Merge tag 'safesetid-5.10' of git://github.com/micah-morton/linux
[platform/kernel/linux-starfive.git] / arch / mips / kernel / branch.c
1 /*
2  * This file is subject to the terms and conditions of the GNU General Public
3  * License.  See the file "COPYING" in the main directory of this archive
4  * for more details.
5  *
6  * Copyright (C) 1996, 97, 2000, 2001 by Ralf Baechle
7  * Copyright (C) 2001 MIPS Technologies, Inc.
8  */
9 #include <linux/kernel.h>
10 #include <linux/sched/signal.h>
11 #include <linux/signal.h>
12 #include <linux/export.h>
13 #include <asm/branch.h>
14 #include <asm/cpu.h>
15 #include <asm/cpu-features.h>
16 #include <asm/fpu.h>
17 #include <asm/fpu_emulator.h>
18 #include <asm/inst.h>
19 #include <asm/mips-r2-to-r6-emul.h>
20 #include <asm/ptrace.h>
21 #include <linux/uaccess.h>
22
23 #include "probes-common.h"
24
25 /*
26  * Calculate and return exception PC in case of branch delay slot
27  * for microMIPS and MIPS16e. It does not clear the ISA mode bit.
28  */
29 int __isa_exception_epc(struct pt_regs *regs)
30 {
31         unsigned short inst;
32         long epc = regs->cp0_epc;
33
34         /* Calculate exception PC in branch delay slot. */
35         if (__get_user(inst, (u16 __user *) msk_isa16_mode(epc))) {
36                 /* This should never happen because delay slot was checked. */
37                 force_sig(SIGSEGV);
38                 return epc;
39         }
40         if (cpu_has_mips16) {
41                 union mips16e_instruction inst_mips16e;
42
43                 inst_mips16e.full = inst;
44                 if (inst_mips16e.ri.opcode == MIPS16e_jal_op)
45                         epc += 4;
46                 else
47                         epc += 2;
48         } else if (mm_insn_16bit(inst))
49                 epc += 2;
50         else
51                 epc += 4;
52
53         return epc;
54 }
55
56 /* (microMIPS) Convert 16-bit register encoding to 32-bit register encoding. */
57 static const unsigned int reg16to32map[8] = {16, 17, 2, 3, 4, 5, 6, 7};
58
59 int __mm_isBranchInstr(struct pt_regs *regs, struct mm_decoded_insn dec_insn,
60                        unsigned long *contpc)
61 {
62         union mips_instruction insn = (union mips_instruction)dec_insn.insn;
63         int __maybe_unused bc_false = 0;
64
65         if (!cpu_has_mmips)
66                 return 0;
67
68         switch (insn.mm_i_format.opcode) {
69         case mm_pool32a_op:
70                 if ((insn.mm_i_format.simmediate & MM_POOL32A_MINOR_MASK) ==
71                     mm_pool32axf_op) {
72                         switch (insn.mm_i_format.simmediate >>
73                                 MM_POOL32A_MINOR_SHIFT) {
74                         case mm_jalr_op:
75                         case mm_jalrhb_op:
76                         case mm_jalrs_op:
77                         case mm_jalrshb_op:
78                                 if (insn.mm_i_format.rt != 0)   /* Not mm_jr */
79                                         regs->regs[insn.mm_i_format.rt] =
80                                                 regs->cp0_epc +
81                                                 dec_insn.pc_inc +
82                                                 dec_insn.next_pc_inc;
83                                 *contpc = regs->regs[insn.mm_i_format.rs];
84                                 return 1;
85                         }
86                 }
87                 break;
88         case mm_pool32i_op:
89                 switch (insn.mm_i_format.rt) {
90                 case mm_bltzals_op:
91                 case mm_bltzal_op:
92                         regs->regs[31] = regs->cp0_epc +
93                                 dec_insn.pc_inc +
94                                 dec_insn.next_pc_inc;
95                         fallthrough;
96                 case mm_bltz_op:
97                         if ((long)regs->regs[insn.mm_i_format.rs] < 0)
98                                 *contpc = regs->cp0_epc +
99                                         dec_insn.pc_inc +
100                                         (insn.mm_i_format.simmediate << 1);
101                         else
102                                 *contpc = regs->cp0_epc +
103                                         dec_insn.pc_inc +
104                                         dec_insn.next_pc_inc;
105                         return 1;
106                 case mm_bgezals_op:
107                 case mm_bgezal_op:
108                         regs->regs[31] = regs->cp0_epc +
109                                         dec_insn.pc_inc +
