/*
 * Copyright 2011 Paul Mackerras, IBM Corp. <paulus@au1.ibm.com>
 * Copyright (C) 2009. SUSE Linux Products GmbH. All rights reserved.
 *
 * Authors:
 *    Paul Mackerras <paulus@au1.ibm.com>
 *    Alexander Graf <agraf@suse.de>
 *    Kevin Wolf <mail@kevin-wolf.de>
 *
 * Description: KVM functions specific to running on Book 3S
 * processors in hypervisor mode (specifically POWER7 and later).
 *
 * This file is derived from arch/powerpc/kvm/book3s.c,
 * by Alexander Graf <agraf@suse.de>.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License, version 2, as
 * published by the Free Software Foundation.
 */

#include <linux/kvm_host.h>
#include <linux/kernel.h>
#include <linux/err.h>
#include <linux/slab.h>
#include <linux/preempt.h>
#include <linux/sched/signal.h>
#include <linux/sched/stat.h>
#include <linux/delay.h>
#include <linux/export.h>
#include <linux/fs.h>
#include <linux/anon_inodes.h>
#include <linux/cpu.h>
#include <linux/cpumask.h>
#include <linux/spinlock.h>
#include <linux/page-flags.h>
#include <linux/srcu.h>
#include <linux/miscdevice.h>
#include <linux/debugfs.h>
#include <linux/gfp.h>
#include <linux/vmalloc.h>
#include <linux/highmem.h>
#include <linux/hugetlb.h>
#include <linux/kvm_irqfd.h>
#include <linux/irqbypass.h>
#include <linux/module.h>
#include <linux/compiler.h>
#include <linux/of.h>

#include <asm/reg.h>
#include <asm/ppc-opcode.h>
#include <asm/asm-prototypes.h>
#include <asm/debug.h>
#include <asm/disassemble.h>
#include <asm/cputable.h>
#include <asm/cacheflush.h>
#include <asm/tlbflush.h>
#include <linux/uaccess.h>
#include <asm/io.h>
#include <asm/kvm_ppc.h>
#include <asm/kvm_book3s.h>
#include <asm/mmu_context.h>
#include <asm/lppaca.h>
#include <asm/processor.h>
#include <asm/cputhreads.h>
#include <asm/page.h>
#include <asm/hvcall.h>
#include <asm/switch_to.h>
#include <asm/smp.h>
#include <asm/dbell.h>
#include <asm/hmi.h>
#include <asm/pnv-pci.h>
#include <asm/mmu.h>
#include <asm/opal.h>
#include <asm/xics.h>
#include <asm/xive.h>

#include "book3s.h"

#define CREATE_TRACE_POINTS
#include "trace_hv.h"

/* #define EXIT_DEBUG */
/* #define EXIT_DEBUG_SIMPLE */
/* #define EXIT_DEBUG_INT */

/* Used to indicate that a guest page fault needs to be handled */
#define RESUME_PAGE_FAULT       (RESUME_GUEST | RESUME_FLAG_ARCH1)
/* Used to indicate that a guest passthrough interrupt needs to be handled */
#define RESUME_PASSTHROUGH      (RESUME_GUEST | RESUME_FLAG_ARCH2)

/* Used as a "null" value for timebase values */
#define TB_NIL  (~(u64)0)

static DECLARE_BITMAP(default_enabled_hcalls, MAX_HCALL_OPCODE/4 + 1);

static int dynamic_mt_modes = 6;
module_param(dynamic_mt_modes, int, 0644);
MODULE_PARM_DESC(dynamic_mt_modes, "Set of allowed dynamic micro-threading modes: 0 (= none), 2, 4, or 6 (= 2 or 4)");
static int target_smt_mode;
module_param(target_smt_mode, int, 0644);
MODULE_PARM_DESC(target_smt_mode, "Target threads per core (0 = max)");

static bool indep_threads_mode = true;
module_param(indep_threads_mode, bool, S_IRUGO | S_IWUSR);
MODULE_PARM_DESC(indep_threads_mode, "Independent-threads mode (only on POWER9)");

#ifdef CONFIG_KVM_XICS
static struct kernel_param_ops module_param_ops = {
        .set = param_set_int,
        .get = param_get_int,
};

module_param_cb(kvm_irq_bypass, &module_param_ops, &kvm_irq_bypass, 0644);
MODULE_PARM_DESC(kvm_irq_bypass, "Bypass passthrough interrupt optimization");

module_param_cb(h_ipi_redirect, &module_param_ops, &h_ipi_redirect, 0644);
MODULE_PARM_DESC(h_ipi_redirect, "Redirect H_IPI wakeup to a free host core");
#endif

/* If set, the threads on each CPU core have to be in the same MMU mode */
static bool no_mixing_hpt_and_radix;

static void kvmppc_end_cede(struct kvm_vcpu *vcpu);
static int kvmppc_hv_setup_htab_rma(struct kvm_vcpu *vcpu);

/*
 * RWMR values for POWER8.  These control the rate at which PURR
 * and SPURR count and should be set according to the number of
 * online threads in the vcore being run.
 */
#define RWMR_RPA_P8_1THREAD     0x164520C62609AECA
#define RWMR_RPA_P8_2THREAD     0x7FFF2908450D8DA9
#define RWMR_RPA_P8_3THREAD     0x164520C62609AECA
#define RWMR_RPA_P8_4THREAD     0x199A421245058DA9
#define RWMR_RPA_P8_5THREAD     0x164520C62609AECA
#define RWMR_RPA_P8_6THREAD     0x164520C62609AECA
#define RWMR_RPA_P8_7THREAD     0x164520C62609AECA
#define RWMR_RPA_P8_8THREAD     0x164520C62609AECA

static unsigned long p8_rwmr_values[MAX_SMT_THREADS + 1] = {
        RWMR_RPA_P8_1THREAD,
        RWMR_RPA_P8_1THREAD,
        RWMR_RPA_P8_2THREAD,
        RWMR_RPA_P8_3THREAD,
        RWMR_RPA_P8_4THREAD,
        RWMR_RPA_P8_5THREAD,
        RWMR_RPA_P8_6THREAD,
        RWMR_RPA_P8_7THREAD,
        RWMR_RPA_P8_8THREAD,
};

static inline struct kvm_vcpu *next_runnable_thread(struct kvmppc_vcore *vc,
                int *ip)
{
        int i = *ip;
        struct kvm_vcpu *vcpu;

        while (++i < MAX_SMT_THREADS) {
                vcpu = READ_ONCE(vc->runnable_threads[i]);
                if (vcpu) {
                        *ip = i;
                        return vcpu;
                }
        }
        return NULL;
}

/* Used to traverse the list of runnable threads for a given vcore */
#define for_each_runnable_thread(i, vcpu, vc) \
        for (i = -1; (vcpu = next_runnable_thread(vc, &i)); )

static bool kvmppc_ipi_thread(int cpu)
{
        unsigned long msg = PPC_DBELL_TYPE(PPC_DBELL_SERVER);

        /* On POWER9 we can use msgsnd to IPI any cpu */
        if (cpu_has_feature(CPU_FTR_ARCH_300)) {
                msg |= get_hard_smp_processor_id(cpu);
                smp_mb();
                __asm__ __volatile__ (PPC_MSGSND(%0) : : "r" (msg));
                return true;
        }

        /* On POWER8 for IPIs to threads in the same core, use msgsnd */
        if (cpu_has_feature(CPU_FTR_ARCH_207S)) {
                preempt_disable();
                if (cpu_first_thread_sibling(cpu) ==
                    cpu_first_thread_sibling(smp_processor_id())) {
                        msg |= cpu_thread_in_core(cpu);
                        smp_mb();
                        __asm__ __volatile__ (PPC_MSGSND(%0) : : "r" (msg));
                        preempt_enable();
                        return true;
                }
                preempt_enable();
        }

#if defined(CONFIG_PPC_ICP_NATIVE) && defined(CONFIG_SMP)
        if (cpu >= 0 && cpu < nr_cpu_ids) {
                if (paca_ptrs[cpu]->kvm_hstate.xics_phys) {
                        xics_wake_cpu(cpu);
                        return true;
                }
                opal_int_set_mfrr(get_hard_smp_processor_id(cpu), IPI_PRIORITY);
                return true;
        }
#endif

        return false;
}

static void kvmppc_fast_vcpu_kick_hv(struct kvm_vcpu *vcpu)
{
        int cpu;
        struct swait_queue_head *wqp;

        wqp = kvm_arch_vcpu_wq(vcpu);
        if (swq_has_sleeper(wqp)) {
                swake_up(wqp);
                ++vcpu->stat.halt_wakeup;
        }

        cpu = READ_ONCE(vcpu->arch.thread_cpu);
        if (cpu >= 0 && kvmppc_ipi_thread(cpu))
                return;

        /* CPU points to the first thread of the core */
        cpu = vcpu->cpu;
        if (cpu >= 0 && cpu < nr_cpu_ids && cpu_online(cpu))
                smp_send_reschedule(cpu);
}

/*
 * We use the vcpu_load/put functions to measure stolen time.
 * Stolen time is counted as time when either the vcpu is able to
 * run as part of a virtual core, but the task running the vcore
 * is preempted or sleeping, or when the vcpu needs something done
 * in the kernel by the task running the vcpu, but that task is
 * preempted or sleeping.  Those two things have to be counted
 * separately, since one of the vcpu tasks will take on the job
 * of running the core, and the other vcpu tasks in the vcore will
 * sleep waiting for it to do that, but that sleep shouldn't count
 * as stolen time.
 *
 * Hence we accumulate stolen time when the vcpu can run as part of
 * a vcore using vc->stolen_tb, and the stolen time when the vcpu
 * needs its task to do other things in the kernel (for example,
 * service a page fault) in busy_stolen.  We don't accumulate
 * stolen time for a vcore when it is inactive, or for a vcpu
 * when it is in state RUNNING or NOTREADY.  NOTREADY is a bit of
 * a misnomer; it means that the vcpu task is not executing in
 * the KVM_VCPU_RUN ioctl, i.e. it is in userspace or elsewhere in
 * the kernel.  We don't have any way of dividing up that time
 * between time that the vcpu is genuinely stopped, time that
 * the task is actively working on behalf of the vcpu, and time
 * that the task is preempted, so we don't count any of it as
 * stolen.
 *
 * Updates to busy_stolen are protected by arch.tbacct_lock;
 * updates to vc->stolen_tb are protected by the vcore->stoltb_lock
 * lock.  The stolen times are measured in units of timebase ticks.
 * (Note that the != TB_NIL checks below are purely defensive;
 * they should never fail.)
 */

static void kvmppc_core_start_stolen(struct kvmppc_vcore *vc)
{
        unsigned long flags;

        spin_lock_irqsave(&vc->stoltb_lock, flags);
        vc->preempt_tb = mftb();
        spin_unlock_irqrestore(&vc->stoltb_lock, flags);
}

static void kvmppc_core_end_stolen(struct kvmppc_vcore *vc)
{
        unsigned long flags;

        spin_lock_irqsave(&vc->stoltb_lock, flags);
        if (vc->preempt_tb != TB_NIL) {
                vc->stolen_tb += mftb() - vc->preempt_tb;
                vc->preempt_tb = TB_NIL;
        }
        spin_unlock_irqrestore(&vc->stoltb_lock, flags);
}

static void kvmppc_core_vcpu_load_hv(struct kvm_vcpu *vcpu, int cpu)
{
        struct kvmppc_vcore *vc = vcpu->arch.vcore;
        unsigned long flags;

        /*
         * We can test vc->runner without taking the vcore lock,
         * because only this task ever sets vc->runner to this
         * vcpu, and once it is set to this vcpu, only this task
         * ever sets it to NULL.
         */
        if (vc->runner == vcpu && vc->vcore_state >= VCORE_SLEEPING)
                kvmppc_core_end_stolen(vc);

        spin_lock_irqsave(&vcpu->arch.tbacct_lock, flags);
        if (vcpu->arch.state == KVMPPC_VCPU_BUSY_IN_HOST &&
            vcpu->arch.busy_preempt != TB_NIL) {
                vcpu->arch.busy_stolen += mftb() - vcpu->arch.busy_preempt;
                vcpu->arch.busy_preempt = TB_NIL;
        }
        spin_unlock_irqrestore(&vcpu->arch.tbacct_lock, flags);
}

static void kvmppc_core_vcpu_put_hv(struct kvm_vcpu *vcpu)
{
        struct kvmppc_vcore *vc = vcpu->arch.vcore;
        unsigned long flags;

        if (vc->runner == vcpu && vc->vcore_state >= VCORE_SLEEPING)
                kvmppc_core_start_stolen(vc);

        spin_lock_irqsave(&vcpu->arch.tbacct_lock, flags);
        if (vcpu->arch.state == KVMPPC_VCPU_BUSY_IN_HOST)
                vcpu->arch.busy_preempt = mftb();
        spin_unlock_irqrestore(&vcpu->arch.tbacct_lock, flags);
}

static void kvmppc_set_msr_hv(struct kvm_vcpu *vcpu, u64 msr)
{
        /*
         * Check for illegal transactional state bit combination
         * and if we find it, force the TS field to a safe state.
         */
        if ((msr & MSR_TS_MASK) == MSR_TS_MASK)
                msr &= ~MSR_TS_MASK;
        vcpu->arch.shregs.msr = msr;
        kvmppc_end_cede(vcpu);
}

static void kvmppc_set_pvr_hv(struct kvm_vcpu *vcpu, u32 pvr)
{
        vcpu->arch.pvr = pvr;
}

/* Dummy value used in computing PCR value below */
#define PCR_ARCH_300    (PCR_ARCH_207 << 1)

static int kvmppc_set_arch_compat(struct kvm_vcpu *vcpu, u32 arch_compat)
{
        unsigned long host_pcr_bit = 0, guest_pcr_bit = 0;
        struct kvmppc_vcore *vc = vcpu->arch.vcore;

