU_CEDED(r3)
2315	li	r3,H_SUCCESS
2316	blr
2317
2318	/* we've ceded but we want to give control to the host */
2319kvm_cede_exit:
2320	ld	r9, HSTATE_KVM_VCPU(r13)
2321	b	guest_exit_cont
2322
2323	/* Try to do machine check recovery in real mode */
2324machine_check_realmode:
2325	mr	r3, r9		/* get vcpu pointer */
2326	bl	kvmppc_realmode_machine_check
2327	nop
2328	/* all machine checks go to virtual mode for further handling */
2329	ld	r9, HSTATE_KVM_VCPU(r13)
2330	li	r12, BOOK3S_INTERRUPT_MACHINE_CHECK
2331	b	guest_exit_cont
2332
2333/*
2334 * Call C code to handle a HMI in real mode.
2335 * Only the primary thread does the call, secondary threads are handled
2336 * by calling hmi_exception_realmode() after kvmppc_hv_entry returns.
2337 * r9 points to the vcpu on entry
2338 */
2339hmi_realmode:
2340	lbz	r0, HSTATE_PTID(r13)
2341	cmpwi	r0, 0
2342	bne	guest_exit_cont
2343	bl	CFUNC(kvmppc_realmode_hmi_handler)
2344	ld	r9, HSTATE_KVM_VCPU(r13)
2345	li	r12, BOOK3S_INTERRUPT_HMI
2346	b	guest_exit_cont
2347
2348/*
2349 * Check the reason we woke from nap, and take appropriate action.
2350 * Returns (in r3):
2351 *	0 if nothing needs to be done
2352 *	1 if something happened that needs to be handled by the host
2353 *	-1 if there was a guest wakeup (IPI or msgsnd)
2354 *	-2 if we handled a PCI passthrough interrupt (returned by
2355 *		kvmppc_read_intr only)
2356 *
2357 * Also sets r12 to the interrupt vector for any interrupt that needs
2358 * to be handled now by the host (0x500 for external interrupt), or zero.
2359 * Modifies all volatile registers (since it may call a C function).
2360 * This routine calls kvmppc_read_intr, a C function, if an external
2361 * interrupt is pending.
2362 */
2363SYM_FUNC_START_LOCAL(kvmppc_check_wake_reason)
2364	mfspr	r6, SPRN_SRR1
2365BEGIN_FTR_SECTION
2366	rlwinm	r6, r6, 45-31, 0xf	/* extract wake reason field (P8) */
2367FTR_SECTION_ELSE
2368	rlwinm	r6, r6, 45-31, 0xe	/* P7 wake reason field is 3 bits */
2369ALT_FTR_SECTION_END_IFSET(CPU_FTR_ARCH_207S)
2370	cmpwi	r6, 8			/* was it an external interrupt? */
2371	beq	7f			/* if so, see what it was */
2372	li	r3, 0
2373	li	r12, 0
2374	cmpwi	r6, 6			/* was it the decrementer? */
2375	beq	0f
2376BEGIN_FTR_SECTION
2377	cmpwi	r6, 5			/* privileged doorbell? */
2378	beq	0f
2379	cmpwi	r6, 3			/* hypervisor doorbell? */
2380	beq	3f
2381END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
2382	cmpwi	r6, 0xa			/* Hypervisor maintenance ? */
2383	beq	4f
2384	li	r3, 1			/* anything else, return 1 */
23850:	blr
2386
2387	/* hypervisor doorbell */
23883:	li	r12, BOOK3S_INTERRUPT_H_DOORBELL
2389
2390	/*
2391	 * Clear the doorbell as we will invoke the handler
2392	 * explicitly in the guest exit path.
