diff mbox

[Xen-devel,v9,04/12] xen/arm: support HW interrupts, do not request maintenance_interrupts

Message ID 1402409240-28114-4-git-send-email-stefano.stabellini@eu.citrix.com
State New
Headers show

Commit Message

Stefano Stabellini June 10, 2014, 2:07 p.m. UTC 
If the irq to be injected is an hardware irq (p->desc != NULL), set
GICH_LR_HW. Do not set GICH_LR_MAINTENANCE_IRQ.

Remove the code to EOI a physical interrupt on behalf of the guest
because it has become unnecessary.

Introduce a new function, gic_clear_lrs, that goes over the GICH_LR
registers, clear the invalid ones and free the corresponding interrupts
from the inflight queue if appropriate. Add the interrupt to lr_pending
if the GIC_IRQ_GUEST_PENDING is still set.

Call gic_clear_lrs on entry to the hypervisor if we are coming from
guest mode to make sure that the calculation in Xen of the highest
priority interrupt currently inflight is correct and accurate and not
based on stale data.

In vgic_vcpu_inject_irq, if the target is a vcpu running on another
pcpu, we are already sending an SGI to the other pcpu so that it would
pick up the new IRQ to inject.  Now also send an SGI to the other pcpu
even if the IRQ is already inflight, so that it can clear the LR
corresponding to the previous injection as well as injecting the new
interrupt.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Julien Grall <julien.grall@linaro.org>

---

Changes in v9:
- code style fix;
- add a comment.

Changes in v8:
- do not clear LRs for the idle domain;
- do not clear LRs on hypervisor entry if we are not coming from guest
mode;
- rename lr_reg to lr_val;
- remove double spin_lock in gic_update_one_lr.

Changes in v7:
- move enter_hypervisor_head before the first use to avoid forward
declaration;
- improve in code comments;
- rename gic_clear_one_lr to gic_update_one_lr.

Changes in v6:
- remove double spin_lock on the vgic.lock introduced in v5.

Changes in v5:
- do not rename virtual_irq to irq;
- replace "const long unsigned int" with "const unsigned long";
- remove useless "& GICH_LR_PHYSICAL_MASK" in gic_set_lr;
- add a comment in maintenance_interrupts to explain its new purpose.
- introduce gic_clear_one_lr.

Changes in v4:
- merged patch #3 and #4 into a single patch.

Changes in v2:
- remove the EOI code, now unnecessary;
- do not assume physical IRQ == virtual IRQ;
- refactor gic_set_lr.
---
 xen/arch/arm/gic.c        |  136 +++++++++++++++++++++------------------------
 xen/arch/arm/traps.c      |   10 ++++
 xen/arch/arm/vgic.c       |    3 +-
 xen/include/asm-arm/gic.h |    1 +
 4 files changed, 75 insertions(+), 75 deletions(-)

Comments

Julien Grall June 11, 2014, 1:40 p.m. UTC | #1 
Hi Stefano,

On 06/10/2014 03:07 PM, Stefano Stabellini wrote:
> +static void gic_update_one_lr(struct vcpu *v, int i)
> +{
> +    struct pending_irq *p;
> +    uint32_t lr;
> +    int irq;
> +
> +    ASSERT(spin_is_locked(&v->arch.vgic.lock));
> +
> +    lr = GICH[GICH_LR + i];
> +    if ( !(lr & (GICH_LR_PENDING|GICH_LR_ACTIVE)) )
> +    {
> +        GICH[GICH_LR + i] = 0;
> +        clear_bit(i, &this_cpu(lr_mask));
> +
> +        irq = (lr >> GICH_LR_VIRTUAL_SHIFT) & GICH_LR_VIRTUAL_MASK;
> +        p = irq_to_pending(v, irq);
> +        if ( p->desc != NULL )
> +            p->desc->status &= ~IRQ_INPROGRESS;

Reading again this patch... shouldn't we take the desc->lock here?

