1 /* 2 * ARM Generic/Distributed Interrupt Controller 3 * 4 * Copyright (c) 2006-2007 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the GPL. 8 */ 9 10 /* This file contains implementation code for the RealView EB interrupt 11 * controller, MPCore distributed interrupt controller and ARMv7-M 12 * Nested Vectored Interrupt Controller. 13 * It is compiled in two ways: 14 * (1) as a standalone file to produce a sysbus device which is a GIC 15 * that can be used on the realview board and as one of the builtin 16 * private peripherals for the ARM MP CPUs (11MPCore, A9, etc) 17 * (2) by being directly #included into armv7m_nvic.c to produce the 18 * armv7m_nvic device. 19 */ 20 21 #include "qemu/osdep.h" 22 #include "hw/irq.h" 23 #include "hw/sysbus.h" 24 #include "gic_internal.h" 25 #include "qapi/error.h" 26 #include "hw/core/cpu.h" 27 #include "qemu/log.h" 28 #include "qemu/module.h" 29 #include "trace.h" 30 #include "sysemu/kvm.h" 31 #include "sysemu/qtest.h" 32 33 /* #define DEBUG_GIC */ 34 35 #ifdef DEBUG_GIC 36 #define DEBUG_GIC_GATE 1 37 #else 38 #define DEBUG_GIC_GATE 0 39 #endif 40 41 #define DPRINTF(fmt, ...) do { \ 42 if (DEBUG_GIC_GATE) { \ 43 fprintf(stderr, "%s: " fmt, __func__, ## __VA_ARGS__); \ 44 } \ 45 } while (0) 46 47 static const uint8_t gic_id_11mpcore[] = { 48 0x00, 0x00, 0x00, 0x00, 0x90, 0x13, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 49 }; 50 51 static const uint8_t gic_id_gicv1[] = { 52 0x04, 0x00, 0x00, 0x00, 0x90, 0xb3, 0x1b, 0x00, 0x0d, 0xf0, 0x05, 0xb1 53 }; 54 55 static const uint8_t gic_id_gicv2[] = { 56 0x04, 0x00, 0x00, 0x00, 0x90, 0xb4, 0x2b, 0x00, 0x0d, 0xf0, 0x05, 0xb1 57 }; 58 59 static inline int gic_get_current_cpu(GICState *s) 60 { 61 if (!qtest_enabled() && s->num_cpu > 1) { 62 return current_cpu->cpu_index; 63 } 64 return 0; 65 } 66 67 static inline int gic_get_current_vcpu(GICState *s) 68 { 69 return gic_get_current_cpu(s) + GIC_NCPU; 70 } 71 72 /* Return true if this GIC config has interrupt groups, which is 73 * true if we're a GICv2, or a GICv1 with the security extensions. 74 */ 75 static inline bool gic_has_groups(GICState *s) 76 { 77 return s->revision == 2 || s->security_extn; 78 } 79 80 static inline bool gic_cpu_ns_access(GICState *s, int cpu, MemTxAttrs attrs) 81 { 82 return !gic_is_vcpu(cpu) && s->security_extn && !attrs.secure; 83 } 84 85 static inline void gic_get_best_irq(GICState *s, int cpu, 86 int *best_irq, int *best_prio, int *group) 87 { 88 int irq; 89 int cm = 1 << cpu; 90 91 *best_irq = 1023; 92 *best_prio = 0x100; 93 94 for (irq = 0; irq < s->num_irq; irq++) { 95 if (GIC_DIST_TEST_ENABLED(irq, cm) && gic_test_pending(s, irq, cm) && 96 (!GIC_DIST_TEST_ACTIVE(irq, cm)) && 97 (irq < GIC_INTERNAL || GIC_DIST_TARGET(irq) & cm)) { 98 if (GIC_DIST_GET_PRIORITY(irq, cpu) < *best_prio) { 99 *best_prio = GIC_DIST_GET_PRIORITY(irq, cpu); 100 *best_irq = irq; 101 } 102 } 103 } 104 105 if (*best_irq < 1023) { 106 *group = GIC_DIST_TEST_GROUP(*best_irq, cm); 107 } 108 } 109 110 static inline void gic_get_best_virq(GICState *s, int cpu, 111 int *best_irq, int *best_prio, int *group) 112 { 113 int lr_idx = 0; 114 115 *best_irq = 1023; 116 *best_prio = 0x100; 117 118 for (lr_idx = 0; lr_idx < s->num_lrs; lr_idx++) { 119 uint32_t lr_entry = s->h_lr[lr_idx][cpu]; 120 int state = GICH_LR_STATE(lr_entry); 121 122 if (state == GICH_LR_STATE_PENDING) { 123 int prio = GICH_LR_PRIORITY(lr_entry); 124 125 if (prio < *best_prio) { 126 *best_prio = prio; 127 *best_irq = GICH_LR_VIRT_ID(lr_entry); 128 *group = GICH_LR_GROUP(lr_entry); 129 } 130 } 131 } 132 } 133 134 /* Return true if IRQ signaling is enabled for the given cpu and at least one 135 * of the given groups: 136 * - in the non-virt case, the distributor must be enabled for one of the 137 * given groups 138 * - in the virt case, the virtual interface must be enabled. 139 * - in all cases, the (v)CPU interface must be enabled for one of the given 140 * groups. 141 */ 142 static inline bool gic_irq_signaling_enabled(GICState *s, int cpu, bool virt, 143 int group_mask) 144 { 145 int cpu_iface = virt ? (cpu + GIC_NCPU) : cpu; 146 147 if (!virt && !(s->ctlr & group_mask)) { 148 return false; 149 } 150 151 if (virt && !(s->h_hcr[cpu] & R_GICH_HCR_EN_MASK)) { 152 return false; 153 } 154 155 if (!(s->cpu_ctlr[cpu_iface] & group_mask)) { 156 return false; 157 } 158 159 return true; 160 } 161 162 /* TODO: Many places that call this routine could be optimized. */ 163 /* Update interrupt status after enabled or pending bits have been changed. */ 164 static inline void gic_update_internal(GICState *s, bool virt) 165 { 166 int best_irq; 167 int best_prio; 168 int irq_level, fiq_level; 169 int cpu, cpu_iface; 170 int group = 0; 171 qemu_irq *irq_lines = virt ? s->parent_virq : s->parent_irq; 172 qemu_irq *fiq_lines = virt ? s->parent_vfiq : s->parent_fiq; 173 174 for (cpu = 0; cpu < s->num_cpu; cpu++) { 175 cpu_iface = virt ? (cpu + GIC_NCPU) : cpu; 176 177 s->current_pending[cpu_iface] = 1023; 178 if (!gic_irq_signaling_enabled(s, cpu, virt, 179 GICD_CTLR_EN_GRP0 | GICD_CTLR_EN_GRP1)) { 180 qemu_irq_lower(irq_lines[cpu]); 181 qemu_irq_lower(fiq_lines[cpu]); 182 continue; 183 } 184 185 if (virt) { 186 gic_get_best_virq(s, cpu, &best_irq, &best_prio, &group); 187 } else { 188 gic_get_best_irq(s, cpu, &best_irq, &best_prio, &group); 189 } 190 191 if (best_irq != 1023) { 192 trace_gic_update_bestirq(virt ? "vcpu" : "cpu", cpu, 193 best_irq, best_prio, 194 s->priority_mask[cpu_iface], 195 s->running_priority[cpu_iface]); 196 } 197 198 irq_level = fiq_level = 0; 199 200 if (best_prio < s->priority_mask[cpu_iface]) { 201 s->current_pending[cpu_iface] = best_irq; 202 if (best_prio < s->running_priority[cpu_iface]) { 203 if (gic_irq_signaling_enabled(s, cpu, virt, 1 << group)) { 204 if (group == 0 && 205 s->cpu_ctlr[cpu_iface] & GICC_CTLR_FIQ_EN) { 206 DPRINTF("Raised pending FIQ %d (cpu %d)\n", 207 best_irq, cpu_iface); 208 fiq_level = 1; 209 trace_gic_update_set_irq(cpu, virt ? "vfiq" : "fiq", 210 fiq_level); 211 } else { 212 DPRINTF("Raised pending IRQ %d (cpu %d)\n", 213 best_irq, cpu_iface); 214 irq_level = 1; 215 trace_gic_update_set_irq(cpu, virt ? "virq" : "irq", 216 irq_level); 217 } 218 } 219 } 220 } 221 222 qemu_set_irq(irq_lines[cpu], irq_level); 223 qemu_set_irq(fiq_lines[cpu], fiq_level); 224 } 225 } 226 227 static void gic_update(GICState *s) 228 { 229 gic_update_internal(s, false); 230 } 231 232 /* Return true if this LR is empty, i.e. the corresponding bit 233 * in ELRSR is set. 234 */ 235 static inline bool gic_lr_entry_is_free(uint32_t entry) 236 { 237 return (GICH_LR_STATE(entry) == GICH_LR_STATE_INVALID) 238 && (GICH_LR_HW(entry) || !GICH_LR_EOI(entry)); 239 } 240 241 /* Return true if this LR should trigger an EOI maintenance interrupt, i.e. the 242 * corresponding bit in EISR is set. 243 */ 244 static inline bool gic_lr_entry_is_eoi(uint32_t entry) 245 { 246 return (GICH_LR_STATE(entry) == GICH_LR_STATE_INVALID) 247 && !GICH_LR_HW(entry) && GICH_LR_EOI(entry); 248 } 249 250 static inline void gic_extract_lr_info(GICState *s, int cpu, 251 int *num_eoi, int *num_valid, int *num_pending) 252 { 253 int lr_idx; 254 255 *num_eoi = 0; 256 *num_valid = 0; 257 *num_pending = 0; 258 259 for (lr_idx = 0; lr_idx < s->num_lrs; lr_idx++) { 260 uint32_t *entry = &s->h_lr[lr_idx][cpu]; 261 262 if (gic_lr_entry_is_eoi(*entry)) { 263 (*num_eoi)++; 264 } 265 266 if (GICH_LR_STATE(*entry) != GICH_LR_STATE_INVALID) { 267 (*num_valid)++; 268 } 269 270 if (GICH_LR_STATE(*entry) == GICH_LR_STATE_PENDING) { 271 (*num_pending)++; 272 } 273 } 274 } 275 276 static void gic_compute_misr(GICState *s, int cpu) 277 { 278 uint32_t value = 0; 279 int vcpu = cpu + GIC_NCPU; 280 281 int num_eoi, num_valid, num_pending; 282 283 gic_extract_lr_info(s, cpu, &num_eoi, &num_valid, &num_pending); 284 285 /* EOI */ 286 if (num_eoi) { 287 value |= R_GICH_MISR_EOI_MASK; 288 } 289 290 /* U: true if only 0 or 1 LR entry is valid */ 291 if ((s->h_hcr[cpu] & R_GICH_HCR_UIE_MASK) && (num_valid < 2)) { 292 value |= R_GICH_MISR_U_MASK; 293 } 294 295 /* LRENP: EOICount is not 0 */ 296 if ((s->h_hcr[cpu] & R_GICH_HCR_LRENPIE_MASK) && 297 ((s->h_hcr[cpu] & R_GICH_HCR_EOICount_MASK) != 0)) { 298 value |= R_GICH_MISR_LRENP_MASK; 299 } 300 301 /* NP: no pending interrupts */ 302 if ((s->h_hcr[cpu] & R_GICH_HCR_NPIE_MASK) && (num_pending == 0)) { 303 value |= R_GICH_MISR_NP_MASK; 304 } 305 306 /* VGrp0E: group0 virq signaling enabled */ 307 if ((s->h_hcr[cpu] & R_GICH_HCR_VGRP0EIE_MASK) && 308 (s->cpu_ctlr[vcpu] & GICC_CTLR_EN_GRP0)) { 309 value |= R_GICH_MISR_VGrp0E_MASK; 310 } 311 312 /* VGrp0D: group0 virq signaling disabled */ 313 if ((s->h_hcr[cpu] & R_GICH_HCR_VGRP0DIE_MASK) && 314 !