2393	 */
2394	lis	r6, (PPC_DBELL_SERVER << (63-36))@h
2395	PPC_MSGCLR(6)
2396	/* see if it's a host IPI */
2397	li	r3, 1
2398	lbz	r0, HSTATE_HOST_IPI(r13)
2399	cmpwi	r0, 0
2400	bnelr
2401	/* if not, return -1 */
2402	li	r3, -1
2403	blr
2404
2405	/* Woken up due to Hypervisor maintenance interrupt */
24064:	li	r12, BOOK3S_INTERRUPT_HMI
2407	li	r3, 1
2408	blr
2409
2410	/* external interrupt - create a stack frame so we can call C */
24117:	mflr	r0
2412	std	r0, PPC_LR_STKOFF(r1)
2413	stdu	r1, -PPC_MIN_STKFRM(r1)
2414	bl	CFUNC(kvmppc_read_intr)
2415	nop
2416	li	r12, BOOK3S_INTERRUPT_EXTERNAL
2417	cmpdi	r3, 1
2418	ble	1f
2419
2420	/*
2421	 * Return code of 2 means PCI passthrough interrupt, but
2422	 * we need to return back to host to complete handling the
2423	 * interrupt. Trap reason is expected in r12 by guest
2424	 * exit code.
2425	 */
2426	li	r12, BOOK3S_INTERRUPT_HV_RM_HARD
24271:
2428	ld	r0, PPC_MIN_STKFRM+PPC_LR_STKOFF(r1)
2429	addi	r1, r1, PPC_MIN_STKFRM
2430	mtlr	r0
2431	blr
2432SYM_FUNC_END(kvmppc_check_wake_reason)
2433
2434/*
2435 * Save away FP, VMX and VSX registers.
2436 * r3 = vcpu pointer
2437 * N.B. r30 and r31 are volatile across this function,
2438 * thus it is not callable from C.
2439 */
2440SYM_FUNC_START_LOCAL(kvmppc_save_fp)
2441	mflr	r30
2442	mr	r31,r3
2443	mfmsr	r5
2444	ori	r8,r5,MSR_FP
2445#ifdef CONFIG_ALTIVEC
2446BEGIN_FTR_SECTION
2447	oris	r8,r8,MSR_VEC@h
2448END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
2449#endif
2450#ifdef CONFIG_VSX
2451BEGIN_FTR_SECTION
2452	oris	r8,r8,MSR_VSX@h
2453END_FTR_SECTION_IFSET(CPU_FTR_VSX)
2454#endif
2455	mtmsrd	r8
2456	addi	r3,r3,VCPU_FPRS
2457	bl	store_fp_state
2458#ifdef CONFIG_ALTIVEC
2459BEGIN_FTR_SECTION
2460	addi	r3,r31,VCPU_VRS
2461	bl	store_vr_state
2462END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
2463#endif
2464	mfspr	r6,SPRN_VRSAVE
2465	stw	r6,VCPU_VRSAVE(r31)
2466	mtlr	r30
2467	blr
2468SYM_FUNC_END(kvmppc_save_fp)
2469
2470/*
2471 * Load up FP, VMX and VSX registers
2472 * r4 = vcpu pointer
2473 * N.B. r30 and r31 are volatile across this function,
2474 * thus it is not callable from C.
2475 */
2476SYM_FUNC_START_LOCAL(kvmppc_load_fp)
2477	mflr	r30
2478	mr	r31,r4
2479	mfmsr	r9
2480	ori	r8,r9,MSR_FP
2481#ifdef CONFIG_ALTIVEC
2482BEGIN_FTR_SECTION
2483	oris	r8,r8,MSR_VEC@h
2484END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
2485#endif
2486#ifdef CONFIG_VSX
2487BEGIN_FTR_SECTION
2488	oris	r8,r8,MSR_VSX@h
2489END_FTR_SECTION_IFSET(CPU_FTR_VSX)
2490#endif
2491	mtmsrd	r8
2492	addi	r3,r4,VCPU_FPRS
2493	bl	load_fp_state
2494#ifdef CONFIG_ALTIVEC
2495BEGIN_FTR_SECTION
2496	addi	r3,r31,VCPU_VRS
2497	bl	load_vr_state
2498END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
2499#endif
2500	lwz	r7,VCPU_VRSAVE(r31)
2501	mtspr	SPRN_VRSAVE,r7
2502	mtlr	r30
2503	mr	r4,r31
2504	blr
2505SYM_FUNC_END(kvmppc_load_fp)
2506
2507#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
2508/*
2509 * Save transactional state and TM-related registers.
2510 * Called with r3 pointing to the vcpu struct and r4 containing
2511 * the guest MSR value.
