1 /*
2  * This file is subject to the terms and conditions of the GNU General Public
3  * License.  See the file "COPYING" in the main directory of this archive
4  * for more details.
5  *
6  * Copyright (C) 1996, 97, 2000, 2001 by Ralf Baechle
7  * Copyright (C) 2001 MIPS Technologies, Inc.
8  */
9 #include <linux/kernel.h>
10 #include <linux/sched/signal.h>
11 #include <linux/signal.h>
12 #include <linux/export.h>
13 #include <asm/branch.h>
14 #include <asm/cpu.h>
15 #include <asm/cpu-features.h>
16 #include <asm/fpu.h>
17 #include <asm/fpu_emulator.h>
18 #include <asm/inst.h>
19 #include <asm/mips-r2-to-r6-emul.h>
20 #include <asm/ptrace.h>
21 #include <linux/uaccess.h>
22 
23 #include "probes-common.h"
24 
25 /*
26  * Calculate and return exception PC in case of branch delay slot
27  * for microMIPS and MIPS16e. It does not clear the ISA mode bit.
28  */
__isa_exception_epc(struct pt_regs * regs)29 int __isa_exception_epc(struct pt_regs *regs)
30 {
31 	unsigned short inst;
32 	long epc = regs->cp0_epc;
33 
34 	/* Calculate exception PC in branch delay slot. */
35 	if (__get_user(inst, (u16 __user *) msk_isa16_mode(epc))) {
36 		/* This should never happen because delay slot was checked. */
37 		force_sig(SIGSEGV);
38 		return epc;
39 	}
40 	if (cpu_has_mips16) {
41 		union mips16e_instruction inst_mips16e;
42 
43 		inst_mips16e.full = inst;
44 		if (inst_mips16e.ri.opcode == MIPS16e_jal_op)
45 			epc += 4;
46 		else
47 			epc += 2;
48 	} else if (mm_insn_16bit(inst))
49 		epc += 2;
50 	else
51 		epc += 4;
52 
53 	return epc;
54 }
55 
56 /* (microMIPS) Convert 16-bit register encoding to 32-bit register encoding. */
57 static const unsigned int reg16to32map[8] = {16, 17, 2, 3, 4, 5, 6, 7};
58 
__mm_isBranchInstr(struct pt_regs * regs,struct mm_decoded_insn dec_insn,unsigned long * contpc)59 int __mm_isBranchInstr(struct pt_regs *regs, struct mm_decoded_insn dec_insn,
60 		       unsigned long *contpc)
61 {
62 	union mips_instruction insn = (union mips_instruction)dec_insn.insn;
63 	int __maybe_unused bc_false = 0;
64 
65 	if (!cpu_has_mmips)
66 		return 0;
67 
68 	switch (insn.mm_i_format.opcode) {
69 	case mm_pool32a_op:
70 		if ((insn.mm_i_format.simmediate & MM_POOL32A_MINOR_MASK) ==
71 		    mm_pool32axf_op) {
72 			switch (insn.mm_i_format.simmediate >>
73 				MM_POOL32A_MINOR_SHIFT) {
74 			case mm_jalr_op:
75 			case mm_jalrhb_op:
76 			case mm_jalrs_op:
77 			case mm_jalrshb_op:
78 				if (insn.mm_i_format.rt != 0)	/* Not mm_jr */
79 					regs->regs[insn.mm_i_format.rt] =
80 						regs->cp0_epc +
81 						dec_insn.pc_inc +
82 						dec_insn.next_pc_inc;
83 				*contpc = regs->regs[insn.mm_i_format.rs];
84 				return 1;
85 			}
86 		}
87 		break;
88 	case mm_pool32i_op:
89 		switch (insn.mm_i_format.rt) {
90 		case mm_bltzals_op:
91 		case mm_bltzal_op:
92 			regs->regs[31] = regs->cp0_epc +
93 				dec_insn.pc_inc +
94 				dec_insn.next_pc_inc;
95 			fallthrough;
96 		case mm_bltz_op:
97 			if ((long)regs->regs[insn.mm_i_format.rs] < 0)
98 				*contpc = regs->cp0_epc +
99 					dec_insn.pc_inc +
100 					(insn.mm_i_format.simmediate << 1);
101 			else
