1 /* 2 * ITS emulation for a GICv3-based system 3 * 4 * Copyright Linaro.org 2021 5 * 6 * Authors: 7 * Shashi Mallela <shashi.mallela@linaro.org> 8 * 9 * This work is licensed under the terms of the GNU GPL, version 2 or (at your 10 * option) any later version. See the COPYING file in the top-level directory. 11 * 12 */ 13 14 #include "qemu/osdep.h" 15 #include "qemu/log.h" 16 #include "hw/qdev-properties.h" 17 #include "hw/intc/arm_gicv3_its_common.h" 18 #include "gicv3_internal.h" 19 #include "qom/object.h" 20 #include "qapi/error.h" 21 22 typedef struct GICv3ITSClass GICv3ITSClass; 23 /* This is reusing the GICv3ITSState typedef from ARM_GICV3_ITS_COMMON */ 24 DECLARE_OBJ_CHECKERS(GICv3ITSState, GICv3ITSClass, 25 ARM_GICV3_ITS, TYPE_ARM_GICV3_ITS) 26 27 struct GICv3ITSClass { 28 GICv3ITSCommonClass parent_class; 29 void (*parent_reset)(DeviceState *dev); 30 }; 31 32 /* 33 * This is an internal enum used to distinguish between LPI triggered 34 * via command queue and LPI triggered via gits_translater write. 35 */ 36 typedef enum ItsCmdType { 37 NONE = 0, /* internal indication for GITS_TRANSLATER write */ 38 CLEAR = 1, 39 DISCARD = 2, 40 INTERRUPT = 3, 41 } ItsCmdType; 42 43 typedef struct { 44 uint32_t iteh; 45 uint64_t itel; 46 } IteEntry; 47 48 static uint64_t baser_base_addr(uint64_t value, uint32_t page_sz) 49 { 50 uint64_t result = 0; 51 52 switch (page_sz) { 53 case GITS_PAGE_SIZE_4K: 54 case GITS_PAGE_SIZE_16K: 55 result = FIELD_EX64(value, GITS_BASER, PHYADDR) << 12; 56 break; 57 58 case GITS_PAGE_SIZE_64K: 59 result = FIELD_EX64(value, GITS_BASER, PHYADDRL_64K) << 16; 60 result |= FIELD_EX64(value, GITS_BASER, PHYADDRH_64K) << 48; 61 break; 62 63 default: 64 break; 65 } 66 return result; 67 } 68 69 static bool get_cte(GICv3ITSState *s, uint16_t icid, uint64_t *cte, 70 MemTxResult *res) 71 { 72 AddressSpace *as = &s->gicv3->dma_as; 73 uint64_t l2t_addr; 74 uint64_t value; 75 bool valid_l2t; 76 uint32_t l2t_id; 77 uint32_t max_l2_entries; 78 79 if (s->ct.indirect) { 80 l2t_id = icid / (s->ct.page_sz / L1TABLE_ENTRY_SIZE); 81 82 value = address_space_ldq_le(as, 83 s->ct.base_addr + 84 (l2t_id * L1TABLE_ENTRY_SIZE), 85 MEMTXATTRS_UNSPECIFIED, res); 86 87 if (*res == MEMTX_OK) { 88 valid_l2t = (value & L2_TABLE_VALID_MASK) != 0; 89 90 if (valid_l2t) { 91 max_l2_entries = s->ct.page_sz / s->ct.entry_sz; 92 93 l2t_addr = value & ((1ULL << 51) - 1); 94 95 *cte = address_space_ldq_le(as, l2t_addr + 96 ((icid % max_l2_entries) * GITS_CTE_SIZE), 97 MEMTXATTRS_UNSPECIFIED, res); 98 } 99 } 100 } else { 101 /* Flat level table */ 102 *cte = address_space_ldq_le(as, s->ct.base_addr + 103 (icid * GITS_CTE_SIZE), 104 MEMTXATTRS_UNSPECIFIED, res); 105 } 106 107 return (*cte & TABLE_ENTRY_VALID_MASK) != 0; 108 } 109 110 static bool update_ite(GICv3ITSState *s, uint32_t eventid, uint64_t dte, 111 IteEntry ite) 112 { 113 AddressSpace *as = &s->gicv3->dma_as; 114 uint64_t itt_addr; 115 MemTxResult res = MEMTX_OK; 116 117 itt_addr = FIELD_EX64(dte, DTE, ITTADDR); 118 itt_addr <<= ITTADDR_SHIFT; /* 256 byte aligned */ 119 120 address_space_stq_le(as, itt_addr + (eventid * (sizeof(uint64_t) + 121 sizeof(uint32_t))), ite.itel, MEMTXATTRS_UNSPECIFIED, 122 &res); 123 124 if (res == MEMTX_OK) { 125 address_space_stl_le(as, itt_addr + (eventid * (sizeof(uint64_t) + 126 sizeof(uint32_t))) + sizeof(uint32_t), ite.iteh, 127 MEMTXATTRS_UNSPECIFIED, &res); 128 } 129 if (res != MEMTX_OK) { 130 return false; 131 } else { 132 return true; 133 } 134 } 135 136 static bool get_ite(GICv3ITSState *s, uint32_t eventid, uint64_t dte, 137 uint16_t *icid, uint32_t *pIntid, MemTxResult *res) 138 { 139 AddressSpace *as = &s->gicv3->dma_as; 140 uint64_t itt_addr; 141 bool status = false; 142 IteEntry ite = {}; 143 144 itt_addr = FIELD_EX64(dte, DTE, ITTADDR); 145 itt_addr <<= ITTADDR_SHIFT; /* 256 byte aligned */ 146 147 ite.itel = address_space_ldq_le(as, itt_addr + 148 (eventid * (sizeof(uint64_t) + 149 sizeof(uint32_t))), MEMTXATTRS_UNSPECIFIED, 150 res); 151 152 if (*res == MEMTX_OK) { 153 ite.iteh = address_space_ldl_le(as, itt_addr + 154 (eventid * (sizeof(uint64_t) + 155 sizeof(uint32_t))) + sizeof(uint32_t), 156 MEMTXATTRS_UNSPECIFIED, res); 157 158 if (*res == MEMTX_OK) { 159 if (FIELD_EX64(ite.itel, ITE_L, VALID)) { 160 int inttype = FIELD_EX64(ite.itel, ITE_L, INTTYPE); 161 if (inttype == ITE_INTTYPE_PHYSICAL) { 162 *pIntid = FIELD_EX64(ite.itel, ITE_L, INTID); 163 *icid = FIELD_EX32(ite.iteh, ITE_H, ICID); 164 status = true; 