xref: /openbmc/qemu/hw/intc/xive2.c (revision dc1424319311f86449c6825ceec2364ee645a363)
1 /*
2  * QEMU PowerPC XIVE2 interrupt controller model (POWER10)
3  *
4  * Copyright (c) 2019-2024, IBM Corporation..
5  *
6  * SPDX-License-Identifier: GPL-2.0-or-later
7  */
8 
9 #include "qemu/osdep.h"
10 #include "qemu/log.h"
11 #include "qemu/module.h"
12 #include "qapi/error.h"
13 #include "target/ppc/cpu.h"
14 #include "system/cpus.h"
15 #include "system/dma.h"
16 #include "hw/qdev-properties.h"
17 #include "hw/ppc/xive.h"
18 #include "hw/ppc/xive2.h"
19 #include "hw/ppc/xive2_regs.h"
20 #include "trace.h"
21 
22 uint32_t xive2_router_get_config(Xive2Router *xrtr)
23 {
24     Xive2RouterClass *xrc = XIVE2_ROUTER_GET_CLASS(xrtr);
25 
26     return xrc->get_config(xrtr);
27 }
28 
29 static int xive2_router_get_block_id(Xive2Router *xrtr)
30 {
31    Xive2RouterClass *xrc = XIVE2_ROUTER_GET_CLASS(xrtr);
32 
33    return xrc->get_block_id(xrtr);
34 }
35 
36 static uint64_t xive2_nvp_reporting_addr(Xive2Nvp *nvp)
37 {
38     uint64_t cache_addr;
39 
40     cache_addr = xive_get_field32(NVP2_W6_REPORTING_LINE, nvp->w6) << 24 |
41         xive_get_field32(NVP2_W7_REPORTING_LINE, nvp->w7);
42     cache_addr <<= 8; /* aligned on a cache line pair */
43     return cache_addr;
44 }
45 
46 static uint32_t xive2_nvgc_get_backlog(Xive2Nvgc *nvgc, uint8_t priority)
47 {
48     uint32_t val = 0;
49     uint8_t *ptr, i;
50 
51     if (priority > 7) {
52         return 0;
53     }
54 
55     /*
56      * The per-priority backlog counters are 24-bit and the structure
57      * is stored in big endian. NVGC is 32-bytes long, so 24-bytes from
58      * w2, which fits 8 priorities * 24-bits per priority.
59      */
60     ptr = (uint8_t *)&nvgc->w2 + priority * 3;
61     for (i = 0; i < 3; i++, ptr++) {
62         val = (val << 8) + *ptr;
63     }
64     return val;
65 }
66 
67 static void xive2_nvgc_set_backlog(Xive2Nvgc *nvgc, uint8_t priority,
68                                    uint32_t val)
69 {
70     uint8_t *ptr, i;
71     uint32_t shift;
72 
73     if (priority > 7) {
74         return;
75     }
76 
77     if (val > 0xFFFFFF) {
78         val = 0xFFFFFF;
79     }
80     /*
81      * The per-priority backlog counters are 24-bit and the structure
82      * is stored in big endian
83      */
84     ptr = (uint8_t *)&nvgc->w2 + priority * 3;
85     for (i = 0; i < 3; i++, ptr++) {
86         shift = 8 * (2 - i);
87         *ptr = (val >> shift) & 0xFF;
88     }
89 }
90 
91 uint64_t xive2_presenter_nvgc_backlog_op(XivePresenter *xptr,
92                                          bool crowd,
93                                          uint8_t blk, uint32_t idx,
94                                          uint16_t offset, uint16_t val)
95 {
96     Xive2Router *xrtr = XIVE2_ROUTER(xptr);
97     uint8_t priority = GETFIELD(NVx_BACKLOG_PRIO, offset);
98     uint8_t op = GETFIELD(NVx_BACKLOG_OP, offset);
99     Xive2Nvgc nvgc;
100     uint32_t count, old_count;
101 
102     if (xive2_router_get_nvgc(xrtr, crowd, blk, idx, &nvgc)) {
103         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: No %s %x/%x\n",
104                       crowd ? "NVC" : "NVG", blk, idx);
105         return -1;
106     }
107     if (!xive2_nvgc_is_valid(&nvgc)) {
108         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Invalid NVG %x/%x\n", blk, idx);
109         return -1;
110     }
111 
112     old_count = xive2_nvgc_get_backlog(&nvgc, priority);
113     count = old_count;
114     /*
115      * op:
116      * 0b00 => increment
117      * 0b01 => decrement
118      * 0b1- => read
119      */
120     if (op == 0b00 || op == 0b01) {
121         if (op == 0b00) {
122             count += val;
123         } else {
124             if (count > val) {
125                 count -= val;
126             } else {
127                 count = 0;
128             }
129         }
130         xive2_nvgc_set_backlog(&nvgc, priority, count);
131         xive2_router_write_nvgc(xrtr, crowd, blk, idx, &nvgc);
132     }
133     trace_xive_nvgc_backlog_op(crowd, blk, idx, op, priority, old_count);
134     return old_count;
135 }
136 
137 uint64_t xive2_presenter_nvp_backlog_op(XivePresenter *xptr,
138                                         uint8_t blk, uint32_t idx,
139                                         uint16_t offset)
140 {
141     Xive2Router *xrtr = XIVE2_ROUTER(xptr);
142     uint8_t priority = GETFIELD(NVx_BACKLOG_PRIO, offset);
143     uint8_t op = GETFIELD(NVx_BACKLOG_OP, offset);
144     Xive2Nvp nvp;
145     uint8_t ipb, old_ipb, rc;
146 
147     if (xive2_router_get_nvp(xrtr, blk, idx, &nvp)) {
148         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: No NVP %x/%x\n", blk, idx);
149         return -1;
150     }
151     if (!xive2_nvp_is_valid(&nvp)) {
152         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Invalid NVP %x/%x\n", blk, idx);
153         return -1;
154     }
155 
156     old_ipb = xive_get_field32(NVP2_W2_IPB, nvp.w2);
157     ipb = old_ipb;
158     /*
159      * op:
160      * 0b00 => set priority bit
161      * 0b01 => reset priority bit
162      * 0b1- => read
163      */
164     if (op == 0b00 || op == 0b01) {
165         if (op == 0b00) {
166             ipb |= xive_priority_to_ipb(priority);
167         } else {
168             ipb &= ~xive_priority_to_ipb(priority);
169         }
170         nvp.w2 = xive_set_field32(NVP2_W2_IPB, nvp.w2, ipb);
171         xive2_router_write_nvp(xrtr, blk, idx, &nvp, 2);
172     }
173     rc = !!(old_ipb & xive_priority_to_ipb(priority));
174     trace_xive_nvp_backlog_op(blk, idx, op, priority, rc);
175     return rc;
176 }
177 
178 void xive2_eas_pic_print_info(Xive2Eas *eas, uint32_t lisn, GString *buf)
179 {
180     if (!xive2_eas_is_valid(eas)) {
181         return;
182     }
183 
184     g_string_append_printf(buf, "  %08x %s end:%02x/%04x data:%08x\n",
185                            lisn, xive2_eas_is_masked(eas) ? "M" : " ",
186                            (uint8_t)  xive_get_field64(EAS2_END_BLOCK, eas->w),
187                            (uint32_t) xive_get_field64(EAS2_END_INDEX, eas->w),
188                            (uint32_t) xive_get_field64(EAS2_END_DATA, eas->w));
189 }
190 
191 void xive2_end_queue_pic_print_info(Xive2End *end, uint32_t width, GString *buf)
192 {
193     uint64_t qaddr_base = xive2_end_qaddr(end);
194     uint32_t qsize = xive_get_field32(END2_W3_QSIZE, end->w3);
195     uint32_t qindex = xive_get_field32(END2_W1_PAGE_OFF, end->w1);
196     uint32_t qentries = 1 << (qsize + 10);
197     int i;
198 
199     /*
200      * print out the [ (qindex - (width - 1)) .. (qindex + 1)] window
201      */
202     g_string_append_printf(buf, " [ ");
203     qindex = (qindex - (width - 1)) & (qentries - 1);
204     for (i = 0; i < width; i++) {
205         uint64_t qaddr = qaddr_base + (qindex << 2);
206         uint32_t qdata = -1;
207 
208         if (dma_memory_read(&address_space_memory, qaddr, &qdata,
209                             sizeof(qdata), MEMTXATTRS_UNSPECIFIED)) {
210             qemu_log_mask(LOG_GUEST_ERROR, "XIVE: failed to read EQ @0x%"
211                           HWADDR_PRIx "\n", qaddr);
212             return;
213         }
214         g_string_append_printf(buf, "%s%08x ", i == width - 1 ? "^" : "",
215                                be32_to_cpu(qdata));
216         qindex = (qindex + 1) & (qentries - 1);
217     }
218     g_string_append_printf(buf, "]");
219 }
220 
221 void xive2_end_pic_print_info(Xive2End *end, uint32_t end_idx, GString *buf)
222 {
223     uint64_t qaddr_base = xive2_end_qaddr(end);
224     uint32_t qindex = xive_get_field32(END2_W1_PAGE_OFF, end->w1);
225     uint32_t qgen = xive_get_field32(END2_W1_GENERATION, end->w1);
226     uint32_t qsize = xive_get_field32(END2_W3_QSIZE, end->w3);
227     uint32_t qentries = 1 << (qsize + 10);
228 
229     uint32_t nvx_blk = xive_get_field32(END2_W6_VP_BLOCK, end->w6);
230     uint32_t nvx_idx = xive_get_field32(END2_W6_VP_OFFSET, end->w6);
231     uint8_t priority = xive_get_field32(END2_W7_F0_PRIORITY, end->w7);
232     uint8_t pq;
233 
234     if (!xive2_end_is_valid(end)) {
235         return;
236     }
237 
238     pq = xive_get_field32(END2_W1_ESn, end->w1);
239 
240     g_string_append_printf(buf,
241                            "  %08x %c%c %c%c%c%c%c%c%c%c%c%c%c %c%c "
242                            "prio:%d nvp:%02x/%04x",
243                            end_idx,
244                            pq & XIVE_ESB_VAL_P ? 'P' : '-',
245                            pq & XIVE_ESB_VAL_Q ? 'Q' : '-',
246                            xive2_end_is_valid(end)    ? 'v' : '-',
247                            xive2_end_is_enqueue(end)  ? 'q' : '-',
248                            xive2_end_is_notify(end)   ? 'n' : '-',
249                            xive2_end_is_backlog(end)  ? 'b' : '-',
250                            xive2_end_is_precluded_escalation(end) ? 'p' : '-',
251                            xive2_end_is_escalate(end) ? 'e' : '-',
252                            xive2_end_is_escalate_end(end) ? 'N' : '-',
253                            xive2_end_is_uncond_escalation(end)   ? 'u' : '-',
254                            xive2_end_is_silent_escalation(end)   ? 's' : '-',
255                            xive2_end_is_firmware1(end)   ? 'f' : '-',
256                            xive2_end_is_firmware2(end)   ? 'F' : '-',
257                            xive2_end_is_ignore(end) ? 'i' : '-',
258                            xive2_end_is_crowd(end)  ? 'c' : '-',
259                            priority, nvx_blk, nvx_idx);
260 
261     if (qaddr_base) {
262         g_string_append_printf(buf, " eq:@%08"PRIx64"% 6d/%5d ^%d",
263                                qaddr_base, qindex, qentries, qgen);
264         xive2_end_queue_pic_print_info(end, 6, buf);
265     }
266     g_string_append_c(buf, '\n');
267 }
268 
269 void xive2_end_eas_pic_print_info(Xive2End *end, uint32_t end_idx,
270                                   GString *buf)
271 {
272     Xive2Eas *eas = (Xive2Eas *) &end->w4;
273     uint8_t pq;
274 
275     if (!xive2_end_is_escalate(end)) {
276         return;
277     }
278 
279     pq = xive_get_field32(END2_W1_ESe, end->w1);
280 
281     g_string_append_printf(buf, "  %08x %c%c %c%c end:%02x/%04x data:%08x\n",
282                            end_idx,
283                            pq & XIVE_ESB_VAL_P ? 'P' : '-',
284                            pq & XIVE_ESB_VAL_Q ? 'Q' : '-',
285                            xive2_eas_is_valid(eas) ? 'v' : ' ',
286                            xive2_eas_is_masked(eas) ? 'M' : ' ',
287                            (uint8_t)  xive_get_field64(EAS2_END_BLOCK, eas->w),
288                            (uint32_t) xive_get_field64(EAS2_END_INDEX, eas->w),
289                            (uint32_t) xive_get_field64(EAS2_END_DATA, eas->w));
290 }
291 
292 void xive2_nvp_pic_print_info(Xive2Nvp *nvp, uint32_t nvp_idx, GString *buf)
293 {
294     uint8_t  eq_blk = xive_get_field32(NVP2_W5_VP_END_BLOCK, nvp->w5);
295     uint32_t eq_idx = xive_get_field32(NVP2_W5_VP_END_INDEX, nvp->w5);
296     uint64_t cache_line = xive2_nvp_reporting_addr(nvp);
297 
298     if (!xive2_nvp_is_valid(nvp)) {
299         return;
300     }
301 
302     g_string_append_printf(buf, "  %08x end:%02x/%04x IPB:%02x PGoFirst:%02x",
303                            nvp_idx, eq_blk, eq_idx,
304                            xive_get_field32(NVP2_W2_IPB, nvp->w2),
305                            xive_get_field32(NVP2_W0_PGOFIRST, nvp->w0));
306     if (cache_line) {
307         g_string_append_printf(buf, "  reporting CL:%016"PRIx64, cache_line);
308     }
309 
310     /*
311      * When the NVP is HW controlled, more fields are updated
312      */
313     if (xive2_nvp_is_hw(nvp)) {
314         g_string_append_printf(buf, " CPPR:%02x",
315                                xive_get_field32(NVP2_W2_CPPR, nvp->w2));
316         if (xive2_nvp_is_co(nvp)) {
317             g_string_append_printf(buf, " CO:%04x",
318                                    xive_get_field32(NVP2_W1_CO_THRID, nvp->w1));
319         }
320     }
321     g_string_append_c(buf, '\n');
322 }
323 
324 void xive2_nvgc_pic_print_info(Xive2Nvgc *nvgc, uint32_t nvgc_idx, GString *buf)
325 {
326     uint8_t i;
327 
328     if (!xive2_nvgc_is_valid(nvgc)) {
329         return;
330     }
331 
332     g_string_append_printf(buf, "  %08x PGoNext:%02x bklog: ", nvgc_idx,
333                            xive_get_field32(NVGC2_W0_PGONEXT, nvgc->w0));
334     for (i = 0; i <= XIVE_PRIORITY_MAX; i++) {
335         g_string_append_printf(buf, "[%d]=0x%x ",
336                                i, xive2_nvgc_get_backlog(nvgc, i));
337     }
338     g_string_append_printf(buf, "\n");
339 }
340 
341 static void xive2_end_enqueue(Xive2End *end, uint32_t data)
342 {
343     uint64_t qaddr_base = xive2_end_qaddr(end);
344     uint32_t qsize = xive_get_field32(END2_W3_QSIZE, end->w3);
345     uint32_t qindex = xive_get_field32(END2_W1_PAGE_OFF, end->w1);
346     uint32_t qgen = xive_get_field32(END2_W1_GENERATION, end->w1);
347 
348     uint64_t qaddr = qaddr_base + (qindex << 2);
349     uint32_t qdata = cpu_to_be32((qgen << 31) | (data & 0x7fffffff));
350     uint32_t qentries = 1 << (qsize + 10);
351 
352     if (dma_memory_write(&address_space_memory, qaddr, &qdata, sizeof(qdata),
353                          MEMTXATTRS_UNSPECIFIED)) {
354         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: failed to write END data @0x%"
355                       HWADDR_PRIx "\n", qaddr);
356         return;
357     }
358 
359     qindex = (qindex + 1) & (qentries - 1);
360     if (qindex == 0) {
361         qgen ^= 1;
362         end->w1 = xive_set_field32(END2_W1_GENERATION, end->w1, qgen);
363 
364         /* TODO(PowerNV): reset GF bit on a cache watch operation */
365         end->w1 = xive_set_field32(END2_W1_GEN_FLIPPED, end->w1, qgen);
366     }
367     end->w1 = xive_set_field32(END2_W1_PAGE_OFF, end->w1, qindex);
368 }
369 
370 static void xive2_pgofnext(uint8_t *nvgc_blk, uint32_t *nvgc_idx,
371                            uint8_t next_level)
372 {
373     uint32_t mask, next_idx;
374     uint8_t next_blk;
375 
376     /*
377      * Adjust the block and index of a VP for the next group/crowd
378      * size (PGofFirst/PGofNext field in the NVP and NVGC structures).
379      *
380      * The 6-bit group level is split into a 2-bit crowd and 4-bit
381      * group levels. Encoding is similar. However, we don't support
382      * crowd size of 8. So a crowd level of 0b11 is bumped to a crowd
383      * size of 16.
384      */
385     next_blk = NVx_CROWD_LVL(next_level);
386     if (next_blk == 3) {
387         next_blk = 4;
388     }
389     mask = (1 << next_blk) - 1;
390     *nvgc_blk &= ~mask;
391     *nvgc_blk |= mask >> 1;
392 
393     next_idx = NVx_GROUP_LVL(next_level);
394     mask = (1 << next_idx) - 1;
395     *nvgc_idx &= ~mask;
396     *nvgc_idx |= mask >> 1;
397 }
398 
399 /*
400  * Scan the group chain and return the highest priority and group
401  * level of pending group interrupts.