2512 * r5 is non-zero iff non-volatile register state needs to be maintained.
2513 * If r5 == 0, this can modify all checkpointed registers, but
2514 * restores r1 and r2 before exit.
2515 */
2516_GLOBAL_TOC(kvmppc_save_tm_hv)
2517EXPORT_SYMBOL_GPL(kvmppc_save_tm_hv)
2518	/* See if we need to handle fake suspend mode */
2519BEGIN_FTR_SECTION
2520	b	__kvmppc_save_tm
2521END_FTR_SECTION_IFCLR(CPU_FTR_P9_TM_HV_ASSIST)
2522
2523	lbz	r0, HSTATE_FAKE_SUSPEND(r13) /* Were we fake suspended? */
2524	cmpwi	r0, 0
2525	beq	__kvmppc_save_tm
2526
2527	/* The following code handles the fake_suspend = 1 case */
2528	mflr	r0
2529	std	r0, PPC_LR_STKOFF(r1)
2530	stdu	r1, -TM_FRAME_SIZE(r1)
2531
2532	/* Turn on TM. */
2533	mfmsr	r8
2534	li	r0, 1
2535	rldimi	r8, r0, MSR_TM_LG, 63-MSR_TM_LG
2536	mtmsrd	r8
2537
2538	rldicl. r8, r8, 64 - MSR_TS_S_LG, 62 /* Did we actually hrfid? */
2539	beq	4f
2540BEGIN_FTR_SECTION
2541	bl	pnv_power9_force_smt4_catch
2542END_FTR_SECTION_IFSET(CPU_FTR_P9_TM_XER_SO_BUG)
2543	nop
2544
2545	/*
2546	 * It's possible that treclaim. may modify registers, if we have lost
2547	 * track of fake-suspend state in the guest due to it using rfscv.
2548	 * Save and restore registers in case this occurs.
2549	 */
2550	mfspr	r3, SPRN_DSCR
2551	mfspr	r4, SPRN_XER
2552	mfspr	r5, SPRN_AMR
2553	/* SPRN_TAR would need to be saved here if the kernel ever used it */
2554	mfcr	r12
2555	SAVE_NVGPRS(r1)
2556	SAVE_GPR(2, r1)
2557	SAVE_GPR(3, r1)
2558	SAVE_GPR(4, r1)
2559	SAVE_GPR(5, r1)
2560	stw	r12, 8(r1)
2561	std	r1, HSTATE_HOST_R1(r13)
2562
2563	/* We have to treclaim here because that's the only way to do S->N */
2564	li	r3, TM_CAUSE_KVM_RESCHED
2565	TRECLAIM(R3)
2566
2567	GET_PACA(r13)
2568	ld	r1, HSTATE_HOST_R1(r13)
2569	REST_GPR(2, r1)
2570	REST_GPR(3, r1)
2571	REST_GPR(4, r1)
2572	REST_GPR(5, r1)
2573	lwz	r12, 8(r1)
2574	REST_NVGPRS(r1)
2575	mtspr	SPRN_DSCR, r3
2576	mtspr	SPRN_XER, r4
2577	mtspr	SPRN_AMR, r5
2578	mtcr	r12
2579	HMT_MEDIUM
2580
2581	/*
2582	 * We were in fake suspend, so we are not going to save the
2583	 * register state as the guest checkpointed state (since
2584	 * we already have it), therefore we can now use any volatile GPR.
2585	 * In fact treclaim in fake suspend state doesn't modify
2586	 * any registers.
2587	 */
2588
2589BEGIN_FTR_SECTION
2590	bl	pnv_power9_force_smt4_release
2591END_FTR_SECTION_IFSET(CPU_FTR_P9_TM_XER_SO_BUG)
2592	nop
2593
25944:
2595	mfspr	r3, SPRN_PSSCR
2596	/* PSSCR_FAKE_SUSPEND is a write-only bit, but clear it anyway */
2597	li	r0, PSSCR_FAKE_SUSPEND
2598	andc	r3, r3, r0
2599	mtspr	SPRN_PSSCR, r3
2600
2601	/* Don't save TEXASR, use value from last exit in real suspend state */
2602	ld	r9, HSTATE_KVM_VCPU(r13)
2603	mfspr	r5, SPRN_TFHAR
2604	mfspr	r6, SPRN_TFIAR
2605	std	r5, VCPU_TFHAR(r9)
2606	std	r6, VCPU_TFIAR(r9)
2607
2608	addi	r1, r1, TM_FRAME_SIZE
2609	ld	r0, PPC_LR_STKOFF(r1)
2610	mtlr	r0
2611	blr
2612
2613/*
2614 * Restore transactional state and TM-related registers.
