1 /* 2 * ARM Generic/Distributed Interrupt Controller 3 * 4 * Copyright (c) 2006-2007 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the GPL. 8 */ 9 10 /* This file contains implementation code for the RealView EB interrupt 11 * controller, MPCore distributed interrupt controller and ARMv7-M 12 * Nested Vectored Interrupt Controller. 13 * It is compiled in two ways: 14 * (1) as a standalone file to produce a sysbus device which is a GIC 15 * that can be used on the realview board and as one of the builtin 16 * private peripherals for the ARM MP CPUs (11MPCore, A9, etc) 17 * (2) by being directly #included into armv7m_nvic.c to produce the 18 * armv7m_nvic device. 19 */ 20 21 #include "qemu/osdep.h" 22 #include "hw/irq.h" 23 #include "hw/sysbus.h" 24 #include "gic_internal.h" 25 #include "qapi/error.h" 26 #include "hw/core/cpu.h" 27 #include "qemu/log.h" 28 #include "qemu/module.h" 29 #include "trace.h" 30 #include "sysemu/kvm.h" 31 #include "sysemu/qtest.h" 32 33 /* #define DEBUG_GIC */ 34 35 #ifdef DEBUG_GIC 36 #define DEBUG_GIC_GATE 1 37 #else 38 #define DEBUG_GIC_GATE 0 39 #endif 40 41 #define DPRINTF(fmt, ...) do { \ 42 if (DEBUG_GIC_GATE) { \ 43 fprintf(stderr, "%s: " fmt, __func__, ## __VA_ARGS__); \ 44 } \ 45 } while (0) 46 47 static const uint8_t gic_id_11mpcore[] = { 48 0x00, 0x00, 0x00, 0x00, 0x90, 0x13, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 49 }; 50 51 static const uint8_t gic_id_gicv1[] = { 52 0x04, 0x00, 0x00, 0x00, 0x90, 0xb3, 0x1b, 0x00, 0x0d, 0xf0, 0x05, 0xb1 53 }; 54 55 static const uint8_t gic_id_gicv2[] = { 56 0x04, 0x00, 0x00, 0x00, 0x90, 0xb4, 0x2b, 0x00, 0x0d, 0xf0, 0x05, 0xb1 57 }; 58 59 static inline int gic_get_current_cpu(GICState *s) 60 { 61 if (!qtest_enabled() && s->num_cpu > 1) { 62 return current_cpu->cpu_index; 63 } 64 return 0; 65 } 66 67 static inline int gic_get_current_vcpu(GICState *s) 68 { 69 return gic_get_current_cpu(s) + GIC_NCPU; 70 } 71 72 /* Return true if this GIC config has interrupt groups, which is 73 * true if we're a GICv2, or a GICv1 with the security extensions. 74 */ 75 static inline bool gic_has_groups(GICState *s) 76 { 77 return s->revision == 2 || s->security_extn; 78 } 79 80 static inline bool gic_cpu_ns_access(GICState *s, int cpu, MemTxAttrs attrs) 81 { 82 return !gic_is_vcpu(cpu) && s->security_extn && !attrs.secure; 83 } 84 85 static inline void gic_get_best_irq(GICState *s, int cpu, 86 int *best_irq, int *best_prio, int *group) 87 { 88 int irq; 89 int cm = 1 << cpu; 90 91 *best_irq = 1023; 92 *best_prio = 0x100; 93 94 for (irq = 0; irq < s->num_irq; irq++) { 95 if (GIC_DIST_TEST_ENABLED(irq, cm) && gic_test_pending(s, irq, cm) && 96 (!GIC_DIST_TEST_ACTIVE(irq, cm)) && 97 (irq < GIC_INTERNAL || GIC_DIST_TARGET(irq) & cm)) { 98 if (GIC_DIST_GET_PRIORITY(irq, cpu) < *best_prio) { 99 *best_prio = GIC_DIST_GET_PRIORITY(irq, cpu); 100 *best_irq = irq; 101 } 102 } 103 } 104 105 if (*best_irq < 1023) { 106 *group = GIC_DIST_TEST_GROUP(*best_irq, cm); 107 } 108 } 109 110 static inline void gic_get_best_virq(GICState *s, int cpu, 111 int *best_irq, int *best_prio, int *group) 112 { 113 int lr_idx = 0; 114 115 *best_irq = 1023; 116 *best_prio = 0x100; 117 118 for (lr_idx = 0; lr_idx < s->num_lrs; lr_idx++) { 119 uint32_t lr_entry = s->h_lr[lr_idx][cpu]; 120 int state = GICH_LR_STATE(lr_entry); 121 122 if (state == GICH_LR_STATE_PENDING) { 123 int prio = GICH_LR_PRIORITY(lr_entry); 124 125 if (prio < *best_prio) { 126 *best_prio = prio; 127 *best_irq = GICH_LR_VIRT_ID(lr_entry); 128 *group = GICH_LR_GROUP(lr_entry); 129 } 130 } 131 } 132 } 133 134 /* Return true if IRQ signaling is enabled for the given cpu and at least one 135 * of the given groups: 136 * - in the non-virt case, the distributor must be enabled for one of the 137 * given groups 138 * - in the virt case, the virtual interface must be enabled. 139 * - in all cases, the (v)CPU interface must be enabled for one of the given 140 * groups. 141 */ 142 static inline bool gic_irq_signaling_enabled(GICState *s, int cpu, bool virt, 143 int group_mask) 144 { 145 int cpu_iface = virt ? (cpu + GIC_NCPU) : cpu; 146 147 if (!virt && !(s->ctlr & group_mask)) { 148 return false; 149 } 150 151 if (virt && !(s->h_hcr[cpu] & R_GICH_HCR_EN_MASK)) { 152 return false; 153 } 154 155 if (!(s->cpu_ctlr[cpu_iface] & group_mask)) { 156 return false; 157 } 158 159 return true; 160 } 161 162 /* TODO: Many places that call this routine could be optimized. */ 163 /* Update interrupt status after enabled or pending bits have been changed. */ 164 static inline void gic_update_internal(GICState *s, bool virt) 165 { 166 int best_irq; 167 int best_prio; 168 int irq_level, fiq_level; 169 int cpu, cpu_iface; 170 int group = 0; 171 qemu_irq *irq_lines = virt ? s->parent_virq : s->parent_irq; 172 qemu_irq *fiq_lines = virt ? s->parent_vfiq : s->parent_fiq; 173 174 for (cpu = 0; cpu < s->num_cpu; cpu++) { 175 cpu_iface = virt ? (cpu + GIC_NCPU) : cpu; 176 177 s->current_pending[cpu_iface] = 1023; 178 if (!gic_irq_signaling_enabled(s, cpu, virt, 179 GICD_CTLR_EN_GRP0 | GICD_CTLR_EN_GRP1)) { 180 qemu_irq_lower(irq_lines[cpu]); 181 qemu_irq_lower(fiq_lines[cpu]); 182 continue; 183 } 184 185 if (virt) { 186 gic_get_best_virq(s, cpu, &best_irq, &best_prio, &group); 187 } else { 188 gic_get_best_irq(s, cpu, &best_irq, &best_prio, &group); 189 } 190 191 if (best_irq != 1023) { 192 trace_gic_update_bestirq(virt ? "vcpu" : "cpu", cpu, 193 best_irq, best_prio, 194 s->priority_mask[cpu_iface], 195 s->running_priority[cpu_iface]); 196 } 197 198 irq_level = fiq_level = 0; 199 200 if (best_prio < s->priority_mask[cpu_iface]) { 201 s->current_pending[cpu_iface] = best_irq; 202 if (best_prio < s->running_priority[cpu_iface]) { 203 if (gic_irq_signaling_enabled(s, cpu, virt, 1 << group)) { 204 if (group == 0 && 205 s->cpu_ctlr[cpu_iface] & GICC_CTLR_FIQ_EN) { 206 DPRINTF("Raised pending FIQ %d (cpu %d)\n", 207 best_irq, cpu_iface); 208 fiq_level = 1; 209 trace_gic_update_set_irq(cpu, virt ? "vfiq" : "fiq", 210 fiq_level); 211 } else { 212 DPRINTF("Raised pending IRQ %d (cpu %d)\n", 213 best_irq, cpu_iface); 214 irq_level = 1; 215 trace_gic_update_set_irq(cpu, virt ? "virq" : "irq", 216 irq_level); 217 } 218 } 219 } 220 } 221 222 qemu_set_irq(irq_lines[cpu], irq_level); 223 qemu_set_irq(fiq_lines[cpu], fiq_level); 224 } 225 } 226 227 static void gic_update(GICState *s) 228 { 229 gic_update_internal(s, false); 230 } 231 232 /* Return true if this LR is empty, i.e. the corresponding bit 233 * in ELRSR is set. 234 */ 235 static inline bool gic_lr_entry_is_free(uint32_t entry) 236 { 237 return (GICH_LR_STATE(entry) == GICH_LR_STATE_INVALID) 238 && (GICH_LR_HW(entry) || !GICH_LR_EOI(entry)); 239 } 240 241 /* Return true if this LR should trigger an EOI maintenance interrupt, i.e. the 242 * corrsponding bit in EISR is set. 243 */ 244 static inline bool gic_lr_entry_is_eoi(uint32_t entry) 245 { 246 return (GICH_LR_STATE(entry) == GICH_LR_STATE_INVALID) 247 && !GICH_LR_HW(entry) && GICH_LR_EOI(entry); 248 } 249 250 static inline void gic_extract_lr_info(GICState *s, int cpu, 251 int *num_eoi, int *num_valid, int *num_pending) 252 { 253 int lr_idx; 254 255 *num_eoi = 0; 256 *num_valid = 0; 257 *num_pending = 0; 258 259 for (lr_idx = 0; lr_idx < s->num_lrs; lr_idx++) { 260 uint32_t *entry = &s->h_lr[lr_idx][cpu]; 261 262 if (gic_lr_entry_is_eoi(*entry)) { 263 (*num_eoi)++; 264 } 265 266 if (GICH_LR_STATE(*entry) != GICH_LR_STATE_INVALID) { 267 (*num_valid)++; 268 } 269 270 if (GICH_LR_STATE(*entry) == GICH_LR_STATE_PENDING) { 271 (*num_pending)++; 272 } 273 } 274 } 275 276 static void gic_compute_misr(GICState *s, int cpu) 277 { 278 uint32_t value = 0; 279 int vcpu = cpu + GIC_NCPU; 280 281 int num_eoi, num_valid, num_pending; 282 283 gic_extract_lr_info(s, cpu, &num_eoi, &num_valid, &num_pending); 284 285 /* EOI */ 286 if (num_eoi) { 287 value |= R_GICH_MISR_EOI_MASK; 288 } 289 290 /* U: true if only 0 or 1 LR entry is valid */ 291 if ((s->h_hcr[cpu] & R_GICH_HCR_UIE_MASK) && (num_valid < 2)) { 292 value |= R_GICH_MISR_U_MASK; 293 } 294 295 /* LRENP: EOICount is not 0 */ 296 if ((s->h_hcr[cpu] & R_GICH_HCR_LRENPIE_MASK) && 297 ((s->h_hcr[cpu] & R_GICH_HCR_EOICount_MASK) != 0)) { 298 value |= R_GICH_MISR_LRENP_MASK; 299 } 300 301 /* NP: no pending interrupts */ 302 if ((s->h_hcr[cpu] & R_GICH_HCR_NPIE_MASK) && (num_pending == 0)) { 303 value |= R_GICH_MISR_NP_MASK; 304 } 305 306 /* VGrp0E: group0 virq signaling enabled */ 307 if ((s->h_hcr[cpu] & R_GICH_HCR_VGRP0EIE_MASK) && 308 (s->cpu_ctlr[vcpu] & GICC_CTLR_EN_GRP0)) { 309 value |= R_GICH_MISR_VGrp0E_MASK; 310 } 311 312 /* VGrp0D: group0 virq signaling disabled */ 313 if ((s->h_hcr[cpu] & R_GICH_HCR_VGRP0DIE_MASK) && 314 !