|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH v6 1/5] xen/arm: observe itargets setting in vgic_enable_irqs and vgic_disable_irqs
vgic_enable_irqs should enable irq delivery to the vcpu specified by
GICD_ITARGETSR, rather than the vcpu that wrote to GICD_ISENABLER.
Similarly vgic_disable_irqs should use the target vcpu specified by
itarget to disable irqs.
itargets can be set to a mask but vgic_get_target_vcpu always returns
the lower vcpu in the mask.
Correctly initialize itargets for SPIs.
Ignore bits in GICD_ITARGETSR corresponding to invalid vcpus.
Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
---
Changes in v6:
- add assert and bug_on;
- add in-code comments;
- move additional check on itargets writing from the following patch to
this patch;
- sizeof(itargets) instead of 8*sizeof(itargets[0]);
- remove the unneeded cast of &target for find_first_bit.
Changes in v5:
- improve in-code comments;
- use vgic_rank_irq;
- use bit masks to write-ignore GICD_ITARGETSR;
- introduce an version of vgic_get_target_vcpu that doesn't take the
rank lock;
- keep the rank lock while enabling/disabling irqs;
- use find_first_bit instead of find_next_bit;
- check for zero writes to GICD_ITARGETSR.
Changes in v4:
- remove assert that could allow a guest to crash Xen;
- add itargets validation to vgic_distr_mmio_write;
- export vgic_get_target_vcpu.
Changes in v3:
- add assert in get_target_vcpu;
- rename get_target_vcpu to vgic_get_target_vcpu.
Changes in v2:
- refactor the common code in get_target_vcpu;
- unify PPI and SPI paths;
- correctly initialize itargets for SPI;
- use byte_read.
---
xen/arch/arm/vgic.c | 78 ++++++++++++++++++++++++++++++++++++++-------
xen/include/asm-arm/gic.h | 2 ++
2 files changed, 68 insertions(+), 12 deletions(-)
diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
index 757707e..1e1c244 100644
--- a/xen/arch/arm/vgic.c
+++ b/xen/arch/arm/vgic.c
@@ -111,7 +111,13 @@ int domain_vgic_init(struct domain *d)
INIT_LIST_HEAD(&d->arch.vgic.pending_irqs[i].lr_queue);
}
for (i=0; i<DOMAIN_NR_RANKS(d); i++)
+ {
spin_lock_init(&d->arch.vgic.shared_irqs[i].lock);
+ /* By default deliver to CPU0 */
+ memset(d->arch.vgic.shared_irqs[i].itargets,
+ 0x1,
+ sizeof(d->arch.vgic.shared_irqs[i].itargets));
+ }
return 0;
}
@@ -374,6 +380,35 @@ read_as_zero:
return 1;
}
+/* the rank lock is already taken */
+static struct vcpu *_vgic_get_target_vcpu(struct vcpu *v, unsigned int irq)
+{
+ unsigned long target;
+ struct vcpu *v_target;
+ struct vgic_irq_rank *rank = vgic_rank_irq(v, irq);
+ ASSERT(spin_is_locked(&rank->lock));
+
+ target = byte_read(rank->itargets[(irq%32)/4], 0, irq % 4);
+ /* 1-N SPI should be delivered as pending to all the vcpus in the
+ * mask, but here we just return the first vcpu for simplicity and
+ * because it would be too slow to do otherwise. */
+ target = find_first_bit(&target, 8);
+ v_target = v->domain->vcpu[target];
+ return v_target;
+}
+
+/* takes the rank lock */
+struct vcpu *vgic_get_target_vcpu(struct vcpu *v, unsigned int irq)
+{
+ struct vcpu *v_target;
+ struct vgic_irq_rank *rank = vgic_rank_irq(v, irq);
+
+ vgic_lock_rank(v, rank);
+ v_target = _vgic_get_target_vcpu(v, irq);
+ vgic_unlock_rank(v, rank);
+ return v_target;
+}
+
static void vgic_disable_irqs(struct vcpu *v, uint32_t r, int n)
{
const unsigned long mask = r;
@@ -381,12 +416,14 @@ static void vgic_disable_irqs(struct vcpu *v, uint32_t r,
int n)
unsigned int irq;
unsigned long flags;
int i = 0;
+ struct vcpu *v_target;
while ( (i = find_next_bit(&mask, 32, i)) < 32 ) {
irq = i + (32 * n);
- p = irq_to_pending(v, irq);
