1 /* 2 * QEMU PowerPC XIVE interrupt controller model 3 * 4 * Copyright (c) 2017-2018, IBM Corporation. 5 * 6 * SPDX-License-Identifier: GPL-2.0-or-later 7 */ 8 9 #include "qemu/osdep.h" 10 #include "qemu/log.h" 11 #include "qemu/module.h" 12 #include "qapi/error.h" 13 #include "target/ppc/cpu.h" 14 #include "system/cpus.h" 15 #include "system/dma.h" 16 #include "system/reset.h" 17 #include "hw/qdev-properties.h" 18 #include "migration/vmstate.h" 19 #include "hw/irq.h" 20 #include "hw/ppc/xive.h" 21 #include "hw/ppc/xive2.h" 22 #include "hw/ppc/xive_regs.h" 23 #include "trace.h" 24 25 /* 26 * XIVE Thread Interrupt Management context 27 */ 28 bool xive_ring_valid(XiveTCTX *tctx, uint8_t ring) 29 { 30 uint8_t cur_ring; 31 32 for (cur_ring = ring; cur_ring <= TM_QW3_HV_PHYS; 33 cur_ring += XIVE_TM_RING_SIZE) { 34 if (!(tctx->regs[cur_ring + TM_WORD2] & 0x80)) { 35 return false; 36 } 37 } 38 return true; 39 } 40 41 bool xive_nsr_indicates_exception(uint8_t ring, uint8_t nsr) 42 { 43 switch (ring) { 44 case TM_QW1_OS: 45 return !!(nsr & TM_QW1_NSR_EO); 46 case TM_QW2_HV_POOL: 47 case TM_QW3_HV_PHYS: 48 return !!(nsr & TM_QW3_NSR_HE); 49 default: 50 g_assert_not_reached(); 51 } 52 } 53 54 bool xive_nsr_indicates_group_exception(uint8_t ring, uint8_t nsr) 55 { 56 if ((nsr & TM_NSR_GRP_LVL) > 0) { 57 g_assert(xive_nsr_indicates_exception(ring, nsr)); 58 return true; 59 } 60 return false; 61 } 62 63 uint8_t xive_nsr_exception_ring(uint8_t ring, uint8_t nsr) 64 { 65 /* NSR determines if pool/phys ring is for phys or pool interrupt */ 66 if ((ring == TM_QW3_HV_PHYS) || (ring == TM_QW2_HV_POOL)) { 67 uint8_t he = (nsr & TM_QW3_NSR_HE) >> 6; 68 69 if (he == TM_QW3_NSR_HE_PHYS) { 70 return TM_QW3_HV_PHYS; 71 } else if (he == TM_QW3_NSR_HE_POOL) { 72 return TM_QW2_HV_POOL; 73 } else { 74 /* Don't support LSI mode */ 75 g_assert_not_reached(); 76 } 77 } 78 return ring; 79 } 80 81 static qemu_irq xive_tctx_output(XiveTCTX *tctx, uint8_t ring) 82 { 83 switch (ring) { 84 case TM_QW0_USER: 85 return 0; /* Not supported */ 86 case TM_QW1_OS: 87 return tctx->os_output; 88 case TM_QW2_HV_POOL: 89 case TM_QW3_HV_PHYS: 90 return tctx->hv_output; 91 default: 92 return 0; 93 } 94 } 95 96 /* 97 * interrupt is accepted on the presentation ring, for PHYS ring the NSR 98 * directs it to the PHYS or POOL rings. 99 */ 100 uint64_t xive_tctx_accept(XiveTCTX *tctx, uint8_t sig_ring) 101 { 102 uint8_t *sig_regs = &tctx->regs[sig_ring]; 103 uint8_t nsr = sig_regs[TM_NSR]; 104 105 g_assert(sig_ring == TM_QW1_OS || sig_ring == TM_QW3_HV_PHYS); 106 107 g_assert(tctx->regs[TM_QW2_HV_POOL + TM_NSR] == 0); 108 g_assert(tctx->regs[TM_QW2_HV_POOL + TM_PIPR] == 0); 109 g_assert(tctx->regs[TM_QW2_HV_POOL + TM_CPPR] == 0); 110 111 if (xive_nsr_indicates_exception(sig_ring, nsr)) { 112 uint8_t cppr = sig_regs[TM_PIPR]; 113 uint8_t ring; 114 uint8_t *regs; 115 116 ring = xive_nsr_exception_ring(sig_ring, nsr); 117 regs = &tctx->regs[ring]; 118 119 sig_regs[TM_CPPR] = cppr; 120 121 /* 122 * If the interrupt was for a specific VP, reset the pending 123 * buffer bit, otherwise clear the logical server indicator 124 */ 125 if (!xive_nsr_indicates_group_exception(sig_ring, nsr)) { 126 regs[TM_IPB] &= ~xive_priority_to_ipb(cppr); 127 } 128 129 /* Clear the exception from NSR */ 130 sig_regs[TM_NSR] = 0; 131 qemu_irq_lower(xive_tctx_output(tctx, sig_ring)); 132 133 trace_xive_tctx_accept(tctx->cs->cpu_index, ring, 134 regs[TM_IPB], sig_regs[TM_PIPR], 135 sig_regs[TM_CPPR], sig_regs[TM_NSR]); 136 } 137 138 return ((uint64_t)nsr << 8) | sig_regs[TM_CPPR]; 139 } 140 141 /* Change PIPR and calculate NSR and irq based on PIPR, CPPR, group */ 142 void xive_tctx_pipr_set(XiveTCTX *tctx, uint8_t ring, uint8_t pipr, 143 uint8_t group_level) 144 { 145 uint8_t *sig_regs = xive_tctx_signal_regs(tctx, ring); 146 uint8_t *regs = &tctx->regs[ring]; 147 148 g_assert(!xive_nsr_indicates_group_exception(ring, sig_regs[TM_NSR])); 149 150 sig_regs[TM_PIPR] = pipr; 151 152 if (pipr < sig_regs[TM_CPPR]) { 153 switch (ring) { 154 case TM_QW1_OS: 155 sig_regs[TM_NSR] = TM_QW1_NSR_EO | (group_level & 0x3F); 156 break; 157 case TM_QW2_HV_POOL: 158 sig_regs[TM_NSR] = (TM_QW3_NSR_HE_POOL << 6) | (group_level & 0x3F); 159 break; 160 case TM_QW3_HV_PHYS: 161 sig_regs[TM_NSR] = (TM_QW3_NSR_HE_PHYS << 6) | (group_level & 0x3F); 162 break; 163 default: 164 g_assert_not_reached(); 165 } 166 trace_xive_tctx_notify(tctx->cs->cpu_index, ring, 167 regs[TM_IPB], pipr, 168 sig_regs[TM_CPPR], sig_regs[TM_NSR]); 169 qemu_irq_raise(xive_tctx_output(tctx, ring)); 170 } else { 171 sig_regs[TM_NSR] = 0; 172 qemu_irq_lower(xive_tctx_output(tctx, ring)); 173 } 174 } 175 176 void xive_tctx_reset_signal(XiveTCTX *tctx, uint8_t ring) 177 { 178 /* 179 * Lower the External interrupt. Used when pulling a context. It is 180 * necessary to avoid catching it in the higher privilege context. It 181 * should be raised again when re-pushing the lower privilege context. 182 */ 183 qemu_irq_lower(xive_tctx_output(tctx, ring)); 184 } 185 186 static void xive_tctx_set_cppr(XiveTCTX *tctx, uint8_t ring, uint8_t cppr) 187 { 188 uint8_t *sig_regs = &tctx->regs[ring]; 189 uint8_t pipr_min; 190 uint8_t ring_min; 191 192 g_assert(ring == TM_QW1_OS || ring == TM_QW3_HV_PHYS); 193 194 g_assert(tctx->regs[TM_QW2_HV_POOL + TM_NSR] == 0); 195 g_assert(tctx->regs[TM_QW2_HV_POOL + TM_PIPR] == 0); 196 g_assert(tctx->regs[TM_QW2_HV_POOL + TM_CPPR] == 0); 197 198 /* XXX: should show pool IPB for PHYS ring */ 199 trace_xive_tctx_set_cppr(tctx->cs->cpu_index, ring, 200 sig_regs[TM_IPB], sig_regs[TM_PIPR], 201 cppr, sig_regs[TM_NSR]); 202 203 if (cppr > XIVE_PRIORITY_MAX) { 204 cppr = 0xff; 205 } 206 207 sig_regs[TM_CPPR] = cppr; 208 209 /* 210 * Recompute the PIPR based on local pending interrupts. The PHYS 211 * ring must take the minimum of both the PHYS and POOL PIPR values. 212 */ 213 pipr_min = xive_ipb_to_pipr(sig_regs[TM_IPB]); 214 ring_min = ring; 215 216 /* PHYS updates also depend on POOL values */ 217 if (ring == TM_QW3_HV_PHYS) { 218 uint8_t *pool_regs = &tctx->regs[TM_QW2_HV_POOL]; 219 220 /* POOL values only matter if POOL ctx is valid */ 221 if (pool_regs[TM_WORD2] & 0x80) { 222 uint8_t pool_pipr = xive_ipb_to_pipr(pool_regs[TM_IPB]); 223 224 /* 225 * Determine highest priority interrupt and 226 * remember which ring has it. 227 */ 228 if (pool_pipr < pipr_min) { 229 pipr_min = pool_pipr; 230 ring_min = TM_QW2_HV_POOL; 231 } 232 } 233 } 234 235 /* CPPR has changed, this may present or preclude a pending exception */ 236 xive_tctx_pipr_set(tctx, ring_min, pipr_min, 0); 237 } 238 239 static void xive_tctx_pipr_recompute_from_ipb(XiveTCTX *tctx, uint8_t ring) 240 { 241 uint8_t *sig_regs = xive_tctx_signal_regs(tctx, ring); 242 uint8_t *regs = &tctx->regs[ring]; 243 244 /* Does not support a presented group interrupt */ 245 g_assert(!xive_nsr_indicates_group_exception(ring, sig_regs[TM_NSR])); 246 247 xive_tctx_pipr_set(tctx, ring, xive_ipb_to_pipr(regs[TM_IPB]), 0); 248 } 249 250 void xive_tctx_pipr_present(XiveTCTX *tctx, uint8_t ring, uint8_t priority, 251 uint8_t group_level) 252 { 253 uint8_t *sig_regs = xive_tctx_signal_regs(tctx, ring); 254 uint8_t *regs = &tctx->regs[ring]; 255 uint8_t pipr = xive_priority_to_pipr(priority); 256 257 if (group_level == 0) { 258 regs[TM_IPB] |= xive_priority_to_ipb(priority); 259 if (pipr >= sig_regs[TM_PIPR]) { 260 /* VP interrupts can come here with lower priority than PIPR */ 261 return; 262 } 263 } 264 g_assert(pipr <= xive_ipb_to_pipr(regs[TM_IPB])); 265 g_assert(pipr < sig_regs[TM_PIPR]); 266 xive_tctx_pipr_set(tctx, ring, pipr, group_level); 267 } 268 269 /* 270 * XIVE Thread Interrupt Management Area (TIMA) 271 */ 272 273 static void xive_tm_set_hv_cppr(XivePresenter *xptr, XiveTCTX *tctx, 274 hwaddr offset, uint64_t value, unsigned size) 275 { 276 xive_tctx_set_cppr(tctx, TM_QW3_HV_PHYS, value & 0xff); 277 } 278 279 static uint64_t xive_tm_ack_hv_reg(XivePresenter *xptr, XiveTCTX *tctx, 280 hwaddr offset, unsigned size) 281 { 282 return xive_tctx_accept(tctx, TM_QW3_HV_PHYS); 283 } 284 285 static void xive_pool_cam_decode(uint32_t cam, uint8_t *nvt_blk, 286 uint32_t *nvt_idx, bool *vp) 287 { 288 if (nvt_blk) { 289 *nvt_blk = xive_nvt_blk(cam); 290 } 291 if (nvt_idx) { 292 *nvt_idx = xive_nvt_idx(cam); 293 } 294 if (vp) { 295 *vp = !!(cam & TM_QW2W2_VP); 296 } 297 } 298 299 static uint32_t xive_tctx_get_pool_cam(XiveTCTX *tctx, uint8_t *nvt_blk, 300 uint32_t *nvt_idx, bool *vp) 301 { 302 uint32_t qw2w2 = xive_tctx_word2(&tctx->regs[TM_QW2_HV_POOL]); 303 uint32_t cam = be32_to_cpu(qw2w2); 304 305 xive_pool_cam_decode(cam, nvt_blk, nvt_idx, vp); 306 return qw2w2; 307 } 308 309 static void xive_tctx_set_pool_cam(XiveTCTX *tctx, uint32_t qw2w2) 310 { 311 memcpy(&tctx->regs[TM_QW2_HV_POOL + TM_WORD2], &qw2w2, 4); 312 } 313 314 static uint64_t xive_tm_pull_pool_ctx(XivePresenter *xptr, XiveTCTX *tctx, 315 hwaddr offset, unsigned size) 316 { 317 uint32_t qw2w2; 318 uint32_t qw2w2_new; 319 uint8_t nvt_blk; 320 uint32_t nvt_idx; 321 bool vp; 322 323 qw2w2 = xive_tctx_get_pool_cam(tctx, &nvt_blk, &nvt_idx, &vp); 324 325 if (!vp) { 326 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: pull invalid POOL NVT %x/%x !?