1 /* 2 * ARM GICv3 emulation: Redistributor 3 * 4 * Copyright (c) 2015 Huawei. 5 * Copyright (c) 2016 Linaro Limited. 6 * Written by Shlomo Pongratz, Peter Maydell 7 * 8 * This code is licensed under the GPL, version 2 or (at your option) 9 * any later version. 10 */ 11 12 #include "qemu/osdep.h" 13 #include "qemu/log.h" 14 #include "trace.h" 15 #include "gicv3_internal.h" 16 17 static uint32_t mask_group(GICv3CPUState *cs, MemTxAttrs attrs) 18 { 19 /* Return a 32-bit mask which should be applied for this set of 32 20 * interrupts; each bit is 1 if access is permitted by the 21 * combination of attrs.secure and GICR_GROUPR. (GICR_NSACR does 22 * not affect config register accesses, unlike GICD_NSACR.) 23 */ 24 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { 25 /* bits for Group 0 or Secure Group 1 interrupts are RAZ/WI */ 26 return cs->gicr_igroupr0; 27 } 28 return 0xFFFFFFFFU; 29 } 30 31 static int gicr_ns_access(GICv3CPUState *cs, int irq) 32 { 33 /* Return the 2 bit NSACR.NS_access field for this SGI */ 34 assert(irq < 16); 35 return extract32(cs->gicr_nsacr, irq * 2, 2); 36 } 37 38 static void gicr_write_set_bitmap_reg(GICv3CPUState *cs, MemTxAttrs attrs, 39 uint32_t *reg, uint32_t val) 40 { 41 /* Helper routine to implement writing to a "set-bitmap" register */ 42 val &= mask_group(cs, attrs); 43 *reg |= val; 44 gicv3_redist_update(cs); 45 } 46 47 static void gicr_write_clear_bitmap_reg(GICv3CPUState *cs, MemTxAttrs attrs, 48 uint32_t *reg, uint32_t val) 49 { 50 /* Helper routine to implement writing to a "clear-bitmap" register */ 51 val &= mask_group(cs, attrs); 52 *reg &= ~val; 53 gicv3_redist_update(cs); 54 } 55 56 static uint32_t gicr_read_bitmap_reg(GICv3CPUState *cs, MemTxAttrs attrs, 57 uint32_t reg) 58 { 59 reg &= mask_group(cs, attrs); 60 return reg; 61 } 62 63 static uint8_t gicr_read_ipriorityr(GICv3CPUState *cs, MemTxAttrs attrs, 64 int irq) 65 { 66 /* Read the value of GICR_IPRIORITYR<n> for the specified interrupt, 67 * honouring security state (these are RAZ/WI for Group 0 or Secure 68 * Group 1 interrupts). 69 */ 70 uint32_t prio; 71 72 prio = cs->gicr_ipriorityr[irq]; 73 74 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { 75 if (!(cs->gicr_igroupr0 & (1U << irq))) { 76 /* Fields for Group 0 or Secure Group 1 interrupts are RAZ/WI */ 77 return 0; 78 } 79 /* NS view of the interrupt priority */ 80 prio = (prio << 1) & 0xff; 81 } 82 return prio; 83 } 84 85 static void gicr_write_ipriorityr(GICv3CPUState *cs, MemTxAttrs attrs, int irq, 86 uint8_t value) 87 { 88 /* Write the value of GICD_IPRIORITYR<n> for the specified interrupt, 89 * honouring security state (these are RAZ/WI for Group 0 or Secure 90 * Group 1 interrupts). 91 */ 92 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { 93 if (!(cs->gicr_igroupr0 & (1U << irq))) { 94 /* Fields for Group 0 or Secure Group 1 interrupts are RAZ/WI */ 95 return; 96 } 97 /* NS view of the interrupt priority */ 98 value = 0x80 | (value >> 1); 99 } 100 cs->gicr_ipriorityr[irq] = value; 101 } 102 103 static MemTxResult gicr_readb(GICv3CPUState *cs, hwaddr offset, 104 uint64_t *data, MemTxAttrs attrs) 105 { 106 switch (offset) { 107 case GICR_IPRIORITYR ... GICR_IPRIORITYR + 0x1f: 108 *data = gicr_read_ipriorityr(cs, attrs, offset - GICR_IPRIORITYR); 109 return MEMTX_OK; 110 default: 111 return MEMTX_ERROR; 112 } 113 } 114 115 static MemTxResult gicr_writeb(GICv3CPUState *cs, hwaddr offset, 116 uint64_t value, MemTxAttrs attrs) 117 { 118 switch (offset) { 119 case GICR_IPRIORITYR ... GICR_IPRIORITYR + 0x1f: 120 gicr_write_ipriorityr(cs, attrs, offset - GICR_IPRIORITYR, value); 121 gicv3_redist_update(cs); 122 return MEMTX_OK; 123 default: 124 return MEMTX_ERROR; 125 } 126 } 127 128 static MemTxResult gicr_readl(GICv3CPUState *cs, hwaddr offset, 129 uint64_t *data, MemTxAttrs attrs) 130 { 131 switch (offset) { 132 case GICR_CTLR: 133 *data = cs->gicr_ctlr; 134 return MEMTX_OK; 135 case GICR_IIDR: 136 *data = gicv3_iidr(); 137 return MEMTX_OK; 138 case GICR_TYPER: 139 *data = extract64(cs->gicr_typer, 0, 32); 140 return MEMTX_OK; 141 case GICR_TYPER + 4: 142 *data = extract64(cs->gicr_typer, 32, 32); 143 return MEMTX_OK; 144 case GICR_STATUSR: 145 /* RAZ/WI for us (this is an optional register and our implementation 146 * does not track RO/WO/reserved violations to report them to the guest) 147 */ 148 *data = 0; 149 return MEMTX_OK; 150 case GICR_WAKER: 151 *data = cs->gicr_waker; 152 return MEMTX_OK; 153 case GICR_PROPBASER: 154 *data = extract64(cs->gicr_propbaser, 0, 32); 155 return MEMTX_OK; 156 case GICR_PROPBASER + 4: 157 *data = extract64(cs->gicr_propbaser, 32, 32); 158 return MEMTX_OK; 159 case GICR_PENDBASER: 160 *data = extract64(cs->gicr_pendbaser, 0, 32); 161 return MEMTX_OK; 162 case GICR_PENDBASER + 4: 163 *data = extract64(cs->gicr_pendbaser, 32, 32); 164 return MEMTX_OK; 165 case GICR_IGROUPR0: 166 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { 167 *data = 0; 168 return MEMTX_OK; 169 } 170 *data = cs->gicr_igroupr0; 171 return MEMTX_OK; 172 case GICR_ISENABLER0: 173 case GICR_ICENABLER0: 174 *data = gicr_read_bitmap_reg(cs, attrs, cs->gicr_ienabler0); 175 return MEMTX_OK; 176 case GICR_ISPENDR0: 177 case GICR_ICPENDR0: 178 { 179 /* The pending register reads as the logical OR of the pending 180 * latch and the input line level for level-triggered interrupts. 181 */ 182 uint32_t val = cs->gicr_ipendr0 | (~cs->edge_trigger & cs->level); 183 *data = gicr_read_bitmap_reg(cs, attrs, val); 184 return MEMTX_OK; 185 } 186 case GICR_ISACTIVER0: 187 case GICR_ICACTIVER0: 188 *data = gicr_read_bitmap_reg(cs, attrs, cs->gicr_iactiver0); 189 return MEMTX_OK; 190 case GICR_IPRIORITYR ... GICR_IPRIORITYR + 0x1f: 191 { 192 int i, irq = offset - GICR_IPRIORITYR; 193 uint32_t value = 0; 194 195 for (i = irq + 3; i >= irq; i--) { 196 value <<= 8; 197 value |= gicr_read_ipriorityr(cs, attrs, i); 198 } 199 *data = value; 200 return MEMTX_OK; 201 } 202 case GICR_ICFGR0: 203 case GICR_ICFGR1: 204 { 205 /* Our edge_trigger bitmap is one bit per irq; take the correct 206 * half of it, and spread it out into the odd bits. 207 */ 208 uint32_t value; 209 210 value = cs->edge_trigger & mask_group(cs, attrs); 211 value = extract32(value, (offset == GICR_ICFGR1) ? 16 : 0, 16); 212 value = half_shuffle32(value) << 1; 213 *data = value; 214 return MEMTX_OK; 215 } 216 case GICR_IGRPMODR0: 217 if ((cs->gic->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { 218 /* RAZ/WI if security disabled, or if 219 * security enabled and this is an NS access 220 */ 221 *data = 0; 222 return MEMTX_OK; 223 } 224 *data = cs->gicr_igrpmodr0; 225 return MEMTX_OK; 226 case GICR_NSACR: 227 if ((cs->gic->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { 228 /* RAZ/WI if security disabled, or if 229 * security enabled and this is an NS access 230 */ 231 *data = 0; 232 return MEMTX_OK; 233 } 234 *data = cs->gicr_nsacr; 235 return MEMTX_OK; 236 case GICR_IDREGS ... GICR_IDREGS + 0x2f: 237 *data = gicv3_idreg(offset - GICR_IDREGS); 238 return MEMTX_OK; 239 default: 240 return MEMTX_ERROR; 241 } 242 } 243 244 static MemTxResult gicr_writel(GICv3CPUState *cs, hwaddr offset, 245 uint64_t value, MemTxAttrs attrs) 246 { 247 switch (offset) { 248 case GICR_CTLR: 249 /* For our implementation, GICR_TYPER.DPGS is 0 and so all 250 * the DPG bits are RAZ/WI. We don't do anything asynchronously, 251 * so UWP and RWP are RAZ/WI. GICR_TYPER.LPIS is 1 (we 252 * implement LPIs) so Enable_LPIs is programmable. 