xref: /qemu/hw/intc/riscv_aplic.c (revision 440b2174) 
1 /*
2  * RISC-V APLIC (Advanced Platform Level Interrupt Controller)
3  *
4  * Copyright (c) 2021 Western Digital Corporation or its affiliates.
5  *
6  * This program is free software; you can redistribute it and/or modify it
7  * under the terms and conditions of the GNU General Public License,
8  * version 2 or later, as published by the Free Software Foundation.
9  *
10  * This program is distributed in the hope it will be useful, but WITHOUT
11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
13  * more details.
14  *
15  * You should have received a copy of the GNU General Public License along with
16  * this program.  If not, see <http://www.gnu.org/licenses/>.
17  */
18 
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/log.h"
22 #include "qemu/module.h"
23 #include "qemu/error-report.h"
24 #include "qemu/bswap.h"
25 #include "exec/address-spaces.h"
26 #include "hw/sysbus.h"
27 #include "hw/pci/msi.h"
28 #include "hw/boards.h"
29 #include "hw/qdev-properties.h"
30 #include "hw/intc/riscv_aplic.h"
31 #include "hw/irq.h"
32 #include "target/riscv/cpu.h"
33 #include "sysemu/sysemu.h"
34 #include "sysemu/kvm.h"
35 #include "kvm/kvm_riscv.h"
36 #include "migration/vmstate.h"
37 
38 #define APLIC_MAX_IDC                  (1UL << 14)
39 #define APLIC_MAX_SOURCE               1024
40 #define APLIC_MIN_IPRIO_BITS           1
41 #define APLIC_MAX_IPRIO_BITS           8
42 #define APLIC_MAX_CHILDREN             1024
43 
44 #define APLIC_DOMAINCFG                0x0000
45 #define APLIC_DOMAINCFG_RDONLY         0x80000000
46 #define APLIC_DOMAINCFG_IE             (1 << 8)
47 #define APLIC_DOMAINCFG_DM             (1 << 2)
48 #define APLIC_DOMAINCFG_BE             (1 << 0)
49 
50 #define APLIC_SOURCECFG_BASE           0x0004
51 #define APLIC_SOURCECFG_D              (1 << 10)
52 #define APLIC_SOURCECFG_CHILDIDX_MASK  0x000003ff
53 #define APLIC_SOURCECFG_SM_MASK        0x00000007
54 #define APLIC_SOURCECFG_SM_INACTIVE    0x0
55 #define APLIC_SOURCECFG_SM_DETACH      0x1
56 #define APLIC_SOURCECFG_SM_EDGE_RISE   0x4
57 #define APLIC_SOURCECFG_SM_EDGE_FALL   0x5
58 #define APLIC_SOURCECFG_SM_LEVEL_HIGH  0x6
59 #define APLIC_SOURCECFG_SM_LEVEL_LOW   0x7
60 
61 #define APLIC_MMSICFGADDR              0x1bc0
62 #define APLIC_MMSICFGADDRH             0x1bc4
63 #define APLIC_SMSICFGADDR              0x1bc8
64 #define APLIC_SMSICFGADDRH             0x1bcc
65 
66 #define APLIC_xMSICFGADDRH_L           (1UL << 31)
67 #define APLIC_xMSICFGADDRH_HHXS_MASK   0x1f
68 #define APLIC_xMSICFGADDRH_HHXS_SHIFT  24
69 #define APLIC_xMSICFGADDRH_LHXS_MASK   0x7
70 #define APLIC_xMSICFGADDRH_LHXS_SHIFT  20
71 #define APLIC_xMSICFGADDRH_HHXW_MASK   0x7
72 #define APLIC_xMSICFGADDRH_HHXW_SHIFT  16
73 #define APLIC_xMSICFGADDRH_LHXW_MASK   0xf
74 #define APLIC_xMSICFGADDRH_LHXW_SHIFT  12
75 #define APLIC_xMSICFGADDRH_BAPPN_MASK  0xfff
76 
77 #define APLIC_xMSICFGADDR_PPN_SHIFT    12
78 
79 #define APLIC_xMSICFGADDR_PPN_HART(__lhxs) \
80     ((1UL << (__lhxs)) - 1)
81 
82 #define APLIC_xMSICFGADDR_PPN_LHX_MASK(__lhxw) \
83     ((1UL << (__lhxw)) - 1)
84 #define APLIC_xMSICFGADDR_PPN_LHX_SHIFT(__lhxs) \
85     ((__lhxs))
86 #define APLIC_xMSICFGADDR_PPN_LHX(__lhxw, __lhxs) \
87     (APLIC_xMSICFGADDR_PPN_LHX_MASK(__lhxw) << \
88      APLIC_xMSICFGADDR_PPN_LHX_SHIFT(__lhxs))
89 
90 #define APLIC_xMSICFGADDR_PPN_HHX_MASK(__hhxw) \
91     ((1UL << (__hhxw)) - 1)
92 #define APLIC_xMSICFGADDR_PPN_HHX_SHIFT(__hhxs) \
93     ((__hhxs) + APLIC_xMSICFGADDR_PPN_SHIFT)
94 #define APLIC_xMSICFGADDR_PPN_HHX(__hhxw, __hhxs) \
95     (APLIC_xMSICFGADDR_PPN_HHX_MASK(__hhxw) << \
96      APLIC_xMSICFGADDR_PPN_HHX_SHIFT(__hhxs))
97 
98 #define APLIC_xMSICFGADDRH_VALID_MASK   \
99     (APLIC_xMSICFGADDRH_L | \
100      (APLIC_xMSICFGADDRH_HHXS_MASK << APLIC_xMSICFGADDRH_HHXS_SHIFT) | \
101      (APLIC_xMSICFGADDRH_LHXS_MASK << APLIC_xMSICFGADDRH_LHXS_SHIFT) | \
102      (APLIC_xMSICFGADDRH_HHXW_MASK << APLIC_xMSICFGADDRH_HHXW_SHIFT) | \
103      (APLIC_xMSICFGADDRH_LHXW_MASK << APLIC_xMSICFGADDRH_LHXW_SHIFT) | \
104      APLIC_xMSICFGADDRH_BAPPN_MASK)
105 
106 #define APLIC_SETIP_BASE               0x1c00
107 #define APLIC_SETIPNUM                 0x1cdc
108 
109 #define APLIC_CLRIP_BASE               0x1d00
110 #define APLIC_CLRIPNUM                 0x1ddc
111 
112 #define APLIC_SETIE_BASE               0x1e00
113 #define APLIC_SETIENUM                 0x1edc
114 
115 #define APLIC_CLRIE_BASE               0x1f00
116 #define APLIC_CLRIENUM                 0x1fdc
117 
118 #define APLIC_SETIPNUM_LE              0x2000
119 #define APLIC_SETIPNUM_BE              0x2004
120 
121 #define APLIC_ISTATE_PENDING           (1U << 0)
122 #define APLIC_ISTATE_ENABLED           (1U << 1)
