1 /*
2 * Copyright (C) 2015, 2016 ARM Ltd.
3 * Imported from Linux ("new" KVM VGIC) and heavily adapted to Xen.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <http://www.gnu.org/licenses/>.
16 */
17
18 #include <xen/bug.h>
19 #include <xen/list_sort.h>
20 #include <xen/sched.h>
21 #include <asm/event.h>
22 #include <asm/new_vgic.h>
23
24 #include "vgic.h"
25
26 /*
27 * Locking order is always:
28 * vgic->lock
29 * vgic_cpu->ap_list_lock
30 * vgic->lpi_list_lock
31 * desc->lock
32 * vgic_irq->irq_lock
33 *
34 * If you need to take multiple locks, always take the upper lock first,
35 * then the lower ones, e.g. first take the ap_list_lock, then the irq_lock.
36 * If you are already holding a lock and need to take a higher one, you
37 * have to drop the lower ranking lock first and re-acquire it after having
38 * taken the upper one.
39 *
40 * When taking more than one ap_list_lock at the same time, always take the
41 * lowest numbered VCPU's ap_list_lock first, so:
42 * vcpuX->vcpu_id < vcpuY->vcpu_id:
43 * spin_lock(vcpuX->arch.vgic.ap_list_lock);
44 * spin_lock(vcpuY->arch.vgic.ap_list_lock);
45 *
46 * Since the VGIC must support injecting virtual interrupts from ISRs, we have
47 * to use the spin_lock_irqsave/spin_unlock_irqrestore versions of outer
48 * spinlocks for any lock that may be taken while injecting an interrupt.
49 */
50
51 /*
52 * Iterate over the VM's list of mapped LPIs to find the one with a
53 * matching interrupt ID and return a reference to the IRQ structure.
54 *
55 * TODO: This is more documentation of how it should be done. A list is
56 * not a good data structure for Dom0's LPIs, it merely serves as an
57 * example here how to properly do the locking, allocation and refcounting.
58 * So lpi_list_head should be replaced with something more appropriate.
59 */
vgic_get_lpi(struct domain * d,uint32_t intid)60 static struct vgic_irq *vgic_get_lpi(struct domain *d, uint32_t intid)
61 {
62 struct vgic_dist *dist = &d->arch.vgic;
63 struct vgic_irq *irq = NULL;
64
65 spin_lock(&dist->lpi_list_lock);
66
67 list_for_each_entry( irq, &dist->lpi_list_head, lpi_list )
68 {
69 if ( irq->intid != intid )
70 continue;
71
72 /*
73 * This increases the refcount, the caller is expected to
74 * call vgic_put_irq() later once it's finished with the IRQ.
75 */
76 vgic_get_irq_kref(irq);
77 goto out_unlock;
78 }
79 irq = NULL;
80
81 out_unlock:
82 spin_unlock(&dist->lpi_list_lock);
83
84 return irq;
85 }
86
87 /**
88 * vgic_get_irq() - obtain a reference to a virtual IRQ
89 * @d: The domain the virtual IRQ belongs to.
90 * @vcpu: For private IRQs (SGIs, PPIs) the virtual CPU this IRQ
91 * is associated with. Will be ignored for SPIs and LPIs.
92 * @intid: The virtual IRQ number.
93 *
94 * This looks up the virtual interrupt ID to get the corresponding
95 * struct vgic_irq. It also increases the refcount, so any caller is expected
96 * to call vgic_put_irq() once it's finished with this IRQ.
97 *
98 * Return: The pointer to the requested struct vgic_irq.
99 */
vgic_get_irq(struct domain * d,struct vcpu * vcpu,uint32_t intid)100 struct vgic_irq *vgic_get_irq(struct domain *d, struct vcpu *vcpu,
101 uint32_t intid)
102 {
103 /* SGIs and PPIs */
104 if ( intid <= VGIC_MAX_PRIVATE )
105 return &vcpu->arch.vgic.private_irqs[intid];
106
107 /* SPIs */
108 if ( intid <= VGIC_MAX_SPI )
109 return &d->arch.vgic.spis[intid - VGIC_NR_PRIVATE_IRQS];
110
111 /* LPIs */
112 if ( intid >= VGIC_MIN_LPI )
113 return vgic_get_lpi(d, intid);
114
115 ASSERT_UNREACHABLE();
116
117 return NULL;
118 }
119
120 /**
121 * vgic_put_irq() - drop the reference to a virtual IRQ
122 * @d: The domain the virtual IRQ belongs to.
123 * @irq: The pointer to struct vgic_irq, as obtained from vgic_get_irq().
