1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * Single-step support.
4  *
5  * Copyright (C) 2004 Paul Mackerras <paulus@au.ibm.com>, IBM
6  */
7 #include <linux/kernel.h>
8 #include <linux/kprobes.h>
9 #include <linux/ptrace.h>
10 #include <linux/prefetch.h>
11 #include <asm/sstep.h>
12 #include <asm/processor.h>
13 #include <linux/uaccess.h>
14 #include <asm/cpu_has_feature.h>
15 #include <asm/cputable.h>
16 
17 extern char system_call_common[];
18 
19 #ifdef CONFIG_PPC64
20 /* Bits in SRR1 that are copied from MSR */
21 #define MSR_MASK	0xffffffff87c0ffffUL
22 #else
23 #define MSR_MASK	0x87c0ffff
24 #endif
25 
26 /* Bits in XER */
27 #define XER_SO		0x80000000U
28 #define XER_OV		0x40000000U
29 #define XER_CA		0x20000000U
30 #define XER_OV32	0x00080000U
31 #define XER_CA32	0x00040000U
32 
33 #ifdef CONFIG_PPC_FPU
34 /*
35  * Functions in ldstfp.S
36  */
37 extern void get_fpr(int rn, double *p);
38 extern void put_fpr(int rn, const double *p);
39 extern void get_vr(int rn, __vector128 *p);
40 extern void put_vr(int rn, __vector128 *p);
41 extern void load_vsrn(int vsr, const void *p);
42 extern void store_vsrn(int vsr, void *p);
43 extern void conv_sp_to_dp(const float *sp, double *dp);
44 extern void conv_dp_to_sp(const double *dp, float *sp);
45 #endif
46 
47 #ifdef __powerpc64__
48 /*
49  * Functions in quad.S
50  */
51 extern int do_lq(unsigned long ea, unsigned long *regs);
52 extern int do_stq(unsigned long ea, unsigned long val0, unsigned long val1);
53 extern int do_lqarx(unsigned long ea, unsigned long *regs);
54 extern int do_stqcx(unsigned long ea, unsigned long val0, unsigned long val1,
55 		    unsigned int *crp);
56 #endif
57 
58 #ifdef __LITTLE_ENDIAN__
59 #define IS_LE	1
60 #define IS_BE	0
61 #else
62 #define IS_LE	0
63 #define IS_BE	1
64 #endif
65 
66 /*
67  * Emulate the truncation of 64 bit values in 32-bit mode.
68  */
truncate_if_32bit(unsigned long msr,unsigned long val)69 static nokprobe_inline unsigned long truncate_if_32bit(unsigned long msr,
70 							unsigned long val)
71 {
72 #ifdef __powerpc64__
73 	if ((msr & MSR_64BIT) == 0)
74 		val &= 0xffffffffUL;
75 #endif
76 	return val;
77 }
78 
79 /*
80  * Determine whether a conditional branch instruction would branch.
81  */
branch_taken(unsigned int instr,const struct pt_regs * regs,struct instruction_op * op)82 static nokprobe_inline int branch_taken(unsigned int instr,
83 					const struct pt_regs *regs,
84 					struct instruction_op *op)
85 {
86 	unsigned int bo = (instr >> 21) & 0x1f;
87 	unsigned int bi;
88 
89 	if ((bo & 4) == 0) {
90 		/* decrement counter */
91 		op->type |= DECCTR;
92 		if (((bo >> 1) & 1) ^ (regs->ctr == 1))
93 			return 0;
94 	}
95 	if ((bo & 0x10) == 0) {
96 		/* check bit from CR */
97 		bi = (instr >> 16) & 0x1f;
98 		if (((regs->ccr >> (31 - bi)) & 1) != ((bo >> 3) & 1))
99 			return 0;
100 	}
101 	return 1;
102 }
103 
address_ok(struct pt_regs * regs,unsigned long ea,int nb)104 static nokprobe_inline long address_ok(struct pt_regs *regs,
105 				       unsigned long ea, int nb)
106 {
107 	if (!user_mode(regs))
108 		return 1;
109 	if (__access_ok(ea, nb, USER_DS))
110 		return 1;
111 	if (__access_ok(ea, 1, USER_DS))
112 		/* Access overlaps the end of the user region */
113 		regs->dar = USER_DS.seg;
114 	else
115 		regs->dar = ea;
116 	return 0;
117 }
118 
119 /*
120  * Calculate effective address for a D-form instruction
121  */
dform_ea(unsigned int instr,const struct pt_regs * regs)122 static nokprobe_inline unsigned long dform_ea(unsigned int instr,
123 					      const struct pt_regs *regs)
124 {
125 	int ra;
126 	unsigned long ea;
127 
128 	ra = (instr >> 16) & 0x1f;
129 	ea = (signed short) instr;		/* sign-extend */
130 	if (ra)
131 		ea += regs->gpr[ra];
132 
133 	return ea;
134 }
135 
136 #ifdef __powerpc64__
137 /*
138  * Calculate effective address for a DS-form instruction
139  */
dsform_ea(unsigned int instr,const struct pt_regs * regs)140 static nokprobe_inline unsigned long dsform_ea(unsigned int instr,
141 					       const struct pt_regs *regs)
142 {
143 	int ra;
144 	unsigned long ea;
145 
146 	ra = (instr >> 16) & 0x1f;
147 	ea = (signed short) (instr & ~3);	/* sign-extend */
148 	if (ra)
149 		ea += regs->gpr[ra];
150 
151 	return ea;
152 }
153 
154 /*
155  * Calculate effective address for a DQ-form instruction
156  */
dqform_ea(unsigned int instr,const struct pt_regs * regs)157 static nokprobe_inline unsigned long dqform_ea(unsigned int instr,
158 					       const struct pt_regs *regs)
159 {
160 	int ra;
161 	unsigned long ea;
162 
163 	ra = (instr >> 16) & 0x1f;
164 	ea = (signed short) (instr & ~0xf);	/* sign-extend */
165 	if (ra)
166 		ea += regs->gpr[ra];
167 
168 	return ea;
169 }
170 #endif /* __powerpc64 */
171 
172 /*
173  * Calculate effective address for an X-form instruction
174  */
xform_ea(unsigned int instr,const struct pt_regs * regs)175 static nokprobe_inline unsigned long xform_ea(unsigned int instr,
176 					      const struct pt_regs *regs)
177 {
178 	int ra, rb;
179 	unsigned long ea;
180 
181 	ra = (instr >> 16) & 0x1f;
182 	rb = (instr >> 11) & 0x1f;
183 	ea = regs->gpr[rb];
184 	if (ra)
185 		ea += regs->gpr[ra];
186 
187 	return ea;
188 }
189 
190 /*
191  * Return the largest power of 2, not greater than sizeof(unsigned long),
192  * such that x is a multiple of it.
193  */
max_align(unsigned long x)194 static nokprobe_inline unsigned long max_align(unsigned long x)
195 {
196 	x |= sizeof(unsigned long);
197 	return x & -x;		/* isolates rightmost bit */
198 }
199 
byterev_2(unsigned long x)200 static nokprobe_inline unsigned long byterev_2(unsigned long x)
201 {
202 	return ((x >> 8) & 0xff) | ((x & 0xff) << 8);
203 }
204 
byterev_4(unsigned long x)205 static nokprobe_inline unsigned long byterev_4(unsigned long x)
206 {
207 	return ((x >> 24) & 0xff) | ((x >> 8) & 0xff00) |
208 		((x & 0xff00) << 8) | ((x & 0xff) << 24);
209 }
210 
211 #ifdef __powerpc64__
byterev_8(unsigned long x)212 static nokprobe_inline unsigned long byterev_8(unsigned long x)
213 {
214 	return (byterev_4(x) << 32) | byterev_4(x >> 32);
215 }
216 #endif
217 
do_byte_reverse(void * ptr,int nb)218 static nokprobe_inline void do_byte_reverse(void *ptr, int nb)
219 {
220 	switch (nb) {
221 	case 2:
222 		*(u16 *)ptr = byterev_2(*(u16 *)ptr);
223 		break;
224 	case 4:
225 		*(u32 *)ptr = byterev_4(*(u32 *)ptr);
226 		break;
227 #ifdef __powerpc64__
228 	case 8:
229 		*(unsigned long *)ptr = byterev_8(*(unsigned long *)ptr);
230 		break;
231 	case 16: {
232 		unsigned long *up = (unsigned long *)ptr;
233 		unsigned long tmp;
234 		tmp = byterev_8(up[0]);
235 		up[0] = byterev_8(up[1]);
236 		up[1] = tmp;
237 		break;
238 	}
239 #endif
240 	default:
241 		WARN_ON_ONCE(1);
242 	}
243 }
244 
read_mem_aligned(unsigned long * dest,unsigned long ea,int nb,struct pt_regs * regs)245 static nokprobe_inline int read_mem_aligned(unsigned long *dest,
246 					    unsigned long ea, int nb,
247 					    struct pt_regs *regs)
248 {
249 	int err = 0;
250 	unsigned long x = 0;
251 
252 	switch (nb) {
253 	case 1:
254 		err = __get_user(x, (unsigned char __user *) ea);
255 		break;
256 	case 2:
257 		err = __get_user(x, (unsigned short __user *) ea);
258 		break;
259 	case 4:
260 		err = __get_user(x, (unsigned int __user *) ea);
261 		break;
262 #ifdef __powerpc64__
263 	case 8:
264 		err = __get_user(x, (unsigned long __user *) ea);
265 		break;
266 #endif
267 	}
268 	if (!err)
269 		*dest = x;
270 	else
271 		regs->dar = ea;
272 	return err;
273 }
274 
275 /*
276  * Copy from userspace to a buffer, using the largest possible
277  * aligned accesses, up to sizeof(long).
278  */
copy_mem_in(u8 * dest,unsigned long ea,int nb,struct pt_regs * regs)279 static nokprobe_inline int copy_mem_in(u8 *dest, unsigned long ea, int nb,
280 				       struct pt_regs *regs)
281 {
282 	int err = 0;
283 	int c;
284 
285 	for (; nb > 0; nb -= c) {
286 		c = max_align(ea);
287 		if (c > nb)
288 			c = max_align(nb);
289 		switch (c) {
290 		case 1:
291 			err = __get_user(*dest, (unsigned char __user *) ea);
292 			break;
293 		case 2:
294 			err = __get_user(*(u16 *)dest,
295 					 (unsigned short __user *) ea);
296 			break;
297 		case 4:
298 			err = __get_user(*(u32 *)dest,
299 					 (unsigned int __user *) ea);
300 			break;
301 #ifdef __powerpc64__
302 		case 8:
303 			err = __get_user(*(unsigned long *)dest,
304 					 (unsigned long __user *) ea);
305 			break;
306 #endif
307 		}
308 		if (err) {
309 			regs->dar = ea;
310 			return err;
311 		}
312 		dest += c;
313 		ea += c;
314 	}
315 	return 0;
316 }
317 
read_mem_unaligned(unsigned long * dest,unsigned long ea,int nb,struct pt_regs * regs)318 static nokprobe_inline int read_mem_unaligned(unsigned long *dest,
319 					      unsigned long ea, int nb,
320 					      struct pt_regs *regs)
321 {
322 	union {
323 		unsigned long ul;
324 		u8 b[sizeof(unsigned long)];
325 	} u;
326 	int i;
327 	int err;
328 
329 	u.ul = 0;
330 	i = IS_BE ? sizeof(unsigned long) - nb : 0;
331 	err = copy_mem_in(&u.b[i], ea, nb, regs);
332 	if (!err)
333 		*dest = u.ul;
334 	return err;
335 }
336 
337 /*
338  * Read memory at address ea for nb bytes, return 0 for success
339  * or -EFAULT if an error occurred.  N.B. nb must be 1, 2, 4 or 8.
340  * If nb < sizeof(long), the result is right-justified on BE systems.
341  */
read_mem(unsigned long * dest,unsigned long ea,int nb,struct pt_regs * regs)342 static int read_mem(unsigned long *dest, unsigned long ea, int nb,
343 			      struct pt_regs *regs)
344 {
345 	if (!address_ok(regs, ea, nb))
346 		return -EFAULT;
347 	if ((ea & (nb - 1)) == 0)
348 		return read_mem_aligned(dest, ea, nb, regs);
349 	return read_mem_unaligned(dest, ea, nb, regs);
350 }
351 NOKPROBE_SYMBOL(read_mem);
352 
write_mem_aligned(unsigned long val,unsigned long ea,int nb,struct pt_regs * regs)353 static nokprobe_inline int write_mem_aligned(unsigned long val,
354 					     unsigned long ea, int nb,
355 					     struct pt_regs *regs)
356 {
357 	int err = 0;
358 
359 	switch (nb) {
360 	case 1:
361 		err = __put_user(val, (unsigned char __user *) ea);
362 		break;
363 	case 2:
364 		err = __put_user(val, (unsigned short __user *) ea);
365 		break;
366 	case 4:
367 		err = __put_user(val, (unsigned int __user *) ea);
368 		break;
369 #ifdef __powerpc64__
370 	case 8:
371 		err = __put_user(val, (unsigned long __user *) ea);
372 		break;
373 #endif
374 	}
375 	if (err)
376 		regs->dar = ea;
377 	return err;
378 }
379 
380 /*
381  * Copy from a buffer to userspace, using the largest possible
382  * aligned accesses, up to sizeof(long).
383  */
copy_mem_out(u8 * dest,unsigned long ea,int nb,struct pt_regs * regs)384 static nokprobe_inline int copy_mem_out(u8 *dest, unsigned long ea, int nb,
385 					struct pt_regs *regs)
386 {
387 	int err = 0;
388 	int c;
389 
390 	for (; nb > 0; nb -= c) {
391 		c = max_align(ea);
392 		if (c > nb)
393 			c = max_align(nb);
394 		switch (c) {
395 		case 1:
396 			err = __put_user(*dest, (unsigned char __user *) ea);
397 			break;
398 		case 2:
399 			err = __put_user(*(u16 *)dest,
400 					 (unsigned short __user *) ea);
401 			break;
402 		case 4:
403 			err = __put_user(*(u32 *)dest,
404 					 (unsigned int __user *) ea);
405 			break;
406 #ifdef __powerpc64__
407 		case 8:
408 			err = __put_user(*(unsigned long *)dest,
409 					 (unsigned long __user *) ea);
410 			break;
411 #endif
412 		}
413 		if (err) {
414 			regs->dar = ea;
415 			return err;
416 		}
417 		dest += c;
418 		ea += c;
419 	}
420 	return 0;
421 }
422 
write_mem_unaligned(unsigned long val,unsigned long ea,int nb,struct pt_regs * regs)423 static nokprobe_inline int write_mem_unaligned(unsigned long val,
424 					       unsigned long ea, int nb,
425 					       struct pt_regs *regs)
426 {
427 	union {
428 		unsigned long ul;
429 		u8 b[sizeof(unsigned long)];
430 	} u;
431 	int i;
432 
433 	u.ul = val;
434 	i = IS_BE ? sizeof(unsigned long) - nb : 0;
435 	return copy_mem_out(&u.b[i], ea, nb, regs);
436 }
437 
438 /*
439  * Write memory at address ea for nb bytes, return 0 for success
440  * or -EFAULT if an error occurred.  N.B. nb must be 1, 2, 4 or 8.