102 				*contpc = regs->cp0_epc +
103 					dec_insn.pc_inc +
104 					dec_insn.next_pc_inc;
105 			return 1;
106 		case mm_bgezals_op:
107 		case mm_bgezal_op:
108 			regs->regs[31] = regs->cp0_epc +
109 					dec_insn.pc_inc +
110 					dec_insn.next_pc_inc;
111 			fallthrough;
112 		case mm_bgez_op:
113 			if ((long)regs->regs[insn.mm_i_format.rs] >= 0)
114 				*contpc = regs->cp0_epc +
115 					dec_insn.pc_inc +
116 					(insn.mm_i_format.simmediate << 1);
117 			else
118 				*contpc = regs->cp0_epc +
119 					dec_insn.pc_inc +
120 					dec_insn.next_pc_inc;
121 			return 1;
122 		case mm_blez_op:
123 			if ((long)regs->regs[insn.mm_i_format.rs] <= 0)
124 				*contpc = regs->cp0_epc +
125 					dec_insn.pc_inc +
126 					(insn.mm_i_format.simmediate << 1);
127 			else
128 				*contpc = regs->cp0_epc +
129 					dec_insn.pc_inc +
130 					dec_insn.next_pc_inc;
131 			return 1;
132 		case mm_bgtz_op:
133 			if ((long)regs->regs[insn.mm_i_format.rs] <= 0)
134 				*contpc = regs->cp0_epc +
135 					dec_insn.pc_inc +
136 					(insn.mm_i_format.simmediate << 1);
137 			else
138 				*contpc = regs->cp0_epc +
139 					dec_insn.pc_inc +
140 					dec_insn.next_pc_inc;
141 			return 1;
142 #ifdef CONFIG_MIPS_FP_SUPPORT
143 		case mm_bc2f_op:
144 		case mm_bc1f_op: {
145 			unsigned int fcr31;
146 			unsigned int bit;
147 
148 			bc_false = 1;
149 			fallthrough;
150 		case mm_bc2t_op:
151 		case mm_bc1t_op:
152 			preempt_disable();
153 			if (is_fpu_owner())
154 			        fcr31 = read_32bit_cp1_register(CP1_STATUS);
155 			else
156 				fcr31 = current->thread.fpu.fcr31;
157 			preempt_enable();
158 
159 			if (bc_false)
160 				fcr31 = ~fcr31;
161 
162 			bit = (insn.mm_i_format.rs >> 2);
163 			bit += (bit != 0);
164 			bit += 23;
165 			if (fcr31 & (1 << bit))
166 				*contpc = regs->cp0_epc +
167 					dec_insn.pc_inc +
168 					(insn.mm_i_format.simmediate << 1);
169 			else
170 				*contpc = regs->cp0_epc +
171 					dec_insn.pc_inc + dec_insn.next_pc_inc;
172 			return 1;
173 		}
174 #endif /* CONFIG_MIPS_FP_SUPPORT */
175 		}
176 		break;
177 	case mm_pool16c_op:
178 		switch (insn.mm_i_format.rt) {
179 		case mm_jalr16_op:
180 		case mm_jalrs16_op:
181 			regs->regs[31] = regs->cp0_epc +
182 				dec_insn.pc_inc + dec_insn.next_pc_inc;
183 			fallthrough;
184 		case mm_jr16_op:
185 			*contpc = regs->regs[insn.mm_i_format.rs];
186 			return 1;
187 		}
188 		break;
189 	case mm_beqz16_op:
190 		if ((long)regs->regs[reg16to32map[insn.mm_b1_format.rs]] == 0)
191 			*contpc = regs->cp0_epc +
192 				dec_insn.pc_inc +
193 				(insn.mm_b1_format.simmediate << 1);
194 		else
195 			*contpc = regs->cp0_epc +
196 				dec_insn.pc_inc + dec_insn.next_pc_inc;
197 		return 1;
198 	case mm_bnez16_op:
199 		if ((long)regs->regs[reg16to32map[insn.mm_b1_format.rs]] != 0)
200 			*contpc = regs->cp0_epc +
201 				dec_insn.pc_inc +
202 				(insn.mm_b1_format.simmediate << 1);
203 		else
204 			*contpc = regs->cp0_epc +
205 				dec_insn.pc_inc + dec_insn.next_pc_inc;
206 		return 1;
207 	case mm_b16_op:
208 		*contpc = regs->cp0_epc + dec_insn.pc_inc +
209 			 (insn.mm_b0_format.simmediate << 1);