123 #define APLIC_ISTATE_ENPEND            (APLIC_ISTATE_ENABLED | \
124                                         APLIC_ISTATE_PENDING)
125 #define APLIC_ISTATE_INPUT             (1U << 8)
126 
127 #define APLIC_GENMSI                   0x3000
128 
129 #define APLIC_TARGET_BASE              0x3004
130 #define APLIC_TARGET_HART_IDX_SHIFT    18
131 #define APLIC_TARGET_HART_IDX_MASK     0x3fff
132 #define APLIC_TARGET_GUEST_IDX_SHIFT   12
133 #define APLIC_TARGET_GUEST_IDX_MASK    0x3f
134 #define APLIC_TARGET_IPRIO_MASK        0xff
135 #define APLIC_TARGET_EIID_MASK         0x7ff
136 
137 #define APLIC_IDC_BASE                 0x4000
138 #define APLIC_IDC_SIZE                 32
139 
140 #define APLIC_IDC_IDELIVERY            0x00
141 
142 #define APLIC_IDC_IFORCE               0x04
143 
144 #define APLIC_IDC_ITHRESHOLD           0x08
145 
146 #define APLIC_IDC_TOPI                 0x18
147 #define APLIC_IDC_TOPI_ID_SHIFT        16
148 #define APLIC_IDC_TOPI_ID_MASK         0x3ff
149 #define APLIC_IDC_TOPI_PRIO_MASK       0xff
150 
151 #define APLIC_IDC_CLAIMI               0x1c
152 
153 /*
154  * KVM AIA only supports APLIC MSI, fallback to QEMU emulation if we want to use
155  * APLIC Wired.
156  */
157 static bool is_kvm_aia(bool msimode)
158 {
159     return kvm_irqchip_in_kernel() && msimode;
160 }
161 
162 static uint32_t riscv_aplic_read_input_word(RISCVAPLICState *aplic,
163                                             uint32_t word)
164 {
165     uint32_t i, irq, ret = 0;
166 
167     for (i = 0; i < 32; i++) {
168         irq = word * 32 + i;
169         if (!irq || aplic->num_irqs <= irq) {
170             continue;
171         }
172 
173         ret |= ((aplic->state[irq] & APLIC_ISTATE_INPUT) ? 1 : 0) << i;
174     }
175 
176     return ret;
177 }
178 
179 static uint32_t riscv_aplic_read_pending_word(RISCVAPLICState *aplic,
180                                               uint32_t word)
181 {
182     uint32_t i, irq, ret = 0;
183 
184     for (i = 0; i < 32; i++) {
185         irq = word * 32 + i;
186         if (!irq || aplic->num_irqs <= irq) {
187             continue;
188         }
189 
190         ret |= ((aplic->state[irq] & APLIC_ISTATE_PENDING) ? 1 : 0) << i;
191     }
192 
193     return ret;
194 }
195 
196 static void riscv_aplic_set_pending_raw(RISCVAPLICState *aplic,
197                                         uint32_t irq, bool pending)
198 {
199     if (pending) {
200         aplic->state[irq] |= APLIC_ISTATE_PENDING;
201     } else {
202         aplic->state[irq] &= ~APLIC_ISTATE_PENDING;
203     }
204 }
205 
206 static void riscv_aplic_set_pending(RISCVAPLICState *aplic,
207                                     uint32_t irq, bool pending)
208 {
209     uint32_t sourcecfg, sm;
210 
211     if ((irq <= 0) || (aplic->num_irqs <= irq)) {
212         return;
213     }
214 
215     sourcecfg = aplic->sourcecfg[irq];
216     if (sourcecfg & APLIC_SOURCECFG_D) {
217         return;
218     }
219 
220     sm = sourcecfg & APLIC_SOURCECFG_SM_MASK;
221     if ((sm == APLIC_SOURCECFG_SM_INACTIVE) ||
222         ((!aplic->msimode || (aplic->msimode && !pending)) &&
223          ((sm == APLIC_SOURCECFG_SM_LEVEL_HIGH) ||
224           (sm == APLIC_SOURCECFG_SM_LEVEL_LOW)))) {
225         return;
226     }
227 
228     riscv_aplic_set_pending_raw(aplic, irq, pending);
229 }
230 
231 static void riscv_aplic_set_pending_word(RISCVAPLICState *aplic,
232                                          uint32_t word, uint32_t value,
233                                          bool pending)
234 {
235     uint32_t i, irq;
236 
237     for (i = 0; i < 32; i++) {
238         irq = word * 32 + i;
239         if (!irq || aplic->num_irqs <= irq) {
240             continue;
241         }
242 
243         if (value & (1U << i)) {
244             riscv_aplic_set_pending(aplic, irq, pending);
245         }
246     }
247 }
248 
249 static uint32_t riscv_aplic_read_enabled_word(RISCVAPLICState *aplic,
250                                               int word)
251 {
252     uint32_t i, irq, ret = 0;
253 
254     for (i = 0; i < 32; i++) {
255         irq = word * 32 + i;
256         if (!irq || aplic->num_irqs <= irq) {
257             continue;
258         }
259 
260         ret |= ((aplic->state[irq] & APLIC_ISTATE_ENABLED) ? 1 : 0) << i;
261     }
262 
263     return ret;
264 }
265 
266 static void riscv_aplic_set_enabled_raw(RISCVAPLICState *aplic,
267                                         uint32_t irq, bool enabled)
268 {
269     if (enabled) {
270         aplic->state[irq] |= APLIC_ISTATE_ENABLED;
271     } else {
272         aplic->state[irq] &= ~APLIC_ISTATE_ENABLED;
273     }
274 }
275 
276 static void riscv_aplic_set_enabled(RISCVAPLICState *aplic,
