1 /* 2 * ARM Generic/Distributed Interrupt Controller 3 * 4 * Copyright (c) 2006-2007 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the GPL. 8 */ 9 10 /* This file contains implementation code for the RealView EB interrupt 11 * controller, MPCore distributed interrupt controller and ARMv7-M 12 * Nested Vectored Interrupt Controller. 13 * It is compiled in two ways: 14 * (1) as a standalone file to produce a sysbus device which is a GIC 15 * that can be used on the realview board and as one of the builtin 16 * private peripherals for the ARM MP CPUs (11MPCore, A9, etc) 17 * (2) by being directly #included into armv7m_nvic.c to produce the 18 * armv7m_nvic device. 19 */ 20 21 #include "hw/sysbus.h" 22 #include "gic_internal.h" 23 #include "qom/cpu.h" 24 25 //#define DEBUG_GIC 26 27 #ifdef DEBUG_GIC 28 #define DPRINTF(fmt, ...) \ 29 do { fprintf(stderr, "arm_gic: " fmt , ## __VA_ARGS__); } while (0) 30 #else 31 #define DPRINTF(fmt, ...) do {} while(0) 32 #endif 33 34 static const uint8_t gic_id[] = { 35 0x90, 0x13, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 36 }; 37 38 #define NUM_CPU(s) ((s)->num_cpu) 39 40 static inline int gic_get_current_cpu(GICState *s) 41 { 42 if (s->num_cpu > 1) { 43 return current_cpu->cpu_index; 44 } 45 return 0; 46 } 47 48 /* Return true if this GIC config has interrupt groups, which is 49 * true if we're a GICv2, or a GICv1 with the security extensions. 50 */ 51 static inline bool gic_has_groups(GICState *s) 52 { 53 return s->revision == 2 || s->security_extn; 54 } 55 56 /* TODO: Many places that call this routine could be optimized. */ 57 /* Update interrupt status after enabled or pending bits have been changed. */ 58 void gic_update(GICState *s) 59 { 60 int best_irq; 61 int best_prio; 62 int irq; 63 int irq_level, fiq_level; 64 int cpu; 65 int cm; 66 67 for (cpu = 0; cpu < NUM_CPU(s); cpu++) { 68 cm = 1 << cpu; 69 s->current_pending[cpu] = 1023; 70 if (!(s->ctlr & (GICD_CTLR_EN_GRP0 | GICD_CTLR_EN_GRP1)) 71 || !(s->cpu_ctlr[cpu] & (GICC_CTLR_EN_GRP0 | GICC_CTLR_EN_GRP1))) { 72 qemu_irq_lower(s->parent_irq[cpu]); 73 qemu_irq_lower(s->parent_fiq[cpu]); 74 continue; 75 } 76 best_prio = 0x100; 77 best_irq = 1023; 78 for (irq = 0; irq < s->num_irq; irq++) { 79 if (GIC_TEST_ENABLED(irq, cm) && gic_test_pending(s, irq, cm) && 80 (irq < GIC_INTERNAL || GIC_TARGET(irq) & cm)) { 81 if (GIC_GET_PRIORITY(irq, cpu) < best_prio) { 82 best_prio = GIC_GET_PRIORITY(irq, cpu); 83 best_irq = irq; 84 } 85 } 86 } 87 88 irq_level = fiq_level = 0; 89 90 if (best_prio < s->priority_mask[cpu]) { 91 s->current_pending[cpu] = best_irq; 92 if (best_prio < s->running_priority[cpu]) { 93 int group = GIC_TEST_GROUP(best_irq, cm); 94 95 if (extract32(s->ctlr, group, 1) && 96 extract32(s->cpu_ctlr[cpu], group, 1)) { 97 if (group == 0 && s->cpu_ctlr[cpu] & GICC_CTLR_FIQ_EN) { 98 DPRINTF("Raised pending FIQ %d (cpu %d)\n", 99 best_irq, cpu); 100 fiq_level = 1; 101 } else { 102 DPRINTF("Raised pending IRQ %d (cpu %d)\n", 103 best_irq, cpu); 104 irq_level = 1; 105 } 106 } 107 } 108 } 109 110 qemu_set_irq(s->parent_irq[cpu], irq_level); 111 qemu_set_irq(s->parent_fiq[cpu], fiq_level); 112 } 113 } 114 115 void gic_set_pending_private(GICState *s, int cpu, int irq) 116 { 117 int cm = 1 << cpu; 118 119 if (gic_test_pending(s, irq, cm)) { 120 return; 121 } 122 123 DPRINTF("Set %d pending cpu %d\n", irq, cpu); 124 GIC_SET_PENDING(irq, cm); 125 gic_update(s); 126 } 127 128 static void gic_set_irq_11mpcore(GICState *s, int irq, int level, 129 int cm, int target) 130 { 131 if (level) { 132 GIC_SET_LEVEL(irq, cm); 133 if (GIC_TEST_EDGE_TRIGGER(irq) || GIC_TEST_ENABLED(irq, cm)) { 134 DPRINTF("Set %d pending mask %x\n", irq, target); 135 GIC_SET_PENDING(irq, target); 136 } 137 } else { 138 GIC_CLEAR_LEVEL(irq, cm); 139 } 140 } 141 142 static void gic_set_irq_generic(GICState *s, int irq, int level, 143 int cm, int target) 144 { 145 if (level) { 146 GIC_SET_LEVEL(irq, cm); 147 DPRINTF("Set %d pending mask %x\n", irq, target); 148 if (GIC_TEST_EDGE_TRIGGER(irq)) { 149 GIC_SET_PENDING(irq, target); 150 } 151 } else { 152 GIC_CLEAR_LEVEL(irq, cm); 153 } 154 } 155 156 /* Process a change in an external IRQ input. */ 157 static void gic_set_irq(void *opaque, int irq, int level) 158 { 159 /* Meaning of the 'irq' parameter: 160 * [0..N-1] : external interrupts 161 * [N..N+31] : PPI (internal) interrupts for CPU 0 162 * [N+32..N+63] : PPI (internal interrupts for CPU 1 163 * ... 