|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PATCH v2 21/26] xen/riscv: implement virtual APLIC MMIO emulation
Guests running under Xen program interrupt routing by writing to APLIC
MMIO registers. Xen must intercept these accesses to enforce interrupt
isolation between domains and to translate guest routing intent into the
underlying physical MSI topology.
Writes are gated by the domain's authorised interrupt bitmap so that a
guest cannot affect interrupts it does not own. TARGET register writes
additionally require translation of the hart and IMSIC guest-file
indices from virtual to physical, as the APLIC uses these fields
directly to compute the MSI delivery address.
Delegation (APLIC_SOURCECFG_D) is not yet supported.
Co-developed-by: Romain Caritey <Romain.Caritey@xxxxxxxxxxxxx>
Signed-off-by: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>
---
Changes in v2:
- Merge the following patches into one:
xen/riscv: add vaplic access check:
- Add check that address is properly aligned.
- Check vaplic range intead of APLIC one.
- Return bool from vaplic_is_access instead of int.
xen/riscv: emulate guest writes to virtual APLIC MMIO
- Drop CALC_REG_VALUE.
- Use unsigned int instead of uin32_t for offset.
- s/.../subtracting in the comment.
- start one line comments from the upper case.
- Check the value before being written to sourcecfg register.
- 'unsigned int' for loop index.
- Omit unneessary braces.
- s/vaplic_update_target/aplic_msi_target_gen.
- Use IMSIC_MMIO_PAGE_SHIFT instead of 12 in aplic_msi_target_gen().
- Drop explicit usage of APLIC register in store function.
- Drop APLIC_REG_{GET,SET} macros and introudce APLIC specific funtcions.
- Ignore write to SOURCECFG_BASE when value is out-of-range.
- Drop ASSERT(!target_vcpu) inside handler of targer register setting,
just avoid such writings + debug message.
- domain_crash() instead of panic() in the case of default case.
- Drop ASSERT() in APLIC_SOURCE_CFG_BASE case and use domain_crash()
instead.
xen/riscv: emulate guest reads from virtual APLIC MMIO:
- s/regval_to_irqn/regindx_to_irqn.
- pass to to_vaplic() a domain instead of vintc.
- add check that load access is aligned.
- instead of panic() just crash a domain().
- use 'unsigned int' for local variable offset.
- Return 0 in the case APLIC_CLRIE_BASE ...APLIC_CLRIE_LAST reading to
follow AIA spec.
- Drop explicit usage of physical APLIC registers.
---
xen/arch/riscv/aplic.c | 25 +++
xen/arch/riscv/include/asm/aplic.h | 9 +
xen/arch/riscv/include/asm/intc.h | 10 +-
xen/arch/riscv/include/asm/vaplic.h | 3 +
xen/arch/riscv/vaplic.c | 289 +++++++++++++++++++++++++++-
