1 /*
2 * xen/arch/arm/gic-v3-its.c
3 *
4 * ARM GICv3 Interrupt Translation Service (ITS) support
5 *
6 * Copyright (C) 2016,2017 - ARM Ltd
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; under version 2 of the License.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <xen/acpi.h>
22 #include <xen/lib.h>
23 #include <xen/delay.h>
24 #include <xen/iocap.h>
25 #include <xen/libfdt/libfdt.h>
26 #include <xen/mm.h>
27 #include <xen/rbtree.h>
28 #include <xen/sched.h>
29 #include <xen/sizes.h>
30 #include <asm/gic.h>
31 #include <asm/gic_v3_defs.h>
32 #include <asm/gic_v3_its.h>
33 #include <asm/io.h>
34 #include <asm/page.h>
35
36 #define ITS_CMD_QUEUE_SZ SZ_1M
37
38 /*
39 * No lock here, as this list gets only populated upon boot while scanning
40 * firmware tables for all host ITSes, and only gets iterated afterwards.
41 */
42 LIST_HEAD(host_its_list);
43
44 /*
45 * Describes a device which is using the ITS and is used by a guest.
46 * Since device IDs are per ITS (in contrast to vLPIs, which are per
47 * guest), we have to differentiate between different virtual ITSes.
48 * We use the doorbell address here, since this is a nice architectural
49 * property of MSIs in general and we can easily get to the base address
50 * of the ITS and look that up.
51 */
52 struct its_device {
53 struct rb_node rbnode;
54 struct host_its *hw_its;
55 void *itt_addr;
56 paddr_t guest_doorbell; /* Identifies the virtual ITS */
57 uint32_t host_devid;
58 uint32_t guest_devid;
59 uint32_t eventids; /* Number of event IDs (MSIs) */
60 uint32_t *host_lpi_blocks; /* Which LPIs are used on the host */
61 struct pending_irq *pend_irqs; /* One struct per event */
62 };
63
gicv3_its_host_has_its(void)64 bool gicv3_its_host_has_its(void)
65 {
66 return !list_empty(&host_its_list);
67 }
68
69 #define BUFPTR_MASK GENMASK(19, 5)
its_send_command(struct host_its * hw_its,const void * its_cmd)70 static int its_send_command(struct host_its *hw_its, const void *its_cmd)
71 {
72 /*
73 * The command queue should actually never become full, if it does anyway
74 * and this situation is not resolved quickly, this points to a much
75 * bigger problem, probably an hardware error.
76 * So to cover the one-off case where we actually hit a full command
77 * queue, we introduce a small grace period to not give up too quickly.
78 * Given the usual multi-hundred MHz frequency the ITS usually runs with,
79 * one millisecond (for a single command) seem to be more than enough.
80 * But this value is rather arbitrarily chosen based on theoretical
81 * considerations.
82 */
83 s_time_t deadline = NOW() + MILLISECS(1);
84 uint64_t readp, writep;
85 int ret = -EBUSY;
86
87 /* No ITS commands from an interrupt handler (at the moment). */
88 ASSERT(!in_irq());
89
90 spin_lock(&hw_its->cmd_lock);
91
92 do {
93 readp = readq_relaxed(hw_its->its_base + GITS_CREADR) & BUFPTR_MASK;
94 writep = readq_relaxed(hw_its->its_base + GITS_CWRITER) & BUFPTR_MASK;
95
96 if ( ((writep + ITS_CMD_SIZE) % ITS_CMD_QUEUE_SZ) != readp )
97 {
98 ret = 0;
99 break;
100 }
101
102 /*
103 * If the command queue is full, wait for a bit in the hope it drains
104 * before giving up.
105 */
106 spin_unlock(&hw_its->cmd_lock);
107 cpu_relax();
108 udelay(1);
109 spin_lock(&hw_its->cmd_lock);
110 } while ( NOW() <= deadline );
111
112 if ( ret )
113 {
114 spin_unlock(&hw_its->cmd_lock);
115 if ( printk_ratelimit() )
116 printk(XENLOG_WARNING "host ITS: command queue full.\n");
117 return ret;
118 }
119
120 memcpy(hw_its->cmd_buf + writep, its_cmd, ITS_CMD_SIZE);
121 if ( hw_its->flags & HOST_ITS_FLUSH_CMD_QUEUE )
122 clean_and_invalidate_dcache_va_range(hw_its->cmd_buf + writep,
123 ITS_CMD_SIZE);
124 else
125 dsb(ishst);
126
127 writep = (writep + ITS_CMD_SIZE) % ITS_CMD_QUEUE_SZ;
128 writeq_relaxed(writep & BUFPTR_MASK, hw_its->its_base + GITS_CWRITER);
129
130 spin_unlock(&hw_its->cmd_lock);
131
132 return 0;
133 }
134
135 /* Wait for an ITS to finish processing all commands. */
gicv3_its_wait_commands(struct host_its * hw_its)136 static int gicv3_its_wait_commands(struct host_its *hw_its)
137 {
138 /*
139 * As there could be quite a number of commands in a queue, we will
140 * wait a bit longer than the one millisecond for a single command above.
141 * Again this value is based on theoretical considerations, actually the
142 * command queue should drain much faster.