164 */ 165 GICState *s = (GICState *)opaque; 166 int cm, target; 167 if (irq < (s->num_irq - GIC_INTERNAL)) { 168 /* The first external input line is internal interrupt 32. */ 169 cm = ALL_CPU_MASK; 170 irq += GIC_INTERNAL; 171 target = GIC_TARGET(irq); 172 } else { 173 int cpu; 174 irq -= (s->num_irq - GIC_INTERNAL); 175 cpu = irq / GIC_INTERNAL; 176 irq %= GIC_INTERNAL; 177 cm = 1 << cpu; 178 target = cm; 179 } 180 181 assert(irq >= GIC_NR_SGIS); 182 183 if (level == GIC_TEST_LEVEL(irq, cm)) { 184 return; 185 } 186 187 if (s->revision == REV_11MPCORE || s->revision == REV_NVIC) { 188 gic_set_irq_11mpcore(s, irq, level, cm, target); 189 } else { 190 gic_set_irq_generic(s, irq, level, cm, target); 191 } 192 193 gic_update(s); 194 } 195 196 static uint16_t gic_get_current_pending_irq(GICState *s, int cpu, 197 MemTxAttrs attrs) 198 { 199 uint16_t pending_irq = s->current_pending[cpu]; 200 201 if (pending_irq < GIC_MAXIRQ && gic_has_groups(s)) { 202 int group = GIC_TEST_GROUP(pending_irq, (1 << cpu)); 203 /* On a GIC without the security extensions, reading this register 204 * behaves in the same way as a secure access to a GIC with them. 205 */ 206 bool secure = !s->security_extn || attrs.secure; 207 208 if (group == 0 && !secure) { 209 /* Group0 interrupts hidden from Non-secure access */ 210 return 1023; 211 } 212 if (group == 1 && secure && !(s->cpu_ctlr[cpu] & GICC_CTLR_ACK_CTL)) { 213 /* Group1 interrupts only seen by Secure access if 214 * AckCtl bit set. 215 */ 216 return 1022; 217 } 218 } 219 return pending_irq; 220 } 221 222 static int gic_get_group_priority(GICState *s, int cpu, int irq) 223 { 224 /* Return the group priority of the specified interrupt 225 * (which is the top bits of its priority, with the number 226 * of bits masked determined by the applicable binary point register). 227 */ 228 int bpr; 229 uint32_t mask; 230 231 if (gic_has_groups(s) && 232 !(s->cpu_ctlr[cpu] & GICC_CTLR_CBPR) && 233 GIC_TEST_GROUP(irq, (1 << cpu))) { 234 bpr = s->abpr[cpu]; 235 } else { 236 bpr = s->bpr[cpu]; 237 } 238 239 /* a BPR of 0 means the group priority bits are [7:1]; 240 * a BPR of 1 means they are [7:2], and so on down to 241 * a BPR of 7 meaning no group priority bits at all. 242 */ 243 mask = ~0U << ((bpr & 7) + 1); 244 245 return GIC_GET_PRIORITY(irq, cpu) & mask; 246 } 247 248 static void gic_set_running_irq(GICState *s, int cpu, int irq) 249 { 250 s->running_irq[cpu] = irq; 251 if (irq == 1023) { 252 s->running_priority[cpu] = 0x100; 253 } else { 254 s->running_priority[cpu] = gic_get_group_priority(s, cpu, irq); 255 } 256 gic_update(s); 257 } 258 259 uint32_t gic_acknowledge_irq(GICState *s, int cpu, MemTxAttrs attrs) 260 { 261 int ret, irq, src; 262 int cm = 1 << cpu; 263 264 /* gic_get_current_pending_irq() will return 1022 or 1023 appropriately 265 * for the case where this GIC supports grouping and the pending interrupt 266 * is in the wrong group. 267 */ 268 irq = gic_get_current_pending_irq(s, cpu, attrs);; 269 270 if (irq >= GIC_MAXIRQ) { 271 DPRINTF("ACK, no pending interrupt or it is hidden: %d\n", irq); 272 return irq; 273 } 274 275 if (GIC_GET_PRIORITY(irq, cpu) >= s->running_priority[cpu]) { 276 DPRINTF("ACK, pending interrupt (%d) has insufficient priority\n", irq); 277 return 1023; 278 } 279 s->last_active[irq][cpu] = s->running_irq[cpu]; 280 281 if (s->revision == REV_11MPCORE || s->revision == REV_NVIC) { 282 /* Clear pending flags for both level and edge triggered interrupts. 283 * Level triggered IRQs will be reasserted once they become inactive. 284 */ 285 GIC_CLEAR_PENDING(irq, GIC_TEST_MODEL(irq) ? ALL_CPU_MASK : cm); 286 ret = irq; 287 } else { 288 if (irq < GIC_NR_SGIS) { 289 /* Lookup the source CPU for the SGI and clear this in the 290 * sgi_pending map. Return the src and clear the overall pending 291 * state on this CPU if the SGI is not pending from any CPUs. 292 */ 293 assert(s->sgi_pending[irq][cpu] != 0); 294 src = ctz32(s->sgi_pending[irq][cpu]); 295 s->sgi_pending[irq][cpu] &= ~(1 << src); 296 if (s->sgi_pending[irq][cpu] == 0) { 297 GIC_CLEAR_PENDING(irq, GIC_TEST_MODEL(irq) ? ALL_CPU_MASK : cm); 298 } 299 ret = irq | ((src & 0x7) << 10); 300 } else { 301 /* Clear pending state for both level and edge triggered 302 * interrupts. (level triggered interrupts with an active line 303 * remain pending, see gic_test_pending) 304 */ 305 GIC_CLEAR_PENDING(irq, GIC_TEST_MODEL(irq) ? ALL_CPU_MASK : cm); 306 ret = irq; 307 } 308 } 309 310 gic_set_running_irq(s, cpu, irq); 311 DPRINTF("ACK %d\n", irq); 312 return ret; 313 } 314 315 void gic_set_priority(GICState *s, int cpu, int irq, uint8_t val, 316 MemTxAttrs attrs) 317 { 318 if (s->security_extn && !attrs.secure) { 319 if (!GIC_TEST_GROUP(irq, (1 << cpu))) { 320 return; /* Ignore Non-secure access of Group0 IRQ */ 321 } 322 val = 0x80 | (val >> 1); /* Non-secure view */ 323 } 324 325 if (irq < GIC_INTERNAL) { 326 s->priority1[irq][cpu] = val; 327 } else { 328 s->priority2[(irq) - GIC_INTERNAL] = val; 329 } 330 } 331 332 static uint32_t gic_get_priority(GICState *s, int cpu, int irq, 333 MemTxAttrs attrs) 334 { 335 uint32_t prio = GIC_GET_PRIORITY(irq, cpu); 336 337 if (s->security_extn && !attrs.secure) { 338 if (!GIC_TEST_GROUP(irq, (1 << cpu))) { 339 return 0; /* Non-secure access cannot read priority of Group0 IRQ */ 340 } 341 prio = (prio << 1) & 0xff; /* Non-secure view */ 342 } 343 return prio; 344 } 345 346 static void gic_set_priority_mask(GICState *s, int cpu, uint8_t pmask, 347 MemTxAttrs attrs) 348 { 349 if (s->security_extn && !attrs.secure) { 350 if (s->priority_mask[cpu] & 0x80) { 351 /* Priority Mask in upper half */ 352 pmask = 0x80 | (pmask >> 1); 353 } else { 354 /* Non-secure write ignored if priority mask is in lower half */ 355 return; 356 } 357 } 358 s->priority_mask[cpu] = pmask; 359 } 360 361 static uint32_t gic_get_priority_mask(GICState *s, int cpu, MemTxAttrs attrs) 362 { 363 uint32_t pmask = s->priority_mask[cpu]; 364 365 if (s->security_extn && !attrs.secure) { 366 if (pmask & 0x80) { 367 /* Priority Mask in upper half, return Non-secure view */ 368 pmask = (pmask << 1) & 0xff; 369 } else { 370 /* Priority Mask in lower half, RAZ */ 371 pmask = 0; 372 } 373 } 374 return pmask; 375 } 376 377 static uint32_t gic_get_cpu_control(GICState *s, int cpu, MemTxAttrs attrs) 378 { 379 uint32_t ret = s->cpu_ctlr[cpu]; 380 381 if (s->security_extn && !attrs.secure) { 382 /* Construct the NS banked view of GICC_CTLR from the correct 383 * bits of the S banked view. We don't need to move the bypass 384 * control bits because we don't implement that (IMPDEF) part 385 * of the GIC architecture. 386 */ 387 ret = (ret & (GICC_CTLR_EN_GRP1 | GICC_CTLR_EOIMODE_NS)) >> 1; 388 } 389 return ret; 390 } 391 392 static void gic_set_cpu_control(GICState *s, int cpu, uint32_t value, 393 MemTxAttrs attrs) 394 { 395 uint32_t mask; 396 397 if (s->security_extn && !attrs.secure) { 398 /* The NS view can only write certain bits in the register; 399 * the rest are unchanged 400 */ 401 mask = GICC_CTLR_EN_GRP1; 402 if (s->revision == 2) { 403 mask |= GICC_CTLR_EOIMODE_NS; 404 } 405 s->cpu_ctlr[cpu] &= ~mask; 406 s->cpu_ctlr[cpu] |= (value << 1) & mask; 407 } else { 408 if (s->revision == 2) { 409 mask = s->security_extn ? GICC_CTLR_V2_S_MASK : GICC_CTLR_V2_MASK; 410 } else { 411 mask = s->security_extn ? GICC_CTLR_V1_S_MASK : GICC_CTLR_V1_MASK; 412 } 413 s->cpu_ctlr[cpu] = value & mask; 414 } 415 DPRINTF("CPU Interface %d: Group0 Interrupts %sabled, " 416 "Group1 Interrupts %sabled\n", cpu, 417 (s->cpu_ctlr[cpu] & GICC_CTLR_EN_GRP0) ? "En" : "Dis", 418 (s->cpu_ctlr[cpu] & GICC_CTLR_EN_GRP1) ? "En" : "Dis"); 419 } 420 421 static uint8_t gic_get_running_priority(GICState *s, int cpu, MemTxAttrs attrs) 422 { 423 if (s->security_extn && !attrs.secure) { 424 if (s->running_priority[cpu] & 0x80) { 425 /* Running priority in upper half of range: return the Non-secure 426 * view of the priority. 427 */ 428 return s->running_priority[cpu] << 1; 429 } else { 430 /* Running priority in lower half of range: RAZ */ 431 return 0; 432 } 433 } else { 434 return s->running_priority[cpu]; 435 } 436 } 437 438 void gic_complete_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs) 439 { 440 int update = 0; 441 int cm = 1 << cpu; 442 DPRINTF("EOI %d\n", irq); 443 if (irq >= s->num_irq) { 444 /* This handles two cases: 445 * 1. If software writes the ID of a spurious interrupt [ie 1023] 446 * to the GICC_EOIR, the GIC ignores that write. 447 * 2. If software writes the number of a non-existent interrupt 448 * this must be a subcase of "value written does not match the last 449 * valid interrupt value read from the Interrupt Acknowledge 450 * register" and so this is UNPREDICTABLE. We choose to ignore it. 451 */ 452 return; 453 } 454 if (s->running_irq[cpu] == 1023) 455 return; /* No active IRQ. */ 456 457 if (s->revision == REV_11MPCORE || s->revision == REV_NVIC) { 458 /* Mark level triggered interrupts as pending if they are still 459 raised. */ 460 if (!GIC_TEST_EDGE_TRIGGER(irq) && GIC_TEST_ENABLED(irq, cm) 461 && GIC_TEST_LEVEL(irq, cm) && (GIC_TARGET(irq) & cm) != 0) { 462 DPRINTF("Set %d pending mask %x\n", irq, cm); 463 GIC_SET_PENDING(irq, cm); 464 update = 1; 465 } 466 } 467 468 if (s->security_extn && !attrs.secure && !GIC_TEST_GROUP(irq, cm)) { 469 DPRINTF("Non-secure EOI for Group0 interrupt %d ignored\n", irq); 470 return; 471 } 472 473 /* Secure EOI with GICC_CTLR.AckCtl == 0 when the IRQ is a Group 1 474 * interrupt is UNPREDICTABLE. We choose to handle it as if AckCtl == 1, 475 * i.e. go ahead and complete the irq anyway. 