1 /* 2 * ARM Generic Interrupt Controller v3 3 * 4 * Copyright (c) 2016 Linaro Limited 5 * Written by Peter Maydell 6 * 7 * This code is licensed under the GPL, version 2 or (at your option) 8 * any later version. 9 */ 10 11 /* This file contains the code for the system register interface 12 * portions of the GICv3. 13 */ 14 15 #include "qemu/osdep.h" 16 #include "trace.h" 17 #include "gicv3_internal.h" 18 #include "cpu.h" 19 20 static GICv3CPUState *icc_cs_from_env(CPUARMState *env) 21 { 22 /* Given the CPU, find the right GICv3CPUState struct. 23 * Since we registered the CPU interface with the EL change hook as 24 * the opaque pointer, we can just directly get from the CPU to it. 25 */ 26 return arm_get_el_change_hook_opaque(arm_env_get_cpu(env)); 27 } 28 29 static bool gicv3_use_ns_bank(CPUARMState *env) 30 { 31 /* Return true if we should use the NonSecure bank for a banked GIC 32 * CPU interface register. Note that this differs from the 33 * access_secure_reg() function because GICv3 banked registers are 34 * banked even for AArch64, unlike the other CPU system registers. 35 */ 36 return !arm_is_secure_below_el3(env); 37 } 38 39 static int icc_highest_active_prio(GICv3CPUState *cs) 40 { 41 /* Calculate the current running priority based on the set bits 42 * in the Active Priority Registers. 43 */ 44 int i; 45 46 for (i = 0; i < ARRAY_SIZE(cs->icc_apr[0]); i++) { 47 uint32_t apr = cs->icc_apr[GICV3_G0][i] | 48 cs->icc_apr[GICV3_G1][i] | cs->icc_apr[GICV3_G1NS][i]; 49 50 if (!apr) { 51 continue; 52 } 53 return (i * 32 + ctz32(apr)) << (GIC_MIN_BPR + 1); 54 } 55 /* No current active interrupts: return idle priority */ 56 return 0xff; 57 } 58 59 static uint32_t icc_gprio_mask(GICv3CPUState *cs, int group) 60 { 61 /* Return a mask word which clears the subpriority bits from 62 * a priority value for an interrupt in the specified group. 63 * This depends on the BPR value: 64 * a BPR of 0 means the group priority bits are [7:1]; 65 * a BPR of 1 means they are [7:2], and so on down to 66 * a BPR of 7 meaning no group priority bits at all. 67 * Which BPR to use depends on the group of the interrupt and 68 * the current ICC_CTLR.CBPR settings. 69 */ 70 if ((group == GICV3_G1 && cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_CBPR) || 71 (group == GICV3_G1NS && 72 cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR)) { 73 group = GICV3_G0; 74 } 75 76 return ~0U << ((cs->icc_bpr[group] & 7) + 1); 77 } 78 79 static bool icc_no_enabled_hppi(GICv3CPUState *cs) 80 { 81 /* Return true if there is no pending interrupt, or the 82 * highest priority pending interrupt is in a group which has been 83 * disabled at the CPU interface by the ICC_IGRPEN* register enable bits. 84 */ 85 return cs->hppi.prio == 0xff || (cs->icc_igrpen[cs->hppi.grp] == 0); 86 } 87 88 static bool icc_hppi_can_preempt(GICv3CPUState *cs) 89 { 90 /* Return true if we have a pending interrupt of sufficient 91 * priority to preempt. 92 */ 93 int rprio; 94 uint32_t mask; 95 96 if (icc_no_enabled_hppi(cs)) { 97 return false; 98 } 99 100 if (cs->hppi.prio >= cs->icc_pmr_el1) { 101 /* Priority mask masks this interrupt */ 102 return false; 103 } 104 105 rprio = icc_highest_active_prio(cs); 106 if (rprio == 0xff) { 107 /* No currently running interrupt so we can preempt */ 108 return true; 109 } 110 111 mask = icc_gprio_mask(cs, cs->hppi.grp); 112 113 /* We only preempt a running interrupt if the pending interrupt's 114 * group priority is sufficient (the subpriorities are not considered). 115 */ 116 if ((cs->hppi.prio & mask) < (rprio & mask)) { 117 return true; 118 } 119 120 return false; 121 } 122 123 void gicv3_cpuif_update(GICv3CPUState *cs) 124 { 125 /* Tell the CPU about its highest priority pending interrupt */ 126 int irqlevel = 0; 127 int fiqlevel = 0; 128 ARMCPU *cpu = ARM_CPU(cs->cpu); 129 CPUARMState *env = &cpu->env; 130 131 trace_gicv3_cpuif_update(gicv3_redist_affid(cs), cs->hppi.irq, 132 cs->hppi.grp, cs->hppi.prio); 133 134 if (cs->hppi.grp == GICV3_G1 && !arm_feature(env, ARM_FEATURE_EL3)) { 135 /* If a Security-enabled GIC sends a G1S interrupt to a 136 * Security-disabled CPU, we must treat it as if it were G0. 137 */ 138 cs->hppi.grp = GICV3_G0; 139 } 140 141 if (icc_hppi_can_preempt(cs)) { 142 /* We have an interrupt: should we signal it as IRQ or FIQ? 143 * This is described in the GICv3 spec section 4.6.2. 144 */ 145 bool isfiq; 146 147 switch (cs->hppi.grp) { 148 case GICV3_G0: 149 isfiq = true; 150 break; 151 case GICV3_G1: 152 isfiq = (!arm_is_secure(env) || 153 (arm_current_el(env) == 3 && arm_el_is_aa64(env, 3))); 154 break; 155 case GICV3_G1NS: 156 isfiq = arm_is_secure(env); 157 break; 158 default: 159 g_assert_not_reached(); 160 } 161 162 if (isfiq) { 163 fiqlevel = 1; 164 } else { 165 irqlevel = 1; 166 } 167 } 168 169 trace_gicv3_cpuif_set_irqs(gicv3_redist_affid(cs), fiqlevel, irqlevel); 170 171 qemu_set_irq(cs->parent_fiq, fiqlevel); 172 qemu_set_irq(cs->parent_irq, irqlevel); 173 } 174 175 static uint64_t icc_pmr_read(CPUARMState *env, const ARMCPRegInfo *ri) 176 { 177 GICv3CPUState *cs = icc_cs_from_env(env); 178 uint32_t value = cs->icc_pmr_el1; 179 180 if (arm_feature(env, ARM_FEATURE_EL3) && !arm_is_secure(env) && 181 (env->cp15.scr_el3 & SCR_FIQ)) { 182 /* NS access and Group 0 is inaccessible to NS: return the 183 * NS view of the current priority 184 */ 185 if (value & 0x80) { 186 /* Secure priorities not visible to NS */ 187 value = 0; 188 } else if (value != 0xff) { 189 value = (value << 1) & 0xff; 190 } 191 } 192 193 trace_gicv3_icc_pmr_read(gicv3_redist_affid(cs), value); 194 195 return value; 196 } 197 198 static void icc_pmr_write(CPUARMState *env, const ARMCPRegInfo *ri, 199 uint64_t value) 200 { 201 GICv3CPUState *cs = icc_cs_from_env(env); 202 203 trace_gicv3_icc_pmr_write(gicv3_redist_affid(cs), value); 204 205 value &= 0xff; 206 207 if (arm_feature(env, ARM_FEATURE_EL3) && !arm_is_secure(env) && 208 (env->cp15.scr_el3 & SCR_FIQ)) { 209 /* NS access and Group 0 is inaccessible to NS: return the 210 * NS view of the current priority 211 */ 212 if (!