441  */
write_mem(unsigned long val,unsigned long ea,int nb,struct pt_regs * regs)442 static int write_mem(unsigned long val, unsigned long ea, int nb,
443 			       struct pt_regs *regs)
444 {
445 	if (!address_ok(regs, ea, nb))
446 		return -EFAULT;
447 	if ((ea & (nb - 1)) == 0)
448 		return write_mem_aligned(val, ea, nb, regs);
449 	return write_mem_unaligned(val, ea, nb, regs);
450 }
451 NOKPROBE_SYMBOL(write_mem);
452 
453 #ifdef CONFIG_PPC_FPU
454 /*
455  * These access either the real FP register or the image in the
456  * thread_struct, depending on regs->msr & MSR_FP.
457  */
do_fp_load(struct instruction_op * op,unsigned long ea,struct pt_regs * regs,bool cross_endian)458 static int do_fp_load(struct instruction_op *op, unsigned long ea,
459 		      struct pt_regs *regs, bool cross_endian)
460 {
461 	int err, rn, nb;
462 	union {
463 		int i;
464 		unsigned int u;
465 		float f;
466 		double d[2];
467 		unsigned long l[2];
468 		u8 b[2 * sizeof(double)];
469 	} u;
470 
471 	nb = GETSIZE(op->type);
472 	if (!address_ok(regs, ea, nb))
473 		return -EFAULT;
474 	rn = op->reg;
475 	err = copy_mem_in(u.b, ea, nb, regs);
476 	if (err)
477 		return err;
478 	if (unlikely(cross_endian)) {
479 		do_byte_reverse(u.b, min(nb, 8));
480 		if (nb == 16)
481 			do_byte_reverse(&u.b[8], 8);
482 	}
483 	preempt_disable();
484 	if (nb == 4) {
485 		if (op->type & FPCONV)
486 			conv_sp_to_dp(&u.f, &u.d[0]);
487 		else if (op->type & SIGNEXT)
488 			u.l[0] = u.i;
489 		else
490 			u.l[0] = u.u;
491 	}
492 	if (regs->msr & MSR_FP)
493 		put_fpr(rn, &u.d[0]);
494 	else
495 		current->thread.TS_FPR(rn) = u.l[0];
496 	if (nb == 16) {
497 		/* lfdp */
498 		rn |= 1;
499 		if (regs->msr & MSR_FP)
500 			put_fpr(rn, &u.d[1]);
501 		else
502 			current->thread.TS_FPR(rn) = u.l[1];
503 	}
504 	preempt_enable();
505 	return 0;
506 }
507 NOKPROBE_SYMBOL(do_fp_load);
508 
do_fp_store(struct instruction_op * op,unsigned long ea,struct pt_regs * regs,bool cross_endian)509 static int do_fp_store(struct instruction_op *op, unsigned long ea,
510 		       struct pt_regs *regs, bool cross_endian)
511 {
512 	int rn, nb;
513 	union {
514 		unsigned int u;
515 		float f;
516 		double d[2];
517 		unsigned long l[2];
518 		u8 b[2 * sizeof(double)];
519 	} u;
520 
521 	nb = GETSIZE(op->type);
522 	if (!address_ok(regs, ea, nb))
523 		return -EFAULT;
524 	rn = op->reg;
525 	preempt_disable();
526 	if (regs->msr & MSR_FP)
527 		get_fpr(rn, &u.d[0]);
528 	else
529 		u.l[0] = current->thread.TS_FPR(rn);
530 	if (nb == 4) {
531 		if (op->type & FPCONV)
532 			conv_dp_to_sp(&u.d[0], &u.f);
533 		else
534 			u.u = u.l[0];
535 	}
536 	if (nb == 16) {
537 		rn |= 1;
538 		if (regs->msr & MSR_FP)
539 			get_fpr(rn, &u.d[1]);
540 		else
541 			u.l[1] = current->thread.TS_FPR(rn);
542 	}
543 	preempt_enable();
544 	if (unlikely(cross_endian)) {
545 		do_byte_reverse(u.b, min(nb, 8));
546 		if (nb == 16)
547 			do_byte_reverse(&u.b[8], 8);
548 	}
549 	return copy_mem_out(u.b, ea, nb, regs);
550 }
551 NOKPROBE_SYMBOL(do_fp_store);
552 #endif
553 
554 #ifdef CONFIG_ALTIVEC
555 /* For Altivec/VMX, no need to worry about alignment */
do_vec_load(int rn,unsigned long ea,int size,struct pt_regs * regs,bool cross_endian)556 static nokprobe_inline int do_vec_load(int rn, unsigned long ea,
557 				       int size, struct pt_regs *regs,
558 				       bool cross_endian)
559 {
560 	int err;
561 	union {
562 		__vector128 v;
563 		u8 b[sizeof(__vector128)];
564 	} u = {};
565 
566 	if (!address_ok(regs, ea & ~0xfUL, 16))
567 		return -EFAULT;
568 	/* align to multiple of size */
569 	ea &= ~(size - 1);
570 	err = copy_mem_in(&u.b[ea & 0xf], ea, size, regs);
571 	if (err)
572 		return err;
573 	if (unlikely(cross_endian))
574 		do_byte_reverse(&u.b[ea & 0xf], size);
575 	preempt_disable();
576 	if (regs->msr & MSR_VEC)
577 		put_vr(rn, &u.v);
578 	else
579 		current->thread.vr_state.vr[rn] = u.v;
580 	preempt_enable();
581 	return 0;
582 }
583 
do_vec_store(int rn,unsigned long ea,int size,struct pt_regs * regs,bool cross_endian)584 static nokprobe_inline int do_vec_store(int rn, unsigned long ea,
585 					int size, struct pt_regs *regs,
586 					bool cross_endian)
587 {
588 	union {
589 		__vector128 v;
590 		u8 b[sizeof(__vector128)];
591 	} u;
592 
593 	if (!address_ok(regs, ea & ~0xfUL, 16))
594 		return -EFAULT;
595 	/* align to multiple of size */
596 	ea &= ~(size - 1);
597 
598 	preempt_disable();
599 	if (regs->msr & MSR_VEC)
600 		get_vr(rn, &u.v);
601 	else
602 		u.v = current->thread.vr_state.vr[rn];
603 	preempt_enable();
604 	if (unlikely(cross_endian))
605 		do_byte_reverse(&u.b[ea & 0xf], size);
606 	return copy_mem_out(&u.b[ea & 0xf], ea, size, regs);
607 }
608 #endif /* CONFIG_ALTIVEC */
609 
610 #ifdef __powerpc64__
emulate_lq(struct pt_regs * regs,unsigned long ea,int reg,bool cross_endian)611 static nokprobe_inline int emulate_lq(struct pt_regs *regs, unsigned long ea,
612 				      int reg, bool cross_endian)
613 {
614 	int err;
615 
616 	if (!address_ok(regs, ea, 16))
617 		return -EFAULT;
618 	/* if aligned, should be atomic */
619 	if ((ea & 0xf) == 0) {
620 		err = do_lq(ea, &regs->gpr[reg]);
621 	} else {
622 		err = read_mem(&regs->gpr[reg + IS_LE], ea, 8, regs);
623 		if (!err)
624 			err = read_mem(&regs->gpr[reg + IS_BE], ea + 8, 8, regs);
625 	}
626 	if (!err && unlikely(cross_endian))
627 		do_byte_reverse(&regs->gpr[reg], 16);
628 	return err;
629 }
630 
emulate_stq(struct pt_regs * regs,unsigned long ea,int reg,bool cross_endian)631 static nokprobe_inline int emulate_stq(struct pt_regs *regs, unsigned long ea,
632 				       int reg, bool cross_endian)
633 {
634 	int err;
635 	unsigned long vals[2];
636 
637 	if (!address_ok(regs, ea, 16))
638 		return -EFAULT;
639 	vals[0] = regs->gpr[reg];
640 	vals[1] = regs->gpr[reg + 1];
641 	if (unlikely(cross_endian))
642 		do_byte_reverse(vals, 16);
643 
644 	/* if aligned, should be atomic */
645 	if ((ea & 0xf) == 0)
646 		return do_stq(ea, vals[0], vals[1]);
647 
648 	err = write_mem(vals[IS_LE], ea, 8, regs);
649 	if (!err)
650 		err = write_mem(vals[IS_BE], ea + 8, 8, regs);
651 	return err;
652 }
653 #endif /* __powerpc64 */
654 
655 #ifdef CONFIG_VSX
emulate_vsx_load(struct instruction_op * op,union vsx_reg * reg,const void * mem,bool rev)656 void emulate_vsx_load(struct instruction_op *op, union vsx_reg *reg,
657 		      const void *mem, bool rev)
658 {
659 	int size, read_size;
660 	int i, j;
661 	const unsigned int *wp;
662 	const unsigned short *hp;
663 	const unsigned char *bp;
664 
665 	size = GETSIZE(op->type);
666 	reg->d[0] = reg->d[1] = 0;
667 
668 	switch (op->element_size) {
669 	case 16:
670 		/* whole vector; lxv[x] or lxvl[l] */
671 		if (size == 0)
672 			break;
673 		memcpy(reg, mem, size);
674 		if (IS_LE && (op->vsx_flags & VSX_LDLEFT))
675 			rev = !rev;
676 		if (rev)
677 			do_byte_reverse(reg, 16);
678 		break;
679 	case 8:
680 		/* scalar loads, lxvd2x, lxvdsx */
681 		read_size = (size >= 8) ? 8 : size;
682 		i = IS_LE ? 8 : 8 - read_size;
683 		memcpy(&reg->b[i], mem, read_size);
684 		if (rev)
685 			do_byte_reverse(&reg->b[i], 8);
686 		if (size < 8) {
687 			if (op->type & SIGNEXT) {
688 				/* size == 4 is the only case here */
689 				reg->d[IS_LE] = (signed int) reg->d[IS_LE];
690 			} else if (op->vsx_flags & VSX_FPCONV) {
691 				preempt_disable();
692 				conv_sp_to_dp(&reg->fp[1 + IS_LE],
693 					      &reg->dp[IS_LE]);
694 				preempt_enable();
695 			}
696 		} else {
697 			if (size == 16) {
698 				unsigned long v = *(unsigned long *)(mem + 8);
699 				reg->d[IS_BE] = !rev ? v : byterev_8(v);
700 			} else if (op->vsx_flags & VSX_SPLAT)
701 				reg->d[IS_BE] = reg->d[IS_LE];
702 		}
703 		break;
704 	case 4:
705 		/* lxvw4x, lxvwsx */
706 		wp = mem;
707 		for (j = 0; j < size / 4; ++j) {
708 			i = IS_LE ? 3 - j : j;
709 			reg->w[i] = !rev ? *wp++ : byterev_4(*wp++);
710 		}
711 		if (op->vsx_flags & VSX_SPLAT) {
712 			u32 val = reg->w[IS_LE ? 3 : 0];
713 			for (; j < 4; ++j) {
714 				i = IS_LE ? 3 - j : j;
715 				reg->w[i] = val;
716 			}
717 		}
718 		break;
719 	case 2:
720 		/* lxvh8x */
721 		hp = mem;
722 		for (j = 0; j < size / 2; ++j) {
723 			i = IS_LE ? 7 - j : j;
724 			reg->h[i] = !rev ? *hp++ : byterev_2(*hp++);
725 		}
726 		break;
727 	case 1:
728 		/* lxvb16x */
729 		bp = mem;
730 		for (j = 0; j < size; ++j) {
731 			i = IS_LE ? 15 - j : j;
732 			reg->b[i] = *bp++;
733 		}
734 		break;
735 	}
736 }
737 EXPORT_SYMBOL_GPL(emulate_vsx_load);
738 NOKPROBE_SYMBOL(emulate_vsx_load);
739 
emulate_vsx_store(struct instruction_op * op,const union vsx_reg * reg,void * mem,bool rev)740 void emulate_vsx_store(struct instruction_op *op, const union vsx_reg *reg,
741 		       void *mem, bool rev)
742 {
743 	int size, write_size;
744 	int i, j;
745 	union vsx_reg buf;
746 	unsigned int *wp;
747 	unsigned short *hp;
748 	unsigned char *bp;
749 
750 	size = GETSIZE(op->type);
751 
752 	switch (op->element_size) {
753 	case 16:
754 		/* stxv, stxvx, stxvl, stxvll */
755 		if (size == 0)
756 			break;
757 		if (IS_LE && (op->vsx_flags & VSX_LDLEFT))
758 			rev = !rev;
759 		if (rev) {
760 			/* reverse 16 bytes */
761 			buf.d[0] = byterev_8(reg->d[1]);
762 			buf.d[1] = byterev_8(reg->d[0]);
763 			reg = &buf;
764 		}
765 		memcpy(mem, reg, size);
766 		break;
767 	case 8:
768 		/* scalar stores, stxvd2x */
769 		write_size = (size >= 8) ? 8 : size;
770 		i = IS_LE ? 8 : 8 - write_size;
771 		if (size < 8 && op->vsx_flags & VSX_FPCONV) {
772 			buf.d[0] = buf.d[1] = 0;
773 			preempt_disable();
774 			conv_dp_to_sp(&reg->dp[IS_LE], &buf.fp[1 + IS_LE]);
775 			preempt_enable();
776 			reg = &buf;
777 		}
778 		memcpy(mem, &reg->b[i], write_size);
779 		if (size == 16)
780 			memcpy(mem + 8, &reg->d[IS_BE], 8);
781 		if (unlikely(rev)) {
782 			do_byte_reverse(mem, write_size);
783 			if (size == 16)
784 				do_byte_reverse(mem + 8, 8);
785 		}
786 		break;
787 	case 4:
788 		/* stxvw4x */
789 		wp = mem;
790 		for (j = 0; j < size / 4; ++j) {
791 			i = IS_LE ? 3 - j : j;
792 			*wp++ = !rev ? reg->w[i] : byterev_4(reg->w[i]);
793 		}
794 		break;
795 	case 2:
796 		/* stxvh8x */
797 		hp = mem;
798 		for (j = 0; j < size / 2; ++j) {
799 			i = IS_LE ? 7 - j : j;
800 			*hp++ = !rev ? reg->h[i] : byterev_2(reg->h[i]);
801 		}
802 		break;
803 	case 1:
804 		/* stvxb16x */
805 		bp = mem;
806 		for (j = 0; j < size; ++j) {
807 			i = IS_LE ? 15 - j : j;
808 			*bp++ = reg->b[i];
809 		}
810 		break;
811 	}
812 }
813 EXPORT_SYMBOL_GPL(emulate_vsx_store);
814 NOKPROBE_SYMBOL(emulate_vsx_store);
815 
do_vsx_load(struct instruction_op * op,unsigned long ea,struct pt_regs * regs,bool cross_endian)816 static nokprobe_inline int do_vsx_load(struct instruction_op *op,
817 				       unsigned long ea, struct pt_regs *regs,
