1 /* 2 * ARM GICv3 emulation: Redistributor 3 * 4 * Copyright (c) 2015 Huawei. 5 * Copyright (c) 2016 Linaro Limited. 6 * Written by Shlomo Pongratz, Peter Maydell 7 * 8 * This code is licensed under the GPL, version 2 or (at your option) 9 * any later version. 10 */ 11 12 #include "qemu/osdep.h" 13 #include "qemu/log.h" 14 #include "trace.h" 15 #include "gicv3_internal.h" 16 17 static uint32_t mask_group(GICv3CPUState *cs, MemTxAttrs attrs) 18 { 19 /* Return a 32-bit mask which should be applied for this set of 32 20 * interrupts; each bit is 1 if access is permitted by the 21 * combination of attrs.secure and GICR_GROUPR. (GICR_NSACR does 22 * not affect config register accesses, unlike GICD_NSACR.) 23 */ 24 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { 25 /* bits for Group 0 or Secure Group 1 interrupts are RAZ/WI */ 26 return cs->gicr_igroupr0; 27 } 28 return 0xFFFFFFFFU; 29 } 30 31 static int gicr_ns_access(GICv3CPUState *cs, int irq) 32 { 33 /* Return the 2 bit NSACR.NS_access field for this SGI */ 34 assert(irq < 16); 35 return extract32(cs->gicr_nsacr, irq * 2, 2); 36 } 37 38 static void gicr_write_set_bitmap_reg(GICv3CPUState *cs, MemTxAttrs attrs, 39 uint32_t *reg, uint32_t val) 40 { 41 /* Helper routine to implement writing to a "set-bitmap" register */ 42 val &= mask_group(cs, attrs); 43 *reg |= val; 44 gicv3_redist_update(cs); 45 } 46 47 static void gicr_write_clear_bitmap_reg(GICv3CPUState *cs, MemTxAttrs attrs, 48 uint32_t *reg, uint32_t val) 49 { 50 /* Helper routine to implement writing to a "clear-bitmap" register */ 51 val &= mask_group(cs, attrs); 52 *reg &= ~val; 53 gicv3_redist_update(cs); 54 } 55 56 static uint32_t gicr_read_bitmap_reg(GICv3CPUState *cs, MemTxAttrs attrs, 57 uint32_t reg) 58 { 59 reg &= mask_group(cs, attrs); 60 return reg; 61 } 62 63 /** 64 * update_for_one_lpi: Update pending information if this LPI is better 65 * 66 * @cs: GICv3CPUState 67 * @irq: interrupt to look up in the LPI Configuration table 68 * @ctbase: physical address of the LPI Configuration table to use 69 * @ds: true if priority value should not be shifted 70 * @hpp: points to pending information to update 71 * 72 * Look up @irq in the Configuration table specified by @ctbase 73 * to see if it is enabled and what its priority is. If it is an 74 * enabled interrupt with a higher priority than that currently 75 * recorded in @hpp, update @hpp. 76 */ 77 static void update_for_one_lpi(GICv3CPUState *cs, int irq, 78 uint64_t ctbase, bool ds, PendingIrq *hpp) 79 { 80 uint8_t lpite; 81 uint8_t prio; 82 83 address_space_read(&cs->gic->dma_as, 84 ctbase + ((irq - GICV3_LPI_INTID_START) * sizeof(lpite)), 85 MEMTXATTRS_UNSPECIFIED, &lpite, sizeof(lpite)); 86 87 if (!(lpite & LPI_CTE_ENABLED)) { 88 return; 89 } 90 91 if (ds) { 92 prio = lpite & LPI_PRIORITY_MASK; 93 } else { 94 prio = ((lpite & LPI_PRIORITY_MASK) >> 1) | 0x80; 95 } 96 97 if ((prio < hpp->prio) || 98 ((prio == hpp->prio) && (irq <= hpp->irq))) { 99 hpp->irq = irq; 100 hpp->prio = prio; 101 /* LPIs and vLPIs are always non-secure Grp1 interrupts */ 102 hpp->grp = GICV3_G1NS; 103 } 104 } 105 106 /** 107 * update_for_all_lpis: Fully scan LPI tables and find best pending LPI 108 * 109 * @cs: GICv3CPUState 110 * @ptbase: physical address of LPI Pending table 111 * @ctbase: physical address of LPI Configuration table 112 * @ptsizebits: size of tables, specified as number of interrupt ID bits minus 1 113 * @ds: true if priority value should not be shifted 114 * @hpp: points to pending information to set 115 * 116 * Recalculate the highest priority pending enabled LPI from scratch, 117 * and set @hpp accordingly. 118 * 119 * We scan the LPI pending table @ptbase; for each pending LPI, we read the 120 * corresponding entry in the LPI configuration table @ctbase to extract 121 * the priority and enabled information. 122 * 123 * We take @ptsizebits in the form idbits-1 because this is the way that 124 * LPI table sizes are architecturally specified in GICR_PROPBASER.IDBits 125 * and in the VMAPP command's VPT_size field. 