linux/arch/mips/kernel/branch.c
<<
>>
Prefs
   1/*
   2 * This file is subject to the terms and conditions of the GNU General Public
   3 * License.  See the file "COPYING" in the main directory of this archive
   4 * for more details.
   5 *
   6 * Copyright (C) 1996, 97, 2000, 2001 by Ralf Baechle
   7 * Copyright (C) 2001 MIPS Technologies, Inc.
   8 */
   9#include <linux/kernel.h>
  10#include <linux/sched/signal.h>
  11#include <linux/signal.h>
  12#include <linux/export.h>
  13#include <asm/branch.h>
  14#include <asm/cpu.h>
  15#include <asm/cpu-features.h>
  16#include <asm/fpu.h>
  17#include <asm/fpu_emulator.h>
  18#include <asm/inst.h>
  19#include <asm/mips-r2-to-r6-emul.h>
  20#include <asm/ptrace.h>
  21#include <linux/uaccess.h>
  22
  23#include "probes-common.h"
  24
  25/*
  26 * Calculate and return exception PC in case of branch delay slot
  27 * for microMIPS and MIPS16e. It does not clear the ISA mode bit.
  28 */
  29int __isa_exception_epc(struct pt_regs *regs)
  30{
  31        unsigned short inst;
  32        long epc = regs->cp0_epc;
  33
  34        /* Calculate exception PC in branch delay slot. */
  35        if (__get_user(inst, (u16 __user *) msk_isa16_mode(epc))) {
  36                /* This should never happen because delay slot was checked. */
  37                force_sig(SIGSEGV);
  38                return epc;
  39        }
  40        if (cpu_has_mips16) {
  41                union mips16e_instruction inst_mips16e;
  42
  43                inst_mips16e.full = inst;
  44                if (inst_mips16e.ri.opcode == MIPS16e_jal_op)
  45                        epc += 4;
  46                else
  47                        epc += 2;
  48        } else if (mm_insn_16bit(inst))
  49                epc += 2;
  50        else
  51                epc += 4;
  52
  53        return epc;
  54}
  55
  56/* (microMIPS) Convert 16-bit register encoding to 32-bit register encoding. */
  57static const unsigned int reg16to32map[8] = {16, 17, 2, 3, 4, 5, 6, 7};
  58
  59int __mm_isBranchInstr(struct pt_regs *regs, struct mm_decoded_insn dec_insn,
  60                       unsigned long *contpc)
  61{
  62        union mips_instruction insn = (union mips_instruction)dec_insn.insn;
  63        int __maybe_unused bc_false = 0;
  64
  65        if (!cpu_has_mmips)
  66                return 0;
  67
  68        switch (insn.mm_i_format.opcode) {
  69        case mm_pool32a_op:
  70                if ((insn.mm_i_format.simmediate & MM_POOL32A_MINOR_MASK) ==
  71                    mm_pool32axf_op) {
  72                        switch (insn.mm_i_format.simmediate >>
  73                                MM_POOL32A_MINOR_SHIFT) {
  74                        case mm_jalr_op:
  75                        case mm_jalrhb_op:
  76                        case mm_jalrs_op:
  77                        case mm_jalrshb_op:
  78                                if (insn.mm_i_format.rt != 0)   /* Not mm_jr */
  79                                        regs->regs[insn.mm_i_format.rt] =
  80                                                regs->cp0_epc +
  81                                                dec_insn.pc_inc +
  82                                                dec_insn.next_pc_inc;
  83                                *contpc = regs->regs[insn.mm_i_format.rs];
  84                                return 1;
  85                        }
  86                }
  87                break;
  88        case mm_pool32i_op:
  89                switch (insn.mm_i_format.rt) {
  90                case mm_bltzals_op:
  91                case mm_bltzal_op:
  92                        regs->regs[31] = regs->cp0_epc +
  93                                dec_insn.pc_inc +
  94                                dec_insn.next_pc_inc;
  95                        fallthrough;
  96                case mm_bltz_op:
  97                        if ((long)regs->regs[insn.mm_i_format.rs] < 0)
  98                                *contpc = regs->cp0_epc +
  99                                        dec_insn.pc_inc +
 100                                        (insn.mm_i_format.simmediate << 1);
 101                        else
 102                                *contpc = regs->cp0_epc +
 103                                        dec_insn.pc_inc +
 104                                        dec_insn.next_pc_inc;
 105                        return 1;
 106                case mm_bgezals_op:
 107                case mm_bgezal_op:
 108                        regs->regs[31] = regs->cp0_epc +
