1 /* 2 * ARM Generic Interrupt Controller v3 3 * 4 * Copyright (c) 2016 Linaro Limited 5 * Written by Peter Maydell 6 * 7 * This code is licensed under the GPL, version 2 or (at your option) 8 * any later version. 9 */ 10 11 /* This file contains the code for the system register interface 12 * portions of the GICv3. 13 */ 14 15 #include "qemu/osdep.h" 16 #include "trace.h" 17 #include "gicv3_internal.h" 18 #include "cpu.h" 19 20 static GICv3CPUState *icc_cs_from_env(CPUARMState *env) 21 { 22 /* Given the CPU, find the right GICv3CPUState struct. 23 * Since we registered the CPU interface with the EL change hook as 24 * the opaque pointer, we can just directly get from the CPU to it. 25 */ 26 return arm_get_el_change_hook_opaque(arm_env_get_cpu(env)); 27 } 28 29 static bool gicv3_use_ns_bank(CPUARMState *env) 30 { 31 /* Return true if we should use the NonSecure bank for a banked GIC 32 * CPU interface register. Note that this differs from the 33 * access_secure_reg() function because GICv3 banked registers are 34 * banked even for AArch64, unlike the other CPU system registers. 35 */ 36 return !arm_is_secure_below_el3(env); 37 } 38 39 static int icc_highest_active_prio(GICv3CPUState *cs) 40 { 41 /* Calculate the current running priority based on the set bits 42 * in the Active Priority Registers. 43 */ 44 int i; 45 46 for (i = 0; i < ARRAY_SIZE(cs->icc_apr[0]); i++) { 47 uint32_t apr = cs->icc_apr[GICV3_G0][i] | 48 cs->icc_apr[GICV3_G1][i] | cs->icc_apr[GICV3_G1NS][i]; 49 50 if (!apr) { 51 continue; 52 } 53 return (i * 32 + ctz32(apr)) << (GIC_MIN_BPR + 1); 54 } 55 /* No current active interrupts: return idle priority */ 56 return 0xff; 57 } 58 59 static uint32_t icc_gprio_mask(GICv3CPUState *cs, int group) 60 { 61 /* Return a mask word which clears the subpriority bits from 62 * a priority value for an interrupt in the specified group. 63 * This depends on the BPR value: 64 * a BPR of 0 means the group priority bits are [7:1]; 65 * a BPR of 1 means they are [7:2], and so on down to 66 * a BPR of 7 meaning no group priority bits at all. 67 * Which BPR to use depends on the group of the interrupt and 68 * the current ICC_CTLR.CBPR settings. 69 */ 70 if ((group == GICV3_G1 && cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_CBPR) || 71 (group == GICV3_G1NS && 72 cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR)) { 73 group = GICV3_G0; 74 } 75 76 return ~0U << ((cs->icc_bpr[group] & 7) + 1); 77 } 78 79 static bool icc_no_enabled_hppi(GICv3CPUState *cs) 80 { 81 /* Return true if there is no pending interrupt, or the 82 * highest priority pending interrupt is in a group which has been 83 * disabled at the CPU interface by the ICC_IGRPEN* register enable bits. 84 */ 85 return cs->hppi.prio == 0xff || (cs->icc_igrpen[cs->hppi.grp] == 0); 86 } 87 88 static bool icc_hppi_can_preempt(GICv3CPUState *cs) 89 { 90 /* Return true if we have a pending interrupt of sufficient 91 * priority to preempt. 92 */ 93 int rprio; 94 uint32_t mask; 95 96 if (icc_no_enabled_hppi(cs)) { 97 return false; 98 } 99 100 if (cs->hppi.prio >= cs->icc_pmr_el1) { 101 /* Priority mask masks this interrupt */ 102 return false; 103 } 104 105 rprio = icc_highest_active_prio(cs); 106 if (rprio == 0xff) { 107 /* No currently running interrupt so we can preempt */ 108 return true; 109 } 110 111 mask = icc_gprio_mask(cs, cs->hppi.grp); 112 113 /* We only preempt a running interrupt if the pending interrupt's 114 * group priority is sufficient (the subpriorities are not considered). 115 */ 116 if ((cs->hppi.prio & mask) < (rprio & mask)) { 117 return true; 118 } 119 120 return false; 121 } 122 123 void gicv3_cpuif_update(GICv3CPUState *cs) 124 { 125 /* Tell the CPU about its highest priority pending interrupt */ 126 int irqlevel = 0; 127 int fiqlevel = 0; 128 ARMCPU *cpu = ARM_CPU(cs->cpu); 129 CPUARMState *env = &cpu->env; 130 131 trace_gicv3_cpuif_update(gicv3_redist_affid(cs), cs->hppi.irq, 132 cs->hppi.grp, cs->hppi.prio); 133 134 if (cs->hppi.grp == GICV3_G1 && !arm_feature(env, ARM_FEATURE_EL3)) { 135 /* If a Security-enabled GIC sends a G1S interrupt to a 136 * Security-disabled CPU, we must treat it as if it were G0. 137 */ 138 cs->hppi.grp = GICV3_G0; 139 } 140 141 if (icc_hppi_can_preempt(cs)) { 142 /* We have an interrupt: should we signal it as IRQ or FIQ? 143 * This is described in the GICv3 spec section 4.6.2. 144 */ 145 bool isfiq; 146 147 switch (cs->hppi.grp) { 148 case GICV3_G0: 149 isfiq = true; 150 break; 151 case GICV3_G1: 152 isfiq = (!arm_is_secure(env) || 153 (arm_current_el(env) == 3 && arm_el_is_aa64(env, 3))); 154 break; 155 case GICV3_G1NS: 156 isfiq = arm_is_secure(env); 157 break; 158 default: 159 g_assert_not_reached(); 160 } 161 162 if (isfiq) { 163 fiqlevel = 1; 164 } else { 165 irqlevel = 1; 166 } 167 } 168 169 trace_gicv3_cpuif_set_irqs(gicv3_redist_affid(cs), fiqlevel, irqlevel); 170 171 qemu_set_irq(cs->parent_fiq, fiqlevel); 172 qemu_set_irq(cs->parent_irq, irqlevel); 173 } 174 175 static uint64_t icc_pmr_read(CPUARMState *env, const ARMCPRegInfo *ri) 176 { 177 GICv3CPUState *cs = icc_cs_from_env(env); 178 uint32_t value = cs->icc_pmr_el1; 179 180 if (arm_feature(env, ARM_FEATURE_EL3) && !arm_is_secure(env) && 181 (env->cp15.scr_el3 & SCR_FIQ)) { 182 /* NS access and Group 0 is inaccessible to NS: return the 183 * NS view of the current priority 184 */ 185 if (value & 0x80) { 186 /* Secure priorities not visible to NS */ 187 value = 0; 188 } else if (value != 0xff) { 189 value = (value << 1) & 0xff; 190 } 191 } 192 193 trace_gicv3_icc_pmr_read(gicv3_redist_affid(cs), value); 194 195 return value; 196 } 197 198 static void icc_pmr_write(CPUARMState *env, const ARMCPRegInfo *ri, 199 uint64_t value) 200 { 201 GICv3CPUState *cs = icc_cs_from_env(env); 202 203 trace_gicv3_icc_pmr_write(gicv3_redist_affid(cs), value); 204 205 value &= 0xff; 206 207 if (arm_feature(env, ARM_FEATURE_EL3) && !arm_is_secure(env) && 208 (env->cp15.scr_el3 & SCR_FIQ)) { 209 /* NS access and Group 0 is inaccessible to NS: return the 210 * NS view of the current priority 211 */ 212 if (!