        /* We can (emulate) our own architecture version and anything older */
        if (cpu_has_feature(CPU_FTR_ARCH_300))
                host_pcr_bit = PCR_ARCH_300;
        else if (cpu_has_feature(CPU_FTR_ARCH_207S))
                host_pcr_bit = PCR_ARCH_207;
        else if (cpu_has_feature(CPU_FTR_ARCH_206))
                host_pcr_bit = PCR_ARCH_206;
        else
                host_pcr_bit = PCR_ARCH_205;

        /* Determine lowest PCR bit needed to run guest in given PVR level */
        guest_pcr_bit = host_pcr_bit;
        if (arch_compat) {
                switch (arch_compat) {
                case PVR_ARCH_205:
                        guest_pcr_bit = PCR_ARCH_205;
                        break;
                case PVR_ARCH_206:
                case PVR_ARCH_206p:
                        guest_pcr_bit = PCR_ARCH_206;
                        break;
                case PVR_ARCH_207:
                        guest_pcr_bit = PCR_ARCH_207;
                        break;
                case PVR_ARCH_300:
                        guest_pcr_bit = PCR_ARCH_300;
                        break;
                default:
                        return -EINVAL;
                }
        }

        /* Check requested PCR bits don't exceed our capabilities */
        if (guest_pcr_bit > host_pcr_bit)
                return -EINVAL;

        spin_lock(&vc->lock);
        vc->arch_compat = arch_compat;
        /* Set all PCR bits for which guest_pcr_bit <= bit < host_pcr_bit */
        vc->pcr = host_pcr_bit - guest_pcr_bit;
        spin_unlock(&vc->lock);

        return 0;
}

static void kvmppc_dump_regs(struct kvm_vcpu *vcpu)
{
        int r;

        pr_err("vcpu %p (%d):\n", vcpu, vcpu->vcpu_id);
        pr_err("pc  = %.16lx  msr = %.16llx  trap = %x\n",
               vcpu->arch.regs.nip, vcpu->arch.shregs.msr, vcpu->arch.trap);
        for (r = 0; r < 16; ++r)
                pr_err("r%2d = %.16lx  r%d = %.16lx\n",
                       r, kvmppc_get_gpr(vcpu, r),
                       r+16, kvmppc_get_gpr(vcpu, r+16));
        pr_err("ctr = %.16lx  lr  = %.16lx\n",
               vcpu->arch.regs.ctr, vcpu->arch.regs.link);
        pr_err("srr0 = %.16llx srr1 = %.16llx\n",
               vcpu->arch.shregs.srr0, vcpu->arch.shregs.srr1);
        pr_err("sprg0 = %.16llx sprg1 = %.16llx\n",
               vcpu->arch.shregs.sprg0, vcpu->arch.shregs.sprg1);
        pr_err("sprg2 = %.16llx sprg3 = %.16llx\n",
               vcpu->arch.shregs.sprg2, vcpu->arch.shregs.sprg3);
        pr_err("cr = %.8x  xer = %.16lx  dsisr = %.8x\n",
               vcpu->arch.cr, vcpu->arch.regs.xer, vcpu->arch.shregs.dsisr);
        pr_err("dar = %.16llx\n", vcpu->arch.shregs.dar);
        pr_err("fault dar = %.16lx dsisr = %.8x\n",
               vcpu->arch.fault_dar, vcpu->arch.fault_dsisr);
        pr_err("SLB (%d entries):\n", vcpu->arch.slb_max);
        for (r = 0; r < vcpu->arch.slb_max; ++r)
                pr_err("  ESID = %.16llx VSID = %.16llx\n",
                       vcpu->arch.slb[r].orige, vcpu->arch.slb[r].origv);
        pr_err("lpcr = %.16lx sdr1 = %.16lx last_inst = %.8x\n",
               vcpu->arch.vcore->lpcr, vcpu->kvm->arch.sdr1,
               vcpu->arch.last_inst);
}

static struct kvm_vcpu *kvmppc_find_vcpu(struct kvm *kvm, int id)
{
        struct kvm_vcpu *ret;

        mutex_lock(&kvm->lock);
        ret = kvm_get_vcpu_by_id(kvm, id);
        mutex_unlock(&kvm->lock);
        return ret;
}

static void init_vpa(struct kvm_vcpu *vcpu, struct lppaca *vpa)
{
        vpa->__old_status |= LPPACA_OLD_SHARED_PROC;
        vpa->yield_count = cpu_to_be32(1);
}

static int set_vpa(struct kvm_vcpu *vcpu, struct kvmppc_vpa *v,
                   unsigned long addr, unsigned long len)
{
        /* check address is cacheline aligned */
        if (addr & (L1_CACHE_BYTES - 1))
                return -EINVAL;
        spin_lock(&vcpu->arch.vpa_update_lock);
        if (v->next_gpa != addr || v->len != len) {
                v->next_gpa = addr;
                v->len = addr ? len : 0;
                v->update_pending = 1;
        }
        spin_unlock(&vcpu->arch.vpa_update_lock);
        return 0;
}

/* Length for a per-processor buffer is passed in at offset 4 in the buffer */
struct reg_vpa {
        u32 dummy;
        union {
                __be16 hword;
                __be32 word;
        } length;
};

static int vpa_is_registered(struct kvmppc_vpa *vpap)
{
        if (vpap->update_pending)
                return vpap->next_gpa != 0;
        return vpap->pinned_addr != NULL;
}

static unsigned long do_h_register_vpa(struct kvm_vcpu *vcpu,
                                       unsigned long flags,
                                       unsigned long vcpuid, unsigned long vpa)
{
        struct kvm *kvm = vcpu->kvm;
        unsigned long len, nb;
        void *va;
        struct kvm_vcpu *tvcpu;
        int err;
        int subfunc;
        struct kvmppc_vpa *vpap;

        tvcpu = kvmppc_find_vcpu(kvm, vcpuid);
        if (!tvcpu)
                return H_PARAMETER;

        subfunc = (flags >> H_VPA_FUNC_SHIFT) & H_VPA_FUNC_MASK;
        if (subfunc == H_VPA_REG_VPA || subfunc == H_VPA_REG_DTL ||
            subfunc == H_VPA_REG_SLB) {
                /* Registering new area - address must be cache-line aligned */
                if ((vpa & (L1_CACHE_BYTES - 1)) || !vpa)
                        return H_PARAMETER;

                /* convert logical addr to kernel addr and read length */
                va = kvmppc_pin_guest_page(kvm, vpa, &nb);
                if (va == NULL)
                        return H_PARAMETER;
                if (subfunc == H_VPA_REG_VPA)
                        len = be16_to_cpu(((struct reg_vpa *)va)->length.hword);
                else
                        len = be32_to_cpu(((struct reg_vpa *)va)->length.word);
                kvmppc_unpin_guest_page(kvm, va, vpa, false);

                /* Check length */
                if (len > nb || len < sizeof(struct reg_vpa))
                        return H_PARAMETER;
        } else {
                vpa = 0;
                len = 0;
        }

        err = H_PARAMETER;
        vpap = NULL;
        spin_lock(&tvcpu->arch.vpa_update_lock);

        switch (subfunc) {
        case H_VPA_REG_VPA:             /* register VPA */
                /*
                 * The size of our lppaca is 1kB because of the way we align
                 * it for the guest to avoid crossing a 4kB boundary. We only
                 * use 640 bytes of the structure though, so we should accept
                 * clients that set a size of 640.
                 */
                BUILD_BUG_ON(sizeof(struct lppaca) != 640);
                if (len < sizeof(struct lppaca))
                        break;
                vpap = &tvcpu->arch.vpa;
                err = 0;
                break;

        case H_VPA_REG_DTL:             /* register DTL */
                if (len < sizeof(struct dtl_entry))
                        break;
                len -= len % sizeof(struct dtl_entry);

                /* Check that they have previously registered a VPA */
                err = H_RESOURCE;
                if (!vpa_is_registered(&tvcpu->arch.vpa))
                        break;

                vpap = &tvcpu->arch.dtl;
                err = 0;
                break;

        case H_VPA_REG_SLB:             /* register SLB shadow buffer */
                /* Check that they have previously registered a VPA */
                err = H_RESOURCE;
                if (!vpa_is_registered(&tvcpu->arch.vpa))
                        break;

                vpap = &tvcpu->arch.slb_shadow;
                err = 0;
                break;

        case H_VPA_DEREG_VPA:           /* deregister VPA */
                /* Check they don't still have a DTL or SLB buf registered */
                err = H_RESOURCE;
                if (vpa_is_registered(&tvcpu->arch.dtl) ||
                    vpa_is_registered(&tvcpu->arch.slb_shadow))
                        break;

                vpap = &tvcpu->arch.vpa;
                err = 0;
                break;

        case H_VPA_DEREG_DTL:           /* deregister DTL */
                vpap = &tvcpu->arch.dtl;
                err = 0;
                break;

        case H_VPA_DEREG_SLB:           /* deregister SLB shadow buffer */
                vpap = &tvcpu->arch.slb_shadow;
                err = 0;
                break;
        }

        if (vpap) {
                vpap->next_gpa = vpa;
                vpap->len = len;
                vpap->update_pending = 1;
        }

        spin_unlock(&tvcpu->arch.vpa_update_lock);

        return err;
}

static void kvmppc_update_vpa(struct kvm_vcpu *vcpu, struct kvmppc_vpa *vpap)
{
        struct kvm *kvm = vcpu->kvm;
        void *va;
        unsigned long nb;
        unsigned long gpa;

        /*
         * We need to pin the page pointed to by vpap->next_gpa,
         * but we can't call kvmppc_pin_guest_page under the lock
         * as it does get_user_pages() and down_read().  So we
         * have to drop the lock, pin the page, then get the lock
         * again and check that a new area didn't get registered
         * in the meantime.
         */
        for (;;) {
                gpa = vpap->next_gpa;
                spin_unlock(&vcpu->arch.vpa_update_lock);
                va = NULL;
                nb = 0;
                if (gpa)
                        va = kvmppc_pin_guest_page(kvm, gpa, &nb);
                spin_lock(&vcpu->arch.vpa_update_lock);
                if (gpa == vpap->next_gpa)
                        break;
                /* sigh... unpin that one and try again */
                if (va)
                        kvmppc_unpin_guest_page(kvm, va, gpa, false);
        }

        vpap->update_pending = 0;
        if (va && nb < vpap->len) {
                /*
                 * If it's now too short, it must be that userspace
                 * has changed the mappings underlying guest memory,
                 * so unregister the region.
                 */
                kvmppc_unpin_guest_page(kvm, va, gpa, false);
                va = NULL;
        }
        if (vpap->pinned_addr)
                kvmppc_unpin_guest_page(kvm, vpap->pinned_addr, vpap->gpa,
                                        vpap->dirty);
        vpap->gpa = gpa;
        vpap->pinned_addr = va;
        vpap->dirty = false;
        if (va)
                vpap->pinned_end = va + vpap->len;
}

static void kvmppc_update_vpas(struct kvm_vcpu *vcpu)
{
        if (!(vcpu->arch.vpa.update_pending ||
              vcpu->arch.slb_shadow.update_pending ||
              vcpu->arch.dtl.update_pending))
                return;

        spin_lock(&vcpu->arch.vpa_update_lock);
        if (vcpu->arch.vpa.update_pending) {
                kvmppc_update_vpa(vcpu, &vcpu->arch.vpa);
                if (vcpu->arch.vpa.pinned_addr)
                        init_vpa(vcpu, vcpu->arch.vpa.pinned_addr);
        }
        if (vcpu->arch.dtl.update_pending) {
                kvmppc_update_vpa(vcpu, &vcpu->arch.dtl);
                vcpu->arch.dtl_ptr = vcpu->arch.dtl.pinned_addr;
                vcpu->arch.dtl_index = 0;
        }
        if (vcpu->arch.slb_shadow.update_pending)
                kvmppc_update_vpa(vcpu, &vcpu->arch.slb_shadow);
        spin_unlock(&vcpu->arch.vpa_update_lock);
}

/*
 * Return the accumulated stolen time for the vcore up until `now'.
 * The caller should hold the vcore lock.
 */
static u64 vcore_stolen_time(struct kvmppc_vcore *vc, u64 now)
{
        u64 p;
        unsigned long flags;

        spin_lock_irqsave(&vc->stoltb_lock, flags);
        p = vc->stolen_tb;
        if (vc->vcore_state != VCORE_INACTIVE &&
            vc->preempt_tb != TB_NIL)
                p += now - vc->preempt_tb;
        spin_unlock_irqrestore(&vc->stoltb_lock, flags);
        return p;
}

static void kvmppc_create_dtl_entry(struct kvm_vcpu *vcpu,
                                    struct kvmppc_vcore *vc)
{
        struct dtl_entry *dt;
        struct lppaca *vpa;
        unsigned long stolen;
        unsigned long core_stolen;
        u64 now;
        unsigned long flags;

        dt = vcpu->arch.dtl_ptr;
        vpa = vcpu->arch.vpa.pinned_addr;
        now = mftb();
        core_stolen = vcore_stolen_time(vc, now);
        stolen = core_stolen - vcpu->arch.stolen_logged;
        vcpu->arch.stolen_logged = core_stolen;
        spin_lock_irqsave(&vcpu->arch.tbacct_lock, flags);
        stolen += vcpu->arch.busy_stolen;
        vcpu->arch.busy_stolen = 0;
        spin_unlock_irqrestore(&vcpu->arch.tbacct_lock, flags);
        if (!dt || !vpa)
                return;
        memset(dt, 0, sizeof(struct dtl_entry));
        dt->dispatch_reason = 7;
        dt->processor_id = cpu_to_be16(vc->pcpu + vcpu->arch.ptid);
        dt->timebase = cpu_to_be64(now + vc->tb_offset);
        dt->enqueue_to_dispatch_time = cpu_to_be32(stolen);
        dt->srr0 = cpu_to_be64(kvmppc_get_pc(vcpu));
        dt->srr1 = cpu_to_be64(vcpu->arch.shregs.msr);
        ++dt;
        if (dt == vcpu->arch.dtl.pinned_end)
                dt = vcpu->arch.dtl.pinned_addr;
        vcpu->arch.dtl_ptr = dt;
        /* order writing *dt vs. writing vpa->dtl_idx */
        smp_wmb();
        vpa->dtl_idx = cpu_to_be64(++vcpu->arch.dtl_index);
        vcpu->arch.dtl.dirty = true;
}