210 		return 1;
211 	case mm_beq32_op:
212 		if (regs->regs[insn.mm_i_format.rs] ==
213 		    regs->regs[insn.mm_i_format.rt])
214 			*contpc = regs->cp0_epc +
215 				dec_insn.pc_inc +
216 				(insn.mm_i_format.simmediate << 1);
217 		else
218 			*contpc = regs->cp0_epc +
219 				dec_insn.pc_inc +
220 				dec_insn.next_pc_inc;
221 		return 1;
222 	case mm_bne32_op:
223 		if (regs->regs[insn.mm_i_format.rs] !=
224 		    regs->regs[insn.mm_i_format.rt])
225 			*contpc = regs->cp0_epc +
226 				dec_insn.pc_inc +
227 				(insn.mm_i_format.simmediate << 1);
228 		else
229 			*contpc = regs->cp0_epc +
230 				dec_insn.pc_inc + dec_insn.next_pc_inc;
231 		return 1;
232 	case mm_jalx32_op:
233 		regs->regs[31] = regs->cp0_epc +
234 			dec_insn.pc_inc + dec_insn.next_pc_inc;
235 		*contpc = regs->cp0_epc + dec_insn.pc_inc;
236 		*contpc >>= 28;
237 		*contpc <<= 28;
238 		*contpc |= (insn.j_format.target << 2);
239 		return 1;
240 	case mm_jals32_op:
241 	case mm_jal32_op:
242 		regs->regs[31] = regs->cp0_epc +
243 			dec_insn.pc_inc + dec_insn.next_pc_inc;
244 		fallthrough;
245 	case mm_j32_op:
246 		*contpc = regs->cp0_epc + dec_insn.pc_inc;
247 		*contpc >>= 27;
248 		*contpc <<= 27;
249 		*contpc |= (insn.j_format.target << 1);
250 		set_isa16_mode(*contpc);
251 		return 1;
252 	}
253 	return 0;
254 }
255 
256 /*
257  * Compute return address and emulate branch in microMIPS mode after an
258  * exception only. It does not handle compact branches/jumps and cannot
259  * be used in interrupt context. (Compact branches/jumps do not cause
260  * exceptions.)
261  */
__microMIPS_compute_return_epc(struct pt_regs * regs)262 int __microMIPS_compute_return_epc(struct pt_regs *regs)
263 {
264 	u16 __user *pc16;
265 	u16 halfword;
266 	unsigned int word;
267 	unsigned long contpc;
268 	struct mm_decoded_insn mminsn = { 0 };
269 
270 	mminsn.micro_mips_mode = 1;
271 
272 	/* This load never faults. */
273 	pc16 = (unsigned short __user *)msk_isa16_mode(regs->cp0_epc);
274 	__get_user(halfword, pc16);
275 	pc16++;
276 	contpc = regs->cp0_epc + 2;
277 	word = ((unsigned int)halfword << 16);
278 	mminsn.pc_inc = 2;
279 
280 	if (!mm_insn_16bit(halfword)) {
281 		__get_user(halfword, pc16);
282 		pc16++;
283 		contpc = regs->cp0_epc + 4;
284 		mminsn.pc_inc = 4;
285 		word |= halfword;
286 	}
287 	mminsn.insn = word;
288 
289 	if (get_user(halfword, pc16))
290 		goto sigsegv;
291 	mminsn.next_pc_inc = 2;
292 	word = ((unsigned int)halfword << 16);
293 
294 	if (!mm_insn_16bit(halfword)) {
295 		pc16++;
296 		if (get_user(halfword, pc16))
297 			goto sigsegv;
298 		mminsn.next_pc_inc = 4;
299 		word |= halfword;
300 	}
301 	mminsn.next_insn = word;
302 
303 	mm_isBranchInstr(regs, mminsn, &contpc);
304 
305 	regs->cp0_epc = contpc;
306 
307 	return 0;
308 
309 sigsegv:
310 	force_sig(SIGSEGV);
311 	return -EFAULT;
312 }
313 
314 /*
315  * Compute return address and emulate branch in MIPS16e mode after an
316  * exception only. It does not handle compact branches/jumps and cannot
317  * be used in interrupt context. (Compact branches/jumps do not cause
318  * exceptions.)