277                                     uint32_t irq, bool enabled)
278 {
279     uint32_t sourcecfg, sm;
280 
281     if ((irq <= 0) || (aplic->num_irqs <= irq)) {
282         return;
283     }
284 
285     sourcecfg = aplic->sourcecfg[irq];
286     if (sourcecfg & APLIC_SOURCECFG_D) {
287         return;
288     }
289 
290     sm = sourcecfg & APLIC_SOURCECFG_SM_MASK;
291     if (sm == APLIC_SOURCECFG_SM_INACTIVE) {
292         return;
293     }
294 
295     riscv_aplic_set_enabled_raw(aplic, irq, enabled);
296 }
297 
298 static void riscv_aplic_set_enabled_word(RISCVAPLICState *aplic,
299                                          uint32_t word, uint32_t value,
300                                          bool enabled)
301 {
302     uint32_t i, irq;
303 
304     for (i = 0; i < 32; i++) {
305         irq = word * 32 + i;
306         if (!irq || aplic->num_irqs <= irq) {
307             continue;
308         }
309 
310         if (value & (1U << i)) {
311             riscv_aplic_set_enabled(aplic, irq, enabled);
312         }
313     }
314 }
315 
316 static void riscv_aplic_msi_send(RISCVAPLICState *aplic,
317                                  uint32_t hart_idx, uint32_t guest_idx,
318                                  uint32_t eiid)
319 {
320     uint64_t addr;
321     MemTxResult result;
322     RISCVAPLICState *aplic_m;
323     uint32_t lhxs, lhxw, hhxs, hhxw, group_idx, msicfgaddr, msicfgaddrH;
324 
325     aplic_m = aplic;
326     while (aplic_m && !aplic_m->mmode) {
327         aplic_m = aplic_m->parent;
328     }
329     if (!aplic_m) {
330         qemu_log_mask(LOG_GUEST_ERROR, "%s: m-level APLIC not found\n",
331                       __func__);
332         return;
333     }
334 
335     if (aplic->mmode) {
336         msicfgaddr = aplic_m->mmsicfgaddr;
337         msicfgaddrH = aplic_m->mmsicfgaddrH;
338     } else {
339         msicfgaddr = aplic_m->smsicfgaddr;
340         msicfgaddrH = aplic_m->smsicfgaddrH;
341     }
342 
343     lhxs = (msicfgaddrH >> APLIC_xMSICFGADDRH_LHXS_SHIFT) &
344             APLIC_xMSICFGADDRH_LHXS_MASK;
345     lhxw = (msicfgaddrH >> APLIC_xMSICFGADDRH_LHXW_SHIFT) &
346             APLIC_xMSICFGADDRH_LHXW_MASK;
347     hhxs = (msicfgaddrH >> APLIC_xMSICFGADDRH_HHXS_SHIFT) &
348             APLIC_xMSICFGADDRH_HHXS_MASK;
349     hhxw = (msicfgaddrH >> APLIC_xMSICFGADDRH_HHXW_SHIFT) &
350             APLIC_xMSICFGADDRH_HHXW_MASK;
351 
352     group_idx = hart_idx >> lhxw;
353     hart_idx &= APLIC_xMSICFGADDR_PPN_LHX_MASK(lhxw);
354 
355     addr = msicfgaddr;
356     addr |= ((uint64_t)(msicfgaddrH & APLIC_xMSICFGADDRH_BAPPN_MASK)) << 32;
357     addr |= ((uint64_t)(group_idx & APLIC_xMSICFGADDR_PPN_HHX_MASK(hhxw))) <<
358              APLIC_xMSICFGADDR_PPN_HHX_SHIFT(hhxs);
359     addr |= ((uint64_t)(hart_idx & APLIC_xMSICFGADDR_PPN_LHX_MASK(lhxw))) <<
360              APLIC_xMSICFGADDR_PPN_LHX_SHIFT(lhxs);
361     addr |= (uint64_t)(guest_idx & APLIC_xMSICFGADDR_PPN_HART(lhxs));
362     addr <<= APLIC_xMSICFGADDR_PPN_SHIFT;
363 
364     address_space_stl_le(&address_space_memory, addr,
365                          eiid, MEMTXATTRS_UNSPECIFIED, &result);
366     if (result != MEMTX_OK) {
367         qemu_log_mask(LOG_GUEST_ERROR, "%s: MSI write failed for "
368                       "hart_index=%d guest_index=%d eiid=%d\n",
369                       __func__, hart_idx, guest_idx, eiid);
370     }
371 }
372 
373 static void riscv_aplic_msi_irq_update(RISCVAPLICState *aplic, uint32_t irq)
374 {
375     uint32_t hart_idx, guest_idx, eiid;
376 
377     if (!aplic->msimode || (aplic->num_irqs <= irq) ||
378         !(aplic->domaincfg & APLIC_DOMAINCFG_IE)) {
379         return;
380     }
381 
382     if ((aplic->state[irq] & APLIC_ISTATE_ENPEND) != APLIC_ISTATE_ENPEND) {
383         return;
384     }
385 
386     riscv_aplic_set_pending_raw(aplic, irq, false);
387 
388     hart_idx = aplic->target[irq] >> APLIC_TARGET_HART_IDX_SHIFT;
389     hart_idx &= APLIC_TARGET_HART_IDX_MASK;
390     if (aplic->mmode) {
391         /* M-level APLIC ignores guest_index */
392         guest_idx = 0;
393     } else {
394         guest_idx = aplic->target[irq] >> APLIC_TARGET_GUEST_IDX_SHIFT;
395         guest_idx &= APLIC_TARGET_GUEST_IDX_MASK;
396     }
397     eiid = aplic->target[irq] & APLIC_TARGET_EIID_MASK;
398     riscv_aplic_msi_send(aplic, hart_idx, guest_idx, eiid);
399 }
400 
401 static uint32_t riscv_aplic_idc_topi(RISCVAPLICState *aplic, uint32_t idc)
402 {
403     uint32_t best_irq, best_iprio;
404     uint32_t irq, iprio, ihartidx, ithres;
405 
406     if (aplic->num_harts <= idc) {
407         return 0;
408     }
409 
410     ithres = aplic->ithreshold[idc];
411     best_irq = best_iprio = UINT32_MAX;
412     for (irq = 1; irq < aplic->num_irqs; irq++) {