+ v_target = _vgic_get_target_vcpu(v, irq);
+ p = irq_to_pending(v_target, irq);
clear_bit(GIC_IRQ_GUEST_ENABLED, &p->status);
- gic_remove_from_queues(v, irq);
+ gic_remove_from_queues(v_target, irq);
if ( p->desc != NULL )
{
spin_lock_irqsave(&p->desc->lock, flags);
@@ -404,24 +441,26 @@ static void vgic_enable_irqs(struct vcpu *v, uint32_t r,
int n)
unsigned int irq;
unsigned long flags;
int i = 0;
+ struct vcpu *v_target;
while ( (i = find_next_bit(&mask, 32, i)) < 32 ) {
irq = i + (32 * n);
- p = irq_to_pending(v, irq);
+ v_target = _vgic_get_target_vcpu(v, irq);
+ p = irq_to_pending(v_target, irq);
set_bit(GIC_IRQ_GUEST_ENABLED, &p->status);
/* We need to force the first injection of evtchn_irq because
* evtchn_upcall_pending is already set by common code on vcpu
* creation. */
- if ( irq == v->domain->arch.evtchn_irq &&
+ if ( irq == v_target->domain->arch.evtchn_irq &&
vcpu_info(current, evtchn_upcall_pending) &&
list_empty(&p->inflight) )
- vgic_vcpu_inject_irq(v, irq);
+ vgic_vcpu_inject_irq(v_target, irq);
else {
unsigned long flags;
- spin_lock_irqsave(&v->arch.vgic.lock, flags);
+ spin_lock_irqsave(&v_target->arch.vgic.lock, flags);
if ( !list_empty(&p->inflight) && !test_bit(GIC_IRQ_GUEST_VISIBLE,
&p->status) )
- gic_raise_guest_irq(v, irq, p->priority);
- spin_unlock_irqrestore(&v->arch.vgic.lock, flags);
+ gic_raise_guest_irq(v_target, irq, p->priority);
+ spin_unlock_irqrestore(&v_target->arch.vgic.lock, flags);
}
if ( p->desc != NULL )
{
@@ -536,8 +575,8 @@ static int vgic_distr_mmio_write(struct vcpu *v,
mmio_info_t *info)
vgic_lock_rank(v, rank);
tr = rank->ienable;
rank->ienable |= *r;
- vgic_unlock_rank(v, rank);
vgic_enable_irqs(v, (*r) & (~tr), gicd_reg - GICD_ISENABLER);
+ vgic_unlock_rank(v, rank);
return 1;
case GICD_ICENABLER ... GICD_ICENABLERN:
@@ -547,8 +586,8 @@ static int vgic_distr_mmio_write(struct vcpu *v,
mmio_info_t *info)
vgic_lock_rank(v, rank);
tr = rank->ienable;
rank->ienable &= ~*r;
- vgic_unlock_rank(v, rank);
vgic_disable_irqs(v, (*r) & tr, gicd_reg - GICD_ICENABLER);
+ vgic_unlock_rank(v, rank);
return 1;
case GICD_ISPENDR ... GICD_ISPENDRN:
@@ -589,12 +628,27 @@ static int vgic_distr_mmio_write(struct vcpu *v,
mmio_info_t *info)
if ( dabt.size != 0 && dabt.size != 2 ) goto bad_width;
rank = vgic_rank_offset(v, 8, gicd_reg - GICD_ITARGETSR);
if ( rank == NULL) goto write_ignore;
+ /* 8-bit vcpu mask for this domain */
+ BUG_ON(v->domain->max_vcpus > 8);
+ tr = (1 << v->domain->max_vcpus) - 1;
+ if ( dabt.size == 2 )
+ tr = tr | (tr << 8) | (tr << 16) | (tr << 24);
+ else
+ tr = (tr << (8 * (offset & 0x3)));
+ tr &= *r;
+ /* ignore zero writes */
+ if ( !tr )
+ goto write_ignore;
+ if ( dabt.size == 2 &&
+ !((tr & 0xff) && (tr & (0xff << 8)) &&
+ (tr & (0xff << 16)) && (tr & (0xff << 24))))
+ goto write_ignore;
vgic_lock_rank(v, rank);
if ( dabt.size == 2 )
- rank->itargets[REG_RANK_INDEX(8, gicd_reg - GICD_ITARGETSR)] = *r;
+ rank->itargets[REG_RANK_INDEX(8, gicd_reg - GICD_ITARGETSR)] = tr;
else
byte_write(&rank->itargets[REG_RANK_INDEX(8, gicd_reg -
GICD_ITARGETSR)],
- *r, offset);
+ tr, offset);
vgic_unlock_rank(v, rank);
return 1;
diff --git a/xen/include/asm-arm/gic.h b/xen/include/asm-arm/gic.h
index 8e37ccf..3950554 100644
--- a/xen/include/asm-arm/gic.h
+++ b/xen/include/asm-arm/gic.h
@@ -226,6 +226,8 @@ int gic_irq_xlate(const u32 *intspec, unsigned int intsize,
unsigned int *out_hwirq, unsigned int *out_type);
void gic_clear_lrs(struct vcpu *v);
+struct vcpu *vgic_get_target_vcpu(struct vcpu *v, unsigned int irq);
+
#endif /* __ASSEMBLY__ */
#endif
--
1.7.10.4
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |