1 /*
2 * ARM Generic Interrupt Controller v3 (emulation)
3 *
4 * Copyright (c) 2016 Linaro Limited
5 * Written by Peter Maydell
6 *
7 * This code is licensed under the GPL, version 2 or (at your option)
8 * any later version.
9 */
10
11 /* This file contains the code for the system register interface
12 * portions of the GICv3.
13 */
14
15 #include "qemu/osdep.h"
16 #include "qemu/bitops.h"
17 #include "qemu/log.h"
18 #include "qemu/main-loop.h"
19 #include "trace.h"
20 #include "gicv3_internal.h"
21 #include "hw/irq.h"
22 #include "cpu.h"
23 #include "target/arm/cpregs.h"
24 #include "target/arm/cpu-features.h"
25 #include "sysemu/tcg.h"
26 #include "sysemu/qtest.h"
27
28 /*
29 * Special case return value from hppvi_index(); must be larger than
30 * the architecturally maximum possible list register index (which is 15)
31 */
32 #define HPPVI_INDEX_VLPI 16
33
icc_cs_from_env(CPUARMState * env)34 static GICv3CPUState *icc_cs_from_env(CPUARMState *env)
35 {
36 return env->gicv3state;
37 }
38
gicv3_use_ns_bank(CPUARMState * env)39 static bool gicv3_use_ns_bank(CPUARMState *env)
40 {
41 /* Return true if we should use the NonSecure bank for a banked GIC
42 * CPU interface register. Note that this differs from the
43 * access_secure_reg() function because GICv3 banked registers are
44 * banked even for AArch64, unlike the other CPU system registers.
45 */
46 return !arm_is_secure_below_el3(env);
47 }
48
49 /* The minimum BPR for the virtual interface is a configurable property */
icv_min_vbpr(GICv3CPUState * cs)50 static inline int icv_min_vbpr(GICv3CPUState *cs)
51 {
52 return 7 - cs->vprebits;
53 }
54
ich_num_aprs(GICv3CPUState * cs)55 static inline int ich_num_aprs(GICv3CPUState *cs)
56 {
57 /* Return the number of virtual APR registers (1, 2, or 4) */
58 int aprmax = 1 << (cs->vprebits - 5);
59 assert(aprmax <= ARRAY_SIZE(cs->ich_apr[0]));
60 return aprmax;
61 }
62
63 /* Simple accessor functions for LR fields */
ich_lr_vintid(uint64_t lr)64 static uint32_t ich_lr_vintid(uint64_t lr)
65 {
66 return extract64(lr, ICH_LR_EL2_VINTID_SHIFT, ICH_LR_EL2_VINTID_LENGTH);
67 }
68
ich_lr_pintid(uint64_t lr)69 static uint32_t ich_lr_pintid(uint64_t lr)
70 {
71 return extract64(lr, ICH_LR_EL2_PINTID_SHIFT, ICH_LR_EL2_PINTID_LENGTH);
72 }
73
ich_lr_prio(uint64_t lr)74 static uint32_t ich_lr_prio(uint64_t lr)
75 {
76 return extract64(lr, ICH_LR_EL2_PRIORITY_SHIFT, ICH_LR_EL2_PRIORITY_LENGTH);
77 }
78
ich_lr_state(uint64_t lr)79 static int ich_lr_state(uint64_t lr)
80 {
81 return extract64(lr, ICH_LR_EL2_STATE_SHIFT, ICH_LR_EL2_STATE_LENGTH);
82 }
83
icv_access(CPUARMState * env,int hcr_flags)84 static bool icv_access(CPUARMState *env, int hcr_flags)
85 {
86 /* Return true if this ICC_ register access should really be
87 * directed to an ICV_ access. hcr_flags is a mask of
88 * HCR_EL2 bits to check: we treat this as an ICV_ access
89 * if we are in NS EL1 and at least one of the specified
90 * HCR_EL2 bits is set.
91 *
92 * ICV registers fall into four categories:
93 * * access if NS EL1 and HCR_EL2.FMO == 1:
94 * all ICV regs with '0' in their name
95 * * access if NS EL1 and HCR_EL2.IMO == 1:
96 * all ICV regs with '1' in their name
97 * * access if NS EL1 and either IMO or FMO == 1:
98 * CTLR, DIR, PMR, RPR
99 */
100 uint64_t hcr_el2 = arm_hcr_el2_eff(env);
101 bool flagmatch = hcr_el2 & hcr_flags & (HCR_IMO | HCR_FMO);
102
103 return flagmatch && arm_current_el(env) == 1
104 && !arm_is_secure_below_el3(env);
105 }
106
read_vbpr(GICv3CPUState * cs,int grp)107 static int read_vbpr(GICv3CPUState *cs, int grp)
108 {
109 /* Read VBPR value out of the VMCR field (caller must handle
110 * VCBPR effects if required)
111 */
112 if (grp == GICV3_G0) {
113 return extract64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VBPR0_SHIFT,
114 ICH_VMCR_EL2_VBPR0_LENGTH);
115 } else {
116 return extract64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VBPR1_SHIFT,
117 ICH_VMCR_EL2_VBPR1_LENGTH);
118 }
119 }
120
write_vbpr(GICv3CPUState * cs,int grp,int value)121 static void write_vbpr(GICv3CPUState *cs, int grp, int value)
122 {
123 /* Write new VBPR1 value, handling the "writing a value less than
124 * the minimum sets it to the minimum" semantics.
125 */
126 int min = icv_min_vbpr(cs);
127
128 if (grp != GICV3_G0) {
129 min++;
130 }
131
132 value = MAX(value, min);
133
134 if (grp == GICV3_G0) {
135 cs->ich_vmcr_el2 = deposit64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VBPR0_SHIFT,
136 ICH_VMCR_EL2_VBPR0_LENGTH, value);
137 } else {
138 cs->ich_vmcr_el2 = deposit64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VBPR1_SHIFT,
139 ICH_VMCR_EL2_VBPR1_LENGTH, value);
140 }
141 }
142
icv_fullprio_mask(GICv3CPUState * cs)143 static uint32_t icv_fullprio_mask(GICv3CPUState *cs)
144 {
145 /* Return a mask word which clears the unimplemented priority bits
146 * from a priority value for a virtual interrupt. (Not to be confused
147 * with the group priority, whose mask depends on the value of VBPR
148 * for the interrupt group.)
149 */
150 return (~0U << (8 - cs->vpribits)) & 0xff;
151 }
152
ich_highest_active_virt_prio(GICv3CPUState * cs)153 static int ich_highest_active_virt_prio(GICv3CPUState *cs)
154 {
155 /* Calculate the current running priority based on the set bits
156 * in the ICH Active Priority Registers.
157 */
158 int i;
159 int aprmax = ich_num_aprs(cs);
160
161 if (cs->ich_apr[GICV3_G1NS][0] & ICV_AP1R_EL1_NMI) {
162 return 0x0;
163 }
164
165 for (i = 0; i < aprmax; i++) {
166 uint32_t apr = cs->ich_apr[GICV3_G0][i] |
167 cs->ich_apr[GICV3_G1NS][i];
168
169 if (!apr) {
170 continue;
171 }
172 return (i * 32 + ctz32(apr)) << (icv_min_vbpr(cs) + 1);
173 }
174 /* No current active interrupts: return idle priority */
175 return 0xff;
176 }
177
hppvi_index(GICv3CPUState * cs)178 static int hppvi_index(GICv3CPUState *cs)
179 {
180 /*
181 * Return the list register index of the highest priority pending
182 * virtual interrupt, as per the HighestPriorityVirtualInterrupt
183 * pseudocode. If no pending virtual interrupts, return -1.
184 * If the highest priority pending virtual interrupt is a vLPI,
185 * return HPPVI_INDEX_VLPI.
186 * (The pseudocode handles checking whether the vLPI is higher
187 * priority than the highest priority list register at every
188 * callsite of HighestPriorityVirtualInterrupt; we check it here.)
189 */
190 ARMCPU *cpu = ARM_CPU(cs->cpu);
191 CPUARMState *env = &cpu->env;
192 int idx = -1;
193 int i;
194 /* Note that a list register entry with a priority of 0xff will
195 * never be reported by this function; this is the architecturally
196 * correct behaviour.
197 */
198 int prio = 0xff;
199 bool nmi = false;
200
201 if (!(cs->ich_vmcr_el2 & (ICH_VMCR_EL2_VENG0 | ICH_VMCR_EL2_VENG1))) {
202 /* Both groups disabled, definitely nothing to do */
203 return idx;
204 }
205
206 for (i = 0; i < cs->num_list_regs; i++) {
207 uint64_t lr = cs->ich_lr_el2[i];
208 bool thisnmi;
209 int thisprio;
210
211 if (ich_lr_state(lr) != ICH_LR_EL2_STATE_PENDING) {
212 /* Not Pending */
213 continue;
214 }
215
216 /* Ignore interrupts if relevant group enable not set */
217 if (lr & ICH_LR_EL2_GROUP) {
218 if (!(cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG1)) {
219 continue;
220 }
221 } else {
222 if (!(cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG0)) {
223 continue;
224 }
225 }
226
227 thisnmi = lr & ICH_LR_EL2_NMI;
228 thisprio = ich_lr_prio(lr);
229
230 if ((thisprio < prio) || ((thisprio == prio) && (thisnmi & (!nmi)))) {
231 prio = thisprio;
232 nmi = thisnmi;
233 idx = i;
234 }
235 }
236
237 /*
238 * "no pending vLPI" is indicated with prio = 0xff, which always
239 * fails the priority check here. vLPIs are only considered
240 * when we are in Non-Secure state.
241 */
242 if (cs->hppvlpi.prio < prio && !arm_is_secure(env)) {
243 if (cs->hppvlpi.grp == GICV3_G0) {
244 if (cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG0) {
245 return HPPVI_INDEX_VLPI;
246 }
247 } else {
248 if (cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG1) {
249 return HPPVI_INDEX_VLPI;
250 }
251 }
252 }
253
254 return idx;
255 }
256
icv_gprio_mask(GICv3CPUState * cs,int group)257 static uint32_t icv_gprio_mask(GICv3CPUState *cs, int group)
258 {
259 /* Return a mask word which clears the subpriority bits from
260 * a priority value for a virtual interrupt in the specified group.
261 * This depends on the VBPR value.
262 * If using VBPR0 then:
263 * a BPR of 0 means the group priority bits are [7:1];
264 * a BPR of 1 means they are [7:2], and so on down to
265 * a BPR of 7 meaning no group priority bits at all.
266 * If using VBPR1 then:
267 * a BPR of 0 is impossible (the minimum value is 1)
268 * a BPR of 1 means the group priority bits are [7:1];
269 * a BPR of 2 means they are [7:2], and so on down to
270 * a BPR of 7 meaning the group priority is [7].
271 *
272 * Which BPR to use depends on the group of the interrupt and
273 * the current ICH_VMCR_EL2.VCBPR settings.
274 *
275 * This corresponds to the VGroupBits() pseudocode.
276 */
277 int bpr;
278
279 if (group == GICV3_G1NS && cs->ich_vmcr_el2 & ICH_VMCR_EL2_VCBPR) {
280 group = GICV3_G0;
281 }
282
283 bpr = read_vbpr(cs, group);
284 if (group == GICV3_G1NS) {
285 assert(bpr > 0);
286 bpr--;
287 }
288
289 return ~0U << (bpr + 1);
290 }
291
icv_hppi_can_preempt(GICv3CPUState * cs,uint64_t lr)292 static bool icv_hppi_can_preempt(GICv3CPUState *cs, uint64_t lr)
293 {
294 /* Return true if we can signal this virtual interrupt defined by
295 * the given list register value; see the pseudocode functions
296 * CanSignalVirtualInterrupt and CanSignalVirtualInt.
297 * Compare also icc_hppi_can_preempt() which is the non-virtual
298 * equivalent of these checks.
299 */
300 int grp;
301 bool is_nmi;
302 uint32_t mask, prio, rprio, vpmr;
303
304 if (!(cs->ich_hcr_el2 & ICH_HCR_EL2_EN)) {
305 /* Virtual interface disabled */
306 return false;
307 }
308
309 /* We don't need to check that this LR is in Pending state because
310 * that has already been done in hppvi_index().
311 */
312
313 prio = ich_lr_prio(lr);
314 is_nmi = lr & ICH_LR_EL2_NMI;
315 vpmr = extract64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VPMR_SHIFT,
316 ICH_VMCR_EL2_VPMR_LENGTH);
317
318 if (!is_nmi && prio >= vpmr) {
319 /* Priority mask masks this interrupt */
320 return false;
321 }
322
323 rprio = ich_highest_active_virt_prio(cs);
324 if (rprio == 0xff) {
325 /* No running interrupt so we can preempt */
326 return true;
327 }
328
329 grp = (lr & ICH_LR_EL2_GROUP) ? GICV3_G1NS : GICV3_G0;
330
331 mask = icv_gprio_mask(cs, grp);
332
333 /* We only preempt a running interrupt if the pending interrupt's
334 * group priority is sufficient (the subpriorities are not considered).
335 */
336 if ((prio & mask) < (rprio & mask)) {
337 return true;
338 }
339
340 if ((prio & mask) == (rprio & mask) && is_nmi &&
341 !(cs->ich_apr[GICV3_G1NS][0] & ICV_AP1R_EL1_NMI)) {
342 return true;
343 }
344
345 return false;
346 }
347
icv_hppvlpi_can_preempt(GICv3CPUState * cs)348 static bool icv_hppvlpi_can_preempt(GICv3CPUState *cs)
349 {
350 /*
351 * Return true if we can signal the highest priority pending vLPI.
352 * We can assume we're Non-secure because hppvi_index() already
353 * tested for that.
354 */
355 uint32_t mask, rprio, vpmr;
356
357 if (!(cs->ich_hcr_el2 & ICH_HCR_EL2_EN)) {
358 /* Virtual interface disabled */
359 return false;
360 }
361
362 vpmr = extract64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VPMR_SHIFT,
363 ICH_VMCR_EL2_VPMR_LENGTH);
364
365 if (cs->hppvlpi.prio >= vpmr) {
366 /* Priority mask masks this interrupt */
367 return false;
368 }
369
370 rprio = ich_highest_active_virt_prio(cs);
371 if (rprio == 0xff) {
372 /* No running interrupt so we can preempt */
373 return true;
374 }
375
376 mask = icv_gprio_mask(cs, cs->hppvlpi.grp);
377
378 /*
379 * We only preempt a running interrupt if the pending interrupt's
380 * group priority is sufficient (the subpriorities are not considered).
381 */
382 if ((cs->hppvlpi.prio & mask) < (rprio & mask)) {
383 return true;
384 }
385
386 return false;
387 }
388
eoi_maintenance_interrupt_state(GICv3CPUState * cs,uint32_t * misr)389 static uint32_t eoi_maintenance_interrupt_state(GICv3CPUState *cs,
390 uint32_t *misr)
391 {
392 /* Return a set of bits indicating the EOI maintenance interrupt status
393 * for each list register. The EOI maintenance interrupt status is
394 * 1 if LR.State == 0 && LR.HW == 0 && LR.EOI == 1
395 * (see the GICv3 spec for the ICH_EISR_EL2 register).
396 * If misr is not NULL then we should also collect the information
397 * about the MISR.EOI, MISR.NP and MISR.U bits.
398 */
399 uint32_t value = 0;
400 int validcount = 0;
401 bool seenpending = false;
402 int i;
403
404 for (i = 0; i < cs->num_list_regs; i++) {
405 uint64_t lr = cs->ich_lr_el2[i];
406
407 if ((lr & (ICH_LR_EL2_STATE_MASK | ICH_LR_EL2_HW | ICH_LR_EL2_EOI))
408 == ICH_LR_EL2_EOI) {
409 value |= (1 << i);
410 }
411 if ((lr & ICH_LR_EL2_STATE_MASK)) {
412 validcount++;
413 }
414 if (ich_lr_state(lr) == ICH_LR_EL2_STATE_PENDING) {
415 seenpending = true;
416 }
417 }
418
419 if (misr) {
420 if (validcount < 2 && (cs->ich_hcr_el2 & ICH_HCR_EL2_UIE)) {
421 *misr |= ICH_MISR_EL2_U;
422 }
423 if (!seenpending && (cs->ich_hcr_el2 & ICH_HCR_EL2_NPIE)) {
424 *misr |= ICH_MISR_EL2_NP;
425 }
426 if (value) {
427 *misr |= ICH_MISR_EL2_EOI;
428 }
429 }
430 return value;
431 }
432
maintenance_interrupt_state(GICv3CPUState * cs)433 static uint32_t maintenance_interrupt_state(GICv3CPUState *cs)
434 {
435 /* Return a set of bits indicating the maintenance interrupt status
436 * (as seen in the ICH_MISR_EL2 register).