818 				       bool cross_endian)
819 {
820 	int reg = op->reg;
821 	u8 mem[16];
822 	union vsx_reg buf;
823 	int size = GETSIZE(op->type);
824 
825 	if (!address_ok(regs, ea, size) || copy_mem_in(mem, ea, size, regs))
826 		return -EFAULT;
827 
828 	emulate_vsx_load(op, &buf, mem, cross_endian);
829 	preempt_disable();
830 	if (reg < 32) {
831 		/* FP regs + extensions */
832 		if (regs->msr & MSR_FP) {
833 			load_vsrn(reg, &buf);
834 		} else {
835 			current->thread.fp_state.fpr[reg][0] = buf.d[0];
836 			current->thread.fp_state.fpr[reg][1] = buf.d[1];
837 		}
838 	} else {
839 		if (regs->msr & MSR_VEC)
840 			load_vsrn(reg, &buf);
841 		else
842 			current->thread.vr_state.vr[reg - 32] = buf.v;
843 	}
844 	preempt_enable();
845 	return 0;
846 }
847 
do_vsx_store(struct instruction_op * op,unsigned long ea,struct pt_regs * regs,bool cross_endian)848 static nokprobe_inline int do_vsx_store(struct instruction_op *op,
849 					unsigned long ea, struct pt_regs *regs,
850 					bool cross_endian)
851 {
852 	int reg = op->reg;
853 	u8 mem[16];
854 	union vsx_reg buf;
855 	int size = GETSIZE(op->type);
856 
857 	if (!address_ok(regs, ea, size))
858 		return -EFAULT;
859 
860 	preempt_disable();
861 	if (reg < 32) {
862 		/* FP regs + extensions */
863 		if (regs->msr & MSR_FP) {
864 			store_vsrn(reg, &buf);
865 		} else {
866 			buf.d[0] = current->thread.fp_state.fpr[reg][0];
867 			buf.d[1] = current->thread.fp_state.fpr[reg][1];
868 		}
869 	} else {
870 		if (regs->msr & MSR_VEC)
871 			store_vsrn(reg, &buf);
872 		else
873 			buf.v = current->thread.vr_state.vr[reg - 32];
874 	}
875 	preempt_enable();
876 	emulate_vsx_store(op, &buf, mem, cross_endian);
877 	return  copy_mem_out(mem, ea, size, regs);
878 }
879 #endif /* CONFIG_VSX */
880 
emulate_dcbz(unsigned long ea,struct pt_regs * regs)881 int emulate_dcbz(unsigned long ea, struct pt_regs *regs)
882 {
883 	int err;
884 	unsigned long i, size;
885 
886 #ifdef __powerpc64__
887 	size = ppc64_caches.l1d.block_size;
888 	if (!(regs->msr & MSR_64BIT))
889 		ea &= 0xffffffffUL;
890 #else
891 	size = L1_CACHE_BYTES;
892 #endif
893 	ea &= ~(size - 1);
894 	if (!address_ok(regs, ea, size))
895 		return -EFAULT;
896 	for (i = 0; i < size; i += sizeof(long)) {
897 		err = __put_user(0, (unsigned long __user *) (ea + i));
898 		if (err) {
899 			regs->dar = ea;
900 			return err;
901 		}
902 	}
903 	return 0;
904 }
905 NOKPROBE_SYMBOL(emulate_dcbz);
906 
907 #define __put_user_asmx(x, addr, err, op, cr)		\
908 	__asm__ __volatile__(				\
909 		"1:	" op " %2,0,%3\n"		\
910 		"	mfcr	%1\n"			\
911 		"2:\n"					\
912 		".section .fixup,\"ax\"\n"		\
913 		"3:	li	%0,%4\n"		\
914 		"	b	2b\n"			\
915 		".previous\n"				\
916 		EX_TABLE(1b, 3b)			\
917 		: "=r" (err), "=r" (cr)			\
918 		: "r" (x), "r" (addr), "i" (-EFAULT), "0" (err))
919 
920 #define __get_user_asmx(x, addr, err, op)		\
921 	__asm__ __volatile__(				\
922 		"1:	"op" %1,0,%2\n"			\
923 		"2:\n"					\
924 		".section .fixup,\"ax\"\n"		\
925 		"3:	li	%0,%3\n"		\
926 		"	b	2b\n"			\
927 		".previous\n"				\
928 		EX_TABLE(1b, 3b)			\
929 		: "=r" (err), "=r" (x)			\
930 		: "r" (addr), "i" (-EFAULT), "0" (err))
931 
932 #define __cacheop_user_asmx(addr, err, op)		\
933 	__asm__ __volatile__(				\
934 		"1:	"op" 0,%1\n"			\
935 		"2:\n"					\
936 		".section .fixup,\"ax\"\n"		\
937 		"3:	li	%0,%3\n"		\
938 		"	b	2b\n"			\
939 		".previous\n"				\
940 		EX_TABLE(1b, 3b)			\
941 		: "=r" (err)				\
942 		: "r" (addr), "i" (-EFAULT), "0" (err))
943 
set_cr0(const struct pt_regs * regs,struct instruction_op * op)944 static nokprobe_inline void set_cr0(const struct pt_regs *regs,
945 				    struct instruction_op *op)
946 {
947 	long val = op->val;
948 
949 	op->type |= SETCC;
950 	op->ccval = (regs->ccr & 0x0fffffff) | ((regs->xer >> 3) & 0x10000000);
951 #ifdef __powerpc64__
952 	if (!(regs->msr & MSR_64BIT))
953 		val = (int) val;
954 #endif
955 	if (val < 0)
956 		op->ccval |= 0x80000000;
957 	else if (val > 0)
958 		op->ccval |= 0x40000000;
959 	else
960 		op->ccval |= 0x20000000;
961 }
962 
set_ca32(struct instruction_op * op,bool val)963 static nokprobe_inline void set_ca32(struct instruction_op *op, bool val)
964 {
965 	if (cpu_has_feature(CPU_FTR_ARCH_300)) {
966 		if (val)
967 			op->xerval |= XER_CA32;
968 		else
969 			op->xerval &= ~XER_CA32;
970 	}
971 }
972 
add_with_carry(const struct pt_regs * regs,struct instruction_op * op,int rd,unsigned long val1,unsigned long val2,unsigned long carry_in)973 static nokprobe_inline void add_with_carry(const struct pt_regs *regs,
974 				     struct instruction_op *op, int rd,
975 				     unsigned long val1, unsigned long val2,
976 				     unsigned long carry_in)
977 {
978 	unsigned long val = val1 + val2;
979 
980 	if (carry_in)
981 		++val;
982 	op->type = COMPUTE + SETREG + SETXER;
983 	op->reg = rd;
984 	op->val = val;
985 #ifdef __powerpc64__
986 	if (!(regs->msr & MSR_64BIT)) {
987 		val = (unsigned int) val;
988 		val1 = (unsigned int) val1;
989 	}
990 #endif
991 	op->xerval = regs->xer;
992 	if (val < val1 || (carry_in && val == val1))
993 		op->xerval |= XER_CA;
994 	else
995 		op->xerval &= ~XER_CA;
996 
997 	set_ca32(op, (unsigned int)val < (unsigned int)val1 ||
998 			(carry_in && (unsigned int)val == (unsigned int)val1));
999 }
1000 
do_cmp_signed(const struct pt_regs * regs,struct instruction_op * op,long v1,long v2,int crfld)1001 static nokprobe_inline void do_cmp_signed(const struct pt_regs *regs,
1002 					  struct instruction_op *op,
1003 					  long v1, long v2, int crfld)
1004 {
1005 	unsigned int crval, shift;
1006 
1007 	op->type = COMPUTE + SETCC;
1008 	crval = (regs->xer >> 31) & 1;		/* get SO bit */
1009 	if (v1 < v2)
1010 		crval |= 8;
1011 	else if (v1 > v2)
1012 		crval |= 4;
1013 	else
1014 		crval |= 2;
1015 	shift = (7 - crfld) * 4;
1016 	op->ccval = (regs->ccr & ~(0xf << shift)) | (crval << shift);
1017 }
1018 
do_cmp_unsigned(const struct pt_regs * regs,struct instruction_op * op,unsigned long v1,unsigned long v2,int crfld)1019 static nokprobe_inline void do_cmp_unsigned(const struct pt_regs *regs,
1020 					    struct instruction_op *op,
1021 					    unsigned long v1,
1022 					    unsigned long v2, int crfld)
1023 {
1024 	unsigned int crval, shift;
1025 
1026 	op->type = COMPUTE + SETCC;
1027 	crval = (regs->xer >> 31) & 1;		/* get SO bit */
1028 	if (v1 < v2)
1029 		crval |= 8;
1030 	else if (v1 > v2)
1031 		crval |= 4;
1032 	else
1033 		crval |= 2;
1034 	shift = (7 - crfld) * 4;
1035 	op->ccval = (regs->ccr & ~(0xf << shift)) | (crval << shift);
1036 }
1037 
do_cmpb(const struct pt_regs * regs,struct instruction_op * op,unsigned long v1,unsigned long v2)1038 static nokprobe_inline void do_cmpb(const struct pt_regs *regs,
1039 				    struct instruction_op *op,
1040 				    unsigned long v1, unsigned long v2)
1041 {
1042 	unsigned long long out_val, mask;
1043 	int i;
1044 
1045 	out_val = 0;
1046 	for (i = 0; i < 8; i++) {
1047 		mask = 0xffUL << (i * 8);
1048 		if ((v1 & mask) == (v2 & mask))
1049 			out_val |= mask;
1050 	}
1051 	op->val = out_val;
1052 }
1053 
1054 /*
1055  * The size parameter is used to adjust the equivalent popcnt instruction.
1056  * popcntb = 8, popcntw = 32, popcntd = 64
1057  */
do_popcnt(const struct pt_regs * regs,struct instruction_op * op,unsigned long v1,int size)1058 static nokprobe_inline void do_popcnt(const struct pt_regs *regs,
1059 				      struct instruction_op *op,
1060 				      unsigned long v1, int size)
1061 {
1062 	unsigned long long out = v1;
1063 
1064 	out -= (out >> 1) & 0x5555555555555555ULL;
1065 	out = (0x3333333333333333ULL & out) +
1066 	      (0x3333333333333333ULL & (out >> 2));
1067 	out = (out + (out >> 4)) & 0x0f0f0f0f0f0f0f0fULL;
1068 
1069 	if (size == 8) {	/* popcntb */
1070 		op->val = out;
1071 		return;
1072 	}
1073 	out += out >> 8;
1074 	out += out >> 16;
1075 	if (size == 32) {	/* popcntw */
1076 		op->val = out & 0x0000003f0000003fULL;
1077 		return;
1078 	}
1079 
1080 	out = (out + (out >> 32)) & 0x7f;
1081 	op->val = out;	/* popcntd */
1082 }
1083 
1084 #ifdef CONFIG_PPC64
do_bpermd(const struct pt_regs * regs,struct instruction_op * op,unsigned long v1,unsigned long v2)1085 static nokprobe_inline void do_bpermd(const struct pt_regs *regs,
1086 				      struct instruction_op *op,
1087 				      unsigned long v1, unsigned long v2)
1088 {
1089 	unsigned char perm, idx;
1090 	unsigned int i;
1091 
1092 	perm = 0;
1093 	for (i = 0; i < 8; i++) {
1094 		idx = (v1 >> (i * 8)) & 0xff;
1095 		if (idx < 64)
1096 			if (v2 & PPC_BIT(idx))
1097 				perm |= 1 << i;
1098 	}
1099 	op->val = perm;
1100 }
1101 #endif /* CONFIG_PPC64 */
1102 /*
1103  * The size parameter adjusts the equivalent prty instruction.
1104  * prtyw = 32, prtyd = 64
1105  */
do_prty(const struct pt_regs * regs,struct instruction_op * op,unsigned long v,int size)1106 static nokprobe_inline void do_prty(const struct pt_regs *regs,
1107 				    struct instruction_op *op,
1108 				    unsigned long v, int size)
1109 {
1110 	unsigned long long res = v ^ (v >> 8);
1111 
1112 	res ^= res >> 16;
1113 	if (size == 32) {		/* prtyw */
1114 		op->val = res & 0x0000000100000001ULL;
1115 		return;
1116 	}
1117 
1118 	res ^= res >> 32;
1119 	op->val = res & 1;	/*prtyd */
1120 }
1121 
trap_compare(long v1,long v2)1122 static nokprobe_inline int trap_compare(long v1, long v2)
1123 {
1124 	int ret = 0;
1125 
1126 	if (v1 < v2)
1127 		ret |= 0x10;
1128 	else if (v1 > v2)
1129 		ret |= 0x08;
1130 	else
1131 		ret |= 0x04;
1132 	if ((unsigned long)v1 < (unsigned long)v2)
1133 		ret |= 0x02;
1134 	else if ((unsigned long)v1 > (unsigned long)v2)
1135 		ret |= 0x01;
1136 	return ret;
1137 }
1138 
1139 /*
1140  * Elements of 32-bit rotate and mask instructions.
1141  */
1142 #define MASK32(mb, me)	((0xffffffffUL >> (mb)) + \
1143 			 ((signed long)-0x80000000L >> (me)) + ((me) >= (mb)))
1144 #ifdef __powerpc64__
1145 #define MASK64_L(mb)	(~0UL >> (mb))
1146 #define MASK64_R(me)	((signed long)-0x8000000000000000L >> (me))
1147 #define MASK64(mb, me)	(MASK64_L(mb) + MASK64_R(me) + ((me) >= (mb)))
1148 #define DATA32(x)	(((x) & 0xffffffffUL) | (((x) & 0xffffffffUL) << 32))
1149 #else
1150 #define DATA32(x)	(x)
1151 #endif
1152 #define ROTATE(x, n)	((n) ? (((x) << (n)) | ((x) >> (8 * sizeof(long) - (n)))) : (x))
1153 
1154 /*
1155  * Decode an instruction, and return information about it in *op
1156  * without changing *regs.
1157  * Integer arithmetic and logical instructions, branches, and barrier
1158  * instructions can be emulated just using the information in *op.
1159  *
1160  * Return value is 1 if the instruction can be emulated just by
1161  * updating *regs with the information in *op, -1 if we need the
1162  * GPRs but *regs doesn't contain the full register set, or 0
1163  * otherwise.
