linux/arch/arm/kvm/vgic.c
<<
>>
Prefs
   1/*
   2 * Copyright (C) 2012 ARM Ltd.
   3 * Author: Marc Zyngier <marc.zyngier@arm.com>
   4 *
   5 * This program is free software; you can redistribute it and/or modify
   6 * it under the terms of the GNU General Public License version 2 as
   7 * published by the Free Software Foundation.
   8 *
   9 * This program is distributed in the hope that it will be useful,
  10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 * GNU General Public License for more details.
  13 *
  14 * You should have received a copy of the GNU General Public License
  15 * along with this program; if not, write to the Free Software
  16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  17 */
  18
  19#include <linux/cpu.h>
  20#include <linux/kvm.h>
  21#include <linux/kvm_host.h>
  22#include <linux/interrupt.h>
  23#include <linux/io.h>
  24#include <linux/of.h>
  25#include <linux/of_address.h>
  26#include <linux/of_irq.h>
  27
  28#include <linux/irqchip/arm-gic.h>
  29
  30#include <asm/kvm_emulate.h>
  31#include <asm/kvm_arm.h>
  32#include <asm/kvm_mmu.h>
  33
  34/*
  35 * How the whole thing works (courtesy of Christoffer Dall):
  36 *
  37 * - At any time, the dist->irq_pending_on_cpu is the oracle that knows if
  38 *   something is pending
  39 * - VGIC pending interrupts are stored on the vgic.irq_state vgic
  40 *   bitmap (this bitmap is updated by both user land ioctls and guest
  41 *   mmio ops, and other in-kernel peripherals such as the
  42 *   arch. timers) and indicate the 'wire' state.
  43 * - Every time the bitmap changes, the irq_pending_on_cpu oracle is
  44 *   recalculated
  45 * - To calculate the oracle, we need info for each cpu from
  46 *   compute_pending_for_cpu, which considers:
  47 *   - PPI: dist->irq_state & dist->irq_enable
  48 *   - SPI: dist->irq_state & dist->irq_enable & dist->irq_spi_target
  49 *   - irq_spi_target is a 'formatted' version of the GICD_ICFGR
  50 *     registers, stored on each vcpu. We only keep one bit of
  51 *     information per interrupt, making sure that only one vcpu can
  52 *     accept the interrupt.
  53 * - The same is true when injecting an interrupt, except that we only
  54 *   consider a single interrupt at a time. The irq_spi_cpu array
  55 *   contains the target CPU for each SPI.
  56 *
  57 * The handling of level interrupts adds some extra complexity. We
  58 * need to track when the interrupt has been EOIed, so we can sample
  59 * the 'line' again. This is achieved as such:
  60 *
  61 * - When a level interrupt is moved onto a vcpu, the corresponding
  62 *   bit in irq_active is set. As long as this bit is set, the line
  63 *   will be ignored for further interrupts. The interrupt is injected
  64 *   into the vcpu with the GICH_LR_EOI bit set (generate a
  65 *   maintenance interrupt on EOI).
  66 * - When the interrupt is EOIed, the maintenance interrupt fires,
  67 *   and clears the corresponding bit in irq_active. This allow the
  68 *   interrupt line to be sampled again.
  69 */
  70
  71#define VGIC_ADDR_UNDEF         (-1)
  72#define IS_VGIC_ADDR_UNDEF(_x)  ((_x) == VGIC_ADDR_UNDEF)
  73
  74/* Physical address of vgic virtual cpu interface */
  75static phys_addr_t vgic_vcpu_base;
  76
  77/* Virtual control interface base address */
  78static void __iomem *vgic_vctrl_base;
  79
  80static struct device_node *vgic_node;
  81
  82#define ACCESS_READ_VALUE       (1 << 0)
  83#define ACCESS_READ_RAZ         (0 << 0)
  84#define ACCESS_READ_MASK(x)     ((x) & (1 << 0))
  85#define ACCESS_WRITE_IGNORED    (0 << 1)
  86#define ACCESS_WRITE_SETBIT     (1 << 1)
  87#define ACCESS_WRITE_CLEARBIT   (2 << 1)
  88#define ACCESS_WRITE_VALUE      (3 << 1)
  89#define ACCESS_WRITE_MASK(x)    ((x) & (3 << 1))
  90
  91static void vgic_retire_disabled_irqs(struct kvm_vcpu *vcpu);
  92static void vgic_update_state(struct kvm *kvm);
  93static void vgic_kick_vcpus(struct kvm *kvm);
  94static void vgic_dispatch_sgi(struct kvm_vcpu *vcpu, u32 reg);
  95static u32 vgic_nr_lr;
  96
  97static unsigned int vgic_maint_irq;
  98
  99static u32 *vgic_bitmap_get_reg(struct vgic_bitmap *x,
 100                                int cpuid, u32 offset)
 101{
 102        offset >>= 2;
 103        if (!offset)
 104                return x->percpu[cpuid].reg;
 105        else
 106                return x->shared.reg + offset - 1;
 107}
 108
 109static int vgic_bitmap_get_irq_val(struct vgic_bitmap *x,
 110                                   int cpuid, int irq)
 111{
 112        if (irq < VGIC_NR_PRIVATE_IRQS)
 113                return test_bit(irq, x->percpu[cpuid].reg_ul);
 114
 115        return test_bit(irq - VGIC_NR_PRIVATE_IRQS, x->shared.reg_ul);
 116}
 117
 118static void vgic_bitmap_set_irq_val(struct vgic_bitmap *x, int cpuid,
 119                                    int irq, int val)
 120{
 121        unsigned long *reg;
 122
 123        if (irq < VGIC_NR_PRIVATE_IRQS) {
 124                reg = x->percpu[cpuid].reg_ul;
 125        } else {
 126                reg =  x->shared.reg_ul;
 127                irq -= VGIC_NR_PRIVATE_IRQS;
 128        }
 129
 130        if (val)
 131                set_bit(irq, reg);
 132        else
 133                clear_bit(irq, reg);
 134}
 135
 136static unsigned long *vgic_bitmap_get_cpu_map(struct vgic_bitmap *x, int cpuid)
 137{
 138        if (unlikely(cpuid >= VGIC_MAX_CPUS))
 139                return NULL;
 140        return x->percpu[cpuid].reg_ul;
 141}
 142
 143static unsigned long *vgic_bitmap_get_shared_map(struct vgic_bitmap *x)
 144{
 145        return x->shared.reg_ul;
 146}
 147
 148static u32 *vgic_bytemap_get_reg(struct vgic_bytemap *x, int cpuid, u32 offset)
 149{
 150        offset >>= 2;
 151        BUG_ON(offset > (VGIC_NR_IRQS / 4));
 152        if (offset < 4)
 153                return x->percpu[cpuid] + offset;
 154        else
 155                return x->shared + offset - 8;
 156}
 157
 158#define VGIC_CFG_LEVEL  0
 159#define VGIC_CFG_EDGE   1
 160
 161static bool vgic_irq_is_edge(struct kvm_vcpu *vcpu, int irq)
 162{
 163        struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
 164        int irq_val;
 165
 166        irq_val = vgic_bitmap_get_irq_val(&dist->irq_cfg, vcpu->vcpu_id, irq);
 167        return irq_val == VGIC_CFG_EDGE;
 168}
 169
 170static int vgic_irq_is_enabled(struct kvm_vcpu *vcpu, int irq)
 171{
 172        struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
 173
 174        return vgic_bitmap_get_irq_val(&dist->irq_enabled, vcpu->vcpu_id, irq);
 175}
 176
 177static int vgic_irq_is_active(struct kvm_vcpu *vcpu, int irq)