126 */ 127 static void update_for_all_lpis(GICv3CPUState *cs, uint64_t ptbase, 128 uint64_t ctbase, unsigned ptsizebits, 129 bool ds, PendingIrq *hpp) 130 { 131 AddressSpace *as = &cs->gic->dma_as; 132 uint8_t pend; 133 uint32_t pendt_size = (1ULL << (ptsizebits + 1)); 134 int i, bit; 135 136 hpp->prio = 0xff; 137 138 for (i = GICV3_LPI_INTID_START / 8; i < pendt_size / 8; i++) { 139 address_space_read(as, ptbase + i, MEMTXATTRS_UNSPECIFIED, &pend, 1); 140 while (pend) { 141 bit = ctz32(pend); 142 update_for_one_lpi(cs, i * 8 + bit, ctbase, ds, hpp); 143 pend &= ~(1 << bit); 144 } 145 } 146 } 147 148 static uint8_t gicr_read_ipriorityr(GICv3CPUState *cs, MemTxAttrs attrs, 149 int irq) 150 { 151 /* Read the value of GICR_IPRIORITYR<n> for the specified interrupt, 152 * honouring security state (these are RAZ/WI for Group 0 or Secure 153 * Group 1 interrupts). 154 */ 155 uint32_t prio; 156 157 prio = cs->gicr_ipriorityr[irq]; 158 159 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { 160 if (!(cs->gicr_igroupr0 & (1U << irq))) { 161 /* Fields for Group 0 or Secure Group 1 interrupts are RAZ/WI */ 162 return 0; 163 } 164 /* NS view of the interrupt priority */ 165 prio = (prio << 1) & 0xff; 166 } 167 return prio; 168 } 169 170 static void gicr_write_ipriorityr(GICv3CPUState *cs, MemTxAttrs attrs, int irq, 171 uint8_t value) 172 { 173 /* Write the value of GICD_IPRIORITYR<n> for the specified interrupt, 174 * honouring security state (these are RAZ/WI for Group 0 or Secure 175 * Group 1 interrupts). 176 */ 177 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { 178 if (!(cs->gicr_igroupr0 & (1U << irq))) { 179 /* Fields for Group 0 or Secure Group 1 interrupts are RAZ/WI */ 180 return; 181 } 182 /* NS view of the interrupt priority */ 183 value = 0x80 | (value >> 1); 184 } 185 cs->gicr_ipriorityr[irq] = value; 186 } 187 188 static void gicv3_redist_update_vlpi_only(GICv3CPUState *cs) 189 { 190 uint64_t ptbase, ctbase, idbits; 191 192 if (!FIELD_EX64(cs->gicr_vpendbaser, GICR_VPENDBASER, VALID)) { 193 cs->hppvlpi.prio = 0xff; 194 return; 195 } 196 197 ptbase = cs->gicr_vpendbaser & R_GICR_VPENDBASER_PHYADDR_MASK; 198 ctbase = cs->gicr_vpropbaser & R_GICR_VPROPBASER_PHYADDR_MASK; 199 idbits = FIELD_EX64(cs->gicr_vpropbaser, GICR_VPROPBASER, IDBITS); 200 201 update_for_all_lpis(cs, ptbase, ctbase, idbits, true, &cs->hppvlpi); 202 } 203 204 static void gicv3_redist_update_vlpi(GICv3CPUState *cs) 205 { 206 gicv3_redist_update_vlpi_only(cs); 207 gicv3_cpuif_virt_irq_fiq_update(cs); 208 } 209 210 static void gicr_write_vpendbaser(GICv3CPUState *cs, uint64_t newval) 211 { 212 /* Write @newval to GICR_VPENDBASER, handling its effects */ 213 bool oldvalid = FIELD_EX64(cs->gicr_vpendbaser, GICR_VPENDBASER, VALID); 214 bool newvalid = FIELD_EX64(newval, GICR_VPENDBASER, VALID); 215 bool pendinglast; 216 217 /* 218 * The DIRTY bit is read-only and for us is always zero; 219 * other fields are writeable. 220 */ 221 newval &= R_GICR_VPENDBASER_INNERCACHE_MASK | 222 R_GICR_VPENDBASER_SHAREABILITY_MASK | 223 R_GICR_VPENDBASER_PHYADDR_MASK | 224 R_GICR_VPENDBASER_OUTERCACHE_MASK | 225 R_GICR_VPENDBASER_PENDINGLAST_MASK | 226 R_GICR_VPENDBASER_IDAI_MASK | 227 R_GICR_VPENDBASER_VALID_MASK; 228 229 if (oldvalid && newvalid) { 230 /* 231 * Changing other fields while VALID is 1 is UNPREDICTABLE; 232 * we choose to log and ignore the write. 233 */ 234 if (cs->gicr_vpendbaser ^ newval) { 235 qemu_log_mask(LOG_GUEST_ERROR, 236 "%s: Changing GICR_VPENDBASER when VALID=1 " 237 "is UNPREDICTABLE\n", __func__); 238 } 239 return; 240 } 241 if (!oldvalid && !newvalid) { 242 cs->gicr_vpendbaser = newval; 243 return; 244 } 245 246 if (newvalid) { 247 /* 248 * Valid going from 0 to 1: update hppvlpi from tables. 249 * If IDAI is 0 we are allowed to use the info we cached in 250 * the IMPDEF area of the table. 251 * PendingLast is RES1 when we make this transition. 252 */ 253 pendinglast = true; 254 } else { 255 /* 256 * Valid going from 1 to 0: 257 * Set PendingLast if there was a pending enabled interrupt 258 * for the vPE that was just descheduled. 