1 /*
2 * QEMU PowerPC XIVE interrupt controller model
3 *
4 * Copyright (c) 2017-2018, IBM Corporation.
5 *
6 * SPDX-License-Identifier: GPL-2.0-or-later
7 */
8
9 #include "qemu/osdep.h"
10 #include "qemu/log.h"
11 #include "qemu/module.h"
12 #include "qapi/error.h"
13 #include "target/ppc/cpu.h"
14 #include "system/cpus.h"
15 #include "system/dma.h"
16 #include "system/reset.h"
17 #include "hw/qdev-properties.h"
18 #include "migration/vmstate.h"
19 #include "hw/irq.h"
20 #include "hw/ppc/xive.h"
21 #include "hw/ppc/xive2.h"
22 #include "hw/ppc/xive_regs.h"
23 #include "trace.h"
24
25 /*
26 * XIVE Thread Interrupt Management context
27 */
xive_ring_valid(XiveTCTX * tctx,uint8_t ring)28 bool xive_ring_valid(XiveTCTX *tctx, uint8_t ring)
29 {
30 uint8_t cur_ring;
31
32 for (cur_ring = ring; cur_ring <= TM_QW3_HV_PHYS;
33 cur_ring += XIVE_TM_RING_SIZE) {
34 if (!(tctx->regs[cur_ring + TM_WORD2] & 0x80)) {
35 return false;
36 }
37 }
38 return true;
39 }
40
xive_nsr_indicates_exception(uint8_t ring,uint8_t nsr)41 bool xive_nsr_indicates_exception(uint8_t ring, uint8_t nsr)
42 {
43 switch (ring) {
44 case TM_QW1_OS:
45 return !!(nsr & TM_QW1_NSR_EO);
46 case TM_QW2_HV_POOL:
47 case TM_QW3_HV_PHYS:
48 return !!(nsr & TM_QW3_NSR_HE);
49 default:
50 g_assert_not_reached();
51 }
52 }
53
xive_nsr_indicates_group_exception(uint8_t ring,uint8_t nsr)54 bool xive_nsr_indicates_group_exception(uint8_t ring, uint8_t nsr)
55 {
56 if ((nsr & TM_NSR_GRP_LVL) > 0) {
57 g_assert(xive_nsr_indicates_exception(ring, nsr));
58 return true;
59 }
60 return false;
61 }
62
xive_nsr_exception_ring(uint8_t ring,uint8_t nsr)63 uint8_t xive_nsr_exception_ring(uint8_t ring, uint8_t nsr)
64 {
65 /* NSR determines if pool/phys ring is for phys or pool interrupt */
66 if ((ring == TM_QW3_HV_PHYS) || (ring == TM_QW2_HV_POOL)) {
67 uint8_t he = (nsr & TM_QW3_NSR_HE) >> 6;
68
69 if (he == TM_QW3_NSR_HE_PHYS) {
70 return TM_QW3_HV_PHYS;
71 } else if (he == TM_QW3_NSR_HE_POOL) {
72 return TM_QW2_HV_POOL;
73 } else {
74 /* Don't support LSI mode */
75 g_assert_not_reached();
76 }
77 }
78 return ring;
79 }
80
xive_tctx_output(XiveTCTX * tctx,uint8_t ring)81 static qemu_irq xive_tctx_output(XiveTCTX *tctx, uint8_t ring)
82 {
83 switch (ring) {
84 case TM_QW0_USER:
85 return 0; /* Not supported */
86 case TM_QW1_OS:
87 return tctx->os_output;
88 case TM_QW2_HV_POOL:
89 case TM_QW3_HV_PHYS:
90 return tctx->hv_output;
91 default:
92 return 0;
93 }
94 }
95
96 /*
97 * interrupt is accepted on the presentation ring, for PHYS ring the NSR
98 * directs it to the PHYS or POOL rings.
99 */
xive_tctx_accept(XiveTCTX * tctx,uint8_t sig_ring)100 uint64_t xive_tctx_accept(XiveTCTX *tctx, uint8_t sig_ring)
101 {
102 uint8_t *sig_regs = &tctx->regs[sig_ring];
103 uint8_t nsr = sig_regs[TM_NSR];
104
105 g_assert(sig_ring == TM_QW1_OS || sig_ring == TM_QW3_HV_PHYS);
106
107 g_assert(tctx->regs[TM_QW2_HV_POOL + TM_NSR] == 0);
108 g_assert(tctx->regs[TM_QW2_HV_POOL + TM_PIPR] == 0);
109 g_assert(tctx->regs[TM_QW2_HV_POOL + TM_CPPR] == 0);
110
111 if (xive_nsr_indicates_exception(sig_ring, nsr)) {
112 uint8_t cppr = sig_regs[TM_PIPR];
113 uint8_t ring;
114 uint8_t *regs;
115
116 ring = xive_nsr_exception_ring(sig_ring, nsr);
117 regs = &tctx->regs[ring];
118
119 sig_regs[TM_CPPR] = cppr;
120
121 /*
122 * If the interrupt was for a specific VP, reset the pending
123 * buffer bit, otherwise clear the logical server indicator
124 */
125 if (!xive_nsr_indicates_group_exception(sig_ring, nsr)) {
126 regs[TM_IPB] &= ~xive_priority_to_ipb(cppr);
127 }
128
129 /* Clear the exception from NSR */
130 sig_regs[TM_NSR] = 0;
131 qemu_irq_lower(xive_tctx_output(tctx, sig_ring));
132
133 trace_xive_tctx_accept(tctx->cs->cpu_index, ring,
134 regs[TM_IPB], sig_regs[TM_PIPR],
135 sig_regs[TM_CPPR], sig_regs[TM_NSR]);
136 }
137
138 return ((uint64_t)nsr << 8) | sig_regs[TM_CPPR];
139 }
140
141 /* Change PIPR and calculate NSR and irq based on PIPR, CPPR, group */
xive_tctx_pipr_set(XiveTCTX * tctx,uint8_t ring,uint8_t pipr,uint8_t group_level)142 void xive_tctx_pipr_set(XiveTCTX *tctx, uint8_t ring, uint8_t pipr,
143 uint8_t group_level)
144 {
145 uint8_t *sig_regs = xive_tctx_signal_regs(tctx, ring);
146 uint8_t *regs = &tctx->regs[ring];
147
148 g_assert(!xive_nsr_indicates_group_exception(ring, sig_regs[TM_NSR]));
149
150 sig_regs[TM_PIPR] = pipr;
151
152 if (pipr < sig_regs[TM_CPPR]) {
153 switch (ring) {
154 case TM_QW1_OS:
155 sig_regs[TM_NSR] = TM_QW1_NSR_EO | (group_level & 0x3F);
156 break;
157 case TM_QW2_HV_POOL:
158 sig_regs[TM_NSR] = (TM_QW3_NSR_HE_POOL << 6) | (group_level & 0x3F);
159 break;
160 case TM_QW3_HV_PHYS:
161 sig_regs[TM_NSR] = (TM_QW3_NSR_HE_PHYS << 6) | (group_level & 0x3F);
162 break;
163 default:
164 g_assert_not_reached();
165 }
166 trace_xive_tctx_notify(tctx->cs->cpu_index, ring,
167 regs[TM_IPB], pipr,
168 sig_regs[TM_CPPR], sig_regs[TM_NSR]);
169 qemu_irq_raise(xive_tctx_output(tctx, ring));
170 } else {
171 sig_regs[TM_NSR] = 0;
172 qemu_irq_lower(xive_tctx_output(tctx, ring));
173 }
174 }
175
xive_tctx_reset_signal(XiveTCTX * tctx,uint8_t ring)176 void xive_tctx_reset_signal(XiveTCTX *tctx, uint8_t ring)
177 {
178 /*
179 * Lower the External interrupt. Used when pulling a context. It is
180 * necessary to avoid catching it in the higher privilege context. It
181 * should be raised again when re-pushing the lower privilege context.
182 */
183 qemu_irq_lower(xive_tctx_output(tctx, ring));
184 }
185
xive_tctx_set_cppr(XiveTCTX * tctx,uint8_t ring,uint8_t cppr)186 static void xive_tctx_set_cppr(XiveTCTX *tctx, uint8_t ring, uint8_t cppr)
187 {
188 uint8_t *sig_regs = &tctx->regs[ring];
189 uint8_t pipr_min;
190 uint8_t ring_min;
191
192 g_assert(ring == TM_QW1_OS || ring == TM_QW3_HV_PHYS);
193
194 g_assert(tctx->regs[TM_QW2_HV_POOL + TM_NSR] == 0);
195 g_assert(tctx->regs[TM_QW2_HV_POOL + TM_PIPR] == 0);
196 g_assert(tctx->regs[TM_QW2_HV_POOL + TM_CPPR] == 0);
197
198 /* XXX: should show pool IPB for PHYS ring */
199 trace_xive_tctx_set_cppr(tctx->cs->cpu_index, ring,
200 sig_regs[TM_IPB], sig_regs[TM_PIPR],
201 cppr, sig_regs[TM_NSR]);
202
203 if (cppr > XIVE_PRIORITY_MAX) {
204 cppr = 0xff;
205 }
206
207 sig_regs[TM_CPPR] = cppr;
208
209 /*
210 * Recompute the PIPR based on local pending interrupts. The PHYS
211 * ring must take the minimum of both the PHYS and POOL PIPR values.
212 */
213 pipr_min = xive_ipb_to_pipr(sig_regs[TM_IPB]);
214 ring_min = ring;
215
216 /* PHYS updates also depend on POOL values */
217 if (ring == TM_QW3_HV_PHYS) {
218 uint8_t *pool_regs = &tctx->regs[TM_QW2_HV_POOL];
219
220 /* POOL values only matter if POOL ctx is valid */
221 if (pool_regs[TM_WORD2] & 0x80) {
222 uint8_t pool_pipr = xive_ipb_to_pipr(pool_regs[TM_IPB]);
223
224 /*
225 * Determine highest priority interrupt and
226 * remember which ring has it.