(cs->icc_pmr_el1 & 0x80)) { 213 /* Current PMR in the secure range, don't allow NS to change it */ 214 return; 215 } 216 value = (value >> 1) & 0x80; 217 } 218 cs->icc_pmr_el1 = value; 219 gicv3_cpuif_update(cs); 220 } 221 222 static void icc_activate_irq(GICv3CPUState *cs, int irq) 223 { 224 /* Move the interrupt from the Pending state to Active, and update 225 * the Active Priority Registers 226 */ 227 uint32_t mask = icc_gprio_mask(cs, cs->hppi.grp); 228 int prio = cs->hppi.prio & mask; 229 int aprbit = prio >> 1; 230 int regno = aprbit / 32; 231 int regbit = aprbit % 32; 232 233 cs->icc_apr[cs->hppi.grp][regno] |= (1 << regbit); 234 235 if (irq < GIC_INTERNAL) { 236 cs->gicr_iactiver0 = deposit32(cs->gicr_iactiver0, irq, 1, 1); 237 cs->gicr_ipendr0 = deposit32(cs->gicr_ipendr0, irq, 1, 0); 238 gicv3_redist_update(cs); 239 } else { 240 gicv3_gicd_active_set(cs->gic, irq); 241 gicv3_gicd_pending_clear(cs->gic, irq); 242 gicv3_update(cs->gic, irq, 1); 243 } 244 } 245 246 static uint64_t icc_hppir0_value(GICv3CPUState *cs, CPUARMState *env) 247 { 248 /* Return the highest priority pending interrupt register value 249 * for group 0. 250 */ 251 bool irq_is_secure; 252 253 if (cs->hppi.prio == 0xff) { 254 return INTID_SPURIOUS; 255 } 256 257 /* Check whether we can return the interrupt or if we should return 258 * a special identifier, as per the CheckGroup0ForSpecialIdentifiers 259 * pseudocode. (We can simplify a little because for us ICC_SRE_EL1.RM 260 * is always zero.) 261 */ 262 irq_is_secure = (!(cs->gic->gicd_ctlr & GICD_CTLR_DS) && 263 (cs->hppi.grp != GICV3_G1NS)); 264 265 if (cs->hppi.grp != GICV3_G0 && !arm_is_el3_or_mon(env)) { 266 return INTID_SPURIOUS; 267 } 268 if (irq_is_secure && !arm_is_secure(env)) { 269 /* Secure interrupts not visible to Nonsecure */ 270 return INTID_SPURIOUS; 271 } 272 273 if (cs->hppi.grp != GICV3_G0) { 274 /* Indicate to EL3 that there's a Group 1 interrupt for the other 275 * state pending. 276 */ 277 return irq_is_secure ? INTID_SECURE : INTID_NONSECURE; 278 } 279 280 return cs->hppi.irq; 281 } 282 283 static uint64_t icc_hppir1_value(GICv3CPUState *cs, CPUARMState *env) 284 { 285 /* Return the highest priority pending interrupt register value 286 * for group 1. 287 */ 288 bool irq_is_secure; 289 290 if (cs->hppi.prio == 0xff) { 291 return INTID_SPURIOUS; 292 } 293 294 /* Check whether we can return the interrupt or if we should return 295 * a special identifier, as per the CheckGroup1ForSpecialIdentifiers 296 * pseudocode. (We can simplify a little because for us ICC_SRE_EL1.RM 297 * is always zero.) 298 */ 299 irq_is_secure = (!(cs->gic->gicd_ctlr & GICD_CTLR_DS) && 300 (cs->hppi.grp != GICV3_G1NS)); 301 302 if (cs->hppi.grp == GICV3_G0) { 303 /* Group 0 interrupts not visible via HPPIR1 */ 304 return INTID_SPURIOUS; 305 } 306 if (irq_is_secure) { 307 if (!arm_is_secure(env)) { 308 /* Secure interrupts not visible in Non-secure */ 309 return INTID_SPURIOUS; 310 } 311 } else if (!arm_is_el3_or_mon(env) && arm_is_secure(env)) { 312 /* Group 1 non-secure interrupts not visible in Secure EL1 */ 313 return INTID_SPURIOUS; 314 } 315 316 return cs->hppi.irq; 317 } 318 319 static uint64_t icc_iar0_read(CPUARMState *env, const ARMCPRegInfo *ri) 320 { 321 GICv3CPUState *cs = icc_cs_from_env(env); 322 uint64_t intid; 323 324 if (!icc_hppi_can_preempt(cs)) { 325 intid = INTID_SPURIOUS; 326 } else { 327 intid = icc_hppir0_value(cs, env); 328 } 329 330 if (!(intid >= INTID_SECURE && intid <= INTID_SPURIOUS)) { 331 icc_activate_irq(cs, intid); 332 } 333 334 trace_gicv3_icc_iar0_read(gicv3_redist_affid(cs), intid); 335 return intid; 336 } 337 338 static uint64_t icc_iar1_read(CPUARMState *env, const ARMCPRegInfo *ri) 339 { 340 GICv3CPUState *cs = icc_cs_from_env(env); 341 uint64_t intid; 342 343 if (!icc_hppi_can_preempt(cs)) { 344 intid = INTID_SPURIOUS; 345 } else { 346 intid = icc_hppir1_value(cs, env); 347 } 348 349 if (!(intid >= INTID_SECURE && intid <= INTID_SPURIOUS)) { 350 icc_activate_irq(cs, intid); 351 } 352 353 trace_gicv3_icc_iar1_read(gicv3_redist_affid(cs), intid); 354 return intid; 355 } 356 357 static void icc_drop_prio(GICv3CPUState *cs, int grp) 358 { 359 /* Drop the priority of the currently active interrupt in 360 * the specified group. 361 * 362 * Note that we can guarantee (because of the requirement to nest 363 * ICC_IAR reads [which activate an interrupt and raise priority] 364 * with ICC_EOIR writes [which drop the priority for the interrupt]) 365 * that the interrupt we're being called for is the highest priority 366 * active interrupt, meaning that it has the lowest set bit in the 367 * APR registers. 368 * 369 * If the guest does not honour the ordering constraints then the 370 * behaviour of the GIC is UNPREDICTABLE, which for us means that 371 * the values of the APR registers might become incorrect and the 372 * running priority will be wrong, so interrupts that should preempt 373 * might not do so, and interrupts that should not preempt might do so. 374 */ 375 int i; 376 377 for (i = 0; i < ARRAY_SIZE(cs->icc_apr[grp]); i++) { 378 uint64_t *papr = &cs->icc_apr[grp][i]; 379 380 if (!*papr) { 381 continue; 382 } 383 /* Clear the lowest set bit */ 384 *papr &= *papr - 1; 385 break; 386 } 387 388 /* running priority change means we need an update for this cpu i/f */ 389 gicv3_cpuif_update(cs); 390 } 391 392 static bool icc_eoi_split(CPUARMState *env, GICv3CPUState *cs) 393 { 394 /* Return true if we should split priority drop and interrupt 395 * deactivation, ie whether the relevant EOIMode bit is set. 396 */ 397 if (arm_is_el3_or_mon(env)) { 398 return cs->icc_ctlr_el3 & ICC_CTLR_EL3_EOIMODE_EL3; 399 } 400 if (arm_is_secure_below_el3(env)) { 401 return cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_EOIMODE; 402 } else { 403 return cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_EOIMODE; 404 } 405 } 406 407 static int icc_highest_active_group(GICv3CPUState *cs) 408 { 409 /* Return the group with the highest priority active interrupt. 410 * We can do this by just comparing the APRs to see which one 411 * has the lowest set bit. 412 * (If more than one group is active at the same priority then 413 * we're in UNPREDICTABLE territory.) 414 */ 415 int i; 416 417 for (i = 0; i < ARRAY_SIZE(cs->icc_apr[0]); i++) { 418 int g0ctz = ctz32(cs->icc_apr[GICV3_G0][i]); 419 int g1ctz = ctz32(cs->icc_apr[GICV3_G1][i]); 420 int g1nsctz = ctz32(cs->icc_apr[GICV3_G1NS][i]); 421 422 if (g1nsctz < g0ctz && g1nsctz < g1ctz) { 423 return GICV3_G1NS; 424 } 425 if (g1ctz < g0ctz) { 426 return GICV3_G1; 427 } 428 if (g0ctz < 32) { 429 return GICV3_G0; 430 } 431 } 432 /* No set active bits? UNPREDICTABLE; return -1 so the caller 433 * ignores the spurious EOI attempt. 434 */ 435 return -1; 436 } 437 438 static void icc_deactivate_irq(GICv3CPUState *cs, int irq) 439 { 440 if (irq < GIC_INTERNAL) { 441 cs->gicr_iactiver0 = deposit32(cs->gicr_iactiver0, irq, 1, 0); 442 gicv3_redist_update(cs); 443 } else { 444 gicv3_gicd_active_clear(cs->gic, irq); 445 gicv3_update(cs->gic, irq, 1); 446 } 447 } 448 449 static void icc_eoir_write(CPUARMState *env, const ARMCPRegInfo *ri, 450 uint64_t value) 451 { 452 /* End of Interrupt */ 453 GICv3CPUState *cs = icc_cs_from_env(env); 454 int irq = value & 0xffffff; 455 int grp; 456 457 trace_gicv3_icc_eoir_write(gicv3_redist_affid(cs), value); 458 459 if (ri->crm == 8) { 460 /* EOIR0 */ 461 grp = GICV3_G0; 462 } else { 463 /* EOIR1 */ 464 if (arm_is_secure(env)) { 465 grp = GICV3_G1; 466 } else { 467 grp = GICV3_G1NS; 468 } 469 } 470 471 if (irq >= cs->gic->num_irq) { 472 /* This handles two cases: 473 * 1. If software writes the ID of a spurious interrupt [ie 1020-1023] 474 * to the GICC_EOIR, the GIC ignores that write. 475 * 2. If software writes the number of a non-existent interrupt 476 * this must be a subcase of "value written does not match the last 477 * valid interrupt value read from the Interrupt Acknowledge 478 * register" and so this is UNPREDICTABLE. We choose to ignore it. 479 */ 480 return; 481 } 482 483 if (icc_highest_active_group(cs) != grp) { 484 return; 485 } 486 487 icc_drop_prio(cs, grp); 488 489 if (!icc_eoi_split(env, cs)) { 490 /* Priority drop and deactivate not split: deactivate irq now */ 491 icc_deactivate_irq(cs, irq); 492 } 493 } 494 495 static uint64_t icc_hppir0_read(CPUARMState *env, const ARMCPRegInfo *ri) 496 { 497 GICv3CPUState *cs = icc_cs_from_env(env); 498 uint64_t value = icc_hppir0_value(cs, env); 499 500 trace_gicv3_icc_hppir0_read(gicv3_redist_affid(cs), value); 501 return value; 502 } 503 504 static uint64_t icc_hppir1_read(CPUARMState *env, const ARMCPRegInfo *ri) 505 { 506 GICv3CPUState *cs = icc_cs_from_env(env); 507 uint64_t value = icc_hppir1_value(cs, env); 508 509 trace_gicv3_icc_hppir1_read(gicv3_redist_affid(cs), value); 510 return value; 511 } 512 513 static uint64_t icc_bpr_read(CPUARMState *env, const ARMCPRegInfo *ri) 514 { 515 GICv3CPUState *cs = icc_cs_from_env(env); 516 int grp = (ri->crm == 8) ? GICV3_G0 : GICV3_G1; 517 bool satinc = false; 518 uint64_t bpr; 519 520 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 521 grp = GICV3_G1NS; 522 } 523 524 if (grp == GICV3_G1 && !arm_is_el3_or_mon(env) && 525 (cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_CBPR)) { 526 /* CBPR_EL1S means secure EL1 or AArch32 EL3 !Mon BPR1 accesses 527 * modify BPR0 528 */ 529 grp = GICV3_G0; 530 } 531 532 if (grp == GICV3_G1NS && arm_current_el(env) < 3 && 533 (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR)) { 534 /* reads return bpr0 + 1 sat to 7, writes ignored */ 535 grp = GICV3_G0; 536 satinc = true; 537 } 538 539 bpr = cs->icc_bpr[grp]; 540 if (satinc) { 541 bpr++; 542 bpr = MIN(bpr, 7); 543 } 544 545 trace_gicv3_icc_bpr_read(gicv3_redist_affid(cs), bpr); 546 547 return bpr; 548 } 549 550 static void icc_bpr_write(CPUARMState *env, const ARMCPRegInfo *ri, 551 uint64_t value) 552 { 553 GICv3CPUState *cs = icc_cs_from_env(env); 554 int grp = (ri->crm == 8) ? GICV3_G0 : GICV3_G1; 555 556 trace_gicv3_icc_pmr_write(gicv3_redist_affid(cs), value); 557 558 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 559 grp = GICV3_G1NS; 560 } 561 562 if (grp == GICV3_G1 && !arm_is_el3_or_mon(env) && 563 (cs->icc_ctlr_el1[GICV3_S] & ICC_CTLR_EL1_CBPR)) { 564 /* CBPR_EL1S means secure EL1 or AArch32 EL3 !Mon BPR1 accesses 565 * modify BPR0 566 */ 567 grp = GICV3_G0; 568 } 569 570 if (grp == GICV3_G1NS && arm_current_el(env) < 3 && 571 (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR)) { 572 /* reads return bpr0 + 1 sat to 7, writes ignored */ 573 return; 574 } 575 576 cs->icc_bpr[grp] = value & 7; 577 gicv3_cpuif_update(cs); 578 } 579 580 static uint64_t icc_ap_read(CPUARMState *env, const ARMCPRegInfo *ri) 581 { 582 GICv3CPUState *cs = icc_cs_from_env(env); 583 uint64_t value; 584 585 int regno = ri->opc2 & 3; 586 int grp = ri->crm & 1 ? GICV3_G0 : GICV3_G1; 587 588 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 589 grp = GICV3_G1NS; 590 } 591 592 value = cs->icc_apr[grp][regno]; 593 594 trace_gicv3_icc_ap_read(regno, gicv3_redist_affid(cs), value); 595 return value; 596 } 597 598 static void icc_ap_write(CPUARMState *env, const ARMCPRegInfo *ri, 599 uint64_t value) 600 { 601 GICv3CPUState *cs = icc_cs_from_env(env); 602 603 int regno = ri->opc2 & 3; 604 int grp = ri->crm & 1 ? GICV3_G0 : GICV3_G1; 605 606 trace_gicv3_icc_ap_write(regno, gicv3_redist_affid(cs), value); 607 608 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 609 grp = GICV3_G1NS; 610 } 611 612 /* It's not possible to claim that a Non-secure interrupt is active 613 * at a priority outside the Non-secure range (128..255), since this 614 * would otherwise allow malicious NS code to block delivery of S interrupts 615 * by writing a bad value to these registers. 616 */ 617 if (grp == GICV3_G1NS && regno < 2 && arm_feature(env, ARM_FEATURE_EL3)) { 618 return; 619 } 620 621 cs->icc_apr[grp][regno] = value & 0xFFFFFFFFU; 622 gicv3_cpuif_update(cs); 623 } 624 625 static void icc_dir_write(CPUARMState *env, const ARMCPRegInfo *ri, 626 uint64_t value) 627 { 628 /* Deactivate interrupt */ 629 GICv3CPUState *cs = icc_cs_from_env(env); 630 int irq = value & 0xffffff; 631 bool irq_is_secure, single_sec_state, irq_is_grp0; 632 bool route_fiq_to_el3, route_irq_to_el3, route_fiq_to_el2, route_irq_to_el2; 633 634 trace_gicv3_icc_dir_write(gicv3_redist_affid(cs), value); 635 636 if (irq >= cs->gic->num_irq) { 637 /* Also catches special interrupt numbers and LPIs */ 638 return; 639 } 640 641 if (!icc_eoi_split(env, cs)) { 642 return; 643 } 644 645 int grp = gicv3_irq_group(cs->gic, cs, irq); 646 647 single_sec_state = cs->gic->gicd_ctlr & GICD_CTLR_DS; 648 irq_is_secure = !single_sec_state && (grp != GICV3_G1NS); 649 irq_is_grp0 = grp == GICV3_G0; 650 651 /* Check whether we're allowed to deactivate this interrupt based 652 * on its group and the current CPU state. 653 * These checks are laid out to correspond to the spec's pseudocode. 654 */ 655 route_fiq_to_el3 = env->cp15.scr_el3 & SCR_FIQ; 656 route_irq_to_el3 = env->cp15.scr_el3 & SCR_IRQ; 657 /* No need to include !IsSecure in route_*_to_el2 as it's only 658 * tested in cases where we know !IsSecure is true. 659 */ 660 route_fiq_to_el2 = env->cp15.hcr_el2 & HCR_FMO; 661 route_irq_to_el2 = env->cp15.hcr_el2 & HCR_FMO; 662 663 switch (arm_current_el(env)) { 664 case 3: 665 break; 666 case 2: 667 if (single_sec_state && irq_is_grp0 && !route_fiq_to_el3) { 668 break; 669 } 670 if (!irq_is_secure && !irq_is_grp0 && !route_irq_to_el3) { 671 break; 672 } 673 return; 674 case 1: 675 if (!arm_is_secure_below_el3(env)) { 676 if (single_sec_state && irq_is_grp0 && 677 !route_fiq_to_el3 && !route_fiq_to_el2) { 678 break; 679 } 680 if (!irq_is_secure && !irq_is_grp0 && 681 !route_irq_to_el3 && !route_irq_to_el2) { 682 break; 683 } 684 } else { 685 if (irq_is_grp0 && !route_fiq_to_el3) { 686 break; 687 } 688 if (!irq_is_grp0 && 689 (!irq_is_secure || !single_sec_state) && 690 !route_irq_to_el3) { 691 break; 692 } 693 } 694 return; 695 default: 696 g_assert_not_reached(); 697 } 698 699 icc_deactivate_irq(cs, irq); 700 } 701 702 static uint64_t icc_rpr_read(CPUARMState *env, const ARMCPRegInfo *ri) 703 { 704 GICv3CPUState *cs = icc_cs_from_env(env); 705 int prio = icc_highest_active_prio(cs); 706 707 if (arm_feature(env, ARM_FEATURE_EL3) && 708 !arm_is_secure(env) && (env->cp15.scr_el3 & SCR_FIQ)) { 709 /* NS GIC access and Group 0 is inaccessible to NS */ 710 if (prio & 0x80) { 711 /* NS mustn't see priorities in the Secure half of the range */ 712 prio = 0; 713 } else if (prio != 0xff) { 714 /* Non-idle priority: show the Non-secure view of it */ 715 prio = (prio << 1) & 0xff; 716 } 717 } 718 719 trace_gicv3_icc_rpr_read(gicv3_redist_affid(cs), prio); 720 return prio; 721 } 722 723 static void icc_generate_sgi(CPUARMState *env, GICv3CPUState *cs, 724 uint64_t value, int grp, bool ns) 725 { 726 GICv3State *s = cs->gic; 727 728 /* Extract Aff3/Aff2/Aff1 and shift into the bottom 24 bits */ 729 uint64_t aff = extract64(value, 48, 8) << 16 | 730 extract64(value, 32, 8) << 8 | 731 extract64(value, 16, 8); 732 uint32_t targetlist = extract64(value, 0, 16); 733 uint32_t irq = extract64(value, 24, 4); 734 bool irm = extract64(value, 40, 1); 735 int i; 736 737 if (grp == GICV3_G1 && s->gicd_ctlr & GICD_CTLR_DS) { 738 /* If GICD_CTLR.DS == 1, the Distributor treats Secure Group 1 739 * interrupts as Group 0 interrupts and must send Secure Group 0 740 * interrupts to the target CPUs. 741 */ 742 grp = GICV3_G0; 743 } 744 745 trace_gicv3_icc_generate_sgi(gicv3_redist_affid(cs), irq, irm, 746 aff, targetlist); 747 748 for (i = 0; i < s->num_cpu; i++) { 749 GICv3CPUState *ocs = &s->cpu[i]; 750 751 if (irm) { 752 /* IRM == 1 : route to all CPUs except self */ 753 if (cs == ocs) { 754 continue; 755 } 756 } else { 757 /* IRM == 0 : route to Aff3.Aff2.Aff1.n for all n in [0..15] 758 * where the corresponding bit is set in targetlist 759 */ 760 int aff0; 761 762 if (ocs->gicr_typer >> 40 != aff) { 763 continue; 764 } 765 aff0 = extract64(ocs->gicr_typer, 32, 8); 766 if (aff0 > 15 || extract32(targetlist, aff0, 1) == 0) { 767 continue; 768 } 769 } 770 771 /* The redistributor will check against its own GICR_NSACR as needed */ 772 gicv3_redist_send_sgi(ocs, grp, irq, ns); 773 } 774 } 775 776 static void icc_sgi0r_write(CPUARMState *env, const ARMCPRegInfo *ri, 777 uint64_t value) 778 { 779 /* Generate Secure Group 0 SGI. */ 780 GICv3CPUState *cs = icc_cs_from_env(env); 781 bool ns = !arm_is_secure(env); 782 783 icc_generate_sgi(env, cs, value, GICV3_G0, ns); 784 } 785 786 static void icc_sgi1r_write(CPUARMState *env, const ARMCPRegInfo *ri, 787 uint64_t value) 788 { 789 /* Generate Group 1 SGI for the current Security state */ 790 GICv3CPUState *cs = icc_cs_from_env(env); 791 int grp; 792 bool ns = !arm_is_secure(env); 793 794 grp = ns ? GICV3_G1NS : GICV3_G1; 795 icc_generate_sgi(env, cs, value, grp, ns); 796 } 797 798 static void icc_asgi1r_write(CPUARMState *env, const ARMCPRegInfo *ri, 799 uint64_t value) 800 { 801 /* Generate Group 1 SGI for the Security state that is not 802 * the current state 803 */ 804 GICv3CPUState *cs = icc_cs_from_env(env); 805 int grp; 806 bool ns = !arm_is_secure(env); 807 808 grp = ns ? GICV3_G1 : GICV3_G1NS; 809 icc_generate_sgi(env, cs, value, grp, ns); 810 } 811 812 static uint64_t icc_igrpen_read(CPUARMState *env, const ARMCPRegInfo *ri) 813 { 814 GICv3CPUState *cs = icc_cs_from_env(env); 815 int grp = ri->opc2 & 1 ? GICV3_G1 : GICV3_G0; 816 uint64_t value; 817 818 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 819 grp = GICV3_G1NS; 820 } 821 822 value = cs->icc_igrpen[grp]; 823 trace_gicv3_icc_igrpen_read(gicv3_redist_affid(cs), value); 824 return value; 825 } 826 827 static void icc_igrpen_write(CPUARMState *env, const ARMCPRegInfo *ri, 828 uint64_t value) 829 { 830 GICv3CPUState *cs = icc_cs_from_env(env); 831 int grp = ri->opc2 & 1 ? GICV3_G1 : GICV3_G0; 832 833 trace_gicv3_icc_igrpen_write(gicv3_redist_affid(cs), value); 834 835 if (grp == GICV3_G1 && gicv3_use_ns_bank(env)) { 836 grp = GICV3_G1NS; 837 } 838 839 cs->icc_igrpen[grp] = value & ICC_IGRPEN_ENABLE; 840 gicv3_cpuif_update(cs); 841 } 842 843 static uint64_t icc_igrpen1_el3_read(CPUARMState *env, const ARMCPRegInfo *ri) 844 { 845 GICv3CPUState *cs = icc_cs_from_env(env); 846 847 /* IGRPEN1_EL3 bits 0 and 1 are r/w aliases into IGRPEN1_EL1 NS and S */ 848 return cs->icc_igrpen[GICV3_G1NS] | (cs->icc_igrpen[GICV3_G1] << 1); 849 } 850 851 static void icc_igrpen1_el3_write(CPUARMState *env, const ARMCPRegInfo *ri, 852 uint64_t value) 853 { 854 GICv3CPUState *cs = icc_cs_from_env(env); 855 856 trace_gicv3_icc_igrpen1_el3_write(gicv3_redist_affid(cs), value); 857 858 /* IGRPEN1_EL3 bits 0 and 1 are r/w aliases into IGRPEN1_EL1 NS and S */ 859 cs->icc_igrpen[GICV3_G1NS] = extract32(value, 0, 1); 860 cs->icc_igrpen[GICV3_G1] = extract32(value, 1, 1); 861 gicv3_cpuif_update(cs); 862 } 863 864 static uint64_t icc_ctlr_el1_read(CPUARMState *env, const ARMCPRegInfo *ri) 865 { 866 GICv3CPUState *cs = icc_cs_from_env(env); 867 int bank = gicv3_use_ns_bank(env) ? GICV3_NS : GICV3_S; 868 uint64_t value; 869 870 value = cs->icc_ctlr_el1[bank]; 871 trace_gicv3_icc_ctlr_read(gicv3_redist_affid(cs), value); 872 return value; 873 } 874 875 static void icc_ctlr_el1_write(CPUARMState *env, const ARMCPRegInfo *ri, 876 uint64_t value) 877 { 878 GICv3CPUState *cs = icc_cs_from_env(env); 879 int bank = gicv3_use_ns_bank(env) ? GICV3_NS : GICV3_S; 880 uint64_t mask; 881 882 trace_gicv3_icc_ctlr_write(gicv3_redist_affid(cs), value); 883 884 /* Only CBPR and EOIMODE can be RW; 885 * for us PMHE is RAZ/WI (we don't implement 1-of-N interrupts or 886 * the asseciated priority-based routing of them); 887 * if EL3 is implemented and GICD_CTLR.DS == 0, then PMHE and CBPR are RO. 888 */ 889 if (arm_feature(env, ARM_FEATURE_EL3) && 890 ((cs->gic->gicd_ctlr & GICD_CTLR_DS) == 0)) { 891 mask = ICC_CTLR_EL1_EOIMODE; 892 } else { 893 mask = ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE; 894 } 895 896 cs->icc_ctlr_el1[bank] &= ~mask; 897 cs->icc_ctlr_el1[bank] |= (value & mask); 898 gicv3_cpuif_update(cs); 899 } 900 901 902 static uint64_t icc_ctlr_el3_read(CPUARMState *env, const ARMCPRegInfo *ri) 903 { 904 GICv3CPUState *cs = icc_cs_from_env(env); 905 uint64_t value; 906 907 value = cs->icc_ctlr_el3; 908 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_EOIMODE) { 909 value |= ICC_CTLR_EL3_EOIMODE_EL1NS; 910 } 911 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR) { 912 value |= ICC_CTLR_EL3_CBPR_EL1NS; 913 } 914 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_EOIMODE) { 