1 /*
2  * This file is subject to the terms and conditions of the GNU General Public
3  * License.  See the file "COPYING" in the main directory of this archive
4  * for more details.
5  *
6  * Copyright (C) 1996, 97, 2000, 2001 by Ralf Baechle
7  * Copyright (C) 2001 MIPS Technologies, Inc.
8  */
9 #include <linux/kernel.h>
10 #include <linux/sched/signal.h>
11 #include <linux/signal.h>
12 #include <linux/export.h>
13 #include <asm/branch.h>
14 #include <asm/cpu.h>
15 #include <asm/cpu-features.h>
16 #include <asm/fpu.h>
17 #include <asm/fpu_emulator.h>
18 #include <asm/inst.h>
19 #include <asm/mips-r2-to-r6-emul.h>
20 #include <asm/ptrace.h>
21 #include <linux/uaccess.h>
22 
23 /*
24  * Calculate and return exception PC in case of branch delay slot
25  * for microMIPS and MIPS16e. It does not clear the ISA mode bit.
26  */
__isa_exception_epc(struct pt_regs * regs)27 int __isa_exception_epc(struct pt_regs *regs)
28 {
29 	unsigned short inst;
30 	long epc = regs->cp0_epc;
31 
32 	/* Calculate exception PC in branch delay slot. */
33 	if (__get_user(inst, (u16 __user *) msk_isa16_mode(epc))) {
34 		/* This should never happen because delay slot was checked. */
35 		force_sig(SIGSEGV, current);
36 		return epc;
37 	}
38 	if (cpu_has_mips16) {
39 		union mips16e_instruction inst_mips16e;
40 
41 		inst_mips16e.full = inst;
42 		if (inst_mips16e.ri.opcode == MIPS16e_jal_op)
43 			epc += 4;
44 		else
45 			epc += 2;
46 	} else if (mm_insn_16bit(inst))
47 		epc += 2;
48 	else
49 		epc += 4;
50 
51 	return epc;
52 }
53 
54 /* (microMIPS) Convert 16-bit register encoding to 32-bit register encoding. */
55 static const unsigned int reg16to32map[8] = {16, 17, 2, 3, 4, 5, 6, 7};
56 
__mm_isBranchInstr(struct pt_regs * regs,struct mm_decoded_insn dec_insn,unsigned long * contpc)57 int __mm_isBranchInstr(struct pt_regs *regs, struct mm_decoded_insn dec_insn,
58 		       unsigned long *contpc)
59 {
60 	union mips_instruction insn = (union mips_instruction)dec_insn.insn;
61 	int bc_false = 0;
62 	unsigned int fcr31;
63 	unsigned int bit;
64 
65 	if (!cpu_has_mmips)
66 		return 0;
67 
68 	switch (insn.mm_i_format.opcode) {
69 	case mm_pool32a_op:
70 		if ((insn.mm_i_format.simmediate & MM_POOL32A_MINOR_MASK) ==
71 		    mm_pool32axf_op) {
72 			switch (insn.mm_i_format.simmediate >>
73 				MM_POOL32A_MINOR_SHIFT) {
74 			case mm_jalr_op:
75 			case mm_jalrhb_op:
76 			case mm_jalrs_op:
77 			case mm_jalrshb_op:
78 				if (insn.mm_i_format.rt != 0)	/* Not mm_jr */
79 					regs->regs[insn.mm_i_format.rt] =
80 						regs->cp0_epc +
81 						dec_insn.pc_inc +
82 						dec_insn.next_pc_inc;
83 				*contpc = regs->regs[insn.mm_i_format.rs];
84 				return 1;
85 			}
86 		}
87 		break;
88 	case mm_pool32i_op:
89 		switch (insn.mm_i_format.rt) {
90 		case mm_bltzals_op:
91 		case mm_bltzal_op:
92 			regs->regs[31] = regs->cp0_epc +
93 				dec_insn.pc_inc +
94 				dec_insn.next_pc_inc;
95 			/* Fall through */
96 		case mm_bltz_op:
97 			if ((long)regs->regs[insn.mm_i_format.rs] < 0)
98 				*contpc = regs->cp0_epc +
99 					dec_insn.pc_inc +