165 } 166 } 167 } 168 } 169 return status; 170 } 171 172 static uint64_t get_dte(GICv3ITSState *s, uint32_t devid, MemTxResult *res) 173 { 174 AddressSpace *as = &s->gicv3->dma_as; 175 uint64_t l2t_addr; 176 uint64_t value; 177 bool valid_l2t; 178 uint32_t l2t_id; 179 uint32_t max_l2_entries; 180 181 if (s->dt.indirect) { 182 l2t_id = devid / (s->dt.page_sz / L1TABLE_ENTRY_SIZE); 183 184 value = address_space_ldq_le(as, 185 s->dt.base_addr + 186 (l2t_id * L1TABLE_ENTRY_SIZE), 187 MEMTXATTRS_UNSPECIFIED, res); 188 189 if (*res == MEMTX_OK) { 190 valid_l2t = (value & L2_TABLE_VALID_MASK) != 0; 191 192 if (valid_l2t) { 193 max_l2_entries = s->dt.page_sz / s->dt.entry_sz; 194 195 l2t_addr = value & ((1ULL << 51) - 1); 196 197 value = address_space_ldq_le(as, l2t_addr + 198 ((devid % max_l2_entries) * GITS_DTE_SIZE), 199 MEMTXATTRS_UNSPECIFIED, res); 200 } 201 } 202 } else { 203 /* Flat level table */ 204 value = address_space_ldq_le(as, s->dt.base_addr + 205 (devid * GITS_DTE_SIZE), 206 MEMTXATTRS_UNSPECIFIED, res); 207 } 208 209 return value; 210 } 211 212 /* 213 * This function handles the processing of following commands based on 214 * the ItsCmdType parameter passed:- 215 * 1. triggering of lpi interrupt translation via ITS INT command 216 * 2. triggering of lpi interrupt translation via gits_translater register 217 * 3. handling of ITS CLEAR command 218 * 4. handling of ITS DISCARD command 219 */ 220 static bool process_its_cmd(GICv3ITSState *s, uint64_t value, uint32_t offset, 221 ItsCmdType cmd) 222 { 223 AddressSpace *as = &s->gicv3->dma_as; 224 uint32_t devid, eventid; 225 MemTxResult res = MEMTX_OK; 226 bool dte_valid; 227 uint64_t dte = 0; 228 uint32_t max_eventid; 229 uint16_t icid = 0; 230 uint32_t pIntid = 0; 231 bool ite_valid = false; 232 uint64_t cte = 0; 233 bool cte_valid = false; 234 bool result = false; 235 uint64_t rdbase; 236 237 if (cmd == NONE) { 238 devid = offset; 239 } else { 240 devid = ((value & DEVID_MASK) >> DEVID_SHIFT); 241 242 offset += NUM_BYTES_IN_DW; 243 value = address_space_ldq_le(as, s->cq.base_addr + offset, 244 MEMTXATTRS_UNSPECIFIED, &res); 245 } 246 247 if (res != MEMTX_OK) { 248 return result; 249 } 250 251 eventid = (value & EVENTID_MASK); 252 253 dte = get_dte(s, devid, &res); 254 255 if (res != MEMTX_OK) { 256 return result; 257 } 258 dte_valid = FIELD_EX64(dte, DTE, VALID); 259 260 if (dte_valid) { 261 max_eventid = 1UL << (FIELD_EX64(dte, DTE, SIZE) + 1); 262 263 ite_valid = get_ite(s, eventid, dte, &icid, &pIntid, &res); 264 265 if (res != MEMTX_OK) { 266 return result; 267 } 268 269 if (ite_valid) { 270 cte_valid = get_cte(s, icid, &cte, &res); 271 } 272 273 if (res != MEMTX_OK) { 274 return result; 275 } 276 } else { 277 qemu_log_mask(LOG_GUEST_ERROR, 278 "%s: invalid command attributes: " 279 "invalid dte: %"PRIx64" for %d (MEM_TX: %d)\n", 280 __func__, dte, devid, res); 281 return result; 282 } 283 284 285 /* 286 * In this implementation, in case of guest errors we ignore the 287 * command and move onto the next command in the queue. 288 */ 289 if (devid > s->dt.max_ids) { 290 qemu_log_mask(LOG_GUEST_ERROR, 291 "%s: invalid command attributes: devid %d>%d", 292 __func__, devid, s->dt.max_ids); 293 294 } else if (!dte_valid || !ite_valid || !cte_valid) { 295 qemu_log_mask(LOG_GUEST_ERROR, 296 "%s: invalid command attributes: " 297 "dte: %s, ite: %s, cte: %s\n", 298 __func__, 299 dte_valid ? "valid" : "invalid", 300 ite_valid ? "valid" : "invalid", 301 cte_valid ? "valid" : "invalid"); 302 } else if (eventid > max_eventid) { 303 qemu_log_mask(LOG_GUEST_ERROR, 304 "%s: invalid command attributes: eventid %d > %d\n", 305 __func__, eventid, max_eventid); 306 } else { 307 /* 308 * Current implementation only supports rdbase == procnum 309 * Hence rdbase physical address is ignored 310 */ 311 rdbase = (cte & GITS_CTE_RDBASE_PROCNUM_MASK) >> 1U; 312 313 if (rdbase >= s->gicv3->num_cpu) { 314 return result; 315 } 316 317 if ((cmd == CLEAR) || (cmd == DISCARD)) { 318 gicv3_redist_process_lpi(&s->gicv3->cpu[rdbase], pIntid, 0); 319 } else { 320 gicv3_redist_process_lpi(&s->gicv3->cpu[rdbase], pIntid, 1); 321 } 322 323 if (cmd == DISCARD) { 324 IteEntry ite = {}; 325 /* remove mapping from interrupt translation table */ 326 result = update_ite(s, eventid, dte, ite); 327 } 328 } 329 330 return result; 331 } 332 333 static bool process_mapti(GICv3ITSState *s, uint64_t value, uint32_t offset, 334 bool ignore_pInt) 335 { 336 AddressSpace *as = &s->gicv3->dma_as; 