124 *
125 * This drops the reference to a virtual IRQ. It decreases the refcount
126 * of the pointer, so dynamic IRQs can be freed when no longer needed.
127 * This should always be called after a vgic_get_irq(), though the reference
128 * can be deliberately held for longer periods, if needed.
129 *
130 * TODO: A linked list is not a good data structure for LPIs in Dom0.
131 * Replace this with proper data structure once we get proper LPI support.
132 */
vgic_put_irq(struct domain * d,struct vgic_irq * irq)133 void vgic_put_irq(struct domain *d, struct vgic_irq *irq)
134 {
135 struct vgic_dist *dist = &d->arch.vgic;
136
137 if ( irq->intid < VGIC_MIN_LPI )
138 return;
139
140 spin_lock(&dist->lpi_list_lock);
141 if ( !atomic_dec_and_test(&irq->refcount) )
142 {
143 spin_unlock(&dist->lpi_list_lock);
144 return;
145 };
146
147 list_del(&irq->lpi_list);
148 dist->lpi_list_count--;
149 spin_unlock(&dist->lpi_list_lock);
150
151 xfree(irq);
152 }
153
154 /**
155 * vgic_target_oracle() - compute the target vcpu for an irq
156 * @irq: The irq to route. Must be already locked.
157 *
158 * Based on the current state of the interrupt (enabled, pending,
159 * active, vcpu and target_vcpu), compute the next vcpu this should be
160 * given to. Return NULL if this shouldn't be injected at all.
161 *
162 * Requires the IRQ lock to be held.
163 *
164 * Returns: The pointer to the virtual CPU this interrupt should be injected
165 * to. Will be NULL if this IRQ does not need to be injected.
166 */
vgic_target_oracle(struct vgic_irq * irq)167 static struct vcpu *vgic_target_oracle(struct vgic_irq *irq)
168 {
169 ASSERT(spin_is_locked(&irq->irq_lock));
170
171 /* If the interrupt is active, it must stay on the current vcpu */
172 if ( irq->active )
173 return irq->vcpu ? : irq->target_vcpu;
174
175 /*
176 * If the IRQ is not active but enabled and pending, we should direct
177 * it to its configured target VCPU.
178 * If the distributor is disabled, pending interrupts shouldn't be
179 * forwarded.
180 */
181 if ( irq->enabled && irq_is_pending(irq) )
182 {
183 if ( unlikely(irq->target_vcpu &&
184 !irq->target_vcpu->domain->arch.vgic.enabled) )
185 return NULL;
186
187 return irq->target_vcpu;
188 }
189
190 /*
191 * If neither active nor pending and enabled, then this IRQ should not
192 * be queued to any VCPU.
193 */
194 return NULL;
195 }
196
197 /*
198 * The order of items in the ap_lists defines how we'll pack things in LRs as
199 * well, the first items in the list being the first things populated in the
200 * LRs.
201 *
202 * A hard rule is that active interrupts can never be pushed out of the LRs
203 * (and therefore take priority) since we cannot reliably trap on deactivation
204 * of IRQs and therefore they have to be present in the LRs.
205 *
206 * Otherwise things should be sorted by the priority field and the GIC
207 * hardware support will take care of preemption of priority groups etc.
208 *
209 * Return negative if "a" sorts before "b", 0 to preserve order, and positive
210 * to sort "b" before "a".
211 */
vgic_irq_cmp(void * priv,struct list_head * a,struct list_head * b)212 static int vgic_irq_cmp(void *priv, struct list_head *a, struct list_head *b)
213 {
214 struct vgic_irq *irqa = container_of(a, struct vgic_irq, ap_list);
215 struct vgic_irq *irqb = container_of(b, struct vgic_irq, ap_list);
216 bool penda, pendb;
217 int ret;
218
219 spin_lock(&irqa->irq_lock);
220 spin_lock(&irqb->irq_lock);
221
222 if ( irqa->active || irqb->active )
223 {
224 ret = (int)irqb->active - (int)irqa->active;
225 goto out;
226 }
227
228 penda = irqa->enabled && irq_is_pending(irqa);
229 pendb = irqb->enabled && irq_is_pending(irqb);
230
231 if ( !penda || !pendb )
232 {
233 ret = (int)pendb - (int)penda;
234 goto out;
235 }
236
237 /* Both pending and enabled, sort by priority */
238 ret = irqa->priority - irqb->priority;
239 out:
240 spin_unlock(&irqb->irq_lock);
241 spin_unlock(&irqa->irq_lock);
242 return ret;
243 }
244
245 /* Must be called with the ap_list_lock held */
vgic_sort_ap_list(struct vcpu * vcpu)246 static void vgic_sort_ap_list(struct vcpu *vcpu)
247 {
248 struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic;
249
250 ASSERT(spin_is_locked(&vgic_cpu->ap_list_lock));
251
252 list_sort(NULL, &vgic_cpu->ap_list_head, vgic_irq_cmp);
253 }
254
255 /*
256 * Only valid injection if changing level for level-triggered IRQs or for a
257 * rising edge.
