1 /*
2 * xen/arch/arm/gic-v3-its.c
3 *
4 * ARM GICv3 Interrupt Translation Service (ITS) support
5 *
6 * Copyright (C) 2016,2017 - ARM Ltd
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; under version 2 of the License.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <xen/acpi.h>
22 #include <xen/lib.h>
23 #include <xen/delay.h>
24 #include <xen/iocap.h>
25 #include <xen/libfdt/libfdt.h>
26 #include <xen/mm.h>
27 #include <xen/rbtree.h>
28 #include <xen/sched.h>
29 #include <xen/sizes.h>
30 #include <asm/gic.h>
31 #include <asm/gic_v3_defs.h>
32 #include <asm/gic_v3_its.h>
33 #include <asm/io.h>
34 #include <asm/page.h>
35
36 #define ITS_CMD_QUEUE_SZ SZ_1M
37
38 /*
39 * No lock here, as this list gets only populated upon boot while scanning
40 * firmware tables for all host ITSes, and only gets iterated afterwards.
41 */
42 LIST_HEAD(host_its_list);
43
44 /*
45 * Describes a device which is using the ITS and is used by a guest.
46 * Since device IDs are per ITS (in contrast to vLPIs, which are per
47 * guest), we have to differentiate between different virtual ITSes.
48 * We use the doorbell address here, since this is a nice architectural
49 * property of MSIs in general and we can easily get to the base address
50 * of the ITS and look that up.
51 */
52 struct its_device {
53 struct rb_node rbnode;
54 struct host_its *hw_its;
55 void *itt_addr;
56 paddr_t guest_doorbell; /* Identifies the virtual ITS */
57 uint32_t host_devid;
58 uint32_t guest_devid;
59 uint32_t eventids; /* Number of event IDs (MSIs) */
60 uint32_t *host_lpi_blocks; /* Which LPIs are used on the host */
61 struct pending_irq *pend_irqs; /* One struct per event */
62 };
63
gicv3_its_host_has_its(void)64 bool gicv3_its_host_has_its(void)
65 {
66 return !list_empty(&host_its_list);
67 }
68
69 #define BUFPTR_MASK GENMASK(19, 5)
its_send_command(struct host_its * hw_its,const void * its_cmd)70 static int its_send_command(struct host_its *hw_its, const void *its_cmd)
71 {
72 /*
73 * The command queue should actually never become full, if it does anyway
74 * and this situation is not resolved quickly, this points to a much
75 * bigger problem, probably an hardware error.
76 * So to cover the one-off case where we actually hit a full command
77 * queue, we introduce a small grace period to not give up too quickly.
78 * Given the usual multi-hundred MHz frequency the ITS usually runs with,
79 * one millisecond (for a single command) seem to be more than enough.
80 * But this value is rather arbitrarily chosen based on theoretical
81 * considerations.
82 */
83 s_time_t deadline = NOW() + MILLISECS(1);
84 uint64_t readp, writep;
85 int ret = -EBUSY;
86
87 /* No ITS commands from an interrupt handler (at the moment). */
88 ASSERT(!in_irq());
89
90 spin_lock(&hw_its->cmd_lock);
91
92 do {
93 readp = readq_relaxed(hw_its->its_base + GITS_CREADR) & BUFPTR_MASK;
94 writep = readq_relaxed(hw_its->its_base + GITS_CWRITER) & BUFPTR_MASK;
95
96 if ( ((writep + ITS_CMD_SIZE) % ITS_CMD_QUEUE_SZ) != readp )
97 {
98 ret = 0;
99 break;
100 }
101
102 /*
103 * If the command queue is full, wait for a bit in the hope it drains
104 * before giving up.
105 */
106 spin_unlock(&hw_its->cmd_lock);
107 cpu_relax();
108 udelay(1);
109 spin_lock(&hw_its->cmd_lock);
110 } while ( NOW() <= deadline );
111
112 if ( ret )
113 {
114 spin_unlock(&hw_its->cmd_lock);
115 if ( printk_ratelimit() )
116 printk(XENLOG_WARNING "host ITS: command queue full.\n");
117 return ret;
118 }
119
120 memcpy(hw_its->cmd_buf + writep, its_cmd, ITS_CMD_SIZE);
121 if ( hw_its->flags & HOST_ITS_FLUSH_CMD_QUEUE )
122 clean_and_invalidate_dcache_va_range(hw_its->cmd_buf + writep,
123 ITS_CMD_SIZE);
124 else
125 dsb(ishst);
126
127 writep = (writep + ITS_CMD_SIZE) % ITS_CMD_QUEUE_SZ;
128 writeq_relaxed(writep & BUFPTR_MASK, hw_its->its_base + GITS_CWRITER);
129
130 spin_unlock(&hw_its->cmd_lock);
131
132 return 0;
133 }
134
135 /* Wait for an ITS to finish processing all commands. */
gicv3_its_wait_commands(struct host_its * hw_its)136 static int gicv3_its_wait_commands(struct host_its *hw_its)
137 {
138 /*
139 * As there could be quite a number of commands in a queue, we will
140 * wait a bit longer than the one millisecond for a single command above.
141 * Again this value is based on theoretical considerations, actually the
142 * command queue should drain much faster.
143 */
144 s_time_t deadline = NOW() + MILLISECS(100);
145 uint64_t readp, writep;
146
147 do {
148 spin_lock(&hw_its->cmd_lock);
149 readp = readq_relaxed(hw_its->its_base + GITS_CREADR) & BUFPTR_MASK;
150 writep = readq_relaxed(hw_its->its_base + GITS_CWRITER) & BUFPTR_MASK;
151 spin_unlock(&hw_its->cmd_lock);
152
153 if ( readp == writep )
154 return 0;
155
156 cpu_relax();
157 udelay(1);
158 } while ( NOW() <= deadline );
159
160 return -ETIMEDOUT;
161 }
162
encode_rdbase(struct host_its * hw_its,unsigned int cpu,uint64_t reg)163 static uint64_t encode_rdbase(struct host_its *hw_its, unsigned int cpu,
164 uint64_t reg)
165 {
166 reg &= ~GENMASK(51, 16);
167
168 reg |= gicv3_get_redist_address(cpu, hw_its->flags & HOST_ITS_USES_PTA);
169
170 return reg;
171 }
172
its_send_cmd_sync(struct host_its * its,unsigned int cpu)173 static int its_send_cmd_sync(struct host_its *its, unsigned int cpu)
174 {
175 uint64_t cmd[4];
176
177 cmd[0] = GITS_CMD_SYNC;
178 cmd[1] = 0x00;
179 cmd[2] = encode_rdbase(its, cpu, 0x0);
180 cmd[3] = 0x00;
181
182 return its_send_command(its, cmd);
183 }
184
its_send_cmd_mapti(struct host_its * its,uint32_t deviceid,uint32_t eventid,uint32_t pintid,uint16_t icid)185 static int its_send_cmd_mapti(struct host_its *its,
186 uint32_t deviceid, uint32_t eventid,
187 uint32_t pintid, uint16_t icid)
188 {
189 uint64_t cmd[4];
190
191 cmd[0] = GITS_CMD_MAPTI | ((uint64_t)deviceid << 32);
192 cmd[1] = eventid | ((uint64_t)pintid << 32);
193 cmd[2] = icid;
194 cmd[3] = 0x00;
195
196 return its_send_command(its, cmd);
197 }
198
its_send_cmd_mapc(struct host_its * its,uint32_t collection_id,unsigned int cpu)199 static int its_send_cmd_mapc(struct host_its *its, uint32_t collection_id,
200 unsigned int cpu)
201 {
202 uint64_t cmd[4];
203
204 cmd[0] = GITS_CMD_MAPC;
205 cmd[1] = 0x00;
206 cmd[2] = encode_rdbase(its, cpu, collection_id);
207 cmd[2] |= GITS_VALID_BIT;
208 cmd[3] = 0x00;
209
210 return its_send_command(its, cmd);
211 }
212
its_send_cmd_mapd(struct host_its * its,uint32_t deviceid,uint8_t size_bits,paddr_t itt_addr,bool valid)213 static int its_send_cmd_mapd(struct host_its *its, uint32_t deviceid,
214 uint8_t size_bits, paddr_t itt_addr, bool valid)
215 {
216 uint64_t cmd[4];
217
218 if ( valid )
219 {
220 ASSERT(size_bits <= its->evid_bits);
221 ASSERT(size_bits > 0);
222 ASSERT(!(itt_addr & ~GENMASK(51, 8)));
223
224 /* The number of events is encoded as "number of bits minus one". */
225 size_bits--;
226 }
227 cmd[0] = GITS_CMD_MAPD | ((uint64_t)deviceid << 32);
228 cmd[1] = size_bits;
229 cmd[2] = itt_addr;
230 if ( valid )
231 cmd[2] |= GITS_VALID_BIT;
232 cmd[3] = 0x00;
233
234 return its_send_command(its, cmd);
235 }
236
its_send_cmd_inv(struct host_its * its,uint32_t deviceid,uint32_t eventid)237 static int its_send_cmd_inv(struct host_its *its,
238 uint32_t deviceid, uint32_t eventid)
239 {
240 uint64_t cmd[4];
241
242 cmd[0] = GITS_CMD_INV | ((uint64_t)deviceid << 32);
243 cmd[1] = eventid;
244 cmd[2] = 0x00;
245 cmd[3] = 0x00;
246
247 return its_send_command(its, cmd);
248 }
249
250 /* Set up the (1:1) collection mapping for the given host CPU. */
gicv3_its_setup_collection(unsigned int cpu)251 int gicv3_its_setup_collection(unsigned int cpu)
252 {
253 struct host_its *its;
254 int ret;
255
256 list_for_each_entry(its, &host_its_list, entry)
257 {
258 ret = its_send_cmd_mapc(its, cpu, cpu);
259 if ( ret )
260 return ret;
261
262 ret = its_send_cmd_sync(its, cpu);
263 if ( ret )
264 return ret;
265
266 ret = gicv3_its_wait_commands(its);
267 if ( ret )
268 return ret;
269 }
270
271 return 0;
272 }
273
274 #define BASER_ATTR_MASK \
275 ((0x3UL << GITS_BASER_SHAREABILITY_SHIFT) | \
276 (0x7UL << GITS_BASER_OUTER_CACHEABILITY_SHIFT) | \
277 (0x7UL << GITS_BASER_INNER_CACHEABILITY_SHIFT))
278 #define BASER_RO_MASK (GENMASK(58, 56) | GENMASK(52, 48))
279
280 /* Check that the physical address can be encoded in the PROPBASER register. */
check_baser_phys_addr(void * vaddr,unsigned int page_bits)281 static bool check_baser_phys_addr(void *vaddr, unsigned int page_bits)
282 {
283 paddr_t paddr = virt_to_maddr(vaddr);
284
285 return (!(paddr & ~GENMASK(page_bits < 16 ? 47 : 51, page_bits)));
286 }
287
encode_baser_phys_addr(paddr_t addr,unsigned int page_bits)288 static uint64_t encode_baser_phys_addr(paddr_t addr, unsigned int page_bits)