337 uint32_t devid, eventid; 338 uint32_t pIntid = 0; 339 uint32_t max_eventid, max_Intid; 340 bool dte_valid; 341 MemTxResult res = MEMTX_OK; 342 uint16_t icid = 0; 343 uint64_t dte = 0; 344 bool result = false; 345 346 devid = ((value & DEVID_MASK) >> DEVID_SHIFT); 347 offset += NUM_BYTES_IN_DW; 348 value = address_space_ldq_le(as, s->cq.base_addr + offset, 349 MEMTXATTRS_UNSPECIFIED, &res); 350 351 if (res != MEMTX_OK) { 352 return result; 353 } 354 355 eventid = (value & EVENTID_MASK); 356 357 if (ignore_pInt) { 358 pIntid = eventid; 359 } else { 360 pIntid = ((value & pINTID_MASK) >> pINTID_SHIFT); 361 } 362 363 offset += NUM_BYTES_IN_DW; 364 value = address_space_ldq_le(as, s->cq.base_addr + offset, 365 MEMTXATTRS_UNSPECIFIED, &res); 366 367 if (res != MEMTX_OK) { 368 return result; 369 } 370 371 icid = value & ICID_MASK; 372 373 dte = get_dte(s, devid, &res); 374 375 if (res != MEMTX_OK) { 376 return result; 377 } 378 dte_valid = FIELD_EX64(dte, DTE, VALID); 379 max_eventid = 1UL << (FIELD_EX64(dte, DTE, SIZE) + 1); 380 max_Intid = (1ULL << (GICD_TYPER_IDBITS + 1)) - 1; 381 382 if ((devid > s->dt.max_ids) || (icid > s->ct.max_ids) 383 || !dte_valid || (eventid > max_eventid) || 384 (((pIntid < GICV3_LPI_INTID_START) || (pIntid > max_Intid)) && 385 (pIntid != INTID_SPURIOUS))) { 386 qemu_log_mask(LOG_GUEST_ERROR, 387 "%s: invalid command attributes " 388 "devid %d or icid %d or eventid %d or pIntid %d or" 389 "unmapped dte %d\n", __func__, devid, icid, eventid, 390 pIntid, dte_valid); 391 /* 392 * in this implementation, in case of error 393 * we ignore this command and move onto the next 394 * command in the queue 395 */ 396 } else { 397 /* add ite entry to interrupt translation table */ 398 IteEntry ite = {}; 399 ite.itel = FIELD_DP64(ite.itel, ITE_L, VALID, dte_valid); 400 ite.itel = FIELD_DP64(ite.itel, ITE_L, INTTYPE, ITE_INTTYPE_PHYSICAL); 401 ite.itel = FIELD_DP64(ite.itel, ITE_L, INTID, pIntid); 402 ite.itel = FIELD_DP64(ite.itel, ITE_L, DOORBELL, INTID_SPURIOUS); 403 ite.iteh = FIELD_DP32(ite.iteh, ITE_H, ICID, icid); 404 405 result = update_ite(s, eventid, dte, ite); 406 } 407 408 return result; 409 } 410 411 static bool update_cte(GICv3ITSState *s, uint16_t icid, bool valid, 412 uint64_t rdbase) 413 { 414 AddressSpace *as = &s->gicv3->dma_as; 415 uint64_t value; 416 uint64_t l2t_addr; 417 bool valid_l2t; 418 uint32_t l2t_id; 419 uint32_t max_l2_entries; 420 uint64_t cte = 0; 421 MemTxResult res = MEMTX_OK; 422 423 if (!s->ct.valid) { 424 return true; 425 } 426 427 if (valid) { 428 /* add mapping entry to collection table */ 429 cte = (valid & TABLE_ENTRY_VALID_MASK) | (rdbase << 1ULL); 430 } 431 432 /* 433 * The specification defines the format of level 1 entries of a 434 * 2-level table, but the format of level 2 entries and the format 435 * of flat-mapped tables is IMPDEF. 436 */ 437 if (s->ct.indirect) { 438 l2t_id = icid / (s->ct.page_sz / L1TABLE_ENTRY_SIZE); 439 440 value = address_space_ldq_le(as, 441 s->ct.base_addr + 442 (l2t_id * L1TABLE_ENTRY_SIZE), 443 MEMTXATTRS_UNSPECIFIED, &res); 444 445 if (res != MEMTX_OK) { 446 return false; 447 } 448 449 valid_l2t = (value & L2_TABLE_VALID_MASK) != 0; 450 451 if (valid_l2t) { 452 max_l2_entries = s->ct.page_sz / s->ct.entry_sz; 453 454 l2t_addr = value & ((1ULL << 51) - 1); 455 456 address_space_stq_le(as, l2t_addr + 457 ((icid % max_l2_entries) * GITS_CTE_SIZE), 458 cte, MEMTXATTRS_UNSPECIFIED, &res); 459 } 460 } else { 461 /* Flat level table */ 462 address_space_stq_le(as, s->ct.base_addr + (icid * GITS_CTE_SIZE), 463 cte, MEMTXATTRS_UNSPECIFIED, &res); 464 } 465 if (res != MEMTX_OK) { 466 return false; 467 } else { 468 return true; 469 } 470 } 471 472 static bool process_mapc(GICv3ITSState *s, uint32_t offset) 473 { 474 AddressSpace *as = &s->gicv3->dma_as; 475 uint16_t icid; 476 uint64_t rdbase; 477 bool valid; 478 MemTxResult res = MEMTX_OK; 479 bool result = false; 480 uint64_t value; 481 482 offset += NUM_BYTES_IN_DW; 483 offset += NUM_BYTES_IN_DW; 484 485 value = address_space_ldq_le(as, s->cq.base_addr + offset, 486 MEMTXATTRS_UNSPECIFIED, &res); 487 488 if (res != MEMTX_OK) { 489 return result; 490 } 491 492 icid = value & ICID_MASK; 493 494 rdbase = (value & R_MAPC_RDBASE_MASK) >> R_MAPC_RDBASE_SHIFT; 495 rdbase &= RDBASE_PROCNUM_MASK; 496 497 valid = (value & CMD_FIELD_VALID_MASK); 498 499 if ((icid > s->ct.max_ids) || (rdbase >= s->gicv3->num_cpu)) { 500 qemu_log_mask(LOG_GUEST_ERROR, 501 "ITS MAPC: invalid collection