(s->cpu_ctlr[vcpu] & GICC_CTLR_EN_GRP0)) { 315 value |= R_GICH_MISR_VGrp0D_MASK; 316 } 317 318 /* VGrp1E: group1 virq signaling enabled */ 319 if ((s->h_hcr[cpu] & R_GICH_HCR_VGRP1EIE_MASK) && 320 (s->cpu_ctlr[vcpu] & GICC_CTLR_EN_GRP1)) { 321 value |= R_GICH_MISR_VGrp1E_MASK; 322 } 323 324 /* VGrp1D: group1 virq signaling disabled */ 325 if ((s->h_hcr[cpu] & R_GICH_HCR_VGRP1DIE_MASK) && 326 !(s->cpu_ctlr[vcpu] & GICC_CTLR_EN_GRP1)) { 327 value |= R_GICH_MISR_VGrp1D_MASK; 328 } 329 330 s->h_misr[cpu] = value; 331 } 332 333 static void gic_update_maintenance(GICState *s) 334 { 335 int cpu = 0; 336 int maint_level; 337 338 for (cpu = 0; cpu < s->num_cpu; cpu++) { 339 gic_compute_misr(s, cpu); 340 maint_level = (s->h_hcr[cpu] & R_GICH_HCR_EN_MASK) && s->h_misr[cpu]; 341 342 trace_gic_update_maintenance_irq(cpu, maint_level); 343 qemu_set_irq(s->maintenance_irq[cpu], maint_level); 344 } 345 } 346 347 static void gic_update_virt(GICState *s) 348 { 349 gic_update_internal(s, true); 350 gic_update_maintenance(s); 351 } 352 353 static void gic_set_irq_11mpcore(GICState *s, int irq, int level, 354 int cm, int target) 355 { 356 if (level) { 357 GIC_DIST_SET_LEVEL(irq, cm); 358 if (GIC_DIST_TEST_EDGE_TRIGGER(irq) || GIC_DIST_TEST_ENABLED(irq, cm)) { 359 DPRINTF("Set %d pending mask %x\n", irq, target); 360 GIC_DIST_SET_PENDING(irq, target); 361 } 362 } else { 363 GIC_DIST_CLEAR_LEVEL(irq, cm); 364 } 365 } 366 367 static void gic_set_irq_generic(GICState *s, int irq, int level, 368 int cm, int target) 369 { 370 if (level) { 371 GIC_DIST_SET_LEVEL(irq, cm); 372 DPRINTF("Set %d pending mask %x\n", irq, target); 373 if (GIC_DIST_TEST_EDGE_TRIGGER(irq)) { 374 GIC_DIST_SET_PENDING(irq, target); 375 } 376 } else { 377 GIC_DIST_CLEAR_LEVEL(irq, cm); 378 } 379 } 380 381 /* Process a change in an external IRQ input. */ 382 static void gic_set_irq(void *opaque, int irq, int level) 383 { 384 /* Meaning of the 'irq' parameter: 385 * [0..N-1] : external interrupts 386 * [N..N+31] : PPI (internal) interrupts for CPU 0 387 * [N+32..N+63] : PPI (internal interrupts for CPU 1 388 * ... 389 */ 390 GICState *s = (GICState *)opaque; 391 int cm, target; 392 if (irq < (s->num_irq - GIC_INTERNAL)) { 393 /* The first external input line is internal interrupt 32. */ 394 cm = ALL_CPU_MASK; 395 irq += GIC_INTERNAL; 396 target = GIC_DIST_TARGET(irq); 397 } else { 398 int cpu; 399 irq -= (s->num_irq - GIC_INTERNAL); 400 cpu = irq / GIC_INTERNAL; 401 irq %= GIC_INTERNAL; 402 cm = 1 << cpu; 403 target = cm; 404 } 405 406 assert(irq >= GIC_NR_SGIS); 407 408 if (level == GIC_DIST_TEST_LEVEL(irq, cm)) { 409 return; 410 } 411 412 if (s->revision == REV_11MPCORE) { 413 gic_set_irq_11mpcore(s, irq, level, cm, target); 414 } else { 415 gic_set_irq_generic(s, irq, level, cm, target); 416 } 417 trace_gic_set_irq(irq, level, cm, target); 418 419 gic_update(s); 420 } 421 422 static uint16_t gic_get_current_pending_irq(GICState *s, int cpu, 423 MemTxAttrs attrs) 424 { 425 uint16_t pending_irq = s->current_pending[cpu]; 426 427 if (pending_irq < GIC_MAXIRQ && gic_has_groups(s)) { 428 int group = gic_test_group(s, pending_irq, cpu); 429 430 /* On a GIC without the security extensions, reading this register 431 * behaves in the same way as a secure access to a GIC with them. 432 */ 433 bool secure = !gic_cpu_ns_access(s, cpu, attrs); 434 435 if (group == 0 && !secure) { 436 /* Group0 interrupts hidden from Non-secure access */ 437 return 1023; 438 } 439 if (group == 1 && secure && !(s->cpu_ctlr[cpu] & GICC_CTLR_ACK_CTL)) { 440 /* Group1 interrupts only seen by Secure access if 441 * AckCtl bit set. 442 */ 443 return 1022; 444 } 445 } 446 return pending_irq; 447 } 448 449 static int gic_get_group_priority(GICState *s, int cpu, int irq) 450 { 451 /* Return the group priority of the specified interrupt 452 * (which is the top bits of its priority, with the number 453 * of bits masked determined by the applicable binary point register). 454 */ 455 int bpr; 456 uint32_t mask; 457 458 if (gic_has_groups(s) && 459 !(s->cpu_ctlr[cpu] & GICC_CTLR_CBPR) && 460 gic_test_group(s, irq, cpu)) { 461 bpr = s->abpr[cpu] - 1; 462 assert(bpr >= 0); 463 } else { 464 bpr = s->bpr[cpu]; 465 } 466 467 /* a BPR of 0 means the group priority bits are [7:1]; 468 * a BPR of 1 means they are [7:2], and so on down to 469 * a BPR of 7 meaning no group priority bits at all. 470 */ 471 mask = ~0U << ((bpr & 7) + 1); 472 473 return gic_get_priority(s, irq, cpu) & mask; 474 } 475 476 static void gic_activate_irq(GICState *s, int cpu, int irq) 477 { 478 /* Set the appropriate Active Priority Register bit for this IRQ, 479 * and update the running priority. 480 */ 481 int prio = gic_get_group_priority(s, cpu, irq); 482 int min_bpr = gic_is_vcpu(cpu) ? GIC_VIRT_MIN_BPR : GIC_MIN_BPR; 483 int preemption_level = prio >> (min_bpr + 1); 484 int regno = preemption_level / 32; 485 int bitno = preemption_level % 32; 486 uint32_t *papr = NULL; 487 488 if (gic_is_vcpu(cpu)) { 489 assert(regno == 0); 490 papr = &s->h_apr[gic_get_vcpu_real_id(cpu)]; 491 } else if (gic_has_groups(s) && gic_test_group(s, irq, cpu)) { 492 papr = &s->nsapr[regno][cpu]; 493 } else { 494 papr = &s->apr[regno][cpu]; 495 } 496 497 *papr |= (1 << bitno); 498 499 s->running_priority[cpu] = prio; 500 gic_set_active(s, irq, cpu); 501 } 502 503 static int gic_get_prio_from_apr_bits(GICState *s, int cpu) 504 { 505 /* Recalculate the current running priority for this CPU based 506 * on the set bits in the Active Priority Registers. 507 */ 508 int i; 509 510 if (gic_is_vcpu(cpu)) { 511 uint32_t apr = s->h_apr[gic_get_vcpu_real_id(cpu)]; 512 if (apr) { 513 return ctz32(apr) << (GIC_VIRT_MIN_BPR + 1); 514 } else { 515 return 0x100; 516 } 517 } 518 519 for (i = 0; i < GIC_NR_APRS; i++) { 520 uint32_t apr = s->apr[i][cpu] | s->nsapr[i][cpu]; 521 if (!apr) { 522 continue; 523 } 524 return (i * 32 + ctz32(apr)) << (GIC_MIN_BPR + 1); 525 } 526 return 0x100; 527 } 528 529 static void gic_drop_prio(GICState *s, int cpu, int group) 530 { 531 /* Drop the priority of the currently active interrupt in the 532 * specified group. 533 * 534 * Note that we can guarantee (because of the requirement to nest 535 * GICC_IAR reads [which activate an interrupt and raise priority] 536 * with GICC_EOIR writes [which drop the priority for the interrupt]) 537 * that the interrupt we're being called for is the highest priority 538 * active interrupt, meaning that it has the lowest set bit in the 539 * APR registers. 540 * 541 * If the guest does not honour the ordering constraints then the 542 * behaviour of the GIC is UNPREDICTABLE, which for us means that 543 * the values of the APR registers might become incorrect and the 544 * running priority will be wrong, so interrupts that should preempt 545 * might not do so, and interrupts that should not preempt might do so. 546 */ 547 if (gic_is_vcpu(cpu)) { 548 int rcpu = gic_get_vcpu_real_id(cpu); 549 550 if (s->h_apr[rcpu]) { 551 /* Clear lowest set bit */ 552 s->h_apr[rcpu] &= s->h_apr[rcpu] - 1; 553 } 554 } else { 555 int i; 556 557 for (i = 0; i < GIC_NR_APRS; i++) { 558 uint32_t *papr = group ? &s->nsapr[i][cpu] : &s->apr[i][cpu]; 559 if (!