259 * If we cache info in the IMPDEF area, write it out here. 260 */ 261 pendinglast = cs->hppvlpi.prio != 0xff; 262 } 263 264 newval = FIELD_DP64(newval, GICR_VPENDBASER, PENDINGLAST, pendinglast); 265 cs->gicr_vpendbaser = newval; 266 gicv3_redist_update_vlpi(cs); 267 } 268 269 static MemTxResult gicr_readb(GICv3CPUState *cs, hwaddr offset, 270 uint64_t *data, MemTxAttrs attrs) 271 { 272 switch (offset) { 273 case GICR_IPRIORITYR ... GICR_IPRIORITYR + 0x1f: 274 *data = gicr_read_ipriorityr(cs, attrs, offset - GICR_IPRIORITYR); 275 return MEMTX_OK; 276 default: 277 return MEMTX_ERROR; 278 } 279 } 280 281 static MemTxResult gicr_writeb(GICv3CPUState *cs, hwaddr offset, 282 uint64_t value, MemTxAttrs attrs) 283 { 284 switch (offset) { 285 case GICR_IPRIORITYR ... GICR_IPRIORITYR + 0x1f: 286 gicr_write_ipriorityr(cs, attrs, offset - GICR_IPRIORITYR, value); 287 gicv3_redist_update(cs); 288 return MEMTX_OK; 289 default: 290 return MEMTX_ERROR; 291 } 292 } 293 294 static MemTxResult gicr_readl(GICv3CPUState *cs, hwaddr offset, 295 uint64_t *data, MemTxAttrs attrs) 296 { 297 switch (offset) { 298 case GICR_CTLR: 299 *data = cs->gicr_ctlr; 300 return MEMTX_OK; 301 case GICR_IIDR: 302 *data = gicv3_iidr(); 303 return MEMTX_OK; 304 case GICR_TYPER: 305 *data = extract64(cs->gicr_typer, 0, 32); 306 return MEMTX_OK; 307 case GICR_TYPER + 4: 308 *data = extract64(cs->gicr_typer, 32, 32); 309 return MEMTX_OK; 310 case GICR_STATUSR: 311 /* RAZ/WI for us (this is an optional register and our implementation 312 * does not track RO/WO/reserved violations to report them to the guest) 313 */ 314 *data = 0; 315 return MEMTX_OK; 316 case GICR_WAKER: 317 *data = cs->gicr_waker; 318 return MEMTX_OK; 319 case GICR_PROPBASER: 320 *data = extract64(cs->gicr_propbaser, 0, 32); 321 return MEMTX_OK; 322 case GICR_PROPBASER + 4: 323 *data = extract64(cs->gicr_propbaser, 32, 32); 324 return MEMTX_OK; 325 case GICR_PENDBASER: 326 *data = extract64(cs->gicr_pendbaser, 0, 32); 327 return MEMTX_OK; 328 case GICR_PENDBASER + 4: 329 *data = extract64(cs->gicr_pendbaser, 32, 32); 330 return MEMTX_OK; 331 case GICR_IGROUPR0: 332 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { 333 *data = 0; 334 return MEMTX_OK; 335 } 336 *data = cs->gicr_igroupr0; 337 return MEMTX_OK; 338 case GICR_ISENABLER0: 339 case GICR_ICENABLER0: 340 *data = gicr_read_bitmap_reg(cs, attrs, cs->gicr_ienabler0); 341 return MEMTX_OK; 342 case GICR_ISPENDR0: 343 case GICR_ICPENDR0: 344 { 345 /* The pending register reads as the logical OR of the pending 346 * latch and the input line level for level-triggered interrupts. 347 */ 348 uint32_t val = cs->gicr_ipendr0 | (~cs->edge_trigger & cs->level); 349 *data = gicr_read_bitmap_reg(cs, attrs, val); 350 return MEMTX_OK; 351 } 352 case GICR_ISACTIVER0: 353 case GICR_ICACTIVER0: 354 *data = gicr_read_bitmap_reg(cs, attrs, cs->gicr_iactiver0); 355 return MEMTX_OK; 356 case GICR_IPRIORITYR ... GICR_IPRIORITYR + 0x1f: 357 { 358 int i, irq = offset - GICR_IPRIORITYR; 359 uint32_t value = 0; 360 361 for (i = irq + 3; i >= irq; i--) { 362 value <<= 8; 363 value |= gicr_read_ipriorityr(cs, attrs, i); 364 } 365 *data = value; 366 return MEMTX_OK; 367 } 368 case GICR_ICFGR0: 369 case GICR_ICFGR1: 370 { 371 /* Our edge_trigger bitmap is one bit per irq; take the correct 372 * half of it, and spread it out into the odd bits. 373 */ 374 uint32_t value; 375 376 value = cs->edge_trigger & mask_group(cs, attrs); 377 value = extract32(value, (offset == GICR_ICFGR1) ? 16 : 0, 16); 378 value = half_shuffle32(value) << 1; 379 *data = value; 380 return MEMTX_OK; 381 } 382 case GICR_IGRPMODR0: 383 if ((cs->gic->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { 384 /* RAZ/WI if security disabled, or if 385 * security enabled and this is an NS access 386 */ 387 *data = 0; 388 return MEMTX_OK; 389 } 390 *data = cs->gicr_igrpmodr0; 391 return MEMTX_OK; 392 case GICR_NSACR: 393 if ((cs->gic->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { 394 /* RAZ/WI if security disabled, or if 395 * security enabled and this is an NS access 396 */ 397 *data = 0; 398 return MEMTX_OK; 399 } 400 *data = cs->gicr_nsacr; 401 return MEMTX_OK; 402 case GICR_IDREGS ... GICR_IDREGS + 0x2f: 403 *data = gicv3_idreg(offset - GICR_IDREGS, GICV3_PIDR0_REDIST); 404 return MEMTX_OK; 405 /* 406 * VLPI frame registers. We don't need a version check for 407 * VPROPBASER and VPENDBASER because gicv3_redist_size() will 408 * prevent pre-v4 GIC from passing