]> git.proxmox.com Git - mirror_qemu.git/blob - hw/intc/xive.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ppc/xive: Make XIVE generate the proper interrupt types
[mirror_qemu.git] / hw / intc / xive.c
1 /*
2 * QEMU PowerPC XIVE interrupt controller model
3 *
4 * Copyright (c) 2017-2018, IBM Corporation.
5 *
6 * This code is licensed under the GPL version 2 or later. See the
7 * COPYING file in the top-level directory.
8 */
9
10 #include "qemu/osdep.h"
11 #include "qemu/log.h"
12 #include "qapi/error.h"
13 #include "target/ppc/cpu.h"
14 #include "sysemu/cpus.h"
15 #include "sysemu/dma.h"
16 #include "hw/qdev-properties.h"
17 #include "monitor/monitor.h"
18 #include "hw/ppc/xive.h"
19 #include "hw/ppc/xive_regs.h"
20
21 /*
22 * XIVE Thread Interrupt Management context
23 */
24
25 /*
26 * Convert a priority number to an Interrupt Pending Buffer (IPB)
27 * register, which indicates a pending interrupt at the priority
28 * corresponding to the bit number
29 */
30 static uint8_t priority_to_ipb(uint8_t priority)
31 {
32 return priority > XIVE_PRIORITY_MAX ?
33 0 : 1 << (XIVE_PRIORITY_MAX - priority);
34 }
35
36 /*
37 * Convert an Interrupt Pending Buffer (IPB) register to a Pending
38 * Interrupt Priority Register (PIPR), which contains the priority of
39 * the most favored pending notification.
40 */
41 static uint8_t ipb_to_pipr(uint8_t ibp)
42 {
43 return ibp ? clz32((uint32_t)ibp << 24) : 0xff;
44 }
45
46 static void ipb_update(uint8_t *regs, uint8_t priority)
47 {
48 regs[TM_IPB] |= priority_to_ipb(priority);
49 regs[TM_PIPR] = ipb_to_pipr(regs[TM_IPB]);
50 }
51
52 static uint8_t exception_mask(uint8_t ring)
53 {
54 switch (ring) {
55 case TM_QW1_OS:
56 return TM_QW1_NSR_EO;
57 case TM_QW3_HV_PHYS:
58 return TM_QW3_NSR_HE;
59 default:
60 g_assert_not_reached();
61 }
62 }
63
64 static qemu_irq xive_tctx_output(XiveTCTX *tctx, uint8_t ring)
65 {
66 switch (ring) {
67 case TM_QW0_USER:
68 return 0; /* Not supported */
69 case TM_QW1_OS:
70 return tctx->os_output;
71 case TM_QW2_HV_POOL:
72 case TM_QW3_HV_PHYS:
73 return tctx->hv_output;
74 default:
75 return 0;
76 }
77 }
78
79 static uint64_t xive_tctx_accept(XiveTCTX *tctx, uint8_t ring)
80 {
81 uint8_t *regs = &tctx->regs[ring];
82 uint8_t nsr = regs[TM_NSR];
83 uint8_t mask = exception_mask(ring);
84
85 qemu_irq_lower(xive_tctx_output(tctx, ring));
86
87 if (regs[TM_NSR] & mask) {
88 uint8_t cppr = regs[TM_PIPR];
89
90 regs[TM_CPPR] = cppr;
91
92 /* Reset the pending buffer bit */
93 regs[TM_IPB] &= ~priority_to_ipb(cppr);
94 regs[TM_PIPR] = ipb_to_pipr(regs[TM_IPB]);
95
96 /* Drop Exception bit */
97 regs[TM_NSR] &= ~mask;
98 }
99
100 return (nsr << 8) | regs[TM_CPPR];
101 }
102
103 static void xive_tctx_notify(XiveTCTX *tctx, uint8_t ring)
104 {
105 uint8_t *regs = &tctx->regs[ring];
106
107 if (regs[TM_PIPR] < regs[TM_CPPR]) {
108 switch (ring) {
109 case TM_QW1_OS:
110 regs[TM_NSR] |= TM_QW1_NSR_EO;
111 break;
112 case TM_QW3_HV_PHYS:
113 regs[TM_NSR] |= (TM_QW3_NSR_HE_PHYS << 6);
114 break;
115 default:
116 g_assert_not_reached();
117 }
118 qemu_irq_raise(xive_tctx_output(tctx, ring));
119 }
120 }
121
122 static void xive_tctx_set_cppr(XiveTCTX *tctx, uint8_t ring, uint8_t cppr)
123 {
124 if (cppr > XIVE_PRIORITY_MAX) {
125 cppr = 0xff;
126 }
127
128 tctx->regs[ring + TM_CPPR] = cppr;
129
130 /* CPPR has changed, check if we need to raise a pending exception */
131 xive_tctx_notify(tctx, ring);
132 }
133
134 /*
135 * XIVE Thread Interrupt Management Area (TIMA)
136 */
137
138 static void xive_tm_set_hv_cppr(XiveTCTX *tctx, hwaddr offset,
139 uint64_t value, unsigned size)
140 {
141 xive_tctx_set_cppr(tctx, TM_QW3_HV_PHYS, value & 0xff);
142 }
143
144 static uint64_t xive_tm_ack_hv_reg(XiveTCTX *tctx, hwaddr offset, unsigned size)
145 {
146 return xive_tctx_accept(tctx, TM_QW3_HV_PHYS);
147 }
148
149 static uint64_t xive_tm_pull_pool_ctx(XiveTCTX *tctx, hwaddr offset,
150 unsigned size)
151 {
152 uint64_t ret;
153
154 ret = tctx->regs[TM_QW2_HV_POOL + TM_WORD2] & TM_QW2W2_POOL_CAM;
155 tctx->regs[TM_QW2_HV_POOL + TM_WORD2] &= ~TM_QW2W2_POOL_CAM;
156 return ret;
157 }
158
159 static void xive_tm_vt_push(XiveTCTX *tctx, hwaddr offset,
160 uint64_t value, unsigned size)
161 {
162 tctx->regs[TM_QW3_HV_PHYS + TM_WORD2] = value & 0xff;
163 }
164
165 static uint64_t xive_tm_vt_poll(XiveTCTX *tctx, hwaddr offset, unsigned size)
166 {
167 return tctx->regs[TM_QW3_HV_PHYS + TM_WORD2] & 0xff;
168 }
169
170 /*
171 * Define an access map for each page of the TIMA that we will use in
172 * the memory region ops to filter values when doing loads and stores
173 * of raw registers values
174 *
175 * Registers accessibility bits :
176 *
177 * 0x0 - no access
178 * 0x1 - write only
179 * 0x2 - read only
180 * 0x3 - read/write
181 */
182
183 static const uint8_t xive_tm_hw_view[] = {
184 /* QW-0 User */ 3, 0, 0, 0, 0, 0, 0, 0, 3, 3, 3, 3, 0, 0, 0, 0,
185 /* QW-1 OS */ 3, 3, 3, 3, 3, 3, 0, 3, 3, 3, 3, 3, 0, 0, 0, 0,
186 /* QW-2 POOL */ 0, 0, 3, 3, 0, 0, 0, 0, 3, 3, 3, 3, 0, 0, 0, 0,
187 /* QW-3 PHYS */ 3, 3, 3, 3, 0, 3, 0, 3, 3, 0, 0, 3, 3, 3, 3, 0,
188 };
189
190 static const uint8_t xive_tm_hv_view[] = {
191 /* QW-0 User */ 3, 0, 0, 0, 0, 0, 0, 0, 3, 3, 3, 3, 0, 0, 0, 0,
192 /* QW-1 OS */ 3, 3, 3, 3, 3, 3, 0, 3, 3, 3, 3, 3, 0, 0, 0, 0,
193 /* QW-2 POOL */ 0, 0, 3, 3, 0, 0, 0, 0, 0, 3, 3, 3, 0, 0, 0, 0,
194 /* QW-3 PHYS */ 3, 3, 3, 3, 0, 3, 0, 3, 3, 0, 0, 3, 0, 0, 0, 0,
195 };
196
197 static const uint8_t xive_tm_os_view[] = {
198 /* QW-0 User */ 3, 0, 0, 0, 0, 0, 0, 0, 3, 3, 3, 3, 0, 0, 0, 0,
199 /* QW-1 OS */ 2, 3, 2, 2, 2, 2, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0,
200 /* QW-2 POOL */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
201 /* QW-3 PHYS */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
202 };
203
204 static const uint8_t xive_tm_user_view[] = {
205 /* QW-0 User */ 3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
206 /* QW-1 OS */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
207 /* QW-2 POOL */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
208 /* QW-3 PHYS */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
209 };
210
211 /*
212 * Overall TIMA access map for the thread interrupt management context
213 * registers
214 */
215 static const uint8_t *xive_tm_views[] = {
216 [XIVE_TM_HW_PAGE] = xive_tm_hw_view,
217 [XIVE_TM_HV_PAGE] = xive_tm_hv_view,
218 [XIVE_TM_OS_PAGE] = xive_tm_os_view,
219 [XIVE_TM_USER_PAGE] = xive_tm_user_view,
220 };
221
222 /*
223 * Computes a register access mask for a given offset in the TIMA
224 */
