1 /* 2 * QEMU PowerPC sPAPR XIVE interrupt controller model 3 * 4 * Copyright (c) 2017-2018, IBM Corporation. 5 * 6 * This code is licensed under the GPL version 2 or later. See the 7 * COPYING file in the top-level directory. 8 */ 9 10 #include "qemu/osdep.h" 11 #include "qemu/log.h" 12 #include "qemu/module.h" 13 #include "qapi/error.h" 14 #include "qemu/error-report.h" 15 #include "target/ppc/cpu.h" 16 #include "sysemu/cpus.h" 17 #include "sysemu/reset.h" 18 #include "migration/vmstate.h" 19 #include "monitor/monitor.h" 20 #include "hw/ppc/fdt.h" 21 #include "hw/ppc/spapr.h" 22 #include "hw/ppc/spapr_cpu_core.h" 23 #include "hw/ppc/spapr_xive.h" 24 #include "hw/ppc/xive.h" 25 #include "hw/ppc/xive_regs.h" 26 #include "hw/qdev-properties.h" 27 28 /* 29 * XIVE Virtualization Controller BAR and Thread Managment BAR that we 30 * use for the ESB pages and the TIMA pages 31 */ 32 #define SPAPR_XIVE_VC_BASE 0x0006010000000000ull 33 #define SPAPR_XIVE_TM_BASE 0x0006030203180000ull 34 35 /* 36 * The allocation of VP blocks is a complex operation in OPAL and the 37 * VP identifiers have a relation with the number of HW chips, the 38 * size of the VP blocks, VP grouping, etc. The QEMU sPAPR XIVE 39 * controller model does not have the same constraints and can use a 40 * simple mapping scheme of the CPU vcpu_id 41 * 42 * These identifiers are never returned to the OS. 43 */ 44 45 #define SPAPR_XIVE_NVT_BASE 0x400 46 47 /* 48 * sPAPR NVT and END indexing helpers 49 */ 50 static uint32_t spapr_xive_nvt_to_target(uint8_t nvt_blk, uint32_t nvt_idx) 51 { 52 return nvt_idx - SPAPR_XIVE_NVT_BASE; 53 } 54 55 static void spapr_xive_cpu_to_nvt(PowerPCCPU *cpu, 56 uint8_t *out_nvt_blk, uint32_t *out_nvt_idx) 57 { 58 assert(cpu); 59 60 if (out_nvt_blk) { 61 *out_nvt_blk = SPAPR_XIVE_BLOCK_ID; 62 } 63 64 if (out_nvt_blk) { 65 *out_nvt_idx = SPAPR_XIVE_NVT_BASE + cpu->vcpu_id; 66 } 67 } 68 69 static int spapr_xive_target_to_nvt(uint32_t target, 70 uint8_t *out_nvt_blk, uint32_t *out_nvt_idx) 71 { 72 PowerPCCPU *cpu = spapr_find_cpu(target); 73 74 if (!cpu) { 75 return -1; 76 } 77 78 spapr_xive_cpu_to_nvt(cpu, out_nvt_blk, out_nvt_idx); 79 return 0; 80 } 81 82 /* 83 * sPAPR END indexing uses a simple mapping of the CPU vcpu_id, 8 84 * priorities per CPU 85 */ 86 int spapr_xive_end_to_target(uint8_t end_blk, uint32_t end_idx, 87 uint32_t *out_server, uint8_t *out_prio) 88 { 89 90 assert(end_blk == SPAPR_XIVE_BLOCK_ID); 91 92 if (out_server) { 93 *out_server = end_idx >> 3; 94 } 95 96 if (out_prio) { 97 *out_prio = end_idx & 0x7; 98 } 99 return 0; 100 } 101 102 static void spapr_xive_cpu_to_end(PowerPCCPU *cpu, uint8_t prio, 103 uint8_t *out_end_blk, uint32_t *out_end_idx) 104 { 105 assert(cpu); 106 107 if (out_end_blk) { 108 *out_end_blk = SPAPR_XIVE_BLOCK_ID; 109 } 110 111 if (out_end_idx) { 112 *out_end_idx = (cpu->vcpu_id << 3) + prio; 113 } 114 } 115 116 static int spapr_xive_target_to_end(uint32_t target, uint8_t prio, 117 uint8_t *out_end_blk, uint32_t *out_end_idx) 118 { 119 PowerPCCPU *cpu = spapr_find_cpu(target); 120 121 if (!cpu) { 122 return -1; 123 } 124 125 spapr_xive_cpu_to_end(cpu, prio, out_end_blk, out_end_idx); 126 return 0; 127 } 128 129 /* 130 * On sPAPR machines, use a simplified output for the XIVE END 131 * structure dumping only the information related to the OS EQ. 132 */ 133 static void spapr_xive_end_pic_print_info(SpaprXive *xive, XiveEND *end, 134 Monitor *mon) 135 { 136 uint64_t qaddr_base = xive_end_qaddr(end); 137 uint32_t qindex = xive_get_field32(END_W1_PAGE_OFF, end->w1); 138 uint32_t qgen = xive_get_field32(END_W1_GENERATION, end->w1); 139 uint32_t qsize = xive_get_field32(END_W0_QSIZE, end->w0); 140 uint32_t qentries = 1 << (qsize + 10); 141 uint32_t nvt = xive_get_field32(END_W6_NVT_INDEX, end->w6); 142 uint8_t priority = xive_get_field32(END_W7_F0_PRIORITY, end->w7); 143 144 monitor_printf(mon, "%3d/%d % 6d/%5d @%"PRIx64" ^%d", 145 spapr_xive_nvt_to_target(0, nvt), 146 priority, qindex, qentries, qaddr_base, qgen); 147 148 xive_end_queue_pic_print_info(end, 6, mon); 149 } 150 151 void spapr_xive_pic_print_info(SpaprXive *xive, Monitor *mon) 152 { 153 XiveSource *xsrc = &xive->source; 154 int i; 155 156 if (kvm_irqchip_in_kernel()) { 157 Error *local_err = NULL; 158 159 kvmppc_xive_synchronize_state(xive, &local_err); 160 if (local_err) { 161 error_report_err(local_err); 162 return; 163 } 164 } 165 166 monitor_printf(mon, " LISN PQ EISN CPU/PRIO EQ\n"); 167 168 for (i = 0; i < xive->nr_irqs; i++) { 169 uint8_t pq = xive_source_esb_get(xsrc, i); 170 XiveEAS *eas = &xive->eat[i]; 171 172 if (!xive_eas_is_valid(eas)) { 173 continue; 174 } 175 176 monitor_printf(mon, " %08x %s %c%c%c %s %08x ", i, 177 xive_source_irq_is_lsi(xsrc, i) ? "LSI" : "MSI", 178 pq & XIVE_ESB_VAL_P ? 'P' : '-', 179 pq & XIVE_ESB_VAL_Q ? 'Q' : '-', 180 xsrc->status[i] & XIVE_STATUS_ASSERTED ? 'A' : ' ', 181 xive_eas_is_masked(eas) ? "M" : " ", 182 (int) xive_get_field64(EAS_END_DATA, eas->w)); 183 184 if (!xive_eas_is_masked(eas)) { 185 uint32_t end_idx = xive_get_field64(EAS_END_INDEX, eas->w); 186 XiveEND *end; 187 188 assert(end_idx < xive->nr_ends); 189 end = &xive->endt[end_idx]; 190 191 if (xive_end_is_valid(end)) { 192 spapr_xive_end_pic_print_info(xive, end, mon); 193 } 194 } 195 monitor_printf(mon, "\n"); 196 } 197 } 198 199 void spapr_xive_mmio_set_enabled(SpaprXive *xive, bool enable) 200 { 201 memory_region_set_enabled(&xive->source.esb_mmio, enable); 202 memory_region_set_enabled(&xive->tm_mmio, enable); 203 204 /* Disable the END ESBs until a guest OS makes use of them */ 205 memory_region_set_enabled(&xive->end_source.esb_mmio, false); 206 } 207 208 static void spapr_xive_end_reset(XiveEND *end) 209 { 210 memset(end, 0, sizeof(*end)); 211 212 /* switch off the escalation and notification ESBs */ 213 end->w1 = cpu_to_be32(END_W1_ESe_Q | END_W1_ESn_Q); 214 } 215 216 static void spapr_xive_reset(void *dev) 217 { 218 SpaprXive *xive = SPAPR_XIVE(dev); 219 int i; 220 221 /* 222 * The XiveSource has its own reset handler, which mask off all 223 * IRQs (!P|Q) 224 */ 225 226 /* Mask all valid EASs in the IRQ number space. */ 227 for (i = 0; i < xive->nr_irqs; i++) { 228 XiveEAS *eas = &xive->eat[i]; 229 if (xive_eas_is_valid(eas)) { 230 eas->w = cpu_to_be64(EAS_VALID | EAS_MASKED); 231 } else { 232 eas->w = 0; 233 } 234 } 235 236 /* Clear all ENDs */ 237 for (i = 0; i < xive->nr_ends; i++) { 238 spapr_xive_end_reset(&xive->endt[i]); 239 } 240 } 241 242 static void spapr_xive_instance_init(Object *obj) 243 { 244 SpaprXive *xive = SPAPR_XIVE(obj); 245 246 object_initialize_child(obj, "source", &xive->source, sizeof(xive->source), 247 TYPE_XIVE_SOURCE, &error_abort, NULL); 248 249 object_initialize_child(obj, "end_source", &xive->end_source, 250 sizeof(xive->end_source), TYPE_XIVE_END_SOURCE, 251 &error_abort, NULL); 252 253 /* Not connected to the KVM XIVE device */ 254 xive->fd = -1; 255 } 256 257 static void spapr_xive_realize(DeviceState *dev, Error **errp) 258 { 259 SpaprXive *xive = SPAPR_XIVE(dev); 260 XiveSource *xsrc = &xive->source; 261 XiveENDSource *end_xsrc = &xive->end_source; 262 Error *local_err = NULL; 263 264 if (!xive->nr_irqs) { 265 error_setg(errp, "Number of interrupt needs to be greater 0"); 266 return; 267 } 268 269 if (!xive->nr_ends) { 270 error_setg(errp, "Number of interrupt needs to be greater 0"); 271 return; 272 } 273 274 /* 275 * Initialize the internal sources, for IPIs and virtual devices. 