(s->cpu_ctlr[vcpu] & GICC_CTLR_EN_GRP0)) { 315 value |= R_GICH_MISR_VGrp0D_MASK; 316 } 317 318 /* VGrp1E: group1 virq signaling enabled */ 319 if ((s->h_hcr[cpu] & R_GICH_HCR_VGRP1EIE_MASK) && 320 (s->cpu_ctlr[vcpu] & GICC_CTLR_EN_GRP1)) { 321 value |= R_GICH_MISR_VGrp1E_MASK; 322 } 323 324 /* VGrp1D: group1 virq signaling disabled */ 325 if ((s->h_hcr[cpu] & R_GICH_HCR_VGRP1DIE_MASK) && 326 !(s->cpu_ctlr[vcpu] & GICC_CTLR_EN_GRP1)) { 327 value |= R_GICH_MISR_VGrp1D_MASK; 328 } 329 330 s->h_misr[cpu] = value; 331 } 332 333 static void gic_update_maintenance(GICState *s) 334 { 335 int cpu = 0; 336 int maint_level; 337 338 for (cpu = 0; cpu < s->num_cpu; cpu++) { 339 gic_compute_misr(s, cpu); 340 maint_level = (s->h_hcr[cpu] & R_GICH_HCR_EN_MASK) && s->h_misr[cpu]; 341 342 trace_gic_update_maintenance_irq(cpu, maint_level); 343 qemu_set_irq(s->maintenance_irq[cpu], maint_level); 344 } 345 } 346 347 static void gic_update_virt(GICState *s) 348 { 349 gic_update_internal(s, true); 350 gic_update_maintenance(s); 351 } 352 353 static void gic_set_irq_11mpcore(GICState *s, int irq, int level, 354 int cm, int target) 355 { 356 if (level) { 357 GIC_DIST_SET_LEVEL(irq, cm); 358 if (GIC_DIST_TEST_EDGE_TRIGGER(irq) || GIC_DIST_TEST_ENABLED(irq, cm)) { 359 DPRINTF("Set %d pending mask %x\n", irq, target); 360 GIC_DIST_SET_PENDING(irq, target); 361 } 362 } else { 363 GIC_DIST_CLEAR_LEVEL(irq, cm); 364 } 365 } 366 367 static void gic_set_irq_generic(GICState *s, int irq, int level, 368 int cm, int target) 369 { 370 if (level) { 371 GIC_DIST_SET_LEVEL(irq, cm); 372 DPRINTF("Set %d pending mask %x\n", irq, target); 373 if (GIC_DIST_TEST_EDGE_TRIGGER(irq)) { 374 GIC_DIST_SET_PENDING(irq, target); 375 } 376 } else { 377 GIC_DIST_CLEAR_LEVEL(irq, cm); 378 } 379 } 380 381 /* Process a change in an external IRQ input. */ 382 static void gic_set_irq(void *opaque, int irq, int level) 383 { 384 /* Meaning of the 'irq' parameter: 385 * [0..N-1] : external interrupts 386 * [N..N+31] : PPI (internal) interrupts for CPU 0 387 * [N+32..N+63] : PPI (internal interrupts for CPU 1 388 * ... 389 */ 390 GICState *s = (GICState *)opaque; 391 int cm, target; 392 if (irq < (s->num_irq - GIC_INTERNAL)) { 393 /* The first external input line is internal interrupt 32. */ 394 cm = ALL_CPU_MASK; 395 irq += GIC_INTERNAL; 396 target = GIC_DIST_TARGET(irq); 397 } else { 398 int cpu; 399 irq -= (s->num_irq - GIC_INTERNAL); 400 cpu = irq / GIC_INTERNAL; 401 irq %= GIC_INTERNAL; 402 cm = 1 << cpu; 403 target = cm; 404 } 405 406 assert(irq >= GIC_NR_SGIS); 407 408 if (level == GIC_DIST_TEST_LEVEL(irq, cm)) { 409 return; 410 } 411 412 if (s->revision == REV_11MPCORE) { 413 gic_set_irq_11mpcore(s, irq, level, cm, target); 414 } else { 415 gic_set_irq_generic(s, irq, level, cm, target); 416 } 417 trace_gic_set_irq(irq, level, cm, target); 418 419 gic_update(s); 420 } 421 422 static uint16_t gic_get_current_pending_irq(GICState *s, int cpu, 423 MemTxAttrs attrs) 424 { 425 uint16_t pending_irq = s->current_pending[cpu]; 426 427 if (pending_irq < GIC_MAXIRQ && gic_has_groups(s)) { 428 int group = gic_test_group(s, pending_irq, cpu); 429 430 /* On a GIC without the security extensions, reading this register 431 * behaves in the same way as a secure access to a GIC with them. 432 */ 433 bool secure = !gic_cpu_ns_access(s, cpu, attrs); 434 435 if (group == 0 && !secure) { 436 /* Group0 interrupts hidden from Non-secure access */ 437 return 1023; 438 } 439 if (group == 1 && secure && !(s->cpu_ctlr[cpu] & GICC_CTLR_ACK_CTL)) { 440 /* Group1 interrupts only seen by Secure access if 441 * AckCtl bit set. 442 */ 443 return 1022; 444 } 445 } 446 return pending_irq; 447 } 448 449 static int gic_get_group_priority(GICState *s, int cpu, int irq) 450 { 451 /* Return the group priority of the specified interrupt 452 * (which is the top bits of its priority, with the number 453 * of bits masked determined by the applicable binary point register). 454 */ 455 int bpr; 456 uint32_t mask; 457 458 if (gic_has_groups(s) && 459 !(s->cpu_ctlr[cpu] & GICC_CTLR_CBPR) && 460 gic_test_group(s, irq, cpu)) { 461 bpr = s->abpr[cpu] - 1; 462 assert(bpr >= 0); 463 } else { 464 bpr = s->bpr[cpu]; 465 } 466 467 /* a BPR of 0 means the group priority bits are [7:1]; 468 * a BPR of 1 means they are [7:2], and so on down to 469 * a BPR of 7 meaning no group priority bits at all. 470 */ 471 mask = ~0U << ((bpr & 7) + 1); 472 473 return gic_get_priority(s, irq, cpu) & mask; 474 } 475 476 static void gic_activate_irq(GICState *s, int cpu, int irq) 477 { 478 /* Set the appropriate Active Priority Register bit for this IRQ, 479 * and update the running priority. 480 */ 481 int prio = gic_get_group_priority(s, cpu, irq); 482 int min_bpr = gic_is_vcpu(cpu) ? GIC_VIRT_MIN_BPR : GIC_MIN_BPR; 483 int preemption_level = prio >> (min_bpr + 1); 484 int regno = preemption_level / 32; 485 int bitno = preemption_level % 32; 486 uint32_t *papr = NULL; 487 488 if (gic_is_vcpu(cpu)) { 489 assert(regno == 0); 490 papr = &s->h_apr[gic_get_vcpu_real_id(cpu)]; 491 } else if (gic_has_groups(s) && gic_test_group(s, irq, cpu)) { 492 papr = &s->nsapr[regno][cpu]; 493 } else { 494 papr = &s->apr[regno][cpu]; 495 } 496 497 *papr |= (1 << bitno); 498 499 s->running_priority[cpu] = prio; 500 gic_set_active(s, irq, cpu); 501 } 502 503 static int gic_get_prio_from_apr_bits(GICState *s, int cpu) 504 { 505 /* Recalculate the current running priority for this CPU based 506 * on the set bits in the Active Priority Registers. 507 */ 508 int i; 509 510 if (gic_is_vcpu(cpu)) { 511 uint32_t apr = s->h_apr[gic_get_vcpu_real_id(cpu)]; 512 if (apr) { 513 return ctz32(apr) << (GIC_VIRT_MIN_BPR + 1); 514 } else { 515 return 0x100; 516 } 517 } 518 519 for (i = 0; i < GIC_NR_APRS; i++) { 520 uint32_t apr = s->apr[i][cpu] | s->nsapr[i][cpu]; 521 if (!apr) { 522 continue; 523 } 524 return (i * 32 + ctz32(apr)) << (GIC_MIN_BPR + 1); 525 } 526 return 0x100; 527 } 528 529 static void gic_drop_prio(GICState *s, int cpu, int group) 530 { 531 /* Drop the priority of the currently active interrupt in the 532 * specified group. 533 * 534 * Note that we can guarantee (because of the requirement to nest 535 * GICC_IAR reads [which activate an interrupt and raise priority] 536 * with GICC_EOIR writes [which drop the priority for the interrupt]) 537 * that the interrupt we're being called for is the highest priority 538 * active interrupt, meaning that it has the lowest set bit in the 539 * APR registers. 