253 */ 254 if (cs->gicr_typer & GICR_TYPER_PLPIS) { 255 if (value & GICR_CTLR_ENABLE_LPIS) { 256 cs->gicr_ctlr |= GICR_CTLR_ENABLE_LPIS; 257 } else { 258 cs->gicr_ctlr &= ~GICR_CTLR_ENABLE_LPIS; 259 } 260 } 261 return MEMTX_OK; 262 case GICR_STATUSR: 263 /* RAZ/WI for our implementation */ 264 return MEMTX_OK; 265 case GICR_WAKER: 266 /* Only the ProcessorSleep bit is writeable. When the guest sets 267 * it it requests that we transition the channel between the 268 * redistributor and the cpu interface to quiescent, and that 269 * we set the ChildrenAsleep bit once the inteface has reached the 270 * quiescent state. 271 * Setting the ProcessorSleep to 0 reverses the quiescing, and 272 * ChildrenAsleep is cleared once the transition is complete. 273 * Since our interface is not asynchronous, we complete these 274 * transitions instantaneously, so we set ChildrenAsleep to the 275 * same value as ProcessorSleep here. 276 */ 277 value &= GICR_WAKER_ProcessorSleep; 278 if (value & GICR_WAKER_ProcessorSleep) { 279 value |= GICR_WAKER_ChildrenAsleep; 280 } 281 cs->gicr_waker = value; 282 return MEMTX_OK; 283 case GICR_PROPBASER: 284 cs->gicr_propbaser = deposit64(cs->gicr_propbaser, 0, 32, value); 285 return MEMTX_OK; 286 case GICR_PROPBASER + 4: 287 cs->gicr_propbaser = deposit64(cs->gicr_propbaser, 32, 32, value); 288 return MEMTX_OK; 289 case GICR_PENDBASER: 290 cs->gicr_pendbaser = deposit64(cs->gicr_pendbaser, 0, 32, value); 291 return MEMTX_OK; 292 case GICR_PENDBASER + 4: 293 cs->gicr_pendbaser = deposit64(cs->gicr_pendbaser, 32, 32, value); 294 return MEMTX_OK; 295 case GICR_IGROUPR0: 296 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { 297 return MEMTX_OK; 298 } 299 cs->gicr_igroupr0 = value; 300 gicv3_redist_update(cs); 301 return MEMTX_OK; 302 case GICR_ISENABLER0: 303 gicr_write_set_bitmap_reg(cs, attrs, &cs->gicr_ienabler0, value); 304 return MEMTX_OK; 305 case GICR_ICENABLER0: 306 gicr_write_clear_bitmap_reg(cs, attrs, &cs->gicr_ienabler0, value); 307 return MEMTX_OK; 308 case GICR_ISPENDR0: 309 gicr_write_set_bitmap_reg(cs, attrs, &cs->gicr_ipendr0, value); 310 return MEMTX_OK; 311 case GICR_ICPENDR0: 312 gicr_write_clear_bitmap_reg(cs, attrs, &cs->gicr_ipendr0, value); 313 return MEMTX_OK; 314 case GICR_ISACTIVER0: 315 gicr_write_set_bitmap_reg(cs, attrs, &cs->gicr_iactiver0, value); 316 return MEMTX_OK; 317 case GICR_ICACTIVER0: 318 gicr_write_clear_bitmap_reg(cs, attrs, &cs->gicr_iactiver0, value); 319 return MEMTX_OK; 320 case GICR_IPRIORITYR ... GICR_IPRIORITYR + 0x1f: 321 { 322 int i, irq = offset - GICR_IPRIORITYR; 323 324 for (i = irq; i < irq + 4; i++, value >>= 8) { 325 gicr_write_ipriorityr(cs, attrs, i, value); 326 } 327 gicv3_redist_update(cs); 328 return MEMTX_OK; 329 } 330 case GICR_ICFGR0: 331 /* Register is all RAZ/WI or RAO/WI bits */ 332 return MEMTX_OK; 333 case GICR_ICFGR1: 334 { 335 uint32_t mask; 336 337 /* Since our edge_trigger bitmap is one bit per irq, our input 338 * 32-bits will compress down into 16 bits which we need 339 * to write into the bitmap. 