5 files changed, 333 insertions(+), 3 deletions(-)
diff --git a/xen/arch/riscv/aplic.c b/xen/arch/riscv/aplic.c
index 1c8fd0145eb2..1976733dfbaa 100644
--- a/xen/arch/riscv/aplic.c
+++ b/xen/arch/riscv/aplic.c
@@ -40,6 +40,31 @@ static struct intc_info __ro_after_init aplic_info = {
.hw_version = INTC_APLIC,
};
+uint32_t aplic_hw_read_reg(unsigned int offset, uint32_t mask)
+{
+ unsigned long flags;
+ uint32_t val;
+
+ ASSERT(offset < aplic.size);
+
+ spin_lock_irqsave(&aplic.lock, flags);
+ val = readl((void __iomem *)((uintptr_t)aplic.regs + offset)) & mask;
+ spin_unlock_irqrestore(&aplic.lock, flags);
+
+ return val;
+}
+
+void aplic_hw_write_reg(unsigned int offset, uint32_t value)
+{
+ unsigned long flags;
+
+ ASSERT(offset < aplic.size);
+
+ spin_lock_irqsave(&aplic.lock, flags);
+ writel(value, (void __iomem *)((uintptr_t)aplic.regs + offset));
+ spin_unlock_irqrestore(&aplic.lock, flags);
+}
+
static void __init aplic_init_hw_interrupts(void)
{
unsigned int i;
diff --git a/xen/arch/riscv/include/asm/aplic.h
b/xen/arch/riscv/include/asm/aplic.h
index e418fc53433b..7905db9876d4 100644
--- a/xen/arch/riscv/include/asm/aplic.h
+++ b/xen/arch/riscv/include/asm/aplic.h
@@ -15,6 +15,8 @@
#include <asm/imsic.h>
+#define APLIC_NUM_REGS 32
+
#define APLIC_REG_OFFSET_MASK 0x3fff
#define APLIC_TARGET_IPRIO_MASK 0xff
#define APLIC_TARGET_GUEST_IDX_SHIFT 12
@@ -24,6 +26,8 @@
#define APLIC_DOMAINCFG_IE BIT(8, U)
#define APLIC_DOMAINCFG_DM BIT(2, U)
+#define APLIC_SOURCECFG_D BIT(10, U)
+
#define APLIC_SOURCECFG_SM_INACTIVE 0x0
#define APLIC_SOURCECFG_SM_DETACH 0x1
#define APLIC_SOURCECFG_SM_EDGE_RISE 0x4
@@ -71,6 +75,8 @@
#define APLIC_SIZE(nr_cpus) (APLIC_MIN_SIZE + \
APLIC_SIZE_ALIGN(APLIC_IDC_SIZE * (nr_cpus)))
+#define APLIC_SETCLR_OFFSET_MASK ((32 * sizeof(uint32_t)) - 1)
+
struct aplic_regs {
uint32_t domaincfg; /* 0x0000 */
uint32_t sourcecfg[1023]; /* 0x0004 */
@@ -114,4 +120,7 @@ struct aplic_regs {
uint32_t target[1023]; /* 0x3008 */
};
+uint32_t aplic_hw_read_reg(unsigned int offset, uint32_t mask);
+void aplic_hw_write_reg(unsigned int offset, uint32_t value);
+
#endif /* ASM_RISCV_APLIC_H */
diff --git a/xen/arch/riscv/include/asm/intc.h
b/xen/arch/riscv/include/asm/intc.h
index 1ff992b6c20b..641c83125a5b 100644
--- a/xen/arch/riscv/include/asm/intc.h
+++ b/xen/arch/riscv/include/asm/intc.h
@@ -64,7 +64,15 @@ struct vintc_ops {
int (*vcpu_init)(struct vcpu *v);
/* Check if a address is virtual interrupt controller MMIO */
- int (*is_access)(const struct vcpu *v, unsigned long addr);
+ bool (*is_access)(const struct vcpu *v, unsigned long addr);
+
+ /* Emulate load to virtual interrupt controller MMIOs */