110                                         dec_insn.next_pc_inc;
111                         fallthrough;
112                 case mm_bgez_op:
113                         if ((long)regs->regs[insn.mm_i_format.rs] >= 0)
114                                 *contpc = regs->cp0_epc +
115                                         dec_insn.pc_inc +
116                                         (insn.mm_i_format.simmediate << 1);
117                         else
118                                 *contpc = regs->cp0_epc +
119                                         dec_insn.pc_inc +
120                                         dec_insn.next_pc_inc;
121                         return 1;
122                 case mm_blez_op:
123                         if ((long)regs->regs[insn.mm_i_format.rs] <= 0)
124                                 *contpc = regs->cp0_epc +
125                                         dec_insn.pc_inc +
126                                         (insn.mm_i_format.simmediate << 1);
127                         else
128                                 *contpc = regs->cp0_epc +
129                                         dec_insn.pc_inc +
130                                         dec_insn.next_pc_inc;
131                         return 1;
132                 case mm_bgtz_op:
133                         if ((long)regs->regs[insn.mm_i_format.rs] <= 0)
134                                 *contpc = regs->cp0_epc +
135                                         dec_insn.pc_inc +
136                                         (insn.mm_i_format.simmediate << 1);
137                         else
138                                 *contpc = regs->cp0_epc +
139                                         dec_insn.pc_inc +
140                                         dec_insn.next_pc_inc;
141                         return 1;
142 #ifdef CONFIG_MIPS_FP_SUPPORT
143                 case mm_bc2f_op:
144                 case mm_bc1f_op: {
145                         unsigned int fcr31;
146                         unsigned int bit;
147
148                         bc_false = 1;
149                         fallthrough;
150                 case mm_bc2t_op:
151                 case mm_bc1t_op:
152                         preempt_disable();
153                         if (is_fpu_owner())
154                                 fcr31 = read_32bit_cp1_register(CP1_STATUS);
155                         else
156                                 fcr31 = current->thread.fpu.fcr31;
157                         preempt_enable();
158
159                         if (bc_false)
160                                 fcr31 = ~fcr31;
161
162                         bit = (insn.mm_i_format.rs >> 2);
163                         bit += (bit != 0);
164                         bit += 23;
165                         if (fcr31 & (1 << bit))
166                                 *contpc = regs->cp0_epc +
167                                         dec_insn.pc_inc +
168                                         (insn.mm_i_format.simmediate << 1);
169                         else
170                                 *contpc = regs->cp0_epc +
171                                         dec_insn.pc_inc + dec_insn.next_pc_inc;
172                         return 1;
173                 }
174 #endif /* CONFIG_MIPS_FP_SUPPORT */
175                 }
176                 break;
177         case mm_pool16c_op:
178                 switch (insn.mm_i_format.rt) {
179                 case mm_jalr16_op:
180                 case mm_jalrs16_op:
181                         regs->regs[31] = regs->cp0_epc +
182                                 dec_insn.pc_inc + dec_insn.next_pc_inc;
183                         fallthrough;
184                 case mm_jr16_op:
185                         *contpc = regs->regs[insn.mm_i_format.rs];
186                         return 1;
187                 }
188                 break;
189         case mm_beqz16_op:
190                 if ((long)regs->regs[reg16to32map[insn.mm_b1_format.rs]] == 0)
191                         *contpc = regs->cp0_epc +
192                                 dec_insn.pc_inc +
193                                 (insn.mm_b1_format.simmediate << 1);
194                 else
195                         *contpc = regs->cp0_epc +
196                                 dec_insn.pc_inc + dec_insn.next_pc_inc;
197                 return 1;
198         case mm_bnez16_op:
199                 if ((long)regs->regs[reg16to32map[insn.mm_b1_format.rs]] != 0)
200                         *contpc = regs->cp0_epc +
