2 * Jailhouse, a Linux-based partitioning hypervisor
4 * Copyright (c) ARM Limited, 2014
7 * Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
9 * This work is licensed under the terms of the GNU GPL, version 2. See
10 * the COPYING file in the top-level directory.
13 #include <jailhouse/cell.h>
14 #include <jailhouse/control.h>
15 #include <jailhouse/mmio.h>
16 #include <asm/control.h>
17 #include <asm/gic_common.h>
18 #include <asm/irqchip.h>
19 #include <asm/percpu.h>
20 #include <asm/platform.h>
21 #include <asm/spinlock.h>
22 #include <asm/traps.h>
24 #define REG_RANGE(base, n, size) \
25 (base) ... ((base) + (n - 1) * (size))
27 extern void *gicd_base;
28 extern unsigned int gicd_size;
30 static DEFINE_SPINLOCK(dist_lock);
32 /* The GIC interface numbering does not necessarily match the logical map */
33 static u8 target_cpu_map[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
36 * Most of the GIC distributor writes only reconfigure the IRQs corresponding to
37 * the bits of the written value, by using separate `set' and `clear' registers.
38 * Such registers can be handled by setting the `is_poke' boolean, which allows
39 * to simply restrict the mmio->value with the cell configuration mask.
40 * Others, such as the priority registers, will need to be read and written back
41 * with a restricted value, by using the distributor lock.
43 static int restrict_bitmask_access(struct mmio_access *mmio,
44 unsigned int reg_index,
45 unsigned int bits_per_irq,
48 struct cell *cell = this_cell();
50 unsigned long access_mask = 0;
52 * In order to avoid division, the number of bits per irq is limited
53 * to powers of 2 for the moment.
55 unsigned long irqs_per_reg = 32 >> ffsl(bits_per_irq);
56 unsigned long spi_bits = (1 << bits_per_irq) - 1;
57 /* First, extract the first interrupt affected by this access */
58 unsigned int first_irq = reg_index * irqs_per_reg;
60 /* For SGIs or PPIs, let the caller do the mmio access */
61 if (!is_spi(first_irq))
62 return TRAP_UNHANDLED;
64 /* For SPIs, compare against the cell config mask */
66 for (spi = first_irq; spi < first_irq + irqs_per_reg; spi++) {
67 unsigned int bit_nr = (spi - first_irq) * bits_per_irq;
68 if (spi_in_cell(cell, spi))
69 access_mask |= spi_bits << bit_nr;
72 if (!mmio->is_write) {
73 /* Restrict the read value */
74 arm_mmio_perform_access(mmio);
75 mmio->value &= access_mask;
81 * Modify the existing value of this register by first reading
83 * Relies on a spinlock since we need two mmio accesses.
85 unsigned long access_val = mmio->value;
87 spin_lock(&dist_lock);
89 mmio->is_write = false;
90 arm_mmio_perform_access(mmio);
91 mmio->is_write = true;
94 mmio->value &= ~(access_mask & ~access_val);
95 mmio->value |= access_val;
96 arm_mmio_perform_access(mmio);
98 spin_unlock(&dist_lock);
102 mmio->value &= access_mask;
104 return TRAP_UNHANDLED;
109 * GICv3 uses a 64bit register IROUTER for each IRQ
111 static int handle_irq_route(struct mmio_access *mmio, unsigned int irq)
113 struct cell *cell = this_cell();
116 /* Ignore aff3 on AArch32 (return 0) */
117 if (mmio->size == 4 && (mmio->address % 8))
120 /* SGIs and PPIs are res0 */
125 * Ignore accesses to SPIs that do not belong to the cell. This isn't
126 * forbidden, because the guest driver may simply iterate over all
127 * registers at initialisation
129 if (!spi_in_cell(cell, irq - 32))
132 /* Translate the virtual cpu id into the physical one */
133 if (mmio->is_write) {
134 mmio->value = arm_cpu_virt2phys(cell, mmio->value);
135 if (mmio->value == -1) {
136 printk("Attempt to route IRQ%d outside of cell\n", irq);
137 return TRAP_FORBIDDEN;
139 /* And do the access */
140 return TRAP_UNHANDLED;
142 cpu = mmio_read32(gicd_base + GICD_IROUTER + 8 * irq);
143 mmio->value = arm_cpu_phys2virt(cpu);
149 * GICv2 uses 8bit values for each IRQ in the ITARGETRs registers
151 static int handle_irq_target(struct mmio_access *mmio, unsigned int reg)
154 * ITARGETSR contain one byte per IRQ, so the first one affected by this
155 * access corresponds to the reg index
157 struct cell *cell = this_cell();
159 unsigned int spi = reg - 32;
165 * Let the guest freely access its SGIs and PPIs, which may be used to
166 * fill its CPU interface map.