2615 * Called with r3 pointing to the vcpu struct
2616 * and r4 containing the guest MSR value.
2617 * r5 is non-zero iff non-volatile register state needs to be maintained.
2618 * This potentially modifies all checkpointed registers.
2619 * It restores r1 and r2 from the PACA.
2620 */
2621_GLOBAL_TOC(kvmppc_restore_tm_hv)
2622EXPORT_SYMBOL_GPL(kvmppc_restore_tm_hv)
2623	/*
2624	 * If we are doing TM emulation for the guest on a POWER9 DD2,
2625	 * then we don't actually do a trechkpt -- we either set up
2626	 * fake-suspend mode, or emulate a TM rollback.
2627	 */
2628BEGIN_FTR_SECTION
2629	b	__kvmppc_restore_tm
2630END_FTR_SECTION_IFCLR(CPU_FTR_P9_TM_HV_ASSIST)
2631	mflr	r0
2632	std	r0, PPC_LR_STKOFF(r1)
2633
2634	li	r0, 0
2635	stb	r0, HSTATE_FAKE_SUSPEND(r13)
2636
2637	/* Turn on TM so we can restore TM SPRs */
2638	mfmsr	r5
2639	li	r0, 1
2640	rldimi	r5, r0, MSR_TM_LG, 63-MSR_TM_LG
2641	mtmsrd	r5
2642
2643	/*
2644	 * The user may change these outside of a transaction, so they must
2645	 * always be context switched.
2646	 */
2647	ld	r5, VCPU_TFHAR(r3)
2648	ld	r6, VCPU_TFIAR(r3)
2649	ld	r7, VCPU_TEXASR(r3)
2650	mtspr	SPRN_TFHAR, r5
2651	mtspr	SPRN_TFIAR, r6
2652	mtspr	SPRN_TEXASR, r7
2653
2654	rldicl. r5, r4, 64 - MSR_TS_S_LG, 62
2655	beqlr		/* TM not active in guest */
2656
2657	/* Make sure the failure summary is set */
2658	oris	r7, r7, (TEXASR_FS)@h
2659	mtspr	SPRN_TEXASR, r7
2660
2661	cmpwi	r5, 1		/* check for suspended state */
2662	bgt	10f
2663	stb	r5, HSTATE_FAKE_SUSPEND(r13)
2664	b	9f		/* and return */
266510:	stdu	r1, -PPC_MIN_STKFRM(r1)
2666	/* guest is in transactional state, so simulate rollback */
2667	bl	kvmhv_emulate_tm_rollback
2668	nop
2669	addi	r1, r1, PPC_MIN_STKFRM
26709:	ld	r0, PPC_LR_STKOFF(r1)
2671	mtlr	r0
2672	blr
2673#endif /* CONFIG_PPC_TRANSACTIONAL_MEM */
2674
2675/*
2676 * We come here if we get any exception or interrupt while we are
2677 * executing host real mode code while in guest MMU context.
2678 * r12 is (CR << 32) | vector
2679 * r13 points to our PACA
2680 * r12 is saved in HSTATE_SCRATCH0(r13)
2681 * r9 is saved in HSTATE_SCRATCH2(r13)
2682 * r13 is saved in HSPRG1
2683 * cfar is saved in HSTATE_CFAR(r13)
2684 * ppr is saved in HSTATE_PPR(r13)
2685 */
2686kvmppc_bad_host_intr:
2687	/*
2688	 * Switch to the emergency stack, but start half-way down in
2689	 * case we were already on it.
