powerpc/kvm/book3s_hv.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * Copyright 2011 Paul Mackerras, IBM Corp. <paulus@au1.ibm.com>
0004  * Copyright (C) 2009. SUSE Linux Products GmbH. All rights reserved.
0005  *
0006  * Authors:
0007  *    Paul Mackerras <paulus@au1.ibm.com>
0008  *    Alexander Graf <agraf@suse.de>
0009  *    Kevin Wolf <mail@kevin-wolf.de>
0010  *
0011  * Description: KVM functions specific to running on Book 3S
0012  * processors in hypervisor mode (specifically POWER7 and later).
0013  *
0014  * This file is derived from arch/powerpc/kvm/book3s.c,
0015  * by Alexander Graf <agraf@suse.de>.
0016  */
0017
0018 #include <linux/kvm_host.h>
0019 #include <linux/kernel.h>
0020 #include <linux/err.h>
0021 #include <linux/slab.h>
0022 #include <linux/preempt.h>
0023 #include <linux/sched/signal.h>
0024 #include <linux/sched/stat.h>
0025 #include <linux/delay.h>
0026 #include <linux/export.h>
0027 #include <linux/fs.h>
0028 #include <linux/anon_inodes.h>
0029 #include <linux/cpu.h>
0030 #include <linux/cpumask.h>
0031 #include <linux/spinlock.h>
0032 #include <linux/page-flags.h>
0033 #include <linux/srcu.h>
0034 #include <linux/miscdevice.h>
0035 #include <linux/debugfs.h>
0036 #include <linux/gfp.h>
0037 #include <linux/vmalloc.h>
0038 #include <linux/highmem.h>
0039 #include <linux/hugetlb.h>
0040 #include <linux/kvm_irqfd.h>
0041 #include <linux/irqbypass.h>
0042 #include <linux/module.h>
0043 #include <linux/compiler.h>
0044 #include <linux/of.h>
0045 #include <linux/irqdomain.h>
0046
0047 #include <asm/ftrace.h>
0048 #include <asm/reg.h>
0049 #include <asm/ppc-opcode.h>
0050 #include <asm/asm-prototypes.h>
0051 #include <asm/archrandom.h>
0052 #include <asm/debug.h>
0053 #include <asm/disassemble.h>
0054 #include <asm/cputable.h>
0055 #include <asm/cacheflush.h>
0056 #include <linux/uaccess.h>
0057 #include <asm/interrupt.h>
0058 #include <asm/io.h>
0059 #include <asm/kvm_ppc.h>
0060 #include <asm/kvm_book3s.h>
0061 #include <asm/mmu_context.h>
0062 #include <asm/lppaca.h>
0063 #include <asm/pmc.h>
0064 #include <asm/processor.h>
0065 #include <asm/cputhreads.h>
0066 #include <asm/page.h>
0067 #include <asm/hvcall.h>
0068 #include <asm/switch_to.h>
0069 #include <asm/smp.h>
0070 #include <asm/dbell.h>
0071 #include <asm/hmi.h>
0072 #include <asm/pnv-pci.h>
0073 #include <asm/mmu.h>
0074 #include <asm/opal.h>
0075 #include <asm/xics.h>
0076 #include <asm/xive.h>
0077 #include <asm/hw_breakpoint.h>
0078 #include <asm/kvm_book3s_uvmem.h>
0079 #include <asm/ultravisor.h>
0080 #include <asm/dtl.h>
0081 #include <asm/plpar_wrappers.h>
0082
0083 #include "book3s.h"
0084 #include "book3s_hv.h"
0085
0086 #define CREATE_TRACE_POINTS
0087 #include "trace_hv.h"
0088
0089 /* #define EXIT_DEBUG */
0090 /* #define EXIT_DEBUG_SIMPLE */
0091 /* #define EXIT_DEBUG_INT */
0092
0093 /* Used to indicate that a guest page fault needs to be handled */
0094 #define RESUME_PAGE_FAULT   (RESUME_GUEST | RESUME_FLAG_ARCH1)
0095 /* Used to indicate that a guest passthrough interrupt needs to be handled */
0096 #define RESUME_PASSTHROUGH  (RESUME_GUEST | RESUME_FLAG_ARCH2)
0097
0098 /* Used as a "null" value for timebase values */
0099 #define TB_NIL  (~(u64)0)
0100
0101 static DECLARE_BITMAP(default_enabled_hcalls, MAX_HCALL_OPCODE/4 + 1);
0102
0103 static int dynamic_mt_modes = 6;
0104 module_param(dynamic_mt_modes, int, 0644);
0105 MODULE_PARM_DESC(dynamic_mt_modes, "Set of allowed dynamic micro-threading modes: 0 (= none), 2, 4, or 6 (= 2 or 4)");
0106 static int target_smt_mode;
0107 module_param(target_smt_mode, int, 0644);
0108 MODULE_PARM_DESC(target_smt_mode, "Target threads per core (0 = max)");
0109
0110 static bool one_vm_per_core;
0111 module_param(one_vm_per_core, bool, S_IRUGO | S_IWUSR);
0112 MODULE_PARM_DESC(one_vm_per_core, "Only run vCPUs from the same VM on a core (requires POWER8 or older)");
0113
0114 #ifdef CONFIG_KVM_XICS
0115 static const struct kernel_param_ops module_param_ops = {
0116     .set = param_set_int,
0117     .get = param_get_int,
0118 };
0119
0120 module_param_cb(kvm_irq_bypass, &module_param_ops, &kvm_irq_bypass, 0644);
0121 MODULE_PARM_DESC(kvm_irq_bypass, "Bypass passthrough interrupt optimization");
0122
0123 module_param_cb(h_ipi_redirect, &module_param_ops, &h_ipi_redirect, 0644);
0124 MODULE_PARM_DESC(h_ipi_redirect, "Redirect H_IPI wakeup to a free host core");
0125 #endif
0126
0127 /* If set, guests are allowed to create and control nested guests */
0128 static bool nested = true;
0129 module_param(nested, bool, S_IRUGO | S_IWUSR);
0130 MODULE_PARM_DESC(nested, "Enable nested virtualization (only on POWER9)");
0131
0132 static int kvmppc_hv_setup_htab_rma(struct kvm_vcpu *vcpu);
0133
0134 /*
0135  * RWMR values for POWER8.  These control the rate at which PURR
0136  * and SPURR count and should be set according to the number of
0137  * online threads in the vcore being run.
0138  */
0139 #define RWMR_RPA_P8_1THREAD 0x164520C62609AECAUL
0140 #define RWMR_RPA_P8_2THREAD 0x7FFF2908450D8DA9UL
0141 #define RWMR_RPA_P8_3THREAD 0x164520C62609AECAUL
0142 #define RWMR_RPA_P8_4THREAD 0x199A421245058DA9UL
0143 #define RWMR_RPA_P8_5THREAD 0x164520C62609AECAUL
0144 #define RWMR_RPA_P8_6THREAD 0x164520C62609AECAUL
0145 #define RWMR_RPA_P8_7THREAD 0x164520C62609AECAUL
0146 #define RWMR_RPA_P8_8THREAD 0x164520C62609AECAUL
0147
0148 static unsigned long p8_rwmr_values[MAX_SMT_THREADS + 1] = {
0149     RWMR_RPA_P8_1THREAD,
0150     RWMR_RPA_P8_1THREAD,
0151     RWMR_RPA_P8_2THREAD,
0152     RWMR_RPA_P8_3THREAD,
0153     RWMR_RPA_P8_4THREAD,
0154     RWMR_RPA_P8_5THREAD,
0155     RWMR_RPA_P8_6THREAD,
0156     RWMR_RPA_P8_7THREAD,
0157     RWMR_RPA_P8_8THREAD,
0158 };
0159
0160 static inline struct kvm_vcpu *next_runnable_thread(struct kvmppc_vcore *vc,
0161         int *ip)
0162 {
0163     int i = *ip;
0164     struct kvm_vcpu *vcpu;
0165
0166     while (++i < MAX_SMT_THREADS) {
0167         vcpu = READ_ONCE(vc->runnable_threads[i]);
0168         if (vcpu) {
0169             *ip = i;
0170             return vcpu;
0171         }
0172     }
0173     return NULL;
0174 }
0175
0176 /* Used to traverse the list of runnable threads for a given vcore */
0177 #define for_each_runnable_thread(i, vcpu, vc) \
0178     for (i = -1; (vcpu = next_runnable_thread(vc, &i)); )
0179
0180 static bool kvmppc_ipi_thread(int cpu)
0181 {
0182     unsigned long msg = PPC_DBELL_TYPE(PPC_DBELL_SERVER);
0183
0184     /* If we're a nested hypervisor, fall back to ordinary IPIs for now */
0185     if (kvmhv_on_pseries())
0186         return false;
0187
0188     /* On POWER9 we can use msgsnd to IPI any cpu */
0189     if (cpu_has_feature(CPU_FTR_ARCH_300)) {
0190         msg |= get_hard_smp_processor_id(cpu);
0191         smp_mb();
0192         __asm__ __volatile__ (PPC_MSGSND(%0) : : "r" (msg));
0193         return true;
0194     }
0195
0196     /* On POWER8 for IPIs to threads in the same core, use msgsnd */
0197     if (cpu_has_feature(CPU_FTR_ARCH_207S)) {
0198         preempt_disable();
0199         if (cpu_first_thread_sibling(cpu) ==
0200             cpu_first_thread_sibling(smp_processor_id())) {
0201             msg |= cpu_thread_in_core(cpu);
0202             smp_mb();
0203             __asm__ __volatile__ (PPC_MSGSND(%0) : : "r" (msg));
0204             preempt_enable();
0205             return true;
0206         }
0207         preempt_enable();
0208     }
0209
0210 #if defined(CONFIG_PPC_ICP_NATIVE) && defined(CONFIG_SMP)
0211     if (cpu >= 0 && cpu < nr_cpu_ids) {
0212         if (paca_ptrs[cpu]->kvm_hstate.xics_phys) {
0213             xics_wake_cpu(cpu);
0214             return true;
0215         }
0216         opal_int_set_mfrr(get_hard_smp_processor_id(cpu), IPI_PRIORITY);
0217         return true;
0218     }
0219 #endif
0220
0221     return false;
0222 }
0223
0224 static void kvmppc_fast_vcpu_kick_hv(struct kvm_vcpu *vcpu)
0225 {
0226     int cpu;
0227     struct rcuwait *waitp;
0228
0229     /*
0230      * rcuwait_wake_up contains smp_mb() which orders prior stores that
0231      * create pending work vs below loads of cpu fields. The other side
0232      * is the barrier in vcpu run that orders setting the cpu fields vs
0233      * testing for pending work.
0234      */
0235
0236     waitp = kvm_arch_vcpu_get_wait(vcpu);
0237     if (rcuwait_wake_up(waitp))
0238         ++vcpu->stat.generic.halt_wakeup;
0239
0240     cpu = READ_ONCE(vcpu->arch.thread_cpu);
0241     if (cpu >= 0 && kvmppc_ipi_thread(cpu))
0242         return;
0243
0244     /* CPU points to the first thread of the core */
0245     cpu = vcpu->cpu;
0246     if (cpu >= 0 && cpu < nr_cpu_ids && cpu_online(cpu))
0247         smp_send_reschedule(cpu);
0248 }
0249
0250 /*
0251  * We use the vcpu_load/put functions to measure stolen time.
0252  * Stolen time is counted as time when either the vcpu is able to
0253  * run as part of a virtual core, but the task running the vcore
0254  * is preempted or sleeping, or when the vcpu needs something done
0255  * in the kernel by the task running the vcpu, but that task is
0256  * preempted or sleeping.  Those two things have to be counted
0257  * separately, since one of the vcpu tasks will take on the job
0258  * of running the core, and the other vcpu tasks in the vcore will
0259  * sleep waiting for it to do that, but that sleep shouldn't count
0260  * as stolen time.
0261  *
0262  * Hence we accumulate stolen time when the vcpu can run as part of
0263  * a vcore using vc->stolen_tb, and the stolen time when the vcpu
0264  * needs its task to do other things in the kernel (for example,
0265  * service a page fault) in busy_stolen.  We don't accumulate
0266  * stolen time for a vcore when it is inactive, or for a vcpu
0267  * when it is in state RUNNING or NOTREADY.  NOTREADY is a bit of
0268  * a misnomer; it means that the vcpu task is not executing in
0269  * the KVM_VCPU_RUN ioctl, i.e. it is in userspace or elsewhere in
0270  * the kernel.  We don't have any way of dividing up that time
0271  * between time that the vcpu is genuinely stopped, time that
0272  * the task is actively working on behalf of the vcpu, and time
0273  * that the task is preempted, so we don't count any of it as
0274  * stolen.
0275  *
0276  * Updates to busy_stolen are protected by arch.tbacct_lock;
0277  * updates to vc->stolen_tb are protected by the vcore->stoltb_lock
0278  * lock.  The stolen times are measured in units of timebase ticks.
0279  * (Note that the != TB_NIL checks below are purely defensive;
0280  * they should never fail.)
0281  */
0282
0283 static void kvmppc_core_start_stolen(struct kvmppc_vcore *vc, u64 tb)
0284 {
0285     unsigned long flags;
0286
0287     WARN_ON_ONCE(cpu_has_feature(CPU_FTR_ARCH_300));
0288
0289     spin_lock_irqsave(&vc->stoltb_lock, flags);
0290     vc->preempt_tb = tb;
0291     spin_unlock_irqrestore(&vc->stoltb_lock, flags);
0292 }
0293
0294 static void kvmppc_core_end_stolen(struct kvmppc_vcore *vc, u64 tb)
0295 {
0296     unsigned long flags;
0297
0298     WARN_ON_ONCE(cpu_has_feature(CPU_FTR_ARCH_300));
0299
0300     spin_lock_irqsave(&vc->stoltb_lock, flags);
0301     if (vc->preempt_tb != TB_NIL) {
0302         vc->stolen_tb += tb - vc->preempt_tb;
0303         vc->preempt_tb = TB_NIL;
0304     }
0305     spin_unlock_irqrestore(&vc->stoltb_lock, flags);
0306 }
0307
0308 static void kvmppc_core_vcpu_load_hv(struct kvm_vcpu *vcpu, int cpu)
0309 {
0310     struct kvmppc_vcore *vc = vcpu->arch.vcore;
0311     unsigned long flags;
0312     u64 now;
0313
0314     if (cpu_has_feature(CPU_FTR_ARCH_300))
0315         return;
0316
0317     now = mftb();
0318
0319     /*
0320      * We can test vc->runner without taking the vcore lock,
0321      * because only this task ever sets vc->runner to this
0322      * vcpu, and once it is set to this vcpu, only this task
0323      * ever sets it to NULL.
0324      */
0325     if (vc->runner == vcpu && vc->vcore_state >= VCORE_SLEEPING)
0326         kvmppc_core_end_stolen(vc, now);
0327
0328     spin_lock_irqsave(&vcpu->arch.tbacct_lock, flags);
0329     if (vcpu->arch.state == KVMPPC_VCPU_BUSY_IN_HOST &&
0330         vcpu->arch.busy_preempt != TB_NIL) {
0331         vcpu->arch.busy_stolen += now - vcpu->arch.busy_preempt;
0332         vcpu->arch.busy_preempt = TB_NIL;
0333     }
0334     spin_unlock_irqrestore(&vcpu->arch.tbacct_lock, flags);
0335 }
0336
0337 static void kvmppc_core_vcpu_put_hv(struct kvm_vcpu *vcpu)
0338 {
0339     struct kvmppc_vcore *vc = vcpu->arch.vcore;
0340     unsigned long flags;
0341     u64 now;
0342
0343     if (cpu_has_feature(CPU_FTR_ARCH_300))
0344         return;
0345
0346     now = mftb();
0347
0348     if (vc->runner == vcpu && vc->vcore_state >= VCORE_SLEEPING)
0349         kvmppc_core_start_stolen(vc, now);
0350
0351     spin_lock_irqsave(&vcpu->arch.tbacct_lock, flags);
0352     if (vcpu->arch.state == KVMPPC_VCPU_BUSY_IN_HOST)
0353         vcpu->arch.busy_preempt = now;
0354     spin_unlock_irqrestore(&vcpu->arch.tbacct_lock, flags);
0355 }
0356
0357 static void kvmppc_set_pvr_hv(struct kvm_vcpu *vcpu, u32 pvr)
0358 {
0359     vcpu->arch.pvr = pvr;
0360 }
0361
0362 /* Dummy value used in computing PCR value below */
0363 #define PCR_ARCH_31    (PCR_ARCH_300 << 1)
0364
0365 static int kvmppc_set_arch_compat(struct kvm_vcpu *vcpu, u32 arch_compat)
0366 {
0367     unsigned long host_pcr_bit = 0, guest_pcr_bit = 0;
0368     struct kvmppc_vcore *vc = vcpu->arch.vcore;
0369
0370     /* We can (emulate) our own architecture version and anything older */
0371     if (cpu_has_feature(CPU_FTR_ARCH_31))
0372         host_pcr_bit = PCR_ARCH_31;
0373     else if (cpu_has_feature(CPU_FTR_ARCH_300))
0374         host_pcr_bit = PCR_ARCH_300;
0375     else if (cpu_has_feature(CPU_FTR_ARCH_207S))
0376         host_pcr_bit = PCR_ARCH_207;
0377     else if (cpu_has_feature(CPU_FTR_ARCH_206))
0378         host_pcr_bit = PCR_ARCH_206;
0379     else
0380         host_pcr_bit = PCR_ARCH_205;
0381
0382     /* Determine lowest PCR bit needed to run guest in given PVR level */
0383     guest_pcr_bit = host_pcr_bit;
0384     if (arch_compat) {
0385         switch (arch_compat) {
0386         case PVR_ARCH_205:
0387             guest_pcr_bit = PCR_ARCH_205;
0388             break;
0389         case PVR_ARCH_206:
0390         case PVR_ARCH_206p:
0391             guest_pcr_bit = PCR_ARCH_206;
0392             break;
0393         case PVR_ARCH_207:
0394             guest_pcr_bit = PCR_ARCH_207;
0395             break;
0396         case PVR_ARCH_300:
0397             guest_pcr_bit = PCR_ARCH_300;
0398             break;
0399         case PVR_ARCH_31:
0400             guest_pcr_bit = PCR_ARCH_31;
0401             break;
0402         default:
0403             return -EINVAL;
0404         }
0405     }
0406
0407     /* Check requested PCR bits don't exceed our capabilities */
0408     if (guest_pcr_bit > host_pcr_bit)
0409         return -EINVAL;
0410
0411     spin_lock(&vc->lock);
0412     vc->arch_compat = arch_compat;
0413     /*
0414      * Set all PCR bits for which guest_pcr_bit <= bit < host_pcr_bit
0415      * Also set all reserved PCR bits
0416      */
0417     vc->pcr = (host_pcr_bit - guest_pcr_bit) | PCR_MASK;
0418     spin_unlock(&vc->lock);
0419
0420     return 0;
0421 }
0422
0423 static void kvmppc_dump_regs(struct kvm_vcpu *vcpu)
0424 {
0425     int r;
0426
0427     pr_err("vcpu %p (%d):\n", vcpu, vcpu->vcpu_id);
0428     pr_err("pc  = %.16lx  msr = %.16llx  trap = %x\n",
0429            vcpu->arch.regs.nip, vcpu->arch.shregs.msr, vcpu->arch.trap);
0430     for (r = 0; r < 16; ++r)
0431         pr_err("r%2d = %.16lx  r%d = %.16lx\n",
0432                r, kvmppc_get_gpr(vcpu, r),
0433                r+16, kvmppc_get_gpr(vcpu, r+16));
0434     pr_err("ctr = %.16lx  lr  = %.16lx\n",
0435            vcpu->arch.regs.ctr, vcpu->arch.regs.link);
0436     pr_err("srr0 = %.16llx srr1 = %.16llx\n",
0437            vcpu->arch.shregs.srr0, vcpu->arch.shregs.srr1);
0438     pr_err("sprg0 = %.16llx sprg1 = %.16llx\n",
0439            vcpu->arch.shregs.sprg0, vcpu->arch.shregs.sprg1);
0440     pr_err("sprg2 = %.16llx sprg3 = %.16llx\n",
0441            vcpu->arch.shregs.sprg2, vcpu->arch.shregs.sprg3);
0442     pr_err("cr = %.8lx  xer = %.16lx  dsisr = %.8x\n",
0443            vcpu->arch.regs.ccr, vcpu->arch.regs.xer, vcpu->arch.shregs.dsisr);
0444     pr_err("dar = %.16llx\n", vcpu->arch.shregs.dar);
0445     pr_err("fault dar = %.16lx dsisr = %.8x\n",
0446            vcpu->arch.fault_dar, vcpu->arch.fault_dsisr);
0447     pr_err("SLB (%d entries):\n", vcpu->arch.slb_max);
0448     for (r = 0; r < vcpu->arch.slb_max; ++r)
0449         pr_err("  ESID = %.16llx VSID = %.16llx\n",
0450                vcpu->arch.slb[r].orige, vcpu->arch.slb[r].origv);
0451     pr_err("lpcr = %.16lx sdr1 = %.16lx last_inst = %.8x\n",
0452            vcpu->arch.vcore->lpcr, vcpu->kvm->arch.sdr1,
0453            vcpu->arch.last_inst);
0454 }
0455
0456 static struct kvm_vcpu *kvmppc_find_vcpu(struct kvm *kvm, int id)
0457 {
0458     return kvm_get_vcpu_by_id(kvm, id);
0459 }
0460
0461 static void init_vpa(struct kvm_vcpu *vcpu, struct lppaca *vpa)
0462 {
0463     vpa->__old_status |= LPPACA_OLD_SHARED_PROC;
0464     vpa->yield_count = cpu_to_be32(1);
0465 }
0466
0467 static int set_vpa(struct kvm_vcpu *vcpu, struct kvmppc_vpa *v,
0468            unsigned long addr, unsigned long len)
0469 {
0470     /* check address is cacheline aligned */
0471     if (addr & (L1_CACHE_BYTES - 1))
0472         return -EINVAL;
0473     spin_lock(&vcpu->arch.vpa_update_lock);
0474     if (v->next_gpa != addr || v->len != len) {
0475         v->next_gpa = addr;
0476         v->len = addr ? len : 0;
0477         v->update_pending = 1;
0478     }
0479     spin_unlock(&vcpu->arch.vpa_update_lock);
0480     return 0;
0481 }
0482
0483 /* Length for a per-processor buffer is passed in at offset 4 in the buffer */
0484 struct reg_vpa {
0485     u32 dummy;
0486     union {
0487         __be16 hword;
0488         __be32 word;
0489     } length;
0490 };
0491
0492 static int vpa_is_registered(struct kvmppc_vpa *vpap)
0493 {
0494     if (vpap->update_pending)
0495         return vpap->next_gpa != 0;
0496     return vpap->pinned_addr != NULL;
0497 }
0498
0499 static unsigned long do_h_register_vpa(struct kvm_vcpu *vcpu,
0500                        unsigned long flags,
0501                        unsigned long vcpuid, unsigned long vpa)
0502 {
0503     struct kvm *kvm = vcpu->kvm;
0504     unsigned long len, nb;
0505     void *va;
0506     struct kvm_vcpu *tvcpu;
0507     int err;
0508     int subfunc;
0509     struct kvmppc_vpa *vpap;
0510
0511     tvcpu = kvmppc_find_vcpu(kvm, vcpuid);
0512     if (!tvcpu)
0513         return H_PARAMETER;
0514
0515     subfunc = (flags >> H_VPA_FUNC_SHIFT) & H_VPA_FUNC_MASK;
0516     if (subfunc == H_VPA_REG_VPA || subfunc == H_VPA_REG_DTL ||
0517         subfunc == H_VPA_REG_SLB) {
0518         /* Registering new area - address must be cache-line aligned */
0519         if ((vpa & (L1_CACHE_BYTES - 1)) || !vpa)
0520             return H_PARAMETER;
0521
0522         /* convert logical addr to kernel addr and read length */
0523         va = kvmppc_pin_guest_page(kvm, vpa, &nb);
0524         if (va == NULL)
0525             return H_PARAMETER;
0526         if (subfunc == H_VPA_REG_VPA)
0527             len = be16_to_cpu(((struct reg_vpa *)va)->length.hword);
0528         else
0529             len = be32_to_cpu(((struct reg_vpa *)va)->length.word);
0530         kvmppc_unpin_guest_page(kvm, va, vpa, false);
0531
0532         /* Check length */
0533         if (len > nb || len < sizeof(struct reg_vpa))
0534             return H_PARAMETER;
0535     } else {
0536         vpa = 0;
0537         len = 0;
0538     }
0539
0540     err = H_PARAMETER;
0541     vpap = NULL;
0542     spin_lock(&tvcpu->arch.vpa_update_lock);
0543
0544     switch (subfunc) {
0545     case H_VPA_REG_VPA:     /* register VPA */
0546         /*
0547          * The size of our lppaca is 1kB because of the way we align
0548          * it for the guest to avoid crossing a 4kB boundary. We only
0549          * use 640 bytes of the structure though, so we should accept
0550          * clients that set a size of 640.
0551          */
0552         BUILD_BUG_ON(sizeof(struct lppaca) != 640);
0553         if (len < sizeof(struct lppaca))
0554             break;
0555         vpap = &tvcpu->arch.vpa;
0556         err = 0;
0557         break;
0558
0559     case H_VPA_REG_DTL:     /* register DTL */
0560         if (len < sizeof(struct dtl_entry))
0561             break;
0562         len -= len % sizeof(struct dtl_entry);
0563
0564         /* Check that they have previously registered a VPA */
0565         err = H_RESOURCE;
0566         if (!vpa_is_registered(&tvcpu->arch.vpa))
0567             break;
0568
0569         vpap = &tvcpu->arch.dtl;
0570         err = 0;
0571         break;
0572
0573     case H_VPA_REG_SLB:     /* register SLB shadow buffer */
0574         /* Check that they have previously registered a VPA */
0575         err = H_RESOURCE;
0576         if (!vpa_is_registered(&tvcpu->arch.vpa))
0577             break;
0578
0579         vpap = &tvcpu->arch.slb_shadow;
0580         err = 0;
0581         break;
0582
0583     case H_VPA_DEREG_VPA:       /* deregister VPA */
0584         /* Check they don't still have a DTL or SLB buf registered */
0585         err = H_RESOURCE;
0586         if (vpa_is_registered(&tvcpu->arch.dtl) ||
0587             vpa_is_registered(&tvcpu->arch.slb_shadow))
0588             break;
0589
0590         vpap = &tvcpu->arch.vpa;
0591         err = 0;
0592         break;
0593
0594     case H_VPA_DEREG_DTL:       /* deregister DTL */
0595         vpap = &tvcpu->arch.dtl;
0596         err = 0;
0597         break;
0598
0599     case H_VPA_DEREG_SLB:       /* deregister SLB shadow buffer */
0600         vpap = &tvcpu->arch.slb_shadow;
0601         err = 0;
0602         break;
0603     }
0604
0605     if (vpap) {
0606         vpap->next_gpa = vpa;
0607         vpap->len = len;
0608         vpap->update_pending = 1;
0609     }
0610
0611     spin_unlock(&tvcpu->arch.vpa_update_lock);
0612
0613     return err;
0614 }
0615
0616 static void kvmppc_update_vpa(struct kvm_vcpu *vcpu, struct kvmppc_vpa *vpap)
0617 {
0618     struct kvm *kvm = vcpu->kvm;
0619     void *va;
0620     unsigned long nb;
0621     unsigned long gpa;
0622
0623     /*
0624      * We need to pin the page pointed to by vpap->next_gpa,
0625      * but we can't call kvmppc_pin_guest_page under the lock
0626      * as it does get_user_pages() and down_read().  So we
0627      * have to drop the lock, pin the page, then get the lock
0628      * again and check that a new area didn't get registered
0629      * in the meantime.
0630      */
0631     for (;;) {
0632         gpa = vpap->next_gpa;
0633         spin_unlock(&vcpu->arch.vpa_update_lock);
0634         va = NULL;
0635         nb = 0;
0636         if (gpa)
0637             va = kvmppc_pin_guest_page(kvm, gpa, &nb);
0638         spin_lock(&vcpu->arch.vpa_update_lock);
0639         if (gpa == vpap->next_gpa)
0640             break;
0641         /* sigh... unpin that one and try again */
0642         if (va)
0643             kvmppc_unpin_guest_page(kvm, va, gpa, false);
0644     }
0645
0646     vpap->update_pending = 0;
0647     if (va && nb < vpap->len) {
0648         /*
0649          * If it's now too short, it must be that userspace
0650          * has changed the mappings underlying guest memory,
0651          * so unregister the region.
0652          */
0653         kvmppc_unpin_guest_page(kvm, va, gpa, false);
0654         va = NULL;
0655     }
0656     if (vpap->pinned_addr)
0657         kvmppc_unpin_guest_page(kvm, vpap->pinned_addr, vpap->gpa,
0658                     vpap->dirty);
0659     vpap->gpa = gpa;
0660     vpap->pinned_addr = va;
0661     vpap->dirty = false;
0662     if (va)
0663         vpap->pinned_end = va + vpap->len;
0664 }
0665
0666 static void kvmppc_update_vpas(struct kvm_vcpu *vcpu)
0667 {
0668     if (!(vcpu->arch.vpa.update_pending ||
0669           vcpu->arch.slb_shadow.update_pending ||
0670           vcpu->arch.dtl.update_pending))
0671         return;
0672
0673     spin_lock(&vcpu->arch.vpa_update_lock);
0674     if (vcpu->arch.vpa.update_pending) {
0675         kvmppc_update_vpa(vcpu, &vcpu->arch.vpa);
0676         if (vcpu->arch.vpa.pinned_addr)
0677             init_vpa(vcpu, vcpu->arch.vpa.pinned_addr);
0678     }
0679     if (vcpu->arch.dtl.update_pending) {
0680         kvmppc_update_vpa(vcpu, &vcpu->arch.dtl);
0681         vcpu->arch.dtl_ptr = vcpu->arch.dtl.pinned_addr;
0682         vcpu->arch.dtl_index = 0;
0683     }
0684     if (vcpu->arch.slb_shadow.update_pending)
0685         kvmppc_update_vpa(vcpu, &vcpu->arch.slb_shadow);
0686     spin_unlock(&vcpu->arch.vpa_update_lock);
0687 }
0688
0689 /*
0690  * Return the accumulated stolen time for the vcore up until `now'.
0691  * The caller should hold the vcore lock.
0692  */
0693 static u64 vcore_stolen_time(struct kvmppc_vcore *vc, u64 now)
0694 {
0695     u64 p;
0696     unsigned long flags;
0697
0698     WARN_ON_ONCE(cpu_has_feature(CPU_FTR_ARCH_300));
0699
0700     spin_lock_irqsave(&vc->stoltb_lock, flags);
0701     p = vc->stolen_tb;
0702     if (vc->vcore_state != VCORE_INACTIVE &&
0703         vc->preempt_tb != TB_NIL)
0704         p += now - vc->preempt_tb;
0705     spin_unlock_irqrestore(&vc->stoltb_lock, flags);
0706     return p;
0707 }
0708
0709 static void __kvmppc_create_dtl_entry(struct kvm_vcpu *vcpu,
0710                     unsigned int pcpu, u64 now,
0711                     unsigned long stolen)
0712 {
0713     struct dtl_entry *dt;
0714     struct lppaca *vpa;
0715
0716     dt = vcpu->arch.dtl_ptr;
0717     vpa = vcpu->arch.vpa.pinned_addr;
0718
0719     if (!dt || !vpa)
0720         return;
0721
0722     dt->dispatch_reason = 7;
0723     dt->preempt_reason = 0;
0724     dt->processor_id = cpu_to_be16(pcpu + vcpu->arch.ptid);
0725     dt->enqueue_to_dispatch_time = cpu_to_be32(stolen);
0726     dt->ready_to_enqueue_time = 0;
0727     dt->waiting_to_ready_time = 0;
0728     dt->timebase = cpu_to_be64(now);
0729     dt->fault_addr = 0;
0730     dt->srr0 = cpu_to_be64(kvmppc_get_pc(vcpu));
0731     dt->srr1 = cpu_to_be64(vcpu->arch.shregs.msr);
0732
0733     ++dt;
0734     if (dt == vcpu->arch.dtl.pinned_end)
0735         dt = vcpu->arch.dtl.pinned_addr;
0736     vcpu->arch.dtl_ptr = dt;
0737     /* order writing *dt vs. writing vpa->dtl_idx */
0738     smp_wmb();
0739     vpa->dtl_idx = cpu_to_be64(++vcpu->arch.dtl_index);
0740     vcpu->arch.dtl.dirty = true;
0741 }
0742
0743 static void kvmppc_create_dtl_entry(struct kvm_vcpu *vcpu,
0744                     struct kvmppc_vcore *vc)
0745 {
0746     unsigned long stolen;
0747     unsigned long core_stolen;
0748     u64 now;
0749     unsigned long flags;
0750
0751     now = mftb();
0752
0753     core_stolen = vcore_stolen_time(vc, now);
0754     stolen = core_stolen - vcpu->arch.stolen_logged;
0755     vcpu->arch.stolen_logged = core_stolen;
0756     spin_lock_irqsave(&vcpu->arch.tbacct_lock, flags);
0757     stolen += vcpu->arch.busy_stolen;
0758     vcpu->arch.busy_stolen = 0;
0759     spin_unlock_irqrestore(&vcpu->arch.tbacct_lock, flags);
0760
0761     __kvmppc_create_dtl_entry(vcpu, vc->pcpu, now + vc->tb_offset, stolen);
0762 }
0763
0764 /* See if there is a doorbell interrupt pending for a vcpu */
0765 static bool kvmppc_doorbell_pending(struct kvm_vcpu *vcpu)
0766 {
0767     int thr;
0768     struct kvmppc_vcore *vc;
0769
0770     if (vcpu->arch.doorbell_request)
0771         return true;
0772     if (cpu_has_feature(CPU_FTR_ARCH_300))
0773         return false;
0774     /*
0775      * Ensure that the read of vcore->dpdes comes after the read
0776      * of vcpu->doorbell_request.  This barrier matches the
0777      * smp_wmb() in kvmppc_guest_entry_inject().