169 return TRAP_UNHANDLED;
172 * The registers are byte-accessible, extend the access to a word if
176 mmio->value <<= 8 * offset;
180 for (i = 0; i < 4; i++, spi++) {
181 if (spi_in_cell(cell, spi))
182 access_mask |= 0xff << (8 * i);
189 targets = (mmio->value >> (8 * i)) & 0xff;
191 /* Check that the targeted interface belongs to the cell */
192 for (cpu = 0; cpu < 8; cpu++) {
193 if (!(targets & target_cpu_map[cpu]))
196 if (per_cpu(cpu)->cell == cell)
199 printk("Attempt to route SPI%d outside of cell\n", spi);
200 return TRAP_FORBIDDEN;
204 if (mmio->is_write) {
205 spin_lock(&dist_lock);
207 mmio_read32(gicd_base + GICD_ITARGETSR + reg + offset);
208 mmio->value &= access_mask;
209 /* Combine with external SPIs */
210 mmio->value |= (itargetsr & ~access_mask);
211 /* And do the access */
212 arm_mmio_perform_access(mmio);
213 spin_unlock(&dist_lock);
215 arm_mmio_perform_access(mmio);
216 mmio->value &= access_mask;
222 static int handle_sgir_access(struct mmio_access *mmio)
225 unsigned long val = mmio->value;
230 sgi.targets = (val >> 16) & 0xff;
231 sgi.routing_mode = (val >> 24) & 0x3;
237 return gic_handle_sgir_write(&sgi, false);
241 * Get the CPU interface ID for this cpu. It can be discovered by reading
242 * the banked value of the PPI and IPI TARGET registers
243 * Patch 2bb3135 in Linux explains why the probe may need to scans the first 8
244 * registers: some early implementation returned 0 for the first ITARGETSR
246 * Since those didn't have virtualization extensions, we can safely ignore that
249 int gic_probe_cpu_id(unsigned int cpu)
251 if (cpu >= ARRAY_SIZE(target_cpu_map))
254 target_cpu_map[cpu] = mmio_read32(gicd_base + GICD_ITARGETSR);
256 if (target_cpu_map[cpu] == 0)
262 int gic_handle_sgir_write(struct sgi *sgi, bool virt_input)
264 struct per_cpu *cpu_data = this_cpu_data();
266 unsigned long targets;
267 unsigned int this_cpu = cpu_data->cpu_id;
268 struct cell *cell = cpu_data->cell;
269 bool is_target = false;
271 cpu_data->stats[JAILHOUSE_CPU_STAT_VMEXITS_VSGI]++;
273 targets = sgi->targets;
276 /* Filter the targets */
277 for_each_cpu_except(cpu, cell->cpu_set, this_cpu) {
279 * When using a cpu map to target the different CPUs (GICv2),
280 * they are independent from the physical CPU IDs, so there is
281 * no need to translate them to the hypervisor's virtual IDs.
