1 /* 2 * ARM Generic Interrupt Controller v3 (emulation) 3 * 4 * Copyright (c) 2016 Linaro Limited 5 * Written by Peter Maydell 6 * 7 * This code is licensed under the GPL, version 2 or (at your option) 8 * any later version. 9 */ 10 11 /* This file contains the code for the system register interface 12 * portions of the GICv3. 13 */ 14 15 #include "qemu/osdep.h" 16 #include "qemu/bitops.h" 17 #include "qemu/log.h" 18 #include "qemu/main-loop.h" 19 #include "trace.h" 20 #include "gicv3_internal.h" 21 #include "hw/irq.h" 22 #include "cpu.h" 23 24 /* 25 * Special case return value from hppvi_index(); must be larger than 26 * the architecturally maximum possible list register index (which is 15) 27 */ 28 #define HPPVI_INDEX_VLPI 16 29 30 static GICv3CPUState *icc_cs_from_env(CPUARMState *env) 31 { 32 return env->gicv3state; 33 } 34 35 static bool gicv3_use_ns_bank(CPUARMState *env) 36 { 37 /* Return true if we should use the NonSecure bank for a banked GIC 38 * CPU interface register. Note that this differs from the 39 * access_secure_reg() function because GICv3 banked registers are 40 * banked even for AArch64, unlike the other CPU system registers. 41 */ 42 return !arm_is_secure_below_el3(env); 43 } 44 45 /* The minimum BPR for the virtual interface is a configurable property */ 46 static inline int icv_min_vbpr(GICv3CPUState *cs) 47 { 48 return 7 - cs->vprebits; 49 } 50 51 /* Simple accessor functions for LR fields */ 52 static uint32_t ich_lr_vintid(uint64_t lr) 53 { 54 return extract64(lr, ICH_LR_EL2_VINTID_SHIFT, ICH_LR_EL2_VINTID_LENGTH); 55 } 56 57 static uint32_t ich_lr_pintid(uint64_t lr) 58 { 59 return extract64(lr, ICH_LR_EL2_PINTID_SHIFT, ICH_LR_EL2_PINTID_LENGTH); 60 } 61 62 static uint32_t ich_lr_prio(uint64_t lr) 63 { 64 return extract64(lr, ICH_LR_EL2_PRIORITY_SHIFT, ICH_LR_EL2_PRIORITY_LENGTH); 65 } 66 67 static int ich_lr_state(uint64_t lr) 68 { 69 return extract64(lr, ICH_LR_EL2_STATE_SHIFT, ICH_LR_EL2_STATE_LENGTH); 70 } 71 72 static bool icv_access(CPUARMState *env, int hcr_flags) 73 { 74 /* Return true if this ICC_ register access should really be 75 * directed to an ICV_ access. hcr_flags is a mask of 76 * HCR_EL2 bits to check: we treat this as an ICV_ access 77 * if we are in NS EL1 and at least one of the specified 78 * HCR_EL2 bits is set. 79 * 80 * ICV registers fall into four categories: 81 * * access if NS EL1 and HCR_EL2.FMO == 1: 82 * all ICV regs with '0' in their name 83 * * access if NS EL1 and HCR_EL2.IMO == 1: 84 * all ICV regs with '1' in their name 85 * * access if NS EL1 and either IMO or FMO == 1: 86 * CTLR, DIR, PMR, RPR 87 */ 88 uint64_t hcr_el2 = arm_hcr_el2_eff(env); 89 bool flagmatch = hcr_el2 & hcr_flags & (HCR_IMO | HCR_FMO); 90 91 return flagmatch && arm_current_el(env) == 1 92 && !arm_is_secure_below_el3(env); 93 } 94 95 static int read_vbpr(GICv3CPUState *cs, int grp) 96 { 97 /* Read VBPR value out of the VMCR field (caller must handle 98 * VCBPR effects if required) 99 */ 100 if (grp == GICV3_G0) { 101 return extract64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VBPR0_SHIFT, 102 ICH_VMCR_EL2_VBPR0_LENGTH); 103 } else { 104 return extract64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VBPR1_SHIFT, 105 ICH_VMCR_EL2_VBPR1_LENGTH); 106 } 107 } 108 109 static void write_vbpr(GICv3CPUState *cs, int grp, int value) 110 { 111 /* Write new VBPR1 value, handling the "writing a value less than 112 * the minimum sets it to the minimum" semantics. 113 */ 114 int min = icv_min_vbpr(cs); 115 116 if (grp != GICV3_G0) { 117 min++; 118 } 119 120 value = MAX(value, min); 121 122 if (grp == GICV3_G0) { 123 cs->ich_vmcr_el2 = deposit64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VBPR0_SHIFT, 124 ICH_VMCR_EL2_VBPR0_LENGTH, value); 125 } else { 126 cs->ich_vmcr_el2 = deposit64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VBPR1_SHIFT, 127 ICH_VMCR_EL2_VBPR1_LENGTH, value); 128 } 129 } 130 131 static uint32_t icv_fullprio_mask(GICv3CPUState *cs) 132 { 133 /* Return a mask word which clears the unimplemented priority bits 134 * from a priority value for a virtual interrupt. (Not to be confused 135 * with the group priority, whose mask depends on the value of VBPR 136 * for the interrupt group.) 137 */ 138 return ~0U << (8 - cs->vpribits); 139 } 140 141 static int ich_highest_active_virt_prio(GICv3CPUState *cs) 142 { 143 /* Calculate the current running priority based on the set bits 144 * in the ICH Active Priority Registers. 145 */ 146 int i; 147 int aprmax = 1 << (cs->vprebits - 5); 148 149 assert(aprmax <= ARRAY_SIZE(cs->ich_apr[0])); 150 151 for (i = 0; i < aprmax; i++) { 152 uint32_t apr = cs->ich_apr[GICV3_G0][i] | 153 cs->ich_apr[GICV3_G1NS][i]; 154 155 if (!apr) { 156 continue; 157 } 158 return (i * 32 + ctz32(apr)) << (icv_min_vbpr(cs) + 1); 159 } 160 /* No current active interrupts: return idle priority */ 161 return 0xff; 162 } 163 164 static int hppvi_index(GICv3CPUState *cs) 165 { 166 /* 167 * Return the list register index of the highest priority pending 168 * virtual interrupt, as per the HighestPriorityVirtualInterrupt 169 * pseudocode. If no pending virtual interrupts, return -1. 170 * If the highest priority pending virtual interrupt is a vLPI, 171 * return HPPVI_INDEX_VLPI. 172 * (The pseudocode handles checking whether the vLPI is higher 173 * priority than the highest priority list register at every 174 * callsite of HighestPriorityVirtualInterrupt; we check it here.) 175 */ 176 ARMCPU *cpu = ARM_CPU(cs->cpu); 177 CPUARMState *env = &cpu->env; 178 int idx = -1; 179 int i; 180 /* Note that a list register entry with a priority of 0xff will 181 * never be reported by this function; this is the architecturally 182 * correct behaviour. 183 */ 184 int prio = 0xff; 185 186 if (!(cs->ich_vmcr_el2 & (ICH_VMCR_EL2_VENG0 | ICH_VMCR_EL2_VENG1))) { 187 /* Both groups disabled, definitely nothing to do */ 188 return idx; 189 } 190 191 for (i = 0; i < cs->num_list_regs; i++) { 192 uint64_t lr = cs->ich_lr_el2[i]; 193 int thisprio; 194 195 if (ich_lr_state(lr) != ICH_LR_EL2_STATE_PENDING) { 196 /* Not Pending */ 197 continue; 198 } 199 200 /* Ignore interrupts if relevant group enable not set */ 201 if (lr & ICH_LR_EL2_GROUP) { 202 if (!(cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG1)) { 203 continue; 204 } 205 } else { 206 if (!(cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG0)) { 207 continue; 208 } 209 } 210 211 thisprio = ich_lr_prio(lr); 212 213 if (thisprio < prio) { 214 prio = thisprio; 215 idx = i; 216 } 217 } 218 219 /* 220 * "no pending vLPI" is indicated with prio = 0xff, which always 221 * fails the priority check here. vLPIs are only considered 222 * when we are in Non-Secure state. 223 */ 224 if (cs->hppvlpi.prio < prio && !arm_is_secure(env)) { 225 if (cs->hppvlpi.grp == GICV3_G0) { 226 if (cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG0) { 227 return HPPVI_INDEX_VLPI; 228 } 229 } else { 230 if (cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG1) { 231 return HPPVI_INDEX_VLPI; 232 } 233 } 234 } 235 236 return idx; 237 } 238 239 static uint32_t icv_gprio_mask(GICv3CPUState *cs, int group) 240 { 241 /* Return a mask word which clears the subpriority bits from 242 * a priority value for a virtual interrupt in the specified group. 243 * This depends on the VBPR value. 244 * If using VBPR0 then: 245 * a BPR of 0 means the group priority bits are [7:1]; 246 * a BPR of 1 means they are [7:2], and so on down to 247 * a BPR of 7 meaning no group priority bits at all. 248 * If using VBPR1 then: 249 * a BPR of 0 is impossible (the minimum value is 1) 250 * a BPR of 1 means the group priority bits are [7:1]; 251 * a BPR of 2 means they are [7:2], and so on down to 252 * a BPR of 7 meaning the group priority is [7]. 253 * 254 * Which BPR to use depends on the group of the interrupt and 255 * the current ICH_VMCR_EL2.VCBPR settings. 256 * 257 * This corresponds to the VGroupBits() pseudocode. 258 */ 259 int bpr; 260 261 if (group == GICV3_G1NS && cs->ich_vmcr_el2 & ICH_VMCR_EL2_VCBPR) { 262 group = GICV3_G0; 263 } 264 265 bpr = read_vbpr(cs, group); 266 if (group == GICV3_G1NS) { 267 assert(bpr > 0); 268 bpr--; 269 } 270 271 return ~0U << (bpr + 1); 272 } 273 274 static bool icv_hppi_can_preempt(GICv3CPUState *cs, uint64_t lr) 275 { 276 /* Return true if we can signal this virtual interrupt defined by 277 * the given list register value; see the pseudocode functions 278 * CanSignalVirtualInterrupt and CanSignalVirtualInt. 279 * Compare also icc_hppi_can_preempt() which is the non-virtual 280 * equivalent of these checks. 281 */ 282 int grp; 283 uint32_t mask, prio, rprio, vpmr; 284 285 if (!(cs->ich_hcr_el2 & ICH_HCR_EL2_EN)) { 286 /* Virtual interface disabled */ 287 return false; 288 } 289 290 /* We don't need to check that this LR is in Pending state because 291 * that has already been done in hppvi_index(). 292 */ 293 294 prio = ich_lr_prio(lr); 295 vpmr = extract64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VPMR_SHIFT, 296 ICH_VMCR_EL2_VPMR_LENGTH); 297 298 if (prio >= vpmr) { 299 /* Priority mask masks this interrupt */ 300 return false; 301 } 302 303 rprio = ich_highest_active_virt_prio(cs); 304 if (rprio == 0xff) { 305 /* No running interrupt so we can preempt */ 306 return true; 307 } 308 309 grp = (lr & ICH_LR_EL2_GROUP) ? GICV3_G1NS : GICV3_G0; 310 311 mask = icv_gprio_mask(cs, grp); 312 313 /* We only preempt a running interrupt if the pending interrupt's 314 * group priority is sufficient (the subpriorities are not considered). 315 */ 316 if ((prio & mask) < (rprio & mask)) { 317 return true; 318 } 319 320 return false; 321 } 322 323 static bool icv_hppvlpi_can_preempt(GICv3CPUState *cs) 324 { 325 /* 326 * Return true if we can signal the highest priority pending vLPI. 327 * We can assume we're Non-secure because hppvi_index() already 328 * tested for that. 329 */ 330 uint32_t mask, rprio, vpmr; 331 332 if (!(cs->ich_hcr_el2 & ICH_HCR_EL2_EN)) { 333 /* Virtual interface disabled */ 334 return false; 335 } 336 337 vpmr = extract64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VPMR_SHIFT, 338 ICH_VMCR_EL2_VPMR_LENGTH); 339 340 if (cs->hppvlpi.prio >= vpmr) { 341 /* Priority mask masks this interrupt */ 342 return false; 343 } 344 345 rprio = ich_highest_active_virt_prio(cs); 346 if (rprio == 0xff) { 347 /* No running interrupt so we can preempt */ 348 return true; 349 } 350 351 mask = icv_gprio_mask(cs, cs->hppvlpi.grp); 352 353 /* 354 * We only preempt a running interrupt if the pending interrupt's 355 * group priority is sufficient (the subpriorities are not considered). 356 */ 357 if ((cs->hppvlpi.prio & mask) < (rprio & mask)) { 358 return true; 359 } 360 361 return false; 362 } 363 364 static uint32_t eoi_maintenance_interrupt_state(GICv3CPUState *cs, 365 uint32_t *misr) 366 { 367 /* Return a set of bits indicating the EOI maintenance interrupt status 368 * for each list register. The EOI maintenance interrupt status is 369 * 1 if LR.State == 0 && LR.HW == 0 && LR.EOI == 1 370 * (see the GICv3 spec for the ICH_EISR_EL2 register). 