0778      */
0779     smp_rmb();
0780     vc = vcpu->arch.vcore;
0781     thr = vcpu->vcpu_id - vc->first_vcpuid;
0782     return !!(vc->dpdes & (1 << thr));
0783 }
0784
0785 static bool kvmppc_power8_compatible(struct kvm_vcpu *vcpu)
0786 {
0787     if (vcpu->arch.vcore->arch_compat >= PVR_ARCH_207)
0788         return true;
0789     if ((!vcpu->arch.vcore->arch_compat) &&
0790         cpu_has_feature(CPU_FTR_ARCH_207S))
0791         return true;
0792     return false;
0793 }
0794
0795 static int kvmppc_h_set_mode(struct kvm_vcpu *vcpu, unsigned long mflags,
0796                  unsigned long resource, unsigned long value1,
0797                  unsigned long value2)
0798 {
0799     switch (resource) {
0800     case H_SET_MODE_RESOURCE_SET_CIABR:
0801         if (!kvmppc_power8_compatible(vcpu))
0802             return H_P2;
0803         if (value2)
0804             return H_P4;
0805         if (mflags)
0806             return H_UNSUPPORTED_FLAG_START;
0807         /* Guests can't breakpoint the hypervisor */
0808         if ((value1 & CIABR_PRIV) == CIABR_PRIV_HYPER)
0809             return H_P3;
0810         vcpu->arch.ciabr  = value1;
0811         return H_SUCCESS;
0812     case H_SET_MODE_RESOURCE_SET_DAWR0:
0813         if (!kvmppc_power8_compatible(vcpu))
0814             return H_P2;
0815         if (!ppc_breakpoint_available())
0816             return H_P2;
0817         if (mflags)
0818             return H_UNSUPPORTED_FLAG_START;
0819         if (value2 & DABRX_HYP)
0820             return H_P4;
0821         vcpu->arch.dawr0  = value1;
0822         vcpu->arch.dawrx0 = value2;
0823         return H_SUCCESS;
0824     case H_SET_MODE_RESOURCE_SET_DAWR1:
0825         if (!kvmppc_power8_compatible(vcpu))
0826             return H_P2;
0827         if (!ppc_breakpoint_available())
0828             return H_P2;
0829         if (!cpu_has_feature(CPU_FTR_DAWR1))
0830             return H_P2;
0831         if (!vcpu->kvm->arch.dawr1_enabled)
0832             return H_FUNCTION;
0833         if (mflags)
0834             return H_UNSUPPORTED_FLAG_START;
0835         if (value2 & DABRX_HYP)
0836             return H_P4;
0837         vcpu->arch.dawr1  = value1;
0838         vcpu->arch.dawrx1 = value2;
0839         return H_SUCCESS;
0840     case H_SET_MODE_RESOURCE_ADDR_TRANS_MODE:
0841         /*
0842          * KVM does not support mflags=2 (AIL=2) and AIL=1 is reserved.
0843          * Keep this in synch with kvmppc_filter_guest_lpcr_hv.
0844          */
0845         if (cpu_has_feature(CPU_FTR_P9_RADIX_PREFETCH_BUG) &&
0846                 kvmhv_vcpu_is_radix(vcpu) && mflags == 3)
0847             return H_UNSUPPORTED_FLAG_START;
0848         return H_TOO_HARD;
0849     default:
0850         return H_TOO_HARD;
0851     }
0852 }
0853
0854 /* Copy guest memory in place - must reside within a single memslot */
0855 static int kvmppc_copy_guest(struct kvm *kvm, gpa_t to, gpa_t from,
0856                   unsigned long len)
0857 {
0858     struct kvm_memory_slot *to_memslot = NULL;
0859     struct kvm_memory_slot *from_memslot = NULL;
0860     unsigned long to_addr, from_addr;
0861     int r;
0862
0863     /* Get HPA for from address */
0864     from_memslot = gfn_to_memslot(kvm, from >> PAGE_SHIFT);
0865     if (!from_memslot)
0866         return -EFAULT;
0867     if ((from + len) >= ((from_memslot->base_gfn + from_memslot->npages)
0868                  << PAGE_SHIFT))
0869         return -EINVAL;
0870     from_addr = gfn_to_hva_memslot(from_memslot, from >> PAGE_SHIFT);
0871     if (kvm_is_error_hva(from_addr))
0872         return -EFAULT;
0873     from_addr |= (from & (PAGE_SIZE - 1));
0874
0875     /* Get HPA for to address */
0876     to_memslot = gfn_to_memslot(kvm, to >> PAGE_SHIFT);
0877     if (!to_memslot)
0878         return -EFAULT;
0879     if ((to + len) >= ((to_memslot->base_gfn + to_memslot->npages)
0880                << PAGE_SHIFT))
0881         return -EINVAL;
0882     to_addr = gfn_to_hva_memslot(to_memslot, to >> PAGE_SHIFT);
0883     if (kvm_is_error_hva(to_addr))
0884         return -EFAULT;
0885     to_addr |= (to & (PAGE_SIZE - 1));
0886
0887     /* Perform copy */
0888     r = raw_copy_in_user((void __user *)to_addr, (void __user *)from_addr,
0889                  len);
0890     if (r)
0891         return -EFAULT;
0892     mark_page_dirty(kvm, to >> PAGE_SHIFT);
0893     return 0;
0894 }
0895
0896 static long kvmppc_h_page_init(struct kvm_vcpu *vcpu, unsigned long flags,
0897                    unsigned long dest, unsigned long src)
0898 {
0899     u64 pg_sz = SZ_4K;      /* 4K page size */
0900     u64 pg_mask = SZ_4K - 1;
0901     int ret;
0902
0903     /* Check for invalid flags (H_PAGE_SET_LOANED covers all CMO flags) */
0904     if (flags & ~(H_ICACHE_INVALIDATE | H_ICACHE_SYNCHRONIZE |
0905               H_ZERO_PAGE | H_COPY_PAGE | H_PAGE_SET_LOANED))
0906         return H_PARAMETER;
0907
0908     /* dest (and src if copy_page flag set) must be page aligned */
0909     if ((dest & pg_mask) || ((flags & H_COPY_PAGE) && (src & pg_mask)))
0910         return H_PARAMETER;
0911
0912     /* zero and/or copy the page as determined by the flags */
0913     if (flags & H_COPY_PAGE) {
0914         ret = kvmppc_copy_guest(vcpu->kvm, dest, src, pg_sz);
0915         if (ret < 0)
0916             return H_PARAMETER;
0917     } else if (flags & H_ZERO_PAGE) {
0918         ret = kvm_clear_guest(vcpu->kvm, dest, pg_sz);
0919         if (ret < 0)
0920             return H_PARAMETER;
0921     }
0922
0923     /* We can ignore the remaining flags */
0924
0925     return H_SUCCESS;
0926 }
0927
0928 static int kvm_arch_vcpu_yield_to(struct kvm_vcpu *target)
0929 {
0930     struct kvmppc_vcore *vcore = target->arch.vcore;
0931
0932     /*
0933      * We expect to have been called by the real mode handler
0934      * (kvmppc_rm_h_confer()) which would have directly returned
0935      * H_SUCCESS if the source vcore wasn't idle (e.g. if it may
0936      * have useful work to do and should not confer) so we don't
0937      * recheck that here.
0938      *
0939      * In the case of the P9 single vcpu per vcore case, the real
0940      * mode handler is not called but no other threads are in the
0941      * source vcore.
0942      */
0943     if (!cpu_has_feature(CPU_FTR_ARCH_300)) {
0944         spin_lock(&vcore->lock);
0945         if (target->arch.state == KVMPPC_VCPU_RUNNABLE &&
0946             vcore->vcore_state != VCORE_INACTIVE &&
0947             vcore->runner)
0948             target = vcore->runner;
0949         spin_unlock(&vcore->lock);
0950     }
0951
0952     return kvm_vcpu_yield_to(target);
0953 }
0954
0955 static int kvmppc_get_yield_count(struct kvm_vcpu *vcpu)
0956 {
0957     int yield_count = 0;
0958     struct lppaca *lppaca;
0959
0960     spin_lock(&vcpu->arch.vpa_update_lock);
0961     lppaca = (struct lppaca *)vcpu->arch.vpa.pinned_addr;
0962     if (lppaca)
0963         yield_count = be32_to_cpu(lppaca->yield_count);
0964     spin_unlock(&vcpu->arch.vpa_update_lock);
0965     return yield_count;
0966 }
0967
0968 /*
0969  * H_RPT_INVALIDATE hcall handler for nested guests.
0970  *
0971  * Handles only nested process-scoped invalidation requests in L0.
0972  */
0973 static int kvmppc_nested_h_rpt_invalidate(struct kvm_vcpu *vcpu)
0974 {
0975     unsigned long type = kvmppc_get_gpr(vcpu, 6);
0976     unsigned long pid, pg_sizes, start, end;
0977
0978     /*
0979      * The partition-scoped invalidations aren't handled here in L0.
0980      */
0981     if (type & H_RPTI_TYPE_NESTED)
0982         return RESUME_HOST;
0983
0984     pid = kvmppc_get_gpr(vcpu, 4);
0985     pg_sizes = kvmppc_get_gpr(vcpu, 7);
0986     start = kvmppc_get_gpr(vcpu, 8);
0987     end = kvmppc_get_gpr(vcpu, 9);
0988
0989     do_h_rpt_invalidate_prt(pid, vcpu->arch.nested->shadow_lpid,
0990                 type, pg_sizes, start, end);
0991
0992     kvmppc_set_gpr(vcpu, 3, H_SUCCESS);
0993     return RESUME_GUEST;
0994 }
0995
0996 static long kvmppc_h_rpt_invalidate(struct kvm_vcpu *vcpu,
0997                     unsigned long id, unsigned long target,
0998                     unsigned long type, unsigned long pg_sizes,
0999                     unsigned long start, unsigned long end)
1000 {
1001     if (!kvm_is_radix(vcpu->kvm))
1002         return H_UNSUPPORTED;
1003
1004     if (end < start)
1005         return H_P5;
1006
1007     /*
1008      * Partition-scoped invalidation for nested guests.
1009      */
1010     if (type & H_RPTI_TYPE_NESTED) {
1011         if (!nesting_enabled(vcpu->kvm))
1012             return H_FUNCTION;
1013
1014         /* Support only cores as target */
1015         if (target != H_RPTI_TARGET_CMMU)
1016             return H_P2;
1017
1018         return do_h_rpt_invalidate_pat(vcpu, id, type, pg_sizes,
1019                            start, end);
1020     }
1021
1022     /*
1023      * Process-scoped invalidation for L1 guests.
1024      */
1025     do_h_rpt_invalidate_prt(id, vcpu->kvm->arch.lpid,
1026                 type, pg_sizes, start, end);
1027     return H_SUCCESS;
1028 }
1029
1030 int kvmppc_pseries_do_hcall(struct kvm_vcpu *vcpu)
1031 {
1032     struct kvm *kvm = vcpu->kvm;
1033     unsigned long req = kvmppc_get_gpr(vcpu, 3);
1034     unsigned long target, ret = H_SUCCESS;
1035     int yield_count;
1036     struct kvm_vcpu *tvcpu;
1037     int idx, rc;
1038
1039     if (req <= MAX_HCALL_OPCODE &&
1040         !test_bit(req/4, vcpu->kvm->arch.enabled_hcalls))
1041         return RESUME_HOST;
1042
1043     switch (req) {
1044     case H_REMOVE:
1045         ret = kvmppc_h_remove(vcpu, kvmppc_get_gpr(vcpu, 4),
1046                     kvmppc_get_gpr(vcpu, 5),
1047                     kvmppc_get_gpr(vcpu, 6));
1048         if (ret == H_TOO_HARD)
1049             return RESUME_HOST;
1050         break;
1051     case H_ENTER:
1052         ret = kvmppc_h_enter(vcpu, kvmppc_get_gpr(vcpu, 4),
1053                     kvmppc_get_gpr(vcpu, 5),
1054                     kvmppc_get_gpr(vcpu, 6),
1055                     kvmppc_get_gpr(vcpu, 7));
1056         if (ret == H_TOO_HARD)
1057             return RESUME_HOST;
1058         break;
1059     case H_READ:
1060         ret = kvmppc_h_read(vcpu, kvmppc_get_gpr(vcpu, 4),
1061                     kvmppc_get_gpr(vcpu, 5));
1062         if (ret == H_TOO_HARD)
1063             return RESUME_HOST;
1064         break;
1065     case H_CLEAR_MOD:
1066         ret = kvmppc_h_clear_mod(vcpu, kvmppc_get_gpr(vcpu, 4),
1067                     kvmppc_get_gpr(vcpu, 5));
1068         if (ret == H_TOO_HARD)
1069             return RESUME_HOST;
1070         break;
1071     case H_CLEAR_REF:
1072         ret = kvmppc_h_clear_ref(vcpu, kvmppc_get_gpr(vcpu, 4),
1073                     kvmppc_get_gpr(vcpu, 5));
1074         if (ret == H_TOO_HARD)
1075             return RESUME_HOST;
1076         break;
1077     case H_PROTECT:
1078         ret = kvmppc_h_protect(vcpu, kvmppc_get_gpr(vcpu, 4),
1079                     kvmppc_get_gpr(vcpu, 5),
1080                     kvmppc_get_gpr(vcpu, 6));
1081         if (ret == H_TOO_HARD)
1082             return RESUME_HOST;
1083         break;
1084     case H_BULK_REMOVE:
1085         ret = kvmppc_h_bulk_remove(vcpu);
1086         if (ret == H_TOO_HARD)
1087             return RESUME_HOST;
1088         break;
1089
1090     case H_CEDE:
1091         break;
1092     case H_PROD:
1093         target = kvmppc_get_gpr(vcpu, 4);
1094         tvcpu = kvmppc_find_vcpu(kvm, target);
1095         if (!tvcpu) {
1096             ret = H_PARAMETER;
1097             break;
1098         }
1099         tvcpu->arch.prodded = 1;
1100         smp_mb(); /* This orders prodded store vs ceded load */
1101         if (tvcpu->arch.ceded)
1102             kvmppc_fast_vcpu_kick_hv(tvcpu);
1103         break;
1104     case H_CONFER:
1105         target = kvmppc_get_gpr(vcpu, 4);
1106         if (target == -1)
1107             break;
1108         tvcpu = kvmppc_find_vcpu(kvm, target);
1109         if (!tvcpu) {
1110             ret = H_PARAMETER;
1111             break;
1112         }
1113         yield_count = kvmppc_get_gpr(vcpu, 5);
1114         if (kvmppc_get_yield_count(tvcpu) != yield_count)
1115             break;
1116         kvm_arch_vcpu_yield_to(tvcpu);
1117         break;
1118     case H_REGISTER_VPA:
1119         ret = do_h_register_vpa(vcpu, kvmppc_get_gpr(vcpu, 4),
1120                     kvmppc_get_gpr(vcpu, 5),
1121                     kvmppc_get_gpr(vcpu, 6));
1122         break;
1123     case H_RTAS:
1124         if (list_empty(&kvm->arch.rtas_tokens))
1125             return RESUME_HOST;
1126
1127         idx = srcu_read_lock(&kvm->srcu);
1128         rc = kvmppc_rtas_hcall(vcpu);
1129         srcu_read_unlock(&kvm->srcu, idx);
1130
1131         if (rc == -ENOENT)
1132             return RESUME_HOST;
1133         else if (rc == 0)
1134             break;
1135
1136         /* Send the error out to userspace via KVM_RUN */
1137         return rc;
1138     case H_LOGICAL_CI_LOAD:
1139         ret = kvmppc_h_logical_ci_load(vcpu);
1140         if (ret == H_TOO_HARD)
1141             return RESUME_HOST;
1142         break;
1143     case H_LOGICAL_CI_STORE:
1144         ret = kvmppc_h_logical_ci_store(vcpu);
1145         if (ret == H_TOO_HARD)
1146             return RESUME_HOST;
1147         break;
1148     case H_SET_MODE:
1149         ret = kvmppc_h_set_mode(vcpu, kvmppc_get_gpr(vcpu, 4),
1150                     kvmppc_get_gpr(vcpu, 5),
1151                     kvmppc_get_gpr(vcpu, 6),
1152                     kvmppc_get_gpr(vcpu, 7));
1153         if (ret == H_TOO_HARD)
1154             return RESUME_HOST;
1155         break;
1156     case H_XIRR:
1157     case H_CPPR:
1158     case H_EOI:
1159     case H_IPI:
1160     case H_IPOLL:
1161     case H_XIRR_X:
1162         if (kvmppc_xics_enabled(vcpu)) {
1163             if (xics_on_xive()) {
1164                 ret = H_NOT_AVAILABLE;
1165                 return RESUME_GUEST;
1166             }
1167             ret = kvmppc_xics_hcall(vcpu, req);
1168             break;
1169         }
1170         return RESUME_HOST;
1171     case H_SET_DABR:
1172         ret = kvmppc_h_set_dabr(vcpu, kvmppc_get_gpr(vcpu, 4));
1173         break;
1174     case H_SET_XDABR:
1175         ret = kvmppc_h_set_xdabr(vcpu, kvmppc_get_gpr(vcpu, 4),
1176                         kvmppc_get_gpr(vcpu, 5));
1177         break;
1178 #ifdef CONFIG_SPAPR_TCE_IOMMU
1179     case H_GET_TCE:
1180         ret = kvmppc_h_get_tce(vcpu, kvmppc_get_gpr(vcpu, 4),
1181                         kvmppc_get_gpr(vcpu, 5));
1182         if (ret == H_TOO_HARD)
1183             return RESUME_HOST;
1184         break;
1185     case H_PUT_TCE:
1186         ret = kvmppc_h_put_tce(vcpu, kvmppc_get_gpr(vcpu, 4),
1187                         kvmppc_get_gpr(vcpu, 5),
1188                         kvmppc_get_gpr(vcpu, 6));
1189         if (ret == H_TOO_HARD)
1190             return RESUME_HOST;
1191         break;
1192     case H_PUT_TCE_INDIRECT:
1193         ret = kvmppc_h_put_tce_indirect(vcpu, kvmppc_get_gpr(vcpu, 4),
1194                         kvmppc_get_gpr(vcpu, 5),
1195                         kvmppc_get_gpr(vcpu, 6),
1196                         kvmppc_get_gpr(vcpu, 7));
1197         if (ret == H_TOO_HARD)
1198             return RESUME_HOST;
1199         break;
1200     case H_STUFF_TCE:
1201         ret = kvmppc_h_stuff_tce(vcpu, kvmppc_get_gpr(vcpu, 4),
1202                         kvmppc_get_gpr(vcpu, 5),
1203                         kvmppc_get_gpr(vcpu, 6),
1204                         kvmppc_get_gpr(vcpu, 7));
1205         if (ret == H_TOO_HARD)
1206             return RESUME_HOST;
1207         break;
1208 #endif
1209     case H_RANDOM:
1210         if (!arch_get_random_seed_longs(&vcpu->arch.regs.gpr[4], 1))
1211             ret = H_HARDWARE;
1212         break;
1213     case H_RPT_INVALIDATE:
1214         ret = kvmppc_h_rpt_invalidate(vcpu, kvmppc_get_gpr(vcpu, 4),
1215                           kvmppc_get_gpr(vcpu, 5),
1216                           kvmppc_get_gpr(vcpu, 6),
1217                           kvmppc_get_gpr(vcpu, 7),
1218                           kvmppc_get_gpr(vcpu, 8),
1219                           kvmppc_get_gpr(vcpu, 9));
1220         break;
1221
1222     case H_SET_PARTITION_TABLE:
1223         ret = H_FUNCTION;
1224         if (nesting_enabled(kvm))
1225             ret = kvmhv_set_partition_table(vcpu);
1226         break;
1227     case H_ENTER_NESTED:
1228         ret = H_FUNCTION;
1229         if (!nesting_enabled(kvm))
1230             break;
1231         ret = kvmhv_enter_nested_guest(vcpu);
1232         if (ret == H_INTERRUPT) {
1233             kvmppc_set_gpr(vcpu, 3, 0);
1234             vcpu->arch.hcall_needed = 0;
1235             return -EINTR;
1236         } else if (ret == H_TOO_HARD) {
1237             kvmppc_set_gpr(vcpu, 3, 0);
1238             vcpu->arch.hcall_needed = 0;
1239             return RESUME_HOST;
1240         }
1241         break;
1242     case H_TLB_INVALIDATE:
1243         ret = H_FUNCTION;
1244         if (nesting_enabled(kvm))
1245             ret = kvmhv_do_nested_tlbie(vcpu);
1246         break;
1247     case H_COPY_TOFROM_GUEST:
1248         ret = H_FUNCTION;
1249         if (nesting_enabled(kvm))
1250             ret = kvmhv_copy_tofrom_guest_nested(vcpu);
1251         break;
1252     case H_PAGE_INIT:
1253         ret = kvmppc_h_page_init(vcpu, kvmppc_get_gpr(vcpu, 4),
1254                      kvmppc_get_gpr(vcpu, 5),
1255                      kvmppc_get_gpr(vcpu, 6));
1256         break;
1257     case H_SVM_PAGE_IN:
1258         ret = H_UNSUPPORTED;
1259         if (kvmppc_get_srr1(vcpu) & MSR_S)
1260             ret = kvmppc_h_svm_page_in(kvm,
1261                            kvmppc_get_gpr(vcpu, 4),
1262                            kvmppc_get_gpr(vcpu, 5),
1263                            kvmppc_get_gpr(vcpu, 6));
1264         break;
1265     case H_SVM_PAGE_OUT:
1266         ret = H_UNSUPPORTED;
1267         if (kvmppc_get_srr1(vcpu) & MSR_S)
1268             ret = kvmppc_h_svm_page_out(kvm,
1269                             kvmppc_get_gpr(vcpu, 4),
1270                             kvmppc_get_gpr(vcpu, 5),
1271                             kvmppc_get_gpr(vcpu, 6));
1272         break;
1273     case H_SVM_INIT_START:
1274         ret = H_UNSUPPORTED;
1275         if (kvmppc_get_srr1(vcpu) & MSR_S)
1276             ret = kvmppc_h_svm_init_start(kvm);
1277         break;
1278     case H_SVM_INIT_DONE:
1279         ret = H_UNSUPPORTED;
1280         if (kvmppc_get_srr1(vcpu) & MSR_S)
1281             ret = kvmppc_h_svm_init_done(kvm);
1282         break;
1283     case H_SVM_INIT_ABORT:
1284         /*
1285          * Even if that call is made by the Ultravisor, the SSR1 value
1286          * is the guest context one, with the secure bit clear as it has
1287          * not yet been secured. So we can't check it here.
1288          * Instead the kvm->arch.secure_guest flag is checked inside
1289          * kvmppc_h_svm_init_abort().
1290          */
1291         ret = kvmppc_h_svm_init_abort(kvm);
1292         break;
1293
1294     default:
1295         return RESUME_HOST;
1296     }
1297     WARN_ON_ONCE(ret == H_TOO_HARD);
1298     kvmppc_set_gpr(vcpu, 3, ret);
1299     vcpu->arch.hcall_needed = 0;
1300     return RESUME_GUEST;
1301 }
1302
1303 /*
1304  * Handle H_CEDE in the P9 path where we don't call the real-mode hcall
1305  * handlers in book3s_hv_rmhandlers.S.
1306  *
1307  * This has to be done early, not in kvmppc_pseries_do_hcall(), so
1308  * that the cede logic in kvmppc_run_single_vcpu() works properly.
1309  */
1310 static void kvmppc_cede(struct kvm_vcpu *vcpu)
1311 {
1312     vcpu->arch.shregs.msr |= MSR_EE;
1313     vcpu->arch.ceded = 1;
1314     smp_mb();
1315     if (vcpu->arch.prodded) {
1316         vcpu->arch.prodded = 0;
1317         smp_mb();
1318         vcpu->arch.ceded = 0;
1319     }
1320 }
1321
1322 static int kvmppc_hcall_impl_hv(unsigned long cmd)
1323 {
1324     switch (cmd) {
1325     case H_CEDE:
1326     case H_PROD:
1327     case H_CONFER:
1328     case H_REGISTER_VPA:
1329     case H_SET_MODE:
1330 #ifdef CONFIG_SPAPR_TCE_IOMMU
1331     case H_GET_TCE:
1332     case H_PUT_TCE:
1333     case H_PUT_TCE_INDIRECT:
1334     case H_STUFF_TCE:
1335 #endif
1336     case H_LOGICAL_CI_LOAD:
1337     case H_LOGICAL_CI_STORE:
1338 #ifdef CONFIG_KVM_XICS
1339     case H_XIRR:
1340     case H_CPPR:
1341     case H_EOI:
1342     case H_IPI:
1343     case H_IPOLL:
1344     case H_XIRR_X:
1345 #endif
1346     case H_PAGE_INIT:
1347     case H_RPT_INVALIDATE:
1348         return 1;
1349     }
1350
1351     /* See if it's in the real-mode table */
1352     return kvmppc_hcall_impl_hv_realmode(cmd);
1353 }
1354
1355 static int kvmppc_emulate_debug_inst(struct kvm_vcpu *vcpu)
1356 {
1357     u32 last_inst;
1358
1359     if (kvmppc_get_last_inst(vcpu, INST_GENERIC, &last_inst) !=
1360                     EMULATE_DONE) {
1361         /*
1362          * Fetch failed, so return to guest and
1363          * try executing it again.
1364          */
1365         return RESUME_GUEST;
1366     }
1367
1368     if (last_inst == KVMPPC_INST_SW_BREAKPOINT) {
1369         vcpu->run->exit_reason = KVM_EXIT_DEBUG;
1370         vcpu->run->debug.arch.address = kvmppc_get_pc(vcpu);
1371         return RESUME_HOST;
1372     } else {
1373         kvmppc_core_queue_program(vcpu, SRR1_PROGILL);
1374         return RESUME_GUEST;
1375     }
1376 }
1377
1378 static void do_nothing(void *x)
1379 {
1380 }
1381
1382 static unsigned long kvmppc_read_dpdes(struct kvm_vcpu *vcpu)
1383 {
1384     int thr, cpu, pcpu, nthreads;
1385     struct kvm_vcpu *v;
1386     unsigned long dpdes;
1387
1388     nthreads = vcpu->kvm->arch.emul_smt_mode;
1389     dpdes = 0;
1390     cpu = vcpu->vcpu_id & ~(nthreads - 1);
1391     for (thr = 0; thr < nthreads; ++thr, ++cpu) {
1392         v = kvmppc_find_vcpu(vcpu->kvm, cpu);
1393         if (!v)
1394             continue;
1395         /*
1396          * If the vcpu is currently running on a physical cpu thread,
1397          * interrupt it in order to pull it out of the guest briefly,
1398          * which will update its vcore->dpdes value.
1399          */
1400         pcpu = READ_ONCE(v->cpu);
1401         if (pcpu >= 0)
1402             smp_call_function_single(pcpu, do_nothing, NULL, 1);
1403         if (kvmppc_doorbell_pending(v))
1404             dpdes |= 1 << thr;
1405     }
1406     return dpdes;
1407 }
1408
1409 /*
1410  * On POWER9, emulate doorbell-related instructions in order to
1411  * give the guest the illusion of running on a multi-threaded core.
1412  * The instructions emulated are msgsndp, msgclrp, mfspr TIR,
1413  * and mfspr DPDES.
1414  */
1415 static int kvmppc_emulate_doorbell_instr(struct kvm_vcpu *vcpu)
1416 {
1417     u32 inst, rb, thr;
1418     unsigned long arg;
1419     struct kvm *kvm = vcpu->kvm;
1420     struct kvm_vcpu *tvcpu;
1421
1422     if (kvmppc_get_last_inst(vcpu, INST_GENERIC, &inst) != EMULATE_DONE)
1423         return RESUME_GUEST;
1424     if (get_op(inst) != 31)
1425         return EMULATE_FAIL;
1426     rb = get_rb(inst);
1427     thr = vcpu->vcpu_id & (kvm->arch.emul_smt_mode - 1);
1428     switch (get_xop(inst)) {
1429     case OP_31_XOP_MSGSNDP:
1430         arg = kvmppc_get_gpr(vcpu, rb);
1431         if (((arg >> 27) & 0x1f) != PPC_DBELL_SERVER)
1432             break;
1433         arg &= 0x7f;
1434         if (arg >= kvm->arch.emul_smt_mode)
1435             break;
1436         tvcpu = kvmppc_find_vcpu(kvm, vcpu->vcpu_id - thr + arg);
1437         if (!tvcpu)
1438             break;
1439         if (!tvcpu->arch.doorbell_request) {
1440             tvcpu->arch.doorbell_request = 1;
1441             kvmppc_fast_vcpu_kick_hv(tvcpu);
1442         }
1443         break;
1444     case OP_31_XOP_MSGCLRP:
1445         arg = kvmppc_get_gpr(vcpu, rb);
1446         if (((arg >> 27) & 0x1f) != PPC_DBELL_SERVER)
1447             break;
1448         vcpu->arch.vcore->dpdes = 0;
1449         vcpu->arch.doorbell_request = 0;
1450         break;
1451     case OP_31_XOP_MFSPR:
1452         switch (get_sprn(inst)) {
1453         case SPRN_TIR:
1454             arg = thr;
1455             break;
1456         case SPRN_DPDES:
1457             arg = kvmppc_read_dpdes(vcpu);
1458             break;
1459         default:
1460             return EMULATE_FAIL;
1461         }
1462         kvmppc_set_gpr(vcpu, get_rt(inst), arg);
1463         break;
1464     default:
1465         return EMULATE_FAIL;
1466     }
1467     kvmppc_set_pc(vcpu, kvmppc_get_pc(vcpu) + 4);
1468     return RESUME_GUEST;
1469 }
1470
1471 /*
1472  * If the lppaca had pmcregs_in_use clear when we exited the guest, then
1473  * HFSCR_PM is cleared for next entry. If the guest then tries to access
1474  * the PMU SPRs, we get this facility unavailable interrupt. Putting HFSCR_PM
1475  * back in the guest HFSCR will cause the next entry to load the PMU SPRs and
1476  * allow the guest access to continue.
1477  */
1478 static int kvmppc_pmu_unavailable(struct kvm_vcpu *vcpu)
1479 {
1480     if (!(vcpu->arch.hfscr_permitted & HFSCR_PM))
1481         return EMULATE_FAIL;
1482
1483     vcpu->arch.hfscr |= HFSCR_PM;
1484
1485     return RESUME_GUEST;
1486 }
1487
1488 static int kvmppc_ebb_unavailable(struct kvm_vcpu *vcpu)
1489 {
1490     if (!(vcpu->arch.hfscr_permitted & HFSCR_EBB))
1491         return EMULATE_FAIL;
1492
1493     vcpu->arch.hfscr |= HFSCR_EBB;
1494
1495     return RESUME_GUEST;
1496 }
1497
1498 static int kvmppc_tm_unavailable(struct kvm_vcpu *vcpu)
1499 {
1500     if (!(vcpu->arch.hfscr_permitted & HFSCR_TM))
1501         return EMULATE_FAIL;
1502
1503     vcpu->arch.hfscr |= HFSCR_TM;
1504
1505     return RESUME_GUEST;
1506 }
1507
1508 static int kvmppc_handle_exit_hv(struct kvm_vcpu *vcpu,
1509                  struct task_struct *tsk)
1510 {
1511     struct kvm_run *run = vcpu->run;
1512     int r = RESUME_HOST;
1513
1514     vcpu->stat.sum_exits++;
1515
1516     /*
1517      * This can happen if an interrupt occurs in the last stages
1518      * of guest entry or the first stages of guest exit (i.e. after
1519      * setting paca->kvm_hstate.in_guest to KVM_GUEST_MODE_GUEST_HV
1520      * and before setting it to KVM_GUEST_MODE_HOST_HV).
