Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM updates from Paolo Bonzini:

 - ARM: GICv3 ITS emulation and various fixes.  Removal of the
   old VGIC implementation.

 - s390: support for trapping software breakpoints, nested
   virtualization (vSIE), the STHYI opcode, initial extensions
   for CPU model support.

 - MIPS: support for MIPS64 hosts (32-bit guests only) and lots
   of cleanups, preliminary to this and the upcoming support for
   hardware virtualization extensions.

 - x86: support for execute-only mappings in nested EPT; reduced
   vmexit latency for TSC deadline timer (by about 30%) on Intel
   hosts; support for more than 255 vCPUs.

 - PPC: bugfixes.

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (302 commits)
  KVM: PPC: Introduce KVM_CAP_PPC_HTM
  MIPS: Select HAVE_KVM for MIPS64_R{2,6}
  MIPS: KVM: Reset CP0_PageMask during host TLB flush
  MIPS: KVM: Fix ptr->int cast via KVM_GUEST_KSEGX()
  MIPS: KVM: Sign extend MFC0/RDHWR results
  MIPS: KVM: Fix 64-bit big endian dynamic translation
  MIPS: KVM: Fail if ebase doesn't fit in CP0_EBase
  MIPS: KVM: Use 64-bit CP0_EBase when appropriate
  MIPS: KVM: Set CP0_Status.KX on MIPS64
  MIPS: KVM: Make entry code MIPS64 friendly
  MIPS: KVM: Use kmap instead of CKSEG0ADDR()
  MIPS: KVM: Use virt_to_phys() to get commpage PFN
  MIPS: Fix definition of KSEGX() for 64-bit
  KVM: VMX: Add VMCS to CPU's loaded VMCSs before VMPTRLD
  kvm: x86: nVMX: maintain internal copy of current VMCS
  KVM: PPC: Book3S HV: Save/restore TM state in H_CEDE
  KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures
  KVM: arm64: vgic-its: Simplify MAPI error handling
  KVM: arm64: vgic-its: Make vgic_its_cmd_handle_mapi similar to other handlers
  KVM: arm64: vgic-its: Turn device_id validation into generic ID validation
  ...

16 files changed, 670 insertions, 228 deletions

diff --git a/arch/powerpc/include/asm/hmi.h b/arch/powerpc/include/asm/hmi.h
new file mode 100644
index 000000000000..88b4901ac4ee
--- /dev/null
+++ b/arch/powerpc/include/asm/hmi.h
@@ -0,0 +1,45 @@
+/*
+ * Hypervisor Maintenance Interrupt header file.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.
+ *
+ * Copyright 2015 IBM Corporation
+ * Author: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
+ */
+
+#ifndef __ASM_PPC64_HMI_H__
+#define __ASM_PPC64_HMI_H__
+
+#ifdef CONFIG_PPC_BOOK3S_64
+
+#define CORE_TB_RESYNC_REQ_BIT          63
+#define MAX_SUBCORE_PER_CORE            4
+
+/*
+ * sibling_subcore_state structure is used to co-ordinate all threads
+ * during HMI to avoid TB corruption. This structure is allocated once
+ * per each core and shared by all threads on that core.
+ */
+struct sibling_subcore_state {
+        unsigned long   flags;
+        u8              in_guest[MAX_SUBCORE_PER_CORE];
+};
+
+extern void wait_for_subcore_guest_exit(void);
+extern void wait_for_tb_resync(void);
+#else
+static inline void wait_for_subcore_guest_exit(void) { }
+static inline void wait_for_tb_resync(void) { }
+#endif
+#endif /* __ASM_PPC64_HMI_H__ */
diff --git a/arch/powerpc/include/asm/paca.h b/arch/powerpc/include/asm/paca.h
index ad171e979ab0..148303e7771f 100644
--- a/arch/powerpc/include/asm/paca.h
+++ b/arch/powerpc/include/asm/paca.h
@@ -26,6 +26,7 @@
 #include <asm/kvm_book3s_asm.h>
 #endif
 #include <asm/accounting.h>
+#include <asm/hmi.h>
 
 register struct paca_struct *local_paca asm("r13");
 
@@ -182,6 +183,11 @@ struct paca_struct {
          */
         u16 in_mce;
         u8 hmi_event_available;          /* HMI event is available */
+        /*
+         * Bitmap for sibling subcore status. See kvm/book3s_hv_ras.c for
+         * more details
+         */
+        struct sibling_subcore_state *sibling_subcore_state;
 #endif
 
         /* Stuff for accurate time accounting */
diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
index fe4c075bcf50..b2027a5cf508 100644
--- a/arch/powerpc/kernel/Makefile
+++ b/arch/powerpc/kernel/Makefile
@@ -41,7 +41,7 @@ obj-$(CONFIG_VDSO32)		+= vdso32/
 obj-$(CONFIG_HAVE_HW_BREAKPOINT)        += hw_breakpoint.o
 obj-$(CONFIG_PPC_BOOK3S_64)     += cpu_setup_ppc970.o cpu_setup_pa6t.o
 obj-$(CONFIG_PPC_BOOK3S_64)     += cpu_setup_power.o
-obj-$(CONFIG_PPC_BOOK3S_64)     += mce.o mce_power.o
+obj-$(CONFIG_PPC_BOOK3S_64)     += mce.o mce_power.o hmi.o
 obj-$(CONFIG_PPC_BOOK3E_64)     += exceptions-64e.o idle_book3e.o
 obj-$(CONFIG_PPC64)             += vdso64/
 obj-$(CONFIG_ALTIVEC)           += vecemu.o
diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S
index 6200e4925d26..694def6c9d61 100644
--- a/arch/powerpc/kernel/exceptions-64s.S
+++ b/arch/powerpc/kernel/exceptions-64s.S
@@ -671,6 +671,8 @@ BEGIN_FTR_SECTION
         beq     h_doorbell_common
         cmpwi   r3,0xea0
         beq     h_virt_irq_common
+        cmpwi   r3,0xe60
+        beq     hmi_exception_common
 FTR_SECTION_ELSE
         cmpwi   r3,0xa00
         beq     doorbell_super_common
@@ -1172,7 +1174,7 @@ fwnmi_data_area:
 
