1 /* 2 * ARM GICv3 emulation: Redistributor 3 * 4 * Copyright (c) 2015 Huawei. 5 * Copyright (c) 2016 Linaro Limited. 6 * Written by Shlomo Pongratz, Peter Maydell 7 * 8 * This code is licensed under the GPL, version 2 or (at your option) 9 * any later version. 10 */ 11 12 #include "qemu/osdep.h" 13 #include "qemu/log.h" 14 #include "trace.h" 15 #include "gicv3_internal.h" 16 17 static uint32_t mask_group(GICv3CPUState *cs, MemTxAttrs attrs) 18 { 19 /* Return a 32-bit mask which should be applied for this set of 32 20 * interrupts; each bit is 1 if access is permitted by the 21 * combination of attrs.secure and GICR_GROUPR. (GICR_NSACR does 22 * not affect config register accesses, unlike GICD_NSACR.) 23 */ 24 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { 25 /* bits for Group 0 or Secure Group 1 interrupts are RAZ/WI */ 26 return cs->gicr_igroupr0; 27 } 28 return 0xFFFFFFFFU; 29 } 30 31 static int gicr_ns_access(GICv3CPUState *cs, int irq) 32 { 33 /* Return the 2 bit NSACR.NS_access field for this SGI */ 34 assert(irq < 16); 35 return extract32(cs->gicr_nsacr, irq * 2, 2); 36 } 37 38 static void gicr_write_set_bitmap_reg(GICv3CPUState *cs, MemTxAttrs attrs, 39 uint32_t *reg, uint32_t val) 40 { 41 /* Helper routine to implement writing to a "set-bitmap" register */ 42 val &= mask_group(cs, attrs); 43 *reg |= val; 44 gicv3_redist_update(cs); 45 } 46 47 static void gicr_write_clear_bitmap_reg(GICv3CPUState *cs, MemTxAttrs attrs, 48 uint32_t *reg, uint32_t val) 49 { 50 /* Helper routine to implement writing to a "clear-bitmap" register */ 51 val &= mask_group(cs, attrs); 52 *reg &= ~val; 53 gicv3_redist_update(cs); 54 } 55 56 static uint32_t gicr_read_bitmap_reg(GICv3CPUState *cs, MemTxAttrs attrs, 57 uint32_t reg) 58 { 59 reg &= mask_group(cs, attrs); 60 return reg; 61 } 62 63 /** 64 * update_for_one_lpi: Update pending information if this LPI is better 65 * 66 * @cs: GICv3CPUState 67 * @irq: interrupt to look up in the LPI Configuration table 68 * @ctbase: physical address of the LPI Configuration table to use 69 * @ds: true if priority value should not be shifted 70 * @hpp: points to pending information to update 71 * 72 * Look up @irq in the Configuration table specified by @ctbase 73 * to see if it is enabled and what its priority is. If it is an 74 * enabled interrupt with a higher priority than that currently 75 * recorded in @hpp, update @hpp. 76 */ 77 static void update_for_one_lpi(GICv3CPUState *cs, int irq, 78 uint64_t ctbase, bool ds, PendingIrq *hpp) 79 { 80 uint8_t lpite; 81 uint8_t prio; 82 83 address_space_read(&cs->gic->dma_as, 84 ctbase + ((irq - GICV3_LPI_INTID_START) * sizeof(lpite)), 85 MEMTXATTRS_UNSPECIFIED, &lpite, sizeof(lpite)); 86 87 if (!(lpite & LPI_CTE_ENABLED)) { 88 return; 89 } 90 91 if (ds) { 92 prio = lpite & LPI_PRIORITY_MASK; 93 } else { 94 prio = ((lpite & LPI_PRIORITY_MASK) >> 1) | 0x80; 95 } 96 97 if ((prio < hpp->prio) || 98 ((prio == hpp->prio) && (irq <= hpp->irq))) { 99 hpp->irq = irq; 100 hpp->prio = prio; 101 /* LPIs and vLPIs are always non-secure Grp1 interrupts */ 102 hpp->grp = GICV3_G1NS; 103 } 104 } 105 106 /** 107 * update_for_all_lpis: Fully scan LPI tables and find best pending LPI 108 * 109 * @cs: GICv3CPUState 110 * @ptbase: physical address of LPI Pending table 111 * @ctbase: physical address of LPI Configuration table 112 * @ptsizebits: size of tables, specified as number of interrupt ID bits minus 1 113 * @ds: true if priority value should not be shifted 114 * @hpp: points to pending information to set 115 * 116 * Recalculate the highest priority pending enabled LPI from scratch, 117 * and set @hpp accordingly. 118 * 119 * We scan the LPI pending table @ptbase; for each pending LPI, we read the 120 * corresponding entry in the LPI configuration table @ctbase to extract 121 * the priority and enabled information. 122 * 123 * We take @ptsizebits in the form idbits-1 because this is the way that 124 * LPI table sizes are architecturally specified in GICR_PROPBASER.IDBits 125 * and in the VMAPP command's VPT_size field. 126 */ 127 static void update_for_all_lpis(GICv3CPUState *cs, uint64_t ptbase, 128 uint64_t ctbase, unsigned ptsizebits, 129 bool ds, PendingIrq *hpp) 130 { 131 AddressSpace *as = &cs->gic->dma_as; 132 uint8_t pend; 133 uint32_t pendt_size = (1ULL << (ptsizebits + 1)); 134 int i, bit; 135 136 hpp->prio = 0xff; 137 138 for (i = GICV3_LPI_INTID_START / 8; i < pendt_size / 8; i++) { 139 address_space_read(as, ptbase + i, MEMTXATTRS_UNSPECIFIED, &pend, 1); 140 while (pend) { 141 bit = ctz32(pend); 142 update_for_one_lpi(cs, i * 8 + bit, ctbase, ds, hpp); 143 pend &= ~(1 << bit); 144 } 145 } 146 } 147 148 static uint8_t gicr_read_ipriorityr(GICv3CPUState *cs, MemTxAttrs attrs, 149 int irq) 150 { 151 /* Read the value of GICR_IPRIORITYR<n> for the specified interrupt, 152 * honouring security state (these are RAZ/WI for Group 0 or Secure 153 * Group 1 interrupts). 154 */ 155 uint32_t prio; 156 157 prio = cs->gicr_ipriorityr[irq]; 158 159 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { 160 if (!(cs->gicr_igroupr0 & (1U << irq))) { 161 /* Fields for Group 0 or Secure Group 1 interrupts are RAZ/WI */ 162 return 0; 163 } 164 /* NS view of the interrupt priority */ 165 prio = (prio << 1) & 0xff; 166 } 167 return prio; 168 } 169 170 static void gicr_write_ipriorityr(GICv3CPUState *cs, MemTxAttrs attrs, int irq, 171 uint8_t value) 172 { 173 /* Write the value of GICD_IPRIORITYR<n> for the specified interrupt, 174 * honouring security state (these are RAZ/WI for Group 0 or Secure 175 * Group 1 interrupts). 176 */ 177 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { 178 if (!(cs->gicr_igroupr0 & (1U << irq))) { 179 /* Fields for Group 0 or Secure Group 1 interrupts are RAZ/WI */ 180 return; 181 } 182 /* NS view of the interrupt priority */ 183 value = 0x80 | (value >> 1); 184 } 185 cs->gicr_ipriorityr[irq] = value; 186 } 187 188 static MemTxResult gicr_readb(GICv3CPUState *cs, hwaddr offset, 189 uint64_t *data, MemTxAttrs attrs) 190 { 191 switch (offset) { 192 case GICR_IPRIORITYR ... GICR_IPRIORITYR + 0x1f: 193 *data = gicr_read_ipriorityr(cs, attrs, offset - GICR_IPRIORITYR); 194 return MEMTX_OK; 195 default: 196 return MEMTX_ERROR; 197 } 198 } 199 200 static MemTxResult gicr_writeb(GICv3CPUState *cs, hwaddr offset, 201 uint64_t value, MemTxAttrs attrs) 202 { 203 switch (offset) { 204 case GICR_IPRIORITYR ... GICR_IPRIORITYR + 0x1f: 205 gicr_write_ipriorityr(cs, attrs, offset - GICR_IPRIORITYR, value); 206 gicv3_redist_update(cs); 207 return MEMTX_OK; 208 default: 209 return MEMTX_ERROR; 210 } 211 } 212 213 static MemTxResult gicr_readl(GICv3CPUState *cs, hwaddr offset, 214 uint64_t *data, MemTxAttrs attrs) 215 { 216 switch (offset) { 217 case GICR_CTLR: 218 *data = cs->gicr_ctlr; 219 return MEMTX_OK; 220 case GICR_IIDR: 221 *data = gicv3_iidr(); 222 return MEMTX_OK; 223 case GICR_TYPER: 224 *data = extract64(cs->gicr_typer, 0, 32); 225 return MEMTX_OK; 226 case GICR_TYPER + 4: 227 *data = extract64(cs->gicr_typer, 32, 32); 228 return MEMTX_OK; 229 case GICR_STATUSR: 230 /* RAZ/WI for us (this is an optional register and our implementation 231 * does not track RO/WO/reserved violations to report them to the guest) 232 */ 233 *data = 0; 234 return MEMTX_OK; 235 case GICR_WAKER: 236 *data = cs->gicr_waker; 237 return MEMTX_OK; 238 case GICR_PROPBASER: 239 *data = extract64(cs->gicr_propbaser, 0, 32); 240 return MEMTX_OK; 241 case GICR_PROPBASER + 4: 242 *data = extract64(cs->gicr_propbaser, 32, 32); 243 return MEMTX_OK; 244 case GICR_PENDBASER: 245 *data = extract64(cs->gicr_pendbaser, 0, 32); 246 return MEMTX_OK; 247 case GICR_PENDBASER + 4: 248 *data = extract64(cs->gicr_pendbaser, 32, 32); 249 return MEMTX_OK; 250 case GICR_IGROUPR0: 251 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { 252 *data = 0; 253 return MEMTX_OK; 254 } 255 *data = cs->gicr_igroupr0; 256 return MEMTX_OK; 257 case GICR_ISENABLER0: 258 case GICR_ICENABLER0: 259 *data = gicr_read_bitmap_reg(cs, attrs, cs->gicr_ienabler0); 260 return MEMTX_OK; 261 case GICR_ISPENDR0: 262 case GICR_ICPENDR0: 263 { 264 /* The pending register reads as the logical OR of the pending 265 * latch and the input line level for level-triggered interrupts. 266 */ 267 uint32_t val = cs->gicr_ipendr0 | (~cs->edge_trigger & cs->level); 268 *data = gicr_read_bitmap_reg(cs, attrs, val); 269 return MEMTX_OK; 270 } 271 case GICR_ISACTIVER0: 272 case GICR_ICACTIVER0: 273 *data = gicr_read_bitmap_reg(cs, attrs, cs->gicr_iactiver0); 274 return MEMTX_OK; 275 case GICR_IPRIORITYR ... GICR_IPRIORITYR + 0x1f: 276 { 277 int i, irq = offset - GICR_IPRIORITYR; 278 uint32_t value = 0; 279 280 for (i = irq + 3; i >= irq; i--) { 281 value <<= 8; 282 value |= gicr_read_ipriorityr(cs, attrs, i); 283 } 284 *data = value; 285 return MEMTX_OK; 286 } 287 case GICR_ICFGR0: 288 case GICR_ICFGR1: 289 { 290 /* Our edge_trigger bitmap is one bit per irq; take the correct 291 * half of it, and spread it out into the odd bits. 292 */ 293 uint32_t value; 294 295 value = cs->edge_trigger & mask_group(cs, attrs); 296 value = extract32(value, (offset == GICR_ICFGR1) ? 16 : 0, 16); 297 value = half_shuffle32(value) << 1; 298 *data = value; 299 return MEMTX_OK; 300 } 301 case GICR_IGRPMODR0: 302 if ((cs->gic->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { 303 /* RAZ/WI if security disabled, or if 304 * security enabled and this is an NS access 305 */ 306 *data = 0; 307 return MEMTX_OK; 308 } 309 *data = cs->gicr_igrpmodr0; 310 return MEMTX_OK; 311 case GICR_NSACR: 312 if ((cs->gic->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { 313 /* RAZ/WI if security disabled, or if 314 * security enabled and this is an NS access 315 */ 316 *data = 0; 317 return MEMTX_OK; 318 } 319 *data = cs->gicr_nsacr; 320 return MEMTX_OK; 321 case GICR_IDREGS ... GICR_IDREGS + 0x2f: 322 *data = gicv3_idreg(offset - GICR_IDREGS, GICV3_PIDR0_REDIST); 323 return MEMTX_OK; 324 /* 325 * VLPI frame registers. We don't need a version check for 326 * VPROPBASER and VPENDBASER because gicv3_redist_size() will 327 * prevent pre-v4 GIC from passing us offsets this high. 328 */ 329 case GICR_VPROPBASER: 330 *data = extract64(cs->gicr_vpropbaser, 0, 32); 331 return MEMTX_OK; 332 case GICR_VPROPBASER + 4: 333 *data = extract64(cs->gicr_vpropbaser, 32, 32); 334 return MEMTX_OK; 335 case GICR_VPENDBASER: 336 *data = extract64(cs->gicr_vpendbaser, 0, 32); 337 return MEMTX_OK; 338 case GICR_VPENDBASER + 4: 339 *data = extract64(cs->gicr_vpendbaser, 32, 32); 340 return MEMTX_OK; 341 default: 342 return MEMTX_ERROR; 343 } 344 } 345 346 static MemTxResult gicr_writel(GICv3CPUState *cs, hwaddr offset, 347 uint64_t value, MemTxAttrs attrs) 348 { 349 switch (offset) { 350 case GICR_CTLR: 351 /* For our implementation, GICR_TYPER.DPGS is 0 and so all 352 * the DPG bits are RAZ/WI. We don't do anything asynchronously, 353 * so UWP and RWP are RAZ/WI. GICR_TYPER.LPIS is 1 (we 354 * implement LPIs) so Enable_LPIs is programmable. 355 */ 356 if (cs->gicr_typer & GICR_TYPER_PLPIS) { 357 if (value & GICR_CTLR_ENABLE_LPIS) { 358 cs->gicr_ctlr |= GICR_CTLR_ENABLE_LPIS; 359 /* Check for any pending interr in pending table */ 360 gicv3_redist_update_lpi(cs); 361 } else { 362 cs->gicr_ctlr &= ~GICR_CTLR_ENABLE_LPIS; 363 /* cs->hppi might have been an LPI; recalculate */ 364 gicv3_redist_update(cs); 365 } 366 } 367 return MEMTX_OK; 368 case GICR_STATUSR: 369 /* RAZ/WI for our implementation */ 370 return MEMTX_OK; 371 case GICR_WAKER: 372 /* Only the ProcessorSleep bit is writeable. When the guest sets 373 * it it requests that we transition the channel between the 374 * redistributor and the cpu interface to quiescent, and that 375 * we set the ChildrenAsleep bit once the inteface has reached the 376 * quiescent state. 