1 /* 2 * ARM GICv3 emulation: Distributor 3 * 4 * Copyright (c) 2015 Huawei. 5 * Copyright (c) 2016 Linaro Limited. 6 * Written by Shlomo Pongratz, Peter Maydell 7 * 8 * This code is licensed under the GPL, version 2 or (at your option) 9 * any later version. 10 */ 11 12 #include "qemu/osdep.h" 13 #include "qemu/log.h" 14 #include "trace.h" 15 #include "gicv3_internal.h" 16 17 /* The GICD_NSACR registers contain a two bit field for each interrupt which 18 * allows the guest to give NonSecure code access to registers controlling 19 * Secure interrupts: 20 * 0b00: no access (NS accesses to bits for Secure interrupts will RAZ/WI) 21 * 0b01: NS r/w accesses permitted to ISPENDR, SETSPI_NSR, SGIR 22 * 0b10: as 0b01, and also r/w to ICPENDR, r/o to ISACTIVER/ICACTIVER, 23 * and w/o to CLRSPI_NSR 24 * 0b11: as 0b10, and also r/w to IROUTER and ITARGETSR 25 * 26 * Given a (multiple-of-32) interrupt number, these mask functions return 27 * a mask word where each bit is 1 if the NSACR settings permit access 28 * to the interrupt. The mask returned can then be ORed with the GICD_GROUP 29 * word for this set of interrupts to give an overall mask. 30 */ 31 32 typedef uint32_t maskfn(GICv3State *s, int irq); 33 34 static uint32_t mask_nsacr_ge1(GICv3State *s, int irq) 35 { 36 /* Return a mask where each bit is set if the NSACR field is >= 1 */ 37 uint64_t raw_nsacr = s->gicd_nsacr[irq / 16 + 1]; 38 39 raw_nsacr = raw_nsacr << 32 | s->gicd_nsacr[irq / 16]; 40 raw_nsacr = (raw_nsacr >> 1) | raw_nsacr; 41 return half_unshuffle64(raw_nsacr); 42 } 43 44 static uint32_t mask_nsacr_ge2(GICv3State *s, int irq) 45 { 46 /* Return a mask where each bit is set if the NSACR field is >= 2 */ 47 uint64_t raw_nsacr = s->gicd_nsacr[irq / 16 + 1]; 48 49 raw_nsacr = raw_nsacr << 32 | s->gicd_nsacr[irq / 16]; 50 raw_nsacr = raw_nsacr >> 1; 51 return half_unshuffle64(raw_nsacr); 52 } 53 54 /* We don't need a mask_nsacr_ge3() because IROUTER<n> isn't a bitmap register, 55 * but it would be implemented using: 56 * raw_nsacr = (raw_nsacr >> 1) & raw_nsacr; 57 */ 58 59 static uint32_t mask_group_and_nsacr(GICv3State *s, MemTxAttrs attrs, 60 maskfn *maskfn, int irq) 61 { 62 /* Return a 32-bit mask which should be applied for this set of 32 63 * interrupts; each bit is 1 if access is permitted by the 64 * combination of attrs.secure, GICD_GROUPR and GICD_NSACR. 65 */ 66 uint32_t mask; 67 68 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { 69 /* bits for Group 0 or Secure Group 1 interrupts are RAZ/WI 70 * unless the NSACR bits permit access. 71 */ 72 mask = *gic_bmp_ptr32(s->group, irq); 73 if (maskfn) { 74 mask |= maskfn(s, irq); 75 } 76 return mask; 77 } 78 return 0xFFFFFFFFU; 79 } 80 81 static int gicd_ns_access(GICv3State *s, int irq) 82 { 83 /* Return the 2 bit NS_access<x> field from GICD_NSACR<n> for the 84 * specified interrupt. 85 */ 86 if (irq < GIC_INTERNAL || irq >= s->num_irq) { 87 return 0; 88 } 89 return extract32(s->gicd_nsacr[irq / 16], (irq % 16) * 2, 2); 90 } 91 92 static void gicd_write_bitmap_reg(GICv3State *s, MemTxAttrs attrs, 93 uint32_t *bmp, maskfn *maskfn, 94 int offset, uint32_t val) 95 { 96 /* 97 * Helper routine to implement writing to a "set" register 98 * (GICD_INMIR, etc). 99 * Semantics implemented here: 100 * RAZ/WI for SGIs, PPIs, unimplemented IRQs 101 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI. 102 * offset should be the offset in bytes of the register from the start 103 * of its group. 