225 static uint64_t xive_tm_mask(hwaddr offset, unsigned size, bool write)
226 {
227 uint8_t page_offset = (offset >> TM_SHIFT) & 0x3;
228 uint8_t reg_offset = offset & 0x3F;
229 uint8_t reg_mask = write ? 0x1 : 0x2;
230 uint64_t mask = 0x0;
231 int i;
232
233 for (i = 0; i < size; i++) {
234 if (xive_tm_views[page_offset][reg_offset + i] & reg_mask) {
235 mask |= (uint64_t) 0xff << (8 * (size - i - 1));
236 }
237 }
238
239 return mask;
240 }
241
242 static void xive_tm_raw_write(XiveTCTX *tctx, hwaddr offset, uint64_t value,
243 unsigned size)
244 {
245 uint8_t ring_offset = offset & 0x30;
246 uint8_t reg_offset = offset & 0x3F;
247 uint64_t mask = xive_tm_mask(offset, size, true);
248 int i;
249
250 /*
251 * Only 4 or 8 bytes stores are allowed and the User ring is
252 * excluded
253 */
254 if (size < 4 || !mask || ring_offset == TM_QW0_USER) {
255 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid write access at TIMA @%"
256 HWADDR_PRIx"\n", offset);
257 return;
258 }
259
260 /*
261 * Use the register offset for the raw values and filter out
262 * reserved values
263 */
264 for (i = 0; i < size; i++) {
265 uint8_t byte_mask = (mask >> (8 * (size - i - 1)));
266 if (byte_mask) {
267 tctx->regs[reg_offset + i] = (value >> (8 * (size - i - 1))) &
268 byte_mask;
269 }
270 }
271 }
272
273 static uint64_t xive_tm_raw_read(XiveTCTX *tctx, hwaddr offset, unsigned size)
274 {
275 uint8_t ring_offset = offset & 0x30;
276 uint8_t reg_offset = offset & 0x3F;
277 uint64_t mask = xive_tm_mask(offset, size, false);
278 uint64_t ret;
279 int i;
280
281 /*
282 * Only 4 or 8 bytes loads are allowed and the User ring is
283 * excluded
284 */
285 if (size < 4 || !mask || ring_offset == TM_QW0_USER) {
286 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid read access at TIMA @%"
287 HWADDR_PRIx"\n", offset);
288 return -1;
289 }
290
291 /* Use the register offset for the raw values */
292 ret = 0;
293 for (i = 0; i < size; i++) {
294 ret |= (uint64_t) tctx->regs[reg_offset + i] << (8 * (size - i - 1));
295 }
296
297 /* filter out reserved values */
298 return ret & mask;
299 }
300
301 /*
302 * The TM context is mapped twice within each page. Stores and loads
303 * to the first mapping below 2K write and read the specified values
304 * without modification. The second mapping above 2K performs specific
305 * state changes (side effects) in addition to setting/returning the
306 * interrupt management area context of the processor thread.
307 */
308 static uint64_t xive_tm_ack_os_reg(XiveTCTX *tctx, hwaddr offset, unsigned size)
309 {
310 return xive_tctx_accept(tctx, TM_QW1_OS);
311 }
312
313 static void xive_tm_set_os_cppr(XiveTCTX *tctx, hwaddr offset,
314 uint64_t value, unsigned size)
315 {
316 xive_tctx_set_cppr(tctx, TM_QW1_OS, value & 0xff);
317 }
318
319 /*
320 * Adjust the IPB to allow a CPU to process event queues of other
321 * priorities during one physical interrupt cycle.
322 */
323 static void xive_tm_set_os_pending(XiveTCTX *tctx, hwaddr offset,
324 uint64_t value, unsigned size)
325 {
326 ipb_update(&tctx->regs[TM_QW1_OS], value & 0xff);
327 xive_tctx_notify(tctx, TM_QW1_OS);
328 }
329
330 /*
331 * Define a mapping of "special" operations depending on the TIMA page
332 * offset and the size of the operation.
333 */
334 typedef struct XiveTmOp {
335 uint8_t page_offset;
336 uint32_t op_offset;
337 unsigned size;
338 void (*write_handler)(XiveTCTX *tctx, hwaddr offset, uint64_t value,
339 unsigned size);
340 uint64_t (*read_handler)(XiveTCTX *tctx, hwaddr offset, unsigned size);
341 } XiveTmOp;
342
343 static const XiveTmOp xive_tm_operations[] = {
344 /*
345 * MMIOs below 2K : raw values and special operations without side
346 * effects
347 */
348 { XIVE_TM_OS_PAGE, TM_QW1_OS + TM_CPPR, 1, xive_tm_set_os_cppr, NULL },
349 { XIVE_TM_HV_PAGE, TM_QW3_HV_PHYS + TM_CPPR, 1, xive_tm_set_hv_cppr, NULL },
350 { XIVE_TM_HV_PAGE, TM_QW3_HV_PHYS + TM_WORD2, 1, xive_tm_vt_push, NULL },
351 { XIVE_TM_HV_PAGE, TM_QW3_HV_PHYS + TM_WORD2, 1, NULL, xive_tm_vt_poll },
352
353 /* MMIOs above 2K : special operations with side effects */
354 { XIVE_TM_OS_PAGE, TM_SPC_ACK_OS_REG, 2, NULL, xive_tm_ack_os_reg },
355 { XIVE_TM_OS_PAGE, TM_SPC_SET_OS_PENDING, 1, xive_tm_set_os_pending, NULL },
356 { XIVE_TM_HV_PAGE, TM_SPC_ACK_HV_REG, 2, NULL, xive_tm_ack_hv_reg },
357 { XIVE_TM_HV_PAGE, TM_SPC_PULL_POOL_CTX, 4, NULL, xive_tm_pull_pool_ctx },
358 { XIVE_TM_HV_PAGE, TM_SPC_PULL_POOL_CTX, 8, NULL, xive_tm_pull_pool_ctx },
359 };
360
361 static const XiveTmOp *xive_tm_find_op(hwaddr offset, unsigned size, bool write)
362 {
363 uint8_t page_offset = (offset >> TM_SHIFT) & 0x3;
364 uint32_t op_offset = offset & 0xFFF;
365 int i;
366
367 for (i = 0; i < ARRAY_SIZE(xive_tm_operations); i++) {
368 const XiveTmOp *xto = &xive_tm_operations[i];
369
370 /* Accesses done from a more privileged TIMA page is allowed */
371 if (xto->page_offset >= page_offset &&
372 xto->op_offset == op_offset &&
373 xto->size == size &&
374 ((write && xto->write_handler) || (!write && xto->read_handler))) {
375 return xto;
376 }
377 }
378 return NULL;
379 }
380
381 /*
382 * TIMA MMIO handlers
383 */
384 void xive_tctx_tm_write(XiveTCTX *tctx, hwaddr offset, uint64_t value,
385 unsigned size)
386 {
387 const XiveTmOp *xto;
388
389 /*
390 * TODO: check V bit in Q[0-3]W2
391 */
392
393 /*
394 * First, check for special operations in the 2K region
395 */
396 if (offset & 0x800) {
397 xto = xive_tm_find_op(offset, size, true);
398 if (!xto) {
399 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid write access at TIMA"
400 "@%"HWADDR_PRIx"\n", offset);
401 } else {
402 xto->write_handler(tctx, offset, value, size);
403 }
404 return;
405 }
406
407 /*
408 * Then, for special operations in the region below 2K.
409 */
410 xto = xive_tm_find_op(offset, size, true);
411 if (xto) {
412 xto->write_handler(tctx, offset, value, size);
413 return;
414 }
415
416 /*
417 * Finish with raw access to the register values
418 */
419 xive_tm_raw_write(tctx, offset, value, size);
420 }
421
422 uint64_t xive_tctx_tm_read(XiveTCTX *tctx, hwaddr offset, unsigned size)
423 {
424 const XiveTmOp *xto;
425
426 /*
427 * TODO: check V bit in Q[0-3]W2
428 */
429
430 /*
431 * First, check for special operations in the 2K region
432 */
433 if (offset & 0x800) {
434 xto = xive_tm_find_op(offset, size, false);
435 if (!xto) {
436 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid read access to TIMA"
437 "@%"HWADDR_PRIx"\n", offset);
438 return -1;
439 }
440 return xto->read_handler(tctx, offset, size);
441 }
442
443 /*
444 * Then, for special operations in the region below 2K.
