xref: /linux/arch/mips/kernel/branch.c (revision efdbd7345f8836f7495f3ac6ee237d86cb3bb6b0)
1 /*
2  * This file is subject to the terms and conditions of the GNU General Public
3  * License.  See the file "COPYING" in the main directory of this archive
4  * for more details.
5  *
6  * Copyright (C) 1996, 97, 2000, 2001 by Ralf Baechle
7  * Copyright (C) 2001 MIPS Technologies, Inc.
8  */
9 #include <linux/kernel.h>
10 #include <linux/sched.h>
11 #include <linux/signal.h>
12 #include <linux/module.h>
13 #include <asm/branch.h>
14 #include <asm/cpu.h>
15 #include <asm/cpu-features.h>
16 #include <asm/fpu.h>
17 #include <asm/fpu_emulator.h>
18 #include <asm/inst.h>
19 #include <asm/mips-r2-to-r6-emul.h>
20 #include <asm/ptrace.h>
21 #include <asm/uaccess.h>
22 
23 /*
24  * Calculate and return exception PC in case of branch delay slot
25  * for microMIPS and MIPS16e. It does not clear the ISA mode bit.
26  */
27 int __isa_exception_epc(struct pt_regs *regs)
28 {
29 	unsigned short inst;
30 	long epc = regs->cp0_epc;
31 
32 	/* Calculate exception PC in branch delay slot. */
33 	if (__get_user(inst, (u16 __user *) msk_isa16_mode(epc))) {
34 		/* This should never happen because delay slot was checked. */
35 		force_sig(SIGSEGV, current);
36 		return epc;
37 	}
38 	if (cpu_has_mips16) {
39 		union mips16e_instruction inst_mips16e;
40 
41 		inst_mips16e.full = inst;
42 		if (inst_mips16e.ri.opcode == MIPS16e_jal_op)
43 			epc += 4;
44 		else
45 			epc += 2;
46 	} else if (mm_insn_16bit(inst))
47 		epc += 2;
48 	else
49 		epc += 4;
50 
51 	return epc;
52 }
53 
54 /* (microMIPS) Convert 16-bit register encoding to 32-bit register encoding. */
55 static const unsigned int reg16to32map[8] = {16, 17, 2, 3, 4, 5, 6, 7};
56 
57 int __mm_isBranchInstr(struct pt_regs *regs, struct mm_decoded_insn dec_insn,
58 		       unsigned long *contpc)
59 {
60 	union mips_instruction insn = (union mips_instruction)dec_insn.insn;
61 	int bc_false = 0;
62 	unsigned int fcr31;
63 	unsigned int bit;
64 
65 	if (!cpu_has_mmips)
66 		return 0;
67 
68 	switch (insn.mm_i_format.opcode) {
69 	case mm_pool32a_op:
70 		if ((insn.mm_i_format.simmediate & MM_POOL32A_MINOR_MASK) ==
71 		    mm_pool32axf_op) {
72 			switch (insn.mm_i_format.simmediate >>
73 				MM_POOL32A_MINOR_SHIFT) {
74 			case mm_jalr_op:
75 			case mm_jalrhb_op:
76 			case mm_jalrs_op:
77 			case mm_jalrshb_op:
78 				if (insn.mm_i_format.rt != 0)	/* Not mm_jr */
79 					regs->regs[insn.mm_i_format.rt] =
80 						regs->cp0_epc +
81 						dec_insn.pc_inc +
82 						dec_insn.next_pc_inc;
83 				*contpc = regs->regs[insn.mm_i_format.rs];
84 				return 1;
85 			}
86 		}
87 		break;
88 	case mm_pool32i_op:
89 		switch (insn.mm_i_format.rt) {
90 		case mm_bltzals_op:
91 		case mm_bltzal_op:
92 			regs->regs[31] = regs->cp0_epc +
93 				dec_insn.pc_inc +
94 				dec_insn.next_pc_inc;
95 			/* Fall through */
96 		case mm_bltz_op:
97 			if ((long)regs->regs[insn.mm_i_format.rs] < 0)
98 				*contpc = regs->cp0_epc +
99 					dec_insn.pc_inc +
100 					(insn.mm_i_format.simmediate << 1);