table attributes " 502 "icid %d rdbase %" PRIu64 "\n", icid, rdbase); 503 /* 504 * in this implementation, in case of error 505 * we ignore this command and move onto the next 506 * command in the queue 507 */ 508 } else { 509 result = update_cte(s, icid, valid, rdbase); 510 } 511 512 return result; 513 } 514 515 static bool update_dte(GICv3ITSState *s, uint32_t devid, bool valid, 516 uint8_t size, uint64_t itt_addr) 517 { 518 AddressSpace *as = &s->gicv3->dma_as; 519 uint64_t value; 520 uint64_t l2t_addr; 521 bool valid_l2t; 522 uint32_t l2t_id; 523 uint32_t max_l2_entries; 524 uint64_t dte = 0; 525 MemTxResult res = MEMTX_OK; 526 527 if (s->dt.valid) { 528 if (valid) { 529 /* add mapping entry to device table */ 530 dte = FIELD_DP64(dte, DTE, VALID, 1); 531 dte = FIELD_DP64(dte, DTE, SIZE, size); 532 dte = FIELD_DP64(dte, DTE, ITTADDR, itt_addr); 533 } 534 } else { 535 return true; 536 } 537 538 /* 539 * The specification defines the format of level 1 entries of a 540 * 2-level table, but the format of level 2 entries and the format 541 * of flat-mapped tables is IMPDEF. 542 */ 543 if (s->dt.indirect) { 544 l2t_id = devid / (s->dt.page_sz / L1TABLE_ENTRY_SIZE); 545 546 value = address_space_ldq_le(as, 547 s->dt.base_addr + 548 (l2t_id * L1TABLE_ENTRY_SIZE), 549 MEMTXATTRS_UNSPECIFIED, &res); 550 551 if (res != MEMTX_OK) { 552 return false; 553 } 554 555 valid_l2t = (value & L2_TABLE_VALID_MASK) != 0; 556 557 if (valid_l2t) { 558 max_l2_entries = s->dt.page_sz / s->dt.entry_sz; 559 560 l2t_addr = value & ((1ULL << 51) - 1); 561 562 address_space_stq_le(as, l2t_addr + 563 ((devid % max_l2_entries) * GITS_DTE_SIZE), 564 dte, MEMTXATTRS_UNSPECIFIED, &res); 565 } 566 } else { 567 /* Flat level table */ 568 address_space_stq_le(as, s->dt.base_addr + (devid * GITS_DTE_SIZE), 569 dte, MEMTXATTRS_UNSPECIFIED, &res); 570 } 571 if (res != MEMTX_OK) { 572 return false; 573 } else { 574 return true; 575 } 576 } 577 578 static bool process_mapd(GICv3ITSState *s, uint64_t value, uint32_t offset) 579 { 580 AddressSpace *as = &s->gicv3->dma_as; 581 uint32_t devid; 582 uint8_t size; 583 uint64_t itt_addr; 584 bool valid; 585 MemTxResult res = MEMTX_OK; 586 bool result = false; 587 588 devid = ((value & DEVID_MASK) >> DEVID_SHIFT); 589 590 offset += NUM_BYTES_IN_DW; 591 value = address_space_ldq_le(as, s->cq.base_addr + offset, 592 MEMTXATTRS_UNSPECIFIED, &res); 593 594 if (res != MEMTX_OK) { 595 return result; 596 } 597 598 size = (value & SIZE_MASK); 599 600 offset += NUM_BYTES_IN_DW; 601 value = address_space_ldq_le(as, s->cq.base_addr + offset, 602 MEMTXATTRS_UNSPECIFIED, &res); 603 604 if (res != MEMTX_OK) { 605 return result; 606 } 607 608 itt_addr = (value & ITTADDR_MASK) >> ITTADDR_SHIFT; 609 610 valid = (value & CMD_FIELD_VALID_MASK); 611 612 if ((devid > s->dt.max_ids) || 613 (size > FIELD_EX64(s->typer, GITS_TYPER, IDBITS))) { 614 qemu_log_mask(LOG_GUEST_ERROR, 615 "ITS MAPD: invalid device table attributes " 616 "devid %d or size %d\n", devid, size); 617 /* 618 * in this implementation, in case of error 619 * we ignore this command and move onto the next 620 * command in the queue 621 */ 622 } else { 623 result = update_dte(s, devid, valid, size, itt_addr); 624 } 625 626 return result; 627 } 628 629 /* 630 * Current implementation blocks until all 631 * commands are processed 632 */ 633 static void process_cmdq(GICv3ITSState *s) 634 { 635 uint32_t wr_offset = 0; 636 uint32_t rd_offset = 0; 637 uint32_t cq_offset = 0; 638 uint64_t data; 639 AddressSpace *as = &s->gicv3->dma_as; 640 MemTxResult res = MEMTX_OK; 641 bool result = true; 642 uint8_t cmd; 643 int i; 644 645 if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) { 646 return; 647 } 648 649 wr_offset = FIELD_EX64(s->cwriter, GITS_CWRITER, OFFSET); 650 651 if (wr_offset > s->cq.max_entries) { 652 qemu_log_mask(LOG_GUEST_ERROR, 653 "%s: invalid write offset " 654 "%d\n", __func__, wr_offset); 655 return; 656 } 657 658 rd_offset = FIELD_EX64(s->creadr, GITS_CREADR, OFFSET); 659 660 if (rd_offset > s->cq.max_entries) { 661 qemu_log_mask(LOG_GUEST_ERROR, 662 "%s: invalid read offset " 663 "%d\n", __func__, rd_offset); 664 return; 665 } 666 667 while (wr_offset != rd_offset) { 668 cq_offset = (rd_offset * GITS_CMDQ_ENTRY_SIZE); 669 data = address_space_ldq_le(as, s->cq.base_addr + cq_offset, 670 MEMTXATTRS_UNSPECIFIED, &res); 671 if (res != MEMTX_OK) { 672 result = false; 673 } 674 cmd = (data & CMD_MASK); 675 676 switch (cmd) { 677 case GITS_CMD_INT: 678 res = process_its_cmd(s, data, cq_offset, INTERRUPT); 679 break; 680 case GITS_CMD_CLEAR: 681 res = process_its_cmd(s, data, cq_offset, CLEAR); 682 break; 683 case GITS_CMD_SYNC: 684 /* 685 * Current implementation makes a blocking synchronous call 686 * for every command issued earlier, hence the internal state 687 * is already consistent by the time SYNC command is executed. 