227 */
228 if (pool_pipr < pipr_min) {
229 pipr_min = pool_pipr;
230 ring_min = TM_QW2_HV_POOL;
231 }
232 }
233 }
234
235 /* CPPR has changed, this may present or preclude a pending exception */
236 xive_tctx_pipr_set(tctx, ring_min, pipr_min, 0);
237 }
238
xive_tctx_pipr_recompute_from_ipb(XiveTCTX * tctx,uint8_t ring)239 static void xive_tctx_pipr_recompute_from_ipb(XiveTCTX *tctx, uint8_t ring)
240 {
241 uint8_t *sig_regs = xive_tctx_signal_regs(tctx, ring);
242 uint8_t *regs = &tctx->regs[ring];
243
244 /* Does not support a presented group interrupt */
245 g_assert(!xive_nsr_indicates_group_exception(ring, sig_regs[TM_NSR]));
246
247 xive_tctx_pipr_set(tctx, ring, xive_ipb_to_pipr(regs[TM_IPB]), 0);
248 }
249
xive_tctx_pipr_present(XiveTCTX * tctx,uint8_t ring,uint8_t priority,uint8_t group_level)250 void xive_tctx_pipr_present(XiveTCTX *tctx, uint8_t ring, uint8_t priority,
251 uint8_t group_level)
252 {
253 uint8_t *sig_regs = xive_tctx_signal_regs(tctx, ring);
254 uint8_t *regs = &tctx->regs[ring];
255 uint8_t pipr = xive_priority_to_pipr(priority);
256
257 if (group_level == 0) {
258 regs[TM_IPB] |= xive_priority_to_ipb(priority);
259 if (pipr >= sig_regs[TM_PIPR]) {
260 /* VP interrupts can come here with lower priority than PIPR */
261 return;
262 }
263 }
264 g_assert(pipr <= xive_ipb_to_pipr(regs[TM_IPB]));
265 g_assert(pipr < sig_regs[TM_PIPR]);
266 xive_tctx_pipr_set(tctx, ring, pipr, group_level);
267 }
268
269 /*
270 * XIVE Thread Interrupt Management Area (TIMA)
271 */
272
xive_tm_set_hv_cppr(XivePresenter * xptr,XiveTCTX * tctx,hwaddr offset,uint64_t value,unsigned size)273 static void xive_tm_set_hv_cppr(XivePresenter *xptr, XiveTCTX *tctx,
274 hwaddr offset, uint64_t value, unsigned size)
275 {
276 xive_tctx_set_cppr(tctx, TM_QW3_HV_PHYS, value & 0xff);
277 }
278
xive_tm_ack_hv_reg(XivePresenter * xptr,XiveTCTX * tctx,hwaddr offset,unsigned size)279 static uint64_t xive_tm_ack_hv_reg(XivePresenter *xptr, XiveTCTX *tctx,
280 hwaddr offset, unsigned size)
281 {
282 return xive_tctx_accept(tctx, TM_QW3_HV_PHYS);
283 }
284
xive_pool_cam_decode(uint32_t cam,uint8_t * nvt_blk,uint32_t * nvt_idx,bool * vp)285 static void xive_pool_cam_decode(uint32_t cam, uint8_t *nvt_blk,
286 uint32_t *nvt_idx, bool *vp)
287 {
288 if (nvt_blk) {
289 *nvt_blk = xive_nvt_blk(cam);
290 }
291 if (nvt_idx) {
292 *nvt_idx = xive_nvt_idx(cam);
293 }
294 if (vp) {
295 *vp = !!(cam & TM_QW2W2_VP);
296 }
297 }
298
xive_tctx_get_pool_cam(XiveTCTX * tctx,uint8_t * nvt_blk,uint32_t * nvt_idx,bool * vp)299 static uint32_t xive_tctx_get_pool_cam(XiveTCTX *tctx, uint8_t *nvt_blk,
300 uint32_t *nvt_idx, bool *vp)
301 {
302 uint32_t qw2w2 = xive_tctx_word2(&tctx->regs[TM_QW2_HV_POOL]);
303 uint32_t cam = be32_to_cpu(qw2w2);
304
305 xive_pool_cam_decode(cam, nvt_blk, nvt_idx, vp);
306 return qw2w2;
307 }
308
xive_tctx_set_pool_cam(XiveTCTX * tctx,uint32_t qw2w2)309 static void xive_tctx_set_pool_cam(XiveTCTX *tctx, uint32_t qw2w2)
310 {
311 memcpy(&tctx->regs[TM_QW2_HV_POOL + TM_WORD2], &qw2w2, 4);
312 }
313
xive_tm_pull_pool_ctx(XivePresenter * xptr,XiveTCTX * tctx,hwaddr offset,unsigned size)314 static uint64_t xive_tm_pull_pool_ctx(XivePresenter *xptr, XiveTCTX *tctx,
315 hwaddr offset, unsigned size)
316 {
317 uint32_t qw2w2;
318 uint32_t qw2w2_new;
319 uint8_t nvt_blk;
320 uint32_t nvt_idx;
321 bool vp;
322
323 qw2w2 = xive_tctx_get_pool_cam(tctx, &nvt_blk, &nvt_idx, &vp);
324
325 if (!vp) {
326 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: pull invalid POOL NVT %x/%x !?\n",
327 nvt_blk, nvt_idx);
328 }
329
330 /* Invalidate CAM line */
331 qw2w2_new = xive_set_field32(TM_QW2W2_VP, qw2w2, 0);
332 xive_tctx_set_pool_cam(tctx, qw2w2_new);
333
334 xive_tctx_reset_signal(tctx, TM_QW1_OS);
335 xive_tctx_reset_signal(tctx, TM_QW2_HV_POOL);
336 /* Re-check phys for interrupts if pool was disabled */
337 xive_tctx_pipr_recompute_from_ipb(tctx, TM_QW3_HV_PHYS);
338
339 return qw2w2;
340 }
341
xive_tm_pull_phys_ctx(XivePresenter * xptr,XiveTCTX * tctx,hwaddr offset,unsigned size)342 static uint64_t xive_tm_pull_phys_ctx(XivePresenter *xptr, XiveTCTX *tctx,
343 hwaddr offset, unsigned size)
344 {
345 uint8_t qw3b8 = tctx->regs[TM_QW3_HV_PHYS + TM_WORD2];
346 uint8_t qw3b8_new;
347
348 qw3b8 = tctx->regs[TM_QW3_HV_PHYS + TM_WORD2];
349 if (!(qw3b8 & TM_QW3B8_VT)) {
350 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: pulling invalid PHYS thread!?\n");
351 }
352 qw3b8_new = qw3b8 & ~TM_QW3B8_VT;
353 tctx->regs[TM_QW3_HV_PHYS + TM_WORD2] = qw3b8_new;
354
355 xive_tctx_reset_signal(tctx, TM_QW1_OS);
356 xive_tctx_reset_signal(tctx, TM_QW3_HV_PHYS);
357 return qw3b8;
358 }
359
xive_tm_vt_push(XivePresenter * xptr,XiveTCTX * tctx,hwaddr offset,uint64_t value,unsigned size)360 static void xive_tm_vt_push(XivePresenter *xptr, XiveTCTX *tctx, hwaddr offset,
361 uint64_t value, unsigned size)
362 {
363 tctx->regs[TM_QW3_HV_PHYS + TM_WORD2] = value & 0xff;
364 }
365
xive_tm_vt_poll(XivePresenter * xptr,XiveTCTX * tctx,hwaddr offset,unsigned size)366 static uint64_t xive_tm_vt_poll(XivePresenter *xptr, XiveTCTX *tctx,
367 hwaddr offset, unsigned size)
368 {
369 return tctx->regs[TM_QW3_HV_PHYS + TM_WORD2] & 0xff;
370 }
371
372 /*
373 * Define an access map for each page of the TIMA that we will use in
374 * the memory region ops to filter values when doing loads and stores
375 * of raw registers values
376 *
377 * Registers accessibility bits :
378 *
379 * 0x0 - no access
380 * 0x1 - write only
381 * 0x2 - read only
382 * 0x3 - read/write
383 */
384
385 static const uint8_t xive_tm_hw_view[] = {
386 3, 0, 0, 0, 0, 0, 0, 0, 3, 3, 3, 3, 0, 0, 0, 0, /* QW-0 User */
387 3, 3, 3, 3, 3, 3, 0, 2, 3, 3, 3, 3, 0, 0, 0, 3, /* QW-1 OS */
388 0, 0, 3, 3, 0, 3, 3, 0, 3, 3, 3, 3, 0, 0, 0, 0, /* QW-2 POOL */
389 3, 3, 3, 3, 0, 3, 0, 2, 3, 0, 0, 3, 3, 3, 3, 0, /* QW-3 PHYS */
390 };
391
392 static const uint8_t xive_tm_hv_view[] = {
393 3, 0, 0, 0, 0, 0, 0, 0, 3, 3, 3, 3, 0, 0, 0, 0, /* QW-0 User */
394 3, 3, 3, 3, 3, 3, 0, 2, 3, 3, 3, 3, 0, 0, 0, 3, /* QW-1 OS */
395 0, 0, 3, 3, 0, 3, 3, 0, 0, 3, 3, 3, 0, 0, 0, 0, /* QW-2 POOL */
396 3, 3, 3, 3, 0, 3, 0, 2, 3, 0, 0, 3, 0, 0, 0, 0, /* QW-3 PHYS */
397 };
398
399 static const uint8_t xive_tm_os_view[] = {
400 3, 0, 0, 0, 0, 0, 0, 0, 3, 3, 3, 3, 0, 0, 0, 0, /* QW-0 User */
401 2, 3, 2, 2, 2, 2, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, /* QW-1 OS */
402 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* QW-2 POOL */
403 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* QW-3 PHYS */
404 };
405
406 static const uint8_t xive_tm_user_view[] = {
407 3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* QW-0 User */
408 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* QW-1 OS */
409 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* QW-2 POOL */
410 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* QW-3 PHYS */
411 };
412
413 /*
414 * Overall TIMA access map for the thread interrupt management context
415 * registers
416 */
417 static const uint8_t *xive_tm_views[] = {
418 [XIVE_TM_HW_PAGE] = xive_tm_hw_view,
419 [XIVE_TM_HV_PAGE] = xive_tm_hv_view,
420 [XIVE_TM_OS_PAGE] = xive_tm_os_view,
421 [XIVE_TM_USER_PAGE] = xive_tm_user_view,
422 };
423
424 /*
425 * Computes a register access mask for a given offset in the TIMA
426 */
xive_tm_mask(hwaddr offset,unsigned size,bool write)427 static uint64_t xive_tm_mask(hwaddr offset, unsigned size, bool write)
428 {
429 uint8_t page_offset = (offset >> TM_SHIFT) & 0x3;
430 uint8_t reg_offset = offset & TM_REG_OFFSET;
431 uint8_t reg_mask = write ? 0x1 : 0x2;
432 uint64_t mask = 0x0;
433 int i;
434
435 for (i = 0; i < size; i++) {
436 if (xive_tm_views[page_offset][reg_offset + i] & reg_mask) {
437 mask |= (uint64_t) 0xff << (8 * (size - i - 1));
438 }
439 }
440
441 return mask;
442 }
443
xive_tm_raw_write(XiveTCTX * tctx,hwaddr offset,uint64_t value,unsigned size)444 static void xive_tm_raw_write(XiveTCTX *tctx, hwaddr offset, uint64_t value,
445 unsigned size)
446 {
447 uint8_t ring_offset = offset & TM_RING_OFFSET;
448 uint8_t reg_offset = offset & TM_REG_OFFSET;
449 uint64_t mask = xive_tm_mask(offset, size, true);
450 int i;
451
452 /*
453 * Only 4 or 8 bytes stores are allowed and the User ring is
454 * excluded
455 */
456 if (size < 4 || !mask || ring_offset == TM_QW0_USER) {
457 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid write access at TIMA @%"
458 HWADDR_PRIx" size %d\n", offset, size);
459 return;
460 }
461
462 /*
463 * Use the register offset for the raw values and filter out
464 * reserved values
465 */
466 for (i = 0; i < size; i++) {
467 uint8_t byte_mask = (mask >> (8 * (size - i - 1)));
468 if (byte_mask) {
469 tctx->regs[reg_offset + i] = (value >> (8 * (size - i - 1))) &
470 byte_mask;
471 }
472 }
473 }
474
xive_tm_raw_read(XiveTCTX * tctx,hwaddr offset,unsigned size)475 static uint64_t xive_tm_raw_read(XiveTCTX *tctx, hwaddr offset, unsigned size)
476 {
477 uint8_t ring_offset = offset & TM_RING_OFFSET;
478 uint8_t reg_offset = offset & TM_REG_OFFSET;
479 uint64_t mask = xive_tm_mask(offset, size, false);
480 uint64_t ret;
481 int i;
482
483 /*
484 * Only 4 or 8 bytes loads are allowed and the User ring is
485 * excluded
486 */
487 if (size < 4 || !mask || ring_offset == TM_QW0_USER) {
488 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid read access at TIMA @%"
489 HWADDR_PRIx" size %d\n", offset, size);
490 return -1;
491 }
492
493 /* Use the register offset for the raw values */
494 ret = 0;
495 for (i = 0; i < size; i++) {
496 ret |= (uint64_t) tctx->regs[reg_offset + i] << (8 * (size - i - 1));
497 }
498
499 /* filter out reserved values */
500 return ret & mask;
501 }
502
503 /*
504 * The TM context is mapped twice within each page. Stores and loads
505 * to the first mapping below 2K write and read the specified values
506 * without modification. The second mapping above 2K performs specific
507 * state changes (side effects) in addition to setting/returning the
508 * interrupt management area context of the processor thread.
509 */
xive_tm_ack_os_reg(XivePresenter * xptr,XiveTCTX * tctx,hwaddr offset,unsigned size)510 static uint64_t xive_tm_ack_os_reg(XivePresenter *xptr, XiveTCTX *tctx,
511 hwaddr offset, unsigned size)
512 {
513 return xive_tctx_accept(tctx, TM_QW1_OS);
514 }
515
xive_tm_set_os_cppr(XivePresenter * xptr,XiveTCTX * tctx,hwaddr offset,uint64_t value,unsigned size)516 static void xive_tm_set_os_cppr(XivePresenter *xptr, XiveTCTX *tctx,
517 hwaddr offset, uint64_t value, unsigned size)
518 {
519 xive_tctx_set_cppr(tctx, TM_QW1_OS, value & 0xff);
520 }
521
xive_tctx_set_lgs(XiveTCTX * tctx,uint8_t ring,uint8_t lgs)522 static void xive_tctx_set_lgs(XiveTCTX *tctx, uint8_t ring, uint8_t lgs)
523 {
524 uint8_t *regs = &tctx->regs[ring];
525
526 regs[TM_LGS] = lgs;
527 }
528
xive_tm_set_os_lgs(XivePresenter * xptr,XiveTCTX * tctx,hwaddr offset,uint64_t value,unsigned size)529 static void xive_tm_set_os_lgs(XivePresenter *xptr, XiveTCTX *tctx,
530 hwaddr offset, uint64_t value, unsigned size)
531 {
532 xive_tctx_set_lgs(tctx, TM_QW1_OS, value & 0xff);
533 }
534
xive_tm_set_pool_lgs(XivePresenter * xptr,XiveTCTX * tctx,hwaddr offset,uint64_t value,unsigned size)535 static void xive_tm_set_pool_lgs(XivePresenter *xptr, XiveTCTX *tctx,
536 hwaddr offset, uint64_t value, unsigned size)
537 {
538 xive_tctx_set_lgs(tctx, TM_QW2_HV_POOL, value & 0xff);
539 }
540
541 /*
542 * Adjust the PIPR to allow a CPU to process event queues of other
543 * priorities during one physical interrupt cycle.
