1 /* 2 * ARM Generic Interrupt Controller v3 3 * 4 * Copyright (c) 2016 Linaro Limited 5 * Written by Peter Maydell 6 * 7 * This code is licensed under the GPL, version 2 or (at your option) 8 * any later version. 9 */ 10 11 /* This file contains the code for the system register interface 12 * portions of the GICv3. 13 */ 14 15 #include "qemu/osdep.h" 16 #include "trace.h" 17 #include "gicv3_internal.h" 18 #include "cpu.h" 19 20 static GICv3CPUState *icc_cs_from_env(CPUARMState *env) 21 { 22 /* Given the CPU, find the right GICv3CPUState struct. 23 * Since we registered the CPU interface with the EL change hook as 24 * the opaque pointer, we can just directly get from the CPU to it. 25 */ 26 return arm_get_el_change_hook_opaque(arm_env_get_cpu(env)); 27 } 28 29 static bool gicv3_use_ns_bank(CPUARMState *env) 30 { 31 /* Return true if we should use the NonSecure bank for a banked GIC 32 * CPU interface register. Note that this differs from the 33 * access_secure_reg() function because GICv3 banked registers are 34 * banked even for AArch64, unlike the other CPU system registers. 35 */ 36 return !arm_is_secure_below_el3(env); 37 } 38 39 /* The minimum BPR for the virtual interface is a configurable property */ 40 static inline int icv_min_vbpr(GICv3CPUState *cs) 41 { 42 return 7 - cs->vprebits; 43 } 44 45 /* Simple accessor functions for LR fields */ 46 static int ich_lr_state(uint64_t lr) 47 { 48 return extract64(lr, ICH_LR_EL2_STATE_SHIFT, ICH_LR_EL2_STATE_LENGTH); 49 } 50 51 static int read_vbpr(GICv3CPUState *cs, int grp) 52 { 53 /* Read VBPR value out of the VMCR field (caller must handle 54 * VCBPR effects if required) 55 */ 56 if (grp == GICV3_G0) { 57 return extract64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VBPR0_SHIFT, 58 ICH_VMCR_EL2_VBPR0_LENGTH); 59 } else { 60 return extract64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VBPR1_SHIFT, 61 ICH_VMCR_EL2_VBPR1_LENGTH); 62 } 63 } 64 65 static void write_vbpr(GICv3CPUState *cs, int grp, int value) 66 { 67 /* Write new VBPR1 value, handling the "writing a value less than 68 * the minimum sets it to the minimum" semantics. 69 */ 70 int min = icv_min_vbpr(cs); 71 72 if (grp != GICV3_G0) { 73 min++; 74 } 75 76 value = MAX(value, min); 77 78 if (grp == GICV3_G0) { 79 cs->ich_vmcr_el2 = deposit64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VBPR0_SHIFT, 80 ICH_VMCR_EL2_VBPR0_LENGTH, value); 81 } else { 82 cs->ich_vmcr_el2 = deposit64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VBPR1_SHIFT, 83 ICH_VMCR_EL2_VBPR1_LENGTH, value); 84 } 85 } 86 87 static uint32_t eoi_maintenance_interrupt_state(GICv3CPUState *cs, 88 uint32_t *misr) 89 { 90 /* Return a set of bits indicating the EOI maintenance interrupt status 91 * for each list register. The EOI maintenance interrupt status is 92 * 1 if LR.State == 0 && LR.HW == 0 && LR.EOI == 1 93 * (see the GICv3 spec for the ICH_EISR_EL2 register). 94 * If misr is not NULL then we should also collect the information 95 * about the MISR.EOI, MISR.NP and MISR.U bits. 96 */ 97 uint32_t value = 0; 98 int validcount = 0; 99 bool seenpending = false; 100 int i; 101 102 for (i = 0; i < cs->num_list_regs; i++) { 103 uint64_t lr = cs->ich_lr_el2[i]; 104 105 if ((lr & (ICH_LR_EL2_STATE_MASK | ICH_LR_EL2_HW | ICH_LR_EL2_EOI)) 106 == ICH_LR_EL2_EOI) { 107 value |= (1 << i); 108 } 109 if ((lr & ICH_LR_EL2_STATE_MASK)) { 110 validcount++; 111 } 112 if (ich_lr_state(lr) == ICH_LR_EL2_STATE_PENDING) { 113 seenpending = true; 114 } 115 } 116 117 if (misr) { 118 if (validcount < 2 && (cs->ich_hcr_el2 & ICH_HCR_EL2_UIE)) { 119 *misr |= ICH_MISR_EL2_U; 120 } 121 if (!seenpending && (cs->ich_hcr_el2 & ICH_HCR_EL2_NPIE)) { 122 *misr |= ICH_MISR_EL2_NP; 123 } 124 if (value) { 125 *misr |= ICH_MISR_EL2_EOI; 126 } 127 } 128 return value; 129 } 130 131 static uint32_t maintenance_interrupt_state(GICv3CPUState *cs) 132 { 133 /* Return a set of bits indicating the maintenance interrupt status 134 * (as seen in the ICH_MISR_EL2 register). 135 */ 136 uint32_t value = 0; 137 138 /* Scan list registers and fill in the U, NP and EOI bits */ 139 eoi_maintenance_interrupt_state(cs, &value); 140 141 if (cs->ich_hcr_el2 & (ICH_HCR_EL2_LRENPIE | ICH_HCR_EL2_EOICOUNT_MASK)) { 142 value |= ICH_MISR_EL2_LRENP; 143 } 144 145 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_VGRP0EIE) && 146 (cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG0)) { 147 value |= ICH_MISR_EL2_VGRP0E; 148 } 149 150 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_VGRP0DIE) && 151 !(cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG1)) { 152 value |= ICH_MISR_EL2_VGRP0D; 153 } 154 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_VGRP1EIE) && 155 (cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG1)) { 156 value |= ICH_MISR_EL2_VGRP1E; 157 } 158 159 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_VGRP1DIE) && 160 !(cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG1)) { 161 value |= ICH_MISR_EL2_VGRP1D; 162 } 163 164 return value; 165 } 166 167 static void gicv3_cpuif_virt_update(GICv3CPUState *cs) 168 { 169 } 170 171 static int icc_highest_active_prio(GICv3CPUState *cs) 172 { 173 /* Calculate the current running priority based on the set bits 174 * in the Active Priority Registers. 175 */ 176 int i; 177 178 for (i = 0; i < ARRAY_SIZE(cs->icc_apr[0]); i++) { 179 uint32_t apr = cs->icc_apr[GICV3_G0][i] | 180 cs->icc_apr[GICV3_G1][i] | cs->icc_apr[GICV3_G1NS][i]; 181 182 if (!apr) { 183 continue; 184 } 185 return (i * 32 + ctz32(apr)) << (GIC_MIN_BPR + 1); 186 } 187 /* No current active interrupts: return idle priority */ 188 return 0xff; 189 } 190 191 static uint32_t icc_gprio_mask(GICv3CPUState *cs, int group) 192 { 193 /* Return a mask word which clears the subpriority bits from 194 * a priority value for an interrupt in the specified group. 195 * This depends on the BPR value: 196 * a BPR of 0 means the group priority bits are [7:1]; 197 * a BPR of 1 means they are [7:2], and so on down to 198 * a BPR of 7 meaning no group priority bits at all. 199 * Which BPR to use depends on the group of the interrupt and 200 * the current ICC_CTLR.CBPR settings. 201 */ 202 if ((group == GICV3_G1 && cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_CBPR) || 203 (group == GICV3_G1NS && 204 cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR)) { 205 group = GICV3_G0; 206 } 207 208 return ~0U << ((cs->icc_bpr[group] & 7) + 1); 209 } 210 211 static bool icc_no_enabled_hppi(GICv3CPUState *cs) 212 { 213 /* Return true if there is no pending interrupt, or the 214 * highest priority pending interrupt is in a group which has been 215 * disabled at the CPU interface by the ICC_IGRPEN* register enable bits. 216 */ 217 return cs->hppi.prio == 0xff || (cs->icc_igrpen[cs->hppi.grp] == 0); 218 } 219 220 static bool icc_hppi_can_preempt(GICv3CPUState *cs) 221 { 222 /* Return true if we have a pending interrupt of sufficient 223 * priority to preempt. 224 */ 225 int rprio; 226 uint32_t mask; 227 228 if (icc_no_enabled_hppi(cs)) { 229 return false; 230 } 231 232 if (cs->hppi.prio >= cs->icc_pmr_el1) { 233 /* Priority mask masks this interrupt */ 234 return false; 235 } 236 237 rprio = icc_highest_active_prio(cs); 238 if (rprio == 0xff) { 239 /* No currently running interrupt so we can preempt */ 240 return true; 241 } 242 243 mask = icc_gprio_mask(cs, cs->hppi.grp); 244 245 /* We only preempt a running interrupt if the pending interrupt's 246 * group priority is sufficient (the subpriorities are not considered). 