1 // SPDX-License-Identifier: GPL-2.0-only
3 * Copyright 2017 Benjamin Herrenschmidt, IBM Corporation.
6 #define pr_fmt(fmt) "xive-kvm: " fmt
8 #include <linux/kernel.h>
9 #include <linux/kvm_host.h>
10 #include <linux/err.h>
11 #include <linux/gfp.h>
12 #include <linux/spinlock.h>
13 #include <linux/delay.h>
14 #include <linux/percpu.h>
15 #include <linux/cpumask.h>
16 #include <linux/uaccess.h>
17 #include <linux/irqdomain.h>
18 #include <asm/kvm_book3s.h>
19 #include <asm/kvm_ppc.h>
20 #include <asm/hvcall.h>
23 #include <asm/xive-regs.h>
24 #include <asm/debug.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
31 #include "book3s_xive.h"
33 #define __x_eoi_page(xd) ((void __iomem *)((xd)->eoi_mmio))
34 #define __x_trig_page(xd) ((void __iomem *)((xd)->trig_mmio))
36 /* Dummy interrupt used when taking interrupts out of a queue in H_CPPR */
39 static void xive_vm_ack_pending(struct kvmppc_xive_vcpu *xc)
45 * Ensure any previous store to CPPR is ordered vs.
46 * the subsequent loads from PIPR or ACK.
50 /* Perform the acknowledge OS to register cycle. */
51 ack = be16_to_cpu(__raw_readw(xive_tima + TM_SPC_ACK_OS_REG));
53 /* Synchronize subsequent queue accesses */
56 /* XXX Check grouping level */
59 if (!((ack >> 8) & TM_QW1_NSR_EO))
62 /* Grab CPPR of the most favored pending interrupt */
65 xc->pending |= 1 << cppr;
67 /* Check consistency */
68 if (cppr >= xc->hw_cppr)
69 pr_warn("KVM-XIVE: CPU %d odd ack CPPR, got %d at %d\n",
70 smp_processor_id(), cppr, xc->hw_cppr);
73 * Update our image of the HW CPPR. We don't yet modify
74 * xc->cppr, this will be done as we scan for interrupts
80 static u8 xive_vm_esb_load(struct xive_irq_data *xd, u32 offset)
84 if (offset == XIVE_ESB_SET_PQ_10 && xd->flags & XIVE_IRQ_FLAG_STORE_EOI)
85 offset |= XIVE_ESB_LD_ST_MO;
87 val = __raw_readq(__x_eoi_page(xd) + offset);
88 #ifdef __LITTLE_ENDIAN__
95 static void xive_vm_source_eoi(u32 hw_irq, struct xive_irq_data *xd)
97 /* If the XIVE supports the new "store EOI facility, use it */
98 if (xd->flags & XIVE_IRQ_FLAG_STORE_EOI)
99 __raw_writeq(0, __x_eoi_page(xd) + XIVE_ESB_STORE_EOI);
100 else if (xd->flags & XIVE_IRQ_FLAG_LSI) {
102 * For LSIs the HW EOI cycle is used rather than PQ bits,
103 * as they are automatically re-triggred in HW when still
106 __raw_readq(__x_eoi_page(xd) + XIVE_ESB_LOAD_EOI);
111 * Otherwise for EOI, we use the special MMIO that does
112 * a clear of both P and Q and returns the old Q,
113 * except for LSIs where we use the "EOI cycle" special
116 * This allows us to then do a re-trigger if Q was set
117 * rather than synthetizing an interrupt in software
119 eoi_val = xive_vm_esb_load(xd, XIVE_ESB_SET_PQ_00);
121 /* Re-trigger if needed */
122 if ((eoi_val & 1) && __x_trig_page(xd))
123 __raw_writeq(0, __x_trig_page(xd));
133 static u32 xive_vm_scan_interrupts(struct kvmppc_xive_vcpu *xc,
134 u8 pending, int scan_type)
139 /* Find highest pending priority */
140 while ((xc->mfrr != 0xff || pending != 0) && hirq == 0) {
146 * If pending is 0 this will return 0xff which is what
149 prio = ffs(pending) - 1;
151 /* Don't scan past the guest cppr */
152 if (prio >= xc->cppr || prio > 7) {
153 if (xc->mfrr < xc->cppr) {
160 /* Grab queue and pointers */
161 q = &xc->queues[prio];
166 * Snapshot the queue page. The test further down for EOI
167 * must use the same "copy" that was used by __xive_read_eq
168 * since qpage can be set concurrently and we don't want
171 qpage = READ_ONCE(q->qpage);
175 * Try to fetch from the queue. Will return 0 for a
176 * non-queueing priority (ie, qpage = 0).
178 hirq = __xive_read_eq(qpage, q->msk, &idx, &toggle);
181 * If this was a signal for an MFFR change done by
182 * H_IPI we skip it. Additionally, if we were fetching
183 * we EOI it now, thus re-enabling reception of a new
186 * We also need to do that if prio is 0 and we had no
187 * page for the queue. In this case, we have non-queued
188 * IPI that needs to be EOId.
190 * This is safe because if we have another pending MFRR
191 * change that wasn't observed above, the Q bit will have
192 * been set and another occurrence of the IPI will trigger.
194 if (hirq == XICS_IPI || (prio == 0 && !qpage)) {
195 if (scan_type == scan_fetch) {
196 xive_vm_source_eoi(xc->vp_ipi,
201 /* Loop back on same queue with updated idx/toggle */
202 WARN_ON(hirq && hirq != XICS_IPI);
207 /* If it's the dummy interrupt, continue searching */
208 if (hirq == XICS_DUMMY)
211 /* Clear the pending bit if the queue is now empty */
213 pending &= ~(1 << prio);
216 * Check if the queue count needs adjusting due to
217 * interrupts being moved away.
219 if (atomic_read(&q->pending_count)) {
220 int p = atomic_xchg(&q->pending_count, 0);
223 WARN_ON(p > atomic_read(&q->count));
224 atomic_sub(p, &q->count);
230 * If the most favoured prio we found pending is less
231 * favored (or equal) than a pending IPI, we return
234 if (prio >= xc->mfrr && xc->mfrr < xc->cppr) {
240 /* If fetching, update queue pointers */
241 if (scan_type == scan_fetch) {
247 /* If we are just taking a "peek", do nothing else */
248 if (scan_type == scan_poll)
251 /* Update the pending bits */
252 xc->pending = pending;
255 * If this is an EOI that's it, no CPPR adjustment done here,
256 * all we needed was cleanup the stale pending bits and check
257 * if there's anything left.
259 if (scan_type == scan_eoi)
263 * If we found an interrupt, adjust what the guest CPPR should
264 * be as if we had just fetched that interrupt from HW.
266 * Note: This can only make xc->cppr smaller as the previous
267 * loop will only exit with hirq != 0 if prio is lower than
268 * the current xc->cppr. Thus we don't need to re-check xc->mfrr
274 * If it was an IPI the HW CPPR might have been lowered too much
275 * as the HW interrupt we use for IPIs is routed to priority 0.
277 * We re-sync it here.
279 if (xc->cppr != xc->hw_cppr) {
280 xc->hw_cppr = xc->cppr;
281 __raw_writeb(xc->cppr, xive_tima + TM_QW1_OS + TM_CPPR);
287 static unsigned long xive_vm_h_xirr(struct kvm_vcpu *vcpu)
289 struct kvmppc_xive_vcpu *xc = vcpu->arch.xive_vcpu;
293 pr_devel("H_XIRR\n");
295 xc->stat_vm_h_xirr++;
297 /* First collect pending bits from HW */
298 xive_vm_ack_pending(xc);
300 pr_devel(" new pending=0x%02x hw_cppr=%d cppr=%d\n",
301 xc->pending, xc->hw_cppr, xc->cppr);
303 /* Grab previous CPPR and reverse map it */
304 old_cppr = xive_prio_to_guest(xc->cppr);
306 /* Scan for actual interrupts */
307 hirq = xive_vm_scan_interrupts(xc, xc->pending, scan_fetch);
309 pr_devel(" got hirq=0x%x hw_cppr=%d cppr=%d\n",
310 hirq, xc->hw_cppr, xc->cppr);
312 /* That should never hit */
313 if (hirq & 0xff000000)
314 pr_warn("XIVE: Weird guest interrupt number 0x%08x\n", hirq);
317 * XXX We could check if the interrupt is masked here and
318 * filter it. If we chose to do so, we would need to do:
330 /* Return interrupt and old CPPR in GPR4 */
331 vcpu->arch.regs.gpr[4] = hirq | (old_cppr << 24);
336 static unsigned long xive_vm_h_ipoll(struct kvm_vcpu *vcpu, unsigned long server)
338 struct kvmppc_xive_vcpu *xc = vcpu->arch.xive_vcpu;
339 u8 pending = xc->pending;
342 pr_devel("H_IPOLL(server=%ld)\n", server);
344 xc->stat_vm_h_ipoll++;
346 /* Grab the target VCPU if not the current one */
347 if (xc->server_num != server) {
348 vcpu = kvmppc_xive_find_server(vcpu->kvm, server);
351 xc = vcpu->arch.xive_vcpu;
353 /* Scan all priorities */
356 /* Grab pending interrupt if any */
357 __be64 qw1 = __raw_readq(xive_tima + TM_QW1_OS);
358 u8 pipr = be64_to_cpu(qw1) & 0xff;
361 pending |= 1 << pipr;
364 hirq = xive_vm_scan_interrupts(xc, pending, scan_poll);
366 /* Return interrupt and old CPPR in GPR4 */
367 vcpu->arch.regs.gpr[4] = hirq | (xc->cppr << 24);
372 static void xive_vm_push_pending_to_hw(struct kvmppc_xive_vcpu *xc)
376 pending = xc->pending;
377 if (xc->mfrr != 0xff) {
379 pending |= 1 << xc->mfrr;
385 prio = ffs(pending) - 1;
387 __raw_writeb(prio, xive_tima + TM_SPC_SET_OS_PENDING);
390 static void xive_vm_scan_for_rerouted_irqs(struct kvmppc_xive *xive,
391 struct kvmppc_xive_vcpu *xc)
395 /* For each priority that is now masked */
396 for (prio = xc->cppr; prio < KVMPPC_XIVE_Q_COUNT; prio++) {
397 struct xive_q *q = &xc->queues[prio];
398 struct kvmppc_xive_irq_state *state;
399 struct kvmppc_xive_src_block *sb;
400 u32 idx, toggle, entry, irq, hw_num;
401 struct xive_irq_data *xd;
407 qpage = READ_ONCE(q->qpage);
411 /* For each interrupt in the queue */
413 entry = be32_to_cpup(qpage + idx);
416 if ((entry >> 31) == toggle)
418 irq = entry & 0x7fffffff;
420 /* Skip dummies and IPIs */
421 if (irq == XICS_DUMMY || irq == XICS_IPI)
423 sb = kvmppc_xive_find_source(xive, irq, &src);
426 state = &sb->irq_state[src];
428 /* Has it been rerouted ? */
429 if (xc->server_num == state->act_server)
433 * Allright, it *has* been re-routed, kill it from
436 qpage[idx] = cpu_to_be32((entry & 0x80000000) | XICS_DUMMY);
438 /* Find the HW interrupt */
439 kvmppc_xive_select_irq(state, &hw_num, &xd);
441 /* If it's not an LSI, set PQ to 11 the EOI will force a resend */
442 if (!(xd->flags & XIVE_IRQ_FLAG_LSI))
443 xive_vm_esb_load(xd, XIVE_ESB_SET_PQ_11);
446 xive_vm_source_eoi(hw_num, xd);
449 idx = (idx + 1) & q->msk;
456 static int xive_vm_h_cppr(struct kvm_vcpu *vcpu, unsigned long cppr)
458 struct kvmppc_xive_vcpu *xc = vcpu->arch.xive_vcpu;
459 struct kvmppc_xive *xive = vcpu->kvm->arch.xive;
462 pr_devel("H_CPPR(cppr=%ld)\n", cppr);
464 xc->stat_vm_h_cppr++;
467 cppr = xive_prio_from_guest(cppr);
469 /* Remember old and update SW state */
474 * Order the above update of xc->cppr with the subsequent
475 * read of xc->mfrr inside push_pending_to_hw()
479 if (cppr > old_cppr) {
481 * We are masking less, we need to look for pending things
482 * to deliver and set VP pending bits accordingly to trigger
483 * a new interrupt otherwise we might miss MFRR changes for
484 * which we have optimized out sending an IPI signal.
486 xive_vm_push_pending_to_hw(xc);
489 * We are masking more, we need to check the queue for any
490 * interrupt that has been routed to another CPU, take
491 * it out (replace it with the dummy) and retrigger it.
493 * This is necessary since those interrupts may otherwise
494 * never be processed, at least not until this CPU restores
497 * This is in theory racy vs. HW adding new interrupts to
498 * the queue. In practice this works because the interesting
499 * cases are when the guest has done a set_xive() to move the
500 * interrupt away, which flushes the xive, followed by the
501 * target CPU doing a H_CPPR. So any new interrupt coming into
502 * the queue must still be routed to us and isn't a source
505 xive_vm_scan_for_rerouted_irqs(xive, xc);
510 __raw_writeb(cppr, xive_tima + TM_QW1_OS + TM_CPPR);
515 static int xive_vm_h_eoi(struct kvm_vcpu *vcpu, unsigned long xirr)
517 struct kvmppc_xive *xive = vcpu->kvm->arch.xive;
518 struct kvmppc_xive_src_block *sb;
519 struct kvmppc_xive_irq_state *state;
520 struct kvmppc_xive_vcpu *xc = vcpu->arch.xive_vcpu;
521 struct xive_irq_data *xd;
522 u8 new_cppr = xirr >> 24;
523 u32 irq = xirr & 0x00ffffff, hw_num;
527 pr_devel("H_EOI(xirr=%08lx)\n", xirr);
531 xc->cppr = xive_prio_from_guest(new_cppr);
534 * IPIs are synthetized from MFRR and thus don't need
535 * any special EOI handling. The underlying interrupt
536 * used to signal MFRR changes is EOId when fetched from
539 if (irq == XICS_IPI || irq == 0) {
541 * This barrier orders the setting of xc->cppr vs.
542 * subsequent test of xc->mfrr done inside
543 * scan_interrupts and push_pending_to_hw
549 /* Find interrupt source */
550 sb = kvmppc_xive_find_source(xive, irq, &src);
552 pr_devel(" source not found !\n");
558 state = &sb->irq_state[src];
559 kvmppc_xive_select_irq(state, &hw_num, &xd);
561 state->in_eoi = true;
564 * This barrier orders both setting of in_eoi above vs,
565 * subsequent test of guest_priority, and the setting
566 * of xc->cppr vs. subsequent test of xc->mfrr done inside
567 * scan_interrupts and push_pending_to_hw
572 if (state->guest_priority == MASKED) {
573 arch_spin_lock(&sb->lock);
574 if (state->guest_priority != MASKED) {
575 arch_spin_unlock(&sb->lock);
578 pr_devel(" EOI on saved P...\n");
580 /* Clear old_p, that will cause unmask to perform an EOI */
581 state->old_p = false;
583 arch_spin_unlock(&sb->lock);
585 pr_devel(" EOI on source...\n");
587 /* Perform EOI on the source */
588 xive_vm_source_eoi(hw_num, xd);
590 /* If it's an emulated LSI, check level and resend */
591 if (state->lsi && state->asserted)
592 __raw_writeq(0, __x_trig_page(xd));
597 * This barrier orders the above guest_priority check
598 * and spin_lock/unlock with clearing in_eoi below.
600 * It also has to be a full mb() as it must ensure
601 * the MMIOs done in source_eoi() are completed before
602 * state->in_eoi is visible.
605 state->in_eoi = false;
608 /* Re-evaluate pending IRQs and update HW */
609 xive_vm_scan_interrupts(xc, xc->pending, scan_eoi);
610 xive_vm_push_pending_to_hw(xc);
611 pr_devel(" after scan pending=%02x\n", xc->pending);
614 xc->hw_cppr = xc->cppr;
615 __raw_writeb(xc->cppr, xive_tima + TM_QW1_OS + TM_CPPR);
620 static int xive_vm_h_ipi(struct kvm_vcpu *vcpu, unsigned long server,
623 struct kvmppc_xive_vcpu *xc = vcpu->arch.xive_vcpu;
625 pr_devel("H_IPI(server=%08lx,mfrr=%ld)\n", server, mfrr);
630 vcpu = kvmppc_xive_find_server(vcpu->kvm, server);
633 xc = vcpu->arch.xive_vcpu;
635 /* Locklessly write over MFRR */
639 * The load of xc->cppr below and the subsequent MMIO store
640 * to the IPI must happen after the above mfrr update is
641 * globally visible so that:
643 * - Synchronize with another CPU doing an H_EOI or a H_CPPR
644 * updating xc->cppr then reading xc->mfrr.
646 * - The target of the IPI sees the xc->mfrr update
650 /* Shoot the IPI if most favored than target cppr */
652 __raw_writeq(0, __x_trig_page(&xc->vp_ipi_data));
658 * We leave a gap of a couple of interrupts in the queue to
659 * account for the IPI and additional safety guard.
663 static bool kvmppc_xive_vcpu_has_save_restore(struct kvm_vcpu *vcpu)
665 struct kvmppc_xive_vcpu *xc = vcpu->arch.xive_vcpu;
667 /* Check enablement at VP level */
668 return xc->vp_cam & TM_QW1W2_HO;
671 bool kvmppc_xive_check_save_restore(struct kvm_vcpu *vcpu)
673 struct kvmppc_xive_vcpu *xc = vcpu->arch.xive_vcpu;
674 struct kvmppc_xive *xive = xc->xive;
676 if (xive->flags & KVMPPC_XIVE_FLAG_SAVE_RESTORE)
677 return kvmppc_xive_vcpu_has_save_restore(vcpu);
683 * Push a vcpu's context to the XIVE on guest entry.
684 * This assumes we are in virtual mode (MMU on)
686 void kvmppc_xive_push_vcpu(struct kvm_vcpu *vcpu)
688 void __iomem *tima = local_paca->kvm_hstate.xive_tima_virt;
692 * Nothing to do if the platform doesn't have a XIVE
693 * or this vCPU doesn't have its own XIVE context
694 * (e.g. because it's not using an in-kernel interrupt controller).
696 if (!tima || !vcpu->arch.xive_cam_word)
700 if (!kvmppc_xive_vcpu_has_save_restore(vcpu))
701 __raw_writeq(vcpu->arch.xive_saved_state.w01, tima + TM_QW1_OS);
702 __raw_writel(vcpu->arch.xive_cam_word, tima + TM_QW1_OS + TM_WORD2);
703 vcpu->arch.xive_pushed = 1;
707 * We clear the irq_pending flag. There is a small chance of a
708 * race vs. the escalation interrupt happening on another
709 * processor setting it again, but the only consequence is to
710 * cause a spurious wakeup on the next H_CEDE, which is not an
713 vcpu->arch.irq_pending = 0;
716 * In single escalation mode, if the escalation interrupt is
719 if (vcpu->arch.xive_esc_on) {
720 pq = __raw_readq((void __iomem *)(vcpu->arch.xive_esc_vaddr +
721 XIVE_ESB_SET_PQ_01));
725 * We have a possible subtle race here: The escalation
726 * interrupt might have fired and be on its way to the
727 * host queue while we mask it, and if we unmask it
728 * early enough (re-cede right away), there is a
729 * theoretical possibility that it fires again, thus
730 * landing in the target queue more than once which is
733 * Fortunately, solving this is rather easy. If the
734 * above load setting PQ to 01 returns a previous
735 * value where P is set, then we know the escalation
736 * interrupt is somewhere on its way to the host. In
737 * that case we simply don't clear the xive_esc_on
738 * flag below. It will be eventually cleared by the
739 * handler for the escalation interrupt.
741 * Then, when doing a cede, we check that flag again
742 * before re-enabling the escalation interrupt, and if
743 * set, we abort the cede.
745 if (!(pq & XIVE_ESB_VAL_P))
746 /* Now P is 0, we can clear the flag */
747 vcpu->arch.xive_esc_on = 0;
750 EXPORT_SYMBOL_GPL(kvmppc_xive_push_vcpu);
753 * Pull a vcpu's context from the XIVE on guest exit.
754 * This assumes we are in virtual mode (MMU on)
756 void kvmppc_xive_pull_vcpu(struct kvm_vcpu *vcpu)
758 void __iomem *tima = local_paca->kvm_hstate.xive_tima_virt;
760 if (!vcpu->arch.xive_pushed)
764 * Should not have been pushed if there is no tima
770 /* First load to pull the context, we ignore the value */
771 __raw_readl(tima + TM_SPC_PULL_OS_CTX);
772 /* Second load to recover the context state (Words 0 and 1) */
773 if (!kvmppc_xive_vcpu_has_save_restore(vcpu))
774 vcpu->arch.xive_saved_state.w01 = __raw_readq(tima + TM_QW1_OS);
776 /* Fixup some of the state for the next load */
777 vcpu->arch.xive_saved_state.lsmfb = 0;
778 vcpu->arch.xive_saved_state.ack = 0xff;
779 vcpu->arch.xive_pushed = 0;
782 EXPORT_SYMBOL_GPL(kvmppc_xive_pull_vcpu);
784 bool kvmppc_xive_rearm_escalation(struct kvm_vcpu *vcpu)
786 void __iomem *esc_vaddr = (void __iomem *)vcpu->arch.xive_esc_vaddr;
792 /* we are using XIVE with single escalation */
794 if (vcpu->arch.xive_esc_on) {
796 * If we still have a pending escalation, abort the cede,
797 * and we must set PQ to 10 rather than 00 so that we don't
798 * potentially end up with two entries for the escalation
799 * interrupt in the XIVE interrupt queue. In that case
800 * we also don't want to set xive_esc_on to 1 here in
801 * case we race with xive_esc_irq().
805 * The escalation interrupts are special as we don't EOI them.
806 * There is no need to use the load-after-store ordering offset
807 * to set PQ to 10 as we won't use StoreEOI.