 109                                        dec_insn.pc_inc +
 110                                        dec_insn.next_pc_inc;
 111                        fallthrough;
 112                case mm_bgez_op:
 113                        if ((long)regs->regs[insn.mm_i_format.rs] >= 0)
 114                                *contpc = regs->cp0_epc +
 115                                        dec_insn.pc_inc +
 116                                        (insn.mm_i_format.simmediate << 1);
 117                        else
 118                                *contpc = regs->cp0_epc +
 119                                        dec_insn.pc_inc +
 120                                        dec_insn.next_pc_inc;
 121                        return 1;
 122                case mm_blez_op:
 123                        if ((long)regs->regs[insn.mm_i_format.rs] <= 0)
 124                                *contpc = regs->cp0_epc +
 125                                        dec_insn.pc_inc +
 126                                        (insn.mm_i_format.simmediate << 1);
 127                        else
 128                                *contpc = regs->cp0_epc +
 129                                        dec_insn.pc_inc +
 130                                        dec_insn.next_pc_inc;
 131                        return 1;
 132                case mm_bgtz_op:
 133                        if ((long)regs->regs[insn.mm_i_format.rs] <= 0)
 134                                *contpc = regs->cp0_epc +
 135                                        dec_insn.pc_inc +
 136                                        (insn.mm_i_format.simmediate << 1);
 137                        else
 138                                *contpc = regs->cp0_epc +
 139                                        dec_insn.pc_inc +
 140                                        dec_insn.next_pc_inc;
 141                        return 1;
 142#ifdef CONFIG_MIPS_FP_SUPPORT
 143                case mm_bc2f_op:
 144                case mm_bc1f_op: {
 145                        unsigned int fcr31;
 146                        unsigned int bit;
 147
 148                        bc_false = 1;
 149                        fallthrough;
 150                case mm_bc2t_op:
 151                case mm_bc1t_op:
 152                        preempt_disable();
 153                        if (is_fpu_owner())
 154                                fcr31 = read_32bit_cp1_register(CP1_STATUS);
 155                        else
 156                                fcr31 = current->thread.fpu.fcr31;
 157                        preempt_enable();
 158
 159                        if (bc_false)
 160                                fcr31 = ~fcr31;
 161
 162                        bit = (insn.mm_i_format.rs >> 2);
 163                        bit += (bit != 0);
 164                        bit += 23;
 165                        if (fcr31 & (1 << bit))
 166                                *contpc = regs->cp0_epc +
 167                                        dec_insn.pc_inc +
 168                                        (insn.mm_i_format.simmediate << 1);
 169                        else
 170                                *contpc = regs->cp0_epc +
 171                                        dec_insn.pc_inc + dec_insn.next_pc_inc;
 172                        return 1;
 173                }
 174#endif /* CONFIG_MIPS_FP_SUPPORT */
 175                }
 176                break;
 177        case mm_pool16c_op:
 178                switch (insn.mm_i_format.rt) {
 179                case mm_jalr16_op:
 180                case mm_jalrs16_op:
 181                        regs->regs[31] = regs->cp0_epc +
 182                                dec_insn.pc_inc + dec_insn.next_pc_inc;
 183                        fallthrough;
 184                case mm_jr16_op:
 185                        *contpc = regs->regs[insn.mm_i_format.rs];
 186                        return 1;
 187                }
 188                break;
 189        case mm_beqz16_op:
 190                if ((long)regs->regs[reg16to32map[insn.mm_b1_format.rs]] == 0)
 191                        *contpc = regs->cp0_epc +
 192                                dec_insn.pc_inc +
 193                                (insn.mm_b1_format.simmediate << 1);
 194                else
 195                        *contpc = regs->cp0_epc +
 196                                dec_insn.pc_inc + dec_insn.next_pc_inc;
 197                return 1;
 198        case mm_bnez16_op:
 199                if ((long)regs->regs[reg16to32map[insn.mm_b1_format.rs]] != 0)
 200                        *contpc = regs->cp0_epc +
