| Message ID | 1414707132-24588-10-git-send-email-greg.bellows@linaro.org |
|---|---|
| State | New |
| Headers | show |
On 30 October 2014 at 22:12, Greg Bellows <greg.bellows@linaro.org> wrote: > From: Fabian Aggeler <aggelerf@ethz.ch> > > This register is banked in GICs with Security Extensions. Storing the > non-secure copy of BPR in the abpr, which is an alias to the non-secure > copy for secure access. ABPR itself is only accessible from secure state > if the GIC implements Security Extensions. > > Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch> > > --- > > v1 -> v2 > - Fix ABPR read handling when security extensions are not present > - Fix BPR write to take into consideration the minimum value written to ABPR > and restrict BPR->ABPR mirroring to GICv2 and up. > - Fix ABPR write to take into consideration the minumum value written > - Fix ABPR write condition break-down to include mirroring of ABPR writes to > BPR. > --- > hw/intc/arm_gic.c | 54 ++++++++++++++++++++++++++++++++++++---- > include/hw/intc/arm_gic_common.h | 11 +++++--- > 2 files changed, 57 insertions(+), 8 deletions(-) > > diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c > index 3c0414f..3761d12 100644 > --- a/hw/intc/arm_gic.c > +++ b/hw/intc/arm_gic.c > @@ -840,7 +840,12 @@ static uint32_t gic_cpu_read(GICState *s, int cpu, int offset) > case 0x04: /* Priority mask */ > return s->priority_mask[cpu]; > case 0x08: /* Binary Point */ > - return s->bpr[cpu]; > + if (s->security_extn && ns_access()) { > + /* BPR is banked. Non-secure copy stored in ABPR. */ > + return s->abpr[cpu]; > + } else { > + return s->bpr[cpu]; > + } > case 0x0c: /* Acknowledge */ > return gic_acknowledge_irq(s, cpu); > case 0x14: /* Running Priority */ > @@ -848,7 +853,14 @@ static uint32_t gic_cpu_read(GICState *s, int cpu, int offset) > case 0x18: /* Highest Pending Interrupt */ > return s->current_pending[cpu]; > case 0x1c: /* Aliased Binary Point */ > - return s->abpr[cpu]; > + if (!s->security_extn || (s->security_extn && ns_access())) { > + /* If Security Extensions are present ABPR is a secure register, > + * only accessible from secure state. > + */ > + return 0; > + } else { > + return s->abpr[cpu]; > + } > case 0xd0: case 0xd4: case 0xd8: case 0xdc: > return s->apr[(offset - 0xd0) / 4][cpu]; > default: > @@ -867,13 +879,45 @@ static void gic_cpu_write(GICState *s, int cpu, int offset, uint32_t value) > s->priority_mask[cpu] = (value & 0xff); > break; > case 0x08: /* Binary Point */ > - s->bpr[cpu] = (value & 0x7); > + if (s->security_extn && ns_access()) { > + /* BPR is banked. Non-secure copy stored in ABPR. */ > + /* The non-secure (ABPR) must not be below an implementation > + * defined minimum value between 1-4. > + * NOTE: BPR_MIN is currently set to 0, which is always true given > + * the value is unsigned, so no check is necessary. > + */ > + s->abpr[cpu] = (GIC_MIN_ABPR <= (value & 0x7)) > + ? (value & 0x7) : GIC_MIN_ABPR; > + } else { > + s->bpr[cpu] = (value & 0x7); > + if (s->revision >= 2) { > + /* On GICv2 without sec ext, GICC_ABPR is an alias of GICC_BPR > + * so mirror the write. > + */ > + s->abpr[cpu] = s->bpr[cpu]; My reading of the spec says that GICv2 without Security extensions should not alias these two registers. -- PMM
diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c index 3c0414f..3761d12 100644 --- a/hw/intc/arm_gic.c +++ b/hw/intc/arm_gic.c @@ -840,7 +840,12 @@ static uint32_t gic_cpu_read(GICState *s, int cpu, int offset) case 0x04: /* Priority mask */ return s->priority_mask[cpu]; case 0x08: /* Binary Point */ - return s->bpr[cpu]; + if (s->security_extn && ns_access()) { + /* BPR is banked. Non-secure copy stored in ABPR. */ + return s->abpr[cpu]; + } else { + return s->bpr[cpu]; + } case 0x0c: /* Acknowledge */ return gic_acknowledge_irq(s, cpu); case 0x14: /* Running Priority */ @@ -848,7 +853,14 @@ static uint32_t gic_cpu_read(GICState *s, int cpu, int offset) case 0x18: /* Highest Pending Interrupt */ return s->current_pending[cpu]; case 0x1c: /* Aliased Binary Point */ - return s->abpr[cpu]; + if (!s->security_extn || (s->security_extn && ns_access())) { + /* If Security Extensions are present ABPR is a secure register, + * only accessible from secure state. + */ + return 0; + } else { + return s->abpr[cpu]; + } case 0xd0: case 0xd4: case 0xd8: case 0xdc: return s->apr[(offset - 0xd0) / 4][cpu]; default: @@ -867,13 +879,45 @@ static void gic_cpu_write(GICState *s, int cpu, int offset, uint32_t value) s->priority_mask[cpu] = (value & 0xff); break; case 0x08: /* Binary Point */ - s->bpr[cpu] = (value & 0x7); + if (s->security_extn && ns_access()) { + /* BPR is banked. Non-secure copy stored in ABPR. */ + /* The non-secure (ABPR) must not be below an implementation + * defined minimum value between 1-4. + * NOTE: BPR_MIN is currently set to 0, which is always true given + * the value is unsigned, so no check is necessary. + */ + s->abpr[cpu] = (GIC_MIN_ABPR <= (value & 0x7)) + ? (value & 0x7) : GIC_MIN_ABPR; + } else { + s->bpr[cpu] = (value & 0x7); + if (s->revision >= 2) { + /* On GICv2 without sec ext, GICC_ABPR is an alias of GICC_BPR + * so mirror the write. + */ + s->abpr[cpu] = s->bpr[cpu]; + } + } break; case 0x10: /* End Of Interrupt */ return gic_complete_irq(s, cpu, value & 0x3ff); case 0x1c: /* Aliased Binary Point */ - if (s->revision >= 2) { - s->abpr[cpu] = (value & 0x7); + /* This register only exists on GICv2 or GICv1 w/security. Writes when + * the register is not implemented (no sec ext) are ignored. + */ + if (s->security_extn) { + if (!ns_access()) { + s->abpr[cpu] = (GIC_MIN_ABPR <= (value & 0x7)) + ? (value & 0x7) : GIC_MIN_ABPR; + } + } else { + if (s->revision >= 2) { + /* In a GICv2 impl without the security extension, the + * GICC_ABPR is an alias to GICC_BPR, so mirror the write. + */ + s->abpr[cpu] = (GIC_MIN_ABPR <= (value & 0x7)) + ? (value & 0x7) : GIC_MIN_ABPR; + s->bpr[cpu] = s->abpr[cpu]; + } } break; case 0xd0: case 0xd4: case 0xd8: case 0xdc: diff --git a/include/hw/intc/arm_gic_common.h b/include/hw/intc/arm_gic_common.h index 1daa672..3b0459a 100644 --- a/include/hw/intc/arm_gic_common.h +++ b/include/hw/intc/arm_gic_common.h @@ -36,6 +36,9 @@ #define MAX_NR_GROUP_PRIO 128 #define GIC_NR_APRS (MAX_NR_GROUP_PRIO / 32) +#define GIC_MIN_BPR 0 +#define GIC_MIN_ABPR (GIC_MIN_BPR + 1) + typedef struct gic_irq_state { /* The enable bits are only banked for per-cpu interrupts. */ uint8_t enabled; @@ -78,9 +81,11 @@ typedef struct GICState { uint16_t running_priority[GIC_NCPU]; uint16_t current_pending[GIC_NCPU]; - /* We present the GICv2 without security extensions to a guest and - * therefore the guest can configure the GICC_CTLR to configure group 1 - * binary point in the abpr. + /* If we present the GICv2 without security extensions to a guest, + * the guest can configure the GICC_CTLR to configure group 1 binary point + * in the abpr. + * For a GIC with Security Extensions we use use bpr for the + * secure copy and abpr as storage for the non-secure copy of the register. */ uint8_t bpr[GIC_NCPU]; uint8_t abpr[GIC_NCPU];