101 			else
102 				*contpc = regs->cp0_epc +
103 					dec_insn.pc_inc +
104 					dec_insn.next_pc_inc;
105 			return 1;
106 		case mm_bgezals_op:
107 		case mm_bgezal_op:
108 			regs->regs[31] = regs->cp0_epc +
109 					dec_insn.pc_inc +
110 					dec_insn.next_pc_inc;
111 			/* Fall through */
112 		case mm_bgez_op:
113 			if ((long)regs->regs[insn.mm_i_format.rs] >= 0)
114 				*contpc = regs->cp0_epc +
115 					dec_insn.pc_inc +
116 					(insn.mm_i_format.simmediate << 1);
117 			else
118 				*contpc = regs->cp0_epc +
119 					dec_insn.pc_inc +
120 					dec_insn.next_pc_inc;
121 			return 1;
122 		case mm_blez_op:
123 			if ((long)regs->regs[insn.mm_i_format.rs] <= 0)
124 				*contpc = regs->cp0_epc +
125 					dec_insn.pc_inc +
126 					(insn.mm_i_format.simmediate << 1);
127 			else
128 				*contpc = regs->cp0_epc +
129 					dec_insn.pc_inc +
130 					dec_insn.next_pc_inc;
131 			return 1;
132 		case mm_bgtz_op:
133 			if ((long)regs->regs[insn.mm_i_format.rs] <= 0)
134 				*contpc = regs->cp0_epc +
135 					dec_insn.pc_inc +
136 					(insn.mm_i_format.simmediate << 1);
137 			else
138 				*contpc = regs->cp0_epc +
139 					dec_insn.pc_inc +
140 					dec_insn.next_pc_inc;
141 			return 1;
142 		case mm_bc2f_op:
143 		case mm_bc1f_op:
144 			bc_false = 1;
145 			/* Fall through */
146 		case mm_bc2t_op:
147 		case mm_bc1t_op:
148 			preempt_disable();
149 			if (is_fpu_owner())
150 			        fcr31 = read_32bit_cp1_register(CP1_STATUS);
151 			else
152 				fcr31 = current->thread.fpu.fcr31;
153 			preempt_enable();
154 
155 			if (bc_false)
156 				fcr31 = ~fcr31;
157 
158 			bit = (insn.mm_i_format.rs >> 2);
159 			bit += (bit != 0);
160 			bit += 23;
161 			if (fcr31 & (1 << bit))
162 				*contpc = regs->cp0_epc +
163 					dec_insn.pc_inc +
164 					(insn.mm_i_format.simmediate << 1);
165 			else
166 				*contpc = regs->cp0_epc +
167 					dec_insn.pc_inc + dec_insn.next_pc_inc;
168 			return 1;
169 		}
170 		break;
171 	case mm_pool16c_op:
172 		switch (insn.mm_i_format.rt) {
173 		case mm_jalr16_op:
174 		case mm_jalrs16_op:
175 			regs->regs[31] = regs->cp0_epc +
176 				dec_insn.pc_inc + dec_insn.next_pc_inc;
177 			/* Fall through */
178 		case mm_jr16_op:
179 			*contpc = regs->regs[insn.mm_i_format.rs];
180 			return 1;
181 		}
182 		break;
183 	case mm_beqz16_op:
184 		if ((long)regs->regs[reg16to32map[insn.mm_b1_format.rs]] == 0)
185 			*contpc = regs->cp0_epc +
186 				dec_insn.pc_inc +
187 				(insn.mm_b1_format.simmediate << 1);
188 		else
189 			*contpc = regs->cp0_epc +
190 				dec_insn.pc_inc + dec_insn.next_pc_inc;
191 		return 1;
192 	case mm_bnez16_op:
193 		if ((long)regs->regs[reg16to32map[insn.mm_b1_format.rs]] != 0)
194 			*contpc = regs->cp0_epc +
195 				dec_insn.pc_inc +
196 				(insn.mm_b1_format.simmediate << 1);
197 		else
198 			*contpc = regs->cp0_epc +
199 				dec_insn.pc_inc + dec_insn.next_pc_inc;
200 		return 1;
201 	case mm_b16_op:
202 		*contpc = regs->cp0_epc + dec_insn.pc_inc +
203 			 (insn.mm_b0_format.simmediate << 1);
204 		return 1;