402  */
403 static uint8_t xive2_presenter_backlog_scan(XivePresenter *xptr,
404                                             uint8_t nvx_blk, uint32_t nvx_idx,
405                                             uint8_t first_group,
406                                             uint8_t *out_level)
407 {
408     Xive2Router *xrtr = XIVE2_ROUTER(xptr);
409     uint32_t nvgc_idx;
410     uint32_t current_level, count;
411     uint8_t nvgc_blk, prio;
412     Xive2Nvgc nvgc;
413 
414     for (prio = 0; prio <= XIVE_PRIORITY_MAX; prio++) {
415         current_level = first_group & 0x3F;
416         nvgc_blk = nvx_blk;
417         nvgc_idx = nvx_idx;
418 
419         while (current_level) {
420             xive2_pgofnext(&nvgc_blk, &nvgc_idx, current_level);
421 
422             if (xive2_router_get_nvgc(xrtr, NVx_CROWD_LVL(current_level),
423                                       nvgc_blk, nvgc_idx, &nvgc)) {
424                 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: No NVGC %x/%x\n",
425                               nvgc_blk, nvgc_idx);
426                 return 0xFF;
427             }
428             if (!xive2_nvgc_is_valid(&nvgc)) {
429                 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Invalid NVGC %x/%x\n",
430                               nvgc_blk, nvgc_idx);
431                 return 0xFF;
432             }
433 
434             count = xive2_nvgc_get_backlog(&nvgc, prio);
435             if (count) {
436                 *out_level = current_level;
437                 return prio;
438             }
439             current_level = xive_get_field32(NVGC2_W0_PGONEXT, nvgc.w0) & 0x3F;
440         }
441     }
442     return 0xFF;
443 }
444 
445 static void xive2_presenter_backlog_decr(XivePresenter *xptr,
446                                          uint8_t nvx_blk, uint32_t nvx_idx,
447                                          uint8_t group_prio,
448                                          uint8_t group_level)
449 {
450     Xive2Router *xrtr = XIVE2_ROUTER(xptr);
451     uint32_t nvgc_idx, count;
452     uint8_t nvgc_blk;
453     Xive2Nvgc nvgc;
454 
455     nvgc_blk = nvx_blk;
456     nvgc_idx = nvx_idx;
457     xive2_pgofnext(&nvgc_blk, &nvgc_idx, group_level);
458 
459     if (xive2_router_get_nvgc(xrtr, NVx_CROWD_LVL(group_level),
460                               nvgc_blk, nvgc_idx, &nvgc)) {
461         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: No NVGC %x/%x\n",
462                       nvgc_blk, nvgc_idx);
463         return;
464     }
465     if (!xive2_nvgc_is_valid(&nvgc)) {
466         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Invalid NVGC %x/%x\n",
467                       nvgc_blk, nvgc_idx);
468         return;
469     }
470     count = xive2_nvgc_get_backlog(&nvgc, group_prio);
471     if (!count) {
472         return;
473     }
474     xive2_nvgc_set_backlog(&nvgc, group_prio, count - 1);
475     xive2_router_write_nvgc(xrtr, NVx_CROWD_LVL(group_level),
476                             nvgc_blk, nvgc_idx, &nvgc);
477 }
478 
479 /*
480  * XIVE Thread Interrupt Management Area (TIMA) - Gen2 mode
481  *
482  * TIMA Gen2 VP “save & restore” (S&R) indicated by H bit next to V bit
483  *
484  *   - if a context is enabled with the H bit set, the VP context
485  *     information is retrieved from the NVP structure (“check out”)
486  *     and stored back on a context pull (“check in”), the SW receives
487  *     the same context pull information as on P9
488  *
489  *   - the H bit cannot be changed while the V bit is set, i.e. a
490  *     context cannot be set up in the TIMA and then be “pushed” into
491  *     the NVP by changing the H bit while the context is enabled
492  */
493 
494 static void xive2_tctx_save_ctx(Xive2Router *xrtr, XiveTCTX *tctx,
495                                 uint8_t nvp_blk, uint32_t nvp_idx,
496                                 uint8_t ring)
497 {
498     CPUPPCState *env = &POWERPC_CPU(tctx->cs)->env;
499     uint32_t pir = env->spr_cb[SPR_PIR].default_value;
500     Xive2Nvp nvp;
501     uint8_t *regs = &tctx->regs[ring];
502 
503     if (xive2_router_get_nvp(xrtr, nvp_blk, nvp_idx, &nvp)) {
504         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: No NVP %x/%x\n",
505                           nvp_blk, nvp_idx);
506         return;
507     }
508 
509     if (!xive2_nvp_is_valid(&nvp)) {
510         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid NVP %x/%x\n",
511                       nvp_blk, nvp_idx);
512         return;
513     }
514 
515     if (!xive2_nvp_is_hw(&nvp)) {
516         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: NVP %x/%x is not HW owned\n",
517                       nvp_blk, nvp_idx);
518         return;
519     }
520 
521     if (!xive2_nvp_is_co(&nvp)) {
522         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: NVP %x/%x is not checkout\n",
523                       nvp_blk, nvp_idx);
524         return;
525     }
526 
527     if (xive_get_field32(NVP2_W1_CO_THRID_VALID, nvp.w1) &&
528         xive_get_field32(NVP2_W1_CO_THRID, nvp.w1) != pir) {
529         qemu_log_mask(LOG_GUEST_ERROR,
530                       "XIVE: NVP %x/%x invalid checkout Thread %x\n",
531                       nvp_blk, nvp_idx, pir);
532         return;
533     }
534 
535     nvp.w2 = xive_set_field32(NVP2_W2_IPB, nvp.w2, regs[TM_IPB]);
536     nvp.w2 = xive_set_field32(NVP2_W2_CPPR, nvp.w2, regs[TM_CPPR]);
537     if (nvp.w0 & NVP2_W0_L) {
538         /*
539          * Typically not used. If LSMFB is restored with 0, it will
540          * force a backlog rescan
541          */
542         nvp.w2 = xive_set_field32(NVP2_W2_LSMFB, nvp.w2, regs[TM_LSMFB]);
543     }
544     if (nvp.w0 & NVP2_W0_G) {
545         nvp.w2 = xive_set_field32(NVP2_W2_LGS, nvp.w2, regs[TM_LGS]);
546     }
547     if (nvp.w0 & NVP2_W0_T) {
548         nvp.w2 = xive_set_field32(NVP2_W2_T, nvp.w2, regs[TM_T]);
549     }
550     xive2_router_write_nvp(xrtr, nvp_blk, nvp_idx, &nvp, 2);
551 
552     nvp.w1 = xive_set_field32(NVP2_W1_CO, nvp.w1, 0);
553     /* NVP2_W1_CO_THRID_VALID only set once */
554     nvp.w1 = xive_set_field32(NVP2_W1_CO_THRID, nvp.w1, 0xFFFF);
555     xive2_router_write_nvp(xrtr, nvp_blk, nvp_idx, &nvp, 1);
556 }
557 
558 static void xive2_cam_decode(uint32_t cam, uint8_t *nvp_blk,
559                              uint32_t *nvp_idx, bool *valid, bool *hw)
560 {
561     *nvp_blk = xive2_nvp_blk(cam);
562     *nvp_idx = xive2_nvp_idx(cam);
563     *valid = !!(cam & TM2_W2_VALID);
564     *hw = !!(cam & TM2_W2_HW);
565 }
566 
567 /*
568  * Encode the HW CAM line with 7bit or 8bit thread id. The thread id
569  * width and block id width is configurable at the IC level.
570  *
571  *    chipid << 24 | 0000 0000 0000 0000 1 threadid (7Bit)
572  *    chipid << 24 | 0000 0000 0000 0001 threadid   (8Bit)
573  */
574 static uint32_t xive2_tctx_hw_cam_line(XivePresenter *xptr, XiveTCTX *tctx)
575 {
576     Xive2Router *xrtr = XIVE2_ROUTER(xptr);
577     CPUPPCState *env = &POWERPC_CPU(tctx->cs)->env;
578     uint32_t pir = env->spr_cb[SPR_PIR].default_value;
579     uint8_t blk = xive2_router_get_block_id(xrtr);
580     uint8_t tid_shift =
581         xive2_router_get_config(xrtr) & XIVE2_THREADID_8BITS ? 8 : 7;
582     uint8_t tid_mask = (1 << tid_shift) - 1;
583 
584     return xive2_nvp_cam_line(blk, 1 << tid_shift | (pir & tid_mask));
585 }
586 
587 static uint64_t xive2_tm_pull_ctx(XivePresenter *xptr, XiveTCTX *tctx,
588                                   hwaddr offset, unsigned size, uint8_t ring)
589 {
590     Xive2Router *xrtr = XIVE2_ROUTER(xptr);
591     uint32_t target_ringw2 = xive_tctx_word2(&tctx->regs[ring]);
592     uint32_t cam = be32_to_cpu(target_ringw2);
593     uint8_t nvp_blk;
594     uint32_t nvp_idx;
595     uint8_t cur_ring;
596     bool valid;
597     bool do_save;
598 
599     xive2_cam_decode(cam, &nvp_blk, &nvp_idx, &valid, &do_save);
600 
601     if (!valid) {
602         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: pulling invalid NVP %x/%x !?\n",
603                       nvp_blk, nvp_idx);
604     }
605 
606     /* Invalidate CAM line of requested ring and all lower rings */
607     for (cur_ring = TM_QW0_USER; cur_ring <= ring;
608          cur_ring += XIVE_TM_RING_SIZE) {
609         uint32_t ringw2 = xive_tctx_word2(&tctx->regs[cur_ring]);
610         uint32_t ringw2_new = xive_set_field32(TM2_QW1W2_VO, ringw2, 0);
611         memcpy(&tctx->regs[cur_ring + TM_WORD2], &ringw2_new, 4);
612     }
613 
614     if (xive2_router_get_config(xrtr) & XIVE2_VP_SAVE_RESTORE && do_save) {
615         xive2_tctx_save_ctx(xrtr, tctx, nvp_blk, nvp_idx, ring);
616     }
617 
618     /*
619      * Lower external interrupt line of requested ring and below except for
620      * USER, which doesn't exist.
621      */
622     for (cur_ring = TM_QW1_OS; cur_ring <= ring;
623          cur_ring += XIVE_TM_RING_SIZE) {
624         xive_tctx_reset_signal(tctx, cur_ring);
625     }
626     return target_ringw2;
627 }
628 
629 uint64_t xive2_tm_pull_os_ctx(XivePresenter *xptr, XiveTCTX *tctx,
630                               hwaddr offset, unsigned size)
631 {
632     return xive2_tm_pull_ctx(xptr, tctx, offset, size, TM_QW1_OS);
633 }
634 
635 #define REPORT_LINE_GEN1_SIZE       16
636 
637 static void xive2_tm_report_line_gen1(XiveTCTX *tctx, uint8_t *data,
638                                       uint8_t size)
639 {
640     uint8_t *regs = tctx->regs;
641 
642     g_assert(size == REPORT_LINE_GEN1_SIZE);
643     memset(data, 0, size);
644     /*
645      * See xive architecture for description of what is saved. It is
646      * hand-picked information to fit in 16 bytes.