413         if ((aplic->state[irq] & APLIC_ISTATE_ENPEND) !=
414             APLIC_ISTATE_ENPEND) {
415             continue;
416         }
417 
418         ihartidx = aplic->target[irq] >> APLIC_TARGET_HART_IDX_SHIFT;
419         ihartidx &= APLIC_TARGET_HART_IDX_MASK;
420         if (ihartidx != idc) {
421             continue;
422         }
423 
424         iprio = aplic->target[irq] & aplic->iprio_mask;
425         if (ithres && iprio >= ithres) {
426             continue;
427         }
428 
429         if (iprio < best_iprio) {
430             best_irq = irq;
431             best_iprio = iprio;
432         }
433     }
434 
435     if (best_irq < aplic->num_irqs && best_iprio <= aplic->iprio_mask) {
436         return (best_irq << APLIC_IDC_TOPI_ID_SHIFT) | best_iprio;
437     }
438 
439     return 0;
440 }
441 
442 static void riscv_aplic_idc_update(RISCVAPLICState *aplic, uint32_t idc)
443 {
444     uint32_t topi;
445 
446     if (aplic->msimode || aplic->num_harts <= idc) {
447         return;
448     }
449 
450     topi = riscv_aplic_idc_topi(aplic, idc);
451     if ((aplic->domaincfg & APLIC_DOMAINCFG_IE) &&
452         aplic->idelivery[idc] &&
453         (aplic->iforce[idc] || topi)) {
454         qemu_irq_raise(aplic->external_irqs[idc]);
455     } else {
456         qemu_irq_lower(aplic->external_irqs[idc]);
457     }
458 }
459 
460 static uint32_t riscv_aplic_idc_claimi(RISCVAPLICState *aplic, uint32_t idc)
461 {
462     uint32_t irq, state, sm, topi = riscv_aplic_idc_topi(aplic, idc);
463 
464     if (!topi) {
465         aplic->iforce[idc] = 0;
466         return 0;
467     }
468 
469     irq = (topi >> APLIC_IDC_TOPI_ID_SHIFT) & APLIC_IDC_TOPI_ID_MASK;
470     sm = aplic->sourcecfg[irq] & APLIC_SOURCECFG_SM_MASK;
471     state = aplic->state[irq];
472     riscv_aplic_set_pending_raw(aplic, irq, false);
473     if ((sm == APLIC_SOURCECFG_SM_LEVEL_HIGH) &&
474         (state & APLIC_ISTATE_INPUT)) {
475         riscv_aplic_set_pending_raw(aplic, irq, true);
476     } else if ((sm == APLIC_SOURCECFG_SM_LEVEL_LOW) &&
477                !(state & APLIC_ISTATE_INPUT)) {
478         riscv_aplic_set_pending_raw(aplic, irq, true);
479     }
480     riscv_aplic_idc_update(aplic, idc);
481 
482     return topi;
483 }
484 
485 static void riscv_aplic_request(void *opaque, int irq, int level)
486 {
487     bool update = false;
488     RISCVAPLICState *aplic = opaque;
489     uint32_t sourcecfg, childidx, state, idc;
490 
491     assert((0 < irq) && (irq < aplic->num_irqs));
492 
493     sourcecfg = aplic->sourcecfg[irq];
494     if (sourcecfg & APLIC_SOURCECFG_D) {
495         childidx = sourcecfg & APLIC_SOURCECFG_CHILDIDX_MASK;
496         if (childidx < aplic->num_children) {
497             riscv_aplic_request(aplic->children[childidx], irq, level);
498         }
499         return;
500     }
501 
502     state = aplic->state[irq];
503     switch (sourcecfg & APLIC_SOURCECFG_SM_MASK) {
504     case APLIC_SOURCECFG_SM_EDGE_RISE:
505         if ((level > 0) && !(state & APLIC_ISTATE_INPUT) &&
506             !(state & APLIC_ISTATE_PENDING)) {
507             riscv_aplic_set_pending_raw(aplic, irq, true);
508             update = true;
509         }
510         break;
511     case APLIC_SOURCECFG_SM_EDGE_FALL:
512         if ((level <= 0) && (state & APLIC_ISTATE_INPUT) &&
513             !(state & APLIC_ISTATE_PENDING)) {
514             riscv_aplic_set_pending_raw(aplic, irq, true);
515             update = true;
516         }
517         break;
518     case APLIC_SOURCECFG_SM_LEVEL_HIGH:
519         if ((level > 0) && !(state & APLIC_ISTATE_PENDING)) {
520             riscv_aplic_set_pending_raw(aplic, irq, true);
521             update = true;
522         }
523         break;
524     case APLIC_SOURCECFG_SM_LEVEL_LOW:
525         if ((level <= 0) && !(state & APLIC_ISTATE_PENDING)) {
526             riscv_aplic_set_pending_raw(aplic, irq, true);
527             update = true;
528         }
529         break;
530     default:
531         break;
532     }
533 
534     if (level <= 0) {
535         aplic->state[irq] &= ~APLIC_ISTATE_INPUT;
536     } else {
537         aplic->state[irq] |= APLIC_ISTATE_INPUT;
538     }
539 
540     if (update) {
541         if (aplic->msimode) {
542             riscv_aplic_msi_irq_update(aplic, irq);
543         } else {
544             idc = aplic->target[irq] >> APLIC_TARGET_HART_IDX_SHIFT;
545             idc &= APLIC_TARGET_HART_IDX_MASK;
546             riscv_aplic_idc_update(aplic, idc);
547         }
548     }
549 }
550 
551 static uint64_t riscv_aplic_read(void *opaque, hwaddr addr, unsigned size)
552 {
553     uint32_t irq, word, idc;
554     RISCVAPLICState *aplic = opaque;
555 
556     /* Reads must be 4 byte words */