258 */
vgic_validate_injection(struct vgic_irq * irq,bool level)259 static bool vgic_validate_injection(struct vgic_irq *irq, bool level)
260 {
261 /* For edge interrupts we only care about a rising edge. */
262 if ( irq->config == VGIC_CONFIG_EDGE )
263 return level;
264
265 /* For level interrupts we have to act when the line level changes. */
266 return irq->line_level != level;
267 }
268
269 /**
270 * vgic_queue_irq_unlock() - Queue an IRQ to a VCPU, to be injected to a guest.
271 * @d: The domain the virtual IRQ belongs to.
272 * @irq: A pointer to the vgic_irq of the virtual IRQ, with the lock held.
273 * @flags: The flags used when having grabbed the IRQ lock.
274 *
275 * Check whether an IRQ needs to (and can) be queued to a VCPU's ap list.
276 * Do the queuing if necessary, taking the right locks in the right order.
277 *
278 * Needs to be entered with the IRQ lock already held, but will return
279 * with all locks dropped.
280 */
vgic_queue_irq_unlock(struct domain * d,struct vgic_irq * irq,unsigned long flags)281 void vgic_queue_irq_unlock(struct domain *d, struct vgic_irq *irq,
282 unsigned long flags)
283 {
284 struct vcpu *vcpu;
285
286 ASSERT(spin_is_locked(&irq->irq_lock));
287
288 retry:
289 vcpu = vgic_target_oracle(irq);
290 if ( irq->vcpu || !vcpu )
291 {
292 /*
293 * If this IRQ is already on a VCPU's ap_list, then it
294 * cannot be moved or modified and there is no more work for
295 * us to do.
296 *
297 * Otherwise, if the irq is not pending and enabled, it does
298 * not need to be inserted into an ap_list and there is also
299 * no more work for us to do.
300 */
301 spin_unlock_irqrestore(&irq->irq_lock, flags);
302
303 /*
304 * We have to kick the VCPU here, because we could be
305 * queueing an edge-triggered interrupt for which we
306 * get no EOI maintenance interrupt. In that case,
307 * while the IRQ is already on the VCPU's AP list, the
308 * VCPU could have EOI'ed the original interrupt and
309 * won't see this one until it exits for some other
310 * reason.
311 */
312 if ( vcpu )
313 vcpu_kick(vcpu);
314
315 return;
316 }
317
318 /*
319 * We must unlock the irq lock to take the ap_list_lock where
320 * we are going to insert this new pending interrupt.
321 */
322 spin_unlock_irqrestore(&irq->irq_lock, flags);
323
324 /* someone can do stuff here, which we re-check below */
325
326 spin_lock_irqsave(&vcpu->arch.vgic.ap_list_lock, flags);
327 spin_lock(&irq->irq_lock);
328
329 /*
330 * Did something change behind our backs?
331 *
332 * There are two cases:
333 * 1) The irq lost its pending state or was disabled behind our
334 * backs and/or it was queued to another VCPU's ap_list.
335 * 2) Someone changed the affinity on this irq behind our
336 * backs and we are now holding the wrong ap_list_lock.
337 *
338 * In both cases, drop the locks and retry.
339 */
340
341 if ( unlikely(irq->vcpu || vcpu != vgic_target_oracle(irq)) )
342 {
343 spin_unlock(&irq->irq_lock);
344 spin_unlock_irqrestore(&vcpu->arch.vgic.ap_list_lock, flags);
345
346 spin_lock_irqsave(&irq->irq_lock, flags);
347 goto retry;
348 }
349
350 /*
351 * Grab a reference to the irq to reflect the fact that it is
352 * now in the ap_list.
353 */
354 vgic_get_irq_kref(irq);
355 list_add_tail(&irq->ap_list, &vcpu->arch.vgic.ap_list_head);
356 irq->vcpu = vcpu;
357
358 spin_unlock(&irq->irq_lock);
359 spin_unlock_irqrestore(&vcpu->arch.vgic.ap_list_lock, flags);
360
361 vcpu_kick(vcpu);
362
363 return;
364 }
365
366 /**
367 * vgic_inject_irq() - Inject an IRQ from a device to the vgic
368 * @d: The domain pointer
369 * @vcpu: The vCPU for private IRQs (PPIs, SGIs). Ignored for SPIs and LPIs.