(cs->icc_pmr_el1 & 0x80)) { 213 /* Current PMR in the secure range, don't allow NS to change it */ 214 return; 215 } 216 value = (value >> 1) & 0x80; 217 } 218 cs->icc_pmr_el1 = value; 219 gicv3_cpuif_update(cs); 220 } 221 222 static void icc_activate_irq(GICv3CPUState *cs, int irq) 223 { 224 /* Move the interrupt from the Pending state to Active, and update 225 * the Active Priority Registers 226 */ 227 uint32_t mask = icc_gprio_mask(cs, cs->hppi.grp); 228 int prio = cs->hppi.prio & mask; 229 int aprbit = prio >> 1; 230 int regno = aprbit / 32; 231 int regbit = aprbit % 32; 232 233 cs->icc_apr[cs->hppi.grp][regno] |= (1 << regbit); 234 235 if (irq < GIC_INTERNAL) { 236 cs->gicr_iactiver0 = deposit32(cs->gicr_iactiver0, irq, 1, 1); 237 cs->gicr_ipendr0 = deposit32(cs->gicr_ipendr0, irq, 1, 0); 238 gicv3_redist_update(cs); 239 } else { 240 gicv3_gicd_active_set(cs->gic, irq); 241 gicv3_gicd_pending_clear(cs->gic, irq); 242 gicv3_update(cs->gic, irq, 1); 243 } 244 } 245 246 static uint64_t icc_hppir0_value(GICv3CPUState *cs, CPUARMState *env) 247 { 248 /* Return the highest priority pending interrupt register value 249 * for group 0. 250 */ 251 bool irq_is_secure; 252 253 if (cs->hppi.prio == 0xff) { 254 return INTID_SPURIOUS; 255 } 256 257 /* Check whether we can return the interrupt or if we should return 258 * a special identifier, as per the CheckGroup0ForSpecialIdentifiers 259 * pseudocode. (We can simplify a little because for us ICC_SRE_EL1.RM 260 * is always zero.) 261 */ 262 irq_is_secure = (!(cs->gic->gicd_ctlr & GICD_CTLR_DS) && 263 (cs->hppi.grp != GICV3_G1NS)); 264 265 if (cs->hppi.grp != GICV3_G0 && !arm_is_el3_or_mon(env)) { 266 return INTID_SPURIOUS; 267 } 268 if (irq_is_secure && !arm_is_secure(env)) { 269 /* Secure interrupts not visible to Nonsecure */ 270 return INTID_SPURIOUS; 271 } 272 273 if (cs->hppi.grp != GICV3_G0) { 274 /* Indicate to EL3 that there's a Group 1 interrupt for the other 275 * state pending. 276 */ 277 return irq_is_secure ? INTID_SECURE : INTID_NONSECURE; 278 } 279 280 return cs->hppi.irq; 281 } 282 283 static uint64_t icc_hppir1_value(GICv3CPUState *cs, CPUARMState *env) 284 { 285 /* Return the highest priority pending interrupt register value 286 * for group 1. 287 */ 288 bool irq_is_secure; 289 290 if (cs->hppi.prio == 0xff) { 291 return INTID_SPURIOUS; 292 } 293 294 /* Check whether we can return the interrupt or if we should return 295 * a special identifier, as per the CheckGroup1ForSpecialIdentifiers 296 * pseudocode. (We can simplify a little because for us ICC_SRE_EL1.RM 297 * is always zero.) 298 */ 299 irq_is_secure = (!(cs->gic->gicd_ctlr & GICD_CTLR_DS) && 300 (cs->hppi.grp != GICV3_G1NS)); 301 302 if (cs->hppi.grp == GICV3_G0) { 303 /* Group 0 interrupts not visible via HPPIR1 */ 304 return INTID_SPURIOUS; 305 } 306 if (irq_is_secure) { 307 if (!arm_is_secure(env)) { 308 /* Secure interrupts not visible in Non-secure */ 309 return INTID_SPURIOUS; 310 } 311 } else if (!arm_is_el3_or_mon(env) && arm_is_secure(env)) { 312 /* Group 1 non-secure interrupts not visible in Secure EL1 */ 313 return INTID_SPURIOUS; 314 } 315 316 return cs->hppi.irq; 317 } 318 319 static uint64_t icc_iar0_read(CPUARMState *env, const ARMCPRegInfo *ri) 320 { 321 GICv3CPUState *cs = icc_cs_from_env(env); 322 uint64_t intid; 323 324 if (!icc_hppi_can_preempt(cs)) { 325 intid = INTID_SPURIOUS; 326 } else { 327 intid = icc_hppir0_value(cs, env); 328 } 329 330 if (!(intid >= INTID_SECURE && intid <= INTID_SPURIOUS)) { 331 icc_activate_irq(cs, intid); 332 } 333 334 trace_gicv3_icc_iar0_read(gicv3_redist_affid(cs), intid); 335 return intid; 336 } 337 338 static uint64_t icc_iar1_read(CPUARMState *env, const ARMCPRegInfo *ri) 339 { 340 GICv3CPUState *cs = icc_cs_from_env(env); 341 uint64_t intid; 342 343 if (!icc_hppi_can_preempt(cs)) { 344 intid = INTID_SPURIOUS; 345 } else { 346 intid = icc_hppir1_value(cs, env); 347 } 348 349 if (!(intid >= INTID_SECURE && intid <= INTID_SPURIOUS)) { 350 icc_activate_irq(cs, intid); 351 } 352 353 trace_gicv3_icc_iar1_read(gicv3_redist_affid(cs), intid); 354 return intid; 355 } 356 357 static void icc_drop_prio(GICv3CPUState *cs, int grp) 358 { 359 /* Drop the priority of the currently active interrupt in 360 * the specified group. 361 * 362 * Note that we can guarantee (because of the requirement to nest 363 * ICC_IAR reads [which activate an interrupt and raise priority] 364 * with ICC_EOIR writes [which drop the priority for the interrupt]) 365 * that the interrupt we're being called for is the highest priority 366 * active interrupt, meaning that it has the lowest set bit in the 367 * APR registers. 