557     if ((addr & 0x3) != 0) {
558         goto err;
559     }
560 
561     if (addr == APLIC_DOMAINCFG) {
562         return APLIC_DOMAINCFG_RDONLY | aplic->domaincfg |
563                (aplic->msimode ? APLIC_DOMAINCFG_DM : 0);
564     } else if ((APLIC_SOURCECFG_BASE <= addr) &&
565             (addr < (APLIC_SOURCECFG_BASE + (aplic->num_irqs - 1) * 4))) {
566         irq  = ((addr - APLIC_SOURCECFG_BASE) >> 2) + 1;
567         return aplic->sourcecfg[irq];
568     } else if (aplic->mmode && aplic->msimode &&
569                (addr == APLIC_MMSICFGADDR)) {
570         return aplic->mmsicfgaddr;
571     } else if (aplic->mmode && aplic->msimode &&
572                (addr == APLIC_MMSICFGADDRH)) {
573         return aplic->mmsicfgaddrH;
574     } else if (aplic->mmode && aplic->msimode &&
575                (addr == APLIC_SMSICFGADDR)) {
576         /*
577          * Registers SMSICFGADDR and SMSICFGADDRH are implemented only if:
578          * (a) the interrupt domain is at machine level
579          * (b) the domain's harts implement supervisor mode
580          * (c) the domain has one or more child supervisor-level domains
581          *     that support MSI delivery mode (domaincfg.DM is not read-
582          *     only zero in at least one of the supervisor-level child
583          * domains).
584          */
585         return (aplic->num_children) ? aplic->smsicfgaddr : 0;
586     } else if (aplic->mmode && aplic->msimode &&
587                (addr == APLIC_SMSICFGADDRH)) {
588         return (aplic->num_children) ? aplic->smsicfgaddrH : 0;
589     } else if ((APLIC_SETIP_BASE <= addr) &&
590             (addr < (APLIC_SETIP_BASE + aplic->bitfield_words * 4))) {
591         word = (addr - APLIC_SETIP_BASE) >> 2;
592         return riscv_aplic_read_pending_word(aplic, word);
593     } else if (addr == APLIC_SETIPNUM) {
594         return 0;
595     } else if ((APLIC_CLRIP_BASE <= addr) &&
596             (addr < (APLIC_CLRIP_BASE + aplic->bitfield_words * 4))) {
597         word = (addr - APLIC_CLRIP_BASE) >> 2;
598         return riscv_aplic_read_input_word(aplic, word);
599     } else if (addr == APLIC_CLRIPNUM) {
600         return 0;
601     } else if ((APLIC_SETIE_BASE <= addr) &&
602             (addr < (APLIC_SETIE_BASE + aplic->bitfield_words * 4))) {
603         word = (addr - APLIC_SETIE_BASE) >> 2;
604         return riscv_aplic_read_enabled_word(aplic, word);
605     } else if (addr == APLIC_SETIENUM) {
606         return 0;
607     } else if ((APLIC_CLRIE_BASE <= addr) &&
608             (addr < (APLIC_CLRIE_BASE + aplic->bitfield_words * 4))) {
609         return 0;
610     } else if (addr == APLIC_CLRIENUM) {
611         return 0;
612     } else if (addr == APLIC_SETIPNUM_LE) {
613         return 0;
614     } else if (addr == APLIC_SETIPNUM_BE) {
615         return 0;
616     } else if (addr == APLIC_GENMSI) {
617         return (aplic->msimode) ? aplic->genmsi : 0;
618     } else if ((APLIC_TARGET_BASE <= addr) &&
619             (addr < (APLIC_TARGET_BASE + (aplic->num_irqs - 1) * 4))) {
620         irq = ((addr - APLIC_TARGET_BASE) >> 2) + 1;
621         return aplic->target[irq];
622     } else if (!aplic->msimode && (APLIC_IDC_BASE <= addr) &&
623             (addr < (APLIC_IDC_BASE + aplic->num_harts * APLIC_IDC_SIZE))) {
624         idc = (addr - APLIC_IDC_BASE) / APLIC_IDC_SIZE;
625         switch (addr - (APLIC_IDC_BASE + idc * APLIC_IDC_SIZE)) {
626         case APLIC_IDC_IDELIVERY:
627             return aplic->idelivery[idc];
628         case APLIC_IDC_IFORCE:
629             return aplic->iforce[idc];
630         case APLIC_IDC_ITHRESHOLD:
631             return aplic->ithreshold[idc];
632         case APLIC_IDC_TOPI:
633             return riscv_aplic_idc_topi(aplic, idc);
634         case APLIC_IDC_CLAIMI:
635             return riscv_aplic_idc_claimi(aplic, idc);
636         default:
637             goto err;
638         };
639     }
640 
641 err:
642     qemu_log_mask(LOG_GUEST_ERROR,
643                   "%s: Invalid register read 0x%" HWADDR_PRIx "\n",
644                   __func__, addr);
645     return 0;
646 }
647 
648 static void riscv_aplic_write(void *opaque, hwaddr addr, uint64_t value,
649         unsigned size)
650 {
651     RISCVAPLICState *aplic = opaque;
652     uint32_t irq, word, idc = UINT32_MAX;
653 
654     /* Writes must be 4 byte words */
655     if ((addr & 0x3) != 0) {
656         goto err;
657     }
658 
659     if (addr == APLIC_DOMAINCFG) {
660         /* Only IE bit writable at the moment */
661         value &= APLIC_DOMAINCFG_IE;
662         aplic->domaincfg = value;
663     } else if ((APLIC_SOURCECFG_BASE <= addr) &&
664             (addr < (APLIC_SOURCECFG_BASE + (aplic->num_irqs - 1) * 4))) {