100 					(insn.mm_i_format.simmediate << 1);
101 			else
102 				*contpc = regs->cp0_epc +
103 					dec_insn.pc_inc +
104 					dec_insn.next_pc_inc;
105 			return 1;
106 		case mm_bgezals_op:
107 		case mm_bgezal_op:
108 			regs->regs[31] = regs->cp0_epc +
109 					dec_insn.pc_inc +
110 					dec_insn.next_pc_inc;
111 			/* Fall through */
112 		case mm_bgez_op:
113 			if ((long)regs->regs[insn.mm_i_format.rs] >= 0)
114 				*contpc = regs->cp0_epc +
115 					dec_insn.pc_inc +
116 					(insn.mm_i_format.simmediate << 1);
117 			else
118 				*contpc = regs->cp0_epc +
119 					dec_insn.pc_inc +
120 					dec_insn.next_pc_inc;
121 			return 1;
122 		case mm_blez_op:
123 			if ((long)regs->regs[insn.mm_i_format.rs] <= 0)
124 				*contpc = regs->cp0_epc +
125 					dec_insn.pc_inc +
126 					(insn.mm_i_format.simmediate << 1);
127 			else
128 				*contpc = regs->cp0_epc +
129 					dec_insn.pc_inc +
130 					dec_insn.next_pc_inc;
131 			return 1;
132 		case mm_bgtz_op:
133 			if ((long)regs->regs[insn.mm_i_format.rs] <= 0)
134 				*contpc = regs->cp0_epc +
135 					dec_insn.pc_inc +
136 					(insn.mm_i_format.simmediate << 1);
137 			else
138 				*contpc = regs->cp0_epc +
139 					dec_insn.pc_inc +
140 					dec_insn.next_pc_inc;
141 			return 1;
142 		case mm_bc2f_op:
143 		case mm_bc1f_op:
144 			bc_false = 1;
145 			/* Fall through */
146 		case mm_bc2t_op:
147 		case mm_bc1t_op:
148 			preempt_disable();
149 			if (is_fpu_owner())
150 			        fcr31 = read_32bit_cp1_register(CP1_STATUS);
151 			else
152 				fcr31 = current->thread.fpu.fcr31;
153 			preempt_enable();
154 
155 			if (bc_false)
156 				fcr31 = ~fcr31;
157 
158 			bit = (insn.mm_i_format.rs >> 2);
159 			bit += (bit != 0);
160 			bit += 23;
161 			if (fcr31 & (1 << bit))
162 				*contpc = regs->cp0_epc +
163 					dec_insn.pc_inc +
164 					(insn.mm_i_format.simmediate << 1);
165 			else
166 				*contpc = regs->cp0_epc +
167 					dec_insn.pc_inc + dec_insn.next_pc_inc;
168 			return 1;
169 		}
170 		break;
171 	case mm_pool16c_op:
172 		switch (insn.mm_i_format.rt) {
173 		case mm_jalr16_op:
174 		case mm_jalrs16_op:
175 			regs->regs[31] = regs->cp0_epc +
176 				dec_insn.pc_inc + dec_insn.next_pc_inc;
177 			/* Fall through */
178 		case mm_jr16_op:
179 			*contpc = regs->regs[insn.mm_i_format.rs];
180 			return 1;
181 		}
182 		break;
183 	case mm_beqz16_op:
184 		if ((long)regs->regs[reg16to32map[insn.mm_b1_format.rs]] == 0)
185 			*contpc = regs->cp0_epc +
186 				dec_insn.pc_inc +
187 				(insn.mm_b1_format.simmediate << 1);
188 		else
189 			*contpc = regs->cp0_epc +
190 				dec_insn.pc_inc + dec_insn.next_pc_inc;
191 		return 1;
192 	case mm_bnez16_op:
193 		if ((long)regs->regs[reg16to32map[insn.mm_b1_format.rs]] != 0)
194 			*contpc = regs->cp0_epc +
195 				dec_insn.pc_inc +
196 				(insn.mm_b1_format.simmediate << 1);
197 		else
198 			*contpc = regs->cp0_epc +
199 				dec_insn.pc_inc + dec_insn.next_pc_inc;
200 		return 1;
201 	case mm_b16_op:
202 		*contpc = regs->cp0_epc + dec_insn.pc_inc +
203 			 (insn.mm_b0_format.simmediate << 1);
204 		return 1;
205 	case mm_beq32_op:
