1 /* 2 * ARM Generic/Distributed Interrupt Controller 3 * 4 * Copyright (c) 2006-2007 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the GPL. 8 */ 9 10 /* This file contains implementation code for the RealView EB interrupt 11 * controller, MPCore distributed interrupt controller and ARMv7-M 12 * Nested Vectored Interrupt Controller. 13 * It is compiled in two ways: 14 * (1) as a standalone file to produce a sysbus device which is a GIC 15 * that can be used on the realview board and as one of the builtin 16 * private peripherals for the ARM MP CPUs (11MPCore, A9, etc) 17 * (2) by being directly #included into armv7m_nvic.c to produce the 18 * armv7m_nvic device. 19 */ 20 21 #include "qemu/osdep.h" 22 #include "hw/sysbus.h" 23 #include "gic_internal.h" 24 #include "qapi/error.h" 25 #include "qom/cpu.h" 26 #include "qemu/log.h" 27 #include "trace.h" 28 #include "sysemu/kvm.h" 29 30 /* #define DEBUG_GIC */ 31 32 #ifdef DEBUG_GIC 33 #define DEBUG_GIC_GATE 1 34 #else 35 #define DEBUG_GIC_GATE 0 36 #endif 37 38 #define DPRINTF(fmt, ...) do { \ 39 if (DEBUG_GIC_GATE) { \ 40 fprintf(stderr, "%s: " fmt, __func__, ## __VA_ARGS__); \ 41 } \ 42 } while (0) 43 44 static const uint8_t gic_id_11mpcore[] = { 45 0x00, 0x00, 0x00, 0x00, 0x90, 0x13, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 46 }; 47 48 static const uint8_t gic_id_gicv1[] = { 49 0x04, 0x00, 0x00, 0x00, 0x90, 0xb3, 0x1b, 0x00, 0x0d, 0xf0, 0x05, 0xb1 50 }; 51 52 static const uint8_t gic_id_gicv2[] = { 53 0x04, 0x00, 0x00, 0x00, 0x90, 0xb4, 0x2b, 0x00, 0x0d, 0xf0, 0x05, 0xb1 54 }; 55 56 static inline int gic_get_current_cpu(GICState *s) 57 { 58 if (s->num_cpu > 1) { 59 return current_cpu->cpu_index; 60 } 61 return 0; 62 } 63 64 /* Return true if this GIC config has interrupt groups, which is 65 * true if we're a GICv2, or a GICv1 with the security extensions. 66 */ 67 static inline bool gic_has_groups(GICState *s) 68 { 69 return s->revision == 2 || s->security_extn; 70 } 71 72 /* TODO: Many places that call this routine could be optimized. */ 73 /* Update interrupt status after enabled or pending bits have been changed. */ 74 static void gic_update(GICState *s) 75 { 76 int best_irq; 77 int best_prio; 78 int irq; 79 int irq_level, fiq_level; 80 int cpu; 81 int cm; 82 83 for (cpu = 0; cpu < s->num_cpu; cpu++) { 84 cm = 1 << cpu; 85 s->current_pending[cpu] = 1023; 86 if (!(s->ctlr & (GICD_CTLR_EN_GRP0 | GICD_CTLR_EN_GRP1)) 87 || !(s->cpu_ctlr[cpu] & (GICC_CTLR_EN_GRP0 | GICC_CTLR_EN_GRP1))) { 88 qemu_irq_lower(s->parent_irq[cpu]); 89 qemu_irq_lower(s->parent_fiq[cpu]); 90 continue; 91 } 92 best_prio = 0x100; 93 best_irq = 1023; 94 for (irq = 0; irq < s->num_irq; irq++) { 95 if (GIC_DIST_TEST_ENABLED(irq, cm) && 96 gic_test_pending(s, irq, cm) && 97 (!GIC_DIST_TEST_ACTIVE(irq, cm)) && 98 (irq < GIC_INTERNAL || GIC_DIST_TARGET(irq) & cm)) { 99 if (GIC_DIST_GET_PRIORITY(irq, cpu) < best_prio) { 100 best_prio = GIC_DIST_GET_PRIORITY(irq, cpu); 101 best_irq = irq; 102 } 103 } 104 } 105 106 if (best_irq != 1023) { 107 trace_gic_update_bestirq(cpu, best_irq, best_prio, 108 s->priority_mask[cpu], s->running_priority[cpu]); 109 } 110 111 irq_level = fiq_level = 0; 112 113 if (best_prio < s->priority_mask[cpu]) { 114 s->current_pending[cpu] = best_irq; 115 if (best_prio < s->running_priority[cpu]) { 116 int group = GIC_DIST_TEST_GROUP(best_irq, cm); 117 118 if (extract32(s->ctlr, group, 1) && 119 extract32(s->cpu_ctlr[cpu], group, 1)) { 120 if (group == 0 && s->cpu_ctlr[cpu] & GICC_CTLR_FIQ_EN) { 121 DPRINTF("Raised pending FIQ %d (cpu %d)\n", 122 best_irq, cpu); 123 fiq_level = 1; 124 trace_gic_update_set_irq(cpu, "fiq", fiq_level); 125 } else { 126 DPRINTF("Raised pending IRQ %d (cpu %d)\n", 127 best_irq, cpu); 128 irq_level = 1; 129 trace_gic_update_set_irq(cpu, "irq", irq_level); 130 } 131 } 132 } 133 } 134 135 qemu_set_irq(s->parent_irq[cpu], irq_level); 136 qemu_set_irq(s->parent_fiq[cpu], fiq_level); 137 } 138 } 139 140 static void gic_set_irq_11mpcore(GICState *s, int irq, int level, 141 int cm, int target) 142 { 143 if (level) { 144 GIC_DIST_SET_LEVEL(irq, cm); 145 if (GIC_DIST_TEST_EDGE_TRIGGER(irq) || GIC_DIST_TEST_ENABLED(irq, cm)) { 146 DPRINTF("Set %d pending mask %x\n", irq, target); 147 GIC_DIST_SET_PENDING(irq, target); 148 } 149 } else { 150 GIC_DIST_CLEAR_LEVEL(irq, cm); 151 } 152 } 153 154 static void gic_set_irq_generic(GICState *s, int irq, int level, 155 int cm, int target) 156 { 157 if (level) { 158 GIC_DIST_SET_LEVEL(irq, cm); 159 DPRINTF("Set %d pending mask %x\n", irq, target); 160 if (GIC_DIST_TEST_EDGE_TRIGGER(irq)) { 161 GIC_DIST_SET_PENDING(irq, target); 162 } 163 } else { 164 GIC_DIST_CLEAR_LEVEL(irq, cm); 165 } 166 } 167 168 /* Process a change in an external IRQ input. */ 169 static void gic_set_irq(void *opaque, int irq, int level) 170 { 171 /* Meaning of the 'irq' parameter: 172 * [0..N-1] : external interrupts 173 * [N..N+31] : PPI (internal) interrupts for CPU 0 174 * [N+32..N+63] : PPI (internal interrupts for CPU 1 175 * ... 