This patch adds the necessary MMU setup code for the cells. They use the
same paging functions as the hypervisor, but their flags are slightly
different.

As an improvement, it would be good to use only two levels of page
tables on 32bit instead of three. This would limit the memory accessible
from EL1 to 16GB instead of the current 256.
This doesn't really matter for the moment: since the core handles virtual
addresses with unsigned longs, LPAE cannot be used.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/Makefile | 2 +-
hypervisor/arch/arm/include/asm/cell.h | 11 ++-
hypervisor/arch/arm/include/asm/control.h | 26 +++++++
hypervisor/arch/arm/include/asm/paging.h | 1 +
hypervisor/arch/arm/include/asm/processor.h | 33 +++++++++
hypervisor/arch/arm/include/asm/sysregs.h | 2 +
hypervisor/arch/arm/mmu_cell.c | 101 +++++++++++++++++++++++++++
hypervisor/arch/arm/setup.c | 29 +++++---
8 files changed, 193 insertions(+), 12 deletions(-)
create mode 100644 hypervisor/arch/arm/include/asm/control.h
create mode 100644 hypervisor/arch/arm/mmu_cell.c

diff --git a/hypervisor/arch/arm/Makefile b/hypervisor/arch/arm/Makefile
index b8cc50b..9bc393e 100644
--- a/hypervisor/arch/arm/Makefile
+++ b/hypervisor/arch/arm/Makefile
@@ -15,7 +15,7 @@ KBUILD_AFLAGS := $(filter-out -include asm/unified.h,$(KBUILD_AFLAGS))
always := built-in.o

obj-y := entry.o dbg-write.o exception.o setup.o lib.o
-obj-y += paging.o mmu_hyp.o
+obj-y += paging.o mmu_hyp.o mmu_cell.o
obj-$(CONFIG_ARCH_VEXPRESS) += dbg-write-pl011.o

# Needed for kconfig
diff --git a/hypervisor/arch/arm/include/asm/cell.h b/hypervisor/arch/arm/include/asm/cell.h
index 121115c..88fe125 100644
--- a/hypervisor/arch/arm/include/asm/cell.h
+++ b/hypervisor/arch/arm/include/asm/cell.h
@@ -14,12 +14,20 @@
#define _JAILHOUSE_ASM_CELL_H

#include <asm/types.h>
-#include <asm/paging.h>
+
+#ifndef __ASSEMBLY__

#include <jailhouse/cell-config.h>
+#include <jailhouse/paging.h>
#include <jailhouse/hypercall.h>

+struct arch_cell {
+ struct paging_structures mm;
+};
+
struct cell {
+ struct arch_cell arch;
+
unsigned int id;
unsigned int data_pages;
struct jailhouse_cell_desc *config;
@@ -39,4 +47,5 @@ struct cell {

extern struct cell root_cell;

+#endif /* !__ASSEMBLY__ */
#endif /* !_JAILHOUSE_ASM_CELL_H */
diff --git a/hypervisor/arch/arm/include/asm/control.h b/hypervisor/arch/arm/include/asm/control.h
new file mode 100644
index 0000000..b569cba
--- /dev/null
+++ b/hypervisor/arch/arm/include/asm/control.h
@@ -0,0 +1,26 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#ifndef _JAILHOUSE_ASM_CONTROL_H
+#define _JAILHOUSE_ASM_CONTROL_H
+
+#include <asm/cell.h>
+#include <asm/percpu.h>
+
+#ifndef __ASSEMBLY__
+
+int arch_mmu_cell_init(struct cell *cell);
+int arch_mmu_cpu_cell_init(struct per_cpu *cpu_data);
+
+#endif /* !__ASSEMBLY__ */
+
+#endif /* !_JAILHOUSE_ASM_CONTROL_H */
diff --git a/hypervisor/arch/arm/include/asm/paging.h b/hypervisor/arch/arm/include/asm/paging.h
index 251576e..969c71d 100644
--- a/hypervisor/arch/arm/include/asm/paging.h
+++ b/hypervisor/arch/arm/include/asm/paging.h
@@ -98,6 +98,7 @@
#define BLOCK_2M_VADDR_MASK BIT_MASK(20, 0)

#define TTBR_MASK BIT_MASK(47, PADDR_OFF)
+#define VTTBR_VMID_SHIFT 48

#define HTCR_RES1 ((1 << 31) | (1 << 23))
#define VTCR_RES1 ((1 << 31))
diff --git a/hypervisor/arch/arm/include/asm/processor.h b/hypervisor/arch/arm/include/asm/processor.h
index e33550f..85ff33e 100644
--- a/hypervisor/arch/arm/include/asm/processor.h
+++ b/hypervisor/arch/arm/include/asm/processor.h
@@ -52,6 +52,39 @@
#define SCTLR_AFE_BIT (1 << 29)
#define SCTLR_TE_BIT (1 << 30)

