xref: /openbmc/qemu/hw/intc/arm_gicv3_its.c (revision 91654e61)
1 /*
2  * ITS emulation for a GICv3-based system
3  *
4  * Copyright Linaro.org 2021
5  *
6  * Authors:
7  *  Shashi Mallela <shashi.mallela@linaro.org>
8  *
9  * This work is licensed under the terms of the GNU GPL, version 2 or (at your
10  * option) any later version.  See the COPYING file in the top-level directory.
11  *
12  */
13 
14 #include "qemu/osdep.h"
15 #include "qemu/log.h"
16 #include "hw/qdev-properties.h"
17 #include "hw/intc/arm_gicv3_its_common.h"
18 #include "gicv3_internal.h"
19 #include "qom/object.h"
20 #include "qapi/error.h"
21 
22 typedef struct GICv3ITSClass GICv3ITSClass;
23 /* This is reusing the GICv3ITSState typedef from ARM_GICV3_ITS_COMMON */
24 DECLARE_OBJ_CHECKERS(GICv3ITSState, GICv3ITSClass,
25                      ARM_GICV3_ITS, TYPE_ARM_GICV3_ITS)
26 
27 struct GICv3ITSClass {
28     GICv3ITSCommonClass parent_class;
29     void (*parent_reset)(DeviceState *dev);
30 };
31 
32 /*
33  * This is an internal enum used to distinguish between LPI triggered
34  * via command queue and LPI triggered via gits_translater write.
35  */
36 typedef enum ItsCmdType {
37     NONE = 0, /* internal indication for GITS_TRANSLATER write */
38     CLEAR = 1,
39     DISCARD = 2,
40     INTERRUPT = 3,
41 } ItsCmdType;
42 
43 typedef struct {
44     uint32_t iteh;
45     uint64_t itel;
46 } IteEntry;
47 
48 /*
49  * The ITS spec permits a range of CONSTRAINED UNPREDICTABLE options
50  * if a command parameter is not correct. These include both "stall
51  * processing of the command queue" and "ignore this command, and
52  * keep processing the queue". In our implementation we choose that
53  * memory transaction errors reading the command packet provoke a
54  * stall, but errors in parameters cause us to ignore the command
55  * and continue processing.
56  * The process_* functions which handle individual ITS commands all
57  * return an ItsCmdResult which tells process_cmdq() whether it should
58  * stall or keep going.
59  */
60 typedef enum ItsCmdResult {
61     CMD_STALL = 0,
62     CMD_CONTINUE = 1,
63 } ItsCmdResult;
64 
65 static uint64_t baser_base_addr(uint64_t value, uint32_t page_sz)
66 {
67     uint64_t result = 0;
68 
69     switch (page_sz) {
70     case GITS_PAGE_SIZE_4K:
71     case GITS_PAGE_SIZE_16K:
72         result = FIELD_EX64(value, GITS_BASER, PHYADDR) << 12;
73         break;
74 
75     case GITS_PAGE_SIZE_64K:
76         result = FIELD_EX64(value, GITS_BASER, PHYADDRL_64K) << 16;
77         result |= FIELD_EX64(value, GITS_BASER, PHYADDRH_64K) << 48;
78         break;
79 
80     default:
81         break;
82     }
83     return result;
84 }
85 
86 static uint64_t table_entry_addr(GICv3ITSState *s, TableDesc *td,
87                                  uint32_t idx, MemTxResult *res)
88 {
89     /*
90      * Given a TableDesc describing one of the ITS in-guest-memory
91      * tables and an index into it, return the guest address
92      * corresponding to that table entry.
93      * If there was a memory error reading the L1 table of an
94      * indirect table, *res is set accordingly, and we return -1.
95      * If the L1 table entry is marked not valid, we return -1 with
96      * *res set to MEMTX_OK.
97      *
98      * The specification defines the format of level 1 entries of a
99      * 2-level table, but the format of level 2 entries and the format
100      * of flat-mapped tables is IMPDEF.
101      */
102     AddressSpace *as = &s->gicv3->dma_as;
103     uint32_t l2idx;
104     uint64_t l2;
105     uint32_t num_l2_entries;
106 
107     *res = MEMTX_OK;
108 
109     if (!td->indirect) {
110         /* Single level table */
111         return td->base_addr + idx * td->entry_sz;
112     }
113 
114     /* Two level table */
115     l2idx = idx / (td->page_sz / L1TABLE_ENTRY_SIZE);
116 
117     l2 = address_space_ldq_le(as,
118                               td->base_addr + (l2idx * L1TABLE_ENTRY_SIZE),
119                               MEMTXATTRS_UNSPECIFIED, res);
120     if (*res != MEMTX_OK) {
121         return -1;
122     }
123     if (!(l2 & L2_TABLE_VALID_MASK)) {
124         return -1;
125     }
126 
127     num_l2_entries = td->page_sz / td->entry_sz;
128     return (l2 & ((1ULL << 51) - 1)) + (idx % num_l2_entries) * td->entry_sz;
129 }
130 
131 static bool get_cte(GICv3ITSState *s, uint16_t icid, uint64_t *cte,
132                     MemTxResult *res)
133 {
134     AddressSpace *as = &s->gicv3->dma_as;
135     uint64_t entry_addr = table_entry_addr(s, &s->ct, icid, res);
136 
137     if (entry_addr == -1) {
138         return false; /* not valid */
139     }
140 
141     *cte = address_space_ldq_le(as, entry_addr, MEMTXATTRS_UNSPECIFIED, res);
142     return FIELD_EX64(*cte, CTE, VALID);
143 }
144 
145 static bool update_ite(GICv3ITSState *s, uint32_t eventid, uint64_t dte,
146                        IteEntry ite)
147 {
148     AddressSpace *as = &s->gicv3->dma_as;
149     uint64_t itt_addr;
150     MemTxResult res = MEMTX_OK;
151 
152     itt_addr = FIELD_EX64(dte, DTE, ITTADDR);
153     itt_addr <<= ITTADDR_SHIFT; /* 256 byte aligned */
154 
155     address_space_stq_le(as, itt_addr + (eventid * (sizeof(uint64_t) +
156                          sizeof(uint32_t))), ite.itel, MEMTXATTRS_UNSPECIFIED,
157                          &res);
158 
159     if (res == MEMTX_OK) {
160         address_space_stl_le(as, itt_addr + (eventid * (sizeof(uint64_t) +
161                              sizeof(uint32_t))) + sizeof(uint32_t), ite.iteh,
162                              MEMTXATTRS_UNSPECIFIED, &res);
163     }
164     if (res != MEMTX_OK) {
165         return false;
166     } else {
167         return true;
168     }
169 }
170 
171 static bool get_ite(GICv3ITSState *s, uint32_t eventid, uint64_t dte,
172                     uint16_t *icid, uint32_t *pIntid, MemTxResult *res)
173 {
174     AddressSpace *as = &s->gicv3->dma_as;
175     uint64_t itt_addr;
176     bool status = false;
177     IteEntry ite = {};
178 
179     itt_addr = FIELD_EX64(dte, DTE, ITTADDR);
180     itt_addr <<= ITTADDR_SHIFT; /* 256 byte aligned */
181 
182     ite.itel = address_space_ldq_le(as, itt_addr +
183                                     (eventid * (sizeof(uint64_t) +
184                                     sizeof(uint32_t))), MEMTXATTRS_UNSPECIFIED,
185                                     res);
186 
187     if (*res == MEMTX_OK) {
188         ite.iteh = address_space_ldl_le(as, itt_addr +
189                                         (eventid * (sizeof(uint64_t) +
190                                         sizeof(uint32_t))) + sizeof(uint32_t),
191                                         MEMTXATTRS_UNSPECIFIED, res);
192 
193         if (*res == MEMTX_OK) {
194             if (FIELD_EX64(ite.itel, ITE_L, VALID)) {
195                 int inttype = FIELD_EX64(ite.itel, ITE_L, INTTYPE);
196                 if (inttype == ITE_INTTYPE_PHYSICAL) {
197                     *pIntid = FIELD_EX64(ite.itel, ITE_L, INTID);
198                     *icid = FIELD_EX32(ite.iteh, ITE_H, ICID);
199                     status = true;
200                 }
201             }
202         }
203     }
204     return status;
205 }
206 
207 static uint64_t get_dte(GICv3ITSState *s, uint32_t devid, MemTxResult *res)
208 {
209     AddressSpace *as = &s->gicv3->dma_as;
210     uint64_t entry_addr = table_entry_addr(s, &s->dt, devid, res);
211 
212     if (entry_addr == -1) {
213         return 0; /* a DTE entry with the Valid bit clear */
214     }
215     return address_space_ldq_le(as, entry_addr, MEMTXATTRS_UNSPECIFIED, res);
216 }
217 
218 /*
219  * This function handles the processing of following commands based on
220  * the ItsCmdType parameter passed:-
221  * 1. triggering of lpi interrupt translation via ITS INT command
222  * 2. triggering of lpi interrupt translation via gits_translater register
223  * 3. handling of ITS CLEAR command
224  * 4. handling of ITS DISCARD command
225  */
226 static ItsCmdResult process_its_cmd(GICv3ITSState *s, uint64_t value,
227                                     uint32_t offset, ItsCmdType cmd)
228 {
229     AddressSpace *as = &s->gicv3->dma_as;
230     uint32_t devid, eventid;
231     MemTxResult res = MEMTX_OK;
232     bool dte_valid;
233     uint64_t dte = 0;
234     uint64_t num_eventids;
235     uint16_t icid = 0;
236     uint32_t pIntid = 0;
237     bool ite_valid = false;
238     uint64_t cte = 0;
239     bool cte_valid = false;
240     uint64_t rdbase;
241 
242     if (cmd == NONE) {
243         devid = offset;
244     } else {
245         devid = ((value & DEVID_MASK) >> DEVID_SHIFT);
246 
247         offset += NUM_BYTES_IN_DW;
248         value = address_space_ldq_le(as, s->cq.base_addr + offset,
249                                      MEMTXATTRS_UNSPECIFIED, &res);
250     }
251 
252     if (res != MEMTX_OK) {
253         return CMD_STALL;
254     }
255 
256     eventid = (value & EVENTID_MASK);
257 
258     if (devid >= s->dt.num_ids) {
259         qemu_log_mask(LOG_GUEST_ERROR,
260                       "%s: invalid command attributes: devid %d>=%d",
261                       __func__, devid, s->dt.num_ids);
262         return CMD_CONTINUE;
263     }
264 
265     dte = get_dte(s, devid, &res);
266 
267     if (res != MEMTX_OK) {
268         return CMD_STALL;
269     }
270     dte_valid = FIELD_EX64(dte, DTE, VALID);
271 
272     if (!dte_valid) {
273         qemu_log_mask(LOG_GUEST_ERROR,
274                       "%s: invalid command attributes: "
275                       "invalid dte: %"PRIx64" for %d\n",
276                       __func__, dte, devid);
277         return CMD_CONTINUE;
278     }
279 
280     num_eventids = 1ULL << (FIELD_EX64(dte, DTE, SIZE) + 1);
281 
282     if (eventid >= num_eventids) {
283         qemu_log_mask(LOG_GUEST_ERROR,
284                       "%s: invalid command attributes: eventid %d >= %"
285                       PRId64 "\n",
286                       __func__, eventid, num_eventids);
287         return CMD_CONTINUE;
288     }
289 
290     ite_valid = get_ite(s, eventid, dte, &icid, &pIntid, &res);
291     if (res != MEMTX_OK) {
292         return CMD_STALL;
293     }
294 
295     if (!ite_valid) {
296         qemu_log_mask(LOG_GUEST_ERROR,
297                       "%s: invalid command attributes: invalid ITE\n",
298                       __func__);
299         return CMD_CONTINUE;
300     }
301 
302     if (icid >= s->ct.num_ids) {
303         qemu_log_mask(LOG_GUEST_ERROR,
304                       "%s: invalid ICID 0x%x in ITE (table corrupted?)\n",
305                       __func__, icid);
306         return CMD_CONTINUE;
307     }
308 
309     cte_valid = get_cte(s, icid, &cte, &res);
310     if (res != MEMTX_OK) {
311         return CMD_STALL;
312     }
313     if (!cte_valid) {
314         qemu_log_mask(LOG_GUEST_ERROR,
315                       "%s: invalid command attributes: "
316                       "invalid cte: %"PRIx64"\n",
317                       __func__, cte);
318         return CMD_CONTINUE;
319     }
320 
321     /*
322      * Current implementation only supports rdbase == procnum
323      * Hence rdbase physical address is ignored
324      */
325     rdbase = FIELD_EX64(cte, CTE, RDBASE);
326 
327     if (rdbase >= s->gicv3->num_cpu) {
328         return CMD_CONTINUE;
329     }
330 
331     if ((cmd == CLEAR) || (cmd == DISCARD)) {
332         gicv3_redist_process_lpi(&s->gicv3->cpu[rdbase], pIntid, 0);
333     } else {
334         gicv3_redist_process_lpi(&s->gicv3->cpu[rdbase], pIntid, 1);
335     }
336 
337     if (cmd == DISCARD) {
338         IteEntry ite = {};
339         /* remove mapping from interrupt translation table */
340         return update_ite(s, eventid, dte, ite) ? CMD_CONTINUE : CMD_STALL;
341     }
342     return CMD_CONTINUE;
343 }
344 
345 static ItsCmdResult process_mapti(GICv3ITSState *s, uint64_t value,
346                                   uint32_t offset, bool ignore_pInt)
347 {
348     AddressSpace *as = &s->gicv3->dma_as;
349     uint32_t devid, eventid;
350     uint32_t pIntid = 0;
351     uint64_t num_eventids;
352     uint32_t num_intids;
353     bool dte_valid;
354     MemTxResult res = MEMTX_OK;
355     uint16_t icid = 0;
356     uint64_t dte = 0;
357     IteEntry ite = {};
358 
359     devid = ((value & DEVID_MASK) >> DEVID_SHIFT);
360     offset += NUM_BYTES_IN_DW;
361     value = address_space_ldq_le(as, s->cq.base_addr + offset,
362                                  MEMTXATTRS_UNSPECIFIED, &res);
363 
364     if (res != MEMTX_OK) {
365         return CMD_STALL;
366     }
367 
368     eventid = (value & EVENTID_MASK);
369 
370     if (ignore_pInt) {
371         pIntid = eventid;
372     } else {
373         pIntid = ((value & pINTID_MASK) >> pINTID_SHIFT);
374     }
375 
376     offset += NUM_BYTES_IN_DW;
377     value = address_space_ldq_le(as, s->cq.base_addr + offset,
378                                  MEMTXATTRS_UNSPECIFIED, &res);
379 
380     if (res != MEMTX_OK) {
381         return CMD_STALL;
382     }
383 
384     icid = value & ICID_MASK;
385 
386     if (devid >= s->dt.num_ids) {
387         qemu_log_mask(LOG_GUEST_ERROR,
388                       "%s: invalid command attributes: devid %d>=%d",
389                       __func__, devid, s->dt.num_ids);
390         return CMD_CONTINUE;
391     }
392 
393     dte = get_dte(s, devid, &res);
394 
395     if (res != MEMTX_OK) {
396         return CMD_STALL;
397     }
398     dte_valid = FIELD_EX64(dte, DTE, VALID);
399     num_eventids = 1ULL << (FIELD_EX64(dte, DTE, SIZE) + 1);
400     num_intids = 1ULL << (GICD_TYPER_IDBITS + 1);
401 
402     if ((icid >= s->ct.num_ids)
403             || !dte_valid || (eventid >= num_eventids) ||
404             (((pIntid < GICV3_LPI_INTID_START) || (pIntid >= num_intids)) &&
405              (pIntid != INTID_SPURIOUS))) {
406         qemu_log_mask(LOG_GUEST_ERROR,
407                       "%s: invalid command attributes "
408                       "icid %d or eventid %d or pIntid %d or"
409                       "unmapped dte %d\n", __func__, icid, eventid,
410                       pIntid, dte_valid);
411         /*
412          * in this implementation, in case of error
413          * we ignore this command and move onto the next
414          * command in the queue
415          */
416         return CMD_CONTINUE;
417     }
418 
419     /* add ite entry to interrupt translation table */
420     ite.itel = FIELD_DP64(ite.itel, ITE_L, VALID, dte_valid);
421     ite.itel = FIELD_DP64(ite.itel, ITE_L, INTTYPE, ITE_INTTYPE_PHYSICAL);
422     ite.itel = FIELD_DP64(ite.itel, ITE_L, INTID, pIntid);
423     ite.itel = FIELD_DP64(ite.itel, ITE_L, DOORBELL, INTID_SPURIOUS);
424     ite.iteh = FIELD_DP32(ite.iteh, ITE_H, ICID, icid);
425 
426     return update_ite(s, eventid, dte, ite) ? CMD_CONTINUE : CMD_STALL;
427 }
428 
429 static bool update_cte(GICv3ITSState *s, uint16_t icid, bool valid,
430                        uint64_t rdbase)
431 {
432     AddressSpace *as = &s->gicv3->dma_as;
433     uint64_t entry_addr;
434     uint64_t cte = 0;
435     MemTxResult res = MEMTX_OK;
436 
437     if (!s->ct.valid) {
438         return true;
439     }
440 
441     if (valid) {
442         /* add mapping entry to collection table */
443         cte = FIELD_DP64(cte, CTE, VALID, 1);
444         cte = FIELD_DP64(cte, CTE, RDBASE, rdbase);
445     }
446 
447     entry_addr = table_entry_addr(s, &s->ct, icid, &res);
448     if (res != MEMTX_OK) {
449         /* memory access error: stall */
450         return false;
451     }
452     if (entry_addr == -1) {
453         /* No L2 table for this index: discard write and continue */
454         return true;
455     }
456 
457     address_space_stq_le(as, entry_addr, cte, MEMTXATTRS_UNSPECIFIED, &res);
458     return res == MEMTX_OK;
459 }
460 
461 static ItsCmdResult process_mapc(GICv3ITSState *s, uint32_t offset)
462 {
463     AddressSpace *as = &s->gicv3->dma_as;
464     uint16_t icid;
465     uint64_t rdbase;
466     bool valid;
467     MemTxResult res = MEMTX_OK;
468     uint64_t value;
469 
470     offset += NUM_BYTES_IN_DW;
471     offset += NUM_BYTES_IN_DW;
472 
473     value = address_space_ldq_le(as, s->cq.base_addr + offset,
474                                  MEMTXATTRS_UNSPECIFIED, &res);
475 
476     if (res != MEMTX_OK) {
477         return CMD_STALL;
478     }
479 
480     icid = value & ICID_MASK;
481 
482     rdbase = (value & R_MAPC_RDBASE_MASK) >> R_MAPC_RDBASE_SHIFT;
483     rdbase &= RDBASE_PROCNUM_MASK;
484 
485     valid = (value & CMD_FIELD_VALID_MASK);
486 
487     if ((icid >= s->ct.num_ids) || (rdbase >= s->gicv3->num_cpu)) {