143 */
144 s_time_t deadline = NOW() + MILLISECS(100);
145 uint64_t readp, writep;
146
147 do {
148 spin_lock(&hw_its->cmd_lock);
149 readp = readq_relaxed(hw_its->its_base + GITS_CREADR) & BUFPTR_MASK;
150 writep = readq_relaxed(hw_its->its_base + GITS_CWRITER) & BUFPTR_MASK;
151 spin_unlock(&hw_its->cmd_lock);
152
153 if ( readp == writep )
154 return 0;
155
156 cpu_relax();
157 udelay(1);
158 } while ( NOW() <= deadline );
159
160 return -ETIMEDOUT;
161 }
162
encode_rdbase(struct host_its * hw_its,unsigned int cpu,uint64_t reg)163 static uint64_t encode_rdbase(struct host_its *hw_its, unsigned int cpu,
164 uint64_t reg)
165 {
166 reg &= ~GENMASK(51, 16);
167
168 reg |= gicv3_get_redist_address(cpu, hw_its->flags & HOST_ITS_USES_PTA);
169
170 return reg;
171 }
172
its_send_cmd_sync(struct host_its * its,unsigned int cpu)173 static int its_send_cmd_sync(struct host_its *its, unsigned int cpu)
174 {
175 uint64_t cmd[4];
176
177 cmd[0] = GITS_CMD_SYNC;
178 cmd[1] = 0x00;
179 cmd[2] = encode_rdbase(its, cpu, 0x0);
180 cmd[3] = 0x00;
181
182 return its_send_command(its, cmd);
183 }
184
its_send_cmd_mapti(struct host_its * its,uint32_t deviceid,uint32_t eventid,uint32_t pintid,uint16_t icid)185 static int its_send_cmd_mapti(struct host_its *its,
186 uint32_t deviceid, uint32_t eventid,
187 uint32_t pintid, uint16_t icid)
188 {
189 uint64_t cmd[4];
190
191 cmd[0] = GITS_CMD_MAPTI | ((uint64_t)deviceid << 32);
192 cmd[1] = eventid | ((uint64_t)pintid << 32);
193 cmd[2] = icid;
194 cmd[3] = 0x00;
195
196 return its_send_command(its, cmd);
197 }
198
its_send_cmd_mapc(struct host_its * its,uint32_t collection_id,unsigned int cpu)199 static int its_send_cmd_mapc(struct host_its *its, uint32_t collection_id,
200 unsigned int cpu)
201 {
202 uint64_t cmd[4];
203
204 cmd[0] = GITS_CMD_MAPC;
205 cmd[1] = 0x00;
206 cmd[2] = encode_rdbase(its, cpu, collection_id);
207 cmd[2] |= GITS_VALID_BIT;
208 cmd[3] = 0x00;
209
210 return its_send_command(its, cmd);
211 }
212
its_send_cmd_mapd(struct host_its * its,uint32_t deviceid,uint8_t size_bits,paddr_t itt_addr,bool valid)213 static int its_send_cmd_mapd(struct host_its *its, uint32_t deviceid,
214 uint8_t size_bits, paddr_t itt_addr, bool valid)
215 {
216 uint64_t cmd[4];
217
218 if ( valid )
219 {
220 ASSERT(size_bits <= its->evid_bits);
221 ASSERT(size_bits > 0);
222 ASSERT(!(itt_addr & ~GENMASK(51, 8)));
223
224 /* The number of events is encoded as "number of bits minus one". */
225 size_bits--;
226 }
227 cmd[0] = GITS_CMD_MAPD | ((uint64_t)deviceid << 32);
228 cmd[1] = size_bits;
229 cmd[2] = itt_addr;
230 if ( valid )
231 cmd[2] |= GITS_VALID_BIT;
232 cmd[3] = 0x00;
233
234 return its_send_command(its, cmd);
235 }
236
its_send_cmd_inv(struct host_its * its,uint32_t deviceid,uint32_t eventid)237 static int its_send_cmd_inv(struct host_its *its,
238 uint32_t deviceid, uint32_t eventid)
239 {
240 uint64_t cmd[4];
241
242 cmd[0] = GITS_CMD_INV | ((uint64_t)deviceid << 32);
243 cmd[1] = eventid;
244 cmd[2] = 0x00;
245 cmd[3] = 0x00;
246
247 return its_send_command(its, cmd);
248 }
249
250 /* Set up the (1:1) collection mapping for the given host CPU. */
gicv3_its_setup_collection(unsigned int cpu)251 int gicv3_its_setup_collection(unsigned int cpu)
252 {
253 struct host_its *its;
254 int ret;
255
256 list_for_each_entry(its, &host_its_list, entry)
257 {
258 ret = its_send_cmd_mapc(its, cpu, cpu);
259 if ( ret )
260 return ret;
261