476 */ 477 478 if (irq != s->running_irq[cpu]) { 479 /* Complete an IRQ that is not currently running. */ 480 int tmp = s->running_irq[cpu]; 481 while (s->last_active[tmp][cpu] != 1023) { 482 if (s->last_active[tmp][cpu] == irq) { 483 s->last_active[tmp][cpu] = s->last_active[irq][cpu]; 484 break; 485 } 486 tmp = s->last_active[tmp][cpu]; 487 } 488 if (update) { 489 gic_update(s); 490 } 491 } else { 492 /* Complete the current running IRQ. */ 493 gic_set_running_irq(s, cpu, s->last_active[s->running_irq[cpu]][cpu]); 494 } 495 } 496 497 static uint32_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs) 498 { 499 GICState *s = (GICState *)opaque; 500 uint32_t res; 501 int irq; 502 int i; 503 int cpu; 504 int cm; 505 int mask; 506 507 cpu = gic_get_current_cpu(s); 508 cm = 1 << cpu; 509 if (offset < 0x100) { 510 if (offset == 0) { /* GICD_CTLR */ 511 if (s->security_extn && !attrs.secure) { 512 /* The NS bank of this register is just an alias of the 513 * EnableGrp1 bit in the S bank version. 514 */ 515 return extract32(s->ctlr, 1, 1); 516 } else { 517 return s->ctlr; 518 } 519 } 520 if (offset == 4) 521 /* Interrupt Controller Type Register */ 522 return ((s->num_irq / 32) - 1) 523 | ((NUM_CPU(s) - 1) << 5) 524 | (s->security_extn << 10); 525 if (offset < 0x08) 526 return 0; 527 if (offset >= 0x80) { 528 /* Interrupt Group Registers: these RAZ/WI if this is an NS 529 * access to a GIC with the security extensions, or if the GIC 530 * doesn't have groups at all. 531 */ 532 res = 0; 533 if (!(s->security_extn && !attrs.secure) && gic_has_groups(s)) { 534 /* Every byte offset holds 8 group status bits */ 535 irq = (offset - 0x080) * 8 + GIC_BASE_IRQ; 536 if (irq >= s->num_irq) { 537 goto bad_reg; 538 } 539 for (i = 0; i < 8; i++) { 540 if (GIC_TEST_GROUP(irq + i, cm)) { 541 res |= (1 << i); 542 } 543 } 544 } 545 return res; 546 } 547 goto bad_reg; 548 } else if (offset < 0x200) { 549 /* Interrupt Set/Clear Enable. */ 550 if (offset < 0x180) 551 irq = (offset - 0x100) * 8; 552 else 553 irq = (offset - 0x180) * 8; 554 irq += GIC_BASE_IRQ; 555 if (irq >= s->num_irq) 556 goto bad_reg; 557 res = 0; 558 for (i = 0; i < 8; i++) { 559 if (GIC_TEST_ENABLED(irq + i, cm)) { 560 res |= (1 << i); 561 } 562 } 563 } else if (offset < 0x300) { 564 /* Interrupt Set/Clear Pending. */ 565 if (offset < 0x280) 566 irq = (offset - 0x200) * 8; 567 else 568 irq = (offset - 0x280) * 8; 569 irq += GIC_BASE_IRQ; 570 if (irq >= s->num_irq) 571 goto bad_reg; 572 res = 0; 573 mask = (irq < GIC_INTERNAL) ? cm : ALL_CPU_MASK; 574 for (i = 0; i < 8; i++) { 575 if (gic_test_pending(s, irq + i, mask)) { 576 res |= (1 << i); 577 } 578 } 579 } else if (offset < 0x400) { 580 /* Interrupt Active. */ 581 irq = (offset - 0x300) * 8 + GIC_BASE_IRQ; 582 if (irq >= s->num_irq) 583 goto bad_reg; 584 res = 0; 585 mask = (irq < GIC_INTERNAL) ? cm : ALL_CPU_MASK; 586 for (i = 0; i < 8; i++) { 587 if (GIC_TEST_ACTIVE(irq + i, mask)) { 588 res |= (1 << i); 589 } 590 } 591 } else if (offset < 0x800) { 592 /* Interrupt Priority. */ 593 irq = (offset - 0x400) + GIC_BASE_IRQ; 594 if (irq >= s->num_irq) 595 goto bad_reg; 596 res = gic_get_priority(s, cpu, irq, attrs); 597 } else if (offset < 0xc00) { 598 /* Interrupt CPU Target. */ 599 if (s->num_cpu == 1 && s->revision != REV_11MPCORE) { 600 /* For uniprocessor GICs these RAZ/WI */ 601 res = 0; 602 } else { 603 irq = (offset - 0x800) + GIC_BASE_IRQ; 604 if (irq >= s->num_irq) { 605 goto bad_reg; 606 } 607 if (irq >= 29 && irq <= 31) { 608 res = cm; 609 } else { 610 res = GIC_TARGET(irq); 611 } 612 } 613 } else if (offset < 0xf00) { 614 /* Interrupt Configuration. */ 615 irq = (offset - 0xc00) * 4 + GIC_BASE_IRQ; 616 if (irq >= s->num_irq) 617 goto bad_reg; 618 res = 0; 619 for (i = 0; i < 4; i++) { 620 if (GIC_TEST_MODEL(irq + i)) 621 res |= (1 << (i * 2)); 622 if (GIC_TEST_EDGE_TRIGGER(irq + i)) 623 res |= (2 << (i * 2)); 624 } 625 } else if (offset < 0xf10) { 626 goto bad_reg; 627 } else if (offset < 0xf30) { 628 if (s->revision == REV_11MPCORE || s->revision == REV_NVIC) { 629 goto bad_reg; 630 } 631 632 if (offset < 0xf20) { 633 /* GICD_CPENDSGIRn */ 634 irq = (offset - 0xf10); 635 } else { 636 irq = (offset - 0xf20); 637 /* GICD_SPENDSGIRn */ 638 } 639 640 res = s->sgi_pending[irq][cpu]; 641 } else if (offset < 0xfe0) { 642 goto bad_reg; 643 } else /* offset >= 0xfe0 */ { 644 if (offset & 3) { 645 res = 0; 646 } else { 647 res = gic_id[(offset - 0xfe0) >> 2]; 648 } 649 } 650 return res; 651 bad_reg: 652 qemu_log_mask(LOG_GUEST_ERROR, 653 "gic_dist_readb: Bad offset %x\n", (int)offset); 654 return 0; 655 } 656 657 static MemTxResult gic_dist_read(void *opaque, hwaddr offset, uint64_t *data, 658 unsigned size, MemTxAttrs attrs) 659 { 660 switch (size) { 661 case 1: 662 *data = gic_dist_readb(opaque, offset, attrs); 663 return MEMTX_OK; 664 case 2: 665 *data = gic_dist_readb(opaque, offset, attrs); 666 *data |= gic_dist_readb(opaque, offset + 1, attrs) << 8; 667 return MEMTX_OK; 668 case 4: 669 *data = gic_dist_readb(opaque, offset, attrs); 670 *data |= gic_dist_readb(opaque, offset + 1, attrs) << 8; 671 *data |= gic_dist_readb(opaque, offset + 2, attrs) << 16; 672 *data |= gic_dist_readb(opaque, offset + 3, attrs) << 24; 673 return MEMTX_OK; 674 default: 675 return MEMTX_ERROR; 676 } 677 } 678 679 static void gic_dist_writeb(void *opaque, hwaddr offset, 680 uint32_t value, MemTxAttrs attrs) 681 { 682 GICState *s = (GICState *)opaque; 683 int irq; 684 int i; 685 int cpu; 686 687 cpu = gic_get_current_cpu(s); 688 if (offset < 0x100) { 689 if (offset == 0) { 690 if (s->security_extn && !attrs.secure) { 691 /* NS version is just an alias of the S version's bit 1 */ 692 s->ctlr = deposit32(s->ctlr, 1, 1, value); 693 } else if (gic_has_groups(s)) { 694 s->ctlr = value & (GICD_CTLR_EN_GRP0 | GICD_CTLR_EN_GRP1); 695 } else { 696 s->ctlr = value & GICD_CTLR_EN_GRP0; 697 } 698 DPRINTF("Distributor: Group0 %sabled; Group 1 %sabled\n", 699 s->ctlr & GICD_CTLR_EN_GRP0 ? "En" : "Dis", 700 s->ctlr & GICD_CTLR_EN_GRP1 ? "En" : "Dis"); 701 } else if (offset < 4) { 702 /* ignored. */ 703 } else if (offset >= 0x80) { 704 /* Interrupt Group Registers: RAZ/WI for NS access to secure 705 * GIC, or for GICs without groups. 706 */ 707 if (!(s->security_extn && !attrs.secure) && gic_has_groups(s)) { 708 /* Every byte offset holds 8 group status bits */ 709 irq = (offset - 0x80) * 8 + GIC_BASE_IRQ; 710 if (irq >= s->num_irq) { 711 goto bad_reg; 712 } 713 for (i = 0; i < 8; i++) { 714 /* Group bits are banked for private interrupts */ 715 int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK; 716 if (value & (1 << i)) { 717 /* Group1 (Non-secure) */ 718 GIC_SET_GROUP(irq + i, cm); 719 } else { 720 /* Group0 (Secure) */ 721 GIC_CLEAR_GROUP(irq + i, cm); 722 } 723 } 724 } 725 } else { 726 goto bad_reg; 727 } 728 } else if (offset < 0x180) { 729 /* Interrupt Set Enable. */ 730 irq = (offset - 0x100) * 8 + GIC_BASE_IRQ; 731 if (irq >= s->num_irq) 732 goto bad_reg; 733 if (irq < GIC_NR_SGIS) { 734 value = 0xff; 735 } 736 737 for (i = 0; i < 8; i++) { 738 if (value & (1 << i)) { 739 int mask = 740 (irq < GIC_INTERNAL) ? (1 << cpu) : GIC_TARGET(irq + i); 741 int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK; 742 743 if (!GIC_TEST_ENABLED(irq + i, cm)) { 744 DPRINTF("Enabled IRQ %d\n", irq + i); 745 } 746 GIC_SET_ENABLED(irq + i, cm); 747 /* If a raised level triggered IRQ enabled then mark 748 is as pending. */ 749 if (GIC_TEST_LEVEL(irq + i, mask) 750 && !GIC_TEST_EDGE_TRIGGER(irq + i)) { 751 DPRINTF("Set %d pending mask %x\n", irq + i, mask); 752 GIC_SET_PENDING(irq + i, mask); 753 } 754 } 755 } 756 } else if (offset < 0x200) { 757 /* Interrupt Clear Enable. */ 758 irq = (offset - 0x180) * 8 + GIC_BASE_IRQ; 759 if (irq >= s->num_irq) 760 goto bad_reg; 761 if (irq < GIC_NR_SGIS) { 762 value = 0; 763 } 764 765 for (i = 0; i < 8; i++) { 766 if (value & (1 << i)) { 767 int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK; 768 769 if (GIC_TEST_ENABLED(irq + i, cm)) { 770 DPRINTF("Disabled IRQ %d\n", irq + i); 771 } 772 GIC_CLEAR_ENABLED(irq + i, cm); 773 } 774 } 775 } else if (offset < 0x280) { 776 /* Interrupt Set Pending. */ 777 irq = (offset - 0x200) * 8 + GIC_BASE_IRQ; 778 if (irq >= s->num_irq) 779 goto bad_reg; 780 if (irq < GIC_NR_SGIS) { 781 value = 0; 782 } 783 784 for (i = 0; i < 8; i++) { 785 if (value & (1 << i)) { 786 GIC_SET_PENDING(irq + i, GIC_TARGET(irq + i)); 787 } 788 } 789 } else if (offset < 0x300) { 790 /* Interrupt Clear Pending. */ 