201                                 dec_insn.pc_inc +
202                                 (insn.mm_b1_format.simmediate << 1);
203                 else
204                         *contpc = regs->cp0_epc +
205                                 dec_insn.pc_inc + dec_insn.next_pc_inc;
206                 return 1;
207         case mm_b16_op:
208                 *contpc = regs->cp0_epc + dec_insn.pc_inc +
209                          (insn.mm_b0_format.simmediate << 1);
210                 return 1;
211         case mm_beq32_op:
212                 if (regs->regs[insn.mm_i_format.rs] ==
213                     regs->regs[insn.mm_i_format.rt])
214                         *contpc = regs->cp0_epc +
215                                 dec_insn.pc_inc +
216                                 (insn.mm_i_format.simmediate << 1);
217                 else
218                         *contpc = regs->cp0_epc +
219                                 dec_insn.pc_inc +
220                                 dec_insn.next_pc_inc;
221                 return 1;
222         case mm_bne32_op:
223                 if (regs->regs[insn.mm_i_format.rs] !=
224                     regs->regs[insn.mm_i_format.rt])
225                         *contpc = regs->cp0_epc +
226                                 dec_insn.pc_inc +
227                                 (insn.mm_i_format.simmediate << 1);
228                 else
229                         *contpc = regs->cp0_epc +
230                                 dec_insn.pc_inc + dec_insn.next_pc_inc;
231                 return 1;
232         case mm_jalx32_op:
233                 regs->regs[31] = regs->cp0_epc +
234                         dec_insn.pc_inc + dec_insn.next_pc_inc;
235                 *contpc = regs->cp0_epc + dec_insn.pc_inc;
236                 *contpc >>= 28;
237                 *contpc <<= 28;
238                 *contpc |= (insn.j_format.target << 2);
239                 return 1;
240         case mm_jals32_op:
241         case mm_jal32_op:
242                 regs->regs[31] = regs->cp0_epc +
243                         dec_insn.pc_inc + dec_insn.next_pc_inc;
244                 fallthrough;
245         case mm_j32_op:
246                 *contpc = regs->cp0_epc + dec_insn.pc_inc;
247                 *contpc >>= 27;
248                 *contpc <<= 27;
249                 *contpc |= (insn.j_format.target << 1);
250                 set_isa16_mode(*contpc);
251                 return 1;
252         }
253         return 0;
254 }
255
256 /*
257  * Compute return address and emulate branch in microMIPS mode after an
258  * exception only. It does not handle compact branches/jumps and cannot
259  * be used in interrupt context. (Compact branches/jumps do not cause
260  * exceptions.)
261  */
262 int __microMIPS_compute_return_epc(struct pt_regs *regs)
263 {
264         u16 __user *pc16;
265         u16 halfword;
266         unsigned int word;
267         unsigned long contpc;
268         struct mm_decoded_insn mminsn = { 0 };
269
270         mminsn.micro_mips_mode = 1;
271
272         /* This load never faults. */
273         pc16 = (unsigned short __user *)msk_isa16_mode(regs->cp0_epc);
274         __get_user(halfword, pc16);
275         pc16++;
276         contpc = regs->cp0_epc + 2;
277         word = ((unsigned int)halfword << 16);
278         mminsn.pc_inc = 2;
279
280         if (!mm_insn_16bit(halfword)) {
281                 __get_user(halfword, pc16);
282                 pc16++;
283                 contpc = regs->cp0_epc + 4;
284                 mminsn.pc_inc = 4;
285                 word |= halfword;
286         }
287         mminsn.insn = word;
288
289         if (get_user(halfword, pc16))
290                 goto sigsegv;
291         mminsn.next_pc_inc = 2;
292         word = ((unsigned int)halfword << 16);
293
294         if (!mm_insn_16bit(halfword)) {
295                 pc16++;
296                 if (get_user(halfword, pc16))
297                         goto sigsegv;
298                 mminsn.next_pc_inc = 4;
299                 word |= halfword;
300         }
301         mminsn.next_insn = word;
302
303         mm_isBranchInstr(regs, mminsn, &contpc);
304
305         regs->cp0_epc = contpc;
306
307         return 0;
308
309 sigsegv:
310         force_sig(SIGSEGV);
311         return -EFAULT;
312 }
313
314 /*
315  * Compute return address and emulate branch in MIPS16e mode after an
316  * exception only. It does not handle compact branches/jumps and cannot
317  * be used in interrupt context. (Compact branches/jumps do not cause
318  * exceptions.)
319  */
320 int __MIPS16e_compute_return_epc(struct pt_regs *regs)
321 {
322         u16 __user *addr;
323         union mips16e_instruction inst;
324         u16 inst2;
325         u32 fullinst;
326         long epc;
327
328         epc = regs->cp0_epc;
329
330         /* Read the instruction. */
331         addr = (u16 __user *)msk_isa16_mode(epc);
332         if (__get_user(inst.full, addr)) {
333                 force_sig(SIGSEGV);
334                 return -EFAULT;
335         }
336
337         switch (inst.ri.opcode) {
338         case MIPS16e_extend_op:
339                 regs->cp0_epc += 4;
340                 return 0;
341
342                 /*
343                  *  JAL and JALX in MIPS16e mode
344                  */
345         case MIPS16e_jal_op:
346                 addr += 1;
347                 if (__get_user(inst2, addr)) {
348                         force_sig(SIGSEGV);
349                         return -EFAULT;
350                 }
351                 fullinst = ((unsigned)inst.full << 16) | inst2;
352                 regs->regs[31] = epc + 6;
353                 epc += 4;
354                 epc >>= 28;
355                 epc <<= 28;
356                 /*
357                  * JAL:5 X:1 TARGET[20-16]:5 TARGET[25:21]:5 TARGET[15:0]:16
358                  *
359                  * ......TARGET[15:0].................TARGET[20:16]...........
360                  * ......TARGET[25:21]
361                  */
362                 epc |=
363                     ((fullinst & 0xffff) << 2) | ((fullinst & 0x3e00000) >> 3) |
364                     ((fullinst & 0x1f0000) << 7);
365                 if (!inst.jal.x)
366                         set_isa16_mode(epc);    /* Set ISA mode bit. */
367                 regs->cp0_epc = epc;
368                 return 0;
369
370                 /*
371                  *  J(AL)R(C)
372                  */
373         case MIPS16e_rr_op:
374                 if (inst.rr.func == MIPS16e_jr_func) {
375
376                         if (inst.rr.ra)
377                                 regs->cp0_epc = regs->regs[31];
378                         else
379                                 regs->cp0_epc =
380                                     regs->regs[reg16to32[inst.rr.rx]];
381
382                         if (inst.rr.l) {
383                                 if (inst.rr.nd)
384                                         regs->regs[31] = epc + 2;
385                                 else
386                                         regs->regs[31] = epc + 4;
387                         }
388                         return 0;
389                 }
390                 break;
391         }
392
393         /*
394          * All other cases have no branch delay slot and are 16-bits.
395          * Branches do not cause an exception.
396          */
397         regs->cp0_epc += 2;
398
399         return 0;
400 }
401
402 /**
403  * __compute_return_epc_for_insn - Computes the return address and do emulate
404  *                                  branch simulation, if required.
405  *
406  * @regs:       Pointer to pt_regs
407  * @insn:       branch instruction to decode
408  * Return:      -EFAULT on error and forces SIGILL, and on success
409  *              returns 0 or BRANCH_LIKELY_TAKEN as appropriate after
410  *              evaluating the branch.
411  *
412  * MIPS R6 Compact branches and forbidden slots:
413  *      Compact branches do not throw exceptions because they do
414  *      not have delay slots. The forbidden slot instruction ($PC+4)
415  *      is only executed if the branch was not taken. Otherwise the
416  *      forbidden slot is skipped entirely. This means that the
417  *      only possible reason to be here because of a MIPS R6 compact
418  *      branch instruction is that the forbidden slot has thrown one.
419  *      In that case the branch was not taken, so the EPC can be safely
420  *      set to EPC + 8.
421  */
422 int __compute_return_epc_for_insn(struct pt_regs *regs,
423                                    union mips_instruction insn)
424 {
425         long epc = regs->cp0_epc;
426         unsigned int dspcontrol;
427         int ret = 0;
428
429         switch (insn.i_format.opcode) {
430         /*
431          * jr and jalr are in r_format format.
432          */
433         case spec_op:
434                 switch (insn.r_format.func) {
435                 case jalr_op:
436                         regs->regs[insn.r_format.rd] = epc + 8;
437                         fallthrough;
438                 case jr_op:
439                         if (NO_R6EMU && insn.r_format.func == jr_op)
440                                 goto sigill_r2r6;
441                         regs->cp0_epc = regs->regs[insn.r_format.rs];
442                         break;
443                 }
444                 break;
445
446         /*
447          * This group contains:
448          * bltz_op, bgez_op, bltzl_op, bgezl_op,
449          * bltzal_op, bgezal_op, bltzall_op, bgezall_op.
450          */
451         case bcond_op:
452                 switch (insn.i_format.rt) {
453                 case bltzl_op:
454                         if (NO_R6EMU)
455                                 goto sigill_r2r6;
456                         fallthrough;
457                 case bltz_op:
458                         if ((long)regs->regs[insn.i_format.rs] < 0) {
459                                 epc = epc + 4 + (insn.i_format.simmediate << 2);
460                                 if (insn.i_format.rt == bltzl_op)
461                                         ret = BRANCH_LIKELY_TAKEN;
462                         } else
463                                 epc += 8;
464                         regs->cp0_epc = epc;
465                         break;
466
467                 case bgezl_op:
468                         if (NO_R6EMU)
469                                 goto sigill_r2r6;
470                         fallthrough;
471                 case bgez_op:
472                         if ((long)regs->regs[insn.i_format.rs] >= 0) {
473                                 epc = epc + 4 + (insn.i_format.simmediate << 2);
474                                 if (insn.i_format.rt == bgezl_op)
475                                         ret = BRANCH_LIKELY_TAKEN;
476                         } else
477                                 epc += 8;
478                         regs->cp0_epc = epc;
479                         break;
480
481                 case bltzal_op:
482                 case bltzall_op:
483                         if (NO_R6EMU && (insn.i_format.rs ||
484                             insn.i_format.rt == bltzall_op))
485                                 goto sigill_r2r6;
486                         regs->regs[31] = epc + 8;
487                         /*
488                          * OK we are here either because we hit a NAL
489                          * instruction or because we are emulating an
490                          * old bltzal{,l} one. Let's figure out what the
491                          * case really is.
492                          */
493                         if (!insn.i_format.rs) {
494                                 /*
495                                  * NAL or BLTZAL with rs == 0
496                                  * Doesn't matter if we are R6 or not. The
497                                  * result is the same
498                                  */
499                                 regs->cp0_epc += 4 +
500                                         (insn.i_format.simmediate << 2);
501                                 break;
502                         }
503                         /* Now do the real thing for non-R6 BLTZAL{,L} */
504                         if ((long)regs->regs[insn.i_format.rs] < 0) {
505                                 epc = epc + 4 + (insn.i_format.simmediate << 2);
506                                 if (insn.i_format.rt == bltzall_op)
507                                         ret = BRANCH_LIKELY_TAKEN;
508                         } else
509                                 epc += 8;
510                         regs->cp0_epc = epc;
511                         break;
512
513                 case bgezal_op:
514                 case bgezall_op:
515                         if (NO_R6EMU && (insn.i_format.rs ||
516                             insn.i_format.rt == bgezall_op))
517                                 goto sigill_r2r6;
518                         regs->regs[31] = epc + 8;
519                         /*
520                          * OK we are here either because we hit a BAL
521                          * instruction or because we are emulating an
522                          * old bgezal{,l} one. Let's figure out what the
523                          * case really is.
524                          */
525                         if (!insn.i_format.rs) {
526                                 /*
527                                  * BAL or BGEZAL with rs == 0
528                                  * Doesn't matter if we are R6 or not. The
529                                  * result is the same
530                                  */
531                                 regs->cp0_epc += 4 +
532                                         (insn.i_format.simmediate << 2);
533                                 break;
534                         }
535                         /* Now do the real thing for non-R6 BGEZAL{,L} */
536                         if ((long)regs->regs[insn.i_format.rs] >= 0) {
537                                 epc = epc + 4 + (insn.i_format.simmediate << 2);
538                                 if (insn.i_format.rt == bgezall_op)
539                                         ret = BRANCH_LIKELY_TAKEN;
540                         } else
541                                 epc += 8;
542                         regs->cp0_epc = epc;
543                         break;
544
545                 case bposge32_op:
546                         if (!cpu_has_dsp)
547                                 goto sigill_dsp;
548
549                         dspcontrol = rddsp(0x01);
550
551                         if (dspcontrol >= 32) {
552                                 epc = epc + 4 + (insn.i_format.simmediate << 2);
553                         } else
554                                 epc += 8;
555                         regs->cp0_epc = epc;
556                         break;
557                 }
558                 break;
559
560         /*
561          * These are unconditional and in j_format.
562          */
563         case jalx_op:
564         case jal_op:
565                 regs->regs[31] = regs->cp0_epc + 8;
566                 fallthrough;
567         case j_op:
568                 epc += 4;
569                 epc >>= 28;
570                 epc <<= 28;
571                 epc |= (insn.j_format.target << 2);
572                 regs->cp0_epc = epc;
573                 if (insn.i_format.opcode == jalx_op)
574                         set_isa16_mode(regs->cp0_epc);
575                 break;
576
577         /*
578          * These are conditional and in i_format.
579          */
580         case beql_op:
581                 if (NO_R6EMU)
582                         goto sigill_r2r6;
583                 fallthrough;
584         case beq_op:
585                 if (regs->regs[insn.i_format.rs] ==
586                     regs->regs[insn.i_format.rt]) {
587                         epc = epc + 4 + (insn.i_format.simmediate << 2);
588                         if (insn.i_format.opcode == beql_op)
589                                 ret = BRANCH_LIKELY_TAKEN;
590                 } else
591                         epc += 8;
592                 regs->cp0_epc = epc;
593                 break;
594
595         case bnel_op:
596                 if (NO_R6EMU)
597                         goto sigill_r2r6;
598                 fallthrough;
599         case bne_op:
600                 if (regs->regs[insn.i_format.rs] !=
601                     regs->regs[insn.i_format.rt]) {
602                         epc = epc + 4 + (insn.i_format.simmediate << 2);
603                         if (insn.i_format.opcode == bnel_op)
604                                 ret = BRANCH_LIKELY_TAKEN;
605                 } else
606                         epc += 8;
607                 regs->cp0_epc = epc;
608                 break;
609
610         case blezl_op: /* not really i_format */
611                 if (!insn.i_format.rt && NO_R6EMU)
612                         goto sigill_r2r6;
613                 fallthrough;
614         case blez_op:
615                 /*
616                  * Compact branches for R6 for the
617                  * blez and blezl opcodes.
618                  * BLEZ  | rs = 0 | rt != 0  == BLEZALC
619                  * BLEZ  | rs = rt != 0      == BGEZALC
620                  * BLEZ  | rs != 0 | rt != 0 == BGEUC
621                  * BLEZL | rs = 0 | rt != 0  == BLEZC
622                  * BLEZL | rs = rt != 0      == BGEZC
623                  * BLEZL | rs != 0 | rt != 0 == BGEC
624                  *
625                  * For real BLEZ{,L}, rt is always 0.
626                  */
627
628                 if (cpu_has_mips_r6 && insn.i_format.rt) {
629                         if ((insn.i_format.opcode == blez_op) &&
630                             ((!insn.i_format.rs && insn.i_format.rt) ||
631                              (insn.i_format.rs == insn.i_format.rt)))
632                                 regs->regs[31] = epc + 4;
633                         regs->cp0_epc += 8;
634                         break;
635                 }
636                 /* rt field assumed to be zero */
637                 if ((long)regs->regs[insn.i_format.rs] <= 0) {
638                         epc = epc + 4 + (insn.i_format.simmediate << 2);
639                         if (insn.i_format.opcode == blezl_op)
640                                 ret = BRANCH_LIKELY_TAKEN;
641                 } else
642                         epc += 8;
643                 regs->cp0_epc = epc;
644                 break;
645
646         case bgtzl_op:
647                 if (!insn.i_format.rt && NO_R6EMU)
648                         goto sigill_r2r6;
649                 fallthrough;
650         case bgtz_op:
651                 /*
652                  * Compact branches for R6 for the
653                  * bgtz and bgtzl opcodes.
654                  * BGTZ  | rs = 0 | rt != 0  == BGTZALC
655                  * BGTZ  | rs = rt != 0      == BLTZALC
656                  * BGTZ  | rs != 0 | rt != 0 == BLTUC
657                  * BGTZL | rs = 0 | rt != 0  == BGTZC
658                  * BGTZL | rs = rt != 0      == BLTZC
659                  * BGTZL | rs != 0 | rt != 0 == BLTC
660                  *
661                  * *ZALC varint for BGTZ &&& rt != 0
662                  * For real GTZ{,L}, rt is always 0.