262 ret = its_send_cmd_sync(its, cpu);
263 if ( ret )
264 return ret;
265
266 ret = gicv3_its_wait_commands(its);
267 if ( ret )
268 return ret;
269 }
270
271 return 0;
272 }
273
274 #define BASER_ATTR_MASK \
275 ((0x3UL << GITS_BASER_SHAREABILITY_SHIFT) | \
276 (0x7UL << GITS_BASER_OUTER_CACHEABILITY_SHIFT) | \
277 (0x7UL << GITS_BASER_INNER_CACHEABILITY_SHIFT))
278 #define BASER_RO_MASK (GENMASK(58, 56) | GENMASK(52, 48))
279
280 /* Check that the physical address can be encoded in the PROPBASER register. */
check_baser_phys_addr(void * vaddr,unsigned int page_bits)281 static bool check_baser_phys_addr(void *vaddr, unsigned int page_bits)
282 {
283 paddr_t paddr = virt_to_maddr(vaddr);
284
285 return (!(paddr & ~GENMASK(page_bits < 16 ? 47 : 51, page_bits)));
286 }
287
encode_baser_phys_addr(paddr_t addr,unsigned int page_bits)288 static uint64_t encode_baser_phys_addr(paddr_t addr, unsigned int page_bits)
289 {
290 uint64_t ret = addr & GENMASK(47, page_bits);
291
292 if ( page_bits < 16 )
293 return ret;
294
295 /* For 64K pages address bits 51-48 are encoded in bits 15-12. */
296 return ret | ((addr & GENMASK(51, 48)) >> (48 - 12));
297 }
298
its_map_cbaser(struct host_its * its)299 static void *its_map_cbaser(struct host_its *its)
300 {
301 void __iomem *cbasereg = its->its_base + GITS_CBASER;
302 uint64_t reg;
303 void *buffer;
304
305 reg = GIC_BASER_InnerShareable << GITS_BASER_SHAREABILITY_SHIFT;
306 reg |= GIC_BASER_CACHE_SameAsInner << GITS_BASER_OUTER_CACHEABILITY_SHIFT;
307 reg |= GIC_BASER_CACHE_RaWaWb << GITS_BASER_INNER_CACHEABILITY_SHIFT;
308
309 buffer = _xzalloc(ITS_CMD_QUEUE_SZ, SZ_64K);
310 if ( !buffer )
311 return NULL;
312
313 if ( virt_to_maddr(buffer) & ~GENMASK(51, 12) )
314 {
315 xfree(buffer);
316 return NULL;
317 }
318
319 reg |= GITS_VALID_BIT | virt_to_maddr(buffer);
320 reg |= ((ITS_CMD_QUEUE_SZ / SZ_4K) - 1) & GITS_CBASER_SIZE_MASK;
321 writeq_relaxed(reg, cbasereg);
322 reg = readq_relaxed(cbasereg);
323
324 /* If the ITS dropped shareability, drop cacheability as well. */
325 if ( (reg & GITS_BASER_SHAREABILITY_MASK) == 0 )
326 {
327 reg &= ~GITS_BASER_INNER_CACHEABILITY_MASK;
328 writeq_relaxed(reg, cbasereg);
329 }
330
331 /*
332 * If the command queue memory is mapped as uncached, we need to flush
333 * it on every access.
334 */
335 if ( !(reg & GITS_BASER_INNER_CACHEABILITY_MASK) )
336 {
337 its->flags |= HOST_ITS_FLUSH_CMD_QUEUE;
338 printk(XENLOG_WARNING "using non-cacheable ITS command queue\n");
339 }
340
341 return buffer;
342 }
343
344 /* The ITS BASE registers work with page sizes of 4K, 16K or 64K. */
345 #define BASER_PAGE_BITS(sz) ((sz) * 2 + 12)
346
its_map_baser(void __iomem * basereg,uint64_t regc,unsigned int nr_items)347 static int its_map_baser(void __iomem *basereg, uint64_t regc,
348 unsigned int nr_items)
349 {
350 uint64_t attr, reg;
351 unsigned int entry_size = GITS_BASER_ENTRY_SIZE(regc);
352 unsigned int pagesz = 2; /* try 64K pages first, then go down. */
353 unsigned int table_size;
354 void *buffer;
355
356 attr = GIC_BASER_InnerShareable << GITS_BASER_SHAREABILITY_SHIFT;
357 attr |= GIC_BASER_CACHE_SameAsInner << GITS_BASER_OUTER_CACHEABILITY_SHIFT;
358 attr |= GIC_BASER_CACHE_RaWaWb << GITS_BASER_INNER_CACHEABILITY_SHIFT;
359
360 /*
361 * Setup the BASE register with the attributes that we like. Then read
362 * it back and see what sticks (page size, cacheability and shareability
363 * attributes), retrying if necessary.