370 * @intid: The INTID to inject a new state to.
371 * @level: Edge-triggered: true: to trigger the interrupt
372 * false: to ignore the call
373 * Level-sensitive true: raise the input signal
374 * false: lower the input signal
375 *
376 * Injects an instance of the given virtual IRQ into a domain.
377 * The VGIC is not concerned with devices being active-LOW or active-HIGH for
378 * level-sensitive interrupts. You can think of the level parameter as 1
379 * being HIGH and 0 being LOW and all devices being active-HIGH.
380 */
vgic_inject_irq(struct domain * d,struct vcpu * vcpu,unsigned int intid,bool level)381 void vgic_inject_irq(struct domain *d, struct vcpu *vcpu, unsigned int intid,
382 bool level)
383 {
384 struct vgic_irq *irq;
385 unsigned long flags;
386
387 irq = vgic_get_irq(d, vcpu, intid);
388 if ( !irq )
389 return;
390
391 spin_lock_irqsave(&irq->irq_lock, flags);
392
393 if ( !vgic_validate_injection(irq, level) )
394 {
395 /* Nothing to see here, move along... */
396 spin_unlock_irqrestore(&irq->irq_lock, flags);
397 vgic_put_irq(d, irq);
398 return;
399 }
400
401 if ( irq->config == VGIC_CONFIG_LEVEL )
402 irq->line_level = level;
403 else
404 irq->pending_latch = true;
405
406 vgic_queue_irq_unlock(d, irq, flags);
407 vgic_put_irq(d, irq);
408
409 return;
410 }
411
412 /**
413 * vgic_prune_ap_list() - Remove non-relevant interrupts from the ap_list
414 *
415 * @vcpu: The VCPU of which the ap_list should be pruned.
416 *
417 * Go over the list of interrupts on a VCPU's ap_list, and prune those that
418 * we won't have to consider in the near future.
419 * This removes interrupts that have been successfully handled by the guest,
420 * or that have otherwise became obsolete (not pending anymore).
421 * Also this moves interrupts between VCPUs, if their affinity has changed.
422 */
vgic_prune_ap_list(struct vcpu * vcpu)423 static void vgic_prune_ap_list(struct vcpu *vcpu)
424 {
425 struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic;
426 struct vgic_irq *irq, *tmp;
427 unsigned long flags;
428
429 retry:
430 spin_lock_irqsave(&vgic_cpu->ap_list_lock, flags);
431
432 list_for_each_entry_safe( irq, tmp, &vgic_cpu->ap_list_head, ap_list )
433 {
434 struct vcpu *target_vcpu, *vcpuA, *vcpuB;
435
436 spin_lock(&irq->irq_lock);
437
438 BUG_ON(vcpu != irq->vcpu);
439
440 target_vcpu = vgic_target_oracle(irq);
441
442 if ( !target_vcpu )
443 {
444 /*
445 * We don't need to process this interrupt any
446 * further, move it off the list.
447 */
448 list_del(&irq->ap_list);
449 irq->vcpu = NULL;
450 spin_unlock(&irq->irq_lock);
451
452 /*
453 * This vgic_put_irq call matches the
454 * vgic_get_irq_kref in vgic_queue_irq_unlock,
455 * where we added the LPI to the ap_list. As
456 * we remove the irq from the list, we drop
457 * also drop the refcount.
458 */
459 vgic_put_irq(vcpu->domain, irq);
460 continue;
461 }
462
463 if ( target_vcpu == vcpu )
464 {
465 /* We're on the right CPU */
466 spin_unlock(&irq->irq_lock);
467 continue;
468 }
469
470 /* This interrupt looks like it has to be migrated. */
471
472 spin_unlock(&irq->irq_lock);
473 spin_unlock_irqrestore(&vgic_cpu->ap_list_lock, flags);
474
475 /*
476 * Ensure locking order by always locking the smallest
477 * ID first.
478 */
479 if ( vcpu->vcpu_id < target_vcpu->vcpu_id )
480 {
481 vcpuA = vcpu;
482 vcpuB = target_vcpu;
483 }
484 else
485 {
486 vcpuA = target_vcpu;
487 vcpuB = vcpu;
488 }
489
490 spin_lock_irqsave(&vcpuA->arch.vgic.ap_list_lock, flags);
491 spin_lock(&vcpuB->arch.vgic.ap_list_lock);
492 spin_lock(&irq->irq_lock);
493
494 /*
495 * If the affinity has been preserved, move the
496 * interrupt around. Otherwise, it means things have
497 * changed while the interrupt was unlocked, and we
498 * need to replay this.