437 */
438 uint32_t value = 0;
439
440 /* Scan list registers and fill in the U, NP and EOI bits */
441 eoi_maintenance_interrupt_state(cs, &value);
442
443 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_LRENPIE) &&
444 (cs->ich_hcr_el2 & ICH_HCR_EL2_EOICOUNT_MASK)) {
445 value |= ICH_MISR_EL2_LRENP;
446 }
447
448 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_VGRP0EIE) &&
449 (cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG0)) {
450 value |= ICH_MISR_EL2_VGRP0E;
451 }
452
453 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_VGRP0DIE) &&
454 !(cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG1)) {
455 value |= ICH_MISR_EL2_VGRP0D;
456 }
457 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_VGRP1EIE) &&
458 (cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG1)) {
459 value |= ICH_MISR_EL2_VGRP1E;
460 }
461
462 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_VGRP1DIE) &&
463 !(cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG1)) {
464 value |= ICH_MISR_EL2_VGRP1D;
465 }
466
467 return value;
468 }
469
gicv3_cpuif_virt_irq_fiq_update(GICv3CPUState * cs)470 void gicv3_cpuif_virt_irq_fiq_update(GICv3CPUState *cs)
471 {
472 /*
473 * Tell the CPU about any pending virtual interrupts.
474 * This should only be called for changes that affect the
475 * vIRQ and vFIQ status and do not change the maintenance
476 * interrupt status. This means that unlike gicv3_cpuif_virt_update()
477 * this function won't recursively call back into the GIC code.
478 * The main use of this is when the redistributor has changed the
479 * highest priority pending virtual LPI.
480 */
481 int idx;
482 int irqlevel = 0;
483 int fiqlevel = 0;
484 int nmilevel = 0;
485
486 idx = hppvi_index(cs);
487 trace_gicv3_cpuif_virt_update(gicv3_redist_affid(cs), idx,
488 cs->hppvlpi.irq, cs->hppvlpi.grp,
489 cs->hppvlpi.prio);
490 if (idx == HPPVI_INDEX_VLPI) {
491 if (icv_hppvlpi_can_preempt(cs)) {
492 if (cs->hppvlpi.grp == GICV3_G0) {
493 fiqlevel = 1;
494 } else {
495 irqlevel = 1;
496 }
497 }
498 } else if (idx >= 0) {
499 uint64_t lr = cs->ich_lr_el2[idx];
500
501 if (icv_hppi_can_preempt(cs, lr)) {
502 /*
503 * Virtual interrupts are simple: G0 are always FIQ, and G1 are
504 * IRQ or NMI which depends on the ICH_LR<n>_EL2.NMI to have
505 * non-maskable property.
506 */
507 if (lr & ICH_LR_EL2_GROUP) {
508 if (lr & ICH_LR_EL2_NMI) {
509 nmilevel = 1;
510 } else {
511 irqlevel = 1;
512 }
513 } else {
514 fiqlevel = 1;
515 }
516 }
517 }
518
519 trace_gicv3_cpuif_virt_set_irqs(gicv3_redist_affid(cs), fiqlevel, irqlevel);
520 qemu_set_irq(cs->parent_vfiq, fiqlevel);
521 qemu_set_irq(cs->parent_virq, irqlevel);
522 qemu_set_irq(cs->parent_vnmi, nmilevel);
523 }
524
gicv3_cpuif_virt_update(GICv3CPUState * cs)525 static void gicv3_cpuif_virt_update(GICv3CPUState *cs)
526 {
527 /*
528 * Tell the CPU about any pending virtual interrupts or
529 * maintenance interrupts, following a change to the state
530 * of the CPU interface relevant to virtual interrupts.
531 *
532 * CAUTION: this function will call qemu_set_irq() on the
533 * CPU maintenance IRQ line, which is typically wired up
534 * to the GIC as a per-CPU interrupt. This means that it
535 * will recursively call back into the GIC code via
536 * gicv3_redist_set_irq() and thus into the CPU interface code's
537 * gicv3_cpuif_update(). It is therefore important that this
538 * function is only called as the final action of a CPU interface
539 * register write implementation, after all the GIC state
540 * fields have been updated. gicv3_cpuif_update() also must
541 * not cause this function to be called, but that happens
542 * naturally as a result of there being no architectural
543 * linkage between the physical and virtual GIC logic.
544 */
545 ARMCPU *cpu = ARM_CPU(cs->cpu);
546 int maintlevel = 0;
547
548 gicv3_cpuif_virt_irq_fiq_update(cs);
549
550 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_EN) &&
551 maintenance_interrupt_state(cs) != 0) {
552 maintlevel = 1;
553 }
554
555 trace_gicv3_cpuif_virt_set_maint_irq(gicv3_redist_affid(cs), maintlevel);
556 qemu_set_irq(cpu->gicv3_maintenance_interrupt, maintlevel);
557 }
558
icv_ap_read(CPUARMState * env,const ARMCPRegInfo * ri)559 static uint64_t icv_ap_read(CPUARMState *env, const ARMCPRegInfo *ri)
560 {
561 GICv3CPUState *cs = icc_cs_from_env(env);
562 int regno = ri->opc2 & 3;
563 int grp = (ri->crm & 1) ? GICV3_G1NS : GICV3_G0;
564 uint64_t value = cs->ich_apr[grp][regno];
565
566 trace_gicv3_icv_ap_read(ri->crm & 1, regno, gicv3_redist_affid(cs), value);
567 return value;
568 }
569
icv_ap_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)570 static void icv_ap_write(CPUARMState *env, const ARMCPRegInfo *ri,
571 uint64_t value)
572 {
573 GICv3CPUState *cs = icc_cs_from_env(env);
574 int regno = ri->opc2 & 3;
575 int grp = (ri->crm & 1) ? GICV3_G1NS : GICV3_G0;
576
577 trace_gicv3_icv_ap_write(ri->crm & 1, regno, gicv3_redist_affid(cs), value);
578
579 if (cs->nmi_support) {
580 cs->ich_apr[grp][regno] = value & (0xFFFFFFFFU | ICV_AP1R_EL1_NMI);
581 } else {
582 cs->ich_apr[grp][regno] = value & 0xFFFFFFFFU;
583 }
584
585 gicv3_cpuif_virt_irq_fiq_update(cs);
586 return;
587 }
588
icv_bpr_read(CPUARMState * env,const ARMCPRegInfo * ri)589 static uint64_t icv_bpr_read(CPUARMState *env, const ARMCPRegInfo *ri)
590 {
591 GICv3CPUState *cs = icc_cs_from_env(env);
592 int grp = (ri->crm == 8) ? GICV3_G0 : GICV3_G1NS;
593 uint64_t bpr;
594 bool satinc = false;
595
596 if (grp == GICV3_G1NS && (cs->ich_vmcr_el2 & ICH_VMCR_EL2_VCBPR)) {
597 /* reads return bpr0 + 1 saturated to 7, writes ignored */
598 grp = GICV3_G0;
599 satinc = true;
600 }
601
602 bpr = read_vbpr(cs, grp);
603
604 if (satinc) {
605 bpr++;
606 bpr = MIN(bpr, 7);
607 }
608
609 trace_gicv3_icv_bpr_read(ri->crm == 8 ? 0 : 1, gicv3_redist_affid(cs), bpr);
610
611 return bpr;
612 }
613
icv_bpr_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)614 static void icv_bpr_write(CPUARMState *env, const ARMCPRegInfo *ri,
615 uint64_t value)
616 {
617 GICv3CPUState *cs = icc_cs_from_env(env);
618 int grp = (ri->crm == 8) ? GICV3_G0 : GICV3_G1NS;
619
620 trace_gicv3_icv_bpr_write(ri->crm == 8 ? 0 : 1,
621 gicv3_redist_affid(cs), value);
622
623 if (grp == GICV3_G1NS && (cs->ich_vmcr_el2 & ICH_VMCR_EL2_VCBPR)) {
624 /* reads return bpr0 + 1 saturated to 7, writes ignored */
625 return;
626 }
627
628 write_vbpr(cs, grp, value);
629
630 gicv3_cpuif_virt_irq_fiq_update(cs);
631 }
632
icv_pmr_read(CPUARMState * env,const ARMCPRegInfo * ri)633 static uint64_t icv_pmr_read(CPUARMState *env, const ARMCPRegInfo *ri)
634 {
635 GICv3CPUState *cs = icc_cs_from_env(env);
636 uint64_t value;
637
638 value = extract64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VPMR_SHIFT,
639 ICH_VMCR_EL2_VPMR_LENGTH);
640
641 trace_gicv3_icv_pmr_read(gicv3_redist_affid(cs), value);
642 return value;
643 }
644
icv_pmr_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)645 static void icv_pmr_write(CPUARMState *env, const ARMCPRegInfo *ri,
646 uint64_t value)
647 {
648 GICv3CPUState *cs = icc_cs_from_env(env);
649
650 trace_gicv3_icv_pmr_write(gicv3_redist_affid(cs), value);
651
652 value &= icv_fullprio_mask(cs);
653
654 cs->ich_vmcr_el2 = deposit64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VPMR_SHIFT,
655 ICH_VMCR_EL2_VPMR_LENGTH, value);
656
657 gicv3_cpuif_virt_irq_fiq_update(cs);
658 }
659
icv_igrpen_read(CPUARMState * env,const ARMCPRegInfo * ri)660 static uint64_t icv_igrpen_read(CPUARMState *env, const ARMCPRegInfo *ri)
661 {
662 GICv3CPUState *cs = icc_cs_from_env(env);
663 int enbit;
664 uint64_t value;
665
666 enbit = ri->opc2 & 1 ? ICH_VMCR_EL2_VENG1_SHIFT : ICH_VMCR_EL2_VENG0_SHIFT;
667 value = extract64(cs->ich_vmcr_el2, enbit, 1);
668
669 trace_gicv3_icv_igrpen_read(ri->opc2 & 1 ? 1 : 0,
670 gicv3_redist_affid(cs), value);
671 return value;
672 }
673
icv_igrpen_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)674 static void icv_igrpen_write(CPUARMState *env, const ARMCPRegInfo *ri,
675 uint64_t value)
676 {
677 GICv3CPUState *cs = icc_cs_from_env(env);
678 int enbit;
679
680 trace_gicv3_icv_igrpen_write(ri->opc2 & 1 ? 1 : 0,
681 gicv3_redist_affid(cs), value);
682
683 enbit = ri->opc2 & 1 ? ICH_VMCR_EL2_VENG1_SHIFT : ICH_VMCR_EL2_VENG0_SHIFT;
684
685 cs->ich_vmcr_el2 = deposit64(cs->ich_vmcr_el2, enbit, 1, value);
686 gicv3_cpuif_virt_update(cs);
687 }
688
icv_ctlr_read(CPUARMState * env,const ARMCPRegInfo * ri)689 static uint64_t icv_ctlr_read(CPUARMState *env, const ARMCPRegInfo *ri)
690 {
691 GICv3CPUState *cs = icc_cs_from_env(env);
692 uint64_t value;
693
694 /* Note that the fixed fields here (A3V, SEIS, IDbits, PRIbits)
695 * should match the ones reported in ich_vtr_read().
696 */
697 value = ICC_CTLR_EL1_A3V | (1 << ICC_CTLR_EL1_IDBITS_SHIFT) |
698 ((cs->vpribits - 1) << ICC_CTLR_EL1_PRIBITS_SHIFT);
699
700 if (cs->ich_vmcr_el2 & ICH_VMCR_EL2_VEOIM) {
701 value |= ICC_CTLR_EL1_EOIMODE;
702 }
703
704 if (cs->ich_vmcr_el2 & ICH_VMCR_EL2_VCBPR) {
705 value |= ICC_CTLR_EL1_CBPR;
706 }
707
708 trace_gicv3_icv_ctlr_read(gicv3_redist_affid(cs), value);
709 return value;
710 }
711
icv_ctlr_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)712 static void icv_ctlr_write(CPUARMState *env, const ARMCPRegInfo *ri,
713 uint64_t value)
714 {
715 GICv3CPUState *cs = icc_cs_from_env(env);
716
717 trace_gicv3_icv_ctlr_write(gicv3_redist_affid(cs), value);
718
719 cs->ich_vmcr_el2 = deposit64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VCBPR_SHIFT,
720 1, value & ICC_CTLR_EL1_CBPR ? 1 : 0);
721 cs->ich_vmcr_el2 = deposit64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VEOIM_SHIFT,
722 1, value & ICC_CTLR_EL1_EOIMODE ? 1 : 0);
723
724 gicv3_cpuif_virt_irq_fiq_update(cs);
725 }
726
icv_rpr_read(CPUARMState * env,const ARMCPRegInfo * ri)727 static uint64_t icv_rpr_read(CPUARMState *env, const ARMCPRegInfo *ri)
728 {
729 GICv3CPUState *cs = icc_cs_from_env(env);
730 uint64_t prio = ich_highest_active_virt_prio(cs);
731
732 if (cs->ich_apr[GICV3_G1NS][0] & ICV_AP1R_EL1_NMI) {
733 prio |= ICV_RPR_EL1_NMI;
734 }
735
736 trace_gicv3_icv_rpr_read(gicv3_redist_affid(cs), prio);
737 return prio;
738 }
739
icv_hppir_read(CPUARMState * env,const ARMCPRegInfo * ri)740 static uint64_t icv_hppir_read(CPUARMState *env, const ARMCPRegInfo *ri)
741 {
742 GICv3CPUState *cs = icc_cs_from_env(env);
743 int grp = ri->crm == 8 ? GICV3_G0 : GICV3_G1NS;
744 int idx = hppvi_index(cs);
745 uint64_t value = INTID_SPURIOUS;
746
747 if (idx == HPPVI_INDEX_VLPI) {
748 if (cs->hppvlpi.grp == grp) {
749 value = cs->hppvlpi.irq;
750 }
751 } else if (idx >= 0) {
752 uint64_t lr = cs->ich_lr_el2[idx];
753 int thisgrp = (lr & ICH_LR_EL2_GROUP) ? GICV3_G1NS : GICV3_G0;
754
755 if (grp == thisgrp) {
756 value = ich_lr_vintid(lr);
757 }
758 }
759
760 trace_gicv3_icv_hppir_read(ri->crm == 8 ? 0 : 1,
761 gicv3_redist_affid(cs), value);
762 return value;
763 }
764
icv_activate_irq(GICv3CPUState * cs,int idx,int grp)765 static void icv_activate_irq(GICv3CPUState *cs, int idx, int grp)
766 {
767 /* Activate the interrupt in the specified list register
768 * by moving it from Pending to Active state, and update the
769 * Active Priority Registers.
770 */
771 uint32_t mask = icv_gprio_mask(cs, grp);
772 int prio = ich_lr_prio(cs->ich_lr_el2[idx]) & mask;
773 bool nmi = cs->ich_lr_el2[idx] & ICH_LR_EL2_NMI;
774 int aprbit = prio >> (8 - cs->vprebits);
775 int regno = aprbit / 32;
776 int regbit = aprbit % 32;
777
778 cs->ich_lr_el2[idx] &= ~ICH_LR_EL2_STATE_PENDING_BIT;
779 cs->ich_lr_el2[idx] |= ICH_LR_EL2_STATE_ACTIVE_BIT;
780
781 if (nmi) {
782 cs->ich_apr[grp][regno] |= ICV_AP1R_EL1_NMI;
783 } else {
784 cs->ich_apr[grp][regno] |= (1U << regbit);
785 }
786 }
787
icv_activate_vlpi(GICv3CPUState * cs)788 static void icv_activate_vlpi(GICv3CPUState *cs)
789 {
790 uint32_t mask = icv_gprio_mask(cs, cs->hppvlpi.grp);
791 int prio = cs->hppvlpi.prio & mask;
792 int aprbit = prio >> (8 - cs->vprebits);
793 int regno = aprbit / 32;
794 int regbit = aprbit % 32;
795
796 cs->ich_apr[cs->hppvlpi.grp][regno] |= (1U << regbit);
797 gicv3_redist_vlpi_pending(cs, cs->hppvlpi.irq, 0);
798 }
799
icv_iar_read(CPUARMState * env,const ARMCPRegInfo * ri)800 static uint64_t icv_iar_read(CPUARMState *env, const ARMCPRegInfo *ri)
801 {
802 GICv3CPUState *cs = icc_cs_from_env(env);
803 int grp = ri->crm == 8 ? GICV3_G0 : GICV3_G1NS;
804 int idx = hppvi_index(cs);
805 uint64_t intid = INTID_SPURIOUS;
806 int el = arm_current_el(env);
807
808 if (idx == HPPVI_INDEX_VLPI) {
809 if (cs->hppvlpi.grp == grp && icv_hppvlpi_can_preempt(cs)) {
810 intid = cs->hppvlpi.irq;
811 icv_activate_vlpi(cs);
812 }
813 } else if (idx >= 0) {
814 uint64_t lr = cs->ich_lr_el2[idx];
815 int thisgrp = (lr & ICH_LR_EL2_GROUP) ? GICV3_G1NS : GICV3_G0;
816 bool nmi = env->cp15.sctlr_el[el] & SCTLR_NMI && lr & ICH_LR_EL2_NMI;
817
818 if (thisgrp == grp && icv_hppi_can_preempt(cs, lr)) {
819 intid = ich_lr_vintid(lr);
820 if (!gicv3_intid_is_special(intid)) {
821 if (!nmi) {
822 icv_activate_irq(cs, idx, grp);
823 } else {
824 intid = INTID_NMI;
825 }
826 } else {
827 /* Interrupt goes from Pending to Invalid */
828 cs->ich_lr_el2[idx] &= ~ICH_LR_EL2_STATE_PENDING_BIT;
829 /* We will now return the (bogus) ID from the list register,
830 * as per the pseudocode.
831 */
832 }
833 }
834 }
835
836 trace_gicv3_icv_iar_read(ri->crm == 8 ? 0 : 1,
837 gicv3_redist_affid(cs), intid);
838
839 gicv3_cpuif_virt_update(cs);
840
841 return intid;
842 }
843
icv_nmiar1_read(CPUARMState * env,const ARMCPRegInfo * ri)844 static uint64_t icv_nmiar1_read(CPUARMState *env, const ARMCPRegInfo *ri)
845 {
846 GICv3CPUState *cs = icc_cs_from_env(env);
847 int idx = hppvi_index(cs);
848 uint64_t intid = INTID_SPURIOUS;
849
850 if (idx >= 0 && idx != HPPVI_INDEX_VLPI) {
851 uint64_t lr = cs->ich_lr_el2[idx];
852 int thisgrp = (lr & ICH_LR_EL2_GROUP) ? GICV3_G1NS : GICV3_G0;
853
854 if ((thisgrp == GICV3_G1NS) && icv_hppi_can_preempt(cs, lr)) {
855 intid = ich_lr_vintid(lr);
856 if (!gicv3_intid_is_special(intid)) {
857 if (lr & ICH_LR_EL2_NMI) {
858 icv_activate_irq(cs, idx, GICV3_G1NS);
859 } else {
860 intid = INTID_SPURIOUS;
861 }
862 } else {
863 /* Interrupt goes from Pending to Invalid */
864 cs->ich_lr_el2[idx] &= ~ICH_LR_EL2_STATE_PENDING_BIT;
865 /*
866 * We will now return the (bogus) ID from the list register,
867 * as per the pseudocode.
868 */
869 }
870 }
871 }
872
873 trace_gicv3_icv_nmiar1_read(gicv3_redist_affid(cs), intid);
874
875 gicv3_cpuif_virt_update(cs);
876
877 return intid;
878 }
879
icc_fullprio_mask(GICv3CPUState * cs)880 static uint32_t icc_fullprio_mask(GICv3CPUState *cs)
881 {
882 /*
883 * Return a mask word which clears the unimplemented priority bits
884 * from a priority value for a physical interrupt. (Not to be confused
885 * with the group priority, whose mask depends on the value of BPR
886 * for the interrupt group.)
887 */
888 return (~0U << (8 - cs->pribits)) & 0xff;
889 }
890
icc_min_bpr(GICv3CPUState * cs)891 static inline int icc_min_bpr(GICv3CPUState *cs)
892 {
893 /* The minimum BPR for the physical interface. */
894 return 7 - cs->prebits;
895 }
896
icc_min_bpr_ns(GICv3CPUState * cs)897 static inline int icc_min_bpr_ns(GICv3CPUState *cs)
898 {
899 return icc_min_bpr(cs) + 1;
900 }
901
icc_num_aprs(GICv3CPUState * cs)902 static inline int icc_num_aprs(GICv3CPUState *cs)
903 {
904 /* Return the number of APR registers (1, 2, or 4) */
905 int aprmax = 1 << MAX(cs->prebits - 5, 0);
906 assert(aprmax <= ARRAY_SIZE(cs->icc_apr[0]));
907 return aprmax;
908 }
909
icc_highest_active_prio(GICv3CPUState * cs)910 static int icc_highest_active_prio(GICv3CPUState *cs)
911 {
912 /* Calculate the current running priority based on the set bits
913 * in the Active Priority Registers.
914 */
915 int i;
916
917 if (cs->nmi_support) {
918 /*
919 * If an NMI is active this takes precedence over anything else
920 * for priority purposes; the NMI bit is only in the AP1R0 bit.
921 * We return here the effective priority of the NMI, which is
922 * either 0x0 or 0x80. Callers will need to check NMI again for
923 * purposes of either setting the RPR register bits or for
924 * prioritization of NMI vs non-NMI.
925 */
926 if (cs->icc_apr[GICV3_G1][0] & ICC_AP1R_EL1_NMI) {
927 return 0;
928 }
929 if (cs->icc_apr[GICV3_G1NS][0] & ICC_AP1R_EL1_NMI) {
930 return (cs->gic->gicd_ctlr & GICD_CTLR_DS) ? 0 : 0x80;
931 }
932 }
933
934 for (i = 0; i < icc_num_aprs(cs); i++) {
935 uint32_t apr = cs->icc_apr[GICV3_G0][i] |
936 cs->icc_apr[GICV3_G1][i] | cs->icc_apr[GICV3_G1NS][i];
937
938 if (!apr) {
939 continue;
940 }
941 return (i * 32 + ctz32(apr)) << (icc_min_bpr(cs) + 1);
942 }
943 /* No current active interrupts: return idle priority */
944 return 0xff;
945 }
946
icc_gprio_mask(GICv3CPUState * cs,int group)947 static uint32_t icc_gprio_mask(GICv3CPUState *cs, int group)
948 {
949 /* Return a mask word which clears the subpriority bits from
950 * a priority value for an interrupt in the specified group.
951 * This depends on the BPR value. For CBPR0 (S or NS):
952 * a BPR of 0 means the group priority bits are [7:1];
953 * a BPR of 1 means they are [7:2], and so on down to
954 * a BPR of 7 meaning no group priority bits at all.
955 * For CBPR1 NS:
956 * a BPR of 0 is impossible (the minimum value is 1)
957 * a BPR of 1 means the group priority bits are [7:1];
958 * a BPR of 2 means they are [7:2], and so on down to
959 * a BPR of 7 meaning the group priority is [7].
960 *
961 * Which BPR to use depends on the group of the interrupt and
962 * the current ICC_CTLR.CBPR settings.
963 *
964 * This corresponds to the GroupBits() pseudocode.
965 */
966 int bpr;
967
968 if ((group == GICV3_G1 && cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_CBPR) ||
969 (group == GICV3_G1NS &&
970 cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR)) {
971 group = GICV3_G0;
972 }
973
974 bpr = cs->icc_bpr[group] & 7;
975
976 if (group == GICV3_G1NS) {
977 assert(bpr > 0);
978 bpr--;
979 }
980
981 return ~0U << (bpr + 1);
982 }
983
icc_no_enabled_hppi(GICv3CPUState * cs)984 static bool icc_no_enabled_hppi(GICv3CPUState *cs)
985 {
986 /* Return true if there is no pending interrupt, or the
987 * highest priority pending interrupt is in a group which has been
988 * disabled at the CPU interface by the ICC_IGRPEN* register enable bits.
989 */
990 return cs->hppi.prio == 0xff || (cs->icc_igrpen[cs->hppi.grp] == 0);
991 }
992
icc_hppi_can_preempt(GICv3CPUState * cs)993 static bool icc_hppi_can_preempt(GICv3CPUState *cs)
994 {
995 /* Return true if we have a pending interrupt of sufficient
996 * priority to preempt.
997 */
998 int rprio;
999 uint32_t mask;
1000 ARMCPU *cpu = ARM_CPU(cs->cpu);
1001 CPUARMState *env = &cpu->env;
1002
1003 if (icc_no_enabled_hppi(cs)) {
1004 return false;
1005 }
1006
1007 if (cs->hppi.nmi) {
1008 if (!(cs->gic->gicd_ctlr & GICD_CTLR_DS) &&
1009 cs->hppi.grp == GICV3_G1NS) {
1010 if (cs->icc_pmr_el1 < 0x80) {
1011 return false;
1012 }
1013 if (arm_is_secure(env) && cs->icc_pmr_el1 == 0x80) {
1014 return false;
1015 }
1016 }
1017 } else if (cs->hppi.prio >= cs->icc_pmr_el1) {
1018 /* Priority mask masks this interrupt */
1019 return false;
1020 }
1021
1022 rprio = icc_highest_active_prio(cs);
1023 if (rprio == 0xff) {
1024 /* No currently running interrupt so we can preempt */
1025 return true;
1026 }
1027
1028 mask = icc_gprio_mask(cs, cs->hppi.grp);
1029
1030 /* We only preempt a running interrupt if the pending interrupt's
1031 * group priority is sufficient (the subpriorities are not considered).
1032 */
1033 if ((cs->hppi.prio & mask) < (rprio & mask)) {
1034 return true;
1035 }
1036
1037 if (cs->hppi.nmi && (cs->hppi.prio & mask) == (rprio & mask)) {
1038 if (!(cs->icc_apr[cs->hppi.grp][0] & ICC_AP1R_EL1_NMI)) {
1039 return true;
1040 }
1041 }
1042
1043 return false;
1044 }
1045
gicv3_cpuif_update(GICv3CPUState * cs)1046 void gicv3_cpuif_update(GICv3CPUState *cs)
1047 {
1048 /* Tell the CPU about its highest priority pending interrupt */
1049 int irqlevel = 0;
1050 int fiqlevel = 0;
1051 int nmilevel = 0;
1052 ARMCPU *cpu = ARM_CPU(cs->cpu);
1053 CPUARMState *env = &cpu->env;
1054
1055 g_assert(bql_locked());
1056
1057 trace_gicv3_cpuif_update(gicv3_redist_affid(cs), cs->hppi.irq,
1058 cs->hppi.grp, cs->hppi.prio);
1059
1060 if (cs->hppi.grp == GICV3_G1 && !arm_feature(env, ARM_FEATURE_EL3)) {
1061 /* If a Security-enabled GIC sends a G1S interrupt to a
1062 * Security-disabled CPU, we must treat it as if it were G0.
1063 */
1064 cs->hppi.grp = GICV3_G0;
1065 }
1066
1067 if (icc_hppi_can_preempt(cs)) {
1068 /* We have an interrupt: should we signal it as IRQ or FIQ?
1069 * This is described in the GICv3 spec section 4.6.2.
1070 */
1071 bool isfiq;
1072
1073 switch (cs->hppi.grp) {
1074 case GICV3_G0:
1075 isfiq = true;
1076 break;
1077 case GICV3_G1:
1078 isfiq = (!arm_is_secure(env) ||
1079 (arm_current_el(env) == 3 && arm_el_is_aa64(env, 3)));
1080 break;
1081 case GICV3_G1NS:
1082 isfiq = arm_is_secure(env);
1083 break;
1084 default:
1085 g_assert_not_reached();
1086 }
1087
1088 if (isfiq) {
1089 fiqlevel = 1;
1090 } else if (cs->hppi.nmi) {
1091 nmilevel = 1;
1092 } else {
1093 irqlevel = 1;
1094 }
1095 }
1096
1097 trace_gicv3_cpuif_set_irqs(gicv3_redist_affid(cs), fiqlevel, irqlevel);
1098
1099 qemu_set_irq(cs->parent_fiq, fiqlevel);
1100 qemu_set_irq(cs->parent_irq, irqlevel);
1101 qemu_set_irq(cs->parent_nmi, nmilevel);
1102 }
1103
icc_pmr_read(CPUARMState * env,const ARMCPRegInfo * ri)1104 static uint64_t icc_pmr_read(CPUARMState *env, const ARMCPRegInfo *ri)
1105 {
1106 GICv3CPUState *cs = icc_cs_from_env(env);
1107 uint32_t value = cs->icc_pmr_el1;
1108
1109 if (icv_access(env, HCR_FMO | HCR_IMO)) {
1110 return icv_pmr_read(env, ri);
1111 }
1112
1113 if (arm_feature(env, ARM_FEATURE_EL3) && !arm_is_secure(env) &&
1114 (env->cp15.scr_el3 & SCR_FIQ)) {
1115 /* NS access and Group 0 is inaccessible to NS: return the
1116 * NS view of the current priority
1117 */
1118 if ((value & 0x80) == 0) {
1119 /* Secure priorities not visible to NS */
1120 value = 0;
1121 } else if (value != 0xff) {
1122 value = (value << 1) & 0xff;
1123 }
1124 }
1125
1126 trace_gicv3_icc_pmr_read(gicv3_redist_affid(cs), value);
1127
1128 return value;
1129 }
1130
icc_pmr_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)1131 static void icc_pmr_write(CPUARMState *env, const ARMCPRegInfo *ri,
1132 uint64_t value)
1133 {
1134 GICv3CPUState *cs = icc_cs_from_env(env);
1135
1136 if (icv_access(env, HCR_FMO | HCR_IMO)) {
1137 return icv_pmr_write(env, ri, value);
1138 }
1139
1140 trace_gicv3_icc_pmr_write(gicv3_redist_affid(cs), value);
1141
1142 if (arm_feature(env, ARM_FEATURE_EL3) && !arm_is_secure(env) &&
1143 (env->cp15.scr_el3 & SCR_FIQ)) {
1144 /* NS access and Group 0 is inaccessible to NS: return the
1145 * NS view of the current priority
1146 */
1147 if (!(cs->icc_pmr_el1 & 0x80)) {
1148 /* Current PMR in the secure range, don't allow NS to change it */
1149 return;
1150 }
1151 value = (value >> 1) | 0x80;
1152 }
1153 value &= icc_fullprio_mask(cs);
1154 cs->icc_pmr_el1 = value;
1155 gicv3_cpuif_update(cs);
1156 }
1157
icc_activate_irq(GICv3CPUState * cs,int irq)1158 static void icc_activate_irq(GICv3CPUState *cs, int irq)
1159 {
1160 /* Move the interrupt from the Pending state to Active, and update
1161 * the Active Priority Registers
1162 */
1163 uint32_t mask = icc_gprio_mask(cs, cs->hppi.grp);
1164 int prio = cs->hppi.prio & mask;
1165 int aprbit = prio >> (8 - cs->prebits);
1166 int regno = aprbit / 32;
1167 int regbit = aprbit % 32;
1168 bool nmi = cs->hppi.nmi;
1169
1170 if (nmi) {
1171 cs->icc_apr[cs->hppi.grp][regno] |= ICC_AP1R_EL1_NMI;
1172 } else {
1173 cs->icc_apr[cs->hppi.grp][regno] |= (1U << regbit);
1174 }
1175
1176 if (irq < GIC_INTERNAL) {
1177 cs->gicr_iactiver0 = deposit32(cs->gicr_iactiver0, irq, 1, 1);
1178 cs->gicr_ipendr0 = deposit32(cs->gicr_ipendr0, irq, 1, 0);
1179 gicv3_redist_update(cs);
1180 } else if (irq < GICV3_LPI_INTID_START) {
1181 gicv3_gicd_active_set(cs->gic, irq);
1182 gicv3_gicd_pending_clear(cs->gic, irq);
1183 gicv3_update(cs->gic, irq, 1);
1184 } else {
1185 gicv3_redist_lpi_pending(cs, irq, 0);
1186 }
1187 }
1188
icc_hppir0_value(GICv3CPUState * cs,CPUARMState * env)1189 static uint64_t icc_hppir0_value(GICv3CPUState *cs, CPUARMState *env)
1190 {
1191 /* Return the highest priority pending interrupt register value
1192 * for group 0.
1193 */
1194 bool irq_is_secure;
1195
1196 if (icc_no_enabled_hppi(cs)) {
1197 return INTID_SPURIOUS;
1198 }
1199
1200 /* Check whether we can return the interrupt or if we should return
1201 * a special identifier, as per the CheckGroup0ForSpecialIdentifiers
1202 * pseudocode. (We can simplify a little because for us ICC_SRE_EL1.RM
1203 * is always zero.)
1204 */
1205 irq_is_secure = (!(cs->gic->gicd_ctlr & GICD_CTLR_DS) &&
1206 (cs->hppi.grp != GICV3_G1NS));
1207
1208 if (cs->hppi.grp != GICV3_G0 && !arm_is_el3_or_mon(env)) {
1209 return INTID_SPURIOUS;
1210 }
1211 if (irq_is_secure && !arm_is_secure(env)) {
1212 /* Secure interrupts not visible to Nonsecure */
1213 return INTID_SPURIOUS;
1214 }
1215
1216 if (cs->hppi.grp != GICV3_G0) {
1217 /* Indicate to EL3 that there's a Group 1 interrupt for the other
1218 * state pending.
1219 */
1220 return irq_is_secure ? INTID_SECURE : INTID_NONSECURE;
1221 }
1222
1223 return cs->hppi.irq;
1224 }
1225
icc_hppir1_value(GICv3CPUState * cs,CPUARMState * env)1226 static uint64_t icc_hppir1_value(GICv3CPUState *cs, CPUARMState *env)
1227 {
1228 /* Return the highest priority pending interrupt register value
1229 * for group 1.
1230 */
1231 bool irq_is_secure;
1232
1233 if (icc_no_enabled_hppi(cs)) {
1234 return INTID_SPURIOUS;
1235 }
1236
1237 /* Check whether we can return the interrupt or if we should return
1238 * a special identifier, as per the CheckGroup1ForSpecialIdentifiers
1239 * pseudocode. (We can simplify a little because for us ICC_SRE_EL1.RM
1240 * is always zero.)