us offsets this high. 409 */ 410 case GICR_VPROPBASER: 411 *data = extract64(cs->gicr_vpropbaser, 0, 32); 412 return MEMTX_OK; 413 case GICR_VPROPBASER + 4: 414 *data = extract64(cs->gicr_vpropbaser, 32, 32); 415 return MEMTX_OK; 416 case GICR_VPENDBASER: 417 *data = extract64(cs->gicr_vpendbaser, 0, 32); 418 return MEMTX_OK; 419 case GICR_VPENDBASER + 4: 420 *data = extract64(cs->gicr_vpendbaser, 32, 32); 421 return MEMTX_OK; 422 default: 423 return MEMTX_ERROR; 424 } 425 } 426 427 static MemTxResult gicr_writel(GICv3CPUState *cs, hwaddr offset, 428 uint64_t value, MemTxAttrs attrs) 429 { 430 switch (offset) { 431 case GICR_CTLR: 432 /* For our implementation, GICR_TYPER.DPGS is 0 and so all 433 * the DPG bits are RAZ/WI. We don't do anything asynchronously, 434 * so UWP and RWP are RAZ/WI. GICR_TYPER.LPIS is 1 (we 435 * implement LPIs) so Enable_LPIs is programmable. 436 */ 437 if (cs->gicr_typer & GICR_TYPER_PLPIS) { 438 if (value & GICR_CTLR_ENABLE_LPIS) { 439 cs->gicr_ctlr |= GICR_CTLR_ENABLE_LPIS; 440 /* Check for any pending interr in pending table */ 441 gicv3_redist_update_lpi(cs); 442 } else { 443 cs->gicr_ctlr &= ~GICR_CTLR_ENABLE_LPIS; 444 /* cs->hppi might have been an LPI; recalculate */ 445 gicv3_redist_update(cs); 446 } 447 } 448 return MEMTX_OK; 449 case GICR_STATUSR: 450 /* RAZ/WI for our implementation */ 451 return MEMTX_OK; 452 case GICR_WAKER: 453 /* Only the ProcessorSleep bit is writeable. When the guest sets 454 * it it requests that we transition the channel between the 455 * redistributor and the cpu interface to quiescent, and that 456 * we set the ChildrenAsleep bit once the inteface has reached the 457 * quiescent state. 458 * Setting the ProcessorSleep to 0 reverses the quiescing, and 459 * ChildrenAsleep is cleared once the transition is complete. 460 * Since our interface is not asynchronous, we complete these 461 * transitions instantaneously, so we set ChildrenAsleep to the 462 * same value as ProcessorSleep here. 463 */ 464 value &= GICR_WAKER_ProcessorSleep; 465 if (value & GICR_WAKER_ProcessorSleep) { 466 value |= GICR_WAKER_ChildrenAsleep; 467 } 468 cs->gicr_waker = value; 469 return MEMTX_OK; 470 case GICR_PROPBASER: 471 cs->gicr_propbaser = deposit64(cs->gicr_propbaser, 0, 32, value); 472 return MEMTX_OK; 473 case GICR_PROPBASER + 4: 474 cs->gicr_propbaser = deposit64(cs->gicr_propbaser, 32, 32, value); 475 return MEMTX_OK; 476 case GICR_PENDBASER: 477 cs->gicr_pendbaser = deposit64(cs->gicr_pendbaser, 0, 32, value); 478 return MEMTX_OK; 479 case GICR_PENDBASER + 4: 480 cs->gicr_pendbaser = deposit64(cs->gicr_pendbaser, 32, 32, value); 481 return MEMTX_OK; 482 case GICR_IGROUPR0: 483 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { 484 return MEMTX_OK; 485 } 486 cs->gicr_igroupr0 = value; 487 gicv3_redist_update(cs); 488 return MEMTX_OK; 489 case GICR_ISENABLER0: 490 gicr_write_set_bitmap_reg(cs, attrs, &cs->gicr_ienabler0, value); 491 return MEMTX_OK; 492 case GICR_ICENABLER0: 493 gicr_write_clear_bitmap_reg(cs, attrs, &cs->gicr_ienabler0, value); 494 return MEMTX_OK; 495 case GICR_ISPENDR0: 496 gicr_write_set_bitmap_reg(cs, attrs, &cs->gicr_ipendr0, value); 497 return MEMTX_OK; 498 case GICR_ICPENDR0: 499 gicr_write_clear_bitmap_reg(cs, attrs, &cs->gicr_ipendr0, value); 500 return MEMTX_OK; 501 case GICR_ISACTIVER0: 502 gicr_write_set_bitmap_reg(cs, attrs, &cs->gicr_iactiver0, value); 503 return MEMTX_OK; 504 case GICR_ICACTIVER0: 505 gicr_write_clear_bitmap_reg(cs, attrs, &cs->gicr_iactiver0, value); 506 return MEMTX_OK; 507 case GICR_IPRIORITYR ... GICR_IPRIORITYR + 0x1f: 508 { 509 int i, irq = offset - GICR_IPRIORITYR; 510 511 for (i = irq; i < irq + 4; i++, value >>= 8) { 512 gicr_write_ipriorityr(cs, attrs, i, value); 513 } 514 gicv3_redist_update(cs); 515 return MEMTX_OK; 516 } 517 case GICR_ICFGR0: 518 /* Register is all RAZ/WI or RAO/WI bits */ 519 return MEMTX_OK; 520 case GICR_ICFGR1: 521 { 522 uint32_t mask; 523 524 /* Since our edge_trigger bitmap is one bit per irq, our input 525 * 32-bits will compress down into 16 bits which we need 526 * to write into the bitmap. 