 201                                dec_insn.pc_inc +
 202                                (insn.mm_b1_format.simmediate << 1);
 203                else
 204                        *contpc = regs->cp0_epc +
 205                                dec_insn.pc_inc + dec_insn.next_pc_inc;
 206                return 1;
 207        case mm_b16_op:
 208                *contpc = regs->cp0_epc + dec_insn.pc_inc +
 209                         (insn.mm_b0_format.simmediate << 1);
 210                return 1;
 211        case mm_beq32_op:
 212                if (regs->regs[insn.mm_i_format.rs] ==
 213                    regs->regs[insn.mm_i_format.rt])
 214                        *contpc = regs->cp0_epc +
 215                                dec_insn.pc_inc +
 216                                (insn.mm_i_format.simmediate << 1);
 217                else
 218                        *contpc = regs->cp0_epc +
 219                                dec_insn.pc_inc +
 220                                dec_insn.next_pc_inc;
 221                return 1;
 222        case mm_bne32_op:
 223                if (regs->regs[insn.mm_i_format.rs] !=
 224                    regs->regs[insn.mm_i_format.rt])
 225                        *contpc = regs->cp0_epc +
 226                                dec_insn.pc_inc +
 227                                (insn.mm_i_format.simmediate << 1);
 228                else
 229                        *contpc = regs->cp0_epc +
 230                                dec_insn.pc_inc + dec_insn.next_pc_inc;
 231                return 1;
 232        case mm_jalx32_op:
 233                regs->regs[31] = regs->cp0_epc +
 234                        dec_insn.pc_inc + dec_insn.next_pc_inc;
 235                *contpc = regs->cp0_epc + dec_insn.pc_inc;
 236                *contpc >>= 28;
 237                *contpc <<= 28;
 238                *contpc |= (insn.j_format.target << 2);
 239                return 1;
 240        case mm_jals32_op:
 241        case mm_jal32_op:
 242                regs->regs[31] = regs->cp0_epc +
 243                        dec_insn.pc_inc + dec_insn.next_pc_inc;
 244                fallthrough;
 245        case mm_j32_op:
 246                *contpc = regs->cp0_epc + dec_insn.pc_inc;
 247                *contpc >>= 27;
 248                *contpc <<= 27;
 249                *contpc |= (insn.j_format.target << 1);
 250                set_isa16_mode(*contpc);
 251                return 1;
 252        }
 253        return 0;
 254}
 255
 256/*
 257 * Compute return address and emulate branch in microMIPS mode after an
 258 * exception only. It does not handle compact branches/jumps and cannot
 259 * be used in interrupt context. (Compact branches/jumps do not cause
 260 * exceptions.)
 261 */
 262int __microMIPS_compute_return_epc(struct pt_regs *regs)
 263{
 264        u16 __user *pc16;
 265        u16 halfword;
 266        unsigned int word;
 267        unsigned long contpc;
 268        struct mm_decoded_insn mminsn = { 0 };
 269
 270        mminsn.micro_mips_mode = 1;
 271
 272        /* This load never faults. */
 273        pc16 = (unsigned short __user *)msk_isa16_mode(regs->cp0_epc);
 274        __get_user(halfword, pc16);
 275        pc16++;
 276        contpc = regs->cp0_epc + 2;
 277        word = ((unsigned int)halfword << 16);
 278        mminsn.pc_inc = 2;
 279
 280        if (!mm_insn_16bit(halfword)) {
 281                __get_user(halfword, pc16);
 282                pc16++;
 283                contpc = regs->cp0_epc + 4;
 284                mminsn.pc_inc = 4;
 285                word |= halfword;
 286        }
 287        mminsn.insn = word;
 288
 289        if (get_user(halfword, pc16))
 290                goto sigsegv;
 291        mminsn.next_pc_inc = 2;
 292        word = ((unsigned int)halfword << 16);
 293
 294        if (!mm_insn_16bit(halfword)) {
 295                pc16++;
 296                if (get_user(halfword, pc16))
 297                        goto sigsegv;
 298                mminsn.next_pc_inc = 4;
 299                word |= halfword;
 300        }
 301        mminsn.next_insn = word;
 302
 303        mm_isBranchInstr(regs, mminsn, &contpc);
 304
 305        regs->cp0_epc = contpc;
 306
 307        return 0;
 308
 309sigsegv:
 310        force_sig(SIGSEGV);
 311        return -EFAULT;
 312}
 313
 314/*
 315 * Compute return address and emulate branch in MIPS16e mode after an
 316 * exception only. It does not handle compact branches/jumps and cannot
 317 * be used in interrupt context. (Compact branches/jumps do not cause
 318 * exceptions.)
 319 */
 320int __MIPS16e_compute_return_epc(struct pt_regs *regs)
 321{
 322        u16 __user *addr;
 323        union mips16e_instruction inst;
 324        u16 inst2;
 325        u32 fullinst;
 326        long epc;
 327
 328        epc = regs->cp0_epc;
 329
 330        /* Read the instruction. */
 331        addr = (u16 __user *)msk_isa16_mode(epc);
 332        if (__get_user(inst.full, addr)) {
 333                force_sig(SIGSEGV);
 334                return -EFAULT;
 335        }
 336
 337        switch (inst.ri.opcode) {
 338        case MIPS16e_extend_op:
 339                regs->cp0_epc += 4;
 340                return 0;
 341
 342                /*
 343                 *  JAL and JALX in MIPS16e mode
 344                 */
 345        case MIPS16e_jal_op:
 346                addr += 1;
 347                if (__get_user(inst2, addr)) {
 348                        force_sig(SIGSEGV);
 349                        return -EFAULT;
 350                }
 351                fullinst = ((unsigned)inst.full << 16) | inst2;
 352                regs->regs[31] = epc + 6;
 353                epc += 4;
 354                epc >>= 28;
 355                epc <<= 28;
 356                /*
 357                 * JAL:5 X:1 TARGET[20-16]:5 TARGET[25:21]:5 TARGET[15:0]:16
 358                 *
 359                 * ......TARGET[15:0].................TARGET[20:16]...........
 360                 * ......TARGET[25:21]
 361                 */
 362                epc |=
 363                    ((fullinst & 0xffff) << 2) | ((fullinst & 0x3e00000) >> 3) |
 364                    ((fullinst & 0x1f0000) << 7);
 365                if (!inst.jal.x)
 366                        set_isa16_mode(epc);    /* Set ISA mode bit. */
 367                regs->cp0_epc = epc;
 368                return 0;
 369
 370                /*
 371                 *  J(AL)R(C)
 372                 */
 373        case MIPS16e_rr_op:
 374                if (inst.rr.func == MIPS16e_jr_func) {
 375
 376                        if (inst.rr.ra)
 377                                regs->cp0_epc = regs->regs[31];
 378                        else
 379                                regs->cp0_epc =
 380                                    regs->regs[reg16to32[inst.rr.rx]];
 381
 382                        if (inst.rr.l) {
 383                                if (inst.rr.nd)
 384                                        regs->regs[31] = epc + 2;
 385                                else
 386                                        regs->regs[31] = epc + 4;
 387                        }
 388                        return 0;
 389                }
 390                break;
 391        }
 392
 393        /*
 394         * All other cases have no branch delay slot and are 16-bits.
 395         * Branches do not cause an exception.
 396         */
 397        regs->cp0_epc += 2;
 398
 399        return 0;
 400}
 401
 402/**
 403 * __compute_return_epc_for_insn - Computes the return address and do emulate
 404 *                                  branch simulation, if required.
 405 *
 406 * @regs:       Pointer to pt_regs
 407 * @insn:       branch instruction to decode
 408 * Return:      -EFAULT on error and forces SIGILL, and on success
 409 *              returns 0 or BRANCH_LIKELY_TAKEN as appropriate after
 410 *              evaluating the branch.
 411 *
 412 * MIPS R6 Compact branches and forbidden slots:
 413 *      Compact branches do not throw exceptions because they do
 414 *      not have delay slots. The forbidden slot instruction ($PC+4)
 415 *      is only executed if the branch was not taken. Otherwise the
 416 *      forbidden slot is skipped entirely. This means that the
 417 *      only possible reason to be here because of a MIPS R6 compact
 418 *      branch instruction is that the forbidden slot has thrown one.
 419 *      In that case the branch was not taken, so the EPC can be safely
 420 *      set to EPC + 8.
 421 */
 422int __compute_return_epc_for_insn(struct pt_regs *regs,
 423                                   union mips_instruction insn)
 424{
 425        long epc = regs->cp0_epc;
 426        unsigned int dspcontrol;
 427        int ret = 0;
 428
 429        switch (insn.i_format.opcode) {
 430        /*
 431         * jr and jalr are in r_format format.
 432         */
 433        case spec_op:
 434                switch (insn.r_format.func) {
 435                case jalr_op:
 436                        regs->regs[insn.r_format.rd] = epc + 8;
 437                        fallthrough;
 438                case jr_op:
 439                        if (NO_R6EMU && insn.r_format.func == jr_op)
 440                                goto sigill_r2r6;
 441                        regs->cp0_epc = regs->regs[insn.r_format.rs];
 442                        break;
 443                }
 444                break;
 445
 446        /*
 447         * This group contains:
 448         * bltz_op, bgez_op, bltzl_op, bgezl_op,
 449         * bltzal_op, bgezal_op, bltzall_op, bgezall_op.
