1 /* 2 * ITS emulation for a GICv3-based system 3 * 4 * Copyright Linaro.org 2021 5 * 6 * Authors: 7 * Shashi Mallela <shashi.mallela@linaro.org> 8 * 9 * This work is licensed under the terms of the GNU GPL, version 2 or (at your 10 * option) any later version. See the COPYING file in the top-level directory. 11 * 12 */ 13 14 #include "qemu/osdep.h" 15 #include "qemu/log.h" 16 #include "trace.h" 17 #include "hw/qdev-properties.h" 18 #include "hw/intc/arm_gicv3_its_common.h" 19 #include "gicv3_internal.h" 20 #include "qom/object.h" 21 #include "qapi/error.h" 22 23 typedef struct GICv3ITSClass GICv3ITSClass; 24 /* This is reusing the GICv3ITSState typedef from ARM_GICV3_ITS_COMMON */ 25 DECLARE_OBJ_CHECKERS(GICv3ITSState, GICv3ITSClass, 26 ARM_GICV3_ITS, TYPE_ARM_GICV3_ITS) 27 28 struct GICv3ITSClass { 29 GICv3ITSCommonClass parent_class; 30 void (*parent_reset)(DeviceState *dev); 31 }; 32 33 /* 34 * This is an internal enum used to distinguish between LPI triggered 35 * via command queue and LPI triggered via gits_translater write. 36 */ 37 typedef enum ItsCmdType { 38 NONE = 0, /* internal indication for GITS_TRANSLATER write */ 39 CLEAR = 1, 40 DISCARD = 2, 41 INTERRUPT = 3, 42 } ItsCmdType; 43 44 typedef struct { 45 uint32_t iteh; 46 uint64_t itel; 47 } IteEntry; 48 49 /* 50 * The ITS spec permits a range of CONSTRAINED UNPREDICTABLE options 51 * if a command parameter is not correct. These include both "stall 52 * processing of the command queue" and "ignore this command, and 53 * keep processing the queue". In our implementation we choose that 54 * memory transaction errors reading the command packet provoke a 55 * stall, but errors in parameters cause us to ignore the command 56 * and continue processing. 57 * The process_* functions which handle individual ITS commands all 58 * return an ItsCmdResult which tells process_cmdq() whether it should 59 * stall or keep going. 60 */ 61 typedef enum ItsCmdResult { 62 CMD_STALL = 0, 63 CMD_CONTINUE = 1, 64 } ItsCmdResult; 65 66 static uint64_t baser_base_addr(uint64_t value, uint32_t page_sz) 67 { 68 uint64_t result = 0; 69 70 switch (page_sz) { 71 case GITS_PAGE_SIZE_4K: 72 case GITS_PAGE_SIZE_16K: 73 result = FIELD_EX64(value, GITS_BASER, PHYADDR) << 12; 74 break; 75 76 case GITS_PAGE_SIZE_64K: 77 result = FIELD_EX64(value, GITS_BASER, PHYADDRL_64K) << 16; 78 result |= FIELD_EX64(value, GITS_BASER, PHYADDRH_64K) << 48; 79 break; 80 81 default: 82 break; 83 } 84 return result; 85 } 86 87 static uint64_t table_entry_addr(GICv3ITSState *s, TableDesc *td, 88 uint32_t idx, MemTxResult *res) 89 { 90 /* 91 * Given a TableDesc describing one of the ITS in-guest-memory 92 * tables and an index into it, return the guest address 93 * corresponding to that table entry. 94 * If there was a memory error reading the L1 table of an 95 * indirect table, *res is set accordingly, and we return -1. 96 * If the L1 table entry is marked not valid, we return -1 with 97 * *res set to MEMTX_OK. 98 * 99 * The specification defines the format of level 1 entries of a 100 * 2-level table, but the format of level 2 entries and the format 101 * of flat-mapped tables is IMPDEF. 102 */ 103 AddressSpace *as = &s->gicv3->dma_as; 104 uint32_t l2idx; 105 uint64_t l2; 106 uint32_t num_l2_entries; 107 108 *res = MEMTX_OK; 109 110 if (!td->indirect) { 111 /* Single level table */ 112 return td->base_addr + idx * td->entry_sz; 113 } 114 115 /* Two level table */ 116 l2idx = idx / (td->page_sz / L1TABLE_ENTRY_SIZE); 117 118 l2 = address_space_ldq_le(as, 119 td->base_addr + (l2idx * L1TABLE_ENTRY_SIZE), 120 MEMTXATTRS_UNSPECIFIED, res); 121 if (*res != MEMTX_OK) { 122 return -1; 123 } 124 if (!(l2 & L2_TABLE_VALID_MASK)) { 125 return -1; 126 } 127 128 num_l2_entries = td->page_sz / td->entry_sz; 129 return (l2 & ((1ULL << 51) - 1)) + (idx % num_l2_entries) * td->entry_sz; 130 } 131 132 static bool get_cte(GICv3ITSState *s, uint16_t icid, uint64_t *cte, 133 MemTxResult *res) 134 { 135 AddressSpace *as = &s->gicv3->dma_as; 136 uint64_t entry_addr = table_entry_addr(s, &s->ct, icid, res); 137 138 if (entry_addr == -1) { 139 return false; /* not valid */ 140 } 141 142 *cte = address_space_ldq_le(as, entry_addr, MEMTXATTRS_UNSPECIFIED, res); 143 return FIELD_EX64(*cte, CTE, VALID); 144 } 145 146 static bool update_ite(GICv3ITSState *s, uint32_t eventid, uint64_t dte, 147 IteEntry ite) 148 { 149 AddressSpace *as = &s->gicv3->dma_as; 150 uint64_t itt_addr; 151 MemTxResult res = MEMTX_OK; 152 153 itt_addr = FIELD_EX64(dte, DTE, ITTADDR); 154 itt_addr <<= ITTADDR_SHIFT; /* 256 