2690	 */
2691	mr	r9, r1
2692	std	r1, PACAR1(r13)
2693	ld	r1, PACAEMERGSP(r13)
2694	subi	r1, r1, THREAD_SIZE/2 + INT_FRAME_SIZE
2695	std	r9, 0(r1)
2696	std	r0, GPR0(r1)
2697	std	r9, GPR1(r1)
2698	std	r2, GPR2(r1)
2699	SAVE_GPRS(3, 8, r1)
2700	srdi	r0, r12, 32
2701	clrldi	r12, r12, 32
2702	std	r0, _CCR(r1)
2703	std	r12, _TRAP(r1)
2704	andi.	r0, r12, 2
2705	beq	1f
2706	mfspr	r3, SPRN_HSRR0
2707	mfspr	r4, SPRN_HSRR1
2708	mfspr	r5, SPRN_HDAR
2709	mfspr	r6, SPRN_HDSISR
2710	b	2f
27111:	mfspr	r3, SPRN_SRR0
2712	mfspr	r4, SPRN_SRR1
2713	mfspr	r5, SPRN_DAR
2714	mfspr	r6, SPRN_DSISR
27152:	std	r3, _NIP(r1)
2716	std	r4, _MSR(r1)
2717	std	r5, _DAR(r1)
2718	std	r6, _DSISR(r1)
2719	ld	r9, HSTATE_SCRATCH2(r13)
2720	ld	r12, HSTATE_SCRATCH0(r13)
2721	GET_SCRATCH0(r0)
2722	SAVE_GPRS(9, 12, r1)
2723	std	r0, GPR13(r1)
2724	SAVE_NVGPRS(r1)
2725	ld	r5, HSTATE_CFAR(r13)
2726	std	r5, ORIG_GPR3(r1)
2727	mflr	r3
2728	mfctr	r4
2729	mfxer	r5
2730	lbz	r6, PACAIRQSOFTMASK(r13)
2731	std	r3, _LINK(r1)
2732	std	r4, _CTR(r1)
2733	std	r5, _XER(r1)
2734	std	r6, SOFTE(r1)
2735	LOAD_PACA_TOC()
2736	LOAD_REG_IMMEDIATE(3, STACK_FRAME_REGS_MARKER)
2737	std	r3, STACK_INT_FRAME_MARKER(r1)
2738
2739	/*
2740	 * XXX On POWER7 and POWER8, we just spin here since we don't
2741	 * know what the other threads are doing (and we don't want to
2742	 * coordinate with them) - but at least we now have register state
2743	 * in memory that we might be able to look at from another CPU.
2744	 */
2745	b	.
2746
2747/*
2748 * This mimics the MSR transition on IRQ delivery.  The new guest MSR is taken
2749 * from VCPU_INTR_MSR and is modified based on the required TM state changes.
2750 *   r11 has the guest MSR value (in/out)
2751 *   r9 has a vcpu pointer (in)
2752 *   r0 is used as a scratch register
2753 */
2754SYM_FUNC_START_LOCAL(kvmppc_msr_interrupt)
2755	rldicl	r0, r11, 64 - MSR_TS_S_LG, 62
2756	cmpwi	r0, 2 /* Check if we are in transactional state..  */
2757	ld	r11, VCPU_INTR_MSR(r9)
2758	bne	1f
2759	/* ... if transactional, change to suspended */
2760	li	r0, 1
27611:	rldimi	r11, r0, MSR_TS_S_LG, 63 - MSR_TS_T_LG
2762	blr
2763SYM_FUNC_END(kvmppc_msr_interrupt)
2764
2765/*
2766 * void kvmhv_load_guest_pmu(struct kvm_vcpu *vcpu)
2767 *
2768 * Load up guest PMU state.  R3 points to the vcpu struct.