It's possible to receive the same interrupt while we update the LRs
(depending how the IRQ has been physically route) so we may overwrite
the IRQ_INPROGRESS bit.

Regards,
Stefano Stabellini June 12, 2014, 3:57 p.m. UTC | #2 
On Wed, 11 Jun 2014, Julien Grall wrote:
> Hi Stefano,
> 
> On 06/10/2014 03:07 PM, Stefano Stabellini wrote:
> > +static void gic_update_one_lr(struct vcpu *v, int i)
> > +{
> > +    struct pending_irq *p;
> > +    uint32_t lr;
> > +    int irq;
> > +
> > +    ASSERT(spin_is_locked(&v->arch.vgic.lock));
> > +
> > +    lr = GICH[GICH_LR + i];
> > +    if ( !(lr & (GICH_LR_PENDING|GICH_LR_ACTIVE)) )
> > +    {
> > +        GICH[GICH_LR + i] = 0;
> > +        clear_bit(i, &this_cpu(lr_mask));
> > +
> > +        irq = (lr >> GICH_LR_VIRTUAL_SHIFT) & GICH_LR_VIRTUAL_MASK;
> > +        p = irq_to_pending(v, irq);
> > +        if ( p->desc != NULL )
> > +            p->desc->status &= ~IRQ_INPROGRESS;
> 
> Reading again this patch... shouldn't we take the desc->lock here?
> 
> It's possible to receive the same interrupt while we update the LRs
> (depending how the IRQ has been physically route) so we may overwrite
> the IRQ_INPROGRESS bit.

It is not possible, because we have interrupts disabled at this point.
A later patch introduce

ASSERT(!local_irq_is_enabled());

at the beginning of gic_update_one_lr.
Julien Grall June 12, 2014, 9:59 p.m. UTC | #3 
On 12/06/14 16:57, Stefano Stabellini wrote:
> On Wed, 11 Jun 2014, Julien Grall wrote:
>> Hi Stefano,
>>
>> On 06/10/2014 03:07 PM, Stefano Stabellini wrote:
>>> +static void gic_update_one_lr(struct vcpu *v, int i)
>>> +{
>>> +    struct pending_irq *p;
>>> +    uint32_t lr;
>>> +    int irq;
>>> +
>>> +    ASSERT(spin_is_locked(&v->arch.vgic.lock));
>>> +
>>> +    lr = GICH[GICH_LR + i];
>>> +    if ( !(lr & (GICH_LR_PENDING|GICH_LR_ACTIVE)) )
>>> +    {
>>> +        GICH[GICH_LR + i] = 0;
>>> +        clear_bit(i, &this_cpu(lr_mask));
>>> +
>>> +        irq = (lr >> GICH_LR_VIRTUAL_SHIFT) & GICH_LR_VIRTUAL_MASK;
>>> +        p = irq_to_pending(v, irq);
>>> +        if ( p->desc != NULL )
>>> +            p->desc->status &= ~IRQ_INPROGRESS;
>>
>> Reading again this patch... shouldn't we take the desc->lock here?
>>
>> It's possible to receive the same interrupt while we update the LRs
>> (depending how the IRQ has been physically route) so we may overwrite
>> the IRQ_INPROGRESS bit.
>
> It is not possible, because we have interrupts disabled at this point.
> A later patch introduce
>
> ASSERT(!local_irq_is_enabled());
>
> at the beginning of gic_update_one_lr.

You are assuming this IRQ is routed to the current pCPU. It's not always 
that case, at least without your GICD_ITARGETSR.

