* [PATCH v6 00/36] arm64: Dom0 ITS emulation
@ 2017-04-07 17:32 Andre Przywara
2017-04-07 17:32 ` [PATCH v6 01/36] ARM: GICv3 ITS: parse and store ITS subnodes from hardware DT Andre Przywara
` (35 more replies)
0 siblings, 36 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Hi,
this is a bit special version of the ITS emulation series. It basically
splits the series into two parts, of which the first one is ready to be
merged, while the second part has to be postponed.
This post contains the whole series for the sake of completeness.
This addresses the review comments on the last post, focussing on the
first part.
The locking in the MMIO register access has been fixed, both for the
redistributor and for the ITS itself. This still leaves room for some
future optimization.
Also I dropped the GENMASK_ULL and BIT_ULL patches and only use the
existing macros. I kept the Reviewed-by: tags for patches where those
were the only changes, hope that is fine with the reviewers. Let me
know otherwise.
Detailed changelog below.
Cheers,
Andre
----------------------------------
This series adds support for emulation of an ARM GICv3 ITS interrupt
controller. For hardware which relies on the ITS to provide interrupts for
its peripherals this code is needed to get a machine booted into Dom0 at
all. ITS emulation for DomUs is only really useful with PCI passthrough,
which is not yet available for ARM. It is expected that this feature
will be co-developed with the ITS DomU code. However this code drop here
considered DomU emulation already, to keep later architectural changes
to a minimum.
This is technical preview version to allow early testing of the feature.
Things not (properly) addressed in this release:
- The MOVALL command is not emulated. In our case there is really nothing
to do here. We might need to revisit this in the future for DomU support.
- The INVALL command might need some rework to be more efficient. Currently
we iterate over all mapped LPIs, which might take a bit longer.
- Indirect tables are not supported. This affects both the host and the
virtual side.
- The command queue locking is currently suboptimal and should be made more
fine-grained in the future, if possible.
- We need to properly investigate the possible interaction when devices get
removed. This requires to properly clean up and remove any associated
resources like pending or in-flight LPIs, for instance.
Some generic design principles:
* The current GIC code statically allocates structures for each supported
IRQ (both for the host and the guest), which due to the potentially
millions of LPI interrupts is not feasible to copy for the ITS.
So we refrain from introducing the ITS as a first class Xen interrupt
controller, also we don't hold struct irq_desc's or struct pending_irq's
for each possible LPI.
Fortunately LPIs are only interesting to guests, so we get away with
storing only the virtual IRQ number and the guest VCPU for each allocated
host LPI, which can be stashed into one uint64_t. This data is stored in
a two-level table, which is both memory efficient and quick to access.
We hook into the existing IRQ handling and VGIC code to avoid accessing
the normal structures, providing alternative methods for getting the
needed information (priority, is enabled?) for LPIs.
Whenever a guest maps a device, we allocate the maximum required number
of struct pending_irq's, so that any triggering LPI can find its data
structure. Upon the guest actually mapping the LPI, this pointer to the
corresponding pending_irq gets entered into a radix tree, so that it can
be quickly looked up.
* On the guest side we (later will) have to deal with malicious guests
trying to hog Xen with mapping requests for a lot of LPIs, for instance.
As the ITS actually uses system memory for storing status information,
we use this memory (which the guest has to provide) to naturally limit
a guest. Whenever we need information from any of the ITS tables, we
temporarily map them (which is cheap on arm64) and copy the required data.
* An obvious approach to handling some guest ITS commands would be to
propagate them to the host, for instance to map devices and LPIs and
to enable or disable LPIs.
However this (later with DomU support) will create an attack vector, as
a malicious guest could try to fill the host command queue with
propagated commands.
So we try to avoid this situation: Dom0 sending a device mapping (MAPD)
command is the only time we allow queuing commands to the host ITS command
queue, as this seems to be the only reliable way of getting the
required information at the moment. However at the same time we map all
events to LPIs already, also enable them. This avoids sending commands
later at runtime, as we can deal with mappings and LPI enabling/disabling
internally.
To accomodate the tech preview nature of this feature at the moment, there
is a Kconfig option to enable it. Also it is supported on arm64 only, which
will most likely not change in the future.
This leads to some hideous constructs like an #ifdef'ed header file with
empty function stubs to accomodate arm32 and non-ITS builds, which share
some generic code paths with the ITS emulation.
The number of supported LPIs can be limited on the command line, in case
the number reported by the hardware is too high. As Xen cannot foresee how
many interrupts the guests will need, we cater for as many as possible.
The command line parameter is called max-lpi-bits and expresses the number
of bits required to hold an interrupt ID. It defaults to 20, if that is
lower than the number supported by the hardware.
This code boots Dom0 on an ARM Fast Model with ITS support. I tried to
address the issues seen by people running the previous versions on real
hardware, though couldn't verify this here for myself.
So any testing, bug reports (and possibly even fixes) are very welcome.
The code can also be found on the its/v6 branch here:
git://linux-arm.org/xen-ap.git
http://www.linux-arm.org/git?p=xen-ap.git;a=shortlog;h=refs/heads/its/v6
Cheers,
Andre
Changelog v5 ... v6:
- reordered patches to allow splitting the series
- introduced functions later to avoid warnings on intermediate builds
- refactored common code changes into separate patches
- removed bogus host_its_list from non-ITS build
- dropped GENMASK_ULL and BIT_ULL (both patches and their usage later)
- rework locking in MMIO register reads and writes
- protect new code from being executed without an ITS being configured
- fix vgic_access_guest_memory (now a separate patch)
- some more comments and TODOs
Changelog v4 ... v5:
- adding many comments
- spinlock asserts
- rename r_host_lpis to max_host_lpi_ids
- remove max_its_device_bits command line
- add warning on high number of LPIs
- avoid potential leak on host MAPD
- properly handle nr_events rounding
- remove unmap_all_devices(), replace with ASSERT
- add barriers for (lockless) host LPI lookups
- add proper locking in ITS and redist MMIO register handling
- rollback failing device mapping
- fix various printks
- add vgic_access_guest_memory() and use it
- (getting rid of page mapping functions and helpers)
- drop table mapping / unmapping on redist/ITS enable/disable
- minor reworks in functions as per review comments
- fix ITS enablement check
- move lpi_to_pending() and lpi_get_priority() to vgic_ops
- move do_LPI() to gic_hw_ops
- whitespace and hard tabs fixes
- introduce ITS domain init function (and use it for the rbtree)
- enable IRQs around do_LPI
- implement TODOs for later optimizations
- add "v" prefix to variables holding virtual properties
- provide locked and normal versions of read/write_itte
- only CLEAR LPI if not already guest visible (plus comment)
- update LPI property on MAPTI
- store vcpu_id in pending_irq for LPIs (helps INVALL)
- improve INVALL implementation to only cover LPIs on this VCPU
- improve virtual BASE register initialization
- limit number of virtual LPIs to 24 bits (Linux bug at 32??)
- only inject LPIs if redistributor is actually enabled
Changelog v3 .. v4:
- make HAS_ITS depend on EXPERT
- introduce new patch 02 to initialize host ITS early
- fix cmd_lock init position
- introduce warning on high number of LPI allocations
- various int -> unsigned fixes
- adding and improving comments
- rate limit ITS command queue full msg
- drop unneeded checks
- validate against allowed number of device IDs
- avoid memory leaks when removing devices
- improve algorithm for finding free host LPI
- convert unmap_all_devices from goto to while loop
- add message on remapping ITS device
- name virtual device / event IDs properly
- use atomic read when reading ITT entry
Changelog v2 .. v3:
- preallocate struct pending_irq's
- map ITS and redistributor tables only on demand
- store property, enable and pending bit in struct pending_irq
- improve error checking and handling
- add comments
Changelog v1 .. v2:
- clean up header file inclusion
- rework host ITS table allocation: observe attributes, many fixes
- remove patch 1 to export __flush_dcache_area, use existing function instead
- use number of LPIs internally instead of number of bits
- keep host_its_list as private as possible
- keep struct its_devices private
- rework gicv3_its_map_guest_devices
- fix rbtree issues
- more error handling and propagation
- cope with GICv4 implementations (but no virtual LPI features!)
- abstract host and guest ITSes by using doorbell addresses
- join per-redistributor variables into one per-CPU structure
- fix data types (unsigned int)
- many minor bug fixes
(Rough) changelog RFC-v2 .. v1:
- split host ITS driver into gic-v3-lpi.c and gic-v3-its.c part
- rename virtual ITS driver file to vgic-v3-its.c
- use macros and named constants for all magic numbers
- use atomic accessors for accessing the host LPI data
- remove leftovers from connecting virtual and host ITSes
- bail out if host ITS is disabled in the DT
- rework map/unmap_guest_pages():
- split off p2m part as get/put_guest_pages (to be done on allocation)
- get rid of vmap, using map_domain_page() instead
- delay allocation of virtual tables until actual LPI/ITS enablement
- properly size both virtual and physical tables upon allocation
- fix put_domain() locking issues in physdev_op and LPI handling code
- add and extend comments in various areas
- fix lotsa coding style and white space issues, including comment style
- add locking to data structures not yet covered
- fix various locking issues
- use an rbtree to deal with ITS devices (instead of a list)
- properly handle memory attributes for ITS tables
- handle cacheable/non-cacheable ITS table mappings
- sanitize guest provided ITS/LPI table attributes
- fix breakage on non-GICv2 compatible host GICv3 controllers
- add command line parameters on top of Kconfig options
- properly wait for an ITS to become quiescient before enabling it
- handle host ITS command queue errors
- actually wait for host ITS command completion (READR==WRITER)
- fix ARM32 compilation
- various patch splits and reorderings
Andre Przywara (36):
ARM: GICv3 ITS: parse and store ITS subnodes from hardware DT
ARM: GICv3 ITS: initialize host ITS
ARM: GICv3: allocate LPI pending and property table
ARM: GICv3 ITS: allocate device and collection table
ARM: GICv3 ITS: map ITS command buffer
ARM: GICv3 ITS: introduce ITS command handling
ARM: GICv3 ITS: introduce host LPI array
ARM: vGICv3: introduce ITS emulation stub
ARM: GICv3 ITS: introduce device mapping
ARM: GIC: Add checks for NULL pointer pending_irq's
ARM: GICv3: introduce separate pending_irq structs for LPIs
ARM: GICv3: forward pending LPIs to guests
ARM: GICv3: enable ITS and LPIs on the host
ARM: vGICv3: handle virtual LPI pending and property tables
ARM: introduce vgic_access_guest_memory()
ARM: vGICv3: re-use vgic_reg64_check_access
ARM: GIC: clear LPI pending bit on cleaning up LR
ARM: GIC: export vgic_init_pending_irq()
ARM: VGIC: add vcpu_id to struct pending_irq
ARM: vGICv3: add virtual ITS list head and comment about iteration
ARM: GICv3: prepare for virtual ITS subnodes
ARM: vGIC: advertise LPI support
ARM: vGICv3: handle disabled LPIs
ARM: vITS: add command handling stub and MMIO emulation
ARM: vITS: introduce translation table walks
ARM: vITS: handle CLEAR command
ARM: vITS: handle INT command
ARM: vITS: handle MAPC command
ARM: vITS: handle MAPD command
ARM: vITS: handle MAPTI command
ARM: vITS: handle MOVI command
ARM: vITS: handle DISCARD command
ARM: vITS: handle INV command
ARM: vITS: handle INVALL command
ARM: vITS: create and initialize virtual ITSes for Dom0
ARM: vITS: create ITS subnodes for Dom0 DT
docs/misc/xen-command-line.markdown | 9 +
xen/arch/arm/Kconfig | 5 +
xen/arch/arm/Makefile | 3 +
xen/arch/arm/gic-v2.c | 7 +
xen/arch/arm/gic-v3-its.c | 1019 ++++++++++++++++++++++++++
xen/arch/arm/gic-v3-lpi.c | 607 ++++++++++++++++
xen/arch/arm/gic-v3.c | 81 ++-
xen/arch/arm/gic.c | 33 +-
xen/arch/arm/vgic-v2.c | 15 +
xen/arch/arm/vgic-v3-its.c | 1337 +++++++++++++++++++++++++++++++++++
xen/arch/arm/vgic-v3.c | 274 ++++++-
xen/arch/arm/vgic.c | 62 +-
xen/include/asm-arm/domain.h | 14 +-
xen/include/asm-arm/gic.h | 2 +
xen/include/asm-arm/gic_v3_defs.h | 54 ++
xen/include/asm-arm/gic_v3_its.h | 263 +++++++
xen/include/asm-arm/irq.h | 16 +
xen/include/asm-arm/vgic-emul.h | 9 +
xen/include/asm-arm/vgic.h | 17 +
19 files changed, 3790 insertions(+), 37 deletions(-)
create mode 100644 xen/arch/arm/gic-v3-its.c
create mode 100644 xen/arch/arm/gic-v3-lpi.c
create mode 100644 xen/arch/arm/vgic-v3-its.c
create mode 100644 xen/include/asm-arm/gic_v3_its.h
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* [PATCH v6 01/36] ARM: GICv3 ITS: parse and store ITS subnodes from hardware DT
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 17:51 ` Stefano Stabellini
2017-04-07 18:02 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 02/36] ARM: GICv3 ITS: initialize host ITS Andre Przywara
` (34 subsequent siblings)
35 siblings, 2 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Parse the GIC subnodes in the device tree to find every ITS MSI controller
the hardware offers. Store that information in a list to both propagate
all of them later to Dom0, but also to be able to iterate over all ITSes.
This introduces an ITS Kconfig option (as an EXPERT option), use
XEN_CONFIG_EXPERT=y on the make command line to see and use the option.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/Kconfig | 5 +++
xen/arch/arm/Makefile | 1 +
xen/arch/arm/gic-v3-its.c | 77 ++++++++++++++++++++++++++++++++++++++++
xen/arch/arm/gic-v3.c | 10 +++---
xen/include/asm-arm/gic_v3_its.h | 65 +++++++++++++++++++++++++++++++++
5 files changed, 154 insertions(+), 4 deletions(-)
create mode 100644 xen/arch/arm/gic-v3-its.c
create mode 100644 xen/include/asm-arm/gic_v3_its.h
diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
index 43123e6..d46b98c 100644
--- a/xen/arch/arm/Kconfig
+++ b/xen/arch/arm/Kconfig
@@ -45,6 +45,11 @@ config ACPI
config HAS_GICV3
bool
+config HAS_ITS
+ bool
+ prompt "GICv3 ITS MSI controller support" if EXPERT = "y"
+ depends on HAS_GICV3
+
endmenu
menu "ARM errata workaround via the alternative framework"
diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
index 0ce94a8..39c0a03 100644
--- a/xen/arch/arm/Makefile
+++ b/xen/arch/arm/Makefile
@@ -18,6 +18,7 @@ obj-$(EARLY_PRINTK) += early_printk.o
obj-y += gic.o
obj-y += gic-v2.o
obj-$(CONFIG_HAS_GICV3) += gic-v3.o
+obj-$(CONFIG_HAS_ITS) += gic-v3-its.o
obj-y += guestcopy.o
obj-y += hvm.o
obj-y += io.o
diff --git a/xen/arch/arm/gic-v3-its.c b/xen/arch/arm/gic-v3-its.c
new file mode 100644
index 0000000..6b02349
--- /dev/null
+++ b/xen/arch/arm/gic-v3-its.c
@@ -0,0 +1,77 @@
+/*
+ * xen/arch/arm/gic-v3-its.c
+ *
+ * ARM GICv3 Interrupt Translation Service (ITS) support
+ *
+ * Copyright (C) 2016,2017 - ARM Ltd
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; under version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <xen/lib.h>
+#include <asm/gic_v3_defs.h>
+#include <asm/gic_v3_its.h>
+
+/*
+ * No lock here, as this list gets only populated upon boot while scanning
+ * firmware tables for all host ITSes, and only gets iterated afterwards.
+ */
+LIST_HEAD(host_its_list);
+
+bool gicv3_its_host_has_its(void)
+{
+ return !list_empty(&host_its_list);
+}
+
+/* Scan the DT for any ITS nodes and create a list of host ITSes out of it. */
+void gicv3_its_dt_init(const struct dt_device_node *node)
+{
+ const struct dt_device_node *its = NULL;
+ struct host_its *its_data;
+
+ /*
+ * Check for ITS MSI subnodes. If any, add the ITS register
+ * frames to the ITS list.
+ */
+ dt_for_each_child_node(node, its)
+ {
+ uint64_t addr, size;
+
+ if ( !dt_device_is_compatible(its, "arm,gic-v3-its") )
+ continue;
+
+ if ( dt_device_get_address(its, 0, &addr, &size) )
+ panic("GICv3: Cannot find a valid ITS frame address");
+
+ its_data = xzalloc(struct host_its);
+ if ( !its_data )
+ panic("GICv3: Cannot allocate memory for ITS frame");
+
+ its_data->addr = addr;
+ its_data->size = size;
+ its_data->dt_node = its;
+
+ printk("GICv3: Found ITS @0x%lx\n", addr);
+
+ list_add_tail(&its_data->entry, &host_its_list);
+ }
+}
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
index 695f01f..b626298 100644
--- a/xen/arch/arm/gic-v3.c
+++ b/xen/arch/arm/gic-v3.c
@@ -42,6 +42,7 @@
#include <asm/device.h>
#include <asm/gic.h>
#include <asm/gic_v3_defs.h>
+#include <asm/gic_v3_its.h>
#include <asm/cpufeature.h>
#include <asm/acpi.h>
@@ -1227,11 +1228,12 @@ static void __init gicv3_dt_init(void)
*/
res = dt_device_get_address(node, 1 + gicv3.rdist_count,
&cbase, &csize);
- if ( res )
- return;
+ if ( !res )
+ dt_device_get_address(node, 1 + gicv3.rdist_count + 2,
+ &vbase, &vsize);
- dt_device_get_address(node, 1 + gicv3.rdist_count + 2,
- &vbase, &vsize);
+ /* Check for ITS child nodes and build the host ITS list accordingly. */
+ gicv3_its_dt_init(node);
}
static int gicv3_iomem_deny_access(const struct domain *d)
diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
new file mode 100644
index 0000000..721e1e2
--- /dev/null
+++ b/xen/include/asm-arm/gic_v3_its.h
@@ -0,0 +1,65 @@
+/*
+ * ARM GICv3 ITS support
+ *
+ * Andre Przywara <andre.przywara@arm.com>
+ * Copyright (c) 2016,2017 ARM Ltd.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; under version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __ASM_ARM_ITS_H__
+#define __ASM_ARM_ITS_H__
+
+#include <xen/device_tree.h>
+
+/* data structure for each hardware ITS */
+struct host_its {
+ struct list_head entry;
+ const struct dt_device_node *dt_node;
+ paddr_t addr;
+ paddr_t size;
+};
+
+
+#ifdef CONFIG_HAS_ITS
+
+extern struct list_head host_its_list;
+
+/* Parse the host DT and pick up all host ITSes. */
+void gicv3_its_dt_init(const struct dt_device_node *node);
+
+bool gicv3_its_host_has_its(void);
+
+#else
+
+static inline void gicv3_its_dt_init(const struct dt_device_node *node)
+{
+}
+
+static inline bool gicv3_its_host_has_its(void)
+{
+ return false;
+}
+
+#endif /* CONFIG_HAS_ITS */
+
+#endif
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 02/36] ARM: GICv3 ITS: initialize host ITS
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
2017-04-07 17:32 ` [PATCH v6 01/36] ARM: GICv3 ITS: parse and store ITS subnodes from hardware DT Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 17:32 ` [PATCH v6 03/36] ARM: GICv3: allocate LPI pending and property table Andre Przywara
` (33 subsequent siblings)
35 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Map the registers frame for each host ITS and populate the host ITS
structure with some parameters describing the size of certain properties
like the number of bits for device IDs.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Julien Grall <julien.grall@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
---
xen/arch/arm/gic-v3-its.c | 33 ++++++++++++++++++++++++++++++
xen/arch/arm/gic-v3.c | 5 +++++
xen/include/asm-arm/gic_v3_its.h | 44 ++++++++++++++++++++++++++++++++++++++++
3 files changed, 82 insertions(+)
diff --git a/xen/arch/arm/gic-v3-its.c b/xen/arch/arm/gic-v3-its.c
index 6b02349..0298866 100644
--- a/xen/arch/arm/gic-v3-its.c
+++ b/xen/arch/arm/gic-v3-its.c
@@ -19,8 +19,10 @@
*/
#include <xen/lib.h>
+#include <xen/mm.h>
#include <asm/gic_v3_defs.h>
#include <asm/gic_v3_its.h>
+#include <asm/io.h>
/*
* No lock here, as this list gets only populated upon boot while scanning
@@ -33,6 +35,37 @@ bool gicv3_its_host_has_its(void)
return !list_empty(&host_its_list);
}
+static int gicv3_its_init_single_its(struct host_its *hw_its)
+{
+ uint64_t reg;
+
+ hw_its->its_base = ioremap_nocache(hw_its->addr, hw_its->size);
+ if ( !hw_its->its_base )
+ return -ENOMEM;
+
+ reg = readq_relaxed(hw_its->its_base + GITS_TYPER);
+ hw_its->devid_bits = GITS_TYPER_DEVICE_ID_BITS(reg);
+ hw_its->evid_bits = GITS_TYPER_EVENT_ID_BITS(reg);
+ hw_its->itte_size = GITS_TYPER_ITT_SIZE(reg);
+
+ return 0;
+}
+
+int gicv3_its_init(void)
+{
+ struct host_its *hw_its;
+ int ret;
+
+ list_for_each_entry(hw_its, &host_its_list, entry)
+ {
+ ret = gicv3_its_init_single_its(hw_its);
+ if ( ret )
+ return ret;
+ }
+
+ return 0;
+}
+
/* Scan the DT for any ITS nodes and create a list of host ITSes out of it. */
void gicv3_its_dt_init(const struct dt_device_node *node)
{
diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
index b626298..d3d5784 100644
--- a/xen/arch/arm/gic-v3.c
+++ b/xen/arch/arm/gic-v3.c
@@ -1590,6 +1590,11 @@ static int __init gicv3_init(void)
spin_lock(&gicv3.lock);
gicv3_dist_init();
+
+ res = gicv3_its_init();
+ if ( res )
+ panic("GICv3: ITS: initialization failed: %d\n", res);
+
res = gicv3_cpu_init();
gicv3_hyp_init();
diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
index 721e1e2..880904d 100644
--- a/xen/include/asm-arm/gic_v3_its.h
+++ b/xen/include/asm-arm/gic_v3_its.h
@@ -20,6 +20,38 @@
#ifndef __ASM_ARM_ITS_H__
#define __ASM_ARM_ITS_H__
+#define GITS_CTLR 0x000
+#define GITS_IIDR 0x004
+#define GITS_TYPER 0x008
+#define GITS_CBASER 0x080
+#define GITS_CWRITER 0x088
+#define GITS_CREADR 0x090
+#define GITS_BASER_NR_REGS 8
+#define GITS_BASER0 0x100
+#define GITS_BASER1 0x108
+#define GITS_BASER2 0x110
+#define GITS_BASER3 0x118
+#define GITS_BASER4 0x120
+#define GITS_BASER5 0x128
+#define GITS_BASER6 0x130
+#define GITS_BASER7 0x138
+
+/* Register bits */
+#define GITS_TYPER_DEVIDS_SHIFT 13
+#define GITS_TYPER_DEVIDS_MASK (0x1fUL << GITS_TYPER_DEVIDS_SHIFT)
+#define GITS_TYPER_DEVICE_ID_BITS(r) (((r & GITS_TYPER_DEVIDS_MASK) >> \
+ GITS_TYPER_DEVIDS_SHIFT) + 1)
+
+#define GITS_TYPER_IDBITS_SHIFT 8
+#define GITS_TYPER_IDBITS_MASK (0x1fUL << GITS_TYPER_IDBITS_SHIFT)
+#define GITS_TYPER_EVENT_ID_BITS(r) (((r & GITS_TYPER_IDBITS_MASK) >> \
+ GITS_TYPER_IDBITS_SHIFT) + 1)
+
+#define GITS_TYPER_ITT_SIZE_SHIFT 4
+#define GITS_TYPER_ITT_SIZE_MASK (0xfUL << GITS_TYPER_ITT_SIZE_SHIFT)
+#define GITS_TYPER_ITT_SIZE(r) ((((r) & GITS_TYPER_ITT_SIZE_MASK) >> \
+ GITS_TYPER_ITT_SIZE_SHIFT) + 1)
+
#include <xen/device_tree.h>
/* data structure for each hardware ITS */
@@ -28,6 +60,10 @@ struct host_its {
const struct dt_device_node *dt_node;
paddr_t addr;
paddr_t size;
+ void __iomem *its_base;
+ unsigned int devid_bits;
+ unsigned int evid_bits;
+ unsigned int itte_size;
};
@@ -40,6 +76,9 @@ void gicv3_its_dt_init(const struct dt_device_node *node);
bool gicv3_its_host_has_its(void);
+/* Initialize the host structures for the host ITSes. */
+int gicv3_its_init(void);
+
#else
static inline void gicv3_its_dt_init(const struct dt_device_node *node)
@@ -51,6 +90,11 @@ static inline bool gicv3_its_host_has_its(void)
return false;
}
+static inline int gicv3_its_init(void)
+{
+ return 0;
+}
+
#endif /* CONFIG_HAS_ITS */
#endif
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 03/36] ARM: GICv3: allocate LPI pending and property table
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
2017-04-07 17:32 ` [PATCH v6 01/36] ARM: GICv3 ITS: parse and store ITS subnodes from hardware DT Andre Przywara
2017-04-07 17:32 ` [PATCH v6 02/36] ARM: GICv3 ITS: initialize host ITS Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 18:04 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 04/36] ARM: GICv3 ITS: allocate device and collection table Andre Przywara
` (32 subsequent siblings)
35 siblings, 1 reply; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
The ARM GICv3 provides a new kind of interrupt called LPIs.
The pending bits and the configuration data (priority, enable bits) for
those LPIs are stored in tables in normal memory, which software has to
provide to the hardware.
Allocate the required memory, initialize it and hand it over to each
redistributor. The maximum number of LPIs to be used can be adjusted with
the command line option "max_lpi_bits", which defaults to 20 bits,
covering about one million LPIs.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
---
docs/misc/xen-command-line.markdown | 9 ++
xen/arch/arm/Makefile | 1 +
xen/arch/arm/gic-v3-lpi.c | 227 ++++++++++++++++++++++++++++++++++++
xen/arch/arm/gic-v3.c | 17 +++
xen/include/asm-arm/gic_v3_defs.h | 52 +++++++++
xen/include/asm-arm/gic_v3_its.h | 15 ++-
xen/include/asm-arm/irq.h | 8 ++
7 files changed, 328 insertions(+), 1 deletion(-)
create mode 100644 xen/arch/arm/gic-v3-lpi.c
diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
index 4c8fe2f..450b222 100644
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -1172,6 +1172,15 @@ based interrupts. Any higher IRQs will be available for use via PCI MSI.
### maxcpus
> `= <integer>`
+### max\_lpi\_bits
+> `= <integer>`
+
+Specifies the number of ARM GICv3 LPI interrupts to allocate on the host,
+presented as the number of bits needed to encode it. This must be at least
+14 and not exceed 32, and each LPI requires one byte (configuration) and
+one pending bit to be allocated.
+Defaults to 20 bits (to cover at most 1048576 interrupts).
+
### mce
> `= <integer>`
diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
index 39c0a03..6be85ab 100644
--- a/xen/arch/arm/Makefile
+++ b/xen/arch/arm/Makefile
@@ -19,6 +19,7 @@ obj-y += gic.o
obj-y += gic-v2.o
obj-$(CONFIG_HAS_GICV3) += gic-v3.o
obj-$(CONFIG_HAS_ITS) += gic-v3-its.o
+obj-$(CONFIG_HAS_ITS) += gic-v3-lpi.o
obj-y += guestcopy.o
obj-y += hvm.o
obj-y += io.o
diff --git a/xen/arch/arm/gic-v3-lpi.c b/xen/arch/arm/gic-v3-lpi.c
new file mode 100644
index 0000000..27e9bf5
--- /dev/null
+++ b/xen/arch/arm/gic-v3-lpi.c
@@ -0,0 +1,227 @@
+/*
+ * xen/arch/arm/gic-v3-lpi.c
+ *
+ * ARM GICv3 Locality-specific Peripheral Interrupts (LPI) support
+ *
+ * Copyright (C) 2016,2017 - ARM Ltd
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; under version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <xen/lib.h>
+#include <xen/mm.h>
+#include <xen/sizes.h>
+#include <xen/warning.h>
+#include <asm/gic.h>
+#include <asm/gic_v3_defs.h>
+#include <asm/gic_v3_its.h>
+#include <asm/io.h>
+#include <asm/page.h>
+
+#define LPI_PROPTABLE_NEEDS_FLUSHING (1U << 0)
+
+/* Global state */
+static struct {
+ /* The global LPI property table, shared by all redistributors. */
+ uint8_t *lpi_property;
+ /*
+ * Number of physical LPIs the host supports. This is a property of
+ * the GIC hardware. We depart from the habit of naming these things
+ * "physical" in Xen, as the GICv3/4 spec uses the term "physical LPI"
+ * in a different context to differentiate them from "virtual LPIs".
+ */
+ unsigned long int max_host_lpi_ids;
+ unsigned int flags;
+} lpi_data;
+
+struct lpi_redist_data {
+ void *pending_table;
+};
+
+static DEFINE_PER_CPU(struct lpi_redist_data, lpi_redist);
+
+#define MAX_NR_HOST_LPIS (lpi_data.max_host_lpi_ids - LPI_OFFSET)
+
+static int gicv3_lpi_allocate_pendtable(uint64_t *reg)
+{
+ uint64_t val;
+ void *pendtable;
+
+ if ( this_cpu(lpi_redist).pending_table )
+ return -EBUSY;
+
+ val = GIC_BASER_CACHE_RaWaWb << GICR_PENDBASER_INNER_CACHEABILITY_SHIFT;
+ val |= GIC_BASER_CACHE_SameAsInner << GICR_PENDBASER_OUTER_CACHEABILITY_SHIFT;
+ val |= GIC_BASER_InnerShareable << GICR_PENDBASER_SHAREABILITY_SHIFT;
+
+ /*
+ * The pending table holds one bit per LPI and even covers bits for
+ * interrupt IDs below 8192, so we allocate the full range.
+ * The GICv3 imposes a 64KB alignment requirement, also requires
+ * physically contiguous memory.
+ */
+ pendtable = _xzalloc(lpi_data.max_host_lpi_ids / 8, SZ_64K);
+ if ( !pendtable )
+ return -ENOMEM;
+
+ /* Make sure the physical address can be encoded in the register. */
+ if ( virt_to_maddr(pendtable) & ~GENMASK(51, 16) )
+ {
+ xfree(pendtable);
+ return -ERANGE;
+ }
+ clean_and_invalidate_dcache_va_range(pendtable,
+ lpi_data.max_host_lpi_ids / 8);
+
+ this_cpu(lpi_redist).pending_table = pendtable;
+
+ val |= GICR_PENDBASER_PTZ;
+
+ val |= virt_to_maddr(pendtable);
+
+ *reg = val;
+
+ return 0;
+}
+
+/*
+ * Tell a redistributor about the (shared) property table, allocating one
+ * if not already done.
+ */
+static int gicv3_lpi_set_proptable(void __iomem * rdist_base)
+{
+ uint64_t reg;
+
+ reg = GIC_BASER_CACHE_RaWaWb << GICR_PROPBASER_INNER_CACHEABILITY_SHIFT;
+ reg |= GIC_BASER_CACHE_SameAsInner << GICR_PROPBASER_OUTER_CACHEABILITY_SHIFT;
+ reg |= GIC_BASER_InnerShareable << GICR_PROPBASER_SHAREABILITY_SHIFT;
+
+ /*
+ * The property table is shared across all redistributors, so allocate
+ * this only once, but return the same value on subsequent calls.
+ */
+ if ( !lpi_data.lpi_property )
+ {
+ /* The property table holds one byte per LPI. */
+ void *table = _xmalloc(lpi_data.max_host_lpi_ids, SZ_4K);
+
+ if ( !table )
+ return -ENOMEM;
+
+ /* Make sure the physical address can be encoded in the register. */
+ if ( (virt_to_maddr(table) & ~GENMASK(51, 12)) )
+ {
+ xfree(table);
+ return -ERANGE;
+ }
+ memset(table, GIC_PRI_IRQ | LPI_PROP_RES1, MAX_NR_HOST_LPIS);
+ clean_and_invalidate_dcache_va_range(table, MAX_NR_HOST_LPIS);
+ lpi_data.lpi_property = table;
+ }
+
+ /* Encode the number of bits needed, minus one */
+ reg |= fls(lpi_data.max_host_lpi_ids - 1) - 1;
+
+ reg |= virt_to_maddr(lpi_data.lpi_property);
+
+ writeq_relaxed(reg, rdist_base + GICR_PROPBASER);
+ reg = readq_relaxed(rdist_base + GICR_PROPBASER);
+
+ /* If we can't do shareable, we have to drop cacheability as well. */
+ if ( !(reg & GICR_PROPBASER_SHAREABILITY_MASK) )
+ {
+ reg &= ~GICR_PROPBASER_INNER_CACHEABILITY_MASK;
+ reg |= GIC_BASER_CACHE_nC << GICR_PROPBASER_INNER_CACHEABILITY_SHIFT;
+ }
+
+ /* Remember that we have to flush the property table if non-cacheable. */
+ if ( (reg & GICR_PROPBASER_INNER_CACHEABILITY_MASK) <= GIC_BASER_CACHE_nC )
+ {
+ lpi_data.flags |= LPI_PROPTABLE_NEEDS_FLUSHING;
+ /* Update the redistributors knowledge about the attributes. */
+ writeq_relaxed(reg, rdist_base + GICR_PROPBASER);
+ }
+
+ return 0;
+}
+
+int gicv3_lpi_init_rdist(void __iomem * rdist_base)
+{
+ uint32_t reg;
+ uint64_t table_reg;
+ int ret;
+
+ /* We don't support LPIs without an ITS. */
+ if ( !gicv3_its_host_has_its() )
+ return -ENODEV;
+
+ /* Make sure LPIs are disabled before setting up the tables. */
+ reg = readl_relaxed(rdist_base + GICR_CTLR);
+ if ( reg & GICR_CTLR_ENABLE_LPIS )
+ return -EBUSY;
+
+ ret = gicv3_lpi_allocate_pendtable(&table_reg);
+ if ( ret )
+ return ret;
+ writeq_relaxed(table_reg, rdist_base + GICR_PENDBASER);
+ table_reg = readq_relaxed(rdist_base + GICR_PENDBASER);
+
+ /* If the hardware reports non-shareable, drop cacheability as well. */
+ if ( !(table_reg & GICR_PENDBASER_SHAREABILITY_MASK) )
+ {
+ table_reg &= GICR_PENDBASER_SHAREABILITY_MASK;
+ table_reg &= GICR_PENDBASER_INNER_CACHEABILITY_MASK;
+ table_reg |= GIC_BASER_CACHE_nC << GICR_PENDBASER_INNER_CACHEABILITY_SHIFT;
+
+ writeq_relaxed(table_reg, rdist_base + GICR_PENDBASER);
+ }
+
+ return gicv3_lpi_set_proptable(rdist_base);
+}
+
+static unsigned int max_lpi_bits = 20;
+integer_param("max_lpi_bits", max_lpi_bits);
+
+int gicv3_lpi_init_host_lpis(unsigned int host_lpi_bits)
+{
+ /*
+ * An implementation needs to support at least 14 bits of LPI IDs.
+ * Tell the user about it, the actual number is reported below.
+ */
+ if ( max_lpi_bits < 14 || max_lpi_bits > 32 )
+ printk(XENLOG_WARNING "WARNING: max_lpi_bits must be between 14 and 32, adjusting.\n");
+
+ max_lpi_bits = max(max_lpi_bits, 14U);
+ lpi_data.max_host_lpi_ids = BIT(min(host_lpi_bits, max_lpi_bits));
+
+ /*
+ * Warn if the number of LPIs are quite high, as the user might not want
+ * to waste megabytes of memory for a mostly empty table.
+ * It's very unlikely that we need more than 24 bits worth of LPIs.
+ */
+ if ( lpi_data.max_host_lpi_ids > BIT(24) )
+ warning_add("Using high number of LPIs, limit memory usage with max_lpi_bits\n");
+
+ printk("GICv3: using at most %lu LPIs on the host.\n", MAX_NR_HOST_LPIS);
+
+ return 0;
+}
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
index d3d5784..54d2235 100644
--- a/xen/arch/arm/gic-v3.c
+++ b/xen/arch/arm/gic-v3.c
@@ -547,6 +547,9 @@ static void __init gicv3_dist_init(void)
type = readl_relaxed(GICD + GICD_TYPER);
nr_lines = 32 * ((type & GICD_TYPE_LINES) + 1);
+ if ( type & GICD_TYPE_LPIS )
+ gicv3_lpi_init_host_lpis(GICD_TYPE_ID_BITS(type));
+
printk("GICv3: %d lines, (IID %8.8x).\n",
nr_lines, readl_relaxed(GICD + GICD_IIDR));
@@ -659,6 +662,20 @@ static int __init gicv3_populate_rdist(void)
if ( (typer >> 32) == aff )
{
this_cpu(rbase) = ptr;
+
+ if ( typer & GICR_TYPER_PLPIS )
+ {
+ int ret;
+
+ ret = gicv3_lpi_init_rdist(ptr);
+ if ( ret && ret != -ENODEV )
+ {
+ printk("GICv3: CPU%d: Cannot initialize LPIs: %u\n",
+ smp_processor_id(), ret);
+ break;
+ }
+ }
+
printk("GICv3: CPU%d: Found redistributor in region %d @%p\n",
smp_processor_id(), i, ptr);
return 0;
diff --git a/xen/include/asm-arm/gic_v3_defs.h b/xen/include/asm-arm/gic_v3_defs.h
index 6bd25a5..2792ffd 100644
--- a/xen/include/asm-arm/gic_v3_defs.h
+++ b/xen/include/asm-arm/gic_v3_defs.h
@@ -45,6 +45,9 @@
/* Additional bits in GICD_TYPER defined by GICv3 */
#define GICD_TYPE_ID_BITS_SHIFT 19
+#define GICD_TYPE_ID_BITS(r) ((((r) >> GICD_TYPE_ID_BITS_SHIFT) & 0x1f) + 1)
+
+#define GICD_TYPE_LPIS (1U << 17)
#define GICD_CTLR_RWP (1UL << 31)
#define GICD_CTLR_ARE_NS (1U << 4)
@@ -95,12 +98,61 @@
#define GICR_IGRPMODR0 (0x0D00)
#define GICR_NSACR (0x0E00)
+#define GICR_CTLR_ENABLE_LPIS (1U << 0)
+
#define GICR_TYPER_PLPIS (1U << 0)
#define GICR_TYPER_VLPIS (1U << 1)
#define GICR_TYPER_LAST (1U << 4)
+/* For specifying the inner cacheability type only */
+#define GIC_BASER_CACHE_nCnB 0ULL
+/* For specifying the outer cacheability type only */
+#define GIC_BASER_CACHE_SameAsInner 0ULL
+#define GIC_BASER_CACHE_nC 1ULL
+#define GIC_BASER_CACHE_RaWt 2ULL
+#define GIC_BASER_CACHE_RaWb 3ULL
+#define GIC_BASER_CACHE_WaWt 4ULL
+#define GIC_BASER_CACHE_WaWb 5ULL
+#define GIC_BASER_CACHE_RaWaWt 6ULL
+#define GIC_BASER_CACHE_RaWaWb 7ULL
+#define GIC_BASER_CACHE_MASK 7ULL
+
+#define GIC_BASER_NonShareable 0ULL
+#define GIC_BASER_InnerShareable 1ULL
+#define GIC_BASER_OuterShareable 2ULL
+
+#define GICR_PROPBASER_OUTER_CACHEABILITY_SHIFT 56
+#define GICR_PROPBASER_OUTER_CACHEABILITY_MASK \
+ (7UL << GICR_PROPBASER_OUTER_CACHEABILITY_SHIFT)
+#define GICR_PROPBASER_SHAREABILITY_SHIFT 10
+#define GICR_PROPBASER_SHAREABILITY_MASK \
+ (3UL << GICR_PROPBASER_SHAREABILITY_SHIFT)
+#define GICR_PROPBASER_INNER_CACHEABILITY_SHIFT 7
+#define GICR_PROPBASER_INNER_CACHEABILITY_MASK \
+ (7UL << GICR_PROPBASER_INNER_CACHEABILITY_SHIFT)
+#define GICR_PROPBASER_RES0_MASK \
+ (GENMASK(63, 59) | GENMASK(55, 52) | GENMASK(6, 5))
+
+#define GICR_PENDBASER_SHAREABILITY_SHIFT 10
+#define GICR_PENDBASER_INNER_CACHEABILITY_SHIFT 7
+#define GICR_PENDBASER_OUTER_CACHEABILITY_SHIFT 56
+#define GICR_PENDBASER_SHAREABILITY_MASK \
+ (3UL << GICR_PENDBASER_SHAREABILITY_SHIFT)
+#define GICR_PENDBASER_INNER_CACHEABILITY_MASK \
+ (7UL << GICR_PENDBASER_INNER_CACHEABILITY_SHIFT)
+#define GICR_PENDBASER_OUTER_CACHEABILITY_MASK \
+ (7UL << GICR_PENDBASER_OUTER_CACHEABILITY_SHIFT)
+#define GICR_PENDBASER_PTZ BIT(62)
+#define GICR_PENDBASER_RES0_MASK \
+ (BIT(63) | GENMASK(61, 59) | GENMASK(55, 52) | \
+ GENMASK(15, 12) | GENMASK(6, 0))
+
#define DEFAULT_PMR_VALUE 0xff
+#define LPI_PROP_PRIO_MASK 0xfc
+#define LPI_PROP_RES1 (1 << 1)
+#define LPI_PROP_ENABLED (1 << 0)
+
#define GICH_VMCR_EOI (1 << 9)
#define GICH_VMCR_VENG1 (1 << 1)
diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
index 880904d..d1382c1 100644
--- a/xen/include/asm-arm/gic_v3_its.h
+++ b/xen/include/asm-arm/gic_v3_its.h
@@ -76,7 +76,10 @@ void gicv3_its_dt_init(const struct dt_device_node *node);
bool gicv3_its_host_has_its(void);
-/* Initialize the host structures for the host ITSes. */
+int gicv3_lpi_init_rdist(void __iomem * rdist_base);
+
+/* Initialize the host structures for LPIs and the host ITSes. */
+int gicv3_lpi_init_host_lpis(unsigned int host_lpi_bits);
int gicv3_its_init(void);
#else
@@ -90,6 +93,16 @@ static inline bool gicv3_its_host_has_its(void)
return false;
}
+static inline int gicv3_lpi_init_rdist(void __iomem * rdist_base)
+{
+ return -ENODEV;
+}
+
+static inline int gicv3_lpi_init_host_lpis(unsigned int host_lpi_bits)
+{
+ return 0;
+}
+
static inline int gicv3_its_init(void)
{
return 0;
diff --git a/xen/include/asm-arm/irq.h b/xen/include/asm-arm/irq.h
index 4849f16..f940092 100644
--- a/xen/include/asm-arm/irq.h
+++ b/xen/include/asm-arm/irq.h
@@ -18,8 +18,16 @@ struct arch_irq_desc {
};
#define NR_LOCAL_IRQS 32
+
+/*
+ * This only covers the interrupts that Xen cares about, so SGIs, PPIs and
+ * SPIs. LPIs are too numerous, also only propagated to guests, so they are
+ * not included in this number.
+ */
#define NR_IRQS 1024
+#define LPI_OFFSET 8192
+
#define nr_irqs NR_IRQS
#define nr_static_irqs NR_IRQS
#define arch_hwdom_irqs(domid) NR_IRQS
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 04/36] ARM: GICv3 ITS: allocate device and collection table
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (2 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 03/36] ARM: GICv3: allocate LPI pending and property table Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 17:32 ` [PATCH v6 05/36] ARM: GICv3 ITS: map ITS command buffer Andre Przywara
` (31 subsequent siblings)
35 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Each ITS maps a pair of a DeviceID (for instance derived from a PCI
b/d/f triplet) and an EventID (the MSI payload or interrupt ID) to a
pair of LPI number and collection ID, which points to the target CPU.
This mapping is stored in the device and collection tables, which software
has to provide for the ITS to use.
Allocate the required memory and hand it over to the ITS.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Julien Grall <julien.grall@arm.com>
---
xen/arch/arm/gic-v3-its.c | 132 +++++++++++++++++++++++++++++++++++++++
xen/include/asm-arm/gic_v3_its.h | 27 ++++++++
2 files changed, 159 insertions(+)
diff --git a/xen/arch/arm/gic-v3-its.c b/xen/arch/arm/gic-v3-its.c
index 0298866..27b41ad 100644
--- a/xen/arch/arm/gic-v3-its.c
+++ b/xen/arch/arm/gic-v3-its.c
@@ -35,9 +35,109 @@ bool gicv3_its_host_has_its(void)
return !list_empty(&host_its_list);
}
+#define BASER_ATTR_MASK \
+ ((0x3UL << GITS_BASER_SHAREABILITY_SHIFT) | \
+ (0x7UL << GITS_BASER_OUTER_CACHEABILITY_SHIFT) | \
+ (0x7UL << GITS_BASER_INNER_CACHEABILITY_SHIFT))
+#define BASER_RO_MASK (GENMASK(58, 56) | GENMASK(52, 48))
+
+/* Check that the physical address can be encoded in the PROPBASER register. */
+static bool check_baser_phys_addr(void *vaddr, unsigned int page_bits)
+{
+ paddr_t paddr = virt_to_maddr(vaddr);
+
+ return (!(paddr & ~GENMASK(page_bits < 16 ? 47 : 51, page_bits)));
+}
+
+static uint64_t encode_baser_phys_addr(paddr_t addr, unsigned int page_bits)
+{
+ uint64_t ret = addr & GENMASK(47, page_bits);
+
+ if ( page_bits < 16 )
+ return ret;
+
+ /* For 64K pages address bits 51-48 are encoded in bits 15-12. */
+ return ret | ((addr & GENMASK(51, 48)) >> (48 - 12));
+}
+
+/* The ITS BASE registers work with page sizes of 4K, 16K or 64K. */
+#define BASER_PAGE_BITS(sz) ((sz) * 2 + 12)
+
+static int its_map_baser(void __iomem *basereg, uint64_t regc,
+ unsigned int nr_items)
+{
+ uint64_t attr, reg;
+ unsigned int entry_size = GITS_BASER_ENTRY_SIZE(regc);
+ unsigned int pagesz = 2; /* try 64K pages first, then go down. */
+ unsigned int table_size;
+ void *buffer;
+
+ attr = GIC_BASER_InnerShareable << GITS_BASER_SHAREABILITY_SHIFT;
+ attr |= GIC_BASER_CACHE_SameAsInner << GITS_BASER_OUTER_CACHEABILITY_SHIFT;
+ attr |= GIC_BASER_CACHE_RaWaWb << GITS_BASER_INNER_CACHEABILITY_SHIFT;
+
+ /*
+ * Setup the BASE register with the attributes that we like. Then read
+ * it back and see what sticks (page size, cacheability and shareability
+ * attributes), retrying if necessary.
+ */
+retry:
+ table_size = ROUNDUP(nr_items * entry_size, BIT(BASER_PAGE_BITS(pagesz)));
+ /* The BASE registers support at most 256 pages. */
+ table_size = min(table_size, 256U << BASER_PAGE_BITS(pagesz));
+
+ buffer = _xzalloc(table_size, BIT(BASER_PAGE_BITS(pagesz)));
+ if ( !buffer )
+ return -ENOMEM;
+
+ if ( !check_baser_phys_addr(buffer, BASER_PAGE_BITS(pagesz)) )
+ {
+ xfree(buffer);
+ return -ERANGE;
+ }
+
+ reg = attr;
+ reg |= (pagesz << GITS_BASER_PAGE_SIZE_SHIFT);
+ reg |= (table_size >> BASER_PAGE_BITS(pagesz)) - 1;
+ reg |= regc & BASER_RO_MASK;
+ reg |= GITS_VALID_BIT;
+ reg |= encode_baser_phys_addr(virt_to_maddr(buffer),
+ BASER_PAGE_BITS(pagesz));
+
+ writeq_relaxed(reg, basereg);
+ regc = readq_relaxed(basereg);
+
+ /* The host didn't like our attributes, just use what it returned. */
+ if ( (regc & BASER_ATTR_MASK) != attr )
+ {
+ /* If we can't map it shareable, drop cacheability as well. */
+ if ( (regc & GITS_BASER_SHAREABILITY_MASK) == GIC_BASER_NonShareable )
+ {
+ regc &= ~GITS_BASER_INNER_CACHEABILITY_MASK;
+ writeq_relaxed(regc, basereg);
+ }
+ attr = regc & BASER_ATTR_MASK;
+ }
+ if ( (regc & GITS_BASER_INNER_CACHEABILITY_MASK) <= GIC_BASER_CACHE_nC )
+ clean_and_invalidate_dcache_va_range(buffer, table_size);
+
+ /* If the host accepted our page size, we are done. */
+ if ( ((regc >> GITS_BASER_PAGE_SIZE_SHIFT) & 0x3UL) == pagesz )
+ return 0;
+
+ xfree(buffer);
+
+ if ( pagesz-- > 0 )
+ goto retry;
+
+ /* None of the page sizes was accepted, give up */
+ return -EINVAL;
+}
+
static int gicv3_its_init_single_its(struct host_its *hw_its)
{
uint64_t reg;
+ int i, ret;
hw_its->its_base = ioremap_nocache(hw_its->addr, hw_its->size);
if ( !hw_its->its_base )
@@ -48,6 +148,38 @@ static int gicv3_its_init_single_its(struct host_its *hw_its)
hw_its->evid_bits = GITS_TYPER_EVENT_ID_BITS(reg);
hw_its->itte_size = GITS_TYPER_ITT_SIZE(reg);
+ for ( i = 0; i < GITS_BASER_NR_REGS; i++ )
+ {
+ void __iomem *basereg = hw_its->its_base + GITS_BASER0 + i * 8;
+ unsigned int type;
+
+ reg = readq_relaxed(basereg);
+ type = (reg & GITS_BASER_TYPE_MASK) >> GITS_BASER_TYPE_SHIFT;
+ switch ( type )
+ {
+ case GITS_BASER_TYPE_NONE:
+ continue;
+ case GITS_BASER_TYPE_DEVICE:
+ ret = its_map_baser(basereg, reg, BIT(hw_its->devid_bits));
+ if ( ret )
+ return ret;
+ break;
+ case GITS_BASER_TYPE_COLLECTION:
+ ret = its_map_baser(basereg, reg, num_possible_cpus());
+ if ( ret )
+ return ret;
+ break;
+ /* In case this is a GICv4, provide a (dummy) vPE table as well. */
+ case GITS_BASER_TYPE_VCPU:
+ ret = its_map_baser(basereg, reg, 1);
+ if ( ret )
+ return ret;
+ break;
+ default:
+ continue;
+ }
+ }
+
return 0;
}
diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
index d1382c1..c025622 100644
--- a/xen/include/asm-arm/gic_v3_its.h
+++ b/xen/include/asm-arm/gic_v3_its.h
@@ -37,6 +37,11 @@
#define GITS_BASER7 0x138
/* Register bits */
+#define GITS_VALID_BIT BIT(63)
+
+#define GITS_CTLR_QUIESCENT BIT(31)
+#define GITS_CTLR_ENABLE BIT(0)
+
#define GITS_TYPER_DEVIDS_SHIFT 13
#define GITS_TYPER_DEVIDS_MASK (0x1fUL << GITS_TYPER_DEVIDS_SHIFT)
#define GITS_TYPER_DEVICE_ID_BITS(r) (((r & GITS_TYPER_DEVIDS_MASK) >> \
@@ -52,6 +57,28 @@
#define GITS_TYPER_ITT_SIZE(r) ((((r) & GITS_TYPER_ITT_SIZE_MASK) >> \
GITS_TYPER_ITT_SIZE_SHIFT) + 1)
+#define GITS_BASER_INDIRECT BIT(62)
+#define GITS_BASER_INNER_CACHEABILITY_SHIFT 59
+#define GITS_BASER_TYPE_SHIFT 56
+#define GITS_BASER_TYPE_MASK (7ULL << GITS_BASER_TYPE_SHIFT)
+#define GITS_BASER_OUTER_CACHEABILITY_SHIFT 53
+#define GITS_BASER_TYPE_NONE 0UL
+#define GITS_BASER_TYPE_DEVICE 1UL
+#define GITS_BASER_TYPE_VCPU 2UL
+#define GITS_BASER_TYPE_CPU 3UL
+#define GITS_BASER_TYPE_COLLECTION 4UL
+#define GITS_BASER_TYPE_RESERVED5 5UL
+#define GITS_BASER_TYPE_RESERVED6 6UL
+#define GITS_BASER_TYPE_RESERVED7 7UL
+#define GITS_BASER_ENTRY_SIZE_SHIFT 48
+#define GITS_BASER_ENTRY_SIZE(reg) \
+ (((reg >> GITS_BASER_ENTRY_SIZE_SHIFT) & 0x1f) + 1)
+#define GITS_BASER_SHAREABILITY_SHIFT 10
+#define GITS_BASER_PAGE_SIZE_SHIFT 8
+#define GITS_BASER_SHAREABILITY_MASK (0x3ULL << GITS_BASER_SHAREABILITY_SHIFT)
+#define GITS_BASER_OUTER_CACHEABILITY_MASK (0x7ULL << GITS_BASER_OUTER_CACHEABILITY_SHIFT)
+#define GITS_BASER_INNER_CACHEABILITY_MASK (0x7ULL << GITS_BASER_INNER_CACHEABILITY_SHIFT)
+
#include <xen/device_tree.h>
/* data structure for each hardware ITS */
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 05/36] ARM: GICv3 ITS: map ITS command buffer
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (3 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 04/36] ARM: GICv3 ITS: allocate device and collection table Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 17:32 ` [PATCH v6 06/36] ARM: GICv3 ITS: introduce ITS command handling Andre Przywara
` (30 subsequent siblings)
35 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Instead of directly manipulating the tables in memory, an ITS driver
sends commands via a ring buffer in normal system memory to the ITS h/w
to create or alter the LPI mappings.
Allocate memory for that buffer and tell the ITS about it to be able
to send ITS commands.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Julien Grall <julien.grall@arm.com>
---
xen/arch/arm/gic-v3-its.c | 53 ++++++++++++++++++++++++++++++++++++++++
xen/include/asm-arm/gic_v3_its.h | 6 +++++
2 files changed, 59 insertions(+)
diff --git a/xen/arch/arm/gic-v3-its.c b/xen/arch/arm/gic-v3-its.c
index 27b41ad..3e8d8ce 100644
--- a/xen/arch/arm/gic-v3-its.c
+++ b/xen/arch/arm/gic-v3-its.c
@@ -20,10 +20,13 @@
#include <xen/lib.h>
#include <xen/mm.h>
+#include <xen/sizes.h>
#include <asm/gic_v3_defs.h>
#include <asm/gic_v3_its.h>
#include <asm/io.h>
+#define ITS_CMD_QUEUE_SZ SZ_1M
+
/*
* No lock here, as this list gets only populated upon boot while scanning
* firmware tables for all host ITSes, and only gets iterated afterwards.
@@ -60,6 +63,51 @@ static uint64_t encode_baser_phys_addr(paddr_t addr, unsigned int page_bits)
return ret | ((addr & GENMASK(51, 48)) >> (48 - 12));
}
+static void *its_map_cbaser(struct host_its *its)
+{
+ void __iomem *cbasereg = its->its_base + GITS_CBASER;
+ uint64_t reg;
+ void *buffer;
+
+ reg = GIC_BASER_InnerShareable << GITS_BASER_SHAREABILITY_SHIFT;
+ reg |= GIC_BASER_CACHE_SameAsInner << GITS_BASER_OUTER_CACHEABILITY_SHIFT;
+ reg |= GIC_BASER_CACHE_RaWaWb << GITS_BASER_INNER_CACHEABILITY_SHIFT;
+
+ buffer = _xzalloc(ITS_CMD_QUEUE_SZ, SZ_64K);
+ if ( !buffer )
+ return NULL;
+
+ if ( virt_to_maddr(buffer) & ~GENMASK(51, 12) )
+ {
+ xfree(buffer);
+ return NULL;
+ }
+
+ reg |= GITS_VALID_BIT | virt_to_maddr(buffer);
+ reg |= ((ITS_CMD_QUEUE_SZ / SZ_4K) - 1) & GITS_CBASER_SIZE_MASK;
+ writeq_relaxed(reg, cbasereg);
+ reg = readq_relaxed(cbasereg);
+
+ /* If the ITS dropped shareability, drop cacheability as well. */
+ if ( (reg & GITS_BASER_SHAREABILITY_MASK) == 0 )
+ {
+ reg &= ~GITS_BASER_INNER_CACHEABILITY_MASK;
+ writeq_relaxed(reg, cbasereg);
+ }
+
+ /*
+ * If the command queue memory is mapped as uncached, we need to flush
+ * it on every access.
+ */
+ if ( !(reg & GITS_BASER_INNER_CACHEABILITY_MASK) )
+ {
+ its->flags |= HOST_ITS_FLUSH_CMD_QUEUE;
+ printk(XENLOG_WARNING "using non-cacheable ITS command queue\n");
+ }
+
+ return buffer;
+}
+
/* The ITS BASE registers work with page sizes of 4K, 16K or 64K. */
#define BASER_PAGE_BITS(sz) ((sz) * 2 + 12)
@@ -180,6 +228,11 @@ static int gicv3_its_init_single_its(struct host_its *hw_its)
}
}
+ hw_its->cmd_buf = its_map_cbaser(hw_its);
+ if ( !hw_its->cmd_buf )
+ return -ENOMEM;
+ writeq_relaxed(0, hw_its->its_base + GITS_CWRITER);
+
return 0;
}
diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
index c025622..52f736d 100644
--- a/xen/include/asm-arm/gic_v3_its.h
+++ b/xen/include/asm-arm/gic_v3_its.h
@@ -79,8 +79,12 @@
#define GITS_BASER_OUTER_CACHEABILITY_MASK (0x7ULL << GITS_BASER_OUTER_CACHEABILITY_SHIFT)
#define GITS_BASER_INNER_CACHEABILITY_MASK (0x7ULL << GITS_BASER_INNER_CACHEABILITY_SHIFT)
+#define GITS_CBASER_SIZE_MASK 0xff
+
#include <xen/device_tree.h>
+#define HOST_ITS_FLUSH_CMD_QUEUE (1U << 0)
+
/* data structure for each hardware ITS */
struct host_its {
struct list_head entry;
@@ -91,6 +95,8 @@ struct host_its {
unsigned int devid_bits;
unsigned int evid_bits;
unsigned int itte_size;
+ void *cmd_buf;
+ unsigned int flags;
};
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 06/36] ARM: GICv3 ITS: introduce ITS command handling
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (4 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 05/36] ARM: GICv3 ITS: map ITS command buffer Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 17:32 ` [PATCH v6 07/36] ARM: GICv3 ITS: introduce host LPI array Andre Przywara
` (29 subsequent siblings)
35 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
To be able to easily send commands to the ITS, create the respective
wrapper functions, which take care of the ring buffer.
The first two commands we implement provide methods to map a collection
to a redistributor (aka host core) and to flush the command queue (SYNC).
Start using these commands for mapping one collection to each host CPU.
As an ITS might choose between *two* ways of addressing a redistributor,
we store both the MMIO base address as well as the processor number in
a per-CPU variable to give each ITS what it wants.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Julien Grall <julien.grall@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
---
xen/arch/arm/gic-v3-its.c | 199 ++++++++++++++++++++++++++++++++++++++
xen/arch/arm/gic-v3-lpi.c | 28 ++++++
xen/arch/arm/gic-v3.c | 26 ++++-
xen/include/asm-arm/gic_v3_defs.h | 2 +
xen/include/asm-arm/gic_v3_its.h | 37 +++++++
5 files changed, 291 insertions(+), 1 deletion(-)
diff --git a/xen/arch/arm/gic-v3-its.c b/xen/arch/arm/gic-v3-its.c
index 3e8d8ce..0164b96 100644
--- a/xen/arch/arm/gic-v3-its.c
+++ b/xen/arch/arm/gic-v3-its.c
@@ -19,11 +19,14 @@
*/
#include <xen/lib.h>
+#include <xen/delay.h>
#include <xen/mm.h>
#include <xen/sizes.h>
+#include <asm/gic.h>
#include <asm/gic_v3_defs.h>
#include <asm/gic_v3_its.h>
#include <asm/io.h>
+#include <asm/page.h>
#define ITS_CMD_QUEUE_SZ SZ_1M
@@ -38,6 +41,160 @@ bool gicv3_its_host_has_its(void)
return !list_empty(&host_its_list);
}
+#define BUFPTR_MASK GENMASK(19, 5)
+static int its_send_command(struct host_its *hw_its, const void *its_cmd)
+{
+ /*
+ * The command queue should actually never become full, if it does anyway
+ * and this situation is not resolved quickly, this points to a much
+ * bigger problem, probably an hardware error.