499 *
500 * In all cases, we cannot trust the list not to have
501 * changed, so we restart from the beginning.
502 */
503 if ( target_vcpu == vgic_target_oracle(irq) )
504 {
505 struct vgic_cpu *new_cpu = &target_vcpu->arch.vgic;
506
507 list_del(&irq->ap_list);
508 irq->vcpu = target_vcpu;
509 list_add_tail(&irq->ap_list, &new_cpu->ap_list_head);
510 }
511
512 spin_unlock(&irq->irq_lock);
513 spin_unlock(&vcpuB->arch.vgic.ap_list_lock);
514 spin_unlock_irqrestore(&vcpuA->arch.vgic.ap_list_lock, flags);
515 goto retry;
516 }
517
518 spin_unlock_irqrestore(&vgic_cpu->ap_list_lock, flags);
519 }
520
vgic_fold_lr_state(struct vcpu * vcpu)521 static void vgic_fold_lr_state(struct vcpu *vcpu)
522 {
523 vgic_v2_fold_lr_state(vcpu);
524 }
525
526 /* Requires the irq_lock to be held. */
vgic_populate_lr(struct vcpu * vcpu,struct vgic_irq * irq,int lr)527 static void vgic_populate_lr(struct vcpu *vcpu,
528 struct vgic_irq *irq, int lr)
529 {
530 ASSERT(spin_is_locked(&irq->irq_lock));
531
532 vgic_v2_populate_lr(vcpu, irq, lr);
533 }
534
vgic_set_underflow(struct vcpu * vcpu)535 static void vgic_set_underflow(struct vcpu *vcpu)
536 {
537 ASSERT(vcpu == current);
538
539 gic_hw_ops->update_hcr_status(GICH_HCR_UIE, true);
540 }
541
542 /* Requires the ap_list_lock to be held. */
compute_ap_list_depth(struct vcpu * vcpu)543 static int compute_ap_list_depth(struct vcpu *vcpu)
544 {
545 struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic;
546 struct vgic_irq *irq;
547 int count = 0;
548
549 ASSERT(spin_is_locked(&vgic_cpu->ap_list_lock));
550
551 list_for_each_entry(irq, &vgic_cpu->ap_list_head, ap_list)
552 count++;
553
554 return count;
555 }
556
557 /* Requires the VCPU's ap_list_lock to be held. */
vgic_flush_lr_state(struct vcpu * vcpu)558 static void vgic_flush_lr_state(struct vcpu *vcpu)
559 {
560 struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic;
561 struct vgic_irq *irq;
562 int count = 0;
563
564 ASSERT(spin_is_locked(&vgic_cpu->ap_list_lock));
565
566 if ( compute_ap_list_depth(vcpu) > gic_get_nr_lrs() )
567 vgic_sort_ap_list(vcpu);
568
569 list_for_each_entry( irq, &vgic_cpu->ap_list_head, ap_list )
570 {
571 spin_lock(&irq->irq_lock);
572
573 if ( likely(vgic_target_oracle(irq) == vcpu) )
574 vgic_populate_lr(vcpu, irq, count++);
575
576 spin_unlock(&irq->irq_lock);
577
578 if ( count == gic_get_nr_lrs() )
579 {
580 if ( !list_is_last(&irq->ap_list, &vgic_cpu->ap_list_head) )
581 vgic_set_underflow(vcpu);
582 break;
583 }
584 }
585
586 vcpu->arch.vgic.used_lrs = count;
587 }
588
589 /**
590 * vgic_sync_from_lrs() - Update VGIC state from hardware after a guest's run.
591 * @vcpu: the VCPU for which to transfer from the LRs to the IRQ list.
592 *
593 * Sync back the hardware VGIC state after the guest has run, into our
594 * VGIC emulation structures, It reads the LRs and updates the respective
595 * struct vgic_irq, taking level/edge into account.
596 * This is the high level function which takes care of the conditions,
597 * also bails out early if there were no interrupts queued.
598 * Was: kvm_vgic_sync_hwstate()
599 */
vgic_sync_from_lrs(struct vcpu * vcpu)600 void vgic_sync_from_lrs(struct vcpu *vcpu)
601 {
602 /* An empty ap_list_head implies used_lrs == 0 */
603 if ( list_empty(&vcpu->arch.vgic.ap_list_head) )
604 return;
605
606 vgic_fold_lr_state(vcpu);
607
608 vgic_prune_ap_list(vcpu);
609 }
610
611 /**
612 * vgic_sync_to_lrs() - flush emulation state into the hardware on guest entry
613 *
614 * Before we enter a guest, we have to translate the virtual GIC state of a
615 * VCPU into the GIC virtualization hardware registers, namely the LRs.
