| Message ID | 20220408141550.1271295-6-peter.maydell@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | arm: Implement GICv4 | expand |
On 4/8/22 07:15, Peter Maydell wrote: > In a GICv3, it is impossible for the GIC to deliver a VIRQ or VFIQ to > the CPU unless the CPU has EL2, because VIRQ and VFIQ are only > configurable via EL2-only system registers. Moreover, in our > implementation we were only calculating and updating the state of the > VIRQ and VFIQ lines in gicv3_cpuif_virt_irq_fiq_update() when those > EL2 system registers changed. We were therefore able to assert in > arm_cpu_set_irq() that we didn't see a VIRQ or VFIQ line update if > EL2 wasn't present. > > This assumption no longer holds with GICv4: > * even if the CPU does not have EL2 the guest is able to cause the > GIC to deliver a virtual LPI by programming the ITS (which is a > silly thing for it to do, but possible) > * because we now need to recalculate the state of the VIRQ and VFIQ > lines in more cases than just "some EL2 GIC sysreg was written", > we will see calls to arm_cpu_set_irq() for "VIRQ is 0, VFIQ is 0" > even if the guest is not using the virtual LPI parts of the ITS > > Remove the assertions, and instead simply ignore the state of the > VIRQ and VFIQ lines if the CPU does not have EL2. > > Signed-off-by: Peter Maydell<peter.maydell@linaro.org> > --- > target/arm/cpu.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) Reviewed-by: Richard Henderson <richard.henderson@linaro.org> r~
diff --git a/target/arm/cpu.c b/target/arm/cpu.c index 5d4ca7a2270..1140ce5829e 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -694,6 +694,16 @@ static void arm_cpu_set_irq(void *opaque, int irq, int level) [ARM_CPU_VFIQ] = CPU_INTERRUPT_VFIQ }; + if (!arm_feature(env, ARM_FEATURE_EL2) && + (irq == ARM_CPU_VIRQ || irq == ARM_CPU_VFIQ)) { + /* + * The GIC might tell us about VIRQ and VFIQ state, but if we don't + * have EL2 support we don't care. (Unless the guest is doing something + * silly this will only be calls saying "level is still 0".) + */ + return; + } + if (level) { env->irq_line_state |= mask[irq]; } else { @@ -702,11 +712,9 @@ static void arm_cpu_set_irq(void *opaque, int irq, int level) switch (irq) { case ARM_CPU_VIRQ: - assert(arm_feature(env, ARM_FEATURE_EL2)); arm_cpu_update_virq(cpu); break; case ARM_CPU_VFIQ: - assert(arm_feature(env, ARM_FEATURE_EL2)); arm_cpu_update_vfiq(cpu); break; case ARM_CPU_IRQ:
In a GICv3, it is impossible for the GIC to deliver a VIRQ or VFIQ to the CPU unless the CPU has EL2, because VIRQ and VFIQ are only configurable via EL2-only system registers. Moreover, in our implementation we were only calculating and updating the state of the VIRQ and VFIQ lines in gicv3_cpuif_virt_irq_fiq_update() when those EL2 system registers changed. We were therefore able to assert in arm_cpu_set_irq() that we didn't see a VIRQ or VFIQ line update if EL2 wasn't present. This assumption no longer holds with GICv4: * even if the CPU does not have EL2 the guest is able to cause the GIC to deliver a virtual LPI by programming the ITS (which is a silly thing for it to do, but possible) * because we now need to recalculate the state of the VIRQ and VFIQ lines in more cases than just "some EL2 GIC sysreg was written", we will see calls to arm_cpu_set_irq() for "VIRQ is 0, VFIQ is 0" even if the guest is not using the virtual LPI parts of the ITS Remove the assertions, and instead simply ignore the state of the VIRQ and VFIQ lines if the CPU does not have EL2. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-)