         .globl hmi_exception_early
 hmi_exception_early:
-        EXCEPTION_PROLOG_1(PACA_EXGEN, NOTEST, 0xe60)
+        EXCEPTION_PROLOG_1(PACA_EXGEN, KVMTEST, 0xe62)
         mr      r10,r1                  /* Save r1                      */
         ld      r1,PACAEMERGSP(r13)     /* Use emergency stack          */
         subi    r1,r1,INT_FRAME_SIZE    /* alloc stack frame            */
diff --git a/arch/powerpc/kernel/hmi.c b/arch/powerpc/kernel/hmi.c
new file mode 100644
index 000000000000..e3f738eb1cac
--- /dev/null
+++ b/arch/powerpc/kernel/hmi.c
@@ -0,0 +1,56 @@
+/*
+ * Hypervisor Maintenance Interrupt (HMI) handling.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.
+ *
+ * Copyright 2015 IBM Corporation
+ * Author: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
+ */
+
+#undef DEBUG
+
+#include <linux/types.h>
+#include <linux/compiler.h>
+#include <asm/paca.h>
+#include <asm/hmi.h>
+
+void wait_for_subcore_guest_exit(void)
+{
+        int i;
+
+        /*
+         * NULL bitmap pointer indicates that KVM module hasn't
+         * been loaded yet and hence no guests are running.
+         * If no KVM is in use, no need to co-ordinate among threads
+         * as all of them will always be in host and no one is going
+         * to modify TB other than the opal hmi handler.
+         * Hence, just return from here.
+         */
+        if (!local_paca->sibling_subcore_state)
+                return;
+
+        for (i = 0; i < MAX_SUBCORE_PER_CORE; i++)
+                while (local_paca->sibling_subcore_state->in_guest[i])
+                        cpu_relax();
+}
+
+void wait_for_tb_resync(void)
+{
+        if (!local_paca->sibling_subcore_state)
+                return;
+
+        while (test_bit(CORE_TB_RESYNC_REQ_BIT,
+                                &local_paca->sibling_subcore_state->flags))
+                cpu_relax();
+}
diff --git a/arch/powerpc/kernel/idle_book3s.S b/arch/powerpc/kernel/idle_book3s.S
index 335eb6cedae5..8a56a51fc0cb 100644
--- a/arch/powerpc/kernel/idle_book3s.S
+++ b/arch/powerpc/kernel/idle_book3s.S
@@ -336,7 +336,9 @@ ALT_FTR_SECTION_END_NESTED_IFSET(CPU_FTR_ARCH_207S, 66);		\
         ld      r2,PACATOC(r13);                                        \
         ld      r1,PACAR1(r13);                                         \
         std     r3,ORIG_GPR3(r1);       /* Save original r3 */          \
-        bl      opal_rm_handle_hmi;                                     \
+        li      r3,0;                   /* NULL argument */             \
+        bl      hmi_exception_realmode;                                 \
+        nop;                                                            \
         ld      r3,ORIG_GPR3(r1);       /* Restore original r3 */       \
 20:     nop;
 
diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
index f7e2f2e318bd..2cb589264cb7 100644
--- a/arch/powerpc/kernel/traps.c
+++ b/arch/powerpc/kernel/traps.c
@@ -61,6 +61,7 @@
 #include <asm/tm.h>
 #include <asm/debug.h>
 #include <asm/asm-prototypes.h>
+#include <asm/hmi.h>
 #include <sysdev/fsl_pci.h>
 
 #if defined(CONFIG_DEBUGGER) || defined(CONFIG_KEXEC)
@@ -308,9 +309,13 @@ long hmi_exception_realmode(struct pt_regs *regs)
 {
         __this_cpu_inc(irq_stat.hmi_exceptions);
 
+        wait_for_subcore_guest_exit();
+
         if (ppc_md.hmi_exception_early)
                 ppc_md.hmi_exception_early(regs);
 
+        wait_for_tb_resync();
+
         return 0;
 }
 
diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
index e20beae5ca7a..2fd5580c8f6e 100644
--- a/arch/powerpc/kvm/book3s_hv.c
+++ b/arch/powerpc/kvm/book3s_hv.c
@@ -52,6 +52,7 @@
 #include <asm/switch_to.h>
 #include <asm/smp.h>
 #include <asm/dbell.h>
+#include <asm/hmi.h>
 #include <linux/gfp.h>
 #include <linux/vmalloc.h>
 #include <linux/highmem.h>
@@ -2522,7 +2523,7 @@ static noinline void kvmppc_run_core(struct kvmppc_vcore *vc)
                 list_for_each_entry(pvc, &core_info.vcs[sub], preempt_list)
                         spin_unlock(&pvc->lock);
 
-        kvm_guest_enter();
+        guest_enter();
 
         srcu_idx = srcu_read_lock(&vc->kvm->srcu);
 
@@ -2570,7 +2571,7 @@ static noinline void kvmppc_run_core(struct kvmppc_vcore *vc)
 
         /* make sure updates to secondary vcpu structs are visible now */
         smp_mb();
-        kvm_guest_exit();
+        guest_exit();
 
         for (sub = 0; sub < core_info.n_subcores; ++sub)
                 list_for_each_entry_safe(pvc, vcnext, &core_info.vcs[sub],
@@ -3401,6 +3402,38 @@ static struct kvmppc_ops kvm_ops_hv = {
         .hcall_implemented = kvmppc_hcall_impl_hv,
 };
 
+static int kvm_init_subcore_bitmap(void)
+{
+        int i, j;
+        int nr_cores = cpu_nr_cores();
+        struct sibling_subcore_state *sibling_subcore_state;
+
+        for (i = 0; i < nr_cores; i++) {
+                int first_cpu = i * threads_per_core;
+                int node = cpu_to_node(first_cpu);
+
+                /* Ignore if it is already allocated. */
+                if (paca[first_cpu].sibling_subcore_state)
+                        continue;
+
+                sibling_subcore_state =
+                        kmalloc_node(sizeof(struct sibling_subcore_state),
+                                                        GFP_KERNEL, node);
+                if (!sibling_subcore_state)
+                        return -ENOMEM;
+
+                memset(sibling_subcore_state, 0,
+                                sizeof(struct sibling_subcore_state));
+
+                for (j = 0; j < threads_per_core; j++) {
+                        int cpu = first_cpu + j;
+
+                        paca[cpu].sibling_subcore_state = sibling_subcore_state;
+                }
+        }
+        return 0;
+}
+
 static int kvmppc_book3s_init_hv(void)
 {
         int r;
@@ -3411,6 +3444,10 @@ static int kvmppc_book3s_init_hv(void)
         if (r < 0)
                 return -ENODEV;
 