/* See if there is a doorbell interrupt pending for a vcpu */
static bool kvmppc_doorbell_pending(struct kvm_vcpu *vcpu)
{
        int thr;
        struct kvmppc_vcore *vc;

        if (vcpu->arch.doorbell_request)
                return true;
        /*
         * Ensure that the read of vcore->dpdes comes after the read
         * of vcpu->doorbell_request.  This barrier matches the
         * lwsync in book3s_hv_rmhandlers.S just before the
         * fast_guest_return label.
         */
        smp_rmb();
        vc = vcpu->arch.vcore;
        thr = vcpu->vcpu_id - vc->first_vcpuid;
        return !!(vc->dpdes & (1 << thr));
}

static bool kvmppc_power8_compatible(struct kvm_vcpu *vcpu)
{
        if (vcpu->arch.vcore->arch_compat >= PVR_ARCH_207)
                return true;
        if ((!vcpu->arch.vcore->arch_compat) &&
            cpu_has_feature(CPU_FTR_ARCH_207S))
                return true;
        return false;
}

static int kvmppc_h_set_mode(struct kvm_vcpu *vcpu, unsigned long mflags,
                             unsigned long resource, unsigned long value1,
                             unsigned long value2)
{
        switch (resource) {
        case H_SET_MODE_RESOURCE_SET_CIABR:
                if (!kvmppc_power8_compatible(vcpu))
                        return H_P2;
                if (value2)
                        return H_P4;
                if (mflags)
                        return H_UNSUPPORTED_FLAG_START;
                /* Guests can't breakpoint the hypervisor */
                if ((value1 & CIABR_PRIV) == CIABR_PRIV_HYPER)
                        return H_P3;
                vcpu->arch.ciabr  = value1;
                return H_SUCCESS;
        case H_SET_MODE_RESOURCE_SET_DAWR:
                if (!kvmppc_power8_compatible(vcpu))
                        return H_P2;
                if (!ppc_breakpoint_available())
                        return H_P2;
                if (mflags)
                        return H_UNSUPPORTED_FLAG_START;
                if (value2 & DABRX_HYP)
                        return H_P4;
                vcpu->arch.dawr  = value1;
                vcpu->arch.dawrx = value2;
                return H_SUCCESS;
        default:
                return H_TOO_HARD;
        }
}

static int kvm_arch_vcpu_yield_to(struct kvm_vcpu *target)
{
        struct kvmppc_vcore *vcore = target->arch.vcore;

        /*
         * We expect to have been called by the real mode handler
         * (kvmppc_rm_h_confer()) which would have directly returned
         * H_SUCCESS if the source vcore wasn't idle (e.g. if it may
         * have useful work to do and should not confer) so we don't
         * recheck that here.
         */

        spin_lock(&vcore->lock);
        if (target->arch.state == KVMPPC_VCPU_RUNNABLE &&
            vcore->vcore_state != VCORE_INACTIVE &&
            vcore->runner)
                target = vcore->runner;
        spin_unlock(&vcore->lock);

        return kvm_vcpu_yield_to(target);
}

static int kvmppc_get_yield_count(struct kvm_vcpu *vcpu)
{
        int yield_count = 0;
        struct lppaca *lppaca;

        spin_lock(&vcpu->arch.vpa_update_lock);
        lppaca = (struct lppaca *)vcpu->arch.vpa.pinned_addr;
        if (lppaca)
                yield_count = be32_to_cpu(lppaca->yield_count);
        spin_unlock(&vcpu->arch.vpa_update_lock);
        return yield_count;
}

int kvmppc_pseries_do_hcall(struct kvm_vcpu *vcpu)
{
        unsigned long req = kvmppc_get_gpr(vcpu, 3);
        unsigned long target, ret = H_SUCCESS;
        int yield_count;
        struct kvm_vcpu *tvcpu;
        int idx, rc;

        if (req <= MAX_HCALL_OPCODE &&
            !test_bit(req/4, vcpu->kvm->arch.enabled_hcalls))
                return RESUME_HOST;

        switch (req) {
        case H_CEDE:
                break;
        case H_PROD:
                target = kvmppc_get_gpr(vcpu, 4);
                tvcpu = kvmppc_find_vcpu(vcpu->kvm, target);
                if (!tvcpu) {
                        ret = H_PARAMETER;
                        break;
                }
                tvcpu->arch.prodded = 1;
                smp_mb();
                if (tvcpu->arch.ceded)
                        kvmppc_fast_vcpu_kick_hv(tvcpu);
                break;
        case H_CONFER:
                target = kvmppc_get_gpr(vcpu, 4);
                if (target == -1)
                        break;
                tvcpu = kvmppc_find_vcpu(vcpu->kvm, target);
                if (!tvcpu) {
                        ret = H_PARAMETER;
                        break;
                }
                yield_count = kvmppc_get_gpr(vcpu, 5);
                if (kvmppc_get_yield_count(tvcpu) != yield_count)
                        break;
                kvm_arch_vcpu_yield_to(tvcpu);
                break;
        case H_REGISTER_VPA:
                ret = do_h_register_vpa(vcpu, kvmppc_get_gpr(vcpu, 4),
                                        kvmppc_get_gpr(vcpu, 5),
                                        kvmppc_get_gpr(vcpu, 6));
                break;
        case H_RTAS:
                if (list_empty(&vcpu->kvm->arch.rtas_tokens))
                        return RESUME_HOST;

                idx = srcu_read_lock(&vcpu->kvm->srcu);
                rc = kvmppc_rtas_hcall(vcpu);
                srcu_read_unlock(&vcpu->kvm->srcu, idx);

                if (rc == -ENOENT)
                        return RESUME_HOST;
                else if (rc == 0)
                        break;

                /* Send the error out to userspace via KVM_RUN */
                return rc;
        case H_LOGICAL_CI_LOAD:
                ret = kvmppc_h_logical_ci_load(vcpu);
                if (ret == H_TOO_HARD)
                        return RESUME_HOST;
                break;
        case H_LOGICAL_CI_STORE:
                ret = kvmppc_h_logical_ci_store(vcpu);
                if (ret == H_TOO_HARD)
                        return RESUME_HOST;
                break;
        case H_SET_MODE:
                ret = kvmppc_h_set_mode(vcpu, kvmppc_get_gpr(vcpu, 4),
                                        kvmppc_get_gpr(vcpu, 5),
                                        kvmppc_get_gpr(vcpu, 6),
                                        kvmppc_get_gpr(vcpu, 7));
                if (ret == H_TOO_HARD)
                        return RESUME_HOST;
                break;
        case H_XIRR:
        case H_CPPR:
        case H_EOI:
        case H_IPI:
        case H_IPOLL:
        case H_XIRR_X:
                if (kvmppc_xics_enabled(vcpu)) {
                        if (xive_enabled()) {
                                ret = H_NOT_AVAILABLE;
                                return RESUME_GUEST;
                        }
                        ret = kvmppc_xics_hcall(vcpu, req);
                        break;
                }
                return RESUME_HOST;
        case H_PUT_TCE:
                ret = kvmppc_h_put_tce(vcpu, kvmppc_get_gpr(vcpu, 4),
                                                kvmppc_get_gpr(vcpu, 5),
                                                kvmppc_get_gpr(vcpu, 6));
                if (ret == H_TOO_HARD)
                        return RESUME_HOST;
                break;
        case H_PUT_TCE_INDIRECT:
                ret = kvmppc_h_put_tce_indirect(vcpu, kvmppc_get_gpr(vcpu, 4),
                                                kvmppc_get_gpr(vcpu, 5),
                                                kvmppc_get_gpr(vcpu, 6),
                                                kvmppc_get_gpr(vcpu, 7));
                if (ret == H_TOO_HARD)
                        return RESUME_HOST;
                break;
        case H_STUFF_TCE:
                ret = kvmppc_h_stuff_tce(vcpu, kvmppc_get_gpr(vcpu, 4),
                                                kvmppc_get_gpr(vcpu, 5),
                                                kvmppc_get_gpr(vcpu, 6),
                                                kvmppc_get_gpr(vcpu, 7));
                if (ret == H_TOO_HARD)
                        return RESUME_HOST;
                break;
        default:
                return RESUME_HOST;
        }
        kvmppc_set_gpr(vcpu, 3, ret);
        vcpu->arch.hcall_needed = 0;
        return RESUME_GUEST;
}

static int kvmppc_hcall_impl_hv(unsigned long cmd)
{
        switch (cmd) {
        case H_CEDE:
        case H_PROD:
        case H_CONFER:
        case H_REGISTER_VPA:
        case H_SET_MODE:
        case H_LOGICAL_CI_LOAD:
        case H_LOGICAL_CI_STORE:
#ifdef CONFIG_KVM_XICS
        case H_XIRR:
        case H_CPPR:
        case H_EOI:
        case H_IPI:
        case H_IPOLL:
        case H_XIRR_X:
#endif
                return 1;
        }

        /* See if it's in the real-mode table */
        return kvmppc_hcall_impl_hv_realmode(cmd);
}

static int kvmppc_emulate_debug_inst(struct kvm_run *run,
                                        struct kvm_vcpu *vcpu)
{
        u32 last_inst;

        if (kvmppc_get_last_inst(vcpu, INST_GENERIC, &last_inst) !=
                                        EMULATE_DONE) {
                /*
                 * Fetch failed, so return to guest and
                 * try executing it again.
                 */
                return RESUME_GUEST;
        }

        if (last_inst == KVMPPC_INST_SW_BREAKPOINT) {
                run->exit_reason = KVM_EXIT_DEBUG;
                run->debug.arch.address = kvmppc_get_pc(vcpu);
                return RESUME_HOST;
        } else {
                kvmppc_core_queue_program(vcpu, SRR1_PROGILL);
                return RESUME_GUEST;
        }
}

static void do_nothing(void *x)
{
}

static unsigned long kvmppc_read_dpdes(struct kvm_vcpu *vcpu)
{

        int thr, cpu, pcpu, nthreads;
        struct kvm_vcpu *v;
        unsigned long dpdes;

        nthreads = vcpu->kvm->arch.emul_smt_mode;
        dpdes = 0;
        cpu = vcpu->vcpu_id & ~(nthreads - 1);
        for (thr = 0; thr < nthreads; ++thr, ++cpu) {
                v = kvmppc_find_vcpu(vcpu->kvm, cpu);
                if (!v)
                        continue;
                /*
                 * If the vcpu is currently running on a physical cpu thread,
                 * interrupt it in order to pull it out of the guest briefly,
                 * which will update its vcore->dpdes value.
                 */
                pcpu = READ_ONCE(v->cpu);
                if (pcpu >= 0)
                        smp_call_function_single(pcpu, do_nothing, NULL, 1);
                if (kvmppc_doorbell_pending(v))
                        dpdes |= 1 << thr;
        }
        return dpdes;
}

/*
 * On POWER9, emulate doorbell-related instructions in order to
 * give the guest the illusion of running on a multi-threaded core.
 * The instructions emulated are msgsndp, msgclrp, mfspr TIR,
 * and mfspr DPDES.
 */
static int kvmppc_emulate_doorbell_instr(struct kvm_vcpu *vcpu)
{
        u32 inst, rb, thr;
        unsigned long arg;
        struct kvm *kvm = vcpu->kvm;
        struct kvm_vcpu *tvcpu;

        if (kvmppc_get_last_inst(vcpu, INST_GENERIC, &inst) != EMULATE_DONE)
                return RESUME_GUEST;
        if (get_op(inst) != 31)
                return EMULATE_FAIL;
        rb = get_rb(inst);
        thr = vcpu->vcpu_id & (kvm->arch.emul_smt_mode - 1);
        switch (get_xop(inst)) {
        case OP_31_XOP_MSGSNDP:
                arg = kvmppc_get_gpr(vcpu, rb);
                if (((arg >> 27) & 0xf) != PPC_DBELL_SERVER)
                        break;
                arg &= 0x3f;
                if (arg >= kvm->arch.emul_smt_mode)
                        break;
                tvcpu = kvmppc_find_vcpu(kvm, vcpu->vcpu_id - thr + arg);
                if (!tvcpu)
                        break;
                if (!tvcpu->arch.doorbell_request) {
                        tvcpu->arch.doorbell_request = 1;
                        kvmppc_fast_vcpu_kick_hv(tvcpu);
                }
                break;
        case OP_31_XOP_MSGCLRP:
                arg = kvmppc_get_gpr(vcpu, rb);
                if (((arg >> 27) & 0xf) != PPC_DBELL_SERVER)
                        break;
                vcpu->arch.vcore->dpdes = 0;
                vcpu->arch.doorbell_request = 0;
                break;
        case OP_31_XOP_MFSPR:
                switch (get_sprn(inst)) {
                case SPRN_TIR:
                        arg = thr;
                        break;
                case SPRN_DPDES:
                        arg = kvmppc_read_dpdes(vcpu);
                        break;
                default:
                        return EMULATE_FAIL;
                }
                kvmppc_set_gpr(vcpu, get_rt(inst), arg);
                break;
        default:
                return EMULATE_FAIL;
        }
        kvmppc_set_pc(vcpu, kvmppc_get_pc(vcpu) + 4);
        return RESUME_GUEST;
}

/* Called with vcpu->arch.vcore->lock held */
static int kvmppc_handle_exit_hv(struct kvm_run *run, struct kvm_vcpu *vcpu,
                                 struct task_struct *tsk)
{
        int r = RESUME_HOST;

        vcpu->stat.sum_exits++;

        /*
         * This can happen if an interrupt occurs in the last stages
         * of guest entry or the first stages of guest exit (i.e. after
         * setting paca->kvm_hstate.in_guest to KVM_GUEST_MODE_GUEST_HV
         * and before setting it to KVM_GUEST_MODE_HOST_HV).
         * That can happen due to a bug, or due to a machine check
         * occurring at just the wrong time.
         */
        if (vcpu->arch.shregs.msr & MSR_HV) {
                printk(KERN_EMERG "KVM trap in HV mode!\n");
                printk(KERN_EMERG "trap=0x%x | pc=0x%lx | msr=0x%llx\n",
                        vcpu->arch.trap, kvmppc_get_pc(vcpu),
                        vcpu->arch.shregs.msr);
                kvmppc_dump_regs(vcpu);
                run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
                run->hw.hardware_exit_reason = vcpu->arch.trap;
                return RESUME_HOST;
        }
        run->exit_reason = KVM_EXIT_UNKNOWN;
        run->ready_for_interrupt_injection = 1;
        switch (vcpu->arch.trap) {
        /* We're good on these - the host merely wanted to get our attention */
        case BOOK3S_INTERRUPT_HV_DECREMENTER:
                vcpu->stat.dec_exits++;
                r = RESUME_GUEST;
                break;
        case BOOK3S_INTERRUPT_EXTERNAL:
        case BOOK3S_INTERRUPT_H_DOORBELL:
        case BOOK3S_INTERRUPT_H_VIRT:
                vcpu->stat.ext_intr_exits++;
                r = RESUME_GUEST;
                break;
        /* SR/HMI/PMI are HV interrupts that host has handled. Resume guest.*/
        case BOOK3S_INTERRUPT_HMI:
        case BOOK3S_INTERRUPT_PERFMON:
        case BOOK3S_INTERRUPT_SYSTEM_RESET:
                r = RESUME_GUEST;
                break;
        case BOOK3S_INTERRUPT_MACHINE_CHECK:
                /* Exit to guest with KVM_EXIT_NMI as exit reason */
                run->exit_reason = KVM_EXIT_NMI;
                run->hw.hardware_exit_reason = vcpu->arch.trap;
                /* Clear out the old NMI status from run->flags */
                run->flags &= ~KVM_RUN_PPC_NMI_DISP_MASK;
                /* Now set the NMI status */
                if (vcpu->arch.mce_evt.disposition == MCE_DISPOSITION_RECOVERED)
                        run->flags |= KVM_RUN_PPC_NMI_DISP_FULLY_RECOV;
                else
                        run->flags |= KVM_RUN_PPC_NMI_DISP_NOT_RECOV;

                r = RESUME_HOST;
                /* Print the MCE event to host console. */
                machine_check_print_event_info(&vcpu->arch.mce_evt, false);
                break;
        case BOOK3S_INTERRUPT_PROGRAM:
        {
                ulong flags;
                /*
                 * Normally program interrupts are delivered directly
                 * to the guest by the hardware, but we can get here
                 * as a result of a hypervisor emulation interrupt
                 * (e40) getting turned into a 700 by BML RTAS.
                 */
                flags = vcpu->arch.shregs.msr & 0x1f0000ull;
                kvmppc_core_queue_program(vcpu, flags);
                r = RESUME_GUEST;
                break;
        }
        case BOOK3S_INTERRUPT_SYSCALL:
        {
                /* hcall - punt to userspace */
                int i;

                /* hypercall with MSR_PR has already been handled in rmode,
                 * and never reaches here.
                 */

                run->papr_hcall.nr = kvmppc_get_gpr(vcpu, 3);
                for (i = 0; i < 9; ++i)
                        run->papr_hcall.args[i] = kvmppc_get_gpr(vcpu, 4 + i);
                run->exit_reason = KVM_EXIT_PAPR_HCALL;
                vcpu->arch.hcall_needed = 1;
                r = RESUME_HOST;
                break;
        }
        /*
         * We get these next two if the guest accesses a page which it thinks
         * it has mapped but which is not actually present, either because
         * it is for an emulated I/O device or because the corresonding
         * host page has been paged out.  Any other HDSI/HISI interrupts
         * have been handled already.
         */
        case BOOK3S_INTERRUPT_H_DATA_STORAGE:
                r = RESUME_PAGE_FAULT;
                break;
        case BOOK3S_INTERRUPT_H_INST_STORAGE:
                vcpu->arch.fault_dar = kvmppc_get_pc(vcpu);
                vcpu->arch.fault_dsisr = 0;
                r = RESUME_PAGE_FAULT;
                break;
        /*
         * This occurs if the guest executes an illegal instruction.
         * If the guest debug is disabled, generate a program interrupt
         * to the guest. If guest debug is enabled, we need to check
         * whether the instruction is a software breakpoint instruction.
         * Accordingly return to Guest or Host.
         */
        case BOOK3S_INTERRUPT_H_EMUL_ASSIST:
                if (vcpu->arch.emul_inst != KVM_INST_FETCH_FAILED)
                        vcpu->arch.last_inst = kvmppc_need_byteswap(vcpu) ?
                                swab32(vcpu->arch.emul_inst) :
                                vcpu->arch.emul_inst;
                if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP) {
                        /* Need vcore unlocked to call kvmppc_get_last_inst */
                        spin_unlock(&vcpu->arch.vcore->lock);
                        r = kvmppc_emulate_debug_inst(run, vcpu);
                        spin_lock(&vcpu->arch.vcore->lock);
                } else {
                        kvmppc_core_queue_program(vcpu, SRR1_PROGILL);
                        r = RESUME_GUEST;
                }
                break;
        /*
         * This occurs if the guest (kernel or userspace), does something that
         * is prohibited by HFSCR.
         * On POWER9, this could be a doorbell instruction that we need
         * to emulate.
         * Otherwise, we just generate a program interrupt to the guest.
         */
        case BOOK3S_INTERRUPT_H_FAC_UNAVAIL:
                r = EMULATE_FAIL;
                if (((vcpu->arch.hfscr >> 56) == FSCR_MSGP_LG) &&
                    cpu_has_feature(CPU_FTR_ARCH_300)) {
                        /* Need vcore unlocked to call kvmppc_get_last_inst */
                        spin_unlock(&vcpu->arch.vcore->lock);
                        r = kvmppc_emulate_doorbell_instr(vcpu);
                        spin_lock(&vcpu->arch.vcore->lock);
                }
                if (r == EMULATE_FAIL) {
                        kvmppc_core_queue_program(vcpu, SRR1_PROGILL);
                        r = RESUME_GUEST;
                }
                break;

#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
        case BOOK3S_INTERRUPT_HV_SOFTPATCH:
                /*
                 * This occurs for various TM-related instructions that
                 * we need to emulate on POWER9 DD2.2.  We have already
                 * handled the cases where the guest was in real-suspend
                 * mode and was transitioning to transactional state.
                 */
                r = kvmhv_p9_tm_emulation(vcpu);
                break;
#endif

        case BOOK3S_INTERRUPT_HV_RM_HARD:
                r = RESUME_PASSTHROUGH;
                break;
        default:
                kvmppc_dump_regs(vcpu);
                printk(KERN_EMERG "trap=0x%x | pc=0x%lx | msr=0x%llx\n",
                        vcpu->arch.trap, kvmppc_get_pc(vcpu),
                        vcpu->arch.shregs.msr);
                run->hw.hardware_exit_reason = vcpu->arch.trap;
                r = RESUME_HOST;
                break;
        }

        return r;
}

static int kvm_arch_vcpu_ioctl_get_sregs_hv(struct kvm_vcpu *vcpu,
                                            struct kvm_sregs *sregs)
{
        int i;

        memset(sregs, 0, sizeof(struct kvm_sregs));
        sregs->pvr = vcpu->arch.pvr;
        for (i = 0; i < vcpu->arch.slb_max; i++) {
                sregs->u.s.ppc64.slb[i].slbe = vcpu->arch.slb[i].orige;
                sregs->u.s.ppc64.slb[i].slbv = vcpu->arch.slb[i].origv;
        }

        return 0;
}

static int kvm_arch_vcpu_ioctl_set_sregs_hv(struct kvm_vcpu *vcpu,
                                            struct kvm_sregs *sregs)
{
        int i, j;

        /* Only accept the same PVR as the host's, since we can't spoof it */
        if (sregs->pvr != vcpu->arch.pvr)
                return -EINVAL;

        j = 0;
        for (i = 0; i < vcpu->arch.slb_nr; i++) {
                if (sregs->u.s.ppc64.slb[i].slbe & SLB_ESID_V) {
                        vcpu->arch.slb[j].orige = sregs->u.s.ppc64.slb[i].slbe;
                        vcpu->arch.slb[j].origv = sregs->u.s.ppc64.slb[i].slbv;
                        ++j;
                }
        }
        vcpu->arch.slb_max = j;

        return 0;
}

static void kvmppc_set_lpcr(struct kvm_vcpu *vcpu, u64 new_lpcr,
                bool preserve_top32)
{
        struct kvm *kvm = vcpu->kvm;
        struct kvmppc_vcore *vc = vcpu->arch.vcore;
        u64 mask;

        mutex_lock(&kvm->lock);
        spin_lock(&vc->lock);
        /*
         * If ILE (interrupt little-endian) has changed, update the
         * MSR_LE bit in the intr_msr for each vcpu in this vcore.
         */
        if ((new_lpcr & LPCR_ILE) != (vc->lpcr & LPCR_ILE)) {
                struct kvm_vcpu *vcpu;
                int i;

                kvm_for_each_vcpu(i, vcpu, kvm) {
                        if (vcpu->arch.vcore != vc)
                                continue;
                        if (new_lpcr & LPCR_ILE)
                                vcpu->arch.intr_msr |= MSR_LE;
                        else
                                vcpu->arch.intr_msr &= ~MSR_LE;
                }
        }

        /*
         * Userspace can only modify DPFD (default prefetch depth),
         * ILE (interrupt little-endian) and TC (translation control).
         * On POWER8 and POWER9 userspace can also modify AIL (alt. interrupt loc.).
         */
        mask = LPCR_DPFD | LPCR_ILE | LPCR_TC;
        if (cpu_has_feature(CPU_FTR_ARCH_207S))
                mask |= LPCR_AIL;
        /*
         * On POWER9, allow userspace to enable large decrementer for the
         * guest, whether or not the host has it enabled.
         */
        if (cpu_has_feature(CPU_FTR_ARCH_300))
                mask |= LPCR_LD;

        /* Broken 32-bit version of LPCR must not clear top bits */
        if (preserve_top32)
                mask &= 0xFFFFFFFF;
        vc->lpcr = (vc->lpcr & ~mask) | (new_lpcr & mask);
        spin_unlock(&vc->lock);
        mutex_unlock(&kvm->lock);
}

static int kvmppc_get_one_reg_hv(struct kvm_vcpu *vcpu, u64 id,
                                 union kvmppc_one_reg *val)
{
        int r = 0;
        long int i;

        switch (id) {
        case KVM_REG_PPC_DEBUG_INST:
                *val = get_reg_val(id, KVMPPC_INST_SW_BREAKPOINT);
                break;
        case KVM_REG_PPC_HIOR:
                *val = get_reg_val(id, 0);
                break;
        case KVM_REG_PPC_DABR:
                *val = get_reg_val(id, vcpu->arch.dabr);
                break;
        case KVM_REG_PPC_DABRX:
                *val = get_reg_val(id, vcpu->arch.dabrx);
                break;
        case KVM_REG_PPC_DSCR:
                *val = get_reg_val(id, vcpu->arch.dscr);
                break;
        case KVM_REG_PPC_PURR:
                *val = get_reg_val(id, vcpu->arch.purr);
                break;
        case KVM_REG_PPC_SPURR:
                *val = get_reg_val(id, vcpu->arch.spurr);
                break;
        case KVM_REG_PPC_AMR:
                *val = get_reg_val(id, vcpu->arch.amr);
                break;
        case KVM_REG_PPC_UAMOR:
                *val = get_reg_val(id, vcpu->arch.uamor);
                break;
        case KVM_REG_PPC_MMCR0 ... KVM_REG_PPC_MMCRS:
                i = id - KVM_REG_PPC_MMCR0;
                *val = get_reg_val(id, vcpu->arch.mmcr[i]);
                break;
        case KVM_REG_PPC_PMC1 ... KVM_REG_PPC_PMC8:
                i = id - KVM_REG_PPC_PMC1;
                *val = get_reg_val(id, vcpu->arch.pmc[i]);
                break;
        case KVM_REG_PPC_SPMC1 ... KVM_REG_PPC_SPMC2:
                i = id - KVM_REG_PPC_SPMC1;
                *val = get_reg_val(id, vcpu->arch.spmc[i]);
                break;
        case KVM_REG_PPC_SIAR:
                *val = get_reg_val(id, vcpu->arch.siar);
                break;
        case KVM_REG_PPC_SDAR:
                *val = get_reg_val(id, vcpu->arch.sdar);
                break;
        case KVM_REG_PPC_SIER:
                *val = get_reg_val(id, vcpu->arch.sier);
                break;
        case KVM_REG_PPC_IAMR:
                *val = get_reg_val(id, vcpu->arch.iamr);
                break;
        case KVM_REG_PPC_PSPB:
                *val = get_reg_val(id, vcpu->arch.pspb);
                break;
        case KVM_REG_PPC_DPDES:
                *val = get_reg_val(id, vcpu->arch.vcore->dpdes);
                break;
        case KVM_REG_PPC_VTB:
                *val = get_reg_val(id, vcpu->arch.vcore->vtb);
                break;
        case KVM_REG_PPC_DAWR:
                *val = get_reg_val(id, vcpu->arch.dawr);
                break;
        case KVM_REG_PPC_DAWRX:
                *val = get_reg_val(id, vcpu->arch.dawrx);
                break;
        case KVM_REG_PPC_CIABR:
                *val = get_reg_val(id, vcpu->arch.ciabr);
                break;
        case KVM_REG_PPC_CSIGR:
                *val = get_reg_val(id, vcpu->arch.csigr);
                break;
        case KVM_REG_PPC_TACR:
                *val = get_reg_val(id, vcpu->arch.tacr);
                break;
        case KVM_REG_PPC_TCSCR:
                *val = get_reg_val(id, vcpu->arch.tcscr);
                break;
        case KVM_REG_PPC_PID:
                *val = get_reg_val(id, vcpu->arch.pid);
                break;
        case KVM_REG_PPC_ACOP:
                *val = get_reg_val(id, vcpu->arch.acop);
                break;
        case KVM_REG_PPC_WORT:
                *val = get_reg_val(id, vcpu->arch.wort);
                break;
        case KVM_REG_PPC_TIDR:
                *val = get_reg_val(id, vcpu->arch.tid);
                break;
        case KVM_REG_PPC_PSSCR:
                *val = get_reg_val(id, vcpu->arch.psscr);
                break;
        case KVM_REG_PPC_VPA_ADDR:
                spin_lock(&vcpu->arch.vpa_update_lock);
                *val = get_reg_val(id, vcpu->arch.vpa.next_gpa);
                spin_unlock(&vcpu->arch.vpa_update_lock);
                break;
        case KVM_REG_PPC_VPA_SLB:
                spin_lock(&vcpu->arch.vpa_update_lock);
                val->vpaval.addr = vcpu->arch.slb_shadow.next_gpa;
                val->vpaval.length = vcpu->arch.slb_shadow.len;
                spin_unlock(&vcpu->arch.vpa_update_lock);
                break;
        case KVM_REG_PPC_VPA_DTL:
                spin_lock(&vcpu->arch.vpa_update_lock);
                val->vpaval.addr = vcpu->arch.dtl.next_gpa;
                val->vpaval.length = vcpu->arch.dtl.len;
                spin_unlock(&vcpu->arch.vpa_update_lock);
                break;
        case KVM_REG_PPC_TB_OFFSET:
                *val = get_reg_val(id, vcpu->arch.vcore->tb_offset);
                break;
        case KVM_REG_PPC_LPCR:
        case KVM_REG_PPC_LPCR_64:
                *val = get_reg_val(id, vcpu->arch.vcore->lpcr);
                break;
        case KVM_REG_PPC_PPR:
                *val = get_reg_val(id, vcpu->arch.ppr);
                break;
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
        case KVM_REG_PPC_TFHAR:
                *val = get_reg_val(id, vcpu->arch.tfhar);
                break;
        case KVM_REG_PPC_TFIAR:
                *val = get_reg_val(id, vcpu->arch.tfiar);
                break;
        case KVM_REG_PPC_TEXASR:
                *val = get_reg_val(id, vcpu->arch.texasr);
                break;
        case KVM_REG_PPC_TM_GPR0 ... KVM_REG_PPC_TM_GPR31:
                i = id - KVM_REG_PPC_TM_GPR0;
                *val = get_reg_val(id, vcpu->arch.gpr_tm[i]);
                break;
        case KVM_REG_PPC_TM_VSR0 ... KVM_REG_PPC_TM_VSR63:
        {
                int j;
                i = id - KVM_REG_PPC_TM_VSR0;
                if (i < 32)
                        for (j = 0; j < TS_FPRWIDTH; j++)
                                val->vsxval[j] = vcpu->arch.fp_tm.fpr[i][j];
                else {
                        if (cpu_has_feature(CPU_FTR_ALTIVEC))
                                val->vval = vcpu->arch.vr_tm.vr[i-32];
                        else
                                r = -ENXIO;
                }
                break;
        }
        case KVM_REG_PPC_TM_CR:
                *val = get_reg_val(id, vcpu->arch.cr_tm);
                break;
        case KVM_REG_PPC_TM_XER:
                *val = get_reg_val(id, vcpu->arch.xer_tm);
                break;
        case KVM_REG_PPC_TM_LR:
                *val = get_reg_val(id, vcpu->arch.lr_tm);
                break;
        case KVM_REG_PPC_TM_CTR:
                *val = get_reg_val(id, vcpu->arch.ctr_tm);
                break;
        case KVM_REG_PPC_TM_FPSCR:
                *val = get_reg_val(id, vcpu->arch.fp_tm.fpscr);
                break;
        case KVM_REG_PPC_TM_AMR:
                *val = get_reg_val(id, vcpu->arch.amr_tm);
                break;
        case KVM_REG_PPC_TM_PPR:
                *val = get_reg_val(id, vcpu->arch.ppr_tm);
                break;
        case KVM_REG_PPC_TM_VRSAVE:
                *val = get_reg_val(id, vcpu->arch.vrsave_tm);
                break;
        case KVM_REG_PPC_TM_VSCR:
                if (cpu_has_feature(CPU_FTR_ALTIVEC))
                        *val = get_reg_val(id, vcpu->arch.vr_tm.vscr.u[3]);
                else
                        r = -ENXIO;
                break;
        case KVM_REG_PPC_TM_DSCR:
                *val = get_reg_val(id, vcpu->arch.dscr_tm);
                break;
        case KVM_REG_PPC_TM_TAR:
                *val = get_reg_val(id, vcpu->arch.tar_tm);
                break;
#endif
        case KVM_REG_PPC_ARCH_COMPAT:
                *val = get_reg_val(id, vcpu->arch.vcore->arch_compat);
                break;
        case KVM_REG_PPC_DEC_EXPIRY:
                *val = get_reg_val(id, vcpu->arch.dec_expires +
                                   vcpu->arch.vcore->tb_offset);
                break;
        case KVM_REG_PPC_ONLINE:
                *val = get_reg_val(id, vcpu->arch.online);
                break;
        default:
                r = -EINVAL;
                break;
        }

        return r;
}

static int kvmppc_set_one_reg_hv(struct kvm_vcpu *vcpu, u64 id,
                                 union kvmppc_one_reg *val)
{
        int r = 0;
        long int i;
        unsigned long addr, len;

        switch (id) {
        case KVM_REG_PPC_HIOR:
                /* Only allow this to be set to zero */
                if (set_reg_val(id, *val))
                        r = -EINVAL;
                break;
        case KVM_REG_PPC_DABR:
                vcpu->arch.dabr = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_DABRX:
                vcpu->arch.dabrx = set_reg_val(id, *val) & ~DABRX_HYP;
                break;
        case KVM_REG_PPC_DSCR:
                vcpu->arch.dscr = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_PURR:
                vcpu->arch.purr = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_SPURR:
                vcpu->arch.spurr = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_AMR:
                vcpu->arch.amr = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_UAMOR:
                vcpu->arch.uamor = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_MMCR0 ... KVM_REG_PPC_MMCRS:
                i = id - KVM_REG_PPC_MMCR0;
                vcpu->arch.mmcr[i] = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_PMC1 ... KVM_REG_PPC_PMC8:
                i = id - KVM_REG_PPC_PMC1;
                vcpu->arch.pmc[i] = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_SPMC1 ... KVM_REG_PPC_SPMC2:
                i = id - KVM_REG_PPC_SPMC1;
                vcpu->arch.spmc[i] = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_SIAR:
                vcpu->arch.siar = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_SDAR:
                vcpu->arch.sdar = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_SIER:
                vcpu->arch.sier = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_IAMR:
                vcpu->arch.iamr = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_PSPB:
                vcpu->arch.pspb = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_DPDES:
                vcpu->arch.vcore->dpdes = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_VTB:
                vcpu->arch.vcore->vtb = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_DAWR:
                vcpu->arch.dawr = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_DAWRX:
                vcpu->arch.dawrx = set_reg_val(id, *val) & ~DAWRX_HYP;
                break;
        case KVM_REG_PPC_CIABR:
                vcpu->arch.ciabr = set_reg_val(id, *val);
                /* Don't allow setting breakpoints in hypervisor code */
                if ((vcpu->arch.ciabr & CIABR_PRIV) == CIABR_PRIV_HYPER)
                        vcpu->arch.ciabr &= ~CIABR_PRIV;        /* disable */
                break;
        case KVM_REG_PPC_CSIGR:
                vcpu->arch.csigr = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_TACR:
                vcpu->arch.tacr = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_TCSCR:
                vcpu->arch.tcscr = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_PID:
                vcpu->arch.pid = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_ACOP:
                vcpu->arch.acop = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_WORT:
                vcpu->arch.wort = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_TIDR:
                vcpu->arch.tid = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_PSSCR:
                vcpu->arch.psscr = set_reg_val(id, *val) & PSSCR_GUEST_VIS;
                break;
        case KVM_REG_PPC_VPA_ADDR:
                addr = set_reg_val(id, *val);
                r = -EINVAL;
                if (!addr && (vcpu->arch.slb_shadow.next_gpa ||
                              vcpu->arch.dtl.next_gpa))
                        break;
                r = set_vpa(vcpu, &vcpu->arch.vpa, addr, sizeof(struct lppaca));
                break;
        case KVM_REG_PPC_VPA_SLB:
                addr = val->vpaval.addr;
                len = val->vpaval.length;
                r = -EINVAL;
                if (addr && !vcpu->arch.vpa.next_gpa)
                        break;
                r = set_vpa(vcpu, &vcpu->arch.slb_shadow, addr, len);
                break;
        case KVM_REG_PPC_VPA_DTL:
                addr = val->vpaval.addr;
                len = val->vpaval.length;
                r = -EINVAL;
                if (addr && (len < sizeof(struct dtl_entry) ||
                             !vcpu->arch.vpa.next_gpa))
                        break;
                len -= len % sizeof(struct dtl_entry);
                r = set_vpa(vcpu, &vcpu->arch.dtl, addr, len);
                break;
        case KVM_REG_PPC_TB_OFFSET:
                /*
                 * POWER9 DD1 has an erratum where writing TBU40 causes
                 * the timebase to lose ticks.  So we don't let the
                 * timebase offset be changed on P9 DD1.  (It is
                 * initialized to zero.)
                 */
                if (cpu_has_feature(CPU_FTR_POWER9_DD1))
                        break;
                /* round up to multiple of 2^24 */
                vcpu->arch.vcore->tb_offset =
                        ALIGN(set_reg_val(id, *val), 1UL << 24);
                break;
        case KVM_REG_PPC_LPCR:
                kvmppc_set_lpcr(vcpu, set_reg_val(id, *val), true);
                break;
        case KVM_REG_PPC_LPCR_64:
                kvmppc_set_lpcr(vcpu, set_reg_val(id, *val), false);
                break;
        case KVM_REG_PPC_PPR:
                vcpu->arch.ppr = set_reg_val(id, *val);
                break;
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
        case KVM_REG_PPC_TFHAR:
                vcpu->arch.tfhar = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_TFIAR:
                vcpu->arch.tfiar = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_TEXASR:
                vcpu->arch.texasr = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_TM_GPR0 ... KVM_REG_PPC_TM_GPR31:
                i = id - KVM_REG_PPC_TM_GPR0;
                vcpu->arch.gpr_tm[i] = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_TM_VSR0 ... KVM_REG_PPC_TM_VSR63:
        {
                int j;
                i = id - KVM_REG_PPC_TM_VSR0;
                if (i < 32)
                        for (j = 0; j < TS_FPRWIDTH; j++)
                                vcpu->arch.fp_tm.fpr[i][j] = val->vsxval[j];
                else
                        if (cpu_has_feature(CPU_FTR_ALTIVEC))
                                vcpu->arch.vr_tm.vr[i-32] = val->vval;
                        else
                                r = -ENXIO;
                break;
        }
        case KVM_REG_PPC_TM_CR:
                vcpu->arch.cr_tm = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_TM_XER:
                vcpu->arch.xer_tm = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_TM_LR:
                vcpu->arch.lr_tm = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_TM_CTR:
                vcpu->arch.ctr_tm = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_TM_FPSCR:
                vcpu->arch.fp_tm.fpscr = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_TM_AMR:
                vcpu->arch.amr_tm = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_TM_PPR:
                vcpu->arch.ppr_tm = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_TM_VRSAVE:
                vcpu->arch.vrsave_tm = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_TM_VSCR:
                if (cpu_has_feature(CPU_FTR_ALTIVEC))
                        vcpu->arch.vr.vscr.u[3] = set_reg_val(id, *val);
                else
                        r = - ENXIO;
                break;
        case KVM_REG_PPC_TM_DSCR:
                vcpu->arch.dscr_tm = set_reg_val(id, *val);
                break;
        case KVM_REG_PPC_TM_TAR:
                vcpu->arch.tar_tm = set_reg_val(id, *val);
                break;
#endif
        case KVM_REG_PPC_ARCH_COMPAT:
                r = kvmppc_set_arch_compat(vcpu, set_reg_val(id, *val));
                break;
        case KVM_REG_PPC_DEC_EXPIRY:
                vcpu->arch.dec_expires = set_reg_val(id, *val) -
                        vcpu->arch.vcore->tb_offset;
                break;
        case KVM_REG_PPC_ONLINE:
                i = set_reg_val(id, *val);
                if (i && !vcpu->arch.online)
                        atomic_inc(&vcpu->arch.vcore->online_count);
                else if (!i && vcpu->arch.online)
                        atomic_dec(&vcpu->arch.vcore->online_count);
                vcpu->arch.online = i;
                break;
        default:
                r = -EINVAL;
                break;
        }

        return r;
}

/*
 * On POWER9, threads are independent and can be in different partitions.
 * Therefore we consider each thread to be a subcore.
 * There is a restriction that all threads have to be in the same
 * MMU mode (radix or HPT), unfortunately, but since we only support
 * HPT guests on a HPT host so far, that isn't an impediment yet.
 */
static int threads_per_vcore(struct kvm *kvm)
{
        if (kvm->arch.threads_indep)
                return 1;
        return threads_per_subcore;
}

static struct kvmppc_vcore *kvmppc_vcore_create(struct kvm *kvm, int core)
{
        struct kvmppc_vcore *vcore;

        vcore = kzalloc(sizeof(struct kvmppc_vcore), GFP_KERNEL);

        if (vcore == NULL)
                return NULL;

        spin_lock_init(&vcore->lock);
        spin_lock_init(&vcore->stoltb_lock);
        init_swait_queue_head(&vcore->wq);
        vcore->preempt_tb = TB_NIL;
        vcore->lpcr = kvm->arch.lpcr;
        vcore->first_vcpuid = core * kvm->arch.smt_mode;
        vcore->kvm = kvm;
        INIT_LIST_HEAD(&vcore->preempt_list);

        return vcore;
}

#ifdef CONFIG_KVM_BOOK3S_HV_EXIT_TIMING
static struct debugfs_timings_element {
        const char *name;
        size_t offset;
} timings[] = {
        {"rm_entry",    offsetof(struct kvm_vcpu, arch.rm_entry)},
        {"rm_intr",     offsetof(struct kvm_vcpu, arch.rm_intr)},
        {"rm_exit",     offsetof(struct kvm_vcpu, arch.rm_exit)},
        {"guest",       offsetof(struct kvm_vcpu, arch.guest_time)},
        {"cede",        offsetof(struct kvm_vcpu, arch.cede_time)},
};

#define N_TIMINGS       (ARRAY_SIZE(timings))

struct debugfs_timings_state {
        struct kvm_vcpu *vcpu;
        unsigned int    buflen;
        char            buf[N_TIMINGS * 100];
};

static int debugfs_timings_open(struct inode *inode, struct file *file)
{
        struct kvm_vcpu *vcpu = inode->i_private;
        struct debugfs_timings_state *p;

        p = kzalloc(sizeof(*p), GFP_KERNEL);
        if (!p)
                return -ENOMEM;

        kvm_get_kvm(vcpu->kvm);
        p->vcpu = vcpu;
        file->private_data = p;

        return nonseekable_open(inode, file);
}

static int debugfs_timings_release(struct inode *inode, struct file *file)
{
        struct debugfs_timings_state *p = file->private_data;

        kvm_put_kvm(p->vcpu->kvm);
        kfree(p);
        return 0;
}

static ssize_t debugfs_timings_read(struct file *file, char __user *buf,
                                    size_t len, loff_t *ppos)
{
        struct debugfs_timings_state *p = file->private_data;
        struct kvm_vcpu *vcpu = p->vcpu;
        char *s, *buf_end;
        struct kvmhv_tb_accumulator tb;
        u64 count;
        loff_t pos;
        ssize_t n;
        int i, loops;
        bool ok;

        if (!p->buflen) {
                s = p->buf;
                buf_end = s + sizeof(p->buf);
                for (i = 0; i < N_TIMINGS; ++i) {
                        struct kvmhv_tb_accumulator *acc;

                        acc = (struct kvmhv_tb_accumulator *)
                                ((unsigned long)vcpu + timings[i].offset);
                        ok = false;
                        for (loops = 0; loops < 1000; ++loops) {
                                count = acc->seqcount;
                                if (!(count & 1)) {
                                        smp_rmb();
                                        tb = *acc;
                                        smp_rmb();
                                        if (count == acc->seqcount) {
                                                ok = true;
                                                break;
                                        }
                                }
                                udelay(1);
                        }
                        if (!ok)
                                snprintf(s, buf_end - s, "%s: stuck\n",
                                        timings[i].name);
                        else
                                snprintf(s, buf_end - s,
                                        "%s: %llu %llu %llu %llu\n",
                                        timings[i].name, count / 2,
                                        tb_to_ns(tb.tb_total),
                                        tb_to_ns(tb.tb_min),
                                        tb_to_ns(tb.tb_max));
                        s += strlen(s);
                }
                p->buflen = s - p->buf;
        }

        pos = *ppos;
        if (pos >= p->buflen)
                return 0;
        if (len > p->buflen - pos)
                len = p->buflen - pos;
        n = copy_to_user(buf, p->buf + pos, len);
        if (n) {
                if (n == len)
                        return -EFAULT;
                len -= n;
        }
        *ppos = pos + len;
        return len;
}

static ssize_t debugfs_timings_write(struct file *file, const char __user *buf,
                                     size_t len, loff_t *ppos)
{
        return -EACCES;
}

static const struct file_operations debugfs_timings_ops = {
        .owner   = THIS_MODULE,
        .open    = debugfs_timings_open,
        .release = debugfs_timings_release,
        .read    = debugfs_timings_read,
        .write   = debugfs_timings_write,
        .llseek  = generic_file_llseek,
};

/* Create a debugfs directory for the vcpu */
static void debugfs_vcpu_init(struct kvm_vcpu *vcpu, unsigned int id)
{
        char buf[16];
        struct kvm *kvm = vcpu->kvm;

        snprintf(buf, sizeof(buf), "vcpu%u", id);
        if (IS_ERR_OR_NULL(kvm->arch.debugfs_dir))
                return;
        vcpu->arch.debugfs_dir = debugfs_create_dir(buf, kvm->arch.debugfs_dir);
        if (IS_ERR_OR_NULL(vcpu->arch.debugfs_dir))
                return;
        vcpu->arch.debugfs_timings =
                debugfs_create_file("timings", 0444, vcpu->arch.debugfs_dir,
                                    vcpu, &debugfs_timings_ops);
}

#else /* CONFIG_KVM_BOOK3S_HV_EXIT_TIMING */
static void debugfs_vcpu_init(struct kvm_vcpu *vcpu, unsigned int id)
{
}
#endif /* CONFIG_KVM_BOOK3S_HV_EXIT_TIMING */

static struct kvm_vcpu *kvmppc_core_vcpu_create_hv(struct kvm *kvm,
                                                   unsigned int id)
{
        struct kvm_vcpu *vcpu;
        int err;
        int core;
        struct kvmppc_vcore *vcore;

        err = -ENOMEM;
        vcpu = kmem_cache_zalloc(kvm_vcpu_cache, GFP_KERNEL);
        if (!vcpu)
                goto out;

        err = kvm_vcpu_init(vcpu, kvm, id);
        if (err)
                goto free_vcpu;

        vcpu->arch.shared = &vcpu->arch.shregs;
#ifdef CONFIG_KVM_BOOK3S_PR_POSSIBLE
        /*
         * The shared struct is never shared on HV,
         * so we can always use host endianness
         */
#ifdef __BIG_ENDIAN__
        vcpu->arch.shared_big_endian = true;
#else
        vcpu->arch.shared_big_endian = false;
#endif
#endif
        vcpu->arch.mmcr[0] = MMCR0_FC;
        vcpu->arch.ctrl = CTRL_RUNLATCH;
        /* default to host PVR, since we can't spoof it */
        kvmppc_set_pvr_hv(vcpu, mfspr(SPRN_PVR));
        spin_lock_init(&vcpu->arch.vpa_update_lock);
        spin_lock_init(&vcpu->arch.tbacct_lock);
        vcpu->arch.busy_preempt = TB_NIL;
        vcpu->arch.intr_msr = MSR_SF | MSR_ME;

        /*
         * Set the default HFSCR for the guest from the host value.
         * This value is only used on POWER9.
         * On POWER9 DD1, TM doesn't work, so we make sure to
         * prevent the guest from using it.
         * On POWER9, we want to virtualize the doorbell facility, so we
         * turn off the HFSCR bit, which causes those instructions to trap.
         */
        vcpu->arch.hfscr = mfspr(SPRN_HFSCR);
        if (cpu_has_feature(CPU_FTR_P9_TM_HV_ASSIST))
                vcpu->arch.hfscr |= HFSCR_TM;
        else if (!cpu_has_feature(CPU_FTR_TM_COMP))
                vcpu->arch.hfscr &= ~HFSCR_TM;
        if (cpu_has_feature(CPU_FTR_ARCH_300))
                vcpu->arch.hfscr &= ~HFSCR_MSGP;

        kvmppc_mmu_book3s_hv_init(vcpu);

        vcpu->arch.state = KVMPPC_VCPU_NOTREADY;

        init_waitqueue_head(&vcpu->arch.cpu_run);

        mutex_lock(&kvm->lock);
        vcore = NULL;
        err = -EINVAL;
        core = id / kvm->arch.smt_mode;
        if (core < KVM_MAX_VCORES) {
                vcore = kvm->arch.vcores[core];
                if (!vcore) {
                        err = -ENOMEM;
                        vcore = kvmppc_vcore_create(kvm, core);
                        kvm->arch.vcores[core] = vcore;
                        kvm->arch.online_vcores++;
                }
        }
        mutex_unlock(&kvm->lock);

        if (!vcore)
                goto free_vcpu;

        spin_lock(&vcore->lock);
        ++vcore->num_threads;
        spin_unlock(&vcore->lock);
        vcpu->arch.vcore = vcore;
        vcpu->arch.ptid = vcpu->vcpu_id - vcore->first_vcpuid;
        vcpu->arch.thread_cpu = -1;
        vcpu->arch.prev_cpu = -1;

        vcpu->arch.cpu_type = KVM_CPU_3S_64;
        kvmppc_sanity_check(vcpu);

        debugfs_vcpu_init(vcpu, id);

        return vcpu;

free_vcpu:
        kmem_cache_free(kvm_vcpu_cache, vcpu);
out:
        return ERR_PTR(err);
}

static int kvmhv_set_smt_mode(struct kvm *kvm, unsigned long smt_mode,
                              unsigned long flags)
{
        int err;
        int esmt = 0;

        if (flags)
                return -EINVAL;
        if (smt_mode > MAX_SMT_THREADS || !is_power_of_2(smt_mode))
                return -EINVAL;
        if (!cpu_has_feature(CPU_FTR_ARCH_300)) {
                /*
                 * On POWER8 (or POWER7), the threading mode is "strict",
                 * so we pack smt_mode vcpus per vcore.
                 */
                if (smt_mode > threads_per_subcore)
                        return -EINVAL;
        } else {
                /*
                 * On POWER9, the threading mode is "loose",
                 * so each vcpu gets its own vcore.
                 */
                esmt = smt_mode;
                smt_mode = 1;
        }
        mutex_lock(&kvm->lock);
        err = -EBUSY;
        if (!kvm->arch.online_vcores) {
                kvm->arch.smt_mode = smt_mode;
                kvm->arch.emul_smt_mode = esmt;
                err = 0;
        }
        mutex_unlock(&kvm->lock);

        return err;
}

static void unpin_vpa(struct kvm *kvm, struct kvmppc_vpa *vpa)
{
        if (vpa->pinned_addr)
                kvmppc_unpin_guest_page(kvm, vpa->pinned_addr, vpa->gpa,
                                        vpa->dirty);
}

static void kvmppc_core_vcpu_free_hv(struct kvm_vcpu *vcpu)
{
        spin_lock(&vcpu->arch.vpa_update_lock);
        unpin_vpa(vcpu->kvm, &vcpu->arch.dtl);
        unpin_vpa(vcpu->kvm, &vcpu->arch.slb_shadow);
        unpin_vpa(vcpu->kvm, &vcpu->arch.vpa);
        spin_unlock(&vcpu->arch.vpa_update_lock);
        kvm_vcpu_uninit(vcpu);
        kmem_cache_free(kvm_vcpu_cache, vcpu);
}

static int kvmppc_core_check_requests_hv(struct kvm_vcpu *vcpu)
{
        /* Indicate we want to get back into the guest */
        return 1;
}

static void kvmppc_set_timer(struct kvm_vcpu *vcpu)
{
        unsigned long dec_nsec, now;

        now = get_tb();
        if (now > vcpu->arch.dec_expires) {
                /* decrementer has already gone negative */
                kvmppc_core_queue_dec(vcpu);
                kvmppc_core_prepare_to_enter(vcpu);
                return;
        }
        dec_nsec = (vcpu->arch.dec_expires - now) * NSEC_PER_SEC
                   / tb_ticks_per_sec;
        hrtimer_start(&vcpu->arch.dec_timer, dec_nsec, HRTIMER_MODE_REL);
        vcpu->arch.timer_running = 1;
}

static void kvmppc_end_cede(struct kvm_vcpu *vcpu)
{
        vcpu->arch.ceded = 0;
        if (vcpu->arch.timer_running) {
                hrtimer_try_to_cancel(&vcpu->arch.dec_timer);
                vcpu->arch.timer_running = 0;
        }
}

extern int __kvmppc_vcore_entry(void);

static void kvmppc_remove_runnable(struct kvmppc_vcore *vc,
                                   struct kvm_vcpu *vcpu)
{
        u64 now;

        if (vcpu->arch.state != KVMPPC_VCPU_RUNNABLE)
                return;
        spin_lock_irq(&vcpu->arch.tbacct_lock);
        now = mftb();
        vcpu->arch.busy_stolen += vcore_stolen_time(vc, now) -
                vcpu->arch.stolen_logged;
        vcpu->arch.busy_preempt = now;
        vcpu->arch.state = KVMPPC_VCPU_BUSY_IN_HOST;
        spin_unlock_irq(&vcpu->arch.tbacct_lock);
        --vc->n_runnable;
        WRITE_ONCE(vc->runnable_threads[vcpu->arch.ptid], NULL);
}

static int kvmppc_grab_hwthread(int cpu)
{
        struct paca_struct *tpaca;
        long timeout = 10000;

        tpaca = paca_ptrs[cpu];

        /* Ensure the thread won't go into the kernel if it wakes */
        tpaca->kvm_hstate.kvm_vcpu = NULL;
        tpaca->kvm_hstate.kvm_vcore = NULL;
        tpaca->kvm_hstate.napping = 0;
        smp_wmb();
        tpaca->kvm_hstate.hwthread_req = 1;

        /*
         * If the thread is already executing in the kernel (e.g. handling
         * a stray interrupt), wait for it to get back to nap mode.
         * The smp_mb() is to ensure that our setting of hwthread_req
         * is visible before we look at hwthread_state, so if this
         * races with the code at system_reset_pSeries and the thread
         * misses our setting of hwthread_req, we are sure to see its
         * setting of hwthread_state, and vice versa.
         */
        smp_mb();
        while (tpaca->kvm_hstate.hwthread_state == KVM_HWTHREAD_IN_KERNEL) {
                if (--timeout <= 0) {
                        pr_err("KVM: couldn't grab cpu %d\n", cpu);
                        return -EBUSY;
                }
                udelay(1);
        }
        return 0;
}

static void kvmppc_release_hwthread(int cpu)
{
        struct paca_struct *tpaca;

        tpaca = paca_ptrs[cpu];
        tpaca->kvm_hstate.hwthread_req = 0;
        tpaca->kvm_hstate.kvm_vcpu = NULL;
        tpaca->kvm_hstate.kvm_vcore = NULL;
        tpaca->kvm_hstate.kvm_split_mode = NULL;
}

static void radix_flush_cpu(struct kvm *kvm, int cpu, struct kvm_vcpu *vcpu)
{
        int i;

        cpu = cpu_first_thread_sibling(cpu);
        cpumask_set_cpu(cpu, &kvm->arch.need_tlb_flush);
        /*
         * Make sure setting of bit in need_tlb_flush precedes
         * testing of cpu_in_guest bits.  The matching barrier on
         * the other side is the first smp_mb() in kvmppc_run_core().
         */
        smp_mb();
        for (i = 0; i < threads_per_core; ++i)
                if (cpumask_test_cpu(cpu + i, &kvm->arch.cpu_in_guest))
                        smp_call_function_single(cpu + i, do_nothing, NULL, 1);
}

static void kvmppc_prepare_radix_vcpu(struct kvm_vcpu *vcpu, int pcpu)
{
        struct kvm *kvm = vcpu->kvm;

        /*
         * With radix, the guest can do TLB invalidations itself,
         * and it could choose to use the local form (tlbiel) if
         * it is invalidating a translation that has only ever been
         * used on one vcpu.  However, that doesn't mean it has
         * only ever been used on one physical cpu, since vcpus
         * can move around between pcpus.  To cope with this, when
         * a vcpu moves from one pcpu to another, we need to tell
         * any vcpus running on the same core as this vcpu previously
         * ran to flush the TLB.  The TLB is shared between threads,
         * so we use a single bit in .need_tlb_flush for all 4 threads.
         */
        if (vcpu->arch.prev_cpu != pcpu) {
                if (vcpu->arch.prev_cpu >= 0 &&
                    cpu_first_thread_sibling(vcpu->arch.prev_cpu) !=
                    cpu_first_thread_sibling(pcpu))
                        radix_flush_cpu(kvm, vcpu->arch.prev_cpu, vcpu);
                vcpu->arch.prev_cpu = pcpu;
        }
}

static void kvmppc_start_thread(struct kvm_vcpu *vcpu, struct kvmppc_vcore *vc)
{
        int cpu;
        struct paca_struct *tpaca;
        struct kvm *kvm = vc->kvm;

        cpu = vc->pcpu;
        if (vcpu) {
                if (vcpu->arch.timer_running) {
                        hrtimer_try_to_cancel(&vcpu->arch.dec_timer);
                        vcpu->arch.timer_running = 0;
                }
                cpu += vcpu->arch.ptid;
                vcpu->cpu = vc->pcpu;
                vcpu->arch.thread_cpu = cpu;
                cpumask_set_cpu(cpu, &kvm->arch.cpu_in_guest);
        }
        tpaca = paca_ptrs[cpu];
        tpaca->kvm_hstate.kvm_vcpu = vcpu;
        tpaca->kvm_hstate.ptid = cpu - vc->pcpu;
        tpaca->kvm_hstate.fake_suspend = 0;
        /* Order stores to hstate.kvm_vcpu etc. before store to kvm_vcore */
        smp_wmb();
        tpaca->kvm_hstate.kvm_vcore = vc;
        if (cpu != smp_processor_id())
                kvmppc_ipi_thread(cpu);
}

static void kvmppc_wait_for_nap(int n_threads)
{
        int cpu = smp_processor_id();
        int i, loops;

        if (n_threads <= 1)
                return;
        for (loops = 0; loops < 1000000; ++loops) {
                /*
                 * Check if all threads are finished.
                 * We set the vcore pointer when starting a thread
                 * and the thread clears it when finished, so we look
                 * for any threads that still have a non-NULL vcore ptr.
                 */
                for (i = 1; i < n_threads; ++i)
                        if (paca_ptrs[cpu + i]->kvm_hstate.kvm_vcore)
                                break;
                if (i == n_threads) {
                        HMT_medium();
                        return;
                }
                HMT_low();
        }
        HMT_medium();
        for (i = 1; i < n_threads; ++i)
                if (paca_ptrs[cpu + i]->kvm_hstate.kvm_vcore)
                        pr_err("KVM: CPU %d seems to be stuck\n", cpu + i);
}

/*
 * Check that we are on thread 0 and that any other threads in
 * this core are off-line.  Then grab the threads so they can't
 * enter the kernel.
 */
static int on_primary_thread(void)
{
        int cpu = smp_processor_id();
        int thr;

        /* Are we on a primary subcore? */
        if (cpu_thread_in_subcore(cpu))
                return 0;

        thr = 0;
        while (++thr < threads_per_subcore)
                if (cpu_online(cpu + thr))
                        return 0;

        /* Grab all hw threads so they can't go into the kernel */
        for (thr = 1; thr < threads_per_subcore; ++thr) {
                if (kvmppc_grab_hwthread(cpu + thr)) {
                        /* Couldn't grab one; let the others go */
                        do {
                                kvmppc_release_hwthread(cpu + thr);
                        } while (--thr > 0);
                        return 0;
                }
        }
        return 1;
}

/*
 * A list of virtual cores for each physical CPU.
 * These are vcores that could run but their runner VCPU tasks are
 * (or may be) preempted.
 */
struct preempted_vcore_list {
        struct list_head        list;
        spinlock_t              lock;
};

static DEFINE_PER_CPU(struct preempted_vcore_list, preempted_vcores);

static void init_vcore_lists(void)
{
        int cpu;

        for_each_possible_cpu(cpu) {
                struct preempted_vcore_list *lp = &per_cpu(preempted_vcores, cpu);
                spin_lock_init(&lp->lock);
                INIT_LIST_HEAD(&lp->list);
        }
}

static void kvmppc_vcore_preempt(struct kvmppc_vcore *vc)
{
        struct preempted_vcore_list *lp = this_cpu_ptr(&preempted_vcores);

        vc->vcore_state = VCORE_PREEMPT;
        vc->pcpu = smp_processor_id();
        if (vc->num_threads < threads_per_vcore(vc->kvm)) {
                spin_lock(&lp->lock);
                list_add_tail(&vc->preempt_list, &lp->list);
                spin_unlock(&lp->lock);
        }

        /* Start accumulating stolen time */
        kvmppc_core_start_stolen(vc);
}

static void kvmppc_vcore_end_preempt(struct kvmppc_vcore *vc)
{
        struct preempted_vcore_list *lp;

        kvmppc_core_end_stolen(vc);
        if (!list_empty(&vc->preempt_list)) {
                lp = &per_cpu(preempted_vcores, vc->pcpu);
                spin_lock(&lp->lock);
                list_del_init(&vc->preempt_list);
                spin_unlock(&lp->lock);
        }
        vc->vcore_state = VCORE_INACTIVE;
}

/*
 * This stores information about the virtual cores currently
 * assigned to a physical core.
 */
struct core_info {
        int             n_subcores;
        int             max_subcore_threads;
        int             total_threads;
        int             subcore_threads[MAX_SUBCORES];
        struct kvmppc_vcore *vc[MAX_SUBCORES];
};

/*
 * This mapping means subcores 0 and 1 can use threads 0-3 and 4-7
 * respectively in 2-way micro-threading (split-core) mode on POWER8.
 */
static int subcore_thread_map[MAX_SUBCORES] = { 0, 4, 2, 6 };

static void init_core_info(struct core_info *cip, struct kvmppc_vcore *vc)
{
        memset(cip, 0, sizeof(*cip));
        cip->n_subcores = 1;
        cip->max_subcore_threads = vc->num_threads;
        cip->total_threads = vc->num_threads;
        cip->subcore_threads[0] = vc->num_threads;
        cip->vc[0] = vc;
}

static bool subcore_config_ok(int n_subcores, int n_threads)
{
        /*
         * POWER9 "SMT4" cores are permanently in what is effectively a 4-way
         * split-core mode, with one thread per subcore.
         */
        if (cpu_has_feature(CPU_FTR_ARCH_300))
                return n_subcores <= 4 && n_threads == 1;

        /* On POWER8, can only dynamically split if unsplit to begin with */
        if (n_subcores > 1 && threads_per_subcore < MAX_SMT_THREADS)
                return false;
        if (n_subcores > MAX_SUBCORES)
                return false;
        if (n_subcores > 1) {
                if (!(dynamic_mt_modes & 2))
                        n_subcores = 4;
                if (n_subcores > 2 && !(dynamic_mt_modes & 4))
                        return false;
        }

        return n_subcores * roundup_pow_of_two(n_threads) <= MAX_SMT_THREADS;
}

static void init_vcore_to_run(struct kvmppc_vcore *vc)
{
        vc->entry_exit_map = 0;
        vc->in_guest = 0;
        vc->napping_threads = 0;
        vc->conferring_threads = 0;
        vc->tb_offset_applied = 0;
}

static bool can_dynamic_split(struct kvmppc_vcore *vc, struct core_info *cip)
{
        int n_threads = vc->num_threads;
        int sub;

        if (!cpu_has_feature(CPU_FTR_ARCH_207S))
                return false;

        /* Some POWER9 chips require all threads to be in the same MMU mode */
        if (no_mixing_hpt_and_radix &&
            kvm_is_radix(vc->kvm) != kvm_is_radix(cip->vc[0]->kvm))
                return false;

        if (n_threads < cip->max_subcore_threads)
                n_threads = cip->max_subcore_threads;
        if (!subcore_config_ok(cip->n_subcores + 1, n_threads))
                return false;
        cip->max_subcore_threads = n_threads;

        sub = cip->n_subcores;
        ++cip->n_subcores;
        cip->total_threads += vc->num_threads;
        cip->subcore_threads[sub] = vc->num_threads;
        cip->vc[sub] = vc;
        init_vcore_to_run(vc);
        list_del_init(&vc->preempt_list);

        return true;
}

/*
 * Work out whether it is possible to piggyback the execution of
 * vcore *pvc onto the execution of the other vcores described in *cip.
 */
static bool can_piggyback(struct kvmppc_vcore *pvc, struct core_info *cip,
                          int target_threads)
{
        if (cip->total_threads + pvc->num_threads > target_threads)
                return false;

        return can_dynamic_split(pvc, cip);
}

static void prepare_threads(struct kvmppc_vcore *vc)
{
        int i;
        struct kvm_vcpu *vcpu;

        for_each_runnable_thread(i, vcpu, vc) {
                if (signal_pending(vcpu->arch.run_task))
                        vcpu->arch.ret = -EINTR;
                else if (vcpu->arch.vpa.update_pending ||
                         vcpu->arch.slb_shadow.update_pending ||
                         vcpu->arch.dtl.update_pending)
                        vcpu->arch.ret = RESUME_GUEST;
                else
                        continue;
                kvmppc_remove_runnable(vc, vcpu);
                wake_up(&vcpu->arch.cpu_run);
        }
}

static void collect_piggybacks(struct core_info *cip, int target_threads)
{
        struct preempted_vcore_list *lp = this_cpu_ptr(&preempted_vcores);
        struct kvmppc_vcore *pvc, *vcnext;

        spin_lock(&lp->lock);
        list_for_each_entry_safe(pvc, vcnext, &lp->list, preempt_list) {
                if (!spin_trylock(&pvc->lock))
                        continue;
                prepare_threads(pvc);
                if (!pvc->n_runnable) {
                        list_del_init(&pvc->preempt_list);
                        if (pvc->runner == NULL) {
                                pvc->vcore_state = VCORE_INACTIVE;
                                kvmppc_core_end_stolen(pvc);
                        }
                        spin_unlock(&pvc->lock);
                        continue;
                }
                if (!can_piggyback(pvc, cip, target_threads)) {
                        spin_unlock(&pvc->lock);
                        continue;
                }
                kvmppc_core_end_stolen(pvc);
                pvc->vcore_state = VCORE_PIGGYBACK;
                if (cip->total_threads >= target_threads)
                        break;
        }
        spin_unlock(&lp->lock);
}

static bool recheck_signals(struct core_info *cip)
{
        int sub, i;
        struct kvm_vcpu *vcpu;

        for (sub = 0; sub < cip->n_subcores; ++sub)
                for_each_runnable_thread(i, vcpu, cip->vc[sub])
                        if (signal_pending(vcpu->arch.run_task))
                                return true;
        return false;
}

static void post_guest_process(struct kvmppc_vcore *vc, bool is_master)
{
        int still_running = 0, i;
        u64 now;
        long ret;
        struct kvm_vcpu *vcpu;

        spin_lock(&vc->lock);
        now = get_tb();
        for_each_runnable_thread(i, vcpu, vc) {
                /* cancel pending dec exception if dec is positive */
                if (now < vcpu->arch.dec_expires &&
                    kvmppc_core_pending_dec(vcpu))
                        kvmppc_core_dequeue_dec(vcpu);

                trace_kvm_guest_exit(vcpu);

                ret = RESUME_GUEST;
                if (vcpu->arch.trap)
                        ret = kvmppc_handle_exit_hv(vcpu->arch.kvm_run, vcpu,
                                                    vcpu->arch.run_task);

                vcpu->arch.ret = ret;
                vcpu->arch.trap = 0;

                if (is_kvmppc_resume_guest(vcpu->arch.ret)) {
                        if (vcpu->arch.pending_exceptions)
                                kvmppc_core_prepare_to_enter(vcpu);
                        if (vcpu->arch.ceded)
                                kvmppc_set_timer(vcpu);
                        else
                                ++still_running;
                } else {
                        kvmppc_remove_runnable(vc, vcpu);
                        wake_up(&vcpu->arch.cpu_run);
                }
        }
        if (!is_master) {
                if (still_running > 0) {
                        kvmppc_vcore_preempt(vc);
                } else if (vc->runner) {
                        vc->vcore_state = VCORE_PREEMPT;
                        kvmppc_core_start_stolen(vc);
                } else {
                        vc->vcore_state = VCORE_INACTIVE;
                }
                if (vc->n_runnable > 0 && vc->runner == NULL) {
                        /* make sure there's a candidate runner awake */
                        i = -1;
                        vcpu = next_runnable_thread(vc, &i);
                        wake_up(&vcpu->arch.cpu_run);
                }
        }
        spin_unlock(&vc->lock);
}

/*
 * Clear core from the list of active host cores as we are about to
 * enter the guest. Only do this if it is the primary thread of the
 * core (not if a subcore) that is entering the guest.
 */
static inline int kvmppc_clear_host_core(unsigned int cpu)
{
        int core;

        if (!kvmppc_host_rm_ops_hv || cpu_thread_in_core(cpu))
                return 0;
        /*
         * Memory barrier can be omitted here as we will do a smp_wmb()
         * later in kvmppc_start_thread and we need ensure that state is
         * visible to other CPUs only after we enter guest.
         */
        core = cpu >> threads_shift;
        kvmppc_host_rm_ops_hv->rm_core[core].rm_state.in_host = 0;
        return 0;
}

/*
 * Advertise this core as an active host core since we exited the guest
 * Only need to do this if it is the primary thread of the core that is
 * exiting.
 */
static inline int kvmppc_set_host_core(unsigned int cpu)
{
        int core;

        if (!kvmppc_host_rm_ops_hv || cpu_thread_in_core(cpu))
                return 0;

        /*
         * Memory barrier can be omitted here because we do a spin_unlock
         * immediately after this which provides the memory barrier.
         */
        core = cpu >> threads_shift;
        kvmppc_host_rm_ops_hv->rm_core[core].rm_state.in_host = 1;
        return 0;
}

static void set_irq_happened(int trap)
{
        switch (trap) {
        case BOOK3S_INTERRUPT_EXTERNAL:
                local_paca->irq_happened |= PACA_IRQ_EE;
                break;
        case BOOK3S_INTERRUPT_H_DOORBELL:
                local_paca->irq_happened |= PACA_IRQ_DBELL;
                break;
        case BOOK3S_INTERRUPT_HMI:
                local_paca->irq_happened |= PACA_IRQ_HMI;
                break;
        case BOOK3S_INTERRUPT_SYSTEM_RESET:
                replay_system_reset();
                break;
        }
}

/*
 * Run a set of guest threads on a physical core.
 * Called with vc->lock held.
 */
static noinline void kvmppc_run_core(struct kvmppc_vcore *vc)
{
        struct kvm_vcpu *vcpu;
        int i;
        int srcu_idx;
        struct core_info core_info;
        struct kvmppc_vcore *pvc;
        struct kvm_split_mode split_info, *sip;
        int split, subcore_size, active;
        int sub;
        bool thr0_done;
        unsigned long cmd_bit, stat_bit;
        int pcpu, thr;
        int target_threads;
        int controlled_threads;
        int trap;
        bool is_power8;
        bool hpt_on_radix;

        /*
         * Remove from the list any threads that have a signal pending
         * or need a VPA update done
         */
        prepare_threads(vc);

        /* if the runner is no longer runnable, let the caller pick a new one */
        if (vc->runner->arch.state != KVMPPC_VCPU_RUNNABLE)
                return;

        /*
         * Initialize *vc.
         */
        init_vcore_to_run(vc);
        vc->preempt_tb = TB_NIL;

        /*
         * Number of threads that we will be controlling: the same as
         * the number of threads per subcore, except on POWER9,
         * where it's 1 because the threads are (mostly) independent.
         */
        controlled_threads = threads_per_vcore(vc->kvm);

        /*
         * Make sure we are running on primary threads, and that secondary
         * threads are offline.  Also check if the number of threads in this
         * guest are greater than the current system threads per guest.
         * On POWER9, we need to be not in independent-threads mode if
         * this is a HPT guest on a radix host machine where the
         * CPU threads may not be in different MMU modes.
         */
        hpt_on_radix = no_mixing_hpt_and_radix && radix_enabled() &&
                !kvm_is_radix(vc->kvm);
        if (((controlled_threads > 1) &&
             ((vc->num_threads > threads_per_subcore) || !on_primary_thread())) ||
            (hpt_on_radix && vc->kvm->arch.threads_indep)) {
                for_each_runnable_thread(i, vcpu, vc) {
                        vcpu->arch.ret = -EBUSY;
                        kvmppc_remove_runnable(vc, vcpu);
                        wake_up(&vcpu->arch.cpu_run);
                }
                goto out;
        }

        /*
         * See if we could run any other vcores on the physical core
         * along with this one.
         */
        init_core_info(&core_info, vc);
        pcpu = smp_processor_id();
        target_threads = controlled_threads;
        if (target_smt_mode && target_smt_mode < target_threads)
                target_threads = target_smt_mode;
        if (vc->num_threads < target_threads)
                collect_piggybacks(&core_info, target_threads);

        /*
         * On radix, arrange for TLB flushing if necessary.
         * This has to be done before disabling interrupts since
         * it uses smp_call_function().
         */
        pcpu = smp_processor_id();
        if (kvm_is_radix(vc->kvm)) {
                for (sub = 0; sub < core_info.n_subcores; ++sub)
                        for_each_runnable_thread(i, vcpu, core_info.vc[sub])
                                kvmppc_prepare_radix_vcpu(vcpu, pcpu);
        }

        /*
         * Hard-disable interrupts, and check resched flag and signals.
         * If we need to reschedule or deliver a signal, clean up
         * and return without going into the guest(s).
         * If the mmu_ready flag has been cleared, don't go into the
         * guest because that means a HPT resize operation is in progress.
         */
        local_irq_disable();
        hard_irq_disable();
        if (lazy_irq_pending() || need_resched() ||
            recheck_signals(&core_info) || !vc->kvm->arch.mmu_ready) {
                local_irq_enable();
                vc->vcore_state = VCORE_INACTIVE;
                /* Unlock all except the primary vcore */
                for (sub = 1; sub < core_info.n_subcores; ++sub) {
                        pvc = core_info.vc[sub];
                        /* Put back on to the preempted vcores list */
                        kvmppc_vcore_preempt(pvc);
                        spin_unlock(&pvc->lock);
                }
                for (i = 0; i < controlled_threads; ++i)
                        kvmppc_release_hwthread(pcpu + i);
                return;
        }

        kvmppc_clear_host_core(pcpu);

        /* Decide on micro-threading (split-core) mode */
        subcore_size = threads_per_subcore;
        cmd_bit = stat_bit = 0;
        split = core_info.n_subcores;
        sip = NULL;
        is_power8 = cpu_has_feature(CPU_FTR_ARCH_207S)
                && !cpu_has_feature(CPU_FTR_ARCH_300);

        if (split > 1 || hpt_on_radix) {
                sip = &split_info;
                memset(&split_info, 0, sizeof(split_info));
                for (sub = 0; sub < core_info.n_subcores; ++sub)
                        split_info.vc[sub] = core_info.vc[sub];

                if (is_power8) {
                        if (split == 2 && (dynamic_mt_modes & 2)) {
                                cmd_bit = HID0_POWER8_1TO2LPAR;
                                stat_bit = HID0_POWER8_2LPARMODE;
                        } else {
                                split = 4;
                                cmd_bit = HID0_POWER8_1TO4LPAR;
                                stat_bit = HID0_POWER8_4LPARMODE;
                        }
                        subcore_size = MAX_SMT_THREADS / split;
                        split_info.rpr = mfspr(SPRN_RPR);
                        split_info.pmmar = mfspr(SPRN_PMMAR);
                        split_info.ldbar = mfspr(SPRN_LDBAR);
                        split_info.subcore_size = subcore_size;
                } else {
                        split_info.subcore_size = 1;
                        if (hpt_on_radix) {
                                /* Use the split_info for LPCR/LPIDR changes */
                                split_info.lpcr_req = vc->lpcr;
                                split_info.lpidr_req = vc->kvm->arch.lpid;
                                split_info.host_lpcr = vc->kvm->arch.host_lpcr;
                                split_info.do_set = 1;
                        }
                }

                /* order writes to split_info before kvm_split_mode pointer */
                smp_wmb();
        }

        for (thr = 0; thr < controlled_threads; ++thr) {
                struct paca_struct *paca = paca_ptrs[pcpu + thr];

                paca->kvm_hstate.tid = thr;
                paca->kvm_hstate.napping = 0;
                paca->kvm_hstate.kvm_split_mode = sip;
        }

        /* Initiate micro-threading (split-core) on POWER8 if required */
        if (cmd_bit) {
                unsigned long hid0 = mfspr(SPRN_HID0);

                hid0 |= cmd_bit | HID0_POWER8_DYNLPARDIS;
                mb();
                mtspr(SPRN_HID0, hid0);
                isync();
                for (;;) {
                        hid0 = mfspr(SPRN_HID0);
                        if (hid0 & stat_bit)
                                break;
                        cpu_relax();
                }
        }

        /*
         * On POWER8, set RWMR register.
         * Since it only affects PURR and SPURR, it doesn't affect
         * the host, so we don't save/restore the host value.
         */
        if (is_power8) {
                unsigned long rwmr_val = RWMR_RPA_P8_8THREAD;
                int n_online = atomic_read(&vc->online_count);

                /*
                 * Use the 8-thread value if we're doing split-core
                 * or if the vcore's online count looks bogus.
                 */
                if (split == 1 && threads_per_subcore == MAX_SMT_THREADS &&
                    n_online >= 1 && n_online <= MAX_SMT_THREADS)
                        rwmr_val = p8_rwmr_values[n_online];
                mtspr(SPRN_RWMR, rwmr_val);
        }

        /* Start all the threads */
        active = 0;
        for (sub = 0; sub < core_info.n_subcores; ++sub) {
                thr = is_power8 ? subcore_thread_map[sub] : sub;
                thr0_done = false;
                active |= 1 << thr;
                pvc = core_info.vc[sub];
                pvc->pcpu = pcpu + thr;
                for_each_runnable_thread(i, vcpu, pvc) {
                        kvmppc_start_thread(vcpu, pvc);
                        kvmppc_create_dtl_entry(vcpu, pvc);
                        trace_kvm_guest_enter(vcpu);
                        if (!vcpu->arch.ptid)
                                thr0_done = true;
                        active |= 1 << (thr + vcpu->arch.ptid);
                }
                /*
                 * We need to start the first thread of each subcore
                 * even if it doesn't have a vcpu.
                 */
                if (!thr0_done)
                        kvmppc_start_thread(NULL, pvc);
        }

        /*
         * Ensure that split_info.do_nap is set after setting
         * the vcore pointer in the PACA of the secondaries.
         */
        smp_mb();

        /*
         * When doing micro-threading, poke the inactive threads as well.
         * This gets them to the nap instruction after kvm_do_nap,
         * which reduces the time taken to unsplit later.
         * For POWER9 HPT guest on radix host, we need all the secondary
         * threads woken up so they can do the LPCR/LPIDR change.
         */
        if (cmd_bit || hpt_on_radix) {
                split_info.do_nap = 1;  /* ask secondaries to nap when done */
                for (thr = 1; thr < threads_per_subcore; ++thr)
                        if (!(active & (1 << thr)))
                                kvmppc_ipi_thread(pcpu + thr);
        }

        vc->vcore_state = VCORE_RUNNING;
        preempt_disable();

        trace_kvmppc_run_core(vc, 0);

        for (sub = 0; sub < core_info.n_subcores; ++sub)
                spin_unlock(&core_info.vc[sub]->lock);

        if (kvm_is_radix(vc->kvm)) {
                int tmp = pcpu;

                /*
                 * Do we need to flush the process scoped TLB for the LPAR?
                 *
                 * On POWER9, individual threads can come in here, but the
                 * TLB is shared between the 4 threads in a core, hence
                 * invalidating on one thread invalidates for all.
                 * Thus we make all 4 threads use the same bit here.
                 *
                 * Hash must be flushed in realmode in order to use tlbiel.
                 */
                mtspr(SPRN_LPID, vc->kvm->arch.lpid);
                isync();

                if (cpu_has_feature(CPU_FTR_ARCH_300))
                        tmp &= ~0x3UL;

                if (cpumask_test_cpu(tmp, &vc->kvm->arch.need_tlb_flush)) {
                        radix__local_flush_tlb_lpid_guest(vc->kvm->arch.lpid);
                        /* Clear the bit after the TLB flush */
                        cpumask_clear_cpu(tmp, &vc->kvm->arch.need_tlb_flush);
                }
        }

        /*
         * Interrupts will be enabled once we get into the guest,
         * so tell lockdep that we're about to enable interrupts.
         */
        trace_hardirqs_on();

        guest_enter_irqoff();

        srcu_idx = srcu_read_lock(&vc->kvm->srcu);

        this_cpu_disable_ftrace();

        trap = __kvmppc_vcore_entry();