 178{
 179        struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
 180
 181        return vgic_bitmap_get_irq_val(&dist->irq_active, vcpu->vcpu_id, irq);
 182}
 183
 184static void vgic_irq_set_active(struct kvm_vcpu *vcpu, int irq)
 185{
 186        struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
 187
 188        vgic_bitmap_set_irq_val(&dist->irq_active, vcpu->vcpu_id, irq, 1);
 189}
 190
 191static void vgic_irq_clear_active(struct kvm_vcpu *vcpu, int irq)
 192{
 193        struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
 194
 195        vgic_bitmap_set_irq_val(&dist->irq_active, vcpu->vcpu_id, irq, 0);
 196}
 197
 198static int vgic_dist_irq_is_pending(struct kvm_vcpu *vcpu, int irq)
 199{
 200        struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
 201
 202        return vgic_bitmap_get_irq_val(&dist->irq_state, vcpu->vcpu_id, irq);
 203}
 204
 205static void vgic_dist_irq_set(struct kvm_vcpu *vcpu, int irq)
 206{
 207        struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
 208
 209        vgic_bitmap_set_irq_val(&dist->irq_state, vcpu->vcpu_id, irq, 1);
 210}
 211
 212static void vgic_dist_irq_clear(struct kvm_vcpu *vcpu, int irq)
 213{
 214        struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
 215
 216        vgic_bitmap_set_irq_val(&dist->irq_state, vcpu->vcpu_id, irq, 0);
 217}
 218
 219static void vgic_cpu_irq_set(struct kvm_vcpu *vcpu, int irq)
 220{
 221        if (irq < VGIC_NR_PRIVATE_IRQS)
 222                set_bit(irq, vcpu->arch.vgic_cpu.pending_percpu);
 223        else
 224                set_bit(irq - VGIC_NR_PRIVATE_IRQS,
 225                        vcpu->arch.vgic_cpu.pending_shared);
 226}
 227
 228static void vgic_cpu_irq_clear(struct kvm_vcpu *vcpu, int irq)
 229{
 230        if (irq < VGIC_NR_PRIVATE_IRQS)
 231                clear_bit(irq, vcpu->arch.vgic_cpu.pending_percpu);
 232        else
 233                clear_bit(irq - VGIC_NR_PRIVATE_IRQS,
 234                          vcpu->arch.vgic_cpu.pending_shared);
 235}
 236
 237static u32 mmio_data_read(struct kvm_exit_mmio *mmio, u32 mask)
 238{
 239        return *((u32 *)mmio->data) & mask;
 240}
 241
 242static void mmio_data_write(struct kvm_exit_mmio *mmio, u32 mask, u32 value)
 243{
 244        *((u32 *)mmio->data) = value & mask;
 245}
 246
 247/**
 248 * vgic_reg_access - access vgic register
 249 * @mmio:   pointer to the data describing the mmio access
 250 * @reg:    pointer to the virtual backing of vgic distributor data
 251 * @offset: least significant 2 bits used for word offset
 252 * @mode:   ACCESS_ mode (see defines above)
 253 *
 254 * Helper to make vgic register access easier using one of the access
 255 * modes defined for vgic register access
 256 * (read,raz,write-ignored,setbit,clearbit,write)
 257 */
 258static void vgic_reg_access(struct kvm_exit_mmio *mmio, u32 *reg,
 259                            phys_addr_t offset, int mode)
 260{
 261        int word_offset = (offset & 3) * 8;
 262        u32 mask = (1UL << (mmio->len * 8)) - 1;
 263        u32 regval;
 264
 265        /*
 266         * Any alignment fault should have been delivered to the guest
 267         * directly (ARM ARM B3.12.7 "Prioritization of aborts").
 268         */
 269
 270        if (reg) {
 271                regval = *reg;
 272        } else {
 273                BUG_ON(mode != (ACCESS_READ_RAZ | ACCESS_WRITE_IGNORED));
 274                regval = 0;
 275        }
 276
 277        if (mmio->is_write) {
 278                u32 data = mmio_data_read(mmio, mask) << word_offset;
 279                switch (ACCESS_WRITE_MASK(mode)) {
 280                case ACCESS_WRITE_IGNORED:
 281                        return;
 282
 283                case ACCESS_WRITE_SETBIT:
 284                        regval |= data;
 285                        break;
 286
 287                case ACCESS_WRITE_CLEARBIT:
 288                        regval &= ~data;
 289                        break;
 290
 291                case ACCESS_WRITE_VALUE:
 292                        regval = (regval & ~(mask << word_offset)) | data;
 293                        break;
 294                }
 295                *reg = regval;
 296        } else {
 297                switch (ACCESS_READ_MASK(mode)) {
 298                case ACCESS_READ_RAZ:
 299                        regval = 0;
 300                        /* fall through */
 301
 302                case ACCESS_READ_VALUE:
 303                        mmio_data_write(mmio, mask, regval >> word_offset);
 304                }
 305        }
 306}
 307
 308static bool handle_mmio_misc(struct kvm_vcpu *vcpu,
 309                             struct kvm_exit_mmio *mmio, phys_addr_t offset)
 310{
 311        u32 reg;
 312        u32 word_offset = offset & 3;
 313
 314        switch (offset & ~3) {
 315        case 0:                 /* CTLR */
 316                reg = vcpu->kvm->arch.vgic.enabled;
 317                vgic_reg_access(mmio, &reg, word_offset,
 318                                ACCESS_READ_VALUE | ACCESS_WRITE_VALUE);
 319                if (mmio->is_write) {
 320                        vcpu->kvm->arch.vgic.enabled = reg & 1;
 321                        vgic_update_state(vcpu->kvm);
 322                        return true;
 323                }
 324                break;
 325
 326        case 4:                 /* TYPER */
 327                reg  = (atomic_read(&vcpu->kvm->online_vcpus) - 1) << 5;
 328                reg |= (VGIC_NR_IRQS >> 5) - 1;
 329                vgic_reg_access(mmio, &reg, word_offset,
 330                                ACCESS_READ_VALUE | ACCESS_WRITE_IGNORED);
 331                break;
 332
 333        case 8:                 /* IIDR */
 334                reg = 0x4B00043B;
 335                vgic_reg_access(mmio, &reg, word_offset,
 336                                ACCESS_READ_VALUE | ACCESS_WRITE_IGNORED);
 337                break;
 338        }
 339
 340        return false;
 341}
 342
 343static bool handle_mmio_raz_wi(struct kvm_vcpu *vcpu,
 344                               struct kvm_exit_mmio *mmio, phys_addr_t offset)
 345{
 346        vgic_reg_access(mmio, NULL, offset,
 347                        ACCESS_READ_RAZ | ACCESS_WRITE_IGNORED);
 348        return false;
 349}
 350
 351static bool handle_mmio_set_enable_reg(struct kvm_vcpu *vcpu,
 352                                       struct kvm_exit_mmio *mmio,
 353                                       phys_addr_t offset)
 354{
 355        u32 *reg = vgic_bitmap_get_reg(&vcpu->kvm->arch.vgic.irq_enabled,
 356                                       vcpu->vcpu_id, offset);