 450         */
 451        case bcond_op:
 452                switch (insn.i_format.rt) {
 453                case bltzl_op:
 454                        if (NO_R6EMU)
 455                                goto sigill_r2r6;
 456                        fallthrough;
 457                case bltz_op:
 458                        if ((long)regs->regs[insn.i_format.rs] < 0) {
 459                                epc = epc + 4 + (insn.i_format.simmediate << 2);
 460                                if (insn.i_format.rt == bltzl_op)
 461                                        ret = BRANCH_LIKELY_TAKEN;
 462                        } else
 463                                epc += 8;
 464                        regs->cp0_epc = epc;
 465                        break;
 466
 467                case bgezl_op:
 468                        if (NO_R6EMU)
 469                                goto sigill_r2r6;
 470                        fallthrough;
 471                case bgez_op:
 472                        if ((long)regs->regs[insn.i_format.rs] >= 0) {
 473                                epc = epc + 4 + (insn.i_format.simmediate << 2);
 474                                if (insn.i_format.rt == bgezl_op)
 475                                        ret = BRANCH_LIKELY_TAKEN;
 476                        } else
 477                                epc += 8;
 478                        regs->cp0_epc = epc;
 479                        break;
 480
 481                case bltzal_op:
 482                case bltzall_op:
 483                        if (NO_R6EMU && (insn.i_format.rs ||
 484                            insn.i_format.rt == bltzall_op))
 485                                goto sigill_r2r6;
 486                        regs->regs[31] = epc + 8;
 487                        /*
 488                         * OK we are here either because we hit a NAL
 489                         * instruction or because we are emulating an
 490                         * old bltzal{,l} one. Let's figure out what the
 491                         * case really is.
 492                         */
 493                        if (!insn.i_format.rs) {
 494                                /*
 495                                 * NAL or BLTZAL with rs == 0
 496                                 * Doesn't matter if we are R6 or not. The
 497                                 * result is the same
 498                                 */
 499                                regs->cp0_epc += 4 +
 500                                        (insn.i_format.simmediate << 2);
 501                                break;
 502                        }
 503                        /* Now do the real thing for non-R6 BLTZAL{,L} */
 504                        if ((long)regs->regs[insn.i_format.rs] < 0) {
 505                                epc = epc + 4 + (insn.i_format.simmediate << 2);
 506                                if (insn.i_format.rt == bltzall_op)
 507                                        ret = BRANCH_LIKELY_TAKEN;
 508                        } else
 509                                epc += 8;
 510                        regs->cp0_epc = epc;
 511                        break;
 512
 513                case bgezal_op:
 514                case bgezall_op:
 515                        if (NO_R6EMU && (insn.i_format.rs ||
 516                            insn.i_format.rt == bgezall_op))
 517                                goto sigill_r2r6;
 518                        regs->regs[31] = epc + 8;
 519                        /*
 520                         * OK we are here either because we hit a BAL
 521                         * instruction or because we are emulating an
 522                         * old bgezal{,l} one. Let's figure out what the
 523                         * case really is.
 524                         */
 525                        if (!insn.i_format.rs) {
 526                                /*
 527                                 * BAL or BGEZAL with rs == 0
 528                                 * Doesn't matter if we are R6 or not. The
 529                                 * result is the same
 530                                 */
 531                                regs->cp0_epc += 4 +
 532                                        (insn.i_format.simmediate << 2);
 533                                break;
 534                        }
 535                        /* Now do the real thing for non-R6 BGEZAL{,L} */
 536                        if ((long)regs->regs[insn.i_format.rs] >= 0) {
 537                                epc = epc + 4 + (insn.i_format.simmediate << 2);
 538                                if (insn.i_format.rt == bgezall_op)
 539                                        ret = BRANCH_LIKELY_TAKEN;
 540                        } else
 541                                epc += 8;
 542                        regs->cp0_epc = epc;
 543                        break;
 544
 545                case bposge32_op:
 546                        if (!cpu_has_dsp)
 547                                goto sigill_dsp;
 548
 549                        dspcontrol = rddsp(0x01);
 550
 551                        if (dspcontrol >= 32) {
 552                                epc = epc + 4 + (insn.i_format.simmediate << 2);
 553                        } else
 554                                epc += 8;
 555                        regs->cp0_epc = epc;
 556                        break;
 557                }
 558                break;
 559
 560        /*
 561         * These are unconditional and in j_format.