276 */ 277 object_property_set_int(OBJECT(xsrc), xive->nr_irqs, "nr-irqs", 278 &error_fatal); 279 object_property_set_link(OBJECT(xsrc), OBJECT(xive), "xive", 280 &error_abort); 281 object_property_set_bool(OBJECT(xsrc), true, "realized", &local_err); 282 if (local_err) { 283 error_propagate(errp, local_err); 284 return; 285 } 286 sysbus_init_mmio(SYS_BUS_DEVICE(xive), &xsrc->esb_mmio); 287 288 /* 289 * Initialize the END ESB source 290 */ 291 object_property_set_int(OBJECT(end_xsrc), xive->nr_irqs, "nr-ends", 292 &error_fatal); 293 object_property_set_link(OBJECT(end_xsrc), OBJECT(xive), "xive", 294 &error_abort); 295 object_property_set_bool(OBJECT(end_xsrc), true, "realized", &local_err); 296 if (local_err) { 297 error_propagate(errp, local_err); 298 return; 299 } 300 sysbus_init_mmio(SYS_BUS_DEVICE(xive), &end_xsrc->esb_mmio); 301 302 /* Set the mapping address of the END ESB pages after the source ESBs */ 303 xive->end_base = xive->vc_base + (1ull << xsrc->esb_shift) * xsrc->nr_irqs; 304 305 /* 306 * Allocate the routing tables 307 */ 308 xive->eat = g_new0(XiveEAS, xive->nr_irqs); 309 xive->endt = g_new0(XiveEND, xive->nr_ends); 310 311 xive->nodename = g_strdup_printf("interrupt-controller@%" PRIx64, 312 xive->tm_base + XIVE_TM_USER_PAGE * (1 << TM_SHIFT)); 313 314 qemu_register_reset(spapr_xive_reset, dev); 315 316 /* TIMA initialization */ 317 memory_region_init_io(&xive->tm_mmio, OBJECT(xive), &xive_tm_ops, xive, 318 "xive.tima", 4ull << TM_SHIFT); 319 sysbus_init_mmio(SYS_BUS_DEVICE(xive), &xive->tm_mmio); 320 321 /* 322 * Map all regions. These will be enabled or disabled at reset and 323 * can also be overridden by KVM memory regions if active 324 */ 325 sysbus_mmio_map(SYS_BUS_DEVICE(xive), 0, xive->vc_base); 326 sysbus_mmio_map(SYS_BUS_DEVICE(xive), 1, xive->end_base); 327 sysbus_mmio_map(SYS_BUS_DEVICE(xive), 2, xive->tm_base); 328 } 329 330 static int spapr_xive_get_eas(XiveRouter *xrtr, uint8_t eas_blk, 331 uint32_t eas_idx, XiveEAS *eas) 332 { 333 SpaprXive *xive = SPAPR_XIVE(xrtr); 334 335 if (eas_idx >= xive->nr_irqs) { 336 return -1; 337 } 338 339 *eas = xive->eat[eas_idx]; 340 return 0; 341 } 342 343 static int spapr_xive_get_end(XiveRouter *xrtr, 344 uint8_t end_blk, uint32_t end_idx, XiveEND *end) 345 { 346 SpaprXive *xive = SPAPR_XIVE(xrtr); 347 348 if (end_idx >= xive->nr_ends) { 349 return -1; 350 } 351 352 memcpy(end, &xive->endt[end_idx], sizeof(XiveEND)); 353 return 0; 354 } 355 356 static int spapr_xive_write_end(XiveRouter *xrtr, uint8_t end_blk, 357 uint32_t end_idx, XiveEND *end, 358 uint8_t word_number) 359 { 360 SpaprXive *xive = SPAPR_XIVE(xrtr); 361 362 if (end_idx >= xive->nr_ends) { 363 return -1; 364 } 365 366 memcpy(&xive->endt[end_idx], end, sizeof(XiveEND)); 367 return 0; 368 } 369 370 static int spapr_xive_get_nvt(XiveRouter *xrtr, 371 uint8_t nvt_blk, uint32_t nvt_idx, XiveNVT *nvt) 372 { 373 uint32_t vcpu_id = spapr_xive_nvt_to_target(nvt_blk, nvt_idx); 374 PowerPCCPU *cpu = spapr_find_cpu(vcpu_id); 375 376 if (!cpu) { 377 /* TODO: should we assert() if we can find a NVT ? */ 378 return -1; 379 } 380 381 /* 382 * sPAPR does not maintain a NVT table. Return that the NVT is 383 * valid if we have found a matching CPU 384 */ 385 nvt->w0 = cpu_to_be32(NVT_W0_VALID); 386 return 0; 387 } 388 389 static int spapr_xive_write_nvt(XiveRouter *xrtr, uint8_t nvt_blk, 390 uint32_t nvt_idx, XiveNVT *nvt, 391 uint8_t word_number) 392 { 393 /* 394 * We don't need to write back to the NVTs because the sPAPR 395 * machine should never hit a non-scheduled NVT. It should never 396 * get called. 397 */ 398 g_assert_not_reached(); 399 } 400 401 static XiveTCTX *spapr_xive_get_tctx(XiveRouter *xrtr, CPUState *cs) 402 { 403 PowerPCCPU *cpu = POWERPC_CPU(cs); 404 405 return spapr_cpu_state(cpu)->tctx; 406 } 407 408 static int spapr_xive_match_nvt(XivePresenter *xptr, uint8_t format, 409 uint8_t nvt_blk, uint32_t nvt_idx, 410 bool cam_ignore, uint8_t priority, 411 uint32_t logic_serv, XiveTCTXMatch *match) 412 { 413 CPUState *cs; 414 int count = 0; 415 416 CPU_FOREACH(cs) { 417 PowerPCCPU *cpu = POWERPC_CPU(cs); 418 XiveTCTX *tctx = spapr_cpu_state(cpu)->tctx; 419 int ring; 420 421 /* 422 * Skip partially initialized vCPUs. This can happen when 423 * vCPUs are hotplugged. 424 */ 425 if (!tctx) { 426 continue; 427 } 428 429 /* 430 * Check the thread context CAM lines and record matches. 431 */ 432 ring = xive_presenter_tctx_match(xptr, tctx, format, nvt_blk, nvt_idx, 433 cam_ignore, logic_serv); 434 /* 435 * Save the matching thread interrupt context and follow on to 436 * check for duplicates which are invalid. 437 */ 438 if (ring != -1) { 439 if (match->tctx) { 440 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: already found a thread " 441 "context NVT %x/%x\n", nvt_blk, nvt_idx); 442 return -1; 443 } 444 445 match->ring = ring; 446 match->tctx = tctx; 447 count++; 448 } 449 } 450 451 return count; 452 } 453 454 static const VMStateDescription vmstate_spapr_xive_end = { 455 .name = TYPE_SPAPR_XIVE "/end", 456 .version_id = 1, 457 .minimum_version_id = 1, 458 .fields = (VMStateField []) { 459 VMSTATE_UINT32(w0, XiveEND), 460 VMSTATE_UINT32(w1, XiveEND), 461 VMSTATE_UINT32(w2, XiveEND), 462 VMSTATE_UINT32(w3, XiveEND), 463 VMSTATE_UINT32(w4, XiveEND), 464 VMSTATE_UINT32(w5, XiveEND), 465 VMSTATE_UINT32(w6, XiveEND), 466 VMSTATE_UINT32(w7, XiveEND), 467 VMSTATE_END_OF_LIST() 468 }, 469 }; 470 471 static const VMStateDescription vmstate_spapr_xive_eas = { 472 .name = TYPE_SPAPR_XIVE "/eas", 473 .version_id = 1, 474 .minimum_version_id = 1, 475 .fields = (VMStateField []) { 476 VMSTATE_UINT64(w, XiveEAS), 477 VMSTATE_END_OF_LIST() 478 }, 479 }; 480 481 static int vmstate_spapr_xive_pre_save(void *opaque) 482 { 483 if (kvm_irqchip_in_kernel()) { 484 return kvmppc_xive_pre_save(SPAPR_XIVE(opaque)); 485 } 486 487 return 0; 488 } 489 490 /* 491 * Called by the sPAPR IRQ backend 'post_load' method at the machine 492 * level. 