445 */
446 xto = xive_tm_find_op(offset, size, false);
447 if (xto) {
448 return xto->read_handler(tctx, offset, size);
449 }
450
451 /*
452 * Finish with raw access to the register values
453 */
454 return xive_tm_raw_read(tctx, offset, size);
455 }
456
457 static void xive_tm_write(void *opaque, hwaddr offset,
458 uint64_t value, unsigned size)
459 {
460 XiveTCTX *tctx = xive_router_get_tctx(XIVE_ROUTER(opaque), current_cpu);
461
462 xive_tctx_tm_write(tctx, offset, value, size);
463 }
464
465 static uint64_t xive_tm_read(void *opaque, hwaddr offset, unsigned size)
466 {
467 XiveTCTX *tctx = xive_router_get_tctx(XIVE_ROUTER(opaque), current_cpu);
468
469 return xive_tctx_tm_read(tctx, offset, size);
470 }
471
472 const MemoryRegionOps xive_tm_ops = {
473 .read = xive_tm_read,
474 .write = xive_tm_write,
475 .endianness = DEVICE_BIG_ENDIAN,
476 .valid = {
477 .min_access_size = 1,
478 .max_access_size = 8,
479 },
480 .impl = {
481 .min_access_size = 1,
482 .max_access_size = 8,
483 },
484 };
485
486 static inline uint32_t xive_tctx_word2(uint8_t *ring)
487 {
488 return *((uint32_t *) &ring[TM_WORD2]);
489 }
490
491 static char *xive_tctx_ring_print(uint8_t *ring)
492 {
493 uint32_t w2 = xive_tctx_word2(ring);
494
495 return g_strdup_printf("%02x %02x %02x %02x %02x "
496 "%02x %02x %02x %08x",
497 ring[TM_NSR], ring[TM_CPPR], ring[TM_IPB], ring[TM_LSMFB],
498 ring[TM_ACK_CNT], ring[TM_INC], ring[TM_AGE], ring[TM_PIPR],
499 be32_to_cpu(w2));
500 }
501
502 static const char * const xive_tctx_ring_names[] = {
503 "USER", "OS", "POOL", "PHYS",
504 };
505
506 void xive_tctx_pic_print_info(XiveTCTX *tctx, Monitor *mon)
507 {
508 int cpu_index = tctx->cs ? tctx->cs->cpu_index : -1;
509 int i;
510
511 if (kvm_irqchip_in_kernel()) {
512 Error *local_err = NULL;
513
514 kvmppc_xive_cpu_synchronize_state(tctx, &local_err);
515 if (local_err) {
516 error_report_err(local_err);
517 return;
518 }
519 }
520
521 monitor_printf(mon, "CPU[%04x]: QW NSR CPPR IPB LSMFB ACK# INC AGE PIPR"
522 " W2\n", cpu_index);
523
524 for (i = 0; i < XIVE_TM_RING_COUNT; i++) {
525 char *s = xive_tctx_ring_print(&tctx->regs[i * XIVE_TM_RING_SIZE]);
526 monitor_printf(mon, "CPU[%04x]: %4s %s\n", cpu_index,
527 xive_tctx_ring_names[i], s);
528 g_free(s);
529 }
530 }
531
532 static void xive_tctx_reset(void *dev)
533 {
534 XiveTCTX *tctx = XIVE_TCTX(dev);
535
536 memset(tctx->regs, 0, sizeof(tctx->regs));
537
538 /* Set some defaults */
539 tctx->regs[TM_QW1_OS + TM_LSMFB] = 0xFF;
540 tctx->regs[TM_QW1_OS + TM_ACK_CNT] = 0xFF;
541 tctx->regs[TM_QW1_OS + TM_AGE] = 0xFF;
542
543 /*
544 * Initialize PIPR to 0xFF to avoid phantom interrupts when the
545 * CPPR is first set.
546 */
547 tctx->regs[TM_QW1_OS + TM_PIPR] =
548 ipb_to_pipr(tctx->regs[TM_QW1_OS + TM_IPB]);
549 tctx->regs[TM_QW3_HV_PHYS + TM_PIPR] =
550 ipb_to_pipr(tctx->regs[TM_QW3_HV_PHYS + TM_IPB]);
551 }
552
553 static void xive_tctx_realize(DeviceState *dev, Error **errp)
554 {
555 XiveTCTX *tctx = XIVE_TCTX(dev);
556 PowerPCCPU *cpu;
557 CPUPPCState *env;
558 Object *obj;
559 Error *local_err = NULL;
560
561 obj = object_property_get_link(OBJECT(dev), "cpu", &local_err);
562 if (!obj) {
563 error_propagate(errp, local_err);
564 error_prepend(errp, "required link 'cpu' not found: ");
565 return;
566 }
567
568 cpu = POWERPC_CPU(obj);
569 tctx->cs = CPU(obj);
570
571 env = &cpu->env;
572 switch (PPC_INPUT(env)) {
573 case PPC_FLAGS_INPUT_POWER9:
574 tctx->hv_output = env->irq_inputs[POWER9_INPUT_HINT];
575 tctx->os_output = env->irq_inputs[POWER9_INPUT_INT];
576 break;
577
578 default:
579 error_setg(errp, "XIVE interrupt controller does not support "
580 "this CPU bus model");
581 return;
582 }
583
584 /* Connect the presenter to the VCPU (required for CPU hotplug) */
585 if (kvm_irqchip_in_kernel()) {
586 kvmppc_xive_cpu_connect(tctx, &local_err);
587 if (local_err) {
588 error_propagate(errp, local_err);
589 return;
590 }
591 }
592
593 qemu_register_reset(xive_tctx_reset, dev);
594 }
595
596 static void xive_tctx_unrealize(DeviceState *dev, Error **errp)
597 {
598 qemu_unregister_reset(xive_tctx_reset, dev);
599 }
600
601 static int vmstate_xive_tctx_pre_save(void *opaque)
602 {
603 Error *local_err = NULL;
604
605 if (kvm_irqchip_in_kernel()) {
606 kvmppc_xive_cpu_get_state(XIVE_TCTX(opaque), &local_err);
607 if (local_err) {
608 error_report_err(local_err);
609 return -1;
610 }
611 }
612
613 return 0;
614 }
615
616 static const VMStateDescription vmstate_xive_tctx = {
617 .name = TYPE_XIVE_TCTX,
618 .version_id = 1,
619 .minimum_version_id = 1,
620 .pre_save = vmstate_xive_tctx_pre_save,
621 .post_load = NULL, /* handled by the sPAPRxive model */
622 .fields = (VMStateField[]) {
623 VMSTATE_BUFFER(regs, XiveTCTX),
624 VMSTATE_END_OF_LIST()
625 },
626 };
627
628 static void xive_tctx_class_init(ObjectClass *klass, void *data)
629 {
630 DeviceClass *dc = DEVICE_CLASS(klass);
631
632 dc->desc = "XIVE Interrupt Thread Context";
633 dc->realize = xive_tctx_realize;
634 dc->unrealize = xive_tctx_unrealize;
635 dc->vmsd = &vmstate_xive_tctx;
636 }
637
638 static const TypeInfo xive_tctx_info = {
639 .name = TYPE_XIVE_TCTX,
640 .parent = TYPE_DEVICE,
641 .instance_size = sizeof(XiveTCTX),
642 .class_init = xive_tctx_class_init,
643 };
644
645 Object *xive_tctx_create(Object *cpu, XiveRouter *xrtr, Error **errp)
646 {
647 Error *local_err = NULL;
648 Object *obj;
649
650 obj = object_new(TYPE_XIVE_TCTX);
651 object_property_add_child(cpu, TYPE_XIVE_TCTX, obj, &error_abort);
652 object_unref(obj);
653 object_property_add_const_link(obj, "cpu", cpu, &error_abort);
654 object_property_set_bool(obj, true, "realized", &local_err);
655 if (local_err) {
656 goto error;
657 }
658
659 return obj;
660
661 error:
662 object_unparent(obj);
663 error_propagate(errp, local_err);
664 return NULL;
665 }
666
667 /*
668 * XIVE ESB helpers
669 */
670
671 static uint8_t xive_esb_set(uint8_t *pq, uint8_t value)
672 {
673 uint8_t old_pq = *pq & 0x3;
674
675 *pq &= ~0x3;
676 *pq |= value & 0x3;
677
678 return old_pq;
679 }
680
681 static bool xive_esb_trigger(uint8_t *pq)
682 {
683 uint8_t old_pq = *pq & 0x3;
684
685 switch (old_pq) {
686 case XIVE_ESB_RESET:
687 xive_esb_set(pq, XIVE_ESB_PENDING);
688 return true;
689 case XIVE_ESB_PENDING:
690 case XIVE_ESB_QUEUED:
691 xive_esb_set(pq, XIVE_ESB_QUEUED);
692 return false;
693 case XIVE_ESB_OFF:
694 xive_esb_set(pq, XIVE_ESB_OFF);
695 return false;
696 default:
697 g_assert_not_reached();
698 }
699 }
700
701 static bool xive_esb_eoi(uint8_t *pq)
702 {
703 uint8_t old_pq = *pq & 0x3;
704
705 switch (old_pq) {
706 case XIVE_ESB_RESET:
707 case XIVE_ESB_PENDING:
708 xive_esb_set(pq, XIVE_ESB_RESET);
709 return false;
710 case XIVE_ESB_QUEUED:
711 xive_esb_set(pq, XIVE_ESB_PENDING);
712 return true;
713 case XIVE_ESB_OFF:
714 xive_esb_set(pq, XIVE_ESB_OFF);
715 return false;
716 default:
717 g_assert_not_reached();
718 }
719 }
720
721 /*
722 * XIVE Interrupt Source (or IVSE)
723 */
724
725 uint8_t xive_source_esb_get(XiveSource *xsrc, uint32_t srcno)
726 {
727 assert(srcno < xsrc->nr_irqs);
728
729 return xsrc->status[srcno] & 0x3;
730 }
731
732 uint8_t xive_source_esb_set(XiveSource *xsrc, uint32_t srcno, uint8_t pq)
733 {
734 assert(srcno < xsrc->nr_irqs);
735
736 return xive_esb_set(&xsrc->status[srcno], pq);
737 }
738
739 /*
740 * Returns whether the event notification should be forwarded.