104 */ 105 int irq = offset * 8; 106 107 if (irq < GIC_INTERNAL || irq >= s->num_irq) { 108 return; 109 } 110 val &= mask_group_and_nsacr(s, attrs, maskfn, irq); 111 *gic_bmp_ptr32(bmp, irq) = val; 112 gicv3_update(s, irq, 32); 113 } 114 115 static void gicd_write_set_bitmap_reg(GICv3State *s, MemTxAttrs attrs, 116 uint32_t *bmp, 117 maskfn *maskfn, 118 int offset, uint32_t val) 119 { 120 /* Helper routine to implement writing to a "set-bitmap" register 121 * (GICD_ISENABLER, GICD_ISPENDR, etc). 122 * Semantics implemented here: 123 * RAZ/WI for SGIs, PPIs, unimplemented IRQs 124 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI. 125 * Writing 1 means "set bit in bitmap"; writing 0 is ignored. 126 * offset should be the offset in bytes of the register from the start 127 * of its group. 128 */ 129 int irq = offset * 8; 130 131 if (irq < GIC_INTERNAL || irq >= s->num_irq) { 132 return; 133 } 134 val &= mask_group_and_nsacr(s, attrs, maskfn, irq); 135 *gic_bmp_ptr32(bmp, irq) |= val; 136 gicv3_update(s, irq, 32); 137 } 138 139 static void gicd_write_clear_bitmap_reg(GICv3State *s, MemTxAttrs attrs, 140 uint32_t *bmp, 141 maskfn *maskfn, 142 int offset, uint32_t val) 143 { 144 /* Helper routine to implement writing to a "clear-bitmap" register 145 * (GICD_ICENABLER, GICD_ICPENDR, etc). 146 * Semantics implemented here: 147 * RAZ/WI for SGIs, PPIs, unimplemented IRQs 148 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI. 149 * Writing 1 means "clear bit in bitmap"; writing 0 is ignored. 150 * offset should be the offset in bytes of the register from the start 151 * of its group. 152 */ 153 int irq = offset * 8; 154 155 if (irq < GIC_INTERNAL || irq >= s->num_irq) { 156 return; 157 } 158 val &= mask_group_and_nsacr(s, attrs, maskfn, irq); 159 *gic_bmp_ptr32(bmp, irq) &= ~val; 160 gicv3_update(s, irq, 32); 161 } 162 163 static uint32_t gicd_read_bitmap_reg(GICv3State *s, MemTxAttrs attrs, 164 uint32_t *bmp, 165 maskfn *maskfn, 166 int offset) 167 { 168 /* Helper routine to implement reading a "set/clear-bitmap" register 169 * (GICD_ICENABLER, GICD_ISENABLER, GICD_ICPENDR, etc). 170 * Semantics implemented here: 171 * RAZ/WI for SGIs, PPIs, unimplemented IRQs 172 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI. 173 * offset should be the offset in bytes of the register from the start 174 * of its group. 175 */ 176 int irq = offset * 8; 177 uint32_t val; 178 179 if (irq < GIC_INTERNAL || irq >= s->num_irq) { 180 return 0; 181 } 182 val = *gic_bmp_ptr32(bmp, irq); 183 if (bmp == s->pending) { 184 /* The PENDING register is a special case -- for level triggered 185 * interrupts, the PENDING state is the logical OR of the state of 186 * the PENDING latch with the input line level. 187 */ 188 uint32_t edge = *gic_bmp_ptr32(s->edge_trigger, irq); 189 uint32_t level = *gic_bmp_ptr32(s->level, irq); 190 val |= (~edge & level); 191 } 192 val &= mask_group_and_nsacr(s, attrs, maskfn, irq); 193 return val; 194 } 195 196 static uint8_t gicd_read_ipriorityr(GICv3State *s, MemTxAttrs attrs, int irq) 197 { 198 /* Read the value of GICD_IPRIORITYR<n> for the specified interrupt, 199 * honouring security state (these are RAZ/WI for Group 0 or Secure 200 * Group 1 interrupts). 201 */ 202 uint32_t prio; 203 204 if (irq < GIC_INTERNAL || irq >= s->num_irq) { 205 return 0; 206 } 207 208 prio = s->gicd_ipriority[irq]; 209 210 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { 211 if (!gicv3_gicd_group_test(s, irq)) { 212 /* Fields for Group 0 or Secure Group 1 interrupts are RAZ/WI */ 213 return 0; 214 } 215 /* NS view of the interrupt priority */ 216 prio = (prio << 1) & 0xff; 217 } 218 return prio; 219 } 220 221 static void gicd_write_ipriorityr(GICv3State *s, MemTxAttrs attrs, int irq, 222 uint8_t value) 223 { 224 /* Write the value of GICD_IPRIORITYR<n> for the specified interrupt, 225 * honouring security state (these are RAZ/WI for Group 0 or Secure 226 * Group 1 interrupts). 