527 */ 528 value = half_unshuffle32(value >> 1) << 16; 529 mask = mask_group(cs, attrs) & 0xffff0000U; 530 531 cs->edge_trigger &= ~mask; 532 cs->edge_trigger |= (value & mask); 533 534 gicv3_redist_update(cs); 535 return MEMTX_OK; 536 } 537 case GICR_IGRPMODR0: 538 if ((cs->gic->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { 539 /* RAZ/WI if security disabled, or if 540 * security enabled and this is an NS access 541 */ 542 return MEMTX_OK; 543 } 544 cs->gicr_igrpmodr0 = value; 545 gicv3_redist_update(cs); 546 return MEMTX_OK; 547 case GICR_NSACR: 548 if ((cs->gic->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { 549 /* RAZ/WI if security disabled, or if 550 * security enabled and this is an NS access 551 */ 552 return MEMTX_OK; 553 } 554 cs->gicr_nsacr = value; 555 /* no update required as this only affects access permission checks */ 556 return MEMTX_OK; 557 case GICR_IIDR: 558 case GICR_TYPER: 559 case GICR_IDREGS ... GICR_IDREGS + 0x2f: 560 /* RO registers, ignore the write */ 561 qemu_log_mask(LOG_GUEST_ERROR, 562 "%s: invalid guest write to RO register at offset " 563 TARGET_FMT_plx "\n", __func__, offset); 564 return MEMTX_OK; 565 /* 566 * VLPI frame registers. We don't need a version check for 567 * VPROPBASER and VPENDBASER because gicv3_redist_size() will 568 * prevent pre-v4 GIC from passing us offsets this high. 569 */ 570 case GICR_VPROPBASER: 571 cs->gicr_vpropbaser = deposit64(cs->gicr_vpropbaser, 0, 32, value); 572 return MEMTX_OK; 573 case GICR_VPROPBASER + 4: 574 cs->gicr_vpropbaser = deposit64(cs->gicr_vpropbaser, 32, 32, value); 575 return MEMTX_OK; 576 case GICR_VPENDBASER: 577 gicr_write_vpendbaser(cs, deposit64(cs->gicr_vpendbaser, 0, 32, value)); 578 return MEMTX_OK; 579 case GICR_VPENDBASER + 4: 580 gicr_write_vpendbaser(cs, deposit64(cs->gicr_vpendbaser, 32, 32, value)); 581 return MEMTX_OK; 582 default: 583 return MEMTX_ERROR; 584 } 585 } 586 587 static MemTxResult gicr_readll(GICv3CPUState *cs, hwaddr offset, 588 uint64_t *data, MemTxAttrs attrs) 589 { 590 switch (offset) { 591 case GICR_TYPER: 592 *data = cs->gicr_typer; 593 return MEMTX_OK; 594 case GICR_PROPBASER: 595 *data = cs->gicr_propbaser; 596 return MEMTX_OK; 597 case GICR_PENDBASER: 598 *data = cs->gicr_pendbaser; 599 return MEMTX_OK; 600 /* 601 * VLPI frame registers. We don't need a version check for 602 * VPROPBASER and VPENDBASER because gicv3_redist_size() will 603 * prevent pre-v4 GIC from passing us offsets this high. 604 */ 605 case GICR_VPROPBASER: 606 *data = cs->gicr_vpropbaser; 607 return MEMTX_OK; 608 case GICR_VPENDBASER: 609 *data = cs->gicr_vpendbaser; 610 return MEMTX_OK; 611 default: 612 return MEMTX_ERROR; 613 } 614 } 615 616 static MemTxResult gicr_writell(GICv3CPUState *cs, hwaddr offset, 617 uint64_t value, MemTxAttrs attrs) 618 { 619 switch (offset) { 620 case GICR_PROPBASER: 621 cs->gicr_propbaser = value; 622 return MEMTX_OK; 623 case GICR_PENDBASER: 624 cs->gicr_pendbaser = value; 625 return MEMTX_OK; 626 case GICR_TYPER: 627 /* RO register, ignore the write */ 628 qemu_log_mask(LOG_GUEST_ERROR, 629 "%s: invalid guest write to RO register at offset " 630 TARGET_FMT_plx "\n", __func__, offset); 631 return MEMTX_OK; 632 /* 633 * VLPI frame registers. We don't need a version check for 634 * VPROPBASER and VPENDBASER because gicv3_redist_size() will 635 * prevent pre-v4 GIC from passing us offsets this high. 636 */ 637 case GICR_VPROPBASER: 638 cs->gicr_vpropbaser = value; 639 return MEMTX_OK; 640 case GICR_VPENDBASER: 641 gicr_write_vpendbaser(cs, value); 642 return MEMTX_OK; 643 default: 644 return MEMTX_ERROR; 645 } 646 } 647 648 MemTxResult gicv3_redist_read(void *opaque, hwaddr offset, uint64_t *data, 649 unsigned size, MemTxAttrs attrs) 650 { 651 GICv3RedistRegion *region = opaque; 652 GICv3State *s = region->gic; 653 GICv3CPUState *cs; 654 MemTxResult r; 655 int cpuidx; 656 657 assert((offset & (size - 1)) == 0); 658 659 /* 660 * There are (for GICv3) two 64K redistributor pages per CPU. 661 * In some cases the redistributor pages for all CPUs are not 662 * contiguous (eg on the virt board they are split into two 663 * parts if there are too many CPUs to all fit in the same place 664 * in the memory map); if so then the GIC has multiple MemoryRegions 665 * for the redistributors. 