1521      * That can happen due to a bug, or due to a machine check
1522      * occurring at just the wrong time.
1523      */
1524     if (vcpu->arch.shregs.msr & MSR_HV) {
1525         printk(KERN_EMERG "KVM trap in HV mode!\n");
1526         printk(KERN_EMERG "trap=0x%x | pc=0x%lx | msr=0x%llx\n",
1527             vcpu->arch.trap, kvmppc_get_pc(vcpu),
1528             vcpu->arch.shregs.msr);
1529         kvmppc_dump_regs(vcpu);
1530         run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
1531         run->hw.hardware_exit_reason = vcpu->arch.trap;
1532         return RESUME_HOST;
1533     }
1534     run->exit_reason = KVM_EXIT_UNKNOWN;
1535     run->ready_for_interrupt_injection = 1;
1536     switch (vcpu->arch.trap) {
1537     /* We're good on these - the host merely wanted to get our attention */
1538     case BOOK3S_INTERRUPT_NESTED_HV_DECREMENTER:
1539         WARN_ON_ONCE(1); /* Should never happen */
1540         vcpu->arch.trap = BOOK3S_INTERRUPT_HV_DECREMENTER;
1541         fallthrough;
1542     case BOOK3S_INTERRUPT_HV_DECREMENTER:
1543         vcpu->stat.dec_exits++;
1544         r = RESUME_GUEST;
1545         break;
1546     case BOOK3S_INTERRUPT_EXTERNAL:
1547     case BOOK3S_INTERRUPT_H_DOORBELL:
1548     case BOOK3S_INTERRUPT_H_VIRT:
1549         vcpu->stat.ext_intr_exits++;
1550         r = RESUME_GUEST;
1551         break;
1552     /* SR/HMI/PMI are HV interrupts that host has handled. Resume guest.*/
1553     case BOOK3S_INTERRUPT_HMI:
1554     case BOOK3S_INTERRUPT_PERFMON:
1555     case BOOK3S_INTERRUPT_SYSTEM_RESET:
1556         r = RESUME_GUEST;
1557         break;
1558     case BOOK3S_INTERRUPT_MACHINE_CHECK: {
1559         static DEFINE_RATELIMIT_STATE(rs, DEFAULT_RATELIMIT_INTERVAL,
1560                           DEFAULT_RATELIMIT_BURST);
1561         /*
1562          * Print the MCE event to host console. Ratelimit so the guest
1563          * can't flood the host log.
1564          */
1565         if (__ratelimit(&rs))
1566             machine_check_print_event_info(&vcpu->arch.mce_evt,false, true);
1567
1568         /*
1569          * If the guest can do FWNMI, exit to userspace so it can
1570          * deliver a FWNMI to the guest.
1571          * Otherwise we synthesize a machine check for the guest
1572          * so that it knows that the machine check occurred.
1573          */
1574         if (!vcpu->kvm->arch.fwnmi_enabled) {
1575             ulong flags = vcpu->arch.shregs.msr & 0x083c0000;
1576             kvmppc_core_queue_machine_check(vcpu, flags);
1577             r = RESUME_GUEST;
1578             break;
1579         }
1580
1581         /* Exit to guest with KVM_EXIT_NMI as exit reason */
1582         run->exit_reason = KVM_EXIT_NMI;
1583         run->hw.hardware_exit_reason = vcpu->arch.trap;
1584         /* Clear out the old NMI status from run->flags */
1585         run->flags &= ~KVM_RUN_PPC_NMI_DISP_MASK;
1586         /* Now set the NMI status */
1587         if (vcpu->arch.mce_evt.disposition == MCE_DISPOSITION_RECOVERED)
1588             run->flags |= KVM_RUN_PPC_NMI_DISP_FULLY_RECOV;
1589         else
1590             run->flags |= KVM_RUN_PPC_NMI_DISP_NOT_RECOV;
1591
1592         r = RESUME_HOST;
1593         break;
1594     }
1595     case BOOK3S_INTERRUPT_PROGRAM:
1596     {
1597         ulong flags;
1598         /*
1599          * Normally program interrupts are delivered directly
1600          * to the guest by the hardware, but we can get here
1601          * as a result of a hypervisor emulation interrupt
1602          * (e40) getting turned into a 700 by BML RTAS.
1603          */
1604         flags = vcpu->arch.shregs.msr & 0x1f0000ull;
1605         kvmppc_core_queue_program(vcpu, flags);
1606         r = RESUME_GUEST;
1607         break;
1608     }
1609     case BOOK3S_INTERRUPT_SYSCALL:
1610     {
1611         int i;
1612
1613         if (unlikely(vcpu->arch.shregs.msr & MSR_PR)) {
1614             /*
1615              * Guest userspace executed sc 1. This can only be
1616              * reached by the P9 path because the old path
1617              * handles this case in realmode hcall handlers.
1618              */
1619             if (!kvmhv_vcpu_is_radix(vcpu)) {
1620                 /*
1621                  * A guest could be running PR KVM, so this
1622                  * may be a PR KVM hcall. It must be reflected
1623                  * to the guest kernel as a sc interrupt.
1624                  */
1625                 kvmppc_core_queue_syscall(vcpu);
1626             } else {
1627                 /*
1628                  * Radix guests can not run PR KVM or nested HV
1629                  * hash guests which might run PR KVM, so this
1630                  * is always a privilege fault. Send a program
1631                  * check to guest kernel.
1632                  */
1633                 kvmppc_core_queue_program(vcpu, SRR1_PROGPRIV);
1634             }
1635             r = RESUME_GUEST;
1636             break;
1637         }
1638
1639         /*
1640          * hcall - gather args and set exit_reason. This will next be
1641          * handled by kvmppc_pseries_do_hcall which may be able to deal
1642          * with it and resume guest, or may punt to userspace.
1643          */
1644         run->papr_hcall.nr = kvmppc_get_gpr(vcpu, 3);
1645         for (i = 0; i < 9; ++i)
1646             run->papr_hcall.args[i] = kvmppc_get_gpr(vcpu, 4 + i);
1647         run->exit_reason = KVM_EXIT_PAPR_HCALL;
1648         vcpu->arch.hcall_needed = 1;
1649         r = RESUME_HOST;
1650         break;
1651     }
1652     /*
1653      * We get these next two if the guest accesses a page which it thinks
1654      * it has mapped but which is not actually present, either because
1655      * it is for an emulated I/O device or because the corresonding
1656      * host page has been paged out.
1657      *
1658      * Any other HDSI/HISI interrupts have been handled already for P7/8
1659      * guests. For POWER9 hash guests not using rmhandlers, basic hash
1660      * fault handling is done here.
1661      */
1662     case BOOK3S_INTERRUPT_H_DATA_STORAGE: {
1663         unsigned long vsid;
1664         long err;
1665
1666         if (cpu_has_feature(CPU_FTR_P9_RADIX_PREFETCH_BUG) &&
1667             unlikely(vcpu->arch.fault_dsisr == HDSISR_CANARY)) {
1668             r = RESUME_GUEST; /* Just retry if it's the canary */
1669             break;
1670         }
1671
1672         if (kvm_is_radix(vcpu->kvm) || !cpu_has_feature(CPU_FTR_ARCH_300)) {
1673             /*
1674              * Radix doesn't require anything, and pre-ISAv3.0 hash
1675              * already attempted to handle this in rmhandlers. The
1676              * hash fault handling below is v3 only (it uses ASDR
1677              * via fault_gpa).
1678              */
1679             r = RESUME_PAGE_FAULT;
1680             break;
1681         }
1682
1683         if (!(vcpu->arch.fault_dsisr & (DSISR_NOHPTE | DSISR_PROTFAULT))) {
1684             kvmppc_core_queue_data_storage(vcpu,
1685                 vcpu->arch.fault_dar, vcpu->arch.fault_dsisr);
1686             r = RESUME_GUEST;
1687             break;
1688         }
1689
1690         if (!(vcpu->arch.shregs.msr & MSR_DR))
1691             vsid = vcpu->kvm->arch.vrma_slb_v;
1692         else
1693             vsid = vcpu->arch.fault_gpa;
1694
1695         err = kvmppc_hpte_hv_fault(vcpu, vcpu->arch.fault_dar,
1696                 vsid, vcpu->arch.fault_dsisr, true);
1697         if (err == 0) {
1698             r = RESUME_GUEST;
1699         } else if (err == -1 || err == -2) {
1700             r = RESUME_PAGE_FAULT;
1701         } else {
1702             kvmppc_core_queue_data_storage(vcpu,
1703                 vcpu->arch.fault_dar, err);
1704             r = RESUME_GUEST;
1705         }
1706         break;
1707     }
1708     case BOOK3S_INTERRUPT_H_INST_STORAGE: {
1709         unsigned long vsid;
1710         long err;
1711
1712         vcpu->arch.fault_dar = kvmppc_get_pc(vcpu);
1713         vcpu->arch.fault_dsisr = vcpu->arch.shregs.msr &
1714             DSISR_SRR1_MATCH_64S;
1715         if (kvm_is_radix(vcpu->kvm) || !cpu_has_feature(CPU_FTR_ARCH_300)) {
1716             /*
1717              * Radix doesn't require anything, and pre-ISAv3.0 hash
1718              * already attempted to handle this in rmhandlers. The
1719              * hash fault handling below is v3 only (it uses ASDR
1720              * via fault_gpa).
1721              */
1722             if (vcpu->arch.shregs.msr & HSRR1_HISI_WRITE)
1723                 vcpu->arch.fault_dsisr |= DSISR_ISSTORE;
1724             r = RESUME_PAGE_FAULT;
1725             break;
1726         }
1727
1728         if (!(vcpu->arch.fault_dsisr & SRR1_ISI_NOPT)) {
1729             kvmppc_core_queue_inst_storage(vcpu,
1730                 vcpu->arch.fault_dsisr);
1731             r = RESUME_GUEST;
1732             break;
1733         }
1734
1735         if (!(vcpu->arch.shregs.msr & MSR_IR))
1736             vsid = vcpu->kvm->arch.vrma_slb_v;
1737         else
1738             vsid = vcpu->arch.fault_gpa;
1739
1740         err = kvmppc_hpte_hv_fault(vcpu, vcpu->arch.fault_dar,
1741                 vsid, vcpu->arch.fault_dsisr, false);
1742         if (err == 0) {
1743             r = RESUME_GUEST;
1744         } else if (err == -1) {
1745             r = RESUME_PAGE_FAULT;
1746         } else {
1747             kvmppc_core_queue_inst_storage(vcpu, err);
1748             r = RESUME_GUEST;
1749         }
1750         break;
1751     }
1752
1753     /*
1754      * This occurs if the guest executes an illegal instruction.
1755      * If the guest debug is disabled, generate a program interrupt
1756      * to the guest. If guest debug is enabled, we need to check
1757      * whether the instruction is a software breakpoint instruction.
1758      * Accordingly return to Guest or Host.
1759      */
1760     case BOOK3S_INTERRUPT_H_EMUL_ASSIST:
1761         if (vcpu->arch.emul_inst != KVM_INST_FETCH_FAILED)
1762             vcpu->arch.last_inst = kvmppc_need_byteswap(vcpu) ?
1763                 swab32(vcpu->arch.emul_inst) :
1764                 vcpu->arch.emul_inst;
1765         if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP) {
1766             r = kvmppc_emulate_debug_inst(vcpu);
1767         } else {
1768             kvmppc_core_queue_program(vcpu, SRR1_PROGILL);
1769             r = RESUME_GUEST;
1770         }
1771         break;
1772
1773 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
1774     case BOOK3S_INTERRUPT_HV_SOFTPATCH:
1775         /*
1776          * This occurs for various TM-related instructions that
1777          * we need to emulate on POWER9 DD2.2.  We have already
1778          * handled the cases where the guest was in real-suspend
1779          * mode and was transitioning to transactional state.
1780          */
1781         r = kvmhv_p9_tm_emulation(vcpu);
1782         if (r != -1)
1783             break;
1784         fallthrough; /* go to facility unavailable handler */
1785 #endif
1786
1787     /*
1788      * This occurs if the guest (kernel or userspace), does something that
1789      * is prohibited by HFSCR.
1790      * On POWER9, this could be a doorbell instruction that we need
1791      * to emulate.
1792      * Otherwise, we just generate a program interrupt to the guest.
1793      */
1794     case BOOK3S_INTERRUPT_H_FAC_UNAVAIL: {
1795         u64 cause = vcpu->arch.hfscr >> 56;
1796
1797         r = EMULATE_FAIL;
1798         if (cpu_has_feature(CPU_FTR_ARCH_300)) {
1799             if (cause == FSCR_MSGP_LG)
1800                 r = kvmppc_emulate_doorbell_instr(vcpu);
1801             if (cause == FSCR_PM_LG)
1802                 r = kvmppc_pmu_unavailable(vcpu);
1803             if (cause == FSCR_EBB_LG)
1804                 r = kvmppc_ebb_unavailable(vcpu);
1805             if (cause == FSCR_TM_LG)
1806                 r = kvmppc_tm_unavailable(vcpu);
1807         }
1808         if (r == EMULATE_FAIL) {
1809             kvmppc_core_queue_program(vcpu, SRR1_PROGILL);
1810             r = RESUME_GUEST;
1811         }
1812         break;
1813     }
1814
1815     case BOOK3S_INTERRUPT_HV_RM_HARD:
1816         r = RESUME_PASSTHROUGH;
1817         break;
1818     default:
1819         kvmppc_dump_regs(vcpu);
1820         printk(KERN_EMERG "trap=0x%x | pc=0x%lx | msr=0x%llx\n",
1821             vcpu->arch.trap, kvmppc_get_pc(vcpu),
1822             vcpu->arch.shregs.msr);
1823         run->hw.hardware_exit_reason = vcpu->arch.trap;
1824         r = RESUME_HOST;
1825         break;
1826     }
1827
1828     return r;
1829 }
1830
1831 static int kvmppc_handle_nested_exit(struct kvm_vcpu *vcpu)
1832 {
1833     int r;
1834     int srcu_idx;
1835
1836     vcpu->stat.sum_exits++;
1837
1838     /*
1839      * This can happen if an interrupt occurs in the last stages
1840      * of guest entry or the first stages of guest exit (i.e. after
1841      * setting paca->kvm_hstate.in_guest to KVM_GUEST_MODE_GUEST_HV
1842      * and before setting it to KVM_GUEST_MODE_HOST_HV).
1843      * That can happen due to a bug, or due to a machine check
1844      * occurring at just the wrong time.
1845      */
1846     if (vcpu->arch.shregs.msr & MSR_HV) {
1847         pr_emerg("KVM trap in HV mode while nested!\n");
1848         pr_emerg("trap=0x%x | pc=0x%lx | msr=0x%llx\n",
1849              vcpu->arch.trap, kvmppc_get_pc(vcpu),
1850              vcpu->arch.shregs.msr);
1851         kvmppc_dump_regs(vcpu);
1852         return RESUME_HOST;
1853     }
1854     switch (vcpu->arch.trap) {
1855     /* We're good on these - the host merely wanted to get our attention */
1856     case BOOK3S_INTERRUPT_HV_DECREMENTER:
1857         vcpu->stat.dec_exits++;
1858         r = RESUME_GUEST;
1859         break;
1860     case BOOK3S_INTERRUPT_EXTERNAL:
1861         vcpu->stat.ext_intr_exits++;
1862         r = RESUME_HOST;
1863         break;
1864     case BOOK3S_INTERRUPT_H_DOORBELL:
1865     case BOOK3S_INTERRUPT_H_VIRT:
1866         vcpu->stat.ext_intr_exits++;
1867         r = RESUME_GUEST;
1868         break;
1869     /* These need to go to the nested HV */
1870     case BOOK3S_INTERRUPT_NESTED_HV_DECREMENTER:
1871         vcpu->arch.trap = BOOK3S_INTERRUPT_HV_DECREMENTER;
1872         vcpu->stat.dec_exits++;
1873         r = RESUME_HOST;
1874         break;
1875     /* SR/HMI/PMI are HV interrupts that host has handled. Resume guest.*/
1876     case BOOK3S_INTERRUPT_HMI:
1877     case BOOK3S_INTERRUPT_PERFMON:
1878     case BOOK3S_INTERRUPT_SYSTEM_RESET:
1879         r = RESUME_GUEST;
1880         break;
1881     case BOOK3S_INTERRUPT_MACHINE_CHECK:
1882     {
1883         static DEFINE_RATELIMIT_STATE(rs, DEFAULT_RATELIMIT_INTERVAL,
1884                           DEFAULT_RATELIMIT_BURST);
1885         /* Pass the machine check to the L1 guest */
1886         r = RESUME_HOST;
1887         /* Print the MCE event to host console. */
1888         if (__ratelimit(&rs))
1889             machine_check_print_event_info(&vcpu->arch.mce_evt, false, true);
1890         break;
1891     }
1892     /*
1893      * We get these next two if the guest accesses a page which it thinks
1894      * it has mapped but which is not actually present, either because
1895      * it is for an emulated I/O device or because the corresonding
1896      * host page has been paged out.
1897      */
1898     case BOOK3S_INTERRUPT_H_DATA_STORAGE:
1899         srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
1900         r = kvmhv_nested_page_fault(vcpu);
1901         srcu_read_unlock(&vcpu->kvm->srcu, srcu_idx);
1902         break;
1903     case BOOK3S_INTERRUPT_H_INST_STORAGE:
1904         vcpu->arch.fault_dar = kvmppc_get_pc(vcpu);
1905         vcpu->arch.fault_dsisr = kvmppc_get_msr(vcpu) &
1906                      DSISR_SRR1_MATCH_64S;
1907         if (vcpu->arch.shregs.msr & HSRR1_HISI_WRITE)
1908             vcpu->arch.fault_dsisr |= DSISR_ISSTORE;
1909         srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
1910         r = kvmhv_nested_page_fault(vcpu);
1911         srcu_read_unlock(&vcpu->kvm->srcu, srcu_idx);
1912         break;
1913
1914 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
1915     case BOOK3S_INTERRUPT_HV_SOFTPATCH:
1916         /*
1917          * This occurs for various TM-related instructions that
1918          * we need to emulate on POWER9 DD2.2.  We have already
1919          * handled the cases where the guest was in real-suspend
1920          * mode and was transitioning to transactional state.
1921          */
1922         r = kvmhv_p9_tm_emulation(vcpu);
1923         if (r != -1)
1924             break;
1925         fallthrough; /* go to facility unavailable handler */
1926 #endif
1927
1928     case BOOK3S_INTERRUPT_H_FAC_UNAVAIL: {
1929         u64 cause = vcpu->arch.hfscr >> 56;
1930
1931         /*
1932          * Only pass HFU interrupts to the L1 if the facility is
1933          * permitted but disabled by the L1's HFSCR, otherwise
1934          * the interrupt does not make sense to the L1 so turn
1935          * it into a HEAI.
1936          */
1937         if (!(vcpu->arch.hfscr_permitted & (1UL << cause)) ||
1938                 (vcpu->arch.nested_hfscr & (1UL << cause))) {
1939             vcpu->arch.trap = BOOK3S_INTERRUPT_H_EMUL_ASSIST;
1940
1941             /*
1942              * If the fetch failed, return to guest and
1943              * try executing it again.
1944              */
1945             r = kvmppc_get_last_inst(vcpu, INST_GENERIC,
1946                          &vcpu->arch.emul_inst);
1947             if (r != EMULATE_DONE)
1948                 r = RESUME_GUEST;
1949             else
1950                 r = RESUME_HOST;
1951         } else {
1952             r = RESUME_HOST;
1953         }
1954
1955         break;
1956     }
1957
1958     case BOOK3S_INTERRUPT_HV_RM_HARD:
1959         vcpu->arch.trap = 0;
1960         r = RESUME_GUEST;
1961         if (!xics_on_xive())
1962             kvmppc_xics_rm_complete(vcpu, 0);
1963         break;
1964     case BOOK3S_INTERRUPT_SYSCALL:
1965     {
1966         unsigned long req = kvmppc_get_gpr(vcpu, 3);
1967
1968         /*
1969          * The H_RPT_INVALIDATE hcalls issued by nested
1970          * guests for process-scoped invalidations when
1971          * GTSE=0, are handled here in L0.
1972          */
1973         if (req == H_RPT_INVALIDATE) {
1974             r = kvmppc_nested_h_rpt_invalidate(vcpu);
1975             break;
1976         }
1977
1978         r = RESUME_HOST;
1979         break;
1980     }
1981     default:
1982         r = RESUME_HOST;
1983         break;
1984     }
1985
1986     return r;
1987 }
1988
1989 static int kvm_arch_vcpu_ioctl_get_sregs_hv(struct kvm_vcpu *vcpu,
1990                         struct kvm_sregs *sregs)
1991 {
1992     int i;
1993
1994     memset(sregs, 0, sizeof(struct kvm_sregs));
1995     sregs->pvr = vcpu->arch.pvr;
1996     for (i = 0; i < vcpu->arch.slb_max; i++) {
1997         sregs->u.s.ppc64.slb[i].slbe = vcpu->arch.slb[i].orige;
1998         sregs->u.s.ppc64.slb[i].slbv = vcpu->arch.slb[i].origv;
1999     }
2000
2001     return 0;
2002 }
2003
2004 static int kvm_arch_vcpu_ioctl_set_sregs_hv(struct kvm_vcpu *vcpu,
2005                         struct kvm_sregs *sregs)
2006 {
2007     int i, j;
2008
2009     /* Only accept the same PVR as the host's, since we can't spoof it */
2010     if (sregs->pvr != vcpu->arch.pvr)
2011         return -EINVAL;
2012
2013     j = 0;
2014     for (i = 0; i < vcpu->arch.slb_nr; i++) {
2015         if (sregs->u.s.ppc64.slb[i].slbe & SLB_ESID_V) {
2016             vcpu->arch.slb[j].orige = sregs->u.s.ppc64.slb[i].slbe;
2017             vcpu->arch.slb[j].origv = sregs->u.s.ppc64.slb[i].slbv;
2018             ++j;
2019         }
2020     }
2021     vcpu->arch.slb_max = j;
2022
2023     return 0;
2024 }
2025
2026 /*
2027  * Enforce limits on guest LPCR values based on hardware availability,
2028  * guest configuration, and possibly hypervisor support and security
2029  * concerns.
2030  */
2031 unsigned long kvmppc_filter_lpcr_hv(struct kvm *kvm, unsigned long lpcr)
2032 {
2033     /* LPCR_TC only applies to HPT guests */
2034     if (kvm_is_radix(kvm))
2035         lpcr &= ~LPCR_TC;
2036
2037     /* On POWER8 and above, userspace can modify AIL */
2038     if (!cpu_has_feature(CPU_FTR_ARCH_207S))
2039         lpcr &= ~LPCR_AIL;
2040     if ((lpcr & LPCR_AIL) != LPCR_AIL_3)
2041         lpcr &= ~LPCR_AIL; /* LPCR[AIL]=1/2 is disallowed */
2042     /*
2043      * On some POWER9s we force AIL off for radix guests to prevent
2044      * executing in MSR[HV]=1 mode with the MMU enabled and PIDR set to
2045      * guest, which can result in Q0 translations with LPID=0 PID=PIDR to
2046      * be cached, which the host TLB management does not expect.
2047      */
2048     if (kvm_is_radix(kvm) && cpu_has_feature(CPU_FTR_P9_RADIX_PREFETCH_BUG))
2049         lpcr &= ~LPCR_AIL;
2050
2051     /*
2052      * On POWER9, allow userspace to enable large decrementer for the
2053      * guest, whether or not the host has it enabled.
2054      */
2055     if (!cpu_has_feature(CPU_FTR_ARCH_300))
2056         lpcr &= ~LPCR_LD;
2057
2058     return lpcr;
2059 }
2060
2061 static void verify_lpcr(struct kvm *kvm, unsigned long lpcr)
2062 {
2063     if (lpcr != kvmppc_filter_lpcr_hv(kvm, lpcr)) {
2064         WARN_ONCE(1, "lpcr 0x%lx differs from filtered 0x%lx\n",
2065               lpcr, kvmppc_filter_lpcr_hv(kvm, lpcr));
2066     }
2067 }
2068
2069 static void kvmppc_set_lpcr(struct kvm_vcpu *vcpu, u64 new_lpcr,
2070         bool preserve_top32)
2071 {
2072     struct kvm *kvm = vcpu->kvm;
2073     struct kvmppc_vcore *vc = vcpu->arch.vcore;
2074     u64 mask;
2075
2076     spin_lock(&vc->lock);
2077
2078     /*
2079      * Userspace can only modify
2080      * DPFD (default prefetch depth), ILE (interrupt little-endian),
2081      * TC (translation control), AIL (alternate interrupt location),
2082      * LD (large decrementer).
2083      * These are subject to restrictions from kvmppc_filter_lcpr_hv().
2084      */
2085     mask = LPCR_DPFD | LPCR_ILE | LPCR_TC | LPCR_AIL | LPCR_LD;
2086
2087     /* Broken 32-bit version of LPCR must not clear top bits */
2088     if (preserve_top32)
2089         mask &= 0xFFFFFFFF;
2090
2091     new_lpcr = kvmppc_filter_lpcr_hv(kvm,
2092             (vc->lpcr & ~mask) | (new_lpcr & mask));
2093
2094     /*
2095      * If ILE (interrupt little-endian) has changed, update the
2096      * MSR_LE bit in the intr_msr for each vcpu in this vcore.
2097      */
2098     if ((new_lpcr & LPCR_ILE) != (vc->lpcr & LPCR_ILE)) {
2099         struct kvm_vcpu *vcpu;
2100         unsigned long i;
2101
2102         kvm_for_each_vcpu(i, vcpu, kvm) {
2103             if (vcpu->arch.vcore != vc)
2104                 continue;
2105             if (new_lpcr & LPCR_ILE)
2106                 vcpu->arch.intr_msr |= MSR_LE;
2107             else
2108                 vcpu->arch.intr_msr &= ~MSR_LE;
2109         }
2110     }
2111
2112     vc->lpcr = new_lpcr;
2113
2114     spin_unlock(&vc->lock);
2115 }
2116
2117 static int kvmppc_get_one_reg_hv(struct kvm_vcpu *vcpu, u64 id,
2118                  union kvmppc_one_reg *val)
2119 {
2120     int r = 0;
2121     long int i;
2122
2123     switch (id) {
2124     case KVM_REG_PPC_DEBUG_INST:
2125         *val = get_reg_val(id, KVMPPC_INST_SW_BREAKPOINT);
2126         break;
2127     case KVM_REG_PPC_HIOR:
2128         *val = get_reg_val(id, 0);
2129         break;
2130     case KVM_REG_PPC_DABR:
2131         *val = get_reg_val(id, vcpu->arch.dabr);
2132         break;
2133     case KVM_REG_PPC_DABRX:
2134         *val = get_reg_val(id, vcpu->arch.dabrx);
2135         break;
2136     case KVM_REG_PPC_DSCR:
2137         *val = get_reg_val(id, vcpu->arch.dscr);
2138         break;
2139     case KVM_REG_PPC_PURR:
2140         *val = get_reg_val(id, vcpu->arch.purr);
2141         break;
2142     case KVM_REG_PPC_SPURR:
2143         *val = get_reg_val(id, vcpu->arch.spurr);
2144         break;
2145     case KVM_REG_PPC_AMR:
2146         *val = get_reg_val(id, vcpu->arch.amr);
2147         break;
2148     case KVM_REG_PPC_UAMOR:
2149         *val = get_reg_val(id, vcpu->arch.uamor);
2150         break;
2151     case KVM_REG_PPC_MMCR0 ... KVM_REG_PPC_MMCR1:
2152         i = id - KVM_REG_PPC_MMCR0;
2153         *val = get_reg_val(id, vcpu->arch.mmcr[i]);
2154         break;
2155     case KVM_REG_PPC_MMCR2:
2156         *val = get_reg_val(id, vcpu->arch.mmcr[2]);
2157         break;
2158     case KVM_REG_PPC_MMCRA:
2159         *val = get_reg_val(id, vcpu->arch.mmcra);
2160         break;
2161     case KVM_REG_PPC_MMCRS:
2162         *val = get_reg_val(id, vcpu->arch.mmcrs);
2163         break;
2164     case KVM_REG_PPC_MMCR3:
2165         *val = get_reg_val(id, vcpu->arch.mmcr[3]);
2166         break;
2167     case KVM_REG_PPC_PMC1 ... KVM_REG_PPC_PMC8:
2168         i = id - KVM_REG_PPC_PMC1;
2169         *val = get_reg_val(id, vcpu->arch.pmc[i]);
2170         break;
2171     case KVM_REG_PPC_SPMC1 ... KVM_REG_PPC_SPMC2:
2172         i = id - KVM_REG_PPC_SPMC1;
2173         *val = get_reg_val(id, vcpu->arch.spmc[i]);
2174         break;
2175     case KVM_REG_PPC_SIAR:
2176         *val = get_reg_val(id, vcpu->arch.siar);
2177         break;
2178     case KVM_REG_PPC_SDAR:
2179         *val = get_reg_val(id, vcpu->arch.sdar);
2180         break;
2181     case KVM_REG_PPC_SIER:
2182         *val = get_reg_val(id, vcpu->arch.sier[0]);
2183         break;
2184     case KVM_REG_PPC_SIER2:
2185         *val = get_reg_val(id, vcpu->arch.sier[1]);
2186         break;
2187     case KVM_REG_PPC_SIER3:
2188         *val = get_reg_val(id, vcpu->arch.sier[2]);
2189         break;
2190     case KVM_REG_PPC_IAMR:
2191         *val = get_reg_val(id, vcpu->arch.iamr);
2192         break;
2193     case KVM_REG_PPC_PSPB:
2194         *val = get_reg_val(id, vcpu->arch.pspb);
2195         break;
2196     case KVM_REG_PPC_DPDES:
2197         /*
2198          * On POWER9, where we are emulating msgsndp etc.,
2199          * we return 1 bit for each vcpu, which can come from
2200          * either vcore->dpdes or doorbell_request.
2201          * On POWER8, doorbell_request is 0.