206 		if (regs->regs[insn.mm_i_format.rs] ==
207 		    regs->regs[insn.mm_i_format.rt])
208 			*contpc = regs->cp0_epc +
209 				dec_insn.pc_inc +
210 				(insn.mm_i_format.simmediate << 1);
211 		else
212 			*contpc = regs->cp0_epc +
213 				dec_insn.pc_inc +
214 				dec_insn.next_pc_inc;
215 		return 1;
216 	case mm_bne32_op:
217 		if (regs->regs[insn.mm_i_format.rs] !=
218 		    regs->regs[insn.mm_i_format.rt])
219 			*contpc = regs->cp0_epc +
220 				dec_insn.pc_inc +
221 				(insn.mm_i_format.simmediate << 1);
222 		else
223 			*contpc = regs->cp0_epc +
224 				dec_insn.pc_inc + dec_insn.next_pc_inc;
225 		return 1;
226 	case mm_jalx32_op:
227 		regs->regs[31] = regs->cp0_epc +
228 			dec_insn.pc_inc + dec_insn.next_pc_inc;
229 		*contpc = regs->cp0_epc + dec_insn.pc_inc;
230 		*contpc >>= 28;
231 		*contpc <<= 28;
232 		*contpc |= (insn.j_format.target << 2);
233 		return 1;
234 	case mm_jals32_op:
235 	case mm_jal32_op:
236 		regs->regs[31] = regs->cp0_epc +
237 			dec_insn.pc_inc + dec_insn.next_pc_inc;
238 		/* Fall through */
239 	case mm_j32_op:
240 		*contpc = regs->cp0_epc + dec_insn.pc_inc;
241 		*contpc >>= 27;
242 		*contpc <<= 27;
243 		*contpc |= (insn.j_format.target << 1);
244 		set_isa16_mode(*contpc);
245 		return 1;
246 	}
247 	return 0;
248 }
249 
250 /*
251  * Compute return address and emulate branch in microMIPS mode after an
252  * exception only. It does not handle compact branches/jumps and cannot
253  * be used in interrupt context. (Compact branches/jumps do not cause
254  * exceptions.)
255  */
__microMIPS_compute_return_epc(struct pt_regs * regs)256 int __microMIPS_compute_return_epc(struct pt_regs *regs)
257 {
258 	u16 __user *pc16;
259 	u16 halfword;
260 	unsigned int word;
261 	unsigned long contpc;
262 	struct mm_decoded_insn mminsn = { 0 };
263 
264 	mminsn.micro_mips_mode = 1;
265 
266 	/* This load never faults. */
267 	pc16 = (unsigned short __user *)msk_isa16_mode(regs->cp0_epc);
268 	__get_user(halfword, pc16);
269 	pc16++;
270 	contpc = regs->cp0_epc + 2;
271 	word = ((unsigned int)halfword << 16);
272 	mminsn.pc_inc = 2;
273 
274 	if (!mm_insn_16bit(halfword)) {
275 		__get_user(halfword, pc16);
276 		pc16++;
277 		contpc = regs->cp0_epc + 4;
278 		mminsn.pc_inc = 4;
279 		word |= halfword;
280 	}
281 	mminsn.insn = word;
282 
283 	if (get_user(halfword, pc16))
284 		goto sigsegv;
285 	mminsn.next_pc_inc = 2;
286 	word = ((unsigned int)halfword << 16);
287 
288 	if (!mm_insn_16bit(halfword)) {
289 		pc16++;
290 		if (get_user(halfword, pc16))
291 			goto sigsegv;
292 		mminsn.next_pc_inc = 4;
293 		word |= halfword;
294 	}
295 	mminsn.next_insn = word;
296 
297 	mm_isBranchInstr(regs, mminsn, &contpc);
298 
299 	regs->cp0_epc = contpc;
300 
301 	return 0;
302 
303 sigsegv:
304 	force_sig(SIGSEGV, current);
305 	return -EFAULT;
306 }
307 
308 /*
309  * Compute return address and emulate branch in MIPS16e mode after an
310  * exception only. It does not handle compact branches/jumps and cannot
311  * be used in interrupt context. (Compact branches/jumps do not cause
312  * exceptions.)
313  */
__MIPS16e_compute_return_epc(struct pt_regs * regs)314 int __MIPS16e_compute_return_epc(struct pt_regs *regs)
315 {
316 	u16 __user *addr;
317 	union mips16e_instruction inst;
318 	u16 inst2;
319 	u32 fullinst;
320 	long epc;
321 
322 	epc = regs->cp0_epc;
323 
324 	/* Read the instruction. */
325 	addr = (u16 __user *)msk_isa16_mode(epc);
326 	if (__get_user(inst.full, addr)) {
327 		force_sig(SIGSEGV, current);
328 		return -EFAULT;
329 	}
330 
331 	switch (inst.ri.opcode) {
332 	case MIPS16e_extend_op:
333 		regs->cp0_epc += 4;
334 		return 0;
335 
336 		/*
337 		 *  JAL and JALX in MIPS16e mode
338 		 */
339 	case MIPS16e_jal_op:
340 		addr += 1;
341 		if (__get_user(inst2, addr)) {
342 			force_sig(SIGSEGV, current);
343 			return -EFAULT;
344 		}
345 		fullinst = ((unsigned)inst.full << 16) | inst2;
346 		regs->regs[31] = epc + 6;
347 		epc += 4;
348 		epc >>= 28;
349 		epc <<= 28;
350 		/*
351 		 * JAL:5 X:1 TARGET[20-16]:5 TARGET[25:21]:5 TARGET[15:0]:16
352 		 *
353 		 * ......TARGET[15:0].................TARGET[20:16]...........
354 		 * ......TARGET[25:21]
355 		 */
356 		epc |=
357 		    ((fullinst & 0xffff) << 2) | ((fullinst & 0x3e00000) >> 3) |
358 		    ((fullinst & 0x1f0000) << 7);
359 		if (!inst.jal.x)
360 			set_isa16_mode(epc);	/* Set ISA mode bit. */
361 		regs->cp0_epc = epc;
362 		return 0;
363 
364 		/*
365 		 *  J(AL)R(C)
366 		 */
367 	case MIPS16e_rr_op:
368 		if (inst.rr.func == MIPS16e_jr_func) {
369 
370 			if (inst.rr.ra)
371 				regs->cp0_epc = regs->regs[31];
372 			else
373 				regs->cp0_epc =
374 				    regs->regs[reg16to32[inst.rr.rx]];
375 
376 			if (inst.rr.l) {
377 				if (inst.rr.nd)
378 					regs->regs[31] = epc + 2;
379 				else
380 					regs->regs[31] = epc + 4;
381 			}
382 			return 0;
383 		}
384 		break;
385 	}
386 
387 	/*
388 	 * All other cases have no branch delay slot and are 16-bits.
389 	 * Branches do not cause an exception.
390 	 */
391 	regs->cp0_epc += 2;
392 
393 	return 0;
394 }
395 
396 /**
397  * __compute_return_epc_for_insn - Computes the return address and do emulate
398  *				    branch simulation, if required.
399  *
400  * @regs:	Pointer to pt_regs
401  * @insn:	branch instruction to decode
402  * Return:	-EFAULT on error and forces SIGILL, and on success
403  *		returns 0 or BRANCH_LIKELY_TAKEN as appropriate after
404  *		evaluating the branch.
405  *
406  * MIPS R6 Compact branches and forbidden slots:
407  *	Compact branches do not throw exceptions because they do
408  *	not have delay slots. The forbidden slot instruction ($PC+4)
409  *	is only executed if the branch was not taken. Otherwise the
410  *	forbidden slot is skipped entirely. This means that the
411  *	only possible reason to be here because of a MIPS R6 compact
412  *	branch instruction is that the forbidden slot has thrown one.
413  *	In that case the branch was not taken, so the EPC can be safely
414  *	set to EPC + 8.
415  */
__compute_return_epc_for_insn(struct pt_regs * regs,union mips_instruction insn)416 int __compute_return_epc_for_insn(struct pt_regs *regs,
417 				   union mips_instruction insn)
418 {
419 	unsigned int bit, fcr31, dspcontrol, reg;
420 	long epc = regs->cp0_epc;
421 	int ret = 0;
422 
423 	switch (insn.i_format.opcode) {
424 	/*
425 	 * jr and jalr are in r_format format.
426 	 */
427 	case spec_op:
428 		switch (insn.r_format.func) {
429 		case jalr_op:
430 			regs->regs[insn.r_format.rd] = epc + 8;
431 			/* Fall through */
432 		case jr_op:
433 			if (NO_R6EMU && insn.r_format.func == jr_op)
434 				goto sigill_r2r6;
435 			regs->cp0_epc = regs->regs[insn.r_format.rs];
436 			break;
437 		}
438 		break;
439 
440 	/*
441 	 * This group contains:
442 	 * bltz_op, bgez_op, bltzl_op, bgezl_op,
443 	 * bltzal_op, bgezal_op, bltzall_op, bgezall_op.