205 	case mm_beq32_op:
206 		if (regs->regs[insn.mm_i_format.rs] ==
207 		    regs->regs[insn.mm_i_format.rt])
208 			*contpc = regs->cp0_epc +
209 				dec_insn.pc_inc +
210 				(insn.mm_i_format.simmediate << 1);
211 		else
212 			*contpc = regs->cp0_epc +
213 				dec_insn.pc_inc +
214 				dec_insn.next_pc_inc;
215 		return 1;
216 	case mm_bne32_op:
217 		if (regs->regs[insn.mm_i_format.rs] !=
218 		    regs->regs[insn.mm_i_format.rt])
219 			*contpc = regs->cp0_epc +
220 				dec_insn.pc_inc +
221 				(insn.mm_i_format.simmediate << 1);
222 		else
223 			*contpc = regs->cp0_epc +
224 				dec_insn.pc_inc + dec_insn.next_pc_inc;
225 		return 1;
226 	case mm_jalx32_op:
227 		regs->regs[31] = regs->cp0_epc +
228 			dec_insn.pc_inc + dec_insn.next_pc_inc;
229 		*contpc = regs->cp0_epc + dec_insn.pc_inc;
230 		*contpc >>= 28;
231 		*contpc <<= 28;
232 		*contpc |= (insn.j_format.target << 2);
233 		return 1;
234 	case mm_jals32_op:
235 	case mm_jal32_op:
236 		regs->regs[31] = regs->cp0_epc +
237 			dec_insn.pc_inc + dec_insn.next_pc_inc;
238 		/* Fall through */
239 	case mm_j32_op:
240 		*contpc = regs->cp0_epc + dec_insn.pc_inc;
241 		*contpc >>= 27;
242 		*contpc <<= 27;
243 		*contpc |= (insn.j_format.target << 1);
244 		set_isa16_mode(*contpc);
245 		return 1;
246 	}
247 	return 0;
248 }
249 
250 /*
251  * Compute return address and emulate branch in microMIPS mode after an
252  * exception only. It does not handle compact branches/jumps and cannot
253  * be used in interrupt context. (Compact branches/jumps do not cause
254  * exceptions.)
255  */
256 int __microMIPS_compute_return_epc(struct pt_regs *regs)
257 {
258 	u16 __user *pc16;
259 	u16 halfword;
260 	unsigned int word;
261 	unsigned long contpc;
262 	struct mm_decoded_insn mminsn = { 0 };
263 
264 	mminsn.micro_mips_mode = 1;
265 
266 	/* This load never faults. */
267 	pc16 = (unsigned short __user *)msk_isa16_mode(regs->cp0_epc);
268 	__get_user(halfword, pc16);
269 	pc16++;
270 	contpc = regs->cp0_epc + 2;
271 	word = ((unsigned int)halfword << 16);
272 	mminsn.pc_inc = 2;
273 
274 	if (!mm_insn_16bit(halfword)) {
275 		__get_user(halfword, pc16);
276 		pc16++;
277 		contpc = regs->cp0_epc + 4;
278 		mminsn.pc_inc = 4;
279 		word |= halfword;
280 	}
281 	mminsn.insn = word;
282 
283 	if (get_user(halfword, pc16))
284 		goto sigsegv;
285 	mminsn.next_pc_inc = 2;
286 	word = ((unsigned int)halfword << 16);
287 
288 	if (!mm_insn_16bit(halfword)) {
289 		pc16++;
290 		if (get_user(halfword, pc16))
291 			goto sigsegv;
292 		mminsn.next_pc_inc = 4;
293 		word |= halfword;
294 	}
295 	mminsn.next_insn = word;
296 
297 	mm_isBranchInstr(regs, mminsn, &contpc);
298 
299 	regs->cp0_epc = contpc;
300 
301 	return 0;
302 
303 sigsegv:
304 	force_sig(SIGSEGV, current);
305 	return -EFAULT;
306 }
307 
308 /*
309  * Compute return address and emulate branch in MIPS16e mode after an
310  * exception only. It does not handle compact branches/jumps and cannot
311  * be used in interrupt context. (Compact branches/jumps do not cause
312  * exceptions.)
313  */
314 int __MIPS16e_compute_return_epc(struct pt_regs *regs)
315 {
316 	u16 __user *addr;
317 	union mips16e_instruction inst;
318 	u16 inst2;
319 	u32 fullinst;
320 	long epc;
321 
322 	epc = regs->cp0_epc;
323 
324 	/* Read the instruction. */
325 	addr = (u16 __user *)msk_isa16_mode(epc);
326 	if (__get_user(inst.full, addr)) {
327 		force_sig(SIGSEGV, current);
328 		return -EFAULT;
329 	}
330 
331 	switch (inst.ri.opcode) {
332 	case MIPS16e_extend_op:
333 		regs->cp0_epc += 4;
334 		return 0;
335 
336 		/*
337 		 *  JAL and JALX in MIPS16e mode
338 		 */
339 	case MIPS16e_jal_op:
340 		addr += 1;
341 		if (__get_user(inst2, addr)) {
342 			force_sig(SIGSEGV, current);
343 			return -EFAULT;
344 		}
345 		fullinst = ((unsigned)inst.full << 16) | inst2;
346 		regs->regs[31] = epc + 6;
347 		epc += 4;
348 		epc >>= 28;
349 		epc <<= 28;
350 		/*
351 		 * JAL:5 X:1 TARGET[20-16]:5 TARGET[25:21]:5 TARGET[15:0]:16
352 		 *
353 		 * ......TARGET[15:0].................TARGET[20:16]...........
354 		 * ......TARGET[25:21]
355 		 */
356 		epc |=
357 		    ((fullinst & 0xffff) << 2) | ((fullinst & 0x3e00000) >> 3) |
358 		    ((fullinst & 0x1f0000) << 7);
359 		if (!inst.jal.x)
360 			set_isa16_mode(epc);	/* Set ISA mode bit. */
361 		regs->cp0_epc = epc;
362 		return 0;
363 
364 		/*
365 		 *  J(AL)R(C)
366 		 */
367 	case MIPS16e_rr_op:
368 		if (inst.rr.func == MIPS16e_jr_func) {
369 
370 			if (inst.rr.ra)
371 				regs->cp0_epc = regs->regs[31];
372 			else
373 				regs->cp0_epc =
374 				    regs->regs[reg16to32[inst.rr.rx]];
375 
376 			if (inst.rr.l) {
377 				if (inst.rr.nd)
378 					regs->regs[31] = epc + 2;
379 				else
380 					regs->regs[31] = epc + 4;
381 			}
382 			return 0;
383 		}
384 		break;
385 	}
386 
387 	/*
388 	 * All other cases have no branch delay slot and are 16-bits.
389 	 * Branches do not cause an exception.
390 	 */
391 	regs->cp0_epc += 2;
392 
393 	return 0;
394 }
395 
396 /**
397  * __compute_return_epc_for_insn - Computes the return address and do emulate
398  *				    branch simulation, if required.
399  *
400  * @regs:	Pointer to pt_regs
401  * @insn:	branch instruction to decode
402  * @returns:	-EFAULT on error and forces SIGBUS, and on success
403  *		returns 0 or BRANCH_LIKELY_TAKEN as appropriate after
404  *		evaluating the branch.
405  *
406  * MIPS R6 Compact branches and forbidden slots:
407  *	Compact branches do not throw exceptions because they do
408  *	not have delay slots. The forbidden slot instruction ($PC+4)
409  *	is only executed if the branch was not taken. Otherwise the
410  *	forbidden slot is skipped entirely. This means that the
411  *	only possible reason to be here because of a MIPS R6 compact
412  *	branch instruction is that the forbidden slot has thrown one.
413  *	In that case the branch was not taken, so the EPC can be safely
414  *	set to EPC + 8.
415  */
416 int __compute_return_epc_for_insn(struct pt_regs *regs,
417 				   union mips_instruction insn)
418 {
419 	unsigned int bit, fcr31, dspcontrol, reg;
420 	long epc = regs->cp0_epc;
421 	int ret = 0;
422 
423 	switch (insn.i_format.opcode) {
424 	/*
425 	 * jr and jalr are in r_format format.
426 	 */
427 	case spec_op:
428 		switch (insn.r_format.func) {
429 		case jalr_op:
430 			regs->regs[insn.r_format.rd] = epc + 8;
431 			/* Fall through */
432 		case jr_op:
433 			if (NO_R6EMU && insn.r_format.func == jr_op)
434 				goto sigill_r6;
435 			regs->cp0_epc = regs->regs[insn.r_format.rs];
436 			break;
437 		}
438 		break;
439 
440 	/*
441 	 * This group contains:
442 	 * bltz_op, bgez_op, bltzl_op, bgezl_op,
443 	 * bltzal_op, bgezal_op, bltzall_op, bgezall_op.
444 	 */
445 	case bcond_op:
446 		switch (insn.i_format.rt) {
447 		case bltzl_op:
448 			if (NO_R6EMU)
449 				goto sigill_r6;
450 		case bltz_op:
451 			if ((long)regs->regs[insn.i_format.rs] < 0) {
452 				epc = epc + 4 + (insn.i_format.simmediate << 2);
453 				if (insn.i_format.rt == bltzl_op)
454 					ret = BRANCH_LIKELY_TAKEN;
455 			} else
456 				epc += 8;
457 			regs->cp0_epc = epc;
458 			break;
459 
460 		case bgezl_op:
461 			if (NO_R6EMU)
462 				goto sigill_r6;
463 		case bgez_op:
464 			if ((long)regs->regs[insn.i_format.rs] >= 0) {
465 				epc = epc + 4 + (insn.i_format.simmediate << 2);
466 				if (insn.i_format.rt == bgezl_op)
467 					ret = BRANCH_LIKELY_TAKEN;
468 			} else
469 				epc += 8;
470 			regs->cp0_epc = epc;
471 			break;
472 
473 		case bltzal_op:
474 		case bltzall_op:
475 			if (NO_R6EMU && (insn.i_format.rs ||
476 			    insn.i_format.rt == bltzall_op)) {
477 				ret = -SIGILL;
478 				break;
479 			}
480 			regs->regs[31] = epc + 8;
481 			/*
482 			 * OK we are here either because we hit a NAL
483 			 * instruction or because we are emulating an
484 			 * old bltzal{,l} one. Lets figure out what the
485 			 * case really is.
486 			 */
487 			if (!insn.i_format.rs) {
488 				/*
489 				 * NAL or BLTZAL with rs == 0
490 				 * Doesn't matter if we are R6 or not. The
491 				 * result is the same
492 				 */
493 				regs->cp0_epc += 4 +
494 					(insn.i_format.simmediate << 2);
495 				break;
496 			}
497 			/* Now do the real thing for non-R6 BLTZAL{,L} */
498 			if ((long)regs->regs[insn.i_format.rs] < 0) {
499 				epc = epc + 4 + (insn.i_format.simmediate << 2);
500 				if (insn.i_format.rt == bltzall_op)
501 					ret = BRANCH_LIKELY_TAKEN;
502 			} else
503 				epc += 8;
504 			regs->cp0_epc = epc;
505 			break;
506 
507 		case bgezal_op:
508 		case bgezall_op:
509 			if (NO_R6EMU && (insn.i_format.rs ||
510 			    insn.i_format.rt == bgezall_op)) {
511 				ret = -SIGILL;
512 				break;
513 			}
514 			regs->regs[31] = epc + 8;
515 			/*
516 			 * OK we are here either because we hit a BAL
517 			 * instruction or because we are emulating an
518 			 * old bgezal{,l} one. Lets figure out what the
519 			 * case really is.
520 			 */
521 			if (!insn.i_format.rs) {
522 				/*
523 				 * BAL or BGEZAL with rs == 0
524 				 * Doesn't matter if we are R6 or not. The
525 				 * result is the same
526 				 */
527 				regs->cp0_epc += 4 +
528 					(insn.i_format.simmediate << 2);
529 				break;
530 			}
531 			/* Now do the real thing for non-R6 BGEZAL{,L} */
532 			if ((long)regs->regs[insn.i_format.rs] >= 0) {
533 				epc = epc + 4 + (insn.i_format.simmediate << 2);
534 				if (insn.i_format.rt == bgezall_op)
535 					ret = BRANCH_LIKELY_TAKEN;
536 			} else
537 				epc += 8;
538 			regs->cp0_epc = epc;
539 			break;
540 
541 		case bposge32_op:
542 			if (!cpu_has_dsp)
543 				goto sigill_dsp;
544 
545 			dspcontrol = rddsp(0x01);
546 
547 			if (dspcontrol >= 32) {
548 				epc = epc + 4 + (insn.i_format.simmediate << 2);
549 			} else
550 				epc += 8;
551 			regs->cp0_epc = epc;
552 			break;
553 		}
554 		break;
555 
556 	/*
557 	 * These are unconditional and in j_format.
558 	 */
559 	case jal_op:
560 		regs->regs[31] = regs->cp0_epc + 8;
561 	case j_op:
562 		epc += 4;
563 		epc >>= 28;
564 		epc <<= 28;
565 		epc |= (insn.j_format.target << 2);
566 		regs->cp0_epc = epc;
567 		if (insn.i_format.opcode == jalx_op)
568 			set_isa16_mode(regs->cp0_epc);
569 		break;
570 
571 	/*
572 	 * These are conditional and in i_format.
573 	 */
574 	case beql_op:
575 		if (NO_R6EMU)
576 			goto sigill_r6;
577 	case beq_op:
578 		if (regs->regs[insn.i_format.rs] ==
579 		    regs->regs[insn.i_format.rt]) {
580 			epc = epc + 4 + (insn.i_format.simmediate << 2);
581 			if (insn.i_format.opcode == beql_op)
582 				ret = BRANCH_LIKELY_TAKEN;
583 		} else
584 			epc += 8;
585 		regs->cp0_epc = epc;
586 		break;
587 
588 	case bnel_op:
589 		if (NO_R6EMU)
590 			goto sigill_r6;
591 	case bne_op:
592 		if (regs->regs[insn.i_format.rs] !=
593 		    regs->regs[insn.i_format.rt]) {
594 			epc = epc + 4 + (insn.i_format.simmediate << 2);
595 			if (insn.i_format.opcode == bnel_op)
596 				ret = BRANCH_LIKELY_TAKEN;
597 		} else
598 			epc += 8;
599 		regs->cp0_epc = epc;
600 		break;
601 
602 	case blezl_op: /* not really i_format */
603 		if (!insn.i_format.rt && NO_R6EMU)
604 			goto sigill_r6;
605 	case blez_op:
606 		/*
607 		 * Compact branches for R6 for the
608 		 * blez and blezl opcodes.
609 		 * BLEZ  | rs = 0 | rt != 0  == BLEZALC
610 		 * BLEZ  | rs = rt != 0      == BGEZALC
611 		 * BLEZ  | rs != 0 | rt != 0 == BGEUC
612 		 * BLEZL | rs = 0 | rt != 0  == BLEZC
613 		 * BLEZL | rs = rt != 0      == BGEZC
614 		 * BLEZL | rs != 0 | rt != 0 == BGEC
615 		 *
616 		 * For real BLEZ{,L}, rt is always 0.
617 		 */
618 
619 		if (cpu_has_mips_r6 && insn.i_format.rt) {
620 			if ((insn.i_format.opcode == blez_op) &&
621 			    ((!insn.i_format.rs && insn.i_format.rt) ||
622 			     (insn.i_format.rs == insn.i_format.rt)))
623 				regs->regs[31] = epc + 4;
624 			regs->cp0_epc += 8;
625 			break;
626 		}
627 		/* rt field assumed to be zero */
628 		if ((long)regs->regs[insn.i_format.rs] <= 0) {
629 			epc = epc + 4 + (insn.i_format.simmediate << 2);
630 			if (insn.i_format.opcode == blezl_op)
631 				ret = BRANCH_LIKELY_TAKEN;
632 		} else
633 			epc += 8;
634 		regs->cp0_epc = epc;
635 		break;
636 
637 	case bgtzl_op:
638 		if (!insn.i_format.rt && NO_R6EMU)
639 			goto sigill_r6;
640 	case bgtz_op:
641 		/*
642 		 * Compact branches for R6 for the
643 		 * bgtz and bgtzl opcodes.
644 		 * BGTZ  | rs = 0 | rt != 0  == BGTZALC
645 		 * BGTZ  | rs = rt != 0      == BLTZALC
646 		 * BGTZ  | rs != 0 | rt != 0 == BLTUC
647 		 * BGTZL | rs = 0 | rt != 0  == BGTZC
648 		 * BGTZL | rs = rt != 0      == BLTZC
649 		 * BGTZL | rs != 0 | rt != 0 == BLTC
650 		 *
651 		 * *ZALC varint for BGTZ &&& rt != 0
652 		 * For real GTZ{,L}, rt is always 0.
653 		 */
654 		if (cpu_has_mips_r6 && insn.i_format.rt) {
655 			if ((insn.i_format.opcode == blez_op) &&
656 			    ((!insn.i_format.rs && insn.i_format.rt) ||
657 			    (insn.i_format.rs == insn.i_format.rt)))
658 				regs->regs[31] = epc + 4;
659 			regs->cp0_epc += 8;
660 			break;
661 		}
662 
663 		/* rt field assumed to be zero */
664 		if ((long)regs->regs[insn.i_format.rs] > 0) {
665 			epc = epc + 4 + (insn.i_format.simmediate << 2);
666 			if (insn.i_format.opcode == bgtzl_op)
667 				ret = BRANCH_LIKELY_TAKEN;
668 		} else
669 			epc += 8;
670 		regs->cp0_epc = epc;
671 		break;
672 
673 	/*
674 	 * And now the FPA/cp1 branch instructions.
675 	 */
676 	case cop1_op:
677 		if (cpu_has_mips_r6 &&
678 		    ((insn.i_format.rs == bc1eqz_op) ||
679 		     (insn.i_format.rs == bc1nez_op))) {
680 			if (!used_math()) { /* First time FPU user */
681 				ret = init_fpu();
682 				if (ret && NO_R6EMU) {
683 					ret = -ret;
684 					break;
685 				}
686 				ret = 0;
687 				set_used_math();
688 			}
689 			lose_fpu(1);    /* Save FPU state for the emulator. */
690 			reg = insn.i_format.rt;
691 			bit = 0;
692 			switch (insn.i_format.rs) {
693 			case bc1eqz_op:
694 				/* Test bit 0 */
695 				if (get_fpr32(&current->thread.fpu.fpr[reg], 0)
696 				    & 0x1)
697 					bit = 1;
698 				break;
699 			case bc1nez_op:
700 				/* Test bit 0 */
701 				if (!(get_fpr32(&current->thread.fpu.fpr[reg], 0)
702 				      & 0x1))
703 					bit = 1;
704 				break;
705 			}
706 			own_fpu(1);
707 			if (bit)
708 				epc = epc + 4 +
709 					(insn.i_format.simmediate << 2);
710 			else
711 				epc += 8;
712 			regs->cp0_epc = epc;
713 
714 			break;
715 		} else {
716 
717 			preempt_disable();
718 			if (is_fpu_owner())
719 			        fcr31 = read_32bit_cp1_register(CP1_STATUS);
720 			else
721 				fcr31 = current->thread.fpu.fcr31;
722 			preempt_enable();
723 
724 			bit = (insn.i_format.rt >> 2);
725 			bit += (bit != 0);
726 			bit += 23;
727 			switch (insn.i_format.rt & 3) {
728 			case 0: /* bc1f */
729 			case 2: /* bc1fl */
730 				if (~fcr31 & (1 << bit)) {
731 					epc = epc + 4 +
732 						(insn.i_format.simmediate << 2);
733 					if (insn.i_format.rt == 2)
734 						ret = BRANCH_LIKELY_TAKEN;
735 				} else
736 					epc += 8;
737 				regs->cp0_epc = epc;
738 				break;
739 
740 			case 1: /* bc1t */
741 			case 3: /* bc1tl */
742 				if (fcr31 & (1 << bit)) {
743 					epc = epc + 4 +
744 						(insn.i_format.simmediate << 2);
745 					if (insn.i_format.rt == 3)
746 						ret = BRANCH_LIKELY_TAKEN;
747 				} else
748 					epc += 8;
749 				regs->cp0_epc = epc;
750 				break;
751 			}
752 			break;
753 		}
754 #ifdef CONFIG_CPU_CAVIUM_OCTEON
755 	case lwc2_op: /* This is bbit0 on Octeon */
756 		if ((regs->regs[insn.i_format.rs] & (1ull<<insn.i_format.rt))
757 		     == 0)
758 			epc = epc + 4 + (insn.i_format.simmediate << 2);
759 		else
760 			epc += 8;
761 		regs->cp0_epc = epc;
762 		break;
763 	case ldc2_op: /* This is bbit032 on Octeon */