2202          */
2203         if (cpu_has_feature(CPU_FTR_ARCH_300))
2204             *val = get_reg_val(id, vcpu->arch.doorbell_request);
2205         else
2206             *val = get_reg_val(id, vcpu->arch.vcore->dpdes);
2207         break;
2208     case KVM_REG_PPC_VTB:
2209         *val = get_reg_val(id, vcpu->arch.vcore->vtb);
2210         break;
2211     case KVM_REG_PPC_DAWR:
2212         *val = get_reg_val(id, vcpu->arch.dawr0);
2213         break;
2214     case KVM_REG_PPC_DAWRX:
2215         *val = get_reg_val(id, vcpu->arch.dawrx0);
2216         break;
2217     case KVM_REG_PPC_DAWR1:
2218         *val = get_reg_val(id, vcpu->arch.dawr1);
2219         break;
2220     case KVM_REG_PPC_DAWRX1:
2221         *val = get_reg_val(id, vcpu->arch.dawrx1);
2222         break;
2223     case KVM_REG_PPC_CIABR:
2224         *val = get_reg_val(id, vcpu->arch.ciabr);
2225         break;
2226     case KVM_REG_PPC_CSIGR:
2227         *val = get_reg_val(id, vcpu->arch.csigr);
2228         break;
2229     case KVM_REG_PPC_TACR:
2230         *val = get_reg_val(id, vcpu->arch.tacr);
2231         break;
2232     case KVM_REG_PPC_TCSCR:
2233         *val = get_reg_val(id, vcpu->arch.tcscr);
2234         break;
2235     case KVM_REG_PPC_PID:
2236         *val = get_reg_val(id, vcpu->arch.pid);
2237         break;
2238     case KVM_REG_PPC_ACOP:
2239         *val = get_reg_val(id, vcpu->arch.acop);
2240         break;
2241     case KVM_REG_PPC_WORT:
2242         *val = get_reg_val(id, vcpu->arch.wort);
2243         break;
2244     case KVM_REG_PPC_TIDR:
2245         *val = get_reg_val(id, vcpu->arch.tid);
2246         break;
2247     case KVM_REG_PPC_PSSCR:
2248         *val = get_reg_val(id, vcpu->arch.psscr);
2249         break;
2250     case KVM_REG_PPC_VPA_ADDR:
2251         spin_lock(&vcpu->arch.vpa_update_lock);
2252         *val = get_reg_val(id, vcpu->arch.vpa.next_gpa);
2253         spin_unlock(&vcpu->arch.vpa_update_lock);
2254         break;
2255     case KVM_REG_PPC_VPA_SLB:
2256         spin_lock(&vcpu->arch.vpa_update_lock);
2257         val->vpaval.addr = vcpu->arch.slb_shadow.next_gpa;
2258         val->vpaval.length = vcpu->arch.slb_shadow.len;
2259         spin_unlock(&vcpu->arch.vpa_update_lock);
2260         break;
2261     case KVM_REG_PPC_VPA_DTL:
2262         spin_lock(&vcpu->arch.vpa_update_lock);
2263         val->vpaval.addr = vcpu->arch.dtl.next_gpa;
2264         val->vpaval.length = vcpu->arch.dtl.len;
2265         spin_unlock(&vcpu->arch.vpa_update_lock);
2266         break;
2267     case KVM_REG_PPC_TB_OFFSET:
2268         *val = get_reg_val(id, vcpu->arch.vcore->tb_offset);
2269         break;
2270     case KVM_REG_PPC_LPCR:
2271     case KVM_REG_PPC_LPCR_64:
2272         *val = get_reg_val(id, vcpu->arch.vcore->lpcr);
2273         break;
2274     case KVM_REG_PPC_PPR:
2275         *val = get_reg_val(id, vcpu->arch.ppr);
2276         break;
2277 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
2278     case KVM_REG_PPC_TFHAR:
2279         *val = get_reg_val(id, vcpu->arch.tfhar);
2280         break;
2281     case KVM_REG_PPC_TFIAR:
2282         *val = get_reg_val(id, vcpu->arch.tfiar);
2283         break;
2284     case KVM_REG_PPC_TEXASR:
2285         *val = get_reg_val(id, vcpu->arch.texasr);
2286         break;
2287     case KVM_REG_PPC_TM_GPR0 ... KVM_REG_PPC_TM_GPR31:
2288         i = id - KVM_REG_PPC_TM_GPR0;
2289         *val = get_reg_val(id, vcpu->arch.gpr_tm[i]);
2290         break;
2291     case KVM_REG_PPC_TM_VSR0 ... KVM_REG_PPC_TM_VSR63:
2292     {
2293         int j;
2294         i = id - KVM_REG_PPC_TM_VSR0;
2295         if (i < 32)
2296             for (j = 0; j < TS_FPRWIDTH; j++)
2297                 val->vsxval[j] = vcpu->arch.fp_tm.fpr[i][j];
2298         else {
2299             if (cpu_has_feature(CPU_FTR_ALTIVEC))
2300                 val->vval = vcpu->arch.vr_tm.vr[i-32];
2301             else
2302                 r = -ENXIO;
2303         }
2304         break;
2305     }
2306     case KVM_REG_PPC_TM_CR:
2307         *val = get_reg_val(id, vcpu->arch.cr_tm);
2308         break;
2309     case KVM_REG_PPC_TM_XER:
2310         *val = get_reg_val(id, vcpu->arch.xer_tm);
2311         break;
2312     case KVM_REG_PPC_TM_LR:
2313         *val = get_reg_val(id, vcpu->arch.lr_tm);
2314         break;
2315     case KVM_REG_PPC_TM_CTR:
2316         *val = get_reg_val(id, vcpu->arch.ctr_tm);
2317         break;
2318     case KVM_REG_PPC_TM_FPSCR:
2319         *val = get_reg_val(id, vcpu->arch.fp_tm.fpscr);
2320         break;
2321     case KVM_REG_PPC_TM_AMR:
2322         *val = get_reg_val(id, vcpu->arch.amr_tm);
2323         break;
2324     case KVM_REG_PPC_TM_PPR:
2325         *val = get_reg_val(id, vcpu->arch.ppr_tm);
2326         break;
2327     case KVM_REG_PPC_TM_VRSAVE:
2328         *val = get_reg_val(id, vcpu->arch.vrsave_tm);
2329         break;
2330     case KVM_REG_PPC_TM_VSCR:
2331         if (cpu_has_feature(CPU_FTR_ALTIVEC))
2332             *val = get_reg_val(id, vcpu->arch.vr_tm.vscr.u[3]);
2333         else
2334             r = -ENXIO;
2335         break;
2336     case KVM_REG_PPC_TM_DSCR:
2337         *val = get_reg_val(id, vcpu->arch.dscr_tm);
2338         break;
2339     case KVM_REG_PPC_TM_TAR:
2340         *val = get_reg_val(id, vcpu->arch.tar_tm);
2341         break;
2342 #endif
2343     case KVM_REG_PPC_ARCH_COMPAT:
2344         *val = get_reg_val(id, vcpu->arch.vcore->arch_compat);
2345         break;
2346     case KVM_REG_PPC_DEC_EXPIRY:
2347         *val = get_reg_val(id, vcpu->arch.dec_expires);
2348         break;
2349     case KVM_REG_PPC_ONLINE:
2350         *val = get_reg_val(id, vcpu->arch.online);
2351         break;
2352     case KVM_REG_PPC_PTCR:
2353         *val = get_reg_val(id, vcpu->kvm->arch.l1_ptcr);
2354         break;
2355     default:
2356         r = -EINVAL;
2357         break;
2358     }
2359
2360     return r;
2361 }
2362
2363 static int kvmppc_set_one_reg_hv(struct kvm_vcpu *vcpu, u64 id,
2364                  union kvmppc_one_reg *val)
2365 {
2366     int r = 0;
2367     long int i;
2368     unsigned long addr, len;
2369
2370     switch (id) {
2371     case KVM_REG_PPC_HIOR:
2372         /* Only allow this to be set to zero */
2373         if (set_reg_val(id, *val))
2374             r = -EINVAL;
2375         break;
2376     case KVM_REG_PPC_DABR:
2377         vcpu->arch.dabr = set_reg_val(id, *val);
2378         break;
2379     case KVM_REG_PPC_DABRX:
2380         vcpu->arch.dabrx = set_reg_val(id, *val) & ~DABRX_HYP;
2381         break;
2382     case KVM_REG_PPC_DSCR:
2383         vcpu->arch.dscr = set_reg_val(id, *val);
2384         break;
2385     case KVM_REG_PPC_PURR:
2386         vcpu->arch.purr = set_reg_val(id, *val);
2387         break;
2388     case KVM_REG_PPC_SPURR:
2389         vcpu->arch.spurr = set_reg_val(id, *val);
2390         break;
2391     case KVM_REG_PPC_AMR:
2392         vcpu->arch.amr = set_reg_val(id, *val);
2393         break;
2394     case KVM_REG_PPC_UAMOR:
2395         vcpu->arch.uamor = set_reg_val(id, *val);
2396         break;
2397     case KVM_REG_PPC_MMCR0 ... KVM_REG_PPC_MMCR1:
2398         i = id - KVM_REG_PPC_MMCR0;
2399         vcpu->arch.mmcr[i] = set_reg_val(id, *val);
2400         break;
2401     case KVM_REG_PPC_MMCR2:
2402         vcpu->arch.mmcr[2] = set_reg_val(id, *val);
2403         break;
2404     case KVM_REG_PPC_MMCRA:
2405         vcpu->arch.mmcra = set_reg_val(id, *val);
2406         break;
2407     case KVM_REG_PPC_MMCRS:
2408         vcpu->arch.mmcrs = set_reg_val(id, *val);
2409         break;
2410     case KVM_REG_PPC_MMCR3:
2411         *val = get_reg_val(id, vcpu->arch.mmcr[3]);
2412         break;
2413     case KVM_REG_PPC_PMC1 ... KVM_REG_PPC_PMC8:
2414         i = id - KVM_REG_PPC_PMC1;
2415         vcpu->arch.pmc[i] = set_reg_val(id, *val);
2416         break;
2417     case KVM_REG_PPC_SPMC1 ... KVM_REG_PPC_SPMC2:
2418         i = id - KVM_REG_PPC_SPMC1;
2419         vcpu->arch.spmc[i] = set_reg_val(id, *val);
2420         break;
2421     case KVM_REG_PPC_SIAR:
2422         vcpu->arch.siar = set_reg_val(id, *val);
2423         break;
2424     case KVM_REG_PPC_SDAR:
2425         vcpu->arch.sdar = set_reg_val(id, *val);
2426         break;
2427     case KVM_REG_PPC_SIER:
2428         vcpu->arch.sier[0] = set_reg_val(id, *val);
2429         break;
2430     case KVM_REG_PPC_SIER2:
2431         vcpu->arch.sier[1] = set_reg_val(id, *val);
2432         break;
2433     case KVM_REG_PPC_SIER3:
2434         vcpu->arch.sier[2] = set_reg_val(id, *val);
2435         break;
2436     case KVM_REG_PPC_IAMR:
2437         vcpu->arch.iamr = set_reg_val(id, *val);
2438         break;
2439     case KVM_REG_PPC_PSPB:
2440         vcpu->arch.pspb = set_reg_val(id, *val);
2441         break;
2442     case KVM_REG_PPC_DPDES:
2443         if (cpu_has_feature(CPU_FTR_ARCH_300))
2444             vcpu->arch.doorbell_request = set_reg_val(id, *val) & 1;
2445         else
2446             vcpu->arch.vcore->dpdes = set_reg_val(id, *val);
2447         break;
2448     case KVM_REG_PPC_VTB:
2449         vcpu->arch.vcore->vtb = set_reg_val(id, *val);
2450         break;
2451     case KVM_REG_PPC_DAWR:
2452         vcpu->arch.dawr0 = set_reg_val(id, *val);
2453         break;
2454     case KVM_REG_PPC_DAWRX:
2455         vcpu->arch.dawrx0 = set_reg_val(id, *val) & ~DAWRX_HYP;
2456         break;
2457     case KVM_REG_PPC_DAWR1:
2458         vcpu->arch.dawr1 = set_reg_val(id, *val);
2459         break;
2460     case KVM_REG_PPC_DAWRX1:
2461         vcpu->arch.dawrx1 = set_reg_val(id, *val) & ~DAWRX_HYP;
2462         break;
2463     case KVM_REG_PPC_CIABR:
2464         vcpu->arch.ciabr = set_reg_val(id, *val);
2465         /* Don't allow setting breakpoints in hypervisor code */
2466         if ((vcpu->arch.ciabr & CIABR_PRIV) == CIABR_PRIV_HYPER)
2467             vcpu->arch.ciabr &= ~CIABR_PRIV;    /* disable */
2468         break;
2469     case KVM_REG_PPC_CSIGR:
2470         vcpu->arch.csigr = set_reg_val(id, *val);
2471         break;
2472     case KVM_REG_PPC_TACR:
2473         vcpu->arch.tacr = set_reg_val(id, *val);
2474         break;
2475     case KVM_REG_PPC_TCSCR:
2476         vcpu->arch.tcscr = set_reg_val(id, *val);
2477         break;
2478     case KVM_REG_PPC_PID:
2479         vcpu->arch.pid = set_reg_val(id, *val);
2480         break;
2481     case KVM_REG_PPC_ACOP:
2482         vcpu->arch.acop = set_reg_val(id, *val);
2483         break;
2484     case KVM_REG_PPC_WORT:
2485         vcpu->arch.wort = set_reg_val(id, *val);
2486         break;
2487     case KVM_REG_PPC_TIDR:
2488         vcpu->arch.tid = set_reg_val(id, *val);
2489         break;
2490     case KVM_REG_PPC_PSSCR:
2491         vcpu->arch.psscr = set_reg_val(id, *val) & PSSCR_GUEST_VIS;
2492         break;
2493     case KVM_REG_PPC_VPA_ADDR:
2494         addr = set_reg_val(id, *val);
2495         r = -EINVAL;
2496         if (!addr && (vcpu->arch.slb_shadow.next_gpa ||
2497                   vcpu->arch.dtl.next_gpa))
2498             break;
2499         r = set_vpa(vcpu, &vcpu->arch.vpa, addr, sizeof(struct lppaca));
2500         break;
2501     case KVM_REG_PPC_VPA_SLB:
2502         addr = val->vpaval.addr;
2503         len = val->vpaval.length;
2504         r = -EINVAL;
2505         if (addr && !vcpu->arch.vpa.next_gpa)
2506             break;
2507         r = set_vpa(vcpu, &vcpu->arch.slb_shadow, addr, len);
2508         break;
2509     case KVM_REG_PPC_VPA_DTL:
2510         addr = val->vpaval.addr;
2511         len = val->vpaval.length;
2512         r = -EINVAL;
2513         if (addr && (len < sizeof(struct dtl_entry) ||
2514                  !vcpu->arch.vpa.next_gpa))
2515             break;
2516         len -= len % sizeof(struct dtl_entry);
2517         r = set_vpa(vcpu, &vcpu->arch.dtl, addr, len);
2518         break;
2519     case KVM_REG_PPC_TB_OFFSET:
2520         /* round up to multiple of 2^24 */
2521         vcpu->arch.vcore->tb_offset =
2522             ALIGN(set_reg_val(id, *val), 1UL << 24);
2523         break;
2524     case KVM_REG_PPC_LPCR:
2525         kvmppc_set_lpcr(vcpu, set_reg_val(id, *val), true);
2526         break;
2527     case KVM_REG_PPC_LPCR_64:
2528         kvmppc_set_lpcr(vcpu, set_reg_val(id, *val), false);
2529         break;
2530     case KVM_REG_PPC_PPR:
2531         vcpu->arch.ppr = set_reg_val(id, *val);
2532         break;
2533 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
2534     case KVM_REG_PPC_TFHAR:
2535         vcpu->arch.tfhar = set_reg_val(id, *val);
2536         break;
2537     case KVM_REG_PPC_TFIAR:
2538         vcpu->arch.tfiar = set_reg_val(id, *val);
2539         break;
2540     case KVM_REG_PPC_TEXASR:
2541         vcpu->arch.texasr = set_reg_val(id, *val);
2542         break;
2543     case KVM_REG_PPC_TM_GPR0 ... KVM_REG_PPC_TM_GPR31:
2544         i = id - KVM_REG_PPC_TM_GPR0;
2545         vcpu->arch.gpr_tm[i] = set_reg_val(id, *val);
2546         break;
2547     case KVM_REG_PPC_TM_VSR0 ... KVM_REG_PPC_TM_VSR63:
2548     {
2549         int j;
2550         i = id - KVM_REG_PPC_TM_VSR0;
2551         if (i < 32)
2552             for (j = 0; j < TS_FPRWIDTH; j++)
2553                 vcpu->arch.fp_tm.fpr[i][j] = val->vsxval[j];
2554         else
2555             if (cpu_has_feature(CPU_FTR_ALTIVEC))
2556                 vcpu->arch.vr_tm.vr[i-32] = val->vval;
2557             else
2558                 r = -ENXIO;
2559         break;
2560     }
2561     case KVM_REG_PPC_TM_CR:
2562         vcpu->arch.cr_tm = set_reg_val(id, *val);
2563         break;
2564     case KVM_REG_PPC_TM_XER:
2565         vcpu->arch.xer_tm = set_reg_val(id, *val);
2566         break;
2567     case KVM_REG_PPC_TM_LR:
2568         vcpu->arch.lr_tm = set_reg_val(id, *val);
2569         break;
2570     case KVM_REG_PPC_TM_CTR:
2571         vcpu->arch.ctr_tm = set_reg_val(id, *val);
2572         break;
2573     case KVM_REG_PPC_TM_FPSCR:
2574         vcpu->arch.fp_tm.fpscr = set_reg_val(id, *val);
2575         break;
2576     case KVM_REG_PPC_TM_AMR:
2577         vcpu->arch.amr_tm = set_reg_val(id, *val);
2578         break;
2579     case KVM_REG_PPC_TM_PPR:
2580         vcpu->arch.ppr_tm = set_reg_val(id, *val);
2581         break;
2582     case KVM_REG_PPC_TM_VRSAVE:
2583         vcpu->arch.vrsave_tm = set_reg_val(id, *val);
2584         break;
2585     case KVM_REG_PPC_TM_VSCR:
2586         if (cpu_has_feature(CPU_FTR_ALTIVEC))
2587             vcpu->arch.vr.vscr.u[3] = set_reg_val(id, *val);
2588         else
2589             r = - ENXIO;
2590         break;
2591     case KVM_REG_PPC_TM_DSCR:
2592         vcpu->arch.dscr_tm = set_reg_val(id, *val);
2593         break;
2594     case KVM_REG_PPC_TM_TAR:
2595         vcpu->arch.tar_tm = set_reg_val(id, *val);
2596         break;
2597 #endif
2598     case KVM_REG_PPC_ARCH_COMPAT:
2599         r = kvmppc_set_arch_compat(vcpu, set_reg_val(id, *val));
2600         break;
2601     case KVM_REG_PPC_DEC_EXPIRY:
2602         vcpu->arch.dec_expires = set_reg_val(id, *val);
2603         break;
2604     case KVM_REG_PPC_ONLINE:
2605         i = set_reg_val(id, *val);
2606         if (i && !vcpu->arch.online)
2607             atomic_inc(&vcpu->arch.vcore->online_count);
2608         else if (!i && vcpu->arch.online)
2609             atomic_dec(&vcpu->arch.vcore->online_count);
2610         vcpu->arch.online = i;
2611         break;
2612     case KVM_REG_PPC_PTCR:
2613         vcpu->kvm->arch.l1_ptcr = set_reg_val(id, *val);
2614         break;
2615     default:
2616         r = -EINVAL;
2617         break;
2618     }
2619
2620     return r;
2621 }
2622
2623 /*
2624  * On POWER9, threads are independent and can be in different partitions.
2625  * Therefore we consider each thread to be a subcore.
2626  * There is a restriction that all threads have to be in the same
2627  * MMU mode (radix or HPT), unfortunately, but since we only support
2628  * HPT guests on a HPT host so far, that isn't an impediment yet.
2629  */
2630 static int threads_per_vcore(struct kvm *kvm)
2631 {
2632     if (cpu_has_feature(CPU_FTR_ARCH_300))
2633         return 1;
2634     return threads_per_subcore;
2635 }
2636
2637 static struct kvmppc_vcore *kvmppc_vcore_create(struct kvm *kvm, int id)
2638 {
2639     struct kvmppc_vcore *vcore;
2640
2641     vcore = kzalloc(sizeof(struct kvmppc_vcore), GFP_KERNEL);
2642
2643     if (vcore == NULL)
2644         return NULL;
2645
2646     spin_lock_init(&vcore->lock);
2647     spin_lock_init(&vcore->stoltb_lock);
2648     rcuwait_init(&vcore->wait);
2649     vcore->preempt_tb = TB_NIL;
2650     vcore->lpcr = kvm->arch.lpcr;
2651     vcore->first_vcpuid = id;
2652     vcore->kvm = kvm;
2653     INIT_LIST_HEAD(&vcore->preempt_list);
2654
2655     return vcore;
2656 }
2657
2658 #ifdef CONFIG_KVM_BOOK3S_HV_EXIT_TIMING
2659 static struct debugfs_timings_element {
2660     const char *name;
2661     size_t offset;
2662 } timings[] = {
2663 #ifdef CONFIG_KVM_BOOK3S_HV_P9_TIMING
2664     {"vcpu_entry",  offsetof(struct kvm_vcpu, arch.vcpu_entry)},
2665     {"guest_entry", offsetof(struct kvm_vcpu, arch.guest_entry)},
2666     {"in_guest",    offsetof(struct kvm_vcpu, arch.in_guest)},
2667     {"guest_exit",  offsetof(struct kvm_vcpu, arch.guest_exit)},
2668     {"vcpu_exit",   offsetof(struct kvm_vcpu, arch.vcpu_exit)},
2669     {"hypercall",   offsetof(struct kvm_vcpu, arch.hcall)},
2670     {"page_fault",  offsetof(struct kvm_vcpu, arch.pg_fault)},
2671 #else
2672     {"rm_entry",    offsetof(struct kvm_vcpu, arch.rm_entry)},
2673     {"rm_intr", offsetof(struct kvm_vcpu, arch.rm_intr)},
2674     {"rm_exit", offsetof(struct kvm_vcpu, arch.rm_exit)},
2675     {"guest",   offsetof(struct kvm_vcpu, arch.guest_time)},
2676     {"cede",    offsetof(struct kvm_vcpu, arch.cede_time)},
2677 #endif
2678 };
2679
2680 #define N_TIMINGS   (ARRAY_SIZE(timings))
2681
2682 struct debugfs_timings_state {
2683     struct kvm_vcpu *vcpu;
2684     unsigned int    buflen;
2685     char        buf[N_TIMINGS * 100];
2686 };
2687
2688 static int debugfs_timings_open(struct inode *inode, struct file *file)
2689 {
2690     struct kvm_vcpu *vcpu = inode->i_private;
2691     struct debugfs_timings_state *p;
2692
2693     p = kzalloc(sizeof(*p), GFP_KERNEL);
2694     if (!p)
2695         return -ENOMEM;
2696
2697     kvm_get_kvm(vcpu->kvm);
2698     p->vcpu = vcpu;
2699     file->private_data = p;
2700
2701     return nonseekable_open(inode, file);
2702 }
2703
2704 static int debugfs_timings_release(struct inode *inode, struct file *file)
2705 {
2706     struct debugfs_timings_state *p = file->private_data;
2707
2708     kvm_put_kvm(p->vcpu->kvm);
2709     kfree(p);
2710     return 0;
2711 }
2712
2713 static ssize_t debugfs_timings_read(struct file *file, char __user *buf,
2714                     size_t len, loff_t *ppos)
2715 {
2716     struct debugfs_timings_state *p = file->private_data;
2717     struct kvm_vcpu *vcpu = p->vcpu;
2718     char *s, *buf_end;
2719     struct kvmhv_tb_accumulator tb;
2720     u64 count;
2721     loff_t pos;
2722     ssize_t n;
2723     int i, loops;
2724     bool ok;
2725
2726     if (!p->buflen) {
2727         s = p->buf;
2728         buf_end = s + sizeof(p->buf);
2729         for (i = 0; i < N_TIMINGS; ++i) {
2730             struct kvmhv_tb_accumulator *acc;
2731
2732             acc = (struct kvmhv_tb_accumulator *)
2733                 ((unsigned long)vcpu + timings[i].offset);
2734             ok = false;
2735             for (loops = 0; loops < 1000; ++loops) {
2736                 count = acc->seqcount;
2737                 if (!(count & 1)) {
2738                     smp_rmb();
2739                     tb = *acc;
2740                     smp_rmb();
2741                     if (count == acc->seqcount) {
2742                         ok = true;
2743                         break;
2744                     }
2745                 }
2746                 udelay(1);
2747             }
2748             if (!ok)
2749                 snprintf(s, buf_end - s, "%s: stuck\n",
2750                     timings[i].name);
2751             else
2752                 snprintf(s, buf_end - s,
2753                     "%s: %llu %llu %llu %llu\n",
2754                     timings[i].name, count / 2,
2755                     tb_to_ns(tb.tb_total),
2756                     tb_to_ns(tb.tb_min),
2757                     tb_to_ns(tb.tb_max));
2758             s += strlen(s);
2759         }
2760         p->buflen = s - p->buf;
2761     }
2762
2763     pos = *ppos;
2764     if (pos >= p->buflen)
2765         return 0;
2766     if (len > p->buflen - pos)
2767         len = p->buflen - pos;
2768     n = copy_to_user(buf, p->buf + pos, len);
2769     if (n) {
2770         if (n == len)
2771             return -EFAULT;
2772         len -= n;
2773     }
2774     *ppos = pos + len;
2775     return len;
2776 }
2777
2778 static ssize_t debugfs_timings_write(struct file *file, const char __user *buf,
2779                      size_t len, loff_t *ppos)
2780 {
2781     return -EACCES;
2782 }
2783
2784 static const struct file_operations debugfs_timings_ops = {
2785     .owner   = THIS_MODULE,
2786     .open    = debugfs_timings_open,
2787     .release = debugfs_timings_release,
2788     .read    = debugfs_timings_read,
2789     .write   = debugfs_timings_write,
2790     .llseek  = generic_file_llseek,
2791 };
2792
2793 /* Create a debugfs directory for the vcpu */
2794 static int kvmppc_arch_create_vcpu_debugfs_hv(struct kvm_vcpu *vcpu, struct dentry *debugfs_dentry)
2795 {
2796     if (cpu_has_feature(CPU_FTR_ARCH_300) == IS_ENABLED(CONFIG_KVM_BOOK3S_HV_P9_TIMING))
2797         debugfs_create_file("timings", 0444, debugfs_dentry, vcpu,
2798                     &debugfs_timings_ops);
2799     return 0;
2800 }
2801
2802 #else /* CONFIG_KVM_BOOK3S_HV_EXIT_TIMING */
2803 static int kvmppc_arch_create_vcpu_debugfs_hv(struct kvm_vcpu *vcpu, struct dentry *debugfs_dentry)
2804 {
2805     return 0;
2806 }
2807 #endif /* CONFIG_KVM_BOOK3S_HV_EXIT_TIMING */
2808
2809 static int kvmppc_core_vcpu_create_hv(struct kvm_vcpu *vcpu)
2810 {
2811     int err;
2812     int core;
2813     struct kvmppc_vcore *vcore;
2814     struct kvm *kvm;
2815     unsigned int id;
2816
2817     kvm = vcpu->kvm;
2818     id = vcpu->vcpu_id;
2819
2820     vcpu->arch.shared = &vcpu->arch.shregs;
2821 #ifdef CONFIG_KVM_BOOK3S_PR_POSSIBLE
2822     /*
2823      * The shared struct is never shared on HV,
2824      * so we can always use host endianness
2825      */
2826 #ifdef __BIG_ENDIAN__
2827     vcpu->arch.shared_big_endian = true;
2828 #else
2829     vcpu->arch.shared_big_endian = false;
2830 #endif
2831 #endif
2832     vcpu->arch.mmcr[0] = MMCR0_FC;
2833     if (cpu_has_feature(CPU_FTR_ARCH_31)) {
2834         vcpu->arch.mmcr[0] |= MMCR0_PMCCEXT;
2835         vcpu->arch.mmcra = MMCRA_BHRB_DISABLE;
2836     }
2837
2838     vcpu->arch.ctrl = CTRL_RUNLATCH;
2839     /* default to host PVR, since we can't spoof it */
2840     kvmppc_set_pvr_hv(vcpu, mfspr(SPRN_PVR));
2841     spin_lock_init(&vcpu->arch.vpa_update_lock);
2842     spin_lock_init(&vcpu->arch.tbacct_lock);
2843     vcpu->arch.busy_preempt = TB_NIL;
2844     vcpu->arch.shregs.msr = MSR_ME;
2845     vcpu->arch.intr_msr = MSR_SF | MSR_ME;
2846
2847     /*
2848      * Set the default HFSCR for the guest from the host value.
2849      * This value is only used on POWER9.
2850      * On POWER9, we want to virtualize the doorbell facility, so we
2851      * don't set the HFSCR_MSGP bit, and that causes those instructions
2852      * to trap and then we emulate them.
2853      */
2854     vcpu->arch.hfscr = HFSCR_TAR | HFSCR_EBB | HFSCR_PM | HFSCR_BHRB |
2855         HFSCR_DSCR | HFSCR_VECVSX | HFSCR_FP;
2856     if (cpu_has_feature(CPU_FTR_HVMODE)) {
2857         vcpu->arch.hfscr &= mfspr(SPRN_HFSCR);
2858 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
2859         if (cpu_has_feature(CPU_FTR_P9_TM_HV_ASSIST))
2860             vcpu->arch.hfscr |= HFSCR_TM;
2861 #endif
2862     }
2863     if (cpu_has_feature(CPU_FTR_TM_COMP))
2864         vcpu->arch.hfscr |= HFSCR_TM;
2865
2866     vcpu->arch.hfscr_permitted = vcpu->arch.hfscr;
2867
2868     /*
2869      * PM, EBB, TM are demand-faulted so start with it clear.
2870      */
2871     vcpu->arch.hfscr &= ~(HFSCR_PM | HFSCR_EBB | HFSCR_TM);
2872
2873     kvmppc_mmu_book3s_hv_init(vcpu);
2874
2875     vcpu->arch.state = KVMPPC_VCPU_NOTREADY;
2876
2877     init_waitqueue_head(&vcpu->arch.cpu_run);
2878
2879     mutex_lock(&kvm->lock);
2880     vcore = NULL;
2881     err = -EINVAL;
2882     if (cpu_has_feature(CPU_FTR_ARCH_300)) {
2883         if (id >= (KVM_MAX_VCPUS * kvm->arch.emul_smt_mode)) {
2884             pr_devel("KVM: VCPU ID too high\n");
2885             core = KVM_MAX_VCORES;
2886         } else {
2887             BUG_ON(kvm->arch.smt_mode != 1);
2888             core = kvmppc_pack_vcpu_id(kvm, id);
2889         }
2890     } else {
2891         core = id / kvm->arch.smt_mode;
2892     }
2893     if (core < KVM_MAX_VCORES) {
2894         vcore = kvm->arch.vcores[core];
2895         if (vcore && cpu_has_feature(CPU_FTR_ARCH_300)) {
2896             pr_devel("KVM: collision on id %u", id);
2897             vcore = NULL;
2898         } else if (!vcore) {
2899             /*
2900              * Take mmu_setup_lock for mutual exclusion
2901              * with kvmppc_update_lpcr().
2902              */
2903             err = -ENOMEM;
2904             vcore = kvmppc_vcore_create(kvm,
2905                     id & ~(kvm->arch.smt_mode - 1));
2906             mutex_lock(&kvm->arch.mmu_setup_lock);
2907             kvm->arch.vcores[core] = vcore;
2908             kvm->arch.online_vcores++;
2909             mutex_unlock(&kvm->arch.mmu_setup_lock);
2910         }
2911     }
2912     mutex_unlock(&kvm->lock);
2913
2914     if (!vcore)
2915         return err;
2916
2917     spin_lock(&vcore->lock);
2918     ++vcore->num_threads;
2919     spin_unlock(&vcore->lock);
2920     vcpu->arch.vcore = vcore;
2921     vcpu->arch.ptid = vcpu->vcpu_id - vcore->first_vcpuid;
2922     vcpu->arch.thread_cpu = -1;
2923     vcpu->arch.prev_cpu = -1;
2924
2925     vcpu->arch.cpu_type = KVM_CPU_3S_64;
2926     kvmppc_sanity_check(vcpu);
2927
2928     return 0;
2929 }
2930
2931 static int kvmhv_set_smt_mode(struct kvm *kvm, unsigned long smt_mode,
2932                   unsigned long flags)
2933 {
2934     int err;
2935     int esmt = 0;
2936
2937     if (flags)
2938         return -EINVAL;
2939     if (smt_mode > MAX_SMT_THREADS || !is_power_of_2(smt_mode))
2940         return -EINVAL;
2941     if (!cpu_has_feature(CPU_FTR_ARCH_300)) {
2942         /*
2943          * On POWER8 (or POWER7), the threading mode is "strict",
2944          * so we pack smt_mode vcpus per vcore.
2945          */
2946         if (smt_mode > threads_per_subcore)
2947             return -EINVAL;
2948     } else {
2949         /*
2950          * On POWER9, the threading mode is "loose",
2951          * so each vcpu gets its own vcore.
