[v9,16/28] ARM: vITS: handle INT command

Message ID	20170511175340.8448-17-andre.przywara@arm.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <xen-devel-bounces@lists.xen.org> From: Andre Przywara <andre.przywara@arm.com> To: Julien Grall <julien.grall@arm.com>, Stefano Stabellini <sstabellini@kernel.org> Date: Thu, 11 May 2017 18:53:28 +0100 Message-Id: <20170511175340.8448-17-andre.przywara@arm.com> In-Reply-To: <20170511175340.8448-1-andre.przywara@arm.com> References: <20170511175340.8448-1-andre.przywara@arm.com> Cc: xen-devel@lists.xenproject.org, Vijaya Kumar K <Vijaya.Kumar@caviumnetworks.com>, Vijay Kilari <vijay.kilari@gmail.com>, Shanker Donthineni <shankerd@codeaurora.org> Subject: [Xen-devel] [PATCH v9 16/28] ARM: vITS: handle INT command Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>

Message ID

20170511175340.8448-17-andre.przywara@arm.com (mailing list archive)

State

New, archived

Headers

From: Andre Przywara <andre.przywara@arm.com>
To: Julien Grall <julien.grall@arm.com>,
	Stefano Stabellini <sstabellini@kernel.org>
Date: Thu, 11 May 2017 18:53:28 +0100
Message-Id: <20170511175340.8448-17-andre.przywara@arm.com>
In-Reply-To: <20170511175340.8448-1-andre.przywara@arm.com>
References: <20170511175340.8448-1-andre.przywara@arm.com>
Cc: xen-devel@lists.xenproject.org,
	Vijaya Kumar K <Vijaya.Kumar@caviumnetworks.com>,
	Vijay Kilari <vijay.kilari@gmail.com>,
	Shanker Donthineni <shankerd@codeaurora.org>
Subject: [Xen-devel] [PATCH v9 16/28] ARM: vITS: handle INT command
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>

Commit Message

Andre Przywara May 11, 2017, 5:53 p.m. UTC

The INT command sets a given LPI identified by a DeviceID/EventID pair
as pending and thus triggers it to be injected.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
 xen/arch/arm/vgic-v3-its.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

Comments

Julien Grall May 17, 2017, 4:17 p.m. UTC | #1

Hi Andre,

On 11/05/17 18:53, Andre Przywara wrote:
> The INT command sets a given LPI identified by a DeviceID/EventID pair
> as pending and thus triggers it to be injected.
>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> ---
>  xen/arch/arm/vgic-v3-its.c | 21 +++++++++++++++++++++
>  1 file changed, 21 insertions(+)
>
> diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
> index 12ec5f1..f9379c9 100644
> --- a/xen/arch/arm/vgic-v3-its.c
> +++ b/xen/arch/arm/vgic-v3-its.c
> @@ -300,6 +300,24 @@ static uint64_t its_cmd_mask_field(uint64_t *its_cmd, unsigned int word,
>  #define its_cmd_get_validbit(cmd)       its_cmd_mask_field(cmd, 2, 63,  1)
>  #define its_cmd_get_ittaddr(cmd)        (its_cmd_mask_field(cmd, 2, 8, 44) << 8)
>
> +static int its_handle_int(struct virt_its *its, uint64_t *cmdptr)
> +{
> +    uint32_t devid = its_cmd_get_deviceid(cmdptr);
> +    uint32_t eventid = its_cmd_get_id(cmdptr);
> +    struct vcpu *vcpu;
> +    uint32_t vlpi;
> +
> +    if ( !read_itte(its, devid, eventid, &vcpu, &vlpi) )
> +        return -1;

See my comment on patch #13 about crafting the memory.

> +
> +    if ( vlpi == INVALID_LPI )
> +        return -1;
> +
> +    vgic_vcpu_inject_irq(vcpu, vlpi);
> +
> +    return 0;
> +}
> +
>  #define ITS_CMD_BUFFER_SIZE(baser)      ((((baser) & 0xff) + 1) << 12)
>  #define ITS_CMD_OFFSET(reg)             ((reg) & GENMASK(19, 5))
>
> @@ -329,6 +347,9 @@ static int vgic_its_handle_cmds(struct domain *d, struct virt_its *its)
>
>          switch ( its_cmd_get_command(command) )
>          {
> +        case GITS_CMD_INT:
> +            ret = its_handle_int(its, command);
> +            break;
>          case GITS_CMD_SYNC:
>              /* We handle ITS commands synchronously, so we ignore SYNC. */
>              break;
>