289 {
290 uint64_t ret = addr & GENMASK(47, page_bits);
291
292 if ( page_bits < 16 )
293 return ret;
294
295 /* For 64K pages address bits 51-48 are encoded in bits 15-12. */
296 return ret | ((addr & GENMASK(51, 48)) >> (48 - 12));
297 }
298
its_map_cbaser(struct host_its * its)299 static void *its_map_cbaser(struct host_its *its)
300 {
301 void __iomem *cbasereg = its->its_base + GITS_CBASER;
302 uint64_t reg;
303 void *buffer;
304
305 reg = GIC_BASER_InnerShareable << GITS_BASER_SHAREABILITY_SHIFT;
306 reg |= GIC_BASER_CACHE_SameAsInner << GITS_BASER_OUTER_CACHEABILITY_SHIFT;
307 reg |= GIC_BASER_CACHE_RaWaWb << GITS_BASER_INNER_CACHEABILITY_SHIFT;
308
309 buffer = _xzalloc(ITS_CMD_QUEUE_SZ, SZ_64K);
310 if ( !buffer )
311 return NULL;
312
313 if ( virt_to_maddr(buffer) & ~GENMASK(51, 12) )
314 {
315 xfree(buffer);
316 return NULL;
317 }
318
319 reg |= GITS_VALID_BIT | virt_to_maddr(buffer);
320 reg |= ((ITS_CMD_QUEUE_SZ / SZ_4K) - 1) & GITS_CBASER_SIZE_MASK;
321 writeq_relaxed(reg, cbasereg);
322 reg = readq_relaxed(cbasereg);
323
324 /* If the ITS dropped shareability, drop cacheability as well. */
325 if ( (reg & GITS_BASER_SHAREABILITY_MASK) == 0 )
326 {
327 reg &= ~GITS_BASER_INNER_CACHEABILITY_MASK;
328 writeq_relaxed(reg, cbasereg);
329 }
330
331 /*
332 * If the command queue memory is mapped as uncached, we need to flush
333 * it on every access.
334 */
335 if ( !(reg & GITS_BASER_INNER_CACHEABILITY_MASK) )
336 {
337 its->flags |= HOST_ITS_FLUSH_CMD_QUEUE;
338 printk(XENLOG_WARNING "using non-cacheable ITS command queue\n");
339 }
340
341 return buffer;
342 }
343
344 /* The ITS BASE registers work with page sizes of 4K, 16K or 64K. */
345 #define BASER_PAGE_BITS(sz) ((sz) * 2 + 12)
346
its_map_baser(void __iomem * basereg,uint64_t regc,unsigned int nr_items)347 static int its_map_baser(void __iomem *basereg, uint64_t regc,
348 unsigned int nr_items)
349 {
350 uint64_t attr, reg;
351 unsigned int entry_size = GITS_BASER_ENTRY_SIZE(regc);
352 unsigned int pagesz = 2; /* try 64K pages first, then go down. */
353 unsigned int table_size;
354 void *buffer;
355
356 attr = GIC_BASER_InnerShareable << GITS_BASER_SHAREABILITY_SHIFT;
357 attr |= GIC_BASER_CACHE_SameAsInner << GITS_BASER_OUTER_CACHEABILITY_SHIFT;
358 attr |= GIC_BASER_CACHE_RaWaWb << GITS_BASER_INNER_CACHEABILITY_SHIFT;
359
360 /*
361 * Setup the BASE register with the attributes that we like. Then read
362 * it back and see what sticks (page size, cacheability and shareability
363 * attributes), retrying if necessary.
364 */
365 retry:
366 table_size = ROUNDUP(nr_items * entry_size,
367 BIT(BASER_PAGE_BITS(pagesz), UL));
368 /* The BASE registers support at most 256 pages. */
369 table_size = min(table_size, 256U << BASER_PAGE_BITS(pagesz));
370
371 buffer = _xzalloc(table_size, BIT(BASER_PAGE_BITS(pagesz), UL));
372 if ( !buffer )
373 return -ENOMEM;
374
375 if ( !check_baser_phys_addr(buffer, BASER_PAGE_BITS(pagesz)) )
376 {
377 xfree(buffer);
378 return -ERANGE;
379 }
380
381 reg = attr;
382 reg |= (pagesz << GITS_BASER_PAGE_SIZE_SHIFT);
383 reg |= (table_size >> BASER_PAGE_BITS(pagesz)) - 1;
384 reg |= regc & BASER_RO_MASK;
385 reg |= GITS_VALID_BIT;
386 reg |= encode_baser_phys_addr(virt_to_maddr(buffer),
387 BASER_PAGE_BITS(pagesz));
388
389 writeq_relaxed(reg, basereg);
390 regc = readq_relaxed(basereg);
391
392 /* The host didn't like our attributes, just use what it returned. */
393 if ( (regc & BASER_ATTR_MASK) != attr )
394 {
395 /* If we can't map it shareable, drop cacheability as well. */
396 if ( (regc & GITS_BASER_SHAREABILITY_MASK) == GIC_BASER_NonShareable )
397 {
398 regc &= ~GITS_BASER_INNER_CACHEABILITY_MASK;
399 writeq_relaxed(regc, basereg);
400 }
401 attr = regc & BASER_ATTR_MASK;
402 }
403 if ( (regc & GITS_BASER_INNER_CACHEABILITY_MASK) <= GIC_BASER_CACHE_nC )
404 clean_and_invalidate_dcache_va_range(buffer, table_size);
405
406 /* If the host accepted our page size, we are done. */
407 if ( ((regc >> GITS_BASER_PAGE_SIZE_SHIFT) & 0x3UL) == pagesz )
408 return 0;
409
410 xfree(buffer);
411
412 if ( pagesz-- > 0 )
413 goto retry;
414
415 /* None of the page sizes was accepted, give up */
416 return -EINVAL;
417 }
418
419 /*
420 * Before an ITS gets initialized, it should be in a quiescent state, where
421 * all outstanding commands and transactions have finished.