493 */ 494 static int spapr_xive_post_load(SpaprInterruptController *intc, int version_id) 495 { 496 if (kvm_irqchip_in_kernel()) { 497 return kvmppc_xive_post_load(SPAPR_XIVE(intc), version_id); 498 } 499 500 return 0; 501 } 502 503 static const VMStateDescription vmstate_spapr_xive = { 504 .name = TYPE_SPAPR_XIVE, 505 .version_id = 1, 506 .minimum_version_id = 1, 507 .pre_save = vmstate_spapr_xive_pre_save, 508 .post_load = NULL, /* handled at the machine level */ 509 .fields = (VMStateField[]) { 510 VMSTATE_UINT32_EQUAL(nr_irqs, SpaprXive, NULL), 511 VMSTATE_STRUCT_VARRAY_POINTER_UINT32(eat, SpaprXive, nr_irqs, 512 vmstate_spapr_xive_eas, XiveEAS), 513 VMSTATE_STRUCT_VARRAY_POINTER_UINT32(endt, SpaprXive, nr_ends, 514 vmstate_spapr_xive_end, XiveEND), 515 VMSTATE_END_OF_LIST() 516 }, 517 }; 518 519 static int spapr_xive_claim_irq(SpaprInterruptController *intc, int lisn, 520 bool lsi, Error **errp) 521 { 522 SpaprXive *xive = SPAPR_XIVE(intc); 523 XiveSource *xsrc = &xive->source; 524 525 assert(lisn < xive->nr_irqs); 526 527 if (xive_eas_is_valid(&xive->eat[lisn])) { 528 error_setg(errp, "IRQ %d is not free", lisn); 529 return -EBUSY; 530 } 531 532 /* 533 * Set default values when allocating an IRQ number 534 */ 535 xive->eat[lisn].w |= cpu_to_be64(EAS_VALID | EAS_MASKED); 536 if (lsi) { 537 xive_source_irq_set_lsi(xsrc, lisn); 538 } 539 540 if (kvm_irqchip_in_kernel()) { 541 return kvmppc_xive_source_reset_one(xsrc, lisn, errp); 542 } 543 544 return 0; 545 } 546 547 static void spapr_xive_free_irq(SpaprInterruptController *intc, int lisn) 548 { 549 SpaprXive *xive = SPAPR_XIVE(intc); 550 assert(lisn < xive->nr_irqs); 551 552 xive->eat[lisn].w &= cpu_to_be64(~EAS_VALID); 553 } 554 555 static Property spapr_xive_properties[] = { 556 DEFINE_PROP_UINT32("nr-irqs", SpaprXive, nr_irqs, 0), 557 DEFINE_PROP_UINT32("nr-ends", SpaprXive, nr_ends, 0), 558 DEFINE_PROP_UINT64("vc-base", SpaprXive, vc_base, SPAPR_XIVE_VC_BASE), 559 DEFINE_PROP_UINT64("tm-base", SpaprXive, tm_base, SPAPR_XIVE_TM_BASE), 560 DEFINE_PROP_END_OF_LIST(), 561 }; 562 563 static int spapr_xive_cpu_intc_create(SpaprInterruptController *intc, 564 PowerPCCPU *cpu, Error **errp) 565 { 566 SpaprXive *xive = SPAPR_XIVE(intc); 567 Object *obj; 568 SpaprCpuState *spapr_cpu = spapr_cpu_state(cpu); 569 570 obj = xive_tctx_create(OBJECT(cpu), XIVE_ROUTER(xive), errp); 571 if (!obj) { 572 return -1; 573 } 574 575 spapr_cpu->tctx = XIVE_TCTX(obj); 576 return 0; 577 } 578 579 static void xive_tctx_set_os_cam(XiveTCTX *tctx, uint32_t os_cam) 580 { 581 uint32_t qw1w2 = cpu_to_be32(TM_QW1W2_VO | os_cam); 582 memcpy(&tctx->regs[TM_QW1_OS + TM_WORD2], &qw1w2, 4); 583 } 584 585 static void spapr_xive_cpu_intc_reset(SpaprInterruptController *intc, 586 PowerPCCPU *cpu) 587 { 588 XiveTCTX *tctx = spapr_cpu_state(cpu)->tctx; 589 uint8_t nvt_blk; 590 uint32_t nvt_idx; 591 592 xive_tctx_reset(tctx); 593 594 /* 595 * When a Virtual Processor is scheduled to run on a HW thread, 596 * the hypervisor pushes its identifier in the OS CAM line. 597 * Emulate the same behavior under QEMU. 598 */ 599 spapr_xive_cpu_to_nvt(cpu, &nvt_blk, &nvt_idx); 600 601 xive_tctx_set_os_cam(tctx, xive_nvt_cam_line(nvt_blk, nvt_idx)); 602 } 603 604 static void spapr_xive_cpu_intc_destroy(SpaprInterruptController *intc, 605 PowerPCCPU *cpu) 606 { 607 SpaprCpuState *spapr_cpu = spapr_cpu_state(cpu); 608 609 xive_tctx_destroy(spapr_cpu->tctx); 610 spapr_cpu->tctx = NULL; 611 } 612 613 static void spapr_xive_set_irq(SpaprInterruptController *intc, int irq, int val) 614 { 615 SpaprXive *xive = SPAPR_XIVE(intc); 616 617 if (kvm_irqchip_in_kernel()) { 618 kvmppc_xive_source_set_irq(&xive->source, irq, val); 619 } else { 620 xive_source_set_irq(&xive->source, irq, val); 621 } 622 } 623 624 static void spapr_xive_print_info(SpaprInterruptController *intc, Monitor *mon) 625 { 626 SpaprXive *xive = SPAPR_XIVE(intc); 627 CPUState *cs; 628 629 CPU_FOREACH(cs) { 630 PowerPCCPU *cpu = POWERPC_CPU(cs); 631 632 xive_tctx_pic_print_info(spapr_cpu_state(cpu)->tctx, mon); 633 } 634 635 spapr_xive_pic_print_info(xive, mon); 636 } 637 638 static void spapr_xive_dt(SpaprInterruptController *intc, uint32_t nr_servers, 639 void *fdt, uint32_t phandle) 640 { 641 SpaprXive *xive = SPAPR_XIVE(intc); 642 int node; 643 uint64_t timas[2 * 2]; 644 /* Interrupt number ranges for the IPIs */ 645 uint32_t lisn_ranges[] = { 646 cpu_to_be32(0), 647 cpu_to_be32(nr_servers), 648 }; 649 /* 650 * EQ size - the sizes of pages supported by the system 4K, 64K, 651 * 2M, 16M. We only advertise 64K for the moment. 652 */ 653 uint32_t eq_sizes[] = { 654 cpu_to_be32(16), /* 64K */ 655 }; 656 /* 657 * The following array is in sync with the reserved priorities 658 * defined by the 'spapr_xive_priority_is_reserved' routine. 659 */ 660 uint32_t plat_res_int_priorities[] = { 661 cpu_to_be32(7), /* start */ 662 cpu_to_be32(0xf8), /* count */ 663 }; 664 665 /* Thread Interrupt Management Area : User (ring 3) and OS (ring 2) */ 666 timas[0] = cpu_to_be64(xive->tm_base + 667 XIVE_TM_USER_PAGE * (1ull << TM_SHIFT)); 668 timas[1] = cpu_to_be64(1ull << TM_SHIFT); 669 timas[2] = cpu_to_be64(xive->tm_base + 670 XIVE_TM_OS_PAGE * (1ull << TM_SHIFT)); 671 timas[3] = cpu_to_be64(1ull << TM_SHIFT); 672 673 _FDT(node = fdt_add_subnode(fdt, 0, xive->nodename)); 674 675 _FDT(fdt_setprop_string(fdt, node, "device_type", "power-ivpe")); 676 _FDT(fdt_setprop(fdt, node, "reg", timas, sizeof(timas))); 677 678 _FDT(fdt_setprop_string(fdt, node, "compatible", "ibm,power-ivpe")); 679 _FDT(fdt_setprop(fdt, node, "ibm,xive-eq-sizes", eq_sizes, 680 sizeof(eq_sizes))); 681 _FDT(fdt_setprop(fdt, node, "ibm,xive-lisn-ranges", lisn_ranges, 682 sizeof(lisn_ranges))); 683 684 /* For Linux to link the LSIs to the interrupt controller. */ 685 _FDT(fdt_setprop(fdt, node, "interrupt-controller", NULL, 0)); 686 _FDT(fdt_setprop_cell(fdt, node, "#interrupt-cells", 2)); 687 688 /* For SLOF */ 689 _FDT(fdt_setprop_cell(fdt, node, "linux,phandle", phandle)); 690 _FDT(fdt_setprop_cell(fdt, node, "phandle", phandle)); 691 692 /* 693 * The "ibm,plat-res-int-priorities" property defines the priority 694 * ranges