319  */
__MIPS16e_compute_return_epc(struct pt_regs * regs)320 int __MIPS16e_compute_return_epc(struct pt_regs *regs)
321 {
322 	u16 __user *addr;
323 	union mips16e_instruction inst;
324 	u16 inst2;
325 	u32 fullinst;
326 	long epc;
327 
328 	epc = regs->cp0_epc;
329 
330 	/* Read the instruction. */
331 	addr = (u16 __user *)msk_isa16_mode(epc);
332 	if (__get_user(inst.full, addr)) {
333 		force_sig(SIGSEGV);
334 		return -EFAULT;
335 	}
336 
337 	switch (inst.ri.opcode) {
338 	case MIPS16e_extend_op:
339 		regs->cp0_epc += 4;
340 		return 0;
341 
342 		/*
343 		 *  JAL and JALX in MIPS16e mode
344 		 */
345 	case MIPS16e_jal_op:
346 		addr += 1;
347 		if (__get_user(inst2, addr)) {
348 			force_sig(SIGSEGV);
349 			return -EFAULT;
350 		}
351 		fullinst = ((unsigned)inst.full << 16) | inst2;
352 		regs->regs[31] = epc + 6;
353 		epc += 4;
354 		epc >>= 28;
355 		epc <<= 28;
356 		/*
357 		 * JAL:5 X:1 TARGET[20-16]:5 TARGET[25:21]:5 TARGET[15:0]:16
358 		 *
359 		 * ......TARGET[15:0].................TARGET[20:16]...........
360 		 * ......TARGET[25:21]
361 		 */
362 		epc |=
363 		    ((fullinst & 0xffff) << 2) | ((fullinst & 0x3e00000) >> 3) |
364 		    ((fullinst & 0x1f0000) << 7);
365 		if (!inst.jal.x)
366 			set_isa16_mode(epc);	/* Set ISA mode bit. */
367 		regs->cp0_epc = epc;
368 		return 0;
369 
370 		/*
371 		 *  J(AL)R(C)
372 		 */
373 	case MIPS16e_rr_op:
374 		if (inst.rr.func == MIPS16e_jr_func) {
375 
376 			if (inst.rr.ra)
377 				regs->cp0_epc = regs->regs[31];
378 			else
379 				regs->cp0_epc =
380 				    regs->regs[reg16to32[inst.rr.rx]];
381 
382 			if (inst.rr.l) {
383 				if (inst.rr.nd)
384 					regs->regs[31] = epc + 2;
385 				else
386 					regs->regs[31] = epc + 4;
387 			}
388 			return 0;
389 		}
390 		break;
391 	}
392 
393 	/*
394 	 * All other cases have no branch delay slot and are 16-bits.
395 	 * Branches do not cause an exception.
396 	 */
397 	regs->cp0_epc += 2;
398 
399 	return 0;
400 }
401 
402 /**
403  * __compute_return_epc_for_insn - Computes the return address and do emulate
404  *				    branch simulation, if required.
405  *
406  * @regs:	Pointer to pt_regs
407  * @insn:	branch instruction to decode
408  * Return:	-EFAULT on error and forces SIGILL, and on success
409  *		returns 0 or BRANCH_LIKELY_TAKEN as appropriate after
410  *		evaluating the branch.
411  *
412  * MIPS R6 Compact branches and forbidden slots:
413  *	Compact branches do not throw exceptions because they do
414  *	not have delay slots. The forbidden slot instruction ($PC+4)
415  *	is only executed if the branch was not taken. Otherwise the
416  *	forbidden slot is skipped entirely. This means that the
417  *	only possible reason to be here because of a MIPS R6 compact
418  *	branch instruction is that the forbidden slot has thrown one.
419  *	In that case the branch was not taken, so the EPC can be safely
420  *	set to EPC + 8.
421  */
__compute_return_epc_for_insn(struct pt_regs * regs,union mips_instruction insn)422 int __compute_return_epc_for_insn(struct pt_regs *regs,
423 				   union mips_instruction insn)
424 {
425 	long epc = regs->cp0_epc;
426 	unsigned int dspcontrol;
427 	int ret = 0;
428 
429 	switch (insn.i_format.opcode) {
430 	/*
431 	 * jr and jalr are in r_format format.
432 	 */
433 	case spec_op:
434 		switch (insn.r_format.func) {
435 		case jalr_op:
436 			regs->regs[insn.r_format.rd] = epc + 8;
437 			fallthrough;
438 		case jr_op:
439 			if (NO_R6EMU && insn.r_format.func == jr_op)
440 				goto sigill_r2r6;
441 			regs->cp0_epc = regs->regs[insn.r_format.rs];
442 			break;
443 		}
444 		break;
445 
446 	/*
447 	 * This group contains:
448 	 * bltz_op, bgez_op, bltzl_op, bgezl_op,
449 	 * bltzal_op, bgezal_op, bltzall_op, bgezall_op.