371 * If misr is not NULL then we should also collect the information 372 * about the MISR.EOI, MISR.NP and MISR.U bits. 373 */ 374 uint32_t value = 0; 375 int validcount = 0; 376 bool seenpending = false; 377 int i; 378 379 for (i = 0; i < cs->num_list_regs; i++) { 380 uint64_t lr = cs->ich_lr_el2[i]; 381 382 if ((lr & (ICH_LR_EL2_STATE_MASK | ICH_LR_EL2_HW | ICH_LR_EL2_EOI)) 383 == ICH_LR_EL2_EOI) { 384 value |= (1 << i); 385 } 386 if ((lr & ICH_LR_EL2_STATE_MASK)) { 387 validcount++; 388 } 389 if (ich_lr_state(lr) == ICH_LR_EL2_STATE_PENDING) { 390 seenpending = true; 391 } 392 } 393 394 if (misr) { 395 if (validcount < 2 && (cs->ich_hcr_el2 & ICH_HCR_EL2_UIE)) { 396 *misr |= ICH_MISR_EL2_U; 397 } 398 if (!seenpending && (cs->ich_hcr_el2 & ICH_HCR_EL2_NPIE)) { 399 *misr |= ICH_MISR_EL2_NP; 400 } 401 if (value) { 402 *misr |= ICH_MISR_EL2_EOI; 403 } 404 } 405 return value; 406 } 407 408 static uint32_t maintenance_interrupt_state(GICv3CPUState *cs) 409 { 410 /* Return a set of bits indicating the maintenance interrupt status 411 * (as seen in the ICH_MISR_EL2 register). 412 */ 413 uint32_t value = 0; 414 415 /* Scan list registers and fill in the U, NP and EOI bits */ 416 eoi_maintenance_interrupt_state(cs, &value); 417 418 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_LRENPIE) && 419 (cs->ich_hcr_el2 & ICH_HCR_EL2_EOICOUNT_MASK)) { 420 value |= ICH_MISR_EL2_LRENP; 421 } 422 423 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_VGRP0EIE) && 424 (cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG0)) { 425 value |= ICH_MISR_EL2_VGRP0E; 426 } 427 428 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_VGRP0DIE) && 429 !(cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG1)) { 430 value |= ICH_MISR_EL2_VGRP0D; 431 } 432 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_VGRP1EIE) && 433 (cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG1)) { 434 value |= ICH_MISR_EL2_VGRP1E; 435 } 436 437 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_VGRP1DIE) && 438 !(cs->ich_vmcr_el2 & ICH_VMCR_EL2_VENG1)) { 439 value |= ICH_MISR_EL2_VGRP1D; 440 } 441 442 return value; 443 } 444 445 void gicv3_cpuif_virt_irq_fiq_update(GICv3CPUState *cs) 446 { 447 /* 448 * Tell the CPU about any pending virtual interrupts. 449 * This should only be called for changes that affect the 450 * vIRQ and vFIQ status and do not change the maintenance 451 * interrupt status. This means that unlike gicv3_cpuif_virt_update() 452 * this function won't recursively call back into the GIC code. 453 * The main use of this is when the redistributor has changed the 454 * highest priority pending virtual LPI. 455 */ 456 int idx; 457 int irqlevel = 0; 458 int fiqlevel = 0; 459 460 idx = hppvi_index(cs); 461 trace_gicv3_cpuif_virt_update(gicv3_redist_affid(cs), idx, 462 cs->hppvlpi.irq, cs->hppvlpi.grp, 463 cs->hppvlpi.prio); 464 if (idx == HPPVI_INDEX_VLPI) { 465 if (icv_hppvlpi_can_preempt(cs)) { 466 if (cs->hppvlpi.grp == GICV3_G0) { 467 fiqlevel = 1; 468 } else { 469 irqlevel = 1; 470 } 471 } 472 } else if (idx >= 0) { 473 uint64_t lr = cs->ich_lr_el2[idx]; 474 475 if (icv_hppi_can_preempt(cs, lr)) { 476 /* Virtual interrupts are simple: G0 are always FIQ, and G1 IRQ */ 477 if (lr & ICH_LR_EL2_GROUP) { 478 irqlevel = 1; 479 } else { 480 fiqlevel = 1; 481 } 482 } 483 } 484 485 trace_gicv3_cpuif_virt_set_irqs(gicv3_redist_affid(cs), fiqlevel, irqlevel); 486 qemu_set_irq(cs->parent_vfiq, fiqlevel); 487 qemu_set_irq(cs->parent_virq, irqlevel); 488 } 489 490 static void gicv3_cpuif_virt_update(GICv3CPUState *cs) 491 { 492 /* 493 * Tell the CPU about any pending virtual interrupts or 494 * maintenance interrupts, following a change to the state 495 * of the CPU interface relevant to virtual interrupts. 496 * 497 * CAUTION: this function will call qemu_set_irq() on the 498 * CPU maintenance IRQ line, which is typically wired up 499 * to the GIC as a per-CPU interrupt. This means that it 500 * will recursively call back into the GIC code via 501 * gicv3_redist_set_irq() and thus into the CPU interface code's 502 * gicv3_cpuif_update(). It is therefore important that this 503 * function is only called as the final action of a CPU interface 504 * register write implementation, after all the GIC state 505 * fields have been updated. gicv3_cpuif_update() also must 506 * not cause this function to be called, but that happens 507 * naturally as a result of there being no architectural 508 * linkage between the physical and virtual GIC logic. 509 */ 510 ARMCPU *cpu = ARM_CPU(cs->cpu); 511 int maintlevel = 0; 512 513 gicv3_cpuif_virt_irq_fiq_update(cs); 514 515 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_EN) && 516 maintenance_interrupt_state(cs) != 0) { 517 maintlevel = 1; 518 } 519 520 trace_gicv3_cpuif_virt_set_maint_irq(gicv3_redist_affid(cs), maintlevel); 521 qemu_set_irq(cpu->gicv3_maintenance_interrupt, maintlevel); 522 } 523 524 static uint64_t icv_ap_read(CPUARMState *env, const ARMCPRegInfo *ri) 525 { 526 GICv3CPUState *cs = icc_cs_from_env(env); 527 int regno = ri->opc2 & 3; 528 int grp = (ri->crm & 1) ? GICV3_G1NS : GICV3_G0; 529 uint64_t value = cs->ich_apr[grp][regno]; 530 531 trace_gicv3_icv_ap_read(ri->crm & 1, regno, gicv3_redist_affid(cs), value); 532 return value; 533 } 534 535 static void icv_ap_write(CPUARMState *env, const ARMCPRegInfo *ri, 536 uint64_t value) 537 { 538 GICv3CPUState *cs = icc_cs_from_env(env); 539 int regno = ri->opc2 & 3; 540 int grp = (ri->crm & 1) ? GICV3_G1NS : GICV3_G0; 541 542 trace_gicv3_icv_ap_write(ri->crm & 1, regno, gicv3_redist_affid(cs), value); 543 544 cs->ich_apr[grp][regno] = value & 0xFFFFFFFFU; 545 546 gicv3_cpuif_virt_irq_fiq_update(cs); 547 return; 548 } 549 550 static uint64_t icv_bpr_read(CPUARMState *env, const ARMCPRegInfo *ri) 551 { 552 GICv3CPUState *cs = icc_cs_from_env(env); 553 int grp = (ri->crm == 8) ? GICV3_G0 : GICV3_G1NS; 554 uint64_t bpr; 555 bool satinc = false; 556 557 if (grp == GICV3_G1NS && (cs->ich_vmcr_el2 & ICH_VMCR_EL2_VCBPR)) { 558 /* reads return bpr0 + 1 saturated to 7, writes ignored */ 559 grp = GICV3_G0; 560 satinc = true; 561 } 562 563 bpr = read_vbpr(cs, grp); 564 565 if (satinc) { 566 bpr++; 567 bpr = MIN(bpr, 7); 568 } 569 570 trace_gicv3_icv_bpr_read(ri->crm == 8 ? 0 : 1, gicv3_redist_affid(cs), bpr); 571 572 return bpr; 573 } 574 575 static void icv_bpr_write(CPUARMState *env, const ARMCPRegInfo *ri, 576 uint64_t value) 577 { 578 GICv3CPUState *cs = icc_cs_from_env(env); 579 int grp = (ri->crm == 8) ? GICV3_G0 : GICV3_G1NS; 580 581 trace_gicv3_icv_bpr_write(ri->crm == 8 ? 0 : 1, 582 gicv3_redist_affid(cs), value); 583 584 if (grp == GICV3_G1NS && (cs->ich_vmcr_el2 & ICH_VMCR_EL2_VCBPR)) { 585 /* reads return bpr0 + 1 saturated to 7, writes ignored */ 586 return; 587 } 588 589 write_vbpr(cs, grp, value); 590 591 gicv3_cpuif_virt_irq_fiq_update(cs); 592 } 593 594 static uint64_t icv_pmr_read(CPUARMState *env, const ARMCPRegInfo *ri) 595 { 596 GICv3CPUState *cs = icc_cs_from_env(env); 597 uint64_t value; 598 599 value = extract64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VPMR_SHIFT, 600 ICH_VMCR_EL2_VPMR_LENGTH); 601 602 trace_gicv3_icv_pmr_read(gicv3_redist_affid(cs), value); 603 return value; 604 } 605 606 static void icv_pmr_write(CPUARMState *env, const ARMCPRegInfo *ri, 607 uint64_t value) 608 { 609 GICv3CPUState *cs = icc_cs_from_env(env); 610 611 trace_gicv3_icv_pmr_write(gicv3_redist_affid(cs), value); 612 613 value &= icv_fullprio_mask(cs); 614 615 cs->ich_vmcr_el2 = deposit64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VPMR_SHIFT, 616 ICH_VMCR_EL2_VPMR_LENGTH, value); 617 618 gicv3_cpuif_virt_irq_fiq_update(cs); 619 } 620 621 static uint64_t icv_igrpen_read(CPUARMState *env, const ARMCPRegInfo *ri) 622 { 623 GICv3CPUState *cs = icc_cs_from_env(env); 624 int enbit; 625 uint64_t value; 626 627 enbit = ri->opc2 & 1 ? ICH_VMCR_EL2_VENG1_SHIFT : ICH_VMCR_EL2_VENG0_SHIFT; 628 value = extract64(cs->ich_vmcr_el2, enbit, 1); 629 630 trace_gicv3_icv_igrpen_read(ri->opc2 & 1 ? 1 : 0, 631 gicv3_redist_affid(cs), value); 632 return value; 633 } 634 635 static void icv_igrpen_write(CPUARMState *env, const ARMCPRegInfo *ri, 636 uint64_t value) 637 { 638 GICv3CPUState *cs = icc_cs_from_env(env); 639 int enbit; 640 641 trace_gicv3_icv_igrpen_write(ri->opc2 & 1 ? 1 : 0, 642 gicv3_redist_affid(cs), value); 643 644 enbit = ri->opc2 & 1 ? ICH_VMCR_EL2_VENG1_SHIFT : ICH_VMCR_EL2_VENG0_SHIFT; 645 646 cs->ich_vmcr_el2 = deposit64(cs->ich_vmcr_el2, enbit, 1, value); 647 gicv3_cpuif_virt_update(cs); 648 } 649 650 static uint64_t icv_ctlr_read(CPUARMState *env, const ARMCPRegInfo *ri) 651 { 652 GICv3CPUState *cs = icc_cs_from_env(env); 653 uint64_t value; 654 655 /* Note that the fixed fields here (A3V, SEIS, IDbits, PRIbits) 656 * should match the ones reported in ich_vtr_read(). 657 */ 658 value = ICC_CTLR_EL1_A3V | (1 << ICC_CTLR_EL1_IDBITS_SHIFT) | 659 (7 << ICC_CTLR_EL1_PRIBITS_SHIFT); 660 661 if (cs->ich_vmcr_el2 & ICH_VMCR_EL2_VEOIM) { 662 value |= ICC_CTLR_EL1_EOIMODE; 663 } 664 665 if (cs->ich_vmcr_el2 & ICH_VMCR_EL2_VCBPR) { 666 value |= ICC_CTLR_EL1_CBPR; 667 } 668 669 trace_gicv3_icv_ctlr_read(gicv3_redist_affid(cs), value); 670 return value; 671 } 672 673 static void icv_ctlr_write(CPUARMState *env, const ARMCPRegInfo *ri, 674 uint64_t value) 675 { 676 GICv3CPUState *cs = icc_cs_from_env(env); 677 678 trace_gicv3_icv_ctlr_write(gicv3_redist_affid(cs), value); 679 680 cs->ich_vmcr_el2 = deposit64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VCBPR_SHIFT, 681 1, value & ICC_CTLR_EL1_CBPR ? 1 : 0); 682 cs->ich_vmcr_el2 = deposit64(cs->ich_vmcr_el2, ICH_VMCR_EL2_VEOIM_SHIFT, 683 1, value & ICC_CTLR_EL1_EOIMODE ? 1 : 0); 684 685 gicv3_cpuif_virt_irq_fiq_update(cs); 686 } 687 688 static uint64_t icv_rpr_read(CPUARMState *env, const ARMCPRegInfo *ri) 689 { 690 GICv3CPUState *cs = icc_cs_from_env(env); 691 int prio = ich_highest_active_virt_prio(cs); 692 693 trace_gicv3_icv_rpr_read(gicv3_redist_affid(cs), prio); 694 return prio; 695 } 696 697 static uint64_t icv_hppir_read(CPUARMState *env, const ARMCPRegInfo *ri) 698 { 699 GICv3CPUState *cs = icc_cs_from_env(env); 700 int grp = ri->crm == 8 ? GICV3_G0 : GICV3_G1NS; 701 int idx = hppvi_index(cs); 702 uint64_t value = INTID_SPURIOUS; 703 704 if (idx == HPPVI_INDEX_VLPI) { 705 if (cs->hppvlpi.grp == grp) { 706 value = cs->hppvlpi.irq; 707 } 708 } else if (idx >= 0) { 709 uint64_t lr = cs->ich_lr_el2[idx]; 710 int thisgrp = (lr & ICH_LR_EL2_GROUP) ? GICV3_G1NS : GICV3_G0; 711 712 if (grp == thisgrp) { 713 value = ich_lr_vintid(lr); 714 } 715 } 716 717 trace_gicv3_icv_hppir_read(ri->crm == 8 ? 0 : 1, 718 gicv3_redist_affid(cs), value); 719 return value; 720 } 721 722 static void icv_activate_irq(GICv3CPUState *cs, int idx, int grp) 723 { 724 /* Activate the interrupt in the specified list register 725 * by moving it from Pending to Active state, and update the 726 * Active Priority Registers. 