1 /* 2 * ARM Generic/Distributed Interrupt Controller 3 * 4 * Copyright (c) 2006-2007 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the GPL. 8 */ 9 10 /* This file contains implementation code for the RealView EB interrupt 11 * controller, MPCore distributed interrupt controller and ARMv7-M 12 * Nested Vectored Interrupt Controller. 13 * It is compiled in two ways: 14 * (1) as a standalone file to produce a sysbus device which is a GIC 15 * that can be used on the realview board and as one of the builtin 16 * private peripherals for the ARM MP CPUs (11MPCore, A9, etc) 17 * (2) by being directly #included into armv7m_nvic.c to produce the 18 * armv7m_nvic device. 19 */ 20 21 #include "qemu/osdep.h" 22 #include "hw/irq.h" 23 #include "hw/sysbus.h" 24 #include "gic_internal.h" 25 #include "qapi/error.h" 26 #include "hw/core/cpu.h" 27 #include "qemu/log.h" 28 #include "qemu/module.h" 29 #include "trace.h" 30 #include "sysemu/kvm.h" 31 #include "sysemu/qtest.h" 32 33 /* #define DEBUG_GIC */ 34 35 #ifdef DEBUG_GIC 36 #define DEBUG_GIC_GATE 1 37 #else 38 #define DEBUG_GIC_GATE 0 39 #endif 40 41 #define DPRINTF(fmt, ...) do { \ 42 if (DEBUG_GIC_GATE) { \ 43 fprintf(stderr, "%s: " fmt, __func__, ## __VA_ARGS__); \ 44 } \ 45 } while (0) 46 47 static const uint8_t gic_id_11mpcore[] = { 48 0x00, 0x00, 0x00, 0x00, 0x90, 0x13, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 49 }; 50 51 static const uint8_t gic_id_gicv1[] = { 52 0x04, 0x00, 0x00, 0x00, 0x90, 0xb3, 0x1b, 0x00, 0x0d, 0xf0, 0x05, 0xb1 53 }; 54 55 static const uint8_t gic_id_gicv2[] = { 56 0x04, 0x00, 0x00, 0x00, 0x90, 0xb4, 0x2b, 0x00, 0x0d, 0xf0, 0x05, 0xb1 57 }; 58 59 static inline int gic_get_current_cpu(GICState *s) 60 { 61 if (!qtest_enabled() && s->num_cpu > 1) { 62 return current_cpu->cpu_index; 63 } 64 return 0; 65 } 66 67 static inline int gic_get_current_vcpu(GICState *s) 68 { 69 return gic_get_current_cpu(s) + GIC_NCPU; 70 } 71 72 /* Return true if this GIC config has interrupt groups, which is 73 * true if we're a GICv2, or a GICv1 with the security extensions. 74 */ 75 static inline bool gic_has_groups(GICState *s) 76 { 77 return s->revision == 2 || s->security_extn; 78 } 79 80 static inline bool gic_cpu_ns_access(GICState *s, int cpu, MemTxAttrs attrs) 81 { 82 return !gic_is_vcpu(cpu) && s->security_extn && !attrs.secure; 83 } 84 85 static inline void gic_get_best_irq(GICState *s, int cpu, 86 int *best_irq, int *best_prio, int *group) 87 { 88 int irq; 89 int cm = 1 << cpu; 90 91 *best_irq = 1023; 92 *best_prio = 0x100; 93 94 for (irq = 0; irq < s->num_irq; irq++) { 95 if (GIC_DIST_TEST_ENABLED(irq, cm) && gic_test_pending(s, irq, cm) && 96 (!GIC_DIST_TEST_ACTIVE(irq, cm)) && 97 (irq < GIC_INTERNAL || GIC_DIST_TARGET(irq) & cm)) { 98 if (GIC_DIST_GET_PRIORITY(irq, cpu) < *best_prio) { 99 *best_prio = GIC_DIST_GET_PRIORITY(irq, cpu); 100 *best_irq = irq; 101 } 102 } 103 } 104 105 if (*best_irq < 1023) { 106 *group = GIC_DIST_TEST_GROUP(*best_irq, cm); 107 } 108 } 109 110 static inline void gic_get_best_virq(GICState *s, int cpu, 111 int *best_irq, int *best_prio, int *group) 112 { 113 int lr_idx = 0; 114 115 *best_irq = 1023; 116 *best_prio = 0x100; 117 118 for (lr_idx = 0; lr_idx < s->num_lrs; lr_idx++) { 119 uint32_t lr_entry = s->h_lr[lr_idx][cpu]; 120 int state = GICH_LR_STATE(lr_entry); 121 122 if (state == GICH_LR_STATE_PENDING) { 123 int prio = GICH_LR_PRIORITY(lr_entry); 124 125 if (prio < *best_prio) { 126 *best_prio = prio; 127 *best_irq = GICH_LR_VIRT_ID(lr_entry); 128 *group = GICH_LR_GROUP(lr_entry); 129 } 130 } 131 } 132 } 133 134 /* Return true if IRQ signaling is enabled for the given cpu and at least one 135 * of the given groups: 136 * - in the non-virt case, the distributor must be enabled for one of the 137 * given groups 138 * - in the virt case, the virtual interface must be enabled. 139 * - in all cases, the (v)CPU interface must be enabled for one of the given 140 * groups. 141 */ 142 static inline bool gic_irq_signaling_enabled(GICState *s, int cpu, bool virt, 143 int group_mask) 144 { 145 int cpu_iface = virt ? (cpu + GIC_NCPU) : cpu; 146 147 if (!virt && !(s->ctlr & group_mask)) { 148 return false; 149 } 150 151 if (virt && !(s->h_hcr[cpu] & R_GICH_HCR_EN_MASK)) { 152 return false; 153 } 154 155 if (!(s->cpu_ctlr[cpu_iface] & group_mask)) { 156 return false; 157 } 158 159 return true; 160 } 161 162 /* TODO: Many places that call this routine could be optimized. */ 163 /* Update interrupt status after enabled or pending bits have been changed. */ 164 static inline void gic_update_internal(GICState *s, bool virt) 165 { 166 int best_irq; 167 int best_prio; 168 int irq_level, fiq_level; 169 int cpu, cpu_iface; 170 int group = 0; 171 qemu_irq *irq_lines = virt ? s->parent_virq : s->parent_irq; 172 qemu_irq *fiq_lines = virt ? s->parent_vfiq : s->parent_fiq; 173 174 for (cpu = 0; cpu < s->num_cpu; cpu++) { 175 cpu_iface = virt ? (cpu + GIC_NCPU) : cpu; 176 177 s->current_pending[cpu_iface] = 1023; 178 if (!gic_irq_signaling_enabled(s, cpu, virt, 179 GICD_CTLR_EN_GRP0 | GICD_CTLR_EN_GRP1)) { 180 qemu_irq_lower(irq_lines[cpu]); 181 qemu_irq_lower(fiq_lines[cpu]); 182 continue; 183 } 184 185 if (virt) { 186 gic_get_best_virq(s, cpu, &best_irq, &best_prio, &group); 187 } else { 188 gic_get_best_irq(s, cpu, &best_irq, &best_prio, &group); 189 } 190 191 if (best_irq != 1023) { 192 trace_gic_update_bestirq(virt ? "vcpu" : "cpu", cpu, 193 best_irq, best_prio, 194 s->priority_mask[cpu_iface], 195 s->running_priority[cpu_iface]); 196 } 197 198 irq_level = fiq_level = 0; 199 200 if (best_prio < s->priority_mask[cpu_iface]) { 201 s->current_pending[cpu_iface] = best_irq; 202 if (best_prio < s->running_priority[cpu_iface]) { 203 if (gic_irq_signaling_enabled(s, cpu, virt, 1 << group)) { 204 if (group == 0 && 205 s->cpu_ctlr[cpu_iface] & GICC_CTLR_FIQ_EN) { 206 DPRINTF("Raised pending FIQ %d (cpu %d)\n", 207 best_irq, cpu_iface); 208 fiq_level = 1; 209 trace_gic_update_set_irq(cpu, virt ? "vfiq" : "fiq", 210 fiq_level); 211 } else { 212 DPRINTF("Raised pending IRQ %d (cpu %d)\n", 213 best_irq, cpu_iface); 214 irq_level = 1; 215 trace_gic_update_set_irq(cpu, virt ? "virq" : "irq", 216 irq_level); 217 } 218 } 219 } 220 } 221 222 qemu_set_irq(irq_lines[cpu], irq_level); 223 qemu_set_irq(fiq_lines[cpu], fiq_level); 224 } 225 } 226 227 static void gic_update(GICState *s) 228 { 229 gic_update_internal(s, false); 230 } 231 232 /* Return true if this LR is empty, i.e. the corresponding bit 233 * in ELRSR is set. 234 */ 235 static inline bool gic_lr_entry_is_free(uint32_t entry) 236 { 237 return (GICH_LR_STATE(entry) == GICH_LR_STATE_INVALID) 238 && (GICH_LR_HW(entry) || !GICH_LR_EOI(entry)); 239 } 240 241 /* Return true if this LR should trigger an EOI maintenance interrupt, i.e. the 242 * corrsponding bit in EISR is set. 243 */ 244 static inline bool gic_lr_entry_is_eoi(uint32_t entry) 245 { 246 return (GICH_LR_STATE(entry) == GICH_LR_STATE_INVALID) 247 && !GICH_LR_HW(entry) && GICH_LR_EOI(entry); 248 } 249 250 static inline void gic_extract_lr_info(GICState *s, int cpu, 251 int *num_eoi, int *num_valid, int *num_pending) 252 { 253 int lr_idx; 254 255 *num_eoi = 0; 256 *num_valid = 0; 257 *num_pending = 0; 258 259 for (lr_idx = 0; lr_idx < s->num_lrs; lr_idx++) { 260 uint32_t *entry = &s->h_lr[lr_idx][cpu]; 261 262 if (gic_lr_entry_is_eoi(*entry)) { 263 (*num_eoi)++; 264 } 265 266 if (GICH_LR_STATE(*entry) != GICH_LR_STATE_INVALID) { 267 (*num_valid)++; 268 } 269 270 if (GICH_LR_STATE(*entry) == GICH_LR_STATE_PENDING) { 271 (*num_pending)++; 272 } 273 } 274 } 275 276 static void gic_compute_misr(GICState *s, int cpu) 277 { 278 uint32_t value = 0; 279 int vcpu = cpu + GIC_NCPU; 280 281 int num_eoi, num_valid, num_pending; 282 283 gic_extract_lr_info(s, cpu, &num_eoi, &num_valid, &num_pending); 284 285 /* EOI */ 286 if (num_eoi) { 287 value |= R_GICH_MISR_EOI_MASK; 288 } 289 290 /* U: true if only 0 or 1 LR entry is valid */ 291 if ((s->h_hcr[cpu] & R_GICH_HCR_UIE_MASK) && (num_valid < 2)) { 292 value |= R_GICH_MISR_U_MASK; 293 } 294 295 /* LRENP: EOICount is not 0 */ 296 if ((s->h_hcr[cpu] & R_GICH_HCR_LRENPIE_MASK) && 297 ((s->h_hcr[cpu] & R_GICH_HCR_EOICount_MASK) != 0)) { 298 value |= R_GICH_MISR_LRENP_MASK; 299 } 300 301 /* NP: no pending interrupts */ 302 if ((s->h_hcr[cpu] & R_GICH_HCR_NPIE_MASK) && (num_pending == 0)) { 303 value |= R_GICH_MISR_NP_MASK; 304 } 305 306 /* VGrp0E: group0 virq signaling enabled */ 307 if ((s->h_hcr[cpu] & R_GICH_HCR_VGRP0EIE_MASK) && 308 (s->cpu_ctlr[vcpu] & GICC_CTLR_EN_GRP0)) { 309 value |= R_GICH_MISR_VGrp0E_MASK; 310 } 311 312 /* VGrp0D: group0 virq signaling disabled */ 313 if ((s->h_hcr[cpu] & R_GICH_HCR_VGRP0DIE_MASK) && 314 !