247 */ 248 if ((cs->hppi.prio & mask) < (rprio & mask)) { 249 return true; 250 } 251 252 return false; 253 } 254 255 void gicv3_cpuif_update(GICv3CPUState *cs) 256 { 257 /* Tell the CPU about its highest priority pending interrupt */ 258 int irqlevel = 0; 259 int fiqlevel = 0; 260 ARMCPU *cpu = ARM_CPU(cs->cpu); 261 CPUARMState *env = &cpu->env; 262 263 trace_gicv3_cpuif_update(gicv3_redist_affid(cs), cs->hppi.irq, 264 cs->hppi.grp, cs->hppi.prio); 265 266 if (cs->hppi.grp == GICV3_G1 && !arm_feature(env, ARM_FEATURE_EL3)) { 267 /* If a Security-enabled GIC sends a G1S interrupt to a 268 * Security-disabled CPU, we must treat it as if it were G0. 269 */ 270 cs->hppi.grp = GICV3_G0; 271 } 272 273 if (icc_hppi_can_preempt(cs)) { 274 /* We have an interrupt: should we signal it as IRQ or FIQ? 275 * This is described in the GICv3 spec section 4.6.2. 276 */ 277 bool isfiq; 278 279 switch (cs->hppi.grp) { 280 case GICV3_G0: 281 isfiq = true; 282 break; 283 case GICV3_G1: 284 isfiq = (!arm_is_secure(env) || 285 (arm_current_el(env) == 3 && arm_el_is_aa64(env, 3))); 286 break; 287 case GICV3_G1NS: 288 isfiq = arm_is_secure(env); 289 break; 290 default: 291 g_assert_not_reached(); 292 } 293 294 if (isfiq) { 295 fiqlevel = 1; 296 } else { 297 irqlevel = 1; 298 } 299 } 300 301 trace_gicv3_cpuif_set_irqs(gicv3_redist_affid(cs), fiqlevel, irqlevel); 302 303 qemu_set_irq(cs->parent_fiq, fiqlevel); 304 qemu_set_irq(cs->parent_irq, irqlevel); 305 } 306 307 static uint64_t icc_pmr_read(CPUARMState *env, const ARMCPRegInfo *ri) 308 { 309 GICv3CPUState *cs = icc_cs_from_env(env); 310 uint32_t value = cs->icc_pmr_el1; 311 312 if (arm_feature(env, ARM_FEATURE_EL3) && !arm_is_secure(env) && 313 (env->cp15.scr_el3 & SCR_FIQ)) { 314 /* NS access and Group 0 is inaccessible to NS: return the 315 * NS view of the current priority 316 */ 317 if (value & 0x80) { 318 /* Secure priorities not visible to NS */ 319 value = 0; 320 } else if (value != 0xff) { 321 value = (value << 1) & 0xff; 322 } 323 } 324 325 trace_gicv3_icc_pmr_read(gicv3_redist_affid(cs), value); 326 327 return value; 328 } 329 330 static void icc_pmr_write(CPUARMState *env, const ARMCPRegInfo *ri, 331 uint64_t value) 332 { 333 GICv3CPUState *cs = icc_cs_from_env(env); 334 335 trace_gicv3_icc_pmr_write(gicv3_redist_affid(cs), value); 336 337 value &= 0xff; 338 339 if (arm_feature(env, ARM_FEATURE_EL3) && !arm_is_secure(env) && 340 (env->cp15.scr_el3 & SCR_FIQ)) { 341 /* NS access and Group 0 is inaccessible to NS: return the 342 * NS view of the current priority 343 */ 344 if (!(cs->icc_pmr_el1 & 0x80)) { 345 /* Current PMR in the secure range, don't allow NS to change it */ 346 return; 347 } 348 value = (value >> 1) & 0x80; 349 } 350 cs->icc_pmr_el1 = value; 351 gicv3_cpuif_update(cs); 352 } 353 354 static void icc_activate_irq(GICv3CPUState *cs, int irq) 355 { 356 /* Move the interrupt from the Pending state to Active, and update 357 * the Active Priority Registers 358 */ 359 uint32_t mask = icc_gprio_mask(cs, cs->hppi.grp); 360 int prio = cs->hppi.prio & mask; 361 int aprbit = prio >> 1; 362 int regno = aprbit / 32; 363 int regbit = aprbit % 32; 364 365 cs->icc_apr[cs->hppi.grp][regno] |= (1 << regbit); 366 367 if (irq < GIC_INTERNAL) { 368 cs->gicr_iactiver0 = deposit32(cs->gicr_iactiver0, irq, 1, 1); 369 cs->gicr_ipendr0 = deposit32(cs->gicr_ipendr0, irq, 1, 0); 370 gicv3_redist_update(cs); 371 } else { 372 gicv3_gicd_active_set(cs->gic, irq); 373 gicv3_gicd_pending_clear(cs->gic, irq); 374 gicv3_update(cs->gic, irq, 1); 375 } 376 } 377 378 static uint64_t icc_hppir0_value(GICv3CPUState *cs, CPUARMState *env) 379 { 380 /* Return the highest priority pending interrupt register value 381 * for group 0. 382 */ 383 bool irq_is_secure; 384 385 if (cs->hppi.prio == 0xff) { 386 return INTID_SPURIOUS; 387 } 388 389 /* Check whether we can return the interrupt or if we should return 390 * a special identifier, as per the CheckGroup0ForSpecialIdentifiers 391 * pseudocode. (We can simplify a little because for us ICC_SRE_EL1.RM 392 * is always zero.) 393 */ 394 irq_is_secure = (!(cs->gic->gicd_ctlr & GICD_CTLR_DS) && 395 (cs->hppi.grp != GICV3_G1NS)); 396 397 if (cs->hppi.grp != GICV3_G0 && !arm_is_el3_or_mon(env)) { 398 return INTID_SPURIOUS; 399 } 400 if (irq_is_secure && !arm_is_secure(env)) { 401 /* Secure interrupts not visible to Nonsecure */ 402 return INTID_SPURIOUS; 403 } 404 405 if (cs->hppi.grp != GICV3_G0) { 406 /* Indicate to EL3 that there's a Group 1 interrupt for the other 407 * state pending. 408 */ 409 return irq_is_secure ? INTID_SECURE : INTID_NONSECURE; 410 } 411 412 return cs->hppi.irq; 413 } 414 415 static uint64_t icc_hppir1_value(GICv3CPUState *cs, CPUARMState *env) 416 { 417 /* Return the highest priority pending interrupt register value 418 * for group 1. 419 */ 420 bool irq_is_secure; 421 422 if (cs->hppi.prio == 0xff) { 423 return INTID_SPURIOUS; 424 } 425 426 /* Check whether we can return the interrupt or if we should return 427 * a special identifier, as per the CheckGroup1ForSpecialIdentifiers 428 * pseudocode. (We can simplify a little because for us ICC_SRE_EL1.RM 429 * is always zero.) 430 */ 431 irq_is_secure = (!(cs->gic->gicd_ctlr & GICD_CTLR_DS) && 432 (cs->hppi.grp != GICV3_G1NS)); 433 434 if (cs->hppi.grp == GICV3_G0) { 435 /* Group 0 interrupts not visible via HPPIR1 */ 436 return INTID_SPURIOUS; 437 } 438 if (irq_is_secure) { 439 if (!arm_is_secure(env)) { 440 /* Secure interrupts not visible in Non-secure */ 441 return INTID_SPURIOUS; 442 } 443 } else if (!arm_is_el3_or_mon(env) && arm_is_secure(env)) { 444 /* Group 1 non-secure interrupts not visible in Secure EL1 */ 445 return INTID_SPURIOUS; 446 } 447 448 return cs->hppi.irq; 449 } 450 451 static uint64_t icc_iar0_read(CPUARMState *env, const ARMCPRegInfo *ri) 452 { 453 GICv3CPUState *cs = icc_cs_from_env(env); 454 uint64_t intid; 455 456 if (!icc_hppi_can_preempt(cs)) { 457 intid = INTID_SPURIOUS; 458 } else { 459 intid = icc_hppir0_value(cs, env); 460 } 461 462 if (!(intid >= INTID_SECURE && intid <= INTID_SPURIOUS)) { 463 icc_activate_irq(cs, intid); 464 } 465 466 trace_gicv3_icc_iar0_read(gicv3_redist_affid(cs), intid); 467 return intid; 468 } 469 470 static uint64_t icc_iar1_read(CPUARMState *env, const ARMCPRegInfo *ri) 471 { 472 GICv3CPUState *cs = icc_cs_from_env(env); 473 uint64_t intid; 474 475 if (!icc_hppi_can_preempt(cs)) { 476 intid = INTID_SPURIOUS; 477 } else { 478 intid = icc_hppir1_value(cs, env); 479 } 480 481 if (!(intid >= INTID_SECURE && intid <= INTID_SPURIOUS)) { 482 icc_activate_irq(cs, intid); 483 } 484 485 trace_gicv3_icc_iar1_read(gicv3_redist_affid(cs), intid); 486 return intid; 487 } 488 489 static void icc_drop_prio(GICv3CPUState *cs, int grp) 490 { 491 /* Drop the priority of the currently active interrupt in 492 * the specified group. 493 * 494 * Note that we can guarantee (because of the requirement to nest 495 * ICC_IAR reads [which activate an interrupt and raise priority] 496 * with ICC_EOIR writes [which drop the priority for the interrupt]) 497 * that the interrupt we're being called for is the highest priority 498 * active interrupt, meaning that it has the lowest set bit in the 499 * APR registers. 