663                  */
664                 if (cpu_has_mips_r6 && insn.i_format.rt) {
665                         if ((insn.i_format.opcode == blez_op) &&
666                             ((!insn.i_format.rs && insn.i_format.rt) ||
667                             (insn.i_format.rs == insn.i_format.rt)))
668                                 regs->regs[31] = epc + 4;
669                         regs->cp0_epc += 8;
670                         break;
671                 }
672
673                 /* rt field assumed to be zero */
674                 if ((long)regs->regs[insn.i_format.rs] > 0) {
675                         epc = epc + 4 + (insn.i_format.simmediate << 2);
676                         if (insn.i_format.opcode == bgtzl_op)
677                                 ret = BRANCH_LIKELY_TAKEN;
678                 } else
679                         epc += 8;
680                 regs->cp0_epc = epc;
681                 break;
682
683 #ifdef CONFIG_MIPS_FP_SUPPORT
684         /*
685          * And now the FPA/cp1 branch instructions.
686          */
687         case cop1_op: {
688                 unsigned int bit, fcr31, reg;
689
690                 if (cpu_has_mips_r6 &&
691                     ((insn.i_format.rs == bc1eqz_op) ||
692                      (insn.i_format.rs == bc1nez_op))) {
693                         if (!init_fp_ctx(current))
694                                 lose_fpu(1);
695                         reg = insn.i_format.rt;
696                         bit = get_fpr32(&current->thread.fpu.fpr[reg], 0) & 0x1;
697                         if (insn.i_format.rs == bc1eqz_op)
698                                 bit = !bit;
699                         own_fpu(1);
700                         if (bit)
701                                 epc = epc + 4 +
702                                         (insn.i_format.simmediate << 2);
703                         else
704                                 epc += 8;
705                         regs->cp0_epc = epc;
706
707                         break;
708                 } else {
709
710                         preempt_disable();
711                         if (is_fpu_owner())
712                                 fcr31 = read_32bit_cp1_register(CP1_STATUS);
713                         else
714                                 fcr31 = current->thread.fpu.fcr31;
715                         preempt_enable();
716
717                         bit = (insn.i_format.rt >> 2);
718                         bit += (bit != 0);
719                         bit += 23;
720                         switch (insn.i_format.rt & 3) {
721                         case 0: /* bc1f */
722                         case 2: /* bc1fl */
723                                 if (~fcr31 & (1 << bit)) {
724                                         epc = epc + 4 +
725                                                 (insn.i_format.simmediate << 2);
726                                         if (insn.i_format.rt == 2)
727                                                 ret = BRANCH_LIKELY_TAKEN;
728                                 } else
729                                         epc += 8;
730                                 regs->cp0_epc = epc;
731                                 break;
732
733                         case 1: /* bc1t */
734                         case 3: /* bc1tl */
735                                 if (fcr31 & (1 << bit)) {
736                                         epc = epc + 4 +
737                                                 (insn.i_format.simmediate << 2);
738                                         if (insn.i_format.rt == 3)
739                                                 ret = BRANCH_LIKELY_TAKEN;
740                                 } else
741                                         epc += 8;
742                                 regs->cp0_epc = epc;
743                                 break;
744                         }
745                         break;
746                 }
747         }
748 #endif /* CONFIG_MIPS_FP_SUPPORT */
749
750 #ifdef CONFIG_CPU_CAVIUM_OCTEON
751         case lwc2_op: /* This is bbit0 on Octeon */
752                 if ((regs->regs[insn.i_format.rs] & (1ull<<insn.i_format.rt))
753                      == 0)
754                         epc = epc + 4 + (insn.i_format.simmediate << 2);
755                 else
756                         epc += 8;
757                 regs->cp0_epc = epc;
758                 break;
759         case ldc2_op: /* This is bbit032 on Octeon */
760                 if ((regs->regs[insn.i_format.rs] &
761                     (1ull<<(insn.i_format.rt+32))) == 0)
762                         epc = epc + 4 + (insn.i_format.simmediate << 2);
763                 else
764                         epc += 8;
765                 regs->cp0_epc = epc;
766                 break;
