1 /* 2 * ARM Generic/Distributed Interrupt Controller 3 * 4 * Copyright (c) 2006-2007 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the GPL. 8 */ 9 10 /* This file contains implementation code for the RealView EB interrupt 11 * controller, MPCore distributed interrupt controller and ARMv7-M 12 * Nested Vectored Interrupt Controller. 13 * It is compiled in two ways: 14 * (1) as a standalone file to produce a sysbus device which is a GIC 15 * that can be used on the realview board and as one of the builtin 16 * private peripherals for the ARM MP CPUs (11MPCore, A9, etc) 17 * (2) by being directly #included into armv7m_nvic.c to produce the 18 * armv7m_nvic device. 19 */ 20 21 #include "qemu/osdep.h" 22 #include "hw/irq.h" 23 #include "hw/sysbus.h" 24 #include "gic_internal.h" 25 #include "qapi/error.h" 26 #include "hw/core/cpu.h" 27 #include "qemu/log.h" 28 #include "qemu/module.h" 29 #include "trace.h" 30 #include "sysemu/kvm.h" 31 #include "sysemu/qtest.h" 32 33 /* #define DEBUG_GIC */ 34 35 #ifdef DEBUG_GIC 36 #define DEBUG_GIC_GATE 1 37 #else 38 #define DEBUG_GIC_GATE 0 39 #endif 40 41 #define DPRINTF(fmt, ...) do { \ 42 if (DEBUG_GIC_GATE) { \ 43 fprintf(stderr, "%s: " fmt, __func__, ## __VA_ARGS__); \ 44 } \ 45 } while (0) 46 47 static const uint8_t gic_id_11mpcore[] = { 48 0x00, 0x00, 0x00, 0x00, 0x90, 0x13, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 49 }; 50 51 static const uint8_t gic_id_gicv1[] = { 52 0x04, 0x00, 0x00, 0x00, 0x90, 0xb3, 0x1b, 0x00, 0x0d, 0xf0, 0x05, 0xb1 53 }; 54 55 static const uint8_t gic_id_gicv2[] = { 56 0x04, 0x00, 0x00, 0x00, 0x90, 0xb4, 0x2b, 0x00, 0x0d, 0xf0, 0x05, 0xb1 57 }; 58 59 static inline int gic_get_current_cpu(GICState *s) 60 { 61 if (!qtest_enabled() && s->num_cpu > 1) { 62 return current_cpu->cpu_index; 63 } 64 return 0; 65 } 66 67 static inline int gic_get_current_vcpu(GICState *s) 68 { 69 return gic_get_current_cpu(s) + GIC_NCPU; 70 } 71 72 /* Return true if this GIC config has interrupt groups, which is 73 * true if we're a GICv2, or a GICv1 with the security extensions. 74 */ 75 static inline bool gic_has_groups(GICState *s) 76 { 77 return s->revision == 2 || s->security_extn; 78 } 79 80 static inline bool gic_cpu_ns_access(GICState *s, int cpu, MemTxAttrs attrs) 81 { 82 return !gic_is_vcpu(cpu) && s->security_extn && !attrs.secure; 83 } 84 85 static inline void gic_get_best_irq(GICState *s, int cpu, 86 int *best_irq, int *best_prio, int *group) 87 { 88 int irq; 89 int cm = 1 << cpu; 90 91 *best_irq = 1023; 92 *best_prio = 0x100; 93 94 for (irq = 0; irq < s->num_irq; irq++) { 95 if (GIC_DIST_TEST_ENABLED(irq, cm) && gic_test_pending(s, irq, cm) && 96 (!GIC_DIST_TEST_ACTIVE(irq, cm)) && 97 (irq < GIC_INTERNAL || GIC_DIST_TARGET(irq) & cm)) { 98 if (GIC_DIST_GET_PRIORITY(irq, cpu) < *best_prio) { 99 *best_prio = GIC_DIST_GET_PRIORITY(irq, cpu); 100 *best_irq = irq; 101 } 102 } 103 } 104 105 if (*best_irq < 1023) { 106 *group = GIC_DIST_TEST_GROUP(*best_irq, cm); 107 } 108 } 109 110 static inline void gic_get_best_virq(GICState *s, int cpu, 111 int *best_irq, int *best_prio, int *group) 112 { 113 int lr_idx = 0; 114 115 *best_irq = 1023; 116 *best_prio = 0x100; 117 118 for (lr_idx = 0; lr_idx < s->num_lrs; lr_idx++) { 119 uint32_t lr_entry = s->h_lr[lr_idx][cpu]; 120 int state = GICH_LR_STATE(lr_entry); 121 122 if (state == GICH_LR_STATE_PENDING) { 123 int prio = GICH_LR_PRIORITY(lr_entry); 124 125 if (prio < *best_prio) { 126 *best_prio = prio; 127 *best_irq = GICH_LR_VIRT_ID(lr_entry); 128 *group = GICH_LR_GROUP(lr_entry); 129 } 130 } 131 } 132 } 133 134 /* Return true if IRQ signaling is enabled for the given cpu and at least one 135 * of the given groups: 136 * - in the non-virt case, the distributor must be enabled for one of the 137 * given groups 138 * - in the virt case, the virtual interface must be enabled. 139 * - in all cases, the (v)CPU interface must be enabled for one of the given 140 * groups. 141 */ 142 static inline bool gic_irq_signaling_enabled(GICState *s, int cpu, bool virt, 143 int group_mask) 144 { 145 int cpu_iface = virt ? (cpu + GIC_NCPU) : cpu; 146 147 if (!virt && !(s->ctlr & group_mask)) { 148 return false; 149 } 150 151 if (virt && !(s->h_hcr[cpu] & R_GICH_HCR_EN_MASK)) { 152 return false; 153 } 154 155 if (!(s->cpu_ctlr[cpu_iface] & group_mask)) { 156 return false; 157 } 158 159 return true; 160 } 161 162 /* TODO: Many places that call this routine could be optimized. */ 163 /* Update interrupt status after enabled or pending bits have been changed. */ 164 static inline void gic_update_internal(GICState *s, bool virt) 165 { 166 int best_irq; 167 int best_prio; 168 int irq_level, fiq_level; 169 int cpu, cpu_iface; 170 int group = 0; 171 qemu_irq *irq_lines = virt ? s->parent_virq : s->parent_irq; 172 qemu_irq *fiq_lines = virt ? s->parent_vfiq : s->parent_fiq; 173 174 for (cpu = 0; cpu < s->num_cpu; cpu++) { 175 cpu_iface = virt ? (cpu + GIC_NCPU) : cpu; 176 177 s->current_pending[cpu_iface] = 1023; 178 if (!gic_irq_signaling_enabled(s, cpu, virt, 179 GICD_CTLR_EN_GRP0 | GICD_CTLR_EN_GRP1)) { 180 qemu_irq_lower(irq_lines[cpu]); 181 qemu_irq_lower(fiq_lines[cpu]); 182 continue; 183 } 184 185 if (virt) { 186 gic_get_best_virq(s, cpu, &best_irq, &best_prio, &group); 187 } else { 188 gic_get_best_irq(s, cpu, &best_irq, &best_prio, &group); 189 } 190 191 if (best_irq != 1023) { 192 trace_gic_update_bestirq(virt ? "vcpu" : "cpu", cpu, 193 best_irq, best_prio, 194 s->priority_mask[cpu_iface], 195 s->running_priority[cpu_iface]); 196 } 197 198 irq_level = fiq_level = 0; 199 200 if (best_prio < s->priority_mask[cpu_iface]) { 201 s->current_pending[cpu_iface] = best_irq; 202 if (best_prio < s->running_priority[cpu_iface]) { 203 if (gic_irq_signaling_enabled(s, cpu, virt, 1 << group)) { 204 if (group == 0 && 205 s->cpu_ctlr[cpu_iface] & GICC_CTLR_FIQ_EN) { 206 DPRINTF("Raised pending FIQ %d (cpu %d)\n", 207 best_irq, cpu_iface); 208 fiq_level = 1; 209 trace_gic_update_set_irq(cpu, virt ? "vfiq" : "fiq", 210 fiq_level); 211 } else { 212 DPRINTF("Raised pending IRQ %d (cpu %d)\n", 213 best_irq, cpu_iface); 214 irq_level = 1; 215 trace_gic_update_set_irq(cpu, virt ? "virq" : "irq", 216 irq_level); 217 } 218 } 219 } 220 } 221 222 qemu_set_irq(irq_lines[cpu], irq_level); 223 qemu_set_irq(fiq_lines[cpu], fiq_level); 224 } 225 } 226 227 static void gic_update(GICState *s) 228 { 229 gic_update_internal(s, false); 230 } 231 232 /* Return true if this LR is empty, i.e. the corresponding bit 233 * in ELRSR is set. 234 */ 235 static inline bool gic_lr_entry_is_free(uint32_t entry) 236 { 237 return (GICH_LR_STATE(entry) == GICH_LR_STATE_INVALID) 238 && (GICH_LR_HW(entry) || !GICH_LR_EOI(entry)); 239 } 240 241 /* Return true if this LR should trigger an EOI maintenance interrupt, i.e. the 242 * corresponding bit in EISR is set. 243 */ 244 static inline bool gic_lr_entry_is_eoi(uint32_t entry) 245 { 246 return (GICH_LR_STATE(entry) == GICH_LR_STATE_INVALID) 247 && !GICH_LR_HW(entry) && GICH_LR_EOI(entry); 248 } 249 250 static inline void gic_extract_lr_info(GICState *s, int cpu, 251 int *num_eoi, int *num_valid, int *num_pending) 252 { 253 int lr_idx; 254 255 *num_eoi = 0; 256 *num_valid = 0; 257 *num_pending = 0; 258 259 for (lr_idx = 0; lr_idx < s->num_lrs; lr_idx++) { 260 uint32_t *entry = &s->h_lr[lr_idx][cpu]; 261 262 if (gic_lr_entry_is_eoi(*entry)) { 263 (*num_eoi)++; 264 } 265 266 if (GICH_LR_STATE(*entry) != GICH_LR_STATE_INVALID) { 267 (*num_valid)++; 268 } 269 270 if (GICH_LR_STATE(*entry) == GICH_LR_STATE_PENDING) { 271 (*num_pending)++; 272 } 273 } 274 } 275 276 static void gic_compute_misr(GICState *s, int cpu) 277 { 278 uint32_t value = 0; 279 int vcpu = cpu + GIC_NCPU; 280 281 int num_eoi, num_valid, num_pending; 282 283 gic_extract_lr_info(s, cpu, &num_eoi, &num_valid, &num_pending); 284 285 /* EOI */ 286 if (num_eoi) { 287 value |= R_GICH_MISR_EOI_MASK; 288 } 289 290 /* U: true if only 0 or 1 LR entry is valid */ 291 if ((s->h_hcr[cpu] & R_GICH_HCR_UIE_MASK) && (num_valid < 2)) { 292 value |= R_GICH_MISR_U_MASK; 293 } 294 295 /* LRENP: EOICount is not 0 */ 296 if ((s->h_hcr[cpu] & R_GICH_HCR_LRENPIE_MASK) && 297 ((s->h_hcr[cpu] & R_GICH_HCR_EOICount_MASK) != 0)) { 298 value |= R_GICH_MISR_LRENP_MASK; 299 } 300 301 /* NP: no pending interrupts */ 302 if ((s->h_hcr[cpu] & R_GICH_HCR_NPIE_MASK) && (num_pending == 0)) { 303 value |= R_GICH_MISR_NP_MASK; 304 } 305 306 /* VGrp0E: group0 virq signaling enabled */ 307 if ((s->h_hcr[cpu] & R_GICH_HCR_VGRP0EIE_MASK) && 308 (s->cpu_ctlr[vcpu] & GICC_CTLR_EN_GRP0)) { 309 value |= R_GICH_MISR_VGrp0E_MASK; 310 } 311 312 /* VGrp0D: group0 virq signaling disabled */ 313 if ((s->h_hcr[cpu] & R_GICH_HCR_VGRP0DIE_MASK) && 314 !(s->cpu_ctlr[vcpu] & GICC_CTLR_EN_GRP0)) { 315 value |= R_GICH_MISR_VGrp0D_MASK; 316 } 317 318 /* VGrp1E: group1 virq signaling enabled */ 319 if ((s->h_hcr[cpu] & R_GICH_HCR_VGRP1EIE_MASK) && 320 (s->cpu_ctlr[vcpu] & GICC_CTLR_EN_GRP1)) { 321 value |= R_GICH_MISR_VGrp1E_MASK; 322 } 323 324 /* VGrp1D: group1 virq signaling disabled */ 325 if ((s->h_hcr[cpu] & R_GICH_HCR_VGRP1DIE_MASK) && 326 !(s->cpu_ctlr[vcpu] & GICC_CTLR_EN_GRP1)) { 327 value |= R_GICH_MISR_VGrp1D_MASK; 328 } 329 330 s->h_misr[cpu] = value; 331 } 332 333 static void gic_update_maintenance(GICState *s) 334 { 335 int cpu = 0; 336 int maint_level; 337 338 for (cpu = 0; cpu < s->num_cpu; cpu++) { 339 gic_compute_misr(s, cpu); 340 maint_level = (s->h_hcr[cpu] & R_GICH_HCR_EN_MASK) && s->h_misr[cpu]; 341 342 trace_gic_update_maintenance_irq(cpu, maint_level); 343 qemu_set_irq(s->maintenance_irq[cpu], maint_level); 344 } 345 } 346 347 static void gic_update_virt(GICState *s) 348 { 349 gic_update_internal(s, true); 350 gic_update_maintenance(s); 351 } 352 353 static void gic_set_irq_11mpcore(GICState *s, int irq, int level, 354 int cm, int target) 355 { 356 if (level) { 357 GIC_DIST_SET_LEVEL(irq, cm); 358 if (GIC_DIST_TEST_EDGE_TRIGGER(irq) || GIC_DIST_TEST_ENABLED(irq, cm)) { 359 DPRINTF("Set %d pending mask %x\n", irq, target); 360 GIC_DIST_SET_PENDING(irq, target); 361 } 362 } else { 363 GIC_DIST_CLEAR_LEVEL(irq, cm); 364 } 365 } 366 367 static void gic_set_irq_generic(GICState *s, int irq, int level, 368 int cm, int target) 369 { 370 if (level) { 371 GIC_DIST_SET_LEVEL(irq, cm); 372 DPRINTF("Set %d pending mask %x\n", irq, target); 373 if (GIC_DIST_TEST_EDGE_TRIGGER(irq)) { 374 GIC_DIST_SET_PENDING(irq, target); 375 } 376 } else { 377 GIC_DIST_CLEAR_LEVEL(irq, cm); 378 } 379 } 380 381 /* Process a change in an external IRQ input. */ 382 static void gic_set_irq(void *opaque, int irq, int level) 383 { 384 /* Meaning of the 'irq' parameter: 385 * [0..N-1] : external interrupts 386 * [N..N+31] : PPI (internal) interrupts for CPU 0 387 * [N+32..N+63] : PPI (internal interrupts for CPU 1 388 * ... 389 */ 390 GICState *s = (GICState *)opaque; 391 int cm, target; 392 if (irq < (s->num_irq - GIC_INTERNAL)) { 393 /* The first external input line is internal interrupt 32. */ 394 cm = ALL_CPU_MASK; 395 irq += GIC_INTERNAL; 396 target = GIC_DIST_TARGET(irq); 397 } else { 398 int cpu; 399 irq -= (s->num_irq - GIC_INTERNAL); 400 cpu = irq / GIC_INTERNAL; 401 irq %= GIC_INTERNAL; 402 cm = 1 << cpu; 403 target = cm; 404 } 405 406 assert(irq >= GIC_NR_SGIS); 407 408 if (level == GIC_DIST_TEST_LEVEL(irq, cm)) { 409 return; 410 } 411 412 if (s->revision == REV_11MPCORE) { 413 gic_set_irq_11mpcore(s, irq, level, cm, target); 414 } else { 415 gic_set_irq_generic(s, irq, level, cm, target); 416 } 417 trace_gic_set_irq(irq, level, cm, target); 418 419 gic_update(s); 420 } 421 422 static uint16_t gic_get_current_pending_irq(GICState *s, int cpu, 423 MemTxAttrs attrs) 424 { 425 uint16_t pending_irq = s->current_pending[cpu]; 426 427 if (pending_irq < GIC_MAXIRQ && gic_has_groups(s)) { 428 int group = gic_test_group(s, pending_irq, cpu); 429 430 /* On a GIC without the security extensions, reading this register 431 * behaves in the same way as a secure access to a GIC with them. 432 */ 433 bool secure = !gic_cpu_ns_access(s, cpu, attrs); 434 435 if (group == 0 && !secure) { 436 /* Group0 interrupts hidden from Non-secure access */ 437 return 1023; 438 } 439 if (group == 1 && secure && !(s->cpu_ctlr[cpu] & GICC_CTLR_ACK_CTL)) { 440 /* Group1 interrupts only seen by Secure access if 441 * AckCtl bit set. 442 */ 443 return 1022; 444 } 445 } 446 return pending_irq; 447 } 448 449 static int gic_get_group_priority(GICState *s, int cpu, int irq) 450 { 451 /* Return the group priority of the specified interrupt 452 * (which is the top bits of its priority, with the number 453 * of bits masked determined by the applicable binary point register). 454 */ 455 int bpr; 456 uint32_t mask; 457 458 if (gic_has_groups(s) && 459 !(s->cpu_ctlr[cpu] & GICC_CTLR_CBPR) && 460 gic_test_group(s, irq, cpu)) { 461 bpr = s->abpr[cpu] - 1; 462 assert(bpr >= 0); 463 } else { 464 bpr = s->bpr[cpu]; 465 } 466 467 /* a BPR of 0 means the group priority bits are [7:1]; 468 * a BPR of 1 means they are [7:2], and so on down to 469 * a BPR of 7 meaning no group priority bits at all. 470 */ 471 mask = ~0U << ((bpr & 7) + 1); 472 473 return gic_get_priority(s, irq, cpu) & mask; 474 } 475 476 static void gic_activate_irq(GICState *s, int cpu, int irq) 477 { 478 /* Set the appropriate Active Priority Register bit for this IRQ, 479 * and update the running priority. 480 */ 481 int prio = gic_get_group_priority(s, cpu, irq); 482 int min_bpr = gic_is_vcpu(cpu) ? GIC_VIRT_MIN_BPR : GIC_MIN_BPR; 483 int preemption_level = prio >> (min_bpr + 1); 484 int regno = preemption_level / 32; 485 int bitno = preemption_level % 32; 486 uint32_t *papr = NULL; 487 488 if (gic_is_vcpu(cpu)) { 489 assert(regno == 0); 490 papr = &s->h_apr[gic_get_vcpu_real_id(cpu)]; 491 } else if (gic_has_groups(s) && gic_test_group(s, irq, cpu)) { 492 papr = &s->nsapr[regno][cpu]; 493 } else { 494 papr = &s->apr[regno][cpu]; 495 } 496 497 *papr |= (1 << bitno); 498 499 s->running_priority[cpu] = prio; 500 gic_set_active(s, irq, cpu); 501 } 502 503 static int gic_get_prio_from_apr_bits(GICState *s, int cpu) 504 { 505 /* Recalculate the current running priority for this CPU based 506 * on the set bits in the Active Priority Registers. 507 */ 508 int i; 509 510 if (gic_is_vcpu(cpu)) { 511 uint32_t apr = s->h_apr[gic_get_vcpu_real_id(cpu)]; 512 if (apr) { 513 return ctz32(apr) << (GIC_VIRT_MIN_BPR + 1); 514 } else { 515 return 0x100; 516 } 517 } 518 519 for (i = 0; i < GIC_NR_APRS; i++) { 520 uint32_t apr = s->apr[i][cpu] | s->nsapr[i][cpu]; 521 if (!apr) { 522 continue; 523 } 524 return (i * 32 + ctz32(apr)) << (GIC_MIN_BPR + 1); 525 } 526 return 0x100; 527 } 528 529 static void gic_drop_prio(GICState *s, int cpu, int group) 530 { 531 /* Drop the priority of the currently active interrupt in the 532 * specified group. 533 * 534 * Note that we can guarantee (because of the requirement to nest 535 * GICC_IAR reads [which activate an interrupt and raise priority] 536 * with GICC_EOIR writes [which drop the priority for the interrupt]) 537 * that the interrupt we're being called for is the highest priority 538 * active interrupt, meaning that it has the lowest set bit in the 539 * APR registers. 540 * 541 * If the guest does not honour the ordering constraints then the 542 * behaviour of the GIC is UNPREDICTABLE, which for us means that 543 * the values of the APR registers might become incorrect and the 544 * running priority will be wrong, so interrupts that should preempt 545 * might not do so, and interrupts that should not preempt might do so. 546 */ 547 if (gic_is_vcpu(cpu)) { 548 int rcpu = gic_get_vcpu_real_id(cpu); 549 550 if (s->h_apr[rcpu]) { 551 /* Clear lowest set bit */ 552 s->h_apr[rcpu] &= s->h_apr[rcpu] - 1; 553 } 554 } else { 555 int i; 556 557 for (i = 0; i < GIC_NR_APRS; i++) { 558 uint32_t *papr = group ? &s->nsapr[i][cpu] : &s->apr[i][cpu]; 559 if (!*papr) { 560 continue; 561 } 562 /* Clear lowest set bit */ 563 *papr &= *papr - 1; 564 break; 565 } 566 } 567 568 s->running_priority[cpu] = gic_get_prio_from_apr_bits(s, cpu); 569 } 570 571 static inline uint32_t gic_clear_pending_sgi(GICState *s, int irq, int cpu) 572 { 573 int src; 574 uint32_t ret; 575 576 if (!gic_is_vcpu(cpu)) { 577 /* Lookup the source CPU for the SGI and clear this in the 578 * sgi_pending map. Return the src and clear the overall pending 579 * state on this CPU if the SGI is not pending from any CPUs. 580 */ 581 assert(s->sgi_pending[irq][cpu] != 0); 582 src = ctz32(s->sgi_pending[irq][cpu]); 583 s->sgi_pending[irq][cpu] &= ~(1 << src); 584 if (s->sgi_pending[irq][cpu] == 0) { 585 gic_clear_pending(s, irq, cpu); 586 } 587 ret = irq | ((src & 0x7) << 10); 588 } else { 589 uint32_t *lr_entry = gic_get_lr_entry(s, irq, cpu); 590 src = GICH_LR_CPUID(*lr_entry); 591 592 gic_clear_pending(s, irq, cpu); 593 ret = irq | (src << 10); 594 } 595 596 return ret; 597 } 598 599 uint32_t gic_acknowledge_irq(GICState *s, int cpu, MemTxAttrs attrs) 600 { 601 int ret, irq; 602 603 /* gic_get_current_pending_irq() will return 1022 or 1023 appropriately 604 * for the case where this GIC supports grouping and the pending interrupt 605 * is in the wrong group. 606 */ 607 irq = gic_get_current_pending_irq(s, cpu, attrs); 608 trace_gic_acknowledge_irq(gic_is_vcpu(cpu) ? "vcpu" : "cpu", 609 gic_get_vcpu_real_id(cpu), irq); 610 611 if (irq >= GIC_MAXIRQ) { 612 DPRINTF("ACK, no pending interrupt or it is hidden: %d\n", irq); 613 return irq; 614 } 615 616 if (gic_get_priority(s, irq, cpu) >= s->running_priority[cpu]) { 617 DPRINTF("ACK, pending interrupt (%d) has insufficient priority\n", irq); 618 return 1023; 619 } 620 621 gic_activate_irq(s, cpu, irq); 622 623 if (s->revision == REV_11MPCORE) { 624 /* Clear pending flags for both level and edge triggered interrupts. 625 * Level triggered IRQs will be reasserted once they become inactive. 626 */ 627 gic_clear_pending(s, irq, cpu); 628 ret = irq; 629 } else { 630 if (irq < GIC_NR_SGIS) { 631 ret = gic_clear_pending_sgi(s, irq, cpu); 632 } else { 633 gic_clear_pending(s, irq, cpu); 634 ret = irq; 635 } 636 } 637 638 if (gic_is_vcpu(cpu)) { 639 gic_update_virt(s); 640 } else { 641 gic_update(s); 642 } 643 DPRINTF("ACK %d\n", irq); 644 return ret; 645 } 646 647 static uint32_t gic_fullprio_mask(GICState *s, int cpu) 648 { 649 /* 650 * Return a mask word which clears the unimplemented priority 651 * bits from a priority value for an interrupt. (Not to be 652 * confused with the group priority, whose mask depends on BPR.) 653 */ 654 int priBits; 655 656 if (gic_is_vcpu(cpu)) { 657 priBits = GIC_VIRT_MAX_GROUP_PRIO_BITS; 658 } else { 659 priBits = s->n_prio_bits; 660 } 661 return ~0U << (8 - priBits); 662 } 663 664 void gic_dist_set_priority(GICState *s, int cpu, int irq, uint8_t val, 665 MemTxAttrs attrs) 666 { 667 if (s->security_extn && !attrs.secure) { 668 if (!GIC_DIST_TEST_GROUP(irq, (1 << cpu))) { 669 return; /* Ignore Non-secure access of Group0 IRQ */ 670 } 671 val = 0x80 | (val >> 1); /* Non-secure view */ 672 } 673 674 val &= gic_fullprio_mask(s, cpu); 675 676 if (irq < GIC_INTERNAL) { 677 s->priority1[irq][cpu] = val; 678 } else { 679 s->priority2[(irq) - GIC_INTERNAL] = val; 680 } 681 } 682 683 static uint32_t gic_dist_get_priority(GICState *s, int cpu, int irq, 684 MemTxAttrs attrs) 685 { 686 uint32_t prio = GIC_DIST_GET_PRIORITY(irq, cpu); 687 688 if (s->security_extn && !attrs.secure) { 689 if (!GIC_DIST_TEST_GROUP(irq, (1 << cpu))) { 690 return 0; /* Non-secure access cannot read priority of Group0 IRQ */ 691 } 692 prio = (prio << 1) & 0xff; /* Non-secure view */ 693 } 694 return prio & gic_fullprio_mask(s, cpu); 695 } 696 697 static void gic_set_priority_mask(GICState *s, int cpu, uint8_t pmask, 698 MemTxAttrs attrs) 699 { 700 if (gic_cpu_ns_access(s, cpu, attrs)) { 701 if (s->priority_mask[cpu] & 0x80) { 702 /* Priority Mask in upper half */ 703 pmask = 0x80 | (pmask >> 1); 704 } else { 705 /* Non-secure write ignored if priority mask is in lower half */ 706 return; 707 } 708 } 709 s->priority_mask[cpu] = pmask & gic_fullprio_mask(s, cpu); 710 } 711 712 static uint32_t gic_get_priority_mask(GICState *s, int cpu, MemTxAttrs attrs) 713 { 714 uint32_t pmask = s->priority_mask[cpu]; 715 716 if (gic_cpu_ns_access(s, cpu, attrs)) { 717 if (pmask & 0x80) { 718 /* Priority Mask in upper half, return Non-secure view */ 719 pmask = (pmask << 1) & 0xff; 720 } else { 721 /* Priority Mask in lower half, RAZ */ 722 pmask = 0; 723 } 724 } 725 return pmask; 726 } 727 728 static uint32_t gic_get_cpu_control(GICState *s, int cpu, MemTxAttrs attrs) 729 { 730 uint32_t ret = s->cpu_ctlr[cpu]; 731 732 if (gic_cpu_ns_access(s, cpu, attrs)) { 733 /* Construct the NS banked view of GICC_CTLR from the correct 734 * bits of the S banked view. We don't need to move the bypass 735 * control bits because we don't implement that (IMPDEF) part 736 * of the GIC architecture. 737 */ 738 ret = (ret & (GICC_CTLR_EN_GRP1 | GICC_CTLR_EOIMODE_NS)) >> 1; 739 } 740 return ret; 741 } 742 743 static void gic_set_cpu_control(GICState *s, int cpu, uint32_t value, 744 MemTxAttrs attrs) 745 { 746 uint32_t mask; 747 748 if (gic_cpu_ns_access(s, cpu, attrs)) { 749 /* The NS view can only write certain bits in the register; 750 * the rest are unchanged 751 */ 752 mask = GICC_CTLR_EN_GRP1; 753 if (s->revision == 2) { 754 mask |= GICC_CTLR_EOIMODE_NS; 755 } 756 s->cpu_ctlr[cpu] &= ~mask; 757 s->cpu_ctlr[cpu] |= (value << 1) & mask; 758 } else { 759 if (s->revision == 2) { 760 mask = s->security_extn ? GICC_CTLR_V2_S_MASK : GICC_CTLR_V2_MASK; 761 } else { 762 mask = s->security_extn ? GICC_CTLR_V1_S_MASK : GICC_CTLR_V1_MASK; 763 } 764 s->cpu_ctlr[cpu] = value & mask; 765 } 766 DPRINTF("CPU Interface %d: Group0 Interrupts %sabled, " 767 "Group1 Interrupts %sabled\n", cpu, 768 (s->cpu_ctlr[cpu] & GICC_CTLR_EN_GRP0) ? "En" : "Dis", 769 (s->cpu_ctlr[cpu] & GICC_CTLR_EN_GRP1) ? "En" : "Dis"); 770 } 771 772 static uint8_t gic_get_running_priority(GICState *s, int cpu, MemTxAttrs attrs) 773 { 774 if ((s->revision != REV_11MPCORE) && (s->running_priority[cpu] > 0xff)) { 775 /* Idle priority */ 776 return 0xff; 777 } 778 779 if (gic_cpu_ns_access(s, cpu, attrs)) { 780 if (s->running_priority[cpu] & 0x80) { 781 /* Running priority in upper half of range: return the Non-secure 782 * view of the priority. 783 */ 784 return s->running_priority[cpu] << 1; 785 } else { 786 /* Running priority in lower half of range: RAZ */ 787 return 0; 788 } 789 } else { 790 return s->running_priority[cpu]; 791 } 792 } 793 794 /* Return true if we should split priority drop and interrupt deactivation, 795 * ie whether the relevant EOIMode bit is set. 796 */ 797 static bool gic_eoi_split(GICState *s, int cpu, MemTxAttrs attrs) 798 { 799 if (s->revision != 2) { 800 /* Before GICv2 prio-drop and deactivate are not separable */ 801 return false; 802 } 803 if (gic_cpu_ns_access(s, cpu, attrs)) { 804 return s->cpu_ctlr[cpu] & GICC_CTLR_EOIMODE_NS; 805 } 806 return s->cpu_ctlr[cpu] & GICC_CTLR_EOIMODE; 807 } 808 809 static void gic_deactivate_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs) 810 { 811 int group; 812 813 if (irq >= GIC_MAXIRQ || (!gic_is_vcpu(cpu) && irq >= s->num_irq)) { 814 /* 815 * This handles two cases: 816 * 1. If software writes the ID of a spurious interrupt [ie 1023] 817 * to the GICC_DIR, the GIC ignores that write. 818 * 2. If software writes the number of a non-existent interrupt 819 * this must be a subcase of "value written is not an active interrupt" 820 * and so this is UNPREDICTABLE. We choose to ignore it. For vCPUs, 821 * all IRQs potentially exist, so this limit does not apply. 822 */ 823 return; 824 } 825 826 if (!gic_eoi_split(s, cpu, attrs)) { 827 /* This is UNPREDICTABLE; we choose to ignore it */ 828 qemu_log_mask(LOG_GUEST_ERROR, 829 "gic_deactivate_irq: GICC_DIR write when EOIMode clear"); 830 return; 831 } 832 833 if (gic_is_vcpu(cpu) && !gic_virq_is_valid(s, irq, cpu)) { 834 /* This vIRQ does not have an LR entry which is either active or 835 * pending and active. Increment EOICount and ignore the write. 836 */ 837 int rcpu = gic_get_vcpu_real_id(cpu); 838 s->h_hcr[rcpu] += 1 << R_GICH_HCR_EOICount_SHIFT; 839 840 /* Update the virtual interface in case a maintenance interrupt should 841 * be raised. 842 */ 843 gic_update_virt(s); 844 return; 845 } 846 847 group = gic_has_groups(s) && gic_test_group(s, irq, cpu); 848 849 if (gic_cpu_ns_access(s, cpu, attrs) && !group) { 850 DPRINTF("Non-secure DI for Group0 interrupt %d ignored\n", irq); 851 return; 852 } 853 854 gic_clear_active(s, irq, cpu); 855 } 856 857 static void gic_complete_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs) 858 { 859 int cm = 1 << cpu; 860 int group; 861 862 DPRINTF("EOI %d\n", irq); 863 if (gic_is_vcpu(cpu)) { 864 /* The call to gic_prio_drop() will clear a bit in GICH_APR iff the 865 * running prio is < 0x100. 866 */ 867 bool prio_drop = s->running_priority[cpu] < 0x100; 868 869 if (irq >= GIC_MAXIRQ) { 870 /* Ignore spurious interrupt */ 871 return; 872 } 873 874 gic_drop_prio(s, cpu, 0); 875 876 if (!gic_eoi_split(s, cpu, attrs)) { 877 bool valid = gic_virq_is_valid(s, irq, cpu); 878 if (prio_drop && !valid) { 879 /* We are in a situation where: 880 * - V_CTRL.EOIMode is false (no EOI split), 881 * - The call to gic_drop_prio() cleared a bit in GICH_APR, 882 * - This vIRQ does not have an LR entry which is either 883 * active or pending and active. 884 * In that case, we must increment EOICount. 885 */ 886 int rcpu = gic_get_vcpu_real_id(cpu); 887 s->h_hcr[rcpu] += 1 << R_GICH_HCR_EOICount_SHIFT; 888 } else if (valid) { 889 gic_clear_active(s, irq, cpu); 890 } 891 } 892 893 gic_update_virt(s); 894 return; 895 } 896 897 if (irq >= s->num_irq) { 898 /* This handles two cases: 899 * 1. If software writes the ID of a spurious interrupt [ie 1023] 900 * to the GICC_EOIR, the GIC ignores that write. 901 * 2. If software writes the number of a non-existent interrupt 902 * this must be a subcase of "value written does not match the last 903 * valid interrupt value read from the Interrupt Acknowledge 904 * register" and so this is UNPREDICTABLE. We choose to ignore it. 905 */ 906 return; 907 } 908 if (s->running_priority[cpu] == 0x100) { 909 return; /* No active IRQ. */ 910 } 911 912 if (s->revision == REV_11MPCORE) { 913 /* Mark level triggered interrupts as pending if they are still 914 raised. */ 915 if (!GIC_DIST_TEST_EDGE_TRIGGER(irq) && GIC_DIST_TEST_ENABLED(irq, cm) 916 && GIC_DIST_TEST_LEVEL(irq, cm) 917 && (GIC_DIST_TARGET(irq) & cm) != 0) { 918 DPRINTF("Set %d pending mask %x\n", irq, cm); 919 GIC_DIST_SET_PENDING(irq, cm); 920 } 921 } 922 923 group = gic_has_groups(s) && gic_test_group(s, irq, cpu); 924 925 if (gic_cpu_ns_access(s, cpu, attrs) && !group) { 926 DPRINTF("Non-secure EOI for Group0 interrupt %d ignored\n", irq); 927 return; 928 } 929 930 /* Secure EOI with GICC_CTLR.AckCtl == 0 when the IRQ is a Group 1 931 * interrupt is UNPREDICTABLE. We choose to handle it as if AckCtl == 1, 932 * i.e. go ahead and complete the irq anyway. 933 */ 934 935 gic_drop_prio(s, cpu, group); 936 937 /* In GICv2 the guest can choose to split priority-drop and deactivate */ 938 if (!gic_eoi_split(s, cpu, attrs)) { 939 gic_clear_active(s, irq, cpu); 940 } 941 gic_update(s); 942 } 943 944 static uint8_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs) 945 { 946 GICState *s = (GICState *)opaque; 947 uint32_t res; 948 int irq; 949 int i; 950 int cpu; 951 int cm; 952 int mask; 953 954 cpu = gic_get_current_cpu(s); 955 cm = 1 << cpu; 956 if (offset < 0x100) { 957 if (offset == 0) { /* GICD_CTLR */ 958 /* We rely here on the only non-zero bits being in byte 0 */ 959 if (s->security_extn && !attrs.secure) { 960 /* The NS bank of this register is just an alias of the 961 * EnableGrp1 bit in the S bank version. 962 */ 963 return extract32(s->ctlr, 1, 1); 964 } else { 965 return s->ctlr; 966 } 967 } 968 if (offset == 4) { 969 /* GICD_TYPER byte 0 */ 970 return ((s->num_irq / 32) - 1) | ((s->num_cpu - 1) << 5); 971 } 972 if (offset == 5) { 973 /* GICD_TYPER byte 1 */ 974 return (s->security_extn << 2); 975 } 976 if (offset == 8) { 977 /* GICD_IIDR byte 0 */ 978 return 0x3b; /* Arm JEP106 identity */ 979 } 980 if (offset == 9) { 981 /* GICD_IIDR byte 1 */ 982 return 0x04; /* Arm JEP106 identity */ 983 } 984 if (offset < 0x0c) { 985 /* All other bytes in this range are RAZ */ 986 return 0; 987 } 988 if (offset >= 0x80) { 989 /* Interrupt Group Registers: these RAZ/WI if this is an NS 990 * access to a GIC with the security extensions, or if the GIC 991 * doesn't have groups at all. 992 */ 993 res = 0; 994 if (!(s->security_extn && !attrs.secure) && gic_has_groups(s)) { 995 /* Every byte offset holds 8 group status bits */ 996 irq = (offset - 0x080) * 8; 997 if (irq >= s->num_irq) { 998 goto bad_reg; 999 } 1000 for (i = 0; i < 8; i++) { 1001 if (GIC_DIST_TEST_GROUP(irq + i, cm)) { 1002 res |= (1 << i); 1003 } 1004 } 1005 } 1006 return res; 1007 } 1008 goto bad_reg; 1009 } else if (offset < 0x200) { 1010 /* Interrupt Set/Clear Enable. */ 1011 if (offset < 0x180) 1012 irq = (offset - 0x100) * 8; 1013 else 1014 irq = (offset - 0x180) * 8; 1015 if (irq >= s->num_irq) 1016 goto bad_reg; 1017 res = 0; 1018 for (i = 0; i < 8; i++) { 1019 if (s->security_extn && !attrs.secure && 1020 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1021 continue; /* Ignore Non-secure access of Group0 IRQ */ 1022 } 1023 1024 if (GIC_DIST_TEST_ENABLED(irq + i, cm)) { 1025 res |= (1 << i); 1026 } 1027 } 1028 } else if (offset < 0x300) { 1029 /* Interrupt Set/Clear Pending. */ 1030 if (offset < 0x280) 1031 irq = (offset - 0x200) * 8; 1032 else 1033 irq = (offset - 0x280) * 8; 1034 if (irq >= s->num_irq) 1035 goto bad_reg; 1036 res = 0; 1037 mask = (irq < GIC_INTERNAL) ? cm : ALL_CPU_MASK; 1038 for (i = 0; i < 8; i++) { 1039 if (s->security_extn && !attrs.secure && 1040 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1041 continue; /* Ignore Non-secure access of Group0 IRQ */ 1042 } 1043 1044 if (gic_test_pending(s, irq + i, mask)) { 1045 res |= (1 << i); 1046 } 1047 } 1048 } else if (offset < 0x400) { 1049 /* Interrupt Set/Clear Active. */ 1050 if (offset < 0x380) { 1051 irq = (offset - 0x300) * 8; 1052 } else if (s->revision == 2) { 1053 irq = (offset - 0x380) * 8; 1054 } else { 1055 goto bad_reg; 1056 } 1057 1058 if (irq >= s->num_irq) 1059 goto bad_reg; 1060 res = 0; 1061 mask = (irq < GIC_INTERNAL) ? cm : ALL_CPU_MASK; 1062 for (i = 0; i < 8; i++) { 1063 if (s->security_extn && !attrs.secure && 1064 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1065 continue; /* Ignore Non-secure access of Group0 IRQ */ 1066 } 1067 1068 if (GIC_DIST_TEST_ACTIVE(irq + i, mask)) { 1069 res |= (1 << i); 1070 } 1071 } 1072 } else if (offset < 0x800) { 1073 /* Interrupt Priority. */ 1074 irq = (offset - 0x400); 1075 if (irq >= s->num_irq) 1076 goto bad_reg; 1077 res = gic_dist_get_priority(s, cpu, irq, attrs); 1078 } else if (offset < 0xc00) { 1079 /* Interrupt CPU Target. */ 1080 if (s->num_cpu == 1 && s->revision != REV_11MPCORE) { 1081 /* For uniprocessor GICs these RAZ/WI */ 1082 res = 0; 1083 } else { 1084 irq = (offset - 0x800); 1085 if (irq >= s->num_irq) { 1086 goto bad_reg; 1087 } 1088 if (irq < 29 && s->revision == REV_11MPCORE) { 1089 res = 0; 1090 } else if (irq < GIC_INTERNAL) { 1091 res = cm; 1092 } else { 1093 res = GIC_DIST_TARGET(irq); 1094 } 1095 } 1096 } else if (offset < 0xf00) { 1097 /* Interrupt Configuration. */ 1098 irq = (offset - 0xc00) * 4; 1099 if (irq >= s->num_irq) 1100 goto bad_reg; 1101 res = 0; 1102 for (i = 0; i < 4; i++) { 1103 if (s->security_extn && !attrs.secure && 1104 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1105 continue; /* Ignore Non-secure access of Group0 IRQ */ 1106 } 1107 1108 if (GIC_DIST_TEST_MODEL(irq + i)) { 1109 res |= (1 << (i * 2)); 1110 } 1111 if (GIC_DIST_TEST_EDGE_TRIGGER(irq + i)) { 1112 res |= (2 << (i * 2)); 1113 } 1114 } 1115 } else if (offset < 0xf10) { 1116 goto bad_reg; 1117 } else if (offset < 0xf30) { 1118 if (s->revision == REV_11MPCORE) { 1119 goto bad_reg; 1120 } 1121 1122 if (offset < 0xf20) { 1123 /* GICD_CPENDSGIRn */ 1124 irq = (offset - 0xf10); 1125 } else { 1126 irq = (offset - 0xf20); 1127 /* GICD_SPENDSGIRn */ 1128 } 1129 1130 if (s->security_extn && !attrs.secure && 1131 !GIC_DIST_TEST_GROUP(irq, 1 << cpu)) { 1132 res = 0; /* Ignore Non-secure access of Group0 IRQ */ 1133 } else { 1134 res = s->sgi_pending[irq][cpu]; 1135 } 1136 } else if (offset < 0xfd0) { 1137 goto bad_reg; 1138 } else if (offset < 0x1000) { 1139 if (offset & 3) { 1140 res = 0; 1141 } else { 1142 switch (s->revision) { 1143 case REV_11MPCORE: 1144 res = gic_id_11mpcore[(offset - 0xfd0) >> 2]; 1145 break; 1146 case 1: 1147 res = gic_id_gicv1[(offset - 0xfd0) >> 2]; 1148 break; 1149 case 2: 1150 res = gic_id_gicv2[(offset - 0xfd0) >> 2]; 1151 break; 1152 default: 1153 res = 0; 1154 } 1155 } 1156 } else { 1157 g_assert_not_reached(); 1158 } 1159 return res; 1160 bad_reg: 1161 qemu_log_mask(LOG_GUEST_ERROR, 1162 "gic_dist_readb: Bad offset %x\n", (int)offset); 1163 return 0; 1164 } 1165 1166 static MemTxResult gic_dist_read(void *opaque, hwaddr offset, uint64_t *data, 1167 unsigned size, MemTxAttrs attrs) 1168 { 1169 switch (size) { 1170 case 1: 1171 *data = gic_dist_readb(opaque, offset, attrs); 1172 break; 1173 case 2: 1174 *data = gic_dist_readb(opaque, offset, attrs); 1175 *data |= gic_dist_readb(opaque, offset + 1, attrs) << 8; 1176 break; 1177 case 4: 1178 *data = gic_dist_readb(opaque, offset, attrs); 1179 *data |= gic_dist_readb(opaque, offset + 1, attrs) << 8; 1180 *data |= gic_dist_readb(opaque, offset + 2, attrs) << 16; 1181 *data |= gic_dist_readb(opaque, offset + 3, attrs) << 24; 1182 break; 1183 default: 1184 return MEMTX_ERROR; 1185 } 1186 1187 trace_gic_dist_read(offset, size, *data); 1188 return MEMTX_OK; 1189 } 1190 1191 static void gic_dist_writeb(void *opaque, hwaddr offset, 1192 uint32_t value, MemTxAttrs attrs) 1193 { 1194 GICState *s = (GICState *)opaque; 1195 int irq; 1196 int i; 1197 int cpu; 1198 1199 cpu = gic_get_current_cpu(s); 1200 if (offset < 0x100) { 1201 if (offset == 0) { 1202 if (s->security_extn && !attrs.secure) { 1203 /* NS version is just an alias of the S version's bit 1 */ 1204 s->ctlr = deposit32(s->ctlr, 1, 1, value); 1205 } else if (gic_has_groups(s)) { 1206 s->ctlr = value & (GICD_CTLR_EN_GRP0 | GICD_CTLR_EN_GRP1); 1207 } else { 1208 s->ctlr = value & GICD_CTLR_EN_GRP0; 1209 } 1210 DPRINTF("Distributor: Group0 %sabled; Group 1 %sabled\n", 1211 s->ctlr & GICD_CTLR_EN_GRP0 ? "En" : "Dis", 1212 s->ctlr & GICD_CTLR_EN_GRP1 ? "En" : "Dis"); 1213 } else if (offset < 4) { 1214 /* ignored. */ 1215 } else if (offset >= 0x80) { 1216 /* Interrupt Group Registers: RAZ/WI for NS access to secure 1217 * GIC, or for GICs without groups. 1218 */ 1219 if (!(s->security_extn && !attrs.secure) && gic_has_groups(s)) { 1220 /* Every byte offset holds 8 group status bits */ 1221 irq = (offset - 0x80) * 8; 1222 if (irq >= s->num_irq) { 1223 goto bad_reg; 1224 } 1225 for (i = 0; i < 8; i++) { 1226 /* Group bits are banked for private interrupts */ 1227 int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK; 1228 if (value & (1 << i)) { 1229 /* Group1 (Non-secure) */ 1230 GIC_DIST_SET_GROUP(irq + i, cm); 1231 } else { 1232 /* Group0 (Secure) */ 1233 GIC_DIST_CLEAR_GROUP(irq + i, cm); 1234 } 1235 } 1236 } 1237 } else { 1238 goto bad_reg; 1239 } 1240 } else if (offset < 0x180) { 1241 /* Interrupt Set Enable. */ 1242 irq = (offset - 0x100) * 8; 1243 if (irq >= s->num_irq) 1244 goto bad_reg; 1245 if (irq < GIC_NR_SGIS) { 1246 value = 0xff; 1247 } 1248 1249 for (i = 0; i < 8; i++) { 1250 if (value & (1 << i)) { 1251 int mask = 1252 (irq < GIC_INTERNAL) ? (1 << cpu) 1253 : GIC_DIST_TARGET(irq + i); 1254 int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK; 1255 1256 if (s->security_extn && !attrs.secure && 1257 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1258 continue; /* Ignore Non-secure access of Group0 IRQ */ 1259 } 1260 1261 if (!GIC_DIST_TEST_ENABLED(irq + i, cm)) { 1262 DPRINTF("Enabled IRQ %d\n", irq + i); 1263 trace_gic_enable_irq(irq + i); 1264 } 1265 GIC_DIST_SET_ENABLED(irq + i, cm); 1266 /* 1267 * If a raised level triggered IRQ enabled then mark 1268 * it as pending on 11MPCore. For other GIC revisions we 1269 * handle the "level triggered and line asserted" check 1270 * at the other end in gic_test_pending(). 1271 */ 1272 if (s->revision == REV_11MPCORE 1273 && GIC_DIST_TEST_LEVEL(irq + i, mask) 1274 && !GIC_DIST_TEST_EDGE_TRIGGER(irq + i)) { 1275 DPRINTF("Set %d pending mask %x\n", irq + i, mask); 1276 GIC_DIST_SET_PENDING(irq + i, mask); 1277 } 1278 } 1279 } 1280 } else if (offset < 0x200) { 1281 /* Interrupt Clear Enable. */ 1282 irq = (offset - 0x180) * 8; 1283 if (irq >= s->num_irq) 1284 goto bad_reg; 1285 if (irq < GIC_NR_SGIS) { 1286 value = 0; 1287 } 1288 1289 for (i = 0; i < 8; i++) { 1290 if (value & (1 << i)) { 1291 int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK; 1292 1293 if (s->security_extn && !attrs.secure && 1294 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1295 continue; /* Ignore Non-secure access of Group0 IRQ */ 1296 } 1297 1298 if (GIC_DIST_TEST_ENABLED(irq + i, cm)) { 1299 DPRINTF("Disabled IRQ %d\n", irq + i); 1300 trace_gic_disable_irq(irq + i); 1301 } 1302 GIC_DIST_CLEAR_ENABLED(irq + i, cm); 1303 } 1304 } 1305 } else if (offset < 0x280) { 1306 /* Interrupt Set Pending. */ 1307 irq = (offset - 0x200) * 8; 1308 if (irq >= s->num_irq) 1309 goto bad_reg; 1310 if (irq < GIC_NR_SGIS) { 1311 value = 0; 1312 } 1313 1314 for (i = 0; i < 8; i++) { 1315 if (value & (1 << i)) { 1316 int mask = (irq < GIC_INTERNAL) ? (1 << cpu) 1317 : GIC_DIST_TARGET(irq + i); 1318 1319 if (s->security_extn && !attrs.secure && 1320 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1321 continue; /* Ignore Non-secure access of Group0 IRQ */ 1322 } 1323 1324 GIC_DIST_SET_PENDING(irq + i, mask); 1325 } 1326 } 1327 } else if (offset < 0x300) { 1328 /* Interrupt Clear Pending. */ 1329 irq = (offset - 0x280) * 8; 1330 if (irq >= s->num_irq) 1331 goto bad_reg; 1332 if (irq < GIC_NR_SGIS) { 1333 value = 0; 1334 } 1335 1336 for (i = 0; i < 8; i++) { 1337 if (s->security_extn && !attrs.secure && 1338 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1339 continue; /* Ignore Non-secure access of Group0 IRQ */ 1340 } 1341 1342 /* ??? This currently clears the pending bit for all CPUs, even 1343 for per-CPU interrupts. It's unclear whether this is the 1344 correct behavior. */ 1345 if (value & (1 << i)) { 1346 GIC_DIST_CLEAR_PENDING(irq + i, ALL_CPU_MASK); 1347 } 1348 } 1349 } else if (offset < 0x380) { 1350 /* Interrupt Set Active. */ 1351 if (s->revision != 2) { 1352 goto bad_reg; 1353 } 1354 1355 irq = (offset - 0x300) * 8; 1356 if (irq >= s->num_irq) { 1357 goto bad_reg; 1358 } 1359 1360 /* This register is banked per-cpu for PPIs */ 1361 int cm = irq < GIC_INTERNAL ? (1 << cpu) : ALL_CPU_MASK; 1362 1363 for (i = 0; i < 8; i++) { 1364 if (s->security_extn && !attrs.secure && 1365 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1366 continue; /* Ignore Non-secure access of Group0 IRQ */ 1367 } 1368 1369 if (value & (1 << i)) { 1370 GIC_DIST_SET_ACTIVE(irq + i, cm); 1371 } 1372 } 1373 } else if (offset < 0x400) { 1374 /* Interrupt Clear Active. */ 1375 if (s->revision != 2) { 1376 goto bad_reg; 1377 } 1378 1379 irq = (offset - 0x380) * 8; 1380 if (irq >= s->num_irq) { 1381 goto bad_reg; 1382 } 1383 1384 /* This register is banked per-cpu for PPIs */ 1385 int cm = irq < GIC_INTERNAL ? (1 << cpu) : ALL_CPU_MASK; 1386 1387 for (i = 0; i < 8; i++) { 1388 if (s->security_extn && !attrs.secure && 1389 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1390 continue; /* Ignore Non-secure access of Group0 IRQ */ 1391 } 1392 1393 if (value & (1 << i)) { 1394 GIC_DIST_CLEAR_ACTIVE(irq + i, cm); 1395 } 1396 } 1397 } else if (offset < 0x800) { 1398 /* Interrupt Priority. */ 1399 irq = (offset - 0x400); 1400 if (irq >= s->num_irq) 1401 goto bad_reg; 1402 gic_dist_set_priority(s, cpu, irq, value, attrs); 1403 } else if (offset < 0xc00) { 1404 /* Interrupt CPU Target. RAZ/WI on uniprocessor GICs, with the 1405 * annoying exception of the 11MPCore's GIC. 1406 */ 1407 if (s->num_cpu != 1 || s->revision == REV_11MPCORE) { 1408 irq = (offset - 0x800); 1409 if (irq >= s->num_irq) { 1410 goto bad_reg; 1411 } 1412 if (irq < 29 && s->revision == REV_11MPCORE) { 1413 value = 0; 1414 } else if (irq < GIC_INTERNAL) { 1415 value = ALL_CPU_MASK; 1416 } 1417 s->irq_target[irq] = value & ALL_CPU_MASK; 1418 if (irq >= GIC_INTERNAL && s->irq_state[irq].pending) { 1419 /* 1420 * Changing the target of an interrupt that is currently 1421 * pending updates the set of CPUs it is pending on. 1422 */ 1423 s->irq_state[irq].pending = value & ALL_CPU_MASK; 1424 } 1425 } 1426 } else if (offset < 0xf00) { 1427 /* Interrupt Configuration. */ 1428 irq = (offset - 0xc00) * 4; 1429 if (irq >= s->num_irq) 1430 goto bad_reg; 1431 if (irq < GIC_NR_SGIS) 1432 value |= 0xaa; 1433 for (i = 0; i < 4; i++) { 1434 if (s->security_extn && !attrs.secure && 1435 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1436 continue; /* Ignore Non-secure access of Group0 IRQ */ 1437 } 1438 1439 if (s->revision == REV_11MPCORE) { 1440 if (value & (1 << (i * 2))) { 1441 GIC_DIST_SET_MODEL(irq + i); 1442 } else { 1443 GIC_DIST_CLEAR_MODEL(irq + i); 1444 } 1445 } 1446 if (value & (2 << (i * 2))) { 1447 GIC_DIST_SET_EDGE_TRIGGER(irq + i); 1448 } else { 1449 GIC_DIST_CLEAR_EDGE_TRIGGER(irq + i); 1450 } 1451 } 1452 } else if (offset < 0xf10) { 1453 /* 0xf00 is only handled for 32-bit writes. */ 1454 goto bad_reg; 1455 } else if (offset < 0xf20) { 1456 /* GICD_CPENDSGIRn */ 1457 if (s->revision == REV_11MPCORE) { 1458 goto bad_reg; 1459 } 1460 irq = (offset - 0xf10); 1461 1462 if (!s->security_extn || attrs.secure || 1463 GIC_DIST_TEST_GROUP(irq, 1 << cpu)) { 1464 s->sgi_pending[irq][cpu] &= ~value; 1465 if (s->sgi_pending[irq][cpu] == 0) { 1466 GIC_DIST_CLEAR_PENDING(irq, 1 << cpu); 1467 } 1468 } 1469 } else if (offset < 0xf30) { 1470 /* GICD_SPENDSGIRn */ 1471 if (s->revision == REV_11MPCORE) { 1472 goto bad_reg; 1473 } 1474 irq = (offset - 0xf20); 1475 1476 if (!s->security_extn || attrs.secure || 1477 GIC_DIST_TEST_GROUP(irq, 1 << cpu)) { 1478 GIC_DIST_SET_PENDING(irq, 1 << cpu); 1479 s->sgi_pending[irq][cpu] |= value; 1480 } 1481 } else { 1482 goto bad_reg; 1483 } 1484 gic_update(s); 1485 return; 1486 bad_reg: 1487 qemu_log_mask(LOG_GUEST_ERROR, 1488 "gic_dist_writeb: Bad offset %x\n", (int)offset); 1489 } 1490 1491 static void gic_dist_writew(void *opaque, hwaddr offset, 1492 uint32_t value, MemTxAttrs attrs) 1493 { 1494 gic_dist_writeb(opaque, offset, value & 0xff, attrs); 1495 gic_dist_writeb(opaque, offset + 1, value >> 8, attrs); 1496 } 1497 1498 static void gic_dist_writel(void *opaque, hwaddr offset, 1499 uint32_t value, MemTxAttrs attrs) 1500 { 1501 GICState *s = (GICState *)opaque; 1502 if (offset == 0xf00) { 1503 int cpu; 1504 int irq; 1505 int mask; 1506 int target_cpu; 1507 1508 cpu = gic_get_current_cpu(s); 1509 irq = value & 0xf; 1510 switch ((value >> 24) & 3) { 1511 case 0: 1512 mask = (value >> 16) & ALL_CPU_MASK; 1513 break; 1514 case 1: 1515 mask = ALL_CPU_MASK ^ (1 << cpu); 1516 break; 1517 case 2: 1518 mask = 1 << cpu; 1519 break; 1520 default: 1521 DPRINTF("Bad Soft Int target filter\n"); 1522 mask = ALL_CPU_MASK; 1523 break; 1524 } 1525 GIC_DIST_SET_PENDING(irq, mask); 1526 target_cpu = ctz32(mask); 1527 while (target_cpu < GIC_NCPU) { 1528 s->sgi_pending[irq][target_cpu] |= (1 << cpu); 1529 mask &= ~(1 << target_cpu); 1530 target_cpu = ctz32(mask); 1531 } 1532 gic_update(s); 1533 return; 1534 } 1535 gic_dist_writew(opaque, offset, value & 0xffff, attrs); 1536 gic_dist_writew(opaque, offset + 2, value >> 16, attrs); 1537 } 1538 1539 static MemTxResult gic_dist_write(void *opaque, hwaddr offset, uint64_t data, 1540 unsigned size, MemTxAttrs attrs) 1541 { 1542 trace_gic_dist_write(offset, size, data); 1543 1544 switch (size) { 1545 case 1: 1546 gic_dist_writeb(opaque, offset, data, attrs); 1547 return MEMTX_OK; 1548 case 2: 1549 gic_dist_writew(opaque, offset, data, attrs); 1550 return MEMTX_OK; 1551 case 4: 1552 gic_dist_writel(opaque, offset, data, attrs); 1553 return MEMTX_OK; 1554 default: 1555 return MEMTX_ERROR; 1556 } 1557 } 1558 1559 static inline uint32_t gic_apr_ns_view(GICState *s, int cpu, int regno) 1560 { 1561 /* Return the Nonsecure view of GICC_APR<regno>. This is the 1562 * second half of GICC_NSAPR. 1563 */ 1564 switch (GIC_MIN_BPR) { 1565 case 0: 1566 if (regno < 2) { 1567 return s->nsapr[regno + 2][cpu]; 1568 } 1569 break; 1570 case 1: 1571 if (regno == 0) { 1572 return s->nsapr[regno + 1][cpu]; 1573 } 1574 break; 1575 case 2: 1576 if (regno == 0) { 1577 return extract32(s->nsapr[0][cpu], 16, 16); 1578 } 1579 break; 1580 case 3: 1581 if (regno == 0) { 1582 return extract32(s->nsapr[0][cpu], 8, 8); 1583 } 1584 break; 1585 default: 1586 g_assert_not_reached(); 1587 } 1588 return 0; 1589 } 1590 1591 static inline void gic_apr_write_ns_view(GICState *s, int cpu, int regno, 1592 uint32_t value) 1593 { 1594 /* Write the Nonsecure view of GICC_APR<regno>. */ 1595 switch (GIC_MIN_BPR) { 1596 case 0: 1597 if (regno < 2) { 1598 s->nsapr[regno + 2][cpu] = value; 1599 } 1600 break; 1601 case 1: 1602 if (regno == 0) { 1603 s->nsapr[regno + 1][cpu] = value; 1604 } 1605 break; 1606 case 2: 1607 if (regno == 0) { 1608 s->nsapr[0][cpu] = deposit32(s->nsapr[0][cpu], 16, 16, value); 1609 } 1610 break; 1611 case 3: 1612 if (regno == 0) { 1613 s->nsapr[0][cpu] = deposit32(s->nsapr[0][cpu], 8, 8, value); 1614 } 1615 break; 1616 default: 1617 g_assert_not_reached(); 1618 } 1619 } 1620 1621 static MemTxResult gic_cpu_read(GICState *s, int cpu, int offset, 1622 uint64_t *data, MemTxAttrs attrs) 1623 { 1624 switch (offset) { 1625 case 0x00: /* Control */ 1626 *data = gic_get_cpu_control(s, cpu, attrs); 1627 break; 1628 case 0x04: /* Priority mask */ 1629 *data = gic_get_priority_mask(s, cpu, attrs); 1630 break; 1631 case 0x08: /* Binary Point */ 1632 if (gic_cpu_ns_access(s, cpu, attrs)) { 1633 if (s->cpu_ctlr[cpu] & GICC_CTLR_CBPR) { 1634 /* NS view of BPR when CBPR is 1 */ 1635 *data = MIN(s->bpr[cpu] + 1, 7); 1636 } else { 1637 /* BPR is banked. Non-secure copy stored in ABPR. */ 1638 *data = s->abpr[cpu]; 1639 } 1640 } else { 1641 *data = s->bpr[cpu]; 1642 } 1643 break; 1644 case 0x0c: /* Acknowledge */ 1645 *data = gic_acknowledge_irq(s, cpu, attrs); 1646 break; 1647 case 0x14: /* Running Priority */ 1648 *data = gic_get_running_priority(s, cpu, attrs); 1649 break; 1650 case 0x18: /* Highest Pending Interrupt */ 1651 *data = gic_get_current_pending_irq(s, cpu, attrs); 1652 break; 1653 case 0x1c: /* Aliased Binary Point */ 1654 /* GIC v2, no security: ABPR 1655 * GIC v1, no security: not implemented (RAZ/WI) 1656 * With security extensions, secure access: ABPR (alias of NS BPR) 1657 * With security extensions, nonsecure access: RAZ/WI 1658 */ 1659 if (!gic_has_groups(s) || (gic_cpu_ns_access(s, cpu, attrs))) { 1660 *data = 0; 1661 } else { 1662 *data = s->abpr[cpu]; 1663 } 1664 break; 1665 case 0xd0: case 0xd4: case 0xd8: case 0xdc: 1666 { 1667 int regno = (offset - 0xd0) / 4; 1668 int nr_aprs = gic_is_vcpu(cpu) ? GIC_VIRT_NR_APRS : GIC_NR_APRS; 1669 1670 if (regno >= nr_aprs || s->revision != 2) { 1671 *data = 0; 1672 } else if (gic_is_vcpu(cpu)) { 1673 *data = s->h_apr[gic_get_vcpu_real_id(cpu)]; 1674 } else if (gic_cpu_ns_access(s, cpu, attrs)) { 1675 /* NS view of GICC_APR<n> is the top half of GIC_NSAPR<n> */ 1676 *data = gic_apr_ns_view(s, cpu, regno); 1677 } else { 1678 *data = s->apr[regno][cpu]; 1679 } 1680 break; 1681 } 1682 case 0xe0: case 0xe4: case 0xe8: case 0xec: 1683 { 1684 int regno = (offset - 0xe0) / 4; 1685 1686 if (regno >= GIC_NR_APRS || s->revision != 2 || !gic_has_groups(s) || 1687 gic_cpu_ns_access(s, cpu, attrs) || gic_is_vcpu(cpu)) { 1688 *data = 0; 1689 } else { 1690 *data = s->nsapr[regno][cpu]; 1691 } 1692 break; 1693 } 1694 case 0xfc: 1695 if (s->revision == REV_11MPCORE) { 1696 /* Reserved on 11MPCore */ 1697 *data = 0; 1698 } else { 1699 /* GICv1 or v2; Arm implementation */ 1700 *data = (s->revision << 16) | 0x43b; 1701 } 1702 break; 1703 default: 1704 qemu_log_mask(LOG_GUEST_ERROR, 1705 "gic_cpu_read: Bad offset %x\n", (int)offset); 1706 *data = 0; 1707 break; 1708 } 1709 1710 trace_gic_cpu_read(gic_is_vcpu(cpu) ? "vcpu" : "cpu", 1711 gic_get_vcpu_real_id(cpu), offset, *data); 1712 return MEMTX_OK; 1713 } 1714 1715 static MemTxResult gic_cpu_write(GICState *s, int cpu, int offset, 1716 uint32_t value, MemTxAttrs attrs) 1717 { 1718 trace_gic_cpu_write(gic_is_vcpu(cpu) ? "vcpu" : "cpu", 1719 gic_get_vcpu_real_id(cpu), offset, value); 1720 1721 switch (offset) { 1722 case 0x00: /* Control */ 1723 gic_set_cpu_control(s, cpu, value, attrs); 1724 break; 1725 case 0x04: /* Priority mask */ 1726 gic_set_priority_mask(s, cpu, value, attrs); 1727 break; 1728 case 0x08: /* Binary Point */ 1729 if (gic_cpu_ns_access(s, cpu, attrs)) { 1730 if (s->cpu_ctlr[cpu] & GICC_CTLR_CBPR) { 1731 /* WI when CBPR is 1 */ 1732 return MEMTX_OK; 1733 } else { 1734 s->abpr[cpu] = MAX(value & 0x7, GIC_MIN_ABPR); 1735 } 1736 } else { 1737 int min_bpr = gic_is_vcpu(cpu) ? GIC_VIRT_MIN_BPR : GIC_MIN_BPR; 1738 s->bpr[cpu] = MAX(value & 0x7, min_bpr); 1739 } 1740 break; 1741 case 0x10: /* End Of Interrupt */ 1742 gic_complete_irq(s, cpu, value & 0x3ff, attrs); 1743 return MEMTX_OK; 1744 case 0x1c: /* Aliased Binary Point */ 1745 if (!gic_has_groups(s) || (gic_cpu_ns_access(s, cpu, attrs))) { 1746 /* unimplemented, or NS access: RAZ/WI */ 1747 return MEMTX_OK; 1748 } else { 1749 s->abpr[cpu] = MAX(value & 0x7, GIC_MIN_ABPR); 1750 } 1751 break; 1752 case 0xd0: case 0xd4: case 0xd8: case 0xdc: 1753 { 1754 int regno = (offset - 0xd0) / 4; 1755 int nr_aprs = gic_is_vcpu(cpu) ? GIC_VIRT_NR_APRS : GIC_NR_APRS; 1756 1757 if (regno >= nr_aprs || s->revision != 2) { 1758 return MEMTX_OK; 1759 } 1760 if (gic_is_vcpu(cpu)) { 1761 s->h_apr[gic_get_vcpu_real_id(cpu)] = value; 1762 } else if (gic_cpu_ns_access(s, cpu, attrs)) { 1763 /* NS view of GICC_APR<n> is the top half of GIC_NSAPR<n> */ 1764 gic_apr_write_ns_view(s, cpu, regno, value); 1765 } else { 1766 s->apr[regno][cpu] = value; 1767 } 1768 s->running_priority[cpu] = gic_get_prio_from_apr_bits(s, cpu); 1769 break; 1770 } 1771 case 0xe0: case 0xe4: case 0xe8: case 0xec: 1772 { 1773 int regno = (offset - 0xe0) / 4; 1774 1775 if (regno >= GIC_NR_APRS || s->revision != 2) { 1776 return MEMTX_OK; 1777 } 1778 if (gic_is_vcpu(cpu)) { 1779 return MEMTX_OK; 1780 } 1781 if (!gic_has_groups(s) || (gic_cpu_ns_access(s, cpu, attrs))) { 1782 return MEMTX_OK; 1783 } 1784 s->nsapr[regno][cpu] = value; 1785 s->running_priority[cpu] = gic_get_prio_from_apr_bits(s, cpu); 1786 break; 1787 } 1788 case 0x1000: 1789 /* GICC_DIR */ 1790 gic_deactivate_irq(s, cpu, value & 0x3ff, attrs); 1791 break; 1792 default: 1793 qemu_log_mask(LOG_GUEST_ERROR, 1794 "gic_cpu_write: Bad offset %x\n", (int)offset); 1795 return MEMTX_OK; 1796 } 1797 1798 if (gic_is_vcpu(cpu)) { 1799 gic_update_virt(s); 1800 } else { 1801 gic_update(s); 1802 } 1803 1804 return MEMTX_OK; 1805 } 1806 1807 /* Wrappers to read/write the GIC CPU interface for the current CPU */ 1808 static MemTxResult gic_thiscpu_read(void *opaque, hwaddr addr, uint64_t *data, 1809 unsigned size, MemTxAttrs attrs) 1810 { 1811 GICState *s = (GICState *)opaque; 1812 return gic_cpu_read(s, gic_get_current_cpu(s), addr, data, attrs); 1813 } 1814 1815 static MemTxResult gic_thiscpu_write(void *opaque, hwaddr addr, 1816 uint64_t value, unsigned size, 1817 MemTxAttrs attrs) 1818 { 1819 GICState *s = (GICState *)opaque; 1820 return gic_cpu_write(s, gic_get_current_cpu(s), addr, value, attrs); 1821 } 1822 1823 /* Wrappers to read/write the GIC CPU interface for a specific CPU. 1824 * These just decode the opaque pointer into GICState* + cpu id. 1825 */ 1826 static MemTxResult gic_do_cpu_read(void *opaque, hwaddr addr, uint64_t *data, 1827 unsigned size, MemTxAttrs attrs) 1828 { 1829 GICState **backref = (GICState **)opaque; 1830 GICState *s = *backref; 1831 int id = (backref - s->backref); 1832 return gic_cpu_read(s, id, addr, data, attrs); 1833 } 1834 1835 static MemTxResult gic_do_cpu_write(void *opaque, hwaddr addr, 1836 uint64_t value, unsigned size, 1837 MemTxAttrs attrs) 1838 { 1839 GICState **backref = (GICState **)opaque; 1840 GICState *s = *backref; 1841 int id = (backref - s->backref); 1842 return gic_cpu_write(s, id, addr, value, attrs); 1843 } 1844 1845 static MemTxResult gic_thisvcpu_read(void *opaque, hwaddr addr, uint64_t *data, 1846 unsigned size, MemTxAttrs attrs) 1847 { 1848 GICState *s = (GICState *)opaque; 1849 1850 return gic_cpu_read(s, gic_get_current_vcpu(s), addr, data, attrs); 1851 } 1852 1853 static MemTxResult gic_thisvcpu_write(void *opaque, hwaddr addr, 1854 uint64_t value, unsigned size, 1855 MemTxAttrs attrs) 1856 { 1857 GICState *s = (GICState *)opaque; 1858 1859 return gic_cpu_write(s, gic_get_current_vcpu(s), addr, value, attrs); 1860 } 1861 1862 static uint32_t gic_compute_eisr(GICState *s, int cpu, int lr_start) 1863 { 1864 int lr_idx; 1865 uint32_t ret = 0; 1866 1867 for (lr_idx = lr_start; lr_idx < s->num_lrs; lr_idx++) { 1868 uint32_t *entry = &s->h_lr[lr_idx][cpu]; 1869 ret = deposit32(ret, lr_idx - lr_start, 1, 1870 gic_lr_entry_is_eoi(*entry)); 1871 } 1872 1873 return ret; 1874 } 1875 1876 static uint32_t gic_compute_elrsr(GICState *s, int cpu, int lr_start) 1877 { 1878 int lr_idx; 1879 uint32_t ret = 0; 1880 1881 for (lr_idx = lr_start; lr_idx < s->num_lrs; lr_idx++) { 1882 uint32_t *entry = &s->h_lr[lr_idx][cpu]; 1883 ret = deposit32(ret, lr_idx - lr_start, 1, 1884 gic_lr_entry_is_free(*entry)); 1885 } 1886 1887 return ret; 1888 } 1889 1890 static void gic_vmcr_write(GICState *s, uint32_t value, MemTxAttrs attrs) 1891 { 1892 int vcpu = gic_get_current_vcpu(s); 1893 uint32_t ctlr; 1894 uint32_t abpr; 1895 uint32_t bpr; 1896 uint32_t prio_mask; 1897 1898 ctlr = FIELD_EX32(value, GICH_VMCR, VMCCtlr); 1899 abpr = FIELD_EX32(value, GICH_VMCR, VMABP); 1900 bpr = FIELD_EX32(value, GICH_VMCR, VMBP); 1901 prio_mask = FIELD_EX32(value, GICH_VMCR, VMPriMask) << 3; 1902 1903 gic_set_cpu_control(s, vcpu, ctlr, attrs); 1904 s->abpr[vcpu] = MAX(abpr, GIC_VIRT_MIN_ABPR); 1905 s->bpr[vcpu] = MAX(bpr, GIC_VIRT_MIN_BPR); 1906 gic_set_priority_mask(s, vcpu, prio_mask, attrs); 1907 } 1908 1909 static MemTxResult gic_hyp_read(void *opaque, int cpu, hwaddr addr, 1910 uint64_t *data, MemTxAttrs attrs) 1911 { 1912 GICState *s = ARM_GIC(opaque); 1913 int vcpu = cpu + GIC_NCPU; 1914 1915 switch (addr) { 1916 case A_GICH_HCR: /* Hypervisor Control */ 1917 *data = s->h_hcr[cpu]; 1918 break; 1919 1920 case A_GICH_VTR: /* VGIC Type */ 1921 *data = FIELD_DP32(0, GICH_VTR, ListRegs, s->num_lrs - 1); 1922 *data = FIELD_DP32(*data, GICH_VTR, PREbits, 1923 GIC_VIRT_MAX_GROUP_PRIO_BITS - 1); 1924 *data = FIELD_DP32(*data, GICH_VTR, PRIbits, 1925 (7 - GIC_VIRT_MIN_BPR) - 1); 1926 break; 1927 1928 case A_GICH_VMCR: /* Virtual Machine Control */ 1929 *data = FIELD_DP32(0, GICH_VMCR, VMCCtlr, 1930 extract32(s->cpu_ctlr[vcpu], 0, 10)); 1931 *data = FIELD_DP32(*data, GICH_VMCR, VMABP, s->abpr[vcpu]); 1932 *data = FIELD_DP32(*data, GICH_VMCR, VMBP, s->bpr[vcpu]); 1933 *data = FIELD_DP32(*data, GICH_VMCR, VMPriMask, 1934 extract32(s->priority_mask[vcpu], 3, 5)); 1935 break; 1936 1937 case A_GICH_MISR: /* Maintenance Interrupt Status */ 1938 *data = s->h_misr[cpu]; 1939 break; 1940 1941 case A_GICH_EISR0: /* End of Interrupt Status 0 and 1 */ 1942 case A_GICH_EISR1: 1943 *data = gic_compute_eisr(s, cpu, (addr - A_GICH_EISR0) * 8); 1944 break; 1945 1946 case A_GICH_ELRSR0: /* Empty List Status 0 and 1 */ 1947 case A_GICH_ELRSR1: 1948 *data = gic_compute_elrsr(s, cpu, (addr - A_GICH_ELRSR0) * 8); 1949 break; 1950 1951 case A_GICH_APR: /* Active Priorities */ 1952 *data = s->h_apr[cpu]; 1953 break; 1954 1955 case A_GICH_LR0 ... A_GICH_LR63: /* List Registers */ 1956 { 1957 int lr_idx = (addr - A_GICH_LR0) / 4; 1958 1959 if (lr_idx > s->num_lrs) { 1960 *data = 0; 1961 } else { 1962 *data = s->h_lr[lr_idx][cpu]; 1963 } 1964 break; 1965 } 1966 1967 default: 1968 qemu_log_mask(LOG_GUEST_ERROR, 1969 "gic_hyp_read: Bad offset %" HWADDR_PRIx "\n", addr); 1970 return MEMTX_OK; 1971 } 1972 1973 trace_gic_hyp_read(addr, *data); 1974 return MEMTX_OK; 1975 } 1976 1977 static MemTxResult gic_hyp_write(void *opaque, int cpu, hwaddr addr, 1978 uint64_t value, MemTxAttrs attrs) 1979 { 1980 GICState *s = ARM_GIC(opaque); 1981 int vcpu = cpu + GIC_NCPU; 1982 1983 trace_gic_hyp_write(addr, value); 1984 1985 switch (addr) { 1986 case A_GICH_HCR: /* Hypervisor Control */ 1987 s->h_hcr[cpu] = value & GICH_HCR_MASK; 1988 break; 1989 1990 case A_GICH_VMCR: /* Virtual Machine Control */ 1991 gic_vmcr_write(s, value, attrs); 1992 break; 1993 1994 case A_GICH_APR: /* Active Priorities */ 1995 s->h_apr[cpu] = value; 1996 s->running_priority[vcpu] = gic_get_prio_from_apr_bits(s, vcpu); 1997 break; 1998 1999 case A_GICH_LR0 ... A_GICH_LR63: /* List Registers */ 2000 { 2001 int lr_idx = (addr - A_GICH_LR0) / 4; 2002 2003 if (lr_idx > s->num_lrs) { 2004 return MEMTX_OK; 2005 } 2006 2007 s->h_lr[lr_idx][cpu] = value & GICH_LR_MASK; 2008 trace_gic_lr_entry(cpu, lr_idx, s->h_lr[lr_idx][cpu]); 2009 break; 2010 } 2011 2012 default: 2013 qemu_log_mask(LOG_GUEST_ERROR, 2014 "gic_hyp_write: Bad offset %" HWADDR_PRIx "\n", addr); 2015 return MEMTX_OK; 2016 } 2017 2018 gic_update_virt(s); 2019 return MEMTX_OK; 2020 } 2021 2022 static MemTxResult gic_thiscpu_hyp_read(void *opaque, hwaddr addr, uint64_t *data, 2023 unsigned size, MemTxAttrs attrs) 2024 { 2025 GICState *s = (GICState *)opaque; 2026 2027 return gic_hyp_read(s, gic_get_current_cpu(s), addr, data, attrs); 2028 } 2029 2030 static MemTxResult gic_thiscpu_hyp_write(void *opaque, hwaddr addr, 2031 uint64_t value, unsigned size, 2032 MemTxAttrs attrs) 2033 { 2034 GICState *s = (GICState *)opaque; 2035 2036 return gic_hyp_write(s, gic_get_current_cpu(s), addr, value, attrs); 2037 } 2038 2039 static MemTxResult gic_do_hyp_read(void *opaque, hwaddr addr, uint64_t *data, 2040 unsigned size, MemTxAttrs attrs) 2041 { 2042 GICState **backref = (GICState **)opaque; 2043 GICState *s = *backref; 2044 int id = (backref - s->backref); 2045 2046 return gic_hyp_read(s, id, addr, data, attrs); 2047 } 2048 2049 static MemTxResult gic_do_hyp_write(void *opaque, hwaddr addr, 2050 uint64_t value, unsigned size, 2051 MemTxAttrs attrs) 2052 { 2053 GICState **backref = (GICState **)opaque; 2054 GICState *s = *backref; 2055 int id = (backref - s->backref); 2056 2057 return gic_hyp_write(s, id + GIC_NCPU, addr, value, attrs); 2058 2059 } 2060 2061 static const MemoryRegionOps gic_ops[2] = { 2062 { 2063 .read_with_attrs = gic_dist_read, 2064 .write_with_attrs = gic_dist_write, 2065 .endianness = DEVICE_NATIVE_ENDIAN, 2066 }, 2067 { 2068 .read_with_attrs = gic_thiscpu_read, 2069 .write_with_attrs = gic_thiscpu_write, 2070 .endianness = DEVICE_NATIVE_ENDIAN, 2071 } 2072 }; 2073 2074 static const MemoryRegionOps gic_cpu_ops = { 2075 .read_with_attrs = gic_do_cpu_read, 2076 .write_with_attrs = gic_do_cpu_write, 2077 .endianness = DEVICE_NATIVE_ENDIAN, 2078 }; 2079 2080 static const MemoryRegionOps gic_virt_ops[2] = { 2081 { 2082 .read_with_attrs = gic_thiscpu_hyp_read, 2083 .write_with_attrs = gic_thiscpu_hyp_write, 2084 .endianness = DEVICE_NATIVE_ENDIAN, 2085 }, 2086 { 2087 .read_with_attrs = gic_thisvcpu_read, 2088 .write_with_attrs = gic_thisvcpu_write, 2089 .endianness = DEVICE_NATIVE_ENDIAN, 2090 } 2091 }; 2092 2093 static const MemoryRegionOps gic_viface_ops = { 2094 .read_with_attrs = gic_do_hyp_read, 2095 .write_with_attrs = gic_do_hyp_write, 2096 .endianness = DEVICE_NATIVE_ENDIAN, 2097 }; 2098 2099 static void arm_gic_realize(DeviceState *dev, Error **errp) 2100 { 2101 /* Device instance realize function for the GIC sysbus device */ 2102 int i; 2103 GICState *s = ARM_GIC(dev); 2104 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 2105 ARMGICClass *agc = ARM_GIC_GET_CLASS(s); 2106 Error *local_err = NULL; 2107 2108 agc->parent_realize(dev, &local_err); 2109 if (local_err) { 2110 error_propagate(errp, local_err); 2111 return; 2112 } 2113 2114 if (kvm_enabled() && !kvm_arm_supports_user_irq()) { 2115 error_setg(errp, "KVM with user space irqchip only works when the " 2116 "host kernel supports KVM_CAP_ARM_USER_IRQ"); 2117 return; 2118 } 2119 2120 if (s->n_prio_bits > GIC_MAX_PRIORITY_BITS || 2121 (s->virt_extn ? s->n_prio_bits < GIC_VIRT_MAX_GROUP_PRIO_BITS : 2122 s->n_prio_bits < GIC_MIN_PRIORITY_BITS)) { 2123 error_setg(errp, "num-priority-bits cannot be greater than %d" 2124 " or less than %d", GIC_MAX_PRIORITY_BITS, 2125 s->virt_extn ? GIC_VIRT_MAX_GROUP_PRIO_BITS : 2126 GIC_MIN_PRIORITY_BITS); 2127 return; 2128 } 2129 2130 /* This creates distributor, main CPU interface (s->cpuiomem[0]) and if 2131 * enabled, virtualization extensions related interfaces (main virtual 2132 * interface (s->vifaceiomem[0]) and virtual CPU interface). 2133 */ 2134 gic_init_irqs_and_mmio(s, gic_set_irq, gic_ops, gic_virt_ops); 2135 2136 /* Extra core-specific regions for the CPU interfaces. This is 2137 * necessary for "franken-GIC" implementations, for example on 2138 * Exynos 4. 2139 * NB that the memory region size of 0x100 applies for the 11MPCore 2140 * and also cores following the GIC v1 spec (ie A9). 2141 * GIC v2 defines a larger memory region (0x1000) so this will need 2142 * to be extended when we implement A15. 2143 */ 2144 for (i = 0; i < s->num_cpu; i++) { 2145 s->backref[i] = s; 2146 memory_region_init_io(&s->cpuiomem[i+1], OBJECT(s), &gic_cpu_ops, 2147 &s->backref[i], "gic_cpu", 0x100); 2148 sysbus_init_mmio(sbd, &s->cpuiomem[i+1]); 2149 } 2150 2151 /* Extra core-specific regions for virtual interfaces. This is required by 2152 * the GICv2 specification. 2153 */ 2154 if (s->virt_extn) { 2155 for (i = 0; i < s->num_cpu; i++) { 2156 memory_region_init_io(&s->vifaceiomem[i + 1], OBJECT(s), 2157 &gic_viface_ops, &s->backref[i], 2158 "gic_viface", 0x200); 2159 sysbus_init_mmio(sbd, &s->vifaceiomem[i + 1]); 2160 } 2161 } 2162 2163 } 2164 2165 static void arm_gic_class_init(ObjectClass *klass, void *data) 2166 { 2167 DeviceClass *dc = DEVICE_CLASS(klass); 2168 ARMGICClass *agc = ARM_GIC_CLASS(klass); 2169 2170 device_class_set_parent_realize(dc, arm_gic_realize, &agc->parent_realize); 2171 } 2172 2173 static const TypeInfo arm_gic_info = { 2174 .name = TYPE_ARM_GIC, 2175 .parent = TYPE_ARM_GIC_COMMON, 2176 .instance_size = sizeof(GICState), 2177 .class_init = arm_gic_class_init, 2178 .class_size = sizeof(ARMGICClass), 2179 }; 2180 2181 static void arm_gic_register_types(void) 2182 { 2183 type_register_static(&arm_gic_info); 2184 } 2185 2186 type_init(arm_gic_register_types) 2187