688 * Hence no further processing is required for SYNC command. 689 */ 690 break; 691 case GITS_CMD_MAPD: 692 result = process_mapd(s, data, cq_offset); 693 break; 694 case GITS_CMD_MAPC: 695 result = process_mapc(s, cq_offset); 696 break; 697 case GITS_CMD_MAPTI: 698 result = process_mapti(s, data, cq_offset, false); 699 break; 700 case GITS_CMD_MAPI: 701 result = process_mapti(s, data, cq_offset, true); 702 break; 703 case GITS_CMD_DISCARD: 704 result = process_its_cmd(s, data, cq_offset, DISCARD); 705 break; 706 case GITS_CMD_INV: 707 case GITS_CMD_INVALL: 708 /* 709 * Current implementation doesn't cache any ITS tables, 710 * but the calculated lpi priority information. We only 711 * need to trigger lpi priority re-calculation to be in 712 * sync with LPI config table or pending table changes. 713 */ 714 for (i = 0; i < s->gicv3->num_cpu; i++) { 715 gicv3_redist_update_lpi(&s->gicv3->cpu[i]); 716 } 717 break; 718 default: 719 break; 720 } 721 if (result) { 722 rd_offset++; 723 rd_offset %= s->cq.max_entries; 724 s->creadr = FIELD_DP64(s->creadr, GITS_CREADR, OFFSET, rd_offset); 725 } else { 726 /* 727 * in this implementation, in case of dma read/write error 728 * we stall the command processing 729 */ 730 s->creadr = FIELD_DP64(s->creadr, GITS_CREADR, STALLED, 1); 731 qemu_log_mask(LOG_GUEST_ERROR, 732 "%s: %x cmd processing failed\n", __func__, cmd); 733 break; 734 } 735 } 736 } 737 738 /* 739 * This function extracts the ITS Device and Collection table specific 740 * parameters (like base_addr, size etc) from GITS_BASER register. 741 * It is called during ITS enable and also during post_load migration 742 */ 743 static void extract_table_params(GICv3ITSState *s) 744 { 745 uint16_t num_pages = 0; 746 uint8_t page_sz_type; 747 uint8_t type; 748 uint32_t page_sz = 0; 749 uint64_t value; 750 751 for (int i = 0; i < 8; i++) { 752 TableDesc *td; 753 int idbits; 754 755 value = s->baser[i]; 756 757 if (!value) { 758 continue; 759 } 760 761 page_sz_type = FIELD_EX64(value, GITS_BASER, PAGESIZE); 762 763 switch (page_sz_type) { 764 case 0: 765 page_sz = GITS_PAGE_SIZE_4K; 766 break; 767 768 case 1: 769 page_sz = GITS_PAGE_SIZE_16K; 770 break; 771 772 case 2: 773 case 3: 774 page_sz = GITS_PAGE_SIZE_64K; 775 break; 776 777 default: 778 g_assert_not_reached(); 779 } 780 781 num_pages = FIELD_EX64(value, GITS_BASER, SIZE) + 1; 782 783 type = FIELD_EX64(value, GITS_BASER, TYPE); 784 785 switch (type) { 786 case GITS_BASER_TYPE_DEVICE: 787 td = &s->dt; 788 idbits = FIELD_EX64(s->typer, GITS_TYPER, DEVBITS) + 1; 789 break; 790 case GITS_BASER_TYPE_COLLECTION: 791 td = &s->ct; 792 if (FIELD_EX64(s->typer, GITS_TYPER, CIL)) { 793 idbits = FIELD_EX64(s->typer, GITS_TYPER, CIDBITS) + 1; 794 } else { 795 /* 16-bit CollectionId supported when CIL == 0 */ 796 idbits = 16; 797 } 798 break; 799 default: 800 /* 801 * GITS_BASER<n>.TYPE is read-only, so GITS_BASER_RO_MASK 802 * ensures we will only see type values corresponding to 803 * the values set up in gicv3_its_reset(). 804 */ 805 g_assert_not_reached(); 806 } 807 808 memset(td, 0, sizeof(*td)); 809 td->valid = FIELD_EX64(value, GITS_BASER, VALID); 810 /* 811 * If GITS_BASER<n>.Valid is 0 for any <n> then we will not process 812 * interrupts. (GITS_TYPER.HCC is 0 for this implementation, so we 813 * do not have a special case where the GITS_BASER<n>.Valid bit is 0 814 * for the register corresponding to the Collection table but we 815 * still have to process interrupts using non-memory-backed 816 * Collection table entries.) 