377 * Setting the ProcessorSleep to 0 reverses the quiescing, and 378 * ChildrenAsleep is cleared once the transition is complete. 379 * Since our interface is not asynchronous, we complete these 380 * transitions instantaneously, so we set ChildrenAsleep to the 381 * same value as ProcessorSleep here. 382 */ 383 value &= GICR_WAKER_ProcessorSleep; 384 if (value & GICR_WAKER_ProcessorSleep) { 385 value |= GICR_WAKER_ChildrenAsleep; 386 } 387 cs->gicr_waker = value; 388 return MEMTX_OK; 389 case GICR_PROPBASER: 390 cs->gicr_propbaser = deposit64(cs->gicr_propbaser, 0, 32, value); 391 return MEMTX_OK; 392 case GICR_PROPBASER + 4: 393 cs->gicr_propbaser = deposit64(cs->gicr_propbaser, 32, 32, value); 394 return MEMTX_OK; 395 case GICR_PENDBASER: 396 cs->gicr_pendbaser = deposit64(cs->gicr_pendbaser, 0, 32, value); 397 return MEMTX_OK; 398 case GICR_PENDBASER + 4: 399 cs->gicr_pendbaser = deposit64(cs->gicr_pendbaser, 32, 32, value); 400 return MEMTX_OK; 401 case GICR_IGROUPR0: 402 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { 403 return MEMTX_OK; 404 } 405 cs->gicr_igroupr0 = value; 406 gicv3_redist_update(cs); 407 return MEMTX_OK; 408 case GICR_ISENABLER0: 409 gicr_write_set_bitmap_reg(cs, attrs, &cs->gicr_ienabler0, value); 410 return MEMTX_OK; 411 case GICR_ICENABLER0: 412 gicr_write_clear_bitmap_reg(cs, attrs, &cs->gicr_ienabler0, value); 413 return MEMTX_OK; 414 case GICR_ISPENDR0: 415 gicr_write_set_bitmap_reg(cs, attrs, &cs->gicr_ipendr0, value); 416 return MEMTX_OK; 417 case GICR_ICPENDR0: 418 gicr_write_clear_bitmap_reg(cs, attrs, &cs->gicr_ipendr0, value); 419 return MEMTX_OK; 420 case GICR_ISACTIVER0: 421 gicr_write_set_bitmap_reg(cs, attrs, &cs->gicr_iactiver0, value); 422 return MEMTX_OK; 423 case GICR_ICACTIVER0: 424 gicr_write_clear_bitmap_reg(cs, attrs, &cs->gicr_iactiver0, value); 425 return MEMTX_OK; 426 case GICR_IPRIORITYR ... GICR_IPRIORITYR + 0x1f: 427 { 428 int i, irq = offset - GICR_IPRIORITYR; 429 430 for (i = irq; i < irq + 4; i++, value >>= 8) { 431 gicr_write_ipriorityr(cs, attrs, i, value); 432 } 433 gicv3_redist_update(cs); 434 return MEMTX_OK; 435 } 436 case GICR_ICFGR0: 437 /* Register is all RAZ/WI or RAO/WI bits */ 438 return MEMTX_OK; 439 case GICR_ICFGR1: 440 { 441 uint32_t mask; 442 443 /* Since our edge_trigger bitmap is one bit per irq, our input 444 * 32-bits will compress down into 16 bits which we need 445 * to write into the bitmap. 446 */ 447 value = half_unshuffle32(value >> 1) << 16; 448 mask = mask_group(cs, attrs) & 0xffff0000U; 449 450 cs->edge_trigger &= ~mask; 451 cs->edge_trigger |= (value & mask); 452 453 gicv3_redist_update(cs); 454 return MEMTX_OK; 455 } 456 case GICR_IGRPMODR0: 457 if ((cs->gic->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { 458 /* RAZ/WI if security disabled, or if 459 * security enabled and this is an NS access 460 */ 461 return MEMTX_OK; 462 } 463 cs->gicr_igrpmodr0 = value; 464 gicv3_redist_update(cs); 465 return MEMTX_OK; 466 case GICR_NSACR: 467 if ((cs->gic->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { 468 /* RAZ/WI if security disabled, or if 469 * security enabled and this is an NS access 470 */ 471 return MEMTX_OK; 472 } 473 cs->gicr_nsacr = value; 474 /* no update required as this only affects access permission checks */ 475 return MEMTX_OK; 476 case GICR_IIDR: 477 case GICR_TYPER: 478 case GICR_IDREGS ... GICR_IDREGS + 0x2f: 479 /* RO registers, ignore the write */ 480 qemu_log_mask(LOG_GUEST_ERROR, 481 "%s: invalid guest write to RO register at offset " 482 TARGET_FMT_plx "\n", __func__, offset); 483 return MEMTX_OK; 484 /* 485 * VLPI frame registers. We don't need a version check for 486 * VPROPBASER and VPENDBASER because gicv3_redist_size() will 487 * prevent