227 */ 228 if (irq < GIC_INTERNAL || irq >= s->num_irq) { 229 return; 230 } 231 232 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { 233 if (!gicv3_gicd_group_test(s, irq)) { 234 /* Fields for Group 0 or Secure Group 1 interrupts are RAZ/WI */ 235 return; 236 } 237 /* NS view of the interrupt priority */ 238 value = 0x80 | (value >> 1); 239 } 240 s->gicd_ipriority[irq] = value; 241 } 242 243 static uint64_t gicd_read_irouter(GICv3State *s, MemTxAttrs attrs, int irq) 244 { 245 /* Read the value of GICD_IROUTER<n> for the specified interrupt, 246 * honouring security state. 247 */ 248 if (irq < GIC_INTERNAL || irq >= s->num_irq) { 249 return 0; 250 } 251 252 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { 253 /* RAZ/WI for NS accesses to secure interrupts */ 254 if (!gicv3_gicd_group_test(s, irq)) { 255 if (gicd_ns_access(s, irq) != 3) { 256 return 0; 257 } 258 } 259 } 260 261 return s->gicd_irouter[irq]; 262 } 263 264 static void gicd_write_irouter(GICv3State *s, MemTxAttrs attrs, int irq, 265 uint64_t val) 266 { 267 /* Write the value of GICD_IROUTER<n> for the specified interrupt, 268 * honouring security state. 269 */ 270 if (irq < GIC_INTERNAL || irq >= s->num_irq) { 271 return; 272 } 273 274 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { 275 /* RAZ/WI for NS accesses to secure interrupts */ 276 if (!gicv3_gicd_group_test(s, irq)) { 277 if (gicd_ns_access(s, irq) != 3) { 278 return; 279 } 280 } 281 } 282 283 s->gicd_irouter[irq] = val; 284 gicv3_cache_target_cpustate(s, irq); 285 gicv3_update(s, irq, 1); 286 } 287 288 /** 289 * gicd_readb 290 * gicd_readw 291 * gicd_readl 292 * gicd_readq 293 * gicd_writeb 294 * gicd_writew 295 * gicd_writel 296 * gicd_writeq 297 * 298 * Return %true if the operation succeeded, %false otherwise. 299 */ 300 301 static bool gicd_readb(GICv3State *s, hwaddr offset, 302 uint64_t *data, MemTxAttrs attrs) 303 { 304 /* Most GICv3 distributor registers do not support byte accesses. */ 305 switch (offset) { 306 case GICD_CPENDSGIR ... GICD_CPENDSGIR + 0xf: 307 case GICD_SPENDSGIR ... GICD_SPENDSGIR + 0xf: 308 case GICD_ITARGETSR ... GICD_ITARGETSR + 0x3ff: 309 /* This GIC implementation always has affinity routing enabled, 310 * so these registers are all RAZ/WI. 311 */ 312 return true; 313 case GICD_IPRIORITYR ... GICD_IPRIORITYR + 0x3ff: 314 *data = gicd_read_ipriorityr(s, attrs, offset - GICD_IPRIORITYR); 315 return true; 316 default: 317 return false; 318 } 319 } 320 321 static bool gicd_writeb(GICv3State *s, hwaddr offset, 322 uint64_t value, MemTxAttrs attrs) 323 { 324 /* Most GICv3 distributor registers do not support byte accesses. */ 325 switch (offset) { 326 case GICD_CPENDSGIR ... GICD_CPENDSGIR + 0xf: 327 case GICD_SPENDSGIR ... GICD_SPENDSGIR + 0xf: 328 case GICD_ITARGETSR ... GICD_ITARGETSR + 0x3ff: 329 /* This GIC implementation always has affinity routing enabled, 330 * so these registers are all RAZ/WI. 331 */ 332 return true; 333 case GICD_IPRIORITYR ... GICD_IPRIORITYR + 0x3ff: 334 { 335 int irq = offset - GICD_IPRIORITYR; 336 337 if (irq < GIC_INTERNAL || irq >= s->num_irq) { 338 return true; 339 } 340 gicd_write_ipriorityr(s, attrs, irq, value); 341 gicv3_update(s, irq, 1); 342 return true; 343 } 344 default: 345 return false; 346 } 347 } 348 349 static bool gicd_readw(GICv3State *s, hwaddr offset, 350 uint64_t *data, MemTxAttrs attrs) 351 { 352 /* Only GICD_SETSPI_NSR, GICD_CLRSPI_NSR, GICD_SETSPI_SR and GICD_SETSPI_NSR 353 * support 16 bit accesses, and those registers are all part of the 354 * optional message-based SPI feature which this GIC does not currently 355 * implement (ie for us GICD_TYPER.MBIS == 0), so for us they are 356 * reserved. 