540 * 541 * If the guest does not honour the ordering constraints then the 542 * behaviour of the GIC is UNPREDICTABLE, which for us means that 543 * the values of the APR registers might become incorrect and the 544 * running priority will be wrong, so interrupts that should preempt 545 * might not do so, and interrupts that should not preempt might do so. 546 */ 547 if (gic_is_vcpu(cpu)) { 548 int rcpu = gic_get_vcpu_real_id(cpu); 549 550 if (s->h_apr[rcpu]) { 551 /* Clear lowest set bit */ 552 s->h_apr[rcpu] &= s->h_apr[rcpu] - 1; 553 } 554 } else { 555 int i; 556 557 for (i = 0; i < GIC_NR_APRS; i++) { 558 uint32_t *papr = group ? &s->nsapr[i][cpu] : &s->apr[i][cpu]; 559 if (!*papr) { 560 continue; 561 } 562 /* Clear lowest set bit */ 563 *papr &= *papr - 1; 564 break; 565 } 566 } 567 568 s->running_priority[cpu] = gic_get_prio_from_apr_bits(s, cpu); 569 } 570 571 static inline uint32_t gic_clear_pending_sgi(GICState *s, int irq, int cpu) 572 { 573 int src; 574 uint32_t ret; 575 576 if (!gic_is_vcpu(cpu)) { 577 /* Lookup the source CPU for the SGI and clear this in the 578 * sgi_pending map. Return the src and clear the overall pending 579 * state on this CPU if the SGI is not pending from any CPUs. 580 */ 581 assert(s->sgi_pending[irq][cpu] != 0); 582 src = ctz32(s->sgi_pending[irq][cpu]); 583 s->sgi_pending[irq][cpu] &= ~(1 << src); 584 if (s->sgi_pending[irq][cpu] == 0) { 585 gic_clear_pending(s, irq, cpu); 586 } 587 ret = irq | ((src & 0x7) << 10); 588 } else { 589 uint32_t *lr_entry = gic_get_lr_entry(s, irq, cpu); 590 src = GICH_LR_CPUID(*lr_entry); 591 592 gic_clear_pending(s, irq, cpu); 593 ret = irq | (src << 10); 594 } 595 596 return ret; 597 } 598 599 uint32_t gic_acknowledge_irq(GICState *s, int cpu, MemTxAttrs attrs) 600 { 601 int ret, irq; 602 603 /* gic_get_current_pending_irq() will return 1022 or 1023 appropriately 604 * for the case where this GIC supports grouping and the pending interrupt 605 * is in the wrong group. 606 */ 607 irq = gic_get_current_pending_irq(s, cpu, attrs); 608 trace_gic_acknowledge_irq(gic_is_vcpu(cpu) ? "vcpu" : "cpu", 609 gic_get_vcpu_real_id(cpu), irq); 610 611 if (irq >= GIC_MAXIRQ) { 612 DPRINTF("ACK, no pending interrupt or it is hidden: %d\n", irq); 613 return irq; 614 } 615 616 if (gic_get_priority(s, irq, cpu) >= s->running_priority[cpu]) { 617 DPRINTF("ACK, pending interrupt (%d) has insufficient priority\n", irq); 618 return 1023; 619 } 620 621 gic_activate_irq(s, cpu, irq); 622 623 if (s->revision == REV_11MPCORE) { 624 /* Clear pending flags for both level and edge triggered interrupts. 625 * Level triggered IRQs will be reasserted once they become inactive. 626 */ 627 gic_clear_pending(s, irq, cpu); 628 ret = irq; 629 } else { 630 if (irq < GIC_NR_SGIS) { 631 ret = gic_clear_pending_sgi(s, irq, cpu); 632 } else { 633 gic_clear_pending(s, irq, cpu); 634 ret = irq; 635 } 636 } 637 638 if (gic_is_vcpu(cpu)) { 639 gic_update_virt(s); 640 } else { 641 gic_update(s); 642 } 643 DPRINTF("ACK %d\n", irq); 644 return ret; 645 } 646 647 static uint32_t gic_fullprio_mask(GICState *s, int cpu) 648 { 649 /* 650 * Return a mask word which clears the unimplemented priority 651 * bits from a priority value for an interrupt. (Not to be 652 * confused with the group priority, whose mask depends on BPR.) 653 */ 654 int priBits; 655 656 if (gic_is_vcpu(cpu)) { 657 priBits = GIC_VIRT_MAX_GROUP_PRIO_BITS; 658 } else { 659 priBits = s->n_prio_bits; 660 } 661 return ~0U << (8 - priBits); 662 } 663 664 void gic_dist_set_priority(GICState *s, int cpu, int irq, uint8_t val, 665 MemTxAttrs attrs) 666 { 667 if (s->security_extn && !attrs.secure) { 668 if (!GIC_DIST_TEST_GROUP(irq, (1 << cpu))) { 669 return; /* Ignore Non-secure access of Group0 IRQ */ 670 } 671 val = 0x80 | (val >> 1); /* Non-secure view */ 672 } 673 674 val &= gic_fullprio_mask(s, cpu); 675 676 if (irq < GIC_INTERNAL) { 677 s->priority1[irq][cpu] = val; 678 } else { 679 s->priority2[(irq) - GIC_INTERNAL] = val; 680 } 681 } 682 683 static uint32_t gic_dist_get_priority(GICState *s, int cpu, int irq, 684 MemTxAttrs attrs) 685 { 686 uint32_t prio = GIC_DIST_GET_PRIORITY(irq, cpu); 687 688 if (s->security_extn && !attrs.secure) { 689 if (!GIC_DIST_TEST_GROUP(irq, (1 << cpu))) { 690 return 0; /* Non-secure access cannot read priority of Group0 IRQ */ 691 } 692 prio = (prio << 1) & 0xff; /* Non-secure view */ 693 } 694 return prio & gic_fullprio_mask(s, cpu); 695 } 696 697 static void gic_set_priority_mask(GICState *s, int cpu, uint8_t pmask, 698 MemTxAttrs attrs) 699 { 700 if (gic_cpu_ns_access(s, cpu, attrs)) { 701 if (s->priority_mask[cpu] & 0x80) { 702 /* Priority Mask in upper half */ 703 pmask = 0x80 | (pmask >> 1); 704 } else { 705 /* Non-secure write ignored if priority mask is in lower half */ 706 return; 707 } 708 } 709 s->priority_mask[cpu] = pmask & gic_fullprio_mask(s, cpu); 710 } 711 712 static uint32_t gic_get_priority_mask(GICState *s, int cpu, MemTxAttrs attrs) 713 { 714 uint32_t pmask = s->priority_mask[cpu]; 715 716 if (gic_cpu_ns_access(s, cpu, attrs)) { 717 if (pmask & 0x80) { 718 /* Priority Mask in upper half, return Non-secure view */ 719 pmask = (pmask << 1) & 0xff; 720 } else { 721 /* Priority Mask in lower half, RAZ */ 722 pmask = 0; 723 } 724 } 725 return pmask; 726 } 727 728 static uint32_t gic_get_cpu_control(GICState *s, int cpu, MemTxAttrs attrs) 729 { 730 uint32_t ret = s->cpu_ctlr[cpu]; 731 732 if (gic_cpu_ns_access(s, cpu, attrs)) { 733 /* Construct the NS banked view of GICC_CTLR from the correct 734 * bits of the S banked view. We don't need to move the bypass 735 * control bits because we don't implement that (IMPDEF) part 736 * of the GIC architecture. 737 */ 738 ret = (ret & (GICC_CTLR_EN_GRP1 | GICC_CTLR_EOIMODE_NS)) >> 1; 739 } 740 return ret; 741 } 742 743 static void gic_set_cpu_control(GICState *s, int cpu, uint32_t value, 744 MemTxAttrs attrs) 745 { 746 uint32_t mask; 747 748 if (gic_cpu_ns_access(s, cpu, attrs)) { 749 /* The NS view can only write certain bits in the register; 750 * the rest are unchanged 751 */ 752 mask = GICC_CTLR_EN_GRP1; 753 if (s->revision == 2) { 754 mask |= GICC_CTLR_EOIMODE_NS; 755 } 756 s->cpu_ctlr[cpu] &= ~mask; 757 s->cpu_ctlr[cpu] |= (value << 1) & mask; 758 } else { 759 if (s->revision == 2) { 760 mask = s->security_extn ? GICC_CTLR_V2_S_MASK : GICC_CTLR_V2_MASK; 761 } else { 762 mask = s->security_extn ? GICC_CTLR_V1_S_MASK : GICC_CTLR_V1_MASK; 763 } 764 s->cpu_ctlr[cpu] = value & mask; 765 } 766 DPRINTF("CPU Interface %d: Group0 Interrupts %sabled, " 767 "Group1 Interrupts %sabled\n", cpu, 768 (s->cpu_ctlr[cpu] & GICC_CTLR_EN_GRP0) ? "En" : "Dis", 769 (s->cpu_ctlr[cpu] & GICC_CTLR_EN_GRP1) ? "En" : "Dis"); 770 } 771 772 static uint8_t gic_get_running_priority(GICState *s, int cpu, MemTxAttrs attrs) 773 { 774 if ((s->revision != REV_11MPCORE) && (s->running_priority[cpu] > 0xff)) { 775 /* Idle priority */ 776 return 0xff; 777 } 778 779 if (gic_cpu_ns_access(s, cpu, attrs)) { 780 if (s->running_priority[cpu] & 0x80) { 781 /* Running priority in upper half of range: return the Non-secure 782 * view of the priority. 783 */ 784 return s->running_priority[cpu] << 1; 785 } else { 786 /* Running priority in lower half of range: RAZ */ 787 return 0; 788 } 789 } else { 790 return s->running_priority[cpu]; 791 } 792 } 793 794 /* Return true if we should split priority drop and interrupt deactivation, 795 * ie whether the relevant EOIMode bit is set. 796 */ 797 static bool gic_eoi_split(GICState *s, int cpu, MemTxAttrs attrs) 798 { 799 if (s->revision != 2) { 800 /* Before GICv2 prio-drop and deactivate are not separable */ 801 return false; 802 } 803 if (gic_cpu_ns_access(s, cpu, attrs)) { 804 return s->cpu_ctlr[cpu] & GICC_CTLR_EOIMODE_NS; 805 } 806 return s->cpu_ctlr[cpu] & GICC_CTLR_EOIMODE; 807 } 808 809 static void gic_deactivate_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs) 810 { 811 int group; 812 813 if (irq >= GIC_MAXIRQ || (!gic_is_vcpu(cpu) && irq >= s->num_irq)) { 814 /* 815 * This handles two cases: 816 * 1. If software writes the ID of a spurious interrupt [ie 1023] 817 * to the GICC_DIR, the GIC ignores that write. 