| blob | 90b238fac0b5c4d3c29ba6024a9062ff8e914081 |
1 /*
2 * ARM GICv3 emulation: Redistributor
3 *
4 * Copyright (c) 2015 Huawei.
5 * Copyright (c) 2016 Linaro Limited.
6 * Written by Shlomo Pongratz, Peter Maydell
7 *
8 * This code is licensed under the GPL, version 2 or (at your option)
9 * any later version.
10 */
18 {
19 /* Return a 32-bit mask which should be applied for this set of 32
20 * interrupts; each bit is 1 if access is permitted by the
21 * combination of attrs.secure and GICR_GROUPR. (GICR_NSACR does
22 * not affect config register accesses, unlike GICD_NSACR.)
23 */
25 /* bits for Group 0 or Secure Group 1 interrupts are RAZ/WI */
27 }
29 }
32 {
33 /* Return the 2 bit NSACR.NS_access field for this SGI */
36 }
40 {
41 /* Helper routine to implement writing to a "set" register */
45 }
49 {
50 /* Helper routine to implement writing to a "set-bitmap" register */
54 }
58 {
59 /* Helper routine to implement writing to a "clear-bitmap" register */
63 }
67 {
70 }
73 {
74 /*
75 * Return true if a vCPU is resident, which is defined by
76 * whether the GICR_VPENDBASER register is marked VALID and
77 * has the right virtual pending table address.
78 */
81 }
83 }
85 /**
86 * update_for_one_lpi: Update pending information if this LPI is better
87 *
88 * @cs: GICv3CPUState
89 * @irq: interrupt to look up in the LPI Configuration table
90 * @ctbase: physical address of the LPI Configuration table to use
91 * @ds: true if priority value should not be shifted
92 * @hpp: points to pending information to update
93 *
94 * Look up @irq in the Configuration table specified by @ctbase
95 * to see if it is enabled and what its priority is. If it is an
96 * enabled interrupt with a higher priority than that currently
97 * recorded in @hpp, update @hpp.
98 */
101 {
111 }
117 }
124 /* LPIs and vLPIs are always non-secure Grp1 interrupts */
126 }
127 }
129 /**
130 * update_for_all_lpis: Fully scan LPI tables and find best pending LPI
131 *
132 * @cs: GICv3CPUState
133 * @ptbase: physical address of LPI Pending table
134 * @ctbase: physical address of LPI Configuration table
135 * @ptsizebits: size of tables, specified as number of interrupt ID bits minus 1
136 * @ds: true if priority value should not be shifted
137 * @hpp: points to pending information to set
138 *
139 * Recalculate the highest priority pending enabled LPI from scratch,
140 * and set @hpp accordingly.
141 *
142 * We scan the LPI pending table @ptbase; for each pending LPI, we read the
143 * corresponding entry in the LPI configuration table @ctbase to extract
144 * the priority and enabled information.
145 *
146 * We take @ptsizebits in the form idbits-1 because this is the way that
147 * LPI table sizes are architecturally specified in GICR_PROPBASER.IDBits
148 * and in the VMAPP command's VPT_size field.
149 */
153 {
168 }
169 }
170 }
172 /**
173 * set_lpi_pending_bit: Set or clear pending bit for an LPI
174 *
175 * @cs: GICv3CPUState
176 * @ptbase: physical address of LPI Pending table
177 * @irq: LPI to change pending state for
178 * @level: false to clear pending state, true to set
179 *
180 * Returns true if we needed to do something, false if the pending bit
181 * was already at @level.
182 */
185 {
192 /* Bit already at requested state, no action required */
194 }
198 }
202 {
203 /* Read the value of GICR_IPRIORITYR<n> for the specified interrupt,
204 * honouring security state (these are RAZ/WI for Group 0 or Secure
205 * Group 1 interrupts).
206 */
213 /* Fields for Group 0 or Secure Group 1 interrupts are RAZ/WI */
215 }
216 /* NS view of the interrupt priority */
218 }
220 }
224 {
225 /* Write the value of GICD_IPRIORITYR<n> for the specified interrupt,
226 * honouring security state (these are RAZ/WI for Group 0 or Secure
227 * Group 1 interrupts).
228 */
231 /* Fields for Group 0 or Secure Group 1 interrupts are RAZ/WI */
233 }
234 /* NS view of the interrupt priority */
236 }
238 }
241 {
248 }
255 }
258 {
261 }
264 {
265 /* Write @newval to GICR_VPENDBASER, handling its effects */
270 /*
271 * The DIRTY bit is read-only and for us is always zero;
272 * other fields are writable.
273 */
275 R_GICR_VPENDBASER_SHAREABILITY_MASK |
276 R_GICR_VPENDBASER_PHYADDR_MASK |
277 R_GICR_VPENDBASER_OUTERCACHE_MASK |
278 R_GICR_VPENDBASER_PENDINGLAST_MASK |
279 R_GICR_VPENDBASER_IDAI_MASK |
280 R_GICR_VPENDBASER_VALID_MASK;
283 /*
284 * Changing other fields while VALID is 1 is UNPREDICTABLE;
285 * we choose to log and ignore the write.
286 */
289 "%s: Changing GICR_VPENDBASER when VALID=1 "
291 }
293 }
297 }
300 /*
301 * Valid going from 0 to 1: update hppvlpi from tables.
302 * If IDAI is 0 we are allowed to use the info we cached in
303 * the IMPDEF area of the table.
304 * PendingLast is RES1 when we make this transition.
305 */
308 /*
309 * Valid going from 1 to 0:
310 * Set PendingLast if there was a pending enabled interrupt
311 * for the vPE that was just descheduled.
312 * If we cache info in the IMPDEF area, write it out here.
313 */
315 }
320 }
324 {
331 }
332 }
336 {
344 }
345 }
349 {
364 /* RAZ/WI for us (this is an optional register and our implementation
365 * does not track RO/WO/reserved violations to report them to the guest)
366 */
388 }
397 {
398 /* The pending register reads as the logical OR of the pending
399 * latch and the input line level for level-triggered interrupts.
400 */
404 }
410 {
417 }
420 }
427 {
428 /* Our edge_trigger bitmap is one bit per irq; take the correct
429 * half of it, and spread it out into the odd bits.
430 */
438 }
441 /* RAZ/WI if security disabled, or if
442 * security enabled and this is an NS access
443 */
446 }
451 /* RAZ/WI if security disabled, or if
452 * security enabled and this is an NS access
453 */
456 }
462 /*
463 * VLPI frame registers. We don't need a version check for
464 * VPROPBASER and VPENDBASER because gicv3_redist_size() will
465 * prevent pre-v4 GIC from passing us offsets this high.
466 */
481 }
482 }
486 {
489 /* For our implementation, GICR_TYPER.DPGS is 0 and so all
490 * the DPG bits are RAZ/WI. We don't do anything asynchronously,
491 * so UWP and RWP are RAZ/WI. GICR_TYPER.LPIS is 1 (we
492 * implement LPIs) so Enable_LPIs is programmable.
493 */
497 /* Check for any pending interr in pending table */
501 /* cs->hppi might have been an LPI; recalculate */
503 }
504 }
507 /* RAZ/WI for our implementation */
510 /* Only the ProcessorSleep bit is writable. When the guest sets
511 * it, it requests that we transition the channel between the
512 * redistributor and the cpu interface to quiescent, and that
513 * we set the ChildrenAsleep bit once the interface has reached the
514 * quiescent state.
515 * Setting the ProcessorSleep to 0 reverses the quiescing, and
516 * ChildrenAsleep is cleared once the transition is complete.
517 * Since our interface is not asynchronous, we complete these
518 * transitions instantaneously, so we set ChildrenAsleep to the
519 * same value as ProcessorSleep here.
520 */
524 }
542 }
565 {
570 }
573 }
577 }
581 /* Register is all RAZ/WI or RAO/WI bits */
584 {
587 /* Since our edge_trigger bitmap is one bit per irq, our input
588 * 32-bits will compress down into 16 bits which we need
589 * to write into the bitmap.
590 */
599 }
602 /* RAZ/WI if security disabled, or if
603 * security enabled and this is an NS access
604 */
606 }
612 /* RAZ/WI if security disabled, or if
613 * security enabled and this is an NS access
614 */
616 }
618 /* no update required as this only affects access permission checks */
623 /* RO registers, ignore the write */
625 "%s: invalid guest write to RO register at offset "
628 /*
629 * VLPI frame registers. We don't need a version check for
630 * VPROPBASER and VPENDBASER because gicv3_redist_size() will
631 * prevent pre-v4 GIC from passing us offsets this high.
632 */
647 }
648 }
652 {
663 /*
664 * VLPI frame registers. We don't need a version check for
665 * VPROPBASER and VPENDBASER because gicv3_redist_size() will
666 * prevent pre-v4 GIC from passing us offsets this high.
667 */
676 }
677 }
681 {
690 /* RO register, ignore the write */
692 "%s: invalid guest write to RO register at offset "
695 /*
696 * VLPI frame registers. We don't need a version check for
697 * VPROPBASER and VPENDBASER because gicv3_redist_size() will
698 * prevent pre-v4 GIC from passing us offsets this high.
699 */
708 }
709 }
713 {
717 MemTxResult r;
722 /*
723 * There are (for GICv3) two 64K redistributor pages per CPU.
724 * In some cases the redistributor pages for all CPUs are not
725 * contiguous (eg on the virt board they are split into two
726 * parts if there are too many CPUs to all fit in the same place
727 * in the memory map); if so then the GIC has multiple MemoryRegions
728 * for the redistributors.
729 */
748 }
752 "%s: invalid guest read at offset " HWADDR_FMT_plx
756 /* The spec requires that reserved registers are RAZ/WI;
757 * so use MEMTX_ERROR returns from leaf functions as a way to
758 * trigger the guest-error logging but don't return it to
759 * the caller, or we'll cause a spurious guest data abort.
760 */
766 }
768 }
772 {
776 MemTxResult r;
781 /*
782 * There are (for GICv3) two 64K redistributor pages per CPU.
783 * In some cases the redistributor pages for all CPUs are not
784 * contiguous (eg on the virt board they are split into two
785 * parts if there are too many CPUs to all fit in the same place
786 * in the memory map); if so then the GIC has multiple MemoryRegions
787 * for the redistributors.
788 */
807 }
811 "%s: invalid guest write at offset " HWADDR_FMT_plx
815 /* The spec requires that reserved registers are RAZ/WI;
816 * so use MEMTX_ERROR returns from leaf functions as a way to
817 * trigger the guest-error logging but don't return it to
818 * the caller, or we'll cause a spurious guest data abort.
819 */
824 }
826 }
829 {
835 }
838 {
839 /*
840 * This function scans the LPI pending table and for each pending
841 * LPI, reads the corresponding entry from LPI configuration table
842 * to extract the priority info and determine if the current LPI
843 * priority is lower than the last computed high priority lpi interrupt.
844 * If yes, replace current LPI as the new high priority lpi interrupt.
845 */
850 GICD_TYPER_IDBITS);
854 }
861 }
864 {
867 }
870 {
871 /*
872 * This function updates the pending bit in lpi pending table for
873 * the irq being activated or deactivated.
874 */
879 /* no change in the value of pending bit, return */
881 }
883 /*
884 * check if this LPI is better than the current hpplpi, if yes
885 * just set hpplpi.prio and .irq without doing a full rescan
886 */
893 }
894 }
895 }
898 {
902 GICD_TYPER_IDBITS);
907 }
909 /* set/clear the pending bit for this irq */
911 }
914 {
915 /*
916 * The only cached information for LPIs we have is the HPPLPI.
917 * We could be cleverer about identifying when we don't need
918 * to do a full rescan of the pending table, but until we find
919 * this is a performance issue, just always recalculate.
920 */
922 }
925 {
926 /*
927 * Move the specified LPI's pending state from the source redistributor
928 * to the destination.
929 *
930 * If LPIs are disabled on dest this is CONSTRAINED UNPREDICTABLE:
931 * we choose to NOP. If LPIs are disabled on source there's nothing
932 * to be transferred anyway.
933 */
941 }
944 GICD_TYPER_IDBITS);
946 idbits);
951 }
956 /* Not pending on source, nothing to do */
958 }
960 /*
961 * We just made this LPI not-pending so only need to update
962 * if it was previously the highest priority pending LPI
963 */
965 }
966 /* Mark it pending on the destination */
968 }
971 {
972 /*
973 * We must move all pending LPIs from the source redistributor
974 * to the destination. That is, for every pending LPI X on
975 * src, we must set it not-pending on src and pending on dest.
976 * LPIs that are already pending on dest are not cleared.
977 *
978 * If LPIs are disabled on dest this is CONSTRAINED UNPREDICTABLE:
979 * we choose to NOP. If LPIs are disabled on source there's nothing
980 * to be transferred anyway.
981 */
991 }
994 GICD_TYPER_IDBITS);
996 idbits);
1009 }
1018 }
1022 }
1025 {
1026 /*
1027 * Change the pending state of the specified vLPI.
1028 * Unlike gicv3_redist_process_vlpi(), we know here that the
1029 * vCPU is definitely resident on this redistributor, and that
1030 * the irq is in range.
1031 */
1038 /* Check whether this vLPI is now the best */
1043 /* Only need to recalculate if this was previously the best vLPI */
1046 }
1047 }
1048 }
1049 }
1053 {
1062 }
1063 }
1068 /* Check whether this vLPI is now the best */
1073 /* Only need to recalculate if this was previously the best vLPI */
1076 }
1077 }
1078 }
1082 /* vCPU is not currently resident: ring the doorbell */
1084 }
1085 }
1090 {
1091 /*
1092 * Move the specified vLPI's pending state from the source redistributor
1093 * to the destination.
1094 */
1096 /* Not pending on source, nothing to do */
1098 }
1100 /*
1101 * Update src's cached highest-priority pending vLPI if we just made
1102 * it not-pending
1103 */
1105 }
1106 /*
1107 * Mark the vLPI pending on the destination (ringing the doorbell
1108 * if the vCPU isn't resident)
1109 */
1111 }
1114 {
1116 /* We don't have anything cached if the vCPU isn't resident */
1118 }
1120 /* Otherwise, our only cached information is the HPPVLPI info */
1122 }
1125 {
1126 /*
1127 * The only cached information for LPIs we have is the HPPLPI.
1128 * We could be cleverer about identifying when we don't need
1129 * to do a full rescan of the pending table, but until we find
1130 * this is a performance issue, just always recalculate.
1131 */
1133 }
1136 {
1137 /* Update redistributor state for a change in an external PPI input line */
1140 }
1147 /* 0->1 edges latch the pending bit for edge-triggered interrupts */
1150 }
1151 }
1154 }
1157 {
1158 /* Update redistributor state for a generated SGI */
1161 /* If we are asked for a Secure Group 1 SGI and it's actually
1162 * configured as Secure Group 0 this is OK (subject to the usual
1163 * NSACR checks).
1164 */
1167 }
1171 }
1174 /* If security is enabled we must test the NSACR bits */
1180 }
1181 }
1183 /* OK, we can accept the SGI */
1187 }