741 */
742 static bool xive_source_lsi_trigger(XiveSource *xsrc, uint32_t srcno)
743 {
744 uint8_t old_pq = xive_source_esb_get(xsrc, srcno);
745
746 xsrc->status[srcno] |= XIVE_STATUS_ASSERTED;
747
748 switch (old_pq) {
749 case XIVE_ESB_RESET:
750 xive_source_esb_set(xsrc, srcno, XIVE_ESB_PENDING);
751 return true;
752 default:
753 return false;
754 }
755 }
756
757 /*
758 * Returns whether the event notification should be forwarded.
759 */
760 static bool xive_source_esb_trigger(XiveSource *xsrc, uint32_t srcno)
761 {
762 bool ret;
763
764 assert(srcno < xsrc->nr_irqs);
765
766 ret = xive_esb_trigger(&xsrc->status[srcno]);
767
768 if (xive_source_irq_is_lsi(xsrc, srcno) &&
769 xive_source_esb_get(xsrc, srcno) == XIVE_ESB_QUEUED) {
770 qemu_log_mask(LOG_GUEST_ERROR,
771 "XIVE: queued an event on LSI IRQ %d\n", srcno);
772 }
773
774 return ret;
775 }
776
777 /*
778 * Returns whether the event notification should be forwarded.
779 */
780 static bool xive_source_esb_eoi(XiveSource *xsrc, uint32_t srcno)
781 {
782 bool ret;
783
784 assert(srcno < xsrc->nr_irqs);
785
786 ret = xive_esb_eoi(&xsrc->status[srcno]);
787
788 /*
789 * LSI sources do not set the Q bit but they can still be
790 * asserted, in which case we should forward a new event
791 * notification
792 */
793 if (xive_source_irq_is_lsi(xsrc, srcno) &&
794 xsrc->status[srcno] & XIVE_STATUS_ASSERTED) {
795 ret = xive_source_lsi_trigger(xsrc, srcno);
796 }
797
798 return ret;
799 }
800
801 /*
802 * Forward the source event notification to the Router
803 */
804 static void xive_source_notify(XiveSource *xsrc, int srcno)
805 {
806 XiveNotifierClass *xnc = XIVE_NOTIFIER_GET_CLASS(xsrc->xive);
807
808 if (xnc->notify) {
809 xnc->notify(xsrc->xive, srcno);
810 }
811 }
812
813 /*
814 * In a two pages ESB MMIO setting, even page is the trigger page, odd
815 * page is for management
816 */
817 static inline bool addr_is_even(hwaddr addr, uint32_t shift)
818 {
819 return !((addr >> shift) & 1);
820 }
821
822 static inline bool xive_source_is_trigger_page(XiveSource *xsrc, hwaddr addr)
823 {
824 return xive_source_esb_has_2page(xsrc) &&
825 addr_is_even(addr, xsrc->esb_shift - 1);
826 }
827
828 /*
829 * ESB MMIO loads
830 * Trigger page Management/EOI page
831 *
832 * ESB MMIO setting 2 pages 1 or 2 pages
833 *
834 * 0x000 .. 0x3FF -1 EOI and return 0|1
835 * 0x400 .. 0x7FF -1 EOI and return 0|1
836 * 0x800 .. 0xBFF -1 return PQ
837 * 0xC00 .. 0xCFF -1 return PQ and atomically PQ=00
838 * 0xD00 .. 0xDFF -1 return PQ and atomically PQ=01
839 * 0xE00 .. 0xDFF -1 return PQ and atomically PQ=10
840 * 0xF00 .. 0xDFF -1 return PQ and atomically PQ=11
841 */
842 static uint64_t xive_source_esb_read(void *opaque, hwaddr addr, unsigned size)
843 {
844 XiveSource *xsrc = XIVE_SOURCE(opaque);
845 uint32_t offset = addr & 0xFFF;
846 uint32_t srcno = addr >> xsrc->esb_shift;
847 uint64_t ret = -1;
848
849 /* In a two pages ESB MMIO setting, trigger page should not be read */
850 if (xive_source_is_trigger_page(xsrc, addr)) {
851 qemu_log_mask(LOG_GUEST_ERROR,
852 "XIVE: invalid load on IRQ %d trigger page at "
853 "0x%"HWADDR_PRIx"\n", srcno, addr);
854 return -1;
855 }
856
857 switch (offset) {
858 case XIVE_ESB_LOAD_EOI ... XIVE_ESB_LOAD_EOI + 0x7FF:
859 ret = xive_source_esb_eoi(xsrc, srcno);
860
861 /* Forward the source event notification for routing */
862 if (ret) {
863 xive_source_notify(xsrc, srcno);
864 }
865 break;
866
867 case XIVE_ESB_GET ... XIVE_ESB_GET + 0x3FF:
868 ret = xive_source_esb_get(xsrc, srcno);
869 break;
870
871 case XIVE_ESB_SET_PQ_00 ... XIVE_ESB_SET_PQ_00 + 0x0FF:
872 case XIVE_ESB_SET_PQ_01 ... XIVE_ESB_SET_PQ_01 + 0x0FF:
873 case XIVE_ESB_SET_PQ_10 ... XIVE_ESB_SET_PQ_10 + 0x0FF:
874 case XIVE_ESB_SET_PQ_11 ... XIVE_ESB_SET_PQ_11 + 0x0FF:
875 ret = xive_source_esb_set(xsrc, srcno, (offset >> 8) & 0x3);
876 break;
877 default:
878 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid ESB load addr %x\n",
879 offset);
880 }
881
882 return ret;
883 }
884
885 /*
886 * ESB MMIO stores
887 * Trigger page Management/EOI page
888 *
889 * ESB MMIO setting 2 pages 1 or 2 pages
890 *
891 * 0x000 .. 0x3FF Trigger Trigger
892 * 0x400 .. 0x7FF Trigger EOI
893 * 0x800 .. 0xBFF Trigger undefined
894 * 0xC00 .. 0xCFF Trigger PQ=00
895 * 0xD00 .. 0xDFF Trigger PQ=01
896 * 0xE00 .. 0xDFF Trigger PQ=10
897 * 0xF00 .. 0xDFF Trigger PQ=11
898 */
899 static void xive_source_esb_write(void *opaque, hwaddr addr,
900 uint64_t value, unsigned size)
901 {
902 XiveSource *xsrc = XIVE_SOURCE(opaque);
903 uint32_t offset = addr & 0xFFF;
904 uint32_t srcno = addr >> xsrc->esb_shift;
905 bool notify = false;
906
907 /* In a two pages ESB MMIO setting, trigger page only triggers */
908 if (xive_source_is_trigger_page(xsrc, addr)) {
909 notify = xive_source_esb_trigger(xsrc, srcno);
910 goto out;
911 }
912
913 switch (offset) {
914 case 0 ... 0x3FF:
915 notify = xive_source_esb_trigger(xsrc, srcno);
916 break;
917
918 case XIVE_ESB_STORE_EOI ... XIVE_ESB_STORE_EOI + 0x3FF:
919 if (!(xsrc->esb_flags & XIVE_SRC_STORE_EOI)) {
920 qemu_log_mask(LOG_GUEST_ERROR,
921 "XIVE: invalid Store EOI for IRQ %d\n", srcno);
922 return;
923 }
924
925 notify = xive_source_esb_eoi(xsrc, srcno);
926 break;
927
928 case XIVE_ESB_SET_PQ_00 ... XIVE_ESB_SET_PQ_00 + 0x0FF:
929 case XIVE_ESB_SET_PQ_01 ... XIVE_ESB_SET_PQ_01 + 0x0FF:
930 case XIVE_ESB_SET_PQ_10 ... XIVE_ESB_SET_PQ_10 + 0x0FF:
931 case XIVE_ESB_SET_PQ_11 ... XIVE_ESB_SET_PQ_11 + 0x0FF:
932 xive_source_esb_set(xsrc, srcno, (offset >> 8) & 0x3);
933 break;
934
935 default:
936 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid ESB write addr %x\n",
937 offset);
938 return;
939 }
940
941 out:
942 /* Forward the source event notification for routing */
943 if (notify) {
944 xive_source_notify(xsrc, srcno);
945 }
946 }
947
948 static const MemoryRegionOps xive_source_esb_ops = {
949 .read = xive_source_esb_read,
950 .write = xive_source_esb_write,
951 .endianness = DEVICE_BIG_ENDIAN,
952 .valid = {
953 .min_access_size = 8,
954 .max_access_size = 8,
955 },
956 .impl = {
957 .min_access_size = 8,
958 .max_access_size = 8,
959 },
960 };
961
962 void xive_source_set_irq(void *opaque, int srcno, int val)
963 {
964 XiveSource *xsrc = XIVE_SOURCE(opaque);
965 bool notify = false;
966
967 if (xive_source_irq_is_lsi(xsrc, srcno)) {
968 if (val) {
969 notify = xive_source_lsi_trigger(xsrc, srcno);
970 } else {
971 xsrc->status[srcno] &= ~XIVE_STATUS_ASSERTED;
972 }
973 } else {
974 if (val) {
975 notify = xive_source_esb_trigger(xsrc, srcno);
976 }
977 }
978
979 /* Forward the source event notification for routing */
980 if (notify) {
981 xive_source_notify(xsrc, srcno);
982 }
983 }
984
985 void xive_source_pic_print_info(XiveSource *xsrc, uint32_t offset, Monitor *mon)
986 {
987 int i;
988
989 for (i = 0; i < xsrc->nr_irqs; i++) {
990 uint8_t pq = xive_source_esb_get(xsrc, i);
991
992 if (pq == XIVE_ESB_OFF) {
993 continue;
994 }
995
996 monitor_printf(mon, " %08x %s %c%c%c\n", i + offset,
997 xive_source_irq_is_lsi(xsrc, i) ? "LSI" : "MSI",
998 pq & XIVE_ESB_VAL_P ? 'P' : '-',
999 pq & XIVE_ESB_VAL_Q ? 'Q' : '-',
1000 xsrc->status[i] & XIVE_STATUS_ASSERTED ? 'A' : ' ');
1001 }
1002 }
1003
1004 static void xive_source_reset(void *dev)
1005 {
1006 XiveSource *xsrc = XIVE_SOURCE(dev);
1007
1008 /* Do not clear the LSI bitmap */
1009
1010 /* PQs are initialized to 0b01 (Q=1) which corresponds to "ints off" */
1011 memset(xsrc->status, XIVE_ESB_OFF, xsrc->nr_irqs);
1012 }
1013
1014 static void xive_source_realize(DeviceState *dev, Error **errp)
1015 {
1016 XiveSource *xsrc = XIVE_SOURCE(dev);
1017 Object *obj;
1018 Error *local_err = NULL;
1019
1020 obj = object_property_get_link(OBJECT(dev), "xive", &local_err);
1021 if (!obj) {
1022 error_propagate(errp, local_err);
1023 error_prepend(errp, "required link 'xive' not found: ");
1024 return;
1025 }
1026
1027 xsrc->xive = XIVE_NOTIFIER(obj);
1028
1029 if (!xsrc->nr_irqs) {
1030 error_setg(errp, "Number of interrupt needs to be greater than 0");
1031 return;
1032 }
1033
1034 if (xsrc->esb_shift != XIVE_ESB_4K &&
1035 xsrc->esb_shift != XIVE_ESB_4K_2PAGE &&
1036 xsrc->esb_shift != XIVE_ESB_64K &&
1037 xsrc->esb_shift != XIVE_ESB_64K_2PAGE) {
1038 error_setg(errp, "Invalid ESB shift setting");
1039 return;
1040 }
1041
1042 xsrc->status = g_malloc0(xsrc->nr_irqs);
1043 xsrc->lsi_map = bitmap_new(xsrc->nr_irqs);
1044
1045 if (!kvm_irqchip_in_kernel()) {
1046 memory_region_init_io(&xsrc->esb_mmio, OBJECT(xsrc),
1047 &xive_source_esb_ops, xsrc, "xive.esb",
1048 (1ull << xsrc->esb_shift) * xsrc->nr_irqs);
1049 }
1050
1051 qemu_register_reset(xive_source_reset, dev);
1052 }
1053
1054 static const VMStateDescription vmstate_xive_source = {
1055 .name = TYPE_XIVE_SOURCE,
1056 .version_id = 1,
1057 .minimum_version_id = 1,
1058 .fields = (VMStateField[]) {
1059 VMSTATE_UINT32_EQUAL(nr_irqs, XiveSource, NULL),
1060 VMSTATE_VBUFFER_UINT32(status, XiveSource, 1, NULL, nr_irqs),
1061 VMSTATE_END_OF_LIST()
1062 },
1063 };
1064
1065 /*
1066 * The default XIVE interrupt source setting for the ESB MMIOs is two
1067 * 64k pages without Store EOI, to be in sync with KVM.