422 * So if the ITS is already enabled, turn it off and wait for all outstanding
423 * operations to get processed by polling the QUIESCENT bit.
424 */
gicv3_disable_its(struct host_its * hw_its)425 static int gicv3_disable_its(struct host_its *hw_its)
426 {
427 uint32_t reg;
428 /*
429 * As we also need to wait for the command queue to drain, we use the same
430 * (arbitrary) timeout value as above for gicv3_its_wait_commands().
431 */
432 s_time_t deadline = NOW() + MILLISECS(100);
433
434 reg = readl_relaxed(hw_its->its_base + GITS_CTLR);
435 if ( !(reg & GITS_CTLR_ENABLE) && (reg & GITS_CTLR_QUIESCENT) )
436 return 0;
437
438 writel_relaxed(reg & ~GITS_CTLR_ENABLE, hw_its->its_base + GITS_CTLR);
439
440 do {
441 reg = readl_relaxed(hw_its->its_base + GITS_CTLR);
442 if ( reg & GITS_CTLR_QUIESCENT )
443 return 0;
444
445 cpu_relax();
446 udelay(1);
447 } while ( NOW() <= deadline );
448
449 printk(XENLOG_ERR "ITS@%lx not quiescent.\n", hw_its->addr);
450
451 return -ETIMEDOUT;
452 }
453
gicv3_its_init_single_its(struct host_its * hw_its)454 static int gicv3_its_init_single_its(struct host_its *hw_its)
455 {
456 uint64_t reg;
457 int i, ret;
458
459 hw_its->its_base = ioremap_nocache(hw_its->addr, hw_its->size);
460 if ( !hw_its->its_base )
461 return -ENOMEM;
462
463 ret = gicv3_disable_its(hw_its);
464 if ( ret )
465 return ret;
466
467 reg = readq_relaxed(hw_its->its_base + GITS_TYPER);
468 hw_its->devid_bits = GITS_TYPER_DEVICE_ID_BITS(reg);
469 hw_its->evid_bits = GITS_TYPER_EVENT_ID_BITS(reg);
470 hw_its->itte_size = GITS_TYPER_ITT_SIZE(reg);
471 if ( reg & GITS_TYPER_PTA )
472 hw_its->flags |= HOST_ITS_USES_PTA;
473 spin_lock_init(&hw_its->cmd_lock);
474
475 for ( i = 0; i < GITS_BASER_NR_REGS; i++ )
476 {
477 void __iomem *basereg = hw_its->its_base + GITS_BASER0 + i * 8;
478 unsigned int type;
479
480 reg = readq_relaxed(basereg);
481 type = (reg & GITS_BASER_TYPE_MASK) >> GITS_BASER_TYPE_SHIFT;
482 switch ( type )
483 {
484 case GITS_BASER_TYPE_NONE:
485 continue;
486 case GITS_BASER_TYPE_DEVICE:
487 ret = its_map_baser(basereg, reg, BIT(hw_its->devid_bits, UL));
488 if ( ret )
489 return ret;
490 break;
491 case GITS_BASER_TYPE_COLLECTION:
492 ret = its_map_baser(basereg, reg, num_possible_cpus());
493 if ( ret )
494 return ret;
495 break;
496 /* In case this is a GICv4, provide a (dummy) vPE table as well. */
497 case GITS_BASER_TYPE_VCPU:
498 ret = its_map_baser(basereg, reg, 1);
499 if ( ret )
500 return ret;
501 break;
502 default:
503 continue;
504 }
505 }
506
507 hw_its->cmd_buf = its_map_cbaser(hw_its);
508 if ( !hw_its->cmd_buf )
509 return -ENOMEM;
510 writeq_relaxed(0, hw_its->its_base + GITS_CWRITER);
511
512 /* Now enable interrupt translation and command processing on that ITS. */
513 reg = readl_relaxed(hw_its->its_base + GITS_CTLR);
514 writel_relaxed(reg | GITS_CTLR_ENABLE, hw_its->its_base + GITS_CTLR);
515
516 return 0;
517 }
518
519 /*
520 * TODO: Investigate the interaction when a guest removes a device while
521 * some LPIs are still in flight.