450 	 */
451 	case bcond_op:
452 		switch (insn.i_format.rt) {
453 		case bltzl_op:
454 			if (NO_R6EMU)
455 				goto sigill_r2r6;
456 			fallthrough;
457 		case bltz_op:
458 			if ((long)regs->regs[insn.i_format.rs] < 0) {
459 				epc = epc + 4 + (insn.i_format.simmediate << 2);
460 				if (insn.i_format.rt == bltzl_op)
461 					ret = BRANCH_LIKELY_TAKEN;
462 			} else
463 				epc += 8;
464 			regs->cp0_epc = epc;
465 			break;
466 
467 		case bgezl_op:
468 			if (NO_R6EMU)
469 				goto sigill_r2r6;
470 			fallthrough;
471 		case bgez_op:
472 			if ((long)regs->regs[insn.i_format.rs] >= 0) {
473 				epc = epc + 4 + (insn.i_format.simmediate << 2);
474 				if (insn.i_format.rt == bgezl_op)
475 					ret = BRANCH_LIKELY_TAKEN;
476 			} else
477 				epc += 8;
478 			regs->cp0_epc = epc;
479 			break;
480 
481 		case bltzal_op:
482 		case bltzall_op:
483 			if (NO_R6EMU && (insn.i_format.rs ||
484 			    insn.i_format.rt == bltzall_op))
485 				goto sigill_r2r6;
486 			regs->regs[31] = epc + 8;
487 			/*
488 			 * OK we are here either because we hit a NAL
489 			 * instruction or because we are emulating an
490 			 * old bltzal{,l} one. Let's figure out what the
491 			 * case really is.
492 			 */
493 			if (!insn.i_format.rs) {
494 				/*
495 				 * NAL or BLTZAL with rs == 0
496 				 * Doesn't matter if we are R6 or not. The
497 				 * result is the same
498 				 */
499 				regs->cp0_epc += 4 +
500 					(insn.i_format.simmediate << 2);
501 				break;
502 			}
503 			/* Now do the real thing for non-R6 BLTZAL{,L} */
504 			if ((long)regs->regs[insn.i_format.rs] < 0) {
505 				epc = epc + 4 + (insn.i_format.simmediate << 2);
506 				if (insn.i_format.rt == bltzall_op)
507 					ret = BRANCH_LIKELY_TAKEN;
508 			} else
509 				epc += 8;
510 			regs->cp0_epc = epc;
511 			break;
512 
513 		case bgezal_op:
514 		case bgezall_op:
515 			if (NO_R6EMU && (insn.i_format.rs ||
516 			    insn.i_format.rt == bgezall_op))
517 				goto sigill_r2r6;
518 			regs->regs[31] = epc + 8;
519 			/*
520 			 * OK we are here either because we hit a BAL
521 			 * instruction or because we are emulating an
522 			 * old bgezal{,l} one. Let's figure out what the
523 			 * case really is.
524 			 */
525 			if (!insn.i_format.rs) {
526 				/*
527 				 * BAL or BGEZAL with rs == 0
528 				 * Doesn't matter if we are R6 or not. The
529 				 * result is the same
530 				 */
531 				regs->cp0_epc += 4 +
532 					(insn.i_format.simmediate << 2);
533 				break;
534 			}
535 			/* Now do the real thing for non-R6 BGEZAL{,L} */
536 			if ((long)regs->regs[insn.i_format.rs] >= 0) {
537 				epc = epc + 4 + (insn.i_format.simmediate << 2);
538 				if (insn.i_format.rt == bgezall_op)
539 					ret = BRANCH_LIKELY_TAKEN;
540 			} else
541 				epc += 8;
542 			regs->cp0_epc = epc;
543 			break;
544 
545 		case bposge32_op:
546 			if (!cpu_has_dsp)
547 				goto sigill_dsp;
548 
549 			dspcontrol = rddsp(0x01);
550 
551 			if (dspcontrol >= 32) {
552 				epc = epc + 4 + (insn.i_format.simmediate << 2);
553 			} else
554 				epc += 8;
555 			regs->cp0_epc = epc;
556 			break;
557 		}
558 		break;
559 
560 	/*
561 	 * These are unconditional and in j_format.
562 	 */
563 	case jalx_op:
564 	case jal_op:
565 		regs->regs[31] = regs->cp0_epc + 8;
566 		fallthrough;
567 	case j_op:
568 		epc += 4;
569 		epc >>= 28;
570 		epc <<= 28;
571 		epc |= (insn.j_format.target << 2);
572 		regs->cp0_epc = epc;
573 		if (insn.i_format.opcode == jalx_op)
574 			set_isa16_mode(regs->cp0_epc);
575 		break;
576 
577 	/*
578 	 * These are conditional and in i_format.
579 	 */
580 	case beql_op:
581 		if (NO_R6EMU)
582 			goto sigill_r2r6;
583 		fallthrough;
584 	case beq_op:
585 		if (regs->regs[insn.i_format.rs] ==
586 		    regs->regs[insn.i_format.rt]) {
587 			epc = epc + 4 + (insn.i_format.simmediate << 2);
588 			if (insn.i_format.opcode == beql_op)
589 				ret = BRANCH_LIKELY_TAKEN;
590 		} else
591 			epc += 8;
592 		regs->cp0_epc = epc;
593 		break;
594 
595 	case bnel_op:
596 		if (NO_R6EMU)
597 			goto sigill_r2r6;
598 		fallthrough;
599 	case bne_op:
600 		if (regs->regs[insn.i_format.rs] !=
601 		    regs->regs[insn.i_format.rt]) {
602 			epc = epc + 4 + (insn.i_format.simmediate << 2);
603 			if (insn.i_format.opcode == bnel_op)
604 				ret = BRANCH_LIKELY_TAKEN;
605 		} else
606 			epc += 8;
607 		regs->cp0_epc = epc;
608 		break;
609 
610 	case blezl_op: /* not really i_format */
611 		if (!insn.i_format.rt && NO_R6EMU)
612 			goto sigill_r2r6;
613 		fallthrough;
614 	case blez_op:
615 		/*
616 		 * Compact branches for R6 for the
617 		 * blez and blezl opcodes.
618 		 * BLEZ  | rs = 0 | rt != 0  == BLEZALC
619 		 * BLEZ  | rs = rt != 0      == BGEZALC
620 		 * BLEZ  | rs != 0 | rt != 0 == BGEUC
621 		 * BLEZL | rs = 0 | rt != 0  == BLEZC
622 		 * BLEZL | rs = rt != 0      == BGEZC
623 		 * BLEZL | rs != 0 | rt != 0 == BGEC
624 		 *
625 		 * For real BLEZ{,L}, rt is always 0.
626 		 */
627 
628 		if (cpu_has_mips_r6 && insn.i_format.rt) {
629 			if ((insn.i_format.opcode == blez_op) &&
630 			    ((!insn.i_format.rs && insn.i_format.rt) ||
631 			     (insn.i_format.rs == insn.i_format.rt)))
632 				regs->regs[31] = epc + 4;
633 			regs->cp0_epc += 8;
634 			break;
635 		}
636 		/* rt field assumed to be zero */
637 		if ((long)regs->regs[insn.i_format.rs] <= 0) {
638 			epc = epc + 4 + (insn.i_format.simmediate << 2);
639 			if (insn.i_format.opcode == blezl_op)
640 				ret = BRANCH_LIKELY_TAKEN;
641 		} else
642 			epc += 8;
643 		regs->cp0_epc = epc;
644 		break;
645 
646 	case bgtzl_op:
647 		if (!insn.i_format.rt && NO_R6EMU)
648 			goto sigill_r2r6;
649 		fallthrough;
650 	case bgtz_op:
651 		/*
652 		 * Compact branches for R6 for the
653 		 * bgtz and bgtzl opcodes.
654 		 * BGTZ  | rs = 0 | rt != 0  == BGTZALC
655 		 * BGTZ  | rs = rt != 0      == BLTZALC
656 		 * BGTZ  | rs != 0 | rt != 0 == BLTUC
657 		 * BGTZL | rs = 0 | rt != 0  == BGTZC
658 		 * BGTZL | rs = rt != 0      == BLTZC
659 		 * BGTZL | rs != 0 | rt != 0 == BLTC
660 		 *
661 		 * *ZALC varint for BGTZ &&& rt != 0
662 		 * For real GTZ{,L}, rt is always 0.
663 		 */
664 		if (cpu_has_mips_r6 && insn.i_format.rt) {
665 			if ((insn.i_format.opcode == blez_op) &&
666 			    ((!insn.i_format.rs && insn.i_format.rt) ||
667 			    (insn.i_format.rs == insn.i_format.rt)))
668 				regs->regs[31] = epc + 4;
669 			regs->cp0_epc += 8;
670 			break;
671 		}
672 
673 		/* rt field assumed to be zero */
674 		if ((long)regs->regs[insn.i_format.rs] > 0) {
675 			epc = epc + 4 + (insn.i_format.simmediate << 2);
676 			if (insn.i_format.opcode == bgtzl_op)
677 				ret = BRANCH_LIKELY_TAKEN;
678 		} else
679 			epc += 8;
680 		regs->cp0_epc = epc;
681 		break;
682 
683 #ifdef CONFIG_MIPS_FP_SUPPORT
684 	/*
685 	 * And now the FPA/cp1 branch instructions.
686 	 */
687 	case cop1_op: {
688 		unsigned int bit, fcr31, reg;
689 
690 		if (cpu_has_mips_r6 &&
691 		    ((insn.i_format.rs == bc1eqz_op) ||
692 		     (insn.i_format.rs == bc1nez_op))) {
693 			if (!init_fp_ctx(current))
694 				lose_fpu(1);
695 			reg = insn.i_format.rt;
696 			bit = get_fpr32(¤t->thread.fpu.fpr[reg], 0) & 0x1;
697 			if (insn.i_format.rs == bc1eqz_op)
698 				bit = !bit;
699 			own_fpu(1);
700 			if (bit)
701 				epc = epc + 4 +
702 					(insn.i_format.simmediate << 2);
703 			else
704 				epc += 8;
705 			regs->cp0_epc = epc;
706 
707 			break;
708 		} else {
709 
710 			preempt_disable();
711 			if (is_fpu_owner())
712 			        fcr31 = read_32bit_cp1_register(CP1_STATUS);
713 			else
714 				fcr31 = current->thread.fpu.fcr31;
715 			preempt_enable();
716 
717 			bit = (insn.i_format.rt >> 2);
718 			bit += (bit != 0);
719 			bit += 23;
720 			switch (insn.i_format.rt & 3) {
721 			case 0: /* bc1f */
722 			case 2: /* bc1fl */
723 				if (~fcr31 & (1 << bit)) {
724 					epc = epc + 4 +
725 						(insn.i_format.simmediate << 2);
726 					if (insn.i_format.rt == 2)
727 						ret = BRANCH_LIKELY_TAKEN;
728 				} else
729 					epc += 8;
730 				regs->cp0_epc = epc;
731 				break;
732 
733 			case 1: /* bc1t */
734 			case 3: /* bc1tl */
735 				if (fcr31 & (1 << bit)) {
736 					epc = epc + 4 +
737 						(insn.i_format.simmediate << 2);
738 					if (insn.i_format.rt == 3)
739 						ret = BRANCH_LIKELY_TAKEN;
740 				} else
741 					epc += 8;
742 				regs->cp0_epc = epc;
743 				break;
744 			}
745 			break;
746 		}
747 	}
748 #endif /* CONFIG_MIPS_FP_SUPPORT */
749 
750 #ifdef CONFIG_CPU_CAVIUM_OCTEON
751 	case lwc2_op: /* This is bbit0 on Octeon */
752 		if ((regs->regs[insn.i_format.rs] & (1ull<<insn.i_format.rt))
753 		     == 0)
754 			epc = epc + 4 + (insn.i_format.simmediate << 2);
755 		else
756 			epc += 8;
757 		regs->cp0_epc = epc;
758 		break;
759 	case ldc2_op: /* This is bbit032 on Octeon */
760 		if ((regs->regs[insn.i_format.rs] &
761 		    (1ull<<(insn.i_format.rt+32))) == 0)
762 			epc = epc + 4 + (insn.i_format.simmediate << 2);
763 		else
764 			epc += 8;
765 		regs->cp0_epc = epc;
766 		break;
767 	case swc2_op: /* This is bbit1 on Octeon */
768 		if (regs->regs[insn.i_format.rs] & (1ull<<insn.i_format.rt))
769 			epc = epc + 4 + (insn.i_format.simmediate << 2);
770 		else
771 			epc += 8;
772 		regs->cp0_epc = epc;
773 		break;
774 	case sdc2_op: /* This is bbit132 on Octeon */
775 		if (regs->regs[insn.i_format.rs] &
776 		    (1ull<<(insn.i_format.rt+32)))
777 			epc = epc + 4 + (insn.i_format.simmediate << 2);
778 		else
779 			epc += 8;
780 		regs->cp0_epc = epc;
781 		break;
782 #else
783 	case bc6_op:
784 		/* Only valid for MIPS R6 */
785 		if (!cpu_has_mips_r6)
786 			goto sigill_r6;
787 		regs->cp0_epc += 8;
788 		break;
789 	case balc6_op:
790 		if (!cpu_has_mips_r6)
791 			goto sigill_r6;
792 		/* Compact branch: BALC */
793 		regs->regs[31] = epc + 4;
794 		epc += 4 + (insn.i_format.simmediate << 2);
795 		regs->cp0_epc = epc;
796 		break;
797 	case pop66_op:
798 		if (!cpu_has_mips_r6)
799 			goto sigill_r6;
800 		/* Compact branch: BEQZC || JIC */
801 		regs->cp0_epc += 8;
802 		break;
803 	case pop76_op:
804 		if (!cpu_has_mips_r6)
805 			goto sigill_r6;
806 		/* Compact branch: BNEZC || JIALC */
807 		if (!insn.i_format.rs) {
808 			/* JIALC: set $31/ra */
809 			regs->regs[31] = epc + 4;
810 		}
811 		regs->cp0_epc += 8;
812 		break;
813 #endif
814 	case pop10_op:
815 	case pop30_op:
816 		/* Only valid for MIPS R6 */
817 		if (!cpu_has_mips_r6)
818 			goto sigill_r6;
819 		/*
820 		 * Compact branches:
821 		 * bovc, beqc, beqzalc, bnvc, bnec, bnezlac
822 		 */
823 		if (insn.i_format.rt && !insn.i_format.rs)
824 			regs->regs[31] = epc + 4;
825 		regs->cp0_epc += 8;
826 		break;
827 	}
828 
829 	return ret;
830 
831 sigill_dsp:
832 	pr_debug("%s: DSP branch but not DSP ASE - sending SIGILL.\n",
833 		 current->comm);
834 	force_sig(SIGILL);
835 	return -EFAULT;
836 sigill_r2r6:
837 	pr_debug("%s: R2 branch but r2-to-r6 emulator is not present - sending SIGILL.\n",
838 		 current->comm);
839 	force_sig(SIGILL);
840 	return -EFAULT;
841 sigill_r6:
842 	pr_debug("%s: R6 branch but no MIPSr6 ISA support - sending SIGILL.\n",
843 		 current->comm);
844 	force_sig(SIGILL);
845 	return -EFAULT;
846 }
847 EXPORT_SYMBOL_GPL(__compute_return_epc_for_insn);
848 
__compute_return_epc(struct pt_regs * regs)849 int __compute_return_epc(struct pt_regs *regs)
850 {
851 	unsigned int __user *addr;
852 	long epc;
853 	union mips_instruction insn;
854 
855 	epc = regs->cp0_epc;
856 	if (epc & 3)
857 		goto unaligned;
858 
859 	/*
860 	 * Read the instruction
861 	 */
862 	addr = (unsigned int __user *) epc;
863 	if (__get_user(insn.word, addr)) {
864 		force_sig(SIGSEGV);
865 		return -EFAULT;
866 	}
867 
868 	return __compute_return_epc_for_insn(regs, insn);
869 
870 unaligned:
871 	printk("%s: unaligned epc - sending SIGBUS.\n", current->comm);
872 	force_sig(SIGBUS);
873 	return -EFAULT;
874 }
875 
876 #if (defined CONFIG_KPROBES) || (defined CONFIG_UPROBES)
877 
__insn_is_compact_branch(union mips_instruction insn)878 int __insn_is_compact_branch(union mips_instruction insn)
879 {
880 	if (!cpu_has_mips_r6)
881 		return 0;
882 
883 	switch (insn.i_format.opcode) {
884 	case blezl_op:
885 	case bgtzl_op:
886 	case blez_op:
887 	case bgtz_op:
888 		/*
889 		 * blez[l] and bgtz[l] opcodes with non-zero rt
890 		 * are MIPS R6 compact branches
891 		 */
892 		if (insn.i_format.rt)
893 			return 1;
894 		break;
895 	case bc6_op:
896 	case balc6_op:
897 	case pop10_op:
898 	case pop30_op:
899 	case pop66_op:
900 	case pop76_op:
901 		return 1;
902 	}
903 
904 	return 0;
905 }
906 EXPORT_SYMBOL_GPL(__insn_is_compact_branch);
907 
908 #endif  /* CONFIG_KPROBES || CONFIG_UPROBES */
909