500 * 501 * If the guest does not honour the ordering constraints then the 502 * behaviour of the GIC is UNPREDICTABLE, which for us means that 503 * the values of the APR registers might become incorrect and the 504 * running priority will be wrong, so interrupts that should preempt 505 * might not do so, and interrupts that should not preempt might do so. 506 */ 507 int i; 508 509 for (i = 0; i < ARRAY_SIZE(cs->icc_apr[grp]); i++) { 510 uint64_t *papr = &cs->icc_apr[grp][i]; 511 512 if (!*papr) { 513 continue; 514 } 515 /* Clear the lowest set bit */ 516 *papr &= *papr - 1; 517 break; 518 } 519 520 /* running priority change means we need an update for this cpu i/f */ 521 gicv3_cpuif_update(cs); 522 } 523 524 static bool icc_eoi_split(CPUARMState *env, GICv3CPUState *cs) 525 { 526 /* Return true if we should split priority drop and interrupt 527 * deactivation, ie whether the relevant EOIMode bit is set. 528 */ 529 if (arm_is_el3_or_mon(env)) { 530 return cs->icc_ctlr_el3 & ICC_CTLR_EL3_EOIMODE_EL3; 531 } 532 if (arm_is_secure_below_el3(env)) { 533 return cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_EOIMODE; 534 } else { 535 return cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_EOIMODE; 536 } 537 } 538 539 static int icc_highest_active_group(GICv3CPUState *cs) 540 { 541 /* Return the group with the highest priority active interrupt. 542 * We can do this by just comparing the APRs to see which one 543 * has the lowest set bit. 544 * (If more than one group is active at the same priority then 545 * we're in UNPREDICTABLE territory.) 546 */ 547 int i; 548 549 for (i = 0; i < ARRAY_SIZE(cs->icc_apr[0]); i++) { 550 int g0ctz = ctz32(cs->icc_apr[GICV3_G0][i]); 551 int g1ctz = ctz32(cs->icc_apr[GICV3_G1][i]); 552 int g1nsctz = ctz32(cs->icc_apr[GICV3_G1NS][i]); 553 554 if (g1nsctz < g0ctz && g1nsctz < g1ctz) { 555 return GICV3_G1NS; 556 } 557 if (g1ctz < g0ctz) { 558 return GICV3_G1; 559 } 560 if (g0ctz < 32) { 561 return GICV3_G0; 562 } 563 } 564 /* No set active bits? UNPREDICTABLE; return -1 so the caller 565 * ignores the spurious EOI attempt. 566 */ 567 return -1; 568 } 569 570 static void icc_deactivate_irq(GICv3CPUState *cs, int irq) 571 { 572 if (irq < GIC_INTERNAL) { 573 cs->gicr_iactiver0 = deposit32(cs->gicr_iactiver0, irq, 1, 0); 574 gicv3_redist_update(cs); 575 } else { 576 gicv3_gicd_active_clear(cs->gic, irq); 577 gicv3_update(cs->gic, irq, 1); 578 } 579 } 580 581 static void icc_eoir_write(CPUARMState *env, const ARMCPRegInfo *ri, 582 uint64_t value) 583 { 584 /* End of Interrupt */ 585 GICv3CPUState *cs = icc_cs_from_env(env); 586 int irq = value & 0xffffff; 587 int grp; 588 589 trace_gicv3_icc_eoir_write(ri->crm == 8 ? 0 : 1, 590 gicv3_redist_affid(cs), value); 591 592 if (ri->crm == 8) { 593 /* EOIR0 */ 594 grp = GICV3_G0; 595 } else { 596 /* EOIR1 */ 597 if (arm_is_secure(env)) { 598 grp = GICV3_G1; 599 } else { 600 grp = GICV3_G1NS; 601 } 602 } 603 604 if (irq >= cs->gic->num_irq) { 605 /* This handles two cases: 606 * 1. If software writes the ID of a spurious interrupt [ie 1020-1023] 607 * to the GICC_EOIR, the GIC ignores that write. 608 * 2. If software writes the number of a non-existent interrupt 609 * this must be a subcase of "value written does not match the last 610 * valid interrupt value read from the Interrupt Acknowledge 611 * register" and so this is UNPREDICTABLE. We choose to ignore it. 612 */ 613 return; 614 } 615 616 if (icc_highest_active_group(cs) != grp) { 617 return; 618 } 619 620 icc_drop_prio(cs, grp); 621 622 if (!icc_eoi_split(env, cs)) { 623 /* Priority drop and deactivate not split: deactivate irq now */ 624 icc_deactivate_irq(cs, irq); 625 } 626 } 627 628 static uint64_t icc_hppir0_read(CPUARMState *env, const ARMCPRegInfo *ri) 629 { 630 GICv3CPUState *cs = icc_cs_from_env(env); 631 uint64_t value = icc_hppir0_value(cs, env); 632 633 trace_gicv3_icc_hppir0_read(gicv3_redist_affid(cs), value); 634 return value; 635 } 636 637 static uint64_t icc_hppir1_read(CPUARMState *env, const ARMCPRegInfo *ri) 638 { 639 GICv3CPUState *cs = icc_cs_from_env(env); 640 uint64_t value = icc_hppir1_value(cs, env); 641 642 trace_gicv3_icc_hppir1_read(gicv3_redist_affid(cs), value); 643 return value; 644 } 645 646 static uint64_t icc_bpr_read(CPUARMState *env, const ARMCPRegInfo *ri) 647 { 648 GICv3CPUState *cs = icc_cs_from_env(env); 649 int grp = (ri->crm == 8) ? GICV3_G0 : GICV3_G1; 650 bool satinc = false; 651 uint64_t bpr; 652 653 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 654 grp = GICV3_G1NS; 655 } 656 657 if (grp == GICV3_G1 && !arm_is_el3_or_mon(env) && 658 (cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_CBPR)) { 659 /* CBPR_EL1S means secure EL1 or AArch32 EL3 !Mon BPR1 accesses 660 * modify BPR0 661 */ 662 grp = GICV3_G0; 663 } 664 665 if (grp == GICV3_G1NS && arm_current_el(env) < 3 && 666 (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR)) { 667 /* reads return bpr0 + 1 sat to 7, writes ignored */ 668 grp = GICV3_G0; 669 satinc = true; 670 } 671 672 bpr = cs->icc_bpr[grp]; 673 if (satinc) { 674 bpr++; 675 bpr = MIN(bpr, 7); 676 } 677 678 trace_gicv3_icc_bpr_read(ri->crm == 8 ? 0 : 1, gicv3_redist_affid(cs), bpr); 679 680 return bpr; 681 } 682 683 static void icc_bpr_write(CPUARMState *env, const ARMCPRegInfo *ri, 684 uint64_t value) 685 { 686 GICv3CPUState *cs = icc_cs_from_env(env); 687 int grp = (ri->crm == 8) ? GICV3_G0 : GICV3_G1; 688 689 trace_gicv3_icc_bpr_write(ri->crm == 8 ? 0 : 1, 690 gicv3_redist_affid(cs), value); 691 692 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 693 grp = GICV3_G1NS; 694 } 695 696 if (grp == GICV3_G1 && !arm_is_el3_or_mon(env) && 697 (cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_CBPR)) { 698 /* CBPR_EL1S means secure EL1 or AArch32 EL3 !Mon BPR1 accesses 699 * modify BPR0 700 */ 701 grp = GICV3_G0; 702 } 703 704 if (grp == GICV3_G1NS && arm_current_el(env) < 3 && 705 (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR)) { 706 /* reads return bpr0 + 1 sat to 7, writes ignored */ 707 return; 708 } 709 710 cs->icc_bpr[grp] = value & 7; 711 gicv3_cpuif_update(cs); 712 } 713 714 static uint64_t icc_ap_read(CPUARMState *env, const ARMCPRegInfo *ri) 715 { 716 GICv3CPUState *cs = icc_cs_from_env(env); 717 uint64_t value; 718 719 int regno = ri->opc2 & 3; 720 int grp = ri->crm & 1 ? GICV3_G0 : GICV3_G1; 721 722 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 723 grp = GICV3_G1NS; 724 } 725 726 value = cs->icc_apr[grp][regno]; 727 728 trace_gicv3_icc_ap_read(ri->crm & 1, regno, gicv3_redist_affid(cs), value); 729 return value; 730 } 731 732 static void icc_ap_write(CPUARMState *env, const ARMCPRegInfo *ri, 733 uint64_t value) 734 { 735 GICv3CPUState *cs = icc_cs_from_env(env); 736 737 int regno = ri->opc2 & 3; 738 int grp = ri->crm & 1 ? GICV3_G0 : GICV3_G1; 739 740 trace_gicv3_icc_ap_write(ri->crm & 1, regno, gicv3_redist_affid(cs), value); 741 742 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 743 grp = GICV3_G1NS; 744 } 745 746 /* It's not possible to claim that a Non-secure interrupt is active 747 * at a priority outside the Non-secure range (128..255), since this 748 * would otherwise allow malicious NS code to block delivery of S interrupts 749 * by writing a bad value to these registers. 