*papr) { 560 continue; 561 } 562 /* Clear lowest set bit */ 563 *papr &= *papr - 1; 564 break; 565 } 566 } 567 568 s->running_priority[cpu] = gic_get_prio_from_apr_bits(s, cpu); 569 } 570 571 static inline uint32_t gic_clear_pending_sgi(GICState *s, int irq, int cpu) 572 { 573 int src; 574 uint32_t ret; 575 576 if (!gic_is_vcpu(cpu)) { 577 /* Lookup the source CPU for the SGI and clear this in the 578 * sgi_pending map. Return the src and clear the overall pending 579 * state on this CPU if the SGI is not pending from any CPUs. 580 */ 581 assert(s->sgi_pending[irq][cpu] != 0); 582 src = ctz32(s->sgi_pending[irq][cpu]); 583 s->sgi_pending[irq][cpu] &= ~(1 << src); 584 if (s->sgi_pending[irq][cpu] == 0) { 585 gic_clear_pending(s, irq, cpu); 586 } 587 ret = irq | ((src & 0x7) << 10); 588 } else { 589 uint32_t *lr_entry = gic_get_lr_entry(s, irq, cpu); 590 src = GICH_LR_CPUID(*lr_entry); 591 592 gic_clear_pending(s, irq, cpu); 593 ret = irq | (src << 10); 594 } 595 596 return ret; 597 } 598 599 uint32_t gic_acknowledge_irq(GICState *s, int cpu, MemTxAttrs attrs) 600 { 601 int ret, irq; 602 603 /* gic_get_current_pending_irq() will return 1022 or 1023 appropriately 604 * for the case where this GIC supports grouping and the pending interrupt 605 * is in the wrong group. 606 */ 607 irq = gic_get_current_pending_irq(s, cpu, attrs); 608 trace_gic_acknowledge_irq(gic_is_vcpu(cpu) ? "vcpu" : "cpu", 609 gic_get_vcpu_real_id(cpu), irq); 610 611 if (irq >= GIC_MAXIRQ) { 612 DPRINTF("ACK, no pending interrupt or it is hidden: %d\n", irq); 613 return irq; 614 } 615 616 if (gic_get_priority(s, irq, cpu) >= s->running_priority[cpu]) { 617 DPRINTF("ACK, pending interrupt (%d) has insufficient priority\n", irq); 618 return 1023; 619 } 620 621 gic_activate_irq(s, cpu, irq); 622 623 if (s->revision == REV_11MPCORE) { 624 /* Clear pending flags for both level and edge triggered interrupts. 625 * Level triggered IRQs will be reasserted once they become inactive. 626 */ 627 gic_clear_pending(s, irq, cpu); 628 ret = irq; 629 } else { 630 if (irq < GIC_NR_SGIS) { 631 ret = gic_clear_pending_sgi(s, irq, cpu); 632 } else { 633 gic_clear_pending(s, irq, cpu); 634 ret = irq; 635 } 636 } 637 638 if (gic_is_vcpu(cpu)) { 639 gic_update_virt(s); 640 } else { 641 gic_update(s); 642 } 643 DPRINTF("ACK %d\n", irq); 644 return ret; 645 } 646 647 static uint32_t gic_fullprio_mask(GICState *s, int cpu) 648 { 649 /* 650 * Return a mask word which clears the unimplemented priority 651 * bits from a priority value for an interrupt. (Not to be 652 * confused with the group priority, whose mask depends on BPR.) 653 */ 654 int priBits; 655 656 if (gic_is_vcpu(cpu)) { 657 priBits = GIC_VIRT_MAX_GROUP_PRIO_BITS; 658 } else { 659 priBits = s->n_prio_bits; 660 } 661 return ~0U << (8 - priBits); 662 } 663 664 void gic_dist_set_priority(GICState *s, int cpu, int irq, uint8_t val, 665 MemTxAttrs attrs) 666 { 667 if (s->security_extn && !attrs.secure) { 668 if (!GIC_DIST_TEST_GROUP(irq, (1 << cpu))) { 669 return; /* Ignore Non-secure access of Group0 IRQ */ 670 } 671 val = 0x80 | (val >> 1); /* Non-secure view */ 672 } 673 674 val &= gic_fullprio_mask(s, cpu); 675 676 if (irq < GIC_INTERNAL) { 677 s->priority1[irq][cpu] = val; 678 } else { 679 s->priority2[(irq) - GIC_INTERNAL] = val; 680 } 681 } 682 683 static uint32_t gic_dist_get_priority(GICState *s, int cpu, int irq, 684 MemTxAttrs attrs) 685 { 686 uint32_t prio = GIC_DIST_GET_PRIORITY(irq, cpu); 687 688 if (s->security_extn && !attrs.secure) { 689 if (!GIC_DIST_TEST_GROUP(irq, (1 << cpu))) { 690 return 0; /* Non-secure access cannot read priority of Group0 IRQ */ 691 } 692 prio = (prio << 1) & 0xff; /* Non-secure view */ 693 } 694 return prio & gic_fullprio_mask(s, cpu); 695 } 696 697 static void gic_set_priority_mask(GICState *s, int cpu, uint8_t pmask, 698 MemTxAttrs attrs) 699 { 700 if (gic_cpu_ns_access(s, cpu, attrs)) { 701 if (s->priority_mask[cpu] & 0x80) { 702 /* Priority Mask in upper half */ 703 pmask = 0x80 | (pmask >> 1); 704 } else { 705 /* Non-secure write ignored if priority mask is in lower half */ 706 return; 707 } 708 } 709 s->priority_mask[cpu] = pmask & gic_fullprio_mask(s, cpu); 710 } 711 712 static uint32_t gic_get_priority_mask(GICState *s, int cpu, MemTxAttrs attrs) 713 { 714 uint32_t pmask = s->priority_mask[cpu]; 715 716 if (gic_cpu_ns_access(s, cpu, attrs)) { 717 if (pmask & 0x80) { 718 /* Priority Mask in upper half, return Non-secure view */ 719 pmask = (pmask << 1) & 0xff; 720 } else { 721 /* Priority Mask in lower half, RAZ */ 722 pmask = 0; 723 } 724 } 725 return pmask; 726 } 727 728 static uint32_t gic_get_cpu_control(GICState *s, int cpu, MemTxAttrs attrs) 729 { 730 uint32_t ret = s->cpu_ctlr[cpu]; 731 732 if (gic_cpu_ns_access(s, cpu, attrs)) { 733 /* Construct the NS banked view of GICC_CTLR from the correct 734 * bits of the S banked view. We don't need to move the bypass 735 * control bits because we don't implement that (IMPDEF) part 736 * of the GIC architecture. 737 */ 738 ret = (ret & (GICC_CTLR_EN_GRP1 | GICC_CTLR_EOIMODE_NS)) >> 1; 739 } 740 return ret; 741 } 742 743 static void gic_set_cpu_control(GICState *s, int cpu, uint32_t value, 744 MemTxAttrs attrs) 745 { 746 uint32_t mask; 747 748 if (gic_cpu_ns_access(s, cpu, attrs)) { 749 /* The NS view can only write certain bits in the register; 750 * the rest are unchanged 751 */ 752 mask = GICC_CTLR_EN_GRP1; 753 if (s->revision == 2) { 754 mask |= GICC_CTLR_EOIMODE_NS; 755 } 756 s->cpu_ctlr[cpu] &= ~mask; 757 s->cpu_ctlr[cpu] |= (value << 1) & mask; 758 } else { 759 if (s->revision == 2) { 760 mask = s->security_extn ? GICC_CTLR_V2_S_MASK : GICC_CTLR_V2_MASK; 761 } else { 762 mask = s->security_extn ? GICC_CTLR_V1_S_MASK : GICC_CTLR_V1_MASK; 763 } 764 s->cpu_ctlr[cpu] = value & mask; 765 } 766 DPRINTF("CPU Interface %d: Group0 Interrupts %sabled, " 767 "Group1 Interrupts %sabled\n", cpu, 768 (s->cpu_ctlr[cpu] & GICC_CTLR_EN_GRP0) ? "En" : "Dis", 769 (s->cpu_ctlr[cpu] & GICC_CTLR_EN_GRP1) ? "En" : "Dis"); 770 } 771 772 static uint8_t gic_get_running_priority(GICState *s, int cpu, MemTxAttrs attrs) 773 { 774 if ((s->revision != REV_11MPCORE) && (s->running_priority[cpu] > 0xff)) { 775 /* Idle priority */ 776 return 0xff; 777 } 778 779 if (gic_cpu_ns_access(s, cpu, attrs)) { 780 if (s->running_priority[cpu] & 0x80) { 781 /* Running priority in upper half of range: return the Non-secure 782 * view of the priority. 783 */ 784 return s->running_priority[cpu] << 1; 785 } else { 786 /* Running priority in lower half of range: RAZ */ 787 return 0; 788 } 789 } else { 790 return s->running_priority[cpu]; 791 } 792 } 793 794 /* Return true if we should split priority drop and interrupt deactivation, 795 * ie whether the relevant EOIMode bit is set. 796 */ 797 static bool gic_eoi_split(GICState *s, int cpu, MemTxAttrs attrs) 798 { 799 if (s->revision != 2) { 800 /* Before GICv2 prio-drop and deactivate are not separable */ 801 return false; 802 } 803 if (gic_cpu_ns_access(s, cpu, attrs)) { 804 return s->cpu_ctlr[cpu] & GICC_CTLR_EOIMODE_NS; 805 } 806 return s->cpu_ctlr[cpu] & GICC_CTLR_EOIMODE; 807 } 808 809 static void gic_deactivate_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs) 810 { 811 int group; 812 813 if (irq >= GIC_MAXIRQ || (!gic_is_vcpu(cpu) && irq >= s->num_irq)) { 814 /* 815 * This handles two cases: 816 * 1. If software writes the ID of a spurious interrupt [ie 1023] 817 * to the GICC_DIR, the GIC ignores that write. 818 * 2. If software writes the number of a non-existent interrupt 819 * this must be a subcase of "value written is not an active interrupt" 820 * and so this is UNPREDICTABLE. We choose to ignore it. For vCPUs, 821 * all IRQs potentially exist, so this limit does not apply. 