+ int (*emulate_load)(const struct vcpu *vcpu, unsigned long addr,
+ uint32_t *out);
+
+ /* Emulate store to virtual interrupt controller MMIOs */
+ int (*emulate_store)(const struct vcpu *vcpu, unsigned long addr,
+ uint32_t in);
};
struct vintc {
diff --git a/xen/arch/riscv/include/asm/vaplic.h
b/xen/arch/riscv/include/asm/vaplic.h
index 630ca14657f2..0fa690fcb2d7 100644
--- a/xen/arch/riscv/include/asm/vaplic.h
+++ b/xen/arch/riscv/include/asm/vaplic.h
@@ -26,6 +26,9 @@ struct vaplic_regs {
struct vaplic {
struct vintc vintc;
struct vaplic_regs regs;
+
+ paddr_t regs_start;
+ paddr_t regs_size;
};
int domain_vaplic_init(struct domain *d);
diff --git a/xen/arch/riscv/vaplic.c b/xen/arch/riscv/vaplic.c
index 3f967464335a..57c3433ba03b 100644
--- a/xen/arch/riscv/vaplic.c
+++ b/xen/arch/riscv/vaplic.c
@@ -26,6 +26,283 @@
#define FDT_VAPLIC_INT_CELLS 2
+#define AUTH_IRQ_BIT(d, irqn) ( \
+ ((irqn) <= (d)->arch.vintc->irq_nums) && \
+ test_bit(irqn, (d)->arch.vintc->allocated_irqs) )
+
+#define regindx_to_irqn(reg_val) ((reg_val) / sizeof(uint32_t))
+
+static inline uint32_t generate_auth_mask(const struct domain *d,
+ unsigned int irqsn)
+{
+ if ( irqsn >= DIV_ROUND_UP(d->arch.vintc->irq_nums,
+ sizeof(uint32_t) * BITS_PER_BYTE) )
+ {
+ dprintk(XENLOG_DEBUG, "incorrect irqsn(%d) is passed\n", irqsn);
+
+ return 0U;
+ }
+
+ return *((uint32_t *)d->arch.vintc->allocated_irqs + irqsn);
+}
+
+static int vaplic_emulate_load(const struct vcpu *vcpu,
+ const unsigned long addr, uint32_t *out)
+{
+ const struct domain *d = vcpu->domain;
+ const struct vaplic *vaplic = to_vaplic(d);
+ const unsigned int offset = addr & APLIC_REG_OFFSET_MASK;
+ uint32_t auth_mask;
+ unsigned int i;
+
+ switch ( offset )
+ {
+ case APLIC_DOMAINCFG:
+ *out = vaplic->regs.domaincfg;
+
+ return 0;
+
+ case APLIC_SETIPNUM:
+ case APLIC_SETIPNUM_LE:
+ case APLIC_CLRIPNUM:
+ case APLIC_SETIENUM:
+ case APLIC_CLRIENUM:
+ case APLIC_CLRIE_BASE ... APLIC_CLRIE_LAST:
+ /*
+ * Based on the RISC-V AIA spec a read of these registers
+ * always returns zero
+ */
+ *out = 0;
+
+ return 0;
+
+ case APLIC_SETIP_BASE ... APLIC_SETIP_LAST:
+ case APLIC_CLRIP_BASE ... APLIC_CLRIP_LAST:
+ case APLIC_SETIE_BASE ... APLIC_SETIE_LAST:
+ i = regindx_to_irqn(offset & APLIC_SETCLR_OFFSET_MASK);
+ auth_mask = generate_auth_mask(d, i);
+
+ break;
+
+ case APLIC_TARGET_BASE ... APLIC_TARGET_LAST:
+ /*
+ * As target registers start for 1:
+ * 0x3000 genmsi
+ * 0x3004 target[1]
+ * 0x3008 target[2]
+ * ...
+ * 0x3FFC target[1023]
+ * It is necessary to calculate an interrupt number by substracting
+ * of APLIC_GENMSI instead of APLIC_TARGET_BASE.