665         irq  = ((addr - APLIC_SOURCECFG_BASE) >> 2) + 1;
666         if (!aplic->num_children && (value & APLIC_SOURCECFG_D)) {
667             value = 0;
668         }
669         if (value & APLIC_SOURCECFG_D) {
670             value &= (APLIC_SOURCECFG_D | APLIC_SOURCECFG_CHILDIDX_MASK);
671         } else {
672             value &= (APLIC_SOURCECFG_D | APLIC_SOURCECFG_SM_MASK);
673         }
674         aplic->sourcecfg[irq] = value;
675         if ((aplic->sourcecfg[irq] & APLIC_SOURCECFG_D) ||
676             (aplic->sourcecfg[irq] == 0)) {
677             riscv_aplic_set_pending_raw(aplic, irq, false);
678             riscv_aplic_set_enabled_raw(aplic, irq, false);
679         }
680     } else if (aplic->mmode && aplic->msimode &&
681                (addr == APLIC_MMSICFGADDR)) {
682         if (!(aplic->mmsicfgaddrH & APLIC_xMSICFGADDRH_L)) {
683             aplic->mmsicfgaddr = value;
684         }
685     } else if (aplic->mmode && aplic->msimode &&
686                (addr == APLIC_MMSICFGADDRH)) {
687         if (!(aplic->mmsicfgaddrH & APLIC_xMSICFGADDRH_L)) {
688             aplic->mmsicfgaddrH = value & APLIC_xMSICFGADDRH_VALID_MASK;
689         }
690     } else if (aplic->mmode && aplic->msimode &&
691                (addr == APLIC_SMSICFGADDR)) {
692         /*
693          * Registers SMSICFGADDR and SMSICFGADDRH are implemented only if:
694          * (a) the interrupt domain is at machine level
695          * (b) the domain's harts implement supervisor mode
696          * (c) the domain has one or more child supervisor-level domains
697          *     that support MSI delivery mode (domaincfg.DM is not read-
698          *     only zero in at least one of the supervisor-level child
699          * domains).
700          */
701         if (aplic->num_children &&
702             !(aplic->mmsicfgaddrH & APLIC_xMSICFGADDRH_L)) {
703             aplic->smsicfgaddr = value;
704         }
705     } else if (aplic->mmode && aplic->msimode &&
706                (addr == APLIC_SMSICFGADDRH)) {
707         if (aplic->num_children &&
708             !(aplic->mmsicfgaddrH & APLIC_xMSICFGADDRH_L)) {
709             aplic->smsicfgaddrH = value & APLIC_xMSICFGADDRH_VALID_MASK;
710         }
711     } else if ((APLIC_SETIP_BASE <= addr) &&
712             (addr < (APLIC_SETIP_BASE + aplic->bitfield_words * 4))) {
713         word = (addr - APLIC_SETIP_BASE) >> 2;
714         riscv_aplic_set_pending_word(aplic, word, value, true);
715     } else if (addr == APLIC_SETIPNUM) {
716         riscv_aplic_set_pending(aplic, value, true);
717     } else if ((APLIC_CLRIP_BASE <= addr) &&
718             (addr < (APLIC_CLRIP_BASE + aplic->bitfield_words * 4))) {
719         word = (addr - APLIC_CLRIP_BASE) >> 2;
720         riscv_aplic_set_pending_word(aplic, word, value, false);
721     } else if (addr == APLIC_CLRIPNUM) {
722         riscv_aplic_set_pending(aplic, value, false);
723     } else if ((APLIC_SETIE_BASE <= addr) &&
724             (addr < (APLIC_SETIE_BASE + aplic->bitfield_words * 4))) {
725         word = (addr - APLIC_SETIE_BASE) >> 2;
726         riscv_aplic_set_enabled_word(aplic, word, value, true);
727     } else if (addr == APLIC_SETIENUM) {
728         riscv_aplic_set_enabled(aplic, value, true);
729     } else if ((APLIC_CLRIE_BASE <= addr) &&
730             (addr < (APLIC_CLRIE_BASE + aplic->bitfield_words * 4))) {
731         word = (addr - APLIC_CLRIE_BASE) >> 2;
732         riscv_aplic_set_enabled_word(aplic, word, value, false);
733     } else if (addr == APLIC_CLRIENUM) {
734         riscv_aplic_set_enabled(aplic, value, false);
735     } else if (addr == APLIC_SETIPNUM_LE) {
736         riscv_aplic_set_pending(aplic, value, true);
737     } else if (addr == APLIC_SETIPNUM_BE) {
738         riscv_aplic_set_pending(aplic, bswap32(value), true);
739     } else if (addr == APLIC_GENMSI) {
740         if (aplic->msimode) {
741             aplic->genmsi = value & ~(APLIC_TARGET_GUEST_IDX_MASK <<
742                                       APLIC_TARGET_GUEST_IDX_SHIFT);
743             riscv_aplic_msi_send(aplic,
744                                  value >> APLIC_TARGET_HART_IDX_SHIFT,
745                                  0,
746                                  value & APLIC_TARGET_EIID_MASK);
747         }
748     } else if ((APLIC_TARGET_BASE <= addr) &&
749             (addr < (APLIC_TARGET_BASE + (aplic->num_irqs - 1) * 4))) {
750         irq = ((addr - APLIC_TARGET_BASE) >> 2) + 1;
751         if (aplic->msimode) {
752             aplic->target[irq] = value;
753         } else {
754             aplic->target[irq] = (value & ~APLIC_TARGET_IPRIO_MASK) |
755                                  ((value & aplic->iprio_mask) ?
