aboutsummaryrefslogtreecommitdiff
path: root/hw/intc
AgeCommit message (Collapse)Author
2018-12-21ppc/xive: notify the CPU when the interrupt priority is more privilegedCédric Le Goater
After the event data was enqueued in the O/S Event Queue, the IVPE raises the bit corresponding to the priority of the pending interrupt in the register IBP (Interrupt Pending Buffer) to indicate there is an event pending in one of the 8 priority queues. The Pending Interrupt Priority Register (PIPR) is also updated using the IPB. This register represent the priority of the most favored pending notification. The PIPR is then compared to the the Current Processor Priority Register (CPPR). If it is more favored (numerically less than), the CPU interrupt line is raised and the EO bit of the Notification Source Register (NSR) is updated to notify the presence of an exception for the O/S. The check needs to be done whenever the PIPR or the CPPR are changed. The O/S acknowledges the interrupt with a special load in the Thread Interrupt Management Area. If the EO bit of the NSR is set, the CPPR takes the value of PIPR. The bit number in the IBP corresponding to the priority of the pending interrupt is reseted and so is the EO bit of the NSR. Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> [dwg: Fix style nits] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-12-21ppc/xive: introduce a simplified XIVE presenterCédric Le Goater
The last sub-engine of the XIVE architecture is the Interrupt Virtualization Presentation Engine (IVPE). On HW, the IVRE and the IVPE share elements, the Power Bus interface (CQ), the routing table descriptors, and they can be combined in the same HW logic. We do the same in QEMU and combine both engines in the XiveRouter for simplicity. When the IVRE has completed its job of matching an event source with a Notification Virtual Target (NVT) to notify, it forwards the event notification to the IVPE sub-engine. The IVPE scans the thread interrupt contexts of the Notification Virtual Targets (NVT) dispatched on the HW processor threads and if a match is found, it signals the thread. If not, the IVPE escalates the notification to some other targets and records the notification in a backlog queue. The IVPE maintains the thread interrupt context state for each of its NVTs not dispatched on HW processor threads in the Notification Virtual Target table (NVTT). The model currently only supports single NVT notifications. Signed-off-by: Cédric Le Goater <clg@kaod.org> [dwg: Folded in fix for field accessors] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-12-21ppc/xive: introduce the XIVE interrupt thread contextCédric Le Goater
Each POWER9 processor chip has a XIVE presenter that can generate four different exceptions to its threads: - hypervisor exception, - O/S exception - Event-Based Branch (EBB) - msgsnd (doorbell). Each exception has a state independent from the others called a Thread Interrupt Management context. This context is a set of registers which lets the thread handle priority management and interrupt acknowledgment among other things. The most important ones being : - Interrupt Priority Register (PIPR) - Interrupt Pending Buffer (IPB) - Current Processor Priority (CPPR) - Notification Source Register (NSR) These registers are accessible through a specific MMIO region, called the Thread Interrupt Management Area (TIMA), four aligned pages, each exposing a different view of the registers. First page (page address ending in 0b00) gives access to the entire context and is reserved for the ring 0 view for the physical thread context. The second (page address ending in 0b01) is for the hypervisor, ring 1 view. The third (page address ending in 0b10) is for the operating system, ring 2 view. The fourth (page address ending in 0b11) is for user level, ring 3 view. The thread interrupt context is modeled with a XiveTCTX object containing the values of the different exception registers. The TIMA region is mapped at the same address for each CPU. Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-12-21ppc/xive: add support for the END Event State BuffersCédric Le Goater
The Event Notification Descriptor (END) XIVE structure also contains two Event State Buffers providing further coalescing of interrupts, one for the notification event (ESn) and one for the escalation events (ESe). A MMIO page is assigned for each to control the EOI through loads only. Stores are not allowed. The END ESBs are modeled through an object resembling the 'XiveSource' It is stateless as the END state bits are backed into the XiveEND structure under the XiveRouter and the MMIO accesses follow the same rules as for the XiveSource ESBs. END ESBs are not supported by the Linux drivers neither on OPAL nor on sPAPR. Nevetherless, it provides a mean to study the question in the future and validates a bit more the XIVE model. Signed-off-by: Cédric Le Goater <clg@kaod.org> [dwg: Fold in a later fix for field access] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-12-21ppc/xive: introduce the XIVE Event Notification DescriptorsCédric Le Goater