364 */
365 retry:
366 table_size = ROUNDUP(nr_items * entry_size, BIT(BASER_PAGE_BITS(pagesz)));
367 /* The BASE registers support at most 256 pages. */
368 table_size = min(table_size, 256U << BASER_PAGE_BITS(pagesz));
369
370 buffer = _xzalloc(table_size, BIT(BASER_PAGE_BITS(pagesz)));
371 if ( !buffer )
372 return -ENOMEM;
373
374 if ( !check_baser_phys_addr(buffer, BASER_PAGE_BITS(pagesz)) )
375 {
376 xfree(buffer);
377 return -ERANGE;
378 }
379
380 reg = attr;
381 reg |= (pagesz << GITS_BASER_PAGE_SIZE_SHIFT);
382 reg |= (table_size >> BASER_PAGE_BITS(pagesz)) - 1;
383 reg |= regc & BASER_RO_MASK;
384 reg |= GITS_VALID_BIT;
385 reg |= encode_baser_phys_addr(virt_to_maddr(buffer),
386 BASER_PAGE_BITS(pagesz));
387
388 writeq_relaxed(reg, basereg);
389 regc = readq_relaxed(basereg);
390
391 /* The host didn't like our attributes, just use what it returned. */
392 if ( (regc & BASER_ATTR_MASK) != attr )
393 {
394 /* If we can't map it shareable, drop cacheability as well. */
395 if ( (regc & GITS_BASER_SHAREABILITY_MASK) == GIC_BASER_NonShareable )
396 {
397 regc &= ~GITS_BASER_INNER_CACHEABILITY_MASK;
398 writeq_relaxed(regc, basereg);
399 }
400 attr = regc & BASER_ATTR_MASK;
401 }
402 if ( (regc & GITS_BASER_INNER_CACHEABILITY_MASK) <= GIC_BASER_CACHE_nC )
403 clean_and_invalidate_dcache_va_range(buffer, table_size);
404
405 /* If the host accepted our page size, we are done. */
406 if ( ((regc >> GITS_BASER_PAGE_SIZE_SHIFT) & 0x3UL) == pagesz )
407 return 0;
408
409 xfree(buffer);
410
411 if ( pagesz-- > 0 )
412 goto retry;
413
414 /* None of the page sizes was accepted, give up */
415 return -EINVAL;
416 }
417
418 /*
419 * Before an ITS gets initialized, it should be in a quiescent state, where
420 * all outstanding commands and transactions have finished.
421 * So if the ITS is already enabled, turn it off and wait for all outstanding
422 * operations to get processed by polling the QUIESCENT bit.
423 */
gicv3_disable_its(struct host_its * hw_its)424 static int gicv3_disable_its(struct host_its *hw_its)
425 {
426 uint32_t reg;
427 /*
428 * As we also need to wait for the command queue to drain, we use the same
429 * (arbitrary) timeout value as above for gicv3_its_wait_commands().
430 */
431 s_time_t deadline = NOW() + MILLISECS(100);
432
433 reg = readl_relaxed(hw_its->its_base + GITS_CTLR);
434 if ( !(reg & GITS_CTLR_ENABLE) && (reg & GITS_CTLR_QUIESCENT) )
435 return 0;
436
437 writel_relaxed(reg & ~GITS_CTLR_ENABLE, hw_its->its_base + GITS_CTLR);
438
439 do {
440 reg = readl_relaxed(hw_its->its_base + GITS_CTLR);
441 if ( reg & GITS_CTLR_QUIESCENT )
442 return 0;
443
444 cpu_relax();
445 udelay(1);
446 } while ( NOW() <= deadline );
447
448 printk(XENLOG_ERR "ITS@%lx not quiescent.\n", hw_its->addr);
449
450 return -ETIMEDOUT;
451 }
452
gicv3_its_init_single_its(struct host_its * hw_its)453 static int gicv3_its_init_single_its(struct host_its *hw_its)
454 {
455 uint64_t reg;
456 int i, ret;
457
458 hw_its->its_base = ioremap_nocache(hw_its->addr, hw_its->size);
459 if ( !hw_its->its_base )
460 return -ENOMEM;
461
462 ret = gicv3_disable_its(hw_its);
463 if ( ret )
464 return ret;
465
466 reg = readq_relaxed(hw_its->its_base + GITS_TYPER);
467 hw_its->devid_bits = GITS_TYPER_DEVICE_ID_BITS(reg);
468 hw_its->evid_bits = GITS_TYPER_EVENT_ID_BITS(reg);
469 hw_its->itte_size = GITS_TYPER_ITT_SIZE(reg);
470 if ( reg & GITS_TYPER_PTA )
471 hw_its->flags |= HOST_ITS_USES_PTA;
472 spin_lock_init(&hw_its->cmd_lock);
473
474 for ( i = 0; i < GITS_BASER_NR_REGS; i++ )
475 {
476 void __iomem *basereg = hw_its->its_base + GITS_BASER0 + i * 8;
477 unsigned int type;
478
479 reg = readq_relaxed(basereg);
480 type = (reg & GITS_BASER_TYPE_MASK) >> GITS_BASER_TYPE_SHIFT;
481 switch ( type )
482 {
483 case GITS_BASER_TYPE_NONE:
484 continue;
485 case GITS_BASER_TYPE_DEVICE:
486 ret = its_map_baser(basereg, reg, BIT(hw_its->devid_bits));
487 if ( ret )
488 return ret;
489 break;
490 case GITS_BASER_TYPE_COLLECTION:
491 ret = its_map_baser(basereg, reg, num_possible_cpus());
492 if ( ret )
493 return ret;
494 break;
495 /* In case this is a GICv4, provide a (dummy) vPE table as well. */
496 case GITS_BASER_TYPE_VCPU:
497 ret = its_map_baser(basereg, reg, 1);
498 if ( ret )
499 return ret;
500 break;
501 default:
502 continue;
503 }
504 }
505
506 hw_its->cmd_buf = its_map_cbaser(hw_its);
507 if ( !hw_its->cmd_buf )
508 return -ENOMEM;
509 writeq_relaxed(0, hw_its->its_base + GITS_CWRITER);
510
511 /* Now enable interrupt translation and command processing on that ITS. */
512 reg = readl_relaxed(hw_its->its_base + GITS_CTLR);
513 writel_relaxed(reg | GITS_CTLR_ENABLE, hw_its->its_base + GITS_CTLR);
514
515 return 0;
516 }
517
gicv3_its_init(void)518 int gicv3_its_init(void)
519 {
520 struct host_its *hw_its;
521 int ret;
522
523 list_for_each_entry(hw_its, &host_its_list, entry)
524 {
525 ret = gicv3_its_init_single_its(hw_its);
526 if ( ret )
527 return ret;
528 }
529
530 return 0;
531 }
532
533 /*
534 * TODO: Investigate the interaction when a guest removes a device while
535 * some LPIs are still in flight.
536 */
remove_mapped_guest_device(struct its_device * dev)537 static int remove_mapped_guest_device(struct its_device *dev)
538 {
539 int ret = 0;
540 unsigned int i;
541
542 if ( dev->hw_its )
543 /* MAPD also discards all events with this device ID. */
544 ret = its_send_cmd_mapd(dev->hw_its, dev->host_devid, 0, 0, false);
545
546 for ( i = 0; i < dev->eventids / LPI_BLOCK; i++ )
547 gicv3_free_host_lpi_block(dev->host_lpi_blocks[i]);
548
549 /* Make sure the MAPD command above is really executed. */
550 if ( !ret )
551 ret = gicv3_its_wait_commands(dev->hw_its);
552
553 /* This should never happen, but just in case ... */
554 if ( ret && printk_ratelimit() )
555 printk(XENLOG_WARNING "Can't unmap host ITS device 0x%x\n",
556 dev->host_devid);
557
558 xfree(dev->itt_addr);
559 xfree(dev->pend_irqs);
560 xfree(dev->host_lpi_blocks);
561 xfree(dev);
562
563 return 0;
564 }
565
gicv3_its_find_by_doorbell(paddr_t doorbell_address)566 static struct host_its *gicv3_its_find_by_doorbell(paddr_t doorbell_address)
567 {
568 struct host_its *hw_its;
569
570 list_for_each_entry(hw_its, &host_its_list, entry)
571 {
572 if ( hw_its->addr + ITS_DOORBELL_OFFSET == doorbell_address )
573 return hw_its;
574 }
575
576 return NULL;
577 }
578
compare_its_guest_devices(struct its_device * dev,paddr_t vdoorbell,uint32_t vdevid)579 static int compare_its_guest_devices(struct its_device *dev,
580 paddr_t vdoorbell, uint32_t vdevid)
581 {
582 if ( dev->guest_doorbell < vdoorbell )
583 return -1;
584
585 if ( dev->guest_doorbell > vdoorbell )
586 return 1;
587
588 if ( dev->guest_devid < vdevid )
589 return -1;
590
591 if ( dev->guest_devid > vdevid )
592 return 1;
593
594 return 0;
595 }
596
597 /*
598 * On the host ITS @its, map @nr_events consecutive LPIs.
599 * The mapping connects a device @devid and event @eventid pair to LPI @lpi,
600 * increasing both @eventid and @lpi to cover the number of requested LPIs.
601 */
gicv3_its_map_host_events(struct host_its * its,uint32_t devid,uint32_t eventid,uint32_t lpi,uint32_t nr_events)602 static int gicv3_its_map_host_events(struct host_its *its,
603 uint32_t devid, uint32_t eventid,
604 uint32_t lpi, uint32_t nr_events)
605 {
606 uint32_t i;
607 int ret;
608
609 for ( i = 0; i < nr_events; i++ )
610 {
611 /* For now we map every host LPI to host CPU 0 */
612 ret = its_send_cmd_mapti(its, devid, eventid + i, lpi + i, 0);
613 if ( ret )
614 return ret;
615
616 ret = its_send_cmd_inv(its, devid, eventid + i);
617 if ( ret )
618 return ret;
619 }
620
621 /* TODO: Consider using INVALL here. Didn't work on the model, though. */
622
623 ret = its_send_cmd_sync(its, 0);
624 if ( ret )
625 return ret;
626
627 return gicv3_its_wait_commands(its);
628 }
629
630 /*
631 * Map a hardware device, identified by a certain host ITS and its device ID
632 * to domain d, a guest ITS (identified by its doorbell address) and device ID.
633 * Also provide the number of events (MSIs) needed for that device.
634 * This does not check if this particular hardware device is already mapped
635 * at another domain, it is expected that this would be done by the caller.
636 */
gicv3_its_map_guest_device(struct domain * d,paddr_t host_doorbell,uint32_t host_devid,paddr_t guest_doorbell,uint32_t guest_devid,uint64_t nr_events,bool valid)637 int gicv3_its_map_guest_device(struct domain *d,
638 paddr_t host_doorbell, uint32_t host_devid,
639 paddr_t guest_doorbell, uint32_t guest_devid,
640 uint64_t nr_events, bool valid)
641 {
642 void *itt_addr = NULL;
643 struct host_its *hw_its;
644 struct its_device *dev = NULL;
645 struct rb_node **new = &d->arch.vgic.its_devices.rb_node, *parent = NULL;
646 int i, ret = -ENOENT; /* "i" must be signed to check for >= 0 below. */
647
648 hw_its = gicv3_its_find_by_doorbell(host_doorbell);
649 if ( !hw_its )
650 return ret;
651
652 /* Sanitise the provided hardware values against the host ITS. */
653 if ( host_devid >= BIT(hw_its->devid_bits) )
654 return -EINVAL;
655
656 /*
657 * The ITS requires the number of events to be a power of 2. We allocate
658 * events and LPIs in chunks of LPI_BLOCK (=32), so make sure we
659 * allocate at least that many.
660 * TODO: Investigate if the number of events can be limited to smaller
661 * values if the guest does not require that many.
662 */
663 nr_events = BIT(fls(nr_events - 1));
664 if ( nr_events < LPI_BLOCK )
665 nr_events = LPI_BLOCK;
666 if ( nr_events >= BIT(hw_its->evid_bits) )
667 return -EINVAL;
668
669 /* check for already existing mappings */
670 spin_lock(&d->arch.vgic.its_devices_lock);
671 while ( *new )
672 {
673 struct its_device *temp;
674 int cmp;
675
676 temp = rb_entry(*new, struct its_device, rbnode);
677
678 parent = *new;
679 cmp = compare_its_guest_devices(temp, guest_doorbell, guest_devid);
680 if ( !cmp )
681 {
682 if ( !valid )
683 rb_erase(&temp->rbnode, &d->arch.vgic.its_devices);
684
685 spin_unlock(&d->arch.vgic.its_devices_lock);
686
687 if ( valid )
688 {
689 printk(XENLOG_G_WARNING "d%d tried to remap guest ITS device 0x%x to host device 0x%x\n",
690 d->domain_id, guest_devid, host_devid);
691 return -EBUSY;
692 }
693
694 return remove_mapped_guest_device(temp);
695 }
696
697 if ( cmp > 0 )
698 new = &((*new)->rb_left);
699 else
700 new = &((*new)->rb_right);
701 }
702
703 if ( !valid )
704 goto out_unlock;
705
706 ret = -ENOMEM;
707
708 /* An Interrupt Translation Table needs to be 256-byte aligned. */
709 itt_addr = _xzalloc(nr_events * hw_its->itte_size, 256);
710 if ( !itt_addr )
711 goto out_unlock;
712
713 dev = xzalloc(struct its_device);
714 if ( !dev )
715 goto out_unlock;
716
717 /*
718 * Allocate the pending_irqs for each virtual LPI. They will be put
719 * into the domain's radix tree upon the guest's MAPTI command.
720 * Pre-allocating memory for each *possible* LPI would be using way
721 * too much memory (they can be sparsely used by the guest), also
722 * allocating them on demand requires memory allocation in the interrupt
723 * injection code path, which is not really desired.
724 * So we compromise here by pre-allocating memory for each possible event
725 * up to the max specified by MAPD.
726 * See the mailing list discussion for some background:
727 * https://lists.xen.org/archives/html/xen-devel/2017-03/msg03645.html
728 */
729 dev->pend_irqs = xzalloc_array(struct pending_irq, nr_events);
730 if ( !dev->pend_irqs )
731 goto out_unlock;
732
733 dev->host_lpi_blocks = xzalloc_array(uint32_t, nr_events);
734 if ( !dev->host_lpi_blocks )
735 goto out_unlock;
736
737 ret = its_send_cmd_mapd(hw_its, host_devid, fls(nr_events - 1),
738 virt_to_maddr(itt_addr), true);
739 if ( ret )
740 goto out_unlock;
741
742 dev->itt_addr = itt_addr;
743 dev->hw_its = hw_its;
744 dev->guest_doorbell = guest_doorbell;
745 dev->guest_devid = guest_devid;
746 dev->host_devid = host_devid;
747 dev->eventids = nr_events;
748
749 rb_link_node(&dev->rbnode, parent, new);
750 rb_insert_color(&dev->rbnode, &d->arch.vgic.its_devices);
751
752 spin_unlock(&d->arch.vgic.its_devices_lock);
753
754 /*
755 * Map all host LPIs within this device already. We can't afford to queue
756 * any host ITS commands later on during the guest's runtime.
757 */
758 for ( i = 0; i < nr_events / LPI_BLOCK; i++ )
759 {
760 ret = gicv3_allocate_host_lpi_block(d, &dev->host_lpi_blocks[i]);
761 if ( ret < 0 )
762 break;
763
764 ret = gicv3_its_map_host_events(hw_its, host_devid, i * LPI_BLOCK,
765 dev->host_lpi_blocks[i], LPI_BLOCK);
766 if ( ret < 0 )
767 break;
768 }
769
770 if ( ret )
771 {
772 /* Clean up all allocated host LPI blocks. */
773 for ( ; i >= 0; i-- )
774 {
775 if ( dev->host_lpi_blocks[i] )
776 gicv3_free_host_lpi_block(dev->host_lpi_blocks[i]);
777 }
778
779 /*
780 * Unmapping the device will discard all LPIs mapped so far.
781 * We are already on the failing path, so no error checking to
782 * not mask the original error value. This should never fail anyway.