818 * 2. If software writes the number of a non-existent interrupt 819 * this must be a subcase of "value written is not an active interrupt" 820 * and so this is UNPREDICTABLE. We choose to ignore it. For vCPUs, 821 * all IRQs potentially exist, so this limit does not apply. 822 */ 823 return; 824 } 825 826 if (!gic_eoi_split(s, cpu, attrs)) { 827 /* This is UNPREDICTABLE; we choose to ignore it */ 828 qemu_log_mask(LOG_GUEST_ERROR, 829 "gic_deactivate_irq: GICC_DIR write when EOIMode clear"); 830 return; 831 } 832 833 if (gic_is_vcpu(cpu) && !gic_virq_is_valid(s, irq, cpu)) { 834 /* This vIRQ does not have an LR entry which is either active or 835 * pending and active. Increment EOICount and ignore the write. 836 */ 837 int rcpu = gic_get_vcpu_real_id(cpu); 838 s->h_hcr[rcpu] += 1 << R_GICH_HCR_EOICount_SHIFT; 839 840 /* Update the virtual interface in case a maintenance interrupt should 841 * be raised. 842 */ 843 gic_update_virt(s); 844 return; 845 } 846 847 group = gic_has_groups(s) && gic_test_group(s, irq, cpu); 848 849 if (gic_cpu_ns_access(s, cpu, attrs) && !group) { 850 DPRINTF("Non-secure DI for Group0 interrupt %d ignored\n", irq); 851 return; 852 } 853 854 gic_clear_active(s, irq, cpu); 855 } 856 857 static void gic_complete_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs) 858 { 859 int cm = 1 << cpu; 860 int group; 861 862 DPRINTF("EOI %d\n", irq); 863 if (gic_is_vcpu(cpu)) { 864 /* The call to gic_prio_drop() will clear a bit in GICH_APR iff the 865 * running prio is < 0x100. 866 */ 867 bool prio_drop = s->running_priority[cpu] < 0x100; 868 869 if (irq >= GIC_MAXIRQ) { 870 /* Ignore spurious interrupt */ 871 return; 872 } 873 874 gic_drop_prio(s, cpu, 0); 875 876 if (!gic_eoi_split(s, cpu, attrs)) { 877 bool valid = gic_virq_is_valid(s, irq, cpu); 878 if (prio_drop && !valid) { 879 /* We are in a situation where: 880 * - V_CTRL.EOIMode is false (no EOI split), 881 * - The call to gic_drop_prio() cleared a bit in GICH_APR, 882 * - This vIRQ does not have an LR entry which is either 883 * active or pending and active. 884 * In that case, we must increment EOICount. 885 */ 886 int rcpu = gic_get_vcpu_real_id(cpu); 887 s->h_hcr[rcpu] += 1 << R_GICH_HCR_EOICount_SHIFT; 888 } else if (valid) { 889 gic_clear_active(s, irq, cpu); 890 } 891 } 892 893 gic_update_virt(s); 894 return; 895 } 896 897 if (irq >= s->num_irq) { 898 /* This handles two cases: 899 * 1. If software writes the ID of a spurious interrupt [ie 1023] 900 * to the GICC_EOIR, the GIC ignores that write. 901 * 2. If software writes the number of a non-existent interrupt 902 * this must be a subcase of "value written does not match the last 903 * valid interrupt value read from the Interrupt Acknowledge 904 * register" and so this is UNPREDICTABLE. We choose to ignore it. 905 */ 906 return; 907 } 908 if (s->running_priority[cpu] == 0x100) { 909 return; /* No active IRQ. */ 910 } 911 912 if (s->revision == REV_11MPCORE) { 913 /* Mark level triggered interrupts as pending if they are still 914 raised. */ 915 if (!GIC_DIST_TEST_EDGE_TRIGGER(irq) && GIC_DIST_TEST_ENABLED(irq, cm) 916 && GIC_DIST_TEST_LEVEL(irq, cm) 917 && (GIC_DIST_TARGET(irq) & cm) != 0) { 918 DPRINTF("Set %d pending mask %x\n", irq, cm); 919 GIC_DIST_SET_PENDING(irq, cm); 920 } 921 } 922 923 group = gic_has_groups(s) && gic_test_group(s, irq, cpu); 924 925 if (gic_cpu_ns_access(s, cpu, attrs) && !group) { 926 DPRINTF("Non-secure EOI for Group0 interrupt %d ignored\n", irq); 927 return; 928 } 929 930 /* Secure EOI with GICC_CTLR.AckCtl == 0 when the IRQ is a Group 1 931 * interrupt is UNPREDICTABLE. We choose to handle it as if AckCtl == 1, 932 * i.e. go ahead and complete the irq anyway. 933 */ 934 935 gic_drop_prio(s, cpu, group); 936 937 /* In GICv2 the guest can choose to split priority-drop and deactivate */ 938 if (!gic_eoi_split(s, cpu, attrs)) { 939 gic_clear_active(s, irq, cpu); 940 } 941 gic_update(s); 942 } 943 944 static uint32_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs) 945 { 946 GICState *s = (GICState *)opaque; 947 uint32_t res; 948 int irq; 949 int i; 950 int cpu; 951 int cm; 952 int mask; 953 954 cpu = gic_get_current_cpu(s); 955 cm = 1 << cpu; 956 if (offset < 0x100) { 957 if (offset == 0) { /* GICD_CTLR */ 958 if (s->security_extn && !attrs.secure) { 959 /* The NS bank of this register is just an alias of the 960 * EnableGrp1 bit in the S bank version. 961 */ 962 return extract32(s->ctlr, 1, 1); 963 } else { 964 return s->ctlr; 965 } 966 } 967 if (offset == 4) 968 /* Interrupt Controller Type Register */ 969 return ((s->num_irq / 32) - 1) 970 | ((s->num_cpu - 1) << 5) 971 | (s->security_extn << 10); 972 if (offset < 0x08) 973 return 0; 974 if (offset >= 0x80) { 975 /* Interrupt Group Registers: these RAZ/WI if this is an NS 976 * access to a GIC with the security extensions, or if the GIC 977 * doesn't have groups at all. 978 */ 979 res = 0; 980 if (!(s->security_extn && !attrs.secure) && gic_has_groups(s)) { 981 /* Every byte offset holds 8 group status bits */ 982 irq = (offset - 0x080) * 8; 983 if (irq >= s->num_irq) { 984 goto bad_reg; 985 } 986 for (i = 0; i < 8; i++) { 987 if (GIC_DIST_TEST_GROUP(irq + i, cm)) { 988 res |= (1 << i); 989 } 990 } 991 } 992 return res; 993 } 994 goto bad_reg; 995 } else if (offset < 0x200) { 996 /* Interrupt Set/Clear Enable. */ 997 if (offset < 0x180) 998 irq = (offset - 0x100) * 8; 999 else 1000 irq = (offset - 0x180) * 8; 1001 if (irq >= s->num_irq) 1002 goto bad_reg; 1003 res = 0; 1004 for (i = 0; i < 8; i++) { 1005 if (s->security_extn && !attrs.secure && 1006 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1007 continue; /* Ignore Non-secure access of Group0 IRQ */ 1008 } 1009 1010 if (GIC_DIST_TEST_ENABLED(irq + i, cm)) { 1011 res |= (1 << i); 1012 } 1013 } 1014 } else if (offset < 0x300) { 1015 /* Interrupt Set/Clear Pending. */ 1016 if (offset < 0x280) 1017 irq = (offset - 0x200) * 8; 1018 else 1019 irq = (offset - 0x280) * 8; 1020 if (irq >= s->num_irq) 1021 goto bad_reg; 1022 res = 0; 1023 mask = (irq < GIC_INTERNAL) ? cm : ALL_CPU_MASK; 1024 for (i = 0; i < 8; i++) { 1025 if (s->security_extn && !attrs.secure && 1026 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1027 continue; /* Ignore Non-secure access of Group0 IRQ */ 1028 } 1029 1030 if (gic_test_pending(s, irq + i, mask)) { 1031 res |= (1 << i); 1032 } 1033 } 1034 } else if (offset < 0x400) { 1035 /* Interrupt Set/Clear Active. */ 1036 if (offset < 0x380) { 1037 irq = (offset - 0x300) * 8; 1038 } else if (s->revision == 2) { 1039 irq = (offset - 0x380) * 8; 1040 } else { 1041 goto bad_reg; 1042 } 1043 1044 if (irq >= s->num_irq) 1045 goto bad_reg; 1046 res = 0; 1047 mask = (irq < GIC_INTERNAL) ? cm : ALL_CPU_MASK; 1048 for (i = 0; i < 8; i++) { 1049 if (s->security_extn && !attrs.secure && 1050 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1051 continue; /* Ignore Non-secure access of Group0 IRQ */ 1052 } 1053 1054 if (GIC_DIST_TEST_ACTIVE(irq + i, mask)) { 1055 res |= (1 << i); 1056 } 1057 } 1058 } else if (offset < 0x800) { 1059 /* Interrupt Priority. */ 1060 irq = (offset - 0x400); 1061 if (irq >= s->num_irq) 1062 goto bad_reg; 1063 res = gic_dist_get_priority(s, cpu, irq, attrs); 1064 } else if (offset < 0xc00) { 1065 /* Interrupt CPU Target. */ 1066 if (s->num_cpu == 1 && s->revision != REV_11MPCORE) { 1067 /* For uniprocessor GICs these RAZ/WI */ 1068 res = 0; 1069 } else { 1070 irq = (offset - 0x800); 1071 if (irq >= s->num_irq) { 1072 goto bad_reg; 1073 } 1074 