diff options
Diffstat (limited to 'hw/intc/arm_gicv3_its.c')
| -rw-r--r-- | hw/intc/arm_gicv3_its.c | 698 |
1 files changed, 441 insertions, 257 deletions
diff --git a/hw/intc/arm_gicv3_its.c b/hw/intc/arm_gicv3_its.c index fa3cdb5755..51d9be4ae6 100644 --- a/hw/intc/arm_gicv3_its.c +++ b/hw/intc/arm_gicv3_its.c @@ -13,6 +13,7 @@ #include "qemu/osdep.h" #include "qemu/log.h" +#include "trace.h" #include "hw/qdev-properties.h" #include "hw/intc/arm_gicv3_its_common.h" #include "gicv3_internal.h" @@ -45,6 +46,23 @@ typedef struct { uint64_t itel; } IteEntry; +/* + * The ITS spec permits a range of CONSTRAINED UNPREDICTABLE options + * if a command parameter is not correct. These include both "stall + * processing of the command queue" and "ignore this command, and + * keep processing the queue". In our implementation we choose that + * memory transaction errors reading the command packet provoke a + * stall, but errors in parameters cause us to ignore the command + * and continue processing. + * The process_* functions which handle individual ITS commands all + * return an ItsCmdResult which tells process_cmdq() whether it should + * stall or keep going. + */ +typedef enum ItsCmdResult { + CMD_STALL = 0, + CMD_CONTINUE = 1, +} ItsCmdResult; + static uint64_t baser_base_addr(uint64_t value, uint32_t page_sz) { uint64_t result = 0; @@ -66,44 +84,62 @@ static uint64_t baser_base_addr(uint64_t value, uint32_t page_sz) return result; } -static bool get_cte(GICv3ITSState *s, uint16_t icid, uint64_t *cte, - MemTxResult *res) +static uint64_t table_entry_addr(GICv3ITSState *s, TableDesc *td, + uint32_t idx, MemTxResult *res) { + /* + * Given a TableDesc describing one of the ITS in-guest-memory + * tables and an index into it, return the guest address + * corresponding to that table entry. + * If there was a memory error reading the L1 table of an + * indirect table, *res is set accordingly, and we return -1. + * If the L1 table entry is marked not valid, we return -1 with + * *res set to MEMTX_OK. + * + * The specification defines the format of level 1 entries of a + * 2-level table, but the format of level 2 entries and the format + * of flat-mapped tables is IMPDEF. + */ AddressSpace *as = &s->gicv3->dma_as; - uint64_t l2t_addr; - uint64_t value; - bool valid_l2t; - uint32_t l2t_id; + uint32_t l2idx; + uint64_t l2; uint32_t num_l2_entries; - if (s->ct.indirect) { - l2t_id = icid / (s->ct.page_sz / L1TABLE_ENTRY_SIZE); + *res = MEMTX_OK; + + if (!td->indirect) { + /* Single level table */ + return td->base_addr + idx * td->entry_sz; + } - value = address_space_ldq_le(as, - s->ct.base_addr + - (l2t_id * L1TABLE_ENTRY_SIZE), - MEMTXATTRS_UNSPECIFIED, res); + /* Two level table */ + l2idx = idx / (td->page_sz / L1TABLE_ENTRY_SIZE); - if (*res == MEMTX_OK) { - valid_l2t = (value & L2_TABLE_VALID_MASK) != 0; + l2 = address_space_ldq_le(as, + td->base_addr + (l2idx * L1TABLE_ENTRY_SIZE), + MEMTXATTRS_UNSPECIFIED, res); + if (*res != MEMTX_OK) { + return -1; + } + if (!(l2 & L2_TABLE_VALID_MASK)) { + return -1; + } - if (valid_l2t) { - num_l2_entries = s->ct.page_sz / s->ct.entry_sz; + num_l2_entries = td->page_sz / td->entry_sz; + return (l2 & ((1ULL << 51) - 1)) + (idx % num_l2_entries) * td->entry_sz; +} - l2t_addr = value & ((1ULL << 51) - 1); +static bool get_cte(GICv3ITSState *s, uint16_t icid, uint64_t *cte, + MemTxResult *res) +{ + AddressSpace *as = &s->gicv3->dma_as; + uint64_t entry_addr = table_entry_addr(s, &s->ct, icid, res); - *cte = address_space_ldq_le(as, l2t_addr + - ((icid % num_l2_entries) * GITS_CTE_SIZE), - MEMTXATTRS_UNSPECIFIED, res); - } - } - } else { - /* Flat level table */ - *cte = address_space_ldq_le(as, s->ct.base_addr + - (icid * GITS_CTE_SIZE), - MEMTXATTRS_UNSPECIFIED, res); + if (entry_addr == -1) { + return false; /* not valid */ } + *cte = address_space_ldq_le(as, entry_addr, MEMTXATTRS_UNSPECIFIED, res); return