809 __raw_readq(esc_vaddr + XIVE_ESB_SET_PQ_10);
811 vcpu->arch.xive_esc_on = true;
813 __raw_readq(esc_vaddr + XIVE_ESB_SET_PQ_00);
819 EXPORT_SYMBOL_GPL(kvmppc_xive_rearm_escalation);
822 * This is a simple trigger for a generic XIVE IRQ. This must
823 * only be called for interrupts that support a trigger page
825 static bool xive_irq_trigger(struct xive_irq_data *xd)
827 /* This should be only for MSIs */
828 if (WARN_ON(xd->flags & XIVE_IRQ_FLAG_LSI))
831 /* Those interrupts should always have a trigger page */
832 if (WARN_ON(!xd->trig_mmio))
835 out_be64(xd->trig_mmio, 0);
840 static irqreturn_t xive_esc_irq(int irq, void *data)
842 struct kvm_vcpu *vcpu = data;
844 vcpu->arch.irq_pending = 1;
846 if (vcpu->arch.ceded || vcpu->arch.nested)
847 kvmppc_fast_vcpu_kick(vcpu);
849 /* Since we have the no-EOI flag, the interrupt is effectively
850 * disabled now. Clearing xive_esc_on means we won't bother
851 * doing so on the next entry.
853 * This also allows the entry code to know that if a PQ combination
854 * of 10 is observed while xive_esc_on is true, it means the queue
855 * contains an unprocessed escalation interrupt. We don't make use of
856 * that knowledge today but might (see comment in book3s_hv_rmhandler.S)
858 vcpu->arch.xive_esc_on = false;
860 /* This orders xive_esc_on = false vs. subsequent stale_p = true */
861 smp_wmb(); /* goes with smp_mb() in cleanup_single_escalation */
866 int kvmppc_xive_attach_escalation(struct kvm_vcpu *vcpu, u8 prio,
867 bool single_escalation)
869 struct kvmppc_xive_vcpu *xc = vcpu->arch.xive_vcpu;
870 struct xive_q *q = &xc->queues[prio];
874 /* Already there ? */
875 if (xc->esc_virq[prio])
878 /* Hook up the escalation interrupt */
879 xc->esc_virq[prio] = irq_create_mapping(NULL, q->esc_irq);
880 if (!xc->esc_virq[prio]) {
881 pr_err("Failed to map escalation interrupt for queue %d of VCPU %d\n",
882 prio, xc->server_num);
886 if (single_escalation)
887 name = kasprintf(GFP_KERNEL, "kvm-%d-%d",
888 vcpu->kvm->arch.lpid, xc->server_num);
890 name = kasprintf(GFP_KERNEL, "kvm-%d-%d-%d",
891 vcpu->kvm->arch.lpid, xc->server_num, prio);
893 pr_err("Failed to allocate escalation irq name for queue %d of VCPU %d\n",
894 prio, xc->server_num);
899 pr_devel("Escalation %s irq %d (prio %d)\n", name, xc->esc_virq[prio], prio);
901 rc = request_irq(xc->esc_virq[prio], xive_esc_irq,
902 IRQF_NO_THREAD, name, vcpu);
904 pr_err("Failed to request escalation interrupt for queue %d of VCPU %d\n",
905 prio, xc->server_num);
908 xc->esc_virq_names[prio] = name;
910 /* In single escalation mode, we grab the ESB MMIO of the
911 * interrupt and mask it. Also populate the VCPU v/raddr
912 * of the ESB page for use by asm entry/exit code. Finally
913 * set the XIVE_IRQ_FLAG_NO_EOI flag which will prevent the
914 * core code from performing an EOI on the escalation
915 * interrupt, thus leaving it effectively masked after
918 if (single_escalation) {
919 struct irq_data *d = irq_get_irq_data(xc->esc_virq[prio]);
920 struct xive_irq_data *xd = irq_data_get_irq_handler_data(d);
922 xive_vm_esb_load(xd, XIVE_ESB_SET_PQ_01);
923 vcpu->arch.xive_esc_raddr = xd->eoi_page;
924 vcpu->arch.xive_esc_vaddr = (__force u64)xd->eoi_mmio;
925 xd->flags |= XIVE_IRQ_FLAG_NO_EOI;
930 irq_dispose_mapping(xc->esc_virq[prio]);
931 xc->esc_virq[prio] = 0;
936 static int xive_provision_queue(struct kvm_vcpu *vcpu, u8 prio)
938 struct kvmppc_xive_vcpu *xc = vcpu->arch.xive_vcpu;
939 struct kvmppc_xive *xive = xc->xive;
940 struct xive_q *q = &xc->queues[prio];
944 if (WARN_ON(q->qpage))
947 /* Allocate the queue and retrieve infos on current node for now */
948 qpage = (__be32 *)__get_free_pages(GFP_KERNEL, xive->q_page_order);
950 pr_err("Failed to allocate queue %d for VCPU %d\n",
951 prio, xc->server_num);
954 memset(qpage, 0, 1 << xive->q_order);
957 * Reconfigure the queue. This will set q->qpage only once the
958 * queue is fully configured. This is a requirement for prio 0
959 * as we will stop doing EOIs for every IPI as soon as we observe
960 * qpage being non-NULL, and instead will only EOI when we receive
961 * corresponding queue 0 entries
963 rc = xive_native_configure_queue(xc->vp_id, q, prio, qpage,
964 xive->q_order, true);
966 pr_err("Failed to configure queue %d for VCPU %d\n",
967 prio, xc->server_num);
971 /* Called with xive->lock held */
972 static int xive_check_provisioning(struct kvm *kvm, u8 prio)
974 struct kvmppc_xive *xive = kvm->arch.xive;
975 struct kvm_vcpu *vcpu;
979 lockdep_assert_held(&xive->lock);
981 /* Already provisioned ? */
982 if (xive->qmap & (1 << prio))
985 pr_devel("Provisioning prio... %d\n", prio);
987 /* Provision each VCPU and enable escalations if needed */
988 kvm_for_each_vcpu(i, vcpu, kvm) {
989 if (!vcpu->arch.xive_vcpu)
991 rc = xive_provision_queue(vcpu, prio);
992 if (rc == 0 && !kvmppc_xive_has_single_escalation(xive))
993 kvmppc_xive_attach_escalation(vcpu, prio,
994 kvmppc_xive_has_single_escalation(xive));
999 /* Order previous stores and mark it as provisioned */
1001 xive->qmap |= (1 << prio);
1005 static void xive_inc_q_pending(struct kvm *kvm, u32 server, u8 prio)
1007 struct kvm_vcpu *vcpu;
1008 struct kvmppc_xive_vcpu *xc;
1011 /* Locate target server */
1012 vcpu = kvmppc_xive_find_server(kvm, server);
1014 pr_warn("%s: Can't find server %d\n", __func__, server);
1017 xc = vcpu->arch.xive_vcpu;
1021 q = &xc->queues[prio];
1022 atomic_inc(&q->pending_count);
1025 static int xive_try_pick_queue(struct kvm_vcpu *vcpu, u8 prio)
1027 struct kvmppc_xive_vcpu *xc = vcpu->arch.xive_vcpu;
1036 q = &xc->queues[prio];
1037 if (WARN_ON(!q->qpage))
1040 /* Calculate max number of interrupts in that queue. */
1041 max = (q->msk + 1) - XIVE_Q_GAP;
1042 return atomic_add_unless(&q->count, 1, max) ? 0 : -EBUSY;
1045 int kvmppc_xive_select_target(struct kvm *kvm, u32 *server, u8 prio)
1047 struct kvm_vcpu *vcpu;
1051 /* Locate target server */
1052 vcpu = kvmppc_xive_find_server(kvm, *server);
1054 pr_devel("Can't find server %d\n", *server);
1058 pr_devel("Finding irq target on 0x%x/%d...\n", *server, prio);
1061 rc = xive_try_pick_queue(vcpu, prio);
1065 pr_devel(" .. failed, looking up candidate...\n");
1067 /* Failed, pick another VCPU */
1068 kvm_for_each_vcpu(i, vcpu, kvm) {
1069 if (!vcpu->arch.xive_vcpu)
1071 rc = xive_try_pick_queue(vcpu, prio);
1073 *server = vcpu->arch.xive_vcpu->server_num;
1074 pr_devel(" found on 0x%x/%d\n", *server, prio);
1078 pr_devel(" no available target !\n");
1080 /* No available target ! */
1084 static u8 xive_lock_and_mask(struct kvmppc_xive *xive,
1085 struct kvmppc_xive_src_block *sb,
1086 struct kvmppc_xive_irq_state *state)
1088 struct xive_irq_data *xd;
1094 * Take the lock, set masked, try again if racing
1098 arch_spin_lock(&sb->lock);
1099 old_prio = state->guest_priority;
1100 state->guest_priority = MASKED;
1104 state->guest_priority = old_prio;
1105 arch_spin_unlock(&sb->lock);
1108 /* No change ? Bail */
1109 if (old_prio == MASKED)
1112 /* Get the right irq */
1113 kvmppc_xive_select_irq(state, &hw_num, &xd);
1115 /* Set PQ to 10, return old P and old Q and remember them */
1116 val = xive_vm_esb_load(xd, XIVE_ESB_SET_PQ_10);
1117 state->old_p = !!(val & 2);
1118 state->old_q = !!(val & 1);
1121 * Synchronize hardware to sensure the queues are updated when
1124 xive_native_sync_source(hw_num);
1129 static void xive_lock_for_unmask(struct kvmppc_xive_src_block *sb,
1130 struct kvmppc_xive_irq_state *state)
1133 * Take the lock try again if racing with H_EOI
1136 arch_spin_lock(&sb->lock);
1139 arch_spin_unlock(&sb->lock);
1143 static void xive_finish_unmask(struct kvmppc_xive *xive,
1144 struct kvmppc_xive_src_block *sb,
1145 struct kvmppc_xive_irq_state *state,
1148 struct xive_irq_data *xd;
1151 /* If we aren't changing a thing, move on */
1152 if (state->guest_priority != MASKED)
1155 /* Get the right irq */
1156 kvmppc_xive_select_irq(state, &hw_num, &xd);
1158 /* Old Q set, set PQ to 11 */
1160 xive_vm_esb_load(xd, XIVE_ESB_SET_PQ_11);
1163 * If not old P, then perform an "effective" EOI,
1164 * on the source. This will handle the cases where
1168 xive_vm_source_eoi(hw_num, xd);
1170 /* Synchronize ordering and mark unmasked */
1173 state->guest_priority = prio;
1177 * Target an interrupt to a given server/prio, this will fallback
1178 * to another server if necessary and perform the HW targetting
1181 * NOTE: Must be called with the state lock held
1183 static int xive_target_interrupt(struct kvm *kvm,
1184 struct kvmppc_xive_irq_state *state,
1185 u32 server, u8 prio)
1187 struct kvmppc_xive *xive = kvm->arch.xive;
1192 * This will return a tentative server and actual
1193 * priority. The count for that new target will have
1194 * already been incremented.
1196 rc = kvmppc_xive_select_target(kvm, &server, prio);
1199 * We failed to find a target ? Not much we can do
1200 * at least until we support the GIQ.
1206 * Increment the old queue pending count if there
1207 * was one so that the old queue count gets adjusted later
1208 * when observed to be empty.
