xref: /openbmc/linux/arch/powerpc/kvm/mpic.c (revision 12eb4683)
1 /*
2  * OpenPIC emulation
3  *
4  * Copyright (c) 2004 Jocelyn Mayer
5  *               2011 Alexander Graf
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23  * THE SOFTWARE.
24  */
25 
26 #include <linux/slab.h>
27 #include <linux/mutex.h>
28 #include <linux/kvm_host.h>
29 #include <linux/errno.h>
30 #include <linux/fs.h>
31 #include <linux/anon_inodes.h>
32 #include <asm/uaccess.h>
33 #include <asm/mpic.h>
34 #include <asm/kvm_para.h>
35 #include <asm/kvm_host.h>
36 #include <asm/kvm_ppc.h>
37 #include "iodev.h"
38 
39 #define MAX_CPU     32
40 #define MAX_SRC     256
41 #define MAX_TMR     4
42 #define MAX_IPI     4
43 #define MAX_MSI     8
44 #define MAX_IRQ     (MAX_SRC + MAX_IPI + MAX_TMR)
45 #define VID         0x03	/* MPIC version ID */
46 
47 /* OpenPIC capability flags */
48 #define OPENPIC_FLAG_IDR_CRIT     (1 << 0)
49 #define OPENPIC_FLAG_ILR          (2 << 0)
50 
51 /* OpenPIC address map */
52 #define OPENPIC_REG_SIZE             0x40000
53 #define OPENPIC_GLB_REG_START        0x0
54 #define OPENPIC_GLB_REG_SIZE         0x10F0
55 #define OPENPIC_TMR_REG_START        0x10F0
56 #define OPENPIC_TMR_REG_SIZE         0x220
57 #define OPENPIC_MSI_REG_START        0x1600
58 #define OPENPIC_MSI_REG_SIZE         0x200
59 #define OPENPIC_SUMMARY_REG_START    0x3800
60 #define OPENPIC_SUMMARY_REG_SIZE     0x800
61 #define OPENPIC_SRC_REG_START        0x10000
62 #define OPENPIC_SRC_REG_SIZE         (MAX_SRC * 0x20)
63 #define OPENPIC_CPU_REG_START        0x20000
64 #define OPENPIC_CPU_REG_SIZE         (0x100 + ((MAX_CPU - 1) * 0x1000))
65 
66 struct fsl_mpic_info {
67 	int max_ext;
68 };
69 
70 static struct fsl_mpic_info fsl_mpic_20 = {
71 	.max_ext = 12,
72 };
73 
74 static struct fsl_mpic_info fsl_mpic_42 = {
75 	.max_ext = 12,
76 };
77 
78 #define FRR_NIRQ_SHIFT    16
79 #define FRR_NCPU_SHIFT     8
80 #define FRR_VID_SHIFT      0
81 
82 #define VID_REVISION_1_2   2
83 #define VID_REVISION_1_3   3
84 
85 #define VIR_GENERIC      0x00000000	/* Generic Vendor ID */
86 
87 #define GCR_RESET        0x80000000
88 #define GCR_MODE_PASS    0x00000000
89 #define GCR_MODE_MIXED   0x20000000
90 #define GCR_MODE_PROXY   0x60000000
91 
92 #define TBCR_CI           0x80000000	/* count inhibit */
93 #define TCCR_TOG          0x80000000	/* toggles when decrement to zero */
94 
95 #define IDR_EP_SHIFT      31
96 #define IDR_EP_MASK       (1 << IDR_EP_SHIFT)
97 #define IDR_CI0_SHIFT     30
98 #define IDR_CI1_SHIFT     29
99 #define IDR_P1_SHIFT      1
100 #define IDR_P0_SHIFT      0
101 
102 #define ILR_INTTGT_MASK   0x000000ff
103 #define ILR_INTTGT_INT    0x00
104 #define ILR_INTTGT_CINT   0x01	/* critical */
105 #define ILR_INTTGT_MCP    0x02	/* machine check */
106 #define NUM_OUTPUTS       3
107 
108 #define MSIIR_OFFSET       0x140
109 #define MSIIR_SRS_SHIFT    29
110 #define MSIIR_SRS_MASK     (0x7 << MSIIR_SRS_SHIFT)
111 #define MSIIR_IBS_SHIFT    24
112 #define MSIIR_IBS_MASK     (0x1f << MSIIR_IBS_SHIFT)
113 
114 static int get_current_cpu(void)
115 {
116 #if defined(CONFIG_KVM) && defined(CONFIG_BOOKE)
117 	struct kvm_vcpu *vcpu = current->thread.kvm_vcpu;
118 	return vcpu ? vcpu->arch.irq_cpu_id : -1;
119 #else
120 	/* XXX */
121 	return -1;
122 #endif
123 }
124 
125 static int openpic_cpu_write_internal(void *opaque, gpa_t addr,
126 				      u32 val, int idx);
127 static int openpic_cpu_read_internal(void *opaque, gpa_t addr,
128 				     u32 *ptr, int idx);
129 
130 enum irq_type {
131 	IRQ_TYPE_NORMAL = 0,
132 	IRQ_TYPE_FSLINT,	/* FSL internal interrupt -- level only */
133 	IRQ_TYPE_FSLSPECIAL,	/* FSL timer/IPI interrupt, edge, no polarity */
134 };
135 
136 struct irq_queue {
137 	/* Round up to the nearest 64 IRQs so that the queue length
138 	 * won't change when moving between 32 and 64 bit hosts.
139 	 */
140 	unsigned long queue[BITS_TO_LONGS((MAX_IRQ + 63) & ~63)];
141 	int next;
142 	int priority;
143 };
144 
145 struct irq_source {
146 	uint32_t ivpr;		/* IRQ vector/priority register */
147 	uint32_t idr;		/* IRQ destination register */
148 	uint32_t destmask;	/* bitmap of CPU destinations */
149 	int last_cpu;
150 	int output;		/* IRQ level, e.g. ILR_INTTGT_INT */
151 	int pending;		/* TRUE if IRQ is pending */
152 	enum irq_type type;
153 	bool level:1;		/* level-triggered */
154 	bool nomask:1;	/* critical interrupts ignore mask on some FSL MPICs */
155 };
156 
157 #define IVPR_MASK_SHIFT       31
158 #define IVPR_MASK_MASK        (1 << IVPR_MASK_SHIFT)
159 #define IVPR_ACTIVITY_SHIFT   30
160 #define IVPR_ACTIVITY_MASK    (1 << IVPR_ACTIVITY_SHIFT)
161 #define IVPR_MODE_SHIFT       29
162 #define IVPR_MODE_MASK        (1 << IVPR_MODE_SHIFT)
163 #define IVPR_POLARITY_SHIFT   23
164 #define IVPR_POLARITY_MASK    (1 << IVPR_POLARITY_SHIFT)
165 #define IVPR_SENSE_SHIFT      22
166 #define IVPR_SENSE_MASK       (1 << IVPR_SENSE_SHIFT)
167 
168 #define IVPR_PRIORITY_MASK     (0xF << 16)
169 #define IVPR_PRIORITY(_ivprr_) ((int)(((_ivprr_) & IVPR_PRIORITY_MASK) >> 16))
170 #define IVPR_VECTOR(opp, _ivprr_) ((_ivprr_) & (opp)->vector_mask)
171 
172 /* IDR[EP/CI] are only for FSL MPIC prior to v4.0 */
173 #define IDR_EP      0x80000000	/* external pin */
174 #define IDR_CI      0x40000000	/* critical interrupt */
175 
176 struct irq_dest {
177 	struct kvm_vcpu *vcpu;
178 
179 	int32_t ctpr;		/* CPU current task priority */
180 	struct irq_queue raised;
181 	struct irq_queue servicing;
182 
183 	/* Count of IRQ sources asserting on non-INT outputs */
184 	uint32_t outputs_active[NUM_OUTPUTS];
185 };
186 
187 #define MAX_MMIO_REGIONS 10
188 
189 struct openpic {
190 	struct kvm *kvm;
191 	struct kvm_device *dev;
192 	struct kvm_io_device mmio;
193 	const struct mem_reg *mmio_regions[MAX_MMIO_REGIONS];
194 	int num_mmio_regions;
195 
196 	gpa_t reg_base;
197 	spinlock_t lock;
198 
199 	/* Behavior control */
200 	struct fsl_mpic_info *fsl;
201 	uint32_t model;
202 	uint32_t flags;
203 	uint32_t nb_irqs;
204 	uint32_t vid;
205 	uint32_t vir;		/* Vendor identification register */
206 	uint32_t vector_mask;
207 	uint32_t tfrr_reset;
208 	uint32_t ivpr_reset;
209 	uint32_t idr_reset;
210 	uint32_t brr1;
211 	uint32_t mpic_mode_mask;
212 
213 	/* Global registers */
214 	uint32_t frr;		/* Feature reporting register */
215 	uint32_t gcr;		/* Global configuration register  */
216 	uint32_t pir;		/* Processor initialization register */
217 	uint32_t spve;		/* Spurious vector register */
218 	uint32_t tfrr;		/* Timer frequency reporting register */
219 	/* Source registers */
220 	struct irq_source src[MAX_IRQ];
221 	/* Local registers per output pin */
222 	struct irq_dest dst[MAX_CPU];
223 	uint32_t nb_cpus;
224 	/* Timer registers */
225 	struct {
226 		uint32_t tccr;	/* Global timer current count register */
227 		uint32_t tbcr;	/* Global timer base count register */
228 	} timers[MAX_TMR];
229 	/* Shared MSI registers */
230 	struct {
231 		uint32_t msir;	/* Shared Message Signaled Interrupt Register */
232 	} msi[MAX_MSI];
233 	uint32_t max_irq;
234 	uint32_t irq_ipi0;
235 	uint32_t irq_tim0;
236 	uint32_t irq_msi;
237 };
238 
239 
240 static void mpic_irq_raise(struct openpic *opp, struct irq_dest *dst,
241 			   int output)
242 {
243 	struct kvm_interrupt irq = {
244 		.irq = KVM_INTERRUPT_SET_LEVEL,
245 	};
246 
247 	if (!dst->vcpu) {
248 		pr_debug("%s: destination cpu %d does not exist\n",
249 			 __func__, (int)(dst - &opp->dst[0]));
250 		return;
251 	}
252 
253 	pr_debug("%s: cpu %d output %d\n", __func__, dst->vcpu->arch.irq_cpu_id,
254 		output);
255 
256 	if (output != ILR_INTTGT_INT)	/* TODO */
257 		return;
258 
259 	kvm_vcpu_ioctl_interrupt(dst->vcpu, &irq);
260 }
261 
262 static void mpic_irq_lower(struct openpic *opp, struct irq_dest *dst,
263 			   int output)
264 {
265 	if (!dst->vcpu) {
266 		pr_debug("%s: destination cpu %d does not exist\n",
267 			 __func__, (int)(dst - &opp->dst[0]));
268 		return;
269 	}
270 
271 	pr_debug("%s: cpu %d output %d\n", __func__, dst->vcpu->arch.irq_cpu_id,
272 		output);
273 
274 	if (output != ILR_INTTGT_INT)	/* TODO */
275 		return;
276 
277 	kvmppc_core_dequeue_external(dst->vcpu);
278 }
279 
280 static inline void IRQ_setbit(struct irq_queue *q, int n_IRQ)
281 {
282 	set_bit(n_IRQ, q->queue);
283 }
284 
285 static inline void IRQ_resetbit(struct irq_queue *q, int n_IRQ)
286 {
287 	clear_bit(n_IRQ, q->queue);
288 }
289 
290 static inline int IRQ_testbit(struct irq_queue *q, int n_IRQ)
291 {
292 	return test_bit(n_IRQ, q->queue);
293 }
294 
295 static void IRQ_check(struct openpic *opp, struct irq_queue *q)
296 {
297 	int irq = -1;
298 	int next = -1;
299 	int priority = -1;
300 
301 	for (;;) {
302 		irq = find_next_bit(q->queue, opp->max_irq, irq + 1);
303 		if (irq == opp->max_irq)
304 			break;
305 
306 		pr_debug("IRQ_check: irq %d set ivpr_pr=%d pr=%d\n",
307 			irq, IVPR_PRIORITY(opp->src[irq].ivpr), priority);
308 
309 		if (IVPR_PRIORITY(opp->src[irq].ivpr) > priority) {
310 			next = irq;
311 			priority = IVPR_PRIORITY(opp->src[irq].ivpr);
312 		}
313 	}
314 
315 	q->next = next;
316 	q->priority = priority;
317 }
318 
319 static int IRQ_get_next(struct openpic *opp, struct irq_queue *q)
320 {
321 	/* XXX: optimize */
322 	IRQ_check(opp, q);
323 
324 	return q->next;
325 }
326 
327 static void IRQ_local_pipe(struct openpic *opp, int n_CPU, int n_IRQ,
328 			   bool active, bool was_active)
329 {
330 	struct irq_dest *dst;
331 	struct irq_source *src;
332 	int priority;
333 
334 	dst = &opp->dst[n_CPU];
335 	src = &opp->src[n_IRQ];
336 
337 	pr_debug("%s: IRQ %d active %d was %d\n",
338 		__func__, n_IRQ, active, was_active);
339 
340 	if (src->output != ILR_INTTGT_INT) {
341 		pr_debug("%s: output %d irq %d active %d was %d count %d\n",
342 			__func__, src->output, n_IRQ, active, was_active,
343 			dst->outputs_active[src->output]);
344 
345 		/* On Freescale MPIC, critical interrupts ignore priority,
346 		 * IACK, EOI, etc.  Before MPIC v4.1 they also ignore
347 		 * masking.
348 		 */
349 		if (active) {
350 			if (!was_active &&
351 			    dst->outputs_active[src->output]++ == 0) {
352 				pr_debug("%s: Raise OpenPIC output %d cpu %d irq %d\n",
353 					__func__, src->output, n_CPU, n_IRQ);
354 				mpic_irq_raise(opp, dst, src->output);
355 			}
356 		} else {
357 			if (was_active &&
358 			    --dst->outputs_active[src->output] == 0) {
359 				pr_debug("%s: Lower OpenPIC output %d cpu %d irq %d\n",
360 					__func__, src->output, n_CPU, n_IRQ);
361 				mpic_irq_lower(opp, dst, src->output);
362 			}
363 		}
364 
365 		return;
366 	}
367 
368 	priority = IVPR_PRIORITY(src->ivpr);
369 
370 	/* Even if the interrupt doesn't have enough priority,
371 	 * it is still raised, in case ctpr is lowered later.
372 	 */
373 	if (active)
374 		IRQ_setbit(&dst->raised, n_IRQ);
375 	else
376 		IRQ_resetbit(&dst->raised, n_IRQ);
377 
378 	IRQ_check(opp, &dst->raised);
379 
380 	if (active && priority <= dst->ctpr) {
381 		pr_debug("%s: IRQ %d priority %d too low for ctpr %d on CPU %d\n",
382 			__func__, n_IRQ, priority, dst->ctpr, n_CPU);
383 		active = 0;
384 	}
385 
386 	if (active) {
387 		if (IRQ_get_next(opp, &dst->servicing) >= 0 &&
388 		    priority <= dst->servicing.priority) {
389 			pr_debug("%s: IRQ %d is hidden by servicing IRQ %d on CPU %d\n",
390 				__func__, n_IRQ, dst->servicing.next, n_CPU);
391 		} else {
392 			pr_debug("%s: Raise OpenPIC INT output cpu %d irq %d/%d\n",
393 				__func__, n_CPU, n_IRQ, dst->raised.next);
394 			mpic_irq_raise(opp, dst, ILR_INTTGT_INT);
395 		}
396 	} else {
397 		IRQ_get_next(opp, &dst->servicing);
398 		if (dst->raised.priority > dst->ctpr &&
399 		    dst->raised.priority > dst->servicing.priority) {
400 			pr_debug("%s: IRQ %d inactive, IRQ %d prio %d above %d/%d, CPU %d\n",
401 				__func__, n_IRQ, dst->raised.next,
402 				dst->raised.priority, dst->ctpr,
403 				dst->servicing.priority, n_CPU);
404 			/* IRQ line stays asserted */
405 		} else {
406 			pr_debug("%s: IRQ %d inactive, current prio %d/%d, CPU %d\n",
407 				__func__, n_IRQ, dst->ctpr,
408 				dst->servicing.priority, n_CPU);
409 			mpic_irq_lower(opp, dst, ILR_INTTGT_INT);
410 		}
411 	}
412 }
413 
414 /* update pic state because registers for n_IRQ have changed value */
415 static void openpic_update_irq(struct openpic *opp, int n_IRQ)
416 {
417 	struct irq_source *src;
418 	bool active, was_active;
419 	int i;
420 
421 	src = &opp->src[n_IRQ];
422 	active = src->pending;
423 
424 	if ((src->ivpr & IVPR_MASK_MASK) && !src->nomask) {
425 		/* Interrupt source is disabled */
426 		pr_debug("%s: IRQ %d is disabled\n", __func__, n_IRQ);
427 		active = false;
428 	}
429 
430 	was_active = !!(src->ivpr & IVPR_ACTIVITY_MASK);
431 
432 	/*
433 	 * We don't have a similar check for already-active because
434 	 * ctpr may have changed and we need to withdraw the interrupt.