FIELD_EX64(*cte, CTE, VALID); } @@ -172,41 +208,12 @@ static bool get_ite(GICv3ITSState *s, uint32_t eventid, uint64_t dte, static uint64_t get_dte(GICv3ITSState *s, uint32_t devid, MemTxResult *res) { AddressSpace *as = &s->gicv3->dma_as; - uint64_t l2t_addr; - uint64_t value; - bool valid_l2t; - uint32_t l2t_id; - uint32_t num_l2_entries; + uint64_t entry_addr = table_entry_addr(s, &s->dt, devid, res); - if (s->dt.indirect) { - l2t_id = devid / (s->dt.page_sz / L1TABLE_ENTRY_SIZE); - - value = address_space_ldq_le(as, - s->dt.base_addr + - (l2t_id * L1TABLE_ENTRY_SIZE), - MEMTXATTRS_UNSPECIFIED, res); - - if (*res == MEMTX_OK) { - valid_l2t = (value & L2_TABLE_VALID_MASK) != 0; - - if (valid_l2t) { - num_l2_entries = s->dt.page_sz / s->dt.entry_sz; - - l2t_addr = value & ((1ULL << 51) - 1); - - value = address_space_ldq_le(as, l2t_addr + - ((devid % num_l2_entries) * GITS_DTE_SIZE), - MEMTXATTRS_UNSPECIFIED, res); - } - } - } else { - /* Flat level table */ - value = address_space_ldq_le(as, s->dt.base_addr + - (devid * GITS_DTE_SIZE), - MEMTXATTRS_UNSPECIFIED, res); + if (entry_addr == -1) { + return 0; /* a DTE entry with the Valid bit clear */ } - - return value; + return address_space_ldq_le(as, entry_addr, MEMTXATTRS_UNSPECIFIED, res); } /* @@ -217,21 +224,20 @@ static uint64_t get_dte(GICv3ITSState *s, uint32_t devid, MemTxResult *res) * 3. handling of ITS CLEAR command * 4. handling of ITS DISCARD command */ -static bool process_its_cmd(GICv3ITSState *s, uint64_t value, uint32_t offset, - ItsCmdType cmd) +static ItsCmdResult process_its_cmd(GICv3ITSState *s, uint64_t value, + uint32_t offset, ItsCmdType cmd) { AddressSpace *as = &s->gicv3->dma_as; uint32_t devid, eventid; MemTxResult res = MEMTX_OK; bool dte_valid; uint64_t dte = 0; - uint32_t max_eventid; + uint64_t num_eventids; uint16_t icid = 0; uint32_t pIntid = 0; bool ite_valid = false; uint64_t cte = 0; bool cte_valid = false; - bool result = false; uint64_t rdbase; if (cmd == NONE) { @@ -245,103 +251,111 @@ static bool process_its_cmd(GICv3ITSState *s, uint64_t value, uint32_t offset, } if (res != MEMTX_OK) { - return result; + return CMD_STALL; } eventid = (value & EVENTID_MASK); + if (devid >= s->dt.num_entries) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: invalid command attributes: devid %d>=%d", + __func__, devid, s->dt.num_entries); + return CMD_CONTINUE; + } + dte = get_dte(s, devid, &res); if (res != MEMTX_OK) { - return result; + return CMD_STALL; } dte_valid = FIELD_EX64(dte, DTE, VALID); - if (dte_valid) { - max_eventid = 1UL << (FIELD_EX64(dte, DTE, SIZE) + 1); + if (!dte_valid) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: invalid command attributes: " + "invalid dte: %"PRIx64" for %d\n", + __func__, dte, devid); + return CMD_CONTINUE; + } - ite_valid = get_ite(s, eventid, dte, &icid, &pIntid, &res); + num_eventids = 1ULL << (FIELD_EX64(dte, DTE, SIZE) + 1); - if (res != MEMTX_OK) { - return result; - } + if (eventid >= num_eventids) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: invalid command attributes: eventid %d >= %" + PRId64 "\n", + __func__, eventid, num_eventids); + return CMD_CONTINUE; + } - if (ite_valid) { - cte_valid = get_cte(s, icid, &cte, &res); - } + ite_valid = get_ite(s, eventid, dte, &icid, &pIntid, &res); + if (res != MEMTX_OK) { + return CMD_STALL; + } - if (res != MEMTX_OK) { - return result; - } - } else { + if (!ite_valid) { qemu_log_mask(LOG_GUEST_ERROR, - "%s: invalid command attributes: " - "invalid dte: %"PRIx64" for %d (MEM_TX: %d)\n", - __func__, dte, devid, res); - return result; + "%s: invalid command attributes: invalid ITE\n", + __func__); + return CMD_CONTINUE; } - - /* - * In this implementation, in case of guest errors we ignore the - * command and move onto the next command in the queue. - */ - if (devid >= s->dt.num_ids) { + if (icid >= s->ct.num_entries) { qemu_log_mask(LOG_GUEST_ERROR, - "%s: invalid command attributes: devid %d>=%d", - __func__, devid, s->dt.num_ids); + "%s: invalid ICID 0x%x in ITE (table corrupted?)