+        r = kvm_init_subcore_bitmap();
+        if (r)
+                return r;
+
         kvm_ops_hv.owner = THIS_MODULE;
         kvmppc_hv_ops = &kvm_ops_hv;
 
diff --git a/arch/powerpc/kvm/book3s_hv_ras.c b/arch/powerpc/kvm/book3s_hv_ras.c
index 93b5f5c9b445..0fa70a9618d7 100644
--- a/arch/powerpc/kvm/book3s_hv_ras.c
+++ b/arch/powerpc/kvm/book3s_hv_ras.c
@@ -13,6 +13,9 @@
 #include <linux/kernel.h>
 #include <asm/opal.h>
 #include <asm/mce.h>
+#include <asm/machdep.h>
+#include <asm/cputhreads.h>
+#include <asm/hmi.h>
 
 /* SRR1 bits for machine check on POWER7 */
 #define SRR1_MC_LDSTERR         (1ul << (63-42))
@@ -140,3 +143,176 @@ long kvmppc_realmode_machine_check(struct kvm_vcpu *vcpu)
 {
         return kvmppc_realmode_mc_power7(vcpu);
 }
+
+/* Check if dynamic split is in force and return subcore size accordingly. */
+static inline int kvmppc_cur_subcore_size(void)
+{
+        if (local_paca->kvm_hstate.kvm_split_mode)
+                return local_paca->kvm_hstate.kvm_split_mode->subcore_size;
+
+        return threads_per_subcore;
+}
+
+void kvmppc_subcore_enter_guest(void)
+{
+        int thread_id, subcore_id;
+
+        thread_id = cpu_thread_in_core(local_paca->paca_index);
+        subcore_id = thread_id / kvmppc_cur_subcore_size();
+
+        local_paca->sibling_subcore_state->in_guest[subcore_id] = 1;
+}
+
+void kvmppc_subcore_exit_guest(void)
+{
+        int thread_id, subcore_id;
+
+        thread_id = cpu_thread_in_core(local_paca->paca_index);
+        subcore_id = thread_id / kvmppc_cur_subcore_size();
+
+        local_paca->sibling_subcore_state->in_guest[subcore_id] = 0;
+}
+
+static bool kvmppc_tb_resync_required(void)
+{
+        if (test_and_set_bit(CORE_TB_RESYNC_REQ_BIT,
+                                &local_paca->sibling_subcore_state->flags))
+                return false;
+
+        return true;
+}
+
+static void kvmppc_tb_resync_done(void)
+{
+        clear_bit(CORE_TB_RESYNC_REQ_BIT,
+                        &local_paca->sibling_subcore_state->flags);
+}
+
+/*
+ * kvmppc_realmode_hmi_handler() is called only by primary thread during
+ * guest exit path.
+ *
+ * There are multiple reasons why HMI could occur, one of them is
+ * Timebase (TB) error. If this HMI is due to TB error, then TB would
+ * have been in stopped state. The opal hmi handler Will fix it and
+ * restore the TB value with host timebase value. For HMI caused due
+ * to non-TB errors, opal hmi handler will not touch/restore TB register
+ * and hence there won't be any change in TB value.
+ *
+ * Since we are not sure about the cause of this HMI, we can't be sure
+ * about the content of TB register whether it holds guest or host timebase
+ * value. Hence the idea is to resync the TB on every HMI, so that we
+ * know about the exact state of the TB value. Resync TB call will
+ * restore TB to host timebase.
+ *
+ * Things to consider:
+ * - On TB error, HMI interrupt is reported on all the threads of the core
+ *   that has encountered TB error irrespective of split-core mode.
+ * - The very first thread on the core that get chance to fix TB error
+ *   would rsync the TB with local chipTOD value.
+ * - The resync TB is a core level action i.e. it will sync all the TBs
+ *   in that core independent of split-core mode. This means if we trigger
+ *   TB sync from a thread from one subcore, it would affect TB values of
+ *   sibling subcores of the same core.
+ *
+ * All threads need to co-ordinate before making opal hmi handler.
+ * All threads will use sibling_subcore_state->in_guest[] (shared by all
+ * threads in the core) in paca which holds information about whether
+ * sibling subcores are in Guest mode or host mode. The in_guest[] array
+ * is of size MAX_SUBCORE_PER_CORE=4, indexed using subcore id to set/unset
+ * subcore status. Only primary threads from each subcore is responsible
+ * to set/unset its designated array element while entering/exiting the
+ * guset.
+ *
+ * After invoking opal hmi handler call, one of the thread (of entire core)
+ * will need to resync the TB. Bit 63 from subcore state bitmap flags
+ * (sibling_subcore_state->flags) will be used to co-ordinate between
+ * primary threads to decide who takes up the responsibility.
+ *
+ * This is what we do:
+ * - Primary thread from each subcore tries to set resync required bit[63]
+ *   of paca->sibling_subcore_state->flags.
+ * - The first primary thread that is able to set the flag takes the
+ *   responsibility of TB resync. (Let us call it as thread leader)
+ * - All other threads which are in host will call
+ *   wait_for_subcore_guest_exit() and wait for in_guest[0-3] from
+ *   paca->sibling_subcore_state to get cleared.
+ * - All the primary thread will clear its subcore status from subcore
+ *   state in_guest[] array respectively.
+ * - Once all primary threads clear in_guest[0-3], all of them will invoke
+ *   opal hmi handler.
+ * - Now all threads will wait for TB resync to complete by invoking
+ *   wait_for_tb_resync() except the thread leader.
+ * - Thread leader will do a TB resync by invoking opal_resync_timebase()
+ *   call and the it will clear the resync required bit.
+ * - All other threads will now come out of resync wait loop and proceed
+ *   with individual execution.
+ * - On return of this function, primary thread will signal all
+ *   secondary threads to proceed.
+ * - All secondary threads will eventually call opal hmi handler on
+ *   their exit path.
+ */
+
+long kvmppc_realmode_hmi_handler(void)
+{
+        int ptid = local_paca->kvm_hstate.ptid;
+        bool resync_req;
+
+        /* This is only called on primary thread. */
+        BUG_ON(ptid != 0);
+        __this_cpu_inc(irq_stat.hmi_exceptions);
+
+        /*
+         * By now primary thread has already completed guest->host
+         * partition switch but haven't signaled secondaries yet.
+         * All the secondary threads on this subcore is waiting
+         * for primary thread to signal them to go ahead.
+         *
+         * For threads from subcore which isn't in guest, they all will
+         * wait until all other subcores on this core exit the guest.
+         *
+         * Now set the resync required bit. If you are the first to
+         * set this bit then kvmppc_tb_resync_required() function will
+         * return true. For rest all other subcores
+         * kvmppc_tb_resync_required() will return false.
+         *
+         * If resync_req == true, then this thread is responsible to
+         * initiate TB resync after hmi handler has completed.
+         * All other threads on this core will wait until this thread
+         * clears the resync required bit flag.
+         */
+        resync_req = kvmppc_tb_resync_required();
+
+        /* Reset the subcore status to indicate it has exited guest */
+        kvmppc_subcore_exit_guest();
+
+        /*
+         * Wait for other subcores on this core to exit the guest.
+         * All the primary threads and threads from subcore that are
+         * not in guest will wait here until all subcores are out
+         * of guest context.
+         */
+        wait_for_subcore_guest_exit();
+
+        /*
+         * At this point we are sure that primary threads from each
+         * subcore on this core have completed guest->host partition
+         * switch. Now it is safe to call HMI handler.
+         */
+        if (ppc_md.hmi_exception_early)
+                ppc_md.hmi_exception_early(NULL);
+
+        /*
+         * Check if this thread is responsible to resync TB.
+         * All other threads will wait until this thread completes the
+         * TB resync.
+         */
+        if (resync_req) {
+                opal_resync_timebase();
+                /* Reset TB resync req bit */
+                kvmppc_tb_resync_done();
+        } else {
+                wait_for_tb_resync();
+        }
+        return 0;
+}
diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
index 86f0cae37a85..975655573844 100644
--- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S
+++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
@@ -29,6 +29,7 @@
 #include <asm/kvm_book3s_asm.h>
 #include <asm/book3s/64/mmu-hash.h>
 #include <asm/tm.h>
+#include <asm/opal.h>
 