reserved by the hypervisor 695 */ 696 _FDT(fdt_setprop(fdt, 0, "ibm,plat-res-int-priorities", 697 plat_res_int_priorities, sizeof(plat_res_int_priorities))); 698 } 699 700 static int spapr_xive_activate(SpaprInterruptController *intc, 701 uint32_t nr_servers, Error **errp) 702 { 703 SpaprXive *xive = SPAPR_XIVE(intc); 704 705 if (kvm_enabled()) { 706 int rc = spapr_irq_init_kvm(kvmppc_xive_connect, intc, nr_servers, 707 errp); 708 if (rc < 0) { 709 return rc; 710 } 711 } 712 713 /* Activate the XIVE MMIOs */ 714 spapr_xive_mmio_set_enabled(xive, true); 715 716 return 0; 717 } 718 719 static void spapr_xive_deactivate(SpaprInterruptController *intc) 720 { 721 SpaprXive *xive = SPAPR_XIVE(intc); 722 723 spapr_xive_mmio_set_enabled(xive, false); 724 725 if (kvm_irqchip_in_kernel()) { 726 kvmppc_xive_disconnect(intc); 727 } 728 } 729 730 static void spapr_xive_class_init(ObjectClass *klass, void *data) 731 { 732 DeviceClass *dc = DEVICE_CLASS(klass); 733 XiveRouterClass *xrc = XIVE_ROUTER_CLASS(klass); 734 SpaprInterruptControllerClass *sicc = SPAPR_INTC_CLASS(klass); 735 XivePresenterClass *xpc = XIVE_PRESENTER_CLASS(klass); 736 737 dc->desc = "sPAPR XIVE Interrupt Controller"; 738 dc->props = spapr_xive_properties; 739 dc->realize = spapr_xive_realize; 740 dc->vmsd = &vmstate_spapr_xive; 741 742 xrc->get_eas = spapr_xive_get_eas; 743 xrc->get_end = spapr_xive_get_end; 744 xrc->write_end = spapr_xive_write_end; 745 xrc->get_nvt = spapr_xive_get_nvt; 746 xrc->write_nvt = spapr_xive_write_nvt; 747 xrc->get_tctx = spapr_xive_get_tctx; 748 749 sicc->activate = spapr_xive_activate; 750 sicc->deactivate = spapr_xive_deactivate; 751 sicc->cpu_intc_create = spapr_xive_cpu_intc_create; 752 sicc->cpu_intc_reset = spapr_xive_cpu_intc_reset; 753 sicc->cpu_intc_destroy = spapr_xive_cpu_intc_destroy; 754 sicc->claim_irq = spapr_xive_claim_irq; 755 sicc->free_irq = spapr_xive_free_irq; 756 sicc->set_irq = spapr_xive_set_irq; 757 sicc->print_info = spapr_xive_print_info; 758 sicc->dt = spapr_xive_dt; 759 sicc->post_load = spapr_xive_post_load; 760 761 xpc->match_nvt = spapr_xive_match_nvt; 762 } 763 764 static const TypeInfo spapr_xive_info = { 765 .name = TYPE_SPAPR_XIVE, 766 .parent = TYPE_XIVE_ROUTER, 767 .instance_init = spapr_xive_instance_init, 768 .instance_size = sizeof(SpaprXive), 769 .class_init = spapr_xive_class_init, 770 .interfaces = (InterfaceInfo[]) { 771 { TYPE_SPAPR_INTC }, 772 { } 773 }, 774 }; 775 776 static void spapr_xive_register_types(void) 777 { 778 type_register_static(&spapr_xive_info); 779 } 780 781 type_init(spapr_xive_register_types) 782 783 /* 784 * XIVE hcalls 785 * 786 * The terminology used by the XIVE hcalls is the following : 787 * 788 * TARGET vCPU number 789 * EQ Event Queue assigned by OS to receive event data 790 * ESB page for source interrupt management 791 * LISN Logical Interrupt Source Number identifying a source in the 792 * machine 793 * EISN Effective Interrupt Source Number used by guest OS to 794 * identify source in the guest 795 * 796 * The EAS, END, NVT structures are not exposed. 797 */ 798 799 /* 800 * Linux hosts under OPAL reserve priority 7 for their own escalation 801 * interrupts (DD2.X POWER9). So we only allow the guest to use 802 * priorities [0..6]. 803 */ 804 static bool spapr_xive_priority_is_reserved(uint8_t priority) 805 { 806 switch (priority) { 807 case 0 ... 6: 808 return false; 809 case 7: /* OPAL escalation queue */ 810 default: 811 return true; 812 } 813 } 814 815 /* 816 * The H_INT_GET_SOURCE_INFO hcall() is used to obtain the logical 817 * real address of the MMIO page through which the Event State Buffer 818 * entry associated with the value of the "lisn" parameter is managed. 819 * 820 * Parameters: 821 * Input 822 * - R4: "flags" 823 * Bits 0-63 reserved 824 * - R5: "lisn" is per "interrupts", "interrupt-map", or 825 * "ibm,xive-lisn-ranges" properties, or as returned by the 826 * ibm,query-interrupt-source-number RTAS call, or as returned 827 * by the H_ALLOCATE_VAS_WINDOW hcall 828 * 829 * Output 830 * - R4: "flags" 831 * Bits 0-59: Reserved 832 * Bit 60: H_INT_ESB must be used for Event State Buffer 833 * management 834 * Bit 61: 1 == LSI 0 == MSI 835 * Bit 62: the full function page supports trigger 836 * Bit 63: Store EOI Supported 837 * - R5: Logical Real address of full function Event State Buffer 838 * management page, -1 if H_INT_ESB hcall flag is set to 1. 839 * - R6: Logical Real Address of trigger only Event State Buffer 840 * management page or -1. 841 * - R7: Power of 2 page size for the ESB management pages returned in 842 * R5 and R6. 843 */ 844 845 #define SPAPR_XIVE_SRC_H_INT_ESB PPC_BIT(60) /* ESB manage with H_INT_ESB */ 846 #define SPAPR_XIVE_SRC_LSI PPC_BIT(61) /* Virtual LSI type */ 847 #define SPAPR_XIVE_SRC_TRIGGER PPC_BIT(62) /* Trigger and management 848 on same page */ 849 #define SPAPR_XIVE_SRC_STORE_EOI PPC_BIT(63) /* Store EOI support */ 850 851 static target_ulong h_int_get_source_info(PowerPCCPU *cpu, 852 SpaprMachineState *spapr, 853 target_ulong opcode, 854 target_ulong *args) 855 { 856 SpaprXive *xive = spapr->xive; 857 XiveSource *xsrc = &xive->source; 858 target_ulong flags = args[0]; 859 target_ulong lisn = args[1]; 860 861 if (!spapr_ovec_test(spapr->ov5_cas, OV5_XIVE_EXPLOIT)) { 862 return H_FUNCTION; 863 } 864 865 if (flags) { 866 return H_PARAMETER; 867 } 868 869 if (lisn >= xive->nr_irqs) { 870 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Unknown LISN " TARGET_FMT_lx "\n", 871 lisn); 872 return H_P2; 873 } 874 875 if (!xive_eas_is_valid(&xive->eat[lisn])) { 876 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Invalid LISN " TARGET_FMT_lx "\n", 877 lisn); 878 return H_P2; 879 } 880 881 /* 882 * All sources are emulated under the main XIVE object and share 883 * the same characteristics. 884 */ 885 args[0] = 0; 886 if (!xive_source_esb_has_2page(xsrc)) { 887 args[0] |= SPAPR_XIVE_SRC_TRIGGER; 888 } 889 if (xsrc->esb_flags & XIVE_SRC_STORE_EOI) { 890 args[0] |= SPAPR_XIVE_SRC_STORE_EOI; 891 } 892 893 /* 894 * Force the use of the H_INT_ESB hcall in case of an LSI 895 * interrupt. This is necessary under KVM to re-trigger the 896 * interrupt if the level is still asserted 897 */ 898 if (xive_source_irq_is_lsi(xsrc, lisn)) { 899 args[0] |= SPAPR_XIVE_SRC_H_INT_ESB | SPAPR_XIVE_SRC_LSI; 900 } 901 902 if (!(args[0] & SPAPR_XIVE_SRC_H_INT_ESB)) { 903 args[1] = xive->vc_base + xive_source_esb_mgmt(xsrc, lisn); 904 } else { 905 args[1] = -1; 906 } 907 908 if (xive_source_esb_has_2page(xsrc) && 909 !