+ * So to cover the one-off case where we actually hit a full command
+ * queue, we introduce a small grace period to not give up too quickly.
+ * Given the usual multi-hundred MHz frequency the ITS usually runs with,
+ * one millisecond (for a single command) seem to be more than enough.
+ * But this value is rather arbitrarily chosen based on theoretical
+ * considerations.
+ */
+ s_time_t deadline = NOW() + MILLISECS(1);
+ uint64_t readp, writep;
+ int ret = -EBUSY;
+
+ /* No ITS commands from an interrupt handler (at the moment). */
+ ASSERT(!in_irq());
+
+ spin_lock(&hw_its->cmd_lock);
+
+ do {
+ readp = readq_relaxed(hw_its->its_base + GITS_CREADR) & BUFPTR_MASK;
+ writep = readq_relaxed(hw_its->its_base + GITS_CWRITER) & BUFPTR_MASK;
+
+ if ( ((writep + ITS_CMD_SIZE) % ITS_CMD_QUEUE_SZ) != readp )
+ {
+ ret = 0;
+ break;
+ }
+
+ /*
+ * If the command queue is full, wait for a bit in the hope it drains
+ * before giving up.
+ */
+ spin_unlock(&hw_its->cmd_lock);
+ cpu_relax();
+ udelay(1);
+ spin_lock(&hw_its->cmd_lock);
+ } while ( NOW() <= deadline );
+
+ if ( ret )
+ {
+ spin_unlock(&hw_its->cmd_lock);
+ if ( printk_ratelimit() )
+ printk(XENLOG_WARNING "host ITS: command queue full.\n");
+ return ret;
+ }
+
+ memcpy(hw_its->cmd_buf + writep, its_cmd, ITS_CMD_SIZE);
+ if ( hw_its->flags & HOST_ITS_FLUSH_CMD_QUEUE )
+ clean_and_invalidate_dcache_va_range(hw_its->cmd_buf + writep,
+ ITS_CMD_SIZE);
+ else
+ dsb(ishst);
+
+ writep = (writep + ITS_CMD_SIZE) % ITS_CMD_QUEUE_SZ;
+ writeq_relaxed(writep & BUFPTR_MASK, hw_its->its_base + GITS_CWRITER);
+
+ spin_unlock(&hw_its->cmd_lock);
+
+ return 0;
+}
+
+/* Wait for an ITS to finish processing all commands. */
+static int gicv3_its_wait_commands(struct host_its *hw_its)
+{
+ /*
+ * As there could be quite a number of commands in a queue, we will
+ * wait a bit longer than the one millisecond for a single command above.
+ * Again this value is based on theoretical considerations, actually the
+ * command queue should drain much faster.
+ */
+ s_time_t deadline = NOW() + MILLISECS(100);
+ uint64_t readp, writep;
+
+ do {
+ spin_lock(&hw_its->cmd_lock);
+ readp = readq_relaxed(hw_its->its_base + GITS_CREADR) & BUFPTR_MASK;
+ writep = readq_relaxed(hw_its->its_base + GITS_CWRITER) & BUFPTR_MASK;
+ spin_unlock(&hw_its->cmd_lock);
+
+ if ( readp == writep )
+ return 0;
+
+ cpu_relax();
+ udelay(1);
+ } while ( NOW() <= deadline );
+
+ return -ETIMEDOUT;
+}
+
+static uint64_t encode_rdbase(struct host_its *hw_its, unsigned int cpu,
+ uint64_t reg)
+{
+ reg &= ~GENMASK(51, 16);
+
+ reg |= gicv3_get_redist_address(cpu, hw_its->flags & HOST_ITS_USES_PTA);
+
+ return reg;
+}
+
+static int its_send_cmd_sync(struct host_its *its, unsigned int cpu)
+{
+ uint64_t cmd[4];
+
+ cmd[0] = GITS_CMD_SYNC;
+ cmd[1] = 0x00;
+ cmd[2] = encode_rdbase(its, cpu, 0x0);
+ cmd[3] = 0x00;
+
+ return its_send_command(its, cmd);
+}
+
+static int its_send_cmd_mapc(struct host_its *its, uint32_t collection_id,
+ unsigned int cpu)
+{
+ uint64_t cmd[4];
+
+ cmd[0] = GITS_CMD_MAPC;
+ cmd[1] = 0x00;
+ cmd[2] = encode_rdbase(its, cpu, collection_id);
+ cmd[2] |= GITS_VALID_BIT;
+ cmd[3] = 0x00;
+
+ return its_send_command(its, cmd);
+}
+
+/* Set up the (1:1) collection mapping for the given host CPU. */
+int gicv3_its_setup_collection(unsigned int cpu)
+{
+ struct host_its *its;
+ int ret;
+
+ list_for_each_entry(its, &host_its_list, entry)
+ {
+ ret = its_send_cmd_mapc(its, cpu, cpu);
+ if ( ret )
+ return ret;
+
+ ret = its_send_cmd_sync(its, cpu);
+ if ( ret )
+ return ret;
+
+ ret = gicv3_its_wait_commands(its);
+ if ( ret )
+ return ret;
+ }
+
+ return 0;
+}
+
#define BASER_ATTR_MASK \
((0x3UL << GITS_BASER_SHAREABILITY_SHIFT) | \
(0x7UL << GITS_BASER_OUTER_CACHEABILITY_SHIFT) | \
@@ -182,6 +339,41 @@ retry:
return -EINVAL;
}
+/*
+ * Before an ITS gets initialized, it should be in a quiescent state, where
+ * all outstanding commands and transactions have finished.
+ * So if the ITS is already enabled, turn it off and wait for all outstanding
+ * operations to get processed by polling the QUIESCENT bit.
+ */
+static int gicv3_disable_its(struct host_its *hw_its)
+{
+ uint32_t reg;
+ /*
+ * As we also need to wait for the command queue to drain, we use the same
+ * (arbitrary) timeout value as above for gicv3_its_wait_commands().
+ */
+ s_time_t deadline = NOW() + MILLISECS(100);
+
+ reg = readl_relaxed(hw_its->its_base + GITS_CTLR);
+ if ( !(reg & GITS_CTLR_ENABLE) && (reg & GITS_CTLR_QUIESCENT) )
+ return 0;
+
+ writel_relaxed(reg & ~GITS_CTLR_ENABLE, hw_its->its_base + GITS_CTLR);
+
+ do {
+ reg = readl_relaxed(hw_its->its_base + GITS_CTLR);
+ if ( reg & GITS_CTLR_QUIESCENT )
+ return 0;
+
+ cpu_relax();
+ udelay(1);
+ } while ( NOW() <= deadline );
+
+ printk(XENLOG_ERR "ITS@%lx not quiescent.\n", hw_its->addr);
+
+ return -ETIMEDOUT;
+}
+
static int gicv3_its_init_single_its(struct host_its *hw_its)
{
uint64_t reg;
@@ -191,10 +383,17 @@ static int gicv3_its_init_single_its(struct host_its *hw_its)
if ( !hw_its->its_base )
return -ENOMEM;
+ ret = gicv3_disable_its(hw_its);
+ if ( ret )
+ return ret;
+
reg = readq_relaxed(hw_its->its_base + GITS_TYPER);
hw_its->devid_bits = GITS_TYPER_DEVICE_ID_BITS(reg);
hw_its->evid_bits = GITS_TYPER_EVENT_ID_BITS(reg);
hw_its->itte_size = GITS_TYPER_ITT_SIZE(reg);
+ if ( reg & GITS_TYPER_PTA )
+ hw_its->flags |= HOST_ITS_USES_PTA;
+ spin_lock_init(&hw_its->cmd_lock);
for ( i = 0; i < GITS_BASER_NR_REGS; i++ )
{
diff --git a/xen/arch/arm/gic-v3-lpi.c b/xen/arch/arm/gic-v3-lpi.c
index 27e9bf5..d8a4f5a 100644
--- a/xen/arch/arm/gic-v3-lpi.c
+++ b/xen/arch/arm/gic-v3-lpi.c
@@ -45,6 +45,8 @@ static struct {
} lpi_data;
struct lpi_redist_data {
+ paddr_t redist_addr;
+ unsigned int redist_id;
void *pending_table;
};
@@ -52,6 +54,32 @@ static DEFINE_PER_CPU(struct lpi_redist_data, lpi_redist);
#define MAX_NR_HOST_LPIS (lpi_data.max_host_lpi_ids - LPI_OFFSET)
+/*
+ * An ITS can refer to redistributors in two ways: either by an ID (possibly
+ * the CPU number) or by its MMIO address. This is a hardware implementation
+ * choice, so we have to cope with both approaches. The GICv3 code calculates
+ * both values and calls this function to let the ITS store them when it's
+ * later required to provide them. This is done in a per-CPU variable.
+ */
+void gicv3_set_redist_address(paddr_t address, unsigned int redist_id)
+{
+ this_cpu(lpi_redist).redist_addr = address;
+ this_cpu(lpi_redist).redist_id = redist_id;
+}
+
+/*
+ * Returns a redistributor's ID (either as an address or as an ID).
+ * This must be (and is) called only after it has been setup by the above
+ * function.
+ */
+uint64_t gicv3_get_redist_address(unsigned int cpu, bool use_pta)
+{
+ if ( use_pta )
+ return per_cpu(lpi_redist, cpu).redist_addr & GENMASK(51, 16);
+ else
+ return per_cpu(lpi_redist, cpu).redist_id << 16;
+}
+
static int gicv3_lpi_allocate_pendtable(uint64_t *reg)
{
uint64_t val;
diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
index 54d2235..a559e5e 100644
--- a/xen/arch/arm/gic-v3.c
+++ b/xen/arch/arm/gic-v3.c
@@ -665,8 +665,25 @@ static int __init gicv3_populate_rdist(void)
if ( typer & GICR_TYPER_PLPIS )
{
+ paddr_t rdist_addr;
+ unsigned int procnum;
int ret;
+ /*
+ * The ITS refers to redistributors either by their physical
+ * address or by their ID. Which one to use is an ITS
+ * choice. So determine those two values here (which we
+ * can do only here in GICv3 code) and tell the
+ * ITS code about it, so it can use them later to be able
+ * to address those redistributors accordingly.
+ */
+ rdist_addr = gicv3.rdist_regions[i].base;
+ rdist_addr += ptr - gicv3.rdist_regions[i].map_base;
+ procnum = (typer & GICR_TYPER_PROC_NUM_MASK);
+ procnum >>= GICR_TYPER_PROC_NUM_SHIFT;
+
+ gicv3_set_redist_address(rdist_addr, procnum);
+
ret = gicv3_lpi_init_rdist(ptr);
if ( ret && ret != -ENODEV )
{
@@ -704,7 +721,7 @@ static int __init gicv3_populate_rdist(void)
static int gicv3_cpu_init(void)
{
- int i;
+ int i, ret;
uint32_t priority;
/* Register ourselves with the rest of the world */
@@ -714,6 +731,13 @@ static int gicv3_cpu_init(void)
if ( gicv3_enable_redist() )
return -ENODEV;
+ if ( gicv3_its_host_has_its() )
+ {
+ ret = gicv3_its_setup_collection(smp_processor_id());
+ if ( ret )
+ return ret;
+ }
+
/* Set priority on PPI and SGI interrupts */
priority = (GIC_PRI_IPI << 24 | GIC_PRI_IPI << 16 | GIC_PRI_IPI << 8 |
GIC_PRI_IPI);
diff --git a/xen/include/asm-arm/gic_v3_defs.h b/xen/include/asm-arm/gic_v3_defs.h
index 2792ffd..65c9dc4 100644
--- a/xen/include/asm-arm/gic_v3_defs.h
+++ b/xen/include/asm-arm/gic_v3_defs.h
@@ -103,6 +103,8 @@
#define GICR_TYPER_PLPIS (1U << 0)
#define GICR_TYPER_VLPIS (1U << 1)
#define GICR_TYPER_LAST (1U << 4)
+#define GICR_TYPER_PROC_NUM_SHIFT 8
+#define GICR_TYPER_PROC_NUM_MASK (0xffff << GICR_TYPER_PROC_NUM_SHIFT)
/* For specifying the inner cacheability type only */
#define GIC_BASER_CACHE_nCnB 0ULL
diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
index 52f736d..13794e0 100644
--- a/xen/include/asm-arm/gic_v3_its.h
+++ b/xen/include/asm-arm/gic_v3_its.h
@@ -42,6 +42,7 @@
#define GITS_CTLR_QUIESCENT BIT(31)
#define GITS_CTLR_ENABLE BIT(0)
+#define GITS_TYPER_PTA BIT(19)
#define GITS_TYPER_DEVIDS_SHIFT 13
#define GITS_TYPER_DEVIDS_MASK (0x1fUL << GITS_TYPER_DEVIDS_SHIFT)
#define GITS_TYPER_DEVICE_ID_BITS(r) (((r & GITS_TYPER_DEVIDS_MASK) >> \
@@ -81,9 +82,26 @@
#define GITS_CBASER_SIZE_MASK 0xff
+/* ITS command definitions */
+#define ITS_CMD_SIZE 32
+
+#define GITS_CMD_MOVI 0x01
+#define GITS_CMD_INT 0x03
+#define GITS_CMD_CLEAR 0x04
+#define GITS_CMD_SYNC 0x05
+#define GITS_CMD_MAPD 0x08
+#define GITS_CMD_MAPC 0x09
+#define GITS_CMD_MAPTI 0x0a
+#define GITS_CMD_MAPI 0x0b
+#define GITS_CMD_INV 0x0c
+#define GITS_CMD_INVALL 0x0d
+#define GITS_CMD_MOVALL 0x0e
+#define GITS_CMD_DISCARD 0x0f
+
#include <xen/device_tree.h>
#define HOST_ITS_FLUSH_CMD_QUEUE (1U << 0)
+#define HOST_ITS_USES_PTA (1U << 1)
/* data structure for each hardware ITS */
struct host_its {
@@ -95,6 +113,7 @@ struct host_its {
unsigned int devid_bits;
unsigned int evid_bits;
unsigned int itte_size;
+ spinlock_t cmd_lock;
void *cmd_buf;
unsigned int flags;
};
@@ -115,6 +134,13 @@ int gicv3_lpi_init_rdist(void __iomem * rdist_base);
int gicv3_lpi_init_host_lpis(unsigned int host_lpi_bits);
int gicv3_its_init(void);
+/* Store the physical address and ID for each redistributor as read from DT. */
+void gicv3_set_redist_address(paddr_t address, unsigned int redist_id);
+uint64_t gicv3_get_redist_address(unsigned int cpu, bool use_pta);
+
+/* Map a collection for this host CPU to each host ITS. */
+int gicv3_its_setup_collection(unsigned int cpu);
+
#else
static inline void gicv3_its_dt_init(const struct dt_device_node *node)
@@ -141,6 +167,17 @@ static inline int gicv3_its_init(void)
return 0;
}
+static inline void gicv3_set_redist_address(paddr_t address,
+ unsigned int redist_id)
+{
+}
+
+static inline int gicv3_its_setup_collection(unsigned int cpu)
+{
+ /* We should never get here without an ITS. */
+ BUG();
+}
+
#endif /* CONFIG_HAS_ITS */
#endif
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 07/36] ARM: GICv3 ITS: introduce host LPI array
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (5 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 06/36] ARM: GICv3 ITS: introduce ITS command handling Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 17:55 ` Stefano Stabellini
2017-04-07 18:08 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 08/36] ARM: vGICv3: introduce ITS emulation stub Andre Przywara
` (28 subsequent siblings)
35 siblings, 2 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
The number of LPIs on a host can be potentially huge (millions),
although in practise will be mostly reasonable. So prematurely allocating
an array of struct irq_desc's for each LPI is not an option.
However Xen itself does not care about LPIs, as every LPI will be injected
into a guest (Dom0 for now).
Create a dense data structure (8 Bytes) for each LPI which holds just
enough information to determine the virtual IRQ number and the VCPU into
which the LPI needs to be injected.
Also to not artificially limit the number of LPIs, we create a 2-level
table for holding those structures.
This patch introduces functions to initialize these tables and to
create, lookup and destroy entries for a given LPI.
By using the naturally atomic access guarantee the native uint64_t data
type gives us, we allocate and access LPI information in a way that does
not require a lock.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/gic-v3-lpi.c | 230 +++++++++++++++++++++++++++++++++++++++
xen/include/asm-arm/gic_v3_its.h | 6 +
xen/include/asm-arm/irq.h | 8 ++
3 files changed, 244 insertions(+)
diff --git a/xen/arch/arm/gic-v3-lpi.c b/xen/arch/arm/gic-v3-lpi.c
index d8a4f5a..292f2d0 100644
--- a/xen/arch/arm/gic-v3-lpi.c
+++ b/xen/arch/arm/gic-v3-lpi.c
@@ -20,14 +20,37 @@
#include <xen/lib.h>
#include <xen/mm.h>
+#include <xen/sched.h>
#include <xen/sizes.h>
#include <xen/warning.h>
+#include <asm/atomic.h>
+#include <asm/domain.h>
#include <asm/gic.h>
#include <asm/gic_v3_defs.h>
#include <asm/gic_v3_its.h>
#include <asm/io.h>
#include <asm/page.h>
+/*
+ * There could be a lot of LPIs on the host side, and they always go to
+ * a guest. So having a struct irq_desc for each of them would be wasteful
+ * and useless.
+ * Instead just store enough information to find the right VCPU to inject
+ * those LPIs into, which just requires the virtual LPI number.
+ * To avoid a global lock on this data structure, this is using a lockless
+ * approach relying on the architectural atomicity of native data types:
+ * We read or write the "data" view of this union atomically, then can
+ * access the broken-down fields in our local copy.
+ */
+union host_lpi {
+ uint64_t data;
+ struct {
+ uint32_t virt_lpi;
+ uint16_t dom_id;
+ uint16_t vcpu_id;
+ };
+};
+
#define LPI_PROPTABLE_NEEDS_FLUSHING (1U << 0)
/* Global state */
@@ -35,12 +58,23 @@ static struct {
/* The global LPI property table, shared by all redistributors. */
uint8_t *lpi_property;
/*
+ * A two-level table to lookup LPIs firing on the host and look up the
+ * VCPU and virtual LPI number to inject into.
+ */
+ union host_lpi **host_lpis;
+ /*
* Number of physical LPIs the host supports. This is a property of
* the GIC hardware. We depart from the habit of naming these things
* "physical" in Xen, as the GICv3/4 spec uses the term "physical LPI"
* in a different context to differentiate them from "virtual LPIs".
*/
unsigned long int max_host_lpi_ids;
+ /*
+ * Protects allocation and deallocation of host LPIs and next_free_lpi,
+ * but not the actual data stored in the host_lpi entry.
+ */
+ spinlock_t host_lpis_lock;
+ uint32_t next_free_lpi;
unsigned int flags;
} lpi_data;
@@ -53,6 +87,28 @@ struct lpi_redist_data {
static DEFINE_PER_CPU(struct lpi_redist_data, lpi_redist);
#define MAX_NR_HOST_LPIS (lpi_data.max_host_lpi_ids - LPI_OFFSET)
+#define HOST_LPIS_PER_PAGE (PAGE_SIZE / sizeof(union host_lpi))
+
+static union host_lpi *gic_get_host_lpi(uint32_t plpi)
+{
+ union host_lpi *block;
+
+ if ( !is_lpi(plpi) || plpi >= MAX_NR_HOST_LPIS + LPI_OFFSET )
+ return NULL;
+
+ ASSERT(plpi >= LPI_OFFSET);
+
+ plpi -= LPI_OFFSET;
+
+ block = lpi_data.host_lpis[plpi / HOST_LPIS_PER_PAGE];
+ if ( !block )
+ return NULL;
+
+ /* Matches the write barrier in allocation code. */
+ smp_rmb();
+
+ return &block[plpi % HOST_LPIS_PER_PAGE];
+}
/*
* An ITS can refer to redistributors in two ways: either by an ID (possibly
@@ -220,8 +276,18 @@ int gicv3_lpi_init_rdist(void __iomem * rdist_base)
static unsigned int max_lpi_bits = 20;
integer_param("max_lpi_bits", max_lpi_bits);
+/*
+ * Allocate the 2nd level array for host LPIs. This one holds pointers
+ * to the page with the actual "union host_lpi" entries. Our LPI limit
+ * avoids excessive memory usage.
+ */
int gicv3_lpi_init_host_lpis(unsigned int host_lpi_bits)
{
+ unsigned int nr_lpi_ptrs;
+
+ /* We rely on the data structure being atomically accessible. */
+ BUILD_BUG_ON(sizeof(union host_lpi) > sizeof(unsigned long));
+
/*
* An implementation needs to support at least 14 bits of LPI IDs.
* Tell the user about it, the actual number is reported below.
@@ -240,11 +306,175 @@ int gicv3_lpi_init_host_lpis(unsigned int host_lpi_bits)
if ( lpi_data.max_host_lpi_ids > BIT(24) )
warning_add("Using high number of LPIs, limit memory usage with max_lpi_bits\n");
+ spin_lock_init(&lpi_data.host_lpis_lock);
+ lpi_data.next_free_lpi = 0;
+
+ nr_lpi_ptrs = MAX_NR_HOST_LPIS / (PAGE_SIZE / sizeof(union host_lpi));
+ lpi_data.host_lpis = xzalloc_array(union host_lpi *, nr_lpi_ptrs);
+ if ( !lpi_data.host_lpis )
+ return -ENOMEM;
+
printk("GICv3: using at most %lu LPIs on the host.\n", MAX_NR_HOST_LPIS);
return 0;
}
+static int find_unused_host_lpi(uint32_t start, uint32_t *index)
+{
+ unsigned int chunk;
+ uint32_t i = *index;
+
+ ASSERT(spin_is_locked(&lpi_data.host_lpis_lock));
+
+ for ( chunk = start;
+ chunk < MAX_NR_HOST_LPIS / HOST_LPIS_PER_PAGE;
+ chunk++ )
+ {
+ /* If we hit an unallocated chunk, use entry 0 in that one. */
+ if ( !lpi_data.host_lpis[chunk] )
+ {
+ *index = 0;
+ return chunk;
+ }
+
+ /* Find an unallocated entry in this chunk. */
+ for ( ; i < HOST_LPIS_PER_PAGE; i += LPI_BLOCK )
+ {
+ if ( lpi_data.host_lpis[chunk][i].dom_id == DOMID_INVALID )
+ {
+ *index = i;
+ return chunk;
+ }
+ }
+ i = 0;
+ }
+
+ return -1;
+}
+
+/*
+ * Allocate a block of 32 LPIs on the given host ITS for device "devid",
+ * starting with "eventid". Put them into the respective ITT by issuing a
+ * MAPTI command for each of them.
+ */
+int gicv3_allocate_host_lpi_block(struct domain *d, uint32_t *first_lpi)
+{
+ uint32_t lpi, lpi_idx;
+ int chunk;
+ int i;
+
+ spin_lock(&lpi_data.host_lpis_lock);
+ lpi_idx = lpi_data.next_free_lpi % HOST_LPIS_PER_PAGE;
+ chunk = find_unused_host_lpi(lpi_data.next_free_lpi / HOST_LPIS_PER_PAGE,
+ &lpi_idx);
+
+ if ( chunk == - 1 ) /* rescan for a hole from the beginning */
+ {
+ lpi_idx = 0;
+ chunk = find_unused_host_lpi(0, &lpi_idx);
+ if ( chunk == -1 )
+ {
+ spin_unlock(&lpi_data.host_lpis_lock);
+ return -ENOSPC;
+ }
+ }
+
+ /* If we hit an unallocated chunk, we initialize it and use entry 0. */
+ if ( !lpi_data.host_lpis[chunk] )
+ {
+ union host_lpi *new_chunk;
+
+ /* TODO: NUMA locality for quicker IRQ path? */
+ new_chunk = alloc_xenheap_page();
+ if ( !new_chunk )
+ {
+ spin_unlock(&lpi_data.host_lpis_lock);
+ return -ENOMEM;
+ }
+
+ for ( i = 0; i < HOST_LPIS_PER_PAGE; i += LPI_BLOCK )
+ new_chunk[i].dom_id = DOMID_INVALID;
+
+ /*
+ * Make sure all slots are really marked empty before publishing the
+ * new chunk.
+ */
+ smp_wmb();
+
+ lpi_data.host_lpis[chunk] = new_chunk;
+ lpi_idx = 0;
+ }
+
+ lpi = chunk * HOST_LPIS_PER_PAGE + lpi_idx;
+
+ for ( i = 0; i < LPI_BLOCK; i++ )
+ {
+ union host_lpi hlpi;
+
+ /*
+ * Mark this host LPI as belonging to the domain, but don't assign
+ * any virtual LPI or a VCPU yet.
+ */
+ hlpi.virt_lpi = INVALID_LPI;
+ hlpi.dom_id = d->domain_id;
+ hlpi.vcpu_id = INVALID_VCPU_ID;
+ write_u64_atomic(&lpi_data.host_lpis[chunk][lpi_idx + i].data,
+ hlpi.data);
+
+ /*
+ * Enable this host LPI, so we don't have to do this during the
+ * guest's runtime.
+ */
+ lpi_data.lpi_property[lpi + i] |= LPI_PROP_ENABLED;
+ }
+
+ lpi_data.next_free_lpi = lpi + LPI_BLOCK;
+
+ /*
+ * We have allocated and initialized the host LPI entries, so it's safe
+ * to drop the lock now. Access to the structures can be done concurrently
+ * as it involves only an atomic uint64_t access.
+ */
+ spin_unlock(&lpi_data.host_lpis_lock);
+
+ if ( lpi_data.flags & LPI_PROPTABLE_NEEDS_FLUSHING )
+ clean_and_invalidate_dcache_va_range(&lpi_data.lpi_property[lpi],
+ LPI_BLOCK);
+
+ *first_lpi = lpi + LPI_OFFSET;
+
+ return 0;
+}
+
+void gicv3_free_host_lpi_block(uint32_t first_lpi)
+{
+ union host_lpi *hlpi, empty_lpi = { .dom_id = DOMID_INVALID };
+ int i;
+
+ /* This should only be called with the beginning of a block. */
+ ASSERT((first_lpi % LPI_BLOCK) == 0);
+
+ hlpi = gic_get_host_lpi(first_lpi);
+ if ( !hlpi )
+ return; /* Nothing to free here. */
+
+ spin_lock(&lpi_data.host_lpis_lock);
+
+ for ( i = 0; i < LPI_BLOCK; i++ )
+ write_u64_atomic(&hlpi[i].data, empty_lpi.data);
+
+ /*
+ * Make sure the next allocation can reuse this block, as we do only
+ * forward scanning when finding an unused block.
+ */
+ if ( lpi_data.next_free_lpi > first_lpi )
+ lpi_data.next_free_lpi = first_lpi;
+
+ spin_unlock(&lpi_data.host_lpis_lock);
+
+ return;
+}
+
/*
* Local variables:
* mode: C
diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
index 13794e0..a96c9dc 100644
--- a/xen/include/asm-arm/gic_v3_its.h
+++ b/xen/include/asm-arm/gic_v3_its.h
@@ -103,6 +103,9 @@
#define HOST_ITS_FLUSH_CMD_QUEUE (1U << 0)
#define HOST_ITS_USES_PTA (1U << 1)
+/* We allocate LPIs on the hosts in chunks of 32 to reduce handling overhead. */
+#define LPI_BLOCK 32U
+
/* data structure for each hardware ITS */
struct host_its {
struct list_head entry;
@@ -141,6 +144,9 @@ uint64_t gicv3_get_redist_address(unsigned int cpu, bool use_pta);
/* Map a collection for this host CPU to each host ITS. */
int gicv3_its_setup_collection(unsigned int cpu);
+int gicv3_allocate_host_lpi_block(struct domain *d, uint32_t *first_lpi);
+void gicv3_free_host_lpi_block(uint32_t first_lpi);
+
#else
static inline void gicv3_its_dt_init(const struct dt_device_node *node)
diff --git a/xen/include/asm-arm/irq.h b/xen/include/asm-arm/irq.h
index f940092..7c76626 100644
--- a/xen/include/asm-arm/irq.h
+++ b/xen/include/asm-arm/irq.h
@@ -28,6 +28,9 @@ struct arch_irq_desc {
#define LPI_OFFSET 8192
+/* LPIs are always numbered starting at 8192, so 0 is a good invalid case. */
+#define INVALID_LPI 0
+
#define nr_irqs NR_IRQS
#define nr_static_irqs NR_IRQS
#define arch_hwdom_irqs(domid) NR_IRQS
@@ -41,6 +44,11 @@ struct irq_desc *__irq_to_desc(int irq);
void do_IRQ(struct cpu_user_regs *regs, unsigned int irq, int is_fiq);
+static inline bool is_lpi(unsigned int irq)
+{
+ return irq >= LPI_OFFSET;
+}
+
#define domain_pirq_to_irq(d, pirq) (pirq)
bool_t is_assignable_irq(unsigned int irq);
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 08/36] ARM: vGICv3: introduce ITS emulation stub
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (6 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 07/36] ARM: GICv3 ITS: introduce host LPI array Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 17:57 ` Stefano Stabellini
2017-04-07 18:09 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 09/36] ARM: GICv3 ITS: introduce device mapping Andre Przywara
` (27 subsequent siblings)
35 siblings, 2 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Create a new file to hold the emulation code for the ITS widget.
This just holds the data structure and a init and free function for now.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/Makefile | 1 +
xen/arch/arm/vgic-v3-its.c | 86 ++++++++++++++++++++++++++++++++++++++++
xen/arch/arm/vgic-v3.c | 8 +++-
xen/include/asm-arm/gic_v3_its.h | 13 ++++++
4 files changed, 107 insertions(+), 1 deletion(-)
create mode 100644 xen/arch/arm/vgic-v3-its.c
diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
index 6be85ab..49e1fb2 100644
--- a/xen/arch/arm/Makefile
+++ b/xen/arch/arm/Makefile
@@ -47,6 +47,7 @@ obj-y += traps.o
obj-y += vgic.o
obj-y += vgic-v2.o
obj-$(CONFIG_HAS_GICV3) += vgic-v3.o
+obj-$(CONFIG_HAS_ITS) += vgic-v3-its.o
obj-y += vm_event.o
obj-y += vtimer.o
obj-y += vpsci.o
diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
new file mode 100644
index 0000000..2f1a255
--- /dev/null
+++ b/xen/arch/arm/vgic-v3-its.c
@@ -0,0 +1,86 @@
+/*
+ * xen/arch/arm/vgic-v3-its.c
+ *
+ * ARM Interrupt Translation Service (ITS) emulation
+ *
+ * Andre Przywara <andre.przywara@arm.com>
+ * Copyright (c) 2016,2017 ARM Ltd.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; under version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <xen/bitops.h>
+#include <xen/config.h>
+#include <xen/domain_page.h>
+#include <xen/lib.h>
+#include <xen/init.h>
+#include <xen/softirq.h>
+#include <xen/irq.h>
+#include <xen/sched.h>
+#include <xen/sizes.h>
+#include <asm/current.h>
+#include <asm/mmio.h>
+#include <asm/gic_v3_defs.h>
+#include <asm/gic_v3_its.h>
+#include <asm/vgic.h>
+#include <asm/vgic-emul.h>
+
+/*
+ * Data structure to describe a virtual ITS.
+ * If both the vcmd_lock and the its_lock are required, the vcmd_lock must
+ * be taken first.
+ */
+struct virt_its {
+ struct domain *d;
+ unsigned int devid_bits;
+ unsigned int intid_bits;
+ spinlock_t vcmd_lock; /* Protects the virtual command buffer, which */
+ uint64_t cwriter; /* consists of CWRITER and CREADR and those */
+ uint64_t creadr; /* shadow variables cwriter and creadr. */
+ /* Protects the rest of this structure, including the ITS tables. */
+ spinlock_t its_lock;
+ uint64_t cbaser;
+ uint64_t baser_dev, baser_coll; /* BASER0 and BASER1 for the guest */
+ unsigned int max_collections;
+ unsigned int max_devices;
+ bool enabled;
+};
+
+/*
+ * An Interrupt Translation Table Entry: this is indexed by a
+ * DeviceID/EventID pair and is located in guest memory.
+ */
+struct vits_itte
+{
+ uint32_t vlpi;
+ uint16_t collection;
+ uint16_t pad;
+};
+
+int vgic_v3_its_init_domain(struct domain *d)
+{
+ return 0;
+}
+
+void vgic_v3_its_free_domain(struct domain *d)
+{
+}
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c
index 1e9890b..d10757a 100644
--- a/xen/arch/arm/vgic-v3.c
+++ b/xen/arch/arm/vgic-v3.c
@@ -28,6 +28,7 @@
#include <asm/current.h>
#include <asm/mmio.h>
#include <asm/gic_v3_defs.h>
+#include <asm/gic_v3_its.h>
#include <asm/vgic.h>
#include <asm/vgic-emul.h>
#include <asm/vreg.h>
@@ -1438,7 +1439,7 @@ static inline unsigned int vgic_v3_rdist_count(struct domain *d)
static int vgic_v3_domain_init(struct domain *d)
{
struct vgic_rdist_region *rdist_regions;
- int rdist_count, i;
+ int rdist_count, i, ret;
/* Allocate memory for Re-distributor regions */
rdist_count = vgic_v3_rdist_count(d);
@@ -1498,6 +1499,10 @@ static int vgic_v3_domain_init(struct domain *d)
d->arch.vgic.rdist_regions[0].first_cpu = 0;
}
+ ret = vgic_v3_its_init_domain(d);
+ if ( ret )
+ return ret;
+
/* Register mmio handle for the Distributor */
register_mmio_handler(d, &vgic_distr_mmio_handler, d->arch.vgic.dbase,
SZ_64K, NULL);
@@ -1522,6 +1527,7 @@ static int vgic_v3_domain_init(struct domain *d)
static void vgic_v3_domain_free(struct domain *d)
{
+ vgic_v3_its_free_domain(d);
xfree(d->arch.vgic.rdist_regions);
}
diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
index a96c9dc..84d1692 100644
--- a/xen/include/asm-arm/gic_v3_its.h
+++ b/xen/include/asm-arm/gic_v3_its.h
@@ -144,6 +144,10 @@ uint64_t gicv3_get_redist_address(unsigned int cpu, bool use_pta);
/* Map a collection for this host CPU to each host ITS. */
int gicv3_its_setup_collection(unsigned int cpu);
+/* Initialize and destroy the per-domain parts of the virtual ITS support. */
+int vgic_v3_its_init_domain(struct domain *d);
+void vgic_v3_its_free_domain(struct domain *d);
+
int gicv3_allocate_host_lpi_block(struct domain *d, uint32_t *first_lpi);
void gicv3_free_host_lpi_block(uint32_t first_lpi);
@@ -184,6 +188,15 @@ static inline int gicv3_its_setup_collection(unsigned int cpu)
BUG();
}
+static inline int vgic_v3_its_init_domain(struct domain *d)
+{
+ return 0;
+}
+
+static inline void vgic_v3_its_free_domain(struct domain *d)
+{
+}
+
#endif /* CONFIG_HAS_ITS */
#endif
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 09/36] ARM: GICv3 ITS: introduce device mapping
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (7 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 08/36] ARM: vGICv3: introduce ITS emulation stub Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 18:21 ` Stefano Stabellini
2017-04-07 18:21 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 10/36] ARM: GIC: Add checks for NULL pointer pending_irq's Andre Przywara
` (26 subsequent siblings)
35 siblings, 2 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
The ITS uses device IDs to map LPIs to a device. Dom0 will later use
those IDs, which we directly pass on to the host.
For this we have to map each device that Dom0 may request to a host
ITS device with the same identifier.
Allocate the respective memory and enter each device into an rbtree to
later be able to iterate over it or to easily teardown guests.
Because device IDs are per ITS, we need to identify a virtual ITS. We
use the doorbell address for that purpose, as it is a nice architectural
MSI property and spares us handling with opaque pointer or break
the VGIC abstraction.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/gic-v3-its.c | 345 +++++++++++++++++++++++++++++++++++++++
xen/arch/arm/vgic-v3-its.c | 4 +
xen/include/asm-arm/domain.h | 3 +
xen/include/asm-arm/gic_v3_its.h | 13 ++
4 files changed, 365 insertions(+)
diff --git a/xen/arch/arm/gic-v3-its.c b/xen/arch/arm/gic-v3-its.c
index 0164b96..1951ec8 100644
--- a/xen/arch/arm/gic-v3-its.c
+++ b/xen/arch/arm/gic-v3-its.c
@@ -21,6 +21,8 @@
#include <xen/lib.h>
#include <xen/delay.h>
#include <xen/mm.h>
+#include <xen/rbtree.h>
+#include <xen/sched.h>
#include <xen/sizes.h>
#include <asm/gic.h>
#include <asm/gic_v3_defs.h>
@@ -36,6 +38,26 @@
*/
LIST_HEAD(host_its_list);
+/*
+ * Describes a device which is using the ITS and is used by a guest.
+ * Since device IDs are per ITS (in contrast to vLPIs, which are per
+ * guest), we have to differentiate between different virtual ITSes.
+ * We use the doorbell address here, since this is a nice architectural
+ * property of MSIs in general and we can easily get to the base address
+ * of the ITS and look that up.
+ */
+struct its_device {
+ struct rb_node rbnode;
+ struct host_its *hw_its;
+ void *itt_addr;
+ paddr_t guest_doorbell; /* Identifies the virtual ITS */
+ uint32_t host_devid;
+ uint32_t guest_devid;
+ uint32_t eventids; /* Number of event IDs (MSIs) */
+ uint32_t *host_lpi_blocks; /* Which LPIs are used on the host */
+ struct pending_irq *pend_irqs; /* One struct per event */
+};
+
bool gicv3_its_host_has_its(void)
{
return !list_empty(&host_its_list);
@@ -157,6 +179,20 @@ static int its_send_cmd_sync(struct host_its *its, unsigned int cpu)
return its_send_command(its, cmd);
}
+static int its_send_cmd_mapti(struct host_its *its,
+ uint32_t deviceid, uint32_t eventid,
+ uint32_t pintid, uint16_t icid)
+{
+ uint64_t cmd[4];
+
+ cmd[0] = GITS_CMD_MAPTI | ((uint64_t)deviceid << 32);
+ cmd[1] = eventid | ((uint64_t)pintid << 32);
+ cmd[2] = icid;
+ cmd[3] = 0x00;
+
+ return its_send_command(its, cmd);
+}
+
static int its_send_cmd_mapc(struct host_its *its, uint32_t collection_id,
unsigned int cpu)
{
@@ -171,6 +207,43 @@ static int its_send_cmd_mapc(struct host_its *its, uint32_t collection_id,
return its_send_command(its, cmd);
}
+static int its_send_cmd_mapd(struct host_its *its, uint32_t deviceid,
+ uint8_t size_bits, paddr_t itt_addr, bool valid)
+{
+ uint64_t cmd[4];
+
+ if ( valid )
+ {
+ ASSERT(size_bits <= its->evid_bits);
+ ASSERT(size_bits > 0);
+ ASSERT(!(itt_addr & ~GENMASK(51, 8)));
+
+ /* The number of events is encoded as "number of bits minus one". */
+ size_bits--;
+ }
+ cmd[0] = GITS_CMD_MAPD | ((uint64_t)deviceid << 32);
+ cmd[1] = size_bits;
+ cmd[2] = itt_addr;
+ if ( valid )
+ cmd[2] |= GITS_VALID_BIT;
+ cmd[3] = 0x00;
+
+ return its_send_command(its, cmd);
+}
+
+static int its_send_cmd_inv(struct host_its *its,
+ uint32_t deviceid, uint32_t eventid)
+{
+ uint64_t cmd[4];
+
+ cmd[0] = GITS_CMD_INV | ((uint64_t)deviceid << 32);
+ cmd[1] = eventid;
+ cmd[2] = 0x00;
+ cmd[3] = 0x00;
+
+ return its_send_command(its, cmd);
+}
+
/* Set up the (1:1) collection mapping for the given host CPU. */
int gicv3_its_setup_collection(unsigned int cpu)
{
@@ -450,6 +523,278 @@ int gicv3_its_init(void)
return 0;
}
+/*
+ * TODO: Investiage the interaction when a guest removes a device while
+ * some LPIs are still in flight.
+ */
+static int remove_mapped_guest_device(struct its_device *dev)
+{
+ int ret = 0;
+ unsigned int i;
+
+ if ( dev->hw_its )
+ /* MAPD also discards all events with this device ID. */
+ ret = its_send_cmd_mapd(dev->hw_its, dev->host_devid, 0, 0, false);
+
+ for ( i = 0; i < dev->eventids / LPI_BLOCK; i++ )
+ gicv3_free_host_lpi_block(dev->host_lpi_blocks[i]);
+
+ /* Make sure the MAPD command above is really executed. */
+ if ( !ret )
+ ret = gicv3_its_wait_commands(dev->hw_its);
+
+ /* This should never happen, but just in case ... */
+ if ( ret && printk_ratelimit() )
+ printk(XENLOG_WARNING "Can't unmap host ITS device 0x%x\n",
+ dev->host_devid);
+
+ xfree(dev->itt_addr);
+ xfree(dev->pend_irqs);
+ xfree(dev->host_lpi_blocks);
+ xfree(dev);
+
+ return 0;
+}
+
+static struct host_its *gicv3_its_find_by_doorbell(paddr_t doorbell_address)
+{
+ struct host_its *hw_its;
+
+ list_for_each_entry(hw_its, &host_its_list, entry)
+ {
+ if ( hw_its->addr + ITS_DOORBELL_OFFSET == doorbell_address )
+ return hw_its;
+ }
+
+ return NULL;
+}
+
+static int compare_its_guest_devices(struct its_device *dev,
+ paddr_t vdoorbell, uint32_t vdevid)
+{
+ if ( dev->guest_doorbell < vdoorbell )
+ return -1;
+
+ if ( dev->guest_doorbell > vdoorbell )
+ return 1;
+
+ if ( dev->guest_devid < vdevid )
+ return -1;
+
+ if ( dev->guest_devid > vdevid )
+ return 1;
+
+ return 0;
+}
+
+/*
+ * On the host ITS @its, map @nr_events consecutive LPIs.
+ * The mapping connects a device @devid and event @eventid pair to LPI @lpi,
+ * increasing both @eventid and @lpi to cover the number of requested LPIs.
+ */
+static int gicv3_its_map_host_events(struct host_its *its,
+ uint32_t devid, uint32_t eventid,
+ uint32_t lpi, uint32_t nr_events)
+{
+ uint32_t i;
+ int ret;
+
+ for ( i = 0; i < nr_events; i++ )
+ {
+ /* For now we map every host LPI to host CPU 0 */
+ ret = its_send_cmd_mapti(its, devid, eventid + i, lpi + i, 0);
+ if ( ret )
+ return ret;
+
+ ret = its_send_cmd_inv(its, devid, eventid + i);
+ if ( ret )
+ return ret;
+ }
+
+ /* TODO: Consider using INVALL here. Didn't work on the model, though. */
+
+ ret = its_send_cmd_sync(its, 0);
+ if ( ret )
+ return ret;
+
+ return gicv3_its_wait_commands(its);
+}
+
+/*
+ * Map a hardware device, identified by a certain host ITS and its device ID
+ * to domain d, a guest ITS (identified by its doorbell address) and device ID.
+ * Also provide the number of events (MSIs) needed for that device.
+ * This does not check if this particular hardware device is already mapped
+ * at another domain, it is expected that this would be done by the caller.
+ */
+int gicv3_its_map_guest_device(struct domain *d,
+ paddr_t host_doorbell, uint32_t host_devid,
+ paddr_t guest_doorbell, uint32_t guest_devid,
+ uint64_t nr_events, bool valid)
+{
+ void *itt_addr = NULL;
+ struct host_its *hw_its;
+ struct its_device *dev = NULL;
+ struct rb_node **new = &d->arch.vgic.its_devices.rb_node, *parent = NULL;
+ int i, ret = -ENOENT; /* "i" must be signed to check for >= 0 below. */
+
+ hw_its = gicv3_its_find_by_doorbell(host_doorbell);
+ if ( !hw_its )
+ return ret;
+
+ /* Sanitise the provided hardware values against the host ITS. */
+ if ( host_devid >= BIT(hw_its->devid_bits) )
+ return -EINVAL;
+
+ /*
+ * The ITS requires the number of events to be a power of 2. We allocate
+ * events and LPIs in chunks of LPI_BLOCK (=32), so make sure we
+ * allocate at least that many.
+ * TODO: Investigate if the number of events can be limited to smaller
+ * values if the guest does not require that many.
+ */
+ nr_events = BIT(fls(nr_events - 1));
+ if ( nr_events < LPI_BLOCK )
+ nr_events = LPI_BLOCK;
+ if ( nr_events >= BIT(hw_its->evid_bits) )
+ return -EINVAL;
+
+ /* check for already existing mappings */
+ spin_lock(&d->arch.vgic.its_devices_lock);
+ while ( *new )
+ {
+ struct its_device *temp;
+ int cmp;
+
+ temp = rb_entry(*new, struct its_device, rbnode);
+
+ parent = *new;
+ cmp = compare_its_guest_devices(temp, guest_doorbell, guest_devid);
+ if ( !cmp )
+ {
+ if ( !valid )
+ rb_erase(&temp->rbnode, &d->arch.vgic.its_devices);
+
+ spin_unlock(&d->arch.vgic.its_devices_lock);
+
+ if ( valid )
+ {
+ printk(XENLOG_G_WARNING "d%d tried to remap guest ITS device 0x%x to host device 0x%x\n",
+ d->domain_id, guest_devid, host_devid);
+ return -EBUSY;
+ }
+
+ return remove_mapped_guest_device(temp);
+ }
+
+ if ( cmp > 0 )
+ new = &((*new)->rb_left);
+ else
+ new = &((*new)->rb_right);
+ }
+
+ if ( !valid )
+ goto out_unlock;
+
+ ret = -ENOMEM;
+
+ /* An Interrupt Translation Table needs to be 256-byte aligned. */
+ itt_addr = _xzalloc(nr_events * hw_its->itte_size, 256);
+ if ( !itt_addr )
+ goto out_unlock;
+
+ dev = xzalloc(struct its_device);
+ if ( !dev )
+ goto out_unlock;
+
+ /*
+ * Allocate the pending_irqs for each virtual LPI. They will be put
+ * into the domain's radix tree upon the guest's MAPTI command.
+ * Pre-allocating memory for each *possible* LPI would be using way
+ * too much memory (they can be sparsely used by the guest), also
+ * allocating them on demand requires memory allocation in the interrupt
+ * injection code path, which is not really desired.
+ * So we compromise here by pre-allocating memory for each *mapped* LPI.
+ * See the mailing list discussion for some background:
+ * https://lists.xen.org/archives/html/xen-devel/2017-03/msg03645.html
+ */
+ dev->pend_irqs = xzalloc_array(struct pending_irq, nr_events);
+ if ( !dev->pend_irqs )
+ goto out_unlock;
+
+ dev->host_lpi_blocks = xzalloc_array(uint32_t, nr_events);
+ if ( !dev->host_lpi_blocks )
+ goto out_unlock;
+
+ ret = its_send_cmd_mapd(hw_its, host_devid, fls(nr_events - 1),
+ virt_to_maddr(itt_addr), true);
+ if ( ret )
+ goto out_unlock;
+
+ dev->itt_addr = itt_addr;
+ dev->hw_its = hw_its;
+ dev->guest_doorbell = guest_doorbell;
+ dev->guest_devid = guest_devid;
+ dev->host_devid = host_devid;
+ dev->eventids = nr_events;
+
+ rb_link_node(&dev->rbnode, parent, new);
+ rb_insert_color(&dev->rbnode, &d->arch.vgic.its_devices);
+
+ spin_unlock(&d->arch.vgic.its_devices_lock);
+
+ /*
+ * Map all host LPIs within this device already. We can't afford to queue
+ * any host ITS commands later on during the guest's runtime.
+ */
+ for ( i = 0; i < nr_events / LPI_BLOCK; i++ )
+ {
+ ret = gicv3_allocate_host_lpi_block(d, &dev->host_lpi_blocks[i]);
+ if ( ret < 0 )
+ break;
+
+ ret = gicv3_its_map_host_events(hw_its, host_devid, i * LPI_BLOCK,
+ dev->host_lpi_blocks[i], LPI_BLOCK);
+ if ( ret < 0 )
+ break;
+ }
+
+ if ( ret )
+ {
+ /* Clean up all allocated host LPI blocks. */
+ for ( ; i >= 0; i-- )
+ {
+ if ( dev->host_lpi_blocks[i] )
+ gicv3_free_host_lpi_block(dev->host_lpi_blocks[i]);
+ }
+
+ /*
+ * Unmapping the device will discard all LPIs mapped so far.
+ * We are already on the failing path, so no error checking to
+ * not mask the original error value. This should never fail anyway.
+ */
+ its_send_cmd_mapd(hw_its, host_devid, 0, 0, false);
+
+ goto out;
+ }
+
+ return 0;
+
+out_unlock:
+ spin_unlock(&d->arch.vgic.its_devices_lock);
+
+out:
+ if ( dev )
+ {
+ xfree(dev->pend_irqs);
+ xfree(dev->host_lpi_blocks);
+ }
+ xfree(itt_addr);
+ xfree(dev);
+
+ return ret;
+}
+
/* Scan the DT for any ITS nodes and create a list of host ITSes out of it. */
void gicv3_its_dt_init(const struct dt_device_node *node)
{
diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
index 2f1a255..065ffe2 100644
--- a/xen/arch/arm/vgic-v3-its.c
+++ b/xen/arch/arm/vgic-v3-its.c
@@ -69,11 +69,15 @@ struct vits_itte
int vgic_v3_its_init_domain(struct domain *d)
{
+ spin_lock_init(&d->arch.vgic.its_devices_lock);
+ d->arch.vgic.its_devices = RB_ROOT;
+
return 0;
}
void vgic_v3_its_free_domain(struct domain *d)
{
+ ASSERT(RB_EMPTY_ROOT(&d->arch.vgic.its_devices));
}
/*
diff --git a/xen/include/asm-arm/domain.h b/xen/include/asm-arm/domain.h
index 68185e2..6de8082 100644
--- a/xen/include/asm-arm/domain.h
+++ b/xen/include/asm-arm/domain.h
@@ -10,6 +10,7 @@
#include <asm/gic.h>
#include <public/hvm/params.h>
#include <xen/serial.h>
+#include <xen/rbtree.h>
struct hvm_domain
{
@@ -108,6 +109,8 @@ struct arch_domain
} *rdist_regions;
int nr_regions; /* Number of rdist regions */
uint32_t rdist_stride; /* Re-Distributor stride */
+ struct rb_root its_devices; /* Devices mapped to an ITS */
+ spinlock_t its_devices_lock; /* Protects the its_devices tree */
#endif
} vgic;
diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
index 84d1692..29559a3 100644
--- a/xen/include/asm-arm/gic_v3_its.h
+++ b/xen/include/asm-arm/gic_v3_its.h
@@ -98,7 +98,10 @@
#define GITS_CMD_MOVALL 0x0e
#define GITS_CMD_DISCARD 0x0f
+#define ITS_DOORBELL_OFFSET 0x10040
+
#include <xen/device_tree.h>
+#include <xen/rbtree.h>
#define HOST_ITS_FLUSH_CMD_QUEUE (1U << 0)
#define HOST_ITS_USES_PTA (1U << 1)
@@ -148,6 +151,16 @@ int gicv3_its_setup_collection(unsigned int cpu);
int vgic_v3_its_init_domain(struct domain *d);
void vgic_v3_its_free_domain(struct domain *d);
+/*
+ * Map a device on the host by allocating an ITT on the host (ITS).
+ * "nr_event" specifies how many events (interrupts) this device will need.
+ * Setting "valid" to false deallocates the device.
+ */
+int gicv3_its_map_guest_device(struct domain *d,
+ paddr_t host_doorbell, uint32_t host_devid,
+ paddr_t guest_doorbell, uint32_t guest_devid,
+ uint64_t nr_events, bool valid);
+
int gicv3_allocate_host_lpi_block(struct domain *d, uint32_t *first_lpi);
void gicv3_free_host_lpi_block(uint32_t first_lpi);
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 10/36] ARM: GIC: Add checks for NULL pointer pending_irq's
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (8 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 09/36] ARM: GICv3 ITS: introduce device mapping Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 18:32 ` Julien Grall
2017-04-07 19:07 ` Stefano Stabellini
2017-04-07 17:32 ` [PATCH v6 11/36] ARM: GICv3: introduce separate pending_irq structs for LPIs Andre Przywara
` (25 subsequent siblings)
35 siblings, 2 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
For LPIs the struct pending_irq's are somewhat dynamically allocated and
the pointers are stored in a radix tree. While I convinced myself that
an invalid LPI number can't make it into the core code, people might be
concerned about NULL pointer dereferences.
So add checks in some places just to be on the safe side.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/gic.c | 23 +++++++++++++++++++++++
xen/arch/arm/vgic.c | 4 ++++
2 files changed, 27 insertions(+)
diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c
index da19130..44c34b1 100644
--- a/xen/arch/arm/gic.c
+++ b/xen/arch/arm/gic.c
@@ -405,6 +405,13 @@ void gic_remove_from_queues(struct vcpu *v, unsigned int virtual_irq)
struct pending_irq *p = irq_to_pending(v, virtual_irq);
unsigned long flags;
+ /*
+ * If an LPIs has been removed meanwhile, it has been cleaned up
+ * already, so nothing to remove here.
+ */
+ if ( !p )
+ return;
+
spin_lock_irqsave(&v->arch.vgic.lock, flags);
if ( !list_empty(&p->lr_queue) )
list_del_init(&p->lr_queue);
@@ -415,6 +422,10 @@ void gic_raise_inflight_irq(struct vcpu *v, unsigned int virtual_irq)
{
struct pending_irq *n = irq_to_pending(v, virtual_irq);
+ /* If an LPI has been removed meanwhile, there is nothing left to raise. */
+ if ( !n )
+ return;
+
ASSERT(spin_is_locked(&v->arch.vgic.lock));
if ( list_empty(&n->lr_queue) )
@@ -461,7 +472,19 @@ static void gic_update_one_lr(struct vcpu *v, int i)
gic_hw_ops->read_lr(i, &lr_val);
irq = lr_val.virq;
+
p = irq_to_pending(v, irq);
+ /* An LPI might have been unmapped, in which case we just clean up here. */
+ if ( !p )
+ {
+ ASSERT(is_lpi(irq));
+
+ gic_hw_ops->clear_lr(i);
+ clear_bit(i, &this_cpu(lr_mask));
+
+ return;
+ }
+
if ( lr_val.state & GICH_LR_ACTIVE )
{
set_bit(GIC_IRQ_GUEST_ACTIVE, &p->status);
diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
index 83569b0..b7ee105 100644
--- a/xen/arch/arm/vgic.c
+++ b/xen/arch/arm/vgic.c
@@ -470,6 +470,10 @@ void vgic_vcpu_inject_irq(struct vcpu *v, unsigned int virq)
unsigned long flags;
bool running;
+ /* If an LPI has been removed, there is nothing to inject here. */
+ if ( !n )
+ return;
+
priority = vgic_get_virq_priority(v, virq);
spin_lock_irqsave(&v->arch.vgic.lock, flags);
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 11/36] ARM: GICv3: introduce separate pending_irq structs for LPIs
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (9 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 10/36] ARM: GIC: Add checks for NULL pointer pending_irq's Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 18:49 ` Stefano Stabellini
2017-04-07 17:32 ` [PATCH v6 12/36] ARM: GICv3: forward pending LPIs to guests Andre Przywara
` (24 subsequent siblings)
35 siblings, 1 reply; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
For the same reason that allocating a struct irq_desc for each
possible LPI is not an option, having a struct pending_irq for each LPI
is also not feasible. We only care about mapped LPIs, so we can get away
with having struct pending_irq's only for them.
Maintain a radix tree per domain where we drop the pointer to the
respective pending_irq. The index used is the virtual LPI number.
The memory for the actual structures has been allocated already per
device at device mapping time.
Teach the existing VGIC functions to find the right pointer when being
given a virtual LPI number.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/vgic-v2.c | 8 ++++++++
xen/arch/arm/vgic-v3.c | 23 +++++++++++++++++++++++
xen/arch/arm/vgic.c | 2 ++
xen/include/asm-arm/domain.h | 2 ++
xen/include/asm-arm/vgic.h | 2 ++
5 files changed, 37 insertions(+)
diff --git a/xen/arch/arm/vgic-v2.c b/xen/arch/arm/vgic-v2.c
index dc9f95b..0587569 100644
--- a/xen/arch/arm/vgic-v2.c
+++ b/xen/arch/arm/vgic-v2.c
@@ -702,10 +702,18 @@ static void vgic_v2_domain_free(struct domain *d)
/* Nothing to be cleanup for this driver */
}
+static struct pending_irq *vgic_v2_lpi_to_pending(struct domain *d,
+ unsigned int vlpi)
+{
+ /* Dummy function, no LPIs on a VGICv2. */
+ BUG();
+}
+
static const struct vgic_ops vgic_v2_ops = {
.vcpu_init = vgic_v2_vcpu_init,
.domain_init = vgic_v2_domain_init,
.domain_free = vgic_v2_domain_free,
+ .lpi_to_pending = vgic_v2_lpi_to_pending,
.max_vcpus = 8,
};
diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c
index d10757a..f25125e 100644
--- a/xen/arch/arm/vgic-v3.c
+++ b/xen/arch/arm/vgic-v3.c
@@ -1451,6 +1451,9 @@ static int vgic_v3_domain_init(struct domain *d)
d->arch.vgic.nr_regions = rdist_count;
d->arch.vgic.rdist_regions = rdist_regions;
+ rwlock_init(&d->arch.vgic.pend_lpi_tree_lock);
+ radix_tree_init(&d->arch.vgic.pend_lpi_tree);
+
/*
* Domain 0 gets the hardware address.
* Guests get the virtual platform layout.
@@ -1528,14 +1531,34 @@ static int vgic_v3_domain_init(struct domain *d)
static void vgic_v3_domain_free(struct domain *d)
{
vgic_v3_its_free_domain(d);
+ radix_tree_destroy(&d->arch.vgic.pend_lpi_tree, NULL);
xfree(d->arch.vgic.rdist_regions);
}
+/*
+ * Looks up a virtual LPI number in our tree of mapped LPIs. This will return
+ * the corresponding struct pending_irq, which we also use to store the
+ * enabled and pending bit plus the priority.
+ * Returns NULL if an LPI cannot be found (or no LPIs are supported).
