diff mbox

[v3,09/16] hw/intc/arm_gic: Make ICCBPR/GICC_BPR banked

Message ID 1429113742-8371-10-git-send-email-greg.bellows@linaro.org
State New
Headers show

Commit Message

Greg Bellows April 15, 2015, 4:02 p.m. UTC 
From: Fabian Aggeler <aggelerf@ethz.ch>

This register is banked in GICs with Security Extensions. Storing the
non-secure copy of BPR in the abpr, which is an alias to the non-secure
copy for secure access. ABPR itself is only accessible from secure state
if the GIC implements Security Extensions.

Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>

---

v1 -> v2
- Fix ABPR read handling when security extensions are not present
- Fix BPR write to take into consideration the minimum value written to ABPR
  and restrict BPR->ABPR mirroring to GICv2 and up.
- Fix ABPR write to take into consideration the minumum value written
- Fix ABPR write condition break-down to include mirroring of ABPR writes to
  BPR.
---
 hw/intc/arm_gic.c                | 54 ++++++++++++++++++++++++++++++++++++----
 include/hw/intc/arm_gic_common.h | 11 +++++---
 2 files changed, 57 insertions(+), 8 deletions(-)
diff mbox

Patch

diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
index b402e00..b62cde2 100644
--- a/hw/intc/arm_gic.c
+++ b/hw/intc/arm_gic.c
@@ -841,7 +841,12 @@  static uint32_t gic_cpu_read(GICState *s, int cpu, int offset)
     case 0x04: /* Priority mask */
         return s->priority_mask[cpu];
     case 0x08: /* Binary Point */
-        return s->bpr[cpu];
+        if (s->security_extn && ns_access()) {
+            /* BPR is banked. Non-secure copy stored in ABPR. */
+            return s->abpr[cpu];
+        } else {
+            return s->bpr[cpu];
+        }
     case 0x0c: /* Acknowledge */
         return gic_acknowledge_irq(s, cpu);
     case 0x14: /* Running Priority */
@@ -849,7 +854,14 @@  static uint32_t gic_cpu_read(GICState *s, int cpu, int offset)
     case 0x18: /* Highest Pending Interrupt */
         return s->current_pending[cpu];
     case 0x1c: /* Aliased Binary Point */
-        return s->abpr[cpu];
+        if (!s->security_extn || (s->security_extn && ns_access())) {
+            /* If Security Extensions are present ABPR is a secure register,
+             * only accessible from secure state.
+             */
+            return 0;
+        } else {
+            return s->abpr[cpu];
+        }
     case 0xd0: case 0xd4: case 0xd8: case 0xdc:
         return s->apr[(offset - 0xd0) / 4][cpu];
     default:
@@ -868,14 +880,46 @@  static void gic_cpu_write(GICState *s, int cpu, int offset, uint32_t value)
         s->priority_mask[cpu] = (value & 0xff);
         break;
     case 0x08: /* Binary Point */
-        s->bpr[cpu] = (value & 0x7);
+        if (s->security_extn && ns_access()) {
+            /* BPR is banked. Non-secure copy stored in ABPR. */
+            /* The non-secure (ABPR) must not be below an implementation
+             * defined minimum value between 1-4.
+             * NOTE: BPR_MIN is currently set to 0, which is always true given
+             *       the value is unsigned, so no check is necessary.
+             */
+            s->abpr[cpu] = (GIC_MIN_ABPR <= (value & 0x7))
+                                ? (value & 0x7) : GIC_MIN_ABPR;
+        } else {
+            s->bpr[cpu] = (value & 0x7);
+            if (s->revision >= 2) {
+                /* On GICv2 without sec ext, GICC_ABPR is an alias of GICC_BPR
+                 * so mirror the write.
+                 */
+                 s->abpr[cpu] = s->bpr[cpu];
+            }
+        }
         break;
     case 0x10: /* End Of Interrupt */
         gic_complete_irq(s, cpu, value & 0x3ff);
         return;
     case 0x1c: /* Aliased Binary Point */
-        if (s->revision >= 2) {
-            s->abpr[cpu] = (value & 0x7);
+        /* This register only exists on GICv2 or GICv1 w/security.  Writes when
+         * the register is not implemented (no sec ext) are ignored.
+         */
+        if (s->security_extn) {
+            if (!ns_access()) {
+                s->abpr[cpu] = (GIC_MIN_ABPR <= (value & 0x7))
+                                ? (value & 0x7) : GIC_MIN_ABPR;
+            }
+        } else {
+            if (s->revision >= 2) {
+                /* In a GICv2 impl without the security extension, the
+                 * GICC_ABPR is an alias to GICC_BPR, so mirror the write.
+                 */
+                s->abpr[cpu] = (GIC_MIN_ABPR <= (value & 0x7))
+                                ? (value & 0x7) : GIC_MIN_ABPR;
+                s->bpr[cpu] = s->abpr[cpu];
+            }
         }
         break;
     case 0xd0: case 0xd4: case 0xd8: case 0xdc:
diff --git a/include/hw/intc/arm_gic_common.h b/include/hw/intc/arm_gic_common.h
index 1daa672..3b0459a 100644
--- a/include/hw/intc/arm_gic_common.h
+++ b/include/hw/intc/arm_gic_common.h
@@ -36,6 +36,9 @@ 
 #define MAX_NR_GROUP_PRIO 128
 #define GIC_NR_APRS (MAX_NR_GROUP_PRIO / 32)
 
+#define GIC_MIN_BPR 0
+#define GIC_MIN_ABPR (GIC_MIN_BPR + 1)
+
 typedef struct gic_irq_state {
     /* The enable bits are only banked for per-cpu interrupts.  */
     uint8_t enabled;
@@ -78,9 +81,11 @@  typedef struct GICState {
     uint16_t running_priority[GIC_NCPU];
     uint16_t current_pending[GIC_NCPU];
 
-    /* We present the GICv2 without security extensions to a guest and
-     * therefore the guest can configure the GICC_CTLR to configure group 1
-     * binary point in the abpr.
+    /* If we present the GICv2 without security extensions to a guest,
+     * the guest can configure the GICC_CTLR to configure group 1 binary point
+     * in the abpr.
+     * For a GIC with Security Extensions we use use bpr for the
+     * secure copy and abpr as storage for the non-secure copy of the register.
      */
     uint8_t  bpr[GIC_NCPU];
     uint8_t  abpr[GIC_NCPU];