666 */ 667 cpuidx = region->cpuidx + offset / gicv3_redist_size(s); 668 offset %= gicv3_redist_size(s); 669 670 cs = &s->cpu[cpuidx]; 671 672 switch (size) { 673 case 1: 674 r = gicr_readb(cs, offset, data, attrs); 675 break; 676 case 4: 677 r = gicr_readl(cs, offset, data, attrs); 678 break; 679 case 8: 680 r = gicr_readll(cs, offset, data, attrs); 681 break; 682 default: 683 r = MEMTX_ERROR; 684 break; 685 } 686 687 if (r != MEMTX_OK) { 688 qemu_log_mask(LOG_GUEST_ERROR, 689 "%s: invalid guest read at offset " TARGET_FMT_plx 690 " size %u\n", __func__, offset, size); 691 trace_gicv3_redist_badread(gicv3_redist_affid(cs), offset, 692 size, attrs.secure); 693 /* The spec requires that reserved registers are RAZ/WI; 694 * so use MEMTX_ERROR returns from leaf functions as a way to 695 * trigger the guest-error logging but don't return it to 696 * the caller, or we'll cause a spurious guest data abort. 697 */ 698 r = MEMTX_OK; 699 *data = 0; 700 } else { 701 trace_gicv3_redist_read(gicv3_redist_affid(cs), offset, *data, 702 size, attrs.secure); 703 } 704 return r; 705 } 706 707 MemTxResult gicv3_redist_write(void *opaque, hwaddr offset, uint64_t data, 708 unsigned size, MemTxAttrs attrs) 709 { 710 GICv3RedistRegion *region = opaque; 711 GICv3State *s = region->gic; 712 GICv3CPUState *cs; 713 MemTxResult r; 714 int cpuidx; 715 716 assert((offset & (size - 1)) == 0); 717 718 /* 719 * There are (for GICv3) two 64K redistributor pages per CPU. 720 * In some cases the redistributor pages for all CPUs are not 721 * contiguous (eg on the virt board they are split into two 722 * parts if there are too many CPUs to all fit in the same place 723 * in the memory map); if so then the GIC has multiple MemoryRegions 724 * for the redistributors. 725 */ 726 cpuidx = region->cpuidx + offset / gicv3_redist_size(s); 727 offset %= gicv3_redist_size(s); 728 729 cs = &s->cpu[cpuidx]; 730 731 switch (size) { 732 case 1: 733 r = gicr_writeb(cs, offset, data, attrs); 734 break; 735 case 4: 736 r = gicr_writel(cs, offset, data, attrs); 737 break; 738 case 8: 739 r = gicr_writell(cs, offset, data, attrs); 740 break; 741 default: 742 r = MEMTX_ERROR; 743 break; 744 } 745 746 if (r != MEMTX_OK) { 747 qemu_log_mask(LOG_GUEST_ERROR, 748 "%s: invalid guest write at offset " TARGET_FMT_plx 749 " size %u\n", __func__, offset, size); 750 trace_gicv3_redist_badwrite(gicv3_redist_affid(cs), offset, data, 751 size, attrs.secure); 752 /* The spec requires that reserved registers are RAZ/WI; 753 * so use MEMTX_ERROR returns from leaf functions as a way to 754 * trigger the guest-error logging but don't return it to 755 * the caller, or we'll cause a spurious guest data abort. 756 */ 757 r = MEMTX_OK; 758 } else { 759 trace_gicv3_redist_write(gicv3_redist_affid(cs), offset, data, 760 size, attrs.secure); 761 } 762 return r; 763 } 764 765 static void gicv3_redist_check_lpi_priority(GICv3CPUState *cs, int irq) 766 { 767 uint64_t lpict_baddr = cs->gicr_propbaser & R_GICR_PROPBASER_PHYADDR_MASK; 768 769 update_for_one_lpi(cs, irq, lpict_baddr, 770 cs->gic->gicd_ctlr & GICD_CTLR_DS, 771 &cs->hpplpi); 772 } 773 774 void gicv3_redist_update_lpi_only(GICv3CPUState *cs) 775 { 776 /* 777 * This function scans the LPI pending table and for each pending 778 * LPI, reads the corresponding entry from LPI configuration table 779 * to extract the priority info and determine if the current LPI 780 * priority is lower than the last computed high priority lpi interrupt. 781 * If yes, replace current LPI as the new high priority lpi interrupt. 782 */ 783 uint64_t lpipt_baddr, lpict_baddr; 784 uint64_t idbits; 785 786 idbits = MIN(FIELD_EX64(cs->gicr_propbaser, GICR_PROPBASER, IDBITS), 787 GICD_TYPER_IDBITS); 788 789 if (!(cs->gicr_ctlr & GICR_CTLR_ENABLE_LPIS)) { 790 return; 791 } 792 793 lpipt_baddr = cs->gicr_pendbaser & R_GICR_PENDBASER_PHYADDR_MASK; 794 lpict_baddr = cs->gicr_propbaser & R_GICR_PROPBASER_PHYADDR_MASK; 795 796 update_for_all_lpis(cs, lpipt_baddr, lpict_baddr, idbits, 797 cs->gic->gicd_ctlr & GICD_CTLR_DS, &cs->hpplpi); 798 } 799 800 void gicv3_redist_update_lpi(GICv3CPUState *cs) 801 { 802 gicv3_redist_update_lpi_only(cs); 803 gicv3_redist_update(cs); 804 } 805 806 void gicv3_redist_lpi_pending(GICv3CPUState *cs, int irq, int level) 807 { 808 /* 809 * This function updates the pending bit in lpi pending table for 810 * the irq being activated or deactivated. 