 357        vgic_reg_access(mmio, reg, offset,
 358                        ACCESS_READ_VALUE | ACCESS_WRITE_SETBIT);
 359        if (mmio->is_write) {
 360                vgic_update_state(vcpu->kvm);
 361                return true;
 362        }
 363
 364        return false;
 365}
 366
 367static bool handle_mmio_clear_enable_reg(struct kvm_vcpu *vcpu,
 368                                         struct kvm_exit_mmio *mmio,
 369                                         phys_addr_t offset)
 370{
 371        u32 *reg = vgic_bitmap_get_reg(&vcpu->kvm->arch.vgic.irq_enabled,
 372                                       vcpu->vcpu_id, offset);
 373        vgic_reg_access(mmio, reg, offset,
 374                        ACCESS_READ_VALUE | ACCESS_WRITE_CLEARBIT);
 375        if (mmio->is_write) {
 376                if (offset < 4) /* Force SGI enabled */
 377                        *reg |= 0xffff;
 378                vgic_retire_disabled_irqs(vcpu);
 379                vgic_update_state(vcpu->kvm);
 380                return true;
 381        }
 382
 383        return false;
 384}
 385
 386static bool handle_mmio_set_pending_reg(struct kvm_vcpu *vcpu,
 387                                        struct kvm_exit_mmio *mmio,
 388                                        phys_addr_t offset)
 389{
 390        u32 *reg = vgic_bitmap_get_reg(&vcpu->kvm->arch.vgic.irq_state,
 391                                       vcpu->vcpu_id, offset);
 392        vgic_reg_access(mmio, reg, offset,
 393                        ACCESS_READ_VALUE | ACCESS_WRITE_SETBIT);
 394        if (mmio->is_write) {
 395                vgic_update_state(vcpu->kvm);
 396                return true;
 397        }
 398
 399        return false;
 400}
 401
 402static bool handle_mmio_clear_pending_reg(struct kvm_vcpu *vcpu,
 403                                          struct kvm_exit_mmio *mmio,
 404                                          phys_addr_t offset)
 405{
 406        u32 *reg = vgic_bitmap_get_reg(&vcpu->kvm->arch.vgic.irq_state,
 407                                       vcpu->vcpu_id, offset);
 408        vgic_reg_access(mmio, reg, offset,
 409                        ACCESS_READ_VALUE | ACCESS_WRITE_CLEARBIT);
 410        if (mmio->is_write) {
 411                vgic_update_state(vcpu->kvm);
 412                return true;
 413        }
 414
 415        return false;
 416}
 417
 418static bool handle_mmio_priority_reg(struct kvm_vcpu *vcpu,
 419                                     struct kvm_exit_mmio *mmio,
 420                                     phys_addr_t offset)
 421{
 422        u32 *reg = vgic_bytemap_get_reg(&vcpu->kvm->arch.vgic.irq_priority,
 423                                        vcpu->vcpu_id, offset);
 424        vgic_reg_access(mmio, reg, offset,
 425                        ACCESS_READ_VALUE | ACCESS_WRITE_VALUE);
 426        return false;
 427}
 428
 429#define GICD_ITARGETSR_SIZE     32
 430#define GICD_CPUTARGETS_BITS    8
 431#define GICD_IRQS_PER_ITARGETSR (GICD_ITARGETSR_SIZE / GICD_CPUTARGETS_BITS)
 432static u32 vgic_get_target_reg(struct kvm *kvm, int irq)
 433{
 434        struct vgic_dist *dist = &kvm->arch.vgic;
 435        struct kvm_vcpu *vcpu;
 436        int i, c;
 437        unsigned long *bmap;
 438        u32 val = 0;
 439
 440        irq -= VGIC_NR_PRIVATE_IRQS;
 441
 442        kvm_for_each_vcpu(c, vcpu, kvm) {
 443                bmap = vgic_bitmap_get_shared_map(&dist->irq_spi_target[c]);
 444                for (i = 0; i < GICD_IRQS_PER_ITARGETSR; i++)
 445                        if (test_bit(irq + i, bmap))
 446                                val |= 1 << (c + i * 8);
 447        }
 448
 449        return val;
 450}
 451
 452static void vgic_set_target_reg(struct kvm *kvm, u32 val, int irq)
 453{
 454        struct vgic_dist *dist = &kvm->arch.vgic;
 455        struct kvm_vcpu *vcpu;
 456        int i, c;
 457        unsigned long *bmap;
 458        u32 target;
 459
 460        irq -= VGIC_NR_PRIVATE_IRQS;
 461
 462        /*
 463         * Pick the LSB in each byte. This ensures we target exactly
 464         * one vcpu per IRQ. If the byte is null, assume we target
 465         * CPU0.
 466         */
 467        for (i = 0; i < GICD_IRQS_PER_ITARGETSR; i++) {
 468                int shift = i * GICD_CPUTARGETS_BITS;
 469                target = ffs((val >> shift) & 0xffU);
 470                target = target ? (target - 1) : 0;
 471                dist->irq_spi_cpu[irq + i] = target;
 472                kvm_for_each_vcpu(c, vcpu, kvm) {
 473                        bmap = vgic_bitmap_get_shared_map(&dist->irq_spi_target[c]);
 474                        if (c == target)
 475                                set_bit(irq + i, bmap);
 476                        else
 477                                clear_bit(irq + i, bmap);
 478                }
 479        }
 480}
 481
 482static bool handle_mmio_target_reg(struct kvm_vcpu *vcpu,
 483                                   struct kvm_exit_mmio *mmio,
 484                                   phys_addr_t offset)
 485{
 486        u32 reg;
 487
 488        /* We treat the banked interrupts targets as read-only */
 489        if (offset < 32) {
 490                u32 roreg = 1 << vcpu->vcpu_id;
 491                roreg |= roreg << 8;
 492                roreg |= roreg << 16;
 493
 494                vgic_reg_access(mmio, &roreg, offset,
 495                                ACCESS_READ_VALUE | ACCESS_WRITE_IGNORED);
 496                return false;
 497        }
 498
 499        reg = vgic_get_target_reg(vcpu->kvm, offset & ~3U);
 500        vgic_reg_access(mmio, &reg, offset,
 501                        ACCESS_READ_VALUE | ACCESS_WRITE_VALUE);
 502        if (mmio->is_write) {
 503                vgic_set_target_reg(vcpu->kvm, reg, offset & ~3U);
 504                vgic_update_state(vcpu->kvm);
 505                return true;
 506        }
 507
 508        return false;
 509}
 510
 511static u32 vgic_cfg_expand(u16 val)
 512{
 513        u32 res = 0;
 514        int i;
 515
 516        /*
 517         * Turn a 16bit value like abcd...mnop into a 32bit word
 518         * a0b0c0d0...m0n0o0p0, which is what the HW cfg register is.
 519         */
 520        for (i = 0; i < 16; i++)
 521                res |= ((val >> i) & VGIC_CFG_EDGE) << (2 * i + 1);
 522
 523        return res;
 524}
 525
 526static u16 vgic_cfg_compress(u32 val)
 527{
 528        u16 res = 0;
 529        int i;
 530
 531        /*
 532         * Turn a 32bit word a0b0c0d0...m0n0o0p0 into 16bit value like
 533         * abcd...mnop which is what we really care about.
 534         */
 535        for (i = 0; i < 16; i++)
 536                res |= ((val >> (i * 2 + 1)) & VGIC_CFG_EDGE) << i;
 537
 538        return res;
 539}
 540
 541/*
 542 * The distributor uses 2 bits per IRQ for the CFG register, but the
 543 * LSB is always 0. As such, we only keep the upper bit, and use the
 544 * two above functions to compress/expand the bits
 545 */
 546static bool handle_mmio_cfg_reg(struct kvm_vcpu *vcpu,
 547                                struct kvm_exit_mmio *mmio, phys_addr_t offset)
 548{
 549        u32 val;
 550        u32 *reg = vgic_bitmap_get_reg(&vcpu->kvm->arch.vgic.irq_cfg,
 551                                       vcpu->vcpu_id, offset >> 1);
 552        if (offset & 2)
 553                val = *reg >> 16;
 554        else
 555                val = *reg & 0xffff;
 556
 557        val = vgic_cfg_expand(val);
 558        vgic_reg_access(mmio, &val, offset,
 559                        ACCESS_READ_VALUE | ACCESS_WRITE_VALUE);
 560        if (mmio->is_write) {
 561                if (offset < 4) {
 562                        *reg = ~0U; /* Force PPIs/SGIs to 1 */
 563                        return false;
 564                }
 565
 566                val = vgic_cfg_compress(val);
 567                if (offset & 2) {
 568                        *reg &= 0xffff;
 569                        *reg |= val << 16;
 570                } else {
 571                        *reg &= 0xffff << 16;
 572                        *reg |= val;
 573                }
 574        }
 575
 576        return false;
 577}
 578
 579static bool handle_mmio_sgi_reg(struct kvm_vcpu *vcpu,
 580                                struct kvm_exit_mmio *mmio, phys_addr_t offset)
 581{
 582        u32 reg;
 583        vgic_reg_access(mmio, &reg, offset,
 584                        ACCESS_READ_RAZ | ACCESS_WRITE_VALUE);
 585        if (mmio->is_write) {
 586                vgic_dispatch_sgi(vcpu, reg);
 587                vgic_update_state(vcpu->kvm);
 588                return true;
 589        }
 590
 591        return false;
 592}
 593
 594/*
 595 * I would have liked to use the kvm_bus_io_*() API instead, but it
 596 * cannot cope with banked registers (only the VM pointer is passed
 597 * around, and we need the vcpu). One of these days, someone please
 598 * fix it!
 599 */
 600struct mmio_range {
 601        phys_addr_t base;
 602        unsigned long len;
 603        bool (*handle_mmio)(struct kvm_vcpu *vcpu, struct kvm_exit_mmio *mmio,
 604                            phys_addr_t offset);
 605};
 606
 607static const struct mmio_range vgic_ranges[] = {
 608        {
 609                .base           = GIC_DIST_CTRL,
 610                .len            = 12,
 611                .handle_mmio    = handle_mmio_misc,
 612        },
 613        {
 614                .base           = GIC_DIST_IGROUP,
 615                .len            = VGIC_NR_IRQS / 8,
 616                .handle_mmio    = handle_mmio_raz_wi,
 617        },
 618        {
 619                .base           = GIC_DIST_ENABLE_SET,
 620                .len            = VGIC_NR_IRQS / 8,
 621                .handle_mmio    = handle_mmio_set_enable_reg,
 622        },
 623        {
 624                .base           = GIC_DIST_ENABLE_CLEAR,
 625                .len            = VGIC_NR_IRQS / 8,
 626                .handle_mmio    = handle_mmio_clear_enable_reg,
 627        },
 628        {
 629                .base           = GIC_DIST_PENDING_SET,
 630                .len            = VGIC_NR_IRQS / 8,
 631                .handle_mmio    = handle_mmio_set_pending_reg,
 632        },
 633        {
 634                .base           = GIC_DIST_PENDING_CLEAR,
 635                .len            = VGIC_NR_IRQS / 8,
 636                .handle_mmio    = handle_mmio_clear_pending_reg,
 637        },
 638        {
 639                .base           = GIC_DIST_ACTIVE_SET,
 640                .len            = VGIC_NR_IRQS / 8,
 641                .handle_mmio    = handle_mmio_raz_wi,
 642        },
 643        {
 644                .base           = GIC_DIST_ACTIVE_CLEAR,
 645                .len            = VGIC_NR_IRQS / 8,
 646                .handle_mmio    = handle_mmio_raz_wi,
 647        },
 648        {
 649                .base           = GIC_DIST_PRI,
 650                .len            = VGIC_NR_IRQS,
 651                .handle_mmio    = handle_mmio_priority_reg,
 652        },
 653        {
 654                .base           = GIC_DIST_TARGET,
 655                .len            = VGIC_NR_IRQS,
 656                .handle_mmio    = handle_mmio_target_reg,
 657        },
 658        {
 659                .base           = GIC_DIST_CONFIG,
 660                .len            = VGIC_NR_IRQS / 4,
 661                .handle_mmio    = handle_mmio_cfg_reg,
 662        },
 663        {
 664                .base           = GIC_DIST_SOFTINT,
 665                .len            = 4,
 666                .handle_mmio    = handle_mmio_sgi_reg,
 667        },
 668        {}
 669};
 670
 671static const
 672struct mmio_range *find_matching_range(const struct mmio_range *ranges,
 673                                       struct kvm_exit_mmio *mmio,
 674                                       phys_addr_t base)
 675{
 676        const struct mmio_range *r = ranges;
 677        phys_addr_t addr = mmio->phys_addr - base;
 678
 679        while (r->len) {
 680                if (addr >= r->base &&
 681                    (addr + mmio->len) <= (r->base + r->len))
 682                        return r;
 683                r++;
 684        }
 685
 686        return NULL;
 687}
 688
 689/**
 690 * vgic_handle_mmio - handle an in-kernel MMIO access
 691 * @vcpu:       pointer to the vcpu performing the access
 692 * @run:        pointer to the kvm_run structure
 693 * @mmio:       pointer to the data describing the access
 694 *
 695 * returns true if the MMIO access has been performed in kernel space,
 696 * and false if it needs to be emulated in user space.