(args[0] & SPAPR_XIVE_SRC_H_INT_ESB)) { 910 args[2] = xive->vc_base + xive_source_esb_page(xsrc, lisn); 911 } else { 912 args[2] = -1; 913 } 914 915 if (xive_source_esb_has_2page(xsrc)) { 916 args[3] = xsrc->esb_shift - 1; 917 } else { 918 args[3] = xsrc->esb_shift; 919 } 920 921 return H_SUCCESS; 922 } 923 924 /* 925 * The H_INT_SET_SOURCE_CONFIG hcall() is used to assign a Logical 926 * Interrupt Source to a target. The Logical Interrupt Source is 927 * designated with the "lisn" parameter and the target is designated 928 * with the "target" and "priority" parameters. Upon return from the 929 * hcall(), no additional interrupts will be directed to the old EQ. 930 * 931 * Parameters: 932 * Input: 933 * - R4: "flags" 934 * Bits 0-61: Reserved 935 * Bit 62: set the "eisn" in the EAS 936 * Bit 63: masks the interrupt source in the hardware interrupt 937 * control structure. An interrupt masked by this mechanism will 938 * be dropped, but it's source state bits will still be 939 * set. There is no race-free way of unmasking and restoring the 940 * source. Thus this should only be used in interrupts that are 941 * also masked at the source, and only in cases where the 942 * interrupt is not meant to be used for a large amount of time 943 * because no valid target exists for it for example 944 * - R5: "lisn" is per "interrupts", "interrupt-map", or 945 * "ibm,xive-lisn-ranges" properties, or as returned by the 946 * ibm,query-interrupt-source-number RTAS call, or as returned by 947 * the H_ALLOCATE_VAS_WINDOW hcall 948 * - R6: "target" is per "ibm,ppc-interrupt-server#s" or 949 * "ibm,ppc-interrupt-gserver#s" 950 * - R7: "priority" is a valid priority not in 951 * "ibm,plat-res-int-priorities" 952 * - R8: "eisn" is the guest EISN associated with the "lisn" 953 * 954 * Output: 955 * - None 956 */ 957 958 #define SPAPR_XIVE_SRC_SET_EISN PPC_BIT(62) 959 #define SPAPR_XIVE_SRC_MASK PPC_BIT(63) 960 961 static target_ulong h_int_set_source_config(PowerPCCPU *cpu, 962 SpaprMachineState *spapr, 963 target_ulong opcode, 964 target_ulong *args) 965 { 966 SpaprXive *xive = spapr->xive; 967 XiveEAS eas, new_eas; 968 target_ulong flags = args[0]; 969 target_ulong lisn = args[1]; 970 target_ulong target = args[2]; 971 target_ulong priority = args[3]; 972 target_ulong eisn = args[4]; 973 uint8_t end_blk; 974 uint32_t end_idx; 975 976 if (!spapr_ovec_test(spapr->ov5_cas, OV5_XIVE_EXPLOIT)) { 977 return H_FUNCTION; 978 } 979 980 if (flags & ~(SPAPR_XIVE_SRC_SET_EISN | SPAPR_XIVE_SRC_MASK)) { 981 return H_PARAMETER; 982 } 983 984 if (lisn >= xive->nr_irqs) { 985 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Unknown LISN " TARGET_FMT_lx "\n", 986 lisn); 987 return H_P2; 988 } 989 990 eas = xive->eat[lisn]; 991 if (!xive_eas_is_valid(&eas)) { 992 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Invalid LISN " TARGET_FMT_lx "\n", 993 lisn); 994 return H_P2; 995 } 996 997 /* priority 0xff is used to reset the EAS */ 998 if (priority == 0xff) { 999 new_eas.w = cpu_to_be64(EAS_VALID | EAS_MASKED); 1000 goto out; 1001 } 1002 1003 if (flags & SPAPR_XIVE_SRC_MASK) { 1004 new_eas.w = eas.w | cpu_to_be64(EAS_MASKED); 1005 } else { 1006 new_eas.w = eas.w & cpu_to_be64(~EAS_MASKED); 1007 } 1008 1009 if (spapr_xive_priority_is_reserved(priority)) { 1010 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: priority " TARGET_FMT_ld 1011 " is reserved\n", priority); 1012 return H_P4; 1013 } 1014 1015 /* 1016 * Validate that "target" is part of the list of threads allocated 1017 * to the partition. For that, find the END corresponding to the 1018 * target. 1019 */ 1020 if (spapr_xive_target_to_end(target, priority, &end_blk, &end_idx)) { 1021 return H_P3; 1022 } 1023 1024 new_eas.w = xive_set_field64(EAS_END_BLOCK, new_eas.w, end_blk); 1025 new_eas.w = xive_set_field64(EAS_END_INDEX, new_eas.w, end_idx); 1026 1027 if (flags & SPAPR_XIVE_SRC_SET_EISN) { 1028 new_eas.w = xive_set_field64(EAS_END_DATA, new_eas.w, eisn); 1029 } 1030 1031 if (kvm_irqchip_in_kernel()) { 1032 Error *local_err = NULL; 1033 1034 kvmppc_xive_set_source_config(xive, lisn, &new_eas, &local_err); 1035 if (local_err) { 1036 error_report_err(local_err); 1037 return H_HARDWARE; 1038 } 1039 } 1040 1041 out: 1042 xive->eat[lisn] = new_eas; 1043 return H_SUCCESS; 1044 } 1045 1046 /* 1047 * The H_INT_GET_SOURCE_CONFIG hcall() is used to determine to which 1048 * target/priority pair is assigned to the specified Logical Interrupt 1049 * Source. 1050 * 1051 * Parameters: 1052 * Input: 1053 * - R4: "flags" 1054 * Bits 0-63 Reserved 1055 * - R5: "lisn" is per "interrupts", "interrupt-map", or 1056 * "ibm,xive-lisn-ranges" properties, or as returned by the 1057 * ibm,query-interrupt-source-number RTAS call, or as 1058 * returned by the H_ALLOCATE_VAS_WINDOW hcall 1059 * 1060 * Output: 1061 * - R4: Target to which the specified Logical Interrupt Source is 1062 * assigned 1063 * - R5: Priority to which the specified Logical Interrupt Source is 1064 * assigned 1065 * - R6: EISN for the specified Logical Interrupt Source (this will be 1066 * equivalent to the LISN if not changed by H_INT_SET_SOURCE_CONFIG) 1067 */ 1068 static target_ulong h_int_get_source_config(PowerPCCPU *cpu, 1069 SpaprMachineState *spapr, 1070 target_ulong opcode, 1071 target_ulong *args) 1072 { 1073 SpaprXive *xive = spapr->xive; 1074 target_ulong flags = args[0]; 1075 target_ulong lisn = args[1]; 1076 XiveEAS eas; 1077 XiveEND *end; 1078 uint8_t nvt_blk; 1079 uint32_t end_idx, nvt_idx; 1080 1081 if (!spapr_ovec_test(spapr->ov5_cas, OV5_XIVE_EXPLOIT)) { 1082 return H_FUNCTION; 1083 } 1084 1085 if (flags) { 1086 return H_PARAMETER; 1087 } 1088 1089 if (lisn >= xive->nr_irqs) { 1090 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Unknown LISN " TARGET_FMT_lx "\n", 1091 lisn); 1092 return H_P2; 1093 } 1094 1095 eas = xive->eat[lisn]; 1096 if (!xive_eas_is_valid(&eas)) { 1097 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Invalid LISN " TARGET_FMT_lx "\n", 1098 lisn); 1099 return H_P2; 1100 } 1101 1102 /* EAS_END_BLOCK is unused on sPAPR */ 1103 end_idx = xive_get_field64(EAS_END_INDEX, eas.w); 1104 1105 assert(end_idx < xive->nr_ends); 1106 end = &xive->endt[end_idx]; 1107 1108 nvt_blk = xive_get_field32(END_W6_NVT_BLOCK, end->w6); 1109 nvt_idx = xive_get_field32(END_W6_NVT_INDEX, end->w6); 1110 args[0] = spapr_xive_nvt_to_target(nvt_blk, nvt_idx); 1111 1112 if (xive_eas_is_masked(&eas)) { 1113 args[1] = 0xff; 1114 } else { 1115 args[1] = xive_get_field32(END_W7_F0_PRIORITY, end->w7); 1116 } 1117 1118 args[2] = xive_get_field64(EAS_END_DATA, eas.w); 1119 1120 return H_SUCCESS; 1121 } 1122 1123 /* 1124 * The H_INT_GET_QUEUE_INFO hcall() is used to get the logical real 1125 * address of the notification management page associated with the 1126 * specified target and priority. 