Regards,
Stefano Stabellini June 13, 2014, 10:20 a.m. UTC | #4 
On Thu, 12 Jun 2014, Julien Grall wrote:
> On 12/06/14 16:57, Stefano Stabellini wrote:
> > On Wed, 11 Jun 2014, Julien Grall wrote:
> > > Hi Stefano,
> > > 
> > > On 06/10/2014 03:07 PM, Stefano Stabellini wrote:
> > > > +static void gic_update_one_lr(struct vcpu *v, int i)
> > > > +{
> > > > +    struct pending_irq *p;
> > > > +    uint32_t lr;
> > > > +    int irq;
> > > > +
> > > > +    ASSERT(spin_is_locked(&v->arch.vgic.lock));
> > > > +
> > > > +    lr = GICH[GICH_LR + i];
> > > > +    if ( !(lr & (GICH_LR_PENDING|GICH_LR_ACTIVE)) )
> > > > +    {
> > > > +        GICH[GICH_LR + i] = 0;
> > > > +        clear_bit(i, &this_cpu(lr_mask));
> > > > +
> > > > +        irq = (lr >> GICH_LR_VIRTUAL_SHIFT) & GICH_LR_VIRTUAL_MASK;
> > > > +        p = irq_to_pending(v, irq);
> > > > +        if ( p->desc != NULL )
> > > > +            p->desc->status &= ~IRQ_INPROGRESS;
> > > 
> > > Reading again this patch... shouldn't we take the desc->lock here?
> > > 
> > > It's possible to receive the same interrupt while we update the LRs
> > > (depending how the IRQ has been physically route) so we may overwrite
> > > the IRQ_INPROGRESS bit.
> > 
> > It is not possible, because we have interrupts disabled at this point.
> > A later patch introduce
> > 
> > ASSERT(!local_irq_is_enabled());
> > 
> > at the beginning of gic_update_one_lr.
> 
> You are assuming this IRQ is routed to the current pCPU. It's not always that
> case, at least without your GICD_ITARGETSR.

You right.
Rather than adding another lock and making the lock chain more
complicated, I'll change accesses to the p->desc->status flags to be
atomic.

I am undecided whether I should do this at the beginning of the series
and resend a v10, or fix it separately.
diff mbox

Patch

diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c
index 6b21945..4af8c1a 100644
--- a/xen/arch/arm/gic.c
+++ b/xen/arch/arm/gic.c
@@ -66,6 +66,8 @@  static DEFINE_PER_CPU(u8, gic_cpu_id);
 /* Maximum cpu interface per GIC */
 #define NR_GIC_CPU_IF 8
 
+static void gic_update_one_lr(struct vcpu *v, int i);
+
 static unsigned int gic_cpu_mask(const cpumask_t *cpumask)
 {
     unsigned int cpu;
@@ -543,16 +545,18 @@  void gic_disable_cpu(void)
 static inline void gic_set_lr(int lr, struct pending_irq *p,
         unsigned int state)
 {
-    int maintenance_int = GICH_LR_MAINTENANCE_IRQ;
+    uint32_t lr_val;
 
     BUG_ON(lr >= nr_lrs);
     BUG_ON(lr < 0);
     BUG_ON(state & ~(GICH_LR_STATE_MASK<<GICH_LR_STATE_SHIFT));
 
-    GICH[GICH_LR + lr] = state |
-        maintenance_int |
-        ((p->priority >> 3) << GICH_LR_PRIORITY_SHIFT) |
+    lr_val = state | ((p->priority >> 3) << GICH_LR_PRIORITY_SHIFT) |
         ((p->irq & GICH_LR_VIRTUAL_MASK) << GICH_LR_VIRTUAL_SHIFT);
+    if ( p->desc != NULL )
+        lr_val |= GICH_LR_HW | (p->desc->irq << GICH_LR_PHYSICAL_SHIFT);
+
+    GICH[GICH_LR + lr] = lr_val;
 
     set_bit(GIC_IRQ_GUEST_VISIBLE, &p->status);
     clear_bit(GIC_IRQ_GUEST_PENDING, &p->status);
@@ -612,6 +616,55 @@  out:
     return;
 }
 
+static void gic_update_one_lr(struct vcpu *v, int i)
+{
+    struct pending_irq *p;
+    uint32_t lr;
+    int irq;
+
+    ASSERT(spin_is_locked(&v->arch.vgic.lock));
+
+    lr = GICH[GICH_LR + i];
+    if ( !(lr & (GICH_LR_PENDING|GICH_LR_ACTIVE)) )
+    {
+        GICH[GICH_LR + i] = 0;
+        clear_bit(i, &this_cpu(lr_mask));
+
+        irq = (lr >> GICH_LR_VIRTUAL_SHIFT) & GICH_LR_VIRTUAL_MASK;
+        p = irq_to_pending(v, irq);
+        if ( p->desc != NULL )
+            p->desc->status &= ~IRQ_INPROGRESS;
+        clear_bit(GIC_IRQ_GUEST_VISIBLE, &p->status);
+        if ( test_bit(GIC_IRQ_GUEST_PENDING, &p->status) &&
+                test_bit(GIC_IRQ_GUEST_ENABLED, &p->status))
+            gic_set_guest_irq(v, irq, GICH_LR_PENDING, p->priority);
+        else
+            list_del_init(&p->inflight);
+    }
+}
+
+void gic_clear_lrs(struct vcpu *v)
+{
+    int i = 0;
+    unsigned long flags;
+
+    /* The idle domain has no LRs to be cleared. Since gic_restore_state
+     * doesn't write any LR registers for the idle domain they could be
+     * non-zero. */
+    if ( is_idle_vcpu(v) )
+        return;
+
+    spin_lock_irqsave(&v->arch.vgic.lock, flags);
+
+    while ((i = find_next_bit((const unsigned long *) &this_cpu(lr_mask),
+                              nr_lrs, i)) < nr_lrs ) {
+        gic_update_one_lr(v, i);
+        i++;
+    }
+
+    spin_unlock_irqrestore(&v->arch.vgic.lock, flags);
+}
+
 static void gic_restore_pending_irqs(struct vcpu *v)
 {
     int i;
@@ -767,77 +820,14 @@  int gicv_setup(struct domain *d)
 
 }
 
-static void gic_irq_eoi(void *info)
-{
-    int virq = (uintptr_t) info;
-    GICC[GICC_DIR] = virq;
-}
-
 static void maintenance_interrupt(int irq, void *dev_id, struct cpu_user_regs *regs)
 {
-    int i = 0, virq, pirq = -1;
-    uint32_t lr;
-    struct vcpu *v = current;
-    uint64_t eisr = GICH[GICH_EISR0] | (((uint64_t) GICH[GICH_EISR1]) << 32);
-
-    while ((i = find_next_bit((const long unsigned int *) &eisr,
-                              64, i)) < 64) {
-        struct pending_irq *p, *p2;
-        int cpu;
-        bool_t inflight;
-
-        cpu = -1;
-        inflight = 0;
-
-        spin_lock_irq(&gic.lock);
-        lr = GICH[GICH_LR + i];
-        virq = lr & GICH_LR_VIRTUAL_MASK;
-        GICH[GICH_LR + i] = 0;
-        clear_bit(i, &this_cpu(lr_mask));
-
-        p = irq_to_pending(v, virq);
-        if ( p->desc != NULL ) {
-            p->desc->status &= ~IRQ_INPROGRESS;
-            /* Assume only one pcpu needs to EOI the irq */
-            cpu = p->desc->arch.eoi_cpu;
-            pirq = p->desc->irq;
-        }
-        if ( test_bit(GIC_IRQ_GUEST_PENDING, &p->status) &&
-             test_bit(GIC_IRQ_GUEST_ENABLED, &p->status))
-        {
-            inflight = 1;
-            gic_add_to_lr_pending(v, p);
-        }
-
-        clear_bit(GIC_IRQ_GUEST_VISIBLE, &p->status);
-
-        if ( !list_empty(&v->arch.vgic.lr_pending) ) {
-            p2 = list_entry(v->arch.vgic.lr_pending.next, typeof(*p2), lr_queue);
-            gic_set_lr(i, p2, GICH_LR_PENDING);
-            list_del_init(&p2->lr_queue);
-            set_bit(i, &this_cpu(lr_mask));
-        }
-        spin_unlock_irq(&gic.lock);
-
-        if ( !inflight )
-        {
-            spin_lock_irq(&v->arch.vgic.lock);
-            list_del_init(&p->inflight);
-            spin_unlock_irq(&v->arch.vgic.lock);
-        }
-
-        if ( p->desc != NULL ) {
-            /* this is not racy because we can't receive another irq of the
-             * same type until we EOI it.  */
-            if ( cpu == smp_processor_id() )
-                gic_irq_eoi((void*)(uintptr_t)pirq);
-            else
-                on_selected_cpus(cpumask_of(cpu),
-                                 gic_irq_eoi, (void*)(uintptr_t)pirq, 0);
-        }
-
-        i++;
-    }
+    /* 
+     * This is a dummy interrupt handler.
+     * Receiving the interrupt is going to cause gic_inject to be called
+     * on return to guest that is going to clear the old LRs and inject
+     * new interrupts.
+     */
 }
 