2952          */
2953         esmt = smt_mode;
2954         smt_mode = 1;
2955     }
2956     mutex_lock(&kvm->lock);
2957     err = -EBUSY;
2958     if (!kvm->arch.online_vcores) {
2959         kvm->arch.smt_mode = smt_mode;
2960         kvm->arch.emul_smt_mode = esmt;
2961         err = 0;
2962     }
2963     mutex_unlock(&kvm->lock);
2964
2965     return err;
2966 }
2967
2968 static void unpin_vpa(struct kvm *kvm, struct kvmppc_vpa *vpa)
2969 {
2970     if (vpa->pinned_addr)
2971         kvmppc_unpin_guest_page(kvm, vpa->pinned_addr, vpa->gpa,
2972                     vpa->dirty);
2973 }
2974
2975 static void kvmppc_core_vcpu_free_hv(struct kvm_vcpu *vcpu)
2976 {
2977     spin_lock(&vcpu->arch.vpa_update_lock);
2978     unpin_vpa(vcpu->kvm, &vcpu->arch.dtl);
2979     unpin_vpa(vcpu->kvm, &vcpu->arch.slb_shadow);
2980     unpin_vpa(vcpu->kvm, &vcpu->arch.vpa);
2981     spin_unlock(&vcpu->arch.vpa_update_lock);
2982 }
2983
2984 static int kvmppc_core_check_requests_hv(struct kvm_vcpu *vcpu)
2985 {
2986     /* Indicate we want to get back into the guest */
2987     return 1;
2988 }
2989
2990 static void kvmppc_set_timer(struct kvm_vcpu *vcpu)
2991 {
2992     unsigned long dec_nsec, now;
2993
2994     now = get_tb();
2995     if (now > kvmppc_dec_expires_host_tb(vcpu)) {
2996         /* decrementer has already gone negative */
2997         kvmppc_core_queue_dec(vcpu);
2998         kvmppc_core_prepare_to_enter(vcpu);
2999         return;
3000     }
3001     dec_nsec = tb_to_ns(kvmppc_dec_expires_host_tb(vcpu) - now);
3002     hrtimer_start(&vcpu->arch.dec_timer, dec_nsec, HRTIMER_MODE_REL);
3003     vcpu->arch.timer_running = 1;
3004 }
3005
3006 extern int __kvmppc_vcore_entry(void);
3007
3008 static void kvmppc_remove_runnable(struct kvmppc_vcore *vc,
3009                    struct kvm_vcpu *vcpu, u64 tb)
3010 {
3011     u64 now;
3012
3013     if (vcpu->arch.state != KVMPPC_VCPU_RUNNABLE)
3014         return;
3015     spin_lock_irq(&vcpu->arch.tbacct_lock);
3016     now = tb;
3017     vcpu->arch.busy_stolen += vcore_stolen_time(vc, now) -
3018         vcpu->arch.stolen_logged;
3019     vcpu->arch.busy_preempt = now;
3020     vcpu->arch.state = KVMPPC_VCPU_BUSY_IN_HOST;
3021     spin_unlock_irq(&vcpu->arch.tbacct_lock);
3022     --vc->n_runnable;
3023     WRITE_ONCE(vc->runnable_threads[vcpu->arch.ptid], NULL);
3024 }
3025
3026 static int kvmppc_grab_hwthread(int cpu)
3027 {
3028     struct paca_struct *tpaca;
3029     long timeout = 10000;
3030
3031     tpaca = paca_ptrs[cpu];
3032
3033     /* Ensure the thread won't go into the kernel if it wakes */
3034     tpaca->kvm_hstate.kvm_vcpu = NULL;
3035     tpaca->kvm_hstate.kvm_vcore = NULL;
3036     tpaca->kvm_hstate.napping = 0;
3037     smp_wmb();
3038     tpaca->kvm_hstate.hwthread_req = 1;
3039
3040     /*
3041      * If the thread is already executing in the kernel (e.g. handling
3042      * a stray interrupt), wait for it to get back to nap mode.
3043      * The smp_mb() is to ensure that our setting of hwthread_req
3044      * is visible before we look at hwthread_state, so if this
3045      * races with the code at system_reset_pSeries and the thread
3046      * misses our setting of hwthread_req, we are sure to see its
3047      * setting of hwthread_state, and vice versa.
3048      */
3049     smp_mb();
3050     while (tpaca->kvm_hstate.hwthread_state == KVM_HWTHREAD_IN_KERNEL) {
3051         if (--timeout <= 0) {
3052             pr_err("KVM: couldn't grab cpu %d\n", cpu);
3053             return -EBUSY;
3054         }
3055         udelay(1);
3056     }
3057     return 0;
3058 }
3059
3060 static void kvmppc_release_hwthread(int cpu)
3061 {
3062     struct paca_struct *tpaca;
3063
3064     tpaca = paca_ptrs[cpu];
3065     tpaca->kvm_hstate.hwthread_req = 0;
3066     tpaca->kvm_hstate.kvm_vcpu = NULL;
3067     tpaca->kvm_hstate.kvm_vcore = NULL;
3068     tpaca->kvm_hstate.kvm_split_mode = NULL;
3069 }
3070
3071 static DEFINE_PER_CPU(struct kvm *, cpu_in_guest);
3072
3073 static void radix_flush_cpu(struct kvm *kvm, int cpu, struct kvm_vcpu *vcpu)
3074 {
3075     struct kvm_nested_guest *nested = vcpu->arch.nested;
3076     cpumask_t *need_tlb_flush;
3077     int i;
3078
3079     if (nested)
3080         need_tlb_flush = &nested->need_tlb_flush;
3081     else
3082         need_tlb_flush = &kvm->arch.need_tlb_flush;
3083
3084     cpu = cpu_first_tlb_thread_sibling(cpu);
3085     for (i = cpu; i <= cpu_last_tlb_thread_sibling(cpu);
3086                     i += cpu_tlb_thread_sibling_step())
3087         cpumask_set_cpu(i, need_tlb_flush);
3088
3089     /*
3090      * Make sure setting of bit in need_tlb_flush precedes testing of
3091      * cpu_in_guest. The matching barrier on the other side is hwsync
3092      * when switching to guest MMU mode, which happens between
3093      * cpu_in_guest being set to the guest kvm, and need_tlb_flush bit
3094      * being tested.
3095      */
3096     smp_mb();
3097
3098     for (i = cpu; i <= cpu_last_tlb_thread_sibling(cpu);
3099                     i += cpu_tlb_thread_sibling_step()) {
3100         struct kvm *running = *per_cpu_ptr(&cpu_in_guest, i);
3101
3102         if (running == kvm)
3103             smp_call_function_single(i, do_nothing, NULL, 1);
3104     }
3105 }
3106
3107 static void do_migrate_away_vcpu(void *arg)
3108 {
3109     struct kvm_vcpu *vcpu = arg;
3110     struct kvm *kvm = vcpu->kvm;
3111
3112     /*
3113      * If the guest has GTSE, it may execute tlbie, so do a eieio; tlbsync;
3114      * ptesync sequence on the old CPU before migrating to a new one, in
3115      * case we interrupted the guest between a tlbie ; eieio ;
3116      * tlbsync; ptesync sequence.
3117      *
3118      * Otherwise, ptesync is sufficient for ordering tlbiel sequences.
3119      */
3120     if (kvm->arch.lpcr & LPCR_GTSE)
3121         asm volatile("eieio; tlbsync; ptesync");
3122     else
3123         asm volatile("ptesync");
3124 }
3125
3126 static void kvmppc_prepare_radix_vcpu(struct kvm_vcpu *vcpu, int pcpu)
3127 {
3128     struct kvm_nested_guest *nested = vcpu->arch.nested;
3129     struct kvm *kvm = vcpu->kvm;
3130     int prev_cpu;
3131
3132     if (!cpu_has_feature(CPU_FTR_HVMODE))
3133         return;
3134
3135     if (nested)
3136         prev_cpu = nested->prev_cpu[vcpu->arch.nested_vcpu_id];
3137     else
3138         prev_cpu = vcpu->arch.prev_cpu;
3139
3140     /*
3141      * With radix, the guest can do TLB invalidations itself,
3142      * and it could choose to use the local form (tlbiel) if
3143      * it is invalidating a translation that has only ever been
3144      * used on one vcpu.  However, that doesn't mean it has
3145      * only ever been used on one physical cpu, since vcpus
3146      * can move around between pcpus.  To cope with this, when
3147      * a vcpu moves from one pcpu to another, we need to tell
3148      * any vcpus running on the same core as this vcpu previously
3149      * ran to flush the TLB.
3150      */
3151     if (prev_cpu != pcpu) {
3152         if (prev_cpu >= 0) {
3153             if (cpu_first_tlb_thread_sibling(prev_cpu) !=
3154                 cpu_first_tlb_thread_sibling(pcpu))
3155                 radix_flush_cpu(kvm, prev_cpu, vcpu);
3156
3157             smp_call_function_single(prev_cpu,
3158                     do_migrate_away_vcpu, vcpu, 1);
3159         }
3160         if (nested)
3161             nested->prev_cpu[vcpu->arch.nested_vcpu_id] = pcpu;
3162         else
3163             vcpu->arch.prev_cpu = pcpu;
3164     }
3165 }
3166
3167 static void kvmppc_start_thread(struct kvm_vcpu *vcpu, struct kvmppc_vcore *vc)
3168 {
3169     int cpu;
3170     struct paca_struct *tpaca;
3171
3172     cpu = vc->pcpu;
3173     if (vcpu) {
3174         if (vcpu->arch.timer_running) {
3175             hrtimer_try_to_cancel(&vcpu->arch.dec_timer);
3176             vcpu->arch.timer_running = 0;
3177         }
3178         cpu += vcpu->arch.ptid;
3179         vcpu->cpu = vc->pcpu;
3180         vcpu->arch.thread_cpu = cpu;
3181     }
3182     tpaca = paca_ptrs[cpu];
3183     tpaca->kvm_hstate.kvm_vcpu = vcpu;
3184     tpaca->kvm_hstate.ptid = cpu - vc->pcpu;
3185     tpaca->kvm_hstate.fake_suspend = 0;
3186     /* Order stores to hstate.kvm_vcpu etc. before store to kvm_vcore */
3187     smp_wmb();
3188     tpaca->kvm_hstate.kvm_vcore = vc;
3189     if (cpu != smp_processor_id())
3190         kvmppc_ipi_thread(cpu);
3191 }
3192
3193 static void kvmppc_wait_for_nap(int n_threads)
3194 {
3195     int cpu = smp_processor_id();
3196     int i, loops;
3197
3198     if (n_threads <= 1)
3199         return;
3200     for (loops = 0; loops < 1000000; ++loops) {
3201         /*
3202          * Check if all threads are finished.
3203          * We set the vcore pointer when starting a thread
3204          * and the thread clears it when finished, so we look
3205          * for any threads that still have a non-NULL vcore ptr.
3206          */
3207         for (i = 1; i < n_threads; ++i)
3208             if (paca_ptrs[cpu + i]->kvm_hstate.kvm_vcore)
3209                 break;
3210         if (i == n_threads) {
3211             HMT_medium();
3212             return;
3213         }
3214         HMT_low();
3215     }
3216     HMT_medium();
3217     for (i = 1; i < n_threads; ++i)
3218         if (paca_ptrs[cpu + i]->kvm_hstate.kvm_vcore)
3219             pr_err("KVM: CPU %d seems to be stuck\n", cpu + i);
3220 }
3221
3222 /*
3223  * Check that we are on thread 0 and that any other threads in
3224  * this core are off-line.  Then grab the threads so they can't
3225  * enter the kernel.
3226  */
3227 static int on_primary_thread(void)
3228 {
3229     int cpu = smp_processor_id();
3230     int thr;
3231
3232     /* Are we on a primary subcore? */
3233     if (cpu_thread_in_subcore(cpu))
3234         return 0;
3235
3236     thr = 0;
3237     while (++thr < threads_per_subcore)
3238         if (cpu_online(cpu + thr))
3239             return 0;
3240
3241     /* Grab all hw threads so they can't go into the kernel */
3242     for (thr = 1; thr < threads_per_subcore; ++thr) {
3243         if (kvmppc_grab_hwthread(cpu + thr)) {
3244             /* Couldn't grab one; let the others go */
3245             do {
3246                 kvmppc_release_hwthread(cpu + thr);
3247             } while (--thr > 0);
3248             return 0;
3249         }
3250     }
3251     return 1;
3252 }
3253
3254 /*
3255  * A list of virtual cores for each physical CPU.
3256  * These are vcores that could run but their runner VCPU tasks are
3257  * (or may be) preempted.
3258  */
3259 struct preempted_vcore_list {
3260     struct list_head    list;
3261     spinlock_t      lock;
3262 };
3263
3264 static DEFINE_PER_CPU(struct preempted_vcore_list, preempted_vcores);
3265
3266 static void init_vcore_lists(void)
3267 {
3268     int cpu;
3269
3270     for_each_possible_cpu(cpu) {
3271         struct preempted_vcore_list *lp = &per_cpu(preempted_vcores, cpu);
3272         spin_lock_init(&lp->lock);
3273         INIT_LIST_HEAD(&lp->list);
3274     }
3275 }
3276
3277 static void kvmppc_vcore_preempt(struct kvmppc_vcore *vc)
3278 {
3279     struct preempted_vcore_list *lp = this_cpu_ptr(&preempted_vcores);
3280
3281     WARN_ON_ONCE(cpu_has_feature(CPU_FTR_ARCH_300));
3282
3283     vc->vcore_state = VCORE_PREEMPT;
3284     vc->pcpu = smp_processor_id();
3285     if (vc->num_threads < threads_per_vcore(vc->kvm)) {
3286         spin_lock(&lp->lock);
3287         list_add_tail(&vc->preempt_list, &lp->list);
3288         spin_unlock(&lp->lock);
3289     }
3290
3291     /* Start accumulating stolen time */
3292     kvmppc_core_start_stolen(vc, mftb());
3293 }
3294
3295 static void kvmppc_vcore_end_preempt(struct kvmppc_vcore *vc)
3296 {
3297     struct preempted_vcore_list *lp;
3298
3299     WARN_ON_ONCE(cpu_has_feature(CPU_FTR_ARCH_300));
3300
3301     kvmppc_core_end_stolen(vc, mftb());
3302     if (!list_empty(&vc->preempt_list)) {
3303         lp = &per_cpu(preempted_vcores, vc->pcpu);
3304         spin_lock(&lp->lock);
3305         list_del_init(&vc->preempt_list);
3306         spin_unlock(&lp->lock);
3307     }
3308     vc->vcore_state = VCORE_INACTIVE;
3309 }
3310
3311 /*
3312  * This stores information about the virtual cores currently
3313  * assigned to a physical core.
3314  */
3315 struct core_info {
3316     int     n_subcores;
3317     int     max_subcore_threads;
3318     int     total_threads;
3319     int     subcore_threads[MAX_SUBCORES];
3320     struct kvmppc_vcore *vc[MAX_SUBCORES];
3321 };
3322
3323 /*
3324  * This mapping means subcores 0 and 1 can use threads 0-3 and 4-7
3325  * respectively in 2-way micro-threading (split-core) mode on POWER8.
3326  */
3327 static int subcore_thread_map[MAX_SUBCORES] = { 0, 4, 2, 6 };
3328
3329 static void init_core_info(struct core_info *cip, struct kvmppc_vcore *vc)
3330 {
3331     memset(cip, 0, sizeof(*cip));
3332     cip->n_subcores = 1;
3333     cip->max_subcore_threads = vc->num_threads;
3334     cip->total_threads = vc->num_threads;
3335     cip->subcore_threads[0] = vc->num_threads;
3336     cip->vc[0] = vc;
3337 }
3338
3339 static bool subcore_config_ok(int n_subcores, int n_threads)
3340 {
3341     /*
3342      * POWER9 "SMT4" cores are permanently in what is effectively a 4-way
3343      * split-core mode, with one thread per subcore.
3344      */
3345     if (cpu_has_feature(CPU_FTR_ARCH_300))
3346         return n_subcores <= 4 && n_threads == 1;
3347
3348     /* On POWER8, can only dynamically split if unsplit to begin with */
3349     if (n_subcores > 1 && threads_per_subcore < MAX_SMT_THREADS)
3350         return false;
3351     if (n_subcores > MAX_SUBCORES)
3352         return false;
3353     if (n_subcores > 1) {
3354         if (!(dynamic_mt_modes & 2))
3355             n_subcores = 4;
3356         if (n_subcores > 2 && !(dynamic_mt_modes & 4))
3357             return false;
3358     }
3359
3360     return n_subcores * roundup_pow_of_two(n_threads) <= MAX_SMT_THREADS;
3361 }
3362
3363 static void init_vcore_to_run(struct kvmppc_vcore *vc)
3364 {
3365     vc->entry_exit_map = 0;
3366     vc->in_guest = 0;
3367     vc->napping_threads = 0;
3368     vc->conferring_threads = 0;
3369     vc->tb_offset_applied = 0;
3370 }
3371
3372 static bool can_dynamic_split(struct kvmppc_vcore *vc, struct core_info *cip)
3373 {
3374     int n_threads = vc->num_threads;
3375     int sub;
3376
3377     if (!cpu_has_feature(CPU_FTR_ARCH_207S))
3378         return false;
3379
3380     /* In one_vm_per_core mode, require all vcores to be from the same vm */
3381     if (one_vm_per_core && vc->kvm != cip->vc[0]->kvm)
3382         return false;
3383
3384     if (n_threads < cip->max_subcore_threads)
3385         n_threads = cip->max_subcore_threads;
3386     if (!subcore_config_ok(cip->n_subcores + 1, n_threads))
3387         return false;
3388     cip->max_subcore_threads = n_threads;
3389
3390     sub = cip->n_subcores;
3391     ++cip->n_subcores;
3392     cip->total_threads += vc->num_threads;
3393     cip->subcore_threads[sub] = vc->num_threads;
3394     cip->vc[sub] = vc;
3395     init_vcore_to_run(vc);
3396     list_del_init(&vc->preempt_list);
3397
3398     return true;
3399 }
3400
3401 /*
3402  * Work out whether it is possible to piggyback the execution of
3403  * vcore *pvc onto the execution of the other vcores described in *cip.
3404  */
3405 static bool can_piggyback(struct kvmppc_vcore *pvc, struct core_info *cip,
3406               int target_threads)
3407 {
3408     if (cip->total_threads + pvc->num_threads > target_threads)
3409         return false;
3410
3411     return can_dynamic_split(pvc, cip);
3412 }
3413
3414 static void prepare_threads(struct kvmppc_vcore *vc)
3415 {
3416     int i;
3417     struct kvm_vcpu *vcpu;
3418
3419     for_each_runnable_thread(i, vcpu, vc) {
3420         if (signal_pending(vcpu->arch.run_task))
3421             vcpu->arch.ret = -EINTR;
3422         else if (vcpu->arch.vpa.update_pending ||
3423              vcpu->arch.slb_shadow.update_pending ||
3424              vcpu->arch.dtl.update_pending)
3425             vcpu->arch.ret = RESUME_GUEST;
3426         else
3427             continue;
3428         kvmppc_remove_runnable(vc, vcpu, mftb());
3429         wake_up(&vcpu->arch.cpu_run);
3430     }
3431 }
3432
3433 static void collect_piggybacks(struct core_info *cip, int target_threads)
3434 {
3435     struct preempted_vcore_list *lp = this_cpu_ptr(&preempted_vcores);
3436     struct kvmppc_vcore *pvc, *vcnext;
3437
3438     spin_lock(&lp->lock);
3439     list_for_each_entry_safe(pvc, vcnext, &lp->list, preempt_list) {
3440         if (!spin_trylock(&pvc->lock))
3441             continue;
3442         prepare_threads(pvc);
3443         if (!pvc->n_runnable || !pvc->kvm->arch.mmu_ready) {
3444             list_del_init(&pvc->preempt_list);
3445             if (pvc->runner == NULL) {
3446                 pvc->vcore_state = VCORE_INACTIVE;
3447                 kvmppc_core_end_stolen(pvc, mftb());
3448             }
3449             spin_unlock(&pvc->lock);
3450             continue;
3451         }
3452         if (!can_piggyback(pvc, cip, target_threads)) {
3453             spin_unlock(&pvc->lock);
3454             continue;
3455         }
3456         kvmppc_core_end_stolen(pvc, mftb());
3457         pvc->vcore_state = VCORE_PIGGYBACK;
3458         if (cip->total_threads >= target_threads)
3459             break;
3460     }
3461     spin_unlock(&lp->lock);
3462 }
3463
3464 static bool recheck_signals_and_mmu(struct core_info *cip)
3465 {
3466     int sub, i;
3467     struct kvm_vcpu *vcpu;
3468     struct kvmppc_vcore *vc;
3469
3470     for (sub = 0; sub < cip->n_subcores; ++sub) {
3471         vc = cip->vc[sub];
3472         if (!vc->kvm->arch.mmu_ready)
3473             return true;
3474         for_each_runnable_thread(i, vcpu, vc)
3475             if (signal_pending(vcpu->arch.run_task))
3476                 return true;
3477     }
3478     return false;
3479 }
3480
3481 static void post_guest_process(struct kvmppc_vcore *vc, bool is_master)
3482 {
3483     int still_running = 0, i;
3484     u64 now;
3485     long ret;
3486     struct kvm_vcpu *vcpu;
3487
3488     spin_lock(&vc->lock);
3489     now = get_tb();
3490     for_each_runnable_thread(i, vcpu, vc) {
3491         /*
3492          * It's safe to unlock the vcore in the loop here, because
3493          * for_each_runnable_thread() is safe against removal of
3494          * the vcpu, and the vcore state is VCORE_EXITING here,
3495          * so any vcpus becoming runnable will have their arch.trap
3496          * set to zero and can't actually run in the guest.
3497          */
3498         spin_unlock(&vc->lock);
3499         /* cancel pending dec exception if dec is positive */
3500         if (now < kvmppc_dec_expires_host_tb(vcpu) &&
3501             kvmppc_core_pending_dec(vcpu))
3502             kvmppc_core_dequeue_dec(vcpu);
3503
3504         trace_kvm_guest_exit(vcpu);
3505
3506         ret = RESUME_GUEST;
3507         if (vcpu->arch.trap)
3508             ret = kvmppc_handle_exit_hv(vcpu,
3509                             vcpu->arch.run_task);
3510
3511         vcpu->arch.ret = ret;
3512         vcpu->arch.trap = 0;
3513
3514         spin_lock(&vc->lock);
3515         if (is_kvmppc_resume_guest(vcpu->arch.ret)) {
3516             if (vcpu->arch.pending_exceptions)
3517                 kvmppc_core_prepare_to_enter(vcpu);
3518             if (vcpu->arch.ceded)
3519                 kvmppc_set_timer(vcpu);
3520             else
3521                 ++still_running;
3522         } else {
3523             kvmppc_remove_runnable(vc, vcpu, mftb());
3524             wake_up(&vcpu->arch.cpu_run);
3525         }
3526     }
3527     if (!is_master) {
3528         if (still_running > 0) {
3529             kvmppc_vcore_preempt(vc);
3530         } else if (vc->runner) {
3531             vc->vcore_state = VCORE_PREEMPT;
3532             kvmppc_core_start_stolen(vc, mftb());
3533         } else {
3534             vc->vcore_state = VCORE_INACTIVE;
3535         }
3536         if (vc->n_runnable > 0 && vc->runner == NULL) {
3537             /* make sure there's a candidate runner awake */
3538             i = -1;
3539             vcpu = next_runnable_thread(vc, &i);
3540             wake_up(&vcpu->arch.cpu_run);
3541         }
3542     }
3543     spin_unlock(&vc->lock);
3544 }
3545
3546 /*
3547  * Clear core from the list of active host cores as we are about to
3548  * enter the guest. Only do this if it is the primary thread of the
3549  * core (not if a subcore) that is entering the guest.
3550  */
3551 static inline int kvmppc_clear_host_core(unsigned int cpu)
3552 {
3553     int core;
3554
3555     if (!kvmppc_host_rm_ops_hv || cpu_thread_in_core(cpu))
3556         return 0;
3557     /*
3558      * Memory barrier can be omitted here as we will do a smp_wmb()
3559      * later in kvmppc_start_thread and we need ensure that state is
3560      * visible to other CPUs only after we enter guest.
3561      */
3562     core = cpu >> threads_shift;
3563     kvmppc_host_rm_ops_hv->rm_core[core].rm_state.in_host = 0;
3564     return 0;
3565 }
3566
3567 /*
3568  * Advertise this core as an active host core since we exited the guest
3569  * Only need to do this if it is the primary thread of the core that is
3570  * exiting.
3571  */
3572 static inline int kvmppc_set_host_core(unsigned int cpu)
3573 {
3574     int core;
3575
3576     if (!kvmppc_host_rm_ops_hv || cpu_thread_in_core(cpu))
3577         return 0;
3578
3579     /*
3580      * Memory barrier can be omitted here because we do a spin_unlock
3581      * immediately after this which provides the memory barrier.
3582      */
3583     core = cpu >> threads_shift;
3584     kvmppc_host_rm_ops_hv->rm_core[core].rm_state.in_host = 1;
3585     return 0;
3586 }
3587
3588 static void set_irq_happened(int trap)
3589 {
3590     switch (trap) {
3591     case BOOK3S_INTERRUPT_EXTERNAL:
3592         local_paca->irq_happened |= PACA_IRQ_EE;
3593         break;
3594     case BOOK3S_INTERRUPT_H_DOORBELL:
3595         local_paca->irq_happened |= PACA_IRQ_DBELL;
3596         break;
3597     case BOOK3S_INTERRUPT_HMI:
3598         local_paca->irq_happened |= PACA_IRQ_HMI;
3599         break;
3600     case BOOK3S_INTERRUPT_SYSTEM_RESET:
3601         replay_system_reset();
3602         break;
3603     }
3604 }
3605
3606 /*
3607  * Run a set of guest threads on a physical core.
3608  * Called with vc->lock held.
3609  */
3610 static noinline void kvmppc_run_core(struct kvmppc_vcore *vc)
3611 {
3612     struct kvm_vcpu *vcpu;
3613     int i;
3614     int srcu_idx;
3615     struct core_info core_info;
3616     struct kvmppc_vcore *pvc;
3617     struct kvm_split_mode split_info, *sip;
3618     int split, subcore_size, active;
3619     int sub;
3620     bool thr0_done;
3621     unsigned long cmd_bit, stat_bit;
3622     int pcpu, thr;
3623     int target_threads;
3624     int controlled_threads;
3625     int trap;
3626     bool is_power8;
3627
3628     if (WARN_ON_ONCE(cpu_has_feature(CPU_FTR_ARCH_300)))
3629         return;
3630
3631     /*
3632      * Remove from the list any threads that have a signal pending
3633      * or need a VPA update done
3634      */
3635     prepare_threads(vc);
3636
3637     /* if the runner is no longer runnable, let the caller pick a new one */
3638     if (vc->runner->arch.state != KVMPPC_VCPU_RUNNABLE)
3639         return;
3640
3641     /*
3642      * Initialize *vc.
3643      */
3644     init_vcore_to_run(vc);
3645     vc->preempt_tb = TB_NIL;
3646
3647     /*
3648      * Number of threads that we will be controlling: the same as
3649      * the number of threads per subcore, except on POWER9,
3650      * where it's 1 because the threads are (mostly) independent.
3651      */
3652     controlled_threads = threads_per_vcore(vc->kvm);
3653
3654     /*
3655      * Make sure we are running on primary threads, and that secondary
3656      * threads are offline.  Also check if the number of threads in this
3657      * guest are greater than the current system threads per guest.
3658      */
3659     if ((controlled_threads > 1) &&
3660         ((vc->num_threads > threads_per_subcore) || !on_primary_thread())) {
3661         for_each_runnable_thread(i, vcpu, vc) {
3662             vcpu->arch.ret = -EBUSY;
3663             kvmppc_remove_runnable(vc, vcpu, mftb());
3664             wake_up(&vcpu->arch.cpu_run);
3665         }
3666         goto out;
3667     }
3668
3669     /*
3670      * See if we could run any other vcores on the physical core
3671      * along with this one.
3672      */
3673     init_core_info(&core_info, vc);
3674     pcpu = smp_processor_id();
3675     target_threads = controlled_threads;
3676     if (target_smt_mode && target_smt_mode < target_threads)
3677         target_threads = target_smt_mode;
3678     if (vc->num_threads < target_threads)
3679         collect_piggybacks(&core_info, target_threads);
3680
3681     /*
3682      * Hard-disable interrupts, and check resched flag and signals.
3683      * If we need to reschedule or deliver a signal, clean up
3684      * and return without going into the guest(s).
3685      * If the mmu_ready flag has been cleared, don't go into the
3686      * guest because that means a HPT resize operation is in progress.
3687      */
3688     local_irq_disable();
3689     hard_irq_disable();
3690     if (lazy_irq_pending() || need_resched() ||
3691         recheck_signals_and_mmu(&core_info)) {
3692         local_irq_enable();
3693         vc->vcore_state = VCORE_INACTIVE;
3694         /* Unlock all except the primary vcore */
3695         for (sub = 1; sub < core_info.n_subcores; ++sub) {
3696             pvc = core_info.vc[sub];
3697             /* Put back on to the preempted vcores list */
3698             kvmppc_vcore_preempt(pvc);
3699             spin_unlock(&pvc->lock);
3700         }
3701         for (i = 0; i < controlled_threads; ++i)
3702             kvmppc_release_hwthread(pcpu + i);
3703         return;
3704     }
3705
3706     kvmppc_clear_host_core(pcpu);
3707
3708     /* Decide on micro-threading (split-core) mode */
3709     subcore_size = threads_per_subcore;
3710     cmd_bit = stat_bit = 0;
3711     split = core_info.n_subcores;
3712     sip = NULL;
3713     is_power8 = cpu_has_feature(CPU_FTR_ARCH_207S);
3714
3715     if (split > 1) {
3716         sip = &split_info;
3717         memset(&split_info, 0, sizeof(split_info));
3718         for (sub = 0; sub < core_info.n_subcores; ++sub)
3719             split_info.vc[sub] = core_info.vc[sub];
3720
3721         if (is_power8) {
3722             if (split == 2 && (dynamic_mt_modes & 2)) {
3723                 cmd_bit = HID0_POWER8_1TO2LPAR;
3724                 stat_bit = HID0_POWER8_2LPARMODE;
3725             } else {
3726                 split = 4;
3727                 cmd_bit = HID0_POWER8_1TO4LPAR;
3728                 stat_bit = HID0_POWER8_4LPARMODE;
3729             }
3730             subcore_size = MAX_SMT_THREADS / split;
3731             split_info.rpr = mfspr(SPRN_RPR);
3732             split_info.pmmar = mfspr(SPRN_PMMAR);
3733             split_info.ldbar = mfspr(SPRN_LDBAR);
3734             split_info.subcore_size = subcore_size;
3735         } else {
3736             split_info.subcore_size = 1;
3737         }
3738
3739         /* order writes to split_info before kvm_split_mode pointer */
3740         smp_wmb();
3741     }
3742
3743     for (thr = 0; thr < controlled_threads; ++thr) {
3744         struct paca_struct *paca = paca_ptrs[pcpu + thr];
3745
3746         paca->kvm_hstate.napping = 0;
3747         paca->kvm_hstate.kvm_split_mode = sip;
3748     }
3749
3750     /* Initiate micro-threading (split-core) on POWER8 if required */
3751     if (cmd_bit) {
3752         unsigned long hid0 = mfspr(SPRN_HID0);
3753
3754         hid0 |= cmd_bit | HID0_POWER8_DYNLPARDIS;
3755         mb();
3756         mtspr(SPRN_HID0, hid0);
3757         isync();
3758         for (;;) {
3759             hid0 = mfspr(SPRN_HID0);
3760             if (hid0 & stat_bit)
3761                 break;
3762             cpu_relax();
3763         }
3764     }
3765
3766     /*
3767      * On POWER8, set RWMR register.
3768      * Since it only affects PURR and SPURR, it doesn't affect
3769      * the host, so we don't save/restore the host value.
3770      */
3771     if (is_power8) {
3772         unsigned long rwmr_val = RWMR_RPA_P8_8THREAD;
3773         int n_online = atomic_read(&vc->online_count);
3774
3775         /*
3776          * Use the 8-thread value if we're doing split-core
3777          * or if the vcore's online count looks bogus.
3778          */
3779         if (split == 1 && threads_per_subcore == MAX_SMT_THREADS &&
3780             n_online >= 1 && n_online <= MAX_SMT_THREADS)
3781             rwmr_val = p8_rwmr_values[n_online];
3782         mtspr(SPRN_RWMR, rwmr_val);
3783     }
3784
3785     /* Start all the threads */
3786     active = 0;
3787     for (sub = 0; sub < core_info.n_subcores; ++sub) {
3788         thr = is_power8 ? subcore_thread_map[sub] : sub;
3789         thr0_done = false;
3790         active |= 1 << thr;
3791         pvc = core_info.vc[sub];
3792         pvc->pcpu = pcpu + thr;
3793         for_each_runnable_thread(i, vcpu, pvc) {
3794             /*
3795              * XXX: is kvmppc_start_thread called too late here?
3796              * It updates vcpu->cpu and vcpu->arch.thread_cpu
3797              * which are used by kvmppc_fast_vcpu_kick_hv(), but
3798              * kick is called after new exceptions become available
3799              * and exceptions are checked earlier than here, by
3800              * kvmppc_core_prepare_to_enter.
3801              */
3802             kvmppc_start_thread(vcpu, pvc);
3803             kvmppc_create_dtl_entry(vcpu, pvc);
3804             trace_kvm_guest_enter(vcpu);
3805             if (!vcpu->arch.ptid)
3806                 thr0_done = true;
3807             active |= 1 << (thr + vcpu->arch.ptid);
3808         }
3809         /*
3810          * We need to start the first thread of each subcore
3811          * even if it doesn't have a vcpu.