1241 */
1242 irq_is_secure = (!(cs->gic->gicd_ctlr & GICD_CTLR_DS) &&
1243 (cs->hppi.grp != GICV3_G1NS));
1244
1245 if (cs->hppi.grp == GICV3_G0) {
1246 /* Group 0 interrupts not visible via HPPIR1 */
1247 return INTID_SPURIOUS;
1248 }
1249 if (irq_is_secure) {
1250 if (!arm_is_secure(env)) {
1251 /* Secure interrupts not visible in Non-secure */
1252 return INTID_SPURIOUS;
1253 }
1254 } else if (!arm_is_el3_or_mon(env) && arm_is_secure(env)) {
1255 /* Group 1 non-secure interrupts not visible in Secure EL1 */
1256 return INTID_SPURIOUS;
1257 }
1258
1259 return cs->hppi.irq;
1260 }
1261
icc_iar0_read(CPUARMState * env,const ARMCPRegInfo * ri)1262 static uint64_t icc_iar0_read(CPUARMState *env, const ARMCPRegInfo *ri)
1263 {
1264 GICv3CPUState *cs = icc_cs_from_env(env);
1265 uint64_t intid;
1266
1267 if (icv_access(env, HCR_FMO)) {
1268 return icv_iar_read(env, ri);
1269 }
1270
1271 if (!icc_hppi_can_preempt(cs)) {
1272 intid = INTID_SPURIOUS;
1273 } else {
1274 intid = icc_hppir0_value(cs, env);
1275 }
1276
1277 if (!gicv3_intid_is_special(intid)) {
1278 icc_activate_irq(cs, intid);
1279 }
1280
1281 trace_gicv3_icc_iar0_read(gicv3_redist_affid(cs), intid);
1282 return intid;
1283 }
1284
icc_iar1_read(CPUARMState * env,const ARMCPRegInfo * ri)1285 static uint64_t icc_iar1_read(CPUARMState *env, const ARMCPRegInfo *ri)
1286 {
1287 GICv3CPUState *cs = icc_cs_from_env(env);
1288 int el = arm_current_el(env);
1289 uint64_t intid;
1290
1291 if (icv_access(env, HCR_IMO)) {
1292 return icv_iar_read(env, ri);
1293 }
1294
1295 if (!icc_hppi_can_preempt(cs)) {
1296 intid = INTID_SPURIOUS;
1297 } else {
1298 intid = icc_hppir1_value(cs, env);
1299 }
1300
1301 if (!gicv3_intid_is_special(intid)) {
1302 if (cs->hppi.nmi && env->cp15.sctlr_el[el] & SCTLR_NMI) {
1303 intid = INTID_NMI;
1304 } else {
1305 icc_activate_irq(cs, intid);
1306 }
1307 }
1308
1309 trace_gicv3_icc_iar1_read(gicv3_redist_affid(cs), intid);
1310 return intid;
1311 }
1312
icc_nmiar1_read(CPUARMState * env,const ARMCPRegInfo * ri)1313 static uint64_t icc_nmiar1_read(CPUARMState *env, const ARMCPRegInfo *ri)
1314 {
1315 GICv3CPUState *cs = icc_cs_from_env(env);
1316 uint64_t intid;
1317
1318 if (icv_access(env, HCR_IMO)) {
1319 return icv_nmiar1_read(env, ri);
1320 }
1321
1322 if (!icc_hppi_can_preempt(cs)) {
1323 intid = INTID_SPURIOUS;
1324 } else {
1325 intid = icc_hppir1_value(cs, env);
1326 }
1327
1328 if (!gicv3_intid_is_special(intid)) {
1329 if (!cs->hppi.nmi) {
1330 intid = INTID_SPURIOUS;
1331 } else {
1332 icc_activate_irq(cs, intid);
1333 }
1334 }
1335
1336 trace_gicv3_icc_nmiar1_read(gicv3_redist_affid(cs), intid);
1337 return intid;
1338 }
1339
icc_drop_prio(GICv3CPUState * cs,int grp)1340 static void icc_drop_prio(GICv3CPUState *cs, int grp)
1341 {
1342 /* Drop the priority of the currently active interrupt in
1343 * the specified group.
1344 *
1345 * Note that we can guarantee (because of the requirement to nest
1346 * ICC_IAR reads [which activate an interrupt and raise priority]
1347 * with ICC_EOIR writes [which drop the priority for the interrupt])
1348 * that the interrupt we're being called for is the highest priority
1349 * active interrupt, meaning that it has the lowest set bit in the
1350 * APR registers.
1351 *
1352 * If the guest does not honour the ordering constraints then the
1353 * behaviour of the GIC is UNPREDICTABLE, which for us means that
1354 * the values of the APR registers might become incorrect and the
1355 * running priority will be wrong, so interrupts that should preempt
1356 * might not do so, and interrupts that should not preempt might do so.
1357 */
1358 int i;
1359
1360 for (i = 0; i < icc_num_aprs(cs); i++) {
1361 uint64_t *papr = &cs->icc_apr[grp][i];
1362
1363 if (!*papr) {
1364 continue;
1365 }
1366
1367 if (i == 0 && cs->nmi_support && (*papr & ICC_AP1R_EL1_NMI)) {
1368 *papr &= (~ICC_AP1R_EL1_NMI);
1369 break;
1370 }
1371
1372 /* Clear the lowest set bit */
1373 *papr &= *papr - 1;
1374 break;
1375 }
1376
1377 /* running priority change means we need an update for this cpu i/f */
1378 gicv3_cpuif_update(cs);
1379 }
1380
icc_eoi_split(CPUARMState * env,GICv3CPUState * cs)1381 static bool icc_eoi_split(CPUARMState *env, GICv3CPUState *cs)
1382 {
1383 /* Return true if we should split priority drop and interrupt
1384 * deactivation, ie whether the relevant EOIMode bit is set.
1385 */
1386 if (arm_is_el3_or_mon(env)) {
1387 return cs->icc_ctlr_el3 & ICC_CTLR_EL3_EOIMODE_EL3;
1388 }
1389 if (arm_is_secure_below_el3(env)) {
1390 return cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_EOIMODE;
1391 } else {
1392 return cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_EOIMODE;
1393 }
1394 }
1395
icc_highest_active_group(GICv3CPUState * cs)1396 static int icc_highest_active_group(GICv3CPUState *cs)
1397 {
1398 /* Return the group with the highest priority active interrupt.
1399 * We can do this by just comparing the APRs to see which one
1400 * has the lowest set bit.
1401 * (If more than one group is active at the same priority then
1402 * we're in UNPREDICTABLE territory.)
1403 */
1404 int i;
1405
1406 if (cs->nmi_support) {
1407 if (cs->icc_apr[GICV3_G1][0] & ICC_AP1R_EL1_NMI) {
1408 return GICV3_G1;
1409 }
1410 if (cs->icc_apr[GICV3_G1NS][0] & ICC_AP1R_EL1_NMI) {
1411 return GICV3_G1NS;
1412 }
1413 }
1414
1415 for (i = 0; i < ARRAY_SIZE(cs->icc_apr[0]); i++) {
1416 int g0ctz = ctz32(cs->icc_apr[GICV3_G0][i]);
1417 int g1ctz = ctz32(cs->icc_apr[GICV3_G1][i]);
1418 int g1nsctz = ctz32(cs->icc_apr[GICV3_G1NS][i]);
1419
1420 if (g1nsctz < g0ctz && g1nsctz < g1ctz) {
1421 return GICV3_G1NS;
1422 }
1423 if (g1ctz < g0ctz) {
1424 return GICV3_G1;
1425 }
1426 if (g0ctz < 32) {
1427 return GICV3_G0;
1428 }
1429 }
1430 /* No set active bits? UNPREDICTABLE; return -1 so the caller
1431 * ignores the spurious EOI attempt.
1432 */
1433 return -1;
1434 }
1435
icc_deactivate_irq(GICv3CPUState * cs,int irq)1436 static void icc_deactivate_irq(GICv3CPUState *cs, int irq)
1437 {
1438 if (irq < GIC_INTERNAL) {
1439 cs->gicr_iactiver0 = deposit32(cs->gicr_iactiver0, irq, 1, 0);
1440 gicv3_redist_update(cs);
1441 } else {
1442 gicv3_gicd_active_clear(cs->gic, irq);
1443 gicv3_update(cs->gic, irq, 1);
1444 }
1445 }
1446
icv_eoi_split(CPUARMState * env,GICv3CPUState * cs)1447 static bool icv_eoi_split(CPUARMState *env, GICv3CPUState *cs)
1448 {
1449 /* Return true if we should split priority drop and interrupt
1450 * deactivation, ie whether the virtual EOIMode bit is set.
1451 */
1452 return cs->ich_vmcr_el2 & ICH_VMCR_EL2_VEOIM;
1453 }
1454
icv_find_active(GICv3CPUState * cs,int irq)1455 static int icv_find_active(GICv3CPUState *cs, int irq)
1456 {
1457 /* Given an interrupt number for an active interrupt, return the index
1458 * of the corresponding list register, or -1 if there is no match.
1459 * Corresponds to FindActiveVirtualInterrupt pseudocode.
1460 */
1461 int i;
1462
1463 for (i = 0; i < cs->num_list_regs; i++) {
1464 uint64_t lr = cs->ich_lr_el2[i];
1465
1466 if ((lr & ICH_LR_EL2_STATE_ACTIVE_BIT) && ich_lr_vintid(lr) == irq) {
1467 return i;
1468 }
1469 }
1470
1471 return -1;
1472 }
1473
icv_deactivate_irq(GICv3CPUState * cs,int idx)1474 static void icv_deactivate_irq(GICv3CPUState *cs, int idx)
1475 {
1476 /* Deactivate the interrupt in the specified list register index */
1477 uint64_t lr = cs->ich_lr_el2[idx];
1478
1479 if (lr & ICH_LR_EL2_HW) {
1480 /* Deactivate the associated physical interrupt */
1481 int pirq = ich_lr_pintid(lr);
1482
1483 if (pirq < INTID_SECURE) {
1484 icc_deactivate_irq(cs, pirq);
1485 }
1486 }
1487
1488 /* Clear the 'active' part of the state, so ActivePending->Pending
1489 * and Active->Invalid.
1490 */
1491 lr &= ~ICH_LR_EL2_STATE_ACTIVE_BIT;
1492 cs->ich_lr_el2[idx] = lr;
1493 }
1494
icv_increment_eoicount(GICv3CPUState * cs)1495 static void icv_increment_eoicount(GICv3CPUState *cs)
1496 {
1497 /* Increment the EOICOUNT field in ICH_HCR_EL2 */
1498 int eoicount = extract64(cs->ich_hcr_el2, ICH_HCR_EL2_EOICOUNT_SHIFT,
1499 ICH_HCR_EL2_EOICOUNT_LENGTH);
1500
1501 cs->ich_hcr_el2 = deposit64(cs->ich_hcr_el2, ICH_HCR_EL2_EOICOUNT_SHIFT,
1502 ICH_HCR_EL2_EOICOUNT_LENGTH, eoicount + 1);
1503 }
1504
icv_drop_prio(GICv3CPUState * cs,bool * nmi)1505 static int icv_drop_prio(GICv3CPUState *cs, bool *nmi)
1506 {
1507 /* Drop the priority of the currently active virtual interrupt
1508 * (favouring group 0 if there is a set active bit at
1509 * the same priority for both group 0 and group 1).
1510 * Return the priority value for the bit we just cleared,
1511 * or 0xff if no bits were set in the AP registers at all.
1512 * Note that though the ich_apr[] are uint64_t only the low
1513 * 32 bits are actually relevant.
1514 */
1515 int i;
1516 int aprmax = ich_num_aprs(cs);
1517
1518 for (i = 0; i < aprmax; i++) {
1519 uint64_t *papr0 = &cs->ich_apr[GICV3_G0][i];
1520 uint64_t *papr1 = &cs->ich_apr[GICV3_G1NS][i];
1521 int apr0count, apr1count;
1522
1523 if (!*papr0 && !*papr1) {
1524 continue;
1525 }
1526
1527 if (i == 0 && cs->nmi_support && (*papr1 & ICV_AP1R_EL1_NMI)) {
1528 *papr1 &= (~ICV_AP1R_EL1_NMI);
1529 *nmi = true;
1530 return 0xff;
1531 }
1532
1533 /* We can't just use the bit-twiddling hack icc_drop_prio() does
1534 * because we need to return the bit number we cleared so
1535 * it can be compared against the list register's priority field.
1536 */
1537 apr0count = ctz32(*papr0);
1538 apr1count = ctz32(*papr1);
1539
1540 if (apr0count <= apr1count) {
1541 *papr0 &= *papr0 - 1;
1542 return (apr0count + i * 32) << (icv_min_vbpr(cs) + 1);
1543 } else {
1544 *papr1 &= *papr1 - 1;
1545 return (apr1count + i * 32) << (icv_min_vbpr(cs) + 1);
1546 }
1547 }
1548 return 0xff;
1549 }
1550
icv_dir_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)1551 static void icv_dir_write(CPUARMState *env, const ARMCPRegInfo *ri,
1552 uint64_t value)
1553 {
1554 /* Deactivate interrupt */
1555 GICv3CPUState *cs = icc_cs_from_env(env);
1556 int idx;
1557 int irq = value & 0xffffff;
1558
1559 trace_gicv3_icv_dir_write(gicv3_redist_affid(cs), value);
1560
1561 if (irq >= GICV3_MAXIRQ) {
1562 /* Also catches special interrupt numbers and LPIs */
1563 return;
1564 }
1565
1566 if (!icv_eoi_split(env, cs)) {
1567 return;
1568 }
1569
1570 idx = icv_find_active(cs, irq);
1571
1572 if (idx < 0) {
1573 /* No list register matching this, so increment the EOI count
1574 * (might trigger a maintenance interrupt)
1575 */
1576 icv_increment_eoicount(cs);
1577 } else {
1578 icv_deactivate_irq(cs, idx);
1579 }
1580
1581 gicv3_cpuif_virt_update(cs);
1582 }
1583
icv_eoir_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)1584 static void icv_eoir_write(CPUARMState *env, const ARMCPRegInfo *ri,
1585 uint64_t value)
1586 {
1587 /* End of Interrupt */
1588 GICv3CPUState *cs = icc_cs_from_env(env);
1589 int irq = value & 0xffffff;
1590 int grp = ri->crm == 8 ? GICV3_G0 : GICV3_G1NS;
1591 int idx, dropprio;
1592 bool nmi = false;
1593
1594 trace_gicv3_icv_eoir_write(ri->crm == 8 ? 0 : 1,
1595 gicv3_redist_affid(cs), value);
1596
1597 if (gicv3_intid_is_special(irq)) {
1598 return;
1599 }
1600
1601 /* We implement the IMPDEF choice of "drop priority before doing
1602 * error checks" (because that lets us avoid scanning the AP
1603 * registers twice).
1604 */
1605 dropprio = icv_drop_prio(cs, &nmi);
1606 if (dropprio == 0xff && !nmi) {
1607 /* No active interrupt. It is CONSTRAINED UNPREDICTABLE
1608 * whether the list registers are checked in this
1609 * situation; we choose not to.
1610 */
1611 return;
1612 }
1613
1614 idx = icv_find_active(cs, irq);
1615
1616 if (idx < 0) {
1617 /*
1618 * No valid list register corresponding to EOI ID; if this is a vLPI
1619 * not in the list regs then do nothing; otherwise increment EOI count
1620 */
1621 if (irq < GICV3_LPI_INTID_START) {
1622 icv_increment_eoicount(cs);
1623 }
1624 } else {
1625 uint64_t lr = cs->ich_lr_el2[idx];
1626 int thisgrp = (lr & ICH_LR_EL2_GROUP) ? GICV3_G1NS : GICV3_G0;
1627 int lr_gprio = ich_lr_prio(lr) & icv_gprio_mask(cs, grp);
1628 bool thisnmi = lr & ICH_LR_EL2_NMI;
1629
1630 if (thisgrp == grp && (lr_gprio == dropprio || (thisnmi & nmi))) {
1631 if (!icv_eoi_split(env, cs) || irq >= GICV3_LPI_INTID_START) {
1632 /*
1633 * Priority drop and deactivate not split: deactivate irq now.
1634 * LPIs always get their active state cleared immediately
1635 * because no separate deactivate is expected.
1636 */
1637 icv_deactivate_irq(cs, idx);
1638 }
1639 }
1640 }
1641
1642 gicv3_cpuif_virt_update(cs);
1643 }
1644
icc_eoir_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)1645 static void icc_eoir_write(CPUARMState *env, const ARMCPRegInfo *ri,
1646 uint64_t value)
1647 {
1648 /* End of Interrupt */
1649 GICv3CPUState *cs = icc_cs_from_env(env);
1650 int irq = value & 0xffffff;
1651 int grp;
1652 bool is_eoir0 = ri->crm == 8;
1653
1654 if (icv_access(env, is_eoir0 ? HCR_FMO : HCR_IMO)) {
1655 icv_eoir_write(env, ri, value);
1656 return;
1657 }
1658
1659 trace_gicv3_icc_eoir_write(is_eoir0 ? 0 : 1,
1660 gicv3_redist_affid(cs), value);
1661
1662 if ((irq >= cs->gic->num_irq) &&
1663 !(cs->gic->lpi_enable && (irq >= GICV3_LPI_INTID_START))) {
1664 /* This handles two cases:
1665 * 1. If software writes the ID of a spurious interrupt [ie 1020-1023]
1666 * to the GICC_EOIR, the GIC ignores that write.