727 */ 728 uint32_t mask = icv_gprio_mask(cs, grp); 729 int prio = ich_lr_prio(cs->ich_lr_el2[idx]) & mask; 730 int aprbit = prio >> (8 - cs->vprebits); 731 int regno = aprbit / 32; 732 int regbit = aprbit % 32; 733 734 cs->ich_lr_el2[idx] &= ~ICH_LR_EL2_STATE_PENDING_BIT; 735 cs->ich_lr_el2[idx] |= ICH_LR_EL2_STATE_ACTIVE_BIT; 736 cs->ich_apr[grp][regno] |= (1 << regbit); 737 } 738 739 static void icv_activate_vlpi(GICv3CPUState *cs) 740 { 741 uint32_t mask = icv_gprio_mask(cs, cs->hppvlpi.grp); 742 int prio = cs->hppvlpi.prio & mask; 743 int aprbit = prio >> (8 - cs->vprebits); 744 int regno = aprbit / 32; 745 int regbit = aprbit % 32; 746 747 cs->ich_apr[cs->hppvlpi.grp][regno] |= (1 << regbit); 748 gicv3_redist_vlpi_pending(cs, cs->hppvlpi.irq, 0); 749 } 750 751 static uint64_t icv_iar_read(CPUARMState *env, const ARMCPRegInfo *ri) 752 { 753 GICv3CPUState *cs = icc_cs_from_env(env); 754 int grp = ri->crm == 8 ? GICV3_G0 : GICV3_G1NS; 755 int idx = hppvi_index(cs); 756 uint64_t intid = INTID_SPURIOUS; 757 758 if (idx == HPPVI_INDEX_VLPI) { 759 if (cs->hppvlpi.grp == grp && icv_hppvlpi_can_preempt(cs)) { 760 intid = cs->hppvlpi.irq; 761 icv_activate_vlpi(cs); 762 } 763 } else if (idx >= 0) { 764 uint64_t lr = cs->ich_lr_el2[idx]; 765 int thisgrp = (lr & ICH_LR_EL2_GROUP) ? GICV3_G1NS : GICV3_G0; 766 767 if (thisgrp == grp && icv_hppi_can_preempt(cs, lr)) { 768 intid = ich_lr_vintid(lr); 769 if (!gicv3_intid_is_special(intid)) { 770 icv_activate_irq(cs, idx, grp); 771 } else { 772 /* Interrupt goes from Pending to Invalid */ 773 cs->ich_lr_el2[idx] &= ~ICH_LR_EL2_STATE_PENDING_BIT; 774 /* We will now return the (bogus) ID from the list register, 775 * as per the pseudocode. 776 */ 777 } 778 } 779 } 780 781 trace_gicv3_icv_iar_read(ri->crm == 8 ? 0 : 1, 782 gicv3_redist_affid(cs), intid); 783 784 gicv3_cpuif_virt_update(cs); 785 786 return intid; 787 } 788 789 static int icc_highest_active_prio(GICv3CPUState *cs) 790 { 791 /* Calculate the current running priority based on the set bits 792 * in the Active Priority Registers. 793 */ 794 int i; 795 796 for (i = 0; i < ARRAY_SIZE(cs->icc_apr[0]); i++) { 797 uint32_t apr = cs->icc_apr[GICV3_G0][i] | 798 cs->icc_apr[GICV3_G1][i] | cs->icc_apr[GICV3_G1NS][i]; 799 800 if (!apr) { 801 continue; 802 } 803 return (i * 32 + ctz32(apr)) << (GIC_MIN_BPR + 1); 804 } 805 /* No current active interrupts: return idle priority */ 806 return 0xff; 807 } 808 809 static uint32_t icc_gprio_mask(GICv3CPUState *cs, int group) 810 { 811 /* Return a mask word which clears the subpriority bits from 812 * a priority value for an interrupt in the specified group. 813 * This depends on the BPR value. For CBPR0 (S or NS): 814 * a BPR of 0 means the group priority bits are [7:1]; 815 * a BPR of 1 means they are [7:2], and so on down to 816 * a BPR of 7 meaning no group priority bits at all. 817 * For CBPR1 NS: 818 * a BPR of 0 is impossible (the minimum value is 1) 819 * a BPR of 1 means the group priority bits are [7:1]; 820 * a BPR of 2 means they are [7:2], and so on down to 821 * a BPR of 7 meaning the group priority is [7]. 822 * 823 * Which BPR to use depends on the group of the interrupt and 824 * the current ICC_CTLR.CBPR settings. 825 * 826 * This corresponds to the GroupBits() pseudocode. 827 */ 828 int bpr; 829 830 if ((group == GICV3_G1 && cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_CBPR) || 831 (group == GICV3_G1NS && 832 cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR)) { 833 group = GICV3_G0; 834 } 835 836 bpr = cs->icc_bpr[group] & 7; 837 838 if (group == GICV3_G1NS) { 839 assert(bpr > 0); 840 bpr--; 841 } 842 843 return ~0U << (bpr + 1); 844 } 845 846 static bool icc_no_enabled_hppi(GICv3CPUState *cs) 847 { 848 /* Return true if there is no pending interrupt, or the 849 * highest priority pending interrupt is in a group which has been 850 * disabled at the CPU interface by the ICC_IGRPEN* register enable bits. 851 */ 852 return cs->hppi.prio == 0xff || (cs->icc_igrpen[cs->hppi.grp] == 0); 853 } 854 855 static bool icc_hppi_can_preempt(GICv3CPUState *cs) 856 { 857 /* Return true if we have a pending interrupt of sufficient 858 * priority to preempt. 859 */ 860 int rprio; 861 uint32_t mask; 862 863 if (icc_no_enabled_hppi(cs)) { 864 return false; 865 } 866 867 if (cs->hppi.prio >= cs->icc_pmr_el1) { 868 /* Priority mask masks this interrupt */ 869 return false; 870 } 871 872 rprio = icc_highest_active_prio(cs); 873 if (rprio == 0xff) { 874 /* No currently running interrupt so we can preempt */ 875 return true; 876 } 877 878 mask = icc_gprio_mask(cs, cs->hppi.grp); 879 880 /* We only preempt a running interrupt if the pending interrupt's 881 * group priority is sufficient (the subpriorities are not considered). 882 */ 883 if ((cs->hppi.prio & mask) < (rprio & mask)) { 884 return true; 885 } 886 887 return false; 888 } 889 890 void gicv3_cpuif_update(GICv3CPUState *cs) 891 { 892 /* Tell the CPU about its highest priority pending interrupt */ 893 int irqlevel = 0; 894 int fiqlevel = 0; 895 ARMCPU *cpu = ARM_CPU(cs->cpu); 896 CPUARMState *env = &cpu->env; 897 898 g_assert(qemu_mutex_iothread_locked()); 899 900 trace_gicv3_cpuif_update(gicv3_redist_affid(cs), cs->hppi.irq, 901 cs->hppi.grp, cs->hppi.prio); 902 903 if (cs->hppi.grp == GICV3_G1 && !arm_feature(env, ARM_FEATURE_EL3)) { 904 /* If a Security-enabled GIC sends a G1S interrupt to a 905 * Security-disabled CPU, we must treat it as if it were G0. 906 */ 907 cs->hppi.grp = GICV3_G0; 908 } 909 910 if (icc_hppi_can_preempt(cs)) { 911 /* We have an interrupt: should we signal it as IRQ or FIQ? 912 * This is described in the GICv3 spec section 4.6.2. 913 */ 914 bool isfiq; 915 916 switch (cs->hppi.grp) { 917 case GICV3_G0: 918 isfiq = true; 919 break; 920 case GICV3_G1: 921 isfiq = (!arm_is_secure(env) || 922 (arm_current_el(env) == 3 && arm_el_is_aa64(env, 3))); 923 break; 924 case GICV3_G1NS: 925 isfiq = arm_is_secure(env); 926 break; 927 default: 928 g_assert_not_reached(); 929 } 930 931 if (isfiq) { 932 fiqlevel = 1; 933 } else { 934 irqlevel = 1; 935 } 936 } 937 938 trace_gicv3_cpuif_set_irqs(gicv3_redist_affid(cs), fiqlevel, irqlevel); 939 940 qemu_set_irq(cs->parent_fiq, fiqlevel); 941 qemu_set_irq(cs->parent_irq, irqlevel); 942 } 943 944 static uint64_t icc_pmr_read(CPUARMState *env, const ARMCPRegInfo *ri) 945 { 946 GICv3CPUState *cs = icc_cs_from_env(env); 947 uint32_t value = cs->icc_pmr_el1; 948 949 if (icv_access(env, HCR_FMO | HCR_IMO)) { 950 return icv_pmr_read(env, ri); 951 } 952 953 if (arm_feature(env, ARM_FEATURE_EL3) && !arm_is_secure(env) && 954 (env->cp15.scr_el3 & SCR_FIQ)) { 955 /* NS access and Group 0 is inaccessible to NS: return the 956 * NS view of the current priority 957 */ 958 if ((value & 0x80) == 0) { 959 /* Secure priorities not visible to NS */ 960 value = 0; 961 } else if (value != 0xff) { 962 value = (value << 1) & 0xff; 963 } 964 } 965 966 trace_gicv3_icc_pmr_read(gicv3_redist_affid(cs), value); 967 968 return value; 969 } 970 971 static void icc_pmr_write(CPUARMState *env, const ARMCPRegInfo *ri, 972 uint64_t value) 973 { 974 GICv3CPUState *cs = icc_cs_from_env(env); 975 976 if (icv_access(env, HCR_FMO | HCR_IMO)) { 977 return icv_pmr_write(env, ri, value); 978 } 979 980 trace_gicv3_icc_pmr_write(gicv3_redist_affid(cs), value); 981 982 value &= 0xff; 983 984 if (arm_feature(env, ARM_FEATURE_EL3) && !arm_is_secure(env) && 985 (env->cp15.scr_el3 & SCR_FIQ)) { 986 /* NS access and Group 0 is inaccessible to NS: return the 987 * NS view of the current priority 988 */ 989 if (!(cs->icc_pmr_el1 & 0x80)) { 990 /* Current PMR in the secure range, don't allow NS to change it */ 991 return; 992 } 993 value = (value >> 1) | 0x80; 994 } 995 cs->icc_pmr_el1 = value; 996 gicv3_cpuif_update(cs); 997 } 998 999 static void icc_activate_irq(GICv3CPUState *cs, int irq) 1000 { 1001 /* Move the interrupt from the Pending state to Active, and update 1002 * the Active Priority Registers 1003 */ 1004 uint32_t mask = icc_gprio_mask(cs, cs->hppi.grp); 1005 int prio = cs->hppi.prio & mask; 1006 int aprbit = prio >> 1; 1007 int regno = aprbit / 32; 1008 int regbit = aprbit % 32; 1009 1010 cs->icc_apr[cs->hppi.grp][regno] |= (1 << regbit); 1011 1012 if (irq < GIC_INTERNAL) { 1013 cs->gicr_iactiver0 = deposit32(cs->gicr_iactiver0, irq, 1, 1); 1014 cs->gicr_ipendr0 = deposit32(cs->gicr_ipendr0, irq, 1, 0); 1015 gicv3_redist_update(cs); 1016 } else if (irq < GICV3_LPI_INTID_START) { 1017 gicv3_gicd_active_set(cs->gic, irq); 1018 gicv3_gicd_pending_clear(cs->gic, irq); 1019 gicv3_update(cs->gic, irq, 1); 1020 } else { 1021 gicv3_redist_lpi_pending(cs, irq, 0); 1022 } 1023 } 1024 1025 static uint64_t icc_hppir0_value(GICv3CPUState *cs, CPUARMState *env) 1026 { 1027 /* Return the highest priority pending interrupt register value 1028 * for group 0. 1029 */ 1030 bool irq_is_secure; 1031 1032 if (cs->hppi.prio == 0xff) { 1033 return INTID_SPURIOUS; 1034 } 1035 1036 /* Check whether we can return the interrupt or if we should return 1037 * a special identifier, as per the CheckGroup0ForSpecialIdentifiers 1038 * pseudocode. (We can simplify a little because for us ICC_SRE_EL1.RM 1039 * is always zero.) 1040 */ 1041 irq_is_secure = (!(cs->gic->gicd_ctlr & GICD_CTLR_DS) && 1042 (cs->hppi.grp != GICV3_G1NS)); 1043 1044 if (cs->hppi.grp != GICV3_G0 && !arm_is_el3_or_mon(env)) { 1045 return INTID_SPURIOUS; 1046 } 1047 if (irq_is_secure && !arm_is_secure(env)) { 1048 /* Secure interrupts not visible to Nonsecure */ 1049 return INTID_SPURIOUS; 1050 } 1051 1052 if (cs->hppi.grp != GICV3_G0) { 1053 /* Indicate to EL3 that there's a Group 1 interrupt for the other 1054 * state pending. 1055 */ 1056 return irq_is_secure ? INTID_SECURE : INTID_NONSECURE; 1057 } 1058 1059 return cs->hppi.irq; 1060 } 1061 1062 static uint64_t icc_hppir1_value(GICv3CPUState *cs, CPUARMState *env) 1063 { 1064 /* Return the highest priority pending interrupt register value 1065 * for group 1. 1066 */ 1067 bool irq_is_secure; 1068 1069 if (cs->hppi.prio == 0xff) { 1070 return INTID_SPURIOUS; 1071 } 1072 1073 /* Check whether we can return the interrupt or if we should return 1074 * a special identifier, as per the CheckGroup1ForSpecialIdentifiers 1075 * pseudocode. (We can simplify a little because for us ICC_SRE_EL1.RM 1076 * is always zero.) 1077 */ 1078 irq_is_secure = (!(cs->gic->gicd_ctlr & GICD_CTLR_DS) && 1079 (cs->hppi.grp != GICV3_G1NS)); 1080 1081 if (cs->hppi.grp == GICV3_G0) { 1082 /* Group 0 interrupts not visible via HPPIR1 */ 1083 return INTID_SPURIOUS; 1084 } 1085 if (irq_is_secure) { 1086 if (!arm_is_secure(env)) { 1087 /* Secure interrupts not visible in Non-secure */ 1088 return INTID_SPURIOUS; 1089 } 1090 } else if (!arm_is_el3_or_mon(env) && arm_is_secure(env)) { 1091 /* Group 1 non-secure interrupts not visible in Secure EL1 */ 1092 return INTID_SPURIOUS; 1093 } 1094 1095 return cs->hppi.irq; 1096 } 1097 1098 static uint64_t icc_iar0_read(CPUARMState *env, const ARMCPRegInfo *ri) 1099 { 1100 GICv3CPUState *cs = icc_cs_from_env(env); 1101 uint64_t intid; 1102 1103 if (icv_access(env, HCR_FMO)) { 1104 return icv_iar_read(env, ri); 1105 } 1106 1107 if (!icc_hppi_can_preempt(cs)) { 1108 intid = INTID_SPURIOUS; 1109 } else { 1110 intid = icc_hppir0_value(cs, env); 1111 } 1112 1113 if (!gicv3_intid_is_special(intid)) { 1114 icc_activate_irq(cs, intid); 1115 } 1116 1117 trace_gicv3_icc_iar0_read(gicv3_redist_affid(cs), intid); 1118 return intid; 1119 } 1120 1121 static uint64_t icc_iar1_read(CPUARMState *env, const ARMCPRegInfo *ri) 1122 { 1123 GICv3CPUState *cs = icc_cs_from_env(env); 1124 uint64_t intid; 1125 1126 if (icv_access(env, HCR_IMO)) { 1127 return icv_iar_read(env, ri); 1128 } 1129 1130 if (!icc_hppi_can_preempt(cs)) { 1131 intid = INTID_SPURIOUS; 1132 } else { 1133 intid = icc_hppir1_value(cs, env); 1134 } 1135 1136 if (!gicv3_intid_is_special(intid)) { 1137 icc_activate_irq(cs, intid); 1138 } 1139 1140 trace_gicv3_icc_iar1_read(gicv3_redist_affid(cs), intid); 1141 return intid; 1142 } 1143 1144 static void icc_drop_prio(GICv3CPUState *cs, int grp) 1145 { 1146 /* Drop the priority of the currently active interrupt in 1147 * the specified group. 