1164  */
analyse_instr(struct instruction_op * op,const struct pt_regs * regs,unsigned int instr)1165 int analyse_instr(struct instruction_op *op, const struct pt_regs *regs,
1166 		  unsigned int instr)
1167 {
1168 	unsigned int opcode, ra, rb, rc, rd, spr, u;
1169 	unsigned long int imm;
1170 	unsigned long int val, val2;
1171 	unsigned int mb, me, sh;
1172 	long ival;
1173 
1174 	op->type = COMPUTE;
1175 
1176 	opcode = instr >> 26;
1177 	switch (opcode) {
1178 	case 16:	/* bc */
1179 		op->type = BRANCH;
1180 		imm = (signed short)(instr & 0xfffc);
1181 		if ((instr & 2) == 0)
1182 			imm += regs->nip;
1183 		op->val = truncate_if_32bit(regs->msr, imm);
1184 		if (instr & 1)
1185 			op->type |= SETLK;
1186 		if (branch_taken(instr, regs, op))
1187 			op->type |= BRTAKEN;
1188 		return 1;
1189 #ifdef CONFIG_PPC64
1190 	case 17:	/* sc */
1191 		if ((instr & 0xfe2) == 2)
1192 			op->type = SYSCALL;
1193 		else
1194 			op->type = UNKNOWN;
1195 		return 0;
1196 #endif
1197 	case 18:	/* b */
1198 		op->type = BRANCH | BRTAKEN;
1199 		imm = instr & 0x03fffffc;
1200 		if (imm & 0x02000000)
1201 			imm -= 0x04000000;
1202 		if ((instr & 2) == 0)
1203 			imm += regs->nip;
1204 		op->val = truncate_if_32bit(regs->msr, imm);
1205 		if (instr & 1)
1206 			op->type |= SETLK;
1207 		return 1;
1208 	case 19:
1209 		switch ((instr >> 1) & 0x3ff) {
1210 		case 0:		/* mcrf */
1211 			op->type = COMPUTE + SETCC;
1212 			rd = 7 - ((instr >> 23) & 0x7);
1213 			ra = 7 - ((instr >> 18) & 0x7);
1214 			rd *= 4;
1215 			ra *= 4;
1216 			val = (regs->ccr >> ra) & 0xf;
1217 			op->ccval = (regs->ccr & ~(0xfUL << rd)) | (val << rd);
1218 			return 1;
1219 
1220 		case 16:	/* bclr */
1221 		case 528:	/* bcctr */
1222 			op->type = BRANCH;
1223 			imm = (instr & 0x400)? regs->ctr: regs->link;
1224 			op->val = truncate_if_32bit(regs->msr, imm);
1225 			if (instr & 1)
1226 				op->type |= SETLK;
1227 			if (branch_taken(instr, regs, op))
1228 				op->type |= BRTAKEN;
1229 			return 1;
1230 
1231 		case 18:	/* rfid, scary */
1232 			if (regs->msr & MSR_PR)
1233 				goto priv;
1234 			op->type = RFI;
1235 			return 0;
1236 
1237 		case 150:	/* isync */
1238 			op->type = BARRIER | BARRIER_ISYNC;
1239 			return 1;
1240 
1241 		case 33:	/* crnor */
1242 		case 129:	/* crandc */
1243 		case 193:	/* crxor */
1244 		case 225:	/* crnand */
1245 		case 257:	/* crand */
1246 		case 289:	/* creqv */
1247 		case 417:	/* crorc */
1248 		case 449:	/* cror */
1249 			op->type = COMPUTE + SETCC;
1250 			ra = (instr >> 16) & 0x1f;
1251 			rb = (instr >> 11) & 0x1f;
1252 			rd = (instr >> 21) & 0x1f;
1253 			ra = (regs->ccr >> (31 - ra)) & 1;
1254 			rb = (regs->ccr >> (31 - rb)) & 1;
1255 			val = (instr >> (6 + ra * 2 + rb)) & 1;
1256 			op->ccval = (regs->ccr & ~(1UL << (31 - rd))) |
1257 				(val << (31 - rd));
1258 			return 1;
1259 		}
1260 		break;
1261 	case 31:
1262 		switch ((instr >> 1) & 0x3ff) {
1263 		case 598:	/* sync */
1264 			op->type = BARRIER + BARRIER_SYNC;
1265 #ifdef __powerpc64__
1266 			switch ((instr >> 21) & 3) {
1267 			case 1:		/* lwsync */
1268 				op->type = BARRIER + BARRIER_LWSYNC;
1269 				break;
1270 			case 2:		/* ptesync */
1271 				op->type = BARRIER + BARRIER_PTESYNC;
1272 				break;
1273 			}
1274 #endif
1275 			return 1;
1276 
1277 		case 854:	/* eieio */
1278 			op->type = BARRIER + BARRIER_EIEIO;
1279 			return 1;
1280 		}
1281 		break;
1282 	}
1283 
1284 	/* Following cases refer to regs->gpr[], so we need all regs */
1285 	if (!FULL_REGS(regs))
1286 		return -1;
1287 
1288 	rd = (instr >> 21) & 0x1f;
1289 	ra = (instr >> 16) & 0x1f;
1290 	rb = (instr >> 11) & 0x1f;
1291 	rc = (instr >> 6) & 0x1f;
1292 
1293 	switch (opcode) {
1294 #ifdef __powerpc64__
1295 	case 2:		/* tdi */
1296 		if (rd & trap_compare(regs->gpr[ra], (short) instr))
1297 			goto trap;
1298 		return 1;
1299 #endif
1300 	case 3:		/* twi */
1301 		if (rd & trap_compare((int)regs->gpr[ra], (short) instr))
1302 			goto trap;
1303 		return 1;
1304 
1305 #ifdef __powerpc64__
1306 	case 4:
1307 		if (!cpu_has_feature(CPU_FTR_ARCH_300))
1308 			return -1;
1309 
1310 		switch (instr & 0x3f) {
1311 		case 48:	/* maddhd */
1312 			asm volatile(PPC_MADDHD(%0, %1, %2, %3) :
1313 				     "=r" (op->val) : "r" (regs->gpr[ra]),
1314 				     "r" (regs->gpr[rb]), "r" (regs->gpr[rc]));
1315 			goto compute_done;
1316 
1317 		case 49:	/* maddhdu */
1318 			asm volatile(PPC_MADDHDU(%0, %1, %2, %3) :
1319 				     "=r" (op->val) : "r" (regs->gpr[ra]),
1320 				     "r" (regs->gpr[rb]), "r" (regs->gpr[rc]));
1321 			goto compute_done;
1322 
1323 		case 51:	/* maddld */
1324 			asm volatile(PPC_MADDLD(%0, %1, %2, %3) :
1325 				     "=r" (op->val) : "r" (regs->gpr[ra]),
1326 				     "r" (regs->gpr[rb]), "r" (regs->gpr[rc]));
1327 			goto compute_done;
1328 		}
1329 
1330 		/*
1331 		 * There are other instructions from ISA 3.0 with the same
1332 		 * primary opcode which do not have emulation support yet.
1333 		 */
1334 		return -1;
1335 #endif
1336 
1337 	case 7:		/* mulli */
1338 		op->val = regs->gpr[ra] * (short) instr;
1339 		goto compute_done;
1340 
1341 	case 8:		/* subfic */
1342 		imm = (short) instr;
1343 		add_with_carry(regs, op, rd, ~regs->gpr[ra], imm, 1);
1344 		return 1;
1345 
1346 	case 10:	/* cmpli */
1347 		imm = (unsigned short) instr;
1348 		val = regs->gpr[ra];
1349 #ifdef __powerpc64__
1350 		if ((rd & 1) == 0)
1351 			val = (unsigned int) val;
1352 #endif
1353 		do_cmp_unsigned(regs, op, val, imm, rd >> 2);
1354 		return 1;
1355 
1356 	case 11:	/* cmpi */
1357 		imm = (short) instr;
1358 		val = regs->gpr[ra];
1359 #ifdef __powerpc64__
1360 		if ((rd & 1) == 0)
1361 			val = (int) val;
1362 #endif
1363 		do_cmp_signed(regs, op, val, imm, rd >> 2);
1364 		return 1;
1365 
1366 	case 12:	/* addic */
1367 		imm = (short) instr;
1368 		add_with_carry(regs, op, rd, regs->gpr[ra], imm, 0);
1369 		return 1;
1370 
1371 	case 13:	/* addic. */
1372 		imm = (short) instr;
1373 		add_with_carry(regs, op, rd, regs->gpr[ra], imm, 0);
1374 		set_cr0(regs, op);
1375 		return 1;
1376 
1377 	case 14:	/* addi */
1378 		imm = (short) instr;
1379 		if (ra)
1380 			imm += regs->gpr[ra];
1381 		op->val = imm;
1382 		goto compute_done;
1383 
1384 	case 15:	/* addis */
1385 		imm = ((short) instr) << 16;
1386 		if (ra)
1387 			imm += regs->gpr[ra];
1388 		op->val = imm;
1389 		goto compute_done;
1390 
1391 	case 19:
1392 		if (((instr >> 1) & 0x1f) == 2) {
1393 			/* addpcis */
1394 			imm = (short) (instr & 0xffc1);	/* d0 + d2 fields */
1395 			imm |= (instr >> 15) & 0x3e;	/* d1 field */
1396 			op->val = regs->nip + (imm << 16) + 4;
1397 			goto compute_done;
1398 		}
1399 		op->type = UNKNOWN;
1400 		return 0;
1401 
1402 	case 20:	/* rlwimi */
1403 		mb = (instr >> 6) & 0x1f;
1404 		me = (instr >> 1) & 0x1f;
1405 		val = DATA32(regs->gpr[rd]);
1406 		imm = MASK32(mb, me);
1407 		op->val = (regs->gpr[ra] & ~imm) | (ROTATE(val, rb) & imm);
1408 		goto logical_done;
1409 
1410 	case 21:	/* rlwinm */
1411 		mb = (instr >> 6) & 0x1f;
1412 		me = (instr >> 1) & 0x1f;
1413 		val = DATA32(regs->gpr[rd]);
1414 		op->val = ROTATE(val, rb) & MASK32(mb, me);
1415 		goto logical_done;
1416 
1417 	case 23:	/* rlwnm */
1418 		mb = (instr >> 6) & 0x1f;
1419 		me = (instr >> 1) & 0x1f;
1420 		rb = regs->gpr[rb] & 0x1f;
1421 		val = DATA32(regs->gpr[rd]);
1422 		op->val = ROTATE(val, rb) & MASK32(mb, me);
1423 		goto logical_done;
1424 
1425 	case 24:	/* ori */
1426 		op->val = regs->gpr[rd] | (unsigned short) instr;
1427 		goto logical_done_nocc;
1428 
1429 	case 25:	/* oris */
1430 		imm = (unsigned short) instr;
1431 		op->val = regs->gpr[rd] | (imm << 16);
1432 		goto logical_done_nocc;
1433 
1434 	case 26:	/* xori */
1435 		op->val = regs->gpr[rd] ^ (unsigned short) instr;
1436 		goto logical_done_nocc;
1437 
1438 	case 27:	/* xoris */
1439 		imm = (unsigned short) instr;
1440 		op->val = regs->gpr[rd] ^ (imm << 16);
1441 		goto logical_done_nocc;
1442 
1443 	case 28:	/* andi. */
1444 		op->val = regs->gpr[rd] & (unsigned short) instr;
1445 		set_cr0(regs, op);
1446 		goto logical_done_nocc;
1447 
1448 	case 29:	/* andis. */
1449 		imm = (unsigned short) instr;
1450 		op->val = regs->gpr[rd] & (imm << 16);
1451 		set_cr0(regs, op);
1452 		goto logical_done_nocc;
1453 
1454 #ifdef __powerpc64__
1455 	case 30:	/* rld* */
1456 		mb = ((instr >> 6) & 0x1f) | (instr & 0x20);
1457 		val = regs->gpr[rd];
1458 		if ((instr & 0x10) == 0) {
1459 			sh = rb | ((instr & 2) << 4);
1460 			val = ROTATE(val, sh);
1461 			switch ((instr >> 2) & 3) {
1462 			case 0:		/* rldicl */
1463 				val &= MASK64_L(mb);
1464 				break;
1465 			case 1:		/* rldicr */
1466 				val &= MASK64_R(mb);
1467 				break;
1468 			case 2:		/* rldic */
1469 				val &= MASK64(mb, 63 - sh);
1470 				break;
1471 			case 3:		/* rldimi */
1472 				imm = MASK64(mb, 63 - sh);
1473 				val = (regs->gpr[ra] & ~imm) |
1474 					(val & imm);
1475 			}
1476 			op->val = val;
1477 			goto logical_done;
1478 		} else {
1479 			sh = regs->gpr[rb] & 0x3f;
1480 			val = ROTATE(val, sh);
1481 			switch ((instr >> 1) & 7) {
1482 			case 0:		/* rldcl */
1483 				op->val = val & MASK64_L(mb);
1484 				goto logical_done;
1485 			case 1:		/* rldcr */
1486 				op->val = val & MASK64_R(mb);
1487 				goto logical_done;
1488 			}
1489 		}
1490 #endif
1491 		op->type = UNKNOWN;	/* illegal instruction */
1492 		return 0;
1493 
1494 	case 31:
1495 		/* isel occupies 32 minor opcodes */
1496 		if (((instr >> 1) & 0x1f) == 15) {
1497 			mb = (instr >> 6) & 0x1f; /* bc field */
1498 			val = (regs->ccr >> (31 - mb)) & 1;
1499 			val2 = (ra) ? regs->gpr[ra] : 0;
1500 
1501 			op->val = (val) ? val2 : regs->gpr[rb];
1502 			goto compute_done;
1503 		}
1504 
1505 		switch ((instr >> 1) & 0x3ff) {
1506 		case 4:		/* tw */
1507 			if (rd == 0x1f ||
1508 			    (rd & trap_compare((int)regs->gpr[ra],
1509 					       (int)regs->gpr[rb])))
1510 				goto trap;
1511 			return 1;
1512 #ifdef __powerpc64__
1513 		case 68:	/* td */
1514 			if (rd & trap_compare(regs->gpr[ra], regs->gpr[rb]))
1515 				goto trap;
1516 			return 1;
1517 #endif
1518 		case 83:	/* mfmsr */
1519 			if (regs->msr & MSR_PR)
1520 				goto priv;
1521 			op->type = MFMSR;
1522 			op->reg = rd;
1523 			return 0;
1524 		case 146:	/* mtmsr */
1525 			if (regs->msr & MSR_PR)
1526 				goto priv;
1527 			op->type = MTMSR;
1528 			op->reg = rd;
1529 			op->val = 0xffffffff & ~(MSR_ME | MSR_LE);
1530 			return 0;
1531 #ifdef CONFIG_PPC64
1532 		case 178:	/* mtmsrd */
1533 			if (regs->msr & MSR_PR)
1534 				goto priv;
1535 			op->type = MTMSR;
1536 			op->reg = rd;
1537 			/* only MSR_EE and MSR_RI get changed if bit 15 set */
1538 			/* mtmsrd doesn't change MSR_HV, MSR_ME or MSR_LE */
1539 			imm = (instr & 0x10000)? 0x8002: 0xefffffffffffeffeUL;
1540 			op->val = imm;
1541 			return 0;
1542 #endif
1543 
1544 		case 19:	/* mfcr */
1545 			imm = 0xffffffffUL;
1546 			if ((instr >> 20) & 1) {
1547 				imm = 0xf0000000UL;
1548 				for (sh = 0; sh < 8; ++sh) {
1549 					if (instr & (0x80000 >> sh))
1550 						break;
1551 					imm >>= 4;
1552 				}
1553 			}
1554 			op->val = regs->ccr & imm;
1555 			goto compute_done;
1556 
1557 		case 144:	/* mtcrf */
1558 			op->type = COMPUTE + SETCC;
1559 			imm = 0xf0000000UL;
1560 			val = regs->gpr[rd];
1561 			op->ccval = regs->ccr;
1562 			for (sh = 0; sh < 8; ++sh) {
1563 				if (instr & (0x80000 >> sh))
1564 					op->ccval = (op->ccval & ~imm) |
1565 						(val & imm);
1566 				imm >>= 4;
1567 			}
1568 			return 1;
1569 
1570 		case 339:	/* mfspr */
1571 			spr = ((instr >> 16) & 0x1f) | ((instr >> 6) & 0x3e0);
1572 			op->type = MFSPR;
1573 			op->reg = rd;
1574 			op->spr = spr;
1575 			if (spr == SPRN_XER || spr == SPRN_LR ||
1576 			    spr == SPRN_CTR)
1577 				return 1;
1578 			return 0;
1579 
1580 		case 467:	/* mtspr */
1581 			spr = ((instr >> 16) & 0x1f) | ((instr >> 6) & 0x3e0);
1582 			op->type = MTSPR;
1583 			op->val = regs->gpr[rd];
1584 			op->spr = spr;
1585 			if (spr == SPRN_XER || spr == SPRN_LR ||
1586 			    spr == SPRN_CTR)
1587 				return 1;
1588 			return 0;
1589 
1590 /*
1591  * Compare instructions
1592  */
1593 		case 0:	/* cmp */
1594 			val = regs->gpr[ra];
1595 			val2 = regs->gpr[rb];
1596 #ifdef __powerpc64__
1597 			if ((rd & 1) == 0) {
1598 				/* word (32-bit) compare */
1599 				val = (int) val;
1600 				val2 = (int) val2;
1601 			}
1602 #endif
1603 			do_cmp_signed(regs, op, val, val2, rd >> 2);
1604 			return 1;
1605 
1606 		case 32:	/* cmpl */
1607 			val = regs->gpr[ra];
1608 			val2 = regs->gpr[rb];
1609 #ifdef __powerpc64__
1610 			if ((rd & 1) == 0) {
1611 				/* word (32-bit) compare */
1612 				val = (unsigned int) val;
1613 				val2 = (unsigned int) val2;
1614 			}
1615 #endif
1616 			do_cmp_unsigned(regs, op, val, val2, rd >> 2);
1617 			return 1;
1618 
1619 		case 508: /* cmpb */
1620 			do_cmpb(regs, op, regs->gpr[rd], regs->gpr[rb]);
1621 			goto logical_done_nocc;
1622 
1623 /*
1624  * Arithmetic instructions
1625  */
1626 		case 8:	/* subfc */
1627 			add_with_carry(regs, op, rd, ~regs->gpr[ra],
1628 				       regs->gpr[rb], 1);
1629 			goto arith_done;
1630 #ifdef __powerpc64__
1631 		case 9:	/* mulhdu */
1632 			asm("mulhdu %0,%1,%2" : "=r" (op->val) :
1633 			    "r" (regs->gpr[ra]), "r" (regs->gpr[rb]));
1634 			goto arith_done;
1635 #endif
1636 		case 10:	/* addc */
1637 			add_with_carry(regs, op, rd, regs->gpr[ra],
1638 				       regs->gpr[rb], 0);
1639 			goto arith_done;
1640 
1641 		case 11:	/* mulhwu */
1642 			asm("mulhwu %0,%1,%2" : "=r" (op->val) :
1643 			    "r" (regs->gpr[ra]), "r" (regs->gpr[rb]));
1644 			goto arith_done;
1645 
1646 		case 40:	/* subf */
1647 			op->val = regs->gpr[rb] - regs->gpr[ra];
1648 			goto arith_done;
1649 #ifdef __powerpc64__
1650 		case 73:	/* mulhd */
1651 			asm("mulhd %0,%1,%2" : "=r" (op->val) :
1652 			    "r" (regs->gpr[ra]), "r" (regs->gpr[rb]));
1653 			goto arith_done;
1654 #endif
1655 		case 75:	/* mulhw */
1656 			asm("mulhw %0,%1,%2" : "=r" (op->val) :
1657 			    "r" (regs->gpr[ra]), "r" (regs->gpr[rb]));
1658 			goto arith_done;
1659 
1660 		case 104:	/* neg */
1661 			op->val = -regs->gpr[ra];
1662 			goto arith_done;
1663 
1664 		case 136:	/* subfe */
1665 			add_with_carry(regs, op, rd, ~regs->gpr[ra],
1666 				       regs->gpr[rb], regs->xer & XER_CA);
1667 			goto arith_done;
1668 
1669 		case 138:	/* adde */
1670 			add_with_carry(regs, op, rd, regs->gpr[ra],
1671 				       regs->gpr[rb], regs->xer & XER_CA);
1672 			goto arith_done;
1673 
1674 		case 200:	/* subfze */
1675 			add_with_carry(regs, op, rd, ~regs->gpr[ra], 0L,
1676 				       regs->xer & XER_CA);
1677 			goto arith_done;
1678 
1679 		case 202:	/* addze */
1680 			add_with_carry(regs, op, rd, regs->gpr[ra], 0L,
1681 				       regs->xer & XER_CA);
1682 			goto arith_done;
1683 
1684 		case 232:	/* subfme */
1685 			add_with_carry(regs, op, rd, ~regs->gpr[ra], -1L,
1686 				       regs->xer & XER_CA);
1687 			goto arith_done;
1688 #ifdef __powerpc64__
1689 		case 233:	/* mulld */
1690 			op->val = regs->gpr[ra] * regs->gpr[rb];
1691 			goto arith_done;
1692 #endif
1693 		case 234:	/* addme */
1694 			add_with_carry(regs, op, rd, regs->gpr[ra], -1L,
1695 				       regs->xer & XER_CA);
1696 			goto arith_done;
1697 
1698 		case 235:	/* mullw */
1699 			op->val = (long)(int) regs->gpr[ra] *
1700 				(int) regs->gpr[rb];
1701 
1702 			goto arith_done;
1703 #ifdef __powerpc64__
1704 		case 265:	/* modud */
1705 			if (!cpu_has_feature(CPU_FTR_ARCH_300))
1706 				return -1;
1707 			op->val = regs->gpr[ra] % regs->gpr[rb];
1708 			goto compute_done;
1709 #endif
1710 		case 266:	/* add */
1711 			op->val = regs->gpr[ra] + regs->gpr[rb];
1712 			goto arith_done;
1713 
1714 		case 267:	/* moduw */
1715 			if (!cpu_has_feature(CPU_FTR_ARCH_300))
1716 				return -1;
1717 			op->val = (unsigned int) regs->gpr[ra] %
1718 				(unsigned int) regs->gpr[rb];
1719 			goto compute_done;
1720 #ifdef __powerpc64__
1721 		case 457:	/* divdu */
1722 			op->val = regs->gpr[ra] / regs->gpr[rb];
1723 			goto arith_done;
1724 #endif
1725 		case 459:	/* divwu */
1726 			op->val = (unsigned int) regs->gpr[ra] /
1727 				(unsigned int) regs->gpr[rb];
1728 			goto arith_done;
1729 #ifdef __powerpc64__
1730 		case 489:	/* divd */
1731 			op->val = (long int) regs->gpr[ra] /
1732 				(long int) regs->gpr[rb];
1733 			goto arith_done;
1734 #endif
1735 		case 491:	/* divw */
1736 			op->val = (int) regs->gpr[ra] /
1737 				(int) regs->gpr[rb];
1738 			goto arith_done;
1739 
1740 		case 755:	/* darn */
1741 			if (!cpu_has_feature(CPU_FTR_ARCH_300))
1742 				return -1;
1743 			switch (ra & 0x3) {
1744 			case 0:
1745 				/* 32-bit conditioned */
1746 				asm volatile(PPC_DARN(%0, 0) : "=r" (op->val));
1747 				goto compute_done;
1748 
1749 			case 1:
1750 				/* 64-bit conditioned */
1751 				asm volatile(PPC_DARN(%0, 1) : "=r" (op->val));
1752 				goto compute_done;
1753 
1754 			case 2:
1755 				/* 64-bit raw */
1756 				asm volatile(PPC_DARN(%0, 2) : "=r" (op->val));
1757 				goto compute_done;
1758 			}
1759 
1760 			return -1;
1761 #ifdef __powerpc64__
1762 		case 777:	/* modsd */
1763 			if (!cpu_has_feature(CPU_FTR_ARCH_300))
1764 				return -1;
1765 			op->val = (long int) regs->gpr[ra] %
1766 				(long int) regs->gpr[rb];
1767 			goto compute_done;
1768 #endif
1769 		case 779:	/* modsw */
1770 			if (!cpu_has_feature(CPU_FTR_ARCH_300))
1771 				return -1;
1772 			op->val = (int) regs->gpr[ra] %
1773 				(int) regs->gpr[rb];
1774 			goto compute_done;
1775 
1776 
1777 /*
1778  * Logical instructions
1779  */
1780 		case 26:	/* cntlzw */
1781 			val = (unsigned int) regs->gpr[rd];
1782 			op->val = ( val ? __builtin_clz(val) : 32 );
1783 			goto logical_done;
1784 #ifdef __powerpc64__
1785 		case 58:	/* cntlzd */
1786 			val = regs->gpr[rd];
1787 			op->val = ( val ? __builtin_clzl(val) : 64 );
1788 			goto logical_done;
1789 #endif
1790 		case 28:	/* and */
1791 			op->val = regs->gpr[rd] & regs->gpr[rb];
1792 			goto logical_done;
1793 
1794 		case 60:	/* andc */
1795 			op->val = regs->gpr[rd] & ~regs->gpr[rb];
1796 			goto logical_done;
1797 
1798 		case 122:	/* popcntb */
1799 			do_popcnt(regs, op, regs->gpr[rd], 8);
1800 			goto logical_done_nocc;
1801 
1802 		case 124:	/* nor */
1803 			op->val = ~(regs->gpr[rd] | regs->gpr[rb]);
1804 			goto logical_done;
1805 
1806 		case 154:	/* prtyw */
1807 			do_prty(regs, op, regs->gpr[rd], 32);
1808 			goto logical_done_nocc;
1809 
1810 		case 186:	/* prtyd */
1811 			do_prty(regs, op, regs->gpr[rd], 64);
1812 			goto logical_done_nocc;
1813 #ifdef CONFIG_PPC64
1814 		case 252:	/* bpermd */
1815 			do_bpermd(regs, op, regs->gpr[rd], regs->gpr[rb]);
1816 			goto logical_done_nocc;
1817 #endif
1818 		case 284:	/* xor */
1819 			op->val = ~(regs->gpr[rd] ^ regs->gpr[rb]);
1820 			goto logical_done;
1821 
1822 		case 316:	/* xor */
1823 			op->val = regs->gpr[rd] ^ regs->gpr[rb];
1824 			goto logical_done;
1825 
1826 		case 378:	/* popcntw */
1827 			do_popcnt(regs, op, regs->gpr[rd], 32);
1828 			goto logical_done_nocc;
1829 
1830 		case 412:	/* orc */
1831 			op->val = regs->gpr[rd] | ~regs->gpr[rb];
1832 			goto logical_done;
1833 
1834 		case 444:	/* or */
1835 			op->val = regs->gpr[rd] | regs->gpr[rb];
1836 			goto logical_done;
1837 
1838 		case 476:	/* nand */
1839 			op->val = ~(regs->gpr[rd] & regs->gpr[rb]);
1840 			goto logical_done;
1841 #ifdef CONFIG_PPC64
1842 		case 506:	/* popcntd */
1843 			do_popcnt(regs, op, regs->gpr[rd], 64);
1844 			goto logical_done_nocc;
1845 #endif
1846 		case 538:	/* cnttzw */
1847 			if (!cpu_has_feature(CPU_FTR_ARCH_300))
1848 				return -1;
1849 			val = (unsigned int) regs->gpr[rd];
1850 			op->val = (val ? __builtin_ctz(val) : 32);
1851 			goto logical_done;
1852 #ifdef __powerpc64__
1853 		case 570:	/* cnttzd */
1854 			if (!cpu_has_feature(CPU_FTR_ARCH_300))
1855 				return -1;
1856 			val = regs->gpr[rd];
1857 			op->val = (val ? __builtin_ctzl(val) : 64);
1858 			goto logical_done;
1859 #endif
1860 		case 922:	/* extsh */
1861 			op->val = (signed short) regs->gpr[rd];
1862 			goto logical_done;
1863 
1864 		case 954:	/* extsb */
1865 			op->val = (signed char) regs->gpr[rd];
1866 			goto logical_done;
1867 #ifdef __powerpc64__
1868 		case 986:	/* extsw */
1869 			op->val = (signed int) regs->gpr[rd];
1870 			goto logical_done;
1871 #endif
1872 
1873 /*
1874  * Shift instructions
1875  */
1876 		case 24:	/* slw */
1877 			sh = regs->gpr[rb] & 0x3f;
1878 			if (sh < 32)
1879 				op->val = (regs->gpr[rd] << sh) & 0xffffffffUL;
1880 			else
1881 				op->val = 0;
1882 			goto logical_done;
1883 
1884 		case 536:	/* srw */
1885 			sh = regs->gpr[rb] & 0x3f;
1886 			if (sh < 32)
1887 				op->val = (regs->gpr[rd] & 0xffffffffUL) >> sh;
1888 			else
1889 				op->val = 0;
1890 			goto logical_done;
1891 
1892 		case 792:	/* sraw */
1893 			op->type = COMPUTE + SETREG + SETXER;
1894 			sh = regs->gpr[rb] & 0x3f;
1895 			ival = (signed int) regs->gpr[rd];
1896 			op->val = ival >> (sh < 32 ? sh : 31);
1897 			op->xerval = regs->xer;
1898 			if (ival < 0 && (sh >= 32 || (ival & ((1ul << sh) - 1)) != 0))
1899 				op->xerval |= XER_CA;
1900 			else
1901 				op->xerval &= ~XER_CA;
1902 			set_ca32(op, op->xerval & XER_CA);
1903 			goto logical_done;
1904 
1905 		case 824:	/* srawi */
1906 			op->type = COMPUTE + SETREG + SETXER;
1907 			sh = rb;
1908 			ival = (signed int) regs->gpr[rd];
1909 			op->val = ival >> sh;
1910 			op->xerval = regs->xer;
1911 			if (ival < 0 && (ival & ((1ul << sh) - 1)) != 0)
1912 				op->xerval |= XER_CA;
1913 			else
1914 				op->xerval &= ~XER_CA;
1915 			set_ca32(op, op->xerval & XER_CA);
1916 			goto logical_done;
1917 
1918 #ifdef __powerpc64__
1919 		case 27:	/* sld */
1920 			sh = regs->gpr[rb] & 0x7f;
1921 			if (sh < 64)
1922 				op->val = regs->gpr[rd] << sh;
1923 			else
1924 				op->val = 0;
1925 			goto logical_done;
1926 
1927 		case 539:	/* srd */
1928 			sh = regs->gpr[rb] & 0x7f;
1929 			if (sh < 64)
1930 				op->val = regs->gpr[rd] >> sh;
1931 			else
1932 				op->val = 0;
1933 			goto logical_done;
1934 
1935 		case 794:	/* srad */
1936 			op->type = COMPUTE + SETREG + SETXER;
1937 			sh = regs->gpr[rb] & 0x7f;
1938 			ival = (signed long int) regs->gpr[rd];
1939 			op->val = ival >> (sh < 64 ? sh : 63);
1940 			op->xerval = regs->xer;
1941 			if (ival < 0 && (sh >= 64 || (ival & ((1ul << sh) - 1)) != 0))
1942 				op->xerval |= XER_CA;
1943 			else
1944 				op->xerval &= ~XER_CA;
1945 			set_ca32(op, op->xerval & XER_CA);
1946 			goto logical_done;
1947 
1948 		case 826:	/* sradi with sh_5 = 0 */
1949 		case 827:	/* sradi with sh_5 = 1 */
1950 			op->type = COMPUTE + SETREG + SETXER;
1951 			sh = rb | ((instr & 2) << 4);
1952 			ival = (signed long int) regs->gpr[rd];
1953 			op->val = ival >> sh;
1954 			op->xerval = regs->xer;
1955 			if (ival < 0 && (ival & ((1ul << sh) - 1)) != 0)
1956 				op->xerval |= XER_CA;
1957 			else
1958 				op->xerval &= ~XER_CA;
1959 			set_ca32(op, op->xerval & XER_CA);
1960 			goto logical_done;
1961 
1962 		case 890:	/* extswsli with sh_5 = 0 */
1963 		case 891:	/* extswsli with sh_5 = 1 */
1964 			if (!cpu_has_feature(CPU_FTR_ARCH_300))
1965 				return -1;
1966 			op->type = COMPUTE + SETREG;
1967 			sh = rb | ((instr & 2) << 4);
1968 			val = (signed int) regs->gpr[rd];
1969 			if (sh)
1970 				op->val = ROTATE(val, sh) & MASK64(0, 63 - sh);
1971 			else
1972 				op->val = val;
1973 			goto logical_done;
1974 
1975 #endif /* __powerpc64__ */
1976 
1977 /*
1978  * Cache instructions
1979  */
1980 		case 54:	/* dcbst */
1981 			op->type = MKOP(CACHEOP, DCBST, 0);
1982 			op->ea = xform_ea(instr, regs);
1983 			return 0;
1984 
1985 		case 86:	/* dcbf */
1986 			op->type = MKOP(CACHEOP, DCBF, 0);
1987 			op->ea = xform_ea(instr, regs);
1988 			return 0;
1989 
1990 		case 246:	/* dcbtst */
1991 			op->type = MKOP(CACHEOP, DCBTST, 0);
1992 			op->ea = xform_ea(instr, regs);
1993 			op->reg = rd;
1994 			return 0;
1995 
1996 		case 278:	/* dcbt */
1997 			op->type = MKOP(CACHEOP, DCBTST, 0);
1998 			op->ea = xform_ea(instr, regs);
1999 			op->reg = rd;
2000 			return 0;
2001 
2002 		case 982:	/* icbi */
2003 			op->type = MKOP(CACHEOP, ICBI, 0);
2004 			op->ea = xform_ea(instr, regs);
2005 			return 0;
2006 
2007 		case 1014:	/* dcbz */
2008 			op->type = MKOP(CACHEOP, DCBZ, 0);
2009 			op->ea = xform_ea(instr, regs);
2010 			return 0;
2011 		}
2012 		break;
2013 	}
2014 
2015 /*
2016  * Loads and stores.