1667 * 2. If software writes the number of a non-existent interrupt
1668 * this must be a subcase of "value written does not match the last
1669 * valid interrupt value read from the Interrupt Acknowledge
1670 * register" and so this is UNPREDICTABLE. We choose to ignore it.
1671 */
1672 return;
1673 }
1674
1675 grp = icc_highest_active_group(cs);
1676 switch (grp) {
1677 case GICV3_G0:
1678 if (!is_eoir0) {
1679 return;
1680 }
1681 if (!(cs->gic->gicd_ctlr & GICD_CTLR_DS)
1682 && arm_feature(env, ARM_FEATURE_EL3) && !arm_is_secure(env)) {
1683 return;
1684 }
1685 break;
1686 case GICV3_G1:
1687 if (is_eoir0) {
1688 return;
1689 }
1690 if (!arm_is_secure(env)) {
1691 return;
1692 }
1693 break;
1694 case GICV3_G1NS:
1695 if (is_eoir0) {
1696 return;
1697 }
1698 if (!arm_is_el3_or_mon(env) && arm_is_secure(env)) {
1699 return;
1700 }
1701 break;
1702 default:
1703 qemu_log_mask(LOG_GUEST_ERROR,
1704 "%s: IRQ %d isn't active\n", __func__, irq);
1705 return;
1706 }
1707
1708 icc_drop_prio(cs, grp);
1709
1710 if (!icc_eoi_split(env, cs)) {
1711 /* Priority drop and deactivate not split: deactivate irq now */
1712 icc_deactivate_irq(cs, irq);
1713 }
1714 }
1715
icc_hppir0_read(CPUARMState * env,const ARMCPRegInfo * ri)1716 static uint64_t icc_hppir0_read(CPUARMState *env, const ARMCPRegInfo *ri)
1717 {
1718 GICv3CPUState *cs = icc_cs_from_env(env);
1719 uint64_t value;
1720
1721 if (icv_access(env, HCR_FMO)) {
1722 return icv_hppir_read(env, ri);
1723 }
1724
1725 value = icc_hppir0_value(cs, env);
1726 trace_gicv3_icc_hppir0_read(gicv3_redist_affid(cs), value);
1727 return value;
1728 }
1729
icc_hppir1_read(CPUARMState * env,const ARMCPRegInfo * ri)1730 static uint64_t icc_hppir1_read(CPUARMState *env, const ARMCPRegInfo *ri)
1731 {
1732 GICv3CPUState *cs = icc_cs_from_env(env);
1733 uint64_t value;
1734
1735 if (icv_access(env, HCR_IMO)) {
1736 return icv_hppir_read(env, ri);
1737 }
1738
1739 value = icc_hppir1_value(cs, env);
1740 trace_gicv3_icc_hppir1_read(gicv3_redist_affid(cs), value);
1741 return value;
1742 }
1743
icc_bpr_read(CPUARMState * env,const ARMCPRegInfo * ri)1744 static uint64_t icc_bpr_read(CPUARMState *env, const ARMCPRegInfo *ri)
1745 {
1746 GICv3CPUState *cs = icc_cs_from_env(env);
1747 int grp = (ri->crm == 8) ? GICV3_G0 : GICV3_G1;
1748 bool satinc = false;
1749 uint64_t bpr;
1750
1751 if (icv_access(env, grp == GICV3_G0 ? HCR_FMO : HCR_IMO)) {
1752 return icv_bpr_read(env, ri);
1753 }
1754
1755 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) {
1756 grp = GICV3_G1NS;
1757 }
1758
1759 if (grp == GICV3_G1 && !arm_is_el3_or_mon(env) &&
1760 (cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_CBPR)) {
1761 /* CBPR_EL1S means secure EL1 or AArch32 EL3 !Mon BPR1 accesses
1762 * modify BPR0
1763 */
1764 grp = GICV3_G0;
1765 }
1766
1767 if (grp == GICV3_G1NS && arm_current_el(env) < 3 &&
1768 (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR)) {
1769 /* reads return bpr0 + 1 sat to 7, writes ignored */
1770 grp = GICV3_G0;
1771 satinc = true;
1772 }
1773
1774 bpr = cs->icc_bpr[grp];
1775 if (satinc) {
1776 bpr++;
1777 bpr = MIN(bpr, 7);
1778 }
1779
1780 trace_gicv3_icc_bpr_read(ri->crm == 8 ? 0 : 1, gicv3_redist_affid(cs), bpr);
1781
1782 return bpr;
1783 }
1784
icc_bpr_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)1785 static void icc_bpr_write(CPUARMState *env, const ARMCPRegInfo *ri,
1786 uint64_t value)
1787 {
1788 GICv3CPUState *cs = icc_cs_from_env(env);
1789 int grp = (ri->crm == 8) ? GICV3_G0 : GICV3_G1;
1790 uint64_t minval;
1791
1792 if (icv_access(env, grp == GICV3_G0 ? HCR_FMO : HCR_IMO)) {
1793 icv_bpr_write(env, ri, value);
1794 return;
1795 }
1796
1797 trace_gicv3_icc_bpr_write(ri->crm == 8 ? 0 : 1,
1798 gicv3_redist_affid(cs), value);
1799
1800 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) {
1801 grp = GICV3_G1NS;
1802 }
1803
1804 if (grp == GICV3_G1 && !arm_is_el3_or_mon(env) &&
1805 (cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_CBPR)) {
1806 /* CBPR_EL1S means secure EL1 or AArch32 EL3 !Mon BPR1 accesses
1807 * modify BPR0
1808 */
1809 grp = GICV3_G0;
1810 }
1811
1812 if (grp == GICV3_G1NS && arm_current_el(env) < 3 &&
1813 (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR)) {
1814 /* reads return bpr0 + 1 sat to 7, writes ignored */
1815 return;
1816 }
1817
1818 minval = (grp == GICV3_G1NS) ? icc_min_bpr_ns(cs) : icc_min_bpr(cs);
1819 if (value < minval) {
1820 value = minval;
1821 }
1822
1823 cs->icc_bpr[grp] = value & 7;
1824 gicv3_cpuif_update(cs);
1825 }
1826
icc_ap_read(CPUARMState * env,const ARMCPRegInfo * ri)1827 static uint64_t icc_ap_read(CPUARMState *env, const ARMCPRegInfo *ri)
1828 {
1829 GICv3CPUState *cs = icc_cs_from_env(env);
1830 uint64_t value;
1831
1832 int regno = ri->opc2 & 3;
1833 int grp = (ri->crm & 1) ? GICV3_G1 : GICV3_G0;
1834
1835 if (icv_access(env, grp == GICV3_G0 ? HCR_FMO : HCR_IMO)) {
1836 return icv_ap_read(env, ri);
1837 }
1838
1839 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) {
1840 grp = GICV3_G1NS;
1841 }
1842
1843 value = cs->icc_apr[grp][regno];
1844
1845 trace_gicv3_icc_ap_read(ri->crm & 1, regno, gicv3_redist_affid(cs), value);
1846 return value;
1847 }
1848
icc_ap_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)1849 static void icc_ap_write(CPUARMState *env, const ARMCPRegInfo *ri,
1850 uint64_t value)
1851 {
1852 GICv3CPUState *cs = icc_cs_from_env(env);
1853
1854 int regno = ri->opc2 & 3;
1855 int grp = (ri->crm & 1) ? GICV3_G1 : GICV3_G0;
1856
1857 if (icv_access(env, grp == GICV3_G0 ? HCR_FMO : HCR_IMO)) {
1858 icv_ap_write(env, ri, value);
1859 return;
1860 }
1861
1862 trace_gicv3_icc_ap_write(ri->crm & 1, regno, gicv3_redist_affid(cs), value);
1863
1864 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) {
1865 grp = GICV3_G1NS;
1866 }
1867
1868 /* It's not possible to claim that a Non-secure interrupt is active
1869 * at a priority outside the Non-secure range (128..255), since this
1870 * would otherwise allow malicious NS code to block delivery of S interrupts
1871 * by writing a bad value to these registers.
1872 */
1873 if (grp == GICV3_G1NS && regno < 2 && arm_feature(env, ARM_FEATURE_EL3)) {
1874 return;
1875 }
1876
1877 if (cs->nmi_support) {
1878 cs->icc_apr[grp][regno] = value & (0xFFFFFFFFU | ICC_AP1R_EL1_NMI);
1879 } else {
1880 cs->icc_apr[grp][regno] = value & 0xFFFFFFFFU;
1881 }
1882 gicv3_cpuif_update(cs);
1883 }
1884
icc_dir_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)1885 static void icc_dir_write(CPUARMState *env, const ARMCPRegInfo *ri,
1886 uint64_t value)
1887 {
1888 /* Deactivate interrupt */
1889 GICv3CPUState *cs = icc_cs_from_env(env);
1890 int irq = value & 0xffffff;
1891 bool irq_is_secure, single_sec_state, irq_is_grp0;
1892 bool route_fiq_to_el3, route_irq_to_el3, route_fiq_to_el2, route_irq_to_el2;
1893
1894 if (icv_access(env, HCR_FMO | HCR_IMO)) {
1895 icv_dir_write(env, ri, value);
1896 return;
1897 }
1898
1899 trace_gicv3_icc_dir_write(gicv3_redist_affid(cs), value);
1900
1901 if (irq >= cs->gic->num_irq) {
1902 /* Also catches special interrupt numbers and LPIs */
1903 return;
1904 }
1905
1906 if (!icc_eoi_split(env, cs)) {
1907 return;
1908 }
1909
1910 int grp = gicv3_irq_group(cs->gic, cs, irq);
1911
1912 single_sec_state = cs->gic->gicd_ctlr & GICD_CTLR_DS;
1913 irq_is_secure = !single_sec_state && (grp != GICV3_G1NS);
1914 irq_is_grp0 = grp == GICV3_G0;
1915
1916 /* Check whether we're allowed to deactivate this interrupt based
1917 * on its group and the current CPU state.
1918 * These checks are laid out to correspond to the spec's pseudocode.
1919 */
1920 route_fiq_to_el3 = env->cp15.scr_el3 & SCR_FIQ;
1921 route_irq_to_el3 = env->cp15.scr_el3 & SCR_IRQ;
1922 /* No need to include !IsSecure in route_*_to_el2 as it's only
1923 * tested in cases where we know !IsSecure is true.
1924 */
1925 uint64_t hcr_el2 = arm_hcr_el2_eff(env);
1926 route_fiq_to_el2 = hcr_el2 & HCR_FMO;
1927 route_irq_to_el2 = hcr_el2 & HCR_IMO;
1928
1929 switch (arm_current_el(env)) {
1930 case 3:
1931 break;
1932 case 2:
1933 if (single_sec_state && irq_is_grp0 && !route_fiq_to_el3) {
1934 break;
1935 }
1936 if (!irq_is_secure && !irq_is_grp0 && !route_irq_to_el3) {
1937 break;
1938 }
1939 return;
1940 case 1:
1941 if (!arm_is_secure_below_el3(env)) {
1942 if (single_sec_state && irq_is_grp0 &&
1943 !route_fiq_to_el3 && !route_fiq_to_el2) {
1944 break;
1945 }
1946 if (!irq_is_secure && !irq_is_grp0 &&
1947 !route_irq_to_el3 && !route_irq_to_el2) {
1948 break;
1949 }
1950 } else {
1951 if (irq_is_grp0 && !route_fiq_to_el3) {
1952 break;
1953 }
1954 if (!irq_is_grp0 &&
1955 (!irq_is_secure || !single_sec_state) &&
1956 !route_irq_to_el3) {
1957 break;
1958 }
1959 }
1960 return;
1961 default:
1962 g_assert_not_reached();
1963 }
1964
1965 icc_deactivate_irq(cs, irq);
1966 }
1967
icc_rpr_read(CPUARMState * env,const ARMCPRegInfo * ri)1968 static uint64_t icc_rpr_read(CPUARMState *env, const ARMCPRegInfo *ri)
1969 {
1970 GICv3CPUState *cs = icc_cs_from_env(env);
1971 uint64_t prio;
1972
1973 if (icv_access(env, HCR_FMO | HCR_IMO)) {
1974 return icv_rpr_read(env, ri);
1975 }
1976
1977 prio = icc_highest_active_prio(cs);
1978
1979 if (arm_feature(env, ARM_FEATURE_EL3) &&
1980 !arm_is_secure(env) && (env->cp15.scr_el3 & SCR_FIQ)) {
1981 /* NS GIC access and Group 0 is inaccessible to NS */
1982 if ((prio & 0x80) == 0) {
1983 /* NS mustn't see priorities in the Secure half of the range */
1984 prio = 0;
1985 } else if (prio != 0xff) {
1986 /* Non-idle priority: show the Non-secure view of it */
1987 prio = (prio << 1) & 0xff;
1988 }
1989 }
1990
1991 if (cs->nmi_support) {
1992 /* NMI info is reported in the high bits of RPR */
1993 if (arm_feature(env, ARM_FEATURE_EL3) && !arm_is_secure(env)) {
1994 if (cs->icc_apr[GICV3_G1NS][0] & ICC_AP1R_EL1_NMI) {
1995 prio |= ICC_RPR_EL1_NMI;
1996 }
1997 } else {
1998 if (cs->icc_apr[GICV3_G1NS][0] & ICC_AP1R_EL1_NMI) {
1999 prio |= ICC_RPR_EL1_NSNMI;
2000 }
2001 if (cs->icc_apr[GICV3_G1][0] & ICC_AP1R_EL1_NMI) {
2002 prio |= ICC_RPR_EL1_NMI;
2003 }
2004 }
2005 }
2006
2007 trace_gicv3_icc_rpr_read(gicv3_redist_affid(cs), prio);
2008 return prio;
2009 }
2010
icc_generate_sgi(CPUARMState * env,GICv3CPUState * cs,uint64_t value,int grp,bool ns)2011 static void icc_generate_sgi(CPUARMState *env, GICv3CPUState *cs,
2012 uint64_t value, int grp, bool ns)
2013 {
2014 GICv3State *s = cs->gic;
2015
2016 /* Extract Aff3/Aff2/Aff1 and shift into the bottom 24 bits */
2017 uint64_t aff = extract64(value, 48, 8) << 16 |
2018 extract64(value, 32, 8) << 8 |
2019 extract64(value, 16, 8);
2020 uint32_t targetlist = extract64(value, 0, 16);
2021 uint32_t irq = extract64(value, 24, 4);
2022 bool irm = extract64(value, 40, 1);
2023 int i;
2024
2025 if (grp == GICV3_G1 && s->gicd_ctlr & GICD_CTLR_DS) {
2026 /* If GICD_CTLR.DS == 1, the Distributor treats Secure Group 1
2027 * interrupts as Group 0 interrupts and must send Secure Group 0
2028 * interrupts to the target CPUs.
2029 */
2030 grp = GICV3_G0;
2031 }
2032
2033 trace_gicv3_icc_generate_sgi(gicv3_redist_affid(cs), irq, irm,
2034 aff, targetlist);
2035
2036 for (i = 0; i < s->num_cpu; i++) {
2037 GICv3CPUState *ocs = &s->cpu[i];
2038
2039 if (irm) {
2040 /* IRM == 1 : route to all CPUs except self */
2041 if (cs == ocs) {
2042 continue;
2043 }
2044 } else {
2045 /* IRM == 0 : route to Aff3.Aff2.Aff1.n for all n in [0..15]
2046 * where the corresponding bit is set in targetlist
2047 */
2048 int aff0;
2049
2050 if (ocs->gicr_typer >> 40 != aff) {
2051 continue;
2052 }
2053 aff0 = extract64(ocs->gicr_typer, 32, 8);
2054 if (aff0 > 15 || extract32(targetlist, aff0, 1) == 0) {
2055 continue;
2056 }
2057 }
2058
2059 /* The redistributor will check against its own GICR_NSACR as needed */
2060 gicv3_redist_send_sgi(ocs, grp, irq, ns);
2061 }
2062 }
2063
icc_sgi0r_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)2064 static void icc_sgi0r_write(CPUARMState *env, const ARMCPRegInfo *ri,
2065 uint64_t value)
2066 {
2067 /* Generate Secure Group 0 SGI. */
2068 GICv3CPUState *cs = icc_cs_from_env(env);
2069 bool ns = !arm_is_secure(env);
2070
2071 icc_generate_sgi(env, cs, value, GICV3_G0, ns);
2072 }
2073
icc_sgi1r_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)2074 static void icc_sgi1r_write(CPUARMState *env, const ARMCPRegInfo *ri,
2075 uint64_t value)
2076 {
2077 /* Generate Group 1 SGI for the current Security state */
2078 GICv3CPUState *cs = icc_cs_from_env(env);
2079 int grp;
2080 bool ns = !arm_is_secure(env);
2081
2082 grp = ns ? GICV3_G1NS : GICV3_G1;
2083 icc_generate_sgi(env, cs, value, grp, ns);
2084 }
2085
icc_asgi1r_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)2086 static void icc_asgi1r_write(CPUARMState *env, const ARMCPRegInfo *ri,
2087 uint64_t value)
2088 {
2089 /* Generate Group 1 SGI for the Security state that is not
2090 * the current state
2091 */
2092 GICv3CPUState *cs = icc_cs_from_env(env);
2093 int grp;
2094 bool ns = !arm_is_secure(env);
2095
2096 grp = ns ? GICV3_G1 : GICV3_G1NS;
2097 icc_generate_sgi(env, cs, value, grp, ns);
2098 }
2099
icc_igrpen_read(CPUARMState * env,const ARMCPRegInfo * ri)2100 static uint64_t icc_igrpen_read(CPUARMState *env, const ARMCPRegInfo *ri)
2101 {
2102 GICv3CPUState *cs = icc_cs_from_env(env);
2103 int grp = ri->opc2 & 1 ? GICV3_G1 : GICV3_G0;
2104 uint64_t value;
2105
2106 if (icv_access(env, grp == GICV3_G0 ? HCR_FMO : HCR_IMO)) {
2107 return icv_igrpen_read(env, ri);
2108 }
2109
2110 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) {
2111 grp = GICV3_G1NS;
2112 }
2113
2114 value = cs->icc_igrpen[grp];
2115 trace_gicv3_icc_igrpen_read(ri->opc2 & 1 ? 1 : 0,
2116 gicv3_redist_affid(cs), value);
2117 return value;
2118 }
2119
icc_igrpen_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)2120 static void icc_igrpen_write(CPUARMState *env, const ARMCPRegInfo *ri,
2121 uint64_t value)
2122 {
2123 GICv3CPUState *cs = icc_cs_from_env(env);
2124 int grp = ri->opc2 & 1 ? GICV3_G1 : GICV3_G0;
2125
2126 if (icv_access(env, grp == GICV3_G0 ? HCR_FMO : HCR_IMO)) {
2127 icv_igrpen_write(env, ri, value);
2128 return;
2129 }
2130
2131 trace_gicv3_icc_igrpen_write(ri->opc2 & 1 ? 1 : 0,
2132 gicv3_redist_affid(cs), value);
2133
2134 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) {
2135 grp = GICV3_G1NS;
2136 }
2137
2138 cs->icc_igrpen[grp] = value & ICC_IGRPEN_ENABLE;
2139 gicv3_cpuif_update(cs);
2140 }
2141
icc_igrpen1_el3_read(CPUARMState * env,const ARMCPRegInfo * ri)2142 static uint64_t icc_igrpen1_el3_read(CPUARMState *env, const ARMCPRegInfo *ri)
2143 {
2144 GICv3CPUState *cs = icc_cs_from_env(env);
2145 uint64_t value;
2146
2147 /* IGRPEN1_EL3 bits 0 and 1 are r/w aliases into IGRPEN1_EL1 NS and S */
2148 value = cs->icc_igrpen[GICV3_G1NS] | (cs->icc_igrpen[GICV3_G1] << 1);
2149 trace_gicv3_icc_igrpen1_el3_read(gicv3_redist_affid(cs), value);
2150 return value;
2151 }
2152
icc_igrpen1_el3_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)2153 static void icc_igrpen1_el3_write(CPUARMState *env, const ARMCPRegInfo *ri,
2154 uint64_t value)
2155 {
2156 GICv3CPUState *cs = icc_cs_from_env(env);
2157
2158 trace_gicv3_icc_igrpen1_el3_write(gicv3_redist_affid(cs), value);
2159
2160 /* IGRPEN1_EL3 bits 0 and 1 are r/w aliases into IGRPEN1_EL1 NS and S */
2161 cs->icc_igrpen[GICV3_G1NS] = extract32(value, 0, 1);
2162 cs->icc_igrpen[GICV3_G1] = extract32(value, 1, 1);
2163 gicv3_cpuif_update(cs);
2164 }
2165
icc_ctlr_el1_read(CPUARMState * env,const ARMCPRegInfo * ri)2166 static uint64_t icc_ctlr_el1_read(CPUARMState *env, const ARMCPRegInfo *ri)
2167 {
2168 GICv3CPUState *cs = icc_cs_from_env(env);
2169 int bank = gicv3_use_ns_bank(env) ? GICV3_NS : GICV3_S;
2170 uint64_t value;
2171
2172 if (icv_access(env, HCR_FMO | HCR_IMO)) {
2173 return icv_ctlr_read(env, ri);
2174 }
2175
2176 value = cs->icc_ctlr_el1[bank];
2177 trace_gicv3_icc_ctlr_read(gicv3_redist_affid(cs), value);
2178 return value;
2179 }
2180
icc_ctlr_el1_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)2181 static void icc_ctlr_el1_write(CPUARMState *env, const ARMCPRegInfo *ri,
2182 uint64_t value)
2183 {
2184 GICv3CPUState *cs = icc_cs_from_env(env);
2185 int bank = gicv3_use_ns_bank(env) ? GICV3_NS : GICV3_S;
2186 uint64_t mask;
2187
2188 if (icv_access(env, HCR_FMO | HCR_IMO)) {
2189 icv_ctlr_write(env, ri, value);
2190 return;
2191 }
2192
2193 trace_gicv3_icc_ctlr_write(gicv3_redist_affid(cs), value);
2194
2195 /* Only CBPR and EOIMODE can be RW;
2196 * for us PMHE is RAZ/WI (we don't implement 1-of-N interrupts or
2197 * the asseciated priority-based routing of them);
2198 * if EL3 is implemented and GICD_CTLR.DS == 0, then PMHE and CBPR are RO.
2199 */
2200 if (arm_feature(env, ARM_FEATURE_EL3) &&
2201 ((cs->gic->gicd_ctlr & GICD_CTLR_DS) == 0)) {
2202 mask = ICC_CTLR_EL1_EOIMODE;
2203 } else {
2204 mask = ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE;
2205 }
2206
2207 cs->icc_ctlr_el1[bank] &= ~mask;
2208 cs->icc_ctlr_el1[bank] |= (value & mask);
2209 gicv3_cpuif_update(cs);
2210 }
2211
2212
icc_ctlr_el3_read(CPUARMState * env,const ARMCPRegInfo * ri)2213 static uint64_t icc_ctlr_el3_read(CPUARMState *env, const ARMCPRegInfo *ri)
2214 {
2215 GICv3CPUState *cs = icc_cs_from_env(env);
2216 uint64_t value;
2217
2218 value = cs->icc_ctlr_el3;
2219 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_EOIMODE) {
2220 value |= ICC_CTLR_EL3_EOIMODE_EL1NS;
2221 }
2222 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR) {
2223 value |= ICC_CTLR_EL3_CBPR_EL1NS;
2224 }
2225 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_EOIMODE) {
2226 value |= ICC_CTLR_EL3_EOIMODE_EL1S;
2227 }
2228 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR) {
2229 value |= ICC_CTLR_EL3_CBPR_EL1S;
2230 }
2231
2232 trace_gicv3_icc_ctlr_el3_read(gicv3_redist_affid(cs), value);
2233 return value;
2234 }
2235
icc_ctlr_el3_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)2236 static void icc_ctlr_el3_write(CPUARMState *env, const ARMCPRegInfo *ri,
2237 uint64_t value)
2238 {
2239 GICv3CPUState *cs = icc_cs_from_env(env);
2240 uint64_t mask;
2241
2242 trace_gicv3_icc_ctlr_el3_write(gicv3_redist_affid(cs), value);
2243
2244 /* *_EL1NS and *_EL1S bits are aliases into the ICC_CTLR_EL1 bits. */
2245 cs->icc_ctlr_el1[GICV3_NS] &= ~(ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE);
2246 if (value & ICC_CTLR_EL3_EOIMODE_EL1NS) {
2247 cs->icc_ctlr_el1[GICV3_NS] |= ICC_CTLR_EL1_EOIMODE;
2248 }
2249 if (value & ICC_CTLR_EL3_CBPR_EL1NS) {
2250 cs->icc_ctlr_el1[GICV3_NS] |= ICC_CTLR_EL1_CBPR;
2251 }
2252
2253 cs->icc_ctlr_el1[GICV3_S] &= ~(ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE);
2254 if (value & ICC_CTLR_EL3_EOIMODE_EL1S) {
2255 cs->icc_ctlr_el1[GICV3_S] |= ICC_CTLR_EL1_EOIMODE;
2256 }
2257 if (value & ICC_CTLR_EL3_CBPR_EL1S) {
2258 cs->icc_ctlr_el1[GICV3_S] |= ICC_CTLR_EL1_CBPR;
2259 }
2260
2261 /* The only bit stored in icc_ctlr_el3 which is writable is EOIMODE_EL3: */
2262 mask = ICC_CTLR_EL3_EOIMODE_EL3;
2263
2264 cs->icc_ctlr_el3 &= ~mask;
2265 cs->icc_ctlr_el3 |= (value & mask);
2266 gicv3_cpuif_update(cs);
2267 }
2268
gicv3_irqfiq_access(CPUARMState * env,const ARMCPRegInfo * ri,bool isread)2269 static CPAccessResult gicv3_irqfiq_access(CPUARMState *env,
2270 const ARMCPRegInfo *ri, bool isread)
2271 {
2272 CPAccessResult r = CP_ACCESS_OK;
2273 GICv3CPUState *cs = icc_cs_from_env(env);
2274 int el = arm_current_el(env);
2275
2276 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_TC) &&
2277 el == 1 && !arm_is_secure_below_el3(env)) {
2278 /* Takes priority over a possible EL3 trap */
2279 return CP_ACCESS_TRAP_EL2;
2280 }
2281
2282 if ((env->cp15.scr_el3 & (SCR_FIQ | SCR_IRQ)) == (SCR_FIQ | SCR_IRQ)) {
2283 switch (el) {
2284 case 1:
2285 /* Note that arm_hcr_el2_eff takes secure state into account. */
2286 if ((arm_hcr_el2_eff(env) & (HCR_IMO | HCR_FMO)) == 0) {
2287 r = CP_ACCESS_TRAP_EL3;
2288 }
2289 break;
2290 case 2:
2291 r = CP_ACCESS_TRAP_EL3;
2292 break;
2293 case 3:
2294 if (!is_a64(env) && !arm_is_el3_or_mon(env)) {
2295 r = CP_ACCESS_TRAP_EL3;
2296 }
2297 break;
2298 default:
2299 g_assert_not_reached();
2300 }
2301 }
2302
2303 if (r == CP_ACCESS_TRAP_EL3 && !arm_el_is_aa64(env, 3)) {
2304 r = CP_ACCESS_TRAP;
2305 }
2306 return r;
2307 }
2308
gicv3_dir_access(CPUARMState * env,const ARMCPRegInfo * ri,bool isread)2309 static CPAccessResult gicv3_dir_access(CPUARMState *env,
2310 const ARMCPRegInfo *ri, bool isread)
2311 {
2312 GICv3CPUState *cs = icc_cs_from_env(env);
2313
2314 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_TDIR) &&
2315 arm_current_el(env) == 1 && !arm_is_secure_below_el3(env)) {
2316 /* Takes priority over a possible EL3 trap */
2317 return CP_ACCESS_TRAP_EL2;
2318 }
2319
2320 return gicv3_irqfiq_access(env, ri, isread);
2321 }
2322
gicv3_sgi_access(CPUARMState * env,const ARMCPRegInfo * ri,bool isread)2323 static CPAccessResult gicv3_sgi_access(CPUARMState *env,
2324 const ARMCPRegInfo *ri, bool isread)
2325 {
2326 if (arm_current_el(env) == 1 &&
2327 (arm_hcr_el2_eff(env) & (HCR_IMO | HCR_FMO)) != 0) {
2328 /* Takes priority over a possible EL3 trap */
2329 return CP_ACCESS_TRAP_EL2;
2330 }
2331
2332 return gicv3_irqfiq_access(env, ri, isread);
2333 }
2334
gicv3_fiq_access(CPUARMState * env,const ARMCPRegInfo * ri,bool isread)2335 static CPAccessResult gicv3_fiq_access(CPUARMState *env,
2336 const ARMCPRegInfo *ri, bool isread)
2337 {
2338 CPAccessResult r = CP_ACCESS_OK;
2339 GICv3CPUState *cs = icc_cs_from_env(env);
2340 int el = arm_current_el(env);
2341
2342 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_TALL0) &&
2343 el == 1 && !arm_is_secure_below_el3(env)) {
2344 /* Takes priority over a possible EL3 trap */
2345 return CP_ACCESS_TRAP_EL2;
2346 }
2347
2348 if (env->cp15.scr_el3 & SCR_FIQ) {
2349 switch (el) {
2350 case 1:
2351 if ((arm_hcr_el2_eff(env) & HCR_FMO) == 0) {
2352 r = CP_ACCESS_TRAP_EL3;
2353 }
2354 break;
2355 case 2:
2356 r = CP_ACCESS_TRAP_EL3;
2357 break;
2358 case 3:
2359 if (!is_a64(env) && !arm_is_el3_or_mon(env)) {
2360 r = CP_ACCESS_TRAP_EL3;
2361 }
2362 break;
2363 default:
2364 g_assert_not_reached();
2365 }
2366 }
2367
2368 if (r == CP_ACCESS_TRAP_EL3 && !arm_el_is_aa64(env, 3)) {
2369 r = CP_ACCESS_TRAP;
2370 }
2371 return r;
2372 }
2373
gicv3_irq_access(CPUARMState * env,const ARMCPRegInfo * ri,bool isread)2374 static CPAccessResult gicv3_irq_access(CPUARMState *env,
2375 const ARMCPRegInfo *ri, bool isread)
2376 {
2377 CPAccessResult r = CP_ACCESS_OK;
2378 GICv3CPUState *cs = icc_cs_from_env(env);
2379 int el = arm_current_el(env);
2380
2381 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_TALL1) &&
2382 el == 1 && !arm_is_secure_below_el3(env)) {
2383 /* Takes priority over a possible EL3 trap */
2384 return CP_ACCESS_TRAP_EL2;
2385 }
2386
2387 if (env->cp15.scr_el3 & SCR_IRQ) {
2388 switch (el) {
2389 case 1:
2390 if ((arm_hcr_el2_eff(env) & HCR_IMO) == 0) {
2391 r = CP_ACCESS_TRAP_EL3;
2392 }
2393 break;
2394 case 2:
2395 r = CP_ACCESS_TRAP_EL3;
2396 break;
2397 case 3:
2398 if (!is_a64(env) && !arm_is_el3_or_mon(env)) {
2399 r = CP_ACCESS_TRAP_EL3;
2400 }
2401 break;
2402 default:
2403 g_assert_not_reached();
2404 }
2405 }
2406
2407 if (r == CP_ACCESS_TRAP_EL3 && !arm_el_is_aa64(env, 3)) {
2408 r = CP_ACCESS_TRAP;
2409 }
2410 return r;
2411 }
2412
icc_reset(CPUARMState * env,const ARMCPRegInfo * ri)2413 static void icc_reset(CPUARMState *env, const ARMCPRegInfo *ri)
2414 {
2415 GICv3CPUState *cs = icc_cs_from_env(env);
2416
2417 cs->icc_ctlr_el1[GICV3_S] = ICC_CTLR_EL1_A3V |
2418 (1 << ICC_CTLR_EL1_IDBITS_SHIFT) |
2419 ((cs->pribits - 1) << ICC_CTLR_EL1_PRIBITS_SHIFT);
2420 cs->icc_ctlr_el1[GICV3_NS] = ICC_CTLR_EL1_A3V |
2421 (1 << ICC_CTLR_EL1_IDBITS_SHIFT) |
2422 ((cs->pribits - 1) << ICC_CTLR_EL1_PRIBITS_SHIFT);
2423 cs->icc_pmr_el1 = 0;
2424 cs->icc_bpr[GICV3_G0] = icc_min_bpr(cs);
2425 cs->icc_bpr[GICV3_G1] = icc_min_bpr(cs);
2426 cs->icc_bpr[GICV3_G1NS] = icc_min_bpr_ns(cs);
2427 memset(cs->icc_apr, 0, sizeof(cs->icc_apr));
2428 memset(cs->icc_igrpen, 0, sizeof(cs->icc_igrpen));
2429 cs->icc_ctlr_el3 = ICC_CTLR_EL3_NDS | ICC_CTLR_EL3_A3V |
2430 (1 << ICC_CTLR_EL3_IDBITS_SHIFT) |
2431 ((cs->pribits - 1) << ICC_CTLR_EL3_PRIBITS_SHIFT);
2432
2433 memset(cs->ich_apr, 0, sizeof(cs->ich_apr));
2434 cs->ich_hcr_el2 = 0;
2435 memset(cs->ich_lr_el2, 0, sizeof(cs->ich_lr_el2));
2436 cs->ich_vmcr_el2 = ICH_VMCR_EL2_VFIQEN |
2437 ((icv_min_vbpr(cs) + 1) << ICH_VMCR_EL2_VBPR1_SHIFT) |
2438 (icv_min_vbpr(cs) << ICH_VMCR_EL2_VBPR0_SHIFT);
2439 }
2440
2441 static const ARMCPRegInfo gicv3_cpuif_reginfo[] = {
2442 { .name = "ICC_PMR_EL1", .state = ARM_CP_STATE_BOTH,
2443 .opc0 = 3, .opc1 = 0, .crn = 4, .crm = 6, .opc2 = 0,
2444 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2445 .access = PL1_RW, .accessfn = gicv3_irqfiq_access,
2446 .readfn = icc_pmr_read,
2447 .writefn = icc_pmr_write,
2448 /* We hang the whole cpu interface reset routine off here
2449 * rather than parcelling it out into one little function
2450 * per register
2451 */
2452 .resetfn = icc_reset,
2453 },
2454 { .name = "ICC_IAR0_EL1", .state = ARM_CP_STATE_BOTH,
2455 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 0,
2456 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2457 .access = PL1_R, .accessfn = gicv3_fiq_access,
2458 .readfn = icc_iar0_read,
2459 },
2460 { .name = "ICC_EOIR0_EL1", .state = ARM_CP_STATE_BOTH,
2461 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 1,
2462 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2463 .access = PL1_W, .accessfn = gicv3_fiq_access,
2464 .writefn = icc_eoir_write,
2465 },
2466 { .name = "ICC_HPPIR0_EL1", .state = ARM_CP_STATE_BOTH,
2467 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 2,
2468 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2469 .access = PL1_R, .accessfn = gicv3_fiq_access,
2470 .readfn = icc_hppir0_read,
2471 },
2472 { .name = "ICC_BPR0_EL1", .state = ARM_CP_STATE_BOTH,
2473 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 3,
2474 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2475 .access = PL1_RW, .accessfn = gicv3_fiq_access,
2476 .readfn = icc_bpr_read,
2477 .writefn = icc_bpr_write,
2478 },
2479 { .name = "ICC_AP0R0_EL1", .state = ARM_CP_STATE_BOTH,
2480 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 4,
2481 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2482 .access = PL1_RW, .accessfn = gicv3_fiq_access,
2483 .readfn = icc_ap_read,
2484 .writefn = icc_ap_write,
2485 },
2486 /* All the ICC_AP1R*_EL1 registers are banked */
2487 { .name = "ICC_AP1R0_EL1", .state = ARM_CP_STATE_BOTH,
2488 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 0,
2489 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2490 .access = PL1_RW, .accessfn = gicv3_irq_access,
2491 .readfn = icc_ap_read,
2492 .writefn = icc_ap_write,
2493 },
2494 { .name = "ICC_DIR_EL1", .state = ARM_CP_STATE_BOTH,
2495 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 1,
2496 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2497 .access = PL1_W, .accessfn = gicv3_dir_access,
2498 .writefn = icc_dir_write,
2499 },
2500 { .name = "ICC_RPR_EL1", .state = ARM_CP_STATE_BOTH,
2501 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 3,
2502 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2503 .access = PL1_R, .accessfn = gicv3_irqfiq_access,
2504 .readfn = icc_rpr_read,
2505 },
2506 { .name = "ICC_SGI1R_EL1", .state = ARM_CP_STATE_AA64,
2507 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 5,
2508 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2509 .access = PL1_W, .accessfn = gicv3_sgi_access,
2510 .writefn = icc_sgi1r_write,
2511 },
2512 { .name = "ICC_SGI1R",
2513 .cp = 15, .opc1 = 0, .crm = 12,
2514 .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_NO_RAW,
2515 .access = PL1_W, .accessfn = gicv3_sgi_access,
2516 .writefn = icc_sgi1r_write,
2517 },
2518 { .name = "ICC_ASGI1R_EL1", .state = ARM_CP_STATE_AA64,
2519 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 6,
2520 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2521 .access = PL1_W, .accessfn = gicv3_sgi_access,
2522 .writefn = icc_asgi1r_write,
2523 },
2524 { .name = "ICC_ASGI1R",
2525 .cp = 15, .opc1 = 1, .crm = 12,
2526 .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_NO_RAW,
2527 .access = PL1_W, .accessfn = gicv3_sgi_access,
2528 .writefn = icc_asgi1r_write,
2529 },
2530 { .name = "ICC_SGI0R_EL1", .state = ARM_CP_STATE_AA64,
2531 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 7,
2532 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2533 .access = PL1_W, .accessfn = gicv3_sgi_access,
2534 .writefn = icc_sgi0r_write,
2535 },
2536 { .name = "ICC_SGI0R",
2537 .cp = 15, .opc1 = 2, .crm = 12,
2538 .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_NO_RAW,
2539 .access = PL1_W, .accessfn = gicv3_sgi_access,
2540 .writefn = icc_sgi0r_write,
2541 },
2542 { .name = "ICC_IAR1_EL1", .state = ARM_CP_STATE_BOTH,
2543 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 0,
2544 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2545 .access = PL1_R, .accessfn = gicv3_irq_access,
2546 .readfn = icc_iar1_read,
2547 },
2548 { .name = "ICC_EOIR1_EL1", .state = ARM_CP_STATE_BOTH,
2549 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 1,
2550 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2551 .access = PL1_W, .accessfn = gicv3_irq_access,
2552 .writefn = icc_eoir_write,
2553 },
2554 { .name = "ICC_HPPIR1_EL1", .state = ARM_CP_STATE_BOTH,
2555 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 2,
2556 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2557 .access = PL1_R, .accessfn = gicv3_irq_access,
2558 .readfn = icc_hppir1_read,
2559 },
2560 /* This register is banked */
2561 { .name = "ICC_BPR1_EL1", .state = ARM_CP_STATE_BOTH,
2562 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 3,
2563 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2564 .access = PL1_RW, .accessfn = gicv3_irq_access,
2565 .readfn = icc_bpr_read,
2566 .writefn = icc_bpr_write,
2567 },
2568 /* This register is banked */
2569 { .name = "ICC_CTLR_EL1", .state = ARM_CP_STATE_BOTH,
2570 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 4,
2571 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2572 .access = PL1_RW, .accessfn = gicv3_irqfiq_access,
2573 .readfn = icc_ctlr_el1_read,
2574 .writefn = icc_ctlr_el1_write,
2575 },
2576 { .name = "ICC_SRE_EL1", .state = ARM_CP_STATE_BOTH,
2577 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 5,
2578 .type = ARM_CP_NO_RAW | ARM_CP_CONST,
2579 .access = PL1_RW,
2580 /* We don't support IRQ/FIQ bypass and system registers are
2581 * always enabled, so all our bits are RAZ/WI or RAO/WI.
2582 * This register is banked but since it's constant we don't
2583 * need to do anything special.
2584 */
2585 .resetvalue = 0x7,
2586 },
2587 { .name = "ICC_IGRPEN0_EL1", .state = ARM_CP_STATE_BOTH,
2588 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 6,
2589 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2590 .access = PL1_RW, .accessfn = gicv3_fiq_access,
2591 .fgt = FGT_ICC_IGRPENN_EL1,
2592 .readfn = icc_igrpen_read,
2593 .writefn = icc_igrpen_write,
2594 },
2595 /* This register is banked */
2596 { .name = "ICC_IGRPEN1_EL1", .state = ARM_CP_STATE_BOTH,
2597 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 7,
2598 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2599 .access = PL1_RW, .accessfn = gicv3_irq_access,
2600 .fgt = FGT_ICC_IGRPENN_EL1,
2601 .readfn = icc_igrpen_read,
2602 .writefn = icc_igrpen_write,
2603 },
2604 { .name = "ICC_SRE_EL2", .state = ARM_CP_STATE_BOTH,
2605 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 9, .opc2 = 5,
2606 .type = ARM_CP_NO_RAW | ARM_CP_CONST,
2607 .access = PL2_RW,
2608 /* We don't support IRQ/FIQ bypass and system registers are
2609 * always enabled, so all our bits are RAZ/WI or RAO/WI.
2610 */
2611 .resetvalue = 0xf,
2612 },
2613 { .name = "ICC_CTLR_EL3", .state = ARM_CP_STATE_BOTH,
2614 .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 12, .opc2 = 4,
2615 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2616 .access = PL3_RW,
2617 .readfn = icc_ctlr_el3_read,
2618 .writefn = icc_ctlr_el3_write,
2619 },
2620 { .name = "ICC_SRE_EL3", .state = ARM_CP_STATE_BOTH,
2621 .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 12, .opc2 = 5,
2622 .type = ARM_CP_NO_RAW | ARM_CP_CONST,
2623 .access = PL3_RW,
2624 /* We don't support IRQ/FIQ bypass and system registers are
2625 * always enabled, so all our bits are RAZ/WI or RAO/WI.
2626 */
2627 .resetvalue = 0xf,
2628 },
2629 { .name = "ICC_IGRPEN1_EL3", .state = ARM_CP_STATE_BOTH,
2630 .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 12, .opc2 = 7,
2631 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2632 .access = PL3_RW,
2633 .readfn = icc_igrpen1_el3_read,
2634 .writefn = icc_igrpen1_el3_write,
2635 },
2636 };
2637
2638 static const ARMCPRegInfo gicv3_cpuif_icc_apxr1_reginfo[] = {
2639 { .name = "ICC_AP0R1_EL1", .state = ARM_CP_STATE_BOTH,
2640 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 5,
2641 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2642 .access = PL1_RW, .accessfn = gicv3_fiq_access,
2643 .readfn = icc_ap_read,
2644 .writefn = icc_ap_write,
2645 },
2646 { .name = "ICC_AP1R1_EL1", .state = ARM_CP_STATE_BOTH,
2647 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 1,
2648 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2649 .access = PL1_RW, .accessfn = gicv3_irq_access,
2650 .readfn = icc_ap_read,
2651 .writefn = icc_ap_write,
2652 },
2653 };
2654
2655 static const ARMCPRegInfo gicv3_cpuif_icc_apxr23_reginfo[] = {
2656 { .name = "ICC_AP0R2_EL1", .state = ARM_CP_STATE_BOTH,
2657 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 6,
2658 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2659 .access = PL1_RW, .accessfn = gicv3_fiq_access,
2660 .readfn = icc_ap_read,
2661 .writefn = icc_ap_write,
2662 },
2663 { .name = "ICC_AP0R3_EL1", .state = ARM_CP_STATE_BOTH,
2664 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 7,
2665 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2666 .access = PL1_RW, .accessfn = gicv3_fiq_access,
2667 .readfn = icc_ap_read,
2668 .writefn = icc_ap_write,
2669 },
2670 { .name = "ICC_AP1R2_EL1", .state = ARM_CP_STATE_BOTH,
2671 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 2,
2672 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2673 .access = PL1_RW, .accessfn = gicv3_irq_access,
2674 .readfn = icc_ap_read,
2675 .writefn = icc_ap_write,
2676 },
2677 { .name = "ICC_AP1R3_EL1", .state = ARM_CP_STATE_BOTH,
2678 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 3,
2679 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2680 .access = PL1_RW, .accessfn = gicv3_irq_access,
2681 .readfn = icc_ap_read,
2682 .writefn = icc_ap_write,
2683 },
2684 };
2685
2686 static const ARMCPRegInfo gicv3_cpuif_gicv3_nmi_reginfo[] = {
2687 { .name = "ICC_NMIAR1_EL1", .state = ARM_CP_STATE_BOTH,
2688 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 5,
2689 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2690 .access = PL1_R, .accessfn = gicv3_irq_access,
2691 .readfn = icc_nmiar1_read,
2692 },
2693 };
2694
ich_ap_read(CPUARMState * env,const ARMCPRegInfo * ri)2695 static uint64_t ich_ap_read(CPUARMState *env, const ARMCPRegInfo *ri)
2696 {
2697 GICv3CPUState *cs = icc_cs_from_env(env);
2698 int regno = ri->opc2 & 3;
2699 int grp = (ri->crm & 1) ? GICV3_G1NS : GICV3_G0;
2700 uint64_t value;
2701
2702 value = cs->ich_apr[grp][regno];
2703 trace_gicv3_ich_ap_read(ri->crm & 1, regno, gicv3_redist_affid(cs), value);
2704 return value;
2705 }
2706
ich_ap_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)2707 static void ich_ap_write(CPUARMState *env, const ARMCPRegInfo *ri,
2708 uint64_t value)
2709 {
2710 GICv3CPUState *cs = icc_cs_from_env(env);
2711 int regno = ri->opc2 & 3;
2712 int grp = (ri->crm & 1) ? GICV3_G1NS : GICV3_G0;
2713
2714 trace_gicv3_ich_ap_write(ri->crm & 1, regno, gicv3_redist_affid(cs), value);
2715
2716 if (cs->nmi_support) {
2717 cs->ich_apr[grp][regno] = value & (0xFFFFFFFFU | ICV_AP1R_EL1_NMI);
2718 } else {
2719 cs->ich_apr[grp][regno] = value & 0xFFFFFFFFU;
2720 }
2721 gicv3_cpuif_virt_irq_fiq_update(cs);
2722 }
2723
ich_hcr_read(CPUARMState * env,const ARMCPRegInfo * ri)2724 static uint64_t ich_hcr_read(CPUARMState *env, const ARMCPRegInfo *ri)
2725 {
2726 GICv3CPUState *cs = icc_cs_from_env(env);
2727 uint64_t value = cs->ich_hcr_el2;
2728
2729 trace_gicv3_ich_hcr_read(gicv3_redist_affid(cs), value);
2730 return value;
2731 }
2732
ich_hcr_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)2733 static void ich_hcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
2734 uint64_t value)
2735 {
2736 GICv3CPUState *cs = icc_cs_from_env(env);
2737
2738 trace_gicv3_ich_hcr_write(gicv3_redist_affid(cs), value);
2739
2740 value &= ICH_HCR_EL2_EN | ICH_HCR_EL2_UIE | ICH_HCR_EL2_LRENPIE |
2741 ICH_HCR_EL2_NPIE | ICH_HCR_EL2_VGRP0EIE | ICH_HCR_EL2_VGRP0DIE |
2742 ICH_HCR_EL2_VGRP1EIE | ICH_HCR_EL2_VGRP1DIE | ICH_HCR_EL2_TC |
2743 ICH_HCR_EL2_TALL0 | ICH_HCR_EL2_TALL1 | ICH_HCR_EL2_TSEI |
2744 ICH_HCR_EL2_TDIR | ICH_HCR_EL2_EOICOUNT_MASK;
2745
2746 cs->ich_hcr_el2 = value;
2747 gicv3_cpuif_virt_update(cs);
2748 }
2749
ich_vmcr_read(CPUARMState * env,const ARMCPRegInfo * ri)2750 static uint64_t ich_vmcr_read(CPUARMState *env, const ARMCPRegInfo *ri)
2751 {
2752 GICv3CPUState *cs = icc_cs_from_env(env);
2753 uint64_t value = cs->ich_vmcr_el2;
2754
2755 trace_gicv3_ich_vmcr_read(gicv3_redist_affid(cs), value);
2756 return value;
2757 }
2758
ich_vmcr_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)2759 static void ich_vmcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
2760 uint64_t value)
2761 {
2762 GICv3CPUState *cs = icc_cs_from_env(env);
2763
2764 trace_gicv3_ich_vmcr_write(gicv3_redist_affid(cs), value);
2765
2766 value &= ICH_VMCR_EL2_VENG0 | ICH_VMCR_EL2_VENG1 | ICH_VMCR_EL2_VCBPR |
2767 ICH_VMCR_EL2_VEOIM | ICH_VMCR_EL2_VBPR1_MASK |
2768 ICH_VMCR_EL2_VBPR0_MASK | ICH_VMCR_EL2_VPMR_MASK;
2769 value |= ICH_VMCR_EL2_VFIQEN;
2770
2771 cs->ich_vmcr_el2 = value;
2772 /* Enforce "writing BPRs to less than minimum sets them to the minimum"
2773 * by reading and writing back the fields.