2769 */
2770SYM_FUNC_START_LOCAL(kvmhv_load_guest_pmu)
2771	mr	r4, r3
2772	mflr	r0
2773	li	r3, 1
2774	sldi	r3, r3, 31		/* MMCR0_FC (freeze counters) bit */
2775	mtspr	SPRN_MMCR0, r3		/* freeze all counters, disable ints */
2776	isync
2777BEGIN_FTR_SECTION
2778	ld	r3, VCPU_MMCR(r4)
2779	andi.	r5, r3, MMCR0_PMAO_SYNC | MMCR0_PMAO
2780	cmpwi	r5, MMCR0_PMAO
2781	beql	kvmppc_fix_pmao
2782END_FTR_SECTION_IFSET(CPU_FTR_PMAO_BUG)
2783	lwz	r3, VCPU_PMC(r4)	/* always load up guest PMU registers */
2784	lwz	r5, VCPU_PMC + 4(r4)	/* to prevent information leak */
2785	lwz	r6, VCPU_PMC + 8(r4)
2786	lwz	r7, VCPU_PMC + 12(r4)
2787	lwz	r8, VCPU_PMC + 16(r4)
2788	lwz	r9, VCPU_PMC + 20(r4)
2789	mtspr	SPRN_PMC1, r3
2790	mtspr	SPRN_PMC2, r5
2791	mtspr	SPRN_PMC3, r6
2792	mtspr	SPRN_PMC4, r7
2793	mtspr	SPRN_PMC5, r8
2794	mtspr	SPRN_PMC6, r9
2795	ld	r3, VCPU_MMCR(r4)
2796	ld	r5, VCPU_MMCR + 8(r4)
2797	ld	r6, VCPU_MMCRA(r4)
2798	ld	r7, VCPU_SIAR(r4)
2799	ld	r8, VCPU_SDAR(r4)
2800	mtspr	SPRN_MMCR1, r5
2801	mtspr	SPRN_MMCRA, r6
2802	mtspr	SPRN_SIAR, r7
2803	mtspr	SPRN_SDAR, r8
2804BEGIN_FTR_SECTION
2805	ld	r5, VCPU_MMCR + 16(r4)
2806	ld	r6, VCPU_SIER(r4)
2807	mtspr	SPRN_MMCR2, r5
2808	mtspr	SPRN_SIER, r6
2809	lwz	r7, VCPU_PMC + 24(r4)
2810	lwz	r8, VCPU_PMC + 28(r4)
2811	ld	r9, VCPU_MMCRS(r4)
2812	mtspr	SPRN_SPMC1, r7
2813	mtspr	SPRN_SPMC2, r8
2814	mtspr	SPRN_MMCRS, r9
2815END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
2816	mtspr	SPRN_MMCR0, r3
2817	isync
2818	mtlr	r0
2819	blr
2820SYM_FUNC_END(kvmhv_load_guest_pmu)
2821
2822/*
2823 * void kvmhv_load_host_pmu(void)
2824 *
2825 * Reload host PMU state saved in the PACA by kvmhv_save_host_pmu.
2826 */
2827SYM_FUNC_START_LOCAL(kvmhv_load_host_pmu)
2828	mflr	r0
2829	lbz	r4, PACA_PMCINUSE(r13) /* is the host using the PMU? */
2830	cmpwi	r4, 0
2831	beq	23f			/* skip if not */
2832BEGIN_FTR_SECTION
2833	ld	r3, HSTATE_MMCR0(r13)
2834	andi.	r4, r3, MMCR0_PMAO_SYNC | MMCR0_PMAO
2835	cmpwi	r4, MMCR0_PMAO
2836	beql	kvmppc_fix_pmao
2837END_FTR_SECTION_IFSET(CPU_FTR_PMAO_BUG)
2838	lwz	r3, HSTATE_PMC1(r13)
2839	lwz	r4, HSTATE_PMC2(r13)
2840	lwz	r5, HSTATE_PMC3(r13)
2841	lwz	r6, HSTATE_PMC4(r13)
2842	lwz	r8, HSTATE_PMC5(r13)
2843	lwz	r9, HSTATE_PMC6(r13)
2844	mtspr	SPRN_PMC1, r3
2845	mtspr	SPRN_PMC2, r4
2846	mtspr	SPRN_PMC3, r5
2847	mtspr	SPRN_PMC4, r6
2848	mtspr	SPRN_PMC5, r8
2849	mtspr	SPRN_PMC6, r9
2850	ld	r3, HSTATE_MMCR0(r13)
2851	ld	r4, HSTATE_MMCR1(r13)
2852	ld	r5, HSTATE_MMCRA(r13)
2853	ld	r6, HSTATE_SIAR(r13)
2854	ld	r7, HSTATE_SDAR(r13)
2855	mtspr	SPRN_MMCR1, r4
2856	mtspr	SPRN_MMCRA, r5
2857	mtspr	SPRN_SIAR, r6
2858	mtspr	SPRN_SDAR, r7
2859BEGIN_FTR_SECTION
2860	ld	r8, HSTATE_MMCR2(r13)
2861	ld	r9, HSTATE_SIER(r13)
2862	mtspr	SPRN_MMCR2, r8
2863	mtspr	SPRN_SIER, r9
2864END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
2865	mtspr	SPRN_MMCR0, r3
2866	isync
2867	mtlr	r0
286823:	blr
2869SYM_FUNC_END(kvmhv_load_host_pmu)
2870
2871/*
2872 * void kvmhv_save_guest_pmu(struct kvm_vcpu *vcpu, bool pmu_in_use)
2873 *
2874 * Save guest PMU state into the vcpu struct.