750 */ 751 if (grp == GICV3_G1NS && regno < 2 && arm_feature(env, ARM_FEATURE_EL3)) { 752 return; 753 } 754 755 cs->icc_apr[grp][regno] = value & 0xFFFFFFFFU; 756 gicv3_cpuif_update(cs); 757 } 758 759 static void icc_dir_write(CPUARMState *env, const ARMCPRegInfo *ri, 760 uint64_t value) 761 { 762 /* Deactivate interrupt */ 763 GICv3CPUState *cs = icc_cs_from_env(env); 764 int irq = value & 0xffffff; 765 bool irq_is_secure, single_sec_state, irq_is_grp0; 766 bool route_fiq_to_el3, route_irq_to_el3, route_fiq_to_el2, route_irq_to_el2; 767 768 trace_gicv3_icc_dir_write(gicv3_redist_affid(cs), value); 769 770 if (irq >= cs->gic->num_irq) { 771 /* Also catches special interrupt numbers and LPIs */ 772 return; 773 } 774 775 if (!icc_eoi_split(env, cs)) { 776 return; 777 } 778 779 int grp = gicv3_irq_group(cs->gic, cs, irq); 780 781 single_sec_state = cs->gic->gicd_ctlr & GICD_CTLR_DS; 782 irq_is_secure = !single_sec_state && (grp != GICV3_G1NS); 783 irq_is_grp0 = grp == GICV3_G0; 784 785 /* Check whether we're allowed to deactivate this interrupt based 786 * on its group and the current CPU state. 787 * These checks are laid out to correspond to the spec's pseudocode. 788 */ 789 route_fiq_to_el3 = env->cp15.scr_el3 & SCR_FIQ; 790 route_irq_to_el3 = env->cp15.scr_el3 & SCR_IRQ; 791 /* No need to include !IsSecure in route_*_to_el2 as it's only 792 * tested in cases where we know !IsSecure is true. 793 */ 794 route_fiq_to_el2 = env->cp15.hcr_el2 & HCR_FMO; 795 route_irq_to_el2 = env->cp15.hcr_el2 & HCR_FMO; 796 797 switch (arm_current_el(env)) { 798 case 3: 799 break; 800 case 2: 801 if (single_sec_state && irq_is_grp0 && !route_fiq_to_el3) { 802 break; 803 } 804 if (!irq_is_secure && !irq_is_grp0 && !route_irq_to_el3) { 805 break; 806 } 807 return; 808 case 1: 809 if (!arm_is_secure_below_el3(env)) { 810 if (single_sec_state && irq_is_grp0 && 811 !route_fiq_to_el3 && !route_fiq_to_el2) { 812 break; 813 } 814 if (!irq_is_secure && !irq_is_grp0 && 815 !route_irq_to_el3 && !route_irq_to_el2) { 816 break; 817 } 818 } else { 819 if (irq_is_grp0 && !route_fiq_to_el3) { 820 break; 821 } 822 if (!irq_is_grp0 && 823 (!irq_is_secure || !single_sec_state) && 824 !route_irq_to_el3) { 825 break; 826 } 827 } 828 return; 829 default: 830 g_assert_not_reached(); 831 } 832 833 icc_deactivate_irq(cs, irq); 834 } 835 836 static uint64_t icc_rpr_read(CPUARMState *env, const ARMCPRegInfo *ri) 837 { 838 GICv3CPUState *cs = icc_cs_from_env(env); 839 int prio = icc_highest_active_prio(cs); 840 841 if (arm_feature(env, ARM_FEATURE_EL3) && 842 !arm_is_secure(env) && (env->cp15.scr_el3 & SCR_FIQ)) { 843 /* NS GIC access and Group 0 is inaccessible to NS */ 844 if (prio & 0x80) { 845 /* NS mustn't see priorities in the Secure half of the range */ 846 prio = 0; 847 } else if (prio != 0xff) { 848 /* Non-idle priority: show the Non-secure view of it */ 849 prio = (prio << 1) & 0xff; 850 } 851 } 852 853 trace_gicv3_icc_rpr_read(gicv3_redist_affid(cs), prio); 854 return prio; 855 } 856 857 static void icc_generate_sgi(CPUARMState *env, GICv3CPUState *cs, 858 uint64_t value, int grp, bool ns) 859 { 860 GICv3State *s = cs->gic; 861 862 /* Extract Aff3/Aff2/Aff1 and shift into the bottom 24 bits */ 863 uint64_t aff = extract64(value, 48, 8) << 16 | 864 extract64(value, 32, 8) << 8 | 865 extract64(value, 16, 8); 866 uint32_t targetlist = extract64(value, 0, 16); 867 uint32_t irq = extract64(value, 24, 4); 868 bool irm = extract64(value, 40, 1); 869 int i; 870 871 if (grp == GICV3_G1 && s->gicd_ctlr & GICD_CTLR_DS) { 872 /* If GICD_CTLR.DS == 1, the Distributor treats Secure Group 1 873 * interrupts as Group 0 interrupts and must send Secure Group 0 874 * interrupts to the target CPUs. 875 */ 876 grp = GICV3_G0; 877 } 878 879 trace_gicv3_icc_generate_sgi(gicv3_redist_affid(cs), irq, irm, 880 aff, targetlist); 881 882 for (i = 0; i < s->num_cpu; i++) { 883 GICv3CPUState *ocs = &s->cpu[i]; 884 885 if (irm) { 886 /* IRM == 1 : route to all CPUs except self */ 887 if (cs == ocs) { 888 continue; 889 } 890 } else { 891 /* IRM == 0 : route to Aff3.Aff2.Aff1.n for all n in [0..15] 892 * where the corresponding bit is set in targetlist 893 */ 894 int aff0; 895 896 if (ocs->gicr_typer >> 40 != aff) { 897 continue; 898 } 899 aff0 = extract64(ocs->gicr_typer, 32, 8); 900 if (aff0 > 15 || extract32(targetlist, aff0, 1) == 0) { 901 continue; 902 } 903 } 904 905 /* The redistributor will check against its own GICR_NSACR as needed */ 906 gicv3_redist_send_sgi(ocs, grp, irq, ns); 907 } 908 } 909 910 static void icc_sgi0r_write(CPUARMState *env, const ARMCPRegInfo *ri, 911 uint64_t value) 912 { 913 /* Generate Secure Group 0 SGI. */ 914 GICv3CPUState *cs = icc_cs_from_env(env); 915 bool ns = !arm_is_secure(env); 916 917 icc_generate_sgi(env, cs, value, GICV3_G0, ns); 918 } 919 920 static void icc_sgi1r_write(CPUARMState *env, const ARMCPRegInfo *ri, 921 uint64_t value) 922 { 923 /* Generate Group 1 SGI for the current Security state */ 924 GICv3CPUState *cs = icc_cs_from_env(env); 925 int grp; 926 bool ns = !arm_is_secure(env); 927 928 grp = ns ? GICV3_G1NS : GICV3_G1; 929 icc_generate_sgi(env, cs, value, grp, ns); 930 } 931 932 static void icc_asgi1r_write(CPUARMState *env, const ARMCPRegInfo *ri, 933 uint64_t value) 934 { 935 /* Generate Group 1 SGI for the Security state that is not 936 * the current state 937 */ 938 GICv3CPUState *cs = icc_cs_from_env(env); 939 int grp; 940 bool ns = !arm_is_secure(env); 941 942 grp = ns ? GICV3_G1 : GICV3_G1NS; 943 icc_generate_sgi(env, cs, value, grp, ns); 944 } 945 946 static uint64_t icc_igrpen_read(CPUARMState *env, const ARMCPRegInfo *ri) 947 { 948 GICv3CPUState *cs = icc_cs_from_env(env); 949 int grp = ri->opc2 & 1 ? GICV3_G1 : GICV3_G0; 950 uint64_t value; 951 952 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 953 grp = GICV3_G1NS; 954 } 955 956 value = cs->icc_igrpen[grp]; 957 trace_gicv3_icc_igrpen_read(ri->opc2 & 1 ? 1 : 0, 958 gicv3_redist_affid(cs), value); 959 return value; 960 } 961 962 static void icc_igrpen_write(CPUARMState *env, const ARMCPRegInfo *ri, 963 uint64_t value) 964 { 965 GICv3CPUState *cs = icc_cs_from_env(env); 966 int grp = ri->opc2 & 1 ? GICV3_G1 : GICV3_G0; 967 968 trace_gicv3_icc_igrpen_write(ri->opc2 & 1 ? 1 : 0, 969 gicv3_redist_affid(cs), value); 970 971 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 972 grp = GICV3_G1NS; 973 } 974 975 cs->icc_igrpen[grp] = value & ICC_IGRPEN_ENABLE; 976 gicv3_cpuif_update(cs); 977 } 978 979 static uint64_t icc_igrpen1_el3_read(CPUARMState *env, const ARMCPRegInfo *ri) 980 { 981 GICv3CPUState *cs = icc_cs_from_env(env); 982 uint64_t value; 983 984 /* IGRPEN1_EL3 bits 0 and 1 are r/w aliases into IGRPEN1_EL1 NS and S */ 985 value = cs->icc_igrpen[GICV3_G1NS] | (cs->icc_igrpen[GICV3_G1] << 1); 986 trace_gicv3_icc_igrpen1_el3_read(gicv3_redist_affid(cs), value); 987 return value; 988 } 989 990 static void icc_igrpen1_el3_write(CPUARMState *env, const ARMCPRegInfo *ri, 991 uint64_t value) 992 { 993 GICv3CPUState *cs = icc_cs_from_env(env); 994 995 trace_gicv3_icc_igrpen1_el3_write(gicv3_redist_affid(cs), value); 996 997 /* IGRPEN1_EL3 bits 0 and 1 are r/w aliases into IGRPEN1_EL1 NS and S */ 998 cs->icc_igrpen[GICV3_G1NS] = extract32(value, 0, 1); 999 cs->icc_igrpen[GICV3_G1] = extract32(value, 1, 1); 1000 gicv3_cpuif_update(cs); 1001 } 1002 1003 static uint64_t icc_ctlr_el1_read(CPUARMState *env, const ARMCPRegInfo *ri) 1004 { 1005 GICv3CPUState *cs = icc_cs_from_env(env); 1006 int bank = gicv3_use_ns_bank(env) ? GICV3_NS : GICV3_S; 1007 uint64_t value; 1008 1009 value = cs->icc_ctlr_el1[bank]; 1010 trace_gicv3_icc_ctlr_read(gicv3_redist_affid(cs), value); 1011 return value; 1012 } 1013 1014 static void icc_ctlr_el1_write(CPUARMState *env, const ARMCPRegInfo *ri, 1015 uint64_t value) 1016 { 1017 GICv3CPUState *cs = icc_cs_from_env(env); 1018 int bank = gicv3_use_ns_bank(env) ? GICV3_NS : GICV3_S; 1019 uint64_t mask; 1020 1021 trace_gicv3_icc_ctlr_write(gicv3_redist_affid(cs), value); 1022 1023 /* Only CBPR and EOIMODE can be RW; 1024 * for us PMHE is RAZ/WI (we don't implement 1-of-N interrupts or 1025 * the asseciated priority-based routing of them); 1026 * if EL3 is implemented and GICD_CTLR.DS == 0, then PMHE and CBPR are RO. 1027 */ 1028 if (arm_feature(env, ARM_FEATURE_EL3) && 1029 ((cs->gic->gicd_ctlr & GICD_CTLR_DS) == 0)) { 1030 mask = ICC_CTLR_EL1_EOIMODE; 1031 } else { 1032 mask = ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE; 1033 } 1034 1035 cs->icc_ctlr_el1[bank] &= ~mask; 1036 cs->icc_ctlr_el1[bank] |= (value & mask); 1037 gicv3_cpuif_update(cs); 1038 } 1039 1040 1041 static uint64_t icc_ctlr_el3_read(CPUARMState *env, const ARMCPRegInfo *ri) 1042 { 1043 GICv3CPUState *cs = icc_cs_from_env(env); 1044 uint64_t value; 1045 1046 value = cs->icc_ctlr_el3; 1047 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_EOIMODE) { 1048 value |= ICC_CTLR_EL3_EOIMODE_EL1NS; 1049 } 1050 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR) { 1051 value |= ICC_CTLR_EL3_CBPR_EL1NS; 1052 } 1053 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_EOIMODE) { 1054 value |= ICC_CTLR_EL3_EOIMODE_EL1S; 1055 } 1056 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR) { 1057 value |= ICC_CTLR_EL3_CBPR_EL1S; 1058 } 1059 1060 trace_gicv3_icc_ctlr_el3_read(gicv3_redist_affid(cs), value); 1061 return value; 1062 } 1063 1064 static void icc_ctlr_el3_write(CPUARMState *env, const ARMCPRegInfo *ri, 1065 uint64_t value) 1066 { 1067 GICv3CPUState *cs = icc_cs_from_env(env); 1068 uint64_t mask; 1069 1070 trace_gicv3_icc_ctlr_el3_write(gicv3_redist_affid(cs), value); 1071 1072 /* *_EL1NS and *_EL1S bits are aliases into the ICC_CTLR_EL1 bits. */ 1073 cs->icc_ctlr_el1[GICV3_NS] &= (ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE); 1074 if (value & ICC_CTLR_EL3_EOIMODE_EL1NS) { 1075 cs->icc_ctlr_el1[GICV3_NS] |= ICC_CTLR_EL1_EOIMODE; 1076 } 1077 if (value & ICC_CTLR_EL3_CBPR_EL1NS) { 1078 cs->icc_ctlr_el1[GICV3_NS] |= ICC_CTLR_EL1_CBPR; 1079 } 1080 1081 cs->icc_ctlr_el1[GICV3_S] &= (ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE); 1082 if (value & ICC_CTLR_EL3_EOIMODE_EL1S) { 1083 cs->icc_ctlr_el1[GICV3_S] |= ICC_CTLR_EL1_EOIMODE; 1084 } 1085 if (value & ICC_CTLR_EL3_CBPR_EL1S) { 1086 cs->icc_ctlr_el1[GICV3_S] |= ICC_CTLR_EL1_CBPR; 1087 } 1088 1089 /* The only bit stored in icc_ctlr_el3 which is writeable is EOIMODE_EL3: */ 1090 mask = ICC_CTLR_EL3_EOIMODE_EL3; 1091 1092 cs->icc_ctlr_el3 &= ~mask; 1093 cs->icc_ctlr_el3 |= (value & mask); 1094 gicv3_cpuif_update(cs); 1095 } 1096 1097 static CPAccessResult gicv3_irqfiq_access(CPUARMState *env, 1098 const ARMCPRegInfo *ri, bool isread) 1099 { 1100 CPAccessResult r = CP_ACCESS_OK; 1101 1102 if ((env->cp15.scr_el3 & (SCR_FIQ | SCR_IRQ)) == (SCR_FIQ | SCR_IRQ)) { 1103 switch (arm_current_el(env)) { 1104 case 1: 1105 if (arm_is_secure_below_el3(env) || 1106 ((env->cp15.hcr_el2 & (HCR_IMO | HCR_FMO)) == 0)) { 1107 r = CP_ACCESS_TRAP_EL3; 1108 } 1109 break; 1110 case 2: 1111 r = CP_ACCESS_TRAP_EL3; 1112 break; 1113 case 3: 1114 if (!is_a64(env) && !arm_is_el3_or_mon(env)) { 1115 r = CP_ACCESS_TRAP_EL3; 1116 } 1117 break; 1118 default: 1119 g_assert_not_reached(); 1120 } 1121 } 1122 1123 if (r == CP_ACCESS_TRAP_EL3 && !arm_el_is_aa64(env, 3)) { 1124 r = CP_ACCESS_TRAP; 1125 } 1126 return r; 1127 } 1128 1129 static CPAccessResult gicv3_fiq_access(CPUARMState *env, 1130 const ARMCPRegInfo *ri, bool isread) 1131 { 1132 CPAccessResult r = CP_ACCESS_OK; 1133 1134 if (env->cp15.scr_el3 & SCR_FIQ) { 1135 switch (arm_current_el(env)) { 1136 case 1: 1137 if (arm_is_secure_below_el3(env) || 1138 ((env->cp15.hcr_el2 & HCR_FMO) == 0)) { 1139 r = CP_ACCESS_TRAP_EL3; 1140 } 1141 break; 1142 case 2: 1143 r = CP_ACCESS_TRAP_EL3; 1144 break; 1145 case 3: 1146 if (!is_a64(env) && !arm_is_el3_or_mon(env)) { 1147 r = CP_ACCESS_TRAP_EL3; 1148 } 1149 break; 1150 default: 1151 g_assert_not_reached(); 1152 } 1153 } 1154 1155 if (r == CP_ACCESS_TRAP_EL3 && !arm_el_is_aa64(env, 3)) { 1156 r = CP_ACCESS_TRAP; 1157 } 1158 return r; 1159 } 1160 1161 static CPAccessResult gicv3_irq_access(CPUARMState *env, 1162 const ARMCPRegInfo *ri, bool isread) 1163 { 1164 CPAccessResult r = CP_ACCESS_OK; 1165 1166 if (env->cp15.scr_el3 & SCR_IRQ) { 1167 switch (arm_current_el(env)) { 1168 case 1: 1169 if (arm_is_secure_below_el3(env) || 1170 ((env->cp15.hcr_el2 & HCR_IMO) == 0)) { 1171 r = CP_ACCESS_TRAP_EL3; 1172 } 1173 break; 1174 case 2: 1175 r = CP_ACCESS_TRAP_EL3; 1176 break; 1177 case 3: 1178 if (!is_a64(env) && !arm_is_el3_or_mon(env)) { 1179 r = CP_ACCESS_TRAP_EL3; 1180 } 1181 break; 1182 default: 1183 g_assert_not_reached(); 1184 } 1185 } 1186 1187 if (r == CP_ACCESS_TRAP_EL3 && !arm_el_is_aa64(env, 3)) { 1188 r = CP_ACCESS_TRAP; 1189 } 1190 return r; 1191 } 1192 1193 static void icc_reset(CPUARMState *env, const ARMCPRegInfo *ri) 1194 { 1195 GICv3CPUState *cs = icc_cs_from_env(env); 1196 1197 cs->icc_ctlr_el1[GICV3_S] = ICC_CTLR_EL1_A3V | 1198 (1 << ICC_CTLR_EL1_IDBITS_SHIFT) | 1199 (7 << ICC_CTLR_EL1_PRIBITS_SHIFT); 1200 cs->icc_ctlr_el1[GICV3_NS] = ICC_CTLR_EL1_A3V | 1201 (1 << ICC_CTLR_EL1_IDBITS_SHIFT) | 1202 (7 << ICC_CTLR_EL1_PRIBITS_SHIFT); 1203 cs->icc_pmr_el1 = 0; 1204 cs->icc_bpr[GICV3_G0] = GIC_MIN_BPR; 1205 cs->icc_bpr[GICV3_G1] = GIC_MIN_BPR; 1206 if (arm_feature(env, ARM_FEATURE_EL3)) { 1207 cs->icc_bpr[GICV3_G1NS] = GIC_MIN_BPR_NS; 1208 } else { 1209 cs->icc_bpr[GICV3_G1NS] = GIC_MIN_BPR; 1210 } 1211 memset(cs->icc_apr, 0, sizeof(cs->icc_apr)); 1212 memset(cs->icc_igrpen, 0, sizeof(cs->icc_igrpen)); 1213 cs->icc_ctlr_el3 = ICC_CTLR_EL3_NDS | ICC_CTLR_EL3_A3V | 1214 (1 << ICC_CTLR_EL3_IDBITS_SHIFT) | 1215 (7 << ICC_CTLR_EL3_PRIBITS_SHIFT); 1216 1217 memset(cs->ich_apr, 0, sizeof(cs->ich_apr)); 1218 cs->ich_hcr_el2 = 0; 1219 memset(cs->ich_lr_el2, 0, sizeof(cs->ich_lr_el2)); 1220 cs->ich_vmcr_el2 = ICH_VMCR_EL2_VFIQEN | 1221 (icv_min_vbpr(cs) << ICH_VMCR_EL2_VBPR1_SHIFT) | 1222 (icv_min_vbpr(cs) << ICH_VMCR_EL2_VBPR0_SHIFT); 1223 } 1224 1225 static const ARMCPRegInfo gicv3_cpuif_reginfo[] = { 1226 { .name = "ICC_PMR_EL1", .state = ARM_CP_STATE_BOTH, 1227 .opc0 = 3, .opc1 = 0, .crn = 4, .crm = 6, .opc2 = 0, 1228 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1229 .access = PL1_RW, .accessfn = gicv3_irqfiq_access, 1230 .readfn = icc_pmr_read, 1231 .writefn = icc_pmr_write, 1232 /* We hang the whole cpu interface reset routine off here 1233 * rather than parcelling it out into one little function 1234 * per register 1235 */ 1236 .resetfn = icc_reset, 1237 }, 1238 { .name = "ICC_IAR0_EL1", .state = ARM_CP_STATE_BOTH, 1239 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 0, 1240 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1241 .access = PL1_R, .accessfn = gicv3_fiq_access, 1242 .readfn = icc_iar0_read, 1243 }, 1244 { .name = "ICC_EOIR0_EL1", .state = ARM_CP_STATE_BOTH, 1245 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 1, 1246 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1247 .access = PL1_W, .accessfn = gicv3_fiq_access, 1248 .writefn = icc_eoir_write, 1249 }, 1250 { .name = "ICC_HPPIR0_EL1", .state = ARM_CP_STATE_BOTH, 1251 