+ */
+ i = regindx_to_irqn(offset - APLIC_GENMSI);
+
+ if ( !AUTH_IRQ_BIT(d, i) )
+ {
+ *out = 0;
+
+ return 0;
+ }
+
+ auth_mask = ~0U;
+
+ break;
+
+ default:
+ gdprintk(XENLOG_WARNING, "Unhandled APLIC read at offset %#x\n",
+ offset);
+
+ domain_crash(vcpu->domain);
+
+ return -EINVAL;
+ }
+
+ *out = aplic_hw_read_reg(offset, auth_mask);
+
+ return 0;
+}
+
+static uint32_t aplic_msi_target_gen(const struct vcpu *target_vcpu,
+ uint32_t base_val)
+{
+ const struct imsic_config *imsic = imsic_get_config();
+ unsigned int guest_id = vcpu_guest_file_id(target_vcpu);
+ unsigned long hart_id = cpuid_to_hartid(target_vcpu->processor);
+ unsigned long group_index;
+ unsigned int hhxw = imsic->group_index_bits;
+ unsigned int lhxw = imsic->hart_index_bits;
+ unsigned int hhxs = imsic->group_index_shift - IMSIC_MMIO_PAGE_SHIFT * 2;
+ unsigned long base_ppn = imsic->msi[hart_id].base_addr >>
IMSIC_MMIO_PAGE_SHIFT;
+
+ group_index = (base_ppn >> (hhxs + IMSIC_MMIO_PAGE_SHIFT)) & (BIT(hhxw,
UL) - 1);
+
+ base_val &= APLIC_TARGET_EIID_MASK;
+ base_val |= guest_id << APLIC_TARGET_GUEST_IDX_SHIFT;
+ base_val |= hart_id << APLIC_TARGET_HART_IDX_SHIFT;
+ base_val |= group_index << (lhxw + APLIC_TARGET_HART_IDX_SHIFT);
+
+ return base_val;
+}
+
+static int cf_check vaplic_emulate_store(const struct vcpu *vcpu,
+ unsigned long addr, uint32_t value)
+{
+ int rc = -EINVAL;
+ const struct domain *d = vcpu->domain;
+ unsigned int offset = addr & APLIC_REG_OFFSET_MASK;
+
+ switch ( offset )
+ {
+ case APLIC_SETIP_BASE ... APLIC_SETIP_LAST:
+ case APLIC_CLRIP_BASE ... APLIC_CLRIP_LAST:
+ case APLIC_SETIE_BASE ... APLIC_SETIE_LAST:
+ case APLIC_CLRIE_BASE ... APLIC_CLRIE_LAST:
+ {
+ unsigned int irqn = regindx_to_irqn(offset & APLIC_SETCLR_OFFSET_MASK);
+ value &= generate_auth_mask(d, irqn);
+
+ break;
+ }
+
+ case APLIC_SOURCECFG_BASE ... APLIC_SOURCECFG_LAST:
+ if ( value & APLIC_SOURCECFG_D )
+ {
+ rc = -EOPNOTSUPP;
+
+ dprintk(XENLOG_ERR, "APLIC_SOURCECFG_D isn't supported\n");
+
+ goto fail;
+ }
+
+ /*
+ * As sourcecfg register starts from 1:
+ * 0x0000 domaincfg
+ * 0x0004 sourcecfg[1]
+ * 0x0008 sourcecfg[2]
+ * ...
+ * 0x0FFC sourcecfg[1023]
+ * It is necessary to calculate an interrupt number by subtracting
+ * of APLIC_DOMAINCFG instead of APLIC_SOURCECFG_BASE.
+ */
+ if ( !AUTH_IRQ_BIT(d, regindx_to_irqn(offset - APLIC_DOMAINCFG)) )
+ /* Interrupt not enabled, ignore it */
+ return 0;
+
+ if ( value > APLIC_SOURCECFG_SM_LEVEL_LOW )
+ {
+ gdprintk(XENLOG_ERR,
+ "value(%u) is incorrect for sourcecfg register\n", value);
+
+ return 0;
+ }
+
+ break;
+
+ case APLIC_TARGET_BASE ... APLIC_TARGET_LAST:
+ {
+ struct vcpu *target_vcpu = NULL;
+
+ /*
+ * Look at vaplic_emulate_load() for explanation why
+ * APLIC_GENMSI is subtracted.