1210 if (state->act_priority != MASKED)
1211 xive_inc_q_pending(kvm,
1213 state->act_priority);
1215 * Update state and HW
1217 state->act_priority = prio;
1218 state->act_server = server;
1220 /* Get the right irq */
1221 kvmppc_xive_select_irq(state, &hw_num, NULL);
1223 return xive_native_configure_irq(hw_num,
1224 kvmppc_xive_vp(xive, server),
1225 prio, state->number);
1229 * Targetting rules: In order to avoid losing track of
1230 * pending interrupts across mask and unmask, which would
1231 * allow queue overflows, we implement the following rules:
1233 * - Unless it was never enabled (or we run out of capacity)
1234 * an interrupt is always targetted at a valid server/queue
1235 * pair even when "masked" by the guest. This pair tends to
1236 * be the last one used but it can be changed under some
1237 * circumstances. That allows us to separate targetting
1238 * from masking, we only handle accounting during (re)targetting,
1239 * this also allows us to let an interrupt drain into its target
1240 * queue after masking, avoiding complex schemes to remove
1241 * interrupts out of remote processor queues.
1243 * - When masking, we set PQ to 10 and save the previous value
1246 * - When unmasking, if saved Q was set, we set PQ to 11
1247 * otherwise we leave PQ to the HW state which will be either
1248 * 10 if nothing happened or 11 if the interrupt fired while
1249 * masked. Effectively we are OR'ing the previous Q into the
1252 * Then if saved P is clear, we do an effective EOI (Q->P->Trigger)
1253 * which will unmask the interrupt and shoot a new one if Q was
1256 * Otherwise (saved P is set) we leave PQ unchanged (so 10 or 11,
1257 * effectively meaning an H_EOI from the guest is still expected
1258 * for that interrupt).
1260 * - If H_EOI occurs while masked, we clear the saved P.
1262 * - When changing target, we account on the new target and
1263 * increment a separate "pending" counter on the old one.
1264 * This pending counter will be used to decrement the old
1265 * target's count when its queue has been observed empty.
1268 int kvmppc_xive_set_xive(struct kvm *kvm, u32 irq, u32 server,
1271 struct kvmppc_xive *xive = kvm->arch.xive;
1272 struct kvmppc_xive_src_block *sb;
1273 struct kvmppc_xive_irq_state *state;
1281 pr_devel("set_xive ! irq 0x%x server 0x%x prio %d\n",
1282 irq, server, priority);
1284 /* First, check provisioning of queues */
1285 if (priority != MASKED) {
1286 mutex_lock(&xive->lock);
1287 rc = xive_check_provisioning(xive->kvm,
1288 xive_prio_from_guest(priority));
1289 mutex_unlock(&xive->lock);
1292 pr_devel(" provisioning failure %d !\n", rc);
1296 sb = kvmppc_xive_find_source(xive, irq, &idx);
1299 state = &sb->irq_state[idx];
1302 * We first handle masking/unmasking since the locking
1303 * might need to be retried due to EOIs, we'll handle
1304 * targetting changes later. These functions will return
1305 * with the SB lock held.
1307 * xive_lock_and_mask() will also set state->guest_priority
1308 * but won't otherwise change other fields of the state.
1310 * xive_lock_for_unmask will not actually unmask, this will
1311 * be done later by xive_finish_unmask() once the targetting
1312 * has been done, so we don't try to unmask an interrupt
1313 * that hasn't yet been targetted.
1315 if (priority == MASKED)
1316 xive_lock_and_mask(xive, sb, state);
1318 xive_lock_for_unmask(sb, state);
1322 * Then we handle targetting.
1324 * First calculate a new "actual priority"
1326 new_act_prio = state->act_priority;
1327 if (priority != MASKED)
1328 new_act_prio = xive_prio_from_guest(priority);
1330 pr_devel(" new_act_prio=%x act_server=%x act_prio=%x\n",
1331 new_act_prio, state->act_server, state->act_priority);
1334 * Then check if we actually need to change anything,
1336 * The condition for re-targetting the interrupt is that
1337 * we have a valid new priority (new_act_prio is not 0xff)
1338 * and either the server or the priority changed.
1340 * Note: If act_priority was ff and the new priority is
1341 * also ff, we don't do anything and leave the interrupt
1342 * untargetted. An attempt of doing an int_on on an
1343 * untargetted interrupt will fail. If that is a problem
1344 * we could initialize interrupts with valid default
1347 if (new_act_prio != MASKED &&
1348 (state->act_server != server ||
1349 state->act_priority != new_act_prio))
1350 rc = xive_target_interrupt(kvm, state, server, new_act_prio);
1353 * Perform the final unmasking of the interrupt source
1356 if (priority != MASKED)
1357 xive_finish_unmask(xive, sb, state, priority);
1360 * Finally Update saved_priority to match. Only int_on/off
1361 * set this field to a different value.
1363 state->saved_priority = priority;
1365 arch_spin_unlock(&sb->lock);
1369 int kvmppc_xive_get_xive(struct kvm *kvm, u32 irq, u32 *server,
1372 struct kvmppc_xive *xive = kvm->arch.xive;
1373 struct kvmppc_xive_src_block *sb;
1374 struct kvmppc_xive_irq_state *state;
1380 sb = kvmppc_xive_find_source(xive, irq, &idx);
1383 state = &sb->irq_state[idx];
1384 arch_spin_lock(&sb->lock);
1385 *server = state->act_server;
1386 *priority = state->guest_priority;
1387 arch_spin_unlock(&sb->lock);
1392 int kvmppc_xive_int_on(struct kvm *kvm, u32 irq)
1394 struct kvmppc_xive *xive = kvm->arch.xive;
1395 struct kvmppc_xive_src_block *sb;
1396 struct kvmppc_xive_irq_state *state;
1402 sb = kvmppc_xive_find_source(xive, irq, &idx);
1405 state = &sb->irq_state[idx];
1407 pr_devel("int_on(irq=0x%x)\n", irq);
1410 * Check if interrupt was not targetted
1412 if (state->act_priority == MASKED) {
1413 pr_devel("int_on on untargetted interrupt\n");
1417 /* If saved_priority is 0xff, do nothing */
1418 if (state->saved_priority == MASKED)
1422 * Lock and unmask it.
1424 xive_lock_for_unmask(sb, state);
1425 xive_finish_unmask(xive, sb, state, state->saved_priority);
1426 arch_spin_unlock(&sb->lock);
1431 int kvmppc_xive_int_off(struct kvm *kvm, u32 irq)
1433 struct kvmppc_xive *xive = kvm->arch.xive;
1434 struct kvmppc_xive_src_block *sb;
1435 struct kvmppc_xive_irq_state *state;
1441 sb = kvmppc_xive_find_source(xive, irq, &idx);
1444 state = &sb->irq_state[idx];
1446 pr_devel("int_off(irq=0x%x)\n", irq);
1451 state->saved_priority = xive_lock_and_mask(xive, sb, state);
1452 arch_spin_unlock(&sb->lock);
1457 static bool xive_restore_pending_irq(struct kvmppc_xive *xive, u32 irq)
1459 struct kvmppc_xive_src_block *sb;
1460 struct kvmppc_xive_irq_state *state;
1463 sb = kvmppc_xive_find_source(xive, irq, &idx);
1466 state = &sb->irq_state[idx];
1471 * Trigger the IPI. This assumes we never restore a pass-through
1472 * interrupt which should be safe enough
1474 xive_irq_trigger(&state->ipi_data);
1479 u64 kvmppc_xive_get_icp(struct kvm_vcpu *vcpu)
1481 struct kvmppc_xive_vcpu *xc = vcpu->arch.xive_vcpu;
1486 /* Return the per-cpu state for state saving/migration */
1487 return (u64)xc->cppr << KVM_REG_PPC_ICP_CPPR_SHIFT |
1488 (u64)xc->mfrr << KVM_REG_PPC_ICP_MFRR_SHIFT |
1489 (u64)0xff << KVM_REG_PPC_ICP_PPRI_SHIFT;
1492 int kvmppc_xive_set_icp(struct kvm_vcpu *vcpu, u64 icpval)
1494 struct kvmppc_xive_vcpu *xc = vcpu->arch.xive_vcpu;
1495 struct kvmppc_xive *xive = vcpu->kvm->arch.xive;
1502 /* Grab individual state fields. We don't use pending_pri */
1503 cppr = icpval >> KVM_REG_PPC_ICP_CPPR_SHIFT;
1504 xisr = (icpval >> KVM_REG_PPC_ICP_XISR_SHIFT) &
1505 KVM_REG_PPC_ICP_XISR_MASK;
1506 mfrr = icpval >> KVM_REG_PPC_ICP_MFRR_SHIFT;
1508 pr_devel("set_icp vcpu %d cppr=0x%x mfrr=0x%x xisr=0x%x\n",
1509 xc->server_num, cppr, mfrr, xisr);
1512 * We can't update the state of a "pushed" VCPU, but that
1513 * shouldn't happen because the vcpu->mutex makes running a
1514 * vcpu mutually exclusive with doing one_reg get/set on it.
1516 if (WARN_ON(vcpu->arch.xive_pushed))
1519 /* Update VCPU HW saved state */
1520 vcpu->arch.xive_saved_state.cppr = cppr;
1521 xc->hw_cppr = xc->cppr = cppr;
1524 * Update MFRR state. If it's not 0xff, we mark the VCPU as
1525 * having a pending MFRR change, which will re-evaluate the
1526 * target. The VCPU will thus potentially get a spurious
1527 * interrupt but that's not a big deal.
1531 xive_irq_trigger(&xc->vp_ipi_data);
1534 * Now saved XIRR is "interesting". It means there's something in
1535 * the legacy "1 element" queue... for an IPI we simply ignore it,
1536 * as the MFRR restore will handle that. For anything else we need
1537 * to force a resend of the source.
1538 * However the source may not have been setup yet. If that's the
1539 * case, we keep that info and increment a counter in the xive to
1540 * tell subsequent xive_set_source() to go look.
1542 if (xisr > XICS_IPI && !xive_restore_pending_irq(xive, xisr)) {
1543 xc->delayed_irq = xisr;
1544 xive->delayed_irqs++;
1545 pr_devel(" xisr restore delayed\n");
1551 int kvmppc_xive_set_mapped(struct kvm *kvm, unsigned long guest_irq,
1552 unsigned long host_irq)
1554 struct kvmppc_xive *xive = kvm->arch.xive;
1555 struct kvmppc_xive_src_block *sb;
1556 struct kvmppc_xive_irq_state *state;
1557 struct irq_data *host_data =
1558 irq_domain_get_irq_data(irq_get_default_host(), host_irq);
1559 unsigned int hw_irq = (unsigned int)irqd_to_hwirq(host_data);
1567 pr_debug("%s: GIRQ 0x%lx host IRQ %ld XIVE HW IRQ 0x%x\n",
1568 __func__, guest_irq, host_irq, hw_irq);
1570 sb = kvmppc_xive_find_source(xive, guest_irq, &idx);
1573 state = &sb->irq_state[idx];
1576 * Mark the passed-through interrupt as going to a VCPU,
1577 * this will prevent further EOIs and similar operations
1578 * from the XIVE code. It will also mask the interrupt
1579 * to either PQ=10 or 11 state, the latter if the interrupt
1580 * is pending. This will allow us to unmask or retrigger it
1581 * after routing it to the guest with a simple EOI.
1583 * The "state" argument is a "token", all it needs is to be
1584 * non-NULL to switch to passed-through or NULL for the
1585 * other way around. We may not yet have an actual VCPU
1586 * target here and we don't really care.