\n", + __func__, icid); + return CMD_CONTINUE; + } - } else if (!dte_valid || !ite_valid || !cte_valid) { + cte_valid = get_cte(s, icid, &cte, &res); + if (res != MEMTX_OK) { + return CMD_STALL; + } + if (!cte_valid) { qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid command attributes: " - "dte: %s, ite: %s, cte: %s\n", - __func__, - dte_valid ? "valid" : "invalid", - ite_valid ? "valid" : "invalid", - cte_valid ? "valid" : "invalid"); - } else if (eventid > max_eventid) { - qemu_log_mask(LOG_GUEST_ERROR, - "%s: invalid command attributes: eventid %d > %d\n", - __func__, eventid, max_eventid); - } else { - /* - * Current implementation only supports rdbase == procnum - * Hence rdbase physical address is ignored - */ - rdbase = FIELD_EX64(cte, CTE, RDBASE); + "invalid cte: %"PRIx64"\n", + __func__, cte); + return CMD_CONTINUE; + } - if (rdbase >= s->gicv3->num_cpu) { - return result; - } + /* + * Current implementation only supports rdbase == procnum + * Hence rdbase physical address is ignored + */ + rdbase = FIELD_EX64(cte, CTE, RDBASE); - if ((cmd == CLEAR) || (cmd == DISCARD)) { - gicv3_redist_process_lpi(&s->gicv3->cpu[rdbase], pIntid, 0); - } else { - gicv3_redist_process_lpi(&s->gicv3->cpu[rdbase], pIntid, 1); - } + if (rdbase >= s->gicv3->num_cpu) { + return CMD_CONTINUE; + } - if (cmd == DISCARD) { - IteEntry ite = {}; - /* remove mapping from interrupt translation table */ - result = update_ite(s, eventid, dte, ite); - } + if ((cmd == CLEAR) || (cmd == DISCARD)) { + gicv3_redist_process_lpi(&s->gicv3->cpu[rdbase], pIntid, 0); + } else { + gicv3_redist_process_lpi(&s->gicv3->cpu[rdbase], pIntid, 1); } - return result; + if (cmd == DISCARD) { + IteEntry ite = {}; + /* remove mapping from interrupt translation table */ + return update_ite(s, eventid, dte, ite) ? CMD_CONTINUE : CMD_STALL; + } + return CMD_CONTINUE; } -static bool process_mapti(GICv3ITSState *s, uint64_t value, uint32_t offset, - bool ignore_pInt) +static ItsCmdResult process_mapti(GICv3ITSState *s, uint64_t value, + uint32_t offset, bool ignore_pInt) { AddressSpace *as = &s->gicv3->dma_as; uint32_t devid, eventid; uint32_t pIntid = 0; - uint32_t max_eventid, max_Intid; + uint64_t num_eventids; + uint32_t num_intids; bool dte_valid; MemTxResult res = MEMTX_OK; uint16_t icid = 0; uint64_t dte = 0; - bool result = false; + IteEntry ite = {}; devid = ((value & DEVID_MASK) >> DEVID_SHIFT); offset += NUM_BYTES_IN_DW; @@ -349,7 +363,7 @@ static bool process_mapti(GICv3ITSState *s, uint64_t value, uint32_t offset, MEMTXATTRS_UNSPECIFIED, &res); if (res != MEMTX_OK) { - return result; + return CMD_STALL; } eventid = (value & EVENTID_MASK); @@ -365,58 +379,59 @@ static bool process_mapti(GICv3ITSState *s, uint64_t value, uint32_t offset, MEMTXATTRS_UNSPECIFIED, &res); if (res != MEMTX_OK) { - return result; + return CMD_STALL; } icid = value & ICID_MASK; + if (devid >= s->dt.num_entries) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: invalid command attributes: devid %d>=%d", + __func__, devid, s->dt.num_entries); + return CMD_CONTINUE; + } + dte = get_dte(s, devid, &res); if (res != MEMTX_OK) { - return result; + return CMD_STALL; } dte_valid = FIELD_EX64(dte, DTE, VALID); - max_eventid = 1UL << (FIELD_EX64(dte, DTE, SIZE) + 1); - max_Intid = (1ULL << (GICD_TYPER_IDBITS + 1)) - 1; + num_eventids = 1ULL << (FIELD_EX64(dte, DTE, SIZE) + 1); + num_intids = 1ULL << (GICD_TYPER_IDBITS + 1); - if ((devid >= s->dt.num_ids) || (icid >= s->ct.num_ids) - || !dte_valid || (eventid > max_eventid) || - (((pIntid < GICV3_LPI_INTID_START) || (pIntid > max_Intid)) && + if ((icid >= s->ct.num_entries) + || !dte_valid || (eventid >= num_eventids) || + (((pIntid < GICV3_LPI_INTID_START) || (pIntid >= num_intids)) && (pIntid != INTID_SPURIOUS))) { qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid command attributes " - "devid %d or icid %d or eventid %d or pIntid %d or" - "unmapped dte %d\n", __func__, devid, icid, eventid, + "icid %d or eventid %d or pIntid %d or" + "unmapped dte %d\n", __func__, icid, eventid, pIntid, dte_valid); /* * in this implementation, in case of error * we ignore this command and move onto the next * command in the queue */ - } else { - /* add ite entry to interrupt translation table */ - IteEntry ite = {}; - ite.itel = FIELD_DP64(ite.itel, ITE_L, VALID, dte_valid); - ite.itel = FIELD_DP64(ite.itel, ITE_L, INTTYPE, ITE_INTTYPE_PHYSICAL); - ite.itel = FIELD_DP64(ite.itel, ITE_L, INTID, pIntid); - ite.itel = FIELD_DP64(ite.itel, ITE_L, DOORBELL, INTID_SPURIOUS); - ite.iteh = FIELD_DP32(ite.iteh, ITE_H, ICID, icid); - - result = update_ite(s, eventid, dte, ite); + return CMD_CONTINUE; } - return result; + /* add ite entry to interrupt translation table */ + ite.itel = FIELD_DP64(ite.itel, ITE_L, VALID, dte_valid); + ite.itel = FIELD_DP64(ite.itel, ITE_L, INTTYPE, ITE_INTTYPE_PHYSICAL); + ite.itel = FIELD_DP64(ite.itel, ITE_L, INTID, pIntid); + ite.itel = FIELD_DP64(ite.itel, ITE_L, DOORBELL, INTID_SPURIOUS); + ite.iteh = FIELD_DP32(ite.iteh, ITE_H, ICID, icid); + + return update_ite(s, eventid, dte, ite) ? CMD_CONTINUE : CMD_STALL; } static bool update_cte(GICv3ITSState *s, uint16_t icid, bool valid, uint64_t rdbase) { AddressSpace *as = &s->gicv3->dma_as; - uint64_t value; - uint64_t l2t_addr; - bool valid_l2t; - uint32_t l2t_id; - uint32_t num_l2_entries; + uint64_t entry_addr; uint64_t cte = 0; MemTxResult res = MEMTX_OK; @@ -430,54 +445,27 @@ static bool update_cte(GICv3ITSState *s, uint16_t icid, bool valid, cte = FIELD_DP64(cte, CTE, RDBASE, rdbase); } - /* - * The specification defines the format of level 1 entries of a - * 2-level table, but the format of level 2 entries and the format - * of flat-mapped tables is IMPDEF. - */ - if (s->ct.indirect) { - l2t_id = icid / (s->ct.page_sz / L1TABLE_ENTRY_SIZE); - - value = address_space_ldq_le(as, - s->ct.base_addr + - (l2t_id * L1TABLE_ENTRY_SIZE), - MEMTXATTRS_UNSPECIFIED, &res); - - if (res != MEMTX_OK) { - return false; - } - - valid_l2t = (value & L2_TABLE_VALID_MASK) != 0; - - if (valid_l2t) { - num_l2_entries = s->ct.page_sz / s->ct.entry_sz; - - l2t_addr = value & ((1ULL << 51) - 1); - - address_space_stq_le(as, l2t_addr + - ((icid % num_l2_entries) * GITS_CTE_SIZE), - cte, MEMTXATTRS_UNSPECIFIED, &res); - } - } else { - /* Flat level table */ - address_space_stq_le(as, s->ct.base_addr + (icid * GITS_CTE_SIZE), - cte, MEMTXATTRS_UNSPECIFIED, &res); - } + entry_addr = table_entry_addr(s, &s->ct, icid, &res); if (res != MEMTX_OK) { + /* memory access error: stall */ return false; - } else { + } + if (entry_addr == -1) { + /* No L2 table for this index: discard write and continue */ return true; } + + address_space_stq_le(as, entry_addr, cte, MEMTXATTRS_UNSPECIFIED, &res); + return res == MEMTX_OK; } -static bool process_mapc(GICv3ITSState *s, uint32_t offset) +static ItsCmdResult process_mapc(GICv3ITSState *s, uint32_t offset) { AddressSpace *as = &s->gicv3->dma_as; uint16_t icid; uint64_t rdbase; bool valid; MemTxResult res = MEMTX_OK; - bool result = false; uint64_t value; offset += NUM_BYTES_IN_DW; @@ -487,7 +475,7 @@ static bool process_mapc(GICv3ITSState *s, uint32_t offset) MEMTXATTRS_UNSPECIFIED, &res); if (res != MEMTX_OK) { - return result; + return CMD_STALL; } icid = value & ICID_MASK; @@ -497,7 +485,7 @@ static bool process_mapc(GICv3ITSState *s, uint32_t offset) valid = (value & CMD_FIELD_VALID_MASK); - if ((icid >= s->ct.num_ids) || (rdbase >= s->gicv3->num_cpu)) { + if ((icid >= s->ct.num_entries) || (rdbase >= s->gicv3->num_cpu)) { qemu_log_mask(LOG_GUEST_ERROR, "ITS MAPC: invalid collection table attributes " "icid %d rdbase %" PRIu64 "\n", icid, rdbase); @@ -506,22 +494,17 @@ static bool process_mapc(GICv3ITSState *s, uint32_t offset) * we ignore this command and move onto the next * command in the queue */ - } else { - result = update_cte(s, icid, valid, rdbase); + return CMD_CONTINUE; } - return result; + return update_cte(s, icid, valid, rdbase) ? CMD_CONTINUE : CMD_STALL; } static bool update_dte(GICv3ITSState *s, uint32_t devid, bool valid, uint8_t size, uint64_t itt_addr) { AddressSpace *as = &s->gicv3->dma_as; - uint64_t value; - uint64_t l2t_addr; - bool valid_l2t; - uint32_t l2t_id; - uint32_t num_l2_entries; + uint64_t entry_addr; uint64_t dte = 0; MemTxResult res = MEMTX_OK; @@ -536,47 +519,21 @@ static bool update_dte(GICv3ITSState *s, uint32_t devid, bool valid, return true; } - /* - * The specification defines the format of level 1 entries of a - * 2-level table, but the format of level 2 entries and the format - * of flat-mapped tables is IMPDEF. - */ - if (s->dt.indirect) { - l2t_id = devid / (s->dt.page_sz / L1TABLE_ENTRY_SIZE); - - value = address_space_ldq_le(as, - s->dt.base_addr + - (l2t_id * L1TABLE_ENTRY_SIZE), - MEMTXATTRS_UNSPECIFIED, &res); - - if (res != MEMTX_OK) { - return false; - } - - valid_l2t = (value & L2_TABLE_VALID_MASK) != 0; - - if (valid_l2t) { - num_l2_entries = s->dt.page_sz / s->dt.entry_sz; - - l2t_addr = value & ((1ULL << 51) - 1); - - address_space_stq_le(as, l2t_addr + - ((devid % num_l2_entries) * GITS_DTE_SIZE), - dte, MEMTXATTRS_UNSPECIFIED, &res); - } - } else { - /* Flat level table */ - address_space_stq_le(as, s->dt.base_addr + (devid * GITS_DTE_SIZE), - dte, MEMTXATTRS_UNSPECIFIED, &res); - } + entry_addr = table_entry_addr(s, &s->dt, devid, &res); if (res != MEMTX_OK) { + /* memory access error: stall */ return false; - } else { + } + if (entry_addr == -1) { + /* No L2 table for this index: discard write and continue */ return true; } + address_space_stq_le(as, entry_addr, dte, MEMTXATTRS_UNSPECIFIED, &res); + return res == MEMTX_OK; } -static bool process_mapd(GICv3ITSState *s, uint64_t value, uint32_t offset) +static ItsCmdResult process_mapd(GICv3ITSState *s, uint64_t value, + uint32_t offset) { AddressSpace *as = &s->gicv3->dma_as; uint32_t devid; @@ -584,7 +541,6 @@ static bool process_mapd(GICv3ITSState *s, uint64_t value, uint32_t offset) uint64_t itt_addr; bool valid; MemTxResult res = MEMTX_OK; - bool result = false; devid = ((value & DEVID_MASK) >> DEVID_SHIFT); @@ -593,7 +549,7 @@ static bool process_mapd(GICv3ITSState *s, uint64_t value, uint32_t offset) MEMTXATTRS_UNSPECIFIED, &res); if (res != MEMTX_OK) { - return result; + return CMD_STALL; } size = (value & SIZE_MASK); @@ -603,14 +559,14 @@ static bool process_mapd(GICv3ITSState *s, uint64_t value, uint32_t offset) MEMTXATTRS_UNSPECIFIED, &res); if (res != MEMTX_OK) { - return result; + return CMD_STALL; } itt_addr = (value & ITTADDR_MASK) >> ITTADDR_SHIFT; valid = (value & CMD_FIELD_VALID_MASK); - if ((devid >= s->dt.num_ids) || + if ((devid >= s->dt.num_entries) || (size > FIELD_EX64(s->typer, GITS_TYPER, IDBITS))) { qemu_log_mask(LOG_GUEST_ERROR, "ITS MAPD: invalid device table attributes " @@ -620,11 +576,205 @@ static bool process_mapd(GICv3ITSState *s, uint64_t value, uint32_t offset) * we ignore this command and move onto the next * command in the queue */ - } else { - result = update_dte(s, devid, valid, size, itt_addr); + return CMD_CONTINUE; } - return result; + return update_dte(s, devid, valid, size, itt_addr) ? CMD_CONTINUE : CMD_STALL; +} + +static ItsCmdResult process_movall(GICv3ITSState *s, uint64_t value, + uint32_t offset) +{ + AddressSpace *as = &s->gicv3->dma_as; + MemTxResult res = MEMTX_OK; + uint64_t rd1, rd2; + + /* No fields in dwords 0 or 1 */ + offset += NUM_BYTES_IN_DW; + offset += NUM_BYTES_IN_DW; + value = address_space_ldq_le(as, s->cq.base_addr + offset, + MEMTXATTRS_UNSPECIFIED, &res); + if (res != MEMTX_OK) { + return CMD_STALL; + } + + rd1 = FIELD_EX64(value, MOVALL_2, RDBASE1); + if (rd1 >= s->gicv3->num_cpu) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: RDBASE1 %" PRId64 + " out of range (must be less than %d)\n", + __func__, rd1, s->gicv3->num_cpu); + return CMD_CONTINUE; + } + + offset += NUM_BYTES_IN_DW; + value = address_space_ldq_le(as, s->cq.base_addr + offset, + MEMTXATTRS_UNSPECIFIED, &res); + if (res != MEMTX_OK) { + return CMD_STALL; + } + + rd2 = FIELD_EX64(value, MOVALL_3, RDBASE2); + if (rd2 >= s->gicv3->num_cpu) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: RDBASE2 %" PRId64 + " out of range (must be less than %d)\n", + __func__, rd2, s->gicv3->num_cpu); + return CMD_CONTINUE; + } + + if (rd1 == rd2) { + /* Move to same target must succeed as a no-op */ + return CMD_CONTINUE; + } + + /* Move all pending LPIs from redistributor 1 to redistributor 2 */ + gicv3_redist_movall_lpis(&s->gicv3->cpu[rd1], &s->gicv3->cpu[rd2]); + + return CMD_CONTINUE; +} + +static ItsCmdResult process_movi(GICv3ITSState *s, uint64_t value, + uint32_t offset) +{ + AddressSpace *as = &s->gicv3->dma_as; + MemTxResult res = MEMTX_OK; + uint32_t devid, eventid, intid; + uint16_t old_icid, new_icid; + uint64_t old_cte, new_cte; + uint64_t old_rdbase, new_rdbase; + uint64_t dte; + bool dte_valid, ite_valid, cte_valid; + uint64_t num_eventids; + IteEntry ite = {}; + + devid = FIELD_EX64(value, MOVI_0, DEVICEID); + + offset += NUM_BYTES_IN_DW; + value = address_space_ldq_le(as, s->cq.base_addr + offset, + MEMTXATTRS_UNSPECIFIED, &res); + if (res != MEMTX_OK) { + return CMD_STALL; + } + eventid = FIELD_EX64(value, MOVI_1, EVENTID); + + offset += NUM_BYTES_IN_DW; + value = address_space_ldq_le(as, s->cq.base_addr + offset, + MEMTXATTRS_UNSPECIFIED, &res); + if (res != MEMTX_OK) { + return CMD_STALL; + } + new_icid = FIELD_EX64(value, MOVI_2, ICID); + + if (devid >= s->dt.num_entries) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: invalid command attributes: devid %d>=%d", + __func__, devid, s->dt.num_entries); + return CMD_CONTINUE; + } + dte = get_dte(s, devid, &res); + if (res != MEMTX_OK) { + return CMD_STALL; + } + + dte_valid = FIELD_EX64(dte, DTE, VALID); + if (!dte_valid) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: invalid command attributes: " + "invalid dte: %"PRIx64" for %d\n", + __func__, dte, devid); + return CMD_CONTINUE; + } + + num_eventids = 1ULL << (FIELD_EX64(dte, DTE, SIZE) + 1); + if (eventid >= num_eventids) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: invalid command attributes: eventid %d >= %" + PRId64 "\n", + __func__, eventid, num_eventids); + return CMD_CONTINUE; + } + + ite_valid = get_ite(s, eventid, dte, &old_icid, &intid, &res); + if (res != MEMTX_OK) { + return CMD_STALL; + } + + if (!ite_valid) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: invalid command attributes: invalid ITE\n", + __func__); + return CMD_CONTINUE; + } + + if (old_icid >= s->ct.num_entries) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: invalid ICID 0x%x in ITE (table corrupted?)\n", + __func__, old_icid); + return CMD_CONTINUE; + } + + if (new_icid >= s->ct.num_entries) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: invalid command attributes: ICID 0x%x\n", + __func__, new_icid); + return CMD_CONTINUE; + } + + cte_valid = get_cte(s, old_icid, &old_cte, &res); + if (res != MEMTX_OK) { + return CMD_STALL; + } + if (!cte_valid) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: invalid command attributes: " + "invalid cte: %"PRIx64"\n", + __func__, old_cte); + return CMD_CONTINUE; + } + + cte_valid = get_cte(s, new_icid, &new_cte, &res); + if (res != MEMTX_OK) { + return CMD_STALL; + } + if (!cte_valid) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: invalid command attributes: " + "invalid cte: %"PRIx64"\n", + __func__, new_cte); + return CMD_CONTINUE; + } + + old_rdbase = FIELD_EX64(old_cte, CTE, RDBASE); + if (old_rdbase >= s->gicv3->num_cpu) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: CTE has invalid rdbase 0x%"PRIx64"\n", + __func__, old_rdbase); + return CMD_CONTINUE; + } + + new_rdbase = FIELD_EX64(new_cte, CTE, RDBASE); + if (new_rdbase >= s->gicv3->num_cpu) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: CTE has invalid rdbase 0x%"PRIx64"\n", + __func__, new_rdbase); + return CMD_CONTINUE; + } + + if (old_rdbase != new_rdbase) { + /* Move the LPI from the old redistributor to the new one */ + gicv3_redist_mov_lpi(&s->gicv3->cpu[old_rdbase], + &s->gicv3->cpu[new_rdbase], + intid); + } + + /* Update the ICID field in the interrupt translation table entry */ + ite.itel = FIELD_DP64(ite.itel, ITE_L, VALID, 1); + ite.itel = FIELD_DP64(ite.itel, ITE_L, INTTYPE, ITE_INTTYPE_PHYSICAL); + ite.itel = FIELD_DP64(ite.itel, ITE_L, INTID, intid); + ite.itel = FIELD_DP64(ite.itel, ITE_L, DOORBELL, INTID_SPURIOUS); + ite.iteh = FIELD_DP32(ite.iteh, ITE_H, ICID, new_icid); + return update_ite(s, eventid, dte, ite) ? CMD_CONTINUE : CMD_STALL; } /* @@ -639,7 +789,6 @@ static void process_cmdq(GICv3ITSState *s) uint64_t data; AddressSpace *as = &s->gicv3->dma_as; MemTxResult res = MEMTX_OK; - bool result = true; uint8_t cmd; int i; @@ -666,20 +815,29 @@ static void process_cmdq(GICv3ITSState *s) } while (wr_offset != rd_offset) { + ItsCmdResult result = CMD_CONTINUE; + cq_offset = (rd_offset * GITS_CMDQ_ENTRY_SIZE); data = address_space_ldq_le(as, s->cq.base_addr + cq_offset, MEMTXATTRS_UNSPECIFIED, &res); if (res != MEMTX_OK) { - result = false; + s->creadr = FIELD_DP64(s->creadr, GITS_CREADR, STALLED, 1); + qemu_log_mask(LOG_GUEST_ERROR, + "%s: could not read command at 0x%" PRIx64 "\n", + __func__, s->cq.base_addr + cq_offset); + break; } + cmd = (data & CMD_MASK); + trace_gicv3_its_process_command(rd_offset, cmd); + switch (cmd) { case GITS_CMD_INT: - res = process_its_cmd(s, data, cq_offset, INTERRUPT); + result = process_its_cmd(s, data, cq_offset, INTERRUPT); break; case GITS_CMD_CLEAR: - res = process_its_cmd(s, data, cq_offset, CLEAR); + result = process_its_cmd(s, data, cq_offset, CLEAR); break; case GITS_CMD_SYNC: /* @@ -716,21 +874,25 @@ static void process_cmdq(GICv3ITSState *s) gicv3_redist_update_lpi(&s->gicv3->cpu[i]); } break; + case GITS_CMD_MOVI: + result = process_movi(s, data, cq_offset); + break; + case GITS_CMD_MOVALL: + result = process_movall(s, data, cq_offset); + break; default: break; } - if (result) { + if (result == CMD_CONTINUE) { rd_offset++; rd_offset %= s->cq.num_entries; s->creadr = FIELD_DP64(s->creadr, GITS_CREADR, OFFSET, rd_offset); } else { - /* - * in this implementation, in case of dma read/write error - * we stall the command processing - */ + /* CMD_STALL */ s->creadr = FIELD_DP64(s->creadr, GITS_CREADR, STALLED, 1); qemu_log_mask(LOG_GUEST_ERROR, - "%s: %x cmd processing failed\n", __func__, cmd); + "%s: 0x%x cmd processing failed, stalling\n", + __func__, cmd); break; } } @@ -830,7 +992,7 @@ static void extract_table_params(GICv3ITSState *s) L1TABLE_ENTRY_SIZE) * (page_sz / td->entry_sz)); } - td->num_ids = 1ULL << idbits; + td->num_entries = MIN(td->num_entries, 1ULL << idbits); } } @@ -852,6 +1014,18 @@ static void extract_cmdq_params(GICv3ITSState *s) } } +static MemTxResult gicv3_its_translation_read(void *opaque, hwaddr offset, + uint64_t *data, unsigned size, + MemTxAttrs attrs) +{ + /* + * GITS_TRANSLATER is write-only, and all other addresses + * in the interrupt translation space frame are RES0. + */ + *data = 0; + return MEMTX_OK; +} + static MemTxResult gicv3_its_translation_write(void *opaque, hwaddr offset, uint64_t data, unsigned size, MemTxAttrs