 void gic_dump_info(struct vcpu *v)
diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index 03a3da6..a4bdaaa 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -1658,10 +1658,18 @@  bad_data_abort:
     inject_dabt_exception(regs, info.gva, hsr.len);
 }
 
+static void enter_hypervisor_head(struct cpu_user_regs *regs)
+{
+    if ( guest_mode(regs) )
+        gic_clear_lrs(current);
+}
+
 asmlinkage void do_trap_hypervisor(struct cpu_user_regs *regs)
 {
     union hsr hsr = { .bits = READ_SYSREG32(ESR_EL2) };
 
+    enter_hypervisor_head(regs);
+
     switch (hsr.ec) {
     case HSR_EC_WFI_WFE:
         if ( !check_conditional_instr(regs, hsr) )
@@ -1750,11 +1758,13 @@  asmlinkage void do_trap_hypervisor(struct cpu_user_regs *regs)
 
 asmlinkage void do_trap_irq(struct cpu_user_regs *regs)
 {
+    enter_hypervisor_head(regs);
     gic_interrupt(regs, 0);
 }
 
 asmlinkage void do_trap_fiq(struct cpu_user_regs *regs)
 {
+    enter_hypervisor_head(regs);
     gic_interrupt(regs, 1);
 }
 
diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
index 9838ce5..d5b3a4b 100644
--- a/xen/arch/arm/vgic.c
+++ b/xen/arch/arm/vgic.c
@@ -720,8 +720,7 @@  void vgic_vcpu_inject_irq(struct vcpu *v, unsigned int irq)
         if ( (irq != current->domain->arch.evtchn_irq) ||
              (!test_bit(GIC_IRQ_GUEST_VISIBLE, &n->status)) )
             set_bit(GIC_IRQ_GUEST_PENDING, &n->status);
-        spin_unlock_irqrestore(&v->arch.vgic.lock, flags);
-        return;
+        goto out;
     }
 
     /* vcpu offline */
diff --git a/xen/include/asm-arm/gic.h b/xen/include/asm-arm/gic.h
index b1b4fd5..92a8916 100644
--- a/xen/include/asm-arm/gic.h
+++ b/xen/include/asm-arm/gic.h
@@ -219,6 +219,7 @@  extern unsigned int gic_number_lines(void);
 /* IRQ translation function for the device tree */
 int gic_irq_xlate(const u32 *intspec, unsigned int intsize,
                   unsigned int *out_hwirq, unsigned int *out_type);
+void gic_clear_lrs(struct vcpu *v);
 
 #endif /* __ASSEMBLY__ */
 #endif