822 */ 823 return; 824 } 825 826 if (!gic_eoi_split(s, cpu, attrs)) { 827 /* This is UNPREDICTABLE; we choose to ignore it */ 828 qemu_log_mask(LOG_GUEST_ERROR, 829 "gic_deactivate_irq: GICC_DIR write when EOIMode clear"); 830 return; 831 } 832 833 if (gic_is_vcpu(cpu) && !gic_virq_is_valid(s, irq, cpu)) { 834 /* This vIRQ does not have an LR entry which is either active or 835 * pending and active. Increment EOICount and ignore the write. 836 */ 837 int rcpu = gic_get_vcpu_real_id(cpu); 838 s->h_hcr[rcpu] += 1 << R_GICH_HCR_EOICount_SHIFT; 839 840 /* Update the virtual interface in case a maintenance interrupt should 841 * be raised. 842 */ 843 gic_update_virt(s); 844 return; 845 } 846 847 group = gic_has_groups(s) && gic_test_group(s, irq, cpu); 848 849 if (gic_cpu_ns_access(s, cpu, attrs) && !group) { 850 DPRINTF("Non-secure DI for Group0 interrupt %d ignored\n", irq); 851 return; 852 } 853 854 gic_clear_active(s, irq, cpu); 855 } 856 857 static void gic_complete_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs) 858 { 859 int cm = 1 << cpu; 860 int group; 861 862 DPRINTF("EOI %d\n", irq); 863 if (gic_is_vcpu(cpu)) { 864 /* The call to gic_prio_drop() will clear a bit in GICH_APR iff the 865 * running prio is < 0x100. 866 */ 867 bool prio_drop = s->running_priority[cpu] < 0x100; 868 869 if (irq >= GIC_MAXIRQ) { 870 /* Ignore spurious interrupt */ 871 return; 872 } 873 874 gic_drop_prio(s, cpu, 0); 875 876 if (!gic_eoi_split(s, cpu, attrs)) { 877 bool valid = gic_virq_is_valid(s, irq, cpu); 878 if (prio_drop && !valid) { 879 /* We are in a situation where: 880 * - V_CTRL.EOIMode is false (no EOI split), 881 * - The call to gic_drop_prio() cleared a bit in GICH_APR, 882 * - This vIRQ does not have an LR entry which is either 883 * active or pending and active. 884 * In that case, we must increment EOICount. 885 */ 886 int rcpu = gic_get_vcpu_real_id(cpu); 887 s->h_hcr[rcpu] += 1 << R_GICH_HCR_EOICount_SHIFT; 888 } else if (valid) { 889 gic_clear_active(s, irq, cpu); 890 } 891 } 892 893 gic_update_virt(s); 894 return; 895 } 896 897 if (irq >= s->num_irq) { 898 /* This handles two cases: 899 * 1. If software writes the ID of a spurious interrupt [ie 1023] 900 * to the GICC_EOIR, the GIC ignores that write. 901 * 2. If software writes the number of a non-existent interrupt 902 * this must be a subcase of "value written does not match the last 903 * valid interrupt value read from the Interrupt Acknowledge 904 * register" and so this is UNPREDICTABLE. We choose to ignore it. 905 */ 906 return; 907 } 908 if (s->running_priority[cpu] == 0x100) { 909 return; /* No active IRQ. */ 910 } 911 912 if (s->revision == REV_11MPCORE) { 913 /* Mark level triggered interrupts as pending if they are still 914 raised. */ 915 if (!GIC_DIST_TEST_EDGE_TRIGGER(irq) && GIC_DIST_TEST_ENABLED(irq, cm) 916 && GIC_DIST_TEST_LEVEL(irq, cm) 917 && (GIC_DIST_TARGET(irq) & cm) != 0) { 918 DPRINTF("Set %d pending mask %x\n", irq, cm); 919 GIC_DIST_SET_PENDING(irq, cm); 920 } 921 } 922 923 group = gic_has_groups(s) && gic_test_group(s, irq, cpu); 924 925 if (gic_cpu_ns_access(s, cpu, attrs) && !group) { 926 DPRINTF("Non-secure EOI for Group0 interrupt %d ignored\n", irq); 927 return; 928 } 929 930 /* Secure EOI with GICC_CTLR.AckCtl == 0 when the IRQ is a Group 1 931 * interrupt is UNPREDICTABLE. We choose to handle it as if AckCtl == 1, 932 * i.e. go ahead and complete the irq anyway. 933 */ 934 935 gic_drop_prio(s, cpu, group); 936 937 /* In GICv2 the guest can choose to split priority-drop and deactivate */ 938 if (!gic_eoi_split(s, cpu, attrs)) { 939 gic_clear_active(s, irq, cpu); 940 } 941 gic_update(s); 942 } 943 944 static uint8_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs) 945 { 946 GICState *s = (GICState *)opaque; 947 uint32_t res; 948 int irq; 949 int i; 950 int cpu; 951 int cm; 952 int mask; 953 954 cpu = gic_get_current_cpu(s); 955 cm = 1 << cpu; 956 if (offset < 0x100) { 957 if (offset == 0) { /* GICD_CTLR */ 958 /* We rely here on the only non-zero bits being in byte 0 */ 959 if (s->security_extn && !attrs.secure) { 960 /* The NS bank of this register is just an alias of the 961 * EnableGrp1 bit in the S bank version. 962 */ 963 return extract32(s->ctlr, 1, 1); 964 } else { 965 return s->ctlr; 966 } 967 } 968 if (offset == 4) { 969 /* GICD_TYPER byte 0 */ 970 return ((s->num_irq / 32) - 1) | ((s->num_cpu - 1) << 5); 971 } 972 if (offset == 5) { 973 /* GICD_TYPER byte 1 */ 974 return (s->security_extn << 2); 975 } 976 if (offset == 8) { 977 /* GICD_IIDR byte 0 */ 978 return 0x3b; /* Arm JEP106 identity */ 979 } 980 if (offset == 9) { 981 /* GICD_IIDR byte 1 */ 982 return 0x04; /* Arm JEP106 identity */ 983 } 984 if (offset < 0x0c) { 985 /* All other bytes in this range are RAZ */ 986 return 0; 987 } 988 if (offset >= 0x80) { 989 /* Interrupt Group Registers: these RAZ/WI if this is an NS 990 * access to a GIC with the security extensions, or if the GIC 991 * doesn't have groups at all. 992 */ 993 res = 0; 994 if (!(s->security_extn && !attrs.secure) && gic_has_groups(s)) { 995 /* Every byte offset holds 8 group status bits */ 996 irq = (offset - 0x080) * 8; 997 if (irq >= s->num_irq) { 998 goto bad_reg; 999 } 1000 for (i = 0; i < 8; i++) { 1001 if (GIC_DIST_TEST_GROUP(irq + i, cm)) { 1002 res |= (1 << i); 1003 } 1004 } 1005 } 1006 return res; 1007 } 1008 goto bad_reg; 1009 } else if (offset < 0x200) { 1010 /* Interrupt Set/Clear Enable. */ 1011 if (offset < 0x180) 1012 irq = (offset - 0x100) * 8; 1013 else 1014 irq = (offset - 0x180) * 8; 1015 if (irq >= s->num_irq) 1016 goto bad_reg; 1017 res = 0; 1018 for (i = 0; i < 8; i++) { 1019 if (s->security_extn && !attrs.secure && 1020 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1021 continue; /* Ignore Non-secure access of Group0 IRQ */ 1022 } 1023 1024 if (GIC_DIST_TEST_ENABLED(irq + i, cm)) { 1025 res |= (1 << i); 1026 } 1027 } 1028 } else if (offset < 0x300) { 1029 /* Interrupt Set/Clear Pending. */ 1030 if (offset < 0x280) 1031 irq = (offset - 0x200) * 8; 1032 else 1033 irq = (offset - 0x280) * 8; 1034 if (irq >= s->num_irq) 1035 goto bad_reg; 1036 res = 0; 1037 mask = (irq < GIC_INTERNAL) ? cm : ALL_CPU_MASK; 1038 for (i = 0; i < 8; i++) { 1039 if (s->security_extn && !attrs.secure && 1040 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1041 continue; /* Ignore Non-secure access of Group0 IRQ */ 1042 } 1043 1044 if (gic_test_pending(s, irq + i, mask)) { 1045 res |= (1 << i); 1046 } 1047 } 1048 } else if (offset < 0x400) { 1049 /* Interrupt Set/Clear Active. */ 1050 if (offset < 0x380) { 1051 irq = (offset - 0x300) * 8; 1052 } else if (s->revision == 2) { 1053 irq = (offset - 0x380) * 8; 1054 } else { 1055 goto bad_reg; 1056 } 1057 1058 if (irq >= s->num_irq) 1059 goto bad_reg; 1060 res = 0; 1061 mask = (irq < GIC_INTERNAL) ? cm : ALL_CPU_MASK; 1062 for (i = 0; i < 8; i++) { 1063 if (s->security_extn && !attrs.secure && 1064 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1065 continue; /* Ignore Non-secure access of Group0 IRQ */ 1066 } 1067 1068 if (GIC_DIST_TEST_ACTIVE(irq + i, mask)) { 1069 res |= (1 << i); 1070 } 1071 } 1072 } else if (offset < 0x800) { 1073 /* Interrupt Priority. */ 1074 irq = (offset - 0x400); 1075 if (irq >= s->num_irq) 1076 goto bad_reg; 1077 res = gic_dist_get_priority(s, cpu, irq, attrs); 1078 } else if (offset < 0xc00) { 1079 /* Interrupt CPU Target. */ 1080 if (s->num_cpu == 1 && s->revision != REV_11MPCORE) { 1081 /* For uniprocessor GICs these RAZ/WI */ 1082 res = 0; 1083 } else { 1084 irq = (offset - 0x800); 1085 if (irq >= s->num_irq) { 1086 goto bad_reg; 1087 } 1088 if (irq < 29 && s->revision == REV_11MPCORE) { 1089 res = 0; 1090 } else if (irq < GIC_INTERNAL) { 1091 res = cm; 1092 } else { 1093 res = GIC_DIST_TARGET(irq); 1094 } 1095 } 1096 } else if (offset < 0xf00) { 1097 /* Interrupt Configuration. */ 1098 irq = (offset - 0xc00) * 4; 1099 if (irq >= s->num_irq) 1100 goto bad_reg; 1101 res = 0; 1102 for (i = 0; i < 4; i++) { 1103 if (s->security_extn && !attrs.secure && 1104 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1105 continue; /* Ignore Non-secure access of Group0 IRQ */ 1106 } 1107 1108 if (GIC_DIST_TEST_MODEL(irq + i)) { 1109 res |= (1 << (i * 2)); 1110 } 1111 if (GIC_DIST_TEST_EDGE_TRIGGER(irq + i)) { 1112 res |= (2 << (i * 2)); 1113 } 1114 } 1115 } else if (offset < 0xf10) { 1116 goto bad_reg; 1117 } else if (offset < 0xf30) { 1118 if (s->revision == REV_11MPCORE) { 1119 goto bad_reg; 1120 } 1121 1122 if (offset < 0xf20) { 1123 /* GICD_CPENDSGIRn */ 1124 irq = (offset - 0xf10); 1125 } else { 1126 irq = (offset - 0xf20); 1127 /* GICD_SPENDSGIRn */ 1128 } 1129 1130 if (s->security_extn && !attrs.secure && 1131 !GIC_DIST_TEST_GROUP(irq, 1 << cpu)) { 1132 res = 0; /* Ignore Non-secure access of Group0 IRQ */ 1133 } else { 1134 res = s->sgi_pending[irq][cpu]; 1135 } 1136 } else if (offset < 0xfd0) { 1137 goto bad_reg; 1138 } else if (offset < 0x1000) { 1139 if (offset & 3) { 1140 res = 0; 1141 } else { 1142 switch (s->revision) { 1143 case REV_11MPCORE: 1144 res = gic_id_11mpcore[(offset - 0xfd0) >> 2]; 1145 break; 1146 case 1: 1147 res = gic_id_gicv1[(offset - 0xfd0) >> 2]; 1148 break; 1149 case 2: 1150 res = gic_id_gicv2[(offset - 0xfd0) >> 2]; 1151 break; 1152 default: 1153 res = 0; 1154 } 1155 } 1156 } else { 1157 g_assert_not_reached(); 1158 } 1159 return res; 1160 bad_reg: 1161 qemu_log_mask(LOG_GUEST_ERROR, 1162 "gic_dist_readb: Bad offset %x\n", (int)offset); 1163 return 0; 1164 } 1165 1166 static MemTxResult gic_dist_read(void *opaque, hwaddr offset, uint64_t *data, 1167 unsigned size, MemTxAttrs attrs) 1168 { 1169 switch (size) { 1170 case 1: 1171 *data = gic_dist_readb(opaque, offset, attrs); 1172 break; 1173 case 2: 1174 *data = gic_dist_readb(opaque, offset, attrs); 1175 *data |= gic_dist_readb(opaque, offset + 1, attrs) << 8; 1176 break; 1177 case 4: 1178 *data = gic_dist_readb(opaque, offset, attrs); 1179 *data |= gic_dist_readb(opaque, offset + 1, attrs) << 8; 1180 *data |= gic_dist_readb(opaque, offset + 2, attrs) << 16; 1181 *data |= gic_dist_readb(opaque, offset + 3, attrs) << 24; 1182 break; 1183 default: 1184 return MEMTX_ERROR; 1185 } 1186 1187 trace_gic_dist_read(offset, size, *data); 1188 return MEMTX_OK; 1189 } 1190 1191 static void gic_dist_writeb(void *opaque, hwaddr offset, 1192 uint32_t value, MemTxAttrs attrs) 1193 { 1194 GICState *s = (GICState *)opaque; 1195 int irq; 1196 int i; 1197 int cpu; 1198 1199 cpu = gic_get_current_cpu(s); 1200 if (offset < 0x100) { 1201 if (offset == 0) { 1202 if (s->security_extn && !attrs.secure) { 1203 /* NS version is just an alias of the S version's bit 1 */ 1204 s->ctlr = deposit32(s->ctlr, 1, 1, value); 1205 } else if (gic_has_groups(s)) { 1206 s->ctlr = value & (GICD_CTLR_EN_GRP0 | GICD_CTLR_EN_GRP1); 1207 } else { 1208 s->ctlr = value & GICD_CTLR_EN_GRP0; 1209 } 1210 DPRINTF("Distributor: Group0 %sabled; Group 1 %sabled\n", 1211 s->ctlr & GICD_CTLR_EN_GRP0 ? "En" : "Dis", 1212 s->ctlr & GICD_CTLR_EN_GRP1 ? "En" : "Dis"); 1213 } else if (offset < 4) { 1214 /* ignored. */ 1215 } else if (offset >= 0x80) { 1216 /* Interrupt Group Registers: RAZ/WI for NS access to secure 1217 * GIC, or for GICs without groups. 1218 */ 1219 if (!(s->security_extn && !attrs.secure) && gic_has_groups(s)) { 1220 /* Every byte offset holds 8 group status bits */ 1221 irq = (offset - 0x80) * 8; 1222 if (irq >= s->num_irq) { 1223 goto bad_reg; 1224 } 1225 for (i = 0; i < 8; i++) { 1226 /* Group bits are banked for private interrupts */ 1227 int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK; 1228 if (value & (1 << i)) { 1229 /* Group1 (Non-secure) */ 1230 GIC_DIST_SET_GROUP(irq + i, cm); 1231 } else { 1232 /* Group0 (Secure) */ 1233 GIC_DIST_CLEAR_GROUP(irq + i, cm); 1234 } 1235 } 1236 } 1237 } else { 1238 goto bad_reg; 1239 } 1240 } else if (offset < 0x180) { 1241 /* Interrupt Set Enable. */ 1242 irq = (offset - 0x100) * 8; 1243 if (irq >= s->num_irq) 1244 goto bad_reg; 1245 if (irq < GIC_NR_SGIS) { 1246 value = 0xff; 1247 } 1248 1249 for (i = 0; i < 8; i++) { 1250 if (value & (1 << i)) { 1251 int mask = 1252 (irq < GIC_INTERNAL) ? (1 << cpu) 1253 : GIC_DIST_TARGET(irq + i); 1254 int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK; 1255 1256 if (s->security_extn && !attrs.secure && 1257 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1258 continue; /* Ignore Non-secure access of Group0 IRQ */ 1259 } 1260 1261 if (!GIC_DIST_TEST_ENABLED(irq + i, cm)) { 1262 DPRINTF("Enabled IRQ %d\n", irq + i); 1263 trace_gic_enable_irq(irq + i); 1264 } 1265 GIC_DIST_SET_ENABLED(irq + i, cm); 1266 /* If a raised level triggered IRQ enabled then mark 1267 is as pending. */ 1268 if (GIC_DIST_TEST_LEVEL(irq + i, mask) 1269 && !GIC_DIST_TEST_EDGE_TRIGGER(irq + i)) { 1270 DPRINTF("Set %d pending mask %x\n", irq + i, mask); 1271 GIC_DIST_SET_PENDING(irq + i, mask); 1272 } 1273 } 1274 } 1275 } else if (offset < 0x200) { 1276 /* Interrupt Clear Enable. */ 1277 irq = (offset - 0x180) * 8; 1278 if (irq >= s->num_irq) 1279 goto bad_reg; 1280 if (irq < GIC_NR_SGIS) { 1281 value = 0; 1282 } 1283 1284 for (i = 0; i < 8; i++) { 1285 if (value & (1 << i)) { 1286 int cm = (irq < GIC_INTERNAL) ? (1 << cpu) : ALL_CPU_MASK; 1287 1288 if (s->security_extn && !attrs.secure && 1289 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1290 continue; /* Ignore Non-secure access of Group0 IRQ */ 1291 } 1292 1293 if (GIC_DIST_TEST_ENABLED(irq + i, cm)) { 1294 DPRINTF("Disabled IRQ %d\n", irq + i); 1295 trace_gic_disable_irq(irq + i); 1296 } 1297 GIC_DIST_CLEAR_ENABLED(irq + i, cm); 1298 } 1299 } 1300 } else if (offset < 0x280) { 1301 /* Interrupt Set Pending. */ 1302 irq = (offset - 0x200) * 8; 1303 if (irq >= s->num_irq) 1304 goto bad_reg; 1305 if (irq < GIC_NR_SGIS) { 1306 value = 0; 1307 } 1308 1309 for (i = 0; i < 8; i++) { 1310 if (value & (1 << i)) { 1311 int mask = (irq < GIC_INTERNAL) ? (1 << cpu) 1312 : GIC_DIST_TARGET(irq + i); 1313 1314 if (s->security_extn && !attrs.secure && 1315 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1316 continue; /* Ignore Non-secure access of Group0 IRQ */ 1317 } 1318 1319 GIC_DIST_SET_PENDING(irq + i, mask); 1320 } 1321 } 1322 } else if (offset < 0x300) { 1323 /* Interrupt Clear Pending. */ 1324 irq = (offset - 0x280) * 8; 1325 if (irq >= s->num_irq) 1326 goto bad_reg; 1327 if (irq < GIC_NR_SGIS) { 1328 value = 0; 1329 } 1330 1331 for (i = 0; i < 8; i++) { 1332 if (s->security_extn && !attrs.secure && 1333 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1334 continue; /* Ignore Non-secure access of Group0 IRQ */ 1335 } 1336 1337 /* ??? This currently clears the pending bit for all CPUs, even 1338 for per-CPU interrupts. It's unclear whether this is the 1339 correct behavior. */ 1340 if (value & (1 << i)) { 1341 GIC_DIST_CLEAR_PENDING(irq + i, ALL_CPU_MASK); 1342 } 1343 } 1344 } else if (offset < 0x380) { 1345 /* Interrupt Set Active. */ 1346 if (s->revision != 2) { 1347 goto bad_reg; 1348 } 1349 1350 irq = (offset - 0x300) * 8; 1351 if (irq >= s->num_irq) { 1352 goto bad_reg; 1353 } 1354 1355 /* This register is banked per-cpu for PPIs */ 1356 int cm = irq < GIC_INTERNAL ? (1 << cpu) : ALL_CPU_MASK; 1357 1358 for (i = 0; i < 8; i++) { 1359 if (s->security_extn && !attrs.secure && 1360 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1361 continue; /* Ignore Non-secure access of Group0 IRQ */ 1362 } 1363 1364 if (value & (1 << i)) { 1365 GIC_DIST_SET_ACTIVE(irq + i, cm); 1366 } 1367 } 1368 } else if (offset < 0x400) { 1369 /* Interrupt Clear Active. */ 1370 if (s->revision != 2) { 1371 goto bad_reg; 1372 } 1373 1374 irq = (offset - 0x380) * 8; 1375 if (irq >= s->num_irq) { 1376 goto bad_reg; 1377 } 1378 1379 /* This register is banked per-cpu for PPIs */ 1380 int cm = irq < GIC_INTERNAL ? (1 << cpu) : ALL_CPU_MASK; 1381 1382 for (i = 0; i < 8; i++) { 1383 if (s->security_extn && !attrs.secure && 1384 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1385 continue; /* Ignore Non-secure access of Group0 IRQ */ 1386 } 1387 1388 if (value & (1 << i)) { 1389 GIC_DIST_CLEAR_ACTIVE(irq + i, cm); 1390 } 1391 } 1392 } else if (offset < 0x800) { 1393 /* Interrupt Priority. */ 1394 irq = (offset - 0x400); 1395 if (irq >= s->num_irq) 1396 goto bad_reg; 1397 gic_dist_set_priority(s, cpu, irq, value, attrs); 1398 } else if (offset < 0xc00) { 1399 /* Interrupt CPU Target. RAZ/WI on uniprocessor GICs, with the 1400 * annoying exception of the 11MPCore's GIC. 1401 */ 1402 if (s->num_cpu != 1 || s->revision == REV_11MPCORE) { 1403 irq = (offset - 0x800); 1404 if (irq >= s->num_irq) { 1405 goto bad_reg; 1406 } 1407 if (irq < 29 && s->revision == REV_11MPCORE) { 1408 value = 0; 1409 } else if (irq < GIC_INTERNAL) { 1410 value = ALL_CPU_MASK; 1411 } 1412 s->irq_target[irq] = value & ALL_CPU_MASK; 1413 if (irq >= GIC_INTERNAL && s->irq_state[irq].pending) { 1414 /* 1415 * Changing the target of an interrupt that is currently 1416 * pending updates the set of CPUs it is pending on. 1417 */ 1418 s->irq_state[irq].pending = value & ALL_CPU_MASK; 1419 } 1420 } 1421 } else if (offset < 0xf00) { 1422 /* Interrupt Configuration. */ 1423 irq = (offset - 0xc00) * 4; 1424 if (irq >= s->num_irq) 1425 goto bad_reg; 1426 if (irq < GIC_NR_SGIS) 1427 value |= 0xaa; 1428 for (i = 0; i < 4; i++) { 1429 if (s->security_extn && !attrs.secure && 1430 !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { 1431 continue; /* Ignore Non-secure access of Group0 IRQ */ 1432 } 1433 1434 if (s->revision == REV_11MPCORE) { 1435 if (value & (1 << (i * 2))) { 1436 GIC_DIST_SET_MODEL(irq + i); 1437 } else { 1438 GIC_DIST_CLEAR_MODEL(irq + i); 1439 } 1440 } 1441 if (value & (2 << (i * 2))) { 1442 GIC_DIST_SET_EDGE_TRIGGER(irq + i); 1443 } else { 1444 GIC_DIST_CLEAR_EDGE_TRIGGER(irq + i); 1445 } 1446 } 1447 } else if (offset < 0xf10) { 1448 /* 0xf00 is only handled for 32-bit writes. */ 1449 goto bad_reg; 1450 } else if (offset < 0xf20) { 1451 /* GICD_CPENDSGIRn */ 1452 if (s->revision == REV_11MPCORE) { 1453 goto bad_reg; 1454 } 1455 irq = (offset - 0xf10); 1456 1457 if (!s->security_extn || attrs.secure || 1458 GIC_DIST_TEST_GROUP(irq, 1 << cpu)) { 1459 s->sgi_pending[irq][cpu] &= ~value; 1460 if (s->sgi_pending[irq][cpu] == 0) { 1461 GIC_DIST_CLEAR_PENDING(irq, 1 << cpu); 1462 } 1463 } 1464 } else if (offset < 0xf30) { 1465 /* GICD_SPENDSGIRn */ 1466 if (s->revision == REV_11MPCORE) { 1467 goto bad_reg; 1468 } 1469 irq = (offset - 0xf20); 1470 1471 if (!s->security_extn || attrs.secure || 1472 GIC_DIST_TEST_GROUP(irq, 1 << cpu)) { 1473 GIC_DIST_SET_PENDING(irq, 1 << cpu); 1474 s->sgi_pending[irq][cpu] |= value; 1475 } 1476 } else { 1477 goto bad_reg; 1478 } 1479 gic_update(s); 1480 return; 1481 bad_reg: 1482 qemu_log_mask(LOG_GUEST_ERROR, 1483 "gic_dist_writeb: Bad offset %x\n", (int)offset); 1484 } 1485 1486 static void gic_dist_writew(void *opaque, hwaddr offset, 1487 uint32_t value, MemTxAttrs attrs) 1488 { 1489 gic_dist_writeb(opaque, offset, value & 0xff, attrs); 1490 gic_dist_writeb(opaque, offset + 1, value >> 8, attrs); 1491 } 1492 1493 static void gic_dist_writel(void *opaque, hwaddr offset, 1494 uint32_t value, MemTxAttrs attrs) 1495 { 1496 GICState *s = (GICState *)opaque; 1497 if (offset == 0xf00) { 1498 int cpu; 1499 int irq; 1500 int mask; 1501 int target_cpu; 1502 1503 cpu = gic_get_current_cpu(s); 1504 irq = value & 0xf; 1505 switch ((value >> 24) & 3) { 1506 case 0: 1507 mask = (value >> 16) & ALL_CPU_MASK; 1508 break; 1509 case 1: 1510 mask = ALL_CPU_MASK ^ (1 << cpu); 1511 break; 1512 case 2: 1513 mask = 1 << cpu; 1514 break; 1515 default: 1516 DPRINTF("Bad Soft Int target filter\n"); 1517 mask = ALL_CPU_MASK; 1518 break; 1519 } 1520 GIC_DIST_SET_PENDING(irq, mask); 1521 target_cpu = ctz32(mask); 1522 while (target_cpu < GIC_NCPU) { 1523 s->sgi_pending[irq][target_cpu] |= (1 << cpu); 1524 mask &= ~(1 << target_cpu); 1525 target_cpu = ctz32(mask); 1526 } 1527 gic_update(s); 1528 return; 1529 } 1530 gic_dist_writew(opaque, offset, value & 0xffff, attrs); 1531 gic_dist_writew(opaque, offset + 2, value >> 16, attrs); 1532 } 1533 1534 static MemTxResult gic_dist_write(void *opaque, hwaddr offset, uint64_t data, 1535 unsigned size, MemTxAttrs attrs) 1536 { 1537 trace_gic_dist_write(offset, size, data); 1538 1539 switch (size) { 1540 case 1: 1541 gic_dist_writeb(opaque, offset, data, attrs); 1542 return MEMTX_OK; 1543 case 2: 1544 gic_dist_writew(opaque, offset, data, attrs); 1545 return MEMTX_OK; 1546 case 4: 1547 gic_dist_writel(opaque, offset, data, attrs); 1548 return MEMTX_OK; 1549 default: 1550 return MEMTX_ERROR; 1551 } 1552 } 1553 1554 static inline uint32_t gic_apr_ns_view(GICState *s, int cpu, int regno) 1555 { 1556 /* Return the Nonsecure view of GICC_APR<regno>. This is the 1557 * second half of GICC_NSAPR. 1558 */ 1559 switch (GIC_MIN_BPR) { 1560 case 0: 1561 if (regno < 2) { 1562 return s->nsapr[regno + 2][cpu]; 1563 } 1564 break; 1565 case 1: 1566 if (regno == 0) { 1567 return s->nsapr[regno + 1][cpu]; 1568 } 1569 break; 1570 case 2: 1571 if (regno == 0) { 1572 return extract32(s->nsapr[0][cpu], 16, 16); 1573 } 1574 break; 1575 case 3: 1576 if (regno == 0) { 1577 return extract32(s->nsapr[0][cpu], 8, 8); 1578 } 1579 break; 1580 default: 1581 g_assert_not_reached(); 1582 } 1583 return 0; 1584 } 1585 1586 static inline void gic_apr_write_ns_view(GICState *s, int cpu, int regno, 1587 uint32_t value) 1588 { 1589 /* Write the Nonsecure view of GICC_APR<regno>. */ 1590 switch (GIC_MIN_BPR) { 1591 case 0: 1592 if (regno < 2) { 1593 s->nsapr[regno + 2][cpu] = value; 1594 } 1595 break; 1596 case 1: 1597 if (regno == 0) { 1598 s->nsapr[regno + 1][cpu] = value; 1599 } 1600 break; 1601 case 2: 1602 if (regno == 0) { 1603 s->nsapr[0][cpu] = deposit32(s->nsapr[0][cpu], 16, 16, value); 1604 } 1605 break; 1606 case 3: 1607 if (regno == 0) { 1608 s->nsapr[0][cpu] = deposit32(s->nsapr[0][cpu], 8, 8, value); 1609 } 1610 break; 1611 default: 1612 g_assert_not_reached(); 1613 } 1614 } 1615 1616 static MemTxResult gic_cpu_read(GICState *s, int cpu, int offset, 1617 uint64_t *data, MemTxAttrs attrs) 1618 { 1619 switch (offset) { 1620 case 0x00: /* Control */ 1621 *data = gic_get_cpu_control(s, cpu, attrs); 1622 break; 1623 case 0x04: /* Priority mask */ 1624 *data = gic_get_priority_mask(s, cpu, attrs); 1625 break; 1626 case 0x08: /* Binary Point */ 1627 if (gic_cpu_ns_access(s, cpu, attrs)) { 1628 if (s->cpu_ctlr[cpu] & GICC_CTLR_CBPR) { 1629 /* NS view of BPR when CBPR is 1 */ 1630 *data = MIN(s->bpr[cpu] + 1, 7); 1631 } else { 1632 /* BPR is banked. Non-secure copy stored in ABPR. */ 1633 *data = s->abpr[cpu]; 1634 } 1635 } else { 1636 *data = s->bpr[cpu]; 1637 } 1638 break; 1639 case 0x0c: /* Acknowledge */ 1640 *data = gic_acknowledge_irq(s, cpu, attrs); 1641 break; 1642 case 0x14: /* Running Priority */ 1643 *data = gic_get_running_priority(s, cpu, attrs); 1644 break; 1645 case 0x18: /* Highest Pending Interrupt */ 1646 *data = gic_get_current_pending_irq(s, cpu, attrs); 1647 break; 1648 case 0x1c: /* Aliased Binary Point */ 1649 /* GIC v2, no security: ABPR 1650 * GIC v1, no security: not implemented (RAZ/WI) 1651 * With security extensions, secure access: ABPR (alias of NS BPR) 1652 * With security extensions, nonsecure access: RAZ/WI 1653 */ 1654 if (!gic_has_groups(s) || (gic_cpu_ns_access(s, cpu, attrs))) { 1655 *data = 0; 1656 } else { 1657 *data = s->abpr[cpu]; 1658 } 1659 break; 1660 case 0xd0: case 0xd4: case 0xd8: case 0xdc: 1661 { 1662 int regno = (offset - 0xd0) / 4; 1663 int nr_aprs = gic_is_vcpu(cpu) ? GIC_VIRT_NR_APRS : GIC_NR_APRS; 1664 1665 if (regno >= nr_aprs || s->revision != 2) { 1666 *data = 0; 1667 } else if (gic_is_vcpu(cpu)) { 1668 *data = s->h_apr[gic_get_vcpu_real_id(cpu)]; 1669 } else if (gic_cpu_ns_access(s, cpu, attrs)) { 1670 /* NS view of GICC_APR<n> is the top half of GIC_NSAPR<n> */ 1671 *data = gic_apr_ns_view(s, cpu, regno); 1672 } else { 1673 *data = s->apr[regno][cpu]; 1674 } 1675 break; 1676 } 1677 case 0xe0: case 0xe4: case 0xe8: case 0xec: 1678 { 1679 int regno = (offset - 0xe0) / 4; 1680 1681 if (regno >= GIC_NR_APRS || s->revision != 2 || !gic_has_groups(s) || 1682 gic_cpu_ns_access(s, cpu, attrs) || gic_is_vcpu(cpu)) { 1683 *data = 0; 1684 } else { 1685 *data = s->nsapr[regno][cpu]; 1686 } 1687 break; 1688 } 1689 case 0xfc: 1690 if (s->revision == REV_11MPCORE) { 1691 /* Reserved on 11MPCore */ 1692 *data = 0; 1693 } else { 1694 /* GICv1 or v2; Arm implementation */ 1695 *data = (s->revision << 16) | 0x43b; 1696 } 1697 break; 1698 default: 1699 qemu_log_mask(LOG_GUEST_ERROR, 1700 "gic_cpu_read: Bad offset %x\n", (int)offset); 1701 *data = 0; 1702 break; 1703 } 1704 1705 trace_gic_cpu_read(gic_is_vcpu(cpu) ? "vcpu" : "cpu", 1706 gic_get_vcpu_real_id(cpu), offset, *data); 1707 return MEMTX_OK; 1708 } 1709 1710 static MemTxResult gic_cpu_write(GICState *s, int cpu, int offset, 1711 uint32_t value, MemTxAttrs attrs) 1712 { 1713 trace_gic_cpu_write(gic_is_vcpu(cpu) ? "vcpu" : "cpu", 1714 gic_get_vcpu_real_id(cpu), offset, value); 1715 1716 switch (offset) { 1717 case 0x00: /* Control */ 1718 gic_set_cpu_control(s, cpu, value, attrs); 1719 break; 1720 case 0x04: /* Priority mask */ 1721 gic_set_priority_mask(s, cpu, value, attrs); 1722 break; 1723 case 0x08: /* Binary Point */ 1724 if (gic_cpu_ns_access(s, cpu, attrs)) { 1725 if (s->cpu_ctlr[cpu] & GICC_CTLR_CBPR) { 1726 /* WI when CBPR is 1 */ 1727 return MEMTX_OK; 1728 } else { 1729 s->abpr[cpu] = MAX(value & 0x7, GIC_MIN_ABPR); 1730 } 1731 } else { 1732 int min_bpr = gic_is_vcpu(cpu) ? GIC_VIRT_MIN_BPR : GIC_MIN_BPR; 1733 s->bpr[cpu] = MAX(value & 0x7, min_bpr); 1734 } 1735 break; 1736 case 0x10: /* End Of Interrupt */ 1737 gic_complete_irq(s, cpu, value & 0x3ff, attrs); 1738 return MEMTX_OK; 1739 case 0x1c: /* Aliased Binary Point */ 1740 if (!gic_has_groups(s) || (gic_cpu_ns_access(s, cpu, attrs))) { 1741 /* unimplemented, or NS access: RAZ/WI */ 1742 return MEMTX_OK; 1743 } else { 1744 s->abpr[cpu] = MAX(value & 0x7, GIC_MIN_ABPR); 1745 } 1746 break; 1747 case 0xd0: case 0xd4: case 0xd8: case 0xdc: 1748 { 1749 int regno = (offset - 0xd0) / 4; 1750 int nr_aprs = gic_is_vcpu(cpu) ? GIC_VIRT_NR_APRS : GIC_NR_APRS; 1751 1752 if (regno >= nr_aprs || s->revision != 2) { 1753 return MEMTX_OK; 1754 } 1755 if (gic_is_vcpu(cpu)) { 1756 s->h_apr[gic_get_vcpu_real_id(cpu)] = value; 1757 } else if (gic_cpu_ns_access(s, cpu, attrs)) { 1758 /* NS view of GICC_APR<n> is the top half of GIC_NSAPR<n> */ 1759 gic_apr_write_ns_view(s, cpu, regno, value); 1760 } else { 1761 s->apr[regno][cpu] = value; 1762 } 1763 s->running_priority[cpu] = gic_get_prio_from_apr_bits(s, cpu); 1764 break; 1765 } 1766 case 0xe0: case 0xe4: case 0xe8: case 0xec: 1767 { 1768 int regno = (offset - 0xe0) / 4; 1769 1770 if (regno >= GIC_NR_APRS || s->revision != 2) { 1771 return MEMTX_OK; 1772 } 1773 if (gic_is_vcpu(cpu)) { 1774 return MEMTX_OK; 1775 } 1776 if (!gic_has_groups(s) || (gic_cpu_ns_access(s, cpu, attrs))) { 1777 return MEMTX_OK; 1778 } 1779 s->nsapr[regno][cpu] = value; 1780 s->running_priority[cpu] = gic_get_prio_from_apr_bits(s, cpu); 1781 break; 1782 } 1783 case 0x1000: 1784 /* GICC_DIR */ 1785 gic_deactivate_irq(s, cpu, value & 0x3ff, attrs); 1786 break; 1787 default: 1788 qemu_log_mask(LOG_GUEST_ERROR, 1789 "gic_cpu_write: Bad offset %x\n", (int)offset); 1790 return MEMTX_OK; 1791 } 1792 1793 if (gic_is_vcpu(cpu)) { 1794 gic_update_virt(s); 1795 } else { 1796 gic_update(s); 1797 } 1798 1799 return MEMTX_OK; 1800 } 1801 1802 /* Wrappers to read/write the GIC CPU interface for the current CPU */ 1803 static MemTxResult gic_thiscpu_read(void *opaque, hwaddr addr, uint64_t *data, 1804 unsigned size, MemTxAttrs attrs) 1805 { 1806 GICState *s = (GICState *)opaque; 1807 return gic_cpu_read(s, gic_get_current_cpu(s), addr, data, attrs); 1808 } 1809 1810 static MemTxResult gic_thiscpu_write(void *opaque, hwaddr addr, 1811 uint64_t value, unsigned size, 1812 MemTxAttrs attrs) 1813 { 1814 GICState *s = (GICState *)opaque; 1815 return gic_cpu_write(s, gic_get_current_cpu(s), addr, value, attrs); 1816 } 1817 1818 /* Wrappers to read/write the GIC CPU interface for a specific CPU. 1819 * These just decode the opaque pointer into GICState* + cpu id. 1820 */ 1821 static MemTxResult gic_do_cpu_read(void *opaque, hwaddr addr, uint64_t *data, 1822 unsigned size, MemTxAttrs attrs) 1823 { 1824 GICState **backref = (GICState **)opaque; 1825 GICState *s = *backref; 1826 int id = (backref - s->backref); 1827 return gic_cpu_read(s, id, addr, data, attrs); 1828 } 1829 1830 static MemTxResult gic_do_cpu_write(void *opaque, hwaddr addr, 1831 uint64_t value, unsigned size, 1832 MemTxAttrs attrs) 1833 { 1834 GICState **backref = (GICState **)opaque; 1835 GICState *s = *backref; 1836 int id = (backref - s->backref); 1837 return gic_cpu_write(s, id, addr, value, attrs); 1838 } 1839 1840 static MemTxResult gic_thisvcpu_read(void *opaque, hwaddr addr, uint64_t *data, 1841 unsigned size, MemTxAttrs attrs) 1842 { 1843 GICState *s = (GICState *)opaque; 1844 1845 return gic_cpu_read(s, gic_get_current_vcpu(s), addr, data, attrs); 1846 } 1847 1848 static MemTxResult gic_thisvcpu_write(void *opaque, hwaddr addr, 1849 uint64_t value, unsigned size, 1850 MemTxAttrs attrs) 1851 { 1852 GICState *s = (GICState *)opaque; 1853 1854 return gic_cpu_write(s, gic_get_current_vcpu(s), addr, value, attrs); 1855 } 1856 1857 static uint32_t gic_compute_eisr(GICState *s, int cpu, int lr_start) 1858 { 1859 int lr_idx; 1860 uint32_t ret = 0; 1861 1862 for (lr_idx = lr_start; lr_idx < s->num_lrs; lr_idx++) { 1863 uint32_t *entry = &s->h_lr[lr_idx][cpu]; 1864 ret = deposit32(ret, lr_idx - lr_start, 1, 1865 gic_lr_entry_is_eoi(*entry)); 1866 } 1867 1868 return ret; 1869 } 1870 1871 static uint32_t gic_compute_elrsr(GICState *s, int cpu, int lr_start) 1872 { 1873 int lr_idx; 1874 uint32_t ret = 0; 1875 1876 for (lr_idx = lr_start; lr_idx < s->num_lrs; lr_idx++) { 1877 uint32_t *entry = &s->h_lr[lr_idx][cpu]; 1878 ret = deposit32(ret, lr_idx - lr_start, 1, 1879 gic_lr_entry_is_free(*entry)); 1880 } 1881 1882 return ret; 1883 } 1884 1885 static void gic_vmcr_write(GICState *s, uint32_t value, MemTxAttrs attrs) 1886 { 1887 int vcpu = gic_get_current_vcpu(s); 1888 uint32_t ctlr; 1889 uint32_t abpr; 1890 uint32_t bpr; 1891 uint32_t prio_mask; 1892 1893 ctlr = FIELD_EX32(value, GICH_VMCR, VMCCtlr); 1894 abpr = FIELD_EX32(value, GICH_VMCR, VMABP); 1895 bpr = FIELD_EX32(value, GICH_VMCR, VMBP); 1896 prio_mask = FIELD_EX32(value, GICH_VMCR, VMPriMask) << 3; 1897 1898 gic_set_cpu_control(s, vcpu, ctlr, attrs); 1899 s->abpr[vcpu] = MAX(abpr, GIC_VIRT_MIN_ABPR); 1900 s->bpr[vcpu] = MAX(bpr, GIC_VIRT_MIN_BPR); 1901 gic_set_priority_mask(s, vcpu, prio_mask, attrs); 1902 } 1903 1904 static MemTxResult gic_hyp_read(void *opaque, int cpu, hwaddr addr, 1905 uint64_t *data, MemTxAttrs attrs) 1906 { 1907 GICState *s = ARM_GIC(opaque); 1908 int vcpu = cpu + GIC_NCPU; 1909 1910 switch (addr) { 1911 case A_GICH_HCR: /* Hypervisor Control */ 1912 *data = s->h_hcr[cpu]; 1913 break; 1914 1915 case A_GICH_VTR: /* VGIC Type */ 1916 *data = FIELD_DP32(0, GICH_VTR, ListRegs, s->num_lrs - 1); 1917 *data = FIELD_DP32(*data, GICH_VTR, PREbits, 1918 GIC_VIRT_MAX_GROUP_PRIO_BITS - 1); 1919 *data = FIELD_DP32(*data, GICH_VTR, PRIbits, 1920 (7 - GIC_VIRT_MIN_BPR) - 