\n", 327 nvt_blk, nvt_idx); 328 } 329 330 /* Invalidate CAM line */ 331 qw2w2_new = xive_set_field32(TM_QW2W2_VP, qw2w2, 0); 332 xive_tctx_set_pool_cam(tctx, qw2w2_new); 333 334 xive_tctx_reset_signal(tctx, TM_QW1_OS); 335 xive_tctx_reset_signal(tctx, TM_QW2_HV_POOL); 336 /* Re-check phys for interrupts if pool was disabled */ 337 xive_tctx_pipr_recompute_from_ipb(tctx, TM_QW3_HV_PHYS); 338 339 return qw2w2; 340 } 341 342 static uint64_t xive_tm_pull_phys_ctx(XivePresenter *xptr, XiveTCTX *tctx, 343 hwaddr offset, unsigned size) 344 { 345 uint8_t qw3b8 = tctx->regs[TM_QW3_HV_PHYS + TM_WORD2]; 346 uint8_t qw3b8_new; 347 348 qw3b8 = tctx->regs[TM_QW3_HV_PHYS + TM_WORD2]; 349 if (!(qw3b8 & TM_QW3B8_VT)) { 350 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: pulling invalid PHYS thread!?\n"); 351 } 352 qw3b8_new = qw3b8 & ~TM_QW3B8_VT; 353 tctx->regs[TM_QW3_HV_PHYS + TM_WORD2] = qw3b8_new; 354 355 xive_tctx_reset_signal(tctx, TM_QW1_OS); 356 xive_tctx_reset_signal(tctx, TM_QW3_HV_PHYS); 357 return qw3b8; 358 } 359 360 static void xive_tm_vt_push(XivePresenter *xptr, XiveTCTX *tctx, hwaddr offset, 361 uint64_t value, unsigned size) 362 { 363 tctx->regs[TM_QW3_HV_PHYS + TM_WORD2] = value & 0xff; 364 } 365 366 static uint64_t xive_tm_vt_poll(XivePresenter *xptr, XiveTCTX *tctx, 367 hwaddr offset, unsigned size) 368 { 369 return tctx->regs[TM_QW3_HV_PHYS + TM_WORD2] & 0xff; 370 } 371 372 /* 373 * Define an access map for each page of the TIMA that we will use in 374 * the memory region ops to filter values when doing loads and stores 375 * of raw registers values 376 * 377 * Registers accessibility bits : 378 * 379 * 0x0 - no access 380 * 0x1 - write only 381 * 0x2 - read only 382 * 0x3 - read/write 383 */ 384 385 static const uint8_t xive_tm_hw_view[] = { 386 3, 0, 0, 0, 0, 0, 0, 0, 3, 3, 3, 3, 0, 0, 0, 0, /* QW-0 User */ 387 3, 3, 3, 3, 3, 3, 0, 2, 3, 3, 3, 3, 0, 0, 0, 3, /* QW-1 OS */ 388 0, 0, 3, 3, 0, 3, 3, 0, 3, 3, 3, 3, 0, 0, 0, 0, /* QW-2 POOL */ 389 3, 3, 3, 3, 0, 3, 0, 2, 3, 0, 0, 3, 3, 3, 3, 0, /* QW-3 PHYS */ 390 }; 391 392 static const uint8_t xive_tm_hv_view[] = { 393 3, 0, 0, 0, 0, 0, 0, 0, 3, 3, 3, 3, 0, 0, 0, 0, /* QW-0 User */ 394 3, 3, 3, 3, 3, 3, 0, 2, 3, 3, 3, 3, 0, 0, 0, 3, /* QW-1 OS */ 395 0, 0, 3, 3, 0, 3, 3, 0, 0, 3, 3, 3, 0, 0, 0, 0, /* QW-2 POOL */ 396 3, 3, 3, 3, 0, 3, 0, 2, 3, 0, 0, 3, 0, 0, 0, 0, /* QW-3 PHYS */ 397 }; 398 399 static const uint8_t xive_tm_os_view[] = { 400 3, 0, 0, 0, 0, 0, 0, 0, 3, 3, 3, 3, 0, 0, 0, 0, /* QW-0 User */ 401 2, 3, 2, 2, 2, 2, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, /* QW-1 OS */ 402 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* QW-2 POOL */ 403 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* QW-3 PHYS */ 404 }; 405 406 static const uint8_t xive_tm_user_view[] = { 407 3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* QW-0 User */ 408 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* QW-1 OS */ 409 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* QW-2 POOL */ 410 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* QW-3 PHYS */ 411 }; 412 413 /* 414 * Overall TIMA access map for the thread interrupt management context 415 * registers 416 */ 417 static const uint8_t *xive_tm_views[] = { 418 [XIVE_TM_HW_PAGE] = xive_tm_hw_view, 419 [XIVE_TM_HV_PAGE] = xive_tm_hv_view, 420 [XIVE_TM_OS_PAGE] = xive_tm_os_view, 421 [XIVE_TM_USER_PAGE] = xive_tm_user_view, 422 }; 423 424 /* 425 * Computes a register access mask for a given offset in the TIMA 426 */ 427 static uint64_t xive_tm_mask(hwaddr offset, unsigned size, bool write) 428 { 429 uint8_t page_offset = (offset >> TM_SHIFT) & 0x3; 430 uint8_t reg_offset = offset & TM_REG_OFFSET; 431 uint8_t reg_mask = write ? 0x1 : 0x2; 432 uint64_t mask = 0x0; 433 int i; 434 435 for (i = 0; i < size; i++) { 436 if (xive_tm_views[page_offset][reg_offset + i] & reg_mask) { 437 mask |= (uint64_t) 0xff << (8 * (size - i - 1)); 438 } 439 } 440 441 return mask; 442 } 443 444 static void xive_tm_raw_write(XiveTCTX *tctx, hwaddr offset, uint64_t value, 445 unsigned size) 446 { 447 uint8_t ring_offset = offset & TM_RING_OFFSET; 448 uint8_t reg_offset = offset & TM_REG_OFFSET; 449 uint64_t mask = xive_tm_mask(offset, size, true); 450 int i; 451 452 /* 453 * Only 4 or 8 bytes stores are allowed and the User ring is 454 * excluded 455 */ 456 if (size < 4 || !mask || ring_offset == TM_QW0_USER) { 457 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid write access at TIMA @%" 458 HWADDR_PRIx" size %d\n", offset, size); 459 return; 460 } 461 462 /* 463 * Use the register offset for the raw values and filter out 464 * reserved values 465 */ 466 for (i = 0; i < size; i++) { 467 uint8_t byte_mask = (mask >> (8 * (size - i - 1))); 468 if (byte_mask) { 469 tctx->regs[reg_offset + i] = (value >> (8 * (size - i - 1))) & 470 byte_mask; 471 } 472 } 473 } 474 475 static uint64_t xive_tm_raw_read(XiveTCTX *tctx, hwaddr offset, unsigned size) 476 { 477 uint8_t ring_offset = offset & TM_RING_OFFSET; 478 uint8_t reg_offset = offset & TM_REG_OFFSET; 479 uint64_t mask = xive_tm_mask(offset, size, false); 480 uint64_t ret; 481 int i; 482 483 /* 484 * Only 4 or 8 bytes loads are allowed and the User ring is 485 * excluded 486 */ 487 if (size < 4 || !mask || ring_offset == TM_QW0_USER) { 488 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid read access at TIMA @%" 489 HWADDR_PRIx" size %d\n", offset, size); 490 return -1; 491 } 492 493 /* Use the register offset for the raw values */ 494 ret = 0; 495 for (i = 0; i < size; i++) { 496 ret |= (uint64_t) tctx->regs[reg_offset + i] << (8 * (size - i - 1)); 497 } 498 499 /* filter out reserved values */ 500 return ret & mask; 501 } 502 503 /* 504 * The TM context is mapped twice within each page. Stores and loads 505 * to the first mapping below 2K write and read the specified values 506 * without modification. The second mapping above 2K performs specific 507 * state changes (side effects) in addition to setting/returning the 508 * interrupt management area context of the processor thread. 509 */ 510 static uint64_t xive_tm_ack_os_reg(XivePresenter *xptr, XiveTCTX *tctx, 511 hwaddr offset, unsigned size) 512 { 513 return xive_tctx_accept(tctx, TM_QW1_OS); 514 } 515 516 static void xive_tm_set_os_cppr(XivePresenter *xptr, XiveTCTX *tctx, 517 hwaddr offset, uint64_t value, unsigned size) 518 { 519 xive_tctx_set_cppr(tctx, TM_QW1_OS, value & 0xff); 520 } 521 522 static void xive_tctx_set_lgs(XiveTCTX *tctx, uint8_t ring, uint8_t lgs) 523 { 524 uint8_t *regs = &tctx->regs[ring]; 525 526 regs[TM_LGS] = lgs; 527 } 528 529 static void xive_tm_set_os_lgs(XivePresenter *xptr, XiveTCTX *tctx, 530 hwaddr offset, uint64_t value, unsigned size) 531 { 532 xive_tctx_set_lgs(tctx, TM_QW1_OS, value & 0xff); 533 } 534 535 /* 536 * Adjust the PIPR to allow a CPU to process event queues of other 537 * priorities during one physical interrupt cycle. 538 */ 539 static void xive_tm_set_os_pending(XivePresenter *xptr, XiveTCTX *tctx, 540 hwaddr offset, uint64_t value, unsigned size) 541 { 542 uint8_t ring = TM_QW1_OS; 543 uint8_t *regs = &tctx->regs[ring]; 544 545 /* XXX: how should this work exactly? */ 546 regs[TM_IPB] |= xive_priority_to_ipb(value & 0xff); 547 xive_tctx_pipr_recompute_from_ipb(tctx, ring); 548 } 549 550 static void xive_os_cam_decode(uint32_t cam, uint8_t *nvt_blk, 551 uint32_t *nvt_idx, bool *vo) 552 { 553 if (nvt_blk) { 554 *nvt_blk = xive_nvt_blk(cam); 555 } 556 if (nvt_idx) { 557 *nvt_idx = xive_nvt_idx(cam); 558 } 559 if (vo) { 560 *vo = !!(cam & TM_QW1W2_VO); 561 } 562 } 563 564 static uint32_t xive_tctx_get_os_cam(XiveTCTX *tctx, uint8_t *nvt_blk, 565 uint32_t *nvt_idx, bool *vo) 566 { 567 uint32_t qw1w2 = xive_tctx_word2(&tctx->regs[TM_QW1_OS]); 568 uint32_t cam = be32_to_cpu(qw1w2); 569 570 xive_os_cam_decode(cam, nvt_blk, nvt_idx, vo); 571 return qw1w2; 572 } 573 574 static void xive_tctx_set_os_cam(XiveTCTX *tctx, uint32_t qw1w2) 575 { 576 memcpy(&tctx->regs[TM_QW1_OS + TM_WORD2], &qw1w2, 4); 577 } 578 579 static uint64_t xive_tm_pull_os_ctx(XivePresenter *xptr, XiveTCTX *tctx, 580 hwaddr offset, unsigned size) 581 { 582 uint32_t qw1w2; 583 uint32_t qw1w2_new; 584 uint8_t nvt_blk; 585 uint32_t nvt_idx; 586 bool vo; 587 588 qw1w2 = xive_tctx_get_os_cam(tctx, &nvt_blk, &nvt_idx, &vo); 589 590 if (!vo) { 591 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: pull invalid OS NVT %x/%x !?\n", 592 nvt_blk, nvt_idx); 593 } 594 595 /* Invalidate CAM line */ 596 qw1w2_new = xive_set_field32(TM_QW1W2_VO, qw1w2, 0); 597 xive_tctx_set_os_cam(tctx, qw1w2_new); 598 599 xive_tctx_reset_signal(tctx, TM_QW1_OS); 600 return qw1w2; 601 } 602 603 static void xive_tctx_need_resend(XiveRouter *xrtr, XiveTCTX *tctx, 604 uint8_t nvt_blk, uint32_t nvt_idx) 605 { 606 XiveNVT nvt; 607 uint8_t ipb; 608 609 /* 610 * Grab the associated NVT to pull the pending bits, and merge 611 * them with the IPB of the thread interrupt context registers 612 */ 613 if (xive_router_get_nvt(xrtr, nvt_blk, nvt_idx, &nvt)) { 614 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid NVT %x/%x\n", 615 nvt_blk, nvt_idx); 616 return; 617 } 618 619 ipb = xive_get_field32(NVT_W4_IPB, nvt.w4); 620 621 if (ipb) { 622 /* Reset the NVT value */ 623 nvt.w4 = xive_set_field32(NVT_W4_IPB, nvt.w4, 0); 624 xive_router_write_nvt(xrtr, nvt_blk, nvt_idx, &nvt, 4); 625 626 uint8_t *regs = &tctx->regs[TM_QW1_OS]; 627 regs[TM_IPB] |= ipb; 628 } 629 630 /* 631 * Always call xive_tctx_recompute_from_ipb(). Even if there were no 632 * escalation triggered, there could be a pending interrupt which 633 * was saved when the context was pulled and that we need to take 634 * into account by recalculating the PIPR (which is not 635 * saved/restored). 