3812          */
3813         if (!thr0_done)
3814             kvmppc_start_thread(NULL, pvc);
3815     }
3816
3817     /*
3818      * Ensure that split_info.do_nap is set after setting
3819      * the vcore pointer in the PACA of the secondaries.
3820      */
3821     smp_mb();
3822
3823     /*
3824      * When doing micro-threading, poke the inactive threads as well.
3825      * This gets them to the nap instruction after kvm_do_nap,
3826      * which reduces the time taken to unsplit later.
3827      */
3828     if (cmd_bit) {
3829         split_info.do_nap = 1;  /* ask secondaries to nap when done */
3830         for (thr = 1; thr < threads_per_subcore; ++thr)
3831             if (!(active & (1 << thr)))
3832                 kvmppc_ipi_thread(pcpu + thr);
3833     }
3834
3835     vc->vcore_state = VCORE_RUNNING;
3836     preempt_disable();
3837
3838     trace_kvmppc_run_core(vc, 0);
3839
3840     for (sub = 0; sub < core_info.n_subcores; ++sub)
3841         spin_unlock(&core_info.vc[sub]->lock);
3842
3843     guest_enter_irqoff();
3844
3845     srcu_idx = srcu_read_lock(&vc->kvm->srcu);
3846
3847     this_cpu_disable_ftrace();
3848
3849     /*
3850      * Interrupts will be enabled once we get into the guest,
3851      * so tell lockdep that we're about to enable interrupts.
3852      */
3853     trace_hardirqs_on();
3854
3855     trap = __kvmppc_vcore_entry();
3856
3857     trace_hardirqs_off();
3858
3859     this_cpu_enable_ftrace();
3860
3861     srcu_read_unlock(&vc->kvm->srcu, srcu_idx);
3862
3863     set_irq_happened(trap);
3864
3865     spin_lock(&vc->lock);
3866     /* prevent other vcpu threads from doing kvmppc_start_thread() now */
3867     vc->vcore_state = VCORE_EXITING;
3868
3869     /* wait for secondary threads to finish writing their state to memory */
3870     kvmppc_wait_for_nap(controlled_threads);
3871
3872     /* Return to whole-core mode if we split the core earlier */
3873     if (cmd_bit) {
3874         unsigned long hid0 = mfspr(SPRN_HID0);
3875         unsigned long loops = 0;
3876
3877         hid0 &= ~HID0_POWER8_DYNLPARDIS;
3878         stat_bit = HID0_POWER8_2LPARMODE | HID0_POWER8_4LPARMODE;
3879         mb();
3880         mtspr(SPRN_HID0, hid0);
3881         isync();
3882         for (;;) {
3883             hid0 = mfspr(SPRN_HID0);
3884             if (!(hid0 & stat_bit))
3885                 break;
3886             cpu_relax();
3887             ++loops;
3888         }
3889         split_info.do_nap = 0;
3890     }
3891
3892     kvmppc_set_host_core(pcpu);
3893
3894     context_tracking_guest_exit();
3895     if (!vtime_accounting_enabled_this_cpu()) {
3896         local_irq_enable();
3897         /*
3898          * Service IRQs here before vtime_account_guest_exit() so any
3899          * ticks that occurred while running the guest are accounted to
3900          * the guest. If vtime accounting is enabled, accounting uses
3901          * TB rather than ticks, so it can be done without enabling
3902          * interrupts here, which has the problem that it accounts
3903          * interrupt processing overhead to the host.
3904          */
3905         local_irq_disable();
3906     }
3907     vtime_account_guest_exit();
3908
3909     local_irq_enable();
3910
3911     /* Let secondaries go back to the offline loop */
3912     for (i = 0; i < controlled_threads; ++i) {
3913         kvmppc_release_hwthread(pcpu + i);
3914         if (sip && sip->napped[i])
3915             kvmppc_ipi_thread(pcpu + i);
3916     }
3917
3918     spin_unlock(&vc->lock);
3919
3920     /* make sure updates to secondary vcpu structs are visible now */
3921     smp_mb();
3922
3923     preempt_enable();
3924
3925     for (sub = 0; sub < core_info.n_subcores; ++sub) {
3926         pvc = core_info.vc[sub];
3927         post_guest_process(pvc, pvc == vc);
3928     }
3929
3930     spin_lock(&vc->lock);
3931
3932  out:
3933     vc->vcore_state = VCORE_INACTIVE;
3934     trace_kvmppc_run_core(vc, 1);
3935 }
3936
3937 static inline bool hcall_is_xics(unsigned long req)
3938 {
3939     return req == H_EOI || req == H_CPPR || req == H_IPI ||
3940         req == H_IPOLL || req == H_XIRR || req == H_XIRR_X;
3941 }
3942
3943 static void vcpu_vpa_increment_dispatch(struct kvm_vcpu *vcpu)
3944 {
3945     struct lppaca *lp = vcpu->arch.vpa.pinned_addr;
3946     if (lp) {
3947         u32 yield_count = be32_to_cpu(lp->yield_count) + 1;
3948         lp->yield_count = cpu_to_be32(yield_count);
3949         vcpu->arch.vpa.dirty = 1;
3950     }
3951 }
3952
3953 /* call our hypervisor to load up HV regs and go */
3954 static int kvmhv_vcpu_entry_p9_nested(struct kvm_vcpu *vcpu, u64 time_limit, unsigned long lpcr, u64 *tb)
3955 {
3956     struct kvmppc_vcore *vc = vcpu->arch.vcore;
3957     unsigned long host_psscr;
3958     unsigned long msr;
3959     struct hv_guest_state hvregs;
3960     struct p9_host_os_sprs host_os_sprs;
3961     s64 dec;
3962     int trap;
3963
3964     msr = mfmsr();
3965
3966     save_p9_host_os_sprs(&host_os_sprs);
3967
3968     /*
3969      * We need to save and restore the guest visible part of the
3970      * psscr (i.e. using SPRN_PSSCR_PR) since the hypervisor
3971      * doesn't do this for us. Note only required if pseries since
3972      * this is done in kvmhv_vcpu_entry_p9() below otherwise.
3973      */
3974     host_psscr = mfspr(SPRN_PSSCR_PR);
3975
3976     kvmppc_msr_hard_disable_set_facilities(vcpu, msr);
3977     if (lazy_irq_pending())
3978         return 0;
3979
3980     if (unlikely(load_vcpu_state(vcpu, &host_os_sprs)))
3981         msr = mfmsr(); /* TM restore can update msr */
3982
3983     if (vcpu->arch.psscr != host_psscr)
3984         mtspr(SPRN_PSSCR_PR, vcpu->arch.psscr);
3985
3986     kvmhv_save_hv_regs(vcpu, &hvregs);
3987     hvregs.lpcr = lpcr;
3988     hvregs.amor = ~0;
3989     vcpu->arch.regs.msr = vcpu->arch.shregs.msr;
3990     hvregs.version = HV_GUEST_STATE_VERSION;
3991     if (vcpu->arch.nested) {
3992         hvregs.lpid = vcpu->arch.nested->shadow_lpid;
3993         hvregs.vcpu_token = vcpu->arch.nested_vcpu_id;
3994     } else {
3995         hvregs.lpid = vcpu->kvm->arch.lpid;
3996         hvregs.vcpu_token = vcpu->vcpu_id;
3997     }
3998     hvregs.hdec_expiry = time_limit;
3999
4000     /*
4001      * When setting DEC, we must always deal with irq_work_raise
4002      * via NMI vs setting DEC. The problem occurs right as we
4003      * switch into guest mode if a NMI hits and sets pending work
4004      * and sets DEC, then that will apply to the guest and not
4005      * bring us back to the host.
4006      *
4007      * irq_work_raise could check a flag (or possibly LPCR[HDICE]
4008      * for example) and set HDEC to 1? That wouldn't solve the
4009      * nested hv case which needs to abort the hcall or zero the
4010      * time limit.
4011      *
4012      * XXX: Another day's problem.
4013      */
4014     mtspr(SPRN_DEC, kvmppc_dec_expires_host_tb(vcpu) - *tb);
4015
4016     mtspr(SPRN_DAR, vcpu->arch.shregs.dar);
4017     mtspr(SPRN_DSISR, vcpu->arch.shregs.dsisr);
4018     switch_pmu_to_guest(vcpu, &host_os_sprs);
4019     accumulate_time(vcpu, &vcpu->arch.in_guest);
4020     trap = plpar_hcall_norets(H_ENTER_NESTED, __pa(&hvregs),
4021                   __pa(&vcpu->arch.regs));
4022     accumulate_time(vcpu, &vcpu->arch.guest_exit);
4023     kvmhv_restore_hv_return_state(vcpu, &hvregs);
4024     switch_pmu_to_host(vcpu, &host_os_sprs);
4025     vcpu->arch.shregs.msr = vcpu->arch.regs.msr;
4026     vcpu->arch.shregs.dar = mfspr(SPRN_DAR);
4027     vcpu->arch.shregs.dsisr = mfspr(SPRN_DSISR);
4028     vcpu->arch.psscr = mfspr(SPRN_PSSCR_PR);
4029
4030     store_vcpu_state(vcpu);
4031
4032     dec = mfspr(SPRN_DEC);
4033     if (!(lpcr & LPCR_LD)) /* Sign extend if not using large decrementer */
4034         dec = (s32) dec;
4035     *tb = mftb();
4036     vcpu->arch.dec_expires = dec + (*tb + vc->tb_offset);
4037
4038     timer_rearm_host_dec(*tb);
4039
4040     restore_p9_host_os_sprs(vcpu, &host_os_sprs);
4041     if (vcpu->arch.psscr != host_psscr)
4042         mtspr(SPRN_PSSCR_PR, host_psscr);
4043
4044     return trap;
4045 }
4046
4047 /*
4048  * Guest entry for POWER9 and later CPUs.
4049  */
4050 static int kvmhv_p9_guest_entry(struct kvm_vcpu *vcpu, u64 time_limit,
4051              unsigned long lpcr, u64 *tb)
4052 {
4053     struct kvm *kvm = vcpu->kvm;
4054     struct kvm_nested_guest *nested = vcpu->arch.nested;
4055     u64 next_timer;
4056     int trap;
4057
4058     next_timer = timer_get_next_tb();
4059     if (*tb >= next_timer)
4060         return BOOK3S_INTERRUPT_HV_DECREMENTER;
4061     if (next_timer < time_limit)
4062         time_limit = next_timer;
4063     else if (*tb >= time_limit) /* nested time limit */
4064         return BOOK3S_INTERRUPT_NESTED_HV_DECREMENTER;
4065
4066     vcpu->arch.ceded = 0;
4067
4068     vcpu_vpa_increment_dispatch(vcpu);
4069
4070     if (kvmhv_on_pseries()) {
4071         trap = kvmhv_vcpu_entry_p9_nested(vcpu, time_limit, lpcr, tb);
4072
4073         /* H_CEDE has to be handled now, not later */
4074         if (trap == BOOK3S_INTERRUPT_SYSCALL && !nested &&
4075             kvmppc_get_gpr(vcpu, 3) == H_CEDE) {
4076             kvmppc_cede(vcpu);
4077             kvmppc_set_gpr(vcpu, 3, 0);
4078             trap = 0;
4079         }
4080
4081     } else if (nested) {
4082         __this_cpu_write(cpu_in_guest, kvm);
4083         trap = kvmhv_vcpu_entry_p9(vcpu, time_limit, lpcr, tb);
4084         __this_cpu_write(cpu_in_guest, NULL);
4085
4086     } else {
4087         kvmppc_xive_push_vcpu(vcpu);
4088
4089         __this_cpu_write(cpu_in_guest, kvm);
4090         trap = kvmhv_vcpu_entry_p9(vcpu, time_limit, lpcr, tb);
4091         __this_cpu_write(cpu_in_guest, NULL);
4092
4093         if (trap == BOOK3S_INTERRUPT_SYSCALL &&
4094             !(vcpu->arch.shregs.msr & MSR_PR)) {
4095             unsigned long req = kvmppc_get_gpr(vcpu, 3);
4096
4097             /*
4098              * XIVE rearm and XICS hcalls must be handled
4099              * before xive context is pulled (is this
4100              * true?)
4101              */
4102             if (req == H_CEDE) {
4103                 /* H_CEDE has to be handled now */
4104                 kvmppc_cede(vcpu);
4105                 if (!kvmppc_xive_rearm_escalation(vcpu)) {
4106                     /*
4107                      * Pending escalation so abort
4108                      * the cede.
4109                      */
4110                     vcpu->arch.ceded = 0;
4111                 }
4112                 kvmppc_set_gpr(vcpu, 3, 0);
4113                 trap = 0;
4114
4115             } else if (req == H_ENTER_NESTED) {
4116                 /*
4117                  * L2 should not run with the L1
4118                  * context so rearm and pull it.
4119                  */
4120                 if (!kvmppc_xive_rearm_escalation(vcpu)) {
4121                     /*
4122                      * Pending escalation so abort
4123                      * H_ENTER_NESTED.
4124                      */
4125                     kvmppc_set_gpr(vcpu, 3, 0);
4126                     trap = 0;
4127                 }
4128
4129             } else if (hcall_is_xics(req)) {
4130                 int ret;
4131
4132                 ret = kvmppc_xive_xics_hcall(vcpu, req);
4133                 if (ret != H_TOO_HARD) {
4134                     kvmppc_set_gpr(vcpu, 3, ret);
4135                     trap = 0;
4136                 }
4137             }
4138         }
4139         kvmppc_xive_pull_vcpu(vcpu);
4140
4141         if (kvm_is_radix(kvm))
4142             vcpu->arch.slb_max = 0;
4143     }
4144
4145     vcpu_vpa_increment_dispatch(vcpu);
4146
4147     return trap;
4148 }
4149
4150 /*
4151  * Wait for some other vcpu thread to execute us, and
4152  * wake us up when we need to handle something in the host.
4153  */
4154 static void kvmppc_wait_for_exec(struct kvmppc_vcore *vc,
4155                  struct kvm_vcpu *vcpu, int wait_state)
4156 {
4157     DEFINE_WAIT(wait);
4158
4159     prepare_to_wait(&vcpu->arch.cpu_run, &wait, wait_state);
4160     if (vcpu->arch.state == KVMPPC_VCPU_RUNNABLE) {
4161         spin_unlock(&vc->lock);
4162         schedule();
4163         spin_lock(&vc->lock);
4164     }
4165     finish_wait(&vcpu->arch.cpu_run, &wait);
4166 }
4167
4168 static void grow_halt_poll_ns(struct kvmppc_vcore *vc)
4169 {
4170     if (!halt_poll_ns_grow)
4171         return;
4172
4173     vc->halt_poll_ns *= halt_poll_ns_grow;
4174     if (vc->halt_poll_ns < halt_poll_ns_grow_start)
4175         vc->halt_poll_ns = halt_poll_ns_grow_start;
4176 }
4177
4178 static void shrink_halt_poll_ns(struct kvmppc_vcore *vc)
4179 {
4180     if (halt_poll_ns_shrink == 0)
4181         vc->halt_poll_ns = 0;
4182     else
4183         vc->halt_poll_ns /= halt_poll_ns_shrink;
4184 }
4185
4186 #ifdef CONFIG_KVM_XICS
4187 static inline bool xive_interrupt_pending(struct kvm_vcpu *vcpu)
4188 {
4189     if (!xics_on_xive())
4190         return false;
4191     return vcpu->arch.irq_pending || vcpu->arch.xive_saved_state.pipr <
4192         vcpu->arch.xive_saved_state.cppr;
4193 }
4194 #else
4195 static inline bool xive_interrupt_pending(struct kvm_vcpu *vcpu)
4196 {
4197     return false;
4198 }
4199 #endif /* CONFIG_KVM_XICS */
4200
4201 static bool kvmppc_vcpu_woken(struct kvm_vcpu *vcpu)
4202 {
4203     if (vcpu->arch.pending_exceptions || vcpu->arch.prodded ||
4204         kvmppc_doorbell_pending(vcpu) || xive_interrupt_pending(vcpu))
4205         return true;
4206
4207     return false;
4208 }
4209
4210 static bool kvmppc_vcpu_check_block(struct kvm_vcpu *vcpu)
4211 {
4212     if (!vcpu->arch.ceded || kvmppc_vcpu_woken(vcpu))
4213         return true;
4214     return false;
4215 }
4216
4217 /*
4218  * Check to see if any of the runnable vcpus on the vcore have pending
4219  * exceptions or are no longer ceded
4220  */
4221 static int kvmppc_vcore_check_block(struct kvmppc_vcore *vc)
4222 {
4223     struct kvm_vcpu *vcpu;
4224     int i;
4225
4226     for_each_runnable_thread(i, vcpu, vc) {
4227         if (kvmppc_vcpu_check_block(vcpu))
4228             return 1;
4229     }
4230
4231     return 0;
4232 }
4233
4234 /*
4235  * All the vcpus in this vcore are idle, so wait for a decrementer
4236  * or external interrupt to one of the vcpus.  vc->lock is held.
4237  */
4238 static void kvmppc_vcore_blocked(struct kvmppc_vcore *vc)
4239 {
4240     ktime_t cur, start_poll, start_wait;
4241     int do_sleep = 1;
4242     u64 block_ns;
4243
4244     WARN_ON_ONCE(cpu_has_feature(CPU_FTR_ARCH_300));
4245
4246     /* Poll for pending exceptions and ceded state */
4247     cur = start_poll = ktime_get();
4248     if (vc->halt_poll_ns) {
4249         ktime_t stop = ktime_add_ns(start_poll, vc->halt_poll_ns);
4250         ++vc->runner->stat.generic.halt_attempted_poll;
4251
4252         vc->vcore_state = VCORE_POLLING;
4253         spin_unlock(&vc->lock);
4254
4255         do {
4256             if (kvmppc_vcore_check_block(vc)) {
4257                 do_sleep = 0;
4258                 break;
4259             }
4260             cur = ktime_get();
4261         } while (kvm_vcpu_can_poll(cur, stop));
4262
4263         spin_lock(&vc->lock);
4264         vc->vcore_state = VCORE_INACTIVE;
4265
4266         if (!do_sleep) {
4267             ++vc->runner->stat.generic.halt_successful_poll;
4268             goto out;
4269         }
4270     }
4271
4272     prepare_to_rcuwait(&vc->wait);
4273     set_current_state(TASK_INTERRUPTIBLE);
4274     if (kvmppc_vcore_check_block(vc)) {
4275         finish_rcuwait(&vc->wait);
4276         do_sleep = 0;
4277         /* If we polled, count this as a successful poll */
4278         if (vc->halt_poll_ns)
4279             ++vc->runner->stat.generic.halt_successful_poll;
4280         goto out;
4281     }
4282
4283     start_wait = ktime_get();
4284
4285     vc->vcore_state = VCORE_SLEEPING;
4286     trace_kvmppc_vcore_blocked(vc->runner, 0);
4287     spin_unlock(&vc->lock);
4288     schedule();
4289     finish_rcuwait(&vc->wait);
4290     spin_lock(&vc->lock);
4291     vc->vcore_state = VCORE_INACTIVE;
4292     trace_kvmppc_vcore_blocked(vc->runner, 1);
4293     ++vc->runner->stat.halt_successful_wait;
4294
4295     cur = ktime_get();
4296
4297 out:
4298     block_ns = ktime_to_ns(cur) - ktime_to_ns(start_poll);
4299
4300     /* Attribute wait time */
4301     if (do_sleep) {
4302         vc->runner->stat.generic.halt_wait_ns +=
4303             ktime_to_ns(cur) - ktime_to_ns(start_wait);
4304         KVM_STATS_LOG_HIST_UPDATE(
4305                 vc->runner->stat.generic.halt_wait_hist,
4306                 ktime_to_ns(cur) - ktime_to_ns(start_wait));
4307         /* Attribute failed poll time */
4308         if (vc->halt_poll_ns) {
4309             vc->runner->stat.generic.halt_poll_fail_ns +=
4310                 ktime_to_ns(start_wait) -
4311                 ktime_to_ns(start_poll);
4312             KVM_STATS_LOG_HIST_UPDATE(
4313                 vc->runner->stat.generic.halt_poll_fail_hist,
4314                 ktime_to_ns(start_wait) -
4315                 ktime_to_ns(start_poll));
4316         }
4317     } else {
4318         /* Attribute successful poll time */
4319         if (vc->halt_poll_ns) {
4320             vc->runner->stat.generic.halt_poll_success_ns +=
4321                 ktime_to_ns(cur) -
4322                 ktime_to_ns(start_poll);
4323             KVM_STATS_LOG_HIST_UPDATE(
4324                 vc->runner->stat.generic.halt_poll_success_hist,
4325                 ktime_to_ns(cur) - ktime_to_ns(start_poll));
4326         }
4327     }
4328
4329     /* Adjust poll time */
4330     if (halt_poll_ns) {
4331         if (block_ns <= vc->halt_poll_ns)
4332             ;
4333         /* We slept and blocked for longer than the max halt time */
4334         else if (vc->halt_poll_ns && block_ns > halt_poll_ns)
4335             shrink_halt_poll_ns(vc);
4336         /* We slept and our poll time is too small */
4337         else if (vc->halt_poll_ns < halt_poll_ns &&
4338                 block_ns < halt_poll_ns)
4339             grow_halt_poll_ns(vc);
4340         if (vc->halt_poll_ns > halt_poll_ns)
4341             vc->halt_poll_ns = halt_poll_ns;
4342     } else
4343         vc->halt_poll_ns = 0;
4344
4345     trace_kvmppc_vcore_wakeup(do_sleep, block_ns);
4346 }
4347
4348 /*
4349  * This never fails for a radix guest, as none of the operations it does
4350  * for a radix guest can fail or have a way to report failure.
4351  */
4352 static int kvmhv_setup_mmu(struct kvm_vcpu *vcpu)
4353 {
4354     int r = 0;
4355     struct kvm *kvm = vcpu->kvm;
4356
4357     mutex_lock(&kvm->arch.mmu_setup_lock);
4358     if (!kvm->arch.mmu_ready) {
4359         if (!kvm_is_radix(kvm))
4360             r = kvmppc_hv_setup_htab_rma(vcpu);
4361         if (!r) {
4362             if (cpu_has_feature(CPU_FTR_ARCH_300))
4363                 kvmppc_setup_partition_table(kvm);
4364             kvm->arch.mmu_ready = 1;
4365         }
4366     }
4367     mutex_unlock(&kvm->arch.mmu_setup_lock);
4368     return r;
4369 }
4370
4371 static int kvmppc_run_vcpu(struct kvm_vcpu *vcpu)
4372 {
4373     struct kvm_run *run = vcpu->run;
4374     int n_ceded, i, r;
4375     struct kvmppc_vcore *vc;
4376     struct kvm_vcpu *v;
4377
4378     trace_kvmppc_run_vcpu_enter(vcpu);
4379
4380     run->exit_reason = 0;
4381     vcpu->arch.ret = RESUME_GUEST;
4382     vcpu->arch.trap = 0;
4383     kvmppc_update_vpas(vcpu);
4384
4385     /*
4386      * Synchronize with other threads in this virtual core
4387      */
4388     vc = vcpu->arch.vcore;
4389     spin_lock(&vc->lock);
4390     vcpu->arch.ceded = 0;
4391     vcpu->arch.run_task = current;
4392     vcpu->arch.stolen_logged = vcore_stolen_time(vc, mftb());
4393     vcpu->arch.state = KVMPPC_VCPU_RUNNABLE;
4394     vcpu->arch.busy_preempt = TB_NIL;
4395     WRITE_ONCE(vc->runnable_threads[vcpu->arch.ptid], vcpu);
4396     ++vc->n_runnable;
4397
4398     /*
4399      * This happens the first time this is called for a vcpu.
4400      * If the vcore is already running, we may be able to start
4401      * this thread straight away and have it join in.
4402      */
4403     if (!signal_pending(current)) {
4404         if ((vc->vcore_state == VCORE_PIGGYBACK ||
4405              vc->vcore_state == VCORE_RUNNING) &&
4406                !VCORE_IS_EXITING(vc)) {
4407             kvmppc_create_dtl_entry(vcpu, vc);
4408             kvmppc_start_thread(vcpu, vc);
4409             trace_kvm_guest_enter(vcpu);
4410         } else if (vc->vcore_state == VCORE_SLEEPING) {
4411                 rcuwait_wake_up(&vc->wait);
4412         }
4413
4414     }
4415
4416     while (vcpu->arch.state == KVMPPC_VCPU_RUNNABLE &&
4417            !signal_pending(current)) {
4418         /* See if the MMU is ready to go */
4419         if (!vcpu->kvm->arch.mmu_ready) {
4420             spin_unlock(&vc->lock);
4421             r = kvmhv_setup_mmu(vcpu);
4422             spin_lock(&vc->lock);
4423             if (r) {
4424                 run->exit_reason = KVM_EXIT_FAIL_ENTRY;
4425                 run->fail_entry.
4426                     hardware_entry_failure_reason = 0;
4427                 vcpu->arch.ret = r;
4428                 break;
4429             }
4430         }
4431
4432         if (vc->vcore_state == VCORE_PREEMPT && vc->runner == NULL)
4433             kvmppc_vcore_end_preempt(vc);
4434
4435         if (vc->vcore_state != VCORE_INACTIVE) {
4436             kvmppc_wait_for_exec(vc, vcpu, TASK_INTERRUPTIBLE);
4437             continue;
4438         }
4439         for_each_runnable_thread(i, v, vc) {
4440             kvmppc_core_prepare_to_enter(v);
4441             if (signal_pending(v->arch.run_task)) {
4442                 kvmppc_remove_runnable(vc, v, mftb());
4443                 v->stat.signal_exits++;
4444                 v->run->exit_reason = KVM_EXIT_INTR;
4445                 v->arch.ret = -EINTR;
4446                 wake_up(&v->arch.cpu_run);
4447             }
4448         }
4449         if (!vc->n_runnable || vcpu->arch.state != KVMPPC_VCPU_RUNNABLE)
4450             break;
4451         n_ceded = 0;
4452         for_each_runnable_thread(i, v, vc) {
4453             if (!kvmppc_vcpu_woken(v))
4454                 n_ceded += v->arch.ceded;
4455             else
4456                 v->arch.ceded = 0;
4457         }
4458         vc->runner = vcpu;
4459         if (n_ceded == vc->n_runnable) {
4460             kvmppc_vcore_blocked(vc);
4461         } else if (need_resched()) {
4462             kvmppc_vcore_preempt(vc);
4463             /* Let something else run */
4464             cond_resched_lock(&vc->lock);
4465             if (vc->vcore_state == VCORE_PREEMPT)
4466                 kvmppc_vcore_end_preempt(vc);
4467         } else {
4468             kvmppc_run_core(vc);
4469         }
4470         vc->runner = NULL;
4471     }
4472
4473     while (vcpu->arch.state == KVMPPC_VCPU_RUNNABLE &&
4474            (vc->vcore_state == VCORE_RUNNING ||
4475         vc->vcore_state == VCORE_EXITING ||
4476         vc->vcore_state == VCORE_PIGGYBACK))
4477         kvmppc_wait_for_exec(vc, vcpu, TASK_UNINTERRUPTIBLE);
4478
4479     if (vc->vcore_state == VCORE_PREEMPT && vc->runner == NULL)
4480         kvmppc_vcore_end_preempt(vc);
4481
4482     if (vcpu->arch.state == KVMPPC_VCPU_RUNNABLE) {
4483         kvmppc_remove_runnable(vc, vcpu, mftb());
4484         vcpu->stat.signal_exits++;
4485         run->exit_reason = KVM_EXIT_INTR;
4486         vcpu->arch.ret = -EINTR;
4487     }
4488
4489     if (vc->n_runnable && vc->vcore_state == VCORE_INACTIVE) {
4490         /* Wake up some vcpu to run the core */
4491         i = -1;
4492         v = next_runnable_thread(vc, &i);
4493         wake_up(&v->arch.cpu_run);
4494     }
4495
4496     trace_kvmppc_run_vcpu_exit(vcpu);
4497     spin_unlock(&vc->lock);
4498     return vcpu->arch.ret;
4499 }
4500
4501 int kvmhv_run_single_vcpu(struct kvm_vcpu *vcpu, u64 time_limit,
4502               unsigned long lpcr)
4503 {
4504     struct rcuwait *wait = kvm_arch_vcpu_get_wait(vcpu);
4505     struct kvm_run *run = vcpu->run;
4506     int trap, r, pcpu;
4507     int srcu_idx;
4508     struct kvmppc_vcore *vc;
4509     struct kvm *kvm = vcpu->kvm;
4510     struct kvm_nested_guest *nested = vcpu->arch.nested;
4511     unsigned long flags;
4512     u64 tb;
4513
4514     trace_kvmppc_run_vcpu_enter(vcpu);
4515
4516     run->exit_reason = 0;
4517     vcpu->arch.ret = RESUME_GUEST;
4518     vcpu->arch.trap = 0;
4519
4520     vc = vcpu->arch.vcore;
4521     vcpu->arch.ceded = 0;
4522     vcpu->arch.run_task = current;
4523     vcpu->arch.state = KVMPPC_VCPU_RUNNABLE;
4524     vcpu->arch.last_inst = KVM_INST_FETCH_FAILED;
4525
4526     /* See if the MMU is ready to go */
4527     if (unlikely(!kvm->arch.mmu_ready)) {
4528         r = kvmhv_setup_mmu(vcpu);
4529         if (r) {
4530             run->exit_reason = KVM_EXIT_FAIL_ENTRY;
4531             run->fail_entry.hardware_entry_failure_reason = 0;
4532             vcpu->arch.ret = r;
4533             return r;
4534         }
4535     }
4536
4537     if (need_resched())
4538         cond_resched();
4539
4540     kvmppc_update_vpas(vcpu);
4541
4542     preempt_disable();
4543     pcpu = smp_processor_id();
4544     if (kvm_is_radix(kvm))
4545         kvmppc_prepare_radix_vcpu(vcpu, pcpu);
4546
4547     /* flags save not required, but irq_pmu has no disable/enable API */
4548     powerpc_local_irq_pmu_save(flags);
4549
4550     if (signal_pending(current))
4551         goto sigpend;
4552     if (need_resched() || !kvm->arch.mmu_ready)
4553         goto out;
4554
4555     vcpu->cpu = pcpu;
4556     vcpu->arch.thread_cpu = pcpu;
4557     vc->pcpu = pcpu;
4558     local_paca->kvm_hstate.kvm_vcpu = vcpu;
4559     local_paca->kvm_hstate.ptid = 0;
4560     local_paca->kvm_hstate.fake_suspend = 0;
4561
4562     /*
4563      * Orders set cpu/thread_cpu vs testing for pending interrupts and
4564      * doorbells below. The other side is when these fields are set vs
4565      * kvmppc_fast_vcpu_kick_hv reading the cpu/thread_cpu fields to
4566      * kick a vCPU to notice the pending interrupt.
4567      */
4568     smp_mb();
4569
4570     if (!nested) {
4571         kvmppc_core_prepare_to_enter(vcpu);
4572         if (vcpu->arch.shregs.msr & MSR_EE) {
4573             if (xive_interrupt_pending(vcpu))
4574                 kvmppc_inject_interrupt_hv(vcpu,
4575                         BOOK3S_INTERRUPT_EXTERNAL, 0);
4576         } else if (test_bit(BOOK3S_IRQPRIO_EXTERNAL,
4577                  &vcpu->arch.pending_exceptions)) {
4578             lpcr |= LPCR_MER;
4579         }
4580     } else if (vcpu->arch.pending_exceptions ||
4581            vcpu->arch.doorbell_request ||
4582            xive_interrupt_pending(vcpu)) {
4583         vcpu->arch.ret = RESUME_HOST;
4584         goto out;
4585     }
4586
4587     if (vcpu->arch.timer_running) {
4588         hrtimer_try_to_cancel(&vcpu->arch.dec_timer);
4589         vcpu->arch.timer_running = 0;
4590     }
4591
4592     tb = mftb();
4593
4594     __kvmppc_create_dtl_entry(vcpu, pcpu, tb + vc->tb_offset, 0);
4595
4596     trace_kvm_guest_enter(vcpu);
4597
4598     guest_enter_irqoff();
4599
4600     srcu_idx = srcu_read_lock(&kvm->srcu);
4601
4602     this_cpu_disable_ftrace();
4603
4604     /* Tell lockdep that we're about to enable interrupts */
4605     trace_hardirqs_on();
4606
4607     trap = kvmhv_p9_guest_entry(vcpu, time_limit, lpcr, &tb);
4608     vcpu->arch.trap = trap;
4609
4610     trace_hardirqs_off();
4611
4612     this_cpu_enable_ftrace();
4613
4614     srcu_read_unlock(&kvm->srcu, srcu_idx);
4615
4616     set_irq_happened(trap);
4617
4618     context_tracking_guest_exit();
4619     if (!vtime_accounting_enabled_this_cpu()) {
4620         local_irq_enable();
4621         /*
4622          * Service IRQs here before vtime_account_guest_exit() so any
4623          * ticks that occurred while running the guest are accounted to
4624          * the guest. If vtime accounting is enabled, accounting uses
4625          * TB rather than ticks, so it can be done without enabling
4626          * interrupts here, which has the problem that it accounts
4627          * interrupt processing overhead to the host.