368 * 369 * If the guest does not honour the ordering constraints then the 370 * behaviour of the GIC is UNPREDICTABLE, which for us means that 371 * the values of the APR registers might become incorrect and the 372 * running priority will be wrong, so interrupts that should preempt 373 * might not do so, and interrupts that should not preempt might do so. 374 */ 375 int i; 376 377 for (i = 0; i < ARRAY_SIZE(cs->icc_apr[grp]); i++) { 378 uint64_t *papr = &cs->icc_apr[grp][i]; 379 380 if (!*papr) { 381 continue; 382 } 383 /* Clear the lowest set bit */ 384 *papr &= *papr - 1; 385 break; 386 } 387 388 /* running priority change means we need an update for this cpu i/f */ 389 gicv3_cpuif_update(cs); 390 } 391 392 static bool icc_eoi_split(CPUARMState *env, GICv3CPUState *cs) 393 { 394 /* Return true if we should split priority drop and interrupt 395 * deactivation, ie whether the relevant EOIMode bit is set. 396 */ 397 if (arm_is_el3_or_mon(env)) { 398 return cs->icc_ctlr_el3 & ICC_CTLR_EL3_EOIMODE_EL3; 399 } 400 if (arm_is_secure_below_el3(env)) { 401 return cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_EOIMODE; 402 } else { 403 return cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_EOIMODE; 404 } 405 } 406 407 static int icc_highest_active_group(GICv3CPUState *cs) 408 { 409 /* Return the group with the highest priority active interrupt. 410 * We can do this by just comparing the APRs to see which one 411 * has the lowest set bit. 412 * (If more than one group is active at the same priority then 413 * we're in UNPREDICTABLE territory.) 414 */ 415 int i; 416 417 for (i = 0; i < ARRAY_SIZE(cs->icc_apr[0]); i++) { 418 int g0ctz = ctz32(cs->icc_apr[GICV3_G0][i]); 419 int g1ctz = ctz32(cs->icc_apr[GICV3_G1][i]); 420 int g1nsctz = ctz32(cs->icc_apr[GICV3_G1NS][i]); 421 422 if (g1nsctz < g0ctz && g1nsctz < g1ctz) { 423 return GICV3_G1NS; 424 } 425 if (g1ctz < g0ctz) { 426 return GICV3_G1; 427 } 428 if (g0ctz < 32) { 429 return GICV3_G0; 430 } 431 } 432 /* No set active bits? UNPREDICTABLE; return -1 so the caller 433 * ignores the spurious EOI attempt. 434 */ 435 return -1; 436 } 437 438 static void icc_deactivate_irq(GICv3CPUState *cs, int irq) 439 { 440 if (irq < GIC_INTERNAL) { 441 cs->gicr_iactiver0 = deposit32(cs->gicr_iactiver0, irq, 1, 0); 442 gicv3_redist_update(cs); 443 } else { 444 gicv3_gicd_active_clear(cs->gic, irq); 445 gicv3_update(cs->gic, irq, 1); 446 } 447 } 448 449 static void icc_eoir_write(CPUARMState *env, const ARMCPRegInfo *ri, 450 uint64_t value) 451 { 452 /* End of Interrupt */ 453 GICv3CPUState *cs = icc_cs_from_env(env); 454 int irq = value & 0xffffff; 455 int grp; 456 457 trace_gicv3_icc_eoir_write(ri->crm == 8 ? 0 : 1, 458 gicv3_redist_affid(cs), value); 459 460 if (ri->crm == 8) { 461 /* EOIR0 */ 462 grp = GICV3_G0; 463 } else { 464 /* EOIR1 */ 465 if (arm_is_secure(env)) { 466 grp = GICV3_G1; 467 } else { 468 grp = GICV3_G1NS; 469 } 470 } 471 472 if (irq >= cs->gic->num_irq) { 473 /* This handles two cases: 474 * 1. If software writes the ID of a spurious interrupt [ie 1020-1023] 475 * to the GICC_EOIR, the GIC ignores that write. 476 * 2. If software writes the number of a non-existent interrupt 477 * this must be a subcase of "value written does not match the last 478 * valid interrupt value read from the Interrupt Acknowledge 479 * register" and so this is UNPREDICTABLE. We choose to ignore it. 480 */ 481 return; 482 } 483 484 if (icc_highest_active_group(cs) != grp) { 485 return; 486 } 487 488 icc_drop_prio(cs, grp); 489 490 if (!icc_eoi_split(env, cs)) { 491 /* Priority drop and deactivate not split: deactivate irq now */ 492 icc_deactivate_irq(cs, irq); 493 } 494 } 495 496 static uint64_t icc_hppir0_read(CPUARMState *env, const ARMCPRegInfo *ri) 497 { 498 GICv3CPUState *cs = icc_cs_from_env(env); 499 uint64_t value = icc_hppir0_value(cs, env); 500 501 trace_gicv3_icc_hppir0_read(gicv3_redist_affid(cs), value); 502 return value; 503 } 504 505 static uint64_t icc_hppir1_read(CPUARMState *env, const ARMCPRegInfo *ri) 506 { 507 GICv3CPUState *cs = icc_cs_from_env(env); 508 uint64_t value = icc_hppir1_value(cs, env); 509 510 trace_gicv3_icc_hppir1_read(gicv3_redist_affid(cs), value); 511 return value; 512 } 513 514 static uint64_t icc_bpr_read(CPUARMState *env, const ARMCPRegInfo *ri) 515 { 516 GICv3CPUState *cs = icc_cs_from_env(env); 517 int grp = (ri->crm == 8) ? GICV3_G0 : GICV3_G1; 518 bool satinc = false; 519 uint64_t bpr; 520 521 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 522 grp = GICV3_G1NS; 523 } 524 525 if (grp == GICV3_G1 && !arm_is_el3_or_mon(env) && 526 (cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_CBPR)) { 527 /* CBPR_EL1S means secure EL1 or AArch32 EL3 !Mon BPR1 accesses 528 * modify BPR0 529 */ 530 grp = GICV3_G0; 531 } 532 533 if (grp == GICV3_G1NS && arm_current_el(env) < 3 && 534 (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR)) { 535 /* reads return bpr0 + 1 sat to 7, writes ignored */ 536 grp = GICV3_G0; 537 satinc = true; 538 } 539 540 bpr = cs->icc_bpr[grp]; 541 if (satinc) { 542 bpr++; 543 bpr = MIN(bpr, 7); 544 } 545 546 trace_gicv3_icc_bpr_read(ri->crm == 8 ? 0 : 1, gicv3_redist_affid(cs), bpr); 547 548 return bpr; 549 } 550 551 static void icc_bpr_write(CPUARMState *env, const ARMCPRegInfo *ri, 552 uint64_t value) 553 { 554 GICv3CPUState *cs = icc_cs_from_env(env); 555 int grp = (ri->crm == 8) ? GICV3_G0 : GICV3_G1; 556 557 trace_gicv3_icc_bpr_write(ri->crm == 8 ? 