176 */ 177 GICState *s = (GICState *)opaque; 178 int cm, target; 179 if (irq < (s->num_irq - GIC_INTERNAL)) { 180 /* The first external input line is internal interrupt 32. */ 181 cm = ALL_CPU_MASK; 182 irq += GIC_INTERNAL; 183 target = GIC_DIST_TARGET(irq); 184 } else { 185 int cpu; 186 irq -= (s->num_irq - GIC_INTERNAL); 187 cpu = irq / GIC_INTERNAL; 188 irq %= GIC_INTERNAL; 189 cm = 1 << cpu; 190 target = cm; 191 } 192 193 assert(irq >= GIC_NR_SGIS); 194 195 if (level == GIC_DIST_TEST_LEVEL(irq, cm)) { 196 return; 197 } 198 199 if (s->revision == REV_11MPCORE) { 200 gic_set_irq_11mpcore(s, irq, level, cm, target); 201 } else { 202 gic_set_irq_generic(s, irq, level, cm, target); 203 } 204 trace_gic_set_irq(irq, level, cm, target); 205 206 gic_update(s); 207 } 208 209 static uint16_t gic_get_current_pending_irq(GICState *s, int cpu, 210 MemTxAttrs attrs) 211 { 212 uint16_t pending_irq = s->current_pending[cpu]; 213 214 if (pending_irq < GIC_MAXIRQ && gic_has_groups(s)) { 215 int group = GIC_DIST_TEST_GROUP(pending_irq, (1 << cpu)); 216 /* On a GIC without the security extensions, reading this register 217 * behaves in the same way as a secure access to a GIC with them. 218 */ 219 bool secure = !s->security_extn || attrs.secure; 220 221 if (group == 0 && !secure) { 222 /* Group0 interrupts hidden from Non-secure access */ 223 return 1023; 224 } 225 if (group == 1 && secure && !(s->cpu_ctlr[cpu] & GICC_CTLR_ACK_CTL)) { 226 /* Group1 interrupts only seen by Secure access if 227 * AckCtl bit set. 228 */ 229 return 1022; 230 } 231 } 232 return pending_irq; 233 } 234 235 static int gic_get_group_priority(GICState *s, int cpu, int irq) 236 { 237 /* Return the group priority of the specified interrupt 238 * (which is the top bits of its priority, with the number 239 * of bits masked determined by the applicable binary point register). 240 */ 241 int bpr; 242 uint32_t mask; 243 244 if (gic_has_groups(s) && 245 !(s->cpu_ctlr[cpu] & GICC_CTLR_CBPR) && 246 GIC_DIST_TEST_GROUP(irq, (1 << cpu))) { 247 bpr = s->abpr[cpu] - 1; 248 assert(bpr >= 0); 249 } else { 250 bpr = s->bpr[cpu]; 251 } 252 253 /* a BPR of 0 means the group priority bits are [7:1]; 254 * a BPR of 1 means they are [7:2], and so on down to 255 * a BPR of 7 meaning no group priority bits at all. 256 */ 257 mask = ~0U << ((bpr & 7) + 1); 258 259 return GIC_DIST_GET_PRIORITY(irq, cpu) & mask; 260 } 261 262 static void gic_activate_irq(GICState *s, int cpu, int irq) 263 { 264 /* Set the appropriate Active Priority Register bit for this IRQ, 265 * and update the running priority. 266 */ 267 int prio = gic_get_group_priority(s, cpu, irq); 268 int preemption_level = prio >> (GIC_MIN_BPR + 1); 269 int regno = preemption_level / 32; 270 int bitno = preemption_level % 32; 271 272 if (gic_has_groups(s) && GIC_DIST_TEST_GROUP(irq, (1 << cpu))) { 273 s->nsapr[regno][cpu] |= (1 << bitno); 274 } else { 275 s->apr[regno][cpu] |= (1 << bitno); 276 } 277 278 s->running_priority[cpu] = prio; 279 GIC_DIST_SET_ACTIVE(irq, 1 << cpu); 280 } 281 282 static int gic_get_prio_from_apr_bits(GICState *s, int cpu) 283 { 284 /* Recalculate the current running priority for this CPU based 285 * on the set bits in the Active Priority Registers. 286 */ 287 int i; 288 for (i = 0; i < GIC_NR_APRS; i++) { 289 uint32_t apr = s->apr[i][cpu] | s->nsapr[i][cpu]; 290 if (!apr) { 291 continue; 292 } 293 return (i * 32 + ctz32(apr)) << (GIC_MIN_BPR + 1); 294 } 295 return 0x100; 296 } 297 298 static void gic_drop_prio(GICState *s, int cpu, int group) 299 { 300 /* Drop the priority of the currently active interrupt in the 301 * specified group. 302 * 303 * Note that we can guarantee (because of the requirement to nest 304 * GICC_IAR reads [which activate an interrupt and raise priority] 305 * with GICC_EOIR writes [which drop the priority for the interrupt]) 306 * that the interrupt we're being called for is the highest priority 307 * active interrupt, meaning that it has the lowest set bit in the 308 * APR registers. 309 * 310 * If the guest does not honour the ordering constraints then the 311 * behaviour of the GIC is UNPREDICTABLE, which for us means that 312 * the values of the APR registers might become incorrect and the 313 * running priority will be wrong, so interrupts that should preempt 314 * might not do so, and interrupts that should not preempt might do so. 315 */ 316 int i; 317 318 for (i = 0; i < GIC_NR_APRS; i++) { 319 uint32_t *papr = group ? &s->nsapr[i][cpu] : &s->apr[i][cpu]; 320 if (!*papr) { 321 continue; 322 } 323 /* Clear lowest set bit */ 324 *papr &= *papr - 1; 325 break; 326 } 327 328 s->running_priority[cpu] = gic_get_prio_from_apr_bits(s, cpu); 329 } 330 331 uint32_t gic_acknowledge_irq(GICState *s, int cpu, MemTxAttrs attrs) 332 { 333 int ret, irq, src; 334 int cm = 1 << cpu; 335 336 /* gic_get_current_pending_irq() will return 1022 or 1023 appropriately 337 * for the case where this GIC supports grouping and the pending interrupt 338 * is in the wrong group. 339 */ 340 irq = gic_get_current_pending_irq(s, cpu, attrs); 341 trace_gic_acknowledge_irq(cpu, irq); 342 343 if (irq >= GIC_MAXIRQ) { 344 DPRINTF("ACK, no pending interrupt or it is hidden: %d\n", irq); 345 return irq; 346 } 347 348 if (GIC_DIST_GET_PRIORITY(irq, cpu) >= s->running_priority[cpu]) { 349 DPRINTF("ACK, pending interrupt (%d) has insufficient priority\n", irq); 350 return 1023; 351 } 352 353 if (s->revision == REV_11MPCORE) { 354 /* Clear pending flags for both level and edge triggered interrupts. 355 * Level triggered IRQs will be reasserted once they become inactive. 