+ */
+static struct pending_irq *vgic_v3_lpi_to_pending(struct domain *d,
+ unsigned int lpi)
+{
+ struct pending_irq *pirq;
+
+ read_lock(&d->arch.vgic.pend_lpi_tree_lock);
+ pirq = radix_tree_lookup(&d->arch.vgic.pend_lpi_tree, lpi);
+ read_unlock(&d->arch.vgic.pend_lpi_tree_lock);
+
+ return pirq;
+}
+
static const struct vgic_ops v3_ops = {
.vcpu_init = vgic_v3_vcpu_init,
.domain_init = vgic_v3_domain_init,
.domain_free = vgic_v3_domain_free,
.emulate_reg = vgic_v3_emulate_reg,
+ .lpi_to_pending = vgic_v3_lpi_to_pending,
/*
* We use both AFF1 and AFF0 in (v)MPIDR. Thus, the max number of CPU
* that can be supported is up to 4096(==256*16) in theory.
diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
index b7ee105..a7a50bc 100644
--- a/xen/arch/arm/vgic.c
+++ b/xen/arch/arm/vgic.c
@@ -439,6 +439,8 @@ struct pending_irq *irq_to_pending(struct vcpu *v, unsigned int irq)
* are used for SPIs; the rests are used for per cpu irqs */
if ( irq < 32 )
n = &v->arch.vgic.pending_irqs[irq];
+ else if ( is_lpi(irq) )
+ n = v->domain->arch.vgic.handler->lpi_to_pending(v->domain, irq);
else
n = &v->domain->arch.vgic.pending_irqs[irq - 32];
return n;
diff --git a/xen/include/asm-arm/domain.h b/xen/include/asm-arm/domain.h
index 6de8082..91dfe0a 100644
--- a/xen/include/asm-arm/domain.h
+++ b/xen/include/asm-arm/domain.h
@@ -111,6 +111,8 @@ struct arch_domain
uint32_t rdist_stride; /* Re-Distributor stride */
struct rb_root its_devices; /* Devices mapped to an ITS */
spinlock_t its_devices_lock; /* Protects the its_devices tree */
+ struct radix_tree_root pend_lpi_tree; /* Stores struct pending_irq's */
+ rwlock_t pend_lpi_tree_lock; /* Protects the pend_lpi_tree */
#endif
} vgic;
diff --git a/xen/include/asm-arm/vgic.h b/xen/include/asm-arm/vgic.h
index 544867a..04972d3 100644
--- a/xen/include/asm-arm/vgic.h
+++ b/xen/include/asm-arm/vgic.h
@@ -134,6 +134,8 @@ struct vgic_ops {
void (*domain_free)(struct domain *d);
/* vGIC sysreg/cpregs emulate */
bool (*emulate_reg)(struct cpu_user_regs *regs, union hsr hsr);
+ /* lookup the struct pending_irq for a given LPI interrupt */
+ struct pending_irq *(*lpi_to_pending)(struct domain *d, unsigned int vlpi);
/* Maximum number of vCPU supported */
const unsigned int max_vcpus;
};
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 12/36] ARM: GICv3: forward pending LPIs to guests
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (10 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 11/36] ARM: GICv3: introduce separate pending_irq structs for LPIs Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 18:59 ` Stefano Stabellini
2017-04-07 21:09 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 13/36] ARM: GICv3: enable ITS and LPIs on the host Andre Przywara
` (23 subsequent siblings)
35 siblings, 2 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Upon receiving an LPI on the host, we need to find the right VCPU and
virtual IRQ number to get this IRQ injected.
Iterate our two-level LPI table to find this information quickly when
the host takes an LPI. Call the existing injection function to let the
GIC emulation deal with this interrupt.
Also we enhance struct pending_irq to cache the pending bit and the
priority information for LPIs. Reading the information from there is
faster than accessing the property table from guest memory. Also it
use some padding area, so does not require more memory.
This introduces a do_LPI() as a hardware gic_ops and a function to
retrieve the (cached) priority value of an LPI and a vgic_ops.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/gic-v2.c | 7 +++++
xen/arch/arm/gic-v3-lpi.c | 56 ++++++++++++++++++++++++++++++++++++++++
xen/arch/arm/gic-v3.c | 1 +
xen/arch/arm/gic.c | 8 +++++-
xen/arch/arm/vgic-v2.c | 7 +++++
xen/arch/arm/vgic-v3.c | 12 +++++++++
xen/arch/arm/vgic.c | 7 ++++-
xen/include/asm-arm/domain.h | 3 ++-
xen/include/asm-arm/gic.h | 2 ++
xen/include/asm-arm/gic_v3_its.h | 8 ++++++
xen/include/asm-arm/vgic.h | 8 ++++++
11 files changed, 116 insertions(+), 3 deletions(-)
diff --git a/xen/arch/arm/gic-v2.c b/xen/arch/arm/gic-v2.c
index 270a136..ffbe47c 100644
--- a/xen/arch/arm/gic-v2.c
+++ b/xen/arch/arm/gic-v2.c
@@ -1217,6 +1217,12 @@ static int __init gicv2_init(void)
return 0;
}
+static void gicv2_do_LPI(unsigned int lpi)
+{
+ /* No LPIs in a GICv2 */
+ BUG();
+}
+
const static struct gic_hw_operations gicv2_ops = {
.info = &gicv2_info,
.init = gicv2_init,
@@ -1244,6 +1250,7 @@ const static struct gic_hw_operations gicv2_ops = {
.make_hwdom_madt = gicv2_make_hwdom_madt,
.map_hwdom_extra_mappings = gicv2_map_hwdown_extra_mappings,
.iomem_deny_access = gicv2_iomem_deny_access,
+ .do_LPI = gicv2_do_LPI,
};
/* Set up the GIC */
diff --git a/xen/arch/arm/gic-v3-lpi.c b/xen/arch/arm/gic-v3-lpi.c
index 292f2d0..5f3fe2c 100644
--- a/xen/arch/arm/gic-v3-lpi.c
+++ b/xen/arch/arm/gic-v3-lpi.c
@@ -136,6 +136,62 @@ uint64_t gicv3_get_redist_address(unsigned int cpu, bool use_pta)
return per_cpu(lpi_redist, cpu).redist_id << 16;
}
+/*
+ * Handle incoming LPIs, which are a bit special, because they are potentially
+ * numerous and also only get injected into guests. Treat them specially here,
+ * by just looking up their target vCPU and virtual LPI number and hand it
+ * over to the injection function.
+ * Please note that LPIs are edge-triggered only, also have no active state,
+ * so spurious interrupts on the host side are no issue (we can just ignore
+ * them).
+ * Also a guest cannot expect that firing interrupts that haven't been
+ * fully configured yet will reach the CPU, so we don't need to care about
+ * this special case.
+ */
+void gicv3_do_LPI(unsigned int lpi)
+{
+ struct domain *d;
+ union host_lpi *hlpip, hlpi;
+ struct vcpu *vcpu;
+
+ /* EOI the LPI already. */
+ WRITE_SYSREG32(lpi, ICC_EOIR1_EL1);
+
+ /* Find out if a guest mapped something to this physical LPI. */
+ hlpip = gic_get_host_lpi(lpi);
+ if ( !hlpip )
+ return;
+
+ hlpi.data = read_u64_atomic(&hlpip->data);
+
+ /*
+ * Unmapped events are marked with an invalid LPI ID. We can safely
+ * ignore them, as they have no further state and no-one can expect
+ * to see them if they have not been mapped.
+ */
+ if ( hlpi.virt_lpi == INVALID_LPI )
+ return;
+
+ d = rcu_lock_domain_by_id(hlpi.dom_id);
+ if ( !d )
+ return;
+
+ /* Make sure we don't step beyond the vcpu array. */
+ if ( hlpi.vcpu_id >= d->max_vcpus )
+ {
+ rcu_unlock_domain(d);
+ return;
+ }
+
+ vcpu = d->vcpu[hlpi.vcpu_id];
+
+ /* Check if the VCPU is ready to receive LPIs. */
+ if ( vcpu->arch.vgic.flags & VGIC_V3_LPIS_ENABLED )
+ vgic_vcpu_inject_irq(vcpu, hlpi.virt_lpi);
+
+ rcu_unlock_domain(d);
+}
+
static int gicv3_lpi_allocate_pendtable(uint64_t *reg)
{
uint64_t val;
diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
index a559e5e..63dbc21 100644
--- a/xen/arch/arm/gic-v3.c
+++ b/xen/arch/arm/gic-v3.c
@@ -1670,6 +1670,7 @@ static const struct gic_hw_operations gicv3_ops = {
.make_hwdom_dt_node = gicv3_make_hwdom_dt_node,
.make_hwdom_madt = gicv3_make_hwdom_madt,
.iomem_deny_access = gicv3_iomem_deny_access,
+ .do_LPI = gicv3_do_LPI,
};
static int __init gicv3_dt_preinit(struct dt_device_node *node, const void *data)
diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c
index 44c34b1..a6fb927 100644
--- a/xen/arch/arm/gic.c
+++ b/xen/arch/arm/gic.c
@@ -728,7 +728,13 @@ void gic_interrupt(struct cpu_user_regs *regs, int is_fiq)
do_IRQ(regs, irq, is_fiq);
local_irq_disable();
}
- else if (unlikely(irq < 16))
+ else if ( is_lpi(irq) )
+ {
+ local_irq_enable();
+ gic_hw_ops->do_LPI(irq);
+ local_irq_disable();
+ }
+ else if ( unlikely(irq < 16) )
{
do_sgi(regs, irq);
}
diff --git a/xen/arch/arm/vgic-v2.c b/xen/arch/arm/vgic-v2.c
index 0587569..df91940 100644
--- a/xen/arch/arm/vgic-v2.c
+++ b/xen/arch/arm/vgic-v2.c
@@ -709,11 +709,18 @@ static struct pending_irq *vgic_v2_lpi_to_pending(struct domain *d,
BUG();
}
+static int vgic_v2_lpi_get_priority(struct domain *d, unsigned int vlpi)
+{
+ /* Dummy function, no LPIs on a VGICv2. */
+ BUG();
+}
+
static const struct vgic_ops vgic_v2_ops = {
.vcpu_init = vgic_v2_vcpu_init,
.domain_init = vgic_v2_domain_init,
.domain_free = vgic_v2_domain_free,
.lpi_to_pending = vgic_v2_lpi_to_pending,
+ .lpi_get_priority = vgic_v2_lpi_get_priority,
.max_vcpus = 8,
};
diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c
index f25125e..6bc3d76 100644
--- a/xen/arch/arm/vgic-v3.c
+++ b/xen/arch/arm/vgic-v3.c
@@ -1553,12 +1553,24 @@ static struct pending_irq *vgic_v3_lpi_to_pending(struct domain *d,
return pirq;
}
+/* Retrieve the priority of an LPI from its struct pending_irq. */
+static int vgic_v3_lpi_get_priority(struct domain *d, uint32_t vlpi)
+{
+ struct pending_irq *p = vgic_v3_lpi_to_pending(d, vlpi);
+
+ if ( !p )
+ return GIC_PRI_IRQ;
+
+ return p->lpi_priority;
+}
+
static const struct vgic_ops v3_ops = {
.vcpu_init = vgic_v3_vcpu_init,
.domain_init = vgic_v3_domain_init,
.domain_free = vgic_v3_domain_free,
.emulate_reg = vgic_v3_emulate_reg,
.lpi_to_pending = vgic_v3_lpi_to_pending,
+ .lpi_get_priority = vgic_v3_lpi_get_priority,
/*
* We use both AFF1 and AFF0 in (v)MPIDR. Thus, the max number of CPU
* that can be supported is up to 4096(==256*16) in theory.
diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
index a7a50bc..e6c97b2 100644
--- a/xen/arch/arm/vgic.c
+++ b/xen/arch/arm/vgic.c
@@ -226,10 +226,15 @@ struct vcpu *vgic_get_target_vcpu(struct vcpu *v, unsigned int virq)
static int vgic_get_virq_priority(struct vcpu *v, unsigned int virq)
{
- struct vgic_irq_rank *rank = vgic_rank_irq(v, virq);
+ struct vgic_irq_rank *rank;
unsigned long flags;
int priority;
+ /* LPIs don't have a rank, also store their priority separately. */
+ if ( is_lpi(virq) )
+ return v->domain->arch.vgic.handler->lpi_get_priority(v->domain, virq);
+
+ rank = vgic_rank_irq(v, virq);
vgic_lock_rank(v, rank, flags);
priority = rank->priority[virq & INTERRUPT_RANK_MASK];
vgic_unlock_rank(v, rank, flags);
diff --git a/xen/include/asm-arm/domain.h b/xen/include/asm-arm/domain.h
index 91dfe0a..583d491 100644
--- a/xen/include/asm-arm/domain.h
+++ b/xen/include/asm-arm/domain.h
@@ -259,7 +259,8 @@ struct arch_vcpu
/* GICv3: redistributor base and flags for this vCPU */
paddr_t rdist_base;
-#define VGIC_V3_RDIST_LAST (1 << 0) /* last vCPU of the rdist */
+#define VGIC_V3_RDIST_LAST (1 << 0) /* last vCPU of the rdist */
+#define VGIC_V3_LPIS_ENABLED (1 << 1)
uint8_t flags;
} vgic;
diff --git a/xen/include/asm-arm/gic.h b/xen/include/asm-arm/gic.h
index 836a103..42963c0 100644
--- a/xen/include/asm-arm/gic.h
+++ b/xen/include/asm-arm/gic.h
@@ -366,6 +366,8 @@ struct gic_hw_operations {
int (*map_hwdom_extra_mappings)(struct domain *d);
/* Deny access to GIC regions */
int (*iomem_deny_access)(const struct domain *d);
+ /* Handle LPIs, which require special handling */
+ void (*do_LPI)(unsigned int lpi);
};
void register_gic_ops(const struct gic_hw_operations *ops);
diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
index 29559a3..7470779 100644
--- a/xen/include/asm-arm/gic_v3_its.h
+++ b/xen/include/asm-arm/gic_v3_its.h
@@ -134,6 +134,8 @@ void gicv3_its_dt_init(const struct dt_device_node *node);
bool gicv3_its_host_has_its(void);
+void gicv3_do_LPI(unsigned int lpi);
+
int gicv3_lpi_init_rdist(void __iomem * rdist_base);
/* Initialize the host structures for LPIs and the host ITSes. */
@@ -175,6 +177,12 @@ static inline bool gicv3_its_host_has_its(void)
return false;
}
+static inline void gicv3_do_LPI(unsigned int lpi)
+{
+ /* We don't enable LPIs without an ITS. */
+ BUG();
+}
+
static inline int gicv3_lpi_init_rdist(void __iomem * rdist_base)
{
return -ENODEV;
diff --git a/xen/include/asm-arm/vgic.h b/xen/include/asm-arm/vgic.h
index 04972d3..52856ca 100644
--- a/xen/include/asm-arm/vgic.h
+++ b/xen/include/asm-arm/vgic.h
@@ -60,18 +60,25 @@ struct pending_irq
* vcpu while it is still inflight and on an GICH_LR register on the
* old vcpu.
*
+ * GIC_IRQ_GUEST_LPI_PENDING: this caches the pending bit of an LPI.
+ * On hardware the LPI pending bit is stored in a table in system
+ * memory, which would require us to access guest memory every time
+ * we want to learn the state. So we cache the state here.
+ *
*/
#define GIC_IRQ_GUEST_QUEUED 0
#define GIC_IRQ_GUEST_ACTIVE 1
#define GIC_IRQ_GUEST_VISIBLE 2
#define GIC_IRQ_GUEST_ENABLED 3
#define GIC_IRQ_GUEST_MIGRATING 4
+#define GIC_IRQ_GUEST_LPI_PENDING 5
unsigned long status;
struct irq_desc *desc; /* only set it the irq corresponds to a physical irq */
unsigned int irq;
#define GIC_INVALID_LR (uint8_t)~0
uint8_t lr;
uint8_t priority;
+ uint8_t lpi_priority; /* Caches the priority if this is an LPI. */
/* inflight is used to append instances of pending_irq to
* vgic.inflight_irqs */
struct list_head inflight;
@@ -136,6 +143,7 @@ struct vgic_ops {
bool (*emulate_reg)(struct cpu_user_regs *regs, union hsr hsr);
/* lookup the struct pending_irq for a given LPI interrupt */
struct pending_irq *(*lpi_to_pending)(struct domain *d, unsigned int vlpi);
+ int (*lpi_get_priority)(struct domain *d, uint32_t vlpi);
/* Maximum number of vCPU supported */
const unsigned int max_vcpus;
};
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 13/36] ARM: GICv3: enable ITS and LPIs on the host
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (11 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 12/36] ARM: GICv3: forward pending LPIs to guests Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 19:10 ` Stefano Stabellini
2017-04-07 17:32 ` [PATCH v6 14/36] ARM: vGICv3: handle virtual LPI pending and property tables Andre Przywara
` (22 subsequent siblings)
35 siblings, 1 reply; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Now that the host part of the ITS code is in place, we can enable the
ITS and also LPIs on each redistributor to get the show rolling.
At this point there would be no LPIs mapped, as guests don't know about
the ITS yet.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/gic-v3-its.c | 4 ++++
xen/arch/arm/gic-v3.c | 18 ++++++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/xen/arch/arm/gic-v3-its.c b/xen/arch/arm/gic-v3-its.c
index 1951ec8..1dad428 100644
--- a/xen/arch/arm/gic-v3-its.c
+++ b/xen/arch/arm/gic-v3-its.c
@@ -505,6 +505,10 @@ static int gicv3_its_init_single_its(struct host_its *hw_its)
return -ENOMEM;
writeq_relaxed(0, hw_its->its_base + GITS_CWRITER);
+ /* Now enable interrupt translation and command processing on that ITS. */
+ reg = readl_relaxed(hw_its->its_base + GITS_CTLR);
+ writel_relaxed(reg | GITS_CTLR_ENABLE, hw_its->its_base + GITS_CTLR);
+
return 0;
}
diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
index 63dbc21..54fbb19 100644
--- a/xen/arch/arm/gic-v3.c
+++ b/xen/arch/arm/gic-v3.c
@@ -620,6 +620,21 @@ static int gicv3_enable_redist(void)
return 0;
}
+/* Enable LPIs on this redistributor (only useful when the host has an ITS). */
+static bool gicv3_enable_lpis(void)
+{
+ uint32_t val;
+
+ val = readl_relaxed(GICD_RDIST_BASE + GICR_TYPER);
+ if ( !(val & GICR_TYPER_PLPIS) )
+ return false;
+
+ val = readl_relaxed(GICD_RDIST_BASE + GICR_CTLR);
+ writel_relaxed(val | GICR_CTLR_ENABLE_LPIS, GICD_RDIST_BASE + GICR_CTLR);
+
+ return true;
+}
+
static int __init gicv3_populate_rdist(void)
{
int i;
@@ -731,11 +746,14 @@ static int gicv3_cpu_init(void)
if ( gicv3_enable_redist() )
return -ENODEV;
+ /* If the host has any ITSes, enable LPIs now. */
if ( gicv3_its_host_has_its() )
{
ret = gicv3_its_setup_collection(smp_processor_id());
if ( ret )
return ret;
+ if ( !gicv3_enable_lpis() )
+ return -EBUSY;
}
/* Set priority on PPI and SGI interrupts */
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 14/36] ARM: vGICv3: handle virtual LPI pending and property tables
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (12 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 13/36] ARM: GICv3: enable ITS and LPIs on the host Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 21:29 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 15/36] ARM: introduce vgic_access_guest_memory() Andre Przywara
` (21 subsequent siblings)
35 siblings, 1 reply; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Allow a guest to provide the address and size for the memory regions
it has reserved for the GICv3 pending and property tables.
We sanitise the various fields of the respective redistributor
registers.
The MMIO read and write accesses are protected by locks, to avoid any
changing of the property or pending table address while a redistributor
is live and also to protect the non-atomic vgic_reg64_extract() function
on the MMIO read side.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/vgic-v3.c | 158 +++++++++++++++++++++++++++++++++++++++----
xen/include/asm-arm/domain.h | 5 ++
2 files changed, 151 insertions(+), 12 deletions(-)
diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c
index 6bc3d76..fd6a777 100644
--- a/xen/arch/arm/vgic-v3.c
+++ b/xen/arch/arm/vgic-v3.c
@@ -19,12 +19,14 @@
*/
#include <xen/bitops.h>
+#include <xen/domain_page.h>
#include <xen/lib.h>
#include <xen/init.h>
#include <xen/softirq.h>
#include <xen/irq.h>
#include <xen/sched.h>
#include <xen/sizes.h>
+#include <xen/vmap.h>
#include <asm/current.h>
#include <asm/mmio.h>
#include <asm/gic_v3_defs.h>
@@ -230,12 +232,25 @@ static int __vgic_v3_rdistr_rd_mmio_read(struct vcpu *v, mmio_info_t *info,
goto read_reserved;
case VREG64(GICR_PROPBASER):
- /* LPI's not implemented */
- goto read_as_zero_64;
+ if ( !v->domain->arch.vgic.has_its )
+ goto read_as_zero_64;
+ if ( !vgic_reg64_check_access(dabt) ) goto bad_width;
+
+ vgic_lock(v);
+ *r = vgic_reg64_extract(v->domain->arch.vgic.rdist_propbase, info);
+ vgic_unlock(v);
+ return 1;
case VREG64(GICR_PENDBASER):
- /* LPI's not implemented */
- goto read_as_zero_64;
+ if ( !v->domain->arch.vgic.has_its )
+ goto read_as_zero_64;
+ if ( !vgic_reg64_check_access(dabt) ) goto bad_width;
+
+ spin_lock(&v->arch.vgic.lock);
+ *r = vgic_reg64_extract(v->arch.vgic.rdist_pendbase, info);
+ *r &= ~GICR_PENDBASER_PTZ; /* WO, reads as 0 */
+ spin_unlock(&v->arch.vgic.lock);
+ return 1;
case 0x0080:
goto read_reserved;
@@ -332,11 +347,95 @@ read_unknown:
return 1;
}
+static uint64_t vgic_sanitise_field(uint64_t reg, uint64_t field_mask,
+ int field_shift,
+ uint64_t (*sanitise_fn)(uint64_t))
+{
+ uint64_t field = (reg & field_mask) >> field_shift;
+
+ field = sanitise_fn(field) << field_shift;
+
+ return (reg & ~field_mask) | field;
+}
+
+/* We want to avoid outer shareable. */
+static uint64_t vgic_sanitise_shareability(uint64_t field)
+{
+ switch ( field )
+ {
+ case GIC_BASER_OuterShareable:
+ return GIC_BASER_InnerShareable;
+ default:
+ return field;
+ }
+}
+
+/* Avoid any inner non-cacheable mapping. */
+static uint64_t vgic_sanitise_inner_cacheability(uint64_t field)
+{
+ switch ( field )
+ {
+ case GIC_BASER_CACHE_nCnB:
+ case GIC_BASER_CACHE_nC:
+ return GIC_BASER_CACHE_RaWb;
+ default:
+ return field;
+ }
+}
+
+/* Non-cacheable or same-as-inner are OK. */
+static uint64_t vgic_sanitise_outer_cacheability(uint64_t field)
+{
+ switch ( field )
+ {
+ case GIC_BASER_CACHE_SameAsInner:
+ case GIC_BASER_CACHE_nC:
+ return field;
+ default:
+ return GIC_BASER_CACHE_nC;
+ }
+}
+
+static uint64_t sanitize_propbaser(uint64_t reg)
+{
+ reg = vgic_sanitise_field(reg, GICR_PROPBASER_SHAREABILITY_MASK,
+ GICR_PROPBASER_SHAREABILITY_SHIFT,
+ vgic_sanitise_shareability);
+ reg = vgic_sanitise_field(reg, GICR_PROPBASER_INNER_CACHEABILITY_MASK,
+ GICR_PROPBASER_INNER_CACHEABILITY_SHIFT,
+ vgic_sanitise_inner_cacheability);
+ reg = vgic_sanitise_field(reg, GICR_PROPBASER_OUTER_CACHEABILITY_MASK,
+ GICR_PROPBASER_OUTER_CACHEABILITY_SHIFT,
+ vgic_sanitise_outer_cacheability);
+
+ reg &= ~GICR_PROPBASER_RES0_MASK;
+
+ return reg;
+}
+
+static uint64_t sanitize_pendbaser(uint64_t reg)
+{
+ reg = vgic_sanitise_field(reg, GICR_PENDBASER_SHAREABILITY_MASK,
+ GICR_PENDBASER_SHAREABILITY_SHIFT,
+ vgic_sanitise_shareability);
+ reg = vgic_sanitise_field(reg, GICR_PENDBASER_INNER_CACHEABILITY_MASK,
+ GICR_PENDBASER_INNER_CACHEABILITY_SHIFT,
+ vgic_sanitise_inner_cacheability);
+ reg = vgic_sanitise_field(reg, GICR_PENDBASER_OUTER_CACHEABILITY_MASK,
+ GICR_PENDBASER_OUTER_CACHEABILITY_SHIFT,
+ vgic_sanitise_outer_cacheability);
+
+ reg &= ~GICR_PENDBASER_RES0_MASK;
+
+ return reg;
+}
+
static int __vgic_v3_rdistr_rd_mmio_write(struct vcpu *v, mmio_info_t *info,
uint32_t gicr_reg,
register_t r)
{
struct hsr_dabt dabt = info->dabt;
+ uint64_t reg;
switch ( gicr_reg )
{
@@ -367,36 +466,71 @@ static int __vgic_v3_rdistr_rd_mmio_write(struct vcpu *v, mmio_info_t *info,
goto write_impl_defined;
case VREG64(GICR_SETLPIR):
- /* LPI is not implemented */
+ /* LPIs without an ITS are not implemented */
goto write_ignore_64;
case VREG64(GICR_CLRLPIR):
- /* LPI is not implemented */
+ /* LPIs without an ITS are not implemented */
goto write_ignore_64;
case 0x0050:
goto write_reserved;
case VREG64(GICR_PROPBASER):
- /* LPI is not implemented */
- goto write_ignore_64;
+ if ( !v->domain->arch.vgic.has_its )
+ goto write_ignore_64;
+ if ( !vgic_reg64_check_access(dabt) ) goto bad_width;
+
+ vgic_lock(v);
+
+ /*
+ * Writing PROPBASER with any redistributor having LPIs enabled
+ * is UNPREDICTABLE.
+ */
+ if ( !(v->domain->arch.vgic.rdists_enabled) )
+ {
+ reg = v->domain->arch.vgic.rdist_propbase;
+ vgic_reg64_update(®, r, info);
+ reg = sanitize_propbaser(reg);
+ v->domain->arch.vgic.rdist_propbase = reg;
+ }
+
+ vgic_unlock(v);
+
+ return 1;
case VREG64(GICR_PENDBASER):
- /* LPI is not implemented */
- goto write_ignore_64;
+ if ( !v->domain->arch.vgic.has_its )
+ goto write_ignore_64;
+ if ( !vgic_reg64_check_access(dabt) ) goto bad_width;
+
+ spin_lock(&v->arch.vgic.lock);
+
+ /* Writing PENDBASER with LPIs enabled is UNPREDICTABLE. */
+ if ( !(v->arch.vgic.flags & VGIC_V3_LPIS_ENABLED) )
+ {
+ reg = v->arch.vgic.rdist_pendbase;
+ vgic_reg64_update(®, r, info);
+ reg = sanitize_pendbaser(reg);
+ v->arch.vgic.rdist_pendbase = reg;
+ }
+
+ spin_unlock(&v->arch.vgic.lock);
+
+ return 1;
case 0x0080:
goto write_reserved;
case VREG64(GICR_INVLPIR):
- /* LPI is not implemented */
+ /* LPIs without an ITS are not implemented */
goto write_ignore_64;
case 0x00A8:
goto write_reserved;
case VREG64(GICR_INVALLR):
- /* LPI is not implemented */
+ /* LPIs without an ITS are not implemented */
goto write_ignore_64;
case 0x00B8:
diff --git a/xen/include/asm-arm/domain.h b/xen/include/asm-arm/domain.h
index 583d491..365a4ef 100644
--- a/xen/include/asm-arm/domain.h
+++ b/xen/include/asm-arm/domain.h
@@ -109,10 +109,14 @@ struct arch_domain
} *rdist_regions;
int nr_regions; /* Number of rdist regions */
uint32_t rdist_stride; /* Re-Distributor stride */
+ unsigned long int nr_lpis;
+ uint64_t rdist_propbase;
struct rb_root its_devices; /* Devices mapped to an ITS */
spinlock_t its_devices_lock; /* Protects the its_devices tree */
struct radix_tree_root pend_lpi_tree; /* Stores struct pending_irq's */
rwlock_t pend_lpi_tree_lock; /* Protects the pend_lpi_tree */
+ bool rdists_enabled; /* Is any redistributor enabled? */
+ bool has_its;
#endif
} vgic;
@@ -259,6 +263,7 @@ struct arch_vcpu
/* GICv3: redistributor base and flags for this vCPU */
paddr_t rdist_base;
+ uint64_t rdist_pendbase;
#define VGIC_V3_RDIST_LAST (1 << 0) /* last vCPU of the rdist */
#define VGIC_V3_LPIS_ENABLED (1 << 1)
uint8_t flags;
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 15/36] ARM: introduce vgic_access_guest_memory()
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (13 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 14/36] ARM: vGICv3: handle virtual LPI pending and property tables Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 21:35 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 16/36] ARM: vGICv3: re-use vgic_reg64_check_access Andre Przywara
` (20 subsequent siblings)
35 siblings, 1 reply; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
This function allows to copy a chunk of data from and to guest physical
memory. It looks up the associated page from the guest's p2m tree
and maps this page temporarily for the time of the access.
This function was originally written by Vijaya as part of an earlier series:
https://patchwork.kernel.org/patch/8177251
Signed-off-by: Vijaya Kumar K <Vijaya.Kumar@caviumnetworks.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/vgic.c | 47 ++++++++++++++++++++++++++++++++++++++++++++++
xen/include/asm-arm/vgic.h | 3 +++
2 files changed, 50 insertions(+)
diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
index e6c97b2..5c68fe7 100644
--- a/xen/arch/arm/vgic.c
+++ b/xen/arch/arm/vgic.c
@@ -20,6 +20,7 @@
#include <xen/bitops.h>
#include <xen/lib.h>
#include <xen/init.h>
+#include <xen/domain_page.h>
#include <xen/softirq.h>
#include <xen/irq.h>
#include <xen/sched.h>
@@ -598,6 +599,52 @@ void vgic_free_virq(struct domain *d, unsigned int virq)
}
/*
+ * Temporarily map one physical guest page and copy data to or from it.
+ * The data to be copied cannot cross a page boundary.
+ */
+int vgic_access_guest_memory(struct domain *d, paddr_t gpa, void *buf,
+ uint32_t size, bool_t is_write)
+{
+ struct page_info *page;
+ uint64_t offset;
+ p2m_type_t p2mt;
+ void *p;
+
+ page = get_page_from_gfn(d, paddr_to_pfn(gpa), &p2mt, P2M_ALLOC);
+ if ( !page )
+ {
+ printk(XENLOG_G_ERR "d%d: vITS: Failed to get table entry\n",
+ d->domain_id);
+ return -EINVAL;
+ }
+
+ if ( !p2m_is_ram(p2mt) )
+ {
+ put_page(page);
+ printk(XENLOG_G_ERR "d%d: vITS: memory used by the ITS should be RAM.",
+ d->domain_id);
+ return -EINVAL;
+ }
+
+ p = __map_domain_page(page);
+ /* Offset within the mapped page */
+ offset = gpa & ~PAGE_MASK;
+ /* Do not cross a page boundary. */
+ if ( size > (PAGE_SIZE - offset) )
+ size = PAGE_SIZE - offset;
+
+ if ( is_write )
+ memcpy(p + offset, buf, size);
+ else
+ memcpy(buf, p + offset, size);
+
+ unmap_domain_page(p);
+ put_page(page);
+
+ return 0;
+}
+
+/*
* Local variables:
* mode: C
* c-file-style: "BSD"
diff --git a/xen/include/asm-arm/vgic.h b/xen/include/asm-arm/vgic.h
index 52856ca..967c2be 100644
--- a/xen/include/asm-arm/vgic.h
+++ b/xen/include/asm-arm/vgic.h
@@ -319,6 +319,9 @@ extern void register_vgic_ops(struct domain *d, const struct vgic_ops *ops);
int vgic_v2_init(struct domain *d, int *mmio_count);
int vgic_v3_init(struct domain *d, int *mmio_count);
+int vgic_access_guest_memory(struct domain *d, paddr_t gpa, void *buf,
+ uint32_t size, bool_t is_write);
+
extern int domain_vgic_register(struct domain *d, int *mmio_count);
extern int vcpu_vgic_free(struct vcpu *v);
extern bool vgic_to_sgi(struct vcpu *v, register_t sgir,
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 16/36] ARM: vGICv3: re-use vgic_reg64_check_access
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (14 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 15/36] ARM: introduce vgic_access_guest_memory() Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-09 19:39 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 17/36] ARM: GIC: clear LPI pending bit on cleaning up LR Andre Przywara
` (19 subsequent siblings)
35 siblings, 1 reply; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
vgic_reg64_check_access() checks for a valid access width of a 64-bit
MMIO register, which is useful beyond the current GICv3 emulation only.
Move this function to the vgic-emul.h to be easily reusable.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/vgic-v3.c | 9 ---------
xen/include/asm-arm/vgic-emul.h | 9 +++++++++
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c
index fd6a777..4462b8c 100644
--- a/xen/arch/arm/vgic-v3.c
+++ b/xen/arch/arm/vgic-v3.c
@@ -160,15 +160,6 @@ static void vgic_store_irouter(struct domain *d, struct vgic_irq_rank *rank,
}
}
-static inline bool vgic_reg64_check_access(struct hsr_dabt dabt)
-{
- /*
- * 64 bits registers can be accessible using 32-bit and 64-bit unless
- * stated otherwise (See 8.1.3 ARM IHI 0069A).
- */
- return ( dabt.size == DABT_DOUBLE_WORD || dabt.size == DABT_WORD );
-}
-
static int __vgic_v3_rdistr_rd_mmio_read(struct vcpu *v, mmio_info_t *info,
uint32_t gicr_reg,
register_t *r)
diff --git a/xen/include/asm-arm/vgic-emul.h b/xen/include/asm-arm/vgic-emul.h
index 184a1f0..e52fbaa 100644
--- a/xen/include/asm-arm/vgic-emul.h
+++ b/xen/include/asm-arm/vgic-emul.h
@@ -12,6 +12,15 @@
#define VRANGE32(start, end) start ... end + 3
#define VRANGE64(start, end) start ... end + 7
+/*
+ * 64 bits registers can be accessible using 32-bit and 64-bit unless
+ * stated otherwise (See 8.1.3 ARM IHI 0069A).
+ */
+static inline bool vgic_reg64_check_access(struct hsr_dabt dabt)
+{
+ return ( dabt.size == DABT_DOUBLE_WORD || dabt.size == DABT_WORD );
+}
+
#endif /* __ASM_ARM_VGIC_EMUL_H__ */
/*
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 17/36] ARM: GIC: clear LPI pending bit on cleaning up LR
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (15 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 16/36] ARM: vGICv3: re-use vgic_reg64_check_access Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 17:32 ` [PATCH v6 18/36] ARM: GIC: export vgic_init_pending_irq() Andre Przywara
` (18 subsequent siblings)
35 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/gic.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c
index a6fb927..05ea348 100644
--- a/xen/arch/arm/gic.c
+++ b/xen/arch/arm/gic.c
@@ -514,6 +514,8 @@ static void gic_update_one_lr(struct vcpu *v, int i)
{
gic_hw_ops->clear_lr(i);
clear_bit(i, &this_cpu(lr_mask));
+ if ( is_lpi(irq) )
+ clear_bit(GIC_IRQ_GUEST_LPI_PENDING, &p->status);
if ( p->desc != NULL )
clear_bit(_IRQ_INPROGRESS, &p->desc->status);
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 18/36] ARM: GIC: export vgic_init_pending_irq()
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (16 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 17/36] ARM: GIC: clear LPI pending bit on cleaning up LR Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-09 19:40 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 19/36] ARM: VGIC: add vcpu_id to struct pending_irq Andre Przywara
` (17 subsequent siblings)
35 siblings, 1 reply; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
For LPIs we later want to dynamically allocate struct pending_irqs.
Let's export the vgic_init_pending_irq() to be able to reuse it.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/vgic.c | 2 +-
xen/include/asm-arm/vgic.h | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
index 5c68fe7..1bc3dc7 100644
--- a/xen/arch/arm/vgic.c
+++ b/xen/arch/arm/vgic.c
@@ -61,7 +61,7 @@ struct vgic_irq_rank *vgic_rank_irq(struct vcpu *v, unsigned int irq)
return vgic_get_rank(v, rank);
}
-static void vgic_init_pending_irq(struct pending_irq *p, unsigned int virq)
+void vgic_init_pending_irq(struct pending_irq *p, unsigned int virq)
{
INIT_LIST_HEAD(&p->inflight);
INIT_LIST_HEAD(&p->lr_queue);
diff --git a/xen/include/asm-arm/vgic.h b/xen/include/asm-arm/vgic.h
index 967c2be..86a1a89 100644
--- a/xen/include/asm-arm/vgic.h
+++ b/xen/include/asm-arm/vgic.h
@@ -308,6 +308,7 @@ extern struct vcpu *vgic_get_target_vcpu(struct vcpu *v, unsigned int virq);
extern void vgic_vcpu_inject_irq(struct vcpu *v, unsigned int virq);
extern void vgic_vcpu_inject_spi(struct domain *d, unsigned int virq);
extern void vgic_clear_pending_irqs(struct vcpu *v);
+extern void vgic_init_pending_irq(struct pending_irq *p, unsigned int virq);
extern struct pending_irq *irq_to_pending(struct vcpu *v, unsigned int irq);
extern struct pending_irq *spi_to_pending(struct domain *d, unsigned int irq);
extern struct vgic_irq_rank *vgic_rank_offset(struct vcpu *v, int b, int n, int s);
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 19/36] ARM: VGIC: add vcpu_id to struct pending_irq
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (17 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 18/36] ARM: GIC: export vgic_init_pending_irq() Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 22:11 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 20/36] ARM: vGICv3: add virtual ITS list head and comment about iteration Andre Przywara
` (16 subsequent siblings)
35 siblings, 1 reply; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
The target CPU for an LPI is encoded in the interrupt translation table
entry, so can't be easily derived from just an LPI number (short of
walking *all* tables and find the matching LPI).
To avoid this in case we need to know the VCPU (for the INVALL command,
for instance), put the VCPU ID in the struct pending_irq, so that it is
easily accessible.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/include/asm-arm/vgic.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/xen/include/asm-arm/vgic.h b/xen/include/asm-arm/vgic.h
index 86a1a89..9145b42 100644
--- a/xen/include/asm-arm/vgic.h
+++ b/xen/include/asm-arm/vgic.h
@@ -88,6 +88,9 @@ struct pending_irq
* TODO: when implementing irq migration, taking only the current
* vgic lock is not going to be enough. */
struct list_head lr_queue;
+#ifdef CONFIG_HAS_ITS
+ uint16_t lpi_vcpu_id; /* The VCPU for an LPI. */
+#endif
};
#define NR_INTERRUPT_PER_RANK 32
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 20/36] ARM: vGICv3: add virtual ITS list head and comment about iteration
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (18 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 19/36] ARM: VGIC: add vcpu_id to struct pending_irq Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 17:32 ` [PATCH v6 21/36] ARM: GICv3: prepare for virtual ITS subnodes Andre Przywara
` (15 subsequent siblings)
35 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
To prepare for virtual ITS support, add a list head to struct domain's
vgic fields to be later able to walk over all instantiated virtual
ITSes.
Also add a comment explaining what to expect from
vgic_v3_its_init_domain().
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/vgic-v3.c | 4 ++++
xen/include/asm-arm/domain.h | 1 +
2 files changed, 5 insertions(+)
diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c
index 4462b8c..7b086b9 100644
--- a/xen/arch/arm/vgic-v3.c
+++ b/xen/arch/arm/vgic-v3.c
@@ -1627,6 +1627,10 @@ static int vgic_v3_domain_init(struct domain *d)
d->arch.vgic.rdist_regions[0].first_cpu = 0;
}
+ /*
+ * For a hardware domain, this will iterate over the host ITSes
+ * and maps one virtual ITS per host ITS at the same address.
+ */
ret = vgic_v3_its_init_domain(d);
if ( ret )
return ret;
diff --git a/xen/include/asm-arm/domain.h b/xen/include/asm-arm/domain.h
index 365a4ef..bf4dd07 100644
--- a/xen/include/asm-arm/domain.h
+++ b/xen/include/asm-arm/domain.h
@@ -115,6 +115,7 @@ struct arch_domain
spinlock_t its_devices_lock; /* Protects the its_devices tree */
struct radix_tree_root pend_lpi_tree; /* Stores struct pending_irq's */
rwlock_t pend_lpi_tree_lock; /* Protects the pend_lpi_tree */
+ struct list_head vits_list; /* List of virtual ITSes */
bool rdists_enabled; /* Is any redistributor enabled? */
bool has_its;
#endif
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 21/36] ARM: GICv3: prepare for virtual ITS subnodes
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (19 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 20/36] ARM: vGICv3: add virtual ITS list head and comment about iteration Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 22:59 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 22/36] ARM: vGIC: advertise LPI support Andre Przywara
` (14 subsequent siblings)
35 siblings, 1 reply; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
When creating the device tree for a domain using an emulated GICv3,
we will later need to add the respective ITS subnodes as well.
Prepare a stub function to be later filled with the actual code.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/gic-v3.c | 4 +++-
xen/include/asm-arm/gic_v3_its.h | 8 ++++++++
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
index 54fbb19..2fbcf52 100644
--- a/xen/arch/arm/gic-v3.c
+++ b/xen/arch/arm/gic-v3.c
@@ -1172,8 +1172,10 @@ static int gicv3_make_hwdom_dt_node(const struct domain *d,
res = fdt_property(fdt, "reg", new_cells, len);
xfree(new_cells);
+ if ( res )
+ return res;
- return res;
+ return gicv3_its_make_dt_nodes(NULL, d, gic, fdt);
}
static const hw_irq_controller gicv3_host_irq_type = {
diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
index 7470779..09c7117 100644
--- a/xen/include/asm-arm/gic_v3_its.h
+++ b/xen/include/asm-arm/gic_v3_its.h
@@ -220,6 +220,14 @@ static inline void vgic_v3_its_free_domain(struct domain *d)
#endif /* CONFIG_HAS_ITS */
+static inline int gicv3_its_make_dt_nodes(struct list_head *its_list,
+ const struct domain *d,
+ const struct dt_device_node *gic,
+ void *fdt)
+{
+ return 0;
+}
+
#endif
/*
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 22/36] ARM: vGIC: advertise LPI support
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (20 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 21/36] ARM: GICv3: prepare for virtual ITS subnodes Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-09 19:37 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 23/36] ARM: vGICv3: handle disabled LPIs Andre Przywara
` (13 subsequent siblings)
35 siblings, 1 reply; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
To let a guest know about the availability of virtual LPIs, set the
respective bits in the virtual GIC registers and let a guest control
the LPI enable bit.
Only report the LPI capability if the host has initialized at least
one ITS.
This removes a "TBD" comment, as we now populate the processor number
in the GICR_TYPE register.
Advertise 24 bits worth of LPIs to the guest.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/vgic-v3.c | 59 +++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 54 insertions(+), 5 deletions(-)
diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c
index 7b086b9..1c1d014 100644
--- a/xen/arch/arm/vgic-v3.c
+++ b/xen/arch/arm/vgic-v3.c
@@ -169,8 +169,15 @@ static int __vgic_v3_rdistr_rd_mmio_read(struct vcpu *v, mmio_info_t *info,
switch ( gicr_reg )
{
case VREG32(GICR_CTLR):
- /* We have not implemented LPI's, read zero */
- goto read_as_zero_32;
+ if ( !v->domain->arch.vgic.has_its )
+ goto read_as_zero_32;
+ if ( dabt.size != DABT_WORD ) goto bad_width;
+
+ spin_lock(&v->arch.vgic.lock);
+ *r = vgic_reg32_extract(!!(v->arch.vgic.flags & VGIC_V3_LPIS_ENABLED),
+ info);
+ spin_unlock(&v->arch.vgic.lock);
+ return 1;
case VREG32(GICR_IIDR):
if ( dabt.size != DABT_WORD ) goto bad_width;
@@ -182,16 +189,20 @@ static int __vgic_v3_rdistr_rd_mmio_read(struct vcpu *v, mmio_info_t *info,
uint64_t typer, aff;
if ( !vgic_reg64_check_access(dabt) ) goto bad_width;
- /* TBD: Update processor id in [23:8] when ITS support is added */
aff = (MPIDR_AFFINITY_LEVEL(v->arch.vmpidr, 3) << 56 |
MPIDR_AFFINITY_LEVEL(v->arch.vmpidr, 2) << 48 |
MPIDR_AFFINITY_LEVEL(v->arch.vmpidr, 1) << 40 |
MPIDR_AFFINITY_LEVEL(v->arch.vmpidr, 0) << 32);
typer = aff;
+ /* We use the VCPU ID as the redistributor ID in bits[23:8] */
+ typer |= (v->vcpu_id & 0xffff) << 8;
if ( v->arch.vgic.flags & VGIC_V3_RDIST_LAST )
typer |= GICR_TYPER_LAST;
+ if ( v->domain->arch.vgic.has_its )
+ typer |= GICR_TYPER_PLPIS;
+
*r = vgic_reg64_extract(typer, info);
return 1;
@@ -421,6 +432,25 @@ static uint64_t sanitize_pendbaser(uint64_t reg)
return reg;
}
+static void vgic_vcpu_enable_lpis(struct vcpu *v)
+{
+ uint64_t reg = v->domain->arch.vgic.rdist_propbase;
+ unsigned int nr_lpis = BIT((reg & 0x1f) + 1);
+
+ if ( nr_lpis < LPI_OFFSET )
+ nr_lpis = 0;
+ else
+ nr_lpis -= LPI_OFFSET;
+
+ if ( !v->domain->arch.vgic.rdists_enabled )
+ {
+ v->domain->arch.vgic.nr_lpis = nr_lpis;
+ v->domain->arch.vgic.rdists_enabled = true;
+ }
+
+ v->arch.vgic.flags |= VGIC_V3_LPIS_ENABLED;
+}
+
static int __vgic_v3_rdistr_rd_mmio_write(struct vcpu *v, mmio_info_t *info,
uint32_t gicr_reg,
register_t r)
@@ -431,8 +461,22 @@ static int __vgic_v3_rdistr_rd_mmio_write(struct vcpu *v, mmio_info_t *info,
switch ( gicr_reg )
{
case VREG32(GICR_CTLR):
- /* LPI's not implemented */
- goto write_ignore_32;
+ if ( !v->domain->arch.vgic.has_its )
+ goto write_ignore_32;
+ if ( dabt.size != DABT_WORD ) goto bad_width;
+
+ vgic_lock(v); /* protects rdists_enabled */
+ spin_lock(&v->arch.vgic.lock);
+
+ /* LPIs can only be enabled once, but never disabled again. */
+ if ( (r & GICR_CTLR_ENABLE_LPIS) &&
+ !(v->arch.vgic.flags & VGIC_V3_LPIS_ENABLED) )
+ vgic_vcpu_enable_lpis(v);
+
+ spin_unlock(&v->arch.vgic.lock);
+ vgic_unlock(v);
+
+ return 1;
case VREG32(GICR_IIDR):
/* RO */
@@ -1049,6 +1093,11 @@ static int vgic_v3_distr_mmio_read(struct vcpu *v, mmio_info_t *info,
typer = ((ncpus - 1) << GICD_TYPE_CPUS_SHIFT |
DIV_ROUND_UP(v->domain->arch.vgic.nr_spis, 32));
+ if ( v->domain->arch.vgic.has_its )
+ {
+ typer |= GICD_TYPE_LPIS;
+ irq_bits = 24;
+ }
typer |= (irq_bits - 1) << GICD_TYPE_ID_BITS_SHIFT;
*r = vgic_reg32_extract(typer, info);
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 23/36] ARM: vGICv3: handle disabled LPIs
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (21 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 22/36] ARM: vGIC: advertise LPI support Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 17:32 ` [PATCH v6 24/36] ARM: vITS: add command handling stub and MMIO emulation Andre Przywara
` (12 subsequent siblings)
35 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
If a guest disables an LPI, we do not forward this to the associated
host LPI to avoid queueing commands to the host ITS command queue.
So it may happen that an LPI fires nevertheless on the host. In this
case we can bail out early, but have to save the pending state on the
virtual side. We do this by storing the pending bit in struct
pending_irq, which is associated with mapped LPIs.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/gic-v3-lpi.c | 35 ++++++++++++++++++++++++++++++++++-
1 file changed, 34 insertions(+), 1 deletion(-)
diff --git a/xen/arch/arm/gic-v3-lpi.c b/xen/arch/arm/gic-v3-lpi.c
index 5f3fe2c..a670f73 100644
--- a/xen/arch/arm/gic-v3-lpi.c
+++ b/xen/arch/arm/gic-v3-lpi.c
@@ -137,6 +137,31 @@ uint64_t gicv3_get_redist_address(unsigned int cpu, bool use_pta)
}
/*
+ * TODO: Investigate what to do here for potential interrupt storms.
+ * For disabling LPIs we would need to queue a ITS host command, which
+ * we avoid so far during a guest's runtime. Also re-enabling would
+ * trigger a host command upon the guest sending a command, which could
+ * be an attack vector for hogging the host command queue.
+ * See the thread around here for some background:
+ * https://lists.xen.org/archives/html/xen-devel/2016-12/msg00003.html
+ */
+static bool vgic_can_inject_lpi(struct vcpu *vcpu, uint32_t vlpi)
+{
+ struct pending_irq *p;
+
+ p = vcpu->domain->arch.vgic.handler->lpi_to_pending(vcpu->domain, vlpi);
+ if ( !p )
+ return false;
+
+ if ( test_bit(GIC_IRQ_GUEST_ENABLED, &p->status) )
+ return true;
+
+ set_bit(GIC_IRQ_GUEST_LPI_PENDING, &p->status);
+
+ return false;
+}
+
+/*
* Handle incoming LPIs, which are a bit special, because they are potentially
* numerous and also only get injected into guests. Treat them specially here,
* by just looking up their target vCPU and virtual LPI number and hand it
@@ -187,7 +212,15 @@ void gicv3_do_LPI(unsigned int lpi)
/* Check if the VCPU is ready to receive LPIs. */
if ( vcpu->arch.vgic.flags & VGIC_V3_LPIS_ENABLED )
- vgic_vcpu_inject_irq(vcpu, hlpi.virt_lpi);
+ {
+ /*
+ * We keep all host LPIs enabled, so check if it's disabled on the
+ * guest side and just record this LPI in the virtual pending table
+ * in this case. The guest picks it up once it gets enabled again.
+ */
+ if ( vgic_can_inject_lpi(vcpu, hlpi.virt_lpi) )
+ vgic_vcpu_inject_irq(vcpu, hlpi.virt_lpi);
+ }
rcu_unlock_domain(d);
}
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 24/36] ARM: vITS: add command handling stub and MMIO emulation
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (22 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 23/36] ARM: vGICv3: handle disabled LPIs Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-09 20:16 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 25/36] ARM: vITS: introduce translation table walks Andre Przywara
` (11 subsequent siblings)
35 siblings, 1 reply; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Emulate the memory mapped ITS registers and provide a stub to introduce
the ITS command handling framework (but without actually emulating any
commands at this time).
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/vgic-v3-its.c | 512 +++++++++++++++++++++++++++++++++++++++
xen/include/asm-arm/gic_v3_its.h | 3 +
2 files changed, 515 insertions(+)
diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
index 065ffe2..a171a3b 100644
--- a/xen/arch/arm/vgic-v3-its.c
+++ b/xen/arch/arm/vgic-v3-its.c
@@ -67,6 +67,9 @@ struct vits_itte
uint16_t pad;
};
+#define GITS_BASER_RO_MASK (GITS_BASER_TYPE_MASK | \
+ (31UL << GITS_BASER_ENTRY_SIZE_SHIFT))
+
int vgic_v3_its_init_domain(struct domain *d)
{
spin_lock_init(&d->arch.vgic.its_devices_lock);
@@ -80,6 +83,515 @@ void vgic_v3_its_free_domain(struct domain *d)
ASSERT(RB_EMPTY_ROOT(&d->arch.vgic.its_devices));
}
+/**************************************
+ * Functions that handle ITS commands *
+ **************************************/
+
+static uint64_t its_cmd_mask_field(uint64_t *its_cmd, unsigned int word,
+ unsigned int shift, unsigned int size)
+{
+ return (le64_to_cpu(its_cmd[word]) >> shift) & (BIT(size) - 1);
+}
+
+#define its_cmd_get_command(cmd) its_cmd_mask_field(cmd, 0, 0, 8)
+#define its_cmd_get_deviceid(cmd) its_cmd_mask_field(cmd, 0, 32, 32)
+#define its_cmd_get_size(cmd) its_cmd_mask_field(cmd, 1, 0, 5)
+#define its_cmd_get_id(cmd) its_cmd_mask_field(cmd, 1, 0, 32)
+#define its_cmd_get_physical_id(cmd) its_cmd_mask_field(cmd, 1, 32, 32)
+#define its_cmd_get_collection(cmd) its_cmd_mask_field(cmd, 2, 0, 16)
+#define its_cmd_get_target_addr(cmd) its_cmd_mask_field(cmd, 2, 16, 32)
+#define its_cmd_get_validbit(cmd) its_cmd_mask_field(cmd, 2, 63, 1)
+#define its_cmd_get_ittaddr(cmd) (its_cmd_mask_field(cmd, 2, 8, 44) << 8)
+
+#define ITS_CMD_BUFFER_SIZE(baser) ((((baser) & 0xff) + 1) << 12)
+
+/*
+ * Requires the vcmd_lock to be held.
+ * TODO: Investigate whether we can be smarter here and don't need to hold
+ * the lock all of the time.
+ */
+static int vgic_its_handle_cmds(struct domain *d, struct virt_its *its)
+{
+ paddr_t addr = its->cbaser & GENMASK(51, 12);
+ uint64_t command[4];
+ uint64_t creadr = its->creadr;
+
+ ASSERT(spin_is_locked(&its->vcmd_lock));
+
+ if ( its->cwriter >= ITS_CMD_BUFFER_SIZE(its->cbaser) )
+ return -1;
+
+ while ( creadr != its->cwriter )
+ {
+ int ret;
+
+ ret = vgic_access_guest_memory(d, addr + creadr,
+ command, sizeof(command), false);
+ if ( ret )
+ return ret;
+
+ switch ( its_cmd_get_command(command) )
+ {
+ case GITS_CMD_SYNC:
+ /* We handle ITS commands synchronously, so we ignore SYNC. */
+ break;
+ default:
+ gdprintk(XENLOG_WARNING, "ITS: unhandled ITS command %lu\n",
+ its_cmd_get_command(command));
+ break;
+ }
+
+ creadr += ITS_CMD_SIZE;
+ if ( creadr == ITS_CMD_BUFFER_SIZE(its->cbaser) )
+ creadr = 0;
+ its->creadr = creadr; /* allow the guest to see the progress */
+
+ if ( ret )
+ gdprintk(XENLOG_WARNING,
+ "ITS: ITS command error %d while handling command %lu\n",
+ ret, its_cmd_get_command(command));
+ }
+
+ return 0;
+}
+
+/*****************************
+ * ITS registers read access *
+ *****************************/
+
+/* Identifying as an ARM IP, using "X" as the product ID. */
+#define GITS_IIDR_VALUE 0x5800034c
+
+static int vgic_v3_its_mmio_read(struct vcpu *v, mmio_info_t *info,
+ register_t *r, void *priv)
+{
+ struct virt_its *its = priv;
+ uint64_t reg;
+
+ switch ( info->gpa & 0xffff )
+ {
+ case VREG32(GITS_CTLR):
+ {
+ /*
+ * We try to avoid waiting for the command queue lock and report
+ * non-quiescent if that lock is already taken.
+ */
+ bool have_cmd_lock;
+
+ if ( info->dabt.size != DABT_WORD ) goto bad_width;
+
+ have_cmd_lock = spin_trylock(&its->vcmd_lock);
+ spin_lock(&its->its_lock);
+ if ( its->enabled )
+ reg = GITS_CTLR_ENABLE;
+ else
+ reg = 0;
+
+ if ( have_cmd_lock && its->cwriter == its->creadr )
+ reg |= GITS_CTLR_QUIESCENT;
+
+ spin_unlock(&its->its_lock);
+ if ( have_cmd_lock )
+ spin_unlock(&its->vcmd_lock);
+
+ *r = vgic_reg32_extract(reg, info);
+ break;
+ }
+ case VREG32(GITS_IIDR):
+ if ( info->dabt.size != DABT_WORD ) goto bad_width;
+ *r = vgic_reg32_extract(GITS_IIDR_VALUE, info);
+ break;
+ case VREG64(GITS_TYPER):
+ if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
+
+ reg = GITS_TYPER_PHYSICAL;
+ reg |= (sizeof(struct vits_itte) - 1) << GITS_TYPER_ITT_SIZE_SHIFT;
+ reg |= (its->intid_bits - 1) << GITS_TYPER_IDBITS_SHIFT;
+ reg |= (its->devid_bits - 1) << GITS_TYPER_DEVIDS_SHIFT;
+ *r = vgic_reg64_extract(reg, info);
+ break;
+ case 0x0018 ... 0x001c:
+ goto read_reserved;
+ case 0x0020 ... 0x003c:
+ goto read_impl_defined;
+ case 0x0040 ... 0x007c:
+ goto read_reserved;
+ case VREG64(GITS_CBASER):
+ if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
+ spin_lock(&its->its_lock);
+ *r = vgic_reg64_extract(its->cbaser, info);
+ spin_unlock(&its->its_lock);
+ break;
+ case VREG64(GITS_CWRITER):
+ if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
+
+ reg = its->cwriter;
+ *r = vgic_reg64_extract(reg, info);
+ break;
+ case VREG64(GITS_CREADR):
+ if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
+
+ reg = its->creadr;
+ *r = vgic_reg64_extract(reg, info);
+ break;
+ case 0x0098 ... 0x00fc:
+ goto read_reserved;
+ case VREG64(GITS_BASER0): /* device table */
+ if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
+ spin_lock(&its->its_lock);
+ *r = vgic_reg64_extract(its->baser_dev, info);
+ spin_unlock(&its->its_lock);
+ break;
+ case VREG64(GITS_BASER1): /* collection table */
+ if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
+ spin_lock(&its->its_lock);
+ *r = vgic_reg64_extract(its->baser_coll, info);
+ spin_unlock(&its->its_lock);
+ break;
+ case VRANGE64(GITS_BASER2, GITS_BASER7):
+ goto read_as_zero_64;
+ case 0x0140 ... 0xbffc:
+ goto read_reserved;
+ case 0xc000 ... 0xffcc:
+ goto read_impl_defined;
+ case 0xffd0 ... 0xffe4:
+ goto read_as_zero_64;
+ case VREG32(GITS_PIDR2):
+ if ( info->dabt.size != DABT_WORD ) goto bad_width;
+ *r = vgic_reg32_extract(GIC_PIDR2_ARCH_GICv3, info);
+ break;
+ case 0xffec ... 0xfffc:
+ goto read_as_zero_64;
+ }
+
+ return 1;
+
+read_as_zero_64:
+ if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
+ *r = 0;
+
+ return 1;
+
+read_impl_defined:
+ printk(XENLOG_G_DEBUG
+ "%pv: vGITS: RAZ on implementation defined register offset %#04lx\n",
+ v, info->gpa & 0xffff);
+ *r = 0;
+ return 1;
+
+read_reserved:
+ printk(XENLOG_G_DEBUG
+ "%pv: vGITS: RAZ on reserved register offset %#04lx\n",
+ v, info->gpa & 0xffff);
+ *r = 0;
+ return 1;
+
+bad_width:
+ printk(XENLOG_G_ERR "vGIIS: bad read width %d r%d offset %#04lx\n",
+ info->dabt.size, info->dabt.reg, (unsigned long)info->gpa & 0xffff);
+ domain_crash_synchronous();
+
+ return 0;
+}
+
+/******************************
+ * ITS registers write access *
+ ******************************/
+
+static unsigned int its_baser_table_size(uint64_t baser)
+{
+ unsigned int ret, page_size[4] = {SZ_4K, SZ_16K, SZ_64K, SZ_64K};
+
+ ret = page_size[(baser >> GITS_BASER_PAGE_SIZE_SHIFT) & 3];
+
+ return ret * ((baser & GITS_BASER_SIZE_MASK) + 1);
+}
+
+static unsigned int its_baser_nr_entries(uint64_t baser)
+{
+ int entry_size = GITS_BASER_ENTRY_SIZE(baser);
+
+ return its_baser_table_size(baser) / entry_size;
+}
+
+/* Must be called with the ITS lock held. */
+static bool vgic_v3_verify_its_status(struct virt_its *its, bool status)
+{
+ ASSERT(spin_is_locked(&its->its_lock));
+
+ if ( !status )
+ return false;
+
+ if ( !(its->cbaser & GITS_VALID_BIT) ||
+ !(its->baser_dev & GITS_VALID_BIT) ||
+ !(its->baser_coll & GITS_VALID_BIT) )
+ {
+ printk(XENLOG_G_WARNING "d%d tried to enable ITS without having the tables configured.\n",
+ its->d->domain_id);
+ return false;
+ }
+
+ return true;
+}
+
+static void sanitize_its_base_reg(uint64_t *reg)
+{
+ uint64_t r = *reg;
+
+ /* Avoid outer shareable. */
+ switch ( (r >> GITS_BASER_SHAREABILITY_SHIFT) & 0x03 )
+ {
+ case GIC_BASER_OuterShareable:
+ r = r & ~GITS_BASER_SHAREABILITY_MASK;
+ r |= GIC_BASER_InnerShareable << GITS_BASER_SHAREABILITY_SHIFT;
+ break;
+ default:
+ break;
+ }
+
+ /* Avoid any inner non-cacheable mapping. */
+ switch ( (r >> GITS_BASER_INNER_CACHEABILITY_SHIFT) & 0x07 )
+ {
+ case GIC_BASER_CACHE_nCnB:
+ case GIC_BASER_CACHE_nC:
+ r = r & ~GITS_BASER_INNER_CACHEABILITY_MASK;
+ r |= GIC_BASER_CACHE_RaWb << GITS_BASER_INNER_CACHEABILITY_SHIFT;
+ break;
+ default:
+ break;
+ }
+
+ /* Only allow non-cacheable or same-as-inner. */
+ switch ( (r >> GITS_BASER_OUTER_CACHEABILITY_SHIFT) & 0x07 )
+ {
+ case GIC_BASER_CACHE_SameAsInner:
+ case GIC_BASER_CACHE_nC:
+ break;
+ default:
+ r = r & ~GITS_BASER_OUTER_CACHEABILITY_MASK;
+ r |= GIC_BASER_CACHE_nC << GITS_BASER_OUTER_CACHEABILITY_SHIFT;
+ break;
+ }
+
+ *reg = r;
+}
+
+static int vgic_v3_its_mmio_write(struct vcpu *v, mmio_info_t *info,
+ register_t r, void *priv)
+{
+ struct domain *d = v->domain;
+ struct virt_its *its = priv;
+ uint64_t reg;
+ uint32_t reg32;
+
+ switch ( info->gpa & 0xffff )
+ {
+ case VREG32(GITS_CTLR):
+ {
+ uint32_t ctlr;
+
+ if ( info->dabt.size != DABT_WORD ) goto bad_width;
+
+ /*
+ * We need to take the vcmd_lock to prevent a guest from disabling
+ * the ITS while commands are still processed.