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 2, 1252 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1253 .access = PL1_R, .accessfn = gicv3_fiq_access, 1254 .readfn = icc_hppir0_read, 1255 }, 1256 { .name = "ICC_BPR0_EL1", .state = ARM_CP_STATE_BOTH, 1257 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 3, 1258 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1259 .access = PL1_RW, .accessfn = gicv3_fiq_access, 1260 .readfn = icc_bpr_read, 1261 .writefn = icc_bpr_write, 1262 }, 1263 { .name = "ICC_AP0R0_EL1", .state = ARM_CP_STATE_BOTH, 1264 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 4, 1265 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1266 .access = PL1_RW, .accessfn = gicv3_fiq_access, 1267 .readfn = icc_ap_read, 1268 .writefn = icc_ap_write, 1269 }, 1270 { .name = "ICC_AP0R1_EL1", .state = ARM_CP_STATE_BOTH, 1271 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 5, 1272 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1273 .access = PL1_RW, .accessfn = gicv3_fiq_access, 1274 .readfn = icc_ap_read, 1275 .writefn = icc_ap_write, 1276 }, 1277 { .name = "ICC_AP0R2_EL1", .state = ARM_CP_STATE_BOTH, 1278 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 6, 1279 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1280 .access = PL1_RW, .accessfn = gicv3_fiq_access, 1281 .readfn = icc_ap_read, 1282 .writefn = icc_ap_write, 1283 }, 1284 { .name = "ICC_AP0R3_EL1", .state = ARM_CP_STATE_BOTH, 1285 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 7, 1286 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1287 .access = PL1_RW, .accessfn = gicv3_fiq_access, 1288 .readfn = icc_ap_read, 1289 .writefn = icc_ap_write, 1290 }, 1291 /* All the ICC_AP1R*_EL1 registers are banked */ 1292 { .name = "ICC_AP1R0_EL1", .state = ARM_CP_STATE_BOTH, 1293 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 0, 1294 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1295 .access = PL1_RW, .accessfn = gicv3_irq_access, 1296 .readfn = icc_ap_read, 1297 .writefn = icc_ap_write, 1298 }, 1299 { .name = "ICC_AP1R1_EL1", .state = ARM_CP_STATE_BOTH, 1300 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 1, 1301 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1302 .access = PL1_RW, .accessfn = gicv3_irq_access, 1303 .readfn = icc_ap_read, 1304 .writefn = icc_ap_write, 1305 }, 1306 { .name = "ICC_AP1R2_EL1", .state = ARM_CP_STATE_BOTH, 1307 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 2, 1308 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1309 .access = PL1_RW, .accessfn = gicv3_irq_access, 1310 .readfn = icc_ap_read, 1311 .writefn = icc_ap_write, 1312 }, 1313 { .name = "ICC_AP1R3_EL1", .state = ARM_CP_STATE_BOTH, 1314 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 3, 1315 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1316 .access = PL1_RW, .accessfn = gicv3_irq_access, 1317 .readfn = icc_ap_read, 1318 .writefn = icc_ap_write, 1319 }, 1320 { .name = "ICC_DIR_EL1", .state = ARM_CP_STATE_BOTH, 1321 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 1, 1322 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1323 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1324 .writefn = icc_dir_write, 1325 }, 1326 { .name = "ICC_RPR_EL1", .state = ARM_CP_STATE_BOTH, 1327 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 3, 1328 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1329 .access = PL1_R, .accessfn = gicv3_irqfiq_access, 1330 .readfn = icc_rpr_read, 1331 }, 1332 { .name = "ICC_SGI1R_EL1", .state = ARM_CP_STATE_AA64, 1333 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 5, 1334 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1335 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1336 .writefn = icc_sgi1r_write, 1337 }, 1338 { .name = "ICC_SGI1R", 1339 .cp = 15, .opc1 = 0, .crm = 12, 1340 .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_NO_RAW, 1341 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1342 .writefn = icc_sgi1r_write, 1343 }, 1344 { .name = "ICC_ASGI1R_EL1", .state = ARM_CP_STATE_AA64, 1345 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 6, 1346 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1347 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1348 .writefn = icc_asgi1r_write, 1349 }, 1350 { .name = "ICC_ASGI1R", 1351 .cp = 15, .opc1 = 1, .crm = 12, 1352 .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_NO_RAW, 1353 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1354 .writefn = icc_asgi1r_write, 1355 }, 1356 { .name = "ICC_SGI0R_EL1", .state = ARM_CP_STATE_AA64, 1357 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 7, 1358 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1359 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1360 .writefn = icc_sgi0r_write, 1361 }, 1362 { .name = "ICC_SGI0R", 1363 .cp = 15, .opc1 = 2, .crm = 12, 1364 .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_NO_RAW, 1365 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1366 .writefn = icc_sgi0r_write, 1367 }, 1368 { .name = "ICC_IAR1_EL1", .state = ARM_CP_STATE_BOTH, 1369 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 0, 1370 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1371 .access = PL1_R, .accessfn = gicv3_irq_access, 1372 .readfn = icc_iar1_read, 1373 }, 1374 { .name = "ICC_EOIR1_EL1", .state = ARM_CP_STATE_BOTH, 1375 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 1, 1376 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1377 .access = PL1_W, .accessfn = gicv3_irq_access, 1378 .writefn = icc_eoir_write, 1379 }, 1380 { .name = "ICC_HPPIR1_EL1", .state = ARM_CP_STATE_BOTH, 1381 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 2, 1382 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1383 .access = PL1_R, .accessfn = gicv3_irq_access, 1384 .readfn = icc_hppir1_read, 1385 }, 1386 /* This register is banked */ 1387 { .name = "ICC_BPR1_EL1", .state = ARM_CP_STATE_BOTH, 1388 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 3, 1389 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1390 .access = PL1_RW, .accessfn = gicv3_irq_access, 1391 .readfn = icc_bpr_read, 1392 .writefn = icc_bpr_write, 1393 }, 1394 /* This register is banked */ 1395 { .name = "ICC_CTLR_EL1", .state = ARM_CP_STATE_BOTH, 1396 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 4, 1397 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1398 .access = PL1_RW, .accessfn = gicv3_irqfiq_access, 1399 .readfn = icc_ctlr_el1_read, 1400 .writefn = icc_ctlr_el1_write, 1401 }, 1402 { .name = "ICC_SRE_EL1", .state = ARM_CP_STATE_BOTH, 1403 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 5, 1404 .type = ARM_CP_NO_RAW | ARM_CP_CONST, 1405 .access = PL1_RW, 1406 /* We don't support IRQ/FIQ bypass and system registers are 1407 * always enabled, so all our bits are RAZ/WI or RAO/WI. 1408 * This register is banked but since it's constant we don't 1409 * need to do anything special. 