1588 rc = irq_set_vcpu_affinity(host_irq, state);
1590 pr_err("Failed to set VCPU affinity for host IRQ %ld\n", host_irq);
1595 * Mask and read state of IPI. We need to know if its P bit
1596 * is set as that means it's potentially already using a
1597 * queue entry in the target
1599 prio = xive_lock_and_mask(xive, sb, state);
1600 pr_devel(" old IPI prio %02x P:%d Q:%d\n", prio,
1601 state->old_p, state->old_q);
1603 /* Turn the IPI hard off */
1604 xive_vm_esb_load(&state->ipi_data, XIVE_ESB_SET_PQ_01);
1607 * Reset ESB guest mapping. Needed when ESB pages are exposed
1608 * to the guest in XIVE native mode
1610 if (xive->ops && xive->ops->reset_mapped)
1611 xive->ops->reset_mapped(kvm, guest_irq);
1613 /* Grab info about irq */
1614 state->pt_number = hw_irq;
1615 state->pt_data = irq_data_get_irq_handler_data(host_data);
1618 * Configure the IRQ to match the existing configuration of
1619 * the IPI if it was already targetted. Otherwise this will
1620 * mask the interrupt in a lossy way (act_priority is 0xff)
1621 * which is fine for a never started interrupt.
1623 xive_native_configure_irq(hw_irq,
1624 kvmppc_xive_vp(xive, state->act_server),
1625 state->act_priority, state->number);
1628 * We do an EOI to enable the interrupt (and retrigger if needed)
1629 * if the guest has the interrupt unmasked and the P bit was *not*
1630 * set in the IPI. If it was set, we know a slot may still be in
1631 * use in the target queue thus we have to wait for a guest
1634 if (prio != MASKED && !state->old_p)
1635 xive_vm_source_eoi(hw_irq, state->pt_data);
1637 /* Clear old_p/old_q as they are no longer relevant */
1638 state->old_p = state->old_q = false;
1640 /* Restore guest prio (unlocks EOI) */
1642 state->guest_priority = prio;
1643 arch_spin_unlock(&sb->lock);
1647 EXPORT_SYMBOL_GPL(kvmppc_xive_set_mapped);
1649 int kvmppc_xive_clr_mapped(struct kvm *kvm, unsigned long guest_irq,
1650 unsigned long host_irq)
1652 struct kvmppc_xive *xive = kvm->arch.xive;
1653 struct kvmppc_xive_src_block *sb;
1654 struct kvmppc_xive_irq_state *state;
1662 pr_debug("%s: GIRQ 0x%lx host IRQ %ld\n", __func__, guest_irq, host_irq);
1664 sb = kvmppc_xive_find_source(xive, guest_irq, &idx);
1667 state = &sb->irq_state[idx];
1670 * Mask and read state of IRQ. We need to know if its P bit
1671 * is set as that means it's potentially already using a
1672 * queue entry in the target
1674 prio = xive_lock_and_mask(xive, sb, state);
1675 pr_devel(" old IRQ prio %02x P:%d Q:%d\n", prio,
1676 state->old_p, state->old_q);
1679 * If old_p is set, the interrupt is pending, we switch it to
1680 * PQ=11. This will force a resend in the host so the interrupt
1681 * isn't lost to whatever host driver may pick it up
1684 xive_vm_esb_load(state->pt_data, XIVE_ESB_SET_PQ_11);
1686 /* Release the passed-through interrupt to the host */
1687 rc = irq_set_vcpu_affinity(host_irq, NULL);
1689 pr_err("Failed to clr VCPU affinity for host IRQ %ld\n", host_irq);
1693 /* Forget about the IRQ */
1694 state->pt_number = 0;
1695 state->pt_data = NULL;
1698 * Reset ESB guest mapping. Needed when ESB pages are exposed
1699 * to the guest in XIVE native mode
1701 if (xive->ops && xive->ops->reset_mapped) {
1702 xive->ops->reset_mapped(kvm, guest_irq);
1705 /* Reconfigure the IPI */
1706 xive_native_configure_irq(state->ipi_number,
1707 kvmppc_xive_vp(xive, state->act_server),
1708 state->act_priority, state->number);
1711 * If old_p is set (we have a queue entry potentially
1712 * occupied) or the interrupt is masked, we set the IPI
1713 * to PQ=10 state. Otherwise we just re-enable it (PQ=00).
1715 if (prio == MASKED || state->old_p)
1716 xive_vm_esb_load(&state->ipi_data, XIVE_ESB_SET_PQ_10);
1718 xive_vm_esb_load(&state->ipi_data, XIVE_ESB_SET_PQ_00);
1720 /* Restore guest prio (unlocks EOI) */
1722 state->guest_priority = prio;
1723 arch_spin_unlock(&sb->lock);
1727 EXPORT_SYMBOL_GPL(kvmppc_xive_clr_mapped);
1729 void kvmppc_xive_disable_vcpu_interrupts(struct kvm_vcpu *vcpu)
1731 struct kvmppc_xive_vcpu *xc = vcpu->arch.xive_vcpu;
1732 struct kvm *kvm = vcpu->kvm;
1733 struct kvmppc_xive *xive = kvm->arch.xive;
1736 for (i = 0; i <= xive->max_sbid; i++) {
1737 struct kvmppc_xive_src_block *sb = xive->src_blocks[i];
1741 for (j = 0; j < KVMPPC_XICS_IRQ_PER_ICS; j++) {
1742 struct kvmppc_xive_irq_state *state = &sb->irq_state[j];
1746 if (state->act_priority == MASKED)
1748 if (state->act_server != xc->server_num)
1752 arch_spin_lock(&sb->lock);
1753 state->act_priority = MASKED;
1754 xive_vm_esb_load(&state->ipi_data, XIVE_ESB_SET_PQ_01);
1755 xive_native_configure_irq(state->ipi_number, 0, MASKED, 0);
1756 if (state->pt_number) {
1757 xive_vm_esb_load(state->pt_data, XIVE_ESB_SET_PQ_01);
1758 xive_native_configure_irq(state->pt_number, 0, MASKED, 0);
1760 arch_spin_unlock(&sb->lock);
1764 /* Disable vcpu's escalation interrupt */
1765 if (vcpu->arch.xive_esc_on) {
1766 __raw_readq((void __iomem *)(vcpu->arch.xive_esc_vaddr +
1767 XIVE_ESB_SET_PQ_01));
1768 vcpu->arch.xive_esc_on = false;
1772 * Clear pointers to escalation interrupt ESB.
1773 * This is safe because the vcpu->mutex is held, preventing
1774 * any other CPU from concurrently executing a KVM_RUN ioctl.
1776 vcpu->arch.xive_esc_vaddr = 0;
1777 vcpu->arch.xive_esc_raddr = 0;
1781 * In single escalation mode, the escalation interrupt is marked so
1782 * that EOI doesn't re-enable it, but just sets the stale_p flag to
1783 * indicate that the P bit has already been dealt with. However, the
1784 * assembly code that enters the guest sets PQ to 00 without clearing
1785 * stale_p (because it has no easy way to address it). Hence we have
1786 * to adjust stale_p before shutting down the interrupt.
1788 void xive_cleanup_single_escalation(struct kvm_vcpu *vcpu, int irq)
1790 struct irq_data *d = irq_get_irq_data(irq);
1791 struct xive_irq_data *xd = irq_data_get_irq_handler_data(d);
1794 * This slightly odd sequence gives the right result
1795 * (i.e. stale_p set if xive_esc_on is false) even if
1796 * we race with xive_esc_irq() and xive_irq_eoi().
1798 xd->stale_p = false;
1799 smp_mb(); /* paired with smb_wmb in xive_esc_irq */
1800 if (!vcpu->arch.xive_esc_on)
1804 void kvmppc_xive_cleanup_vcpu(struct kvm_vcpu *vcpu)
1806 struct kvmppc_xive_vcpu *xc = vcpu->arch.xive_vcpu;
1807 struct kvmppc_xive *xive = vcpu->kvm->arch.xive;
1810 if (!kvmppc_xics_enabled(vcpu))
1816 pr_devel("cleanup_vcpu(cpu=%d)\n", xc->server_num);
1818 /* Ensure no interrupt is still routed to that VP */
1820 kvmppc_xive_disable_vcpu_interrupts(vcpu);
1822 /* Mask the VP IPI */
1823 xive_vm_esb_load(&xc->vp_ipi_data, XIVE_ESB_SET_PQ_01);
1825 /* Free escalations */
1826 for (i = 0; i < KVMPPC_XIVE_Q_COUNT; i++) {
1827 if (xc->esc_virq[i]) {
1828 if (kvmppc_xive_has_single_escalation(xc->xive))
1829 xive_cleanup_single_escalation(vcpu, xc->esc_virq[i]);
1830 free_irq(xc->esc_virq[i], vcpu);
1831 irq_dispose_mapping(xc->esc_virq[i]);
1832 kfree(xc->esc_virq_names[i]);
1836 /* Disable the VP */
1837 xive_native_disable_vp(xc->vp_id);
1839 /* Clear the cam word so guest entry won't try to push context */
1840 vcpu->arch.xive_cam_word = 0;
1842 /* Free the queues */
1843 for (i = 0; i < KVMPPC_XIVE_Q_COUNT; i++) {
1844 struct xive_q *q = &xc->queues[i];
1846 xive_native_disable_queue(xc->vp_id, q, i);
1848 free_pages((unsigned long)q->qpage,
1849 xive->q_page_order);
1856 xive_cleanup_irq_data(&xc->vp_ipi_data);
1857 xive_native_free_irq(xc->vp_ipi);
1862 /* Cleanup the vcpu */
1863 vcpu->arch.irq_type = KVMPPC_IRQ_DEFAULT;
1864 vcpu->arch.xive_vcpu = NULL;
1867 static bool kvmppc_xive_vcpu_id_valid(struct kvmppc_xive *xive, u32 cpu)
1869 /* We have a block of xive->nr_servers VPs. We just need to check
1870 * packed vCPU ids are below that.