1068 */
1069 static Property xive_source_properties[] = {
1070 DEFINE_PROP_UINT64("flags", XiveSource, esb_flags, 0),
1071 DEFINE_PROP_UINT32("nr-irqs", XiveSource, nr_irqs, 0),
1072 DEFINE_PROP_UINT32("shift", XiveSource, esb_shift, XIVE_ESB_64K_2PAGE),
1073 DEFINE_PROP_END_OF_LIST(),
1074 };
1075
1076 static void xive_source_class_init(ObjectClass *klass, void *data)
1077 {
1078 DeviceClass *dc = DEVICE_CLASS(klass);
1079
1080 dc->desc = "XIVE Interrupt Source";
1081 dc->props = xive_source_properties;
1082 dc->realize = xive_source_realize;
1083 dc->vmsd = &vmstate_xive_source;
1084 }
1085
1086 static const TypeInfo xive_source_info = {
1087 .name = TYPE_XIVE_SOURCE,
1088 .parent = TYPE_DEVICE,
1089 .instance_size = sizeof(XiveSource),
1090 .class_init = xive_source_class_init,
1091 };
1092
1093 /*
1094 * XiveEND helpers
1095 */
1096
1097 void xive_end_queue_pic_print_info(XiveEND *end, uint32_t width, Monitor *mon)
1098 {
1099 uint64_t qaddr_base = xive_end_qaddr(end);
1100 uint32_t qsize = xive_get_field32(END_W0_QSIZE, end->w0);
1101 uint32_t qindex = xive_get_field32(END_W1_PAGE_OFF, end->w1);
1102 uint32_t qentries = 1 << (qsize + 10);
1103 int i;
1104
1105 /*
1106 * print out the [ (qindex - (width - 1)) .. (qindex + 1)] window
1107 */
1108 monitor_printf(mon, " [ ");
1109 qindex = (qindex - (width - 1)) & (qentries - 1);
1110 for (i = 0; i < width; i++) {
1111 uint64_t qaddr = qaddr_base + (qindex << 2);
1112 uint32_t qdata = -1;
1113
1114 if (dma_memory_read(&address_space_memory, qaddr, &qdata,
1115 sizeof(qdata))) {
1116 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: failed to read EQ @0x%"
1117 HWADDR_PRIx "\n", qaddr);
1118 return;
1119 }
1120 monitor_printf(mon, "%s%08x ", i == width - 1 ? "^" : "",
1121 be32_to_cpu(qdata));
1122 qindex = (qindex + 1) & (qentries - 1);
1123 }
1124 }
1125
1126 void xive_end_pic_print_info(XiveEND *end, uint32_t end_idx, Monitor *mon)
1127 {
1128 uint64_t qaddr_base = xive_end_qaddr(end);
1129 uint32_t qindex = xive_get_field32(END_W1_PAGE_OFF, end->w1);
1130 uint32_t qgen = xive_get_field32(END_W1_GENERATION, end->w1);
1131 uint32_t qsize = xive_get_field32(END_W0_QSIZE, end->w0);
1132 uint32_t qentries = 1 << (qsize + 10);
1133
1134 uint32_t nvt = xive_get_field32(END_W6_NVT_INDEX, end->w6);
1135 uint8_t priority = xive_get_field32(END_W7_F0_PRIORITY, end->w7);
1136
1137 if (!xive_end_is_valid(end)) {
1138 return;
1139 }
1140
1141 monitor_printf(mon, " %08x %c%c%c%c%c prio:%d nvt:%04x eq:@%08"PRIx64
1142 "% 6d/%5d ^%d", end_idx,
1143 xive_end_is_valid(end) ? 'v' : '-',
1144 xive_end_is_enqueue(end) ? 'q' : '-',
1145 xive_end_is_notify(end) ? 'n' : '-',
1146 xive_end_is_backlog(end) ? 'b' : '-',
1147 xive_end_is_escalate(end) ? 'e' : '-',
1148 priority, nvt, qaddr_base, qindex, qentries, qgen);
1149
1150 xive_end_queue_pic_print_info(end, 6, mon);
1151 monitor_printf(mon, "]\n");
1152 }
1153
1154 static void xive_end_enqueue(XiveEND *end, uint32_t data)
1155 {
1156 uint64_t qaddr_base = xive_end_qaddr(end);
1157 uint32_t qsize = xive_get_field32(END_W0_QSIZE, end->w0);
1158 uint32_t qindex = xive_get_field32(END_W1_PAGE_OFF, end->w1);
1159 uint32_t qgen = xive_get_field32(END_W1_GENERATION, end->w1);
1160
1161 uint64_t qaddr = qaddr_base + (qindex << 2);
1162 uint32_t qdata = cpu_to_be32((qgen << 31) | (data & 0x7fffffff));
1163 uint32_t qentries = 1 << (qsize + 10);
1164
1165 if (dma_memory_write(&address_space_memory, qaddr, &qdata, sizeof(qdata))) {
1166 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: failed to write END data @0x%"
1167 HWADDR_PRIx "\n", qaddr);
1168 return;
1169 }
1170
1171 qindex = (qindex + 1) & (qentries - 1);
1172 if (qindex == 0) {
1173 qgen ^= 1;
1174 end->w1 = xive_set_field32(END_W1_GENERATION, end->w1, qgen);
1175 }
1176 end->w1 = xive_set_field32(END_W1_PAGE_OFF, end->w1, qindex);
1177 }
1178
1179 /*
1180 * XIVE Router (aka. Virtualization Controller or IVRE)
1181 */
1182
1183 int xive_router_get_eas(XiveRouter *xrtr, uint8_t eas_blk, uint32_t eas_idx,
1184 XiveEAS *eas)
1185 {
1186 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr);
1187
1188 return xrc->get_eas(xrtr, eas_blk, eas_idx, eas);
1189 }
1190
1191 int xive_router_get_end(XiveRouter *xrtr, uint8_t end_blk, uint32_t end_idx,
1192 XiveEND *end)
1193 {
1194 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr);
1195
1196 return xrc->get_end(xrtr, end_blk, end_idx, end);
1197 }
1198
1199 int xive_router_write_end(XiveRouter *xrtr, uint8_t end_blk, uint32_t end_idx,
1200 XiveEND *end, uint8_t word_number)
1201 {
1202 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr);
1203
1204 return xrc->write_end(xrtr, end_blk, end_idx, end, word_number);
1205 }
1206
1207 int xive_router_get_nvt(XiveRouter *xrtr, uint8_t nvt_blk, uint32_t nvt_idx,
1208 XiveNVT *nvt)
1209 {
1210 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr);
1211
1212 return xrc->get_nvt(xrtr, nvt_blk, nvt_idx, nvt);
1213 }
1214
1215 int xive_router_write_nvt(XiveRouter *xrtr, uint8_t nvt_blk, uint32_t nvt_idx,
1216 XiveNVT *nvt, uint8_t word_number)
1217 {
1218 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr);
1219
1220 return xrc->write_nvt(xrtr, nvt_blk, nvt_idx, nvt, word_number);
1221 }
1222
1223 XiveTCTX *xive_router_get_tctx(XiveRouter *xrtr, CPUState *cs)
1224 {
1225 XiveRouterClass *xrc = XIVE_ROUTER_GET_CLASS(xrtr);
1226
1227 return xrc->get_tctx(xrtr, cs);
1228 }
1229
1230 /*
1231 * By default on P9, the HW CAM line (23bits) is hardwired to :
1232 *
1233 * 0x000||0b1||4Bit chip number||7Bit Thread number.
1234 *
1235 * When the block grouping is enabled, the CAM line is changed to :
1236 *
1237 * 4Bit chip number||0x001||7Bit Thread number.
1238 */
1239 static uint32_t hw_cam_line(uint8_t chip_id, uint8_t tid)
1240 {
1241 return 1 << 11 | (chip_id & 0xf) << 7 | (tid & 0x7f);
1242 }
1243
1244 static bool xive_presenter_tctx_match_hw(XiveTCTX *tctx,
1245 uint8_t nvt_blk, uint32_t nvt_idx)
1246 {
1247 CPUPPCState *env = &POWERPC_CPU(tctx->cs)->env;
1248 uint32_t pir = env->spr_cb[SPR_PIR].default_value;
1249
1250 return hw_cam_line((pir >> 8) & 0xf, pir & 0x7f) ==
1251 hw_cam_line(nvt_blk, nvt_idx);
1252 }
1253
1254 /*
1255 * The thread context register words are in big-endian format.
1256 */
1257 static int xive_presenter_tctx_match(XiveTCTX *tctx, uint8_t format,
1258 uint8_t nvt_blk, uint32_t nvt_idx,
1259 bool cam_ignore, uint32_t logic_serv)
1260 {
1261 uint32_t cam = xive_nvt_cam_line(nvt_blk, nvt_idx);
1262 uint32_t qw3w2 = xive_tctx_word2(&tctx->regs[TM_QW3_HV_PHYS]);
1263 uint32_t qw2w2 = xive_tctx_word2(&tctx->regs[TM_QW2_HV_POOL]);
1264 uint32_t qw1w2 = xive_tctx_word2(&tctx->regs[TM_QW1_OS]);
1265 uint32_t qw0w2 = xive_tctx_word2(&tctx->regs[TM_QW0_USER]);
1266
1267 /*
1268 * TODO (PowerNV): ignore mode. The low order bits of the NVT
1269 * identifier are ignored in the "CAM" match.