522 */
remove_mapped_guest_device(struct its_device * dev)523 static int remove_mapped_guest_device(struct its_device *dev)
524 {
525 int ret = 0;
526 unsigned int i;
527
528 if ( dev->hw_its )
529 /* MAPD also discards all events with this device ID. */
530 ret = its_send_cmd_mapd(dev->hw_its, dev->host_devid, 0, 0, false);
531
532 for ( i = 0; i < dev->eventids / LPI_BLOCK; i++ )
533 gicv3_free_host_lpi_block(dev->host_lpi_blocks[i]);
534
535 /* Make sure the MAPD command above is really executed. */
536 if ( !ret )
537 ret = gicv3_its_wait_commands(dev->hw_its);
538
539 /* This should never happen, but just in case ... */
540 if ( ret && printk_ratelimit() )
541 printk(XENLOG_WARNING "Can't unmap host ITS device 0x%x\n",
542 dev->host_devid);
543
544 xfree(dev->itt_addr);
545 xfree(dev->pend_irqs);
546 xfree(dev->host_lpi_blocks);
547 xfree(dev);
548
549 return 0;
550 }
551
gicv3_its_find_by_doorbell(paddr_t doorbell_address)552 static struct host_its *gicv3_its_find_by_doorbell(paddr_t doorbell_address)
553 {
554 struct host_its *hw_its;
555
556 list_for_each_entry(hw_its, &host_its_list, entry)
557 {
558 if ( hw_its->addr + ITS_DOORBELL_OFFSET == doorbell_address )
559 return hw_its;
560 }
561
562 return NULL;
563 }
564
compare_its_guest_devices(struct its_device * dev,paddr_t vdoorbell,uint32_t vdevid)565 static int compare_its_guest_devices(struct its_device *dev,
566 paddr_t vdoorbell, uint32_t vdevid)
567 {
568 if ( dev->guest_doorbell < vdoorbell )
569 return -1;
570
571 if ( dev->guest_doorbell > vdoorbell )
572 return 1;
573
574 if ( dev->guest_devid < vdevid )
575 return -1;
576
577 if ( dev->guest_devid > vdevid )
578 return 1;
579
580 return 0;
581 }
582
583 /*
584 * On the host ITS @its, map @nr_events consecutive LPIs.
585 * The mapping connects a device @devid and event @eventid pair to LPI @lpi,
586 * increasing both @eventid and @lpi to cover the number of requested LPIs.
587 */
gicv3_its_map_host_events(struct host_its * its,uint32_t devid,uint32_t eventid,uint32_t lpi,uint32_t nr_events)588 static int gicv3_its_map_host_events(struct host_its *its,
589 uint32_t devid, uint32_t eventid,
590 uint32_t lpi, uint32_t nr_events)
591 {
592 uint32_t i;
593 int ret;
594
595 for ( i = 0; i < nr_events; i++ )
596 {
597 /* For now we map every host LPI to host CPU 0 */
598 ret = its_send_cmd_mapti(its, devid, eventid + i, lpi + i, 0);
599 if ( ret )
600 return ret;
601
602 ret = its_send_cmd_inv(its, devid, eventid + i);
603 if ( ret )
604 return ret;
605 }
606
607 /* TODO: Consider using INVALL here. Didn't work on the model, though. */
608
609 ret = its_send_cmd_sync(its, 0);
610 if ( ret )
611 return ret;
612
613 return gicv3_its_wait_commands(its);
614 }
615
616 /*
617 * Map a hardware device, identified by a certain host ITS and its device ID
618 * to domain d, a guest ITS (identified by its doorbell address) and device ID.
619 * Also provide the number of events (MSIs) needed for that device.
620 * This does not check if this particular hardware device is already mapped
621 * at another domain, it is expected that this would be done by the caller.
622 */
gicv3_its_map_guest_device(struct domain * d,paddr_t host_doorbell,uint32_t host_devid,paddr_t guest_doorbell,uint32_t guest_devid,uint64_t nr_events,bool valid)623 int gicv3_its_map_guest_device(struct domain *d,
624 paddr_t host_doorbell, uint32_t host_devid,
625 paddr_t guest_doorbell, uint32_t guest_devid,
626 uint64_t nr_events, bool valid)
627 {
628 void *itt_addr = NULL;
629 struct host_its *hw_its;
630 struct its_device *dev = NULL;
631 struct rb_node **new = &d->arch.vgic.its_devices.rb_node, *parent = NULL;
632 int i, ret = -ENOENT; /* "i" must be signed to check for >= 0 below. */
633
634 hw_its = gicv3_its_find_by_doorbell(host_doorbell);
635 if ( !hw_its )
636 return ret;
637
638 /* Sanitise the provided hardware values against the host ITS. */
639 if ( host_devid >= BIT(hw_its->devid_bits, UL) )
640 return -EINVAL;
641
642 /*
643 * The ITS requires the number of events to be a power of 2. We allocate
644 * events and LPIs in chunks of LPI_BLOCK (=32), so make sure we
645 * allocate at least that many.
646 * TODO: Investigate if the number of events can be limited to smaller
647 * values if the guest does not require that many.