544 */
xive_tm_set_os_pending(XivePresenter * xptr,XiveTCTX * tctx,hwaddr offset,uint64_t value,unsigned size)545 static void xive_tm_set_os_pending(XivePresenter *xptr, XiveTCTX *tctx,
546 hwaddr offset, uint64_t value, unsigned size)
547 {
548 uint8_t ring = TM_QW1_OS;
549 uint8_t *regs = &tctx->regs[ring];
550
551 /* XXX: how should this work exactly? */
552 regs[TM_IPB] |= xive_priority_to_ipb(value & 0xff);
553 xive_tctx_pipr_recompute_from_ipb(tctx, ring);
554 }
555
xive_os_cam_decode(uint32_t cam,uint8_t * nvt_blk,uint32_t * nvt_idx,bool * vo)556 static void xive_os_cam_decode(uint32_t cam, uint8_t *nvt_blk,
557 uint32_t *nvt_idx, bool *vo)
558 {
559 if (nvt_blk) {
560 *nvt_blk = xive_nvt_blk(cam);
561 }
562 if (nvt_idx) {
563 *nvt_idx = xive_nvt_idx(cam);
564 }
565 if (vo) {
566 *vo = !!(cam & TM_QW1W2_VO);
567 }
568 }
569
xive_tctx_get_os_cam(XiveTCTX * tctx,uint8_t * nvt_blk,uint32_t * nvt_idx,bool * vo)570 static uint32_t xive_tctx_get_os_cam(XiveTCTX *tctx, uint8_t *nvt_blk,
571 uint32_t *nvt_idx, bool *vo)
572 {
573 uint32_t qw1w2 = xive_tctx_word2(&tctx->regs[TM_QW1_OS]);
574 uint32_t cam = be32_to_cpu(qw1w2);
575
576 xive_os_cam_decode(cam, nvt_blk, nvt_idx, vo);
577 return qw1w2;
578 }
579
xive_tctx_set_os_cam(XiveTCTX * tctx,uint32_t qw1w2)580 static void xive_tctx_set_os_cam(XiveTCTX *tctx, uint32_t qw1w2)
581 {
582 memcpy(&tctx->regs[TM_QW1_OS + TM_WORD2], &qw1w2, 4);
583 }
584
xive_tm_pull_os_ctx(XivePresenter * xptr,XiveTCTX * tctx,hwaddr offset,unsigned size)585 static uint64_t xive_tm_pull_os_ctx(XivePresenter *xptr, XiveTCTX *tctx,
586 hwaddr offset, unsigned size)
587 {
588 uint32_t qw1w2;
589 uint32_t qw1w2_new;
590 uint8_t nvt_blk;
591 uint32_t nvt_idx;
592 bool vo;
593
594 qw1w2 = xive_tctx_get_os_cam(tctx, &nvt_blk, &nvt_idx, &vo);
595
596 if (!vo) {
597 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: pull invalid OS NVT %x/%x !?\n",
598 nvt_blk, nvt_idx);
599 }
600
601 /* Invalidate CAM line */
602 qw1w2_new = xive_set_field32(TM_QW1W2_VO, qw1w2, 0);
603 xive_tctx_set_os_cam(tctx, qw1w2_new);
604
605 xive_tctx_reset_signal(tctx, TM_QW1_OS);
606 return qw1w2;
607 }
608
xive_tctx_restore_nvp(XiveRouter * xrtr,XiveTCTX * tctx,uint8_t nvt_blk,uint32_t nvt_idx)609 static void xive_tctx_restore_nvp(XiveRouter *xrtr, XiveTCTX *tctx,
610 uint8_t nvt_blk, uint32_t nvt_idx)
611 {
612 XiveNVT nvt;
613 uint8_t ipb;
614
615 /*
616 * Grab the associated NVT to pull the pending bits, and merge
617 * them with the IPB of the thread interrupt context registers
618 */
619 if (xive_router_get_nvt(xrtr, nvt_blk, nvt_idx, &nvt)) {
620 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid NVT %x/%x\n",
621 nvt_blk, nvt_idx);
622 return;
623 }
624
625 ipb = xive_get_field32(NVT_W4_IPB, nvt.w4);
626
627 if (ipb) {
628 /* Reset the NVT value */
629 nvt.w4 = xive_set_field32(NVT_W4_IPB, nvt.w4, 0);
630 xive_router_write_nvt(xrtr, nvt_blk, nvt_idx, &nvt, 4);
631
632 uint8_t *regs = &tctx->regs[TM_QW1_OS];
633 regs[TM_IPB] |= ipb;
634 }
635 }
636
637 /*
638 * Updating the OS CAM line can trigger a resend of interrupt
639 */
xive_tm_push_os_ctx(XivePresenter * xptr,XiveTCTX * tctx,hwaddr offset,uint64_t value,unsigned size)640 static void xive_tm_push_os_ctx(XivePresenter *xptr, XiveTCTX *tctx,
641 hwaddr offset, uint64_t value, unsigned size)
642 {
643 uint32_t cam = value;
644 uint32_t qw1w2 = cpu_to_be32(cam);
645 uint8_t nvt_blk;
646 uint32_t nvt_idx;
647 bool vo;
648
649 xive_os_cam_decode(cam, &nvt_blk, &nvt_idx, &vo);
650
651 /* First update the registers */
652 xive_tctx_set_os_cam(tctx, qw1w2);
653
654 /* Check the interrupt pending bits */
655 if (vo) {
656 xive_tctx_restore_nvp(XIVE_ROUTER(xptr), tctx, nvt_blk, nvt_idx);
657
658 /*
659 * Always call xive_tctx_recompute_from_ipb(). Even if there were no
660 * escalation triggered, there could be a pending interrupt which
661 * was saved when the context was pulled and that we need to take
662 * into account by recalculating the PIPR (which is not
663 * saved/restored).
664 * It will also raise the External interrupt signal if needed.
665 */
666 xive_tctx_pipr_recompute_from_ipb(tctx, TM_QW1_OS); /* fxb */
667 }
668 }
669
xive_presenter_get_config(XivePresenter * xptr)670 static uint32_t xive_presenter_get_config(XivePresenter *xptr)
671 {
672 XivePresenterClass *xpc = XIVE_PRESENTER_GET_CLASS(xptr);
673
674 return xpc->get_config(xptr);
675 }
676
677 /*
678 * Define a mapping of "special" operations depending on the TIMA page
679 * offset and the size of the operation.
680 */
681 typedef struct XiveTmOp {
682 uint8_t page_offset;
683 uint32_t op_offset;
684 unsigned size;
685 bool hw_ok;
686 bool sw_ok;
687 void (*write_handler)(XivePresenter *xptr, XiveTCTX *tctx,
688 hwaddr offset,
689 uint64_t value, unsigned size);
690 uint64_t (*read_handler)(XivePresenter *xptr, XiveTCTX *tctx, hwaddr offset,
691 unsigned size);
692 } XiveTmOp;
693
694 static const XiveTmOp xive_tm_operations[] = {
695 /*
696 * MMIOs below 2K : raw values and special operations without side
697 * effects
698 */
699 { XIVE_TM_OS_PAGE, TM_QW1_OS + TM_CPPR, 1, true, true,
700 xive_tm_set_os_cppr, NULL },
701 { XIVE_TM_HV_PAGE, TM_QW1_OS + TM_WORD2, 4, true, true,
702 xive_tm_push_os_ctx, NULL },
703 { XIVE_TM_HV_PAGE, TM_QW3_HV_PHYS + TM_CPPR, 1, true, true,
704 xive_tm_set_hv_cppr, NULL },
705 { XIVE_TM_HV_PAGE, TM_QW3_HV_PHYS + TM_WORD2, 1, false, true,
706 xive_tm_vt_push, NULL },
707 { XIVE_TM_HV_PAGE, TM_QW3_HV_PHYS + TM_WORD2, 1, true, true,
708 NULL, xive_tm_vt_poll },
709
710 /* MMIOs above 2K : special operations with side effects */
711 { XIVE_TM_OS_PAGE, TM_SPC_ACK_OS_REG, 2, true, false,
712 NULL, xive_tm_ack_os_reg },
713 { XIVE_TM_OS_PAGE, TM_SPC_SET_OS_PENDING, 1, true, false,
714 xive_tm_set_os_pending, NULL },
715 { XIVE_TM_HV_PAGE, TM_SPC_PULL_OS_CTX, 4, true, false,
716 NULL, xive_tm_pull_os_ctx },
717 { XIVE_TM_HV_PAGE, TM_SPC_PULL_OS_CTX, 8, true, false,
718 NULL, xive_tm_pull_os_ctx },
719 { XIVE_TM_HV_PAGE, TM_SPC_ACK_HV_REG, 2, true, false,
720 NULL, xive_tm_ack_hv_reg },
721 { XIVE_TM_HV_PAGE, TM_SPC_PULL_POOL_CTX, 4, true, false,
722 NULL, xive_tm_pull_pool_ctx },
723 { XIVE_TM_HV_PAGE, TM_SPC_PULL_POOL_CTX, 8, true, false,
724 NULL, xive_tm_pull_pool_ctx },
725 { XIVE_TM_HV_PAGE, TM_SPC_PULL_PHYS_CTX, 1, true, false,
726 NULL, xive_tm_pull_phys_ctx },
727 };
728
729 static const XiveTmOp xive2_tm_operations[] = {
730 /*
731 * MMIOs below 2K : raw values and special operations without side
732 * effects
733 */
734 { XIVE_TM_OS_PAGE, TM_QW1_OS + TM_CPPR, 1, true, true,
735 xive2_tm_set_os_cppr, NULL },
736 { XIVE_TM_HV_PAGE, TM_QW1_OS + TM_WORD2, 4, true, true,
737 xive2_tm_push_os_ctx, NULL },
738 { XIVE_TM_HV_PAGE, TM_QW1_OS + TM_WORD2, 8, true, true,
739 xive2_tm_push_os_ctx, NULL },
740 { XIVE_TM_OS_PAGE, TM_QW1_OS + TM_LGS, 1, true, true,
741 xive_tm_set_os_lgs, NULL },
742 { XIVE_TM_HV_PAGE, TM_QW2_HV_POOL + TM_WORD2, 4, true, true,
743 xive2_tm_push_pool_ctx, NULL },
744 { XIVE_TM_HV_PAGE, TM_QW2_HV_POOL + TM_WORD2, 8, true, true,
745 xive2_tm_push_pool_ctx, NULL },
746 { XIVE_TM_HV_PAGE, TM_QW2_HV_POOL + TM_LGS, 1, true, true,
747 xive_tm_set_pool_lgs, NULL },
748 { XIVE_TM_HV_PAGE, TM_QW3_HV_PHYS + TM_CPPR, 1, true, true,
749 xive2_tm_set_hv_cppr, NULL },
750 { XIVE_TM_HV_PAGE, TM_QW3_HV_PHYS + TM_WORD2, 1, false, true,
751 xive2_tm_push_phys_ctx, NULL },
752 { XIVE_TM_HV_PAGE, TM_QW3_HV_PHYS + TM_WORD2, 1, true, true,
753 NULL, xive_tm_vt_poll },
754 { XIVE_TM_HV_PAGE, TM_QW3_HV_PHYS + TM_T, 1, true, true,
755 xive2_tm_set_hv_target, NULL },
756
757 /* MMIOs above 2K : special operations with side effects */
758 { XIVE_TM_OS_PAGE, TM_SPC_ACK_OS_REG, 2, true, false,
759 NULL, xive_tm_ack_os_reg },
760 { XIVE_TM_OS_PAGE, TM_SPC_SET_OS_PENDING, 1, true, false,
761 xive2_tm_set_os_pending, NULL },
762 { XIVE_TM_HV_PAGE, TM_SPC_PULL_OS_CTX_G2, 4, true, false,
763 NULL, xive2_tm_pull_os_ctx },
764 { XIVE_TM_HV_PAGE, TM_SPC_PULL_OS_CTX, 4, true, false,
765 NULL, xive2_tm_pull_os_ctx },
766 { XIVE_TM_HV_PAGE, TM_SPC_PULL_OS_CTX, 8, true, false,
767 NULL, xive2_tm_pull_os_ctx },
768 { XIVE_TM_HV_PAGE, TM_SPC_ACK_HV_REG, 2, true, false,
769 NULL, xive_tm_ack_hv_reg },
770 { XIVE_TM_HV_PAGE, TM_SPC_PULL_POOL_CTX_G2, 4, true, false,
771 NULL, xive2_tm_pull_pool_ctx },
772 { XIVE_TM_HV_PAGE, TM_SPC_PULL_POOL_CTX, 4, true, false,
773 NULL, xive2_tm_pull_pool_ctx },
774 { XIVE_TM_HV_PAGE, TM_SPC_PULL_POOL_CTX, 8, true, false,
775 NULL, xive2_tm_pull_pool_ctx },
776 { XIVE_TM_HV_PAGE, TM_SPC_PULL_OS_CTX_OL, 1, true, false,
777 xive2_tm_pull_os_ctx_ol, NULL },
778 { XIVE_TM_HV_PAGE, TM_SPC_PULL_PHYS_CTX_G2, 4, true, false,
779 NULL, xive2_tm_pull_phys_ctx },
780 { XIVE_TM_HV_PAGE, TM_SPC_PULL_PHYS_CTX, 1, true, false,
781 NULL, xive2_tm_pull_phys_ctx },
782 { XIVE_TM_HV_PAGE, TM_SPC_PULL_PHYS_CTX_OL, 1, true, false,
783 xive2_tm_pull_phys_ctx_ol, NULL },
784 { XIVE_TM_OS_PAGE, TM_SPC_ACK_OS_EL, 1, true, false,
785 xive2_tm_ack_os_el, NULL },
786 };
787
xive_tm_find_op(XivePresenter * xptr,hwaddr offset,unsigned size,bool write)788 static const XiveTmOp *xive_tm_find_op(XivePresenter *xptr, hwaddr offset,
789 unsigned size, bool write)
790 {
791 uint8_t page_offset = (offset >> TM_SHIFT) & 0x3;
792 uint32_t op_offset = offset & TM_ADDRESS_MASK;
793 const XiveTmOp *tm_ops;
794 int i, tm_ops_count;
795 uint32_t cfg;
796
797 cfg = xive_presenter_get_config(xptr);
798 if (cfg & XIVE_PRESENTER_GEN1_TIMA_OS) {
799 tm_ops = xive_tm_operations;
800 tm_ops_count = ARRAY_SIZE(xive_tm_operations);
801 } else {
802 tm_ops = xive2_tm_operations;
803 tm_ops_count = ARRAY_SIZE(xive2_tm_operations);
804 }
805
806 for (i = 0; i < tm_ops_count; i++) {
807 const XiveTmOp *xto = &tm_ops[i];
808
809 /* Accesses done from a more privileged TIMA page is allowed */
810 if (xto->page_offset >= page_offset &&
811 xto->op_offset == op_offset &&
812 xto->size == size &&
813 ((write && xto->write_handler) || (!write && xto->read_handler))) {
814 return xto;
815 }
816 }
817 return NULL;
818 }
819
820 /*
821 * TIMA MMIO handlers
822 */
xive_tctx_tm_write(XivePresenter * xptr,XiveTCTX * tctx,hwaddr offset,uint64_t value,unsigned size)823 void xive_tctx_tm_write(XivePresenter *xptr, XiveTCTX *tctx, hwaddr offset,
824 uint64_t value, unsigned size)
825 {
826 const XiveTmOp *xto;
827 uint8_t ring = offset & TM_RING_OFFSET;
828 bool is_valid = xive_ring_valid(tctx, ring);
829 bool hw_owned = is_valid;
830
831 trace_xive_tctx_tm_write(tctx->cs->cpu_index, offset, size, value);
832
833 /*
834 * First, check for special operations in the 2K region
835 */
836 xto = xive_tm_find_op(tctx->xptr, offset, size, true);
837 if (xto) {
838 if (hw_owned && !xto->hw_ok) {
839 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: undefined write to HW TIMA "
840 "@%"HWADDR_PRIx" size %d\n", offset, size);
841 }
842 if (!hw_owned && !xto->sw_ok) {
843 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: undefined write to SW TIMA "
844 "@%"HWADDR_PRIx" size %d\n", offset, size);
845 }
846 }
847
848 if (offset & TM_SPECIAL_OP) {
849 if (!xto) {
850 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid write access at TIMA "
851 "@%"HWADDR_PRIx" size %d\n", offset, size);
852 } else {
853 xto->write_handler(xptr, tctx, offset, value, size);
854 }
855 return;
856 }
857
858 /*
859 * Then, for special operations in the region below 2K.
860 */
861 if (xto) {
862 xto->write_handler(xptr, tctx, offset, value, size);
863 return;
864 }
865
866 /*
867 * Finish with raw access to the register values
868 */
869 if (hw_owned) {
870 /* Store context operations are dangerous when context is valid */
871 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: undefined write to HW TIMA "
872 "@%"HWADDR_PRIx" size %d\n", offset, size);
873 }
874 xive_tm_raw_write(tctx, offset, value, size);
875 }
876
xive_tctx_tm_read(XivePresenter * xptr,XiveTCTX * tctx,hwaddr offset,unsigned size)877 uint64_t xive_tctx_tm_read(XivePresenter *xptr, XiveTCTX *tctx, hwaddr offset,
878 unsigned size)
879 {
880 const XiveTmOp *xto;
881 uint8_t ring = offset & TM_RING_OFFSET;
882 bool is_valid = xive_ring_valid(tctx, ring);
883 bool hw_owned = is_valid;
884 uint64_t ret;
885
886 xto = xive_tm_find_op(tctx->xptr, offset, size, false);
887 if (xto) {
888 if (hw_owned && !xto->hw_ok) {
889 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: undefined read to HW TIMA "
890 "@%"HWADDR_PRIx" size %d\n", offset, size);
891 }
892 if (!hw_owned && !xto->sw_ok) {
893 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: undefined read to SW TIMA "
894 "@%"HWADDR_PRIx" size %d\n", offset, size);
895 }
896 }
897
898 /*
899 * First, check for special operations in the 2K region
900 */
901 if (offset & TM_SPECIAL_OP) {
902 if (!xto) {
903 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid read access to TIMA"
904 "@%"HWADDR_PRIx" size %d\n", offset, size);
905 return -1;
906 }
907 ret = xto->read_handler(xptr, tctx, offset, size);
908 goto out;
909 }
910
911 /*
912 * Then, for special operations in the region below 2K.
913 */
914 if (xto) {
915 ret = xto->read_handler(xptr, tctx, offset, size);
916 goto out;
917 }
918
919 /*
920 * Finish with raw access to the register values
921 */
922 ret = xive_tm_raw_read(tctx, offset, size);
923 out:
924 trace_xive_tctx_tm_read(tctx->cs->cpu_index, offset, size, ret);
925 return ret;
926 }
927
xive_tctx_ring_print(uint8_t * ring)928 static char *xive_tctx_ring_print(uint8_t *ring)
929 {
930 uint32_t w2 = xive_tctx_word2(ring);
931
932 return g_strdup_printf("%02x %02x %02x %02x %02x "
933 "%02x %02x %02x %08x",
934 ring[TM_NSR], ring[TM_CPPR], ring[TM_IPB], ring[TM_LSMFB],
935 ring[TM_ACK_CNT], ring[TM_INC], ring[TM_AGE], ring[TM_PIPR],
936 be32_to_cpu(w2));
937 }
938
939 static const char * const xive_tctx_ring_names[] = {
940 "USER", "OS", "POOL", "PHYS",
941 };
942
943 /*
944 * kvm_irqchip_in_kernel() will cause the compiler to turn this
945 * info a nop if CONFIG_KVM isn't defined.
946 */
947 #define xive_in_kernel(xptr) \
948 (kvm_irqchip_in_kernel() && \
949 ({ \
950 XivePresenterClass *xpc = XIVE_PRESENTER_GET_CLASS(xptr); \
951 xpc->in_kernel ? xpc->in_kernel(xptr) : false; \
952 }))
953
xive_tctx_pic_print_info(XiveTCTX * tctx,GString * buf)954 void xive_tctx_pic_print_info(XiveTCTX *tctx, GString *buf)
955 {
956 int cpu_index;
957 int i;
958
959 /* Skip partially initialized vCPUs. This can happen on sPAPR when vCPUs
960 * are hot plugged or unplugged.
961 */
962 if (!tctx) {
963 return;
964 }
965
966 cpu_index = tctx->cs ? tctx->cs->cpu_index : -1;
967
968 if (xive_in_kernel(tctx->xptr)) {
969 Error *local_err = NULL;
970
971 kvmppc_xive_cpu_synchronize_state(tctx, &local_err);
972 if (local_err) {
973 error_report_err(local_err);
974 return;
975 }
976 }
977
978 if (xive_presenter_get_config(tctx->xptr) & XIVE_PRESENTER_GEN1_TIMA_OS) {
979 g_string_append_printf(buf, "CPU[%04x]: "
980 "QW NSR CPPR IPB LSMFB ACK# INC AGE PIPR"
981 " W2\n", cpu_index);
982 } else {
983 g_string_append_printf(buf, "CPU[%04x]: "
984 "QW NSR CPPR IPB LSMFB - LGS T PIPR"
985 " W2\n", cpu_index);
986 }
987
988 for (i = 0; i < XIVE_TM_RING_COUNT; i++) {
989 char *s = xive_tctx_ring_print(&tctx->regs[i * XIVE_TM_RING_SIZE]);
990 g_string_append_printf(buf, "CPU[%04x]: %4s %s\n",
991 cpu_index, xive_tctx_ring_names[i], s);
992 g_free(s);
993 }
994 }
995
xive_tctx_reset(XiveTCTX * tctx)996 void xive_tctx_reset(XiveTCTX *tctx)
997 {
998 memset(tctx->regs, 0, sizeof(tctx->regs));
999
1000 /* Set some defaults */
1001 tctx->regs[TM_QW1_OS + TM_LSMFB] = 0xFF;
1002 tctx->regs[TM_QW1_OS + TM_ACK_CNT] = 0xFF;
1003 tctx->regs[TM_QW1_OS + TM_AGE] = 0xFF;
1004 if (!(xive_presenter_get_config(tctx->xptr) &
1005 XIVE_PRESENTER_GEN1_TIMA_OS)) {
1006 tctx->regs[TM_QW1_OS + TM_OGEN] = 2;
1007 }
1008
1009 /*
1010 * Initialize PIPR to 0xFF to avoid phantom interrupts when the
1011 * CPPR is first set.
1012 */
1013 tctx->regs[TM_QW1_OS + TM_PIPR] =
1014 xive_ipb_to_pipr(tctx->regs[TM_QW1_OS + TM_IPB]);
1015 tctx->regs[TM_QW3_HV_PHYS + TM_PIPR] =
1016 xive_ipb_to_pipr(tctx->regs[TM_QW3_HV_PHYS + TM_IPB]);
1017 }
1018
xive_tctx_realize(DeviceState * dev,Error ** errp)1019 static void xive_tctx_realize(DeviceState *dev, Error **errp)
1020 {
1021 XiveTCTX *tctx = XIVE_TCTX(dev);
1022 PowerPCCPU *cpu;
1023 CPUPPCState *env;
1024
1025 assert(tctx->cs);
1026 assert(tctx->xptr);
1027
1028 cpu = POWERPC_CPU(tctx->cs);
1029 env = &cpu->env;
1030 switch (PPC_INPUT(env)) {
1031 case PPC_FLAGS_INPUT_POWER9:
1032 tctx->hv_output = qdev_get_gpio_in(DEVICE(cpu), POWER9_INPUT_HINT);
1033 tctx->os_output = qdev_get_gpio_in(DEVICE(cpu), POWER9_INPUT_INT);
1034 break;
1035
1036 default:
1037 error_setg(errp, "XIVE interrupt controller does not support "
1038 "this CPU bus model");
1039 return;
1040 }
1041
1042 /* Connect the presenter to the VCPU (required for CPU hotplug) */
1043 if (xive_in_kernel(tctx->xptr)) {
1044 if (kvmppc_xive_cpu_connect(tctx, errp) < 0) {
1045 return;
1046 }
1047 }
1048 }
1049
vmstate_xive_tctx_pre_save(void * opaque)1050 static int vmstate_xive_tctx_pre_save(void *opaque)
1051 {
1052 XiveTCTX *tctx = XIVE_TCTX(opaque);
1053 Error *local_err = NULL;
1054 int ret;
1055
1056 if (xive_in_kernel(tctx->xptr)) {
1057 ret = kvmppc_xive_cpu_get_state(tctx, &local_err);
1058 if (ret < 0) {
1059 error_report_err(local_err);
1060 return ret;
1061 }
1062 }
1063
1064 return 0;
1065 }
1066
vmstate_xive_tctx_post_load(void * opaque,int version_id)1067 static int vmstate_xive_tctx_post_load(void *opaque, int version_id)
1068 {
1069 XiveTCTX *tctx = XIVE_TCTX(opaque);
1070 Error *local_err = NULL;
1071 int ret;
1072
1073 if (xive_in_kernel(tctx->xptr)) {
1074 /*
1075 * Required for hotplugged CPU, for which the state comes
1076 * after all states of the machine.
1077 */
1078 ret = kvmppc_xive_cpu_set_state(tctx, &local_err);
1079 if (ret < 0) {
1080 error_report_err(local_err);
1081 return ret;
1082 }
1083 }
1084
1085 return 0;
1086 }
1087
1088 static const VMStateDescription vmstate_xive_tctx = {
1089 .name = TYPE_XIVE_TCTX,
1090 .version_id = 1,
1091 .minimum_version_id = 1,
1092 .pre_save = vmstate_xive_tctx_pre_save,
1093 .post_load = vmstate_xive_tctx_post_load,
1094 .fields = (const VMStateField[]) {
1095 VMSTATE_BUFFER(regs, XiveTCTX),
1096 VMSTATE_END_OF_LIST()
1097 },
1098 };
1099
1100 static const Property xive_tctx_properties[] = {
1101 DEFINE_PROP_LINK("cpu", XiveTCTX, cs, TYPE_CPU, CPUState *),
1102 DEFINE_PROP_LINK("presenter", XiveTCTX, xptr, TYPE_XIVE_PRESENTER,
1103 XivePresenter *),
1104 };
1105
xive_tctx_class_init(ObjectClass * klass,const void * data)1106 static void xive_tctx_class_init(ObjectClass *klass, const void *data)
1107 {
1108 DeviceClass *dc = DEVICE_CLASS(klass);
1109
1110 dc->desc = "XIVE Interrupt Thread Context";
1111 dc->realize = xive_tctx_realize;
1112 dc->vmsd = &vmstate_xive_tctx;
1113 device_class_set_props(dc, xive_tctx_properties);
1114 /*
1115 * Reason: part of XIVE interrupt controller, needs to be wired up
1116 * by xive_tctx_create().
1117 */
1118 dc->user_creatable = false;
1119 }
1120
1121 static const TypeInfo xive_tctx_info = {
1122 .name = TYPE_XIVE_TCTX,
1123 .parent = TYPE_DEVICE,
1124 .instance_size = sizeof(XiveTCTX),
1125 .class_init = xive_tctx_class_init,
1126 };
1127
xive_tctx_create(Object * cpu,XivePresenter * xptr,Error ** errp)1128 Object *xive_tctx_create(Object *cpu, XivePresenter *xptr, Error **errp)
1129 {
1130 Object *obj;
1131
1132 obj = object_new(TYPE_XIVE_TCTX);
1133 object_property_add_child(cpu, TYPE_XIVE_TCTX, obj);
1134 object_unref(obj);
1135 object_property_set_link(obj, "cpu", cpu, &error_abort);
1136 object_property_set_link(obj, "presenter", OBJECT(xptr), &error_abort);
1137 if (!qdev_realize(DEVICE(obj), NULL, errp)) {
1138 object_unparent(obj);
1139 return NULL;
1140 }
1141 return obj;
1142 }
1143
xive_tctx_destroy(XiveTCTX * tctx)1144 void xive_tctx_destroy(XiveTCTX *tctx)
1145 {
1146 Object *obj = OBJECT(tctx);
1147
1148 object_unparent(obj);
1149 }
1150
1151 /*
1152 * XIVE ESB helpers
1153 */
1154
xive_esb_set(uint8_t * pq,uint8_t value)1155 uint8_t xive_esb_set(uint8_t *pq, uint8_t value)
1156 {
1157 uint8_t old_pq = *pq & 0x3;
1158
1159 *pq &= ~0x3;
1160 *pq |= value & 0x3;
1161
1162 return old_pq;
1163 }
1164
xive_esb_trigger(uint8_t * pq)1165 bool xive_esb_trigger(uint8_t *pq)
1166 {
1167 uint8_t old_pq = *pq & 0x3;
1168
1169 switch (old_pq) {
1170 case XIVE_ESB_RESET:
1171 xive_esb_set(pq, XIVE_ESB_PENDING);
1172 return true;
1173 case XIVE_ESB_PENDING:
1174 case XIVE_ESB_QUEUED:
1175 xive_esb_set(pq, XIVE_ESB_QUEUED);
1176 return false;
1177 case XIVE_ESB_OFF:
1178 xive_esb_set(pq, XIVE_ESB_OFF);
1179 return false;
1180 default:
1181 g_assert_not_reached();
1182 }
1183 }
1184
xive_esb_eoi(uint8_t * pq)1185 bool xive_esb_eoi(uint8_t *pq)
1186 {
1187 uint8_t old_pq = *pq & 0x3;
1188
1189 switch (old_pq) {
1190 case XIVE_ESB_RESET:
1191 case XIVE_ESB_PENDING:
1192 xive_esb_set(pq, XIVE_ESB_RESET);
1193 return false;
1194 case XIVE_ESB_QUEUED:
1195 xive_esb_set(pq, XIVE_ESB_PENDING);
1196 return true;
1197 case XIVE_ESB_OFF:
1198 xive_esb_set(pq, XIVE_ESB_OFF);
1199 return false;
1200 default:
1201 g_assert_not_reached();
1202 }
1203 }
1204
1205 /*
1206 * XIVE Interrupt Source (or IVSE)
1207 */
1208
xive_source_esb_get(XiveSource * xsrc,uint32_t srcno)1209 uint8_t xive_source_esb_get(XiveSource *xsrc, uint32_t srcno)
1210 {
1211 assert(srcno < xsrc->nr_irqs);
1212
1213 return xsrc->status[srcno] & 0x3;
1214 }
1215
xive_source_esb_set(XiveSource * xsrc,uint32_t srcno,uint8_t pq)1216 uint8_t xive_source_esb_set(XiveSource *xsrc, uint32_t srcno, uint8_t pq)
1217 {
1218 assert(srcno < xsrc->nr_irqs);
1219
1220 return xive_esb_set(&xsrc->status[srcno], pq);
1221 }
1222
1223 /*
1224 * Returns whether the event notification should be forwarded.
1225 */
xive_source_lsi_trigger(XiveSource * xsrc,uint32_t srcno)1226 static bool xive_source_lsi_trigger(XiveSource *xsrc, uint32_t srcno)
1227 {
1228 uint8_t old_pq = xive_source_esb_get(xsrc, srcno);
1229
1230 xive_source_set_asserted(xsrc, srcno, true);
1231
1232 switch (old_pq) {
1233 case XIVE_ESB_RESET:
1234 xive_source_esb_set(xsrc, srcno, XIVE_ESB_PENDING);
1235 return true;
1236 default:
1237 return false;
1238 }
1239 }
1240
1241 /*
1242 * Sources can be configured with PQ offloading in which case the check
1243 * on the PQ state bits of MSIs is disabled
1244 */
xive_source_esb_disabled(XiveSource * xsrc,uint32_t srcno)1245 static bool xive_source_esb_disabled(XiveSource *xsrc, uint32_t srcno)
1246 {
1247 return (xsrc->esb_flags & XIVE_SRC_PQ_DISABLE) &&
1248 !xive_source_irq_is_lsi(xsrc, srcno);
1249 }
1250
1251 /*
1252 * Returns whether the event notification should be forwarded.
1253 */
xive_source_esb_trigger(XiveSource * xsrc,uint32_t srcno)1254 static bool xive_source_esb_trigger(XiveSource *xsrc, uint32_t srcno)
1255 {
1256 bool ret;
1257
1258 assert(srcno < xsrc->nr_irqs);
1259
1260 if (xive_source_esb_disabled(xsrc, srcno)) {
1261 return true;
1262 }
1263
1264 ret = xive_esb_trigger(&xsrc->status[srcno]);
1265
1266 if (xive_source_irq_is_lsi(xsrc, srcno) &&
1267 xive_source_esb_get(xsrc, srcno) == XIVE_ESB_QUEUED) {
1268 qemu_log_mask(LOG_GUEST_ERROR,
1269 "XIVE: queued an event on LSI IRQ %d\n", srcno);
1270 }
1271
1272 return ret;
1273 }
1274
1275 /*
1276 * Returns whether the event notification should be forwarded.
1277 */
xive_source_esb_eoi(XiveSource * xsrc,uint32_t srcno)1278 static bool xive_source_esb_eoi(XiveSource *xsrc, uint32_t srcno)
1279 {
1280 bool ret;
1281
1282 assert(srcno < xsrc->nr_irqs);
1283
1284 if (xive_source_esb_disabled(xsrc, srcno)) {
1285 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid EOI for IRQ %d\n", srcno);
1286 return false;
1287 }
1288
1289 ret = xive_esb_eoi(&xsrc->status[srcno]);
1290
1291 /*
1292 * LSI sources do not set the Q bit but they can still be
1293 * asserted, in which case we should forward a new event
1294 * notification
1295 */
1296 if (xive_source_irq_is_lsi(xsrc, srcno) &&
1297 xive_source_is_asserted(xsrc, srcno)) {
1298 ret = xive_source_lsi_trigger(xsrc, srcno);
1299 }
1300
1301 return ret;
1302 }
1303
1304 /*
1305 * Forward the source event notification to the Router
1306 */
xive_source_notify(XiveSource * xsrc,int srcno)1307 static void xive_source_notify(XiveSource *xsrc, int srcno)
1308 {
1309 XiveNotifierClass *xnc = XIVE_NOTIFIER_GET_CLASS(xsrc->xive);
1310 bool pq_checked = !xive_source_esb_disabled(xsrc, srcno);
1311
1312 if (xnc->notify) {
1313 xnc->notify(xsrc->xive, srcno, pq_checked);
1314 }
1315 }
1316
1317 /*
1318 * In a two pages ESB MMIO setting, even page is the trigger page, odd
1319 * page is for management
1320 */
addr_is_even(hwaddr addr,uint32_t shift)1321 static inline bool addr_is_even(hwaddr addr, uint32_t shift)
1322 {
1323 return !((addr >> shift) & 1);
1324 }
1325
xive_source_is_trigger_page(XiveSource * xsrc,hwaddr addr)1326 static inline bool xive_source_is_trigger_page(XiveSource *xsrc, hwaddr addr)
1327 {
1328 return xive_source_esb_has_2page(xsrc) &&
1329 addr_is_even(addr, xsrc->esb_shift - 1);
1330 }
1331
1332 /*
1333 * ESB MMIO loads
1334 * Trigger page Management/EOI page
1335 *
1336 * ESB MMIO setting 2 pages 1 or 2 pages
1337 *
1338 * 0x000 .. 0x3FF -1 EOI and return 0|1
1339 * 0x400 .. 0x7FF -1 EOI and return 0|1
1340 * 0x800 .. 0xBFF -1 return PQ
1341 * 0xC00 .. 0xCFF -1 return PQ and atomically PQ=00
1342 * 0xD00 .. 0xDFF -1 return PQ and atomically PQ=01
1343 * 0xE00 .. 0xDFF -1 return PQ and atomically PQ=10
1344 * 0xF00 .. 0xDFF -1 return PQ and atomically PQ=11
1345 */
xive_source_esb_read(void * opaque,hwaddr addr,unsigned size)1346 static uint64_t xive_source_esb_read(void *opaque, hwaddr addr, unsigned size)
1347 {
1348 XiveSource *xsrc = XIVE_SOURCE(opaque);
1349 uint32_t offset = addr & 0xFFF;
1350 uint32_t srcno = addr >> xsrc->esb_shift;
1351 uint64_t ret = -1;
1352
1353 /* In a two pages ESB MMIO setting, trigger page should not be read */
1354 if (xive_source_is_trigger_page(xsrc, addr)) {
1355 qemu_log_mask(LOG_GUEST_ERROR,
1356 "XIVE: invalid load on IRQ %d trigger page at "
1357 "0x%"HWADDR_PRIx"\n", srcno, addr);
1358 return -1;
1359 }
1360
1361 switch (offset) {
1362 case XIVE_ESB_LOAD_EOI ... XIVE_ESB_LOAD_EOI + 0x7FF:
1363 ret = xive_source_esb_eoi(xsrc, srcno);
1364
1365 /* Forward the source event notification for routing */
1366 if (ret) {
1367 trace_xive_source_notify(srcno);
1368 xive_source_notify(xsrc, srcno);
1369 }
1370 break;
1371
1372 case XIVE_ESB_GET ... XIVE_ESB_GET + 0x3FF:
1373 ret = xive_source_esb_get(xsrc, srcno);
1374 break;
1375
1376 case XIVE_ESB_SET_PQ_00 ... XIVE_ESB_SET_PQ_00 + 0x0FF:
1377 case XIVE_ESB_SET_PQ_01 ... XIVE_ESB_SET_PQ_01 + 0x0FF:
1378 case XIVE_ESB_SET_PQ_10 ... XIVE_ESB_SET_PQ_10 + 0x0FF:
1379 case XIVE_ESB_SET_PQ_11 ... XIVE_ESB_SET_PQ_11 + 0x0FF:
1380 ret = xive_source_esb_set(xsrc, srcno, (offset >> 8) & 0x3);
1381 break;
1382 default:
1383 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid ESB load addr %x\n",
1384 offset);
1385 }
1386
1387 trace_xive_source_esb_read(addr, srcno, ret);
1388
1389 return ret;
1390 }
1391
1392 /*
1393 * ESB MMIO stores
1394 * Trigger page Management/EOI page
1395 *
1396 * ESB MMIO setting 2 pages 1 or 2 pages
1397 *
1398 * 0x000 .. 0x3FF Trigger Trigger
1399 * 0x400 .. 0x7FF Trigger EOI
1400 * 0x800 .. 0xBFF Trigger undefined
1401 * 0xC00 .. 0xCFF Trigger PQ=00
1402 * 0xD00 .. 0xDFF Trigger PQ=01
1403 * 0xE00 .. 0xDFF Trigger PQ=10
1404 * 0xF00 .. 0xDFF Trigger PQ=11
1405 */
xive_source_esb_write(void * opaque,hwaddr addr,uint64_t value,unsigned size)1406 static void xive_source_esb_write(void *opaque, hwaddr addr,
1407 uint64_t value, unsigned size)
1408 {
1409 XiveSource *xsrc = XIVE_SOURCE(opaque);
1410 uint32_t offset = addr & 0xFFF;
1411 uint32_t srcno = addr >> xsrc->esb_shift;
1412 bool notify = false;
1413
1414 trace_xive_source_esb_write(addr, srcno, value);
1415
1416 /* In a two pages ESB MMIO setting, trigger page only triggers */
1417 if (xive_source_is_trigger_page(xsrc, addr)) {
1418 notify = xive_source_esb_trigger(xsrc, srcno);
1419 goto out;
1420 }
1421
1422 switch (offset) {
1423 case 0 ... 0x3FF:
1424 notify = xive_source_esb_trigger(xsrc, srcno);
1425 break;
1426
1427 case XIVE_ESB_STORE_EOI ... XIVE_ESB_STORE_EOI + 0x3FF:
1428 if (!(xsrc->esb_flags & XIVE_SRC_STORE_EOI)) {
1429 qemu_log_mask(LOG_GUEST_ERROR,
1430 "XIVE: invalid Store EOI for IRQ %d\n", srcno);
1431 return;
1432 }
1433
1434 notify = xive_source_esb_eoi(xsrc, srcno);
1435 break;
1436
1437 /*
1438 * This is an internal offset used to inject triggers when the PQ
1439 * state bits are not controlled locally. Such as for LSIs when
1440 * under ABT mode.
1441 */
1442 case XIVE_ESB_INJECT ... XIVE_ESB_INJECT + 0x3FF:
1443 notify = true;
1444 break;
1445
1446 case XIVE_ESB_SET_PQ_00 ... XIVE_ESB_SET_PQ_00 + 0x0FF:
1447 case XIVE_ESB_SET_PQ_01 ... XIVE_ESB_SET_PQ_01 + 0x0FF:
1448 case XIVE_ESB_SET_PQ_10 ... XIVE_ESB_SET_PQ_10 + 0x0FF:
1449 case XIVE_ESB_SET_PQ_11 ... XIVE_ESB_SET_PQ_11 + 0x0FF:
1450 xive_source_esb_set(xsrc, srcno, (offset >> 8) & 0x3);
1451 break;
1452
1453 default:
1454 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid ESB write addr %x\n",
1455 offset);
1456 return;
1457 }
1458
1459 out:
1460 /* Forward the source event notification for routing */
1461 if (notify) {
1462 xive_source_notify(xsrc, srcno);
1463 } else {
1464 trace_xive_source_blocked(srcno);
1465 }
1466 }
1467
1468 static const MemoryRegionOps xive_source_esb_ops = {
1469 .read = xive_source_esb_read,
1470 .write = xive_source_esb_write,
1471 .endianness = DEVICE_BIG_ENDIAN,
1472 .valid = {
1473 .min_access_size = 1,
1474 .max_access_size = 8,
1475 },
1476 .impl = {
1477 .min_access_size = 1,
1478 .max_access_size = 8,
1479 },
1480 };
1481
xive_source_set_irq(void * opaque,int srcno,int val)1482 void xive_source_set_irq(void *opaque, int srcno, int val)
1483 {
1484 XiveSource *xsrc = XIVE_SOURCE(opaque);
1485 bool notify = false;
1486
1487 if (xive_source_irq_is_lsi(xsrc, srcno)) {
1488 if (val) {
1489 notify = xive_source_lsi_trigger(xsrc, srcno);
1490 } else {
1491 xive_source_set_asserted(xsrc, srcno, false);
1492 }
1493 } else {
1494 if (val) {
1495 notify = xive_source_esb_trigger(xsrc, srcno);
1496 }
1497 }
1498
1499 /* Forward the source event notification for routing */
1500 if (notify) {
1501 xive_source_notify(xsrc, srcno);
1502 }
1503 }
1504
xive_source_pic_print_info(XiveSource * xsrc,uint32_t offset,GString * buf)1505 void xive_source_pic_print_info(XiveSource *xsrc, uint32_t offset, GString *buf)
1506 {
1507 for (unsigned i = 0; i < xsrc->nr_irqs; i++) {
1508 uint8_t pq = xive_source_esb_get(xsrc, i);
1509
1510 if (pq == XIVE_ESB_OFF) {
1511 continue;
1512 }
1513
1514 g_string_append_printf(buf, " %08x %s %c%c%c\n", i + offset,
1515 xive_source_irq_is_lsi(xsrc, i) ? "LSI" : "MSI",
1516 pq & XIVE_ESB_VAL_P ? 'P' : '-',
1517 pq & XIVE_ESB_VAL_Q ? 'Q' : '-',
1518 xive_source_is_asserted(xsrc, i) ? 'A' : ' ');
1519 }
1520 }
1521
xive_source_reset(void * dev)1522 static void xive_source_reset(void *dev)
1523 {
1524 XiveSource *xsrc = XIVE_SOURCE(dev);
1525
1526 /* Do not clear the LSI bitmap */
1527
1528 memset(xsrc->status, xsrc->reset_pq, xsrc->nr_irqs);
1529 }
1530
xive_source_realize(DeviceState * dev,Error ** errp)1531 static void xive_source_realize(DeviceState *dev, Error **errp)
1532 {
1533 XiveSource *xsrc = XIVE_SOURCE(dev);
1534 uint64_t esb_len = xive_source_esb_len(xsrc);
1535
1536 assert(xsrc->xive);
1537
1538 if (!xsrc->nr_irqs) {
1539 error_setg(errp, "Number of interrupt needs to be greater than 0");
1540 return;
1541 }
1542
1543 if (xsrc->esb_shift != XIVE_ESB_4K &&
1544 xsrc->esb_shift != XIVE_ESB_4K_2PAGE &&
1545 xsrc->esb_shift != XIVE_ESB_64K &&
1546 xsrc->esb_shift != XIVE_ESB_64K_2PAGE) {
1547 error_setg(errp, "Invalid ESB shift setting");
1548 return;
1549 }
1550
1551 xsrc->status = g_malloc0(xsrc->nr_irqs);
1552 xsrc->lsi_map = bitmap_new(xsrc->nr_irqs);
1553
1554 memory_region_init(&xsrc->esb_mmio, OBJECT(xsrc), "xive.esb", esb_len);
1555 memory_region_init_io(&xsrc->esb_mmio_emulated, OBJECT(xsrc),
1556 &xive_source_esb_ops, xsrc, "xive.esb-emulated",
1557 esb_len);
1558 memory_region_add_subregion(&xsrc->esb_mmio, 0, &xsrc->esb_mmio_emulated);
1559
1560 qemu_register_reset(xive_source_reset, dev);
1561 }
1562
1563 static const VMStateDescription vmstate_xive_source = {
1564 .name = TYPE_XIVE_SOURCE,
1565 .version_id = 1,
1566 .minimum_version_id = 1,
1567 .fields = (const VMStateField[]) {
1568 VMSTATE_UINT32_EQUAL(nr_irqs, XiveSource, NULL),
1569 VMSTATE_VBUFFER_UINT32(status, XiveSource, 1, NULL, nr_irqs),
1570 VMSTATE_END_OF_LIST()
1571 },
1572 };
1573
1574 /*
1575 * The default XIVE interrupt source setting for the ESB MMIOs is two
1576 * 64k pages without Store EOI, to be in sync with KVM.
1577 */
1578 static const Property xive_source_properties[] = {
1579 DEFINE_PROP_UINT64("flags", XiveSource, esb_flags, 0),
1580 DEFINE_PROP_UINT32("nr-irqs", XiveSource, nr_irqs, 0),
1581 DEFINE_PROP_UINT32("shift", XiveSource, esb_shift, XIVE_ESB_64K_2PAGE),
1582 /*
1583 * By default, PQs are initialized to 0b01 (Q=1) which corresponds
1584 * to "ints off"
1585 */
1586 DEFINE_PROP_UINT8("reset-pq", XiveSource, reset_pq, XIVE_ESB_OFF),
1587 DEFINE_PROP_LINK("xive", XiveSource, xive, TYPE_XIVE_NOTIFIER,
1588 XiveNotifier *),
1589 };
1590
xive_source_class_init(ObjectClass * klass,const void * data)1591 static void xive_source_class_init(ObjectClass *klass, const void *data)
1592 {
1593 DeviceClass *dc = DEVICE_CLASS(klass);
1594
1595 dc->desc = "XIVE Interrupt Source";
1596 device_class_set_props(dc, xive_source_properties);
1597 dc->realize = xive_source_realize;
1598 dc->vmsd = &vmstate_xive_source;
1599 /*
1600 * Reason: part of XIVE interrupt controller, needs to be wired up,
1601 * e.g. by spapr_xive_instance_init().
1602 */
1603 dc->user_creatable = false;
1604 }
1605
1606 static const TypeInfo xive_source_info = {
1607 .name = TYPE_XIVE_SOURCE,
1608 .parent = TYPE_DEVICE,
1609 .instance_size = sizeof(XiveSource),
1610 .class_init = xive_source_class_init,
1611 };
1612
1613 /*
1614 * XiveEND helpers
1615 */
1616
xive_end_queue_pic_print_info(XiveEND * end,uint32_t width,GString * buf)1617 void xive_end_queue_pic_print_info(XiveEND *end, uint32_t width, GString *buf)
1618 {
1619 uint64_t qaddr_base = xive_end_qaddr(end);
1620 uint32_t qsize = xive_get_field32(END_W0_QSIZE, end->w0);
1621 uint32_t qindex = xive_get_field32(END_W1_PAGE_OFF, end->w1);
1622 uint32_t qentries = 1 << (qsize + 10);
1623 int i;
1624
1625 /*
1626 * print out the [ (qindex - (width - 1)) .. (qindex + 1)] window
1627 */
1628 g_string_append_printf(buf, " [ ");
1629 qindex = (qindex - (width - 1)) & (qentries - 1);
1630 for (i = 0; i < width; i++) {
1631 uint64_t qaddr = qaddr_base + (qindex << 2);
1632 uint32_t qdata = -1;
1633
1634 if (dma_memory_read(&address_space_memory, qaddr,
1635 &qdata, sizeof(qdata), MEMTXATTRS_UNSPECIFIED)) {
1636 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: failed to read EQ @0x%"
1637 HWADDR_PRIx "\n", qaddr);
1638 return;
1639 }
1640 g_string_append_printf(buf, "%s%08x ", i == width - 1 ? "^" : "",
1641 be32_to_cpu(qdata));
1642 qindex = (qindex + 1) & (qentries - 1);
1643 }
1644 g_string_append_c(buf, ']');
1645 }
1646
xive_end_pic_print_info(XiveEND * end,uint32_t end_idx,GString * buf)1647 void xive_end_pic_print_info(XiveEND *end, uint32_t end_idx, GString *buf)
1648 {
1649 uint64_t qaddr_base = xive_end_qaddr(end);
1650 uint32_t qindex = xive_get_field32(END_W1_PAGE_OFF, end->w1);
1651 uint32_t qgen = xive_get_field32(END_W1_GENERATION, end->w1);
1652 uint32_t qsize = xive_get_field32(END_W0_QSIZE, end->w0);
1653 uint32_t qentries = 1 << (qsize + 10);
1654
1655 uint32_t nvt_blk = xive_get_field32(END_W6_NVT_BLOCK, end->w6);
1656 uint32_t nvt_idx = xive_get_field32(END_W6_NVT_INDEX, end->w6);
1657 uint8_t priority = xive_get_field32(END_W7_F0_PRIORITY, end->w7);
1658 uint8_t pq;
1659
1660 if (!xive_end_is_valid(end)) {
1661 return;
1662 }
1663
1664 pq = xive_get_field32(END_W1_ESn, end->w1);
1665
1666 g_string_append_printf(buf,
1667 " %08x %c%c %c%c%c%c%c%c%c%c prio:%d nvt:%02x/%04x",
1668 end_idx,
1669 pq & XIVE_ESB_VAL_P ? 'P' : '-',
1670 pq & XIVE_ESB_VAL_Q ? 'Q' : '-',
1671 xive_end_is_valid(end) ? 'v' : '-',
1672 xive_end_is_enqueue(end) ? 'q' : '-',
1673 xive_end_is_notify(end) ? 'n' : '-',
1674 xive_end_is_backlog(end) ? 'b' : '-',
1675 xive_end_is_escalate(end) ? 'e' : '-',
1676 xive_end_is_uncond_escalation(end) ? 'u' : '-',
1677 xive_end_is_silent_escalation(end) ? 's' : '-',
1678 xive_end_is_firmware(end) ? 'f' : '-',
1679 priority, nvt_blk, nvt_idx);
1680
1681 if (qaddr_base) {
1682 g_string_append_printf(buf, " eq:@%08"PRIx64"% 6d/%5d ^%d",
1683 qaddr_base, qindex, qentries, qgen);
1684 xive_end_queue_pic_print_info(end, 6, buf);
1685 }
1686 g_string_append_c(buf, '\n');
1687 }
1688
xive_end_enqueue(XiveEND * end,uint32_t data)1689 static void xive_end_enqueue(XiveEND *end, uint32_t data)
1690 {
1691 uint64_t qaddr_base = xive_end_qaddr(end);
1692 uint32_t qsize = xive_get_field32(END_W0_QSIZE, end->w0);
1693 uint32_t qindex = xive_get_field32(END_W1_PAGE_OFF, end->w1);
1694 uint32_t qgen = xive_get_field32(END_W1_GENERATION, end->w1);
1695
1696 uint64_t qaddr = qaddr_base + (qindex << 2);
1697 uint32_t qdata = cpu_to_be32((qgen << 31) | (data & 0x7fffffff));
1698 uint32_t qentries = 1 << (qsize + 10);
1699
1700 if (dma_memory_write(&address_space_memory, qaddr,
1701 &qdata, sizeof(qdata), MEMTXATTRS_UNSPECIFIED)) {
1702 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: failed to write END data @0x%"
1703 HWADDR_PRIx "\n", qaddr);
1704 return;
1705 }
1706
1707 qindex = (qindex + 1) & (qentries - 1);
1708 if (qindex == 0) {
1709 qgen ^= 1;
1710 end->w1 = xive_set_field32(END_W1_GENERATION, end->w1, qgen);
1711 }
1712 end->w1 = xive_set_field32(END_W1_PAGE_OFF, end->w1, qindex);
1713 }
1714
xive_end_eas_pic_print_info(XiveEND * end,uint32_t end_idx,GString * buf)1715 void xive_end_eas_pic_print_info(XiveEND *end, uint32_t end_idx, GString *buf)
1716 {
1717 XiveEAS *eas = (XiveEAS *) &end->w4;
1718 uint8_t pq;
1719
1720 if (!xive_end_is_escalate(end)) {
1721 return;
1722 }
1723
1724 pq = xive_get_field32(END_W1_ESe, end->w1);
1725
1726 g_string_append_printf(buf, " %08x %c%c %c%c end:%02x/%04x data:%08x\n",
1727 end_idx,
1728 pq & XIVE_ESB_VAL_P ? 'P' : '-',
1729 pq & XIVE_ESB_VAL_Q ? 'Q' : '-',
1730 xive_eas_is_valid(eas) ? 'V' : ' ',
1731 xive_eas_is_masked(eas) ? 'M' : ' ',
1732 (uint8_t) xive_get_field64(EAS_END_BLOCK, eas->w),
1733 (uint32_t) xive_get_field64(EAS_END_INDEX, eas->w),
1734 (uint32_t) xive_get_field64(EAS_END_DATA, eas->w));
1735 }
1736
1737 /*
1738 * XIVE Router (aka. Virtualization Controller or IVRE)
1739 */
1740
xive_router_get_eas(XiveRouter * xrtr,uint8_t eas_blk,uint32_t eas_idx,XiveEAS * eas)1741 int xive_router_get_eas(XiveRouter *xrtr, uint8_t eas_blk, uint32_t eas_idx,
1742 XiveEAS *eas)
1743 {
1744 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr);
1745
1746 return xrc->get_eas(xrtr, eas_blk, eas_idx, eas);
1747 }
1748
1749 static
xive_router_get_pq(XiveRouter * xrtr,uint8_t eas_blk,uint32_t eas_idx,uint8_t * pq)1750 int xive_router_get_pq(XiveRouter *xrtr, uint8_t eas_blk, uint32_t eas_idx,
1751 uint8_t *pq)
1752 {
1753 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr);
1754
1755 return xrc->get_pq(xrtr, eas_blk, eas_idx, pq);
1756 }
1757
1758 static
xive_router_set_pq(XiveRouter * xrtr,uint8_t eas_blk,uint32_t eas_idx,uint8_t * pq)1759 int xive_router_set_pq(XiveRouter *xrtr, uint8_t eas_blk, uint32_t eas_idx,
1760 uint8_t *pq)
1761 {
1762 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr);
1763
1764 return xrc->set_pq(xrtr, eas_blk, eas_idx, pq);
1765 }
1766
xive_router_get_end(XiveRouter * xrtr,uint8_t end_blk,uint32_t end_idx,XiveEND * end)1767 int xive_router_get_end(XiveRouter *xrtr, uint8_t end_blk, uint32_t end_idx,
1768 XiveEND *end)
1769 {
1770 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr);
1771
1772 return xrc->get_end(xrtr, end_blk, end_idx, end);
1773 }
1774
xive_router_write_end(XiveRouter * xrtr,uint8_t end_blk,uint32_t end_idx,XiveEND * end,uint8_t word_number)1775 int xive_router_write_end(XiveRouter *xrtr, uint8_t end_blk, uint32_t end_idx,
1776 XiveEND *end, uint8_t word_number)
1777 {
1778 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr);
1779
1780 return xrc->write_end(xrtr, end_blk, end_idx, end, word_number);
1781 }
1782
xive_router_get_nvt(XiveRouter * xrtr,uint8_t nvt_blk,uint32_t nvt_idx,XiveNVT * nvt)1783 int xive_router_get_nvt(XiveRouter *xrtr, uint8_t nvt_blk, uint32_t nvt_idx,
1784 XiveNVT *nvt)
1785 {
1786 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr);
1787
1788 return xrc->get_nvt(xrtr, nvt_blk, nvt_idx, nvt);
1789 }
1790
xive_router_write_nvt(XiveRouter * xrtr,uint8_t nvt_blk,uint32_t nvt_idx,XiveNVT * nvt,uint8_t word_number)1791 int xive_router_write_nvt(XiveRouter *xrtr, uint8_t nvt_blk, uint32_t nvt_idx,
1792 XiveNVT *nvt, uint8_t word_number)
1793 {
1794 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr);
1795
1796 return xrc->write_nvt(xrtr, nvt_blk, nvt_idx, nvt, word_number);
1797 }
1798
xive_router_get_block_id(XiveRouter * xrtr)1799 static int xive_router_get_block_id(XiveRouter *xrtr)
1800 {
1801 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr);
1802
1803 return xrc->get_block_id(xrtr);
1804 }
1805
xive_router_realize(DeviceState * dev,Error ** errp)1806 static void xive_router_realize(DeviceState *dev, Error **errp)
1807 {
1808 XiveRouter *xrtr = XIVE_ROUTER(dev);
1809
1810 assert(xrtr->xfb);
1811 }
1812
xive_router_end_notify_handler(XiveRouter * xrtr,XiveEAS * eas)1813 static void xive_router_end_notify_handler(XiveRouter *xrtr, XiveEAS *eas)
1814 {
1815 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr);
1816
1817 return xrc->end_notify(xrtr, eas);
1818 }
1819
1820 /*
1821 * Encode the HW CAM line in the block group mode format :
1822 *
1823 * chip << 19 | 0000000 0 0001 thread (7Bit)
1824 */
xive_tctx_hw_cam_line(XivePresenter * xptr,XiveTCTX * tctx)1825 static uint32_t xive_tctx_hw_cam_line(XivePresenter *xptr, XiveTCTX *tctx)
1826 {
1827 CPUPPCState *env = &POWERPC_CPU(tctx->cs)->env;
1828 uint32_t pir = env->spr_cb[SPR_PIR].default_value;
1829 uint8_t blk = xive_router_get_block_id(XIVE_ROUTER(xptr));
1830
1831 return xive_nvt_cam_line(blk, 1 << 7 | (pir & 0x7f));
1832 }
1833
xive_get_vpgroup_size(uint32_t nvp_index)1834 uint32_t xive_get_vpgroup_size(uint32_t nvp_index)
1835 {
1836 /*
1837 * Group size is a power of 2. The position of the first 0
1838 * (starting with the least significant bits) in the NVP index
1839 * gives the size of the group.
1840 */
1841 int first_zero = cto32(nvp_index);
1842 if (first_zero >= 31) {
1843 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Invalid group index 0x%08x",
1844 nvp_index);
1845 return 0;
1846 }
1847
1848 return 1U << (first_zero + 1);
1849 }
1850
xive_get_group_level(bool crowd,bool ignore,uint32_t nvp_blk,uint32_t nvp_index)1851 uint8_t xive_get_group_level(bool crowd, bool ignore,
1852 uint32_t nvp_blk, uint32_t nvp_index)
1853 {
1854 int first_zero;
1855 uint8_t level;
1856
1857 if (!ignore) {
1858 g_assert(!crowd);
1859 return 0;
1860 }
1861
1862 first_zero = cto32(nvp_index);
1863 if (first_zero >= 31) {
1864 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Invalid group index 0x%08x",
1865 nvp_index);
1866 return 0;
1867 }
1868
1869 level = (first_zero + 1) & 0b1111;
1870 if (crowd) {
1871 uint32_t blk;
1872
1873 /* crowd level is bit position of first 0 from the right in nvp_blk */
1874 first_zero = cto32(nvp_blk);
1875 if (first_zero >= 31) {
1876 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Invalid crowd block 0x%08x",
1877 nvp_blk);
1878 return 0;
1879 }
1880 blk = first_zero + 1;
1881
1882 /*
1883 * Supported crowd sizes are 2^1, 2^2, and 2^4. 2^3 is not supported.
1884 * HW will encode level 4 as the value 3. See xive2_pgofnext().
1885 */
1886 switch (blk) {
1887 case 1:
1888 case 2:
1889 break;
1890 case 4:
1891 blk = 3;
1892 break;
1893 default:
1894 g_assert_not_reached();
1895 }
1896
1897 /* Crowd level bits reside in upper 2 bits of the 6 bit group level */
1898 level |= blk << 4;
1899 }
1900 return level;
1901 }
1902
1903 /*
1904 * The thread context register words are in big-endian format.
1905 */
xive_presenter_tctx_match(XivePresenter * xptr,XiveTCTX * tctx,uint8_t format,uint8_t nvt_blk,uint32_t nvt_idx,bool cam_ignore,uint32_t logic_serv)1906 int xive_presenter_tctx_match(XivePresenter *xptr, XiveTCTX *tctx,
1907 uint8_t format,
1908 uint8_t nvt_blk, uint32_t nvt_idx,
1909 bool cam_ignore, uint32_t logic_serv)
1910 {
1911 uint32_t cam = xive_nvt_cam_line(nvt_blk, nvt_idx);
1912 uint32_t qw3w2 = xive_tctx_word2(&tctx->regs[TM_QW3_HV_PHYS]);
1913 uint32_t qw2w2 = xive_tctx_word2(&tctx->regs[TM_QW2_HV_POOL]);
1914 uint32_t qw1w2 = xive_tctx_word2(&tctx->regs[TM_QW1_OS]);
1915 uint32_t qw0w2 = xive_tctx_word2(&tctx->regs[TM_QW0_USER]);
1916
1917 /*
1918 * TODO (PowerNV): ignore mode. The low order bits of the NVT
1919 * identifier are ignored in the "CAM" match.
1920 */
1921
1922 if (format == 0) {
1923 if (cam_ignore == true) {
1924 /*
1925 * F=0 & i=1: Logical server notification (bits ignored at
1926 * the end of the NVT identifier)
1927 */
1928 qemu_log_mask(LOG_UNIMP, "XIVE: no support for LS NVT %x/%x\n",
1929 nvt_blk, nvt_idx);
1930 return -1;
1931 }
1932
1933 /* F=0 & i=0: Specific NVT notification */
1934
1935 /* PHYS ring */
1936 if ((be32_to_cpu(qw3w2) & TM_QW3W2_VT) &&
1937 cam == xive_tctx_hw_cam_line(xptr, tctx)) {
1938 return TM_QW3_HV_PHYS;
1939 }
1940
1941 /* HV POOL ring */
1942 if ((be32_to_cpu(qw2w2) & TM_QW2W2_VP) &&
1943 cam == xive_get_field32(TM_QW2W2_POOL_CAM, qw2w2)) {
1944 return TM_QW2_HV_POOL;
1945 }
1946
1947 /* OS ring */
1948 if ((be32_to_cpu(qw1w2) & TM_QW1W2_VO) &&
1949 cam == xive_get_field32(TM_QW1W2_OS_CAM, qw1w2)) {
1950 return TM_QW1_OS;
1951 }
1952 } else {
1953 /* F=1 : User level Event-Based Branch (EBB) notification */
1954
1955 /* USER ring */
1956 if ((be32_to_cpu(qw1w2) & TM_QW1W2_VO) &&
1957 (cam == xive_get_field32(TM_QW1W2_OS_CAM, qw1w2)) &&
1958 (be32_to_cpu(qw0w2) & TM_QW0W2_VU) &&
1959 (logic_serv == xive_get_field32(TM_QW0W2_LOGIC_SERV, qw0w2))) {
1960 return TM_QW0_USER;
1961 }
1962 }
1963 return -1;
1964 }
1965
1966 /*
1967 * This is our simple Xive Presenter Engine model. It is merged in the
1968 * Router as it does not require an extra object.
1969 */
xive_presenter_match(XiveFabric * xfb,uint8_t format,uint8_t nvt_blk,uint32_t nvt_idx,bool crowd,bool cam_ignore,uint8_t priority,uint32_t logic_serv,XiveTCTXMatch * match)1970 bool xive_presenter_match(XiveFabric *xfb, uint8_t format,
1971 uint8_t nvt_blk, uint32_t nvt_idx,
1972 bool crowd, bool cam_ignore, uint8_t priority,
1973 uint32_t logic_serv, XiveTCTXMatch *match)
1974 {
1975 XiveFabricClass *xfc = XIVE_FABRIC_GET_CLASS(xfb);
1976
1977 memset(match, 0, sizeof(*match));
1978
1979 /*
1980 * Ask the machine to scan the interrupt controllers for a match.
1981 *
1982 * For VP-specific notification, we expect at most one match and
1983 * one call to the presenters is all we need (abbreviated notify
1984 * sequence documented by the architecture).
1985 *
1986 * For VP-group notification, match_nvt() is the equivalent of the
1987 * "histogram" and "poll" commands sent to the power bus to the
1988 * presenters. 'count' could be more than one, but we always
1989 * select the first match for now. 'precluded' tells if (at least)
1990 * one thread matches but can't take the interrupt now because
1991 * it's running at a more favored priority. We return the
1992 * information to the router so that it can take appropriate
1993 * actions (backlog, escalation, broadcast, etc...)
1994 *
1995 * If we were to implement a better way of dispatching the
1996 * interrupt in case of multiple matches (instead of the first
1997 * match), we would need a heuristic to elect a thread (for
1998 * example, the hardware keeps track of an 'age' in the TIMA) and
1999 * a new command to the presenters (the equivalent of the "assign"
2000 * power bus command in the documented full notify sequence.
2001 */
2002 return xfc->match_nvt(xfb, format, nvt_blk, nvt_idx, crowd, cam_ignore,
2003 priority, logic_serv, match);
2004 }
2005
2006 /*
2007 * Notification using the END ESe/ESn bit (Event State Buffer for
2008 * escalation and notification). Provide further coalescing in the
2009 * Router.
2010 */
xive_router_end_es_notify(XiveRouter * xrtr,uint8_t end_blk,uint32_t end_idx,XiveEND * end,uint32_t end_esmask)2011 static bool xive_router_end_es_notify(XiveRouter *xrtr, uint8_t end_blk,
2012 uint32_t end_idx, XiveEND *end,
2013 uint32_t end_esmask)
2014 {
2015 uint8_t pq = xive_get_field32(end_esmask, end->w1);
2016 bool notify = xive_esb_trigger(&pq);
2017
2018 if (pq != xive_get_field32(end_esmask, end->w1)) {
2019 end->w1 = xive_set_field32(end_esmask, end->w1, pq);
2020 xive_router_write_end(xrtr, end_blk, end_idx, end, 1);
2021 }
2022
2023 /* ESe/n[Q]=1 : end of notification */
2024 return notify;
2025 }
2026
2027 /*
2028 * An END trigger can come from an event trigger (IPI or HW) or from
2029 * another chip. We don't model the PowerBus but the END trigger
2030 * message has the same parameters than in the function below.
2031 */
xive_router_end_notify(XiveRouter * xrtr,XiveEAS * eas)2032 void xive_router_end_notify(XiveRouter *xrtr, XiveEAS *eas)
2033 {
2034 XiveEND end;
2035 uint8_t priority;
2036 uint8_t format;
2037 uint8_t nvt_blk;
2038 uint32_t nvt_idx;
2039 XiveNVT nvt;
2040 XiveTCTXMatch match;
2041
2042 uint8_t end_blk = xive_get_field64(EAS_END_BLOCK, eas->w);
2043 uint32_t end_idx = xive_get_field64(EAS_END_INDEX, eas->w);
2044 uint32_t end_data = xive_get_field64(EAS_END_DATA, eas->w);
2045
2046 /* END cache lookup */
2047 if (xive_router_get_end(xrtr, end_blk, end_idx, &end)) {
2048 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: No END %x/%x\n", end_blk,
2049 end_idx);
2050 return;
2051 }
2052
2053 if (!xive_end_is_valid(&end)) {
2054 trace_xive_router_end_notify(end_blk, end_idx, end_data);
2055 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: END %x/%x is invalid\n",
2056 end_blk, end_idx);
2057 return;
2058 }
2059
2060 if (xive_end_is_enqueue(&end)) {
2061 xive_end_enqueue(&end, end_data);
2062 /* Enqueuing event data modifies the EQ toggle and index */
2063 xive_router_write_end(xrtr, end_blk, end_idx, &end, 1);
2064 }
2065
2066 /*
2067 * When the END is silent, we skip the notification part.
2068 */
2069 if (xive_end_is_silent_escalation(&end)) {
2070 goto do_escalation;
2071 }
2072
2073 /*
2074 * The W7 format depends on the F bit in W6. It defines the type
2075 * of the notification :
2076 *
2077 * F=0 : single or multiple NVT notification
2078 * F=1 : User level Event-Based Branch (EBB) notification, no
2079 * priority
2080 */
2081 format = xive_get_field32(END_W6_FORMAT_BIT, end.w6);
2082 priority = xive_get_field32(END_W7_F0_PRIORITY, end.w7);
2083
2084 /* The END is masked */
2085 if (format == 0 && priority == 0xff) {
2086 return;
2087 }
2088
2089 /*
2090 * Check the END ESn (Event State Buffer for notification) for
2091 * even further coalescing in the Router
2092 */
2093 if (!xive_end_is_notify(&end)) {
2094 /* ESn[Q]=1 : end of notification */
2095 if (!xive_router_end_es_notify(xrtr, end_blk, end_idx,
2096 &end, END_W1_ESn)) {
2097 return;
2098 }
2099 }
2100
2101 /*
2102 * Follows IVPE notification
2103 */
2104 nvt_blk = xive_get_field32(END_W6_NVT_BLOCK, end.w6);
2105 nvt_idx = xive_get_field32(END_W6_NVT_INDEX, end.w6);
2106
2107 /* NVT cache lookup */
2108 if (xive_router_get_nvt(xrtr, nvt_blk, nvt_idx, &nvt)) {
2109 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: no NVT %x/%x\n",
2110 nvt_blk, nvt_idx);
2111 return;
2112 }
2113
2114 if (!xive_nvt_is_valid(&nvt)) {
2115 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: NVT %x/%x is invalid\n",
2116 nvt_blk, nvt_idx);
2117 return;
2118 }
2119
2120 /* TODO: Auto EOI. */
2121 /* we don't support VP-group notification on P9, so precluded is not used */
2122 if (xive_presenter_match(xrtr->xfb, format, nvt_blk, nvt_idx,
2123 false /* crowd */,
2124 xive_get_field32(END_W7_F0_IGNORE, end.w7),
2125 priority,
2126 xive_get_field32(END_W7_F1_LOG_SERVER_ID, end.w7),
2127 &match)) {
2128 trace_xive_presenter_notify(nvt_blk, nvt_idx, match.ring, 0);
2129 xive_tctx_pipr_present(match.tctx, match.ring, priority, 0);
2130 return;
2131 }
2132
2133 /*
2134 * If no matching NVT is dispatched on a HW thread :
2135 * - specific VP: update the NVT structure if backlog is activated
2136 * - logical server : forward request to IVPE (not supported)
2137 */
2138 if (xive_end_is_backlog(&end)) {
2139 uint8_t ipb;
2140
2141 if (format == 1) {
2142 qemu_log_mask(LOG_GUEST_ERROR,
2143 "XIVE: END %x/%x invalid config: F1 & backlog\n",
2144 end_blk, end_idx);
2145 return;
2146 }
2147 /*
2148 * Record the IPB in the associated NVT structure for later
2149 * use. The presenter will resend the interrupt when the vCPU
2150 * is dispatched again on a HW thread.