To complete the event routing, the IVRE sub-engine uses a second table containing Event Notification Descriptor (END) structures. An END specifies on which Event Queue (EQ) the event notification data, defined in the associated EAS, should be posted when an exception occurs. It also defines which Notification Virtual Target (NVT) should be notified. The Event Queue is a memory page provided by the O/S defining a circular buffer, one per server and priority couple, containing Event Queue entries. These are 4 bytes long, the first bit being a 'generation' bit and the 31 following bits the END Data field. They are pulled by the O/S when the exception occurs. The END Data field is a way to set an invariant logical event source number for an IRQ. On sPAPR machines, it is set with the H_INT_SET_SOURCE_CONFIG hcall when the EISN flag is used. Signed-off-by: Cédric Le Goater <clg@kaod.org> [dwg: Fold in a later fix from Cédric fixing field accessors] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-12-21ppc/xive: introduce the XiveRouter modelCédric Le Goater
The XiveRouter models the second sub-engine of the XIVE architecture : the Interrupt Virtualization Routing Engine (IVRE). The IVRE handles event notifications of the IVSE and performs the interrupt routing process. For this purpose, it uses a set of tables stored in system memory, the first of which being the Event Assignment Structure (EAS) table. The EAT associates an interrupt source number with an Event Notification Descriptor (END) which will be used in a second phase of the routing process to identify a Notification Virtual Target. The XiveRouter is an abstract class which needs to be inherited from to define a storage for the EAT, and other upcoming tables. Signed-off-by: Cédric Le Goater <clg@kaod.org> [dwg: Folded in parts of a later fix by Cédric fixing field access] [dwg: Fix style nits] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-12-21ppc/xive: introduce the XiveNotifier interfaceCédric Le Goater
The XiveNotifier offers a simple interface, between the XiveSource object and the main interrupt controller of the machine. It will forward event notifications to the XIVE Interrupt Virtualization Routing Engine (IVRE). Signed-off-by: Cédric Le Goater <clg@kaod.org> [dwg: Adjust type name string for XiveNotifier] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-12-21ppc/xive: add support for the LSI interrupt sourcesCédric Le Goater
The 'sent' status of the LSI interrupt source is modeled with the 'P' bit of the ESB and the assertion status of the source is maintained with an extra bit under the main XiveSource object. The type of the source is stored in the same array for practical reasons. Signed-off-by: Cédric Le Goater <clg@kaod.org> [dwg: Fix style nit] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-12-21ppc/xive: introduce a XIVE interrupt source modelCédric Le Goater
The first sub-engine of the overall XIVE architecture is the Interrupt Virtualization Source Engine (IVSE). An IVSE can be integrated into another logic, like in a PCI PHB or in the main interrupt controller to manage IPIs. Each IVSE instance is associated with an Event State Buffer (ESB) that contains a two bit state entry for each possible event source. When an event is signaled to the IVSE, by MMIO or some other means, the associated interrupt state bits are fetched from the ESB and modified. Depending on the resulting ESB state, the event is forwarded to the IVRE sub-engine of the controller doing the routing. Each supported ESB entry is associated with either a single or a even/odd pair of pages which provides commands to manage the source: to EOI, to turn off the source for instance. On a sPAPR machine, the O/S will obtain the page address of the ESB entry associated with a source and its characteristic using the H_INT_GET_SOURCE_INFO hcall. On PowerNV, a similar OPAL call is used. The xive_source_notify() routine is in charge forwarding the source event notification to the routing engine. It will be filled later on. Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-12-16Merge remote-tracking branch 'remotes/pmaydell/tags/pull-misc-20181214' into ↵Peter Maydell