444 	 */
445 	case bcond_op:
446 		switch (insn.i_format.rt) {
447 		case bltzl_op:
448 			if (NO_R6EMU)
449 				goto sigill_r2r6;
450 		case bltz_op:
451 			if ((long)regs->regs[insn.i_format.rs] < 0) {
452 				epc = epc + 4 + (insn.i_format.simmediate << 2);
453 				if (insn.i_format.rt == bltzl_op)
454 					ret = BRANCH_LIKELY_TAKEN;
455 			} else
456 				epc += 8;
457 			regs->cp0_epc = epc;
458 			break;
459 
460 		case bgezl_op:
461 			if (NO_R6EMU)
462 				goto sigill_r2r6;
463 		case bgez_op:
464 			if ((long)regs->regs[insn.i_format.rs] >= 0) {
465 				epc = epc + 4 + (insn.i_format.simmediate << 2);
466 				if (insn.i_format.rt == bgezl_op)
467 					ret = BRANCH_LIKELY_TAKEN;
468 			} else
469 				epc += 8;
470 			regs->cp0_epc = epc;
471 			break;
472 
473 		case bltzal_op:
474 		case bltzall_op:
475 			if (NO_R6EMU && (insn.i_format.rs ||
476 			    insn.i_format.rt == bltzall_op))
477 				goto sigill_r2r6;
478 			regs->regs[31] = epc + 8;
479 			/*
480 			 * OK we are here either because we hit a NAL
481 			 * instruction or because we are emulating an
482 			 * old bltzal{,l} one. Let's figure out what the
483 			 * case really is.
484 			 */
485 			if (!insn.i_format.rs) {
486 				/*
487 				 * NAL or BLTZAL with rs == 0
488 				 * Doesn't matter if we are R6 or not. The
489 				 * result is the same
490 				 */
491 				regs->cp0_epc += 4 +
492 					(insn.i_format.simmediate << 2);
493 				break;
494 			}
495 			/* Now do the real thing for non-R6 BLTZAL{,L} */
496 			if ((long)regs->regs[insn.i_format.rs] < 0) {
497 				epc = epc + 4 + (insn.i_format.simmediate << 2);
498 				if (insn.i_format.rt == bltzall_op)
499 					ret = BRANCH_LIKELY_TAKEN;
500 			} else
501 				epc += 8;
502 			regs->cp0_epc = epc;
503 			break;
504 
505 		case bgezal_op:
506 		case bgezall_op:
507 			if (NO_R6EMU && (insn.i_format.rs ||
508 			    insn.i_format.rt == bgezall_op))
509 				goto sigill_r2r6;
510 			regs->regs[31] = epc + 8;
511 			/*
512 			 * OK we are here either because we hit a BAL
513 			 * instruction or because we are emulating an
514 			 * old bgezal{,l} one. Let's figure out what the
515 			 * case really is.
516 			 */
517 			if (!insn.i_format.rs) {
518 				/*
519 				 * BAL or BGEZAL with rs == 0
520 				 * Doesn't matter if we are R6 or not. The
521 				 * result is the same
522 				 */
523 				regs->cp0_epc += 4 +
524 					(insn.i_format.simmediate << 2);
525 				break;
526 			}
527 			/* Now do the real thing for non-R6 BGEZAL{,L} */
528 			if ((long)regs->regs[insn.i_format.rs] >= 0) {
529 				epc = epc + 4 + (insn.i_format.simmediate << 2);
530 				if (insn.i_format.rt == bgezall_op)
531 					ret = BRANCH_LIKELY_TAKEN;
532 			} else
533 				epc += 8;
534 			regs->cp0_epc = epc;
535 			break;
536 
537 		case bposge32_op:
538 			if (!cpu_has_dsp)
539 				goto sigill_dsp;
540 
541 			dspcontrol = rddsp(0x01);
542 
543 			if (dspcontrol >= 32) {
544 				epc = epc + 4 + (insn.i_format.simmediate << 2);
545 			} else
546 				epc += 8;
547 			regs->cp0_epc = epc;
548 			break;
549 		}
550 		break;
551 
552 	/*
553 	 * These are unconditional and in j_format.
554 	 */
555 	case jalx_op:
556 	case jal_op:
557 		regs->regs[31] = regs->cp0_epc + 8;
558 	case j_op:
559 		epc += 4;
560 		epc >>= 28;
561 		epc <<= 28;
562 		epc |= (insn.j_format.target << 2);
563 		regs->cp0_epc = epc;
564 		if (insn.i_format.opcode == jalx_op)
565 			set_isa16_mode(regs->cp0_epc);
566 		break;
567 
568 	/*
569 	 * These are conditional and in i_format.
570 	 */
571 	case beql_op:
572 		if (NO_R6EMU)
573 			goto sigill_r2r6;
574 	case beq_op:
575 		if (regs->regs[insn.i_format.rs] ==
576 		    regs->regs[insn.i_format.rt]) {
577 			epc = epc + 4 + (insn.i_format.simmediate << 2);
578 			if (insn.i_format.opcode == beql_op)
579 				ret = BRANCH_LIKELY_TAKEN;
580 		} else
581 			epc += 8;
582 		regs->cp0_epc = epc;
583 		break;
584 
585 	case bnel_op:
586 		if (NO_R6EMU)
587 			goto sigill_r2r6;
588 	case bne_op:
589 		if (regs->regs[insn.i_format.rs] !=
590 		    regs->regs[insn.i_format.rt]) {
591 			epc = epc + 4 + (insn.i_format.simmediate << 2);
592 			if (insn.i_format.opcode == bnel_op)
593 				ret = BRANCH_LIKELY_TAKEN;
594 		} else
595 			epc += 8;
596 		regs->cp0_epc = epc;
597 		break;
598 
599 	case blezl_op: /* not really i_format */
600 		if (!insn.i_format.rt && NO_R6EMU)
601 			goto sigill_r2r6;
602 	case blez_op:
603 		/*
604 		 * Compact branches for R6 for the
605 		 * blez and blezl opcodes.
606 		 * BLEZ  | rs = 0 | rt != 0  == BLEZALC
607 		 * BLEZ  | rs = rt != 0      == BGEZALC
608 		 * BLEZ  | rs != 0 | rt != 0 == BGEUC
609 		 * BLEZL | rs = 0 | rt != 0  == BLEZC
610 		 * BLEZL | rs = rt != 0      == BGEZC
611 		 * BLEZL | rs != 0 | rt != 0 == BGEC
612 		 *
613 		 * For real BLEZ{,L}, rt is always 0.
614 		 */
615 
616 		if (cpu_has_mips_r6 && insn.i_format.rt) {
617 			if ((insn.i_format.opcode == blez_op) &&
618 			    ((!insn.i_format.rs && insn.i_format.rt) ||
619 			     (insn.i_format.rs == insn.i_format.rt)))
620 				regs->regs[31] = epc + 4;
621 			regs->cp0_epc += 8;
622 			break;
623 		}
624 		/* rt field assumed to be zero */
625 		if ((long)regs->regs[insn.i_format.rs] <= 0) {
626 			epc = epc + 4 + (insn.i_format.simmediate << 2);
627 			if (insn.i_format.opcode == blezl_op)
628 				ret = BRANCH_LIKELY_TAKEN;
629 		} else
630 			epc += 8;
631 		regs->cp0_epc = epc;
632 		break;
633 
634 	case bgtzl_op:
635 		if (!insn.i_format.rt && NO_R6EMU)
636 			goto sigill_r2r6;
637 	case bgtz_op:
638 		/*
639 		 * Compact branches for R6 for the
640 		 * bgtz and bgtzl opcodes.
641 		 * BGTZ  | rs = 0 | rt != 0  == BGTZALC
642 		 * BGTZ  | rs = rt != 0      == BLTZALC
643 		 * BGTZ  | rs != 0 | rt != 0 == BLTUC
644 		 * BGTZL | rs = 0 | rt != 0  == BGTZC
645 		 * BGTZL | rs = rt != 0      == BLTZC
646 		 * BGTZL | rs != 0 | rt != 0 == BLTC
647 		 *
648 		 * *ZALC varint for BGTZ &&& rt != 0
649 		 * For real GTZ{,L}, rt is always 0.