767         case swc2_op: /* This is bbit1 on Octeon */
768                 if (regs->regs[insn.i_format.rs] & (1ull<<insn.i_format.rt))
769                         epc = epc + 4 + (insn.i_format.simmediate << 2);
770                 else
771                         epc += 8;
772                 regs->cp0_epc = epc;
773                 break;
774         case sdc2_op: /* This is bbit132 on Octeon */
775                 if (regs->regs[insn.i_format.rs] &
776                     (1ull<<(insn.i_format.rt+32)))
777                         epc = epc + 4 + (insn.i_format.simmediate << 2);
778                 else
779                         epc += 8;
780                 regs->cp0_epc = epc;
781                 break;
782 #else
783         case bc6_op:
784                 /* Only valid for MIPS R6 */
785                 if (!cpu_has_mips_r6)
786                         goto sigill_r6;
787                 regs->cp0_epc += 8;
788                 break;
789         case balc6_op:
790                 if (!cpu_has_mips_r6)
791                         goto sigill_r6;
792                 /* Compact branch: BALC */
793                 regs->regs[31] = epc + 4;
794                 epc += 4 + (insn.i_format.simmediate << 2);
795                 regs->cp0_epc = epc;
796                 break;
797         case pop66_op:
798                 if (!cpu_has_mips_r6)
799                         goto sigill_r6;
800                 /* Compact branch: BEQZC || JIC */
801                 regs->cp0_epc += 8;
802                 break;
803         case pop76_op:
804                 if (!cpu_has_mips_r6)
805                         goto sigill_r6;
806                 /* Compact branch: BNEZC || JIALC */
807                 if (!insn.i_format.rs) {
808                         /* JIALC: set $31/ra */
809                         regs->regs[31] = epc + 4;
810                 }
811                 regs->cp0_epc += 8;
812                 break;
813 #endif
814         case pop10_op:
815         case pop30_op:
816                 /* Only valid for MIPS R6 */
817                 if (!cpu_has_mips_r6)
818                         goto sigill_r6;
819                 /*
820                  * Compact branches:
821                  * bovc, beqc, beqzalc, bnvc, bnec, bnezlac
822                  */
823                 if (insn.i_format.rt && !insn.i_format.rs)
824                         regs->regs[31] = epc + 4;
825                 regs->cp0_epc += 8;
826                 break;
827         }
828
829         return ret;
830
831 sigill_dsp:
832         pr_debug("%s: DSP branch but not DSP ASE - sending SIGILL.\n",
833                  current->comm);
834         force_sig(SIGILL);
835         return -EFAULT;
836 sigill_r2r6:
837         pr_debug("%s: R2 branch but r2-to-r6 emulator is not present - sending SIGILL.\n",
838                  current->comm);
839         force_sig(SIGILL);
840         return -EFAULT;
841 sigill_r6:
842         pr_debug("%s: R6 branch but no MIPSr6 ISA support - sending SIGILL.\n",
843                  current->comm);
844         force_sig(SIGILL);
845         return -EFAULT;
846 }
847 EXPORT_SYMBOL_GPL(__compute_return_epc_for_insn);
848
849 int __compute_return_epc(struct pt_regs *regs)
850 {
851         unsigned int __user *addr;
852         long epc;
853         union mips_instruction insn;
854
855         epc = regs->cp0_epc;
856         if (epc & 3)
857                 goto unaligned;
858
859         /*
860          * Read the instruction
861          */
862         addr = (unsigned int __user *) epc;
863         if (__get_user(insn.word, addr)) {
864                 force_sig(SIGSEGV);
865                 return -EFAULT;
866         }
867
868         return __compute_return_epc_for_insn(regs, insn);
869
870 unaligned:
871         printk("%s: unaligned epc - sending SIGBUS.\n", current->comm);
872         force_sig(SIGBUS);
873         return -EFAULT;
874 }
875
876 #if (defined CONFIG_KPROBES) || (defined CONFIG_UPROBES)
877
878 int __insn_is_compact_branch(union mips_instruction insn)
879 {
880         if (!cpu_has_mips_r6)
881                 return 0;
882
883         switch (insn.i_format.opcode) {
884         case blezl_op:
885         case bgtzl_op:
886         case blez_op:
887         case bgtz_op:
888                 /*
889                  * blez[l] and bgtz[l] opcodes with non-zero rt
890                  * are MIPS R6 compact branches
891                  */
892                 if (insn.i_format.rt)
893                         return 1;
894                 break;
895         case bc6_op:
896         case balc6_op:
897         case pop10_op:
898         case pop30_op:
899         case pop66_op:
900         case pop76_op:
901                 return 1;
902         }
903
904         return 0;
905 }
906 EXPORT_SYMBOL_GPL(__insn_is_compact_branch);
907
908 #endif  /* CONFIG_KPROBES || CONFIG_UPROBES */