staging miscellaneous patches: * checkpatch.pl: Enforce multiline comment syntax * Rename cpu_physical_memory_write_rom() to address_space_write_rom() * disas, monitor, elf_ops: Use address_space_read() to read memory * Remove load_image() in favour of load_image_size() * Fix some minor memory leaks in arm boards/devices * virt: fix broken indentation # gpg: Signature made Fri 14 Dec 2018 14:41:20 GMT # gpg: using RSA key 3C2525ED14360CDE # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" # gpg: aka "Peter Maydell <pmaydell@gmail.com>" # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-misc-20181214: (22 commits) virt: Fix broken indentation target/arm: Create timers in realize, not init tests/test-arm-mptimer: Don't leak string memory hw/sd/sdhci: Don't leak memory region in sdhci_sysbus_realize() hw/arm/mps2-tz.c: Free mscname string in make_dma() target/arm: Free name string in ARMCPRegInfo hashtable entries include/hw/loader.h: Document load_image_size() hw/core/loader.c: Remove load_image() device_tree.c: Don't use load_image() hw/block/tc58128.c: Don't use load_image() hw/i386/multiboot.c: Don't use load_image() hw/i386/pc.c: Don't use load_image() hw/pci/pci.c: Don't use load_image() hw/smbios/smbios.c: Don't use load_image() hw/ppc/ppc405_boards: Don't use load_image() hw/ppc/mac_newworld, mac_oldworld: Don't use load_image() elf_ops.h: Use address_space_write() to write memory monitor: Use address_space_read() to read memory disas.c: Use address_space_read() to read memory Rename cpu_physical_memory_write_rom() to address_space_write_rom() ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-12-14Rename cpu_physical_memory_write_rom() to address_space_write_rom()Peter Maydell
The API of cpu_physical_memory_write_rom() is odd, because it takes an AddressSpace, unlike all the other cpu_physical_memory_* access functions. Rename it to address_space_write_rom(), and bring its API into line with address_space_write(). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Message-id: 20181122133507.30950-3-peter.maydell@linaro.org
2018-12-13target/arm: Introduce arm_hcr_el2_effRichard Henderson
Replace arm_hcr_el2_{fmo,imo,amo} with a more general routine that also takes SCR_EL3.NS (aka arm_is_secure_below_el3) into account, as documented for the plethora of bits in HCR_EL2. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20181210150501.7990-2-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-12-13intc/puv3_intc: Convert sysbus init function to realize functionMao Zhongyi
Use DeviceClass rather than SysBusDeviceClass in puv3_intc_class_init(). Cc: gxt@mprc.pku.edu.cn Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181130093852.20739-11-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-11-27vmstate: constify VMStateFieldMarc-André Lureau
Because they are supposed to remain const. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20181114132931.22624-1-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-24target/arm: Move some system registers into a substructureRichard Henderson
Create struct ARMISARegisters, to be accessed during translation. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20181016223115.24100-2-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-19ioapic: Fix error handling in realize()Markus Armbruster
Calling error_report() in a function that takes an Error ** argument is suspicious. ioapic_realize() does that, and then exit()s. Currently mostly harmless, as the device cannot be hot-plugged. Fixes: 20fd4b7b6d9282fe0cb83601f1821f31bd257458 Cc: Peter Xu <peterx@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20181017082702.5581-11-armbru@redhat.com>
2018-10-19Use error_fatal to simplify obvious fatal errors (again)Markus Armbruster
Add a slight improvement of the Coccinelle semantic patch from commit 007b06578ab, and use it to clean up. It leaves dead Error * variables behind, cleaned up manually. Cc: David Gibson <david@gibson.dropbear.id.au> Cc: Alexander Graf <agraf@suse.de> Cc: Eric Blake <eblake@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Message-Id: <20181017082702.5581-3-armbru@redhat.com>
2018-10-19error: Fix use of error_prepend() with &error_fatal, &error_abortMarkus Armbruster
From include/qapi/error.h: * Pass an existing error to the caller with the message modified: * error_propagate(errp, err); * error_prepend(errp, "Could not frobnicate '%s': ", name); Fei Li pointed out that doing error_propagate() first doesn't work well when @errp is &error_fatal or &error_abort: the error_prepend() is never reached. Since I doubt fixing the documentation will stop people from getting it wrong, introduce error_propagate_prepend(), in the hope that it lures people away from using its constituents in the wrong order. Update the instructions in error.h accordingly. Convert existing error_prepend() next to error_propagate to error_propagate_prepend(). If any of these get reached with &error_fatal or &error_abort, the error messages improve. I didn't check whether that's the case anywhere. Cc: Fei Li <fli@suse.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20181017082702.5581-2-armbru@redhat.com>
2018-09-25hw/intc/arm_gic: Drop GIC_BASE_IRQ macroPeter Maydell
The GIC_BASE_IRQ macro is a leftover from when we shared code between the GICv2 and the v7M NVIC. Since the NVIC is now split off, GIC_BASE_IRQ is always 0, and we can just delete it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com> Message-id: 20180824161819.11085-1-peter.maydell@linaro.org