+#define HCR_TRVM_BIT (1 << 30)
+#define HCR_TVM_BIT (1 << 26)
+#define HCR_HDC_BIT (1 << 29)
+#define HCR_TGE_BIT (1 << 27)
+#define HCR_TTLB_BIT (1 << 25)
+#define HCR_TPU_BIT (1 << 24)
+#define HCR_TPC_BIT (1 << 23)
+#define HCR_TSW_BIT (1 << 22)
+#define HCR_TAC_BIT (1 << 21)
+#define HCR_TIDCP_BIT (1 << 20)
+#define HCR_TSC_BIT (1 << 19)
+#define HCR_TID3_BIT (1 << 18)
+#define HCR_TID2_BIT (1 << 17)
+#define HCR_TID1_BIT (1 << 16)
+#define HCR_TID0_BIT (1 << 15)
+#define HCR_TWE_BIT (1 << 14)
+#define HCR_TWI_BIT (1 << 13)
+#define HCR_DC_BIT (1 << 12)
+#define HCR_BSU_BITS (3 << 10)
+#define HCR_BSU_INNER (1 << 10)
+#define HCR_BSU_OUTER (2 << 10)
+#define HCR_BSU_FULL HCR_BSU_BITS
+#define HCR_FB_BIT (1 << 9)
+#define HCR_VA_BIT (1 << 8)
+#define HCR_VI_BIT (1 << 7)
+#define HCR_VF_BIT (1 << 6)
+#define HCR_AMO_BIT (1 << 5)
+#define HCR_IMO_BIT (1 << 4)
+#define HCR_FMO_BIT (1 << 3)
+#define HCR_PTW_BIT (1 << 2)
+#define HCR_SWIO_BIT (1 << 1)
+#define HCR_VM_BIT (1 << 0)
+
#define PAR_F_BIT 0x1
#define PAR_FST_SHIFT 1
#define PAR_FST_MASK 0x3f
diff --git a/hypervisor/arch/arm/include/asm/sysregs.h b/hypervisor/arch/arm/include/asm/sysregs.h
index 261d934..ea7bc7a 100644
--- a/hypervisor/arch/arm/include/asm/sysregs.h
+++ b/hypervisor/arch/arm/include/asm/sysregs.h
@@ -40,6 +40,8 @@
#define PAR_EL1 SYSREG_64(0, c7)

/* AArch32-specific registers */
+#define HCR SYSREG_32(4, c1, c1, 0)
+#define HCR2 SYSREG_32(4, c1, c1, 4)
#define HMAIR0 SYSREG_32(4, c10, c2, 0)
#define HMAIR1 SYSREG_32(4, c10, c2, 1)
#define HVBAR SYSREG_32(4, c12, c0, 0)
diff --git a/hypervisor/arch/arm/mmu_cell.c b/hypervisor/arch/arm/mmu_cell.c
new file mode 100644
index 0000000..fcd977a
--- /dev/null
+++ b/hypervisor/arch/arm/mmu_cell.c
@@ -0,0 +1,101 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#include <asm/control.h>
+#include <asm/sysregs.h>
+#include <jailhouse/control.h>
+#include <jailhouse/paging.h>
+#include <jailhouse/printk.h>
+
+int arch_map_memory_region(struct cell *cell,
+ const struct jailhouse_memory *mem)
+{
+ u64 phys_start = mem->phys_start;
+ u32 flags = PTE_FLAG_VALID | PTE_ACCESS_FLAG;
+
+ if (mem->flags & JAILHOUSE_MEM_READ)
+ flags |= S2_PTE_ACCESS_RO;
+ if (mem->flags & JAILHOUSE_MEM_WRITE)
+ flags |= S2_PTE_ACCESS_WO;
+ /*
+ * `DMA' may be a bit misleading here: it is used to define MMIO regions
+ */
+ if (mem->flags & JAILHOUSE_MEM_DMA)
+ flags |= S2_PTE_FLAG_DEVICE;
+ else
+ flags |= S2_PTE_FLAG_NORMAL;
+ if (mem->flags & JAILHOUSE_MEM_COMM_REGION)
+ phys_start = page_map_hvirt2phys(&cell->comm_page);
+ /*
+ if (!(mem->flags & JAILHOUSE_MEM_EXECUTE))
+ flags |= S2_PAGE_ACCESS_XN;
+ */
+
+ return page_map_create(&cell->arch.mm, phys_start, mem->size,
+ mem->virt_start, flags, PAGE_MAP_NON_COHERENT);
+}
+
+int arch_unmap_memory_region(struct cell *cell,
+ const struct jailhouse_memory *mem)
+{
+ return page_map_destroy(&cell->arch.mm, mem->virt_start, mem->size,
+ PAGE_MAP_NON_COHERENT);
+}
+
+unsigned long arch_page_map_gphys2phys(struct per_cpu *cpu_data,
+ unsigned long gphys)
+{
+ /* Translate IPA->PA */
+ return page_map_virt2phys(&cpu_data->cell->arch.mm, gphys);
+}
+
+int arch_mmu_cell_init(struct cell *cell)
+{
+ cell->arch.mm.root_paging = hv_paging;
+ cell->arch.mm.root_table = page_alloc(&mem_pool, 1);
+ if (!cell->arch.mm.root_table)
+ return -ENOMEM;
+
+ return 0;
+}
+
+int arch_mmu_cpu_cell_init(struct per_cpu *cpu_data)
+{
+ struct cell *cell = cpu_data->cell;
+ unsigned long cell_table = page_map_hvirt2phys(cell->arch.mm.root_table);
+ u64 vttbr = 0;
+ u32 vtcr = T0SZ
+ | SL0 << TCR_SL0_SHIFT
+ | (TCR_RGN_WB_WA << TCR_IRGN0_SHIFT)
+ | (TCR_RGN_WB_WA << TCR_ORGN0_SHIFT)
+ | (TCR_INNER_SHAREABLE << TCR_SH0_SHIFT)
+ | VTCR_RES1;
+
+ if (cell->id > 0xff) {
+ panic_printk("No cell ID available\n");
+ return -E2BIG;
+ }
+ vttbr |= (u64)cell->id << VTTBR_VMID_SHIFT;
+ vttbr |= (u64)(cell_table & TTBR_MASK);
+
+ arm_write_sysreg(VTTBR_EL2, vttbr);
+ arm_write_sysreg(VTCR_EL2, vtcr);
+
+ isb();
+ /*
+ * Invalidate all stage-1 and 2 TLB entries for the current VMID
+ * ERET will ensure completion of these ops
+ */
+ arm_write_sysreg(TLBIALL, 1);
+
+ return 0;
+}
diff --git a/hypervisor/arch/arm/setup.c b/hypervisor/arch/arm/setup.c
index f895b16..881e196 100644
--- a/hypervisor/arch/arm/setup.c
+++ b/hypervisor/arch/arm/setup.c
@@ -10,22 +10,33 @@
* the COPYING file in the top-level directory.
*/

+#include <asm/control.h>
#include <asm/percpu.h>
#include <asm/platform.h>
#include <asm/setup.h>
#include <asm/sysregs.h>
+#include <jailhouse/control.h>
#include <jailhouse/entry.h>
#include <jailhouse/paging.h>
#include <jailhouse/string.h>

int arch_init_early(void)
{
- return arch_map_device(UART_BASE_PHYS, UART_BASE_VIRT, PAGE_SIZE);
+ int err = 0;
+
+ err = arch_mmu_cell_init(&root_cell);
+ if (err)
+ return err;
+
+ err = arch_map_device(UART_BASE_PHYS, UART_BASE_VIRT, PAGE_SIZE);
+
+ return err;
}

int arch_cpu_init(struct per_cpu *cpu_data)
{
int err = 0;
+ unsigned long hcr = HCR_VM_BIT;

/*
* Copy the registers to restore from the linux stack here, because we
@@ -35,6 +46,8 @@ int arch_cpu_init(struct per_cpu *cpu_data)
* sizeof(unsigned long));

err = switch_exception_level(cpu_data);
+ if (err)
+ return err;

/*
* Save pointer in the thread local storage
@@ -43,6 +56,11 @@ int arch_cpu_init(struct per_cpu *cpu_data)
*/
arm_write_sysreg(TPIDR_EL2, cpu_data);

+ /* Setup guest traps */
+ arm_write_sysreg(HCR, hcr);
+
+ err = arch_mmu_cpu_cell_init(cpu_data);
+
return err;
}

@@ -75,18 +93,9 @@ void arch_park_cpu(unsigned int cpu_id) {}
void arch_shutdown_cpu(unsigned int cpu_id) {}
int arch_cell_create(struct per_cpu *cpu_data, struct cell *new_cell)
{ return -ENOSYS; }
-int arch_map_memory_region(struct cell *cell,
- const struct jailhouse_memory *mem)
-{ return -ENOSYS; }
-int arch_unmap_memory_region(struct cell *cell,
- const struct jailhouse_memory *mem)
-{ return -ENOSYS; }
void arch_cell_destroy(struct per_cpu *cpu_data, struct cell *new_cell) {}
void arch_config_commit(struct per_cpu *cpu_data,
struct cell *cell_added_removed) {}
void arch_shutdown(void) {}
-unsigned long arch_page_map_gphys2phys(struct per_cpu *cpu_data,
- unsigned long gphys)
-{ return INVALID_PHYS_ADDR; }
void arch_panic_stop(struct per_cpu *cpu_data) {__builtin_unreachable();}
void arch_panic_halt(struct per_cpu *cpu_data) {}

To avoid using inline asm directly in the setup and control code, to
provide clear names for system registers, and to allow easier
refactoring for a future arm64 port, this patch introduces some useful
macros for accessing the core system registers.