340 */ 341 value = half_unshuffle32(value >> 1) << 16; 342 mask = mask_group(cs, attrs) & 0xffff0000U; 343 344 cs->edge_trigger &= ~mask; 345 cs->edge_trigger |= (value & mask); 346 347 gicv3_redist_update(cs); 348 return MEMTX_OK; 349 } 350 case GICR_IGRPMODR0: 351 if ((cs->gic->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { 352 /* RAZ/WI if security disabled, or if 353 * security enabled and this is an NS access 354 */ 355 return MEMTX_OK; 356 } 357 cs->gicr_igrpmodr0 = value; 358 gicv3_redist_update(cs); 359 return MEMTX_OK; 360 case GICR_NSACR: 361 if ((cs->gic->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { 362 /* RAZ/WI if security disabled, or if 363 * security enabled and this is an NS access 364 */ 365 return MEMTX_OK; 366 } 367 cs->gicr_nsacr = value; 368 /* no update required as this only affects access permission checks */ 369 return MEMTX_OK; 370 case GICR_IIDR: 371 case GICR_TYPER: 372 case GICR_IDREGS ... GICR_IDREGS + 0x2f: 373 /* RO registers, ignore the write */ 374 qemu_log_mask(LOG_GUEST_ERROR, 375 "%s: invalid guest write to RO register at offset " 376 TARGET_FMT_plx "\n", __func__, offset); 377 return MEMTX_OK; 378 default: 379 return MEMTX_ERROR; 380 } 381 } 382 383 static MemTxResult gicr_readll(GICv3CPUState *cs, hwaddr offset, 384 uint64_t *data, MemTxAttrs attrs) 385 { 386 switch (offset) { 387 case GICR_TYPER: 388 *data = cs->gicr_typer; 389 return MEMTX_OK; 390 case GICR_PROPBASER: 391 *data = cs->gicr_propbaser; 392 return MEMTX_OK; 393 case GICR_PENDBASER: 394 *data = cs->gicr_pendbaser; 395 return MEMTX_OK; 396 default: 397 return MEMTX_ERROR; 398 } 399 } 400 401 static MemTxResult gicr_writell(GICv3CPUState *cs, hwaddr offset, 402 uint64_t value, MemTxAttrs attrs) 403 { 404 switch (offset) { 405 case GICR_PROPBASER: 406 cs->gicr_propbaser = value; 407 return MEMTX_OK; 408 case GICR_PENDBASER: 409 cs->gicr_pendbaser = value; 410 return MEMTX_OK; 411 case GICR_TYPER: 412 /* RO register, ignore the write */ 413 qemu_log_mask(LOG_GUEST_ERROR, 414 "%s: invalid guest write to RO register at offset " 415 TARGET_FMT_plx "\n", __func__, offset); 416 return MEMTX_OK; 417 default: 418 return MEMTX_ERROR; 419 } 420 } 421 422 MemTxResult gicv3_redist_read(void *opaque, hwaddr offset, uint64_t *data, 423 unsigned size, MemTxAttrs attrs) 424 { 425 GICv3State *s = opaque; 426 GICv3CPUState *cs; 427 MemTxResult r; 428 int cpuidx; 429 430 assert((offset & (size - 1)) == 0); 431 432 /* This region covers all the redistributor pages; there are 433 * (for GICv3) two 64K pages per CPU. At the moment they are 434 * all contiguous (ie in this one region), though we might later 435 * want to allow splitting of redistributor pages into several 436 * blocks so we can support more CPUs. 437 */ 438 cpuidx = offset / 0x20000; 439 offset %= 0x20000; 440 assert(cpuidx < s->num_cpu); 441 442 cs = &s->cpu[cpuidx]; 443 444 switch (size) { 445 case 1: 446 r = gicr_readb(cs, offset, data, attrs); 447 break; 448 case 4: 449 r = gicr_readl(cs, offset, data, attrs); 450 break; 451 case 8: 452 r = gicr_readll(cs, offset, data, attrs); 453 break; 454 default: 455 r = MEMTX_ERROR; 456 break; 457 } 458 459 if (r == MEMTX_ERROR) { 460 qemu_log_mask(LOG_GUEST_ERROR, 461 "%s: invalid guest read at offset " TARGET_FMT_plx 462 " size %u\n", __func__, offset, size); 463 trace_gicv3_redist_badread(gicv3_redist_affid(cs), offset, 464 size, attrs.secure); 465 /* The spec requires that reserved registers are RAZ/WI; 466 * so use MEMTX_ERROR returns from leaf functions as a way to 467 * trigger the guest-error logging but don't return it to 468 * the caller, or we'll cause a spurious guest data abort. 