+ */
+ spin_lock(&its->vcmd_lock);
+ spin_lock(&its->its_lock);
+ ctlr = its->enabled ? GITS_CTLR_ENABLE : 0;
+ reg32 = ctlr;
+ vgic_reg32_update(®32, r, info);
+
+ if ( ctlr ^ reg32 )
+ its->enabled = vgic_v3_verify_its_status(its,
+ reg32 & GITS_CTLR_ENABLE);
+ spin_unlock(&its->its_lock);
+ spin_unlock(&its->vcmd_lock);
+ return 1;
+ }
+
+ case VREG32(GITS_IIDR):
+ goto write_ignore_32;
+ case VREG32(GITS_TYPER):
+ goto write_ignore_32;
+ case 0x0018 ... 0x001c:
+ goto write_reserved;
+ case 0x0020 ... 0x003c:
+ goto write_impl_defined;
+ case 0x0040 ... 0x007c:
+ goto write_reserved;
+ case VREG64(GITS_CBASER):
+ if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
+
+ spin_lock(&its->vcmd_lock);
+ spin_lock(&its->its_lock);
+ /* Changing base registers with the ITS enabled is UNPREDICTABLE. */
+ if ( its->enabled )
+ {
+ spin_unlock(&its->its_lock);
+ spin_unlock(&its->vcmd_lock);
+ gdprintk(XENLOG_WARNING,
+ "ITS: tried to change CBASER with the ITS enabled.\n");
+ return 1;
+ }
+
+ reg = its->cbaser;
+ vgic_reg64_update(®, r, info);
+ sanitize_its_base_reg(®);
+
+ its->cbaser = reg;
+ its->creadr = 0;
+ spin_unlock(&its->its_lock);
+ spin_unlock(&its->vcmd_lock);
+
+ return 1;
+
+ case VREG64(GITS_CWRITER):
+ if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
+
+ spin_lock(&its->vcmd_lock);
+ reg = its->cwriter & 0xfffe0;
+ vgic_reg64_update(®, r, info);
+ its->cwriter = reg & 0xfffe0;
+
+ if ( its->enabled )
+ {
+ int ret = vgic_its_handle_cmds(d, its);
+
+ if ( ret )
+ printk(XENLOG_G_WARNING "error handling ITS commands\n");
+ }
+ spin_unlock(&its->vcmd_lock);
+
+ return 1;
+
+ case VREG64(GITS_CREADR):
+ goto write_ignore_64;
+
+ case 0x0098 ... 0x00fc:
+ goto write_reserved;
+ case VREG64(GITS_BASER0): /* device table */
+ if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
+
+ spin_lock(&its->its_lock);
+
+ /*
+ * Changing base registers with the ITS enabled is UNPREDICTABLE,
+ * we choose to ignore it, but warn.
+ */
+ if ( its->enabled )
+ {
+ spin_unlock(&its->its_lock);
+ gdprintk(XENLOG_WARNING, "ITS: tried to change BASER with the ITS enabled.\n");
+
+ return 1;
+ }
+
+ reg = its->baser_dev;
+ vgic_reg64_update(®, r, info);
+
+ /* We don't support indirect tables for now. */
+ reg &= ~(GITS_BASER_RO_MASK | GITS_BASER_INDIRECT);
+ reg |= (sizeof(uint64_t) - 1) << GITS_BASER_ENTRY_SIZE_SHIFT;
+ reg |= GITS_BASER_TYPE_DEVICE << GITS_BASER_TYPE_SHIFT;
+ sanitize_its_base_reg(®);
+
+ if ( reg & GITS_VALID_BIT )
+ {
+ its->max_devices = its_baser_nr_entries(reg);
+ if ( its->max_devices > BIT(its->devid_bits) )
+ its->max_devices = BIT(its->devid_bits);
+ }
+ else
+ its->max_devices = 0;
+
+ its->baser_dev = reg;
+ spin_unlock(&its->its_lock);
+ return 1;
+ case VREG64(GITS_BASER1): /* collection table */
+ if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
+
+ spin_lock(&its->its_lock);
+ /*
+ * Changing base registers with the ITS enabled is UNPREDICTABLE,
+ * we choose to ignore it, but warn.
+ */
+ if ( its->enabled )
+ {
+ spin_unlock(&its->its_lock);
+ gdprintk(XENLOG_INFO, "ITS: tried to change BASER with the ITS enabled.\n");
+ return 1;
+ }
+
+ reg = its->baser_coll;
+ vgic_reg64_update(®, r, info);
+ /* No indirect tables for the collection table. */
+ reg &= ~(GITS_BASER_RO_MASK | GITS_BASER_INDIRECT);
+ reg |= (sizeof(uint16_t) - 1) << GITS_BASER_ENTRY_SIZE_SHIFT;
+ reg |= GITS_BASER_TYPE_COLLECTION << GITS_BASER_TYPE_SHIFT;
+ sanitize_its_base_reg(®);
+
+ if ( reg & GITS_VALID_BIT )
+ its->max_collections = its_baser_nr_entries(reg);
+ else
+ its->max_collections = 0;
+ its->baser_coll = reg;
+ spin_unlock(&its->its_lock);
+ return 1;
+ case VRANGE64(GITS_BASER2, GITS_BASER7):
+ goto write_ignore_64;
+ case 0x0140 ... 0xbffc:
+ goto write_reserved;
+ case 0xc000 ... 0xffcc:
+ goto write_impl_defined;
+ case 0xffd0 ... 0xffe4: /* IMPDEF identification registers */
+ goto write_impl_defined;
+ case VREG32(GITS_PIDR2):
+ goto write_ignore_32;
+ case 0xffec ... 0xfffc: /* IMPDEF identification registers */
+ goto write_impl_defined;
+ default:
+ gdprintk(XENLOG_G_WARNING, "ITS: unhandled ITS register 0x%lx\n",
+ info->gpa & 0xffff);
+ return 0;
+ }
+
+ return 1;
+
+write_ignore_64:
+ if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
+ return 1;
+
+write_ignore_32:
+ if ( info->dabt.size != DABT_WORD ) goto bad_width;
+ return 1;
+
+write_impl_defined:
+ printk(XENLOG_G_DEBUG
+ "%pv: vGITS: WI on implementation defined register offset %#04lx\n",
+ v, info->gpa & 0xffff);
+ return 1;
+
+write_reserved:
+ printk(XENLOG_G_DEBUG
+ "%pv: vGITS: WI on implementation defined register offset %#04lx\n",
+ v, info->gpa & 0xffff);
+ return 1;
+
+bad_width:
+ printk(XENLOG_G_ERR "vGITS: bad write width %d r%d offset %#08lx\n",
+ info->dabt.size, info->dabt.reg, (unsigned long)info->gpa & 0xffff);
+
+ domain_crash_synchronous();
+
+ return 0;
+}
+
+static const struct mmio_handler_ops vgic_its_mmio_handler = {
+ .read = vgic_v3_its_mmio_read,
+ .write = vgic_v3_its_mmio_write,
+};
+
/*
* Local variables:
* mode: C
diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
index 09c7117..ea574c4 100644
--- a/xen/include/asm-arm/gic_v3_its.h
+++ b/xen/include/asm-arm/gic_v3_its.h
@@ -35,6 +35,7 @@
#define GITS_BASER5 0x128
#define GITS_BASER6 0x130
#define GITS_BASER7 0x138
+#define GITS_PIDR2 GICR_PIDR2
/* Register bits */
#define GITS_VALID_BIT BIT(63)
@@ -57,6 +58,7 @@
#define GITS_TYPER_ITT_SIZE_MASK (0xfUL << GITS_TYPER_ITT_SIZE_SHIFT)
#define GITS_TYPER_ITT_SIZE(r) ((((r) & GITS_TYPER_ITT_SIZE_MASK) >> \
GITS_TYPER_ITT_SIZE_SHIFT) + 1)
+#define GITS_TYPER_PHYSICAL (1U << 0)
#define GITS_BASER_INDIRECT BIT(62)
#define GITS_BASER_INNER_CACHEABILITY_SHIFT 59
@@ -76,6 +78,7 @@
(((reg >> GITS_BASER_ENTRY_SIZE_SHIFT) & 0x1f) + 1)
#define GITS_BASER_SHAREABILITY_SHIFT 10
#define GITS_BASER_PAGE_SIZE_SHIFT 8
+#define GITS_BASER_SIZE_MASK 0xff
#define GITS_BASER_SHAREABILITY_MASK (0x3ULL << GITS_BASER_SHAREABILITY_SHIFT)
#define GITS_BASER_OUTER_CACHEABILITY_MASK (0x7ULL << GITS_BASER_OUTER_CACHEABILITY_SHIFT)
#define GITS_BASER_INNER_CACHEABILITY_MASK (0x7ULL << GITS_BASER_INNER_CACHEABILITY_SHIFT)
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 25/36] ARM: vITS: introduce translation table walks
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (23 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 24/36] ARM: vITS: add command handling stub and MMIO emulation Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 17:32 ` [PATCH v6 26/36] ARM: vITS: handle CLEAR command Andre Przywara
` (10 subsequent siblings)
35 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
The ITS stores the target (v)CPU and the (virtual) LPI number in tables.
Introduce functions to walk those tables and translate an device ID -
event ID pair into a pair of virtual LPI and vCPU.
We map those tables on demand - which is cheap on arm64 - and copy the
respective entries before using them, to avoid the guest tampering with
them meanwhile.
To allow compiling without warnings, we declare two functions as
non-static for the moment, which two later patches will fix.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/vgic-v3-its.c | 179 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 179 insertions(+)
diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
index a171a3b..0fb67d2 100644
--- a/xen/arch/arm/vgic-v3-its.c
+++ b/xen/arch/arm/vgic-v3-its.c
@@ -67,6 +67,7 @@ struct vits_itte
uint16_t pad;
};
+#define UNMAPPED_COLLECTION ((uint16_t)~0)
#define GITS_BASER_RO_MASK (GITS_BASER_TYPE_MASK | \
(31UL << GITS_BASER_ENTRY_SIZE_SHIFT))
@@ -83,6 +84,184 @@ void vgic_v3_its_free_domain(struct domain *d)
ASSERT(RB_EMPTY_ROOT(&d->arch.vgic.its_devices));
}
+/*
+ * The physical address is encoded slightly differently depending on
+ * the used page size: the highest four bits are stored in the lowest
+ * four bits of the field for 64K pages.
+ */
+static paddr_t get_baser_phys_addr(uint64_t reg)
+{
+ if ( reg & BIT(9) )
+ return (reg & GENMASK(47, 16)) |
+ ((reg & GENMASK(15, 12)) << 36);
+ else
+ return reg & GENMASK(47, 12);
+}
+
+/* Must be called with the ITS lock held. */
+static struct vcpu *get_vcpu_from_collection(struct virt_its *its,
+ uint16_t collid)
+{
+ paddr_t addr = get_baser_phys_addr(its->baser_coll);
+ uint16_t vcpu_id;
+ int ret;
+
+ ASSERT(spin_is_locked(&its->its_lock));
+
+ if ( collid >= its->max_collections )
+ return NULL;
+
+ ret = vgic_access_guest_memory(its->d, addr + collid * sizeof(uint16_t),
+ &vcpu_id, sizeof(vcpu_id), false);
+ if ( ret )
+ return NULL;
+
+ if ( vcpu_id == UNMAPPED_COLLECTION || vcpu_id >= its->d->max_vcpus )
+ return NULL;
+
+ return its->d->vcpu[vcpu_id];
+}
+
+/*
+ * Our device table encodings:
+ * Contains the guest physical address of the Interrupt Translation Table in
+ * bits [51:8], and the size of it is encoded as the number of bits minus one
+ * in the lowest 8 bits of the word.
+ */
+#define DEV_TABLE_ITT_ADDR(x) ((x) & GENMASK(51, 8))
+#define DEV_TABLE_ITT_SIZE(x) (BIT(((x) & GENMASK(7, 0)) + 1))
+#define DEV_TABLE_ENTRY(addr, bits) \
+ (((addr) & GENMASK(51, 8)) | (((bits) - 1) & GENMASK(7, 0)))
+
+/*
+ * Lookup the address of the Interrupt Translation Table associated with
+ * a device ID and return the address of the ITTE belonging to the event ID
+ * (which is an index into that table).
+ * TODO: add support for walking indirect tables.
+ */
+static paddr_t its_get_itte_address(struct virt_its *its,
+ uint32_t devid, uint32_t evid)
+{
+ paddr_t addr = get_baser_phys_addr(its->baser_dev);
+ uint64_t itt;
+
+ if ( devid >= its->max_devices )
+ return INVALID_PADDR;
+
+ if ( vgic_access_guest_memory(its->d, addr + devid * sizeof(uint64_t),
+ &itt, sizeof(itt), false) )
+ return INVALID_PADDR;
+
+ if ( evid >= DEV_TABLE_ITT_SIZE(itt) ||
+ DEV_TABLE_ITT_ADDR(itt) == INVALID_PADDR )
+ return INVALID_PADDR;
+
+ return DEV_TABLE_ITT_ADDR(itt) + evid * sizeof(struct vits_itte);
+}
+
+/*
+ * Queries the collection and device tables to get the vCPU and virtual
+ * LPI number for a given guest event. This first accesses the guest memory
+ * to resolve the address of the ITTE, then reads the ITTE entry at this
+ * address and puts the result in vcpu_ptr and vlpi_ptr.
+ * Requires the ITS lock to be held.
+ */
+static bool read_itte_locked(struct virt_its *its, uint32_t devid,
+ uint32_t evid, struct vcpu **vcpu_ptr,
+ uint32_t *vlpi_ptr)
+{
+ paddr_t addr;
+ struct vits_itte itte;
+ struct vcpu *vcpu;
+
+ ASSERT(spin_is_locked(&its->its_lock));
+
+ addr = its_get_itte_address(its, devid, evid);
+ if ( addr == INVALID_PADDR )
+ return false;
+
+ if ( vgic_access_guest_memory(its->d, addr, &itte, sizeof(itte), false) )
+ return false;
+
+ vcpu = get_vcpu_from_collection(its, itte.collection);
+ if ( !vcpu )
+ return false;
+
+ *vcpu_ptr = vcpu;
+ *vlpi_ptr = itte.vlpi;
+ return true;
+}
+
+/*
+ * This function takes care of the locking by taking the its_lock itself, so
+ * a caller shall not hold this. Before returning, the lock is dropped again.
+ */
+bool read_itte(struct virt_its *its, uint32_t devid, uint32_t evid,
+ struct vcpu **vcpu_ptr, uint32_t *vlpi_ptr)
+{
+ bool ret;
+
+ spin_lock(&its->its_lock);
+ ret = read_itte_locked(its, devid, evid, vcpu_ptr, vlpi_ptr);
+ spin_unlock(&its->its_lock);
+
+ return ret;
+}
+
+/*
+ * Queries the collection and device tables to translate the device ID and
+ * event ID and find the appropriate ITTE. The given collection ID and the
+ * virtual LPI number are then stored into that entry.
+ * If vcpu_ptr is provided, returns the VCPU belonging to that collection.
+ * Requires the ITS lock to be held.
+ */
+static bool write_itte_locked(struct virt_its *its, uint32_t devid,
+ uint32_t evid, uint32_t collid, uint32_t vlpi,
+ struct vcpu **vcpu_ptr)
+{
+ paddr_t addr;
+ struct vits_itte itte;
+
+ ASSERT(spin_is_locked(&its->its_lock));
+
+ if ( collid >= its->max_collections )
+ return false;
+
+ if ( vlpi >= its->d->arch.vgic.nr_lpis )
+ return false;
+
+ addr = its_get_itte_address(its, devid, evid);
+ if ( addr == INVALID_PADDR )
+ return false;
+
+ itte.collection = collid;
+ itte.vlpi = vlpi;
+
+ if ( vgic_access_guest_memory(its->d, addr, &itte, sizeof(itte), true) )
+ return false;
+
+ if ( vcpu_ptr )
+ *vcpu_ptr = get_vcpu_from_collection(its, collid);
+
+ return true;
+}
+
+/*
+ * This function takes care of the locking by taking the its_lock itself, so
+ * a caller shall not hold this. Before returning, the lock is dropped again.
+ */
+bool write_itte(struct virt_its *its, uint32_t devid, uint32_t evid,
+ uint32_t collid, uint32_t vlpi, struct vcpu **vcpu_ptr)
+{
+ bool ret;
+
+ spin_lock(&its->its_lock);
+ ret = write_itte_locked(its, devid, evid, collid, vlpi, vcpu_ptr);
+ spin_unlock(&its->its_lock);
+
+ return ret;
+}
+
/**************************************
* Functions that handle ITS commands *
**************************************/
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 26/36] ARM: vITS: handle CLEAR command
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (24 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 25/36] ARM: vITS: introduce translation table walks Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 17:32 ` [PATCH v6 27/36] ARM: vITS: handle INT command Andre Przywara
` (9 subsequent siblings)
35 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
This introduces the ITS command handler for the CLEAR command, which
clears the pending state of an LPI.
This removes a not-yet injected, but already queued IRQ from a VCPU.
As read_itte() is now eventually used, we add the static keyword.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/vgic-v3-its.c | 49 ++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 47 insertions(+), 2 deletions(-)
diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
index 0fb67d2..6a92052 100644
--- a/xen/arch/arm/vgic-v3-its.c
+++ b/xen/arch/arm/vgic-v3-its.c
@@ -196,8 +196,8 @@ static bool read_itte_locked(struct virt_its *its, uint32_t devid,
* This function takes care of the locking by taking the its_lock itself, so
* a caller shall not hold this. Before returning, the lock is dropped again.
*/
-bool read_itte(struct virt_its *its, uint32_t devid, uint32_t evid,
- struct vcpu **vcpu_ptr, uint32_t *vlpi_ptr)
+static bool read_itte(struct virt_its *its, uint32_t devid, uint32_t evid,
+ struct vcpu **vcpu_ptr, uint32_t *vlpi_ptr)
{
bool ret;
@@ -282,6 +282,48 @@ static uint64_t its_cmd_mask_field(uint64_t *its_cmd, unsigned int word,
#define its_cmd_get_validbit(cmd) its_cmd_mask_field(cmd, 2, 63, 1)
#define its_cmd_get_ittaddr(cmd) (its_cmd_mask_field(cmd, 2, 8, 44) << 8)
+/*
+ * CLEAR removes the pending state from an LPI. */
+static int its_handle_clear(struct virt_its *its, uint64_t *cmdptr)
+{
+ uint32_t devid = its_cmd_get_deviceid(cmdptr);
+ uint32_t eventid = its_cmd_get_id(cmdptr);
+ struct pending_irq *p;
+ struct vcpu *vcpu;
+ uint32_t vlpi;
+ unsigned long flags;
+
+ /* Translate the DevID/EvID pair into a vCPU/vLPI pair. */
+ if ( !read_itte(its, devid, eventid, &vcpu, &vlpi) )
+ return -1;
+
+ p = its->d->arch.vgic.handler->lpi_to_pending(its->d, vlpi);
+ if ( !p )
+ return -1;
+
+ spin_lock_irqsave(&vcpu->arch.vgic.lock, flags);
+
+ /* We store the pending bit for LPIs in our struct pending_irq. */
+ clear_bit(GIC_IRQ_GUEST_LPI_PENDING, &p->status);
+
+ /*
+ * If the LPI is already visible on the guest, it is too late to
+ * clear the pending state. However this is a benign race that can
+ * happen on real hardware, too: If the LPI has already been forwarded
+ * to a CPU interface, a CLEAR request reaching the redistributor has
+ * no effect on that LPI anymore. Since LPIs are edge triggered and
+ * have no active state, we don't need to care about this here.
+ */
+ if ( !test_bit(GIC_IRQ_GUEST_VISIBLE, &p->status) )
+ {
+ /* Remove a pending, but not yet injected guest IRQ. */
+ clear_bit(GIC_IRQ_GUEST_QUEUED, &p->status);
+ gic_remove_from_queues(vcpu, vlpi);
+ }
+
+ return 0;
+}
+
#define ITS_CMD_BUFFER_SIZE(baser) ((((baser) & 0xff) + 1) << 12)
/*
@@ -311,6 +353,9 @@ static int vgic_its_handle_cmds(struct domain *d, struct virt_its *its)
switch ( its_cmd_get_command(command) )
{
+ case GITS_CMD_CLEAR:
+ ret = its_handle_clear(its, command);
+ break;
case GITS_CMD_SYNC:
/* We handle ITS commands synchronously, so we ignore SYNC. */
break;
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 27/36] ARM: vITS: handle INT command
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (25 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 26/36] ARM: vITS: handle CLEAR command Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 17:32 ` [PATCH v6 28/36] ARM: vITS: handle MAPC command Andre Przywara
` (8 subsequent siblings)
35 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
The INT command sets a given LPI identified by a DeviceID/EventID pair
as pending and thus triggers it to be injected.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/vgic-v3-its.c | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
index 6a92052..629c775 100644
--- a/xen/arch/arm/vgic-v3-its.c
+++ b/xen/arch/arm/vgic-v3-its.c
@@ -324,6 +324,33 @@ static int its_handle_clear(struct virt_its *its, uint64_t *cmdptr)
return 0;
}
+static int its_handle_int(struct virt_its *its, uint64_t *cmdptr)
+{
+ uint32_t devid = its_cmd_get_deviceid(cmdptr);
+ uint32_t eventid = its_cmd_get_id(cmdptr);
+ struct pending_irq *p;
+ struct vcpu *vcpu;
+ uint32_t vlpi;
+
+ if ( !read_itte(its, devid, eventid, &vcpu, &vlpi) )
+ return -1;
+
+ p = its->d->arch.vgic.handler->lpi_to_pending(its->d, vlpi);
+ if ( !p )
+ return -1;
+
+ /*
+ * If the LPI is enabled, inject it.
+ * If not, store the pending state to inject it once it gets enabled later.
+ */
+ if ( test_bit(GIC_IRQ_GUEST_ENABLED, &p->status) )
+ vgic_vcpu_inject_irq(vcpu, vlpi);
+ else
+ set_bit(GIC_IRQ_GUEST_LPI_PENDING, &p->status);
+
+ return 0;
+}
+
#define ITS_CMD_BUFFER_SIZE(baser) ((((baser) & 0xff) + 1) << 12)
/*
@@ -356,6 +383,9 @@ static int vgic_its_handle_cmds(struct domain *d, struct virt_its *its)
case GITS_CMD_CLEAR:
ret = its_handle_clear(its, command);
break;
+ case GITS_CMD_INT:
+ ret = its_handle_int(its, command);
+ break;
case GITS_CMD_SYNC:
/* We handle ITS commands synchronously, so we ignore SYNC. */
break;
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 28/36] ARM: vITS: handle MAPC command
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (26 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 27/36] ARM: vITS: handle INT command Andre Przywara
@ 2017-04-07 17:32 ` Andre Przywara
2017-04-07 17:33 ` [PATCH v6 29/36] ARM: vITS: handle MAPD command Andre Przywara
` (7 subsequent siblings)
35 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:32 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
The MAPC command associates a given collection ID with a given
redistributor, thus mapping collections to VCPUs.
We just store the vcpu_id in the collection table for that.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/vgic-v3-its.c | 41 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 41 insertions(+)
diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
index 629c775..72e2885 100644
--- a/xen/arch/arm/vgic-v3-its.c
+++ b/xen/arch/arm/vgic-v3-its.c
@@ -99,6 +99,21 @@ static paddr_t get_baser_phys_addr(uint64_t reg)
}
/* Must be called with the ITS lock held. */
+static int its_set_collection(struct virt_its *its, uint16_t collid,
+ uint16_t vcpu_id)
+{
+ paddr_t addr = get_baser_phys_addr(its->baser_coll);
+
+ ASSERT(spin_is_locked(&its->its_lock));
+
+ if ( collid >= its->max_collections )
+ return -ENOENT;
+
+ return vgic_access_guest_memory(its->d, addr + collid * sizeof(uint16_t),
+ &vcpu_id, sizeof(vcpu_id), true);
+}
+
+/* Must be called with the ITS lock held. */
static struct vcpu *get_vcpu_from_collection(struct virt_its *its,
uint16_t collid)
{
@@ -351,6 +366,29 @@ static int its_handle_int(struct virt_its *its, uint64_t *cmdptr)
return 0;
}
+static int its_handle_mapc(struct virt_its *its, uint64_t *cmdptr)
+{
+ uint32_t collid = its_cmd_get_collection(cmdptr);
+ uint64_t rdbase = its_cmd_mask_field(cmdptr, 2, 16, 44);
+
+ if ( collid >= its->max_collections )
+ return -1;
+
+ if ( rdbase >= its->d->max_vcpus )
+ return -1;
+
+ spin_lock(&its->its_lock);
+
+ if ( its_cmd_get_validbit(cmdptr) )
+ its_set_collection(its, collid, rdbase);
+ else
+ its_set_collection(its, collid, UNMAPPED_COLLECTION);
+
+ spin_unlock(&its->its_lock);
+
+ return 0;
+}
+
#define ITS_CMD_BUFFER_SIZE(baser) ((((baser) & 0xff) + 1) << 12)
/*
@@ -386,6 +424,9 @@ static int vgic_its_handle_cmds(struct domain *d, struct virt_its *its)
case GITS_CMD_INT:
ret = its_handle_int(its, command);
break;
+ case GITS_CMD_MAPC:
+ ret = its_handle_mapc(its, command);
+ break;
case GITS_CMD_SYNC:
/* We handle ITS commands synchronously, so we ignore SYNC. */
break;
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 29/36] ARM: vITS: handle MAPD command
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (27 preceding siblings ...)
2017-04-07 17:32 ` [PATCH v6 28/36] ARM: vITS: handle MAPC command Andre Przywara
@ 2017-04-07 17:33 ` Andre Przywara
2017-04-07 17:33 ` [PATCH v6 30/36] ARM: vITS: handle MAPTI command Andre Przywara
` (6 subsequent siblings)
35 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:33 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
The MAPD command maps a device by associating a memory region for
storing ITEs with a certain device ID.
We store the given guest physical address in the device table, and, if
this command comes from Dom0, tell the host ITS driver about this new
mapping, so it can issue the corresponding host MAPD command and create
the required tables.
We simply use our existing guest memory access function to find the
right ITT entry and store the mapping there.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/vgic-v3-its.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 59 insertions(+)
diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
index 72e2885..37c932b 100644
--- a/xen/arch/arm/vgic-v3-its.c
+++ b/xen/arch/arm/vgic-v3-its.c
@@ -42,6 +42,7 @@
*/
struct virt_its {
struct domain *d;
+ paddr_t doorbell_address;
unsigned int devid_bits;
unsigned int intid_bits;
spinlock_t vcmd_lock; /* Protects the virtual command buffer, which */
@@ -148,6 +149,20 @@ static struct vcpu *get_vcpu_from_collection(struct virt_its *its,
#define DEV_TABLE_ENTRY(addr, bits) \
(((addr) & GENMASK(51, 8)) | (((bits) - 1) & GENMASK(7, 0)))
+/* Set the address of an ITT for a given device ID. */
+static int its_set_itt_address(struct virt_its *its, uint32_t devid,
+ paddr_t itt_address, uint32_t nr_bits)
+{
+ paddr_t addr = get_baser_phys_addr(its->baser_dev);
+ uint64_t itt_entry = DEV_TABLE_ENTRY(itt_address, nr_bits);
+
+ if ( devid >= its->max_devices )
+ return -ENOENT;
+
+ return vgic_access_guest_memory(its->d, addr + devid * sizeof(uint64_t),
+ &itt_entry, sizeof(itt_entry), true);
+}
+
/*
* Lookup the address of the Interrupt Translation Table associated with
* a device ID and return the address of the ITTE belonging to the event ID
@@ -389,6 +404,47 @@ static int its_handle_mapc(struct virt_its *its, uint64_t *cmdptr)
return 0;
}
+static int its_handle_mapd(struct virt_its *its, uint64_t *cmdptr)
+{
+ /* size and devid get validated by the functions called below. */
+ uint32_t devid = its_cmd_get_deviceid(cmdptr);
+ unsigned int size = its_cmd_get_size(cmdptr) + 1;
+ bool valid = its_cmd_get_validbit(cmdptr);
+ paddr_t itt_addr = its_cmd_get_ittaddr(cmdptr);
+ int ret;
+
+ /*
+ * There is no easy and clean way for Xen to know the ITS device ID of a
+ * particular (PCI) device, so we have to rely on the guest telling
+ * us about it. For *now* we are just using the device ID *Dom0* uses,
+ * because the driver there has the actual knowledge.
+ * Eventually this will be replaced with a dedicated hypercall to
+ * announce pass-through of devices.
+ */
+ if ( is_hardware_domain(its->d) )
+ {
+ /*
+ * Dom0's ITSes are mapped 1:1, so both addresses are the same.
+ * Also the device IDs are equal.
+ */
+ ret = gicv3_its_map_guest_device(its->d, its->doorbell_address, devid,
+ its->doorbell_address, devid,
+ BIT(size), valid);
+ if ( ret )
+ return ret;
+ }
+
+ spin_lock(&its->its_lock);
+ if ( valid )
+ ret = its_set_itt_address(its, devid, itt_addr, size);
+ else
+ ret = its_set_itt_address(its, devid, INVALID_PADDR, 1);
+
+ spin_unlock(&its->its_lock);
+
+ return ret;
+}
+
#define ITS_CMD_BUFFER_SIZE(baser) ((((baser) & 0xff) + 1) << 12)
/*
@@ -427,6 +483,9 @@ static int vgic_its_handle_cmds(struct domain *d, struct virt_its *its)
case GITS_CMD_MAPC:
ret = its_handle_mapc(its, command);
break;
+ case GITS_CMD_MAPD:
+ ret = its_handle_mapd(its, command);
+ break;
case GITS_CMD_SYNC:
/* We handle ITS commands synchronously, so we ignore SYNC. */
break;
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 30/36] ARM: vITS: handle MAPTI command
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (28 preceding siblings ...)
2017-04-07 17:33 ` [PATCH v6 29/36] ARM: vITS: handle MAPD command Andre Przywara
@ 2017-04-07 17:33 ` Andre Przywara
2017-04-07 17:33 ` [PATCH v6 31/36] ARM: vITS: handle MOVI command Andre Przywara
` (5 subsequent siblings)
35 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:33 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
The MAPTI commands associates a DeviceID/EventID pair with a LPI/CPU
pair and actually instantiates LPI interrupts.
We connect the already allocated host LPI to this virtual LPI, so that
any triggering LPI on the host can be quickly forwarded to a guest.
Beside entering the VCPU and the virtual LPI number in the respective
host LPI entry, we also initialize and add the already allocated
struct pending_irq to our radix tree, so that we can now easily find it
by its virtual LPI number.
We also read the property table to update the enabled bit and the
priority for our new LPI, as we might have missed this during an earlier
INVALL call (which only checks mapped LPIs).
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/gic-v3-its.c | 74 ++++++++++++++++++++++++++++++
xen/arch/arm/gic-v3-lpi.c | 18 ++++++++
xen/arch/arm/vgic-v3-its.c | 99 ++++++++++++++++++++++++++++++++++++++++
xen/include/asm-arm/gic_v3_its.h | 6 +++
4 files changed, 197 insertions(+)
diff --git a/xen/arch/arm/gic-v3-its.c b/xen/arch/arm/gic-v3-its.c
index 1dad428..b55e7f1 100644
--- a/xen/arch/arm/gic-v3-its.c
+++ b/xen/arch/arm/gic-v3-its.c
@@ -799,6 +799,80 @@ out:
return ret;
}
+/* Must be called with the its_device_lock held. */
+static struct its_device *get_its_device(struct domain *d, paddr_t vdoorbell,
+ uint32_t vdevid)
+{
+ struct rb_node *node = d->arch.vgic.its_devices.rb_node;
+ struct its_device *dev;
+
+ ASSERT(spin_is_locked(&d->arch.vgic.its_devices_lock));
+
+ while (node)
+ {
+ int cmp;
+
+ dev = rb_entry(node, struct its_device, rbnode);
+ cmp = compare_its_guest_devices(dev, vdoorbell, vdevid);
+
+ if ( !cmp )
+ return dev;
+
+ if ( cmp > 0 )
+ node = node->rb_left;
+ else
+ node = node->rb_right;
+ }
+
+ return NULL;
+}
+
+static uint32_t get_host_lpi(struct its_device *dev, uint32_t eventid)
+{
+ uint32_t host_lpi = 0;
+
+ if ( dev && (eventid < dev->eventids) )
+ host_lpi = dev->host_lpi_blocks[eventid / LPI_BLOCK] +
+ (eventid % LPI_BLOCK);
+
+ return host_lpi;
+}
+
+/*
+ * Connects the event ID for an already assigned device to the given VCPU/vLPI
+ * pair. The corresponding physical LPI is already mapped on the host side
+ * (when assigning the physical device to the guest), so we just connect the
+ * target VCPU/vLPI pair to that interrupt to inject it properly if it fires.
+ * Returns a pointer to the already allocated struct pending_irq that is
+ * meant to be used by that event.
+ */
+struct pending_irq *gicv3_assign_guest_event(struct domain *d,
+ paddr_t vdoorbell_address,
+ uint32_t vdevid, uint32_t veventid,
+ struct vcpu *v, uint32_t virt_lpi)
+{
+ struct its_device *dev;
+ struct pending_irq *pirq = NULL;
+ uint32_t host_lpi = 0;
+
+ spin_lock(&d->arch.vgic.its_devices_lock);
+ dev = get_its_device(d, vdoorbell_address, vdevid);
+ if ( dev )
+ {
+ host_lpi = get_host_lpi(dev, veventid);
+ pirq = &dev->pend_irqs[veventid];
+ }
+ spin_unlock(&d->arch.vgic.its_devices_lock);
+
+ if ( !host_lpi || !pirq )
+ return NULL;
+
+ gicv3_lpi_update_host_entry(host_lpi, d->domain_id,
+ v ? v->vcpu_id : INVALID_VCPU_ID, virt_lpi);
+
+ return pirq;
+}
+
/* Scan the DT for any ITS nodes and create a list of host ITSes out of it. */
void gicv3_its_dt_init(const struct dt_device_node *node)
{
diff --git a/xen/arch/arm/gic-v3-lpi.c b/xen/arch/arm/gic-v3-lpi.c
index a670f73..86bda68 100644
--- a/xen/arch/arm/gic-v3-lpi.c
+++ b/xen/arch/arm/gic-v3-lpi.c
@@ -225,6 +225,24 @@ void gicv3_do_LPI(unsigned int lpi)
rcu_unlock_domain(d);
}
+void gicv3_lpi_update_host_entry(uint32_t host_lpi, int domain_id,
+ unsigned int vcpu_id, uint32_t virt_lpi)
+{
+ union host_lpi *hlpip, hlpi;
+
+ ASSERT(host_lpi >= LPI_OFFSET);
+
+ host_lpi -= LPI_OFFSET;
+
+ hlpip = &lpi_data.host_lpis[host_lpi / HOST_LPIS_PER_PAGE][host_lpi % HOST_LPIS_PER_PAGE];
+
+ hlpi.virt_lpi = virt_lpi;
+ hlpi.dom_id = domain_id;
+ hlpi.vcpu_id = vcpu_id;
+
+ write_u64_atomic(&hlpip->data, hlpi.data);
+}
+
static int gicv3_lpi_allocate_pendtable(uint64_t *reg)
{
uint64_t val;
diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
index 37c932b..e66557f 100644
--- a/xen/arch/arm/vgic-v3-its.c
+++ b/xen/arch/arm/vgic-v3-its.c
@@ -381,6 +381,33 @@ static int its_handle_int(struct virt_its *its, uint64_t *cmdptr)
return 0;
}
+/*
+ * For a given virtual LPI read the enabled bit and priority from the virtual
+ * property table and update the virtual IRQ's state in the given pending_irq.
+ */
+static int update_lpi_property(struct domain *d, uint32_t vlpi,
+ struct pending_irq *p)
+{
+ paddr_t addr;
+ uint8_t property;
+ int ret;
+
+ addr = d->arch.vgic.rdist_propbase & GENMASK(51, 12);
+
+ ret = vgic_access_guest_memory(d, addr + vlpi - LPI_OFFSET,
+ &property, sizeof(property), false);
+ if ( ret )
+ return ret;
+
+ p->lpi_priority = property & LPI_PROP_PRIO_MASK;
+ if ( property & LPI_PROP_ENABLED )
+ set_bit(GIC_IRQ_GUEST_ENABLED, &p->status);
+ else
+ clear_bit(GIC_IRQ_GUEST_ENABLED, &p->status);
+
+ return 0;
+}
+
static int its_handle_mapc(struct virt_its *its, uint64_t *cmdptr)
{
uint32_t collid = its_cmd_get_collection(cmdptr);
@@ -445,6 +472,74 @@ static int its_handle_mapd(struct virt_its *its, uint64_t *cmdptr)
return ret;
}
+static int its_handle_mapti(struct virt_its *its, uint64_t *cmdptr)
+{
+ uint32_t devid = its_cmd_get_deviceid(cmdptr);
+ uint32_t eventid = its_cmd_get_id(cmdptr);
+ uint32_t intid = its_cmd_get_physical_id(cmdptr), _intid;
+ uint16_t collid = its_cmd_get_collection(cmdptr);
+ struct pending_irq *pirq;
+ struct vcpu *vcpu = NULL;
+ int ret = 0;
+
+ if ( its_cmd_get_command(cmdptr) == GITS_CMD_MAPI )
+ intid = eventid;
+
+ spin_lock(&its->its_lock);
+ /*
+ * Check whether there is a valid existing mapping. If yes, behavior is
+ * unpredictable, we choose to ignore this command here.
+ * This makes sure we start with a pristine pending_irq below.
+ */
+ if ( read_itte_locked(its, devid, eventid, &vcpu, &_intid) &&
+ _intid != INVALID_LPI )
+ {
+ spin_unlock(&its->its_lock);
+ return -1;
+ }
+
+ /* Enter the mapping in our virtual ITS tables. */
+ if ( !write_itte_locked(its, devid, eventid, collid, intid, &vcpu) )
+ {
+ spin_unlock(&its->its_lock);
+ return -1;
+ }
+
+ spin_unlock(&its->its_lock);
+
+ /*
+ * Connect this virtual LPI to the corresponding host LPI, which is
+ * determined by the same device ID and event ID on the host side.
+ * This returns us the corresponding, still unused pending_irq.
+ */
+ pirq = gicv3_assign_guest_event(its->d, its->doorbell_address,
+ devid, eventid, vcpu, intid);
+ if ( !pirq )
+ return -1;
+
+ vgic_init_pending_irq(pirq, intid);
+
+ /*
+ * Now read the guest's property table to initialize our cached state.
+ * It can't fire at this time, because it is not known to the host yet.
+ */
+ ret = update_lpi_property(its->d, intid, pirq);
+ if ( ret )
+ return ret;
+
+ pirq->lpi_vcpu_id = vcpu->vcpu_id;
+
+ /*
+ * Now insert the pending_irq into the domain's LPI tree, so that
+ * it becomes live.
+ */
+ write_lock(&its->d->arch.vgic.pend_lpi_tree_lock);
+ radix_tree_insert(&its->d->arch.vgic.pend_lpi_tree, intid, pirq);
+ write_unlock(&its->d->arch.vgic.pend_lpi_tree_lock);
+
+ return 0;
+}
+
#define ITS_CMD_BUFFER_SIZE(baser) ((((baser) & 0xff) + 1) << 12)
/*
@@ -486,6 +581,10 @@ static int vgic_its_handle_cmds(struct domain *d, struct virt_its *its)
case GITS_CMD_MAPD:
ret = its_handle_mapd(its, command);
break;
+ case GITS_CMD_MAPI:
+ case GITS_CMD_MAPTI:
+ ret = its_handle_mapti(its, command);
+ break;
case GITS_CMD_SYNC:
/* We handle ITS commands synchronously, so we ignore SYNC. */
break;
diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
index ea574c4..0be88ac 100644
--- a/xen/include/asm-arm/gic_v3_its.h
+++ b/xen/include/asm-arm/gic_v3_its.h
@@ -169,6 +169,12 @@ int gicv3_its_map_guest_device(struct domain *d,
int gicv3_allocate_host_lpi_block(struct domain *d, uint32_t *first_lpi);
void gicv3_free_host_lpi_block(uint32_t first_lpi);
+struct pending_irq *gicv3_assign_guest_event(struct domain *d, paddr_t doorbell,
+ uint32_t devid, uint32_t eventid,
+ struct vcpu *v, uint32_t virt_lpi);
+void gicv3_lpi_update_host_entry(uint32_t host_lpi, int domain_id,
+ unsigned int vcpu_id, uint32_t virt_lpi);
+
#else
static inline void gicv3_its_dt_init(const struct dt_device_node *node)
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 31/36] ARM: vITS: handle MOVI command
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (29 preceding siblings ...)
2017-04-07 17:33 ` [PATCH v6 30/36] ARM: vITS: handle MAPTI command Andre Przywara
@ 2017-04-07 17:33 ` Andre Przywara
2017-04-07 17:33 ` [PATCH v6 32/36] ARM: vITS: handle DISCARD command Andre Przywara
` (4 subsequent siblings)
35 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:33 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
The MOVI command moves the interrupt affinity from one redistributor
(read: VCPU) to another.
For now migration of "live" LPIs is not yet implemented, but we store
the changed affinity in the host LPI structure and in our virtual ITTE.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/gic-v3-its.c | 24 ++++++++++++++++++++
xen/arch/arm/gic-v3-lpi.c | 15 +++++++++++++
xen/arch/arm/vgic-v3-its.c | 47 ++++++++++++++++++++++++++++++++++++++++
xen/include/asm-arm/gic_v3_its.h | 4 ++++
4 files changed, 90 insertions(+)
diff --git a/xen/arch/arm/gic-v3-its.c b/xen/arch/arm/gic-v3-its.c
index b55e7f1..768c7e5 100644
--- a/xen/arch/arm/gic-v3-its.c
+++ b/xen/arch/arm/gic-v3-its.c
@@ -873,6 +873,30 @@ struct pending_irq *gicv3_assign_guest_event(struct domain *d,
return pirq;
}
+/* Changes the target VCPU for a given host LPI assigned to a domain. */
+int gicv3_lpi_change_vcpu(struct domain *d, paddr_t vdoorbell,
+ uint32_t vdevid, uint32_t veventid,
+ unsigned int vcpu_id)
+{
+ uint32_t host_lpi;
+ struct its_device *dev;
+
+ spin_lock(&d->arch.vgic.its_devices_lock);
+ dev = get_its_device(d, vdoorbell, vdevid);
+ if ( dev )
+ host_lpi = get_host_lpi(dev, veventid);
+ else
+ host_lpi = 0;
+ spin_unlock(&d->arch.vgic.its_devices_lock);
+
+ if ( !host_lpi )
+ return -ENOENT;
+
+ gicv3_lpi_update_host_vcpuid(host_lpi, vcpu_id);
+
+ return 0;
+}
+
/* Scan the DT for any ITS nodes and create a list of host ITSes out of it. */
void gicv3_its_dt_init(const struct dt_device_node *node)
{
diff --git a/xen/arch/arm/gic-v3-lpi.c b/xen/arch/arm/gic-v3-lpi.c
index 86bda68..bf64085 100644
--- a/xen/arch/arm/gic-v3-lpi.c
+++ b/xen/arch/arm/gic-v3-lpi.c
@@ -243,6 +243,21 @@ void gicv3_lpi_update_host_entry(uint32_t host_lpi, int domain_id,
write_u64_atomic(&hlpip->data, hlpi.data);
}
+int gicv3_lpi_update_host_vcpuid(uint32_t host_lpi, unsigned int vcpu_id)
+{
+ union host_lpi *hlpip;
+
+ ASSERT(host_lpi >= LPI_OFFSET);
+
+ host_lpi -= LPI_OFFSET;
+
+ hlpip = &lpi_data.host_lpis[host_lpi / HOST_LPIS_PER_PAGE][host_lpi % HOST_LPIS_PER_PAGE];
+
+ write_u16_atomic(&hlpip->vcpu_id, vcpu_id);
+
+ return 0;
+}
+
static int gicv3_lpi_allocate_pendtable(uint64_t *reg)
{
uint64_t val;
diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
index e66557f..ac46126 100644
--- a/xen/arch/arm/vgic-v3-its.c
+++ b/xen/arch/arm/vgic-v3-its.c
@@ -540,6 +540,47 @@ static int its_handle_mapti(struct virt_its *its, uint64_t *cmdptr)
return 0;
}
+static int its_handle_movi(struct virt_its *its, uint64_t *cmdptr)
+{
+ uint32_t devid = its_cmd_get_deviceid(cmdptr);
+ uint32_t eventid = its_cmd_get_id(cmdptr);
+ int collid = its_cmd_get_collection(cmdptr);
+ struct pending_irq *p;
+ struct vcpu *vcpu;
+ uint32_t vlpi;
+ int ret = -1;
+
+ spin_lock(&its->its_lock);
+ /* Check for a mapped LPI and get the LPI number. */
+ if ( !read_itte_locked(its, devid, eventid, &vcpu, &vlpi) )
+ goto out_unlock;
+
+ /* Check the new collection ID and get the new VCPU pointer */
+ vcpu = get_vcpu_from_collection(its, collid);
+ if ( !vcpu )
+ goto out_unlock;
+
+ /* Update our cached vcpu_id in the pending_irq. */
+ p = its->d->arch.vgic.handler->lpi_to_pending(its->d, vlpi);
+ p->lpi_vcpu_id = vcpu->vcpu_id;
+
+ /* Now store the new collection in the translation table. */
+ if ( !write_itte_locked(its, devid, eventid, collid, vlpi, &vcpu) )
+ goto out_unlock;
+
+ spin_unlock(&its->its_lock);
+
+ /* TODO: lookup currently-in-guest virtual IRQs and migrate them? */
+
+ return gicv3_lpi_change_vcpu(its->d, its->doorbell_address,
+ devid, eventid, vcpu->vcpu_id);
+
+out_unlock:
+ spin_unlock(&its->its_lock);
+
+ return ret;
+}
+
#define ITS_CMD_BUFFER_SIZE(baser) ((((baser) & 0xff) + 1) << 12)
/*
@@ -585,6 +626,12 @@ static int vgic_its_handle_cmds(struct domain *d, struct virt_its *its)
case GITS_CMD_MAPTI:
ret = its_handle_mapti(its, command);
break;
+ case GITS_CMD_MOVALL:
+ gdprintk(XENLOG_G_INFO, "ITS: ignoring MOVALL command\n");
+ break;
+ case GITS_CMD_MOVI:
+ ret = its_handle_movi(its, command);
+ break;
case GITS_CMD_SYNC:
/* We handle ITS commands synchronously, so we ignore SYNC. */
break;
diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
index 0be88ac..cd2b527 100644
--- a/xen/include/asm-arm/gic_v3_its.h
+++ b/xen/include/asm-arm/gic_v3_its.h
@@ -172,8 +172,12 @@ void gicv3_free_host_lpi_block(uint32_t first_lpi);
struct pending_irq *gicv3_assign_guest_event(struct domain *d, paddr_t doorbell,
uint32_t devid, uint32_t eventid,
struct vcpu *v, uint32_t virt_lpi);
+int gicv3_lpi_change_vcpu(struct domain *d, paddr_t doorbell,
+ uint32_t devid, uint32_t eventid,
+ unsigned int vcpu_id);
void gicv3_lpi_update_host_entry(uint32_t host_lpi, int domain_id,
unsigned int vcpu_id, uint32_t virt_lpi);
+int gicv3_lpi_update_host_vcpuid(uint32_t host_lpi, unsigned int vcpu_id);
#else
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 32/36] ARM: vITS: handle DISCARD command
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (30 preceding siblings ...)
2017-04-07 17:33 ` [PATCH v6 31/36] ARM: vITS: handle MOVI command Andre Przywara
@ 2017-04-07 17:33 ` Andre Przywara
2017-04-07 17:33 ` [PATCH v6 33/36] ARM: vITS: handle INV command Andre Przywara
` (3 subsequent siblings)
35 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:33 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
The DISCARD command drops the connection between a DeviceID/EventID
and an LPI/collection pair.
We mark the respective structure entries as not allocated and make
sure that any queued IRQs are removed.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/vgic-v3-its.c | 36 ++++++++++++++++++++++++++++++++++--
1 file changed, 34 insertions(+), 2 deletions(-)
diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
index ac46126..d13103f 100644
--- a/xen/arch/arm/vgic-v3-its.c
+++ b/xen/arch/arm/vgic-v3-its.c
@@ -280,8 +280,8 @@ static bool write_itte_locked(struct virt_its *its, uint32_t devid,
* This function takes care of the locking by taking the its_lock itself, so
* a caller shall not hold this. Before returning, the lock is dropped again.
*/
-bool write_itte(struct virt_its *its, uint32_t devid, uint32_t evid,
- uint32_t collid, uint32_t vlpi, struct vcpu **vcpu_ptr)
+static bool write_itte(struct virt_its *its, uint32_t devid, uint32_t evid,
+ uint32_t collid, uint32_t vlpi, struct vcpu **vcpu_ptr)
{
bool ret;
@@ -581,6 +581,35 @@ out_unlock:
return ret;
}
+static int its_handle_discard(struct virt_its *its, uint64_t *cmdptr)
+{
+ uint32_t devid = its_cmd_get_deviceid(cmdptr);
+ uint32_t eventid = its_cmd_get_id(cmdptr);
+ struct pending_irq *pirq;
+ struct vcpu *vcpu;
+ uint32_t vlpi;
+
+ if ( !read_itte(its, devid, eventid, &vcpu, &vlpi) )
+ return -1;
+
+ pirq = its->d->arch.vgic.handler->lpi_to_pending(its->d, vlpi);
+ if ( pirq )
+ {
+ clear_bit(GIC_IRQ_GUEST_QUEUED, &pirq->status);
+ gic_remove_from_queues(vcpu, vlpi);
+ }
+
+ if ( !write_itte(its, devid, eventid, UNMAPPED_COLLECTION, INVALID_LPI,
+ NULL) )
+ return -1;
+
+ if ( !gicv3_assign_guest_event(its->d, its->doorbell_address,
+ devid, eventid, NULL, 0) )
+ return -1;
+
+ return 0;
+}
+
#define ITS_CMD_BUFFER_SIZE(baser) ((((baser) & 0xff) + 1) << 12)
/*
@@ -613,6 +642,9 @@ static int vgic_its_handle_cmds(struct domain *d, struct virt_its *its)
case GITS_CMD_CLEAR:
ret = its_handle_clear(its, command);
break;
+ case GITS_CMD_DISCARD:
+ ret = its_handle_discard(its, command);
+ break;
case GITS_CMD_INT:
ret = its_handle_int(its, command);
break;
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 33/36] ARM: vITS: handle INV command
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (31 preceding siblings ...)
2017-04-07 17:33 ` [PATCH v6 32/36] ARM: vITS: handle DISCARD command Andre Przywara
@ 2017-04-07 17:33 ` Andre Przywara
2017-04-07 17:33 ` [PATCH v6 34/36] ARM: vITS: handle INVALL command Andre Przywara
` (2 subsequent siblings)
35 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:33 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
The INV command instructs the ITS to update the configuration data for
a given LPI by re-reading its entry from the property table.
We don't need to care so much about the priority value, but enabling
or disabling an LPI has some effect: We remove or push virtual LPIs
to their VCPUs, also check the virtual pending bit if an LPI gets enabled.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/vgic-v3-its.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 69 insertions(+)
diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
index d13103f..dccf101 100644
--- a/xen/arch/arm/vgic-v3-its.c
+++ b/xen/arch/arm/vgic-v3-its.c
@@ -408,6 +408,72 @@ static int update_lpi_property(struct domain *d, uint32_t vlpi,
return 0;
}
+/*
+ * For a given virtual LPI read the enabled bit and priority from the virtual
+ * property table and update the virtual IRQ's state.
+ * This takes care of removing or pushing of virtual LPIs to their VCPUs.
+ * Also check if this LPI is due to be injected and do it, if needed.
+ */
+static int update_lpi_enabled_status(struct domain *d,
+ struct vcpu *vcpu, uint32_t vlpi)
+{
+ struct pending_irq *p = d->arch.vgic.handler->lpi_to_pending(d, vlpi);
+ unsigned long flags;
+ int ret;
+
+ if ( !p )
+ return -EINVAL;
+
+ spin_lock_irqsave(&vcpu->arch.vgic.lock, flags);
+ ret = update_lpi_property(d, vlpi, p);
+ if ( ret ) {
+ spin_unlock_irqrestore(&vcpu->arch.vgic.lock, flags);
+ return ret;
+ }
+
+ if ( test_bit(GIC_IRQ_GUEST_ENABLED, &p->status) )
+ {
+ if ( !list_empty(&p->inflight) &&
+ !test_bit(GIC_IRQ_GUEST_VISIBLE, &p->status) )
+ gic_raise_guest_irq(vcpu, vlpi, p->lpi_priority);
+ spin_unlock_irqrestore(&vcpu->arch.vgic.lock, flags);
+
+ /* Check whether the LPI has fired while the guest had it disabled. */
+ if ( test_and_clear_bit(GIC_IRQ_GUEST_LPI_PENDING, &p->status) )
+ vgic_vcpu_inject_irq(vcpu, vlpi);
+ }
+ else
+ {
+ clear_bit(GIC_IRQ_GUEST_ENABLED, &p->status);
+ spin_unlock_irqrestore(&vcpu->arch.vgic.lock, flags);
+
+ gic_remove_from_queues(vcpu, vlpi);
+ }
+
+ return 0;
+}
+
+static int its_handle_inv(struct virt_its *its, uint64_t *cmdptr)
+{
+ uint32_t devid = its_cmd_get_deviceid(cmdptr);
+ uint32_t eventid = its_cmd_get_id(cmdptr);
+ struct vcpu *vcpu;
+ uint32_t vlpi;
+
+ /* Translate the event into a vCPU/vLPI pair. */
+ if ( !read_itte(its, devid, eventid, &vcpu, &vlpi) )
+ return -1;
+
+ /*
+ * Now read the property table and update our cached status. This
+ * also takes care if this LPI now needs to be injected or removed.
+ */
+ if ( update_lpi_enabled_status(its->d, vcpu, vlpi) )
+ return -1;
+
+ return 0;
+}
+
static int its_handle_mapc(struct virt_its *its, uint64_t *cmdptr)
{
uint32_t collid = its_cmd_get_collection(cmdptr);
@@ -648,6 +714,9 @@ static int vgic_its_handle_cmds(struct domain *d, struct virt_its *its)
case GITS_CMD_INT:
ret = its_handle_int(its, command);
break;
+ case GITS_CMD_INV:
+ ret = its_handle_inv(its, command);
+ break;
case GITS_CMD_MAPC:
ret = its_handle_mapc(its, command);
break;
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 34/36] ARM: vITS: handle INVALL command
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (32 preceding siblings ...)
2017-04-07 17:33 ` [PATCH v6 33/36] ARM: vITS: handle INV command Andre Przywara
@ 2017-04-07 17:33 ` Andre Przywara
2017-04-07 17:33 ` [PATCH v6 35/36] ARM: vITS: create and initialize virtual ITSes for Dom0 Andre Przywara
2017-04-07 17:33 ` [PATCH v6 36/36] ARM: vITS: create ITS subnodes for Dom0 DT Andre Przywara
35 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:33 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
The INVALL command instructs an ITS to invalidate the configuration
data for all LPIs associated with a given redistributor (read: VCPU).
This is nasty to emulate exactly with our architecture, so we just
iterate over all mapped LPIs and filter for those from that particular
VCPU.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/vgic-v3-its.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 62 insertions(+)
diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
index dccf101..ce90187 100644
--- a/xen/arch/arm/vgic-v3-its.c
+++ b/xen/arch/arm/vgic-v3-its.c
@@ -474,6 +474,65 @@ static int its_handle_inv(struct virt_its *its, uint64_t *cmdptr)
return 0;
}
+/*
+ * INVALL updates the per-LPI configuration status for every LPI mapped to
+ * a particular redistributor.
+ * We iterate over all mapped LPIs in our radix tree and update those.
+ */
+static int its_handle_invall(struct virt_its *its, uint64_t *cmdptr)
+{
+ uint32_t collid = its_cmd_get_collection(cmdptr);
+ struct vcpu *vcpu;
+ struct pending_irq *pirqs[16];
+ uint64_t vlpi = 0; /* 64-bit to catch overflows */
+ unsigned int nr_lpis, i;
+ int ret = 0;
+
+ /*
+ * As this implementation walks over all mapped LPIs, it might take
+ * too long for a real guest, so we might want to revisit this
+ * implementation for DomUs.
+ * However this command is very rare, also we don't expect many
+ * LPIs to be actually mapped, so it's fine for Dom0 to use.
+ */
+ ASSERT(is_hardware_domain(its->d));
+
+ spin_lock(&its->its_lock);
+ vcpu = get_vcpu_from_collection(its, collid);
+ spin_unlock(&its->its_lock);
+
+ read_lock(&its->d->arch.vgic.pend_lpi_tree_lock);
+
+ do
+ {
+ nr_lpis = radix_tree_gang_lookup(&its->d->arch.vgic.pend_lpi_tree,
+ (void **)pirqs, vlpi,
+ ARRAY_SIZE(pirqs));
+
+ for ( i = 0; i < nr_lpis; i++ )
+ {
+ /* We only care about LPIs on our VCPU. */
+ if ( pirqs[i]->lpi_vcpu_id != vcpu->vcpu_id )
+ continue;
+
+ vlpi = pirqs[i]->irq;
+ /* If that fails for a single LPI, carry on to handle the rest. */
+ if ( update_lpi_enabled_status(its->d, vcpu, vlpi) )
+ ret = -1;
+ }
+ /*
+ * Loop over the next gang of pending_irqs until we reached the end of
+ * a (fully populated) tree or the lookup function returns less LPIs than
+ * it has been asked for.
+ */
+ } while ( (++vlpi < its->d->arch.vgic.nr_lpis) &&
+ (nr_lpis == ARRAY_SIZE(pirqs)) );
+
+ read_unlock(&its->d->arch.vgic.pend_lpi_tree_lock);
+
+ return ret;
+}
+
static int its_handle_mapc(struct virt_its *its, uint64_t *cmdptr)
{
uint32_t collid = its_cmd_get_collection(cmdptr);
@@ -717,6 +776,9 @@ static int vgic_its_handle_cmds(struct domain *d, struct virt_its *its)
case GITS_CMD_INV:
ret = its_handle_inv(its, command);
break;
+ case GITS_CMD_INVALL:
+ ret = its_handle_invall(its, command);
+ break;
case GITS_CMD_MAPC:
ret = its_handle_mapc(its, command);
break;
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 35/36] ARM: vITS: create and initialize virtual ITSes for Dom0
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (33 preceding siblings ...)
2017-04-07 17:33 ` [PATCH v6 34/36] ARM: vITS: handle INVALL command Andre Przywara
@ 2017-04-07 17:33 ` Andre Przywara
2017-04-07 17:33 ` [PATCH v6 36/36] ARM: vITS: create ITS subnodes for Dom0 DT Andre Przywara
35 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:33 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
For each hardware ITS create and initialize a virtual ITS for Dom0.
We use the same memory mapped address to keep the doorbell working.
This introduces a function to initialize a virtual ITS.
We maintain a list of virtual ITSes, at the moment for the only
purpose of later being able to free them again.
We advertise 24 bits worth of LPIs on the guest side, using the full
32 bits seems to trigger a Linux bug (to be investigated).
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/vgic-v3-its.c | 72 ++++++++++++++++++++++++++++++++++++++++
xen/arch/arm/vgic-v3.c | 1 +
xen/include/asm-arm/gic_v3_its.h | 4 +++
3 files changed, 77 insertions(+)
diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
index ce90187..439210f 100644
--- a/xen/arch/arm/vgic-v3-its.c
+++ b/xen/arch/arm/vgic-v3-its.c
@@ -42,6 +42,7 @@
*/
struct virt_its {
struct domain *d;
+ struct list_head vits_list;
paddr_t doorbell_address;
unsigned int devid_bits;
unsigned int intid_bits;
@@ -74,14 +75,48 @@ struct vits_itte
int vgic_v3_its_init_domain(struct domain *d)
{
+ int ret;
+
+ INIT_LIST_HEAD(&d->arch.vgic.vits_list);
spin_lock_init(&d->arch.vgic.its_devices_lock);
d->arch.vgic.its_devices = RB_ROOT;
+ if ( is_hardware_domain(d) )
+ {
+ struct host_its *hw_its;
+
+ list_for_each_entry(hw_its, &host_its_list, entry)
+ {
+ /*
+ * For each host ITS create a virtual ITS using the same
+ * base and thus doorbell address.
+ * Use the same number of device ID bits as the host, and
+ * allow 24 bits for the interrupt ID.
+ */
+ ret = vgic_v3_its_init_virtual(d, hw_its->addr,
+ hw_its->devid_bits, 24);
+ if ( ret )
+ {
+ vgic_v3_its_free_domain(d);
+ return ret;
+ }
+ else
+ d->arch.vgic.has_its = true;
+ }
+ }
+
return 0;
}
void vgic_v3_its_free_domain(struct domain *d)
{
+ struct virt_its *pos, *temp;
+
+ list_for_each_entry_safe( pos, temp, &d->arch.vgic.vits_list, vits_list )
+ {
+ list_del(&pos->vits_list);
+ xfree(pos);
+ }
ASSERT(RB_EMPTY_ROOT(&d->arch.vgic.its_devices));
}
@@ -1255,6 +1290,43 @@ static const struct mmio_handler_ops vgic_its_mmio_handler = {
.write = vgic_v3_its_mmio_write,
};
+int vgic_v3_its_init_virtual(struct domain *d, paddr_t guest_addr,
+ unsigned int devid_bits, unsigned int intid_bits)
+{
+ struct virt_its *its;
+ uint64_t base_attr;
+
+ its = xzalloc(struct virt_its);
+ if ( !its )
+ return -ENOMEM;
+
+ base_attr = GIC_BASER_InnerShareable << GITS_BASER_SHAREABILITY_SHIFT;
+ base_attr |= GIC_BASER_CACHE_SameAsInner << GITS_BASER_OUTER_CACHEABILITY_SHIFT;
+ base_attr |= GIC_BASER_CACHE_RaWaWb << GITS_BASER_INNER_CACHEABILITY_SHIFT;
+
+ its->cbaser = base_attr;
+ base_attr |= 0ULL << GITS_BASER_PAGE_SIZE_SHIFT; /* 4K pages */
+ its->baser_dev = GITS_BASER_TYPE_DEVICE << GITS_BASER_TYPE_SHIFT;
+ its->baser_dev |= (sizeof(uint64_t) - 1) << GITS_BASER_ENTRY_SIZE_SHIFT;
+ its->baser_dev |= base_attr;
+ its->baser_coll = GITS_BASER_TYPE_COLLECTION << GITS_BASER_TYPE_SHIFT;
+ its->baser_coll |= (sizeof(uint16_t) - 1) << GITS_BASER_ENTRY_SIZE_SHIFT;
+ its->baser_coll |= base_attr;
+ its->d = d;
+ its->doorbell_address = guest_addr + ITS_DOORBELL_OFFSET;
+ its->devid_bits = devid_bits;
+ its->intid_bits = intid_bits;
+ spin_lock_init(&its->vcmd_lock);
+ spin_lock_init(&its->its_lock);
+
+ register_mmio_handler(d, &vgic_its_mmio_handler, guest_addr, SZ_64K, its);
+
+ /* Register the virtual ITSes to be able to clean them up later. */
+ list_add_tail(&its->vits_list, &d->arch.vgic.vits_list);
+
+ return 0;
+}
+
/*
* Local variables:
* mode: C
diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c
index 1c1d014..d381ce6 100644
--- a/xen/arch/arm/vgic-v3.c
+++ b/xen/arch/arm/vgic-v3.c
@@ -1659,6 +1659,7 @@ static int vgic_v3_domain_init(struct domain *d)
first_cpu += size / d->arch.vgic.rdist_stride;
}
+ d->arch.vgic.nr_regions = vgic_v3_hw.nr_rdist_regions;
}
else
{
diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
index cd2b527..75ce534 100644
--- a/xen/include/asm-arm/gic_v3_its.h
+++ b/xen/include/asm-arm/gic_v3_its.h
@@ -156,6 +156,10 @@ int gicv3_its_setup_collection(unsigned int cpu);
int vgic_v3_its_init_domain(struct domain *d);
void vgic_v3_its_free_domain(struct domain *d);
+/* Create and register a virtual ITS at the given guest address. */
+int vgic_v3_its_init_virtual(struct domain *d, paddr_t guest_addr,
+ unsigned int devid_bits, unsigned int intid_bits);
+
/*
* Map a device on the host by allocating an ITT on the host (ITS).
* "nr_event" specifies how many events (interrupts) this device will need.
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* [PATCH v6 36/36] ARM: vITS: create ITS subnodes for Dom0 DT
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
` (34 preceding siblings ...)
2017-04-07 17:33 ` [PATCH v6 35/36] ARM: vITS: create and initialize virtual ITSes for Dom0 Andre Przywara
@ 2017-04-07 17:33 ` Andre Przywara
35 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 17:33 UTC (permalink / raw)
To: Stefano Stabellini, Julien Grall
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Dom0 expects all ITSes in the system to be propagated to be able to
use MSIs.
Create Dom0 DT nodes for each hardware ITS, keeping the register frame
address the same, as the doorbell address that the Dom0 drivers program
into the BARs has to match the hardware.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
xen/arch/arm/gic-v3-its.c | 78 ++++++++++++++++++++++++++++++++++++++++
xen/include/asm-arm/gic_v3_its.h | 10 ++++--
2 files changed, 86 insertions(+), 2 deletions(-)
diff --git a/xen/arch/arm/gic-v3-its.c b/xen/arch/arm/gic-v3-its.c
index 768c7e5..36f45c9 100644
--- a/xen/arch/arm/gic-v3-its.c
+++ b/xen/arch/arm/gic-v3-its.c
@@ -20,6 +20,7 @@
#include <xen/lib.h>
#include <xen/delay.h>
+#include <xen/libfdt/libfdt.h>
#include <xen/mm.h>
#include <xen/rbtree.h>
#include <xen/sched.h>
@@ -897,6 +898,83 @@ int gicv3_lpi_change_vcpu(struct domain *d, paddr_t vdoorbell,
return 0;
}
+/*
+ * Create the respective guest DT nodes for a list of host ITSes.
+ * This copies the reg property, so the guest sees the ITS at the same address
+ * as the host.
+ * Giving NULL for the its_list will make it use the list of host ITSes.
+ */
+int gicv3_its_make_dt_nodes(struct list_head *its_list,
+ const struct domain *d,
+ const struct dt_device_node *gic,
+ void *fdt)
+{
+ uint32_t len;
+ int res;
+ const void *prop = NULL;
+ const struct dt_device_node *its = NULL;
+ const struct host_its *its_data;
+
+ if ( !its_list )
+ its_list = &host_its_list;
+
+ if ( list_empty(its_list) )
+ return 0;
+
+ /* The sub-nodes require the ranges property */
+ prop = dt_get_property(gic, "ranges", &len);
+ if ( !prop )
+ {
+ printk(XENLOG_ERR "Can't find ranges property for the gic node\n");
+ return -FDT_ERR_XEN(ENOENT);
+ }
+
+ res = fdt_property(fdt, "ranges", prop, len);
+ if ( res )
+ return res;
+
+ list_for_each_entry(its_data, its_list, entry)
+ {
+ its = its_data->dt_node;
+
+ res = fdt_begin_node(fdt, its->name);
+ if ( res )
+ return res;
+
+ res = fdt_property_string(fdt, "compatible", "arm,gic-v3-its");
+ if ( res )
+ return res;
+
+ res = fdt_property(fdt, "msi-controller", NULL, 0);
+ if ( res )
+ return res;
+
+ if ( its->phandle )
+ {
+ res = fdt_property_cell(fdt, "phandle", its->phandle);
+ if ( res )
+ return res;
+ }
+
+ /* Use the same reg regions as the ITS node in host DTB. */
+ prop = dt_get_property(its, "reg", &len);
+ if ( !prop )
+ {
+ printk(XENLOG_ERR "GICv3: Can't find ITS reg property.\n");
+ res = -FDT_ERR_XEN(ENOENT);
+ return res;
+ }
+
+ res = fdt_property(fdt, "reg", prop, len);
+ if ( res )
+ return res;
+
+ fdt_end_node(fdt);
+ }
+
+ return res;
+}
+
/* Scan the DT for any ITS nodes and create a list of host ITSes out of it. */
void gicv3_its_dt_init(const struct dt_device_node *node)
{
diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
index 75ce534..08a09b7 100644
--- a/xen/include/asm-arm/gic_v3_its.h
+++ b/xen/include/asm-arm/gic_v3_its.h
@@ -160,6 +160,12 @@ void vgic_v3_its_free_domain(struct domain *d);
int vgic_v3_its_init_virtual(struct domain *d, paddr_t guest_addr,
unsigned int devid_bits, unsigned int intid_bits);
+/* Given a list of ITSes, create the appropriate DT nodes for a domain. */
+int gicv3_its_make_dt_nodes(struct list_head *its_list,
+ const struct domain *d,
+ const struct dt_device_node *gic,
+ void *fdt);
+
/*
* Map a device on the host by allocating an ITT on the host (ITS).
* "nr_event" specifies how many events (interrupts) this device will need.
@@ -235,8 +241,6 @@ static inline void vgic_v3_its_free_domain(struct domain *d)
{
}
-#endif /* CONFIG_HAS_ITS */
-
static inline int gicv3_its_make_dt_nodes(struct list_head *its_list,
const struct domain *d,
const struct dt_device_node *gic,
@@ -245,6 +249,8 @@ static inline int gicv3_its_make_dt_nodes(struct list_head *its_list,
return 0;
}
+#endif /* CONFIG_HAS_ITS */
+
#endif
/*
--
2.9.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 75+ messages in thread
* Re: [PATCH v6 01/36] ARM: GICv3 ITS: parse and store ITS subnodes from hardware DT
2017-04-07 17:32 ` [PATCH v6 01/36] ARM: GICv3 ITS: parse and store ITS subnodes from hardware DT Andre Przywara
@ 2017-04-07 17:51 ` Stefano Stabellini
2017-04-07 18:02 ` Julien Grall
1 sibling, 0 replies; 75+ messages in thread
From: Stefano Stabellini @ 2017-04-07 17:51 UTC (permalink / raw)
To: Andre Przywara
Cc: xen-devel, Julien Grall, Stefano Stabellini, Vijay Kilari,
Shanker Donthineni
On Fri, 7 Apr 2017, Andre Przywara wrote:
> Parse the GIC subnodes in the device tree to find every ITS MSI controller
> the hardware offers. Store that information in a list to both propagate
> all of them later to Dom0, but also to be able to iterate over all ITSes.
> This introduces an ITS Kconfig option (as an EXPERT option), use
> XEN_CONFIG_EXPERT=y on the make command line to see and use the option.
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
> ---
> xen/arch/arm/Kconfig | 5 +++
> xen/arch/arm/Makefile | 1 +
> xen/arch/arm/gic-v3-its.c | 77 ++++++++++++++++++++++++++++++++++++++++
> xen/arch/arm/gic-v3.c | 10 +++---
> xen/include/asm-arm/gic_v3_its.h | 65 +++++++++++++++++++++++++++++++++
> 5 files changed, 154 insertions(+), 4 deletions(-)
> create mode 100644 xen/arch/arm/gic-v3-its.c
> create mode 100644 xen/include/asm-arm/gic_v3_its.h
>
> diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
> index 43123e6..d46b98c 100644
> --- a/xen/arch/arm/Kconfig
> +++ b/xen/arch/arm/Kconfig
> @@ -45,6 +45,11 @@ config ACPI
> config HAS_GICV3
> bool
>
> +config HAS_ITS
> + bool
> + prompt "GICv3 ITS MSI controller support" if EXPERT = "y"
> + depends on HAS_GICV3
> +
> endmenu
>
> menu "ARM errata workaround via the alternative framework"
> diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
> index 0ce94a8..39c0a03 100644
> --- a/xen/arch/arm/Makefile
> +++ b/xen/arch/arm/Makefile
> @@ -18,6 +18,7 @@ obj-$(EARLY_PRINTK) += early_printk.o
> obj-y += gic.o
> obj-y += gic-v2.o
> obj-$(CONFIG_HAS_GICV3) += gic-v3.o
> +obj-$(CONFIG_HAS_ITS) += gic-v3-its.o
> obj-y += guestcopy.o
> obj-y += hvm.o
> obj-y += io.o
> diff --git a/xen/arch/arm/gic-v3-its.c b/xen/arch/arm/gic-v3-its.c
> new file mode 100644
> index 0000000..6b02349
> --- /dev/null
> +++ b/xen/arch/arm/gic-v3-its.c
> @@ -0,0 +1,77 @@
> +/*
> + * xen/arch/arm/gic-v3-its.c
> + *
> + * ARM GICv3 Interrupt Translation Service (ITS) support
> + *
> + * Copyright (C) 2016,2017 - ARM Ltd
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; under version 2 of the License.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <xen/lib.h>
> +#include <asm/gic_v3_defs.h>
> +#include <asm/gic_v3_its.h>
> +
> +/*
> + * No lock here, as this list gets only populated upon boot while scanning
> + * firmware tables for all host ITSes, and only gets iterated afterwards.
> + */
> +LIST_HEAD(host_its_list);
> +
> +bool gicv3_its_host_has_its(void)
> +{
> + return !list_empty(&host_its_list);
> +}
> +
> +/* Scan the DT for any ITS nodes and create a list of host ITSes out of it. */
> +void gicv3_its_dt_init(const struct dt_device_node *node)
> +{
> + const struct dt_device_node *its = NULL;
> + struct host_its *its_data;
> +
> + /*
> + * Check for ITS MSI subnodes. If any, add the ITS register
> + * frames to the ITS list.
> + */
> + dt_for_each_child_node(node, its)
> + {
> + uint64_t addr, size;
> +
> + if ( !dt_device_is_compatible(its, "arm,gic-v3-its") )
> + continue;
> +
> + if ( dt_device_get_address(its, 0, &addr, &size) )
> + panic("GICv3: Cannot find a valid ITS frame address");
> +
> + its_data = xzalloc(struct host_its);
> + if ( !its_data )
> + panic("GICv3: Cannot allocate memory for ITS frame");
> +
> + its_data->addr = addr;
> + its_data->size = size;
> + its_data->dt_node = its;
> +
> + printk("GICv3: Found ITS @0x%lx\n", addr);
> +
> + list_add_tail(&its_data->entry, &host_its_list);
> + }
> +}
> +
> +/*
> + * Local variables:
> + * mode: C
> + * c-file-style: "BSD"
> + * c-basic-offset: 4
> + * indent-tabs-mode: nil
> + * End:
> + */
> diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
> index 695f01f..b626298 100644
> --- a/xen/arch/arm/gic-v3.c
> +++ b/xen/arch/arm/gic-v3.c
> @@ -42,6 +42,7 @@
> #include <asm/device.h>
> #include <asm/gic.h>
> #include <asm/gic_v3_defs.h>
> +#include <asm/gic_v3_its.h>
> #include <asm/cpufeature.h>
> #include <asm/acpi.h>
>
> @@ -1227,11 +1228,12 @@ static void __init gicv3_dt_init(void)
> */
> res = dt_device_get_address(node, 1 + gicv3.rdist_count,
> &cbase, &csize);
> - if ( res )
> - return;
> + if ( !res )
> + dt_device_get_address(node, 1 + gicv3.rdist_count + 2,
> + &vbase, &vsize);
>
> - dt_device_get_address(node, 1 + gicv3.rdist_count + 2,
> - &vbase, &vsize);
> + /* Check for ITS child nodes and build the host ITS list accordingly. */
> + gicv3_its_dt_init(node);
> }
>
> static int gicv3_iomem_deny_access(const struct domain *d)
> diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
> new file mode 100644
> index 0000000..721e1e2
> --- /dev/null
> +++ b/xen/include/asm-arm/gic_v3_its.h
> @@ -0,0 +1,65 @@
> +/*
> + * ARM GICv3 ITS support
> + *
> + * Andre Przywara <andre.przywara@arm.com>
> + * Copyright (c) 2016,2017 ARM Ltd.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; under version 2 of the License.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#ifndef __ASM_ARM_ITS_H__
> +#define __ASM_ARM_ITS_H__
> +
> +#include <xen/device_tree.h>
> +
> +/* data structure for each hardware ITS */
> +struct host_its {
> + struct list_head entry;
> + const struct dt_device_node *dt_node;
> + paddr_t addr;
> + paddr_t size;
> +};
> +
> +
> +#ifdef CONFIG_HAS_ITS
> +
> +extern struct list_head host_its_list;
> +
> +/* Parse the host DT and pick up all host ITSes. */
> +void gicv3_its_dt_init(const struct dt_device_node *node);
> +
> +bool gicv3_its_host_has_its(void);
> +
> +#else
> +
> +static inline void gicv3_its_dt_init(const struct dt_device_node *node)
> +{
> +}
> +
> +static inline bool gicv3_its_host_has_its(void)
> +{
> + return false;
> +}
> +
> +#endif /* CONFIG_HAS_ITS */
> +
> +#endif
> +
> +/*
> + * Local variables:
> + * mode: C
> + * c-file-style: "BSD"
> + * c-basic-offset: 4
> + * indent-tabs-mode: nil
> + * End:
> + */
> --
> 2.9.0
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 07/36] ARM: GICv3 ITS: introduce host LPI array
2017-04-07 17:32 ` [PATCH v6 07/36] ARM: GICv3 ITS: introduce host LPI array Andre Przywara
@ 2017-04-07 17:55 ` Stefano Stabellini
2017-04-07 18:08 ` Julien Grall
1 sibling, 0 replies; 75+ messages in thread
From: Stefano Stabellini @ 2017-04-07 17:55 UTC (permalink / raw)
To: Andre Przywara
Cc: xen-devel, Julien Grall, Stefano Stabellini, Vijay Kilari,
Shanker Donthineni
On Fri, 7 Apr 2017, Andre Przywara wrote:
> The number of LPIs on a host can be potentially huge (millions),
> although in practise will be mostly reasonable. So prematurely allocating
> an array of struct irq_desc's for each LPI is not an option.
> However Xen itself does not care about LPIs, as every LPI will be injected
> into a guest (Dom0 for now).
> Create a dense data structure (8 Bytes) for each LPI which holds just
> enough information to determine the virtual IRQ number and the VCPU into
> which the LPI needs to be injected.
> Also to not artificially limit the number of LPIs, we create a 2-level
> table for holding those structures.
> This patch introduces functions to initialize these tables and to
> create, lookup and destroy entries for a given LPI.
> By using the naturally atomic access guarantee the native uint64_t data
> type gives us, we allocate and access LPI information in a way that does
> not require a lock.
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
> ---
> xen/arch/arm/gic-v3-lpi.c | 230 +++++++++++++++++++++++++++++++++++++++
> xen/include/asm-arm/gic_v3_its.h | 6 +
> xen/include/asm-arm/irq.h | 8 ++
> 3 files changed, 244 insertions(+)
>
> diff --git a/xen/arch/arm/gic-v3-lpi.c b/xen/arch/arm/gic-v3-lpi.c
> index d8a4f5a..292f2d0 100644
> --- a/xen/arch/arm/gic-v3-lpi.c
> +++ b/xen/arch/arm/gic-v3-lpi.c
> @@ -20,14 +20,37 @@
>
> #include <xen/lib.h>
> #include <xen/mm.h>
> +#include <xen/sched.h>
> #include <xen/sizes.h>
> #include <xen/warning.h>
> +#include <asm/atomic.h>
> +#include <asm/domain.h>
> #include <asm/gic.h>
> #include <asm/gic_v3_defs.h>
> #include <asm/gic_v3_its.h>
> #include <asm/io.h>
> #include <asm/page.h>
>
> +/*
> + * There could be a lot of LPIs on the host side, and they always go to
> + * a guest. So having a struct irq_desc for each of them would be wasteful
> + * and useless.
> + * Instead just store enough information to find the right VCPU to inject
> + * those LPIs into, which just requires the virtual LPI number.
> + * To avoid a global lock on this data structure, this is using a lockless
> + * approach relying on the architectural atomicity of native data types:
> + * We read or write the "data" view of this union atomically, then can
> + * access the broken-down fields in our local copy.
> + */
> +union host_lpi {
> + uint64_t data;
> + struct {
> + uint32_t virt_lpi;
> + uint16_t dom_id;
> + uint16_t vcpu_id;
> + };
> +};
> +
> #define LPI_PROPTABLE_NEEDS_FLUSHING (1U << 0)
>
> /* Global state */
> @@ -35,12 +58,23 @@ static struct {
> /* The global LPI property table, shared by all redistributors. */
> uint8_t *lpi_property;
> /*
> + * A two-level table to lookup LPIs firing on the host and look up the
> + * VCPU and virtual LPI number to inject into.
> + */
> + union host_lpi **host_lpis;
> + /*
> * Number of physical LPIs the host supports. This is a property of
> * the GIC hardware. We depart from the habit of naming these things
> * "physical" in Xen, as the GICv3/4 spec uses the term "physical LPI"
> * in a different context to differentiate them from "virtual LPIs".
> */
> unsigned long int max_host_lpi_ids;
> + /*
> + * Protects allocation and deallocation of host LPIs and next_free_lpi,
> + * but not the actual data stored in the host_lpi entry.
> + */
> + spinlock_t host_lpis_lock;
> + uint32_t next_free_lpi;
> unsigned int flags;
> } lpi_data;
>
> @@ -53,6 +87,28 @@ struct lpi_redist_data {
> static DEFINE_PER_CPU(struct lpi_redist_data, lpi_redist);
>
> #define MAX_NR_HOST_LPIS (lpi_data.max_host_lpi_ids - LPI_OFFSET)
> +#define HOST_LPIS_PER_PAGE (PAGE_SIZE / sizeof(union host_lpi))
> +
> +static union host_lpi *gic_get_host_lpi(uint32_t plpi)
> +{
> + union host_lpi *block;
> +
> + if ( !is_lpi(plpi) || plpi >= MAX_NR_HOST_LPIS + LPI_OFFSET )
> + return NULL;
> +
> + ASSERT(plpi >= LPI_OFFSET);
> +
> + plpi -= LPI_OFFSET;
> +
> + block = lpi_data.host_lpis[plpi / HOST_LPIS_PER_PAGE];
> + if ( !block )
> + return NULL;
> +
> + /* Matches the write barrier in allocation code. */
> + smp_rmb();
> +
> + return &block[plpi % HOST_LPIS_PER_PAGE];
> +}
>
> /*
> * An ITS can refer to redistributors in two ways: either by an ID (possibly
> @@ -220,8 +276,18 @@ int gicv3_lpi_init_rdist(void __iomem * rdist_base)
> static unsigned int max_lpi_bits = 20;
> integer_param("max_lpi_bits", max_lpi_bits);
>
> +/*
> + * Allocate the 2nd level array for host LPIs. This one holds pointers
> + * to the page with the actual "union host_lpi" entries. Our LPI limit
> + * avoids excessive memory usage.
> + */
> int gicv3_lpi_init_host_lpis(unsigned int host_lpi_bits)
> {
> + unsigned int nr_lpi_ptrs;
> +
> + /* We rely on the data structure being atomically accessible. */
> + BUILD_BUG_ON(sizeof(union host_lpi) > sizeof(unsigned long));
> +
> /*
> * An implementation needs to support at least 14 bits of LPI IDs.
> * Tell the user about it, the actual number is reported below.
> @@ -240,11 +306,175 @@ int gicv3_lpi_init_host_lpis(unsigned int host_lpi_bits)
> if ( lpi_data.max_host_lpi_ids > BIT(24) )
> warning_add("Using high number of LPIs, limit memory usage with max_lpi_bits\n");
>
> + spin_lock_init(&lpi_data.host_lpis_lock);
> + lpi_data.next_free_lpi = 0;
> +
> + nr_lpi_ptrs = MAX_NR_HOST_LPIS / (PAGE_SIZE / sizeof(union host_lpi));
> + lpi_data.host_lpis = xzalloc_array(union host_lpi *, nr_lpi_ptrs);
> + if ( !lpi_data.host_lpis )
> + return -ENOMEM;
> +
> printk("GICv3: using at most %lu LPIs on the host.\n", MAX_NR_HOST_LPIS);
>
> return 0;
> }
>
> +static int find_unused_host_lpi(uint32_t start, uint32_t *index)
> +{
> + unsigned int chunk;
> + uint32_t i = *index;
> +
> + ASSERT(spin_is_locked(&lpi_data.host_lpis_lock));
> +
> + for ( chunk = start;
> + chunk < MAX_NR_HOST_LPIS / HOST_LPIS_PER_PAGE;
> + chunk++ )
> + {
> + /* If we hit an unallocated chunk, use entry 0 in that one. */
> + if ( !lpi_data.host_lpis[chunk] )
> + {
> + *index = 0;
> + return chunk;
> + }
> +
> + /* Find an unallocated entry in this chunk. */
> + for ( ; i < HOST_LPIS_PER_PAGE; i += LPI_BLOCK )
> + {
> + if ( lpi_data.host_lpis[chunk][i].dom_id == DOMID_INVALID )
> + {
> + *index = i;
> + return chunk;
> + }
> + }
> + i = 0;
> + }
> +
> + return -1;
> +}
> +
> +/*
> + * Allocate a block of 32 LPIs on the given host ITS for device "devid",
> + * starting with "eventid". Put them into the respective ITT by issuing a
> + * MAPTI command for each of them.
> + */
> +int gicv3_allocate_host_lpi_block(struct domain *d, uint32_t *first_lpi)
> +{
> + uint32_t lpi, lpi_idx;
> + int chunk;
> + int i;
> +
> + spin_lock(&lpi_data.host_lpis_lock);
> + lpi_idx = lpi_data.next_free_lpi % HOST_LPIS_PER_PAGE;
> + chunk = find_unused_host_lpi(lpi_data.next_free_lpi / HOST_LPIS_PER_PAGE,
> + &lpi_idx);
> +
> + if ( chunk == - 1 ) /* rescan for a hole from the beginning */
> + {
> + lpi_idx = 0;
> + chunk = find_unused_host_lpi(0, &lpi_idx);
> + if ( chunk == -1 )
> + {
> + spin_unlock(&lpi_data.host_lpis_lock);
> + return -ENOSPC;
> + }
> + }
> +
> + /* If we hit an unallocated chunk, we initialize it and use entry 0. */
> + if ( !lpi_data.host_lpis[chunk] )
> + {
> + union host_lpi *new_chunk;
> +
> + /* TODO: NUMA locality for quicker IRQ path? */
> + new_chunk = alloc_xenheap_page();
> + if ( !new_chunk )
> + {
> + spin_unlock(&lpi_data.host_lpis_lock);
> + return -ENOMEM;
> + }
> +
> + for ( i = 0; i < HOST_LPIS_PER_PAGE; i += LPI_BLOCK )
> + new_chunk[i].dom_id = DOMID_INVALID;
> +
> + /*
> + * Make sure all slots are really marked empty before publishing the
> + * new chunk.
> + */
> + smp_wmb();
> +
> + lpi_data.host_lpis[chunk] = new_chunk;
> + lpi_idx = 0;
> + }
> +
> + lpi = chunk * HOST_LPIS_PER_PAGE + lpi_idx;
> +
> + for ( i = 0; i < LPI_BLOCK; i++ )
> + {
> + union host_lpi hlpi;
> +
> + /*
> + * Mark this host LPI as belonging to the domain, but don't assign
> + * any virtual LPI or a VCPU yet.
> + */
> + hlpi.virt_lpi = INVALID_LPI;
> + hlpi.dom_id = d->domain_id;
> + hlpi.vcpu_id = INVALID_VCPU_ID;
> + write_u64_atomic(&lpi_data.host_lpis[chunk][lpi_idx + i].data,
> + hlpi.data);
> +
> + /*
> + * Enable this host LPI, so we don't have to do this during the
> + * guest's runtime.
> + */
> + lpi_data.lpi_property[lpi + i] |= LPI_PROP_ENABLED;
> + }
> +
> + lpi_data.next_free_lpi = lpi + LPI_BLOCK;
> +
> + /*
> + * We have allocated and initialized the host LPI entries, so it's safe
> + * to drop the lock now. Access to the structures can be done concurrently
> + * as it involves only an atomic uint64_t access.
> + */
> + spin_unlock(&lpi_data.host_lpis_lock);
> +
> + if ( lpi_data.flags & LPI_PROPTABLE_NEEDS_FLUSHING )
> + clean_and_invalidate_dcache_va_range(&lpi_data.lpi_property[lpi],
> + LPI_BLOCK);
> +
> + *first_lpi = lpi + LPI_OFFSET;
> +
> + return 0;
> +}
> +
> +void gicv3_free_host_lpi_block(uint32_t first_lpi)
> +{
> + union host_lpi *hlpi, empty_lpi = { .dom_id = DOMID_INVALID };
> + int i;
> +
> + /* This should only be called with the beginning of a block. */
> + ASSERT((first_lpi % LPI_BLOCK) == 0);
> +
> + hlpi = gic_get_host_lpi(first_lpi);
> + if ( !hlpi )
> + return; /* Nothing to free here. */
> +
> + spin_lock(&lpi_data.host_lpis_lock);
> +
> + for ( i = 0; i < LPI_BLOCK; i++ )
> + write_u64_atomic(&hlpi[i].data, empty_lpi.data);
> +
> + /*
> + * Make sure the next allocation can reuse this block, as we do only
> + * forward scanning when finding an unused block.
> + */
> + if ( lpi_data.next_free_lpi > first_lpi )
> + lpi_data.next_free_lpi = first_lpi;
> +
> + spin_unlock(&lpi_data.host_lpis_lock);
> +
> + return;
> +}
> +
> /*
> * Local variables:
> * mode: C
> diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
> index 13794e0..a96c9dc 100644
> --- a/xen/include/asm-arm/gic_v3_its.h
> +++ b/xen/include/asm-arm/gic_v3_its.h
> @@ -103,6 +103,9 @@
> #define HOST_ITS_FLUSH_CMD_QUEUE (1U << 0)
> #define HOST_ITS_USES_PTA (1U << 1)
>
> +/* We allocate LPIs on the hosts in chunks of 32 to reduce handling overhead. */
> +#define LPI_BLOCK 32U
> +
> /* data structure for each hardware ITS */
> struct host_its {
> struct list_head entry;
> @@ -141,6 +144,9 @@ uint64_t gicv3_get_redist_address(unsigned int cpu, bool use_pta);
> /* Map a collection for this host CPU to each host ITS. */
> int gicv3_its_setup_collection(unsigned int cpu);
>
> +int gicv3_allocate_host_lpi_block(struct domain *d, uint32_t *first_lpi);
> +void gicv3_free_host_lpi_block(uint32_t first_lpi);
> +
> #else
>
> static inline void gicv3_its_dt_init(const struct dt_device_node *node)
> diff --git a/xen/include/asm-arm/irq.h b/xen/include/asm-arm/irq.h
> index f940092..7c76626 100644
> --- a/xen/include/asm-arm/irq.h
> +++ b/xen/include/asm-arm/irq.h
> @@ -28,6 +28,9 @@ struct arch_irq_desc {
>
> #define LPI_OFFSET 8192
>
> +/* LPIs are always numbered starting at 8192, so 0 is a good invalid case. */
> +#define INVALID_LPI 0
> +
> #define nr_irqs NR_IRQS
> #define nr_static_irqs NR_IRQS
> #define arch_hwdom_irqs(domid) NR_IRQS
> @@ -41,6 +44,11 @@ struct irq_desc *__irq_to_desc(int irq);
>
> void do_IRQ(struct cpu_user_regs *regs, unsigned int irq, int is_fiq);
>
> +static inline bool is_lpi(unsigned int irq)
> +{
> + return irq >= LPI_OFFSET;
> +}
> +
> #define domain_pirq_to_irq(d, pirq) (pirq)
>
> bool_t is_assignable_irq(unsigned int irq);
> --
> 2.9.0
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 08/36] ARM: vGICv3: introduce ITS emulation stub
2017-04-07 17:32 ` [PATCH v6 08/36] ARM: vGICv3: introduce ITS emulation stub Andre Przywara
@ 2017-04-07 17:57 ` Stefano Stabellini
2017-04-07 18:09 ` Julien Grall
1 sibling, 0 replies; 75+ messages in thread
From: Stefano Stabellini @ 2017-04-07 17:57 UTC (permalink / raw)
To: Andre Przywara
Cc: xen-devel, Julien Grall, Stefano Stabellini, Vijay Kilari,
Shanker Donthineni
On Fri, 7 Apr 2017, Andre Przywara wrote:
> Create a new file to hold the emulation code for the ITS widget.
> This just holds the data structure and a init and free function for now.
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Acked-by: Stefano Stabellini <sstabellini@kernel.org>
> ---
> xen/arch/arm/Makefile | 1 +
> xen/arch/arm/vgic-v3-its.c | 86 ++++++++++++++++++++++++++++++++++++++++
> xen/arch/arm/vgic-v3.c | 8 +++-
> xen/include/asm-arm/gic_v3_its.h | 13 ++++++
> 4 files changed, 107 insertions(+), 1 deletion(-)
> create mode 100644 xen/arch/arm/vgic-v3-its.c
>
> diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
> index 6be85ab..49e1fb2 100644
> --- a/xen/arch/arm/Makefile
> +++ b/xen/arch/arm/Makefile
> @@ -47,6 +47,7 @@ obj-y += traps.o
> obj-y += vgic.o
> obj-y += vgic-v2.o
> obj-$(CONFIG_HAS_GICV3) += vgic-v3.o
> +obj-$(CONFIG_HAS_ITS) += vgic-v3-its.o
> obj-y += vm_event.o
> obj-y += vtimer.o
> obj-y += vpsci.o
> diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
> new file mode 100644
> index 0000000..2f1a255
> --- /dev/null
> +++ b/xen/arch/arm/vgic-v3-its.c
> @@ -0,0 +1,86 @@
> +/*
> + * xen/arch/arm/vgic-v3-its.c
> + *
> + * ARM Interrupt Translation Service (ITS) emulation
> + *
> + * Andre Przywara <andre.przywara@arm.com>
> + * Copyright (c) 2016,2017 ARM Ltd.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; under version 2 of the License.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <xen/bitops.h>
> +#include <xen/config.h>
> +#include <xen/domain_page.h>
> +#include <xen/lib.h>
> +#include <xen/init.h>
> +#include <xen/softirq.h>
> +#include <xen/irq.h>
> +#include <xen/sched.h>
> +#include <xen/sizes.h>
> +#include <asm/current.h>
> +#include <asm/mmio.h>
> +#include <asm/gic_v3_defs.h>
> +#include <asm/gic_v3_its.h>
> +#include <asm/vgic.h>
> +#include <asm/vgic-emul.h>
> +
> +/*
> + * Data structure to describe a virtual ITS.
> + * If both the vcmd_lock and the its_lock are required, the vcmd_lock must
> + * be taken first.
> + */
> +struct virt_its {
> + struct domain *d;
> + unsigned int devid_bits;
> + unsigned int intid_bits;
> + spinlock_t vcmd_lock; /* Protects the virtual command buffer, which */
> + uint64_t cwriter; /* consists of CWRITER and CREADR and those */
> + uint64_t creadr; /* shadow variables cwriter and creadr. */
> + /* Protects the rest of this structure, including the ITS tables. */
> + spinlock_t its_lock;
> + uint64_t cbaser;
> + uint64_t baser_dev, baser_coll; /* BASER0 and BASER1 for the guest */
> + unsigned int max_collections;
> + unsigned int max_devices;
> + bool enabled;
> +};
> +
> +/*
> + * An Interrupt Translation Table Entry: this is indexed by a
> + * DeviceID/EventID pair and is located in guest memory.
> + */
> +struct vits_itte
> +{
> + uint32_t vlpi;
> + uint16_t collection;
> + uint16_t pad;
> +};
> +
> +int vgic_v3_its_init_domain(struct domain *d)
> +{
> + return 0;
> +}
> +
> +void vgic_v3_its_free_domain(struct domain *d)
> +{
> +}
> +
> +/*
> + * Local variables:
> + * mode: C
> + * c-file-style: "BSD"
> + * c-basic-offset: 4
> + * indent-tabs-mode: nil
> + * End:
> + */
> diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c
> index 1e9890b..d10757a 100644
> --- a/xen/arch/arm/vgic-v3.c
> +++ b/xen/arch/arm/vgic-v3.c
> @@ -28,6 +28,7 @@
> #include <asm/current.h>
> #include <asm/mmio.h>
> #include <asm/gic_v3_defs.h>
> +#include <asm/gic_v3_its.h>
> #include <asm/vgic.h>
> #include <asm/vgic-emul.h>
> #include <asm/vreg.h>
> @@ -1438,7 +1439,7 @@ static inline unsigned int vgic_v3_rdist_count(struct domain *d)
> static int vgic_v3_domain_init(struct domain *d)
> {
> struct vgic_rdist_region *rdist_regions;
> - int rdist_count, i;
> + int rdist_count, i, ret;
>
> /* Allocate memory for Re-distributor regions */
> rdist_count = vgic_v3_rdist_count(d);
> @@ -1498,6 +1499,10 @@ static int vgic_v3_domain_init(struct domain *d)
> d->arch.vgic.rdist_regions[0].first_cpu = 0;
> }
>
> + ret = vgic_v3_its_init_domain(d);
> + if ( ret )
> + return ret;
> +
> /* Register mmio handle for the Distributor */
> register_mmio_handler(d, &vgic_distr_mmio_handler, d->arch.vgic.dbase,
> SZ_64K, NULL);
> @@ -1522,6 +1527,7 @@ static int vgic_v3_domain_init(struct domain *d)
>
> static void vgic_v3_domain_free(struct domain *d)
> {
> + vgic_v3_its_free_domain(d);
> xfree(d->arch.vgic.rdist_regions);
> }
>
> diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
> index a96c9dc..84d1692 100644
> --- a/xen/include/asm-arm/gic_v3_its.h
> +++ b/xen/include/asm-arm/gic_v3_its.h
> @@ -144,6 +144,10 @@ uint64_t gicv3_get_redist_address(unsigned int cpu, bool use_pta);
> /* Map a collection for this host CPU to each host ITS. */
> int gicv3_its_setup_collection(unsigned int cpu);
>
> +/* Initialize and destroy the per-domain parts of the virtual ITS support. */
> +int vgic_v3_its_init_domain(struct domain *d);
> +void vgic_v3_its_free_domain(struct domain *d);
> +
> int gicv3_allocate_host_lpi_block(struct domain *d, uint32_t *first_lpi);
> void gicv3_free_host_lpi_block(uint32_t first_lpi);
>
> @@ -184,6 +188,15 @@ static inline int gicv3_its_setup_collection(unsigned int cpu)
> BUG();
> }
>
> +static inline int vgic_v3_its_init_domain(struct domain *d)
> +{
> + return 0;
> +}
> +
> +static inline void vgic_v3_its_free_domain(struct domain *d)
> +{
> +}
> +
> #endif /* CONFIG_HAS_ITS */
>
> #endif
> --
> 2.9.0
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 01/36] ARM: GICv3 ITS: parse and store ITS subnodes from hardware DT
2017-04-07 17:32 ` [PATCH v6 01/36] ARM: GICv3 ITS: parse and store ITS subnodes from hardware DT Andre Przywara
2017-04-07 17:51 ` Stefano Stabellini
@ 2017-04-07 18:02 ` Julien Grall
1 sibling, 0 replies; 75+ messages in thread
From: Julien Grall @ 2017-04-07 18:02 UTC (permalink / raw)
To: Andre Przywara, Stefano Stabellini
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Hi Andre,
On 07/04/17 18:32, Andre Przywara wrote:
> Parse the GIC subnodes in the device tree to find every ITS MSI controller
> the hardware offers. Store that information in a list to both propagate
> all of them later to Dom0, but also to be able to iterate over all ITSes.
> This introduces an ITS Kconfig option (as an EXPERT option), use
> XEN_CONFIG_EXPERT=y on the make command line to see and use the option.
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Julien Grall <julien.grall@arm.com>
Cheers,
> ---
> xen/arch/arm/Kconfig | 5 +++
> xen/arch/arm/Makefile | 1 +
> xen/arch/arm/gic-v3-its.c | 77 ++++++++++++++++++++++++++++++++++++++++
> xen/arch/arm/gic-v3.c | 10 +++---
> xen/include/asm-arm/gic_v3_its.h | 65 +++++++++++++++++++++++++++++++++
> 5 files changed, 154 insertions(+), 4 deletions(-)
> create mode 100644 xen/arch/arm/gic-v3-its.c
> create mode 100644 xen/include/asm-arm/gic_v3_its.h
>
> diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
> index 43123e6..d46b98c 100644
> --- a/xen/arch/arm/Kconfig
> +++ b/xen/arch/arm/Kconfig
> @@ -45,6 +45,11 @@ config ACPI
> config HAS_GICV3
> bool
>
> +config HAS_ITS
> + bool
> + prompt "GICv3 ITS MSI controller support" if EXPERT = "y"
> + depends on HAS_GICV3
> +
> endmenu
>
> menu "ARM errata workaround via the alternative framework"
> diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
> index 0ce94a8..39c0a03 100644
> --- a/xen/arch/arm/Makefile
> +++ b/xen/arch/arm/Makefile
> @@ -18,6 +18,7 @@ obj-$(EARLY_PRINTK) += early_printk.o
> obj-y += gic.o
> obj-y += gic-v2.o
> obj-$(CONFIG_HAS_GICV3) += gic-v3.o
> +obj-$(CONFIG_HAS_ITS) += gic-v3-its.o
> obj-y += guestcopy.o
> obj-y += hvm.o
> obj-y += io.o
> diff --git a/xen/arch/arm/gic-v3-its.c b/xen/arch/arm/gic-v3-its.c
> new file mode 100644
> index 0000000..6b02349
> --- /dev/null
> +++ b/xen/arch/arm/gic-v3-its.c
> @@ -0,0 +1,77 @@
> +/*
> + * xen/arch/arm/gic-v3-its.c
> + *
> + * ARM GICv3 Interrupt Translation Service (ITS) support
> + *
> + * Copyright (C) 2016,2017 - ARM Ltd
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; under version 2 of the License.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <xen/lib.h>
> +#include <asm/gic_v3_defs.h>
> +#include <asm/gic_v3_its.h>
> +
> +/*
> + * No lock here, as this list gets only populated upon boot while scanning
> + * firmware tables for all host ITSes, and only gets iterated afterwards.
> + */
> +LIST_HEAD(host_its_list);
> +
> +bool gicv3_its_host_has_its(void)
> +{
> + return !list_empty(&host_its_list);
> +}
> +
> +/* Scan the DT for any ITS nodes and create a list of host ITSes out of it. */
> +void gicv3_its_dt_init(const struct dt_device_node *node)
> +{
> + const struct dt_device_node *its = NULL;
> + struct host_its *its_data;
> +
> + /*
> + * Check for ITS MSI subnodes. If any, add the ITS register
> + * frames to the ITS list.
> + */
> + dt_for_each_child_node(node, its)
> + {
> + uint64_t addr, size;
> +
> + if ( !dt_device_is_compatible(its, "arm,gic-v3-its") )
> + continue;
> +
> + if ( dt_device_get_address(its, 0, &addr, &size) )
> + panic("GICv3: Cannot find a valid ITS frame address");
> +
> + its_data = xzalloc(struct host_its);
> + if ( !its_data )
> + panic("GICv3: Cannot allocate memory for ITS frame");
> +
> + its_data->addr = addr;
> + its_data->size = size;
> + its_data->dt_node = its;
> +
> + printk("GICv3: Found ITS @0x%lx\n", addr);
> +
> + list_add_tail(&its_data->entry, &host_its_list);
> + }
> +}
> +
> +/*
> + * Local variables:
> + * mode: C
> + * c-file-style: "BSD"
> + * c-basic-offset: 4
> + * indent-tabs-mode: nil
> + * End:
> + */
> diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
> index 695f01f..b626298 100644
> --- a/xen/arch/arm/gic-v3.c
> +++ b/xen/arch/arm/gic-v3.c
> @@ -42,6 +42,7 @@
> #include <asm/device.h>
> #include <asm/gic.h>
> #include <asm/gic_v3_defs.h>
> +#include <asm/gic_v3_its.h>
> #include <asm/cpufeature.h>
> #include <asm/acpi.h>
>
> @@ -1227,11 +1228,12 @@ static void __init gicv3_dt_init(void)
> */
> res = dt_device_get_address(node, 1 + gicv3.rdist_count,
> &cbase, &csize);
> - if ( res )
> - return;
> + if ( !res )
> + dt_device_get_address(node, 1 + gicv3.rdist_count + 2,
> + &vbase, &vsize);
>
> - dt_device_get_address(node, 1 + gicv3.rdist_count + 2,
> - &vbase, &vsize);
> + /* Check for ITS child nodes and build the host ITS list accordingly. */
> + gicv3_its_dt_init(node);
> }
>
> static int gicv3_iomem_deny_access(const struct domain *d)
> diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
> new file mode 100644
> index 0000000..721e1e2
> --- /dev/null
> +++ b/xen/include/asm-arm/gic_v3_its.h
> @@ -0,0 +1,65 @@
> +/*
> + * ARM GICv3 ITS support
> + *
> + * Andre Przywara <andre.przywara@arm.com>
> + * Copyright (c) 2016,2017 ARM Ltd.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; under version 2 of the License.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#ifndef __ASM_ARM_ITS_H__
> +#define __ASM_ARM_ITS_H__
> +
> +#include <xen/device_tree.h>
> +
> +/* data structure for each hardware ITS */
> +struct host_its {
> + struct list_head entry;
> + const struct dt_device_node *dt_node;
> + paddr_t addr;
> + paddr_t size;
> +};
> +
> +
> +#ifdef CONFIG_HAS_ITS
> +
> +extern struct list_head host_its_list;
> +
> +/* Parse the host DT and pick up all host ITSes. */
> +void gicv3_its_dt_init(const struct dt_device_node *node);
> +
> +bool gicv3_its_host_has_its(void);
> +
> +#else
> +
> +static inline void gicv3_its_dt_init(const struct dt_device_node *node)
> +{
> +}
> +
> +static inline bool gicv3_its_host_has_its(void)
> +{
> + return false;
> +}
> +
> +#endif /* CONFIG_HAS_ITS */
> +
> +#endif
> +
> +/*
> + * Local variables:
> + * mode: C
> + * c-file-style: "BSD"
> + * c-basic-offset: 4
> + * indent-tabs-mode: nil
> + * End:
> + */
>
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 03/36] ARM: GICv3: allocate LPI pending and property table
2017-04-07 17:32 ` [PATCH v6 03/36] ARM: GICv3: allocate LPI pending and property table Andre Przywara
@ 2017-04-07 18:04 ` Julien Grall
0 siblings, 0 replies; 75+ messages in thread
From: Julien Grall @ 2017-04-07 18:04 UTC (permalink / raw)
To: Andre Przywara, Stefano Stabellini
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Hi Andre,
On 07/04/17 18:32, Andre Przywara wrote:
> The ARM GICv3 provides a new kind of interrupt called LPIs.
> The pending bits and the configuration data (priority, enable bits) for
> those LPIs are stored in tables in normal memory, which software has to
> provide to the hardware.
> Allocate the required memory, initialize it and hand it over to each
> redistributor. The maximum number of LPIs to be used can be adjusted with
> the command line option "max_lpi_bits", which defaults to 20 bits,
> covering about one million LPIs.
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Julien Grall <julien.grall@arm.com>
Cheers,
> ---
> docs/misc/xen-command-line.markdown | 9 ++
> xen/arch/arm/Makefile | 1 +
> xen/arch/arm/gic-v3-lpi.c | 227 ++++++++++++++++++++++++++++++++++++
> xen/arch/arm/gic-v3.c | 17 +++
> xen/include/asm-arm/gic_v3_defs.h | 52 +++++++++
> xen/include/asm-arm/gic_v3_its.h | 15 ++-
> xen/include/asm-arm/irq.h | 8 ++
> 7 files changed, 328 insertions(+), 1 deletion(-)
> create mode 100644 xen/arch/arm/gic-v3-lpi.c
>
> diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
> index 4c8fe2f..450b222 100644
> --- a/docs/misc/xen-command-line.markdown
> +++ b/docs/misc/xen-command-line.markdown
> @@ -1172,6 +1172,15 @@ based interrupts. Any higher IRQs will be available for use via PCI MSI.
> ### maxcpus
> > `= <integer>`
>
> +### max\_lpi\_bits
> +> `= <integer>`
> +
> +Specifies the number of ARM GICv3 LPI interrupts to allocate on the host,
> +presented as the number of bits needed to encode it. This must be at least
> +14 and not exceed 32, and each LPI requires one byte (configuration) and
> +one pending bit to be allocated.
> +Defaults to 20 bits (to cover at most 1048576 interrupts).
> +
> ### mce
> > `= <integer>`
>
> diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
> index 39c0a03..6be85ab 100644
> --- a/xen/arch/arm/Makefile
> +++ b/xen/arch/arm/Makefile
> @@ -19,6 +19,7 @@ obj-y += gic.o
> obj-y += gic-v2.o
> obj-$(CONFIG_HAS_GICV3) += gic-v3.o
> obj-$(CONFIG_HAS_ITS) += gic-v3-its.o
> +obj-$(CONFIG_HAS_ITS) += gic-v3-lpi.o
> obj-y += guestcopy.o
> obj-y += hvm.o
> obj-y += io.o
> diff --git a/xen/arch/arm/gic-v3-lpi.c b/xen/arch/arm/gic-v3-lpi.c
> new file mode 100644
> index 0000000..27e9bf5
> --- /dev/null
> +++ b/xen/arch/arm/gic-v3-lpi.c
> @@ -0,0 +1,227 @@
> +/*
> + * xen/arch/arm/gic-v3-lpi.c
> + *
> + * ARM GICv3 Locality-specific Peripheral Interrupts (LPI) support
> + *
> + * Copyright (C) 2016,2017 - ARM Ltd
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; under version 2 of the License.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <xen/lib.h>
> +#include <xen/mm.h>
> +#include <xen/sizes.h>
> +#include <xen/warning.h>
> +#include <asm/gic.h>
> +#include <asm/gic_v3_defs.h>
> +#include <asm/gic_v3_its.h>
> +#include <asm/io.h>
> +#include <asm/page.h>
> +
> +#define LPI_PROPTABLE_NEEDS_FLUSHING (1U << 0)
> +
> +/* Global state */
> +static struct {
> + /* The global LPI property table, shared by all redistributors. */
> + uint8_t *lpi_property;
> + /*
> + * Number of physical LPIs the host supports. This is a property of
> + * the GIC hardware. We depart from the habit of naming these things
> + * "physical" in Xen, as the GICv3/4 spec uses the term "physical LPI"
> + * in a different context to differentiate them from "virtual LPIs".
> + */
> + unsigned long int max_host_lpi_ids;
> + unsigned int flags;
> +} lpi_data;
> +
> +struct lpi_redist_data {
> + void *pending_table;
> +};
> +
> +static DEFINE_PER_CPU(struct lpi_redist_data, lpi_redist);
> +
> +#define MAX_NR_HOST_LPIS (lpi_data.max_host_lpi_ids - LPI_OFFSET)
> +
> +static int gicv3_lpi_allocate_pendtable(uint64_t *reg)
> +{
> + uint64_t val;
> + void *pendtable;
> +
> + if ( this_cpu(lpi_redist).pending_table )
> + return -EBUSY;
> +
> + val = GIC_BASER_CACHE_RaWaWb << GICR_PENDBASER_INNER_CACHEABILITY_SHIFT;
> + val |= GIC_BASER_CACHE_SameAsInner << GICR_PENDBASER_OUTER_CACHEABILITY_SHIFT;
> + val |= GIC_BASER_InnerShareable << GICR_PENDBASER_SHAREABILITY_SHIFT;
> +
> + /*
> + * The pending table holds one bit per LPI and even covers bits for
> + * interrupt IDs below 8192, so we allocate the full range.
> + * The GICv3 imposes a 64KB alignment requirement, also requires
> + * physically contiguous memory.
> + */
> + pendtable = _xzalloc(lpi_data.max_host_lpi_ids / 8, SZ_64K);
> + if ( !pendtable )
> + return -ENOMEM;
> +
> + /* Make sure the physical address can be encoded in the register. */
> + if ( virt_to_maddr(pendtable) & ~GENMASK(51, 16) )
> + {
> + xfree(pendtable);
> + return -ERANGE;
> + }
> + clean_and_invalidate_dcache_va_range(pendtable,
> + lpi_data.max_host_lpi_ids / 8);
> +
> + this_cpu(lpi_redist).pending_table = pendtable;
> +
> + val |= GICR_PENDBASER_PTZ;
> +
> + val |= virt_to_maddr(pendtable);
> +
> + *reg = val;
> +
> + return 0;
> +}
> +
> +/*
> + * Tell a redistributor about the (shared) property table, allocating one
> + * if not already done.
> + */
> +static int gicv3_lpi_set_proptable(void __iomem * rdist_base)
> +{
> + uint64_t reg;
> +
> + reg = GIC_BASER_CACHE_RaWaWb << GICR_PROPBASER_INNER_CACHEABILITY_SHIFT;
> + reg |= GIC_BASER_CACHE_SameAsInner << GICR_PROPBASER_OUTER_CACHEABILITY_SHIFT;
> + reg |= GIC_BASER_InnerShareable << GICR_PROPBASER_SHAREABILITY_SHIFT;
> +
> + /*
> + * The property table is shared across all redistributors, so allocate
> + * this only once, but return the same value on subsequent calls.
> + */
> + if ( !lpi_data.lpi_property )
> + {
> + /* The property table holds one byte per LPI. */
> + void *table = _xmalloc(lpi_data.max_host_lpi_ids, SZ_4K);
> +
> + if ( !table )
> + return -ENOMEM;
> +
> + /* Make sure the physical address can be encoded in the register. */
> + if ( (virt_to_maddr(table) & ~GENMASK(51, 12)) )
> + {
> + xfree(table);
> + return -ERANGE;
> + }
> + memset(table, GIC_PRI_IRQ | LPI_PROP_RES1, MAX_NR_HOST_LPIS);
> + clean_and_invalidate_dcache_va_range(table, MAX_NR_HOST_LPIS);
> + lpi_data.lpi_property = table;
> + }
> +
> + /* Encode the number of bits needed, minus one */
> + reg |= fls(lpi_data.max_host_lpi_ids - 1) - 1;
> +
> + reg |= virt_to_maddr(lpi_data.lpi_property);
> +
> + writeq_relaxed(reg, rdist_base + GICR_PROPBASER);
> + reg = readq_relaxed(rdist_base + GICR_PROPBASER);
> +
> + /* If we can't do shareable, we have to drop cacheability as well. */
> + if ( !(reg & GICR_PROPBASER_SHAREABILITY_MASK) )
> + {
> + reg &= ~GICR_PROPBASER_INNER_CACHEABILITY_MASK;
> + reg |= GIC_BASER_CACHE_nC << GICR_PROPBASER_INNER_CACHEABILITY_SHIFT;
> + }
> +
> + /* Remember that we have to flush the property table if non-cacheable. */
> + if ( (reg & GICR_PROPBASER_INNER_CACHEABILITY_MASK) <= GIC_BASER_CACHE_nC )
> + {
> + lpi_data.flags |= LPI_PROPTABLE_NEEDS_FLUSHING;
> + /* Update the redistributors knowledge about the attributes. */
> + writeq_relaxed(reg, rdist_base + GICR_PROPBASER);
> + }
> +
> + return 0;
> +}
> +
> +int gicv3_lpi_init_rdist(void __iomem * rdist_base)
> +{
> + uint32_t reg;
> + uint64_t table_reg;
> + int ret;
> +
> + /* We don't support LPIs without an ITS. */
> + if ( !gicv3_its_host_has_its() )
> + return -ENODEV;
> +
> + /* Make sure LPIs are disabled before setting up the tables. */
> + reg = readl_relaxed(rdist_base + GICR_CTLR);
> + if ( reg & GICR_CTLR_ENABLE_LPIS )
> + return -EBUSY;
> +
> + ret = gicv3_lpi_allocate_pendtable(&table_reg);
> + if ( ret )
> + return ret;
> + writeq_relaxed(table_reg, rdist_base + GICR_PENDBASER);
> + table_reg = readq_relaxed(rdist_base + GICR_PENDBASER);
> +
> + /* If the hardware reports non-shareable, drop cacheability as well. */
> + if ( !(table_reg & GICR_PENDBASER_SHAREABILITY_MASK) )
> + {
> + table_reg &= GICR_PENDBASER_SHAREABILITY_MASK;
> + table_reg &= GICR_PENDBASER_INNER_CACHEABILITY_MASK;
> + table_reg |= GIC_BASER_CACHE_nC << GICR_PENDBASER_INNER_CACHEABILITY_SHIFT;
> +
> + writeq_relaxed(table_reg, rdist_base + GICR_PENDBASER);
> + }
> +
> + return gicv3_lpi_set_proptable(rdist_base);
> +}
> +
> +static unsigned int max_lpi_bits = 20;
> +integer_param("max_lpi_bits", max_lpi_bits);
> +
> +int gicv3_lpi_init_host_lpis(unsigned int host_lpi_bits)
> +{
> + /*
> + * An implementation needs to support at least 14 bits of LPI IDs.
> + * Tell the user about it, the actual number is reported below.
> + */
> + if ( max_lpi_bits < 14 || max_lpi_bits > 32 )
> + printk(XENLOG_WARNING "WARNING: max_lpi_bits must be between 14 and 32, adjusting.\n");
> +
> + max_lpi_bits = max(max_lpi_bits, 14U);
> + lpi_data.max_host_lpi_ids = BIT(min(host_lpi_bits, max_lpi_bits));
> +
> + /*
> + * Warn if the number of LPIs are quite high, as the user might not want
> + * to waste megabytes of memory for a mostly empty table.
> + * It's very unlikely that we need more than 24 bits worth of LPIs.
> + */
> + if ( lpi_data.max_host_lpi_ids > BIT(24) )
> + warning_add("Using high number of LPIs, limit memory usage with max_lpi_bits\n");
> +
> + printk("GICv3: using at most %lu LPIs on the host.\n", MAX_NR_HOST_LPIS);
> +
> + return 0;
> +}
> +
> +/*
> + * Local variables:
> + * mode: C
> + * c-file-style: "BSD"
> + * c-basic-offset: 4
> + * indent-tabs-mode: nil
> + * End:
> + */
> diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
> index d3d5784..54d2235 100644
> --- a/xen/arch/arm/gic-v3.c
> +++ b/xen/arch/arm/gic-v3.c
> @@ -547,6 +547,9 @@ static void __init gicv3_dist_init(void)
> type = readl_relaxed(GICD + GICD_TYPER);
> nr_lines = 32 * ((type & GICD_TYPE_LINES) + 1);
>
> + if ( type & GICD_TYPE_LPIS )
> + gicv3_lpi_init_host_lpis(GICD_TYPE_ID_BITS(type));
> +
> printk("GICv3: %d lines, (IID %8.8x).\n",
> nr_lines, readl_relaxed(GICD + GICD_IIDR));
>
> @@ -659,6 +662,20 @@ static int __init gicv3_populate_rdist(void)
> if ( (typer >> 32) == aff )
> {
> this_cpu(rbase) = ptr;
> +
> + if ( typer & GICR_TYPER_PLPIS )
> + {
> + int ret;
> +
> + ret = gicv3_lpi_init_rdist(ptr);
> + if ( ret && ret != -ENODEV )
> + {
> + printk("GICv3: CPU%d: Cannot initialize LPIs: %u\n",
> + smp_processor_id(), ret);
> + break;
> + }
> + }
> +
> printk("GICv3: CPU%d: Found redistributor in region %d @%p\n",
> smp_processor_id(), i, ptr);
> return 0;
> diff --git a/xen/include/asm-arm/gic_v3_defs.h b/xen/include/asm-arm/gic_v3_defs.h
> index 6bd25a5..2792ffd 100644
> --- a/xen/include/asm-arm/gic_v3_defs.h
> +++ b/xen/include/asm-arm/gic_v3_defs.h
> @@ -45,6 +45,9 @@
>
> /* Additional bits in GICD_TYPER defined by GICv3 */
> #define GICD_TYPE_ID_BITS_SHIFT 19
> +#define GICD_TYPE_ID_BITS(r) ((((r) >> GICD_TYPE_ID_BITS_SHIFT) & 0x1f) + 1)
> +
> +#define GICD_TYPE_LPIS (1U << 17)
>
> #define GICD_CTLR_RWP (1UL << 31)
> #define GICD_CTLR_ARE_NS (1U << 4)
> @@ -95,12 +98,61 @@
> #define GICR_IGRPMODR0 (0x0D00)
> #define GICR_NSACR (0x0E00)
>
> +#define GICR_CTLR_ENABLE_LPIS (1U << 0)
> +
> #define GICR_TYPER_PLPIS (1U << 0)
> #define GICR_TYPER_VLPIS (1U << 1)
> #define GICR_TYPER_LAST (1U << 4)
>
> +/* For specifying the inner cacheability type only */
> +#define GIC_BASER_CACHE_nCnB 0ULL
> +/* For specifying the outer cacheability type only */
> +#define GIC_BASER_CACHE_SameAsInner 0ULL
> +#define GIC_BASER_CACHE_nC 1ULL
> +#define GIC_BASER_CACHE_RaWt 2ULL
> +#define GIC_BASER_CACHE_RaWb 3ULL
> +#define GIC_BASER_CACHE_WaWt 4ULL
> +#define GIC_BASER_CACHE_WaWb 5ULL
> +#define GIC_BASER_CACHE_RaWaWt 6ULL
> +#define GIC_BASER_CACHE_RaWaWb 7ULL
> +#define GIC_BASER_CACHE_MASK 7ULL
> +
> +#define GIC_BASER_NonShareable 0ULL
> +#define GIC_BASER_InnerShareable 1ULL
> +#define GIC_BASER_OuterShareable 2ULL
> +
> +#define GICR_PROPBASER_OUTER_CACHEABILITY_SHIFT 56
> +#define GICR_PROPBASER_OUTER_CACHEABILITY_MASK \
> + (7UL << GICR_PROPBASER_OUTER_CACHEABILITY_SHIFT)
> +#define GICR_PROPBASER_SHAREABILITY_SHIFT 10
> +#define GICR_PROPBASER_SHAREABILITY_MASK \
> + (3UL << GICR_PROPBASER_SHAREABILITY_SHIFT)
> +#define GICR_PROPBASER_INNER_CACHEABILITY_SHIFT 7
> +#define GICR_PROPBASER_INNER_CACHEABILITY_MASK \
> + (7UL << GICR_PROPBASER_INNER_CACHEABILITY_SHIFT)
> +#define GICR_PROPBASER_RES0_MASK \
> + (GENMASK(63, 59) | GENMASK(55, 52) | GENMASK(6, 5))
> +
> +#define GICR_PENDBASER_SHAREABILITY_SHIFT 10
> +#define GICR_PENDBASER_INNER_CACHEABILITY_SHIFT 7
> +#define GICR_PENDBASER_OUTER_CACHEABILITY_SHIFT 56
> +#define GICR_PENDBASER_SHAREABILITY_MASK \
> + (3UL << GICR_PENDBASER_SHAREABILITY_SHIFT)
> +#define GICR_PENDBASER_INNER_CACHEABILITY_MASK \
> + (7UL << GICR_PENDBASER_INNER_CACHEABILITY_SHIFT)
> +#define GICR_PENDBASER_OUTER_CACHEABILITY_MASK \
> + (7UL << GICR_PENDBASER_OUTER_CACHEABILITY_SHIFT)
> +#define GICR_PENDBASER_PTZ BIT(62)
> +#define GICR_PENDBASER_RES0_MASK \
> + (BIT(63) | GENMASK(61, 59) | GENMASK(55, 52) | \
> + GENMASK(15, 12) | GENMASK(6, 0))
> +
> #define DEFAULT_PMR_VALUE 0xff
>
> +#define LPI_PROP_PRIO_MASK 0xfc
> +#define LPI_PROP_RES1 (1 << 1)
> +#define LPI_PROP_ENABLED (1 << 0)
> +
> #define GICH_VMCR_EOI (1 << 9)
> #define GICH_VMCR_VENG1 (1 << 1)
>
> diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
> index 880904d..d1382c1 100644
> --- a/xen/include/asm-arm/gic_v3_its.h
> +++ b/xen/include/asm-arm/gic_v3_its.h
> @@ -76,7 +76,10 @@ void gicv3_its_dt_init(const struct dt_device_node *node);
>
> bool gicv3_its_host_has_its(void);
>
> -/* Initialize the host structures for the host ITSes. */
> +int gicv3_lpi_init_rdist(void __iomem * rdist_base);
> +
> +/* Initialize the host structures for LPIs and the host ITSes. */
> +int gicv3_lpi_init_host_lpis(unsigned int host_lpi_bits);
> int gicv3_its_init(void);
>
> #else
> @@ -90,6 +93,16 @@ static inline bool gicv3_its_host_has_its(void)
> return false;
> }
>
> +static inline int gicv3_lpi_init_rdist(void __iomem * rdist_base)
> +{
> + return -ENODEV;
> +}
> +
> +static inline int gicv3_lpi_init_host_lpis(unsigned int host_lpi_bits)
> +{
> + return 0;
> +}
> +
> static inline int gicv3_its_init(void)
> {
> return 0;
> diff --git a/xen/include/asm-arm/irq.h b/xen/include/asm-arm/irq.h
> index 4849f16..f940092 100644
> --- a/xen/include/asm-arm/irq.h
> +++ b/xen/include/asm-arm/irq.h
> @@ -18,8 +18,16 @@ struct arch_irq_desc {
> };
>
> #define NR_LOCAL_IRQS 32
> +
> +/*
> + * This only covers the interrupts that Xen cares about, so SGIs, PPIs and
> + * SPIs. LPIs are too numerous, also only propagated to guests, so they are
> + * not included in this number.
> + */
> #define NR_IRQS 1024
>
> +#define LPI_OFFSET 8192
> +
> #define nr_irqs NR_IRQS
> #define nr_static_irqs NR_IRQS
> #define arch_hwdom_irqs(domid) NR_IRQS
>
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 07/36] ARM: GICv3 ITS: introduce host LPI array
2017-04-07 17:32 ` [PATCH v6 07/36] ARM: GICv3 ITS: introduce host LPI array Andre Przywara
2017-04-07 17:55 ` Stefano Stabellini
@ 2017-04-07 18:08 ` Julien Grall
1 sibling, 0 replies; 75+ messages in thread
From: Julien Grall @ 2017-04-07 18:08 UTC (permalink / raw)
To: Andre Przywara, Stefano Stabellini
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Hi Andre,
On 07/04/17 18:32, Andre Przywara wrote:
> The number of LPIs on a host can be potentially huge (millions),
> although in practise will be mostly reasonable. So prematurely allocating
> an array of struct irq_desc's for each LPI is not an option.
> However Xen itself does not care about LPIs, as every LPI will be injected
> into a guest (Dom0 for now).
> Create a dense data structure (8 Bytes) for each LPI which holds just
> enough information to determine the virtual IRQ number and the VCPU into
> which the LPI needs to be injected.
> Also to not artificially limit the number of LPIs, we create a 2-level
> table for holding those structures.
> This patch introduces functions to initialize these tables and to
> create, lookup and destroy entries for a given LPI.
> By using the naturally atomic access guarantee the native uint64_t data
> type gives us, we allocate and access LPI information in a way that does
> not require a lock.
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Julien Grall <julien.grall@arm.com>
Cheers,
> ---
> xen/arch/arm/gic-v3-lpi.c | 230 +++++++++++++++++++++++++++++++++++++++
> xen/include/asm-arm/gic_v3_its.h | 6 +
> xen/include/asm-arm/irq.h | 8 ++
> 3 files changed, 244 insertions(+)
>
> diff --git a/xen/arch/arm/gic-v3-lpi.c b/xen/arch/arm/gic-v3-lpi.c
> index d8a4f5a..292f2d0 100644
> --- a/xen/arch/arm/gic-v3-lpi.c
> +++ b/xen/arch/arm/gic-v3-lpi.c
> @@ -20,14 +20,37 @@
>
> #include <xen/lib.h>
> #include <xen/mm.h>
> +#include <xen/sched.h>
> #include <xen/sizes.h>
> #include <xen/warning.h>
> +#include <asm/atomic.h>
> +#include <asm/domain.h>
> #include <asm/gic.h>
> #include <asm/gic_v3_defs.h>
> #include <asm/gic_v3_its.h>
> #include <asm/io.h>
> #include <asm/page.h>
>
> +/*
> + * There could be a lot of LPIs on the host side, and they always go to
> + * a guest. So having a struct irq_desc for each of them would be wasteful
> + * and useless.
> + * Instead just store enough information to find the right VCPU to inject
> + * those LPIs into, which just requires the virtual LPI number.
> + * To avoid a global lock on this data structure, this is using a lockless
> + * approach relying on the architectural atomicity of native data types:
> + * We read or write the "data" view of this union atomically, then can
> + * access the broken-down fields in our local copy.
> + */
> +union host_lpi {
> + uint64_t data;
> + struct {
> + uint32_t virt_lpi;
> + uint16_t dom_id;
> + uint16_t vcpu_id;
> + };
> +};
> +
> #define LPI_PROPTABLE_NEEDS_FLUSHING (1U << 0)
>
> /* Global state */
> @@ -35,12 +58,23 @@ static struct {
> /* The global LPI property table, shared by all redistributors. */
> uint8_t *lpi_property;
> /*
> + * A two-level table to lookup LPIs firing on the host and look up the
> + * VCPU and virtual LPI number to inject into.
> + */
> + union host_lpi **host_lpis;
> + /*
> * Number of physical LPIs the host supports. This is a property of
> * the GIC hardware. We depart from the habit of naming these things
> * "physical" in Xen, as the GICv3/4 spec uses the term "physical LPI"
> * in a different context to differentiate them from "virtual LPIs".
> */
> unsigned long int max_host_lpi_ids;
> + /*
> + * Protects allocation and deallocation of host LPIs and next_free_lpi,
> + * but not the actual data stored in the host_lpi entry.
> + */
> + spinlock_t host_lpis_lock;
> + uint32_t next_free_lpi;
> unsigned int flags;
> } lpi_data;
>
> @@ -53,6 +87,28 @@ struct lpi_redist_data {
> static DEFINE_PER_CPU(struct lpi_redist_data, lpi_redist);
>
> #define MAX_NR_HOST_LPIS (lpi_data.max_host_lpi_ids - LPI_OFFSET)
> +#define HOST_LPIS_PER_PAGE (PAGE_SIZE / sizeof(union host_lpi))
> +
> +static union host_lpi *gic_get_host_lpi(uint32_t plpi)
> +{
> + union host_lpi *block;
> +
> + if ( !is_lpi(plpi) || plpi >= MAX_NR_HOST_LPIS + LPI_OFFSET )
> + return NULL;
> +
> + ASSERT(plpi >= LPI_OFFSET);
> +
> + plpi -= LPI_OFFSET;
> +
> + block = lpi_data.host_lpis[plpi / HOST_LPIS_PER_PAGE];
> + if ( !block )
> + return NULL;
> +
> + /* Matches the write barrier in allocation code. */
> + smp_rmb();
> +
> + return &block[plpi % HOST_LPIS_PER_PAGE];
> +}
>
> /*
> * An ITS can refer to redistributors in two ways: either by an ID (possibly
> @@ -220,8 +276,18 @@ int gicv3_lpi_init_rdist(void __iomem * rdist_base)
> static unsigned int max_lpi_bits = 20;
> integer_param("max_lpi_bits", max_lpi_bits);
>
> +/*
> + * Allocate the 2nd level array for host LPIs. This one holds pointers
> + * to the page with the actual "union host_lpi" entries. Our LPI limit
> + * avoids excessive memory usage.
> + */
> int gicv3_lpi_init_host_lpis(unsigned int host_lpi_bits)
> {
> + unsigned int nr_lpi_ptrs;
> +
> + /* We rely on the data structure being atomically accessible. */
> + BUILD_BUG_ON(sizeof(union host_lpi) > sizeof(unsigned long));
> +
> /*
> * An implementation needs to support at least 14 bits of LPI IDs.
> * Tell the user about it, the actual number is reported below.
> @@ -240,11 +306,175 @@ int gicv3_lpi_init_host_lpis(unsigned int host_lpi_bits)
> if ( lpi_data.max_host_lpi_ids > BIT(24) )
> warning_add("Using high number of LPIs, limit memory usage with max_lpi_bits\n");
>
> + spin_lock_init(&lpi_data.host_lpis_lock);
> + lpi_data.next_free_lpi = 0;
> +
> + nr_lpi_ptrs = MAX_NR_HOST_LPIS / (PAGE_SIZE / sizeof(union host_lpi));
> + lpi_data.host_lpis = xzalloc_array(union host_lpi *, nr_lpi_ptrs);
> + if ( !lpi_data.host_lpis )
> + return -ENOMEM;
> +
> printk("GICv3: using at most %lu LPIs on the host.\n", MAX_NR_HOST_LPIS);
>
> return 0;
> }
>
> +static int find_unused_host_lpi(uint32_t start, uint32_t *index)
> +{
> + unsigned int chunk;
> + uint32_t i = *index;
> +
> + ASSERT(spin_is_locked(&lpi_data.host_lpis_lock));
> +
> + for ( chunk = start;
> + chunk < MAX_NR_HOST_LPIS / HOST_LPIS_PER_PAGE;
> + chunk++ )
> + {
> + /* If we hit an unallocated chunk, use entry 0 in that one. */
> + if ( !lpi_data.host_lpis[chunk] )
> + {
> + *index = 0;
> + return chunk;
> + }
> +
> + /* Find an unallocated entry in this chunk. */
> + for ( ; i < HOST_LPIS_PER_PAGE; i += LPI_BLOCK )
> + {
> + if ( lpi_data.host_lpis[chunk][i].dom_id == DOMID_INVALID )
> + {
> + *index = i;
> + return chunk;
> + }
> + }
> + i = 0;
> + }
> +
> + return -1;
> +}
> +
> +/*
> + * Allocate a block of 32 LPIs on the given host ITS for device "devid",
> + * starting with "eventid". Put them into the respective ITT by issuing a
> + * MAPTI command for each of them.
> + */
> +int gicv3_allocate_host_lpi_block(struct domain *d, uint32_t *first_lpi)
> +{
> + uint32_t lpi, lpi_idx;
> + int chunk;
> + int i;
> +
> + spin_lock(&lpi_data.host_lpis_lock);
> + lpi_idx = lpi_data.next_free_lpi % HOST_LPIS_PER_PAGE;
> + chunk = find_unused_host_lpi(lpi_data.next_free_lpi / HOST_LPIS_PER_PAGE,
> + &lpi_idx);
> +
> + if ( chunk == - 1 ) /* rescan for a hole from the beginning */
> + {
> + lpi_idx = 0;
> + chunk = find_unused_host_lpi(0, &lpi_idx);
> + if ( chunk == -1 )
> + {
> + spin_unlock(&lpi_data.host_lpis_lock);
> + return -ENOSPC;
> + }
> + }
> +
> + /* If we hit an unallocated chunk, we initialize it and use entry 0. */
> + if ( !lpi_data.host_lpis[chunk] )
> + {
> + union host_lpi *new_chunk;
> +
> + /* TODO: NUMA locality for quicker IRQ path? */
> + new_chunk = alloc_xenheap_page();
> + if ( !new_chunk )
> + {
> + spin_unlock(&lpi_data.host_lpis_lock);
> + return -ENOMEM;
> + }
> +
> + for ( i = 0; i < HOST_LPIS_PER_PAGE; i += LPI_BLOCK )
> + new_chunk[i].dom_id = DOMID_INVALID;
> +
> + /*
> + * Make sure all slots are really marked empty before publishing the
> + * new chunk.
> + */
> + smp_wmb();
> +
> + lpi_data.host_lpis[chunk] = new_chunk;
> + lpi_idx = 0;
> + }
> +
> + lpi = chunk * HOST_LPIS_PER_PAGE + lpi_idx;
> +
> + for ( i = 0; i < LPI_BLOCK; i++ )
> + {
> + union host_lpi hlpi;
> +
> + /*
> + * Mark this host LPI as belonging to the domain, but don't assign
> + * any virtual LPI or a VCPU yet.
> + */
> + hlpi.virt_lpi = INVALID_LPI;
> + hlpi.dom_id = d->domain_id;
> + hlpi.vcpu_id = INVALID_VCPU_ID;
> + write_u64_atomic(&lpi_data.host_lpis[chunk][lpi_idx + i].data,
> + hlpi.data);
> +
> + /*
> + * Enable this host LPI, so we don't have to do this during the
> + * guest's runtime.
> + */
> + lpi_data.lpi_property[lpi + i] |= LPI_PROP_ENABLED;
> + }
> +
> + lpi_data.next_free_lpi = lpi + LPI_BLOCK;
> +
> + /*
> + * We have allocated and initialized the host LPI entries, so it's safe
> + * to drop the lock now. Access to the structures can be done concurrently
> + * as it involves only an atomic uint64_t access.
> + */
> + spin_unlock(&lpi_data.host_lpis_lock);
> +
> + if ( lpi_data.flags & LPI_PROPTABLE_NEEDS_FLUSHING )
> + clean_and_invalidate_dcache_va_range(&lpi_data.lpi_property[lpi],
> + LPI_BLOCK);
> +
> + *first_lpi = lpi + LPI_OFFSET;
> +
> + return 0;
> +}
> +
> +void gicv3_free_host_lpi_block(uint32_t first_lpi)
> +{
> + union host_lpi *hlpi, empty_lpi = { .dom_id = DOMID_INVALID };
> + int i;
> +
> + /* This should only be called with the beginning of a block. */
> + ASSERT((first_lpi % LPI_BLOCK) == 0);
> +
> + hlpi = gic_get_host_lpi(first_lpi);
> + if ( !hlpi )
> + return; /* Nothing to free here. */
> +
> + spin_lock(&lpi_data.host_lpis_lock);
> +
> + for ( i = 0; i < LPI_BLOCK; i++ )
> + write_u64_atomic(&hlpi[i].data, empty_lpi.data);
> +
> + /*
> + * Make sure the next allocation can reuse this block, as we do only
> + * forward scanning when finding an unused block.
> + */
> + if ( lpi_data.next_free_lpi > first_lpi )
> + lpi_data.next_free_lpi = first_lpi;
> +
> + spin_unlock(&lpi_data.host_lpis_lock);
> +
> + return;
> +}
> +
> /*
> * Local variables:
> * mode: C
> diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
> index 13794e0..a96c9dc 100644
> --- a/xen/include/asm-arm/gic_v3_its.h
> +++ b/xen/include/asm-arm/gic_v3_its.h
> @@ -103,6 +103,9 @@
> #define HOST_ITS_FLUSH_CMD_QUEUE (1U << 0)
> #define HOST_ITS_USES_PTA (1U << 1)
>
> +/* We allocate LPIs on the hosts in chunks of 32 to reduce handling overhead. */
> +#define LPI_BLOCK 32U
> +
> /* data structure for each hardware ITS */
> struct host_its {
> struct list_head entry;
> @@ -141,6 +144,9 @@ uint64_t gicv3_get_redist_address(unsigned int cpu, bool use_pta);
> /* Map a collection for this host CPU to each host ITS. */
> int gicv3_its_setup_collection(unsigned int cpu);
>
> +int gicv3_allocate_host_lpi_block(struct domain *d, uint32_t *first_lpi);
> +void gicv3_free_host_lpi_block(uint32_t first_lpi);
> +
> #else
>
> static inline void gicv3_its_dt_init(const struct dt_device_node *node)
> diff --git a/xen/include/asm-arm/irq.h b/xen/include/asm-arm/irq.h
> index f940092..7c76626 100644
> --- a/xen/include/asm-arm/irq.h
> +++ b/xen/include/asm-arm/irq.h
> @@ -28,6 +28,9 @@ struct arch_irq_desc {
>
> #define LPI_OFFSET 8192
>
> +/* LPIs are always numbered starting at 8192, so 0 is a good invalid case. */
> +#define INVALID_LPI 0
> +
> #define nr_irqs NR_IRQS
> #define nr_static_irqs NR_IRQS
> #define arch_hwdom_irqs(domid) NR_IRQS
> @@ -41,6 +44,11 @@ struct irq_desc *__irq_to_desc(int irq);
>
> void do_IRQ(struct cpu_user_regs *regs, unsigned int irq, int is_fiq);
>
> +static inline bool is_lpi(unsigned int irq)
> +{
> + return irq >= LPI_OFFSET;
> +}
> +
> #define domain_pirq_to_irq(d, pirq) (pirq)
>
> bool_t is_assignable_irq(unsigned int irq);
>
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 08/36] ARM: vGICv3: introduce ITS emulation stub
2017-04-07 17:32 ` [PATCH v6 08/36] ARM: vGICv3: introduce ITS emulation stub Andre Przywara
2017-04-07 17:57 ` Stefano Stabellini
@ 2017-04-07 18:09 ` Julien Grall
1 sibling, 0 replies; 75+ messages in thread
From: Julien Grall @ 2017-04-07 18:09 UTC (permalink / raw)
To: Andre Przywara, Stefano Stabellini
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Hi Andre,
On 07/04/17 18:32, Andre Przywara wrote:
> Create a new file to hold the emulation code for the ITS widget.
> This just holds the data structure and a init and free function for now.
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Acked-by: Julien Grall <julien.grall@arm.com>
Cheers,
> ---
> xen/arch/arm/Makefile | 1 +
> xen/arch/arm/vgic-v3-its.c | 86 ++++++++++++++++++++++++++++++++++++++++
> xen/arch/arm/vgic-v3.c | 8 +++-
> xen/include/asm-arm/gic_v3_its.h | 13 ++++++
> 4 files changed, 107 insertions(+), 1 deletion(-)
> create mode 100644 xen/arch/arm/vgic-v3-its.c
>
> diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
> index 6be85ab..49e1fb2 100644
> --- a/xen/arch/arm/Makefile
> +++ b/xen/arch/arm/Makefile
> @@ -47,6 +47,7 @@ obj-y += traps.o
> obj-y += vgic.o
> obj-y += vgic-v2.o
> obj-$(CONFIG_HAS_GICV3) += vgic-v3.o
> +obj-$(CONFIG_HAS_ITS) += vgic-v3-its.o
> obj-y += vm_event.o
> obj-y += vtimer.o
> obj-y += vpsci.o
> diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
> new file mode 100644
> index 0000000..2f1a255
> --- /dev/null
> +++ b/xen/arch/arm/vgic-v3-its.c
> @@ -0,0 +1,86 @@
> +/*
> + * xen/arch/arm/vgic-v3-its.c
> + *
> + * ARM Interrupt Translation Service (ITS) emulation
> + *
> + * Andre Przywara <andre.przywara@arm.com>
> + * Copyright (c) 2016,2017 ARM Ltd.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; under version 2 of the License.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <xen/bitops.h>
> +#include <xen/config.h>
> +#include <xen/domain_page.h>
> +#include <xen/lib.h>
> +#include <xen/init.h>
> +#include <xen/softirq.h>
> +#include <xen/irq.h>
> +#include <xen/sched.h>
> +#include <xen/sizes.h>
> +#include <asm/current.h>
> +#include <asm/mmio.h>
> +#include <asm/gic_v3_defs.h>
> +#include <asm/gic_v3_its.h>
> +#include <asm/vgic.h>
> +#include <asm/vgic-emul.h>
> +
> +/*
> + * Data structure to describe a virtual ITS.
> + * If both the vcmd_lock and the its_lock are required, the vcmd_lock must
> + * be taken first.
> + */
> +struct virt_its {
> + struct domain *d;
> + unsigned int devid_bits;
> + unsigned int intid_bits;
> + spinlock_t vcmd_lock; /* Protects the virtual command buffer, which */
> + uint64_t cwriter; /* consists of CWRITER and CREADR and those */
> + uint64_t creadr; /* shadow variables cwriter and creadr. */
> + /* Protects the rest of this structure, including the ITS tables. */
> + spinlock_t its_lock;
> + uint64_t cbaser;
> + uint64_t baser_dev, baser_coll; /* BASER0 and BASER1 for the guest */
> + unsigned int max_collections;
> + unsigned int max_devices;
> + bool enabled;
> +};
> +
> +/*
> + * An Interrupt Translation Table Entry: this is indexed by a
> + * DeviceID/EventID pair and is located in guest memory.
> + */
> +struct vits_itte
> +{
> + uint32_t vlpi;
> + uint16_t collection;
> + uint16_t pad;
> +};
> +
> +int vgic_v3_its_init_domain(struct domain *d)
> +{
> + return 0;
> +}
> +
> +void vgic_v3_its_free_domain(struct domain *d)
> +{
> +}
> +
> +/*
> + * Local variables:
> + * mode: C
> + * c-file-style: "BSD"
> + * c-basic-offset: 4
> + * indent-tabs-mode: nil
> + * End:
> + */
> diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c
> index 1e9890b..d10757a 100644
> --- a/xen/arch/arm/vgic-v3.c
> +++ b/xen/arch/arm/vgic-v3.c
> @@ -28,6 +28,7 @@
> #include <asm/current.h>
> #include <asm/mmio.h>
> #include <asm/gic_v3_defs.h>
> +#include <asm/gic_v3_its.h>
> #include <asm/vgic.h>
> #include <asm/vgic-emul.h>
> #include <asm/vreg.h>
> @@ -1438,7 +1439,7 @@ static inline unsigned int vgic_v3_rdist_count(struct domain *d)
> static int vgic_v3_domain_init(struct domain *d)
> {
> struct vgic_rdist_region *rdist_regions;
> - int rdist_count, i;
> + int rdist_count, i, ret;
>
> /* Allocate memory for Re-distributor regions */
> rdist_count = vgic_v3_rdist_count(d);
> @@ -1498,6 +1499,10 @@ static int vgic_v3_domain_init(struct domain *d)
> d->arch.vgic.rdist_regions[0].first_cpu = 0;
> }
>
> + ret = vgic_v3_its_init_domain(d);
> + if ( ret )
> + return ret;
> +
> /* Register mmio handle for the Distributor */
> register_mmio_handler(d, &vgic_distr_mmio_handler, d->arch.vgic.dbase,
> SZ_64K, NULL);
> @@ -1522,6 +1527,7 @@ static int vgic_v3_domain_init(struct domain *d)
>
> static void vgic_v3_domain_free(struct domain *d)
> {
> + vgic_v3_its_free_domain(d);
> xfree(d->arch.vgic.rdist_regions);
> }
>
> diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
> index a96c9dc..84d1692 100644
> --- a/xen/include/asm-arm/gic_v3_its.h
> +++ b/xen/include/asm-arm/gic_v3_its.h
> @@ -144,6 +144,10 @@ uint64_t gicv3_get_redist_address(unsigned int cpu, bool use_pta);
> /* Map a collection for this host CPU to each host ITS. */
> int gicv3_its_setup_collection(unsigned int cpu);
>
> +/* Initialize and destroy the per-domain parts of the virtual ITS support. */
> +int vgic_v3_its_init_domain(struct domain *d);
> +void vgic_v3_its_free_domain(struct domain *d);
> +
> int gicv3_allocate_host_lpi_block(struct domain *d, uint32_t *first_lpi);
> void gicv3_free_host_lpi_block(uint32_t first_lpi);
>
> @@ -184,6 +188,15 @@ static inline int gicv3_its_setup_collection(unsigned int cpu)
> BUG();
> }
>
> +static inline int vgic_v3_its_init_domain(struct domain *d)
> +{
> + return 0;
> +}
> +
> +static inline void vgic_v3_its_free_domain(struct domain *d)
> +{
> +}
> +
> #endif /* CONFIG_HAS_ITS */
>
> #endif
>
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 09/36] ARM: GICv3 ITS: introduce device mapping
2017-04-07 17:32 ` [PATCH v6 09/36] ARM: GICv3 ITS: introduce device mapping Andre Przywara
@ 2017-04-07 18:21 ` Stefano Stabellini
2017-04-07 19:21 ` Andre Przywara
2017-04-07 18:21 ` Julien Grall
1 sibling, 1 reply; 75+ messages in thread
From: Stefano Stabellini @ 2017-04-07 18:21 UTC (permalink / raw)
To: Andre Przywara
Cc: xen-devel, Julien Grall, Stefano Stabellini, Vijay Kilari,
Shanker Donthineni
On Fri, 7 Apr 2017, Andre Przywara wrote:
> The ITS uses device IDs to map LPIs to a device. Dom0 will later use
> those IDs, which we directly pass on to the host.
> For this we have to map each device that Dom0 may request to a host
> ITS device with the same identifier.
> Allocate the respective memory and enter each device into an rbtree to
> later be able to iterate over it or to easily teardown guests.
> Because device IDs are per ITS, we need to identify a virtual ITS. We
> use the doorbell address for that purpose, as it is a nice architectural
> MSI property and spares us handling with opaque pointer or break
> the VGIC abstraction.
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> ---
> xen/arch/arm/gic-v3-its.c | 345 +++++++++++++++++++++++++++++++++++++++
> xen/arch/arm/vgic-v3-its.c | 4 +
> xen/include/asm-arm/domain.h | 3 +
> xen/include/asm-arm/gic_v3_its.h | 13 ++
> 4 files changed, 365 insertions(+)
>
> diff --git a/xen/arch/arm/gic-v3-its.c b/xen/arch/arm/gic-v3-its.c
> index 0164b96..1951ec8 100644
> --- a/xen/arch/arm/gic-v3-its.c
> +++ b/xen/arch/arm/gic-v3-its.c
> @@ -21,6 +21,8 @@
> #include <xen/lib.h>
> #include <xen/delay.h>
> #include <xen/mm.h>
> +#include <xen/rbtree.h>
> +#include <xen/sched.h>
> #include <xen/sizes.h>
> #include <asm/gic.h>
> #include <asm/gic_v3_defs.h>
> @@ -36,6 +38,26 @@
> */
> LIST_HEAD(host_its_list);
>
> +/*
> + * Describes a device which is using the ITS and is used by a guest.
> + * Since device IDs are per ITS (in contrast to vLPIs, which are per
> + * guest), we have to differentiate between different virtual ITSes.
> + * We use the doorbell address here, since this is a nice architectural
> + * property of MSIs in general and we can easily get to the base address
> + * of the ITS and look that up.
> + */
> +struct its_device {
> + struct rb_node rbnode;
> + struct host_its *hw_its;
> + void *itt_addr;
> + paddr_t guest_doorbell; /* Identifies the virtual ITS */
> + uint32_t host_devid;
> + uint32_t guest_devid;
> + uint32_t eventids; /* Number of event IDs (MSIs) */
> + uint32_t *host_lpi_blocks; /* Which LPIs are used on the host */
> + struct pending_irq *pend_irqs; /* One struct per event */
> +};
> +
> bool gicv3_its_host_has_its(void)
> {
> return !list_empty(&host_its_list);
> @@ -157,6 +179,20 @@ static int its_send_cmd_sync(struct host_its *its, unsigned int cpu)
> return its_send_command(its, cmd);
> }
>
> +static int its_send_cmd_mapti(struct host_its *its,
> + uint32_t deviceid, uint32_t eventid,
> + uint32_t pintid, uint16_t icid)
> +{
> + uint64_t cmd[4];
> +
> + cmd[0] = GITS_CMD_MAPTI | ((uint64_t)deviceid << 32);
> + cmd[1] = eventid | ((uint64_t)pintid << 32);
> + cmd[2] = icid;
> + cmd[3] = 0x00;
> +
> + return its_send_command(its, cmd);
> +}
> +
> static int its_send_cmd_mapc(struct host_its *its, uint32_t collection_id,
> unsigned int cpu)
> {
> @@ -171,6 +207,43 @@ static int its_send_cmd_mapc(struct host_its *its, uint32_t collection_id,
> return its_send_command(its, cmd);
> }
>
> +static int its_send_cmd_mapd(struct host_its *its, uint32_t deviceid,
> + uint8_t size_bits, paddr_t itt_addr, bool valid)
> +{
> + uint64_t cmd[4];
> +
> + if ( valid )
> + {
> + ASSERT(size_bits <= its->evid_bits);
> + ASSERT(size_bits > 0);
> + ASSERT(!(itt_addr & ~GENMASK(51, 8)));
> +
> + /* The number of events is encoded as "number of bits minus one". */
> + size_bits--;
> + }
> + cmd[0] = GITS_CMD_MAPD | ((uint64_t)deviceid << 32);
> + cmd[1] = size_bits;
> + cmd[2] = itt_addr;
> + if ( valid )
> + cmd[2] |= GITS_VALID_BIT;
> + cmd[3] = 0x00;
> +
> + return its_send_command(its, cmd);
> +}
> +
> +static int its_send_cmd_inv(struct host_its *its,
> + uint32_t deviceid, uint32_t eventid)
> +{
> + uint64_t cmd[4];
> +
> + cmd[0] = GITS_CMD_INV | ((uint64_t)deviceid << 32);
> + cmd[1] = eventid;
> + cmd[2] = 0x00;
> + cmd[3] = 0x00;
> +
> + return its_send_command(its, cmd);
> +}
> +
> /* Set up the (1:1) collection mapping for the given host CPU. */
> int gicv3_its_setup_collection(unsigned int cpu)
> {
> @@ -450,6 +523,278 @@ int gicv3_its_init(void)
> return 0;
> }
>
> +/*
> + * TODO: Investiage the interaction when a guest removes a device while
> + * some LPIs are still in flight.
> + */
> +static int remove_mapped_guest_device(struct its_device *dev)
> +{
> + int ret = 0;
> + unsigned int i;
> +
> + if ( dev->hw_its )
> + /* MAPD also discards all events with this device ID. */
> + ret = its_send_cmd_mapd(dev->hw_its, dev->host_devid, 0, 0, false);
> +
> + for ( i = 0; i < dev->eventids / LPI_BLOCK; i++ )
> + gicv3_free_host_lpi_block(dev->host_lpi_blocks[i]);
> +
> + /* Make sure the MAPD command above is really executed. */
> + if ( !ret )
> + ret = gicv3_its_wait_commands(dev->hw_its);
> +
> + /* This should never happen, but just in case ... */
> + if ( ret && printk_ratelimit() )
> + printk(XENLOG_WARNING "Can't unmap host ITS device 0x%x\n",
> + dev->host_devid);
> +
> + xfree(dev->itt_addr);
> + xfree(dev->pend_irqs);
> + xfree(dev->host_lpi_blocks);
> + xfree(dev);
> +
> + return 0;
> +}
> +
> +static struct host_its *gicv3_its_find_by_doorbell(paddr_t doorbell_address)
> +{
> + struct host_its *hw_its;
> +
> + list_for_each_entry(hw_its, &host_its_list, entry)
> + {
> + if ( hw_its->addr + ITS_DOORBELL_OFFSET == doorbell_address )
> + return hw_its;
> + }
> +
> + return NULL;
> +}
> +
> +static int compare_its_guest_devices(struct its_device *dev,
> + paddr_t vdoorbell, uint32_t vdevid)
> +{
> + if ( dev->guest_doorbell < vdoorbell )
> + return -1;
> +
> + if ( dev->guest_doorbell > vdoorbell )
> + return 1;
> +
> + if ( dev->guest_devid < vdevid )
> + return -1;
> +
> + if ( dev->guest_devid > vdevid )
> + return 1;
> +
> + return 0;
> +}
> +
> +/*
> + * On the host ITS @its, map @nr_events consecutive LPIs.
> + * The mapping connects a device @devid and event @eventid pair to LPI @lpi,
> + * increasing both @eventid and @lpi to cover the number of requested LPIs.
> + */
> +static int gicv3_its_map_host_events(struct host_its *its,
> + uint32_t devid, uint32_t eventid,
> + uint32_t lpi, uint32_t nr_events)
> +{
> + uint32_t i;
> + int ret;
> +
> + for ( i = 0; i < nr_events; i++ )
> + {
> + /* For now we map every host LPI to host CPU 0 */
> + ret = its_send_cmd_mapti(its, devid, eventid + i, lpi + i, 0);
> + if ( ret )
> + return ret;
> +
> + ret = its_send_cmd_inv(its, devid, eventid + i);
> + if ( ret )
> + return ret;
> + }
> +
> + /* TODO: Consider using INVALL here. Didn't work on the model, though. */
> +
> + ret = its_send_cmd_sync(its, 0);
> + if ( ret )
> + return ret;
> +
> + return gicv3_its_wait_commands(its);
> +}
> +
> +/*
> + * Map a hardware device, identified by a certain host ITS and its device ID
> + * to domain d, a guest ITS (identified by its doorbell address) and device ID.
> + * Also provide the number of events (MSIs) needed for that device.
> + * This does not check if this particular hardware device is already mapped
> + * at another domain, it is expected that this would be done by the caller.
> + */
> +int gicv3_its_map_guest_device(struct domain *d,
> + paddr_t host_doorbell, uint32_t host_devid,
> + paddr_t guest_doorbell, uint32_t guest_devid,
> + uint64_t nr_events, bool valid)
> +{
> + void *itt_addr = NULL;
> + struct host_its *hw_its;
> + struct its_device *dev = NULL;
> + struct rb_node **new = &d->arch.vgic.its_devices.rb_node, *parent = NULL;
> + int i, ret = -ENOENT; /* "i" must be signed to check for >= 0 below. */
> +
> + hw_its = gicv3_its_find_by_doorbell(host_doorbell);
> + if ( !hw_its )
> + return ret;
> +
> + /* Sanitise the provided hardware values against the host ITS. */
> + if ( host_devid >= BIT(hw_its->devid_bits) )
> + return -EINVAL;
> +
> + /*
> + * The ITS requires the number of events to be a power of 2. We allocate
> + * events and LPIs in chunks of LPI_BLOCK (=32), so make sure we
> + * allocate at least that many.
> + * TODO: Investigate if the number of events can be limited to smaller
> + * values if the guest does not require that many.
> + */
> + nr_events = BIT(fls(nr_events - 1));
> + if ( nr_events < LPI_BLOCK )
> + nr_events = LPI_BLOCK;
> + if ( nr_events >= BIT(hw_its->evid_bits) )
> + return -EINVAL;
> +
> + /* check for already existing mappings */
> + spin_lock(&d->arch.vgic.its_devices_lock);
> + while ( *new )
> + {
> + struct its_device *temp;
> + int cmp;
> +
> + temp = rb_entry(*new, struct its_device, rbnode);
> +
> + parent = *new;
> + cmp = compare_its_guest_devices(temp, guest_doorbell, guest_devid);
> + if ( !cmp )
> + {
> + if ( !valid )
> + rb_erase(&temp->rbnode, &d->arch.vgic.its_devices);
> +
> + spin_unlock(&d->arch.vgic.its_devices_lock);
> +
> + if ( valid )
> + {
> + printk(XENLOG_G_WARNING "d%d tried to remap guest ITS device 0x%x to host device 0x%x\n",
> + d->domain_id, guest_devid, host_devid);
> + return -EBUSY;
> + }
> +
> + return remove_mapped_guest_device(temp);
> + }
> +
> + if ( cmp > 0 )
> + new = &((*new)->rb_left);
> + else
> + new = &((*new)->rb_right);
> + }
> +
> + if ( !valid )
> + goto out_unlock;
> +
> + ret = -ENOMEM;
> +
> + /* An Interrupt Translation Table needs to be 256-byte aligned. */
> + itt_addr = _xzalloc(nr_events * hw_its->itte_size, 256);
> + if ( !itt_addr )
> + goto out_unlock;
> +
> + dev = xzalloc(struct its_device);
> + if ( !dev )
> + goto out_unlock;
> +
> + /*
> + * Allocate the pending_irqs for each virtual LPI. They will be put
> + * into the domain's radix tree upon the guest's MAPTI command.
> + * Pre-allocating memory for each *possible* LPI would be using way
> + * too much memory (they can be sparsely used by the guest), also
> + * allocating them on demand requires memory allocation in the interrupt
> + * injection code path, which is not really desired.
> + * So we compromise here by pre-allocating memory for each *mapped* LPI.
> + * See the mailing list discussion for some background:
> + * https://lists.xen.org/archives/html/xen-devel/2017-03/msg03645.html
I don't mean to be picky, but I don't think this comment is entirely
accurate: a "mapped LPI" should be an LPI for which MAPTI has been
called, but actually here we are allocating pending_irq struct for every
possible event specified by MAPD. Am I right?
I would rephrase the last sentence to:
So we compromise here by pre-allocating memory for each possible event
up to the max specified by MAPD.
With this comment fixed, you can add my reviewed-by.
> + */
> + dev->pend_irqs = xzalloc_array(struct pending_irq, nr_events);
> + if ( !dev->pend_irqs )
> + goto out_unlock;
> +
> + dev->host_lpi_blocks = xzalloc_array(uint32_t, nr_events);
> + if ( !dev->host_lpi_blocks )
> + goto out_unlock;
> +
> + ret = its_send_cmd_mapd(hw_its, host_devid, fls(nr_events - 1),
> + virt_to_maddr(itt_addr), true);
> + if ( ret )
> + goto out_unlock;
> +
> + dev->itt_addr = itt_addr;
> + dev->hw_its = hw_its;
> + dev->guest_doorbell = guest_doorbell;
> + dev->guest_devid = guest_devid;
> + dev->host_devid = host_devid;
> + dev->eventids = nr_events;
> +
> + rb_link_node(&dev->rbnode, parent, new);
> + rb_insert_color(&dev->rbnode, &d->arch.vgic.its_devices);
> +
> + spin_unlock(&d->arch.vgic.its_devices_lock);
> +
> + /*
> + * Map all host LPIs within this device already. We can't afford to queue
> + * any host ITS commands later on during the guest's runtime.
> + */
> + for ( i = 0; i < nr_events / LPI_BLOCK; i++ )
> + {
> + ret = gicv3_allocate_host_lpi_block(d, &dev->host_lpi_blocks[i]);
> + if ( ret < 0 )
> + break;
> +
> + ret = gicv3_its_map_host_events(hw_its, host_devid, i * LPI_BLOCK,
> + dev->host_lpi_blocks[i], LPI_BLOCK);
> + if ( ret < 0 )
> + break;
> + }
> +
> + if ( ret )
> + {
> + /* Clean up all allocated host LPI blocks. */
> + for ( ; i >= 0; i-- )
> + {
> + if ( dev->host_lpi_blocks[i] )
> + gicv3_free_host_lpi_block(dev->host_lpi_blocks[i]);
> + }
> +
> + /*
> + * Unmapping the device will discard all LPIs mapped so far.
> + * We are already on the failing path, so no error checking to
> + * not mask the original error value. This should never fail anyway.
> + */
> + its_send_cmd_mapd(hw_its, host_devid, 0, 0, false);
> +
> + goto out;
> + }
> +
> + return 0;
> +
> +out_unlock:
> + spin_unlock(&d->arch.vgic.its_devices_lock);
> +
> +out:
> + if ( dev )
> + {
> + xfree(dev->pend_irqs);
> + xfree(dev->host_lpi_blocks);
> + }
> + xfree(itt_addr);
> + xfree(dev);
> +
> + return ret;
> +}
> +
> /* Scan the DT for any ITS nodes and create a list of host ITSes out of it. */
> void gicv3_its_dt_init(const struct dt_device_node *node)
> {
> diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
> index 2f1a255..065ffe2 100644
> --- a/xen/arch/arm/vgic-v3-its.c
> +++ b/xen/arch/arm/vgic-v3-its.c
> @@ -69,11 +69,15 @@ struct vits_itte
>
> int vgic_v3_its_init_domain(struct domain *d)
> {
> + spin_lock_init(&d->arch.vgic.its_devices_lock);
> + d->arch.vgic.its_devices = RB_ROOT;
> +
> return 0;
> }
>
> void vgic_v3_its_free_domain(struct domain *d)
> {
> + ASSERT(RB_EMPTY_ROOT(&d->arch.vgic.its_devices));
> }
>
> /*
> diff --git a/xen/include/asm-arm/domain.h b/xen/include/asm-arm/domain.h
> index 68185e2..6de8082 100644
> --- a/xen/include/asm-arm/domain.h
> +++ b/xen/include/asm-arm/domain.h
> @@ -10,6 +10,7 @@
> #include <asm/gic.h>
> #include <public/hvm/params.h>
> #include <xen/serial.h>
> +#include <xen/rbtree.h>
>
> struct hvm_domain
> {
> @@ -108,6 +109,8 @@ struct arch_domain
> } *rdist_regions;
> int nr_regions; /* Number of rdist regions */
> uint32_t rdist_stride; /* Re-Distributor stride */
> + struct rb_root its_devices; /* Devices mapped to an ITS */
> + spinlock_t its_devices_lock; /* Protects the its_devices tree */
> #endif
> } vgic;
>
> diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
> index 84d1692..29559a3 100644
> --- a/xen/include/asm-arm/gic_v3_its.h
> +++ b/xen/include/asm-arm/gic_v3_its.h
> @@ -98,7 +98,10 @@
> #define GITS_CMD_MOVALL 0x0e
> #define GITS_CMD_DISCARD 0x0f
>
> +#define ITS_DOORBELL_OFFSET 0x10040
> +
> #include <xen/device_tree.h>
> +#include <xen/rbtree.h>
>
> #define HOST_ITS_FLUSH_CMD_QUEUE (1U << 0)
> #define HOST_ITS_USES_PTA (1U << 1)
> @@ -148,6 +151,16 @@ int gicv3_its_setup_collection(unsigned int cpu);
> int vgic_v3_its_init_domain(struct domain *d);
> void vgic_v3_its_free_domain(struct domain *d);
>
> +/*
> + * Map a device on the host by allocating an ITT on the host (ITS).
> + * "nr_event" specifies how many events (interrupts) this device will need.
> + * Setting "valid" to false deallocates the device.
> + */
> +int gicv3_its_map_guest_device(struct domain *d,
> + paddr_t host_doorbell, uint32_t host_devid,
> + paddr_t guest_doorbell, uint32_t guest_devid,
> + uint64_t nr_events, bool valid);
> +
> int gicv3_allocate_host_lpi_block(struct domain *d, uint32_t *first_lpi);
> void gicv3_free_host_lpi_block(uint32_t first_lpi);
>
> --
> 2.9.0
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 09/36] ARM: GICv3 ITS: introduce device mapping
2017-04-07 17:32 ` [PATCH v6 09/36] ARM: GICv3 ITS: introduce device mapping Andre Przywara
2017-04-07 18:21 ` Stefano Stabellini
@ 2017-04-07 18:21 ` Julien Grall
1 sibling, 0 replies; 75+ messages in thread
From: Julien Grall @ 2017-04-07 18:21 UTC (permalink / raw)
To: Andre Przywara, Stefano Stabellini
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Hi Andre,
On 07/04/17 18:32, Andre Przywara wrote:
> /* Set up the (1:1) collection mapping for the given host CPU. */
> int gicv3_its_setup_collection(unsigned int cpu)
> {
> @@ -450,6 +523,278 @@ int gicv3_its_init(void)
> return 0;
> }
>
> +/*
> + * TODO: Investiage the interaction when a guest removes a device while
s/Investiage/Investigate/
With that:
Reviewed-by: Julien Grall <julien.grall@arm.com>
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 10/36] ARM: GIC: Add checks for NULL pointer pending_irq's
2017-04-07 17:32 ` [PATCH v6 10/36] ARM: GIC: Add checks for NULL pointer pending_irq's Andre Przywara
@ 2017-04-07 18:32 ` Julien Grall
2017-04-07 19:07 ` Stefano Stabellini
1 sibling, 0 replies; 75+ messages in thread
From: Julien Grall @ 2017-04-07 18:32 UTC (permalink / raw)
To: Andre Przywara, Stefano Stabellini
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Hi Andre,
On 07/04/17 18:32, Andre Przywara wrote:
> For LPIs the struct pending_irq's are somewhat dynamically allocated and
When I read "dynamically", I directly ask myself. What is protecting the
pending_irq structure to be freed whilst in-use in the vgic code?
In the current design, this would happen if a device is removed from a
domain (e.g via the MAPD command for DOM0).
I cannot find any code which would prevent that and I think DOM0 can
take down Xen by mistake. Imagine a pending IRQ whilst executing MAPD(V=0).
So what's the plan?
> the pointers are stored in a radix tree. While I convinced myself that
> an invalid LPI number can't make it into the core code, people might be
> concerned about NULL pointer dereferences.
> So add checks in some places just to be on the safe side.
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> ---
> xen/arch/arm/gic.c | 23 +++++++++++++++++++++++
> xen/arch/arm/vgic.c | 4 ++++
> 2 files changed, 27 insertions(+)
>
> diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c
> index da19130..44c34b1 100644
> --- a/xen/arch/arm/gic.c
> +++ b/xen/arch/arm/gic.c
> @@ -405,6 +405,13 @@ void gic_remove_from_queues(struct vcpu *v, unsigned int virtual_irq)
> struct pending_irq *p = irq_to_pending(v, virtual_irq);
> unsigned long flags;
>
> + /*
> + * If an LPIs has been removed meanwhile, it has been cleaned up
> + * already, so nothing to remove here.
> + */
> + if ( !p )
> + return;
> +
> spin_lock_irqsave(&v->arch.vgic.lock, flags);
> if ( !list_empty(&p->lr_queue) )
> list_del_init(&p->lr_queue);
> @@ -415,6 +422,10 @@ void gic_raise_inflight_irq(struct vcpu *v, unsigned int virtual_irq)
> {
> struct pending_irq *n = irq_to_pending(v, virtual_irq);
>
> + /* If an LPI has been removed meanwhile, there is nothing left to raise. */
> + if ( !n )
> + return;
> +
> ASSERT(spin_is_locked(&v->arch.vgic.lock));
>
> if ( list_empty(&n->lr_queue) )
> @@ -461,7 +472,19 @@ static void gic_update_one_lr(struct vcpu *v, int i)
>
> gic_hw_ops->read_lr(i, &lr_val);
> irq = lr_val.virq;
> +
Please don't make spurious change...
> p = irq_to_pending(v, irq);
> + /* An LPI might have been unmapped, in which case we just clean up here. */
> + if ( !p )
> + {
> + ASSERT(is_lpi(irq));
> +
> + gic_hw_ops->clear_lr(i);
> + clear_bit(i, &this_cpu(lr_mask));
> +
> + return;
> + }
> +
> if ( lr_val.state & GICH_LR_ACTIVE )
> {
> set_bit(GIC_IRQ_GUEST_ACTIVE, &p->status);
> diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
> index 83569b0..b7ee105 100644
> --- a/xen/arch/arm/vgic.c
> +++ b/xen/arch/arm/vgic.c
> @@ -470,6 +470,10 @@ void vgic_vcpu_inject_irq(struct vcpu *v, unsigned int virq)
> unsigned long flags;
> bool running;
>
> + /* If an LPI has been removed, there is nothing to inject here. */
> + if ( !n )
> + return;
> +
> priority = vgic_get_virq_priority(v, virq);
>
> spin_lock_irqsave(&v->arch.vgic.lock, flags);
>
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 11/36] ARM: GICv3: introduce separate pending_irq structs for LPIs
2017-04-07 17:32 ` [PATCH v6 11/36] ARM: GICv3: introduce separate pending_irq structs for LPIs Andre Przywara
@ 2017-04-07 18:49 ` Stefano Stabellini
2017-04-07 21:02 ` Julien Grall
0 siblings, 1 reply; 75+ messages in thread
From: Stefano Stabellini @ 2017-04-07 18:49 UTC (permalink / raw)
To: Andre Przywara
Cc: xen-devel, Julien Grall, Stefano Stabellini, Vijay Kilari,
Shanker Donthineni
On Fri, 7 Apr 2017, Andre Przywara wrote:
> For the same reason that allocating a struct irq_desc for each
> possible LPI is not an option, having a struct pending_irq for each LPI
> is also not feasible. We only care about mapped LPIs, so we can get away
> with having struct pending_irq's only for them.
> Maintain a radix tree per domain where we drop the pointer to the
> respective pending_irq. The index used is the virtual LPI number.
> The memory for the actual structures has been allocated already per
> device at device mapping time.
> Teach the existing VGIC functions to find the right pointer when being
> given a virtual LPI number.
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> ---
> xen/arch/arm/vgic-v2.c | 8 ++++++++
> xen/arch/arm/vgic-v3.c | 23 +++++++++++++++++++++++
> xen/arch/arm/vgic.c | 2 ++
> xen/include/asm-arm/domain.h | 2 ++
> xen/include/asm-arm/vgic.h | 2 ++
> 5 files changed, 37 insertions(+)
>
> diff --git a/xen/arch/arm/vgic-v2.c b/xen/arch/arm/vgic-v2.c
> index dc9f95b..0587569 100644
> --- a/xen/arch/arm/vgic-v2.c
> +++ b/xen/arch/arm/vgic-v2.c
> @@ -702,10 +702,18 @@ static void vgic_v2_domain_free(struct domain *d)
> /* Nothing to be cleanup for this driver */
> }
>
> +static struct pending_irq *vgic_v2_lpi_to_pending(struct domain *d,
> + unsigned int vlpi)
> +{
> + /* Dummy function, no LPIs on a VGICv2. */
> + BUG();
> +}
> +
> static const struct vgic_ops vgic_v2_ops = {
> .vcpu_init = vgic_v2_vcpu_init,
> .domain_init = vgic_v2_domain_init,
> .domain_free = vgic_v2_domain_free,
> + .lpi_to_pending = vgic_v2_lpi_to_pending,
> .max_vcpus = 8,
> };
>
> diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c
> index d10757a..f25125e 100644
> --- a/xen/arch/arm/vgic-v3.c
> +++ b/xen/arch/arm/vgic-v3.c
> @@ -1451,6 +1451,9 @@ static int vgic_v3_domain_init(struct domain *d)
> d->arch.vgic.nr_regions = rdist_count;
> d->arch.vgic.rdist_regions = rdist_regions;
>
> + rwlock_init(&d->arch.vgic.pend_lpi_tree_lock);
> + radix_tree_init(&d->arch.vgic.pend_lpi_tree);
> +
> /*
> * Domain 0 gets the hardware address.
> * Guests get the virtual platform layout.
> @@ -1528,14 +1531,34 @@ static int vgic_v3_domain_init(struct domain *d)
> static void vgic_v3_domain_free(struct domain *d)
> {
> vgic_v3_its_free_domain(d);
> + radix_tree_destroy(&d->arch.vgic.pend_lpi_tree, NULL);
> xfree(d->arch.vgic.rdist_regions);
Who is freeing the pend_irqs array? Do we expect
gicv3_its_map_guest_device(!valid) to be called for each assigned device
at domain destroy time somehow? Today gicv3_its_map_guest_device is only
called in response of a MAPD command, which comes from the guest, while
we need to guarantee that we free data structures appropriately
independently from guest behavior.
> }
>
> +/*
> + * Looks up a virtual LPI number in our tree of mapped LPIs. This will return
> + * the corresponding struct pending_irq, which we also use to store the
> + * enabled and pending bit plus the priority.
> + * Returns NULL if an LPI cannot be found (or no LPIs are supported).
> + */
> +static struct pending_irq *vgic_v3_lpi_to_pending(struct domain *d,
> + unsigned int lpi)
> +{
> + struct pending_irq *pirq;
> +
> + read_lock(&d->arch.vgic.pend_lpi_tree_lock);
> + pirq = radix_tree_lookup(&d->arch.vgic.pend_lpi_tree, lpi);
> + read_unlock(&d->arch.vgic.pend_lpi_tree_lock);
> +
> + return pirq;
> +}
> +
> static const struct vgic_ops v3_ops = {
> .vcpu_init = vgic_v3_vcpu_init,
> .domain_init = vgic_v3_domain_init,
> .domain_free = vgic_v3_domain_free,
> .emulate_reg = vgic_v3_emulate_reg,
> + .lpi_to_pending = vgic_v3_lpi_to_pending,
> /*
> * We use both AFF1 and AFF0 in (v)MPIDR. Thus, the max number of CPU
> * that can be supported is up to 4096(==256*16) in theory.
> diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
> index b7ee105..a7a50bc 100644
> --- a/xen/arch/arm/vgic.c
> +++ b/xen/arch/arm/vgic.c
> @@ -439,6 +439,8 @@ struct pending_irq *irq_to_pending(struct vcpu *v, unsigned int irq)
> * are used for SPIs; the rests are used for per cpu irqs */
> if ( irq < 32 )
> n = &v->arch.vgic.pending_irqs[irq];
> + else if ( is_lpi(irq) )
> + n = v->domain->arch.vgic.handler->lpi_to_pending(v->domain, irq);
> else
> n = &v->domain->arch.vgic.pending_irqs[irq - 32];
> return n;
> diff --git a/xen/include/asm-arm/domain.h b/xen/include/asm-arm/domain.h
> index 6de8082..91dfe0a 100644
> --- a/xen/include/asm-arm/domain.h
> +++ b/xen/include/asm-arm/domain.h
> @@ -111,6 +111,8 @@ struct arch_domain
> uint32_t rdist_stride; /* Re-Distributor stride */
> struct rb_root its_devices; /* Devices mapped to an ITS */
> spinlock_t its_devices_lock; /* Protects the its_devices tree */
> + struct radix_tree_root pend_lpi_tree; /* Stores struct pending_irq's */
> + rwlock_t pend_lpi_tree_lock; /* Protects the pend_lpi_tree */
> #endif
> } vgic;
>
> diff --git a/xen/include/asm-arm/vgic.h b/xen/include/asm-arm/vgic.h
> index 544867a..04972d3 100644
> --- a/xen/include/asm-arm/vgic.h
> +++ b/xen/include/asm-arm/vgic.h
> @@ -134,6 +134,8 @@ struct vgic_ops {
> void (*domain_free)(struct domain *d);
> /* vGIC sysreg/cpregs emulate */
> bool (*emulate_reg)(struct cpu_user_regs *regs, union hsr hsr);
> + /* lookup the struct pending_irq for a given LPI interrupt */
> + struct pending_irq *(*lpi_to_pending)(struct domain *d, unsigned int vlpi);
> /* Maximum number of vCPU supported */
> const unsigned int max_vcpus;
> };
> --
> 2.9.0
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 12/36] ARM: GICv3: forward pending LPIs to guests
2017-04-07 17:32 ` [PATCH v6 12/36] ARM: GICv3: forward pending LPIs to guests Andre Przywara
@ 2017-04-07 18:59 ` Stefano Stabellini
2017-04-07 21:09 ` Julien Grall
1 sibling, 0 replies; 75+ messages in thread
From: Stefano Stabellini @ 2017-04-07 18:59 UTC (permalink / raw)
To: Andre Przywara
Cc: xen-devel, Julien Grall, Stefano Stabellini, Vijay Kilari,
Shanker Donthineni
On Fri, 7 Apr 2017, Andre Przywara wrote:
> Upon receiving an LPI on the host, we need to find the right VCPU and
> virtual IRQ number to get this IRQ injected.
> Iterate our two-level LPI table to find this information quickly when
> the host takes an LPI. Call the existing injection function to let the
> GIC emulation deal with this interrupt.
> Also we enhance struct pending_irq to cache the pending bit and the
> priority information for LPIs. Reading the information from there is
> faster than accessing the property table from guest memory. Also it
> use some padding area, so does not require more memory.
> This introduces a do_LPI() as a hardware gic_ops and a function to
> retrieve the (cached) priority value of an LPI and a vgic_ops.
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> ---
> xen/arch/arm/gic-v2.c | 7 +++++
> xen/arch/arm/gic-v3-lpi.c | 56 ++++++++++++++++++++++++++++++++++++++++
> xen/arch/arm/gic-v3.c | 1 +
> xen/arch/arm/gic.c | 8 +++++-
> xen/arch/arm/vgic-v2.c | 7 +++++
> xen/arch/arm/vgic-v3.c | 12 +++++++++
> xen/arch/arm/vgic.c | 7 ++++-
> xen/include/asm-arm/domain.h | 3 ++-
> xen/include/asm-arm/gic.h | 2 ++
> xen/include/asm-arm/gic_v3_its.h | 8 ++++++
> xen/include/asm-arm/vgic.h | 8 ++++++
> 11 files changed, 116 insertions(+), 3 deletions(-)
>
> diff --git a/xen/arch/arm/gic-v2.c b/xen/arch/arm/gic-v2.c
> index 270a136..ffbe47c 100644
> --- a/xen/arch/arm/gic-v2.c
> +++ b/xen/arch/arm/gic-v2.c
> @@ -1217,6 +1217,12 @@ static int __init gicv2_init(void)
> return 0;
> }
>
> +static void gicv2_do_LPI(unsigned int lpi)
> +{
> + /* No LPIs in a GICv2 */
> + BUG();
> +}
> +
> const static struct gic_hw_operations gicv2_ops = {
> .info = &gicv2_info,
> .init = gicv2_init,
> @@ -1244,6 +1250,7 @@ const static struct gic_hw_operations gicv2_ops = {
> .make_hwdom_madt = gicv2_make_hwdom_madt,
> .map_hwdom_extra_mappings = gicv2_map_hwdown_extra_mappings,
> .iomem_deny_access = gicv2_iomem_deny_access,
> + .do_LPI = gicv2_do_LPI,
> };
>
> /* Set up the GIC */
> diff --git a/xen/arch/arm/gic-v3-lpi.c b/xen/arch/arm/gic-v3-lpi.c
> index 292f2d0..5f3fe2c 100644
> --- a/xen/arch/arm/gic-v3-lpi.c
> +++ b/xen/arch/arm/gic-v3-lpi.c
> @@ -136,6 +136,62 @@ uint64_t gicv3_get_redist_address(unsigned int cpu, bool use_pta)
> return per_cpu(lpi_redist, cpu).redist_id << 16;
> }
>
> +/*
> + * Handle incoming LPIs, which are a bit special, because they are potentially
> + * numerous and also only get injected into guests. Treat them specially here,
> + * by just looking up their target vCPU and virtual LPI number and hand it
> + * over to the injection function.
> + * Please note that LPIs are edge-triggered only, also have no active state,
> + * so spurious interrupts on the host side are no issue (we can just ignore
> + * them).
> + * Also a guest cannot expect that firing interrupts that haven't been
> + * fully configured yet will reach the CPU, so we don't need to care about
> + * this special case.
> + */
> +void gicv3_do_LPI(unsigned int lpi)
> +{
> + struct domain *d;
> + union host_lpi *hlpip, hlpi;
> + struct vcpu *vcpu;
> +
> + /* EOI the LPI already. */
> + WRITE_SYSREG32(lpi, ICC_EOIR1_EL1);
> +
> + /* Find out if a guest mapped something to this physical LPI. */
> + hlpip = gic_get_host_lpi(lpi);
> + if ( !hlpip )
> + return;
> +
> + hlpi.data = read_u64_atomic(&hlpip->data);
> +
> + /*
> + * Unmapped events are marked with an invalid LPI ID. We can safely
> + * ignore them, as they have no further state and no-one can expect
> + * to see them if they have not been mapped.
> + */
> + if ( hlpi.virt_lpi == INVALID_LPI )
> + return;
> +
> + d = rcu_lock_domain_by_id(hlpi.dom_id);
> + if ( !d )
> + return;
> +
> + /* Make sure we don't step beyond the vcpu array. */
> + if ( hlpi.vcpu_id >= d->max_vcpus )
> + {
> + rcu_unlock_domain(d);
> + return;
> + }
> +
> + vcpu = d->vcpu[hlpi.vcpu_id];
> +
> + /* Check if the VCPU is ready to receive LPIs. */
> + if ( vcpu->arch.vgic.flags & VGIC_V3_LPIS_ENABLED )
> + vgic_vcpu_inject_irq(vcpu, hlpi.virt_lpi);
> +
> + rcu_unlock_domain(d);
> +}
> +
> static int gicv3_lpi_allocate_pendtable(uint64_t *reg)
> {
> uint64_t val;
> diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
> index a559e5e..63dbc21 100644
> --- a/xen/arch/arm/gic-v3.c
> +++ b/xen/arch/arm/gic-v3.c
> @@ -1670,6 +1670,7 @@ static const struct gic_hw_operations gicv3_ops = {
> .make_hwdom_dt_node = gicv3_make_hwdom_dt_node,
> .make_hwdom_madt = gicv3_make_hwdom_madt,
> .iomem_deny_access = gicv3_iomem_deny_access,
> + .do_LPI = gicv3_do_LPI,
> };
>
> static int __init gicv3_dt_preinit(struct dt_device_node *node, const void *data)
> diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c
> index 44c34b1..a6fb927 100644
> --- a/xen/arch/arm/gic.c
> +++ b/xen/arch/arm/gic.c
> @@ -728,7 +728,13 @@ void gic_interrupt(struct cpu_user_regs *regs, int is_fiq)
> do_IRQ(regs, irq, is_fiq);
> local_irq_disable();
> }
> - else if (unlikely(irq < 16))
> + else if ( is_lpi(irq) )
> + {
> + local_irq_enable();
> + gic_hw_ops->do_LPI(irq);
> + local_irq_disable();
> + }
> + else if ( unlikely(irq < 16) )
> {
> do_sgi(regs, irq);
> }
> diff --git a/xen/arch/arm/vgic-v2.c b/xen/arch/arm/vgic-v2.c
> index 0587569..df91940 100644
> --- a/xen/arch/arm/vgic-v2.c
> +++ b/xen/arch/arm/vgic-v2.c
> @@ -709,11 +709,18 @@ static struct pending_irq *vgic_v2_lpi_to_pending(struct domain *d,
> BUG();
> }
>
> +static int vgic_v2_lpi_get_priority(struct domain *d, unsigned int vlpi)
> +{
> + /* Dummy function, no LPIs on a VGICv2. */
> + BUG();
> +}
> +
> static const struct vgic_ops vgic_v2_ops = {
> .vcpu_init = vgic_v2_vcpu_init,
> .domain_init = vgic_v2_domain_init,
> .domain_free = vgic_v2_domain_free,
> .lpi_to_pending = vgic_v2_lpi_to_pending,
> + .lpi_get_priority = vgic_v2_lpi_get_priority,
> .max_vcpus = 8,
> };
>
> diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c
> index f25125e..6bc3d76 100644
> --- a/xen/arch/arm/vgic-v3.c
> +++ b/xen/arch/arm/vgic-v3.c
> @@ -1553,12 +1553,24 @@ static struct pending_irq *vgic_v3_lpi_to_pending(struct domain *d,
> return pirq;
> }
>
> +/* Retrieve the priority of an LPI from its struct pending_irq. */
> +static int vgic_v3_lpi_get_priority(struct domain *d, uint32_t vlpi)
> +{
> + struct pending_irq *p = vgic_v3_lpi_to_pending(d, vlpi);
> +
> + if ( !p )
> + return GIC_PRI_IRQ;
> +
> + return p->lpi_priority;
> +}
> +
> static const struct vgic_ops v3_ops = {
> .vcpu_init = vgic_v3_vcpu_init,
> .domain_init = vgic_v3_domain_init,
> .domain_free = vgic_v3_domain_free,
> .emulate_reg = vgic_v3_emulate_reg,
> .lpi_to_pending = vgic_v3_lpi_to_pending,
> + .lpi_get_priority = vgic_v3_lpi_get_priority,
> /*
> * We use both AFF1 and AFF0 in (v)MPIDR. Thus, the max number of CPU
> * that can be supported is up to 4096(==256*16) in theory.
> diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
> index a7a50bc..e6c97b2 100644
> --- a/xen/arch/arm/vgic.c
> +++ b/xen/arch/arm/vgic.c
> @@ -226,10 +226,15 @@ struct vcpu *vgic_get_target_vcpu(struct vcpu *v, unsigned int virq)
>
> static int vgic_get_virq_priority(struct vcpu *v, unsigned int virq)
> {
> - struct vgic_irq_rank *rank = vgic_rank_irq(v, virq);
> + struct vgic_irq_rank *rank;
> unsigned long flags;
> int priority;
>
> + /* LPIs don't have a rank, also store their priority separately. */
> + if ( is_lpi(virq) )
> + return v->domain->arch.vgic.handler->lpi_get_priority(v->domain, virq);
> +
> + rank = vgic_rank_irq(v, virq);
> vgic_lock_rank(v, rank, flags);
> priority = rank->priority[virq & INTERRUPT_RANK_MASK];
> vgic_unlock_rank(v, rank, flags);
> diff --git a/xen/include/asm-arm/domain.h b/xen/include/asm-arm/domain.h
> index 91dfe0a..583d491 100644
> --- a/xen/include/asm-arm/domain.h
> +++ b/xen/include/asm-arm/domain.h
> @@ -259,7 +259,8 @@ struct arch_vcpu
>
> /* GICv3: redistributor base and flags for this vCPU */
> paddr_t rdist_base;
> -#define VGIC_V3_RDIST_LAST (1 << 0) /* last vCPU of the rdist */
> +#define VGIC_V3_RDIST_LAST (1 << 0) /* last vCPU of the rdist */
> +#define VGIC_V3_LPIS_ENABLED (1 << 1)
> uint8_t flags;
> } vgic;
>
> diff --git a/xen/include/asm-arm/gic.h b/xen/include/asm-arm/gic.h
> index 836a103..42963c0 100644
> --- a/xen/include/asm-arm/gic.h
> +++ b/xen/include/asm-arm/gic.h
> @@ -366,6 +366,8 @@ struct gic_hw_operations {
> int (*map_hwdom_extra_mappings)(struct domain *d);
> /* Deny access to GIC regions */
> int (*iomem_deny_access)(const struct domain *d);
> + /* Handle LPIs, which require special handling */
> + void (*do_LPI)(unsigned int lpi);
> };
>
> void register_gic_ops(const struct gic_hw_operations *ops);
> diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
> index 29559a3..7470779 100644
> --- a/xen/include/asm-arm/gic_v3_its.h
> +++ b/xen/include/asm-arm/gic_v3_its.h
> @@ -134,6 +134,8 @@ void gicv3_its_dt_init(const struct dt_device_node *node);
>
> bool gicv3_its_host_has_its(void);
>
> +void gicv3_do_LPI(unsigned int lpi);
> +
> int gicv3_lpi_init_rdist(void __iomem * rdist_base);
>
> /* Initialize the host structures for LPIs and the host ITSes. */
> @@ -175,6 +177,12 @@ static inline bool gicv3_its_host_has_its(void)
> return false;
> }
>
> +static inline void gicv3_do_LPI(unsigned int lpi)
> +{
> + /* We don't enable LPIs without an ITS. */
> + BUG();
> +}
> +
> static inline int gicv3_lpi_init_rdist(void __iomem * rdist_base)
> {
> return -ENODEV;
> diff --git a/xen/include/asm-arm/vgic.h b/xen/include/asm-arm/vgic.h
> index 04972d3..52856ca 100644
> --- a/xen/include/asm-arm/vgic.h
> +++ b/xen/include/asm-arm/vgic.h
> @@ -60,18 +60,25 @@ struct pending_irq
> * vcpu while it is still inflight and on an GICH_LR register on the
> * old vcpu.
> *
> + * GIC_IRQ_GUEST_LPI_PENDING: this caches the pending bit of an LPI.
> + * On hardware the LPI pending bit is stored in a table in system
> + * memory, which would require us to access guest memory every time
> + * we want to learn the state. So we cache the state here.
> + *
> */
> #define GIC_IRQ_GUEST_QUEUED 0
> #define GIC_IRQ_GUEST_ACTIVE 1
> #define GIC_IRQ_GUEST_VISIBLE 2
> #define GIC_IRQ_GUEST_ENABLED 3
> #define GIC_IRQ_GUEST_MIGRATING 4
> +#define GIC_IRQ_GUEST_LPI_PENDING 5
Same comment on GIC_IRQ_GUEST_LPI_PENDING
> unsigned long status;
> struct irq_desc *desc; /* only set it the irq corresponds to a physical irq */
> unsigned int irq;
> #define GIC_INVALID_LR (uint8_t)~0
> uint8_t lr;
> uint8_t priority;
> + uint8_t lpi_priority; /* Caches the priority if this is an LPI. */
> /* inflight is used to append instances of pending_irq to
> * vgic.inflight_irqs */
> struct list_head inflight;
> @@ -136,6 +143,7 @@ struct vgic_ops {
> bool (*emulate_reg)(struct cpu_user_regs *regs, union hsr hsr);
> /* lookup the struct pending_irq for a given LPI interrupt */
> struct pending_irq *(*lpi_to_pending)(struct domain *d, unsigned int vlpi);
> + int (*lpi_get_priority)(struct domain *d, uint32_t vlpi);
> /* Maximum number of vCPU supported */
> const unsigned int max_vcpus;
> };
> --
> 2.9.0
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 10/36] ARM: GIC: Add checks for NULL pointer pending_irq's
2017-04-07 17:32 ` [PATCH v6 10/36] ARM: GIC: Add checks for NULL pointer pending_irq's Andre Przywara
2017-04-07 18:32 ` Julien Grall
@ 2017-04-07 19:07 ` Stefano Stabellini
2017-04-07 20:46 ` André Przywara
1 sibling, 1 reply; 75+ messages in thread
From: Stefano Stabellini @ 2017-04-07 19:07 UTC (permalink / raw)
To: Andre Przywara
Cc: xen-devel, Julien Grall, Stefano Stabellini, Vijay Kilari,
Shanker Donthineni
On Fri, 7 Apr 2017, Andre Przywara wrote:
> For LPIs the struct pending_irq's are somewhat dynamically allocated and
> the pointers are stored in a radix tree. While I convinced myself that
> an invalid LPI number can't make it into the core code, people might be
> concerned about NULL pointer dereferences.
> So add checks in some places just to be on the safe side.
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This approach looks fragile: what if we miss one irq_to_pending call? We
need a way to avoid pending_irq structs being freed when an irq is still
inflight. Only after an irq is not inflight anymore, a struct
pending_irq could be freed.
> ---
> xen/arch/arm/gic.c | 23 +++++++++++++++++++++++
> xen/arch/arm/vgic.c | 4 ++++
> 2 files changed, 27 insertions(+)
>
> diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c
> index da19130..44c34b1 100644
> --- a/xen/arch/arm/gic.c
> +++ b/xen/arch/arm/gic.c
> @@ -405,6 +405,13 @@ void gic_remove_from_queues(struct vcpu *v, unsigned int virtual_irq)
> struct pending_irq *p = irq_to_pending(v, virtual_irq);
> unsigned long flags;
>
> + /*
> + * If an LPIs has been removed meanwhile, it has been cleaned up
> + * already, so nothing to remove here.
> + */
> + if ( !p )
> + return;
> +
> spin_lock_irqsave(&v->arch.vgic.lock, flags);
> if ( !list_empty(&p->lr_queue) )
> list_del_init(&p->lr_queue);
> @@ -415,6 +422,10 @@ void gic_raise_inflight_irq(struct vcpu *v, unsigned int virtual_irq)
> {
> struct pending_irq *n = irq_to_pending(v, virtual_irq);
>
> + /* If an LPI has been removed meanwhile, there is nothing left to raise. */
> + if ( !n )
> + return;
> +
> ASSERT(spin_is_locked(&v->arch.vgic.lock));
>
> if ( list_empty(&n->lr_queue) )
> @@ -461,7 +472,19 @@ static void gic_update_one_lr(struct vcpu *v, int i)
>
> gic_hw_ops->read_lr(i, &lr_val);
> irq = lr_val.virq;
> +
> p = irq_to_pending(v, irq);
> + /* An LPI might have been unmapped, in which case we just clean up here. */
> + if ( !p )
> + {
> + ASSERT(is_lpi(irq));
> +
> + gic_hw_ops->clear_lr(i);
> + clear_bit(i, &this_cpu(lr_mask));
> +
> + return;
> + }
> +
> if ( lr_val.state & GICH_LR_ACTIVE )
> {
> set_bit(GIC_IRQ_GUEST_ACTIVE, &p->status);
> diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
> index 83569b0..b7ee105 100644
> --- a/xen/arch/arm/vgic.c
> +++ b/xen/arch/arm/vgic.c
> @@ -470,6 +470,10 @@ void vgic_vcpu_inject_irq(struct vcpu *v, unsigned int virq)
> unsigned long flags;
> bool running;
>
> + /* If an LPI has been removed, there is nothing to inject here. */
> + if ( !n )
> + return;
> +
> priority = vgic_get_virq_priority(v, virq);
>
> spin_lock_irqsave(&v->arch.vgic.lock, flags);
> --
> 2.9.0
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 13/36] ARM: GICv3: enable ITS and LPIs on the host
2017-04-07 17:32 ` [PATCH v6 13/36] ARM: GICv3: enable ITS and LPIs on the host Andre Przywara
@ 2017-04-07 19:10 ` Stefano Stabellini
0 siblings, 0 replies; 75+ messages in thread
From: Stefano Stabellini @ 2017-04-07 19:10 UTC (permalink / raw)
To: Andre Przywara
Cc: xen-devel, Julien Grall, Stefano Stabellini, Vijay Kilari,
Shanker Donthineni
On Fri, 7 Apr 2017, Andre Przywara wrote:
> Now that the host part of the ITS code is in place, we can enable the
> ITS and also LPIs on each redistributor to get the show rolling.
> At this point there would be no LPIs mapped, as guests don't know about
> the ITS yet.
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Acked-by: Stefano Stabellini <sstabellini@kernel.org>
> ---
> xen/arch/arm/gic-v3-its.c | 4 ++++
> xen/arch/arm/gic-v3.c | 18 ++++++++++++++++++
> 2 files changed, 22 insertions(+)
>
> diff --git a/xen/arch/arm/gic-v3-its.c b/xen/arch/arm/gic-v3-its.c
> index 1951ec8..1dad428 100644
> --- a/xen/arch/arm/gic-v3-its.c
> +++ b/xen/arch/arm/gic-v3-its.c
> @@ -505,6 +505,10 @@ static int gicv3_its_init_single_its(struct host_its *hw_its)
> return -ENOMEM;
> writeq_relaxed(0, hw_its->its_base + GITS_CWRITER);
>
> + /* Now enable interrupt translation and command processing on that ITS. */
> + reg = readl_relaxed(hw_its->its_base + GITS_CTLR);
> + writel_relaxed(reg | GITS_CTLR_ENABLE, hw_its->its_base + GITS_CTLR);
> +
> return 0;
> }
>
> diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
> index 63dbc21..54fbb19 100644
> --- a/xen/arch/arm/gic-v3.c
> +++ b/xen/arch/arm/gic-v3.c
> @@ -620,6 +620,21 @@ static int gicv3_enable_redist(void)
> return 0;
> }
>
> +/* Enable LPIs on this redistributor (only useful when the host has an ITS). */
> +static bool gicv3_enable_lpis(void)
> +{
> + uint32_t val;
> +
> + val = readl_relaxed(GICD_RDIST_BASE + GICR_TYPER);
> + if ( !(val & GICR_TYPER_PLPIS) )
> + return false;
> +
> + val = readl_relaxed(GICD_RDIST_BASE + GICR_CTLR);
> + writel_relaxed(val | GICR_CTLR_ENABLE_LPIS, GICD_RDIST_BASE + GICR_CTLR);
> +
> + return true;
> +}
> +
> static int __init gicv3_populate_rdist(void)
> {
> int i;
> @@ -731,11 +746,14 @@ static int gicv3_cpu_init(void)
> if ( gicv3_enable_redist() )
> return -ENODEV;
>
> + /* If the host has any ITSes, enable LPIs now. */
> if ( gicv3_its_host_has_its() )
> {
> ret = gicv3_its_setup_collection(smp_processor_id());
> if ( ret )
> return ret;
> + if ( !gicv3_enable_lpis() )
> + return -EBUSY;
> }
>
> /* Set priority on PPI and SGI interrupts */
> --
> 2.9.0
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 09/36] ARM: GICv3 ITS: introduce device mapping
2017-04-07 18:21 ` Stefano Stabellini
@ 2017-04-07 19:21 ` Andre Przywara
0 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-07 19:21 UTC (permalink / raw)
To: Stefano Stabellini
Cc: xen-devel, Julien Grall, Vijay Kilari, Shanker Donthineni
Hi,
On 07/04/17 19:21, Stefano Stabellini wrote:
>> + /*
>> + * Allocate the pending_irqs for each virtual LPI. They will be put
>> + * into the domain's radix tree upon the guest's MAPTI command.
>> + * Pre-allocating memory for each *possible* LPI would be using way
>> + * too much memory (they can be sparsely used by the guest), also
>> + * allocating them on demand requires memory allocation in the interrupt
>> + * injection code path, which is not really desired.
>> + * So we compromise here by pre-allocating memory for each *mapped* LPI.
>> + * See the mailing list discussion for some background:
>> + * https://lists.xen.org/archives/html/xen-devel/2017-03/msg03645.html
> I don't mean to be picky, but I don't think this comment is entirely
> accurate: a "mapped LPI" should be an LPI for which MAPTI has been
> called, but actually here we are allocating pending_irq struct for every
> possible event specified by MAPD. Am I right?
Totally, and especially with the GIC and ITS it's important the get the
wording right.
> I would rephrase the last sentence to:
>
> So we compromise here by pre-allocating memory for each possible event
> up to the max specified by MAPD.
Took that.
> With this comment fixed, you can add my reviewed-by.
Thanks!
Andre.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 10/36] ARM: GIC: Add checks for NULL pointer pending_irq's
2017-04-07 19:07 ` Stefano Stabellini
@ 2017-04-07 20:46 ` André Przywara
2017-04-07 20:58 ` Julien Grall
0 siblings, 1 reply; 75+ messages in thread
From: André Przywara @ 2017-04-07 20:46 UTC (permalink / raw)
To: Stefano Stabellini
Cc: xen-devel, Julien Grall, Vijay Kilari, Shanker Donthineni
On 07/04/17 20:07, Stefano Stabellini wrote:
> On Fri, 7 Apr 2017, Andre Przywara wrote:
>> For LPIs the struct pending_irq's are somewhat dynamically allocated and
>> the pointers are stored in a radix tree. While I convinced myself that
>> an invalid LPI number can't make it into the core code, people might be
>> concerned about NULL pointer dereferences.
>> So add checks in some places just to be on the safe side.
>>
>> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
>
> This approach looks fragile: what if we miss one irq_to_pending call? We
> need a way to avoid pending_irq structs being freed when an irq is still
> inflight. Only after an irq is not inflight anymore, a struct
> pending_irq could be freed.
Indeed. I was wondering if a dummy pend_irq could help on the first
step: Upon unmapping, we replace the radix-tree member(s) with this one
reserved instance (per domain), that would avoid the NULL pointer
dereference.
Then we keep the existing pend_irq (array) around until we are sure that
no-one is holding a reference anymore - either by using RCU (although I
think this is problematic because of the rcu_read_lock) or by finding a
definite point in time when no-one can possibly use that pointer
anymore. The pointer usage seems to be very confined, so I am hopeful we
can find such a limit (say: once every VCPU has exited and entered once
or the like).
Does that sound like a possible route?
Cheers,
Andre.
>
>
>> ---
>> xen/arch/arm/gic.c | 23 +++++++++++++++++++++++
>> xen/arch/arm/vgic.c | 4 ++++
>> 2 files changed, 27 insertions(+)
>>
>> diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c
>> index da19130..44c34b1 100644
>> --- a/xen/arch/arm/gic.c
>> +++ b/xen/arch/arm/gic.c
>> @@ -405,6 +405,13 @@ void gic_remove_from_queues(struct vcpu *v, unsigned int virtual_irq)
>> struct pending_irq *p = irq_to_pending(v, virtual_irq);
>> unsigned long flags;
>>
>> + /*
>> + * If an LPIs has been removed meanwhile, it has been cleaned up
>> + * already, so nothing to remove here.
>> + */
>> + if ( !p )
>> + return;
>> +
>> spin_lock_irqsave(&v->arch.vgic.lock, flags);
>> if ( !list_empty(&p->lr_queue) )
>> list_del_init(&p->lr_queue);
>> @@ -415,6 +422,10 @@ void gic_raise_inflight_irq(struct vcpu *v, unsigned int virtual_irq)
>> {
>> struct pending_irq *n = irq_to_pending(v, virtual_irq);
>>
>> + /* If an LPI has been removed meanwhile, there is nothing left to raise. */
>> + if ( !n )
>> + return;
>> +
>> ASSERT(spin_is_locked(&v->arch.vgic.lock));
>>
>> if ( list_empty(&n->lr_queue) )
>> @@ -461,7 +472,19 @@ static void gic_update_one_lr(struct vcpu *v, int i)
>>
>> gic_hw_ops->read_lr(i, &lr_val);
>> irq = lr_val.virq;
>> +
>> p = irq_to_pending(v, irq);
>> + /* An LPI might have been unmapped, in which case we just clean up here. */
>> + if ( !p )
>> + {
>> + ASSERT(is_lpi(irq));
>> +
>> + gic_hw_ops->clear_lr(i);
>> + clear_bit(i, &this_cpu(lr_mask));
>> +
>> + return;
>> + }
>> +
>> if ( lr_val.state & GICH_LR_ACTIVE )
>> {
>> set_bit(GIC_IRQ_GUEST_ACTIVE, &p->status);
>> diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
>> index 83569b0..b7ee105 100644
>> --- a/xen/arch/arm/vgic.c
>> +++ b/xen/arch/arm/vgic.c
>> @@ -470,6 +470,10 @@ void vgic_vcpu_inject_irq(struct vcpu *v, unsigned int virq)
>> unsigned long flags;
>> bool running;
>>
>> + /* If an LPI has been removed, there is nothing to inject here. */
>> + if ( !n )
>> + return;
>> +
>> priority = vgic_get_virq_priority(v, virq);
>>
>> spin_lock_irqsave(&v->arch.vgic.lock, flags);
>> --
>> 2.9.0
>>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 10/36] ARM: GIC: Add checks for NULL pointer pending_irq's
2017-04-07 20:46 ` André Przywara
@ 2017-04-07 20:58 ` Julien Grall
2017-04-07 21:45 ` Stefano Stabellini
0 siblings, 1 reply; 75+ messages in thread
From: Julien Grall @ 2017-04-07 20:58 UTC (permalink / raw)
To: André Przywara, Stefano Stabellini
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Hi Andre,
On 04/07/2017 09:46 PM, André Przywara wrote:
> On 07/04/17 20:07, Stefano Stabellini wrote:
>> On Fri, 7 Apr 2017, Andre Przywara wrote:
>>> For LPIs the struct pending_irq's are somewhat dynamically allocated and
>>> the pointers are stored in a radix tree. While I convinced myself that
>>> an invalid LPI number can't make it into the core code, people might be
>>> concerned about NULL pointer dereferences.
>>> So add checks in some places just to be on the safe side.
>>>
>>> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
>>
>> This approach looks fragile: what if we miss one irq_to_pending call? We
>> need a way to avoid pending_irq structs being freed when an irq is still
>> inflight. Only after an irq is not inflight anymore, a struct
>> pending_irq could be freed.
>
> Indeed. I was wondering if a dummy pend_irq could help on the first
> step: Upon unmapping, we replace the radix-tree member(s) with this one
> reserved instance (per domain), that would avoid the NULL pointer
> dereference.
The problem with that is the code will continue to handle it, but as it
is a dummy pending_irq (I understand there will be only one existing)
you will corrupt the list.
> Then we keep the existing pend_irq (array) around until we are sure that
> no-one is holding a reference anymore - either by using RCU (although I
> think this is problematic because of the rcu_read_lock) or by finding a
> definite point in time when no-one can possibly use that pointer
> anymore. The pointer usage seems to be very confined, so I am hopeful we
> can find such a limit (say: once every VCPU has exited and entered once
> or the like).
I think the RCU case is fragile because the pending_irq could be added
in the list which will be carried even after re-entering to the guest.
>
> Does that sound like a possible route?
How about using a reference (either on the device or the pending_irq)? A
reference would be taken until the vLPI is correctly handled (i.e clear
from the LRs).
This would prevent complex locking.
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 11/36] ARM: GICv3: introduce separate pending_irq structs for LPIs
2017-04-07 18:49 ` Stefano Stabellini
@ 2017-04-07 21:02 ` Julien Grall
0 siblings, 0 replies; 75+ messages in thread
From: Julien Grall @ 2017-04-07 21:02 UTC (permalink / raw)
To: Stefano Stabellini, Andre Przywara
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Hi Stefano,
On 04/07/2017 07:49 PM, Stefano Stabellini wrote:
> On Fri, 7 Apr 2017, Andre Przywara wrote:
>> For the same reason that allocating a struct irq_desc for each
>> possible LPI is not an option, having a struct pending_irq for each LPI
>> is also not feasible. We only care about mapped LPIs, so we can get away
>> with having struct pending_irq's only for them.
>> Maintain a radix tree per domain where we drop the pointer to the
>> respective pending_irq. The index used is the virtual LPI number.
>> The memory for the actual structures has been allocated already per
>> device at device mapping time.
>> Teach the existing VGIC functions to find the right pointer when being
>> given a virtual LPI number.
>>
>> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
>> ---
>> xen/arch/arm/vgic-v2.c | 8 ++++++++
>> xen/arch/arm/vgic-v3.c | 23 +++++++++++++++++++++++
>> xen/arch/arm/vgic.c | 2 ++
>> xen/include/asm-arm/domain.h | 2 ++
>> xen/include/asm-arm/vgic.h | 2 ++
>> 5 files changed, 37 insertions(+)
>>
>> diff --git a/xen/arch/arm/vgic-v2.c b/xen/arch/arm/vgic-v2.c
>> index dc9f95b..0587569 100644
>> --- a/xen/arch/arm/vgic-v2.c
>> +++ b/xen/arch/arm/vgic-v2.c
>> @@ -702,10 +702,18 @@ static void vgic_v2_domain_free(struct domain *d)
>> /* Nothing to be cleanup for this driver */
>> }
>>
>> +static struct pending_irq *vgic_v2_lpi_to_pending(struct domain *d,
>> + unsigned int vlpi)
>> +{
>> + /* Dummy function, no LPIs on a VGICv2. */
>> + BUG();
>> +}
>> +
>> static const struct vgic_ops vgic_v2_ops = {
>> .vcpu_init = vgic_v2_vcpu_init,
>> .domain_init = vgic_v2_domain_init,
>> .domain_free = vgic_v2_domain_free,
>> + .lpi_to_pending = vgic_v2_lpi_to_pending,
>> .max_vcpus = 8,
>> };
>>
>> diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c
>> index d10757a..f25125e 100644
>> --- a/xen/arch/arm/vgic-v3.c
>> +++ b/xen/arch/arm/vgic-v3.c
>> @@ -1451,6 +1451,9 @@ static int vgic_v3_domain_init(struct domain *d)
>> d->arch.vgic.nr_regions = rdist_count;
>> d->arch.vgic.rdist_regions = rdist_regions;
>>
>> + rwlock_init(&d->arch.vgic.pend_lpi_tree_lock);
>> + radix_tree_init(&d->arch.vgic.pend_lpi_tree);
>> +
>> /*
>> * Domain 0 gets the hardware address.
>> * Guests get the virtual platform layout.
>> @@ -1528,14 +1531,34 @@ static int vgic_v3_domain_init(struct domain *d)
>> static void vgic_v3_domain_free(struct domain *d)
>> {
>> vgic_v3_its_free_domain(d);
>> + radix_tree_destroy(&d->arch.vgic.pend_lpi_tree, NULL);
>> xfree(d->arch.vgic.rdist_regions);
>
> Who is freeing the pend_irqs array? Do we expect
> gicv3_its_map_guest_device(!valid) to be called for each assigned device
> at domain destroy time somehow? Today gicv3_its_map_guest_device is only
> called in response of a MAPD command, which comes from the guest, while
> we need to guarantee that we free data structures appropriately
> independently from guest behavior.
I will expect gicv3_its_map_guest_device(!valid) to be called by the
passthrough subsystem. There are an ASSERT(...) in
vgic_v3_its_domain_destroy (see patch #9) to check that assumption.
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 12/36] ARM: GICv3: forward pending LPIs to guests
2017-04-07 17:32 ` [PATCH v6 12/36] ARM: GICv3: forward pending LPIs to guests Andre Przywara
2017-04-07 18:59 ` Stefano Stabellini
@ 2017-04-07 21:09 ` Julien Grall
1 sibling, 0 replies; 75+ messages in thread
From: Julien Grall @ 2017-04-07 21:09 UTC (permalink / raw)
To: Andre Przywara, Stefano Stabellini
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Hi Andre,
On 04/07/2017 06:32 PM, Andre Przywara wrote:
> diff --git a/xen/arch/arm/gic-v3-lpi.c b/xen/arch/arm/gic-v3-lpi.c
> index 292f2d0..5f3fe2c 100644
> --- a/xen/arch/arm/gic-v3-lpi.c
> +++ b/xen/arch/arm/gic-v3-lpi.c
> @@ -136,6 +136,62 @@ uint64_t gicv3_get_redist_address(unsigned int cpu, bool use_pta)
> return per_cpu(lpi_redist, cpu).redist_id << 16;
> }
>
> +/*
> + * Handle incoming LPIs, which are a bit special, because they are potentially
> + * numerous and also only get injected into guests. Treat them specially here,
> + * by just looking up their target vCPU and virtual LPI number and hand it
> + * over to the injection function.
> + * Please note that LPIs are edge-triggered only, also have no active state,
> + * so spurious interrupts on the host side are no issue (we can just ignore
> + * them).
> + * Also a guest cannot expect that firing interrupts that haven't been
> + * fully configured yet will reach the CPU, so we don't need to care about
> + * this special case.
> + */
> +void gicv3_do_LPI(unsigned int lpi)
> +{
> + struct domain *d;
> + union host_lpi *hlpip, hlpi;
> + struct vcpu *vcpu;
As mentioned on the last 2 previous version, you will need irq_enter and
irq_exit in the return path. So the common code know you are in an
interrupt handler (see in_irq()).
> +
> + /* EOI the LPI already. */
> + WRITE_SYSREG32(lpi, ICC_EOIR1_EL1);
> +
> + /* Find out if a guest mapped something to this physical LPI. */
> + hlpip = gic_get_host_lpi(lpi);
> + if ( !hlpip )
> + return;
> +
> + hlpi.data = read_u64_atomic(&hlpip->data);
> +
> + /*
> + * Unmapped events are marked with an invalid LPI ID. We can safely
> + * ignore them, as they have no further state and no-one can expect
> + * to see them if they have not been mapped.
> + */
> + if ( hlpi.virt_lpi == INVALID_LPI )
> + return;
> +
> + d = rcu_lock_domain_by_id(hlpi.dom_id);
> + if ( !d )
> + return;
> +
> + /* Make sure we don't step beyond the vcpu array. */
> + if ( hlpi.vcpu_id >= d->max_vcpus )
> + {
> + rcu_unlock_domain(d);
> + return;
> + }
> +
> + vcpu = d->vcpu[hlpi.vcpu_id];
> +
> + /* Check if the VCPU is ready to receive LPIs. */
> + if ( vcpu->arch.vgic.flags & VGIC_V3_LPIS_ENABLED )
> + vgic_vcpu_inject_irq(vcpu, hlpi.virt_lpi);
> +
> + rcu_unlock_domain(d);
> +}
> +
> static int gicv3_lpi_allocate_pendtable(uint64_t *reg)
> {
> uint64_t val;
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 14/36] ARM: vGICv3: handle virtual LPI pending and property tables
2017-04-07 17:32 ` [PATCH v6 14/36] ARM: vGICv3: handle virtual LPI pending and property tables Andre Przywara
@ 2017-04-07 21:29 ` Julien Grall
0 siblings, 0 replies; 75+ messages in thread
From: Julien Grall @ 2017-04-07 21:29 UTC (permalink / raw)
To: Andre Przywara, Stefano Stabellini
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Hi Andre,
On 04/07/2017 06:32 PM, Andre Przywara wrote:
> diff --git a/xen/include/asm-arm/domain.h b/xen/include/asm-arm/domain.h
> index 583d491..365a4ef 100644
> --- a/xen/include/asm-arm/domain.h
> +++ b/xen/include/asm-arm/domain.h
> @@ -109,10 +109,14 @@ struct arch_domain
> } *rdist_regions;
> int nr_regions; /* Number of rdist regions */
> uint32_t rdist_stride; /* Re-Distributor stride */
> + unsigned long int nr_lpis;
> + uint64_t rdist_propbase;
> struct rb_root its_devices; /* Devices mapped to an ITS */
> spinlock_t its_devices_lock; /* Protects the its_devices tree */
> struct radix_tree_root pend_lpi_tree; /* Stores struct pending_irq's */
> rwlock_t pend_lpi_tree_lock; /* Protects the pend_lpi_tree */
> + bool rdists_enabled; /* Is any redistributor enabled? */
> + bool has_its;
NIT: It would make sense to gather rdists_enabled and has_its in a
single field flags.
Regardless that:
Reviewed-by: Julien Grall <julien.grall@arm.com>
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 15/36] ARM: introduce vgic_access_guest_memory()
2017-04-07 17:32 ` [PATCH v6 15/36] ARM: introduce vgic_access_guest_memory() Andre Przywara
@ 2017-04-07 21:35 ` Julien Grall
0 siblings, 0 replies; 75+ messages in thread
From: Julien Grall @ 2017-04-07 21:35 UTC (permalink / raw)
To: Andre Przywara, Stefano Stabellini
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Hi Andre,
On 04/07/2017 06:32 PM, Andre Przywara wrote:
> This function allows to copy a chunk of data from and to guest physical
> memory. It looks up the associated page from the guest's p2m tree
> and maps this page temporarily for the time of the access.
> This function was originally written by Vijaya as part of an earlier series:
> https://patchwork.kernel.org/patch/8177251i
This likely means the From: should be "Vijaya...".
>
> Signed-off-by: Vijaya Kumar K <Vijaya.Kumar@caviumnetworks.com>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> ---
> xen/arch/arm/vgic.c | 47 ++++++++++++++++++++++++++++++++++++++++++++++
> xen/include/asm-arm/vgic.h | 3 +++
> 2 files changed, 50 insertions(+)
>
> diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
> index e6c97b2..5c68fe7 100644
> --- a/xen/arch/arm/vgic.c
> +++ b/xen/arch/arm/vgic.c
> @@ -20,6 +20,7 @@
> #include <xen/bitops.h>
> #include <xen/lib.h>
> #include <xen/init.h>
> +#include <xen/domain_page.h>
> #include <xen/softirq.h>
> #include <xen/irq.h>
> #include <xen/sched.h>
> @@ -598,6 +599,52 @@ void vgic_free_virq(struct domain *d, unsigned int virq)
> }
>
> /*
> + * Temporarily map one physical guest page and copy data to or from it.
> + * The data to be copied cannot cross a page boundary.
> + */
> +int vgic_access_guest_memory(struct domain *d, paddr_t gpa, void *buf,
> + uint32_t size, bool_t is_write)
> +{
> + struct page_info *page;
> + uint64_t offset;
> + p2m_type_t p2mt;
> + void *p;
> +
> + page = get_page_from_gfn(d, paddr_to_pfn(gpa), &p2mt, P2M_ALLOC);
> + if ( !page )
> + {
> + printk(XENLOG_G_ERR "d%d: vITS: Failed to get table entry\n",
> + d->domain_id);
> + return -EINVAL;
> + }
> +
> + if ( !p2m_is_ram(p2mt) )
> + {
> + put_page(page);
> + printk(XENLOG_G_ERR "d%d: vITS: memory used by the ITS should be RAM.",
> + d->domain_id);
> + return -EINVAL;
> + }
> +
> + p = __map_domain_page(page);
> + /* Offset within the mapped page */
> + offset = gpa & ~PAGE_MASK;
> + /* Do not cross a page boundary. */
> + if ( size > (PAGE_SIZE - offset) )
> + size = PAGE_SIZE - offset;
Hmmmm.... it is not what I meant by a check. If a user uses this
function he will expect *all* the buffer filled and not only a part if a
page boundary is crossed. This would be a potential security issue if
the buffer is then written back to the guest memory (I know this is not
the case today, but still...).
I think it would be better if we return -EINVAL if the in this case.
> +
> + if ( is_write )
> + memcpy(p + offset, buf, size);
> + else
> + memcpy(buf, p + offset, size);
> +
> + unmap_domain_page(p);
> + put_page(page);
> +
> + return 0;
> +}
> +
> +/*
> * Local variables:
> * mode: C
> * c-file-style: "BSD"
> diff --git a/xen/include/asm-arm/vgic.h b/xen/include/asm-arm/vgic.h
> index 52856ca..967c2be 100644
> --- a/xen/include/asm-arm/vgic.h
> +++ b/xen/include/asm-arm/vgic.h
> @@ -319,6 +319,9 @@ extern void register_vgic_ops(struct domain *d, const struct vgic_ops *ops);
> int vgic_v2_init(struct domain *d, int *mmio_count);
> int vgic_v3_init(struct domain *d, int *mmio_count);
>
> +int vgic_access_guest_memory(struct domain *d, paddr_t gpa, void *buf,
> + uint32_t size, bool_t is_write);
> +
> extern int domain_vgic_register(struct domain *d, int *mmio_count);
> extern int vcpu_vgic_free(struct vcpu *v);
> extern bool vgic_to_sgi(struct vcpu *v, register_t sgir,
>
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 10/36] ARM: GIC: Add checks for NULL pointer pending_irq's
2017-04-07 20:58 ` Julien Grall
@ 2017-04-07 21:45 ` Stefano Stabellini
2017-04-07 22:09 ` Stefano Stabellini
0 siblings, 1 reply; 75+ messages in thread
From: Stefano Stabellini @ 2017-04-07 21:45 UTC (permalink / raw)
To: Julien Grall
Cc: André Przywara, Stefano Stabellini, Vijay Kilari,
Shanker Donthineni, xen-devel
[-- Attachment #1: Type: TEXT/PLAIN, Size: 1773 bytes --]
On Fri, 7 Apr 2017, Julien Grall wrote:
> Hi Andre,
>
> On 04/07/2017 09:46 PM, André Przywara wrote:
> > On 07/04/17 20:07, Stefano Stabellini wrote:
> > > On Fri, 7 Apr 2017, Andre Przywara wrote:
> > > > For LPIs the struct pending_irq's are somewhat dynamically allocated and
> > > > the pointers are stored in a radix tree. While I convinced myself that
> > > > an invalid LPI number can't make it into the core code, people might be
> > > > concerned about NULL pointer dereferences.
> > > > So add checks in some places just to be on the safe side.
> > > >
> > > > Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> > >
> > > This approach looks fragile: what if we miss one irq_to_pending call? We
> > > need a way to avoid pending_irq structs being freed when an irq is still
> > > inflight. Only after an irq is not inflight anymore, a struct
> > > pending_irq could be freed.
> >
> > Indeed. I was wondering if a dummy pend_irq could help on the first
> > step: Upon unmapping, we replace the radix-tree member(s) with this one
> > reserved instance (per domain), that would avoid the NULL pointer
> > dereference.
>
> The problem with that is the code will continue to handle it, but as it is a
> dummy pending_irq (I understand there will be only one existing) you will
> corrupt the list.
> > Does that sound like a possible route?
>
> How about using a reference (either on the device or the pending_irq)? A
> reference would be taken until the vLPI is correctly handled (i.e clear from
> the LRs).
>
> This would prevent complex locking.
We need to mark the pending_irq "to be freed", like we do with migration
(GIC_IRQ_GUEST_MIGRATING marks an irq to be migrated). Afterwards, when
the irq is ready, it will removed from the tree and freed.
[-- Attachment #2: Type: text/plain, Size: 127 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 10/36] ARM: GIC: Add checks for NULL pointer pending_irq's
2017-04-07 21:45 ` Stefano Stabellini
@ 2017-04-07 22:09 ` Stefano Stabellini
2017-04-07 22:12 ` André Przywara
0 siblings, 1 reply; 75+ messages in thread
From: Stefano Stabellini @ 2017-04-07 22:09 UTC (permalink / raw)
To: Stefano Stabellini
Cc: André Przywara, Julien Grall, Vijay Kilari,
Shanker Donthineni, xen-devel
[-- Attachment #1: Type: TEXT/PLAIN, Size: 2549 bytes --]
On Fri, 7 Apr 2017, Stefano Stabellini wrote:
> On Fri, 7 Apr 2017, Julien Grall wrote:
> > Hi Andre,
> >
> > On 04/07/2017 09:46 PM, André Przywara wrote:
> > > On 07/04/17 20:07, Stefano Stabellini wrote:
> > > > On Fri, 7 Apr 2017, Andre Przywara wrote:
> > > > > For LPIs the struct pending_irq's are somewhat dynamically allocated and
> > > > > the pointers are stored in a radix tree. While I convinced myself that
> > > > > an invalid LPI number can't make it into the core code, people might be
> > > > > concerned about NULL pointer dereferences.
> > > > > So add checks in some places just to be on the safe side.
> > > > >
> > > > > Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> > > >
> > > > This approach looks fragile: what if we miss one irq_to_pending call? We
> > > > need a way to avoid pending_irq structs being freed when an irq is still
> > > > inflight. Only after an irq is not inflight anymore, a struct
> > > > pending_irq could be freed.
> > >
> > > Indeed. I was wondering if a dummy pend_irq could help on the first
> > > step: Upon unmapping, we replace the radix-tree member(s) with this one
> > > reserved instance (per domain), that would avoid the NULL pointer
> > > dereference.
> >
> > The problem with that is the code will continue to handle it, but as it is a
> > dummy pending_irq (I understand there will be only one existing) you will
> > corrupt the list.
>
> > > Does that sound like a possible route?
> >
> > How about using a reference (either on the device or the pending_irq)? A
> > reference would be taken until the vLPI is correctly handled (i.e clear from
> > the LRs).
> >
> > This would prevent complex locking.
>
> We need to mark the pending_irq "to be freed", like we do with migration
> (GIC_IRQ_GUEST_MIGRATING marks an irq to be migrated). Afterwards, when
> the irq is ready, it will removed from the tree and freed.
I'll clarify. Andre, give a look at how vgic_migrate_irq is implemented:
first it tries to migrate the irq immediately, but if it is not
possible, it will mark the irq "to be migrated". Then, in
gic_update_one_lr, we check for the "to be migrated" flag and do the
actual migration.
We need to introduce a similar workflow here. If we can remove
pending_irq from the tree, we do it immediately. Otherwise we mark it
"to be removed" and do it later as soon as we can. We also add check for
the "to be removed" flag in other places, where appropriate, to avoid
trying to inject another LPI that is already supposed to be removed. I
hope that's clearer.
[-- Attachment #2: Type: text/plain, Size: 127 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 19/36] ARM: VGIC: add vcpu_id to struct pending_irq
2017-04-07 17:32 ` [PATCH v6 19/36] ARM: VGIC: add vcpu_id to struct pending_irq Andre Przywara
@ 2017-04-07 22:11 ` Julien Grall
2017-04-07 22:14 ` Stefano Stabellini
0 siblings, 1 reply; 75+ messages in thread
From: Julien Grall @ 2017-04-07 22:11 UTC (permalink / raw)
To: Andre Przywara, Stefano Stabellini
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Hi Andre,
On 04/07/2017 06:32 PM, Andre Przywara wrote:
> The target CPU for an LPI is encoded in the interrupt translation table
> entry, so can't be easily derived from just an LPI number (short of
> walking *all* tables and find the matching LPI).
> To avoid this in case we need to know the VCPU (for the INVALL command,
> for instance), put the VCPU ID in the struct pending_irq, so that it is
> easily accessible.
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> ---
> xen/include/asm-arm/vgic.h | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/xen/include/asm-arm/vgic.h b/xen/include/asm-arm/vgic.h
> index 86a1a89..9145b42 100644
> --- a/xen/include/asm-arm/vgic.h
> +++ b/xen/include/asm-arm/vgic.h
> @@ -88,6 +88,9 @@ struct pending_irq
> * TODO: when implementing irq migration, taking only the current
> * vgic lock is not going to be enough. */
> struct list_head lr_queue;
> +#ifdef CONFIG_HAS_ITS
> + uint16_t lpi_vcpu_id; /* The VCPU for an LPI. */
> +#endif
I am sorry, but in the current state this is a nack from me side. The
pending_irq structure will increase by 8 bytes because of the alignment.
This will affect all the irq_pending as soon as CONFIG_HAS_ITS is
enabled even if the platform is not using ITS.
Looking at the current usage it is only used by INVALL, which lead to
confirm my first nack.
Please either find a hole in pending_irq or find an alternative solution.
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 10/36] ARM: GIC: Add checks for NULL pointer pending_irq's
2017-04-07 22:09 ` Stefano Stabellini
@ 2017-04-07 22:12 ` André Przywara
0 siblings, 0 replies; 75+ messages in thread
From: André Przywara @ 2017-04-07 22:12 UTC (permalink / raw)
To: Stefano Stabellini
Cc: xen-devel, Julien Grall, Vijay Kilari, Shanker Donthineni
On 07/04/17 23:09, Stefano Stabellini wrote:
> On Fri, 7 Apr 2017, Stefano Stabellini wrote:
>> On Fri, 7 Apr 2017, Julien Grall wrote:
>>> Hi Andre,
>>>
>>> On 04/07/2017 09:46 PM, André Przywara wrote:
>>>> On 07/04/17 20:07, Stefano Stabellini wrote:
>>>>> On Fri, 7 Apr 2017, Andre Przywara wrote:
>>>>>> For LPIs the struct pending_irq's are somewhat dynamically allocated and
>>>>>> the pointers are stored in a radix tree. While I convinced myself that
>>>>>> an invalid LPI number can't make it into the core code, people might be
>>>>>> concerned about NULL pointer dereferences.
>>>>>> So add checks in some places just to be on the safe side.
>>>>>>
>>>>>> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
>>>>>
>>>>> This approach looks fragile: what if we miss one irq_to_pending call? We
>>>>> need a way to avoid pending_irq structs being freed when an irq is still
>>>>> inflight. Only after an irq is not inflight anymore, a struct
>>>>> pending_irq could be freed.
>>>>
>>>> Indeed. I was wondering if a dummy pend_irq could help on the first
>>>> step: Upon unmapping, we replace the radix-tree member(s) with this one
>>>> reserved instance (per domain), that would avoid the NULL pointer
>>>> dereference.
>>>
>>> The problem with that is the code will continue to handle it, but as it is a
>>> dummy pending_irq (I understand there will be only one existing) you will
>>> corrupt the list.
>>
>>>> Does that sound like a possible route?
>>>
>>> How about using a reference (either on the device or the pending_irq)? A
>>> reference would be taken until the vLPI is correctly handled (i.e clear from
>>> the LRs).
>>>
>>> This would prevent complex locking.
>>
>> We need to mark the pending_irq "to be freed", like we do with migration
>> (GIC_IRQ_GUEST_MIGRATING marks an irq to be migrated). Afterwards, when
>> the irq is ready, it will removed from the tree and freed.
>
> I'll clarify. Andre, give a look at how vgic_migrate_irq is implemented:
> first it tries to migrate the irq immediately, but if it is not
> possible, it will mark the irq "to be migrated". Then, in
> gic_update_one_lr, we check for the "to be migrated" flag and do the
> actual migration.
>
> We need to introduce a similar workflow here. If we can remove
> pending_irq from the tree, we do it immediately. Otherwise we mark it
> "to be removed" and do it later as soon as we can. We also add check for
> the "to be removed" flag in other places, where appropriate, to avoid
> trying to inject another LPI that is already supposed to be removed. I
> hope that's clearer.
Indeed, that sounds like a good idea. Thanks for that!
Now we just need to find a neat way of dealing with the array nature of
our pend_irq allocation, so we can only free it when *all* LPIs from
that device have been removed. But I am confident to find something.
Cheers,
Andre.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 19/36] ARM: VGIC: add vcpu_id to struct pending_irq
2017-04-07 22:11 ` Julien Grall
@ 2017-04-07 22:14 ` Stefano Stabellini
2017-04-07 22:19 ` Julien Grall
0 siblings, 1 reply; 75+ messages in thread
From: Stefano Stabellini @ 2017-04-07 22:14 UTC (permalink / raw)
To: Julien Grall
Cc: Andre Przywara, Stefano Stabellini, Vijay Kilari,
Shanker Donthineni, xen-devel
On Fri, 7 Apr 2017, Julien Grall wrote:
> Hi Andre,
>
> On 04/07/2017 06:32 PM, Andre Przywara wrote:
> > The target CPU for an LPI is encoded in the interrupt translation table
> > entry, so can't be easily derived from just an LPI number (short of
> > walking *all* tables and find the matching LPI).
> > To avoid this in case we need to know the VCPU (for the INVALL command,
> > for instance), put the VCPU ID in the struct pending_irq, so that it is
> > easily accessible.
> >
> > Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> > ---
> > xen/include/asm-arm/vgic.h | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/xen/include/asm-arm/vgic.h b/xen/include/asm-arm/vgic.h
> > index 86a1a89..9145b42 100644
> > --- a/xen/include/asm-arm/vgic.h
> > +++ b/xen/include/asm-arm/vgic.h
> > @@ -88,6 +88,9 @@ struct pending_irq
> > * TODO: when implementing irq migration, taking only the current
> > * vgic lock is not going to be enough. */
> > struct list_head lr_queue;
> > +#ifdef CONFIG_HAS_ITS
> > + uint16_t lpi_vcpu_id; /* The VCPU for an LPI. */
> > +#endif
>
> I am sorry, but in the current state this is a nack from me side. The
> pending_irq structure will increase by 8 bytes because of the alignment.
>
> This will affect all the irq_pending as soon as CONFIG_HAS_ITS is enabled even
> if the platform is not using ITS.
>
> Looking at the current usage it is only used by INVALL, which lead to confirm
> my first nack.
>
> Please either find a hole in pending_irq or find an alternative solution.
Yeah, I was thinking the same thing. That is why I suggested the #ifdef
CONFIG_HAS_ITS. At least the problem would remain confined to ITS.
I recognize that we need a better solution, but I would be willing to
take this as-is with the ifdef for 4.9, assuming that everything else is
in order.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 19/36] ARM: VGIC: add vcpu_id to struct pending_irq
2017-04-07 22:14 ` Stefano Stabellini
@ 2017-04-07 22:19 ` Julien Grall
2017-04-07 22:31 ` Stefano Stabellini
0 siblings, 1 reply; 75+ messages in thread
From: Julien Grall @ 2017-04-07 22:19 UTC (permalink / raw)
To: Stefano Stabellini
Cc: Andre Przywara, Vijay Kilari, Shanker Donthineni, xen-devel
Hi Stefano,
On 04/07/2017 11:14 PM, Stefano Stabellini wrote:
> On Fri, 7 Apr 2017, Julien Grall wrote:
>> Hi Andre,
>>
>> On 04/07/2017 06:32 PM, Andre Przywara wrote:
>>> The target CPU for an LPI is encoded in the interrupt translation table
>>> entry, so can't be easily derived from just an LPI number (short of
>>> walking *all* tables and find the matching LPI).
>>> To avoid this in case we need to know the VCPU (for the INVALL command,
>>> for instance), put the VCPU ID in the struct pending_irq, so that it is
>>> easily accessible.
>>>
>>> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
>>> ---
>>> xen/include/asm-arm/vgic.h | 3 +++
>>> 1 file changed, 3 insertions(+)
>>>
>>> diff --git a/xen/include/asm-arm/vgic.h b/xen/include/asm-arm/vgic.h
>>> index 86a1a89..9145b42 100644
>>> --- a/xen/include/asm-arm/vgic.h
>>> +++ b/xen/include/asm-arm/vgic.h
>>> @@ -88,6 +88,9 @@ struct pending_irq
>>> * TODO: when implementing irq migration, taking only the current
>>> * vgic lock is not going to be enough. */
>>> struct list_head lr_queue;
>>> +#ifdef CONFIG_HAS_ITS
>>> + uint16_t lpi_vcpu_id; /* The VCPU for an LPI. */
>>> +#endif
>>
>> I am sorry, but in the current state this is a nack from me side. The
>> pending_irq structure will increase by 8 bytes because of the alignment.
>>
>> This will affect all the irq_pending as soon as CONFIG_HAS_ITS is enabled even
>> if the platform is not using ITS.
>>
>> Looking at the current usage it is only used by INVALL, which lead to confirm
>> my first nack.
>>
>> Please either find a hole in pending_irq or find an alternative solution.
>
> Yeah, I was thinking the same thing. That is why I suggested the #ifdef
> CONFIG_HAS_ITS. At least the problem would remain confined to ITS.
>
> I recognize that we need a better solution, but I would be willing to
> take this as-is with the ifdef for 4.9, assuming that everything else is
> in order.
Still, it is 8 bytes per IRQ. Which means increase internal memory usage
by up to 8KB (assuming DOM0 with 1024 interrupts).
Xen currently support only up to 128 vCPUs and there is a 1 byte hole in
the structure. As it is plenty enough, why don't we use this hole?
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 19/36] ARM: VGIC: add vcpu_id to struct pending_irq
2017-04-07 22:19 ` Julien Grall
@ 2017-04-07 22:31 ` Stefano Stabellini
2017-04-07 22:52 ` Julien Grall
0 siblings, 1 reply; 75+ messages in thread
From: Stefano Stabellini @ 2017-04-07 22:31 UTC (permalink / raw)
To: Julien Grall
Cc: Andre Przywara, Stefano Stabellini, Vijay Kilari,
Shanker Donthineni, xen-devel
On Fri, 7 Apr 2017, Julien Grall wrote:
> Hi Stefano,
>
> On 04/07/2017 11:14 PM, Stefano Stabellini wrote:
> > On Fri, 7 Apr 2017, Julien Grall wrote:
> > > Hi Andre,
> > >
> > > On 04/07/2017 06:32 PM, Andre Przywara wrote:
> > > > The target CPU for an LPI is encoded in the interrupt translation table
> > > > entry, so can't be easily derived from just an LPI number (short of
> > > > walking *all* tables and find the matching LPI).
> > > > To avoid this in case we need to know the VCPU (for the INVALL command,
> > > > for instance), put the VCPU ID in the struct pending_irq, so that it is
> > > > easily accessible.
> > > >
> > > > Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> > > > ---
> > > > xen/include/asm-arm/vgic.h | 3 +++
> > > > 1 file changed, 3 insertions(+)
> > > >
> > > > diff --git a/xen/include/asm-arm/vgic.h b/xen/include/asm-arm/vgic.h
> > > > index 86a1a89..9145b42 100644
> > > > --- a/xen/include/asm-arm/vgic.h
> > > > +++ b/xen/include/asm-arm/vgic.h
> > > > @@ -88,6 +88,9 @@ struct pending_irq
> > > > * TODO: when implementing irq migration, taking only the current
> > > > * vgic lock is not going to be enough. */
> > > > struct list_head lr_queue;
> > > > +#ifdef CONFIG_HAS_ITS
> > > > + uint16_t lpi_vcpu_id; /* The VCPU for an LPI. */
> > > > +#endif
> > >
> > > I am sorry, but in the current state this is a nack from me side. The
> > > pending_irq structure will increase by 8 bytes because of the alignment.
> > >
> > > This will affect all the irq_pending as soon as CONFIG_HAS_ITS is enabled
> > > even
> > > if the platform is not using ITS.
> > >
> > > Looking at the current usage it is only used by INVALL, which lead to
> > > confirm
> > > my first nack.
> > >
> > > Please either find a hole in pending_irq or find an alternative solution.
> >
> > Yeah, I was thinking the same thing. That is why I suggested the #ifdef
> > CONFIG_HAS_ITS. At least the problem would remain confined to ITS.
> >
> > I recognize that we need a better solution, but I would be willing to
> > take this as-is with the ifdef for 4.9, assuming that everything else is
> > in order.
>
> Still, it is 8 bytes per IRQ. Which means increase internal memory usage by up
> to 8KB (assuming DOM0 with 1024 interrupts).
>
> Xen currently support only up to 128 vCPUs and there is a 1 byte hole in the
> structure. As it is plenty enough, why don't we use this hole?
Not a bad idea, but it doesn't leave us any room for expansion. Still,
it is better than an #ifdef in vgic.h.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 19/36] ARM: VGIC: add vcpu_id to struct pending_irq
2017-04-07 22:31 ` Stefano Stabellini
@ 2017-04-07 22:52 ` Julien Grall
0 siblings, 0 replies; 75+ messages in thread
From: Julien Grall @ 2017-04-07 22:52 UTC (permalink / raw)
To: Stefano Stabellini
Cc: Andre Przywara, nd, Vijay Kilari, Shanker Donthineni, xen-devel
Hi Stefano,
On 07/04/2017 23:31, Stefano Stabellini wrote:
> On Fri, 7 Apr 2017, Julien Grall wrote:
>> Hi Stefano,
>>
>> On 04/07/2017 11:14 PM, Stefano Stabellini wrote:
>>> On Fri, 7 Apr 2017, Julien Grall wrote:
>>>> Hi Andre,
>>>>
>>>> On 04/07/2017 06:32 PM, Andre Przywara wrote:
>>>>> The target CPU for an LPI is encoded in the interrupt translation table
>>>>> entry, so can't be easily derived from just an LPI number (short of
>>>>> walking *all* tables and find the matching LPI).
>>>>> To avoid this in case we need to know the VCPU (for the INVALL command,
>>>>> for instance), put the VCPU ID in the struct pending_irq, so that it is
>>>>> easily accessible.
>>>>>
>>>>> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
>>>>> ---
>>>>> xen/include/asm-arm/vgic.h | 3 +++
>>>>> 1 file changed, 3 insertions(+)
>>>>>
>>>>> diff --git a/xen/include/asm-arm/vgic.h b/xen/include/asm-arm/vgic.h
>>>>> index 86a1a89..9145b42 100644
>>>>> --- a/xen/include/asm-arm/vgic.h
>>>>> +++ b/xen/include/asm-arm/vgic.h
>>>>> @@ -88,6 +88,9 @@ struct pending_irq
>>>>> * TODO: when implementing irq migration, taking only the current
>>>>> * vgic lock is not going to be enough. */
>>>>> struct list_head lr_queue;
>>>>> +#ifdef CONFIG_HAS_ITS
>>>>> + uint16_t lpi_vcpu_id; /* The VCPU for an LPI. */
>>>>> +#endif
>>>>
>>>> I am sorry, but in the current state this is a nack from me side. The
>>>> pending_irq structure will increase by 8 bytes because of the alignment.
>>>>
>>>> This will affect all the irq_pending as soon as CONFIG_HAS_ITS is enabled
>>>> even
>>>> if the platform is not using ITS.
>>>>
>>>> Looking at the current usage it is only used by INVALL, which lead to
>>>> confirm
>>>> my first nack.
>>>>
>>>> Please either find a hole in pending_irq or find an alternative solution.
>>>
>>> Yeah, I was thinking the same thing. That is why I suggested the #ifdef
>>> CONFIG_HAS_ITS. At least the problem would remain confined to ITS.
>>>
>>> I recognize that we need a better solution, but I would be willing to
>>> take this as-is with the ifdef for 4.9, assuming that everything else is
>>> in order.
>>
>> Still, it is 8 bytes per IRQ. Which means increase internal memory usage by up
>> to 8KB (assuming DOM0 with 1024 interrupts).
>>
>> Xen currently support only up to 128 vCPUs and there is a 1 byte hole in the
>> structure. As it is plenty enough, why don't we use this hole?
>
> Not a bad idea, but it doesn't leave us any room for expansion. Still,
> it is better than an #ifdef in vgic.h.
I agree that it does not leave any room. But it does not increase the
structure by 8 bytes unconditionally (even if it is protected by
#ifdef). This would be a call to miss that when we will compile ITS by
default and therefore increase pending_irq.
But to be fair, I am not a bit fan of re-purposing irq_to_pending for
storing LPIs information. This feels like a hack because those value are
never used directly by the common code.
A better approach would be to introduce a struct pending_lpi which
contain irq_to_pending. Something like:
struct pending_lpi
{
struct irq_to_pending irq;
uint16_t vcpu_id;
uint8_t priority;
}
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 21/36] ARM: GICv3: prepare for virtual ITS subnodes
2017-04-07 17:32 ` [PATCH v6 21/36] ARM: GICv3: prepare for virtual ITS subnodes Andre Przywara
@ 2017-04-07 22:59 ` Julien Grall
2017-04-07 23:06 ` André Przywara
0 siblings, 1 reply; 75+ messages in thread
From: Julien Grall @ 2017-04-07 22:59 UTC (permalink / raw)
To: Andre Przywara, Stefano Stabellini
Cc: xen-devel, nd, Vijay Kilari, Shanker Donthineni
Hi Andre,
On 07/04/2017 18:32, Andre Przywara wrote:
> When creating the device tree for a domain using an emulated GICv3,
> we will later need to add the respective ITS subnodes as well.
> Prepare a stub function to be later filled with the actual code.
make_hwdom_dt_node will only create DT node for the hardware domain. The
guest DTs will be created by the toolstack.
Please update the commit message accordingly.
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> ---
> xen/arch/arm/gic-v3.c | 4 +++-
> xen/include/asm-arm/gic_v3_its.h | 8 ++++++++
> 2 files changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
> index 54fbb19..2fbcf52 100644
> --- a/xen/arch/arm/gic-v3.c
> +++ b/xen/arch/arm/gic-v3.c
> @@ -1172,8 +1172,10 @@ static int gicv3_make_hwdom_dt_node(const struct domain *d,
>
> res = fdt_property(fdt, "reg", new_cells, len);
> xfree(new_cells);
> + if ( res )
> + return res;
>
> - return res;
> + return gicv3_its_make_dt_nodes(NULL, d, gic, fdt);
I said no to the NULL and explained why on v5. Please address all the
comments.
Also this should be name gicv3_its_make_hwdom_dt_nodes.
> }
>
> static const hw_irq_controller gicv3_host_irq_type = {
> diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
> index 7470779..09c7117 100644
> --- a/xen/include/asm-arm/gic_v3_its.h
> +++ b/xen/include/asm-arm/gic_v3_its.h
> @@ -220,6 +220,14 @@ static inline void vgic_v3_its_free_domain(struct domain *d)
>
> #endif /* CONFIG_HAS_ITS */
>
> +static inline int gicv3_its_make_dt_nodes(struct list_head *its_list,
> + const struct domain *d,
> + const struct dt_device_node *gic,
> + void *fdt)
> +{
> + return 0;
> +}
> +
> #endif
>
> /*
>
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 21/36] ARM: GICv3: prepare for virtual ITS subnodes
2017-04-07 22:59 ` Julien Grall
@ 2017-04-07 23:06 ` André Przywara
2017-04-07 23:12 ` Julien Grall
0 siblings, 1 reply; 75+ messages in thread
From: André Przywara @ 2017-04-07 23:06 UTC (permalink / raw)
To: Julien Grall, Stefano Stabellini
Cc: xen-devel, nd, Vijay Kilari, Shanker Donthineni
On 07/04/17 23:59, Julien Grall wrote:
> Hi Andre,
>
> On 07/04/2017 18:32, Andre Przywara wrote:
>> When creating the device tree for a domain using an emulated GICv3,
>> we will later need to add the respective ITS subnodes as well.
>> Prepare a stub function to be later filled with the actual code.
>
> make_hwdom_dt_node will only create DT node for the hardware domain. The
> guest DTs will be created by the toolstack.
>
> Please update the commit message accordingly.
>
>>
>> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
>> ---
>> xen/arch/arm/gic-v3.c | 4 +++-
>> xen/include/asm-arm/gic_v3_its.h | 8 ++++++++
>> 2 files changed, 11 insertions(+), 1 deletion(-)
>>
>> diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
>> index 54fbb19..2fbcf52 100644
>> --- a/xen/arch/arm/gic-v3.c
>> +++ b/xen/arch/arm/gic-v3.c
>> @@ -1172,8 +1172,10 @@ static int gicv3_make_hwdom_dt_node(const
>> struct domain *d,
>>
>> res = fdt_property(fdt, "reg", new_cells, len);
>> xfree(new_cells);
>> + if ( res )
>> + return res;
>>
>> - return res;
>> + return gicv3_its_make_dt_nodes(NULL, d, gic, fdt);
>
> I said no to the NULL and explained why on v5. Please address all the
> comments.
Yeah, sorry, I didn't change much in the later patches, especially not
on the ITS command emulation, so please save your time and skip those.
The only changes worth looking at in v6 is the locking in the MMIO
emulation in patches 22/36 and 24/36.
Cheers,
Andre.
>
> Also this should be name gicv3_its_make_hwdom_dt_nodes.
>
>> }
>>
>> static const hw_irq_controller gicv3_host_irq_type = {
>> diff --git a/xen/include/asm-arm/gic_v3_its.h
>> b/xen/include/asm-arm/gic_v3_its.h
>> index 7470779..09c7117 100644
>> --- a/xen/include/asm-arm/gic_v3_its.h
>> +++ b/xen/include/asm-arm/gic_v3_its.h
>> @@ -220,6 +220,14 @@ static inline void vgic_v3_its_free_domain(struct
>> domain *d)
>>
>> #endif /* CONFIG_HAS_ITS */
>>
>> +static inline int gicv3_its_make_dt_nodes(struct list_head *its_list,
>> + const struct domain *d,
>> + const struct dt_device_node
>> *gic,
>> + void *fdt)
>> +{
>> + return 0;
>> +}
>> +
>> #endif
>>
>> /*
>>
>
> Cheers,
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 21/36] ARM: GICv3: prepare for virtual ITS subnodes
2017-04-07 23:06 ` André Przywara
@ 2017-04-07 23:12 ` Julien Grall
2017-04-07 23:23 ` André Przywara
0 siblings, 1 reply; 75+ messages in thread
From: Julien Grall @ 2017-04-07 23:12 UTC (permalink / raw)
To: André Przywara, Stefano Stabellini
Cc: xen-devel, nd, Vijay Kilari, Shanker Donthineni
On 08/04/2017 00:06, André Przywara wrote:
> On 07/04/17 23:59, Julien Grall wrote:
>> Hi Andre,
>>
>> On 07/04/2017 18:32, Andre Przywara wrote:
>>> When creating the device tree for a domain using an emulated GICv3,
>>> we will later need to add the respective ITS subnodes as well.
>>> Prepare a stub function to be later filled with the actual code.
>>
>> make_hwdom_dt_node will only create DT node for the hardware domain. The
>> guest DTs will be created by the toolstack.
>>
>> Please update the commit message accordingly.
>>
>>>
>>> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
>>> ---
>>> xen/arch/arm/gic-v3.c | 4 +++-
>>> xen/include/asm-arm/gic_v3_its.h | 8 ++++++++
>>> 2 files changed, 11 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
>>> index 54fbb19..2fbcf52 100644
>>> --- a/xen/arch/arm/gic-v3.c
>>> +++ b/xen/arch/arm/gic-v3.c
>>> @@ -1172,8 +1172,10 @@ static int gicv3_make_hwdom_dt_node(const
>>> struct domain *d,
>>>
>>> res = fdt_property(fdt, "reg", new_cells, len);
>>> xfree(new_cells);
>>> + if ( res )
>>> + return res;
>>>
>>> - return res;
>>> + return gicv3_its_make_dt_nodes(NULL, d, gic, fdt);
>>
>> I said no to the NULL and explained why on v5. Please address all the
>> comments.
>
> Yeah, sorry, I didn't change much in the later patches, especially not
> on the ITS command emulation, so please save your time and skip those.
> The only changes worth looking at in v6 is the locking in the MMIO
> emulation in patches 22/36 and 24/36.
Can you give a range of patches I should skip?
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 21/36] ARM: GICv3: prepare for virtual ITS subnodes
2017-04-07 23:12 ` Julien Grall
@ 2017-04-07 23:23 ` André Przywara
0 siblings, 0 replies; 75+ messages in thread
From: André Przywara @ 2017-04-07 23:23 UTC (permalink / raw)
To: Julien Grall, Stefano Stabellini
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
On 08/04/17 00:12, Julien Grall wrote:
>
>
> On 08/04/2017 00:06, André Przywara wrote:
>> On 07/04/17 23:59, Julien Grall wrote:
>>> Hi Andre,
>>>
>>> On 07/04/2017 18:32, Andre Przywara wrote:
>>>> When creating the device tree for a domain using an emulated GICv3,
>>>> we will later need to add the respective ITS subnodes as well.
>>>> Prepare a stub function to be later filled with the actual code.
>>>
>>> make_hwdom_dt_node will only create DT node for the hardware domain. The
>>> guest DTs will be created by the toolstack.
>>>
>>> Please update the commit message accordingly.
>>>
>>>>
>>>> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
>>>> ---
>>>> xen/arch/arm/gic-v3.c | 4 +++-
>>>> xen/include/asm-arm/gic_v3_its.h | 8 ++++++++
>>>> 2 files changed, 11 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
>>>> index 54fbb19..2fbcf52 100644
>>>> --- a/xen/arch/arm/gic-v3.c
>>>> +++ b/xen/arch/arm/gic-v3.c
>>>> @@ -1172,8 +1172,10 @@ static int gicv3_make_hwdom_dt_node(const
>>>> struct domain *d,
>>>>
>>>> res = fdt_property(fdt, "reg", new_cells, len);
>>>> xfree(new_cells);
>>>> + if ( res )
>>>> + return res;
>>>>
>>>> - return res;
>>>> + return gicv3_its_make_dt_nodes(NULL, d, gic, fdt);
>>>
>>> I said no to the NULL and explained why on v5. Please address all the
>>> comments.
>>
>> Yeah, sorry, I didn't change much in the later patches, especially not
>> on the ITS command emulation, so please save your time and skip those.
>> The only changes worth looking at in v6 is the locking in the MMIO
>> emulation in patches 22/36 and 24/36.
>
> Can you give a range of patches I should skip?
You can safely skip patches 25/36 till 34/36, probably even the last
two. Patch 23/36 has been removed in v7.
Thanks!
andre.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 22/36] ARM: vGIC: advertise LPI support
2017-04-07 17:32 ` [PATCH v6 22/36] ARM: vGIC: advertise LPI support Andre Przywara
@ 2017-04-09 19:37 ` Julien Grall
0 siblings, 0 replies; 75+ messages in thread
From: Julien Grall @ 2017-04-09 19:37 UTC (permalink / raw)
To: Andre Przywara, Stefano Stabellini
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Hi Andre,
On 04/07/2017 06:32 PM, Andre Przywara wrote:
> To let a guest know about the availability of virtual LPIs, set the
> respective bits in the virtual GIC registers and let a guest control
> the LPI enable bit.
> Only report the LPI capability if the host has initialized at least
> one ITS.
> This removes a "TBD" comment, as we now populate the processor number
> in the GICR_TYPE register.
> Advertise 24 bits worth of LPIs to the guest.
Again, why 24 bits? This should be the number of LPIs supported by the host.
And likely this number should be set from vgic_v3_domain_init(....) and
not hardcoded in the emulation.
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> ---
> xen/arch/arm/vgic-v3.c | 59 +++++++++++++++++++++++++++++++++++++++++++++-----
> 1 file changed, 54 insertions(+), 5 deletions(-)
>
> diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c
> index 7b086b9..1c1d014 100644
> --- a/xen/arch/arm/vgic-v3.c
> +++ b/xen/arch/arm/vgic-v3.c
> @@ -169,8 +169,15 @@ static int __vgic_v3_rdistr_rd_mmio_read(struct vcpu *v, mmio_info_t *info,
> switch ( gicr_reg )
> {
> case VREG32(GICR_CTLR):
> - /* We have not implemented LPI's, read zero */
> - goto read_as_zero_32;
> + if ( !v->domain->arch.vgic.has_its )
> + goto read_as_zero_32;
> + if ( dabt.size != DABT_WORD ) goto bad_width;
> +
> + spin_lock(&v->arch.vgic.lock);
This lock is used in interrupt context (see vgic_vcpu_inject_irq). So
you want to disable interrupt.
> + *r = vgic_reg32_extract(!!(v->arch.vgic.flags & VGIC_V3_LPIS_ENABLED),
> + info);
> + spin_unlock(&v->arch.vgic.lock);
> + return 1;
>
> case VREG32(GICR_IIDR):
> if ( dabt.size != DABT_WORD ) goto bad_width;
> @@ -182,16 +189,20 @@ static int __vgic_v3_rdistr_rd_mmio_read(struct vcpu *v, mmio_info_t *info,
> uint64_t typer, aff;
>
> if ( !vgic_reg64_check_access(dabt) ) goto bad_width;
> - /* TBD: Update processor id in [23:8] when ITS support is added */
> aff = (MPIDR_AFFINITY_LEVEL(v->arch.vmpidr, 3) << 56 |
> MPIDR_AFFINITY_LEVEL(v->arch.vmpidr, 2) << 48 |
> MPIDR_AFFINITY_LEVEL(v->arch.vmpidr, 1) << 40 |
> MPIDR_AFFINITY_LEVEL(v->arch.vmpidr, 0) << 32);
> typer = aff;
> + /* We use the VCPU ID as the redistributor ID in bits[23:8] */
> + typer |= (v->vcpu_id & 0xffff) << 8;
>
> if ( v->arch.vgic.flags & VGIC_V3_RDIST_LAST )
> typer |= GICR_TYPER_LAST;
>
> + if ( v->domain->arch.vgic.has_its )
> + typer |= GICR_TYPER_PLPIS;
> +
> *r = vgic_reg64_extract(typer, info);
>
> return 1;
> @@ -421,6 +432,25 @@ static uint64_t sanitize_pendbaser(uint64_t reg)
> return reg;
> }
>
> +static void vgic_vcpu_enable_lpis(struct vcpu *v)
> +{
> + uint64_t reg = v->domain->arch.vgic.rdist_propbase;
> + unsigned int nr_lpis = BIT((reg & 0x1f) + 1);
> +
> + if ( nr_lpis < LPI_OFFSET )
> + nr_lpis = 0;
> + else
> + nr_lpis -= LPI_OFFSET;
> +
> + if ( !v->domain->arch.vgic.rdists_enabled )
> + {
> + v->domain->arch.vgic.nr_lpis = nr_lpis;
> + v->domain->arch.vgic.rdists_enabled = true;
> + }
> +
> + v->arch.vgic.flags |= VGIC_V3_LPIS_ENABLED;
> +}
> +
> static int __vgic_v3_rdistr_rd_mmio_write(struct vcpu *v, mmio_info_t *info,
> uint32_t gicr_reg,
> register_t r)
> @@ -431,8 +461,22 @@ static int __vgic_v3_rdistr_rd_mmio_write(struct vcpu *v, mmio_info_t *info,
> switch ( gicr_reg )
> {
> case VREG32(GICR_CTLR):
> - /* LPI's not implemented */
> - goto write_ignore_32;
> + if ( !v->domain->arch.vgic.has_its )
> + goto write_ignore_32;
> + if ( dabt.size != DABT_WORD ) goto bad_width;
> +
> + vgic_lock(v); /* protects rdists_enabled */
Can't you move this lock in vgic_vcpu_enable_lpis?
> + spin_lock(&v->arch.vgic.lock);
See above for the v->arch.vgic.lock.
> +
> + /* LPIs can only be enabled once, but never disabled again. */
> + if ( (r & GICR_CTLR_ENABLE_LPIS) &&
> + !(v->arch.vgic.flags & VGIC_V3_LPIS_ENABLED) )
> + vgic_vcpu_enable_lpis(v);
> +
> + spin_unlock(&v->arch.vgic.lock);
> + vgic_unlock(v);
> +
> + return 1;
>
> case VREG32(GICR_IIDR):
> /* RO */
> @@ -1049,6 +1093,11 @@ static int vgic_v3_distr_mmio_read(struct vcpu *v, mmio_info_t *info,
> typer = ((ncpus - 1) << GICD_TYPE_CPUS_SHIFT |
> DIV_ROUND_UP(v->domain->arch.vgic.nr_spis, 32));
>
> + if ( v->domain->arch.vgic.has_its )
> + {
> + typer |= GICD_TYPE_LPIS;
> + irq_bits = 24;
See my comment above about 24.
> + }
> typer |= (irq_bits - 1) << GICD_TYPE_ID_BITS_SHIFT;
>
> *r = vgic_reg32_extract(typer, info);
>
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 16/36] ARM: vGICv3: re-use vgic_reg64_check_access
2017-04-07 17:32 ` [PATCH v6 16/36] ARM: vGICv3: re-use vgic_reg64_check_access Andre Przywara
@ 2017-04-09 19:39 ` Julien Grall
0 siblings, 0 replies; 75+ messages in thread
From: Julien Grall @ 2017-04-09 19:39 UTC (permalink / raw)
To: Andre Przywara, Stefano Stabellini
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Hi Andre,
On 04/07/2017 06:32 PM, Andre Przywara wrote:
> vgic_reg64_check_access() checks for a valid access width of a 64-bit
> MMIO register, which is useful beyond the current GICv3 emulation only.
> Move this function to the vgic-emul.h to be easily reusable.
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Acked-by: Julien Grall <julien.grall@arm.com>
> ---
> xen/arch/arm/vgic-v3.c | 9 ---------
> xen/include/asm-arm/vgic-emul.h | 9 +++++++++
> 2 files changed, 9 insertions(+), 9 deletions(-)
>
> diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c
> index fd6a777..4462b8c 100644
> --- a/xen/arch/arm/vgic-v3.c
> +++ b/xen/arch/arm/vgic-v3.c
> @@ -160,15 +160,6 @@ static void vgic_store_irouter(struct domain *d, struct vgic_irq_rank *rank,
> }
> }
>
> -static inline bool vgic_reg64_check_access(struct hsr_dabt dabt)
> -{
> - /*
> - * 64 bits registers can be accessible using 32-bit and 64-bit unless
> - * stated otherwise (See 8.1.3 ARM IHI 0069A).
> - */
> - return ( dabt.size == DABT_DOUBLE_WORD || dabt.size == DABT_WORD );
> -}
> -
> static int __vgic_v3_rdistr_rd_mmio_read(struct vcpu *v, mmio_info_t *info,
> uint32_t gicr_reg,
> register_t *r)
> diff --git a/xen/include/asm-arm/vgic-emul.h b/xen/include/asm-arm/vgic-emul.h
> index 184a1f0..e52fbaa 100644
> --- a/xen/include/asm-arm/vgic-emul.h
> +++ b/xen/include/asm-arm/vgic-emul.h
> @@ -12,6 +12,15 @@
> #define VRANGE32(start, end) start ... end + 3
> #define VRANGE64(start, end) start ... end + 7
>
> +/*
> + * 64 bits registers can be accessible using 32-bit and 64-bit unless
> + * stated otherwise (See 8.1.3 ARM IHI 0069A).
> + */
> +static inline bool vgic_reg64_check_access(struct hsr_dabt dabt)
> +{
> + return ( dabt.size == DABT_DOUBLE_WORD || dabt.size == DABT_WORD );
> +}
> +
> #endif /* __ASM_ARM_VGIC_EMUL_H__ */
>
> /*
>
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 18/36] ARM: GIC: export vgic_init_pending_irq()
2017-04-07 17:32 ` [PATCH v6 18/36] ARM: GIC: export vgic_init_pending_irq() Andre Przywara
@ 2017-04-09 19:40 ` Julien Grall
0 siblings, 0 replies; 75+ messages in thread
From: Julien Grall @ 2017-04-09 19:40 UTC (permalink / raw)
To: Andre Przywara, Stefano Stabellini
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Hi Andre,
On 04/07/2017 06:32 PM, Andre Przywara wrote:
> For LPIs we later want to dynamically allocate struct pending_irqs.
> Let's export the vgic_init_pending_irq() to be able to reuse it.
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Acked-by: Julien Grall <julien.grall@arm.com>
Cheers,
> ---
> xen/arch/arm/vgic.c | 2 +-
> xen/include/asm-arm/vgic.h | 1 +
> 2 files changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
> index 5c68fe7..1bc3dc7 100644
> --- a/xen/arch/arm/vgic.c
> +++ b/xen/arch/arm/vgic.c
> @@ -61,7 +61,7 @@ struct vgic_irq_rank *vgic_rank_irq(struct vcpu *v, unsigned int irq)
> return vgic_get_rank(v, rank);
> }
>
> -static void vgic_init_pending_irq(struct pending_irq *p, unsigned int virq)
> +void vgic_init_pending_irq(struct pending_irq *p, unsigned int virq)
> {
> INIT_LIST_HEAD(&p->inflight);
> INIT_LIST_HEAD(&p->lr_queue);
> diff --git a/xen/include/asm-arm/vgic.h b/xen/include/asm-arm/vgic.h
> index 967c2be..86a1a89 100644
> --- a/xen/include/asm-arm/vgic.h
> +++ b/xen/include/asm-arm/vgic.h
> @@ -308,6 +308,7 @@ extern struct vcpu *vgic_get_target_vcpu(struct vcpu *v, unsigned int virq);
> extern void vgic_vcpu_inject_irq(struct vcpu *v, unsigned int virq);
> extern void vgic_vcpu_inject_spi(struct domain *d, unsigned int virq);
> extern void vgic_clear_pending_irqs(struct vcpu *v);
> +extern void vgic_init_pending_irq(struct pending_irq *p, unsigned int virq);
> extern struct pending_irq *irq_to_pending(struct vcpu *v, unsigned int irq);
> extern struct pending_irq *spi_to_pending(struct domain *d, unsigned int irq);
> extern struct vgic_irq_rank *vgic_rank_offset(struct vcpu *v, int b, int n, int s);
>
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 24/36] ARM: vITS: add command handling stub and MMIO emulation
2017-04-07 17:32 ` [PATCH v6 24/36] ARM: vITS: add command handling stub and MMIO emulation Andre Przywara
@ 2017-04-09 20:16 ` Julien Grall
2017-04-11 15:49 ` Andre Przywara
0 siblings, 1 reply; 75+ messages in thread
From: Julien Grall @ 2017-04-09 20:16 UTC (permalink / raw)
To: Andre Przywara, Stefano Stabellini
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Hi Andre,
On 04/07/2017 06:32 PM, Andre Przywara wrote:
> Emulate the memory mapped ITS registers and provide a stub to introduce
> the ITS command handling framework (but without actually emulating any
> commands at this time).
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> ---
> xen/arch/arm/vgic-v3-its.c | 512 +++++++++++++++++++++++++++++++++++++++
> xen/include/asm-arm/gic_v3_its.h | 3 +
> 2 files changed, 515 insertions(+)
>
> diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
> index 065ffe2..a171a3b 100644
> --- a/xen/arch/arm/vgic-v3-its.c
> +++ b/xen/arch/arm/vgic-v3-its.c
> @@ -67,6 +67,9 @@ struct vits_itte
> uint16_t pad;
> };
>
> +#define GITS_BASER_RO_MASK (GITS_BASER_TYPE_MASK | \
> + (31UL << GITS_BASER_ENTRY_SIZE_SHIFT))
> +
> int vgic_v3_its_init_domain(struct domain *d)
> {
> spin_lock_init(&d->arch.vgic.its_devices_lock);
> @@ -80,6 +83,515 @@ void vgic_v3_its_free_domain(struct domain *d)
> ASSERT(RB_EMPTY_ROOT(&d->arch.vgic.its_devices));
> }
>
> +/**************************************
> + * Functions that handle ITS commands *
> + **************************************/
> +
> +static uint64_t its_cmd_mask_field(uint64_t *its_cmd, unsigned int word,
> + unsigned int shift, unsigned int size)
> +{
> + return (le64_to_cpu(its_cmd[word]) >> shift) & (BIT(size) - 1);
> +}
> +
> +#define its_cmd_get_command(cmd) its_cmd_mask_field(cmd, 0, 0, 8)
> +#define its_cmd_get_deviceid(cmd) its_cmd_mask_field(cmd, 0, 32, 32)
> +#define its_cmd_get_size(cmd) its_cmd_mask_field(cmd, 1, 0, 5)
> +#define its_cmd_get_id(cmd) its_cmd_mask_field(cmd, 1, 0, 32)
> +#define its_cmd_get_physical_id(cmd) its_cmd_mask_field(cmd, 1, 32, 32)
> +#define its_cmd_get_collection(cmd) its_cmd_mask_field(cmd, 2, 0, 16)
> +#define its_cmd_get_target_addr(cmd) its_cmd_mask_field(cmd, 2, 16, 32)
> +#define its_cmd_get_validbit(cmd) its_cmd_mask_field(cmd, 2, 63, 1)
> +#define its_cmd_get_ittaddr(cmd) (its_cmd_mask_field(cmd, 2, 8, 44) << 8)
> +
> +#define ITS_CMD_BUFFER_SIZE(baser) ((((baser) & 0xff) + 1) << 12)
> +
> +/*
> + * Requires the vcmd_lock to be held.
> + * TODO: Investigate whether we can be smarter here and don't need to hold
> + * the lock all of the time.
> + */
> +static int vgic_its_handle_cmds(struct domain *d, struct virt_its *its)
> +{
> + paddr_t addr = its->cbaser & GENMASK(51, 12);
> + uint64_t command[4];
> + uint64_t creadr = its->creadr;
> +
> + ASSERT(spin_is_locked(&its->vcmd_lock));
> +
> + if ( its->cwriter >= ITS_CMD_BUFFER_SIZE(its->cbaser) )
> + return -1;
> +
> + while ( creadr != its->cwriter )
> + {
> + int ret;
> +
> + ret = vgic_access_guest_memory(d, addr + creadr,
> + command, sizeof(command), false);
> + if ( ret )
> + return ret;
> +
> + switch ( its_cmd_get_command(command) )
> + {
> + case GITS_CMD_SYNC:
> + /* We handle ITS commands synchronously, so we ignore SYNC. */
> + break;
> + default:
> + gdprintk(XENLOG_WARNING, "ITS: unhandled ITS command %lu\n",
> + its_cmd_get_command(command));
> + break;
> + }
> +
> + creadr += ITS_CMD_SIZE;
> + if ( creadr == ITS_CMD_BUFFER_SIZE(its->cbaser) )
> + creadr = 0;
> + its->creadr = creadr; /* allow the guest to see the progress */
I hope you know that the compiler can decide to drop the temporary
variable for optimization? ;) So it may decide to write-back everytime
in its->creadr.
> +
> + if ( ret )
> + gdprintk(XENLOG_WARNING,
> + "ITS: ITS command error %d while handling command %lu\n",
> + ret, its_cmd_get_command(command));
> + }
> +
> + return 0;
> +}
> +
> +/*****************************
> + * ITS registers read access *
> + *****************************/
> +
> +/* Identifying as an ARM IP, using "X" as the product ID. */
> +#define GITS_IIDR_VALUE 0x5800034c
Do we need to request ARM to register this value? Preventing someone to
re-use it for another purpose in the future.
> +
> +static int vgic_v3_its_mmio_read(struct vcpu *v, mmio_info_t *info,
> + register_t *r, void *priv)
> +{
> + struct virt_its *its = priv;
> + uint64_t reg;
> +
> + switch ( info->gpa & 0xffff )
> + {
> + case VREG32(GITS_CTLR):
> + {
> + /*
> + * We try to avoid waiting for the command queue lock and report
> + * non-quiescent if that lock is already taken.
> + */
> + bool have_cmd_lock;
> +
> + if ( info->dabt.size != DABT_WORD ) goto bad_width;
> +
> + have_cmd_lock = spin_trylock(&its->vcmd_lock);
> + spin_lock(&its->its_lock);
> + if ( its->enabled )
> + reg = GITS_CTLR_ENABLE;
> + else
> + reg = 0;
> +
> + if ( have_cmd_lock && its->cwriter == its->creadr )
> + reg |= GITS_CTLR_QUIESCENT;
> +
> + spin_unlock(&its->its_lock);
> + if ( have_cmd_lock )
> + spin_unlock(&its->vcmd_lock);
> +
> + *r = vgic_reg32_extract(reg, info);
> + break;
> + }
> + case VREG32(GITS_IIDR):
> + if ( info->dabt.size != DABT_WORD ) goto bad_width;
> + *r = vgic_reg32_extract(GITS_IIDR_VALUE, info);
> + break;
> + case VREG64(GITS_TYPER):
> + if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
> +
> + reg = GITS_TYPER_PHYSICAL;
> + reg |= (sizeof(struct vits_itte) - 1) << GITS_TYPER_ITT_SIZE_SHIFT;
> + reg |= (its->intid_bits - 1) << GITS_TYPER_IDBITS_SHIFT;
> + reg |= (its->devid_bits - 1) << GITS_TYPER_DEVIDS_SHIFT;
> + *r = vgic_reg64_extract(reg, info);
> + break;
> + case 0x0018 ... 0x001c:
> + goto read_reserved;
> + case 0x0020 ... 0x003c:
> + goto read_impl_defined;
> + case 0x0040 ... 0x007c:
> + goto read_reserved;
> + case VREG64(GITS_CBASER):
> + if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
> + spin_lock(&its->its_lock);
> + *r = vgic_reg64_extract(its->cbaser, info);
> + spin_unlock(&its->its_lock);
> + break;
> + case VREG64(GITS_CWRITER):
> + if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
> +
> + reg = its->cwriter;
> + *r = vgic_reg64_extract(reg, info);
> + break;
> + case VREG64(GITS_CREADR):
> + if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
> +
> + reg = its->creadr;
> + *r = vgic_reg64_extract(reg, info);
> + break;
> + case 0x0098 ... 0x00fc:
> + goto read_reserved;
> + case VREG64(GITS_BASER0): /* device table */
> + if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
> + spin_lock(&its->its_lock);
> + *r = vgic_reg64_extract(its->baser_dev, info);
> + spin_unlock(&its->its_lock);
> + break;
> + case VREG64(GITS_BASER1): /* collection table */
> + if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
> + spin_lock(&its->its_lock);
> + *r = vgic_reg64_extract(its->baser_coll, info);
> + spin_unlock(&its->its_lock);
> + break;
> + case VRANGE64(GITS_BASER2, GITS_BASER7):
> + goto read_as_zero_64;
> + case 0x0140 ... 0xbffc:
> + goto read_reserved;
> + case 0xc000 ... 0xffcc:
> + goto read_impl_defined;
> + case 0xffd0 ... 0xffe4:
> + goto read_as_zero_64;
> + case VREG32(GITS_PIDR2):
> + if ( info->dabt.size != DABT_WORD ) goto bad_width;
> + *r = vgic_reg32_extract(GIC_PIDR2_ARCH_GICv3, info);
> + break;
> + case 0xffec ... 0xfffc:
> + goto read_as_zero_64;
Why don't you have a default here? You don't cover all the ranges
(basically all the end of reserved regions such as 0xfffc - 0xfffe ...).
For those accesses you will return 1 as it was handled.
So please add a default and switch all s ... e to VRANGE*.
> + }
> +
> + return 1;
> +
> +read_as_zero_64:
> + if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
> + *r = 0;
> +
> + return 1;
> +
> +read_impl_defined:
> + printk(XENLOG_G_DEBUG
> + "%pv: vGITS: RAZ on implementation defined register offset %#04lx\n",
> + v, info->gpa & 0xffff);
> + *r = 0;
> + return 1;
> +
> +read_reserved:
> + printk(XENLOG_G_DEBUG
> + "%pv: vGITS: RAZ on reserved register offset %#04lx\n",
> + v, info->gpa & 0xffff);
> + *r = 0;
> + return 1;
> +
> +bad_width:
> + printk(XENLOG_G_ERR "vGIIS: bad read width %d r%d offset %#04lx\n",
> + info->dabt.size, info->dabt.reg, (unsigned long)info->gpa & 0xffff);
> + domain_crash_synchronous();
> +
> + return 0;
> +}
> +
> +/******************************
> + * ITS registers write access *
> + ******************************/
> +
> +static unsigned int its_baser_table_size(uint64_t baser)
> +{
> + unsigned int ret, page_size[4] = {SZ_4K, SZ_16K, SZ_64K, SZ_64K};
> +
> + ret = page_size[(baser >> GITS_BASER_PAGE_SIZE_SHIFT) & 3];
> +
> + return ret * ((baser & GITS_BASER_SIZE_MASK) + 1);
> +}
> +
> +static unsigned int its_baser_nr_entries(uint64_t baser)
> +{
> + int entry_size = GITS_BASER_ENTRY_SIZE(baser);
You said you fixed this .... but it looks like not. So please
s/int/unsigned int/
> +
> + return its_baser_table_size(baser) / entry_size;
> +}
> +
> +/* Must be called with the ITS lock held. */
> +static bool vgic_v3_verify_its_status(struct virt_its *its, bool status)
> +{
> + ASSERT(spin_is_locked(&its->its_lock));
> +
> + if ( !status )
> + return false;
> +
> + if ( !(its->cbaser & GITS_VALID_BIT) ||
> + !(its->baser_dev & GITS_VALID_BIT) ||
> + !(its->baser_coll & GITS_VALID_BIT) )
> + {
> + printk(XENLOG_G_WARNING "d%d tried to enable ITS without having the tables configured.\n",
> + its->d->domain_id);
> + return false;
> + }
> +
> + return true;
> +}
> +
> +static void sanitize_its_base_reg(uint64_t *reg)
> +{
> + uint64_t r = *reg;
> +
> + /* Avoid outer shareable. */
> + switch ( (r >> GITS_BASER_SHAREABILITY_SHIFT) & 0x03 )
> + {
> + case GIC_BASER_OuterShareable:
> + r = r & ~GITS_BASER_SHAREABILITY_MASK;
NIT r &= ~GITS...;
> + r |= GIC_BASER_InnerShareable << GITS_BASER_SHAREABILITY_SHIFT;
> + break;
> + default:
> + break;
> + }
> +
> + /* Avoid any inner non-cacheable mapping. */
> + switch ( (r >> GITS_BASER_INNER_CACHEABILITY_SHIFT) & 0x07 )
> + {
> + case GIC_BASER_CACHE_nCnB:
> + case GIC_BASER_CACHE_nC:
> + r = r & ~GITS_BASER_INNER_CACHEABILITY_MASK;
Ditto.
> + r |= GIC_BASER_CACHE_RaWb << GITS_BASER_INNER_CACHEABILITY_SHIFT;
> + break;
> + default:
> + break;
> + }
> +
> + /* Only allow non-cacheable or same-as-inner. */
> + switch ( (r >> GITS_BASER_OUTER_CACHEABILITY_SHIFT) & 0x07 )
> + {
> + case GIC_BASER_CACHE_SameAsInner:
> + case GIC_BASER_CACHE_nC:
> + break;
> + default:
> + r = r & ~GITS_BASER_OUTER_CACHEABILITY_MASK;
Ditto.
> + r |= GIC_BASER_CACHE_nC << GITS_BASER_OUTER_CACHEABILITY_SHIFT;
> + break;
> + }
> +
> + *reg = r;
> +}
> +
> +static int vgic_v3_its_mmio_write(struct vcpu *v, mmio_info_t *info,
> + register_t r, void *priv)
> +{
> + struct domain *d = v->domain;
> + struct virt_its *its = priv;
> + uint64_t reg;
> + uint32_t reg32;
> +
> + switch ( info->gpa & 0xffff )
> + {
> + case VREG32(GITS_CTLR):
> + {
> + uint32_t ctlr;
> +
> + if ( info->dabt.size != DABT_WORD ) goto bad_width;
> +
> + /*
> + * We need to take the vcmd_lock to prevent a guest from disabling
> + * the ITS while commands are still processed.
> + */
> + spin_lock(&its->vcmd_lock);
> + spin_lock(&its->its_lock);
> + ctlr = its->enabled ? GITS_CTLR_ENABLE : 0;
> + reg32 = ctlr;
> + vgic_reg32_update(®32, r, info);
> +
> + if ( ctlr ^ reg32 )
> + its->enabled = vgic_v3_verify_its_status(its,
> + reg32 & GITS_CTLR_ENABLE);
> + spin_unlock(&its->its_lock);
> + spin_unlock(&its->vcmd_lock);
> + return 1;
> + }
> +
> + case VREG32(GITS_IIDR):
> + goto write_ignore_32;
> + case VREG32(GITS_TYPER):
> + goto write_ignore_32;
> + case 0x0018 ... 0x001c:
Please correctly implement the range use VRANGE*.
> + goto write_reserved;
> + case 0x0020 ... 0x003c:
> + goto write_impl_defined;
> + case 0x0040 ... 0x007c:
> + goto write_reserved;
> + case VREG64(GITS_CBASER):
> + if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
> +
> + spin_lock(&its->vcmd_lock);
Why do you need to take the command lock here? its->enabled will prevent
to modify cbaser to be overwritten.
> + spin_lock(&its->its_lock);
> + /* Changing base registers with the ITS enabled is UNPREDICTABLE. */
> + if ( its->enabled )
> + {
> + spin_unlock(&its->its_lock);
> + spin_unlock(&its->vcmd_lock);
> + gdprintk(XENLOG_WARNING,
> + "ITS: tried to change CBASER with the ITS enabled.\n");
> + return 1;
> + }
> +
> + reg = its->cbaser;
> + vgic_reg64_update(®, r, info);
> + sanitize_its_base_reg(®);
> +
> + its->cbaser = reg;
> + its->creadr = 0;
> + spin_unlock(&its->its_lock);
> + spin_unlock(&its->vcmd_lock);
> +
> + return 1;
> +
> + case VREG64(GITS_CWRITER):
> + if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
> +
> + spin_lock(&its->vcmd_lock);
> + reg = its->cwriter & 0xfffe0;
Please explain this mask.
> + vgic_reg64_update(®, r, info);
> + its->cwriter = reg & 0xfffe0;
Ditto. You likely need a define for that.
> +
> + if ( its->enabled )
So its->enabled is in this case protected by vcmd_lock and not its->lock
as other place, correct? If so, please document it.
> + {
> + int ret = vgic_its_handle_cmds(d, its);
I am not convinced of the usefulness of the temporary variable ret. You
could directly do:
if ( vgic_its_handle_cmds(...) )
printk(....)
> +
> + if ( ret )
> + printk(XENLOG_G_WARNING "error handling ITS commands\n");
Again you likely want to print the domain id here. So I would it to
gdprintk.
> + }
> + spin_unlock(&its->vcmd_lock);
> +
> + return 1;
> +
> + case VREG64(GITS_CREADR):
> + goto write_ignore_64;
> +
> + case 0x0098 ... 0x00fc:
> + goto write_reserved;
> + case VREG64(GITS_BASER0): /* device table */
> + if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
> +
> + spin_lock(&its->its_lock);
> +
> + /*
> + * Changing base registers with the ITS enabled is UNPREDICTABLE,
> + * we choose to ignore it, but warn.
> + */
> + if ( its->enabled )
> + {
> + spin_unlock(&its->its_lock);
> + gdprintk(XENLOG_WARNING, "ITS: tried to change BASER with the ITS enabled.\n");
> +
> + return 1;
> + }
> +
> + reg = its->baser_dev;
> + vgic_reg64_update(®, r, info);
> +
> + /* We don't support indirect tables for now. */
> + reg &= ~(GITS_BASER_RO_MASK | GITS_BASER_INDIRECT);
> + reg |= (sizeof(uint64_t) - 1) << GITS_BASER_ENTRY_SIZE_SHIFT;
> + reg |= GITS_BASER_TYPE_DEVICE << GITS_BASER_TYPE_SHIFT;
> + sanitize_its_base_reg(®);
> +
> + if ( reg & GITS_VALID_BIT )
> + {
> + its->max_devices = its_baser_nr_entries(reg);
> + if ( its->max_devices > BIT(its->devid_bits) )
> + its->max_devices = BIT(its->devid_bits);
> + }
> + else
> + its->max_devices = 0;
> +
> + its->baser_dev = reg;
> + spin_unlock(&its->its_lock);
> + return 1;
> + case VREG64(GITS_BASER1): /* collection table */
> + if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
> +
> + spin_lock(&its->its_lock);
> + /*
> + * Changing base registers with the ITS enabled is UNPREDICTABLE,
> + * we choose to ignore it, but warn.
> + */
> + if ( its->enabled )
> + {
> + spin_unlock(&its->its_lock);
> + gdprintk(XENLOG_INFO, "ITS: tried to change BASER with the ITS enabled.\n");
> + return 1;
> + }
> +
> + reg = its->baser_coll;
> + vgic_reg64_update(®, r, info);
> + /* No indirect tables for the collection table. */
> + reg &= ~(GITS_BASER_RO_MASK | GITS_BASER_INDIRECT);
> + reg |= (sizeof(uint16_t) - 1) << GITS_BASER_ENTRY_SIZE_SHIFT;
> + reg |= GITS_BASER_TYPE_COLLECTION << GITS_BASER_TYPE_SHIFT;
> + sanitize_its_base_reg(®);
> +
> + if ( reg & GITS_VALID_BIT )
> + its->max_collections = its_baser_nr_entries(reg);
> + else
> + its->max_collections = 0;
> + its->baser_coll = reg;
> + spin_unlock(&its->its_lock);
> + return 1;
> + case VRANGE64(GITS_BASER2, GITS_BASER7):
> + goto write_ignore_64;
> + case 0x0140 ... 0xbffc:
> + goto write_reserved;
> + case 0xc000 ... 0xffcc:
> + goto write_impl_defined;
> + case 0xffd0 ... 0xffe4: /* IMPDEF identification registers */
> + goto write_impl_defined;
> + case VREG32(GITS_PIDR2):
> + goto write_ignore_32;
> + case 0xffec ... 0xfffc: /* IMPDEF identification registers */
> + goto write_impl_defined;
> + default:
> + gdprintk(XENLOG_G_WARNING, "ITS: unhandled ITS register 0x%lx\n",
> + info->gpa & 0xffff);
> + return 0;
> + }
> +
> + return 1;
> +
> +write_ignore_64:
> + if ( !vgic_reg64_check_access(info->dabt) ) goto bad_width;
> + return 1;
> +
> +write_ignore_32:
> + if ( info->dabt.size != DABT_WORD ) goto bad_width;
> + return 1;
> +
> +write_impl_defined:
> + printk(XENLOG_G_DEBUG
> + "%pv: vGITS: WI on implementation defined register offset %#04lx\n",
> + v, info->gpa & 0xffff);
> + return 1;
> +
> +write_reserved:
> + printk(XENLOG_G_DEBUG
> + "%pv: vGITS: WI on implementation defined register offset %#04lx\n",
> + v, info->gpa & 0xffff);
> + return 1;
> +
> +bad_width:
> + printk(XENLOG_G_ERR "vGITS: bad write width %d r%d offset %#08lx\n",
> + info->dabt.size, info->dabt.reg, (unsigned long)info->gpa & 0xffff);
> +
> + domain_crash_synchronous();
> +
> + return 0;
> +}
> +
> +static const struct mmio_handler_ops vgic_its_mmio_handler = {
> + .read = vgic_v3_its_mmio_read,
> + .write = vgic_v3_its_mmio_write,
> +};
> +
> /*
> * Local variables:
> * mode: C
> diff --git a/xen/include/asm-arm/gic_v3_its.h b/xen/include/asm-arm/gic_v3_its.h
> index 09c7117..ea574c4 100644
> --- a/xen/include/asm-arm/gic_v3_its.h
> +++ b/xen/include/asm-arm/gic_v3_its.h
> @@ -35,6 +35,7 @@
> #define GITS_BASER5 0x128
> #define GITS_BASER6 0x130
> #define GITS_BASER7 0x138
> +#define GITS_PIDR2 GICR_PIDR2
>
> /* Register bits */
> #define GITS_VALID_BIT BIT(63)
> @@ -57,6 +58,7 @@
> #define GITS_TYPER_ITT_SIZE_MASK (0xfUL << GITS_TYPER_ITT_SIZE_SHIFT)
> #define GITS_TYPER_ITT_SIZE(r) ((((r) & GITS_TYPER_ITT_SIZE_MASK) >> \
> GITS_TYPER_ITT_SIZE_SHIFT) + 1)
> +#define GITS_TYPER_PHYSICAL (1U << 0)
>
> #define GITS_BASER_INDIRECT BIT(62)
> #define GITS_BASER_INNER_CACHEABILITY_SHIFT 59
> @@ -76,6 +78,7 @@
> (((reg >> GITS_BASER_ENTRY_SIZE_SHIFT) & 0x1f) + 1)
> #define GITS_BASER_SHAREABILITY_SHIFT 10
> #define GITS_BASER_PAGE_SIZE_SHIFT 8
> +#define GITS_BASER_SIZE_MASK 0xff
> #define GITS_BASER_SHAREABILITY_MASK (0x3ULL << GITS_BASER_SHAREABILITY_SHIFT)
> #define GITS_BASER_OUTER_CACHEABILITY_MASK (0x7ULL << GITS_BASER_OUTER_CACHEABILITY_SHIFT)
> #define GITS_BASER_INNER_CACHEABILITY_MASK (0x7ULL << GITS_BASER_INNER_CACHEABILITY_SHIFT)
>
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
* Re: [PATCH v6 24/36] ARM: vITS: add command handling stub and MMIO emulation
2017-04-09 20:16 ` Julien Grall
@ 2017-04-11 15:49 ` Andre Przywara
0 siblings, 0 replies; 75+ messages in thread
From: Andre Przywara @ 2017-04-11 15:49 UTC (permalink / raw)
To: Julien Grall, Stefano Stabellini
Cc: xen-devel, Vijay Kilari, Shanker Donthineni
Hi,
On 09/04/17 21:16, Julien Grall wrote:
> Hi Andre,
>
> On 04/07/2017 06:32 PM, Andre Przywara wrote:
>> Emulate the memory mapped ITS registers and provide a stub to introduce
>> the ITS command handling framework (but without actually emulating any
>> commands at this time).
>>
>> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
>> ---
>> xen/arch/arm/vgic-v3-its.c | 512
>> +++++++++++++++++++++++++++++++++++++++
>> xen/include/asm-arm/gic_v3_its.h | 3 +
>> 2 files changed, 515 insertions(+)
>>
>> diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
>> index 065ffe2..a171a3b 100644
>> --- a/xen/arch/arm/vgic-v3-its.c
>> +++ b/xen/arch/arm/vgic-v3-its.c
>> @@ -67,6 +67,9 @@ struct vits_itte
>> uint16_t pad;
>> };
>>
>> +#define GITS_BASER_RO_MASK (GITS_BASER_TYPE_MASK | \
>> + (31UL << GITS_BASER_ENTRY_SIZE_SHIFT))
>> +
>> int vgic_v3_its_init_domain(struct domain *d)
>> {
>> spin_lock_init(&d->arch.vgic.its_devices_lock);
>> @@ -80,6 +83,515 @@ void vgic_v3_its_free_domain(struct domain *d)
>> ASSERT(RB_EMPTY_ROOT(&d->arch.vgic.its_devices));
>> }
>>
>> +/**************************************
>> + * Functions that handle ITS commands *
>> + **************************************/
>> +
>> +static uint64_t its_cmd_mask_field(uint64_t *its_cmd, unsigned int word,
>> + unsigned int shift, unsigned int
>> size)
>> +{
>> + return (le64_to_cpu(its_cmd[word]) >> shift) & (BIT(size) - 1);
>> +}
>> +
>> +#define its_cmd_get_command(cmd) its_cmd_mask_field(cmd, 0,
>> 0, 8)
>> +#define its_cmd_get_deviceid(cmd) its_cmd_mask_field(cmd, 0,
>> 32, 32)
>> +#define its_cmd_get_size(cmd) its_cmd_mask_field(cmd, 1,
>> 0, 5)
>> +#define its_cmd_get_id(cmd) its_cmd_mask_field(cmd, 1,
>> 0, 32)
>> +#define its_cmd_get_physical_id(cmd) its_cmd_mask_field(cmd, 1,
>> 32, 32)
>> +#define its_cmd_get_collection(cmd) its_cmd_mask_field(cmd, 2,
>> 0, 16)
>> +#define its_cmd_get_target_addr(cmd) its_cmd_mask_field(cmd, 2,
>> 16, 32)
>> +#define its_cmd_get_validbit(cmd) its_cmd_mask_field(cmd, 2,
>> 63, 1)
>> +#define its_cmd_get_ittaddr(cmd) (its_cmd_mask_field(cmd, 2,
>> 8, 44) << 8)
>> +
>> +#define ITS_CMD_BUFFER_SIZE(baser) ((((baser) & 0xff) + 1) << 12)
>> +
>> +/*
>> + * Requires the vcmd_lock to be held.
>> + * TODO: Investigate whether we can be smarter here and don't need to
>> hold
>> + * the lock all of the time.
>> + */
>> +static int vgic_its_handle_cmds(struct domain *d, struct virt_its *its)
>> +{
>> + paddr_t addr = its->cbaser & GENMASK(51, 12);
>> + uint64_t command[4];
>> + uint64_t creadr = its->creadr;
>> +
>> + ASSERT(spin_is_locked(&its->vcmd_lock));
>> +
>> + if ( its->cwriter >= ITS_CMD_BUFFER_SIZE(its->cbaser) )
>> + return -1;
>> +
>> + while ( creadr != its->cwriter )
>> + {
>> + int ret;
>> +
>> + ret = vgic_access_guest_memory(d, addr + creadr,
>> + command, sizeof(command), false);
>> + if ( ret )
>> + return ret;
>> +
>> + switch ( its_cmd_get_command(command) )
>> + {
>> + case GITS_CMD_SYNC:
>> + /* We handle ITS commands synchronously, so we ignore
>> SYNC. */
>> + break;
>> + default:
>> + gdprintk(XENLOG_WARNING, "ITS: unhandled ITS command %lu\n",
>> + its_cmd_get_command(command));
>> + break;
>> + }
>> +
>> + creadr += ITS_CMD_SIZE;
>> + if ( creadr == ITS_CMD_BUFFER_SIZE(its->cbaser) )
>> + creadr = 0;
>> + its->creadr = creadr; /* allow the guest to see the
>> progress */
>
> I hope you know that the compiler can decide to drop the temporary
> variable for optimization? ;) So it may decide to write-back everytime
> in its->creadr.
I don't think it can do it, because creadr is different from its->creadr
here (on purpose!). So doing this optimization would violate the program
semantic (because the end-of-buffer value would never be visible).
But just to be sure I replaced this check with a modulo operation over
the ITS_CMD_BUFFER_SIZE.
Not sure everyone likes *that* now, though ;-)
Cheers,
Andre.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 75+ messages in thread
end of thread, other threads:[~2017-04-11 15:46 UTC | newest]
Thread overview: 75+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-07 17:32 [PATCH v6 00/36] arm64: Dom0 ITS emulation Andre Przywara
2017-04-07 17:32 ` [PATCH v6 01/36] ARM: GICv3 ITS: parse and store ITS subnodes from hardware DT Andre Przywara
2017-04-07 17:51 ` Stefano Stabellini
2017-04-07 18:02 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 02/36] ARM: GICv3 ITS: initialize host ITS Andre Przywara
2017-04-07 17:32 ` [PATCH v6 03/36] ARM: GICv3: allocate LPI pending and property table Andre Przywara
2017-04-07 18:04 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 04/36] ARM: GICv3 ITS: allocate device and collection table Andre Przywara
2017-04-07 17:32 ` [PATCH v6 05/36] ARM: GICv3 ITS: map ITS command buffer Andre Przywara
2017-04-07 17:32 ` [PATCH v6 06/36] ARM: GICv3 ITS: introduce ITS command handling Andre Przywara
2017-04-07 17:32 ` [PATCH v6 07/36] ARM: GICv3 ITS: introduce host LPI array Andre Przywara
2017-04-07 17:55 ` Stefano Stabellini
2017-04-07 18:08 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 08/36] ARM: vGICv3: introduce ITS emulation stub Andre Przywara
2017-04-07 17:57 ` Stefano Stabellini
2017-04-07 18:09 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 09/36] ARM: GICv3 ITS: introduce device mapping Andre Przywara
2017-04-07 18:21 ` Stefano Stabellini
2017-04-07 19:21 ` Andre Przywara
2017-04-07 18:21 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 10/36] ARM: GIC: Add checks for NULL pointer pending_irq's Andre Przywara
2017-04-07 18:32 ` Julien Grall
2017-04-07 19:07 ` Stefano Stabellini
2017-04-07 20:46 ` André Przywara
2017-04-07 20:58 ` Julien Grall
2017-04-07 21:45 ` Stefano Stabellini
2017-04-07 22:09 ` Stefano Stabellini
2017-04-07 22:12 ` André Przywara
2017-04-07 17:32 ` [PATCH v6 11/36] ARM: GICv3: introduce separate pending_irq structs for LPIs Andre Przywara
2017-04-07 18:49 ` Stefano Stabellini
2017-04-07 21:02 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 12/36] ARM: GICv3: forward pending LPIs to guests Andre Przywara
2017-04-07 18:59 ` Stefano Stabellini
2017-04-07 21:09 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 13/36] ARM: GICv3: enable ITS and LPIs on the host Andre Przywara
2017-04-07 19:10 ` Stefano Stabellini
2017-04-07 17:32 ` [PATCH v6 14/36] ARM: vGICv3: handle virtual LPI pending and property tables Andre Przywara
2017-04-07 21:29 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 15/36] ARM: introduce vgic_access_guest_memory() Andre Przywara
2017-04-07 21:35 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 16/36] ARM: vGICv3: re-use vgic_reg64_check_access Andre Przywara
2017-04-09 19:39 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 17/36] ARM: GIC: clear LPI pending bit on cleaning up LR Andre Przywara
2017-04-07 17:32 ` [PATCH v6 18/36] ARM: GIC: export vgic_init_pending_irq() Andre Przywara
2017-04-09 19:40 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 19/36] ARM: VGIC: add vcpu_id to struct pending_irq Andre Przywara
2017-04-07 22:11 ` Julien Grall
2017-04-07 22:14 ` Stefano Stabellini
2017-04-07 22:19 ` Julien Grall
2017-04-07 22:31 ` Stefano Stabellini
2017-04-07 22:52 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 20/36] ARM: vGICv3: add virtual ITS list head and comment about iteration Andre Przywara
2017-04-07 17:32 ` [PATCH v6 21/36] ARM: GICv3: prepare for virtual ITS subnodes Andre Przywara
2017-04-07 22:59 ` Julien Grall
2017-04-07 23:06 ` André Przywara
2017-04-07 23:12 ` Julien Grall
2017-04-07 23:23 ` André Przywara
2017-04-07 17:32 ` [PATCH v6 22/36] ARM: vGIC: advertise LPI support Andre Przywara
2017-04-09 19:37 ` Julien Grall
2017-04-07 17:32 ` [PATCH v6 23/36] ARM: vGICv3: handle disabled LPIs Andre Przywara
2017-04-07 17:32 ` [PATCH v6 24/36] ARM: vITS: add command handling stub and MMIO emulation Andre Przywara
2017-04-09 20:16 ` Julien Grall
2017-04-11 15:49 ` Andre Przywara
2017-04-07 17:32 ` [PATCH v6 25/36] ARM: vITS: introduce translation table walks Andre Przywara
2017-04-07 17:32 ` [PATCH v6 26/36] ARM: vITS: handle CLEAR command Andre Przywara
2017-04-07 17:32 ` [PATCH v6 27/36] ARM: vITS: handle INT command Andre Przywara
2017-04-07 17:32 ` [PATCH v6 28/36] ARM: vITS: handle MAPC command Andre Przywara
2017-04-07 17:33 ` [PATCH v6 29/36] ARM: vITS: handle MAPD command Andre Przywara
2017-04-07 17:33 ` [PATCH v6 30/36] ARM: vITS: handle MAPTI command Andre Przywara
2017-04-07 17:33 ` [PATCH v6 31/36] ARM: vITS: handle MOVI command Andre Przywara
2017-04-07 17:33 ` [PATCH v6 32/36] ARM: vITS: handle DISCARD command Andre Przywara
2017-04-07 17:33 ` [PATCH v6 33/36] ARM: vITS: handle INV command Andre Przywara
2017-04-07 17:33 ` [PATCH v6 34/36] ARM: vITS: handle INVALL command Andre Przywara
2017-04-07 17:33 ` [PATCH v6 35/36] ARM: vITS: create and initialize virtual ITSes for Dom0 Andre Przywara
2017-04-07 17:33 ` [PATCH v6 36/36] ARM: vITS: create ITS subnodes for Dom0 DT Andre Przywara
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.