1410 */ 1411 .resetvalue = 0x7, 1412 }, 1413 { .name = "ICC_IGRPEN0_EL1", .state = ARM_CP_STATE_BOTH, 1414 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 6, 1415 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1416 .access = PL1_RW, .accessfn = gicv3_fiq_access, 1417 .readfn = icc_igrpen_read, 1418 .writefn = icc_igrpen_write, 1419 }, 1420 /* This register is banked */ 1421 { .name = "ICC_IGRPEN1_EL1", .state = ARM_CP_STATE_BOTH, 1422 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 7, 1423 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1424 .access = PL1_RW, .accessfn = gicv3_irq_access, 1425 .readfn = icc_igrpen_read, 1426 .writefn = icc_igrpen_write, 1427 }, 1428 { .name = "ICC_SRE_EL2", .state = ARM_CP_STATE_BOTH, 1429 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 9, .opc2 = 5, 1430 .type = ARM_CP_NO_RAW | ARM_CP_CONST, 1431 .access = PL2_RW, 1432 /* We don't support IRQ/FIQ bypass and system registers are 1433 * always enabled, so all our bits are RAZ/WI or RAO/WI. 1434 */ 1435 .resetvalue = 0xf, 1436 }, 1437 { .name = "ICC_CTLR_EL3", .state = ARM_CP_STATE_BOTH, 1438 .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 12, .opc2 = 4, 1439 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1440 .access = PL3_RW, 1441 .readfn = icc_ctlr_el3_read, 1442 .writefn = icc_ctlr_el3_write, 1443 }, 1444 { .name = "ICC_SRE_EL3", .state = ARM_CP_STATE_BOTH, 1445 .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 12, .opc2 = 5, 1446 .type = ARM_CP_NO_RAW | ARM_CP_CONST, 1447 .access = PL3_RW, 1448 /* We don't support IRQ/FIQ bypass and system registers are 1449 * always enabled, so all our bits are RAZ/WI or RAO/WI. 1450 */ 1451 .resetvalue = 0xf, 1452 }, 1453 { .name = "ICC_IGRPEN1_EL3", .state = ARM_CP_STATE_BOTH, 1454 .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 12, .opc2 = 7, 1455 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1456 .access = PL3_RW, 1457 .readfn = icc_igrpen1_el3_read, 1458 .writefn = icc_igrpen1_el3_write, 1459 }, 1460 REGINFO_SENTINEL 1461 }; 1462 1463 static uint64_t ich_ap_read(CPUARMState *env, const ARMCPRegInfo *ri) 1464 { 1465 GICv3CPUState *cs = icc_cs_from_env(env); 1466 int regno = ri->opc2 & 3; 1467 int grp = ri->crm & 1 ? GICV3_G0 : GICV3_G1NS; 1468 uint64_t value; 1469 1470 value = cs->ich_apr[grp][regno]; 1471 trace_gicv3_ich_ap_read(ri->crm & 1, regno, gicv3_redist_affid(cs), value); 1472 return value; 1473 } 1474 1475 static void ich_ap_write(CPUARMState *env, const ARMCPRegInfo *ri, 1476 uint64_t value) 1477 { 1478 GICv3CPUState *cs = icc_cs_from_env(env); 1479 int regno = ri->opc2 & 3; 1480 int grp = ri->crm & 1 ? GICV3_G0 : GICV3_G1NS; 1481 1482 trace_gicv3_ich_ap_write(ri->crm & 1, regno, gicv3_redist_affid(cs), value); 1483 1484 cs->ich_apr[grp][regno] = value & 0xFFFFFFFFU; 1485 gicv3_cpuif_virt_update(cs); 1486 } 1487 1488 static uint64_t ich_hcr_read(CPUARMState *env, const ARMCPRegInfo *ri) 1489 { 1490 GICv3CPUState *cs = icc_cs_from_env(env); 1491 uint64_t value = cs->ich_hcr_el2; 1492 1493 trace_gicv3_ich_hcr_read(gicv3_redist_affid(cs), value); 1494 return value; 1495 } 1496 1497 static void ich_hcr_write(CPUARMState *env, const ARMCPRegInfo *ri, 1498 uint64_t value) 1499 { 1500 GICv3CPUState *cs = icc_cs_from_env(env); 1501 1502 trace_gicv3_ich_hcr_write(gicv3_redist_affid(cs), value); 1503 1504 value &= ICH_HCR_EL2_EN | ICH_HCR_EL2_UIE | ICH_HCR_EL2_LRENPIE | 1505 ICH_HCR_EL2_NPIE | ICH_HCR_EL2_VGRP0EIE | ICH_HCR_EL2_VGRP0DIE | 1506 ICH_HCR_EL2_VGRP1EIE | ICH_HCR_EL2_VGRP1DIE | ICH_HCR_EL2_TC | 1507 ICH_HCR_EL2_TALL0 | ICH_HCR_EL2_TALL1 | ICH_HCR_EL2_TSEI | 1508 ICH_HCR_EL2_TDIR | ICH_HCR_EL2_EOICOUNT_MASK; 1509 1510 cs->ich_hcr_el2 = value; 1511 gicv3_cpuif_virt_update(cs); 1512 } 1513 1514 static uint64_t ich_vmcr_read(CPUARMState *env, const ARMCPRegInfo *ri) 1515 { 1516 GICv3CPUState *cs = icc_cs_from_env(env); 1517 uint64_t value = cs->ich_vmcr_el2; 1518 1519 trace_gicv3_ich_vmcr_read(gicv3_redist_affid(cs), value); 1520 return value; 1521 } 1522 1523 static void ich_vmcr_write(CPUARMState *env, const ARMCPRegInfo *ri, 1524 uint64_t value) 1525 { 1526 GICv3CPUState *cs = icc_cs_from_env(env); 1527 1528 trace_gicv3_ich_vmcr_write(gicv3_redist_affid(cs), value); 1529 1530 value &= ICH_VMCR_EL2_VENG0 | ICH_VMCR_EL2_VENG1 | ICH_VMCR_EL2_VCBPR | 1531 ICH_VMCR_EL2_VEOIM | ICH_VMCR_EL2_VBPR1_MASK | 1532 ICH_VMCR_EL2_VBPR0_MASK | ICH_VMCR_EL2_VPMR_MASK; 1533 value |= ICH_VMCR_EL2_VFIQEN; 1534 1535 cs->ich_vmcr_el2 = value; 1536 /* Enforce "writing BPRs to less than minimum sets them to the minimum" 1537 * by reading and writing back the fields. 1538 */ 1539 write_vbpr(cs, GICV3_G1, read_vbpr(cs, GICV3_G0)); 1540 write_vbpr(cs, GICV3_G1, read_vbpr(cs, GICV3_G1)); 1541 1542 gicv3_cpuif_virt_update(cs); 1543 } 1544 1545 static uint64_t ich_lr_read(CPUARMState *env, const ARMCPRegInfo *ri) 1546 { 1547 GICv3CPUState *cs = icc_cs_from_env(env); 1548 int regno = ri->opc2 | ((ri->crm & 1) << 3); 1549 uint64_t value; 1550 1551 /* This read function handles all of: 1552 * 64-bit reads of the whole LR 1553 * 32-bit reads of the low half of the LR 1554 * 32-bit reads of the high half of the LR 1555 */ 1556 if (ri->state == ARM_CP_STATE_AA32) { 1557 if (ri->crm >= 14) { 1558 value = extract64(cs->ich_lr_el2[regno], 32, 32); 1559 trace_gicv3_ich_lrc_read(regno, gicv3_redist_affid(cs), value); 1560 } else { 1561 value = extract64(cs->ich_lr_el2[regno], 0, 32); 1562 trace_gicv3_ich_lr32_read(regno, gicv3_redist_affid(cs), value); 1563 } 1564 } else { 1565 value = cs->ich_lr_el2[regno]; 1566 trace_gicv3_ich_lr_read(regno, gicv3_redist_affid(cs), value); 1567 } 1568 1569 return value; 1570 } 1571 1572 static void ich_lr_write(CPUARMState *env, const ARMCPRegInfo *ri, 1573 uint64_t value) 1574 { 1575 GICv3CPUState *cs = icc_cs_from_env(env); 1576 int regno = ri->opc2 | ((ri->crm & 1) << 3); 1577 1578 /* This write function handles all of: 1579 * 64-bit writes to the whole LR 1580 * 32-bit writes to the low half of the LR 1581 * 32-bit writes to the high half of the LR 1582 */ 1583 if (ri->state == ARM_CP_STATE_AA32) { 1584 if (ri->crm >= 14) { 1585 trace_gicv3_ich_lrc_write(regno, gicv3_redist_affid(cs), value); 1586 value = deposit64(cs->ich_lr_el2[regno], 32, 32, value); 1587 } else { 1588 trace_gicv3_ich_lr32_write(regno, gicv3_redist_affid(cs), value); 1589 value = deposit64(cs->ich_lr_el2[regno], 0, 32, value); 1590 } 1591 } else { 1592 trace_gicv3_ich_lr_write(regno, gicv3_redist_affid(cs), value); 1593 } 1594 1595 /* Enforce RES0 bits in priority field */ 1596 if (cs->vpribits < 8) { 1597 value = deposit64(value, ICH_LR_EL2_PRIORITY_SHIFT, 1598 8 - cs->vpribits, 0); 1599 } 1600 1601 cs->ich_lr_el2[regno] = value; 1602 gicv3_cpuif_virt_update(cs); 1603 } 1604 1605 static uint64_t ich_vtr_read(CPUARMState *env, const ARMCPRegInfo *ri) 1606 { 1607 GICv3CPUState *cs = icc_cs_from_env(env); 1608 uint64_t value; 1609 1610 value = ((cs->num_list_regs - 1) << ICH_VTR_EL2_LISTREGS_SHIFT) 1611 | ICH_VTR_EL2_TDS | ICH_VTR_EL2_NV4 | ICH_VTR_EL2_A3V 1612 | (1 << ICH_VTR_EL2_IDBITS_SHIFT) 1613 | ((cs->vprebits - 1) << ICH_VTR_EL2_PREBITS_SHIFT) 1614 | ((cs->vpribits - 1) << ICH_VTR_EL2_PRIBITS_SHIFT); 1615 1616 trace_gicv3_ich_vtr_read(gicv3_redist_affid(cs), value); 1617 return value; 1618 } 1619 1620 static uint64_t ich_misr_read(CPUARMState *env, const ARMCPRegInfo *ri) 1621 { 1622 GICv3CPUState *cs = icc_cs_from_env(env); 1623 uint64_t value = maintenance_interrupt_state(cs); 1624 1625 trace_gicv3_ich_misr_read(gicv3_redist_affid(cs), value); 1626 return value; 1627 } 1628 1629 static uint64_t ich_eisr_read(CPUARMState *env, const ARMCPRegInfo *ri) 1630 { 1631 GICv3CPUState *cs = icc_cs_from_env(env); 1632 uint64_t value = eoi_maintenance_interrupt_state(cs, NULL); 1633 1634 trace_gicv3_ich_eisr_read(gicv3_redist_affid(cs), value); 1635 return value; 1636 } 1637 1638 static uint64_t ich_elrsr_read(CPUARMState *env, const ARMCPRegInfo *ri) 1639 { 1640 GICv3CPUState *cs = icc_cs_from_env(env); 1641 uint64_t value = 0; 1642 int i; 1643 1644 for (i = 0; i < cs->num_list_regs; i++) { 1645 uint64_t lr = cs->ich_lr_el2[i]; 1646 1647 if ((lr & ICH_LR_EL2_STATE_MASK) == 0 && 1648 ((lr & ICH_LR_EL2_HW) == 1 || (lr & ICH_LR_EL2_EOI) == 0)) { 1649 value |= (1 << i); 1650 } 1651 } 1652 1653 trace_gicv3_ich_elrsr_read(gicv3_redist_affid(cs), value); 1654 return value; 1655 } 1656 1657 static const ARMCPRegInfo gicv3_cpuif_hcr_reginfo[] = { 1658 { .name = "ICH_AP0R0_EL2", .state = ARM_CP_STATE_BOTH, 1659 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 8, .opc2 = 0, 1660 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1661 .access = PL2_RW, 1662 .readfn = ich_ap_read, 1663 .writefn = ich_ap_write, 1664 }, 1665 { .name = "ICH_AP1R0_EL2", .state = ARM_CP_STATE_BOTH, 1666 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 9, .opc2 = 0, 1667 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1668 .access = PL2_RW, 1669 .readfn = ich_ap_read, 1670 .writefn = ich_ap_write, 1671 }, 1672 { .name = "ICH_HCR_EL2", .state = ARM_CP_STATE_BOTH, 1673 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 11, .opc2 = 0, 1674 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1675 .access = PL2_RW, 1676 .readfn = ich_hcr_read, 1677 .writefn = ich_hcr_write, 1678 }, 1679 { .name = "ICH_VTR_EL2", .state = ARM_CP_STATE_BOTH, 1680 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 11, .opc2 = 1, 1681 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1682 .access = PL2_R, 1683 .readfn = ich_vtr_read, 1684 }, 1685 { .name = "ICH_MISR_EL2", .state = ARM_CP_STATE_BOTH, 1686 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 11, .opc2 = 2, 1687 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1688 .access = PL2_R, 1689 .readfn = ich_misr_read, 1690 }, 1691 { .name = "ICH_EISR_EL2", .state = ARM_CP_STATE_BOTH, 1692 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 11, .opc2 = 3, 1693 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1694 .access = PL2_R, 1695 .readfn = ich_eisr_read, 1696 }, 1697 { .name = "ICH_ELRSR_EL2", .state = ARM_CP_STATE_BOTH, 1698 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 11, .opc2 = 5, 1699 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1700 .access = PL2_R, 1701 .readfn = ich_elrsr_read, 1702 }, 1703 { .name = "ICH_VMCR_EL2", .state = ARM_CP_STATE_BOTH, 1704 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 11, .opc2 = 7, 1705 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1706 .access = PL2_RW, 1707 .readfn = ich_vmcr_read, 1708 .writefn = ich_vmcr_write, 1709 }, 1710 REGINFO_SENTINEL 1711 }; 1712 1713 static const ARMCPRegInfo gicv3_cpuif_ich_apxr1_reginfo[] = { 1714 { .name = "ICH_AP0R1_EL2", .state = ARM_CP_STATE_BOTH, 1715 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 8, .opc2 = 1, 1716 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1717 .access = PL2_RW, 1718 .readfn = ich_ap_read, 1719 .writefn = ich_ap_write, 1720 }, 1721 { .name = "ICH_AP1R1_EL2", .state = ARM_CP_STATE_BOTH, 1722 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 9, .opc2 = 1, 1723 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1724 .access = PL2_RW, 1725 .readfn = ich_ap_read, 1726 .writefn = ich_ap_write, 1727 }, 1728 REGINFO_SENTINEL 1729 }; 1730 1731 static const ARMCPRegInfo gicv3_cpuif_ich_apxr23_reginfo[] = { 1732 { .name = "ICH_AP0R2_EL2", .state = ARM_CP_STATE_BOTH, 1733 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 8, .opc2 = 2, 1734 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1735 .access = PL2_RW, 1736 .readfn = ich_ap_read, 1737 .writefn = ich_ap_write, 1738 }, 1739 { .name = "ICH_AP0R3_EL2", .state = ARM_CP_STATE_BOTH, 1740 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 8, .opc2 = 3, 1741 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1742 .access = PL2_RW, 1743 .readfn = ich_ap_read, 1744 .writefn = ich_ap_write, 1745 }, 1746 { .name = "ICH_AP1R2_EL2", .state = ARM_CP_STATE_BOTH, 1747 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 9, .opc2 = 2, 1748 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1749 .access = PL2_RW, 1750 .readfn = ich_ap_read, 1751 .writefn = ich_ap_write, 1752 }, 1753 { .name = "ICH_AP1R3_EL2", .state = ARM_CP_STATE_BOTH, 1754 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 9, .opc2 = 3, 1755 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1756 .access = PL2_RW, 1757 .readfn = ich_ap_read, 1758 .writefn = ich_ap_write, 1759 }, 1760 REGINFO_SENTINEL 1761 }; 1762 1763 static void gicv3_cpuif_el_change_hook(ARMCPU *cpu, void *opaque) 1764 { 1765 GICv3CPUState *cs = opaque; 1766 1767 gicv3_cpuif_update(cs); 1768 } 1769 1770 void gicv3_init_cpuif(GICv3State *s) 1771 { 1772 /* Called from the GICv3 realize function; register our system 1773 * registers with the CPU 1774 */ 1775 int i; 1776 1777 for (i = 0; i < s->num_cpu; i++) { 1778 ARMCPU *cpu = ARM_CPU(qemu_get_cpu(i)); 1779 GICv3CPUState *cs = &s->cpu[i]; 1780 1781 /* Note that we can't just use the GICv3CPUState as an opaque pointer 1782 * in define_arm_cp_regs_with_opaque(), because when we're called back 1783 * it might be with code translated by CPU 0 but run by CPU 1, in 1784 * which case we'd get the wrong value. 1785 * So instead we define the regs with no ri->opaque info, and 1786 * get back to the GICv3CPUState from the ARMCPU by reading back 1787 * the opaque pointer from the el_change_hook, which we're going 1788 * to need to register anyway. 1789 */ 1790 define_arm_cp_regs(cpu, gicv3_cpuif_reginfo); 1791 if (arm_feature(&cpu->env, ARM_FEATURE_EL2) 1792 && cpu->gic_num_lrs) { 1793 int j; 1794 1795 cs->num_list_regs = cpu->gic_num_lrs; 1796 cs->vpribits = cpu->gic_vpribits; 1797 cs->vprebits = cpu->gic_vprebits; 1798 1799 /* Check against architectural constraints: getting these 1800 * wrong would be a bug in the CPU code defining these, 1801 * and the implementation relies on them holding. 1802 */ 1803 g_assert(cs->vprebits <= cs->vpribits); 1804 g_assert(cs->vprebits >= 5 && cs->vprebits <= 7); 1805 g_assert(cs->vpribits >= 5 && cs->vpribits <= 8); 1806 1807 define_arm_cp_regs(cpu, gicv3_cpuif_hcr_reginfo); 1808 1809 for (j = 0; j < cs->num_list_regs; j++) { 1810 /* Note that the AArch64 LRs are 64-bit; the AArch32 LRs 1811 * are split into two cp15 regs, LR (the low part, with the 1812 * same encoding as the AArch64 LR) and LRC (the high part). 1813 */ 1814 ARMCPRegInfo lr_regset[] = { 1815 { .name = "ICH_LRn_EL2", .state = ARM_CP_STATE_BOTH, 1816 .opc0 = 3, .opc1 = 4, .crn = 12, 1817 .crm = 12 + (j >> 3), .opc2 = j & 7, 1818 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1819 .access = PL2_RW, 1820 .readfn = ich_lr_read, 1821 .writefn = ich_lr_write, 1822 }, 1823 { .name = "ICH_LRCn_EL2", .state = ARM_CP_STATE_AA32, 1824 .cp = 15, .opc1 = 4, .crn = 12, 1825 .crm = 14 + (j >> 3), .opc2 = j & 7, 1826 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1827 .access = PL2_RW, 1828 .readfn = ich_lr_read, 1829 .writefn = ich_lr_write, 1830 }, 1831 REGINFO_SENTINEL 1832 }; 1833 define_arm_cp_regs(cpu, lr_regset); 1834 } 1835 if (cs->vprebits >= 6) { 1836 define_arm_cp_regs(cpu, gicv3_cpuif_ich_apxr1_reginfo); 1837 } 1838 if (cs->vprebits == 7) { 1839 define_arm_cp_regs(cpu, gicv3_cpuif_ich_apxr23_reginfo); 1840 } 1841 } 1842 arm_register_el_change_hook(cpu, gicv3_cpuif_el_change_hook, cs); 1843 } 1844 } 1845