356 */ 357 GIC_DIST_CLEAR_PENDING(irq, GIC_DIST_TEST_MODEL(irq) ? ALL_CPU_MASK 358 : cm); 359 ret = irq; 360 } else { 361 if (irq < GIC_NR_SGIS) { 362 /* Lookup the source CPU for the SGI and clear this in the 363 * sgi_pending map. Return the src and clear the overall pending 364 * state on this CPU if the SGI is not pending from any CPUs. 365 */ 366 assert(s->sgi_pending[irq][cpu] != 0); 367 src = ctz32(s->sgi_pending[irq][cpu]); 368 s->sgi_pending[irq][cpu] &= ~(1 << src); 369 if (s->sgi_pending[irq][cpu] == 0) { 370 GIC_DIST_CLEAR_PENDING(irq, 371 GIC_DIST_TEST_MODEL(irq) ? ALL_CPU_MASK 372 : cm); 373 } 374 ret = irq | ((src & 0x7) << 10); 375 } else { 376 /* Clear pending state for both level and edge triggered 377 * interrupts. (level triggered interrupts with an active line 378 * remain pending, see gic_test_pending) 379 */ 380 GIC_DIST_CLEAR_PENDING(irq, GIC_DIST_TEST_MODEL(irq) ? ALL_CPU_MASK 381 : cm); 382 ret = irq; 383 } 384 } 385 386 gic_activate_irq(s, cpu, irq); 387 gic_update(s); 388 DPRINTF("ACK %d\n", irq); 389 return ret; 390 } 391 392 void gic_dist_set_priority(GICState *s, int cpu, int irq, uint8_t val, 393 MemTxAttrs attrs) 394 { 395 if (s->security_extn && !attrs.secure) { 396 if (!GIC_DIST_TEST_GROUP(irq, (1 << cpu))) { 397 return; /* Ignore Non-secure access of Group0 IRQ */ 398 } 399 val = 0x80 | (val >> 1); /* Non-secure view */ 400 } 401 402 if (irq < GIC_INTERNAL) { 403 s->priority1[irq][cpu] = val; 404 } else { 405 s->priority2[(irq) - GIC_INTERNAL] = val; 406 } 407 } 408 409 static uint32_t gic_dist_get_priority(GICState *s, int cpu, int irq, 410 MemTxAttrs attrs) 411 { 412 uint32_t prio = GIC_DIST_GET_PRIORITY(irq, cpu); 413 414 if (s->security_extn && !attrs.secure) { 415 if (!GIC_DIST_TEST_GROUP(irq, (1 << cpu))) { 416 return 0; /* Non-secure access cannot read priority of Group0 IRQ */ 417 } 418 prio = (prio << 1) & 0xff; /* Non-secure view */ 419 } 420 return prio; 421 } 422 423 static void gic_set_priority_mask(GICState *s, int cpu, uint8_t pmask, 424 MemTxAttrs attrs) 425 { 426 if (s->security_extn && !attrs.secure) { 427 if (s->priority_mask[cpu] & 0x80) { 428 /* Priority Mask in upper half */ 429 pmask = 0x80 | (pmask >> 1); 430 } else { 431 /* Non-secure write ignored if priority mask is in lower half */ 432 return; 433 } 434 } 435 s->priority_mask[cpu] = pmask; 436 } 437 438 static uint32_t gic_get_priority_mask(GICState *s, int cpu, MemTxAttrs attrs) 439 { 440 uint32_t pmask = s->priority_mask[cpu]; 441 442 if (s->security_extn && !attrs.secure) { 443 if (pmask & 0x80) { 444 /* Priority Mask in upper half, return Non-secure view */ 445 pmask = (pmask << 1) & 0xff; 446 } else { 447 /* Priority Mask in lower half, RAZ */ 448 pmask = 0; 449 } 450 } 451 return pmask; 452 } 453 454 static uint32_t gic_get_cpu_control(GICState *s, int cpu, MemTxAttrs attrs) 455 { 456 uint32_t ret = s->cpu_ctlr[cpu]; 457 458 if (s->security_extn && !attrs.secure) { 459 /* Construct the NS banked view of GICC_CTLR from the correct 460 * bits of the S banked view. We don't need to move the bypass 461 * control bits because we don't implement that (IMPDEF) part 462 * of the GIC architecture. 463 */ 464 ret = (ret & (GICC_CTLR_EN_GRP1 | GICC_CTLR_EOIMODE_NS)) >> 1; 465 } 466 return ret; 467 } 468 469 static void gic_set_cpu_control(GICState *s, int cpu, uint32_t value, 470 MemTxAttrs attrs) 471 { 472 uint32_t mask; 473 474 if (s->security_extn && !attrs.secure) { 475 /* The NS view can only write certain bits in the register; 476 * the rest are unchanged 477 */ 478 mask = GICC_CTLR_EN_GRP1; 479 if (s->revision == 2) { 480 mask |= GICC_CTLR_EOIMODE_NS; 481 } 482 s->cpu_ctlr[cpu] &= ~mask; 483 s->cpu_ctlr[cpu] |= (value << 1) & mask; 484 } else { 485 if (s->revision == 2) { 486 mask = s->security_extn ? GICC_CTLR_V2_S_MASK : GICC_CTLR_V2_MASK; 487 } else { 488 mask = s->security_extn ? GICC_CTLR_V1_S_MASK : GICC_CTLR_V1_MASK; 489 } 490 s->cpu_ctlr[cpu] = value & mask; 491 } 492 DPRINTF("CPU Interface %d: Group0 Interrupts %sabled, " 493 "Group1 Interrupts %sabled\n", cpu, 494 (s->cpu_ctlr[cpu] & GICC_CTLR_EN_GRP0) ? "En" : "Dis", 495 (s->cpu_ctlr[cpu] & GICC_CTLR_EN_GRP1) ? "En" : "Dis"); 496 } 497 498 static uint8_t gic_get_running_priority(GICState *s, int cpu, MemTxAttrs attrs) 499 { 500 if ((s->revision != REV_11MPCORE) && (s->running_priority[cpu] > 0xff)) { 501 /* Idle priority */ 502 return 0xff; 503 } 504 505 if (s->security_extn && !attrs.secure) { 506 if (s->running_priority[cpu] & 0x80) { 507 /* Running priority in upper half of range: return the Non-secure 508 * view of the priority. 509 */ 510 return s->running_priority[cpu] << 1; 511 } else { 512 /* Running priority in lower half of range: RAZ */ 513 return 0; 514 } 515 } else { 516 return s->running_priority[cpu]; 517 } 518 } 519 520 /* Return true if we should split priority drop and interrupt deactivation, 521 * ie whether the relevant EOIMode bit is set. 522 */ 523 static bool gic_eoi_split(GICState *s, int cpu, MemTxAttrs attrs) 524 { 525 if (s->revision != 2) { 526 /* Before GICv2 prio-drop and deactivate are not separable */ 527 return false; 528 } 529 if (s->security_extn && !attrs.secure) { 530 return s->cpu_ctlr[cpu] & GICC_CTLR_EOIMODE_NS; 531 } 532 return s->cpu_ctlr[cpu] & GICC_CTLR_EOIMODE; 533 } 534 535 static void gic_deactivate_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs) 536 { 537 int cm = 1 << cpu; 538 int group; 539 540 if (irq >= s->num_irq) { 541 /* 542 * This handles two cases: 543 * 1. If software writes the ID of a spurious interrupt [ie 1023] 544 * to the GICC_DIR, the GIC ignores that write. 