284 is_target = !!test_bit(arm_cpu_phys2virt(cpu),
287 is_target = !!(targets & target_cpu_map[cpu]);
289 if (sgi->routing_mode == 0 && !is_target)
292 irqchip_set_pending(per_cpu(cpu), sgi->id, false);
293 sgi->targets |= (1 << cpu);
296 /* Let the other CPUS inject their SGIs */
297 sgi->id = SGI_INJECT;
298 irqchip_send_sgi(sgi);
303 int gic_handle_dist_access(struct mmio_access *mmio)
306 unsigned long reg = mmio->address - (unsigned long)gicd_base;
309 case REG_RANGE(GICD_IROUTER, 1024, 8):
310 ret = handle_irq_route(mmio, (reg - GICD_IROUTER) / 8);
313 case REG_RANGE(GICD_ITARGETSR, 1024, 1):
314 ret = handle_irq_target(mmio, reg - GICD_ITARGETSR);
317 case REG_RANGE(GICD_ICENABLER, 32, 4):
318 case REG_RANGE(GICD_ISENABLER, 32, 4):
319 case REG_RANGE(GICD_ICPENDR, 32, 4):
320 case REG_RANGE(GICD_ISPENDR, 32, 4):
321 case REG_RANGE(GICD_ICACTIVER, 32, 4):
322 case REG_RANGE(GICD_ISACTIVER, 32, 4):
323 ret = restrict_bitmask_access(mmio, (reg & 0x7f) / 4, 1, true);
326 case REG_RANGE(GICD_IGROUPR, 32, 4):
327 ret = restrict_bitmask_access(mmio, (reg & 0x7f) / 4, 1, false);
330 case REG_RANGE(GICD_ICFGR, 64, 4):
331 ret = restrict_bitmask_access(mmio, (reg & 0xff) / 4, 2, false);
334 case REG_RANGE(GICD_IPRIORITYR, 255, 4):
335 ret = restrict_bitmask_access(mmio, (reg & 0x3ff) / 4, 8,
340 ret = handle_sgir_access(mmio);
346 case REG_RANGE(GICD_PIDR0, 4, 4):
347 case REG_RANGE(GICD_PIDR4, 4, 4):
348 case REG_RANGE(GICD_CIDR0, 4, 4):
349 /* Allow read access, ignore write */
350 ret = (mmio->is_write ? TRAP_HANDLED : TRAP_UNHANDLED);
358 /* The sub-handlers return TRAP_UNHANDLED to allow the access */
359 if (ret == TRAP_UNHANDLED) {
360 arm_mmio_perform_access(mmio);
367 void gic_handle_irq(struct per_cpu *cpu_data)
369 bool handled = false;
373 /* Read IAR1: set 'active' state */
374 irq_id = gic_read_iar();
376 if (irq_id == 0x3ff) /* Spurious IRQ */
380 if (is_sgi(irq_id)) {
381 arch_handle_sgi(cpu_data, irq_id);
384 handled = arch_handle_phys_irq(cpu_data, irq_id);
388 * Write EOIR1: drop priority, but stay active if handled is
390 * This allows to not be re-interrupted by a level-triggered
391 * interrupt that needs handling in the guest (e.g. timer)
393 irqchip_eoi_irq(irq_id, handled);
397 void gic_target_spis(struct cell *config_cell, struct cell *dest_cell)
399 unsigned int i, first_cpu, cpu_itf;
400 unsigned int shift = 0;
401 void *itargetsr = gicd_base + GICD_ITARGETSR;
406 /* Always route to the first logical CPU on reset */
407 for_each_cpu(first_cpu, dest_cell->cpu_set)
410 cpu_itf = target_cpu_map[first_cpu];
412 /* ITARGETSR0-7 contain the PPIs and SGIs, and are read-only. */
415 for (i = 0; i < 64; i++, shift = (shift + 8) % 32) {
416 if (spi_in_cell(config_cell, i)) {
417 mask |= (0xff << shift);
418 bits |= (cpu_itf << shift);
421 /* ITARGETRs have 4 IRQ per register */
422 if ((i + 1) % 4 == 0) {
423 targets = mmio_read32(itargetsr);
426 mmio_write32(itargetsr, targets);
projects / jailhouse.git / blob