650 		 */
651 		if (cpu_has_mips_r6 && insn.i_format.rt) {
652 			if ((insn.i_format.opcode == blez_op) &&
653 			    ((!insn.i_format.rs && insn.i_format.rt) ||
654 			    (insn.i_format.rs == insn.i_format.rt)))
655 				regs->regs[31] = epc + 4;
656 			regs->cp0_epc += 8;
657 			break;
658 		}
659 
660 		/* rt field assumed to be zero */
661 		if ((long)regs->regs[insn.i_format.rs] > 0) {
662 			epc = epc + 4 + (insn.i_format.simmediate << 2);
663 			if (insn.i_format.opcode == bgtzl_op)
664 				ret = BRANCH_LIKELY_TAKEN;
665 		} else
666 			epc += 8;
667 		regs->cp0_epc = epc;
668 		break;
669 
670 	/*
671 	 * And now the FPA/cp1 branch instructions.
672 	 */
673 	case cop1_op:
674 		if (cpu_has_mips_r6 &&
675 		    ((insn.i_format.rs == bc1eqz_op) ||
676 		     (insn.i_format.rs == bc1nez_op))) {
677 			if (!used_math()) { /* First time FPU user */
678 				ret = init_fpu();
679 				if (ret && NO_R6EMU) {
680 					ret = -ret;
681 					break;
682 				}
683 				ret = 0;
684 				set_used_math();
685 			}
686 			lose_fpu(1);    /* Save FPU state for the emulator. */
687 			reg = insn.i_format.rt;
688 			bit = get_fpr32(&current->thread.fpu.fpr[reg], 0) & 0x1;
689 			if (insn.i_format.rs == bc1eqz_op)
690 				bit = !bit;
691 			own_fpu(1);
692 			if (bit)
693 				epc = epc + 4 +
694 					(insn.i_format.simmediate << 2);
695 			else
696 				epc += 8;
697 			regs->cp0_epc = epc;
698 
699 			break;
700 		} else {
701 
702 			preempt_disable();
703 			if (is_fpu_owner())
704 			        fcr31 = read_32bit_cp1_register(CP1_STATUS);
705 			else
706 				fcr31 = current->thread.fpu.fcr31;
707 			preempt_enable();
708 
709 			bit = (insn.i_format.rt >> 2);
710 			bit += (bit != 0);
711 			bit += 23;
712 			switch (insn.i_format.rt & 3) {
713 			case 0: /* bc1f */
714 			case 2: /* bc1fl */
715 				if (~fcr31 & (1 << bit)) {
716 					epc = epc + 4 +
717 						(insn.i_format.simmediate << 2);
718 					if (insn.i_format.rt == 2)
719 						ret = BRANCH_LIKELY_TAKEN;
720 				} else
721 					epc += 8;
722 				regs->cp0_epc = epc;
723 				break;
724 
725 			case 1: /* bc1t */
726 			case 3: /* bc1tl */
727 				if (fcr31 & (1 << bit)) {
728 					epc = epc + 4 +
729 						(insn.i_format.simmediate << 2);
730 					if (insn.i_format.rt == 3)
731 						ret = BRANCH_LIKELY_TAKEN;
732 				} else
733 					epc += 8;
734 				regs->cp0_epc = epc;
735 				break;
736 			}
737 			break;
738 		}
739 #ifdef CONFIG_CPU_CAVIUM_OCTEON
740 	case lwc2_op: /* This is bbit0 on Octeon */
741 		if ((regs->regs[insn.i_format.rs] & (1ull<<insn.i_format.rt))
742 		     == 0)
743 			epc = epc + 4 + (insn.i_format.simmediate << 2);
744 		else
745 			epc += 8;
746 		regs->cp0_epc = epc;
747 		break;
748 	case ldc2_op: /* This is bbit032 on Octeon */
749 		if ((regs->regs[insn.i_format.rs] &
750 		    (1ull<<(insn.i_format.rt+32))) == 0)
751 			epc = epc + 4 + (insn.i_format.simmediate << 2);
752 		else
753 			epc += 8;
754 		regs->cp0_epc = epc;
755 		break;
756 	case swc2_op: /* This is bbit1 on Octeon */
757 		if (regs->regs[insn.i_format.rs] & (1ull<<insn.i_format.rt))
758 			epc = epc + 4 + (insn.i_format.simmediate << 2);
759 		else
760 			epc += 8;
761 		regs->cp0_epc = epc;
762 		break;
763 	case sdc2_op: /* This is bbit132 on Octeon */
764 		if (regs->regs[insn.i_format.rs] &
765 		    (1ull<<(insn.i_format.rt+32)))