545 * 2. If software writes the number of a non-existent interrupt 546 * this must be a subcase of "value written is not an active interrupt" 547 * and so this is UNPREDICTABLE. We choose to ignore it. 548 */ 549 return; 550 } 551 552 group = gic_has_groups(s) && GIC_DIST_TEST_GROUP(irq, cm); 553 554 if (!gic_eoi_split(s, cpu, attrs)) { 555 /* This is UNPREDICTABLE; we choose to ignore it */ 556 qemu_log_mask(LOG_GUEST_ERROR, 557 "gic_deactivate_irq: GICC_DIR write when EOIMode clear"); 558 return; 559 } 560 561 if (s->security_extn && !attrs.secure && !group) { 562 DPRINTF("Non-secure DI for Group0 interrupt %d ignored\n", irq); 563 return; 564 } 565 566 GIC_DIST_CLEAR_ACTIVE(irq, cm); 567 } 568 569 static void gic_complete_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs) 570 { 571 int cm = 1 << cpu; 572 int group; 573 574 DPRINTF("EOI %d\n", irq); 575 if (irq >= s->num_irq) { 576 /* This handles two cases: 577 * 1. If software writes the ID of a spurious interrupt [ie 1023] 578 * to the GICC_EOIR, the GIC ignores that write. 579 * 2. If software writes the number of a non-existent interrupt 580 * this must be a subcase of "value written does not match the last 581 * valid interrupt value read from the Interrupt Acknowledge 582 * register" and so this is UNPREDICTABLE. We choose to ignore it. 583 */ 584 return; 585 } 586 if (s->running_priority[cpu] == 0x100) { 587 return; /* No active IRQ. */ 588 } 589 590 if (s->revision == REV_11MPCORE) { 591 /* Mark level triggered interrupts as pending if they are still 592 raised. */ 593 if (!GIC_DIST_TEST_EDGE_TRIGGER(irq) && GIC_DIST_TEST_ENABLED(irq, cm) 594 && GIC_DIST_TEST_LEVEL(irq, cm) 595 && (GIC_DIST_TARGET(irq) & cm) != 0) { 596 DPRINTF("Set %d pending mask %x\n", irq, cm); 597 GIC_DIST_SET_PENDING(irq, cm); 598 } 599 } 600 601 group = gic_has_groups(s) && GIC_DIST_TEST_GROUP(irq, cm); 602 603 if (s->security_extn && !attrs.secure && !group) { 604 DPRINTF("Non-secure EOI for Group0 interrupt %d ignored\n", irq); 605 return; 606 } 607 608 /* Secure EOI with GICC_CTLR.AckCtl == 0 when the IRQ is a Group 1 609 * interrupt is UNPREDICTABLE. We choose to handle it as if AckCtl == 1, 610 * i.e. go ahead and complete the irq anyway. 611 */ 612 613 gic_drop_prio(s, cpu, group); 614 615 /* In GICv2 the guest can choose to split priority-drop and deactivate */ 616 if (!gic_eoi_split(s, cpu, attrs)) { 617 GIC_DIST_CLEAR_ACTIVE(irq, cm); 618 } 619 gic_update(s); 620 } 621 622 static uint32_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs) 623 { 624 GICState *s = (GICState *)opaque; 625 uint32_t res; 626 int irq; 627 int i; 628 int cpu; 629 int cm; 630 int mask; 631 632 cpu = gic_get_current_cpu(s); 633 cm = 1 << cpu; 634 if (offset < 0x100) { 635 if (offset == 0) { /* GICD_CTLR */ 636 if (s->security_extn && !attrs.secure) { 637 /* The NS bank of this register is just an alias of the 638 * EnableGrp1 bit in the S bank version. 639 */ 640 return extract32(s->ctlr, 1, 1); 641 } else { 642 return s->ctlr; 643 } 644 } 645 if (offset == 4) 646 /* Interrupt Controller Type Register */ 647 return ((s->num_irq / 32) - 1) 648 | ((s->num_cpu - 1) << 5) 649 | (s->security_extn << 10); 650 if (offset < 0x08) 651 return 0; 652 if (offset >= 0x80) { 653 /* Interrupt Group Registers: these RAZ/WI if this is an NS 654 * access to a GIC with the security extensions, or if the GIC 655 * doesn't have groups at all. 656 */ 657 res = 0; 658 if (!(s->security_extn && !attrs.secure) && gic_has_groups(s)) { 659 /* Every byte offset holds 8 group status bits */ 660 irq = (offset - 0x080) * 8 + GIC_BASE_IRQ; 661 if (irq >= s->num_irq) { 662 goto bad_reg; 663 } 664 for (i = 0; i < 8; i++) { 665 if (GIC_DIST_TEST_GROUP(irq + i, cm)) { 666 res |= (1 << i); 667 } 668 } 669 } 670 return res; 671 } 672 goto bad_reg; 673 } else if (offset < 0x200) { 674 /* Interrupt Set/Clear Enable. */ 675 if (offset < 0x180) 676 irq = (offset - 0x100) * 8; 677 else 678 irq = (offset - 0x180) * 8; 679 irq += GIC_BASE_IRQ; 680 if (irq >= s->num_irq) 681 goto bad_reg; 682 res = 0; 683 for (i = 0; i < 8; i++) { 684 if (s->security_extn && !attrs.secure && 685 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 686 continue; /* Ignore Non-secure access of Group0 IRQ */ 687 } 688 689 if (GIC_DIST_TEST_ENABLED(irq + i, cm)) { 690 res |= (1 << i); 691 } 692 } 693 } else if (offset < 0x300) { 694 /* Interrupt Set/Clear Pending. */ 695 if (offset < 0x280) 696 irq = (offset - 0x200) * 8; 697 else 698 irq = (offset - 0x280) * 8; 699 irq += GIC_BASE_IRQ; 700 if (irq >= s->num_irq) 701 goto bad_reg; 702 res = 0; 703 mask = (irq < GIC_INTERNAL) ? cm : ALL_CPU_MASK; 704 for (i = 0; i < 8; i++) { 705 if (s->security_extn && !attrs.secure && 706 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 707 continue; /* Ignore Non-secure access of Group0 IRQ */ 708 } 709 710 if (gic_test_pending(s, irq + i, mask)) { 711 res |= (1 << i); 712 } 713 } 714 } else if (offset < 0x400) { 715 /* Interrupt Set/Clear Active. */ 716 if (offset < 0x380) { 717 irq = (offset - 0x300) * 8; 718 } else if (s->revision == 2) { 719 irq = (offset - 0x380) * 8; 720 } else { 721 goto bad_reg; 722 } 723 724 irq += GIC_BASE_IRQ; 725 if (irq >= s->num_irq) 726 goto bad_reg; 727 res = 0; 728 mask = (irq < GIC_INTERNAL) ? cm : ALL_CPU_MASK; 729 for (i = 0; i < 8; i++) { 730 if (s->security_extn && !attrs.secure && 731 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 732 continue; /* Ignore Non-secure access of Group0 IRQ */ 733 } 734 735 if (GIC_DIST_TEST_ACTIVE(irq + i, mask)) { 736 res |= (1 << i); 737 } 738 } 739 } else if (offset < 0x800) { 740 /* Interrupt Priority. */ 741 irq = (offset - 0x400) + GIC_BASE_IRQ; 742 if (irq >= s->num_irq) 743 goto bad_reg; 744 res = gic_dist_get_priority(s, cpu, irq, attrs); 745 } else if (offset < 0xc00) { 746 /* Interrupt CPU Target. */ 747 if (s->num_cpu == 1 && s->revision != REV_11MPCORE) { 748 /* For uniprocessor GICs these RAZ/WI */ 749 res = 0; 750 } else { 751 irq = (offset - 0x800) + GIC_BASE_IRQ; 752 if (irq >= s->num_irq) { 753 goto