2774 */
2775 write_vbpr(cs, GICV3_G0, read_vbpr(cs, GICV3_G0));
2776 write_vbpr(cs, GICV3_G1, read_vbpr(cs, GICV3_G1));
2777
2778 gicv3_cpuif_virt_update(cs);
2779 }
2780
ich_lr_read(CPUARMState * env,const ARMCPRegInfo * ri)2781 static uint64_t ich_lr_read(CPUARMState *env, const ARMCPRegInfo *ri)
2782 {
2783 GICv3CPUState *cs = icc_cs_from_env(env);
2784 int regno = ri->opc2 | ((ri->crm & 1) << 3);
2785 uint64_t value;
2786
2787 /* This read function handles all of:
2788 * 64-bit reads of the whole LR
2789 * 32-bit reads of the low half of the LR
2790 * 32-bit reads of the high half of the LR
2791 */
2792 if (ri->state == ARM_CP_STATE_AA32) {
2793 if (ri->crm >= 14) {
2794 value = extract64(cs->ich_lr_el2[regno], 32, 32);
2795 trace_gicv3_ich_lrc_read(regno, gicv3_redist_affid(cs), value);
2796 } else {
2797 value = extract64(cs->ich_lr_el2[regno], 0, 32);
2798 trace_gicv3_ich_lr32_read(regno, gicv3_redist_affid(cs), value);
2799 }
2800 } else {
2801 value = cs->ich_lr_el2[regno];
2802 trace_gicv3_ich_lr_read(regno, gicv3_redist_affid(cs), value);
2803 }
2804
2805 return value;
2806 }
2807
ich_lr_write(CPUARMState * env,const ARMCPRegInfo * ri,uint64_t value)2808 static void ich_lr_write(CPUARMState *env, const ARMCPRegInfo *ri,
2809 uint64_t value)
2810 {
2811 GICv3CPUState *cs = icc_cs_from_env(env);
2812 int regno = ri->opc2 | ((ri->crm & 1) << 3);
2813
2814 /* This write function handles all of:
2815 * 64-bit writes to the whole LR
2816 * 32-bit writes to the low half of the LR
2817 * 32-bit writes to the high half of the LR
2818 */
2819 if (ri->state == ARM_CP_STATE_AA32) {
2820 if (ri->crm >= 14) {
2821 trace_gicv3_ich_lrc_write(regno, gicv3_redist_affid(cs), value);
2822 value = deposit64(cs->ich_lr_el2[regno], 32, 32, value);
2823 } else {
2824 trace_gicv3_ich_lr32_write(regno, gicv3_redist_affid(cs), value);
2825 value = deposit64(cs->ich_lr_el2[regno], 0, 32, value);
2826 }
2827 } else {
2828 trace_gicv3_ich_lr_write(regno, gicv3_redist_affid(cs), value);
2829 }
2830
2831 /* Enforce RES0 bits in priority field */
2832 if (cs->vpribits < 8) {
2833 value = deposit64(value, ICH_LR_EL2_PRIORITY_SHIFT,
2834 8 - cs->vpribits, 0);
2835 }
2836
2837 /* Enforce RES0 bit in NMI field when FEAT_GICv3_NMI is not implemented */
2838 if (!cs->nmi_support) {
2839 value &= ~ICH_LR_EL2_NMI;
2840 }
2841
2842 cs->ich_lr_el2[regno] = value;
2843 gicv3_cpuif_virt_update(cs);
2844 }
2845
ich_vtr_read(CPUARMState * env,const ARMCPRegInfo * ri)2846 static uint64_t ich_vtr_read(CPUARMState *env, const ARMCPRegInfo *ri)
2847 {
2848 GICv3CPUState *cs = icc_cs_from_env(env);
2849 uint64_t value;
2850
2851 value = ((cs->num_list_regs - 1) << ICH_VTR_EL2_LISTREGS_SHIFT)
2852 | ICH_VTR_EL2_TDS | ICH_VTR_EL2_A3V
2853 | (1 << ICH_VTR_EL2_IDBITS_SHIFT)
2854 | ((cs->vprebits - 1) << ICH_VTR_EL2_PREBITS_SHIFT)
2855 | ((cs->vpribits - 1) << ICH_VTR_EL2_PRIBITS_SHIFT);
2856
2857 if (cs->gic->revision < 4) {
2858 value |= ICH_VTR_EL2_NV4;
2859 }
2860
2861 trace_gicv3_ich_vtr_read(gicv3_redist_affid(cs), value);
2862 return value;
2863 }
2864
ich_misr_read(CPUARMState * env,const ARMCPRegInfo * ri)2865 static uint64_t ich_misr_read(CPUARMState *env, const ARMCPRegInfo *ri)
2866 {
2867 GICv3CPUState *cs = icc_cs_from_env(env);
2868 uint64_t value = maintenance_interrupt_state(cs);
2869
2870 trace_gicv3_ich_misr_read(gicv3_redist_affid(cs), value);
2871 return value;
2872 }
2873
ich_eisr_read(CPUARMState * env,const ARMCPRegInfo * ri)2874 static uint64_t ich_eisr_read(CPUARMState *env, const ARMCPRegInfo *ri)
2875 {
2876 GICv3CPUState *cs = icc_cs_from_env(env);
2877 uint64_t value = eoi_maintenance_interrupt_state(cs, NULL);
2878
2879 trace_gicv3_ich_eisr_read(gicv3_redist_affid(cs), value);
2880 return value;
2881 }
2882
ich_elrsr_read(CPUARMState * env,const ARMCPRegInfo * ri)2883 static uint64_t ich_elrsr_read(CPUARMState *env, const ARMCPRegInfo *ri)
2884 {
2885 GICv3CPUState *cs = icc_cs_from_env(env);
2886 uint64_t value = 0;
2887 int i;
2888
2889 for (i = 0; i < cs->num_list_regs; i++) {
2890 uint64_t lr = cs->ich_lr_el2[i];
2891
2892 if ((lr & ICH_LR_EL2_STATE_MASK) == 0 &&
2893 ((lr & ICH_LR_EL2_HW) != 0 || (lr & ICH_LR_EL2_EOI) == 0)) {
2894 value |= (1 << i);
2895 }
2896 }
2897
2898 trace_gicv3_ich_elrsr_read(gicv3_redist_affid(cs), value);
2899 return value;
2900 }
2901
2902 static const ARMCPRegInfo gicv3_cpuif_hcr_reginfo[] = {
2903 { .name = "ICH_AP0R0_EL2", .state = ARM_CP_STATE_BOTH,
2904 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 8, .opc2 = 0,
2905 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2906 .nv2_redirect_offset = 0x480,
2907 .access = PL2_RW,
2908 .readfn = ich_ap_read,
2909 .writefn = ich_ap_write,
2910 },
2911 { .name = "ICH_AP1R0_EL2", .state = ARM_CP_STATE_BOTH,
2912 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 9, .opc2 = 0,
2913 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2914 .nv2_redirect_offset = 0x4a0,
2915 .access = PL2_RW,
2916 .readfn = ich_ap_read,
2917 .writefn = ich_ap_write,
2918 },
2919 { .name = "ICH_HCR_EL2", .state = ARM_CP_STATE_BOTH,
2920 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 11, .opc2 = 0,
2921 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2922 .nv2_redirect_offset = 0x4c0,
2923 .access = PL2_RW,
2924 .readfn = ich_hcr_read,
2925 .writefn = ich_hcr_write,
2926 },
2927 { .name = "ICH_VTR_EL2", .state = ARM_CP_STATE_BOTH,
2928 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 11, .opc2 = 1,
2929 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2930 .access = PL2_R,
2931 .readfn = ich_vtr_read,
2932 },
2933 { .name = "ICH_MISR_EL2", .state = ARM_CP_STATE_BOTH,
2934 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 11, .opc2 = 2,
2935 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2936 .access = PL2_R,
2937 .readfn = ich_misr_read,
2938 },
2939 { .name = "ICH_EISR_EL2", .state = ARM_CP_STATE_BOTH,
2940 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 11, .opc2 = 3,
2941 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2942 .access = PL2_R,
2943 .readfn = ich_eisr_read,
2944 },
2945 { .name = "ICH_ELRSR_EL2", .state = ARM_CP_STATE_BOTH,
2946 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 11, .opc2 = 5,
2947 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2948 .access = PL2_R,
2949 .readfn = ich_elrsr_read,
2950 },
2951 { .name = "ICH_VMCR_EL2", .state = ARM_CP_STATE_BOTH,
2952 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 11, .opc2 = 7,
2953 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2954 .nv2_redirect_offset = 0x4c8,
2955 .access = PL2_RW,
2956 .readfn = ich_vmcr_read,
2957 .writefn = ich_vmcr_write,
2958 },
2959 };
2960
2961 static const ARMCPRegInfo gicv3_cpuif_ich_apxr1_reginfo[] = {
2962 { .name = "ICH_AP0R1_EL2", .state = ARM_CP_STATE_BOTH,
2963 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 8, .opc2 = 1,
2964 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2965 .nv2_redirect_offset = 0x488,
2966 .access = PL2_RW,
2967 .readfn = ich_ap_read,
2968 .writefn = ich_ap_write,
2969 },
2970 { .name = "ICH_AP1R1_EL2", .state = ARM_CP_STATE_BOTH,
2971 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 9, .opc2 = 1,
2972 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2973 .nv2_redirect_offset = 0x4a8,
2974 .access = PL2_RW,
2975 .readfn = ich_ap_read,
2976 .writefn = ich_ap_write,
2977 },
2978 };
2979
2980 static const ARMCPRegInfo gicv3_cpuif_ich_apxr23_reginfo[] = {
2981 { .name = "ICH_AP0R2_EL2", .state = ARM_CP_STATE_BOTH,
2982 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 8, .opc2 = 2,
2983 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2984 .nv2_redirect_offset = 0x490,
2985 .access = PL2_RW,
2986 .readfn = ich_ap_read,
2987 .writefn = ich_ap_write,
2988 },
2989 { .name = "ICH_AP0R3_EL2", .state = ARM_CP_STATE_BOTH,
2990 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 8, .opc2 = 3,
2991 .type = ARM_CP_IO | ARM_CP_NO_RAW,
2992 .nv2_redirect_offset = 0x498,
2993 .access = PL2_RW,
2994 .readfn = ich_ap_read,
2995 .writefn = ich_ap_write,
2996 },
2997 { .name = "ICH_AP1R2_EL2", .state = ARM_CP_STATE_BOTH,
2998 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 9, .opc2 = 2,
2999 .type = ARM_CP_IO | ARM_CP_NO_RAW,
3000 .nv2_redirect_offset = 0x4b0,
3001 .access = PL2_RW,
3002 .readfn = ich_ap_read,
3003 .writefn = ich_ap_write,
3004 },
3005 { .name = "ICH_AP1R3_EL2", .state = ARM_CP_STATE_BOTH,
3006 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 9, .opc2 = 3,
3007 .type = ARM_CP_IO | ARM_CP_NO_RAW,
3008 .nv2_redirect_offset = 0x4b8,
3009 .access = PL2_RW,
3010 .readfn = ich_ap_read,
3011 .writefn = ich_ap_write,
3012 },
3013 };
3014
gicv3_cpuif_el_change_hook(ARMCPU * cpu,void * opaque)3015 static void gicv3_cpuif_el_change_hook(ARMCPU *cpu, void *opaque)
3016 {
3017 GICv3CPUState *cs = opaque;
3018
3019 gicv3_cpuif_update(cs);
3020 /*
3021 * Because vLPIs are only pending in NonSecure state,
3022 * an EL change can change the VIRQ/VFIQ status (but
3023 * cannot affect the maintenance interrupt state)
3024 */
3025 gicv3_cpuif_virt_irq_fiq_update(cs);
3026 }
3027
gicv3_init_cpuif(GICv3State * s)3028 void gicv3_init_cpuif(GICv3State *s)
3029 {
3030 /* Called from the GICv3 realize function; register our system
3031 * registers with the CPU
3032 */
3033 int i;
3034
3035 for (i = 0; i < s->num_cpu; i++) {
3036 ARMCPU *cpu = ARM_CPU(qemu_get_cpu(i));
3037 GICv3CPUState *cs = &s->cpu[i];
3038
3039 /*
3040 * If the CPU doesn't define a GICv3 configuration, probably because
3041 * in real hardware it doesn't have one, then we use default values
3042 * matching the one used by most Arm CPUs. This applies to:
3043 * cpu->gic_num_lrs
3044 * cpu->gic_vpribits
3045 * cpu->gic_vprebits
3046 * cpu->gic_pribits
3047 */
3048
3049 /* Note that we can't just use the GICv3CPUState as an opaque pointer
3050 * in define_arm_cp_regs_with_opaque(), because when we're called back
3051 * it might be with code translated by CPU 0 but run by CPU 1, in
3052 * which case we'd get the wrong value.
3053 * So instead we define the regs with no ri->opaque info, and
3054 * get back to the GICv3CPUState from the CPUARMState.
3055 *
3056 * These CP regs callbacks can be called from either TCG or HVF code.
3057 */
3058 define_arm_cp_regs(cpu, gicv3_cpuif_reginfo);
3059
3060 /*
3061 * If the CPU implements FEAT_NMI and FEAT_GICv3 it must also
3062 * implement FEAT_GICv3_NMI, which is the CPU interface part
3063 * of NMI support. This is distinct from whether the GIC proper
3064 * (redistributors and distributor) have NMI support. In QEMU
3065 * that is a property of the GIC device in s->nmi_support;
3066 * cs->nmi_support indicates the CPU interface's support.
3067 */
3068 if (cpu_isar_feature(aa64_nmi, cpu)) {
3069 cs->nmi_support = true;
3070 define_arm_cp_regs(cpu, gicv3_cpuif_gicv3_nmi_reginfo);
3071 }
3072
3073 /*
3074 * The CPU implementation specifies the number of supported
3075 * bits of physical priority. For backwards compatibility
3076 * of migration, we have a compat property that forces use
3077 * of 8 priority bits regardless of what the CPU really has.
3078 */
3079 if (s->force_8bit_prio) {
3080 cs->pribits = 8;
3081 } else {
3082 cs->pribits = cpu->gic_pribits ?: 5;
3083 }
3084
3085 /*
3086 * The GICv3 has separate ID register fields for virtual priority
3087 * and preemption bit values, but only a single ID register field
3088 * for the physical priority bits. The preemption bit count is
3089 * always the same as the priority bit count, except that 8 bits
3090 * of priority means 7 preemption bits. We precalculate the
3091 * preemption bits because it simplifies the code and makes the
3092 * parallels between the virtual and physical bits of the GIC
3093 * a bit clearer.
3094 */
3095 cs->prebits = cs->pribits;
3096 if (cs->prebits == 8) {
3097 cs->prebits--;
3098 }
3099 /*
3100 * Check that CPU code defining pribits didn't violate
3101 * architectural constraints our implementation relies on.
3102 */
3103 g_assert(cs->pribits >= 4 && cs->pribits <= 8);
3104
3105 /*
3106 * gicv3_cpuif_reginfo[] defines ICC_AP*R0_EL1; add definitions
3107 * for ICC_AP*R{1,2,3}_EL1 if the prebits value requires them.
3108 */
3109 if (cs->prebits >= 6) {
3110 define_arm_cp_regs(cpu, gicv3_cpuif_icc_apxr1_reginfo);
3111 }
3112 if (cs->prebits == 7) {
3113 define_arm_cp_regs(cpu, gicv3_cpuif_icc_apxr23_reginfo);
3114 }
3115
3116 if (arm_feature(&cpu->env, ARM_FEATURE_EL2)) {
3117 int j;
3118
3119 cs->num_list_regs = cpu->gic_num_lrs ?: 4;
3120 cs->vpribits = cpu->gic_vpribits ?: 5;
3121 cs->vprebits = cpu->gic_vprebits ?: 5;
3122
3123 /* Check against architectural constraints: getting these
3124 * wrong would be a bug in the CPU code defining these,
3125 * and the implementation relies on them holding.
3126 */
3127 g_assert(cs->vprebits <= cs->vpribits);
3128 g_assert(cs->vprebits >= 5 && cs->vprebits <= 7);
3129 g_assert(cs->vpribits >= 5 && cs->vpribits <= 8);
3130
3131 define_arm_cp_regs(cpu, gicv3_cpuif_hcr_reginfo);
3132
3133 for (j = 0; j < cs->num_list_regs; j++) {
3134 /* Note that the AArch64 LRs are 64-bit; the AArch32 LRs
3135 * are split into two cp15 regs, LR (the low part, with the
3136 * same encoding as the AArch64 LR) and LRC (the high part).
3137 */
3138 ARMCPRegInfo lr_regset[] = {
3139 { .name = "ICH_LRn_EL2", .state = ARM_CP_STATE_BOTH,
3140 .opc0 = 3, .opc1 = 4, .crn = 12,
3141 .crm = 12 + (j >> 3), .opc2 = j & 7,
3142 .type = ARM_CP_IO | ARM_CP_NO_RAW,
3143 .nv2_redirect_offset = 0x400 + 8 * j,
3144 .access = PL2_RW,
3145 .readfn = ich_lr_read,
3146 .writefn = ich_lr_write,
3147 },
3148 { .name = "ICH_LRCn_EL2", .state = ARM_CP_STATE_AA32,
3149 .cp = 15, .opc1 = 4, .crn = 12,
3150 .crm = 14 + (j >> 3), .opc2 = j & 7,
3151 .type = ARM_CP_IO | ARM_CP_NO_RAW,
3152 .access = PL2_RW,
3153 .readfn = ich_lr_read,
3154 .writefn = ich_lr_write,
3155 },
3156 };
3157 define_arm_cp_regs(cpu, lr_regset);
3158 }
3159 if (cs->vprebits >= 6) {
3160 define_arm_cp_regs(cpu, gicv3_cpuif_ich_apxr1_reginfo);
3161 }
3162 if (cs->vprebits == 7) {
3163 define_arm_cp_regs(cpu, gicv3_cpuif_ich_apxr23_reginfo);
3164 }
3165 }
3166 if (tcg_enabled() || qtest_enabled()) {
3167 /*
3168 * We can only trap EL changes with TCG. However the GIC interrupt
3169 * state only changes on EL changes involving EL2 or EL3, so for
3170 * the non-TCG case this is OK, as EL2 and EL3 can't exist.
3171 */
3172 arm_register_el_change_hook(cpu, gicv3_cpuif_el_change_hook, cs);
3173 } else {
3174 assert(!arm_feature(&cpu->env, ARM_FEATURE_EL2));
3175 assert(!arm_feature(&cpu->env, ARM_FEATURE_EL3));
3176 }
3177 }
3178 }
3179