647      */
648     data[0x0] = regs[TM_QW3_HV_PHYS + TM_NSR];
649     data[0x1] = regs[TM_QW3_HV_PHYS + TM_CPPR];
650     data[0x2] = regs[TM_QW3_HV_PHYS + TM_IPB];
651     data[0x3] = regs[TM_QW2_HV_POOL + TM_IPB];
652     data[0x4] = regs[TM_QW1_OS + TM_ACK_CNT];
653     data[0x5] = regs[TM_QW3_HV_PHYS + TM_LGS];
654     data[0x6] = 0xFF;
655     data[0x7] = regs[TM_QW3_HV_PHYS + TM_WORD2] & 0x80;
656     data[0x7] |= (regs[TM_QW2_HV_POOL + TM_WORD2] & 0x80) >> 1;
657     data[0x7] |= (regs[TM_QW1_OS + TM_WORD2] & 0x80) >> 2;
658     data[0x7] |= (regs[TM_QW3_HV_PHYS + TM_WORD2] & 0x3);
659     data[0x8] = regs[TM_QW1_OS + TM_NSR];
660     data[0x9] = regs[TM_QW1_OS + TM_CPPR];
661     data[0xA] = regs[TM_QW1_OS + TM_IPB];
662     data[0xB] = regs[TM_QW1_OS + TM_LGS];
663     if (regs[TM_QW0_USER + TM_WORD2] & 0x80) {
664         /*
665          * Logical server extension, except VU bit replaced by EB bit
666          * from NSR
667          */
668         data[0xC] = regs[TM_QW0_USER + TM_WORD2];
669         data[0xC] &= ~0x80;
670         data[0xC] |= regs[TM_QW0_USER + TM_NSR] & 0x80;
671         data[0xD] = regs[TM_QW0_USER + TM_WORD2 + 1];
672         data[0xE] = regs[TM_QW0_USER + TM_WORD2 + 2];
673         data[0xF] = regs[TM_QW0_USER + TM_WORD2 + 3];
674     }
675 }
676 
677 static void xive2_tm_pull_ctx_ol(XivePresenter *xptr, XiveTCTX *tctx,
678                                  hwaddr offset, uint64_t value,
679                                  unsigned size, uint8_t ring)
680 {
681     Xive2Router *xrtr = XIVE2_ROUTER(xptr);
682     uint32_t hw_cam, nvp_idx, xive2_cfg, reserved;
683     uint8_t nvp_blk;
684     Xive2Nvp nvp;
685     uint64_t phys_addr;
686     MemTxResult result;
687 
688     hw_cam = xive2_tctx_hw_cam_line(xptr, tctx);
689     nvp_blk = xive2_nvp_blk(hw_cam);
690     nvp_idx = xive2_nvp_idx(hw_cam);
691 
692     if (xive2_router_get_nvp(xrtr, nvp_blk, nvp_idx, &nvp)) {
693         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: No NVP %x/%x\n",
694                       nvp_blk, nvp_idx);
695         return;
696     }
697 
698     if (!xive2_nvp_is_valid(&nvp)) {
699         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid NVP %x/%x\n",
700                       nvp_blk, nvp_idx);
701         return;
702     }
703 
704     xive2_cfg = xive2_router_get_config(xrtr);
705 
706     phys_addr = xive2_nvp_reporting_addr(&nvp) + 0x80; /* odd line */
707     if (xive2_cfg & XIVE2_GEN1_TIMA_OS) {
708         uint8_t pull_ctxt[REPORT_LINE_GEN1_SIZE];
709 
710         xive2_tm_report_line_gen1(tctx, pull_ctxt, REPORT_LINE_GEN1_SIZE);
711         result = dma_memory_write(&address_space_memory, phys_addr,
712                                   pull_ctxt, REPORT_LINE_GEN1_SIZE,
713                                   MEMTXATTRS_UNSPECIFIED);
714         assert(result == MEMTX_OK);
715     } else {
716         result = dma_memory_write(&address_space_memory, phys_addr,
717                                   &tctx->regs, sizeof(tctx->regs),
718                                   MEMTXATTRS_UNSPECIFIED);
719         assert(result == MEMTX_OK);
720         reserved = 0xFFFFFFFF;
721         result = dma_memory_write(&address_space_memory, phys_addr + 12,
722                                   &reserved, sizeof(reserved),
723                                   MEMTXATTRS_UNSPECIFIED);
724         assert(result == MEMTX_OK);
725     }
726 
727     /* the rest is similar to pull context to registers */
728     xive2_tm_pull_ctx(xptr, tctx, offset, size, ring);
729 }
730 
731 void xive2_tm_pull_os_ctx_ol(XivePresenter *xptr, XiveTCTX *tctx,
732                              hwaddr offset, uint64_t value, unsigned size)
733 {
734     xive2_tm_pull_ctx_ol(xptr, tctx, offset, value, size, TM_QW1_OS);
735 }
736 
737 
738 void xive2_tm_pull_phys_ctx_ol(XivePresenter *xptr, XiveTCTX *tctx,
739                                hwaddr offset, uint64_t value, unsigned size)
740 {
741     xive2_tm_pull_ctx_ol(xptr, tctx, offset, value, size, TM_QW3_HV_PHYS);
742 }
743 
744 static uint8_t xive2_tctx_restore_os_ctx(Xive2Router *xrtr, XiveTCTX *tctx,
745                                         uint8_t nvp_blk, uint32_t nvp_idx,
746                                         Xive2Nvp *nvp)
747 {
748     CPUPPCState *env = &POWERPC_CPU(tctx->cs)->env;
749     uint32_t pir = env->spr_cb[SPR_PIR].default_value;
750     uint8_t cppr;
751 
752     if (!xive2_nvp_is_hw(nvp)) {
753         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: NVP %x/%x is not HW owned\n",
754                       nvp_blk, nvp_idx);
755         return 0;
756     }
757 
758     cppr = xive_get_field32(NVP2_W2_CPPR, nvp->w2);
759     nvp->w2 = xive_set_field32(NVP2_W2_CPPR, nvp->w2, 0);
760     xive2_router_write_nvp(xrtr, nvp_blk, nvp_idx, nvp, 2);
761 
762     tctx->regs[TM_QW1_OS + TM_CPPR] = cppr;
763     tctx->regs[TM_QW1_OS + TM_LSMFB] = xive_get_field32(NVP2_W2_LSMFB, nvp->w2);
764     tctx->regs[TM_QW1_OS + TM_LGS] = xive_get_field32(NVP2_W2_LGS, nvp->w2);
765     tctx->regs[TM_QW1_OS + TM_T] = xive_get_field32(NVP2_W2_T, nvp->w2);
766 
767     nvp->w1 = xive_set_field32(NVP2_W1_CO, nvp->w1, 1);
768     nvp->w1 = xive_set_field32(NVP2_W1_CO_THRID_VALID, nvp->w1, 1);
769     nvp->w1 = xive_set_field32(NVP2_W1_CO_THRID, nvp->w1, pir);
770 
771     /*
772      * Checkout privilege: 0:OS, 1:Pool, 2:Hard
773      *
774      * TODO: we only support OS push/pull
775      */
776     nvp->w1 = xive_set_field32(NVP2_W1_CO_PRIV, nvp->w1, 0);
777 
778     xive2_router_write_nvp(xrtr, nvp_blk, nvp_idx, nvp, 1);
779 
780     /* return restored CPPR to generate a CPU exception if needed */
781     return cppr;
782 }
783 
784 static void xive2_tctx_need_resend(Xive2Router *xrtr, XiveTCTX *tctx,
785                                    uint8_t nvp_blk, uint32_t nvp_idx,
786                                    bool do_restore)
787 {
788     XivePresenter *xptr = XIVE_PRESENTER(xrtr);
789     uint8_t ipb;
790     uint8_t backlog_level;
791     uint8_t group_level;
792     uint8_t first_group;
793     uint8_t backlog_prio;
794     uint8_t group_prio;
795     uint8_t *regs = &tctx->regs[TM_QW1_OS];
796     Xive2Nvp nvp;
797 
798     /*
799      * Grab the associated thread interrupt context registers in the
800      * associated NVP
801      */
802     if (xive2_router_get_nvp(xrtr, nvp_blk, nvp_idx, &nvp)) {
803         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: No NVP %x/%x\n",
804                       nvp_blk, nvp_idx);
805         return;
806     }
807 
808     if (!xive2_nvp_is_valid(&nvp)) {
809         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid NVP %x/%x\n",
810                       nvp_blk, nvp_idx);
811         return;
812     }
813 
814     /* Automatically restore thread context registers */
815     if (xive2_router_get_config(xrtr) & XIVE2_VP_SAVE_RESTORE &&
816         do_restore) {
817         xive2_tctx_restore_os_ctx(xrtr, tctx, nvp_blk, nvp_idx, &nvp);
818     }
819 
820     ipb = xive_get_field32(NVP2_W2_IPB, nvp.w2);
821     if (ipb) {
822         nvp.w2 = xive_set_field32(NVP2_W2_IPB, nvp.w2, 0);
823         xive2_router_write_nvp(xrtr, nvp_blk, nvp_idx, &nvp, 2);
824     }
825     regs[TM_IPB] |= ipb;
826     backlog_prio = xive_ipb_to_pipr(ipb);
827     backlog_level = 0;
828 
829     first_group = xive_get_field32(NVP2_W0_PGOFIRST, nvp.w0);
830     if (first_group && regs[TM_LSMFB] < backlog_prio) {
831         group_prio = xive2_presenter_backlog_scan(xptr, nvp_blk, nvp_idx,
832                                                   first_group, &group_level);
833         regs[TM_LSMFB] = group_prio;
834         if (regs[TM_LGS] && group_prio < backlog_prio) {
835             /* VP can take a group interrupt */
836             xive2_presenter_backlog_decr(xptr, nvp_blk, nvp_idx,
837                                          group_prio, group_level);
838             backlog_prio = group_prio;
839             backlog_level = group_level;
840         }
841     }
842 
843     /*
844      * Compute the PIPR based on the restored state.
845      * It will raise the External interrupt signal if needed.
846      */
847     xive_tctx_pipr_update(tctx, TM_QW1_OS, backlog_prio, backlog_level);
848 }
849 
850 /*
851  * Updating the OS CAM line can trigger a resend of interrupt
852  */
853 void xive2_tm_push_os_ctx(XivePresenter *xptr, XiveTCTX *tctx,
854                           hwaddr offset, uint64_t value, unsigned size)
855 {
856     uint32_t cam;
857     uint32_t qw1w2;
858     uint64_t qw1dw1;
859     uint8_t nvp_blk;
860     uint32_t nvp_idx;
861     bool vo;
862     bool do_restore;
863 
864     /* First update the thead context */
865     switch (size) {
866     case 4:
867         cam = value;
868         qw1w2 = cpu_to_be32(cam);
869         memcpy(&tctx->regs[TM_QW1_OS + TM_WORD2], &qw1w2, 4);
870         break;
871     case 8:
872         cam = value >> 32;
873         qw1dw1 = cpu_to_be64(value);
874         memcpy(&tctx->regs[TM_QW1_OS + TM_WORD2], &qw1dw1, 8);
875         break;
876     default:
877         g_assert_not_reached();
878     }
879 
880     xive2_cam_decode(cam, &nvp_blk, &nvp_idx, &vo, &do_restore);
881 
882     /* Check the interrupt pending bits */
883     if (vo) {
884         xive2_tctx_need_resend(XIVE2_ROUTER(xptr), tctx, nvp_blk, nvp_idx,
885                                do_restore);
886     }
887 }
888 
889 static int xive2_tctx_get_nvp_indexes(XiveTCTX *tctx, uint8_t ring,
890                                       uint32_t *nvp_blk, uint32_t *nvp_idx)
891 {
892     uint32_t w2, cam;
893 
894     w2 = xive_tctx_word2(&tctx->regs[ring]);
895     switch (ring) {
896     case TM_QW1_OS:
897         if (!(be32_to_cpu(w2) & TM2_QW1W2_VO)) {
898             return -1;
899         }
900         cam = xive_get_field32(TM2_QW1W2_OS_CAM, w2);
901         break;
902     case TM_QW2_HV_POOL:
903         if (!(be32_to_cpu(w2) & TM2_QW2W2_VP)) {
904             return -1;
905         }
906         cam = xive_get_field32(TM2_QW2W2_POOL_CAM, w2);
907         break;
908     case TM_QW3_HV_PHYS:
909         if (!(be32_to_cpu(w2) & TM2_QW3W2_VT)) {
910             return -1;
911         }
912         cam = xive2_tctx_hw_cam_line(tctx->xptr, tctx);
913         break;
914     default:
915         return -1;
916     }
917     *nvp_blk = xive2_nvp_blk(cam);
918     *nvp_idx = xive2_nvp_idx(cam);
919     return 0;
920 }
921 
922 static void xive2_tctx_set_cppr(XiveTCTX *tctx, uint8_t ring, uint8_t cppr)
923 {
924     uint8_t *regs = &tctx->regs[ring];
925     Xive2Router *xrtr = XIVE2_ROUTER(tctx->xptr);
926     uint8_t old_cppr, backlog_prio, first_group, group_level = 0;
927     uint8_t pipr_min, lsmfb_min, ring_min;
928     bool group_enabled;
929     uint32_t nvp_blk, nvp_idx;
930     Xive2Nvp nvp;
931     int rc;
932 
933     trace_xive_tctx_set_cppr(tctx->cs->cpu_index, ring,
934                              regs[TM_IPB], regs[TM_PIPR],
935                              cppr, regs[TM_NSR]);
936 
937     if (cppr > XIVE_PRIORITY_MAX) {
938         cppr = 0xff;
939     }
940 
941     old_cppr = regs[TM_CPPR];
942     regs[TM_CPPR] = cppr;
943 
944     /*
945      * Recompute the PIPR based on local pending interrupts. It will
946      * be adjusted below if needed in case of pending group interrupts.
947      */
948     pipr_min = xive_ipb_to_pipr(regs[TM_IPB]);
949     group_enabled = !!regs[TM_LGS];
950     lsmfb_min = (group_enabled) ? regs[TM_LSMFB] : 0xff;
951     ring_min = ring;
952 
953     /* PHYS updates also depend on POOL values */
954     if (ring == TM_QW3_HV_PHYS) {
955         uint8_t *pregs = &tctx->regs[TM_QW2_HV_POOL];
956 
957         /* POOL values only matter if POOL ctx is valid */
958         if (pregs[TM_WORD2] & 0x80) {
959 
960             uint8_t pool_pipr = xive_ipb_to_pipr(pregs[TM_IPB]);
961             uint8_t pool_lsmfb = pregs[TM_LSMFB];
962 
963             /*
964              * Determine highest priority interrupt and
965              * remember which ring has it.
966              */
967             if (pool_pipr < pipr_min) {
968                 pipr_min = pool_pipr;
969                 if (pool_pipr < lsmfb_min) {
970                     ring_min = TM_QW2_HV_POOL;
971                 }
972             }
973 
974             /* Values needed for group priority calculation */
975             if (pregs[TM_LGS] && (pool_lsmfb < lsmfb_min)) {
976                 group_enabled = true;
977                 lsmfb_min = pool_lsmfb;
978                 if (lsmfb_min < pipr_min) {
979                     ring_min = TM_QW2_HV_POOL;
980                 }
981             }
982         }
983     }
984     regs[TM_PIPR] = pipr_min;
985 
986     rc = xive2_tctx_get_nvp_indexes(tctx, ring_min, &nvp_blk, &nvp_idx);
987     if (rc) {
988         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: set CPPR on invalid context\n");
989         return;
990     }
991 
992     if (cppr < old_cppr) {
993         /*
994          * FIXME: check if there's a group interrupt being presented
995          * and if the new cppr prevents it. If so, then the group
996          * interrupt needs to be re-added to the backlog and
997          * re-triggered (see re-trigger END info in the NVGC
998          * structure)
999          */
1000     }
1001 
1002     if (group_enabled &&
1003         lsmfb_min < cppr &&
1004         lsmfb_min < regs[TM_PIPR]) {
1005         /*
1006          * Thread has seen a group interrupt with a higher priority
1007          * than the new cppr or pending local interrupt. Check the
1008          * backlog
1009          */
1010         if (xive2_router_get_nvp(xrtr, nvp_blk, nvp_idx, &nvp)) {
1011             qemu_log_mask(LOG_GUEST_ERROR, "XIVE: No NVP %x/%x\n",
1012                           nvp_blk, nvp_idx);
1013             return;
1014         }
1015 
1016         if (!xive2_nvp_is_valid(&nvp)) {
1017             qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid NVP %x/%x\n",
1018                           nvp_blk, nvp_idx);
1019             return;
1020         }
1021 
1022         first_group = xive_get_field32(NVP2_W0_PGOFIRST, nvp.w0);
1023         if (!first_group) {
1024             qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid NVP %x/%x\n",
1025                           nvp_blk, nvp_idx);
1026             return;
1027         }
1028 
1029         backlog_prio = xive2_presenter_backlog_scan(tctx->xptr,
1030                                                     nvp_blk, nvp_idx,
1031                                                     first_group, &group_level);
1032         tctx->regs[ring_min + TM_LSMFB] = backlog_prio;
1033         if (backlog_prio != 0xFF) {
1034             xive2_presenter_backlog_decr(tctx->xptr, nvp_blk, nvp_idx,
1035                                          backlog_prio, group_level);
1036             regs[TM_PIPR] = backlog_prio;
1037         }
1038     }
1039     /* CPPR has changed, check if we need to raise a pending exception */
1040     xive_tctx_notify(tctx, ring_min, group_level);
1041 }
1042 
1043 void xive2_tm_set_hv_cppr(XivePresenter *xptr, XiveTCTX *tctx,
1044                           hwaddr offset, uint64_t value, unsigned size)
1045 {
1046     xive2_tctx_set_cppr(tctx, TM_QW3_HV_PHYS, value & 0xff);
1047 }
1048 
1049 void xive2_tm_set_os_cppr(XivePresenter *xptr, XiveTCTX *tctx,
1050                           hwaddr offset, uint64_t value, unsigned size)
1051 {
1052     xive2_tctx_set_cppr(tctx, TM_QW1_OS, value & 0xff);
1053 }
1054 
1055 static void xive2_tctx_set_target(XiveTCTX *tctx, uint8_t ring, uint8_t target)
1056 {
1057     uint8_t *regs = &tctx->regs[ring];
1058 
1059     regs[TM_T] = target;
1060 }
1061 
1062 void xive2_tm_set_hv_target(XivePresenter *xptr, XiveTCTX *tctx,
1063                             hwaddr offset, uint64_t value, unsigned size)
1064 {
1065     xive2_tctx_set_target(tctx, TM_QW3_HV_PHYS, value & 0xff);
1066 }
1067 
1068 /*
1069  * XIVE Router (aka. Virtualization Controller or IVRE)
1070  */
1071 
1072 int xive2_router_get_eas(Xive2Router *xrtr, uint8_t eas_blk, uint32_t eas_idx,
1073                          Xive2Eas *eas)
1074 {
1075     Xive2RouterClass *xrc = XIVE2_ROUTER_GET_CLASS(xrtr);
1076 
1077     return xrc->get_eas(xrtr, eas_blk, eas_idx, eas);
1078 }
1079 
1080 static
1081 int xive2_router_get_pq(Xive2Router *xrtr, uint8_t eas_blk, uint32_t eas_idx,
1082                        uint8_t *pq)
1083 {
1084     Xive2RouterClass *xrc = XIVE2_ROUTER_GET_CLASS(xrtr);
1085 
1086     return xrc->get_pq(xrtr, eas_blk, eas_idx, pq);
1087 }
1088 
1089 static
1090 int xive2_router_set_pq(Xive2Router *xrtr, uint8_t eas_blk, uint32_t eas_idx,
1091                        uint8_t *pq)
1092 {
1093     Xive2RouterClass *xrc = XIVE2_ROUTER_GET_CLASS(xrtr);
1094 
1095     return xrc->set_pq(xrtr, eas_blk, eas_idx, pq);