1); 1921 break; 1922 1923 case A_GICH_VMCR: /* Virtual Machine Control */ 1924 *data = FIELD_DP32(0, GICH_VMCR, VMCCtlr, 1925 extract32(s->cpu_ctlr[vcpu], 0, 10)); 1926 *data = FIELD_DP32(*data, GICH_VMCR, VMABP, s->abpr[vcpu]); 1927 *data = FIELD_DP32(*data, GICH_VMCR, VMBP, s->bpr[vcpu]); 1928 *data = FIELD_DP32(*data, GICH_VMCR, VMPriMask, 1929 extract32(s->priority_mask[vcpu], 3, 5)); 1930 break; 1931 1932 case A_GICH_MISR: /* Maintenance Interrupt Status */ 1933 *data = s->h_misr[cpu]; 1934 break; 1935 1936 case A_GICH_EISR0: /* End of Interrupt Status 0 and 1 */ 1937 case A_GICH_EISR1: 1938 *data = gic_compute_eisr(s, cpu, (addr - A_GICH_EISR0) * 8); 1939 break; 1940 1941 case A_GICH_ELRSR0: /* Empty List Status 0 and 1 */ 1942 case A_GICH_ELRSR1: 1943 *data = gic_compute_elrsr(s, cpu, (addr - A_GICH_ELRSR0) * 8); 1944 break; 1945 1946 case A_GICH_APR: /* Active Priorities */ 1947 *data = s->h_apr[cpu]; 1948 break; 1949 1950 case A_GICH_LR0 ... A_GICH_LR63: /* List Registers */ 1951 { 1952 int lr_idx = (addr - A_GICH_LR0) / 4; 1953 1954 if (lr_idx > s->num_lrs) { 1955 *data = 0; 1956 } else { 1957 *data = s->h_lr[lr_idx][cpu]; 1958 } 1959 break; 1960 } 1961 1962 default: 1963 qemu_log_mask(LOG_GUEST_ERROR, 1964 "gic_hyp_read: Bad offset %" HWADDR_PRIx "\n", addr); 1965 return MEMTX_OK; 1966 } 1967 1968 trace_gic_hyp_read(addr, *data); 1969 return MEMTX_OK; 1970 } 1971 1972 static MemTxResult gic_hyp_write(void *opaque, int cpu, hwaddr addr, 1973 uint64_t value, MemTxAttrs attrs) 1974 { 1975 GICState *s = ARM_GIC(opaque); 1976 int vcpu = cpu + GIC_NCPU; 1977 1978 trace_gic_hyp_write(addr, value); 1979 1980 switch (addr) { 1981 case A_GICH_HCR: /* Hypervisor Control */ 1982 s->h_hcr[cpu] = value & GICH_HCR_MASK; 1983 break; 1984 1985 case A_GICH_VMCR: /* Virtual Machine Control */ 1986 gic_vmcr_write(s, value, attrs); 1987 break; 1988 1989 case A_GICH_APR: /* Active Priorities */ 1990 s->h_apr[cpu] = value; 1991 s->running_priority[vcpu] = gic_get_prio_from_apr_bits(s, vcpu); 1992 break; 1993 1994 case A_GICH_LR0 ... A_GICH_LR63: /* List Registers */ 1995 { 1996 int lr_idx = (addr - A_GICH_LR0) / 4; 1997 1998 if (lr_idx > s->num_lrs) { 1999 return MEMTX_OK; 2000 } 2001 2002 s->h_lr[lr_idx][cpu] = value & GICH_LR_MASK; 2003 trace_gic_lr_entry(cpu, lr_idx, s->h_lr[lr_idx][cpu]); 2004 break; 2005 } 2006 2007 default: 2008 qemu_log_mask(LOG_GUEST_ERROR, 2009 "gic_hyp_write: Bad offset %" HWADDR_PRIx "\n", addr); 2010 return MEMTX_OK; 2011 } 2012 2013 gic_update_virt(s); 2014 return MEMTX_OK; 2015 } 2016 2017 static MemTxResult gic_thiscpu_hyp_read(void *opaque, hwaddr addr, uint64_t *data, 2018 unsigned size, MemTxAttrs attrs) 2019 { 2020 GICState *s = (GICState *)opaque; 2021 2022 return gic_hyp_read(s, gic_get_current_cpu(s), addr, data, attrs); 2023 } 2024 2025 static MemTxResult gic_thiscpu_hyp_write(void *opaque, hwaddr addr, 2026 uint64_t value, unsigned size, 2027 MemTxAttrs attrs) 2028 { 2029 GICState *s = (GICState *)opaque; 2030 2031 return gic_hyp_write(s, gic_get_current_cpu(s), addr, value, attrs); 2032 } 2033 2034 static MemTxResult gic_do_hyp_read(void *opaque, hwaddr addr, uint64_t *data, 2035 unsigned size, MemTxAttrs attrs) 2036 { 2037 GICState **backref = (GICState **)opaque; 2038 GICState *s = *backref; 2039 int id = (backref - s->backref); 2040 2041 return gic_hyp_read(s, id, addr, data, attrs); 2042 } 2043 2044 static MemTxResult gic_do_hyp_write(void *opaque, hwaddr addr, 2045 uint64_t value, unsigned size, 2046 MemTxAttrs attrs) 2047 { 2048 GICState **backref = (GICState **)opaque; 2049 GICState *s = *backref; 2050 int id = (backref - s->backref); 2051 2052 return gic_hyp_write(s, id + GIC_NCPU, addr, value, attrs); 2053 2054 } 2055 2056 static const MemoryRegionOps gic_ops[2] = { 2057 { 2058 .read_with_attrs = gic_dist_read, 2059 .write_with_attrs = gic_dist_write, 2060 .endianness = DEVICE_NATIVE_ENDIAN, 2061 }, 2062 { 2063 .read_with_attrs = gic_thiscpu_read, 2064 .write_with_attrs = gic_thiscpu_write, 2065 .endianness = DEVICE_NATIVE_ENDIAN, 2066 } 2067 }; 2068 2069 static const MemoryRegionOps gic_cpu_ops = { 2070 .read_with_attrs = gic_do_cpu_read, 2071 .write_with_attrs = gic_do_cpu_write, 2072 .endianness = DEVICE_NATIVE_ENDIAN, 2073 }; 2074 2075 static const MemoryRegionOps gic_virt_ops[2] = { 2076 { 2077 .read_with_attrs = gic_thiscpu_hyp_read, 2078 .write_with_attrs = gic_thiscpu_hyp_write, 2079 .endianness = DEVICE_NATIVE_ENDIAN, 2080 }, 2081 { 2082 .read_with_attrs = gic_thisvcpu_read, 2083 .write_with_attrs = gic_thisvcpu_write, 2084 .endianness = DEVICE_NATIVE_ENDIAN, 2085 } 2086 }; 2087 2088 static const MemoryRegionOps gic_viface_ops = { 2089 .read_with_attrs = gic_do_hyp_read, 2090 .write_with_attrs = gic_do_hyp_write, 2091 .endianness = DEVICE_NATIVE_ENDIAN, 2092 }; 2093 2094 static void arm_gic_realize(DeviceState *dev, Error **errp) 2095 { 2096 /* Device instance realize function for the GIC sysbus device */ 2097 int i; 2098 GICState *s = ARM_GIC(dev); 2099 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 2100 ARMGICClass *agc = ARM_GIC_GET_CLASS(s); 2101 Error *local_err = NULL; 2102 2103 agc->parent_realize(dev, &local_err); 2104 if (local_err) { 2105 error_propagate(errp, local_err); 2106 return; 2107 } 2108 2109 if (kvm_enabled() && !kvm_arm_supports_user_irq()) { 2110 error_setg(errp, "KVM with user space irqchip only works when the " 2111 "host kernel supports KVM_CAP_ARM_USER_IRQ"); 2112 return; 2113 } 2114 2115 if (s->n_prio_bits > GIC_MAX_PRIORITY_BITS || 2116 (s->virt_extn ? s->n_prio_bits < GIC_VIRT_MAX_GROUP_PRIO_BITS : 2117 s->n_prio_bits < GIC_MIN_PRIORITY_BITS)) { 2118 error_setg(errp, "num-priority-bits cannot be greater than %d" 2119 " or less than %d", GIC_MAX_PRIORITY_BITS, 2120 s->virt_extn ? GIC_VIRT_MAX_GROUP_PRIO_BITS : 2121 GIC_MIN_PRIORITY_BITS); 2122 return; 2123 } 2124 2125 /* This creates distributor, main CPU interface (s->cpuiomem[0]) and if 2126 * enabled, virtualization extensions related interfaces (main virtual 2127 * interface (s->vifaceiomem[0]) and virtual CPU interface). 2128 */ 2129 gic_init_irqs_and_mmio(s, gic_set_irq, gic_ops, gic_virt_ops); 2130 2131 /* Extra core-specific regions for the CPU interfaces. This is 2132 * necessary for "franken-GIC" implementations, for example on 2133 * Exynos 4. 2134 * NB that the memory region size of 0x100 applies for the 11MPCore 2135 * and also cores following the GIC v1 spec (ie A9). 2136 * GIC v2 defines a larger memory region (0x1000) so this will need 2137 * to be extended when we implement A15. 2138 */ 2139 for (i = 0; i < s->num_cpu; i++) { 2140 s->backref[i] = s; 2141 memory_region_init_io(&s->cpuiomem[i+1], OBJECT(s), &gic_cpu_ops, 2142 &s->backref[i], "gic_cpu", 0x100); 2143 sysbus_init_mmio(sbd, &s->cpuiomem[i+1]); 2144 } 2145 2146 /* Extra core-specific regions for virtual interfaces. This is required by 2147 * the GICv2 specification. 2148 */ 2149 if (s->virt_extn) { 2150 for (i = 0; i < s->num_cpu; i++) { 2151 memory_region_init_io(&s->vifaceiomem[i + 1], OBJECT(s), 2152 &gic_viface_ops, &s->backref[i], 2153 "gic_viface", 0x200); 2154 sysbus_init_mmio(sbd, &s->vifaceiomem[i + 1]); 2155 } 2156 } 2157 2158 } 2159 2160 static void arm_gic_class_init(ObjectClass *klass, void *data) 2161 { 2162 DeviceClass *dc = DEVICE_CLASS(klass); 2163 ARMGICClass *agc = ARM_GIC_CLASS(klass); 2164 2165 device_class_set_parent_realize(dc, arm_gic_realize, &agc->parent_realize); 2166 } 2167 2168 static const TypeInfo arm_gic_info = { 2169 .name = TYPE_ARM_GIC, 2170 .parent = TYPE_ARM_GIC_COMMON, 2171 .instance_size = sizeof(GICState), 2172 .class_init = arm_gic_class_init, 2173 .class_size = sizeof(ARMGICClass), 2174 }; 2175 2176 static void arm_gic_register_types(void) 2177 { 2178 type_register_static(&arm_gic_info); 2179 } 2180 2181 type_init(arm_gic_register_types) 2182