 #define VCPU_GPRS_TM(reg) (((reg) * ULONG_SIZE) + VCPU_GPR_TM)
 
@@ -373,6 +374,18 @@ kvm_secondary_got_guest:
         lwsync
         std     r0, HSTATE_KVM_VCORE(r13)
 
+        /*
+         * All secondaries exiting guest will fall through this path.
+         * Before proceeding, just check for HMI interrupt and
+         * invoke opal hmi handler. By now we are sure that the
+         * primary thread on this core/subcore has already made partition
+         * switch/TB resync and we are good to call opal hmi handler.
+         */
+        cmpwi   r12, BOOK3S_INTERRUPT_HMI
+        bne     kvm_no_guest
+
+        li      r3,0                    /* NULL argument */
+        bl      hmi_exception_realmode
 /*
  * At this point we have finished executing in the guest.
  * We need to wait for hwthread_req to become zero, since
@@ -428,6 +441,22 @@ kvm_no_guest:
  */
 kvm_unsplit_nap:
         /*
+         * When secondaries are napping in kvm_unsplit_nap() with
+         * hwthread_req = 1, HMI goes ignored even though subcores are
+         * already exited the guest. Hence HMI keeps waking up secondaries
+         * from nap in a loop and secondaries always go back to nap since
+         * no vcore is assigned to them. This makes impossible for primary
+         * thread to get hold of secondary threads resulting into a soft
+         * lockup in KVM path.
+         *
+         * Let us check if HMI is pending and handle it before we go to nap.
+         */
+        cmpwi   r12, BOOK3S_INTERRUPT_HMI
+        bne     55f
+        li      r3, 0                   /* NULL argument */
+        bl      hmi_exception_realmode
+55:
+        /*
          * Ensure that secondary doesn't nap when it has
          * its vcore pointer set.
          */
@@ -601,6 +630,11 @@ BEGIN_FTR_SECTION
         mtspr   SPRN_DPDES, r8
 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
 
+        /* Mark the subcore state as inside guest */
+        bl      kvmppc_subcore_enter_guest
+        nop
+        ld      r5, HSTATE_KVM_VCORE(r13)
+        ld      r4, HSTATE_KVM_VCPU(r13)
         li      r0,1
         stb     r0,VCORE_IN_GUEST(r5)   /* signal secondaries to continue */
 
@@ -655,112 +689,8 @@ END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
 
 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
 BEGIN_FTR_SECTION
-        b       skip_tm
-END_FTR_SECTION_IFCLR(CPU_FTR_TM)
-
-        /* Turn on TM/FP/VSX/VMX so we can restore them. */
-        mfmsr   r5
-        li      r6, MSR_TM >> 32
-        sldi    r6, r6, 32
-        or      r5, r5, r6
-        ori     r5, r5, MSR_FP
-        oris    r5, r5, (MSR_VEC | MSR_VSX)@h
-        mtmsrd  r5
-
-        /*
-         * The user may change these outside of a transaction, so they must
-         * always be context switched.
-         */
-        ld      r5, VCPU_TFHAR(r4)
-        ld      r6, VCPU_TFIAR(r4)
-        ld      r7, VCPU_TEXASR(r4)
-        mtspr   SPRN_TFHAR, r5
-        mtspr   SPRN_TFIAR, r6
-        mtspr   SPRN_TEXASR, r7
-
-        ld      r5, VCPU_MSR(r4)
-        rldicl. r5, r5, 64 - MSR_TS_S_LG, 62
-        beq     skip_tm /* TM not active in guest */
-
-        /* Make sure the failure summary is set, otherwise we'll program check
-         * when we trechkpt.  It's possible that this might have been not set
-         * on a kvmppc_set_one_reg() call but we shouldn't let this crash the
-         * host.
-         */
-        oris    r7, r7, (TEXASR_FS)@h
-        mtspr   SPRN_TEXASR, r7
-
-        /*
-         * We need to load up the checkpointed state for the guest.
-         * We need to do this early as it will blow away any GPRs, VSRs and
-         * some SPRs.
-         */
-
-        mr      r31, r4
-        addi    r3, r31, VCPU_FPRS_TM
-        bl      load_fp_state
-        addi    r3, r31, VCPU_VRS_TM
-        bl      load_vr_state
-        mr      r4, r31
-        lwz     r7, VCPU_VRSAVE_TM(r4)
-        mtspr   SPRN_VRSAVE, r7
-
-        ld      r5, VCPU_LR_TM(r4)
-        lwz     r6, VCPU_CR_TM(r4)
-        ld      r7, VCPU_CTR_TM(r4)
-        ld      r8, VCPU_AMR_TM(r4)
-        ld      r9, VCPU_TAR_TM(r4)
-        mtlr    r5
-        mtcr    r6
-        mtctr   r7
-        mtspr   SPRN_AMR, r8
-        mtspr   SPRN_TAR, r9
-
-        /*
-         * Load up PPR and DSCR values but don't put them in the actual SPRs
-         * till the last moment to avoid running with userspace PPR and DSCR for
-         * too long.
-         */
-        ld      r29, VCPU_DSCR_TM(r4)
-        ld      r30, VCPU_PPR_TM(r4)
-
-        std     r2, PACATMSCRATCH(r13) /* Save TOC */
-
-        /* Clear the MSR RI since r1, r13 are all going to be foobar. */
-        li      r5, 0
-        mtmsrd  r5, 1
-
-        /* Load GPRs r0-r28 */
-        reg = 0
-        .rept   29
-        ld      reg, VCPU_GPRS_TM(reg)(r31)
-        reg = reg + 1
-        .endr
-
-        mtspr   SPRN_DSCR, r29
-        mtspr   SPRN_PPR, r30
-
-        /* Load final GPRs */
-        ld      29, VCPU_GPRS_TM(29)(r31)
-        ld      30, VCPU_GPRS_TM(30)(r31)
-        ld      31, VCPU_GPRS_TM(31)(r31)
-
-        /* TM checkpointed state is now setup.  All GPRs are now volatile. */
-        TRECHKPT
-
-        /* Now let's get back the state we need. */
-        HMT_MEDIUM
-        GET_PACA(r13)
-        ld      r29, HSTATE_DSCR(r13)
-        mtspr   SPRN_DSCR, r29
-        ld      r4, HSTATE_KVM_VCPU(r13)
-        ld      r1, HSTATE_HOST_R1(r13)
-        ld      r2, PACATMSCRATCH(r13)
-
-        /* Set the MSR RI since we have our registers back. */
-        li      r5, MSR_RI
-        mtmsrd  r5, 1
-skip_tm:
+        bl      kvmppc_restore_tm
+END_FTR_SECTION_IFSET(CPU_FTR_TM)
 #endif
 
         /* Load guest PMU registers */
@@ -841,12 +771,6 @@ BEGIN_FTR_SECTION
         /* Skip next section on POWER7 */
         b       8f
 END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
-        /* Turn on TM so we can access TFHAR/TFIAR/TEXASR */
-        mfmsr   r8
-        li      r0, 1
-        rldimi  r8, r0, MSR_TM_LG, 63-MSR_TM_LG
-        mtmsrd  r8
-
         /* Load up POWER8-specific registers */
         ld      r5, VCPU_IAMR(r4)
         lwz     r6, VCPU_PSPB(r4)
@@ -1436,106 +1360,8 @@ END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
 
 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
 BEGIN_FTR_SECTION
-        b       2f
-END_FTR_SECTION_IFCLR(CPU_FTR_TM)
-        /* Turn on TM. */
-        mfmsr   r8
-        li      r0, 1
-        rldimi  r8, r0, MSR_TM_LG, 63-MSR_TM_LG
-        mtmsrd  r8
-
-        ld      r5, VCPU_MSR(r9)
-        rldicl. r5, r5, 64 - MSR_TS_S_LG, 62
-        beq     1f      /* TM not active in guest. */
-
-        li      r3, TM_CAUSE_KVM_RESCHED
-
-        /* Clear the MSR RI since r1, r13 are all going to be foobar. */
-        li      r5, 0
-        mtmsrd  r5, 1
-
-        /* All GPRs are volatile at this point. */
-        TRECLAIM(R3)
-
-        /* Temporarily store r13 and r9 so we have some regs to play with */
-        SET_SCRATCH0(r13)
-        GET_PACA(r13)
-        std     r9, PACATMSCRATCH(r13)
-        ld      r9, HSTATE_KVM_VCPU(r13)
-
-        /* Get a few more GPRs free. */
-        std     r29, VCPU_GPRS_TM(29)(r9)
-        std     r30, VCPU_GPRS_TM(30)(r9)
-        std     r31, VCPU_GPRS_TM(31)(r9)
-
-        /* Save away PPR and DSCR soon so don't run with user values. */
-        mfspr   r31, SPRN_PPR
-        HMT_MEDIUM
-        mfspr   r30, SPRN_DSCR
-        ld      r29, HSTATE_DSCR(r13)
-        mtspr   SPRN_DSCR, r29
-
-        /* Save all but r9, r13 & r29-r31 */
-        reg = 0
-        .rept   29
-        .if (reg != 9) && (reg != 13)
-        std     reg, VCPU_GPRS_TM(reg)(r9)
-        .endif
-        reg = reg + 1
-        .endr
-        /* ... now save r13 */
-        GET_SCRATCH0(r4)
-        std     r4, VCPU_GPRS_TM(13)(r9)
-        /* ... and save r9 */
-        ld      r4, PACATMSCRATCH(r13)
-        std     r4, VCPU_GPRS_TM(9)(r9)
-
-        /* Reload stack pointer and TOC. */
-        ld      r1, HSTATE_HOST_R1(r13)
-        ld      r2, PACATOC(r13)
-
-        /* Set MSR RI now we have r1 and r13 back. */
-        li      r5, MSR_RI
-        mtmsrd  r5, 1
-
-        /* Save away checkpinted SPRs. */
-        std     r31, VCPU_PPR_TM(r9)
-        std     r30, VCPU_DSCR_TM(r9)
-        mflr    r5
-        mfcr    r6
-        mfctr   r7
-        mfspr   r8, SPRN_AMR
-        mfspr   r10, SPRN_TAR
-        std     r5, VCPU_LR_TM(r9)
-        stw     r6, VCPU_CR_TM(r9)
-        std     r7, VCPU_CTR_TM(r9)
-        std     r8, VCPU_AMR_TM(r9)
-        std     r10, VCPU_TAR_TM(r9)
-
-        /* Restore r12 as trap number. */
-        lwz     r12, VCPU_TRAP(r9)
-
-        /* Save FP/VSX. */
-        addi    r3, r9, VCPU_FPRS_TM
-        bl      store_fp_state
-        addi    r3, r9, VCPU_VRS_TM
-        bl      store_vr_state
-        mfspr   r6, SPRN_VRSAVE
-        stw     r6, VCPU_VRSAVE_TM(r9)
-1:
-        /*
-         * We need to save these SPRs after the treclaim so that the software
-         * error code is recorded correctly in the TEXASR.  Also the user may
-         * change these outside of a transaction, so they must always be
-         * context switched.
-         */
-        mfspr   r5, SPRN_TFHAR
-        mfspr   r6, SPRN_TFIAR
-        mfspr   r7, SPRN_TEXASR
-        std     r5, VCPU_TFHAR(r9)
-        std     r6, VCPU_TFIAR(r9)
-        std     r7, VCPU_TEXASR(r9)
-2:
+        bl      kvmppc_save_tm
+END_FTR_SECTION_IFSET(CPU_FTR_TM)
 #endif
 