469 */ 470 r = MEMTX_OK; 471 *data = 0; 472 } else { 473 trace_gicv3_redist_read(gicv3_redist_affid(cs), offset, *data, 474 size, attrs.secure); 475 } 476 return r; 477 } 478 479 MemTxResult gicv3_redist_write(void *opaque, hwaddr offset, uint64_t data, 480 unsigned size, MemTxAttrs attrs) 481 { 482 GICv3State *s = opaque; 483 GICv3CPUState *cs; 484 MemTxResult r; 485 int cpuidx; 486 487 assert((offset & (size - 1)) == 0); 488 489 /* This region covers all the redistributor pages; there are 490 * (for GICv3) two 64K pages per CPU. At the moment they are 491 * all contiguous (ie in this one region), though we might later 492 * want to allow splitting of redistributor pages into several 493 * blocks so we can support more CPUs. 494 */ 495 cpuidx = offset / 0x20000; 496 offset %= 0x20000; 497 assert(cpuidx < s->num_cpu); 498 499 cs = &s->cpu[cpuidx]; 500 501 switch (size) { 502 case 1: 503 r = gicr_writeb(cs, offset, data, attrs); 504 break; 505 case 4: 506 r = gicr_writel(cs, offset, data, attrs); 507 break; 508 case 8: 509 r = gicr_writell(cs, offset, data, attrs); 510 break; 511 default: 512 r = MEMTX_ERROR; 513 break; 514 } 515 516 if (r == MEMTX_ERROR) { 517 qemu_log_mask(LOG_GUEST_ERROR, 518 "%s: invalid guest write at offset " TARGET_FMT_plx 519 " size %u\n", __func__, offset, size); 520 trace_gicv3_redist_badwrite(gicv3_redist_affid(cs), offset, data, 521 size, attrs.secure); 522 /* The spec requires that reserved registers are RAZ/WI; 523 * so use MEMTX_ERROR returns from leaf functions as a way to 524 * trigger the guest-error logging but don't return it to 525 * the caller, or we'll cause a spurious guest data abort. 526 */ 527 r = MEMTX_OK; 528 } else { 529 trace_gicv3_redist_write(gicv3_redist_affid(cs), offset, data, 530 size, attrs.secure); 531 } 532 return r; 533 } 534 535 void gicv3_redist_set_irq(GICv3CPUState *cs, int irq, int level) 536 { 537 /* Update redistributor state for a change in an external PPI input line */ 538 if (level == extract32(cs->level, irq, 1)) { 539 return; 540 } 541 542 trace_gicv3_redist_set_irq(gicv3_redist_affid(cs), irq, level); 543 544 cs->level = deposit32(cs->level, irq, 1, level); 545 546 if (level) { 547 /* 0->1 edges latch the pending bit for edge-triggered interrupts */ 548 if (extract32(cs->edge_trigger, irq, 1)) { 549 cs->gicr_ipendr0 = deposit32(cs->gicr_ipendr0, irq, 1, 1); 550 } 551 } 552 553 gicv3_redist_update(cs); 554 } 555 556 void gicv3_redist_send_sgi(GICv3CPUState *cs, int grp, int irq, bool ns) 557 { 558 /* Update redistributor state for a generated SGI */ 559 int irqgrp = gicv3_irq_group(cs->gic, cs, irq); 560 561 /* If we are asked for a Secure Group 1 SGI and it's actually 562 * configured as Secure Group 0 this is OK (subject to the usual 563 * NSACR checks). 564 */ 565 if (grp == GICV3_G1 && irqgrp == GICV3_G0) { 566 grp = GICV3_G0; 567 } 568 569 if (grp != irqgrp) { 570 return; 571 } 572 573 if (ns && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { 574 /* If security is enabled we must test the NSACR bits */ 575 int nsaccess = gicr_ns_access(cs, irq); 576 577 if ((irqgrp == GICV3_G0 && nsaccess < 1) || 578 (irqgrp == GICV3_G1 && nsaccess < 2)) { 579 return; 580 } 581 } 582 583 /* OK, we can accept the SGI */ 584 trace_gicv3_redist_send_sgi(gicv3_redist_affid(cs), irq); 585 cs->gicr_ipendr0 = deposit32(cs->gicr_ipendr0, irq, 1, 1); 586 gicv3_redist_update(cs); 587 } 588