+ */
+ if ( !AUTH_IRQ_BIT(d, regindx_to_irqn(offset - APLIC_GENMSI)) )
+ /* Interrupt not enabled, ignore it */
+ return 0;
+
+ for ( unsigned int i = 0; i < vcpu->domain->max_vcpus; i++ )
+ {
+ struct vcpu *v = vcpu->domain->vcpu[i];
+
+ if ( v->vcpu_id == (value >> APLIC_TARGET_HART_IDX_SHIFT) )
+ {
+ target_vcpu = v;
+ break;
+ }
+ }
+
+ if ( !target_vcpu )
+ {
+ dprintk(XENLOG_ERR, "Invalid vCPU id in target register\n");
+
+ /* Ignore such writings */
+ return 0;
+ }
+
+ value = aplic_msi_target_gen(target_vcpu, value);
+
+ break;
+ }
+
+ case APLIC_SETIPNUM:
+ case APLIC_SETIPNUM_LE:
+ case APLIC_CLRIPNUM:
+ case APLIC_SETIENUM:
+ case APLIC_CLRIENUM:
+ if ( !value || !AUTH_IRQ_BIT(d, value) )
+ return 0;
+
+ break;
+
+ case APLIC_DOMAINCFG:
+ /*
+ * TODO:
+ * The domaincfg register has this format:
+ * bits 31:24 read-only 0x80
+ * bit 8 IE
+ * bit 7 read-only 0
+ * bit 2 DM (WARL)
+ * bit 0 BE (WARL)
+ *
+ * The most interesting bit for us is IE(Interrupt Enable) bit.
+ * At the moment, at least, Linux doesn't use domaincfg.IE bit to
+ * disable interrupts globally, but if one day someone will use it
+ * then extra actions should be done.
+ */
+
+ printk_once("%s: Ignore writes to domaincfg as it is set by aplic "
+ " during initialization in Xen\n", __func__);
+
+ return 0;
+
+ default:
+ goto fail;
+ }
+
+ aplic_hw_write_reg(offset, value);
+
+ return 0;
+
+ fail:
+ domain_crash(vcpu->domain,
+ "Unhandled APLIC write at offset %#x (value %#x)\n", offset,
+ value);
+
+ return rc;
+}
+
+static bool cf_check vaplic_is_access(const struct vcpu *vcpu,
+ unsigned long addr)
+{
+ const struct vaplic *vaplic = to_vaplic(vcpu->domain);
+ paddr_t start = vaplic->regs_start;
+ paddr_t end = vaplic->regs_start + vaplic->regs_size;
+
+ if ( addr & 0x3 )
+ {
+ dprintk(XENLOG_DEBUG,
+ "APLIC MMIO address should be properly aligned\n");
+
+ return false;
+ }
+
+ /* check if it is an APLIC access */
+ if ( start <= addr && addr < end )
+ return true;
+
+ return false;
+}
+
static int cf_check vcpu_vaplic_init(struct vcpu *v)
{
int rc = 0;
@@ -54,19 +331,24 @@ static int cf_check vcpu_vaplic_init(struct vcpu *v)
static int __init cf_check vaplic_make_domu_dt_node(struct kernel_info *kinfo)
{
+ struct domain *d = kinfo->bd.d;
int res = 0;
void *fdt = kinfo->fdt;
unsigned int msi_parent_phandle;
char vaplic_name[128];
paddr_t aplic_addr = GUEST_APLIC_S_BASE;
- paddr_t aplic_size = APLIC_SIZE(kinfo->bd.d->max_vcpus);
+ paddr_t aplic_size = APLIC_SIZE(d->max_vcpus);
const __be32 reg[] = {
cpu_to_be32(aplic_addr >> 32),
cpu_to_be32(aplic_addr),
cpu_to_be32(aplic_size >> 32),
cpu_to_be32(aplic_size),
};
- struct vintc *vintc = kinfo->bd.d->arch.vintc;
+ struct vintc *vintc = d->arch.vintc;
+ struct vaplic *vaplic = to_vaplic(d);
+
+ vaplic->regs_start = GUEST_APLIC_S_BASE;
+ vaplic->regs_size = aplic_size;
res = snprintf(vaplic_name, sizeof(vaplic_name), "/soc/aplic@%x",
GUEST_APLIC_S_BASE);
@@ -121,6 +403,9 @@ static const struct vintc_init_ops __initdata init_ops = {
static const struct vintc_ops vintc_ops = {
.vcpu_init = vcpu_vaplic_init,
+ .is_access = vaplic_is_access,
+ .emulate_store = vaplic_emulate_store,
+ .emulate_load = vaplic_emulate_load,
};
int __init domain_vaplic_init(struct domain *d)
--
2.54.0
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |