Re: [Qemu-devel] [PATCH v6 09/10] target-arm: Add IRQ and FIQ routing to EL2 and 3

From: Peter Maydell <peter.maydell@linaro.org>
To: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: "Rob Herring" <rob.herring@linaro.org>,
	"Peter Crosthwaite" <peter.crosthwaite@xilinx.com>,
	"Fabian Aggeler" <aggelerf@ethz.ch>,
	"QEMU Developers" <qemu-devel@nongnu.org>,
	"Alexander Graf" <agraf@suse.de>,
	"Greg Bellows" <greg.bellows@linaro.org>,
	"Paolo Bonzini" <pbonzini@redhat.com>,
	"Alex Bennée" <alex.bennee@linaro.org>,
	"Christoffer Dall" <christoffer.dall@linaro.org>,
	"Richard Henderson" <rth@twiddle.net>
Subject: Re: [Qemu-devel] [PATCH v6 09/10] target-arm: Add IRQ and FIQ routing to EL2 and 3
Date: Thu, 25 Sep 2014 20:14:37 +0100	[thread overview]
Message-ID: <CAFEAcA9Ckx=HwSsFTmydVFMnsKA0WpQsi2j=e58CX4ALyjZVRA@mail.gmail.com> (raw)
In-Reply-To: <1410582564-27687-10-git-send-email-edgar.iglesias@gmail.com>

On 13 September 2014 05:29, Edgar E. Iglesias <edgar.iglesias@gmail.com> wrote:
> From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>
>
> Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
> ---
>  target-arm/cpu.h    | 12 ++++++++++++
>  target-arm/helper.c | 14 ++++++++++++++
>  2 files changed, 26 insertions(+)
>
> diff --git a/target-arm/cpu.h b/target-arm/cpu.h
> index c24af40..a5123f8 100644
> --- a/target-arm/cpu.h
> +++ b/target-arm/cpu.h
> @@ -1178,6 +1178,12 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx)
>      CPUARMState *env = cs->env_ptr;
>      unsigned int cur_el = arm_current_pl(env);
>      unsigned int target_el = arm_excp_target_el(cs, excp_idx);
> +    /* FIXME: Use actual secure state.  */
> +    bool secure = false;
> +    /* Interrupts can only be hypervised and routed to
> +     * EL2 if we are in NS EL0/1.

The logic is correct but I don't think the comment is.
We can take interrupts to EL2 if we're in EL2 as well,
it's just that in that case we honour the PSTATE mask bits.

> +     */
> +    bool irq_can_hyp = !secure && cur_el < 2 && target_el == 2;

>
>      /* Don't take exceptions if they target a lower EL.  */
>      if (cur_el > target_el) {
> @@ -1186,8 +1192,14 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx)
>
>      switch (excp_idx) {
>      case EXCP_FIQ:
> +        if (irq_can_hyp && (env->cp15.hcr_el2 & HCR_FMO)) {
> +            return true;
> +        }
>          return !(env->daif & PSTATE_F);
>      case EXCP_IRQ:
> +        if (irq_can_hyp && (env->cp15.hcr_el2 & HCR_IMO)) {
> +            return true;
> +        }

This doesn't seem to be implementing the "if HCR_EL2.TGE
is 1 then AMO/IMO/FMO are treated as being 1" behaviour
described in the footnote to Table D1-14.

>          return !(env->daif & PSTATE_I)
>                 && (!IS_M(env) || env->regs[15] < 0xfffffff0);
>      default:
> diff --git a/target-arm/helper.c b/target-arm/helper.c
> index 719c95d..3a9d1fc 100644
> --- a/target-arm/helper.c
> +++ b/target-arm/helper.c
> @@ -3683,6 +3683,20 @@ unsigned int arm_excp_target_el(CPUState *cs, unsigned int excp_idx)
>              target_el = 2;
>          }
>          break;
> +    case EXCP_FIQ:
> +    case EXCP_IRQ:
> +    {
> +        const uint64_t hcr_mask = excp_idx == EXCP_FIQ ? HCR_FMO : HCR_IMO;
> +        const uint32_t scr_mask = excp_idx == EXCP_FIQ ? SCR_FIQ : SCR_IRQ;
> +
> +        if (!secure && (env->cp15.hcr_el2 & hcr_mask)) {
> +            target_el = 2;
> +        }
> +        if (env->cp15.scr_el3 & scr_mask) {
> +            target_el = 3;
> +        }
> +        break;
> +    }
>      }
>      return target_el;
>  }

thanks
-- PMM