648 */
649 nr_events = BIT(fls(nr_events - 1), UL);
650 if ( nr_events < LPI_BLOCK )
651 nr_events = LPI_BLOCK;
652 if ( nr_events >= BIT(hw_its->evid_bits, UL) )
653 return -EINVAL;
654
655 /* check for already existing mappings */
656 spin_lock(&d->arch.vgic.its_devices_lock);
657 while ( *new )
658 {
659 struct its_device *temp;
660 int cmp;
661
662 temp = rb_entry(*new, struct its_device, rbnode);
663
664 parent = *new;
665 cmp = compare_its_guest_devices(temp, guest_doorbell, guest_devid);
666 if ( !cmp )
667 {
668 if ( !valid )
669 rb_erase(&temp->rbnode, &d->arch.vgic.its_devices);
670
671 spin_unlock(&d->arch.vgic.its_devices_lock);
672
673 if ( valid )
674 {
675 printk(XENLOG_G_WARNING "d%d tried to remap guest ITS device 0x%x to host device 0x%x\n",
676 d->domain_id, guest_devid, host_devid);
677 return -EBUSY;
678 }
679
680 return remove_mapped_guest_device(temp);
681 }
682
683 if ( cmp > 0 )
684 new = &((*new)->rb_left);
685 else
686 new = &((*new)->rb_right);
687 }
688
689 if ( !valid )
690 goto out_unlock;
691
692 ret = -ENOMEM;
693
694 /* An Interrupt Translation Table needs to be 256-byte aligned. */
695 itt_addr = _xzalloc(nr_events * hw_its->itte_size, 256);
696 if ( !itt_addr )
697 goto out_unlock;
698
699 dev = xzalloc(struct its_device);
700 if ( !dev )
701 goto out_unlock;
702
703 /*
704 * Allocate the pending_irqs for each virtual LPI. They will be put
705 * into the domain's radix tree upon the guest's MAPTI command.
706 * Pre-allocating memory for each *possible* LPI would be using way
707 * too much memory (they can be sparsely used by the guest), also
708 * allocating them on demand requires memory allocation in the interrupt
709 * injection code path, which is not really desired.
710 * So we compromise here by pre-allocating memory for each possible event
711 * up to the max specified by MAPD.
712 * See the mailing list discussion for some background:
713 * https://lists.xen.org/archives/html/xen-devel/2017-03/msg03645.html
714 */
715 dev->pend_irqs = xzalloc_array(struct pending_irq, nr_events);
716 if ( !dev->pend_irqs )
717 goto out_unlock;
718
719 dev->host_lpi_blocks = xzalloc_array(uint32_t, nr_events);
720 if ( !dev->host_lpi_blocks )
721 goto out_unlock;
722
723 ret = its_send_cmd_mapd(hw_its, host_devid, fls(nr_events - 1),
724 virt_to_maddr(itt_addr), true);
725 if ( ret )
726 goto out_unlock;
727
728 dev->itt_addr = itt_addr;
729 dev->hw_its = hw_its;
730 dev->guest_doorbell = guest_doorbell;
731 dev->guest_devid = guest_devid;
732 dev->host_devid = host_devid;
733 dev->eventids = nr_events;
734
735 rb_link_node(&dev->rbnode, parent, new);
736 rb_insert_color(&dev->rbnode, &d->arch.vgic.its_devices);
737
738 spin_unlock(&d->arch.vgic.its_devices_lock);
739
740 /*
741 * Map all host LPIs within this device already. We can't afford to queue
742 * any host ITS commands later on during the guest's runtime.
743 */
744 for ( i = 0; i < nr_events / LPI_BLOCK; i++ )
745 {
746 ret = gicv3_allocate_host_lpi_block(d, &dev->host_lpi_blocks[i]);
747 if ( ret < 0 )
748 break;
749
750 ret = gicv3_its_map_host_events(hw_its, host_devid, i * LPI_BLOCK,
751 dev->host_lpi_blocks[i], LPI_BLOCK);
752 if ( ret < 0 )
753 break;
754 }
755
756 if ( ret )
757 {
758 /* Clean up all allocated host LPI blocks. */
759 for ( ; i >= 0; i-- )
760 {
761 if ( dev->host_lpi_blocks[i] )
762 gicv3_free_host_lpi_block(dev->host_lpi_blocks[i]);
763 }
764
765 /*
766 * Unmapping the device will discard all LPIs mapped so far.
767 * We are already on the failing path, so no error checking to
768 * not mask the original error value. This should never fail anyway.
769 */
770 its_send_cmd_mapd(hw_its, host_devid, 0, 0, false);
771
772 goto out;
773 }
774
775 return 0;
776
777 out_unlock:
778 spin_unlock(&d->arch.vgic.its_devices_lock);
779
780 out:
781 if ( dev )
782 {
783 xfree(dev->pend_irqs);
784 xfree(dev->host_lpi_blocks);
785 }
786 xfree(itt_addr);
787 xfree(dev);
788
789 return ret;
790 }
791
792 /* Must be called with the its_device_lock held. */
get_its_device(struct domain * d,paddr_t vdoorbell,uint32_t vdevid)793 static struct its_device *get_its_device(struct domain *d, paddr_t vdoorbell,
794 uint32_t vdevid)
795 {
796 struct rb_node *node = d->arch.vgic.its_devices.rb_node;
797 struct its_device *dev;
798
799 ASSERT(spin_is_locked(&d->arch.vgic.its_devices_lock));
800
801 while (node)
802 {
803 int cmp;
804
805 dev = rb_entry(node, struct its_device, rbnode);
806 cmp = compare_its_guest_devices(dev, vdoorbell, vdevid);
807
808 if ( !cmp )
809 return dev;
810
811 if ( cmp > 0 )
812 node = node->rb_left;
813 else
814 node = node->rb_right;
815 }
816
817 return NULL;
818 }
819
get_event_pending_irq(struct domain * d,paddr_t vdoorbell_address,uint32_t vdevid,uint32_t eventid,uint32_t * host_lpi)820 static struct pending_irq *get_event_pending_irq(struct domain *d,
821 paddr_t vdoorbell_address,
822 uint32_t vdevid,
823 uint32_t eventid,
824 uint32_t *host_lpi)
825 {
826 struct its_device *dev;
827 struct pending_irq *pirq = NULL;
828
829 spin_lock(&d->arch.vgic.its_devices_lock);
830 dev = get_its_device(d, vdoorbell_address, vdevid);
831 if ( dev && eventid < dev->eventids )
832 {
833 pirq = &dev->pend_irqs[eventid];
834 if ( host_lpi )
835 *host_lpi = dev->host_lpi_blocks[eventid / LPI_BLOCK] +
836 (eventid % LPI_BLOCK);
837 }
838 spin_unlock(&d->arch.vgic.its_devices_lock);
839
840 return pirq;
841 }
842
gicv3_its_get_event_pending_irq(struct domain * d,paddr_t vdoorbell_address,uint32_t vdevid,uint32_t eventid)843 struct pending_irq *gicv3_its_get_event_pending_irq(struct domain *d,
844 paddr_t vdoorbell_address,
845 uint32_t vdevid,
846 uint32_t eventid)
847 {
848 return get_event_pending_irq(d, vdoorbell_address, vdevid, eventid, NULL);
849 }
850
gicv3_remove_guest_event(struct domain * d,paddr_t vdoorbell_address,uint32_t vdevid,uint32_t eventid)851 int gicv3_remove_guest_event(struct domain *d, paddr_t vdoorbell_address,
852 uint32_t vdevid, uint32_t eventid)
853 {
854 uint32_t host_lpi = INVALID_LPI;
855
856 if ( !get_event_pending_irq(d, vdoorbell_address, vdevid, eventid,
857 &host_lpi) )
858 return -EINVAL;
859
860 if ( host_lpi == INVALID_LPI )
861 return -EINVAL;
862
863 gicv3_lpi_update_host_entry(host_lpi, d->domain_id, INVALID_LPI);
864
865 return 0;
866 }
867
868 /*
869 * Connects the event ID for an already assigned device to the given VCPU/vLPI
870 * pair. The corresponding physical LPI is already mapped on the host side
871 * (when assigning the physical device to the guest), so we just connect the
872 * target VCPU/vLPI pair to that interrupt to inject it properly if it fires.
873 * Returns a pointer to the already allocated struct pending_irq that is
874 * meant to be used by that event.
875 */
gicv3_assign_guest_event(struct domain * d,paddr_t vdoorbell_address,uint32_t vdevid,uint32_t eventid,uint32_t virt_lpi)876 struct pending_irq *gicv3_assign_guest_event(struct domain *d,
877 paddr_t vdoorbell_address,
878 uint32_t vdevid, uint32_t eventid,
879 uint32_t virt_lpi)
880 {
881 struct pending_irq *pirq;
882 uint32_t host_lpi = INVALID_LPI;
883
884 pirq = get_event_pending_irq(d, vdoorbell_address, vdevid, eventid,
885 &host_lpi);
886
887 if ( !pirq )
888 return NULL;
889
890 gicv3_lpi_update_host_entry(host_lpi, d->domain_id, virt_lpi);
891
892 return pirq;
893 }
894
gicv3_its_deny_access(const struct domain * d)895 int gicv3_its_deny_access(const struct domain *d)
896 {
897 int rc = 0;
898 unsigned long mfn, nr;
899 const struct host_its *its_data;
900
901 list_for_each_entry( its_data, &host_its_list, entry )
902 {
903 mfn = paddr_to_pfn(its_data->addr);
904 nr = PFN_UP(its_data->size);
905 rc = iomem_deny_access(d, mfn, mfn + nr);
906 if ( rc )
907 {
908 printk("iomem_deny_access failed for %lx:%lx \r\n", mfn, nr);
909 break;
910 }
911 }
912
913 return rc;
914 }
915
916 /*
917 * Create the respective guest DT nodes from a list of host ITSes.
918 * This copies the reg property, so the guest sees the ITS at the same address
919 * as the host.