636 * It will also raise the External interrupt signal if needed. 637 */ 638 xive_tctx_pipr_recompute_from_ipb(tctx, TM_QW1_OS); /* fxb */ 639 } 640 641 /* 642 * Updating the OS CAM line can trigger a resend of interrupt 643 */ 644 static void xive_tm_push_os_ctx(XivePresenter *xptr, XiveTCTX *tctx, 645 hwaddr offset, uint64_t value, unsigned size) 646 { 647 uint32_t cam = value; 648 uint32_t qw1w2 = cpu_to_be32(cam); 649 uint8_t nvt_blk; 650 uint32_t nvt_idx; 651 bool vo; 652 653 xive_os_cam_decode(cam, &nvt_blk, &nvt_idx, &vo); 654 655 /* First update the registers */ 656 xive_tctx_set_os_cam(tctx, qw1w2); 657 658 /* Check the interrupt pending bits */ 659 if (vo) { 660 xive_tctx_need_resend(XIVE_ROUTER(xptr), tctx, nvt_blk, nvt_idx); 661 } 662 } 663 664 static uint32_t xive_presenter_get_config(XivePresenter *xptr) 665 { 666 XivePresenterClass *xpc = XIVE_PRESENTER_GET_CLASS(xptr); 667 668 return xpc->get_config(xptr); 669 } 670 671 /* 672 * Define a mapping of "special" operations depending on the TIMA page 673 * offset and the size of the operation. 674 */ 675 typedef struct XiveTmOp { 676 uint8_t page_offset; 677 uint32_t op_offset; 678 unsigned size; 679 bool hw_ok; 680 bool sw_ok; 681 void (*write_handler)(XivePresenter *xptr, XiveTCTX *tctx, 682 hwaddr offset, 683 uint64_t value, unsigned size); 684 uint64_t (*read_handler)(XivePresenter *xptr, XiveTCTX *tctx, hwaddr offset, 685 unsigned size); 686 } XiveTmOp; 687 688 static const XiveTmOp xive_tm_operations[] = { 689 /* 690 * MMIOs below 2K : raw values and special operations without side 691 * effects 692 */ 693 { XIVE_TM_OS_PAGE, TM_QW1_OS + TM_CPPR, 1, true, true, 694 xive_tm_set_os_cppr, NULL }, 695 { XIVE_TM_HV_PAGE, TM_QW1_OS + TM_WORD2, 4, true, true, 696 xive_tm_push_os_ctx, NULL }, 697 { XIVE_TM_HV_PAGE, TM_QW3_HV_PHYS + TM_CPPR, 1, true, true, 698 xive_tm_set_hv_cppr, NULL }, 699 { XIVE_TM_HV_PAGE, TM_QW3_HV_PHYS + TM_WORD2, 1, false, true, 700 xive_tm_vt_push, NULL }, 701 { XIVE_TM_HV_PAGE, TM_QW3_HV_PHYS + TM_WORD2, 1, true, true, 702 NULL, xive_tm_vt_poll }, 703 704 /* MMIOs above 2K : special operations with side effects */ 705 { XIVE_TM_OS_PAGE, TM_SPC_ACK_OS_REG, 2, true, false, 706 NULL, xive_tm_ack_os_reg }, 707 { XIVE_TM_OS_PAGE, TM_SPC_SET_OS_PENDING, 1, true, false, 708 xive_tm_set_os_pending, NULL }, 709 { XIVE_TM_HV_PAGE, TM_SPC_PULL_OS_CTX, 4, true, false, 710 NULL, xive_tm_pull_os_ctx }, 711 { XIVE_TM_HV_PAGE, TM_SPC_PULL_OS_CTX, 8, true, false, 712 NULL, xive_tm_pull_os_ctx }, 713 { XIVE_TM_HV_PAGE, TM_SPC_ACK_HV_REG, 2, true, false, 714 NULL, xive_tm_ack_hv_reg }, 715 { XIVE_TM_HV_PAGE, TM_SPC_PULL_POOL_CTX, 4, true, false, 716 NULL, xive_tm_pull_pool_ctx }, 717 { XIVE_TM_HV_PAGE, TM_SPC_PULL_POOL_CTX, 8, true, false, 718 NULL, xive_tm_pull_pool_ctx }, 719 { XIVE_TM_HV_PAGE, TM_SPC_PULL_PHYS_CTX, 1, true, false, 720 NULL, xive_tm_pull_phys_ctx }, 721 }; 722 723 static const XiveTmOp xive2_tm_operations[] = { 724 /* 725 * MMIOs below 2K : raw values and special operations without side 726 * effects 727 */ 728 { XIVE_TM_OS_PAGE, TM_QW1_OS + TM_CPPR, 1, true, true, 729 xive2_tm_set_os_cppr, NULL }, 730 { XIVE_TM_HV_PAGE, TM_QW1_OS + TM_WORD2, 4, true, true, 731 xive2_tm_push_os_ctx, NULL }, 732 { XIVE_TM_HV_PAGE, TM_QW1_OS + TM_WORD2, 8, true, true, 733 xive2_tm_push_os_ctx, NULL }, 734 { XIVE_TM_OS_PAGE, TM_QW1_OS + TM_LGS, 1, true, true, 735 xive_tm_set_os_lgs, NULL }, 736 { XIVE_TM_HV_PAGE, TM_QW2_HV_POOL + TM_WORD2, 4, true, true, 737 xive2_tm_push_pool_ctx, NULL }, 738 { XIVE_TM_HV_PAGE, TM_QW2_HV_POOL + TM_WORD2, 8, true, true, 739 xive2_tm_push_pool_ctx, NULL }, 740 { XIVE_TM_HV_PAGE, TM_QW3_HV_PHYS + TM_CPPR, 1, true, true, 741 xive2_tm_set_hv_cppr, NULL }, 742 { XIVE_TM_HV_PAGE, TM_QW3_HV_PHYS + TM_WORD2, 1, true, true, 743 NULL, xive_tm_vt_poll }, 744 { XIVE_TM_HV_PAGE, TM_QW3_HV_PHYS + TM_T, 1, true, true, 745 xive2_tm_set_hv_target, NULL }, 746 747 /* MMIOs above 2K : special operations with side effects */ 748 { XIVE_TM_OS_PAGE, TM_SPC_ACK_OS_REG, 2, true, false, 749 NULL, xive_tm_ack_os_reg }, 750 { XIVE_TM_OS_PAGE, TM_SPC_SET_OS_PENDING, 1, true, false, 751 xive2_tm_set_os_pending, NULL }, 752 { XIVE_TM_HV_PAGE, TM_SPC_PULL_OS_CTX_G2, 4, true, false, 753 NULL, xive2_tm_pull_os_ctx }, 754 { XIVE_TM_HV_PAGE, TM_SPC_PULL_OS_CTX, 4, true, false, 755 NULL, xive2_tm_pull_os_ctx }, 756 { XIVE_TM_HV_PAGE, TM_SPC_PULL_OS_CTX, 8, true, false, 757 NULL, xive2_tm_pull_os_ctx }, 758 { XIVE_TM_HV_PAGE, TM_SPC_ACK_HV_REG, 2, true, false, 759 NULL, xive_tm_ack_hv_reg }, 760 { XIVE_TM_HV_PAGE, TM_SPC_PULL_POOL_CTX_G2, 4, true, false, 761 NULL, xive2_tm_pull_pool_ctx }, 762 { XIVE_TM_HV_PAGE, TM_SPC_PULL_POOL_CTX, 4, true, false, 763 NULL, xive2_tm_pull_pool_ctx }, 764 { XIVE_TM_HV_PAGE, TM_SPC_PULL_POOL_CTX, 8, true, false, 765 NULL, xive2_tm_pull_pool_ctx }, 766 { XIVE_TM_HV_PAGE, TM_SPC_PULL_OS_CTX_OL, 1, true, false, 767 xive2_tm_pull_os_ctx_ol, NULL }, 768 { XIVE_TM_HV_PAGE, TM_SPC_PULL_PHYS_CTX_G2, 4, true, false, 769 NULL, xive2_tm_pull_phys_ctx }, 770 { XIVE_TM_HV_PAGE, TM_SPC_PULL_PHYS_CTX, 1, true, false, 771 NULL, xive2_tm_pull_phys_ctx }, 772 { XIVE_TM_HV_PAGE, TM_SPC_PULL_PHYS_CTX_OL, 1, true, false, 773 xive2_tm_pull_phys_ctx_ol, NULL }, 774 { XIVE_TM_OS_PAGE, TM_SPC_ACK_OS_EL, 1, true, false, 775 xive2_tm_ack_os_el, NULL }, 776 }; 777 778 static const XiveTmOp *xive_tm_find_op(XivePresenter *xptr, hwaddr offset, 779 unsigned size, bool write) 780 { 781 uint8_t page_offset = (offset >> TM_SHIFT) & 0x3; 782 uint32_t op_offset = offset & TM_ADDRESS_MASK; 783 const XiveTmOp *tm_ops; 784 int i, tm_ops_count; 785 uint32_t cfg; 786 787 cfg = xive_presenter_get_config(xptr); 788 if (cfg & XIVE_PRESENTER_GEN1_TIMA_OS) { 789 tm_ops = xive_tm_operations; 790 tm_ops_count = ARRAY_SIZE(xive_tm_operations); 791 } else { 792 tm_ops = xive2_tm_operations; 793 tm_ops_count = ARRAY_SIZE(xive2_tm_operations); 794 } 795 796 for (i = 0; i < tm_ops_count; i++) { 797 const XiveTmOp *xto = &tm_ops[i]; 798 799 /* Accesses done from a more privileged TIMA page is allowed */ 800 if (xto->page_offset >= page_offset && 801 xto->op_offset == op_offset && 802 xto->size == size && 803 ((write && xto->write_handler) || (!write && xto->read_handler))) { 804 return xto; 805 } 806 } 807 return NULL; 808 } 809 810 /* 811 * TIMA MMIO handlers 812 */ 813 void xive_tctx_tm_write(XivePresenter *xptr, XiveTCTX *tctx, hwaddr offset, 814 uint64_t value, unsigned size) 815 { 816 const XiveTmOp *xto; 817 uint8_t ring = offset & TM_RING_OFFSET; 818 bool is_valid = xive_ring_valid(tctx, ring); 819 bool hw_owned = is_valid; 820 821 trace_xive_tctx_tm_write(tctx->cs->cpu_index, offset, size, value); 822 823 /* 824 * First, check for special operations in the 2K region 825 */ 826 xto = xive_tm_find_op(tctx->xptr, offset, size, true); 827 if (xto) { 828 if (hw_owned && !xto->hw_ok) { 829 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: undefined write to HW TIMA " 830 "@%"HWADDR_PRIx" size %d\n", offset, size); 831 } 832 if (!hw_owned && !xto->sw_ok) { 833 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: undefined write to SW TIMA " 834 "@%"HWADDR_PRIx" size %d\n", offset, size); 835 } 836 } 837 838 if (offset & TM_SPECIAL_OP) { 839 if (!xto) { 840 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid write access at TIMA " 841 "@%"HWADDR_PRIx" size %d\n", offset, size); 842 } else { 843 xto->write_handler(xptr, tctx, offset, value, size); 844 } 845 return; 846 } 847 848 /* 849 * Then, for special operations in the region below 2K. 850 */ 851 if (xto) { 852 xto->write_handler(xptr, tctx, offset, value, size); 853 return; 854 } 855 856 /* 857 * Finish with raw access to the register values 858 */ 859 if (hw_owned) { 860 /* Store context operations are dangerous when context is valid */ 861 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: undefined write to HW TIMA " 862 "@%"HWADDR_PRIx" size %d\n", offset, size); 863 } 864 xive_tm_raw_write(tctx, offset, value, size); 865 } 866 867 uint64_t xive_tctx_tm_read(XivePresenter *xptr, XiveTCTX *tctx, hwaddr offset, 868 unsigned size) 869 { 870 const XiveTmOp *xto; 871 uint8_t ring = offset & TM_RING_OFFSET; 872 bool is_valid = xive_ring_valid(tctx, ring); 873 bool hw_owned = is_valid; 874 uint64_t ret; 875 876 xto = xive_tm_find_op(tctx->xptr, offset, size, false); 877 if (xto) { 878 if (hw_owned && !xto->hw_ok) { 879 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: undefined read to HW TIMA " 880 "@%"HWADDR_PRIx" size %d\n", offset, size); 881 } 882 if (!hw_owned && !xto->sw_ok) { 883 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: undefined read to SW TIMA " 884 "@%"HWADDR_PRIx" size %d\n", offset, size); 885 } 886 } 887 888 /* 889 * First, check for special operations in the 2K region 890 */ 891 if (offset & TM_SPECIAL_OP) { 892 if (!xto) { 893 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid read access to TIMA" 894 "@%"HWADDR_PRIx" size %d\n", offset, size); 895 return -1; 896 } 897 ret = xto->read_handler(xptr, tctx, offset, size); 898 goto out; 899 } 900 901 /* 902 * Then, for special operations in the region below 2K. 903 */ 904 if (xto) { 905 ret = xto->read_handler(xptr, tctx, offset, size); 906 goto out; 907 } 908 909 /* 910 * Finish with raw access to the register values 911 */ 912 ret = xive_tm_raw_read(tctx, offset, size); 913 out: 914 trace_xive_tctx_tm_read(tctx->cs->cpu_index, offset, size, ret); 915 return ret; 916 } 917 918 static char *xive_tctx_ring_print(uint8_t *ring) 919 { 920 uint32_t w2 = xive_tctx_word2(ring); 921 922 return g_strdup_printf("%02x %02x %02x %02x %02x " 923 "%02x %02x %02x %08x", 924 ring[TM_NSR], ring[TM_CPPR], ring[TM_IPB], ring[TM_LSMFB], 925 ring[TM_ACK_CNT], ring[TM_INC], ring[TM_AGE], ring[TM_PIPR], 926 be32_to_cpu(w2)); 927 } 928 929 static const char * const xive_tctx_ring_names[] = { 930 "USER", "OS", "POOL", "PHYS", 931 }; 932 933 /* 934 * kvm_irqchip_in_kernel() will cause the compiler to turn this 935 * info a nop if CONFIG_KVM isn't defined. 