if (irq < 29 && s->revision == REV_11MPCORE) { 1075 res = 0; 1076 } else if (irq < GIC_INTERNAL) { 1077 res = cm; 1078 } else { 1079 res = GIC_DIST_TARGET(irq); 1080 } 1081 } 1082 } else if (offset < 0xf00) { 1083 /* Interrupt Configuration. */ 1084 irq = (offset - 0xc00) * 4; 1085 if (irq >= s->num_irq) 1086 goto bad_reg; 1087 res = 0; 1088 for (i = 0; i < 4; i++) { 1089 if (s->security_extn && !attrs.secure && 1090 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1091 continue; /* Ignore Non-secure access of Group0 IRQ */ 1092 } 1093 1094 if (GIC_DIST_TEST_MODEL(irq + i)) { 1095 res |= (1 << (i * 2)); 1096 } 1097 if (GIC_DIST_TEST_EDGE_TRIGGER(irq + i)) { 1098 res |= (2 << (i * 2)); 1099 } 1100 } 1101 } else if (offset < 0xf10) { 1102 goto bad_reg; 1103 } else if (offset < 0xf30) { 1104 if (s->revision == REV_11MPCORE) { 1105 goto bad_reg; 1106 } 1107 1108 if (offset < 0xf20) { 1109 /* GICD_CPENDSGIRn */ 1110 irq = (offset - 0xf10); 1111 } else { 1112 irq = (offset - 0xf20); 1113 /* GICD_SPENDSGIRn */ 1114 } 1115 1116 if (s->security_extn && !attrs.secure && 1117 !GIC_DIST_TEST_GROUP(irq, 1 << cpu)) { 1118 res = 0; /* Ignore Non-secure access of Group0 IRQ */ 1119 } else { 1120 res = s->sgi_pending[irq][cpu]; 1121 } 1122 } else if (offset < 0xfd0) { 1123 goto bad_reg; 1124 } else if (offset < 0x1000) { 1125 if (offset & 3) { 1126 res = 0; 1127 } else { 1128 switch (s->revision) { 1129 case REV_11MPCORE: 1130 res = gic_id_11mpcore[(offset - 0xfd0) >> 2]; 1131 break; 1132 case 1: 1133 res = gic_id_gicv1[(offset - 0xfd0) >> 2]; 1134 break; 1135 case 2: 1136 res = gic_id_gicv2[(offset - 0xfd0) >> 2]; 1137 break; 1138 default: 1139 res = 0; 1140 } 1141 } 1142 } else { 1143 g_assert_not_reached(); 1144 } 1145 return res; 1146 bad_reg: 1147 qemu_log_mask(LOG_GUEST_ERROR, 1148 "gic_dist_readb: Bad offset %x\n", (int)offset); 1149 return 0; 1150 } 1151 1152 static MemTxResult gic_dist_read(void *opaque, hwaddr offset, uint64_t *data, 1153 unsigned size, MemTxAttrs attrs) 1154 { 1155 switch (size) { 1156 case 1: 1157 *data = gic_dist_readb(opaque, offset, attrs); 1158 break; 1159 case 2: 1160 *data = gic_dist_readb(opaque, offset, attrs); 1161 *data |= gic_dist_readb(opaque, offset + 1, attrs) << 8; 1162 break; 1163 case 4: 1164 *data = gic_dist_readb(opaque, offset, attrs); 1165 *data |= gic_dist_readb(opaque, offset + 1, attrs) << 8; 1166 *data |= gic_dist_readb(opaque, offset + 2, attrs) << 16; 1167 *data |= gic_dist_readb(opaque, offset + 3, attrs) << 24; 1168 break; 1169 default: 1170 return MEMTX_ERROR; 1171 } 1172 1173 trace_gic_dist_read(offset, size, *data); 1174 return MEMTX_OK; 1175 } 1176 1177 static void gic_dist_writeb(void *opaque, hwaddr offset, 1178 uint32_t value, MemTxAttrs attrs) 1179 { 1180 GICState *s = (GICState *)opaque; 1181 int irq; 1182 int i; 1183 int cpu; 1184 1185 cpu = gic_get_current_cpu(s); 1186 if (offset < 0x100) { 1187 if (offset == 0) { 1188 if (s->security_extn && !attrs.secure) { 1189 /* NS version is just an alias of the S version's bit 1 */ 1190 s->ctlr = deposit32(s->ctlr, 1, 1, value); 1191 } else if (gic_has_groups(s)) { 1192 s->ctlr = value & (GICD_CTLR_EN_GRP0 | GICD_CTLR_EN_GRP1); 1193 } else { 1194 s->ctlr = value & GICD_CTLR_EN_GRP0; 1195 } 1196 DPRINTF("Distributor: Group0 %sabled; Group 1 %sabled\n", 1197 s->ctlr & GICD_CTLR_EN_GRP0 ? "En" : "Dis", 1198 s->ctlr & GICD_CTLR_EN_GRP1 ? "En" : "Dis"); 1199 } else if (offset < 4) { 1200 /* ignored. */ 1201 } else if (offset >= 0x80) { 1202 /* Interrupt Group Registers: RAZ/WI for NS access to secure 1203 * GIC, or for GICs without groups. 1204 */ 1205 if (!(s->security_extn && !attrs.secure) && gic_has_groups(s)) { 1206 /* Every byte offset holds 8 group status bits */ 1207 irq = (offset - 0x80) * 8; 1208 if (irq >= s->num_irq) { 1209 goto bad_reg; 1210 } 1211 for (i = 0; i < 8; i++) { 1212 /* Group bits are banked for private interrupts */ 1213 int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK; 1214 if (value & (1 << i)) { 1215 /* Group1 (Non-secure) */ 1216 GIC_DIST_SET_GROUP(irq + i, cm); 1217 } else { 1218 /* Group0 (Secure) */ 1219 GIC_DIST_CLEAR_GROUP(irq + i, cm); 1220 } 1221 } 1222 } 1223 } else { 1224 goto bad_reg; 1225 } 1226 } else if (offset < 0x180) { 1227 /* Interrupt Set Enable. */ 1228 irq = (offset - 0x100) * 8; 1229 if (irq >= s->num_irq) 1230 goto bad_reg; 1231 if (irq < GIC_NR_SGIS) { 1232 value = 0xff; 1233 } 1234 1235 for (i = 0; i < 8; i++) { 1236 if (value & (1 << i)) { 1237 int mask = 1238 (irq < GIC_INTERNAL) ? (1 << cpu) 1239 : GIC_DIST_TARGET(irq + i); 1240 int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK; 1241 1242 if (s->security_extn && !attrs.secure && 1243 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1244 continue; /* Ignore Non-secure access of Group0 IRQ */ 1245 } 1246 1247 if (!GIC_DIST_TEST_ENABLED(irq + i, cm)) { 1248 DPRINTF("Enabled IRQ %d\n", irq + i); 1249 trace_gic_enable_irq(irq + i); 1250 } 1251 GIC_DIST_SET_ENABLED(irq + i, cm); 1252 /* If a raised level triggered IRQ enabled then mark 1253 is as pending. */ 1254 if (GIC_DIST_TEST_LEVEL(irq + i, mask) 1255 && !GIC_DIST_TEST_EDGE_TRIGGER(irq + i)) { 1256 DPRINTF("Set %d pending mask %x\n", irq + i, mask); 1257 GIC_DIST_SET_PENDING(irq + i, mask); 1258 } 1259 } 1260 } 1261 } else if (offset < 0x200) { 1262 /* Interrupt Clear Enable. */ 1263 irq = (offset - 0x180) * 8; 1264 if (irq >= s->num_irq) 1265 goto bad_reg; 1266 if (irq < GIC_NR_SGIS) { 1267 value = 0; 1268 } 1269 1270 for (i = 0; i < 8; i++) { 1271 if (value & (1 << i)) { 1272 int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK; 1273 1274 if (s->security_extn && !attrs.secure && 1275 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1276 continue; /* Ignore Non-secure access of Group0 IRQ */ 1277 } 1278 1279 if (GIC_DIST_TEST_ENABLED(irq + i, cm)) { 1280 DPRINTF("Disabled IRQ %d\n", irq + i); 1281 trace_gic_disable_irq(irq + i); 1282 } 1283 GIC_DIST_CLEAR_ENABLED(irq + i, cm); 1284 } 1285 } 1286 } else if (offset < 0x280) { 1287 /* Interrupt Set Pending. */ 1288 irq = (offset - 0x200) * 8; 1289 if (irq >= s->num_irq) 1290 goto bad_reg; 1291 if (irq < GIC_NR_SGIS) { 1292 value = 0; 1293 } 1294 1295 for (i = 0; i < 8; i++) { 1296 if (value & (1 << i)) { 1297 if (s->security_extn && !attrs.secure && 1298 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1299 continue; /* Ignore Non-secure access of Group0 IRQ */ 1300 } 1301 1302 GIC_DIST_SET_PENDING(irq + i, GIC_DIST_TARGET(irq + i)); 1303 } 1304 } 1305 } else if (offset < 0x300) { 1306 /* Interrupt Clear Pending. */ 1307 irq = (offset - 0x280) * 8; 1308 if (irq >= s->num_irq) 1309 goto bad_reg; 1310 if (irq < GIC_NR_SGIS) { 1311 value = 0; 1312 } 1313 1314 for (i = 0; i < 8; i++) { 1315 if (s->security_extn && !attrs.secure && 1316 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1317 continue; /* Ignore Non-secure access of Group0 IRQ */ 1318 } 1319 1320 /* ??? This currently clears the pending bit for all CPUs, even 1321 for per-CPU interrupts. It's unclear whether this is the 1322 corect behavior. */ 1323 if (value & (1 << i)) { 1324 GIC_DIST_CLEAR_PENDING(irq + i, ALL_CPU_MASK); 1325 } 1326 } 1327 } else if (offset < 0x380) { 1328 /* Interrupt Set Active. */ 1329 if (s->revision != 2) { 1330 goto bad_reg; 1331 } 1332 1333 irq = (offset - 0x300) * 8; 1334 if (irq >= s->num_irq) { 1335 goto bad_reg; 1336 } 1337 1338 /* This register is banked per-cpu for PPIs */ 1339 int cm = irq < GIC_INTERNAL ? (1 << cpu) : ALL_CPU_MASK; 1340 1341 for (i = 0; i < 8; i++) { 1342 if (s->security_extn && !attrs.secure && 1343 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1344 continue; /* Ignore Non-secure access of Group0 IRQ */ 1345 } 1346 1347 if (value & (1 << i)) { 1348 GIC_DIST_SET_ACTIVE(irq + i, cm); 1349 } 1350 } 1351 } else if (offset < 0x400) { 1352 /* Interrupt Clear Active. */ 1353 if (s->revision != 2) { 1354 goto bad_reg; 1355 } 1356 1357 irq = (offset - 0x380) * 8; 1358 if (irq >= s->num_irq) { 1359 goto bad_reg; 1360 } 1361 1362 /* This register is banked per-cpu for PPIs */ 1363 int cm = irq < GIC_INTERNAL ? (1 << cpu) : ALL_CPU_MASK; 1364 1365 for (i = 0; i < 8; i++) { 1366 if (s->security_extn && !attrs.secure && 1367 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1368 continue; /* Ignore Non-secure access of Group0 IRQ */ 1369 } 1370 1371 if (value & (1 << i)) { 1372 GIC_DIST_CLEAR_ACTIVE(irq + i, cm); 1373 } 1374 } 1375 } else if (offset < 0x800) { 1376 /* Interrupt Priority. */ 1377 irq = (offset - 0x400); 1378 if (irq >= s->num_irq) 1379 goto bad_reg; 1380 gic_dist_set_priority(s, cpu, irq, value, attrs); 1381 } else if (offset < 0xc00) { 1382 /* Interrupt CPU Target. RAZ/WI on uniprocessor GICs, with the 1383 * annoying exception of the 11MPCore's GIC. 1384 */ 1385 if (s->num_cpu != 1 || s->revision == REV_11MPCORE) { 1386 irq = (offset - 0x800); 1387 if (irq >= s->num_irq) { 1388 goto bad_reg; 1389 } 1390 if (irq < 29 && s->revision == REV_11MPCORE) { 1391 value = 0; 1392 } else if (irq < GIC_INTERNAL) { 1393 value = ALL_CPU_MASK; 1394 } 1395 s->irq_target[irq] = value & ALL_CPU_MASK; 1396 } 1397 } else if (offset < 0xf00) { 1398 /* Interrupt Configuration. */ 1399 irq = (offset - 0xc00) * 4; 1400 if (irq >= s->num_irq) 1401 goto bad_reg; 1402 if (irq < GIC_NR_SGIS) 1403 value |= 0xaa; 1404 for (i = 0; i < 4; i++) { 1405 if (s->security_extn && !attrs.secure && 1406 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1407 continue; /* Ignore Non-secure access of Group0 IRQ */ 1408 } 1409 1410 if (s->revision == REV_11MPCORE) { 1411 if (value & (1 << (i * 2))) { 1412 GIC_DIST_SET_MODEL(irq + i); 1413 } else { 1414 GIC_DIST_CLEAR_MODEL(irq + i); 1415 } 1416 } 1417 if (value & (2 << (i * 2))) { 1418 GIC_DIST_SET_EDGE_TRIGGER(irq + i); 1419 } else { 1420 GIC_DIST_CLEAR_EDGE_TRIGGER(irq + i); 1421 } 1422 } 1423 } else if (offset < 0xf10) { 1424 /* 0xf00 is only handled for 32-bit writes. */ 1425 goto bad_reg; 1426 } else if (offset < 0xf20) { 1427 /* GICD_CPENDSGIRn */ 1428 if (s->revision == REV_11MPCORE) { 1429 goto bad_reg; 1430 } 1431 irq = (offset - 0xf10); 1432 1433 if (!s->security_extn || attrs.secure || 1434 GIC_DIST_TEST_GROUP(irq, 1 << cpu)) { 1435 s->sgi_pending[irq][cpu] &= ~value; 1436 if (s->sgi_pending[irq][cpu] == 0) { 1437 GIC_DIST_CLEAR_PENDING(irq, 1 << cpu); 1438 } 1439 } 1440 } else if (offset < 0xf30) { 1441 /* GICD_SPENDSGIRn */ 1442 if (s->revision == REV_11MPCORE) { 1443 goto bad_reg; 1444 } 1445 irq = (offset - 0xf20); 1446 1447 if (!s->security_extn || attrs.secure || 1448 GIC_DIST_TEST_GROUP(irq, 1 << cpu)) { 1449 GIC_DIST_SET_PENDING(irq, 1 << cpu); 1450 s->sgi_pending[irq][cpu] |= value; 1451 } 1452 } else { 1453 goto bad_reg; 1454 } 1455 gic_update(s); 1456 return; 1457 bad_reg: 1458 qemu_log_mask(LOG_GUEST_ERROR, 1459 "gic_dist_writeb: Bad offset %x\n", (int)offset); 1460 } 1461 1462 static void gic_dist_writew(void *opaque, hwaddr offset, 1463 uint32_t value, MemTxAttrs attrs) 1464 { 1465 gic_dist_writeb(opaque, offset, value & 0xff, attrs); 1466 gic_dist_writeb(opaque, offset + 1, value >> 8, attrs); 1467 } 1468 1469 static void gic_dist_writel(void *opaque, hwaddr offset, 1470 uint32_t value, MemTxAttrs attrs) 1471 { 1472 GICState *s = (GICState *)opaque; 1473 if (offset == 0xf00) { 1474 int cpu; 1475 int irq; 1476 int mask; 1477 int target_cpu; 1478 1479 cpu = gic_get_current_cpu(s); 1480 irq = value & 0xf; 1481 switch ((value >> 24) & 3) { 1482 case 0: 1483 mask = (value >> 16) & ALL_CPU_MASK; 1484 break; 1485 case 1: 1486 mask = ALL_CPU_MASK ^ (1 << cpu); 1487 break; 1488 case 2: 1489 mask = 1 << cpu; 1490 break; 1491 default: 1492 DPRINTF("Bad Soft Int target filter\n"); 1493 mask = ALL_CPU_MASK; 1494 break; 1495 } 1496 GIC_DIST_SET_PENDING(irq, mask); 1497 target_cpu = ctz32(mask); 1498 while (target_cpu < GIC_NCPU) { 1499 s->sgi_pending[irq][target_cpu] |= (1 << cpu); 1500 mask &= ~(1 << target_cpu); 1501 target_cpu = ctz32(mask); 1502 } 1503 gic_update(s); 1504 return; 1505 } 1506 gic_dist_writew(opaque, offset, value & 0xffff, attrs); 1507 gic_dist_writew(opaque, offset + 2, value >> 16, attrs); 1508 } 1509 1510 static MemTxResult gic_dist_write(void *opaque, hwaddr offset, uint64_t data, 1511 unsigned size, MemTxAttrs attrs) 1512 { 1513 trace_gic_dist_write(offset, size, data); 1514 1515 switch (size) { 1516 case 1: 1517 gic_dist_writeb(opaque, offset, data, attrs); 1518 return MEMTX_OK; 1519 case 2: 1520 gic_dist_writew(opaque, offset, data, attrs); 1521 return MEMTX_OK; 1522 case 4: 1523 gic_dist_writel(opaque, offset, data, attrs); 1524 return MEMTX_OK; 1525 default: 1526 return MEMTX_ERROR; 1527 } 1528 } 1529 1530 static inline uint32_t gic_apr_ns_view(GICState *s, int cpu, int regno) 1531 { 1532 /* Return the Nonsecure view of GICC_APR<regno>. This is the 1533 * second half of GICC_NSAPR. 1534 */ 1535 switch (GIC_MIN_BPR) { 1536 case 0: 1537 if (regno < 2) { 1538 return s->nsapr[regno + 2][cpu]; 1539 } 1540 break; 1541 case 1: 1542 if (regno == 0) { 1543 return s->nsapr[regno + 1][cpu]; 1544 } 1545 break; 1546 case 2: 1547 if (regno == 0) { 1548 return extract32(s->nsapr[0][cpu], 16, 16); 1549 } 1550 break; 1551 case 3: 1552 if (regno == 0) { 1553 return extract32(s->nsapr[0][cpu], 8, 8); 1554 } 1555 break; 1556 default: 1557 g_assert_not_reached(); 1558 } 1559 return 0; 1560 } 1561 1562 static inline void gic_apr_write_ns_view(GICState *s, int cpu, int regno, 1563 uint32_t value) 1564 { 1565 /* Write the Nonsecure view of GICC_APR<regno>. */ 1566 switch (GIC_MIN_BPR) { 1567 case 0: 1568 if (regno < 2) { 1569 s->nsapr[regno + 2][cpu] = value; 1570 } 1571 break; 1572 case 1: 1573 if (regno == 0) { 1574 s->nsapr[regno + 1][cpu] = value; 1575 } 1576 break; 1577 case 2: 1578 if (regno == 0) { 1579 s->nsapr[0][cpu] = deposit32(s->nsapr[0][cpu], 16, 16, value); 1580 } 1581 break; 1582 case 3: 1583 if (regno == 0) { 1584 s->nsapr[0][cpu] = deposit32(s->nsapr[0][cpu], 8, 8, value); 1585 } 1586 break; 1587 default: 1588 g_assert_not_reached(); 1589 } 1590 } 1591 1592 static MemTxResult gic_cpu_read(GICState *s, int cpu, int offset, 1593 uint64_t *data, MemTxAttrs attrs) 1594 { 1595 switch (offset) { 1596 case 0x00: /* Control */ 1597 *data = gic_get_cpu_control(s, cpu, attrs); 1598 break; 1599 case 0x04: /* Priority mask */ 1600 *data = gic_get_priority_mask(s, cpu, attrs); 1601 break; 1602 case 0x08: /* Binary Point */ 1603 if (gic_cpu_ns_access(s, cpu, attrs)) { 1604 if (s->cpu_ctlr[cpu] & GICC_CTLR_CBPR) { 1605 /* NS view of BPR when CBPR is 1 */ 1606 *data = MIN(s->bpr[cpu] + 1, 7); 1607 } else { 1608 /* BPR is banked. Non-secure copy stored in ABPR. */ 1609 *data = s->abpr[cpu]; 1610 } 1611 } else { 1612 *data = s->bpr[cpu]; 1613 } 1614 break; 1615 case 0x0c: /* Acknowledge */ 1616 *data = gic_acknowledge_irq(s, cpu, attrs); 1617 break; 1618 case 0x14: /* Running Priority */ 1619 *data = gic_get_running_priority(s, cpu, attrs); 1620 break; 1621 case 0x18: /* Highest Pending Interrupt */ 1622 *data = gic_get_current_pending_irq(s, cpu, attrs); 1623 break; 1624 case 0x1c: /* Aliased Binary Point */ 1625 /* GIC v2, no security: ABPR 1626 * GIC v1, no security: not implemented (RAZ/WI) 1627 * With security extensions, secure access: ABPR (alias of NS BPR) 1628 * With security extensions, nonsecure access: RAZ/WI 1629 */ 1630 if (!gic_has_groups(s) || (gic_cpu_ns_access(s, cpu, attrs))) { 1631 *data = 0; 1632 } else { 1633 *data = s->abpr[cpu]; 1634 } 1635 break; 1636 case 0xd0: case 0xd4: case 0xd8: case 0xdc: 1637 { 1638 int regno = (offset - 0xd0) / 4; 1639 int nr_aprs = gic_is_vcpu(cpu) ? GIC_VIRT_NR_APRS : GIC_NR_APRS; 1640 1641 if (regno >= nr_aprs || s->revision != 2) { 1642 *data = 0; 1643 } else if (gic_is_vcpu(cpu)) { 1644 *data = s->h_apr[gic_get_vcpu_real_id(cpu)]; 1645 } else if (gic_cpu_ns_access(s, cpu, attrs)) { 1646 /* NS view of GICC_APR<n> is the top half of GIC_NSAPR<n> */ 1647 *data = gic_apr_ns_view(s, regno, cpu); 1648 } else { 1649 *data = s->apr[regno][cpu]; 1650 } 1651 break; 1652 } 1653 case 0xe0: case 0xe4: case 0xe8: case 0xec: 1654 { 1655 int regno = (offset - 0xe0) / 4; 1656 1657 if (regno >= GIC_NR_APRS || s->revision != 2 || !gic_has_groups(s) || 1658 gic_cpu_ns_access(s, cpu, attrs) || gic_is_vcpu(cpu)) { 1659 *data = 0; 1660 } else { 1661 *data = s->nsapr[regno][cpu]; 1662 } 1663 break; 1664 } 1665 default: 1666 qemu_log_mask(LOG_GUEST_ERROR, 1667 "gic_cpu_read: Bad offset %x\n", (int)offset); 1668 *data = 0; 1669 break; 1670 } 1671 1672 trace_gic_cpu_read(gic_is_vcpu(cpu) ? "vcpu" : "cpu", 1673 gic_get_vcpu_real_id(cpu), offset, *data); 1674 return MEMTX_OK; 1675 } 1676 1677 static MemTxResult gic_cpu_write(GICState *s, int cpu, int offset, 1678 uint32_t value, MemTxAttrs attrs) 1679 { 1680 trace_gic_cpu_write(gic_is_vcpu(cpu) ? "vcpu" : "cpu", 1681 gic_get_vcpu_real_id(cpu), offset, value); 1682 1683 switch (offset) { 1684 case 0x00: /* Control */ 1685 gic_set_cpu_control(s, cpu, value, attrs); 1686 break; 1687 case 0x04: /* Priority mask */ 1688 gic_set_priority_mask(s, cpu, value, attrs); 1689 break; 1690 case 0x08: /* Binary Point */ 1691 if (gic_cpu_ns_access(s, cpu, attrs)) { 1692 if (s->cpu_ctlr[cpu] & GICC_CTLR_CBPR) { 1693 /* WI when CBPR is 1 */ 1694 return MEMTX_OK; 1695 } else { 1696 s->abpr[cpu] = MAX(value & 0x7, GIC_MIN_ABPR); 1697 } 1698 } else { 1699 int min_bpr = gic_is_vcpu(cpu) ? GIC_VIRT_MIN_BPR : GIC_MIN_BPR; 1700 s->bpr[cpu] = MAX(value & 0x7, min_bpr); 1701 } 1702 break; 1703 case 0x10: /* End Of Interrupt */ 1704 gic_complete_irq(s, cpu, value & 0x3ff, attrs); 1705 return MEMTX_OK; 1706 case 0x1c: /* Aliased Binary Point */ 1707 if (!gic_has_groups(s) || (gic_cpu_ns_access(s, cpu, attrs))) { 1708 /* unimplemented, or NS access: RAZ/WI */ 1709 return MEMTX_OK; 1710 } else { 1711 s->abpr[cpu] = MAX(value & 0x7, GIC_MIN_ABPR); 1712 } 1713 break; 1714 case 0xd0: case 0xd4: case 0xd8: case 0xdc: 1715 { 1716 int regno = (offset - 0xd0) / 4; 1717 int nr_aprs = gic_is_vcpu(cpu) ? GIC_VIRT_NR_APRS : GIC_NR_APRS; 1718 1719 if (regno >= nr_aprs || s->revision != 2) { 1720 return MEMTX_OK; 1721 } 1722 if (gic_is_vcpu(cpu)) { 1723 s->h_apr[gic_get_vcpu_real_id(cpu)] = value; 1724 } else if (gic_cpu_ns_access(s, cpu, attrs)) { 1725 /* NS view of GICC_APR<n> is the top half of GIC_NSAPR<n> */ 1726 gic_apr_write_ns_view(s, regno, cpu, value); 1727 } else { 1728 s->apr[regno][cpu] = value; 1729 } 1730 break; 1731 } 1732 case 0xe0: case 0xe4: case 0xe8: case 0xec: 1733 { 1734 int regno = (offset - 0xe0) / 4; 1735 1736 if (regno >= GIC_NR_APRS || s->revision != 2) { 1737 return MEMTX_OK; 1738 } 1739 if (gic_is_vcpu(cpu)) { 1740 return MEMTX_OK; 1741 } 1742 if (!gic_has_groups(s) || (gic_cpu_ns_access(s, cpu, attrs))) { 1743 return MEMTX_OK; 1744 } 1745 s->nsapr[regno][cpu] = value; 1746 break; 1747 } 1748 case 0x1000: 1749 /* GICC_DIR */ 1750 gic_deactivate_irq(s, cpu, value & 0x3ff, attrs); 1751 break; 1752 default: 1753 qemu_log_mask(LOG_GUEST_ERROR, 1754 "gic_cpu_write: Bad offset %x\n", (int)offset); 1755 return MEMTX_OK; 1756 } 1757 1758 if (gic_is_vcpu(cpu)) { 1759 gic_update_virt(s); 1760 } else { 1761 gic_update(s); 1762 } 1763 1764 return MEMTX_OK; 1765 } 1766 1767 /* Wrappers to read/write the GIC CPU interface for the current CPU */ 1768 static MemTxResult gic_thiscpu_read(void *opaque, hwaddr addr, uint64_t *data, 1769 unsigned size, MemTxAttrs attrs) 1770 { 1771 GICState *s = (GICState *)opaque; 1772 return gic_cpu_read(s, gic_get_current_cpu(s), addr, data, attrs); 1773 } 1774 1775 static MemTxResult gic_thiscpu_write(void *opaque, hwaddr addr, 1776 uint64_t value, unsigned size, 1777 MemTxAttrs attrs) 1778 { 1779 GICState *s = (GICState *)opaque; 1780 return gic_cpu_write(s, gic_get_current_cpu(s), addr, value, attrs); 1781 } 1782 1783 /* Wrappers to read/write the GIC CPU interface for a specific CPU. 1784 * These just decode the opaque pointer into GICState* + cpu id. 1785 */ 1786 static MemTxResult gic_do_cpu_read(void *opaque, hwaddr addr, uint64_t *data, 1787 unsigned size, MemTxAttrs attrs) 1788 { 1789 GICState **backref = (GICState **)opaque; 1790 GICState *s = *backref; 1791 int id = (backref - s->backref); 1792 return gic_cpu_read(s, id, addr, data, attrs); 1793 } 1794 1795 static MemTxResult gic_do_cpu_write(void *opaque, hwaddr addr, 1796 uint64_t value, unsigned size, 1797 MemTxAttrs attrs) 1798 { 1799 GICState **backref = (GICState **)opaque; 1800 GICState *s = *backref; 1801 int id = (backref - s->backref); 1802 return gic_cpu_write(s, id, addr, value, attrs); 1803 } 1804 1805 static MemTxResult gic_thisvcpu_read(void *opaque, hwaddr addr, uint64_t *data, 1806 unsigned size, MemTxAttrs attrs) 1807 { 1808 GICState *s = (GICState *)opaque; 1809 1810 return gic_cpu_read(s, gic_get_current_vcpu(s), addr, data, attrs); 1811 } 1812 1813 static MemTxResult gic_thisvcpu_write(void *opaque, hwaddr addr, 1814 uint64_t value, unsigned size, 1815 MemTxAttrs attrs) 1816 { 1817 GICState *s = (GICState *)opaque; 1818 1819 return gic_cpu_write(s, gic_get_current_vcpu(s), addr, value, attrs); 1820 } 1821 1822 static uint32_t gic_compute_eisr(GICState *s, int cpu, int lr_start) 1823 { 1824 int lr_idx; 1825 uint32_t ret = 0; 1826 1827 for (lr_idx = lr_start; lr_idx < s->num_lrs; lr_idx++) { 1828 uint32_t *entry = &s->h_lr[lr_idx][cpu]; 1829 ret = deposit32(ret, lr_idx - lr_start, 1, 1830 gic_lr_entry_is_eoi(*entry)); 1831 } 1832 1833 return ret; 1834 } 1835 1836 static uint32_t gic_compute_elrsr(GICState *s, int cpu, int lr_start) 1837 { 1838 int lr_idx; 1839 uint32_t ret = 0; 1840 1841 for (lr_idx = lr_start; lr_idx < s->num_lrs; lr_idx++) { 1842 uint32_t *entry = &s->h_lr[lr_idx][cpu]; 1843 ret = deposit32(ret, lr_idx - lr_start, 1, 1844 gic_lr_entry_is_free(*entry)); 1845 } 1846 1847 return ret; 1848 } 1849 1850 static void gic_vmcr_write(GICState *s, uint32_t value, MemTxAttrs attrs) 1851 { 1852 int vcpu = gic_get_current_vcpu(s); 1853 uint32_t ctlr; 1854 uint32_t abpr; 1855 uint32_t bpr; 1856 uint32_t prio_mask; 1857 1858 ctlr = FIELD_EX32(value, GICH_VMCR, VMCCtlr); 1859 abpr = FIELD_EX32(value, GICH_VMCR, VMABP); 1860 bpr = FIELD_EX32(value, GICH_VMCR, VMBP); 1861 prio_mask = FIELD_EX32(value, GICH_VMCR, VMPriMask) << 3; 1862 1863 gic_set_cpu_control(s, vcpu, ctlr, attrs); 1864 s->abpr[vcpu] = MAX(abpr, GIC_VIRT_MIN_ABPR); 1865 s->bpr[vcpu] = MAX(bpr, GIC_VIRT_MIN_BPR); 1866 gic_set_priority_mask(s, vcpu, prio_mask, attrs); 1867 } 1868 1869 static MemTxResult gic_hyp_read(void *opaque, int cpu, hwaddr addr, 1870 uint64_t *data, MemTxAttrs attrs) 1871 { 1872 GICState *s = ARM_GIC(opaque); 1873 int vcpu = cpu + GIC_NCPU; 1874 1875 switch (addr) { 1876 case A_GICH_HCR: /* Hypervisor Control */ 1877 *data = s->h_hcr[cpu]; 1878 break; 1879 1880 case A_GICH_VTR: /* VGIC Type */ 1881 *data = FIELD_DP32(0, GICH_VTR, ListRegs, s->num_lrs - 1); 1882 *data = FIELD_DP32(*data, GICH_VTR, PREbits, 1883 GIC_VIRT_MAX_GROUP_PRIO_BITS - 1); 1884 *data = FIELD_DP32(*data, GICH_VTR, PRIbits, 1885 (7 - GIC_VIRT_MIN_BPR) - 1); 1886 break; 1887 1888 case A_GICH_VMCR: /* Virtual Machine Control */ 1889 *data = FIELD_DP32(0, GICH_VMCR, VMCCtlr, 1890 