* [Qemu-devel] [PATCH v11 00/17] ARM SMMUv3 Emulation Support
@ 2018-04-12 7:37 Eric Auger
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 01/17] hw/arm/smmu-common: smmu base device and datatypes Eric Auger
` (16 more replies)
0 siblings, 17 replies; 37+ messages in thread
From: Eric Auger @ 2018-04-12 7:37 UTC (permalink / raw)
To: eric.auger.pro, eric.auger, qemu-devel, qemu-arm, peter.maydell,
prem.mallappa
Cc: alex.williamson, tn, mst, cdall, bharat.bhushan,
jean-philippe.brucker, linuc.decode, peterx, jintack
This series implements the emulation code for ARM SMMUv3.
SMMUv3 gets instantiated by adding ",iommu=smmuv3" to the virt
machine option.
Only stage 1 and AArch64 PTW are supported. [1 - 14] bring the core
emulation code. [15, 16] bring optimizations and 17 brings the vhost
integration.
Main changes since v10:
- fix irq_ctrl_ack read
- on PTW error and when the event is not recorded/set, don't output
SMMU_EVT_OK anymore but return the ret value instead.
- Add the 3 last patches:
- configuration cache, IOTLB emulation and vhost integration
Important Note:
I added the last 3 patches for consistency but I would be happy
if [1 - 14] could land upstream first, without waiting for the last
3 patch additional review cycles.
Also note that for vhost integration testing I needed a fix on
kernel side: [PATCH] vhost: Fix vhost_copy_to_user(). Otherwise
vhost-net stalls are observed.
Best Regards
Eric
This series can be found at:
v11: https://github.com/eauger/qemu/tree/v2.12.0-rc2-SMMU-v11
Previous version at:
v10: https://github.com/eauger/qemu/tree/v2.11.0-SMMU-v10
History:
v10 -> v11:
- one fix irq_ctrl_ack read
- addition of last 3 patches
v9 -> v10:
- see individual change logs
v8 -> v9:
- fix mingw compilation (qemu/log.h)
- put gpl v2 license on all files to respect initial license
- change proto of smmu_ptw* to clarify inputs/outputs and
prepare for iotlb emulation
- fix hash table lookup
- cleanup access type handling during ptw
- cleanup reset infra (parent_reset)
- replace some inline functions by macros
- fix some CMD fields
- increment cmdq cons only after cmd execution
- replace some remaining error_report by qemu_log_mask
v7 -> v8:
Took into account Peter's comments:
- revisit queue data structures
- use registerfields.h and got rid of reg array
- use dma_memory_read for all descriptor fetches
- got rid of page table walk for an iova range and
implemented standard page table walk for single IOVA
- revisit event data structure
- report events in many more situations and pass the event
handle all along the decode and ptw phases
- fix gerror/gerron computations
- completely got rid of stage2 decoding
- use a machine option for instantiation
- get rid of VFIO integration
- get rid of VHOST integration (this will be added in a
- abort in case vhost/vfio notifiers get detected
second step together with TLB emulation)
- Tested migration
- fixed TTBR index computation (issue reported by Tomasz)
v6 -> v7:
- DPDK testpmd now running on guest with 2 assigned VFs
- Changed the instantiation method: add the following option to
the QEMU command line
-device smmu # for virtio/vhost use cases
-device smmu,caching-mode # for vfio use cases (based on [1])
- splitted the series into smaller patches to allow the review
- the VFIO integration based on "ltlbi-on-map" smmuv3 driver
is isolated from the rest: last 2 patches, not for upstream.
This is shipped for testing/bench until a better solution is found.
- Reworked permission flag checks and event generation
v5 -> v6:
- Rebase on 2.10 and IOMMUMemoryRegion
- add ACPI TLBI_ON_MAP support (VFIO integration also works in
ACPI mode)
- fix block replay
- handle implementation defined SMMU_CMD_TLBI_NH_VA_AM cmd
(goes along with TLBI_ON_MAP FW quirk)
- replay systematically unmap the whole range first
- smmuv3_map_hook does not unmap anymore and the unmap is done
before the replay
- add and use smmuv3_context_device_invalidate instead of
blindly replaying everything
v4 -> v5:
- initial_level now part of SMMUTransCfg
- smmu_page_walk_64 takes into account the max input size
- implement sys->iommu_ops.replay and sys->iommu_ops.notify_flag_changed
- smmuv3_translate: bug fix: don't walk on bypass
- smmu_update_qreg: fix PROD index update
- I did not yet address Peter's comments as the code is not mature enough
to be split into sub patches.
v3 -> v4 [Eric]:
- page table walk rewritten to allow scan of the page table within a
range of IOVA. This prepares for VFIO integration and replay.
- configuration parsing partially reworked.
- do not advertise unsupported/untested features: S2, S1 + S2, HYP,
PRI, ATS, ..
- added ACPI table generation
- migrated to dynamic traces
- mingw compilation fix
v2 -> v3 [Eric]:
- rebased on 2.9
- mostly code and patch reorganization to ease the review process
- optional patches removed. They may be handled separately. I am currently
working on ACPI enablement.
- optional instantiation of the smmu in mach-virt
- removed [2/9] (fdt functions) since not mandated
- start splitting main patch into base and derived object
- no new function feature added
v1 -> v2 [Prem]:
- Adopted review comments from Eric Auger
- Make SMMU_DPRINTF to internally call qemu_log
(since translation requests are too many, we need control
on the type of log we want)
- SMMUTransCfg modified to suite simplicity
- Change RegInfo to uint64 register array
- Code cleanup
- Test cleanups
- Reshuffled patches
v0 -> v1 [Prem]:
- As per SMMUv3 spec 16.0 (only is_ste_consistant() is noticeable)
- Reworked register access/update logic
- Factored out translation code for
- single point bug fix
- sharing/removal in future
- (optional) Unit tests added, with PCI test device
- S1 with 4k/64k, S1+S2 with 4k/64k
- (S1 or S2) only can be verified by Linux 4.7 driver
- (optional) Priliminary ACPI support
v0 [Prem]:
- Implements SMMUv3 spec 11.0
- Supported for PCIe devices,
- Command Queue and Event Queue supported
- LPAE only, S1 is supported and Tested, S2 not tested
- BE mode Translation not supported
- IRQ support (legacy, no MSI)
- Tested with DPDK and e1000
Eric Auger (14):
hw/arm/smmu-common: smmu base device and datatypes
hw/arm/smmu-common: IOMMU memory region and address space setup
hw/arm/smmu-common: VMSAv8-64 page table walk
hw/arm/smmuv3: Wired IRQ and GERROR helpers
hw/arm/smmuv3: Queue helpers
hw/arm/smmuv3: Implement MMIO write operations
hw/arm/smmuv3: Event queue recording helper
hw/arm/smmuv3: Implement translate callback
hw/arm/smmuv3: Abort on vfio or vhost case
target/arm/kvm: Translate the MSI doorbell in kvm_arch_fixup_msi_route
hw/arm/virt: Introduce the iommu option
hw/arm/smmuv3: Cache/invalidate config data
hw/arm/smmuv3: IOTLB emulation
hw/arm/smmuv3: Add notifications on invalidation
Prem Mallappa (3):
hw/arm/smmuv3: Skeleton
hw/arm/virt: Add SMMUv3 to the virt board
hw/arm/virt-acpi-build: Add smmuv3 node in IORT table
default-configs/aarch64-softmmu.mak | 1 +
hw/arm/Makefile.objs | 1 +
hw/arm/smmu-common.c | 446 +++++++++++
hw/arm/smmu-internal.h | 102 +++
hw/arm/smmuv3-internal.h | 609 ++++++++++++++
hw/arm/smmuv3.c | 1494 +++++++++++++++++++++++++++++++++++
hw/arm/trace-events | 57 ++
hw/arm/virt-acpi-build.c | 55 +-
hw/arm/virt.c | 100 ++-
include/hw/acpi/acpi-defs.h | 15 +
include/hw/arm/smmu-common.h | 166 ++++
include/hw/arm/smmuv3.h | 88 +++
include/hw/arm/virt.h | 10 +
target/arm/kvm.c | 27 +
target/arm/trace-events | 3 +
15 files changed, 3166 insertions(+), 8 deletions(-)
create mode 100644 hw/arm/smmu-common.c
create mode 100644 hw/arm/smmu-internal.h
create mode 100644 hw/arm/smmuv3-internal.h
create mode 100644 hw/arm/smmuv3.c
create mode 100644 include/hw/arm/smmu-common.h
create mode 100644 include/hw/arm/smmuv3.h
--
2.5.5
^ permalink raw reply [flat|nested] 37+ messages in thread
* [Qemu-devel] [PATCH v11 01/17] hw/arm/smmu-common: smmu base device and datatypes
2018-04-12 7:37 [Qemu-devel] [PATCH v11 00/17] ARM SMMUv3 Emulation Support Eric Auger
@ 2018-04-12 7:37 ` Eric Auger
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 02/17] hw/arm/smmu-common: IOMMU memory region and address space setup Eric Auger
` (15 subsequent siblings)
16 siblings, 0 replies; 37+ messages in thread
From: Eric Auger @ 2018-04-12 7:37 UTC (permalink / raw)
To: eric.auger.pro, eric.auger, qemu-devel, qemu-arm, peter.maydell,
prem.mallappa
Cc: alex.williamson, tn, mst, cdall, bharat.bhushan,
jean-philippe.brucker, linuc.decode, peterx, jintack
The patch introduces the smmu base device and class for the ARM
smmu. Devices for specific versions will be derived from this
base device.
We also introduce some important datatypes.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
---
v10 -> v11:
- remove hash tables for configs and iotlb which will be
introduced later on
v9 -> v10:
- invoke the parent_realize
- use device_class_set_parent_realize
- use "" to include headers
- fix indent in SMMUTransCfg
- rename smmu_as_by_busptr into smmu_pcibus_by_busptr and
smmu_as_by_bus_num into smmu_pcibus_by_bus_num
- mrtypename becomes const
- add Peter's R-b
v8 -> v9:
- remove page walk callback type from this patch (vhost related)
- add a new hash table for caching configuration data
- add reset function
- add asid
v7 -> v8:
- add bus_num property
- add primary-bus property
- add realize and remove instance_init
- rename TYPE and related macros to match naming convention using
for GIC
- add SMMUPageTableWalkEventInfo
- tt[2] in translation config
v3 -> v4:
- added smmu_find_as_from_bus_num
- SMMU_PCI_BUS_MAX and SMMU_PCI_DEVFN_MAX in smmu-common header
- new fields in SMMUState:
- iommu_ops, smmu_as_by_busptr, smmu_as_by_bus_num
- add aa64[] field in SMMUTransCfg
v3:
- moved the base code in a separate patch to ease the review.
- clearer separation between base class and smmuv3 class
- translate_* only implemented as class methods
Conflicts:
default-configs/aarch64-softmmu.mak
Conflicts:
hw/arm/Makefile.objs
---
default-configs/aarch64-softmmu.mak | 1 +
hw/arm/Makefile.objs | 1 +
hw/arm/smmu-common.c | 81 +++++++++++++++++++++++
include/hw/arm/smmu-common.h | 124 ++++++++++++++++++++++++++++++++++++
4 files changed, 207 insertions(+)
create mode 100644 hw/arm/smmu-common.c
create mode 100644 include/hw/arm/smmu-common.h
diff --git a/default-configs/aarch64-softmmu.mak b/default-configs/aarch64-softmmu.mak
index 9ddccf8..6f790f0 100644
--- a/default-configs/aarch64-softmmu.mak
+++ b/default-configs/aarch64-softmmu.mak
@@ -8,3 +8,4 @@ CONFIG_DDC=y
CONFIG_DPCD=y
CONFIG_XLNX_ZYNQMP=y
CONFIG_XLNX_ZYNQMP_ARM=y
+CONFIG_ARM_SMMUV3=y
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 2885e3e..558436f 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -35,3 +35,4 @@ obj-$(CONFIG_MPS2) += mps2-tz.o
obj-$(CONFIG_MSF2) += msf2-soc.o msf2-som.o
obj-$(CONFIG_IOTKIT) += iotkit.o
obj-$(CONFIG_FSL_IMX7) += fsl-imx7.o mcimx7d-sabre.o
+obj-$(CONFIG_ARM_SMMUV3) += smmu-common.o
diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
new file mode 100644
index 0000000..e086ff5
--- /dev/null
+++ b/hw/arm/smmu-common.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2014-2016 Broadcom Corporation
+ * Copyright (c) 2017 Red Hat, Inc.
+ * Written by Prem Mallappa, Eric Auger
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * Author: Prem Mallappa <pmallapp@broadcom.com>
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "sysemu/sysemu.h"
+#include "exec/address-spaces.h"
+#include "trace.h"
+#include "exec/target_page.h"
+#include "qom/cpu.h"
+#include "hw/qdev-properties.h"
+#include "qapi/error.h"
+
+#include "qemu/error-report.h"
+#include "hw/arm/smmu-common.h"
+
+static void smmu_base_realize(DeviceState *dev, Error **errp)
+{
+ SMMUBaseClass *sbc = ARM_SMMU_GET_CLASS(dev);
+ Error *local_err = NULL;
+
+ sbc->parent_realize(dev, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
+}
+
+static void smmu_base_reset(DeviceState *dev)
+{
+ /* will be filled later on */
+}
+
+static Property smmu_dev_properties[] = {
+ DEFINE_PROP_UINT8("bus_num", SMMUState, bus_num, 0),
+ DEFINE_PROP_LINK("primary-bus", SMMUState, primary_bus, "PCI", PCIBus *),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void smmu_base_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SMMUBaseClass *sbc = ARM_SMMU_CLASS(klass);
+
+ dc->props = smmu_dev_properties;
+ device_class_set_parent_realize(dc, smmu_base_realize,
+ &sbc->parent_realize);
+ dc->reset = smmu_base_reset;
+}
+
+static const TypeInfo smmu_base_info = {
+ .name = TYPE_ARM_SMMU,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(SMMUState),
+ .class_data = NULL,
+ .class_size = sizeof(SMMUBaseClass),
+ .class_init = smmu_base_class_init,
+ .abstract = true,
+};
+
+static void smmu_base_register_types(void)
+{
+ type_register_static(&smmu_base_info);
+}
+
+type_init(smmu_base_register_types)
+
diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h
new file mode 100644
index 0000000..5910692
--- /dev/null
+++ b/include/hw/arm/smmu-common.h
@@ -0,0 +1,124 @@
+/*
+ * ARM SMMU Support
+ *
+ * Copyright (C) 2015-2016 Broadcom Corporation
+ * Copyright (c) 2017 Red Hat, Inc.
+ * Written by Prem Mallappa, Eric Auger
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ */
+
+#ifndef HW_ARM_SMMU_COMMON_H
+#define HW_ARM_SMMU_COMMON_H
+
+#include "hw/sysbus.h"
+#include "hw/pci/pci.h"
+
+#define SMMU_PCI_BUS_MAX 256
+#define SMMU_PCI_DEVFN_MAX 256
+
+#define SMMU_MAX_VA_BITS 48
+
+/*
+ * Page table walk error types
+ */
+typedef enum {
+ SMMU_PTW_ERR_NONE,
+ SMMU_PTW_ERR_WALK_EABT, /* Translation walk external abort */
+ SMMU_PTW_ERR_TRANSLATION, /* Translation fault */
+ SMMU_PTW_ERR_ADDR_SIZE, /* Address Size fault */
+ SMMU_PTW_ERR_ACCESS, /* Access fault */
+ SMMU_PTW_ERR_PERMISSION, /* Permission fault */
+} SMMUPTWEventType;
+
+typedef struct SMMUPTWEventInfo {
+ SMMUPTWEventType type;
+ dma_addr_t addr; /* fetched address that induced an abort, if any */
+} SMMUPTWEventInfo;
+
+typedef struct SMMUTransTableInfo {
+ bool disabled; /* is the translation table disabled? */
+ uint64_t ttb; /* TT base address */
+ uint8_t tsz; /* input range, ie. 2^(64 -tsz)*/
+ uint8_t granule_sz; /* granule page shift */
+ uint8_t initial_level; /* initial lookup level */
+} SMMUTransTableInfo;
+
+/*
+ * Generic structure populated by derived SMMU devices
+ * after decoding the configuration information and used as
+ * input to the page table walk
+ */
+typedef struct SMMUTransCfg {
+ int stage; /* translation stage */
+ bool aa64; /* arch64 or aarch32 translation table */
+ bool disabled; /* smmu is disabled */
+ bool bypassed; /* translation is bypassed */
+ bool aborted; /* translation is aborted */
+ uint64_t ttb; /* TT base address */
+ uint8_t oas; /* output address width */
+ uint8_t tbi; /* Top Byte Ignore */
+ uint16_t asid;
+ SMMUTransTableInfo tt[2];
+} SMMUTransCfg;
+
+typedef struct SMMUDevice {
+ void *smmu;
+ PCIBus *bus;
+ int devfn;
+ IOMMUMemoryRegion iommu;
+ AddressSpace as;
+} SMMUDevice;
+
+typedef struct SMMUNotifierNode {
+ SMMUDevice *sdev;
+ QLIST_ENTRY(SMMUNotifierNode) next;
+} SMMUNotifierNode;
+
+typedef struct SMMUPciBus {
+ PCIBus *bus;
+ SMMUDevice *pbdev[0]; /* Parent array is sparse, so dynamically alloc */
+} SMMUPciBus;
+
+typedef struct SMMUState {
+ /* <private> */
+ SysBusDevice dev;
+ const char *mrtypename;
+ MemoryRegion iomem;
+
+ GHashTable *smmu_pcibus_by_busptr;
+ GHashTable *configs; /* cache for configuration data */
+ GHashTable *iotlb;
+ SMMUPciBus *smmu_pcibus_by_bus_num[SMMU_PCI_BUS_MAX];
+ PCIBus *pci_bus;
+ QLIST_HEAD(, SMMUNotifierNode) notifiers_list;
+ uint8_t bus_num;
+ PCIBus *primary_bus;
+} SMMUState;
+
+typedef struct {
+ /* <private> */
+ SysBusDeviceClass parent_class;
+
+ /*< public >*/
+
+ DeviceRealize parent_realize;
+
+} SMMUBaseClass;
+
+#define TYPE_ARM_SMMU "arm-smmu"
+#define ARM_SMMU(obj) OBJECT_CHECK(SMMUState, (obj), TYPE_ARM_SMMU)
+#define ARM_SMMU_CLASS(klass) \
+ OBJECT_CLASS_CHECK(SMMUBaseClass, (klass), TYPE_ARM_SMMU)
+#define ARM_SMMU_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(SMMUBaseClass, (obj), TYPE_ARM_SMMU)
+
+#endif /* HW_ARM_SMMU_COMMON */
--
2.5.5
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [Qemu-devel] [PATCH v11 02/17] hw/arm/smmu-common: IOMMU memory region and address space setup
2018-04-12 7:37 [Qemu-devel] [PATCH v11 00/17] ARM SMMUv3 Emulation Support Eric Auger
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 01/17] hw/arm/smmu-common: smmu base device and datatypes Eric Auger
@ 2018-04-12 7:37 ` Eric Auger
2018-04-16 12:33 ` Peter Maydell
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 03/17] hw/arm/smmu-common: VMSAv8-64 page table walk Eric Auger
` (14 subsequent siblings)
16 siblings, 1 reply; 37+ messages in thread
From: Eric Auger @ 2018-04-12 7:37 UTC (permalink / raw)
To: eric.auger.pro, eric.auger, qemu-devel, qemu-arm, peter.maydell,
prem.mallappa
Cc: alex.williamson, tn, mst, cdall, bharat.bhushan,
jean-philippe.brucker, linuc.decode, peterx, jintack
We set up the infrastructure to enumerate all the PCI devices
attached to the SMMU and create an associated IOMMU memory
region and address space.
Those info are stored in SMMUDevice objects. The devices are
grouped according to the PCIBus they belong to. A hash table
indexed by the PCIBus pointer is used. Also an array indexed by
the bus number allows to find the list of SMMUDevices.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
---
v9 -> v10:
- comment functions added to the header
- g_free(name)
- renamed smmu_find_as_from_bus_num into smmu_find_smmu_pcibus
- add a comment about lazy init in smmu_find_smmu_pcibus
- add a trace event when creating the smmu iommu mr
v8 -> v9:
- fix key value for lookup
v7 -> v8:
- introduce SMMU_MAX_VA_BITS
- use PCI bus handle as a key
- do not clear s->smmu_as_by_bus_num
- use g_new0 instead of g_malloc0
- use primary_bus field
---
hw/arm/smmu-common.c | 69 ++++++++++++++++++++++++++++++++++++++++++++
hw/arm/trace-events | 3 ++
include/hw/arm/smmu-common.h | 8 +++++
3 files changed, 80 insertions(+)
diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
index e086ff5..9a966bb 100644
--- a/hw/arm/smmu-common.c
+++ b/hw/arm/smmu-common.c
@@ -28,8 +28,69 @@
#include "qemu/error-report.h"
#include "hw/arm/smmu-common.h"
+/**
+ * The bus number is used for lookup when SID based invalidatation occurs.
+ * In that case we lazily populate the SMMUPciBus array from the bus hash
+ * table. At the time the SMMUPciBus is created (smmu_find_add_as), the bus
+ * numbers may not be always initialized yet.
+ */
+SMMUPciBus *smmu_find_smmu_pcibus(SMMUState *s, uint8_t bus_num)
+{
+ SMMUPciBus *smmu_pci_bus = s->smmu_pcibus_by_bus_num[bus_num];
+
+ if (!smmu_pci_bus) {
+ GHashTableIter iter;
+
+ g_hash_table_iter_init(&iter, s->smmu_pcibus_by_busptr);
+ while (g_hash_table_iter_next(&iter, NULL, (void **)&smmu_pci_bus)) {
+ if (pci_bus_num(smmu_pci_bus->bus) == bus_num) {
+ s->smmu_pcibus_by_bus_num[bus_num] = smmu_pci_bus;
+ return smmu_pci_bus;
+ }
+ }
+ }
+ return smmu_pci_bus;
+}
+
+static AddressSpace *smmu_find_add_as(PCIBus *bus, void *opaque, int devfn)
+{
+ SMMUState *s = opaque;
+ SMMUPciBus *sbus = g_hash_table_lookup(s->smmu_pcibus_by_busptr, bus);
+ SMMUDevice *sdev;
+
+ if (!sbus) {
+ sbus = g_malloc0(sizeof(SMMUPciBus) +
+ sizeof(SMMUDevice *) * SMMU_PCI_DEVFN_MAX);
+ sbus->bus = bus;
+ g_hash_table_insert(s->smmu_pcibus_by_busptr, bus, sbus);
+ }
+
+ sdev = sbus->pbdev[devfn];
+ if (!sdev) {
+ char *name = g_strdup_printf("%s-%d-%d",
+ s->mrtypename,
+ pci_bus_num(bus), devfn);
+ sdev = sbus->pbdev[devfn] = g_new0(SMMUDevice, 1);
+
+ sdev->smmu = s;
+ sdev->bus = bus;
+ sdev->devfn = devfn;
+
+ memory_region_init_iommu(&sdev->iommu, sizeof(sdev->iommu),
+ s->mrtypename,
+ OBJECT(s), name, 1ULL << SMMU_MAX_VA_BITS);
+ address_space_init(&sdev->as,
+ MEMORY_REGION(&sdev->iommu), name);
+ trace_smmu_add_mr(name);
+ g_free(name);
+ }
+
+ return &sdev->as;
+}
+
static void smmu_base_realize(DeviceState *dev, Error **errp)
{
+ SMMUState *s = ARM_SMMU(dev);
SMMUBaseClass *sbc = ARM_SMMU_GET_CLASS(dev);
Error *local_err = NULL;
@@ -38,6 +99,14 @@ static void smmu_base_realize(DeviceState *dev, Error **errp)
error_propagate(errp, local_err);
return;
}
+
+ s->smmu_pcibus_by_busptr = g_hash_table_new(NULL, NULL);
+
+ if (s->primary_bus) {
+ pci_setup_iommu(s->primary_bus, smmu_find_add_as, s);
+ } else {
+ error_setg(errp, "SMMU is not attached to any PCI bus!");
+ }
}
static void smmu_base_reset(DeviceState *dev)
diff --git a/hw/arm/trace-events b/hw/arm/trace-events
index 193063e..8e8b53c 100644
--- a/hw/arm/trace-events
+++ b/hw/arm/trace-events
@@ -2,3 +2,6 @@
# hw/arm/virt-acpi-build.c
virt_acpi_setup(void) "No fw cfg or ACPI disabled. Bailing out."
+
+# hw/arm/smmu-common.c
+smmu_add_mr(const char *name) "%s"
\ No newline at end of file
diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h
index 5910692..76cf4aa 100644
--- a/include/hw/arm/smmu-common.h
+++ b/include/hw/arm/smmu-common.h
@@ -121,4 +121,12 @@ typedef struct {
#define ARM_SMMU_GET_CLASS(obj) \
OBJECT_GET_CLASS(SMMUBaseClass, (obj), TYPE_ARM_SMMU)
+/* Return the SMMUPciBus handle associated to a PCI bus number */
+SMMUPciBus *smmu_find_smmu_pcibus(SMMUState *s, uint8_t bus_num);
+
+/* Return the stream ID of an SMMU device */
+static inline uint16_t smmu_get_sid(SMMUDevice *sdev)
+{
+ return ((pci_bus_num(sdev->bus) & 0xff) << 8) | sdev->devfn;
+}
#endif /* HW_ARM_SMMU_COMMON */
--
2.5.5
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [Qemu-devel] [PATCH v11 03/17] hw/arm/smmu-common: VMSAv8-64 page table walk
2018-04-12 7:37 [Qemu-devel] [PATCH v11 00/17] ARM SMMUv3 Emulation Support Eric Auger
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 01/17] hw/arm/smmu-common: smmu base device and datatypes Eric Auger
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 02/17] hw/arm/smmu-common: IOMMU memory region and address space setup Eric Auger
@ 2018-04-12 7:37 ` Eric Auger
2018-04-16 12:59 ` Peter Maydell
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 04/17] hw/arm/smmuv3: Skeleton Eric Auger
` (13 subsequent siblings)
16 siblings, 1 reply; 37+ messages in thread
From: Eric Auger @ 2018-04-12 7:37 UTC (permalink / raw)
To: eric.auger.pro, eric.auger, qemu-devel, qemu-arm, peter.maydell,
prem.mallappa
Cc: alex.williamson, tn, mst, cdall, bharat.bhushan,
jean-philippe.brucker, linuc.decode, peterx, jintack
This patch implements the page table walk for VMSAv8-64.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
---
v9 -> v10:
- Add 64b single-copy atomicity comment related to PTE fetch
- remove checks in get_block_pte_address and use formulae to compute
block address offset
- remove check_perm
- fix select_tt
- in trace-events use PRIx64 instead of 0x%lx
- commented the fact we cannot discriminate between user and
priviledged transactions
v8 -> v9:
- remove guest error log on PTE fetch fault
- rename trace functions
- fix smmu_page_walk_level_res_invalid_pte last arg
- fix PTE_ADDRESS
- turn functions into macros
- make sure to return the actual pte access permission
into tlbe->perm
- change proto of smmu_ptw*
v7 -> v8:
- rework get_pte
- use LOG_LEVEL_ERROR
- remove error checking in get_block_pte_address
- page table walk simplified (no VFIO replay anymore)
- handle PTW error events
- use dma_memory_read
v6 -> v7:
- fix wrong error handling in walk_page_table
- check perm in smmu_translate
v5 -> v6:
- use IOMMUMemoryRegion
- remove initial_lookup_level()
- fix block replay
v4 -> v5:
- add initial level in translation config
- implement block pte
- rename must_translate into nofail
- introduce call_entry_hook
- small changes to dynamic traces
- smmu_page_walk code moved from smmuv3.c to this file
- remove smmu_translate*
v3 -> v4:
- reworked page table walk to prepare for VFIO integration
(capability to scan a range of IOVA). Same function is used
for translate for a single iova. This is largely inspired
from intel_iommu.c
- as the translate function was not straightforward to me,
I tried to stick more closely to the VMSA spec.
- remove support of nested stage (kernel driver does not
support it anyway)
- use error_report and trace events
- add aa64[] field in SMMUTransCfg
---
hw/arm/smmu-common.c | 209 +++++++++++++++++++++++++++++++++++++++++++
hw/arm/smmu-internal.h | 102 +++++++++++++++++++++
hw/arm/trace-events | 9 +-
include/hw/arm/smmu-common.h | 14 +++
4 files changed, 333 insertions(+), 1 deletion(-)
create mode 100644 hw/arm/smmu-internal.h
diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
index 9a966bb..6a58948 100644
--- a/hw/arm/smmu-common.c
+++ b/hw/arm/smmu-common.c
@@ -27,6 +27,215 @@
#include "qemu/error-report.h"
#include "hw/arm/smmu-common.h"
+#include "smmu-internal.h"
+
+/* VMSAv8-64 Translation */
+
+/**
+ * get_pte - Get the content of a page table entry located t
+ * @base_addr[@index]
+ */
+static int get_pte(dma_addr_t baseaddr, uint32_t index, uint64_t *pte,
+ SMMUPTWEventInfo *info)
+{
+ int ret;
+ dma_addr_t addr = baseaddr + index * sizeof(*pte);
+
+ /* TODO: guarantee 64-bit single-copy atomicity */
+ ret = dma_memory_read(&address_space_memory, addr,
+ (uint8_t *)pte, sizeof(*pte));
+
+ if (ret != MEMTX_OK) {
+ info->type = SMMU_PTW_ERR_WALK_EABT;
+ info->addr = addr;
+ return -EINVAL;
+ }
+ trace_smmu_get_pte(baseaddr, index, addr, *pte);
+ return 0;
+}
+
+/* VMSAv8-64 Translation Table Format Descriptor Decoding */
+
+/**
+ * get_page_pte_address - returns the L3 descriptor output address,
+ * ie. the page frame
+ * ARM ARM spec: Figure D4-17 VMSAv8-64 level 3 descriptor format
+ */
+static inline hwaddr get_page_pte_address(uint64_t pte, int granule_sz)
+{
+ return PTE_ADDRESS(pte, granule_sz);
+}
+
+/**
+ * get_table_pte_address - return table descriptor output address,
+ * ie. address of next level table
+ * ARM ARM Figure D4-16 VMSAv8-64 level0, level1, and level 2 descriptor formats
+ */
+static inline hwaddr get_table_pte_address(uint64_t pte, int granule_sz)
+{
+ return PTE_ADDRESS(pte, granule_sz);
+}
+
+/**
+ * get_block_pte_address - return block descriptor output address and block size
+ * ARM ARM Figure D4-16 VMSAv8-64 level0, level1, and level 2 descriptor formats
+ */
+static inline hwaddr get_block_pte_address(uint64_t pte, int level,
+ int granule_sz, uint64_t *bsz)
+{
+ int n = (granule_sz - 3) * (4 - level) + 3;
+
+ *bsz = 1 << n;
+ return PTE_ADDRESS(pte, n);
+}
+
+SMMUTransTableInfo *select_tt(SMMUTransCfg *cfg, dma_addr_t iova)
+{
+ bool tbi = extract64(iova, 55, 1) ? TBI1(cfg->tbi) : TBI0(cfg->tbi);
+ uint8_t tbi_byte = tbi * 8;
+
+ if (!extract64(iova, 64 - cfg->tt[0].tsz, cfg->tt[0].tsz - tbi_byte)) {
+ return &cfg->tt[0];
+ } else if (!extract64(iova, 64 - cfg->tt[1].tsz,
+ cfg->tt[1].tsz - tbi_byte)) {
+ return &cfg->tt[1];
+ }
+ return NULL;
+}
+
+/**
+ * smmu_ptw_64 - VMSAv8-64 Walk of the page tables for a given IOVA
+ * @cfg: translation config
+ * @iova: iova to translate
+ * @perm: access type
+ * @tlbe: IOMMUTLBEntry (out)
+ * @info: handle to an error info
+ *
+ * Return 0 on success, < 0 on error. In case of error, @info is filled
+ * and tlbe->perm is set to IOMMU_NONE.
+ * Upon success, @tlbe is filled with translated_addr and entry
+ * permission rights.
+ */
+static int smmu_ptw_64(SMMUTransCfg *cfg,
+ dma_addr_t iova, IOMMUAccessFlags perm,
+ IOMMUTLBEntry *tlbe, SMMUPTWEventInfo *info)
+{
+ dma_addr_t baseaddr;
+ int stage = cfg->stage;
+ SMMUTransTableInfo *tt = select_tt(cfg, iova);
+ uint8_t level;
+ uint8_t granule_sz;
+
+ if (!tt || tt->disabled) {
+ info->type = SMMU_PTW_ERR_TRANSLATION;
+ goto error;
+ }
+
+ level = tt->initial_level;
+ granule_sz = tt->granule_sz;
+ baseaddr = tt->ttb;
+
+ tlbe->iova = iova;
+ tlbe->addr_mask = (1 << granule_sz) - 1;
+
+ while (level <= 3) {
+ uint64_t subpage_size = 1ULL << level_shift(level, granule_sz);
+ uint64_t mask = subpage_size - 1;
+ uint32_t offset = iova_level_offset(iova, level, granule_sz);
+ uint64_t pte;
+ dma_addr_t pte_addr = baseaddr + offset * sizeof(pte);
+ uint8_t ap;
+
+ if (get_pte(baseaddr, offset, &pte, info)) {
+ goto error;
+ }
+ trace_smmu_ptw_level(level, iova, subpage_size,
+ baseaddr, offset, pte);
+
+ if (is_invalid_pte(pte) || is_reserved_pte(pte, level)) {
+ trace_smmu_ptw_invalid_pte(stage, level, baseaddr,
+ pte_addr, offset, pte);
+ info->type = SMMU_PTW_ERR_TRANSLATION;
+ goto error;
+ }
+
+ if (is_page_pte(pte, level)) {
+ uint64_t gpa = get_page_pte_address(pte, granule_sz);
+
+ ap = PTE_AP(pte);
+ if (is_permission_fault(ap, perm)) {
+ info->type = SMMU_PTW_ERR_PERMISSION;
+ goto error;
+ }
+
+ tlbe->translated_addr = gpa + (iova & mask);
+ tlbe->perm = PTE_AP_TO_PERM(ap);
+ trace_smmu_ptw_page_pte(stage, level, iova,
+ baseaddr, pte_addr, pte, gpa);
+ return 0;
+ }
+ if (is_block_pte(pte, level)) {
+ uint64_t block_size;
+ hwaddr gpa = get_block_pte_address(pte, level, granule_sz,
+ &block_size);
+
+ ap = PTE_AP(pte);
+ if (is_permission_fault(ap, perm)) {
+ info->type = SMMU_PTW_ERR_PERMISSION;
+ goto error;
+ }
+
+ trace_smmu_ptw_block_pte(stage, level, baseaddr,
+ pte_addr, pte, iova, gpa,
+ block_size >> 20);
+
+ tlbe->translated_addr = gpa + (iova & mask);
+ tlbe->perm = PTE_AP_TO_PERM(ap);
+ return 0;
+ }
+
+ /* table pte */
+ ap = PTE_APTABLE(pte);
+
+ if (is_permission_fault(ap, perm)) {
+ info->type = SMMU_PTW_ERR_PERMISSION;
+ goto error;
+ }
+ baseaddr = get_table_pte_address(pte, granule_sz);
+ level++;
+ }
+
+ info->type = SMMU_PTW_ERR_TRANSLATION;
+
+error:
+ tlbe->perm = IOMMU_NONE;
+ return -EINVAL;
+}
+
+/**
+ * smmu_ptw - Walk the page tables for an IOVA, according to @cfg
+ *
+ * @cfg: translation configuration
+ * @iova: iova to translate
+ * @perm: tentative access type
+ * @tlbe: returned entry
+ * @info: ptw event handle
+ *
+ * return 0 on success
+ */
+inline int smmu_ptw(SMMUTransCfg *cfg, dma_addr_t iova, IOMMUAccessFlags perm,
+ IOMMUTLBEntry *tlbe, SMMUPTWEventInfo *info)
+{
+ if (!cfg->aa64) {
+ /*
+ * This code path is not entered as we check this while decoding
+ * the configuration data in the derived SMMU model.
+ */
+ assert(0);
+ }
+
+ return smmu_ptw_64(cfg, iova, perm, tlbe, info);
+}
/**
* The bus number is used for lookup when SID based invalidatation occurs.
diff --git a/hw/arm/smmu-internal.h b/hw/arm/smmu-internal.h
new file mode 100644
index 0000000..3a3a9f8
--- /dev/null
+++ b/hw/arm/smmu-internal.h
@@ -0,0 +1,102 @@
+/*
+ * ARM SMMU support - Internal API
+ *
+ * Copyright (c) 2017 Red Hat, Inc.
+ * Copyright (C) 2014-2016 Broadcom Corporation
+ * Written by Prem Mallappa, Eric Auger
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef HW_ARM_SMMU_INTERNAL_H
+#define HW_ARM_SMMU_INTERNAL_H
+
+#define TBI0(tbi) ((tbi) & 0x1)
+#define TBI1(tbi) ((tbi) & 0x2 >> 1)
+
+/* PTE Manipulation */
+
+#define ARM_LPAE_PTE_TYPE_SHIFT 0
+#define ARM_LPAE_PTE_TYPE_MASK 0x3
+
+#define ARM_LPAE_PTE_TYPE_BLOCK 1
+#define ARM_LPAE_PTE_TYPE_TABLE 3
+
+#define ARM_LPAE_L3_PTE_TYPE_RESERVED 1
+#define ARM_LPAE_L3_PTE_TYPE_PAGE 3
+
+#define ARM_LPAE_PTE_VALID (1 << 0)
+
+#define PTE_ADDRESS(pte, shift) \
+ (extract64(pte, shift, 47 - shift + 1) << shift)
+
+#define is_invalid_pte(pte) (!(pte & ARM_LPAE_PTE_VALID))
+
+#define is_reserved_pte(pte, level) \
+ ((level == 3) && \
+ ((pte & ARM_LPAE_PTE_TYPE_MASK) == ARM_LPAE_L3_PTE_TYPE_RESERVED))
+
+#define is_block_pte(pte, level) \
+ ((level < 3) && \
+ ((pte & ARM_LPAE_PTE_TYPE_MASK) == ARM_LPAE_PTE_TYPE_BLOCK))
+
+#define is_table_pte(pte, level) \
+ ((level < 3) && \
+ ((pte & ARM_LPAE_PTE_TYPE_MASK) == ARM_LPAE_PTE_TYPE_TABLE))
+
+#define is_page_pte(pte, level) \
+ ((level == 3) && \
+ ((pte & ARM_LPAE_PTE_TYPE_MASK) == ARM_LPAE_L3_PTE_TYPE_PAGE))
+
+/* access permissions */
+
+#define PTE_AP(pte) \
+ (extract64(pte, 6, 2))
+
+#define PTE_APTABLE(pte) \
+ (extract64(pte, 61, 2))
+
+/*
+ * TODO: At the moment all transactions are considered as priviledged (EL1)
+ * as IOMMU translation callback does not pass user/priv attributes.
+ */
+#define is_permission_fault(ap, perm) \
+ (((perm) & IOMMU_WO) && ((ap) & 0x2))
+
+#define PTE_AP_TO_PERM(ap) \
+ (IOMMU_ACCESS_FLAG(true, !((ap) & 0x2)))
+
+/* Level Indexing */
+
+static inline int level_shift(int level, int granule_sz)
+{
+ return granule_sz + (3 - level) * (granule_sz - 3);
+}
+
+static inline uint64_t level_page_mask(int level, int granule_sz)
+{
+ return ~(MAKE_64BIT_MASK(0, level_shift(level, granule_sz)));
+}
+
+/**
+ * TODO: handle the case where the level resolves less than
+ * granule_sz -3 IA bits.
+ */
+static inline
+uint64_t iova_level_offset(uint64_t iova, int level, int granule_sz)
+{
+ return (iova >> level_shift(level, granule_sz)) &
+ MAKE_64BIT_MASK(0, granule_sz - 3);
+}
+
+#endif
diff --git a/hw/arm/trace-events b/hw/arm/trace-events
index 8e8b53c..524964a 100644
--- a/hw/arm/trace-events
+++ b/hw/arm/trace-events
@@ -4,4 +4,11 @@
virt_acpi_setup(void) "No fw cfg or ACPI disabled. Bailing out."
# hw/arm/smmu-common.c
-smmu_add_mr(const char *name) "%s"
\ No newline at end of file
+smmu_add_mr(const char *name) "%s"
+smmu_page_walk(int stage, uint64_t baseaddr, int first_level, uint64_t start, uint64_t end) "stage=%d, baseaddr=0x%"PRIx64", first level=%d, start=0x%"PRIx64", end=0x%"PRIx64
+smmu_lookup_table(int level, uint64_t baseaddr, int granule_sz, uint64_t start, uint64_t end, int flags, uint64_t subpage_size) "level=%d baseaddr=0x%"PRIx64" granule=%d, start=0x%"PRIx64" end=0x%"PRIx64" flags=%d subpage_size=0x%"PRIx64
+smmu_ptw_level(int level, uint64_t iova, size_t subpage_size, uint64_t baseaddr, uint32_t offset, uint64_t pte) "level=%d iova=0x%"PRIx64" subpage_sz=0x%lx baseaddr=0x%"PRIx64" offset=%d => pte=0x%"PRIx64
+smmu_ptw_invalid_pte(int stage, int level, uint64_t baseaddr, uint64_t pteaddr, uint32_t offset, uint64_t pte) "stage=%d level=%d base@=0x%"PRIx64" pte@=0x%"PRIx64" offset=%d pte=0x%"PRIx64
+smmu_ptw_page_pte(int stage, int level, uint64_t iova, uint64_t baseaddr, uint64_t pteaddr, uint64_t pte, uint64_t address) "stage=%d level=%d iova=0x%"PRIx64" base@=0x%"PRIx64" pte@=0x%"PRIx64" pte=0x%"PRIx64" page address = 0x%"PRIx64
+smmu_ptw_block_pte(int stage, int level, uint64_t baseaddr, uint64_t pteaddr, uint64_t pte, uint64_t iova, uint64_t gpa, int bsize_mb) "stage=%d level=%d base@=0x%"PRIx64" pte@=0x%"PRIx64" pte=0x%"PRIx64" iova=0x%"PRIx64" block address = 0x%"PRIx64" block size = %d MiB"
+smmu_get_pte(uint64_t baseaddr, int index, uint64_t pteaddr, uint64_t pte) "baseaddr=0x%"PRIx64" index=0x%x, pteaddr=0x%"PRIx64", pte=0x%"PRIx64
diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h
index 76cf4aa..4ccd131 100644
--- a/include/hw/arm/smmu-common.h
+++ b/include/hw/arm/smmu-common.h
@@ -129,4 +129,18 @@ static inline uint16_t smmu_get_sid(SMMUDevice *sdev)
{
return ((pci_bus_num(sdev->bus) & 0xff) << 8) | sdev->devfn;
}
+
+/**
+ * smmu_ptw - Perform the page table walk for a given iova / access flags
+ * pair, according to @cfg translation config
+ */
+int smmu_ptw(SMMUTransCfg *cfg, dma_addr_t iova, IOMMUAccessFlags perm,
+ IOMMUTLBEntry *tlbe, SMMUPTWEventInfo *info);
+
+/**
+ * select_tt - compute which translation table shall be used according
+ * the input iova and tranlsation config and return the TT specific info
+ */
+SMMUTransTableInfo *select_tt(SMMUTransCfg *cfg, dma_addr_t iova);
+
#endif /* HW_ARM_SMMU_COMMON */
--
2.5.5
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [Qemu-devel] [PATCH v11 04/17] hw/arm/smmuv3: Skeleton
2018-04-12 7:37 [Qemu-devel] [PATCH v11 00/17] ARM SMMUv3 Emulation Support Eric Auger
` (2 preceding siblings ...)
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 03/17] hw/arm/smmu-common: VMSAv8-64 page table walk Eric Auger
@ 2018-04-12 7:37 ` Eric Auger
2018-04-16 13:08 ` Peter Maydell
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 05/17] hw/arm/smmuv3: Wired IRQ and GERROR helpers Eric Auger
` (12 subsequent siblings)
16 siblings, 1 reply; 37+ messages in thread
From: Eric Auger @ 2018-04-12 7:37 UTC (permalink / raw)
To: eric.auger.pro, eric.auger, qemu-devel, qemu-arm, peter.maydell,
prem.mallappa
Cc: alex.williamson, tn, mst, cdall, bharat.bhushan,
jean-philippe.brucker, linuc.decode, peterx, jintack
From: Prem Mallappa <prem.mallappa@broadcom.com>
This patch implements a skeleton for the smmuv3 device.
Datatypes and register definitions are introduced. The MMIO
region, the interrupts and the queue are initialized.
Only the MMIO read operation is implemented here.
Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
---
v10 -> v11:
- remove irq_ctrl_ack and return irq_ctrl on A_IRQ_CTRL_ACK
read
v9 -> v10:
- s/hwaddr/uint64_t in trace-events
- add comments
- s->mrtypename = TYPE_SMMUV3_IOMMU_MEMORY_REGION
- removed iidr and idr from VMState
- use VMSTATE_STRUCT for the queues
- use qemu_log_mask(LOG_UNIMP,*) for unimplemented regs
- added SMMU_CMDQS, SMMU_EVENTQS
- use ops with attributes
- split readl/readll
- put id_regs in an array
- removed smmu_read64
- removed SMMU_FEATURE_2LVL_STE and NB_REGS
- RAZ when read access at unexpected address
v8 -> v9:
- add #include "qemu/log.h"
- add parent_reset
v7 -> v8:
- remove __smmu_data structs
- revisit struct SMMUQueue
- do not advertise stage 2 support anymore
- use the register definition API and get rid of REG array
- get read of queue structs
v6 -> v7:
- split into several patches
v5 -> v6:
- Use IOMMUMemoryregion
- regs become uint32_t and fix 64b MMIO access (.impl)
- trace_smmuv3_write/read_mmio take the size param
v4 -> v5:
- change smmuv3_translate proto (IOMMUAccessFlags flag)
- has_stagex replaced by is_ste_stagex
- smmu_cfg_populate removed
- added smmuv3_decode_config and reworked error management
- remwork the naming of IOMMU mrs
- fix SMMU_CMDQ_CONS offset
v3 -> v4
- smmu_irq_update
- fix hash key allocation
- set smmu_iommu_ops
- set SMMU_REG_CR0,
- smmuv3_translate: ret.perm not set in bypass mode
- use trace events
- renamed STM2U64 into L1STD_L2PTR and STMSPAN into L1STD_SPAN
- rework smmu_find_ste
- fix tg2granule in TT0/0b10 corresponds to 16kB
v2 -> v3:
- move creation of include/hw/arm/smmuv3.h to this patch to fix compil issue
- compilation allowed
- fix sbus allocation in smmu_init_pci_iommu
- restructure code into headers
- misc cleanups
Conflicts:
hw/arm/Makefile.objs
---
hw/arm/Makefile.objs | 2 +-
hw/arm/smmuv3-internal.h | 167 ++++++++++++++++++++++
hw/arm/smmuv3.c | 365 +++++++++++++++++++++++++++++++++++++++++++++++
hw/arm/trace-events | 3 +
include/hw/arm/smmuv3.h | 87 +++++++++++
5 files changed, 623 insertions(+), 1 deletion(-)
create mode 100644 hw/arm/smmuv3-internal.h
create mode 100644 hw/arm/smmuv3.c
create mode 100644 include/hw/arm/smmuv3.h
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 558436f..d51fcec 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -35,4 +35,4 @@ obj-$(CONFIG_MPS2) += mps2-tz.o
obj-$(CONFIG_MSF2) += msf2-soc.o msf2-som.o
obj-$(CONFIG_IOTKIT) += iotkit.o
obj-$(CONFIG_FSL_IMX7) += fsl-imx7.o mcimx7d-sabre.o
-obj-$(CONFIG_ARM_SMMUV3) += smmu-common.o
+obj-$(CONFIG_ARM_SMMUV3) += smmu-common.o smmuv3.o
diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
new file mode 100644
index 0000000..a6461fe
--- /dev/null
+++ b/hw/arm/smmuv3-internal.h
@@ -0,0 +1,167 @@
+/*
+ * ARM SMMUv3 support - Internal API
+ *
+ * Copyright (C) 2014-2016 Broadcom Corporation
+ * Copyright (c) 2017 Red Hat, Inc.
+ * Written by Prem Mallappa, Eric Auger
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef HW_ARM_SMMU_V3_INTERNAL_H
+#define HW_ARM_SMMU_V3_INTERNAL_H
+
+#include "qemu/log.h"
+#include "trace.h"
+#include "qemu/error-report.h"
+#include "hw/arm/smmu-common.h"
+
+/* MMIO Registers */
+
+REG32(IDR0, 0x0)
+ FIELD(IDR0, S1P, 1 , 1)
+ FIELD(IDR0, TTF, 2 , 2)
+ FIELD(IDR0, COHACC, 4 , 1)
+ FIELD(IDR0, ASID16, 12, 1)
+ FIELD(IDR0, TTENDIAN, 21, 2)
+ FIELD(IDR0, STALL_MODEL, 24, 2)
+ FIELD(IDR0, TERM_MODEL, 26, 1)
+ FIELD(IDR0, STLEVEL, 27, 2)
+
+REG32(IDR1, 0x4)
+ FIELD(IDR1, SIDSIZE, 0 , 6)
+ FIELD(IDR1, EVENTQS, 16, 5)
+ FIELD(IDR1, CMDQS, 21, 5)
+
+#define SMMU_IDR1_SIDSIZE 16
+#define SMMU_CMDQS 19
+#define SMMU_EVENTQS 19
+
+REG32(IDR2, 0x8)
+REG32(IDR3, 0xc)
+REG32(IDR4, 0x10)
+REG32(IDR5, 0x14)
+ FIELD(IDR5, OAS, 0, 3);
+ FIELD(IDR5, GRAN4K, 4, 1);
+ FIELD(IDR5, GRAN16K, 5, 1);
+ FIELD(IDR5, GRAN64K, 6, 1);
+
+#define SMMU_IDR5_OAS 4
+
+REG32(IIDR, 0x1c)
+REG32(CR0, 0x20)
+ FIELD(CR0, SMMU_ENABLE, 0, 1)
+ FIELD(CR0, EVENTQEN, 2, 1)
+ FIELD(CR0, CMDQEN, 3, 1)
+
+REG32(CR0ACK, 0x24)
+REG32(CR1, 0x28)
+REG32(CR2, 0x2c)
+REG32(STATUSR, 0x40)
+REG32(IRQ_CTRL, 0x50)
+ FIELD(IRQ_CTRL, GERROR_IRQEN, 0, 1)
+ FIELD(IRQ_CTRL, PRI_IRQEN, 1, 1)
+ FIELD(IRQ_CTRL, EVENTQ_IRQEN, 2, 1)
+
+REG32(IRQ_CTRL_ACK, 0x54)
+REG32(GERROR, 0x60)
+ FIELD(GERROR, CMDQ_ERR, 0, 1)
+ FIELD(GERROR, EVENTQ_ABT_ERR, 2, 1)
+ FIELD(GERROR, PRIQ_ABT_ERR, 3, 1)
+ FIELD(GERROR, MSI_CMDQ_ABT_ERR, 4, 1)
+ FIELD(GERROR, MSI_EVENTQ_ABT_ERR, 5, 1)
+ FIELD(GERROR, MSI_PRIQ_ABT_ERR, 6, 1)
+ FIELD(GERROR, MSI_GERROR_ABT_ERR, 7, 1)
+ FIELD(GERROR, MSI_SFM_ERR, 8, 1)
+
+REG32(GERRORN, 0x64)
+
+#define A_GERROR_IRQ_CFG0 0x68 /* 64b */
+REG32(GERROR_IRQ_CFG1, 0x70)
+REG32(GERROR_IRQ_CFG2, 0x74)
+
+#define A_STRTAB_BASE 0x80 /* 64b */
+
+#define SMMU_BASE_ADDR_MASK 0xffffffffffe0
+
+REG32(STRTAB_BASE_CFG, 0x88)
+ FIELD(STRTAB_BASE_CFG, FMT, 16, 2)
+ FIELD(STRTAB_BASE_CFG, SPLIT, 6 , 5)
+ FIELD(STRTAB_BASE_CFG, LOG2SIZE, 0 , 6)
+
+#define A_CMDQ_BASE 0x90 /* 64b */
+REG32(CMDQ_PROD, 0x98)
+REG32(CMDQ_CONS, 0x9c)
+ FIELD(CMDQ_CONS, ERR, 24, 7)
+
+#define A_EVENTQ_BASE 0xa0 /* 64b */
+REG32(EVENTQ_PROD, 0xa8)
+REG32(EVENTQ_CONS, 0xac)
+
+#define A_EVENTQ_IRQ_CFG0 0xb0 /* 64b */
+REG32(EVENTQ_IRQ_CFG1, 0xb8)
+REG32(EVENTQ_IRQ_CFG2, 0xbc)
+
+#define A_IDREGS 0xfd0
+
+static inline int smmu_enabled(SMMUv3State *s)
+{
+ return FIELD_EX32(s->cr[0], CR0, SMMU_ENABLE);
+}
+
+/* Command Queue Entry */
+typedef struct Cmd {
+ uint32_t word[4];
+} Cmd;
+
+/* Event Queue Entry */
+typedef struct Evt {
+ uint32_t word[8];
+} Evt;
+
+/**
+ * smmu_read64 - 64-bit register read utility function supporting
+ * aligned 32-bit word access to both 32-bit halves and aligned 64-bit
+ * access.
+ *
+ * @r: register address
+ * @offset: byte offset if 32-bit access
+ * @size: read byte size
+ */
+static inline uint64_t smmu_read64(uint64_t r, unsigned offset,
+ unsigned size)
+{
+ if (size == 8) {
+ return r;
+ }
+
+ /* 32 bit access */
+ assert(!offset || offset == 4);
+
+ return extract64(r, offset << 3, 32);
+}
+
+static inline uint32_t smmuv3_idreg(int regoffset)
+{
+ /*
+ * Return the value of the Primecell/Corelink ID registers at the
+ * specified offset from the first ID register.
+ * These value indicate an ARM implementation of MMU600 p1
+ */
+ static const uint8_t smmuv3_ids[] = {
+ 0x4, 0, 0, 0, 0x84, 0xB4, 0xF0, 0x10, 0x0D, 0xF0, 0x05, 0xB1
+ };
+ return smmuv3_ids[regoffset / 4];
+}
+
+#endif
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
new file mode 100644
index 0000000..dba4656
--- /dev/null
+++ b/hw/arm/smmuv3.c
@@ -0,0 +1,365 @@
+/*
+ * Copyright (C) 2014-2016 Broadcom Corporation
+ * Copyright (c) 2017 Red Hat, Inc.
+ * Written by Prem Mallappa, Eric Auger
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/boards.h"
+#include "sysemu/sysemu.h"
+#include "hw/sysbus.h"
+#include "hw/qdev-core.h"
+#include "hw/pci/pci.h"
+#include "exec/address-spaces.h"
+#include "trace.h"
+#include "qemu/error-report.h"
+#include "qapi/error.h"
+
+#include "hw/arm/smmuv3.h"
+#include "smmuv3-internal.h"
+
+static void smmuv3_init_regs(SMMUv3State *s)
+{
+ /**
+ * IDR0: stage1 only, AArch64 only, coherent access, 16b ASID,
+ * multi-level stream table
+ */
+ s->idr[0] = FIELD_DP32(s->idr[0], IDR0, S1P, 1); /* stage 1 supported */
+ s->idr[0] = FIELD_DP32(s->idr[0], IDR0, TTF, 2); /* AArch64 PTW only */
+ s->idr[0] = FIELD_DP32(s->idr[0], IDR0, COHACC, 1); /* IO coherent */
+ s->idr[0] = FIELD_DP32(s->idr[0], IDR0, ASID16, 1); /* 16-bit ASID */
+ s->idr[0] = FIELD_DP32(s->idr[0], IDR0, TTENDIAN, 2); /* little endian */
+ s->idr[0] = FIELD_DP32(s->idr[0], IDR0, STALL_MODEL, 1); /* No stall */
+ /* terminated transaction will always be aborted/error returned */
+ s->idr[0] = FIELD_DP32(s->idr[0], IDR0, TERM_MODEL, 1);
+ /* 2-level stream table supported */
+ s->idr[0] = FIELD_DP32(s->idr[0], IDR0, STLEVEL, 1);
+
+ s->idr[1] = FIELD_DP32(s->idr[1], IDR1, SIDSIZE, SMMU_IDR1_SIDSIZE);
+ s->idr[1] = FIELD_DP32(s->idr[1], IDR1, EVENTQS, SMMU_EVENTQS);
+ s->idr[1] = FIELD_DP32(s->idr[1], IDR1, CMDQS, SMMU_CMDQS);
+
+ /* 4K and 64K granule support */
+ s->idr[5] = FIELD_DP32(s->idr[5], IDR5, GRAN4K, 1);
+ s->idr[5] = FIELD_DP32(s->idr[5], IDR5, GRAN64K, 1);
+ s->idr[5] = FIELD_DP32(s->idr[5], IDR5, OAS, SMMU_IDR5_OAS); /* 44 bits */
+
+ s->cmdq.base = deposit64(s->cmdq.base, 0, 5, SMMU_CMDQS);
+ s->cmdq.prod = 0;
+ s->cmdq.cons = 0;
+ s->cmdq.entry_size = sizeof(struct Cmd);
+ s->eventq.base = deposit64(s->eventq.base, 0, 5, SMMU_EVENTQS);
+ s->eventq.prod = 0;
+ s->eventq.cons = 0;
+ s->eventq.entry_size = sizeof(struct Evt);
+
+ s->features = 0;
+ s->sid_split = 0;
+}
+
+static MemTxResult smmu_write_mmio(void *opaque, hwaddr offset, uint64_t data,
+ unsigned size, MemTxAttrs attrs)
+{
+ /* not yet implemented */
+ return MEMTX_ERROR;
+}
+
+static MemTxResult smmu_readll(SMMUv3State *s, hwaddr offset,
+ uint64_t *data, MemTxAttrs attrs)
+{
+ switch (offset) {
+ case A_GERROR_IRQ_CFG0:
+ *data = s->gerror_irq_cfg0;
+ return MEMTX_OK;
+ case A_STRTAB_BASE:
+ *data = s->strtab_base;
+ return MEMTX_OK;
+ case A_CMDQ_BASE:
+ *data = s->cmdq.base;
+ return MEMTX_OK;
+ case A_EVENTQ_BASE:
+ *data = s->eventq.base;
+ return MEMTX_OK;
+ default:
+ *data = 0;
+ qemu_log_mask(LOG_UNIMP,
+ "%s Unexpected 64-bit access to 0x%"PRIx64" (RAZ)\n",
+ __func__, offset);
+ return MEMTX_OK;
+ }
+}
+
+static MemTxResult smmu_readl(SMMUv3State *s, hwaddr offset,
+ uint64_t *data, MemTxAttrs attrs)
+{
+ switch (offset) {
+ case A_IDREGS ... A_IDREGS + 0x1f:
+ *data = smmuv3_idreg(offset - A_IDREGS);
+ return MEMTX_OK;
+ case A_IDR0 ... A_IDR5:
+ *data = s->idr[(offset - A_IDR0) / 4];
+ return MEMTX_OK;
+ case A_IIDR:
+ *data = s->iidr;
+ return MEMTX_OK;
+ case A_CR0:
+ *data = s->cr[0];
+ return MEMTX_OK;
+ case A_CR0ACK:
+ *data = s->cr0ack;
+ return MEMTX_OK;
+ case A_CR1:
+ *data = s->cr[1];
+ return MEMTX_OK;
+ case A_CR2:
+ *data = s->cr[2];
+ return MEMTX_OK;
+ case A_STATUSR:
+ *data = s->statusr;
+ return MEMTX_OK;
+ case A_IRQ_CTRL:
+ case A_IRQ_CTRL_ACK:
+ *data = s->irq_ctrl;
+ return MEMTX_OK;
+ case A_GERROR:
+ *data = s->gerror;
+ return MEMTX_OK;
+ case A_GERRORN:
+ *data = s->gerrorn;
+ return MEMTX_OK;
+ case A_GERROR_IRQ_CFG0: /* 64b */
+ *data = extract64(s->gerror_irq_cfg0, 0, 32);
+ return MEMTX_OK;
+ case A_GERROR_IRQ_CFG0 + 4:
+ *data = extract64(s->gerror_irq_cfg0, 32, 32);
+ return MEMTX_OK;
+ case A_GERROR_IRQ_CFG1:
+ *data = s->gerror_irq_cfg1;
+ return MEMTX_OK;
+ case A_GERROR_IRQ_CFG2:
+ *data = s->gerror_irq_cfg2;
+ return MEMTX_OK;
+ case A_STRTAB_BASE: /* 64b */
+ *data = extract64(s->strtab_base, 0, 32);
+ return MEMTX_OK;
+ case A_STRTAB_BASE + 4: /* 64b */
+ *data = extract64(s->strtab_base, 32, 32);
+ return MEMTX_OK;
+ case A_STRTAB_BASE_CFG:
+ *data = s->strtab_base_cfg;
+ return MEMTX_OK;
+ case A_CMDQ_BASE: /* 64b */
+ *data = extract64(s->cmdq.base, 0, 32);
+ return MEMTX_OK;
+ case A_CMDQ_BASE + 4:
+ *data = extract64(s->cmdq.base, 32, 32);
+ return MEMTX_OK;
+ case A_CMDQ_PROD:
+ *data = s->cmdq.prod;
+ return MEMTX_OK;
+ case A_CMDQ_CONS:
+ *data = s->cmdq.cons;
+ return MEMTX_OK;
+ case A_EVENTQ_BASE: /* 64b */
+ *data = extract64(s->eventq.base, 0, 32);
+ return MEMTX_OK;
+ case A_EVENTQ_BASE + 4: /* 64b */
+ *data = extract64(s->eventq.base, 32, 32);
+ return MEMTX_OK;
+ case A_EVENTQ_PROD:
+ *data = s->eventq.prod;
+ return MEMTX_OK;
+ case A_EVENTQ_CONS:
+ *data = s->eventq.cons;
+ return MEMTX_OK;
+ default:
+ *data = 0;
+ qemu_log_mask(LOG_UNIMP,
+ "%s unhandled 32-bit access at 0x%"PRIx64" (RAZ)\n",
+ __func__, offset);
+ return MEMTX_OK;
+ }
+}
+
+static MemTxResult smmu_read_mmio(void *opaque, hwaddr offset, uint64_t *data,
+ unsigned size, MemTxAttrs attrs)
+{
+ SMMUState *sys = opaque;
+ SMMUv3State *s = ARM_SMMUV3(sys);
+ MemTxResult r;
+
+ /* CONSTRAINED UNPREDICTABLE choice to have page0/1 be exact aliases */
+ offset &= ~0x10000;
+
+ switch (size) {
+ case 8:
+ r = smmu_readll(s, offset, data, attrs);
+ break;
+ case 4:
+ r = smmu_readl(s, offset, data, attrs);
+ break;
+ default:
+ r = MEMTX_ERROR;
+ break;
+ }
+
+ trace_smmuv3_read_mmio(offset, *data, size, r);
+ return r;
+}
+
+static const MemoryRegionOps smmu_mem_ops = {
+ .read_with_attrs = smmu_read_mmio,
+ .write_with_attrs = smmu_write_mmio,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 8,
+ },
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 8,
+ },
+};
+
+static void smmu_init_irq(SMMUv3State *s, SysBusDevice *dev)
+{
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(s->irq); i++) {
+ sysbus_init_irq(dev, &s->irq[i]);
+ }
+}
+
+static void smmu_reset(DeviceState *dev)
+{
+ SMMUv3State *s = ARM_SMMUV3(dev);
+ SMMUv3Class *c = ARM_SMMUV3_GET_CLASS(s);
+
+ c->parent_reset(dev);
+
+ smmuv3_init_regs(s);
+}
+
+static void smmu_realize(DeviceState *d, Error **errp)
+{
+ SMMUState *sys = ARM_SMMU(d);
+ SMMUv3State *s = ARM_SMMUV3(sys);
+ SMMUv3Class *c = ARM_SMMUV3_GET_CLASS(s);
+ SysBusDevice *dev = SYS_BUS_DEVICE(d);
+ Error *local_err = NULL;
+
+ c->parent_realize(d, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
+
+ memory_region_init_io(&sys->iomem, OBJECT(s),
+ &smmu_mem_ops, sys, TYPE_ARM_SMMUV3, 0x20000);
+
+ sys->mrtypename = TYPE_SMMUV3_IOMMU_MEMORY_REGION;
+
+ sysbus_init_mmio(dev, &sys->iomem);
+
+ smmu_init_irq(s, dev);
+}
+
+static const VMStateDescription vmstate_smmuv3_queue = {
+ .name = "smmuv3_queue",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT64(base, SMMUQueue),
+ VMSTATE_UINT32(prod, SMMUQueue),
+ VMSTATE_UINT32(cons, SMMUQueue),
+ VMSTATE_UINT8(log2size, SMMUQueue),
+ },
+};
+
+static const VMStateDescription vmstate_smmuv3 = {
+ .name = "smmuv3",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(features, SMMUv3State),
+ VMSTATE_UINT8(sid_size, SMMUv3State),
+ VMSTATE_UINT8(sid_split, SMMUv3State),
+
+ VMSTATE_UINT32_ARRAY(cr, SMMUv3State, 3),
+ VMSTATE_UINT32(cr0ack, SMMUv3State),
+ VMSTATE_UINT32(statusr, SMMUv3State),
+ VMSTATE_UINT32(irq_ctrl, SMMUv3State),
+ VMSTATE_UINT32(gerror, SMMUv3State),
+ VMSTATE_UINT32(gerrorn, SMMUv3State),
+ VMSTATE_UINT64(gerror_irq_cfg0, SMMUv3State),
+ VMSTATE_UINT32(gerror_irq_cfg1, SMMUv3State),
+ VMSTATE_UINT32(gerror_irq_cfg2, SMMUv3State),
+ VMSTATE_UINT64(strtab_base, SMMUv3State),
+ VMSTATE_UINT32(strtab_base_cfg, SMMUv3State),
+ VMSTATE_UINT64(eventq_irq_cfg0, SMMUv3State),
+ VMSTATE_UINT32(eventq_irq_cfg1, SMMUv3State),
+ VMSTATE_UINT32(eventq_irq_cfg2, SMMUv3State),
+
+ VMSTATE_STRUCT(cmdq, SMMUv3State, 0, vmstate_smmuv3_queue, SMMUQueue),
+ VMSTATE_STRUCT(eventq, SMMUv3State, 0, vmstate_smmuv3_queue, SMMUQueue),
+
+ VMSTATE_END_OF_LIST(),
+ },
+};
+
+static void smmuv3_instance_init(Object *obj)
+{
+ /* Nothing much to do here as of now */
+}
+
+static void smmuv3_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ SMMUv3Class *c = ARM_SMMUV3_CLASS(klass);
+
+ dc->vmsd = &vmstate_smmuv3;
+ device_class_set_parent_reset(dc, smmu_reset, &c->parent_reset);
+ c->parent_realize = dc->realize;
+ dc->realize = smmu_realize;
+}
+
+static void smmuv3_iommu_memory_region_class_init(ObjectClass *klass,
+ void *data)
+{
+}
+
+static const TypeInfo smmuv3_type_info = {
+ .name = TYPE_ARM_SMMUV3,
+ .parent = TYPE_ARM_SMMU,
+ .instance_size = sizeof(SMMUv3State),
+ .instance_init = smmuv3_instance_init,
+ .class_size = sizeof(SMMUv3Class),
+ .class_init = smmuv3_class_init,
+};
+
+static const TypeInfo smmuv3_iommu_memory_region_info = {
+ .parent = TYPE_IOMMU_MEMORY_REGION,
+ .name = TYPE_SMMUV3_IOMMU_MEMORY_REGION,
+ .class_init = smmuv3_iommu_memory_region_class_init,
+};
+
+static void smmuv3_register_types(void)
+{
+ type_register(&smmuv3_type_info);
+ type_register(&smmuv3_iommu_memory_region_info);
+}
+
+type_init(smmuv3_register_types)
+
diff --git a/hw/arm/trace-events b/hw/arm/trace-events
index 524964a..2f3d74a 100644
--- a/hw/arm/trace-events
+++ b/hw/arm/trace-events
@@ -12,3 +12,6 @@ smmu_ptw_invalid_pte(int stage, int level, uint64_t baseaddr, uint64_t pteaddr,
smmu_ptw_page_pte(int stage, int level, uint64_t iova, uint64_t baseaddr, uint64_t pteaddr, uint64_t pte, uint64_t address) "stage=%d level=%d iova=0x%"PRIx64" base@=0x%"PRIx64" pte@=0x%"PRIx64" pte=0x%"PRIx64" page address = 0x%"PRIx64
smmu_ptw_block_pte(int stage, int level, uint64_t baseaddr, uint64_t pteaddr, uint64_t pte, uint64_t iova, uint64_t gpa, int bsize_mb) "stage=%d level=%d base@=0x%"PRIx64" pte@=0x%"PRIx64" pte=0x%"PRIx64" iova=0x%"PRIx64" block address = 0x%"PRIx64" block size = %d MiB"
smmu_get_pte(uint64_t baseaddr, int index, uint64_t pteaddr, uint64_t pte) "baseaddr=0x%"PRIx64" index=0x%x, pteaddr=0x%"PRIx64", pte=0x%"PRIx64
+
+#hw/arm/smmuv3.c
+smmuv3_read_mmio(uint64_t addr, uint64_t val, unsigned size, uint32_t r) "addr: 0x%"PRIx64" val:0x%"PRIx64" size: 0x%x(%d)"
diff --git a/include/hw/arm/smmuv3.h b/include/hw/arm/smmuv3.h
new file mode 100644
index 0000000..23f7036
--- /dev/null
+++ b/include/hw/arm/smmuv3.h
@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2014-2016 Broadcom Corporation
+ * Copyright (c) 2017 Red Hat, Inc.
+ * Written by Prem Mallappa, Eric Auger
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef HW_ARM_SMMUV3_H
+#define HW_ARM_SMMUV3_H
+
+#include "hw/arm/smmu-common.h"
+#include "hw/registerfields.h"
+
+#define TYPE_SMMUV3_IOMMU_MEMORY_REGION "smmuv3-iommu-memory-region"
+
+typedef struct SMMUQueue {
+ uint64_t base; /* base register */
+ uint32_t prod;
+ uint32_t cons;
+ uint8_t entry_size;
+ uint8_t log2size;
+} SMMUQueue;
+
+typedef struct SMMUv3State {
+ SMMUState smmu_state;
+
+ uint32_t features;
+ uint8_t sid_size;
+ uint8_t sid_split;
+
+ uint32_t idr[6];
+ uint32_t iidr;
+ uint32_t cr[3];
+ uint32_t cr0ack;
+ uint32_t statusr;
+ uint32_t irq_ctrl;
+ uint32_t gerror;
+ uint32_t gerrorn;
+ uint64_t gerror_irq_cfg0;
+ uint32_t gerror_irq_cfg1;
+ uint32_t gerror_irq_cfg2;
+ uint64_t strtab_base;
+ uint32_t strtab_base_cfg;
+ uint64_t eventq_irq_cfg0;
+ uint32_t eventq_irq_cfg1;
+ uint32_t eventq_irq_cfg2;
+
+ SMMUQueue eventq, cmdq;
+
+ qemu_irq irq[4];
+} SMMUv3State;
+
+typedef enum {
+ SMMU_IRQ_EVTQ,
+ SMMU_IRQ_PRIQ,
+ SMMU_IRQ_CMD_SYNC,
+ SMMU_IRQ_GERROR,
+} SMMUIrq;
+
+typedef struct {
+ /*< private >*/
+ SMMUBaseClass smmu_base_class;
+ /*< public >*/
+
+ DeviceRealize parent_realize;
+ DeviceReset parent_reset;
+} SMMUv3Class;
+
+#define TYPE_ARM_SMMUV3 "arm-smmuv3"
+#define ARM_SMMUV3(obj) OBJECT_CHECK(SMMUv3State, (obj), TYPE_ARM_SMMUV3)
+#define ARM_SMMUV3_CLASS(klass) \
+ OBJECT_CLASS_CHECK(SMMUv3Class, (klass), TYPE_ARM_SMMUV3)
+#define ARM_SMMUV3_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(SMMUv3Class, (obj), TYPE_ARM_SMMUV3)
+
+#endif
--
2.5.5
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [Qemu-devel] [PATCH v11 05/17] hw/arm/smmuv3: Wired IRQ and GERROR helpers
2018-04-12 7:37 [Qemu-devel] [PATCH v11 00/17] ARM SMMUv3 Emulation Support Eric Auger
` (3 preceding siblings ...)
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 04/17] hw/arm/smmuv3: Skeleton Eric Auger
@ 2018-04-12 7:37 ` Eric Auger
2018-04-16 13:10 ` Peter Maydell
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 06/17] hw/arm/smmuv3: Queue helpers Eric Auger
` (11 subsequent siblings)
16 siblings, 1 reply; 37+ messages in thread
From: Eric Auger @ 2018-04-12 7:37 UTC (permalink / raw)
To: eric.auger.pro, eric.auger, qemu-devel, qemu-arm, peter.maydell,
prem.mallappa
Cc: alex.williamson, tn, mst, cdall, bharat.bhushan,
jean-philippe.brucker, linuc.decode, peterx, jintack
We introduce some helpers to handle wired IRQs and especially
GERROR interrupt. SMMU writes GERROR register on GERROR event
and SW acks GERROR interrupts by setting GERRORn.
The Wired interrupts are edge sensitive hence the pulse usage.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
---
v9 - v10:
- s/hwaddr/uint64_t in trace-events
- use qemu_log_mask LOG_UNIMP on PRI IRQ
- add a comment saying smmuv3_trigger_irq and smmuv3_write_gerrorn
will become static later on
- write gerrorn without filtering (ie. even if the guest toggles non
active IRQs)
- pulse if at least one new IRQ type
- smmuv3_eventq_irq_enabled and smmuv3_gerror_irq_enabled become
static inline
v7 -> v8:
- remove SMMU_PENDING_GERRORS macro
- properly toggle gerror
- properly sanitize gerrorn write
---
hw/arm/smmuv3-internal.h | 36 +++++++++++----------------
hw/arm/smmuv3.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++
hw/arm/trace-events | 3 +++
3 files changed, 81 insertions(+), 22 deletions(-)
diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
index a6461fe..32f81d4 100644
--- a/hw/arm/smmuv3-internal.h
+++ b/hw/arm/smmuv3-internal.h
@@ -129,28 +129,6 @@ typedef struct Evt {
uint32_t word[8];
} Evt;
-/**
- * smmu_read64 - 64-bit register read utility function supporting
- * aligned 32-bit word access to both 32-bit halves and aligned 64-bit
- * access.
- *
- * @r: register address
- * @offset: byte offset if 32-bit access
- * @size: read byte size
- */
-static inline uint64_t smmu_read64(uint64_t r, unsigned offset,
- unsigned size)
-{
- if (size == 8) {
- return r;
- }
-
- /* 32 bit access */
- assert(!offset || offset == 4);
-
- return extract64(r, offset << 3, 32);
-}
-
static inline uint32_t smmuv3_idreg(int regoffset)
{
/*
@@ -164,4 +142,18 @@ static inline uint32_t smmuv3_idreg(int regoffset)
return smmuv3_ids[regoffset / 4];
}
+static inline bool smmuv3_eventq_irq_enabled(SMMUv3State *s)
+{
+ return FIELD_EX32(s->irq_ctrl, IRQ_CTRL, EVENTQ_IRQEN);
+}
+
+static inline bool smmuv3_gerror_irq_enabled(SMMUv3State *s)
+{
+ return FIELD_EX32(s->irq_ctrl, IRQ_CTRL, GERROR_IRQEN);
+}
+
+/* public until callers get introduced */
+void smmuv3_trigger_irq(SMMUv3State *s, SMMUIrq irq, uint32_t gerror_mask);
+void smmuv3_write_gerrorn(SMMUv3State *s, uint32_t gerrorn);
+
#endif
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index dba4656..46683a8 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -30,6 +30,70 @@
#include "hw/arm/smmuv3.h"
#include "smmuv3-internal.h"
+/**
+ * smmuv3_trigger_irq - pulse @irq if enabled and update
+ * GERROR register in case of GERROR interrupt
+ *
+ * @irq: irq type
+ * @gerror_mask: mask of gerrors to toggle (relevant if @irq is GERROR)
+ */
+void smmuv3_trigger_irq(SMMUv3State *s, SMMUIrq irq, uint32_t gerror_mask)
+{
+
+ bool pulse = false;
+
+ switch (irq) {
+ case SMMU_IRQ_EVTQ:
+ pulse = smmuv3_eventq_irq_enabled(s);
+ break;
+ case SMMU_IRQ_PRIQ:
+ qemu_log_mask(LOG_UNIMP, "PRI not yet supported\n");
+ break;
+ case SMMU_IRQ_CMD_SYNC:
+ pulse = true;
+ break;
+ case SMMU_IRQ_GERROR:
+ {
+ uint32_t pending = s->gerror ^ s->gerrorn;
+ uint32_t new_gerrors = ~pending & gerror_mask;
+
+ if (!new_gerrors) {
+ /* only toggle non pending errors */
+ return;
+ }
+ s->gerror ^= new_gerrors;
+ trace_smmuv3_write_gerror(new_gerrors, s->gerror);
+
+ pulse = smmuv3_gerror_irq_enabled(s);
+ break;
+ }
+ }
+ if (pulse) {
+ trace_smmuv3_trigger_irq(irq);
+ qemu_irq_pulse(s->irq[irq]);
+ }
+}
+
+void smmuv3_write_gerrorn(SMMUv3State *s, uint32_t new_gerrorn)
+{
+ uint32_t pending = s->gerror ^ s->gerrorn;
+ uint32_t toggled = s->gerrorn ^ new_gerrorn;
+
+ if (toggled & ~pending) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "guest toggles non pending errors = 0x%x\n",
+ toggled & ~pending);
+ }
+
+ /*
+ * We do not raise any error in case guest toggles bits corresponding
+ * to not active IRQs (CONSTRAINED UNPREDICTABLE)
+ */
+ s->gerrorn = new_gerrorn;
+
+ trace_smmuv3_write_gerrorn(toggled & pending, s->gerrorn);
+}
+
static void smmuv3_init_regs(SMMUv3State *s)
{
/**
diff --git a/hw/arm/trace-events b/hw/arm/trace-events
index 2f3d74a..b77f8d2 100644
--- a/hw/arm/trace-events
+++ b/hw/arm/trace-events
@@ -15,3 +15,6 @@ smmu_get_pte(uint64_t baseaddr, int index, uint64_t pteaddr, uint64_t pte) "base
#hw/arm/smmuv3.c
smmuv3_read_mmio(uint64_t addr, uint64_t val, unsigned size, uint32_t r) "addr: 0x%"PRIx64" val:0x%"PRIx64" size: 0x%x(%d)"
+smmuv3_trigger_irq(int irq) "irq=%d"
+smmuv3_write_gerror(uint32_t toggled, uint32_t gerror) "toggled=0x%x, new GERROR=0x%x"
+smmuv3_write_gerrorn(uint32_t acked, uint32_t gerrorn) "acked=0x%x, new GERRORN=0x%x"
--
2.5.5
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [Qemu-devel] [PATCH v11 06/17] hw/arm/smmuv3: Queue helpers
2018-04-12 7:37 [Qemu-devel] [PATCH v11 00/17] ARM SMMUv3 Emulation Support Eric Auger
` (4 preceding siblings ...)
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 05/17] hw/arm/smmuv3: Wired IRQ and GERROR helpers Eric Auger
@ 2018-04-12 7:37 ` Eric Auger
2018-04-16 16:41 ` Peter Maydell
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 07/17] hw/arm/smmuv3: Implement MMIO write operations Eric Auger
` (10 subsequent siblings)
16 siblings, 1 reply; 37+ messages in thread
From: Eric Auger @ 2018-04-12 7:37 UTC (permalink / raw)
To: eric.auger.pro, eric.auger, qemu-devel, qemu-arm, peter.maydell,
prem.mallappa
Cc: alex.williamson, tn, mst, cdall, bharat.bhushan,
jean-philippe.brucker, linuc.decode, peterx, jintack
We introduce helpers to read/write into the command and event
circular queues.
smmuv3_write_eventq and smmuv3_cmq_consume will become static
in subsequent patches.
Invalidation commands are not yet dealt with. We do not cache
data that need to be invalidated. This will change with vhost
integration.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
---
v9 -> v10:
- simplified macros
- s/BASE/Q_BASE
- use log2size field
- static inline functions replacing some macros
- simplified queue_prod_incr/queue_cons_incr and use deposit32
- trace for cmdq_consume failure
v8 -> v9:
- fix CMD_SSID & CMD_ADDR + some renamings
- do cons increment after the execution of the command
- add Q_INCONSISTENT()
v7 -> v8
- use address_space_rw
- helpers inspired from spec
---
hw/arm/smmuv3-internal.h | 154 +++++++++++++++++++++++++++++++++++++++++++++++
hw/arm/smmuv3.c | 136 +++++++++++++++++++++++++++++++++++++++++
hw/arm/trace-events | 5 ++
3 files changed, 295 insertions(+)
diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
index 32f81d4..968fa25 100644
--- a/hw/arm/smmuv3-internal.h
+++ b/hw/arm/smmuv3-internal.h
@@ -156,4 +156,158 @@ static inline bool smmuv3_gerror_irq_enabled(SMMUv3State *s)
void smmuv3_trigger_irq(SMMUv3State *s, SMMUIrq irq, uint32_t gerror_mask);
void smmuv3_write_gerrorn(SMMUv3State *s, uint32_t gerrorn);
+/* Queue Handling */
+
+#define Q_BASE(q) ((q)->base & SMMU_BASE_ADDR_MASK)
+#define WRAP_MASK(q) (1 << (q)->log2size)
+#define INDEX_MASK(q) (((1 << (q)->log2size)) - 1)
+#define WRAP_INDEX_MASK(q) ((1 << ((q)->log2size + 1)) - 1)
+
+#define Q_CONS(q) ((q)->cons & INDEX_MASK(q))
+#define Q_PROD(q) ((q)->prod & INDEX_MASK(q))
+
+#define Q_CONS_ENTRY(q) (Q_BASE(q) + (q)->entry_size * Q_CONS(q))
+#define Q_PROD_ENTRY(q) (Q_BASE(q) + (q)->entry_size * Q_PROD(q))
+
+#define Q_CONS_WRAP(q) (((q)->cons & WRAP_MASK(q)) >> (q)->log2size)
+#define Q_PROD_WRAP(q) (((q)->prod & WRAP_MASK(q)) >> (q)->log2size)
+
+static inline bool smmuv3_q_full(SMMUQueue *q)
+{
+ return ((q->cons ^ q->prod) & WRAP_INDEX_MASK(q)) == WRAP_MASK(q);
+}
+
+static inline bool smmuv3_q_empty(SMMUQueue *q)
+{
+ return (q->cons & WRAP_INDEX_MASK(q)) == (q->prod & WRAP_INDEX_MASK(q));
+}
+
+static inline void queue_prod_incr(SMMUQueue *q)
+{
+ q->prod = (q->prod + 1) & WRAP_INDEX_MASK(q);
+}
+
+static inline void queue_cons_incr(SMMUQueue *q)
+{
+ q->cons = deposit32(q->cons, 0, q->log2size + 1, q->cons + 1);
+}
+
+static inline bool smmuv3_cmdq_enabled(SMMUv3State *s)
+{
+ return FIELD_EX32(s->cr[0], CR0, CMDQEN);
+}
+
+static inline bool smmuv3_eventq_enabled(SMMUv3State *s)
+{
+ return FIELD_EX32(s->cr[0], CR0, EVENTQEN);
+}
+
+static inline void smmu_write_cmdq_err(SMMUv3State *s, uint32_t err_type)
+{
+ s->cmdq.cons = FIELD_DP32(s->cmdq.cons, CMDQ_CONS, ERR, err_type);
+}
+
+void smmuv3_write_eventq(SMMUv3State *s, Evt *evt);
+
+/* Commands */
+
+typedef enum SMMUCommandType {
+ SMMU_CMD_PREFETCH_CONFIG = 0x01,
+ SMMU_CMD_PREFETCH_ADDR,
+ SMMU_CMD_CFGI_STE,
+ SMMU_CMD_CFGI_STE_RANGE,
+ SMMU_CMD_CFGI_CD,
+ SMMU_CMD_CFGI_CD_ALL,
+ SMMU_CMD_CFGI_ALL,
+ SMMU_CMD_TLBI_NH_ALL = 0x10,
+ SMMU_CMD_TLBI_NH_ASID,
+ SMMU_CMD_TLBI_NH_VA,
+ SMMU_CMD_TLBI_NH_VAA,
+ SMMU_CMD_TLBI_EL3_ALL = 0x18,
+ SMMU_CMD_TLBI_EL3_VA = 0x1a,
+ SMMU_CMD_TLBI_EL2_ALL = 0x20,
+ SMMU_CMD_TLBI_EL2_ASID,
+ SMMU_CMD_TLBI_EL2_VA,
+ SMMU_CMD_TLBI_EL2_VAA, /* 0x23 */
+ SMMU_CMD_TLBI_S12_VMALL = 0x28,
+ SMMU_CMD_TLBI_S2_IPA = 0x2a,
+ SMMU_CMD_TLBI_NSNH_ALL = 0x30,
+ SMMU_CMD_ATC_INV = 0x40,
+ SMMU_CMD_PRI_RESP,
+ SMMU_CMD_RESUME = 0x44,
+ SMMU_CMD_STALL_TERM,
+ SMMU_CMD_SYNC, /* 0x46 */
+} SMMUCommandType;
+
+static const char *cmd_stringify[] = {
+ [SMMU_CMD_PREFETCH_CONFIG] = "SMMU_CMD_PREFETCH_CONFIG",
+ [SMMU_CMD_PREFETCH_ADDR] = "SMMU_CMD_PREFETCH_ADDR",
+ [SMMU_CMD_CFGI_STE] = "SMMU_CMD_CFGI_STE",
+ [SMMU_CMD_CFGI_STE_RANGE] = "SMMU_CMD_CFGI_STE_RANGE",
+ [SMMU_CMD_CFGI_CD] = "SMMU_CMD_CFGI_CD",
+ [SMMU_CMD_CFGI_CD_ALL] = "SMMU_CMD_CFGI_CD_ALL",
+ [SMMU_CMD_CFGI_ALL] = "SMMU_CMD_CFGI_ALL",
+ [SMMU_CMD_TLBI_NH_ALL] = "SMMU_CMD_TLBI_NH_ALL",
+ [SMMU_CMD_TLBI_NH_ASID] = "SMMU_CMD_TLBI_NH_ASID",
+ [SMMU_CMD_TLBI_NH_VA] = "SMMU_CMD_TLBI_NH_VA",
+ [SMMU_CMD_TLBI_NH_VAA] = "SMMU_CMD_TLBI_NH_VAA",
+ [SMMU_CMD_TLBI_EL3_ALL] = "SMMU_CMD_TLBI_EL3_ALL",
+ [SMMU_CMD_TLBI_EL3_VA] = "SMMU_CMD_TLBI_EL3_VA",
+ [SMMU_CMD_TLBI_EL2_ALL] = "SMMU_CMD_TLBI_EL2_ALL",
+ [SMMU_CMD_TLBI_EL2_ASID] = "SMMU_CMD_TLBI_EL2_ASID",
+ [SMMU_CMD_TLBI_EL2_VA] = "SMMU_CMD_TLBI_EL2_VA",
+ [SMMU_CMD_TLBI_EL2_VAA] = "SMMU_CMD_TLBI_EL2_VAA",
+ [SMMU_CMD_TLBI_S12_VMALL] = "SMMU_CMD_TLBI_S12_VMALL",
+ [SMMU_CMD_TLBI_S2_IPA] = "SMMU_CMD_TLBI_S2_IPA",
+ [SMMU_CMD_TLBI_NSNH_ALL] = "SMMU_CMD_TLBI_NSNH_ALL",
+ [SMMU_CMD_ATC_INV] = "SMMU_CMD_ATC_INV",
+ [SMMU_CMD_PRI_RESP] = "SMMU_CMD_PRI_RESP",
+ [SMMU_CMD_RESUME] = "SMMU_CMD_RESUME",
+ [SMMU_CMD_STALL_TERM] = "SMMU_CMD_STALL_TERM",
+ [SMMU_CMD_SYNC] = "SMMU_CMD_SYNC",
+};
+
+static inline const char *smmu_cmd_string(SMMUCommandType type)
+{
+ return cmd_stringify[type] ? cmd_stringify[type] : "UNKNOWN";
+}
+
+/* CMDQ fields */
+
+typedef enum {
+ SMMU_CERROR_NONE = 0,
+ SMMU_CERROR_ILL,
+ SMMU_CERROR_ABT,
+ SMMU_CERROR_ATC_INV_SYNC,
+} SMMUCmdError;
+
+enum { /* Command completion notification */
+ CMD_SYNC_SIG_NONE,
+ CMD_SYNC_SIG_IRQ,
+ CMD_SYNC_SIG_SEV,
+};
+
+#define CMD_TYPE(x) extract32((x)->word[0], 0 , 8)
+#define CMD_SSEC(x) extract32((x)->word[0], 10, 1)
+#define CMD_SSV(x) extract32((x)->word[0], 11, 1)
+#define CMD_RESUME_AC(x) extract32((x)->word[0], 12, 1)
+#define CMD_RESUME_AB(x) extract32((x)->word[0], 13, 1)
+#define CMD_SYNC_CS(x) extract32((x)->word[0], 12, 2)
+#define CMD_SSID(x) extract32((x)->word[0], 12, 20)
+#define CMD_SID(x) ((x)->word[1])
+#define CMD_VMID(x) extract32((x)->word[1], 0 , 16)
+#define CMD_ASID(x) extract32((x)->word[1], 16, 16)
+#define CMD_RESUME_STAG(x) extract32((x)->word[2], 0 , 16)
+#define CMD_RESP(x) extract32((x)->word[2], 11, 2)
+#define CMD_LEAF(x) extract32((x)->word[2], 0 , 1)
+#define CMD_STE_RANGE(x) extract32((x)->word[2], 0 , 5)
+#define CMD_ADDR(x) ({ \
+ uint64_t high = (uint64_t)(x)->word[3]; \
+ uint64_t low = extract32((x)->word[2], 12, 20); \
+ uint64_t addr = high << 32 | (low << 12); \
+ addr; \
+ })
+
+int smmuv3_cmdq_consume(SMMUv3State *s);
+
#endif
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index 46683a8..899f0e0 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -94,6 +94,46 @@ void smmuv3_write_gerrorn(SMMUv3State *s, uint32_t new_gerrorn)
trace_smmuv3_write_gerrorn(toggled & pending, s->gerrorn);
}
+static inline MemTxResult queue_read(SMMUQueue *q, void *data)
+{
+ dma_addr_t addr = Q_CONS_ENTRY(q);
+
+ return dma_memory_read(&address_space_memory, addr, data, q->entry_size);
+}
+
+static MemTxResult queue_write(SMMUQueue *q, void *data)
+{
+ dma_addr_t addr = Q_PROD_ENTRY(q);
+ MemTxResult ret;
+
+ ret = dma_memory_write(&address_space_memory, addr, data, q->entry_size);
+ if (ret != MEMTX_OK) {
+ return ret;
+ }
+
+ queue_prod_incr(q);
+ return MEMTX_OK;
+}
+
+void smmuv3_write_eventq(SMMUv3State *s, Evt *evt)
+{
+ SMMUQueue *q = &s->eventq;
+
+ if (!smmuv3_eventq_enabled(s)) {
+ return;
+ }
+
+ if (smmuv3_q_full(q)) {
+ return;
+ }
+
+ queue_write(q, evt);
+
+ if (smmuv3_q_empty(q)) {
+ smmuv3_trigger_irq(s, SMMU_IRQ_EVTQ, 0);
+ }
+}
+
static void smmuv3_init_regs(SMMUv3State *s)
{
/**
@@ -133,6 +173,102 @@ static void smmuv3_init_regs(SMMUv3State *s)
s->sid_split = 0;
}
+int smmuv3_cmdq_consume(SMMUv3State *s)
+{
+ SMMUCmdError cmd_error = SMMU_CERROR_NONE;
+ SMMUQueue *q = &s->cmdq;
+ SMMUCommandType type = 0;
+
+ if (!smmuv3_cmdq_enabled(s)) {
+ return 0;
+ }
+ /*
+ * some commands depend on register values, typically CR0. In case those
+ * register values change while handling the command, spec says it
+ * is UNPREDICTABLE whether the command is interpreted under the new
+ * or old value.