bad_reg; 754 } 755 if (irq < 29 && s->revision == REV_11MPCORE) { 756 res = 0; 757 } else if (irq < GIC_INTERNAL) { 758 res = cm; 759 } else { 760 res = GIC_DIST_TARGET(irq); 761 } 762 } 763 } else if (offset < 0xf00) { 764 /* Interrupt Configuration. */ 765 irq = (offset - 0xc00) * 4 + GIC_BASE_IRQ; 766 if (irq >= s->num_irq) 767 goto bad_reg; 768 res = 0; 769 for (i = 0; i < 4; i++) { 770 if (s->security_extn && !attrs.secure && 771 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 772 continue; /* Ignore Non-secure access of Group0 IRQ */ 773 } 774 775 if (GIC_DIST_TEST_MODEL(irq + i)) { 776 res |= (1 << (i * 2)); 777 } 778 if (GIC_DIST_TEST_EDGE_TRIGGER(irq + i)) { 779 res |= (2 << (i * 2)); 780 } 781 } 782 } else if (offset < 0xf10) { 783 goto bad_reg; 784 } else if (offset < 0xf30) { 785 if (s->revision == REV_11MPCORE) { 786 goto bad_reg; 787 } 788 789 if (offset < 0xf20) { 790 /* GICD_CPENDSGIRn */ 791 irq = (offset - 0xf10); 792 } else { 793 irq = (offset - 0xf20); 794 /* GICD_SPENDSGIRn */ 795 } 796 797 if (s->security_extn && !attrs.secure && 798 !GIC_DIST_TEST_GROUP(irq, 1 << cpu)) { 799 res = 0; /* Ignore Non-secure access of Group0 IRQ */ 800 } else { 801 res = s->sgi_pending[irq][cpu]; 802 } 803 } else if (offset < 0xfd0) { 804 goto bad_reg; 805 } else if (offset < 0x1000) { 806 if (offset & 3) { 807 res = 0; 808 } else { 809 switch (s->revision) { 810 case REV_11MPCORE: 811 res = gic_id_11mpcore[(offset - 0xfd0) >> 2]; 812 break; 813 case 1: 814 res = gic_id_gicv1[(offset - 0xfd0) >> 2]; 815 break; 816 case 2: 817 res = gic_id_gicv2[(offset - 0xfd0) >> 2]; 818 break; 819 default: 820 res = 0; 821 } 822 } 823 } else { 824 g_assert_not_reached(); 825 } 826 return res; 827 bad_reg: 828 qemu_log_mask(LOG_GUEST_ERROR, 829 "gic_dist_readb: Bad offset %x\n", (int)offset); 830 return 0; 831 } 832 833 static MemTxResult gic_dist_read(void *opaque, hwaddr offset, uint64_t *data, 834 unsigned size, MemTxAttrs attrs) 835 { 836 switch (size) { 837 case 1: 838 *data = gic_dist_readb(opaque, offset, attrs); 839 return MEMTX_OK; 840 case 2: 841 *data = gic_dist_readb(opaque, offset, attrs); 842 *data |= gic_dist_readb(opaque, offset + 1, attrs) << 8; 843 return MEMTX_OK; 844 case 4: 845 *data = gic_dist_readb(opaque, offset, attrs); 846 *data |= gic_dist_readb(opaque, offset + 1, attrs) << 8; 847 *data |= gic_dist_readb(opaque, offset + 2, attrs) << 16; 848 *data |= gic_dist_readb(opaque, offset + 3, attrs) << 24; 849 return MEMTX_OK; 850 default: 851 return MEMTX_ERROR; 852 } 853 } 854 855 static void gic_dist_writeb(void *opaque, hwaddr offset, 856 uint32_t value, MemTxAttrs attrs) 857 { 858 GICState *s = (GICState *)opaque; 859 int irq; 860 int i; 861 int cpu; 862 863 cpu = gic_get_current_cpu(s); 864 if (offset < 0x100) { 865 if (offset == 0) { 866 if (s->security_extn && !attrs.secure) { 867 /* NS version is just an alias of the S version's bit 1 */ 868 s->ctlr = deposit32(s->ctlr, 1, 1, value); 869 } else if (gic_has_groups(s)) { 870 s->ctlr = value & (GICD_CTLR_EN_GRP0 | GICD_CTLR_EN_GRP1); 871 } else { 872 s->ctlr = value & GICD_CTLR_EN_GRP0; 873 } 874 DPRINTF("Distributor: Group0 %sabled; Group 1 %sabled\n", 875 s->ctlr & GICD_CTLR_EN_GRP0 ? "En" : "Dis", 876 s->ctlr & GICD_CTLR_EN_GRP1 ? "En" : "Dis"); 877 } else if (offset < 4) { 878 /* ignored. */ 879 } else if (offset >= 0x80) { 880 /* Interrupt Group Registers: RAZ/WI for NS access to secure 881 * GIC, or for GICs without groups. 882 */ 883 if (!(s->security_extn && !attrs.secure) && gic_has_groups(s)) { 884 /* Every byte offset holds 8 group status bits */ 885 irq = (offset - 0x80) * 8 + GIC_BASE_IRQ; 886 if (irq >= s->num_irq) { 887 goto bad_reg; 888 } 889 for (i = 0; i < 8; i++) { 890 /* Group bits are banked for private interrupts */ 891 int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK; 892 if (value & (1 << i)) { 893 /* Group1 (Non-secure) */ 894 GIC_DIST_SET_GROUP(irq + i, cm); 895 } else { 896 /* Group0 (Secure) */ 897 GIC_DIST_CLEAR_GROUP(irq + i, cm); 898 } 899 } 900 } 901 } else { 902 goto bad_reg; 903 } 904 } else if (offset < 0x180) { 905 /* Interrupt Set Enable. */ 906 irq = (offset - 0x100) * 8 + GIC_BASE_IRQ; 907 if (irq >= s->num_irq) 908 goto bad_reg; 909 if (irq < GIC_NR_SGIS) { 910 value = 0xff; 911 } 912 913 for (i = 0; i < 8; i++) { 914 if (value & (1 << i)) { 915 int mask = 916 (irq < GIC_INTERNAL) ? (1 << cpu) 917 : GIC_DIST_TARGET(irq + i); 918 int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK; 919 920 if (s->security_extn && !attrs.secure && 921 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 922 continue; /* Ignore Non-secure access of Group0 IRQ */ 923 } 924 925 if (!GIC_DIST_TEST_ENABLED(irq + i, cm)) { 926 DPRINTF("Enabled IRQ %d\n", irq + i); 927 trace_gic_enable_irq(irq + i); 928 } 929 GIC_DIST_SET_ENABLED(irq + i, cm); 930 /* If a raised level triggered IRQ enabled then mark 931 is as pending. */ 932 if (GIC_DIST_TEST_LEVEL(irq + i, mask) 933 && !GIC_DIST_TEST_EDGE_TRIGGER(irq + i)) { 934 DPRINTF("Set %d pending mask %x\n", irq + i, mask); 935 GIC_DIST_SET_PENDING(irq + i, mask); 936 } 937 } 938 } 939 } else if (offset < 0x200) { 940 /* Interrupt Clear Enable. */ 941 irq = (offset - 0x180) * 8 + GIC_BASE_IRQ; 942 if (irq >= s->num_irq) 943 goto bad_reg; 944 if (irq < GIC_NR_SGIS) { 945 value = 0; 946 } 947 948 for (i = 0; i < 8; i++) { 949 if (value & (1 << i)) { 950 int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK; 951 952 if (s->security_extn && !attrs.secure && 953 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 954 