1127 * 1128 * Parameters: 1129 * Input: 1130 * - R4: "flags" 1131 * Bits 0-63 Reserved 1132 * - R5: "target" is per "ibm,ppc-interrupt-server#s" or 1133 * "ibm,ppc-interrupt-gserver#s" 1134 * - R6: "priority" is a valid priority not in 1135 * "ibm,plat-res-int-priorities" 1136 * 1137 * Output: 1138 * - R4: Logical real address of notification page 1139 * - R5: Power of 2 page size of the notification page 1140 */ 1141 static target_ulong h_int_get_queue_info(PowerPCCPU *cpu, 1142 SpaprMachineState *spapr, 1143 target_ulong opcode, 1144 target_ulong *args) 1145 { 1146 SpaprXive *xive = spapr->xive; 1147 XiveENDSource *end_xsrc = &xive->end_source; 1148 target_ulong flags = args[0]; 1149 target_ulong target = args[1]; 1150 target_ulong priority = args[2]; 1151 XiveEND *end; 1152 uint8_t end_blk; 1153 uint32_t end_idx; 1154 1155 if (!spapr_ovec_test(spapr->ov5_cas, OV5_XIVE_EXPLOIT)) { 1156 return H_FUNCTION; 1157 } 1158 1159 if (flags) { 1160 return H_PARAMETER; 1161 } 1162 1163 /* 1164 * H_STATE should be returned if a H_INT_RESET is in progress. 1165 * This is not needed when running the emulation under QEMU 1166 */ 1167 1168 if (spapr_xive_priority_is_reserved(priority)) { 1169 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: priority " TARGET_FMT_ld 1170 " is reserved\n", priority); 1171 return H_P3; 1172 } 1173 1174 /* 1175 * Validate that "target" is part of the list of threads allocated 1176 * to the partition. For that, find the END corresponding to the 1177 * target. 1178 */ 1179 if (spapr_xive_target_to_end(target, priority, &end_blk, &end_idx)) { 1180 return H_P2; 1181 } 1182 1183 assert(end_idx < xive->nr_ends); 1184 end = &xive->endt[end_idx]; 1185 1186 args[0] = xive->end_base + (1ull << (end_xsrc->esb_shift + 1)) * end_idx; 1187 if (xive_end_is_enqueue(end)) { 1188 args[1] = xive_get_field32(END_W0_QSIZE, end->w0) + 12; 1189 } else { 1190 args[1] = 0; 1191 } 1192 1193 return H_SUCCESS; 1194 } 1195 1196 /* 1197 * The H_INT_SET_QUEUE_CONFIG hcall() is used to set or reset a EQ for 1198 * a given "target" and "priority". It is also used to set the 1199 * notification config associated with the EQ. An EQ size of 0 is 1200 * used to reset the EQ config for a given target and priority. If 1201 * resetting the EQ config, the END associated with the given "target" 1202 * and "priority" will be changed to disable queueing. 1203 * 1204 * Upon return from the hcall(), no additional interrupts will be 1205 * directed to the old EQ (if one was set). The old EQ (if one was 1206 * set) should be investigated for interrupts that occurred prior to 1207 * or during the hcall(). 1208 * 1209 * Parameters: 1210 * Input: 1211 * - R4: "flags" 1212 * Bits 0-62: Reserved 1213 * Bit 63: Unconditional Notify (n) per the XIVE spec 1214 * - R5: "target" is per "ibm,ppc-interrupt-server#s" or 1215 * "ibm,ppc-interrupt-gserver#s" 1216 * - R6: "priority" is a valid priority not in 1217 * "ibm,plat-res-int-priorities" 1218 * - R7: "eventQueue": The logical real address of the start of the EQ 1219 * - R8: "eventQueueSize": The power of 2 EQ size per "ibm,xive-eq-sizes" 1220 * 1221 * Output: 1222 * - None 1223 */ 1224 1225 #define SPAPR_XIVE_END_ALWAYS_NOTIFY PPC_BIT(63) 1226 1227 static target_ulong h_int_set_queue_config(PowerPCCPU *cpu, 1228 SpaprMachineState *spapr, 1229 target_ulong opcode, 1230 target_ulong *args) 1231 { 1232 SpaprXive *xive = spapr->xive; 1233 target_ulong flags = args[0]; 1234 target_ulong target = args[1]; 1235 target_ulong priority = args[2]; 1236 target_ulong qpage = args[3]; 1237 target_ulong qsize = args[4]; 1238 XiveEND end; 1239 uint8_t end_blk, nvt_blk; 1240 uint32_t end_idx, nvt_idx; 1241 1242 if (!spapr_ovec_test(spapr->ov5_cas, OV5_XIVE_EXPLOIT)) { 1243 return H_FUNCTION; 1244 } 1245 1246 if (flags & ~SPAPR_XIVE_END_ALWAYS_NOTIFY) { 1247 return H_PARAMETER; 1248 } 1249 1250 /* 1251 * H_STATE should be returned if a H_INT_RESET is in progress. 1252 * This is not needed when running the emulation under QEMU 1253 */ 1254 1255 if (spapr_xive_priority_is_reserved(priority)) { 1256 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: priority " TARGET_FMT_ld 1257 " is reserved\n", priority); 1258 return H_P3; 1259 } 1260 1261 /* 1262 * Validate that "target" is part of the list of threads allocated 1263 * to the partition. For that, find the END corresponding to the 1264 * target. 1265 */ 1266 1267 if (spapr_xive_target_to_end(target, priority, &end_blk, &end_idx)) { 1268 return H_P2; 1269 } 1270 1271 assert(end_idx < xive->nr_ends); 1272 memcpy(&end, &xive->endt[end_idx], sizeof(XiveEND)); 1273 1274 switch (qsize) { 1275 case 12: 1276 case 16: 1277 case 21: 1278 case 24: 1279 if (!QEMU_IS_ALIGNED(qpage, 1ul << qsize)) { 1280 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: EQ @0x%" HWADDR_PRIx 1281 " is not naturally aligned with %" HWADDR_PRIx "\n", 1282 qpage, (hwaddr)1 << qsize); 1283 return H_P4; 1284 } 1285 end.w2 = cpu_to_be32((qpage >> 32) & 0x0fffffff); 1286 end.w3 = cpu_to_be32(qpage & 0xffffffff); 1287 end.w0 |= cpu_to_be32(END_W0_ENQUEUE); 1288 end.w0 = xive_set_field32(END_W0_QSIZE, end.w0, qsize - 12); 1289 break; 1290 case 0: 1291 /* reset queue and disable queueing */ 1292 spapr_xive_end_reset(&end); 1293 goto out; 1294 1295 default: 1296 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid EQ size %"PRIx64"\n", 1297 qsize); 1298 return H_P5; 1299 } 1300 1301 if (qsize) { 1302 hwaddr plen = 1 << qsize; 1303 void *eq; 1304 1305 /* 1306 * Validate the guest EQ. We should also check that the queue 1307 * has been zeroed by the OS. 1308 */ 1309 eq = address_space_map(CPU(cpu)->as, qpage, &plen, true, 1310 MEMTXATTRS_UNSPECIFIED); 1311 if (plen != 1 << qsize) { 1312 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: failed to map EQ @0x%" 1313 HWADDR_PRIx "\n", qpage); 1314 return H_P4; 1315 } 1316 address_space_unmap(CPU(cpu)->as, eq, plen, true, plen); 1317 } 1318 1319 /* "target" should have been validated above */ 1320 if (spapr_xive_target_to_nvt(target, &nvt_blk, &nvt_idx)) { 1321 g_assert_not_reached(); 1322 } 1323 1324 /* 1325 * Ensure the priority and target are correctly set (they will not 1326 * be right after allocation) 1327 */ 1328 end.w6 = xive_set_field32(END_W6_NVT_BLOCK, 0ul, nvt_blk) | 1329 xive_set_field32(END_W6_NVT_INDEX, 0ul, nvt_idx); 1330 end.w7 = xive_set_field32(END_W7_F0_PRIORITY, 0ul, priority); 1331 1332 if (flags & SPAPR_XIVE_END_ALWAYS_NOTIFY) { 1333 end.w0 |= cpu_to_be32(END_W0_UCOND_NOTIFY); 1334 } else { 1335 end.w0 &= cpu_to_be32((uint32_t)~END_W0_UCOND_NOTIFY); 1336 } 1337 1338 /* 1339 * The generation bit for the END starts at 1 and The END page 1340 * offset counter starts at 0. 