byte aligned */ 155 156 address_space_stq_le(as, itt_addr + (eventid * (sizeof(uint64_t) + 157 sizeof(uint32_t))), ite.itel, MEMTXATTRS_UNSPECIFIED, 158 &res); 159 160 if (res == MEMTX_OK) { 161 address_space_stl_le(as, itt_addr + (eventid * (sizeof(uint64_t) + 162 sizeof(uint32_t))) + sizeof(uint32_t), ite.iteh, 163 MEMTXATTRS_UNSPECIFIED, &res); 164 } 165 if (res != MEMTX_OK) { 166 return false; 167 } else { 168 return true; 169 } 170 } 171 172 static bool get_ite(GICv3ITSState *s, uint32_t eventid, uint64_t dte, 173 uint16_t *icid, uint32_t *pIntid, MemTxResult *res) 174 { 175 AddressSpace *as = &s->gicv3->dma_as; 176 uint64_t itt_addr; 177 bool status = false; 178 IteEntry ite = {}; 179 180 itt_addr = FIELD_EX64(dte, DTE, ITTADDR); 181 itt_addr <<= ITTADDR_SHIFT; /* 256 byte aligned */ 182 183 ite.itel = address_space_ldq_le(as, itt_addr + 184 (eventid * (sizeof(uint64_t) + 185 sizeof(uint32_t))), MEMTXATTRS_UNSPECIFIED, 186 res); 187 188 if (*res == MEMTX_OK) { 189 ite.iteh = address_space_ldl_le(as, itt_addr + 190 (eventid * (sizeof(uint64_t) + 191 sizeof(uint32_t))) + sizeof(uint32_t), 192 MEMTXATTRS_UNSPECIFIED, res); 193 194 if (*res == MEMTX_OK) { 195 if (FIELD_EX64(ite.itel, ITE_L, VALID)) { 196 int inttype = FIELD_EX64(ite.itel, ITE_L, INTTYPE); 197 if (inttype == ITE_INTTYPE_PHYSICAL) { 198 *pIntid = FIELD_EX64(ite.itel, ITE_L, INTID); 199 *icid = FIELD_EX32(ite.iteh, ITE_H, ICID); 200 status = true; 201 } 202 } 203 } 204 } 205 return status; 206 } 207 208 static uint64_t get_dte(GICv3ITSState *s, uint32_t devid, MemTxResult *res) 209 { 210 AddressSpace *as = &s->gicv3->dma_as; 211 uint64_t entry_addr = table_entry_addr(s, &s->dt, devid, res); 212 213 if (entry_addr == -1) { 214 return 0; /* a DTE entry with the Valid bit clear */ 215 } 216 return address_space_ldq_le(as, entry_addr, MEMTXATTRS_UNSPECIFIED, res); 217 } 218 219 /* 220 * This function handles the processing of following commands based on 221 * the ItsCmdType parameter passed:- 222 * 1. triggering of lpi interrupt translation via ITS INT command 223 * 2. triggering of lpi interrupt translation via gits_translater register 224 * 3. handling of ITS CLEAR command 225 * 4. handling of ITS DISCARD command 226 */ 227 static ItsCmdResult process_its_cmd(GICv3ITSState *s, uint64_t value, 228 uint32_t offset, ItsCmdType cmd) 229 { 230 AddressSpace *as = &s->gicv3->dma_as; 231 uint32_t devid, eventid; 232 MemTxResult res = MEMTX_OK; 233 bool dte_valid; 234 uint64_t dte = 0; 235 uint64_t num_eventids; 236 uint16_t icid = 0; 237 uint32_t pIntid = 0; 238 bool ite_valid = false; 239 uint64_t cte = 0; 240 bool cte_valid = false; 241 uint64_t rdbase; 242 243 if (cmd == NONE) { 244 devid = offset; 245 } else { 246 devid = ((value & DEVID_MASK) >> DEVID_SHIFT); 247 248 offset += NUM_BYTES_IN_DW; 249 value = address_space_ldq_le(as, s->cq.base_addr + offset, 250 MEMTXATTRS_UNSPECIFIED, &res); 251 } 252 253 if (res != MEMTX_OK) { 254 return CMD_STALL; 255 } 256 257 eventid = (value & EVENTID_MASK); 258 259 if (devid >= s->dt.num_entries) { 260 qemu_log_mask(LOG_GUEST_ERROR, 261 "%s: invalid command attributes: devid %d>=%d", 262 __func__, devid, s->dt.num_entries); 263 return CMD_CONTINUE; 264 } 265 266 dte = get_dte(s, devid, &res); 267 268 if (res != MEMTX_OK) { 269 return CMD_STALL; 270 } 271 dte_valid = FIELD_EX64(dte, DTE, VALID); 272 273 if (!dte_valid) { 274 qemu_log_mask(LOG_GUEST_ERROR, 275 "%s: invalid command attributes: " 276 "invalid dte: %"PRIx64" for %d\n", 277 __func__, dte, devid); 278 return CMD_CONTINUE; 279 } 280 281 num_eventids = 1ULL << (FIELD_EX64(dte, DTE, SIZE) + 1); 282 283 if (eventid >= num_eventids) { 284 qemu_log_mask(LOG_GUEST_ERROR, 285 "%s: invalid command attributes: eventid %d >= %" 286 PRId64 "\n", 287 __func__, eventid, num_eventids); 288 return CMD_CONTINUE; 289 } 290 291 ite_valid = get_ite(s, eventid, dte, &icid, &pIntid, &res); 292 if (res != MEMTX_OK) { 293 return CMD_STALL; 294 } 295 296 if (!ite_valid) { 297 qemu_log_mask(LOG_GUEST_ERROR, 298 "%s: invalid command attributes: invalid ITE\n", 299 __func__); 300 return CMD_CONTINUE; 301 } 302 303 if (icid >= s->ct.num_entries) { 304 qemu_log_mask(LOG_GUEST_ERROR, 305 "%s: invalid ICID 0x%x in ITE (table corrupted?)\n", 306 __func__, icid); 307 return CMD_CONTINUE; 308 } 309 310 cte_valid = get_cte(s, icid, &cte, &res); 311 if (res != MEMTX_OK) { 312 return CMD_STALL; 313 } 314 if (!cte_valid) { 315 qemu_log_mask(LOG_GUEST_ERROR, 316 "%s: invalid command attributes: " 317 "invalid cte: %"PRIx64"\n", 318 __func__, cte); 319 return CMD_CONTINUE; 320 } 321 322 /* 323 * Current implementation only supports rdbase == procnum 324 * Hence rdbase physical address is ignored 325 */ 326 rdbase = FIELD_EX64(cte, CTE, RDBASE); 327 328 if (rdbase >= s->gicv3->num_cpu) { 329 return CMD_CONTINUE; 330 } 331 332 if ((cmd == CLEAR) || (cmd == DISCARD)) { 333 gicv3_redist_process_lpi(&s->gicv3->cpu[rdbase], pIntid, 0); 334 } else { 335 gicv3_redist_process_lpi(&s->gicv3->cpu[rdbase], pIntid, 1); 336 } 337 338 if (cmd == DISCARD) { 339 IteEntry ite = {}; 340 /* remove mapping from interrupt translation table */ 341 return update_ite(s, eventid, dte, ite) ? CMD_CONTINUE : CMD_STALL; 342 } 343 return CMD_CONTINUE; 344 } 345 346 static ItsCmdResult process_mapti(GICv3ITSState *s, uint64_t value, 347 uint32_t offset, bool ignore_pInt) 348 { 349 AddressSpace *as = &s->gicv3->dma_as; 350 uint32_t devid, eventid; 351 uint32_t pIntid = 0; 352 uint64_t num_eventids; 353 uint32_t num_intids; 354 bool dte_valid; 355 MemTxResult res = MEMTX_OK; 356 uint16_t icid = 0; 357 uint64_t dte = 0; 358 IteEntry ite = {}; 359 360 devid = ((value & DEVID_MASK) >> DEVID_SHIFT); 361 offset += NUM_BYTES_IN_DW; 362 value = address_space_ldq_le(as, s->cq.base_addr + offset, 363 MEMTXATTRS_UNSPECIFIED, &res); 364 365 if (res != MEMTX_OK) { 366 return CMD_STALL; 367 } 368 369 eventid = (value & EVENTID_MASK); 370 371 if (ignore_pInt) { 372 pIntid = eventid; 373 } else { 374 pIntid = ((value & pINTID_MASK) >> pINTID_SHIFT); 375 } 376 377 offset += NUM_BYTES_IN_DW; 378 value = address_space_ldq_le(as, s->cq.base_addr + offset, 379 MEMTXATTRS_UNSPECIFIED, &res); 380 381 if (res != MEMTX_OK) { 382 return CMD_STALL; 383 } 384 385 icid = value & ICID_MASK; 386 387 if (devid >= s->dt.num_entries) { 388 qemu_log_mask(LOG_GUEST_ERROR, 389 "%s: invalid command attributes: devid %d>=%d", 390 __func__, devid, s->dt.num_entries); 391 return CMD_CONTINUE; 392 } 393 394 dte = get_dte(s, devid, &res); 395 396 if (res != MEMTX_OK) { 397 return CMD_STALL; 398 } 399 dte_valid = FIELD_EX64(dte, DTE, VALID); 400 num_eventids = 1ULL << (FIELD_EX64(dte, DTE, SIZE) + 1); 401 num_intids = 1ULL << (GICD_TYPER_IDBITS + 1); 402 403 if ((icid >= s->ct.num_entries) 404 || !dte_valid || (eventid >= num_eventids) || 405 (((pIntid < GICV3_LPI_INTID_START) || (pIntid >= num_intids)) && 406 (pIntid != INTID_SPURIOUS))) { 407 qemu_log_mask(LOG_GUEST_ERROR, 408 "%s: invalid command attributes " 409 "icid %d or eventid %d or pIntid %d or" 410 "unmapped dte %d\n", __func__, icid, eventid, 411 pIntid, dte_valid); 412 /* 413 * in this implementation, in case of error 414 * we ignore this command and move onto the next 415 * command in the queue 416 */ 417 return CMD_CONTINUE; 418 } 419 420 /* add ite entry to interrupt translation table */ 421 ite.itel = FIELD_DP64(ite.itel, ITE_L, VALID, dte_valid); 422 ite.itel = FIELD_DP64(ite.itel, ITE_L, INTTYPE, ITE_INTTYPE_PHYSICAL); 423 ite.itel = FIELD_DP64(ite.itel, ITE_L, INTID, pIntid); 424 ite.itel = FIELD_DP64(ite.itel, ITE_L, DOORBELL, INTID_SPURIOUS); 425 ite.iteh = FIELD_DP32(ite.iteh, ITE_H, ICID, icid); 426 427 return update_ite(s, eventid, dte, ite) ? CMD_CONTINUE : CMD_STALL; 428 } 429 430 static bool update_cte(GICv3ITSState *s, uint16_t icid, bool valid, 431 uint64_t rdbase) 432 { 433 AddressSpace *as = &s->gicv3->dma_as; 434 uint64_t entry_addr; 435 uint64_t cte = 0; 436 MemTxResult res = MEMTX_OK; 437 438 if (!s->ct.valid) { 439 return true; 440 } 441 442 if (valid) { 443 /* add mapping entry to collection table */ 444 cte = FIELD_DP64(cte, CTE, VALID, 1); 445 cte = FIELD_DP64(cte, CTE, RDBASE, rdbase); 446 } 447 448 entry_addr = table_entry_addr(s, &s->ct, icid, &res); 449 if (res != MEMTX_OK) { 450 /* memory access error: stall */ 451 return false; 452 } 453 if (entry_addr == -1) { 454 /* No L2 table for this index: discard write and continue */ 455 return true; 456 } 457 458 address_space_stq_le(as, entry_addr, cte, MEMTXATTRS_UNSPECIFIED, &res); 459 return res == MEMTX_OK; 460 } 461 462 static ItsCmdResult process_mapc(GICv3ITSState *s, uint32_t offset) 463 { 464 AddressSpace *as = &s->gicv3->dma_as; 465 uint16_t icid; 466 uint64_t rdbase; 467 bool valid; 468 MemTxResult res = MEMTX_OK; 469 uint64_t value; 470 471 offset += NUM_BYTES_IN_DW; 472 offset += NUM_BYTES_IN_DW; 473 474 value = address_space_ldq_le(as, s->cq.base_addr + offset, 475 MEMTXATTRS_UNSPECIFIED, &res); 476 477 if (res != MEMTX_OK) { 478 return CMD_STALL; 479 } 480 481 icid = value & ICID_MASK; 482 483 rdbase = (value & R_MAPC_RDBASE_MASK) >> R_MAPC_RDBASE_SHIFT; 484 rdbase &= RDBASE_PROCNUM_MASK; 485 486 valid = (value & CMD_FIELD_VALID_MASK); 487 488 if ((icid >= s->ct.num_entries) || (rdbase >= s->gicv3->num_cpu)) { 489 qemu_log_mask(LOG_GUEST_ERROR, 490 "ITS MAPC: invalid collection table attributes " 491 "icid %d rdbase %" PRIu64 "\n", icid, rdbase); 492 /* 493 * in this implementation, in case of error 494 * we ignore this command and move onto the next 495 * command in the queue 496 */ 497 return CMD_CONTINUE; 498 } 499 500 return update_cte(s, icid, valid, rdbase) ? CMD_CONTINUE : CMD_STALL; 501 } 502 503 static bool update_dte(GICv3ITSState *s, uint32_t devid, bool valid, 504 uint8_t size, uint64_t itt_addr) 505 { 506 AddressSpace *as = &s->gicv3->dma_as; 507 uint64_t entry_addr; 508 uint64_t dte = 0; 509 MemTxResult res = MEMTX_OK; 510 511 if (s->dt.valid) { 512 if (valid) { 513 /* add mapping entry to device table */ 514 dte = FIELD_DP64(dte, DTE, VALID, 1); 515 dte = FIELD_DP64(dte, DTE, SIZE, size); 516 dte = FIELD_DP64(dte, DTE, ITTADDR, itt_addr); 517 } 518 } else { 519 return true; 520 } 521 522 entry_addr = table_entry_addr(s, &s->dt, devid, &res); 523 if (res != MEMTX_OK) { 524 /* memory access error: stall */ 525 return false; 526 } 527 if (entry_addr == -1) { 528 /* No L2 table for this index: discard write and continue */ 529 return true; 530 } 531 address_space_stq_le(as, entry_addr, dte, MEMTXATTRS_UNSPECIFIED, &res); 532 return res == MEMTX_OK; 533 } 534 535 static ItsCmdResult process_mapd(GICv3ITSState *s, uint64_t value, 536 uint32_t offset) 537 { 538 AddressSpace *as = &s->gicv3->dma_as; 539 uint32_t devid; 540 uint8_t size; 541 uint64_t itt_addr; 542 bool valid; 543 MemTxResult res = MEMTX_OK; 544 545 devid = ((value & DEVID_MASK) >> DEVID_SHIFT); 546 547 offset += NUM_BYTES_IN_DW; 548 value = address_space_ldq_le(as, s->cq.base_addr + offset, 549 MEMTXATTRS_UNSPECIFIED, &res); 550 551 if (res != MEMTX_OK) { 552 return CMD_STALL; 553 } 554 555 size = (value & SIZE_MASK); 556 557 offset += NUM_BYTES_IN_DW; 558 value = address_space_ldq_le(as, s->cq.base_addr + offset, 559 MEMTXATTRS_UNSPECIFIED, &res); 560 561 if (res != MEMTX_OK) { 562 return CMD_STALL; 563 } 564 565 itt_addr = (value & ITTADDR_MASK) >> ITTADDR_SHIFT; 566 567 valid = (value & CMD_FIELD_VALID_MASK); 568 569 if ((devid >= s->dt.num_entries) || 570 (size > FIELD_EX64(s->typer, GITS_TYPER, IDBITS))) { 571 qemu_log_mask(LOG_GUEST_ERROR, 572 "ITS MAPD: invalid device table attributes " 573 "devid %d or size %d\n", devid, size); 574 /* 575 * in this implementation, in case of error 576 * we ignore this command and move onto the next 577 * command in the queue 578 */ 579 return CMD_CONTINUE; 580 } 581 582 return update_dte(s, devid, valid, size, itt_addr) ? CMD_CONTINUE : CMD_STALL; 583 } 584 585 /* 586 * Current implementation blocks until all 587 * commands are processed 588 */ 589 static void process_cmdq(GICv3ITSState *s) 590 { 591 uint32_t wr_offset = 0; 592 uint32_t rd_offset = 0; 593 uint32_t cq_offset = 0; 594 uint64_t data; 595 AddressSpace *as = &s->gicv3->dma_as; 596 MemTxResult res = MEMTX_OK; 597 uint8_t cmd; 598 int i; 599 600 if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) { 601 return; 602 } 603 604 wr_offset = FIELD_EX64(s->cwriter, GITS_CWRITER, OFFSET); 605 606 if (wr_offset >= s->cq.num_entries) { 607 qemu_log_mask(LOG_GUEST_ERROR, 608 "%s: invalid write offset " 609 "%d\n", __func__, wr_offset); 610 return; 611 } 612 613 rd_offset = FIELD_EX64(s->creadr, GITS_CREADR, OFFSET); 614 615 if (rd_offset >= s->cq.num_entries) { 616 qemu_log_mask(LOG_GUEST_ERROR, 617 "%s: invalid read offset " 618 "%d\n", __func__, rd_offset); 619 return; 620 } 621 622 while (wr_offset != rd_offset) { 623 ItsCmdResult result = CMD_CONTINUE; 624 625 cq_offset = (rd_offset * GITS_CMDQ_ENTRY_SIZE); 626 data = address_space_ldq_le(as, s->cq.base_addr + cq_offset, 627 MEMTXATTRS_UNSPECIFIED, &res); 628 if (res != MEMTX_OK) { 629 s->creadr = FIELD_DP64(s->creadr, GITS_CREADR, STALLED, 1); 630 qemu_log_mask(LOG_GUEST_ERROR, 631 "%s: could not read command at 0x%" PRIx64 "\n", 632 __func__, s->cq.base_addr + cq_offset); 633 break; 634 } 635 636 cmd = (data & CMD_MASK); 637 638 trace_gicv3_its_process_command(rd_offset, cmd); 639 640 switch (cmd) { 641 case GITS_CMD_INT: 642 result = process_its_cmd(s, data, cq_offset, INTERRUPT); 643 break; 644 case GITS_CMD_CLEAR: 645 result = process_its_cmd(s, data, cq_offset, CLEAR); 646 break; 647 case GITS_CMD_SYNC: 648 /* 649 * Current implementation makes a blocking synchronous call 650 * for every command issued earlier, hence the internal state 651 * is already consistent by the time SYNC command is executed. 652 * Hence no further processing is required for SYNC command. 653 */ 654 break; 655 case GITS_CMD_MAPD: 656 result = process_mapd(s, data, cq_offset); 657 break; 658 case GITS_CMD_MAPC: 659 result = process_mapc(s, cq_offset); 660 break; 661 case GITS_CMD_MAPTI: 662 result = process_mapti(s, data, cq_offset, false); 663 break; 664 case GITS_CMD_MAPI: 665 result = process_mapti(s, data, cq_offset, true); 666 break; 667 case GITS_CMD_DISCARD: 668 result = process_its_cmd(s, data, cq_offset, DISCARD); 669 break; 670 case GITS_CMD_INV: 671 case GITS_CMD_INVALL: 672 /* 673 * Current implementation doesn't cache any ITS tables, 674 * but the calculated lpi priority information. We only 675 * need to trigger lpi priority re-calculation to be in 676 * sync with LPI config table or pending table changes. 677 */ 678 for (i = 0; i < s->gicv3->num_cpu; i++) { 679 gicv3_redist_update_lpi(&s->gicv3->cpu[i]); 680 } 681 break; 682 default: 683 break; 684 } 685 if (result == CMD_CONTINUE) { 686 rd_offset++; 687 rd_offset %= s->cq.num_entries; 688 s->creadr = FIELD_DP64(s->creadr, GITS_CREADR, OFFSET, rd_offset); 689 } else { 690 /* CMD_STALL */ 691 s->creadr = FIELD_DP64(s->creadr, GITS_CREADR, STALLED, 1); 692 qemu_log_mask(LOG_GUEST_ERROR, 693 "%s: 0x%x cmd processing failed, stalling\n", 694 __func__, cmd); 695 break; 696 } 697 } 698 } 699 700 /* 701 * This function extracts the ITS Device and Collection table specific 702 * parameters (like base_addr, size etc) from GITS_BASER register. 703 * It is called during ITS enable and also during post_load migration 704 */ 705 static void extract_table_params(GICv3ITSState *s) 706 { 707 uint16_t num_pages = 0; 708 uint8_t page_sz_type; 709 uint8_t type; 710 uint32_t page_sz = 0; 711 uint64_t value; 712 713 for (int i = 0; i < 8; i++) { 714 TableDesc *td; 715 int idbits; 716 717 value = s->baser[i]; 718 719 if (!value) { 720 continue; 721 } 722 723 page_sz_type = FIELD_EX64(value, GITS_BASER, PAGESIZE); 724 725 switch (page_sz_type) { 726 case 0: 727 page_sz = GITS_PAGE_SIZE_4K; 728 break; 729 730 case 1: 731 page_sz = GITS_PAGE_SIZE_16K; 732 break; 733 734 case 2: 735 case 3: 736 page_sz = GITS_PAGE_SIZE_64K; 737 break; 738 739 default: 740 g_assert_not_reached(); 741 } 742 743 num_pages = FIELD_EX64(value, GITS_BASER, SIZE) + 1; 744 745 type = FIELD_EX64(value, GITS_BASER, TYPE); 746 747 switch (type) { 748 case GITS_BASER_TYPE_DEVICE: 749 td = &s->dt; 750 idbits = FIELD_EX64(s->typer, GITS_TYPER, DEVBITS) + 1; 751 break; 752 case GITS_BASER_TYPE_COLLECTION: 753 td = &s->ct; 754 if (FIELD_EX64(s->typer, GITS_TYPER, CIL)) { 755 idbits = FIELD_EX64(s->typer, GITS_TYPER, CIDBITS) + 1; 756 } else { 757 /* 16-bit CollectionId supported when CIL == 0 */ 758 idbits = 16; 759 } 760 break; 761 default: 762 /* 763 * GITS_BASER<n>.TYPE is read-only, so GITS_BASER_RO_MASK 764 * ensures we will only see type values corresponding to 765 * the values set up in gicv3_its_reset(). 766 */ 767 g_assert_not_reached(); 768 } 769 770 memset(td, 0, sizeof(*td)); 771 td->valid = FIELD_EX64(value, GITS_BASER, VALID); 772 /* 773 * If GITS_BASER<n>.Valid is 0 for any <n> then we will not process 774 * interrupts. (GITS_TYPER.HCC is 0 for this implementation, so we 775 * do not have a special case where the GITS_BASER<n>.Valid bit is 0 776 * for the register corresponding to the Collection table but we 777 * still have to process interrupts using non-memory-backed 778 * Collection table entries.) 779 */ 780 if (!td->valid) { 781 continue; 782 } 783 td->page_sz = page_sz; 784 td->indirect = FIELD_EX64(value, GITS_BASER, INDIRECT); 785 td->entry_sz = FIELD_EX64(value, GITS_BASER, ENTRYSIZE) + 1; 786 td->base_addr = baser_base_addr(value, page_sz); 787 if (!td->indirect) { 788 td->num_entries = (num_pages * page_sz) / td->entry_sz; 789 } else { 790 td->num_entries = (((num_pages * page_sz) / 791 L1TABLE_ENTRY_SIZE) * 792 (page_sz / td->entry_sz)); 793 } 794 td->num_entries = MIN(td->num_entries, 1ULL << idbits); 795 } 796 } 797 798 static void extract_cmdq_params(GICv3ITSState *s) 799 { 800 uint16_t num_pages = 0; 801 uint64_t value = s->cbaser; 802 803 num_pages = FIELD_EX64(value, GITS_CBASER, SIZE) + 1; 804 805 memset(&s->cq, 0 , sizeof(s->cq)); 806 s->cq.valid = FIELD_EX64(value, GITS_CBASER, VALID); 807 808 if (s->cq.valid) { 809 s->cq.num_entries = (num_pages * GITS_PAGE_SIZE_4K) / 810 GITS_CMDQ_ENTRY_SIZE; 811 s->cq.base_addr = FIELD_EX64(value, GITS_CBASER, PHYADDR); 812 s->cq.base_addr <<= R_GITS_CBASER_PHYADDR_SHIFT; 813 } 814 } 815 816 static MemTxResult gicv3_its_translation_read(void *opaque, hwaddr offset, 817 uint64_t *data, unsigned size, 818 MemTxAttrs attrs) 819 { 820 /* 821 * GITS_TRANSLATER is write-only, and all other addresses 822 * in the interrupt translation space frame are RES0. 823 */ 824 *data = 0; 825 return MEMTX_OK; 826 } 827 828 static MemTxResult gicv3_its_translation_write(void *opaque, hwaddr offset, 829 uint64_t data, unsigned size, 830 MemTxAttrs attrs) 831 { 832 GICv3ITSState *s = (GICv3ITSState *)opaque; 833 bool result = true; 834 uint32_t devid = 0; 835 836 trace_gicv3_its_translation_write(offset, data, size, attrs.requester_id); 837 838 switch (offset) { 839 case GITS_TRANSLATER: 840 if (s->ctlr & R_GITS_CTLR_ENABLED_MASK) { 841 devid = attrs.requester_id; 842 result = process_its_cmd(s, data, devid, NONE); 843 } 844 break; 845 default: 846 break; 847 } 848 849 if (result) { 850 return MEMTX_OK; 851 } else { 852 return MEMTX_ERROR; 853 } 854 } 855 856 static bool its_writel(GICv3ITSState *s, hwaddr offset, 857 uint64_t value, MemTxAttrs attrs) 858 { 859 bool result = true; 860 int index; 861 862 switch (offset) { 863 case GITS_CTLR: 864 if (value & R_GITS_CTLR_ENABLED_MASK) { 865 s->ctlr |= R_GITS_CTLR_ENABLED_MASK; 866 extract_table_params(s); 867 extract_cmdq_params(s); 868 process_cmdq(s); 869 } else { 870 s->ctlr &= ~R_GITS_CTLR_ENABLED_MASK; 871 } 872 break; 873 case GITS_CBASER: 874 /* 875 * IMPDEF choice:- GITS_CBASER register becomes RO if ITS is 876 * already enabled 877 */ 878 if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) { 879 s->cbaser = deposit64(s->cbaser, 0, 32, value); 880 s->creadr = 0; 881 } 882 break; 883 case GITS_CBASER + 4: 884 /* 885 * IMPDEF choice:- GITS_CBASER register becomes RO if ITS is 886 * already enabled 887 */ 888 if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) { 889 s->cbaser = deposit64(s->cbaser, 32, 32, value); 890 s->creadr = 0; 891 } 892 break; 893 case GITS_CWRITER: 894 s->cwriter = deposit64(s->cwriter, 0, 32, 895 (value & ~R_GITS_CWRITER_RETRY_MASK)); 896 if (s->cwriter != s->creadr) { 897 process_cmdq(s); 898 } 899 break; 900 case GITS_CWRITER + 4: 901 s->cwriter = deposit64(s->cwriter, 32, 32, value); 902 break; 903 case GITS_CREADR: 904 if (s->gicv3->gicd_ctlr & GICD_CTLR_DS) { 905 s->creadr = deposit64(s->creadr, 0, 32, 906 (value & ~R_GITS_CREADR_STALLED_MASK)); 907 } else { 908 /* RO register, ignore the write */ 909 qemu_log_mask(LOG_GUEST_ERROR, 910 "%s: invalid guest write to RO register at offset " 911 TARGET_FMT_plx "\n", __func__, offset); 912 } 913 break; 914 case GITS_CREADR + 4: 915 if (s->gicv3->gicd_ctlr & GICD_CTLR_DS) { 916 s->creadr = deposit64(s->creadr, 32, 32, value); 917 } else { 918 /* RO register, ignore the write */ 919 qemu_log_mask(LOG_GUEST_ERROR, 920 "%s: invalid guest write to RO register at offset " 921 TARGET_FMT_plx "\n", __func__, offset); 922 } 923 break; 924 case GITS_BASER ... GITS_BASER + 0x3f: 925 /* 926 * IMPDEF choice:- GITS_BASERn register becomes RO if ITS is 927 * already enabled 928 */ 929 if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) { 930 index = (offset - GITS_BASER) / 8; 931 932 if (s->baser[index] == 0) { 933 /* Unimplemented GITS_BASERn: RAZ/WI */ 934 break; 935 } 936 if (offset & 7) { 937 value <<= 32; 938 value &= ~GITS_BASER_RO_MASK; 939 s->baser[index] &= GITS_BASER_RO_MASK | MAKE_64BIT_MASK(0, 32); 940 s->baser[index] |= value; 941 } else { 942 value &= ~GITS_BASER_RO_MASK; 943 s->baser[index] &= GITS_BASER_RO_MASK | MAKE_64BIT_MASK(32, 32); 944 s->baser[index] |= value; 945 } 946 } 947 break; 948 case GITS_IIDR: 949 case GITS_IDREGS ... GITS_IDREGS + 0x2f: 950 /* RO registers, ignore the write */ 951 qemu_log_mask(LOG_GUEST_ERROR, 952 "%s: invalid guest write to RO register at offset " 953 TARGET_FMT_plx "\n", __func__, offset); 954 break; 955 default: 956 result = false; 957 break; 958 } 959 return result; 960 } 961 962 static bool its_readl(GICv3ITSState *s, hwaddr offset, 963 uint64_t *data, MemTxAttrs attrs) 964 { 965 bool result = true; 966 int index; 967 968 switch (offset) { 969 case GITS_CTLR: 970 *data = s->ctlr; 971 break; 972 case GITS_IIDR: 973 *data = gicv3_iidr(); 974 break; 975 case GITS_IDREGS ... GITS_IDREGS + 0x2f: 976 /* ID registers */ 977 *data = gicv3_idreg(offset - GITS_IDREGS); 978 break; 979 case GITS_TYPER: 980 *data = extract64(s->typer, 0, 32); 981 break; 982 case GITS_TYPER + 4: 983 *data = extract64(s->typer, 32, 32); 984 break; 985 case GITS_CBASER: 986 *data = extract64(s->cbaser, 0, 32); 987 break; 988 case GITS_CBASER + 4: 989 *data = extract64(s->cbaser, 32, 32); 990 break; 991 case GITS_CREADR: 992 *data = extract64(s->creadr, 0, 32); 993 break; 994 case GITS_CREADR + 4: 995 *data = extract64(s->creadr, 32, 32); 996 break; 997 case GITS_CWRITER: 998 *data = extract64(s->cwriter, 0, 32); 999 break; 1000 case GITS_CWRITER + 4: 1001 *data = extract64(s->cwriter, 32, 32); 1002 break; 1003 case GITS_BASER ... GITS_BASER + 0x3f: 1004 index = (offset - GITS_BASER) / 8; 1005 if (offset & 7) { 1006 *data = extract64(s->baser[index], 32, 32); 1007 } else { 1008 *data = extract64(s->baser[index], 0, 32); 1009 } 1010 break; 1011 default: 1012 result = false; 1013 break; 1014 } 1015 return result; 1016 } 1017 1018 static bool its_writell(GICv3ITSState *s, hwaddr offset, 1019 uint64_t value, MemTxAttrs attrs) 1020 { 1021 bool result = true; 1022 int index; 1023 1024 switch (offset) { 1025 case GITS_BASER ... GITS_BASER + 0x3f: 1026 /* 1027 * IMPDEF choice:- GITS_BASERn register becomes RO if ITS is 1028 * already enabled 1029 */ 1030 if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) { 1031 index = (offset - GITS_BASER) / 8; 1032 if (s->baser[index] == 0) { 1033 /* Unimplemented GITS_BASERn: RAZ/WI */ 1034 break; 1035 } 1036 s->baser[index] &= GITS_BASER_RO_MASK; 1037 s->baser[index] |= (value & ~GITS_BASER_RO_MASK); 1038 } 1039 break; 1040 case GITS_CBASER: 1041 /* 1042 * IMPDEF choice:- GITS_CBASER register becomes RO if ITS is 1043 * already enabled 1044 */ 1045 if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) { 1046 s->cbaser = value; 1047 s->creadr = 0; 1048 } 1049 break; 1050 case GITS_CWRITER: 1051 s->cwriter = value & ~R_GITS_CWRITER_RETRY_MASK; 1052 if (s->cwriter != s->creadr) { 1053 process_cmdq(s); 1054 } 1055 break; 1056 case GITS_CREADR: 1057 if (s->gicv3->gicd_ctlr & GICD_CTLR_DS) { 1058 s->creadr = value & ~R_GITS_CREADR_STALLED_MASK; 1059 } else { 1060 /* RO register, ignore the write */ 1061 qemu_log_mask(LOG_GUEST_ERROR, 1062 "%s: invalid guest write to RO register at offset " 1063 TARGET_FMT_plx "\n", __func__, offset); 1064 } 1065 break; 1066 case GITS_TYPER: 1067 /* RO registers, ignore the write */ 1068 qemu_log_mask(LOG_GUEST_ERROR, 1069 "%s: invalid guest write to RO register at offset " 1070 TARGET_FMT_plx "\n", __func__, offset); 1071 break; 1072 default: 1073 result = false; 1074 break; 1075 } 1076 return result; 1077 } 1078 1079 static bool its_readll(GICv3ITSState *s, hwaddr offset, 1080 uint64_t *data, MemTxAttrs attrs) 1081 { 1082 bool result = true; 1083 int index; 1084 1085 switch (offset) { 1086 case GITS_TYPER: 1087 *data = s->typer; 1088 break; 1089 case GITS_BASER ... GITS_BASER + 0x3f: 1090 index = (offset - GITS_BASER) / 8; 1091 *data = s->baser[index]; 1092 break; 1093 case GITS_CBASER: 1094 *data = s->cbaser; 1095 break; 1096 case GITS_CREADR: 1097 *data = s->creadr; 1098 break; 1099 case GITS_CWRITER: 1100 *data = s->cwriter; 1101 break; 1102 default: 1103 result = false; 1104 break; 1105 } 1106 return result; 1107 } 1108 1109 static MemTxResult gicv3_its_read(void *opaque, hwaddr offset, uint64_t *data, 1110 unsigned size, MemTxAttrs attrs) 1111 { 1112 GICv3ITSState *s = (GICv3ITSState *)opaque; 1113 bool result; 1114 1115 switch (size) { 1116 case 4: 1117 result = its_readl(s, offset, data, attrs); 1118 break; 1119 case 8: 1120 result = its_readll(s, offset, data, attrs); 1121 break; 1122 default: 1123 result = false; 1124 break; 1125 } 1126 1127 if (!result) { 1128 qemu_log_mask(LOG_GUEST_ERROR, 1129 "%s: invalid guest read at offset " TARGET_FMT_plx 1130 "size %u\n", __func__, offset, size); 1131 trace_gicv3_its_badread(offset, size); 1132 /* 1133 * The spec requires that reserved registers are RAZ/WI; 1134 * so use false returns from leaf functions as a way to 1135 * trigger the guest-error logging but don't return it to 1136 * the caller, or we'll cause a spurious guest data abort. 1137 */ 1138 *data = 0; 1139 } else { 1140 trace_gicv3_its_read(offset, *data, size); 1141 } 1142 return MEMTX_OK; 1143 } 1144 1145 static MemTxResult gicv3_its_write(void *opaque, hwaddr offset, uint64_t data, 1146 unsigned size, MemTxAttrs attrs) 1147 { 1148 GICv3ITSState *s = (GICv3ITSState *)opaque; 1149 bool result; 1150 1151 switch (size) { 1152 case 4: 1153 result = its_writel(s, offset, data, attrs); 1154 break; 1155 case 8: 1156 result = its_writell(s, offset, data, attrs); 1157 break; 1158 default: 1159 result = false; 1160 break; 1161 } 1162 1163 if (!result) { 1164 qemu_log_mask(LOG_GUEST_ERROR, 1165 "%s: invalid guest write at offset " TARGET_FMT_plx 1166 "size %u\n", __func__, offset, size); 1167 trace_gicv3_its_badwrite(offset, data, size); 1168 /* 1169 * The spec requires that reserved registers are RAZ/WI; 1170 * so use false returns from leaf functions as a way to 1171 * trigger the guest-error logging but don't return it to 1172 * the caller, or we'll cause a spurious guest data abort. 1173 */ 1174 } else { 1175 trace_gicv3_its_write(offset, data, size); 1176 } 1177 return MEMTX_OK; 1178 } 1179 1180 static const MemoryRegionOps gicv3_its_control_ops = { 1181 .read_with_attrs = gicv3_its_read, 1182 .write_with_attrs = gicv3_its_write, 1183 .valid.min_access_size = 4, 1184 .valid.max_access_size = 8, 1185 .impl.min_access_size = 4, 1186 .impl.max_access_size = 8, 1187 .endianness = DEVICE_NATIVE_ENDIAN, 1188 }; 1189 1190 static const MemoryRegionOps gicv3_its_translation_ops = { 1191 .read_with_attrs = gicv3_its_translation_read, 1192 .write_with_attrs = gicv3_its_translation_write, 1193 .valid.min_access_size = 2, 1194 .valid.max_access_size = 4, 1195 .impl.min_access_size = 2, 1196 .impl.max_access_size = 4, 1197 .endianness = DEVICE_NATIVE_ENDIAN, 1198 }; 1199 1200 static void gicv3_arm_its_realize(DeviceState *dev, Error **errp) 1201 { 1202 GICv3ITSState *s = ARM_GICV3_ITS_COMMON(dev); 1203 int i; 1204 1205 for (i = 0; i < s->gicv3->num_cpu; i++) { 1206 if (!(s->gicv3->cpu[i].gicr_typer & GICR_TYPER_PLPIS)) { 1207 error_setg(errp, "Physical LPI not supported by CPU %d", i); 1208 return; 1209 } 1210 } 1211 1212 gicv3_its_init_mmio(s, &gicv3_its_control_ops, &gicv3_its_translation_ops); 1213 1214 /* set the ITS default features supported */ 1215 s->typer = FIELD_DP64(s->typer, GITS_TYPER, PHYSICAL, 1); 1216 s->typer = FIELD_DP64(s->typer, GITS_TYPER, ITT_ENTRY_SIZE, 1217 ITS_ITT_ENTRY_SIZE - 1); 1218 s->typer = FIELD_DP64(s->typer, GITS_TYPER, IDBITS, ITS_IDBITS); 1219 s->typer = FIELD_DP64(s->typer, GITS_TYPER, DEVBITS, ITS_DEVBITS); 1220 s->typer = FIELD_DP64(s->typer, GITS_TYPER, CIL, 1); 1221 s->typer = FIELD_DP64(s->typer, GITS_TYPER, CIDBITS, ITS_CIDBITS); 1222 } 1223 1224 static void gicv3_its_reset(DeviceState *dev) 1225 { 1226 GICv3ITSState *s = ARM_GICV3_ITS_COMMON(dev); 1227 GICv3ITSClass *c = ARM_GICV3_ITS_GET_CLASS(s); 1228 1229 c->parent_reset(dev); 1230 1231 /* Quiescent bit reset to 1 */ 1232 s->ctlr = FIELD_DP32(s->ctlr, GITS_CTLR, QUIESCENT, 1); 1233 1234 /* 1235 * setting GITS_BASER0.Type = 0b001 (Device) 1236 * GITS_BASER1.Type = 0b100 (Collection Table) 1237 * GITS_BASER<n>.Type,where n = 3 to 7 are 0b00 (Unimplemented) 1238 * GITS_BASER<0,1>.Page_Size = 64KB 1239 * and default translation table entry size to 16 bytes 1240 */ 1241 s->baser[0] = FIELD_DP64(s->baser[0], GITS_BASER, TYPE, 1242 GITS_BASER_TYPE_DEVICE); 1243 s->baser[0] = FIELD_DP64(s->baser[0], GITS_BASER, PAGESIZE, 1244 GITS_BASER_PAGESIZE_64K); 1245 s->baser[0] = FIELD_DP64(s->baser[0], GITS_BASER, ENTRYSIZE, 1246 GITS_DTE_SIZE - 1); 1247 1248 s->baser[1] = FIELD_DP64(s->baser[1], GITS_BASER, TYPE, 1249 GITS_BASER_TYPE_COLLECTION); 1250 s->baser[1] = FIELD_DP64(s->baser[1], GITS_BASER, PAGESIZE, 1251 GITS_BASER_PAGESIZE_64K); 1252 s->baser[1] = FIELD_DP64(s->baser[1], GITS_BASER, ENTRYSIZE, 1253 GITS_CTE_SIZE - 1); 1254 } 1255 1256 static void gicv3_its_post_load(GICv3ITSState *s) 1257 { 1258 if (s->ctlr & R_GITS_CTLR_ENABLED_MASK) { 1259 extract_table_params(s); 1260 extract_cmdq_params(s); 1261 } 1262 } 1263 1264 static Property gicv3_its_props[] = { 1265 DEFINE_PROP_LINK("parent-gicv3", GICv3ITSState, gicv3, "arm-gicv3", 1266 GICv3State *), 1267 DEFINE_PROP_END_OF_LIST(), 1268 }; 1269 1270 static void gicv3_its_class_init(ObjectClass *klass, void *data) 1271 { 1272 DeviceClass *dc = DEVICE_CLASS(klass); 1273 GICv3ITSClass *ic = ARM_GICV3_ITS_CLASS(klass); 1274 GICv3ITSCommonClass *icc = ARM_GICV3_ITS_COMMON_CLASS(klass); 1275 1276 dc->realize = gicv3_arm_its_realize; 1277 device_class_set_props(dc, gicv3_its_props); 1278 device_class_set_parent_reset(dc, gicv3_its_reset, &ic->parent_reset); 1279 icc->post_load = gicv3_its_post_load; 1280 } 1281 1282 static const TypeInfo gicv3_its_info = { 1283 .name = TYPE_ARM_GICV3_ITS, 1284 .parent = TYPE_ARM_GICV3_ITS_COMMON, 1285 .instance_size = sizeof(GICv3ITSState), 1286 .class_init = gicv3_its_class_init, 1287 .class_size = sizeof(GICv3ITSClass), 1288 }; 1289 1290 static void gicv3_its_register_types(void) 1291 { 1292 type_register_static(&gicv3_its_info); 1293 } 1294 1295 type_init(gicv3_its_register_types) 1296