435 	 */
436 	if (!active && !was_active) {
437 		pr_debug("%s: IRQ %d is already inactive\n", __func__, n_IRQ);
438 		return;
439 	}
440 
441 	if (active)
442 		src->ivpr |= IVPR_ACTIVITY_MASK;
443 	else
444 		src->ivpr &= ~IVPR_ACTIVITY_MASK;
445 
446 	if (src->destmask == 0) {
447 		/* No target */
448 		pr_debug("%s: IRQ %d has no target\n", __func__, n_IRQ);
449 		return;
450 	}
451 
452 	if (src->destmask == (1 << src->last_cpu)) {
453 		/* Only one CPU is allowed to receive this IRQ */
454 		IRQ_local_pipe(opp, src->last_cpu, n_IRQ, active, was_active);
455 	} else if (!(src->ivpr & IVPR_MODE_MASK)) {
456 		/* Directed delivery mode */
457 		for (i = 0; i < opp->nb_cpus; i++) {
458 			if (src->destmask & (1 << i)) {
459 				IRQ_local_pipe(opp, i, n_IRQ, active,
460 					       was_active);
461 			}
462 		}
463 	} else {
464 		/* Distributed delivery mode */
465 		for (i = src->last_cpu + 1; i != src->last_cpu; i++) {
466 			if (i == opp->nb_cpus)
467 				i = 0;
468 
469 			if (src->destmask & (1 << i)) {
470 				IRQ_local_pipe(opp, i, n_IRQ, active,
471 					       was_active);
472 				src->last_cpu = i;
473 				break;
474 			}
475 		}
476 	}
477 }
478 
479 static void openpic_set_irq(void *opaque, int n_IRQ, int level)
480 {
481 	struct openpic *opp = opaque;
482 	struct irq_source *src;
483 
484 	if (n_IRQ >= MAX_IRQ) {
485 		WARN_ONCE(1, "%s: IRQ %d out of range\n", __func__, n_IRQ);
486 		return;
487 	}
488 
489 	src = &opp->src[n_IRQ];
490 	pr_debug("openpic: set irq %d = %d ivpr=0x%08x\n",
491 		n_IRQ, level, src->ivpr);
492 	if (src->level) {
493 		/* level-sensitive irq */
494 		src->pending = level;
495 		openpic_update_irq(opp, n_IRQ);
496 	} else {
497 		/* edge-sensitive irq */
498 		if (level) {
499 			src->pending = 1;
500 			openpic_update_irq(opp, n_IRQ);
501 		}
502 
503 		if (src->output != ILR_INTTGT_INT) {
504 			/* Edge-triggered interrupts shouldn't be used
505 			 * with non-INT delivery, but just in case,
506 			 * try to make it do something sane rather than
507 			 * cause an interrupt storm.  This is close to
508 			 * what you'd probably see happen in real hardware.
509 			 */
510 			src->pending = 0;
511 			openpic_update_irq(opp, n_IRQ);
512 		}
513 	}
514 }
515 
516 static void openpic_reset(struct openpic *opp)
517 {
518 	int i;
519 
520 	opp->gcr = GCR_RESET;
521 	/* Initialise controller registers */
522 	opp->frr = ((opp->nb_irqs - 1) << FRR_NIRQ_SHIFT) |
523 	    (opp->vid << FRR_VID_SHIFT);
524 
525 	opp->pir = 0;
526 	opp->spve = -1 & opp->vector_mask;
527 	opp->tfrr = opp->tfrr_reset;
528 	/* Initialise IRQ sources */
529 	for (i = 0; i < opp->max_irq; i++) {
530 		opp->src[i].ivpr = opp->ivpr_reset;
531 		opp->src[i].idr = opp->idr_reset;
532 
533 		switch (opp->src[i].type) {
534 		case IRQ_TYPE_NORMAL:
535 			opp->src[i].level =
536 			    !!(opp->ivpr_reset & IVPR_SENSE_MASK);
537 			break;
538 
539 		case IRQ_TYPE_FSLINT:
540 			opp->src[i].ivpr |= IVPR_POLARITY_MASK;
541 			break;
542 
543 		case IRQ_TYPE_FSLSPECIAL:
544 			break;
545 		}
546 	}
547 	/* Initialise IRQ destinations */
548 	for (i = 0; i < MAX_CPU; i++) {
549 		opp->dst[i].ctpr = 15;
550 		memset(&opp->dst[i].raised, 0, sizeof(struct irq_queue));
551 		opp->dst[i].raised.next = -1;
552 		memset(&opp->dst[i].servicing, 0, sizeof(struct irq_queue));
553 		opp->dst[i].servicing.next = -1;
554 	}
555 	/* Initialise timers */
556 	for (i = 0; i < MAX_TMR; i++) {
557 		opp->timers[i].tccr = 0;
558 		opp->timers[i].tbcr = TBCR_CI;
559 	}
560 	/* Go out of RESET state */
561 	opp->gcr = 0;
562 }
563 
564 static inline uint32_t read_IRQreg_idr(struct openpic *opp, int n_IRQ)
565 {
566 	return opp->src[n_IRQ].idr;
567 }
568 
569 static inline uint32_t read_IRQreg_ilr(struct openpic *opp, int n_IRQ)
570 {
571 	if (opp->flags & OPENPIC_FLAG_ILR)
572 		return opp->src[n_IRQ].output;
573 
574 	return 0xffffffff;
575 }
576 
577 static inline uint32_t read_IRQreg_ivpr(struct openpic *opp, int n_IRQ)
578 {
579 	return opp->src[n_IRQ].ivpr;
580 }
581 
582 static inline void write_IRQreg_idr(struct openpic *opp, int n_IRQ,
583 				    uint32_t val)
584 {
585 	struct irq_source *src = &opp->src[n_IRQ];
586 	uint32_t normal_mask = (1UL << opp->nb_cpus) - 1;
587 	uint32_t crit_mask = 0;
588 	uint32_t mask = normal_mask;
589 	int crit_shift = IDR_EP_SHIFT - opp->nb_cpus;
590 	int i;
591 
592 	if (opp->flags & OPENPIC_FLAG_IDR_CRIT) {
593 		crit_mask = mask << crit_shift;
594 		mask |= crit_mask | IDR_EP;
595 	}
596 
597 	src->idr = val & mask;
598 	pr_debug("Set IDR %d to 0x%08x\n", n_IRQ, src->idr);
599 
600 	if (opp->flags & OPENPIC_FLAG_IDR_CRIT) {
601 		if (src->idr & crit_mask) {
602 			if (src->idr & normal_mask) {
603 				pr_debug("%s: IRQ configured for multiple output types, using critical\n",
604 					__func__);
605 			}
606 
607 			src->output = ILR_INTTGT_CINT;
608 			src->nomask = true;
609 			src->destmask = 0;
610 
611 			for (i = 0; i < opp->nb_cpus; i++) {
612 				int n_ci = IDR_CI0_SHIFT - i;
613 
614 				if (src->idr & (1UL << n_ci))
615 					src->destmask |= 1UL << i;
616 			}
617 		} else {
618 			src->output = ILR_INTTGT_INT;
619 			src->nomask = false;
620 			src->destmask = src->idr & normal_mask;
621 		}
622 	} else {
623 		src->destmask = src->idr;
624 	}
625 }
626 
627 static inline void write_IRQreg_ilr(struct openpic *opp, int n_IRQ,
628 				    uint32_t val)
629 {
630 	if (opp->flags & OPENPIC_FLAG_ILR) {
631 		struct irq_source *src = &opp->src[n_IRQ];
632 
633 		src->output = val & ILR_INTTGT_MASK;
634 		pr_debug("Set ILR %d to 0x%08x, output %d\n", n_IRQ, src->idr,
635 			src->output);
636 
637 		/* TODO: on MPIC v4.0 only, set nomask for non-INT */
638 	}
639 }
640 
641 static inline void write_IRQreg_ivpr(struct openpic *opp, int n_IRQ,
642 				     uint32_t val)
643 {
644 	uint32_t mask;
645 
646 	/* NOTE when implementing newer FSL MPIC models: starting with v4.0,
647 	 * the polarity bit is read-only on internal interrupts.
648 	 */
649 	mask = IVPR_MASK_MASK | IVPR_PRIORITY_MASK | IVPR_SENSE_MASK |
650 	    IVPR_POLARITY_MASK | opp->vector_mask;
651 
652 	/* ACTIVITY bit is read-only */
653 	opp->src[n_IRQ].ivpr =
654 	    (opp->src[n_IRQ].ivpr & IVPR_ACTIVITY_MASK) | (val & mask);
655 
656 	/* For FSL internal interrupts, The sense bit is reserved and zero,
657 	 * and the interrupt is always level-triggered.  Timers and IPIs
658 	 * have no sense or polarity bits, and are edge-triggered.
659 	 */
660 	switch (opp->src[n_IRQ].type) {
661 	case IRQ_TYPE_NORMAL:
662 		opp->src[n_IRQ].level =
663 		    !!(opp->src[n_IRQ].ivpr & IVPR_SENSE_MASK);
664 		break;
665 
666 	case IRQ_TYPE_FSLINT:
667 		opp->src[n_IRQ].ivpr &= ~IVPR_SENSE_MASK;
668 		break;
669 
670 	case IRQ_TYPE_FSLSPECIAL:
671 		opp->src[n_IRQ].ivpr &= ~(IVPR_POLARITY_MASK | IVPR_SENSE_MASK);
672 		break;
673 	}
674 
675 	openpic_update_irq(opp, n_IRQ);
676 	pr_debug("Set IVPR %d to 0x%08x -> 0x%08x\n", n_IRQ, val,
677 		opp->src[n_IRQ].ivpr);
678 }
679 
680 static void openpic_gcr_write(struct openpic *opp, uint64_t val)
681 {
682 	if (val & GCR_RESET) {
683 		openpic_reset(opp);
684 		return;
685 	}
686 
687 	opp->gcr &= ~opp->mpic_mode_mask;
688 	opp->gcr |= val & opp->mpic_mode_mask;
689 }
690 
691 static int openpic_gbl_write(void *opaque, gpa_t addr, u32 val)
692 {
693 	struct openpic *opp = opaque;
694 	int err = 0;
695 
696 	pr_debug("%s: addr %#llx <= %08x\n", __func__, addr, val);
697 	if (addr & 0xF)
698 		return 0;
699 
700 	switch (addr) {
701 	case 0x00:	/* Block Revision Register1 (BRR1) is Readonly */
702 		break;
703 	case 0x40:
704 	case 0x50:
705 	case 0x60:
706 	case 0x70:
707 	case 0x80:
708 	case 0x90:
709 	case 0xA0:
710 	case 0xB0:
711 		err = openpic_cpu_write_internal(opp, addr, val,
712 						 get_current_cpu());
713 		break;
714 	case 0x1000:		/* FRR */
715 		break;
716 	case 0x1020:		/* GCR */
717 		openpic_gcr_write(opp, val);
718 		break;
719 	case 0x1080:		/* VIR */
720 		break;
721 	case 0x1090:		/* PIR */
722 		/*
723 		 * This register is used to reset a CPU core --
724 		 * let userspace handle it.
725 		 */
726 		err = -ENXIO;
727 		break;
728 	case 0x10A0:		/* IPI_IVPR */
729 	case 0x10B0:
730 	case 0x10C0:
731 	case 0x10D0: {
732 		int idx;
733 		idx = (addr - 0x10A0) >> 4;
734 		write_IRQreg_ivpr(opp, opp->irq_ipi0 + idx, val);
735 		break;
736 	}
737 	case 0x10E0:		/* SPVE */
738 		opp->spve = val & opp->vector_mask;
739 		break;
740 	default:
741 		break;
742 	}
743 
744 	return err;
745 }
746 
747 static int openpic_gbl_read(void *opaque, gpa_t addr, u32 *ptr)
748 {
749 	struct openpic *opp = opaque;
750 	u32 retval;
751 	int err = 0;
752 
753 	pr_debug("%s: addr %#llx\n", __func__, addr);
754 	retval = 0xFFFFFFFF;
755 	if (addr & 0xF)
756 		goto out;
757 
758 	switch (addr) {
759 	case 0x1000:		/* FRR */
760 		retval = opp->frr;
761 		retval |= (opp->nb_cpus - 1) << FRR_NCPU_SHIFT;
762 		break;
763 	case 0x1020:		/* GCR */
764 		retval = opp->gcr;
765 		break;
766 	case 0x1080:		/* VIR */
767 		retval = opp->vir;
768 		break;
769 	case 0x1090:		/* PIR */
770 		retval = 0x00000000;
771 		break;
772 	case 0x00:		/* Block Revision Register1 (BRR1) */
773 		retval = opp->brr1;
774 		break;
775 	case 0x40:
776 	case 0x50:
777 	case 0x60:
778 	case 0x70:
779 	case 0x80:
780 	case 0x90:
781 	case 0xA0:
782 	case 0xB0:
783 		err = openpic_cpu_read_internal(opp, addr,
784 			&retval, get_current_cpu());
785 		break;
786 	case 0x10A0:		/* IPI_IVPR */
787 	case 0x10B0:
788 	case 0x10C0:
789 	case 0x10D0:
790 		{
791 			int idx;
792 			idx = (addr - 0x10A0) >> 4;
793 			retval = read_IRQreg_ivpr(opp, opp->irq_ipi0 + idx);
794 		}
795 		break;
796 	case 0x10E0:		/* SPVE */
797 		retval = opp->spve;
798 		break;
799 	default:
800 		break;
801 	}
802 
803 out:
804 	pr_debug("%s: => 0x%08x\n", __func__, retval);
805 	*ptr = retval;
806 	return err;
807 }
808 
809 static int openpic_tmr_write(void *opaque, gpa_t addr, u32 val)
810 {
811 	struct openpic *opp = opaque;
812 	int idx;
813 
814 	addr += 0x10f0;
815 
816 	pr_debug("%s: addr %#llx <= %08x\n", __func__, addr, val);
817 	if (addr & 0xF)
818 		return 0;
819 
820 	if (addr == 0x10f0) {
821 		/* TFRR */
822 		opp->tfrr = val;
823 		return 0;
824 	}
825 
826 	idx = (addr >> 6) & 0x3;
827 	addr = addr & 0x30;
828 
829 	switch (addr & 0x30) {
830 	case 0x00:		/* TCCR */
831 		break;
832 	case 0x10:		/* TBCR */
833 		if ((opp->timers[idx].tccr & TCCR_TOG) != 0 &&
834 		    (val & TBCR_CI) == 0 &&
835 		    (opp->timers[idx].tbcr & TBCR_CI) != 0)
836 			opp->timers[idx].tccr &= ~TCCR_TOG;
837 
838 		opp->timers[idx].tbcr = val;
839 		break;
840 	case 0x20:		/* TVPR */
841 		write_IRQreg_ivpr(opp, opp->irq_tim0 + idx, val);
842 		break;
843 	case 0x30:		/* TDR */
844 		write_IRQreg_idr(opp, opp->irq_tim0 + idx, val);
845 		break;
846 	}
847 
848 	return 0;
849 }
850 
851 static int openpic_tmr_read(void *opaque, gpa_t addr, u32 *ptr)
852 {
853 	struct openpic *opp = opaque;
854 	uint32_t retval = -1;
855 	int idx;
856 
857 	pr_debug("%s: addr %#llx\n", __func__, addr);
858 	if (addr & 0xF)
859 		goto out;
860 
861 	idx = (addr >> 6) & 0x3;
862 	if (addr == 0x0) {
863 		/* TFRR */
864 		retval = opp->tfrr;
865 		goto out;
866 	}
867 
868 	switch (addr & 0x30) {
869 	case 0x00:		/* TCCR */
870 		retval = opp->timers[idx].tccr;
871 		break;
872 	case 0x10:		/* TBCR */
873 		retval = opp->timers[idx].tbcr;
874 		break;
875 	case 0x20:		/* TIPV */
876 		retval = read_IRQreg_ivpr(opp, opp->irq_tim0 + idx);
877 		break;
878 	case 0x30:		/* TIDE (TIDR) */
879 		retval = read_IRQreg_idr(opp, opp->irq_tim0 + idx);
880 		break;
881 	}
882 
883 out:
884 	pr_debug("%s: => 0x%08x\n", __func__, retval);
885 	*ptr = retval;
886 	return 0;
887 }
888 
889 static int openpic_src_write(void *opaque, gpa_t addr, u32 val)
890 {
891 	struct openpic *opp = opaque;
892 	int idx;
893 
894 	pr_debug("%s: addr %#llx <= %08x\n", __func__, addr, val);
895 
896 	addr = addr & 0xffff;
897 	idx = addr >> 5;
898 
899 	switch (addr & 0x1f) {
900 	case 0x00:
901 		write_IRQreg_ivpr(opp, idx, val);
902 		break;
903 	case 0x10:
904 		write_IRQreg_idr(opp, idx, val);
905 		break;
906 	case 0x18:
907 		write_IRQreg_ilr(opp, idx, val);
908 		break;
909 	}
910 
911 	return 0;
912 }
913 
914 static int openpic_src_read(void *opaque, gpa_t addr, u32 *ptr)
915 {
916 	struct openpic *opp = opaque;
917 	uint32_t retval;
918 	int idx;
919 
920 	pr_debug("%s: addr %#llx\n", __func__, addr);
921 	retval = 0xFFFFFFFF;
922 
923 	addr = addr & 0xffff;
924 	idx = addr >> 5;
925 
926 	switch (addr & 0x1f) {
927 	case 0x00:
928 		retval = read_IRQreg_ivpr(opp, idx);
929 		break;
930 	case 0x10:
931 		retval = read_IRQreg_idr(opp, idx);
932 		break;
933 	case 0x18:
934 		retval = read_IRQreg_ilr(opp, idx);
935 		break;
936 	}
937 
938 	pr_debug("%s: => 0x%08x\n", __func__, retval);
939 	*ptr = retval;
940 	return 0;
941 }
942 
943 static int openpic_msi_write(void *opaque, gpa_t addr, u32 val)
944 {
945 	struct openpic *opp = opaque;
946 	int idx = opp->irq_msi;
947 	int srs, ibs;
948 
949 	pr_debug("%s: addr %#llx <= 0x%08x\n", __func__, addr, val);
950 	if (addr & 0xF)
951 		return 0;
952 
953 	switch (addr) {
954 	case MSIIR_OFFSET:
955 		srs = val >> MSIIR_SRS_SHIFT;
956 		idx += srs;
957 		ibs = (val & MSIIR_IBS_MASK) >> MSIIR_IBS_SHIFT;
958 		opp->msi[srs].msir |= 1 << ibs;
959 		openpic_set_irq(opp, idx, 1);
960 		break;
961 	default:
962 		/* most registers are read-only, thus ignored */
963 		break;
964 	}
965 
966 	return 0;
967 }
968 
969 static int openpic_msi_read(void *opaque, gpa_t addr, u32 *ptr)
970 {
971 	struct openpic *opp = opaque;
972 	uint32_t r = 0;
973 	int i, srs;
974 
975 	pr_debug("%s: addr %#llx\n", __func__, addr);
976 	if (addr & 0xF)
977 		return -ENXIO;
978 
979 	srs = addr >> 4;
980 
981 	switch (addr) {
982 	case 0x00:
983 	case 0x10:
984 	case 0x20:
985 	case 0x30:
986 	case 0x40:
987 	case 0x50:
988 	case 0x60:
989 	case 0x70:		/* MSIRs */
990 		r = opp->msi[srs].msir;
991 		/* Clear on read */
992 		opp->msi[srs].msir = 0;
993 		openpic_set_irq(opp, opp->irq_msi + srs, 0);
994 		break;
995 	case 0x120:		/* MSISR */
996 		for (i = 0; i < MAX_MSI; i++)
997 			r |= (opp->msi[i].msir ? 1 : 0) << i;
998 		break;
999 	}
1000 
1001 	pr_debug("%s: => 0x%08x\n", __func__, r);
1002 	*ptr = r;
1003 	return 0;
1004 }
1005 
1006 static int openpic_summary_read(void *opaque, gpa_t addr, u32 *ptr)
1007 {
1008 	uint32_t r = 0;
1009 
1010 	pr_debug("%s: addr %#llx\n", __func__, addr);
1011 
1012 	/* TODO: EISR/EIMR */
1013 
1014 	*ptr = r;
1015 	return 0;
1016 }
1017 
1018 static int openpic_summary_write(void *opaque, gpa_t addr, u32 val)
1019 {
1020 	pr_debug("%s: addr %#llx <= 0x%08x\n", __func__, addr, val);
1021 
1022 	/* TODO: EISR/EIMR */
1023 	return 0;
1024 }
1025 
1026 static int openpic_cpu_write_internal(void *opaque, gpa_t addr,
1027 				      u32 val, int idx)
1028 {
1029 	struct openpic *opp = opaque;
1030 	struct irq_source *src;
1031 	struct irq_dest *dst;
1032 	int s_IRQ, n_IRQ;
1033 
1034 	pr_debug("%s: cpu %d addr %#llx <= 0x%08x\n", __func__, idx,
1035 		addr, val);
1036 
1037 	if (idx < 0)
1038 		return 0;
1039 
1040 	if (addr & 0xF)
1041 		return 0;
1042 
1043 	dst = &opp->dst[idx];
1044 	addr &= 0xFF0;
1045 	switch (addr) {
1046 	case 0x40:		/* IPIDR */
1047 	case 0x50:
1048 	case 0x60:
1049 	case 0x70:
1050 		idx = (addr - 0x40) >> 4;
1051 		/* we use IDE as mask which CPUs to deliver the IPI to still. */
1052 		opp->src[opp->irq_ipi0 + idx].destmask |= val;
1053 		openpic_set_irq(opp, opp->irq_ipi0 + idx, 1);
1054 		openpic_set_irq(opp, opp->irq_ipi0 + idx, 0);
1055 		break;
1056 	case 0x80:		/* CTPR */
1057 		dst->ctpr = val & 0x0000000F;
1058 
1059 		pr_debug("%s: set CPU %d ctpr to %d, raised %d servicing %d\n",
1060 			__func__, idx, dst->ctpr, dst->raised.priority,
1061 			dst->servicing.priority);
1062 
1063 		if (dst->raised.priority <= dst->ctpr) {
1064 			pr_debug("%s: Lower OpenPIC INT output cpu %d due to ctpr\n",
1065 				__func__, idx);
1066 			mpic_irq_lower(opp, dst, ILR_INTTGT_INT);
1067 		} else if (dst->raised.priority > dst->servicing.priority) {
1068 			pr_debug("%s: Raise OpenPIC INT output cpu %d irq %d\n",
1069 				__func__, idx, dst->raised.next);
1070 			mpic_irq_raise(opp, dst, ILR_INTTGT_INT);
1071 		}
1072 
1073 		break;
1074 	case 0x90:		/* WHOAMI */
1075 		/* Read-only register */
1076 		break;
1077 	case 0xA0:		/* IACK */
1078 		/* Read-only register */
1079 		break;
1080 	case 0xB0: {		/* EOI */
1081 		int notify_eoi;
1082 
1083 		pr_debug("EOI\n");
1084 		s_IRQ = IRQ_get_next(opp, &dst->servicing);
1085 
1086 		if (s_IRQ < 0) {
1087 			pr_debug("%s: EOI with no interrupt in service\n",
1088 				__func__);
1089 			break;
1090 		}
1091 
1092 		IRQ_resetbit(&dst->servicing, s_IRQ);
1093 		/* Notify listeners that the IRQ is over */
1094 		notify_eoi = s_IRQ;
1095 		/* Set up next servicing IRQ */
1096 		s_IRQ = IRQ_get_next(opp, &dst->servicing);
1097 		/* Check queued interrupts. */
1098 		n_IRQ = IRQ_get_next(opp, &dst->raised);
1099 		src = &opp->src[n_IRQ];
1100 		if (n_IRQ != -1 &&
1101 		    (s_IRQ == -1 ||
1102 		     IVPR_PRIORITY(src->ivpr) > dst->servicing.priority)) {
1103 			pr_debug("Raise OpenPIC INT output cpu %d irq %d\n",
1104 				idx, n_IRQ);
1105 			mpic_irq_raise(opp, dst, ILR_INTTGT_INT);
1106 		}
1107 
1108 		spin_unlock(&opp->lock);
1109 		kvm_notify_acked_irq(opp->kvm, 0, notify_eoi);
1110 		spin_lock(&opp->lock);
1111 
1112 		break;
1113 	}
1114 	default:
1115 		break;
1116 	}
1117 
1118 	return 0;
1119 }
1120 
1121 static int openpic_cpu_write(void *opaque, gpa_t addr, u32 val)
1122 {
1123 	struct openpic *opp = opaque;
1124 
1125 	return openpic_cpu_write_internal(opp, addr, val,
1126 					 (addr & 0x1f000) >> 12);
1127 }
1128 
1129 static uint32_t openpic_iack(struct openpic *opp, struct irq_dest *dst,
1130 			     int cpu)
1131 {
1132 	struct irq_source *src;
1133 	int retval, irq;
1134 
1135 	pr_debug("Lower OpenPIC INT output\n");
1136 	mpic_irq_lower(opp, dst, ILR_INTTGT_INT);
1137 
1138 	irq = IRQ_get_next(opp, &dst->raised);
1139 	pr_debug("IACK: irq=%d\n", irq);
1140 
1141 	if (irq == -1)
1142 		/* No more interrupt pending */
1143 		return opp->spve;
1144 
1145 	src = &opp->src[irq];
1146 	if (!(src->ivpr & IVPR_ACTIVITY_MASK) ||
1147 	    !(IVPR_PRIORITY(src->ivpr) > dst->ctpr)) {
1148 		pr_err("%s: bad raised IRQ %d ctpr %d ivpr 0x%08x\n",
1149 			__func__, irq, dst->ctpr, src->ivpr);
1150 		openpic_update_irq(opp, irq);
1151 		retval = opp->spve;
1152 	} else {
1153 		/* IRQ enter servicing state */
1154 		IRQ_setbit(&dst->servicing, irq);
1155 		retval = IVPR_VECTOR(opp, src->ivpr);
1156 	}
1157 
1158 	if (!src->level) {
1159 		/* edge-sensitive IRQ */
1160 		src->ivpr &= ~IVPR_ACTIVITY_MASK;
1161 		src->pending = 0;
1162 		IRQ_resetbit(&dst->raised, irq);
1163 	}
1164 
1165 	if ((irq >= opp->irq_ipi0) && (irq < (opp->irq_ipi0 + MAX_IPI))) {
1166 		src->destmask &= ~(1 << cpu);
1167 		if (src->destmask && !src->level) {
1168 			/* trigger on CPUs that didn't know about it yet */
1169 			openpic_set_irq(opp, irq, 1);
1170 			openpic_set_irq(opp, irq, 0);
1171 			/* if all CPUs knew about it, set active bit again */
1172 			src->ivpr |= IVPR_ACTIVITY_MASK;
1173 		}
1174 	}
1175 
1176 	return retval;
1177 }
1178 
1179 void kvmppc_mpic_set_epr(struct kvm_vcpu *vcpu)
1180 {
1181 	struct openpic *opp = vcpu->arch.mpic;
1182 	int cpu = vcpu->arch.irq_cpu_id;
1183 	unsigned long flags;
1184 
1185 	spin_lock_irqsave(&opp->lock, flags);
1186 
1187 	if ((opp->gcr & opp->mpic_mode_mask) == GCR_MODE_PROXY)
1188 		kvmppc_set_epr(vcpu, openpic_iack(opp, &opp->dst[cpu], cpu));
1189 
1190 	spin_unlock_irqrestore(&opp->lock, flags);
1191 }
1192 
1193 static int openpic_cpu_read_internal(void *opaque, gpa_t addr,
1194 				     u32 *ptr, int idx)
1195 {
1196 	struct openpic *opp = opaque;
1197 	struct irq_dest *dst;
1198 	uint32_t retval;
1199 
1200 	pr_debug("%s: cpu %d addr %#llx\n", __func__, idx, addr);
1201 	retval = 0xFFFFFFFF;
1202 
1203 	if (idx < 0)
1204 		goto out;
1205 
1206 	if (addr & 0xF)
1207 		goto out;
1208 
1209 	dst = &opp->dst[idx];
1210 	addr &= 0xFF0;
1211 	switch (addr) {
1212 	case 0x80:		/* CTPR */
1213 		retval = dst->ctpr;
1214 		break;
1215 	case 0x90:		/* WHOAMI */
1216 		retval = idx;
1217 		break;
1218 	case 0xA0:		/* IACK */
1219 		retval = openpic_iack(opp, dst, idx);
1220 		break;
1221 	case 0xB0:		/* EOI */
1222 		retval = 0;
1223 		break;
1224 	default:
1225 		break;
1226 	}
1227 	pr_debug("%s: => 0x%08x\n", __func__, retval);
1228 
1229 out:
1230 	*ptr = retval;
1231 	return 0;
1232 }
1233 
1234 static int openpic_cpu_read(void *opaque, gpa_t addr, u32 *ptr)
1235 {
1236 	struct openpic *opp = opaque;
1237 
1238 	return openpic_cpu_read_internal(opp, addr, ptr,
1239 					 (addr & 0x1f000) >> 12);
1240 }
1241 
1242 struct mem_reg {
1243 	int (*read)(void *opaque, gpa_t addr, u32 *ptr);
1244 	int (*write)(void *opaque, gpa_t addr, u32 val);
1245 	gpa_t start_addr;
1246 	int size;
1247 };
1248 
1249 static const struct mem_reg openpic_gbl_mmio = {
1250 	.write = openpic_gbl_write,
1251 	.read = openpic_gbl_read,
1252 	.start_addr = OPENPIC_GLB_REG_START,
1253 	.size = OPENPIC_GLB_REG_SIZE,
1254 };
1255 
1256 static const struct mem_reg openpic_tmr_mmio = {
1257 	.write = openpic_tmr_write,
1258 	.read = openpic_tmr_read,
1259 	.start_addr = OPENPIC_TMR_REG_START,
1260 	.size = OPENPIC_TMR_REG_SIZE,
1261 };
1262 
1263 static const struct mem_reg openpic_cpu_mmio = {
1264 	.write = openpic_cpu_write,
1265 	.read = openpic_cpu_read,
1266 	.start_addr = OPENPIC_CPU_REG_START,
1267 	.size = OPENPIC_CPU_REG_SIZE,
1268 };
1269 
1270 static const struct mem_reg openpic_src_mmio = {
1271 	.write = openpic_src_write,
1272 	.read = openpic_src_read,
1273 	.start_addr = OPENPIC_SRC_REG_START,
1274 	.size = OPENPIC_SRC_REG_SIZE,
1275 };
1276 
1277 static const struct mem_reg openpic_msi_mmio = {
1278 	.read = openpic_msi_read,
1279 	.write = openpic_msi_write,
1280 	.start_addr = OPENPIC_MSI_REG_START,
1281 	.size = OPENPIC_MSI_REG_SIZE,
1282 };
1283 
1284 static const struct mem_reg openpic_summary_mmio = {
1285 	.read = openpic_summary_read,
1286 	.write = openpic_summary_write,
1287 	.start_addr = OPENPIC_SUMMARY_REG_START,
1288 	.size = OPENPIC_SUMMARY_REG_SIZE,
1289 };
1290 
1291 static void add_mmio_region(struct openpic *opp, const struct mem_reg *mr)
1292 {
1293 	if (opp->num_mmio_regions >= MAX_MMIO_REGIONS) {
1294 		WARN(1, "kvm mpic: too many mmio regions\n");
1295 		return;
1296 	}
1297 
1298 	opp->mmio_regions[opp->num_mmio_regions++] = mr;
1299 }
1300 
1301 static void fsl_common_init(struct openpic *opp)
1302 {
1303 	int i;
1304 	int virq = MAX_SRC;
1305 
1306 	add_mmio_region(opp, &openpic_msi_mmio);
1307 	add_mmio_region(opp, &openpic_summary_mmio);
1308 
1309 	opp->vid = VID_REVISION_1_2;
1310 	opp->vir = VIR_GENERIC;
1311 	opp->vector_mask = 0xFFFF;
1312 	opp->tfrr_reset = 0;
1313 	opp->ivpr_reset = IVPR_MASK_MASK;
1314 	opp->idr_reset = 1 << 0;
1315 	opp->max_irq = MAX_IRQ;
1316 
1317 	opp->irq_ipi0 = virq;
1318 	virq += MAX_IPI;
1319 	opp->irq_tim0 = virq;
1320 	virq += MAX_TMR;
1321 
1322 	BUG_ON(virq > MAX_IRQ);
1323 
1324 	opp->irq_msi = 224;
1325 
1326 	for (i = 0; i < opp->fsl->max_ext; i++)
1327 		opp->src[i].level = false;
1328 
1329 	/* Internal interrupts, including message and MSI */
1330 	for (i = 16; i < MAX_SRC; i++) {
1331 		opp->src[i].type = IRQ_TYPE_FSLINT;
1332 		opp->src[i].level = true;
1333 	}
1334 
1335 	/* timers and IPIs */
1336 	for (i = MAX_SRC; i < virq; i++) {
1337 		opp->src[i].type = IRQ_TYPE_FSLSPECIAL;
1338 		opp->src[i].level = false;
1339 	}
1340 }
1341 
1342 static int kvm_mpic_read_internal(struct openpic *opp, gpa_t addr, u32 *ptr)
1343 {
1344 	int i;
1345 
1346 	for (i = 0; i < opp->num_mmio_regions; i++) {
1347 		const struct mem_reg *mr = opp->mmio_regions[i];
1348 
1349 		if (mr->start_addr > addr || addr >= mr->start_addr + mr->size)
1350 			continue;
1351 
1352 		return mr->read(opp, addr - mr->start_addr, ptr);
1353 	}
1354 
1355 	return -ENXIO;
1356 }
1357 
1358 static int kvm_mpic_write_internal(struct openpic *opp, gpa_t addr, u32 val)
1359 {
1360 	int i;
1361 
1362 	for (i = 0; i < opp->num_mmio_regions; i++) {
1363 		const struct mem_reg *mr = opp->mmio_regions[i];
1364 
1365 		if (mr->start_addr > addr || addr >= mr->start_addr + mr->size)
1366 			continue;
1367 
1368 		return mr->write(opp, addr - mr->start_addr, val);
1369 	}
1370 
1371 	return -ENXIO;
1372 }
1373 
1374 static int kvm_mpic_read(struct kvm_io_device *this, gpa_t addr,
1375 			 int len, void *ptr)
1376 {
1377 	struct openpic *opp = container_of(this, struct openpic, mmio);
1378 	int ret;
1379 	union {
1380 		u32 val;
1381 		u8 bytes[4];
1382 	} u;
1383 
1384 	if (addr & (len - 1)) {
1385 		pr_debug("%s: bad alignment %llx/%d\n",
1386 			 __func__, addr, len);
1387 		return -EINVAL;
1388 	}
1389 
1390 	spin_lock_irq(&opp->lock);
1391 	ret = kvm_mpic_read_internal(opp, addr - opp->reg_base, &u.val);
1392 	spin_unlock_irq(&opp->lock);
1393 
1394 	/*
1395 	 * Technically only 32-bit accesses are allowed, but be nice to
1396 	 * people dumping registers a byte at a time -- it works in real
1397 	 * hardware (reads only, not writes).
1398 	 */
1399 	if (len == 4) {
1400 		*(u32 *)ptr = u.val;
1401 		pr_debug("%s: addr %llx ret %d len 4 val %x\n",
1402 			 __func__, addr, ret, u.val);
1403 	} else if (len == 1) {
1404 		*(u8 *)ptr = u.bytes[addr & 3];
1405 		pr_debug("%s: addr %llx ret %d len 1 val %x\n",
1406 			 __func__, addr, ret, u.bytes[addr & 3]);
1407 	} else {
1408 		pr_debug("%s: bad length %d\n", __func__, len);
1409 		return -EINVAL;
1410 	}
1411 
1412 	return ret;
1413 }
1414 
1415 static int kvm_mpic_write(struct kvm_io_device *this, gpa_t addr,
1416 			  int len, const void *ptr)
1417 {
1418 	struct openpic *opp = container_of(this, struct openpic, mmio);
1419 	int ret;
1420 
1421 	if (len != 4) {
1422 		pr_debug("%s: bad length %d\n", __func__, len);
1423 		return -EOPNOTSUPP;
1424 	}
1425 	if (addr & 3) {
1426 		pr_debug("%s: bad alignment %llx/%d\n", __func__, addr, len);
1427 		return -EOPNOTSUPP;
1428 	}
1429 
1430 	spin_lock_irq(&opp->lock);
1431 	ret = kvm_mpic_write_internal(opp, addr - opp->reg_base,
1432 				      *(const u32 *)ptr);
1433 	spin_unlock_irq(&opp->lock);
1434 
1435 	pr_debug("%s: addr %llx ret %d val %x\n",
1436 		 __func__, addr, ret, *(const u32 *)ptr);
1437 
1438 	return ret;
1439 }
1440 
1441 static const struct kvm_io_device_ops mpic_mmio_ops = {
1442 	.read = kvm_mpic_read,
1443 	.write = kvm_mpic_write,
1444 };
1445 
1446 static void map_mmio(struct openpic *opp)
1447 {
1448 	kvm_iodevice_init(&opp->mmio, &mpic_mmio_ops);
1449 
1450 	kvm_io_bus_register_dev(opp->kvm, KVM_MMIO_BUS,
1451 				opp->reg_base, OPENPIC_REG_SIZE,
1452 				&opp->mmio);
1453 }
1454 
1455 static void unmap_mmio(struct openpic *opp)
1456 {
1457 	kvm_io_bus_unregister_dev(opp->kvm, KVM_MMIO_BUS, &opp->mmio);
1458 }
1459 
1460 static int set_base_addr(struct openpic *opp, struct kvm_device_attr *attr)
1461 {
1462 	u64 base;
1463 
1464 	if (copy_from_user(&base, (u64 __user *)(long)attr->addr, sizeof(u64)))
1465 		return -EFAULT;
1466 
1467 	if (base & 0x3ffff) {
1468 		pr_debug("kvm mpic %s: KVM_DEV_MPIC_BASE_ADDR %08llx not aligned\n",
1469 			 __func__, base);
1470 		return -EINVAL;
1471 	}
1472 
1473 	if (base == opp->reg_base)
1474 		return 0;
1475 
1476 	mutex_lock(&opp->kvm->slots_lock);
1477 
1478 	unmap_mmio(opp);
1479 	opp->reg_base = base;
1480 
1481 	pr_debug("kvm mpic %s: KVM_DEV_MPIC_BASE_ADDR %08llx\n",
1482 		 __func__, base);
1483 
1484 	if (base == 0)
1485 		goto out;
1486 
1487 	map_mmio(opp);
1488 
1489 out:
1490 	mutex_unlock(&opp->kvm->slots_lock);
1491 	return 0;
1492 }
1493 
1494 #define ATTR_SET		0
1495 #define ATTR_GET		1
1496 
1497 static int access_reg(struct openpic *opp, gpa_t addr, u32 *val, int type)
1498 {
1499 	int ret;
1500 
1501 	if (addr & 3)
1502 		return -ENXIO;
1503 
1504 	spin_lock_irq(&opp->lock);
1505 
1506 	if (type == ATTR_SET)
1507 		ret = kvm_mpic_write_internal(opp, addr, *val);
1508 	else
1509 		ret = kvm_mpic_read_internal(opp, addr, val);
1510 
1511 	spin_unlock_irq(&opp->lock);
1512 
1513 	pr_debug("%s: type %d addr %llx val %x\n", __func__, type, addr, *val);
1514 
1515 	return ret;
1516 }
1517 
1518 static int mpic_set_attr(struct kvm_device *dev, struct kvm_device_attr *attr)
1519 {
1520 	struct openpic *opp = dev->private;
1521 	u32 attr32;
1522 
1523 	switch (attr->group) {
1524 	case KVM_DEV_MPIC_GRP_MISC:
1525 		switch (attr->attr) {
1526 		case KVM_DEV_MPIC_BASE_ADDR:
1527 			return set_base_addr(opp, attr);
1528 		}
1529 
1530 		break;
1531 
1532 	case KVM_DEV_MPIC_GRP_REGISTER:
1533 		if (get_user(attr32, (u32 __user *)(long)attr->addr))
1534 			return -EFAULT;
1535 
1536 		return access_reg(opp, attr->attr, &attr32, ATTR_SET);
1537 
1538 	case KVM_DEV_MPIC_GRP_IRQ_ACTIVE:
1539 		if (attr->attr > MAX_SRC)
1540 			return -EINVAL;
1541 
1542 		if (get_user(attr32, (u32 __user *)(long)attr->addr))
1543 			return -EFAULT;
1544 
1545 		if (attr32 != 0 && attr32 != 1)
1546 			return -EINVAL;
1547 
1548 		spin_lock_irq(&opp->lock);
1549 		openpic_set_irq(opp, attr->attr, attr32);
1550 		spin_unlock_irq(&opp->lock);
1551 		return 0;
1552 	}
1553 
1554 	return -ENXIO;
1555 }
1556 
1557 static int mpic_get_attr(struct kvm_device *dev, struct kvm_device_attr *attr)
1558 {
1559 	struct openpic *opp = dev->private;
1560 	u64 attr64;
1561 	u32 attr32;
1562 	int ret;
1563 
1564 	switch (attr->group) {
1565 	case KVM_DEV_MPIC_GRP_MISC:
1566 		switch (attr->attr) {
1567 		case KVM_DEV_MPIC_BASE_ADDR:
1568 			mutex_lock(&opp->kvm->slots_lock);
1569 			attr64 = opp->reg_base;
1570 			mutex_unlock(&opp->kvm->slots_lock);
1571 
1572 			if (copy_to_user((u64 __user *)(long)attr->addr,
1573 					 &attr64, sizeof(u64)))
1574 				return -EFAULT;
1575 
1576 			return 0;
1577 		}
1578 
1579 		break;
1580 
1581 	case KVM_DEV_MPIC_GRP_REGISTER:
1582 		ret = access_reg(opp, attr->attr, &attr32, ATTR_GET);
1583 		if (ret)
1584 			return ret;
1585 
1586 		if (put_user(attr32, (u32 __user *)(long)attr->addr))
1587 			return -EFAULT;
1588 
1589 		return 0;
1590 
1591 	case KVM_DEV_MPIC_GRP_IRQ_ACTIVE:
1592 		if (attr->attr > MAX_SRC)
1593 			return -EINVAL;
1594 
1595 		spin_lock_irq(&opp->lock);
1596 		attr32 = opp->src[attr->attr].pending;
1597 		spin_unlock_irq(&opp->lock);
1598 
1599 		if (put_user(attr32, (u32 __user *)(long)attr->addr))
1600 			return -EFAULT;
1601 
1602 		return 0;
1603 	}
1604 
1605 	return -ENXIO;
1606 }
1607 
1608 static int mpic_has_attr(struct kvm_device *dev, struct kvm_device_attr *attr)
1609 {
1610 	switch (attr->group) {
1611 	case KVM_DEV_MPIC_GRP_MISC:
1612 		switch (attr->attr) {
1613 		case KVM_DEV_MPIC_BASE_ADDR:
1614 			return 0;
1615 		}
1616 
1617 		break;
1618 
1619 	case KVM_DEV_MPIC_GRP_REGISTER:
1620 		return 0;
1621 
1622 	case KVM_DEV_MPIC_GRP_IRQ_ACTIVE:
1623 		if (attr->attr > MAX_SRC)
1624 			break;
1625 
1626 		return 0;
1627 	}
1628 
1629 	return -ENXIO;
1630 }
1631 
1632 static void mpic_destroy(struct kvm_device *dev)
1633 {
1634 	struct openpic *opp = dev->private;
1635 
1636 	dev->kvm->arch.mpic = NULL;
1637 	kfree(opp);
1638 }
1639 
1640 static int mpic_set_default_irq_routing(struct openpic *opp)
1641 {
1642 	struct kvm_irq_routing_entry *routing;
1643 
1644 	/* Create a nop default map, so that dereferencing it still works */
1645 	routing = kzalloc((sizeof(*routing)), GFP_KERNEL);
1646 	if (!routing)
1647 		return -ENOMEM;
1648 
1649 	kvm_set_irq_routing(opp->kvm, routing, 0, 0);
1650 
1651 	kfree(routing);
1652 	return 0;
1653 }
1654 
1655 static int mpic_create(struct kvm_device *dev, u32 type)
1656 {
1657 	struct openpic *opp;
1658 	int ret;
1659 
1660 	/* We only support one MPIC at a time for now */
1661 	if (dev->kvm->arch.mpic)
1662 		return -EINVAL;
1663 
1664 	opp = kzalloc(sizeof(struct openpic), GFP_KERNEL);
1665 	if (!opp)
1666 		return -ENOMEM;
1667 
1668 	dev->private = opp;
1669 	opp->kvm = dev->kvm;
1670 	opp->dev = dev;
1671 	opp->model = type;
1672 	spin_lock_init(&opp->lock);
1673 
1674 	add_mmio_region(opp, &openpic_gbl_mmio);
1675 	add_mmio_region(opp, &openpic_tmr_mmio);
1676 	add_mmio_region(opp, &openpic_src_mmio);
1677 	add_mmio_region(opp, &openpic_cpu_mmio);
1678 
1679 	switch (opp->model) {
1680 	case KVM_DEV_TYPE_FSL_MPIC_20:
1681 		opp->fsl = &fsl_mpic_20;
1682 		opp->brr1 = 0x00400200;
1683 		opp->flags |= OPENPIC_FLAG_IDR_CRIT;
1684 		opp->nb_irqs = 80;
1685 		opp->mpic_mode_mask = GCR_MODE_MIXED;
1686 
1687 		fsl_common_init(opp);
1688 
1689 		break;
1690 
1691 	case KVM_DEV_TYPE_FSL_MPIC_42:
1692 		opp->fsl = &fsl_mpic_42;
1693 		opp->brr1 = 0x00400402;
1694 		opp->flags |= OPENPIC_FLAG_ILR;
1695 		opp->nb_irqs = 196;
1696 		opp->mpic_mode_mask = GCR_MODE_PROXY;
1697 
1698 		fsl_common_init(opp);
1699 
1700 		break;
1701 
1702 	default:
1703 		ret = -ENODEV;
1704 		goto err;
1705 	}
1706 
1707 	ret = mpic_set_default_irq_routing(opp);
1708 	if (ret)
1709 		goto err;
1710 
1711 	openpic_reset(opp);
1712 
1713 	smp_wmb();
1714 	dev->kvm->arch.mpic = opp;
1715 
1716 	return 0;
1717 
1718 err:
1719 	kfree(opp);
1720 	return ret;
1721 }
1722 
1723 struct kvm_device_ops kvm_mpic_ops = {
1724 	.name = "kvm-mpic",
1725 	.create = mpic_create,
1726 	.destroy = mpic_destroy,
1727 	.set_attr = mpic_set_attr,
1728 	.get_attr = mpic_get_attr,
1729 	.has_attr = mpic_has_attr,
1730 };
1731 
1732 int kvmppc_mpic_connect_vcpu(struct kvm_device *dev, struct kvm_vcpu *vcpu,
1733 			     u32 cpu)
1734 {
1735 	struct openpic *opp = dev->private;
1736 	int ret = 0;
1737 
1738 	if (dev->ops != &kvm_mpic_ops)
1739 		return -EPERM;
1740 	if (opp->kvm != vcpu->kvm)
1741 		return -EPERM;
1742 	if (cpu < 0 || cpu >= MAX_CPU)
1743 		return -EPERM;
1744 
1745 	spin_lock_irq(&opp->lock);
1746 
1747 	if (opp->dst[cpu].vcpu) {
1748 		ret = -EEXIST;
1749 		goto out;
1750 	}
1751 	if (vcpu->arch.irq_type) {
1752 		ret = -EBUSY;
1753 		goto out;
1754 	}
1755 
1756 	opp->dst[cpu].vcpu = vcpu;
1757 	opp->nb_cpus = max(opp->nb_cpus, cpu + 1);
1758 
1759 	vcpu->arch.mpic = opp;
1760 	vcpu->arch.irq_cpu_id = cpu;
1761 	vcpu->arch.irq_type = KVMPPC_IRQ_MPIC;
1762 
1763 	/* This might need to be changed if GCR gets extended */
1764 	if (opp->mpic_mode_mask == GCR_MODE_PROXY)
1765 		vcpu->arch.epr_flags |= KVMPPC_EPR_KERNEL;
1766 
1767 out:
1768 	spin_unlock_irq(&opp->lock);
1769 	return ret;
1770 }
1771 
1772 /*
1773  * This should only happen immediately before the mpic is destroyed,
1774  * so we shouldn't need to worry about anything still trying to
1775  * access the vcpu pointer.
1776  */
1777 void kvmppc_mpic_disconnect_vcpu(struct openpic *opp, struct kvm_vcpu *vcpu)
1778 {
1779 	BUG_ON(!opp->dst[vcpu->arch.irq_cpu_id].vcpu);
1780 
1781 	opp->dst[vcpu->arch.irq_cpu_id].vcpu = NULL;
1782 }
1783 
1784 /*
1785  * Return value:
1786  *  < 0   Interrupt was ignored (masked or not delivered for other reasons)
1787  *  = 0   Interrupt was coalesced (previous irq is still pending)
1788  *  > 0   Number of CPUs interrupt was delivered to
1789  */
1790 static int mpic_set_irq(struct kvm_kernel_irq_routing_entry *e,
1791 			struct kvm *kvm, int irq_source_id, int level,
1792 			bool line_status)
1793 {
1794 	u32 irq = e->irqchip.pin;
1795 	struct openpic *opp = kvm->arch.mpic;
1796 	unsigned long flags;
1797 
1798 	spin_lock_irqsave(&opp->lock, flags);
1799 	openpic_set_irq(opp, irq, level);
1800 	spin_unlock_irqrestore(&opp->lock, flags);
1801 
1802 	/* All code paths we care about don't check for the return value */
1803 	return 0;
1804 }
1805 
1806 int kvm_set_msi(struct kvm_kernel_irq_routing_entry *e,
1807 		struct kvm *kvm, int irq_source_id, int level, bool line_status)
1808 {
1809 	struct openpic *opp = kvm->arch.mpic;
1810 	unsigned long flags;
1811 
1812 	spin_lock_irqsave(&opp->lock, flags);
1813 
1814 	/*
1815 	 * XXX We ignore the target address for now, as we only support
1816 	 *     a single MSI bank.
1817 	 */
1818 	openpic_msi_write(kvm->arch.mpic, MSIIR_OFFSET, e->msi.data);
1819 	spin_unlock_irqrestore(&opp->lock, flags);
1820 
1821 	/* All code paths we care about don't check for the return value */
1822 	return 0;
1823 }
1824 
1825 int kvm_set_routing_entry(struct kvm_irq_routing_table *rt,
1826 			  struct kvm_kernel_irq_routing_entry *e,
1827 			  const struct kvm_irq_routing_entry *ue)
1828 {
1829 	int r = -EINVAL;
1830 
1831 	switch (ue->type) {
1832 	case KVM_IRQ_ROUTING_IRQCHIP:
1833 		e->set = mpic_set_irq;
1834 		e->irqchip.irqchip = ue->u.irqchip.irqchip;
1835 		e->irqchip.pin = ue->u.irqchip.pin;
1836 		if (e->irqchip.pin >= KVM_IRQCHIP_NUM_PINS)
1837 			goto out;
1838 		rt->chip[ue->u.irqchip.irqchip][e->irqchip.pin] = ue->gsi;
1839 		break;
1840 	case KVM_IRQ_ROUTING_MSI:
1841 		e->set = kvm_set_msi;
1842 		e->msi.address_lo = ue->u.msi.address_lo;
1843 		e->msi.address_hi = ue->u.msi.address_hi;
1844 		e->msi.data = ue->u.msi.data;
1845 		break;
1846 	default:
1847 		goto out;
1848 	}
1849 
1850 	r = 0;
1851 out:
1852 	return r;
1853 }
1854