1872 return kvmppc_pack_vcpu_id(xive->kvm, cpu) < xive->nr_servers;
1875 int kvmppc_xive_compute_vp_id(struct kvmppc_xive *xive, u32 cpu, u32 *vp)
1879 if (!kvmppc_xive_vcpu_id_valid(xive, cpu)) {
1880 pr_devel("Out of bounds !\n");
1884 if (xive->vp_base == XIVE_INVALID_VP) {
1885 xive->vp_base = xive_native_alloc_vp_block(xive->nr_servers);
1886 pr_devel("VP_Base=%x nr_servers=%d\n", xive->vp_base, xive->nr_servers);
1888 if (xive->vp_base == XIVE_INVALID_VP)
1892 vp_id = kvmppc_xive_vp(xive, cpu);
1893 if (kvmppc_xive_vp_in_use(xive->kvm, vp_id)) {
1894 pr_devel("Duplicate !\n");
1903 int kvmppc_xive_connect_vcpu(struct kvm_device *dev,
1904 struct kvm_vcpu *vcpu, u32 cpu)
1906 struct kvmppc_xive *xive = dev->private;
1907 struct kvmppc_xive_vcpu *xc;
1911 pr_devel("connect_vcpu(cpu=%d)\n", cpu);
1913 if (dev->ops != &kvm_xive_ops) {
1914 pr_devel("Wrong ops !\n");
1917 if (xive->kvm != vcpu->kvm)
1919 if (vcpu->arch.irq_type != KVMPPC_IRQ_DEFAULT)
1922 /* We need to synchronize with queue provisioning */
1923 mutex_lock(&xive->lock);
1925 r = kvmppc_xive_compute_vp_id(xive, cpu, &vp_id);
1929 xc = kzalloc(sizeof(*xc), GFP_KERNEL);
1935 vcpu->arch.xive_vcpu = xc;
1938 xc->server_num = cpu;
1943 r = xive_native_get_vp_info(xc->vp_id, &xc->vp_cam, &xc->vp_chip_id);
1947 if (!kvmppc_xive_check_save_restore(vcpu)) {
1948 pr_err("inconsistent save-restore setup for VCPU %d\n", cpu);
1953 /* Configure VCPU fields for use by assembly push/pull */
1954 vcpu->arch.xive_saved_state.w01 = cpu_to_be64(0xff000000);
1955 vcpu->arch.xive_cam_word = cpu_to_be32(xc->vp_cam | TM_QW1W2_VO);
1958 xc->vp_ipi = xive_native_alloc_irq();
1960 pr_err("Failed to allocate xive irq for VCPU IPI\n");
1964 pr_devel(" IPI=0x%x\n", xc->vp_ipi);
1966 r = xive_native_populate_irq_data(xc->vp_ipi, &xc->vp_ipi_data);
1971 * Enable the VP first as the single escalation mode will
1972 * affect escalation interrupts numbering
1974 r = xive_native_enable_vp(xc->vp_id, kvmppc_xive_has_single_escalation(xive));
1976 pr_err("Failed to enable VP in OPAL, err %d\n", r);
1981 * Initialize queues. Initially we set them all for no queueing
1982 * and we enable escalation for queue 0 only which we'll use for
1983 * our mfrr change notifications. If the VCPU is hot-plugged, we
1984 * do handle provisioning however based on the existing "map"
1985 * of enabled queues.
1987 for (i = 0; i < KVMPPC_XIVE_Q_COUNT; i++) {
1988 struct xive_q *q = &xc->queues[i];
1990 /* Single escalation, no queue 7 */
1991 if (i == 7 && kvmppc_xive_has_single_escalation(xive))
1994 /* Is queue already enabled ? Provision it */
1995 if (xive->qmap & (1 << i)) {
1996 r = xive_provision_queue(vcpu, i);
1997 if (r == 0 && !kvmppc_xive_has_single_escalation(xive))
1998 kvmppc_xive_attach_escalation(
1999 vcpu, i, kvmppc_xive_has_single_escalation(xive));
2003 r = xive_native_configure_queue(xc->vp_id,
2004 q, i, NULL, 0, true);
2006 pr_err("Failed to configure queue %d for VCPU %d\n",
2013 /* If not done above, attach priority 0 escalation */
2014 r = kvmppc_xive_attach_escalation(vcpu, 0, kvmppc_xive_has_single_escalation(xive));
2019 r = xive_native_configure_irq(xc->vp_ipi, xc->vp_id, 0, XICS_IPI);
2021 xive_vm_esb_load(&xc->vp_ipi_data, XIVE_ESB_SET_PQ_00);
2024 mutex_unlock(&xive->lock);
2026 kvmppc_xive_cleanup_vcpu(vcpu);
2030 vcpu->arch.irq_type = KVMPPC_IRQ_XICS;
2035 * Scanning of queues before/after migration save
2037 static void xive_pre_save_set_queued(struct kvmppc_xive *xive, u32 irq)
2039 struct kvmppc_xive_src_block *sb;
2040 struct kvmppc_xive_irq_state *state;
2043 sb = kvmppc_xive_find_source(xive, irq, &idx);
2047 state = &sb->irq_state[idx];
2049 /* Some sanity checking */
2050 if (!state->valid) {
2051 pr_err("invalid irq 0x%x in cpu queue!\n", irq);
2056 * If the interrupt is in a queue it should have P set.
2057 * We warn so that gets reported. A backtrace isn't useful
2058 * so no need to use a WARN_ON.
2060 if (!state->saved_p)
2061 pr_err("Interrupt 0x%x is marked in a queue but P not set !\n", irq);
2064 state->in_queue = true;
2067 static void xive_pre_save_mask_irq(struct kvmppc_xive *xive,
2068 struct kvmppc_xive_src_block *sb,
2071 struct kvmppc_xive_irq_state *state = &sb->irq_state[irq];
2076 /* Mask and save state, this will also sync HW queues */
2077 state->saved_scan_prio = xive_lock_and_mask(xive, sb, state);
2079 /* Transfer P and Q */
2080 state->saved_p = state->old_p;
2081 state->saved_q = state->old_q;
2084 arch_spin_unlock(&sb->lock);
2087 static void xive_pre_save_unmask_irq(struct kvmppc_xive *xive,
2088 struct kvmppc_xive_src_block *sb,
2091 struct kvmppc_xive_irq_state *state = &sb->irq_state[irq];
2097 * Lock / exclude EOI (not technically necessary if the
2098 * guest isn't running concurrently. If this becomes a
2099 * performance issue we can probably remove the lock.
2101 xive_lock_for_unmask(sb, state);
2103 /* Restore mask/prio if it wasn't masked */
2104 if (state->saved_scan_prio != MASKED)
2105 xive_finish_unmask(xive, sb, state, state->saved_scan_prio);
2108 arch_spin_unlock(&sb->lock);
2111 static void xive_pre_save_queue(struct kvmppc_xive *xive, struct xive_q *q)
2114 u32 toggle = q->toggle;
2118 irq = __xive_read_eq(q->qpage, q->msk, &idx, &toggle);
2120 xive_pre_save_set_queued(xive, irq);
2124 static void xive_pre_save_scan(struct kvmppc_xive *xive)
2126 struct kvm_vcpu *vcpu = NULL;
2131 * See comment in xive_get_source() about how this
2132 * work. Collect a stable state for all interrupts
2134 for (i = 0; i <= xive->max_sbid; i++) {
2135 struct kvmppc_xive_src_block *sb = xive->src_blocks[i];
2138 for (j = 0; j < KVMPPC_XICS_IRQ_PER_ICS; j++)
2139 xive_pre_save_mask_irq(xive, sb, j);
2142 /* Then scan the queues and update the "in_queue" flag */
2143 kvm_for_each_vcpu(i, vcpu, xive->kvm) {
2144 struct kvmppc_xive_vcpu *xc = vcpu->arch.xive_vcpu;
2147 for (j = 0; j < KVMPPC_XIVE_Q_COUNT; j++) {
2148 if (xc->queues[j].qpage)
2149 xive_pre_save_queue(xive, &xc->queues[j]);
2153 /* Finally restore interrupt states */
2154 for (i = 0; i <= xive->max_sbid; i++) {
2155 struct kvmppc_xive_src_block *sb = xive->src_blocks[i];
2158 for (j = 0; j < KVMPPC_XICS_IRQ_PER_ICS; j++)
2159 xive_pre_save_unmask_irq(xive, sb, j);
2163 static void xive_post_save_scan(struct kvmppc_xive *xive)
2167 /* Clear all the in_queue flags */
2168 for (i = 0; i <= xive->max_sbid; i++) {
2169 struct kvmppc_xive_src_block *sb = xive->src_blocks[i];
2172 for (j = 0; j < KVMPPC_XICS_IRQ_PER_ICS; j++)
2173 sb->irq_state[j].in_queue = false;
2176 /* Next get_source() will do a new scan */
2177 xive->saved_src_count = 0;
2181 * This returns the source configuration and state to user space.
2183 static int xive_get_source(struct kvmppc_xive *xive, long irq, u64 addr)
2185 struct kvmppc_xive_src_block *sb;
2186 struct kvmppc_xive_irq_state *state;
2187 u64 __user *ubufp = (u64 __user *) addr;
2191 sb = kvmppc_xive_find_source(xive, irq, &idx);
2195 state = &sb->irq_state[idx];
2200 pr_devel("get_source(%ld)...\n", irq);
2203 * So to properly save the state into something that looks like a
2204 * XICS migration stream we cannot treat interrupts individually.
2206 * We need, instead, mask them all (& save their previous PQ state)
2207 * to get a stable state in the HW, then sync them to ensure that
2208 * any interrupt that had already fired hits its queue, and finally
2209 * scan all the queues to collect which interrupts are still present
2210 * in the queues, so we can set the "pending" flag on them and
2211 * they can be resent on restore.
2213 * So we do it all when the "first" interrupt gets saved, all the
2214 * state is collected at that point, the rest of xive_get_source()
2215 * will merely collect and convert that state to the expected
2216 * userspace bit mask.
2218 if (xive->saved_src_count == 0)
2219 xive_pre_save_scan(xive);
2220 xive->saved_src_count++;
2222 /* Convert saved state into something compatible with xics */
2223 val = state->act_server;
2224 prio = state->saved_scan_prio;
2226 if (prio == MASKED) {
2227 val |= KVM_XICS_MASKED;
2228 prio = state->saved_priority;
2230 val |= prio << KVM_XICS_PRIORITY_SHIFT;
2232 val |= KVM_XICS_LEVEL_SENSITIVE;
2234 val |= KVM_XICS_PENDING;
2237 val |= KVM_XICS_PRESENTED;
2240 val |= KVM_XICS_QUEUED;
2243 * We mark it pending (which will attempt a re-delivery)
2244 * if we are in a queue *or* we were masked and had
2245 * Q set which is equivalent to the XICS "masked pending"
2248 if (state->in_queue || (prio == MASKED && state->saved_q))
2249 val |= KVM_XICS_PENDING;
2253 * If that was the last interrupt saved, reset the
2256 if (xive->saved_src_count == xive->src_count)
2257 xive_post_save_scan(xive);
2259 /* Copy the result to userspace */
2260 if (put_user(val, ubufp))
2266 struct kvmppc_xive_src_block *kvmppc_xive_create_src_block(
2267 struct kvmppc_xive *xive, int irq)
2269 struct kvmppc_xive_src_block *sb;
2272 bid = irq >> KVMPPC_XICS_ICS_SHIFT;
2274 mutex_lock(&xive->lock);
2276 /* block already exists - somebody else got here first */
2277 if (xive->src_blocks[bid])
2280 /* Create the ICS */
2281 sb = kzalloc(sizeof(*sb), GFP_KERNEL);
2287 for (i = 0; i < KVMPPC_XICS_IRQ_PER_ICS; i++) {
2288 sb->irq_state[i].number = (bid << KVMPPC_XICS_ICS_SHIFT) | i;
2289 sb->irq_state[i].eisn = 0;
2290 sb->irq_state[i].guest_priority = MASKED;
2291 sb->irq_state[i].saved_priority = MASKED;
2292 sb->irq_state[i].act_priority = MASKED;
2295 xive->src_blocks[bid] = sb;
2297 if (bid > xive->max_sbid)
2298 xive->max_sbid = bid;
2301 mutex_unlock(&xive->lock);
2302 return xive->src_blocks[bid];
2305 static bool xive_check_delayed_irq(struct kvmppc_xive *xive, u32 irq)
2307 struct kvm *kvm = xive->kvm;
2308 struct kvm_vcpu *vcpu = NULL;
2311 kvm_for_each_vcpu(i, vcpu, kvm) {
2312 struct kvmppc_xive_vcpu *xc = vcpu->arch.xive_vcpu;
2317 if (xc->delayed_irq == irq) {
2318 xc->delayed_irq = 0;
2319 xive->delayed_irqs--;
2326 static int xive_set_source(struct kvmppc_xive *xive, long irq, u64 addr)
2328 struct kvmppc_xive_src_block *sb;
2329 struct kvmppc_xive_irq_state *state;
2330 u64 __user *ubufp = (u64 __user *) addr;
2333 u8 act_prio, guest_prio;
2337 if (irq < KVMPPC_XICS_FIRST_IRQ || irq >= KVMPPC_XICS_NR_IRQS)
2340 pr_devel("set_source(irq=0x%lx)\n", irq);
2342 /* Find the source */
2343 sb = kvmppc_xive_find_source(xive, irq, &idx);
2345 pr_devel("No source, creating source block...\n");
2346 sb = kvmppc_xive_create_src_block(xive, irq);
2348 pr_devel("Failed to create block...\n");
2352 state = &sb->irq_state[idx];
2354 /* Read user passed data */
2355 if (get_user(val, ubufp)) {
2356 pr_devel("fault getting user info !\n");
2360 server = val & KVM_XICS_DESTINATION_MASK;
2361 guest_prio = val >> KVM_XICS_PRIORITY_SHIFT;
2363 pr_devel(" val=0x016%llx (server=0x%x, guest_prio=%d)\n",
2364 val, server, guest_prio);
2367 * If the source doesn't already have an IPI, allocate
2368 * one and get the corresponding data
2370 if (!state->ipi_number) {
2371 state->ipi_number = xive_native_alloc_irq();
2372 if (state->ipi_number == 0) {
2373 pr_devel("Failed to allocate IPI !\n");
2376 xive_native_populate_irq_data(state->ipi_number, &state->ipi_data);
2377 pr_devel(" src_ipi=0x%x\n", state->ipi_number);
2381 * We use lock_and_mask() to set us in the right masked
2382 * state. We will override that state from the saved state
2383 * further down, but this will handle the cases of interrupts
2384 * that need FW masking. We set the initial guest_priority to
2385 * 0 before calling it to ensure it actually performs the masking.