1341 */ 1342 end.w1 = cpu_to_be32(END_W1_GENERATION) | 1343 xive_set_field32(END_W1_PAGE_OFF, 0ul, 0ul); 1344 end.w0 |= cpu_to_be32(END_W0_VALID); 1345 1346 /* 1347 * TODO: issue syncs required to ensure all in-flight interrupts 1348 * are complete on the old END 1349 */ 1350 1351 out: 1352 if (kvm_irqchip_in_kernel()) { 1353 Error *local_err = NULL; 1354 1355 kvmppc_xive_set_queue_config(xive, end_blk, end_idx, &end, &local_err); 1356 if (local_err) { 1357 error_report_err(local_err); 1358 return H_HARDWARE; 1359 } 1360 } 1361 1362 /* Update END */ 1363 memcpy(&xive->endt[end_idx], &end, sizeof(XiveEND)); 1364 return H_SUCCESS; 1365 } 1366 1367 /* 1368 * The H_INT_GET_QUEUE_CONFIG hcall() is used to get a EQ for a given 1369 * target and priority. 1370 * 1371 * Parameters: 1372 * Input: 1373 * - R4: "flags" 1374 * Bits 0-62: Reserved 1375 * Bit 63: Debug: Return debug data 1376 * - R5: "target" is per "ibm,ppc-interrupt-server#s" or 1377 * "ibm,ppc-interrupt-gserver#s" 1378 * - R6: "priority" is a valid priority not in 1379 * "ibm,plat-res-int-priorities" 1380 * 1381 * Output: 1382 * - R4: "flags": 1383 * Bits 0-61: Reserved 1384 * Bit 62: The value of Event Queue Generation Number (g) per 1385 * the XIVE spec if "Debug" = 1 1386 * Bit 63: The value of Unconditional Notify (n) per the XIVE spec 1387 * - R5: The logical real address of the start of the EQ 1388 * - R6: The power of 2 EQ size per "ibm,xive-eq-sizes" 1389 * - R7: The value of Event Queue Offset Counter per XIVE spec 1390 * if "Debug" = 1, else 0 1391 * 1392 */ 1393 1394 #define SPAPR_XIVE_END_DEBUG PPC_BIT(63) 1395 1396 static target_ulong h_int_get_queue_config(PowerPCCPU *cpu, 1397 SpaprMachineState *spapr, 1398 target_ulong opcode, 1399 target_ulong *args) 1400 { 1401 SpaprXive *xive = spapr->xive; 1402 target_ulong flags = args[0]; 1403 target_ulong target = args[1]; 1404 target_ulong priority = args[2]; 1405 XiveEND *end; 1406 uint8_t end_blk; 1407 uint32_t end_idx; 1408 1409 if (!spapr_ovec_test(spapr->ov5_cas, OV5_XIVE_EXPLOIT)) { 1410 return H_FUNCTION; 1411 } 1412 1413 if (flags & ~SPAPR_XIVE_END_DEBUG) { 1414 return H_PARAMETER; 1415 } 1416 1417 /* 1418 * H_STATE should be returned if a H_INT_RESET is in progress. 1419 * This is not needed when running the emulation under QEMU 1420 */ 1421 1422 if (spapr_xive_priority_is_reserved(priority)) { 1423 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: priority " TARGET_FMT_ld 1424 " is reserved\n", priority); 1425 return H_P3; 1426 } 1427 1428 /* 1429 * Validate that "target" is part of the list of threads allocated 1430 * to the partition. For that, find the END corresponding to the 1431 * target. 1432 */ 1433 if (spapr_xive_target_to_end(target, priority, &end_blk, &end_idx)) { 1434 return H_P2; 1435 } 1436 1437 assert(end_idx < xive->nr_ends); 1438 end = &xive->endt[end_idx]; 1439 1440 args[0] = 0; 1441 if (xive_end_is_notify(end)) { 1442 args[0] |= SPAPR_XIVE_END_ALWAYS_NOTIFY; 1443 } 1444 1445 if (xive_end_is_enqueue(end)) { 1446 args[1] = xive_end_qaddr(end); 1447 args[2] = xive_get_field32(END_W0_QSIZE, end->w0) + 12; 1448 } else { 1449 args[1] = 0; 1450 args[2] = 0; 1451 } 1452 1453 if (kvm_irqchip_in_kernel()) { 1454 Error *local_err = NULL; 1455 1456 kvmppc_xive_get_queue_config(xive, end_blk, end_idx, end, &local_err); 1457 if (local_err) { 1458 error_report_err(local_err); 1459 return H_HARDWARE; 1460 } 1461 } 1462 1463 /* TODO: do we need any locking on the END ? */ 1464 if (flags & SPAPR_XIVE_END_DEBUG) { 1465 /* Load the event queue generation number into the return flags */ 1466 args[0] |= (uint64_t)xive_get_field32(END_W1_GENERATION, end->w1) << 62; 1467 1468 /* Load R7 with the event queue offset counter */ 1469 args[3] = xive_get_field32(END_W1_PAGE_OFF, end->w1); 1470 } else { 1471 args[3] = 0; 1472 } 1473 1474 return H_SUCCESS; 1475 } 1476 1477 /* 1478 * The H_INT_SET_OS_REPORTING_LINE hcall() is used to set the 1479 * reporting cache line pair for the calling thread. The reporting 1480 * cache lines will contain the OS interrupt context when the OS 1481 * issues a CI store byte to @TIMA+0xC10 to acknowledge the OS 1482 * interrupt. The reporting cache lines can be reset by inputting -1 1483 * in "reportingLine". Issuing the CI store byte without reporting 1484 * cache lines registered will result in the data not being accessible 1485 * to the OS. 1486 * 1487 * Parameters: 1488 * Input: 1489 * - R4: "flags" 1490 * Bits 0-63: Reserved 1491 * - R5: "reportingLine": The logical real address of the reporting cache 1492 * line pair 1493 * 1494 * Output: 1495 * - None 1496 */ 1497 static target_ulong h_int_set_os_reporting_line(PowerPCCPU *cpu, 1498 SpaprMachineState *spapr, 1499 target_ulong opcode, 1500 target_ulong *args) 1501 { 1502 if (!spapr_ovec_test(spapr->ov5_cas, OV5_XIVE_EXPLOIT)) { 1503 return H_FUNCTION; 1504 } 1505 1506 /* 1507 * H_STATE should be returned if a H_INT_RESET is in progress. 1508 * This is not needed when running the emulation under QEMU 1509 */ 1510 1511 /* TODO: H_INT_SET_OS_REPORTING_LINE */ 1512 return H_FUNCTION; 1513 } 1514 1515 /* 1516 * The H_INT_GET_OS_REPORTING_LINE hcall() is used to get the logical 1517 * real address of the reporting cache line pair set for the input 1518 * "target". If no reporting cache line pair has been set, -1 is 1519 * returned. 1520 * 1521 * Parameters: 1522 * Input: 1523 * - R4: "flags" 1524 * Bits 0-63: Reserved 1525 * - R5: "target" is per "ibm,ppc-interrupt-server#s" or 1526 * "ibm,ppc-interrupt-gserver#s" 1527 * - R6: "reportingLine": The logical real address of the reporting 1528 * cache line pair 1529 * 1530 * Output: 1531 * - R4: The logical real address of the reporting line if set, else -1 1532 */ 1533 static target_ulong h_int_get_os_reporting_line(PowerPCCPU *cpu, 1534 SpaprMachineState *spapr, 1535 target_ulong opcode, 1536 target_ulong *args) 1537 { 1538 if (!spapr_ovec_test(spapr->ov5_cas, OV5_XIVE_EXPLOIT)) { 1539 return H_FUNCTION; 1540 } 1541 1542 /* 1543 * H_STATE should be returned if a H_INT_RESET is in progress. 