| blob | d8207acb22ccdcce296466071a34c0ad473551b2 |
1 /*
2 * ARM GICv3 emulation: Distributor
3 *
4 * Copyright (c) 2015 Huawei.
5 * Copyright (c) 2016 Linaro Limited.
6 * Written by Shlomo Pongratz, Peter Maydell
7 *
8 * This code is licensed under the GPL, version 2 or (at your option)
9 * any later version.
10 */
17 /* The GICD_NSACR registers contain a two bit field for each interrupt which
18 * allows the guest to give NonSecure code access to registers controlling
19 * Secure interrupts:
20 * 0b00: no access (NS accesses to bits for Secure interrupts will RAZ/WI)
21 * 0b01: NS r/w accesses permitted to ISPENDR, SETSPI_NSR, SGIR
22 * 0b10: as 0b01, and also r/w to ICPENDR, r/o to ISACTIVER/ICACTIVER,
23 * and w/o to CLRSPI_NSR
24 * 0b11: as 0b10, and also r/w to IROUTER and ITARGETSR
25 *
26 * Given a (multiple-of-32) interrupt number, these mask functions return
27 * a mask word where each bit is 1 if the NSACR settings permit access
28 * to the interrupt. The mask returned can then be ORed with the GICD_GROUP
29 * word for this set of interrupts to give an overall mask.
30 */
35 {
36 /* Return a mask where each bit is set if the NSACR field is >= 1 */
42 }
45 {
46 /* Return a mask where each bit is set if the NSACR field is >= 2 */
52 }
54 /* We don't need a mask_nsacr_ge3() because IROUTER<n> isn't a bitmap register,
55 * but it would be implemented using:
56 * raw_nsacr = (raw_nsacr >> 1) & raw_nsacr;
57 */
61 {
62 /* Return a 32-bit mask which should be applied for this set of 32
63 * interrupts; each bit is 1 if access is permitted by the
64 * combination of attrs.secure, GICD_GROUPR and GICD_NSACR.
65 */
69 /* bits for Group 0 or Secure Group 1 interrupts are RAZ/WI
70 * unless the NSACR bits permit access.
71 */
75 }
77 }
79 }
82 {
83 /* Return the 2 bit NS_access<x> field from GICD_NSACR<n> for the
84 * specified interrupt.
85 */
88 }
90 }
95 {
96 /*
97 * Helper routine to implement writing to a "set" register
98 * (GICD_INMIR, etc).
99 * Semantics implemented here:
100 * RAZ/WI for SGIs, PPIs, unimplemented IRQs
101 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI.
102 * offset should be the offset in bytes of the register from the start
103 * of its group.
104 */
109 }
113 }
119 {
120 /* Helper routine to implement writing to a "set-bitmap" register
121 * (GICD_ISENABLER, GICD_ISPENDR, etc).
122 * Semantics implemented here:
123 * RAZ/WI for SGIs, PPIs, unimplemented IRQs
124 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI.
125 * Writing 1 means "set bit in bitmap"; writing 0 is ignored.
126 * offset should be the offset in bytes of the register from the start
127 * of its group.
128 */
133 }
137 }
143 {
144 /* Helper routine to implement writing to a "clear-bitmap" register
145 * (GICD_ICENABLER, GICD_ICPENDR, etc).
146 * Semantics implemented here:
147 * RAZ/WI for SGIs, PPIs, unimplemented IRQs
148 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI.
149 * Writing 1 means "clear bit in bitmap"; writing 0 is ignored.
150 * offset should be the offset in bytes of the register from the start
151 * of its group.
152 */
157 }
161 }
167 {
168 /* Helper routine to implement reading a "set/clear-bitmap" register
169 * (GICD_ICENABLER, GICD_ISENABLER, GICD_ICPENDR, etc).
170 * Semantics implemented here:
171 * RAZ/WI for SGIs, PPIs, unimplemented IRQs
172 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI.
173 * offset should be the offset in bytes of the register from the start
174 * of its group.
175 */
181 }
184 /* The PENDING register is a special case -- for level triggered
185 * interrupts, the PENDING state is the logical OR of the state of
186 * the PENDING latch with the input line level.
187 */
191 }
194 }
197 {
198 /* Read the value of GICD_IPRIORITYR<n> for the specified interrupt,
199 * honouring security state (these are RAZ/WI for Group 0 or Secure
200 * Group 1 interrupts).
201 */
206 }
212 /* Fields for Group 0 or Secure Group 1 interrupts are RAZ/WI */
214 }
215 /* NS view of the interrupt priority */
217 }
219 }
223 {
224 /* Write the value of GICD_IPRIORITYR<n> for the specified interrupt,
225 * honouring security state (these are RAZ/WI for Group 0 or Secure
226 * Group 1 interrupts).
227 */
230 }
234 /* Fields for Group 0 or Secure Group 1 interrupts are RAZ/WI */
236 }
237 /* NS view of the interrupt priority */
239 }
241 }
244 {
245 /* Read the value of GICD_IROUTER<n> for the specified interrupt,
246 * honouring security state.
247 */
250 }
253 /* RAZ/WI for NS accesses to secure interrupts */
257 }
258 }
259 }
262 }
266 {
267 /* Write the value of GICD_IROUTER<n> for the specified interrupt,
268 * honouring security state.
269 */
272 }
275 /* RAZ/WI for NS accesses to secure interrupts */
279 }
280 }
281 }
286 }
288 /**
289 * gicd_readb
290 * gicd_readw
291 * gicd_readl
292 * gicd_readq
293 * gicd_writeb
294 * gicd_writew
295 * gicd_writel
296 * gicd_writeq
297 *
298 * Return %true if the operation succeeded, %false otherwise.
299 */
303 {
304 /* Most GICv3 distributor registers do not support byte accesses. */
309 /* This GIC implementation always has affinity routing enabled,
310 * so these registers are all RAZ/WI.
311 */
318 }
319 }
323 {
324 /* Most GICv3 distributor registers do not support byte accesses. */
329 /* This GIC implementation always has affinity routing enabled,
330 * so these registers are all RAZ/WI.
331 */
334 {
339 }
343 }
346 }
347 }
351 {
352 /* Only GICD_SETSPI_NSR, GICD_CLRSPI_NSR, GICD_SETSPI_SR and GICD_SETSPI_NSR
353 * support 16 bit accesses, and those registers are all part of the
354 * optional message-based SPI feature which this GIC does not currently
355 * implement (ie for us GICD_TYPER.MBIS == 0), so for us they are
356 * reserved.
357 */
359 }
363 {
364 /* Only GICD_SETSPI_NSR, GICD_CLRSPI_NSR, GICD_SETSPI_SR and GICD_SETSPI_NSR
365 * support 16 bit accesses, and those registers are all part of the
366 * optional message-based SPI feature which this GIC does not currently
367 * implement (ie for us GICD_TYPER.MBIS == 0), so for us they are
368 * reserved.
369 */
371 }
375 {
376 /* Almost all GICv3 distributor registers are 32-bit.
377 * Note that WO registers must return an UNKNOWN value on reads,
378 * not an abort.
379 */
384 /* The NS view of the GICD_CTLR sees only certain bits:
385 * + bit [31] (RWP) is an alias of the Secure bit [31]
386 * + bit [4] (ARE_NS) is an alias of Secure bit [5]
387 * + bit [1] (EnableGrp1A) is an alias of Secure bit [1] if
388 * NS affinity routing is enabled, otherwise RES0
389 * + bit [0] (EnableGrp1) is an alias of Secure bit [1] if
390 * NS affinity routing is not enabled, otherwise RES0
391 * Since for QEMU affinity routing is always enabled
392 * for both S and NS this means that bits [4] and [5] are
393 * both always 1, and we can simply make the NS view
394 * be bits 31, 4 and 1 of the S view.
395 */
397 GICD_CTLR_EN_GRP1NS |
398 GICD_CTLR_RWP);
401 }
404 {
405 /* For this implementation:
406 * No1N == 1 (1-of-N SPI interrupts not supported)
407 * A3V == 1 (non-zero values of Affinity level 3 supported)
408 * IDbits == 0xf (we support 16-bit interrupt identifiers)
409 * DVIS == 1 (Direct virtual LPI injection supported) if GICv4
410 * LPIS == 1 (LPIs are supported if affinity routing is enabled)
411 * num_LPIs == 0b00000 (bits [15:11],Number of LPIs as indicated
412 * by GICD_TYPER.IDbits)
413 * MBIS == 0 (message-based SPIs not supported)
414 * SecurityExtn == 1 if security extns supported
415 * NMI = 1 if Non-maskable interrupt property is supported
416 * CPUNumber == 0 since for us ARE is always 1
417 * ITLinesNumber == (((max SPI IntID + 1) / 32) - 1)
418 */
420 /*
421 * SecurityExtn must be RAZ if GICD_CTLR.DS == 1, and
422 * "security extensions not supported" always implies DS == 1,
423 * so we only need to check the DS bit.
424 */
433 }
435 /* We claim to be an ARM r0p0 with a zero ProductID.
436 * This is the same as an r0p0 GIC-500.
437 */
441 /* RAZ/WI for us (this is an optional register and our implementation
442 * does not track RO/WO/reserved violations to report them to the guest)
443 */
447 {
453 }
454 /* RAZ/WI for SGIs, PPIs, unimplemented irqs */
459 }
462 }
488 {
495 }
498 }
500 /* RAZ/WI since affinity routing is always enabled */
504 {
505 /* Here only the even bits are used; odd bits are RES0 */
512 }
514 /* Since our edge_trigger bitmap is one bit per irq, we only need
515 * half of the 32-bit word, which we can then spread out
516 * into the odd bits.
517 */
524 }
526 {
530 /* RAZ/WI if security disabled, or if
531 * security enabled and this is an NS access
532 */
535 }
536 /* RAZ/WI for SGIs, PPIs, unimplemented irqs */
541 }
544 }
546 {
547 /* Two bits per interrupt */
553 }
556 /* RAZ/WI if security disabled, or if
557 * security enabled and this is an NS access
558 */
561 }
565 }
568 /* RAZ/WI since affinity routing is always enabled */
577 {
586 }
588 }
590 /* ID registers */
594 /* WO registers, return unknown value */
596 "%s: invalid guest read from WO register at offset "
602 }
603 }
607 {
608 /* Almost all GICv3 distributor registers are 32-bit. Note that
609 * RO registers must ignore writes, not abort.
610 */
614 {
616 /* GICv3 5.3.20 */
618 /* With only one security state, E1NWF is RAZ/WI, DS is RAO/WI,
619 * ARE is RAO/WI (affinity routing always on), and only
620 * bits 0 and 1 (group enables) are writable.
621 */
625 /* for secure access:
626 * ARE_NS and ARE_S are RAO/WI (affinity routing always on)
627 * E1NWF is RAZ/WI (we don't support enable-1-of-n-wakeup)
628 *
629 * We can only modify bits[2:0] (the group enables).
630 */
633 /* For non secure access ARE_NS is RAO/WI and EnableGrp1
634 * is RES0. The only writable bit is [1] (EnableGrp1A), which
635 * is an alias of the Secure bit [1].
636 */
638 }
639 }
642 /* We just set DS, so the ARE_NS and EnG1S bits are now RES0.
643 * Note that this is a one-way transition because if DS is set
644 * then it's not writable, so it can only go back to 0 with a
645 * hardware reset.
646 */
648 }
651 }
653 /* RAZ/WI for our implementation */
656 {
661 }
662 /* RAZ/WI for SGIs, PPIs, unimplemented irqs */
666 }
670 }
696 {
701 }
705 }
708 }
710 /* RAZ/WI since affinity routing is always enabled */
713 {
714 /* Here only the odd bits are used; even bits are RES0 */
720 }
722 /* Since our edge_trigger bitmap is one bit per irq, our input
723 * 32-bits will compress down into 16 bits which we need
724 * to write into the bitmap.
725 */
733 }
738 }
740 {
744 /* RAZ/WI if security disabled, or if
745 * security enabled and this is an NS access
746 */
748 }
749 /* RAZ/WI for SGIs, PPIs, unimplemented irqs */
753 }
757 }
759 {
760 /* Two bits per interrupt */
765 }
768 /* RAZ/WI if security disabled, or if
769 * security enabled and this is an NS access
770 */
772 }
775 /* No update required as this only affects access permission checks */
777 }
779 /* RES0 if affinity routing is enabled */
783 /* RAZ/WI since affinity routing is always enabled */
789 }
792 {
798 }
800 /* Write half of the 64-bit register */
805 }
809 /* RO registers, ignore the write */
811 "%s: invalid guest write to RO register at offset "
816 }
817 }
821 {
822 /* Our only 64-bit registers are GICD_IROUTER<n> */
832 }
833 }
837 {
838 /* Our only 64-bit registers are GICD_IROUTER<n> */
848 }
849 }
853 {
873 }
877 "%s: invalid guest read at offset " HWADDR_FMT_plx
880 /* The spec requires that reserved registers are RAZ/WI;
881 * so use MEMTX_ERROR returns from leaf functions as a way to
882 * trigger the guest-error logging but don't return it to
883 * the caller, or we'll cause a spurious guest data abort.
884 */
888 }
890 }
894 {
914 }
918 "%s: invalid guest write at offset " HWADDR_FMT_plx
921 /* The spec requires that reserved registers are RAZ/WI;
922 * so use MEMTX_ERROR returns from leaf functions as a way to
923 * trigger the guest-error logging but don't return it to
924 * the caller, or we'll cause a spurious guest data abort.
925 */
928 }
930 }
933 {
934 /* Update distributor state for a change in an external SPI input line */
937 }
944 /* 0->1 edges latch the pending bit for edge-triggered interrupts */
947 }
948 }
951 }