 697 */
 698bool vgic_handle_mmio(struct kvm_vcpu *vcpu, struct kvm_run *run,
 699                      struct kvm_exit_mmio *mmio)
 700{
 701        const struct mmio_range *range;
 702        struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
 703        unsigned long base = dist->vgic_dist_base;
 704        bool updated_state;
 705        unsigned long offset;
 706
 707        if (!irqchip_in_kernel(vcpu->kvm) ||
 708            mmio->phys_addr < base ||
 709            (mmio->phys_addr + mmio->len) > (base + KVM_VGIC_V2_DIST_SIZE))
 710                return false;
 711
 712        /* We don't support ldrd / strd or ldm / stm to the emulated vgic */
 713        if (mmio->len > 4) {
 714                kvm_inject_dabt(vcpu, mmio->phys_addr);
 715                return true;
 716        }
 717
 718        range = find_matching_range(vgic_ranges, mmio, base);
 719        if (unlikely(!range || !range->handle_mmio)) {
 720                pr_warn("Unhandled access %d %08llx %d\n",
 721                        mmio->is_write, mmio->phys_addr, mmio->len);
 722                return false;
 723        }
 724
 725        spin_lock(&vcpu->kvm->arch.vgic.lock);
 726        offset = mmio->phys_addr - range->base - base;
 727        updated_state = range->handle_mmio(vcpu, mmio, offset);
 728        spin_unlock(&vcpu->kvm->arch.vgic.lock);
 729        kvm_prepare_mmio(run, mmio);
 730        kvm_handle_mmio_return(vcpu, run);
 731
 732        if (updated_state)
 733                vgic_kick_vcpus(vcpu->kvm);
 734
 735        return true;
 736}
 737
 738static void vgic_dispatch_sgi(struct kvm_vcpu *vcpu, u32 reg)
 739{
 740        struct kvm *kvm = vcpu->kvm;
 741        struct vgic_dist *dist = &kvm->arch.vgic;
 742        int nrcpus = atomic_read(&kvm->online_vcpus);
 743        u8 target_cpus;
 744        int sgi, mode, c, vcpu_id;
 745
 746        vcpu_id = vcpu->vcpu_id;
 747
 748        sgi = reg & 0xf;
 749        target_cpus = (reg >> 16) & 0xff;
 750        mode = (reg >> 24) & 3;
 751
 752        switch (mode) {
 753        case 0:
 754                if (!target_cpus)
 755                        return;
 756
 757        case 1:
 758                target_cpus = ((1 << nrcpus) - 1) & ~(1 << vcpu_id) & 0xff;
 759                break;
 760
 761        case 2:
 762                target_cpus = 1 << vcpu_id;
 763                break;
 764        }
 765
 766        kvm_for_each_vcpu(c, vcpu, kvm) {
 767                if (target_cpus & 1) {
 768                        /* Flag the SGI as pending */
 769                        vgic_dist_irq_set(vcpu, sgi);
 770                        dist->irq_sgi_sources[c][sgi] |= 1 << vcpu_id;
 771                        kvm_debug("SGI%d from CPU%d to CPU%d\n", sgi, vcpu_id, c);
 772                }
 773
 774                target_cpus >>= 1;
 775        }
 776}
 777
 778static int compute_pending_for_cpu(struct kvm_vcpu *vcpu)
 779{
 780        struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
 781        unsigned long *pending, *enabled, *pend_percpu, *pend_shared;
 782        unsigned long pending_private, pending_shared;
 783        int vcpu_id;
 784
 785        vcpu_id = vcpu->vcpu_id;
 786        pend_percpu = vcpu->arch.vgic_cpu.pending_percpu;
 787        pend_shared = vcpu->arch.vgic_cpu.pending_shared;
 788
 789        pending = vgic_bitmap_get_cpu_map(&dist->irq_state, vcpu_id);
 790        enabled = vgic_bitmap_get_cpu_map(&dist->irq_enabled, vcpu_id);
 791        bitmap_and(pend_percpu, pending, enabled, VGIC_NR_PRIVATE_IRQS);
 792
 793        pending = vgic_bitmap_get_shared_map(&dist->irq_state);
 794        enabled = vgic_bitmap_get_shared_map(&dist->irq_enabled);
 795        bitmap_and(pend_shared, pending, enabled, VGIC_NR_SHARED_IRQS);
 796        bitmap_and(pend_shared, pend_shared,
 797                   vgic_bitmap_get_shared_map(&dist->irq_spi_target[vcpu_id]),
 798                   VGIC_NR_SHARED_IRQS);
 799
 800        pending_private = find_first_bit(pend_percpu, VGIC_NR_PRIVATE_IRQS);
 801        pending_shared = find_first_bit(pend_shared, VGIC_NR_SHARED_IRQS);
 802        return (pending_private < VGIC_NR_PRIVATE_IRQS ||
 803                pending_shared < VGIC_NR_SHARED_IRQS);
 804}
 805
 806/*
 807 * Update the interrupt state and determine which CPUs have pending
 808 * interrupts. Must be called with distributor lock held.
 809 */
 810static void vgic_update_state(struct kvm *kvm)
 811{
 812        struct vgic_dist *dist = &kvm->arch.vgic;
 813        struct kvm_vcpu *vcpu;
 814        int c;
 815
 816        if (!dist->enabled) {
 817                set_bit(0, &dist->irq_pending_on_cpu);
 818                return;
 819        }
 820
 821        kvm_for_each_vcpu(c, vcpu, kvm) {
 822                if (compute_pending_for_cpu(vcpu)) {
 823                        pr_debug("CPU%d has pending interrupts\n", c);
 824                        set_bit(c, &dist->irq_pending_on_cpu);
 825                }
 826        }
 827}
 828
 829#define LR_CPUID(lr)    \
 830        (((lr) & GICH_LR_PHYSID_CPUID) >> GICH_LR_PHYSID_CPUID_SHIFT)
 831#define MK_LR_PEND(src, irq)    \
 832        (GICH_LR_PENDING_BIT | ((src) << GICH_LR_PHYSID_CPUID_SHIFT) | (irq))
 833
 834/*
 835 * An interrupt may have been disabled after being made pending on the
 836 * CPU interface (the classic case is a timer running while we're
 837 * rebooting the guest - the interrupt would kick as soon as the CPU
 838 * interface gets enabled, with deadly consequences).
 839 *
 840 * The solution is to examine already active LRs, and check the
 841 * interrupt is still enabled. If not, just retire it.
 842 */
 843static void vgic_retire_disabled_irqs(struct kvm_vcpu *vcpu)
 844{
 845        struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu;
 846        int lr;
 847
 848        for_each_set_bit(lr, vgic_cpu->lr_used, vgic_cpu->nr_lr) {
 849                int irq = vgic_cpu->vgic_lr[lr] & GICH_LR_VIRTUALID;
 850
 851                if (!vgic_irq_is_enabled(vcpu, irq)) {
 852                        vgic_cpu->vgic_irq_lr_map[irq] = LR_EMPTY;
 853                        clear_bit(lr, vgic_cpu->lr_used);
 854                        vgic_cpu->vgic_lr[lr] &= ~GICH_LR_STATE;
 855                        if (vgic_irq_is_active(vcpu, irq))
 856                                vgic_irq_clear_active(vcpu, irq);
 857                }
 858        }
 859}
 860
 861/*
 862 * Queue an interrupt to a CPU virtual interface. Return true on success,
 863 * or false if it wasn't possible to queue it.
 864 */
 865static bool vgic_queue_irq(struct kvm_vcpu *vcpu, u8 sgi_source_id, int irq)
 866{
 867        struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu;
 868        int lr;
 869
 870        /* Sanitize the input... */
 871        BUG_ON(sgi_source_id & ~7);
 872        BUG_ON(sgi_source_id && irq >= VGIC_NR_SGIS);
 873        BUG_ON(irq >= VGIC_NR_IRQS);
 874
 875        kvm_debug("Queue IRQ%d\n", irq);
 876
 877        lr = vgic_cpu->vgic_irq_lr_map[irq];
 878
 879        /* Do we have an active interrupt for the same CPUID? */
 880        if (lr != LR_EMPTY &&
 881            (LR_CPUID(vgic_cpu->vgic_lr[lr]) == sgi_source_id)) {
 882                kvm_debug("LR%d piggyback for IRQ%d %x\n",
 883                          lr, irq, vgic_cpu->vgic_lr[lr]);
 884                BUG_ON(!test_bit(lr, vgic_cpu->lr_used));
 885                vgic_cpu->vgic_lr[lr] |= GICH_LR_PENDING_BIT;
 886                return true;
 887        }
 888
 889        /* Try to use another LR for this interrupt */
 890        lr = find_first_zero_bit((unsigned long *)vgic_cpu->lr_used,
 891                               vgic_cpu->nr_lr);
 892        if (lr >= vgic_cpu->nr_lr)
 893                return false;
 894
 895        kvm_debug("LR%d allocated for IRQ%d %x\n", lr, irq, sgi_source_id);
 896        vgic_cpu->vgic_lr[lr] = MK_LR_PEND(sgi_source_id, irq);
 897        vgic_cpu->vgic_irq_lr_map[irq] = lr;
 898        set_bit(lr, vgic_cpu->lr_used);
 899
 900        if (!vgic_irq_is_edge(vcpu, irq))
 901                vgic_cpu->vgic_lr[lr] |= GICH_LR_EOI;
 902
 903        return true;
 904}
 905
 906static bool vgic_queue_sgi(struct kvm_vcpu *vcpu, int irq)
 907{
 908        struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
 909        unsigned long sources;
 910        int vcpu_id = vcpu->vcpu_id;
 911        int c;
 912
 913        sources = dist->irq_sgi_sources[vcpu_id][irq];
 914
 915        for_each_set_bit(c, &sources, VGIC_MAX_CPUS) {
 916                if (vgic_queue_irq(vcpu, c, irq))
 917                        clear_bit(c, &sources);
 918        }
 919
 920        dist->irq_sgi_sources[vcpu_id][irq] = sources;
 921
 922        /*
 923         * If the sources bitmap has been cleared it means that we
 924         * could queue all the SGIs onto link registers (see the
 925         * clear_bit above), and therefore we are done with them in
 926         * our emulated gic and can get rid of them.