936 */ 937 #define xive_in_kernel(xptr) \ 938 (kvm_irqchip_in_kernel() && \ 939 ({ \ 940 XivePresenterClass *xpc = XIVE_PRESENTER_GET_CLASS(xptr); \ 941 xpc->in_kernel ? xpc->in_kernel(xptr) : false; \ 942 })) 943 944 void xive_tctx_pic_print_info(XiveTCTX *tctx, GString *buf) 945 { 946 int cpu_index; 947 int i; 948 949 /* Skip partially initialized vCPUs. This can happen on sPAPR when vCPUs 950 * are hot plugged or unplugged. 951 */ 952 if (!tctx) { 953 return; 954 } 955 956 cpu_index = tctx->cs ? tctx->cs->cpu_index : -1; 957 958 if (xive_in_kernel(tctx->xptr)) { 959 Error *local_err = NULL; 960 961 kvmppc_xive_cpu_synchronize_state(tctx, &local_err); 962 if (local_err) { 963 error_report_err(local_err); 964 return; 965 } 966 } 967 968 if (xive_presenter_get_config(tctx->xptr) & XIVE_PRESENTER_GEN1_TIMA_OS) { 969 g_string_append_printf(buf, "CPU[%04x]: " 970 "QW NSR CPPR IPB LSMFB ACK# INC AGE PIPR" 971 " W2\n", cpu_index); 972 } else { 973 g_string_append_printf(buf, "CPU[%04x]: " 974 "QW NSR CPPR IPB LSMFB - LGS T PIPR" 975 " W2\n", cpu_index); 976 } 977 978 for (i = 0; i < XIVE_TM_RING_COUNT; i++) { 979 char *s = xive_tctx_ring_print(&tctx->regs[i * XIVE_TM_RING_SIZE]); 980 g_string_append_printf(buf, "CPU[%04x]: %4s %s\n", 981 cpu_index, xive_tctx_ring_names[i], s); 982 g_free(s); 983 } 984 } 985 986 void xive_tctx_reset(XiveTCTX *tctx) 987 { 988 memset(tctx->regs, 0, sizeof(tctx->regs)); 989 990 /* Set some defaults */ 991 tctx->regs[TM_QW1_OS + TM_LSMFB] = 0xFF; 992 tctx->regs[TM_QW1_OS + TM_ACK_CNT] = 0xFF; 993 tctx->regs[TM_QW1_OS + TM_AGE] = 0xFF; 994 if (!(xive_presenter_get_config(tctx->xptr) & 995 XIVE_PRESENTER_GEN1_TIMA_OS)) { 996 tctx->regs[TM_QW1_OS + TM_OGEN] = 2; 997 } 998 999 /* 1000 * Initialize PIPR to 0xFF to avoid phantom interrupts when the 1001 * CPPR is first set. 1002 */ 1003 tctx->regs[TM_QW1_OS + TM_PIPR] = 1004 xive_ipb_to_pipr(tctx->regs[TM_QW1_OS + TM_IPB]); 1005 tctx->regs[TM_QW3_HV_PHYS + TM_PIPR] = 1006 xive_ipb_to_pipr(tctx->regs[TM_QW3_HV_PHYS + TM_IPB]); 1007 } 1008 1009 static void xive_tctx_realize(DeviceState *dev, Error **errp) 1010 { 1011 XiveTCTX *tctx = XIVE_TCTX(dev); 1012 PowerPCCPU *cpu; 1013 CPUPPCState *env; 1014 1015 assert(tctx->cs); 1016 assert(tctx->xptr); 1017 1018 cpu = POWERPC_CPU(tctx->cs); 1019 env = &cpu->env; 1020 switch (PPC_INPUT(env)) { 1021 case PPC_FLAGS_INPUT_POWER9: 1022 tctx->hv_output = qdev_get_gpio_in(DEVICE(cpu), POWER9_INPUT_HINT); 1023 tctx->os_output = qdev_get_gpio_in(DEVICE(cpu), POWER9_INPUT_INT); 1024 break; 1025 1026 default: 1027 error_setg(errp, "XIVE interrupt controller does not support " 1028 "this CPU bus model"); 1029 return; 1030 } 1031 1032 /* Connect the presenter to the VCPU (required for CPU hotplug) */ 1033 if (xive_in_kernel(tctx->xptr)) { 1034 if (kvmppc_xive_cpu_connect(tctx, errp) < 0) { 1035 return; 1036 } 1037 } 1038 } 1039 1040 static int vmstate_xive_tctx_pre_save(void *opaque) 1041 { 1042 XiveTCTX *tctx = XIVE_TCTX(opaque); 1043 Error *local_err = NULL; 1044 int ret; 1045 1046 if (xive_in_kernel(tctx->xptr)) { 1047 ret = kvmppc_xive_cpu_get_state(tctx, &local_err); 1048 if (ret < 0) { 1049 error_report_err(local_err); 1050 return ret; 1051 } 1052 } 1053 1054 return 0; 1055 } 1056 1057 static int vmstate_xive_tctx_post_load(void *opaque, int version_id) 1058 { 1059 XiveTCTX *tctx = XIVE_TCTX(opaque); 1060 Error *local_err = NULL; 1061 int ret; 1062 1063 if (xive_in_kernel(tctx->xptr)) { 1064 /* 1065 * Required for hotplugged CPU, for which the state comes 1066 * after all states of the machine. 1067 */ 1068 ret = kvmppc_xive_cpu_set_state(tctx, &local_err); 1069 if (ret < 0) { 1070 error_report_err(local_err); 1071 return ret; 1072 } 1073 } 1074 1075 return 0; 1076 } 1077 1078 static const VMStateDescription vmstate_xive_tctx = { 1079 .name = TYPE_XIVE_TCTX, 1080 .version_id = 1, 1081 .minimum_version_id = 1, 1082 .pre_save = vmstate_xive_tctx_pre_save, 1083 .post_load = vmstate_xive_tctx_post_load, 1084 .fields = (const VMStateField[]) { 1085 VMSTATE_BUFFER(regs, XiveTCTX), 1086 VMSTATE_END_OF_LIST() 1087 }, 1088 }; 1089 1090 static const Property xive_tctx_properties[] = { 1091 DEFINE_PROP_LINK("cpu", XiveTCTX, cs, TYPE_CPU, CPUState *), 1092 DEFINE_PROP_LINK("presenter", XiveTCTX, xptr, TYPE_XIVE_PRESENTER, 1093 XivePresenter *), 1094 }; 1095 1096 static void xive_tctx_class_init(ObjectClass *klass, const void *data) 1097 { 1098 DeviceClass *dc = DEVICE_CLASS(klass); 1099 1100 dc->desc = "XIVE Interrupt Thread Context"; 1101 dc->realize = xive_tctx_realize; 1102 dc->vmsd = &vmstate_xive_tctx; 1103 device_class_set_props(dc, xive_tctx_properties); 1104 /* 1105 * Reason: part of XIVE interrupt controller, needs to be wired up 1106 * by xive_tctx_create(). 1107 */ 1108 dc->user_creatable = false; 1109 } 1110 1111 static const TypeInfo xive_tctx_info = { 1112 .name = TYPE_XIVE_TCTX, 1113 .parent = TYPE_DEVICE, 1114 .instance_size = sizeof(XiveTCTX), 1115 .class_init = xive_tctx_class_init, 1116 }; 1117 1118 Object *xive_tctx_create(Object *cpu, XivePresenter *xptr, Error **errp) 1119 { 1120 Object *obj; 1121 1122 obj = object_new(TYPE_XIVE_TCTX); 1123 object_property_add_child(cpu, TYPE_XIVE_TCTX, obj); 1124 object_unref(obj); 1125 object_property_set_link(obj, "cpu", cpu, &error_abort); 1126 object_property_set_link(obj, "presenter", OBJECT(xptr), &error_abort); 1127 if (!qdev_realize(DEVICE(obj), NULL, errp)) { 1128 object_unparent(obj); 1129 return NULL; 1130 } 1131 return obj; 1132 } 1133 1134 void xive_tctx_destroy(XiveTCTX *tctx) 1135 { 1136 Object *obj = OBJECT(tctx); 1137 1138 object_unparent(obj); 1139 } 1140 1141 /* 1142 * XIVE ESB helpers 1143 */ 1144 1145 uint8_t xive_esb_set(uint8_t *pq, uint8_t value) 1146 { 1147 uint8_t old_pq = *pq & 0x3; 1148 1149 *pq &= ~0x3; 1150 *pq |= value & 0x3; 1151 1152 return old_pq; 1153 } 1154 1155 bool xive_esb_trigger(uint8_t *pq) 1156 { 1157 uint8_t old_pq = *pq & 0x3; 1158 1159 switch (old_pq) { 1160 case XIVE_ESB_RESET: 1161 xive_esb_set(pq, XIVE_ESB_PENDING); 1162 return true; 1163 case XIVE_ESB_PENDING: 1164 case XIVE_ESB_QUEUED: 1165 xive_esb_set(pq, XIVE_ESB_QUEUED); 1166 return false; 1167 case XIVE_ESB_OFF: 1168 xive_esb_set(pq, XIVE_ESB_OFF); 1169 return false; 1170 default: 1171 g_assert_not_reached(); 1172 } 1173 } 1174 1175 bool xive_esb_eoi(uint8_t *pq) 1176 { 1177 uint8_t old_pq = *pq & 0x3; 1178 1179 switch (old_pq) { 1180 case XIVE_ESB_RESET: 1181 case XIVE_ESB_PENDING: 1182 xive_esb_set(pq, XIVE_ESB_RESET); 1183 return false; 1184 case XIVE_ESB_QUEUED: 1185 xive_esb_set(pq, XIVE_ESB_PENDING); 1186 return true; 1187 case XIVE_ESB_OFF: 1188 xive_esb_set(pq, XIVE_ESB_OFF); 1189 return false; 1190 default: 1191 g_assert_not_reached(); 1192 } 1193 } 1194 1195 /* 1196 * XIVE Interrupt Source (or IVSE) 1197 */ 1198 1199 uint8_t xive_source_esb_get(XiveSource *xsrc, uint32_t srcno) 1200 { 1201 assert(srcno < xsrc->nr_irqs); 1202 1203 return xsrc->status[srcno] & 0x3; 1204 } 1205 1206 uint8_t xive_source_esb_set(XiveSource *xsrc, uint32_t srcno, uint8_t pq) 1207 { 1208 assert(srcno < xsrc->nr_irqs); 1209 1210 return xive_esb_set(&xsrc->status[srcno], pq); 1211 } 1212 1213 /* 1214 * Returns whether the event notification should be forwarded. 1215 */ 1216 static bool xive_source_lsi_trigger(XiveSource *xsrc, uint32_t srcno) 1217 { 1218 uint8_t old_pq = xive_source_esb_get(xsrc, srcno); 1219 1220 xive_source_set_asserted(xsrc, srcno, true); 1221 1222 switch (old_pq) { 1223 case XIVE_ESB_RESET: 1224 xive_source_esb_set(xsrc, srcno, XIVE_ESB_PENDING); 1225 return true; 1226 default: 1227 return false; 1228 } 1229 } 1230 1231 /* 1232 * Sources can be configured with PQ offloading in which case the check 1233 * on the PQ state bits of MSIs is disabled 1234 */ 1235 static bool xive_source_esb_disabled(XiveSource *xsrc, uint32_t srcno) 1236 { 1237 return (xsrc->esb_flags & XIVE_SRC_PQ_DISABLE) && 1238 !xive_source_irq_is_lsi(xsrc, srcno); 1239 } 1240 1241 /* 1242 * Returns whether the event notification should be forwarded. 1243 */ 1244 static bool xive_source_esb_trigger(XiveSource *xsrc, uint32_t srcno) 1245 { 1246 bool ret; 1247 1248 assert(srcno < xsrc->nr_irqs); 1249 1250 if (xive_source_esb_disabled(xsrc, srcno)) { 1251 return true; 1252 } 1253 1254 ret = xive_esb_trigger(&xsrc->status[srcno]); 1255 1256 if (xive_source_irq_is_lsi(xsrc, srcno) && 1257 xive_source_esb_get(xsrc, srcno) == XIVE_ESB_QUEUED) { 1258 qemu_log_mask(LOG_GUEST_ERROR, 1259 "XIVE: queued an event on LSI IRQ %d\n", srcno); 1260 } 1261 1262 return ret; 1263 } 1264 1265 /* 1266 * Returns whether the event notification should be forwarded. 