attrs) @@ -860,6 +1034,8 @@ static MemTxResult gicv3_its_translation_write(void *opaque, hwaddr offset, bool result = true; uint32_t devid = 0; + trace_gicv3_its_translation_write(offset, data, size, attrs.requester_id); + switch (offset) { case GITS_TRANSLATER: if (s->ctlr & R_GITS_CTLR_ENABLED_MASK) { @@ -890,7 +1066,6 @@ static bool its_writel(GICv3ITSState *s, hwaddr offset, s->ctlr |= R_GITS_CTLR_ENABLED_MASK; extract_table_params(s); extract_cmdq_params(s); - s->creadr = 0; process_cmdq(s); } else { s->ctlr &= ~R_GITS_CTLR_ENABLED_MASK; @@ -904,7 +1079,6 @@ static bool its_writel(GICv3ITSState *s, hwaddr offset, if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) { s->cbaser = deposit64(s->cbaser, 0, 32, value); s->creadr = 0; - s->cwriter = s->creadr; } break; case GITS_CBASER + 4: @@ -915,7 +1089,6 @@ static bool its_writel(GICv3ITSState *s, hwaddr offset, if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) { s->cbaser = deposit64(s->cbaser, 32, 32, value); s->creadr = 0; - s->cwriter = s->creadr; } break; case GITS_CWRITER: @@ -957,6 +1130,10 @@ static bool its_writel(GICv3ITSState *s, hwaddr offset, if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) { index = (offset - GITS_BASER) / 8; + if (s->baser[index] == 0) { + /* Unimplemented GITS_BASERn: RAZ/WI */ + break; + } if (offset & 7) { value <<= 32; value &= ~GITS_BASER_RO_MASK; @@ -1053,6 +1230,10 @@ static bool its_writell(GICv3ITSState *s, hwaddr offset, */ if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) { index = (offset - GITS_BASER) / 8; + if (s->baser[index] == 0) { + /* Unimplemented GITS_BASERn: RAZ/WI */ + break; + } s->baser[index] &= GITS_BASER_RO_MASK; s->baser[index] |= (value & ~GITS_BASER_RO_MASK); } @@ -1065,7 +1246,6 @@ static bool its_writell(GICv3ITSState *s, hwaddr offset, if (!(s->ctlr & R_GITS_CTLR_ENABLED_MASK)) { s->cbaser = value; s->creadr = 0; - s->cwriter = s->creadr; } break; case GITS_CWRITER: @@ -1149,6 +1329,7 @@ static MemTxResult gicv3_its_read(void *opaque, hwaddr offset, uint64_t *data, qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid guest read at offset " TARGET_FMT_plx "size %u\n", __func__, offset, size); + trace_gicv3_its_badread(offset, size); /* * The spec requires that reserved registers are RAZ/WI; * so use false returns from leaf functions as a way to @@ -1156,6 +1337,8 @@ static MemTxResult gicv3_its_read(void *opaque, hwaddr offset, uint64_t *data, * the caller, or we'll cause a spurious guest data abort. */ *data = 0; + } else { + trace_gicv3_its_read(offset, *data, size); } return MEMTX_OK; } @@ -1182,12 +1365,15 @@ static MemTxResult gicv3_its_write(void *opaque, hwaddr offset, uint64_t data, qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid guest write at offset " TARGET_FMT_plx "size %u\n", __func__, offset, size); + trace_gicv3_its_badwrite(offset, data, size); /* * The spec requires that reserved registers are RAZ/WI; * so use false returns from leaf functions as a way to * trigger the guest-error logging but don't return it to * the caller, or we'll cause a spurious guest data abort. */ + } else { + trace_gicv3_its_write(offset, data, size); } return MEMTX_OK; } @@ -1203,6 +1389,7 @@ static const MemoryRegionOps gicv3_its_control_ops = { }; static const MemoryRegionOps gicv3_its_translation_ops = { + .read_with_attrs = gicv3_its_translation_read, .write_with_attrs = gicv3_its_translation_write, .valid.min_access_size = 2, .valid.max_access_size = 4, @@ -1225,9 +1412,6 @@ static void gicv3_arm_its_realize(DeviceState *dev, Error **errp) gicv3_its_init_mmio(s, &gicv3_its_control_ops, &gicv3_its_translation_ops); - address_space_init(&s->gicv3->dma_as, s->gicv3->dma, - "gicv3-its-sysmem"); - /* set the ITS default features supported */ s->typer = FIELD_DP64(s->typer, GITS_TYPER, PHYSICAL, 1); s->typer = FIELD_DP64(s->typer, GITS_TYPER, ITT_ENTRY_SIZE, |