488         qemu_log_mask(LOG_GUEST_ERROR,
489                       "ITS MAPC: invalid collection table attributes "
490                       "icid %d rdbase %" PRIu64 "\n",  icid, rdbase);
491         /*
492          * in this implementation, in case of error
493          * we ignore this command and move onto the next
494          * command in the queue
495          */
496         return CMD_CONTINUE;
497     }
498 
499     return update_cte(s, icid, valid, rdbase) ? CMD_CONTINUE : CMD_STALL;
500 }
501 
502 static bool update_dte(GICv3ITSState *s, uint32_t devid, bool valid,
503                        uint8_t size, uint64_t itt_addr)
504 {
505     AddressSpace *as = &s->gicv3->dma_as;
506     uint64_t entry_addr;
507     uint64_t dte = 0;
508     MemTxResult res = MEMTX_OK;
509 
510     if (s->dt.valid) {
511         if (valid) {
512             /* add mapping entry to device table */
513             dte = FIELD_DP64(dte, DTE, VALID, 1);
514             dte = FIELD_DP64(dte, DTE, SIZE, size);
515             dte = FIELD_DP64(dte, DTE, ITTADDR, itt_addr);
516         }
517     } else {
518         return true;
519     }
520 
521     entry_addr = table_entry_addr(s, &s->dt, devid, &res);
522     if (res != MEMTX_OK) {
523         /* memory access error: stall */
524         return false;
525     }
526     if (entry_addr == -1) {
527         /* No L2 table for this index: discard write and continue */
528         return true;
529     }
530     address_space_stq_le(as, entry_addr, dte, MEMTXATTRS_UNSPECIFIED, &res);
531     return res == MEMTX_OK;
532 }
533 
534 static ItsCmdResult process_mapd(GICv3ITSState *s, uint64_t value,
535                                  uint32_t offset)
536 {
537     AddressSpace *as = &s->gicv3->dma_as;
538     uint32_t devid;
539     uint8_t size;
540     uint64_t itt_addr;
541     bool valid;
542     MemTxResult res = MEMTX_OK;
543 
544     devid = ((value & DEVID_MASK) >> DEVID_SHIFT);
545 
546     offset += NUM_BYTES_IN_DW;
547     value = address_space_ldq_le(as, s->cq.base_addr + offset,
548                                  MEMTXATTRS_UNSPECIFIED, &res);
549 
550     if (res != MEMTX_OK) {
551         return CMD_STALL;
552     }
553 
554     size = (value & SIZE_MASK);
555 
556     offset += NUM_BYTES_IN_DW;
557     value = address_space_ldq_le(as, s->cq.base_addr + offset,
558                                  MEMTXATTRS_UNSPECIFIED, &res);
559 
560     if (res != MEMTX_OK) {
561         return CMD_STALL;
562     }
563 
564     itt_addr = (value & ITTADDR_MASK) >> ITTADDR_SHIFT;
565 
566     valid = (value & CMD_FIELD_VALID_MASK);
567 
568     if ((devid >= s->dt.num_ids) ||
569         (size > FIELD_EX64(s->typer, GITS_TYPER, IDBITS))) {
570         qemu_log_mask(LOG_GUEST_ERROR,
571                       "ITS MAPD: invalid device table attributes "
572                       "devid %d or size %d\n", devid, size);
573         /*
574          * in this implementation, in case of error
575          * we ignore this command and move onto the next
576          * command in the queue
577          */
578         return CMD_CONTINUE;
579     }
580 
581     return update_dte(s, devid, valid, size, itt_addr) ? CMD_CONTINUE : CMD_STALL;
582 }
583 
584 /*
585  * Current implementation blocks until all
586  * commands are processed
587  */
588 static void process_cmdq(GICv3ITSState *s)
589 {
590     uint32_t wr_offset = 0;
591     uint32_t rd_offset = 0;
592     uint32_t cq_offset = 0;
593     uint64_t data;
594     AddressSpace *as = &s->gicv3->dma_as;
595     MemTxResult res = MEMTX_OK;
596     uint8_t cmd;
597     int i;
598 
599     if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) {
600         return;
601     }
602 
603     wr_offset = FIELD_EX64(s->cwriter, GITS_CWRITER, OFFSET);
604 
605     if (wr_offset >= s->cq.num_entries) {
606         qemu_log_mask(LOG_GUEST_ERROR,
607                       "%s: invalid write offset "
608                       "%d\n", __func__, wr_offset);
609         return;
610     }
611 
612     rd_offset = FIELD_EX64(s->creadr, GITS_CREADR, OFFSET);
613 
614     if (rd_offset >= s->cq.num_entries) {
615         qemu_log_mask(LOG_GUEST_ERROR,
616                       "%s: invalid read offset "
617                       "%d\n", __func__, rd_offset);
618         return;
619     }
620 
621     while (wr_offset != rd_offset) {
622         ItsCmdResult result = CMD_CONTINUE;
623 
624         cq_offset = (rd_offset * GITS_CMDQ_ENTRY_SIZE);
625         data = address_space_ldq_le(as, s->cq.base_addr + cq_offset,
626                                     MEMTXATTRS_UNSPECIFIED, &res);
627         if (res != MEMTX_OK) {
628             s->creadr = FIELD_DP64(s->creadr, GITS_CREADR, STALLED, 1);
629             qemu_log_mask(LOG_GUEST_ERROR,
630                           "%s: could not read command at 0x%" PRIx64 "\n",
631                           __func__, s->cq.base_addr + cq_offset);
632             break;
633         }
634 
635         cmd = (data & CMD_MASK);
636 
637         switch (cmd) {
638         case GITS_CMD_INT:
639             result = process_its_cmd(s, data, cq_offset, INTERRUPT);
640             break;
641         case GITS_CMD_CLEAR:
642             result = process_its_cmd(s, data, cq_offset, CLEAR);
643             break;
644         case GITS_CMD_SYNC:
645             /*
646              * Current implementation makes a blocking synchronous call
647              * for every command issued earlier, hence the internal state
648              * is already consistent by the time SYNC command is executed.
649              * Hence no further processing is required for SYNC command.
650              */
651             break;
652         case GITS_CMD_MAPD:
653             result = process_mapd(s, data, cq_offset);
654             break;
655         case GITS_CMD_MAPC:
656             result = process_mapc(s, cq_offset);
657             break;
658         case GITS_CMD_MAPTI:
659             result = process_mapti(s, data, cq_offset, false);
660             break;
661         case GITS_CMD_MAPI:
662             result = process_mapti(s, data, cq_offset, true);
663             break;
664         case GITS_CMD_DISCARD:
665             result = process_its_cmd(s, data, cq_offset, DISCARD);
666             break;
667         case GITS_CMD_INV:
668         case GITS_CMD_INVALL:
669             /*
670              * Current implementation doesn't cache any ITS tables,
671              * but the calculated lpi priority information. We only
672              * need to trigger lpi priority re-calculation to be in
673              * sync with LPI config table or pending table changes.
674              */
675             for (i = 0; i < s->gicv3->num_cpu; i++) {
676                 gicv3_redist_update_lpi(&s->gicv3->cpu[i]);
677             }
678             break;
679         default:
680             break;
681         }
682         if (result == CMD_CONTINUE) {
683             rd_offset++;
684             rd_offset %= s->cq.num_entries;
685             s->creadr = FIELD_DP64(s->creadr, GITS_CREADR, OFFSET, rd_offset);
686         } else {
687             /* CMD_STALL */
688             s->creadr = FIELD_DP64(s->creadr, GITS_CREADR, STALLED, 1);
689             qemu_log_mask(LOG_GUEST_ERROR,
690                           "%s: 0x%x cmd processing failed, stalling\n",
691                           __func__, cmd);
692             break;
693         }
694     }
695 }
696 
697 /*
698  * This function extracts the ITS Device and Collection table specific
699  * parameters (like base_addr, size etc) from GITS_BASER register.
700  * It is called during ITS enable and also during post_load migration
701  */
702 static void extract_table_params(GICv3ITSState *s)
703 {
704     uint16_t num_pages = 0;
705     uint8_t  page_sz_type;
706     uint8_t type;
707     uint32_t page_sz = 0;
708     uint64_t value;
709 
710     for (int i = 0; i < 8; i++) {
711         TableDesc *td;
712         int idbits;
713 
714         value = s->baser[i];
715 
716         if (!value) {
717             continue;
718         }
719 
720         page_sz_type = FIELD_EX64(value, GITS_BASER, PAGESIZE);
721 
722         switch (page_sz_type) {
723         case 0:
724             page_sz = GITS_PAGE_SIZE_4K;
725             break;
726 
727         case 1:
728             page_sz = GITS_PAGE_SIZE_16K;
729             break;
730 
731         case 2:
732         case 3:
733             page_sz = GITS_PAGE_SIZE_64K;
734             break;
735 
736         default:
737             g_assert_not_reached();
738         }
739 
740         num_pages = FIELD_EX64(value, GITS_BASER, SIZE) + 1;
741 
742         type = FIELD_EX64(value, GITS_BASER, TYPE);
743 
744         switch (type) {
745         case GITS_BASER_TYPE_DEVICE:
746             td = &s->dt;
747             idbits = FIELD_EX64(s->typer, GITS_TYPER, DEVBITS) + 1;
748             break;
749         case GITS_BASER_TYPE_COLLECTION:
750             td = &s->ct;
751             if (FIELD_EX64(s->typer, GITS_TYPER, CIL)) {
752                 idbits = FIELD_EX64(s->typer, GITS_TYPER, CIDBITS) + 1;
753             } else {
754                 /* 16-bit CollectionId supported when CIL == 0 */
755                 idbits = 16;
756             }
757             break;
758         default:
759             /*
760              * GITS_BASER<n>.TYPE is read-only, so GITS_BASER_RO_MASK
761              * ensures we will only see type values corresponding to
762              * the values set up in gicv3_its_reset().
763              */
764             g_assert_not_reached();
765         }
766 
767         memset(td, 0, sizeof(*td));
768         td->valid = FIELD_EX64(value, GITS_BASER, VALID);
769         /*
770          * If GITS_BASER<n>.Valid is 0 for any <n> then we will not process
771          * interrupts. (GITS_TYPER.HCC is 0 for this implementation, so we
772          * do not have a special case where the GITS_BASER<n>.Valid bit is 0
773          * for the register corresponding to the Collection table but we
774          * still have to process interrupts using non-memory-backed
775          * Collection table entries.)
776          */
777         if (!td->valid) {
778             continue;
779         }
780         td->page_sz = page_sz;
781         td->indirect = FIELD_EX64(value, GITS_BASER, INDIRECT);
782         td->entry_sz = FIELD_EX64(value, GITS_BASER, ENTRYSIZE) + 1;
783         td->base_addr = baser_base_addr(value, page_sz);
784         if (!td->indirect) {
785             td->num_entries = (num_pages * page_sz) / td->entry_sz;
786         } else {
787             td->num_entries = (((num_pages * page_sz) /
788                                   L1TABLE_ENTRY_SIZE) *
789                                  (page_sz / td->entry_sz));
790         }
791         td->num_ids = 1ULL << idbits;
792     }
793 }
794 
795 static void extract_cmdq_params(GICv3ITSState *s)
796 {
797     uint16_t num_pages = 0;
798     uint64_t value = s->cbaser;
799 
800     num_pages = FIELD_EX64(value, GITS_CBASER, SIZE) + 1;
801 
802     memset(&s->cq, 0 , sizeof(s->cq));
803     s->cq.valid = FIELD_EX64(value, GITS_CBASER, VALID);
804 
805     if (s->cq.valid) {
806         s->cq.num_entries = (num_pages * GITS_PAGE_SIZE_4K) /
807                              GITS_CMDQ_ENTRY_SIZE;
808         s->cq.base_addr = FIELD_EX64(value, GITS_CBASER, PHYADDR);
809         s->cq.base_addr <<= R_GITS_CBASER_PHYADDR_SHIFT;
810     }
811 }
812 
813 static MemTxResult gicv3_its_translation_write(void *opaque, hwaddr offset,
814                                                uint64_t data, unsigned size,
815                                                MemTxAttrs attrs)
816 {
817     GICv3ITSState *s = (GICv3ITSState *)opaque;
818     bool result = true;
819     uint32_t devid = 0;
820 
821     switch (offset) {
822     case GITS_TRANSLATER:
823         if (s->ctlr & R_GITS_CTLR_ENABLED_MASK) {
824             devid = attrs.requester_id;
825             result = process_its_cmd(s, data, devid, NONE);
826         }
827         break;
828     default:
829         break;
830     }
831 
832     if (result) {
833         return MEMTX_OK;
834     } else {
835         return MEMTX_ERROR;
836     }
837 }
838 
839 static bool its_writel(GICv3ITSState *s, hwaddr offset,
840                               uint64_t value, MemTxAttrs attrs)
841 {
842     bool result = true;
843     int index;
844 
845     switch (offset) {
846     case GITS_CTLR:
847         if (value & R_GITS_CTLR_ENABLED_MASK) {
848             s->ctlr |= R_GITS_CTLR_ENABLED_MASK;
849             extract_table_params(s);
850             extract_cmdq_params(s);
851             s->creadr = 0;
852             process_cmdq(s);
853         } else {
854             s->ctlr &= ~R_GITS_CTLR_ENABLED_MASK;
855         }
856         break;
857     case GITS_CBASER:
858         /*
859          * IMPDEF choice:- GITS_CBASER register becomes RO if ITS is
860          *                 already enabled
861          */
862         if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) {
863             s->cbaser = deposit64(s->cbaser, 0, 32, value);
864             s->creadr = 0;
865             s->cwriter = s->creadr;
866         }
867         break;
868     case GITS_CBASER + 4:
869         /*
870          * IMPDEF choice:- GITS_CBASER register becomes RO if ITS is
871          *                 already enabled
872          */
873         if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) {
874             s->cbaser = deposit64(s->cbaser, 32, 32, value);
875             s->creadr = 0;
876             s->cwriter = s->creadr;
877         }
878         break;
879     case GITS_CWRITER:
880         s->cwriter = deposit64(s->cwriter, 0, 32,
881                                (value & ~R_GITS_CWRITER_RETRY_MASK));
882         if (s->cwriter != s->creadr) {
883             process_cmdq(s);
884         }
885         break;
886     case GITS_CWRITER + 4:
887         s->cwriter = deposit64(s->cwriter, 32, 32, value);
888         break;
889     case GITS_CREADR:
890         if (s->gicv3->gicd_ctlr & GICD_CTLR_DS) {
891             s->creadr = deposit64(s->creadr, 0, 32,
892                                   (value & ~R_GITS_CREADR_STALLED_MASK));
893         } else {
894             /* RO register, ignore the write */
895             qemu_log_mask(LOG_GUEST_ERROR,
896                           "%s: invalid guest write to RO register at offset "
897                           TARGET_FMT_plx "\n", __func__, offset);
898         }
899         break;
900     case GITS_CREADR + 4:
901         if (s->gicv3->gicd_ctlr & GICD_CTLR_DS) {
902             s->creadr = deposit64(s->creadr, 32, 32, value);
903         } else {
904             /* RO register, ignore the write */
905             qemu_log_mask(LOG_GUEST_ERROR,
906                           "%s: invalid guest write to RO register at offset "
907                           TARGET_FMT_plx "\n", __func__, offset);
908         }
909         break;
910     case GITS_BASER ... GITS_BASER + 0x3f:
911         /*
912          * IMPDEF choice:- GITS_BASERn register becomes RO if ITS is
913          *                 already enabled
914          */
915         if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) {
916             index = (offset - GITS_BASER) / 8;
917 
918             if (offset & 7) {
919                 value <<= 32;
920                 value &= ~GITS_BASER_RO_MASK;
921                 s->baser[index] &= GITS_BASER_RO_MASK | MAKE_64BIT_MASK(0, 32);
922                 s->baser[index] |= value;
923             } else {
924                 value &= ~GITS_BASER_RO_MASK;
925                 s->baser[index] &= GITS_BASER_RO_MASK | MAKE_64BIT_MASK(32, 32);
926                 s->baser[index] |= value;
927             }
928         }
929         break;
930     case GITS_IIDR:
931     case GITS_IDREGS ... GITS_IDREGS + 0x2f:
932         /* RO registers, ignore the write */
933         qemu_log_mask(LOG_GUEST_ERROR,
934                       "%s: invalid guest write to RO register at offset "
935                       TARGET_FMT_plx "\n", __func__, offset);
936         break;
937     default:
938         result = false;
939         break;
940     }
941     return result;
942 }
943 
944 static bool its_readl(GICv3ITSState *s, hwaddr offset,
945                              uint64_t *data, MemTxAttrs attrs)
946 {
947     bool result = true;
948     int index;
949 
950     switch (offset) {
951     case GITS_CTLR:
952         *data = s->ctlr;
953         break;
954     case GITS_IIDR:
955         *data = gicv3_iidr();
956         break;
957     case GITS_IDREGS ... GITS_IDREGS + 0x2f:
958         /* ID registers */
959         *data = gicv3_idreg(offset - GITS_IDREGS);
960         break;
961     case GITS_TYPER:
962         *data = extract64(s->typer, 0, 32);
963         break;
964     case GITS_TYPER + 4:
965         *data = extract64(s->typer, 32, 32);
966         break;
967     case GITS_CBASER:
968         *data = extract64(s->cbaser, 0, 32);
969         break;
970     case GITS_CBASER + 4:
971         *data = extract64(s->cbaser, 32, 32);
972         break;
973     case GITS_CREADR:
974         *data = extract64(s->creadr, 0, 32);
975         break;
976     case GITS_CREADR + 4:
977         *data = extract64(s->creadr, 32, 32);
978         break;
979     case GITS_CWRITER:
980         *data = extract64(s->cwriter, 0, 32);
981         break;
982     case GITS_CWRITER + 4:
983         *data = extract64(s->cwriter, 32, 32);
984         break;
985     case GITS_BASER ... GITS_BASER + 0x3f:
986         index = (offset - GITS_BASER) / 8;
987         if (offset & 7) {
988             *data = extract64(s->baser[index], 32, 32);
989         } else {
990             *data = extract64(s->baser[index], 0, 32);
991         }
992         break;
993     default:
994         result = false;
995         break;
996     }
997     return result;
998 }
999 
1000 static bool its_writell(GICv3ITSState *s, hwaddr offset,
1001                                uint64_t value, MemTxAttrs attrs)
1002 {
1003     bool result = true;
1004     int index;
1005 
1006     switch (offset) {
1007     case GITS_BASER ... GITS_BASER + 0x3f:
1008         /*
1009          * IMPDEF choice:- GITS_BASERn register becomes RO if ITS is
1010          *                 already enabled
1011          */
1012         if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) {
1013             index = (offset - GITS_BASER) / 8;
1014             s->baser[index] &= GITS_BASER_RO_MASK;
1015             s->baser[index] |= (value & ~GITS_BASER_RO_MASK);
1016         }
1017         break;
1018     case GITS_CBASER:
1019         /*
1020          * IMPDEF choice:- GITS_CBASER register becomes RO if ITS is
1021          *                 already enabled
1022          */
1023         if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) {
1024             s->cbaser = value;
1025             s->creadr = 0;
1026             s->cwriter = s->creadr;
1027         }
1028         break;
1029     case GITS_CWRITER:
1030         s->cwriter = value & ~R_GITS_CWRITER_RETRY_MASK;
1031         if (s->cwriter != s->creadr) {
1032             process_cmdq(s);
1033         }
1034         break;
1035     case GITS_CREADR:
1036         if (s->gicv3->gicd_ctlr & GICD_CTLR_DS) {
1037             s->creadr = value & ~R_GITS_CREADR_STALLED_MASK;
1038         } else {
1039             /* RO register, ignore the write */
1040             qemu_log_mask(LOG_GUEST_ERROR,
1041                           "%s: invalid guest write to RO register at offset "
1042                           TARGET_FMT_plx "\n", __func__, offset);
1043         }
1044         break;
1045     case GITS_TYPER:
1046         /* RO registers, ignore the write */
1047         qemu_log_mask(LOG_GUEST_ERROR,
1048                       "%s: invalid guest write to RO register at offset "
1049                       TARGET_FMT_plx "\n", __func__, offset);
1050         break;
1051     default:
1052         result = false;
1053         break;
1054     }
1055     return result;
1056 }
1057 
1058 static bool its_readll(GICv3ITSState *s, hwaddr offset,
1059                               uint64_t *data, MemTxAttrs attrs)
1060 {
1061     bool result = true;
1062     int index;
1063 
1064     switch (offset) {
1065     case GITS_TYPER:
1066         *data = s->typer;
1067         break;
1068     case GITS_BASER ... GITS_BASER + 0x3f:
1069         index = (offset - GITS_BASER) / 8;
1070         *data = s->baser[index];
1071         break;
1072     case GITS_CBASER:
1073         *data = s->cbaser;
1074         break;
1075     case GITS_CREADR:
1076         *data = s->creadr;
1077         break;
1078     case GITS_CWRITER:
1079         *data = s->cwriter;
1080         break;
1081     default:
1082         result = false;
1083         break;
1084     }
1085     return result;
1086 }
1087 
1088 static MemTxResult gicv3_its_read(void *opaque, hwaddr offset, uint64_t *data,
1089                                   unsigned size, MemTxAttrs attrs)
1090 {
1091     GICv3ITSState *s = (GICv3ITSState *)opaque;
1092     bool result;
1093 
1094     switch (size) {
1095     case 4:
1096         result = its_readl(s, offset, data, attrs);
1097         break;
1098     case 8:
1099         result = its_readll(s, offset, data, attrs);
1100         break;
1101     default:
1102         result = false;
1103         break;
1104     }
1105 
1106     if (!result) {
1107         qemu_log_mask(LOG_GUEST_ERROR,
1108                       "%s: invalid guest read at offset " TARGET_FMT_plx
1109                       "size %u\n", __func__, offset, size);
1110         /*
1111          * The spec requires that reserved registers are RAZ/WI;
1112          * so use false returns from leaf functions as a way to
1113          * trigger the guest-error logging but don't return it to
1114          * the caller, or we'll cause a spurious guest data abort.
1115          */
1116         *data = 0;
1117     }
1118     return MEMTX_OK;
1119 }
1120 
1121 static MemTxResult gicv3_its_write(void *opaque, hwaddr offset, uint64_t data,
1122                                    unsigned size, MemTxAttrs attrs)
1123 {
1124     GICv3ITSState *s = (GICv3ITSState *)opaque;
1125     bool result;
1126 
1127     switch (size) {
1128     case 4:
1129         result = its_writel(s, offset, data, attrs);
1130         break;
1131     case 8:
1132         result = its_writell(s, offset, data, attrs);
1133         break;
1134     default:
1135         result = false;
1136         break;
1137     }
1138 
1139     if (!result) {
1140         qemu_log_mask(LOG_GUEST_ERROR,
1141                       "%s: invalid guest write at offset " TARGET_FMT_plx
1142                       "size %u\n", __func__, offset, size);
1143         /*
1144          * The spec requires that reserved registers are RAZ/WI;
1145          * so use false returns from leaf functions as a way to
1146          * trigger the guest-error logging but don't return it to
1147          * the caller, or we'll cause a spurious guest data abort.
1148          */
1149     }
1150     return MEMTX_OK;
1151 }
1152 
1153 static const MemoryRegionOps gicv3_its_control_ops = {
1154     .read_with_attrs = gicv3_its_read,
1155     .write_with_attrs = gicv3_its_write,
1156     .valid.min_access_size = 4,
1157     .valid.max_access_size = 8,
1158     .impl.min_access_size = 4,
1159     .impl.max_access_size = 8,
1160     .endianness = DEVICE_NATIVE_ENDIAN,
1161 };
1162 
1163 static const MemoryRegionOps gicv3_its_translation_ops = {
1164     .write_with_attrs = gicv3_its_translation_write,
1165     .valid.min_access_size = 2,
1166     .valid.max_access_size = 4,
1167     .impl.min_access_size = 2,
1168     .impl.max_access_size = 4,
1169     .endianness = DEVICE_NATIVE_ENDIAN,
1170 };
1171 
1172 static void gicv3_arm_its_realize(DeviceState *dev, Error **errp)
1173 {
1174     GICv3ITSState *s = ARM_GICV3_ITS_COMMON(dev);
1175     int i;
1176 
1177     for (i = 0; i < s->gicv3->num_cpu; i++) {
1178         if (!(s->gicv3->cpu[i].gicr_typer & GICR_TYPER_PLPIS)) {
1179             error_setg(errp, "Physical LPI not supported by CPU %d", i);
1180             return;
1181         }
1182     }
1183 
1184     gicv3_its_init_mmio(s, &gicv3_its_control_ops, &gicv3_its_translation_ops);
1185 
1186     address_space_init(&s->gicv3->dma_as, s->gicv3->dma,
1187                        "gicv3-its-sysmem");
1188 
1189     /* set the ITS default features supported */
1190     s->typer = FIELD_DP64(s->typer, GITS_TYPER, PHYSICAL, 1);
1191     s->typer = FIELD_DP64(s->typer, GITS_TYPER, ITT_ENTRY_SIZE,
1192                           ITS_ITT_ENTRY_SIZE - 1);
1193     s->typer = FIELD_DP64(s->typer, GITS_TYPER, IDBITS, ITS_IDBITS);
1194     s->typer = FIELD_DP64(s->typer, GITS_TYPER, DEVBITS, ITS_DEVBITS);
1195     s->typer = FIELD_DP64(s->typer, GITS_TYPER, CIL, 1);
1196     s->typer = FIELD_DP64(s->typer, GITS_TYPER, CIDBITS, ITS_CIDBITS);
1197 }
1198 
1199 static void gicv3_its_reset(DeviceState *dev)
1200 {
1201     GICv3ITSState *s = ARM_GICV3_ITS_COMMON(dev);
1202     GICv3ITSClass *c = ARM_GICV3_ITS_GET_CLASS(s);
1203 
1204     c->parent_reset(dev);
1205 
1206     /* Quiescent bit reset to 1 */
1207     s->ctlr = FIELD_DP32(s->ctlr, GITS_CTLR, QUIESCENT, 1);
1208 
1209     /*
1210      * setting GITS_BASER0.Type = 0b001 (Device)
1211      *         GITS_BASER1.Type = 0b100 (Collection Table)
1212      *         GITS_BASER<n>.Type,where n = 3 to 7 are 0b00 (Unimplemented)
1213      *         GITS_BASER<0,1>.Page_Size = 64KB
1214      * and default translation table entry size to 16 bytes
1215      */
1216     s->baser[0] = FIELD_DP64(s->baser[0], GITS_BASER, TYPE,
1217                              GITS_BASER_TYPE_DEVICE);
1218     s->baser[0] = FIELD_DP64(s->baser[0], GITS_BASER, PAGESIZE,
1219                              GITS_BASER_PAGESIZE_64K);
1220     s->baser[0] = FIELD_DP64(s->baser[0], GITS_BASER, ENTRYSIZE,
1221                              GITS_DTE_SIZE - 1);
1222 
1223     s->baser[1] = FIELD_DP64(s->baser[1], GITS_BASER, TYPE,
1224                              GITS_BASER_TYPE_COLLECTION);
1225     s->baser[1] = FIELD_DP64(s->baser[1], GITS_BASER, PAGESIZE,
1226                              GITS_BASER_PAGESIZE_64K);
1227     s->baser[1] = FIELD_DP64(s->baser[1], GITS_BASER, ENTRYSIZE,
1228                              GITS_CTE_SIZE - 1);
1229 }
1230 
1231 static void gicv3_its_post_load(GICv3ITSState *s)
1232 {
1233     if (s->ctlr & R_GITS_CTLR_ENABLED_MASK) {
1234         extract_table_params(s);
1235         extract_cmdq_params(s);
1236     }
1237 }
1238 
1239 static Property gicv3_its_props[] = {
1240     DEFINE_PROP_LINK("parent-gicv3", GICv3ITSState, gicv3, "arm-gicv3",
1241                      GICv3State *),
1242     DEFINE_PROP_END_OF_LIST(),
1243 };
1244 
1245 static void gicv3_its_class_init(ObjectClass *klass, void *data)
1246 {
1247     DeviceClass *dc = DEVICE_CLASS(klass);
1248     GICv3ITSClass *ic = ARM_GICV3_ITS_CLASS(klass);
1249     GICv3ITSCommonClass *icc = ARM_GICV3_ITS_COMMON_CLASS(klass);
1250 
1251     dc->realize = gicv3_arm_its_realize;
1252     device_class_set_props(dc, gicv3_its_props);
1253     device_class_set_parent_reset(dc, gicv3_its_reset, &ic->parent_reset);
1254     icc->post_load = gicv3_its_post_load;
1255 }
1256 
1257 static const TypeInfo gicv3_its_info = {
1258     .name = TYPE_ARM_GICV3_ITS,
1259     .parent = TYPE_ARM_GICV3_ITS_COMMON,
1260     .instance_size = sizeof(GICv3ITSState),
1261     .class_init = gicv3_its_class_init,
1262     .class_size = sizeof(GICv3ITSClass),
1263 };
1264 
1265 static void gicv3_its_register_types(void)
1266 {
1267     type_register_static(&gicv3_its_info);
1268 }
1269 
1270 type_init(gicv3_its_register_types)
1271