920 */
gicv3_its_make_hwdom_dt_nodes(const struct domain * d,const struct dt_device_node * gic,void * fdt)921 int gicv3_its_make_hwdom_dt_nodes(const struct domain *d,
922 const struct dt_device_node *gic,
923 void *fdt)
924 {
925 uint32_t len;
926 int res;
927 const void *prop = NULL;
928 const struct dt_device_node *its = NULL;
929 const struct host_its *its_data;
930
931 if ( list_empty(&host_its_list) )
932 return 0;
933
934 /* The sub-nodes require the ranges property */
935 prop = dt_get_property(gic, "ranges", &len);
936 if ( !prop )
937 {
938 printk(XENLOG_ERR "Can't find ranges property for the gic node\n");
939 return -FDT_ERR_XEN(ENOENT);
940 }
941
942 res = fdt_property(fdt, "ranges", prop, len);
943 if ( res )
944 return res;
945
946 list_for_each_entry(its_data, &host_its_list, entry)
947 {
948 its = its_data->dt_node;
949
950 res = fdt_begin_node(fdt, its->name);
951 if ( res )
952 return res;
953
954 res = fdt_property_string(fdt, "compatible", "arm,gic-v3-its");
955 if ( res )
956 return res;
957
958 res = fdt_property(fdt, "msi-controller", NULL, 0);
959 if ( res )
960 return res;
961
962 if ( its->phandle )
963 {
964 res = fdt_property_cell(fdt, "phandle", its->phandle);
965 if ( res )
966 return res;
967 }
968
969 /* Use the same reg regions as the ITS node in host DTB. */
970 prop = dt_get_property(its, "reg", &len);
971 if ( !prop )
972 {
973 printk(XENLOG_ERR "GICv3: Can't find ITS reg property.\n");
974 res = -FDT_ERR_XEN(ENOENT);
975 return res;
976 }
977
978 res = fdt_property(fdt, "reg", prop, len);
979 if ( res )
980 return res;
981
982 fdt_end_node(fdt);
983 }
984
985 return res;
986 }
987
988 /* Common function for adding to host_its_list */
add_to_host_its_list(paddr_t addr,paddr_t size,const struct dt_device_node * node)989 static void add_to_host_its_list(paddr_t addr, paddr_t size,
990 const struct dt_device_node *node)
991 {
992 struct host_its *its_data;
993
994 its_data = xzalloc(struct host_its);
995 if ( !its_data )
996 panic("GICv3: Cannot allocate memory for ITS frame\n");
997
998 its_data->addr = addr;
999 its_data->size = size;
1000 its_data->dt_node = node;
1001
1002 printk("GICv3: Found ITS @0x%lx\n", addr);
1003
1004 list_add_tail(&its_data->entry, &host_its_list);
1005 }
1006
1007 /* Scan the DT for any ITS nodes and create a list of host ITSes out of it. */
gicv3_its_dt_init(const struct dt_device_node * node)1008 static void gicv3_its_dt_init(const struct dt_device_node *node)
1009 {
1010 const struct dt_device_node *its = NULL;
1011
1012 /*
1013 * Check for ITS MSI subnodes. If any, add the ITS register
1014 * frames to the ITS list.
1015 */
1016 dt_for_each_child_node(node, its)
1017 {
1018 uint64_t addr, size;
1019
1020 if ( !dt_device_is_compatible(its, "arm,gic-v3-its") )
1021 continue;
1022
1023 if ( dt_device_get_address(its, 0, &addr, &size) )
1024 panic("GICv3: Cannot find a valid ITS frame address\n");
1025
1026 add_to_host_its_list(addr, size, its);
1027 }
1028 }
1029
1030 #ifdef CONFIG_ACPI
gicv3_its_acpi_probe(struct acpi_subtable_header * header,const unsigned long end)1031 static int gicv3_its_acpi_probe(struct acpi_subtable_header *header,
1032 const unsigned long end)
1033 {
1034 struct acpi_madt_generic_translator *its;
1035
1036 its = (struct acpi_madt_generic_translator *)header;
1037 if ( BAD_MADT_ENTRY(its, end) )
1038 return -EINVAL;
1039
1040 add_to_host_its_list(its->base_address, GICV3_ITS_SIZE, NULL);
1041
1042 return 0;
1043 }
1044
gicv3_its_acpi_init(void)1045 static void gicv3_its_acpi_init(void)
1046 {
1047 /* Parse ITS information */
1048 acpi_table_parse_madt(ACPI_MADT_TYPE_GENERIC_TRANSLATOR,
1049 gicv3_its_acpi_probe, 0);
1050 }
1051
gicv3_its_make_hwdom_madt(const struct domain * d,void * base_ptr)1052 unsigned long gicv3_its_make_hwdom_madt(const struct domain *d, void *base_ptr)
1053 {
1054 unsigned int i;
1055 void *fw_its;
1056 struct acpi_madt_generic_translator *hwdom_its;
1057
1058 hwdom_its = base_ptr;
1059
1060 for ( i = 0; i < vgic_v3_its_count(d); i++ )
1061 {
1062 fw_its = acpi_table_get_entry_madt(ACPI_MADT_TYPE_GENERIC_TRANSLATOR,
1063 i);
1064 memcpy(hwdom_its, fw_its, sizeof(struct acpi_madt_generic_translator));
1065 hwdom_its++;
1066 }
1067
1068 return sizeof(struct acpi_madt_generic_translator) * vgic_v3_its_count(d);
1069 }
1070 #else /* !CONFIG_ACPI */
1071
gicv3_its_acpi_init(void)1072 static void gicv3_its_acpi_init(void)
1073 {
1074 ASSERT_UNREACHABLE();
1075 }
1076
1077 #endif
1078
gicv3_its_init(void)1079 int gicv3_its_init(void)
1080 {
1081 struct host_its *hw_its;
1082 int ret;
1083
1084 if ( acpi_disabled )
1085 gicv3_its_dt_init(dt_interrupt_controller);
1086 else
1087 gicv3_its_acpi_init();
1088
1089 list_for_each_entry(hw_its, &host_its_list, entry)
1090 {
1091 ret = gicv3_its_init_single_its(hw_its);
1092 if ( ret )
1093 return ret;
1094 }
1095
1096 return 0;
1097 }
1098
1099
1100 /*
1101 * Local variables:
1102 * mode: C
1103 * c-file-style: "BSD"
1104 * c-basic-offset: 4
1105 * indent-tabs-mode: nil
1106 * End:
1107 */
1108