616 * This is the high level function which takes care about the conditions
617 * and the locking, also bails out early if there are no interrupts queued.
618 * Was: kvm_vgic_flush_hwstate()
619 */
vgic_sync_to_lrs(void)620 void vgic_sync_to_lrs(void)
621 {
622 /*
623 * If there are no virtual interrupts active or pending for this
624 * VCPU, then there is no work to do and we can bail out without
625 * taking any lock. There is a potential race with someone injecting
626 * interrupts to the VCPU, but it is a benign race as the VCPU will
627 * either observe the new interrupt before or after doing this check,
628 * and introducing additional synchronization mechanism doesn't change
629 * this.
630 */
631 if ( list_empty(¤t->arch.vgic.ap_list_head) )
632 return;
633
634 ASSERT(!local_irq_is_enabled());
635
636 spin_lock(¤t->arch.vgic.ap_list_lock);
637 vgic_flush_lr_state(current);
638 spin_unlock(¤t->arch.vgic.ap_list_lock);
639
640 gic_hw_ops->update_hcr_status(GICH_HCR_EN, 1);
641 }
642
643 /**
644 * vgic_vcpu_pending_irq() - determine if interrupts need to be injected
645 * @vcpu: The vCPU on which to check for interrupts.
646 *
647 * Checks whether there is an interrupt on the given VCPU which needs
648 * handling in the guest. This requires at least one IRQ to be pending
649 * and enabled.
650 *
651 * Returns: > 0 if the guest should run to handle interrupts, 0 otherwise.
652 */
vgic_vcpu_pending_irq(struct vcpu * vcpu)653 int vgic_vcpu_pending_irq(struct vcpu *vcpu)
654 {
655 struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic;
656 struct vgic_irq *irq;
657 unsigned long flags;
658 int ret = 0;
659
660 if ( !vcpu->domain->arch.vgic.enabled )
661 return 0;
662
663 spin_lock_irqsave(&vgic_cpu->ap_list_lock, flags);
664
665 list_for_each_entry(irq, &vgic_cpu->ap_list_head, ap_list)
666 {
667 spin_lock(&irq->irq_lock);
668 ret = irq_is_pending(irq) && irq->enabled;
669 spin_unlock(&irq->irq_lock);
670
671 if ( ret )
672 break;
673 }
674
675 spin_unlock_irqrestore(&vgic_cpu->ap_list_lock, flags);
676
677 return ret;
678 }
679
vgic_kick_vcpus(struct domain * d)680 void vgic_kick_vcpus(struct domain *d)
681 {
682 struct vcpu *vcpu;
683
684 /*
685 * We've injected an interrupt, time to find out who deserves
686 * a good kick...
687 */
688 for_each_vcpu( d, vcpu )
689 {
690 if ( vgic_vcpu_pending_irq(vcpu) )
691 vcpu_kick(vcpu);
692 }
693 }
694
vgic_evtchn_irq_pending(struct vcpu * v)695 bool vgic_evtchn_irq_pending(struct vcpu *v)
696 {
697 struct vgic_irq *irq;
698 unsigned long flags;
699 bool pending;
700
701 /* Does not work for LPIs. */
702 ASSERT(!is_lpi(v->domain->arch.evtchn_irq));
703
704 irq = vgic_get_irq(v->domain, v, v->domain->arch.evtchn_irq);
705 spin_lock_irqsave(&irq->irq_lock, flags);
706 pending = irq_is_pending(irq);
707 spin_unlock_irqrestore(&irq->irq_lock, flags);
708 vgic_put_irq(v->domain, irq);
709
710 return pending;
711 }
712
vgic_reserve_virq(struct domain * d,unsigned int virq)713 bool vgic_reserve_virq(struct domain *d, unsigned int virq)
714 {
715 if ( virq >= vgic_num_irqs(d) )
716 return false;
717
718 return !test_and_set_bit(virq, d->arch.vgic.allocated_irqs);
719 }
720
vgic_allocate_virq(struct domain * d,bool spi)721 int vgic_allocate_virq(struct domain *d, bool spi)
722 {
723 int first, end;
724 unsigned int virq;
725
726 if ( !spi )
727 {
728 /* We only allocate PPIs. SGIs are all reserved */
729 first = 16;
730 end = 32;
731 }
732 else
733 {
734 first = 32;
735 end = vgic_num_irqs(d);
736 }
737
738 /*
739 * There is no spinlock to protect allocated_irqs, therefore
740 * test_and_set_bit may fail. If so retry it.