2151 */
2152 ipb = xive_get_field32(NVT_W4_IPB, nvt.w4) |
2153 xive_priority_to_ipb(priority);
2154 nvt.w4 = xive_set_field32(NVT_W4_IPB, nvt.w4, ipb);
2155 xive_router_write_nvt(xrtr, nvt_blk, nvt_idx, &nvt, 4);
2156
2157 /*
2158 * On HW, follows a "Broadcast Backlog" to IVPEs
2159 */
2160 }
2161
2162 do_escalation:
2163 /*
2164 * If activated, escalate notification using the ESe PQ bits and
2165 * the EAS in w4-5
2166 */
2167 if (!xive_end_is_escalate(&end)) {
2168 return;
2169 }
2170
2171 /*
2172 * Check the END ESe (Event State Buffer for escalation) for even
2173 * further coalescing in the Router
2174 */
2175 if (!xive_end_is_uncond_escalation(&end)) {
2176 /* ESe[Q]=1 : end of notification */
2177 if (!xive_router_end_es_notify(xrtr, end_blk, end_idx,
2178 &end, END_W1_ESe)) {
2179 return;
2180 }
2181 }
2182
2183 trace_xive_router_end_escalate(end_blk, end_idx,
2184 (uint8_t) xive_get_field32(END_W4_ESC_END_BLOCK, end.w4),
2185 (uint32_t) xive_get_field32(END_W4_ESC_END_INDEX, end.w4),
2186 (uint32_t) xive_get_field32(END_W5_ESC_END_DATA, end.w5));
2187 /*
2188 * The END trigger becomes an Escalation trigger
2189 */
2190 xive_router_end_notify_handler(xrtr, (XiveEAS *) &end.w4);
2191 }
2192
xive_router_notify(XiveNotifier * xn,uint32_t lisn,bool pq_checked)2193 void xive_router_notify(XiveNotifier *xn, uint32_t lisn, bool pq_checked)
2194 {
2195 XiveRouter *xrtr = XIVE_ROUTER(xn);
2196 uint8_t eas_blk = XIVE_EAS_BLOCK(lisn);
2197 uint32_t eas_idx = XIVE_EAS_INDEX(lisn);
2198 XiveEAS eas;
2199
2200 /* EAS cache lookup */
2201 if (xive_router_get_eas(xrtr, eas_blk, eas_idx, &eas)) {
2202 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Unknown LISN %x\n", lisn);
2203 return;
2204 }
2205
2206 if (!pq_checked) {
2207 bool notify;
2208 uint8_t pq;
2209
2210 /* PQ cache lookup */
2211 if (xive_router_get_pq(xrtr, eas_blk, eas_idx, &pq)) {
2212 /* Set FIR */
2213 g_assert_not_reached();
2214 }
2215
2216 notify = xive_esb_trigger(&pq);
2217
2218 if (xive_router_set_pq(xrtr, eas_blk, eas_idx, &pq)) {
2219 /* Set FIR */
2220 g_assert_not_reached();
2221 }
2222
2223 if (!notify) {
2224 return;
2225 }
2226 }
2227
2228 if (!xive_eas_is_valid(&eas)) {
2229 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid LISN %x\n", lisn);
2230 return;
2231 }
2232
2233 if (xive_eas_is_masked(&eas)) {
2234 /* Notification completed */
2235 return;
2236 }
2237
2238 /*
2239 * The event trigger becomes an END trigger
2240 */
2241 xive_router_end_notify_handler(xrtr, &eas);
2242 }
2243
2244 static const Property xive_router_properties[] = {
2245 DEFINE_PROP_LINK("xive-fabric", XiveRouter, xfb,
2246 TYPE_XIVE_FABRIC, XiveFabric *),
2247 };
2248
xive_router_class_init(ObjectClass * klass,const void * data)2249 static void xive_router_class_init(ObjectClass *klass, const void *data)
2250 {
2251 DeviceClass *dc = DEVICE_CLASS(klass);
2252 XiveNotifierClass *xnc = XIVE_NOTIFIER_CLASS(klass);
2253 XiveRouterClass *xrc = XIVE_ROUTER_CLASS(klass);
2254
2255 dc->desc = "XIVE Router Engine";
2256 device_class_set_props(dc, xive_router_properties);
2257 /* Parent is SysBusDeviceClass. No need to call its realize hook */
2258 dc->realize = xive_router_realize;
2259 xnc->notify = xive_router_notify;
2260
2261 /* By default, the router handles END triggers locally */
2262 xrc->end_notify = xive_router_end_notify;
2263 }
2264
2265 static const TypeInfo xive_router_info = {
2266 .name = TYPE_XIVE_ROUTER,
2267 .parent = TYPE_SYS_BUS_DEVICE,
2268 .abstract = true,
2269 .instance_size = sizeof(XiveRouter),
2270 .class_size = sizeof(XiveRouterClass),
2271 .class_init = xive_router_class_init,
2272 .interfaces = (const InterfaceInfo[]) {
2273 { TYPE_XIVE_NOTIFIER },
2274 { TYPE_XIVE_PRESENTER },
2275 { }
2276 }
2277 };
2278
xive_eas_pic_print_info(XiveEAS * eas,uint32_t lisn,GString * buf)2279 void xive_eas_pic_print_info(XiveEAS *eas, uint32_t lisn, GString *buf)
2280 {
2281 if (!xive_eas_is_valid(eas)) {
2282 return;
2283 }
2284
2285 g_string_append_printf(buf, " %08x %s end:%02x/%04x data:%08x\n",
2286 lisn, xive_eas_is_masked(eas) ? "M" : " ",
2287 (uint8_t) xive_get_field64(EAS_END_BLOCK, eas->w),
2288 (uint32_t) xive_get_field64(EAS_END_INDEX, eas->w),
2289 (uint32_t) xive_get_field64(EAS_END_DATA, eas->w));
2290 }
2291
2292 /*
2293 * END ESB MMIO loads
2294 */
xive_end_source_read(void * opaque,hwaddr addr,unsigned size)2295 static uint64_t xive_end_source_read(void *opaque, hwaddr addr, unsigned size)
2296 {
2297 XiveENDSource *xsrc = XIVE_END_SOURCE(opaque);
2298 uint32_t offset = addr & 0xFFF;
2299 uint8_t end_blk;
2300 uint32_t end_idx;
2301 XiveEND end;
2302 uint32_t end_esmask;
2303 uint8_t pq;
2304 uint64_t ret = -1;
2305
2306 /*
2307 * The block id should be deduced from the load address on the END
2308 * ESB MMIO but our model only supports a single block per XIVE chip.
2309 */
2310 end_blk = xive_router_get_block_id(xsrc->xrtr);
2311 end_idx = addr >> (xsrc->esb_shift + 1);
2312
2313 trace_xive_end_source_read(end_blk, end_idx, addr);
2314
2315 if (xive_router_get_end(xsrc->xrtr, end_blk, end_idx, &end)) {
2316 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: No END %x/%x\n", end_blk,
2317 end_idx);
2318 return -1;
2319 }
2320
2321 if (!xive_end_is_valid(&end)) {
2322 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: END %x/%x is invalid\n",
2323 end_blk, end_idx);
2324 return -1;
2325 }
2326
2327 end_esmask = addr_is_even(addr, xsrc->esb_shift) ? END_W1_ESn : END_W1_ESe;
2328 pq = xive_get_field32(end_esmask, end.w1);
2329
2330 switch (offset) {
2331 case XIVE_ESB_LOAD_EOI ... XIVE_ESB_LOAD_EOI + 0x7FF:
2332 ret = xive_esb_eoi(&pq);
2333
2334 /* Forward the source event notification for routing ?? */
2335 break;
2336
2337 case XIVE_ESB_GET ... XIVE_ESB_GET + 0x3FF:
2338 ret = pq;
2339 break;
2340
2341 case XIVE_ESB_SET_PQ_00 ... XIVE_ESB_SET_PQ_00 + 0x0FF:
2342 case XIVE_ESB_SET_PQ_01 ... XIVE_ESB_SET_PQ_01 + 0x0FF:
2343 case XIVE_ESB_SET_PQ_10 ... XIVE_ESB_SET_PQ_10 + 0x0FF:
2344 case XIVE_ESB_SET_PQ_11 ... XIVE_ESB_SET_PQ_11 + 0x0FF:
2345 ret = xive_esb_set(&pq, (offset >> 8) & 0x3);
2346 break;
2347 default:
2348 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid END ESB load addr %d\n",
2349 offset);
2350 return -1;
2351 }
2352
2353 if (pq != xive_get_field32(end_esmask, end.w1)) {
2354 end.w1 = xive_set_field32(end_esmask, end.w1, pq);
2355 xive_router_write_end(xsrc->xrtr, end_blk, end_idx, &end, 1);
2356 }
2357
2358 return ret;
2359 }
2360
2361 /*
2362 * END ESB MMIO stores are invalid
2363 */
xive_end_source_write(void * opaque,hwaddr addr,uint64_t value,unsigned size)2364 static void xive_end_source_write(void *opaque, hwaddr addr,
2365 uint64_t value, unsigned size)
2366 {
2367 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid ESB write addr 0x%"
2368 HWADDR_PRIx"\n", addr);
2369 }
2370
2371 static const MemoryRegionOps xive_end_source_ops = {
2372 .read = xive_end_source_read,
2373 .write = xive_end_source_write,
2374 .endianness = DEVICE_BIG_ENDIAN,
2375 .valid = {
2376 .min_access_size = 1,
2377 .max_access_size = 8,
2378 },
2379 .impl = {
2380 .min_access_size = 1,
2381 .max_access_size = 8,
2382 },
2383 };
2384
xive_end_source_realize(DeviceState * dev,Error ** errp)2385 static void xive_end_source_realize(DeviceState *dev, Error **errp)
2386 {
2387 XiveENDSource *xsrc = XIVE_END_SOURCE(dev);
2388
2389 assert(xsrc->xrtr);
2390
2391 if (!xsrc->nr_ends) {
2392 error_setg(errp, "Number of interrupt needs to be greater than 0");
2393 return;
2394 }
2395
2396 if (xsrc->esb_shift != XIVE_ESB_4K &&
2397 xsrc->esb_shift != XIVE_ESB_64K) {
2398 error_setg(errp, "Invalid ESB shift setting");
2399 return;
2400 }
2401
2402 /*
2403 * Each END is assigned an even/odd pair of MMIO pages, the even page
2404 * manages the ESn field while the odd page manages the ESe field.
2405 */
2406 memory_region_init_io(&xsrc->esb_mmio, OBJECT(xsrc),
2407 &xive_end_source_ops, xsrc, "xive.end",
2408 (1ull << (xsrc->esb_shift + 1)) * xsrc->nr_ends);
2409 }
2410
2411 static const Property xive_end_source_properties[] = {
2412 DEFINE_PROP_UINT32("nr-ends", XiveENDSource, nr_ends, 0),
2413 DEFINE_PROP_UINT32("shift", XiveENDSource, esb_shift, XIVE_ESB_64K),
2414 DEFINE_PROP_LINK("xive", XiveENDSource, xrtr, TYPE_XIVE_ROUTER,
2415 XiveRouter *),
2416 };
2417
xive_end_source_class_init(ObjectClass * klass,const void * data)2418 static void xive_end_source_class_init(ObjectClass *klass, const void *data)
2419 {
2420 DeviceClass *dc = DEVICE_CLASS(klass);
2421
2422 dc->desc = "XIVE END Source";
2423 device_class_set_props(dc, xive_end_source_properties);
2424 dc->realize = xive_end_source_realize;
2425 /*
2426 * Reason: part of XIVE interrupt controller, needs to be wired up,
2427 * e.g. by spapr_xive_instance_init().
2428 */
2429 dc->user_creatable = false;
2430 }
2431
2432 static const TypeInfo xive_end_source_info = {
2433 .name = TYPE_XIVE_END_SOURCE,
2434 .parent = TYPE_DEVICE,
2435 .instance_size = sizeof(XiveENDSource),
2436 .class_init = xive_end_source_class_init,
2437 };
2438
2439 /*
2440 * XIVE Notifier
2441 */
2442 static const TypeInfo xive_notifier_info = {
2443 .name = TYPE_XIVE_NOTIFIER,
2444 .parent = TYPE_INTERFACE,
2445 .class_size = sizeof(XiveNotifierClass),
2446 };
2447
2448 /*
2449 * XIVE Presenter
2450 */
2451 static const TypeInfo xive_presenter_info = {
2452 .name = TYPE_XIVE_PRESENTER,
2453 .parent = TYPE_INTERFACE,
2454 .class_size = sizeof(XivePresenterClass),
2455 };
2456
2457 /*
2458 * XIVE Fabric
2459 */
2460 static const TypeInfo xive_fabric_info = {
2461 .name = TYPE_XIVE_FABRIC,
2462 .parent = TYPE_INTERFACE,
2463 .class_size = sizeof(XiveFabricClass),
2464 };
2465
xive_register_types(void)2466 static void xive_register_types(void)
2467 {
2468 type_register_static(&xive_fabric_info);
2469 type_register_static(&xive_source_info);
2470 type_register_static(&xive_notifier_info);
2471 type_register_static(&xive_presenter_info);
2472 type_register_static(&xive_router_info);
2473 type_register_static(&xive_end_source_info);
2474 type_register_static(&xive_tctx_info);
2475 }
2476
2477 type_init(xive_register_types)
2478