2017  */
2018 	op->type = UNKNOWN;
2019 	op->update_reg = ra;
2020 	op->reg = rd;
2021 	op->val = regs->gpr[rd];
2022 	u = (instr >> 20) & UPDATE;
2023 	op->vsx_flags = 0;
2024 
2025 	switch (opcode) {
2026 	case 31:
2027 		u = instr & UPDATE;
2028 		op->ea = xform_ea(instr, regs);
2029 		switch ((instr >> 1) & 0x3ff) {
2030 		case 20:	/* lwarx */
2031 			op->type = MKOP(LARX, 0, 4);
2032 			break;
2033 
2034 		case 150:	/* stwcx. */
2035 			op->type = MKOP(STCX, 0, 4);
2036 			break;
2037 
2038 #ifdef __powerpc64__
2039 		case 84:	/* ldarx */
2040 			op->type = MKOP(LARX, 0, 8);
2041 			break;
2042 
2043 		case 214:	/* stdcx. */
2044 			op->type = MKOP(STCX, 0, 8);
2045 			break;
2046 
2047 		case 52:	/* lbarx */
2048 			op->type = MKOP(LARX, 0, 1);
2049 			break;
2050 
2051 		case 694:	/* stbcx. */
2052 			op->type = MKOP(STCX, 0, 1);
2053 			break;
2054 
2055 		case 116:	/* lharx */
2056 			op->type = MKOP(LARX, 0, 2);
2057 			break;
2058 
2059 		case 726:	/* sthcx. */
2060 			op->type = MKOP(STCX, 0, 2);
2061 			break;
2062 
2063 		case 276:	/* lqarx */
2064 			if (!((rd & 1) || rd == ra || rd == rb))
2065 				op->type = MKOP(LARX, 0, 16);
2066 			break;
2067 
2068 		case 182:	/* stqcx. */
2069 			if (!(rd & 1))
2070 				op->type = MKOP(STCX, 0, 16);
2071 			break;
2072 #endif
2073 
2074 		case 23:	/* lwzx */
2075 		case 55:	/* lwzux */
2076 			op->type = MKOP(LOAD, u, 4);
2077 			break;
2078 
2079 		case 87:	/* lbzx */
2080 		case 119:	/* lbzux */
2081 			op->type = MKOP(LOAD, u, 1);
2082 			break;
2083 
2084 #ifdef CONFIG_ALTIVEC
2085 		/*
2086 		 * Note: for the load/store vector element instructions,
2087 		 * bits of the EA say which field of the VMX register to use.
2088 		 */
2089 		case 7:		/* lvebx */
2090 			op->type = MKOP(LOAD_VMX, 0, 1);
2091 			op->element_size = 1;
2092 			break;
2093 
2094 		case 39:	/* lvehx */
2095 			op->type = MKOP(LOAD_VMX, 0, 2);
2096 			op->element_size = 2;
2097 			break;
2098 
2099 		case 71:	/* lvewx */
2100 			op->type = MKOP(LOAD_VMX, 0, 4);
2101 			op->element_size = 4;
2102 			break;
2103 
2104 		case 103:	/* lvx */
2105 		case 359:	/* lvxl */
2106 			op->type = MKOP(LOAD_VMX, 0, 16);
2107 			op->element_size = 16;
2108 			break;
2109 
2110 		case 135:	/* stvebx */
2111 			op->type = MKOP(STORE_VMX, 0, 1);
2112 			op->element_size = 1;
2113 			break;
2114 
2115 		case 167:	/* stvehx */
2116 			op->type = MKOP(STORE_VMX, 0, 2);
2117 			op->element_size = 2;
2118 			break;
2119 
2120 		case 199:	/* stvewx */
2121 			op->type = MKOP(STORE_VMX, 0, 4);
2122 			op->element_size = 4;
2123 			break;
2124 
2125 		case 231:	/* stvx */
2126 		case 487:	/* stvxl */
2127 			op->type = MKOP(STORE_VMX, 0, 16);
2128 			break;
2129 #endif /* CONFIG_ALTIVEC */
2130 
2131 #ifdef __powerpc64__
2132 		case 21:	/* ldx */
2133 		case 53:	/* ldux */
2134 			op->type = MKOP(LOAD, u, 8);
2135 			break;
2136 
2137 		case 149:	/* stdx */
2138 		case 181:	/* stdux */
2139 			op->type = MKOP(STORE, u, 8);
2140 			break;
2141 #endif
2142 
2143 		case 151:	/* stwx */
2144 		case 183:	/* stwux */
2145 			op->type = MKOP(STORE, u, 4);
2146 			break;
2147 
2148 		case 215:	/* stbx */
2149 		case 247:	/* stbux */
2150 			op->type = MKOP(STORE, u, 1);
2151 			break;
2152 
2153 		case 279:	/* lhzx */
2154 		case 311:	/* lhzux */
2155 			op->type = MKOP(LOAD, u, 2);
2156 			break;
2157 
2158 #ifdef __powerpc64__
2159 		case 341:	/* lwax */
2160 		case 373:	/* lwaux */
2161 			op->type = MKOP(LOAD, SIGNEXT | u, 4);
2162 			break;
2163 #endif
2164 
2165 		case 343:	/* lhax */
2166 		case 375:	/* lhaux */
2167 			op->type = MKOP(LOAD, SIGNEXT | u, 2);
2168 			break;
2169 
2170 		case 407:	/* sthx */
2171 		case 439:	/* sthux */
2172 			op->type = MKOP(STORE, u, 2);
2173 			break;
2174 
2175 #ifdef __powerpc64__
2176 		case 532:	/* ldbrx */
2177 			op->type = MKOP(LOAD, BYTEREV, 8);
2178 			break;
2179 
2180 #endif
2181 		case 533:	/* lswx */
2182 			op->type = MKOP(LOAD_MULTI, 0, regs->xer & 0x7f);
2183 			break;
2184 
2185 		case 534:	/* lwbrx */
2186 			op->type = MKOP(LOAD, BYTEREV, 4);
2187 			break;
2188 
2189 		case 597:	/* lswi */
2190 			if (rb == 0)
2191 				rb = 32;	/* # bytes to load */
2192 			op->type = MKOP(LOAD_MULTI, 0, rb);
2193 			op->ea = ra ? regs->gpr[ra] : 0;
2194 			break;
2195 
2196 #ifdef CONFIG_PPC_FPU
2197 		case 535:	/* lfsx */
2198 		case 567:	/* lfsux */
2199 			op->type = MKOP(LOAD_FP, u | FPCONV, 4);
2200 			break;
2201 
2202 		case 599:	/* lfdx */
2203 		case 631:	/* lfdux */
2204 			op->type = MKOP(LOAD_FP, u, 8);
2205 			break;
2206 
2207 		case 663:	/* stfsx */
2208 		case 695:	/* stfsux */
2209 			op->type = MKOP(STORE_FP, u | FPCONV, 4);
2210 			break;
2211 
2212 		case 727:	/* stfdx */
2213 		case 759:	/* stfdux */
2214 			op->type = MKOP(STORE_FP, u, 8);
2215 			break;
2216 
2217 #ifdef __powerpc64__
2218 		case 791:	/* lfdpx */
2219 			op->type = MKOP(LOAD_FP, 0, 16);
2220 			break;
2221 
2222 		case 855:	/* lfiwax */
2223 			op->type = MKOP(LOAD_FP, SIGNEXT, 4);
2224 			break;
2225 
2226 		case 887:	/* lfiwzx */
2227 			op->type = MKOP(LOAD_FP, 0, 4);
2228 			break;
2229 
2230 		case 919:	/* stfdpx */
2231 			op->type = MKOP(STORE_FP, 0, 16);
2232 			break;
2233 
2234 		case 983:	/* stfiwx */
2235 			op->type = MKOP(STORE_FP, 0, 4);
2236 			break;
2237 #endif /* __powerpc64 */
2238 #endif /* CONFIG_PPC_FPU */
2239 
2240 #ifdef __powerpc64__
2241 		case 660:	/* stdbrx */
2242 			op->type = MKOP(STORE, BYTEREV, 8);
2243 			op->val = byterev_8(regs->gpr[rd]);
2244 			break;
2245 
2246 #endif
2247 		case 661:	/* stswx */
2248 			op->type = MKOP(STORE_MULTI, 0, regs->xer & 0x7f);
2249 			break;
2250 
2251 		case 662:	/* stwbrx */
2252 			op->type = MKOP(STORE, BYTEREV, 4);
2253 			op->val = byterev_4(regs->gpr[rd]);
2254 			break;
2255 
2256 		case 725:	/* stswi */
2257 			if (rb == 0)
2258 				rb = 32;	/* # bytes to store */
2259 			op->type = MKOP(STORE_MULTI, 0, rb);
2260 			op->ea = ra ? regs->gpr[ra] : 0;
2261 			break;
2262 
2263 		case 790:	/* lhbrx */
2264 			op->type = MKOP(LOAD, BYTEREV, 2);
2265 			break;
2266 
2267 		case 918:	/* sthbrx */
2268 			op->type = MKOP(STORE, BYTEREV, 2);
2269 			op->val = byterev_2(regs->gpr[rd]);
2270 			break;
2271 
2272 #ifdef CONFIG_VSX
2273 		case 12:	/* lxsiwzx */
2274 			op->reg = rd | ((instr & 1) << 5);
2275 			op->type = MKOP(LOAD_VSX, 0, 4);
2276 			op->element_size = 8;
2277 			break;
2278 
2279 		case 76:	/* lxsiwax */
2280 			op->reg = rd | ((instr & 1) << 5);
2281 			op->type = MKOP(LOAD_VSX, SIGNEXT, 4);
2282 			op->element_size = 8;
2283 			break;
2284 
2285 		case 140:	/* stxsiwx */
2286 			op->reg = rd | ((instr & 1) << 5);
2287 			op->type = MKOP(STORE_VSX, 0, 4);
2288 			op->element_size = 8;
2289 			break;
2290 
2291 		case 268:	/* lxvx */
2292 			op->reg = rd | ((instr & 1) << 5);
2293 			op->type = MKOP(LOAD_VSX, 0, 16);
2294 			op->element_size = 16;
2295 			op->vsx_flags = VSX_CHECK_VEC;
2296 			break;
2297 
2298 		case 269:	/* lxvl */
2299 		case 301: {	/* lxvll */
2300 			int nb;
2301 			op->reg = rd | ((instr & 1) << 5);
2302 			op->ea = ra ? regs->gpr[ra] : 0;
2303 			nb = regs->gpr[rb] & 0xff;
2304 			if (nb > 16)
2305 				nb = 16;
2306 			op->type = MKOP(LOAD_VSX, 0, nb);
2307 			op->element_size = 16;
2308 			op->vsx_flags = ((instr & 0x20) ? VSX_LDLEFT : 0) |
2309 				VSX_CHECK_VEC;
2310 			break;
2311 		}
2312 		case 332:	/* lxvdsx */
2313 			op->reg = rd | ((instr & 1) << 5);
2314 			op->type = MKOP(LOAD_VSX, 0, 8);
2315 			op->element_size = 8;
2316 			op->vsx_flags = VSX_SPLAT;
2317 			break;
2318 
2319 		case 364:	/* lxvwsx */
2320 			op->reg = rd | ((instr & 1) << 5);
2321 			op->type = MKOP(LOAD_VSX, 0, 4);
2322 			op->element_size = 4;
2323 			op->vsx_flags = VSX_SPLAT | VSX_CHECK_VEC;
2324 			break;
2325 
2326 		case 396:	/* stxvx */
2327 			op->reg = rd | ((instr & 1) << 5);
2328 			op->type = MKOP(STORE_VSX, 0, 16);
2329 			op->element_size = 16;
2330 			op->vsx_flags = VSX_CHECK_VEC;
2331 			break;
2332 
2333 		case 397:	/* stxvl */
2334 		case 429: {	/* stxvll */
2335 			int nb;
2336 			op->reg = rd | ((instr & 1) << 5);
2337 			op->ea = ra ? regs->gpr[ra] : 0;
2338 			nb = regs->gpr[rb] & 0xff;
2339 			if (nb > 16)
2340 				nb = 16;
2341 			op->type = MKOP(STORE_VSX, 0, nb);
2342 			op->element_size = 16;
2343 			op->vsx_flags = ((instr & 0x20) ? VSX_LDLEFT : 0) |
2344 				VSX_CHECK_VEC;
2345 			break;
2346 		}
2347 		case 524:	/* lxsspx */
2348 			op->reg = rd | ((instr & 1) << 5);
2349 			op->type = MKOP(LOAD_VSX, 0, 4);
2350 			op->element_size = 8;
2351 			op->vsx_flags = VSX_FPCONV;
2352 			break;
2353 
2354 		case 588:	/* lxsdx */
2355 			op->reg = rd | ((instr & 1) << 5);
2356 			op->type = MKOP(LOAD_VSX, 0, 8);
2357 			op->element_size = 8;
2358 			break;
2359 
2360 		case 652:	/* stxsspx */
2361 			op->reg = rd | ((instr & 1) << 5);
2362 			op->type = MKOP(STORE_VSX, 0, 4);
2363 			op->element_size = 8;
2364 			op->vsx_flags = VSX_FPCONV;
2365 			break;
2366 
2367 		case 716:	/* stxsdx */
2368 			op->reg = rd | ((instr & 1) << 5);
2369 			op->type = MKOP(STORE_VSX, 0, 8);
2370 			op->element_size = 8;
2371 			break;
2372 
2373 		case 780:	/* lxvw4x */
2374 			op->reg = rd | ((instr & 1) << 5);
2375 			op->type = MKOP(LOAD_VSX, 0, 16);
2376 			op->element_size = 4;
2377 			break;
2378 
2379 		case 781:	/* lxsibzx */
2380 			op->reg = rd | ((instr & 1) << 5);
2381 			op->type = MKOP(LOAD_VSX, 0, 1);
2382 			op->element_size = 8;
2383 			op->vsx_flags = VSX_CHECK_VEC;
2384 			break;
2385 
2386 		case 812:	/* lxvh8x */
2387 			op->reg = rd | ((instr & 1) << 5);
2388 			op->type = MKOP(LOAD_VSX, 0, 16);
2389 			op->element_size = 2;
2390 			op->vsx_flags = VSX_CHECK_VEC;
2391 			break;
2392 
2393 		case 813:	/* lxsihzx */
2394 			op->reg = rd | ((instr & 1) << 5);
2395 			op->type = MKOP(LOAD_VSX, 0, 2);
2396 			op->element_size = 8;
2397 			op->vsx_flags = VSX_CHECK_VEC;
2398 			break;
2399 
2400 		case 844:	/* lxvd2x */
2401 			op->reg = rd | ((instr & 1) << 5);
2402 			op->type = MKOP(LOAD_VSX, 0, 16);
2403 			op->element_size = 8;
2404 			break;
2405 
2406 		case 876:	/* lxvb16x */
2407 			op->reg = rd | ((instr & 1) << 5);
2408 			op->type = MKOP(LOAD_VSX, 0, 16);
2409 			op->element_size = 1;
2410 			op->vsx_flags = VSX_CHECK_VEC;
2411 			break;
2412 
2413 		case 908:	/* stxvw4x */
2414 			op->reg = rd | ((instr & 1) << 5);
2415 			op->type = MKOP(STORE_VSX, 0, 16);
2416 			op->element_size = 4;
2417 			break;
2418 
2419 		case 909:	/* stxsibx */
2420 			op->reg = rd | ((instr & 1) << 5);
2421 			op->type = MKOP(STORE_VSX, 0, 1);
2422 			op->element_size = 8;
2423 			op->vsx_flags = VSX_CHECK_VEC;
2424 			break;
2425 
2426 		case 940:	/* stxvh8x */
2427 			op->reg = rd | ((instr & 1) << 5);
2428 			op->type = MKOP(STORE_VSX, 0, 16);
2429 			op->element_size = 2;
2430 			op->vsx_flags = VSX_CHECK_VEC;
2431 			break;
2432 
2433 		case 941:	/* stxsihx */
2434 			op->reg = rd | ((instr & 1) << 5);
2435 			op->type = MKOP(STORE_VSX, 0, 2);
2436 			op->element_size = 8;
2437 			op->vsx_flags = VSX_CHECK_VEC;
2438 			break;
2439 
2440 		case 972:	/* stxvd2x */
2441 			op->reg = rd | ((instr & 1) << 5);
2442 			op->type = MKOP(STORE_VSX, 0, 16);
2443 			op->element_size = 8;
2444 			break;
2445 
2446 		case 1004:	/* stxvb16x */
2447 			op->reg = rd | ((instr & 1) << 5);
2448 			op->type = MKOP(STORE_VSX, 0, 16);
2449 			op->element_size = 1;
2450 			op->vsx_flags = VSX_CHECK_VEC;
2451 			break;
2452 
2453 #endif /* CONFIG_VSX */
2454 		}
2455 		break;
2456 
2457 	case 32:	/* lwz */
2458 	case 33:	/* lwzu */
2459 		op->type = MKOP(LOAD, u, 4);
2460 		op->ea = dform_ea(instr, regs);
2461 		break;
2462 
2463 	case 34:	/* lbz */
2464 	case 35:	/* lbzu */
2465 		op->type = MKOP(LOAD, u, 1);
2466 		op->ea = dform_ea(instr, regs);
2467 		break;
2468 
2469 	case 36:	/* stw */
2470 	case 37:	/* stwu */
2471 		op->type = MKOP(STORE, u, 4);
2472 		op->ea = dform_ea(instr, regs);
2473 		break;
2474 
2475 	case 38:	/* stb */
2476 	case 39:	/* stbu */
2477 		op->type = MKOP(STORE, u, 1);
2478 		op->ea = dform_ea(instr, regs);
2479 		break;
2480 
2481 	case 40:	/* lhz */
2482 	case 41:	/* lhzu */
2483 		op->type = MKOP(LOAD, u, 2);
2484 		op->ea = dform_ea(instr, regs);
2485 		break;
2486 
2487 	case 42:	/* lha */
2488 	case 43:	/* lhau */
2489 		op->type = MKOP(LOAD, SIGNEXT | u, 2);
2490 		op->ea = dform_ea(instr, regs);
2491 		break;
2492 
2493 	case 44:	/* sth */
2494 	case 45:	/* sthu */
2495 		op->type = MKOP(STORE, u, 2);
2496 		op->ea = dform_ea(instr, regs);
2497 		break;
2498 
2499 	case 46:	/* lmw */
2500 		if (ra >= rd)
2501 			break;		/* invalid form, ra in range to load */
2502 		op->type = MKOP(LOAD_MULTI, 0, 4 * (32 - rd));
2503 		op->ea = dform_ea(instr, regs);
2504 		break;
2505 
2506 	case 47:	/* stmw */
2507 		op->type = MKOP(STORE_MULTI, 0, 4 * (32 - rd));
2508 		op->ea = dform_ea(instr, regs);
2509 		break;
2510 
2511 #ifdef CONFIG_PPC_FPU
2512 	case 48:	/* lfs */
2513 	case 49:	/* lfsu */
2514 		op->type = MKOP(LOAD_FP, u | FPCONV, 4);
2515 		op->ea = dform_ea(instr, regs);
2516 		break;
2517 
2518 	case 50:	/* lfd */
2519 	case 51:	/* lfdu */
2520 		op->type = MKOP(LOAD_FP, u, 8);
2521 		op->ea = dform_ea(instr, regs);
2522 		break;
2523 
2524 	case 52:	/* stfs */
2525 	case 53:	/* stfsu */
2526 		op->type = MKOP(STORE_FP, u | FPCONV, 4);
2527 		op->ea = dform_ea(instr, regs);
2528 		break;
2529 
2530 	case 54:	/* stfd */
2531 	case 55:	/* stfdu */
2532 		op->type = MKOP(STORE_FP, u, 8);
2533 		op->ea = dform_ea(instr, regs);
2534 		break;
2535 #endif
2536 
2537 #ifdef __powerpc64__
2538 	case 56:	/* lq */
2539 		if (!((rd & 1) || (rd == ra)))
2540 			op->type = MKOP(LOAD, 0, 16);
2541 		op->ea = dqform_ea(instr, regs);
2542 		break;
2543 #endif
2544 
2545 #ifdef CONFIG_VSX
2546 	case 57:	/* lfdp, lxsd, lxssp */
2547 		op->ea = dsform_ea(instr, regs);
2548 		switch (instr & 3) {
2549 		case 0:		/* lfdp */
2550 			if (rd & 1)
2551 				break;		/* reg must be even */
2552 			op->type = MKOP(LOAD_FP, 0, 16);
2553 			break;
2554 		case 2:		/* lxsd */
2555 			op->reg = rd + 32;
2556 			op->type = MKOP(LOAD_VSX, 0, 8);
2557 			op->element_size = 8;
2558 			op->vsx_flags = VSX_CHECK_VEC;
2559 			break;
2560 		case 3:		/* lxssp */
2561 			op->reg = rd + 32;
2562 			op->type = MKOP(LOAD_VSX, 0, 4);
2563 			op->element_size = 8;
2564 			op->vsx_flags = VSX_FPCONV | VSX_CHECK_VEC;
2565 			break;
2566 		}
2567 		break;
2568 #endif /* CONFIG_VSX */
2569 
2570 #ifdef __powerpc64__
2571 	case 58:	/* ld[u], lwa */
2572 		op->ea = dsform_ea(instr, regs);
2573 		switch (instr & 3) {
2574 		case 0:		/* ld */
2575 			op->type = MKOP(LOAD, 0, 8);
2576 			break;
2577 		case 1:		/* ldu */
2578 			op->type = MKOP(LOAD, UPDATE, 8);
2579 			break;
2580 		case 2:		/* lwa */
2581 			op->type = MKOP(LOAD, SIGNEXT, 4);
2582 			break;
2583 		}
2584 		break;
2585 #endif
2586 
2587 #ifdef CONFIG_VSX
2588 	case 61:	/* stfdp, lxv, stxsd, stxssp, stxv */
2589 		switch (instr & 7) {
2590 		case 0:		/* stfdp with LSB of DS field = 0 */
2591 		case 4:		/* stfdp with LSB of DS field = 1 */
2592 			op->ea = dsform_ea(instr, regs);
2593 			op->type = MKOP(STORE_FP, 0, 16);
2594 			break;
2595 
2596 		case 1:		/* lxv */
2597 			op->ea = dqform_ea(instr, regs);
2598 			if (instr & 8)
2599 				op->reg = rd + 32;
2600 			op->type = MKOP(LOAD_VSX, 0, 16);
2601 			op->element_size = 16;
2602 			op->vsx_flags = VSX_CHECK_VEC;
2603 			break;
2604 
2605 		case 2:		/* stxsd with LSB of DS field = 0 */
2606 		case 6:		/* stxsd with LSB of DS field = 1 */
2607 			op->ea = dsform_ea(instr, regs);
2608 			op->reg = rd + 32;
2609 			op->type = MKOP(STORE_VSX, 0, 8);
2610 			op->element_size = 8;
2611 			op->vsx_flags = VSX_CHECK_VEC;
2612 			break;
2613 
2614 		case 3:		/* stxssp with LSB of DS field = 0 */
2615 		case 7:		/* stxssp with LSB of DS field = 1 */
2616 			op->ea = dsform_ea(instr, regs);
2617 			op->reg = rd + 32;
2618 			op->type = MKOP(STORE_VSX, 0, 4);
2619 			op->element_size = 8;
2620 			op->vsx_flags = VSX_FPCONV | VSX_CHECK_VEC;
2621 			break;
2622 
2623 		case 5:		/* stxv */
2624 			op->ea = dqform_ea(instr, regs);
2625 			if (instr & 8)
2626 				op->reg = rd + 32;
2627 			op->type = MKOP(STORE_VSX, 0, 16);
2628 			op->element_size = 16;
2629 			op->vsx_flags = VSX_CHECK_VEC;
2630 			break;
2631 		}
2632 		break;
2633 #endif /* CONFIG_VSX */
2634 
2635 #ifdef __powerpc64__
2636 	case 62:	/* std[u] */
2637 		op->ea = dsform_ea(instr, regs);
2638 		switch (instr & 3) {
2639 		case 0:		/* std */
2640 			op->type = MKOP(STORE, 0, 8);
2641 			break;
2642 		case 1:		/* stdu */
2643 			op->type = MKOP(STORE, UPDATE, 8);
2644 			break;
2645 		case 2:		/* stq */
2646 			if (!(rd & 1))
2647 				op->type = MKOP(STORE, 0, 16);
2648 			break;
2649 		}
2650 		break;
2651 #endif /* __powerpc64__ */
2652 
2653 	}
2654 
2655 #ifdef CONFIG_VSX
2656 	if ((GETTYPE(op->type) == LOAD_VSX ||
2657 	     GETTYPE(op->type) == STORE_VSX) &&
2658 	    !cpu_has_feature(CPU_FTR_VSX)) {
2659 		return -1;
2660 	}
2661 #endif /* CONFIG_VSX */
2662 
2663 	return 0;
2664 
2665  logical_done:
2666 	if (instr & 1)
2667 		set_cr0(regs, op);
2668  logical_done_nocc:
2669 	op->reg = ra;
2670 	op->type |= SETREG;
2671 	return 1;
2672 
2673  arith_done:
2674 	if (instr & 1)
2675 		set_cr0(regs, op);
2676  compute_done:
2677 	op->reg = rd;
2678 	op->type |= SETREG;
2679 	return 1;
2680 
2681  priv:
2682 	op->type = INTERRUPT | 0x700;
2683 	op->val = SRR1_PROGPRIV;
2684 	return 0;
2685 
2686  trap:
2687 	op->type = INTERRUPT | 0x700;
2688 	op->val = SRR1_PROGTRAP;
2689 	return 0;
2690 }
2691 EXPORT_SYMBOL_GPL(analyse_instr);
2692 NOKPROBE_SYMBOL(analyse_instr);
2693 
2694 /*
2695  * For PPC32 we always use stwu with r1 to change the stack pointer.
2696  * So this emulated store may corrupt the exception frame, now we
2697  * have to provide the exception frame trampoline, which is pushed
2698  * below the kprobed function stack. So we only update gpr[1] but
2699  * don't emulate the real store operation. We will do real store
2700  * operation safely in exception return code by checking this flag.
2701  */
handle_stack_update(unsigned long ea,struct pt_regs * regs)2702 static nokprobe_inline int handle_stack_update(unsigned long ea, struct pt_regs *regs)
2703 {
2704 #ifdef CONFIG_PPC32
2705 	/*
2706 	 * Check if we will touch kernel stack overflow
2707 	 */
2708 	if (ea - STACK_INT_FRAME_SIZE <= current->thread.ksp_limit) {
2709 		printk(KERN_CRIT "Can't kprobe this since kernel stack would overflow.\n");
2710 		return -EINVAL;
2711 	}
2712 #endif /* CONFIG_PPC32 */
2713 	/*
2714 	 * Check if we already set since that means we'll
2715 	 * lose the previous value.
2716 	 */
2717 	WARN_ON(test_thread_flag(TIF_EMULATE_STACK_STORE));
2718 	set_thread_flag(TIF_EMULATE_STACK_STORE);
2719 	return 0;
2720 }
2721 
do_signext(unsigned long * valp,int size)2722 static nokprobe_inline void do_signext(unsigned long *valp, int size)
2723 {
2724 	switch (size) {
2725 	case 2:
2726 		*valp = (signed short) *valp;
2727 		break;
2728 	case 4:
2729 		*valp = (signed int) *valp;
2730 		break;
2731 	}
2732 }
2733 
do_byterev(unsigned long * valp,int size)2734 static nokprobe_inline void do_byterev(unsigned long *valp, int size)
2735 {
2736 	switch (size) {
2737 	case 2:
2738 		*valp = byterev_2(*valp);
2739 		break;
2740 	case 4:
2741 		*valp = byterev_4(*valp);
2742 		break;
2743 #ifdef __powerpc64__
2744 	case 8:
2745 		*valp = byterev_8(*valp);
2746 		break;
2747 #endif
2748 	}
2749 }
2750 
2751 /*
2752  * Emulate an instruction that can be executed just by updating
2753  * fields in *regs.