 927         */
 928        if (!sources) {
 929                vgic_dist_irq_clear(vcpu, irq);
 930                vgic_cpu_irq_clear(vcpu, irq);
 931                return true;
 932        }
 933
 934        return false;
 935}
 936
 937static bool vgic_queue_hwirq(struct kvm_vcpu *vcpu, int irq)
 938{
 939        if (vgic_irq_is_active(vcpu, irq))
 940                return true; /* level interrupt, already queued */
 941
 942        if (vgic_queue_irq(vcpu, 0, irq)) {
 943                if (vgic_irq_is_edge(vcpu, irq)) {
 944                        vgic_dist_irq_clear(vcpu, irq);
 945                        vgic_cpu_irq_clear(vcpu, irq);
 946                } else {
 947                        vgic_irq_set_active(vcpu, irq);
 948                }
 949
 950                return true;
 951        }
 952
 953        return false;
 954}
 955
 956/*
 957 * Fill the list registers with pending interrupts before running the
 958 * guest.
 959 */
 960static void __kvm_vgic_flush_hwstate(struct kvm_vcpu *vcpu)
 961{
 962        struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu;
 963        struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
 964        int i, vcpu_id;
 965        int overflow = 0;
 966
 967        vcpu_id = vcpu->vcpu_id;
 968
 969        /*
 970         * We may not have any pending interrupt, or the interrupts
 971         * may have been serviced from another vcpu. In all cases,
 972         * move along.
 973         */
 974        if (!kvm_vgic_vcpu_pending_irq(vcpu)) {
 975                pr_debug("CPU%d has no pending interrupt\n", vcpu_id);
 976                goto epilog;
 977        }
 978
 979        /* SGIs */
 980        for_each_set_bit(i, vgic_cpu->pending_percpu, VGIC_NR_SGIS) {
 981                if (!vgic_queue_sgi(vcpu, i))
 982                        overflow = 1;
 983        }
 984
 985        /* PPIs */
 986        for_each_set_bit_from(i, vgic_cpu->pending_percpu, VGIC_NR_PRIVATE_IRQS) {
 987                if (!vgic_queue_hwirq(vcpu, i))
 988                        overflow = 1;
 989        }
 990
 991        /* SPIs */
 992        for_each_set_bit(i, vgic_cpu->pending_shared, VGIC_NR_SHARED_IRQS) {
 993                if (!vgic_queue_hwirq(vcpu, i + VGIC_NR_PRIVATE_IRQS))
 994                        overflow = 1;
 995        }
 996
 997epilog:
 998        if (overflow) {
 999                vgic_cpu->vgic_hcr |= GICH_HCR_UIE;
1000        } else {
1001                vgic_cpu->vgic_hcr &= ~GICH_HCR_UIE;
1002                /*
1003                 * We're about to run this VCPU, and we've consumed
1004                 * everything the distributor had in store for
1005                 * us. Claim we don't have anything pending. We'll
1006                 * adjust that if needed while exiting.
1007                 */
1008                clear_bit(vcpu_id, &dist->irq_pending_on_cpu);
1009        }
1010}
1011
1012static bool vgic_process_maintenance(struct kvm_vcpu *vcpu)
1013{
1014        struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu;
1015        bool level_pending = false;
1016
1017        kvm_debug("MISR = %08x\n", vgic_cpu->vgic_misr);
1018
1019        if (vgic_cpu->vgic_misr & GICH_MISR_EOI) {
1020                /*
1021                 * Some level interrupts have been EOIed. Clear their
1022                 * active bit.
1023                 */
1024                int lr, irq;
1025
1026                for_each_set_bit(lr, (unsigned long *)vgic_cpu->vgic_eisr,
1027                                 vgic_cpu->nr_lr) {
1028                        irq = vgic_cpu->vgic_lr[lr] & GICH_LR_VIRTUALID;
1029
1030                        vgic_irq_clear_active(vcpu, irq);
1031                        vgic_cpu->vgic_lr[lr] &= ~GICH_LR_EOI;
1032
1033                        /* Any additional pending interrupt? */
1034                        if (vgic_dist_irq_is_pending(vcpu, irq)) {
1035                                vgic_cpu_irq_set(vcpu, irq);
1036                                level_pending = true;
1037                        } else {
1038                                vgic_cpu_irq_clear(vcpu, irq);
1039                        }
1040
1041                        /*
1042                         * Despite being EOIed, the LR may not have
1043                         * been marked as empty.
1044                         */
1045                        set_bit(lr, (unsigned long *)vgic_cpu->vgic_elrsr);
1046                        vgic_cpu->vgic_lr[lr] &= ~GICH_LR_ACTIVE_BIT;
1047                }
1048        }
1049
1050        if (vgic_cpu->vgic_misr & GICH_MISR_U)
1051                vgic_cpu->vgic_hcr &= ~GICH_HCR_UIE;
1052
1053        return level_pending;
1054}
1055
1056/*
1057 * Sync back the VGIC state after a guest run. The distributor lock is
1058 * needed so we don't get preempted in the middle of the state processing.
1059 */
1060static void __kvm_vgic_sync_hwstate(struct kvm_vcpu *vcpu)
1061{
1062        struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu;
1063        struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
1064        int lr, pending;
1065        bool level_pending;
1066
1067        level_pending = vgic_process_maintenance(vcpu);
1068
1069        /* Clear mappings for empty LRs */
1070        for_each_set_bit(lr, (unsigned long *)vgic_cpu->vgic_elrsr,
1071                         vgic_cpu->nr_lr) {
1072                int irq;
1073
1074                if (!test_and_clear_bit(lr, vgic_cpu->lr_used))
1075                        continue;
1076
1077                irq = vgic_cpu->vgic_lr[lr] & GICH_LR_VIRTUALID;
1078
1079                BUG_ON(irq >= VGIC_NR_IRQS);
1080                vgic_cpu->vgic_irq_lr_map[irq] = LR_EMPTY;
1081        }
1082
1083        /* Check if we still have something up our sleeve... */
1084        pending = find_first_zero_bit((unsigned long *)vgic_cpu->vgic_elrsr,
1085                                      vgic_cpu->nr_lr);
1086        if (level_pending || pending < vgic_cpu->nr_lr)
1087                set_bit(vcpu->vcpu_id, &dist->irq_pending_on_cpu);
1088}
1089
1090void kvm_vgic_flush_hwstate(struct kvm_vcpu *vcpu)
1091{
1092        struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
1093
1094        if (!irqchip_in_kernel(vcpu->kvm))
1095                return;
1096
1097        spin_lock(&dist->lock);
1098        __kvm_vgic_flush_hwstate(vcpu);
1099        spin_unlock(&dist->lock);
1100}
1101
1102void kvm_vgic_sync_hwstate(struct kvm_vcpu *vcpu)
1103{
1104        struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
1105
1106        if (!irqchip_in_kernel(vcpu->kvm))
1107                return;
1108
1109        spin_lock(&dist->lock);
1110        __kvm_vgic_sync_hwstate(vcpu);
1111        spin_unlock(&dist->lock);
1112}
1113
1114int kvm_vgic_vcpu_pending_irq(struct kvm_vcpu *vcpu)
1115{
1116        struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
1117
1118        if (!irqchip_in_kernel(vcpu->kvm))
1119                return 0;
1120
1121        return test_bit(vcpu->vcpu_id, &dist->irq_pending_on_cpu);
1122}
1123
1124static void vgic_kick_vcpus(struct kvm *kvm)
1125{
1126        struct kvm_vcpu *vcpu;
1127        int c;
1128
1129        /*
1130         * We've injected an interrupt, time to find out who deserves
1131         * a good kick...