2875 * r3 = vcpu, r4 = full save flag (PMU in use flag set in VPA)
2876 */
2877SYM_FUNC_START_LOCAL(kvmhv_save_guest_pmu)
2878	mr	r9, r3
2879	mr	r8, r4
2880BEGIN_FTR_SECTION
2881	/*
2882	 * POWER8 seems to have a hardware bug where setting
2883	 * MMCR0[PMAE] along with MMCR0[PMC1CE] and/or MMCR0[PMCjCE]
2884	 * when some counters are already negative doesn't seem
2885	 * to cause a performance monitor alert (and hence interrupt).
2886	 * The effect of this is that when saving the PMU state,
2887	 * if there is no PMU alert pending when we read MMCR0
2888	 * before freezing the counters, but one becomes pending
2889	 * before we read the counters, we lose it.
2890	 * To work around this, we need a way to freeze the counters
2891	 * before reading MMCR0.  Normally, freezing the counters
2892	 * is done by writing MMCR0 (to set MMCR0[FC]) which
2893	 * unavoidably writes MMCR0[PMA0] as well.  On POWER8,
2894	 * we can also freeze the counters using MMCR2, by writing
2895	 * 1s to all the counter freeze condition bits (there are
2896	 * 9 bits each for 6 counters).
2897	 */
2898	li	r3, -1			/* set all freeze bits */
2899	clrrdi	r3, r3, 10
2900	mfspr	r10, SPRN_MMCR2
2901	mtspr	SPRN_MMCR2, r3
2902	isync
2903END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
2904	li	r3, 1
2905	sldi	r3, r3, 31		/* MMCR0_FC (freeze counters) bit */
2906	mfspr	r4, SPRN_MMCR0		/* save MMCR0 */
2907	mtspr	SPRN_MMCR0, r3		/* freeze all counters, disable ints */
2908	mfspr	r6, SPRN_MMCRA
2909	/* Clear MMCRA in order to disable SDAR updates */
2910	li	r7, 0
2911	mtspr	SPRN_MMCRA, r7
2912	isync
2913	cmpwi	r8, 0			/* did they ask for PMU stuff to be saved? */
2914	bne	21f
2915	std	r3, VCPU_MMCR(r9)	/* if not, set saved MMCR0 to FC */
2916	b	22f
291721:	mfspr	r5, SPRN_MMCR1
2918	mfspr	r7, SPRN_SIAR
2919	mfspr	r8, SPRN_SDAR
2920	std	r4, VCPU_MMCR(r9)
2921	std	r5, VCPU_MMCR + 8(r9)
2922	std	r6, VCPU_MMCRA(r9)
2923BEGIN_FTR_SECTION
2924	std	r10, VCPU_MMCR + 16(r9)
2925END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
2926	std	r7, VCPU_SIAR(r9)
2927	std	r8, VCPU_SDAR(r9)
2928	mfspr	r3, SPRN_PMC1
2929	mfspr	r4, SPRN_PMC2
2930	mfspr	r5, SPRN_PMC3
2931	mfspr	r6, SPRN_PMC4
2932	mfspr	r7, SPRN_PMC5
2933	mfspr	r8, SPRN_PMC6
2934	stw	r3, VCPU_PMC(r9)
2935	stw	r4, VCPU_PMC + 4(r9)
2936	stw	r5, VCPU_PMC + 8(r9)
2937	stw	r6, VCPU_PMC + 12(r9)
2938	stw	r7, VCPU_PMC + 16(r9)
2939	stw	r8, VCPU_PMC + 20(r9)
2940BEGIN_FTR_SECTION
2941	mfspr	r5, SPRN_SIER
2942	std	r5, VCPU_SIER(r9)
2943	mfspr	r6, SPRN_SPMC1
2944	mfspr	r7, SPRN_SPMC2
2945	mfspr	r8, SPRN_MMCRS
2946	stw	r6, VCPU_PMC + 24(r9)
2947	stw	r7, VCPU_PMC + 28(r9)
2948	std	r8, VCPU_MMCRS(r9)
2949	lis	r4, 0x8000
2950	mtspr	SPRN_MMCRS, r4
2951END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
295222:	blr
2953SYM_FUNC_END(kvmhv_save_guest_pmu)
2954
2955/*
2956 * This works around a hardware bug on POWER8E processors, where
2957 * writing a 1 to the MMCR0[PMAO] bit doesn't generate a
2958 * performance monitor interrupt.  Instead, when we need to have
2959 * an interrupt pending, we have to arrange for a counter to overflow.