783 */
784 its_send_cmd_mapd(hw_its, host_devid, 0, 0, false);
785
786 goto out;
787 }
788
789 return 0;
790
791 out_unlock:
792 spin_unlock(&d->arch.vgic.its_devices_lock);
793
794 out:
795 if ( dev )
796 {
797 xfree(dev->pend_irqs);
798 xfree(dev->host_lpi_blocks);
799 }
800 xfree(itt_addr);
801 xfree(dev);
802
803 return ret;
804 }
805
806 /* Must be called with the its_device_lock held. */
get_its_device(struct domain * d,paddr_t vdoorbell,uint32_t vdevid)807 static struct its_device *get_its_device(struct domain *d, paddr_t vdoorbell,
808 uint32_t vdevid)
809 {
810 struct rb_node *node = d->arch.vgic.its_devices.rb_node;
811 struct its_device *dev;
812
813 ASSERT(spin_is_locked(&d->arch.vgic.its_devices_lock));
814
815 while (node)
816 {
817 int cmp;
818
819 dev = rb_entry(node, struct its_device, rbnode);
820 cmp = compare_its_guest_devices(dev, vdoorbell, vdevid);
821
822 if ( !cmp )
823 return dev;
824
825 if ( cmp > 0 )
826 node = node->rb_left;
827 else
828 node = node->rb_right;
829 }
830
831 return NULL;
832 }
833
get_event_pending_irq(struct domain * d,paddr_t vdoorbell_address,uint32_t vdevid,uint32_t eventid,uint32_t * host_lpi)834 static struct pending_irq *get_event_pending_irq(struct domain *d,
835 paddr_t vdoorbell_address,
836 uint32_t vdevid,
837 uint32_t eventid,
838 uint32_t *host_lpi)
839 {
840 struct its_device *dev;
841 struct pending_irq *pirq = NULL;
842
843 spin_lock(&d->arch.vgic.its_devices_lock);
844 dev = get_its_device(d, vdoorbell_address, vdevid);
845 if ( dev && eventid < dev->eventids )
846 {
847 pirq = &dev->pend_irqs[eventid];
848 if ( host_lpi )
849 *host_lpi = dev->host_lpi_blocks[eventid / LPI_BLOCK] +
850 (eventid % LPI_BLOCK);
851 }
852 spin_unlock(&d->arch.vgic.its_devices_lock);
853
854 return pirq;
855 }
856
gicv3_its_get_event_pending_irq(struct domain * d,paddr_t vdoorbell_address,uint32_t vdevid,uint32_t eventid)857 struct pending_irq *gicv3_its_get_event_pending_irq(struct domain *d,
858 paddr_t vdoorbell_address,
859 uint32_t vdevid,
860 uint32_t eventid)
861 {
862 return get_event_pending_irq(d, vdoorbell_address, vdevid, eventid, NULL);
863 }
864
gicv3_remove_guest_event(struct domain * d,paddr_t vdoorbell_address,uint32_t vdevid,uint32_t eventid)865 int gicv3_remove_guest_event(struct domain *d, paddr_t vdoorbell_address,
866 uint32_t vdevid, uint32_t eventid)
867 {
868 uint32_t host_lpi = INVALID_LPI;
869
870 if ( !get_event_pending_irq(d, vdoorbell_address, vdevid, eventid,
871 &host_lpi) )
872 return -EINVAL;
873
874 if ( host_lpi == INVALID_LPI )
875 return -EINVAL;
876
877 gicv3_lpi_update_host_entry(host_lpi, d->domain_id, INVALID_LPI);
878
879 return 0;
880 }
881
882 /*
883 * Connects the event ID for an already assigned device to the given VCPU/vLPI
884 * pair. The corresponding physical LPI is already mapped on the host side
885 * (when assigning the physical device to the guest), so we just connect the
886 * target VCPU/vLPI pair to that interrupt to inject it properly if it fires.
887 * Returns a pointer to the already allocated struct pending_irq that is
888 * meant to be used by that event.
889 */
gicv3_assign_guest_event(struct domain * d,paddr_t vdoorbell_address,uint32_t vdevid,uint32_t eventid,uint32_t virt_lpi)890 struct pending_irq *gicv3_assign_guest_event(struct domain *d,
891 paddr_t vdoorbell_address,
892 uint32_t vdevid, uint32_t eventid,
893 uint32_t virt_lpi)
894 {
895 struct pending_irq *pirq;
896 uint32_t host_lpi = INVALID_LPI;
897
898 pirq = get_event_pending_irq(d, vdoorbell_address, vdevid, eventid,
899 &host_lpi);
900
901 if ( !pirq )
902 return NULL;
903
904 gicv3_lpi_update_host_entry(host_lpi, d->domain_id, virt_lpi);
905
906 return pirq;
907 }
908
gicv3_its_deny_access(const struct domain * d)909 int gicv3_its_deny_access(const struct domain *d)
910 {
911 int rc = 0;
912 unsigned long mfn, nr;
913 const struct host_its *its_data;
914
915 list_for_each_entry( its_data, &host_its_list, entry )
916 {
917 mfn = paddr_to_pfn(its_data->addr);
918 nr = PFN_UP(its_data->size);
919 rc = iomem_deny_access(d, mfn, mfn + nr);
920 if ( rc )
921 {
922 printk("iomem_deny_access failed for %lx:%lx \r\n", mfn, nr);
923 break;
924 }
925 }
926
927 return rc;
928 }
929
930 /*
931 * Create the respective guest DT nodes from a list of host ITSes.
932 * This copies the reg property, so the guest sees the ITS at the same address
933 * as the host.