1267 */ 1268 static bool xive_source_esb_eoi(XiveSource *xsrc, uint32_t srcno) 1269 { 1270 bool ret; 1271 1272 assert(srcno < xsrc->nr_irqs); 1273 1274 if (xive_source_esb_disabled(xsrc, srcno)) { 1275 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid EOI for IRQ %d\n", srcno); 1276 return false; 1277 } 1278 1279 ret = xive_esb_eoi(&xsrc->status[srcno]); 1280 1281 /* 1282 * LSI sources do not set the Q bit but they can still be 1283 * asserted, in which case we should forward a new event 1284 * notification 1285 */ 1286 if (xive_source_irq_is_lsi(xsrc, srcno) && 1287 xive_source_is_asserted(xsrc, srcno)) { 1288 ret = xive_source_lsi_trigger(xsrc, srcno); 1289 } 1290 1291 return ret; 1292 } 1293 1294 /* 1295 * Forward the source event notification to the Router 1296 */ 1297 static void xive_source_notify(XiveSource *xsrc, int srcno) 1298 { 1299 XiveNotifierClass *xnc = XIVE_NOTIFIER_GET_CLASS(xsrc->xive); 1300 bool pq_checked = !xive_source_esb_disabled(xsrc, srcno); 1301 1302 if (xnc->notify) { 1303 xnc->notify(xsrc->xive, srcno, pq_checked); 1304 } 1305 } 1306 1307 /* 1308 * In a two pages ESB MMIO setting, even page is the trigger page, odd 1309 * page is for management 1310 */ 1311 static inline bool addr_is_even(hwaddr addr, uint32_t shift) 1312 { 1313 return !((addr >> shift) & 1); 1314 } 1315 1316 static inline bool xive_source_is_trigger_page(XiveSource *xsrc, hwaddr addr) 1317 { 1318 return xive_source_esb_has_2page(xsrc) && 1319 addr_is_even(addr, xsrc->esb_shift - 1); 1320 } 1321 1322 /* 1323 * ESB MMIO loads 1324 * Trigger page Management/EOI page 1325 * 1326 * ESB MMIO setting 2 pages 1 or 2 pages 1327 * 1328 * 0x000 .. 0x3FF -1 EOI and return 0|1 1329 * 0x400 .. 0x7FF -1 EOI and return 0|1 1330 * 0x800 .. 0xBFF -1 return PQ 1331 * 0xC00 .. 0xCFF -1 return PQ and atomically PQ=00 1332 * 0xD00 .. 0xDFF -1 return PQ and atomically PQ=01 1333 * 0xE00 .. 0xDFF -1 return PQ and atomically PQ=10 1334 * 0xF00 .. 0xDFF -1 return PQ and atomically PQ=11 1335 */ 1336 static uint64_t xive_source_esb_read(void *opaque, hwaddr addr, unsigned size) 1337 { 1338 XiveSource *xsrc = XIVE_SOURCE(opaque); 1339 uint32_t offset = addr & 0xFFF; 1340 uint32_t srcno = addr >> xsrc->esb_shift; 1341 uint64_t ret = -1; 1342 1343 /* In a two pages ESB MMIO setting, trigger page should not be read */ 1344 if (xive_source_is_trigger_page(xsrc, addr)) { 1345 qemu_log_mask(LOG_GUEST_ERROR, 1346 "XIVE: invalid load on IRQ %d trigger page at " 1347 "0x%"HWADDR_PRIx"\n", srcno, addr); 1348 return -1; 1349 } 1350 1351 switch (offset) { 1352 case XIVE_ESB_LOAD_EOI ... XIVE_ESB_LOAD_EOI + 0x7FF: 1353 ret = xive_source_esb_eoi(xsrc, srcno); 1354 1355 /* Forward the source event notification for routing */ 1356 if (ret) { 1357 trace_xive_source_notify(srcno); 1358 xive_source_notify(xsrc, srcno); 1359 } 1360 break; 1361 1362 case XIVE_ESB_GET ... XIVE_ESB_GET + 0x3FF: 1363 ret = xive_source_esb_get(xsrc, srcno); 1364 break; 1365 1366 case XIVE_ESB_SET_PQ_00 ... XIVE_ESB_SET_PQ_00 + 0x0FF: 1367 case XIVE_ESB_SET_PQ_01 ... XIVE_ESB_SET_PQ_01 + 0x0FF: 1368 case XIVE_ESB_SET_PQ_10 ... XIVE_ESB_SET_PQ_10 + 0x0FF: 1369 case XIVE_ESB_SET_PQ_11 ... XIVE_ESB_SET_PQ_11 + 0x0FF: 1370 ret = xive_source_esb_set(xsrc, srcno, (offset >> 8) & 0x3); 1371 break; 1372 default: 1373 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid ESB load addr %x\n", 1374 offset); 1375 } 1376 1377 trace_xive_source_esb_read(addr, srcno, ret); 1378 1379 return ret; 1380 } 1381 1382 /* 1383 * ESB MMIO stores 1384 * Trigger page Management/EOI page 1385 * 1386 * ESB MMIO setting 2 pages 1 or 2 pages 1387 * 1388 * 0x000 .. 0x3FF Trigger Trigger 1389 * 0x400 .. 0x7FF Trigger EOI 1390 * 0x800 .. 0xBFF Trigger undefined 1391 * 0xC00 .. 0xCFF Trigger PQ=00 1392 * 0xD00 .. 0xDFF Trigger PQ=01 1393 * 0xE00 .. 0xDFF Trigger PQ=10 1394 * 0xF00 .. 0xDFF Trigger PQ=11 1395 */ 1396 static void xive_source_esb_write(void *opaque, hwaddr addr, 1397 uint64_t value, unsigned size) 1398 { 1399 XiveSource *xsrc = XIVE_SOURCE(opaque); 1400 uint32_t offset = addr & 0xFFF; 1401 uint32_t srcno = addr >> xsrc->esb_shift; 1402 bool notify = false; 1403 1404 trace_xive_source_esb_write(addr, srcno, value); 1405 1406 /* In a two pages ESB MMIO setting, trigger page only triggers */ 1407 if (xive_source_is_trigger_page(xsrc, addr)) { 1408 notify = xive_source_esb_trigger(xsrc, srcno); 1409 goto out; 1410 } 1411 1412 switch (offset) { 1413 case 0 ... 0x3FF: 1414 notify = xive_source_esb_trigger(xsrc, srcno); 1415 break; 1416 1417 case XIVE_ESB_STORE_EOI ... XIVE_ESB_STORE_EOI + 0x3FF: 1418 if (!(xsrc->esb_flags & XIVE_SRC_STORE_EOI)) { 1419 qemu_log_mask(LOG_GUEST_ERROR, 1420 "XIVE: invalid Store EOI for IRQ %d\n", srcno); 1421 return; 1422 } 1423 1424 notify = xive_source_esb_eoi(xsrc, srcno); 1425 break; 1426 1427 /* 1428 * This is an internal offset used to inject triggers when the PQ 1429 * state bits are not controlled locally. Such as for LSIs when 1430 * under ABT mode. 1431 */ 1432 case XIVE_ESB_INJECT ... XIVE_ESB_INJECT + 0x3FF: 1433 notify = true; 1434 break; 1435 1436 case XIVE_ESB_SET_PQ_00 ... XIVE_ESB_SET_PQ_00 + 0x0FF: 1437 case XIVE_ESB_SET_PQ_01 ... XIVE_ESB_SET_PQ_01 + 0x0FF: 1438 case XIVE_ESB_SET_PQ_10 ... XIVE_ESB_SET_PQ_10 + 0x0FF: 1439 case XIVE_ESB_SET_PQ_11 ... XIVE_ESB_SET_PQ_11 + 0x0FF: 1440 xive_source_esb_set(xsrc, srcno, (offset >> 8) & 0x3); 1441 break; 1442 1443 default: 1444 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid ESB write addr %x\n", 1445 offset); 1446 return; 1447 } 1448 1449 out: 1450 /* Forward the source event notification for routing */ 1451 if (notify) { 1452 xive_source_notify(xsrc, srcno); 1453 } else { 1454 trace_xive_source_blocked(srcno); 1455 } 1456 } 1457 1458 static const MemoryRegionOps xive_source_esb_ops = { 1459 .read = xive_source_esb_read, 1460 .write = xive_source_esb_write, 1461 .endianness = DEVICE_BIG_ENDIAN, 1462 .valid = { 1463 .min_access_size = 1, 1464 .max_access_size = 8, 1465 }, 1466 .impl = { 1467 .min_access_size = 1, 1468 .max_access_size = 8, 1469 }, 1470 }; 1471 1472 void xive_source_set_irq(void *opaque, int srcno, int val) 1473 { 1474 XiveSource *xsrc = XIVE_SOURCE(opaque); 1475 bool notify = false; 1476 1477 if (xive_source_irq_is_lsi(xsrc, srcno)) { 1478 if (val) { 1479 notify = xive_source_lsi_trigger(xsrc, srcno); 1480 } else { 1481 xive_source_set_asserted(xsrc, srcno, false); 1482 } 1483 } else { 1484 if (val) { 1485 notify = xive_source_esb_trigger(xsrc, srcno); 1486 } 1487 } 1488 1489 /* Forward the source event notification for routing */ 1490 if (notify) { 1491 xive_source_notify(xsrc, srcno); 1492 } 1493 } 1494 1495 void xive_source_pic_print_info(XiveSource *xsrc, uint32_t offset, GString *buf) 1496 { 1497 for (unsigned i = 0; i < xsrc->nr_irqs; i++) { 1498 uint8_t pq = xive_source_esb_get(xsrc, i); 1499 1500 if (pq == XIVE_ESB_OFF) { 1501 continue; 1502 } 1503 1504 g_string_append_printf(buf, " %08x %s %c%c%c\n", i + offset, 1505 xive_source_irq_is_lsi(xsrc, i) ? "LSI" : "MSI", 1506 pq & XIVE_ESB_VAL_P ? 'P' : '-', 1507 pq & XIVE_ESB_VAL_Q ? 'Q' : '-', 1508 xive_source_is_asserted(xsrc, i) ? 'A' : ' '); 1509 } 1510 } 1511 1512 static void xive_source_reset(void *dev) 1513 { 1514 XiveSource *xsrc = XIVE_SOURCE(dev); 1515 1516 /* Do not clear the LSI bitmap */ 1517 1518 memset(xsrc->status, xsrc->reset_pq, xsrc->nr_irqs); 1519 } 1520 1521 static void xive_source_realize(DeviceState *dev, Error **errp) 1522 { 1523 XiveSource *xsrc = XIVE_SOURCE(dev); 1524 uint64_t esb_len = xive_source_esb_len(xsrc); 1525 1526 assert(xsrc->xive); 1527 1528 if (!xsrc->nr_irqs) { 1529 error_setg(errp, "Number of interrupt needs to be greater than 0"); 1530 return; 1531 } 1532 1533 if (xsrc->esb_shift != XIVE_ESB_4K && 1534 xsrc->esb_shift != XIVE_ESB_4K_2PAGE && 1535 xsrc->esb_shift != XIVE_ESB_64K && 1536 xsrc->esb_shift != XIVE_ESB_64K_2PAGE) { 1537 error_setg(errp, "Invalid ESB shift setting"); 1538 return; 1539 } 1540 1541 xsrc->status = g_malloc0(xsrc->nr_irqs); 1542 xsrc->lsi_map = bitmap_new(xsrc->nr_irqs); 1543 1544 memory_region_init(&xsrc->esb_mmio, OBJECT(xsrc), "xive.esb", esb_len); 1545 memory_region_init_io(&xsrc->esb_mmio_emulated, OBJECT(xsrc), 1546 &xive_source_esb_ops, xsrc, "xive.esb-emulated", 1547 esb_len); 1548 memory_region_add_subregion(&xsrc->esb_mmio, 0, &xsrc->esb_mmio_emulated); 1549 1550 qemu_register_reset(xive_source_reset, dev); 1551 } 1552 1553 static const VMStateDescription vmstate_xive_source = { 1554 .name = TYPE_XIVE_SOURCE, 1555 .version_id = 1, 1556 .minimum_version_id = 1, 1557 .fields = (const VMStateField[]) { 1558 VMSTATE_UINT32_EQUAL(nr_irqs, XiveSource, NULL), 1559 VMSTATE_VBUFFER_UINT32(status, XiveSource, 1, NULL, nr_irqs), 1560 VMSTATE_END_OF_LIST() 1561 }, 1562 }; 1563 1564 /* 1565 * The default XIVE interrupt source setting for the ESB MMIOs is two 1566 * 64k pages without Store EOI, to be in sync with KVM. 1567 */ 1568 static const Property xive_source_properties[] = { 1569 DEFINE_PROP_UINT64("flags", XiveSource, esb_flags, 0), 1570 DEFINE_PROP_UINT32("nr-irqs", XiveSource, nr_irqs, 0), 1571 DEFINE_PROP_UINT32("shift", XiveSource, esb_shift, XIVE_ESB_64K_2PAGE), 1572 /* 1573 * By default, PQs are initialized to 0b01 (Q=1) which corresponds 1574 * to "ints off" 1575 */ 1576 DEFINE_PROP_UINT8("reset-pq", XiveSource, reset_pq, XIVE_ESB_OFF), 1577 DEFINE_PROP_LINK("xive", XiveSource, xive, TYPE_XIVE_NOTIFIER, 1578 XiveNotifier *), 1579 }; 1580 1581 static void xive_source_class_init(ObjectClass *klass, const void *data) 1582 { 1583 DeviceClass *dc = DEVICE_CLASS(klass); 1584 1585 dc->desc = "XIVE Interrupt Source"; 1586 device_class_set_props(dc, xive_source_properties); 1587 dc->realize = xive_source_realize; 1588 dc->vmsd = &vmstate_xive_source; 1589 /* 1590 * Reason: part of XIVE interrupt controller, needs to be wired up, 1591 * e.g. by spapr_xive_instance_init(). 