pre-v4 GIC from passing us offsets this high. 488 */ 489 case GICR_VPROPBASER: 490 cs->gicr_vpropbaser = deposit64(cs->gicr_vpropbaser, 0, 32, value); 491 return MEMTX_OK; 492 case GICR_VPROPBASER + 4: 493 cs->gicr_vpropbaser = deposit64(cs->gicr_vpropbaser, 32, 32, value); 494 return MEMTX_OK; 495 case GICR_VPENDBASER: 496 cs->gicr_vpendbaser = deposit64(cs->gicr_vpendbaser, 0, 32, value); 497 return MEMTX_OK; 498 case GICR_VPENDBASER + 4: 499 cs->gicr_vpendbaser = deposit64(cs->gicr_vpendbaser, 32, 32, value); 500 return MEMTX_OK; 501 default: 502 return MEMTX_ERROR; 503 } 504 } 505 506 static MemTxResult gicr_readll(GICv3CPUState *cs, hwaddr offset, 507 uint64_t *data, MemTxAttrs attrs) 508 { 509 switch (offset) { 510 case GICR_TYPER: 511 *data = cs->gicr_typer; 512 return MEMTX_OK; 513 case GICR_PROPBASER: 514 *data = cs->gicr_propbaser; 515 return MEMTX_OK; 516 case GICR_PENDBASER: 517 *data = cs->gicr_pendbaser; 518 return MEMTX_OK; 519 /* 520 * VLPI frame registers. We don't need a version check for 521 * VPROPBASER and VPENDBASER because gicv3_redist_size() will 522 * prevent pre-v4 GIC from passing us offsets this high. 523 */ 524 case GICR_VPROPBASER: 525 *data = cs->gicr_vpropbaser; 526 return MEMTX_OK; 527 case GICR_VPENDBASER: 528 *data = cs->gicr_vpendbaser; 529 return MEMTX_OK; 530 default: 531 return MEMTX_ERROR; 532 } 533 } 534 535 static MemTxResult gicr_writell(GICv3CPUState *cs, hwaddr offset, 536 uint64_t value, MemTxAttrs attrs) 537 { 538 switch (offset) { 539 case GICR_PROPBASER: 540 cs->gicr_propbaser = value; 541 return MEMTX_OK; 542 case GICR_PENDBASER: 543 cs->gicr_pendbaser = value; 544 return MEMTX_OK; 545 case GICR_TYPER: 546 /* RO register, ignore the write */ 547 qemu_log_mask(LOG_GUEST_ERROR, 548 "%s: invalid guest write to RO register at offset " 549 TARGET_FMT_plx "\n", __func__, offset); 550 return MEMTX_OK; 551 /* 552 * VLPI frame registers. We don't need a version check for 553 * VPROPBASER and VPENDBASER because gicv3_redist_size() will 554 * prevent pre-v4 GIC from passing us offsets this high. 555 */ 556 case GICR_VPROPBASER: 557 cs->gicr_vpropbaser = value; 558 return MEMTX_OK; 559 case GICR_VPENDBASER: 560 cs->gicr_vpendbaser = value; 561 return MEMTX_OK; 562 default: 563 return MEMTX_ERROR; 564 } 565 } 566 567 MemTxResult gicv3_redist_read(void *opaque, hwaddr offset, uint64_t *data, 568 unsigned size, MemTxAttrs attrs) 569 { 570 GICv3RedistRegion *region = opaque; 571 GICv3State *s = region->gic; 572 GICv3CPUState *cs; 573 MemTxResult r; 574 int cpuidx; 575 576 assert((offset & (size - 1)) == 0); 577 578 /* 579 * There are (for GICv3) two 64K redistributor pages per CPU. 580 * In some cases the redistributor pages for all CPUs are not 581 * contiguous (eg on the virt board they are split into two 582 * parts if there are too many CPUs to all fit in the same place 583 * in the memory map); if so then the GIC has multiple MemoryRegions 584 * for the redistributors. 585 */ 586 cpuidx = region->cpuidx + offset / gicv3_redist_size(s); 587 offset %= gicv3_redist_size(s); 588 589 cs = &s->cpu[cpuidx]; 590 591 switch (size) { 592 case 1: 593 r = gicr_readb(cs, offset, data, attrs); 594 break; 595 case 4: 596 r = gicr_readl(cs, offset, data, attrs); 597 break; 598 case 8: 599 r = gicr_readll(cs, offset, data, attrs); 600 break; 601 default: 602 r = MEMTX_ERROR; 603 break; 604 } 605 606 if (r != MEMTX_OK) { 607 qemu_log_mask(LOG_GUEST_ERROR, 608 "%s: invalid guest read at offset " TARGET_FMT_plx 609 " size %u\n", __func__, offset, size); 610 trace_gicv3_redist_badread(gicv3_redist_affid(cs), offset, 611 size, attrs.secure); 612 /* The spec requires that reserved registers are RAZ/WI; 613 * so use MEMTX_ERROR returns from leaf functions as a way to 614 * trigger the guest-error logging but don't return it to 615 * the caller, or we'll cause a spurious guest data abort. 616 */ 617 r = MEMTX_OK; 618 *data = 0; 619 } else { 620 trace_gicv3_redist_read(gicv3_redist_affid(cs), offset, *data, 621 size, attrs.secure); 622 } 623 return r; 624 } 625 626 MemTxResult gicv3_redist_write(void *opaque, hwaddr offset, uint64_t data, 627 unsigned size, MemTxAttrs attrs) 628 { 629 GICv3RedistRegion *region = opaque; 630 GICv3State *s = region->gic; 631 GICv3CPUState *cs; 632 MemTxResult r; 633 int cpuidx; 634 635 assert((offset & (size - 1)) == 0); 636 637 /* 638 * There are (for GICv3) two 64K redistributor pages per CPU. 639 * In some cases the redistributor pages for all CPUs are not 640 * contiguous (eg on the virt board they are split into two 641 * parts if there are too many CPUs to all fit in the same place 642 * in the memory map); if so then the GIC has multiple MemoryRegions 643 * for the redistributors. 644 */ 645 cpuidx = region->cpuidx + offset / gicv3_redist_size(s); 646 offset %= gicv3_redist_size(s); 647 648 cs = &s->cpu[cpuidx]; 649 650 switch (size) { 651 case 1: 652 r = gicr_writeb(cs, offset, data, attrs); 653 break; 654 case 4: 655 r = gicr_writel(cs, offset, data, attrs); 656 break; 657 case 8: 658 r = gicr_writell(cs, offset, data, attrs); 659 break; 660 default: 661 r = MEMTX_ERROR; 662 break; 663 } 664 665 if (r != MEMTX_OK) { 666 qemu_log_mask(LOG_GUEST_ERROR, 667 "%s: invalid guest write at offset " TARGET_FMT_plx 668 " size %u\n", __func__, offset, size); 669 trace_gicv3_redist_badwrite(gicv3_redist_affid(cs), offset, data, 670 size, attrs.secure); 671 /* The spec requires that reserved registers are RAZ/WI; 672 * so use MEMTX_ERROR returns from leaf functions as a way to 673 * trigger the guest-error logging but don't return it to 674 * the caller, or we'll cause a spurious guest data abort. 675 */ 676 r = MEMTX_OK; 677 } else { 678 trace_gicv3_redist_write(gicv3_redist_affid(cs), offset, data, 679 size, attrs.secure); 680 } 681 return r; 682 } 683 684 static void gicv3_redist_check_lpi_priority(GICv3CPUState *cs, int irq) 685 { 686 uint64_t lpict_baddr = cs->gicr_propbaser & R_GICR_PROPBASER_PHYADDR_MASK; 687 688 update_for_one_lpi(cs, irq, lpict_baddr, 689 cs->gic->gicd_ctlr & GICD_CTLR_DS, 690 &cs->hpplpi); 691 } 692 693 void gicv3_redist_update_lpi_only(GICv3CPUState *cs) 694 { 695 /* 696 * This function scans the LPI pending table and for each pending 697 * LPI, reads the corresponding entry from LPI configuration table 698 * to extract the priority info and determine if the current LPI 699 * priority is lower than the last computed high priority lpi interrupt. 700 * If yes, replace current LPI as the new high priority lpi interrupt. 701 */ 702 uint64_t lpipt_baddr, lpict_baddr; 703 uint64_t idbits; 704 705 idbits = MIN(FIELD_EX64(cs->gicr_propbaser, GICR_PROPBASER, IDBITS), 706 GICD_TYPER_IDBITS); 707 708 if (!(cs->gicr_ctlr & GICR_CTLR_ENABLE_LPIS)) { 709 return; 710 } 711 712 lpipt_baddr = cs->gicr_pendbaser & R_GICR_PENDBASER_PHYADDR_MASK; 713 lpict_baddr = cs->gicr_propbaser & R_GICR_PROPBASER_PHYADDR_MASK; 714 715 update_for_all_lpis(cs, lpipt_baddr, lpict_baddr, idbits, 716 cs->gic->gicd_ctlr & GICD_CTLR_DS, &cs->hpplpi); 717 } 718 719 void gicv3_redist_update_lpi(GICv3CPUState *cs) 720 { 721 gicv3_redist_update_lpi_only(cs); 722 gicv3_redist_update(cs); 723 } 724 725 void gicv3_redist_lpi_pending(GICv3CPUState *cs, int irq, int level) 726 { 727 /* 728 * This function updates the pending bit in lpi pending table for 729 * the irq being activated or deactivated. 730 */ 731 AddressSpace *as = &cs->gic->dma_as; 732 uint64_t lpipt_baddr; 733 bool ispend = false; 734 uint8_t pend; 735 736 /* 737 * get the bit value corresponding to this irq in the 738 * lpi pending table 739 */ 740 lpipt_baddr = cs->gicr_pendbaser & R_GICR_PENDBASER_PHYADDR_MASK; 741 742 address_space_read(as, lpipt_baddr + ((irq / 8) * sizeof(pend)), 743 MEMTXATTRS_UNSPECIFIED, &pend, sizeof(pend)); 744 745 ispend = extract32(pend, irq % 8, 1); 746 747 /* no change in the value of pending bit, return */ 748 if (ispend == level) { 749 return; 750 } 751 pend = deposit32(pend, irq % 8, 1, level ? 1 : 0); 752 753 address_space_write(as, lpipt_baddr + ((irq / 8) * sizeof(pend)), 754 MEMTXATTRS_UNSPECIFIED, &pend, sizeof(pend)); 755 756 /* 757 * check if this LPI is better than the current hpplpi, if yes 758 * just set hpplpi.prio and .irq without doing a full rescan 759 */ 760 if (level) { 761 gicv3_redist_check_lpi_priority(cs, irq); 762 gicv3_redist_update(cs); 763 } else { 764 if (irq == cs->hpplpi.irq) { 765 gicv3_redist_update_lpi(cs); 766 } 767 } 768 } 769 770 void gicv3_redist_process_lpi(GICv3CPUState *cs, int irq, int level) 771 { 772 uint64_t idbits; 773 774 idbits = MIN(FIELD_EX64(cs->gicr_propbaser, GICR_PROPBASER, IDBITS), 775 GICD_TYPER_IDBITS); 776 777 if (!(cs->gicr_ctlr & GICR_CTLR_ENABLE_LPIS) || 778 (irq > (1ULL << (idbits + 1)) - 1) || irq < GICV3_LPI_INTID_START) { 779 return; 780 } 781 782 /* set/clear the pending bit for this irq */ 783 gicv3_redist_lpi_pending(cs, irq, level); 784 } 785 786 void gicv3_redist_inv_lpi(GICv3CPUState *cs, int irq) 787 { 788 /* 789 * The only cached information for LPIs we have is the HPPLPI. 790 * We could be cleverer about identifying when we don't need 791 * to do a full rescan of the pending table, but until we find 792 * this is a performance issue, just always recalculate. 793 */ 794 gicv3_redist_update_lpi(cs); 795 } 796 797 void gicv3_redist_mov_lpi(GICv3CPUState *src, GICv3CPUState *dest, int irq) 798 { 799 /* 800 * Move the specified LPI's pending state from the source redistributor 801 * to the destination. 802 * 803 * If LPIs are disabled on dest this is CONSTRAINED UNPREDICTABLE: 804 * we choose to NOP. If LPIs are disabled on source there's nothing 805 * to be transferred anyway. 806 */ 807 AddressSpace *as = &src->gic->dma_as; 808 uint64_t idbits; 809 uint32_t pendt_size; 810 uint64_t src_baddr; 811 uint8_t src_pend; 812 813 if (!(src->gicr_ctlr & GICR_CTLR_ENABLE_LPIS) || 814 !(dest->gicr_ctlr & GICR_CTLR_ENABLE_LPIS)) { 815 return; 816 } 817 818 idbits = MIN(FIELD_EX64(src->gicr_propbaser, GICR_PROPBASER, IDBITS), 819 GICD_TYPER_IDBITS); 820 idbits = MIN(FIELD_EX64(dest->gicr_propbaser, GICR_PROPBASER, IDBITS), 821 idbits); 822 823 pendt_size = 1ULL << (idbits + 1); 824 if ((irq / 8) >= pendt_size) { 825 return; 826 } 827 828 src_baddr = src->gicr_pendbaser & R_GICR_PENDBASER_PHYADDR_MASK; 829 830 address_space_read(as, src_baddr + (irq / 8), 831 MEMTXATTRS_UNSPECIFIED, &src_pend, sizeof(src_pend)); 832 if (!extract32(src_pend, irq % 8, 1)) { 833 /* Not pending on source, nothing to do */ 834 return; 835 } 836 src_pend &= ~(1 << (irq % 8)); 837 address_space_write(as, src_baddr + (irq / 8), 838 MEMTXATTRS_UNSPECIFIED, &src_pend, sizeof(src_pend)); 839 if (irq == src->hpplpi.irq) { 840 /* 841 * We just made this LPI not-pending so only need to update 842 * if it was previously the highest priority pending LPI 843 */ 844 gicv3_redist_update_lpi(src); 845 } 846 /* Mark it pending on the destination */ 847 gicv3_redist_lpi_pending(dest, irq, 1); 848 } 849 850 void gicv3_redist_movall_lpis(GICv3CPUState *src, GICv3CPUState *dest) 851 { 852 /* 853 * We must move all pending LPIs from the source redistributor 854 * to the destination. That is, for every pending LPI X on 855 * src, we must set it not-pending on src and pending on dest. 856 * LPIs that are already pending on dest are not cleared. 857 * 858 * If LPIs are disabled on dest this is CONSTRAINED UNPREDICTABLE: 859 * we choose to NOP. If LPIs are disabled on source there's nothing 860 * to be transferred anyway. 861 */ 862 AddressSpace *as = &src->gic->dma_as; 863 uint64_t idbits; 864 uint32_t pendt_size; 865 uint64_t src_baddr, dest_baddr; 866 int i; 867 868 if (!