817 */ 818 if (!td->valid) { 819 continue; 820 } 821 td->page_sz = page_sz; 822 td->indirect = FIELD_EX64(value, GITS_BASER, INDIRECT); 823 td->entry_sz = FIELD_EX64(value, GITS_BASER, ENTRYSIZE) + 1; 824 td->base_addr = baser_base_addr(value, page_sz); 825 if (!td->indirect) { 826 td->max_entries = (num_pages * page_sz) / td->entry_sz; 827 } else { 828 td->max_entries = (((num_pages * page_sz) / 829 L1TABLE_ENTRY_SIZE) * 830 (page_sz / td->entry_sz)); 831 } 832 td->max_ids = 1ULL << idbits; 833 } 834 } 835 836 static void extract_cmdq_params(GICv3ITSState *s) 837 { 838 uint16_t num_pages = 0; 839 uint64_t value = s->cbaser; 840 841 num_pages = FIELD_EX64(value, GITS_CBASER, SIZE) + 1; 842 843 memset(&s->cq, 0 , sizeof(s->cq)); 844 s->cq.valid = FIELD_EX64(value, GITS_CBASER, VALID); 845 846 if (s->cq.valid) { 847 s->cq.max_entries = (num_pages * GITS_PAGE_SIZE_4K) / 848 GITS_CMDQ_ENTRY_SIZE; 849 s->cq.base_addr = FIELD_EX64(value, GITS_CBASER, PHYADDR); 850 s->cq.base_addr <<= R_GITS_CBASER_PHYADDR_SHIFT; 851 } 852 } 853 854 static MemTxResult gicv3_its_translation_write(void *opaque, hwaddr offset, 855 uint64_t data, unsigned size, 856 MemTxAttrs attrs) 857 { 858 GICv3ITSState *s = (GICv3ITSState *)opaque; 859 bool result = true; 860 uint32_t devid = 0; 861 862 switch (offset) { 863 case GITS_TRANSLATER: 864 if (s->ctlr & R_GITS_CTLR_ENABLED_MASK) { 865 devid = attrs.requester_id; 866 result = process_its_cmd(s, data, devid, NONE); 867 } 868 break; 869 default: 870 break; 871 } 872 873 if (result) { 874 return MEMTX_OK; 875 } else { 876 return MEMTX_ERROR; 877 } 878 } 879 880 static bool its_writel(GICv3ITSState *s, hwaddr offset, 881 uint64_t value, MemTxAttrs attrs) 882 { 883 bool result = true; 884 int index; 885 886 switch (offset) { 887 case GITS_CTLR: 888 if (value & R_GITS_CTLR_ENABLED_MASK) { 889 s->ctlr |= R_GITS_CTLR_ENABLED_MASK; 890 extract_table_params(s); 891 extract_cmdq_params(s); 892 s->creadr = 0; 893 process_cmdq(s); 894 } else { 895 s->ctlr &= ~R_GITS_CTLR_ENABLED_MASK; 896 } 897 break; 898 case GITS_CBASER: 899 /* 900 * IMPDEF choice:- GITS_CBASER register becomes RO if ITS is 901 * already enabled 902 */ 903 if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) { 904 s->cbaser = deposit64(s->cbaser, 0, 32, value); 905 s->creadr = 0; 906 s->cwriter = s->creadr; 907 } 908 break; 909 case GITS_CBASER + 4: 910 /* 911 * IMPDEF choice:- GITS_CBASER register becomes RO if ITS is 912 * already enabled 913 */ 914 if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) { 915 s->cbaser = deposit64(s->cbaser, 32, 32, value); 916 s->creadr = 0; 917 s->cwriter = s->creadr; 918 } 919 break; 920 case GITS_CWRITER: 921 s->cwriter = deposit64(s->cwriter, 0, 32, 922 (value & ~R_GITS_CWRITER_RETRY_MASK)); 923 if (s->cwriter != s->creadr) { 924 process_cmdq(s); 925 } 926 break; 927 case GITS_CWRITER + 4: 928 s->cwriter = deposit64(s->cwriter, 32, 32, value); 929 break; 930 case GITS_CREADR: 931 if (s->gicv3->gicd_ctlr & GICD_CTLR_DS) { 932 s->creadr = deposit64(s->creadr, 0, 32, 933 (value & ~R_GITS_CREADR_STALLED_MASK)); 934 } else { 935 /* RO register, ignore the write */ 936 qemu_log_mask(LOG_GUEST_ERROR, 937 "%s: invalid guest write to RO register at offset " 938 TARGET_FMT_plx "\n", __func__, offset); 939 } 940 break; 941 case GITS_CREADR + 4: 942 if (s->gicv3->gicd_ctlr & GICD_CTLR_DS) { 943 s->creadr = deposit64(s->creadr, 32, 32, value); 944 } else { 945 /* RO register, ignore the write */ 946 qemu_log_mask(LOG_GUEST_ERROR, 947 "%s: invalid guest write to RO register at offset " 948 TARGET_FMT_plx "\n", __func__, offset); 949 } 950 break; 951 case GITS_BASER ... GITS_BASER + 0x3f: 952 /* 953 * IMPDEF choice:- GITS_BASERn register becomes RO if ITS is 954 * already enabled 955 */ 956 if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) { 957 index = (offset - GITS_BASER) / 8; 958 959 if (offset & 7) { 960 value <<= 32; 961 value &= ~GITS_BASER_RO_MASK; 962 s->baser[index] &= GITS_BASER_RO_MASK | MAKE_64BIT_MASK(0, 32); 963 s->baser[index] |= value; 964 } else { 965 value &= ~GITS_BASER_RO_MASK; 966 s->baser[index] &= GITS_BASER_RO_MASK | MAKE_64BIT_MASK(32, 32); 967 s->baser[index] |= value; 968 } 969 } 970 break; 971 case GITS_IIDR: 972 case GITS_IDREGS ... GITS_IDREGS + 0x2f: 973 /* RO registers, ignore the write */ 974 qemu_log_mask(LOG_GUEST_ERROR, 975 "%s: invalid guest write to RO register at offset " 976 TARGET_FMT_plx "\n", __func__, offset); 977 break; 978 default: 979 result = false; 980 break; 981 } 982 return result; 983 } 984 985 static bool its_readl(GICv3ITSState *s, hwaddr offset, 986 uint64_t *data, MemTxAttrs attrs) 987 { 988 bool result = true; 989 int index; 990 991 switch (offset) { 992 case GITS_CTLR: 993 *data = s->ctlr; 994 break; 995 case GITS_IIDR: 996 *data = gicv3_iidr(); 997 break; 998 case GITS_IDREGS ... GITS_IDREGS + 0x2f: 999 /* ID registers */ 1000 *data = gicv3_idreg(offset - GITS_IDREGS); 1001 break; 1002 case GITS_TYPER: 1003 *data = extract64(s->typer, 0, 32); 1004 break; 1005 case GITS_TYPER + 4: 