741 */
742 do
743 {
744 virq = find_next_zero_bit(d->arch.vgic.allocated_irqs, end, first);
745 if ( virq >= end )
746 return -1;
747 } while ( test_and_set_bit(virq, d->arch.vgic.allocated_irqs) );
748
749 return virq;
750 }
751
vgic_free_virq(struct domain * d,unsigned int virq)752 void vgic_free_virq(struct domain *d, unsigned int virq)
753 {
754 clear_bit(virq, d->arch.vgic.allocated_irqs);
755 }
756
gic_dump_vgic_info(struct vcpu * v)757 void gic_dump_vgic_info(struct vcpu *v)
758 {
759 struct vgic_cpu *vgic_cpu = &v->arch.vgic;
760 struct vgic_irq *irq;
761 unsigned long flags;
762
763 spin_lock_irqsave(&v->arch.vgic.ap_list_lock, flags);
764
765 if ( !list_empty(&vgic_cpu->ap_list_head) )
766 printk(" active or pending interrupts queued:\n");
767
768 list_for_each_entry ( irq, &vgic_cpu->ap_list_head, ap_list )
769 {
770 spin_lock(&irq->irq_lock);
771 printk(" %s %s irq %u: %spending, %sactive, %senabled\n",
772 irq->hw ? "hardware" : "virtual",
773 irq->config == VGIC_CONFIG_LEVEL ? "level" : "edge",
774 irq->intid, irq_is_pending(irq) ? "" : "not ",
775 irq->active ? "" : "not ", irq->enabled ? "" : "not ");
776 spin_unlock(&irq->irq_lock);
777 }
778
779 spin_unlock_irqrestore(&v->arch.vgic.ap_list_lock, flags);
780 }
781
vgic_clear_pending_irqs(struct vcpu * v)782 void vgic_clear_pending_irqs(struct vcpu *v)
783 {
784 /*
785 * TODO: It is unclear whether we really need this, so we might instead
786 * remove it on the caller site.
787 */
788 }
789
790 /**
791 * arch_move_irqs() - migrate the physical affinity of hardware mapped vIRQs
792 * @v: the vCPU, already assigned to the new pCPU
793 *
794 * arch_move_irqs() updates the physical affinity of all virtual IRQs
795 * targetting this given vCPU. This only affects hardware mapped IRQs. The
796 * new pCPU to target is already set in v->processor.
797 * This is called by the core code after a vCPU has been migrated to a new
798 * physical CPU.
799 */
arch_move_irqs(struct vcpu * v)800 void arch_move_irqs(struct vcpu *v)
801 {
802 struct domain *d = v->domain;
803 unsigned int i;
804
805 /* We only target SPIs with this function */
806 for ( i = 0; i < d->arch.vgic.nr_spis; i++ )
807 {
808 struct vgic_irq *irq = vgic_get_irq(d, NULL, i + VGIC_NR_PRIVATE_IRQS);
809 unsigned long flags;
810
811 if ( !irq )
812 continue;
813
814 spin_lock_irqsave(&irq->irq_lock, flags);
815
816 /* Only hardware mapped vIRQs that are targeting this vCPU. */
817 if ( irq->hw && irq->target_vcpu == v)
818 {
819 irq_desc_t *desc = irq_to_desc(irq->hwintid);
820
821 irq_set_affinity(desc, cpumask_of(v->processor));
822 }
823
824 spin_unlock_irqrestore(&irq->irq_lock, flags);
825 vgic_put_irq(d, irq);
826 }
827 }
828
vgic_get_hw_irq_desc(struct domain * d,struct vcpu * v,unsigned int virq)829 struct irq_desc *vgic_get_hw_irq_desc(struct domain *d, struct vcpu *v,
830 unsigned int virq)
831 {
832 struct irq_desc *desc = NULL;
833 struct vgic_irq *irq = vgic_get_irq(d, v, virq);
834 unsigned long flags;
835
836 if ( !irq )
837 return NULL;
838
839 spin_lock_irqsave(&irq->irq_lock, flags);
840 if ( irq->hw )
841 {
842 ASSERT(irq->hwintid >= VGIC_NR_PRIVATE_IRQS);
843 desc = irq_to_desc(irq->hwintid);
844 }
845 spin_unlock_irqrestore(&irq->irq_lock, flags);
846
847 vgic_put_irq(d, irq);
848
849 return desc;
850 }
851
vgic_emulate(struct cpu_user_regs * regs,union hsr hsr)852 bool vgic_emulate(struct cpu_user_regs *regs, union hsr hsr)
853 {
854 ASSERT(current->domain->arch.vgic.version == GIC_V3);
855
856 return false;
857 }
858
859 /*
860 * was:
861 * int kvm_vgic_map_phys_irq(struct vcpu *vcpu, u32 virt_irq, u32 phys_irq)
862 * int kvm_vgic_unmap_phys_irq(struct vcpu *vcpu, unsigned int virt_irq)
863 */
vgic_connect_hw_irq(struct domain * d,struct vcpu * vcpu,unsigned int virt_irq,struct irq_desc * desc,bool connect)864 int vgic_connect_hw_irq(struct domain *d, struct vcpu *vcpu,
865 unsigned int virt_irq, struct irq_desc *desc,
866 bool connect)
867 {
868 struct vgic_irq *irq = vgic_get_irq(d, vcpu, virt_irq);
869 unsigned long flags;
870 int ret = 0;
871
872 if ( !irq )
873 return -EINVAL;
874
875 spin_lock_irqsave(&irq->irq_lock, flags);
876
877 if ( connect ) /* assign a mapped IRQ */
878 {
879 /*
880 * The VIRQ should not be already enabled by the guest nor
881 * active/pending in the guest.
882 */
883 if ( !irq->hw && !irq->enabled && !irq->active && !irq->pending_latch )
884 {
885 irq->hw = true;
886 irq->hwintid = desc->irq;
887 }
888 else
889 ret = -EBUSY;
890 }
891 else /* remove a mapped IRQ */
892 {
893 if ( desc && irq->hwintid != desc->irq )
894 {
895 ret = -EINVAL;
896 }
897 else
898 {
899 irq->hw = false;
900 irq->hwintid = 0;
901 }
902 }
903
904 spin_unlock_irqrestore(&irq->irq_lock, flags);
905 vgic_put_irq(d, irq);
906
907 return ret;
908 }
909
translate_irq_type(bool is_level)910 static unsigned int translate_irq_type(bool is_level)
911 {
912 return is_level ? IRQ_TYPE_LEVEL_HIGH : IRQ_TYPE_EDGE_RISING;
913 }
914
vgic_sync_hardware_irq(struct domain * d,irq_desc_t * desc,struct vgic_irq * irq)915 void vgic_sync_hardware_irq(struct domain *d,
916 irq_desc_t *desc, struct vgic_irq *irq)
917 {
918 unsigned long flags;
919
920 spin_lock_irqsave(&desc->lock, flags);
921 spin_lock(&irq->irq_lock);
922
923 /*
924 * We forbid tinkering with the hardware IRQ association during
925 * a domain's lifetime.
926 */
927 ASSERT(irq->hw && desc->irq == irq->hwintid);
928
929 if ( irq->enabled )
930 {
931 /*
932 * We might end up from various callers, so check that the
933 * interrrupt is disabled before trying to change the config.
934 */
935 if ( irq_type_set_by_domain(d) &&
936 test_bit(_IRQ_DISABLED, &desc->status) )
937 gic_set_irq_type(desc, translate_irq_type(irq->config));
938
939 if ( irq->target_vcpu )
940 irq_set_affinity(desc, cpumask_of(irq->target_vcpu->processor));
941 desc->handler->enable(desc);
942 }
943 else
944 desc->handler->disable(desc);
945
946 spin_unlock(&irq->irq_lock);
947 spin_unlock_irqrestore(&desc->lock, flags);
948 }
949
vgic_max_vcpus(unsigned int domctl_vgic_version)950 unsigned int vgic_max_vcpus(unsigned int domctl_vgic_version)
951 {
952 switch ( domctl_vgic_version )
953 {
954 case XEN_DOMCTL_CONFIG_GIC_V2:
955 return VGIC_V2_MAX_CPUS;
956
957 default:
958 return 0;
959 }
960 }
961
962 #ifdef CONFIG_GICV3
963 /* Dummy implementation to allow building without actual vGICv3 support. */
vgic_v3_setup_hw(paddr_t dbase,unsigned int nr_rdist_regions,const struct rdist_region * regions,unsigned int intid_bits)964 void vgic_v3_setup_hw(paddr_t dbase,
965 unsigned int nr_rdist_regions,
966 const struct rdist_region *regions,
967 unsigned int intid_bits)
968 {
969 panic("New VGIC implementation does not yet support GICv3\n");
970 }
971 #endif
972
973 /*
974 * Local variables:
975 * mode: C
976 * c-file-style: "BSD"
977 * c-basic-offset: 4
978 * indent-tabs-mode: nil
979 * End:
980 */
981