1148 * 1149 * Note that we can guarantee (because of the requirement to nest 1150 * ICC_IAR reads [which activate an interrupt and raise priority] 1151 * with ICC_EOIR writes [which drop the priority for the interrupt]) 1152 * that the interrupt we're being called for is the highest priority 1153 * active interrupt, meaning that it has the lowest set bit in the 1154 * APR registers. 1155 * 1156 * If the guest does not honour the ordering constraints then the 1157 * behaviour of the GIC is UNPREDICTABLE, which for us means that 1158 * the values of the APR registers might become incorrect and the 1159 * running priority will be wrong, so interrupts that should preempt 1160 * might not do so, and interrupts that should not preempt might do so. 1161 */ 1162 int i; 1163 1164 for (i = 0; i < ARRAY_SIZE(cs->icc_apr[grp]); i++) { 1165 uint64_t *papr = &cs->icc_apr[grp][i]; 1166 1167 if (!*papr) { 1168 continue; 1169 } 1170 /* Clear the lowest set bit */ 1171 *papr &= *papr - 1; 1172 break; 1173 } 1174 1175 /* running priority change means we need an update for this cpu i/f */ 1176 gicv3_cpuif_update(cs); 1177 } 1178 1179 static bool icc_eoi_split(CPUARMState *env, GICv3CPUState *cs) 1180 { 1181 /* Return true if we should split priority drop and interrupt 1182 * deactivation, ie whether the relevant EOIMode bit is set. 1183 */ 1184 if (arm_is_el3_or_mon(env)) { 1185 return cs->icc_ctlr_el3 & ICC_CTLR_EL3_EOIMODE_EL3; 1186 } 1187 if (arm_is_secure_below_el3(env)) { 1188 return cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_EOIMODE; 1189 } else { 1190 return cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_EOIMODE; 1191 } 1192 } 1193 1194 static int icc_highest_active_group(GICv3CPUState *cs) 1195 { 1196 /* Return the group with the highest priority active interrupt. 1197 * We can do this by just comparing the APRs to see which one 1198 * has the lowest set bit. 1199 * (If more than one group is active at the same priority then 1200 * we're in UNPREDICTABLE territory.) 1201 */ 1202 int i; 1203 1204 for (i = 0; i < ARRAY_SIZE(cs->icc_apr[0]); i++) { 1205 int g0ctz = ctz32(cs->icc_apr[GICV3_G0][i]); 1206 int g1ctz = ctz32(cs->icc_apr[GICV3_G1][i]); 1207 int g1nsctz = ctz32(cs->icc_apr[GICV3_G1NS][i]); 1208 1209 if (g1nsctz < g0ctz && g1nsctz < g1ctz) { 1210 return GICV3_G1NS; 1211 } 1212 if (g1ctz < g0ctz) { 1213 return GICV3_G1; 1214 } 1215 if (g0ctz < 32) { 1216 return GICV3_G0; 1217 } 1218 } 1219 /* No set active bits? UNPREDICTABLE; return -1 so the caller 1220 * ignores the spurious EOI attempt. 1221 */ 1222 return -1; 1223 } 1224 1225 static void icc_deactivate_irq(GICv3CPUState *cs, int irq) 1226 { 1227 if (irq < GIC_INTERNAL) { 1228 cs->gicr_iactiver0 = deposit32(cs->gicr_iactiver0, irq, 1, 0); 1229 gicv3_redist_update(cs); 1230 } else { 1231 gicv3_gicd_active_clear(cs->gic, irq); 1232 gicv3_update(cs->gic, irq, 1); 1233 } 1234 } 1235 1236 static bool icv_eoi_split(CPUARMState *env, GICv3CPUState *cs) 1237 { 1238 /* Return true if we should split priority drop and interrupt 1239 * deactivation, ie whether the virtual EOIMode bit is set. 1240 */ 1241 return cs->ich_vmcr_el2 & ICH_VMCR_EL2_VEOIM; 1242 } 1243 1244 static int icv_find_active(GICv3CPUState *cs, int irq) 1245 { 1246 /* Given an interrupt number for an active interrupt, return the index 1247 * of the corresponding list register, or -1 if there is no match. 1248 * Corresponds to FindActiveVirtualInterrupt pseudocode. 1249 */ 1250 int i; 1251 1252 for (i = 0; i < cs->num_list_regs; i++) { 1253 uint64_t lr = cs->ich_lr_el2[i]; 1254 1255 if ((lr & ICH_LR_EL2_STATE_ACTIVE_BIT) && ich_lr_vintid(lr) == irq) { 1256 return i; 1257 } 1258 } 1259 1260 return -1; 1261 } 1262 1263 static void icv_deactivate_irq(GICv3CPUState *cs, int idx) 1264 { 1265 /* Deactivate the interrupt in the specified list register index */ 1266 uint64_t lr = cs->ich_lr_el2[idx]; 1267 1268 if (lr & ICH_LR_EL2_HW) { 1269 /* Deactivate the associated physical interrupt */ 1270 int pirq = ich_lr_pintid(lr); 1271 1272 if (pirq < INTID_SECURE) { 1273 icc_deactivate_irq(cs, pirq); 1274 } 1275 } 1276 1277 /* Clear the 'active' part of the state, so ActivePending->Pending 1278 * and Active->Invalid. 1279 */ 1280 lr &= ~ICH_LR_EL2_STATE_ACTIVE_BIT; 1281 cs->ich_lr_el2[idx] = lr; 1282 } 1283 1284 static void icv_increment_eoicount(GICv3CPUState *cs) 1285 { 1286 /* Increment the EOICOUNT field in ICH_HCR_EL2 */ 1287 int eoicount = extract64(cs->ich_hcr_el2, ICH_HCR_EL2_EOICOUNT_SHIFT, 1288 ICH_HCR_EL2_EOICOUNT_LENGTH); 1289 1290 cs->ich_hcr_el2 = deposit64(cs->ich_hcr_el2, ICH_HCR_EL2_EOICOUNT_SHIFT, 1291 ICH_HCR_EL2_EOICOUNT_LENGTH, eoicount + 1); 1292 } 1293 1294 static int icv_drop_prio(GICv3CPUState *cs) 1295 { 1296 /* Drop the priority of the currently active virtual interrupt 1297 * (favouring group 0 if there is a set active bit at 1298 * the same priority for both group 0 and group 1). 1299 * Return the priority value for the bit we just cleared, 1300 * or 0xff if no bits were set in the AP registers at all. 1301 * Note that though the ich_apr[] are uint64_t only the low 1302 * 32 bits are actually relevant. 1303 */ 1304 int i; 1305 int aprmax = 1 << (cs->vprebits - 5); 1306 1307 assert(aprmax <= ARRAY_SIZE(cs->ich_apr[0])); 1308 1309 for (i = 0; i < aprmax; i++) { 1310 uint64_t *papr0 = &cs->ich_apr[GICV3_G0][i]; 1311 uint64_t *papr1 = &cs->ich_apr[GICV3_G1NS][i]; 1312 int apr0count, apr1count; 1313 1314 if (!*papr0 && !*papr1) { 1315 continue; 1316 } 1317 1318 /* We can't just use the bit-twiddling hack icc_drop_prio() does 1319 * because we need to return the bit number we cleared so 1320 * it can be compared against the list register's priority field. 1321 */ 1322 apr0count = ctz32(*papr0); 1323 apr1count = ctz32(*papr1); 1324 1325 if (apr0count <= apr1count) { 1326 *papr0 &= *papr0 - 1; 1327 return (apr0count + i * 32) << (icv_min_vbpr(cs) + 1); 1328 } else { 1329 *papr1 &= *papr1 - 1; 1330 return (apr1count + i * 32) << (icv_min_vbpr(cs) + 1); 1331 } 1332 } 1333 return 0xff; 1334 } 1335 1336 static void icv_dir_write(CPUARMState *env, const ARMCPRegInfo *ri, 1337 uint64_t value) 1338 { 1339 /* Deactivate interrupt */ 1340 GICv3CPUState *cs = icc_cs_from_env(env); 1341 int idx; 1342 int irq = value & 0xffffff; 1343 1344 trace_gicv3_icv_dir_write(gicv3_redist_affid(cs), value); 1345 1346 if (irq >= GICV3_MAXIRQ) { 1347 /* Also catches special interrupt numbers and LPIs */ 1348 return; 1349 } 1350 1351 if (!icv_eoi_split(env, cs)) { 1352 return; 1353 } 1354 1355 idx = icv_find_active(cs, irq); 1356 1357 if (idx < 0) { 1358 /* No list register matching this, so increment the EOI count 1359 * (might trigger a maintenance interrupt) 1360 */ 1361 icv_increment_eoicount(cs); 1362 } else { 1363 icv_deactivate_irq(cs, idx); 1364 } 1365 1366 gicv3_cpuif_virt_update(cs); 1367 } 1368 1369 static void icv_eoir_write(CPUARMState *env, const ARMCPRegInfo *ri, 1370 uint64_t value) 1371 { 1372 /* End of Interrupt */ 1373 GICv3CPUState *cs = icc_cs_from_env(env); 1374 int irq = value & 0xffffff; 1375 int grp = ri->crm == 8 ? GICV3_G0 : GICV3_G1NS; 1376 int idx, dropprio; 1377 1378 trace_gicv3_icv_eoir_write(ri->crm == 8 ? 0 : 1, 1379 gicv3_redist_affid(cs), value); 1380 1381 if (gicv3_intid_is_special(irq)) { 1382 return; 1383 } 1384 1385 /* We implement the IMPDEF choice of "drop priority before doing 1386 * error checks" (because that lets us avoid scanning the AP 1387 * registers twice). 1388 */ 1389 dropprio = icv_drop_prio(cs); 1390 if (dropprio == 0xff) { 1391 /* No active interrupt. It is CONSTRAINED UNPREDICTABLE 1392 * whether the list registers are checked in this 1393 * situation; we choose not to. 1394 */ 1395 return; 1396 } 1397 1398 idx = icv_find_active(cs, irq); 1399 1400 if (idx < 0) { 1401 /* No valid list register corresponding to EOI ID */ 1402 icv_increment_eoicount(cs); 1403 } else { 1404 uint64_t lr = cs->ich_lr_el2[idx]; 1405 int thisgrp = (lr & ICH_LR_EL2_GROUP) ? GICV3_G1NS : GICV3_G0; 1406 int lr_gprio = ich_lr_prio(lr) & icv_gprio_mask(cs, grp); 1407 1408 if (thisgrp == grp && lr_gprio == dropprio) { 1409 if (!icv_eoi_split(env, cs)) { 1410 /* Priority drop and deactivate not split: deactivate irq now */ 1411 icv_deactivate_irq(cs, idx); 1412 } 1413 } 1414 } 1415 1416 gicv3_cpuif_virt_update(cs); 1417 } 1418 1419 static void icc_eoir_write(CPUARMState *env, const ARMCPRegInfo *ri, 1420 uint64_t value) 1421 { 1422 /* End of Interrupt */ 1423 GICv3CPUState *cs = icc_cs_from_env(env); 1424 int irq = value & 0xffffff; 1425 int grp; 1426 bool is_eoir0 = ri->crm == 8; 1427 1428 if (icv_access(env, is_eoir0 ? HCR_FMO : HCR_IMO)) { 1429 icv_eoir_write(env, ri, value); 1430 return; 1431 } 1432 1433 trace_gicv3_icc_eoir_write(is_eoir0 ? 0 : 1, 1434 gicv3_redist_affid(cs), value); 1435 1436 if ((irq >= cs->gic->num_irq) && 1437 !(cs->gic->lpi_enable && (irq >= GICV3_LPI_INTID_START))) { 1438 /* This handles two cases: 1439 * 1. If software writes the ID of a spurious interrupt [ie 1020-1023] 1440 * to the GICC_EOIR, the GIC ignores that write. 1441 * 2. If software writes the number of a non-existent interrupt 1442 * this must be a subcase of "value written does not match the last 1443 * valid interrupt value read from the Interrupt Acknowledge 1444 * register" and so this is UNPREDICTABLE. We choose to ignore it. 1445 */ 1446 return; 1447 } 1448 1449 grp = icc_highest_active_group(cs); 1450 switch (grp) { 1451 case GICV3_G0: 1452 if (!is_eoir0) { 1453 return; 1454 } 1455 if (!