811 */ 812 AddressSpace *as = &cs->gic->dma_as; 813 uint64_t lpipt_baddr; 814 bool ispend = false; 815 uint8_t pend; 816 817 /* 818 * get the bit value corresponding to this irq in the 819 * lpi pending table 820 */ 821 lpipt_baddr = cs->gicr_pendbaser & R_GICR_PENDBASER_PHYADDR_MASK; 822 823 address_space_read(as, lpipt_baddr + ((irq / 8) * sizeof(pend)), 824 MEMTXATTRS_UNSPECIFIED, &pend, sizeof(pend)); 825 826 ispend = extract32(pend, irq % 8, 1); 827 828 /* no change in the value of pending bit, return */ 829 if (ispend == level) { 830 return; 831 } 832 pend = deposit32(pend, irq % 8, 1, level ? 1 : 0); 833 834 address_space_write(as, lpipt_baddr + ((irq / 8) * sizeof(pend)), 835 MEMTXATTRS_UNSPECIFIED, &pend, sizeof(pend)); 836 837 /* 838 * check if this LPI is better than the current hpplpi, if yes 839 * just set hpplpi.prio and .irq without doing a full rescan 840 */ 841 if (level) { 842 gicv3_redist_check_lpi_priority(cs, irq); 843 gicv3_redist_update(cs); 844 } else { 845 if (irq == cs->hpplpi.irq) { 846 gicv3_redist_update_lpi(cs); 847 } 848 } 849 } 850 851 void gicv3_redist_process_lpi(GICv3CPUState *cs, int irq, int level) 852 { 853 uint64_t idbits; 854 855 idbits = MIN(FIELD_EX64(cs->gicr_propbaser, GICR_PROPBASER, IDBITS), 856 GICD_TYPER_IDBITS); 857 858 if (!(cs->gicr_ctlr & GICR_CTLR_ENABLE_LPIS) || 859 (irq > (1ULL << (idbits + 1)) - 1) || irq < GICV3_LPI_INTID_START) { 860 return; 861 } 862 863 /* set/clear the pending bit for this irq */ 864 gicv3_redist_lpi_pending(cs, irq, level); 865 } 866 867 void gicv3_redist_inv_lpi(GICv3CPUState *cs, int irq) 868 { 869 /* 870 * The only cached information for LPIs we have is the HPPLPI. 871 * We could be cleverer about identifying when we don't need 872 * to do a full rescan of the pending table, but until we find 873 * this is a performance issue, just always recalculate. 874 */ 875 gicv3_redist_update_lpi(cs); 876 } 877 878 void gicv3_redist_mov_lpi(GICv3CPUState *src, GICv3CPUState *dest, int irq) 879 { 880 /* 881 * Move the specified LPI's pending state from the source redistributor 882 * to the destination. 883 * 884 * If LPIs are disabled on dest this is CONSTRAINED UNPREDICTABLE: 885 * we choose to NOP. If LPIs are disabled on source there's nothing 886 * to be transferred anyway. 887 */ 888 AddressSpace *as = &src->gic->dma_as; 889 uint64_t idbits; 890 uint32_t pendt_size; 891 uint64_t src_baddr; 892 uint8_t src_pend; 893 894 if (!(src->gicr_ctlr & GICR_CTLR_ENABLE_LPIS) || 895 !(dest->gicr_ctlr & GICR_CTLR_ENABLE_LPIS)) { 896 return; 897 } 898 899 idbits = MIN(FIELD_EX64(src->gicr_propbaser, GICR_PROPBASER, IDBITS), 900 GICD_TYPER_IDBITS); 901 idbits = MIN(FIELD_EX64(dest->gicr_propbaser, GICR_PROPBASER, IDBITS), 902 idbits); 903 904 pendt_size = 1ULL << (idbits + 1); 905 if ((irq / 8) >= pendt_size) { 906 return; 907 } 908 909 src_baddr = src->gicr_pendbaser & R_GICR_PENDBASER_PHYADDR_MASK; 910 911 address_space_read(as, src_baddr + (irq / 8), 912 MEMTXATTRS_UNSPECIFIED, &src_pend, sizeof(src_pend)); 913 if (!extract32(src_pend, irq % 8, 1)) { 914 /* Not pending on source, nothing to do */ 915 return; 916 } 917 src_pend &= ~(1 << (irq % 8)); 918 address_space_write(as, src_baddr + (irq / 8), 919 MEMTXATTRS_UNSPECIFIED, &src_pend, sizeof(src_pend)); 920 if (irq == src->hpplpi.irq) { 921 /* 922 * We just made this LPI not-pending so only need to update 923 * if it was previously the highest priority pending LPI 924 */ 925 gicv3_redist_update_lpi(src); 926 } 927 /* Mark it pending on the destination */ 928 gicv3_redist_lpi_pending(dest, irq, 1); 929 } 930 931 void gicv3_redist_movall_lpis(GICv3CPUState *src, GICv3CPUState *dest) 932 { 933 /* 934 * We must move all pending LPIs from the source redistributor 935 * to the destination. That is, for every pending LPI X on 936 * src, we must set it not-pending on src and pending on dest. 937 * LPIs that are already pending on dest are not cleared. 938 * 939 * If LPIs are disabled on dest this is CONSTRAINED UNPREDICTABLE: 940 * we choose to NOP. If LPIs are disabled on source there's nothing 941 * to be transferred anyway. 