4628          */
4629         local_irq_disable();
4630     }
4631     vtime_account_guest_exit();
4632
4633     vcpu->cpu = -1;
4634     vcpu->arch.thread_cpu = -1;
4635
4636     powerpc_local_irq_pmu_restore(flags);
4637
4638     preempt_enable();
4639
4640     /*
4641      * cancel pending decrementer exception if DEC is now positive, or if
4642      * entering a nested guest in which case the decrementer is now owned
4643      * by L2 and the L1 decrementer is provided in hdec_expires
4644      */
4645     if (kvmppc_core_pending_dec(vcpu) &&
4646             ((tb < kvmppc_dec_expires_host_tb(vcpu)) ||
4647              (trap == BOOK3S_INTERRUPT_SYSCALL &&
4648               kvmppc_get_gpr(vcpu, 3) == H_ENTER_NESTED)))
4649         kvmppc_core_dequeue_dec(vcpu);
4650
4651     trace_kvm_guest_exit(vcpu);
4652     r = RESUME_GUEST;
4653     if (trap) {
4654         if (!nested)
4655             r = kvmppc_handle_exit_hv(vcpu, current);
4656         else
4657             r = kvmppc_handle_nested_exit(vcpu);
4658     }
4659     vcpu->arch.ret = r;
4660
4661     if (is_kvmppc_resume_guest(r) && !kvmppc_vcpu_check_block(vcpu)) {
4662         kvmppc_set_timer(vcpu);
4663
4664         prepare_to_rcuwait(wait);
4665         for (;;) {
4666             set_current_state(TASK_INTERRUPTIBLE);
4667             if (signal_pending(current)) {
4668                 vcpu->stat.signal_exits++;
4669                 run->exit_reason = KVM_EXIT_INTR;
4670                 vcpu->arch.ret = -EINTR;
4671                 break;
4672             }
4673
4674             if (kvmppc_vcpu_check_block(vcpu))
4675                 break;
4676
4677             trace_kvmppc_vcore_blocked(vcpu, 0);
4678             schedule();
4679             trace_kvmppc_vcore_blocked(vcpu, 1);
4680         }
4681         finish_rcuwait(wait);
4682     }
4683     vcpu->arch.ceded = 0;
4684
4685  done:
4686     trace_kvmppc_run_vcpu_exit(vcpu);
4687
4688     return vcpu->arch.ret;
4689
4690  sigpend:
4691     vcpu->stat.signal_exits++;
4692     run->exit_reason = KVM_EXIT_INTR;
4693     vcpu->arch.ret = -EINTR;
4694  out:
4695     vcpu->cpu = -1;
4696     vcpu->arch.thread_cpu = -1;
4697     powerpc_local_irq_pmu_restore(flags);
4698     preempt_enable();
4699     goto done;
4700 }
4701
4702 static int kvmppc_vcpu_run_hv(struct kvm_vcpu *vcpu)
4703 {
4704     struct kvm_run *run = vcpu->run;
4705     int r;
4706     int srcu_idx;
4707     struct kvm *kvm;
4708     unsigned long msr;
4709
4710     start_timing(vcpu, &vcpu->arch.vcpu_entry);
4711
4712     if (!vcpu->arch.sane) {
4713         run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
4714         return -EINVAL;
4715     }
4716
4717     /* No need to go into the guest when all we'll do is come back out */
4718     if (signal_pending(current)) {
4719         run->exit_reason = KVM_EXIT_INTR;
4720         return -EINTR;
4721     }
4722
4723 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
4724     /*
4725      * Don't allow entry with a suspended transaction, because
4726      * the guest entry/exit code will lose it.
4727      */
4728     if (cpu_has_feature(CPU_FTR_TM) && current->thread.regs &&
4729         (current->thread.regs->msr & MSR_TM)) {
4730         if (MSR_TM_ACTIVE(current->thread.regs->msr)) {
4731             run->exit_reason = KVM_EXIT_FAIL_ENTRY;
4732             run->fail_entry.hardware_entry_failure_reason = 0;
4733             return -EINVAL;
4734         }
4735     }
4736 #endif
4737
4738     /*
4739      * Force online to 1 for the sake of old userspace which doesn't
4740      * set it.
4741      */
4742     if (!vcpu->arch.online) {
4743         atomic_inc(&vcpu->arch.vcore->online_count);
4744         vcpu->arch.online = 1;
4745     }
4746
4747     kvmppc_core_prepare_to_enter(vcpu);
4748
4749     kvm = vcpu->kvm;
4750     atomic_inc(&kvm->arch.vcpus_running);
4751     /* Order vcpus_running vs. mmu_ready, see kvmppc_alloc_reset_hpt */
4752     smp_mb();
4753
4754     msr = 0;
4755     if (IS_ENABLED(CONFIG_PPC_FPU))
4756         msr |= MSR_FP;
4757     if (cpu_has_feature(CPU_FTR_ALTIVEC))
4758         msr |= MSR_VEC;
4759     if (cpu_has_feature(CPU_FTR_VSX))
4760         msr |= MSR_VSX;
4761     if ((cpu_has_feature(CPU_FTR_TM) ||
4762         cpu_has_feature(CPU_FTR_P9_TM_HV_ASSIST)) &&
4763             (vcpu->arch.hfscr & HFSCR_TM))
4764         msr |= MSR_TM;
4765     msr = msr_check_and_set(msr);
4766
4767     kvmppc_save_user_regs();
4768
4769     kvmppc_save_current_sprs();
4770
4771     if (!cpu_has_feature(CPU_FTR_ARCH_300))
4772         vcpu->arch.waitp = &vcpu->arch.vcore->wait;
4773     vcpu->arch.pgdir = kvm->mm->pgd;
4774     vcpu->arch.state = KVMPPC_VCPU_BUSY_IN_HOST;
4775
4776     do {
4777         accumulate_time(vcpu, &vcpu->arch.guest_entry);
4778         if (cpu_has_feature(CPU_FTR_ARCH_300))
4779             r = kvmhv_run_single_vcpu(vcpu, ~(u64)0,
4780                           vcpu->arch.vcore->lpcr);
4781         else
4782             r = kvmppc_run_vcpu(vcpu);
4783
4784         if (run->exit_reason == KVM_EXIT_PAPR_HCALL) {
4785             accumulate_time(vcpu, &vcpu->arch.hcall);
4786
4787             if (WARN_ON_ONCE(vcpu->arch.shregs.msr & MSR_PR)) {
4788                 /*
4789                  * These should have been caught reflected
4790                  * into the guest by now. Final sanity check:
4791                  * don't allow userspace to execute hcalls in
4792                  * the hypervisor.
4793                  */
4794                 r = RESUME_GUEST;
4795                 continue;
4796             }
4797             trace_kvm_hcall_enter(vcpu);
4798             r = kvmppc_pseries_do_hcall(vcpu);
4799             trace_kvm_hcall_exit(vcpu, r);
4800             kvmppc_core_prepare_to_enter(vcpu);
4801         } else if (r == RESUME_PAGE_FAULT) {
4802             accumulate_time(vcpu, &vcpu->arch.pg_fault);
4803             srcu_idx = srcu_read_lock(&kvm->srcu);
4804             r = kvmppc_book3s_hv_page_fault(vcpu,
4805                 vcpu->arch.fault_dar, vcpu->arch.fault_dsisr);
4806             srcu_read_unlock(&kvm->srcu, srcu_idx);
4807         } else if (r == RESUME_PASSTHROUGH) {
4808             if (WARN_ON(xics_on_xive()))
4809                 r = H_SUCCESS;
4810             else
4811                 r = kvmppc_xics_rm_complete(vcpu, 0);
4812         }
4813     } while (is_kvmppc_resume_guest(r));
4814     accumulate_time(vcpu, &vcpu->arch.vcpu_exit);
4815
4816     vcpu->arch.state = KVMPPC_VCPU_NOTREADY;
4817     atomic_dec(&kvm->arch.vcpus_running);
4818
4819     srr_regs_clobbered();
4820
4821     end_timing(vcpu);
4822
4823     return r;
4824 }
4825
4826 static void kvmppc_add_seg_page_size(struct kvm_ppc_one_seg_page_size **sps,
4827                      int shift, int sllp)
4828 {
4829     (*sps)->page_shift = shift;
4830     (*sps)->slb_enc = sllp;
4831     (*sps)->enc[0].page_shift = shift;
4832     (*sps)->enc[0].pte_enc = kvmppc_pgsize_lp_encoding(shift, shift);
4833     /*
4834      * Add 16MB MPSS support (may get filtered out by userspace)
4835      */
4836     if (shift != 24) {
4837         int penc = kvmppc_pgsize_lp_encoding(shift, 24);
4838         if (penc != -1) {
4839             (*sps)->enc[1].page_shift = 24;
4840             (*sps)->enc[1].pte_enc = penc;
4841         }
4842     }
4843     (*sps)++;
4844 }
4845
4846 static int kvm_vm_ioctl_get_smmu_info_hv(struct kvm *kvm,
4847                      struct kvm_ppc_smmu_info *info)
4848 {
4849     struct kvm_ppc_one_seg_page_size *sps;
4850
4851     /*
4852      * POWER7, POWER8 and POWER9 all support 32 storage keys for data.
4853      * POWER7 doesn't support keys for instruction accesses,
4854      * POWER8 and POWER9 do.
4855      */
4856     info->data_keys = 32;
4857     info->instr_keys = cpu_has_feature(CPU_FTR_ARCH_207S) ? 32 : 0;
4858
4859     /* POWER7, 8 and 9 all have 1T segments and 32-entry SLB */
4860     info->flags = KVM_PPC_PAGE_SIZES_REAL | KVM_PPC_1T_SEGMENTS;
4861     info->slb_size = 32;
4862
4863     /* We only support these sizes for now, and no muti-size segments */
4864     sps = &info->sps[0];
4865     kvmppc_add_seg_page_size(&sps, 12, 0);
4866     kvmppc_add_seg_page_size(&sps, 16, SLB_VSID_L | SLB_VSID_LP_01);
4867     kvmppc_add_seg_page_size(&sps, 24, SLB_VSID_L);
4868
4869     /* If running as a nested hypervisor, we don't support HPT guests */
4870     if (kvmhv_on_pseries())
4871         info->flags |= KVM_PPC_NO_HASH;
4872
4873     return 0;
4874 }
4875
4876 /*
4877  * Get (and clear) the dirty memory log for a memory slot.
4878  */
4879 static int kvm_vm_ioctl_get_dirty_log_hv(struct kvm *kvm,
4880                      struct kvm_dirty_log *log)
4881 {
4882     struct kvm_memslots *slots;
4883     struct kvm_memory_slot *memslot;
4884     int r;
4885     unsigned long n, i;
4886     unsigned long *buf, *p;
4887     struct kvm_vcpu *vcpu;
4888
4889     mutex_lock(&kvm->slots_lock);
4890
4891     r = -EINVAL;
4892     if (log->slot >= KVM_USER_MEM_SLOTS)
4893         goto out;
4894
4895     slots = kvm_memslots(kvm);
4896     memslot = id_to_memslot(slots, log->slot);
4897     r = -ENOENT;
4898     if (!memslot || !memslot->dirty_bitmap)
4899         goto out;
4900
4901     /*
4902      * Use second half of bitmap area because both HPT and radix
4903      * accumulate bits in the first half.
4904      */
4905     n = kvm_dirty_bitmap_bytes(memslot);
4906     buf = memslot->dirty_bitmap + n / sizeof(long);
4907     memset(buf, 0, n);
4908
4909     if (kvm_is_radix(kvm))
4910         r = kvmppc_hv_get_dirty_log_radix(kvm, memslot, buf);
4911     else
4912         r = kvmppc_hv_get_dirty_log_hpt(kvm, memslot, buf);
4913     if (r)
4914         goto out;
4915
4916     /*
4917      * We accumulate dirty bits in the first half of the
4918      * memslot's dirty_bitmap area, for when pages are paged
4919      * out or modified by the host directly.  Pick up these
4920      * bits and add them to the map.
4921      */
4922     p = memslot->dirty_bitmap;
4923     for (i = 0; i < n / sizeof(long); ++i)
4924         buf[i] |= xchg(&p[i], 0);
4925
4926     /* Harvest dirty bits from VPA and DTL updates */
4927     /* Note: we never modify the SLB shadow buffer areas */
4928     kvm_for_each_vcpu(i, vcpu, kvm) {
4929         spin_lock(&vcpu->arch.vpa_update_lock);
4930         kvmppc_harvest_vpa_dirty(&vcpu->arch.vpa, memslot, buf);
4931         kvmppc_harvest_vpa_dirty(&vcpu->arch.dtl, memslot, buf);
4932         spin_unlock(&vcpu->arch.vpa_update_lock);
4933     }
4934
4935     r = -EFAULT;
4936     if (copy_to_user(log->dirty_bitmap, buf, n))
4937         goto out;
4938
4939     r = 0;
4940 out:
4941     mutex_unlock(&kvm->slots_lock);
4942     return r;
4943 }
4944
4945 static void kvmppc_core_free_memslot_hv(struct kvm_memory_slot *slot)
4946 {
4947     vfree(slot->arch.rmap);
4948     slot->arch.rmap = NULL;
4949 }
4950
4951 static int kvmppc_core_prepare_memory_region_hv(struct kvm *kvm,
4952                 const struct kvm_memory_slot *old,
4953                 struct kvm_memory_slot *new,
4954                 enum kvm_mr_change change)
4955 {
4956     if (change == KVM_MR_CREATE) {
4957         unsigned long size = array_size(new->npages, sizeof(*new->arch.rmap));
4958
4959         if ((size >> PAGE_SHIFT) > totalram_pages())
4960             return -ENOMEM;
4961
4962         new->arch.rmap = vzalloc(size);
4963         if (!new->arch.rmap)
4964             return -ENOMEM;
4965     } else if (change != KVM_MR_DELETE) {
4966         new->arch.rmap = old->arch.rmap;
4967     }
4968
4969     return 0;
4970 }
4971
4972 static void kvmppc_core_commit_memory_region_hv(struct kvm *kvm,
4973                 struct kvm_memory_slot *old,
4974                 const struct kvm_memory_slot *new,
4975                 enum kvm_mr_change change)
4976 {
4977     /*
4978      * If we are creating or modifying a memslot, it might make
4979      * some address that was previously cached as emulated
4980      * MMIO be no longer emulated MMIO, so invalidate
4981      * all the caches of emulated MMIO translations.
4982      */
4983     if (change != KVM_MR_DELETE)
4984         atomic64_inc(&kvm->arch.mmio_update);
4985
4986     /*
4987      * For change == KVM_MR_MOVE or KVM_MR_DELETE, higher levels
4988      * have already called kvm_arch_flush_shadow_memslot() to
4989      * flush shadow mappings.  For KVM_MR_CREATE we have no
4990      * previous mappings.  So the only case to handle is
4991      * KVM_MR_FLAGS_ONLY when the KVM_MEM_LOG_DIRTY_PAGES bit
4992      * has been changed.
4993      * For radix guests, we flush on setting KVM_MEM_LOG_DIRTY_PAGES
4994      * to get rid of any THP PTEs in the partition-scoped page tables
4995      * so we can track dirtiness at the page level; we flush when
4996      * clearing KVM_MEM_LOG_DIRTY_PAGES so that we can go back to
4997      * using THP PTEs.
4998      */
4999     if (change == KVM_MR_FLAGS_ONLY && kvm_is_radix(kvm) &&
5000         ((new->flags ^ old->flags) & KVM_MEM_LOG_DIRTY_PAGES))
5001         kvmppc_radix_flush_memslot(kvm, old);
5002     /*
5003      * If UV hasn't yet called H_SVM_INIT_START, don't register memslots.
5004      */
5005     if (!kvm->arch.secure_guest)
5006         return;
5007
5008     switch (change) {
5009     case KVM_MR_CREATE:
5010         /*
5011          * @TODO kvmppc_uvmem_memslot_create() can fail and
5012          * return error. Fix this.
5013          */
5014         kvmppc_uvmem_memslot_create(kvm, new);
5015         break;
5016     case KVM_MR_DELETE:
5017         kvmppc_uvmem_memslot_delete(kvm, old);
5018         break;
5019     default:
5020         /* TODO: Handle KVM_MR_MOVE */
5021         break;
5022     }
5023 }
5024
5025 /*
5026  * Update LPCR values in kvm->arch and in vcores.
5027  * Caller must hold kvm->arch.mmu_setup_lock (for mutual exclusion
5028  * of kvm->arch.lpcr update).
5029  */
5030 void kvmppc_update_lpcr(struct kvm *kvm, unsigned long lpcr, unsigned long mask)
5031 {
5032     long int i;
5033     u32 cores_done = 0;
5034
5035     if ((kvm->arch.lpcr & mask) == lpcr)
5036         return;
5037
5038     kvm->arch.lpcr = (kvm->arch.lpcr & ~mask) | lpcr;
5039
5040     for (i = 0; i < KVM_MAX_VCORES; ++i) {
5041         struct kvmppc_vcore *vc = kvm->arch.vcores[i];
5042         if (!vc)
5043             continue;
5044
5045         spin_lock(&vc->lock);
5046         vc->lpcr = (vc->lpcr & ~mask) | lpcr;
5047         verify_lpcr(kvm, vc->lpcr);
5048         spin_unlock(&vc->lock);
5049         if (++cores_done >= kvm->arch.online_vcores)
5050             break;
5051     }
5052 }
5053
5054 void kvmppc_setup_partition_table(struct kvm *kvm)
5055 {
5056     unsigned long dw0, dw1;
5057
5058     if (!kvm_is_radix(kvm)) {
5059         /* PS field - page size for VRMA */
5060         dw0 = ((kvm->arch.vrma_slb_v & SLB_VSID_L) >> 1) |
5061             ((kvm->arch.vrma_slb_v & SLB_VSID_LP) << 1);
5062         /* HTABSIZE and HTABORG fields */
5063         dw0 |= kvm->arch.sdr1;
5064
5065         /* Second dword as set by userspace */
5066         dw1 = kvm->arch.process_table;
5067     } else {
5068         dw0 = PATB_HR | radix__get_tree_size() |
5069             __pa(kvm->arch.pgtable) | RADIX_PGD_INDEX_SIZE;
5070         dw1 = PATB_GR | kvm->arch.process_table;
5071     }
5072     kvmhv_set_ptbl_entry(kvm->arch.lpid, dw0, dw1);
5073 }
5074
5075 /*
5076  * Set up HPT (hashed page table) and RMA (real-mode area).
5077  * Must be called with kvm->arch.mmu_setup_lock held.
5078  */
5079 static int kvmppc_hv_setup_htab_rma(struct kvm_vcpu *vcpu)
5080 {
5081     int err = 0;
5082     struct kvm *kvm = vcpu->kvm;
5083     unsigned long hva;
5084     struct kvm_memory_slot *memslot;
5085     struct vm_area_struct *vma;
5086     unsigned long lpcr = 0, senc;
5087     unsigned long psize, porder;
5088     int srcu_idx;
5089
5090     /* Allocate hashed page table (if not done already) and reset it */
5091     if (!kvm->arch.hpt.virt) {
5092         int order = KVM_DEFAULT_HPT_ORDER;
5093         struct kvm_hpt_info info;
5094
5095         err = kvmppc_allocate_hpt(&info, order);
5096         /* If we get here, it means userspace didn't specify a
5097          * size explicitly.  So, try successively smaller
5098          * sizes if the default failed. */
5099         while ((err == -ENOMEM) && --order >= PPC_MIN_HPT_ORDER)
5100             err  = kvmppc_allocate_hpt(&info, order);
5101
5102         if (err < 0) {
5103             pr_err("KVM: Couldn't alloc HPT\n");
5104             goto out;
5105         }
5106
5107         kvmppc_set_hpt(kvm, &info);
5108     }
5109
5110     /* Look up the memslot for guest physical address 0 */
5111     srcu_idx = srcu_read_lock(&kvm->srcu);
5112     memslot = gfn_to_memslot(kvm, 0);
5113
5114     /* We must have some memory at 0 by now */
5115     err = -EINVAL;
5116     if (!memslot || (memslot->flags & KVM_MEMSLOT_INVALID))
5117         goto out_srcu;
5118
5119     /* Look up the VMA for the start of this memory slot */
5120     hva = memslot->userspace_addr;
5121     mmap_read_lock(kvm->mm);
5122     vma = vma_lookup(kvm->mm, hva);
5123     if (!vma || (vma->vm_flags & VM_IO))
5124         goto up_out;
5125
5126     psize = vma_kernel_pagesize(vma);
5127
5128     mmap_read_unlock(kvm->mm);
5129
5130     /* We can handle 4k, 64k or 16M pages in the VRMA */
5131     if (psize >= 0x1000000)
5132         psize = 0x1000000;
5133     else if (psize >= 0x10000)
5134         psize = 0x10000;
5135     else
5136         psize = 0x1000;
5137     porder = __ilog2(psize);
5138
5139     senc = slb_pgsize_encoding(psize);
5140     kvm->arch.vrma_slb_v = senc | SLB_VSID_B_1T |
5141         (VRMA_VSID << SLB_VSID_SHIFT_1T);
5142     /* Create HPTEs in the hash page table for the VRMA */
5143     kvmppc_map_vrma(vcpu, memslot, porder);
5144
5145     /* Update VRMASD field in the LPCR */
5146     if (!cpu_has_feature(CPU_FTR_ARCH_300)) {
5147         /* the -4 is to account for senc values starting at 0x10 */
5148         lpcr = senc << (LPCR_VRMASD_SH - 4);
5149         kvmppc_update_lpcr(kvm, lpcr, LPCR_VRMASD);
5150     }
5151
5152     /* Order updates to kvm->arch.lpcr etc. vs. mmu_ready */
5153     smp_wmb();
5154     err = 0;
5155  out_srcu:
5156     srcu_read_unlock(&kvm->srcu, srcu_idx);
5157  out:
5158     return err;
5159
5160  up_out:
5161     mmap_read_unlock(kvm->mm);
5162     goto out_srcu;
5163 }
5164
5165 /*
5166  * Must be called with kvm->arch.mmu_setup_lock held and
5167  * mmu_ready = 0 and no vcpus running.
5168  */
5169 int kvmppc_switch_mmu_to_hpt(struct kvm *kvm)
5170 {
5171     unsigned long lpcr, lpcr_mask;
5172
5173     if (nesting_enabled(kvm))
5174         kvmhv_release_all_nested(kvm);
5175     kvmppc_rmap_reset(kvm);
5176     kvm->arch.process_table = 0;
5177     /* Mutual exclusion with kvm_unmap_gfn_range etc. */
5178     spin_lock(&kvm->mmu_lock);
5179     kvm->arch.radix = 0;
5180     spin_unlock(&kvm->mmu_lock);
5181     kvmppc_free_radix(kvm);
5182
5183     lpcr = LPCR_VPM1;
5184     lpcr_mask = LPCR_VPM1 | LPCR_UPRT | LPCR_GTSE | LPCR_HR;
5185     if (cpu_has_feature(CPU_FTR_ARCH_31))
5186         lpcr_mask |= LPCR_HAIL;
5187     kvmppc_update_lpcr(kvm, lpcr, lpcr_mask);
5188
5189     return 0;
5190 }
5191
5192 /*
5193  * Must be called with kvm->arch.mmu_setup_lock held and
5194  * mmu_ready = 0 and no vcpus running.
5195  */
5196 int kvmppc_switch_mmu_to_radix(struct kvm *kvm)
5197 {
5198     unsigned long lpcr, lpcr_mask;
5199     int err;
5200
5201     err = kvmppc_init_vm_radix(kvm);
5202     if (err)
5203         return err;
5204     kvmppc_rmap_reset(kvm);
5205     /* Mutual exclusion with kvm_unmap_gfn_range etc. */
5206     spin_lock(&kvm->mmu_lock);
5207     kvm->arch.radix = 1;
5208     spin_unlock(&kvm->mmu_lock);
5209     kvmppc_free_hpt(&kvm->arch.hpt);
5210
5211     lpcr = LPCR_UPRT | LPCR_GTSE | LPCR_HR;
5212     lpcr_mask = LPCR_VPM1 | LPCR_UPRT | LPCR_GTSE | LPCR_HR;
5213     if (cpu_has_feature(CPU_FTR_ARCH_31)) {
5214         lpcr_mask |= LPCR_HAIL;
5215         if (cpu_has_feature(CPU_FTR_HVMODE) &&
5216                 (kvm->arch.host_lpcr & LPCR_HAIL))
5217             lpcr |= LPCR_HAIL;
5218     }
5219     kvmppc_update_lpcr(kvm, lpcr, lpcr_mask);
5220
5221     return 0;
5222 }
5223
5224 #ifdef CONFIG_KVM_XICS
5225 /*
5226  * Allocate a per-core structure for managing state about which cores are
5227  * running in the host versus the guest and for exchanging data between
5228  * real mode KVM and CPU running in the host.
5229  * This is only done for the first VM.
5230  * The allocated structure stays even if all VMs have stopped.
5231  * It is only freed when the kvm-hv module is unloaded.
5232  * It's OK for this routine to fail, we just don't support host
5233  * core operations like redirecting H_IPI wakeups.
5234  */
5235 void kvmppc_alloc_host_rm_ops(void)
5236 {
5237     struct kvmppc_host_rm_ops *ops;
5238     unsigned long l_ops;
5239     int cpu, core;
5240     int size;
5241
5242     if (cpu_has_feature(CPU_FTR_ARCH_300))
5243         return;
5244
5245     /* Not the first time here ? */
5246     if (kvmppc_host_rm_ops_hv != NULL)
5247         return;
5248
5249     ops = kzalloc(sizeof(struct kvmppc_host_rm_ops), GFP_KERNEL);
5250     if (!ops)
5251         return;
5252
5253     size = cpu_nr_cores() * sizeof(struct kvmppc_host_rm_core);
5254     ops->rm_core = kzalloc(size, GFP_KERNEL);
5255
5256     if (!ops->rm_core) {
5257         kfree(ops);
5258         return;
5259     }
5260
5261     cpus_read_lock();
5262
5263     for (cpu = 0; cpu < nr_cpu_ids; cpu += threads_per_core) {
5264         if (!cpu_online(cpu))
5265             continue;
5266
5267         core = cpu >> threads_shift;
5268         ops->rm_core[core].rm_state.in_host = 1;
5269     }
5270
5271     ops->vcpu_kick = kvmppc_fast_vcpu_kick_hv;
5272
5273     /*
5274      * Make the contents of the kvmppc_host_rm_ops structure visible
5275      * to other CPUs before we assign it to the global variable.
5276      * Do an atomic assignment (no locks used here), but if someone
5277      * beats us to it, just free our copy and return.
5278      */
5279     smp_wmb();
5280     l_ops = (unsigned long) ops;
5281
5282     if (cmpxchg64((unsigned long *)&kvmppc_host_rm_ops_hv, 0, l_ops)) {
5283         cpus_read_unlock();
5284         kfree(ops->rm_core);
5285         kfree(ops);
5286         return;
5287     }
5288
5289     cpuhp_setup_state_nocalls_cpuslocked(CPUHP_KVM_PPC_BOOK3S_PREPARE,
5290                          "ppc/kvm_book3s:prepare",
5291                          kvmppc_set_host_core,
5292                          kvmppc_clear_host_core);
5293     cpus_read_unlock();
5294 }
5295
5296 void kvmppc_free_host_rm_ops(void)
5297 {
5298     if (kvmppc_host_rm_ops_hv) {
5299         cpuhp_remove_state_nocalls(CPUHP_KVM_PPC_BOOK3S_PREPARE);
5300         kfree(kvmppc_host_rm_ops_hv->rm_core);
5301         kfree(kvmppc_host_rm_ops_hv);
5302         kvmppc_host_rm_ops_hv = NULL;
5303     }
5304 }
5305 #endif
5306
5307 static int kvmppc_core_init_vm_hv(struct kvm *kvm)
5308 {
5309     unsigned long lpcr, lpid;
5310     int ret;
5311
5312     mutex_init(&kvm->arch.uvmem_lock);
5313     INIT_LIST_HEAD(&kvm->arch.uvmem_pfns);
5314     mutex_init(&kvm->arch.mmu_setup_lock);
5315
5316     /* Allocate the guest's logical partition ID */
5317
5318     lpid = kvmppc_alloc_lpid();
5319     if ((long)lpid < 0)
5320         return -ENOMEM;
5321     kvm->arch.lpid = lpid;
5322
5323     kvmppc_alloc_host_rm_ops();
5324
5325     kvmhv_vm_nested_init(kvm);
5326
5327     /*
5328      * Since we don't flush the TLB when tearing down a VM,
5329      * and this lpid might have previously been used,
5330      * make sure we flush on each core before running the new VM.
5331      * On POWER9, the tlbie in mmu_partition_table_set_entry()
5332      * does this flush for us.
5333      */
5334     if (!cpu_has_feature(CPU_FTR_ARCH_300))
5335         cpumask_setall(&kvm->arch.need_tlb_flush);
5336
5337     /* Start out with the default set of hcalls enabled */
5338     memcpy(kvm->arch.enabled_hcalls, default_enabled_hcalls,
5339            sizeof(kvm->arch.enabled_hcalls));
5340
5341     if (!cpu_has_feature(CPU_FTR_ARCH_300))
5342         kvm->arch.host_sdr1 = mfspr(SPRN_SDR1);
5343
5344     /* Init LPCR for virtual RMA mode */
5345     if (cpu_has_feature(CPU_FTR_HVMODE)) {
5346         kvm->arch.host_lpid = mfspr(SPRN_LPID);
5347         kvm->arch.host_lpcr = lpcr = mfspr(SPRN_LPCR);
5348         lpcr &= LPCR_PECE | LPCR_LPES;
5349     } else {
5350         /*
5351          * The L2 LPES mode will be set by the L0 according to whether
5352          * or not it needs to take external interrupts in HV mode.
5353          */
5354         lpcr = 0;
5355     }
5356     lpcr |= (4UL << LPCR_DPFD_SH) | LPCR_HDICE |
5357         LPCR_VPM0 | LPCR_VPM1;
5358     kvm->arch.vrma_slb_v = SLB_VSID_B_1T |
5359         (VRMA_VSID << SLB_VSID_SHIFT_1T);
5360     /* On POWER8 turn on online bit to enable PURR/SPURR */
5361     if (cpu_has_feature(CPU_FTR_ARCH_207S))
5362         lpcr |= LPCR_ONL;
5363     /*
5364      * On POWER9, VPM0 bit is reserved (VPM0=1 behaviour is assumed)
5365      * Set HVICE bit to enable hypervisor virtualization interrupts.
5366      * Set HEIC to prevent OS interrupts to go to hypervisor (should
5367      * be unnecessary but better safe than sorry in case we re-enable
5368      * EE in HV mode with this LPCR still set)
5369      */
5370     if (cpu_has_feature(CPU_FTR_ARCH_300)) {
5371         lpcr &= ~LPCR_VPM0;
5372         lpcr |= LPCR_HVICE | LPCR_HEIC;
5373
5374         /*
5375          * If xive is enabled, we route 0x500 interrupts directly
5376          * to the guest.
5377          */
5378         if (xics_on_xive())
5379             lpcr |= LPCR_LPES;
5380     }
5381
5382     /*
5383      * If the host uses radix, the guest starts out as radix.
5384      */
5385     if (radix_enabled()) {
5386         kvm->arch.radix = 1;
5387         kvm->arch.mmu_ready = 1;
5388         lpcr &= ~LPCR_VPM1;
5389         lpcr |= LPCR_UPRT | LPCR_GTSE | LPCR_HR;
5390         if (cpu_has_feature(CPU_FTR_HVMODE) &&
5391             cpu_has_feature(CPU_FTR_ARCH_31) &&
5392             (kvm->arch.host_lpcr & LPCR_HAIL))
5393             lpcr |= LPCR_HAIL;
5394         ret = kvmppc_init_vm_radix(kvm);
5395         if (ret) {
5396             kvmppc_free_lpid(kvm->arch.lpid);
5397             return ret;
5398         }
5399         kvmppc_setup_partition_table(kvm);
5400     }
5401
5402     verify_lpcr(kvm, lpcr);
5403     kvm->arch.lpcr = lpcr;
5404
5405     /* Initialization for future HPT resizes */
5406     kvm->arch.resize_hpt = NULL;
5407
5408     /*
5409      * Work out how many sets the TLB has, for the use of
5410      * the TLB invalidation loop in book3s_hv_rmhandlers.S.