1270 */
1271
1272 if (format == 0) {
1273 if (cam_ignore == true) {
1274 /*
1275 * F=0 & i=1: Logical server notification (bits ignored at
1276 * the end of the NVT identifier)
1277 */
1278 qemu_log_mask(LOG_UNIMP, "XIVE: no support for LS NVT %x/%x\n",
1279 nvt_blk, nvt_idx);
1280 return -1;
1281 }
1282
1283 /* F=0 & i=0: Specific NVT notification */
1284
1285 /* PHYS ring */
1286 if ((be32_to_cpu(qw3w2) & TM_QW3W2_VT) &&
1287 xive_presenter_tctx_match_hw(tctx, nvt_blk, nvt_idx)) {
1288 return TM_QW3_HV_PHYS;
1289 }
1290
1291 /* HV POOL ring */
1292 if ((be32_to_cpu(qw2w2) & TM_QW2W2_VP) &&
1293 cam == xive_get_field32(TM_QW2W2_POOL_CAM, qw2w2)) {
1294 return TM_QW2_HV_POOL;
1295 }
1296
1297 /* OS ring */
1298 if ((be32_to_cpu(qw1w2) & TM_QW1W2_VO) &&
1299 cam == xive_get_field32(TM_QW1W2_OS_CAM, qw1w2)) {
1300 return TM_QW1_OS;
1301 }
1302 } else {
1303 /* F=1 : User level Event-Based Branch (EBB) notification */
1304
1305 /* USER ring */
1306 if ((be32_to_cpu(qw1w2) & TM_QW1W2_VO) &&
1307 (cam == xive_get_field32(TM_QW1W2_OS_CAM, qw1w2)) &&
1308 (be32_to_cpu(qw0w2) & TM_QW0W2_VU) &&
1309 (logic_serv == xive_get_field32(TM_QW0W2_LOGIC_SERV, qw0w2))) {
1310 return TM_QW0_USER;
1311 }
1312 }
1313 return -1;
1314 }
1315
1316 typedef struct XiveTCTXMatch {
1317 XiveTCTX *tctx;
1318 uint8_t ring;
1319 } XiveTCTXMatch;
1320
1321 static bool xive_presenter_match(XiveRouter *xrtr, uint8_t format,
1322 uint8_t nvt_blk, uint32_t nvt_idx,
1323 bool cam_ignore, uint8_t priority,
1324 uint32_t logic_serv, XiveTCTXMatch *match)
1325 {
1326 CPUState *cs;
1327
1328 /*
1329 * TODO (PowerNV): handle chip_id overwrite of block field for
1330 * hardwired CAM compares
1331 */
1332
1333 CPU_FOREACH(cs) {
1334 XiveTCTX *tctx = xive_router_get_tctx(xrtr, cs);
1335 int ring;
1336
1337 /*
1338 * HW checks that the CPU is enabled in the Physical Thread
1339 * Enable Register (PTER).
1340 */
1341
1342 /*
1343 * Check the thread context CAM lines and record matches. We
1344 * will handle CPU exception delivery later
1345 */
1346 ring = xive_presenter_tctx_match(tctx, format, nvt_blk, nvt_idx,
1347 cam_ignore, logic_serv);
1348 /*
1349 * Save the context and follow on to catch duplicates, that we
1350 * don't support yet.
1351 */
1352 if (ring != -1) {
1353 if (match->tctx) {
1354 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: already found a thread "
1355 "context NVT %x/%x\n", nvt_blk, nvt_idx);
1356 return false;
1357 }
1358
1359 match->ring = ring;
1360 match->tctx = tctx;
1361 }
1362 }
1363
1364 if (!match->tctx) {
1365 qemu_log_mask(LOG_UNIMP, "XIVE: NVT %x/%x is not dispatched\n",
1366 nvt_blk, nvt_idx);
1367 return false;
1368 }
1369
1370 return true;
1371 }
1372
1373 /*
1374 * This is our simple Xive Presenter Engine model. It is merged in the
1375 * Router as it does not require an extra object.
1376 *
1377 * It receives notification requests sent by the IVRE to find one
1378 * matching NVT (or more) dispatched on the processor threads. In case
1379 * of a single NVT notification, the process is abreviated and the
1380 * thread is signaled if a match is found. In case of a logical server
1381 * notification (bits ignored at the end of the NVT identifier), the
1382 * IVPE and IVRE select a winning thread using different filters. This
1383 * involves 2 or 3 exchanges on the PowerBus that the model does not
1384 * support.
1385 *
1386 * The parameters represent what is sent on the PowerBus
1387 */
1388 static void xive_presenter_notify(XiveRouter *xrtr, uint8_t format,
1389 uint8_t nvt_blk, uint32_t nvt_idx,
1390 bool cam_ignore, uint8_t priority,
1391 uint32_t logic_serv)
1392 {
1393 XiveNVT nvt;
1394 XiveTCTXMatch match = { .tctx = NULL, .ring = 0 };
1395 bool found;
1396
1397 /* NVT cache lookup */
1398 if (xive_router_get_nvt(xrtr, nvt_blk, nvt_idx, &nvt)) {
1399 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: no NVT %x/%x\n",
1400 nvt_blk, nvt_idx);
1401 return;
1402 }
1403
1404 if (!xive_nvt_is_valid(&nvt)) {
1405 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: NVT %x/%x is invalid\n",
1406 nvt_blk, nvt_idx);
1407 return;
1408 }
1409
1410 found = xive_presenter_match(xrtr, format, nvt_blk, nvt_idx, cam_ignore,
1411 priority, logic_serv, &match);
1412 if (found) {
1413 ipb_update(&match.tctx->regs[match.ring], priority);
1414 xive_tctx_notify(match.tctx, match.ring);
1415 return;
1416 }
1417
1418 /* Record the IPB in the associated NVT structure */
1419 ipb_update((uint8_t *) &nvt.w4, priority);
1420 xive_router_write_nvt(xrtr, nvt_blk, nvt_idx, &nvt, 4);
1421
1422 /*
1423 * If no matching NVT is dispatched on a HW thread :
1424 * - update the NVT structure if backlog is activated
1425 * - escalate (ESe PQ bits and EAS in w4-5) if escalation is
1426 * activated
1427 */
1428 }
1429
1430 /*
1431 * An END trigger can come from an event trigger (IPI or HW) or from
1432 * another chip. We don't model the PowerBus but the END trigger
1433 * message has the same parameters than in the function below.
1434 */
1435 static void xive_router_end_notify(XiveRouter *xrtr, uint8_t end_blk,
1436 uint32_t end_idx, uint32_t end_data)
1437 {
1438 XiveEND end;
1439 uint8_t priority;
1440 uint8_t format;
1441
1442 /* END cache lookup */
1443 if (xive_router_get_end(xrtr, end_blk, end_idx, &end)) {
1444 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: No END %x/%x\n", end_blk,
1445 end_idx);
1446 return;
1447 }
1448
1449 if (!xive_end_is_valid(&end)) {
1450 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: END %x/%x is invalid\n",
1451 end_blk, end_idx);
1452 return;
1453 }
1454
1455 if (xive_end_is_enqueue(&end)) {
1456 xive_end_enqueue(&end, end_data);
1457 /* Enqueuing event data modifies the EQ toggle and index */
1458 xive_router_write_end(xrtr, end_blk, end_idx, &end, 1);
1459 }
1460
1461 /*
1462 * The W7 format depends on the F bit in W6. It defines the type
1463 * of the notification :
1464 *
1465 * F=0 : single or multiple NVT notification
1466 * F=1 : User level Event-Based Branch (EBB) notification, no
1467 * priority
1468 */
1469 format = xive_get_field32(END_W6_FORMAT_BIT, end.w6);
1470 priority = xive_get_field32(END_W7_F0_PRIORITY, end.w7);
1471
1472 /* The END is masked */
1473 if (format == 0 && priority == 0xff) {
1474 return;
1475 }
1476
1477 /*
1478 * Check the END ESn (Event State Buffer for notification) for
1479 * even futher coalescing in the Router
1480 */
1481 if (!xive_end_is_notify(&end)) {
1482 uint8_t pq = xive_get_field32(END_W1_ESn, end.w1);
1483 bool notify = xive_esb_trigger(&pq);
1484
1485 if (pq != xive_get_field32(END_W1_ESn, end.w1)) {
1486 end.w1 = xive_set_field32(END_W1_ESn, end.w1, pq);
1487 xive_router_write_end(xrtr, end_blk, end_idx, &end, 1);
1488 }
1489
1490 /* ESn[Q]=1 : end of notification */
1491 if (!notify) {
1492 return;
1493 }
1494 }
1495
1496 /*
1497 * Follows IVPE notification
1498 */
1499 xive_presenter_notify(xrtr, format,
1500 xive_get_field32(END_W6_NVT_BLOCK, end.w6),
1501 xive_get_field32(END_W6_NVT_INDEX, end.w6),
1502 xive_get_field32(END_W7_F0_IGNORE, end.w7),
1503 priority,
1504 xive_get_field32(END_W7_F1_LOG_SERVER_ID, end.w7));
1505
1506 /* TODO: Auto EOI. */
1507 }
1508
1509 void xive_router_notify(XiveNotifier *xn, uint32_t lisn)
1510 {
1511 XiveRouter *xrtr = XIVE_ROUTER(xn);
1512 uint8_t eas_blk = XIVE_SRCNO_BLOCK(lisn);
1513 uint32_t eas_idx = XIVE_SRCNO_INDEX(lisn);
1514 XiveEAS eas;
1515
1516 /* EAS cache lookup */
1517 if (xive_router_get_eas(xrtr, eas_blk, eas_idx, &eas)) {
1518 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: Unknown LISN %x\n", lisn);
1519 return;
1520 }
1521
1522 /*
1523 * The IVRE checks the State Bit Cache at this point. We skip the
1524 * SBC lookup because the state bits of the sources are modeled
1525 * internally in QEMU.
1526 */
1527
1528 if (!xive_eas_is_valid(&eas)) {
1529 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid LISN %x\n", lisn);
1530 return;
1531 }
1532
1533 if (xive_eas_is_masked(&eas)) {
1534 /* Notification completed */
1535 return;
1536 }
1537
1538 /*
1539 * The event trigger becomes an END trigger
1540 */
1541 xive_router_end_notify(xrtr,
1542 xive_get_field64(EAS_END_BLOCK, eas.w),
1543 xive_get_field64(EAS_END_INDEX, eas.w),
1544 xive_get_field64(EAS_END_DATA, eas.w));
1545 }
1546
1547 static void xive_router_class_init(ObjectClass *klass, void *data)
1548 {
1549 DeviceClass *dc = DEVICE_CLASS(klass);
1550 XiveNotifierClass *xnc = XIVE_NOTIFIER_CLASS(klass);
1551
1552 dc->desc = "XIVE Router Engine";
1553 xnc->notify = xive_router_notify;
1554 }
1555
1556 static const TypeInfo xive_router_info = {
1557 .name = TYPE_XIVE_ROUTER,
1558 .parent = TYPE_SYS_BUS_DEVICE,
1559 .abstract = true,
1560 .class_size = sizeof(XiveRouterClass),
1561 .class_init = xive_router_class_init,
1562 .interfaces = (InterfaceInfo[]) {
1563 { TYPE_XIVE_NOTIFIER },
1564 { }
1565 }
1566 };
1567
1568 void xive_eas_pic_print_info(XiveEAS *eas, uint32_t lisn, Monitor *mon)
1569 {
1570 if (!xive_eas_is_valid(eas)) {
1571 return;
1572 }
1573
1574 monitor_printf(mon, " %08x %s end:%02x/%04x data:%08x\n",
1575 lisn, xive_eas_is_masked(eas) ? "M" : " ",
1576 (uint8_t) xive_get_field64(EAS_END_BLOCK, eas->w),
1577 (uint32_t) xive_get_field64(EAS_END_INDEX, eas->w),
1578 (uint32_t) xive_get_field64(EAS_END_DATA, eas->w));
1579 }
1580
1581 /*
1582 * END ESB MMIO loads
1583 */
1584 static uint64_t xive_end_source_read(void *opaque, hwaddr addr, unsigned size)
1585 {
1586 XiveENDSource *xsrc = XIVE_END_SOURCE(opaque);
1587 uint32_t offset = addr & 0xFFF;
1588 uint8_t end_blk;
1589 uint32_t end_idx;
1590 XiveEND end;
1591 uint32_t end_esmask;
1592 uint8_t pq;
1593 uint64_t ret = -1;
1594
1595 end_blk = xsrc->block_id;
1596 end_idx = addr >> (xsrc->esb_shift + 1);
1597
1598 if (xive_router_get_end(xsrc->xrtr, end_blk, end_idx, &end)) {
1599 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: No END %x/%x\n", end_blk,
1600 end_idx);
1601 return -1;
1602 }
1603
1604 if (!xive_end_is_valid(&end)) {
1605 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: END %x/%x is invalid\n",
1606 end_blk, end_idx);
1607 return -1;
1608 }
1609
1610 end_esmask = addr_is_even(addr, xsrc->esb_shift) ? END_W1_ESn : END_W1_ESe;
1611 pq = xive_get_field32(end_esmask, end.w1);
1612
1613 switch (offset) {
1614 case XIVE_ESB_LOAD_EOI ... XIVE_ESB_LOAD_EOI + 0x7FF:
1615 ret = xive_esb_eoi(&pq);
1616
1617 /* Forward the source event notification for routing ?? */
1618 break;
1619
1620 case XIVE_ESB_GET ... XIVE_ESB_GET + 0x3FF:
1621 ret = pq;
1622 break;
1623
1624 case XIVE_ESB_SET_PQ_00 ... XIVE_ESB_SET_PQ_00 + 0x0FF:
1625 case XIVE_ESB_SET_PQ_01 ... XIVE_ESB_SET_PQ_01 + 0x0FF:
1626 case XIVE_ESB_SET_PQ_10 ... XIVE_ESB_SET_PQ_10 + 0x0FF:
1627 case XIVE_ESB_SET_PQ_11 ... XIVE_ESB_SET_PQ_11 + 0x0FF:
1628 ret = xive_esb_set(&pq, (offset >> 8) & 0x3);
1629 break;
1630 default:
1631 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid END ESB load addr %d\n",
1632 offset);
1633 return -1;
1634 }
1635
1636 if (pq != xive_get_field32(end_esmask, end.w1)) {
1637 end.w1 = xive_set_field32(end_esmask, end.w1, pq);
1638 xive_router_write_end(xsrc->xrtr, end_blk, end_idx, &end, 1);
1639 }
1640
1641 return ret;
1642 }
1643
1644 /*
1645 * END ESB MMIO stores are invalid
1646 */
1647 static void xive_end_source_write(void *opaque, hwaddr addr,
1648 uint64_t value, unsigned size)
1649 {
1650 qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid ESB write addr 0x%"
1651 HWADDR_PRIx"\n", addr);
1652 }
1653
1654 static const MemoryRegionOps xive_end_source_ops = {
1655 .read = xive_end_source_read,
1656 .write = xive_end_source_write,
1657 .endianness = DEVICE_BIG_ENDIAN,
1658 .valid = {
1659 .min_access_size = 8,
1660 .max_access_size = 8,
1661 },
1662 .impl = {
1663 .min_access_size = 8,
1664 .max_access_size = 8,
1665 },
1666 };
1667
1668 static void xive_end_source_realize(DeviceState *dev, Error **errp)
1669 {
1670 XiveENDSource *xsrc = XIVE_END_SOURCE(dev);
1671 Object *obj;
1672 Error *local_err = NULL;
1673
1674 obj = object_property_get_link(OBJECT(dev), "xive", &local_err);
1675 if (!obj) {
1676 error_propagate(errp, local_err);
1677 error_prepend(errp, "required link 'xive' not found: ");
1678 return;
1679 }
1680
1681 xsrc->xrtr = XIVE_ROUTER(obj);
1682
1683 if (!xsrc->nr_ends) {
1684 error_setg(errp, "Number of interrupt needs to be greater than 0");
1685 return;
1686 }
1687
1688 if (xsrc->esb_shift != XIVE_ESB_4K &&
1689 xsrc->esb_shift != XIVE_ESB_64K) {
1690 error_setg(errp, "Invalid ESB shift setting");
1691 return;
1692 }
1693
1694 /*
1695 * Each END is assigned an even/odd pair of MMIO pages, the even page
1696 * manages the ESn field while the odd page manages the ESe field.
1697 */
1698 memory_region_init_io(&xsrc->esb_mmio, OBJECT(xsrc),
1699 &xive_end_source_ops, xsrc, "xive.end",
1700 (1ull << (xsrc->esb_shift + 1)) * xsrc->nr_ends);
1701 }
1702
1703 static Property xive_end_source_properties[] = {
1704 DEFINE_PROP_UINT8("block-id", XiveENDSource, block_id, 0),
1705 DEFINE_PROP_UINT32("nr-ends", XiveENDSource, nr_ends, 0),
1706 DEFINE_PROP_UINT32("shift", XiveENDSource, esb_shift, XIVE_ESB_64K),
1707 DEFINE_PROP_END_OF_LIST(),
1708 };
1709
1710 static void xive_end_source_class_init(ObjectClass *klass, void *data)
1711 {
1712 DeviceClass *dc = DEVICE_CLASS(klass);
1713
1714 dc->desc = "XIVE END Source";
1715 dc->props = xive_end_source_properties;
1716 dc->realize = xive_end_source_realize;
1717 }
1718
1719 static const TypeInfo xive_end_source_info = {
1720 .name = TYPE_XIVE_END_SOURCE,
1721 .parent = TYPE_DEVICE,
1722 .instance_size = sizeof(XiveENDSource),
1723 .class_init = xive_end_source_class_init,
1724 };
1725
1726 /*
1727 * XIVE Notifier
1728 */
1729 static const TypeInfo xive_notifier_info = {
1730 .name = TYPE_XIVE_NOTIFIER,
1731 .parent = TYPE_INTERFACE,
1732 .class_size = sizeof(XiveNotifierClass),
1733 };
1734
1735 static void xive_register_types(void)
1736 {
1737 type_register_static(&xive_source_info);
1738 type_register_static(&xive_notifier_info);
1739 type_register_static(&xive_router_info);
1740 type_register_static(&xive_end_source_info);
1741 type_register_static(&xive_tctx_info);
1742 }
1743
1744 type_init(xive_register_types)
QEMU mirror