0 : 1, 558 gicv3_redist_affid(cs), value); 559 560 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 561 grp = GICV3_G1NS; 562 } 563 564 if (grp == GICV3_G1 && !arm_is_el3_or_mon(env) && 565 (cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_CBPR)) { 566 /* CBPR_EL1S means secure EL1 or AArch32 EL3 !Mon BPR1 accesses 567 * modify BPR0 568 */ 569 grp = GICV3_G0; 570 } 571 572 if (grp == GICV3_G1NS && arm_current_el(env) < 3 && 573 (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR)) { 574 /* reads return bpr0 + 1 sat to 7, writes ignored */ 575 return; 576 } 577 578 cs->icc_bpr[grp] = value & 7; 579 gicv3_cpuif_update(cs); 580 } 581 582 static uint64_t icc_ap_read(CPUARMState *env, const ARMCPRegInfo *ri) 583 { 584 GICv3CPUState *cs = icc_cs_from_env(env); 585 uint64_t value; 586 587 int regno = ri->opc2 & 3; 588 int grp = ri->crm & 1 ? GICV3_G0 : GICV3_G1; 589 590 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 591 grp = GICV3_G1NS; 592 } 593 594 value = cs->icc_apr[grp][regno]; 595 596 trace_gicv3_icc_ap_read(ri->crm & 1, regno, gicv3_redist_affid(cs), value); 597 return value; 598 } 599 600 static void icc_ap_write(CPUARMState *env, const ARMCPRegInfo *ri, 601 uint64_t value) 602 { 603 GICv3CPUState *cs = icc_cs_from_env(env); 604 605 int regno = ri->opc2 & 3; 606 int grp = ri->crm & 1 ? GICV3_G0 : GICV3_G1; 607 608 trace_gicv3_icc_ap_write(ri->crm & 1, regno, gicv3_redist_affid(cs), value); 609 610 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 611 grp = GICV3_G1NS; 612 } 613 614 /* It's not possible to claim that a Non-secure interrupt is active 615 * at a priority outside the Non-secure range (128..255), since this 616 * would otherwise allow malicious NS code to block delivery of S interrupts 617 * by writing a bad value to these registers. 618 */ 619 if (grp == GICV3_G1NS && regno < 2 && arm_feature(env, ARM_FEATURE_EL3)) { 620 return; 621 } 622 623 cs->icc_apr[grp][regno] = value & 0xFFFFFFFFU; 624 gicv3_cpuif_update(cs); 625 } 626 627 static void icc_dir_write(CPUARMState *env, const ARMCPRegInfo *ri, 628 uint64_t value) 629 { 630 /* Deactivate interrupt */ 631 GICv3CPUState *cs = icc_cs_from_env(env); 632 int irq = value & 0xffffff; 633 bool irq_is_secure, single_sec_state, irq_is_grp0; 634 bool route_fiq_to_el3, route_irq_to_el3, route_fiq_to_el2, route_irq_to_el2; 635 636 trace_gicv3_icc_dir_write(gicv3_redist_affid(cs), value); 637 638 if (irq >= cs->gic->num_irq) { 639 /* Also catches special interrupt numbers and LPIs */ 640 return; 641 } 642 643 if (!icc_eoi_split(env, cs)) { 644 return; 645 } 646 647 int grp = gicv3_irq_group(cs->gic, cs, irq); 648 649 single_sec_state = cs->gic->gicd_ctlr & GICD_CTLR_DS; 650 irq_is_secure = !single_sec_state && (grp != GICV3_G1NS); 651 irq_is_grp0 = grp == GICV3_G0; 652 653 /* Check whether we're allowed to deactivate this interrupt based 654 * on its group and the current CPU state. 655 * These checks are laid out to correspond to the spec's pseudocode. 656 */ 657 route_fiq_to_el3 = env->cp15.scr_el3 & SCR_FIQ; 658 route_irq_to_el3 = env->cp15.scr_el3 & SCR_IRQ; 659 /* No need to include !IsSecure in route_*_to_el2 as it's only 660 * tested in cases where we know !IsSecure is true. 661 */ 662 route_fiq_to_el2 = env->cp15.hcr_el2 & HCR_FMO; 663 route_irq_to_el2 = env->cp15.hcr_el2 & HCR_FMO; 664 665 switch (arm_current_el(env)) { 666 case 3: 667 break; 668 case 2: 669 if (single_sec_state && irq_is_grp0 && !route_fiq_to_el3) { 670 break; 671 } 672 if (!irq_is_secure && !irq_is_grp0 && !route_irq_to_el3) { 673 break; 674 } 675 return; 676 case 1: 677 if (!arm_is_secure_below_el3(env)) { 678 if (single_sec_state && irq_is_grp0 && 679 !route_fiq_to_el3 && !route_fiq_to_el2) { 680 break; 681 } 682 if (!irq_is_secure && !irq_is_grp0 && 683 !route_irq_to_el3 && !route_irq_to_el2) { 684 break; 685 } 686 } else { 687 if (irq_is_grp0 && !route_fiq_to_el3) { 688 break; 689 } 690 if (!irq_is_grp0 && 691 (!irq_is_secure || !single_sec_state) && 692 !route_irq_to_el3) { 693 break; 694 } 695 } 696 return; 697 default: 698 g_assert_not_reached(); 699 } 700 701 icc_deactivate_irq(cs, irq); 702 } 703 704 static uint64_t icc_rpr_read(CPUARMState *env, const ARMCPRegInfo *ri) 705 { 706 GICv3CPUState *cs = icc_cs_from_env(env); 707 int prio = icc_highest_active_prio(cs); 708 709 if (arm_feature(env, ARM_FEATURE_EL3) && 710 !arm_is_secure(env) && (env->cp15.scr_el3 & SCR_FIQ)) { 711 /* NS GIC access and Group 0 is inaccessible to NS */ 712 if (prio & 0x80) { 713 /* NS mustn't see priorities in the Secure half of the range */ 714 prio = 0; 715 } else if (prio != 0xff) { 716 /* Non-idle priority: show the Non-secure view of it */ 717 prio = (prio << 1) & 0xff; 718 } 719 } 720 721 trace_gicv3_icc_rpr_read(gicv3_redist_affid(cs), prio); 722 return prio; 723 } 724 725 static void icc_generate_sgi(CPUARMState *env, GICv3CPUState *cs, 726 uint64_t value, int grp, bool ns) 727 { 728 GICv3State *s = cs->gic; 729 730 /* Extract Aff3/Aff2/Aff1 and shift into the bottom 24 bits */ 731 uint64_t aff = extract64(value, 48, 8) << 16 | 732 extract64(value, 32, 8) << 8 | 733 extract64(value, 16, 8); 734 uint32_t targetlist = extract64(value, 0, 16); 735 uint32_t irq = extract64(value, 24, 4); 736 bool irm = extract64(value, 40, 1); 737 int i; 738 739 if (grp == GICV3_G1 && s->gicd_ctlr & GICD_CTLR_DS) { 740 /* If GICD_CTLR.DS == 1, the Distributor treats Secure Group 1 741 * interrupts as Group 0 interrupts and must send Secure Group 0 742 * interrupts to the target CPUs. 743 */ 744 grp = GICV3_G0; 745 } 746 747 trace_gicv3_icc_generate_sgi(gicv3_redist_affid(cs), irq, irm, 748 aff, targetlist); 749 750 for (i = 0; i < s->num_cpu; i++) { 751 GICv3CPUState *ocs = &s->cpu[i]; 752 753 if (irm) { 754 /* IRM == 1 : route to all CPUs except self */ 755 if (cs == ocs) { 756 continue; 757 } 758 } else { 759 /* IRM == 0 : route to Aff3.Aff2.Aff1.n for all n in [0..15] 760 * where the corresponding bit is set in targetlist 761 */ 762 int aff0; 763 764 if (ocs->gicr_typer >> 40 != aff) { 765 continue; 766 } 767 aff0 = extract64(ocs->gicr_typer, 32, 8); 768 if (aff0 > 15 || extract32(targetlist, aff0, 1) == 0) { 769 continue; 770 } 771 } 772 773 /* The redistributor will check against its own GICR_NSACR as needed */ 774 gicv3_redist_send_sgi(ocs, grp, irq, ns); 775 } 776 } 777 778 static void icc_sgi0r_write(CPUARMState *env, const ARMCPRegInfo *ri, 779 uint64_t value) 780 { 781 /* Generate Secure Group 0 SGI. */ 782 GICv3CPUState *cs = icc_cs_from_env(env); 783 bool ns = !arm_is_secure(env); 784 785 icc_generate_sgi(env, cs, value, GICV3_G0, ns); 786 } 787 788 static void icc_sgi1r_write(CPUARMState *env, const ARMCPRegInfo *ri, 789 uint64_t value) 790 { 791 /* Generate Group 1 SGI for the current Security state */ 792 GICv3CPUState *cs = icc_cs_from_env(env); 793 int grp; 794 bool ns = !arm_is_secure(env); 795 796 grp = ns ? GICV3_G1NS : GICV3_G1; 797 icc_generate_sgi(env, cs, value, grp, ns); 798 } 799 800 static void icc_asgi1r_write(CPUARMState *env, const ARMCPRegInfo *ri, 801 uint64_t value) 802 { 803 /* Generate Group 1 SGI for the Security state that is not 804 * the current state 805 */ 806 GICv3CPUState *cs = icc_cs_from_env(env); 807 int grp; 808 bool ns = !arm_is_secure(env); 809 810 grp = ns ? GICV3_G1 : GICV3_G1NS; 811 icc_generate_sgi(env, cs, value, grp, ns); 812 } 813 814 static uint64_t icc_igrpen_read(CPUARMState *env, const ARMCPRegInfo *ri) 815 { 816 GICv3CPUState *cs = icc_cs_from_env(env); 817 int grp = ri->opc2 & 1 ? GICV3_G1 : GICV3_G0; 818 uint64_t value; 819 820 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 821 grp = GICV3_G1NS; 822 } 823 824 value = cs->icc_igrpen[grp]; 825 trace_gicv3_icc_igrpen_read(ri->opc2 & 1 ? 1 : 0, 826 gicv3_redist_affid(cs), value); 827 return value; 828 } 829 830 static void icc_igrpen_write(CPUARMState *env, const ARMCPRegInfo *ri, 831 uint64_t value) 832 { 833 GICv3CPUState *cs = icc_cs_from_env(env); 834 int grp = ri->opc2 & 1 ? GICV3_G1 : GICV3_G0; 835 836 trace_gicv3_icc_igrpen_write(ri->opc2 & 1 ? 1 : 0, 837 gicv3_redist_affid(cs), value); 838 839 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 840 grp = GICV3_G1NS; 841 } 842 843 cs->icc_igrpen[grp] = value & ICC_IGRPEN_ENABLE; 844 gicv3_cpuif_update(cs); 845 } 846 847 static uint64_t icc_igrpen1_el3_read(CPUARMState *env, const ARMCPRegInfo *ri) 848 { 849 GICv3CPUState *cs = icc_cs_from_env(env); 850 uint64_t value; 851 852 /* IGRPEN1_EL3 bits 0 and 1 are r/w aliases into IGRPEN1_EL1 NS and S */ 853 value = cs->icc_igrpen[GICV3_G1NS] | (cs->icc_igrpen[GICV3_G1] << 1); 854 trace_gicv3_icc_igrpen1_el3_read(gicv3_redist_affid(cs), value); 855 return value; 856 } 857 858 static void icc_igrpen1_el3_write(CPUARMState *env, const ARMCPRegInfo *ri, 859 uint64_t value) 860 { 861 GICv3CPUState *cs = icc_cs_from_env(env); 862 863 trace_gicv3_icc_igrpen1_el3_write(gicv3_redist_affid(cs), value); 864 865 /* IGRPEN1_EL3 bits 0 and 1 are r/w aliases into IGRPEN1_EL1 NS and S */ 866 cs->icc_igrpen[GICV3_G1NS] = extract32(value, 0, 1); 867 cs->icc_igrpen[GICV3_G1] = extract32(value, 1, 1); 868 gicv3_cpuif_update(cs); 869 } 870 871 static uint64_t icc_ctlr_el1_read(CPUARMState *env, const ARMCPRegInfo *ri) 872 { 873 GICv3CPUState *cs = icc_cs_from_env(env); 874 int bank = gicv3_use_ns_bank(env) ? GICV3_NS : GICV3_S; 875 uint64_t value; 876 877 value = cs->icc_ctlr_el1[bank]; 878 trace_gicv3_icc_ctlr_read(gicv3_redist_affid(cs), value); 879 return value; 880 } 881 882 static void icc_ctlr_el1_write(CPUARMState *env, const ARMCPRegInfo *ri, 883 uint64_t value) 884 { 885 GICv3CPUState *cs = icc_cs_from_env(env); 886 int bank = gicv3_use_ns_bank(env) ? GICV3_NS : GICV3_S; 887 uint64_t mask; 888 889 trace_gicv3_icc_ctlr_write(gicv3_redist_affid(cs), value); 890 891 /* Only CBPR and EOIMODE can be RW; 892 * for us PMHE is RAZ/WI (we don't implement 1-of-N interrupts or 893 * the asseciated priority-based routing of them); 894 * if EL3 is implemented and GICD_CTLR.DS == 0, then PMHE and CBPR are RO. 895 */ 896 if (arm_feature(env, ARM_FEATURE_EL3) && 897 ((cs->gic->gicd_ctlr & GICD_CTLR_DS) == 0)) { 898 mask = ICC_CTLR_EL1_EOIMODE; 899 } else { 900 mask = ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE; 901 } 902 903 cs->icc_ctlr_el1[bank] &= ~mask; 904 cs->icc_ctlr_el1[bank] |= (value & mask); 905 gicv3_cpuif_update(cs); 906 } 907 908 909 static uint64_t icc_ctlr_el3_read(CPUARMState *env, const ARMCPRegInfo *ri) 910 { 911 GICv3CPUState *cs = icc_cs_from_env(env); 912 uint64_t value; 913 914 value = cs->icc_ctlr_el3; 915 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_EOIMODE) { 916 value |= ICC_CTLR_EL3_EOIMODE_EL1NS; 917 } 918 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR) { 919 value |= ICC_CTLR_EL3_CBPR_EL1NS; 920 } 921 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_EOIMODE) { 922 value |= ICC_CTLR_EL3_EOIMODE_EL1S; 923 } 924 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR) { 925 value |= ICC_CTLR_EL3_CBPR_EL1S; 926 } 927 928 trace_gicv3_icc_ctlr_el3_read(gicv3_redist_affid(cs), value); 929 return value; 930 } 931 932 static void icc_ctlr_el3_write(CPUARMState *env, const ARMCPRegInfo *ri, 933 uint64_t value) 934 { 935 GICv3CPUState *cs = icc_cs_from_env(env); 936 uint64_t mask; 937 938 trace_gicv3_icc_ctlr_el3_write(gicv3_redist_affid(cs), value); 939 940 /* *_EL1NS and *_EL1S bits are aliases into the ICC_CTLR_EL1 bits. */ 941 cs->icc_ctlr_el1[GICV3_NS] &= (ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE); 942 if (value & ICC_CTLR_EL3_EOIMODE_EL1NS) { 943 cs->icc_ctlr_el1[GICV3_NS] |= ICC_CTLR_EL1_EOIMODE; 944 } 945 if (value & ICC_CTLR_EL3_CBPR_EL1NS) { 946 cs->icc_ctlr_el1[GICV3_NS] |= ICC_CTLR_EL1_CBPR; 947 } 948 949 cs->icc_ctlr_el1[GICV3_S] &= (ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE); 950 if (value & ICC_CTLR_EL3_EOIMODE_EL1S) { 951 cs->icc_ctlr_el1[GICV3_S] |= ICC_CTLR_EL1_EOIMODE; 952 } 953 if (value & ICC_CTLR_EL3_CBPR_EL1S) { 954 cs->icc_ctlr_el1[GICV3_S] |= ICC_CTLR_EL1_CBPR; 955 } 956 957 /* The only bit stored in icc_ctlr_el3 which is writeable is EOIMODE_EL3: */ 958 mask = ICC_CTLR_EL3_EOIMODE_EL3; 959 960 cs->icc_ctlr_el3 &= ~mask; 961 cs->icc_ctlr_el3 |= (value & mask); 962 gicv3_cpuif_update(cs); 963 } 964 965 static CPAccessResult gicv3_irqfiq_access(CPUARMState *env, 966 const ARMCPRegInfo *ri, bool isread) 967 { 968 CPAccessResult r = CP_ACCESS_OK; 969 970 if ((env->cp15.scr_el3 & (SCR_FIQ | SCR_IRQ)) == (SCR_FIQ | SCR_IRQ)) { 971 switch (arm_current_el(env)) { 972 case 1: 973 if (arm_is_secure_below_el3(env) || 974 ((env->cp15.hcr_el2 & (HCR_IMO | HCR_FMO)) == 0)) { 975 r = CP_ACCESS_TRAP_EL3; 976 } 977 break; 978 case 2: 979 r = CP_ACCESS_TRAP_EL3; 980 break; 981 case 3: 982 if (!is_a64(env) && !arm_is_el3_or_mon(env)) { 983 r = CP_ACCESS_TRAP_EL3; 984 } 985 break; 986 default: 987 g_assert_not_reached(); 988 } 989 } 990 991 if (r == CP_ACCESS_TRAP_EL3 && !arm_el_is_aa64(env, 3)) { 992 r = CP_ACCESS_TRAP; 993 } 994 return r; 995 } 996 997 static CPAccessResult gicv3_fiq_access(CPUARMState *env, 998 const ARMCPRegInfo *ri, bool isread) 999 { 1000 CPAccessResult r = CP_ACCESS_OK; 1001 1002 if (env->cp15.scr_el3 & SCR_FIQ) { 1003 switch (arm_current_el(env)) { 1004 case 1: 1005 if (arm_is_secure_below_el3(env) || 1006 ((env->cp15.hcr_el2 & HCR_FMO) == 0)) { 1007 r = CP_ACCESS_TRAP_EL3; 1008 } 1009 break; 1010 case 2: 1011 r = CP_ACCESS_TRAP_EL3; 1012 break; 1013 case 3: 1014 if (!is_a64(env) && !arm_is_el3_or_mon(env)) { 1015 r = CP_ACCESS_TRAP_EL3; 1016 } 1017 break; 1018 default: 1019 g_assert_not_reached(); 1020 } 1021 } 1022 1023 if (r == CP_ACCESS_TRAP_EL3 && !arm_el_is_aa64(env, 3)) { 1024 r = CP_ACCESS_TRAP; 1025 } 1026 return r; 1027 } 1028 1029 static CPAccessResult gicv3_irq_access(CPUARMState *env, 1030 const ARMCPRegInfo *ri, bool isread) 1031 { 1032 CPAccessResult r = CP_ACCESS_OK; 1033 1034 if (env->cp15.scr_el3 & SCR_IRQ) { 1035 switch (arm_current_el(env)) { 1036 case 1: 1037 if (arm_is_secure_below_el3(env) || 1038 ((env->cp15.hcr_el2 & HCR_IMO) == 0)) { 1039 r = CP_ACCESS_TRAP_EL3; 1040 } 1041 break; 1042 case 2: 1043 r = CP_ACCESS_TRAP_EL3; 1044 break; 1045 case 3: 1046 if (!is_a64(env) && !arm_is_el3_or_mon(env)) { 1047 r = CP_ACCESS_TRAP_EL3; 1048 } 1049 break; 1050 default: 1051 g_assert_not_reached(); 1052 } 1053 } 1054 1055 if (r == CP_ACCESS_TRAP_EL3 && !arm_el_is_aa64(env, 3)) { 1056 r = CP_ACCESS_TRAP; 1057 } 1058 return r; 1059 } 1060 1061 static void icc_reset(CPUARMState *env, const ARMCPRegInfo *ri) 1062 { 1063 GICv3CPUState *cs = icc_cs_from_env(env); 1064 1065 cs->icc_ctlr_el1[GICV3_S] = ICC_CTLR_EL1_A3V | 1066 (1 << ICC_CTLR_EL1_IDBITS_SHIFT) | 1067 (7 << ICC_CTLR_EL1_PRIBITS_SHIFT); 1068 cs->icc_ctlr_el1[GICV3_NS] = ICC_CTLR_EL1_A3V | 1069 (1 << ICC_CTLR_EL1_IDBITS_SHIFT) | 1070 (7 << ICC_CTLR_EL1_PRIBITS_SHIFT); 1071 cs->icc_pmr_el1 = 0; 1072 cs->icc_bpr[GICV3_G0] = GIC_MIN_BPR; 1073 cs->icc_bpr[GICV3_G1] = GIC_MIN_BPR; 1074 if (arm_feature(env, ARM_FEATURE_EL3)) { 1075 cs->icc_bpr[GICV3_G1NS] = GIC_MIN_BPR_NS; 1076 } else { 1077 cs->icc_bpr[GICV3_G1NS] = GIC_MIN_BPR; 1078 } 1079 memset(cs->icc_apr, 0, sizeof(cs->icc_apr)); 1080 memset(cs->icc_igrpen, 0, sizeof(cs->icc_igrpen)); 1081 cs->icc_ctlr_el3 = ICC_CTLR_EL3_NDS | ICC_CTLR_EL3_A3V | 1082 (1 << ICC_CTLR_EL3_IDBITS_SHIFT) | 1083 (7 << ICC_CTLR_EL3_PRIBITS_SHIFT); 1084 } 1085 1086 static const ARMCPRegInfo gicv3_cpuif_reginfo[] = { 1087 { .name = "ICC_PMR_EL1", .state = ARM_CP_STATE_BOTH, 1088 .opc0 = 3, .opc1 = 0, .crn = 4, .crm = 6, .opc2 = 0, 1089 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1090 .access = PL1_RW, .accessfn = gicv3_irqfiq_access, 1091 .readfn = icc_pmr_read, 1092 .writefn = icc_pmr_write, 1093 /* We hang the whole cpu interface reset routine off here 1094 * rather than parcelling it out into one little function 1095 * per register 1096 */ 1097 .resetfn = icc_reset, 1098 }, 1099 { .name = "ICC_IAR0_EL1", .state = ARM_CP_STATE_BOTH, 1100 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 0, 1101 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1102 .access = PL1_R, .accessfn = gicv3_fiq_access, 1103 .readfn = icc_iar0_read, 1104 }, 1105 { .name = "ICC_EOIR0_EL1", .state = ARM_CP_STATE_BOTH, 1106 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 1, 1107 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1108 .access = PL1_W, .accessfn = gicv3_fiq_access, 1109 .writefn = icc_eoir_write, 1110 }, 1111 { .name = "ICC_HPPIR0_EL1", .state = ARM_CP_STATE_BOTH, 1112 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 2, 1113 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1114 .access = PL1_R, .accessfn = gicv3_fiq_access, 1115 .readfn = icc_hppir0_read, 1116 }, 1117 { .name = "ICC_BPR0_EL1", .state = ARM_CP_STATE_BOTH, 1118 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 3, 1119 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1120 .access = PL1_RW, .accessfn = gicv3_fiq_access, 1121 .fieldoffset = offsetof(GICv3CPUState, icc_bpr[GICV3_G0]), 1122 .writefn = icc_bpr_write, 1123 }, 1124 { .name = "ICC_AP0R0_EL1", .state = ARM_CP_STATE_BOTH, 1125 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 4, 1126 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1127 .access = PL1_RW, .accessfn = gicv3_fiq_access, 1128 .fieldoffset = offsetof(GICv3CPUState, icc_apr[GICV3_G0][0]), 1129 .writefn = icc_ap_write, 1130 }, 1131 { .name = "ICC_AP0R1_EL1", .state = ARM_CP_STATE_BOTH, 1132 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 5, 1133 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1134 .access = PL1_RW, .accessfn = gicv3_fiq_access, 1135 .fieldoffset = offsetof(GICv3CPUState, icc_apr[GICV3_G0][1]), 1136 .writefn = icc_ap_write, 1137 }, 1138 { .name = "ICC_AP0R2_EL1", .state = ARM_CP_STATE_BOTH, 1139 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 6, 1140 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1141 .access = PL1_RW, .accessfn = gicv3_fiq_access, 1142 .fieldoffset = offsetof(GICv3CPUState, icc_apr[GICV3_G0][2]), 1143 .writefn = icc_ap_write, 1144 }, 1145 { .name = "ICC_AP0R3_EL1", .state = ARM_CP_STATE_BOTH, 1146 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 7, 1147 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1148 .access = PL1_RW, .accessfn = gicv3_fiq_access, 1149 .fieldoffset = offsetof(GICv3CPUState, icc_apr[GICV3_G0][3]), 1150 .writefn = icc_ap_write, 1151 }, 1152 /* All the ICC_AP1R*_EL1 registers are banked */ 1153 { .name = "ICC_AP1R0_EL1", .state = ARM_CP_STATE_BOTH, 1154 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 0, 1155 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1156 .access = PL1_RW, .accessfn = gicv3_irq_access, 1157 .readfn = icc_ap_read, 1158 .writefn = icc_ap_write, 1159 }, 1160 { .name = "ICC_AP1R1_EL1", .state = ARM_CP_STATE_BOTH, 1161 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 1, 1162 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1163 .access = PL1_RW, .accessfn = gicv3_irq_access, 1164 .readfn = icc_ap_read, 1165 .writefn = icc_ap_write, 1166 }, 1167 { .name = "ICC_AP1R2_EL1", .state = ARM_CP_STATE_BOTH, 1168 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 2, 1169 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1170 .access = PL1_RW, .accessfn = gicv3_irq_access, 1171 .readfn = icc_ap_read, 1172 .writefn = icc_ap_write, 1173 }, 1174 { .name = "ICC_AP1R3_EL1", .state = ARM_CP_STATE_BOTH, 1175 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 3, 1176 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1177 .access = PL1_RW, .accessfn = gicv3_irq_access, 1178 .readfn = icc_ap_read, 1179 .writefn = icc_ap_write, 1180 }, 1181 { .name = "ICC_DIR_EL1", .state = ARM_CP_STATE_BOTH, 1182 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 1, 1183 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1184 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1185 .writefn = icc_dir_write, 1186 }, 1187 { .name = "ICC_RPR_EL1", .state = ARM_CP_STATE_BOTH, 1188 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 3, 1189 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1190 .access = PL1_R, .accessfn = gicv3_irqfiq_access, 1191 .readfn = icc_rpr_read, 1192 }, 1193 { .name = "ICC_SGI1R_EL1", .state = ARM_CP_STATE_AA64, 1194 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 5, 1195 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1196 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1197 .writefn = icc_sgi1r_write, 1198 }, 1199 { .name = "ICC_SGI1R", 1200 .cp = 15, .opc1 = 0, .crm = 12, 1201 .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_NO_RAW, 1202 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1203 .writefn = icc_sgi1r_write, 1204 }, 1205 { .name = "ICC_ASGI1R_EL1", .state = ARM_CP_STATE_AA64, 1206 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 6, 1207 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1208 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1209 .writefn = icc_asgi1r_write, 1210 }, 1211 { .name = "ICC_ASGI1R", 1212 .cp = 15, .opc1 = 1, .crm = 12, 1213 .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_NO_RAW, 1214 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1215 .writefn = icc_asgi1r_write, 1216 }, 1217 { .name = "ICC_SGI0R_EL1", .state = ARM_CP_STATE_AA64, 1218 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 7, 1219 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1220 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1221 .writefn = icc_sgi0r_write, 1222 }, 1223 { .name = "ICC_SGI0R", 1224 .cp = 15, .opc1 = 2, .crm = 12, 1225 .