1544 * This is not needed when running the emulation under QEMU 1545 */ 1546 1547 /* TODO: H_INT_GET_OS_REPORTING_LINE */ 1548 return H_FUNCTION; 1549 } 1550 1551 /* 1552 * The H_INT_ESB hcall() is used to issue a load or store to the ESB 1553 * page for the input "lisn". This hcall is only supported for LISNs 1554 * that have the ESB hcall flag set to 1 when returned from hcall() 1555 * H_INT_GET_SOURCE_INFO. 1556 * 1557 * Parameters: 1558 * Input: 1559 * - R4: "flags" 1560 * Bits 0-62: Reserved 1561 * bit 63: Store: Store=1, store operation, else load operation 1562 * - R5: "lisn" is per "interrupts", "interrupt-map", or 1563 * "ibm,xive-lisn-ranges" properties, or as returned by the 1564 * ibm,query-interrupt-source-number RTAS call, or as 1565 * returned by the H_ALLOCATE_VAS_WINDOW hcall 1566 * - R6: "esbOffset" is the offset into the ESB page for the load or 1567 * store operation 1568 * - R7: "storeData" is the data to write for a store operation 1569 * 1570 * Output: 1571 * - R4: The value of the load if load operation, else -1 1572 */ 1573 1574 #define SPAPR_XIVE_ESB_STORE PPC_BIT(63) 1575 1576 static target_ulong h_int_esb(PowerPCCPU *cpu, 1577 SpaprMachineState *spapr, 1578 target_ulong opcode, 1579 target_ulong *args) 1580 { 1581 SpaprXive *xive = spapr->xive; 1582 XiveEAS eas; 1583 target_ulong flags = args[0]; 1584 target_ulong lisn = args[1]; 1585 target_ulong offset = args[2]; 1586 target_ulong data = args[3]; 1587 hwaddr mmio_addr; 1588 XiveSource *xsrc = &xive->source; 1589 1590 if (!spapr_ovec_test(spapr->ov5_cas, OV5_XIVE_EXPLOIT)) { 1591 return H_FUNCTION; 1592 } 1593 1594 if (flags & ~SPAPR_XIVE_ESB_STORE) { 1595 return H_PARAMETER; 1596 } 1597 1598 if (lisn >= xive->nr_irqs) { 1599 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Unknown LISN " TARGET_FMT_lx "\n", 1600 lisn); 1601 return H_P2; 1602 } 1603 1604 eas = xive->eat[lisn]; 1605 if (!xive_eas_is_valid(&eas)) { 1606 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Invalid LISN " TARGET_FMT_lx "\n", 1607 lisn); 1608 return H_P2; 1609 } 1610 1611 if (offset > (1ull << xsrc->esb_shift)) { 1612 return H_P3; 1613 } 1614 1615 if (kvm_irqchip_in_kernel()) { 1616 args[0] = kvmppc_xive_esb_rw(xsrc, lisn, offset, data, 1617 flags & SPAPR_XIVE_ESB_STORE); 1618 } else { 1619 mmio_addr = xive->vc_base + xive_source_esb_mgmt(xsrc, lisn) + offset; 1620 1621 if (dma_memory_rw(&address_space_memory, mmio_addr, &data, 8, 1622 (flags & SPAPR_XIVE_ESB_STORE))) { 1623 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: failed to access ESB @0x%" 1624 HWADDR_PRIx "\n", mmio_addr); 1625 return H_HARDWARE; 1626 } 1627 args[0] = (flags & SPAPR_XIVE_ESB_STORE) ? -1 : data; 1628 } 1629 return H_SUCCESS; 1630 } 1631 1632 /* 1633 * The H_INT_SYNC hcall() is used to issue hardware syncs that will 1634 * ensure any in flight events for the input lisn are in the event 1635 * queue. 1636 * 1637 * Parameters: 1638 * Input: 1639 * - R4: "flags" 1640 * Bits 0-63: Reserved 1641 * - R5: "lisn" is per "interrupts", "interrupt-map", or 1642 * "ibm,xive-lisn-ranges" properties, or as returned by the 1643 * ibm,query-interrupt-source-number RTAS call, or as 1644 * returned by the H_ALLOCATE_VAS_WINDOW hcall 1645 * 1646 * Output: 1647 * - None 1648 */ 1649 static target_ulong h_int_sync(PowerPCCPU *cpu, 1650 SpaprMachineState *spapr, 1651 target_ulong opcode, 1652 target_ulong *args) 1653 { 1654 SpaprXive *xive = spapr->xive; 1655 XiveEAS eas; 1656 target_ulong flags = args[0]; 1657 target_ulong lisn = args[1]; 1658 1659 if (!spapr_ovec_test(spapr->ov5_cas, OV5_XIVE_EXPLOIT)) { 1660 return H_FUNCTION; 1661 } 1662 1663 if (flags) { 1664 return H_PARAMETER; 1665 } 1666 1667 if (lisn >= xive->nr_irqs) { 1668 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Unknown LISN " TARGET_FMT_lx "\n", 1669 lisn); 1670 return H_P2; 1671 } 1672 1673 eas = xive->eat[lisn]; 1674 if (!xive_eas_is_valid(&eas)) { 1675 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Invalid LISN " TARGET_FMT_lx "\n", 1676 lisn); 1677 return H_P2; 1678 } 1679 1680 /* 1681 * H_STATE should be returned if a H_INT_RESET is in progress. 1682 * This is not needed when running the emulation under QEMU 1683 */ 1684 1685 /* 1686 * This is not real hardware. Nothing to be done unless when 1687 * under KVM 1688 */ 1689 1690 if (kvm_irqchip_in_kernel()) { 1691 Error *local_err = NULL; 1692 1693 kvmppc_xive_sync_source(xive, lisn, &local_err); 1694 if (local_err) { 1695 error_report_err(local_err); 1696 return H_HARDWARE; 1697 } 1698 } 1699 return H_SUCCESS; 1700 } 1701 1702 /* 1703 * The H_INT_RESET hcall() is used to reset all of the partition's 1704 * interrupt exploitation structures to their initial state. This 1705 * means losing all previously set interrupt state set via 1706 * H_INT_SET_SOURCE_CONFIG and H_INT_SET_QUEUE_CONFIG. 1707 * 1708 * Parameters: 1709 * Input: 1710 * - R4: "flags" 1711 * Bits 0-63: Reserved 1712 * 1713 * Output: 1714 * - None 1715 */ 1716 static target_ulong h_int_reset(PowerPCCPU *cpu, 1717 SpaprMachineState *spapr, 1718 target_ulong opcode, 1719 target_ulong *args) 1720 { 1721 SpaprXive *xive = spapr->xive; 1722 target_ulong flags = args[0]; 1723 1724 if (!spapr_ovec_test(spapr->ov5_cas, OV5_XIVE_EXPLOIT)) { 1725 return H_FUNCTION; 1726 } 1727 1728 if (flags) { 1729 return H_PARAMETER; 1730 } 1731 1732 device_reset(DEVICE(xive)); 1733 1734 if (kvm_irqchip_in_kernel()) { 1735 Error *local_err = NULL; 1736 1737 kvmppc_xive_reset(xive, &local_err); 1738 if (local_err) { 1739 error_report_err(local_err); 1740 return H_HARDWARE; 1741 } 1742 } 1743 return H_SUCCESS; 1744 } 1745 1746 void spapr_xive_hcall_init(SpaprMachineState *spapr) 1747 { 1748 spapr_register_hypercall(H_INT_GET_SOURCE_INFO, h_int_get_source_info); 1749 spapr_register_hypercall(H_INT_SET_SOURCE_CONFIG, h_int_set_source_config); 1750 spapr_register_hypercall(H_INT_GET_SOURCE_CONFIG, h_int_get_source_config); 1751 spapr_register_hypercall(H_INT_GET_QUEUE_INFO, h_int_get_queue_info); 1752 spapr_register_hypercall(H_INT_SET_QUEUE_CONFIG, h_int_set_queue_config); 1753 spapr_register_hypercall(H_INT_GET_QUEUE_CONFIG, h_int_get_queue_config); 1754 spapr_register_hypercall(H_INT_SET_OS_REPORTING_LINE, 1755 h_int_set_os_reporting_line); 1756 spapr_register_hypercall(H_INT_GET_OS_REPORTING_LINE, 1757 h_int_get_os_reporting_line); 1758 spapr_register_hypercall(H_INT_ESB, h_int_esb); 1759 spapr_register_hypercall(H_INT_SYNC, h_int_sync); 1760 spapr_register_hypercall(H_INT_RESET, h_int_reset); 1761 } 1762