2960 */
2961kvmppc_fix_pmao:
2962	li	r3, 0
2963	mtspr	SPRN_MMCR2, r3
2964	lis	r3, (MMCR0_PMXE | MMCR0_FCECE)@h
2965	ori	r3, r3, MMCR0_PMCjCE | MMCR0_C56RUN
2966	mtspr	SPRN_MMCR0, r3
2967	lis	r3, 0x7fff
2968	ori	r3, r3, 0xffff
2969	mtspr	SPRN_PMC6, r3
2970	isync
2971	blr
2972
2973#ifdef CONFIG_KVM_BOOK3S_HV_P8_TIMING
2974/*
2975 * Start timing an activity
2976 * r3 = pointer to time accumulation struct, r4 = vcpu
2977 */
2978kvmhv_start_timing:
2979	ld	r5, HSTATE_KVM_VCORE(r13)
2980	ld	r6, VCORE_TB_OFFSET_APPL(r5)
2981	mftb	r5
2982	subf	r5, r6, r5	/* subtract current timebase offset */
2983	std	r3, VCPU_CUR_ACTIVITY(r4)
2984	std	r5, VCPU_ACTIVITY_START(r4)
2985	blr
2986
2987/*
2988 * Accumulate time to one activity and start another.
2989 * r3 = pointer to new time accumulation struct, r4 = vcpu
2990 */
2991kvmhv_accumulate_time:
2992	ld	r5, HSTATE_KVM_VCORE(r13)
2993	ld	r8, VCORE_TB_OFFSET_APPL(r5)
2994	ld	r5, VCPU_CUR_ACTIVITY(r4)
2995	ld	r6, VCPU_ACTIVITY_START(r4)
2996	std	r3, VCPU_CUR_ACTIVITY(r4)
2997	mftb	r7
2998	subf	r7, r8, r7	/* subtract current timebase offset */
2999	std	r7, VCPU_ACTIVITY_START(r4)
3000	cmpdi	r5, 0
3001	beqlr
3002	subf	r3, r6, r7
3003	ld	r8, TAS_SEQCOUNT(r5)
3004	cmpdi	r8, 0
3005	addi	r8, r8, 1
3006	std	r8, TAS_SEQCOUNT(r5)
3007	lwsync
3008	ld	r7, TAS_TOTAL(r5)
3009	add	r7, r7, r3
3010	std	r7, TAS_TOTAL(r5)
3011	ld	r6, TAS_MIN(r5)
3012	ld	r7, TAS_MAX(r5)
3013	beq	3f
3014	cmpd	r3, r6
3015	bge	1f
30163:	std	r3, TAS_MIN(r5)
30171:	cmpd	r3, r7
3018	ble	2f
3019	std	r3, TAS_MAX(r5)
30202:	lwsync
3021	addi	r8, r8, 1
3022	std	r8, TAS_SEQCOUNT(r5)
3023	blr
3024#endif
Configure Feed

Configure Feed