1006 *data = extract64(s->typer, 32, 32); 1007 break; 1008 case GITS_CBASER: 1009 *data = extract64(s->cbaser, 0, 32); 1010 break; 1011 case GITS_CBASER + 4: 1012 *data = extract64(s->cbaser, 32, 32); 1013 break; 1014 case GITS_CREADR: 1015 *data = extract64(s->creadr, 0, 32); 1016 break; 1017 case GITS_CREADR + 4: 1018 *data = extract64(s->creadr, 32, 32); 1019 break; 1020 case GITS_CWRITER: 1021 *data = extract64(s->cwriter, 0, 32); 1022 break; 1023 case GITS_CWRITER + 4: 1024 *data = extract64(s->cwriter, 32, 32); 1025 break; 1026 case GITS_BASER ... GITS_BASER + 0x3f: 1027 index = (offset - GITS_BASER) / 8; 1028 if (offset & 7) { 1029 *data = extract64(s->baser[index], 32, 32); 1030 } else { 1031 *data = extract64(s->baser[index], 0, 32); 1032 } 1033 break; 1034 default: 1035 result = false; 1036 break; 1037 } 1038 return result; 1039 } 1040 1041 static bool its_writell(GICv3ITSState *s, hwaddr offset, 1042 uint64_t value, MemTxAttrs attrs) 1043 { 1044 bool result = true; 1045 int index; 1046 1047 switch (offset) { 1048 case GITS_BASER ... GITS_BASER + 0x3f: 1049 /* 1050 * IMPDEF choice:- GITS_BASERn register becomes RO if ITS is 1051 * already enabled 1052 */ 1053 if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) { 1054 index = (offset - GITS_BASER) / 8; 1055 s->baser[index] &= GITS_BASER_RO_MASK; 1056 s->baser[index] |= (value & ~GITS_BASER_RO_MASK); 1057 } 1058 break; 1059 case GITS_CBASER: 1060 /* 1061 * IMPDEF choice:- GITS_CBASER register becomes RO if ITS is 1062 * already enabled 1063 */ 1064 if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) { 1065 s->cbaser = value; 1066 s->creadr = 0; 1067 s->cwriter = s->creadr; 1068 } 1069 break; 1070 case GITS_CWRITER: 1071 s->cwriter = value & ~R_GITS_CWRITER_RETRY_MASK; 1072 if (s->cwriter != s->creadr) { 1073 process_cmdq(s); 1074 } 1075 break; 1076 case GITS_CREADR: 1077 if (s->gicv3->gicd_ctlr & GICD_CTLR_DS) { 1078 s->creadr = value & ~R_GITS_CREADR_STALLED_MASK; 1079 } else { 1080 /* RO register, ignore the write */ 1081 qemu_log_mask(LOG_GUEST_ERROR, 1082 "%s: invalid guest write to RO register at offset " 1083 TARGET_FMT_plx "\n", __func__, offset); 1084 } 1085 break; 1086 case GITS_TYPER: 1087 /* RO registers, ignore the write */ 1088 qemu_log_mask(LOG_GUEST_ERROR, 1089 "%s: invalid guest write to RO register at offset " 1090 TARGET_FMT_plx "\n", __func__, offset); 1091 break; 1092 default: 1093 result = false; 1094 break; 1095 } 1096 return result; 1097 } 1098 1099 static bool its_readll(GICv3ITSState *s, hwaddr offset, 1100 uint64_t *data, MemTxAttrs attrs) 1101 { 1102 bool result = true; 1103 int index; 1104 1105 switch (offset) { 1106 case GITS_TYPER: 1107 *data = s->typer; 1108 break; 1109 case GITS_BASER ... GITS_BASER + 0x3f: 1110 index = (offset - GITS_BASER) / 8; 1111 *data = s->baser[index]; 1112 break; 1113 case GITS_CBASER: 1114 *data = s->cbaser; 1115 break; 1116 case GITS_CREADR: 1117 *data = s->creadr; 1118 break; 1119 case GITS_CWRITER: 1120 *data = s->cwriter; 1121 break; 1122 default: 1123 result = false; 1124 break; 1125 } 1126 return result; 1127 } 1128 1129 static MemTxResult gicv3_its_read(void *opaque, hwaddr offset, uint64_t *data, 1130 unsigned size, MemTxAttrs attrs) 1131 { 1132 GICv3ITSState *s = (GICv3ITSState *)opaque; 1133 bool result; 1134 1135 switch (size) { 1136 case 4: 1137 result = its_readl(s, offset, data, attrs); 1138 break; 1139 case 8: 1140 result = its_readll(s, offset, data, attrs); 1141 break; 1142 default: 1143 result = false; 1144 break; 1145 } 1146 1147 if (!result) { 1148 qemu_log_mask(LOG_GUEST_ERROR, 1149 "%s: invalid guest read at offset " TARGET_FMT_plx 1150 "size %u\n", __func__, offset, size); 1151 /* 1152 * The spec requires that reserved registers are RAZ/WI; 1153 * so use false returns from leaf functions as a way to 1154 * trigger the guest-error logging but don't return it to 1155 * the caller, or we'll cause a spurious guest data abort. 1156 */ 1157 *data = 0; 1158 } 1159 return MEMTX_OK; 1160 } 1161 1162 static MemTxResult gicv3_its_write(void *opaque, hwaddr offset, uint64_t data, 1163 unsigned size, MemTxAttrs attrs) 1164 { 1165 GICv3ITSState *s = (GICv3ITSState *)opaque; 1166 bool result; 1167 1168 switch (size) { 1169 case 4: 1170 result = its_writel(s, offset, data, attrs); 1171 break; 1172 case 8: 1173 result = its_writell(s, offset, data, attrs); 1174 break; 1175 default: 1176 result = false; 1177 break; 1178 } 1179 1180 if (!result) { 1181 qemu_log_mask(LOG_GUEST_ERROR, 1182 "%s: invalid guest write at offset " TARGET_FMT_plx 1183 "size %u\n", __func__, offset, size); 1184 /* 1185 * The spec requires that reserved registers are RAZ/WI; 1186 * so use false returns from leaf functions as a way to 1187 * trigger the guest-error logging but don't return it to 1188 * the caller, or we'll cause a spurious guest data abort. 