 562         */
 563        case jalx_op:
 564        case jal_op:
 565                regs->regs[31] = regs->cp0_epc + 8;
 566                fallthrough;
 567        case j_op:
 568                epc += 4;
 569                epc >>= 28;
 570                epc <<= 28;
 571                epc |= (insn.j_format.target << 2);
 572                regs->cp0_epc = epc;
 573                if (insn.i_format.opcode == jalx_op)
 574                        set_isa16_mode(regs->cp0_epc);
 575                break;
 576
 577        /*
 578         * These are conditional and in i_format.
 579         */
 580        case beql_op:
 581                if (NO_R6EMU)
 582                        goto sigill_r2r6;
 583                fallthrough;
 584        case beq_op:
 585                if (regs->regs[insn.i_format.rs] ==
 586                    regs->regs[insn.i_format.rt]) {
 587                        epc = epc + 4 + (insn.i_format.simmediate << 2);
 588                        if (insn.i_format.opcode == beql_op)
 589                                ret = BRANCH_LIKELY_TAKEN;
 590                } else
 591                        epc += 8;
 592                regs->cp0_epc = epc;
 593                break;
 594
 595        case bnel_op:
 596                if (NO_R6EMU)
 597                        goto sigill_r2r6;
 598                fallthrough;
 599        case bne_op:
 600                if (regs->regs[insn.i_format.rs] !=
 601                    regs->regs[insn.i_format.rt]) {
 602                        epc = epc + 4 + (insn.i_format.simmediate << 2);
 603                        if (insn.i_format.opcode == bnel_op)
 604                                ret = BRANCH_LIKELY_TAKEN;
 605                } else
 606                        epc += 8;
 607                regs->cp0_epc = epc;
 608                break;
 609
 610        case blezl_op: /* not really i_format */
 611                if (!insn.i_format.rt && NO_R6EMU)
 612                        goto sigill_r2r6;
 613                fallthrough;
 614        case blez_op:
 615                /*
 616                 * Compact branches for R6 for the
 617                 * blez and blezl opcodes.
 618                 * BLEZ  | rs = 0 | rt != 0  == BLEZALC
 619                 * BLEZ  | rs = rt != 0      == BGEZALC
 620                 * BLEZ  | rs != 0 | rt != 0 == BGEUC
 621                 * BLEZL | rs = 0 | rt != 0  == BLEZC
 622                 * BLEZL | rs = rt != 0      == BGEZC
 623                 * BLEZL | rs != 0 | rt != 0 == BGEC
 624                 *
 625                 * For real BLEZ{,L}, rt is always 0.
 626                 */
 627
 628                if (cpu_has_mips_r6 && insn.i_format.rt) {
 629                        if ((insn.i_format.opcode == blez_op) &&
 630                            ((!insn.i_format.rs && insn.i_format.rt) ||
 631                             (insn.i_format.rs == insn.i_format.rt)))
 632                                regs->regs[31] = epc + 4;
 633                        regs->cp0_epc += 8;
 634                        break;
 635                }
 636                /* rt field assumed to be zero */
 637                if ((long)regs->regs[insn.i_format.rs] <= 0) {
 638                        epc = epc + 4 + (insn.i_format.simmediate << 2);
 639                        if (insn.i_format.opcode == blezl_op)
 640                                ret = BRANCH_LIKELY_TAKEN;
 641                } else
 642                        epc += 8;
 643                regs->cp0_epc = epc;
 644                break;
 645
 646        case bgtzl_op:
 647                if (!insn.i_format.rt && NO_R6EMU)
 648                        goto sigill_r2r6;
 649                fallthrough;
 650        case bgtz_op:
 651                /*
 652                 * Compact branches for R6 for the
 653                 * bgtz and bgtzl opcodes.
 654                 * BGTZ  | rs = 0 | rt != 0  == BGTZALC
 655                 * BGTZ  | rs = rt != 0      == BLTZALC
 656                 * BGTZ  | rs != 0 | rt != 0 == BLTUC
 657                 * BGTZL | rs = 0 | rt != 0  == BGTZC
 658                 * BGTZL | rs = rt != 0      == BLTZC
 659                 * BGTZL | rs != 0 | rt != 0 == BLTC
 660                 *
 661                 * *ZALC varint for BGTZ &&& rt != 0
 662                 * For real GTZ{,L}, rt is always 0.