1592 */ 1593 dc->user_creatable = false; 1594 } 1595 1596 static const TypeInfo xive_source_info = { 1597 .name = TYPE_XIVE_SOURCE, 1598 .parent = TYPE_DEVICE, 1599 .instance_size = sizeof(XiveSource), 1600 .class_init = xive_source_class_init, 1601 }; 1602 1603 /* 1604 * XiveEND helpers 1605 */ 1606 1607 void xive_end_queue_pic_print_info(XiveEND *end, uint32_t width, GString *buf) 1608 { 1609 uint64_t qaddr_base = xive_end_qaddr(end); 1610 uint32_t qsize = xive_get_field32(END_W0_QSIZE, end->w0); 1611 uint32_t qindex = xive_get_field32(END_W1_PAGE_OFF, end->w1); 1612 uint32_t qentries = 1 << (qsize + 10); 1613 int i; 1614 1615 /* 1616 * print out the [ (qindex - (width - 1)) .. (qindex + 1)] window 1617 */ 1618 g_string_append_printf(buf, " [ "); 1619 qindex = (qindex - (width - 1)) & (qentries - 1); 1620 for (i = 0; i < width; i++) { 1621 uint64_t qaddr = qaddr_base + (qindex << 2); 1622 uint32_t qdata = -1; 1623 1624 if (dma_memory_read(&address_space_memory, qaddr, 1625 &qdata, sizeof(qdata), MEMTXATTRS_UNSPECIFIED)) { 1626 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: failed to read EQ @0x%" 1627 HWADDR_PRIx "\n", qaddr); 1628 return; 1629 } 1630 g_string_append_printf(buf, "%s%08x ", i == width - 1 ? "^" : "", 1631 be32_to_cpu(qdata)); 1632 qindex = (qindex + 1) & (qentries - 1); 1633 } 1634 g_string_append_c(buf, ']'); 1635 } 1636 1637 void xive_end_pic_print_info(XiveEND *end, uint32_t end_idx, GString *buf) 1638 { 1639 uint64_t qaddr_base = xive_end_qaddr(end); 1640 uint32_t qindex = xive_get_field32(END_W1_PAGE_OFF, end->w1); 1641 uint32_t qgen = xive_get_field32(END_W1_GENERATION, end->w1); 1642 uint32_t qsize = xive_get_field32(END_W0_QSIZE, end->w0); 1643 uint32_t qentries = 1 << (qsize + 10); 1644 1645 uint32_t nvt_blk = xive_get_field32(END_W6_NVT_BLOCK, end->w6); 1646 uint32_t nvt_idx = xive_get_field32(END_W6_NVT_INDEX, end->w6); 1647 uint8_t priority = xive_get_field32(END_W7_F0_PRIORITY, end->w7); 1648 uint8_t pq; 1649 1650 if (!xive_end_is_valid(end)) { 1651 return; 1652 } 1653 1654 pq = xive_get_field32(END_W1_ESn, end->w1); 1655 1656 g_string_append_printf(buf, 1657 " %08x %c%c %c%c%c%c%c%c%c%c prio:%d nvt:%02x/%04x", 1658 end_idx, 1659 pq & XIVE_ESB_VAL_P ? 'P' : '-', 1660 pq & XIVE_ESB_VAL_Q ? 'Q' : '-', 1661 xive_end_is_valid(end) ? 'v' : '-', 1662 xive_end_is_enqueue(end) ? 'q' : '-', 1663 xive_end_is_notify(end) ? 'n' : '-', 1664 xive_end_is_backlog(end) ? 'b' : '-', 1665 xive_end_is_escalate(end) ? 'e' : '-', 1666 xive_end_is_uncond_escalation(end) ? 'u' : '-', 1667 xive_end_is_silent_escalation(end) ? 's' : '-', 1668 xive_end_is_firmware(end) ? 'f' : '-', 1669 priority, nvt_blk, nvt_idx); 1670 1671 if (qaddr_base) { 1672 g_string_append_printf(buf, " eq:@%08"PRIx64"% 6d/%5d ^%d", 1673 qaddr_base, qindex, qentries, qgen); 1674 xive_end_queue_pic_print_info(end, 6, buf); 1675 } 1676 g_string_append_c(buf, '\n'); 1677 } 1678 1679 static void xive_end_enqueue(XiveEND *end, uint32_t data) 1680 { 1681 uint64_t qaddr_base = xive_end_qaddr(end); 1682 uint32_t qsize = xive_get_field32(END_W0_QSIZE, end->w0); 1683 uint32_t qindex = xive_get_field32(END_W1_PAGE_OFF, end->w1); 1684 uint32_t qgen = xive_get_field32(END_W1_GENERATION, end->w1); 1685 1686 uint64_t qaddr = qaddr_base + (qindex << 2); 1687 uint32_t qdata = cpu_to_be32((qgen << 31) | (data & 0x7fffffff)); 1688 uint32_t qentries = 1 << (qsize + 10); 1689 1690 if (dma_memory_write(&address_space_memory, qaddr, 1691 &qdata, sizeof(qdata), MEMTXATTRS_UNSPECIFIED)) { 1692 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: failed to write END data @0x%" 1693 HWADDR_PRIx "\n", qaddr); 1694 return; 1695 } 1696 1697 qindex = (qindex + 1) & (qentries - 1); 1698 if (qindex == 0) { 1699 qgen ^= 1; 1700 end->w1 = xive_set_field32(END_W1_GENERATION, end->w1, qgen); 1701 } 1702 end->w1 = xive_set_field32(END_W1_PAGE_OFF, end->w1, qindex); 1703 } 1704 1705 void xive_end_eas_pic_print_info(XiveEND *end, uint32_t end_idx, GString *buf) 1706 { 1707 XiveEAS *eas = (XiveEAS *) &end->w4; 1708 uint8_t pq; 1709 1710 if (!xive_end_is_escalate(end)) { 1711 return; 1712 } 1713 1714 pq = xive_get_field32(END_W1_ESe, end->w1); 1715 1716 g_string_append_printf(buf, " %08x %c%c %c%c end:%02x/%04x data:%08x\n", 1717 end_idx, 1718 pq & XIVE_ESB_VAL_P ? 'P' : '-', 1719 pq & XIVE_ESB_VAL_Q ? 'Q' : '-', 1720 xive_eas_is_valid(eas) ? 'V' : ' ', 1721 xive_eas_is_masked(eas) ? 'M' : ' ', 1722 (uint8_t) xive_get_field64(EAS_END_BLOCK, eas->w), 1723 (uint32_t) xive_get_field64(EAS_END_INDEX, eas->w), 1724 (uint32_t) xive_get_field64(EAS_END_DATA, eas->w)); 1725 } 1726 1727 /* 1728 * XIVE Router (aka. Virtualization Controller or IVRE) 1729 */ 1730 1731 int xive_router_get_eas(XiveRouter *xrtr, uint8_t eas_blk, uint32_t eas_idx, 1732 XiveEAS *eas) 1733 { 1734 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr); 1735 1736 return xrc->get_eas(xrtr, eas_blk, eas_idx, eas); 1737 } 1738 1739 static 1740 int xive_router_get_pq(XiveRouter *xrtr, uint8_t eas_blk, uint32_t eas_idx, 1741 uint8_t *pq) 1742 { 1743 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr); 1744 1745 return xrc->get_pq(xrtr, eas_blk, eas_idx, pq); 1746 } 1747 1748 static 1749 int xive_router_set_pq(XiveRouter *xrtr, uint8_t eas_blk, uint32_t eas_idx, 1750 uint8_t *pq) 1751 { 1752 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr); 1753 1754 return xrc->set_pq(xrtr, eas_blk, eas_idx, pq); 1755 } 1756 1757 int xive_router_get_end(XiveRouter *xrtr, uint8_t end_blk, uint32_t end_idx, 1758 XiveEND *end) 1759 { 1760 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr); 1761 1762 return xrc->get_end(xrtr, end_blk, end_idx, end); 1763 } 1764 1765 int xive_router_write_end(XiveRouter *xrtr, uint8_t end_blk, uint32_t end_idx, 1766 XiveEND *end, uint8_t word_number) 1767 { 1768 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr); 1769 1770 return xrc->write_end(xrtr, end_blk, end_idx, end, word_number); 1771 } 1772 1773 int xive_router_get_nvt(XiveRouter *xrtr, uint8_t nvt_blk, uint32_t nvt_idx, 1774 XiveNVT *nvt) 1775 { 1776 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr); 1777 1778 return xrc->get_nvt(xrtr, nvt_blk, nvt_idx, nvt); 1779 } 1780 1781 int xive_router_write_nvt(XiveRouter *xrtr, uint8_t nvt_blk, uint32_t nvt_idx, 1782 XiveNVT *nvt, uint8_t word_number) 1783 { 1784 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr); 1785 1786 return xrc->write_nvt(xrtr, nvt_blk, nvt_idx, nvt, word_number); 1787 } 1788 1789 static int xive_router_get_block_id(XiveRouter *xrtr) 1790 { 1791 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr); 1792 1793 return xrc->get_block_id(xrtr); 1794 } 1795 1796 static void xive_router_realize(DeviceState *dev, Error **errp) 1797 { 1798 XiveRouter *xrtr = XIVE_ROUTER(dev); 1799 1800 assert(xrtr->xfb); 1801 } 1802 1803 static void xive_router_end_notify_handler(XiveRouter *xrtr, XiveEAS *eas) 1804 { 1805 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr); 1806 1807 return xrc->end_notify(xrtr, eas); 1808 } 1809 1810 /* 1811 * Encode the HW CAM line in the block group mode format : 1812 * 1813 * chip << 19 | 0000000 0 0001 thread (7Bit) 1814 */ 1815 static uint32_t xive_tctx_hw_cam_line(XivePresenter *xptr, XiveTCTX *tctx) 1816 { 1817 CPUPPCState *env = &POWERPC_CPU(tctx->cs)->env; 1818 uint32_t pir = env->spr_cb[SPR_PIR].default_value; 1819 uint8_t blk = xive_router_get_block_id(XIVE_ROUTER(xptr)); 1820 1821 return xive_nvt_cam_line(blk, 1 << 7 | (pir & 0x7f)); 1822 } 1823 1824 uint32_t xive_get_vpgroup_size(uint32_t nvp_index) 1825 { 1826 /* 1827 * Group size is a power of 2. The position of the first 0 1828 * (starting with the least significant bits) in the NVP index 1829 * gives the size of the group. 1830 */ 1831 int first_zero = cto32(nvp_index); 1832 if (first_zero >= 31) { 1833 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Invalid group index 0x%08x", 1834 nvp_index); 1835 return 0; 1836 } 1837 1838 return 1U << (first_zero + 1); 1839 } 1840 1841 uint8_t xive_get_group_level(bool crowd, bool ignore, 1842 uint32_t nvp_blk, uint32_t nvp_index) 1843 { 1844 int first_zero; 1845 uint8_t level; 1846 1847 if (!ignore) { 1848 g_assert(!crowd); 1849 return 0; 1850 } 1851 1852 first_zero = cto32(nvp_index); 1853 if (first_zero >= 31) { 1854 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Invalid group index 0x%08x", 1855 nvp_index); 1856 return 0; 1857 } 1858 1859 level = (first_zero + 1) & 0b1111; 1860 if (crowd) { 1861 uint32_t blk; 1862 1863 /* crowd level is bit position of first 0 from the right in nvp_blk */ 1864 first_zero = cto32(nvp_blk); 1865 if (first_zero >= 31) { 1866 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Invalid crowd block 0x%08x", 1867 nvp_blk); 1868 return 0; 1869 } 1870 blk = first_zero + 1; 1871 1872 /* 1873 * Supported crowd sizes are 2^1, 2^2, and 2^4. 