766 			epc = epc + 4 + (insn.i_format.simmediate << 2);
767 		else
768 			epc += 8;
769 		regs->cp0_epc = epc;
770 		break;
771 #else
772 	case bc6_op:
773 		/* Only valid for MIPS R6 */
774 		if (!cpu_has_mips_r6)
775 			goto sigill_r6;
776 		regs->cp0_epc += 8;
777 		break;
778 	case balc6_op:
779 		if (!cpu_has_mips_r6)
780 			goto sigill_r6;
781 		/* Compact branch: BALC */
782 		regs->regs[31] = epc + 4;
783 		epc += 4 + (insn.i_format.simmediate << 2);
784 		regs->cp0_epc = epc;
785 		break;
786 	case pop66_op:
787 		if (!cpu_has_mips_r6)
788 			goto sigill_r6;
789 		/* Compact branch: BEQZC || JIC */
790 		regs->cp0_epc += 8;
791 		break;
792 	case pop76_op:
793 		if (!cpu_has_mips_r6)
794 			goto sigill_r6;
795 		/* Compact branch: BNEZC || JIALC */
796 		if (!insn.i_format.rs) {
797 			/* JIALC: set $31/ra */
798 			regs->regs[31] = epc + 4;
799 		}
800 		regs->cp0_epc += 8;
801 		break;
802 #endif
803 	case pop10_op:
804 	case pop30_op:
805 		/* Only valid for MIPS R6 */
806 		if (!cpu_has_mips_r6)
807 			goto sigill_r6;
808 		/*
809 		 * Compact branches:
810 		 * bovc, beqc, beqzalc, bnvc, bnec, bnezlac
811 		 */
812 		if (insn.i_format.rt && !insn.i_format.rs)
813 			regs->regs[31] = epc + 4;
814 		regs->cp0_epc += 8;
815 		break;
816 	}
817 
818 	return ret;
819 
820 sigill_dsp:
821 	pr_debug("%s: DSP branch but not DSP ASE - sending SIGILL.\n",
822 		 current->comm);
823 	force_sig(SIGILL, current);
824 	return -EFAULT;
825 sigill_r2r6:
826 	pr_debug("%s: R2 branch but r2-to-r6 emulator is not present - sending SIGILL.\n",
827 		 current->comm);
828 	force_sig(SIGILL, current);
829 	return -EFAULT;
830 sigill_r6:
831 	pr_debug("%s: R6 branch but no MIPSr6 ISA support - sending SIGILL.\n",
832 		 current->comm);
833 	force_sig(SIGILL, current);
834 	return -EFAULT;
835 }
836 EXPORT_SYMBOL_GPL(__compute_return_epc_for_insn);
837 
__compute_return_epc(struct pt_regs * regs)838 int __compute_return_epc(struct pt_regs *regs)
839 {
840 	unsigned int __user *addr;
841 	long epc;
842 	union mips_instruction insn;
843 
844 	epc = regs->cp0_epc;
845 	if (epc & 3)
846 		goto unaligned;
847 
848 	/*
849 	 * Read the instruction
850 	 */
851 	addr = (unsigned int __user *) epc;
852 	if (__get_user(insn.word, addr)) {
853 		force_sig(SIGSEGV, current);
854 		return -EFAULT;
855 	}
856 
857 	return __compute_return_epc_for_insn(regs, insn);
858 
859 unaligned:
860 	printk("%s: unaligned epc - sending SIGBUS.\n", current->comm);
861 	force_sig(SIGBUS, current);
862 	return -EFAULT;
863 }
864 
865 #if (defined CONFIG_KPROBES) || (defined CONFIG_UPROBES)
866 
__insn_is_compact_branch(union mips_instruction insn)867 int __insn_is_compact_branch(union mips_instruction insn)
868 {
869 	if (!cpu_has_mips_r6)
870 		return 0;
871 
872 	switch (insn.i_format.opcode) {
873 	case blezl_op:
874 	case bgtzl_op:
875 	case blez_op:
876 	case bgtz_op:
877 		/*
878 		 * blez[l] and bgtz[l] opcodes with non-zero rt
879 		 * are MIPS R6 compact branches
880 		 */
881 		if (insn.i_format.rt)
882 			return 1;
883 		break;
884 	case bc6_op:
885 	case balc6_op:
886 	case pop10_op:
887 	case pop30_op:
888 	case pop66_op:
889 	case pop76_op:
890 		return 1;
891 	}
892 
893 	return 0;
894 }
895 EXPORT_SYMBOL_GPL(__insn_is_compact_branch);
896 
897 #endif  /* CONFIG_KPROBES || CONFIG_UPROBES */
898