1132         */
1133        kvm_for_each_vcpu(c, vcpu, kvm) {
1134                if (kvm_vgic_vcpu_pending_irq(vcpu))
1135                        kvm_vcpu_kick(vcpu);
1136        }
1137}
1138
1139static int vgic_validate_injection(struct kvm_vcpu *vcpu, int irq, int level)
1140{
1141        int is_edge = vgic_irq_is_edge(vcpu, irq);
1142        int state = vgic_dist_irq_is_pending(vcpu, irq);
1143
1144        /*
1145         * Only inject an interrupt if:
1146         * - edge triggered and we have a rising edge
1147         * - level triggered and we change level
1148         */
1149        if (is_edge)
1150                return level > state;
1151        else
1152                return level != state;
1153}
1154
1155static bool vgic_update_irq_state(struct kvm *kvm, int cpuid,
1156                                  unsigned int irq_num, bool level)
1157{
1158        struct vgic_dist *dist = &kvm->arch.vgic;
1159        struct kvm_vcpu *vcpu;
1160        int is_edge, is_level;
1161        int enabled;
1162        bool ret = true;
1163
1164        spin_lock(&dist->lock);
1165
1166        vcpu = kvm_get_vcpu(kvm, cpuid);
1167        is_edge = vgic_irq_is_edge(vcpu, irq_num);
1168        is_level = !is_edge;
1169
1170        if (!vgic_validate_injection(vcpu, irq_num, level)) {
1171                ret = false;
1172                goto out;
1173        }
1174
1175        if (irq_num >= VGIC_NR_PRIVATE_IRQS) {
1176                cpuid = dist->irq_spi_cpu[irq_num - VGIC_NR_PRIVATE_IRQS];
1177                vcpu = kvm_get_vcpu(kvm, cpuid);
1178        }
1179
1180        kvm_debug("Inject IRQ%d level %d CPU%d\n", irq_num, level, cpuid);
1181
1182        if (level)
1183                vgic_dist_irq_set(vcpu, irq_num);
1184        else
1185                vgic_dist_irq_clear(vcpu, irq_num);
1186
1187        enabled = vgic_irq_is_enabled(vcpu, irq_num);
1188
1189        if (!enabled) {
1190                ret = false;
1191                goto out;
1192        }
1193
1194        if (is_level && vgic_irq_is_active(vcpu, irq_num)) {
1195                /*
1196                 * Level interrupt in progress, will be picked up
1197                 * when EOId.
1198                 */
1199                ret = false;
1200                goto out;
1201        }
1202
1203        if (level) {
1204                vgic_cpu_irq_set(vcpu, irq_num);
1205                set_bit(cpuid, &dist->irq_pending_on_cpu);
1206        }
1207
1208out:
1209        spin_unlock(&dist->lock);
1210
1211        return ret;
1212}
1213
1214/**
1215 * kvm_vgic_inject_irq - Inject an IRQ from a device to the vgic
1216 * @kvm:     The VM structure pointer
1217 * @cpuid:   The CPU for PPIs
1218 * @irq_num: The IRQ number that is assigned to the device
1219 * @level:   Edge-triggered:  true:  to trigger the interrupt
1220 *                            false: to ignore the call
1221 *           Level-sensitive  true:  activates an interrupt
1222 *                            false: deactivates an interrupt
1223 *
1224 * The GIC is not concerned with devices being active-LOW or active-HIGH for
1225 * level-sensitive interrupts.  You can think of the level parameter as 1
1226 * being HIGH and 0 being LOW and all devices being active-HIGH.
1227 */
1228int kvm_vgic_inject_irq(struct kvm *kvm, int cpuid, unsigned int irq_num,
1229                        bool level)
1230{
1231        if (vgic_update_irq_state(kvm, cpuid, irq_num, level))
1232                vgic_kick_vcpus(kvm);
1233
1234        return 0;
1235}
1236
1237static irqreturn_t vgic_maintenance_handler(int irq, void *data)
1238{
1239        /*
1240         * We cannot rely on the vgic maintenance interrupt to be
1241         * delivered synchronously. This means we can only use it to
1242         * exit the VM, and we perform the handling of EOIed
1243         * interrupts on the exit path (see vgic_process_maintenance).
1244         */
1245        return IRQ_HANDLED;
1246}
1247
1248int kvm_vgic_vcpu_init(struct kvm_vcpu *vcpu)
1249{
1250        struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu;
1251        struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
1252        int i;
1253
1254        if (!irqchip_in_kernel(vcpu->kvm))
1255                return 0;
1256
1257        if (vcpu->vcpu_id >= VGIC_MAX_CPUS)
1258                return -EBUSY;
1259
1260        for (i = 0; i < VGIC_NR_IRQS; i++) {
1261                if (i < VGIC_NR_PPIS)
1262                        vgic_bitmap_set_irq_val(&dist->irq_enabled,
1263                                                vcpu->vcpu_id, i, 1);
1264                if (i < VGIC_NR_PRIVATE_IRQS)
1265                        vgic_bitmap_set_irq_val(&dist->irq_cfg,
1266                                                vcpu->vcpu_id, i, VGIC_CFG_EDGE);
1267
1268                vgic_cpu->vgic_irq_lr_map[i] = LR_EMPTY;
1269        }
1270
1271        /*
1272         * By forcing VMCR to zero, the GIC will restore the binary
1273         * points to their reset values. Anything else resets to zero
1274         * anyway.