(src->gicr_ctlr & GICR_CTLR_ENABLE_LPIS) || 869 !(dest->gicr_ctlr & GICR_CTLR_ENABLE_LPIS)) { 870 return; 871 } 872 873 idbits = MIN(FIELD_EX64(src->gicr_propbaser, GICR_PROPBASER, IDBITS), 874 GICD_TYPER_IDBITS); 875 idbits = MIN(FIELD_EX64(dest->gicr_propbaser, GICR_PROPBASER, IDBITS), 876 idbits); 877 878 pendt_size = 1ULL << (idbits + 1); 879 src_baddr = src->gicr_pendbaser & R_GICR_PENDBASER_PHYADDR_MASK; 880 dest_baddr = dest->gicr_pendbaser & R_GICR_PENDBASER_PHYADDR_MASK; 881 882 for (i = GICV3_LPI_INTID_START / 8; i < pendt_size / 8; i++) { 883 uint8_t src_pend, dest_pend; 884 885 address_space_read(as, src_baddr + i, MEMTXATTRS_UNSPECIFIED, 886 &src_pend, sizeof(src_pend)); 887 if (!src_pend) { 888 continue; 889 } 890 address_space_read(as, dest_baddr + i, MEMTXATTRS_UNSPECIFIED, 891 &dest_pend, sizeof(dest_pend)); 892 dest_pend |= src_pend; 893 src_pend = 0; 894 address_space_write(as, src_baddr + i, MEMTXATTRS_UNSPECIFIED, 895 &src_pend, sizeof(src_pend)); 896 address_space_write(as, dest_baddr + i, MEMTXATTRS_UNSPECIFIED, 897 &dest_pend, sizeof(dest_pend)); 898 } 899 900 gicv3_redist_update_lpi(src); 901 gicv3_redist_update_lpi(dest); 902 } 903 904 void gicv3_redist_vlpi_pending(GICv3CPUState *cs, int irq, int level) 905 { 906 /* 907 * The redistributor handling for changing the pending state 908 * of a vLPI will be added in a subsequent commit. 909 */ 910 } 911 912 void gicv3_redist_process_vlpi(GICv3CPUState *cs, int irq, uint64_t vptaddr, 913 int doorbell, int level) 914 { 915 /* 916 * The redistributor handling for being handed a VLPI by the ITS 917 * will be added in a subsequent commit. 918 */ 919 } 920 921 void gicv3_redist_mov_vlpi(GICv3CPUState *src, uint64_t src_vptaddr, 922 GICv3CPUState *dest, uint64_t dest_vptaddr, 923 int irq, int doorbell) 924 { 925 /* 926 * The redistributor handling for moving a VLPI will be added 927 * in a subsequent commit. 928 */ 929 } 930 931 void gicv3_redist_vinvall(GICv3CPUState *cs, uint64_t vptaddr) 932 { 933 /* The redistributor handling will be added in a subsequent commit */ 934 } 935 936 void gicv3_redist_inv_vlpi(GICv3CPUState *cs, int irq, uint64_t vptaddr) 937 { 938 /* 939 * The redistributor handling for invalidating cached information 940 * about a VLPI will be added in a subsequent commit. 941 */ 942 } 943 944 void gicv3_redist_set_irq(GICv3CPUState *cs, int irq, int level) 945 { 946 /* Update redistributor state for a change in an external PPI input line */ 947 if (level == extract32(cs->level, irq, 1)) { 948 return; 949 } 950 951 trace_gicv3_redist_set_irq(gicv3_redist_affid(cs), irq, level); 952 953 cs->level = deposit32(cs->level, irq, 1, level); 954 955 if (level) { 956 /* 0->1 edges latch the pending bit for edge-triggered interrupts */ 957 if (extract32(cs->edge_trigger, irq, 1)) { 958 cs->gicr_ipendr0 = deposit32(cs->gicr_ipendr0, irq, 1, 1); 959 } 960 } 961 962 gicv3_redist_update(cs); 963 } 964 965 void gicv3_redist_send_sgi(GICv3CPUState *cs, int grp, int irq, bool ns) 966 { 967 /* Update redistributor state for a generated SGI */ 968 int irqgrp = gicv3_irq_group(cs->gic, cs, irq); 969 970 /* If we are asked for a Secure Group 1 SGI and it's actually 971 * configured as Secure Group 0 this is OK (subject to the usual 972 * NSACR checks). 973 */ 974 if (grp == GICV3_G1 && irqgrp == GICV3_G0) { 975 grp = GICV3_G0; 976 } 977 978 if (grp != irqgrp) { 979 return; 980 } 981 982 if (ns && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { 983 /* If security is enabled we must test the NSACR bits */ 984 int nsaccess = gicr_ns_access(cs, irq); 985 986 if ((irqgrp == GICV3_G0 && nsaccess < 1) || 987 (irqgrp == GICV3_G1 && nsaccess < 2)) { 988 return; 989 } 990 } 991 992 /* OK, we can accept the SGI */ 993 trace_gicv3_redist_send_sgi(gicv3_redist_affid(cs), irq); 994 cs->gicr_ipendr0 = deposit32(cs->gicr_ipendr0, irq, 1, 1); 995 gicv3_redist_update(cs); 996 } 997