2018-08-24hw/intc/arm_gic: Make per-cpu GICH memory regions 0x200 bytes largePeter Maydell
Reduce the size of the per-cpu GICH memory regions from 0x1000 to 0x200. The registers only cover 0x200 bytes, and the Cortex-A15 wants to map them at a spacing of 0x200 bytes apart. Having the region be too large interferes with mapping them like that, so reduce it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com> Message-id: 20180821132811.17675-3-peter.maydell@linaro.org
2018-08-23hw/intc/apic: Switch away from old_mmioPeter Maydell
Switch the apic away from using the old_mmio MemoryRegionOps accessor functions. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20180803101943.23722-1-peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-20nvic: Expose NMI linePeter Maydell
On real v7M hardware, the NMI line is an externally visible signal that an SoC or board can toggle to assert an NMI. Expose it in our QEMU NVIC and armv7m container objects so that a board model can wire it up if it needs to. In particular, the MPS2 watchdog is wired to NMI. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2018-08-20hw/intc/arm_gicv3_its: downgrade error_report to warn_report in ↵Jia He
kvm_arm_its_reset In scripts/arch-run.bash of kvm-unit-tests, it will check the qemu output log with: if [ -z "$(echo "$errors" | grep -vi warning)" ]; then Thus without the warning prefix, all of the test fail. Since it is not unrecoverable error in kvm_arm_its_reset for current implementation, downgrading the report from error to warn makes sense. Signed-off-by: Jia He <jia.he@hxt-semitech.com> Message-id: 1531969910-32843-1-git-send-email-jia.he@hxt-semitech.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14target/arm: Provide accessor functions for HCR_EL2.{IMO, FMO, AMO}Peter Maydell
The IMO, FMO and AMO bits in HCR_EL2 are defined to "behave as 1 for all purposes other than direct reads" if HCR_EL2.TGE is set and HCR_EL2.E2H is 0, and to "behave as 0 for all purposes other than direct reads" if HCR_EL2.TGE is set and HRC_EL2.E2H is 1. To avoid having to check E2H and TGE everywhere where we test IMO and FMO, provide accessors arm_hcr_el2_imo(), arm_hcr_el2_fmo()and arm_hcr_el2_amo(). We don't implement ARMv8.1-VHE yet, so the E2H case will never be true, but we include the logic to save effort when we eventually do get to that. (Note that in several of these callsites the change doesn't actually make a difference as either the callsite is handling TGE specially anyway, or the CPU can't get into that situation with TGE set; we change everywhere for consistency.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180724115950.17316-5-peter.maydell@linaro.org
2018-08-14intc/arm_gic: Improve tracesLuc Michel
Add some traces to the ARM GIC to catch register accesses (distributor, (v)cpu interface and virtual interface), and to take into account virtualization extensions (print `vcpu` instead of `cpu` when needed). Also add some virtualization extensions specific traces: LR updating and maintenance IRQ generation. Signed-off-by: Luc Michel <luc.michel@greensocs.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20180727095421.386-19-luc.michel@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14intc/arm_gic: Implement maintenance interrupt generationLuc Michel
Implement the maintenance interrupt generation that is part of the GICv2 virtualization extensions. Signed-off-by: Luc Michel <luc.michel@greensocs.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20180727095421.386-18-luc.michel@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14intc/arm_gic: Implement gic_update_virt() functionLuc Michel
Add the gic_update_virt() function to update the vCPU interface states and raise vIRQ and vFIQ as needed. This commit renames gic_update() to gic_update_internal() and generalizes it to handle both cases, with a `virt' parameter to track whether we are updating the CPU or vCPU interfaces. The main difference between CPU and vCPU is the way we select the best IRQ. This part has been split into the gic_get_best_(v)irq functions. For the virt case, the LRs are iterated to find the best candidate. Signed-off-by: Luc Michel <luc.michel@greensocs.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20180727095421.386-17-luc.michel@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14intc/arm_gic: Implement the virtual interface registersLuc Michel
Implement the read and write functions for the virtual interface of the virtualization extensions in the GICv2. One mirror region per CPU is also created, which maps to that specific CPU id. This is required by the GIC architecture specification. Signed-off-by: Luc Michel <luc.michel@greensocs.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20180727095421.386-16-luc.michel@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14intc/arm_gic: Wire the vCPU interfaceLuc Michel
Add the read/write functions to handle accesses to the vCPU interface. Those accesses are forwarded to the real CPU interface, with the CPU id being converted to the corresponding vCPU id (vCPU id = CPU id + GIC_NCPU). Signed-off-by: Luc Michel <luc.michel@greensocs.com> Message-id: 20180727095421.386-15-luc.michel@greensocs.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14intc/arm_gic: Implement virtualization extensions in gic_cpu_(read|write)Luc Michel
Implement virtualization extensions in the gic_cpu_read() and gic_cpu_write() functions. Those are the last bits missing to fully support virtualization extensions in the CPU interface path. Signed-off-by: Luc Michel <luc.michel@greensocs.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20180727095421.386-14-luc.michel@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14intc/arm_gic: Implement virtualization extensions in ↵Luc Michel
gic_(deactivate|complete_irq) Implement virtualization extensions in the gic_deactivate_irq() and gic_complete_irq() functions. When the guest writes an invalid vIRQ to V_EOIR or V_DIR, since the GICv2 specification is not entirely clear here, we adopt the behaviour observed on real hardware: * When V_CTRL.EOIMode is false (EOI split is disabled): - In case of an invalid vIRQ write to V_EOIR: -> If some bits are set in H_APR, an invalid vIRQ write to V_EOIR triggers a priority drop, and increments V_HCR.EOICount. -> If V_APR is already cleared, nothing happen - An invalid vIRQ write to V_DIR is ignored. * When V_CTRL.EOIMode is true: - In case of an invalid vIRQ write to V_EOIR: -> If some bits are set in H_APR, an invalid vIRQ write to V_EOIR triggers a priority drop. -> If V_APR is already cleared, nothing happen - An invalid vIRQ write to V_DIR increments V_HCR.EOICount. Signed-off-by: Luc Michel <luc.michel@greensocs.com> Message-id: 20180727095421.386-13-luc.michel@greensocs.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14intc/arm_gic: Implement virtualization extensions in gic_acknowledge_irqLuc Michel
Implement virtualization extensions in the gic_acknowledge_irq() function. This function changes the state of the highest priority IRQ from pending to active. When the current CPU is a vCPU, modifying the state of an IRQ modifies the corresponding LR entry. However if we clear the pending flag before setting the active one, we lose track of the LR entry as it becomes invalid. The next call to gic_get_lr_entry() will fail. To overcome this issue, we call gic_activate_irq() before gic_clear_pending(). This does not change the general behaviour of gic_acknowledge_irq. We also move the SGI case in gic_clear_pending_sgi() to enhance code readability as the virtualization extensions support adds a if-else level. Signed-off-by: Luc Michel <luc.michel@greensocs.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20180727095421.386-12-luc.michel@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14intc/arm_gic: Implement virtualization extensions in ↵Luc Michel
gic_(activate_irq|drop_prio) Implement virtualization extensions in gic_activate_irq() and gic_drop_prio() and in gic_get_prio_from_apr_bits() called by gic_drop_prio(). When the current CPU is a vCPU: - Use GIC_VIRT_MIN_BPR and GIC_VIRT_NR_APRS instead of their non-virt counterparts, - the vCPU APR is stored in the virtual interface, in h_apr. Signed-off-by: Luc Michel <luc.michel@greensocs.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20180727095421.386-11-luc.michel@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14intc/arm_gic: Add virtualization enabled IRQ helper functionsLuc Michel
Add some helper functions to gic_internal.h to get or change the state of an IRQ. When the current CPU is not a vCPU, the call is forwarded to the GIC distributor. Otherwise, it acts on the list register matching the IRQ in the current CPU virtual interface. gic_clear_active can have a side effect on the distributor, even in the vCPU case, when the correponding LR has the HW field set. Use those functions in the CPU interface code path to prepare for the vCPU interface implementation. Signed-off-by: Luc Michel <luc.michel@greensocs.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180727095421.386-10-luc.michel@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14intc/arm_gic: Refactor secure/ns access check in the CPU interfaceLuc Michel
An access to the CPU interface is non-secure if the current GIC instance implements the security extensions, and the memory access is actually non-secure. Until then, it was checked with tests such as if (s->security_extn && !attrs.secure) { ... } in various places of the CPU interface code. With the implementation of the virtualization extensions, those tests must be updated to take into account whether we are in a vCPU interface or not. This is because the exposed vCPU interface does not implement security extensions. This commits replaces all those tests with a call to the gic_cpu_ns_access() function to check if the current access to the CPU interface is non-secure. This function takes into account whether the current CPU is a vCPU or not. Note that this function is used only in the (v)CPU interface code path. The distributor code path is left unchanged, as the distributor is not exposed to vCPUs at all. Signed-off-by: Luc Michel <luc.michel@greensocs.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180727095421.386-9-luc.michel@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14intc/arm_gic: Add virtualization extensions helper macros and functionsLuc Michel
Add some helper macros and functions related to the virtualization extensions to gic_internal.h. The GICH_LR_* macros help extracting specific fields of a list register value. The only tricky one is the priority field as only the MSB are stored. The value must be shifted accordingly to obtain the correct priority value. gic_is_vcpu() and gic_get_vcpu_real_id() help with (v)CPU id manipulation to abstract the fact that vCPU id are in the range [ GIC_NCPU; (GIC_NCPU + num_cpu) [. gic_lr_* and gic_virq_is_valid() help with the list registers. gic_get_lr_entry() returns the LR entry for a given (vCPU, irq) pair. It is meant to be used in contexts where we know for sure that the entry exists, so we assert that entry is actually found, and the caller can avoid the NULL check on the returned pointer. Signed-off-by: Luc Michel <luc.michel@greensocs.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20180727095421.386-8-luc.michel@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14intc/arm_gic: Add virtual interface register definitionsLuc Michel
Add the register definitions for the virtual interface of the GICv2. Signed-off-by: Luc Michel <luc.michel@greensocs.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20180727095421.386-7-luc.michel@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14intc/arm_gic: Add the virtualization extensions to the GIC stateLuc Michel
Add the necessary parts of the virtualization extensions state to the GIC state. We choose to increase the size of the CPU interfaces state to add space for the vCPU interfaces (the GIC_NCPU_VCPU macro). This way, we'll be able to reuse most of the CPU interface code for the vCPUs. The only exception is the APR value, which is stored in h_apr in the virtual interface state for vCPUs. This is due to some complications with the GIC VMState, for which we don't want to break backward compatibility. APRs being stored in 2D arrays, increasing the second dimension would lead to some ugly VMState description. To avoid that, we keep it in h_apr for vCPUs. The vCPUs are numbered from GIC_NCPU to (GIC_NCPU * 2) - 1. The `gic_is_vcpu` function help to determine if a given CPU id correspond to a physical CPU or a virtual one. For the in-kernel KVM VGIC, since the exposed VGIC does not implement the virtualization extensions, we report an error if the corresponding property is set to true. Signed-off-by: Luc Michel <luc.michel@greensocs.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20180727095421.386-6-luc.michel@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14intc/arm_gic: Remove some dead code and put some functions staticLuc Michel
Some functions are now only used in arm_gic.c, put them static. Some of them where only used by the NVIC implementation and are not used anymore, so remove them. Signed-off-by: Luc Michel <luc.michel@greensocs.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20180727095421.386-4-luc.michel@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14intc/arm_gic: Implement GICD_ISACTIVERn and GICD_ICACTIVERn registersLuc Michel
Implement GICD_ISACTIVERn and GICD_ICACTIVERn registers in the GICv2. Those registers allow to set or clear the active state of an IRQ in the distributor. Signed-off-by: Luc Michel <luc.michel@greensocs.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20180727095421.386-3-luc.michel@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14intc/arm_gic: Refactor operations on the distributorLuc Michel
In preparation for the virtualization extensions implementation, refactor the name of the functions and macros that act on the GIC distributor to make that fact explicit. It will be useful to differentiate them from the ones that will act on the virtual interfaces. Signed-off-by: Luc Michel <luc.michel@greensocs.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20180727095421.386-2-luc.michel@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14nvic: Change NVIC to support ARMv6-MJulia Suvorova
The differences from ARMv7-M NVIC are: * ARMv6-M only supports up to 32 external interrupts (configurable feature already). The ICTR is reserved. * Active Bit Register is reserved. * ARMv6-M supports 4 priority levels against 256 in ARMv7-M. Signed-off-by: Julia Suvorova <jusual@mail.ru> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14arm: Add ARMv6-M programmer's model supportJulia Suvorova
Forbid stack alignment change. (CCR) Reserve FAULTMASK, BASEPRI registers. Report any fault as a HardFault. Disable MemManage, BusFault and UsageFault, so they always escalated to HardFault. (SHCSR) Signed-off-by: Julia Suvorova <jusual@mail.ru> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 20180718095628.26442-1-jusual@mail.ru Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-14nvic: Handle ARMv6-M SCS reserved registersJulia Suvorova
Handle SCS reserved registers listed in ARMv6-M ARM D3.6.1. All reserved registers are RAZ/WI. ARM_FEATURE_M_MAIN is used for the checks, because these registers are reserved in ARMv8-M Baseline too. Signed-off-by: Julia Suvorova <jusual@mail.ru> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-06hw/intc/arm_gicv3_common: Move gicd shift bug handling to gicv3_post_loadPeter Maydell
The code currently in gicv3_gicd_no_migration_shift_bug_post_load() that handles migration from older QEMU versions with a particular bug is misplaced. We need to run this after migration in all cases, not just the cases where the "arm_gicv3/gicd_no_migration_shift_bug" subsection is present, so it must go in a post_load hook for the top level VMSD, not for the subsection. Move it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 20180806123445.1459-6-peter.maydell@linaro.org
2018-08-06hw/intc/arm_gicv3_common: Move post_load hooks to top-level VMSDPeter Maydell
Contrary to the the impression given in docs/devel/migration.rst, the migration code does not run the pre_load hook for a subsection unless the subsection appears on the wire, and so this is not a place where you can set the default value for state for the "subsection not present" case. Instead this needs to be done in a pre_load hook for whatever is the parent VMSD of the subsection. We got this wrong in two of the subsection definitions in the GICv3 migration structs; fix this. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 20180806123445.1459-5-peter.maydell@linaro.org
2018-08-06hw/intc/arm_gicv3_common: Combine duplicate .subsections in vmstate_gicv3_cpuPeter Maydell
Commit 6692aac411199064 accidentally introduced a second initialization of the .subsections field of vmstate_gicv3_cpu, instead of adding the new subsection to the existing list. The effect of this was probably that migration of GICv3 with virtualization enabled was broken (or alternatively that migration of ICC_SRE_EL1 was broken, depending on which of the two initializers the compiler used). Combine the two into a single list. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180806123445.1459-3-peter.maydell@linaro.org
2018-08-06hw/intc/arm_gicv3_common: Give no-migration-shift-bug subsection a needed ↵Peter Maydell
function Currently the migration code incorrectly treats a subsection with no .needed function pointer as if it was the subsection list terminator -- it is ignored and so is everything after it. Work around this by giving vmstate_gicv3_gicd_no_migration_shift_bug a 'needed' function that always returns true. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180806123445.1459-2-peter.maydell@linaro.org
2018-07-30armv7m_nvic: Fix m-security subsection namePeter Maydell
The vmstate save/load code insists that subsections of a VMState must have names which include their parent VMState's name as a leading substring. Unfortunately it neither documents this nor checks it on device init or state save, but instead fails state load with a confusing error message ("Missing section footer for armv7m_nvic"). Fix the name of the m-security subsection of the NVIC, so that state save/load works correctly for the security-enabled NVIC. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180727113854.20283-2-peter.maydell@linaro.org
2018-07-24target/arm: Escalate to correct HardFault when AIRCR.BFHFNMINS is setPeter Maydell
When we escalate a v8M exception to HardFault, if AIRCR.BFHFNMINNS is set then we need to decide whether it should become a secure HardFault or a nonsecure HardFault. We should always escalate to the same target security state as the original exception. The current code tries to test this using the 'secure' bool, which is not right because that flag indicates whether the target security state only for banked exceptions; the effect was that we were incorrectly escalating always-secure exceptions like SecureFault to a nonsecure HardFault. Fix this by defining, logging and using a new 'targets_secure' bool which tracks the condition we actually want. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180723123457.2038-1-peter.maydell@linaro.org