764 		if ((regs->regs[insn.i_format.rs] &
765 		    (1ull<<(insn.i_format.rt+32))) == 0)
766 			epc = epc + 4 + (insn.i_format.simmediate << 2);
767 		else
768 			epc += 8;
769 		regs->cp0_epc = epc;
770 		break;
771 	case swc2_op: /* This is bbit1 on Octeon */
772 		if (regs->regs[insn.i_format.rs] & (1ull<<insn.i_format.rt))
773 			epc = epc + 4 + (insn.i_format.simmediate << 2);
774 		else
775 			epc += 8;
776 		regs->cp0_epc = epc;
777 		break;
778 	case sdc2_op: /* This is bbit132 on Octeon */
779 		if (regs->regs[insn.i_format.rs] &
780 		    (1ull<<(insn.i_format.rt+32)))
781 			epc = epc + 4 + (insn.i_format.simmediate << 2);
782 		else
783 			epc += 8;
784 		regs->cp0_epc = epc;
785 		break;
786 #else
787 	case bc6_op:
788 		/* Only valid for MIPS R6 */
789 		if (!cpu_has_mips_r6) {
790 			ret = -SIGILL;
791 			break;
792 		}
793 		regs->cp0_epc += 8;
794 		break;
795 	case balc6_op:
796 		if (!cpu_has_mips_r6) {
797 			ret = -SIGILL;
798 			break;
799 		}
800 		/* Compact branch: BALC */
801 		regs->regs[31] = epc + 4;
802 		epc += 4 + (insn.i_format.simmediate << 2);
803 		regs->cp0_epc = epc;
804 		break;
805 	case beqzcjic_op:
806 		if (!cpu_has_mips_r6) {
807 			ret = -SIGILL;
808 			break;
809 		}
810 		/* Compact branch: BEQZC || JIC */
811 		regs->cp0_epc += 8;
812 		break;
813 	case bnezcjialc_op:
814 		if (!cpu_has_mips_r6) {
815 			ret = -SIGILL;
816 			break;
817 		}
818 		/* Compact branch: BNEZC || JIALC */
819 		if (insn.i_format.rs)
820 			regs->regs[31] = epc + 4;
821 		regs->cp0_epc += 8;
822 		break;
823 #endif
824 	case cbcond0_op:
825 	case cbcond1_op:
826 		/* Only valid for MIPS R6 */
827 		if (!cpu_has_mips_r6) {
828 			ret = -SIGILL;
829 			break;
830 		}
831 		/*
832 		 * Compact branches:
833 		 * bovc, beqc, beqzalc, bnvc, bnec, bnezlac
834 		 */
835 		if (insn.i_format.rt && !insn.i_format.rs)
836 			regs->regs[31] = epc + 4;
837 		regs->cp0_epc += 8;
838 		break;
839 	}
840 
841 	return ret;
842 
843 sigill_dsp:
844 	printk("%s: DSP branch but not DSP ASE - sending SIGBUS.\n", current->comm);
845 	force_sig(SIGBUS, current);
846 	return -EFAULT;
847 sigill_r6:
848 	pr_info("%s: R2 branch but r2-to-r6 emulator is not preset - sending SIGILL.\n",
849 		current->comm);
850 	force_sig(SIGILL, current);
851 	return -EFAULT;
852 }
853 EXPORT_SYMBOL_GPL(__compute_return_epc_for_insn);
854 
855 int __compute_return_epc(struct pt_regs *regs)
856 {
857 	unsigned int __user *addr;
858 	long epc;
859 	union mips_instruction insn;
860 
861 	epc = regs->cp0_epc;
862 	if (epc & 3)
863 		goto unaligned;
864 
865 	/*
866 	 * Read the instruction
867 	 */
868 	addr = (unsigned int __user *) epc;
869 	if (__get_user(insn.word, addr)) {
870 		force_sig(SIGSEGV, current);
871 		return -EFAULT;
872 	}
873 
874 	return __compute_return_epc_for_insn(regs, insn);
875 
876 unaligned:
877 	printk("%s: unaligned epc - sending SIGBUS.\n", current->comm);
878 	force_sig(SIGBUS, current);
879 	return -EFAULT;
880 }
881