791 irq = (offset - 0x280) * 8 + GIC_BASE_IRQ; 792 if (irq >= s->num_irq) 793 goto bad_reg; 794 if (irq < GIC_NR_SGIS) { 795 value = 0; 796 } 797 798 for (i = 0; i < 8; i++) { 799 /* ??? This currently clears the pending bit for all CPUs, even 800 for per-CPU interrupts. It's unclear whether this is the 801 corect behavior. */ 802 if (value & (1 << i)) { 803 GIC_CLEAR_PENDING(irq + i, ALL_CPU_MASK); 804 } 805 } 806 } else if (offset < 0x400) { 807 /* Interrupt Active. */ 808 goto bad_reg; 809 } else if (offset < 0x800) { 810 /* Interrupt Priority. */ 811 irq = (offset - 0x400) + GIC_BASE_IRQ; 812 if (irq >= s->num_irq) 813 goto bad_reg; 814 gic_set_priority(s, cpu, irq, value, attrs); 815 } else if (offset < 0xc00) { 816 /* Interrupt CPU Target. RAZ/WI on uniprocessor GICs, with the 817 * annoying exception of the 11MPCore's GIC. 818 */ 819 if (s->num_cpu != 1 || s->revision == REV_11MPCORE) { 820 irq = (offset - 0x800) + GIC_BASE_IRQ; 821 if (irq >= s->num_irq) { 822 goto bad_reg; 823 } 824 if (irq < 29) { 825 value = 0; 826 } else if (irq < GIC_INTERNAL) { 827 value = ALL_CPU_MASK; 828 } 829 s->irq_target[irq] = value & ALL_CPU_MASK; 830 } 831 } else if (offset < 0xf00) { 832 /* Interrupt Configuration. */ 833 irq = (offset - 0xc00) * 4 + GIC_BASE_IRQ; 834 if (irq >= s->num_irq) 835 goto bad_reg; 836 if (irq < GIC_NR_SGIS) 837 value |= 0xaa; 838 for (i = 0; i < 4; i++) { 839 if (s->revision == REV_11MPCORE || s->revision == REV_NVIC) { 840 if (value & (1 << (i * 2))) { 841 GIC_SET_MODEL(irq + i); 842 } else { 843 GIC_CLEAR_MODEL(irq + i); 844 } 845 } 846 if (value & (2 << (i * 2))) { 847 GIC_SET_EDGE_TRIGGER(irq + i); 848 } else { 849 GIC_CLEAR_EDGE_TRIGGER(irq + i); 850 } 851 } 852 } else if (offset < 0xf10) { 853 /* 0xf00 is only handled for 32-bit writes. */ 854 goto bad_reg; 855 } else if (offset < 0xf20) { 856 /* GICD_CPENDSGIRn */ 857 if (s->revision == REV_11MPCORE || s->revision == REV_NVIC) { 858 goto bad_reg; 859 } 860 irq = (offset - 0xf10); 861 862 s->sgi_pending[irq][cpu] &= ~value; 863 if (s->sgi_pending[irq][cpu] == 0) { 864 GIC_CLEAR_PENDING(irq, 1 << cpu); 865 } 866 } else if (offset < 0xf30) { 867 /* GICD_SPENDSGIRn */ 868 if (s->revision == REV_11MPCORE || s->revision == REV_NVIC) { 869 goto bad_reg; 870 } 871 irq = (offset - 0xf20); 872 873 GIC_SET_PENDING(irq, 1 << cpu); 874 s->sgi_pending[irq][cpu] |= value; 875 } else { 876 goto bad_reg; 877 } 878 gic_update(s); 879 return; 880 bad_reg: 881 qemu_log_mask(LOG_GUEST_ERROR, 882 "gic_dist_writeb: Bad offset %x\n", (int)offset); 883 } 884 885 static void gic_dist_writew(void *opaque, hwaddr offset, 886 uint32_t value, MemTxAttrs attrs) 887 { 888 gic_dist_writeb(opaque, offset, value & 0xff, attrs); 889 gic_dist_writeb(opaque, offset + 1, value >> 8, attrs); 890 } 891 892 static void gic_dist_writel(void *opaque, hwaddr offset, 893 uint32_t value, MemTxAttrs attrs) 894 { 895 GICState *s = (GICState *)opaque; 896 if (offset == 0xf00) { 897 int cpu; 898 int irq; 899 int mask; 900 int target_cpu; 901 902 cpu = gic_get_current_cpu(s); 903 irq = value & 0x3ff; 904 switch ((value >> 24) & 3) { 905 case 0: 906 mask = (value >> 16) & ALL_CPU_MASK; 907 break; 908 case 1: 909 mask = ALL_CPU_MASK ^ (1 << cpu); 910 break; 911 case 2: 912 mask = 1 << cpu; 913 break; 914 default: 915 DPRINTF("Bad Soft Int target filter\n"); 916 mask = ALL_CPU_MASK; 917 break; 918 } 919 GIC_SET_PENDING(irq, mask); 920 target_cpu = ctz32(mask); 921 while (target_cpu < GIC_NCPU) { 922 s->sgi_pending[irq][target_cpu] |= (1 << cpu); 923 mask &= ~(1 << target_cpu); 924 target_cpu = ctz32(mask); 925 } 926 gic_update(s); 927 return; 928 } 929 gic_dist_writew(opaque, offset, value & 0xffff, attrs); 930 gic_dist_writew(opaque, offset + 2, value >> 16, attrs); 931 } 932 933 static MemTxResult gic_dist_write(void *opaque, hwaddr offset, uint64_t data, 934 unsigned size, MemTxAttrs attrs) 935 { 936 switch (size) { 937 case 1: 938 gic_dist_writeb(opaque, offset, data, attrs); 939 return MEMTX_OK; 940 case 2: 941 gic_dist_writew(opaque, offset, data, attrs); 942 return MEMTX_OK; 943 case 4: 944 gic_dist_writel(opaque, offset, data, attrs); 945 return MEMTX_OK; 946 default: 947 return MEMTX_ERROR; 948 } 949 } 950 951 static inline uint32_t gic_apr_ns_view(GICState *s, int cpu, int regno) 952 { 953 /* Return the Nonsecure view of GICC_APR<regno>. This is the 954 * second half of GICC_NSAPR. 955 */ 956 switch (GIC_MIN_BPR) { 957 case 0: 958 if (regno < 2) { 959 return s->nsapr[regno + 2][cpu]; 960 } 961 break; 962 case 1: 963 if (regno == 0) { 964 return s->nsapr[regno + 1][cpu]; 965 } 966 break; 967 case 2: 968 if (regno == 0) { 969 return extract32(s->nsapr[0][cpu], 16, 16); 970 } 971 break; 972 case 3: 973 if (regno == 0) { 974 return extract32(s->nsapr[0][cpu], 8, 8); 975 } 976 break; 977 default: 978 g_assert_not_reached(); 979 } 980 return 0; 981 } 982 983 static inline void gic_apr_write_ns_view(GICState *s, int cpu, int regno, 984 uint32_t value) 985 { 986 /* Write the Nonsecure view of GICC_APR<regno>. */ 987 switch (GIC_MIN_BPR) { 988 case 0: 989 if (regno < 2) { 990 s->nsapr[regno + 2][cpu] = value; 991 } 992 break; 993 case 1: 994 if (regno == 0) { 995 s->nsapr[regno + 1][cpu] = value; 996 } 997 break; 998 case 2: 999 if (regno == 0) { 1000 s->nsapr[0][cpu] = deposit32(s->nsapr[0][cpu], 16, 16, value); 1001 } 1002 break; 1003 case 3: 1004 if (regno == 0) { 1005 s->nsapr[0][cpu] = deposit32(s->nsapr[0][cpu], 8, 8, value); 1006 } 1007 break; 1008 default: 1009 g_assert_not_reached(); 1010 } 1011 } 1012 1013 static MemTxResult gic_cpu_read(GICState *s, int cpu, int offset, 1014 uint64_t *data, MemTxAttrs attrs) 1015 { 1016 switch (offset) { 1017 case 0x00: /* Control */ 1018 *data = gic_get_cpu_control(s, cpu, attrs); 1019 break; 1020 case 0x04: /* Priority mask */ 1021 *data = gic_get_priority_mask(s, cpu, attrs); 1022 break; 1023 case 0x08: /* Binary Point */ 1024 if (s->security_extn && !attrs.secure) { 1025 /* BPR is banked. Non-secure copy stored in ABPR. */ 1026 *data = s->abpr[cpu]; 1027 } else { 1028 *data = s->bpr[cpu]; 1029 } 1030 break; 1031 case 0x0c: /* Acknowledge */ 1032 *data = gic_acknowledge_irq(s, cpu, attrs); 1033 break; 1034 case 0x14: /* Running Priority */ 1035 *data = gic_get_running_priority(s, cpu, attrs); 1036 break; 1037 case 0x18: /* Highest Pending Interrupt */ 1038 *data = gic_get_current_pending_irq(s, cpu, attrs); 1039 break; 1040 case 0x1c: /* Aliased Binary Point */ 1041 /* GIC v2, no security: ABPR 1042 * GIC v1, no security: not implemented (RAZ/WI) 1043 * With security extensions, secure access: ABPR (alias of NS BPR) 1044 * With security extensions, nonsecure access: RAZ/WI 1045 */ 1046 if (!gic_has_groups(s) || (s->security_extn && !attrs.secure)) { 1047 *data = 0; 1048 } else { 1049 *data = s->abpr[cpu]; 1050 } 1051 break; 1052 case 0xd0: case 0xd4: case 0xd8: case 0xdc: 1053 { 1054 int regno = (offset - 0xd0) / 4; 1055 1056 if (regno >= GIC_NR_APRS || s->revision != 2) { 1057 *data = 0; 1058 } else if (s->security_extn && !attrs.secure) { 1059 /* NS view of GICC_APR<n> is the top half of GIC_NSAPR<n> */ 1060 *data = gic_apr_ns_view(s, regno, cpu); 1061 } else { 1062 *data = s->apr[regno][cpu]; 1063 } 1064 break; 1065 } 1066 case 0xe0: case 0xe4: case 0xe8: case 0xec: 1067 { 1068 int regno = (offset - 0xe0) / 4; 1069 1070 if (regno >= GIC_NR_APRS || s->revision != 2 || !gic_has_groups(s) || 1071 (s->security_extn && !attrs.secure)) { 1072 *data = 0; 1073 } else { 1074 *data = s->nsapr[regno][cpu]; 1075 } 1076 break; 1077 } 1078 default: 1079 qemu_log_mask(LOG_GUEST_ERROR, 1080 "gic_cpu_read: Bad offset %x\n", (int)offset); 1081 return MEMTX_ERROR; 1082 } 1083 return MEMTX_OK; 1084 } 1085 1086 static MemTxResult gic_cpu_write(GICState *s, int cpu, int offset, 1087 uint32_t value, MemTxAttrs attrs) 1088 { 1089 switch (offset) { 1090 case 0x00: /* Control */ 1091 gic_set_cpu_control(s, cpu, value, attrs); 1092 break; 1093 case 0x04: /* Priority mask */ 1094 gic_set_priority_mask(s, cpu, value, attrs); 1095 break; 1096 case 0x08: /* Binary Point */ 1097 if (s->security_extn && !attrs.secure) { 1098 s->abpr[cpu] = MAX(value & 0x7, GIC_MIN_ABPR); 1099 } else { 1100 s->bpr[cpu] = MAX(value & 0x7, GIC_MIN_BPR); 1101 } 1102 break; 1103 case 0x10: /* End Of Interrupt */ 1104 gic_complete_irq(s, cpu, value & 0x3ff, attrs); 1105 return MEMTX_OK; 1106 case 0x1c: /* Aliased Binary Point */ 1107 if (!gic_has_groups(s) || (s->security_extn && !attrs.secure)) { 1108 /* unimplemented, or NS access: RAZ/WI */ 1109 return MEMTX_OK; 1110 } else { 1111 s->abpr[cpu] = MAX(value & 0x7, GIC_MIN_ABPR); 1112 } 1113 break; 1114 case 0xd0: case 0xd4: case 0xd8: case 0xdc: 1115 { 1116 int regno = (offset - 0xd0) / 4; 1117 1118 if (regno >= GIC_NR_APRS || s->revision != 2) { 1119 return MEMTX_OK; 1120 } 1121 if (s->security_extn && !attrs.secure) { 1122 /* NS view of GICC_APR<n> is the top half of GIC_NSAPR<n> */ 1123 gic_apr_write_ns_view(s, regno, cpu, value); 1124 } else { 1125 