756                                   (value & aplic->iprio_mask) : 1);
757         }
758     } else if (!aplic->msimode && (APLIC_IDC_BASE <= addr) &&
759             (addr < (APLIC_IDC_BASE + aplic->num_harts * APLIC_IDC_SIZE))) {
760         idc = (addr - APLIC_IDC_BASE) / APLIC_IDC_SIZE;
761         switch (addr - (APLIC_IDC_BASE + idc * APLIC_IDC_SIZE)) {
762         case APLIC_IDC_IDELIVERY:
763             aplic->idelivery[idc] = value & 0x1;
764             break;
765         case APLIC_IDC_IFORCE:
766             aplic->iforce[idc] = value & 0x1;
767             break;
768         case APLIC_IDC_ITHRESHOLD:
769             aplic->ithreshold[idc] = value & aplic->iprio_mask;
770             break;
771         default:
772             goto err;
773         };
774     } else {
775         goto err;
776     }
777 
778     if (aplic->msimode) {
779         for (irq = 1; irq < aplic->num_irqs; irq++) {
780             riscv_aplic_msi_irq_update(aplic, irq);
781         }
782     } else {
783         if (idc == UINT32_MAX) {
784             for (idc = 0; idc < aplic->num_harts; idc++) {
785                 riscv_aplic_idc_update(aplic, idc);
786             }
787         } else {
788             riscv_aplic_idc_update(aplic, idc);
789         }
790     }
791 
792     return;
793 
794 err:
795     qemu_log_mask(LOG_GUEST_ERROR,
796                   "%s: Invalid register write 0x%" HWADDR_PRIx "\n",
797                   __func__, addr);
798 }
799 
800 static const MemoryRegionOps riscv_aplic_ops = {
801     .read = riscv_aplic_read,
802     .write = riscv_aplic_write,
803     .endianness = DEVICE_LITTLE_ENDIAN,
804     .valid = {
805         .min_access_size = 4,
806         .max_access_size = 4
807     }
808 };
809 
810 static void riscv_aplic_realize(DeviceState *dev, Error **errp)
811 {
812     uint32_t i;
813     RISCVAPLICState *aplic = RISCV_APLIC(dev);
814 
815     if (!is_kvm_aia(aplic->msimode)) {
816         aplic->bitfield_words = (aplic->num_irqs + 31) >> 5;
817         aplic->sourcecfg = g_new0(uint32_t, aplic->num_irqs);
818         aplic->state = g_new0(uint32_t, aplic->num_irqs);
819         aplic->target = g_new0(uint32_t, aplic->num_irqs);
820         if (!aplic->msimode) {
821             for (i = 0; i < aplic->num_irqs; i++) {
822                 aplic->target[i] = 1;
823             }
824         }
825         aplic->idelivery = g_new0(uint32_t, aplic->num_harts);
826         aplic->iforce = g_new0(uint32_t, aplic->num_harts);
827         aplic->ithreshold = g_new0(uint32_t, aplic->num_harts);
828 
829         memory_region_init_io(&aplic->mmio, OBJECT(dev), &riscv_aplic_ops,
830                               aplic, TYPE_RISCV_APLIC, aplic->aperture_size);
831         sysbus_init_mmio(SYS_BUS_DEVICE(dev), &aplic->mmio);
832     }
833 
834     /*
835      * Only root APLICs have hardware IRQ lines. All non-root APLICs
836      * have IRQ lines delegated by their parent APLIC.