 663                 */
 664                if (cpu_has_mips_r6 && insn.i_format.rt) {
 665                        if ((insn.i_format.opcode == blez_op) &&
 666                            ((!insn.i_format.rs && insn.i_format.rt) ||
 667                            (insn.i_format.rs == insn.i_format.rt)))
 668                                regs->regs[31] = epc + 4;
 669                        regs->cp0_epc += 8;
 670                        break;
 671                }
 672
 673                /* rt field assumed to be zero */
 674                if ((long)regs->regs[insn.i_format.rs] > 0) {
 675                        epc = epc + 4 + (insn.i_format.simmediate << 2);
 676                        if (insn.i_format.opcode == bgtzl_op)
 677                                ret = BRANCH_LIKELY_TAKEN;
 678                } else
 679                        epc += 8;
 680                regs->cp0_epc = epc;
 681                break;
 682
 683#ifdef CONFIG_MIPS_FP_SUPPORT
 684        /*
 685         * And now the FPA/cp1 branch instructions.
 686         */
 687        case cop1_op: {
 688                unsigned int bit, fcr31, reg;
 689
 690                if (cpu_has_mips_r6 &&
 691                    ((insn.i_format.rs == bc1eqz_op) ||
 692                     (insn.i_format.rs == bc1nez_op))) {
 693                        if (!init_fp_ctx(current))
 694                                lose_fpu(1);
 695                        reg = insn.i_format.rt;
 696                        bit = get_fpr32(&current->thread.fpu.fpr[reg], 0) & 0x1;
 697                        if (insn.i_format.rs == bc1eqz_op)
 698                                bit = !bit;
 699                        own_fpu(1);
 700                        if (bit)
 701                                epc = epc + 4 +
 702                                        (insn.i_format.simmediate << 2);
 703                        else
 704                                epc += 8;
 705                        regs->cp0_epc = epc;
 706
 707                        break;
 708                } else {
 709
 710                        preempt_disable();
 711                        if (is_fpu_owner())
 712                                fcr31 = read_32bit_cp1_register(CP1_STATUS);
 713                        else
 714                                fcr31 = current->thread.fpu.fcr31;
 715                        preempt_enable();
 716
 717                        bit = (insn.i_format.rt >> 2);
 718                        bit += (bit != 0);
 719                        bit += 23;
 720                        switch (insn.i_format.rt & 3) {
 721                        case 0: /* bc1f */
 722                        case 2: /* bc1fl */
 723                                if (~fcr31 & (1 << bit)) {
 724                                        epc = epc + 4 +
 725                                                (insn.i_format.simmediate << 2);
 726                                        if (insn.i_format.rt == 2)
 727                                                ret = BRANCH_LIKELY_TAKEN;
 728                                } else
 729                                        epc += 8;
 730                                regs->cp0_epc = epc;
 731                                break;
 732
 733                        case 1: /* bc1t */
 734                        case 3: /* bc1tl */
 735                                if (fcr31 & (1 << bit)) {
 736                                        epc = epc + 4 +
 737                                                (insn.i_format.simmediate << 2);
 738                                        if (insn.i_format.rt == 3)
 739                                                ret = BRANCH_LIKELY_TAKEN;
 740                                } else
 741                                        epc += 8;
 742                                regs->cp0_epc = epc;
 743                                break;
 744                        }
 745                        break;
 746                }
 747        }
 748#endif /* CONFIG_MIPS_FP_SUPPORT */
 749
 750#ifdef CONFIG_CPU_CAVIUM_OCTEON
 751        case lwc2_op: /* This is bbit0 on Octeon */
 752                if ((regs->regs[insn.i_format.rs] & (1ull<<insn.i_format.rt))
 753                     == 0)
 754                        epc = epc + 4 + (insn.i_format.simmediate << 2);
 755                else
 756                        epc += 8;
 757                regs->cp0_epc = epc;
 758                break;
 759        case ldc2_op: /* This is bbit032 on Octeon */
 760                if ((regs->regs[insn.i_format.rs] &
 761                    (1ull<<(insn.i_format.rt+32))) == 0)
 762                        epc = epc + 4 + (insn.i_format.simmediate << 2);
 763                else
 764                        epc += 8;
 765                regs->cp0_epc = epc;
 766                break;