1275         */
1276        vgic_cpu->vgic_vmcr = 0;
1277
1278        vgic_cpu->nr_lr = vgic_nr_lr;
1279        vgic_cpu->vgic_hcr = GICH_HCR_EN; /* Get the show on the road... */
1280
1281        return 0;
1282}
1283
1284static void vgic_init_maintenance_interrupt(void *info)
1285{
1286        enable_percpu_irq(vgic_maint_irq, 0);
1287}
1288
1289static int vgic_cpu_notify(struct notifier_block *self,
1290                           unsigned long action, void *cpu)
1291{
1292        switch (action) {
1293        case CPU_STARTING:
1294        case CPU_STARTING_FROZEN:
1295                vgic_init_maintenance_interrupt(NULL);
1296                break;
1297        case CPU_DYING:
1298        case CPU_DYING_FROZEN:
1299                disable_percpu_irq(vgic_maint_irq);
1300                break;
1301        }
1302
1303        return NOTIFY_OK;
1304}
1305
1306static struct notifier_block vgic_cpu_nb = {
1307        .notifier_call = vgic_cpu_notify,
1308};
1309
1310int kvm_vgic_hyp_init(void)
1311{
1312        int ret;
1313        struct resource vctrl_res;
1314        struct resource vcpu_res;
1315
1316        vgic_node = of_find_compatible_node(NULL, NULL, "arm,cortex-a15-gic");
1317        if (!vgic_node) {
1318                kvm_err("error: no compatible vgic node in DT\n");
1319                return -ENODEV;
1320        }
1321
1322        vgic_maint_irq = irq_of_parse_and_map(vgic_node, 0);
1323        if (!vgic_maint_irq) {
1324                kvm_err("error getting vgic maintenance irq from DT\n");
1325                ret = -ENXIO;
1326                goto out;
1327        }
1328
1329        ret = request_percpu_irq(vgic_maint_irq, vgic_maintenance_handler,
1330                                 "vgic", kvm_get_running_vcpus());
1331        if (ret) {
1332                kvm_err("Cannot register interrupt %d\n", vgic_maint_irq);
1333                goto out;
1334        }
1335
1336        ret = register_cpu_notifier(&vgic_cpu_nb);
1337        if (ret) {
1338                kvm_err("Cannot register vgic CPU notifier\n");
1339                goto out_free_irq;
1340        }
1341
1342        ret = of_address_to_resource(vgic_node, 2, &vctrl_res);
1343        if (ret) {
1344                kvm_err("Cannot obtain VCTRL resource\n");
1345                goto out_free_irq;
1346        }
1347
1348        vgic_vctrl_base = of_iomap(vgic_node, 2);
1349        if (!vgic_vctrl_base) {
1350                kvm_err("Cannot ioremap VCTRL\n");
1351                ret = -ENOMEM;
1352                goto out_free_irq;
1353        }
1354
1355        vgic_nr_lr = readl_relaxed(vgic_vctrl_base + GICH_VTR);
1356        vgic_nr_lr = (vgic_nr_lr & 0x3f) + 1;
1357
1358        ret = create_hyp_io_mappings(vgic_vctrl_base,
1359                                     vgic_vctrl_base + resource_size(&vctrl_res),
1360                                     vctrl_res.start);
1361        if (ret) {
1362                kvm_err("Cannot map VCTRL into hyp\n");
1363                goto out_unmap;
1364        }
1365
1366        kvm_info("%s@%llx IRQ%d\n", vgic_node->name,
1367                 vctrl_res.start, vgic_maint_irq);
1368        on_each_cpu(vgic_init_maintenance_interrupt, NULL, 1);
1369
1370        if (of_address_to_resource(vgic_node, 3, &vcpu_res)) {
1371                kvm_err("Cannot obtain VCPU resource\n");
1372                ret = -ENXIO;
1373                goto out_unmap;
1374        }
1375        vgic_vcpu_base = vcpu_res.start;
1376
1377        goto out;
1378
1379out_unmap:
1380        iounmap(vgic_vctrl_base);
1381out_free_irq:
1382        free_percpu_irq(vgic_maint_irq, kvm_get_running_vcpus());
1383out:
1384        of_node_put(vgic_node);
1385        return ret;
1386}
1387
1388int kvm_vgic_init(struct kvm *kvm)
1389{
1390        int ret = 0, i;
1391
1392        mutex_lock(&kvm->lock);
1393
1394        if (vgic_initialized(kvm))
1395                goto out;
1396
1397        if (IS_VGIC_ADDR_UNDEF(kvm->arch.vgic.vgic_dist_base) ||
1398            IS_VGIC_ADDR_UNDEF(kvm->arch.vgic.vgic_cpu_base)) {
1399                kvm_err("Need to set vgic cpu and dist addresses first\n");
1400                ret = -ENXIO;
1401                goto out;
1402        }
1403
1404        ret = kvm_phys_addr_ioremap(kvm, kvm->arch.vgic.vgic_cpu_base,
1405                                    vgic_vcpu_base, KVM_VGIC_V2_CPU_SIZE);
1406        if (ret) {
1407                kvm_err("Unable to remap VGIC CPU to VCPU\n");
1408                goto out;
1409        }
1410
1411        for (i = VGIC_NR_PRIVATE_IRQS; i < VGIC_NR_IRQS; i += 4)
1412                vgic_set_target_reg(kvm, 0, i);
1413
1414        kvm_timer_init(kvm);
1415        kvm->arch.vgic.ready = true;
1416out:
1417        mutex_unlock(&kvm->lock);
1418        return ret;
1419}
1420
1421int kvm_vgic_create(struct kvm *kvm)
1422{
1423        int ret = 0;
1424
1425        mutex_lock(&kvm->lock);
1426
1427        if (atomic_read(&kvm->online_vcpus) || kvm->arch.vgic.vctrl_base) {
1428                ret = -EEXIST;
1429                goto out;
1430        }
1431
1432        spin_lock_init(&kvm->arch.vgic.lock);
1433        kvm->arch.vgic.vctrl_base = vgic_vctrl_base;
1434        kvm->arch.vgic.vgic_dist_base = VGIC_ADDR_UNDEF;
1435        kvm->arch.vgic.vgic_cpu_base = VGIC_ADDR_UNDEF;
1436
1437out:
1438        mutex_unlock(&kvm->lock);
1439        return ret;
1440}
1441
1442static bool vgic_ioaddr_overlap(struct kvm *kvm)
1443{
1444        phys_addr_t dist = kvm->arch.vgic.vgic_dist_base;
1445        phys_addr_t cpu = kvm->arch.vgic.vgic_cpu_base;
1446
1447        if (IS_VGIC_ADDR_UNDEF(dist) || IS_VGIC_ADDR_UNDEF(cpu))
1448                return 0;
1449        if ((dist <= cpu && dist + KVM_VGIC_V2_DIST_SIZE > cpu) ||
1450            (cpu <= dist && cpu + KVM_VGIC_V2_CPU_SIZE > dist))
1451                return -EBUSY;
1452        return 0;
1453}
1454
1455static int vgic_ioaddr_assign(struct kvm *kvm, phys_addr_t *ioaddr,
1456                              phys_addr_t addr, phys_addr_t size)
1457{
1458        int ret;
1459
1460        if (!IS_VGIC_ADDR_UNDEF(*ioaddr))
1461                return -EEXIST;
1462        if (addr + size < addr)
1463                return -EINVAL;
1464
1465        ret = vgic_ioaddr_overlap(kvm);
1466        if (ret)
1467                return ret;
1468        *ioaddr = addr;
1469        return ret;
1470}
1471
1472int kvm_vgic_set_addr(struct kvm *kvm, unsigned long type, u64 addr)
1473{
1474        int r = 0;
1475        struct vgic_dist *vgic = &kvm->arch.vgic;
1476
1477        if (addr & ~KVM_PHYS_MASK)
1478                return -E2BIG;
1479
1480        if (addr & (SZ_4K - 1))
1481                return -EINVAL;
1482
1483        mutex_lock(&kvm->lock);
1484        switch (type) {
1485        case KVM_VGIC_V2_ADDR_TYPE_DIST:
1486                r = vgic_ioaddr_assign(kvm, &vgic->vgic_dist_base,
1487                                       addr, KVM_VGIC_V2_DIST_SIZE);
1488                break;
1489        case KVM_VGIC_V2_ADDR_TYPE_CPU:
1490                r = vgic_ioaddr_assign(kvm, &vgic->vgic_cpu_base,
1491                                       addr, KVM_VGIC_V2_CPU_SIZE);
1492                break;
1493        default:
1494                r = -ENODEV;
1495        }
1496
1497        mutex_unlock(&kvm->lock);
1498        return r;
1499}
1500