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_NO_RAW, 1226 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1227 .writefn = icc_sgi0r_write, 1228 }, 1229 { .name = "ICC_IAR1_EL1", .state = ARM_CP_STATE_BOTH, 1230 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 0, 1231 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1232 .access = PL1_R, .accessfn = gicv3_irq_access, 1233 .readfn = icc_iar1_read, 1234 }, 1235 { .name = "ICC_EOIR1_EL1", .state = ARM_CP_STATE_BOTH, 1236 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 1, 1237 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1238 .access = PL1_W, .accessfn = gicv3_irq_access, 1239 .writefn = icc_eoir_write, 1240 }, 1241 { .name = "ICC_HPPIR1_EL1", .state = ARM_CP_STATE_BOTH, 1242 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 2, 1243 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1244 .access = PL1_R, .accessfn = gicv3_irq_access, 1245 .readfn = icc_hppir1_read, 1246 }, 1247 /* This register is banked */ 1248 { .name = "ICC_BPR1_EL1", .state = ARM_CP_STATE_BOTH, 1249 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 3, 1250 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1251 .access = PL1_RW, .accessfn = gicv3_irq_access, 1252 .readfn = icc_bpr_read, 1253 .writefn = icc_bpr_write, 1254 }, 1255 /* This register is banked */ 1256 { .name = "ICC_CTLR_EL1", .state = ARM_CP_STATE_BOTH, 1257 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 4, 1258 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1259 .access = PL1_RW, .accessfn = gicv3_irqfiq_access, 1260 .readfn = icc_ctlr_el1_read, 1261 .writefn = icc_ctlr_el1_write, 1262 }, 1263 { .name = "ICC_SRE_EL1", .state = ARM_CP_STATE_BOTH, 1264 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 5, 1265 .type = ARM_CP_NO_RAW | ARM_CP_CONST, 1266 .access = PL1_RW, 1267 /* We don't support IRQ/FIQ bypass and system registers are 1268 * always enabled, so all our bits are RAZ/WI or RAO/WI. 1269 * This register is banked but since it's constant we don't 1270 * need to do anything special. 1271 */ 1272 .resetvalue = 0x7, 1273 }, 1274 { .name = "ICC_IGRPEN0_EL1", .state = ARM_CP_STATE_BOTH, 1275 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 6, 1276 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1277 .access = PL1_RW, .accessfn = gicv3_fiq_access, 1278 .fieldoffset = offsetof(GICv3CPUState, icc_igrpen[GICV3_G0]), 1279 .writefn = icc_igrpen_write, 1280 }, 1281 /* This register is banked */ 1282 { .name = "ICC_IGRPEN1_EL1", .state = ARM_CP_STATE_BOTH, 1283 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 7, 1284 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1285 .access = PL1_RW, .accessfn = gicv3_irq_access, 1286 .readfn = icc_igrpen_read, 1287 .writefn = icc_igrpen_write, 1288 }, 1289 { .name = "ICC_SRE_EL2", .state = ARM_CP_STATE_BOTH, 1290 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 9, .opc2 = 5, 1291 .type = ARM_CP_NO_RAW | ARM_CP_CONST, 1292 .access = PL2_RW, 1293 /* We don't support IRQ/FIQ bypass and system registers are 1294 * always enabled, so all our bits are RAZ/WI or RAO/WI. 1295 */ 1296 .resetvalue = 0xf, 1297 }, 1298 { .name = "ICC_CTLR_EL3", .state = ARM_CP_STATE_BOTH, 1299 .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 12, .opc2 = 4, 1300 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1301 .access = PL3_RW, 1302 .fieldoffset = offsetof(GICv3CPUState, icc_ctlr_el3), 1303 .readfn = icc_ctlr_el3_read, 1304 .writefn = icc_ctlr_el3_write, 1305 }, 1306 { .name = "ICC_SRE_EL3", .state = ARM_CP_STATE_BOTH, 1307 .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 12, .opc2 = 5, 1308 .type = ARM_CP_NO_RAW | ARM_CP_CONST, 1309 .access = PL3_RW, 1310 /* We don't support IRQ/FIQ bypass and system registers are 1311 * always enabled, so all our bits are RAZ/WI or RAO/WI. 1312 */ 1313 .resetvalue = 0xf, 1314 }, 1315 { .name = "ICC_IGRPEN1_EL3", .state = ARM_CP_STATE_BOTH, 1316 .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 12, .opc2 = 7, 1317 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1318 .access = PL3_RW, 1319 .readfn = icc_igrpen1_el3_read, 1320 .writefn = icc_igrpen1_el3_write, 1321 }, 1322 REGINFO_SENTINEL 1323 }; 1324 1325 static void gicv3_cpuif_el_change_hook(ARMCPU *cpu, void *opaque) 1326 { 1327 GICv3CPUState *cs = opaque; 1328 1329 gicv3_cpuif_update(cs); 1330 } 1331 1332 void gicv3_init_cpuif(GICv3State *s) 1333 { 1334 /* Called from the GICv3 realize function; register our system 1335 * registers with the CPU 1336 */ 1337 int i; 1338 1339 for (i = 0; i < s->num_cpu; i++) { 1340 ARMCPU *cpu = ARM_CPU(qemu_get_cpu(i)); 1341 GICv3CPUState *cs = &s->cpu[i]; 1342 1343 /* Note that we can't just use the GICv3CPUState as an opaque pointer 1344 * in define_arm_cp_regs_with_opaque(), because when we're called back 1345 * it might be with code translated by CPU 0 but run by CPU 1, in 1346 * which case we'd get the wrong value. 1347 * So instead we define the regs with no ri->opaque info, and 1348 * get back to the GICv3CPUState from the ARMCPU by reading back 1349 * the opaque pointer from the el_change_hook, which we're going 1350 * to need to register anyway. 1351 */ 1352 define_arm_cp_regs(cpu, gicv3_cpuif_reginfo); 1353 arm_register_el_change_hook(cpu, gicv3_cpuif_el_change_hook, cs); 1354 } 1355 } 1356