 767        case swc2_op: /* This is bbit1 on Octeon */
 768                if (regs->regs[insn.i_format.rs] & (1ull<<insn.i_format.rt))
 769                        epc = epc + 4 + (insn.i_format.simmediate << 2);
 770                else
 771                        epc += 8;
 772                regs->cp0_epc = epc;
 773                break;
 774        case sdc2_op: /* This is bbit132 on Octeon */
 775                if (regs->regs[insn.i_format.rs] &
 776                    (1ull<<(insn.i_format.rt+32)))
 777                        epc = epc + 4 + (insn.i_format.simmediate << 2);
 778                else
 779                        epc += 8;
 780                regs->cp0_epc = epc;
 781                break;
 782#else
 783        case bc6_op:
 784                /* Only valid for MIPS R6 */
 785                if (!cpu_has_mips_r6)
 786                        goto sigill_r6;
 787                regs->cp0_epc += 8;
 788                break;
 789        case balc6_op:
 790                if (!cpu_has_mips_r6)
 791                        goto sigill_r6;
 792                /* Compact branch: BALC */
 793                regs->regs[31] = epc + 4;
 794                epc += 4 + (insn.i_format.simmediate << 2);
 795                regs->cp0_epc = epc;
 796                break;
 797        case pop66_op:
 798                if (!cpu_has_mips_r6)
 799                        goto sigill_r6;
 800                /* Compact branch: BEQZC || JIC */
 801                regs->cp0_epc += 8;
 802                break;
 803        case pop76_op:
 804                if (!cpu_has_mips_r6)
 805                        goto sigill_r6;
 806                /* Compact branch: BNEZC || JIALC */
 807                if (!insn.i_format.rs) {
 808                        /* JIALC: set $31/ra */
 809                        regs->regs[31] = epc + 4;
 810                }
 811                regs->cp0_epc += 8;
 812                break;
 813#endif
 814        case pop10_op:
 815        case pop30_op:
 816                /* Only valid for MIPS R6 */
 817                if (!cpu_has_mips_r6)
 818                        goto sigill_r6;
 819                /*
 820                 * Compact branches:
 821                 * bovc, beqc, beqzalc, bnvc, bnec, bnezlac
 822                 */
 823                if (insn.i_format.rt && !insn.i_format.rs)
 824                        regs->regs[31] = epc + 4;
 825                regs->cp0_epc += 8;
 826                break;
 827        }
 828
 829        return ret;
 830
 831sigill_dsp:
 832        pr_debug("%s: DSP branch but not DSP ASE - sending SIGILL.\n",
 833                 current->comm);
 834        force_sig(SIGILL);
 835        return -EFAULT;
 836sigill_r2r6:
 837        pr_debug("%s: R2 branch but r2-to-r6 emulator is not present - sending SIGILL.\n",
 838                 current->comm);
 839        force_sig(SIGILL);
 840        return -EFAULT;
 841sigill_r6:
 842        pr_debug("%s: R6 branch but no MIPSr6 ISA support - sending SIGILL.\n",
 843                 current->comm);
 844        force_sig(SIGILL);
 845        return -EFAULT;
 846}
 847EXPORT_SYMBOL_GPL(__compute_return_epc_for_insn);
 848
 849int __compute_return_epc(struct pt_regs *regs)
 850{
 851        unsigned int __user *addr;
 852        long epc;
 853        union mips_instruction insn;
 854
 855        epc = regs->cp0_epc;
 856        if (epc & 3)
 857                goto unaligned;
 858
 859        /*
 860         * Read the instruction
 861         */
 862        addr = (unsigned int __user *) epc;
 863        if (__get_user(insn.word, addr)) {
 864                force_sig(SIGSEGV);
 865                return -EFAULT;
 866        }
 867
 868        return __compute_return_epc_for_insn(regs, insn);
 869
 870unaligned:
 871        printk("%s: unaligned epc - sending SIGBUS.\n", current->comm);
 872        force_sig(SIGBUS);
 873        return -EFAULT;
 874}
 875
 876#if (defined CONFIG_KPROBES) || (defined CONFIG_UPROBES)
 877
 878int __insn_is_compact_branch(union mips_instruction insn)
 879{
 880        if (!cpu_has_mips_r6)
 881                return 0;
 882
 883        switch (insn.i_format.opcode) {
 884        case blezl_op:
 885        case bgtzl_op:
 886        case blez_op:
 887        case bgtz_op:
 888                /*
 889                 * blez[l] and bgtz[l] opcodes with non-zero rt
 890                 * are MIPS R6 compact branches
 891                 */
 892                if (insn.i_format.rt)
 893                        return 1;
 894                break;
 895        case bc6_op:
 896        case balc6_op:
 897        case pop10_op:
 898        case pop30_op:
 899        case pop66_op:
 900        case pop76_op:
 901                return 1;
 902        }
 903
 904        return 0;
 905}
 906EXPORT_SYMBOL_GPL(__insn_is_compact_branch);
 907
 908#endif  /* CONFIG_KPROBES || CONFIG_UPROBES */
 909