+ */
+
+ while (!smmuv3_q_empty(q)) {
+ uint32_t pending = s->gerror ^ s->gerrorn;
+ Cmd cmd;
+
+ trace_smmuv3_cmdq_consume(Q_PROD(q), Q_CONS(q),
+ Q_PROD_WRAP(q), Q_CONS_WRAP(q));
+
+ if (FIELD_EX32(pending, GERROR, CMDQ_ERR)) {
+ break;
+ }
+
+ if (queue_read(q, &cmd) != MEMTX_OK) {
+ cmd_error = SMMU_CERROR_ABT;
+ break;
+ }
+
+ type = CMD_TYPE(&cmd);
+
+ trace_smmuv3_cmdq_opcode(smmu_cmd_string(type));
+
+ switch (type) {
+ case SMMU_CMD_SYNC:
+ if (CMD_SYNC_CS(&cmd) & CMD_SYNC_SIG_IRQ) {
+ smmuv3_trigger_irq(s, SMMU_IRQ_CMD_SYNC, 0);
+ }
+ break;
+ case SMMU_CMD_PREFETCH_CONFIG:
+ case SMMU_CMD_PREFETCH_ADDR:
+ case SMMU_CMD_CFGI_STE:
+ case SMMU_CMD_CFGI_STE_RANGE: /* same as SMMU_CMD_CFGI_ALL */
+ case SMMU_CMD_CFGI_CD:
+ case SMMU_CMD_CFGI_CD_ALL:
+ case SMMU_CMD_TLBI_NH_ALL:
+ case SMMU_CMD_TLBI_NH_ASID:
+ case SMMU_CMD_TLBI_NH_VA:
+ case SMMU_CMD_TLBI_NH_VAA:
+ case SMMU_CMD_TLBI_EL3_ALL:
+ case SMMU_CMD_TLBI_EL3_VA:
+ case SMMU_CMD_TLBI_EL2_ALL:
+ case SMMU_CMD_TLBI_EL2_ASID:
+ case SMMU_CMD_TLBI_EL2_VA:
+ case SMMU_CMD_TLBI_EL2_VAA:
+ case SMMU_CMD_TLBI_S12_VMALL:
+ case SMMU_CMD_TLBI_S2_IPA:
+ case SMMU_CMD_TLBI_NSNH_ALL:
+ case SMMU_CMD_ATC_INV:
+ case SMMU_CMD_PRI_RESP:
+ case SMMU_CMD_RESUME:
+ case SMMU_CMD_STALL_TERM:
+ trace_smmuv3_unhandled_cmd(type);
+ break;
+ default:
+ cmd_error = SMMU_CERROR_ILL;
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "Illegal command type: %d\n", CMD_TYPE(&cmd));
+ break;
+ }
+ if (cmd_error) {
+ break;
+ }
+ /*
+ * We only increment the cons index after the completion of
+ * the command. We do that because the SYNC returns immediately
+ * and does not check the completion of previous commands
+ */
+ queue_cons_incr(q);
+ }
+
+ if (cmd_error) {
+ trace_smmuv3_cmdq_consume_error(smmu_cmd_string(type), cmd_error);
+ smmu_write_cmdq_err(s, cmd_error);
+ smmuv3_trigger_irq(s, SMMU_IRQ_GERROR, R_GERROR_CMDQ_ERR_MASK);
+ }
+
+ trace_smmuv3_cmdq_consume_out(Q_PROD(q), Q_CONS(q),
+ Q_PROD_WRAP(q), Q_CONS_WRAP(q));
+
+ return 0;
+}
+
static MemTxResult smmu_write_mmio(void *opaque, hwaddr offset, uint64_t data,
unsigned size, MemTxAttrs attrs)
{
diff --git a/hw/arm/trace-events b/hw/arm/trace-events
index b77f8d2..38b35fa 100644
--- a/hw/arm/trace-events
+++ b/hw/arm/trace-events
@@ -18,3 +18,8 @@ smmuv3_read_mmio(uint64_t addr, uint64_t val, unsigned size, uint32_t r) "addr:
smmuv3_trigger_irq(int irq) "irq=%d"
smmuv3_write_gerror(uint32_t toggled, uint32_t gerror) "toggled=0x%x, new GERROR=0x%x"
smmuv3_write_gerrorn(uint32_t acked, uint32_t gerrorn) "acked=0x%x, new GERRORN=0x%x"
+smmuv3_unhandled_cmd(uint32_t type) "Unhandled command type=%d"
+smmuv3_cmdq_consume(uint32_t prod, uint32_t cons, uint8_t prod_wrap, uint8_t cons_wrap) "prod=%d cons=%d prod.wrap=%d cons.wrap=%d"
+smmuv3_cmdq_opcode(const char *opcode) "<--- %s"
+smmuv3_cmdq_consume_out(uint32_t prod, uint32_t cons, uint8_t prod_wrap, uint8_t cons_wrap) "prod:%d, cons:%d, prod_wrap:%d, cons_wrap:%d "
+smmuv3_cmdq_consume_error(const char *cmd_name, uint8_t cmd_error) "Error on %s command execution: %d"
--
2.5.5
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [Qemu-devel] [PATCH v11 07/17] hw/arm/smmuv3: Implement MMIO write operations
2018-04-12 7:37 [Qemu-devel] [PATCH v11 00/17] ARM SMMUv3 Emulation Support Eric Auger
` (5 preceding siblings ...)
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 06/17] hw/arm/smmuv3: Queue helpers Eric Auger
@ 2018-04-12 7:37 ` Eric Auger
2018-04-16 16:46 ` Peter Maydell
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 08/17] hw/arm/smmuv3: Event queue recording helper Eric Auger
` (9 subsequent siblings)
16 siblings, 1 reply; 37+ messages in thread
From: Eric Auger @ 2018-04-12 7:37 UTC (permalink / raw)
To: eric.auger.pro, eric.auger, qemu-devel, qemu-arm, peter.maydell,
prem.mallappa
Cc: alex.williamson, tn, mst, cdall, bharat.bhushan,
jean-philippe.brucker, linuc.decode, peterx, jintack
Now we have relevant helpers for queue and irq
management, let's implement MMIO write operations.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
---
v9 -> v10:
- s/hwaddr/uint64_t in trace-events
- added SMMU_FEATURE_2LVL_STE in this patch
- removed smmu_write64 and created writel/writell infra
- store capped log2size
- mask CR0 reserved bits
v7 -> v8:
- precise in the commit message invalidation commands
are not yet treated.
- use new queue helpers
- do not decode unhandled commands at this stage
---
hw/arm/smmuv3-internal.h | 8 +--
hw/arm/smmuv3.c | 172 +++++++++++++++++++++++++++++++++++++++++++++--
hw/arm/trace-events | 6 ++
3 files changed, 175 insertions(+), 11 deletions(-)
diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
index 968fa25..8550be0 100644
--- a/hw/arm/smmuv3-internal.h
+++ b/hw/arm/smmuv3-internal.h
@@ -64,6 +64,8 @@ REG32(CR0, 0x20)
FIELD(CR0, EVENTQEN, 2, 1)
FIELD(CR0, CMDQEN, 3, 1)
+#define SMMU_CR0_RESERVED 0xFFFFFC20
+
REG32(CR0ACK, 0x24)
REG32(CR1, 0x28)
REG32(CR2, 0x2c)
@@ -152,10 +154,6 @@ static inline bool smmuv3_gerror_irq_enabled(SMMUv3State *s)
return FIELD_EX32(s->irq_ctrl, IRQ_CTRL, GERROR_IRQEN);
}
-/* public until callers get introduced */
-void smmuv3_trigger_irq(SMMUv3State *s, SMMUIrq irq, uint32_t gerror_mask);
-void smmuv3_write_gerrorn(SMMUv3State *s, uint32_t gerrorn);
-
/* Queue Handling */
#define Q_BASE(q) ((q)->base & SMMU_BASE_ADDR_MASK)
@@ -308,6 +306,6 @@ enum { /* Command completion notification */
addr; \
})
-int smmuv3_cmdq_consume(SMMUv3State *s);
+#define SMMU_FEATURE_2LVL_STE (1 << 0)
#endif
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index 899f0e0..82ad1af 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -37,7 +37,8 @@
* @irq: irq type
* @gerror_mask: mask of gerrors to toggle (relevant if @irq is GERROR)
*/
-void smmuv3_trigger_irq(SMMUv3State *s, SMMUIrq irq, uint32_t gerror_mask)
+static void smmuv3_trigger_irq(SMMUv3State *s, SMMUIrq irq,
+ uint32_t gerror_mask)
{
bool pulse = false;
@@ -74,7 +75,7 @@ void smmuv3_trigger_irq(SMMUv3State *s, SMMUIrq irq, uint32_t gerror_mask)
}
}
-void smmuv3_write_gerrorn(SMMUv3State *s, uint32_t new_gerrorn)
+static void smmuv3_write_gerrorn(SMMUv3State *s, uint32_t new_gerrorn)
{
uint32_t pending = s->gerror ^ s->gerrorn;
uint32_t toggled = s->gerrorn ^ new_gerrorn;
@@ -173,7 +174,7 @@ static void smmuv3_init_regs(SMMUv3State *s)
s->sid_split = 0;
}
-int smmuv3_cmdq_consume(SMMUv3State *s)
+static int smmuv3_cmdq_consume(SMMUv3State *s)
{
SMMUCmdError cmd_error = SMMU_CERROR_NONE;
SMMUQueue *q = &s->cmdq;
@@ -269,11 +270,170 @@ int smmuv3_cmdq_consume(SMMUv3State *s)
return 0;
}
-static MemTxResult smmu_write_mmio(void *opaque, hwaddr offset, uint64_t data,
+static MemTxResult smmu_writell(SMMUv3State *s, hwaddr offset,
+ uint64_t value, MemTxAttrs attrs)
+{
+ switch (offset) {
+ case A_GERROR_IRQ_CFG0:
+ s->gerror_irq_cfg0 = value;
+ return MEMTX_OK;
+ case A_STRTAB_BASE:
+ s->strtab_base = value;
+ return MEMTX_OK;
+ case A_CMDQ_BASE:
+ s->cmdq.base = value;
+ s->cmdq.log2size = extract64(s->cmdq.base, 0, 5);
+ if (s->cmdq.log2size > SMMU_CMDQS) {
+ s->cmdq.log2size = SMMU_CMDQS;
+ }
+ return MEMTX_OK;
+ case A_EVENTQ_BASE:
+ s->eventq.base = value;
+ s->eventq.log2size = extract64(s->eventq.base, 0, 5);
+ if (s->eventq.log2size > SMMU_EVENTQS) {
+ s->eventq.log2size = SMMU_EVENTQS;
+ }
+ return MEMTX_OK;
+ case A_EVENTQ_IRQ_CFG0:
+ s->eventq_irq_cfg0 = value;
+ return MEMTX_OK;
+ default:
+ qemu_log_mask(LOG_UNIMP,
+ "%s Unexpected 64-bit access to 0x%"PRIx64" (WI)\n",
+ __func__, offset);
+ return MEMTX_OK;
+ }
+}
+
+static MemTxResult smmu_writel(SMMUv3State *s, hwaddr offset,
+ uint64_t value, MemTxAttrs attrs)
+{
+ switch (offset) {
+ case A_CR0:
+ s->cr[0] = value;
+ s->cr0ack = value & ~SMMU_CR0_RESERVED;
+ /* in case the command queue has been enabled */
+ smmuv3_cmdq_consume(s);
+ return MEMTX_OK;
+ case A_CR1:
+ s->cr[1] = value;
+ return MEMTX_OK;
+ case A_CR2:
+ s->cr[2] = value;
+ return MEMTX_OK;
+ case A_IRQ_CTRL:
+ s->irq_ctrl = value;
+ return MEMTX_OK;
+ case A_GERRORN:
+ smmuv3_write_gerrorn(s, value);
+ /*
+ * By acknowledging the CMDQ_ERR, SW may notify cmds can
+ * be processed again
+ */
+ smmuv3_cmdq_consume(s);
+ return MEMTX_OK;
+ case A_GERROR_IRQ_CFG0: /* 64b */
+ s->gerror_irq_cfg0 = deposit64(s->gerror_irq_cfg0, 0, 32, value);
+ return MEMTX_OK;
+ case A_GERROR_IRQ_CFG0 + 4:
+ s->gerror_irq_cfg0 = deposit64(s->gerror_irq_cfg0, 32, 32, value);
+ return MEMTX_OK;
+ case A_GERROR_IRQ_CFG1:
+ s->gerror_irq_cfg1 = value;
+ return MEMTX_OK;
+ case A_GERROR_IRQ_CFG2:
+ s->gerror_irq_cfg2 = value;
+ return MEMTX_OK;
+ case A_STRTAB_BASE: /* 64b */
+ s->strtab_base = deposit64(s->strtab_base, 0, 32, value);
+ return MEMTX_OK;
+ case A_STRTAB_BASE + 4:
+ s->strtab_base = deposit64(s->strtab_base, 32, 32, value);
+ return MEMTX_OK;
+ case A_STRTAB_BASE_CFG:
+ s->strtab_base_cfg = value;
+ if (FIELD_EX32(value, STRTAB_BASE_CFG, FMT) == 1) {
+ s->sid_split = FIELD_EX32(value, STRTAB_BASE_CFG, SPLIT);
+ s->features |= SMMU_FEATURE_2LVL_STE;
+ }
+ return MEMTX_OK;
+ case A_CMDQ_BASE: /* 64b */
+ s->cmdq.base = deposit64(s->cmdq.base, 0, 32, value);
+ s->cmdq.log2size = extract64(s->cmdq.base, 0, 5);
+ if (s->cmdq.log2size > SMMU_CMDQS) {
+ s->cmdq.log2size = SMMU_CMDQS;
+ }
+ return MEMTX_OK;
+ case A_CMDQ_BASE + 4: /* 64b */
+ s->cmdq.base = deposit64(s->cmdq.base, 32, 32, value);
+ return MEMTX_OK;
+ case A_CMDQ_PROD:
+ s->cmdq.prod = value;
+ smmuv3_cmdq_consume(s);
+ return MEMTX_OK;
+ case A_CMDQ_CONS:
+ s->cmdq.cons = value;
+ return MEMTX_OK;
+ case A_EVENTQ_BASE: /* 64b */
+ s->eventq.base = deposit64(s->eventq.base, 0, 32, value);
+ s->eventq.log2size = extract64(s->eventq.base, 0, 5);
+ if (s->eventq.log2size > SMMU_EVENTQS) {
+ s->eventq.log2size = SMMU_EVENTQS;
+ }
+ return MEMTX_OK;
+ case A_EVENTQ_BASE + 4:
+ s->eventq.base = deposit64(s->eventq.base, 32, 32, value);
+ return MEMTX_OK;
+ case A_EVENTQ_PROD:
+ s->eventq.prod = value;
+ return MEMTX_OK;
+ case A_EVENTQ_CONS:
+ s->eventq.cons = value;
+ return MEMTX_OK;
+ case A_EVENTQ_IRQ_CFG0: /* 64b */
+ s->eventq_irq_cfg0 = deposit64(s->eventq_irq_cfg0, 0, 32, value);
+ return MEMTX_OK;
+ case A_EVENTQ_IRQ_CFG0 + 4:
+ s->eventq_irq_cfg0 = deposit64(s->eventq_irq_cfg0, 32, 32, value);
+ return MEMTX_OK;
+ case A_EVENTQ_IRQ_CFG1:
+ s->eventq_irq_cfg1 = value;
+ return MEMTX_OK;
+ case A_EVENTQ_IRQ_CFG2:
+ s->eventq_irq_cfg2 = value;
+ return MEMTX_OK;
+ default:
+ qemu_log_mask(LOG_UNIMP,
+ "%s Unexpected 32-bit access to 0x%"PRIx64" (WI)\n",
+ __func__, offset);
+ return MEMTX_OK;
+ }
+}
+
+static MemTxResult smmu_write_mmio(void *opaque, hwaddr offset, uint64_t value,
unsigned size, MemTxAttrs attrs)
{
- /* not yet implemented */
- return MEMTX_ERROR;
+ SMMUState *sys = opaque;
+ SMMUv3State *s = ARM_SMMUV3(sys);
+ MemTxResult r;
+
+ /* CONSTRAINED UNPREDICTABLE choice to have page0/1 be exact aliases */
+ offset &= ~0x10000;
+
+ switch (size) {
+ case 8:
+ r = smmu_writell(s, offset, value, attrs);
+ break;
+ case 4:
+ r = smmu_writel(s, offset, value, attrs);
+ break;
+ default:
+ r = MEMTX_ERROR;
+ break;
+ }
+
+ trace_smmuv3_write_mmio(offset, value, size, r);
+ return r;
}
static MemTxResult smmu_readll(SMMUv3State *s, hwaddr offset,
diff --git a/hw/arm/trace-events b/hw/arm/trace-events
index 38b35fa..781542a 100644
--- a/hw/arm/trace-events
+++ b/hw/arm/trace-events
@@ -23,3 +23,9 @@ smmuv3_cmdq_consume(uint32_t prod, uint32_t cons, uint8_t prod_wrap, uint8_t con
smmuv3_cmdq_opcode(const char *opcode) "<--- %s"
smmuv3_cmdq_consume_out(uint32_t prod, uint32_t cons, uint8_t prod_wrap, uint8_t cons_wrap) "prod:%d, cons:%d, prod_wrap:%d, cons_wrap:%d "
smmuv3_cmdq_consume_error(const char *cmd_name, uint8_t cmd_error) "Error on %s command execution: %d"
+smmuv3_update(bool is_empty, uint32_t prod, uint32_t cons, uint8_t prod_wrap, uint8_t cons_wrap) "q empty:%d prod:%d cons:%d p.wrap:%d p.cons:%d"
+smmuv3_update_check_cmd(int error) "cmdq not enabled or error :0x%x"
+smmuv3_write_mmio(uint64_t addr, uint64_t val, unsigned size, uint32_t r) "addr: 0x%"PRIx64" val:0x%"PRIx64" size: 0x%x(%d)"
+smmuv3_write_mmio_idr(uint64_t addr, uint64_t val) "write to RO/Unimpl reg 0x%lx val64:0x%lx"
+smmuv3_write_mmio_evtq_cons_bef_clear(uint32_t prod, uint32_t cons, uint8_t prod_wrap, uint8_t cons_wrap) "Before clearing interrupt prod:0x%x cons:0x%x prod.w:%d cons.w:%d"
+smmuv3_write_mmio_evtq_cons_after_clear(uint32_t prod, uint32_t cons, uint8_t prod_wrap, uint8_t cons_wrap) "after clearing interrupt prod:0x%x cons:0x%x prod.w:%d cons.w:%d"
--
2.5.5
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [Qemu-devel] [PATCH v11 08/17] hw/arm/smmuv3: Event queue recording helper
2018-04-12 7:37 [Qemu-devel] [PATCH v11 00/17] ARM SMMUv3 Emulation Support Eric Auger
` (6 preceding siblings ...)
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 07/17] hw/arm/smmuv3: Implement MMIO write operations Eric Auger
@ 2018-04-12 7:37 ` Eric Auger
2018-04-16 16:51 ` Peter Maydell
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 09/17] hw/arm/smmuv3: Implement translate callback Eric Auger
` (8 subsequent siblings)
16 siblings, 1 reply; 37+ messages in thread
From: Eric Auger @ 2018-04-12 7:37 UTC (permalink / raw)
To: eric.auger.pro, eric.auger, qemu-devel, qemu-arm, peter.maydell,
prem.mallappa
Cc: alex.williamson, tn, mst, cdall, bharat.bhushan,
jean-philippe.brucker, linuc.decode, peterx, jintack
Let's introduce a helper function aiming at recording an
event in the event queue.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
---
v9 -> v10:
- rework SMMU_EVENT_STRING
- trigger a GERROR EVENTQ_ABT_ERR in case of eventq write failure
v8 -> v9:
- add SMMU_EVENT_STRING
v7 -> v8:
- use dma_addr_t instead of hwaddr in smmuv3_record_event()
- introduce struct SMMUEventInfo
- add event_stringify + helpers for all fields
---
hw/arm/smmuv3-internal.h | 142 ++++++++++++++++++++++++++++++++++++++++++++++-
hw/arm/smmuv3.c | 108 +++++++++++++++++++++++++++++++++--
hw/arm/trace-events | 1 +
3 files changed, 243 insertions(+), 8 deletions(-)
diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
index 8550be0..8e546bf 100644
--- a/hw/arm/smmuv3-internal.h
+++ b/hw/arm/smmuv3-internal.h
@@ -205,8 +205,6 @@ static inline void smmu_write_cmdq_err(SMMUv3State *s, uint32_t err_type)
s->cmdq.cons = FIELD_DP32(s->cmdq.cons, CMDQ_CONS, ERR, err_type);
}
-void smmuv3_write_eventq(SMMUv3State *s, Evt *evt);
-
/* Commands */
typedef enum SMMUCommandType {
@@ -308,4 +306,144 @@ enum { /* Command completion notification */
#define SMMU_FEATURE_2LVL_STE (1 << 0)
+/* Events */
+
+typedef enum SMMUEventType {
+ SMMU_EVT_OK = 0x00,
+ SMMU_EVT_F_UUT = 0x01,
+ SMMU_EVT_C_BAD_STREAMID = 0x02,
+ SMMU_EVT_F_STE_FETCH = 0x03,
+ SMMU_EVT_C_BAD_STE = 0x04,
+ SMMU_EVT_F_BAD_ATS_TREQ = 0x05,
+ SMMU_EVT_F_STREAM_DISABLED = 0x06,
+ SMMU_EVT_F_TRANS_FORBIDDEN = 0x07,
+ SMMU_EVT_C_BAD_SUBSTREAMID = 0x08,
+ SMMU_EVT_F_CD_FETCH = 0x09,
+ SMMU_EVT_C_BAD_CD = 0x0a,
+ SMMU_EVT_F_WALK_EABT = 0x0b,
+ SMMU_EVT_F_TRANSLATION = 0x10,
+ SMMU_EVT_F_ADDR_SIZE = 0x11,
+ SMMU_EVT_F_ACCESS = 0x12,
+ SMMU_EVT_F_PERMISSION = 0x13,
+ SMMU_EVT_F_TLB_CONFLICT = 0x20,
+ SMMU_EVT_F_CFG_CONFLICT = 0x21,
+ SMMU_EVT_E_PAGE_REQ = 0x24,
+} SMMUEventType;
+
+static const char *event_stringify[] = {
+ [SMMU_EVT_OK] = "SMMU_EVT_OK",
+ [SMMU_EVT_F_UUT] = "SMMU_EVT_F_UUT",
+ [SMMU_EVT_C_BAD_STREAMID] = "SMMU_EVT_C_BAD_STREAMID",
+ [SMMU_EVT_F_STE_FETCH] = "SMMU_EVT_F_STE_FETCH",
+ [SMMU_EVT_C_BAD_STE] = "SMMU_EVT_C_BAD_STE",
+ [SMMU_EVT_F_BAD_ATS_TREQ] = "SMMU_EVT_F_BAD_ATS_TREQ",
+ [SMMU_EVT_F_STREAM_DISABLED] = "SMMU_EVT_F_STREAM_DISABLED",
+ [SMMU_EVT_F_TRANS_FORBIDDEN] = "SMMU_EVT_F_TRANS_FORBIDDEN",
+ [SMMU_EVT_C_BAD_SUBSTREAMID] = "SMMU_EVT_C_BAD_SUBSTREAMID",
+ [SMMU_EVT_F_CD_FETCH] = "SMMU_EVT_F_CD_FETCH",
+ [SMMU_EVT_C_BAD_CD] = "SMMU_EVT_C_BAD_CD",
+ [SMMU_EVT_F_WALK_EABT] = "SMMU_EVT_F_WALK_EABT",
+ [SMMU_EVT_F_TRANSLATION] = "SMMU_EVT_F_TRANSLATION",
+ [SMMU_EVT_F_ADDR_SIZE] = "SMMU_EVT_F_ADDR_SIZE",
+ [SMMU_EVT_F_ACCESS] = "SMMU_EVT_F_ACCESS",
+ [SMMU_EVT_F_PERMISSION] = "SMMU_EVT_F_PERMISSION",
+ [SMMU_EVT_F_TLB_CONFLICT] = "SMMU_EVT_F_TLB_CONFLICT",
+ [SMMU_EVT_F_CFG_CONFLICT] = "SMMU_EVT_F_CFG_CONFLICT",
+ [SMMU_EVT_E_PAGE_REQ] = "SMMU_EVT_E_PAGE_REQ",
+};
+
+static inline const char *smmu_event_string(SMMUEventType type)
+{
+ return event_stringify[type] ? event_stringify[type] : "UNKNOWN";
+}
+
+/* Encode an event record */
+typedef struct SMMUEventInfo {
+ SMMUEventType type;
+ uint32_t sid;
+ bool recorded;
+ bool record_trans_faults;
+ union {
+ struct {
+ uint32_t ssid;
+ bool ssv;
+ dma_addr_t addr;
+ bool rnw;
+ bool pnu;
+ bool ind;
+ } f_uut;
+ struct ssid_info {
+ uint32_t ssid;
+ bool ssv;
+ } c_bad_streamid;
+ struct ssid_addr_info {
+ uint32_t ssid;
+ bool ssv;
+ dma_addr_t addr;
+ } f_ste_fetch;
+ struct ssid_info c_bad_ste;
+ struct {
+ dma_addr_t addr;
+ bool rnw;
+ } f_transl_forbidden;
+ struct {
+ uint32_t ssid;
+ } c_bad_substream;
+ struct ssid_addr_info f_cd_fetch;
+ struct ssid_info c_bad_cd;
+ struct full_info {
+ bool stall;
+ uint16_t stag;
+ uint32_t ssid;
+ bool ssv;
+ bool s2;
+ dma_addr_t addr;
+ bool rnw;
+ bool pnu;
+ bool ind;
+ uint8_t class;
+ dma_addr_t addr2;
+ } f_walk_eabt;
+ struct full_info f_translation;
+ struct full_info f_addr_size;
+ struct full_info f_access;
+ struct full_info f_permission;
+ struct ssid_info f_cfg_conflict;
+ /**
+ * not supported yet:
+ * F_BAD_ATS_TREQ
+ * F_BAD_ATS_TREQ
+ * F_TLB_CONFLICT
+ * E_PAGE_REQUEST
+ * IMPDEF_EVENTn
+ */
+ } u;
+} SMMUEventInfo;
+
+/* EVTQ fields */
+
+#define EVT_Q_OVERFLOW (1 << 31)
+
+#define EVT_SET_TYPE(x, v) deposit32((x)->word[0], 0 , 8 , v)
+#define EVT_SET_SSV(x, v) deposit32((x)->word[0], 11, 1 , v)
+#define EVT_SET_SSID(x, v) deposit32((x)->word[0], 12, 20, v)
+#define EVT_SET_SID(x, v) ((x)->word[1] = v)
+#define EVT_SET_STAG(x, v) deposit32((x)->word[2], 0 , 16, v)
+#define EVT_SET_STALL(x, v) deposit32((x)->word[2], 31, 1 , v)
+#define EVT_SET_PNU(x, v) deposit32((x)->word[3], 1 , 1 , v)
+#define EVT_SET_IND(x, v) deposit32((x)->word[3], 2 , 1 , v)
+#define EVT_SET_RNW(x, v) deposit32((x)->word[3], 3 , 1 , v)
+#define EVT_SET_S2(x, v) deposit32((x)->word[3], 7 , 1 , v)
+#define EVT_SET_CLASS(x, v) deposit32((x)->word[3], 8 , 2 , v)
+#define EVT_SET_ADDR(x, addr) ({ \
+ (x)->word[5] = (uint32_t)(addr >> 32); \
+ (x)->word[4] = (uint32_t)(addr & 0xffffffff); \
+ })
+#define EVT_SET_ADDR2(x, addr) ({ \
+ deposit32((x)->word[7], 3, 29, addr >> 16); \
+ deposit32((x)->word[7], 0, 16, addr & 0xffff); \
+ })
+
+void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo *event);
+
#endif
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index 82ad1af..2ef1bfc 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -116,23 +116,119 @@ static MemTxResult queue_write(SMMUQueue *q, void *data)
return MEMTX_OK;
}
-void smmuv3_write_eventq(SMMUv3State *s, Evt *evt)
+static MemTxResult smmuv3_write_eventq(SMMUv3State *s, Evt *evt)
{
SMMUQueue *q = &s->eventq;
+ MemTxResult r;
+
+ if (!smmuv3_eventq_enabled(s)) {
+ return MEMTX_ERROR;
+ }
+
+ if (smmuv3_q_full(q)) {
+ return MEMTX_ERROR;
+ }
+
+ r = queue_write(q, evt);
+ if (r != MEMTX_OK) {
+ return r;
+ }
+
+ if (smmuv3_q_empty(q)) {
+ smmuv3_trigger_irq(s, SMMU_IRQ_EVTQ, 0);
+ }
+ return MEMTX_OK;
+}
+
+void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo *info)
+{
+ Evt evt;
+ MemTxResult r;
if (!smmuv3_eventq_enabled(s)) {
return;
}
- if (smmuv3_q_full(q)) {
+ EVT_SET_TYPE(&evt, info->type);
+ EVT_SET_SID(&evt, info->sid);
+
+ switch (info->type) {
+ case SMMU_EVT_OK:
return;
+ case SMMU_EVT_F_UUT:
+ EVT_SET_SSID(&evt, info->u.f_uut.ssid);
+ EVT_SET_SSV(&evt, info->u.f_uut.ssv);
+ EVT_SET_ADDR(&evt, info->u.f_uut.addr);
+ EVT_SET_RNW(&evt, info->u.f_uut.rnw);
+ EVT_SET_PNU(&evt, info->u.f_uut.pnu);
+ EVT_SET_IND(&evt, info->u.f_uut.ind);
+ break;
+ case SMMU_EVT_C_BAD_STREAMID:
+ EVT_SET_SSID(&evt, info->u.c_bad_streamid.ssid);
+ EVT_SET_SSV(&evt, info->u.c_bad_streamid.ssv);
+ break;
+ case SMMU_EVT_F_STE_FETCH:
+ EVT_SET_SSID(&evt, info->u.f_ste_fetch.ssid);
+ EVT_SET_SSV(&evt, info->u.f_ste_fetch.ssv);
+ EVT_SET_ADDR(&evt, info->u.f_ste_fetch.addr);
+ break;
+ case SMMU_EVT_C_BAD_STE:
+ EVT_SET_SSID(&evt, info->u.c_bad_ste.ssid);
+ EVT_SET_SSV(&evt, info->u.c_bad_ste.ssv);
+ break;
+ case SMMU_EVT_F_STREAM_DISABLED:
+ break;
+ case SMMU_EVT_F_TRANS_FORBIDDEN:
+ EVT_SET_ADDR(&evt, info->u.f_transl_forbidden.addr);
+ EVT_SET_RNW(&evt, info->u.f_transl_forbidden.rnw);
+ break;
+ case SMMU_EVT_C_BAD_SUBSTREAMID:
+ EVT_SET_SSID(&evt, info->u.c_bad_substream.ssid);
+ break;
+ case SMMU_EVT_F_CD_FETCH:
+ EVT_SET_SSID(&evt, info->u.f_cd_fetch.ssid);
+ EVT_SET_SSV(&evt, info->u.f_cd_fetch.ssv);
+ EVT_SET_ADDR(&evt, info->u.f_cd_fetch.addr);
+ break;
+ case SMMU_EVT_C_BAD_CD:
+ EVT_SET_SSID(&evt, info->u.c_bad_cd.ssid);
+ EVT_SET_SSV(&evt, info->u.c_bad_cd.ssv);
+ break;
+ case SMMU_EVT_F_WALK_EABT:
+ case SMMU_EVT_F_TRANSLATION:
+ case SMMU_EVT_F_ADDR_SIZE:
+ case SMMU_EVT_F_ACCESS:
+ case SMMU_EVT_F_PERMISSION:
+ EVT_SET_STALL(&evt, info->u.f_walk_eabt.stall);
+ EVT_SET_STAG(&evt, info->u.f_walk_eabt.stag);
+ EVT_SET_SSID(&evt, info->u.f_walk_eabt.ssid);
+ EVT_SET_SSV(&evt, info->u.f_walk_eabt.ssv);
+ EVT_SET_S2(&evt, info->u.f_walk_eabt.s2);
+ EVT_SET_ADDR(&evt, info->u.f_walk_eabt.addr);
+ EVT_SET_RNW(&evt, info->u.f_walk_eabt.rnw);
+ EVT_SET_PNU(&evt, info->u.f_walk_eabt.pnu);
+ EVT_SET_IND(&evt, info->u.f_walk_eabt.ind);
+ EVT_SET_CLASS(&evt, info->u.f_walk_eabt.class);
+ EVT_SET_ADDR2(&evt, info->u.f_walk_eabt.addr2);
+ break;
+ case SMMU_EVT_F_CFG_CONFLICT:
+ EVT_SET_SSID(&evt, info->u.f_cfg_conflict.ssid);
+ EVT_SET_SSV(&evt, info->u.f_cfg_conflict.ssv);
+ break;
+ /* rest is not implemented */
+ case SMMU_EVT_F_BAD_ATS_TREQ:
+ case SMMU_EVT_F_TLB_CONFLICT:
+ case SMMU_EVT_E_PAGE_REQ:
+ default:
+ g_assert_not_reached();
}
- queue_write(q, evt);
-
- if (smmuv3_q_empty(q)) {
- smmuv3_trigger_irq(s, SMMU_IRQ_EVTQ, 0);
+ trace_smmuv3_record_event(smmu_event_string(info->type), info->sid);
+ r = smmuv3_write_eventq(s, &evt);
+ if (r != MEMTX_OK) {
+ smmuv3_trigger_irq(s, SMMU_IRQ_GERROR, R_GERROR_EVENTQ_ABT_ERR_MASK);
}
+ info->recorded = true;
}
static void smmuv3_init_regs(SMMUv3State *s)
diff --git a/hw/arm/trace-events b/hw/arm/trace-events
index 781542a..9936e10 100644
--- a/hw/arm/trace-events
+++ b/hw/arm/trace-events
@@ -29,3 +29,4 @@ smmuv3_write_mmio(uint64_t addr, uint64_t val, unsigned size, uint32_t r) "addr:
smmuv3_write_mmio_idr(uint64_t addr, uint64_t val) "write to RO/Unimpl reg 0x%lx val64:0x%lx"
smmuv3_write_mmio_evtq_cons_bef_clear(uint32_t prod, uint32_t cons, uint8_t prod_wrap, uint8_t cons_wrap) "Before clearing interrupt prod:0x%x cons:0x%x prod.w:%d cons.w:%d"
smmuv3_write_mmio_evtq_cons_after_clear(uint32_t prod, uint32_t cons, uint8_t prod_wrap, uint8_t cons_wrap) "after clearing interrupt prod:0x%x cons:0x%x prod.w:%d cons.w:%d"
+smmuv3_record_event(const char *type, uint32_t sid) "%s sid=%d"
--
2.5.5
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [Qemu-devel] [PATCH v11 09/17] hw/arm/smmuv3: Implement translate callback
2018-04-12 7:37 [Qemu-devel] [PATCH v11 00/17] ARM SMMUv3 Emulation Support Eric Auger
` (7 preceding siblings ...)
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 08/17] hw/arm/smmuv3: Event queue recording helper Eric Auger
@ 2018-04-12 7:38 ` Eric Auger
2018-04-17 10:50 ` Peter Maydell
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 10/17] hw/arm/smmuv3: Abort on vfio or vhost case Eric Auger
` (7 subsequent siblings)
16 siblings, 1 reply; 37+ messages in thread
From: Eric Auger @ 2018-04-12 7:38 UTC (permalink / raw)
To: eric.auger.pro, eric.auger, qemu-devel, qemu-arm, peter.maydell,
prem.mallappa
Cc: alex.williamson, tn, mst, cdall, bharat.bhushan,
jean-philippe.brucker, linuc.decode, peterx, jintack
This patch implements the IOMMU Memory Region translate()
callback. Most of the code relates to the translation
configuration decoding and check (STE, CD).
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
---
v10 -> v11:
- in case of error, print ret instead of the event.type which
may be set to OK if recording is off. This was misleading.
- trace point at the output of translate, only in case of sucess
v9 -> v10:
- s/hwaddr/uint64_t in trace-events
- use qemu_log_mask(LOG_UNIMP, in some situations where assert
was done
- report bad_ste if stage2 is found in STE
- check TTB does not exceed IPS
- fix oas2bits, CD_TTB
- tg2granule handles illegal cases
- convert L1STD_L2PTR macro into an inline function
- added S1STALLD, CD_A, CD_S, CD_HA, CD_HD checks
v8 -> v9:
- use SMMU_EVENT_STRING macro
- get rid of last erro_report's
- decode asid
- handle config abort before ptw
- add 64-bit single-copy atomic comment
v7 -> v8:
- use address_space_rw
- s/Ste/STE, s/Cd/CD
- use dma_memory_read
- remove everything related to stage 2
- collect data for both TTx
- renamings
- pass the event handle all along the config decoding path
- decode tbi, ars
---
hw/arm/smmuv3-internal.h | 160 +++++++++++++++++++++
hw/arm/smmuv3.c | 359 +++++++++++++++++++++++++++++++++++++++++++++++
hw/arm/trace-events | 9 ++
3 files changed, 528 insertions(+)
diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
index 8e546bf..ef6dd76 100644
--- a/hw/arm/smmuv3-internal.h
+++ b/hw/arm/smmuv3-internal.h
@@ -446,4 +446,164 @@ typedef struct SMMUEventInfo {
void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo *event);
+/* Configuration Data */
+
+/* STE Level 1 Descriptor */
+typedef struct STEDesc {
+ uint32_t word[2];
+} STEDesc;
+
+/* CD Level 1 Descriptor */
+typedef struct CDDesc {
+ uint32_t word[2];
+} CDDesc;
+
+/* Stream Table Entry(STE) */
+typedef struct STE {
+ uint32_t word[16];
+} STE;
+
+/* Context Descriptor(CD) */
+typedef struct CD {
+ uint32_t word[16];
+} CD;
+
+/* STE fields */
+
+#define STE_VALID(x) extract32((x)->word[0], 0, 1)
+
+#define STE_CONFIG(x) extract32((x)->word[0], 1, 3)
+#define STE_CFG_S1_ENABLED(config) (config & 0x1)
+#define STE_CFG_S2_ENABLED(config) (config & 0x2)
+#define STE_CFG_ABORT(config) (!(config & 0x4))
+#define STE_CFG_BYPASS(config) (config == 0x4)
+
+#define STE_S1FMT(x) extract32((x)->word[0], 4 , 2)
+#define STE_S1CDMAX(x) extract32((x)->word[1], 27, 5)
+#define STE_S1STALLD(x) extract32((x)->word[2], 27, 1)
+#define STE_EATS(x) extract32((x)->word[2], 28, 2)
+#define STE_STRW(x) extract32((x)->word[2], 30, 2)
+#define STE_S2VMID(x) extract32((x)->word[4], 0 , 16)
+#define STE_S2T0SZ(x) extract32((x)->word[5], 0 , 6)
+#define STE_S2SL0(x) extract32((x)->word[5], 6 , 2)
+#define STE_S2TG(x) extract32((x)->word[5], 14, 2)
+#define STE_S2PS(x) extract32((x)->word[5], 16, 3)
+#define STE_S2AA64(x) extract32((x)->word[5], 19, 1)
+#define STE_S2HD(x) extract32((x)->word[5], 24, 1)
+#define STE_S2HA(x) extract32((x)->word[5], 25, 1)
+#define STE_S2S(x) extract32((x)->word[5], 26, 1)
+#define STE_CTXPTR(x) \
+ ({ \
+ unsigned long addr; \
+ addr = (uint64_t)extract32((x)->word[1], 0, 16) << 32; \
+ addr |= (uint64_t)((x)->word[0] & 0xffffffc0); \
+ addr; \
+ })
+
+#define STE_S2TTB(x) \
+ ({ \
+ unsigned long addr; \
+ addr = (uint64_t)extract32((x)->word[7], 0, 16) << 32; \
+ addr |= (uint64_t)((x)->word[6] & 0xfffffff0); \
+ addr; \
+ })
+
+static inline int oas2bits(int oas_field)
+{
+ switch (oas_field) {
+ case 0:
+ return 32;
+ case 1:
+ return 36;
+ case 2:
+ return 40;
+ case 3:
+ return 42;
+ case 4:
+ return 44;
+ case 5:
+ return 48;
+ }
+ return -1;
+}
+
+static inline int pa_range(STE *ste)
+{
+ int oas_field = MIN(STE_S2PS(ste), SMMU_IDR5_OAS);
+
+ if (!STE_S2AA64(ste)) {
+ return 40;
+ }
+
+ return oas2bits(oas_field);
+}
+
+#define MAX_PA(ste) ((1 << pa_range(ste)) - 1)
+
+/* CD fields */
+
+#define CD_VALID(x) extract32((x)->word[0], 30, 1)
+#define CD_ASID(x) extract32((x)->word[1], 16, 16)
+#define CD_TTB(x, sel) \
+ ({ \
+ uint64_t hi, lo; \
+ hi = extract32((x)->word[(sel) * 2 + 3], 0, 19); \
+ hi <<= 32; \
+ lo = (x)->word[(sel) * 2 + 2] & ~0xfULL; \
+ hi | lo; \
+ })
+
+#define CD_TSZ(x, sel) extract32((x)->word[0], (16 * (sel)) + 0, 6)
+#define CD_TG(x, sel) extract32((x)->word[0], (16 * (sel)) + 6, 2)
+#define CD_EPD(x, sel) extract32((x)->word[0], (16 * (sel)) + 14, 1)
+#define CD_ENDI(x) extract32((x)->word[0], 15, 1)
+#define CD_IPS(x) extract32((x)->word[1], 0 , 3)
+#define CD_TBI(x) extract32((x)->word[1], 6 , 2)
+#define CD_HD(x) extract32((x)->word[1], 10 , 1)
+#define CD_HA(x) extract32((x)->word[1], 11 , 1)
+#define CD_S(x) extract32((x)->word[1], 12, 1)
+#define CD_R(x) extract32((x)->word[1], 13, 1)
+#define CD_A(x) extract32((x)->word[1], 14, 1)
+#define CD_AARCH64(x) extract32((x)->word[1], 9 , 1)
+
+#define CDM_VALID(x) ((x)->word[0] & 0x1)
+
+static inline int is_cd_valid(SMMUv3State *s, STE *ste, CD *cd)
+{
+ return CD_VALID(cd);
+}
+
+/**
+ * tg2granule - Decodes the CD translation granule size field according
+ * to the ttbr in use
+ * @bits: TG0/1 fields
+ * @ttbr: ttbr index in use
+ */
+static inline int tg2granule(int bits, int ttbr)
+{
+ switch (bits) {
+ case 0:
+ return ttbr ? 0 : 12;
+ case 1:
+ return ttbr ? 14 : 16;
+ case 2:
+ return ttbr ? 12 : 14;
+ case 3:
+ return ttbr ? 16 : 0;
+ default:
+ return 0;
+ }
+}
+
+static inline uint64_t l1std_l2ptr(STEDesc *desc)
+{
+ uint64_t hi, lo;
+
+ hi = desc->word[1];
+ lo = desc->word[0] & ~0x1fULL;
+ return hi << 32 | lo;
+}
+
+#define L1STD_SPAN(stm) (extract32((stm)->word[0], 0, 4))
+
#endif
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index 2ef1bfc..4be676b 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -270,6 +270,362 @@ static void smmuv3_init_regs(SMMUv3State *s)
s->sid_split = 0;
}
+static int smmu_get_ste(SMMUv3State *s, dma_addr_t addr, STE *buf,
+ SMMUEventInfo *event)
+{
+ int ret;
+
+ trace_smmuv3_get_ste(addr);
+ /* TODO: guarantee 64-bit single-copy atomicity */
+ ret = dma_memory_read(&address_space_memory, addr,
+ (void *)buf, sizeof(*buf));
+ if (ret != MEMTX_OK) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "Cannot fetch pte at address=0x%"PRIx64"\n", addr);
+ event->type = SMMU_EVT_F_STE_FETCH;
+ event->u.f_ste_fetch.addr = addr;
+ return -EINVAL;
+ }
+ return 0;
+
+}
+
+/* @ssid > 0 not supported yet */
+static int smmu_get_cd(SMMUv3State *s, STE *ste, uint32_t ssid,
+ CD *buf, SMMUEventInfo *event)
+{
+ dma_addr_t addr = STE_CTXPTR(ste);
+ int ret;
+
+ trace_smmuv3_get_cd(addr);
+ /* TODO: guarantee 64-bit single-copy atomicity */
+ ret = dma_memory_read(&address_space_memory, addr,
+ (void *)buf, sizeof(*buf));
+ if (ret != MEMTX_OK) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "Cannot fetch pte at address=0x%"PRIx64"\n", addr);
+ event->type = SMMU_EVT_F_CD_FETCH;
+ event->u.f_ste_fetch.addr = addr;
+ return -EINVAL;
+ }
+ return 0;
+}
+
+/* Returns <0 if the caller has no need to purse the translation */
+static int decode_ste(SMMUv3State *s, SMMUTransCfg *cfg,
+ STE *ste, SMMUEventInfo *event)
+{
+ uint32_t config = STE_CONFIG(ste);
+ int ret = -EINVAL;
+
+ if (STE_CFG_ABORT(config)) {
+ cfg->aborted = true; /* abort but don't record any event */
+ return ret;
+ }
+
+ if (STE_CFG_BYPASS(config)) {
+ cfg->bypassed = true;
+ return ret;
+ }
+
+ if (!STE_VALID(ste)) {
+ goto bad_ste;
+ }
+
+ if (STE_CFG_S2_ENABLED(config)) {
+ qemu_log_mask(LOG_UNIMP, "SMMUv3 does not support stage 2 yet\n");
+ goto bad_ste;
+ }
+
+ if (STE_S1CDMAX(ste) != 0) {
+ qemu_log_mask(LOG_UNIMP,
+ "SMMUv3 does not support multiple context descriptors yet\n");
+ goto bad_ste;
+ }
+
+ if (STE_S1STALLD(ste)) {
+ qemu_log_mask(LOG_UNIMP,
+ "SMMUv3 S1 stalling fault model not allowed yet\n");
+ goto bad_ste;
+ }
+ return 0;
+
+bad_ste:
+ event->type = SMMU_EVT_C_BAD_STE;
+ return -EINVAL;
+}
+
+/**
+ * smmu_find_ste - Return the stream table entry associated
+ * to the sid
+ *
+ * @s: smmuv3 handle
+ * @sid: stream ID
+ * @ste: returned stream table entry
+ * @event: handle to an event info
+ *
+ * Supports linear and 2-level stream table
+ * Return 0 on success, -EINVAL otherwise
+ */
+static int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *ste,
+ SMMUEventInfo *event)
+{
+ dma_addr_t addr;
+ int ret;
+
+ trace_smmuv3_find_ste(sid, s->features, s->sid_split);
+ /* Check SID range */
+ if (sid > (1 << SMMU_IDR1_SIDSIZE)) {
+ event->type = SMMU_EVT_C_BAD_STREAMID;
+ return -EINVAL;
+ }
+ if (s->features & SMMU_FEATURE_2LVL_STE) {
+ int l1_ste_offset, l2_ste_offset, max_l2_ste, span;
+ dma_addr_t strtab_base, l1ptr, l2ptr;
+ STEDesc l1std;
+
+ strtab_base = s->strtab_base & SMMU_BASE_ADDR_MASK;
+ l1_ste_offset = sid >> s->sid_split;
+ l2_ste_offset = sid & ((1 << s->sid_split) - 1);
+ l1ptr = (dma_addr_t)(strtab_base + l1_ste_offset * sizeof(l1std));
+ /* TODO: guarantee 64-bit single-copy atomicity */
+ ret = dma_memory_read(&address_space_memory, l1ptr,
+ (uint8_t *)&l1std, sizeof(l1std));
+ if (ret != MEMTX_OK) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "Could not read L1PTR at 0X%"PRIx64"\n", l1ptr);
+ event->type = SMMU_EVT_F_STE_FETCH;
+ event->u.f_ste_fetch.addr = l1ptr;
+ return -EINVAL;
+ }
+
+ span = L1STD_SPAN(&l1std);
+
+ if (!span) {
+ /* l2ptr is not valid */
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "invalid sid=%d (L1STD span=0)\n", sid);
+ event->type = SMMU_EVT_C_BAD_STREAMID;
+ return -EINVAL;
+ }
+ max_l2_ste = (1 << span) - 1;
+ l2ptr = l1std_l2ptr(&l1std);
+ trace_smmuv3_find_ste_2lvl(s->strtab_base, l1ptr, l1_ste_offset,
+ l2ptr, l2_ste_offset, max_l2_ste);
+ if (l2_ste_offset > max_l2_ste) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "l2_ste_offset=%d > max_l2_ste=%d\n",
+ l2_ste_offset, max_l2_ste);
+ event->type = SMMU_EVT_C_BAD_STE;
+ return -EINVAL;
+ }
+ addr = l2ptr + l2_ste_offset * sizeof(*ste);
+ } else {
+ addr = s->strtab_base + sid * sizeof(*ste);
+ }
+
+ if (smmu_get_ste(s, addr, ste, event)) {
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int decode_cd(SMMUTransCfg *cfg, CD *cd, SMMUEventInfo *event)
+{
+ int ret = -EINVAL;
+ int i;
+
+ if (!CD_VALID(cd) || !CD_AARCH64(cd)) {
+ goto bad_cd;
+ }
+
+ /* we support only those at the moment */
+ cfg->aa64 = true;
+ cfg->stage = 1;
+
+ cfg->oas = oas2bits(CD_IPS(cd));
+ cfg->oas = MIN(oas2bits(SMMU_IDR5_OAS), cfg->oas);
+ cfg->tbi = CD_TBI(cd);
+ cfg->asid = CD_ASID(cd);
+
+ trace_smmuv3_decode_cd(cfg->oas);
+
+ /* decode data dependent on TT */
+ for (i = 0; i <= 1; i++) {
+ int tg, tsz;
+ SMMUTransTableInfo *tt = &cfg->tt[i];
+
+ cfg->tt[i].disabled = CD_EPD(cd, i);
+ if (cfg->tt[i].disabled) {
+ continue;
+ }
+
+ if (!CD_A(cd)) {
+ goto bad_cd; /* SMMU_IDR0.TERM_MODEL == 1 */
+ }
+ if (CD_S(cd)) {
+ goto bad_cd; /* !STE_SECURE && SMMU_IDR0.STALL_MODEL == 1 */
+ }
+ if (CD_HA(cd) || CD_HD(cd)) {
+ goto bad_cd; /* HTTU = 0 */
+ }
+
+ tsz = CD_TSZ(cd, i);
+ if (tsz < 16 || tsz > 39) {
+ goto bad_cd;
+ }
+
+ tg = CD_TG(cd, i);
+ tt->granule_sz = tg2granule(tg, i);
+ if ((tt->granule_sz != 12 && tt->granule_sz != 16) || CD_ENDI(cd)) {
+ goto bad_cd;
+ }
+
+ tt->tsz = tsz;
+ tt->initial_level = 4 - (64 - tsz - 4) / (tt->granule_sz - 3);
+ tt->ttb = CD_TTB(cd, i);
+ if (tt->ttb & ~(MAKE_64BIT_MASK(0, cfg->oas))) {
+ goto bad_cd;
+ }
+ trace_smmuv3_decode_cd_tt(i, tt->tsz, tt->ttb,
+ tt->granule_sz, tt->initial_level);
+ }
+
+ event->record_trans_faults = CD_R(cd);
+
+ return 0;
+
+bad_cd:
+ event->type = SMMU_EVT_C_BAD_CD;
+ return ret;
+}
+
+/**
+ * smmuv3_decode_config - Prepare the translation configuration
+ * for the @mr iommu region
+ * @mr: iommu memory region the translation config must be prepared for
+ * @cfg: output translation configuration which is populated through
+ * the different configuration decoding steps
+ * @event: must be zero'ed by the caller
+ *
+ * return < 0 if the translation needs to be aborted (@event is filled
+ * accordingly). Return 0 otherwise.
+ */
+static int smmuv3_decode_config(IOMMUMemoryRegion *mr, SMMUTransCfg *cfg,
+ SMMUEventInfo *event)
+{
+ SMMUDevice *sdev = container_of(mr, SMMUDevice, iommu);
+ uint32_t sid = smmu_get_sid(sdev);
+ SMMUv3State *s = sdev->smmu;
+ int ret = -EINVAL;
+ STE ste;
+ CD cd;
+
+ if (smmu_find_ste(s, sid, &ste, event)) {
+ return ret;
+ }
+
+ if (decode_ste(s, cfg, &ste, event)) {
+ return ret;
+ }
+
+ if (smmu_get_cd(s, &ste, 0 /* ssid */, &cd, event)) {
+ return ret;
+ }
+
+ return decode_cd(cfg, &cd, event);
+}
+
+static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,
+ IOMMUAccessFlags flag)
+{
+ SMMUDevice *sdev = container_of(mr, SMMUDevice, iommu);
+ SMMUv3State *s = sdev->smmu;
+ uint32_t sid = smmu_get_sid(sdev);
+ SMMUEventInfo event = {.type = SMMU_EVT_OK, .sid = sid};
+ SMMUPTWEventInfo ptw_info = {};
+ SMMUTransCfg cfg = {};
+ IOMMUTLBEntry entry = {
+ .target_as = &address_space_memory,
+ .iova = addr,
+ .translated_addr = addr,
+ .addr_mask = ~(hwaddr)0,
+ .perm = IOMMU_NONE,
+ };
+ int ret = 0;
+
+ if (!smmu_enabled(s)) {
+ goto out;
+ }
+
+ ret = smmuv3_decode_config(mr, &cfg, &event);
+ if (ret) {
+ goto out;
+ }
+
+ if (cfg.aborted) {
+ goto out;
+ }
+
+ ret = smmu_ptw(&cfg, addr, flag, &entry, &ptw_info);
+ if (ret) {
+ switch (ptw_info.type) {
+ case SMMU_PTW_ERR_WALK_EABT:
+ event.type = SMMU_EVT_F_WALK_EABT;
+ event.u.f_walk_eabt.addr = addr;
+ event.u.f_walk_eabt.rnw = flag & 0x1;
+ event.u.f_walk_eabt.class = 0x1;
+ event.u.f_walk_eabt.addr2 = ptw_info.addr;
+ break;
+ case SMMU_PTW_ERR_TRANSLATION:
+ if (event.record_trans_faults) {
+ event.type = SMMU_EVT_F_TRANSLATION;
+ event.u.f_translation.addr = addr;
+ event.u.f_translation.rnw = flag & 0x1;
+ }
+ break;
+ case SMMU_PTW_ERR_ADDR_SIZE:
+ if (event.record_trans_faults) {
+ event.type = SMMU_EVT_F_ADDR_SIZE;
+ event.u.f_addr_size.addr = addr;
+ event.u.f_addr_size.rnw = flag & 0x1;
+ }
+ break;
+ case SMMU_PTW_ERR_ACCESS:
+ if (event.record_trans_faults) {
+ event.type = SMMU_EVT_F_ACCESS;
+ event.u.f_access.addr = addr;
+ event.u.f_access.rnw = flag & 0x1;
+ }
+ break;
+ case SMMU_PTW_ERR_PERMISSION:
+ if (event.record_trans_faults) {
+ event.type = SMMU_EVT_F_PERMISSION;
+ event.u.f_permission.addr = addr;
+ event.u.f_permission.rnw = flag & 0x1;
+ }
+ break;
+ default:
+ g_assert_not_reached();
+ }
+ }
+out:
+ if (ret) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s translation failed for iova=0x%"PRIx64"(%d)\n",
+ mr->parent_obj.name, addr, ret);
+ entry.perm = IOMMU_NONE;
+ smmuv3_record_event(s, &event);
+ } else if (!cfg.aborted) {
+ entry.perm = flag;
+ trace_smmuv3_translate(mr->parent_obj.name, sid, addr,
+ entry.translated_addr, entry.perm);
+ }
+
+ return entry;
+}
+
static int smmuv3_cmdq_consume(SMMUv3State *s)
{
SMMUCmdError cmd_error = SMMU_CERROR_NONE;
@@ -794,6 +1150,9 @@ static void smmuv3_class_init(ObjectClass *klass, void *data)
static void smmuv3_iommu_memory_region_class_init(ObjectClass *klass,
void *data)
{
+ IOMMUMemoryRegionClass *imrc = IOMMU_MEMORY_REGION_CLASS(klass);
+
+ imrc->translate = smmuv3_translate;
}
static const TypeInfo smmuv3_type_info = {
diff --git a/hw/arm/trace-events b/hw/arm/trace-events
index 9936e10..032de48 100644
--- a/hw/arm/trace-events
+++ b/hw/arm/trace-events
@@ -30,3 +30,12 @@ smmuv3_write_mmio_idr(uint64_t addr, uint64_t val) "write to RO/Unimpl reg 0x%lx
smmuv3_write_mmio_evtq_cons_bef_clear(uint32_t prod, uint32_t cons, uint8_t prod_wrap, uint8_t cons_wrap) "Before clearing interrupt prod:0x%x cons:0x%x prod.w:%d cons.w:%d"
smmuv3_write_mmio_evtq_cons_after_clear(uint32_t prod, uint32_t cons, uint8_t prod_wrap, uint8_t cons_wrap) "after clearing interrupt prod:0x%x cons:0x%x prod.w:%d cons.w:%d"
smmuv3_record_event(const char *type, uint32_t sid) "%s sid=%d"
+smmuv3_find_ste(uint16_t sid, uint32_t features, uint16_t sid_split) "SID:0x%x features:0x%x, sid_split:0x%x"
+smmuv3_find_ste_2lvl(uint64_t strtab_base, uint64_t l1ptr, int l1_ste_offset, uint64_t l2ptr, int l2_ste_offset, int max_l2_ste) "strtab_base:0x%lx l1ptr:0x%"PRIx64" l1_off:0x%x, l2ptr:0x%"PRIx64" l2_off:0x%x max_l2_ste:%d"
+smmuv3_get_ste(uint64_t addr) "STE addr: 0x%"PRIx64
+smmuv3_translate_bypass(const char *n, uint16_t sid, uint64_t addr, bool is_write) "%s sid=%d bypass iova:0x%"PRIx64" is_write=%d"
+smmuv3_translate_in(uint16_t sid, int pci_bus_num, uint64_t strtab_base) "SID:0x%x bus:%d strtab_base:0x%"PRIx64
+smmuv3_get_cd(uint64_t addr) "CD addr: 0x%"PRIx64
+smmuv3_translate(const char *n, uint16_t sid, uint64_t iova, uint64_t translated, int perm) "%s sid=%d iova=0x%"PRIx64" translated=0x%"PRIx64" perm=0x%x"
+smmuv3_decode_cd(uint32_t oas) "oas=%d"
+smmuv3_decode_cd_tt(int i, uint32_t tsz, uint64_t ttb, uint32_t granule_sz, int initial_level) "TT[%d]:tsz:%d ttb:0x%"PRIx64" granule_sz:%d, initial_level = %d"
--
2.5.5
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [Qemu-devel] [PATCH v11 10/17] hw/arm/smmuv3: Abort on vfio or vhost case
2018-04-12 7:37 [Qemu-devel] [PATCH v11 00/17] ARM SMMUv3 Emulation Support Eric Auger
` (8 preceding siblings ...)
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 09/17] hw/arm/smmuv3: Implement translate callback Eric Auger
@ 2018-04-12 7:38 ` Eric Auger
2018-04-17 10:51 ` Peter Maydell
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 11/17] target/arm/kvm: Translate the MSI doorbell in kvm_arch_fixup_msi_route Eric Auger
` (6 subsequent siblings)
16 siblings, 1 reply; 37+ messages in thread
From: Eric Auger @ 2018-04-12 7:38 UTC (permalink / raw)
To: eric.auger.pro, eric.auger, qemu-devel, qemu-arm, peter.maydell,
prem.mallappa
Cc: alex.williamson, tn, mst, cdall, bharat.bhushan,
jean-philippe.brucker, linuc.decode, peterx, jintack
At the moment, the SMMUv3 does not support notification on
TLB invalidation. So let's log an error as soon as such notifier
gets enabled.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
---
hw/arm/smmuv3.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index 4be676b..6e0d7ad 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -1147,12 +1147,23 @@ static void smmuv3_class_init(ObjectClass *klass, void *data)
dc->realize = smmu_realize;
}
+static void smmuv3_notify_flag_changed(IOMMUMemoryRegion *iommu,
+ IOMMUNotifierFlag old,
+ IOMMUNotifierFlag new)
+{
+ if (old == IOMMU_NOTIFIER_NONE) {
+ warn_report("SMMUV3 does not support vhost/vfio integration yet: "
+ "devices of those types will not function properly");
+ }
+}
+
static void smmuv3_iommu_memory_region_class_init(ObjectClass *klass,
void *data)
{
IOMMUMemoryRegionClass *imrc = IOMMU_MEMORY_REGION_CLASS(klass);
imrc->translate = smmuv3_translate;
+ imrc->notify_flag_changed = smmuv3_notify_flag_changed;
}
static const TypeInfo smmuv3_type_info = {
--
2.5.5
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [Qemu-devel] [PATCH v11 11/17] target/arm/kvm: Translate the MSI doorbell in kvm_arch_fixup_msi_route
2018-04-12 7:37 [Qemu-devel] [PATCH v11 00/17] ARM SMMUv3 Emulation Support Eric Auger
` (9 preceding siblings ...)
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 10/17] hw/arm/smmuv3: Abort on vfio or vhost case Eric Auger
@ 2018-04-12 7:38 ` Eric Auger
2018-04-17 11:02 ` Peter Maydell
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 12/17] hw/arm/virt: Add SMMUv3 to the virt board Eric Auger
` (5 subsequent siblings)
16 siblings, 1 reply; 37+ messages in thread
From: Eric Auger @ 2018-04-12 7:38 UTC (permalink / raw)
To: eric.auger.pro, eric.auger, qemu-devel, qemu-arm, peter.maydell,
prem.mallappa
Cc: alex.williamson, tn, mst, cdall, bharat.bhushan,
jean-philippe.brucker, linuc.decode, peterx, jintack
In case the MSI is translated by an IOMMU we need to fixup the
MSI route with the translated address.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Bharat Bhushan <Bharat.Bhushan@nxp.com>
---
v9 -> v10:
- use address_space_translate
v5 -> v6:
- use IOMMUMemoryRegionClass API
---
target/arm/kvm.c | 27 +++++++++++++++++++++++++++
target/arm/trace-events | 3 +++
2 files changed, 30 insertions(+)
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index ecc39ac..c6f6aa8 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -20,8 +20,10 @@
#include "sysemu/kvm.h"
#include "kvm_arm.h"
#include "cpu.h"
+#include "trace.h"
#include "internals.h"
#include "hw/arm/arm.h"
+#include "hw/pci/pci.h"
#include "exec/memattrs.h"
#include "exec/address-spaces.h"
#include "hw/boards.h"
@@ -649,6 +651,31 @@ int kvm_arm_vgic_probe(void)
int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry *route,
uint64_t address, uint32_t data, PCIDevice *dev)
{
+ AddressSpace *as = pci_device_iommu_address_space(dev);
+ hwaddr xlat, len, doorbell_gpa;
+ MemoryRegionSection mrs;
+ MemoryRegion *mr;
+
+ if (as == &address_space_memory) {
+ return 0;
+ }
+
+ /* MSI doorbell address is translated by an IOMMU */
+
+ rcu_read_lock();
+ mr = address_space_translate(as, address, &xlat, &len, true);
+ if (!mr) {
+ return 1;
+ }
+ mrs = memory_region_find(mr, xlat, 0);
+ doorbell_gpa = mrs.offset_within_address_space;
+ rcu_read_unlock();
+
+ route->u.msi.address_lo = doorbell_gpa;
+ route->u.msi.address_hi = doorbell_gpa >> 32;
+
+ trace_kvm_arm_fixup_msi_route(address, doorbell_gpa);
+
return 0;
}
diff --git a/target/arm/trace-events b/target/arm/trace-events
index 9e37131..6b759f9 100644
--- a/target/arm/trace-events
+++ b/target/arm/trace-events
@@ -8,3 +8,6 @@ arm_gt_tval_write(int timer, uint64_t value) "gt_tval_write: timer %d value 0x%"
arm_gt_ctl_write(int timer, uint64_t value) "gt_ctl_write: timer %d value 0x%" PRIx64
arm_gt_imask_toggle(int timer, int irqstate) "gt_ctl_write: timer %d IMASK toggle, new irqstate %d"
arm_gt_cntvoff_write(uint64_t value) "gt_cntvoff_write: value 0x%" PRIx64
+
+# target/arm/kvm.c
+kvm_arm_fixup_msi_route(uint64_t iova, uint64_t gpa) "MSI iova = 0x%"PRIx64" is translated into 0x%"PRIx64
--
2.5.5
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [Qemu-devel] [PATCH v11 12/17] hw/arm/virt: Add SMMUv3 to the virt board
2018-04-12 7:37 [Qemu-devel] [PATCH v11 00/17] ARM SMMUv3 Emulation Support Eric Auger
` (10 preceding siblings ...)
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 11/17] target/arm/kvm: Translate the MSI doorbell in kvm_arch_fixup_msi_route Eric Auger
@ 2018-04-12 7:38 ` Eric Auger
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 13/17] hw/arm/virt-acpi-build: Add smmuv3 node in IORT table Eric Auger
` (4 subsequent siblings)
16 siblings, 0 replies; 37+ messages in thread
From: Eric Auger @ 2018-04-12 7:38 UTC (permalink / raw)
To: eric.auger.pro, eric.auger, qemu-devel, qemu-arm, peter.maydell,
prem.mallappa
Cc: alex.williamson, tn, mst, cdall, bharat.bhushan,
jean-philippe.brucker, linuc.decode, peterx, jintack
From: Prem Mallappa <prem.mallappa@broadcom.com>
Add code to instantiate an smmuv3 in virt machine. A new iommu
integer member is introduced in VirtMachineState to store the type
of the iommu in use.
Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
---
v9 -> v10:
- add VirtIOMMUType
- add Peter's R-b
v7 -> v8:
- integer iommu member
- add primary-bus property
v4 -> v5:
- add dma-coherent property
v2 -> v3:
- vbi was removed. Use vms instead
- migrate to new smmu binding format (iommu-map)
- don't use appendprop anymore
- add vms->smmu and guard instantiation with this latter
- interrupts type changed to edge
---
hw/arm/virt.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++-
include/hw/arm/virt.h | 10 ++++++++
2 files changed, 73 insertions(+), 1 deletion(-)
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 94dcb12..1799702 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -58,6 +58,7 @@
#include "hw/smbios/smbios.h"
#include "qapi/visitor.h"
#include "standard-headers/linux/input.h"
+#include "hw/arm/smmuv3.h"
#define DEFINE_VIRT_MACHINE_LATEST(major, minor, latest) \
static void virt_##major##_##minor##_class_init(ObjectClass *oc, \
@@ -141,6 +142,7 @@ static const MemMapEntry a15memmap[] = {
[VIRT_FW_CFG] = { 0x09020000, 0x00000018 },
[VIRT_GPIO] = { 0x09030000, 0x00001000 },
[VIRT_SECURE_UART] = { 0x09040000, 0x00001000 },
+ [VIRT_SMMU] = { 0x09050000, 0x00020000 },
[VIRT_MMIO] = { 0x0a000000, 0x00000200 },
/* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that size */
[VIRT_PLATFORM_BUS] = { 0x0c000000, 0x02000000 },
@@ -161,6 +163,7 @@ static const int a15irqmap[] = {
[VIRT_SECURE_UART] = 8,
[VIRT_MMIO] = 16, /* ...to 16 + NUM_VIRTIO_TRANSPORTS - 1 */
[VIRT_GIC_V2M] = 48, /* ...to 48 + NUM_GICV2M_SPIS - 1 */
+ [VIRT_SMMU] = 74, /* ...to 74 + NUM_SMMU_IRQS - 1 */
[VIRT_PLATFORM_BUS] = 112, /* ...to 112 + PLATFORM_BUS_NUM_IRQS -1 */
};
@@ -942,7 +945,57 @@ static void create_pcie_irq_map(const VirtMachineState *vms,
0x7 /* PCI irq */);
}
-static void create_pcie(const VirtMachineState *vms, qemu_irq *pic)
+static void create_smmu(const VirtMachineState *vms, qemu_irq *pic,
+ PCIBus *bus)
+{
+ char *node;
+ const char compat[] = "arm,smmu-v3";
+ int irq = vms->irqmap[VIRT_SMMU];
+ int i;
+ hwaddr base = vms->memmap[VIRT_SMMU].base;
+ hwaddr size = vms->memmap[VIRT_SMMU].size;
+ const char irq_names[] = "eventq\0priq\0cmdq-sync\0gerror";
+ DeviceState *dev;
+
+ if (vms->iommu != VIRT_IOMMU_SMMUV3 || !vms->iommu_phandle) {
+ return;
+ }
+
+ dev = qdev_create(NULL, "arm-smmuv3");
+
+ object_property_set_link(OBJECT(dev), OBJECT(bus), "primary-bus",
+ &error_abort);
+ qdev_init_nofail(dev);
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+ for (i = 0; i < NUM_SMMU_IRQS; i++) {
+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), i, pic[irq + i]);
+ }
+
+ node = g_strdup_printf("/smmuv3@%" PRIx64, base);
+ qemu_fdt_add_subnode(vms->fdt, node);
+ qemu_fdt_setprop(vms->fdt, node, "compatible", compat, sizeof(compat));
+ qemu_fdt_setprop_sized_cells(vms->fdt, node, "reg", 2, base, 2, size);
+
+ qemu_fdt_setprop_cells(vms->fdt, node, "interrupts",
+ GIC_FDT_IRQ_TYPE_SPI, irq , GIC_FDT_IRQ_FLAGS_EDGE_LO_HI,
+ GIC_FDT_IRQ_TYPE_SPI, irq + 1, GIC_FDT_IRQ_FLAGS_EDGE_LO_HI,
+ GIC_FDT_IRQ_TYPE_SPI, irq + 2, GIC_FDT_IRQ_FLAGS_EDGE_LO_HI,
+ GIC_FDT_IRQ_TYPE_SPI, irq + 3, GIC_FDT_IRQ_FLAGS_EDGE_LO_HI);
+
+ qemu_fdt_setprop(vms->fdt, node, "interrupt-names", irq_names,
+ sizeof(irq_names));
+
+ qemu_fdt_setprop_cell(vms->fdt, node, "clocks", vms->clock_phandle);
+ qemu_fdt_setprop_string(vms->fdt, node, "clock-names", "apb_pclk");
+ qemu_fdt_setprop(vms->fdt, node, "dma-coherent", NULL, 0);
+
+ qemu_fdt_setprop_cell(vms->fdt, node, "#iommu-cells", 1);
+
+ qemu_fdt_setprop_cell(vms->fdt, node, "phandle", vms->iommu_phandle);
+ g_free(node);
+}
+
+static void create_pcie(VirtMachineState *vms, qemu_irq *pic)
{
hwaddr base_mmio = vms->memmap[VIRT_PCIE_MMIO].base;
hwaddr size_mmio = vms->memmap[VIRT_PCIE_MMIO].size;
@@ -1055,6 +1108,15 @@ static void create_pcie(const VirtMachineState *vms, qemu_irq *pic)
qemu_fdt_setprop_cell(vms->fdt, nodename, "#interrupt-cells", 1);
create_pcie_irq_map(vms, vms->gic_phandle, irq, nodename);
+ if (vms->iommu) {
+ vms->iommu_phandle = qemu_fdt_alloc_phandle(vms->fdt);
+
+ create_smmu(vms, pic, pci->bus);
+
+ qemu_fdt_setprop_cells(vms->fdt, nodename, "iommu-map",
+ 0x0, vms->iommu_phandle, 0x0, 0x10000);
+ }
+
g_free(nodename);
}
diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
index ba0c1a4..886372c 100644
--- a/include/hw/arm/virt.h
+++ b/include/hw/arm/virt.h
@@ -38,6 +38,7 @@
#define NUM_GICV2M_SPIS 64
#define NUM_VIRTIO_TRANSPORTS 32
+#define NUM_SMMU_IRQS 4
#define ARCH_GICV3_MAINT_IRQ 9
@@ -59,6 +60,7 @@ enum {
VIRT_GIC_V2M,
VIRT_GIC_ITS,
VIRT_GIC_REDIST,
+ VIRT_SMMU,
VIRT_UART,
VIRT_MMIO,
VIRT_RTC,
@@ -74,6 +76,12 @@ enum {
VIRT_SECURE_MEM,
};
+typedef enum VirtIOMMUType {
+ VIRT_IOMMU_NONE,
+ VIRT_IOMMU_SMMUV3,
+ VIRT_IOMMU_VIRTIO,
+} VirtIOMMUType;
+
typedef struct MemMapEntry {
hwaddr base;
hwaddr size;
@@ -97,6 +105,7 @@ typedef struct {
bool its;
bool virt;
int32_t gic_version;
+ VirtIOMMUType iommu;
struct arm_boot_info bootinfo;
const MemMapEntry *memmap;
const int *irqmap;
@@ -106,6 +115,7 @@ typedef struct {
uint32_t clock_phandle;
uint32_t gic_phandle;
uint32_t msi_phandle;
+ uint32_t iommu_phandle;
int psci_conduit;
} VirtMachineState;
--
2.5.5
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [Qemu-devel] [PATCH v11 13/17] hw/arm/virt-acpi-build: Add smmuv3 node in IORT table
2018-04-12 7:37 [Qemu-devel] [PATCH v11 00/17] ARM SMMUv3 Emulation Support Eric Auger
` (11 preceding siblings ...)
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 12/17] hw/arm/virt: Add SMMUv3 to the virt board Eric Auger
@ 2018-04-12 7:38 ` Eric Auger
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 14/17] hw/arm/virt: Introduce the iommu option Eric Auger
` (3 subsequent siblings)
16 siblings, 0 replies; 37+ messages in thread
From: Eric Auger @ 2018-04-12 7:38 UTC (permalink / raw)
To: eric.auger.pro, eric.auger, qemu-devel, qemu-arm, peter.maydell,
prem.mallappa
Cc: alex.williamson, tn, mst, cdall, bharat.bhushan,
jean-philippe.brucker, linuc.decode, peterx, jintack
From: Prem Mallappa <prem.mallappa@broadcom.com>
This patch builds the smmuv3 node in the ACPI IORT table.
The RID space of the root complex, which spans 0x0-0x10000
maps to streamid space 0x0-0x10000 in smmuv3, which in turn
maps to deviceid space 0x0-0x10000 in the ITS group.
The guest must feature the IOMMU probe deferral series
(https://lkml.org/lkml/2017/4/10/214) which fixes streamid
multiple lookup. This bug is not related to the SMMU emulation.
Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Shannon Zhao <zhaoshenglong@huawei.com>
---
v9 -> v10:
- replaced vms->iommu tests by vms->iommu == VIRT_IOMMU_SMMUV3
- Added Shannon's R-b
v2 -> v3:
- integrate into the existing IORT table made up of ITS, RC nodes
- take into account vms->smmu
- match linux actbl2.h acpi_iort_smmu_v3 field names
---
hw/arm/virt-acpi-build.c | 55 +++++++++++++++++++++++++++++++++++++++------
include/hw/acpi/acpi-defs.h | 15 +++++++++++++
2 files changed, 63 insertions(+), 7 deletions(-)
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index c7c6a57..92ceee9 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -393,19 +393,26 @@ build_rsdp(GArray *rsdp_table, BIOSLinker *linker, unsigned xsdt_tbl_offset)
}
static void
-build_iort(GArray *table_data, BIOSLinker *linker)
+build_iort(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
{
- int iort_start = table_data->len;
+ int nb_nodes, iort_start = table_data->len;
AcpiIortIdMapping *idmap;
AcpiIortItsGroup *its;
AcpiIortTable *iort;
- size_t node_size, iort_length;
+ AcpiIortSmmu3 *smmu;
+ size_t node_size, iort_length, smmu_offset = 0;
AcpiIortRC *rc;
iort = acpi_data_push(table_data, sizeof(*iort));
+ if (vms->iommu == VIRT_IOMMU_SMMUV3) {
+ nb_nodes = 3; /* RC, ITS, SMMUv3 */
+ } else {
+ nb_nodes = 2; /* RC, ITS */
+ }
+
iort_length = sizeof(*iort);
- iort->node_count = cpu_to_le32(2); /* RC and ITS nodes */
+ iort->node_count = cpu_to_le32(nb_nodes);
iort->node_offset = cpu_to_le32(sizeof(*iort));
/* ITS group node */
@@ -418,6 +425,34 @@ build_iort(GArray *table_data, BIOSLinker *linker)
its->its_count = cpu_to_le32(1);
its->identifiers[0] = 0; /* MADT translation_id */
+ if (vms->iommu == VIRT_IOMMU_SMMUV3) {
+ int irq = vms->irqmap[VIRT_SMMU];
+
+ /* SMMUv3 node */
+ smmu_offset = iort->node_offset + node_size;
+ node_size = sizeof(*smmu) + sizeof(*idmap);
+ iort_length += node_size;
+ smmu = acpi_data_push(table_data, node_size);
+
+ smmu->type = ACPI_IORT_NODE_SMMU_V3;
+ smmu->length = cpu_to_le16(node_size);
+ smmu->mapping_count = cpu_to_le32(1);
+ smmu->mapping_offset = cpu_to_le32(sizeof(*smmu));
+ smmu->base_address = cpu_to_le64(vms->memmap[VIRT_SMMU].base);
+ smmu->event_gsiv = cpu_to_le32(irq);
+ smmu->pri_gsiv = cpu_to_le32(irq + 1);
+ smmu->gerr_gsiv = cpu_to_le32(irq + 2);
+ smmu->sync_gsiv = cpu_to_le32(irq + 3);
+
+ /* Identity RID mapping covering the whole input RID range */
+ idmap = &smmu->id_mapping_array[0];
+ idmap->input_base = 0;
+ idmap->id_count = cpu_to_le32(0xFFFF);
+ idmap->output_base = 0;
+ /* output IORT node is the ITS group node (the first node) */
+ idmap->output_reference = cpu_to_le32(iort->node_offset);
+ }
+
/* Root Complex Node */
node_size = sizeof(*rc) + sizeof(*idmap);
iort_length += node_size;
@@ -438,8 +473,14 @@ build_iort(GArray *table_data, BIOSLinker *linker)
idmap->input_base = 0;
idmap->id_count = cpu_to_le32(0xFFFF);
idmap->output_base = 0;
- /* output IORT node is the ITS group node (the first node) */
- idmap->output_reference = cpu_to_le32(iort->node_offset);
+
+ if (vms->iommu == VIRT_IOMMU_SMMUV3) {
+ /* output IORT node is the smmuv3 node */
+ idmap->output_reference = cpu_to_le32(smmu_offset);
+ } else {
+ /* output IORT node is the ITS group node (the first node) */
+ idmap->output_reference = cpu_to_le32(iort->node_offset);
+ }
iort->length = cpu_to_le32(iort_length);
@@ -777,7 +818,7 @@ void virt_acpi_build(VirtMachineState *vms, AcpiBuildTables *tables)
if (its_class_name() && !vmc->no_its) {
acpi_add_table(table_offsets, tables_blob);
- build_iort(tables_blob, tables->linker);
+ build_iort(tables_blob, tables->linker, vms);
}
/* XSDT is pointed to by RSDP */
diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
index 5955eb4..af8e023 100644
--- a/include/hw/acpi/acpi-defs.h
+++ b/include/hw/acpi/acpi-defs.h
@@ -628,6 +628,21 @@ struct AcpiIortItsGroup {
} QEMU_PACKED;
typedef struct AcpiIortItsGroup AcpiIortItsGroup;
+struct AcpiIortSmmu3 {
+ ACPI_IORT_NODE_HEADER_DEF
+ uint64_t base_address;
+ uint32_t flags;
+ uint32_t reserved2;
+ uint64_t vatos_address;
+ uint32_t model;
+ uint32_t event_gsiv;
+ uint32_t pri_gsiv;
+ uint32_t gerr_gsiv;
+ uint32_t sync_gsiv;
+ AcpiIortIdMapping id_mapping_array[0];
+} QEMU_PACKED;
+typedef struct AcpiIortSmmu3 AcpiIortSmmu3;
+
struct AcpiIortRC {
ACPI_IORT_NODE_HEADER_DEF
AcpiIortMemoryAccess memory_properties;
--
2.5.5
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [Qemu-devel] [PATCH v11 14/17] hw/arm/virt: Introduce the iommu option
2018-04-12 7:37 [Qemu-devel] [PATCH v11 00/17] ARM SMMUv3 Emulation Support Eric Auger
` (12 preceding siblings ...)
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 13/17] hw/arm/virt-acpi-build: Add smmuv3 node in IORT table Eric Auger
@ 2018-04-12 7:38 ` Eric Auger
2018-04-16 16:55 ` Peter Maydell
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 15/17] hw/arm/smmuv3: Cache/invalidate config data Eric Auger
` (2 subsequent siblings)
16 siblings, 1 reply; 37+ messages in thread
From: Eric Auger @ 2018-04-12 7:38 UTC (permalink / raw)
To: eric.auger.pro, eric.auger, qemu-devel, qemu-arm, peter.maydell,
prem.mallappa
Cc: alex.williamson, tn, mst, cdall, bharat.bhushan,
jean-philippe.brucker, linuc.decode, peterx, jintack
ARM virt machine now exposes a new "iommu" option.
The SMMUv3 IOMMU is instantiated using -machine virt,iommu=smmuv3.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
---
v9 -> v10:
- remove no_iommu
v7 -> v8:
- Revert to machine option, now dubbed "iommu", preparing for virtio
instantiation.
v5 -> v6: machine 2_11
---
hw/arm/virt.c | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 1799702..a3398d6 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -1560,6 +1560,34 @@ static void virt_set_gic_version(Object *obj, const char *value, Error **errp)
}
}
+static char *virt_get_iommu(Object *obj, Error **errp)
+{
+ VirtMachineState *vms = VIRT_MACHINE(obj);
+
+ switch (vms->iommu) {
+ case VIRT_IOMMU_NONE:
+ return g_strdup("none");
+ case VIRT_IOMMU_SMMUV3:
+ return g_strdup("smmuv3");
+ default:
+ g_assert_not_reached();
+ }
+}
+
+static void virt_set_iommu(Object *obj, const char *value, Error **errp)
+{
+ VirtMachineState *vms = VIRT_MACHINE(obj);
+
+ if (!strcmp(value, "smmuv3")) {
+ vms->iommu = VIRT_IOMMU_SMMUV3;
+ } else if (!strcmp(value, "none")) {
+ vms->iommu = VIRT_IOMMU_NONE;
+ } else {
+ error_setg(errp, "Invalid iommu value");
+ error_append_hint(errp, "Valid values are none, smmuv3.\n");
+ }
+}
+
static CpuInstanceProperties
virt_cpu_index_to_props(MachineState *ms, unsigned cpu_index)
{
@@ -1692,6 +1720,14 @@ static void virt_2_12_instance_init(Object *obj)
NULL);
}
+ /* Default disallows iommu instantiation */
+ vms->iommu = VIRT_IOMMU_NONE;
+ object_property_add_str(obj, "iommu", virt_get_iommu, virt_set_iommu, NULL);
+ object_property_set_description(obj, "iommu",
+ "Set the IOMMU model among "
+ "none, smmuv3 (default none)",
+ NULL);
+
vms->memmap = a15memmap;
vms->irqmap = a15irqmap;
}
--
2.5.5
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [Qemu-devel] [PATCH v11 15/17] hw/arm/smmuv3: Cache/invalidate config data
2018-04-12 7:37 [Qemu-devel] [PATCH v11 00/17] ARM SMMUv3 Emulation Support Eric Auger
` (13 preceding siblings ...)
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 14/17] hw/arm/virt: Introduce the iommu option Eric Auger
@ 2018-04-12 7:38 ` Eric Auger
2018-04-17 12:22 ` Peter Maydell
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 16/17] hw/arm/smmuv3: IOTLB emulation Eric Auger
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 17/17] hw/arm/smmuv3: Add notifications on invalidation Eric Auger
16 siblings, 1 reply; 37+ messages in thread
From: Eric Auger @ 2018-04-12 7:38 UTC (permalink / raw)
To: eric.auger.pro, eric.auger, qemu-devel, qemu-arm, peter.maydell,
prem.mallappa
Cc: alex.williamson, tn, mst, cdall, bharat.bhushan,
jean-philippe.brucker, linuc.decode, peterx, jintack
Let's cache config data to avoid fetching and parsing STE/CD
structures on each translation. We invalidate them on data structure
invalidation commands.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
---
hw/arm/smmu-common.c | 24 +++++++-
hw/arm/smmuv3.c | 129 ++++++++++++++++++++++++++++++++++++++++---
hw/arm/trace-events | 6 ++
include/hw/arm/smmu-common.h | 3 +
include/hw/arm/smmuv3.h | 1 +
5 files changed, 152 insertions(+), 11 deletions(-)
diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
index 6a58948..c271a28 100644
--- a/hw/arm/smmu-common.c
+++ b/hw/arm/smmu-common.c
@@ -297,6 +297,24 @@ static AddressSpace *smmu_find_add_as(PCIBus *bus, void *opaque, int devfn)
return &sdev->as;
}
+IOMMUMemoryRegion *smmu_iommu_mr(SMMUState *s, uint32_t sid)
+{
+ uint8_t bus_n, devfn;
+ SMMUPciBus *smmu_bus;
+ SMMUDevice *smmu;
+
+ bus_n = PCI_BUS_NUM(sid);
+ smmu_bus = smmu_find_smmu_pcibus(s, bus_n);
+ if (smmu_bus) {
+ devfn = sid & 0x7;
+ smmu = smmu_bus->pbdev[devfn];
+ if (smmu) {
+ return &smmu->iommu;
+ }
+ }
+ return NULL;
+}
+
static void smmu_base_realize(DeviceState *dev, Error **errp)
{
SMMUState *s = ARM_SMMU(dev);
@@ -308,7 +326,7 @@ static void smmu_base_realize(DeviceState *dev, Error **errp)
error_propagate(errp, local_err);
return;
}
-
+ s->configs = g_hash_table_new_full(NULL, NULL, NULL, g_free);
s->smmu_pcibus_by_busptr = g_hash_table_new(NULL, NULL);
if (s->primary_bus) {
@@ -320,7 +338,9 @@ static void smmu_base_realize(DeviceState *dev, Error **errp)
static void smmu_base_reset(DeviceState *dev)
{
- /* will be filled later on */
+ SMMUState *s = ARM_SMMU(dev);
+
+ g_hash_table_remove_all(s->configs);
}
static Property smmu_dev_properties[] = {
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index 6e0d7ad..938052e 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -537,6 +537,38 @@ static int smmuv3_decode_config(IOMMUMemoryRegion *mr, SMMUTransCfg *cfg,
return decode_cd(cfg, &cd, event);
}
+static SMMUTransCfg *smmuv3_get_config(SMMUDevice *sdev, SMMUEventInfo *event)
+{
+ SMMUv3State *s = sdev->smmu;
+ SMMUState *bc = &s->smmu_state;
+ SMMUTransCfg *cfg;
+
+ cfg = g_hash_table_lookup(bc->configs, sdev);
+ trace_smmuv3_config_cache_hit(((pci_bus_num(sdev->bus) & 0xff) << 8) |
+ sdev->devfn);
+ if (!cfg) {
+ trace_smmuv3_config_cache_miss(((pci_bus_num(sdev->bus) & 0xff) << 8) |
+ sdev->devfn);
+ cfg = g_new0(SMMUTransCfg, 1);
+ g_hash_table_insert(bc->configs, sdev, cfg);
+
+ if (smmuv3_decode_config(&sdev->iommu, cfg, event)) {
+ g_hash_table_remove(bc->configs, sdev);
+ }
+ }
+ return cfg;
+}
+
+static void smmuv3_put_config(SMMUDevice *sdev)
+{
+ SMMUv3State *s = sdev->smmu;
+ SMMUState *bc = &s->smmu_state;
+
+ trace_smmuv3_config_cache_inv(((pci_bus_num(sdev->bus) & 0xff) << 8) |
+ sdev->devfn);
+ g_hash_table_remove(bc->configs, sdev);
+}
+
static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,
IOMMUAccessFlags flag)
{
@@ -545,7 +577,7 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,
uint32_t sid = smmu_get_sid(sdev);
SMMUEventInfo event = {.type = SMMU_EVT_OK, .sid = sid};
SMMUPTWEventInfo ptw_info = {};
- SMMUTransCfg cfg = {};
+ SMMUTransCfg *cfg = NULL;
IOMMUTLBEntry entry = {
.target_as = &address_space_memory,
.iova = addr,
@@ -556,19 +588,26 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,
int ret = 0;
if (!smmu_enabled(s)) {
+ return entry;
+ }
+
+ /*
+ * the lock is held to sequentialize invalidation commands and
+ * translation operations
+ */
+ qemu_mutex_lock(&s->mutex);
+
+ cfg = smmuv3_get_config(sdev, &event);
+ if (!cfg) {
+ ret = -EINVAL;
goto out;
}
- ret = smmuv3_decode_config(mr, &cfg, &event);
- if (ret) {
+ if (cfg->aborted) {
goto out;
}
- if (cfg.aborted) {
- goto out;
- }
-
- ret = smmu_ptw(&cfg, addr, flag, &entry, &ptw_info);
+ ret = smmu_ptw(cfg, addr, flag, &entry, &ptw_info);
if (ret) {
switch (ptw_info.type) {
case SMMU_PTW_ERR_WALK_EABT:
@@ -617,17 +656,20 @@ out:
mr->parent_obj.name, addr, ret);
entry.perm = IOMMU_NONE;
smmuv3_record_event(s, &event);
- } else if (!cfg.aborted) {
+ } else if (!cfg->aborted) {
entry.perm = flag;
trace_smmuv3_translate(mr->parent_obj.name, sid, addr,
entry.translated_addr, entry.perm);
}
+ qemu_mutex_unlock(&s->mutex);
+
return entry;
}
static int smmuv3_cmdq_consume(SMMUv3State *s)
{
+ SMMUState *bs = ARM_SMMU(s);
SMMUCmdError cmd_error = SMMU_CERROR_NONE;
SMMUQueue *q = &s->cmdq;
SMMUCommandType type = 0;
@@ -662,6 +704,7 @@ static int smmuv3_cmdq_consume(SMMUv3State *s)
trace_smmuv3_cmdq_opcode(smmu_cmd_string(type));
+ qemu_mutex_lock(&s->mutex);
switch (type) {
case SMMU_CMD_SYNC:
if (CMD_SYNC_CS(&cmd) & CMD_SYNC_SIG_IRQ) {
@@ -670,10 +713,74 @@ static int smmuv3_cmdq_consume(SMMUv3State *s)
break;
case SMMU_CMD_PREFETCH_CONFIG:
case SMMU_CMD_PREFETCH_ADDR:
+ break;
case SMMU_CMD_CFGI_STE:
+ {
+ uint32_t sid = CMD_SID(&cmd);
+ IOMMUMemoryRegion *mr = smmu_iommu_mr(bs, sid);
+ SMMUDevice *sdev;
+
+ if (CMD_SSEC(&cmd)) {
+ cmd_error = SMMU_CERROR_ILL;
+ break;
+ }
+
+ if (!mr) {
+ break;
+ }
+
+ trace_smmuv3_cmdq_cfgi_ste(sid);
+ sdev = container_of(mr, SMMUDevice, iommu);
+ smmuv3_put_config(sdev);
+
+ break;
+ }
case SMMU_CMD_CFGI_STE_RANGE: /* same as SMMU_CMD_CFGI_ALL */
+ {
+ uint32_t start = CMD_SID(&cmd), end, i;
+ uint8_t range = CMD_STE_RANGE(&cmd);
+
+ if (CMD_SSEC(&cmd)) {
+ cmd_error = SMMU_CERROR_ILL;
+ break;
+ }
+
+ end = start + (1 << (range + 1)) - 1;
+ trace_smmuv3_cmdq_cfgi_ste_range(start, end);
+
+ for (i = start; i <= end; i++) {
+ IOMMUMemoryRegion *mr = smmu_iommu_mr(bs, i);
+ SMMUDevice *sdev;
+
+ if (!mr) {
+ continue;
+ }
+ sdev = container_of(mr, SMMUDevice, iommu);
+ smmuv3_put_config(sdev);
+ }
+ break;
+ }
case SMMU_CMD_CFGI_CD:
case SMMU_CMD_CFGI_CD_ALL:
+ {
+ uint32_t sid = CMD_SID(&cmd);
+ IOMMUMemoryRegion *mr = smmu_iommu_mr(bs, sid);
+ SMMUDevice *sdev;
+
+ if (CMD_SSEC(&cmd)) {
+ cmd_error = SMMU_CERROR_ILL;
+ break;
+ }
+
+ if (!mr) {
+ break;
+ }
+
+ trace_smmuv3_cmdq_cfgi_cd(sid);
+ sdev = container_of(mr, SMMUDevice, iommu);
+ smmuv3_put_config(sdev);
+ break;
+ }
case SMMU_CMD_TLBI_NH_ALL:
case SMMU_CMD_TLBI_NH_ASID:
case SMMU_CMD_TLBI_NH_VA:
@@ -700,6 +807,7 @@ static int smmuv3_cmdq_consume(SMMUv3State *s)
break;
}
if (cmd_error) {
+ qemu_mutex_unlock(&s->mutex);
break;
}
/*
@@ -708,6 +816,7 @@ static int smmuv3_cmdq_consume(SMMUv3State *s)
* and does not check the completion of previous commands
*/
queue_cons_incr(q);
+ qemu_mutex_unlock(&s->mutex);
}
if (cmd_error) {
@@ -1078,6 +1187,8 @@ static void smmu_realize(DeviceState *d, Error **errp)
return;
}
+ qemu_mutex_init(&s->mutex);
+
memory_region_init_io(&sys->iomem, OBJECT(s),
&smmu_mem_ops, sys, TYPE_ARM_SMMUV3, 0x20000);
diff --git a/hw/arm/trace-events b/hw/arm/trace-events
index 032de48..ecc30be 100644
--- a/hw/arm/trace-events
+++ b/hw/arm/trace-events
@@ -39,3 +39,9 @@ smmuv3_get_cd(uint64_t addr) "CD addr: 0x%"PRIx64
smmuv3_translate(const char *n, uint16_t sid, uint64_t iova, uint64_t translated, int perm) "%s sid=%d iova=0x%"PRIx64" translated=0x%"PRIx64" perm=0x%x"
smmuv3_decode_cd(uint32_t oas) "oas=%d"
smmuv3_decode_cd_tt(int i, uint32_t tsz, uint64_t ttb, uint32_t granule_sz, int initial_level) "TT[%d]:tsz:%d ttb:0x%"PRIx64" granule_sz:%d, initial_level = %d"
+smmuv3_cmdq_cfgi_ste(int streamid) " |_ streamid =%d"
+smmuv3_cmdq_cfgi_ste_range(int start, int end) " |_ start=0x%d - end=0x%d"
+smmuv3_cmdq_cfgi_cd(uint32_t sid) " |_ streamid = %d"
+smmuv3_config_cache_hit(uint32_t sid) "Config cache HIT for sid %d"
+smmuv3_config_cache_miss(uint32_t sid) "Config cache MISS for sid %d"
+smmuv3_config_cache_inv(uint32_t sid) "Config cache INV for sid %d"
diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h
index 4ccd131..ff07734 100644
--- a/include/hw/arm/smmu-common.h
+++ b/include/hw/arm/smmu-common.h
@@ -143,4 +143,7 @@ int smmu_ptw(SMMUTransCfg *cfg, dma_addr_t iova, IOMMUAccessFlags perm,
*/
SMMUTransTableInfo *select_tt(SMMUTransCfg *cfg, dma_addr_t iova);
+/* Return the iommu mr associated to @sid, or NULL if none */
+IOMMUMemoryRegion *smmu_iommu_mr(SMMUState *s, uint32_t sid);
+
#endif /* HW_ARM_SMMU_COMMON */
diff --git a/include/hw/arm/smmuv3.h b/include/hw/arm/smmuv3.h
index 23f7036..36b2f45 100644
--- a/include/hw/arm/smmuv3.h
+++ b/include/hw/arm/smmuv3.h
@@ -59,6 +59,7 @@ typedef struct SMMUv3State {
SMMUQueue eventq, cmdq;
qemu_irq irq[4];
+ QemuMutex mutex;
} SMMUv3State;
typedef enum {
--
2.5.5
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [Qemu-devel] [PATCH v11 16/17] hw/arm/smmuv3: IOTLB emulation
2018-04-12 7:37 [Qemu-devel] [PATCH v11 00/17] ARM SMMUv3 Emulation Support Eric Auger
` (14 preceding siblings ...)
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 15/17] hw/arm/smmuv3: Cache/invalidate config data Eric Auger
@ 2018-04-12 7:38 ` Eric Auger
2018-04-17 12:55 ` Peter Maydell
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 17/17] hw/arm/smmuv3: Add notifications on invalidation Eric Auger
16 siblings, 1 reply; 37+ messages in thread
From: Eric Auger @ 2018-04-12 7:38 UTC (permalink / raw)
To: eric.auger.pro, eric.auger, qemu-devel, qemu-arm, peter.maydell,
prem.mallappa
Cc: alex.williamson, tn, mst, cdall, bharat.bhushan,
jean-philippe.brucker, linuc.decode, peterx, jintack
We emulate a TLB cache of size SMMU_IOTLB_MAX_SIZE=256.
It is implemented as a hash table whose key is a combination
of the 16b asid and 48b IOVA.
Entries are invalidated on TLB invalidation commands, either
globally, or per asid, or per asid/iova.
One peculiarity is the NH_VA invalidation command does not
convey any information about the size to be invalidated (as
opposed to what Intel does, for instance, with the am field).
Hence, when NH_VA arrives we both invalidate the 4K and 64K
entries, the both granules that we support.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
---
Credit to Tomasz Nowicki who did the first implementation of
this IOTLB implementation, inspired of intel_iommu implemtation.
---
hw/arm/smmu-common.c | 33 ++++++++++++++
hw/arm/smmuv3.c | 105 +++++++++++++++++++++++++++++++++++++++++--
hw/arm/trace-events | 9 ++++
include/hw/arm/smmu-common.h | 11 +++++
4 files changed, 154 insertions(+), 4 deletions(-)
diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
index c271a28..3d25339 100644
--- a/hw/arm/smmu-common.c
+++ b/hw/arm/smmu-common.c
@@ -29,6 +29,36 @@
#include "hw/arm/smmu-common.h"
#include "smmu-internal.h"
+/* IOTLB Management */
+
+inline void smmu_iotlb_inv_all(SMMUState *s)
+{
+ trace_smmu_iotlb_inv_all();
+ g_hash_table_remove_all(s->iotlb);
+}
+
+static gboolean smmu_hash_remove_by_asid(gpointer key, gpointer value,
+ gpointer user_data)
+{
+ uint16_t asid = *(uint16_t *)user_data;
+
+ return ((*(uint64_t *)key) >> IOTLB_KEY_ASID_SHIFT) == asid;
+}
+
+inline void smmu_iotlb_inv_iova(SMMUState *s, uint16_t asid, dma_addr_t iova)
+{
+ uint64_t key = SMMU_IOTLB_KEY(asid, iova);
+
+ trace_smmu_iotlb_inv_iova(asid, iova);
+ g_hash_table_remove(s->iotlb, &key);
+}
+
+inline void smmu_iotlb_inv_asid(SMMUState *s, uint16_t asid)
+{
+ trace_smmu_iotlb_inv_asid(asid);
+ g_hash_table_foreach_remove(s->iotlb, smmu_hash_remove_by_asid, &asid);
+}
+
/* VMSAv8-64 Translation */
/**
@@ -327,6 +357,8 @@ static void smmu_base_realize(DeviceState *dev, Error **errp)
return;
}
s->configs = g_hash_table_new_full(NULL, NULL, NULL, g_free);
+ s->iotlb = g_hash_table_new_full(g_int64_hash, g_int64_equal,
+ g_free, g_free);
s->smmu_pcibus_by_busptr = g_hash_table_new(NULL, NULL);
if (s->primary_bus) {
@@ -341,6 +373,7 @@ static void smmu_base_reset(DeviceState *dev)
SMMUState *s = ARM_SMMU(dev);
g_hash_table_remove_all(s->configs);
+ g_hash_table_remove_all(s->iotlb);
}
static Property smmu_dev_properties[] = {
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index 938052e..081f0fb 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -551,6 +551,8 @@ static SMMUTransCfg *smmuv3_get_config(SMMUDevice *sdev, SMMUEventInfo *event)
sdev->devfn);
cfg = g_new0(SMMUTransCfg, 1);
g_hash_table_insert(bc->configs, sdev, cfg);
+ cfg->iotlb_miss = 0;
+ cfg->iotlb_hit = 0;
if (smmuv3_decode_config(&sdev->iommu, cfg, event)) {
g_hash_table_remove(bc->configs, sdev);
@@ -575,8 +577,12 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,
SMMUDevice *sdev = container_of(mr, SMMUDevice, iommu);
SMMUv3State *s = sdev->smmu;
uint32_t sid = smmu_get_sid(sdev);
+ SMMUState *bs = ARM_SMMU(s);
SMMUEventInfo event = {.type = SMMU_EVT_OK, .sid = sid};
+ uint64_t key_val, page_mask, aligned_addr;
+ IOMMUTLBEntry *cached_entry = NULL;
SMMUPTWEventInfo ptw_info = {};
+ SMMUTransTableInfo *tt;
SMMUTransCfg *cfg = NULL;
IOMMUTLBEntry entry = {
.target_as = &address_space_memory,
@@ -585,6 +591,7 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,
.addr_mask = ~(hwaddr)0,
.perm = IOMMU_NONE,
};
+ uint64_t *key;
int ret = 0;
if (!smmu_enabled(s)) {
@@ -607,7 +614,56 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,
goto out;
}
- ret = smmu_ptw(cfg, addr, flag, &entry, &ptw_info);
+ tt = select_tt(cfg, addr);
+ if (!tt) {
+ if (event.record_trans_faults) {
+ event.type = SMMU_EVT_F_TRANSLATION;
+ event.u.f_translation.addr = addr;
+ event.u.f_translation.rnw = flag & 0x1;
+ }
+ ret = -EINVAL;
+ goto out;
+ }
+
+ page_mask = (1ULL << (tt->granule_sz)) - 1;
+ aligned_addr = addr & ~page_mask;
+
+ key_val = SMMU_IOTLB_KEY(cfg->asid, aligned_addr);
+
+ cached_entry = g_hash_table_lookup(bs->iotlb, &key_val);
+ if (cached_entry) {
+ cfg->iotlb_hit += 1;
+ trace_smmu_iotlb_cache_hit(cfg->asid, aligned_addr,
+ cfg->iotlb_hit, cfg->iotlb_miss,
+ 100 * cfg->iotlb_hit /
+ (cfg->iotlb_hit + cfg->iotlb_miss));
+ if ((flag & IOMMU_WO) && !(cached_entry->perm & IOMMU_WO)) {
+ ret = -EFAULT;
+ if (event.record_trans_faults) {
+ event.type = SMMU_EVT_F_PERMISSION;
+ event.u.f_permission.addr = addr;
+ event.u.f_permission.rnw = flag & 0x1;
+ }
+ }
+ goto out;
+ }
+
+ cfg->iotlb_miss += 1;
+ trace_smmu_iotlb_cache_miss(cfg->asid, addr & ~page_mask,
+ cfg->iotlb_hit, cfg->iotlb_miss,
+ 100 * cfg->iotlb_hit /
+ (cfg->iotlb_hit + cfg->iotlb_miss));
+
+ if (g_hash_table_size(bs->iotlb) >= SMMU_IOTLB_MAX_SIZE) {
+ smmu_iotlb_inv_all(bs);
+ }
+
+ cached_entry = g_new0(IOMMUTLBEntry, 1);
+ key = g_new0(uint64_t, 1);
+ *key = key_val;
+ g_hash_table_insert(bs->iotlb, key, cached_entry);
+
+ ret = smmu_ptw(cfg, aligned_addr, flag, cached_entry, &ptw_info);
if (ret) {
switch (ptw_info.type) {
case SMMU_PTW_ERR_WALK_EABT:
@@ -656,8 +712,14 @@ out:
mr->parent_obj.name, addr, ret);
entry.perm = IOMMU_NONE;
smmuv3_record_event(s, &event);
+ if (cached_entry) {
+ smmu_iotlb_inv_iova(bs, cfg->asid, aligned_addr);
+ }
} else if (!cfg->aborted) {
entry.perm = flag;
+ entry.translated_addr = cached_entry->translated_addr +
+ (addr & page_mask);
+ entry.addr_mask = cached_entry->addr_mask;
trace_smmuv3_translate(mr->parent_obj.name, sid, addr,
entry.translated_addr, entry.perm);
}
@@ -781,10 +843,46 @@ static int smmuv3_cmdq_consume(SMMUv3State *s)
smmuv3_put_config(sdev);
break;
}
- case SMMU_CMD_TLBI_NH_ALL:
case SMMU_CMD_TLBI_NH_ASID:
- case SMMU_CMD_TLBI_NH_VA:
+ {
+ uint16_t asid = CMD_ASID(&cmd);
+
+ trace_smmuv3_cmdq_tlbi_nh_asid(asid);
+ /* TODO: be more precise and invalidate for @asid */
+ smmu_iotlb_inv_asid(bs, asid);
+ break;
+ }
+ case SMMU_CMD_TLBI_NH_ALL:
+ case SMMU_CMD_TLBI_NSNH_ALL:
+ trace_smmuv3_cmdq_tlbi_nh();
+ smmu_iotlb_inv_all(bs);
+ break;
case SMMU_CMD_TLBI_NH_VAA:
+ {
+ dma_addr_t addr = CMD_ADDR(&cmd);
+ uint16_t vmid = CMD_VMID(&cmd);
+
+ trace_smmuv3_cmdq_tlbi_nh_vaa(vmid, addr);
+ smmu_iotlb_inv_all(bs);
+ break;
+ }
+ case SMMU_CMD_TLBI_NH_VA:
+ {
+ uint16_t asid = CMD_ASID(&cmd);
+ uint16_t vmid = CMD_VMID(&cmd);
+ dma_addr_t addr = CMD_ADDR(&cmd);
+ bool leaf = CMD_LEAF(&cmd);
+
+ trace_smmuv3_cmdq_tlbi_nh_va(vmid, asid, addr, leaf);
+ /**
+ * we don't know the size of the granule so
+ * let's invalidate both 4K entry and 64kB entry.
+ * The spec allow to invalidate more than necessary.
+ */
+ smmu_iotlb_inv_iova(bs, asid, addr & ~0xFFF);
+ smmu_iotlb_inv_iova(bs, asid, addr & ~0xFFFF);
+ break;
+ }
case SMMU_CMD_TLBI_EL3_ALL:
case SMMU_CMD_TLBI_EL3_VA:
case SMMU_CMD_TLBI_EL2_ALL:
@@ -793,7 +891,6 @@ static int smmuv3_cmdq_consume(SMMUv3State *s)
case SMMU_CMD_TLBI_EL2_VAA:
case SMMU_CMD_TLBI_S12_VMALL:
case SMMU_CMD_TLBI_S2_IPA:
- case SMMU_CMD_TLBI_NSNH_ALL:
case SMMU_CMD_ATC_INV:
case SMMU_CMD_PRI_RESP:
case SMMU_CMD_RESUME:
diff --git a/hw/arm/trace-events b/hw/arm/trace-events
index ecc30be..7fdc08e 100644
--- a/hw/arm/trace-events
+++ b/hw/arm/trace-events
@@ -12,6 +12,11 @@ smmu_ptw_invalid_pte(int stage, int level, uint64_t baseaddr, uint64_t pteaddr,
smmu_ptw_page_pte(int stage, int level, uint64_t iova, uint64_t baseaddr, uint64_t pteaddr, uint64_t pte, uint64_t address) "stage=%d level=%d iova=0x%"PRIx64" base@=0x%"PRIx64" pte@=0x%"PRIx64" pte=0x%"PRIx64" page address = 0x%"PRIx64
smmu_ptw_block_pte(int stage, int level, uint64_t baseaddr, uint64_t pteaddr, uint64_t pte, uint64_t iova, uint64_t gpa, int bsize_mb) "stage=%d level=%d base@=0x%"PRIx64" pte@=0x%"PRIx64" pte=0x%"PRIx64" iova=0x%"PRIx64" block address = 0x%"PRIx64" block size = %d MiB"
smmu_get_pte(uint64_t baseaddr, int index, uint64_t pteaddr, uint64_t pte) "baseaddr=0x%"PRIx64" index=0x%x, pteaddr=0x%"PRIx64", pte=0x%"PRIx64
+smmu_iotlb_cache_hit(uint16_t asid, uint64_t addr, uint32_t hit, uint32_t miss, float p) "IOTLB cache HIT asid=%d addr=0x%"PRIx64" hit=%d miss=%d hit rate=%.1f"
+smmu_iotlb_cache_miss(uint16_t asid, uint64_t addr, uint32_t hit, uint32_t miss, float p) "IOTLB cache MISS asid=%d addr=0x%"PRIx64" hit=%d miss=%d hit rate=%.1f"
+smmu_iotlb_inv_all(void) "IOTLB invalidate all"
+smmu_iotlb_inv_asid(uint16_t asid) "IOTLB invalidate asid=%d"
+smmu_iotlb_inv_iova(uint16_t asid, uint64_t addr) "IOTLB invalidate asid=%d addr=0x%"PRIx64
#hw/arm/smmuv3.c
smmuv3_read_mmio(uint64_t addr, uint64_t val, unsigned size, uint32_t r) "addr: 0x%"PRIx64" val:0x%"PRIx64" size: 0x%x(%d)"
@@ -41,6 +46,10 @@ smmuv3_decode_cd(uint32_t oas) "oas=%d"
smmuv3_decode_cd_tt(int i, uint32_t tsz, uint64_t ttb, uint32_t granule_sz, int initial_level) "TT[%d]:tsz:%d ttb:0x%"PRIx64" granule_sz:%d, initial_level = %d"
smmuv3_cmdq_cfgi_ste(int streamid) " |_ streamid =%d"
smmuv3_cmdq_cfgi_ste_range(int start, int end) " |_ start=0x%d - end=0x%d"
+smmuv3_cmdq_tlbi_nh_va(int vmid, int asid, uint64_t addr, bool leaf) " |_ vmid =%d asid =%d addr=0x%"PRIx64" leaf=%d"
+smmuv3_cmdq_tlbi_nh_vaa(int vmid, uint64_t addr) " |_ vmid =%d addr=0x%"PRIx64
+smmuv3_cmdq_tlbi_nh(void) ""
+smmuv3_cmdq_tlbi_nh_asid(uint16_t asid) "asid=%d"
smmuv3_cmdq_cfgi_cd(uint32_t sid) " |_ streamid = %d"
smmuv3_config_cache_hit(uint32_t sid) "Config cache HIT for sid %d"
smmuv3_config_cache_miss(uint32_t sid) "Config cache MISS for sid %d"
diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h
index ff07734..1c9c648 100644
--- a/include/hw/arm/smmu-common.h
+++ b/include/hw/arm/smmu-common.h
@@ -68,6 +68,8 @@ typedef struct SMMUTransCfg {
uint8_t tbi; /* Top Byte Ignore */
uint16_t asid;
SMMUTransTableInfo tt[2];
+ uint32_t iotlb_hit;
+ uint32_t iotlb_miss;
} SMMUTransCfg;
typedef struct SMMUDevice {
@@ -146,4 +148,13 @@ SMMUTransTableInfo *select_tt(SMMUTransCfg *cfg, dma_addr_t iova);
/* Return the iommu mr associated to @sid, or NULL if none */
IOMMUMemoryRegion *smmu_iommu_mr(SMMUState *s, uint32_t sid);
+#define SMMU_IOTLB_MAX_SIZE 256
+#define IOTLB_KEY_ASID_SHIFT SMMU_MAX_VA_BITS
+#define SMMU_IOTLB_KEY(asid, iova) \
+ (iova | (uint64_t)(asid) << IOTLB_KEY_ASID_SHIFT);
+
+void smmu_iotlb_inv_all(SMMUState *s);
+void smmu_iotlb_inv_asid(SMMUState *s, uint16_t asid);
+void smmu_iotlb_inv_iova(SMMUState *s, uint16_t asid, dma_addr_t iova);
+
#endif /* HW_ARM_SMMU_COMMON */
--
2.5.5
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [Qemu-devel] [PATCH v11 17/17] hw/arm/smmuv3: Add notifications on invalidation
2018-04-12 7:37 [Qemu-devel] [PATCH v11 00/17] ARM SMMUv3 Emulation Support Eric Auger
` (15 preceding siblings ...)
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 16/17] hw/arm/smmuv3: IOTLB emulation Eric Auger
@ 2018-04-12 7:38 ` Eric Auger
16 siblings, 0 replies; 37+ messages in thread
From: Eric Auger @ 2018-04-12 7:38 UTC (permalink / raw)
To: eric.auger.pro, eric.auger, qemu-devel, qemu-arm, peter.maydell,
prem.mallappa
Cc: alex.williamson, tn, mst, cdall, bharat.bhushan,
jean-philippe.brucker, linuc.decode, peterx, jintack
On TLB invalidation commands, let's call registered
IOMMU notifiers. Those can only be UNMAP notifiers.
SMMUv3 does not support notification on MAP (VFIO).
This patch allows vhost use case where IOTLB API is notified
on each guest IOTLB invalidation.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
---
hw/arm/smmu-common.c | 34 +++++++++++++++
hw/arm/smmuv3.c | 99 +++++++++++++++++++++++++++++++++++++++++++-
hw/arm/trace-events | 5 +++
include/hw/arm/smmu-common.h | 6 +++
4 files changed, 142 insertions(+), 2 deletions(-)
diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
index 3d25339..c50ad20 100644
--- a/hw/arm/smmu-common.c
+++ b/hw/arm/smmu-common.c
@@ -345,6 +345,40 @@ IOMMUMemoryRegion *smmu_iommu_mr(SMMUState *s, uint32_t sid)
return NULL;
}
+/* Unmap the whole notifier's range */
+static void smmu_unmap_notifier_range(IOMMUNotifier *n)
+{
+ IOMMUTLBEntry entry;
+
+ entry.target_as = &address_space_memory;
+ entry.iova = n->start;
+ entry.perm = IOMMU_NONE;
+ entry.addr_mask = n->end - n->start;
+
+ memory_region_notify_one(n, &entry);
+}
+
+/* Unmap all notifiers attached to @mr */
+inline void smmu_inv_notifiers_mr(IOMMUMemoryRegion *mr)
+{
+ IOMMUNotifier *n;
+
+ trace_smmu_inv_notifiers_mr(mr->parent_obj.name);
+ IOMMU_NOTIFIER_FOREACH(n, mr) {
+ smmu_unmap_notifier_range(n);
+ }
+}
+
+/* Unmap all notifiers of all mr's */
+void smmu_inv_notifiers_all(SMMUState *s)
+{
+ SMMUNotifierNode *node;
+
+ QLIST_FOREACH(node, &s->notifiers_list, next) {
+ smmu_inv_notifiers_mr(&node->sdev->iommu);
+ }
+}
+
static void smmu_base_realize(DeviceState *dev, Error **errp)
{
SMMUState *s = ARM_SMMU(dev);
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index 081f0fb..ac1e72d 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -729,6 +729,68 @@ out:
return entry;
}
+/**
+ * smmuv3_notify_iova - call the notifier @n for a given
+ * @asid and @iova tuple.
+ *
+ * @mr: IOMMU mr region handle
+ * @n: notifier to be called
+ * @asid: address space ID or negative value if we don't care
+ * @iova: iova
+ */
+static void smmuv3_notify_iova(IOMMUMemoryRegion *mr,
+ IOMMUNotifier *n,
+ int asid,
+ dma_addr_t iova)
+{
+ SMMUDevice *sdev = container_of(mr, SMMUDevice, iommu);
+ SMMUEventInfo event = {};
+ SMMUTransTableInfo *tt;
+ SMMUTransCfg *cfg;
+ IOMMUTLBEntry entry;
+
+ cfg = smmuv3_get_config(sdev, &event);
+ if (!cfg) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s error decoding the configuration for iommu mr=%s\n",
+ __func__, mr->parent_obj.name);
+ return;
+ }
+
+ if (asid >= 0 && cfg->asid != asid) {
+ return;
+ }
+
+ tt = select_tt(cfg, iova);
+ if (!tt) {
+ return;
+ }
+
+ entry.target_as = &address_space_memory;
+ entry.iova = iova;
+ entry.addr_mask = (1 << tt->granule_sz) - 1;
+ entry.perm = IOMMU_NONE;
+
+ memory_region_notify_one(n, &entry);
+}
+
+/* invalidate an asid/iova tuple in all mr's */
+static void smmuv3_inv_notifiers_iova(SMMUState *s, int asid, dma_addr_t iova)
+{
+ SMMUNotifierNode *node;
+
+ QLIST_FOREACH(node, &s->notifiers_list, next) {
+ IOMMUMemoryRegion *mr = &node->sdev->iommu;
+ IOMMUNotifier *n;
+
+ trace_smmuv3_inv_notifiers_iova(mr->parent_obj.name, asid, iova);
+
+ IOMMU_NOTIFIER_FOREACH(n, mr) {
+ smmuv3_notify_iova(mr, n, asid, iova);
+ }
+ }
+}
+
static int smmuv3_cmdq_consume(SMMUv3State *s)
{
SMMUState *bs = ARM_SMMU(s);
@@ -849,12 +911,14 @@ static int smmuv3_cmdq_consume(SMMUv3State *s)
trace_smmuv3_cmdq_tlbi_nh_asid(asid);
/* TODO: be more precise and invalidate for @asid */
+ smmu_inv_notifiers_all(&s->smmu_state);
smmu_iotlb_inv_asid(bs, asid);
break;
}
case SMMU_CMD_TLBI_NH_ALL:
case SMMU_CMD_TLBI_NSNH_ALL:
trace_smmuv3_cmdq_tlbi_nh();
+ smmu_inv_notifiers_all(&s->smmu_state);
smmu_iotlb_inv_all(bs);
break;
case SMMU_CMD_TLBI_NH_VAA:
@@ -863,6 +927,7 @@ static int smmuv3_cmdq_consume(SMMUv3State *s)
uint16_t vmid = CMD_VMID(&cmd);
trace_smmuv3_cmdq_tlbi_nh_vaa(vmid, addr);
+ smmuv3_inv_notifiers_iova(bs, -1, addr);
smmu_iotlb_inv_all(bs);
break;
}
@@ -874,6 +939,7 @@ static int smmuv3_cmdq_consume(SMMUv3State *s)
bool leaf = CMD_LEAF(&cmd);
trace_smmuv3_cmdq_tlbi_nh_va(vmid, asid, addr, leaf);
+ smmuv3_inv_notifiers_iova(bs, asid, addr);
/**
* we don't know the size of the granule so
* let's invalidate both 4K entry and 64kB entry.
@@ -1359,9 +1425,38 @@ static void smmuv3_notify_flag_changed(IOMMUMemoryRegion *iommu,
IOMMUNotifierFlag old,
IOMMUNotifierFlag new)
{
+ SMMUDevice *sdev = container_of(iommu, SMMUDevice, iommu);
+ SMMUv3State *s3 = sdev->smmu;
+ SMMUState *s = &(s3->smmu_state);
+ SMMUNotifierNode *node = NULL;
+ SMMUNotifierNode *next_node = NULL;
+
+ if (new == IOMMU_NOTIFIER_MAP) {
+ int bus_num = pci_bus_num(sdev->bus);
+ PCIDevice *pcidev = pci_find_device(sdev->bus, bus_num, sdev->devfn);
+
+ warn_report("SMMUv3 does not support notification on MAP: "
+ "device %s will not function properly", pcidev->name);
+ }
+
if (old == IOMMU_NOTIFIER_NONE) {
- warn_report("SMMUV3 does not support vhost/vfio integration yet: "
- "devices of those types will not function properly");
+ trace_smmuv3_notify_flag_add(iommu->parent_obj.name);
+ node = g_malloc0(sizeof(*node));
+ node->sdev = sdev;
+ QLIST_INSERT_HEAD(&s->notifiers_list, node, next);
+ return;
+ }
+
+ /* update notifier node with new flags */
+ QLIST_FOREACH_SAFE(node, &s->notifiers_list, next, next_node) {
+ if (node->sdev == sdev) {
+ if (new == IOMMU_NOTIFIER_NONE) {
+ trace_smmuv3_notify_flag_del(iommu->parent_obj.name);
+ QLIST_REMOVE(node, next);
+ g_free(node);
+ }
+ return;
+ }
}
}
diff --git a/hw/arm/trace-events b/hw/arm/trace-events
index 7fdc08e..0f0ace5 100644
--- a/hw/arm/trace-events
+++ b/hw/arm/trace-events
@@ -17,6 +17,7 @@ smmu_iotlb_cache_miss(uint16_t asid, uint64_t addr, uint32_t hit, uint32_t miss,
smmu_iotlb_inv_all(void) "IOTLB invalidate all"
smmu_iotlb_inv_asid(uint16_t asid) "IOTLB invalidate asid=%d"
smmu_iotlb_inv_iova(uint16_t asid, uint64_t addr) "IOTLB invalidate asid=%d addr=0x%"PRIx64
+smmu_inv_notifiers_mr(const char *name) "iommu mr=%s"
#hw/arm/smmuv3.c
smmuv3_read_mmio(uint64_t addr, uint64_t val, unsigned size, uint32_t r) "addr: 0x%"PRIx64" val:0x%"PRIx64" size: 0x%x(%d)"
@@ -54,3 +55,7 @@ smmuv3_cmdq_cfgi_cd(uint32_t sid) " |_ streamid = %d"
smmuv3_config_cache_hit(uint32_t sid) "Config cache HIT for sid %d"
smmuv3_config_cache_miss(uint32_t sid) "Config cache MISS for sid %d"
smmuv3_config_cache_inv(uint32_t sid) "Config cache INV for sid %d"
+smmuv3_notify_flag_add(const char *iommu) "ADD SMMUNotifier node for iommu mr=%s"
+smmuv3_notify_flag_del(const char *iommu) "DEL SMMUNotifier node for iommu mr=%s"
+smmuv3_inv_notifiers_iova(const char *name, uint16_t asid, uint64_t iova) "iommu mr=%s asid=%d iova=0x%"PRIx64
+
diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h
index 1c9c648..5b604e1 100644
--- a/include/hw/arm/smmu-common.h
+++ b/include/hw/arm/smmu-common.h
@@ -157,4 +157,10 @@ void smmu_iotlb_inv_all(SMMUState *s);
void smmu_iotlb_inv_asid(SMMUState *s, uint16_t asid);
void smmu_iotlb_inv_iova(SMMUState *s, uint16_t asid, dma_addr_t iova);
+/* Unmap the range of all the notifiers registered to any IOMMU mr */
+void smmu_inv_notifiers_all(SMMUState *s);
+
+/* Unmap the range of all the notifiers registered to @mr */
+void smmu_inv_notifiers_mr(IOMMUMemoryRegion *mr);
+
#endif /* HW_ARM_SMMU_COMMON */
--
2.5.5
^ permalink raw reply related [flat|nested] 37+ messages in thread
* Re: [Qemu-devel] [PATCH v11 02/17] hw/arm/smmu-common: IOMMU memory region and address space setup
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 02/17] hw/arm/smmu-common: IOMMU memory region and address space setup Eric Auger
@ 2018-04-16 12:33 ` Peter Maydell
0 siblings, 0 replies; 37+ messages in thread
From: Peter Maydell @ 2018-04-16 12:33 UTC (permalink / raw)
To: Eric Auger
Cc: Eric Auger, QEMU Developers, qemu-arm, Prem Mallappa,
Alex Williamson, Tomasz Nowicki, Michael S. Tsirkin,
Christoffer Dall, Bharat Bhushan, Jean-Philippe Brucker,
linuc.decode, Peter Xu, Jintack Lim
On 12 April 2018 at 08:37, Eric Auger <eric.auger@redhat.com> wrote:
> We set up the infrastructure to enumerate all the PCI devices
> attached to the SMMU and create an associated IOMMU memory
> region and address space.
>
> Those info are stored in SMMUDevice objects. The devices are
> grouped according to the PCIBus they belong to. A hash table
> indexed by the PCIBus pointer is used. Also an array indexed by
> the bus number allows to find the list of SMMUDevices.
>
> Signed-off-by: Eric Auger <eric.auger@redhat.com>
> Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
>
> ---
> v9 -> v10:
> - comment functions added to the header
> - g_free(name)
> - renamed smmu_find_as_from_bus_num into smmu_find_smmu_pcibus
> - add a comment about lazy init in smmu_find_smmu_pcibus
> - add a trace event when creating the smmu iommu mr
>
> v8 -> v9:
> - fix key value for lookup
>
> v7 -> v8:
> - introduce SMMU_MAX_VA_BITS
> - use PCI bus handle as a key
> - do not clear s->smmu_as_by_bus_num
> - use g_new0 instead of g_malloc0
> - use primary_bus field
> ---
> hw/arm/smmu-common.c | 69 ++++++++++++++++++++++++++++++++++++++++++++
> hw/arm/trace-events | 3 ++
> include/hw/arm/smmu-common.h | 8 +++++
> 3 files changed, 80 insertions(+)
>
> diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
> index e086ff5..9a966bb 100644
> --- a/hw/arm/smmu-common.c
> +++ b/hw/arm/smmu-common.c
> @@ -28,8 +28,69 @@
> #include "qemu/error-report.h"
> #include "hw/arm/smmu-common.h"
>
> +/**
> + * The bus number is used for lookup when SID based invalidatation occurs.
"invalidation"
> + * In that case we lazily populate the SMMUPciBus array from the bus hash
> + * table. At the time the SMMUPciBus is created (smmu_find_add_as), the bus
> + * numbers may not be always initialized yet.
> + */
> +/* Return the stream ID of an SMMU device */
> +static inline uint16_t smmu_get_sid(SMMUDevice *sdev)
> +{
> + return ((pci_bus_num(sdev->bus) & 0xff) << 8) | sdev->devfn;
I think this is PCI_BUILD_BDF(pci_bus_num(sdev->bus), sdev->devfn)
and I suspect the mask with 0xff is unneeded (compare pci_get_bdf()
and amdvi_do_translate(), which just assume the bus number is sane).
Otherwise
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [Qemu-devel] [PATCH v11 03/17] hw/arm/smmu-common: VMSAv8-64 page table walk
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 03/17] hw/arm/smmu-common: VMSAv8-64 page table walk Eric Auger
@ 2018-04-16 12:59 ` Peter Maydell
2018-04-23 12:10 ` Auger Eric
0 siblings, 1 reply; 37+ messages in thread
From: Peter Maydell @ 2018-04-16 12:59 UTC (permalink / raw)
To: Eric Auger
Cc: Eric Auger, QEMU Developers, qemu-arm, Prem Mallappa,
Alex Williamson, Tomasz Nowicki, Michael S. Tsirkin,
Christoffer Dall, Bharat Bhushan, Jean-Philippe Brucker,
linuc.decode, Peter Xu, Jintack Lim
On 12 April 2018 at 08:37, Eric Auger <eric.auger@redhat.com> wrote:
> This patch implements the page table walk for VMSAv8-64.
>
> Signed-off-by: Eric Auger <eric.auger@redhat.com>
> Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
> diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
> index 9a966bb..6a58948 100644
> --- a/hw/arm/smmu-common.c
> +++ b/hw/arm/smmu-common.c
> @@ -27,6 +27,215 @@
>
> #include "qemu/error-report.h"
> #include "hw/arm/smmu-common.h"
> +#include "smmu-internal.h"
> +
> +/* VMSAv8-64 Translation */
> +
> +/**
> + * get_pte - Get the content of a page table entry located t
> + * @base_addr[@index]
> + */
Comment appears to be truncated ?
> +static int get_pte(dma_addr_t baseaddr, uint32_t index, uint64_t *pte,
> + SMMUPTWEventInfo *info)
> +{
> + int ret;
> + dma_addr_t addr = baseaddr + index * sizeof(*pte);
> +
> + /* TODO: guarantee 64-bit single-copy atomicity */
> + ret = dma_memory_read(&address_space_memory, addr,
> + (uint8_t *)pte, sizeof(*pte));
> +
> + if (ret != MEMTX_OK) {
> + info->type = SMMU_PTW_ERR_WALK_EABT;
> + info->addr = addr;
> + return -EINVAL;
> + }
> + trace_smmu_get_pte(baseaddr, index, addr, *pte);
> + return 0;
> +}
> +
> +/**
> + * smmu_ptw - Walk the page tables for an IOVA, according to @cfg
> + *
> + * @cfg: translation configuration
> + * @iova: iova to translate
> + * @perm: tentative access type
> + * @tlbe: returned entry
> + * @info: ptw event handle
> + *
> + * return 0 on success
> + */
> +inline int smmu_ptw(SMMUTransCfg *cfg, dma_addr_t iova, IOMMUAccessFlags perm,
> + IOMMUTLBEntry *tlbe, SMMUPTWEventInfo *info)
> +{
> + if (!cfg->aa64) {
> + /*
> + * This code path is not entered as we check this while decoding
> + * the configuration data in the derived SMMU model.
> + */
> + assert(0);
Prefer either g_assert_not_reached() or just assert(cfg->aa64).
> + }
> +
> + return smmu_ptw_64(cfg, iova, perm, tlbe, info);
> +}
>
> +
> +/*
> + * TODO: At the moment all transactions are considered as priviledged (EL1)
"privileged"
> + * as IOMMU translation callback does not pass user/priv attributes.
> + */
> +#define is_permission_fault(ap, perm) \
> + (((perm) & IOMMU_WO) && ((ap) & 0x2))
> +
> +#define PTE_AP_TO_PERM(ap) \
> + (IOMMU_ACCESS_FLAG(true, !((ap) & 0x2)))
> +
> +/* Level Indexing */
> +
> +static inline int level_shift(int level, int granule_sz)
> +{
> + return granule_sz + (3 - level) * (granule_sz - 3);
> +}
> +
> +static inline uint64_t level_page_mask(int level, int granule_sz)
> +{
> + return ~(MAKE_64BIT_MASK(0, level_shift(level, granule_sz)));
> +}
> +
> +/**
> + * TODO: handle the case where the level resolves less than
> + * granule_sz -3 IA bits.
> + */
> +static inline
> +uint64_t iova_level_offset(uint64_t iova, int level, int granule_sz)
> +{
> + return (iova >> level_shift(level, granule_sz)) &
> + MAKE_64BIT_MASK(0, granule_sz - 3);
> +}
> +
> +#endif
When does the TODO case happen, and what goes wrong?
> --- a/include/hw/arm/smmu-common.h
> +++ b/include/hw/arm/smmu-common.h
> @@ -129,4 +129,18 @@ static inline uint16_t smmu_get_sid(SMMUDevice *sdev)
> {
> return ((pci_bus_num(sdev->bus) & 0xff) << 8) | sdev->devfn;
> }
> +
> +/**
> + * smmu_ptw - Perform the page table walk for a given iova / access flags
> + * pair, according to @cfg translation config
> + */
> +int smmu_ptw(SMMUTransCfg *cfg, dma_addr_t iova, IOMMUAccessFlags perm,
> + IOMMUTLBEntry *tlbe, SMMUPTWEventInfo *info);
> +
> +/**
> + * select_tt - compute which translation table shall be used according
"according to"
> + * the input iova and tranlsation config and return the TT specific info
"translation"
> + */
> +SMMUTransTableInfo *select_tt(SMMUTransCfg *cfg, dma_addr_t iova);
> +
> #endif /* HW_ARM_SMMU_COMMON */
Otherwise
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [Qemu-devel] [PATCH v11 04/17] hw/arm/smmuv3: Skeleton
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 04/17] hw/arm/smmuv3: Skeleton Eric Auger
@ 2018-04-16 13:08 ` Peter Maydell
2018-04-23 12:48 ` Auger Eric
0 siblings, 1 reply; 37+ messages in thread
From: Peter Maydell @ 2018-04-16 13:08 UTC (permalink / raw)
To: Eric Auger
Cc: Eric Auger, QEMU Developers, qemu-arm, Prem Mallappa,
Alex Williamson, Tomasz Nowicki, Michael S. Tsirkin,
Christoffer Dall, Bharat Bhushan, Jean-Philippe Brucker,
linuc.decode, Peter Xu, Jintack Lim
On 12 April 2018 at 08:37, Eric Auger <eric.auger@redhat.com> wrote:
> From: Prem Mallappa <prem.mallappa@broadcom.com>
>
> This patch implements a skeleton for the smmuv3 device.
> Datatypes and register definitions are introduced. The MMIO
> region, the interrupts and the queue are initialized.
>
> Only the MMIO read operation is implemented here.
>
> Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
> Signed-off-by: Eric Auger <eric.auger@redhat.com>
>
> ---
> v10 -> v11:
> - remove irq_ctrl_ack and return irq_ctrl on A_IRQ_CTRL_ACK
> read
>
> v9 -> v10:
> - s/hwaddr/uint64_t in trace-events
> - add comments
> - s->mrtypename = TYPE_SMMUV3_IOMMU_MEMORY_REGION
> - removed iidr and idr from VMState
> - use VMSTATE_STRUCT for the queues
> - use qemu_log_mask(LOG_UNIMP,*) for unimplemented regs
> - added SMMU_CMDQS, SMMU_EVENTQS
> - use ops with attributes
> - split readl/readll
> - put id_regs in an array
> - removed smmu_read64
> - removed SMMU_FEATURE_2LVL_STE and NB_REGS
> - RAZ when read access at unexpected address
>
> v8 -> v9:
> - add #include "qemu/log.h"
> - add parent_reset
>
> v7 -> v8:
> - remove __smmu_data structs
> - revisit struct SMMUQueue
> - do not advertise stage 2 support anymore
> - use the register definition API and get rid of REG array
> - get read of queue structs
>
> v6 -> v7:
> - split into several patches
>
> v5 -> v6:
> - Use IOMMUMemoryregion
> - regs become uint32_t and fix 64b MMIO access (.impl)
> - trace_smmuv3_write/read_mmio take the size param
>
> v4 -> v5:
> - change smmuv3_translate proto (IOMMUAccessFlags flag)
> - has_stagex replaced by is_ste_stagex
> - smmu_cfg_populate removed
> - added smmuv3_decode_config and reworked error management
> - remwork the naming of IOMMU mrs
> - fix SMMU_CMDQ_CONS offset
>
> v3 -> v4
> - smmu_irq_update
> - fix hash key allocation
> - set smmu_iommu_ops
> - set SMMU_REG_CR0,
> - smmuv3_translate: ret.perm not set in bypass mode
> - use trace events
> - renamed STM2U64 into L1STD_L2PTR and STMSPAN into L1STD_SPAN
> - rework smmu_find_ste
> - fix tg2granule in TT0/0b10 corresponds to 16kB
>
> v2 -> v3:
> - move creation of include/hw/arm/smmuv3.h to this patch to fix compil issue
> - compilation allowed
> - fix sbus allocation in smmu_init_pci_iommu
> - restructure code into headers
> - misc cleanups
>
> Conflicts:
> hw/arm/Makefile.objs
> ---
> hw/arm/Makefile.objs | 2 +-
> hw/arm/smmuv3-internal.h | 167 ++++++++++++++++++++++
> hw/arm/smmuv3.c | 365 +++++++++++++++++++++++++++++++++++++++++++++++
> hw/arm/trace-events | 3 +
> include/hw/arm/smmuv3.h | 87 +++++++++++
> 5 files changed, 623 insertions(+), 1 deletion(-)
> create mode 100644 hw/arm/smmuv3-internal.h
> create mode 100644 hw/arm/smmuv3.c
> create mode 100644 include/hw/arm/smmuv3.h
>
> diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
> index 558436f..d51fcec 100644
> --- a/hw/arm/Makefile.objs
> +++ b/hw/arm/Makefile.objs
> @@ -35,4 +35,4 @@ obj-$(CONFIG_MPS2) += mps2-tz.o
> obj-$(CONFIG_MSF2) += msf2-soc.o msf2-som.o
> obj-$(CONFIG_IOTKIT) += iotkit.o
> obj-$(CONFIG_FSL_IMX7) += fsl-imx7.o mcimx7d-sabre.o
> -obj-$(CONFIG_ARM_SMMUV3) += smmu-common.o
> +obj-$(CONFIG_ARM_SMMUV3) += smmu-common.o smmuv3.o
> diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
> new file mode 100644
> index 0000000..a6461fe
> --- /dev/null
> +++ b/hw/arm/smmuv3-internal.h
> @@ -0,0 +1,167 @@
> +/*
> + * ARM SMMUv3 support - Internal API
> + *
> + * Copyright (C) 2014-2016 Broadcom Corporation
> + * Copyright (c) 2017 Red Hat, Inc.
> + * Written by Prem Mallappa, Eric Auger
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2 as
> + * published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License along
> + * with this program; if not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#ifndef HW_ARM_SMMU_V3_INTERNAL_H
> +#define HW_ARM_SMMU_V3_INTERNAL_H
> +
> +#include "qemu/log.h"
> +#include "trace.h"
> +#include "qemu/error-report.h"
I don't think you use these headers in this .h file -- they should
probably be included from the .c file(s) instead.
> +#include "hw/arm/smmu-common.h"
> +
> +/* MMIO Registers */
> +
> +REG32(IDR0, 0x0)
> + FIELD(IDR0, S1P, 1 , 1)
> + FIELD(IDR0, TTF, 2 , 2)
> + FIELD(IDR0, COHACC, 4 , 1)
> + FIELD(IDR0, ASID16, 12, 1)
> + FIELD(IDR0, TTENDIAN, 21, 2)
> + FIELD(IDR0, STALL_MODEL, 24, 2)
> + FIELD(IDR0, TERM_MODEL, 26, 1)
> + FIELD(IDR0, STLEVEL, 27, 2)
> +
> +REG32(IDR1, 0x4)
> + FIELD(IDR1, SIDSIZE, 0 , 6)
> + FIELD(IDR1, EVENTQS, 16, 5)
> + FIELD(IDR1, CMDQS, 21, 5)
> +
> +#define SMMU_IDR1_SIDSIZE 16
> +#define SMMU_CMDQS 19
> +#define SMMU_EVENTQS 19
> +
> +REG32(IDR2, 0x8)
> +REG32(IDR3, 0xc)
> +REG32(IDR4, 0x10)
> +REG32(IDR5, 0x14)
> + FIELD(IDR5, OAS, 0, 3);
> + FIELD(IDR5, GRAN4K, 4, 1);
> + FIELD(IDR5, GRAN16K, 5, 1);
> + FIELD(IDR5, GRAN64K, 6, 1);
> +
> +#define SMMU_IDR5_OAS 4
> +
> +REG32(IIDR, 0x1c)
> +REG32(CR0, 0x20)
> + FIELD(CR0, SMMU_ENABLE, 0, 1)
> + FIELD(CR0, EVENTQEN, 2, 1)
> + FIELD(CR0, CMDQEN, 3, 1)
> +
> +REG32(CR0ACK, 0x24)
> +REG32(CR1, 0x28)
> +REG32(CR2, 0x2c)
> +REG32(STATUSR, 0x40)
> +REG32(IRQ_CTRL, 0x50)
> + FIELD(IRQ_CTRL, GERROR_IRQEN, 0, 1)
> + FIELD(IRQ_CTRL, PRI_IRQEN, 1, 1)
> + FIELD(IRQ_CTRL, EVENTQ_IRQEN, 2, 1)
> +
> +REG32(IRQ_CTRL_ACK, 0x54)
> +REG32(GERROR, 0x60)
> + FIELD(GERROR, CMDQ_ERR, 0, 1)
> + FIELD(GERROR, EVENTQ_ABT_ERR, 2, 1)
> + FIELD(GERROR, PRIQ_ABT_ERR, 3, 1)
> + FIELD(GERROR, MSI_CMDQ_ABT_ERR, 4, 1)
> + FIELD(GERROR, MSI_EVENTQ_ABT_ERR, 5, 1)
> + FIELD(GERROR, MSI_PRIQ_ABT_ERR, 6, 1)
> + FIELD(GERROR, MSI_GERROR_ABT_ERR, 7, 1)
> + FIELD(GERROR, MSI_SFM_ERR, 8, 1)
> +
> +REG32(GERRORN, 0x64)
> +
> +#define A_GERROR_IRQ_CFG0 0x68 /* 64b */
> +REG32(GERROR_IRQ_CFG1, 0x70)
> +REG32(GERROR_IRQ_CFG2, 0x74)
> +
> +#define A_STRTAB_BASE 0x80 /* 64b */
Why do this constant and A_GERROR_IRQ_CFG0 have different values
but the same cryptic comment ?
> +static inline uint64_t smmu_read64(uint64_t r, unsigned offset,
> + unsigned size)
Looks like this function is unused now ?
> + /*
> + * Return the value of the Primecell/Corelink ID registers at the
> + * specified offset from the first ID register.
> + * These value indicate an ARM implementation of MMU600 p1
> + */
> + static const uint8_t smmuv3_ids[] = {
> + 0x4, 0, 0, 0, 0x84, 0xB4, 0xF0, 0x10, 0x0D, 0xF0, 0x05, 0xB1
Can you be consistent about whether you put the leading 0 in
for hex values less than 0x10 (0x4 vs 0x0D) ?
Otherwise
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [Qemu-devel] [PATCH v11 05/17] hw/arm/smmuv3: Wired IRQ and GERROR helpers
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 05/17] hw/arm/smmuv3: Wired IRQ and GERROR helpers Eric Auger
@ 2018-04-16 13:10 ` Peter Maydell
0 siblings, 0 replies; 37+ messages in thread
From: Peter Maydell @ 2018-04-16 13:10 UTC (permalink / raw)
To: Eric Auger
Cc: Eric Auger, QEMU Developers, qemu-arm, Prem Mallappa,
Alex Williamson, Tomasz Nowicki, Michael S. Tsirkin,
Christoffer Dall, Bharat Bhushan, Jean-Philippe Brucker,
linuc.decode, Peter Xu, Jintack Lim
On 12 April 2018 at 08:37, Eric Auger <eric.auger@redhat.com> wrote:
> We introduce some helpers to handle wired IRQs and especially
> GERROR interrupt. SMMU writes GERROR register on GERROR event
> and SW acks GERROR interrupts by setting GERRORn.
>
> The Wired interrupts are edge sensitive hence the pulse usage.
>
> Signed-off-by: Eric Auger <eric.auger@redhat.com>
> Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
>
> ---
> v9 - v10:
> - s/hwaddr/uint64_t in trace-events
> - use qemu_log_mask LOG_UNIMP on PRI IRQ
> - add a comment saying smmuv3_trigger_irq and smmuv3_write_gerrorn
> will become static later on
> - write gerrorn without filtering (ie. even if the guest toggles non
> active IRQs)
> - pulse if at least one new IRQ type
> - smmuv3_eventq_irq_enabled and smmuv3_gerror_irq_enabled become
> static inline
>
> v7 -> v8:
> - remove SMMU_PENDING_GERRORS macro
> - properly toggle gerror
> - properly sanitize gerrorn write
> ---
> hw/arm/smmuv3-internal.h | 36 +++++++++++----------------
> hw/arm/smmuv3.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++
> hw/arm/trace-events | 3 +++
> 3 files changed, 81 insertions(+), 22 deletions(-)
>
> diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
> index a6461fe..32f81d4 100644
> --- a/hw/arm/smmuv3-internal.h
> +++ b/hw/arm/smmuv3-internal.h
> @@ -129,28 +129,6 @@ typedef struct Evt {
> uint32_t word[8];
> } Evt;
>
> -/**
> - * smmu_read64 - 64-bit register read utility function supporting
> - * aligned 32-bit word access to both 32-bit halves and aligned 64-bit
> - * access.
> - *
> - * @r: register address
> - * @offset: byte offset if 32-bit access
> - * @size: read byte size
> - */
> -static inline uint64_t smmu_read64(uint64_t r, unsigned offset,
> - unsigned size)
> -{
> - if (size == 8) {
> - return r;
> - }
> -
> - /* 32 bit access */
> - assert(!offset || offset == 4);
> -
> - return extract64(r, offset << 3, 32);
> -}
> -
Ah, this change should be squashed into the previous patch,
which addresses one of my review comments there.
Otherwise
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [Qemu-devel] [PATCH v11 06/17] hw/arm/smmuv3: Queue helpers
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 06/17] hw/arm/smmuv3: Queue helpers Eric Auger
@ 2018-04-16 16:41 ` Peter Maydell
0 siblings, 0 replies; 37+ messages in thread
From: Peter Maydell @ 2018-04-16 16:41 UTC (permalink / raw)
To: Eric Auger
Cc: Eric Auger, QEMU Developers, qemu-arm, Prem Mallappa,
Alex Williamson, Tomasz Nowicki, Michael S. Tsirkin,
Christoffer Dall, Bharat Bhushan, Jean-Philippe Brucker,
linuc.decode, Peter Xu, Jintack Lim
On 12 April 2018 at 08:37, Eric Auger <eric.auger@redhat.com> wrote:
> We introduce helpers to read/write into the command and event
> circular queues.
>
> smmuv3_write_eventq and smmuv3_cmq_consume will become static
> in subsequent patches.
>
> Invalidation commands are not yet dealt with. We do not cache
> data that need to be invalidated. This will change with vhost
> integration.
>
> Signed-off-by: Eric Auger <eric.auger@redhat.com>
> Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
>
> ---
> v9 -> v10:
> - simplified macros
> - s/BASE/Q_BASE
> - use log2size field
> - static inline functions replacing some macros
> - simplified queue_prod_incr/queue_cons_incr and use deposit32
> - trace for cmdq_consume failure
>
> v8 -> v9:
> - fix CMD_SSID & CMD_ADDR + some renamings
> - do cons increment after the execution of the command
> - add Q_INCONSISTENT()
>
> v7 -> v8
> - use address_space_rw
> - helpers inspired from spec
> ---
> hw/arm/smmuv3-internal.h | 154 +++++++++++++++++++++++++++++++++++++++++++++++
> hw/arm/smmuv3.c | 136 +++++++++++++++++++++++++++++++++++++++++
> hw/arm/trace-events | 5 ++
> 3 files changed, 295 insertions(+)
>
> diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
> index 32f81d4..968fa25 100644
> --- a/hw/arm/smmuv3-internal.h
> +++ b/hw/arm/smmuv3-internal.h
> @@ -156,4 +156,158 @@ static inline bool smmuv3_gerror_irq_enabled(SMMUv3State *s)
> void smmuv3_trigger_irq(SMMUv3State *s, SMMUIrq irq, uint32_t gerror_mask);
> void smmuv3_write_gerrorn(SMMUv3State *s, uint32_t gerrorn);
>
> +/* Queue Handling */
> +
> +#define Q_BASE(q) ((q)->base & SMMU_BASE_ADDR_MASK)
> +#define WRAP_MASK(q) (1 << (q)->log2size)
> +#define INDEX_MASK(q) (((1 << (q)->log2size)) - 1)
> +#define WRAP_INDEX_MASK(q) ((1 << ((q)->log2size + 1)) - 1)
> +
> +#define Q_CONS(q) ((q)->cons & INDEX_MASK(q))
> +#define Q_PROD(q) ((q)->prod & INDEX_MASK(q))
> +
> +#define Q_CONS_ENTRY(q) (Q_BASE(q) + (q)->entry_size * Q_CONS(q))
> +#define Q_PROD_ENTRY(q) (Q_BASE(q) + (q)->entry_size * Q_PROD(q))
> +
> +#define Q_CONS_WRAP(q) (((q)->cons & WRAP_MASK(q)) >> (q)->log2size)
> +#define Q_PROD_WRAP(q) (((q)->prod & WRAP_MASK(q)) >> (q)->log2size)
> +
> +static inline bool smmuv3_q_full(SMMUQueue *q)
> +{
> + return ((q->cons ^ q->prod) & WRAP_INDEX_MASK(q)) == WRAP_MASK(q);
> +}
> +
> +static inline bool smmuv3_q_empty(SMMUQueue *q)
> +{
> + return (q->cons & WRAP_INDEX_MASK(q)) == (q->prod & WRAP_INDEX_MASK(q));
> +}
> +
> +static inline void queue_prod_incr(SMMUQueue *q)
> +{
> + q->prod = (q->prod + 1) & WRAP_INDEX_MASK(q);
> +}
> +
> +static inline void queue_cons_incr(SMMUQueue *q)
> +{
> + q->cons = deposit32(q->cons, 0, q->log2size + 1, q->cons + 1);
> +}
I was expecting these two functions to be implemented in
the same way. Worth a comment
/* We have to use deposit for the CONS registers to preserve
* the ERR field in the high bits.
*/
or if you prefer, instead a comment in queue_prod_incr saying
/* We don't need to use deposit here because there are no
* fields above WRAP in a PROD register
*/
(you don't need both comments).
> +
> +static inline bool smmuv3_cmdq_enabled(SMMUv3State *s)
> +{
> + return FIELD_EX32(s->cr[0], CR0, CMDQEN);
> +}
> +
> +static inline bool smmuv3_eventq_enabled(SMMUv3State *s)
> +{
> + return FIELD_EX32(s->cr[0], CR0, EVENTQEN);
> +}
> +
> +static inline void smmu_write_cmdq_err(SMMUv3State *s, uint32_t err_type)
> +{
> + s->cmdq.cons = FIELD_DP32(s->cmdq.cons, CMDQ_CONS, ERR, err_type);
> +}
> +
> +void smmuv3_write_eventq(SMMUv3State *s, Evt *evt);
> +
> +/* Commands */
> +
> +typedef enum SMMUCommandType {
> + SMMU_CMD_PREFETCH_CONFIG = 0x01,
> + SMMU_CMD_PREFETCH_ADDR,
> + SMMU_CMD_CFGI_STE,
> + SMMU_CMD_CFGI_STE_RANGE,
> + SMMU_CMD_CFGI_CD,
> + SMMU_CMD_CFGI_CD_ALL,
> + SMMU_CMD_CFGI_ALL,
> + SMMU_CMD_TLBI_NH_ALL = 0x10,
> + SMMU_CMD_TLBI_NH_ASID,
> + SMMU_CMD_TLBI_NH_VA,
> + SMMU_CMD_TLBI_NH_VAA,
> + SMMU_CMD_TLBI_EL3_ALL = 0x18,
> + SMMU_CMD_TLBI_EL3_VA = 0x1a,
> + SMMU_CMD_TLBI_EL2_ALL = 0x20,
> + SMMU_CMD_TLBI_EL2_ASID,
> + SMMU_CMD_TLBI_EL2_VA,
> + SMMU_CMD_TLBI_EL2_VAA, /* 0x23 */
> + SMMU_CMD_TLBI_S12_VMALL = 0x28,
> + SMMU_CMD_TLBI_S2_IPA = 0x2a,
> + SMMU_CMD_TLBI_NSNH_ALL = 0x30,
> + SMMU_CMD_ATC_INV = 0x40,
> + SMMU_CMD_PRI_RESP,
> + SMMU_CMD_RESUME = 0x44,
> + SMMU_CMD_STALL_TERM,
> + SMMU_CMD_SYNC, /* 0x46 */
I don't think the comments are very useful here (and they're
not consistent -- you don't bother to mark 0x13 or 0x07).
> +} SMMUCommandType;
> +
> +static const char *cmd_stringify[] = {
> + [SMMU_CMD_PREFETCH_CONFIG] = "SMMU_CMD_PREFETCH_CONFIG",
> + [SMMU_CMD_PREFETCH_ADDR] = "SMMU_CMD_PREFETCH_ADDR",
> + [SMMU_CMD_CFGI_STE] = "SMMU_CMD_CFGI_STE",
> + [SMMU_CMD_CFGI_STE_RANGE] = "SMMU_CMD_CFGI_STE_RANGE",
> + [SMMU_CMD_CFGI_CD] = "SMMU_CMD_CFGI_CD",
> + [SMMU_CMD_CFGI_CD_ALL] = "SMMU_CMD_CFGI_CD_ALL",
> + [SMMU_CMD_CFGI_ALL] = "SMMU_CMD_CFGI_ALL",
> + [SMMU_CMD_TLBI_NH_ALL] = "SMMU_CMD_TLBI_NH_ALL",
> + [SMMU_CMD_TLBI_NH_ASID] = "SMMU_CMD_TLBI_NH_ASID",
> + [SMMU_CMD_TLBI_NH_VA] = "SMMU_CMD_TLBI_NH_VA",
> + [SMMU_CMD_TLBI_NH_VAA] = "SMMU_CMD_TLBI_NH_VAA",
> + [SMMU_CMD_TLBI_EL3_ALL] = "SMMU_CMD_TLBI_EL3_ALL",
> + [SMMU_CMD_TLBI_EL3_VA] = "SMMU_CMD_TLBI_EL3_VA",
> + [SMMU_CMD_TLBI_EL2_ALL] = "SMMU_CMD_TLBI_EL2_ALL",
> + [SMMU_CMD_TLBI_EL2_ASID] = "SMMU_CMD_TLBI_EL2_ASID",
> + [SMMU_CMD_TLBI_EL2_VA] = "SMMU_CMD_TLBI_EL2_VA",
> + [SMMU_CMD_TLBI_EL2_VAA] = "SMMU_CMD_TLBI_EL2_VAA",
> + [SMMU_CMD_TLBI_S12_VMALL] = "SMMU_CMD_TLBI_S12_VMALL",
> + [SMMU_CMD_TLBI_S2_IPA] = "SMMU_CMD_TLBI_S2_IPA",
> + [SMMU_CMD_TLBI_NSNH_ALL] = "SMMU_CMD_TLBI_NSNH_ALL",
> + [SMMU_CMD_ATC_INV] = "SMMU_CMD_ATC_INV",
> + [SMMU_CMD_PRI_RESP] = "SMMU_CMD_PRI_RESP",
> + [SMMU_CMD_RESUME] = "SMMU_CMD_RESUME",
> + [SMMU_CMD_STALL_TERM] = "SMMU_CMD_STALL_TERM",
> + [SMMU_CMD_SYNC] = "SMMU_CMD_SYNC",
> +};
> +
> +static inline const char *smmu_cmd_string(SMMUCommandType type)
> +{
> + return cmd_stringify[type] ? cmd_stringify[type] : "UNKNOWN";
> +}
It looks like you use this function on unsanitized type field
values direct from the guest structure, so you need to handle
the possibility that the 'type' argument is larger than
ARRAY_SIZE(cmd_stringify). (And also the possibility that it's
negative, if you want to be robust about it; that's a little
trickier since an enum might be signed or unsigned and if
unsigned the compiler may warn about comparisons that are
always false. I forget the best approach here.)
Otherwise
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [Qemu-devel] [PATCH v11 07/17] hw/arm/smmuv3: Implement MMIO write operations
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 07/17] hw/arm/smmuv3: Implement MMIO write operations Eric Auger
@ 2018-04-16 16:46 ` Peter Maydell
0 siblings, 0 replies; 37+ messages in thread
From: Peter Maydell @ 2018-04-16 16:46 UTC (permalink / raw)
To: Eric Auger
Cc: Eric Auger, QEMU Developers, qemu-arm, Prem Mallappa,
Alex Williamson, Tomasz Nowicki, Michael S. Tsirkin,
Christoffer Dall, Bharat Bhushan, Jean-Philippe Brucker,
linuc.decode, Peter Xu, Jintack Lim
On 12 April 2018 at 08:37, Eric Auger <eric.auger@redhat.com> wrote:
> Now we have relevant helpers for queue and irq
> management, let's implement MMIO write operations.
>
> Signed-off-by: Eric Auger <eric.auger@redhat.com>
> Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
> -int smmuv3_cmdq_consume(SMMUv3State *s)
> +static int smmuv3_cmdq_consume(SMMUv3State *s)
> {
> SMMUCmdError cmd_error = SMMU_CERROR_NONE;
> SMMUQueue *q = &s->cmdq;
> @@ -269,11 +270,170 @@ int smmuv3_cmdq_consume(SMMUv3State *s)
> return 0;
> }
>
> -static MemTxResult smmu_write_mmio(void *opaque, hwaddr offset, uint64_t data,
You changed the name of the argument here from 'value' to 'data', which
is why the diff has come out looking a bit awkward like this.
Better to be consistent with the name from the start.
> +static MemTxResult smmu_writell(SMMUv3State *s, hwaddr offset,
> + uint64_t value, MemTxAttrs attrs)
Otherwise
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [Qemu-devel] [PATCH v11 08/17] hw/arm/smmuv3: Event queue recording helper
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 08/17] hw/arm/smmuv3: Event queue recording helper Eric Auger
@ 2018-04-16 16:51 ` Peter Maydell
2018-04-23 20:17 ` Auger Eric
0 siblings, 1 reply; 37+ messages in thread
From: Peter Maydell @ 2018-04-16 16:51 UTC (permalink / raw)
To: Eric Auger
Cc: Eric Auger, QEMU Developers, qemu-arm, Prem Mallappa,
Alex Williamson, Tomasz Nowicki, Michael S. Tsirkin,
Christoffer Dall, Bharat Bhushan, Jean-Philippe Brucker,
linuc.decode, Peter Xu, Jintack Lim
On 12 April 2018 at 08:37, Eric Auger <eric.auger@redhat.com> wrote:
> Let's introduce a helper function aiming at recording an
> event in the event queue.
>
> Signed-off-by: Eric Auger <eric.auger@redhat.com>
>
> ---
> v9 -> v10:
> - rework SMMU_EVENT_STRING
> - trigger a GERROR EVENTQ_ABT_ERR in case of eventq write failure
>
> v8 -> v9:
> - add SMMU_EVENT_STRING
>
> v7 -> v8:
> - use dma_addr_t instead of hwaddr in smmuv3_record_event()
> - introduce struct SMMUEventInfo
> - add event_stringify + helpers for all fields
> ---
> hw/arm/smmuv3-internal.h | 142 ++++++++++++++++++++++++++++++++++++++++++++++-
> hw/arm/smmuv3.c | 108 +++++++++++++++++++++++++++++++++--
> hw/arm/trace-events | 1 +
> 3 files changed, 243 insertions(+), 8 deletions(-)
>
> diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
> index 8550be0..8e546bf 100644
> --- a/hw/arm/smmuv3-internal.h
> +++ b/hw/arm/smmuv3-internal.h
> @@ -205,8 +205,6 @@ static inline void smmu_write_cmdq_err(SMMUv3State *s, uint32_t err_type)
> s->cmdq.cons = FIELD_DP32(s->cmdq.cons, CMDQ_CONS, ERR, err_type);
> }
>
> -void smmuv3_write_eventq(SMMUv3State *s, Evt *evt);
> -
> /* Commands */
>
> typedef enum SMMUCommandType {
> @@ -308,4 +306,144 @@ enum { /* Command completion notification */
>
> #define SMMU_FEATURE_2LVL_STE (1 << 0)
>
> +/* Events */
> +
> +typedef enum SMMUEventType {
> + SMMU_EVT_OK = 0x00,
> + SMMU_EVT_F_UUT = 0x01,
> + SMMU_EVT_C_BAD_STREAMID = 0x02,
> + SMMU_EVT_F_STE_FETCH = 0x03,
> + SMMU_EVT_C_BAD_STE = 0x04,
> + SMMU_EVT_F_BAD_ATS_TREQ = 0x05,
> + SMMU_EVT_F_STREAM_DISABLED = 0x06,
> + SMMU_EVT_F_TRANS_FORBIDDEN = 0x07,
> + SMMU_EVT_C_BAD_SUBSTREAMID = 0x08,
> + SMMU_EVT_F_CD_FETCH = 0x09,
> + SMMU_EVT_C_BAD_CD = 0x0a,
> + SMMU_EVT_F_WALK_EABT = 0x0b,
Most of the other enums you let the auto-increment deal
with long runs of consecutive integers like this. I don't
much care which but being consistent is generally nicer.
> + SMMU_EVT_F_TRANSLATION = 0x10,
> + SMMU_EVT_F_ADDR_SIZE = 0x11,
> + SMMU_EVT_F_ACCESS = 0x12,
> + SMMU_EVT_F_PERMISSION = 0x13,
> + SMMU_EVT_F_TLB_CONFLICT = 0x20,
> + SMMU_EVT_F_CFG_CONFLICT = 0x21,
> + SMMU_EVT_E_PAGE_REQ = 0x24,
> +} SMMUEventType;
> +
> +static const char *event_stringify[] = {
> + [SMMU_EVT_OK] = "SMMU_EVT_OK",
> + [SMMU_EVT_F_UUT] = "SMMU_EVT_F_UUT",
> + [SMMU_EVT_C_BAD_STREAMID] = "SMMU_EVT_C_BAD_STREAMID",
> + [SMMU_EVT_F_STE_FETCH] = "SMMU_EVT_F_STE_FETCH",
> + [SMMU_EVT_C_BAD_STE] = "SMMU_EVT_C_BAD_STE",
> + [SMMU_EVT_F_BAD_ATS_TREQ] = "SMMU_EVT_F_BAD_ATS_TREQ",
> + [SMMU_EVT_F_STREAM_DISABLED] = "SMMU_EVT_F_STREAM_DISABLED",
> + [SMMU_EVT_F_TRANS_FORBIDDEN] = "SMMU_EVT_F_TRANS_FORBIDDEN",
> + [SMMU_EVT_C_BAD_SUBSTREAMID] = "SMMU_EVT_C_BAD_SUBSTREAMID",
> + [SMMU_EVT_F_CD_FETCH] = "SMMU_EVT_F_CD_FETCH",
> + [SMMU_EVT_C_BAD_CD] = "SMMU_EVT_C_BAD_CD",
> + [SMMU_EVT_F_WALK_EABT] = "SMMU_EVT_F_WALK_EABT",
> + [SMMU_EVT_F_TRANSLATION] = "SMMU_EVT_F_TRANSLATION",
> + [SMMU_EVT_F_ADDR_SIZE] = "SMMU_EVT_F_ADDR_SIZE",
> + [SMMU_EVT_F_ACCESS] = "SMMU_EVT_F_ACCESS",
> + [SMMU_EVT_F_PERMISSION] = "SMMU_EVT_F_PERMISSION",
> + [SMMU_EVT_F_TLB_CONFLICT] = "SMMU_EVT_F_TLB_CONFLICT",
> + [SMMU_EVT_F_CFG_CONFLICT] = "SMMU_EVT_F_CFG_CONFLICT",
> + [SMMU_EVT_E_PAGE_REQ] = "SMMU_EVT_E_PAGE_REQ",
> +};
> +
> +static inline const char *smmu_event_string(SMMUEventType type)
> +{
> + return event_stringify[type] ? event_stringify[type] : "UNKNOWN";
Same remarks about being defensive about out of range values
apply here, I expect.
> +}
> +
> +/* Encode an event record */
> +typedef struct SMMUEventInfo {
> + SMMUEventType type;
> + uint32_t sid;
> + bool recorded;
> + bool record_trans_faults;
> + union {
> + struct {
> + uint32_t ssid;
> + bool ssv;
> + dma_addr_t addr;
> + bool rnw;
> + bool pnu;
> + bool ind;
> + } f_uut;
> + struct ssid_info {
> + uint32_t ssid;
> + bool ssv;
> + } c_bad_streamid;
If we were being really picky about coding style these
embedded struct names like ssid_info ought to be camelcase.
> + struct ssid_addr_info {
> + uint32_t ssid;
> + bool ssv;
> + dma_addr_t addr;
> + } f_ste_fetch;
> + struct ssid_info c_bad_ste;
> + struct {
> + dma_addr_t addr;
> + bool rnw;
> + } f_transl_forbidden;
> + struct {
> + uint32_t ssid;
> + } c_bad_substream;
> + struct ssid_addr_info f_cd_fetch;
> + struct ssid_info c_bad_cd;
> + struct full_info {
> + bool stall;
> + uint16_t stag;
> + uint32_t ssid;
> + bool ssv;
> + bool s2;
> + dma_addr_t addr;
> + bool rnw;
> + bool pnu;
> + bool ind;
> + uint8_t class;
> + dma_addr_t addr2;
> + } f_walk_eabt;
> + struct full_info f_translation;
> + struct full_info f_addr_size;
> + struct full_info f_access;
> + struct full_info f_permission;
> + struct ssid_info f_cfg_conflict;
> + /**
> + * not supported yet:
> + * F_BAD_ATS_TREQ
> + * F_BAD_ATS_TREQ
> + * F_TLB_CONFLICT
> + * E_PAGE_REQUEST
> + * IMPDEF_EVENTn
> + */
> + } u;
> +} SMMUEventInfo;
> +
> +/* EVTQ fields */
> +
> +#define EVT_Q_OVERFLOW (1 << 31)
> +
> +#define EVT_SET_TYPE(x, v) deposit32((x)->word[0], 0 , 8 , v)
> +#define EVT_SET_SSV(x, v) deposit32((x)->word[0], 11, 1 , v)
> +#define EVT_SET_SSID(x, v) deposit32((x)->word[0], 12, 20, v)
> +#define EVT_SET_SID(x, v) ((x)->word[1] = v)
> +#define EVT_SET_STAG(x, v) deposit32((x)->word[2], 0 , 16, v)
> +#define EVT_SET_STALL(x, v) deposit32((x)->word[2], 31, 1 , v)
> +#define EVT_SET_PNU(x, v) deposit32((x)->word[3], 1 , 1 , v)
> +#define EVT_SET_IND(x, v) deposit32((x)->word[3], 2 , 1 , v)
> +#define EVT_SET_RNW(x, v) deposit32((x)->word[3], 3 , 1 , v)
> +#define EVT_SET_S2(x, v) deposit32((x)->word[3], 7 , 1 , v)
> +#define EVT_SET_CLASS(x, v) deposit32((x)->word[3], 8 , 2 , v)
There's some weird extra spaces in these macros.
> +#define EVT_SET_ADDR(x, addr) ({ \
> + (x)->word[5] = (uint32_t)(addr >> 32); \
> + (x)->word[4] = (uint32_t)(addr & 0xffffffff); \
> + })
> +#define EVT_SET_ADDR2(x, addr) ({ \
> + deposit32((x)->word[7], 3, 29, addr >> 16); \
> + deposit32((x)->word[7], 0, 16, addr & 0xffff); \
> + })
These don't need the GCC ({ }) extension -- you can just do them
as normal do { ... } while (0) macros.
Otherwise
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [Qemu-devel] [PATCH v11 14/17] hw/arm/virt: Introduce the iommu option
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 14/17] hw/arm/virt: Introduce the iommu option Eric Auger
@ 2018-04-16 16:55 ` Peter Maydell
0 siblings, 0 replies; 37+ messages in thread
From: Peter Maydell @ 2018-04-16 16:55 UTC (permalink / raw)
To: Eric Auger
Cc: Eric Auger, QEMU Developers, qemu-arm, Prem Mallappa,
Alex Williamson, Tomasz Nowicki, Michael S. Tsirkin,
Christoffer Dall, Bharat Bhushan, Jean-Philippe Brucker,
linuc.decode, Peter Xu, Jintack Lim
On 12 April 2018 at 08:38, Eric Auger <eric.auger@redhat.com> wrote:
> ARM virt machine now exposes a new "iommu" option.
> The SMMUv3 IOMMU is instantiated using -machine virt,iommu=smmuv3.
>
> Signed-off-by: Eric Auger <eric.auger@redhat.com>
> Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
>
> ---
> v9 -> v10:
> - remove no_iommu
>
> v7 -> v8:
> - Revert to machine option, now dubbed "iommu", preparing for virtio
> instantiation.
>
> v5 -> v6: machine 2_11
> ---
> hw/arm/virt.c | 36 ++++++++++++++++++++++++++++++++++++
> 1 file changed, 36 insertions(+)
>
> diff --git a/hw/arm/virt.c b/hw/arm/virt.c
> index 1799702..a3398d6 100644
> --- a/hw/arm/virt.c
> +++ b/hw/arm/virt.c
> @@ -1560,6 +1560,34 @@ static void virt_set_gic_version(Object *obj, const char *value, Error **errp)
> }
> }
>
> +static char *virt_get_iommu(Object *obj, Error **errp)
> +{
> + VirtMachineState *vms = VIRT_MACHINE(obj);
> +
> + switch (vms->iommu) {
> + case VIRT_IOMMU_NONE:
> + return g_strdup("none");
> + case VIRT_IOMMU_SMMUV3:
> + return g_strdup("smmuv3");
> + default:
> + g_assert_not_reached();
> + }
> +}
> +
> +static void virt_set_iommu(Object *obj, const char *value, Error **errp)
> +{
> + VirtMachineState *vms = VIRT_MACHINE(obj);
> +
> + if (!strcmp(value, "smmuv3")) {
> + vms->iommu = VIRT_IOMMU_SMMUV3;
> + } else if (!strcmp(value, "none")) {
> + vms->iommu = VIRT_IOMMU_NONE;
> + } else {
> + error_setg(errp, "Invalid iommu value");
> + error_append_hint(errp, "Valid values are none, smmuv3.\n");
> + }
> +}
> +
> static CpuInstanceProperties
> virt_cpu_index_to_props(MachineState *ms, unsigned cpu_index)
> {
> @@ -1692,6 +1720,14 @@ static void virt_2_12_instance_init(Object *obj)
> NULL);
> }
>
> + /* Default disallows iommu instantiation */
> + vms->iommu = VIRT_IOMMU_NONE;
> + object_property_add_str(obj, "iommu", virt_get_iommu, virt_set_iommu, NULL);
> + object_property_set_description(obj, "iommu",
> + "Set the IOMMU model among "
> + "none, smmuv3 (default none)",
> + NULL);
We should phrase this consistently with how we're describing other
options like the GIC version, so
"Set the IOMMU type. Valid values are none and smmuv3"
Otherwise
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [Qemu-devel] [PATCH v11 09/17] hw/arm/smmuv3: Implement translate callback
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 09/17] hw/arm/smmuv3: Implement translate callback Eric Auger
@ 2018-04-17 10:50 ` Peter Maydell
0 siblings, 0 replies; 37+ messages in thread
From: Peter Maydell @ 2018-04-17 10:50 UTC (permalink / raw)
To: Eric Auger
Cc: Eric Auger, QEMU Developers, qemu-arm, Prem Mallappa,
Alex Williamson, Tomasz Nowicki, Michael S. Tsirkin,
Christoffer Dall, Bharat Bhushan, Jean-Philippe Brucker,
linuc.decode, Peter Xu, Jintack Lim
On 12 April 2018 at 08:38, Eric Auger <eric.auger@redhat.com> wrote:
> This patch implements the IOMMU Memory Region translate()
> callback. Most of the code relates to the translation
> configuration decoding and check (STE, CD).
>
> Signed-off-by: Eric Auger <eric.auger@redhat.com>
> Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
> +/* @ssid > 0 not supported yet */
> +static int smmu_get_cd(SMMUv3State *s, STE *ste, uint32_t ssid,
> + CD *buf, SMMUEventInfo *event)
> +{
> + dma_addr_t addr = STE_CTXPTR(ste);
> + int ret;
> +
> + trace_smmuv3_get_cd(addr);
> + /* TODO: guarantee 64-bit single-copy atomicity */
> + ret = dma_memory_read(&address_space_memory, addr,
> + (void *)buf, sizeof(*buf));
> + if (ret != MEMTX_OK) {
> + qemu_log_mask(LOG_GUEST_ERROR,
> + "Cannot fetch pte at address=0x%"PRIx64"\n", addr);
> + event->type = SMMU_EVT_F_CD_FETCH;
> + event->u.f_ste_fetch.addr = addr;
> + return -EINVAL;
> + }
> + return 0;
> +}
> +
> +/* Returns <0 if the caller has no need to purse the translation */
Typo, but I'm not sure what you meant instead of "purse".
> +static int decode_ste(SMMUv3State *s, SMMUTransCfg *cfg,
> + STE *ste, SMMUEventInfo *event)
> +{
> + uint32_t config = STE_CONFIG(ste);
> + int ret = -EINVAL;
> +
> + if (STE_CFG_ABORT(config)) {
> + cfg->aborted = true; /* abort but don't record any event */
> + return ret;
> + }
> +
> + if (STE_CFG_BYPASS(config)) {
> + cfg->bypassed = true;
> + return ret;
> + }
> +
> + if (!STE_VALID(ste)) {
> + goto bad_ste;
> + }
This check is happening too late -- if STE.V is 0 then other STE fields
must be ignored, including STE.Config, so it has to be done as the first
thing in this function.
> +
> + if (STE_CFG_S2_ENABLED(config)) {
> + qemu_log_mask(LOG_UNIMP, "SMMUv3 does not support stage 2 yet\n");
> + goto bad_ste;
> + }
> +
> + if (STE_S1CDMAX(ste) != 0) {
> + qemu_log_mask(LOG_UNIMP,
> + "SMMUv3 does not support multiple context descriptors yet\n");
> + goto bad_ste;
> + }
> +
> + if (STE_S1STALLD(ste)) {
> + qemu_log_mask(LOG_UNIMP,
> + "SMMUv3 S1 stalling fault model not allowed yet\n");
> + goto bad_ste;
> + }
> + return 0;
> +
> +bad_ste:
> + event->type = SMMU_EVT_C_BAD_STE;
> + return -EINVAL;
> +}
> +static int decode_cd(SMMUTransCfg *cfg, CD *cd, SMMUEventInfo *event)
> +{
> + int ret = -EINVAL;
> + int i;
> +
> + if (!CD_VALID(cd) || !CD_AARCH64(cd)) {
> + goto bad_cd;
> + }
> +
> + /* we support only those at the moment */
> + cfg->aa64 = true;
> + cfg->stage = 1;
> +
> + cfg->oas = oas2bits(CD_IPS(cd));
> + cfg->oas = MIN(oas2bits(SMMU_IDR5_OAS), cfg->oas);
> + cfg->tbi = CD_TBI(cd);
> + cfg->asid = CD_ASID(cd);
> +
> + trace_smmuv3_decode_cd(cfg->oas);
> +
> + /* decode data dependent on TT */
> + for (i = 0; i <= 1; i++) {
> + int tg, tsz;
> + SMMUTransTableInfo *tt = &cfg->tt[i];
> +
> + cfg->tt[i].disabled = CD_EPD(cd, i);
> + if (cfg->tt[i].disabled) {
> + continue;
> + }
> +
> + if (!CD_A(cd)) {
> + goto bad_cd; /* SMMU_IDR0.TERM_MODEL == 1 */
> + }
> + if (CD_S(cd)) {
> + goto bad_cd; /* !STE_SECURE && SMMU_IDR0.STALL_MODEL == 1 */
> + }
> + if (CD_HA(cd) || CD_HD(cd)) {
> + goto bad_cd; /* HTTU = 0 */
> + }
The location of this check means you're going to be ignoring HA and HD
if EPD0 and EPD1 are both zero, which isn't what the spec says.
Since the HA/HD bits aren't dependent on EPD*, it would make more sense
for this check to be outside the for() loop. This applies
to some of the other checks too: check the pseudocode CD_ILLEGAL
expression and in particular which parts of it involve checks for
N_TRANS_CFG0 or N_TRANSL_CFG1. At least the CD_A and CD_S checks
should also be outside the loop.
> +
> + tsz = CD_TSZ(cd, i);
> + if (tsz < 16 || tsz > 39) {
> + goto bad_cd;
> + }
> +
> + tg = CD_TG(cd, i);
> + tt->granule_sz = tg2granule(tg, i);
> + if ((tt->granule_sz != 12 && tt->granule_sz != 16) || CD_ENDI(cd)) {
> + goto bad_cd;
> + }
> +
> + tt->tsz = tsz;
> + tt->initial_level = 4 - (64 - tsz - 4) / (tt->granule_sz - 3);
> + tt->ttb = CD_TTB(cd, i);
> + if (tt->ttb & ~(MAKE_64BIT_MASK(0, cfg->oas))) {
> + goto bad_cd;
> + }
> + trace_smmuv3_decode_cd_tt(i, tt->tsz, tt->ttb,
> + tt->granule_sz, tt->initial_level);
> + }
> +
> + event->record_trans_faults = CD_R(cd);
> +
> + return 0;
> +
> +bad_cd:
> + event->type = SMMU_EVT_C_BAD_CD;
> + return ret;
> +}
thanks
-- PMM
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [Qemu-devel] [PATCH v11 10/17] hw/arm/smmuv3: Abort on vfio or vhost case
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 10/17] hw/arm/smmuv3: Abort on vfio or vhost case Eric Auger
@ 2018-04-17 10:51 ` Peter Maydell
0 siblings, 0 replies; 37+ messages in thread
From: Peter Maydell @ 2018-04-17 10:51 UTC (permalink / raw)
To: Eric Auger
Cc: Eric Auger, QEMU Developers, qemu-arm, Prem Mallappa,
Alex Williamson, Tomasz Nowicki, Michael S. Tsirkin,
Christoffer Dall, Bharat Bhushan, Jean-Philippe Brucker,
linuc.decode, Peter Xu, Jintack Lim
On 12 April 2018 at 08:38, Eric Auger <eric.auger@redhat.com> wrote:
> At the moment, the SMMUv3 does not support notification on
> TLB invalidation. So let's log an error as soon as such notifier
> gets enabled.
>
> Signed-off-by: Eric Auger <eric.auger@redhat.com>
> ---
> hw/arm/smmuv3.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
> index 4be676b..6e0d7ad 100644
> --- a/hw/arm/smmuv3.c
> +++ b/hw/arm/smmuv3.c
> @@ -1147,12 +1147,23 @@ static void smmuv3_class_init(ObjectClass *klass, void *data)
> dc->realize = smmu_realize;
> }
>
> +static void smmuv3_notify_flag_changed(IOMMUMemoryRegion *iommu,
> + IOMMUNotifierFlag old,
> + IOMMUNotifierFlag new)
> +{
> + if (old == IOMMU_NOTIFIER_NONE) {
> + warn_report("SMMUV3 does not support vhost/vfio integration yet: "
> + "devices of those types will not function properly");
> + }
> +}
> +
> static void smmuv3_iommu_memory_region_class_init(ObjectClass *klass,
> void *data)
> {
> IOMMUMemoryRegionClass *imrc = IOMMU_MEMORY_REGION_CLASS(klass);
>
> imrc->translate = smmuv3_translate;
> + imrc->notify_flag_changed = smmuv3_notify_flag_changed;
> }
>
> static const TypeInfo smmuv3_type_info = {
> --
> 2.5.5
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [Qemu-devel] [PATCH v11 11/17] target/arm/kvm: Translate the MSI doorbell in kvm_arch_fixup_msi_route
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 11/17] target/arm/kvm: Translate the MSI doorbell in kvm_arch_fixup_msi_route Eric Auger
@ 2018-04-17 11:02 ` Peter Maydell
2018-04-25 14:43 ` Auger Eric
0 siblings, 1 reply; 37+ messages in thread
From: Peter Maydell @ 2018-04-17 11:02 UTC (permalink / raw)
To: Eric Auger
Cc: Eric Auger, QEMU Developers, qemu-arm, Prem Mallappa,
Alex Williamson, Tomasz Nowicki, Michael S. Tsirkin,
Christoffer Dall, Bharat Bhushan, Jean-Philippe Brucker,
linuc.decode, Peter Xu, Jintack Lim
On 12 April 2018 at 08:38, Eric Auger <eric.auger@redhat.com> wrote:
> In case the MSI is translated by an IOMMU we need to fixup the
> MSI route with the translated address.
>
> Signed-off-by: Eric Auger <eric.auger@redhat.com>
> Signed-off-by: Bharat Bhushan <Bharat.Bhushan@nxp.com>
>
> ---
> v9 -> v10:
> - use address_space_translate
>
> v5 -> v6:
> - use IOMMUMemoryRegionClass API
> ---
> target/arm/kvm.c | 27 +++++++++++++++++++++++++++
> target/arm/trace-events | 3 +++
> 2 files changed, 30 insertions(+)
>
> diff --git a/target/arm/kvm.c b/target/arm/kvm.c
> index ecc39ac..c6f6aa8 100644
> --- a/target/arm/kvm.c
> +++ b/target/arm/kvm.c
> @@ -20,8 +20,10 @@
> #include "sysemu/kvm.h"
> #include "kvm_arm.h"
> #include "cpu.h"
> +#include "trace.h"
> #include "internals.h"
> #include "hw/arm/arm.h"
> +#include "hw/pci/pci.h"
> #include "exec/memattrs.h"
> #include "exec/address-spaces.h"
> #include "hw/boards.h"
> @@ -649,6 +651,31 @@ int kvm_arm_vgic_probe(void)
> int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry *route,
> uint64_t address, uint32_t data, PCIDevice *dev)
> {
> + AddressSpace *as = pci_device_iommu_address_space(dev);
> + hwaddr xlat, len, doorbell_gpa;
> + MemoryRegionSection mrs;
> + MemoryRegion *mr;
> +
> + if (as == &address_space_memory) {
> + return 0;
> + }
> +
> + /* MSI doorbell address is translated by an IOMMU */
> +
> + rcu_read_lock();
> + mr = address_space_translate(as, address, &xlat, &len, true);
> + if (!mr) {
> + return 1;
This early-return code path fails to release the rcu_read_lock.
> + }
> + mrs = memory_region_find(mr, xlat, 0);
Is it really valid to pass a size of 0 to memory_region_find() ?
We should probably use however big the doorbell write is.
Do we need to do something here to handle the case where
memory_region_find() doesn't find a a region, or does that
just work automatically?
> + doorbell_gpa = mrs.offset_within_address_space;
> + rcu_read_unlock();
> +
> + route->u.msi.address_lo = doorbell_gpa;
> + route->u.msi.address_hi = doorbell_gpa >> 32;
> +
> + trace_kvm_arm_fixup_msi_route(address, doorbell_gpa);
> +
> return 0;
> }
>
> diff --git a/target/arm/trace-events b/target/arm/trace-events
> index 9e37131..6b759f9 100644
> --- a/target/arm/trace-events
> +++ b/target/arm/trace-events
> @@ -8,3 +8,6 @@ arm_gt_tval_write(int timer, uint64_t value) "gt_tval_write: timer %d value 0x%"
> arm_gt_ctl_write(int timer, uint64_t value) "gt_ctl_write: timer %d value 0x%" PRIx64
> arm_gt_imask_toggle(int timer, int irqstate) "gt_ctl_write: timer %d IMASK toggle, new irqstate %d"
> arm_gt_cntvoff_write(uint64_t value) "gt_cntvoff_write: value 0x%" PRIx64
> +
> +# target/arm/kvm.c
> +kvm_arm_fixup_msi_route(uint64_t iova, uint64_t gpa) "MSI iova = 0x%"PRIx64" is translated into 0x%"PRIx64
> --
> 2.5.5
thanks
-- PMM
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [Qemu-devel] [PATCH v11 15/17] hw/arm/smmuv3: Cache/invalidate config data
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 15/17] hw/arm/smmuv3: Cache/invalidate config data Eric Auger
@ 2018-04-17 12:22 ` Peter Maydell
0 siblings, 0 replies; 37+ messages in thread
From: Peter Maydell @ 2018-04-17 12:22 UTC (permalink / raw)
To: Eric Auger
Cc: Eric Auger, QEMU Developers, qemu-arm, Prem Mallappa,
Alex Williamson, Tomasz Nowicki, Michael S. Tsirkin,
Christoffer Dall, Bharat Bhushan, Jean-Philippe Brucker,
linuc.decode, Peter Xu, Jintack Lim
On 12 April 2018 at 08:38, Eric Auger <eric.auger@redhat.com> wrote:
> Let's cache config data to avoid fetching and parsing STE/CD
> structures on each translation. We invalidate them on data structure
> invalidation commands.
>
> Signed-off-by: Eric Auger <eric.auger@redhat.com>
> ---
> hw/arm/smmu-common.c | 24 +++++++-
> hw/arm/smmuv3.c | 129 ++++++++++++++++++++++++++++++++++++++++---
> hw/arm/trace-events | 6 ++
> include/hw/arm/smmu-common.h | 3 +
> include/hw/arm/smmuv3.h | 1 +
> 5 files changed, 152 insertions(+), 11 deletions(-)
>
> diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
> index 6a58948..c271a28 100644
> --- a/hw/arm/smmu-common.c
> +++ b/hw/arm/smmu-common.c
> @@ -297,6 +297,24 @@ static AddressSpace *smmu_find_add_as(PCIBus *bus, void *opaque, int devfn)
> return &sdev->as;
> }
>
> +IOMMUMemoryRegion *smmu_iommu_mr(SMMUState *s, uint32_t sid)
> +{
> + uint8_t bus_n, devfn;
> + SMMUPciBus *smmu_bus;
> + SMMUDevice *smmu;
> +
> + bus_n = PCI_BUS_NUM(sid);
> + smmu_bus = smmu_find_smmu_pcibus(s, bus_n);
> + if (smmu_bus) {
> + devfn = sid & 0x7;
> + smmu = smmu_bus->pbdev[devfn];
> + if (smmu) {
> + return &smmu->iommu;
> + }
> + }
> + return NULL;
> +}
> +
> static void smmu_base_realize(DeviceState *dev, Error **errp)
> {
> SMMUState *s = ARM_SMMU(dev);
> @@ -308,7 +326,7 @@ static void smmu_base_realize(DeviceState *dev, Error **errp)
> error_propagate(errp, local_err);
> return;
> }
> -
> + s->configs = g_hash_table_new_full(NULL, NULL, NULL, g_free);
> s->smmu_pcibus_by_busptr = g_hash_table_new(NULL, NULL);
>
> if (s->primary_bus) {
> @@ -320,7 +338,9 @@ static void smmu_base_realize(DeviceState *dev, Error **errp)
>
> static void smmu_base_reset(DeviceState *dev)
> {
> - /* will be filled later on */
> + SMMUState *s = ARM_SMMU(dev);
> +
> + g_hash_table_remove_all(s->configs);
> }
>
> static Property smmu_dev_properties[] = {
> diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
> index 6e0d7ad..938052e 100644
> --- a/hw/arm/smmuv3.c
> +++ b/hw/arm/smmuv3.c
> @@ -537,6 +537,38 @@ static int smmuv3_decode_config(IOMMUMemoryRegion *mr, SMMUTransCfg *cfg,
> return decode_cd(cfg, &cd, event);
> }
>
> +static SMMUTransCfg *smmuv3_get_config(SMMUDevice *sdev, SMMUEventInfo *event)
> +{
> + SMMUv3State *s = sdev->smmu;
> + SMMUState *bc = &s->smmu_state;
> + SMMUTransCfg *cfg;
> +
> + cfg = g_hash_table_lookup(bc->configs, sdev);
A comment somewhere that explains what exactly this cache
is caching (in terms of the architectural data structures,
STE, CD, etc) would be helpful.
> + trace_smmuv3_config_cache_hit(((pci_bus_num(sdev->bus) & 0xff) << 8) |
> + sdev->devfn);
> + if (!cfg) {
> + trace_smmuv3_config_cache_miss(((pci_bus_num(sdev->bus) & 0xff) << 8) |
> + sdev->devfn);
In the cache miss code path you trace both the message
for cache hit and then the one for cache miss.
You could use smmu_get_sid() here rather than open-coding
the bus-number/devfn expression, I think.
> + cfg = g_new0(SMMUTransCfg, 1);
> + g_hash_table_insert(bc->configs, sdev, cfg);
> +
> + if (smmuv3_decode_config(&sdev->iommu, cfg, event)) {
> + g_hash_table_remove(bc->configs, sdev);
Could we just not insert it in the first place if this
condition is true ?
> + }
> + }
> + return cfg;
> +}
> +
> +static void smmuv3_put_config(SMMUDevice *sdev)
> +{
> + SMMUv3State *s = sdev->smmu;
> + SMMUState *bc = &s->smmu_state;
> +
> + trace_smmuv3_config_cache_inv(((pci_bus_num(sdev->bus) & 0xff) << 8) |
> + sdev->devfn);
> + g_hash_table_remove(bc->configs, sdev);
This seems an odd name for this function.
> +}
> +
> static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,
> IOMMUAccessFlags flag)
> {
> @@ -545,7 +577,7 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,
> uint32_t sid = smmu_get_sid(sdev);
> SMMUEventInfo event = {.type = SMMU_EVT_OK, .sid = sid};
> SMMUPTWEventInfo ptw_info = {};
> - SMMUTransCfg cfg = {};
> + SMMUTransCfg *cfg = NULL;
> IOMMUTLBEntry entry = {
> .target_as = &address_space_memory,
> .iova = addr,
> @@ -556,19 +588,26 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,
> int ret = 0;
>
> if (!smmu_enabled(s)) {
> + return entry;
Making this do a 'return' loses the tracepoint tracing for this case.
> + }
> +
> + /*
> + * the lock is held to sequentialize invalidation commands and
> + * translation operations
> + */
> + qemu_mutex_lock(&s->mutex);
Aren't we operating under the BQL here? Per device mutexes
make me nervous about locking order issues.
> +
> + cfg = smmuv3_get_config(sdev, &event);
> + if (!cfg) {
> + ret = -EINVAL;
> goto out;
> }
>
> - ret = smmuv3_decode_config(mr, &cfg, &event);
> - if (ret) {
> + if (cfg->aborted) {
> goto out;
> }
>
> - if (cfg.aborted) {
> - goto out;
> - }
> -
> - ret = smmu_ptw(&cfg, addr, flag, &entry, &ptw_info);
> + ret = smmu_ptw(cfg, addr, flag, &entry, &ptw_info);
> if (ret) {
> switch (ptw_info.type) {
> case SMMU_PTW_ERR_WALK_EABT:
> @@ -617,17 +656,20 @@ out:
> mr->parent_obj.name, addr, ret);
> entry.perm = IOMMU_NONE;
> smmuv3_record_event(s, &event);
> - } else if (!cfg.aborted) {
> + } else if (!cfg->aborted) {
> entry.perm = flag;
> trace_smmuv3_translate(mr->parent_obj.name, sid, addr,
> entry.translated_addr, entry.perm);
> }
>
> + qemu_mutex_unlock(&s->mutex);
> +
> return entry;
> }
>
> static int smmuv3_cmdq_consume(SMMUv3State *s)
> {
> + SMMUState *bs = ARM_SMMU(s);
> SMMUCmdError cmd_error = SMMU_CERROR_NONE;
> SMMUQueue *q = &s->cmdq;
> SMMUCommandType type = 0;
> @@ -662,6 +704,7 @@ static int smmuv3_cmdq_consume(SMMUv3State *s)
>
> trace_smmuv3_cmdq_opcode(smmu_cmd_string(type));
>
> + qemu_mutex_lock(&s->mutex);
> switch (type) {
> case SMMU_CMD_SYNC:
> if (CMD_SYNC_CS(&cmd) & CMD_SYNC_SIG_IRQ) {
> @@ -670,10 +713,74 @@ static int smmuv3_cmdq_consume(SMMUv3State *s)
> break;
> case SMMU_CMD_PREFETCH_CONFIG:
> case SMMU_CMD_PREFETCH_ADDR:
> + break;
> case SMMU_CMD_CFGI_STE:
> + {
> + uint32_t sid = CMD_SID(&cmd);
> + IOMMUMemoryRegion *mr = smmu_iommu_mr(bs, sid);
> + SMMUDevice *sdev;
> +
> + if (CMD_SSEC(&cmd)) {
> + cmd_error = SMMU_CERROR_ILL;
> + break;
> + }
> +
> + if (!mr) {
> + break;
> + }
> +
> + trace_smmuv3_cmdq_cfgi_ste(sid);
> + sdev = container_of(mr, SMMUDevice, iommu);
> + smmuv3_put_config(sdev);
> +
> + break;
> + }
> case SMMU_CMD_CFGI_STE_RANGE: /* same as SMMU_CMD_CFGI_ALL */
> + {
> + uint32_t start = CMD_SID(&cmd), end, i;
> + uint8_t range = CMD_STE_RANGE(&cmd);
> +
> + if (CMD_SSEC(&cmd)) {
> + cmd_error = SMMU_CERROR_ILL;
> + break;
> + }
> +
> + end = start + (1 << (range + 1)) - 1;
> + trace_smmuv3_cmdq_cfgi_ste_range(start, end);
> +
> + for (i = start; i <= end; i++) {
> + IOMMUMemoryRegion *mr = smmu_iommu_mr(bs, i);
> + SMMUDevice *sdev;
> +
> + if (!mr) {
> + continue;
> + }
> + sdev = container_of(mr, SMMUDevice, iommu);
> + smmuv3_put_config(sdev);
> + }
> + break;
> + }
> case SMMU_CMD_CFGI_CD:
> case SMMU_CMD_CFGI_CD_ALL:
> + {
> + uint32_t sid = CMD_SID(&cmd);
> + IOMMUMemoryRegion *mr = smmu_iommu_mr(bs, sid);
> + SMMUDevice *sdev;
> +
> + if (CMD_SSEC(&cmd)) {
> + cmd_error = SMMU_CERROR_ILL;
> + break;
> + }
> +
> + if (!mr) {
> + break;
> + }
> +
> + trace_smmuv3_cmdq_cfgi_cd(sid);
> + sdev = container_of(mr, SMMUDevice, iommu);
> + smmuv3_put_config(sdev);
> + break;
> + }
> case SMMU_CMD_TLBI_NH_ALL:
> case SMMU_CMD_TLBI_NH_ASID:
> case SMMU_CMD_TLBI_NH_VA:
> @@ -700,6 +807,7 @@ static int smmuv3_cmdq_consume(SMMUv3State *s)
> break;
> }
> if (cmd_error) {
> + qemu_mutex_unlock(&s->mutex);
> break;
> }
> /*
> @@ -708,6 +816,7 @@ static int smmuv3_cmdq_consume(SMMUv3State *s)
> * and does not check the completion of previous commands
> */
> queue_cons_incr(q);
> + qemu_mutex_unlock(&s->mutex);
> }
>
> if (cmd_error) {
> @@ -1078,6 +1187,8 @@ static void smmu_realize(DeviceState *d, Error **errp)
> return;
> }
>
> + qemu_mutex_init(&s->mutex);
> +
> memory_region_init_io(&sys->iomem, OBJECT(s),
> &smmu_mem_ops, sys, TYPE_ARM_SMMUV3, 0x20000);
>
> diff --git a/hw/arm/trace-events b/hw/arm/trace-events
> index 032de48..ecc30be 100644
> --- a/hw/arm/trace-events
> +++ b/hw/arm/trace-events
> @@ -39,3 +39,9 @@ smmuv3_get_cd(uint64_t addr) "CD addr: 0x%"PRIx64
> smmuv3_translate(const char *n, uint16_t sid, uint64_t iova, uint64_t translated, int perm) "%s sid=%d iova=0x%"PRIx64" translated=0x%"PRIx64" perm=0x%x"
> smmuv3_decode_cd(uint32_t oas) "oas=%d"
> smmuv3_decode_cd_tt(int i, uint32_t tsz, uint64_t ttb, uint32_t granule_sz, int initial_level) "TT[%d]:tsz:%d ttb:0x%"PRIx64" granule_sz:%d, initial_level = %d"
> +smmuv3_cmdq_cfgi_ste(int streamid) " |_ streamid =%d"
> +smmuv3_cmdq_cfgi_ste_range(int start, int end) " |_ start=0x%d - end=0x%d"
> +smmuv3_cmdq_cfgi_cd(uint32_t sid) " |_ streamid = %d"
> +smmuv3_config_cache_hit(uint32_t sid) "Config cache HIT for sid %d"
> +smmuv3_config_cache_miss(uint32_t sid) "Config cache MISS for sid %d"
> +smmuv3_config_cache_inv(uint32_t sid) "Config cache INV for sid %d"
> diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h
> index 4ccd131..ff07734 100644
> --- a/include/hw/arm/smmu-common.h
> +++ b/include/hw/arm/smmu-common.h
> @@ -143,4 +143,7 @@ int smmu_ptw(SMMUTransCfg *cfg, dma_addr_t iova, IOMMUAccessFlags perm,
> */
> SMMUTransTableInfo *select_tt(SMMUTransCfg *cfg, dma_addr_t iova);
>
> +/* Return the iommu mr associated to @sid, or NULL if none */
> +IOMMUMemoryRegion *smmu_iommu_mr(SMMUState *s, uint32_t sid);
> +
> #endif /* HW_ARM_SMMU_COMMON */
> diff --git a/include/hw/arm/smmuv3.h b/include/hw/arm/smmuv3.h
> index 23f7036..36b2f45 100644
> --- a/include/hw/arm/smmuv3.h
> +++ b/include/hw/arm/smmuv3.h
> @@ -59,6 +59,7 @@ typedef struct SMMUv3State {
> SMMUQueue eventq, cmdq;
>
> qemu_irq irq[4];
> + QemuMutex mutex;
> } SMMUv3State;
>
> typedef enum {
> --
> 2.5.5
thanks
-- PMM
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [Qemu-devel] [PATCH v11 16/17] hw/arm/smmuv3: IOTLB emulation
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 16/17] hw/arm/smmuv3: IOTLB emulation Eric Auger
@ 2018-04-17 12:55 ` Peter Maydell
2018-04-25 14:48 ` Auger Eric
0 siblings, 1 reply; 37+ messages in thread
From: Peter Maydell @ 2018-04-17 12:55 UTC (permalink / raw)
To: Eric Auger
Cc: Eric Auger, QEMU Developers, qemu-arm, Prem Mallappa,
Alex Williamson, Tomasz Nowicki, Michael S. Tsirkin,
Christoffer Dall, Bharat Bhushan, Jean-Philippe Brucker,
linuc.decode, Peter Xu, Jintack Lim
On 12 April 2018 at 08:38, Eric Auger <eric.auger@redhat.com> wrote:
> We emulate a TLB cache of size SMMU_IOTLB_MAX_SIZE=256.
> It is implemented as a hash table whose key is a combination
> of the 16b asid and 48b IOVA.
>
> Entries are invalidated on TLB invalidation commands, either
> globally, or per asid, or per asid/iova.
>
> One peculiarity is the NH_VA invalidation command does not
> convey any information about the size to be invalidated (as
> opposed to what Intel does, for instance, with the am field).
> Hence, when NH_VA arrives we both invalidate the 4K and 64K
> entries, the both granules that we support.
>
> Signed-off-by: Eric Auger <eric.auger@redhat.com>
>
> ---
>
> Credit to Tomasz Nowicki who did the first implementation of
> this IOTLB implementation, inspired of intel_iommu implemtation.
> ---
> hw/arm/smmu-common.c | 33 ++++++++++++++
> hw/arm/smmuv3.c | 105 +++++++++++++++++++++++++++++++++++++++++--
> hw/arm/trace-events | 9 ++++
> include/hw/arm/smmu-common.h | 11 +++++
> 4 files changed, 154 insertions(+), 4 deletions(-)
>
> diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
> index c271a28..3d25339 100644
> --- a/hw/arm/smmu-common.c
> +++ b/hw/arm/smmu-common.c
> @@ -29,6 +29,36 @@
> #include "hw/arm/smmu-common.h"
> #include "smmu-internal.h"
>
> +/* IOTLB Management */
> +
> +inline void smmu_iotlb_inv_all(SMMUState *s)
> +{
> + trace_smmu_iotlb_inv_all();
> + g_hash_table_remove_all(s->iotlb);
> +}
> +
> +static gboolean smmu_hash_remove_by_asid(gpointer key, gpointer value,
> + gpointer user_data)
> +{
> + uint16_t asid = *(uint16_t *)user_data;
> +
> + return ((*(uint64_t *)key) >> IOTLB_KEY_ASID_SHIFT) == asid;
> +}
> +
> +inline void smmu_iotlb_inv_iova(SMMUState *s, uint16_t asid, dma_addr_t iova)
> +{
> + uint64_t key = SMMU_IOTLB_KEY(asid, iova);
> +
> + trace_smmu_iotlb_inv_iova(asid, iova);
> + g_hash_table_remove(s->iotlb, &key);
> +}
> +
> +inline void smmu_iotlb_inv_asid(SMMUState *s, uint16_t asid)
> +{
> + trace_smmu_iotlb_inv_asid(asid);
> + g_hash_table_foreach_remove(s->iotlb, smmu_hash_remove_by_asid, &asid);
> +}
> +
> /* VMSAv8-64 Translation */
>
> /**
> @@ -327,6 +357,8 @@ static void smmu_base_realize(DeviceState *dev, Error **errp)
> return;
> }
> s->configs = g_hash_table_new_full(NULL, NULL, NULL, g_free);
> + s->iotlb = g_hash_table_new_full(g_int64_hash, g_int64_equal,
> + g_free, g_free);
> s->smmu_pcibus_by_busptr = g_hash_table_new(NULL, NULL);
>
> if (s->primary_bus) {
> @@ -341,6 +373,7 @@ static void smmu_base_reset(DeviceState *dev)
> SMMUState *s = ARM_SMMU(dev);
>
> g_hash_table_remove_all(s->configs);
> + g_hash_table_remove_all(s->iotlb);
> }
>
> static Property smmu_dev_properties[] = {
> diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
> index 938052e..081f0fb 100644
> --- a/hw/arm/smmuv3.c
> +++ b/hw/arm/smmuv3.c
> @@ -551,6 +551,8 @@ static SMMUTransCfg *smmuv3_get_config(SMMUDevice *sdev, SMMUEventInfo *event)
> sdev->devfn);
> cfg = g_new0(SMMUTransCfg, 1);
> g_hash_table_insert(bc->configs, sdev, cfg);
> + cfg->iotlb_miss = 0;
> + cfg->iotlb_hit = 0;
>
> if (smmuv3_decode_config(&sdev->iommu, cfg, event)) {
> g_hash_table_remove(bc->configs, sdev);
> @@ -575,8 +577,12 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,
> SMMUDevice *sdev = container_of(mr, SMMUDevice, iommu);
> SMMUv3State *s = sdev->smmu;
> uint32_t sid = smmu_get_sid(sdev);
> + SMMUState *bs = ARM_SMMU(s);
> SMMUEventInfo event = {.type = SMMU_EVT_OK, .sid = sid};
> + uint64_t key_val, page_mask, aligned_addr;
> + IOMMUTLBEntry *cached_entry = NULL;
> SMMUPTWEventInfo ptw_info = {};
> + SMMUTransTableInfo *tt;
> SMMUTransCfg *cfg = NULL;
> IOMMUTLBEntry entry = {
> .target_as = &address_space_memory,
> @@ -585,6 +591,7 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,
> .addr_mask = ~(hwaddr)0,
> .perm = IOMMU_NONE,
> };
> + uint64_t *key;
> int ret = 0;
>
> if (!smmu_enabled(s)) {
> @@ -607,7 +614,56 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,
> goto out;
> }
>
> - ret = smmu_ptw(cfg, addr, flag, &entry, &ptw_info);
> + tt = select_tt(cfg, addr);
> + if (!tt) {
> + if (event.record_trans_faults) {
> + event.type = SMMU_EVT_F_TRANSLATION;
> + event.u.f_translation.addr = addr;
> + event.u.f_translation.rnw = flag & 0x1;
> + }
> + ret = -EINVAL;
> + goto out;
> + }
> +
> + page_mask = (1ULL << (tt->granule_sz)) - 1;
> + aligned_addr = addr & ~page_mask;
> +
> + key_val = SMMU_IOTLB_KEY(cfg->asid, aligned_addr);
> +
> + cached_entry = g_hash_table_lookup(bs->iotlb, &key_val);
> + if (cached_entry) {
> + cfg->iotlb_hit += 1;
> + trace_smmu_iotlb_cache_hit(cfg->asid, aligned_addr,
> + cfg->iotlb_hit, cfg->iotlb_miss,
> + 100 * cfg->iotlb_hit /
> + (cfg->iotlb_hit + cfg->iotlb_miss));
> + if ((flag & IOMMU_WO) && !(cached_entry->perm & IOMMU_WO)) {
> + ret = -EFAULT;
> + if (event.record_trans_faults) {
> + event.type = SMMU_EVT_F_PERMISSION;
> + event.u.f_permission.addr = addr;
> + event.u.f_permission.rnw = flag & 0x1;
> + }
> + }
> + goto out;
> + }
> +
> + cfg->iotlb_miss += 1;
> + trace_smmu_iotlb_cache_miss(cfg->asid, addr & ~page_mask,
> + cfg->iotlb_hit, cfg->iotlb_miss,
> + 100 * cfg->iotlb_hit /
> + (cfg->iotlb_hit + cfg->iotlb_miss));
> +
> + if (g_hash_table_size(bs->iotlb) >= SMMU_IOTLB_MAX_SIZE) {
> + smmu_iotlb_inv_all(bs);
> + }
> +
> + cached_entry = g_new0(IOMMUTLBEntry, 1);
> + key = g_new0(uint64_t, 1);
> + *key = key_val;
> + g_hash_table_insert(bs->iotlb, key, cached_entry);
> +
> + ret = smmu_ptw(cfg, aligned_addr, flag, cached_entry, &ptw_info);
> if (ret) {
> switch (ptw_info.type) {
> case SMMU_PTW_ERR_WALK_EABT:
> @@ -656,8 +712,14 @@ out:
> mr->parent_obj.name, addr, ret);
> entry.perm = IOMMU_NONE;
> smmuv3_record_event(s, &event);
> + if (cached_entry) {
> + smmu_iotlb_inv_iova(bs, cfg->asid, aligned_addr);
> + }
This is doing that weird "insert an entry into the cache
and then remove it again" logic.
> } else if (!cfg->aborted) {
> entry.perm = flag;
> + entry.translated_addr = cached_entry->translated_addr +
> + (addr & page_mask);
> + entry.addr_mask = cached_entry->addr_mask;
> trace_smmuv3_translate(mr->parent_obj.name, sid, addr,
> entry.translated_addr, entry.perm);
> }
> @@ -781,10 +843,46 @@ static int smmuv3_cmdq_consume(SMMUv3State *s)
> smmuv3_put_config(sdev);
> break;
> }
> - case SMMU_CMD_TLBI_NH_ALL:
> case SMMU_CMD_TLBI_NH_ASID:
> - case SMMU_CMD_TLBI_NH_VA:
> + {
> + uint16_t asid = CMD_ASID(&cmd);
> +
> + trace_smmuv3_cmdq_tlbi_nh_asid(asid);
> + /* TODO: be more precise and invalidate for @asid */
> + smmu_iotlb_inv_asid(bs, asid);
TODO comment says we should invalidate for this ASID only, but
the code seems to do that already ?
> + break;
> + }
> + case SMMU_CMD_TLBI_NH_ALL:
> + case SMMU_CMD_TLBI_NSNH_ALL:
> + trace_smmuv3_cmdq_tlbi_nh();
> + smmu_iotlb_inv_all(bs);
> + break;
> case SMMU_CMD_TLBI_NH_VAA:
> + {
> + dma_addr_t addr = CMD_ADDR(&cmd);
> + uint16_t vmid = CMD_VMID(&cmd);
> +
> + trace_smmuv3_cmdq_tlbi_nh_vaa(vmid, addr);
> + smmu_iotlb_inv_all(bs);
> + break;
> + }
> + case SMMU_CMD_TLBI_NH_VA:
> + {
> + uint16_t asid = CMD_ASID(&cmd);
> + uint16_t vmid = CMD_VMID(&cmd);
> + dma_addr_t addr = CMD_ADDR(&cmd);
> + bool leaf = CMD_LEAF(&cmd);
> +
> + trace_smmuv3_cmdq_tlbi_nh_va(vmid, asid, addr, leaf);
> + /**
This isn't a doc-comment so it shouldn't have the double-asterisk
doc-comment syntax.
> + * we don't know the size of the granule so
> + * let's invalidate both 4K entry and 64kB entry.
> + * The spec allow to invalidate more than necessary.
> + */
> + smmu_iotlb_inv_iova(bs, asid, addr & ~0xFFF);
> + smmu_iotlb_inv_iova(bs, asid, addr & ~0xFFFF);
> + break;
> + }
> case SMMU_CMD_TLBI_EL3_ALL:
> case SMMU_CMD_TLBI_EL3_VA:
> case SMMU_CMD_TLBI_EL2_ALL:
> @@ -793,7 +891,6 @@ static int smmuv3_cmdq_consume(SMMUv3State *s)
> case SMMU_CMD_TLBI_EL2_VAA:
> case SMMU_CMD_TLBI_S12_VMALL:
> case SMMU_CMD_TLBI_S2_IPA:
> - case SMMU_CMD_TLBI_NSNH_ALL:
> case SMMU_CMD_ATC_INV:
> case SMMU_CMD_PRI_RESP:
> case SMMU_CMD_RESUME:
> diff --git a/hw/arm/trace-events b/hw/arm/trace-events
> index ecc30be..7fdc08e 100644
> --- a/hw/arm/trace-events
> +++ b/hw/arm/trace-events
> @@ -12,6 +12,11 @@ smmu_ptw_invalid_pte(int stage, int level, uint64_t baseaddr, uint64_t pteaddr,
> smmu_ptw_page_pte(int stage, int level, uint64_t iova, uint64_t baseaddr, uint64_t pteaddr, uint64_t pte, uint64_t address) "stage=%d level=%d iova=0x%"PRIx64" base@=0x%"PRIx64" pte@=0x%"PRIx64" pte=0x%"PRIx64" page address = 0x%"PRIx64
> smmu_ptw_block_pte(int stage, int level, uint64_t baseaddr, uint64_t pteaddr, uint64_t pte, uint64_t iova, uint64_t gpa, int bsize_mb) "stage=%d level=%d base@=0x%"PRIx64" pte@=0x%"PRIx64" pte=0x%"PRIx64" iova=0x%"PRIx64" block address = 0x%"PRIx64" block size = %d MiB"
> smmu_get_pte(uint64_t baseaddr, int index, uint64_t pteaddr, uint64_t pte) "baseaddr=0x%"PRIx64" index=0x%x, pteaddr=0x%"PRIx64", pte=0x%"PRIx64
> +smmu_iotlb_cache_hit(uint16_t asid, uint64_t addr, uint32_t hit, uint32_t miss, float p) "IOTLB cache HIT asid=%d addr=0x%"PRIx64" hit=%d miss=%d hit rate=%.1f"
> +smmu_iotlb_cache_miss(uint16_t asid, uint64_t addr, uint32_t hit, uint32_t miss, float p) "IOTLB cache MISS asid=%d addr=0x%"PRIx64" hit=%d miss=%d hit rate=%.1f"
> +smmu_iotlb_inv_all(void) "IOTLB invalidate all"
> +smmu_iotlb_inv_asid(uint16_t asid) "IOTLB invalidate asid=%d"
> +smmu_iotlb_inv_iova(uint16_t asid, uint64_t addr) "IOTLB invalidate asid=%d addr=0x%"PRIx64
>
> #hw/arm/smmuv3.c
> smmuv3_read_mmio(uint64_t addr, uint64_t val, unsigned size, uint32_t r) "addr: 0x%"PRIx64" val:0x%"PRIx64" size: 0x%x(%d)"
> @@ -41,6 +46,10 @@ smmuv3_decode_cd(uint32_t oas) "oas=%d"
> smmuv3_decode_cd_tt(int i, uint32_t tsz, uint64_t ttb, uint32_t granule_sz, int initial_level) "TT[%d]:tsz:%d ttb:0x%"PRIx64" granule_sz:%d, initial_level = %d"
> smmuv3_cmdq_cfgi_ste(int streamid) " |_ streamid =%d"
> smmuv3_cmdq_cfgi_ste_range(int start, int end) " |_ start=0x%d - end=0x%d"
> +smmuv3_cmdq_tlbi_nh_va(int vmid, int asid, uint64_t addr, bool leaf) " |_ vmid =%d asid =%d addr=0x%"PRIx64" leaf=%d"
> +smmuv3_cmdq_tlbi_nh_vaa(int vmid, uint64_t addr) " |_ vmid =%d addr=0x%"PRIx64
> +smmuv3_cmdq_tlbi_nh(void) ""
> +smmuv3_cmdq_tlbi_nh_asid(uint16_t asid) "asid=%d"
> smmuv3_cmdq_cfgi_cd(uint32_t sid) " |_ streamid = %d"
> smmuv3_config_cache_hit(uint32_t sid) "Config cache HIT for sid %d"
> smmuv3_config_cache_miss(uint32_t sid) "Config cache MISS for sid %d"
> diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h
> index ff07734..1c9c648 100644
> --- a/include/hw/arm/smmu-common.h
> +++ b/include/hw/arm/smmu-common.h
> @@ -68,6 +68,8 @@ typedef struct SMMUTransCfg {
> uint8_t tbi; /* Top Byte Ignore */
> uint16_t asid;
> SMMUTransTableInfo tt[2];
> + uint32_t iotlb_hit;
> + uint32_t iotlb_miss;
Are these just gathering hit/miss statistics for the tracing?
Could we have a comment saying what they're for? From the
name of the fields I was expecting them to be boolean flags;
if they're counts of hits and misses then iotlb_hits and
iotlb_misses might be better?
> } SMMUTransCfg;
>
> typedef struct SMMUDevice {
> @@ -146,4 +148,13 @@ SMMUTransTableInfo *select_tt(SMMUTransCfg *cfg, dma_addr_t iova);
> /* Return the iommu mr associated to @sid, or NULL if none */
> IOMMUMemoryRegion *smmu_iommu_mr(SMMUState *s, uint32_t sid);
>
> +#define SMMU_IOTLB_MAX_SIZE 256
> +#define IOTLB_KEY_ASID_SHIFT SMMU_MAX_VA_BITS
> +#define SMMU_IOTLB_KEY(asid, iova) \
> + (iova | (uint64_t)(asid) << IOTLB_KEY_ASID_SHIFT);
This choice of key layout makes future changes to the SMMU
implementation a bit painful. Currently SMMU_MAX_VA_BITS is 48,
so since the ASID is 16 bits that's the entirety of the 64 bit key.
We're also likely at some point to want to include in the key:
* 16 bit VMID
* larger address sizes (ie bigger SMMU_MAX_VA_BITS)
* translation regime (StreamWorld)
I think it would be better to define a struct and a custom
equality comparison function rather than using uint64_t and
g_int64_equal().
> +
> +void smmu_iotlb_inv_all(SMMUState *s);
> +void smmu_iotlb_inv_asid(SMMUState *s, uint16_t asid);
> +void smmu_iotlb_inv_iova(SMMUState *s, uint16_t asid, dma_addr_t iova);
> +
> #endif /* HW_ARM_SMMU_COMMON */
> --
> 2.5.5
thanks
-- PMM
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [Qemu-devel] [PATCH v11 03/17] hw/arm/smmu-common: VMSAv8-64 page table walk
2018-04-16 12:59 ` Peter Maydell
@ 2018-04-23 12:10 ` Auger Eric
2018-04-23 14:03 ` Peter Maydell
0 siblings, 1 reply; 37+ messages in thread
From: Auger Eric @ 2018-04-23 12:10 UTC (permalink / raw)
To: Peter Maydell
Cc: Eric Auger, QEMU Developers, qemu-arm, Prem Mallappa,
Alex Williamson, Tomasz Nowicki, Michael S. Tsirkin,
Christoffer Dall, Bharat Bhushan, Jean-Philippe Brucker,
linuc.decode, Peter Xu, Jintack Lim
Hi Peter,
On 04/16/2018 02:59 PM, Peter Maydell wrote:
> On 12 April 2018 at 08:37, Eric Auger <eric.auger@redhat.com> wrote:
>> This patch implements the page table walk for VMSAv8-64.
>>
>> Signed-off-by: Eric Auger <eric.auger@redhat.com>
>> Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
>
>> diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
>> index 9a966bb..6a58948 100644
>> --- a/hw/arm/smmu-common.c
>> +++ b/hw/arm/smmu-common.c
>> @@ -27,6 +27,215 @@
>>
>> #include "qemu/error-report.h"
>> #include "hw/arm/smmu-common.h"
>> +#include "smmu-internal.h"
>> +
>> +/* VMSAv8-64 Translation */
>> +
>> +/**
>> + * get_pte - Get the content of a page table entry located t
>> + * @base_addr[@index]
>> + */
>
> Comment appears to be truncated ?
>
>> +static int get_pte(dma_addr_t baseaddr, uint32_t index, uint64_t *pte,
>> + SMMUPTWEventInfo *info)
>> +{
>> + int ret;
>> + dma_addr_t addr = baseaddr + index * sizeof(*pte);
>> +
>> + /* TODO: guarantee 64-bit single-copy atomicity */
>> + ret = dma_memory_read(&address_space_memory, addr,
>> + (uint8_t *)pte, sizeof(*pte));
>> +
>> + if (ret != MEMTX_OK) {
>> + info->type = SMMU_PTW_ERR_WALK_EABT;
>> + info->addr = addr;
>> + return -EINVAL;
>> + }
>> + trace_smmu_get_pte(baseaddr, index, addr, *pte);
>> + return 0;
>> +}
>> +
>
>> +/**
>> + * smmu_ptw - Walk the page tables for an IOVA, according to @cfg
>> + *
>> + * @cfg: translation configuration
>> + * @iova: iova to translate
>> + * @perm: tentative access type
>> + * @tlbe: returned entry
>> + * @info: ptw event handle
>> + *
>> + * return 0 on success
>> + */
>> +inline int smmu_ptw(SMMUTransCfg *cfg, dma_addr_t iova, IOMMUAccessFlags perm,
>> + IOMMUTLBEntry *tlbe, SMMUPTWEventInfo *info)
>> +{
>> + if (!cfg->aa64) {
>> + /*
>> + * This code path is not entered as we check this while decoding
>> + * the configuration data in the derived SMMU model.
>> + */
>> + assert(0);
>
> Prefer either g_assert_not_reached() or just assert(cfg->aa64).
>
>> + }
>> +
>> + return smmu_ptw_64(cfg, iova, perm, tlbe, info);
>> +}
>>
>
>> +
>> +/*
>> + * TODO: At the moment all transactions are considered as priviledged (EL1)
>
> "privileged"
>
>> + * as IOMMU translation callback does not pass user/priv attributes.
>> + */
>> +#define is_permission_fault(ap, perm) \
>> + (((perm) & IOMMU_WO) && ((ap) & 0x2))
>> +
>> +#define PTE_AP_TO_PERM(ap) \
>> + (IOMMU_ACCESS_FLAG(true, !((ap) & 0x2)))
>> +
>> +/* Level Indexing */
>> +
>> +static inline int level_shift(int level, int granule_sz)
>> +{
>> + return granule_sz + (3 - level) * (granule_sz - 3);
>> +}
>> +
>> +static inline uint64_t level_page_mask(int level, int granule_sz)
>> +{
>> + return ~(MAKE_64BIT_MASK(0, level_shift(level, granule_sz)));
>> +}
>> +
>> +/**
>> + * TODO: handle the case where the level resolves less than
>> + * granule_sz -3 IA bits.
>> + */
>> +static inline
>> +uint64_t iova_level_offset(uint64_t iova, int level, int granule_sz)
>> +{
>> + return (iova >> level_shift(level, granule_sz)) &
>> + MAKE_64BIT_MASK(0, granule_sz - 3);
>> +}
>> +
>> +#endif
>
> When does the TODO case happen, and what goes wrong?
Sorry for the delay [back to the office].
This refers to
D4.2 of ARM ARM , Effect of granule size on translation table addressing
and indexing/ Reduced IA width.
"
Depending on the configuration and implementation choices, the required
input address width for the initial level of lookup might be smaller
than the number of address bits that can be resolved at that level"
For instance with 4k granule and IA limited to 35 bit, we use a 9-bit
mask here and initial level 1 offset is based on IA[30, 38] although IA
is limited to 35.
Thanks
Eric
>
>> --- a/include/hw/arm/smmu-common.h
>> +++ b/include/hw/arm/smmu-common.h
>> @@ -129,4 +129,18 @@ static inline uint16_t smmu_get_sid(SMMUDevice *sdev)
>> {
>> return ((pci_bus_num(sdev->bus) & 0xff) << 8) | sdev->devfn;
>> }
>> +
>> +/**
>> + * smmu_ptw - Perform the page table walk for a given iova / access flags
>> + * pair, according to @cfg translation config
>> + */
>> +int smmu_ptw(SMMUTransCfg *cfg, dma_addr_t iova, IOMMUAccessFlags perm,
>> + IOMMUTLBEntry *tlbe, SMMUPTWEventInfo *info);
>> +
>> +/**
>> + * select_tt - compute which translation table shall be used according
>
> "according to"
>
>> + * the input iova and tranlsation config and return the TT specific info
>
> "translation"
>
>> + */
>> +SMMUTransTableInfo *select_tt(SMMUTransCfg *cfg, dma_addr_t iova);
>> +
>> #endif /* HW_ARM_SMMU_COMMON */
>
> Otherwise
> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
>
> thanks
> -- PMM
>
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [Qemu-devel] [PATCH v11 04/17] hw/arm/smmuv3: Skeleton
2018-04-16 13:08 ` Peter Maydell
@ 2018-04-23 12:48 ` Auger Eric
0 siblings, 0 replies; 37+ messages in thread
From: Auger Eric @ 2018-04-23 12:48 UTC (permalink / raw)
To: Peter Maydell
Cc: Eric Auger, QEMU Developers, qemu-arm, Prem Mallappa,
Alex Williamson, Tomasz Nowicki, Michael S. Tsirkin,
Christoffer Dall, Bharat Bhushan, Jean-Philippe Brucker,
linuc.decode, Peter Xu, Jintack Lim
Hi Peter,
On 04/16/2018 03:08 PM, Peter Maydell wrote:
> On 12 April 2018 at 08:37, Eric Auger <eric.auger@redhat.com> wrote:
>> From: Prem Mallappa <prem.mallappa@broadcom.com>
>>
>> This patch implements a skeleton for the smmuv3 device.
>> Datatypes and register definitions are introduced. The MMIO
>> region, the interrupts and the queue are initialized.
>>
>> Only the MMIO read operation is implemented here.
>>
>> Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>
>> Signed-off-by: Eric Auger <eric.auger@redhat.com>
>>
>> ---
>> v10 -> v11:
>> - remove irq_ctrl_ack and return irq_ctrl on A_IRQ_CTRL_ACK
>> read
>>
>> v9 -> v10:
>> - s/hwaddr/uint64_t in trace-events
>> - add comments
>> - s->mrtypename = TYPE_SMMUV3_IOMMU_MEMORY_REGION
>> - removed iidr and idr from VMState
>> - use VMSTATE_STRUCT for the queues
>> - use qemu_log_mask(LOG_UNIMP,*) for unimplemented regs
>> - added SMMU_CMDQS, SMMU_EVENTQS
>> - use ops with attributes
>> - split readl/readll
>> - put id_regs in an array
>> - removed smmu_read64
>> - removed SMMU_FEATURE_2LVL_STE and NB_REGS
>> - RAZ when read access at unexpected address
>>
>> v8 -> v9:
>> - add #include "qemu/log.h"
>> - add parent_reset
>>
>> v7 -> v8:
>> - remove __smmu_data structs
>> - revisit struct SMMUQueue
>> - do not advertise stage 2 support anymore
>> - use the register definition API and get rid of REG array
>> - get read of queue structs
>>
>> v6 -> v7:
>> - split into several patches
>>
>> v5 -> v6:
>> - Use IOMMUMemoryregion
>> - regs become uint32_t and fix 64b MMIO access (.impl)
>> - trace_smmuv3_write/read_mmio take the size param
>>
>> v4 -> v5:
>> - change smmuv3_translate proto (IOMMUAccessFlags flag)
>> - has_stagex replaced by is_ste_stagex
>> - smmu_cfg_populate removed
>> - added smmuv3_decode_config and reworked error management
>> - remwork the naming of IOMMU mrs
>> - fix SMMU_CMDQ_CONS offset
>>
>> v3 -> v4
>> - smmu_irq_update
>> - fix hash key allocation
>> - set smmu_iommu_ops
>> - set SMMU_REG_CR0,
>> - smmuv3_translate: ret.perm not set in bypass mode
>> - use trace events
>> - renamed STM2U64 into L1STD_L2PTR and STMSPAN into L1STD_SPAN
>> - rework smmu_find_ste
>> - fix tg2granule in TT0/0b10 corresponds to 16kB
>>
>> v2 -> v3:
>> - move creation of include/hw/arm/smmuv3.h to this patch to fix compil issue
>> - compilation allowed
>> - fix sbus allocation in smmu_init_pci_iommu
>> - restructure code into headers
>> - misc cleanups
>>
>> Conflicts:
>> hw/arm/Makefile.objs
>> ---
>> hw/arm/Makefile.objs | 2 +-
>> hw/arm/smmuv3-internal.h | 167 ++++++++++++++++++++++
>> hw/arm/smmuv3.c | 365 +++++++++++++++++++++++++++++++++++++++++++++++
>> hw/arm/trace-events | 3 +
>> include/hw/arm/smmuv3.h | 87 +++++++++++
>> 5 files changed, 623 insertions(+), 1 deletion(-)
>> create mode 100644 hw/arm/smmuv3-internal.h
>> create mode 100644 hw/arm/smmuv3.c
>> create mode 100644 include/hw/arm/smmuv3.h
>>
>> diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
>> index 558436f..d51fcec 100644
>> --- a/hw/arm/Makefile.objs
>> +++ b/hw/arm/Makefile.objs
>> @@ -35,4 +35,4 @@ obj-$(CONFIG_MPS2) += mps2-tz.o
>> obj-$(CONFIG_MSF2) += msf2-soc.o msf2-som.o
>> obj-$(CONFIG_IOTKIT) += iotkit.o
>> obj-$(CONFIG_FSL_IMX7) += fsl-imx7.o mcimx7d-sabre.o
>> -obj-$(CONFIG_ARM_SMMUV3) += smmu-common.o
>> +obj-$(CONFIG_ARM_SMMUV3) += smmu-common.o smmuv3.o
>> diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
>> new file mode 100644
>> index 0000000..a6461fe
>> --- /dev/null
>> +++ b/hw/arm/smmuv3-internal.h
>> @@ -0,0 +1,167 @@
>> +/*
>> + * ARM SMMUv3 support - Internal API
>> + *
>> + * Copyright (C) 2014-2016 Broadcom Corporation
>> + * Copyright (c) 2017 Red Hat, Inc.
>> + * Written by Prem Mallappa, Eric Auger
>> + *
>> + * This program is free software; you can redistribute it and/or modify
>> + * it under the terms of the GNU General Public License version 2 as
>> + * published by the Free Software Foundation.
>> + *
>> + * This program is distributed in the hope that it will be useful,
>> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
>> + * GNU General Public License for more details.
>> + *
>> + * You should have received a copy of the GNU General Public License along
>> + * with this program; if not, see <http://www.gnu.org/licenses/>.
>> + */
>> +
>> +#ifndef HW_ARM_SMMU_V3_INTERNAL_H
>> +#define HW_ARM_SMMU_V3_INTERNAL_H
>> +
>> +#include "qemu/log.h"
>> +#include "trace.h"
>> +#include "qemu/error-report.h"
>
> I don't think you use these headers in this .h file -- they should
> probably be included from the .c file(s) instead.
indeed
>
>> +#include "hw/arm/smmu-common.h"
>> +
>> +/* MMIO Registers */
>> +
>> +REG32(IDR0, 0x0)
>> + FIELD(IDR0, S1P, 1 , 1)
>> + FIELD(IDR0, TTF, 2 , 2)
>> + FIELD(IDR0, COHACC, 4 , 1)
>> + FIELD(IDR0, ASID16, 12, 1)
>> + FIELD(IDR0, TTENDIAN, 21, 2)
>> + FIELD(IDR0, STALL_MODEL, 24, 2)
>> + FIELD(IDR0, TERM_MODEL, 26, 1)
>> + FIELD(IDR0, STLEVEL, 27, 2)
>> +
>> +REG32(IDR1, 0x4)
>> + FIELD(IDR1, SIDSIZE, 0 , 6)
>> + FIELD(IDR1, EVENTQS, 16, 5)
>> + FIELD(IDR1, CMDQS, 21, 5)
>> +
>> +#define SMMU_IDR1_SIDSIZE 16
>> +#define SMMU_CMDQS 19
>> +#define SMMU_EVENTQS 19
>> +
>> +REG32(IDR2, 0x8)
>> +REG32(IDR3, 0xc)
>> +REG32(IDR4, 0x10)
>> +REG32(IDR5, 0x14)
>> + FIELD(IDR5, OAS, 0, 3);
>> + FIELD(IDR5, GRAN4K, 4, 1);
>> + FIELD(IDR5, GRAN16K, 5, 1);
>> + FIELD(IDR5, GRAN64K, 6, 1);
>> +
>> +#define SMMU_IDR5_OAS 4
>> +
>> +REG32(IIDR, 0x1c)
>> +REG32(CR0, 0x20)
>> + FIELD(CR0, SMMU_ENABLE, 0, 1)
>> + FIELD(CR0, EVENTQEN, 2, 1)
>> + FIELD(CR0, CMDQEN, 3, 1)
>> +
>> +REG32(CR0ACK, 0x24)
>> +REG32(CR1, 0x28)
>> +REG32(CR2, 0x2c)
>> +REG32(STATUSR, 0x40)
>> +REG32(IRQ_CTRL, 0x50)
>> + FIELD(IRQ_CTRL, GERROR_IRQEN, 0, 1)
>> + FIELD(IRQ_CTRL, PRI_IRQEN, 1, 1)
>> + FIELD(IRQ_CTRL, EVENTQ_IRQEN, 2, 1)
>> +
>> +REG32(IRQ_CTRL_ACK, 0x54)
>> +REG32(GERROR, 0x60)
>> + FIELD(GERROR, CMDQ_ERR, 0, 1)
>> + FIELD(GERROR, EVENTQ_ABT_ERR, 2, 1)
>> + FIELD(GERROR, PRIQ_ABT_ERR, 3, 1)
>> + FIELD(GERROR, MSI_CMDQ_ABT_ERR, 4, 1)
>> + FIELD(GERROR, MSI_EVENTQ_ABT_ERR, 5, 1)
>> + FIELD(GERROR, MSI_PRIQ_ABT_ERR, 6, 1)
>> + FIELD(GERROR, MSI_GERROR_ABT_ERR, 7, 1)
>> + FIELD(GERROR, MSI_SFM_ERR, 8, 1)
>> +
>> +REG32(GERRORN, 0x64)
>> +
>> +#define A_GERROR_IRQ_CFG0 0x68 /* 64b */
>> +REG32(GERROR_IRQ_CFG1, 0x70)
>> +REG32(GERROR_IRQ_CFG2, 0x74)
>> +
>> +#define A_STRTAB_BASE 0x80 /* 64b */
>
> Why do this constant and A_GERROR_IRQ_CFG0 have different values
> but the same cryptic comment ?
Those are 64-bit registers as opposed to other registers which are
32-bit, hence the comment. I did not see any register API primitives for
those regs.
>
>
>> +static inline uint64_t smmu_read64(uint64_t r, unsigned offset,
>> + unsigned size)
>
> Looks like this function is unused now ?
indeed.
>
>
>> + /*
>> + * Return the value of the Primecell/Corelink ID registers at the
>> + * specified offset from the first ID register.
>> + * These value indicate an ARM implementation of MMU600 p1
>> + */
>> + static const uint8_t smmuv3_ids[] = {
>> + 0x4, 0, 0, 0, 0x84, 0xB4, 0xF0, 0x10, 0x0D, 0xF0, 0x05, 0xB1
>
> Can you be consistent about whether you put the leading 0 in
> for hex values less than 0x10 (0x4 vs 0x0D) ?
sure
>
>
> Otherwise
> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Thanks
Eric
>
> thanks
> -- PMM
>
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [Qemu-devel] [PATCH v11 03/17] hw/arm/smmu-common: VMSAv8-64 page table walk
2018-04-23 12:10 ` Auger Eric
@ 2018-04-23 14:03 ` Peter Maydell
0 siblings, 0 replies; 37+ messages in thread
From: Peter Maydell @ 2018-04-23 14:03 UTC (permalink / raw)
To: Auger Eric
Cc: Eric Auger, QEMU Developers, qemu-arm, Prem Mallappa,
Alex Williamson, Tomasz Nowicki, Michael S. Tsirkin,
Christoffer Dall, Bharat Bhushan, Jean-Philippe Brucker,
linuc.decode, Peter Xu, Jintack Lim
On 23 April 2018 at 13:10, Auger Eric <eric.auger@redhat.com> wrote:
> Hi Peter,
>
> On 04/16/2018 02:59 PM, Peter Maydell wrote:
>> On 12 April 2018 at 08:37, Eric Auger <eric.auger@redhat.com> wrote:
>>> +/**
>>> + * TODO: handle the case where the level resolves less than
>>> + * granule_sz -3 IA bits.
>>> + */
>>> +static inline
>>> +uint64_t iova_level_offset(uint64_t iova, int level, int granule_sz)
>>> +{
>>> + return (iova >> level_shift(level, granule_sz)) &
>>> + MAKE_64BIT_MASK(0, granule_sz - 3);
>>> +}
>>> +
>>> +#endif
>>
>> When does the TODO case happen, and what goes wrong?
> Sorry for the delay [back to the office].
>
> This refers to
> D4.2 of ARM ARM , Effect of granule size on translation table addressing
> and indexing/ Reduced IA width.
>
> "
> Depending on the configuration and implementation choices, the required
> input address width for the initial level of lookup might be smaller
> than the number of address bits that can be resolved at that level"
>
> For instance with 4k granule and IA limited to 35 bit, we use a 9-bit
> mask here and initial level 1 offset is based on IA[30, 38] although IA
> is limited to 35.
Hmm. We do get this right for the table walk code in
target/arm/helper.c, so it would be kind of nice to get it
right here too.
thanks
-- PMM
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [Qemu-devel] [PATCH v11 08/17] hw/arm/smmuv3: Event queue recording helper
2018-04-16 16:51 ` Peter Maydell
@ 2018-04-23 20:17 ` Auger Eric
0 siblings, 0 replies; 37+ messages in thread
From: Auger Eric @ 2018-04-23 20:17 UTC (permalink / raw)
To: Peter Maydell
Cc: Eric Auger, QEMU Developers, qemu-arm, Prem Mallappa,
Alex Williamson, Tomasz Nowicki, Michael S. Tsirkin,
Christoffer Dall, Bharat Bhushan, Jean-Philippe Brucker,
linuc.decode, Peter Xu, Jintack Lim
Hi Peter,
On 04/16/2018 06:51 PM, Peter Maydell wrote:
> On 12 April 2018 at 08:37, Eric Auger <eric.auger@redhat.com> wrote:
>> Let's introduce a helper function aiming at recording an
>> event in the event queue.
>>
>> Signed-off-by: Eric Auger <eric.auger@redhat.com>
>>
>> ---
>> v9 -> v10:
>> - rework SMMU_EVENT_STRING
>> - trigger a GERROR EVENTQ_ABT_ERR in case of eventq write failure
>>
>> v8 -> v9:
>> - add SMMU_EVENT_STRING
>>
>> v7 -> v8:
>> - use dma_addr_t instead of hwaddr in smmuv3_record_event()
>> - introduce struct SMMUEventInfo
>> - add event_stringify + helpers for all fields
>> ---
>> hw/arm/smmuv3-internal.h | 142 ++++++++++++++++++++++++++++++++++++++++++++++-
>> hw/arm/smmuv3.c | 108 +++++++++++++++++++++++++++++++++--
>> hw/arm/trace-events | 1 +
>> 3 files changed, 243 insertions(+), 8 deletions(-)
>>
>> diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
>> index 8550be0..8e546bf 100644
>> --- a/hw/arm/smmuv3-internal.h
>> +++ b/hw/arm/smmuv3-internal.h
>> @@ -205,8 +205,6 @@ static inline void smmu_write_cmdq_err(SMMUv3State *s, uint32_t err_type)
>> s->cmdq.cons = FIELD_DP32(s->cmdq.cons, CMDQ_CONS, ERR, err_type);
>> }
>>
>> -void smmuv3_write_eventq(SMMUv3State *s, Evt *evt);
>> -
>> /* Commands */
>>
>> typedef enum SMMUCommandType {
>> @@ -308,4 +306,144 @@ enum { /* Command completion notification */
>>
>> #define SMMU_FEATURE_2LVL_STE (1 << 0)
>>
>> +/* Events */
>> +
>> +typedef enum SMMUEventType {
>> + SMMU_EVT_OK = 0x00,
>> + SMMU_EVT_F_UUT = 0x01,
>> + SMMU_EVT_C_BAD_STREAMID = 0x02,
>> + SMMU_EVT_F_STE_FETCH = 0x03,
>> + SMMU_EVT_C_BAD_STE = 0x04,
>> + SMMU_EVT_F_BAD_ATS_TREQ = 0x05,
>> + SMMU_EVT_F_STREAM_DISABLED = 0x06,
>> + SMMU_EVT_F_TRANS_FORBIDDEN = 0x07,
>> + SMMU_EVT_C_BAD_SUBSTREAMID = 0x08,
>> + SMMU_EVT_F_CD_FETCH = 0x09,
>> + SMMU_EVT_C_BAD_CD = 0x0a,
>> + SMMU_EVT_F_WALK_EABT = 0x0b,
>
> Most of the other enums you let the auto-increment deal
> with long runs of consecutive integers like this. I don't
> much care which but being consistent is generally nicer.
>
>> + SMMU_EVT_F_TRANSLATION = 0x10,
>> + SMMU_EVT_F_ADDR_SIZE = 0x11,
>> + SMMU_EVT_F_ACCESS = 0x12,
>> + SMMU_EVT_F_PERMISSION = 0x13,
>> + SMMU_EVT_F_TLB_CONFLICT = 0x20,
>> + SMMU_EVT_F_CFG_CONFLICT = 0x21,
>> + SMMU_EVT_E_PAGE_REQ = 0x24,
>> +} SMMUEventType;
>> +
>> +static const char *event_stringify[] = {
>> + [SMMU_EVT_OK] = "SMMU_EVT_OK",
>> + [SMMU_EVT_F_UUT] = "SMMU_EVT_F_UUT",
>> + [SMMU_EVT_C_BAD_STREAMID] = "SMMU_EVT_C_BAD_STREAMID",
>> + [SMMU_EVT_F_STE_FETCH] = "SMMU_EVT_F_STE_FETCH",
>> + [SMMU_EVT_C_BAD_STE] = "SMMU_EVT_C_BAD_STE",
>> + [SMMU_EVT_F_BAD_ATS_TREQ] = "SMMU_EVT_F_BAD_ATS_TREQ",
>> + [SMMU_EVT_F_STREAM_DISABLED] = "SMMU_EVT_F_STREAM_DISABLED",
>> + [SMMU_EVT_F_TRANS_FORBIDDEN] = "SMMU_EVT_F_TRANS_FORBIDDEN",
>> + [SMMU_EVT_C_BAD_SUBSTREAMID] = "SMMU_EVT_C_BAD_SUBSTREAMID",
>> + [SMMU_EVT_F_CD_FETCH] = "SMMU_EVT_F_CD_FETCH",
>> + [SMMU_EVT_C_BAD_CD] = "SMMU_EVT_C_BAD_CD",
>> + [SMMU_EVT_F_WALK_EABT] = "SMMU_EVT_F_WALK_EABT",
>> + [SMMU_EVT_F_TRANSLATION] = "SMMU_EVT_F_TRANSLATION",
>> + [SMMU_EVT_F_ADDR_SIZE] = "SMMU_EVT_F_ADDR_SIZE",
>> + [SMMU_EVT_F_ACCESS] = "SMMU_EVT_F_ACCESS",
>> + [SMMU_EVT_F_PERMISSION] = "SMMU_EVT_F_PERMISSION",
>> + [SMMU_EVT_F_TLB_CONFLICT] = "SMMU_EVT_F_TLB_CONFLICT",
>> + [SMMU_EVT_F_CFG_CONFLICT] = "SMMU_EVT_F_CFG_CONFLICT",
>> + [SMMU_EVT_E_PAGE_REQ] = "SMMU_EVT_E_PAGE_REQ",
>> +};
>> +
>> +static inline const char *smmu_event_string(SMMUEventType type)
>> +{
>> + return event_stringify[type] ? event_stringify[type] : "UNKNOWN";
>
> Same remarks about being defensive about out of range values
> apply here, I expect.
I think this one is safe as called from smmuv3_record_event(). Type is
is sanitized in that case. Adding the check against ARRAY_SIZE though.
Thanks
Eric
>
>> +}
>> +
>> +/* Encode an event record */
>> +typedef struct SMMUEventInfo {
>> + SMMUEventType type;
>> + uint32_t sid;
>> + bool recorded;
>> + bool record_trans_faults;
>> + union {
>> + struct {
>> + uint32_t ssid;
>> + bool ssv;
>> + dma_addr_t addr;
>> + bool rnw;
>> + bool pnu;
>> + bool ind;
>> + } f_uut;
>> + struct ssid_info {
>> + uint32_t ssid;
>> + bool ssv;
>> + } c_bad_streamid;
>
> If we were being really picky about coding style these
> embedded struct names like ssid_info ought to be camelcase.
>
>> + struct ssid_addr_info {
>> + uint32_t ssid;
>> + bool ssv;
>> + dma_addr_t addr;
>> + } f_ste_fetch;
>> + struct ssid_info c_bad_ste;
>> + struct {
>> + dma_addr_t addr;
>> + bool rnw;
>> + } f_transl_forbidden;
>> + struct {
>> + uint32_t ssid;
>> + } c_bad_substream;
>> + struct ssid_addr_info f_cd_fetch;
>> + struct ssid_info c_bad_cd;
>> + struct full_info {
>> + bool stall;
>> + uint16_t stag;
>> + uint32_t ssid;
>> + bool ssv;
>> + bool s2;
>> + dma_addr_t addr;
>> + bool rnw;
>> + bool pnu;
>> + bool ind;
>> + uint8_t class;
>> + dma_addr_t addr2;
>> + } f_walk_eabt;
>> + struct full_info f_translation;
>> + struct full_info f_addr_size;
>> + struct full_info f_access;
>> + struct full_info f_permission;
>> + struct ssid_info f_cfg_conflict;
>> + /**
>> + * not supported yet:
>> + * F_BAD_ATS_TREQ
>> + * F_BAD_ATS_TREQ
>> + * F_TLB_CONFLICT
>> + * E_PAGE_REQUEST
>> + * IMPDEF_EVENTn
>> + */
>> + } u;
>> +} SMMUEventInfo;
>> +
>> +/* EVTQ fields */
>> +
>> +#define EVT_Q_OVERFLOW (1 << 31)
>> +
>> +#define EVT_SET_TYPE(x, v) deposit32((x)->word[0], 0 , 8 , v)
>> +#define EVT_SET_SSV(x, v) deposit32((x)->word[0], 11, 1 , v)
>> +#define EVT_SET_SSID(x, v) deposit32((x)->word[0], 12, 20, v)
>> +#define EVT_SET_SID(x, v) ((x)->word[1] = v)
>> +#define EVT_SET_STAG(x, v) deposit32((x)->word[2], 0 , 16, v)
>> +#define EVT_SET_STALL(x, v) deposit32((x)->word[2], 31, 1 , v)
>> +#define EVT_SET_PNU(x, v) deposit32((x)->word[3], 1 , 1 , v)
>> +#define EVT_SET_IND(x, v) deposit32((x)->word[3], 2 , 1 , v)
>> +#define EVT_SET_RNW(x, v) deposit32((x)->word[3], 3 , 1 , v)
>> +#define EVT_SET_S2(x, v) deposit32((x)->word[3], 7 , 1 , v)
>> +#define EVT_SET_CLASS(x, v) deposit32((x)->word[3], 8 , 2 , v)
>
> There's some weird extra spaces in these macros.
>
>> +#define EVT_SET_ADDR(x, addr) ({ \
>> + (x)->word[5] = (uint32_t)(addr >> 32); \
>> + (x)->word[4] = (uint32_t)(addr & 0xffffffff); \
>> + })
>> +#define EVT_SET_ADDR2(x, addr) ({ \
>> + deposit32((x)->word[7], 3, 29, addr >> 16); \
>> + deposit32((x)->word[7], 0, 16, addr & 0xffff); \
>> + })
>
> These don't need the GCC ({ }) extension -- you can just do them
> as normal do { ... } while (0) macros.
>
> Otherwise
> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
>
> thanks
> -- PMM
>
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [Qemu-devel] [PATCH v11 11/17] target/arm/kvm: Translate the MSI doorbell in kvm_arch_fixup_msi_route
2018-04-17 11:02 ` Peter Maydell
@ 2018-04-25 14:43 ` Auger Eric
0 siblings, 0 replies; 37+ messages in thread
From: Auger Eric @ 2018-04-25 14:43 UTC (permalink / raw)
To: Peter Maydell
Cc: Eric Auger, QEMU Developers, qemu-arm, Prem Mallappa,
Alex Williamson, Tomasz Nowicki, Michael S. Tsirkin,
Christoffer Dall, Bharat Bhushan, Jean-Philippe Brucker,
linuc.decode, Peter Xu, Jintack Lim
Hi Peter,
On 04/17/2018 01:02 PM, Peter Maydell wrote:
> On 12 April 2018 at 08:38, Eric Auger <eric.auger@redhat.com> wrote:
>> In case the MSI is translated by an IOMMU we need to fixup the
>> MSI route with the translated address.
>>
>> Signed-off-by: Eric Auger <eric.auger@redhat.com>
>> Signed-off-by: Bharat Bhushan <Bharat.Bhushan@nxp.com>
>>
>> ---
>> v9 -> v10:
>> - use address_space_translate
>>
>> v5 -> v6:
>> - use IOMMUMemoryRegionClass API
>> ---
>> target/arm/kvm.c | 27 +++++++++++++++++++++++++++
>> target/arm/trace-events | 3 +++
>> 2 files changed, 30 insertions(+)
>>
>> diff --git a/target/arm/kvm.c b/target/arm/kvm.c
>> index ecc39ac..c6f6aa8 100644
>> --- a/target/arm/kvm.c
>> +++ b/target/arm/kvm.c
>> @@ -20,8 +20,10 @@
>> #include "sysemu/kvm.h"
>> #include "kvm_arm.h"
>> #include "cpu.h"
>> +#include "trace.h"
>> #include "internals.h"
>> #include "hw/arm/arm.h"
>> +#include "hw/pci/pci.h"
>> #include "exec/memattrs.h"
>> #include "exec/address-spaces.h"
>> #include "hw/boards.h"
>> @@ -649,6 +651,31 @@ int kvm_arm_vgic_probe(void)
>> int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry *route,
>> uint64_t address, uint32_t data, PCIDevice *dev)
>> {
>> + AddressSpace *as = pci_device_iommu_address_space(dev);
>> + hwaddr xlat, len, doorbell_gpa;
>> + MemoryRegionSection mrs;
>> + MemoryRegion *mr;
>> +
>> + if (as == &address_space_memory) {
>> + return 0;
>> + }
>> +
>> + /* MSI doorbell address is translated by an IOMMU */
>> +
>> + rcu_read_lock();
>> + mr = address_space_translate(as, address, &xlat, &len, true);
>> + if (!mr) {
>> + return 1;
>
> This early-return code path fails to release the rcu_read_lock.
ough, fixed.
>
>> + }
>> + mrs = memory_region_find(mr, xlat, 0);
>
> Is it really valid to pass a size of 0 to memory_region_find() ?
> We should probably use however big the doorbell write is.
Using size=1 as most of the callers do.
>
> Do we need to do something here to handle the case where
> memory_region_find() doesn't find a a region, or does that
> just work automatically?
Added a check on mrs.mr.
Also released the ref on mrs.mr after usage.
Thanks
Eric
>
>> + doorbell_gpa = mrs.offset_within_address_space;
>> + rcu_read_unlock();
>> +
>> + route->u.msi.address_lo = doorbell_gpa;
>> + route->u.msi.address_hi = doorbell_gpa >> 32;
>> +
>> + trace_kvm_arm_fixup_msi_route(address, doorbell_gpa);
>> +
>> return 0;
>> }
>>
>> diff --git a/target/arm/trace-events b/target/arm/trace-events
>> index 9e37131..6b759f9 100644
>> --- a/target/arm/trace-events
>> +++ b/target/arm/trace-events
>> @@ -8,3 +8,6 @@ arm_gt_tval_write(int timer, uint64_t value) "gt_tval_write: timer %d value 0x%"
>> arm_gt_ctl_write(int timer, uint64_t value) "gt_ctl_write: timer %d value 0x%" PRIx64
>> arm_gt_imask_toggle(int timer, int irqstate) "gt_ctl_write: timer %d IMASK toggle, new irqstate %d"
>> arm_gt_cntvoff_write(uint64_t value) "gt_cntvoff_write: value 0x%" PRIx64
>> +
>> +# target/arm/kvm.c
>> +kvm_arm_fixup_msi_route(uint64_t iova, uint64_t gpa) "MSI iova = 0x%"PRIx64" is translated into 0x%"PRIx64
>> --
>> 2.5.5
>
> thanks
> -- PMM
>
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [Qemu-devel] [PATCH v11 16/17] hw/arm/smmuv3: IOTLB emulation
2018-04-17 12:55 ` Peter Maydell
@ 2018-04-25 14:48 ` Auger Eric
0 siblings, 0 replies; 37+ messages in thread
From: Auger Eric @ 2018-04-25 14:48 UTC (permalink / raw)
To: Peter Maydell
Cc: Eric Auger, QEMU Developers, qemu-arm, Prem Mallappa,
Alex Williamson, Tomasz Nowicki, Michael S. Tsirkin,
Christoffer Dall, Bharat Bhushan, Jean-Philippe Brucker,
linuc.decode, Peter Xu, Jintack Lim
Hi Peter,
On 04/17/2018 02:55 PM, Peter Maydell wrote:
> On 12 April 2018 at 08:38, Eric Auger <eric.auger@redhat.com> wrote:
>> We emulate a TLB cache of size SMMU_IOTLB_MAX_SIZE=256.
>> It is implemented as a hash table whose key is a combination
>> of the 16b asid and 48b IOVA.
>>
>> Entries are invalidated on TLB invalidation commands, either
>> globally, or per asid, or per asid/iova.
>>
>> One peculiarity is the NH_VA invalidation command does not
>> convey any information about the size to be invalidated (as
>> opposed to what Intel does, for instance, with the am field).
>> Hence, when NH_VA arrives we both invalidate the 4K and 64K
>> entries, the both granules that we support.
>>
>> Signed-off-by: Eric Auger <eric.auger@redhat.com>
>>
>> ---
>>
>> Credit to Tomasz Nowicki who did the first implementation of
>> this IOTLB implementation, inspired of intel_iommu implemtation.
>> ---
>> hw/arm/smmu-common.c | 33 ++++++++++++++
>> hw/arm/smmuv3.c | 105 +++++++++++++++++++++++++++++++++++++++++--
>> hw/arm/trace-events | 9 ++++
>> include/hw/arm/smmu-common.h | 11 +++++
>> 4 files changed, 154 insertions(+), 4 deletions(-)
>>
>> diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
>> index c271a28..3d25339 100644
>> --- a/hw/arm/smmu-common.c
>> +++ b/hw/arm/smmu-common.c
>> @@ -29,6 +29,36 @@
>> #include "hw/arm/smmu-common.h"
>> #include "smmu-internal.h"
>>
>> +/* IOTLB Management */
>> +
>> +inline void smmu_iotlb_inv_all(SMMUState *s)
>> +{
>> + trace_smmu_iotlb_inv_all();
>> + g_hash_table_remove_all(s->iotlb);
>> +}
>> +
>> +static gboolean smmu_hash_remove_by_asid(gpointer key, gpointer value,
>> + gpointer user_data)
>> +{
>> + uint16_t asid = *(uint16_t *)user_data;
>> +
>> + return ((*(uint64_t *)key) >> IOTLB_KEY_ASID_SHIFT) == asid;
>> +}
>> +
>> +inline void smmu_iotlb_inv_iova(SMMUState *s, uint16_t asid, dma_addr_t iova)
>> +{
>> + uint64_t key = SMMU_IOTLB_KEY(asid, iova);
>> +
>> + trace_smmu_iotlb_inv_iova(asid, iova);
>> + g_hash_table_remove(s->iotlb, &key);
>> +}
>> +
>> +inline void smmu_iotlb_inv_asid(SMMUState *s, uint16_t asid)
>> +{
>> + trace_smmu_iotlb_inv_asid(asid);
>> + g_hash_table_foreach_remove(s->iotlb, smmu_hash_remove_by_asid, &asid);
>> +}
>> +
>> /* VMSAv8-64 Translation */
>>
>> /**
>> @@ -327,6 +357,8 @@ static void smmu_base_realize(DeviceState *dev, Error **errp)
>> return;
>> }
>> s->configs = g_hash_table_new_full(NULL, NULL, NULL, g_free);
>> + s->iotlb = g_hash_table_new_full(g_int64_hash, g_int64_equal,
>> + g_free, g_free);
>> s->smmu_pcibus_by_busptr = g_hash_table_new(NULL, NULL);
>>
>> if (s->primary_bus) {
>> @@ -341,6 +373,7 @@ static void smmu_base_reset(DeviceState *dev)
>> SMMUState *s = ARM_SMMU(dev);
>>
>> g_hash_table_remove_all(s->configs);
>> + g_hash_table_remove_all(s->iotlb);
>> }
>>
>> static Property smmu_dev_properties[] = {
>> diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
>> index 938052e..081f0fb 100644
>> --- a/hw/arm/smmuv3.c
>> +++ b/hw/arm/smmuv3.c
>> @@ -551,6 +551,8 @@ static SMMUTransCfg *smmuv3_get_config(SMMUDevice *sdev, SMMUEventInfo *event)
>> sdev->devfn);
>> cfg = g_new0(SMMUTransCfg, 1);
>> g_hash_table_insert(bc->configs, sdev, cfg);
>> + cfg->iotlb_miss = 0;
>> + cfg->iotlb_hit = 0;
>>
>> if (smmuv3_decode_config(&sdev->iommu, cfg, event)) {
>> g_hash_table_remove(bc->configs, sdev);
>> @@ -575,8 +577,12 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,
>> SMMUDevice *sdev = container_of(mr, SMMUDevice, iommu);
>> SMMUv3State *s = sdev->smmu;
>> uint32_t sid = smmu_get_sid(sdev);
>> + SMMUState *bs = ARM_SMMU(s);
>> SMMUEventInfo event = {.type = SMMU_EVT_OK, .sid = sid};
>> + uint64_t key_val, page_mask, aligned_addr;
>> + IOMMUTLBEntry *cached_entry = NULL;
>> SMMUPTWEventInfo ptw_info = {};
>> + SMMUTransTableInfo *tt;
>> SMMUTransCfg *cfg = NULL;
>> IOMMUTLBEntry entry = {
>> .target_as = &address_space_memory,
>> @@ -585,6 +591,7 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,
>> .addr_mask = ~(hwaddr)0,
>> .perm = IOMMU_NONE,
>> };
>> + uint64_t *key;
>> int ret = 0;
>>
>> if (!smmu_enabled(s)) {
>> @@ -607,7 +614,56 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,
>> goto out;
>> }
>>
>> - ret = smmu_ptw(cfg, addr, flag, &entry, &ptw_info);
>> + tt = select_tt(cfg, addr);
>> + if (!tt) {
>> + if (event.record_trans_faults) {
>> + event.type = SMMU_EVT_F_TRANSLATION;
>> + event.u.f_translation.addr = addr;
>> + event.u.f_translation.rnw = flag & 0x1;
>> + }
>> + ret = -EINVAL;
>> + goto out;
>> + }
>> +
>> + page_mask = (1ULL << (tt->granule_sz)) - 1;
>> + aligned_addr = addr & ~page_mask;
>> +
>> + key_val = SMMU_IOTLB_KEY(cfg->asid, aligned_addr);
>> +
>> + cached_entry = g_hash_table_lookup(bs->iotlb, &key_val);
>> + if (cached_entry) {
>> + cfg->iotlb_hit += 1;
>> + trace_smmu_iotlb_cache_hit(cfg->asid, aligned_addr,
>> + cfg->iotlb_hit, cfg->iotlb_miss,
>> + 100 * cfg->iotlb_hit /
>> + (cfg->iotlb_hit + cfg->iotlb_miss));
>> + if ((flag & IOMMU_WO) && !(cached_entry->perm & IOMMU_WO)) {
>> + ret = -EFAULT;
>> + if (event.record_trans_faults) {
>> + event.type = SMMU_EVT_F_PERMISSION;
>> + event.u.f_permission.addr = addr;
>> + event.u.f_permission.rnw = flag & 0x1;
>> + }
>> + }
>> + goto out;
>> + }
>> +
>> + cfg->iotlb_miss += 1;
>> + trace_smmu_iotlb_cache_miss(cfg->asid, addr & ~page_mask,
>> + cfg->iotlb_hit, cfg->iotlb_miss,
>> + 100 * cfg->iotlb_hit /
>> + (cfg->iotlb_hit + cfg->iotlb_miss));
>> +
>> + if (g_hash_table_size(bs->iotlb) >= SMMU_IOTLB_MAX_SIZE) {
>> + smmu_iotlb_inv_all(bs);
>> + }
>> +
>> + cached_entry = g_new0(IOMMUTLBEntry, 1);
>> + key = g_new0(uint64_t, 1);
>> + *key = key_val;
>> + g_hash_table_insert(bs->iotlb, key, cached_entry);
>> +
>> + ret = smmu_ptw(cfg, aligned_addr, flag, cached_entry, &ptw_info);
>> if (ret) {
>> switch (ptw_info.type) {
>> case SMMU_PTW_ERR_WALK_EABT:
>> @@ -656,8 +712,14 @@ out:
>> mr->parent_obj.name, addr, ret);
>> entry.perm = IOMMU_NONE;
>> smmuv3_record_event(s, &event);
>> + if (cached_entry) {
>> + smmu_iotlb_inv_iova(bs, cfg->asid, aligned_addr);
>> + }
>
> This is doing that weird "insert an entry into the cache
> and then remove it again" logic.
fixed
>
>> } else if (!cfg->aborted) {
>> entry.perm = flag;
>> + entry.translated_addr = cached_entry->translated_addr +
>> + (addr & page_mask);
>> + entry.addr_mask = cached_entry->addr_mask;
>> trace_smmuv3_translate(mr->parent_obj.name, sid, addr,
>> entry.translated_addr, entry.perm);
>> }
>> @@ -781,10 +843,46 @@ static int smmuv3_cmdq_consume(SMMUv3State *s)
>> smmuv3_put_config(sdev);
>> break;
>> }
>> - case SMMU_CMD_TLBI_NH_ALL:
>> case SMMU_CMD_TLBI_NH_ASID:
>> - case SMMU_CMD_TLBI_NH_VA:
>> + {
>> + uint16_t asid = CMD_ASID(&cmd);
>> +
>> + trace_smmuv3_cmdq_tlbi_nh_asid(asid);
>> + /* TODO: be more precise and invalidate for @asid */
>> + smmu_iotlb_inv_asid(bs, asid);
>
> TODO comment says we should invalidate for this ASID only, but
> the code seems to do that already ?
removed
>
>> + break;
>> + }
>> + case SMMU_CMD_TLBI_NH_ALL:
>> + case SMMU_CMD_TLBI_NSNH_ALL:
>> + trace_smmuv3_cmdq_tlbi_nh();
>> + smmu_iotlb_inv_all(bs);
>> + break;
>> case SMMU_CMD_TLBI_NH_VAA:
>> + {
>> + dma_addr_t addr = CMD_ADDR(&cmd);
>> + uint16_t vmid = CMD_VMID(&cmd);
>> +
>> + trace_smmuv3_cmdq_tlbi_nh_vaa(vmid, addr);
>> + smmu_iotlb_inv_all(bs);
>> + break;
>> + }
>> + case SMMU_CMD_TLBI_NH_VA:
>> + {
>> + uint16_t asid = CMD_ASID(&cmd);
>> + uint16_t vmid = CMD_VMID(&cmd);
>> + dma_addr_t addr = CMD_ADDR(&cmd);
>> + bool leaf = CMD_LEAF(&cmd);
>> +
>> + trace_smmuv3_cmdq_tlbi_nh_va(vmid, asid, addr, leaf);
>> + /**
>
> This isn't a doc-comment so it shouldn't have the double-asterisk
> doc-comment syntax.
removed
>
>> + * we don't know the size of the granule so
>> + * let's invalidate both 4K entry and 64kB entry.
>> + * The spec allow to invalidate more than necessary.
>> + */
>> + smmu_iotlb_inv_iova(bs, asid, addr & ~0xFFF);
>> + smmu_iotlb_inv_iova(bs, asid, addr & ~0xFFFF);
>> + break;
>> + }
>> case SMMU_CMD_TLBI_EL3_ALL:
>> case SMMU_CMD_TLBI_EL3_VA:
>> case SMMU_CMD_TLBI_EL2_ALL:
>> @@ -793,7 +891,6 @@ static int smmuv3_cmdq_consume(SMMUv3State *s)
>> case SMMU_CMD_TLBI_EL2_VAA:
>> case SMMU_CMD_TLBI_S12_VMALL:
>> case SMMU_CMD_TLBI_S2_IPA:
>> - case SMMU_CMD_TLBI_NSNH_ALL:
>> case SMMU_CMD_ATC_INV:
>> case SMMU_CMD_PRI_RESP:
>> case SMMU_CMD_RESUME:
>> diff --git a/hw/arm/trace-events b/hw/arm/trace-events
>> index ecc30be..7fdc08e 100644
>> --- a/hw/arm/trace-events
>> +++ b/hw/arm/trace-events
>> @@ -12,6 +12,11 @@ smmu_ptw_invalid_pte(int stage, int level, uint64_t baseaddr, uint64_t pteaddr,
>> smmu_ptw_page_pte(int stage, int level, uint64_t iova, uint64_t baseaddr, uint64_t pteaddr, uint64_t pte, uint64_t address) "stage=%d level=%d iova=0x%"PRIx64" base@=0x%"PRIx64" pte@=0x%"PRIx64" pte=0x%"PRIx64" page address = 0x%"PRIx64
>> smmu_ptw_block_pte(int stage, int level, uint64_t baseaddr, uint64_t pteaddr, uint64_t pte, uint64_t iova, uint64_t gpa, int bsize_mb) "stage=%d level=%d base@=0x%"PRIx64" pte@=0x%"PRIx64" pte=0x%"PRIx64" iova=0x%"PRIx64" block address = 0x%"PRIx64" block size = %d MiB"
>> smmu_get_pte(uint64_t baseaddr, int index, uint64_t pteaddr, uint64_t pte) "baseaddr=0x%"PRIx64" index=0x%x, pteaddr=0x%"PRIx64", pte=0x%"PRIx64
>> +smmu_iotlb_cache_hit(uint16_t asid, uint64_t addr, uint32_t hit, uint32_t miss, float p) "IOTLB cache HIT asid=%d addr=0x%"PRIx64" hit=%d miss=%d hit rate=%.1f"
>> +smmu_iotlb_cache_miss(uint16_t asid, uint64_t addr, uint32_t hit, uint32_t miss, float p) "IOTLB cache MISS asid=%d addr=0x%"PRIx64" hit=%d miss=%d hit rate=%.1f"
>> +smmu_iotlb_inv_all(void) "IOTLB invalidate all"
>> +smmu_iotlb_inv_asid(uint16_t asid) "IOTLB invalidate asid=%d"
>> +smmu_iotlb_inv_iova(uint16_t asid, uint64_t addr) "IOTLB invalidate asid=%d addr=0x%"PRIx64
>>
>> #hw/arm/smmuv3.c
>> smmuv3_read_mmio(uint64_t addr, uint64_t val, unsigned size, uint32_t r) "addr: 0x%"PRIx64" val:0x%"PRIx64" size: 0x%x(%d)"
>> @@ -41,6 +46,10 @@ smmuv3_decode_cd(uint32_t oas) "oas=%d"
>> smmuv3_decode_cd_tt(int i, uint32_t tsz, uint64_t ttb, uint32_t granule_sz, int initial_level) "TT[%d]:tsz:%d ttb:0x%"PRIx64" granule_sz:%d, initial_level = %d"
>> smmuv3_cmdq_cfgi_ste(int streamid) " |_ streamid =%d"
>> smmuv3_cmdq_cfgi_ste_range(int start, int end) " |_ start=0x%d - end=0x%d"
>> +smmuv3_cmdq_tlbi_nh_va(int vmid, int asid, uint64_t addr, bool leaf) " |_ vmid =%d asid =%d addr=0x%"PRIx64" leaf=%d"
>> +smmuv3_cmdq_tlbi_nh_vaa(int vmid, uint64_t addr) " |_ vmid =%d addr=0x%"PRIx64
>> +smmuv3_cmdq_tlbi_nh(void) ""
>> +smmuv3_cmdq_tlbi_nh_asid(uint16_t asid) "asid=%d"
>> smmuv3_cmdq_cfgi_cd(uint32_t sid) " |_ streamid = %d"
>> smmuv3_config_cache_hit(uint32_t sid) "Config cache HIT for sid %d"
>> smmuv3_config_cache_miss(uint32_t sid) "Config cache MISS for sid %d"
>> diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h
>> index ff07734..1c9c648 100644
>> --- a/include/hw/arm/smmu-common.h
>> +++ b/include/hw/arm/smmu-common.h
>> @@ -68,6 +68,8 @@ typedef struct SMMUTransCfg {
>> uint8_t tbi; /* Top Byte Ignore */
>> uint16_t asid;
>> SMMUTransTableInfo tt[2];
>> + uint32_t iotlb_hit;
>> + uint32_t iotlb_miss;
>
> Are these just gathering hit/miss statistics for the tracing?
> Could we have a comment saying what they're for? From the
> name of the fields I was expecting them to be boolean flags;
> if they're counts of hits and misses then iotlb_hits and
> iotlb_misses might be better?
yes it does. renamed and comment added.
>
>> } SMMUTransCfg;
>>
>> typedef struct SMMUDevice {
>> @@ -146,4 +148,13 @@ SMMUTransTableInfo *select_tt(SMMUTransCfg *cfg, dma_addr_t iova);
>> /* Return the iommu mr associated to @sid, or NULL if none */
>> IOMMUMemoryRegion *smmu_iommu_mr(SMMUState *s, uint32_t sid);
>>
>> +#define SMMU_IOTLB_MAX_SIZE 256
>> +#define IOTLB_KEY_ASID_SHIFT SMMU_MAX_VA_BITS
>> +#define SMMU_IOTLB_KEY(asid, iova) \
>> + (iova | (uint64_t)(asid) << IOTLB_KEY_ASID_SHIFT);
>
> This choice of key layout makes future changes to the SMMU
> implementation a bit painful. Currently SMMU_MAX_VA_BITS is 48,
> so since the ASID is 16 bits that's the entirety of the 64 bit key.
> We're also likely at some point to want to include in the key:
> * 16 bit VMID
> * larger address sizes (ie bigger SMMU_MAX_VA_BITS)
> * translation regime (StreamWorld)
>
> I think it would be better to define a struct and a custom
> equality comparison function rather than using uint64_t and
> g_int64_equal().
Implemented the key as a struct and used a Jenkins hash
Thanks
Eric
>
>> +
>> +void smmu_iotlb_inv_all(SMMUState *s);
>> +void smmu_iotlb_inv_asid(SMMUState *s, uint16_t asid);
>> +void smmu_iotlb_inv_iova(SMMUState *s, uint16_t asid, dma_addr_t iova);
>> +
>> #endif /* HW_ARM_SMMU_COMMON */
>> --
>> 2.5.5
>
> thanks
> -- PMM
>
^ permalink raw reply [flat|nested] 37+ messages in thread
end of thread, other threads:[~2018-04-25 14:48 UTC | newest]
Thread overview: 37+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-12 7:37 [Qemu-devel] [PATCH v11 00/17] ARM SMMUv3 Emulation Support Eric Auger
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 01/17] hw/arm/smmu-common: smmu base device and datatypes Eric Auger
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 02/17] hw/arm/smmu-common: IOMMU memory region and address space setup Eric Auger
2018-04-16 12:33 ` Peter Maydell
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 03/17] hw/arm/smmu-common: VMSAv8-64 page table walk Eric Auger
2018-04-16 12:59 ` Peter Maydell
2018-04-23 12:10 ` Auger Eric
2018-04-23 14:03 ` Peter Maydell
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 04/17] hw/arm/smmuv3: Skeleton Eric Auger
2018-04-16 13:08 ` Peter Maydell
2018-04-23 12:48 ` Auger Eric
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 05/17] hw/arm/smmuv3: Wired IRQ and GERROR helpers Eric Auger
2018-04-16 13:10 ` Peter Maydell
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 06/17] hw/arm/smmuv3: Queue helpers Eric Auger
2018-04-16 16:41 ` Peter Maydell
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 07/17] hw/arm/smmuv3: Implement MMIO write operations Eric Auger
2018-04-16 16:46 ` Peter Maydell
2018-04-12 7:37 ` [Qemu-devel] [PATCH v11 08/17] hw/arm/smmuv3: Event queue recording helper Eric Auger
2018-04-16 16:51 ` Peter Maydell
2018-04-23 20:17 ` Auger Eric
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 09/17] hw/arm/smmuv3: Implement translate callback Eric Auger
2018-04-17 10:50 ` Peter Maydell
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 10/17] hw/arm/smmuv3: Abort on vfio or vhost case Eric Auger
2018-04-17 10:51 ` Peter Maydell
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 11/17] target/arm/kvm: Translate the MSI doorbell in kvm_arch_fixup_msi_route Eric Auger
2018-04-17 11:02 ` Peter Maydell
2018-04-25 14:43 ` Auger Eric
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 12/17] hw/arm/virt: Add SMMUv3 to the virt board Eric Auger
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 13/17] hw/arm/virt-acpi-build: Add smmuv3 node in IORT table Eric Auger
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 14/17] hw/arm/virt: Introduce the iommu option Eric Auger
2018-04-16 16:55 ` Peter Maydell
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 15/17] hw/arm/smmuv3: Cache/invalidate config data Eric Auger
2018-04-17 12:22 ` Peter Maydell
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 16/17] hw/arm/smmuv3: IOTLB emulation Eric Auger
2018-04-17 12:55 ` Peter Maydell
2018-04-25 14:48 ` Auger Eric
2018-04-12 7:38 ` [Qemu-devel] [PATCH v11 17/17] hw/arm/smmuv3: Add notifications on invalidation Eric Auger
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.