         /* Increment yield count if they have a VPA */
@@ -1683,6 +1509,23 @@ BEGIN_FTR_SECTION
         mtspr   SPRN_DPDES, r8
 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
 
+        /* If HMI, call kvmppc_realmode_hmi_handler() */
+        cmpwi   r12, BOOK3S_INTERRUPT_HMI
+        bne     27f
+        bl      kvmppc_realmode_hmi_handler
+        nop
+        li      r12, BOOK3S_INTERRUPT_HMI
+        /*
+         * At this point kvmppc_realmode_hmi_handler would have resync-ed
+         * the TB. Hence it is not required to subtract guest timebase
+         * offset from timebase. So, skip it.
+         *
+         * Also, do not call kvmppc_subcore_exit_guest() because it has
+         * been invoked as part of kvmppc_realmode_hmi_handler().
+         */
+        b       30f
+
+27:
         /* Subtract timebase offset from timebase */
         ld      r8,VCORE_TB_OFFSET(r5)
         cmpdi   r8,0
@@ -1698,8 +1541,13 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
         addis   r8,r8,0x100             /* if so, increment upper 40 bits */
         mtspr   SPRN_TBU40,r8
 
+17:     bl      kvmppc_subcore_exit_guest
+        nop
+30:     ld      r5,HSTATE_KVM_VCORE(r13)
+        ld      r4,VCORE_KVM(r5)        /* pointer to struct kvm */
+
         /* Reset PCR */
-17:     ld      r0, VCORE_PCR(r5)
+        ld      r0, VCORE_PCR(r5)
         cmpdi   r0, 0
         beq     18f
         li      r0, 0
@@ -2245,6 +2093,13 @@ _GLOBAL(kvmppc_h_cede)		/* r3 = vcpu pointer, r11 = msr, r13 = paca */
         /* save FP state */
         bl      kvmppc_save_fp
 
+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
+BEGIN_FTR_SECTION
+        ld      r9, HSTATE_KVM_VCPU(r13)
+        bl      kvmppc_save_tm
+END_FTR_SECTION_IFSET(CPU_FTR_TM)
+#endif
+
         /*
          * Set DEC to the smaller of DEC and HDEC, so that we wake
          * no later than the end of our timeslice (HDEC interrupts
@@ -2321,6 +2176,12 @@ kvm_end_cede:
         bl      kvmhv_accumulate_time
 #endif
 
+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
+BEGIN_FTR_SECTION
+        bl      kvmppc_restore_tm
+END_FTR_SECTION_IFSET(CPU_FTR_TM)
+#endif
+
         /* load up FP state */
         bl      kvmppc_load_fp
 
@@ -2461,6 +2322,8 @@ BEGIN_FTR_SECTION
         cmpwi   r6, 3                   /* hypervisor doorbell? */
         beq     3f
 END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
+        cmpwi   r6, 0xa                 /* Hypervisor maintenance ? */
+        beq     4f
         li      r3, 1                   /* anything else, return 1 */
 0:      blr
 
@@ -2482,6 +2345,11 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
         li      r3, -1
         blr
 
+        /* Woken up due to Hypervisor maintenance interrupt */
+4:      li      r12, BOOK3S_INTERRUPT_HMI
+        li      r3, 1
+        blr
+
 /*
  * Determine what sort of external interrupt is pending (if any).
  * Returns:
@@ -2631,6 +2499,239 @@ END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
         mr      r4,r31
         blr
 
+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
+/*
+ * Save transactional state and TM-related registers.
+ * Called with r9 pointing to the vcpu struct.
+ * This can modify all checkpointed registers, but
+ * restores r1, r2 and r9 (vcpu pointer) before exit.
+ */
+kvmppc_save_tm:
+        mflr    r0
+        std     r0, PPC_LR_STKOFF(r1)
+
+        /* Turn on TM. */
+        mfmsr   r8
+        li      r0, 1
+        rldimi  r8, r0, MSR_TM_LG, 63-MSR_TM_LG
+        mtmsrd  r8
+
+        ld      r5, VCPU_MSR(r9)
+        rldicl. r5, r5, 64 - MSR_TS_S_LG, 62
+        beq     1f      /* TM not active in guest. */
+
+        std     r1, HSTATE_HOST_R1(r13)
+        li      r3, TM_CAUSE_KVM_RESCHED
+
+        /* Clear the MSR RI since r1, r13 are all going to be foobar. */
+        li      r5, 0
+        mtmsrd  r5, 1
+
+        /* All GPRs are volatile at this point. */
+        TRECLAIM(R3)
+
+        /* Temporarily store r13 and r9 so we have some regs to play with */
+        SET_SCRATCH0(r13)
+        GET_PACA(r13)
+        std     r9, PACATMSCRATCH(r13)
+        ld      r9, HSTATE_KVM_VCPU(r13)
+
+        /* Get a few more GPRs free. */
+        std     r29, VCPU_GPRS_TM(29)(r9)
+        std     r30, VCPU_GPRS_TM(30)(r9)
+        std     r31, VCPU_GPRS_TM(31)(r9)
+
+        /* Save away PPR and DSCR soon so don't run with user values. */
+        mfspr   r31, SPRN_PPR
+        HMT_MEDIUM
+        mfspr   r30, SPRN_DSCR
+        ld      r29, HSTATE_DSCR(r13)
+        mtspr   SPRN_DSCR, r29
+
+        /* Save all but r9, r13 & r29-r31 */
+        reg = 0
+        .rept   29
+        .if (reg != 9) && (reg != 13)
+        std     reg, VCPU_GPRS_TM(reg)(r9)
+        .endif
+        reg = reg + 1
+        .endr
+        /* ... now save r13 */
+        GET_SCRATCH0(r4)
+        std     r4, VCPU_GPRS_TM(13)(r9)
+        /* ... and save r9 */
+        ld      r4, PACATMSCRATCH(r13)
+        std     r4, VCPU_GPRS_TM(9)(r9)
+
+        /* Reload stack pointer and TOC. */
+        ld      r1, HSTATE_HOST_R1(r13)
+        ld      r2, PACATOC(r13)
+
+        /* Set MSR RI now we have r1 and r13 back. */
+        li      r5, MSR_RI
+        mtmsrd  r5, 1
+
+        /* Save away checkpinted SPRs. */
+        std     r31, VCPU_PPR_TM(r9)
+        std     r30, VCPU_DSCR_TM(r9)
+        mflr    r5
+        mfcr    r6
+        mfctr   r7
+        mfspr   r8, SPRN_AMR
+        mfspr   r10, SPRN_TAR
+        std     r5, VCPU_LR_TM(r9)
+        stw     r6, VCPU_CR_TM(r9)
+        std     r7, VCPU_CTR_TM(r9)
+        std     r8, VCPU_AMR_TM(r9)
+        std     r10, VCPU_TAR_TM(r9)
+
+        /* Restore r12 as trap number. */
+        lwz     r12, VCPU_TRAP(r9)
+
+        /* Save FP/VSX. */
+        addi    r3, r9, VCPU_FPRS_TM
+        bl      store_fp_state
+        addi    r3, r9, VCPU_VRS_TM
+        bl      store_vr_state
+        mfspr   r6, SPRN_VRSAVE
+        stw     r6, VCPU_VRSAVE_TM(r9)
+1:
+        /*
+         * We need to save these SPRs after the treclaim so that the software
+         * error code is recorded correctly in the TEXASR.  Also the user may
+         * change these outside of a transaction, so they must always be
+         * context switched.
+         */
+        mfspr   r5, SPRN_TFHAR
+        mfspr   r6, SPRN_TFIAR
+        mfspr   r7, SPRN_TEXASR
+        std     r5, VCPU_TFHAR(r9)
+        std     r6, VCPU_TFIAR(r9)
+        std     r7, VCPU_TEXASR(r9)
+
+        ld      r0, PPC_LR_STKOFF(r1)
+        mtlr    r0
+        blr
+
+/*
+ * Restore transactional state and TM-related registers.
+ * Called with r4 pointing to the vcpu struct.
+ * This potentially modifies all checkpointed registers.
+ * It restores r1, r2, r4 from the PACA.
+ */
+kvmppc_restore_tm:
+        mflr    r0
+        std     r0, PPC_LR_STKOFF(r1)
+
+        /* Turn on TM/FP/VSX/VMX so we can restore them. */
+        mfmsr   r5
+        li      r6, MSR_TM >> 32
+        sldi    r6, r6, 32
+        or      r5, r5, r6
+        ori     r5, r5, MSR_FP
+        oris    r5, r5, (MSR_VEC | MSR_VSX)@h
+        mtmsrd  r5
+
+        /*
+         * The user may change these outside of a transaction, so they must
+         * always be context switched.
+         */
+        ld      r5, VCPU_TFHAR(r4)
+        ld      r6, VCPU_TFIAR(r4)
+        ld      r7, VCPU_TEXASR(r4)
+        mtspr   SPRN_TFHAR, r5
+        mtspr   SPRN_TFIAR, r6
+        mtspr   SPRN_TEXASR, r7
+
+        ld      r5, VCPU_MSR(r4)
+        rldicl. r5, r5, 64 - MSR_TS_S_LG, 62
+        beqlr           /* TM not active in guest */
+        std     r1, HSTATE_HOST_R1(r13)
+
+        /* Make sure the failure summary is set, otherwise we'll program check
+         * when we trechkpt.  It's possible that this might have been not set
+         * on a kvmppc_set_one_reg() call but we shouldn't let this crash the
+         * host.
+         */
+        oris    r7, r7, (TEXASR_FS)@h
+        mtspr   SPRN_TEXASR, r7
+
+        /*
+         * We need to load up the checkpointed state for the guest.
+         * We need to do this early as it will blow away any GPRs, VSRs and
+         * some SPRs.
+         */
+
+        mr      r31, r4
+        addi    r3, r31, VCPU_FPRS_TM
+        bl      load_fp_state
+        addi    r3, r31, VCPU_VRS_TM
+        bl      load_vr_state
+        mr      r4, r31
+        lwz     r7, VCPU_VRSAVE_TM(r4)
+        mtspr   SPRN_VRSAVE, r7
+
+        ld      r5, VCPU_LR_TM(r4)
+        lwz     r6, VCPU_CR_TM(r4)
+        ld      r7, VCPU_CTR_TM(r4)
+        ld      r8, VCPU_AMR_TM(r4)
+        ld      r9, VCPU_TAR_TM(r4)
+        mtlr    r5
+        mtcr    r6
+        mtctr   r7
+        mtspr   SPRN_AMR, r8
+        mtspr   SPRN_TAR, r9
+
+        /*
+         * Load up PPR and DSCR values but don't put them in the actual SPRs
+         * till the last moment to avoid running with userspace PPR and DSCR for
+         * too long.
+         */
+        ld      r29, VCPU_DSCR_TM(r4)
+        ld      r30, VCPU_PPR_TM(r4)
+
+        std     r2, PACATMSCRATCH(r13) /* Save TOC */
+
+        /* Clear the MSR RI since r1, r13 are all going to be foobar. */
+        li      r5, 0
+        mtmsrd  r5, 1
+
+        /* Load GPRs r0-r28 */
+        reg = 0
+        .rept   29
+        ld      reg, VCPU_GPRS_TM(reg)(r31)
+        reg = reg + 1
+        .endr
+
+        mtspr   SPRN_DSCR, r29
+        mtspr   SPRN_PPR, r30
+
+        /* Load final GPRs */
+        ld      29, VCPU_GPRS_TM(29)(r31)
+        ld      30, VCPU_GPRS_TM(30)(r31)
+        ld      31, VCPU_GPRS_TM(31)(r31)
+
+        /* TM checkpointed state is now setup.  All GPRs are now volatile. */
+        TRECHKPT
+
+        /* Now let's get back the state we need. */
+        HMT_MEDIUM
+        GET_PACA(r13)
+        ld      r29, HSTATE_DSCR(r13)
+        mtspr   SPRN_DSCR, r29
+        ld      r4, HSTATE_KVM_VCPU(r13)
+        ld      r1, HSTATE_HOST_R1(r13)
+        ld      r2, PACATMSCRATCH(r13)
+
+        /* Set the MSR RI since we have our registers back. */
+        li      r5, MSR_RI
+        mtmsrd  r5, 1
+
+        ld      r0, PPC_LR_STKOFF(r1)
+        mtlr    r0
+        blr
+#endif
+
 /*
  * We come here if we get any exception or interrupt while we are
  * executing host real mode code while in guest MMU context.
diff --git a/arch/powerpc/kvm/book3s_pr.c b/arch/powerpc/kvm/book3s_pr.c
index c4f7d6b86b9e..e76f79a45988 100644
--- a/arch/powerpc/kvm/book3s_pr.c
+++ b/arch/powerpc/kvm/book3s_pr.c
@@ -914,7 +914,7 @@ int kvmppc_handle_exit_pr(struct kvm_run *run, struct kvm_vcpu *vcpu,
         /* We get here with MSR.EE=1 */
 
         trace_kvm_exit(exit_nr, vcpu);
-        kvm_guest_exit();
+        guest_exit();
 
         switch (exit_nr) {
         case BOOK3S_INTERRUPT_INST_STORAGE:
@@ -1049,7 +1049,17 @@ int kvmppc_handle_exit_pr(struct kvm_run *run, struct kvm_vcpu *vcpu,
                 int emul;
 
 program_interrupt:
-                flags = vcpu->arch.shadow_srr1 & 0x1f0000ull;
+                /*
+                 * shadow_srr1 only contains valid flags if we came here via
+                 * a program exception. The other exceptions (emulation assist,
+                 * FP unavailable, etc.) do not provide flags in SRR1, so use
+                 * an illegal-instruction exception when injecting a program
+                 * interrupt into the guest.
+                 */
+                if (exit_nr == BOOK3S_INTERRUPT_PROGRAM)
+                        flags = vcpu->arch.shadow_srr1 & 0x1f0000ull;
+                else
+                        flags = SRR1_PROGILL;
 
                 emul = kvmppc_get_last_inst(vcpu, INST_GENERIC, &last_inst);
                 if (emul != EMULATE_DONE) {
@@ -1531,7 +1541,7 @@ static int kvmppc_vcpu_run_pr(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
 
         kvmppc_clear_debug(vcpu);
 
-        /* No need for kvm_guest_exit. It's done in handle_exit.
+        /* No need for guest_exit. It's done in handle_exit.
            We also get here with interrupts enabled. */
 
         /* Make sure we save the guest FPU/Altivec/VSX state */
diff --git a/arch/powerpc/kvm/booke.c b/arch/powerpc/kvm/booke.c
index 4afae695899a..02b4672f7347 100644
--- a/arch/powerpc/kvm/booke.c
+++ b/arch/powerpc/kvm/booke.c
@@ -776,7 +776,7 @@ int kvmppc_vcpu_run(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
 
         ret = __kvmppc_vcpu_run(kvm_run, vcpu);
 
-        /* No need for kvm_guest_exit. It's done in handle_exit.
+        /* No need for guest_exit. It's done in handle_exit.
            We also get here with interrupts enabled. */
 
         /* Switch back to user space debug context */
@@ -1012,7 +1012,7 @@ int kvmppc_handle_exit(struct kvm_run *run, struct kvm_vcpu *vcpu,
         }
 
         trace_kvm_exit(exit_nr, vcpu);
-        __kvm_guest_exit();
+        guest_exit_irqoff();
 
         local_irq_enable();
 
diff --git a/arch/powerpc/kvm/emulate.c b/arch/powerpc/kvm/emulate.c
index 5cc2e7af3a7b..b379146de55b 100644
--- a/arch/powerpc/kvm/emulate.c
+++ b/arch/powerpc/kvm/emulate.c
@@ -302,7 +302,6 @@ int kvmppc_emulate_instruction(struct kvm_run *run, struct kvm_vcpu *vcpu)
                         advance = 0;
                         printk(KERN_ERR "Couldn't emulate instruction 0x%08x "
                                "(op %d xop %d)\n", inst, get_op(inst), get_xop(inst));
-                        kvmppc_core_queue_program(vcpu, 0);
                 }
         }
 
diff --git a/arch/powerpc/kvm/mpic.c b/arch/powerpc/kvm/mpic.c
index 6249cdc834d1..ed38f8114118 100644
--- a/arch/powerpc/kvm/mpic.c
+++ b/arch/powerpc/kvm/mpic.c
@@ -1823,7 +1823,8 @@ int kvm_set_msi(struct kvm_kernel_irq_routing_entry *e,
         return 0;
 }
 
-int kvm_set_routing_entry(struct kvm_kernel_irq_routing_entry *e,
+int kvm_set_routing_entry(struct kvm *kvm,
+                          struct kvm_kernel_irq_routing_entry *e,
                           const struct kvm_irq_routing_entry *ue)
 {
         int r = -EINVAL;
diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c
index 02416fea7653..6ce40dd6fe51 100644
--- a/arch/powerpc/kvm/powerpc.c
+++ b/arch/powerpc/kvm/powerpc.c
@@ -119,7 +119,7 @@ int kvmppc_prepare_to_enter(struct kvm_vcpu *vcpu)
                         continue;
                 }
 
-                __kvm_guest_enter();
+                guest_enter_irqoff();
                 return 1;
         }
 
@@ -588,6 +588,10 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
                 r = 1;
                 break;
 #endif
+        case KVM_CAP_PPC_HTM:
+                r = cpu_has_feature(CPU_FTR_TM_COMP) &&
+                    is_kvmppc_hv_enabled(kvm);
+                break;
         default:
                 r = 0;
                 break;
diff --git a/arch/powerpc/platforms/powernv/opal-wrappers.S b/arch/powerpc/platforms/powernv/opal-wrappers.S
index cf928bba4d9a..3d29d40eb0e9 100644
--- a/arch/powerpc/platforms/powernv/opal-wrappers.S
+++ b/arch/powerpc/platforms/powernv/opal-wrappers.S
@@ -64,7 +64,6 @@ END_FTR_SECTION(0, 1);						\
         OPAL_BRANCH(opal_tracepoint_entry) \
         mfcr    r12;                    \
         stw     r12,8(r1);              \
-        std     r1,PACAR1(r13);         \
         li      r11,0;                  \
         mfmsr   r12;                    \
         ori     r11,r11,MSR_EE;         \
@@ -127,7 +126,6 @@ opal_tracepoint_entry:
         mfcr    r12
         std     r11,16(r1)
         stw     r12,8(r1)
-        std     r1,PACAR1(r13)
         li      r11,0
         mfmsr   r12
         ori     r11,r11,MSR_EE