continue; /* Ignore Non-secure access of Group0 IRQ */ 955 } 956 957 if (GIC_DIST_TEST_ENABLED(irq + i, cm)) { 958 DPRINTF("Disabled IRQ %d\n", irq + i); 959 trace_gic_disable_irq(irq + i); 960 } 961 GIC_DIST_CLEAR_ENABLED(irq + i, cm); 962 } 963 } 964 } else if (offset < 0x280) { 965 /* Interrupt Set Pending. */ 966 irq = (offset - 0x200) * 8 + GIC_BASE_IRQ; 967 if (irq >= s->num_irq) 968 goto bad_reg; 969 if (irq < GIC_NR_SGIS) { 970 value = 0; 971 } 972 973 for (i = 0; i < 8; i++) { 974 if (value & (1 << i)) { 975 if (s->security_extn && !attrs.secure && 976 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 977 continue; /* Ignore Non-secure access of Group0 IRQ */ 978 } 979 980 GIC_DIST_SET_PENDING(irq + i, GIC_DIST_TARGET(irq + i)); 981 } 982 } 983 } else if (offset < 0x300) { 984 /* Interrupt Clear Pending. */ 985 irq = (offset - 0x280) * 8 + GIC_BASE_IRQ; 986 if (irq >= s->num_irq) 987 goto bad_reg; 988 if (irq < GIC_NR_SGIS) { 989 value = 0; 990 } 991 992 for (i = 0; i < 8; i++) { 993 if (s->security_extn && !attrs.secure && 994 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 995 continue; /* Ignore Non-secure access of Group0 IRQ */ 996 } 997 998 /* ??? This currently clears the pending bit for all CPUs, even 999 for per-CPU interrupts. It's unclear whether this is the 1000 corect behavior. */ 1001 if (value & (1 << i)) { 1002 GIC_DIST_CLEAR_PENDING(irq + i, ALL_CPU_MASK); 1003 } 1004 } 1005 } else if (offset < 0x380) { 1006 /* Interrupt Set Active. */ 1007 if (s->revision != 2) { 1008 goto bad_reg; 1009 } 1010 1011 irq = (offset - 0x300) * 8 + GIC_BASE_IRQ; 1012 if (irq >= s->num_irq) { 1013 goto bad_reg; 1014 } 1015 1016 /* This register is banked per-cpu for PPIs */ 1017 int cm = irq < GIC_INTERNAL ? (1 << cpu) : ALL_CPU_MASK; 1018 1019 for (i = 0; i < 8; i++) { 1020 if (s->security_extn && !attrs.secure && 1021 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1022 continue; /* Ignore Non-secure access of Group0 IRQ */ 1023 } 1024 1025 if (value & (1 << i)) { 1026 GIC_DIST_SET_ACTIVE(irq + i, cm); 1027 } 1028 } 1029 } else if (offset < 0x400) { 1030 /* Interrupt Clear Active. */ 1031 if (s->revision != 2) { 1032 goto bad_reg; 1033 } 1034 1035 irq = (offset - 0x380) * 8 + GIC_BASE_IRQ; 1036 if (irq >= s->num_irq) { 1037 goto bad_reg; 1038 } 1039 1040 /* This register is banked per-cpu for PPIs */ 1041 int cm = irq < GIC_INTERNAL ? (1 << cpu) : ALL_CPU_MASK; 1042 1043 for (i = 0; i < 8; i++) { 1044 if (s->security_extn && !attrs.secure && 1045 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1046 continue; /* Ignore Non-secure access of Group0 IRQ */ 1047 } 1048 1049 if (value & (1 << i)) { 1050 GIC_DIST_CLEAR_ACTIVE(irq + i, cm); 1051 } 1052 } 1053 } else if (offset < 0x800) { 1054 /* Interrupt Priority. */ 1055 irq = (offset - 0x400) + GIC_BASE_IRQ; 1056 if (irq >= s->num_irq) 1057 goto bad_reg; 1058 gic_dist_set_priority(s, cpu, irq, value, attrs); 1059 } else if (offset < 0xc00) { 1060 /* Interrupt CPU Target. RAZ/WI on uniprocessor GICs, with the 1061 * annoying exception of the 11MPCore's GIC. 1062 */ 1063 if (s->num_cpu != 1 || s->revision == REV_11MPCORE) { 1064 irq = (offset - 0x800) + GIC_BASE_IRQ; 1065 if (irq >= s->num_irq) { 1066 goto bad_reg; 1067 } 1068 if (irq < 29 && s->revision == REV_11MPCORE) { 1069 value = 0; 1070 } else if (irq < GIC_INTERNAL) { 1071 value = ALL_CPU_MASK; 1072 } 1073 s->irq_target[irq] = value & ALL_CPU_MASK; 1074 } 1075 } else if (offset < 0xf00) { 1076 /* Interrupt Configuration. */ 1077 irq = (offset - 0xc00) * 4 + GIC_BASE_IRQ; 1078 if (irq >= s->num_irq) 1079 goto bad_reg; 1080 if (irq < GIC_NR_SGIS) 1081 value |= 0xaa; 1082 for (i = 0; i < 4; i++) { 1083 if (s->security_extn && !attrs.secure && 1084 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1085 continue; /* Ignore Non-secure access of Group0 IRQ */ 1086 } 1087 1088 if (s->revision == REV_11MPCORE) { 1089 if (value & (1 << (i * 2))) { 1090 GIC_DIST_SET_MODEL(irq + i); 1091 } else { 1092 GIC_DIST_CLEAR_MODEL(irq + i); 1093 } 1094 } 1095 if (value & (2 << (i * 2))) { 1096 GIC_DIST_SET_EDGE_TRIGGER(irq + i); 1097 } else { 1098 GIC_DIST_CLEAR_EDGE_TRIGGER(irq + i); 1099 } 1100 } 1101 } else if (offset < 0xf10) { 1102 /* 0xf00 is only handled for 32-bit writes. */ 1103 goto bad_reg; 1104 } else if (offset < 0xf20) { 1105 /* GICD_CPENDSGIRn */ 1106 if (s->revision == REV_11MPCORE) { 1107 goto bad_reg; 1108 } 1109 irq = (offset - 0xf10); 1110 1111 if (!s->security_extn || attrs.secure || 1112 GIC_DIST_TEST_GROUP(irq, 1 << cpu)) { 1113 s->sgi_pending[irq][cpu] &= ~value; 1114 if (s->sgi_pending[irq][cpu] == 0) { 1115 GIC_DIST_CLEAR_PENDING(irq, 1 << cpu); 1116 } 1117 } 1118 } else if (offset < 0xf30) { 1119 /* GICD_SPENDSGIRn */ 1120 if (s->revision == REV_11MPCORE) { 1121 goto bad_reg; 1122 } 1123 irq = (offset - 0xf20); 1124 1125 if (!s->security_extn || attrs.secure || 1126 GIC_DIST_TEST_GROUP(irq, 1 << cpu)) { 1127 GIC_DIST_SET_PENDING(irq, 1 << cpu); 1128 s->sgi_pending[irq][cpu] |= value; 1129 } 1130 } else { 1131 goto bad_reg; 1132 } 1133 gic_update(s); 1134 return; 1135 bad_reg: 1136 qemu_log_mask(LOG_GUEST_ERROR, 1137 "gic_dist_writeb: Bad offset %x\n", (int)offset); 1138 } 1139 1140 static void gic_dist_writew(void *opaque, hwaddr offset, 1141 uint32_t value, MemTxAttrs attrs) 1142 { 1143 gic_dist_writeb(opaque, offset, value & 0xff, attrs); 1144 gic_dist_writeb(opaque, offset + 1, value >> 8, attrs); 1145 } 1146 1147 static void gic_dist_writel(void *opaque, hwaddr offset, 1148 uint32_t value, MemTxAttrs attrs) 1149 { 1150 GICState *s = (GICState *)opaque; 1151 if (offset == 0xf00) { 1152 int cpu; 1153 int irq; 1154 int mask; 1155 int target_cpu; 1156 1157 cpu = gic_get_current_cpu(s); 1158 irq = value & 0x3ff; 1159 switch ((value >> 24) & 3) { 1160 case 0: 1161 mask = (value >> 16) & ALL_CPU_MASK; 1162 break; 1163 case 1: 1164 mask = ALL_CPU_MASK ^ (1 << cpu); 1165 break; 1166 case 2: 1167 mask = 1 << cpu; 1168 break; 1169 default: 1170 DPRINTF("Bad Soft Int target filter\n"); 1171 mask = ALL_CPU_MASK; 1172 break; 1173 } 1174 GIC_DIST_SET_PENDING(irq, mask); 1175 target_cpu = ctz32(mask); 1176 while (target_cpu < GIC_NCPU) { 1177 s->sgi_pending[irq][target_cpu] |= (1 << cpu); 1178 mask &= ~(1 << target_cpu); 1179 target_cpu = ctz32(mask); 1180 } 1181 gic_update(s); 1182 return; 1183 } 1184 gic_dist_writew(opaque, offset, value & 0xffff, attrs); 1185 gic_dist_writew(opaque, offset + 2, value >> 16, attrs); 1186 } 1187 1188 static MemTxResult gic_dist_write(void *opaque, hwaddr offset, uint64_t data, 1189 unsigned size, MemTxAttrs attrs) 1190 { 1191 switch (size) { 1192 case 1: 1193 gic_dist_writeb(opaque, offset, data, attrs); 1194 return MEMTX_OK; 1195 case 2: 1196 gic_dist_writew(opaque, offset, data, attrs); 1197 return MEMTX_OK; 1198 case 4: 1199 gic_dist_writel(opaque, offset, data, attrs); 1200 return MEMTX_OK; 1201 default: 1202 return MEMTX_ERROR; 1203 } 1204 } 1205 1206 static inline uint32_t gic_apr_ns_view(GICState *s, int cpu, int regno) 1207 { 1208 /* Return the Nonsecure view of GICC_APR<regno>. This is the 1209 * second half of GICC_NSAPR. 1210 */ 1211 switch (GIC_MIN_BPR) { 1212 case 0: 1213 if (regno < 2) { 1214 return s->nsapr[regno + 2][cpu]; 1215 } 1216 break; 1217 case 1: 1218 if (regno == 0) { 1219 return s->nsapr[regno + 1][cpu]; 1220 } 1221 break; 1222 case 2: 1223 if (regno == 0) { 1224 return extract32(s->nsapr[0][cpu], 16, 16); 1225 } 1226 break; 1227 case 3: 1228 if (regno == 0) { 1229 return extract32(s->nsapr[0][cpu], 8, 8); 1230 } 1231 break; 1232 default: 1233 g_assert_not_reached(); 1234 } 1235 return 0; 1236 } 1237 1238 static inline void gic_apr_write_ns_view(GICState *s, int cpu, int regno, 1239 uint32_t value) 1240 { 1241 /* Write the Nonsecure view of GICC_APR<regno>. */ 1242 switch (GIC_MIN_BPR) { 1243 case 0: 1244 if (regno < 2) { 1245 s->nsapr[regno + 2][cpu] = value; 1246 } 1247 break; 1248 case 1: 1249 if (regno == 0) { 1250 s->nsapr[regno + 1][cpu] = value; 1251 } 1252 break; 1253 case 2: 1254 if (regno == 0) { 1255 s->nsapr[0][cpu] = deposit32(s->nsapr[0][cpu], 16, 16, value); 1256 } 1257 break; 1258 case 3: 1259 if (regno == 0) { 1260 s->nsapr[0][cpu] = deposit32(s->nsapr[0][cpu], 8, 8, value); 1261 } 1262 break; 1263 default: 1264 g_assert_not_reached(); 1265 } 1266 } 1267 1268 static MemTxResult gic_cpu_read(GICState *s, int cpu, int offset, 1269 uint64_t *data, MemTxAttrs attrs) 1270 { 1271 switch (offset) { 1272 case 0x00: /* Control */ 1273 *data = gic_get_cpu_control(s, cpu, attrs); 1274 break; 1275 case 0x04: /* Priority mask */ 1276 *data = gic_get_priority_mask(s, cpu, attrs); 1277 break; 1278 case 0x08: /* Binary Point */ 1279 if (s->security_extn && !attrs.secure) { 1280 if (s->cpu_ctlr[cpu] & GICC_CTLR_CBPR) { 1281 /* NS view of BPR when CBPR is 1 */ 1282 *data = MIN(s->bpr[cpu] + 1, 7); 1283 } else { 1284 /* BPR is banked. Non-secure copy stored in ABPR. */ 1285 *data = s->abpr[cpu]; 1286 } 1287 } else { 1288 *data = s->bpr[cpu]; 1289 } 1290 break; 1291 case 0x0c: /* Acknowledge */ 1292 *data = gic_acknowledge_irq(s, cpu, attrs); 1293 break; 1294 case 0x14: /* Running Priority */ 1295 *data = gic_get_running_priority(s, cpu, attrs); 1296 break; 1297 case 0x18: /* Highest Pending Interrupt */ 1298 *data = gic_get_current_pending_irq(s, cpu, attrs); 1299 break; 1300 case 0x1c: /* Aliased Binary Point */ 1301 /* GIC v2, no security: ABPR 1302 * GIC v1, no security: not implemented (RAZ/WI) 1303 * With security extensions, secure access: ABPR (alias of NS BPR) 1304 * With security extensions, nonsecure access: RAZ/WI 1305 */ 1306 if (!gic_has_groups(s) || (s->security_extn && !attrs.secure)) { 1307 *data = 0; 1308 } else { 1309 *data = s->abpr[cpu]; 1310 } 1311 break; 1312 case 0xd0: case 0xd4: case 0xd8: case 0xdc: 1313 { 1314 int regno = (offset - 0xd0) / 4; 1315 1316 if (regno >= GIC_NR_APRS || s->revision != 2) { 1317 *data = 0; 1318 } else if (s->security_extn && !attrs.secure) { 1319 /* NS view of GICC_APR<n> is the top half of GIC_NSAPR<n> */ 1320 *data = gic_apr_ns_view(s, regno, cpu); 1321 } else { 1322 *data = s->apr[regno][cpu]; 1323 } 1324 break; 1325 } 1326 case 0xe0: case 0xe4: case 0xe8: case 0xec: 1327 { 1328 int regno = (offset - 0xe0) / 4; 1329 1330 if (regno >= GIC_NR_APRS || s->revision != 2 || !gic_has_groups(s) || 1331 (s->security_extn && !attrs.secure)) { 1332 *data = 0; 1333 } else { 1334 *data = s->nsapr[regno][cpu]; 1335 } 1336 break; 1337 } 1338 default: 1339 qemu_log_mask(LOG_GUEST_ERROR, 1340 "gic_cpu_read: Bad offset %x\n", (int)offset); 1341 *data = 0; 1342 break; 1343 } 1344 return MEMTX_OK; 1345 } 1346 1347 static MemTxResult gic_cpu_write(GICState *s, int cpu, int offset, 1348 uint32_t value, MemTxAttrs attrs) 1349 { 1350 switch (offset) { 1351 case 0x00: /* Control */ 1352 gic_set_cpu_control(s, cpu, value, attrs); 1353 break; 1354 case 0x04: /* Priority mask */ 1355 gic_set_priority_mask(s, cpu, value, attrs); 1356 break; 1357 case 0x08: /* Binary Point */ 1358 if (s->security_extn && !attrs.secure) { 1359 if (s->cpu_ctlr[cpu] & GICC_CTLR_CBPR) { 1360 /* WI when CBPR is 1 */ 1361 return MEMTX_OK; 