2754  */
emulate_update_regs(struct pt_regs * regs,struct instruction_op * op)2755 void emulate_update_regs(struct pt_regs *regs, struct instruction_op *op)
2756 {
2757 	unsigned long next_pc;
2758 
2759 	next_pc = truncate_if_32bit(regs->msr, regs->nip + 4);
2760 	switch (GETTYPE(op->type)) {
2761 	case COMPUTE:
2762 		if (op->type & SETREG)
2763 			regs->gpr[op->reg] = op->val;
2764 		if (op->type & SETCC)
2765 			regs->ccr = op->ccval;
2766 		if (op->type & SETXER)
2767 			regs->xer = op->xerval;
2768 		break;
2769 
2770 	case BRANCH:
2771 		if (op->type & SETLK)
2772 			regs->link = next_pc;
2773 		if (op->type & BRTAKEN)
2774 			next_pc = op->val;
2775 		if (op->type & DECCTR)
2776 			--regs->ctr;
2777 		break;
2778 
2779 	case BARRIER:
2780 		switch (op->type & BARRIER_MASK) {
2781 		case BARRIER_SYNC:
2782 			mb();
2783 			break;
2784 		case BARRIER_ISYNC:
2785 			isync();
2786 			break;
2787 		case BARRIER_EIEIO:
2788 			eieio();
2789 			break;
2790 		case BARRIER_LWSYNC:
2791 			asm volatile("lwsync" : : : "memory");
2792 			break;
2793 		case BARRIER_PTESYNC:
2794 			asm volatile("ptesync" : : : "memory");
2795 			break;
2796 		}
2797 		break;
2798 
2799 	case MFSPR:
2800 		switch (op->spr) {
2801 		case SPRN_XER:
2802 			regs->gpr[op->reg] = regs->xer & 0xffffffffUL;
2803 			break;
2804 		case SPRN_LR:
2805 			regs->gpr[op->reg] = regs->link;
2806 			break;
2807 		case SPRN_CTR:
2808 			regs->gpr[op->reg] = regs->ctr;
2809 			break;
2810 		default:
2811 			WARN_ON_ONCE(1);
2812 		}
2813 		break;
2814 
2815 	case MTSPR:
2816 		switch (op->spr) {
2817 		case SPRN_XER:
2818 			regs->xer = op->val & 0xffffffffUL;
2819 			break;
2820 		case SPRN_LR:
2821 			regs->link = op->val;
2822 			break;
2823 		case SPRN_CTR:
2824 			regs->ctr = op->val;
2825 			break;
2826 		default:
2827 			WARN_ON_ONCE(1);
2828 		}
2829 		break;
2830 
2831 	default:
2832 		WARN_ON_ONCE(1);
2833 	}
2834 	regs->nip = next_pc;
2835 }
2836 NOKPROBE_SYMBOL(emulate_update_regs);
2837 
2838 /*
2839  * Emulate a previously-analysed load or store instruction.
2840  * Return values are:
2841  * 0 = instruction emulated successfully
2842  * -EFAULT = address out of range or access faulted (regs->dar
2843  *	     contains the faulting address)
2844  * -EACCES = misaligned access, instruction requires alignment
2845  * -EINVAL = unknown operation in *op
2846  */
emulate_loadstore(struct pt_regs * regs,struct instruction_op * op)2847 int emulate_loadstore(struct pt_regs *regs, struct instruction_op *op)
2848 {
2849 	int err, size, type;
2850 	int i, rd, nb;
2851 	unsigned int cr;
2852 	unsigned long val;
2853 	unsigned long ea;
2854 	bool cross_endian;
2855 
2856 	err = 0;
2857 	size = GETSIZE(op->type);
2858 	type = GETTYPE(op->type);
2859 	cross_endian = (regs->msr & MSR_LE) != (MSR_KERNEL & MSR_LE);
2860 	ea = truncate_if_32bit(regs->msr, op->ea);
2861 
2862 	switch (type) {
2863 	case LARX:
2864 		if (ea & (size - 1))
2865 			return -EACCES;		/* can't handle misaligned */
2866 		if (!address_ok(regs, ea, size))
2867 			return -EFAULT;
2868 		err = 0;
2869 		val = 0;
2870 		switch (size) {
2871 #ifdef __powerpc64__
2872 		case 1:
2873 			__get_user_asmx(val, ea, err, "lbarx");
2874 			break;
2875 		case 2:
2876 			__get_user_asmx(val, ea, err, "lharx");
2877 			break;
2878 #endif
2879 		case 4:
2880 			__get_user_asmx(val, ea, err, "lwarx");
2881 			break;
2882 #ifdef __powerpc64__
2883 		case 8:
2884 			__get_user_asmx(val, ea, err, "ldarx");
2885 			break;
2886 		case 16:
2887 			err = do_lqarx(ea, &regs->gpr[op->reg]);
2888 			break;
2889 #endif
2890 		default:
2891 			return -EINVAL;
2892 		}
2893 		if (err) {
2894 			regs->dar = ea;
2895 			break;
2896 		}
2897 		if (size < 16)
2898 			regs->gpr[op->reg] = val;
2899 		break;
2900 
2901 	case STCX:
2902 		if (ea & (size - 1))
2903 			return -EACCES;		/* can't handle misaligned */
2904 		if (!address_ok(regs, ea, size))
2905 			return -EFAULT;
2906 		err = 0;
2907 		switch (size) {
2908 #ifdef __powerpc64__
2909 		case 1:
2910 			__put_user_asmx(op->val, ea, err, "stbcx.", cr);
2911 			break;
2912 		case 2:
2913 			__put_user_asmx(op->val, ea, err, "stbcx.", cr);
2914 			break;
2915 #endif
2916 		case 4:
2917 			__put_user_asmx(op->val, ea, err, "stwcx.", cr);
2918 			break;
2919 #ifdef __powerpc64__
2920 		case 8:
2921 			__put_user_asmx(op->val, ea, err, "stdcx.", cr);
2922 			break;
2923 		case 16:
2924 			err = do_stqcx(ea, regs->gpr[op->reg],
2925 				       regs->gpr[op->reg + 1], &cr);
2926 			break;
2927 #endif
2928 		default:
2929 			return -EINVAL;
2930 		}
2931 		if (!err)
2932 			regs->ccr = (regs->ccr & 0x0fffffff) |
2933 				(cr & 0xe0000000) |
2934 				((regs->xer >> 3) & 0x10000000);
2935 		else
2936 			regs->dar = ea;
2937 		break;
2938 
2939 	case LOAD:
2940 #ifdef __powerpc64__
2941 		if (size == 16) {
2942 			err = emulate_lq(regs, ea, op->reg, cross_endian);
2943 			break;
2944 		}
2945 #endif
2946 		err = read_mem(&regs->gpr[op->reg], ea, size, regs);
2947 		if (!err) {
2948 			if (op->type & SIGNEXT)
2949 				do_signext(&regs->gpr[op->reg], size);
2950 			if ((op->type & BYTEREV) == (cross_endian ? 0 : BYTEREV))
2951 				do_byterev(&regs->gpr[op->reg], size);
2952 		}
2953 		break;
2954 
2955 #ifdef CONFIG_PPC_FPU
2956 	case LOAD_FP:
2957 		/*
2958 		 * If the instruction is in userspace, we can emulate it even
2959 		 * if the VMX state is not live, because we have the state
2960 		 * stored in the thread_struct.  If the instruction is in
2961 		 * the kernel, we must not touch the state in the thread_struct.
2962 		 */
2963 		if (!(regs->msr & MSR_PR) && !(regs->msr & MSR_FP))
2964 			return 0;
2965 		err = do_fp_load(op, ea, regs, cross_endian);
2966 		break;
2967 #endif
2968 #ifdef CONFIG_ALTIVEC
2969 	case LOAD_VMX:
2970 		if (!(regs->msr & MSR_PR) && !(regs->msr & MSR_VEC))
2971 			return 0;
2972 		err = do_vec_load(op->reg, ea, size, regs, cross_endian);
2973 		break;
2974 #endif
2975 #ifdef CONFIG_VSX
2976 	case LOAD_VSX: {
2977 		unsigned long msrbit = MSR_VSX;
2978 
2979 		/*
2980 		 * Some VSX instructions check the MSR_VEC bit rather than MSR_VSX
2981 		 * when the target of the instruction is a vector register.
2982 		 */
2983 		if (op->reg >= 32 && (op->vsx_flags & VSX_CHECK_VEC))
2984 			msrbit = MSR_VEC;
2985 		if (!(regs->msr & MSR_PR) && !(regs->msr & msrbit))
2986 			return 0;
2987 		err = do_vsx_load(op, ea, regs, cross_endian);
2988 		break;
2989 	}
2990 #endif
2991 	case LOAD_MULTI:
2992 		if (!address_ok(regs, ea, size))
2993 			return -EFAULT;
2994 		rd = op->reg;
2995 		for (i = 0; i < size; i += 4) {
2996 			unsigned int v32 = 0;
2997 
2998 			nb = size - i;
2999 			if (nb > 4)
3000 				nb = 4;
3001 			err = copy_mem_in((u8 *) &v32, ea, nb, regs);
3002 			if (err)
3003 				break;
3004 			if (unlikely(cross_endian))
3005 				v32 = byterev_4(v32);
3006 			regs->gpr[rd] = v32;
3007 			ea += 4;
3008 			/* reg number wraps from 31 to 0 for lsw[ix] */
3009 			rd = (rd + 1) & 0x1f;
3010 		}
3011 		break;
3012 
3013 	case STORE:
3014 #ifdef __powerpc64__
3015 		if (size == 16) {
3016 			err = emulate_stq(regs, ea, op->reg, cross_endian);
3017 			break;
3018 		}
3019 #endif
3020 		if ((op->type & UPDATE) && size == sizeof(long) &&
3021 		    op->reg == 1 && op->update_reg == 1 &&
3022 		    !(regs->msr & MSR_PR) &&
3023 		    ea >= regs->gpr[1] - STACK_INT_FRAME_SIZE) {
3024 			err = handle_stack_update(ea, regs);
3025 			break;
3026 		}
3027 		if (unlikely(cross_endian))
3028 			do_byterev(&op->val, size);
3029 		err = write_mem(op->val, ea, size, regs);
3030 		break;
3031 
3032 #ifdef CONFIG_PPC_FPU
3033 	case STORE_FP:
3034 		if (!(regs->msr & MSR_PR) && !(regs->msr & MSR_FP))
3035 			return 0;
3036 		err = do_fp_store(op, ea, regs, cross_endian);
3037 		break;
3038 #endif
3039 #ifdef CONFIG_ALTIVEC
3040 	case STORE_VMX:
3041 		if (!(regs->msr & MSR_PR) && !(regs->msr & MSR_VEC))
3042 			return 0;
3043 		err = do_vec_store(op->reg, ea, size, regs, cross_endian);
3044 		break;
3045 #endif
3046 #ifdef CONFIG_VSX
3047 	case STORE_VSX: {
3048 		unsigned long msrbit = MSR_VSX;
3049 
3050 		/*
3051 		 * Some VSX instructions check the MSR_VEC bit rather than MSR_VSX
3052 		 * when the target of the instruction is a vector register.
3053 		 */
3054 		if (op->reg >= 32 && (op->vsx_flags & VSX_CHECK_VEC))
3055 			msrbit = MSR_VEC;
3056 		if (!(regs->msr & MSR_PR) && !(regs->msr & msrbit))
3057 			return 0;
3058 		err = do_vsx_store(op, ea, regs, cross_endian);
3059 		break;
3060 	}
3061 #endif
3062 	case STORE_MULTI:
3063 		if (!address_ok(regs, ea, size))
3064 			return -EFAULT;
3065 		rd = op->reg;
3066 		for (i = 0; i < size; i += 4) {
3067 			unsigned int v32 = regs->gpr[rd];
3068 
3069 			nb = size - i;
3070 			if (nb > 4)
3071 				nb = 4;
3072 			if (unlikely(cross_endian))
3073 				v32 = byterev_4(v32);
3074 			err = copy_mem_out((u8 *) &v32, ea, nb, regs);
3075 			if (err)
3076 				break;
3077 			ea += 4;
3078 			/* reg number wraps from 31 to 0 for stsw[ix] */
3079 			rd = (rd + 1) & 0x1f;
3080 		}
3081 		break;
3082 
3083 	default:
3084 		return -EINVAL;
3085 	}
3086 
3087 	if (err)
3088 		return err;
3089 
3090 	if (op->type & UPDATE)
3091 		regs->gpr[op->update_reg] = op->ea;
3092 
3093 	return 0;
3094 }
3095 NOKPROBE_SYMBOL(emulate_loadstore);
3096 
3097 /*
3098  * Emulate instructions that cause a transfer of control,
3099  * loads and stores, and a few other instructions.
3100  * Returns 1 if the step was emulated, 0 if not,
3101  * or -1 if the instruction is one that should not be stepped,
3102  * such as an rfid, or a mtmsrd that would clear MSR_RI.
3103  */
emulate_step(struct pt_regs * regs,unsigned int instr)3104 int emulate_step(struct pt_regs *regs, unsigned int instr)
3105 {
3106 	struct instruction_op op;
3107 	int r, err, type;
3108 	unsigned long val;
3109 	unsigned long ea;
3110 
3111 	r = analyse_instr(&op, regs, instr);
3112 	if (r < 0)
3113 		return r;
3114 	if (r > 0) {
3115 		emulate_update_regs(regs, &op);
3116 		return 1;
3117 	}
3118 
3119 	err = 0;
3120 	type = GETTYPE(op.type);
3121 
3122 	if (OP_IS_LOAD_STORE(type)) {
3123 		err = emulate_loadstore(regs, &op);
3124 		if (err)
3125 			return 0;
3126 		goto instr_done;
3127 	}
3128 
3129 	switch (type) {
3130 	case CACHEOP:
3131 		ea = truncate_if_32bit(regs->msr, op.ea);
3132 		if (!address_ok(regs, ea, 8))
3133 			return 0;
3134 		switch (op.type & CACHEOP_MASK) {
3135 		case DCBST:
3136 			__cacheop_user_asmx(ea, err, "dcbst");
3137 			break;
3138 		case DCBF:
3139 			__cacheop_user_asmx(ea, err, "dcbf");
3140 			break;
3141 		case DCBTST:
3142 			if (op.reg == 0)
3143 				prefetchw((void *) ea);
3144 			break;
3145 		case DCBT:
3146 			if (op.reg == 0)
3147 				prefetch((void *) ea);
3148 			break;
3149 		case ICBI:
3150 			__cacheop_user_asmx(ea, err, "icbi");
3151 			break;
3152 		case DCBZ:
3153 			err = emulate_dcbz(ea, regs);
3154 			break;
3155 		}
3156 		if (err) {
3157 			regs->dar = ea;
3158 			return 0;
3159 		}
3160 		goto instr_done;
3161 
3162 	case MFMSR:
3163 		regs->gpr[op.reg] = regs->msr & MSR_MASK;
3164 		goto instr_done;
3165 
3166 	case MTMSR:
3167 		val = regs->gpr[op.reg];
3168 		if ((val & MSR_RI) == 0)
3169 			/* can't step mtmsr[d] that would clear MSR_RI */
3170 			return -1;
3171 		/* here op.val is the mask of bits to change */
3172 		regs->msr = (regs->msr & ~op.val) | (val & op.val);
3173 		goto instr_done;
3174 
3175 #ifdef CONFIG_PPC64
3176 	case SYSCALL:	/* sc */
3177 		/*
3178 		 * N.B. this uses knowledge about how the syscall
3179 		 * entry code works.  If that is changed, this will
3180 		 * need to be changed also.
3181 		 */
3182 		if (regs->gpr[0] == 0x1ebe &&
3183 		    cpu_has_feature(CPU_FTR_REAL_LE)) {
3184 			regs->msr ^= MSR_LE;
3185 			goto instr_done;
3186 		}
3187 		regs->gpr[9] = regs->gpr[13];
3188 		regs->gpr[10] = MSR_KERNEL;
3189 		regs->gpr[11] = regs->nip + 4;
3190 		regs->gpr[12] = regs->msr & MSR_MASK;
3191 		regs->gpr[13] = (unsigned long) get_paca();
3192 		regs->nip = (unsigned long) &system_call_common;
3193 		regs->msr = MSR_KERNEL;
3194 		return 1;
3195 
3196 	case RFI:
3197 		return -1;
3198 #endif
3199 	}
3200 	return 0;
3201 
3202  instr_done:
3203 	regs->nip = truncate_if_32bit(regs->msr, regs->nip + 4);
3204 	return 1;
3205 }
3206 NOKPROBE_SYMBOL(emulate_step);
3207