1096 }
1097 
1098 int xive2_router_get_end(Xive2Router *xrtr, uint8_t end_blk, uint32_t end_idx,
1099                          Xive2End *end)
1100 {
1101    Xive2RouterClass *xrc = XIVE2_ROUTER_GET_CLASS(xrtr);
1102 
1103    return xrc->get_end(xrtr, end_blk, end_idx, end);
1104 }
1105 
1106 int xive2_router_write_end(Xive2Router *xrtr, uint8_t end_blk, uint32_t end_idx,
1107                            Xive2End *end, uint8_t word_number)
1108 {
1109    Xive2RouterClass *xrc = XIVE2_ROUTER_GET_CLASS(xrtr);
1110 
1111    return xrc->write_end(xrtr, end_blk, end_idx, end, word_number);
1112 }
1113 
1114 int xive2_router_get_nvp(Xive2Router *xrtr, uint8_t nvp_blk, uint32_t nvp_idx,
1115                          Xive2Nvp *nvp)
1116 {
1117    Xive2RouterClass *xrc = XIVE2_ROUTER_GET_CLASS(xrtr);
1118 
1119    return xrc->get_nvp(xrtr, nvp_blk, nvp_idx, nvp);
1120 }
1121 
1122 int xive2_router_write_nvp(Xive2Router *xrtr, uint8_t nvp_blk, uint32_t nvp_idx,
1123                            Xive2Nvp *nvp, uint8_t word_number)
1124 {
1125    Xive2RouterClass *xrc = XIVE2_ROUTER_GET_CLASS(xrtr);
1126 
1127    return xrc->write_nvp(xrtr, nvp_blk, nvp_idx, nvp, word_number);
1128 }
1129 
1130 int xive2_router_get_nvgc(Xive2Router *xrtr, bool crowd,
1131                           uint8_t nvgc_blk, uint32_t nvgc_idx,
1132                           Xive2Nvgc *nvgc)
1133 {
1134    Xive2RouterClass *xrc = XIVE2_ROUTER_GET_CLASS(xrtr);
1135 
1136    return xrc->get_nvgc(xrtr, crowd, nvgc_blk, nvgc_idx, nvgc);
1137 }
1138 
1139 int xive2_router_write_nvgc(Xive2Router *xrtr, bool crowd,
1140                             uint8_t nvgc_blk, uint32_t nvgc_idx,
1141                             Xive2Nvgc *nvgc)
1142 {
1143    Xive2RouterClass *xrc = XIVE2_ROUTER_GET_CLASS(xrtr);
1144 
1145    return xrc->write_nvgc(xrtr, crowd, nvgc_blk, nvgc_idx, nvgc);
1146 }
1147 
1148 static bool xive2_vp_match_mask(uint32_t cam1, uint32_t cam2,
1149                                 uint32_t vp_mask)
1150 {
1151     return (cam1 & vp_mask) == (cam2 & vp_mask);
1152 }
1153 
1154 static uint8_t xive2_get_vp_block_mask(uint32_t nvt_blk, bool crowd)
1155 {
1156     uint8_t block_mask = 0b1111;
1157 
1158     /* 3 supported crowd sizes: 2, 4, 16 */
1159     if (crowd) {
1160         uint32_t size = xive_get_vpgroup_size(nvt_blk);
1161 
1162         if (size != 2 && size != 4 && size != 16) {
1163             qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Invalid crowd size of %d",
1164                                            size);
1165             return block_mask;
1166         }
1167         block_mask &= ~(size - 1);
1168     }
1169     return block_mask;
1170 }
1171 
1172 static uint32_t xive2_get_vp_index_mask(uint32_t nvt_index, bool cam_ignore)
1173 {
1174     uint32_t index_mask = 0xFFFFFF; /* 24 bits */
1175 
1176     if (cam_ignore) {
1177         uint32_t size = xive_get_vpgroup_size(nvt_index);
1178 
1179         if (size < 2) {
1180             qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Invalid group size of %d",
1181                                            size);
1182             return index_mask;
1183         }
1184         index_mask &= ~(size - 1);
1185     }
1186     return index_mask;
1187 }
1188 
1189 /*
1190  * The thread context register words are in big-endian format.
1191  */
1192 int xive2_presenter_tctx_match(XivePresenter *xptr, XiveTCTX *tctx,
1193                                uint8_t format,
1194                                uint8_t nvt_blk, uint32_t nvt_idx,
1195                                bool crowd, bool cam_ignore,
1196                                uint32_t logic_serv)
1197 {
1198     uint32_t cam =   xive2_nvp_cam_line(nvt_blk, nvt_idx);
1199     uint32_t qw3w2 = xive_tctx_word2(&tctx->regs[TM_QW3_HV_PHYS]);
1200     uint32_t qw2w2 = xive_tctx_word2(&tctx->regs[TM_QW2_HV_POOL]);
1201     uint32_t qw1w2 = xive_tctx_word2(&tctx->regs[TM_QW1_OS]);
1202     uint32_t qw0w2 = xive_tctx_word2(&tctx->regs[TM_QW0_USER]);
1203 
1204     uint32_t index_mask, vp_mask;
1205     uint8_t block_mask;
1206 
1207     if (format == 0) {
1208         /*
1209          * i=0: Specific NVT notification
1210          * i=1: VP-group notification (bits ignored at the end of the
1211          *      NVT identifier)
1212          */
1213         block_mask = xive2_get_vp_block_mask(nvt_blk, crowd);
1214         index_mask = xive2_get_vp_index_mask(nvt_idx, cam_ignore);
1215         vp_mask = xive2_nvp_cam_line(block_mask, index_mask);
1216 
1217         /* For VP-group notifications, threads with LGS=0 are excluded */
1218 
1219         /* PHYS ring */
1220         if ((be32_to_cpu(qw3w2) & TM2_QW3W2_VT) &&
1221             !(cam_ignore && tctx->regs[TM_QW3_HV_PHYS + TM_LGS] == 0) &&
1222             xive2_vp_match_mask(cam,
1223                                 xive2_tctx_hw_cam_line(xptr, tctx),
1224                                 vp_mask)) {
1225             return TM_QW3_HV_PHYS;
1226         }
1227 
1228         /* HV POOL ring */
1229         if ((be32_to_cpu(qw2w2) & TM2_QW2W2_VP) &&
1230             !(cam_ignore && tctx->regs[TM_QW2_HV_POOL + TM_LGS] == 0) &&
1231             xive2_vp_match_mask(cam,
1232                                 xive_get_field32(TM2_QW2W2_POOL_CAM, qw2w2),
1233                                 vp_mask)) {
1234             return TM_QW2_HV_POOL;
1235         }
1236 
1237         /* OS ring */
1238         if ((be32_to_cpu(qw1w2) & TM2_QW1W2_VO) &&
1239             !(cam_ignore && tctx->regs[TM_QW1_OS + TM_LGS] == 0) &&
1240             xive2_vp_match_mask(cam,
1241                                 xive_get_field32(TM2_QW1W2_OS_CAM, qw1w2),
1242                                 vp_mask)) {
1243             return TM_QW1_OS;
1244         }
1245     } else {
1246         /* F=1 : User level Event-Based Branch (EBB) notification */
1247 
1248         /* FIXME: what if cam_ignore and LGS = 0 ? */
1249         /* USER ring */
1250         if  ((be32_to_cpu(qw1w2) & TM2_QW1W2_VO) &&
1251              (cam == xive_get_field32(TM2_QW1W2_OS_CAM, qw1w2)) &&
1252              (be32_to_cpu(qw0w2) & TM2_QW0W2_VU) &&
1253              (logic_serv == xive_get_field32(TM2_QW0W2_LOGIC_SERV, qw0w2))) {
1254             return TM_QW0_USER;
1255         }
1256     }
1257     return -1;
1258 }
1259 
1260 bool xive2_tm_irq_precluded(XiveTCTX *tctx, int ring, uint8_t priority)
1261 {
1262     /* HV_POOL ring uses HV_PHYS NSR, CPPR and PIPR registers */
1263     uint8_t alt_ring = (ring == TM_QW2_HV_POOL) ? TM_QW3_HV_PHYS : ring;
1264     uint8_t *alt_regs = &tctx->regs[alt_ring];
1265 
1266     /*
1267      * The xive2_presenter_tctx_match() above tells if there's a match
1268      * but for VP-group notification, we still need to look at the
1269      * priority to know if the thread can take the interrupt now or if
1270      * it is precluded.
1271      */
1272     if (priority < alt_regs[TM_CPPR]) {
1273         return false;
1274     }
1275     return true;
1276 }
1277 
1278 void xive2_tm_set_lsmfb(XiveTCTX *tctx, int ring, uint8_t priority)
1279 {
1280     uint8_t *regs = &tctx->regs[ring];
1281 
1282     /*
1283      * Called by the router during a VP-group notification when the
1284      * thread matches but can't take the interrupt because it's
1285      * already running at a more favored priority. It then stores the
1286      * new interrupt priority in the LSMFB field.
1287      */
1288     regs[TM_LSMFB] = priority;
1289 }
1290 
1291 static void xive2_router_realize(DeviceState *dev, Error **errp)
1292 {
1293     Xive2Router *xrtr = XIVE2_ROUTER(dev);
1294 
1295     assert(xrtr->xfb);
1296 }
1297 
1298 /*
1299  * Notification using the END ESe/ESn bit (Event State Buffer for
1300  * escalation and notification). Profide further coalescing in the
1301  * Router.
1302  */
1303 static bool xive2_router_end_es_notify(Xive2Router *xrtr, uint8_t end_blk,
1304                                        uint32_t end_idx, Xive2End *end,
1305                                        uint32_t end_esmask)
1306 {
1307     uint8_t pq = xive_get_field32(end_esmask, end->w1);
1308     bool notify = xive_esb_trigger(&pq);
1309 
1310     if (pq != xive_get_field32(end_esmask, end->w1)) {
1311         end->w1 = xive_set_field32(end_esmask, end->w1, pq);
1312         xive2_router_write_end(xrtr, end_blk, end_idx, end, 1);
1313     }
1314 
1315     /* ESe/n[Q]=1 : end of notification */
1316     return notify;
1317 }
1318 
1319 /*
1320  * An END trigger can come from an event trigger (IPI or HW) or from
1321  * another chip. We don't model the PowerBus but the END trigger
1322  * message has the same parameters than in the function below.
1323  */
1324 static void xive2_router_end_notify(Xive2Router *xrtr, uint8_t end_blk,
1325                                     uint32_t end_idx, uint32_t end_data)
1326 {
1327     Xive2End end;
1328     uint8_t priority;
1329     uint8_t format;
1330     bool found, precluded;
1331     uint8_t nvx_blk;
1332     uint32_t nvx_idx;
1333 
1334     /* END cache lookup */
1335     if (xive2_router_get_end(xrtr, end_blk, end_idx, &end)) {
1336         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: No END %x/%x\n", end_blk,
1337                       end_idx);
1338         return;
1339     }
1340 
1341     if (!xive2_end_is_valid(&end)) {
1342         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: END %x/%x is invalid\n",
1343                       end_blk, end_idx);
1344         return;
1345     }
1346 
1347     if (xive2_end_is_crowd(&end) && !xive2_end_is_ignore(&end)) {
1348         qemu_log_mask(LOG_GUEST_ERROR,
1349                       "XIVE: invalid END, 'crowd' bit requires 'ignore' bit\n");
1350         return;
1351     }
1352 
1353     if (xive2_end_is_enqueue(&end)) {
1354         xive2_end_enqueue(&end, end_data);
1355         /* Enqueuing event data modifies the EQ toggle and index */
1356         xive2_router_write_end(xrtr, end_blk, end_idx, &end, 1);
1357     }
1358 
1359     /*
1360      * When the END is silent, we skip the notification part.
1361      */
1362     if (xive2_end_is_silent_escalation(&end)) {
1363         goto do_escalation;
1364     }
1365 
1366     /*
1367      * The W7 format depends on the F bit in W6. It defines the type
1368      * of the notification :
1369      *
1370      *   F=0 : single or multiple NVP notification
1371      *   F=1 : User level Event-Based Branch (EBB) notification, no
1372      *         priority
1373      */
1374     format = xive_get_field32(END2_W6_FORMAT_BIT, end.w6);
1375     priority = xive_get_field32(END2_W7_F0_PRIORITY, end.w7);
1376 
1377     /* The END is masked */
1378     if (format == 0 && priority == 0xff) {
1379         return;
1380     }
1381 
1382     /*
1383      * Check the END ESn (Event State Buffer for notification) for
1384      * even further coalescing in the Router
1385      */
1386     if (!xive2_end_is_notify(&end)) {
1387         /* ESn[Q]=1 : end of notification */
1388         if (!xive2_router_end_es_notify(xrtr, end_blk, end_idx,
1389                                        &end, END2_W1_ESn)) {
1390             return;
1391         }
1392     }
1393 
1394     /*
1395      * Follows IVPE notification
1396      */
1397     nvx_blk = xive_get_field32(END2_W6_VP_BLOCK, end.w6);
1398     nvx_idx = xive_get_field32(END2_W6_VP_OFFSET, end.w6);
1399 
1400     found = xive_presenter_notify(xrtr->xfb, format, nvx_blk, nvx_idx,
1401                           xive2_end_is_crowd(&end), xive2_end_is_ignore(&end),
1402                           priority,
1403                           xive_get_field32(END2_W7_F1_LOG_SERVER_ID, end.w7),
1404                           &precluded);
1405 
1406     /* TODO: Auto EOI. */
1407 
1408     if (found) {
1409         return;
1410     }
1411 
1412     /*
1413      * If no matching NVP is dispatched on a HW thread :
1414      * - specific VP: update the NVP structure if backlog is activated
1415      * - VP-group: update the backlog counter for that priority in the NVG
1416      */
1417     if (xive2_end_is_backlog(&end)) {
1418 
1419         if (format == 1) {
1420             qemu_log_mask(LOG_GUEST_ERROR,
1421                           "XIVE: END %x/%x invalid config: F1 & backlog\n",
1422                           end_blk, end_idx);
1423             return;
1424         }
1425 
1426         if (!xive2_end_is_ignore(&end)) {
1427             uint8_t ipb;
1428             Xive2Nvp nvp;
1429 
1430             /* NVP cache lookup */
1431             if (xive2_router_get_nvp(xrtr, nvx_blk, nvx_idx, &nvp)) {
1432                 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: no NVP %x/%x\n",
1433                               nvx_blk, nvx_idx);
1434                 return;
1435             }
1436 
1437             if (!xive2_nvp_is_valid(&nvp)) {
1438                 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: NVP %x/%x is invalid\n",
1439                               nvx_blk, nvx_idx);
1440                 return;
1441             }
1442 
1443             /*
1444              * Record the IPB in the associated NVP structure for later
1445              * use. The presenter will resend the interrupt when the vCPU
1446              * is dispatched again on a HW thread.
1447              */
1448             ipb = xive_get_field32(NVP2_W2_IPB, nvp.w2) |
1449                 xive_priority_to_ipb(priority);
1450             nvp.w2 = xive_set_field32(NVP2_W2_IPB, nvp.w2, ipb);
1451             xive2_router_write_nvp(xrtr, nvx_blk, nvx_idx, &nvp, 2);
1452         } else {
1453             Xive2Nvgc nvgc;
1454             uint32_t backlog;
1455             bool crowd;
1456 
1457             crowd = xive2_end_is_crowd(&end);
1458 
1459             /*
1460              * For groups and crowds, the per-priority backlog
1461              * counters are stored in the NVG/NVC structures
1462              */
1463             if (xive2_router_get_nvgc(xrtr, crowd,
1464                                       nvx_blk, nvx_idx, &nvgc)) {
1465                 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: no %s %x/%x\n",
1466                               crowd ? "NVC" : "NVG", nvx_blk, nvx_idx);
1467                 return;
1468             }
1469 
1470             if (!xive2_nvgc_is_valid(&nvgc)) {
1471                 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: NVG %x/%x is invalid\n",
1472                               nvx_blk, nvx_idx);
1473                 return;
1474             }
1475 
1476             /*
1477              * Increment the backlog counter for that priority.
1478              * We only call broadcast the first time the counter is
1479              * incremented. broadcast will set the LSMFB field of the TIMA of
1480              * relevant threads so that they know an interrupt is pending.
1481              */
1482             backlog = xive2_nvgc_get_backlog(&nvgc, priority) + 1;
1483             xive2_nvgc_set_backlog(&nvgc, priority, backlog);
1484             xive2_router_write_nvgc(xrtr, crowd, nvx_blk, nvx_idx, &nvgc);
1485 
1486             if (backlog == 1) {
1487                 XiveFabricClass *xfc = XIVE_FABRIC_GET_CLASS(xrtr->xfb);
1488                 xfc->broadcast(xrtr->xfb, nvx_blk, nvx_idx,
1489                                xive2_end_is_crowd(&end),
1490                                xive2_end_is_ignore(&end),
1491                                priority);
1492 
1493                 if (!xive2_end_is_precluded_escalation(&end)) {
1494                     /*
1495                      * The interrupt will be picked up when the
1496                      * matching thread lowers its priority level
1497                      */
1498                     return;
1499                 }
1500             }
1501         }
1502     }
1503 
1504 do_escalation:
1505     /*
1506      * If activated, escalate notification using the ESe PQ bits and
1507      * the EAS in w4-5
1508      */
1509     if (!xive2_end_is_escalate(&end)) {
1510         return;
1511     }
1512 
1513     /*
1514      * Check the END ESe (Event State Buffer for escalation) for even
1515      * further coalescing in the Router
1516      */
1517     if (!xive2_end_is_uncond_escalation(&end)) {
1518         /* ESe[Q]=1 : end of escalation notification */
1519         if (!xive2_router_end_es_notify(xrtr, end_blk, end_idx,
1520                                        &end, END2_W1_ESe)) {
1521             return;
1522         }
1523     }
1524 
1525     /*
1526      * The END trigger becomes an Escalation trigger
1527      */
1528     xive2_router_end_notify(xrtr,
1529                            xive_get_field32(END2_W4_END_BLOCK,     end.w4),
1530                            xive_get_field32(END2_W4_ESC_END_INDEX, end.w4),
1531                            xive_get_field32(END2_W5_ESC_END_DATA,  end.w5));
1532 }
1533 
1534 void xive2_router_notify(XiveNotifier *xn, uint32_t lisn, bool pq_checked)
1535 {
1536     Xive2Router *xrtr = XIVE2_ROUTER(xn);
1537     uint8_t eas_blk = XIVE_EAS_BLOCK(lisn);
1538     uint32_t eas_idx = XIVE_EAS_INDEX(lisn);
1539     Xive2Eas eas;
1540 
1541     /* EAS cache lookup */
1542     if (xive2_router_get_eas(xrtr, eas_blk, eas_idx, &eas)) {
1543         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Unknown LISN %x\n", lisn);
1544         return;
1545     }
1546 
1547     if (!pq_checked) {
1548         bool notify;
1549         uint8_t pq;
1550 
1551         /* PQ cache lookup */
1552         if (xive2_router_get_pq(xrtr, eas_blk, eas_idx, &pq)) {
1553             /* Set FIR */
1554             g_assert_not_reached();
1555         }
1556 
1557         notify = xive_esb_trigger(&pq);
1558 
1559         if (xive2_router_set_pq(xrtr, eas_blk, eas_idx, &pq)) {
1560             /* Set FIR */
1561             g_assert_not_reached();
1562         }
1563 
1564         if (!notify) {
1565             return;
1566         }
1567     }
1568 
1569     if (!xive2_eas_is_valid(&eas)) {
1570         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Invalid LISN %x\n", lisn);
1571         return;
1572     }
1573 
1574     if (xive2_eas_is_masked(&eas)) {
1575         /* Notification completed */
1576         return;
1577     }
1578 
1579     /*
1580      * The event trigger becomes an END trigger
1581      */
1582     xive2_router_end_notify(xrtr,
1583                              xive_get_field64(EAS2_END_BLOCK, eas.w),
1584                              xive_get_field64(EAS2_END_INDEX, eas.w),
1585                              xive_get_field64(EAS2_END_DATA,  eas.w));
1586 }
1587 
1588 static const Property xive2_router_properties[] = {
1589     DEFINE_PROP_LINK("xive-fabric", Xive2Router, xfb,
1590                      TYPE_XIVE_FABRIC, XiveFabric *),
1591 };
1592 
1593 static void xive2_router_class_init(ObjectClass *klass, const void *data)
1594 {
1595     DeviceClass *dc = DEVICE_CLASS(klass);
1596     XiveNotifierClass *xnc = XIVE_NOTIFIER_CLASS(klass);
1597 
1598     dc->desc    = "XIVE2 Router Engine";
1599     device_class_set_props(dc, xive2_router_properties);
1600     /* Parent is SysBusDeviceClass. No need to call its realize hook */
1601     dc->realize = xive2_router_realize;
1602     xnc->notify = xive2_router_notify;
1603 }
1604 
1605 static const TypeInfo xive2_router_info = {
1606     .name          = TYPE_XIVE2_ROUTER,
1607     .parent        = TYPE_SYS_BUS_DEVICE,
1608     .abstract      = true,
1609     .instance_size = sizeof(Xive2Router),
1610     .class_size    = sizeof(Xive2RouterClass),
1611     .class_init    = xive2_router_class_init,
1612     .interfaces    = (const InterfaceInfo[]) {
1613         { TYPE_XIVE_NOTIFIER },
1614         { TYPE_XIVE_PRESENTER },
1615         { }
1616     }
1617 };
1618 
1619 static inline bool addr_is_even(hwaddr addr, uint32_t shift)
1620 {
1621     return !((addr >> shift) & 1);
1622 }
1623 
1624 static uint64_t xive2_end_source_read(void *opaque, hwaddr addr, unsigned size)
1625 {
1626     Xive2EndSource *xsrc = XIVE2_END_SOURCE(opaque);
1627     uint32_t offset = addr & 0xFFF;
1628     uint8_t end_blk;
1629     uint32_t end_idx;
1630     Xive2End end;
1631     uint32_t end_esmask;
1632     uint8_t pq;
1633     uint64_t ret;
1634 
1635     /*
1636      * The block id should be deduced from the load address on the END
1637      * ESB MMIO but our model only supports a single block per XIVE chip.
1638      */
1639     end_blk = xive2_router_get_block_id(xsrc->xrtr);
1640     end_idx = addr >> (xsrc->esb_shift + 1);
1641 
1642     if (xive2_router_get_end(xsrc->xrtr, end_blk, end_idx, &end)) {
1643         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: No END %x/%x\n", end_blk,
1644                       end_idx);
1645         return -1;
1646     }
1647 
1648     if (!xive2_end_is_valid(&end)) {
1649         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: END %x/%x is invalid\n",
1650                       end_blk, end_idx);
1651         return -1;
1652     }
1653 
1654     end_esmask = addr_is_even(addr, xsrc->esb_shift) ? END2_W1_ESn :
1655         END2_W1_ESe;
1656     pq = xive_get_field32(end_esmask, end.w1);
1657 
1658     switch (offset) {
1659     case XIVE_ESB_LOAD_EOI ... XIVE_ESB_LOAD_EOI + 0x7FF:
1660         ret = xive_esb_eoi(&pq);
1661 
1662         /* Forward the source event notification for routing ?? */
1663         break;
1664 
1665     case XIVE_ESB_GET ... XIVE_ESB_GET + 0x3FF:
1666         ret = pq;
1667         break;
1668 
1669     case XIVE_ESB_SET_PQ_00 ... XIVE_ESB_SET_PQ_00 + 0x0FF:
1670     case XIVE_ESB_SET_PQ_01 ... XIVE_ESB_SET_PQ_01 + 0x0FF:
1671     case XIVE_ESB_SET_PQ_10 ... XIVE_ESB_SET_PQ_10 + 0x0FF:
1672     case XIVE_ESB_SET_PQ_11 ... XIVE_ESB_SET_PQ_11 + 0x0FF:
1673         ret = xive_esb_set(&pq, (offset >> 8) & 0x3);
1674         break;
1675     default:
1676         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid END ESB load addr %d\n",
1677                       offset);
1678         return -1;
1679     }
1680 
1681     if (pq != xive_get_field32(end_esmask, end.w1)) {
1682         end.w1 = xive_set_field32(end_esmask, end.w1, pq);
1683         xive2_router_write_end(xsrc->xrtr, end_blk, end_idx, &end, 1);
1684     }
1685 
1686     return ret;
1687 }
1688 
1689 static void xive2_end_source_write(void *opaque, hwaddr addr,
1690                                    uint64_t value, unsigned size)
1691 {
1692     Xive2EndSource *xsrc = XIVE2_END_SOURCE(opaque);
1693     uint32_t offset = addr & 0xFFF;
1694     uint8_t end_blk;
1695     uint32_t end_idx;
1696     Xive2End end;
1697     uint32_t end_esmask;
1698     uint8_t pq;
1699     bool notify = false;
1700 
1701     /*
1702      * The block id should be deduced from the load address on the END
1703      * ESB MMIO but our model only supports a single block per XIVE chip.
1704      */
1705     end_blk = xive2_router_get_block_id(xsrc->xrtr);
1706     end_idx = addr >> (xsrc->esb_shift + 1);
1707 
1708     if (xive2_router_get_end(xsrc->xrtr, end_blk, end_idx, &end)) {
1709         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: No END %x/%x\n", end_blk,
1710                       end_idx);
1711         return;
1712     }
1713 
1714     if (!xive2_end_is_valid(&end)) {
1715         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: END %x/%x is invalid\n",
1716                       end_blk, end_idx);
1717         return;
1718     }
1719 
1720     end_esmask = addr_is_even(addr, xsrc->esb_shift) ? END2_W1_ESn :
1721         END2_W1_ESe;
1722     pq = xive_get_field32(end_esmask, end.w1);
1723 
1724     switch (offset) {
1725     case 0 ... 0x3FF:
1726         notify = xive_esb_trigger(&pq);
1727         break;
1728 
1729     case XIVE_ESB_STORE_EOI ... XIVE_ESB_STORE_EOI + 0x3FF:
1730         /* TODO: can we check StoreEOI availability from the router ? */
1731         notify = xive_esb_eoi(&pq);
1732         break;
1733 
1734     case XIVE_ESB_INJECT ... XIVE_ESB_INJECT + 0x3FF:
1735         if (end_esmask == END2_W1_ESe) {
1736             qemu_log_mask(LOG_GUEST_ERROR,
1737                           "XIVE: END %x/%x can not EQ inject on ESe\n",
1738                            end_blk, end_idx);
1739             return;
1740         }
1741         notify = true;
1742         break;
1743 
1744     default:
1745         qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid END ESB write addr %d\n",
1746                       offset);
1747         return;
1748     }
1749 
1750     if (pq != xive_get_field32(end_esmask, end.w1)) {
1751         end.w1 = xive_set_field32(end_esmask, end.w1, pq);
1752         xive2_router_write_end(xsrc->xrtr, end_blk, end_idx, &end, 1);
1753     }
1754 
1755     /* TODO: Forward the source event notification for routing */
1756     if (notify) {
1757         ;
1758     }
1759 }
1760 
1761 static const MemoryRegionOps xive2_end_source_ops = {
1762     .read = xive2_end_source_read,
1763     .write = xive2_end_source_write,
1764     .endianness = DEVICE_BIG_ENDIAN,
1765     .valid = {
1766         .min_access_size = 1,
1767         .max_access_size = 8,
1768     },
1769     .impl = {
1770         .min_access_size = 1,
1771         .max_access_size = 8,
1772     },
1773 };
1774 
1775 static void xive2_end_source_realize(DeviceState *dev, Error **errp)
1776 {
1777     Xive2EndSource *xsrc = XIVE2_END_SOURCE(dev);
1778 
1779     assert(xsrc->xrtr);
1780 
1781     if (!xsrc->nr_ends) {
1782         error_setg(errp, "Number of interrupt needs to be greater than 0");
1783         return;
1784     }
1785 
1786     if (xsrc->esb_shift != XIVE_ESB_4K &&
1787         xsrc->esb_shift != XIVE_ESB_64K) {
1788         error_setg(errp, "Invalid ESB shift setting");
1789         return;
1790     }
1791 
1792     /*
1793      * Each END is assigned an even/odd pair of MMIO pages, the even page
1794      * manages the ESn field while the odd page manages the ESe field.
1795      */
1796     memory_region_init_io(&xsrc->esb_mmio, OBJECT(xsrc),
1797                           &xive2_end_source_ops, xsrc, "xive.end",
1798                           (1ull << (xsrc->esb_shift + 1)) * xsrc->nr_ends);
1799 }
1800 
1801 static const Property xive2_end_source_properties[] = {
1802     DEFINE_PROP_UINT32("nr-ends", Xive2EndSource, nr_ends, 0),
1803     DEFINE_PROP_UINT32("shift", Xive2EndSource, esb_shift, XIVE_ESB_64K),
1804     DEFINE_PROP_LINK("xive", Xive2EndSource, xrtr, TYPE_XIVE2_ROUTER,
1805                      Xive2Router *),
1806 };
1807 
1808 static void xive2_end_source_class_init(ObjectClass *klass, const void *data)
1809 {
1810     DeviceClass *dc = DEVICE_CLASS(klass);
1811 
1812     dc->desc    = "XIVE END Source";
1813     device_class_set_props(dc, xive2_end_source_properties);
1814     dc->realize = xive2_end_source_realize;
1815     dc->user_creatable = false;
1816 }
1817 
1818 static const TypeInfo xive2_end_source_info = {
1819     .name          = TYPE_XIVE2_END_SOURCE,
1820     .parent        = TYPE_DEVICE,
1821     .instance_size = sizeof(Xive2EndSource),
1822     .class_init    = xive2_end_source_class_init,
1823 };
1824 
1825 static void xive2_register_types(void)
1826 {
1827     type_register_static(&xive2_router_info);
1828     type_register_static(&xive2_end_source_info);
1829 }
1830 
1831 type_init(xive2_register_types)
1832