2^3 is not supported. 1874 * HW will encode level 4 as the value 3. See xive2_pgofnext(). 1875 */ 1876 switch (blk) { 1877 case 1: 1878 case 2: 1879 break; 1880 case 4: 1881 blk = 3; 1882 break; 1883 default: 1884 g_assert_not_reached(); 1885 } 1886 1887 /* Crowd level bits reside in upper 2 bits of the 6 bit group level */ 1888 level |= blk << 4; 1889 } 1890 return level; 1891 } 1892 1893 /* 1894 * The thread context register words are in big-endian format. 1895 */ 1896 int xive_presenter_tctx_match(XivePresenter *xptr, XiveTCTX *tctx, 1897 uint8_t format, 1898 uint8_t nvt_blk, uint32_t nvt_idx, 1899 bool cam_ignore, uint32_t logic_serv) 1900 { 1901 uint32_t cam = xive_nvt_cam_line(nvt_blk, nvt_idx); 1902 uint32_t qw3w2 = xive_tctx_word2(&tctx->regs[TM_QW3_HV_PHYS]); 1903 uint32_t qw2w2 = xive_tctx_word2(&tctx->regs[TM_QW2_HV_POOL]); 1904 uint32_t qw1w2 = xive_tctx_word2(&tctx->regs[TM_QW1_OS]); 1905 uint32_t qw0w2 = xive_tctx_word2(&tctx->regs[TM_QW0_USER]); 1906 1907 /* 1908 * TODO (PowerNV): ignore mode. The low order bits of the NVT 1909 * identifier are ignored in the "CAM" match. 1910 */ 1911 1912 if (format == 0) { 1913 if (cam_ignore == true) { 1914 /* 1915 * F=0 & i=1: Logical server notification (bits ignored at 1916 * the end of the NVT identifier) 1917 */ 1918 qemu_log_mask(LOG_UNIMP, "XIVE: no support for LS NVT %x/%x\n", 1919 nvt_blk, nvt_idx); 1920 return -1; 1921 } 1922 1923 /* F=0 & i=0: Specific NVT notification */ 1924 1925 /* PHYS ring */ 1926 if ((be32_to_cpu(qw3w2) & TM_QW3W2_VT) && 1927 cam == xive_tctx_hw_cam_line(xptr, tctx)) { 1928 return TM_QW3_HV_PHYS; 1929 } 1930 1931 /* HV POOL ring */ 1932 if ((be32_to_cpu(qw2w2) & TM_QW2W2_VP) && 1933 cam == xive_get_field32(TM_QW2W2_POOL_CAM, qw2w2)) { 1934 return TM_QW2_HV_POOL; 1935 } 1936 1937 /* OS ring */ 1938 if ((be32_to_cpu(qw1w2) & TM_QW1W2_VO) && 1939 cam == xive_get_field32(TM_QW1W2_OS_CAM, qw1w2)) { 1940 return TM_QW1_OS; 1941 } 1942 } else { 1943 /* F=1 : User level Event-Based Branch (EBB) notification */ 1944 1945 /* USER ring */ 1946 if ((be32_to_cpu(qw1w2) & TM_QW1W2_VO) && 1947 (cam == xive_get_field32(TM_QW1W2_OS_CAM, qw1w2)) && 1948 (be32_to_cpu(qw0w2) & TM_QW0W2_VU) && 1949 (logic_serv == xive_get_field32(TM_QW0W2_LOGIC_SERV, qw0w2))) { 1950 return TM_QW0_USER; 1951 } 1952 } 1953 return -1; 1954 } 1955 1956 /* 1957 * This is our simple Xive Presenter Engine model. It is merged in the 1958 * Router as it does not require an extra object. 1959 */ 1960 bool xive_presenter_match(XiveFabric *xfb, uint8_t format, 1961 uint8_t nvt_blk, uint32_t nvt_idx, 1962 bool crowd, bool cam_ignore, uint8_t priority, 1963 uint32_t logic_serv, XiveTCTXMatch *match) 1964 { 1965 XiveFabricClass *xfc = XIVE_FABRIC_GET_CLASS(xfb); 1966 1967 memset(match, 0, sizeof(*match)); 1968 1969 /* 1970 * Ask the machine to scan the interrupt controllers for a match. 1971 * 1972 * For VP-specific notification, we expect at most one match and 1973 * one call to the presenters is all we need (abbreviated notify 1974 * sequence documented by the architecture). 1975 * 1976 * For VP-group notification, match_nvt() is the equivalent of the 1977 * "histogram" and "poll" commands sent to the power bus to the 1978 * presenters. 'count' could be more than one, but we always 1979 * select the first match for now. 'precluded' tells if (at least) 1980 * one thread matches but can't take the interrupt now because 1981 * it's running at a more favored priority. We return the 1982 * information to the router so that it can take appropriate 1983 * actions (backlog, escalation, broadcast, etc...) 1984 * 1985 * If we were to implement a better way of dispatching the 1986 * interrupt in case of multiple matches (instead of the first 1987 * match), we would need a heuristic to elect a thread (for 1988 * example, the hardware keeps track of an 'age' in the TIMA) and 1989 * a new command to the presenters (the equivalent of the "assign" 1990 * power bus command in the documented full notify sequence. 1991 */ 1992 return xfc->match_nvt(xfb, format, nvt_blk, nvt_idx, crowd, cam_ignore, 1993 priority, logic_serv, match); 1994 } 1995 1996 /* 1997 * Notification using the END ESe/ESn bit (Event State Buffer for 1998 * escalation and notification). Provide further coalescing in the 1999 * Router. 2000 */ 2001 static bool xive_router_end_es_notify(XiveRouter *xrtr, uint8_t end_blk, 2002 uint32_t end_idx, XiveEND *end, 2003 uint32_t end_esmask) 2004 { 2005 uint8_t pq = xive_get_field32(end_esmask, end->w1); 2006 bool notify = xive_esb_trigger(&pq); 2007 2008 if (pq != xive_get_field32(end_esmask, end->w1)) { 2009 end->w1 = xive_set_field32(end_esmask, end->w1, pq); 2010 xive_router_write_end(xrtr, end_blk, end_idx, end, 1); 2011 } 2012 2013 /* ESe/n[Q]=1 : end of notification */ 2014 return notify; 2015 } 2016 2017 /* 2018 * An END trigger can come from an event trigger (IPI or HW) or from 2019 * another chip. We don't model the PowerBus but the END trigger 2020 * message has the same parameters than in the function below. 2021 */ 2022 void xive_router_end_notify(XiveRouter *xrtr, XiveEAS *eas) 2023 { 2024 XiveEND end; 2025 uint8_t priority; 2026 uint8_t format; 2027 uint8_t nvt_blk; 2028 uint32_t nvt_idx; 2029 XiveNVT nvt; 2030 XiveTCTXMatch match; 2031 2032 uint8_t end_blk = xive_get_field64(EAS_END_BLOCK, eas->w); 2033 uint32_t end_idx = xive_get_field64(EAS_END_INDEX, eas->w); 2034 uint32_t end_data = xive_get_field64(EAS_END_DATA, eas->w); 2035 2036 /* END cache lookup */ 2037 if (xive_router_get_end(xrtr, end_blk, end_idx, &end)) { 2038 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: No END %x/%x\n", end_blk, 2039 end_idx); 2040 return; 2041 } 2042 2043 if (!xive_end_is_valid(&end)) { 2044 trace_xive_router_end_notify(end_blk, end_idx, end_data); 2045 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: END %x/%x is invalid\n", 2046 end_blk, end_idx); 2047 return; 2048 } 2049 2050 if (xive_end_is_enqueue(&end)) { 2051 xive_end_enqueue(&end, end_data); 2052 /* Enqueuing event data modifies the EQ toggle and index */ 2053 xive_router_write_end(xrtr, end_blk, end_idx, &end, 1); 2054 } 2055 2056 /* 2057 * When the END is silent, we skip the notification part. 2058 */ 2059 if (xive_end_is_silent_escalation(&end)) { 2060 goto do_escalation; 2061 } 2062 2063 /* 2064 * The W7 format depends on the F bit in W6. It defines the type 2065 * of the notification : 2066 * 2067 * F=0 : single or multiple NVT notification 2068 * F=1 : User level Event-Based Branch (EBB) notification, no 2069 * priority 2070 */ 2071 format = xive_get_field32(END_W6_FORMAT_BIT, end.w6); 2072 priority = xive_get_field32(END_W7_F0_PRIORITY, end.w7); 2073 2074 /* The END is masked */ 2075 if (format == 0 && priority == 0xff) { 2076 return; 2077 } 2078 2079 /* 2080 * Check the END ESn (Event State Buffer for notification) for 2081 * even further coalescing in the Router 2082 */ 2083 if (!xive_end_is_notify(&end)) { 2084 /* ESn[Q]=1 : end of notification */ 2085 if (!xive_router_end_es_notify(xrtr, end_blk, end_idx, 2086 &end, END_W1_ESn)) { 2087 return; 2088 } 2089 } 2090 2091 /* 2092 * Follows IVPE notification 2093 */ 2094 nvt_blk = xive_get_field32(END_W6_NVT_BLOCK, end.w6); 2095 nvt_idx = xive_get_field32(END_W6_NVT_INDEX, end.w6); 2096 2097 /* NVT cache lookup */ 2098 if (xive_router_get_nvt(xrtr, nvt_blk, nvt_idx, &nvt)) { 2099 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: no NVT %x/%x\n", 2100 nvt_blk, nvt_idx); 2101 return; 2102 } 2103 2104 if (!xive_nvt_is_valid(&nvt)) { 2105 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: NVT %x/%x is invalid\n", 2106 nvt_blk, nvt_idx); 2107 return; 2108 } 2109 2110 /* TODO: Auto EOI. */ 2111 /* we don't support VP-group notification on P9, so precluded is not used */ 2112 if (xive_presenter_match(xrtr->xfb, format, nvt_blk, nvt_idx, 2113 false /* crowd */, 2114 xive_get_field32(END_W7_F0_IGNORE, end.w7), 2115 priority, 2116 xive_get_field32(END_W7_F1_LOG_SERVER_ID, end.w7), 2117 &match)) { 2118 trace_xive_presenter_notify(nvt_blk, nvt_idx, match.ring, 0); 2119 xive_tctx_pipr_present(match.tctx, match.ring, priority, 0); 2120 return; 2121 } 2122 2123 /* 2124 * If no matching NVT is dispatched on a HW thread : 2125 * - specific VP: update the NVT structure if backlog is activated 2126 * - logical server : forward request to IVPE (not supported) 2127 */ 2128 if (xive_end_is_backlog(&end)) { 2129 uint8_t ipb; 2130 2131 if (format == 1) { 2132 qemu_log_mask(LOG_GUEST_ERROR, 2133 "XIVE: END %x/%x invalid config: F1 & backlog\n", 2134 end_blk, end_idx); 2135 return; 2136 } 2137 /* 2138 * Record the IPB in the associated NVT structure for later 2139 * use. The presenter will resend the interrupt when the vCPU 2140 * is dispatched again on a HW thread. 