1189 */ 1190 } 1191 return MEMTX_OK; 1192 } 1193 1194 static const MemoryRegionOps gicv3_its_control_ops = { 1195 .read_with_attrs = gicv3_its_read, 1196 .write_with_attrs = gicv3_its_write, 1197 .valid.min_access_size = 4, 1198 .valid.max_access_size = 8, 1199 .impl.min_access_size = 4, 1200 .impl.max_access_size = 8, 1201 .endianness = DEVICE_NATIVE_ENDIAN, 1202 }; 1203 1204 static const MemoryRegionOps gicv3_its_translation_ops = { 1205 .write_with_attrs = gicv3_its_translation_write, 1206 .valid.min_access_size = 2, 1207 .valid.max_access_size = 4, 1208 .impl.min_access_size = 2, 1209 .impl.max_access_size = 4, 1210 .endianness = DEVICE_NATIVE_ENDIAN, 1211 }; 1212 1213 static void gicv3_arm_its_realize(DeviceState *dev, Error **errp) 1214 { 1215 GICv3ITSState *s = ARM_GICV3_ITS_COMMON(dev); 1216 int i; 1217 1218 for (i = 0; i < s->gicv3->num_cpu; i++) { 1219 if (!(s->gicv3->cpu[i].gicr_typer & GICR_TYPER_PLPIS)) { 1220 error_setg(errp, "Physical LPI not supported by CPU %d", i); 1221 return; 1222 } 1223 } 1224 1225 gicv3_its_init_mmio(s, &gicv3_its_control_ops, &gicv3_its_translation_ops); 1226 1227 address_space_init(&s->gicv3->dma_as, s->gicv3->dma, 1228 "gicv3-its-sysmem"); 1229 1230 /* set the ITS default features supported */ 1231 s->typer = FIELD_DP64(s->typer, GITS_TYPER, PHYSICAL, 1); 1232 s->typer = FIELD_DP64(s->typer, GITS_TYPER, ITT_ENTRY_SIZE, 1233 ITS_ITT_ENTRY_SIZE - 1); 1234 s->typer = FIELD_DP64(s->typer, GITS_TYPER, IDBITS, ITS_IDBITS); 1235 s->typer = FIELD_DP64(s->typer, GITS_TYPER, DEVBITS, ITS_DEVBITS); 1236 s->typer = FIELD_DP64(s->typer, GITS_TYPER, CIL, 1); 1237 s->typer = FIELD_DP64(s->typer, GITS_TYPER, CIDBITS, ITS_CIDBITS); 1238 } 1239 1240 static void gicv3_its_reset(DeviceState *dev) 1241 { 1242 GICv3ITSState *s = ARM_GICV3_ITS_COMMON(dev); 1243 GICv3ITSClass *c = ARM_GICV3_ITS_GET_CLASS(s); 1244 1245 c->parent_reset(dev); 1246 1247 /* Quiescent bit reset to 1 */ 1248 s->ctlr = FIELD_DP32(s->ctlr, GITS_CTLR, QUIESCENT, 1); 1249 1250 /* 1251 * setting GITS_BASER0.Type = 0b001 (Device) 1252 * GITS_BASER1.Type = 0b100 (Collection Table) 1253 * GITS_BASER<n>.Type,where n = 3 to 7 are 0b00 (Unimplemented) 1254 * GITS_BASER<0,1>.Page_Size = 64KB 1255 * and default translation table entry size to 16 bytes 1256 */ 1257 s->baser[0] = FIELD_DP64(s->baser[0], GITS_BASER, TYPE, 1258 GITS_BASER_TYPE_DEVICE); 1259 s->baser[0] = FIELD_DP64(s->baser[0], GITS_BASER, PAGESIZE, 1260 GITS_BASER_PAGESIZE_64K); 1261 s->baser[0] = FIELD_DP64(s->baser[0], GITS_BASER, ENTRYSIZE, 1262 GITS_DTE_SIZE - 1); 1263 1264 s->baser[1] = FIELD_DP64(s->baser[1], GITS_BASER, TYPE, 1265 GITS_BASER_TYPE_COLLECTION); 1266 s->baser[1] = FIELD_DP64(s->baser[1], GITS_BASER, PAGESIZE, 1267 GITS_BASER_PAGESIZE_64K); 1268 s->baser[1] = FIELD_DP64(s->baser[1], GITS_BASER, ENTRYSIZE, 1269 GITS_CTE_SIZE - 1); 1270 } 1271 1272 static void gicv3_its_post_load(GICv3ITSState *s) 1273 { 1274 if (s->ctlr & R_GITS_CTLR_ENABLED_MASK) { 1275 extract_table_params(s); 1276 extract_cmdq_params(s); 1277 } 1278 } 1279 1280 static Property gicv3_its_props[] = { 1281 DEFINE_PROP_LINK("parent-gicv3", GICv3ITSState, gicv3, "arm-gicv3", 1282 GICv3State *), 1283 DEFINE_PROP_END_OF_LIST(), 1284 }; 1285 1286 static void gicv3_its_class_init(ObjectClass *klass, void *data) 1287 { 1288 DeviceClass *dc = DEVICE_CLASS(klass); 1289 GICv3ITSClass *ic = ARM_GICV3_ITS_CLASS(klass); 1290 GICv3ITSCommonClass *icc = ARM_GICV3_ITS_COMMON_CLASS(klass); 1291 1292 dc->realize = gicv3_arm_its_realize; 1293 device_class_set_props(dc, gicv3_its_props); 1294 device_class_set_parent_reset(dc, gicv3_its_reset, &ic->parent_reset); 1295 icc->post_load = gicv3_its_post_load; 1296 } 1297 1298 static const TypeInfo gicv3_its_info = { 1299 .name = TYPE_ARM_GICV3_ITS, 1300 .parent = TYPE_ARM_GICV3_ITS_COMMON, 1301 .instance_size = sizeof(GICv3ITSState), 1302 .class_init = gicv3_its_class_init, 1303 .class_size = sizeof(GICv3ITSClass), 1304 }; 1305 1306 static void gicv3_its_register_types(void) 1307 { 1308 type_register_static(&gicv3_its_info); 1309 } 1310 1311 type_init(gicv3_its_register_types) 1312