5411      */
5412     if (cpu_has_feature(CPU_FTR_ARCH_31)) {
5413         /*
5414          * P10 will flush all the congruence class with a single tlbiel
5415          */
5416         kvm->arch.tlb_sets = 1;
5417     } else if (radix_enabled())
5418         kvm->arch.tlb_sets = POWER9_TLB_SETS_RADIX; /* 128 */
5419     else if (cpu_has_feature(CPU_FTR_ARCH_300))
5420         kvm->arch.tlb_sets = POWER9_TLB_SETS_HASH;  /* 256 */
5421     else if (cpu_has_feature(CPU_FTR_ARCH_207S))
5422         kvm->arch.tlb_sets = POWER8_TLB_SETS;       /* 512 */
5423     else
5424         kvm->arch.tlb_sets = POWER7_TLB_SETS;       /* 128 */
5425
5426     /*
5427      * Track that we now have a HV mode VM active. This blocks secondary
5428      * CPU threads from coming online.
5429      */
5430     if (!cpu_has_feature(CPU_FTR_ARCH_300))
5431         kvm_hv_vm_activated();
5432
5433     /*
5434      * Initialize smt_mode depending on processor.
5435      * POWER8 and earlier have to use "strict" threading, where
5436      * all vCPUs in a vcore have to run on the same (sub)core,
5437      * whereas on POWER9 the threads can each run a different
5438      * guest.
5439      */
5440     if (!cpu_has_feature(CPU_FTR_ARCH_300))
5441         kvm->arch.smt_mode = threads_per_subcore;
5442     else
5443         kvm->arch.smt_mode = 1;
5444     kvm->arch.emul_smt_mode = 1;
5445
5446     return 0;
5447 }
5448
5449 static int kvmppc_arch_create_vm_debugfs_hv(struct kvm *kvm)
5450 {
5451     kvmppc_mmu_debugfs_init(kvm);
5452     if (radix_enabled())
5453         kvmhv_radix_debugfs_init(kvm);
5454     return 0;
5455 }
5456
5457 static void kvmppc_free_vcores(struct kvm *kvm)
5458 {
5459     long int i;
5460
5461     for (i = 0; i < KVM_MAX_VCORES; ++i)
5462         kfree(kvm->arch.vcores[i]);
5463     kvm->arch.online_vcores = 0;
5464 }
5465
5466 static void kvmppc_core_destroy_vm_hv(struct kvm *kvm)
5467 {
5468     if (!cpu_has_feature(CPU_FTR_ARCH_300))
5469         kvm_hv_vm_deactivated();
5470
5471     kvmppc_free_vcores(kvm);
5472
5473
5474     if (kvm_is_radix(kvm))
5475         kvmppc_free_radix(kvm);
5476     else
5477         kvmppc_free_hpt(&kvm->arch.hpt);
5478
5479     /* Perform global invalidation and return lpid to the pool */
5480     if (cpu_has_feature(CPU_FTR_ARCH_300)) {
5481         if (nesting_enabled(kvm))
5482             kvmhv_release_all_nested(kvm);
5483         kvm->arch.process_table = 0;
5484         if (kvm->arch.secure_guest)
5485             uv_svm_terminate(kvm->arch.lpid);
5486         kvmhv_set_ptbl_entry(kvm->arch.lpid, 0, 0);
5487     }
5488
5489     kvmppc_free_lpid(kvm->arch.lpid);
5490
5491     kvmppc_free_pimap(kvm);
5492 }
5493
5494 /* We don't need to emulate any privileged instructions or dcbz */
5495 static int kvmppc_core_emulate_op_hv(struct kvm_vcpu *vcpu,
5496                      unsigned int inst, int *advance)
5497 {
5498     return EMULATE_FAIL;
5499 }
5500
5501 static int kvmppc_core_emulate_mtspr_hv(struct kvm_vcpu *vcpu, int sprn,
5502                     ulong spr_val)
5503 {
5504     return EMULATE_FAIL;
5505 }
5506
5507 static int kvmppc_core_emulate_mfspr_hv(struct kvm_vcpu *vcpu, int sprn,
5508                     ulong *spr_val)
5509 {
5510     return EMULATE_FAIL;
5511 }
5512
5513 static int kvmppc_core_check_processor_compat_hv(void)
5514 {
5515     if (cpu_has_feature(CPU_FTR_HVMODE) &&
5516         cpu_has_feature(CPU_FTR_ARCH_206))
5517         return 0;
5518
5519     /* POWER9 in radix mode is capable of being a nested hypervisor. */
5520     if (cpu_has_feature(CPU_FTR_ARCH_300) && radix_enabled())
5521         return 0;
5522
5523     return -EIO;
5524 }
5525
5526 #ifdef CONFIG_KVM_XICS
5527
5528 void kvmppc_free_pimap(struct kvm *kvm)
5529 {
5530     kfree(kvm->arch.pimap);
5531 }
5532
5533 static struct kvmppc_passthru_irqmap *kvmppc_alloc_pimap(void)
5534 {
5535     return kzalloc(sizeof(struct kvmppc_passthru_irqmap), GFP_KERNEL);
5536 }
5537
5538 static int kvmppc_set_passthru_irq(struct kvm *kvm, int host_irq, int guest_gsi)
5539 {
5540     struct irq_desc *desc;
5541     struct kvmppc_irq_map *irq_map;
5542     struct kvmppc_passthru_irqmap *pimap;
5543     struct irq_chip *chip;
5544     int i, rc = 0;
5545     struct irq_data *host_data;
5546
5547     if (!kvm_irq_bypass)
5548         return 1;
5549
5550     desc = irq_to_desc(host_irq);
5551     if (!desc)
5552         return -EIO;
5553
5554     mutex_lock(&kvm->lock);
5555
5556     pimap = kvm->arch.pimap;
5557     if (pimap == NULL) {
5558         /* First call, allocate structure to hold IRQ map */
5559         pimap = kvmppc_alloc_pimap();
5560         if (pimap == NULL) {
5561             mutex_unlock(&kvm->lock);
5562             return -ENOMEM;
5563         }
5564         kvm->arch.pimap = pimap;
5565     }
5566
5567     /*
5568      * For now, we only support interrupts for which the EOI operation
5569      * is an OPAL call followed by a write to XIRR, since that's
5570      * what our real-mode EOI code does, or a XIVE interrupt
5571      */
5572     chip = irq_data_get_irq_chip(&desc->irq_data);
5573     if (!chip || !is_pnv_opal_msi(chip)) {
5574         pr_warn("kvmppc_set_passthru_irq_hv: Could not assign IRQ map for (%d,%d)\n",
5575             host_irq, guest_gsi);
5576         mutex_unlock(&kvm->lock);
5577         return -ENOENT;
5578     }
5579
5580     /*
5581      * See if we already have an entry for this guest IRQ number.
5582      * If it's mapped to a hardware IRQ number, that's an error,
5583      * otherwise re-use this entry.
5584      */
5585     for (i = 0; i < pimap->n_mapped; i++) {
5586         if (guest_gsi == pimap->mapped[i].v_hwirq) {
5587             if (pimap->mapped[i].r_hwirq) {
5588                 mutex_unlock(&kvm->lock);
5589                 return -EINVAL;
5590             }
5591             break;
5592         }
5593     }
5594
5595     if (i == KVMPPC_PIRQ_MAPPED) {
5596         mutex_unlock(&kvm->lock);
5597         return -EAGAIN;     /* table is full */
5598     }
5599
5600     irq_map = &pimap->mapped[i];
5601
5602     irq_map->v_hwirq = guest_gsi;
5603     irq_map->desc = desc;
5604
5605     /*
5606      * Order the above two stores before the next to serialize with
5607      * the KVM real mode handler.
5608      */
5609     smp_wmb();
5610
5611     /*
5612      * The 'host_irq' number is mapped in the PCI-MSI domain but
5613      * the underlying calls, which will EOI the interrupt in real
5614      * mode, need an HW IRQ number mapped in the XICS IRQ domain.
5615      */
5616     host_data = irq_domain_get_irq_data(irq_get_default_host(), host_irq);
5617     irq_map->r_hwirq = (unsigned int)irqd_to_hwirq(host_data);
5618
5619     if (i == pimap->n_mapped)
5620         pimap->n_mapped++;
5621
5622     if (xics_on_xive())
5623         rc = kvmppc_xive_set_mapped(kvm, guest_gsi, host_irq);
5624     else
5625         kvmppc_xics_set_mapped(kvm, guest_gsi, irq_map->r_hwirq);
5626     if (rc)
5627         irq_map->r_hwirq = 0;
5628
5629     mutex_unlock(&kvm->lock);
5630
5631     return 0;
5632 }
5633
5634 static int kvmppc_clr_passthru_irq(struct kvm *kvm, int host_irq, int guest_gsi)
5635 {
5636     struct irq_desc *desc;
5637     struct kvmppc_passthru_irqmap *pimap;
5638     int i, rc = 0;
5639
5640     if (!kvm_irq_bypass)
5641         return 0;
5642
5643     desc = irq_to_desc(host_irq);
5644     if (!desc)
5645         return -EIO;
5646
5647     mutex_lock(&kvm->lock);
5648     if (!kvm->arch.pimap)
5649         goto unlock;
5650
5651     pimap = kvm->arch.pimap;
5652
5653     for (i = 0; i < pimap->n_mapped; i++) {
5654         if (guest_gsi == pimap->mapped[i].v_hwirq)
5655             break;
5656     }
5657
5658     if (i == pimap->n_mapped) {
5659         mutex_unlock(&kvm->lock);
5660         return -ENODEV;
5661     }
5662
5663     if (xics_on_xive())
5664         rc = kvmppc_xive_clr_mapped(kvm, guest_gsi, host_irq);
5665     else
5666         kvmppc_xics_clr_mapped(kvm, guest_gsi, pimap->mapped[i].r_hwirq);
5667
5668     /* invalidate the entry (what to do on error from the above ?) */
5669     pimap->mapped[i].r_hwirq = 0;
5670
5671     /*
5672      * We don't free this structure even when the count goes to
5673      * zero. The structure is freed when we destroy the VM.
5674      */
5675  unlock:
5676     mutex_unlock(&kvm->lock);
5677     return rc;
5678 }
5679
5680 static int kvmppc_irq_bypass_add_producer_hv(struct irq_bypass_consumer *cons,
5681                          struct irq_bypass_producer *prod)
5682 {
5683     int ret = 0;
5684     struct kvm_kernel_irqfd *irqfd =
5685         container_of(cons, struct kvm_kernel_irqfd, consumer);
5686
5687     irqfd->producer = prod;
5688
5689     ret = kvmppc_set_passthru_irq(irqfd->kvm, prod->irq, irqfd->gsi);
5690     if (ret)
5691         pr_info("kvmppc_set_passthru_irq (irq %d, gsi %d) fails: %d\n",
5692             prod->irq, irqfd->gsi, ret);
5693
5694     return ret;
5695 }
5696
5697 static void kvmppc_irq_bypass_del_producer_hv(struct irq_bypass_consumer *cons,
5698                           struct irq_bypass_producer *prod)
5699 {
5700     int ret;
5701     struct kvm_kernel_irqfd *irqfd =
5702         container_of(cons, struct kvm_kernel_irqfd, consumer);
5703
5704     irqfd->producer = NULL;
5705
5706     /*
5707      * When producer of consumer is unregistered, we change back to
5708      * default external interrupt handling mode - KVM real mode
5709      * will switch back to host.
5710      */
5711     ret = kvmppc_clr_passthru_irq(irqfd->kvm, prod->irq, irqfd->gsi);
5712     if (ret)
5713         pr_warn("kvmppc_clr_passthru_irq (irq %d, gsi %d) fails: %d\n",
5714             prod->irq, irqfd->gsi, ret);
5715 }
5716 #endif
5717
5718 static long kvm_arch_vm_ioctl_hv(struct file *filp,
5719                  unsigned int ioctl, unsigned long arg)
5720 {
5721     struct kvm *kvm __maybe_unused = filp->private_data;
5722     void __user *argp = (void __user *)arg;
5723     long r;
5724
5725     switch (ioctl) {
5726
5727     case KVM_PPC_ALLOCATE_HTAB: {
5728         u32 htab_order;
5729
5730         /* If we're a nested hypervisor, we currently only support radix */
5731         if (kvmhv_on_pseries()) {
5732             r = -EOPNOTSUPP;
5733             break;
5734         }
5735
5736         r = -EFAULT;
5737         if (get_user(htab_order, (u32 __user *)argp))
5738             break;
5739         r = kvmppc_alloc_reset_hpt(kvm, htab_order);
5740         if (r)
5741             break;
5742         r = 0;
5743         break;
5744     }
5745
5746     case KVM_PPC_GET_HTAB_FD: {
5747         struct kvm_get_htab_fd ghf;
5748
5749         r = -EFAULT;
5750         if (copy_from_user(&ghf, argp, sizeof(ghf)))
5751             break;
5752         r = kvm_vm_ioctl_get_htab_fd(kvm, &ghf);
5753         break;
5754     }
5755
5756     case KVM_PPC_RESIZE_HPT_PREPARE: {
5757         struct kvm_ppc_resize_hpt rhpt;
5758
5759         r = -EFAULT;
5760         if (copy_from_user(&rhpt, argp, sizeof(rhpt)))
5761             break;
5762
5763         r = kvm_vm_ioctl_resize_hpt_prepare(kvm, &rhpt);
5764         break;
5765     }
5766
5767     case KVM_PPC_RESIZE_HPT_COMMIT: {
5768         struct kvm_ppc_resize_hpt rhpt;
5769
5770         r = -EFAULT;
5771         if (copy_from_user(&rhpt, argp, sizeof(rhpt)))
5772             break;
5773
5774         r = kvm_vm_ioctl_resize_hpt_commit(kvm, &rhpt);
5775         break;
5776     }
5777
5778     default:
5779         r = -ENOTTY;
5780     }
5781
5782     return r;
5783 }
5784
5785 /*
5786  * List of hcall numbers to enable by default.
5787  * For compatibility with old userspace, we enable by default
5788  * all hcalls that were implemented before the hcall-enabling
5789  * facility was added.  Note this list should not include H_RTAS.
5790  */
5791 static unsigned int default_hcall_list[] = {
5792     H_REMOVE,
5793     H_ENTER,
5794     H_READ,
5795     H_PROTECT,
5796     H_BULK_REMOVE,
5797 #ifdef CONFIG_SPAPR_TCE_IOMMU
5798     H_GET_TCE,
5799     H_PUT_TCE,
5800 #endif
5801     H_SET_DABR,
5802     H_SET_XDABR,
5803     H_CEDE,
5804     H_PROD,
5805     H_CONFER,
5806     H_REGISTER_VPA,
5807 #ifdef CONFIG_KVM_XICS
5808     H_EOI,
5809     H_CPPR,
5810     H_IPI,
5811     H_IPOLL,
5812     H_XIRR,
5813     H_XIRR_X,
5814 #endif
5815     0
5816 };
5817
5818 static void init_default_hcalls(void)
5819 {
5820     int i;
5821     unsigned int hcall;
5822
5823     for (i = 0; default_hcall_list[i]; ++i) {
5824         hcall = default_hcall_list[i];
5825         WARN_ON(!kvmppc_hcall_impl_hv(hcall));
5826         __set_bit(hcall / 4, default_enabled_hcalls);
5827     }
5828 }
5829
5830 static int kvmhv_configure_mmu(struct kvm *kvm, struct kvm_ppc_mmuv3_cfg *cfg)
5831 {
5832     unsigned long lpcr;
5833     int radix;
5834     int err;
5835
5836     /* If not on a POWER9, reject it */
5837     if (!cpu_has_feature(CPU_FTR_ARCH_300))
5838         return -ENODEV;
5839
5840     /* If any unknown flags set, reject it */
5841     if (cfg->flags & ~(KVM_PPC_MMUV3_RADIX | KVM_PPC_MMUV3_GTSE))
5842         return -EINVAL;
5843
5844     /* GR (guest radix) bit in process_table field must match */
5845     radix = !!(cfg->flags & KVM_PPC_MMUV3_RADIX);
5846     if (!!(cfg->process_table & PATB_GR) != radix)
5847         return -EINVAL;
5848
5849     /* Process table size field must be reasonable, i.e. <= 24 */
5850     if ((cfg->process_table & PRTS_MASK) > 24)
5851         return -EINVAL;
5852
5853     /* We can change a guest to/from radix now, if the host is radix */
5854     if (radix && !radix_enabled())
5855         return -EINVAL;
5856
5857     /* If we're a nested hypervisor, we currently only support radix */
5858     if (kvmhv_on_pseries() && !radix)
5859         return -EINVAL;
5860
5861     mutex_lock(&kvm->arch.mmu_setup_lock);
5862     if (radix != kvm_is_radix(kvm)) {
5863         if (kvm->arch.mmu_ready) {
5864             kvm->arch.mmu_ready = 0;
5865             /* order mmu_ready vs. vcpus_running */
5866             smp_mb();
5867             if (atomic_read(&kvm->arch.vcpus_running)) {
5868                 kvm->arch.mmu_ready = 1;
5869                 err = -EBUSY;
5870                 goto out_unlock;
5871             }
5872         }
5873         if (radix)
5874             err = kvmppc_switch_mmu_to_radix(kvm);
5875         else
5876             err = kvmppc_switch_mmu_to_hpt(kvm);
5877         if (err)
5878             goto out_unlock;
5879     }
5880
5881     kvm->arch.process_table = cfg->process_table;
5882     kvmppc_setup_partition_table(kvm);
5883
5884     lpcr = (cfg->flags & KVM_PPC_MMUV3_GTSE) ? LPCR_GTSE : 0;
5885     kvmppc_update_lpcr(kvm, lpcr, LPCR_GTSE);
5886     err = 0;
5887
5888  out_unlock:
5889     mutex_unlock(&kvm->arch.mmu_setup_lock);
5890     return err;
5891 }
5892
5893 static int kvmhv_enable_nested(struct kvm *kvm)
5894 {
5895     if (!nested)
5896         return -EPERM;
5897     if (!cpu_has_feature(CPU_FTR_ARCH_300))
5898         return -ENODEV;
5899     if (!radix_enabled())
5900         return -ENODEV;
5901
5902     /* kvm == NULL means the caller is testing if the capability exists */
5903     if (kvm)
5904         kvm->arch.nested_enable = true;
5905     return 0;
5906 }
5907
5908 static int kvmhv_load_from_eaddr(struct kvm_vcpu *vcpu, ulong *eaddr, void *ptr,
5909                  int size)
5910 {
5911     int rc = -EINVAL;
5912
5913     if (kvmhv_vcpu_is_radix(vcpu)) {
5914         rc = kvmhv_copy_from_guest_radix(vcpu, *eaddr, ptr, size);
5915
5916         if (rc > 0)
5917             rc = -EINVAL;
5918     }
5919
5920     /* For now quadrants are the only way to access nested guest memory */
5921     if (rc && vcpu->arch.nested)
5922         rc = -EAGAIN;
5923
5924     return rc;
5925 }
5926
5927 static int kvmhv_store_to_eaddr(struct kvm_vcpu *vcpu, ulong *eaddr, void *ptr,
5928                 int size)
5929 {
5930     int rc = -EINVAL;
5931
5932     if (kvmhv_vcpu_is_radix(vcpu)) {
5933         rc = kvmhv_copy_to_guest_radix(vcpu, *eaddr, ptr, size);
5934
5935         if (rc > 0)
5936             rc = -EINVAL;
5937     }
5938
5939     /* For now quadrants are the only way to access nested guest memory */
5940     if (rc && vcpu->arch.nested)
5941         rc = -EAGAIN;
5942
5943     return rc;
5944 }
5945
5946 static void unpin_vpa_reset(struct kvm *kvm, struct kvmppc_vpa *vpa)
5947 {
5948     unpin_vpa(kvm, vpa);
5949     vpa->gpa = 0;
5950     vpa->pinned_addr = NULL;
5951     vpa->dirty = false;
5952     vpa->update_pending = 0;
5953 }
5954
5955 /*
5956  * Enable a guest to become a secure VM, or test whether
5957  * that could be enabled.
5958  * Called when the KVM_CAP_PPC_SECURE_GUEST capability is
5959  * tested (kvm == NULL) or enabled (kvm != NULL).
5960  */
5961 static int kvmhv_enable_svm(struct kvm *kvm)
5962 {
5963     if (!kvmppc_uvmem_available())
5964         return -EINVAL;
5965     if (kvm)
5966         kvm->arch.svm_enabled = 1;
5967     return 0;
5968 }
5969
5970 /*
5971  *  IOCTL handler to turn off secure mode of guest
5972  *
5973  * - Release all device pages
5974  * - Issue ucall to terminate the guest on the UV side
5975  * - Unpin the VPA pages.
5976  * - Reinit the partition scoped page tables
5977  */
5978 static int kvmhv_svm_off(struct kvm *kvm)
5979 {
5980     struct kvm_vcpu *vcpu;
5981     int mmu_was_ready;
5982     int srcu_idx;
5983     int ret = 0;
5984     unsigned long i;
5985
5986     if (!(kvm->arch.secure_guest & KVMPPC_SECURE_INIT_START))
5987         return ret;
5988
5989     mutex_lock(&kvm->arch.mmu_setup_lock);
5990     mmu_was_ready = kvm->arch.mmu_ready;
5991     if (kvm->arch.mmu_ready) {
5992         kvm->arch.mmu_ready = 0;
5993         /* order mmu_ready vs. vcpus_running */
5994         smp_mb();
5995         if (atomic_read(&kvm->arch.vcpus_running)) {
5996             kvm->arch.mmu_ready = 1;
5997             ret = -EBUSY;
5998             goto out;
5999         }
6000     }
6001
6002     srcu_idx = srcu_read_lock(&kvm->srcu);
6003     for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++) {
6004         struct kvm_memory_slot *memslot;
6005         struct kvm_memslots *slots = __kvm_memslots(kvm, i);
6006         int bkt;
6007
6008         if (!slots)
6009             continue;
6010
6011         kvm_for_each_memslot(memslot, bkt, slots) {
6012             kvmppc_uvmem_drop_pages(memslot, kvm, true);
6013             uv_unregister_mem_slot(kvm->arch.lpid, memslot->id);
6014         }
6015     }
6016     srcu_read_unlock(&kvm->srcu, srcu_idx);
6017
6018     ret = uv_svm_terminate(kvm->arch.lpid);
6019     if (ret != U_SUCCESS) {
6020         ret = -EINVAL;
6021         goto out;
6022     }
6023
6024     /*
6025      * When secure guest is reset, all the guest pages are sent
6026      * to UV via UV_PAGE_IN before the non-boot vcpus get a
6027      * chance to run and unpin their VPA pages. Unpinning of all
6028      * VPA pages is done here explicitly so that VPA pages
6029      * can be migrated to the secure side.
6030      *
6031      * This is required to for the secure SMP guest to reboot
6032      * correctly.
6033      */
6034     kvm_for_each_vcpu(i, vcpu, kvm) {
6035         spin_lock(&vcpu->arch.vpa_update_lock);
6036         unpin_vpa_reset(kvm, &vcpu->arch.dtl);
6037         unpin_vpa_reset(kvm, &vcpu->arch.slb_shadow);
6038         unpin_vpa_reset(kvm, &vcpu->arch.vpa);
6039         spin_unlock(&vcpu->arch.vpa_update_lock);
6040     }
6041
6042     kvmppc_setup_partition_table(kvm);
6043     kvm->arch.secure_guest = 0;
6044     kvm->arch.mmu_ready = mmu_was_ready;
6045 out:
6046     mutex_unlock(&kvm->arch.mmu_setup_lock);
6047     return ret;
6048 }
6049
6050 static int kvmhv_enable_dawr1(struct kvm *kvm)
6051 {
6052     if (!cpu_has_feature(CPU_FTR_DAWR1))
6053         return -ENODEV;
6054
6055     /* kvm == NULL means the caller is testing if the capability exists */
6056     if (kvm)
6057         kvm->arch.dawr1_enabled = true;
6058     return 0;
6059 }
6060
6061 static bool kvmppc_hash_v3_possible(void)
6062 {
6063     if (!cpu_has_feature(CPU_FTR_ARCH_300))
6064         return false;
6065
6066     if (!cpu_has_feature(CPU_FTR_HVMODE))
6067         return false;
6068
6069     /*
6070      * POWER9 chips before version 2.02 can't have some threads in
6071      * HPT mode and some in radix mode on the same core.
6072      */
6073     if (radix_enabled()) {
6074         unsigned int pvr = mfspr(SPRN_PVR);
6075         if ((pvr >> 16) == PVR_POWER9 &&
6076             (((pvr & 0xe000) == 0 && (pvr & 0xfff) < 0x202) ||
6077              ((pvr & 0xe000) == 0x2000 && (pvr & 0xfff) < 0x101)))
6078             return false;
6079     }
6080
6081     return true;
6082 }
6083
6084 static struct kvmppc_ops kvm_ops_hv = {
6085     .get_sregs = kvm_arch_vcpu_ioctl_get_sregs_hv,
6086     .set_sregs = kvm_arch_vcpu_ioctl_set_sregs_hv,
6087     .get_one_reg = kvmppc_get_one_reg_hv,
6088     .set_one_reg = kvmppc_set_one_reg_hv,
6089     .vcpu_load   = kvmppc_core_vcpu_load_hv,
6090     .vcpu_put    = kvmppc_core_vcpu_put_hv,
6091     .inject_interrupt = kvmppc_inject_interrupt_hv,
6092     .set_msr     = kvmppc_set_msr_hv,
6093     .vcpu_run    = kvmppc_vcpu_run_hv,
6094     .vcpu_create = kvmppc_core_vcpu_create_hv,
6095     .vcpu_free   = kvmppc_core_vcpu_free_hv,
6096     .check_requests = kvmppc_core_check_requests_hv,
6097     .get_dirty_log  = kvm_vm_ioctl_get_dirty_log_hv,
6098     .flush_memslot  = kvmppc_core_flush_memslot_hv,
6099     .prepare_memory_region = kvmppc_core_prepare_memory_region_hv,
6100     .commit_memory_region  = kvmppc_core_commit_memory_region_hv,
6101     .unmap_gfn_range = kvm_unmap_gfn_range_hv,
6102     .age_gfn = kvm_age_gfn_hv,
6103     .test_age_gfn = kvm_test_age_gfn_hv,
6104     .set_spte_gfn = kvm_set_spte_gfn_hv,
6105     .free_memslot = kvmppc_core_free_memslot_hv,
6106     .init_vm =  kvmppc_core_init_vm_hv,
6107     .destroy_vm = kvmppc_core_destroy_vm_hv,
6108     .get_smmu_info = kvm_vm_ioctl_get_smmu_info_hv,
6109     .emulate_op = kvmppc_core_emulate_op_hv,
6110     .emulate_mtspr = kvmppc_core_emulate_mtspr_hv,
6111     .emulate_mfspr = kvmppc_core_emulate_mfspr_hv,
6112     .fast_vcpu_kick = kvmppc_fast_vcpu_kick_hv,
6113     .arch_vm_ioctl  = kvm_arch_vm_ioctl_hv,
6114     .hcall_implemented = kvmppc_hcall_impl_hv,
6115 #ifdef CONFIG_KVM_XICS
6116     .irq_bypass_add_producer = kvmppc_irq_bypass_add_producer_hv,
6117     .irq_bypass_del_producer = kvmppc_irq_bypass_del_producer_hv,
6118 #endif
6119     .configure_mmu = kvmhv_configure_mmu,
6120     .get_rmmu_info = kvmhv_get_rmmu_info,
6121     .set_smt_mode = kvmhv_set_smt_mode,
6122     .enable_nested = kvmhv_enable_nested,
6123     .load_from_eaddr = kvmhv_load_from_eaddr,
6124     .store_to_eaddr = kvmhv_store_to_eaddr,
6125     .enable_svm = kvmhv_enable_svm,
6126     .svm_off = kvmhv_svm_off,
6127     .enable_dawr1 = kvmhv_enable_dawr1,
6128     .hash_v3_possible = kvmppc_hash_v3_possible,
6129     .create_vcpu_debugfs = kvmppc_arch_create_vcpu_debugfs_hv,
6130     .create_vm_debugfs = kvmppc_arch_create_vm_debugfs_hv,
6131 };
6132
6133 static int kvm_init_subcore_bitmap(void)
6134 {
6135     int i, j;
6136     int nr_cores = cpu_nr_cores();
6137     struct sibling_subcore_state *sibling_subcore_state;
6138
6139     for (i = 0; i < nr_cores; i++) {
6140         int first_cpu = i * threads_per_core;
6141         int node = cpu_to_node(first_cpu);
6142
6143         /* Ignore if it is already allocated. */
6144         if (paca_ptrs[first_cpu]->sibling_subcore_state)
6145             continue;
6146
6147         sibling_subcore_state =
6148             kzalloc_node(sizeof(struct sibling_subcore_state),
6149                             GFP_KERNEL, node);
6150         if (!sibling_subcore_state)
6151             return -ENOMEM;
6152
6153
6154         for (j = 0; j < threads_per_core; j++) {
6155             int cpu = first_cpu + j;
6156
6157             paca_ptrs[cpu]->sibling_subcore_state =
6158                         sibling_subcore_state;
6159         }
6160     }
6161     return 0;
6162 }
6163
6164 static int kvmppc_radix_possible(void)
6165 {
6166     return cpu_has_feature(CPU_FTR_ARCH_300) && radix_enabled();
6167 }
6168
6169 static int kvmppc_book3s_init_hv(void)
6170 {
6171     int r;
6172
6173     if (!tlbie_capable) {
6174         pr_err("KVM-HV: Host does not support TLBIE\n");
6175         return -ENODEV;
6176     }
6177
6178     /*
6179      * FIXME!! Do we need to check on all cpus ?
6180      */
6181     r = kvmppc_core_check_processor_compat_hv();
6182     if (r < 0)
6183         return -ENODEV;
6184
6185     r = kvmhv_nested_init();
6186     if (r)
6187         return r;
6188
6189     if (!cpu_has_feature(CPU_FTR_ARCH_300)) {
6190         r = kvm_init_subcore_bitmap();
6191         if (r)
6192             goto err;
6193     }
6194
6195     /*
6196      * We need a way of accessing the XICS interrupt controller,
6197      * either directly, via paca_ptrs[cpu]->kvm_hstate.xics_phys, or
6198      * indirectly, via OPAL.
6199      */
6200 #ifdef CONFIG_SMP
6201     if (!xics_on_xive() && !kvmhv_on_pseries() &&
6202         !local_paca->kvm_hstate.xics_phys) {
6203         struct device_node *np;
6204
6205         np = of_find_compatible_node(NULL, NULL, "ibm,opal-intc");
6206         if (!np) {
6207             pr_err("KVM-HV: Cannot determine method for accessing XICS\n");
6208             r = -ENODEV;
6209             goto err;
6210         }
6211         /* presence of intc confirmed - node can be dropped again */
6212         of_node_put(np);
6213     }
6214 #endif
6215
6216     init_default_hcalls();
6217
6218     init_vcore_lists();
6219
6220     r = kvmppc_mmu_hv_init();
6221     if (r)
6222         goto err;
6223
6224     if (kvmppc_radix_possible()) {
6225         r = kvmppc_radix_init();
6226         if (r)
6227             goto err;
6228     }
6229
6230     r = kvmppc_uvmem_init();
6231     if (r < 0) {
6232         pr_err("KVM-HV: kvmppc_uvmem_init failed %d\n", r);
6233         return r;
6234     }
6235
6236     kvm_ops_hv.owner = THIS_MODULE;
6237     kvmppc_hv_ops = &kvm_ops_hv;
6238
6239     return 0;
6240
6241 err:
6242     kvmhv_nested_exit();
6243     kvmppc_radix_exit();
6244
6245     return r;
6246 }
6247
6248 static void kvmppc_book3s_exit_hv(void)
6249 {
6250     kvmppc_uvmem_free();
6251     kvmppc_free_host_rm_ops();
6252     if (kvmppc_radix_possible())
6253         kvmppc_radix_exit();
6254     kvmppc_hv_ops = NULL;
6255     kvmhv_nested_exit();
6256 }
6257
6258 module_init(kvmppc_book3s_init_hv);
6259 module_exit(kvmppc_book3s_exit_hv);
6260 MODULE_LICENSE("GPL");
6261 MODULE_ALIAS_MISCDEV(KVM_MINOR);
6262 MODULE_ALIAS("devname:kvm");