1 /*
2 * ARM GICv3 emulation: Distributor
3 *
4 * Copyright (c) 2015 Huawei.
5 * Copyright (c) 2016 Linaro Limited.
6 * Written by Shlomo Pongratz, Peter Maydell
7 *
8 * This code is licensed under the GPL, version 2 or (at your option)
9 * any later version.
10 */
11
12 #include "qemu/osdep.h"
13 #include "qemu/log.h"
14 #include "trace.h"
15 #include "gicv3_internal.h"
16
17 /* The GICD_NSACR registers contain a two bit field for each interrupt which
18 * allows the guest to give NonSecure code access to registers controlling
19 * Secure interrupts:
20 * 0b00: no access (NS accesses to bits for Secure interrupts will RAZ/WI)
21 * 0b01: NS r/w accesses permitted to ISPENDR, SETSPI_NSR, SGIR
22 * 0b10: as 0b01, and also r/w to ICPENDR, r/o to ISACTIVER/ICACTIVER,
23 * and w/o to CLRSPI_NSR
24 * 0b11: as 0b10, and also r/w to IROUTER and ITARGETSR
25 *
26 * Given a (multiple-of-32) interrupt number, these mask functions return
27 * a mask word where each bit is 1 if the NSACR settings permit access
28 * to the interrupt. The mask returned can then be ORed with the GICD_GROUP
29 * word for this set of interrupts to give an overall mask.
30 */
31
32 typedef uint32_t maskfn(GICv3State *s, int irq);
33
mask_nsacr_ge1(GICv3State * s,int irq)34 static uint32_t mask_nsacr_ge1(GICv3State *s, int irq)
35 {
36 /* Return a mask where each bit is set if the NSACR field is >= 1 */
37 uint64_t raw_nsacr = s->gicd_nsacr[irq / 16 + 1];
38
39 raw_nsacr = raw_nsacr << 32 | s->gicd_nsacr[irq / 16];
40 raw_nsacr = (raw_nsacr >> 1) | raw_nsacr;
41 return half_unshuffle64(raw_nsacr);
42 }
43
mask_nsacr_ge2(GICv3State * s,int irq)44 static uint32_t mask_nsacr_ge2(GICv3State *s, int irq)
45 {
46 /* Return a mask where each bit is set if the NSACR field is >= 2 */
47 uint64_t raw_nsacr = s->gicd_nsacr[irq / 16 + 1];
48
49 raw_nsacr = raw_nsacr << 32 | s->gicd_nsacr[irq / 16];
50 raw_nsacr = raw_nsacr >> 1;
51 return half_unshuffle64(raw_nsacr);
52 }
53
54 /* We don't need a mask_nsacr_ge3() because IROUTER<n> isn't a bitmap register,
55 * but it would be implemented using:
56 * raw_nsacr = (raw_nsacr >> 1) & raw_nsacr;
57 */
58
mask_group_and_nsacr(GICv3State * s,MemTxAttrs attrs,maskfn * maskfn,int irq)59 static uint32_t mask_group_and_nsacr(GICv3State *s, MemTxAttrs attrs,
60 maskfn *maskfn, int irq)
61 {
62 /* Return a 32-bit mask which should be applied for this set of 32
63 * interrupts; each bit is 1 if access is permitted by the
64 * combination of attrs.secure, GICD_GROUPR and GICD_NSACR.
65 */
66 uint32_t mask;
67
68 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) {
69 /* bits for Group 0 or Secure Group 1 interrupts are RAZ/WI
70 * unless the NSACR bits permit access.
71 */
72 mask = *gic_bmp_ptr32(s->group, irq);
73 if (maskfn) {
74 mask |= maskfn(s, irq);
75 }
76 return mask;
77 }
78 return 0xFFFFFFFFU;
79 }
80
gicd_ns_access(GICv3State * s,int irq)81 static int gicd_ns_access(GICv3State *s, int irq)
82 {
83 /* Return the 2 bit NS_access<x> field from GICD_NSACR<n> for the
84 * specified interrupt.
85 */
86 if (irq < GIC_INTERNAL || irq >= s->num_irq) {
87 return 0;
88 }
89 return extract32(s->gicd_nsacr[irq / 16], (irq % 16) * 2, 2);
90 }
91
gicd_write_bitmap_reg(GICv3State * s,MemTxAttrs attrs,uint32_t * bmp,maskfn * maskfn,int offset,uint32_t val)92 static void gicd_write_bitmap_reg(GICv3State *s, MemTxAttrs attrs,
93 uint32_t *bmp, maskfn *maskfn,
94 int offset, uint32_t val)
95 {
96 /*
97 * Helper routine to implement writing to a "set" register
98 * (GICD_INMIR, etc).
99 * Semantics implemented here:
100 * RAZ/WI for SGIs, PPIs, unimplemented IRQs
101 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI.
102 * offset should be the offset in bytes of the register from the start
103 * of its group.