2387 state->guest_priority = 0;
2388 xive_lock_and_mask(xive, sb, state);
2391 * Now, we select a target if we have one. If we don't we
2392 * leave the interrupt untargetted. It means that an interrupt
2393 * can become "untargetted" across migration if it was masked
2394 * by set_xive() but there is little we can do about it.
2397 /* First convert prio and mark interrupt as untargetted */
2398 act_prio = xive_prio_from_guest(guest_prio);
2399 state->act_priority = MASKED;
2402 * We need to drop the lock due to the mutex below. Hopefully
2403 * nothing is touching that interrupt yet since it hasn't been
2404 * advertized to a running guest yet
2406 arch_spin_unlock(&sb->lock);
2408 /* If we have a priority target the interrupt */
2409 if (act_prio != MASKED) {
2410 /* First, check provisioning of queues */
2411 mutex_lock(&xive->lock);
2412 rc = xive_check_provisioning(xive->kvm, act_prio);
2413 mutex_unlock(&xive->lock);
2415 /* Target interrupt */
2417 rc = xive_target_interrupt(xive->kvm, state,
2420 * If provisioning or targetting failed, leave it
2421 * alone and masked. It will remain disabled until
2422 * the guest re-targets it.
2427 * Find out if this was a delayed irq stashed in an ICP,
2428 * in which case, treat it as pending
2430 if (xive->delayed_irqs && xive_check_delayed_irq(xive, irq)) {
2431 val |= KVM_XICS_PENDING;
2432 pr_devel(" Found delayed ! forcing PENDING !\n");
2435 /* Cleanup the SW state */
2436 state->old_p = false;
2437 state->old_q = false;
2439 state->asserted = false;
2441 /* Restore LSI state */
2442 if (val & KVM_XICS_LEVEL_SENSITIVE) {
2444 if (val & KVM_XICS_PENDING)
2445 state->asserted = true;
2446 pr_devel(" LSI ! Asserted=%d\n", state->asserted);
2450 * Restore P and Q. If the interrupt was pending, we
2451 * force Q and !P, which will trigger a resend.
2453 * That means that a guest that had both an interrupt
2454 * pending (queued) and Q set will restore with only
2455 * one instance of that interrupt instead of 2, but that
2456 * is perfectly fine as coalescing interrupts that haven't
2457 * been presented yet is always allowed.
2459 if (val & KVM_XICS_PRESENTED && !(val & KVM_XICS_PENDING))
2460 state->old_p = true;
2461 if (val & KVM_XICS_QUEUED || val & KVM_XICS_PENDING)
2462 state->old_q = true;
2464 pr_devel(" P=%d, Q=%d\n", state->old_p, state->old_q);
2467 * If the interrupt was unmasked, update guest priority and
2468 * perform the appropriate state transition and do a
2469 * re-trigger if necessary.
2471 if (val & KVM_XICS_MASKED) {
2472 pr_devel(" masked, saving prio\n");
2473 state->guest_priority = MASKED;
2474 state->saved_priority = guest_prio;
2476 pr_devel(" unmasked, restoring to prio %d\n", guest_prio);
2477 xive_finish_unmask(xive, sb, state, guest_prio);
2478 state->saved_priority = guest_prio;
2481 /* Increment the number of valid sources and mark this one valid */
2484 state->valid = true;
2489 int kvmppc_xive_set_irq(struct kvm *kvm, int irq_source_id, u32 irq, int level,
2492 struct kvmppc_xive *xive = kvm->arch.xive;
2493 struct kvmppc_xive_src_block *sb;
2494 struct kvmppc_xive_irq_state *state;
2500 sb = kvmppc_xive_find_source(xive, irq, &idx);
2504 /* Perform locklessly .... (we need to do some RCUisms here...) */
2505 state = &sb->irq_state[idx];
2509 /* We don't allow a trigger on a passed-through interrupt */
2510 if (state->pt_number)
2513 if ((level == 1 && state->lsi) || level == KVM_INTERRUPT_SET_LEVEL)
2514 state->asserted = true;
2515 else if (level == 0 || level == KVM_INTERRUPT_UNSET) {
2516 state->asserted = false;
2520 /* Trigger the IPI */
2521 xive_irq_trigger(&state->ipi_data);
2526 int kvmppc_xive_set_nr_servers(struct kvmppc_xive *xive, u64 addr)
2528 u32 __user *ubufp = (u32 __user *) addr;
2532 if (get_user(nr_servers, ubufp))
2535 pr_devel("%s nr_servers=%u\n", __func__, nr_servers);
2537 if (!nr_servers || nr_servers > KVM_MAX_VCPU_IDS)
2540 mutex_lock(&xive->lock);
2541 if (xive->vp_base != XIVE_INVALID_VP)
2542 /* The VP block is allocated once and freed when the device
2543 * is released. Better not allow to change its size since its
2544 * used by connect_vcpu to validate vCPU ids are valid (eg,
2545 * setting it back to a higher value could allow connect_vcpu
2546 * to come up with a VP id that goes beyond the VP block, which
2547 * is likely to cause a crash in OPAL).
2550 else if (nr_servers > KVM_MAX_VCPUS)
2551 /* We don't need more servers. Higher vCPU ids get packed
2552 * down below KVM_MAX_VCPUS by kvmppc_pack_vcpu_id().
2554 xive->nr_servers = KVM_MAX_VCPUS;
2556 xive->nr_servers = nr_servers;
2558 mutex_unlock(&xive->lock);
2563 static int xive_set_attr(struct kvm_device *dev, struct kvm_device_attr *attr)
2565 struct kvmppc_xive *xive = dev->private;
2567 /* We honor the existing XICS ioctl */
2568 switch (attr->group) {
2569 case KVM_DEV_XICS_GRP_SOURCES:
2570 return xive_set_source(xive, attr->attr, attr->addr);
2571 case KVM_DEV_XICS_GRP_CTRL:
2572 switch (attr->attr) {
2573 case KVM_DEV_XICS_NR_SERVERS:
2574 return kvmppc_xive_set_nr_servers(xive, attr->addr);
2580 static int xive_get_attr(struct kvm_device *dev, struct kvm_device_attr *attr)
2582 struct kvmppc_xive *xive = dev->private;
2584 /* We honor the existing XICS ioctl */
2585 switch (attr->group) {
2586 case KVM_DEV_XICS_GRP_SOURCES:
2587 return xive_get_source(xive, attr->attr, attr->addr);
2592 static int xive_has_attr(struct kvm_device *dev, struct kvm_device_attr *attr)
2594 /* We honor the same limits as XICS, at least for now */
2595 switch (attr->group) {
2596 case KVM_DEV_XICS_GRP_SOURCES:
2597 if (attr->attr >= KVMPPC_XICS_FIRST_IRQ &&
2598 attr->attr < KVMPPC_XICS_NR_IRQS)
2601 case KVM_DEV_XICS_GRP_CTRL:
2602 switch (attr->attr) {
2603 case KVM_DEV_XICS_NR_SERVERS:
2610 static void kvmppc_xive_cleanup_irq(u32 hw_num, struct xive_irq_data *xd)
2612 xive_vm_esb_load(xd, XIVE_ESB_SET_PQ_01);
2613 xive_native_configure_irq(hw_num, 0, MASKED, 0);
2616 void kvmppc_xive_free_sources(struct kvmppc_xive_src_block *sb)
2620 for (i = 0; i < KVMPPC_XICS_IRQ_PER_ICS; i++) {
2621 struct kvmppc_xive_irq_state *state = &sb->irq_state[i];
2626 kvmppc_xive_cleanup_irq(state->ipi_number, &state->ipi_data);
2627 xive_cleanup_irq_data(&state->ipi_data);
2628 xive_native_free_irq(state->ipi_number);
2630 /* Pass-through, cleanup too but keep IRQ hw data */
2631 if (state->pt_number)
2632 kvmppc_xive_cleanup_irq(state->pt_number, state->pt_data);
2634 state->valid = false;
2639 * Called when device fd is closed. kvm->lock is held.
2641 static void kvmppc_xive_release(struct kvm_device *dev)
2643 struct kvmppc_xive *xive = dev->private;
2644 struct kvm *kvm = xive->kvm;
2645 struct kvm_vcpu *vcpu;
2648 pr_devel("Releasing xive device\n");
2651 * Since this is the device release function, we know that
2652 * userspace does not have any open fd referring to the
2653 * device. Therefore there can not be any of the device
2654 * attribute set/get functions being executed concurrently,
2655 * and similarly, the connect_vcpu and set/clr_mapped
2656 * functions also cannot be being executed.
2659 debugfs_remove(xive->dentry);
2662 * We should clean up the vCPU interrupt presenters first.
2664 kvm_for_each_vcpu(i, vcpu, kvm) {
2666 * Take vcpu->mutex to ensure that no one_reg get/set ioctl
2667 * (i.e. kvmppc_xive_[gs]et_icp) can be done concurrently.
2668 * Holding the vcpu->mutex also means that the vcpu cannot
2669 * be executing the KVM_RUN ioctl, and therefore it cannot
2670 * be executing the XIVE push or pull code or accessing
2671 * the XIVE MMIO regions.