1362 } else { 1363 s->abpr[cpu] = MAX(value & 0x7, GIC_MIN_ABPR); 1364 } 1365 } else { 1366 s->bpr[cpu] = MAX(value & 0x7, GIC_MIN_BPR); 1367 } 1368 break; 1369 case 0x10: /* End Of Interrupt */ 1370 gic_complete_irq(s, cpu, value & 0x3ff, attrs); 1371 return MEMTX_OK; 1372 case 0x1c: /* Aliased Binary Point */ 1373 if (!gic_has_groups(s) || (s->security_extn && !attrs.secure)) { 1374 /* unimplemented, or NS access: RAZ/WI */ 1375 return MEMTX_OK; 1376 } else { 1377 s->abpr[cpu] = MAX(value & 0x7, GIC_MIN_ABPR); 1378 } 1379 break; 1380 case 0xd0: case 0xd4: case 0xd8: case 0xdc: 1381 { 1382 int regno = (offset - 0xd0) / 4; 1383 1384 if (regno >= GIC_NR_APRS || s->revision != 2) { 1385 return MEMTX_OK; 1386 } 1387 if (s->security_extn && !attrs.secure) { 1388 /* NS view of GICC_APR<n> is the top half of GIC_NSAPR<n> */ 1389 gic_apr_write_ns_view(s, regno, cpu, value); 1390 } else { 1391 s->apr[regno][cpu] = value; 1392 } 1393 break; 1394 } 1395 case 0xe0: case 0xe4: case 0xe8: case 0xec: 1396 { 1397 int regno = (offset - 0xe0) / 4; 1398 1399 if (regno >= GIC_NR_APRS || s->revision != 2) { 1400 return MEMTX_OK; 1401 } 1402 if (!gic_has_groups(s) || (s->security_extn && !attrs.secure)) { 1403 return MEMTX_OK; 1404 } 1405 s->nsapr[regno][cpu] = value; 1406 break; 1407 } 1408 case 0x1000: 1409 /* GICC_DIR */ 1410 gic_deactivate_irq(s, cpu, value & 0x3ff, attrs); 1411 break; 1412 default: 1413 qemu_log_mask(LOG_GUEST_ERROR, 1414 "gic_cpu_write: Bad offset %x\n", (int)offset); 1415 return MEMTX_OK; 1416 } 1417 gic_update(s); 1418 return MEMTX_OK; 1419 } 1420 1421 /* Wrappers to read/write the GIC CPU interface for the current CPU */ 1422 static MemTxResult gic_thiscpu_read(void *opaque, hwaddr addr, uint64_t *data, 1423 unsigned size, MemTxAttrs attrs) 1424 { 1425 GICState *s = (GICState *)opaque; 1426 return gic_cpu_read(s, gic_get_current_cpu(s), addr, data, attrs); 1427 } 1428 1429 static MemTxResult gic_thiscpu_write(void *opaque, hwaddr addr, 1430 uint64_t value, unsigned size, 1431 MemTxAttrs attrs) 1432 { 1433 GICState *s = (GICState *)opaque; 1434 return gic_cpu_write(s, gic_get_current_cpu(s), addr, value, attrs); 1435 } 1436 1437 /* Wrappers to read/write the GIC CPU interface for a specific CPU. 1438 * These just decode the opaque pointer into GICState* + cpu id. 1439 */ 1440 static MemTxResult gic_do_cpu_read(void *opaque, hwaddr addr, uint64_t *data, 1441 unsigned size, MemTxAttrs attrs) 1442 { 1443 GICState **backref = (GICState **)opaque; 1444 GICState *s = *backref; 1445 int id = (backref - s->backref); 1446 return gic_cpu_read(s, id, addr, data, attrs); 1447 } 1448 1449 static MemTxResult gic_do_cpu_write(void *opaque, hwaddr addr, 1450 uint64_t value, unsigned size, 1451 MemTxAttrs attrs) 1452 { 1453 GICState **backref = (GICState **)opaque; 1454 GICState *s = *backref; 1455 int id = (backref - s->backref); 1456 return gic_cpu_write(s, id, addr, value, attrs); 1457 } 1458 1459 static const MemoryRegionOps gic_ops[2] = { 1460 { 1461 .read_with_attrs = gic_dist_read, 1462 .write_with_attrs = gic_dist_write, 1463 .endianness = DEVICE_NATIVE_ENDIAN, 1464 }, 1465 { 1466 .read_with_attrs = gic_thiscpu_read, 1467 .write_with_attrs = gic_thiscpu_write, 1468 .endianness = DEVICE_NATIVE_ENDIAN, 1469 } 1470 }; 1471 1472 static const MemoryRegionOps gic_cpu_ops = { 1473 .read_with_attrs = gic_do_cpu_read, 1474 .write_with_attrs = gic_do_cpu_write, 1475 .endianness = DEVICE_NATIVE_ENDIAN, 1476 }; 1477 1478 static void arm_gic_realize(DeviceState *dev, Error **errp) 1479 { 1480 /* Device instance realize function for the GIC sysbus device */ 1481 int i; 1482 GICState *s = ARM_GIC(dev); 1483 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1484 ARMGICClass *agc = ARM_GIC_GET_CLASS(s); 1485 Error *local_err = NULL; 1486 1487 agc->parent_realize(dev, &local_err); 1488 if (local_err) { 1489 error_propagate(errp, local_err); 1490 return; 1491 } 1492 1493 if (kvm_enabled() && !kvm_arm_supports_user_irq()) { 1494 error_setg(errp, "KVM with user space irqchip only works when the " 1495 "host kernel supports KVM_CAP_ARM_USER_IRQ"); 1496 return; 1497 } 1498 1499 /* This creates distributor and main CPU interface (s->cpuiomem[0]) */ 1500 gic_init_irqs_and_mmio(s, gic_set_irq, gic_ops, NULL); 1501 1502 /* Extra core-specific regions for the CPU interfaces. This is 1503 * necessary for "franken-GIC" implementations, for example on 1504 * Exynos 4. 1505 * NB that the memory region size of 0x100 applies for the 11MPCore 1506 * and also cores following the GIC v1 spec (ie A9). 1507 * GIC v2 defines a larger memory region (0x1000) so this will need 1508 * to be extended when we implement A15. 1509 */ 1510 for (i = 0; i < s->num_cpu; i++) { 1511 s->backref[i] = s; 1512 memory_region_init_io(&s->cpuiomem[i+1], OBJECT(s), &gic_cpu_ops, 1513 &s->backref[i], "gic_cpu", 0x100); 1514 sysbus_init_mmio(sbd, &s->cpuiomem[i+1]); 1515 } 1516 } 1517 1518 static void arm_gic_class_init(ObjectClass *klass, void *data) 1519 { 1520 DeviceClass *dc = DEVICE_CLASS(klass); 1521 ARMGICClass *agc = ARM_GIC_CLASS(klass); 1522 1523 device_class_set_parent_realize(dc, arm_gic_realize, &agc->parent_realize); 1524 } 1525 1526 static const TypeInfo arm_gic_info = { 1527 .name = TYPE_ARM_GIC, 1528 .parent = TYPE_ARM_GIC_COMMON, 1529 .instance_size = sizeof(GICState), 1530 .class_init = arm_gic_class_init, 1531 .class_size = sizeof(ARMGICClass), 1532 }; 1533 1534 static void arm_gic_register_types(void) 1535 { 1536 type_register_static(&arm_gic_info); 1537 } 1538 1539 type_init(arm_gic_register_types) 1540