extract32(s->cpu_ctlr[vcpu], 0, 10)); 1891 *data = FIELD_DP32(*data, GICH_VMCR, VMABP, s->abpr[vcpu]); 1892 *data = FIELD_DP32(*data, GICH_VMCR, VMBP, s->bpr[vcpu]); 1893 *data = FIELD_DP32(*data, GICH_VMCR, VMPriMask, 1894 extract32(s->priority_mask[vcpu], 3, 5)); 1895 break; 1896 1897 case A_GICH_MISR: /* Maintenance Interrupt Status */ 1898 *data = s->h_misr[cpu]; 1899 break; 1900 1901 case A_GICH_EISR0: /* End of Interrupt Status 0 and 1 */ 1902 case A_GICH_EISR1: 1903 *data = gic_compute_eisr(s, cpu, (addr - A_GICH_EISR0) * 8); 1904 break; 1905 1906 case A_GICH_ELRSR0: /* Empty List Status 0 and 1 */ 1907 case A_GICH_ELRSR1: 1908 *data = gic_compute_elrsr(s, cpu, (addr - A_GICH_ELRSR0) * 8); 1909 break; 1910 1911 case A_GICH_APR: /* Active Priorities */ 1912 *data = s->h_apr[cpu]; 1913 break; 1914 1915 case A_GICH_LR0 ... A_GICH_LR63: /* List Registers */ 1916 { 1917 int lr_idx = (addr - A_GICH_LR0) / 4; 1918 1919 if (lr_idx > s->num_lrs) { 1920 *data = 0; 1921 } else { 1922 *data = s->h_lr[lr_idx][cpu]; 1923 } 1924 break; 1925 } 1926 1927 default: 1928 qemu_log_mask(LOG_GUEST_ERROR, 1929 "gic_hyp_read: Bad offset %" HWADDR_PRIx "\n", addr); 1930 return MEMTX_OK; 1931 } 1932 1933 trace_gic_hyp_read(addr, *data); 1934 return MEMTX_OK; 1935 } 1936 1937 static MemTxResult gic_hyp_write(void *opaque, int cpu, hwaddr addr, 1938 uint64_t value, MemTxAttrs attrs) 1939 { 1940 GICState *s = ARM_GIC(opaque); 1941 int vcpu = cpu + GIC_NCPU; 1942 1943 trace_gic_hyp_write(addr, value); 1944 1945 switch (addr) { 1946 case A_GICH_HCR: /* Hypervisor Control */ 1947 s->h_hcr[cpu] = value & GICH_HCR_MASK; 1948 break; 1949 1950 case A_GICH_VMCR: /* Virtual Machine Control */ 1951 gic_vmcr_write(s, value, attrs); 1952 break; 1953 1954 case A_GICH_APR: /* Active Priorities */ 1955 s->h_apr[cpu] = value; 1956 s->running_priority[vcpu] = gic_get_prio_from_apr_bits(s, vcpu); 1957 break; 1958 1959 case A_GICH_LR0 ... A_GICH_LR63: /* List Registers */ 1960 { 1961 int lr_idx = (addr - A_GICH_LR0) / 4; 1962 1963 if (lr_idx > s->num_lrs) { 1964 return MEMTX_OK; 1965 } 1966 1967 s->h_lr[lr_idx][cpu] = value & GICH_LR_MASK; 1968 trace_gic_lr_entry(cpu, lr_idx, s->h_lr[lr_idx][cpu]); 1969 break; 1970 } 1971 1972 default: 1973 qemu_log_mask(LOG_GUEST_ERROR, 1974 "gic_hyp_write: Bad offset %" HWADDR_PRIx "\n", addr); 1975 return MEMTX_OK; 1976 } 1977 1978 gic_update_virt(s); 1979 return MEMTX_OK; 1980 } 1981 1982 static MemTxResult gic_thiscpu_hyp_read(void *opaque, hwaddr addr, uint64_t *data, 1983 unsigned size, MemTxAttrs attrs) 1984 { 1985 GICState *s = (GICState *)opaque; 1986 1987 return gic_hyp_read(s, gic_get_current_cpu(s), addr, data, attrs); 1988 } 1989 1990 static MemTxResult gic_thiscpu_hyp_write(void *opaque, hwaddr addr, 1991 uint64_t value, unsigned size, 1992 MemTxAttrs attrs) 1993 { 1994 GICState *s = (GICState *)opaque; 1995 1996 return gic_hyp_write(s, gic_get_current_cpu(s), addr, value, attrs); 1997 } 1998 1999 static MemTxResult gic_do_hyp_read(void *opaque, hwaddr addr, uint64_t *data, 2000 unsigned size, MemTxAttrs attrs) 2001 { 2002 GICState **backref = (GICState **)opaque; 2003 GICState *s = *backref; 2004 int id = (backref - s->backref); 2005 2006 return gic_hyp_read(s, id, addr, data, attrs); 2007 } 2008 2009 static MemTxResult gic_do_hyp_write(void *opaque, hwaddr addr, 2010 uint64_t value, unsigned size, 2011 MemTxAttrs attrs) 2012 { 2013 GICState **backref = (GICState **)opaque; 2014 GICState *s = *backref; 2015 int id = (backref - s->backref); 2016 2017 return gic_hyp_write(s, id + GIC_NCPU, addr, value, attrs); 2018 2019 } 2020 2021 static const MemoryRegionOps gic_ops[2] = { 2022 { 2023 .read_with_attrs = gic_dist_read, 2024 .write_with_attrs = gic_dist_write, 2025 .endianness = DEVICE_NATIVE_ENDIAN, 2026 }, 2027 { 2028 .read_with_attrs = gic_thiscpu_read, 2029 .write_with_attrs = gic_thiscpu_write, 2030 .endianness = DEVICE_NATIVE_ENDIAN, 2031 } 2032 }; 2033 2034 static const MemoryRegionOps gic_cpu_ops = { 2035 .read_with_attrs = gic_do_cpu_read, 2036 .write_with_attrs = gic_do_cpu_write, 2037 .endianness = DEVICE_NATIVE_ENDIAN, 2038 }; 2039 2040 static const MemoryRegionOps gic_virt_ops[2] = { 2041 { 2042 .read_with_attrs = gic_thiscpu_hyp_read, 2043 .write_with_attrs = gic_thiscpu_hyp_write, 2044 .endianness = DEVICE_NATIVE_ENDIAN, 2045 }, 2046 { 2047 .read_with_attrs = gic_thisvcpu_read, 2048 .write_with_attrs = gic_thisvcpu_write, 2049 .endianness = DEVICE_NATIVE_ENDIAN, 2050 } 2051 }; 2052 2053 static const MemoryRegionOps gic_viface_ops = { 2054 .read_with_attrs = gic_do_hyp_read, 2055 .write_with_attrs = gic_do_hyp_write, 2056 .endianness = DEVICE_NATIVE_ENDIAN, 2057 }; 2058 2059 static void arm_gic_realize(DeviceState *dev, Error **errp) 2060 { 2061 /* Device instance realize function for the GIC sysbus device */ 2062 int i; 2063 GICState *s = ARM_GIC(dev); 2064 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 2065 ARMGICClass *agc = ARM_GIC_GET_CLASS(s); 2066 Error *local_err = NULL; 2067 2068 agc->parent_realize(dev, &local_err); 2069 if (local_err) { 2070 error_propagate(errp, local_err); 2071 return; 2072 } 2073 2074 if (kvm_enabled() && !kvm_arm_supports_user_irq()) { 2075 error_setg(errp, "KVM with user space irqchip only works when the " 2076 "host kernel supports KVM_CAP_ARM_USER_IRQ"); 2077 return; 2078 } 2079 2080 if (s->n_prio_bits > GIC_MAX_PRIORITY_BITS || 2081 (s->virt_extn ? s->n_prio_bits < GIC_VIRT_MAX_GROUP_PRIO_BITS : 2082 s->n_prio_bits < GIC_MIN_PRIORITY_BITS)) { 2083 error_setg(errp, "num-priority-bits cannot be greater than %d" 2084 " or less than %d", GIC_MAX_PRIORITY_BITS, 2085 s->virt_extn ? GIC_VIRT_MAX_GROUP_PRIO_BITS : 2086 GIC_MIN_PRIORITY_BITS); 2087 return; 2088 } 2089 2090 /* This creates distributor, main CPU interface (s->cpuiomem[0]) and if 2091 * enabled, virtualization extensions related interfaces (main virtual 2092 * interface (s->vifaceiomem[0]) and virtual CPU interface). 2093 */ 2094 gic_init_irqs_and_mmio(s, gic_set_irq, gic_ops, gic_virt_ops); 2095 2096 /* Extra core-specific regions for the CPU interfaces. This is 2097 * necessary for "franken-GIC" implementations, for example on 2098 * Exynos 4. 2099 * NB that the memory region size of 0x100 applies for the 11MPCore 2100 * and also cores following the GIC v1 spec (ie A9). 2101 * GIC v2 defines a larger memory region (0x1000) so this will need 2102 * to be extended when we implement A15. 2103 */ 2104 for (i = 0; i < s->num_cpu; i++) { 2105 s->backref[i] = s; 2106 memory_region_init_io(&s->cpuiomem[i+1], OBJECT(s), &gic_cpu_ops, 2107 &s->backref[i], "gic_cpu", 0x100); 2108 sysbus_init_mmio(sbd, &s->cpuiomem[i+1]); 2109 } 2110 2111 /* Extra core-specific regions for virtual interfaces. This is required by 2112 * the GICv2 specification. 2113 */ 2114 if (s->virt_extn) { 2115 for (i = 0; i < s->num_cpu; i++) { 2116 memory_region_init_io(&s->vifaceiomem[i + 1], OBJECT(s), 2117 &gic_viface_ops, &s->backref[i], 2118 "gic_viface", 0x200); 2119 sysbus_init_mmio(sbd, &s->vifaceiomem[i + 1]); 2120 } 2121 } 2122 2123 } 2124 2125 static void arm_gic_class_init(ObjectClass *klass, void *data) 2126 { 2127 DeviceClass *dc = DEVICE_CLASS(klass); 2128 ARMGICClass *agc = ARM_GIC_CLASS(klass); 2129 2130 device_class_set_parent_realize(dc, arm_gic_realize, &agc->parent_realize); 2131 } 2132 2133 static const TypeInfo arm_gic_info = { 2134 .name = TYPE_ARM_GIC, 2135 .parent = TYPE_ARM_GIC_COMMON, 2136 .instance_size = sizeof(GICState), 2137 .class_init = arm_gic_class_init, 2138 .class_size = sizeof(ARMGICClass), 2139 }; 2140 2141 static void arm_gic_register_types(void) 2142 { 2143 type_register_static(&arm_gic_info); 2144 } 2145 2146 type_init(arm_gic_register_types) 2147