(cs->gic->gicd_ctlr & GICD_CTLR_DS) 1456 && arm_feature(env, ARM_FEATURE_EL3) && !arm_is_secure(env)) { 1457 return; 1458 } 1459 break; 1460 case GICV3_G1: 1461 if (is_eoir0) { 1462 return; 1463 } 1464 if (!arm_is_secure(env)) { 1465 return; 1466 } 1467 break; 1468 case GICV3_G1NS: 1469 if (is_eoir0) { 1470 return; 1471 } 1472 if (!arm_is_el3_or_mon(env) && arm_is_secure(env)) { 1473 return; 1474 } 1475 break; 1476 default: 1477 qemu_log_mask(LOG_GUEST_ERROR, 1478 "%s: IRQ %d isn't active\n", __func__, irq); 1479 return; 1480 } 1481 1482 icc_drop_prio(cs, grp); 1483 1484 if (!icc_eoi_split(env, cs)) { 1485 /* Priority drop and deactivate not split: deactivate irq now */ 1486 icc_deactivate_irq(cs, irq); 1487 } 1488 } 1489 1490 static uint64_t icc_hppir0_read(CPUARMState *env, const ARMCPRegInfo *ri) 1491 { 1492 GICv3CPUState *cs = icc_cs_from_env(env); 1493 uint64_t value; 1494 1495 if (icv_access(env, HCR_FMO)) { 1496 return icv_hppir_read(env, ri); 1497 } 1498 1499 value = icc_hppir0_value(cs, env); 1500 trace_gicv3_icc_hppir0_read(gicv3_redist_affid(cs), value); 1501 return value; 1502 } 1503 1504 static uint64_t icc_hppir1_read(CPUARMState *env, const ARMCPRegInfo *ri) 1505 { 1506 GICv3CPUState *cs = icc_cs_from_env(env); 1507 uint64_t value; 1508 1509 if (icv_access(env, HCR_IMO)) { 1510 return icv_hppir_read(env, ri); 1511 } 1512 1513 value = icc_hppir1_value(cs, env); 1514 trace_gicv3_icc_hppir1_read(gicv3_redist_affid(cs), value); 1515 return value; 1516 } 1517 1518 static uint64_t icc_bpr_read(CPUARMState *env, const ARMCPRegInfo *ri) 1519 { 1520 GICv3CPUState *cs = icc_cs_from_env(env); 1521 int grp = (ri->crm == 8) ? GICV3_G0 : GICV3_G1; 1522 bool satinc = false; 1523 uint64_t bpr; 1524 1525 if (icv_access(env, grp == GICV3_G0 ? HCR_FMO : HCR_IMO)) { 1526 return icv_bpr_read(env, ri); 1527 } 1528 1529 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 1530 grp = GICV3_G1NS; 1531 } 1532 1533 if (grp == GICV3_G1 && !arm_is_el3_or_mon(env) && 1534 (cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_CBPR)) { 1535 /* CBPR_EL1S means secure EL1 or AArch32 EL3 !Mon BPR1 accesses 1536 * modify BPR0 1537 */ 1538 grp = GICV3_G0; 1539 } 1540 1541 if (grp == GICV3_G1NS && arm_current_el(env) < 3 && 1542 (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR)) { 1543 /* reads return bpr0 + 1 sat to 7, writes ignored */ 1544 grp = GICV3_G0; 1545 satinc = true; 1546 } 1547 1548 bpr = cs->icc_bpr[grp]; 1549 if (satinc) { 1550 bpr++; 1551 bpr = MIN(bpr, 7); 1552 } 1553 1554 trace_gicv3_icc_bpr_read(ri->crm == 8 ? 0 : 1, gicv3_redist_affid(cs), bpr); 1555 1556 return bpr; 1557 } 1558 1559 static void icc_bpr_write(CPUARMState *env, const ARMCPRegInfo *ri, 1560 uint64_t value) 1561 { 1562 GICv3CPUState *cs = icc_cs_from_env(env); 1563 int grp = (ri->crm == 8) ? GICV3_G0 : GICV3_G1; 1564 uint64_t minval; 1565 1566 if (icv_access(env, grp == GICV3_G0 ? HCR_FMO : HCR_IMO)) { 1567 icv_bpr_write(env, ri, value); 1568 return; 1569 } 1570 1571 trace_gicv3_icc_bpr_write(ri->crm == 8 ? 0 : 1, 1572 gicv3_redist_affid(cs), value); 1573 1574 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 1575 grp = GICV3_G1NS; 1576 } 1577 1578 if (grp == GICV3_G1 && !arm_is_el3_or_mon(env) && 1579 (cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_CBPR)) { 1580 /* CBPR_EL1S means secure EL1 or AArch32 EL3 !Mon BPR1 accesses 1581 * modify BPR0 1582 */ 1583 grp = GICV3_G0; 1584 } 1585 1586 if (grp == GICV3_G1NS && arm_current_el(env) < 3 && 1587 (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR)) { 1588 /* reads return bpr0 + 1 sat to 7, writes ignored */ 1589 return; 1590 } 1591 1592 minval = (grp == GICV3_G1NS) ? GIC_MIN_BPR_NS : GIC_MIN_BPR; 1593 if (value < minval) { 1594 value = minval; 1595 } 1596 1597 cs->icc_bpr[grp] = value & 7; 1598 gicv3_cpuif_update(cs); 1599 } 1600 1601 static uint64_t icc_ap_read(CPUARMState *env, const ARMCPRegInfo *ri) 1602 { 1603 GICv3CPUState *cs = icc_cs_from_env(env); 1604 uint64_t value; 1605 1606 int regno = ri->opc2 & 3; 1607 int grp = (ri->crm & 1) ? GICV3_G1 : GICV3_G0; 1608 1609 if (icv_access(env, grp == GICV3_G0 ? HCR_FMO : HCR_IMO)) { 1610 return icv_ap_read(env, ri); 1611 } 1612 1613 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 1614 grp = GICV3_G1NS; 1615 } 1616 1617 value = cs->icc_apr[grp][regno]; 1618 1619 trace_gicv3_icc_ap_read(ri->crm & 1, regno, gicv3_redist_affid(cs), value); 1620 return value; 1621 } 1622 1623 static void icc_ap_write(CPUARMState *env, const ARMCPRegInfo *ri, 1624 uint64_t value) 1625 { 1626 GICv3CPUState *cs = icc_cs_from_env(env); 1627 1628 int regno = ri->opc2 & 3; 1629 int grp = (ri->crm & 1) ? GICV3_G1 : GICV3_G0; 1630 1631 if (icv_access(env, grp == GICV3_G0 ? HCR_FMO : HCR_IMO)) { 1632 icv_ap_write(env, ri, value); 1633 return; 1634 } 1635 1636 trace_gicv3_icc_ap_write(ri->crm & 1, regno, gicv3_redist_affid(cs), value); 1637 1638 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 1639 grp = GICV3_G1NS; 1640 } 1641 1642 /* It's not possible to claim that a Non-secure interrupt is active 1643 * at a priority outside the Non-secure range (128..255), since this 1644 * would otherwise allow malicious NS code to block delivery of S interrupts 1645 * by writing a bad value to these registers. 1646 */ 1647 if (grp == GICV3_G1NS && regno < 2 && arm_feature(env, ARM_FEATURE_EL3)) { 1648 return; 1649 } 1650 1651 cs->icc_apr[grp][regno] = value & 0xFFFFFFFFU; 1652 gicv3_cpuif_update(cs); 1653 } 1654 1655 static void icc_dir_write(CPUARMState *env, const ARMCPRegInfo *ri, 1656 uint64_t value) 1657 { 1658 /* Deactivate interrupt */ 1659 GICv3CPUState *cs = icc_cs_from_env(env); 1660 int irq = value & 0xffffff; 1661 bool irq_is_secure, single_sec_state, irq_is_grp0; 1662 bool route_fiq_to_el3, route_irq_to_el3, route_fiq_to_el2, route_irq_to_el2; 1663 1664 if (icv_access(env, HCR_FMO | HCR_IMO)) { 1665 icv_dir_write(env, ri, value); 1666 return; 1667 } 1668 1669 trace_gicv3_icc_dir_write(gicv3_redist_affid(cs), value); 1670 1671 if (irq >= cs->gic->num_irq) { 1672 /* Also catches special interrupt numbers and LPIs */ 1673 return; 1674 } 1675 1676 if (!icc_eoi_split(env, cs)) { 1677 return; 1678 } 1679 1680 int grp = gicv3_irq_group(cs->gic, cs, irq); 1681 1682 single_sec_state = cs->gic->gicd_ctlr & GICD_CTLR_DS; 1683 irq_is_secure = !single_sec_state && (grp != GICV3_G1NS); 1684 irq_is_grp0 = grp == GICV3_G0; 1685 1686 /* Check whether we're allowed to deactivate this interrupt based 1687 * on its group and the current CPU state. 1688 * These checks are laid out to correspond to the spec's pseudocode. 1689 */ 1690 route_fiq_to_el3 = env->cp15.scr_el3 & SCR_FIQ; 1691 route_irq_to_el3 = env->cp15.scr_el3 & SCR_IRQ; 1692 /* No need to include !IsSecure in route_*_to_el2 as it's only 1693 * tested in cases where we know !IsSecure is true. 1694 */ 1695 uint64_t hcr_el2 = arm_hcr_el2_eff(env); 1696 route_fiq_to_el2 = hcr_el2 & HCR_FMO; 1697 route_irq_to_el2 = hcr_el2 & HCR_IMO; 1698 1699 switch (arm_current_el(env)) { 1700 case 3: 1701 break; 1702 case 2: 1703 if (single_sec_state && irq_is_grp0 && !route_fiq_to_el3) { 1704 break; 1705 } 1706 if (!irq_is_secure && !irq_is_grp0 && !route_irq_to_el3) { 1707 break; 1708 } 1709 return; 1710 case 1: 1711 if (!arm_is_secure_below_el3(env)) { 1712 if (single_sec_state && irq_is_grp0 && 1713 !route_fiq_to_el3 && !route_fiq_to_el2) { 1714 break; 1715 } 1716 if (!irq_is_secure && !irq_is_grp0 && 1717 !route_irq_to_el3 && !route_irq_to_el2) { 1718 break; 1719 } 1720 } else { 1721 if (irq_is_grp0 && !route_fiq_to_el3) { 1722 break; 1723 } 1724 if (!irq_is_grp0 && 1725 (!irq_is_secure || !single_sec_state) && 1726 !route_irq_to_el3) { 1727 break; 1728 } 1729 } 1730 return; 1731 default: 1732 g_assert_not_reached(); 1733 } 1734 1735 icc_deactivate_irq(cs, irq); 1736 } 1737 1738 static uint64_t icc_rpr_read(CPUARMState *env, const ARMCPRegInfo *ri) 1739 { 1740 GICv3CPUState *cs = icc_cs_from_env(env); 1741 int prio; 1742 1743 if (icv_access(env, HCR_FMO | HCR_IMO)) { 1744 return icv_rpr_read(env, ri); 1745 } 1746 1747 prio = icc_highest_active_prio(cs); 1748 1749 if (arm_feature(env, ARM_FEATURE_EL3) && 1750 !arm_is_secure(env) && (env->cp15.scr_el3 & SCR_FIQ)) { 1751 /* NS GIC access and Group 0 is inaccessible to NS */ 1752 if ((prio & 0x80) == 0) { 1753 /* NS mustn't see priorities in the Secure half of the range */ 1754 prio = 0; 1755 } else if (prio != 0xff) { 1756 /* Non-idle priority: show the Non-secure view of it */ 1757 prio = (prio << 1) & 0xff; 1758 } 1759 } 1760 1761 trace_gicv3_icc_rpr_read(gicv3_redist_affid(cs), prio); 1762 return prio; 1763 } 1764 1765 static void icc_generate_sgi(CPUARMState *env, GICv3CPUState *cs, 1766 uint64_t value, int grp, bool ns) 1767 { 1768 GICv3State *s = cs->gic; 1769 1770 /* Extract Aff3/Aff2/Aff1 and shift into the bottom 24 bits */ 1771 uint64_t aff = extract64(value, 48, 8) << 16 | 1772 extract64(value, 32, 8) << 8 | 1773 extract64(value, 16, 8); 1774 uint32_t targetlist = extract64(value, 0, 16); 1775 uint32_t irq = extract64(value, 24, 4); 1776 bool irm = extract64(value, 40, 1); 1777 int i; 1778 1779 if (grp == GICV3_G1 && s->gicd_ctlr & GICD_CTLR_DS) { 1780 /* If GICD_CTLR.DS == 1, the Distributor treats Secure Group 1 1781 * interrupts as Group 0 interrupts and must send Secure Group 0 1782 * interrupts to the target CPUs. 1783 */ 1784 grp = GICV3_G0; 1785 } 1786 1787 trace_gicv3_icc_generate_sgi(gicv3_redist_affid(cs), irq, irm, 1788 aff, targetlist); 1789 1790 for (i = 0; i < s->num_cpu; i++) { 1791 GICv3CPUState *ocs = &s->cpu[i]; 1792 1793 if (irm) { 1794 /* IRM == 1 : route to all CPUs except self */ 1795 if (cs == ocs) { 1796 continue; 1797 } 1798 } else { 1799 /* IRM == 0 : route to Aff3.Aff2.Aff1.n for all n in [0..15] 1800 * where the corresponding bit is set in targetlist 1801 */ 1802 int aff0; 1803 1804 if (ocs->gicr_typer >> 40 != aff) { 1805 continue; 1806 } 1807 aff0 = extract64(ocs->gicr_typer, 32, 8); 1808 if (aff0 > 15 || extract32(targetlist, aff0, 1) == 0) { 1809 continue; 1810 } 1811 } 1812 1813 /* The redistributor will check against its own GICR_NSACR as needed */ 1814 gicv3_redist_send_sgi(ocs, grp, irq, ns); 1815 } 1816 } 1817 1818 static void icc_sgi0r_write(CPUARMState *env, const ARMCPRegInfo *ri, 1819 uint64_t value) 1820 { 1821 /* Generate Secure Group 0 SGI. */ 1822 GICv3CPUState *cs = icc_cs_from_env(env); 1823 bool ns = !arm_is_secure(env); 1824 1825 icc_generate_sgi(env, cs, value, GICV3_G0, ns); 1826 } 1827 1828 static void icc_sgi1r_write(CPUARMState *env, const ARMCPRegInfo *ri, 1829 uint64_t value) 1830 { 1831 /* Generate Group 1 SGI for the current Security state */ 1832 GICv3CPUState *cs = icc_cs_from_env(env); 1833 int grp; 1834 bool ns = !arm_is_secure(env); 1835 1836 grp = ns ? GICV3_G1NS : GICV3_G1; 1837 icc_generate_sgi(env, cs, value, grp, ns); 1838 } 1839 1840 static void icc_asgi1r_write(CPUARMState *env, const ARMCPRegInfo *ri, 1841 uint64_t value) 1842 { 1843 /* Generate Group 1 SGI for the Security state that is not 1844 * the current state 1845 */ 1846 GICv3CPUState *cs = icc_cs_from_env(env); 1847 int grp; 1848 bool ns = !arm_is_secure(env); 1849 1850 grp = ns ? GICV3_G1 : GICV3_G1NS; 1851 icc_generate_sgi(env, cs, value, grp, ns); 1852 } 1853 1854 static uint64_t icc_igrpen_read(CPUARMState *env, const ARMCPRegInfo *ri) 1855 { 1856 GICv3CPUState *cs = icc_cs_from_env(env); 1857 int grp = ri->opc2 & 1 ? GICV3_G1 : GICV3_G0; 1858 uint64_t value; 1859 1860 if (icv_access(env, grp == GICV3_G0 ? HCR_FMO : HCR_IMO)) { 1861 return icv_igrpen_read(env, ri); 1862 } 1863 1864 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 1865 grp = GICV3_G1NS; 1866 } 1867 1868 value = cs->icc_igrpen[grp]; 1869 trace_gicv3_icc_igrpen_read(ri->opc2 & 1 ? 1 : 0, 1870 gicv3_redist_affid(cs), value); 1871 return value; 1872 } 1873 1874 static void icc_igrpen_write(CPUARMState *env, const ARMCPRegInfo *ri, 1875 uint64_t value) 1876 { 1877 GICv3CPUState *cs = icc_cs_from_env(env); 1878 int grp = ri->opc2 & 1 ? GICV3_G1 : GICV3_G0; 1879 1880 if (icv_access(env, grp == GICV3_G0 ? HCR_FMO : HCR_IMO)) { 1881 icv_igrpen_write(env, ri, value); 1882 return; 1883 } 1884 1885 trace_gicv3_icc_igrpen_write(ri->opc2 & 1 ? 1 : 0, 1886 gicv3_redist_affid(cs), value); 1887 1888 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 1889 grp = GICV3_G1NS; 1890 } 1891 1892 cs->icc_igrpen[grp] = value & ICC_IGRPEN_ENABLE; 1893 gicv3_cpuif_update(cs); 1894 } 1895 1896 static uint64_t icc_igrpen1_el3_read(CPUARMState *env, const ARMCPRegInfo *ri) 1897 { 1898 GICv3CPUState *cs = icc_cs_from_env(env); 1899 uint64_t value; 1900 1901 /* IGRPEN1_EL3 bits 0 and 1 are r/w aliases into IGRPEN1_EL1 NS and S */ 1902 value = cs->icc_igrpen[GICV3_G1NS] | (cs->icc_igrpen[GICV3_G1] << 1); 1903 trace_gicv3_icc_igrpen1_el3_read(gicv3_redist_affid(cs), value); 1904 return value; 1905 } 1906 1907 static void icc_igrpen1_el3_write(CPUARMState *env, const ARMCPRegInfo *ri, 1908 uint64_t value) 1909 { 1910 GICv3CPUState *cs = icc_cs_from_env(env); 1911 1912 trace_gicv3_icc_igrpen1_el3_write(gicv3_redist_affid(cs), value); 1913 1914 /* IGRPEN1_EL3 bits 0 and 1 are r/w aliases into IGRPEN1_EL1 NS and S */ 1915 cs->icc_igrpen[GICV3_G1NS] = extract32(value, 0, 1); 1916 cs->icc_igrpen[GICV3_G1] = extract32(value, 1, 1); 1917 gicv3_cpuif_update(cs); 1918 } 1919 1920 static uint64_t icc_ctlr_el1_read(CPUARMState *env, const ARMCPRegInfo *ri) 1921 { 1922 GICv3CPUState *cs = icc_cs_from_env(env); 1923 int bank = gicv3_use_ns_bank(env) ? GICV3_NS : GICV3_S; 1924 uint64_t value; 1925 1926 if (icv_access(env, HCR_FMO | HCR_IMO)) { 1927 return icv_ctlr_read(env, ri); 1928 } 1929 1930 value = cs->icc_ctlr_el1[bank]; 1931 trace_gicv3_icc_ctlr_read(gicv3_redist_affid(cs), value); 1932 return value; 1933 } 1934 1935 static void icc_ctlr_el1_write(CPUARMState *env, const ARMCPRegInfo *ri, 1936 uint64_t value) 1937 { 1938 GICv3CPUState *cs = icc_cs_from_env(env); 1939 int bank = gicv3_use_ns_bank(env) ? GICV3_NS : GICV3_S; 1940 uint64_t mask; 1941 1942 if (icv_access(env, HCR_FMO | HCR_IMO)) { 1943 icv_ctlr_write(env, ri, value); 1944 return; 1945 } 1946 1947 trace_gicv3_icc_ctlr_write(gicv3_redist_affid(cs), value); 1948 1949 /* Only CBPR and EOIMODE can be RW; 1950 * for us PMHE is RAZ/WI (we don't implement 1-of-N interrupts or 1951 * the asseciated priority-based routing of them); 1952 * if EL3 is implemented and GICD_CTLR.DS == 0, then PMHE and CBPR are RO. 1953 */ 1954 if (arm_feature(env, ARM_FEATURE_EL3) && 1955 ((cs->gic->gicd_ctlr & GICD_CTLR_DS) == 0)) { 1956 mask = ICC_CTLR_EL1_EOIMODE; 1957 } else { 1958 mask = ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE; 1959 } 1960 1961 cs->icc_ctlr_el1[bank] &= ~mask; 1962 cs->icc_ctlr_el1[bank] |= (value & mask); 1963 gicv3_cpuif_update(cs); 1964 } 1965 1966 1967 static uint64_t icc_ctlr_el3_read(CPUARMState *env, const ARMCPRegInfo *ri) 1968 { 1969 GICv3CPUState *cs = icc_cs_from_env(env); 1970 uint64_t value; 1971 1972 value = cs->icc_ctlr_el3; 1973 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_EOIMODE) { 1974 value |= ICC_CTLR_EL3_EOIMODE_EL1NS; 1975 } 1976 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR) { 1977 value |= ICC_CTLR_EL3_CBPR_EL1NS; 1978 } 1979 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_EOIMODE) { 1980 value |= ICC_CTLR_EL3_EOIMODE_EL1S; 1981 } 1982 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR) { 1983 value |= ICC_CTLR_EL3_CBPR_EL1S; 1984 } 1985 1986 trace_gicv3_icc_ctlr_el3_read(gicv3_redist_affid(cs), value); 1987 return value; 1988 } 1989 1990 static void icc_ctlr_el3_write(CPUARMState *env, const ARMCPRegInfo *ri, 1991 uint64_t value) 1992 { 1993 GICv3CPUState *cs = icc_cs_from_env(env); 1994 uint64_t mask; 1995 1996 trace_gicv3_icc_ctlr_el3_write(gicv3_redist_affid(cs), value); 1997 1998 /* *_EL1NS and *_EL1S bits are aliases into the ICC_CTLR_EL1 bits. */ 1999 cs->icc_ctlr_el1[GICV3_NS] &= ~(ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE); 2000 if (value & ICC_CTLR_EL3_EOIMODE_EL1NS) { 2001 cs->icc_ctlr_el1[GICV3_NS] |= ICC_CTLR_EL1_EOIMODE; 2002 } 2003 if (value & ICC_CTLR_EL3_CBPR_EL1NS) { 2004 cs->icc_ctlr_el1[GICV3_NS] |= ICC_CTLR_EL1_CBPR; 2005 } 2006 2007 cs->icc_ctlr_el1[GICV3_S] &= ~(ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE); 2008 if (value & ICC_CTLR_EL3_EOIMODE_EL1S) { 2009 cs->icc_ctlr_el1[GICV3_S] |= ICC_CTLR_EL1_EOIMODE; 2010 } 2011 if (value & ICC_CTLR_EL3_CBPR_EL1S) { 2012 cs->icc_ctlr_el1[GICV3_S] |= ICC_CTLR_EL1_CBPR; 2013 } 2014 2015 /* The only bit stored in icc_ctlr_el3 which is writeable is EOIMODE_EL3: */ 2016 mask = ICC_CTLR_EL3_EOIMODE_EL3; 2017 2018 cs->icc_ctlr_el3 &= ~mask; 2019 cs->icc_ctlr_el3 |= (value & mask); 2020 gicv3_cpuif_update(cs); 2021 } 2022 2023 static CPAccessResult gicv3_irqfiq_access(CPUARMState *env, 2024 const ARMCPRegInfo *ri, bool isread) 2025 { 2026 CPAccessResult r = CP_ACCESS_OK; 2027 GICv3CPUState *cs = icc_cs_from_env(env); 2028 int el = arm_current_el(env); 2029 2030 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_TC) && 2031 el == 1 && !arm_is_secure_below_el3(env)) { 2032 /* Takes priority over a possible EL3 trap */ 2033 return CP_ACCESS_TRAP_EL2; 2034 } 2035 2036 if ((env->cp15.scr_el3 & (SCR_FIQ | SCR_IRQ)) == (SCR_FIQ | SCR_IRQ)) { 2037 switch (el) { 2038 case 1: 2039 /* Note that arm_hcr_el2_eff takes secure state into account. */ 2040 if ((arm_hcr_el2_eff(env) & (HCR_IMO | HCR_FMO)) == 0) { 2041 r = CP_ACCESS_TRAP_EL3; 2042 } 2043 break; 2044 case 2: 2045 r = CP_ACCESS_TRAP_EL3; 2046 break; 2047 case 3: 2048 if (!is_a64(env) && !arm_is_el3_or_mon(env)) { 2049 r = CP_ACCESS_TRAP_EL3; 2050 } 2051 break; 2052 default: 2053 g_assert_not_reached(); 2054 } 2055 } 2056 2057 if (r == CP_ACCESS_TRAP_EL3 && !arm_el_is_aa64(env, 3)) { 2058 r = CP_ACCESS_TRAP; 2059 } 2060 return r; 2061 } 2062 2063 static CPAccessResult gicv3_dir_access(CPUARMState *env, 2064 const ARMCPRegInfo *ri, bool isread) 2065 { 2066 GICv3CPUState *cs = icc_cs_from_env(env); 2067 2068 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_TDIR) && 2069 arm_current_el(env) == 1 && !arm_is_secure_below_el3(env)) { 2070 /* Takes priority over a possible EL3 trap */ 2071 return CP_ACCESS_TRAP_EL2; 2072 } 2073 2074 return gicv3_irqfiq_access(env, ri, isread); 2075 } 2076 2077 static CPAccessResult gicv3_sgi_access(CPUARMState *env, 2078 const ARMCPRegInfo *ri, bool isread) 2079 { 2080 if (arm_current_el(env) == 1 && 2081 (arm_hcr_el2_eff(env) & (HCR_IMO | HCR_FMO)) != 0) { 2082 /* Takes priority over a possible EL3 trap */ 2083 return CP_ACCESS_TRAP_EL2; 2084 } 2085 2086 return gicv3_irqfiq_access(env, ri, isread); 2087 } 2088 2089 static CPAccessResult gicv3_fiq_access(CPUARMState *env, 2090 const ARMCPRegInfo *ri, bool isread) 2091 { 2092 CPAccessResult r = CP_ACCESS_OK; 2093 GICv3CPUState *cs = icc_cs_from_env(env); 2094 int el = arm_current_el(env); 2095 2096 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_TALL0) && 2097 el == 1 && !arm_is_secure_below_el3(env)) { 2098 /* Takes priority over a possible EL3 trap */ 2099 return CP_ACCESS_TRAP_EL2; 2100 } 2101 2102 if (env->cp15.scr_el3 & SCR_FIQ) { 2103 switch (el) { 2104 case 1: 2105 if ((arm_hcr_el2_eff(env) & HCR_FMO) == 0) { 2106 r = CP_ACCESS_TRAP_EL3; 2107 } 2108 break; 2109 case 2: 2110 r = CP_ACCESS_TRAP_EL3; 2111 break; 2112 case 3: 2113 if (!is_a64(env) && !arm_is_el3_or_mon(env)) { 2114 r = CP_ACCESS_TRAP_EL3; 2115 } 2116 break; 2117 default: 2118 g_assert_not_reached(); 2119 } 2120 } 2121 2122 if (r == CP_ACCESS_TRAP_EL3 && !arm_el_is_aa64(env, 3)) { 2123 r = CP_ACCESS_TRAP; 2124 } 2125 return r; 2126 } 2127 2128 static CPAccessResult gicv3_irq_access(CPUARMState *env, 2129 const ARMCPRegInfo *ri, bool isread) 2130 { 2131 CPAccessResult r = CP_ACCESS_OK; 2132 GICv3CPUState *cs = icc_cs_from_env(env); 2133 int el = arm_current_el(env); 2134 2135 if ((cs->ich_hcr_el2 & ICH_HCR_EL2_TALL1) && 2136 el == 1 && !arm_is_secure_below_el3(env)) { 2137 /* Takes priority over a possible EL3 trap */ 2138 return CP_ACCESS_TRAP_EL2; 2139 } 2140 2141 if (env->cp15.scr_el3 & SCR_IRQ) { 2142 switch (el) { 2143 case 1: 2144 if ((arm_hcr_el2_eff(env) & HCR_IMO) == 0) { 2145 r = CP_ACCESS_TRAP_EL3; 2146 } 2147 break; 2148 case 2: 2149 r = CP_ACCESS_TRAP_EL3; 2150 break; 2151 case 3: 2152 if (!is_a64(env) && !arm_is_el3_or_mon(env)) { 2153 r = CP_ACCESS_TRAP_EL3; 2154 } 2155 break; 2156 default: 2157 g_assert_not_reached(); 2158 } 2159 } 2160 2161 if (r == CP_ACCESS_TRAP_EL3 && !arm_el_is_aa64(env, 3)) { 2162 r = CP_ACCESS_TRAP; 2163 } 2164 return r; 2165 } 2166 2167 static void icc_reset(CPUARMState *env, const ARMCPRegInfo *ri) 2168 { 2169 GICv3CPUState *cs = icc_cs_from_env(env); 2170 2171 cs->icc_ctlr_el1[GICV3_S] = ICC_CTLR_EL1_A3V | 2172 (1 << ICC_CTLR_EL1_IDBITS_SHIFT) | 2173 (7 << ICC_CTLR_EL1_PRIBITS_SHIFT); 2174 cs->icc_ctlr_el1[GICV3_NS] = ICC_CTLR_EL1_A3V | 2175 (1 << ICC_CTLR_EL1_IDBITS_SHIFT) | 2176 (7 << ICC_CTLR_EL1_PRIBITS_SHIFT); 2177 cs->icc_pmr_el1 = 0; 2178 cs->icc_bpr[GICV3_G0] = GIC_MIN_BPR; 2179 cs->icc_bpr[GICV3_G1] = GIC_MIN_BPR; 2180 cs->icc_bpr[GICV3_G1NS] = GIC_MIN_BPR_NS; 2181 memset(cs->icc_apr, 0, sizeof(cs->icc_apr)); 2182 memset(cs->icc_igrpen, 0, sizeof(cs->icc_igrpen)); 2183 cs->icc_ctlr_el3 = ICC_CTLR_EL3_NDS | ICC_CTLR_EL3_A3V | 2184 (1 << ICC_CTLR_EL3_IDBITS_SHIFT) | 2185 (7 << ICC_CTLR_EL3_PRIBITS_SHIFT); 2186 2187 memset(cs->ich_apr, 0, sizeof(cs->ich_apr)); 2188 cs->ich_hcr_el2 = 0; 2189 memset(cs->ich_lr_el2, 0, sizeof(cs->ich_lr_el2)); 2190 cs->ich_vmcr_el2 = ICH_VMCR_EL2_VFIQEN | 2191 ((icv_min_vbpr(cs) + 1) << ICH_VMCR_EL2_VBPR1_SHIFT) | 2192 (icv_min_vbpr(cs) << ICH_VMCR_EL2_VBPR0_SHIFT); 2193 } 2194 2195 static const ARMCPRegInfo gicv3_cpuif_reginfo[] = { 2196 { .name = "ICC_PMR_EL1", .state = ARM_CP_STATE_BOTH, 2197 .opc0 = 3, .opc1 = 0, .crn = 4, .crm = 6, .opc2 = 0, 2198 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2199 .access = PL1_RW, .accessfn = gicv3_irqfiq_access, 2200 .readfn = icc_pmr_read, 2201 .writefn = icc_pmr_write, 2202 /* We hang the whole cpu interface reset routine off here 2203 * rather than parcelling it out into one little function 2204 * per register 2205 */ 2206 .resetfn = icc_reset, 2207 }, 2208 { .name = "ICC_IAR0_EL1", .state = ARM_CP_STATE_BOTH, 2209 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 0, 2210 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2211 .access = PL1_R, .accessfn = gicv3_fiq_access, 2212 .readfn = icc_iar0_read, 2213 }, 2214 { .name = "ICC_EOIR0_EL1", .state = ARM_CP_STATE_BOTH, 2215 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 1, 2216 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2217 .access = PL1_W, .accessfn = gicv3_fiq_access, 2218 .writefn = icc_eoir_write, 2219 }, 2220 { .name = "ICC_HPPIR0_EL1", .state = ARM_CP_STATE_BOTH, 2221 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 2, 2222 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2223 .access = PL1_R, .accessfn = gicv3_fiq_access, 2224 .readfn = icc_hppir0_read, 2225 }, 2226 { .name = "ICC_BPR0_EL1", .state = ARM_CP_STATE_BOTH, 2227 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 3, 2228 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2229 .access = PL1_RW, .accessfn = gicv3_fiq_access, 2230 .readfn = icc_bpr_read, 2231 .writefn = icc_bpr_write, 2232 }, 2233 { .name = "ICC_AP0R0_EL1", .state = ARM_CP_STATE_BOTH, 2234 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 4, 2235 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2236 .access = PL1_RW, .accessfn = gicv3_fiq_access, 2237 .readfn = icc_ap_read, 2238 .writefn = icc_ap_write, 2239 }, 2240 { .name = "ICC_AP0R1_EL1", .state = ARM_CP_STATE_BOTH, 2241 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 5, 2242 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2243 .access = PL1_RW, .accessfn = gicv3_fiq_access, 2244 .readfn = icc_ap_read, 2245 .writefn = icc_ap_write, 2246 }, 2247 { .name = "ICC_AP0R2_EL1", .state = ARM_CP_STATE_BOTH, 2248 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 6, 2249 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2250 .access = PL1_RW, .accessfn = gicv3_fiq_access, 2251 .readfn = icc_ap_read, 2252 .writefn = icc_ap_write, 2253 }, 2254 { .name = "ICC_AP0R3_EL1", .state = ARM_CP_STATE_BOTH, 2255 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 7, 2256 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2257 .access = PL1_RW, .accessfn = gicv3_fiq_access, 2258 .readfn = icc_ap_read, 2259 .writefn = icc_ap_write, 2260 }, 2261 /* All the ICC_AP1R*_EL1 registers are banked */ 2262 { .name = "ICC_AP1R0_EL1", .state = ARM_CP_STATE_BOTH, 2263 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 0, 2264 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2265 .access = PL1_RW, .accessfn = gicv3_irq_access, 2266 .readfn = icc_ap_read, 2267 .writefn = icc_ap_write, 2268 }, 2269 { .name = "ICC_AP1R1_EL1", .state = ARM_CP_STATE_BOTH, 2270 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 1, 2271 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2272 .access = PL1_RW, .accessfn = gicv3_irq_access, 2273 .readfn = icc_ap_read, 2274 .writefn = icc_ap_write, 2275 }, 2276 { .name = "ICC_AP1R2_EL1", .state = ARM_CP_STATE_BOTH, 2277 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 2, 2278 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2279 .access = PL1_RW, .accessfn = gicv3_irq_access, 2280 .readfn = icc_ap_read, 2281 .writefn = icc_ap_write, 2282 }, 2283 { .name = "ICC_AP1R3_EL1", .state = ARM_CP_STATE_BOTH, 2284 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 3, 2285 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2286 .access = PL1_RW, .accessfn = gicv3_irq_access, 2287 .readfn = icc_ap_read, 2288 .writefn = icc_ap_write, 2289 }, 2290 { .name = "ICC_DIR_EL1", .state = ARM_CP_STATE_BOTH, 2291 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 1, 2292 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2293 .access = PL1_W, .accessfn = gicv3_dir_access, 2294 .writefn = icc_dir_write, 2295 }, 2296 { .name = "ICC_RPR_EL1", .state = ARM_CP_STATE_BOTH, 2297 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 3, 2298 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2299 .access = PL1_R, .accessfn = gicv3_irqfiq_access, 2300 .readfn = icc_rpr_read, 2301 }, 2302 { .name = "ICC_SGI1R_EL1", .state = ARM_CP_STATE_AA64, 2303 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 5, 2304 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2305 .access = PL1_W, .accessfn = gicv3_sgi_access, 2306 .writefn = icc_sgi1r_write, 2307 }, 2308 { .name = "ICC_SGI1R", 2309 .cp = 15, .opc1 = 0, .crm = 12, 2310 .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_NO_RAW, 2311 .access = PL1_W, .accessfn = gicv3_sgi_access, 2312 .writefn = icc_sgi1r_write, 2313 }, 2314 { .name = "ICC_ASGI1R_EL1", .state = ARM_CP_STATE_AA64, 2315 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 6, 2316 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2317 .access = PL1_W, .accessfn = gicv3_sgi_access, 2318 .writefn = icc_asgi1r_write, 2319 }, 2320 { .name = "ICC_ASGI1R", 2321 .cp = 15, .opc1 = 1, .crm = 12, 2322 .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_NO_RAW, 2323 .access = PL1_W, .accessfn = gicv3_sgi_access, 2324 .writefn = icc_asgi1r_write, 2325 }, 2326 { .name = "ICC_SGI0R_EL1", .state = ARM_CP_STATE_AA64, 2327 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 7, 2328 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2329 .access = PL1_W, .accessfn = gicv3_sgi_access, 2330 .writefn = icc_sgi0r_write, 2331 }, 2332 { .name = "ICC_SGI0R", 2333 .cp = 15, .opc1 = 2, .crm = 12, 2334 .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_NO_RAW, 2335 .access = PL1_W, .accessfn = gicv3_sgi_access, 2336 .writefn = icc_sgi0r_write, 2337 }, 2338 { .name = "ICC_IAR1_EL1", .state = ARM_CP_STATE_BOTH, 2339 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 0, 2340 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2341 .access = PL1_R, .accessfn = gicv3_irq_access, 2342 .readfn = icc_iar1_read, 2343 }, 2344 { .name = "ICC_EOIR1_EL1", .state = ARM_CP_STATE_BOTH, 2345 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 1, 2346 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2347 .access = PL1_W, .accessfn = gicv3_irq_access, 2348 .writefn = icc_eoir_write, 2349 }, 2350 { .name = "ICC_HPPIR1_EL1", .state = ARM_CP_STATE_BOTH, 2351 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 2, 2352 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2353 .access = PL1_R, .accessfn = gicv3_irq_access, 2354 .readfn = icc_hppir1_read, 2355 }, 2356 /* This register is banked */ 2357 { .name = "ICC_BPR1_EL1", .state = ARM_CP_STATE_BOTH, 2358 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 3, 2359 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2360 .access = PL1_RW, .accessfn = gicv3_irq_access, 2361 .readfn = icc_bpr_read, 2362 .writefn = icc_bpr_write, 2363 }, 2364 /* This register is banked */ 2365 { .name = "ICC_CTLR_EL1", .state = ARM_CP_STATE_BOTH, 2366 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 4, 2367 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2368 .access = PL1_RW, .accessfn = gicv3_irqfiq_access, 2369 .readfn = icc_ctlr_el1_read, 2370 .writefn = icc_ctlr_el1_write, 2371 }, 2372 { .name = "ICC_SRE_EL1", .state = ARM_CP_STATE_BOTH, 2373 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 5, 2374 .type = ARM_CP_NO_RAW | ARM_CP_CONST, 2375 .access = PL1_RW, 2376 /* We don't support IRQ/FIQ bypass and system registers are 2377 * always enabled, so all our bits are RAZ/WI or RAO/WI. 2378 * This register is banked but since it's constant we don't 2379 * need to do anything special. 2380 */ 2381 .resetvalue = 0x7, 2382 }, 2383 { .name = "ICC_IGRPEN0_EL1", .state = ARM_CP_STATE_BOTH, 2384 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 6, 2385 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2386 .access = PL1_RW, .accessfn = gicv3_fiq_access, 2387 .readfn = icc_igrpen_read, 2388 .writefn = icc_igrpen_write, 2389 }, 2390 /* This register is banked */ 2391 { .name = "ICC_IGRPEN1_EL1", .state = ARM_CP_STATE_BOTH, 2392 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 7, 2393 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2394 .access = PL1_RW, .accessfn = gicv3_irq_access, 2395 .readfn = icc_igrpen_read, 2396 .writefn = icc_igrpen_write, 2397 }, 2398 { .name = "ICC_SRE_EL2", .state = ARM_CP_STATE_BOTH, 2399 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 9, .opc2 = 5, 2400 .type = ARM_CP_NO_RAW | ARM_CP_CONST, 2401 .access = PL2_RW, 2402 /* We don't support IRQ/FIQ bypass and system registers are 2403 * always enabled, so all our bits are RAZ/WI or RAO/WI. 2404 */ 2405 .resetvalue = 0xf, 2406 }, 2407 { .name = "ICC_CTLR_EL3", .state = ARM_CP_STATE_BOTH, 2408 .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 12, .opc2 = 4, 2409 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2410 .access = PL3_RW, 2411 .readfn = icc_ctlr_el3_read, 2412 .writefn = icc_ctlr_el3_write, 2413 }, 2414 { .name = "ICC_SRE_EL3", .state = ARM_CP_STATE_BOTH, 2415 .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 12, .opc2 = 5, 2416 .type = ARM_CP_NO_RAW | ARM_CP_CONST, 2417 .access = PL3_RW, 2418 /* We don't support IRQ/FIQ bypass and system registers are 2419 * always enabled, so all our bits are RAZ/WI or RAO/WI. 2420 */ 2421 .resetvalue = 0xf, 2422 }, 2423 { .name = "ICC_IGRPEN1_EL3", .state = ARM_CP_STATE_BOTH, 2424 .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 12, .opc2 = 7, 2425 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2426 .access = PL3_RW, 2427 .readfn = icc_igrpen1_el3_read, 2428 .writefn = icc_igrpen1_el3_write, 2429 }, 2430 REGINFO_SENTINEL 2431 }; 2432 2433 static uint64_t ich_ap_read(CPUARMState *env, const ARMCPRegInfo *ri) 2434 { 2435 GICv3CPUState *cs = icc_cs_from_env(env); 2436 int regno = ri->opc2 & 3; 2437 int grp = (ri->crm & 1) ? GICV3_G1NS : GICV3_G0; 2438 uint64_t value; 2439 2440 value = cs->ich_apr[grp][regno]; 2441 trace_gicv3_ich_ap_read(ri->crm & 1, regno, gicv3_redist_affid(cs), value); 2442 return value; 2443 } 2444 2445 static void ich_ap_write(CPUARMState *env, const ARMCPRegInfo *ri, 2446 uint64_t value) 2447 { 2448 GICv3CPUState *cs = icc_cs_from_env(env); 2449 int regno = ri->opc2 & 3; 2450 int grp = (ri->crm & 1) ? GICV3_G1NS : GICV3_G0; 2451 2452 trace_gicv3_ich_ap_write(ri->crm & 1, regno, gicv3_redist_affid(cs), value); 2453 2454 cs->ich_apr[grp][regno] = value & 0xFFFFFFFFU; 2455 gicv3_cpuif_virt_irq_fiq_update(cs); 2456 } 2457 2458 static uint64_t ich_hcr_read(CPUARMState *env, const ARMCPRegInfo *ri) 2459 { 2460 GICv3CPUState *cs = icc_cs_from_env(env); 2461 uint64_t value = cs->ich_hcr_el2; 2462 2463 trace_gicv3_ich_hcr_read(gicv3_redist_affid(cs), value); 2464 return value; 2465 } 2466 2467 static void ich_hcr_write(CPUARMState *env, const ARMCPRegInfo *ri, 2468 uint64_t value) 2469 { 2470 GICv3CPUState *cs = icc_cs_from_env(env); 2471 2472 trace_gicv3_ich_hcr_write(gicv3_redist_affid(cs), value); 2473 2474 value &= ICH_HCR_EL2_EN | ICH_HCR_EL2_UIE | ICH_HCR_EL2_LRENPIE | 2475 ICH_HCR_EL2_NPIE | ICH_HCR_EL2_VGRP0EIE | ICH_HCR_EL2_VGRP0DIE | 2476 ICH_HCR_EL2_VGRP1EIE | ICH_HCR_EL2_VGRP1DIE | ICH_HCR_EL2_TC | 2477 ICH_HCR_EL2_TALL0 | ICH_HCR_EL2_TALL1 | ICH_HCR_EL2_TSEI | 2478 ICH_HCR_EL2_TDIR | ICH_HCR_EL2_EOICOUNT_MASK; 2479 2480 cs->ich_hcr_el2 = value; 2481 gicv3_cpuif_virt_update(cs); 2482 } 2483 2484 static uint64_t ich_vmcr_read(CPUARMState *env, const ARMCPRegInfo *ri) 2485 { 2486 GICv3CPUState *cs = icc_cs_from_env(env); 2487 uint64_t value = cs->ich_vmcr_el2; 2488 2489 trace_gicv3_ich_vmcr_read(gicv3_redist_affid(cs), value); 2490 return value; 2491 } 2492 2493 static void ich_vmcr_write(CPUARMState *env, const ARMCPRegInfo *ri, 2494 uint64_t value) 2495 { 2496 GICv3CPUState *cs = icc_cs_from_env(env); 2497 2498 trace_gicv3_ich_vmcr_write(gicv3_redist_affid(cs), value); 2499 2500 value &= ICH_VMCR_EL2_VENG0 | ICH_VMCR_EL2_VENG1 | ICH_VMCR_EL2_VCBPR | 2501 ICH_VMCR_EL2_VEOIM | ICH_VMCR_EL2_VBPR1_MASK | 2502 ICH_VMCR_EL2_VBPR0_MASK | ICH_VMCR_EL2_VPMR_MASK; 2503 value |= ICH_VMCR_EL2_VFIQEN; 2504 2505 cs->ich_vmcr_el2 = value; 2506 /* Enforce "writing BPRs to less than minimum sets them to the minimum" 2507 * by reading and writing back the fields. 2508 */ 2509 write_vbpr(cs, GICV3_G0, read_vbpr(cs, GICV3_G0)); 2510 write_vbpr(cs, GICV3_G1, read_vbpr(cs, GICV3_G1)); 2511 2512 gicv3_cpuif_virt_update(cs); 2513 } 2514 2515 static uint64_t ich_lr_read(CPUARMState *env, const ARMCPRegInfo *ri) 2516 { 2517 GICv3CPUState *cs = icc_cs_from_env(env); 2518 int regno = ri->opc2 | ((ri->crm & 1) << 3); 2519 uint64_t value; 2520 2521 /* This read function handles all of: 2522 * 64-bit reads of the whole LR 2523 * 32-bit reads of the low half of the LR 2524 * 32-bit reads of the high half of the LR 2525 */ 2526 if (ri->state == ARM_CP_STATE_AA32) { 2527 if (ri->crm >= 14) { 2528 value = extract64(cs->ich_lr_el2[regno], 32, 32); 2529 trace_gicv3_ich_lrc_read(regno, gicv3_redist_affid(cs), value); 2530 } else { 2531 value = extract64(cs->ich_lr_el2[regno], 0, 32); 2532 trace_gicv3_ich_lr32_read(regno, gicv3_redist_affid(cs), value); 2533 } 2534 } else { 2535 value = cs->ich_lr_el2[regno]; 2536 trace_gicv3_ich_lr_read(regno, gicv3_redist_affid(cs), value); 2537 } 2538 2539 return value; 2540 } 2541 2542 static void ich_lr_write(CPUARMState *env, const ARMCPRegInfo *ri, 2543 uint64_t value) 2544 { 2545 GICv3CPUState *cs = icc_cs_from_env(env); 2546 int regno = ri->opc2 | ((ri->crm & 1) << 3); 2547 2548 /* This write function handles all of: 2549 * 64-bit writes to the whole LR 2550 * 32-bit writes to the low half of the LR 2551 * 32-bit writes to the high half of the LR 2552 */ 2553 if (ri->state == ARM_CP_STATE_AA32) { 2554 if (ri->crm >= 14) { 2555 trace_gicv3_ich_lrc_write(regno, gicv3_redist_affid(cs), value); 2556 value = deposit64(cs->ich_lr_el2[regno], 32, 32, value); 2557 } else { 2558 trace_gicv3_ich_lr32_write(regno, gicv3_redist_affid(cs), value); 2559 value = deposit64(cs->ich_lr_el2[regno], 0, 32, value); 2560 } 2561 } else { 2562 trace_gicv3_ich_lr_write(regno, gicv3_redist_affid(cs), value); 2563 } 2564 2565 /* Enforce RES0 bits in priority field */ 2566 if (cs->vpribits < 8) { 2567 value = deposit64(value, ICH_LR_EL2_PRIORITY_SHIFT, 2568 8 - cs->vpribits, 0); 2569 } 2570 2571 cs->ich_lr_el2[regno] = value; 2572 gicv3_cpuif_virt_update(cs); 2573 } 2574 2575 static uint64_t ich_vtr_read(CPUARMState *env, const ARMCPRegInfo *ri) 2576 { 2577 GICv3CPUState *cs = icc_cs_from_env(env); 2578 uint64_t value; 2579 2580 value = ((cs->num_list_regs - 1) << ICH_VTR_EL2_LISTREGS_SHIFT) 2581 | ICH_VTR_EL2_TDS | ICH_VTR_EL2_A3V 2582 | (1 << ICH_VTR_EL2_IDBITS_SHIFT) 2583 | ((cs->vprebits - 1) << ICH_VTR_EL2_PREBITS_SHIFT) 2584 | ((cs->vpribits - 1) << ICH_VTR_EL2_PRIBITS_SHIFT); 2585 2586 if (cs->gic->revision < 4) { 2587 value |= ICH_VTR_EL2_NV4; 2588 } 2589 2590 trace_gicv3_ich_vtr_read(gicv3_redist_affid(cs), value); 2591 return value; 2592 } 2593 2594 static uint64_t ich_misr_read(CPUARMState *env, const ARMCPRegInfo *ri) 2595 { 2596 GICv3CPUState *cs = icc_cs_from_env(env); 2597 uint64_t value = maintenance_interrupt_state(cs); 2598 2599 trace_gicv3_ich_misr_read(gicv3_redist_affid(cs), value); 2600 return value; 2601 } 2602 2603 static uint64_t ich_eisr_read(CPUARMState *env, const ARMCPRegInfo *ri) 2604 { 2605 GICv3CPUState *cs = icc_cs_from_env(env); 2606 uint64_t value = eoi_maintenance_interrupt_state(cs, NULL); 2607 2608 trace_gicv3_ich_eisr_read(gicv3_redist_affid(cs), value); 2609 return value; 2610 } 2611 2612 static uint64_t ich_elrsr_read(CPUARMState *env, const ARMCPRegInfo *ri) 2613 { 2614 GICv3CPUState *cs = icc_cs_from_env(env); 2615 uint64_t value = 0; 2616 int i; 2617 2618 for (i = 0; i < cs->num_list_regs; i++) { 2619 uint64_t lr = cs->ich_lr_el2[i]; 2620 2621 if ((lr & ICH_LR_EL2_STATE_MASK) == 0 && 2622 ((lr & ICH_LR_EL2_HW) != 0 || (lr & ICH_LR_EL2_EOI) == 0)) { 2623 value |= (1 << i); 2624 } 2625 } 2626 2627 trace_gicv3_ich_elrsr_read(gicv3_redist_affid(cs), value); 2628 return value; 2629 } 2630 2631 static const ARMCPRegInfo gicv3_cpuif_hcr_reginfo[] = { 2632 { .name = "ICH_AP0R0_EL2", .state = ARM_CP_STATE_BOTH, 2633 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 8, .opc2 = 0, 2634 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2635 .access = PL2_RW, 2636 .readfn = ich_ap_read, 2637 .writefn = ich_ap_write, 2638 }, 2639 { .name = "ICH_AP1R0_EL2", .state = ARM_CP_STATE_BOTH, 2640 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 9, .opc2 = 0, 2641 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2642 .access = PL2_RW, 2643 .readfn = ich_ap_read, 2644 .writefn = ich_ap_write, 2645 }, 2646 { .name = "ICH_HCR_EL2", .state = ARM_CP_STATE_BOTH, 2647 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 11, .opc2 = 0, 2648 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2649 .access = PL2_RW, 2650 .readfn = ich_hcr_read, 2651 .writefn = ich_hcr_write, 2652 }, 2653 { .name = "ICH_VTR_EL2", .state = ARM_CP_STATE_BOTH, 2654 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 11, .opc2 = 1, 2655 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2656 .access = PL2_R, 2657 .readfn = ich_vtr_read, 2658 }, 2659 { .name = "ICH_MISR_EL2", .state = ARM_CP_STATE_BOTH, 2660 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 11, .opc2 = 2, 2661 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2662 .access = PL2_R, 2663 .readfn = ich_misr_read, 2664 }, 2665 { .name = "ICH_EISR_EL2", .state = ARM_CP_STATE_BOTH, 2666 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 11, .opc2 = 3, 2667 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2668 .access = PL2_R, 2669 .readfn = ich_eisr_read, 2670 }, 2671 { .name = "ICH_ELRSR_EL2", .state = ARM_CP_STATE_BOTH, 2672 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 11, .opc2 = 5, 2673 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2674 .access = PL2_R, 2675 .readfn = ich_elrsr_read, 2676 }, 2677 { .name = "ICH_VMCR_EL2", .state = ARM_CP_STATE_BOTH, 2678 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 11, .opc2 = 7, 2679 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2680 .access = PL2_RW, 2681 .readfn = ich_vmcr_read, 2682 .writefn = ich_vmcr_write, 2683 }, 2684 REGINFO_SENTINEL 2685 }; 2686 2687 static const ARMCPRegInfo gicv3_cpuif_ich_apxr1_reginfo[] = { 2688 { .name = "ICH_AP0R1_EL2", .state = ARM_CP_STATE_BOTH, 2689 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 8, .opc2 = 1, 2690 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2691 .access = PL2_RW, 2692 .readfn = ich_ap_read, 2693 .writefn = ich_ap_write, 2694 }, 2695 { .name = "ICH_AP1R1_EL2", .state = ARM_CP_STATE_BOTH, 2696 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 9, .opc2 = 1, 2697 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2698 .access = PL2_RW, 2699 .readfn = ich_ap_read, 2700 .writefn = ich_ap_write, 2701 }, 2702 REGINFO_SENTINEL 2703 }; 2704 2705 static const ARMCPRegInfo gicv3_cpuif_ich_apxr23_reginfo[] = { 2706 { .name = "ICH_AP0R2_EL2", .state = ARM_CP_STATE_BOTH, 2707 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 8, .opc2 = 2, 2708 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2709 .access = PL2_RW, 2710 .readfn = ich_ap_read, 2711 .writefn = ich_ap_write, 2712 }, 2713 { .name = "ICH_AP0R3_EL2", .state = ARM_CP_STATE_BOTH, 2714 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 8, .opc2 = 3, 2715 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2716 .access = PL2_RW, 2717 .readfn = ich_ap_read, 2718 .writefn = ich_ap_write, 2719 }, 2720 { .name = "ICH_AP1R2_EL2", .state = ARM_CP_STATE_BOTH, 2721 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 9, .opc2 = 2, 2722 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2723 .access = PL2_RW, 2724 .readfn = ich_ap_read, 2725 .writefn = ich_ap_write, 2726 }, 2727 { .name = "ICH_AP1R3_EL2", .state = ARM_CP_STATE_BOTH, 2728 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 9, .opc2 = 3, 2729 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2730 .access = PL2_RW, 2731 .readfn = ich_ap_read, 2732 .writefn = ich_ap_write, 2733 }, 2734 REGINFO_SENTINEL 2735 }; 2736 2737 static void gicv3_cpuif_el_change_hook(ARMCPU *cpu, void *opaque) 2738 { 2739 GICv3CPUState *cs = opaque; 2740 2741 gicv3_cpuif_update(cs); 2742 /* 2743 * Because vLPIs are only pending in NonSecure state, 2744 * an EL change can change the VIRQ/VFIQ status (but 2745 * cannot affect the maintenance interrupt state) 2746 */ 2747 gicv3_cpuif_virt_irq_fiq_update(cs); 2748 } 2749 2750 void gicv3_init_cpuif(GICv3State *s) 2751 { 2752 /* Called from the GICv3 realize function; register our system 2753 * registers with the CPU 2754 */ 2755 int i; 2756 2757 for (i = 0; i < s->num_cpu; i++) { 2758 ARMCPU *cpu = ARM_CPU(qemu_get_cpu(i)); 2759 GICv3CPUState *cs = &s->cpu[i]; 2760 2761 /* Note that we can't just use the GICv3CPUState as an opaque pointer 2762 * in define_arm_cp_regs_with_opaque(), because when we're called back 2763 * it might be with code translated by CPU 0 but run by CPU 1, in 2764 * which case we'd get the wrong value. 2765 * So instead we define the regs with no ri->opaque info, and 2766 * get back to the GICv3CPUState from the CPUARMState. 2767 */ 2768 define_arm_cp_regs(cpu, gicv3_cpuif_reginfo); 2769 if (arm_feature(&cpu->env, ARM_FEATURE_EL2) 2770 && cpu->gic_num_lrs) { 2771 int j; 2772 2773 cs->num_list_regs = cpu->gic_num_lrs; 2774 cs->vpribits = cpu->gic_vpribits; 2775 cs->vprebits = cpu->gic_vprebits; 2776 2777 /* Check against architectural constraints: getting these 2778 * wrong would be a bug in the CPU code defining these, 2779 * and the implementation relies on them holding. 2780 */ 2781 g_assert(cs->vprebits <= cs->vpribits); 2782 g_assert(cs->vprebits >= 5 && cs->vprebits <= 7); 2783 g_assert(cs->vpribits >= 5 && cs->vpribits <= 8); 2784 2785 define_arm_cp_regs(cpu, gicv3_cpuif_hcr_reginfo); 2786 2787 for (j = 0; j < cs->num_list_regs; j++) { 2788 /* Note that the AArch64 LRs are 64-bit; the AArch32 LRs 2789 * are split into two cp15 regs, LR (the low part, with the 2790 * same encoding as the AArch64 LR) and LRC (the high part). 2791 */ 2792 ARMCPRegInfo lr_regset[] = { 2793 { .name = "ICH_LRn_EL2", .state = ARM_CP_STATE_BOTH, 2794 .opc0 = 3, .opc1 = 4, .crn = 12, 2795 .crm = 12 + (j >> 3), .opc2 = j & 7, 2796 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2797 .access = PL2_RW, 2798 .readfn = ich_lr_read, 2799 .writefn = ich_lr_write, 2800 }, 2801 { .name = "ICH_LRCn_EL2", .state = ARM_CP_STATE_AA32, 2802 .cp = 15, .opc1 = 4, .crn = 12, 2803 .crm = 14 + (j >> 3), .opc2 = j & 7, 2804 .type = ARM_CP_IO | ARM_CP_NO_RAW, 2805 .access = PL2_RW, 2806 .readfn = ich_lr_read, 2807 .writefn = ich_lr_write, 2808 }, 2809 REGINFO_SENTINEL 2810 }; 2811 define_arm_cp_regs(cpu, lr_regset); 2812 } 2813 if (cs->vprebits >= 6) { 2814 define_arm_cp_regs(cpu, gicv3_cpuif_ich_apxr1_reginfo); 2815 } 2816 if (cs->vprebits == 7) { 2817 define_arm_cp_regs(cpu, gicv3_cpuif_ich_apxr23_reginfo); 2818 } 2819 } 2820 arm_register_el_change_hook(cpu, gicv3_cpuif_el_change_hook, cs); 2821 } 2822 } 2823