357 */ 358 return false; 359 } 360 361 static bool gicd_writew(GICv3State *s, hwaddr offset, 362 uint64_t value, MemTxAttrs attrs) 363 { 364 /* Only GICD_SETSPI_NSR, GICD_CLRSPI_NSR, GICD_SETSPI_SR and GICD_SETSPI_NSR 365 * support 16 bit accesses, and those registers are all part of the 366 * optional message-based SPI feature which this GIC does not currently 367 * implement (ie for us GICD_TYPER.MBIS == 0), so for us they are 368 * reserved. 369 */ 370 return false; 371 } 372 373 static bool gicd_readl(GICv3State *s, hwaddr offset, 374 uint64_t *data, MemTxAttrs attrs) 375 { 376 /* Almost all GICv3 distributor registers are 32-bit. 377 * Note that WO registers must return an UNKNOWN value on reads, 378 * not an abort. 379 */ 380 381 switch (offset) { 382 case GICD_CTLR: 383 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { 384 /* The NS view of the GICD_CTLR sees only certain bits: 385 * + bit [31] (RWP) is an alias of the Secure bit [31] 386 * + bit [4] (ARE_NS) is an alias of Secure bit [5] 387 * + bit [1] (EnableGrp1A) is an alias of Secure bit [1] if 388 * NS affinity routing is enabled, otherwise RES0 389 * + bit [0] (EnableGrp1) is an alias of Secure bit [1] if 390 * NS affinity routing is not enabled, otherwise RES0 391 * Since for QEMU affinity routing is always enabled 392 * for both S and NS this means that bits [4] and [5] are 393 * both always 1, and we can simply make the NS view 394 * be bits 31, 4 and 1 of the S view. 395 */ 396 *data = s->gicd_ctlr & (GICD_CTLR_ARE_S | 397 GICD_CTLR_EN_GRP1NS | 398 GICD_CTLR_RWP); 399 } else { 400 *data = s->gicd_ctlr; 401 } 402 return true; 403 case GICD_TYPER: 404 { 405 /* For this implementation: 406 * No1N == 1 (1-of-N SPI interrupts not supported) 407 * A3V == 1 (non-zero values of Affinity level 3 supported) 408 * IDbits == 0xf (we support 16-bit interrupt identifiers) 409 * DVIS == 1 (Direct virtual LPI injection supported) if GICv4 410 * LPIS == 1 (LPIs are supported if affinity routing is enabled) 411 * num_LPIs == 0b00000 (bits [15:11],Number of LPIs as indicated 412 * by GICD_TYPER.IDbits) 413 * MBIS == 0 (message-based SPIs not supported) 414 * SecurityExtn == 1 if security extns supported 415 * NMI = 1 if Non-maskable interrupt property is supported 416 * CPUNumber == 0 since for us ARE is always 1 417 * ITLinesNumber == (((max SPI IntID + 1) / 32) - 1) 418 */ 419 int itlinesnumber = (s->num_irq / 32) - 1; 420 /* 421 * SecurityExtn must be RAZ if GICD_CTLR.DS == 1, and 422 * "security extensions not supported" always implies DS == 1, 423 * so we only need to check the DS bit. 424 */ 425 bool sec_extn = !(s->gicd_ctlr & GICD_CTLR_DS); 426 bool dvis = s->revision >= 4; 427 428 *data = (1 << 25) | (1 << 24) | (dvis << 18) | (sec_extn << 10) | 429 (s->nmi_support << GICD_TYPER_NMI_SHIFT) | 430 (s->lpi_enable << GICD_TYPER_LPIS_SHIFT) | 431 (0xf << 19) | itlinesnumber; 432 return true; 433 } 434 case GICD_IIDR: 435 /* We claim to be an ARM r0p0 with a zero ProductID. 436 * This is the same as an r0p0 GIC-500. 437 */ 438 *data = gicv3_iidr(); 439 return true; 440 case GICD_STATUSR: 441 /* RAZ/WI for us (this is an optional register and our implementation 442 * does not track RO/WO/reserved violations to report them to the guest) 443 */ 444 *data = 0; 445 return true; 446 case GICD_IGROUPR ... GICD_IGROUPR + 0x7f: 447 { 448 int irq; 449 450 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { 451 *data = 0; 452 return true; 453 } 454 /* RAZ/WI for SGIs, PPIs, unimplemented irqs */ 455 irq = (offset - GICD_IGROUPR) * 8; 456 if (irq < GIC_INTERNAL || irq >= s->num_irq) { 457 *data = 0; 458 return true; 459 } 460 *data = *gic_bmp_ptr32(s->group, irq); 461 return true; 462 } 463 case GICD_ISENABLER ... GICD_ISENABLER + 0x7f: 464 *data = gicd_read_bitmap_reg(s, attrs, s->enabled, NULL, 465 offset - GICD_ISENABLER); 466 return true; 467 case GICD_ICENABLER ... GICD_ICENABLER + 0x7f: 468 *data = gicd_read_bitmap_reg(s, attrs, s->enabled, NULL, 469 offset - GICD_ICENABLER); 470 return true; 471 case GICD_ISPENDR ... GICD_ISPENDR + 0x7f: 472 *data = gicd_read_bitmap_reg(s, attrs, s->pending, mask_nsacr_ge1, 473 offset - GICD_ISPENDR); 474 return true; 475 case GICD_ICPENDR ... GICD_ICPENDR + 0x7f: 476 *data = gicd_read_bitmap_reg(s, attrs, s->pending, mask_nsacr_ge2, 477 offset - GICD_ICPENDR); 478 return true; 479 case GICD_ISACTIVER ... GICD_ISACTIVER + 0x7f: 480 *data = gicd_read_bitmap_reg(s, attrs, s->active, mask_nsacr_ge2, 481 offset - GICD_ISACTIVER); 482 return true; 483 case GICD_ICACTIVER ... GICD_ICACTIVER + 0x7f: 484 *data = gicd_read_bitmap_reg(s, attrs, s->active, mask_nsacr_ge2, 485 offset - GICD_ICACTIVER); 486 return true; 487 case GICD_IPRIORITYR ... GICD_IPRIORITYR + 0x3ff: 488 { 489 int i, irq = offset - GICD_IPRIORITYR; 490 uint32_t value = 0; 491 492 for (i = irq + 3; i >= irq; i--) { 493 value <<= 8; 494 value |= gicd_read_ipriorityr(s, attrs, i); 495 } 496 *data = value; 497 return true; 498 } 499 case GICD_ITARGETSR ... GICD_ITARGETSR + 0x3ff: 500 /* RAZ/WI since affinity routing is always enabled */ 501 *data = 0; 502 return true; 503 case GICD_ICFGR ... GICD_ICFGR + 0xff: 504 { 505 /* Here only the even bits are used; odd bits are RES0 */ 506 int irq = (offset - GICD_ICFGR) * 4; 507 uint32_t value = 0; 508 509 if (irq < GIC_INTERNAL || irq >= s->num_irq) { 510 *data = 0; 511 return true; 512 } 513 514 /* Since our edge_trigger bitmap is one bit per irq, we only need 515 * half of the 32-bit word, which we can then spread out 516 * into the odd bits. 517 */ 518 value = *gic_bmp_ptr32(s->edge_trigger, irq & ~0x1f); 519 value &= mask_group_and_nsacr(s, attrs, NULL, irq & ~0x1f); 520 value = extract32(value, (irq & 0x1f) ? 16 : 0, 16); 521 value = half_shuffle32(value) << 1; 522 *data = value; 523 return true; 524 } 525 case GICD_IGRPMODR ... GICD_IGRPMODR + 0xff: 526 { 527 int irq; 528 529 if ((s->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { 530 /* RAZ/WI if security disabled, or if 531 * security enabled and this is an NS access 532 */ 533 *data = 0; 534 return true; 535 } 536 /* RAZ/WI for SGIs, PPIs, unimplemented irqs */ 537 irq = (offset - GICD_IGRPMODR) * 8; 538 if (irq < GIC_INTERNAL || irq >= s->num_irq) { 539 *data = 0; 540 return true; 541 } 542 *data = *gic_bmp_ptr32(s->grpmod, irq); 543 return true; 544 } 545 case GICD_NSACR ... GICD_NSACR + 0xff: 546 { 547 /* Two bits per interrupt */ 548 int irq = (offset - GICD_NSACR) * 4; 549 550 if (irq < GIC_INTERNAL || irq >= s->num_irq) { 551 *data = 0; 552 return true; 553 } 554 555 if ((s->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { 556 /* RAZ/WI if security disabled, or if 557 * security enabled and this is an NS access 558 */ 559 *data = 0; 560 return true; 561 } 562 563 *data = s->gicd_nsacr[irq / 16]; 564 return true; 565 } 566 case GICD_CPENDSGIR ... GICD_CPENDSGIR + 0xf: 567 case GICD_SPENDSGIR ... GICD_SPENDSGIR + 0xf: 568 /* RAZ/WI since affinity routing is always enabled */ 569 *data = 0; 570 return true; 571 case GICD_INMIR ... GICD_INMIR + 0x7f: 572 *data = (!s->nmi_support) ? 0 : 573 gicd_read_bitmap_reg(s, attrs, s->nmi, NULL, 574 offset - GICD_INMIR); 575 return true; 576 case GICD_IROUTER ... GICD_IROUTER + 0x1fdf: 577 { 578 uint64_t r; 579 int irq = (offset - GICD_IROUTER) / 8; 580 581 r = gicd_read_irouter(s, attrs, irq); 582 if (offset & 7) { 583 *data = r >> 32; 584 } else { 585 *data = (uint32_t)r; 586 } 587 return true; 588 } 589 case GICD_IDREGS ... GICD_IDREGS + 0x2f: 590 /* ID registers */ 591 *data = gicv3_idreg(s, offset - GICD_IDREGS, GICV3_PIDR0_DIST); 592 return true; 593 case GICD_SGIR: 594 /* WO registers, return unknown value */ 595 qemu_log_mask(LOG_GUEST_ERROR, 596 "%s: invalid guest read from WO register at offset " 597 HWADDR_FMT_plx "\n", __func__, offset); 598 *data = 0; 599 return true; 600 default: 601 return false; 602 } 603 } 604 605 static bool gicd_writel(GICv3State *s, hwaddr offset, 606 uint64_t value, MemTxAttrs attrs) 607 { 608 /* Almost all GICv3 distributor registers are 32-bit. Note that 609 * RO registers must ignore writes, not abort. 610 */ 611 612 switch (offset) { 613 case GICD_CTLR: 614 { 615 uint32_t mask; 616 /* GICv3 5.3.20 */ 617 if (s->gicd_ctlr & GICD_CTLR_DS) { 618 /* With only one security state, E1NWF is RAZ/WI, DS is RAO/WI, 619 * ARE is RAO/WI (affinity routing always on), and only 620 * bits 0 and 1 (group enables) are writable. 621 */ 622 mask = GICD_CTLR_EN_GRP0 | GICD_CTLR_EN_GRP1NS; 623 } else { 624 if (attrs.secure) { 625 /* for secure access: 626 * ARE_NS and ARE_S are RAO/WI (affinity routing always on) 627 * E1NWF is RAZ/WI (we don't support enable-1-of-n-wakeup) 628 * 629 * We can only modify bits[2:0] (the group enables). 630 */ 631 mask = GICD_CTLR_DS | GICD_CTLR_EN_GRP0 | GICD_CTLR_EN_GRP1_ALL; 632 } else { 633 /* For non secure access ARE_NS is RAO/WI and EnableGrp1 634 * is RES0. The only writable bit is [1] (EnableGrp1A), which 635 * is an alias of the Secure bit [1]. 636 */ 637 mask = GICD_CTLR_EN_GRP1NS; 638 } 639 } 640 s->gicd_ctlr = (s->gicd_ctlr & ~mask) | (value & mask); 641 if (value & mask & GICD_CTLR_DS) { 642 /* We just set DS, so the ARE_NS and EnG1S bits are now RES0. 643 * Note that this is a one-way transition because if DS is set 644 * then it's not writable, so it can only go back to 0 with a 645 * hardware reset. 646 */ 647 s->gicd_ctlr &= ~(GICD_CTLR_EN_GRP1S | GICD_CTLR_ARE_NS); 648 } 649 gicv3_full_update(s); 650 return true; 651 } 652 case GICD_STATUSR: 653 /* RAZ/WI for our implementation */ 654 return true; 655 case GICD_IGROUPR ... GICD_IGROUPR + 0x7f: 656 { 657 int irq; 658 659 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { 660 return true; 661 } 662 /* RAZ/WI for SGIs, PPIs, unimplemented irqs */ 663 irq = (offset - GICD_IGROUPR) * 8; 664 if (irq < GIC_INTERNAL || irq >= s->num_irq) { 665 return true; 666 } 667 *gic_bmp_ptr32(s->group, irq) = value; 668 gicv3_update(s, irq, 32); 669 return true; 670 } 671 case GICD_ISENABLER ... GICD_ISENABLER + 0x7f: 672 gicd_write_set_bitmap_reg(s, attrs, s->enabled, NULL, 673 offset - GICD_ISENABLER, value); 674 return true; 675 case GICD_ICENABLER ... GICD_ICENABLER + 0x7f: 676 gicd_write_clear_bitmap_reg(s, attrs, s->enabled, NULL, 677 offset - GICD_ICENABLER, value); 678 return true; 679 case GICD_ISPENDR ... GICD_ISPENDR + 0x7f: 680 gicd_write_set_bitmap_reg(s, attrs, s->pending, mask_nsacr_ge1, 681 offset - GICD_ISPENDR, value); 682 return true; 683 case GICD_ICPENDR ... GICD_ICPENDR + 0x7f: 684 gicd_write_clear_bitmap_reg(s, attrs, s->pending, mask_nsacr_ge2, 685 offset - GICD_ICPENDR, value); 686 return true; 687 case GICD_ISACTIVER ... GICD_ISACTIVER + 0x7f: 688 gicd_write_set_bitmap_reg(s, attrs, s->active, NULL, 689 offset - GICD_ISACTIVER, value); 690 return true; 691 case GICD_ICACTIVER ... GICD_ICACTIVER + 0x7f: 692 gicd_write_clear_bitmap_reg(s, attrs, s->active, NULL, 693 offset - GICD_ICACTIVER, value); 694 return true; 695 case GICD_IPRIORITYR ... GICD_IPRIORITYR + 0x3ff: 696 { 697 int i, irq = offset - GICD_IPRIORITYR; 698 699 if (irq < GIC_INTERNAL || irq + 3 >= s->num_irq) { 700 return true; 701 } 702 703 for (i = irq; i < irq + 4; i++, value >>= 8) { 704 gicd_write_ipriorityr(s, attrs, i, value); 705 } 706 gicv3_update(s, irq, 4); 707 return true; 708 } 709 case GICD_ITARGETSR ... GICD_ITARGETSR + 0x3ff: 710 /* RAZ/WI since affinity routing is always enabled */ 711 return true; 712 case GICD_ICFGR ... GICD_ICFGR + 0xff: 713 { 714 /* Here only the odd bits are used; even bits are RES0 */ 715 int irq = (offset - GICD_ICFGR) * 4; 716 uint32_t mask, oldval; 717 718 if (irq < GIC_INTERNAL || irq >= s->num_irq) { 719 return true; 720 } 721 722 /* Since our edge_trigger bitmap is one bit per irq, our input 723 * 32-bits will compress down into 16 bits which we need 724 * to write into the bitmap. 725 */ 726 value = half_unshuffle32(value >> 1); 727 mask = mask_group_and_nsacr(s, attrs, NULL, irq & ~0x1f); 728 if (irq & 0x1f) { 729 value <<= 16; 730 mask &= 0xffff0000U; 731 } else { 732 mask &= 0xffff; 733 } 734 oldval = *gic_bmp_ptr32(s->edge_trigger, (irq & ~0x1f)); 735 value = (oldval & ~mask) | (value & mask); 736 *gic_bmp_ptr32(s->edge_trigger, irq & ~0x1f) = value; 737 return true; 738 } 739 case GICD_IGRPMODR ... GICD_IGRPMODR + 0xff: 740 { 741 int irq; 742 743 if ((s->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { 744 /* RAZ/WI if security disabled, or if 745 * security enabled and this is an NS access 746 */ 747 return true; 748 } 749 /* RAZ/WI for SGIs, PPIs, unimplemented irqs */ 750 irq = (offset - GICD_IGRPMODR) * 8; 751 if (irq < GIC_INTERNAL || irq >= s->num_irq) { 752 return true; 753 } 754 *gic_bmp_ptr32(s->grpmod, irq) = value; 755 gicv3_update(s, irq, 32); 756 return true; 757 } 758 case GICD_NSACR ... GICD_NSACR + 0xff: 759 { 760 /* Two bits per interrupt */ 761 int irq = (offset - GICD_NSACR) * 4; 762 763 if (irq < GIC_INTERNAL || irq >= s->num_irq) { 764 return true; 765 } 766 767 if ((s->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { 768 /* RAZ/WI if security disabled, or if 769 * security enabled and this is an NS access 770 */ 771 return true; 772 } 773 774 s->gicd_nsacr[irq / 16] = value; 775 /* No update required as this only affects access permission checks */ 776 return true; 777 } 778 case GICD_SGIR: 779 /* RES0 if affinity routing is enabled */ 780 return true; 781 case GICD_CPENDSGIR ... GICD_CPENDSGIR + 0xf: 782 case GICD_SPENDSGIR ... GICD_SPENDSGIR + 0xf: 783 /* RAZ/WI since affinity routing is always enabled */ 784 return true; 785 case GICD_INMIR ... GICD_INMIR + 0x7f: 786 if (s->nmi_support) { 787 gicd_write_bitmap_reg(s, attrs, s->nmi, NULL, 788 offset - GICD_INMIR, value); 789 } 790 return true; 791 case GICD_IROUTER ... GICD_IROUTER + 0x1fdf: 792 { 793 uint64_t r; 794 int irq = (offset - GICD_IROUTER) / 8; 795 796 if (irq < GIC_INTERNAL || irq >= s->num_irq) { 797 return true; 798 } 799 800 /* Write half of the 64-bit register */ 801 r = gicd_read_irouter(s, attrs, irq); 802 r = deposit64(r, (offset & 7) ? 