2141 */ 2142 ipb = xive_get_field32(NVT_W4_IPB, nvt.w4) | 2143 xive_priority_to_ipb(priority); 2144 nvt.w4 = xive_set_field32(NVT_W4_IPB, nvt.w4, ipb); 2145 xive_router_write_nvt(xrtr, nvt_blk, nvt_idx, &nvt, 4); 2146 2147 /* 2148 * On HW, follows a "Broadcast Backlog" to IVPEs 2149 */ 2150 } 2151 2152 do_escalation: 2153 /* 2154 * If activated, escalate notification using the ESe PQ bits and 2155 * the EAS in w4-5 2156 */ 2157 if (!xive_end_is_escalate(&end)) { 2158 return; 2159 } 2160 2161 /* 2162 * Check the END ESe (Event State Buffer for escalation) for even 2163 * further coalescing in the Router 2164 */ 2165 if (!xive_end_is_uncond_escalation(&end)) { 2166 /* ESe[Q]=1 : end of notification */ 2167 if (!xive_router_end_es_notify(xrtr, end_blk, end_idx, 2168 &end, END_W1_ESe)) { 2169 return; 2170 } 2171 } 2172 2173 trace_xive_router_end_escalate(end_blk, end_idx, 2174 (uint8_t) xive_get_field32(END_W4_ESC_END_BLOCK, end.w4), 2175 (uint32_t) xive_get_field32(END_W4_ESC_END_INDEX, end.w4), 2176 (uint32_t) xive_get_field32(END_W5_ESC_END_DATA, end.w5)); 2177 /* 2178 * The END trigger becomes an Escalation trigger 2179 */ 2180 xive_router_end_notify_handler(xrtr, (XiveEAS *) &end.w4); 2181 } 2182 2183 void xive_router_notify(XiveNotifier *xn, uint32_t lisn, bool pq_checked) 2184 { 2185 XiveRouter *xrtr = XIVE_ROUTER(xn); 2186 uint8_t eas_blk = XIVE_EAS_BLOCK(lisn); 2187 uint32_t eas_idx = XIVE_EAS_INDEX(lisn); 2188 XiveEAS eas; 2189 2190 /* EAS cache lookup */ 2191 if (xive_router_get_eas(xrtr, eas_blk, eas_idx, &eas)) { 2192 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Unknown LISN %x\n", lisn); 2193 return; 2194 } 2195 2196 if (!pq_checked) { 2197 bool notify; 2198 uint8_t pq; 2199 2200 /* PQ cache lookup */ 2201 if (xive_router_get_pq(xrtr, eas_blk, eas_idx, &pq)) { 2202 /* Set FIR */ 2203 g_assert_not_reached(); 2204 } 2205 2206 notify = xive_esb_trigger(&pq); 2207 2208 if (xive_router_set_pq(xrtr, eas_blk, eas_idx, &pq)) { 2209 /* Set FIR */ 2210 g_assert_not_reached(); 2211 } 2212 2213 if (!notify) { 2214 return; 2215 } 2216 } 2217 2218 if (!xive_eas_is_valid(&eas)) { 2219 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid LISN %x\n", lisn); 2220 return; 2221 } 2222 2223 if (xive_eas_is_masked(&eas)) { 2224 /* Notification completed */ 2225 return; 2226 } 2227 2228 /* 2229 * The event trigger becomes an END trigger 2230 */ 2231 xive_router_end_notify_handler(xrtr, &eas); 2232 } 2233 2234 static const Property xive_router_properties[] = { 2235 DEFINE_PROP_LINK("xive-fabric", XiveRouter, xfb, 2236 TYPE_XIVE_FABRIC, XiveFabric *), 2237 }; 2238 2239 static void xive_router_class_init(ObjectClass *klass, const void *data) 2240 { 2241 DeviceClass *dc = DEVICE_CLASS(klass); 2242 XiveNotifierClass *xnc = XIVE_NOTIFIER_CLASS(klass); 2243 XiveRouterClass *xrc = XIVE_ROUTER_CLASS(klass); 2244 2245 dc->desc = "XIVE Router Engine"; 2246 device_class_set_props(dc, xive_router_properties); 2247 /* Parent is SysBusDeviceClass. No need to call its realize hook */ 2248 dc->realize = xive_router_realize; 2249 xnc->notify = xive_router_notify; 2250 2251 /* By default, the router handles END triggers locally */ 2252 xrc->end_notify = xive_router_end_notify; 2253 } 2254 2255 static const TypeInfo xive_router_info = { 2256 .name = TYPE_XIVE_ROUTER, 2257 .parent = TYPE_SYS_BUS_DEVICE, 2258 .abstract = true, 2259 .instance_size = sizeof(XiveRouter), 2260 .class_size = sizeof(XiveRouterClass), 2261 .class_init = xive_router_class_init, 2262 .interfaces = (const InterfaceInfo[]) { 2263 { TYPE_XIVE_NOTIFIER }, 2264 { TYPE_XIVE_PRESENTER }, 2265 { } 2266 } 2267 }; 2268 2269 void xive_eas_pic_print_info(XiveEAS *eas, uint32_t lisn, GString *buf) 2270 { 2271 if (!xive_eas_is_valid(eas)) { 2272 return; 2273 } 2274 2275 g_string_append_printf(buf, " %08x %s end:%02x/%04x data:%08x\n", 2276 lisn, xive_eas_is_masked(eas) ? "M" : " ", 2277 (uint8_t) xive_get_field64(EAS_END_BLOCK, eas->w), 2278 (uint32_t) xive_get_field64(EAS_END_INDEX, eas->w), 2279 (uint32_t) xive_get_field64(EAS_END_DATA, eas->w)); 2280 } 2281 2282 /* 2283 * END ESB MMIO loads 2284 */ 2285 static uint64_t xive_end_source_read(void *opaque, hwaddr addr, unsigned size) 2286 { 2287 XiveENDSource *xsrc = XIVE_END_SOURCE(opaque); 2288 uint32_t offset = addr & 0xFFF; 2289 uint8_t end_blk; 2290 uint32_t end_idx; 2291 XiveEND end; 2292 uint32_t end_esmask; 2293 uint8_t pq; 2294 uint64_t ret = -1; 2295 2296 /* 2297 * The block id should be deduced from the load address on the END 2298 * ESB MMIO but our model only supports a single block per XIVE chip. 2299 */ 2300 end_blk = xive_router_get_block_id(xsrc->xrtr); 2301 end_idx = addr >> (xsrc->esb_shift + 1); 2302 2303 trace_xive_end_source_read(end_blk, end_idx, addr); 2304 2305 if (xive_router_get_end(xsrc->xrtr, end_blk, end_idx, &end)) { 2306 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: No END %x/%x\n", end_blk, 2307 end_idx); 2308 return -1; 2309 } 2310 2311 if (!xive_end_is_valid(&end)) { 2312 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: END %x/%x is invalid\n", 2313 end_blk, end_idx); 2314 return -1; 2315 } 2316 2317 end_esmask = addr_is_even(addr, xsrc->esb_shift) ? END_W1_ESn : END_W1_ESe; 2318 pq = xive_get_field32(end_esmask, end.w1); 2319 2320 switch (offset) { 2321 case XIVE_ESB_LOAD_EOI ... XIVE_ESB_LOAD_EOI + 0x7FF: 2322 ret = xive_esb_eoi(&pq); 2323 2324 /* Forward the source event notification for routing ?? */ 2325 break; 2326 2327 case XIVE_ESB_GET ... XIVE_ESB_GET + 0x3FF: 2328 ret = pq; 2329 break; 2330 2331 case XIVE_ESB_SET_PQ_00 ... XIVE_ESB_SET_PQ_00 + 0x0FF: 2332 case XIVE_ESB_SET_PQ_01 ... XIVE_ESB_SET_PQ_01 + 0x0FF: 2333 case XIVE_ESB_SET_PQ_10 ... XIVE_ESB_SET_PQ_10 + 0x0FF: 2334 case XIVE_ESB_SET_PQ_11 ... XIVE_ESB_SET_PQ_11 + 0x0FF: 2335 ret = xive_esb_set(&pq, (offset >> 8) & 0x3); 2336 break; 2337 default: 2338 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid END ESB load addr %d\n", 2339 offset); 2340 return -1; 2341 } 2342 2343 if (pq != xive_get_field32(end_esmask, end.w1)) { 2344 end.w1 = xive_set_field32(end_esmask, end.w1, pq); 2345 xive_router_write_end(xsrc->xrtr, end_blk, end_idx, &end, 1); 2346 } 2347 2348 return ret; 2349 } 2350 2351 /* 2352 * END ESB MMIO stores are invalid 2353 */ 2354 static void xive_end_source_write(void *opaque, hwaddr addr, 2355 uint64_t value, unsigned size) 2356 { 2357 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid ESB write addr 0x%" 2358 HWADDR_PRIx"\n", addr); 2359 } 2360 2361 static const MemoryRegionOps xive_end_source_ops = { 2362 .read = xive_end_source_read, 2363 .write = xive_end_source_write, 2364 .endianness = DEVICE_BIG_ENDIAN, 2365 .valid = { 2366 .min_access_size = 1, 2367 .max_access_size = 8, 2368 }, 2369 .impl = { 2370 .min_access_size = 1, 2371 .max_access_size = 8, 2372 }, 2373 }; 2374 2375 static void xive_end_source_realize(DeviceState *dev, Error **errp) 2376 { 2377 XiveENDSource *xsrc = XIVE_END_SOURCE(dev); 2378 2379 assert(xsrc->xrtr); 2380 2381 if (!xsrc->nr_ends) { 2382 error_setg(errp, "Number of interrupt needs to be greater than 0"); 2383 return; 2384 } 2385 2386 if (xsrc->esb_shift != XIVE_ESB_4K && 2387 xsrc->esb_shift != XIVE_ESB_64K) { 2388 error_setg(errp, "Invalid ESB shift setting"); 2389 return; 2390 } 2391 2392 /* 2393 * Each END is assigned an even/odd pair of MMIO pages, the even page 2394 * manages the ESn field while the odd page manages the ESe field. 2395 */ 2396 memory_region_init_io(&xsrc->esb_mmio, OBJECT(xsrc), 2397 &xive_end_source_ops, xsrc, "xive.end", 2398 (1ull << (xsrc->esb_shift + 1)) * xsrc->nr_ends); 2399 } 2400 2401 static const Property xive_end_source_properties[] = { 2402 DEFINE_PROP_UINT32("nr-ends", XiveENDSource, nr_ends, 0), 2403 DEFINE_PROP_UINT32("shift", XiveENDSource, esb_shift, XIVE_ESB_64K), 2404 DEFINE_PROP_LINK("xive", XiveENDSource, xrtr, TYPE_XIVE_ROUTER, 2405 XiveRouter *), 2406 }; 2407 2408 static void xive_end_source_class_init(ObjectClass *klass, const void *data) 2409 { 2410 DeviceClass *dc = DEVICE_CLASS(klass); 2411 2412 dc->desc = "XIVE END Source"; 2413 device_class_set_props(dc, xive_end_source_properties); 2414 dc->realize = xive_end_source_realize; 2415 /* 2416 * Reason: part of XIVE interrupt controller, needs to be wired up, 2417 * e.g. by spapr_xive_instance_init(). 2418 */ 2419 dc->user_creatable = false; 2420 } 2421 2422 static const TypeInfo xive_end_source_info = { 2423 .name = TYPE_XIVE_END_SOURCE, 2424 .parent = TYPE_DEVICE, 2425 .instance_size = sizeof(XiveENDSource), 2426 .class_init = xive_end_source_class_init, 2427 }; 2428 2429 /* 2430 * XIVE Notifier 2431 */ 2432 static const TypeInfo xive_notifier_info = { 2433 .name = TYPE_XIVE_NOTIFIER, 2434 .parent = TYPE_INTERFACE, 2435 .class_size = sizeof(XiveNotifierClass), 2436 }; 2437 2438 /* 2439 * XIVE Presenter 2440 */ 2441 static const TypeInfo xive_presenter_info = { 2442 .name = TYPE_XIVE_PRESENTER, 2443 .parent = TYPE_INTERFACE, 2444 .class_size = sizeof(XivePresenterClass), 2445 }; 2446 2447 /* 2448 * XIVE Fabric 2449 */ 2450 static const TypeInfo xive_fabric_info = { 2451 .name = TYPE_XIVE_FABRIC, 2452 .parent = TYPE_INTERFACE, 2453 .class_size = sizeof(XiveFabricClass), 2454 }; 2455 2456 static void xive_register_types(void) 2457 { 2458 type_register_static(&xive_fabric_info); 2459 type_register_static(&xive_source_info); 2460 type_register_static(&xive_notifier_info); 2461 type_register_static(&xive_presenter_info); 2462 type_register_static(&xive_router_info); 2463 type_register_static(&xive_end_source_info); 2464 type_register_static(&xive_tctx_info); 2465 } 2466 2467 type_init(xive_register_types) 2468