934 */
gicv3_its_make_hwdom_dt_nodes(const struct domain * d,const struct dt_device_node * gic,void * fdt)935 int gicv3_its_make_hwdom_dt_nodes(const struct domain *d,
936 const struct dt_device_node *gic,
937 void *fdt)
938 {
939 uint32_t len;
940 int res;
941 const void *prop = NULL;
942 const struct dt_device_node *its = NULL;
943 const struct host_its *its_data;
944
945 if ( list_empty(&host_its_list) )
946 return 0;
947
948 /* The sub-nodes require the ranges property */
949 prop = dt_get_property(gic, "ranges", &len);
950 if ( !prop )
951 {
952 printk(XENLOG_ERR "Can't find ranges property for the gic node\n");
953 return -FDT_ERR_XEN(ENOENT);
954 }
955
956 res = fdt_property(fdt, "ranges", prop, len);
957 if ( res )
958 return res;
959
960 list_for_each_entry(its_data, &host_its_list, entry)
961 {
962 its = its_data->dt_node;
963
964 res = fdt_begin_node(fdt, its->name);
965 if ( res )
966 return res;
967
968 res = fdt_property_string(fdt, "compatible", "arm,gic-v3-its");
969 if ( res )
970 return res;
971
972 res = fdt_property(fdt, "msi-controller", NULL, 0);
973 if ( res )
974 return res;
975
976 if ( its->phandle )
977 {
978 res = fdt_property_cell(fdt, "phandle", its->phandle);
979 if ( res )
980 return res;
981 }
982
983 /* Use the same reg regions as the ITS node in host DTB. */
984 prop = dt_get_property(its, "reg", &len);
985 if ( !prop )
986 {
987 printk(XENLOG_ERR "GICv3: Can't find ITS reg property.\n");
988 res = -FDT_ERR_XEN(ENOENT);
989 return res;
990 }
991
992 res = fdt_property(fdt, "reg", prop, len);
993 if ( res )
994 return res;
995
996 fdt_end_node(fdt);
997 }
998
999 return res;
1000 }
1001
1002 /* Common function for adding to host_its_list */
add_to_host_its_list(paddr_t addr,paddr_t size,const struct dt_device_node * node)1003 static void add_to_host_its_list(paddr_t addr, paddr_t size,
1004 const struct dt_device_node *node)
1005 {
1006 struct host_its *its_data;
1007
1008 its_data = xzalloc(struct host_its);
1009 if ( !its_data )
1010 panic("GICv3: Cannot allocate memory for ITS frame");
1011
1012 its_data->addr = addr;
1013 its_data->size = size;
1014 its_data->dt_node = node;
1015
1016 printk("GICv3: Found ITS @0x%lx\n", addr);
1017
1018 list_add_tail(&its_data->entry, &host_its_list);
1019 }
1020
1021 /* Scan the DT for any ITS nodes and create a list of host ITSes out of it. */
gicv3_its_dt_init(const struct dt_device_node * node)1022 void gicv3_its_dt_init(const struct dt_device_node *node)
1023 {
1024 const struct dt_device_node *its = NULL;
1025
1026 /*
1027 * Check for ITS MSI subnodes. If any, add the ITS register
1028 * frames to the ITS list.
1029 */
1030 dt_for_each_child_node(node, its)
1031 {
1032 uint64_t addr, size;
1033
1034 if ( !dt_device_is_compatible(its, "arm,gic-v3-its") )
1035 continue;
1036
1037 if ( dt_device_get_address(its, 0, &addr, &size) )
1038 panic("GICv3: Cannot find a valid ITS frame address");
1039
1040 add_to_host_its_list(addr, size, its);
1041 }
1042 }
1043
1044 #ifdef CONFIG_ACPI
gicv3_its_acpi_probe(struct acpi_subtable_header * header,const unsigned long end)1045 static int gicv3_its_acpi_probe(struct acpi_subtable_header *header,
1046 const unsigned long end)
1047 {
1048 struct acpi_madt_generic_translator *its;
1049
1050 its = (struct acpi_madt_generic_translator *)header;
1051 if ( BAD_MADT_ENTRY(its, end) )
1052 return -EINVAL;
1053
1054 add_to_host_its_list(its->base_address, GICV3_ITS_SIZE, NULL);
1055
1056 return 0;
1057 }
1058
gicv3_its_acpi_init(void)1059 void gicv3_its_acpi_init(void)
1060 {
1061 /* Parse ITS information */
1062 acpi_table_parse_madt(ACPI_MADT_TYPE_GENERIC_TRANSLATOR,
1063 gicv3_its_acpi_probe, 0);
1064 }
1065
gicv3_its_make_hwdom_madt(const struct domain * d,void * base_ptr)1066 unsigned long gicv3_its_make_hwdom_madt(const struct domain *d, void *base_ptr)
1067 {
1068 unsigned int i;
1069 void *fw_its;
1070 struct acpi_madt_generic_translator *hwdom_its;
1071
1072 hwdom_its = base_ptr;
1073
1074 for ( i = 0; i < vgic_v3_its_count(d); i++ )
1075 {
1076 fw_its = acpi_table_get_entry_madt(ACPI_MADT_TYPE_GENERIC_TRANSLATOR,
1077 i);
1078 memcpy(hwdom_its, fw_its, sizeof(struct acpi_madt_generic_translator));
1079 hwdom_its++;
1080 }
1081
1082 return sizeof(struct acpi_madt_generic_translator) * vgic_v3_its_count(d);
1083 }
1084 #endif
1085
1086 /*
1087 * Local variables:
1088 * mode: C
1089 * c-file-style: "BSD"
1090 * c-basic-offset: 4
1091 * indent-tabs-mode: nil
1092 * End:
1093 */
1094