104 */
105 int irq = offset * 8;
106
107 if (irq < GIC_INTERNAL || irq >= s->num_irq) {
108 return;
109 }
110 val &= mask_group_and_nsacr(s, attrs, maskfn, irq);
111 *gic_bmp_ptr32(bmp, irq) = val;
112 gicv3_update(s, irq, 32);
113 }
114
gicd_write_set_bitmap_reg(GICv3State * s,MemTxAttrs attrs,uint32_t * bmp,maskfn * maskfn,int offset,uint32_t val)115 static void gicd_write_set_bitmap_reg(GICv3State *s, MemTxAttrs attrs,
116 uint32_t *bmp,
117 maskfn *maskfn,
118 int offset, uint32_t val)
119 {
120 /* Helper routine to implement writing to a "set-bitmap" register
121 * (GICD_ISENABLER, GICD_ISPENDR, etc).
122 * Semantics implemented here:
123 * RAZ/WI for SGIs, PPIs, unimplemented IRQs
124 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI.
125 * Writing 1 means "set bit in bitmap"; writing 0 is ignored.
126 * offset should be the offset in bytes of the register from the start
127 * of its group.
128 */
129 int irq = offset * 8;
130
131 if (irq < GIC_INTERNAL || irq >= s->num_irq) {
132 return;
133 }
134 val &= mask_group_and_nsacr(s, attrs, maskfn, irq);
135 *gic_bmp_ptr32(bmp, irq) |= val;
136 gicv3_update(s, irq, 32);
137 }
138
gicd_write_clear_bitmap_reg(GICv3State * s,MemTxAttrs attrs,uint32_t * bmp,maskfn * maskfn,int offset,uint32_t val)139 static void gicd_write_clear_bitmap_reg(GICv3State *s, MemTxAttrs attrs,
140 uint32_t *bmp,
141 maskfn *maskfn,
142 int offset, uint32_t val)
143 {
144 /* Helper routine to implement writing to a "clear-bitmap" register
145 * (GICD_ICENABLER, GICD_ICPENDR, etc).
146 * Semantics implemented here:
147 * RAZ/WI for SGIs, PPIs, unimplemented IRQs
148 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI.
149 * Writing 1 means "clear bit in bitmap"; writing 0 is ignored.
150 * offset should be the offset in bytes of the register from the start
151 * of its group.
152 */
153 int irq = offset * 8;
154
155 if (irq < GIC_INTERNAL || irq >= s->num_irq) {
156 return;
157 }
158 val &= mask_group_and_nsacr(s, attrs, maskfn, irq);
159 *gic_bmp_ptr32(bmp, irq) &= ~val;
160 gicv3_update(s, irq, 32);
161 }
162
gicd_read_bitmap_reg(GICv3State * s,MemTxAttrs attrs,uint32_t * bmp,maskfn * maskfn,int offset)163 static uint32_t gicd_read_bitmap_reg(GICv3State *s, MemTxAttrs attrs,
164 uint32_t *bmp,
165 maskfn *maskfn,
166 int offset)
167 {
168 /* Helper routine to implement reading a "set/clear-bitmap" register
169 * (GICD_ICENABLER, GICD_ISENABLER, GICD_ICPENDR, etc).
170 * Semantics implemented here:
171 * RAZ/WI for SGIs, PPIs, unimplemented IRQs
172 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI.
173 * offset should be the offset in bytes of the register from the start
174 * of its group.
175 */
176 int irq = offset * 8;
177 uint32_t val;
178
179 if (irq < GIC_INTERNAL || irq >= s->num_irq) {
180 return 0;
181 }
182 val = *gic_bmp_ptr32(bmp, irq);
183 if (bmp == s->pending) {
184 /* The PENDING register is a special case -- for level triggered
185 * interrupts, the PENDING state is the logical OR of the state of
186 * the PENDING latch with the input line level.
187 */
188 uint32_t edge = *gic_bmp_ptr32(s->edge_trigger, irq);
189 uint32_t level = *gic_bmp_ptr32(s->level, irq);
190 val |= (~edge & level);
191 }
192 val &= mask_group_and_nsacr(s, attrs, maskfn, irq);
193 return val;
194 }
195
gicd_read_ipriorityr(GICv3State * s,MemTxAttrs attrs,int irq)196 static uint8_t gicd_read_ipriorityr(GICv3State *s, MemTxAttrs attrs, int irq)
197 {
198 /* Read the value of GICD_IPRIORITYR<n> for the specified interrupt,
199 * honouring security state (these are RAZ/WI for Group 0 or Secure
200 * Group 1 interrupts).
201 */
202 uint32_t prio;
203
204 if (irq < GIC_INTERNAL || irq >= s->num_irq) {
205 return 0;
206 }
207
208 prio = s->gicd_ipriority[irq];
209
210 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) {
211 if (!gicv3_gicd_group_test(s, irq)) {
212 /* Fields for Group 0 or Secure Group 1 interrupts are RAZ/WI */
213 return 0;
214 }
215 /* NS view of the interrupt priority */
216 prio = (prio << 1) & 0xff;
217 }
218 return prio;
219 }
220
gicd_write_ipriorityr(GICv3State * s,MemTxAttrs attrs,int irq,uint8_t value)221 static void gicd_write_ipriorityr(GICv3State *s, MemTxAttrs attrs, int irq,
222 uint8_t value)
223 {
224 /* Write the value of GICD_IPRIORITYR<n> for the specified interrupt,
225 * honouring security state (these are RAZ/WI for Group 0 or Secure
226 * Group 1 interrupts).