942 */ 943 AddressSpace *as = &src->gic->dma_as; 944 uint64_t idbits; 945 uint32_t pendt_size; 946 uint64_t src_baddr, dest_baddr; 947 int i; 948 949 if (!(src->gicr_ctlr & GICR_CTLR_ENABLE_LPIS) || 950 !(dest->gicr_ctlr & GICR_CTLR_ENABLE_LPIS)) { 951 return; 952 } 953 954 idbits = MIN(FIELD_EX64(src->gicr_propbaser, GICR_PROPBASER, IDBITS), 955 GICD_TYPER_IDBITS); 956 idbits = MIN(FIELD_EX64(dest->gicr_propbaser, GICR_PROPBASER, IDBITS), 957 idbits); 958 959 pendt_size = 1ULL << (idbits + 1); 960 src_baddr = src->gicr_pendbaser & R_GICR_PENDBASER_PHYADDR_MASK; 961 dest_baddr = dest->gicr_pendbaser & R_GICR_PENDBASER_PHYADDR_MASK; 962 963 for (i = GICV3_LPI_INTID_START / 8; i < pendt_size / 8; i++) { 964 uint8_t src_pend, dest_pend; 965 966 address_space_read(as, src_baddr + i, MEMTXATTRS_UNSPECIFIED, 967 &src_pend, sizeof(src_pend)); 968 if (!src_pend) { 969 continue; 970 } 971 address_space_read(as, dest_baddr + i, MEMTXATTRS_UNSPECIFIED, 972 &dest_pend, sizeof(dest_pend)); 973 dest_pend |= src_pend; 974 src_pend = 0; 975 address_space_write(as, src_baddr + i, MEMTXATTRS_UNSPECIFIED, 976 &src_pend, sizeof(src_pend)); 977 address_space_write(as, dest_baddr + i, MEMTXATTRS_UNSPECIFIED, 978 &dest_pend, sizeof(dest_pend)); 979 } 980 981 gicv3_redist_update_lpi(src); 982 gicv3_redist_update_lpi(dest); 983 } 984 985 void gicv3_redist_vlpi_pending(GICv3CPUState *cs, int irq, int level) 986 { 987 /* 988 * The redistributor handling for changing the pending state 989 * of a vLPI will be added in a subsequent commit. 990 */ 991 } 992 993 void gicv3_redist_process_vlpi(GICv3CPUState *cs, int irq, uint64_t vptaddr, 994 int doorbell, int level) 995 { 996 /* 997 * The redistributor handling for being handed a VLPI by the ITS 998 * will be added in a subsequent commit. 999 */ 1000 } 1001 1002 void gicv3_redist_mov_vlpi(GICv3CPUState *src, uint64_t src_vptaddr, 1003 GICv3CPUState *dest, uint64_t dest_vptaddr, 1004 int irq, int doorbell) 1005 { 1006 /* 1007 * The redistributor handling for moving a VLPI will be added 1008 * in a subsequent commit. 1009 */ 1010 } 1011 1012 void gicv3_redist_vinvall(GICv3CPUState *cs, uint64_t vptaddr) 1013 { 1014 /* The redistributor handling will be added in a subsequent commit */ 1015 } 1016 1017 void gicv3_redist_inv_vlpi(GICv3CPUState *cs, int irq, uint64_t vptaddr) 1018 { 1019 /* 1020 * The redistributor handling for invalidating cached information 1021 * about a VLPI will be added in a subsequent commit. 1022 */ 1023 } 1024 1025 void gicv3_redist_set_irq(GICv3CPUState *cs, int irq, int level) 1026 { 1027 /* Update redistributor state for a change in an external PPI input line */ 1028 if (level == extract32(cs->level, irq, 1)) { 1029 return; 1030 } 1031 1032 trace_gicv3_redist_set_irq(gicv3_redist_affid(cs), irq, level); 1033 1034 cs->level = deposit32(cs->level, irq, 1, level); 1035 1036 if (level) { 1037 /* 0->1 edges latch the pending bit for edge-triggered interrupts */ 1038 if (extract32(cs->edge_trigger, irq, 1)) { 1039 cs->gicr_ipendr0 = deposit32(cs->gicr_ipendr0, irq, 1, 1); 1040 } 1041 } 1042 1043 gicv3_redist_update(cs); 1044 } 1045 1046 void gicv3_redist_send_sgi(GICv3CPUState *cs, int grp, int irq, bool ns) 1047 { 1048 /* Update redistributor state for a generated SGI */ 1049 int irqgrp = gicv3_irq_group(cs->gic, cs, irq); 1050 1051 /* If we are asked for a Secure Group 1 SGI and it's actually 1052 * configured as Secure Group 0 this is OK (subject to the usual 1053 * NSACR checks). 1054 */ 1055 if (grp == GICV3_G1 && irqgrp == GICV3_G0) { 1056 grp = GICV3_G0; 1057 } 1058 1059 if (grp != irqgrp) { 1060 return; 1061 } 1062 1063 if (ns && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { 1064 /* If security is enabled we must test the NSACR bits */ 1065 int nsaccess = gicr_ns_access(cs, irq); 1066 1067 if ((irqgrp == GICV3_G0 && nsaccess < 1) || 1068 (irqgrp == GICV3_G1 && nsaccess < 2)) { 1069 return; 1070 } 1071 } 1072 1073 /* OK, we can accept the SGI */ 1074 trace_gicv3_redist_send_sgi(gicv3_redist_affid(cs), irq); 1075 cs->gicr_ipendr0 = deposit32(cs->gicr_ipendr0, irq, 1, 1); 1076 gicv3_redist_update(cs); 1077 } 1078