837      */
838     if (!aplic->parent) {
839         if (kvm_enabled() && is_kvm_aia(aplic->msimode)) {
840             qdev_init_gpio_in(dev, riscv_kvm_aplic_request, aplic->num_irqs);
841         } else {
842             qdev_init_gpio_in(dev, riscv_aplic_request, aplic->num_irqs);
843         }
844     }
845 
846     /* Create output IRQ lines for non-MSI mode */
847     if (!aplic->msimode) {
848         aplic->external_irqs = g_malloc(sizeof(qemu_irq) * aplic->num_harts);
849         qdev_init_gpio_out(dev, aplic->external_irqs, aplic->num_harts);
850 
851         /* Claim the CPU interrupt to be triggered by this APLIC */
852         for (i = 0; i < aplic->num_harts; i++) {
853             RISCVCPU *cpu = RISCV_CPU(cpu_by_arch_id(aplic->hartid_base + i));
854             if (riscv_cpu_claim_interrupts(cpu,
855                 (aplic->mmode) ? MIP_MEIP : MIP_SEIP) < 0) {
856                 error_report("%s already claimed",
857                              (aplic->mmode) ? "MEIP" : "SEIP");
858                 exit(1);
859             }
860         }
861     }
862 
863     msi_nonbroken = true;
864 }
865 
866 static Property riscv_aplic_properties[] = {
867     DEFINE_PROP_UINT32("aperture-size", RISCVAPLICState, aperture_size, 0),
868     DEFINE_PROP_UINT32("hartid-base", RISCVAPLICState, hartid_base, 0),
869     DEFINE_PROP_UINT32("num-harts", RISCVAPLICState, num_harts, 0),
870     DEFINE_PROP_UINT32("iprio-mask", RISCVAPLICState, iprio_mask, 0),
871     DEFINE_PROP_UINT32("num-irqs", RISCVAPLICState, num_irqs, 0),
872     DEFINE_PROP_BOOL("msimode", RISCVAPLICState, msimode, 0),
873     DEFINE_PROP_BOOL("mmode", RISCVAPLICState, mmode, 0),
874     DEFINE_PROP_END_OF_LIST(),
875 };
876 
877 static const VMStateDescription vmstate_riscv_aplic = {
878     .name = "riscv_aplic",
879     .version_id = 1,
880     .minimum_version_id = 1,
881     .fields = (const VMStateField[]) {
882             VMSTATE_UINT32(domaincfg, RISCVAPLICState),
883             VMSTATE_UINT32(mmsicfgaddr, RISCVAPLICState),
884             VMSTATE_UINT32(mmsicfgaddrH, RISCVAPLICState),
885             VMSTATE_UINT32(smsicfgaddr, RISCVAPLICState),
886             VMSTATE_UINT32(smsicfgaddrH, RISCVAPLICState),
887             VMSTATE_UINT32(genmsi, RISCVAPLICState),
888             VMSTATE_VARRAY_UINT32(sourcecfg, RISCVAPLICState,
889                                   num_irqs, 0,
890                                   vmstate_info_uint32, uint32_t),
891             VMSTATE_VARRAY_UINT32(state, RISCVAPLICState,
892                                   num_irqs, 0,
893                                   vmstate_info_uint32, uint32_t),
894             VMSTATE_VARRAY_UINT32(target, RISCVAPLICState,
895                                   num_irqs, 0,
896                                   vmstate_info_uint32, uint32_t),
897             VMSTATE_VARRAY_UINT32(idelivery, RISCVAPLICState,
898                                   num_harts, 0,
899                                   vmstate_info_uint32, uint32_t),
900             VMSTATE_VARRAY_UINT32(iforce, RISCVAPLICState,
901                                   num_harts, 0,
902                                   vmstate_info_uint32, uint32_t),
903             VMSTATE_VARRAY_UINT32(ithreshold, RISCVAPLICState,
904                                   num_harts, 0,
905                                   vmstate_info_uint32, uint32_t),
906             VMSTATE_END_OF_LIST()
907         }
908 };
909 
910 static void riscv_aplic_class_init(ObjectClass *klass, void *data)
911 {
912     DeviceClass *dc = DEVICE_CLASS(klass);
913 
914     device_class_set_props(dc, riscv_aplic_properties);
915     dc->realize = riscv_aplic_realize;
916     dc->vmsd = &vmstate_riscv_aplic;
917 }
918 
919 static const TypeInfo riscv_aplic_info = {
920     .name          = TYPE_RISCV_APLIC,
921     .parent        = TYPE_SYS_BUS_DEVICE,
922     .instance_size = sizeof(RISCVAPLICState),
923     .class_init    = riscv_aplic_class_init,
924 };
925 
926 static void riscv_aplic_register_types(void)
927 {
928     type_register_static(&riscv_aplic_info);
929 }
930 
931 type_init(riscv_aplic_register_types)
932 
933 /*
934  * Add a APLIC device to another APLIC device as child for
935  * interrupt delegation.
936  */
937 void riscv_aplic_add_child(DeviceState *parent, DeviceState *child)
938 {
939     RISCVAPLICState *caplic, *paplic;
940 
941     assert(parent && child);
942     caplic = RISCV_APLIC(child);
943     paplic = RISCV_APLIC(parent);
944 
945     assert(paplic->num_irqs == caplic->num_irqs);
946     assert(paplic->num_children <= QEMU_APLIC_MAX_CHILDREN);
947 
948     caplic->parent = paplic;
949     paplic->children[paplic->num_children] = caplic;
950     paplic->num_children++;
951 }
952 
953 /*
954  * Create APLIC device.
955  */
956 DeviceState *riscv_aplic_create(hwaddr addr, hwaddr size,
957     uint32_t hartid_base, uint32_t num_harts, uint32_t num_sources,
958     uint32_t iprio_bits, bool msimode, bool mmode, DeviceState *parent)
959 {
960     DeviceState *dev = qdev_new(TYPE_RISCV_APLIC);
961     uint32_t i;
962 
963     assert(num_harts < APLIC_MAX_IDC);
964     assert((APLIC_IDC_BASE + (num_harts * APLIC_IDC_SIZE)) <= size);
965     assert(num_sources < APLIC_MAX_SOURCE);
966     assert(APLIC_MIN_IPRIO_BITS <= iprio_bits);
967     assert(iprio_bits <= APLIC_MAX_IPRIO_BITS);
968 
969     qdev_prop_set_uint32(dev, "aperture-size", size);
970     qdev_prop_set_uint32(dev, "hartid-base", hartid_base);
971     qdev_prop_set_uint32(dev, "num-harts", num_harts);
972     qdev_prop_set_uint32(dev, "iprio-mask", ((1U << iprio_bits) - 1));
973     qdev_prop_set_uint32(dev, "num-irqs", num_sources + 1);
974     qdev_prop_set_bit(dev, "msimode", msimode);
975     qdev_prop_set_bit(dev, "mmode", mmode);
976 
977     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
978 
979     if (!is_kvm_aia(msimode)) {
980         sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, addr);
981     }
982 
983     if (parent) {
984         riscv_aplic_add_child(parent, dev);
985     }
986 
987     if (!msimode) {
988         for (i = 0; i < num_harts; i++) {
989             CPUState *cpu = cpu_by_arch_id(hartid_base + i);
990 
991             qdev_connect_gpio_out_named(dev, NULL, i,
992                                         qdev_get_gpio_in(DEVICE(cpu),
993                                             (mmode) ? IRQ_M_EXT : IRQ_S_EXT));
994         }
995     }
996 
997     return dev;
998 }
999