915 value |= ICC_CTLR_EL3_EOIMODE_EL1S; 916 } 917 if (cs->icc_ctlr_el1[GICV3_NS] & ICC_CTLR_EL1_CBPR) { 918 value |= ICC_CTLR_EL3_CBPR_EL1S; 919 } 920 921 trace_gicv3_icc_ctlr_el3_read(gicv3_redist_affid(cs), value); 922 return value; 923 } 924 925 static void icc_ctlr_el3_write(CPUARMState *env, const ARMCPRegInfo *ri, 926 uint64_t value) 927 { 928 GICv3CPUState *cs = icc_cs_from_env(env); 929 uint64_t mask; 930 931 trace_gicv3_icc_ctlr_el3_write(gicv3_redist_affid(cs), value); 932 933 /* *_EL1NS and *_EL1S bits are aliases into the ICC_CTLR_EL1 bits. */ 934 cs->icc_ctlr_el1[GICV3_NS] &= (ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE); 935 if (value & ICC_CTLR_EL3_EOIMODE_EL1NS) { 936 cs->icc_ctlr_el1[GICV3_NS] |= ICC_CTLR_EL1_EOIMODE; 937 } 938 if (value & ICC_CTLR_EL3_CBPR_EL1NS) { 939 cs->icc_ctlr_el1[GICV3_NS] |= ICC_CTLR_EL1_CBPR; 940 } 941 942 cs->icc_ctlr_el1[GICV3_S] &= (ICC_CTLR_EL1_CBPR | ICC_CTLR_EL1_EOIMODE); 943 if (value & ICC_CTLR_EL3_EOIMODE_EL1S) { 944 cs->icc_ctlr_el1[GICV3_S] |= ICC_CTLR_EL1_EOIMODE; 945 } 946 if (value & ICC_CTLR_EL3_CBPR_EL1S) { 947 cs->icc_ctlr_el1[GICV3_S] |= ICC_CTLR_EL1_CBPR; 948 } 949 950 /* The only bit stored in icc_ctlr_el3 which is writeable is EOIMODE_EL3: */ 951 mask = ICC_CTLR_EL3_EOIMODE_EL3; 952 953 cs->icc_ctlr_el3 &= ~mask; 954 cs->icc_ctlr_el3 |= (value & mask); 955 gicv3_cpuif_update(cs); 956 } 957 958 static CPAccessResult gicv3_irqfiq_access(CPUARMState *env, 959 const ARMCPRegInfo *ri, bool isread) 960 { 961 CPAccessResult r = CP_ACCESS_OK; 962 963 if ((env->cp15.scr_el3 & (SCR_FIQ | SCR_IRQ)) == (SCR_FIQ | SCR_IRQ)) { 964 switch (arm_current_el(env)) { 965 case 1: 966 if (arm_is_secure_below_el3(env) || 967 ((env->cp15.hcr_el2 & (HCR_IMO | HCR_FMO)) == 0)) { 968 r = CP_ACCESS_TRAP_EL3; 969 } 970 break; 971 case 2: 972 r = CP_ACCESS_TRAP_EL3; 973 break; 974 case 3: 975 if (!is_a64(env) && !arm_is_el3_or_mon(env)) { 976 r = CP_ACCESS_TRAP_EL3; 977 } 978 break; 979 default: 980 g_assert_not_reached(); 981 } 982 } 983 984 if (r == CP_ACCESS_TRAP_EL3 && !arm_el_is_aa64(env, 3)) { 985 r = CP_ACCESS_TRAP; 986 } 987 return r; 988 } 989 990 static CPAccessResult gicv3_fiq_access(CPUARMState *env, 991 const ARMCPRegInfo *ri, bool isread) 992 { 993 CPAccessResult r = CP_ACCESS_OK; 994 995 if (env->cp15.scr_el3 & SCR_FIQ) { 996 switch (arm_current_el(env)) { 997 case 1: 998 if (arm_is_secure_below_el3(env) || 999 ((env->cp15.hcr_el2 & HCR_FMO) == 0)) { 1000 r = CP_ACCESS_TRAP_EL3; 1001 } 1002 break; 1003 case 2: 1004 r = CP_ACCESS_TRAP_EL3; 1005 break; 1006 case 3: 1007 if (!is_a64(env) && !arm_is_el3_or_mon(env)) { 1008 r = CP_ACCESS_TRAP_EL3; 1009 } 1010 break; 1011 default: 1012 g_assert_not_reached(); 1013 } 1014 } 1015 1016 if (r == CP_ACCESS_TRAP_EL3 && !arm_el_is_aa64(env, 3)) { 1017 r = CP_ACCESS_TRAP; 1018 } 1019 return r; 1020 } 1021 1022 static CPAccessResult gicv3_irq_access(CPUARMState *env, 1023 const ARMCPRegInfo *ri, bool isread) 1024 { 1025 CPAccessResult r = CP_ACCESS_OK; 1026 1027 if (env->cp15.scr_el3 & SCR_IRQ) { 1028 switch (arm_current_el(env)) { 1029 case 1: 1030 if (arm_is_secure_below_el3(env) || 1031 ((env->cp15.hcr_el2 & HCR_IMO) == 0)) { 1032 r = CP_ACCESS_TRAP_EL3; 1033 } 1034 break; 1035 case 2: 1036 r = CP_ACCESS_TRAP_EL3; 1037 break; 1038 case 3: 1039 if (!is_a64(env) && !arm_is_el3_or_mon(env)) { 1040 r = CP_ACCESS_TRAP_EL3; 1041 } 1042 break; 1043 default: 1044 g_assert_not_reached(); 1045 } 1046 } 1047 1048 if (r == CP_ACCESS_TRAP_EL3 && !arm_el_is_aa64(env, 3)) { 1049 r = CP_ACCESS_TRAP; 1050 } 1051 return r; 1052 } 1053 1054 static void icc_reset(CPUARMState *env, const ARMCPRegInfo *ri) 1055 { 1056 GICv3CPUState *cs = icc_cs_from_env(env); 1057 1058 cs->icc_ctlr_el1[GICV3_S] = ICC_CTLR_EL1_A3V | 1059 (1 << ICC_CTLR_EL1_IDBITS_SHIFT) | 1060 (7 << ICC_CTLR_EL1_PRIBITS_SHIFT); 1061 cs->icc_ctlr_el1[GICV3_NS] = ICC_CTLR_EL1_A3V | 1062 (1 << ICC_CTLR_EL1_IDBITS_SHIFT) | 1063 (7 << ICC_CTLR_EL1_PRIBITS_SHIFT); 1064 cs->icc_pmr_el1 = 0; 1065 cs->icc_bpr[GICV3_G0] = GIC_MIN_BPR; 1066 cs->icc_bpr[GICV3_G1] = GIC_MIN_BPR; 1067 if (arm_feature(env, ARM_FEATURE_EL3)) { 1068 cs->icc_bpr[GICV3_G1NS] = GIC_MIN_BPR_NS; 1069 } else { 1070 cs->icc_bpr[GICV3_G1NS] = GIC_MIN_BPR; 1071 } 1072 memset(cs->icc_apr, 0, sizeof(cs->icc_apr)); 1073 memset(cs->icc_igrpen, 0, sizeof(cs->icc_igrpen)); 1074 cs->icc_ctlr_el3 = ICC_CTLR_EL3_NDS | ICC_CTLR_EL3_A3V | 1075 (1 << ICC_CTLR_EL3_IDBITS_SHIFT) | 1076 (7 << ICC_CTLR_EL3_PRIBITS_SHIFT); 1077 } 1078 1079 static const ARMCPRegInfo gicv3_cpuif_reginfo[] = { 1080 { .name = "ICC_PMR_EL1", .state = ARM_CP_STATE_BOTH, 1081 .opc0 = 3, .opc1 = 0, .crn = 4, .crm = 6, .opc2 = 0, 1082 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1083 .access = PL1_RW, .accessfn = gicv3_irqfiq_access, 1084 .readfn = icc_pmr_read, 1085 .writefn = icc_pmr_write, 1086 /* We hang the whole cpu interface reset routine off here 1087 * rather than parcelling it out into one little function 1088 * per register 1089 */ 1090 .resetfn = icc_reset, 1091 }, 1092 { .name = "ICC_IAR0_EL1", .state = ARM_CP_STATE_BOTH, 1093 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 0, 1094 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1095 .access = PL1_R, .accessfn = gicv3_fiq_access, 1096 .readfn = icc_iar0_read, 1097 }, 1098 { .name = "ICC_EOIR0_EL1", .state = ARM_CP_STATE_BOTH, 1099 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 1, 1100 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1101 .access = PL1_W, .accessfn = gicv3_fiq_access, 1102 .writefn = icc_eoir_write, 1103 }, 1104 { .name = "ICC_HPPIR0_EL1", .state = ARM_CP_STATE_BOTH, 1105 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 2, 1106 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1107 .access = PL1_R, .accessfn = gicv3_fiq_access, 1108 .readfn = icc_hppir0_read, 1109 }, 1110 { .name = "ICC_BPR0_EL1", .state = ARM_CP_STATE_BOTH, 1111 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 3, 1112 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1113 .access = PL1_RW, .accessfn = gicv3_fiq_access, 1114 .fieldoffset = offsetof(GICv3CPUState, icc_bpr[GICV3_G0]), 1115 .writefn = icc_bpr_write, 1116 }, 1117 { .name = "ICC_AP0R0_EL1", .state = ARM_CP_STATE_BOTH, 1118 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 4, 1119 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1120 .access = PL1_RW, .accessfn = gicv3_fiq_access, 1121 .fieldoffset = offsetof(GICv3CPUState, icc_apr[GICV3_G0][0]), 1122 .writefn = icc_ap_write, 1123 }, 1124 { .name = "ICC_AP0R1_EL1", .state = ARM_CP_STATE_BOTH, 1125 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 5, 1126 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1127 .access = PL1_RW, .accessfn = gicv3_fiq_access, 1128 .fieldoffset = offsetof(GICv3CPUState, icc_apr[GICV3_G0][1]), 1129 .writefn = icc_ap_write, 1130 }, 1131 { .name = "ICC_AP0R2_EL1", .state = ARM_CP_STATE_BOTH, 1132 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 6, 1133 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1134 .access = PL1_RW, .accessfn = gicv3_fiq_access, 1135 .fieldoffset = offsetof(GICv3CPUState, icc_apr[GICV3_G0][2]), 1136 .writefn = icc_ap_write, 1137 }, 1138 { .name = "ICC_AP0R3_EL1", .state = ARM_CP_STATE_BOTH, 1139 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 7, 1140 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1141 .access = PL1_RW, .accessfn = gicv3_fiq_access, 1142 .fieldoffset = offsetof(GICv3CPUState, icc_apr[GICV3_G0][3]), 1143 .writefn = icc_ap_write, 1144 }, 1145 /* All the ICC_AP1R*_EL1 registers are banked */ 1146 { .name = "ICC_AP1R0_EL1", .state = ARM_CP_STATE_BOTH, 1147 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 0, 1148 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1149 .access = PL1_RW, .accessfn = gicv3_irq_access, 1150 .readfn = icc_ap_read, 1151 .writefn = icc_ap_write, 1152 }, 1153 { .name = "ICC_AP1R1_EL1", .state = ARM_CP_STATE_BOTH, 1154 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 1, 1155 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1156 .access = PL1_RW, .accessfn = gicv3_irq_access, 1157 .readfn = icc_ap_read, 1158 .writefn = icc_ap_write, 1159 }, 1160 { .name = "ICC_AP1R2_EL1", .state = ARM_CP_STATE_BOTH, 1161 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 2, 1162 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1163 .access = PL1_RW, .accessfn = gicv3_irq_access, 1164 .readfn = icc_ap_read, 1165 .writefn = icc_ap_write, 1166 }, 1167 { .name = "ICC_AP1R3_EL1", .state = ARM_CP_STATE_BOTH, 1168 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 9, .opc2 = 3, 1169 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1170 .access = PL1_RW, .accessfn = gicv3_irq_access, 1171 .readfn = icc_ap_read, 1172 .writefn = icc_ap_write, 1173 }, 1174 { .name = "ICC_DIR_EL1", .state = ARM_CP_STATE_BOTH, 1175 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 1, 1176 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1177 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1178 .writefn = icc_dir_write, 1179 }, 1180 { .name = "ICC_RPR_EL1", .state = ARM_CP_STATE_BOTH, 1181 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 3, 1182 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1183 .access = PL1_R, .accessfn = gicv3_irqfiq_access, 1184 .readfn = icc_rpr_read, 1185 }, 1186 { .name = "ICC_SGI1R_EL1", .state = ARM_CP_STATE_AA64, 1187 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 5, 1188 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1189 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1190 .writefn = icc_sgi1r_write, 1191 }, 1192 { .name = "ICC_SGI1R", 1193 .cp = 15, .opc1 = 0, .crm = 12, 1194 .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_NO_RAW, 1195 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1196 .writefn = icc_sgi1r_write, 1197 }, 1198 { .name = "ICC_ASGI1R_EL1", .state = ARM_CP_STATE_AA64, 1199 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 6, 1200 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1201 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1202 .writefn = icc_asgi1r_write, 1203 }, 1204 { .name = "ICC_ASGI1R", 1205 .cp = 15, .opc1 = 1, .crm = 12, 1206 .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_NO_RAW, 1207 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1208 .writefn = icc_asgi1r_write, 1209 }, 1210 { .name = "ICC_SGI0R_EL1", .state = ARM_CP_STATE_AA64, 1211 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 11, .opc2 = 7, 1212 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1213 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1214 .writefn = icc_sgi0r_write, 1215 }, 1216 { .name = "ICC_SGI0R", 1217 .cp = 15, .opc1 = 2, .crm = 12, 1218 .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_NO_RAW, 1219 .access = PL1_W, .accessfn = gicv3_irqfiq_access, 1220 .writefn = icc_sgi0r_write, 1221 }, 1222 { .name = "ICC_IAR1_EL1", .state = ARM_CP_STATE_BOTH, 1223 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 0, 1224 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1225 .access = PL1_R, .accessfn = gicv3_irq_access, 1226 .readfn = icc_iar1_read, 1227 }, 1228 { .name = "ICC_EOIR1_EL1", .state = ARM_CP_STATE_BOTH, 1229 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 1, 1230 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1231 .access = PL1_W, .accessfn = gicv3_irq_access, 1232 .writefn = icc_eoir_write, 1233 }, 1234 { .name = "ICC_HPPIR1_EL1", .state = ARM_CP_STATE_BOTH, 1235 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 2, 1236 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1237 .access = PL1_R, .accessfn = gicv3_irq_access, 1238 .readfn = icc_hppir1_read, 1239 }, 1240 /* This register is banked */ 1241 { .name = "ICC_BPR1_EL1", .state = ARM_CP_STATE_BOTH, 1242 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 3, 1243 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1244 .access = PL1_RW, .accessfn = gicv3_irq_access, 1245 .readfn = icc_bpr_read, 1246 .writefn = icc_bpr_write, 1247 }, 1248 /* This register is banked */ 1249 { .name = "ICC_CTLR_EL1", .state = ARM_CP_STATE_BOTH, 1250 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 4, 1251 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1252 .access = PL1_RW, .accessfn = gicv3_irqfiq_access, 1253 .readfn = icc_ctlr_el1_read, 1254 .writefn = icc_ctlr_el1_write, 1255 }, 1256 { .name = "ICC_SRE_EL1", .state = ARM_CP_STATE_BOTH, 1257 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 5, 1258 .type = ARM_CP_NO_RAW | ARM_CP_CONST, 1259 .access = PL1_RW, 1260 /* We don't support IRQ/FIQ bypass and system registers are 1261 * always enabled, so all our bits are RAZ/WI or RAO/WI. 1262 * This register is banked but since it's constant we don't 1263 * need to do anything special. 1264 */ 1265 .resetvalue = 0x7, 1266 }, 1267 { .name = "ICC_IGRPEN0_EL1", .state = ARM_CP_STATE_BOTH, 1268 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 6, 1269 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1270 .access = PL1_RW, .accessfn = gicv3_fiq_access, 1271 .fieldoffset = offsetof(GICv3CPUState, icc_igrpen[GICV3_G0]), 1272 .writefn = icc_igrpen_write, 1273 }, 1274 /* This register is banked */ 1275 { .name = "ICC_IGRPEN1_EL1", .state = ARM_CP_STATE_BOTH, 1276 .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 7, 1277 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1278 .access = PL1_RW, .accessfn = gicv3_irq_access, 1279 .readfn = icc_igrpen_read, 1280 .writefn = icc_igrpen_write, 1281 }, 1282 { .name = "ICC_SRE_EL2", .state = ARM_CP_STATE_BOTH, 1283 .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 9, .opc2 = 5, 1284 .type = ARM_CP_NO_RAW | ARM_CP_CONST, 1285 .access = PL2_RW, 1286 /* We don't support IRQ/FIQ bypass and system registers are 1287 * always enabled, so all our bits are RAZ/WI or RAO/WI. 1288 */ 1289 .resetvalue = 0xf, 1290 }, 1291 { .name = "ICC_CTLR_EL3", .state = ARM_CP_STATE_BOTH, 1292 .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 12, .opc2 = 4, 1293 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1294 .access = PL3_RW, 1295 .fieldoffset = offsetof(GICv3CPUState, icc_ctlr_el3), 1296 .readfn = icc_ctlr_el3_read, 1297 .writefn = icc_ctlr_el3_write, 1298 }, 1299 { .name = "ICC_SRE_EL3", .state = ARM_CP_STATE_BOTH, 1300 .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 12, .opc2 = 5, 1301 .type = ARM_CP_NO_RAW | ARM_CP_CONST, 1302 .access = PL3_RW, 1303 /* We don't support IRQ/FIQ bypass and system registers are 1304 * always enabled, so all our bits are RAZ/WI or RAO/WI. 1305 */ 1306 .resetvalue = 0xf, 1307 }, 1308 { .name = "ICC_IGRPEN1_EL3", .state = ARM_CP_STATE_BOTH, 1309 .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 12, .opc2 = 7, 1310 .type = ARM_CP_IO | ARM_CP_NO_RAW, 1311 .access = PL3_RW, 1312 .readfn = icc_igrpen1_el3_read, 1313 .writefn = icc_igrpen1_el3_write, 1314 }, 1315 REGINFO_SENTINEL 1316 }; 1317 1318 static void gicv3_cpuif_el_change_hook(ARMCPU *cpu, void *opaque) 1319 { 1320 GICv3CPUState *cs = opaque; 1321 1322 gicv3_cpuif_update(cs); 1323 } 1324 1325 void gicv3_init_cpuif(GICv3State *s) 1326 { 1327 /* Called from the GICv3 realize function; register our system 1328 * registers with the CPU 1329 */ 1330 int i; 1331 1332 for (i = 0; i < s->num_cpu; i++) { 1333 ARMCPU *cpu = ARM_CPU(qemu_get_cpu(i)); 1334 GICv3CPUState *cs = &s->cpu[i]; 1335 1336 /* Note that we can't just use the GICv3CPUState as an opaque pointer 1337 * in define_arm_cp_regs_with_opaque(), because when we're called back 1338 * it might be with code translated by CPU 0 but run by CPU 1, in 1339 * which case we'd get the wrong value. 1340 * So instead we define the regs with no ri->opaque info, and 1341 * get back to the GICv3CPUState from the ARMCPU by reading back 1342 * the opaque pointer from the el_change_hook, which we're going 1343 * to need to register anyway. 1344 */ 1345 define_arm_cp_regs(cpu, gicv3_cpuif_reginfo); 1346 arm_register_el_change_hook(cpu, gicv3_cpuif_el_change_hook, cs); 1347 } 1348 } 1349