2673 mutex_lock(&vcpu->mutex);
2674 kvmppc_xive_cleanup_vcpu(vcpu);
2675 mutex_unlock(&vcpu->mutex);
2679 * Now that we have cleared vcpu->arch.xive_vcpu, vcpu->arch.irq_type
2680 * and vcpu->arch.xive_esc_[vr]addr on each vcpu, we are safe
2681 * against xive code getting called during vcpu execution or
2682 * set/get one_reg operations.
2684 kvm->arch.xive = NULL;
2686 /* Mask and free interrupts */
2687 for (i = 0; i <= xive->max_sbid; i++) {
2688 if (xive->src_blocks[i])
2689 kvmppc_xive_free_sources(xive->src_blocks[i]);
2690 kfree(xive->src_blocks[i]);
2691 xive->src_blocks[i] = NULL;
2694 if (xive->vp_base != XIVE_INVALID_VP)
2695 xive_native_free_vp_block(xive->vp_base);
2698 * A reference of the kvmppc_xive pointer is now kept under
2699 * the xive_devices struct of the machine for reuse. It is
2700 * freed when the VM is destroyed for now until we fix all the
2708 * When the guest chooses the interrupt mode (XICS legacy or XIVE
2709 * native), the VM will switch of KVM device. The previous device will
2710 * be "released" before the new one is created.
2712 * Until we are sure all execution paths are well protected, provide a
2713 * fail safe (transitional) method for device destruction, in which
2714 * the XIVE device pointer is recycled and not directly freed.
2716 struct kvmppc_xive *kvmppc_xive_get_device(struct kvm *kvm, u32 type)
2718 struct kvmppc_xive **kvm_xive_device = type == KVM_DEV_TYPE_XIVE ?
2719 &kvm->arch.xive_devices.native :
2720 &kvm->arch.xive_devices.xics_on_xive;
2721 struct kvmppc_xive *xive = *kvm_xive_device;
2724 xive = kzalloc(sizeof(*xive), GFP_KERNEL);
2725 *kvm_xive_device = xive;
2727 memset(xive, 0, sizeof(*xive));
2734 * Create a XICS device with XIVE backend. kvm->lock is held.
2736 static int kvmppc_xive_create(struct kvm_device *dev, u32 type)
2738 struct kvmppc_xive *xive;
2739 struct kvm *kvm = dev->kvm;
2741 pr_devel("Creating xive for partition\n");
2743 /* Already there ? */
2747 xive = kvmppc_xive_get_device(kvm, type);
2751 dev->private = xive;
2754 mutex_init(&xive->lock);
2756 /* We use the default queue size set by the host */
2757 xive->q_order = xive_native_default_eq_shift();
2758 if (xive->q_order < PAGE_SHIFT)
2759 xive->q_page_order = 0;
2761 xive->q_page_order = xive->q_order - PAGE_SHIFT;
2763 /* VP allocation is delayed to the first call to connect_vcpu */
2764 xive->vp_base = XIVE_INVALID_VP;
2765 /* KVM_MAX_VCPUS limits the number of VMs to roughly 64 per sockets
2766 * on a POWER9 system.
2768 xive->nr_servers = KVM_MAX_VCPUS;
2770 if (xive_native_has_single_escalation())
2771 xive->flags |= KVMPPC_XIVE_FLAG_SINGLE_ESCALATION;
2773 if (xive_native_has_save_restore())
2774 xive->flags |= KVMPPC_XIVE_FLAG_SAVE_RESTORE;
2776 kvm->arch.xive = xive;
2780 int kvmppc_xive_xics_hcall(struct kvm_vcpu *vcpu, u32 req)
2782 struct kvmppc_vcore *vc = vcpu->arch.vcore;
2784 /* The VM should have configured XICS mode before doing XICS hcalls. */
2785 if (!kvmppc_xics_enabled(vcpu))
2790 return xive_vm_h_xirr(vcpu);
2792 return xive_vm_h_cppr(vcpu, kvmppc_get_gpr(vcpu, 4));
2794 return xive_vm_h_eoi(vcpu, kvmppc_get_gpr(vcpu, 4));
2796 return xive_vm_h_ipi(vcpu, kvmppc_get_gpr(vcpu, 4),
2797 kvmppc_get_gpr(vcpu, 5));
2799 return xive_vm_h_ipoll(vcpu, kvmppc_get_gpr(vcpu, 4));
2801 xive_vm_h_xirr(vcpu);
2802 kvmppc_set_gpr(vcpu, 5, get_tb() + vc->tb_offset);
2806 return H_UNSUPPORTED;
2808 EXPORT_SYMBOL_GPL(kvmppc_xive_xics_hcall);
2810 int kvmppc_xive_debug_show_queues(struct seq_file *m, struct kvm_vcpu *vcpu)
2812 struct kvmppc_xive_vcpu *xc = vcpu->arch.xive_vcpu;
2815 for (i = 0; i < KVMPPC_XIVE_Q_COUNT; i++) {
2816 struct xive_q *q = &xc->queues[i];
2819 if (!q->qpage && !xc->esc_virq[i])
2823 seq_printf(m, " q[%d]: ", i);
2825 i0 = be32_to_cpup(q->qpage + idx);
2826 idx = (idx + 1) & q->msk;
2827 i1 = be32_to_cpup(q->qpage + idx);
2828 seq_printf(m, "T=%d %08x %08x...\n", q->toggle,
2831 if (xc->esc_virq[i]) {
2832 struct irq_data *d = irq_get_irq_data(xc->esc_virq[i]);
2833 struct xive_irq_data *xd =
2834 irq_data_get_irq_handler_data(d);
2835 u64 pq = xive_vm_esb_load(xd, XIVE_ESB_GET);
2837 seq_printf(m, " ESC %d %c%c EOI @%llx",
2839 (pq & XIVE_ESB_VAL_P) ? 'P' : '-',
2840 (pq & XIVE_ESB_VAL_Q) ? 'Q' : '-',
2848 void kvmppc_xive_debug_show_sources(struct seq_file *m,
2849 struct kvmppc_xive_src_block *sb)
2853 seq_puts(m, " LISN HW/CHIP TYPE PQ EISN CPU/PRIO\n");
2854 for (i = 0; i < KVMPPC_XICS_IRQ_PER_ICS; i++) {
2855 struct kvmppc_xive_irq_state *state = &sb->irq_state[i];
2856 struct xive_irq_data *xd;
2863 kvmppc_xive_select_irq(state, &hw_num, &xd);
2865 pq = xive_vm_esb_load(xd, XIVE_ESB_GET);
2867 seq_printf(m, "%08x %08x/%02x", state->number, hw_num,
2870 seq_printf(m, " %cLSI", state->asserted ? '^' : ' ');
2872 seq_puts(m, " MSI");
2874 seq_printf(m, " %s %c%c %08x % 4d/%d",
2875 state->ipi_number == hw_num ? "IPI" : " PT",
2876 pq & XIVE_ESB_VAL_P ? 'P' : '-',
2877 pq & XIVE_ESB_VAL_Q ? 'Q' : '-',
2878 state->eisn, state->act_server,
2879 state->act_priority);
2885 static int xive_debug_show(struct seq_file *m, void *private)
2887 struct kvmppc_xive *xive = m->private;
2888 struct kvm *kvm = xive->kvm;
2889 struct kvm_vcpu *vcpu;
2890 u64 t_rm_h_xirr = 0;
2891 u64 t_rm_h_ipoll = 0;
2892 u64 t_rm_h_cppr = 0;
2895 u64 t_vm_h_xirr = 0;
2896 u64 t_vm_h_ipoll = 0;
2897 u64 t_vm_h_cppr = 0;
2905 seq_puts(m, "=========\nVCPU state\n=========\n");
2907 kvm_for_each_vcpu(i, vcpu, kvm) {
2908 struct kvmppc_xive_vcpu *xc = vcpu->arch.xive_vcpu;
2913 seq_printf(m, "VCPU %d: VP:%#x/%02x\n"
2914 " CPPR:%#x HWCPPR:%#x MFRR:%#x PEND:%#x h_xirr: R=%lld V=%lld\n",
2915 xc->server_num, xc->vp_id, xc->vp_chip_id,
2916 xc->cppr, xc->hw_cppr,
2917 xc->mfrr, xc->pending,
2918 xc->stat_rm_h_xirr, xc->stat_vm_h_xirr);
2920 kvmppc_xive_debug_show_queues(m, vcpu);
2922 t_rm_h_xirr += xc->stat_rm_h_xirr;
2923 t_rm_h_ipoll += xc->stat_rm_h_ipoll;
2924 t_rm_h_cppr += xc->stat_rm_h_cppr;
2925 t_rm_h_eoi += xc->stat_rm_h_eoi;
2926 t_rm_h_ipi += xc->stat_rm_h_ipi;
2927 t_vm_h_xirr += xc->stat_vm_h_xirr;
2928 t_vm_h_ipoll += xc->stat_vm_h_ipoll;
2929 t_vm_h_cppr += xc->stat_vm_h_cppr;
2930 t_vm_h_eoi += xc->stat_vm_h_eoi;
2931 t_vm_h_ipi += xc->stat_vm_h_ipi;
2934 seq_puts(m, "Hcalls totals\n");
2935 seq_printf(m, " H_XIRR R=%10lld V=%10lld\n", t_rm_h_xirr, t_vm_h_xirr);
2936 seq_printf(m, " H_IPOLL R=%10lld V=%10lld\n", t_rm_h_ipoll, t_vm_h_ipoll);
2937 seq_printf(m, " H_CPPR R=%10lld V=%10lld\n", t_rm_h_cppr, t_vm_h_cppr);
2938 seq_printf(m, " H_EOI R=%10lld V=%10lld\n", t_rm_h_eoi, t_vm_h_eoi);
2939 seq_printf(m, " H_IPI R=%10lld V=%10lld\n", t_rm_h_ipi, t_vm_h_ipi);
2941 seq_puts(m, "=========\nSources\n=========\n");
2943 for (i = 0; i <= xive->max_sbid; i++) {
2944 struct kvmppc_xive_src_block *sb = xive->src_blocks[i];
2947 arch_spin_lock(&sb->lock);
2948 kvmppc_xive_debug_show_sources(m, sb);
2949 arch_spin_unlock(&sb->lock);
2956 DEFINE_SHOW_ATTRIBUTE(xive_debug);
2958 static void xive_debugfs_init(struct kvmppc_xive *xive)
2960 xive->dentry = debugfs_create_file("xive", S_IRUGO, xive->kvm->debugfs_dentry,
2961 xive, &xive_debug_fops);
2963 pr_debug("%s: created\n", __func__);
2966 static void kvmppc_xive_init(struct kvm_device *dev)
2968 struct kvmppc_xive *xive = dev->private;
2970 /* Register some debug interfaces */
2971 xive_debugfs_init(xive);
2974 struct kvm_device_ops kvm_xive_ops = {
2976 .create = kvmppc_xive_create,
2977 .init = kvmppc_xive_init,
2978 .release = kvmppc_xive_release,
2979 .set_attr = xive_set_attr,
2980 .get_attr = xive_get_attr,
2981 .has_attr = xive_has_attr,
projects / releases.git / blob