Cheers,

Andre Przywara May 23, 2017, 5:24 p.m. UTC | #2

Hi,

On 17/05/17 17:17, Julien Grall wrote:
> Hi Andre,
> 
> On 11/05/17 18:53, Andre Przywara wrote:
>> The INT command sets a given LPI identified by a DeviceID/EventID pair
>> as pending and thus triggers it to be injected.
>>
>> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
>> ---
>>  xen/arch/arm/vgic-v3-its.c | 21 +++++++++++++++++++++
>>  1 file changed, 21 insertions(+)
>>
>> diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
>> index 12ec5f1..f9379c9 100644
>> --- a/xen/arch/arm/vgic-v3-its.c
>> +++ b/xen/arch/arm/vgic-v3-its.c
>> @@ -300,6 +300,24 @@ static uint64_t its_cmd_mask_field(uint64_t
>> *its_cmd, unsigned int word,
>>  #define its_cmd_get_validbit(cmd)       its_cmd_mask_field(cmd, 2,
>> 63,  1)
>>  #define its_cmd_get_ittaddr(cmd)        (its_cmd_mask_field(cmd, 2,
>> 8, 44) << 8)
>>
>> +static int its_handle_int(struct virt_its *its, uint64_t *cmdptr)
>> +{
>> +    uint32_t devid = its_cmd_get_deviceid(cmdptr);
>> +    uint32_t eventid = its_cmd_get_id(cmdptr);
>> +    struct vcpu *vcpu;
>> +    uint32_t vlpi;
>> +
>> +    if ( !read_itte(its, devid, eventid, &vcpu, &vlpi) )
>> +        return -1;
> 
> See my comment on patch #13 about crafting the memory.

So read_itte goes through some checks already (valid VCPU IDs, valid
device table pointer, valid event ID, ...). I believe we can't do much
more than this. I added a fat TODO and an ASSERT(is_dom0) in
vgic_v3_verify_its_status() to not forget about this problem.
Ideally it shouldn't matter what the guest writes into the table,
hopefully the per-IRQ locking ensures this.

Cheers,
Andre.

> 
>> +
>> +    if ( vlpi == INVALID_LPI )
>> +        return -1;
>> +
>> +    vgic_vcpu_inject_irq(vcpu, vlpi);
>> +
>> +    return 0;
>> +}
>> +
>>  #define ITS_CMD_BUFFER_SIZE(baser)      ((((baser) & 0xff) + 1) << 12)
>>  #define ITS_CMD_OFFSET(reg)             ((reg) & GENMASK(19, 5))
>>
>> @@ -329,6 +347,9 @@ static int vgic_its_handle_cmds(struct domain *d,
>> struct virt_its *its)
>>
>>          switch ( its_cmd_get_command(command) )
>>          {
>> +        case GITS_CMD_INT:
>> +            ret = its_handle_int(its, command);
>> +            break;
>>          case GITS_CMD_SYNC:
>>              /* We handle ITS commands synchronously, so we ignore
>> SYNC. */
>>              break;
>>
> 
> Cheers,
>

diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
index 12ec5f1..f9379c9 100644
--- a/xen/arch/arm/vgic-v3-its.c
+++ b/xen/arch/arm/vgic-v3-its.c
@@ -300,6 +300,24 @@  static uint64_t its_cmd_mask_field(uint64_t *its_cmd, unsigned int word,
 #define its_cmd_get_validbit(cmd)       its_cmd_mask_field(cmd, 2, 63,  1)
 #define its_cmd_get_ittaddr(cmd)        (its_cmd_mask_field(cmd, 2, 8, 44) << 8)
 
+static int its_handle_int(struct virt_its *its, uint64_t *cmdptr)
+{
+    uint32_t devid = its_cmd_get_deviceid(cmdptr);
+    uint32_t eventid = its_cmd_get_id(cmdptr);
+    struct vcpu *vcpu;
+    uint32_t vlpi;
+
+    if ( !read_itte(its, devid, eventid, &vcpu, &vlpi) )
+        return -1;
+
+    if ( vlpi == INVALID_LPI )
+        return -1;
+
+    vgic_vcpu_inject_irq(vcpu, vlpi);
+
+    return 0;
+}
+
 #define ITS_CMD_BUFFER_SIZE(baser)      ((((baser) & 0xff) + 1) << 12)
 #define ITS_CMD_OFFSET(reg)             ((reg) & GENMASK(19, 5))
 
@@ -329,6 +347,9 @@  static int vgic_its_handle_cmds(struct domain *d, struct virt_its *its)
 
         switch ( its_cmd_get_command(command) )
         {
+        case GITS_CMD_INT:
+            ret = its_handle_int(its, command);
+            break;
         case GITS_CMD_SYNC:
             /* We handle ITS commands synchronously, so we ignore SYNC. */
             break;

[v9,16/28] ARM: vITS: handle INT command

Commit Message

Comments

Patch