227 */
228 if (irq < GIC_INTERNAL || irq >= s->num_irq) {
229 return;
230 }
231
232 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) {
233 if (!gicv3_gicd_group_test(s, irq)) {
234 /* Fields for Group 0 or Secure Group 1 interrupts are RAZ/WI */
235 return;
236 }
237 /* NS view of the interrupt priority */
238 value = 0x80 | (value >> 1);
239 }
240 s->gicd_ipriority[irq] = value;
241 }
242
gicd_read_irouter(GICv3State * s,MemTxAttrs attrs,int irq)243 static uint64_t gicd_read_irouter(GICv3State *s, MemTxAttrs attrs, int irq)
244 {
245 /* Read the value of GICD_IROUTER<n> for the specified interrupt,
246 * honouring security state.
247 */
248 if (irq < GIC_INTERNAL || irq >= s->num_irq) {
249 return 0;
250 }
251
252 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) {
253 /* RAZ/WI for NS accesses to secure interrupts */
254 if (!gicv3_gicd_group_test(s, irq)) {
255 if (gicd_ns_access(s, irq) != 3) {
256 return 0;
257 }
258 }
259 }
260
261 return s->gicd_irouter[irq];
262 }
263
gicd_write_irouter(GICv3State * s,MemTxAttrs attrs,int irq,uint64_t val)264 static void gicd_write_irouter(GICv3State *s, MemTxAttrs attrs, int irq,
265 uint64_t val)
266 {
267 /* Write the value of GICD_IROUTER<n> for the specified interrupt,
268 * honouring security state.
269 */
270 if (irq < GIC_INTERNAL || irq >= s->num_irq) {
271 return;
272 }
273
274 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) {
275 /* RAZ/WI for NS accesses to secure interrupts */
276 if (!gicv3_gicd_group_test(s, irq)) {
277 if (gicd_ns_access(s, irq) != 3) {
278 return;
279 }
280 }
281 }
282
283 s->gicd_irouter[irq] = val;
284 gicv3_cache_target_cpustate(s, irq);
285 gicv3_update(s, irq, 1);
286 }
287
288 /**
289 * gicd_readb
290 * gicd_readw
291 * gicd_readl
292 * gicd_readq
293 * gicd_writeb
294 * gicd_writew
295 * gicd_writel
296 * gicd_writeq
297 *
298 * Return %true if the operation succeeded, %false otherwise.
299 */
300
gicd_readb(GICv3State * s,hwaddr offset,uint64_t * data,MemTxAttrs attrs)301 static bool gicd_readb(GICv3State *s, hwaddr offset,
302 uint64_t *data, MemTxAttrs attrs)
303 {
304 /* Most GICv3 distributor registers do not support byte accesses. */
305 switch (offset) {
306 case GICD_CPENDSGIR ... GICD_CPENDSGIR + 0xf:
307 case GICD_SPENDSGIR ... GICD_SPENDSGIR + 0xf:
308 case GICD_ITARGETSR ... GICD_ITARGETSR + 0x3ff:
309 /* This GIC implementation always has affinity routing enabled,
310 * so these registers are all RAZ/WI.
311 */
312 return true;
313 case GICD_IPRIORITYR ... GICD_IPRIORITYR + 0x3ff:
314 *data = gicd_read_ipriorityr(s, attrs, offset - GICD_IPRIORITYR);
315 return true;
316 default:
317 return false;
318 }
319 }
320
gicd_writeb(GICv3State * s,hwaddr offset,uint64_t value,MemTxAttrs attrs)321 static bool gicd_writeb(GICv3State *s, hwaddr offset,
322 uint64_t value, MemTxAttrs attrs)
323 {
324 /* Most GICv3 distributor registers do not support byte accesses. */
325 switch (offset) {
326 case GICD_CPENDSGIR ... GICD_CPENDSGIR + 0xf:
327 case GICD_SPENDSGIR ... GICD_SPENDSGIR + 0xf:
328 case GICD_ITARGETSR ... GICD_ITARGETSR + 0x3ff:
329 /* This GIC implementation always has affinity routing enabled,
330 * so these registers are all RAZ/WI.
331 */
332 return true;
333 case GICD_IPRIORITYR ... GICD_IPRIORITYR + 0x3ff:
334 {
335 int irq = offset - GICD_IPRIORITYR;
336
337 if (irq < GIC_INTERNAL || irq >= s->num_irq) {
338 return true;
339 }
340 gicd_write_ipriorityr(s, attrs, irq, value);
341 gicv3_update(s, irq, 1);
342 return true;
343 }
344 default:
345 return false;
346 }
347 }
348
gicd_readw(GICv3State * s,hwaddr offset,uint64_t * data,MemTxAttrs attrs)349 static bool gicd_readw(GICv3State *s, hwaddr offset,
350 uint64_t *data, MemTxAttrs attrs)
351 {
352 /* Only GICD_SETSPI_NSR, GICD_CLRSPI_NSR, GICD_SETSPI_SR and GICD_SETSPI_NSR
353 * support 16 bit accesses, and those registers are all part of the
354 * optional message-based SPI feature which this GIC does not currently
355 * implement (ie for us GICD_TYPER.MBIS == 0), so for us they are
356 * reserved.
357 */
358 return false;
359 }
360
gicd_writew(GICv3State * s,hwaddr offset,uint64_t value,MemTxAttrs attrs)361 static bool gicd_writew(GICv3State *s, hwaddr offset,
362 uint64_t value, MemTxAttrs attrs)
363 {
364 /* Only GICD_SETSPI_NSR, GICD_CLRSPI_NSR, GICD_SETSPI_SR and GICD_SETSPI_NSR
365 * support 16 bit accesses, and those registers are all part of the
366 * optional message-based SPI feature which this GIC does not currently
367 * implement (ie for us GICD_TYPER.MBIS == 0), so for us they are
368 * reserved.
369 */
370 return false;
371 }
372
gicd_readl(GICv3State * s,hwaddr offset,uint64_t * data,MemTxAttrs attrs)373 static bool gicd_readl(GICv3State *s, hwaddr offset,
374 uint64_t *data, MemTxAttrs attrs)
375 {
376 /* Almost all GICv3 distributor registers are 32-bit.
377 * Note that WO registers must return an UNKNOWN value on reads,
378 * not an abort.
379 */
380
381 switch (offset) {
382 case GICD_CTLR:
383 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) {
384 /* The NS view of the GICD_CTLR sees only certain bits:
385 * + bit [31] (RWP) is an alias of the Secure bit [31]
386 * + bit [4] (ARE_NS) is an alias of Secure bit [5]
387 * + bit [1] (EnableGrp1A) is an alias of Secure bit [1] if
388 * NS affinity routing is enabled, otherwise RES0
389 * + bit [0] (EnableGrp1) is an alias of Secure bit [1] if
390 * NS affinity routing is not enabled, otherwise RES0
391 * Since for QEMU affinity routing is always enabled
392 * for both S and NS this means that bits [4] and [5] are
393 * both always 1, and we can simply make the NS view
394 * be bits 31, 4 and 1 of the S view.
395 */
396 *data = s->gicd_ctlr & (GICD_CTLR_ARE_S |
397 GICD_CTLR_EN_GRP1NS |
398 GICD_CTLR_RWP);
399 } else {
400 *data = s->gicd_ctlr;
401 }
402 return true;
403 case GICD_TYPER:
404 {
405 /* For this implementation:
406 * No1N == 1 (1-of-N SPI interrupts not supported)
407 * A3V == 1 (non-zero values of Affinity level 3 supported)
408 * IDbits == 0xf (we support 16-bit interrupt identifiers)
409 * DVIS == 1 (Direct virtual LPI injection supported) if GICv4
410 * LPIS == 1 (LPIs are supported if affinity routing is enabled)
411 * num_LPIs == 0b00000 (bits [15:11],Number of LPIs as indicated
412 * by GICD_TYPER.IDbits)
413 * MBIS == 0 (message-based SPIs not supported)
414 * SecurityExtn == 1 if security extns supported
415 * NMI = 1 if Non-maskable interrupt property is supported
416 * CPUNumber == 0 since for us ARE is always 1
417 * ITLinesNumber == (((max SPI IntID + 1) / 32) - 1)
418 */
419 int itlinesnumber = (s->num_irq / 32) - 1;
420 /*
421 * SecurityExtn must be RAZ if GICD_CTLR.DS == 1, and
422 * "security extensions not supported" always implies DS == 1,
423 * so we only need to check the DS bit.
424 */
425 bool sec_extn = !(s->gicd_ctlr & GICD_CTLR_DS);
426 bool dvis = s->revision >= 4;
427
428 *data = (1 << 25) | (1 << 24) | (dvis << 18) | (sec_extn << 10) |
429 (s->nmi_support << GICD_TYPER_NMI_SHIFT) |
430 (s->lpi_enable << GICD_TYPER_LPIS_SHIFT) |
431 (0xf << 19) | itlinesnumber;
432 return true;
433 }
434 case GICD_IIDR:
435 /* We claim to be an ARM r0p0 with a zero ProductID.
436 * This is the same as an r0p0 GIC-500.
437 */
438 *data = gicv3_iidr();
439 return true;
440 case GICD_STATUSR:
441 /* RAZ/WI for us (this is an optional register and our implementation
442 * does not track RO/WO/reserved violations to report them to the guest)
443 */
444 *data = 0;
445 return true;
446 case GICD_IGROUPR ... GICD_IGROUPR + 0x7f:
447 {
448 int irq;
449
450 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) {
451 *data = 0;
452 return true;
453 }
454 /* RAZ/WI for SGIs, PPIs, unimplemented irqs */
455 irq = (offset - GICD_IGROUPR) * 8;
456 if (irq < GIC_INTERNAL || irq >= s->num_irq) {
457 *data = 0;
458 return true;
459 }
460 *data = *gic_bmp_ptr32(s->group, irq);
461 return true;
462 }
463 case GICD_ISENABLER ... GICD_ISENABLER + 0x7f:
464 *data = gicd_read_bitmap_reg(s, attrs, s->enabled, NULL,
465 offset - GICD_ISENABLER);
466 return true;
467 case GICD_ICENABLER ... GICD_ICENABLER + 0x7f:
468 *data = gicd_read_bitmap_reg(s, attrs, s->enabled, NULL,
469 offset - GICD_ICENABLER);
470 return true;
471 case GICD_ISPENDR ... GICD_ISPENDR + 0x7f:
472 *data = gicd_read_bitmap_reg(s, attrs, s->pending, mask_nsacr_ge1,
473 offset - GICD_ISPENDR);
474 return true;
475 case GICD_ICPENDR ... GICD_ICPENDR + 0x7f:
476 *data = gicd_read_bitmap_reg(s, attrs, s->pending, mask_nsacr_ge2,
477 offset - GICD_ICPENDR);
478 return true;
479 case GICD_ISACTIVER ... GICD_ISACTIVER + 0x7f:
480 *data = gicd_read_bitmap_reg(s, attrs, s->active, mask_nsacr_ge2,
481 offset - GICD_ISACTIVER);
482 return true;
483 case GICD_ICACTIVER ... GICD_ICACTIVER + 0x7f:
484 *data = gicd_read_bitmap_reg(s, attrs, s->active, mask_nsacr_ge2,
485 offset - GICD_ICACTIVER);
486 return true;
487 case GICD_IPRIORITYR ... GICD_IPRIORITYR + 0x3ff:
488 {
489 int i, irq = offset - GICD_IPRIORITYR;
490 uint32_t value = 0;
491
492 for (i = irq + 3; i >= irq; i--) {
493 value <<= 8;
494 value |= gicd_read_ipriorityr(s, attrs, i);
495 }
496 *data = value;
497 return true;
498 }
499 case GICD_ITARGETSR ... GICD_ITARGETSR + 0x3ff:
500 /* RAZ/WI since affinity routing is always enabled */
501 *data = 0;
502 return true;
503 case GICD_ICFGR ... GICD_ICFGR + 0xff:
504 {
505 /* Here only the even bits are used; odd bits are RES0 */
506 int irq = (offset - GICD_ICFGR) * 4;
507 uint32_t value = 0;
508
509 if (irq < GIC_INTERNAL || irq >= s->num_irq) {
510 *data = 0;
511 return true;
512 }
513
514 /* Since our edge_trigger bitmap is one bit per irq, we only need
515 * half of the 32-bit word, which we can then spread out
516 * into the odd bits.
517 */
518 value = *gic_bmp_ptr32(s->edge_trigger, irq & ~0x1f);
519 value &= mask_group_and_nsacr(s, attrs, NULL, irq & ~0x1f);
520 value = extract32(value, (irq & 0x1f) ? 16 : 0, 16);
521 value = half_shuffle32(value) << 1;
522 *data = value;
523 return true;
524 }
525 case GICD_IGRPMODR ... GICD_IGRPMODR + 0xff:
526 {
527 int irq;
528
529 if ((s->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) {
530 /* RAZ/WI if security disabled, or if
531 * security enabled and this is an NS access
532 */
533 *data = 0;
534 return true;
535 }
536 /* RAZ/WI for SGIs, PPIs, unimplemented irqs */
537 irq = (offset - GICD_IGRPMODR) * 8;
538 if (irq < GIC_INTERNAL || irq >= s->num_irq) {
539 *data = 0;
540 return true;
541 }
542 *data = *gic_bmp_ptr32(s->grpmod, irq);
543 return true;
544 }
545 case GICD_NSACR ... GICD_NSACR + 0xff:
546 {
547 /* Two bits per interrupt */
548 int irq = (offset - GICD_NSACR) * 4;
549
550 if (irq < GIC_INTERNAL || irq >= s->num_irq) {
551 *data = 0;
552 return true;
553 }
554
555 if ((s->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) {
556 /* RAZ/WI if security disabled, or if
557 * security enabled and this is an NS access
558 */
559 *data = 0;
560 return true;
561 }
562
563 *data = s->gicd_nsacr[irq / 16];
564 return true;
565 }
566 case GICD_CPENDSGIR ... GICD_CPENDSGIR + 0xf:
567 case GICD_SPENDSGIR ... GICD_SPENDSGIR + 0xf:
568 /* RAZ/WI since affinity routing is always enabled */
569 *data = 0;
570 return true;
571 case GICD_INMIR ... GICD_INMIR + 0x7f:
572 *data = (!s->nmi_support) ? 0 :
573 gicd_read_bitmap_reg(s, attrs, s->nmi, NULL,
574 offset - GICD_INMIR);
575 return true;
576 case GICD_IROUTER ... GICD_IROUTER + 0x1fdf:
577 {
578 uint64_t r;
579 int irq = (offset - GICD_IROUTER) / 8;
580
581 r = gicd_read_irouter(s, attrs, irq);
582 if (offset & 7) {
583 *data = r >> 32;
584 } else {
585 *data = (uint32_t)r;
586 }
587 return true;
588 }
589 case GICD_IDREGS ... GICD_IDREGS + 0x2f:
590 /* ID registers */
591 *data = gicv3_idreg(s, offset - GICD_IDREGS, GICV3_PIDR0_DIST);
592 return true;
593 case GICD_SGIR:
594 /* WO registers, return unknown value */
595 qemu_log_mask(LOG_GUEST_ERROR,
596 "%s: invalid guest read from WO register at offset "
597 HWADDR_FMT_plx "\n", __func__, offset);
598 *data = 0;
599 return true;
600 default:
601 return false;
602 }
603 }
604
gicd_writel(GICv3State * s,hwaddr offset,uint64_t value,MemTxAttrs attrs)605 static bool gicd_writel(GICv3State *s, hwaddr offset,
606 uint64_t value, MemTxAttrs attrs)
607 {
608 /* Almost all GICv3 distributor registers are 32-bit. Note that
609 * RO registers must ignore writes, not abort.
610 */
611
612 switch (offset) {
613 case GICD_CTLR:
614 {
615 uint32_t mask;
616 /* GICv3 5.3.20 */
617 if (s->gicd_ctlr & GICD_CTLR_DS) {
618 /* With only one security state, E1NWF is RAZ/WI, DS is RAO/WI,
619 * ARE is RAO/WI (affinity routing always on), and only
620 * bits 0 and 1 (group enables) are writable.
621 */
622 mask = GICD_CTLR_EN_GRP0 | GICD_CTLR_EN_GRP1NS;
623 } else {
624 if (attrs.secure) {
625 /* for secure access:
626 * ARE_NS and ARE_S are RAO/WI (affinity routing always on)
627 * E1NWF is RAZ/WI (we don't support enable-1-of-n-wakeup)
628 *
629 * We can only modify bits[2:0] (the group enables).
630 */
631 mask = GICD_CTLR_DS | GICD_CTLR_EN_GRP0 | GICD_CTLR_EN_GRP1_ALL;
632 } else {
633 /* For non secure access ARE_NS is RAO/WI and EnableGrp1
634 * is RES0. The only writable bit is [1] (EnableGrp1A), which
635 * is an alias of the Secure bit [1].
636 */
637 mask = GICD_CTLR_EN_GRP1NS;
638 }
639 }
640 s->gicd_ctlr = (s->gicd_ctlr & ~mask) | (value & mask);
641 if (value & mask & GICD_CTLR_DS) {
642 /* We just set DS, so the ARE_NS and EnG1S bits are now RES0.
643 * Note that this is a one-way transition because if DS is set
644 * then it's not writable, so it can only go back to 0 with a
645 * hardware reset.
646 */
647 s->gicd_ctlr &= ~(GICD_CTLR_EN_GRP1S | GICD_CTLR_ARE_NS);
648 }
649 gicv3_full_update(s);
650 return true;
651 }
652 case GICD_STATUSR:
653 /* RAZ/WI for our implementation */
654 return true;
655 case GICD_IGROUPR ... GICD_IGROUPR + 0x7f:
656 {
657 int irq;
658
659 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) {
660 return true;
661 }
662 /* RAZ/WI for SGIs, PPIs, unimplemented irqs */
663 irq = (offset - GICD_IGROUPR) * 8;
664 if (irq < GIC_INTERNAL || irq >= s->num_irq) {
665 return true;
666 }
667 *gic_bmp_ptr32(s->group, irq) = value;
668 gicv3_update(s, irq, 32);
669 return true;
670 }
671 case GICD_ISENABLER ... GICD_ISENABLER + 0x7f:
672 gicd_write_set_bitmap_reg(s, attrs, s->enabled, NULL,
673 offset - GICD_ISENABLER, value);
674 return true;
675 case GICD_ICENABLER ... GICD_ICENABLER + 0x7f:
676 gicd_write_clear_bitmap_reg(s, attrs, s->enabled, NULL,
677 offset - GICD_ICENABLER, value);
678 return true;
679 case GICD_ISPENDR ... GICD_ISPENDR + 0x7f:
680 gicd_write_set_bitmap_reg(s, attrs, s->pending, mask_nsacr_ge1,
681 offset - GICD_ISPENDR, value);
682 return true;
683 case GICD_ICPENDR ... GICD_ICPENDR + 0x7f:
684 gicd_write_clear_bitmap_reg(s, attrs, s->pending, mask_nsacr_ge2,
685 offset - GICD_ICPENDR, value);
686 return true;
687 case GICD_ISACTIVER ... GICD_ISACTIVER + 0x7f:
688 gicd_write_set_bitmap_reg(s, attrs, s->active, NULL,
689 offset - GICD_ISACTIVER, value);
690 return true;
691 case GICD_ICACTIVER ... GICD_ICACTIVER + 0x7f:
692 gicd_write_clear_bitmap_reg(s, attrs, s->active, NULL,
693 offset - GICD_ICACTIVER, value);
694 return true;
695 case GICD_IPRIORITYR ... GICD_IPRIORITYR + 0x3ff:
696 {
697 int i, irq = offset - GICD_IPRIORITYR;
698
699 if (irq < GIC_INTERNAL || irq + 3 >= s->num_irq) {
700 return true;
701 }
702
703 for (i = irq; i < irq + 4; i++, value >>= 8) {
704 gicd_write_ipriorityr(s, attrs, i, value);
705 }
706 gicv3_update(s, irq, 4);
707 return true;
708 }
709 case GICD_ITARGETSR ... GICD_ITARGETSR + 0x3ff:
710 /* RAZ/WI since affinity routing is always enabled */
711 return true;
712 case GICD_ICFGR ... GICD_ICFGR + 0xff:
713 {
714 /* Here only the odd bits are used; even bits are RES0 */
715 int irq = (offset - GICD_ICFGR) * 4;
716 uint32_t mask, oldval;
717
718 if (irq < GIC_INTERNAL || irq >= s->num_irq) {
719 return true;
720 }
721
722 /* Since our edge_trigger bitmap is one bit per irq, our input
723 * 32-bits will compress down into 16 bits which we need
724 * to write into the bitmap.
725 */
726 value = half_unshuffle32(value >> 1);
727 mask = mask_group_and_nsacr(s, attrs, NULL, irq & ~0x1f);
728 if (irq & 0x1f) {
729 value <<= 16;
730 mask &= 0xffff0000U;
731 } else {
732 mask &= 0xffff;
733 }
734 oldval = *gic_bmp_ptr32(s->edge_trigger, (irq & ~0x1f));
735 value = (oldval & ~mask) | (value & mask);
736 *gic_bmp_ptr32(s->edge_trigger, irq & ~0x1f) = value;
737 return true;
738 }
739 case GICD_IGRPMODR ... GICD_IGRPMODR + 0xff:
740 {
741 int irq;
742
743 if ((s->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) {
744 /* RAZ/WI if security disabled, or if
745 * security enabled and this is an NS access
746 */
747 return true;
748 }
749 /* RAZ/WI for SGIs, PPIs, unimplemented irqs */
750 irq = (offset - GICD_IGRPMODR) * 8;
751 if (irq < GIC_INTERNAL || irq >= s->num_irq) {
752 return true;
753 }
754 *gic_bmp_ptr32(s->grpmod, irq) = value;
755 gicv3_update(s, irq, 32);
756 return true;
757 }
758 case GICD_NSACR ... GICD_NSACR + 0xff:
759 {
760 /* Two bits per interrupt */
761 int irq = (offset - GICD_NSACR) * 4;
762
763 if (irq < GIC_INTERNAL || irq >= s->num_irq) {
764 return true;
765 }
766
767 if ((s->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) {
768 /* RAZ/WI if security disabled, or if
769 * security enabled and this is an NS access
770 */
771 return true;
772 }
773
774 s->gicd_nsacr[irq / 16] = value;
775 /* No update required as this only affects access permission checks */
776 return true;
777 }
778 case GICD_SGIR:
779 /* RES0 if affinity routing is enabled */
780 return true;
781 case GICD_CPENDSGIR ... GICD_CPENDSGIR + 0xf:
782 case GICD_SPENDSGIR ... GICD_SPENDSGIR + 0xf:
783 /* RAZ/WI since affinity routing is always enabled */
784 return true;
785 case GICD_INMIR ... GICD_INMIR + 0x7f:
786 if (s->nmi_support) {
787 gicd_write_bitmap_reg(s, attrs, s->nmi, NULL,
788 offset - GICD_INMIR, value);
789 }
790 return true;
791 case GICD_IROUTER ... GICD_IROUTER + 0x1fdf:
792 {
793 uint64_t r;
794 int irq = (offset - GICD_IROUTER) / 8;
795
796 if (irq < GIC_INTERNAL || irq >= s->num_irq) {
797 return true;
798 }
799
800 /* Write half of the 64-bit register */
801 r = gicd_read_irouter(s, attrs, irq);
802 r = deposit64(r, (offset & 7) ? 32 : 0, 32, value);
803 gicd_write_irouter(s, attrs, irq, r);
804 return true;
805 }
806 case GICD_IDREGS ... GICD_IDREGS + 0x2f:
807 case GICD_TYPER:
808 case GICD_IIDR:
809 /* RO registers, ignore the write */
810 qemu_log_mask(LOG_GUEST_ERROR,
811 "%s: invalid guest write to RO register at offset "
812 HWADDR_FMT_plx "\n", __func__, offset);
813 return true;
814 default:
815 return false;
816 }
817 }
818
gicd_writeq(GICv3State * s,hwaddr offset,uint64_t value,MemTxAttrs attrs)819 static bool gicd_writeq(GICv3State *s, hwaddr offset,
820 uint64_t value, MemTxAttrs attrs)
821 {
822 /* Our only 64-bit registers are GICD_IROUTER<n> */
823 int irq;
824
825 switch (offset) {
826 case GICD_IROUTER ... GICD_IROUTER + 0x1fdf:
827 irq = (offset - GICD_IROUTER) / 8;
828 gicd_write_irouter(s, attrs, irq, value);
829 return true;
830 default:
831 return false;
832 }
833 }
834
gicd_readq(GICv3State * s,hwaddr offset,uint64_t * data,MemTxAttrs attrs)835 static bool gicd_readq(GICv3State *s, hwaddr offset,
836 uint64_t *data, MemTxAttrs attrs)
837 {
838 /* Our only 64-bit registers are GICD_IROUTER<n> */
839 int irq;
840
841 switch (offset) {
842 case GICD_IROUTER ... GICD_IROUTER + 0x1fdf:
843 irq = (offset - GICD_IROUTER) / 8;
844 *data = gicd_read_irouter(s, attrs, irq);
845 return true;
846 default:
847 return false;
848 }
849 }
850
gicv3_dist_read(void * opaque,hwaddr offset,uint64_t * data,unsigned size,MemTxAttrs attrs)851 MemTxResult gicv3_dist_read(void *opaque, hwaddr offset, uint64_t *data,
852 unsigned size, MemTxAttrs attrs)
853 {
854 GICv3State *s = (GICv3State *)opaque;
855 bool r;
856
857 switch (size) {
858 case 1:
859 r = gicd_readb(s, offset, data, attrs);
860 break;
861 case 2:
862 r = gicd_readw(s, offset, data, attrs);
863 break;
864 case 4:
865 r = gicd_readl(s, offset, data, attrs);
866 break;
867 case 8:
868 r = gicd_readq(s, offset, data, attrs);
869 break;
870 default:
871 r = false;
872 break;
873 }
874
875 if (!r) {
876 qemu_log_mask(LOG_GUEST_ERROR,
877 "%s: invalid guest read at offset " HWADDR_FMT_plx
878 " size %u\n", __func__, offset, size);
879 trace_gicv3_dist_badread(offset, size, attrs.secure);
880 /* The spec requires that reserved registers are RAZ/WI;
881 * so use MEMTX_ERROR returns from leaf functions as a way to
882 * trigger the guest-error logging but don't return it to
883 * the caller, or we'll cause a spurious guest data abort.
884 */
885 *data = 0;
886 } else {
887 trace_gicv3_dist_read(offset, *data, size, attrs.secure);
888 }
889 return MEMTX_OK;
890 }
891
gicv3_dist_write(void * opaque,hwaddr offset,uint64_t data,unsigned size,MemTxAttrs attrs)892 MemTxResult gicv3_dist_write(void *opaque, hwaddr offset, uint64_t data,
893 unsigned size, MemTxAttrs attrs)
894 {
895 GICv3State *s = (GICv3State *)opaque;
896 bool r;
897
898 switch (size) {
899 case 1:
900 r = gicd_writeb(s, offset, data, attrs);
901 break;
902 case 2:
903 r = gicd_writew(s, offset, data, attrs);
904 break;
905 case 4:
906 r = gicd_writel(s, offset, data, attrs);
907 break;
908 case 8:
909 r = gicd_writeq(s, offset, data, attrs);
910 break;
911 default:
912 r = false;
913 break;
914 }
915
916 if (!r) {
917 qemu_log_mask(LOG_GUEST_ERROR,
918 "%s: invalid guest write at offset " HWADDR_FMT_plx
919 " size %u\n", __func__, offset, size);
920 trace_gicv3_dist_badwrite(offset, data, size, attrs.secure);
921 /* The spec requires that reserved registers are RAZ/WI;
922 * so use MEMTX_ERROR returns from leaf functions as a way to
923 * trigger the guest-error logging but don't return it to
924 * the caller, or we'll cause a spurious guest data abort.
925 */
926 } else {
927 trace_gicv3_dist_write(offset, data, size, attrs.secure);
928 }
929 return MEMTX_OK;
930 }
931
gicv3_dist_set_irq(GICv3State * s,int irq,int level)932 void gicv3_dist_set_irq(GICv3State *s, int irq, int level)
933 {
934 /* Update distributor state for a change in an external SPI input line */
935 if (level == gicv3_gicd_level_test(s, irq)) {
936 return;
937 }
938
939 trace_gicv3_dist_set_irq(irq, level);
940
941 gicv3_gicd_level_replace(s, irq, level);
942
943 if (level) {
944 /* 0->1 edges latch the pending bit for edge-triggered interrupts */
945 if (gicv3_gicd_edge_trigger_test(s, irq)) {
946 gicv3_gicd_pending_set(s, irq);
947 }
948 }
949
950 gicv3_update(s, irq, 1);
951 }
952