32 : 0, 32, value); 803 gicd_write_irouter(s, attrs, irq, r); 804 return true; 805 } 806 case GICD_IDREGS ... GICD_IDREGS + 0x2f: 807 case GICD_TYPER: 808 case GICD_IIDR: 809 /* RO registers, ignore the write */ 810 qemu_log_mask(LOG_GUEST_ERROR, 811 "%s: invalid guest write to RO register at offset " 812 HWADDR_FMT_plx "\n", __func__, offset); 813 return true; 814 default: 815 return false; 816 } 817 } 818 819 static bool gicd_writeq(GICv3State *s, hwaddr offset, 820 uint64_t value, MemTxAttrs attrs) 821 { 822 /* Our only 64-bit registers are GICD_IROUTER<n> */ 823 int irq; 824 825 switch (offset) { 826 case GICD_IROUTER ... GICD_IROUTER + 0x1fdf: 827 irq = (offset - GICD_IROUTER) / 8; 828 gicd_write_irouter(s, attrs, irq, value); 829 return true; 830 default: 831 return false; 832 } 833 } 834 835 static bool gicd_readq(GICv3State *s, hwaddr offset, 836 uint64_t *data, MemTxAttrs attrs) 837 { 838 /* Our only 64-bit registers are GICD_IROUTER<n> */ 839 int irq; 840 841 switch (offset) { 842 case GICD_IROUTER ... GICD_IROUTER + 0x1fdf: 843 irq = (offset - GICD_IROUTER) / 8; 844 *data = gicd_read_irouter(s, attrs, irq); 845 return true; 846 default: 847 return false; 848 } 849 } 850 851 MemTxResult gicv3_dist_read(void *opaque, hwaddr offset, uint64_t *data, 852 unsigned size, MemTxAttrs attrs) 853 { 854 GICv3State *s = (GICv3State *)opaque; 855 bool r; 856 857 switch (size) { 858 case 1: 859 r = gicd_readb(s, offset, data, attrs); 860 break; 861 case 2: 862 r = gicd_readw(s, offset, data, attrs); 863 break; 864 case 4: 865 r = gicd_readl(s, offset, data, attrs); 866 break; 867 case 8: 868 r = gicd_readq(s, offset, data, attrs); 869 break; 870 default: 871 r = false; 872 break; 873 } 874 875 if (!r) { 876 qemu_log_mask(LOG_GUEST_ERROR, 877 "%s: invalid guest read at offset " HWADDR_FMT_plx 878 " size %u\n", __func__, offset, size); 879 trace_gicv3_dist_badread(offset, size, attrs.secure); 880 /* The spec requires that reserved registers are RAZ/WI; 881 * so use MEMTX_ERROR returns from leaf functions as a way to 882 * trigger the guest-error logging but don't return it to 883 * the caller, or we'll cause a spurious guest data abort. 884 */ 885 *data = 0; 886 } else { 887 trace_gicv3_dist_read(offset, *data, size, attrs.secure); 888 } 889 return MEMTX_OK; 890 } 891 892 MemTxResult gicv3_dist_write(void *opaque, hwaddr offset, uint64_t data, 893 unsigned size, MemTxAttrs attrs) 894 { 895 GICv3State *s = (GICv3State *)opaque; 896 bool r; 897 898 switch (size) { 899 case 1: 900 r = gicd_writeb(s, offset, data, attrs); 901 break; 902 case 2: 903 r = gicd_writew(s, offset, data, attrs); 904 break; 905 case 4: 906 r = gicd_writel(s, offset, data, attrs); 907 break; 908 case 8: 909 r = gicd_writeq(s, offset, data, attrs); 910 break; 911 default: 912 r = false; 913 break; 914 } 915 916 if (!r) { 917 qemu_log_mask(LOG_GUEST_ERROR, 918 "%s: invalid guest write at offset " HWADDR_FMT_plx 919 " size %u\n", __func__, offset, size); 920 trace_gicv3_dist_badwrite(offset, data, size, attrs.secure); 921 /* The spec requires that reserved registers are RAZ/WI; 922 * so use MEMTX_ERROR returns from leaf functions as a way to 923 * trigger the guest-error logging but don't return it to 924 * the caller, or we'll cause a spurious guest data abort. 925 */ 926 } else { 927 trace_gicv3_dist_write(offset, data, size, attrs.secure); 928 } 929 return MEMTX_OK; 930 } 931 932 void gicv3_dist_set_irq(GICv3State *s, int irq, int level) 933 { 934 /* Update distributor state for a change in an external SPI input line */ 935 if (level == gicv3_gicd_level_test(s, irq)) { 936 return; 937 } 938 939 trace_gicv3_dist_set_irq(irq, level); 940 941 gicv3_gicd_level_replace(s, irq, level); 942 943 if (level) { 944 /* 0->1 edges latch the pending bit for edge-triggered interrupts */ 945 if (gicv3_gicd_edge_trigger_test(s, irq)) { 946 gicv3_gicd_pending_set(s, irq); 947 } 948 } 949 950 gicv3_update(s, irq, 1); 951 } 952