(s->cpu_ctlr[vcpu] & GICC_CTLR_EN_GRP0)) { 315 value |= R_GICH_MISR_VGrp0D_MASK; 316 } 317 318 /* VGrp1E: group1 virq signaling enabled */ 319 if ((s->h_hcr[cpu] & R_GICH_HCR_VGRP1EIE_MASK) && 320 (s->cpu_ctlr[vcpu] & GICC_CTLR_EN_GRP1)) { 321 value |= R_GICH_MISR_VGrp1E_MASK; 322 } 323 324 /* VGrp1D: group1 virq signaling disabled */ 325 if ((s->h_hcr[cpu] & R_GICH_HCR_VGRP1DIE_MASK) && 326 !(s->cpu_ctlr[vcpu] & GICC_CTLR_EN_GRP1)) { 327 value |= R_GICH_MISR_VGrp1D_MASK; 328 } 329 330 s->h_misr[cpu] = value; 331 } 332 333 static void gic_update_maintenance(GICState *s) 334 { 335 int cpu = 0; 336 int maint_level; 337 338 for (cpu = 0; cpu < s->num_cpu; cpu++) { 339 gic_compute_misr(s, cpu); 340 maint_level = (s->h_hcr[cpu] & R_GICH_HCR_EN_MASK) && s->h_misr[cpu]; 341 342 trace_gic_update_maintenance_irq(cpu, maint_level); 343 qemu_set_irq(s->maintenance_irq[cpu], maint_level); 344 } 345 } 346 347 static void gic_update_virt(GICState *s) 348 { 349 gic_update_internal(s, true); 350 gic_update_maintenance(s); 351 } 352 353 static void gic_set_irq_11mpcore(GICState *s, int irq, int level, 354 int cm, int target) 355 { 356 if (level) { 357 GIC_DIST_SET_LEVEL(irq, cm); 358 if (GIC_DIST_TEST_EDGE_TRIGGER(irq) || GIC_DIST_TEST_ENABLED(irq, cm)) { 359 DPRINTF("Set %d pending mask %x\n", irq, target); 360 GIC_DIST_SET_PENDING(irq, target); 361 } 362 } else { 363 GIC_DIST_CLEAR_LEVEL(irq, cm); 364 } 365 } 366 367 static void gic_set_irq_generic(GICState *s, int irq, int level, 368 int cm, int target) 369 { 370 if (level) { 371 GIC_DIST_SET_LEVEL(irq, cm); 372 DPRINTF("Set %d pending mask %x\n", irq, target); 373 if (GIC_DIST_TEST_EDGE_TRIGGER(irq)) { 374 GIC_DIST_SET_PENDING(irq, target); 375 } 376 } else { 377 GIC_DIST_CLEAR_LEVEL(irq, cm); 378 } 379 } 380 381 /* Process a change in an external IRQ input. */ 382 static void gic_set_irq(void *opaque, int irq, int level) 383 { 384 /* Meaning of the 'irq' parameter: 385 * [0..N-1] : external interrupts 386 * [N..N+31] : PPI (internal) interrupts for CPU 0 387 * [N+32..N+63] : PPI (internal interrupts for CPU 1 388 * ... 389 */ 390 GICState *s = (GICState *)opaque; 391 int cm, target; 392 if (irq < (s->num_irq - GIC_INTERNAL)) { 393 /* The first external input line is internal interrupt 32. */ 394 cm = ALL_CPU_MASK; 395 irq += GIC_INTERNAL; 396 target = GIC_DIST_TARGET(irq); 397 } else { 398 int cpu; 399 irq -= (s->num_irq - GIC_INTERNAL); 400 cpu = irq / GIC_INTERNAL; 401 irq %= GIC_INTERNAL; 402 cm = 1 << cpu; 403 target = cm; 404 } 405 406 assert(irq >= GIC_NR_SGIS); 407 408 if (level == GIC_DIST_TEST_LEVEL(irq, cm)) { 409 return; 410 } 411 412 if (s->revision == REV_11MPCORE) { 413 gic_set_irq_11mpcore(s, irq, level, cm, target); 414 } else { 415 gic_set_irq_generic(s, irq, level, cm, target); 416 } 417 trace_gic_set_irq(irq, level, cm, target); 418 419 gic_update(s); 420 } 421 422 static uint16_t gic_get_current_pending_irq(GICState *s, int cpu, 423 MemTxAttrs attrs) 424 { 425 uint16_t pending_irq = s->current_pending[cpu]; 426 427 if (pending_irq < GIC_MAXIRQ && gic_has_groups(s)) { 428 int group = gic_test_group(s, pending_irq, cpu); 429 430 /* On a GIC without the security extensions, reading this register 431 * behaves in the same way as a secure access to a GIC with them. 432 */ 433 bool secure = !gic_cpu_ns_access(s, cpu, attrs); 434 435 if (group == 0 && !secure) { 436 /* Group0 interrupts hidden from Non-secure access */ 437 return 1023; 438 } 439 if (group == 1 && secure && !(s->cpu_ctlr[cpu] & GICC_CTLR_ACK_CTL)) { 440 /* Group1 interrupts only seen by Secure access if 441 * AckCtl bit set. 442 */ 443 return 1022; 444 } 445 } 446 return pending_irq; 447 } 448 449 static int gic_get_group_priority(GICState *s, int cpu, int irq) 450 { 451 /* Return the group priority of the specified interrupt 452 * (which is the top bits of its priority, with the number 453 * of bits masked determined by the applicable binary point register). 454 */ 455 int bpr; 456 uint32_t mask; 457 458 if (gic_has_groups(s) && 459 !(s->cpu_ctlr[cpu] & GICC_CTLR_CBPR) && 460 gic_test_group(s, irq, cpu)) { 461 bpr = s->abpr[cpu] - 1; 462 assert(bpr >= 0); 463 } else { 464 bpr = s->bpr[cpu]; 465 } 466 467 /* a BPR of 0 means the group priority bits are [7:1]; 468 * a BPR of 1 means they are [7:2], and so on down to 469 * a BPR of 7 meaning no group priority bits at all. 470 */ 471 mask = ~0U << ((bpr & 7) + 1); 472 473 return gic_get_priority(s, irq, cpu) & mask; 474 } 475 476 static void gic_activate_irq(GICState *s, int cpu, int irq) 477 { 478 /* Set the appropriate Active Priority Register bit for this IRQ, 479 * and update the running priority. 480 */ 481 int prio = gic_get_group_priority(s, cpu, irq); 482 int min_bpr = gic_is_vcpu(cpu) ? GIC_VIRT_MIN_BPR : GIC_MIN_BPR; 483 int preemption_level = prio >> (min_bpr + 1); 484 int regno = preemption_level / 32; 485 int bitno = preemption_level % 32; 486 uint32_t *papr = NULL; 487 488 if (gic_is_vcpu(cpu)) { 489 assert(regno == 0); 490 papr = &s->h_apr[gic_get_vcpu_real_id(cpu)]; 491 } else if (gic_has_groups(s) && gic_test_group(s, irq, cpu)) { 492 papr = &s->nsapr[regno][cpu]; 493 } else { 494 papr = &s->apr[regno][cpu]; 495 } 496 497 *papr |= (1 << bitno); 498 499 s->running_priority[cpu] = prio; 500 gic_set_active(s, irq, cpu); 501 } 502 503 static int gic_get_prio_from_apr_bits(GICState *s, int cpu) 504 { 505 /* Recalculate the current running priority for this CPU based 506 * on the set bits in the Active Priority Registers. 507 */ 508 int i; 509 510 if (gic_is_vcpu(cpu)) { 511 uint32_t apr = s->h_apr[gic_get_vcpu_real_id(cpu)]; 512 if (apr) { 513 return ctz32(apr) << (GIC_VIRT_MIN_BPR + 1); 514 } else { 515 return 0x100; 516 } 517 } 518 519 for (i = 0; i < GIC_NR_APRS; i++) { 520 uint32_t apr = s->apr[i][cpu] | s->nsapr[i][cpu]; 521 if (!apr) { 522 continue; 523 } 524 return (i * 32 + ctz32(apr)) << (GIC_MIN_BPR + 1); 525 } 526 return 0x100; 527 } 528 529 static void gic_drop_prio(GICState *s, int cpu, int group) 530 { 531 /* Drop the priority of the currently active interrupt in the 532 * specified group. 533 * 534 * Note that we can guarantee (because of the requirement to nest 535 * GICC_IAR reads [which activate an interrupt and raise priority] 536 * with GICC_EOIR writes [which drop the priority for the interrupt]) 537 * that the interrupt we're being called for is the highest priority 538 * active interrupt, meaning that it has the lowest set bit in the 539 * APR registers. 540 * 541 * If the guest does not honour the ordering constraints then the 542 * behaviour of the GIC is UNPREDICTABLE, which for us means that 543 * the values of the APR registers might become incorrect and the 544 * running priority will be wrong, so interrupts that should preempt 545 * might not do so, and interrupts that should not preempt might do so. 546 */ 547 if (gic_is_vcpu(cpu)) { 548 int rcpu = gic_get_vcpu_real_id(cpu); 549 550 if (s->h_apr[rcpu]) { 551 /* Clear lowest set bit */ 552 s->h_apr[rcpu] &= s->h_apr[rcpu] - 1; 553 } 554 } else { 555 int i; 556 557 for (i = 0; i < GIC_NR_APRS; i++) { 558 uint32_t *papr = group ? &s->nsapr[i][cpu] : &s->apr[i][cpu]; 559 if (!