s->apr[regno][cpu] = value; 1126 } 1127 break; 1128 } 1129 case 0xe0: case 0xe4: case 0xe8: case 0xec: 1130 { 1131 int regno = (offset - 0xe0) / 4; 1132 1133 if (regno >= GIC_NR_APRS || s->revision != 2) { 1134 return MEMTX_OK; 1135 } 1136 if (!gic_has_groups(s) || (s->security_extn && !attrs.secure)) { 1137 return MEMTX_OK; 1138 } 1139 s->nsapr[regno][cpu] = value; 1140 break; 1141 } 1142 default: 1143 qemu_log_mask(LOG_GUEST_ERROR, 1144 "gic_cpu_write: Bad offset %x\n", (int)offset); 1145 return MEMTX_ERROR; 1146 } 1147 gic_update(s); 1148 return MEMTX_OK; 1149 } 1150 1151 /* Wrappers to read/write the GIC CPU interface for the current CPU */ 1152 static MemTxResult gic_thiscpu_read(void *opaque, hwaddr addr, uint64_t *data, 1153 unsigned size, MemTxAttrs attrs) 1154 { 1155 GICState *s = (GICState *)opaque; 1156 return gic_cpu_read(s, gic_get_current_cpu(s), addr, data, attrs); 1157 } 1158 1159 static MemTxResult gic_thiscpu_write(void *opaque, hwaddr addr, 1160 uint64_t value, unsigned size, 1161 MemTxAttrs attrs) 1162 { 1163 GICState *s = (GICState *)opaque; 1164 return gic_cpu_write(s, gic_get_current_cpu(s), addr, value, attrs); 1165 } 1166 1167 /* Wrappers to read/write the GIC CPU interface for a specific CPU. 1168 * These just decode the opaque pointer into GICState* + cpu id. 1169 */ 1170 static MemTxResult gic_do_cpu_read(void *opaque, hwaddr addr, uint64_t *data, 1171 unsigned size, MemTxAttrs attrs) 1172 { 1173 GICState **backref = (GICState **)opaque; 1174 GICState *s = *backref; 1175 int id = (backref - s->backref); 1176 return gic_cpu_read(s, id, addr, data, attrs); 1177 } 1178 1179 static MemTxResult gic_do_cpu_write(void *opaque, hwaddr addr, 1180 uint64_t value, unsigned size, 1181 MemTxAttrs attrs) 1182 { 1183 GICState **backref = (GICState **)opaque; 1184 GICState *s = *backref; 1185 int id = (backref - s->backref); 1186 return gic_cpu_write(s, id, addr, value, attrs); 1187 } 1188 1189 static const MemoryRegionOps gic_ops[2] = { 1190 { 1191 .read_with_attrs = gic_dist_read, 1192 .write_with_attrs = gic_dist_write, 1193 .endianness = DEVICE_NATIVE_ENDIAN, 1194 }, 1195 { 1196 .read_with_attrs = gic_thiscpu_read, 1197 .write_with_attrs = gic_thiscpu_write, 1198 .endianness = DEVICE_NATIVE_ENDIAN, 1199 } 1200 }; 1201 1202 static const MemoryRegionOps gic_cpu_ops = { 1203 .read_with_attrs = gic_do_cpu_read, 1204 .write_with_attrs = gic_do_cpu_write, 1205 .endianness = DEVICE_NATIVE_ENDIAN, 1206 }; 1207 1208 /* This function is used by nvic model */ 1209 void gic_init_irqs_and_distributor(GICState *s) 1210 { 1211 gic_init_irqs_and_mmio(s, gic_set_irq, gic_ops); 1212 } 1213 1214 static void arm_gic_realize(DeviceState *dev, Error **errp) 1215 { 1216 /* Device instance realize function for the GIC sysbus device */ 1217 int i; 1218 GICState *s = ARM_GIC(dev); 1219 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1220 ARMGICClass *agc = ARM_GIC_GET_CLASS(s); 1221 Error *local_err = NULL; 1222 1223 agc->parent_realize(dev, &local_err); 1224 if (local_err) { 1225 error_propagate(errp, local_err); 1226 return; 1227 } 1228 1229 /* This creates distributor and main CPU interface (s->cpuiomem[0]) */ 1230 gic_init_irqs_and_mmio(s, gic_set_irq, gic_ops); 1231 1232 /* Extra core-specific regions for the CPU interfaces. This is 1233 * necessary for "franken-GIC" implementations, for example on 1234 * Exynos 4. 1235 * NB that the memory region size of 0x100 applies for the 11MPCore 1236 * and also cores following the GIC v1 spec (ie A9). 1237 * GIC v2 defines a larger memory region (0x1000) so this will need 1238 * to be extended when we implement A15. 1239 */ 1240 for (i = 0; i < NUM_CPU(s); i++) { 1241 s->backref[i] = s; 1242 memory_region_init_io(&s->cpuiomem[i+1], OBJECT(s), &gic_cpu_ops, 1243 &s->backref[i], "gic_cpu", 0x100); 1244 sysbus_init_mmio(sbd, &s->cpuiomem[i+1]); 1245 } 1246 } 1247 1248 static void arm_gic_class_init(ObjectClass *klass, void *data) 1249 { 1250 DeviceClass *dc = DEVICE_CLASS(klass); 1251 ARMGICClass *agc = ARM_GIC_CLASS(klass); 1252 1253 agc->parent_realize = dc->realize; 1254 dc->realize = arm_gic_realize; 1255 } 1256 1257 static const TypeInfo arm_gic_info = { 1258 .name = TYPE_ARM_GIC, 1259 .parent = TYPE_ARM_GIC_COMMON, 1260 .instance_size = sizeof(GICState), 1261 .class_init = arm_gic_class_init, 1262 .class_size = sizeof(ARMGICClass), 1263 }; 1264 1265 static void arm_gic_register_types(void) 1266 { 1267 type_register_static(&arm_gic_info); 1268 } 1269 1270 type_init(arm_gic_register_types) 1271