*papr) { 560 continue; 561 } 562 /* Clear lowest set bit */ 563 *papr &= *papr - 1; 564 break; 565 } 566 } 567 568 s->running_priority[cpu] = gic_get_prio_from_apr_bits(s, cpu); 569 } 570 571 static inline uint32_t gic_clear_pending_sgi(GICState *s, int irq, int cpu) 572 { 573 int src; 574 uint32_t ret; 575 576 if (!gic_is_vcpu(cpu)) { 577 /* Lookup the source CPU for the SGI and clear this in the 578 * sgi_pending map. Return the src and clear the overall pending 579 * state on this CPU if the SGI is not pending from any CPUs. 580 */ 581 assert(s->sgi_pending[irq][cpu] != 0); 582 src = ctz32(s->sgi_pending[irq][cpu]); 583 s->sgi_pending[irq][cpu] &= ~(1 << src); 584 if (s->sgi_pending[irq][cpu] == 0) { 585 gic_clear_pending(s, irq, cpu); 586 } 587 ret = irq | ((src & 0x7) << 10); 588 } else { 589 uint32_t *lr_entry = gic_get_lr_entry(s, irq, cpu); 590 src = GICH_LR_CPUID(*lr_entry); 591 592 gic_clear_pending(s, irq, cpu); 593 ret = irq | (src << 10); 594 } 595 596 return ret; 597 } 598 599 uint32_t gic_acknowledge_irq(GICState *s, int cpu, MemTxAttrs attrs) 600 { 601 int ret, irq; 602 603 /* gic_get_current_pending_irq() will return 1022 or 1023 appropriately 604 * for the case where this GIC supports grouping and the pending interrupt 605 * is in the wrong group. 606 */ 607 irq = gic_get_current_pending_irq(s, cpu, attrs); 608 trace_gic_acknowledge_irq(gic_is_vcpu(cpu) ? "vcpu" : "cpu", 609 gic_get_vcpu_real_id(cpu), irq); 610 611 if (irq >= GIC_MAXIRQ) { 612 DPRINTF("ACK, no pending interrupt or it is hidden: %d\n", irq); 613 return irq; 614 } 615 616 if (gic_get_priority(s, irq, cpu) >= s->running_priority[cpu]) { 617 DPRINTF("ACK, pending interrupt (%d) has insufficient priority\n", irq); 618 return 1023; 619 } 620 621 gic_activate_irq(s, cpu, irq); 622 623 if (s->revision == REV_11MPCORE) { 624 /* Clear pending flags for both level and edge triggered interrupts. 625 * Level triggered IRQs will be reasserted once they become inactive. 626 */ 627 gic_clear_pending(s, irq, cpu); 628 ret = irq; 629 } else { 630 if (irq < GIC_NR_SGIS) { 631 ret = gic_clear_pending_sgi(s, irq, cpu); 632 } else { 633 gic_clear_pending(s, irq, cpu); 634 ret = irq; 635 } 636 } 637 638 if (gic_is_vcpu(cpu)) { 639 gic_update_virt(s); 640 } else { 641 gic_update(s); 642 } 643 DPRINTF("ACK %d\n", irq); 644 return ret; 645 } 646 647 static uint32_t gic_fullprio_mask(GICState *s, int cpu) 648 { 649 /* 650 * Return a mask word which clears the unimplemented priority 651 * bits from a priority value for an interrupt. (Not to be 652 * confused with the group priority, whose mask depends on BPR.) 653 */ 654 int priBits; 655 656 if (gic_is_vcpu(cpu)) { 657 priBits = GIC_VIRT_MAX_GROUP_PRIO_BITS; 658 } else { 659 priBits = s->n_prio_bits; 660 } 661 return ~0U << (8 - priBits); 662 } 663 664 void gic_dist_set_priority(GICState *s, int cpu, int irq, uint8_t val, 665 MemTxAttrs attrs) 666 { 667 if (s->security_extn && !attrs.secure) { 668 if (!GIC_DIST_TEST_GROUP(irq, (1 << cpu))) { 669 return; /* Ignore Non-secure access of Group0 IRQ */ 670 } 671 val = 0x80 | (val >> 1); /* Non-secure view */ 672 } 673 674 val &= gic_fullprio_mask(s, cpu); 675 676 if (irq < GIC_INTERNAL) { 677 s->priority1[irq][cpu] = val; 678 } else { 679 s->priority2[(irq) - GIC_INTERNAL] = val; 680 } 681 } 682 683 static uint32_t gic_dist_get_priority(GICState *s, int cpu, int irq, 684 MemTxAttrs attrs) 685 { 686 uint32_t prio = GIC_DIST_GET_PRIORITY(irq, cpu); 687 688 if (s->security_extn && !attrs.secure) { 689 if (!GIC_DIST_TEST_GROUP(irq, (1 << cpu))) { 690 return 0; /* Non-secure access cannot read priority of Group0 IRQ */ 691 } 692 prio = (prio << 1) & 0xff; /* Non-secure view */ 693 } 694 return prio & gic_fullprio_mask(s, cpu); 695 } 696 697 static void gic_set_priority_mask(GICState *s, int cpu, uint8_t pmask, 698 MemTxAttrs attrs) 699 { 700 if (gic_cpu_ns_access(s, cpu, attrs)) { 701 if (s->priority_mask[cpu] & 0x80) { 702 /* Priority Mask in upper half */ 703 pmask = 0x80 | (pmask >> 1); 704 } else { 705 /* Non-secure write ignored if priority mask is in lower half */ 706 return; 707 } 708 } 709 s->priority_mask[cpu] = pmask & gic_fullprio_mask(s, cpu); 710 } 711 712 static uint32_t gic_get_priority_mask(GICState *s, int cpu, MemTxAttrs attrs) 713 { 714 uint32_t pmask = s->priority_mask[cpu]; 715 716 if (gic_cpu_ns_access(s, cpu, attrs)) { 717 if (pmask & 0x80) { 718 /* Priority Mask in upper half, return Non-secure view */ 719 pmask = (pmask << 1) & 0xff; 720 } else { 721 /* Priority Mask in lower half, RAZ */ 722 pmask = 0; 723 } 724 } 725 return pmask; 726 } 727 728 static uint32_t gic_get_cpu_control(GICState *s, int cpu, MemTxAttrs attrs) 729 { 730 uint32_t ret = s->cpu_ctlr[cpu]; 731 732 if (gic_cpu_ns_access(s, cpu, attrs)) { 733 /* Construct the NS banked view of GICC_CTLR from the correct 734 * bits of the S banked view. We don't need to move the bypass 735 * control bits because we don't implement that (IMPDEF) part 736 * of the GIC architecture. 737 */ 738 ret = (ret & (GICC_CTLR_EN_GRP1 | GICC_CTLR_EOIMODE_NS)) >> 1; 739 } 740 return ret; 741 } 742 743 static void gic_set_cpu_control(GICState *s, int cpu, uint32_t value, 744 MemTxAttrs attrs) 745 { 746 uint32_t mask; 747 748 if (gic_cpu_ns_access(s, cpu, attrs)) { 749 /* The NS view can only write certain bits in the register; 750 * the rest are unchanged 751 */ 752 mask = GICC_CTLR_EN_GRP1; 753 if (s->revision == 2) { 754 mask |= GICC_CTLR_EOIMODE_NS; 755 } 756 s->cpu_ctlr[cpu] &= ~mask; 757 s->cpu_ctlr[cpu] |= (value << 1) & mask; 758 } else { 759 if (s->revision == 2) { 760 mask = s->security_extn ? GICC_CTLR_V2_S_MASK : GICC_CTLR_V2_MASK; 761 } else { 762 mask = s->security_extn ? GICC_CTLR_V1_S_MASK : GICC_CTLR_V1_MASK; 763 } 764 s->cpu_ctlr[cpu] = value & mask; 765 } 766 DPRINTF("CPU Interface %d: Group0 Interrupts %sabled, " 767 "Group1 Interrupts %sabled\n", cpu, 768 (s->cpu_ctlr[cpu] & GICC_CTLR_EN_GRP0) ? "En" : "Dis", 769 (s->cpu_ctlr[cpu] & GICC_CTLR_EN_GRP1) ? "En" : "Dis"); 770 } 771 772 static uint8_t gic_get_running_priority(GICState *s, int cpu, MemTxAttrs attrs) 773 { 774 if ((s->revision != REV_11MPCORE) && (s->running_priority[cpu] > 0xff)) { 775 /* Idle priority */ 776 return 0xff; 777 } 778 779 if (gic_cpu_ns_access(s, cpu, attrs)) { 780 if (s->running_priority[cpu] & 0x80) { 781 /* Running priority in upper half of range: return the Non-secure 782 * view of the priority. 783 */ 784 return s->running_priority[cpu] << 1; 785 } else { 786 /* Running priority in lower half of range: RAZ */ 787 return 0; 788 } 789 } else { 790 return s->running_priority[cpu]; 791 } 792 } 793 794 /* Return true if we should split priority drop and interrupt deactivation, 795 * ie whether the relevant EOIMode bit is set. 796 */ 797 static bool gic_eoi_split(GICState *s, int cpu, MemTxAttrs attrs) 798 { 799 if (s->revision != 2) { 800 /* Before GICv2 prio-drop and deactivate are not separable */ 801 return false; 802 } 803 if (gic_cpu_ns_access(s, cpu, attrs)) { 804 return s->cpu_ctlr[cpu] & GICC_CTLR_EOIMODE_NS; 805 } 806 return s->cpu_ctlr[cpu] & GICC_CTLR_EOIMODE; 807 } 808 809 static void gic_deactivate_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs) 810 { 811 int group; 812 813 if (irq >= GIC_MAXIRQ || (!gic_is_vcpu(cpu) && irq >= s->num_irq)) { 814 /* 815 * This handles two cases: 816 * 1. If software writes the ID of a spurious interrupt [ie 1023] 817 * to the GICC_DIR, the GIC ignores that write. 818 * 2. If software writes the number of a non-existent interrupt 819 * this must be a subcase of "value written is not an active interrupt" 820 * and so this is UNPREDICTABLE. We choose to ignore it. For vCPUs, 821 * all IRQs potentially exist, so this limit does not apply. 822 */ 823 return; 824 } 825 826 if (!gic_eoi_split(s, cpu, attrs)) { 827 /* This is UNPREDICTABLE; we choose to ignore it */ 828 qemu_log_mask(LOG_GUEST_ERROR, 829 "gic_deactivate_irq: GICC_DIR write when EOIMode clear"); 830 return; 831 } 832 833 if (gic_is_vcpu(cpu) && !gic_virq_is_valid(s, irq, cpu)) { 834 /* This vIRQ does not have an LR entry which is either active or 835 * pending and active. Increment EOICount and ignore the write. 836 */ 837 int rcpu = gic_get_vcpu_real_id(cpu); 838 s->h_hcr[rcpu] += 1 << R_GICH_HCR_EOICount_SHIFT; 839 840 /* Update the virtual interface in case a maintenance interrupt should 841 * be raised. 842 */ 843 gic_update_virt(s); 844 return; 845 } 846 847 group = gic_has_groups(s) && gic_test_group(s, irq, cpu); 848 849 if (gic_cpu_ns_access(s, cpu, attrs) && !group) { 850 DPRINTF("Non-secure DI for Group0 interrupt %d ignored\n", irq); 851 return; 852 } 853 854 gic_clear_active(s, irq, cpu); 855 } 856 857 static void gic_complete_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs) 858 { 859 int cm = 1 << cpu; 860 int group; 861 862 DPRINTF("EOI %d\n", irq); 863 if (gic_is_vcpu(cpu)) { 864 /* The call to gic_prio_drop() will clear a bit in GICH_APR iff the 865 * running prio is < 0x100. 866 */ 867 bool prio_drop = s->running_priority[cpu] < 0x100; 868 869 if (irq >= GIC_MAXIRQ) { 870 /* Ignore spurious interrupt */ 871 return; 872 } 873 874 gic_drop_prio(s, cpu, 0); 875 876 if (!gic_eoi_split(s, cpu, attrs)) { 877 bool valid = gic_virq_is_valid(s, irq, cpu); 878 if (prio_drop && !valid) { 879 /* We are in a situation where: 880 * - V_CTRL.EOIMode is false (no EOI split), 881 * - The call to gic_drop_prio() cleared a bit in GICH_APR, 882 * - This vIRQ does not have an LR entry which is either 883 * active or pending and active. 884 * In that case, we must increment EOICount. 885 */ 886 int rcpu = gic_get_vcpu_real_id(cpu); 887 s->h_hcr[rcpu] += 1 << R_GICH_HCR_EOICount_SHIFT; 888 } else if (valid) { 889 gic_clear_active(s, irq, cpu); 890 } 891 } 892 893 gic_update_virt(s); 894 return; 895 } 896 897 if (irq >= s->num_irq) { 898 /* This handles two cases: 899 * 1. If software writes the ID of a spurious interrupt [ie 1023] 900 * to the GICC_EOIR, the GIC ignores that write. 901 * 2. If software writes the number of a non-existent interrupt 902 * this must be a subcase of "value written does not match the last 903 * valid interrupt value read from the Interrupt Acknowledge 904 * register" and so this is UNPREDICTABLE. We choose to ignore it. 905 */ 906 return; 907 } 908 if (s->running_priority[cpu] == 0x100) { 909 return; /* No active IRQ. */ 910 } 911 912 if (s->revision == REV_11MPCORE) { 913 /* Mark level triggered interrupts as pending if they are still 914 raised. */ 915 if (!GIC_DIST_TEST_EDGE_TRIGGER(irq) && GIC_DIST_TEST_ENABLED(irq, cm) 916 && GIC_DIST_TEST_LEVEL(irq, cm) 917 && (GIC_DIST_TARGET(irq) & cm) != 0) { 918 DPRINTF("Set %d pending mask %x\n", irq, cm); 919 GIC_DIST_SET_PENDING(irq, cm); 920 } 921 } 922 923 group = gic_has_groups(s) && gic_test_group(s, irq, cpu); 924 925 if (gic_cpu_ns_access(s, cpu, attrs) && !group) { 926 DPRINTF("Non-secure EOI for Group0 interrupt %d ignored\n", irq); 927 return; 928 } 929 930 /* Secure EOI with GICC_CTLR.AckCtl == 0 when the IRQ is a Group 1 931 * interrupt is UNPREDICTABLE. We choose to handle it as if AckCtl == 1, 932 * i.e. go ahead and complete the irq anyway. 933 */ 934 935 gic_drop_prio(s, cpu, group); 936 937 /* In GICv2 the guest can choose to split priority-drop and deactivate */ 938 if (!gic_eoi_split(s, cpu, attrs)) { 939 gic_clear_active(s, irq, cpu); 940 } 941 gic_update(s); 942 } 943 944 static uint8_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs) 945 { 946 GICState *s = (GICState *)opaque; 947 uint32_t res; 948 int irq; 949 int i; 950 int cpu; 951 int cm; 952 int mask; 953 954 cpu = gic_get_current_cpu(s); 955 cm = 1 << cpu; 956 if (offset < 0x100) { 957 if (offset == 0) { /* GICD_CTLR */ 958 /* We rely here on the only non-zero bits being in byte 0 */ 959 if (s->security_extn && !attrs.secure) { 960 /* The NS bank of this register is just an alias of the 961 * EnableGrp1 bit in the S bank version. 962 */ 963 return extract32(s->ctlr, 1, 1); 964 } else { 965 return s->ctlr; 966 } 967 } 968 if (offset == 4) { 969 /* GICD_TYPER byte 0 */ 970 return ((s->num_irq / 32) - 1) | ((s->num_cpu - 1) << 5); 971 } 972 if (offset == 5) { 973 /* GICD_TYPER byte 1 */ 974 return (s->security_extn << 2); 975 } 976 if (offset < 0x08) 977 return 0; 978 if (offset >= 0x80) { 979 /* Interrupt Group Registers: these RAZ/WI if this is an NS 980 * access to a GIC with the security extensions, or if the GIC 981 * doesn't have groups at all. 982 */ 983 res = 0; 984 if (!(s->security_extn && !attrs.secure) && gic_has_groups(s)) { 985 /* Every byte offset holds 8 group status bits */ 986 irq = (offset - 0x080) * 8; 987 if (irq >= s->num_irq) { 988 goto bad_reg; 989 } 990 for (i = 0; i < 8; i++) { 991 if (GIC_DIST_TEST_GROUP(irq + i, cm)) { 992 res |= (1 << i); 993 } 994 } 995 } 996 return res; 997 } 998 goto bad_reg; 999 } else if (offset < 0x200) { 1000 /* Interrupt Set/Clear Enable. */ 1001 if (offset < 0x180) 1002 irq = (offset - 0x100) * 8; 1003 else 1004 irq = (offset - 0x180) * 8; 1005 if (irq >= s->num_irq) 1006 goto bad_reg; 1007 res = 0; 1008 for (i = 0; i < 8; i++) { 1009 if (s->security_extn && !attrs.secure && 1010 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1011 continue; /* Ignore Non-secure access of Group0 IRQ */ 1012 } 1013 1014 if (GIC_DIST_TEST_ENABLED(irq + i, cm)) { 1015 res |= (1 << i); 1016 } 1017 } 1018 } else if (offset < 0x300) { 1019 /* Interrupt Set/Clear Pending. */ 1020 if (offset < 0x280) 1021 irq = (offset - 0x200) * 8; 1022 else 1023 irq = (offset - 0x280) * 8; 1024 if (irq >= s->num_irq) 1025 goto bad_reg; 1026 res = 0; 1027 mask = (irq < GIC_INTERNAL) ? cm : ALL_CPU_MASK; 1028 for (i = 0; i < 8; i++) { 1029 if (s->security_extn && !attrs.secure && 1030 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1031 continue; /* Ignore Non-secure access of Group0 IRQ */ 1032 } 1033 1034 if (gic_test_pending(s, irq + i, mask)) { 1035 res |= (1 << i); 1036 } 1037 } 1038 } else if (offset < 0x400) { 1039 /* Interrupt Set/Clear Active. */ 1040 if (offset < 0x380) { 1041 irq = (offset - 0x300) * 8; 1042 } else if (s->revision == 2) { 1043 irq = (offset - 0x380) * 8; 1044 } else { 1045 goto bad_reg; 1046 } 1047 1048 if (irq >= s->num_irq) 1049 goto bad_reg; 1050 res = 0; 1051 mask = (irq < GIC_INTERNAL) ? cm : ALL_CPU_MASK; 1052 for (i = 0; i < 8; i++) { 1053 if (s->security_extn && !attrs.secure && 1054 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1055 continue; /* Ignore Non-secure access of Group0 IRQ */ 1056 } 1057 1058 if (GIC_DIST_TEST_ACTIVE(irq + i, mask)) { 1059 res |= (1 << i); 1060 } 1061 } 1062 } else if (offset < 0x800) { 1063 /* Interrupt Priority. */ 1064 irq = (offset - 0x400); 1065 if (irq >= s->num_irq) 1066 goto bad_reg; 1067 res = gic_dist_get_priority(s, cpu, irq, attrs); 1068 } else if (offset < 0xc00) { 1069 /* Interrupt CPU Target. */ 1070 if (s->num_cpu == 1 && s->revision != REV_11MPCORE) { 1071 /* For uniprocessor GICs these RAZ/WI */ 1072 res = 0; 1073 } else { 1074 irq = (offset - 0x800); 1075 if (irq >= s->num_irq) { 1076 goto bad_reg; 1077 } 1078 if (irq < 29 && s->revision == REV_11MPCORE) { 1079 res = 0; 1080 } else if (irq < GIC_INTERNAL) { 1081 res = cm; 1082 } else { 1083 res = GIC_DIST_TARGET(irq); 1084 } 1085 } 1086 } else if (offset < 0xf00) { 1087 /* Interrupt Configuration. */ 1088 irq = (offset - 0xc00) * 4; 1089 if (irq >= s->num_irq) 1090 goto bad_reg; 1091 res = 0; 1092 for (i = 0; i < 4; i++) { 1093 if (s->security_extn && !attrs.secure && 1094 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1095 continue; /* Ignore Non-secure access of Group0 IRQ */ 1096 } 1097 1098 if (GIC_DIST_TEST_MODEL(irq + i)) { 1099 res |= (1 << (i * 2)); 1100 } 1101 if (GIC_DIST_TEST_EDGE_TRIGGER(irq + i)) { 1102 res |= (2 << (i * 2)); 1103 } 1104 } 1105 } else if (offset < 0xf10) { 1106 goto bad_reg; 1107 } else if (offset < 0xf30) { 1108 if (s->revision == REV_11MPCORE) { 1109 goto bad_reg; 1110 } 1111 1112 if (offset < 0xf20) { 1113 /* GICD_CPENDSGIRn */ 1114 irq = (offset - 0xf10); 1115 } else { 1116 irq = (offset - 0xf20); 1117 /* GICD_SPENDSGIRn */ 1118 } 1119 1120 if (s->security_extn && !attrs.secure && 1121 !GIC_DIST_TEST_GROUP(irq, 1 << cpu)) { 1122 res = 0; /* Ignore Non-secure access of Group0 IRQ */ 1123 } else { 1124 res = s->sgi_pending[irq][cpu]; 1125 } 1126 } else if (offset < 0xfd0) { 1127 goto bad_reg; 1128 } else if (offset < 0x1000) { 1129 if (offset & 3) { 1130 res = 0; 1131 } else { 1132 switch (s->revision) { 1133 case REV_11MPCORE: 1134 res = gic_id_11mpcore[(offset - 0xfd0) >> 2]; 1135 break; 1136 case 1: 1137 res = gic_id_gicv1[(offset - 0xfd0) >> 2]; 1138 break; 1139 case 2: 1140 res = gic_id_gicv2[(offset - 0xfd0) >> 2]; 1141 break; 1142 default: 1143 res = 0; 1144 } 1145 } 1146 } else { 1147 g_assert_not_reached(); 1148 } 1149 return res; 1150 bad_reg: 1151 qemu_log_mask(LOG_GUEST_ERROR, 1152 "gic_dist_readb: Bad offset %x\n", (int)offset); 1153 return 0; 1154 } 1155 1156 static MemTxResult gic_dist_read(void *opaque, hwaddr offset, uint64_t *data, 1157 unsigned size, MemTxAttrs attrs) 1158 { 1159 switch (size) { 1160 case 1: 1161 *data = gic_dist_readb(opaque, offset, attrs); 1162 break; 1163 case 2: 1164 *data = gic_dist_readb(opaque, offset, attrs); 1165 *data |= gic_dist_readb(opaque, offset + 1, attrs) << 8; 1166 break; 1167 case 4: 1168 *data = gic_dist_readb(opaque, offset, attrs); 1169 *data |= gic_dist_readb(opaque, offset + 1, attrs) << 8; 1170 *data |= gic_dist_readb(opaque, offset + 2, attrs) << 16; 1171 *data |= gic_dist_readb(opaque, offset + 3, attrs) << 24; 1172 break; 1173 default: 1174 return MEMTX_ERROR; 1175 } 1176 1177 trace_gic_dist_read(offset, size, *data); 1178 return MEMTX_OK; 1179 } 1180 1181 static void gic_dist_writeb(void *opaque, hwaddr offset, 1182 uint32_t value, MemTxAttrs attrs) 1183 { 1184 GICState *s = (GICState *)opaque; 1185 int irq; 1186 int i; 1187 int cpu; 1188 1189 cpu = gic_get_current_cpu(s); 1190 if (offset < 0x100) { 1191 if (offset == 0) { 1192 if (s->security_extn && !attrs.secure) { 1193 /* NS version is just an alias of the S version's bit 1 */ 1194 s->ctlr = deposit32(s->ctlr, 1, 1, value); 1195 } else if (gic_has_groups(s)) { 1196 s->ctlr = value & (GICD_CTLR_EN_GRP0 | GICD_CTLR_EN_GRP1); 1197 } else { 1198 s->ctlr = value & GICD_CTLR_EN_GRP0; 1199 } 1200 DPRINTF("Distributor: Group0 %sabled; Group 1 %sabled\n", 1201 s->ctlr & GICD_CTLR_EN_GRP0 ? "En" : "Dis", 1202 s->ctlr & GICD_CTLR_EN_GRP1 ? "En" : "Dis"); 1203 } else if (offset < 4) { 1204 /* ignored. */ 1205 } else if (offset >= 0x80) { 1206 /* Interrupt Group Registers: RAZ/WI for NS access to secure 1207 * GIC, or for GICs without groups. 1208 */ 1209 if (!(s->security_extn && !attrs.secure) && gic_has_groups(s)) { 1210 /* Every byte offset holds 8 group status bits */ 1211 irq = (offset - 0x80) * 8; 1212 if (irq >= s->num_irq) { 1213 goto bad_reg; 1214 } 1215 for (i = 0; i < 8; i++) { 1216 /* Group bits are banked for private interrupts */ 1217 int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK; 1218 if (value & (1 << i)) { 1219 /* Group1 (Non-secure) */ 1220 GIC_DIST_SET_GROUP(irq + i, cm); 1221 } else { 1222 /* Group0 (Secure) */ 1223 GIC_DIST_CLEAR_GROUP(irq + i, cm); 1224 } 1225 } 1226 } 1227 } else { 1228 goto bad_reg; 1229 } 1230 } else if (offset < 0x180) { 1231 /* Interrupt Set Enable. */ 1232 irq = (offset - 0x100) * 8; 1233 if (irq >= s->num_irq) 1234 goto bad_reg; 1235 if (irq < GIC_NR_SGIS) { 1236 value = 0xff; 1237 } 1238 1239 for (i = 0; i < 8; i++) { 1240 if (value & (1 << i)) { 1241 int mask = 1242 (irq < GIC_INTERNAL) ? (1 << cpu) 1243 : GIC_DIST_TARGET(irq + i); 1244 int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK; 1245 1246 if (s->security_extn && !attrs.secure && 1247 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1248 continue; /* Ignore Non-secure access of Group0 IRQ */ 1249 } 1250 1251 if (!GIC_DIST_TEST_ENABLED(irq + i, cm)) { 1252 DPRINTF("Enabled IRQ %d\n", irq + i); 1253 trace_gic_enable_irq(irq + i); 1254 } 1255 GIC_DIST_SET_ENABLED(irq + i, cm); 1256 /* If a raised level triggered IRQ enabled then mark 1257 is as pending. */ 1258 if (GIC_DIST_TEST_LEVEL(irq + i, mask) 1259 && !GIC_DIST_TEST_EDGE_TRIGGER(irq + i)) { 1260 DPRINTF("Set %d pending mask %x\n", irq + i, mask); 1261 GIC_DIST_SET_PENDING(irq + i, mask); 1262 } 1263 } 1264 } 1265 } else if (offset < 0x200) { 1266 /* Interrupt Clear Enable. */ 1267 irq = (offset - 0x180) * 8; 1268 if (irq >= s->num_irq) 1269 goto bad_reg; 1270 if (irq < GIC_NR_SGIS) { 1271 value = 0; 1272 } 1273 1274 for (i = 0; i < 8; i++) { 1275 if (value & (1 << i)) { 1276 int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK; 1277 1278 if (s->security_extn && !attrs.secure && 1279 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1280 continue; /* Ignore Non-secure access of Group0 IRQ */ 1281 } 1282 1283 if (GIC_DIST_TEST_ENABLED(irq + i, cm)) { 1284 DPRINTF("Disabled IRQ %d\n", irq + i); 1285 trace_gic_disable_irq(irq + i); 1286 } 1287 GIC_DIST_CLEAR_ENABLED(irq + i, cm); 1288 } 1289 } 1290 } else if (offset < 0x280) { 1291 /* Interrupt Set Pending. */ 1292 irq = (offset - 0x200) * 8; 1293 if (irq >= s->num_irq) 1294 goto bad_reg; 1295 if (irq < GIC_NR_SGIS) { 1296 value = 0; 1297 } 1298 1299 for (i = 0; i < 8; i++) { 1300 if (value & (1 << i)) { 1301 if (s->security_extn && !attrs.secure && 1302 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1303 continue; /* Ignore Non-secure access of Group0 IRQ */ 1304 } 1305 1306 GIC_DIST_SET_PENDING(irq + i, GIC_DIST_TARGET(irq + i)); 1307 } 1308 } 1309 } else if (offset < 0x300) { 1310 /* Interrupt Clear Pending. */ 1311 irq = (offset - 0x280) * 8; 1312 if (irq >= s->num_irq) 1313 goto bad_reg; 1314 if (irq < GIC_NR_SGIS) { 1315 value = 0; 1316 } 1317 1318 for (i = 0; i < 8; i++) { 1319 if (s->security_extn && !attrs.secure && 1320 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1321 continue; /* Ignore Non-secure access of Group0 IRQ */ 1322 } 1323 1324 /* ??? This currently clears the pending bit for all CPUs, even 1325 for per-CPU interrupts. It's unclear whether this is the 1326 corect behavior. */ 1327 if (value & (1 << i)) { 1328 GIC_DIST_CLEAR_PENDING(irq + i, ALL_CPU_MASK); 1329 } 1330 } 1331 } else if (offset < 0x380) { 1332 /* Interrupt Set Active. */ 1333 if (s->revision != 2) { 1334 goto bad_reg; 1335 } 1336 1337 irq = (offset - 0x300) * 8; 1338 if (irq >= s->num_irq) { 1339 goto bad_reg; 1340 } 1341 1342 /* This register is banked per-cpu for PPIs */ 1343 int cm = irq < GIC_INTERNAL ? (1 << cpu) : ALL_CPU_MASK; 1344 1345 for (i = 0; i < 8; i++) { 1346 if (s->security_extn && !attrs.secure && 1347 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1348 continue; /* Ignore Non-secure access of Group0 IRQ */ 1349 } 1350 1351 if (value & (1 << i)) { 1352 GIC_DIST_SET_ACTIVE(irq + i, cm); 1353 } 1354 } 1355 } else if (offset < 0x400) { 1356 /* Interrupt Clear Active. */ 1357 if (s->revision != 2) { 1358 goto bad_reg; 1359 } 1360 1361 irq = (offset - 0x380) * 8; 1362 if (irq >= s->num_irq) { 1363 goto bad_reg; 1364 } 1365 1366 /* This register is banked per-cpu for PPIs */ 1367 int cm = irq < GIC_INTERNAL ? (1 << cpu) : ALL_CPU_MASK; 1368 1369 for (i = 0; i < 8; i++) { 1370 if (s->security_extn && !attrs.secure && 1371 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1372 continue; /* Ignore Non-secure access of Group0 IRQ */ 1373 } 1374 1375 if (value & (1 << i)) { 1376 GIC_DIST_CLEAR_ACTIVE(irq + i, cm); 1377 } 1378 } 1379 } else if (offset < 0x800) { 1380 /* Interrupt Priority. */ 1381 irq = (offset - 0x400); 1382 if (irq >= s->num_irq) 1383 goto bad_reg; 1384 gic_dist_set_priority(s, cpu, irq, value, attrs); 1385 } else if (offset < 0xc00) { 1386 /* Interrupt CPU Target. RAZ/WI on uniprocessor GICs, with the 1387 * annoying exception of the 11MPCore's GIC. 1388 */ 1389 if (s->num_cpu != 1 || s->revision == REV_11MPCORE) { 1390 irq = (offset - 0x800); 1391 if (irq >= s->num_irq) { 1392 goto bad_reg; 1393 } 1394 if (irq < 29 && s->revision == REV_11MPCORE) { 1395 value = 0; 1396 } else if (irq < GIC_INTERNAL) { 1397 value = ALL_CPU_MASK; 1398 } 1399 s->irq_target[irq] = value & ALL_CPU_MASK; 1400 } 1401 } else if (offset < 0xf00) { 1402 /* Interrupt Configuration. */ 1403 irq = (offset - 0xc00) * 4; 1404 if (irq >= s->num_irq) 1405 goto bad_reg; 1406 if (irq < GIC_NR_SGIS) 1407 value |= 0xaa; 1408 for (i = 0; i < 4; i++) { 1409 if (s->security_extn && !attrs.secure && 1410 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1411 continue; /* Ignore Non-secure access of Group0 IRQ */ 1412 } 1413 1414 if (s->revision == REV_11MPCORE) { 1415 if (value & (1 << (i * 2))) { 1416 GIC_DIST_SET_MODEL(irq + i); 1417 } else { 1418 GIC_DIST_CLEAR_MODEL(irq + i); 1419 } 1420 } 1421 if (value & (2 << (i * 2))) { 1422 GIC_DIST_SET_EDGE_TRIGGER(irq + i); 1423 } else { 1424 GIC_DIST_CLEAR_EDGE_TRIGGER(irq + i); 1425 } 1426 } 1427 } else if (offset < 0xf10) { 1428 /* 0xf00 is only handled for 32-bit writes. */ 1429 goto bad_reg; 1430 } else if (offset < 0xf20) { 1431 /* GICD_CPENDSGIRn */ 1432 if (s->revision == REV_11MPCORE) { 1433 goto bad_reg; 1434 } 1435 irq = (offset - 0xf10); 1436 1437 if (!s->security_extn || attrs.secure || 1438 GIC_DIST_TEST_GROUP(irq, 1 << cpu)) { 1439 s->sgi_pending[irq][cpu] &= ~value; 1440 if (s->sgi_pending[irq][cpu] == 0) { 1441 GIC_DIST_CLEAR_PENDING(irq, 1 << cpu); 1442 } 1443 } 1444 } else if (offset < 0xf30) { 1445 /* GICD_SPENDSGIRn */ 1446 if (s->revision == REV_11MPCORE) { 1447 goto bad_reg; 1448 } 1449 irq = (offset - 0xf20); 1450 1451 if (!s->security_extn || attrs.secure || 1452 GIC_DIST_TEST_GROUP(irq, 1 << cpu)) { 1453 GIC_DIST_SET_PENDING(irq, 1 << cpu); 1454 s->sgi_pending[irq][cpu] |= value; 1455 } 1456 } else { 1457 goto bad_reg; 1458 } 1459 gic_update(s); 1460 return; 1461 bad_reg: 1462 qemu_log_mask(LOG_GUEST_ERROR, 1463 "gic_dist_writeb: Bad offset %x\n", (int)offset); 1464 } 1465 1466 static void gic_dist_writew(void *opaque, hwaddr offset, 1467 uint32_t value, MemTxAttrs attrs) 1468 { 1469 gic_dist_writeb(opaque, offset, value & 0xff, attrs); 1470 gic_dist_writeb(opaque, offset + 1, value >> 8, attrs); 1471 } 1472 1473 static void gic_dist_writel(void *opaque, hwaddr offset, 1474 uint32_t value, MemTxAttrs attrs) 1475 { 1476 GICState *s = (GICState *)opaque; 1477 if (offset == 0xf00) { 1478 int cpu; 1479 int irq; 1480 int mask; 1481 int target_cpu; 1482 1483 cpu = gic_get_current_cpu(s); 1484 irq = value & 0xf; 1485 switch ((value >> 24) & 3) { 1486 case 0: 1487 mask = (value >> 16) & ALL_CPU_MASK; 1488 break; 1489 case 1: 1490 mask = ALL_CPU_MASK ^ (1 << cpu); 1491 break; 1492 case 2: 1493 mask = 1 << cpu; 1494 break; 1495 default: 1496 DPRINTF("Bad Soft Int target filter\n"); 1497 mask = ALL_CPU_MASK; 1498 break; 1499 } 1500 GIC_DIST_SET_PENDING(irq, mask); 1501 target_cpu = ctz32(mask); 1502 while (target_cpu < GIC_NCPU) { 1503 s->sgi_pending[irq][target_cpu] |= (1 << cpu); 1504 mask &= ~(1 << target_cpu); 1505 target_cpu = ctz32(mask); 1506 } 1507 gic_update(s); 1508 return; 1509 } 1510 gic_dist_writew(opaque, offset, value & 0xffff, attrs); 1511 gic_dist_writew(opaque, offset + 2, value >> 16, attrs); 1512 } 1513 1514 static MemTxResult gic_dist_write(void *opaque, hwaddr offset, uint64_t data, 1515 unsigned size, MemTxAttrs attrs) 1516 { 1517 trace_gic_dist_write(offset, size, data); 1518 1519 switch (size) { 1520 case 1: 1521 gic_dist_writeb(opaque, offset, data, attrs); 1522 return MEMTX_OK; 1523 case 2: 1524 gic_dist_writew(opaque, offset, data, attrs); 1525 return MEMTX_OK; 1526 case 4: 1527 gic_dist_writel(opaque, offset, data, attrs); 1528 return MEMTX_OK; 1529 default: 1530 return MEMTX_ERROR; 1531 } 1532 } 1533 1534 static inline uint32_t gic_apr_ns_view(GICState *s, int cpu, int regno) 1535 { 1536 /* Return the Nonsecure view of GICC_APR<regno>. This is the 1537 * second half of GICC_NSAPR. 1538 */ 1539 switch (GIC_MIN_BPR) { 1540 case 0: 1541 if (regno < 2) { 1542 return s->nsapr[regno + 2][cpu]; 1543 } 1544 break; 1545 case 1: 1546 if (regno == 0) { 1547 return s->nsapr[regno + 1][cpu]; 1548 } 1549 break; 1550 case 2: 1551 if (regno == 0) { 1552 return extract32(s->nsapr[0][cpu], 16, 16); 1553 } 1554 break; 1555 case 3: 1556 if (regno == 0) { 1557 return extract32(s->nsapr[0][cpu], 8, 8); 1558 } 1559 break; 1560 default: 1561 g_assert_not_reached(); 1562 } 1563 return 0; 1564 } 1565 1566 static inline void gic_apr_write_ns_view(GICState *s, int cpu, int regno, 1567 uint32_t value) 1568 { 1569 /* Write the Nonsecure view of GICC_APR<regno>. */ 1570 switch (GIC_MIN_BPR) { 1571 case 0: 1572 if (regno < 2) { 1573 s->nsapr[regno + 2][cpu] = value; 1574 } 1575 break; 1576 case 1: 1577 if (regno == 0) { 1578 s->nsapr[regno + 1][cpu] = value; 1579 } 1580 break; 1581 case 2: 1582 if (regno == 0) { 1583 s->nsapr[0][cpu] = deposit32(s->nsapr[0][cpu], 16, 16, value); 1584 } 1585 break; 1586 case 3: 1587 if (regno == 0) { 1588 s->nsapr[0][cpu] = deposit32(s->nsapr[0][cpu], 8, 8, value); 1589 } 1590 break; 1591 default: 1592 g_assert_not_reached(); 1593 } 1594 } 1595 1596 static MemTxResult gic_cpu_read(GICState *s, int cpu, int offset, 1597 uint64_t *data, MemTxAttrs attrs) 1598 { 1599 switch (offset) { 1600 case 0x00: /* Control */ 1601 *data = gic_get_cpu_control(s, cpu, attrs); 1602 break; 1603 case 0x04: /* Priority mask */ 1604 *data = gic_get_priority_mask(s, cpu, attrs); 1605 break; 1606 case 0x08: /* Binary Point */ 1607 if (gic_cpu_ns_access(s, cpu, attrs)) { 1608 if (s->cpu_ctlr[cpu] & GICC_CTLR_CBPR) { 1609 /* NS view of BPR when CBPR is 1 */ 1610 *data = MIN(s->bpr[cpu] + 1, 7); 1611 } else { 1612 /* BPR is banked. Non-secure copy stored in ABPR. */ 1613 *data = s->abpr[cpu]; 1614 } 1615 } else { 1616 *data = s->bpr[cpu]; 1617 } 1618 break; 1619 case 0x0c: /* Acknowledge */ 1620 *data = gic_acknowledge_irq(s, cpu, attrs); 1621 break; 1622 case 0x14: /* Running Priority */ 1623 *data = gic_get_running_priority(s, cpu, attrs); 1624 break; 1625 case 0x18: /* Highest Pending Interrupt */ 1626 *data = gic_get_current_pending_irq(s, cpu, attrs); 1627 break; 1628 case 0x1c: /* Aliased Binary Point */ 1629 /* GIC v2, no security: ABPR 1630 * GIC v1, no security: not implemented (RAZ/WI) 1631 * With security extensions, secure access: ABPR (alias of NS BPR) 1632 * With security extensions, nonsecure access: RAZ/WI 1633 */ 1634 if (!gic_has_groups(s) || (gic_cpu_ns_access(s, cpu, attrs))) { 1635 *data = 0; 1636 } else { 1637 *data = s->abpr[cpu]; 1638 } 1639 break; 1640 case 0xd0: case 0xd4: case 0xd8: case 0xdc: 1641 { 1642 int regno = (offset - 0xd0) / 4; 1643 int nr_aprs = gic_is_vcpu(cpu) ? GIC_VIRT_NR_APRS : GIC_NR_APRS; 1644 1645 if (regno >= nr_aprs || s->revision != 2) { 1646 *data = 0; 1647 } else if (gic_is_vcpu(cpu)) { 1648 *data = s->h_apr[gic_get_vcpu_real_id(cpu)]; 1649 } else if (gic_cpu_ns_access(s, cpu, attrs)) { 1650 /* NS view of GICC_APR<n> is the top half of GIC_NSAPR<n> */ 1651 *data = gic_apr_ns_view(s, regno, cpu); 1652 } else { 1653 *data = s->apr[regno][cpu]; 1654 } 1655 break; 1656 } 1657 case 0xe0: case 0xe4: case 0xe8: case 0xec: 1658 { 1659 int regno = (offset - 0xe0) / 4; 1660 1661 if (regno >= GIC_NR_APRS || s->revision != 2 || !gic_has_groups(s) || 1662 gic_cpu_ns_access(s, cpu, attrs) || gic_is_vcpu(cpu)) { 1663 *data = 0; 1664 } else { 1665 *data = s->nsapr[regno][cpu]; 1666 } 1667 break; 1668 } 1669 case 0xfc: 1670 if (s->revision == REV_11MPCORE) { 1671 /* Reserved on 11MPCore */ 1672 *data = 0; 1673 } else { 1674 /* GICv1 or v2; Arm implementation */ 1675 *data = (s->revision << 16) | 0x43b; 1676 } 1677 break; 1678 default: 1679 qemu_log_mask(LOG_GUEST_ERROR, 1680 "gic_cpu_read: Bad offset %x\n", (int)offset); 1681 *data = 0; 1682 break; 1683 } 1684 1685 trace_gic_cpu_read(gic_is_vcpu(cpu) ? "vcpu" : "cpu", 1686 gic_get_vcpu_real_id(cpu), offset, *data); 1687 return MEMTX_OK; 1688 } 1689 1690 static MemTxResult gic_cpu_write(GICState *s, int cpu, int offset, 1691 uint32_t value, MemTxAttrs attrs) 1692 { 1693 trace_gic_cpu_write(gic_is_vcpu(cpu) ? "vcpu" : "cpu", 1694 gic_get_vcpu_real_id(cpu), offset, value); 1695 1696 switch (offset) { 1697 case 0x00: /* Control */ 1698 gic_set_cpu_control(s, cpu, value, attrs); 1699 break; 1700 case 0x04: /* Priority mask */ 1701 gic_set_priority_mask(s, cpu, value, attrs); 1702 break; 1703 case 0x08: /* Binary Point */ 1704 if (gic_cpu_ns_access(s, cpu, attrs)) { 1705 if (s->cpu_ctlr[cpu] & GICC_CTLR_CBPR) { 1706 /* WI when CBPR is 1 */ 1707 return MEMTX_OK; 1708 } else { 1709 s->abpr[cpu] = MAX(value & 0x7, GIC_MIN_ABPR); 1710 } 1711 } else { 1712 int min_bpr = gic_is_vcpu(cpu) ? GIC_VIRT_MIN_BPR : GIC_MIN_BPR; 1713 s->bpr[cpu] = MAX(value & 0x7, min_bpr); 1714 } 1715 break; 1716 case 0x10: /* End Of Interrupt */ 1717 gic_complete_irq(s, cpu, value & 0x3ff, attrs); 1718 return MEMTX_OK; 1719 case 0x1c: /* Aliased Binary Point */ 1720 if (!gic_has_groups(s) || (gic_cpu_ns_access(s, cpu, attrs))) { 1721 /* unimplemented, or NS access: RAZ/WI */ 1722 return MEMTX_OK; 1723 } else { 1724 s->abpr[cpu] = MAX(value & 0x7, GIC_MIN_ABPR); 1725 } 1726 break; 1727 case 0xd0: case 0xd4: case 0xd8: case 0xdc: 1728 { 1729 int regno = (offset - 0xd0) / 4; 1730 int nr_aprs = gic_is_vcpu(cpu) ? GIC_VIRT_NR_APRS : GIC_NR_APRS; 1731 1732 if (regno >= nr_aprs || s->revision != 2) { 1733 return MEMTX_OK; 1734 } 1735 if (gic_is_vcpu(cpu)) { 1736 s->h_apr[gic_get_vcpu_real_id(cpu)] = value; 1737 } else if (gic_cpu_ns_access(s, cpu, attrs)) { 1738 /* NS view of GICC_APR<n> is the top half of GIC_NSAPR<n> */ 1739 gic_apr_write_ns_view(s, regno, cpu, value); 1740 } else { 1741 s->apr[regno][cpu] = value; 1742 } 1743 s->running_priority[cpu] = gic_get_prio_from_apr_bits(s, cpu); 1744 break; 1745 } 1746 case 0xe0: case 0xe4: case 0xe8: case 0xec: 1747 { 1748 int regno = (offset - 0xe0) / 4; 1749 1750 if (regno >= GIC_NR_APRS || s->revision != 2) { 1751 return MEMTX_OK; 1752 } 1753 if (gic_is_vcpu(cpu)) { 1754 return MEMTX_OK; 1755 } 1756 if (!gic_has_groups(s) || (gic_cpu_ns_access(s, cpu, attrs))) { 1757 return MEMTX_OK; 1758 } 1759 s->nsapr[regno][cpu] = value; 1760 s->running_priority[cpu] = gic_get_prio_from_apr_bits(s, cpu); 1761 break; 1762 } 1763 case 0x1000: 1764 /* GICC_DIR */ 1765 gic_deactivate_irq(s, cpu, value & 0x3ff, attrs); 1766 break; 1767 default: 1768 qemu_log_mask(LOG_GUEST_ERROR, 1769 "gic_cpu_write: Bad offset %x\n", (int)offset); 1770 return MEMTX_OK; 1771 } 1772 1773 if (gic_is_vcpu(cpu)) { 1774 gic_update_virt(s); 1775 } else { 1776 gic_update(s); 1777 } 1778 1779 return MEMTX_OK; 1780 } 1781 1782 /* Wrappers to read/write the GIC CPU interface for the current CPU */ 1783 static MemTxResult gic_thiscpu_read(void *opaque, hwaddr addr, uint64_t *data, 1784 unsigned size, MemTxAttrs attrs) 1785 { 1786 GICState *s = (GICState *)opaque; 1787 return gic_cpu_read(s, gic_get_current_cpu(s), addr, data, attrs); 1788 } 1789 1790 static MemTxResult gic_thiscpu_write(void *opaque, hwaddr addr, 1791 uint64_t value, unsigned size, 1792 MemTxAttrs attrs) 1793 { 1794 GICState *s = (GICState *)opaque; 1795 return gic_cpu_write(s, gic_get_current_cpu(s), addr, value, attrs); 1796 } 1797 1798 /* Wrappers to read/write the GIC CPU interface for a specific CPU. 1799 * These just decode the opaque pointer into GICState* + cpu id. 1800 */ 1801 static MemTxResult gic_do_cpu_read(void *opaque, hwaddr addr, uint64_t *data, 1802 unsigned size, MemTxAttrs attrs) 1803 { 1804 GICState **backref = (GICState **)opaque; 1805 GICState *s = *backref; 1806 int id = (backref - s->backref); 1807 return gic_cpu_read(s, id, addr, data, attrs); 1808 } 1809 1810 static MemTxResult gic_do_cpu_write(void *opaque, hwaddr addr, 1811 uint64_t value, unsigned size, 1812 MemTxAttrs attrs) 1813 { 1814 GICState **backref = (GICState **)opaque; 1815 GICState *s = *backref; 1816 int id = (backref - s->backref); 1817 return gic_cpu_write(s, id, addr, value, attrs); 1818 } 1819 1820 static MemTxResult gic_thisvcpu_read(void *opaque, hwaddr addr, uint64_t *data, 1821 unsigned size, MemTxAttrs attrs) 1822 { 1823 GICState *s = (GICState *)opaque; 1824 1825 return gic_cpu_read(s, gic_get_current_vcpu(s), addr, data, attrs); 1826 } 1827 1828 static MemTxResult gic_thisvcpu_write(void *opaque, hwaddr addr, 1829 uint64_t value, unsigned size, 1830 MemTxAttrs attrs) 1831 { 1832 GICState *s = (GICState *)opaque; 1833 1834 return gic_cpu_write(s, gic_get_current_vcpu(s), addr, value, attrs); 1835 } 1836 1837 static uint32_t gic_compute_eisr(GICState *s, int cpu, int lr_start) 1838 { 1839 int lr_idx; 1840 uint32_t ret = 0; 1841 1842 for (lr_idx = lr_start; lr_idx < s->num_lrs; lr_idx++) { 1843 uint32_t *entry = &s->h_lr[lr_idx][cpu]; 1844 ret = deposit32(ret, lr_idx - lr_start, 1, 1845 gic_lr_entry_is_eoi(*entry)); 1846 } 1847 1848 return ret; 1849 } 1850 1851 static uint32_t gic_compute_elrsr(GICState *s, int cpu, int lr_start) 1852 { 1853 int lr_idx; 1854 uint32_t ret = 0; 1855 1856 for (lr_idx = lr_start; lr_idx < s->num_lrs; lr_idx++) { 1857 uint32_t *entry = &s->h_lr[lr_idx][cpu]; 1858 ret = deposit32(ret, lr_idx - lr_start, 1, 1859 gic_lr_entry_is_free(*entry)); 1860 } 1861 1862 return ret; 1863 } 1864 1865 static void gic_vmcr_write(GICState *s, uint32_t value, MemTxAttrs attrs) 1866 { 1867 int vcpu = gic_get_current_vcpu(s); 1868 uint32_t ctlr; 1869 uint32_t abpr; 1870 uint32_t bpr; 1871 uint32_t prio_mask; 1872 1873 ctlr = FIELD_EX32(value, GICH_VMCR, VMCCtlr); 1874 abpr = FIELD_EX32(value, GICH_VMCR, VMABP); 1875 bpr = FIELD_EX32(value, GICH_VMCR, VMBP); 1876 prio_mask = FIELD_EX32(value, GICH_VMCR, VMPriMask) << 3; 1877 1878 gic_set_cpu_control(s, vcpu, ctlr, attrs); 1879 s->abpr[vcpu] = MAX(abpr, GIC_VIRT_MIN_ABPR); 1880 s->bpr[vcpu] = MAX(bpr, GIC_VIRT_MIN_BPR); 1881 gic_set_priority_mask(s, vcpu, prio_mask, attrs); 1882 } 1883 1884 static MemTxResult gic_hyp_read(void *opaque, int cpu, hwaddr addr, 1885 uint64_t *data, MemTxAttrs attrs) 1886 { 1887 GICState *s = ARM_GIC(opaque); 1888 int vcpu = cpu + GIC_NCPU; 1889 1890 switch (addr) { 1891 case A_GICH_HCR: /* Hypervisor Control */ 1892 *data = s->h_hcr[cpu]; 1893 break; 1894 1895 case A_GICH_VTR: /* VGIC Type */ 1896 *data = FIELD_DP32(0, GICH_VTR, ListRegs, s->num_lrs - 1); 1897 *data = FIELD_DP32(*data, GICH_VTR, PREbits, 1898 GIC_VIRT_MAX_GROUP_PRIO_BITS - 1); 1899 *data = FIELD_DP32(*data, GICH_VTR, PRIbits, 1900 (7 - GIC_VIRT_MIN_BPR) - 1); 1901 break; 1902 1903 case A_GICH_VMCR: /* Virtual Machine Control */ 1904 *data = FIELD_DP32(0, GICH_VMCR, VMCCtlr, 1905 extract32(s->cpu_ctlr[vcpu], 0, 10)); 1906 *data = FIELD_DP32(*data, GICH_VMCR, VMABP, s->abpr[vcpu]); 1907 *data = FIELD_DP32(*data, GICH_VMCR, VMBP, s->bpr[vcpu]); 1908 *data = FIELD_DP32(*data, GICH_VMCR, VMPriMask, 1909 extract32(s->priority_mask[vcpu], 3, 5)); 1910 break; 1911 1912 case A_GICH_MISR: /* Maintenance Interrupt Status */ 1913 *data = s->h_misr[cpu]; 1914 break; 1915 1916 case A_GICH_EISR0: /* End of Interrupt Status 0 and 1 */ 1917 case A_GICH_EISR1: 1918 *data = gic_compute_eisr(s, cpu, (addr - A_GICH_EISR0) * 8); 1919 break; 1920 1921 case A_GICH_ELRSR0: /* Empty List Status 0 and 1 */ 1922 case A_GICH_ELRSR1: 1923 *data = gic_compute_elrsr(s, cpu, (addr - A_GICH_ELRSR0) * 8); 1924 break; 1925 1926 case A_GICH_APR: /* Active Priorities */ 1927 *data = s->h_apr[cpu]; 1928 break; 1929 1930 case A_GICH_LR0 ... A_GICH_LR63: /* List Registers */ 1931 { 1932 int lr_idx = (addr - A_GICH_LR0) / 4; 1933 1934 if (lr_idx > s->num_lrs) { 1935 *data = 0; 1936 } else { 1937 *data = s->h_lr[lr_idx][cpu]; 1938 } 1939 break; 1940 } 1941 1942 default: 1943 qemu_log_mask(LOG_GUEST_ERROR, 1944 "gic_hyp_read: Bad offset %" HWADDR_PRIx "\n", addr); 1945 return MEMTX_OK; 1946 } 1947 1948 trace_gic_hyp_read(addr, *data); 1949 return MEMTX_OK; 1950 } 1951 1952 static MemTxResult gic_hyp_write(void *opaque, int cpu, hwaddr addr, 1953 uint64_t value, MemTxAttrs attrs) 1954 { 1955 GICState *s = ARM_GIC(opaque); 1956 int vcpu = cpu + GIC_NCPU; 1957 1958 trace_gic_hyp_write(addr, value); 1959 1960 switch (addr) { 1961 case A_GICH_HCR: /* Hypervisor Control */ 1962 s->h_hcr[cpu] = value & GICH_HCR_MASK; 1963 break; 1964 1965 case A_GICH_VMCR: /* Virtual Machine Control */ 1966 gic_vmcr_write(s, value, attrs); 1967 break; 1968 1969 case A_GICH_APR: /* Active Priorities */ 1970 s->h_apr[cpu] = value; 1971 s->running_priority[vcpu] = gic_get_prio_from_apr_bits(s, vcpu); 1972 break; 1973 1974 case A_GICH_LR0 ... A_GICH_LR63: /* List Registers */ 1975 { 1976 int lr_idx = (addr - A_GICH_LR0) / 4; 1977 1978 if (lr_idx > s->num_lrs) { 1979 return MEMTX_OK; 1980 } 1981 1982 s->h_lr[lr_idx][cpu] = value & GICH_LR_MASK; 1983 trace_gic_lr_entry(cpu, lr_idx, s->h_lr[lr_idx][cpu]); 1984 break; 1985 } 1986 1987 default: 1988 qemu_log_mask(LOG_GUEST_ERROR, 1989 "gic_hyp_write: Bad offset %" HWADDR_PRIx "\n", addr); 1990 return MEMTX_OK; 1991 } 1992 1993 gic_update_virt(s); 1994 return MEMTX_OK; 1995 } 1996 1997 static MemTxResult gic_thiscpu_hyp_read(void *opaque, hwaddr addr, uint64_t *data, 1998 unsigned size, MemTxAttrs attrs) 1999 { 2000 GICState *s = (GICState *)opaque; 2001 2002 return gic_hyp_read(s, gic_get_current_cpu(s), addr, data, attrs); 2003 } 2004 2005 static MemTxResult gic_thiscpu_hyp_write(void *opaque, hwaddr addr, 2006 uint64_t value, unsigned size, 2007 MemTxAttrs attrs) 2008 { 2009 GICState *s = (GICState *)opaque; 2010 2011 return gic_hyp_write(s, gic_get_current_cpu(s), addr, value, attrs); 2012 } 2013 2014 static MemTxResult gic_do_hyp_read(void *opaque, hwaddr addr, uint64_t *data, 2015 unsigned size, MemTxAttrs attrs) 2016 { 2017 GICState **backref = (GICState **)opaque; 2018 GICState *s = *backref; 2019 int id = (backref - s->backref); 2020 2021 return gic_hyp_read(s, id, addr, data, attrs); 2022 } 2023 2024 static MemTxResult gic_do_hyp_write(void *opaque, hwaddr addr, 2025 uint64_t value, unsigned size, 2026 MemTxAttrs attrs) 2027 { 2028 GICState **backref = (GICState **)opaque; 2029 GICState *s = *backref; 2030 int id = (backref - s->backref); 2031 2032 return gic_hyp_write(s, id + GIC_NCPU, addr, value, attrs); 2033 2034 } 2035 2036 static const MemoryRegionOps gic_ops[2] = { 2037 { 2038 .read_with_attrs = gic_dist_read, 2039 .write_with_attrs = gic_dist_write, 2040 .endianness = DEVICE_NATIVE_ENDIAN, 2041 }, 2042 { 2043 .read_with_attrs = gic_thiscpu_read, 2044 .write_with_attrs = gic_thiscpu_write, 2045 .endianness = DEVICE_NATIVE_ENDIAN, 2046 } 2047 }; 2048 2049 static const MemoryRegionOps gic_cpu_ops = { 2050 .read_with_attrs = gic_do_cpu_read, 2051 .write_with_attrs = gic_do_cpu_write, 2052 .endianness = DEVICE_NATIVE_ENDIAN, 2053 }; 2054 2055 static const MemoryRegionOps gic_virt_ops[2] = { 2056 { 2057 .read_with_attrs = gic_thiscpu_hyp_read, 2058 .write_with_attrs = gic_thiscpu_hyp_write, 2059 .endianness = DEVICE_NATIVE_ENDIAN, 2060 }, 2061 { 2062 .read_with_attrs = gic_thisvcpu_read, 2063 .write_with_attrs = gic_thisvcpu_write, 2064 .endianness = DEVICE_NATIVE_ENDIAN, 2065 } 2066 }; 2067 2068 static const MemoryRegionOps gic_viface_ops = { 2069 .read_with_attrs = gic_do_hyp_read, 2070 .write_with_attrs = gic_do_hyp_write, 2071 .endianness = DEVICE_NATIVE_ENDIAN, 2072 }; 2073 2074 static void arm_gic_realize(DeviceState *dev, Error **errp) 2075 { 2076 /* Device instance realize function for the GIC sysbus device */ 2077 int i; 2078 GICState *s = ARM_GIC(dev); 2079 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 2080 ARMGICClass *agc = ARM_GIC_GET_CLASS(s); 2081 Error *local_err = NULL; 2082 2083 agc->parent_realize(dev, &local_err); 2084 if (local_err) { 2085 error_propagate(errp, local_err); 2086 return; 2087 } 2088 2089 if (kvm_enabled() && !kvm_arm_supports_user_irq()) { 2090 error_setg(errp, "KVM with user space irqchip only works when the " 2091 "host kernel supports KVM_CAP_ARM_USER_IRQ"); 2092 return; 2093 } 2094 2095 if (s->n_prio_bits > GIC_MAX_PRIORITY_BITS || 2096 (s->virt_extn ? s->n_prio_bits < GIC_VIRT_MAX_GROUP_PRIO_BITS : 2097 s->n_prio_bits < GIC_MIN_PRIORITY_BITS)) { 2098 error_setg(errp, "num-priority-bits cannot be greater than %d" 2099 " or less than %d", GIC_MAX_PRIORITY_BITS, 2100 s->virt_extn ? GIC_VIRT_MAX_GROUP_PRIO_BITS : 2101 GIC_MIN_PRIORITY_BITS); 2102 return; 2103 } 2104 2105 /* This creates distributor, main CPU interface (s->cpuiomem[0]) and if 2106 * enabled, virtualization extensions related interfaces (main virtual 2107 * interface (s->vifaceiomem[0]) and virtual CPU interface). 2108 */ 2109 gic_init_irqs_and_mmio(s, gic_set_irq, gic_ops, gic_virt_ops); 2110 2111 /* Extra core-specific regions for the CPU interfaces. This is 2112 * necessary for "franken-GIC" implementations, for example on 2113 * Exynos 4. 2114 * NB that the memory region size of 0x100 applies for the 11MPCore 2115 * and also cores following the GIC v1 spec (ie A9). 2116 * GIC v2 defines a larger memory region (0x1000) so this will need 2117 * to be extended when we implement A15. 2118 */ 2119 for (i = 0; i < s->num_cpu; i++) { 2120 s->backref[i] = s; 2121 memory_region_init_io(&s->cpuiomem[i+1], OBJECT(s), &gic_cpu_ops, 2122 &s->backref[i], "gic_cpu", 0x100); 2123 sysbus_init_mmio(sbd, &s->cpuiomem[i+1]); 2124 } 2125 2126 /* Extra core-specific regions for virtual interfaces. This is required by 2127 * the GICv2 specification. 2128 */ 2129 if (s->virt_extn) { 2130 for (i = 0; i < s->num_cpu; i++) { 2131 memory_region_init_io(&s->vifaceiomem[i + 1], OBJECT(s), 2132 &gic_viface_ops, &s->backref[i], 2133 "gic_viface", 0x200); 2134 sysbus_init_mmio(sbd, &s->vifaceiomem[i + 1]); 2135 } 2136 } 2137 2138 } 2139 2140 static void arm_gic_class_init(ObjectClass *klass, void *data) 2141 { 2142 DeviceClass *dc = DEVICE_CLASS(klass); 2143 ARMGICClass *agc = ARM_GIC_CLASS(klass); 2144 2145 device_class_set_parent_realize(dc, arm_gic_realize, &agc->parent_realize); 2146 } 2147 2148 static const TypeInfo arm_gic_info = { 2149 .name = TYPE_ARM_GIC, 2150 .parent = TYPE_ARM_GIC_COMMON, 2151 .instance_size = sizeof(GICState), 2152 .class_init = arm_gic_class_init, 2153 .class_size = sizeof(ARMGICClass), 2154 }; 2155 2156 static void arm_gic_register_types(void) 2157 { 2158 type_register_static(&arm_gic_info); 2159 } 2160 2161 type_init(arm_gic_register_types) 2162