For a 64bit port, a couple of wrappers would still need to be added to
modify system registers that are of different sizes on the two
architectures (e.g. HCR)

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/include/asm/sysregs.h | 68 +++++++++++++++++++++++++++++
1 file changed, 68 insertions(+)
create mode 100644 hypervisor/arch/arm/include/asm/sysregs.h

diff --git a/hypervisor/arch/arm/include/asm/sysregs.h b/hypervisor/arch/arm/include/asm/sysregs.h
new file mode 100644
index 0000000..8be5ce1
--- /dev/null
+++ b/hypervisor/arch/arm/include/asm/sysregs.h
@@ -0,0 +1,68 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#ifndef _JAILHOUSE_ASM_SYSREGS_H
+#define _JAILHOUSE_ASM_SYSREGS_H
+
+/*
+ * Along with some system register names, this header defines the following
+ * macros for accessing cp15 registers.
+ *
+ * C-side:
+ * - arm_write_sysreg(SYSREG_NAME, var)
+ * - arm_read_sysreg(SYSREG_NAME, var)
+ * asm-side:
+ * - arm_write_sysreg(SYSREG_NAME, reg)
+ * - arm_read_sysreg(SYSREG_NAME, reg)
+ */
+
+
+#define SYSREG_32(...) 32, __VA_ARGS__
+#define SYSREG_64(...) 64, __VA_ARGS__
+
+#define _arm_write_sysreg(size, ...) arm_write_sysreg_ ## size(__VA_ARGS__)
+#define arm_write_sysreg(...) _arm_write_sysreg(__VA_ARGS__)
+
+#define _arm_read_sysreg(size, ...) arm_read_sysreg_ ## size(__VA_ARGS__)
+#define arm_read_sysreg(...) _arm_read_sysreg(__VA_ARGS__)
+
+#ifndef __ASSEMBLY__
+
+#define arm_write_sysreg_32(op1, crn, crm, op2, val) \
+ asm volatile ("mcr p15, "#op1", %0, "#crn", "#crm", "#op2"\n" \
+ : : "r"((u32)(val)))
+#define arm_write_sysreg_64(op1, crm, val) \
+ asm volatile ("mcrr p15, "#op1", %Q0, %R0, "#crm"\n" \
+ : : "r"((u64)(val)))
+
+#define arm_read_sysreg_32(op1, crn, crm, op2, val) \
+ asm volatile ("mrc p15, "#op1", %0, "#crn", "#crm", "#op2"\n" \
+ : "=r"((u32)(val)))
+#define arm_read_sysreg_64(op1, crm, val) \
+ asm volatile ("mrrc p15, "#op1", %Q0, %R0, "#crm"\n" \
+ : "=r"((u64)(val)))
+
+#else /* __ASSEMBLY__ */
+
+#define arm_write_sysreg_32(op1, crn, crm, op2, reg) \
+ mcr p15, op1, reg, crn, crm, op2
+#define arm_write_sysreg_64(op1, crm, reg1, reg2) \
+ mcrr p15, op1, reg1, reg2, crm
+
+#define arm_read_sysreg_32(op1, crn, crm, op2, reg) \
+ mrc p15, op1, reg, crn, crm, op2
+#define arm_read_sysreg_64(op1, crm, reg1, reg2) \
+ mrrc p15, op1, reg1, reg2, crm
+
+#endif /* __ASSEMBLY__ */
+
+#endif

Instead of attempting to reinvent the wheel, this patch copies the
ticket spinlock implementation from Linux, that will allow for optimal
locking between heterogeneous cores.
It contains a few subtleties, such as a preload instruction that ensures
that the cache line is immediately loaded in exclusive state.

Big endian is not supported for the moment, but as soon as we have a
macro that declares the use of this mode, the change will be trivial
here.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/include/asm/spinlock.h | 61 ++++++++++++++++++++++++----
1 file changed, 54 insertions(+), 7 deletions(-)

diff --git a/hypervisor/arch/arm/include/asm/spinlock.h b/hypervisor/arch/arm/include/asm/spinlock.h
index d5cb68c..5e32a59 100644
--- a/hypervisor/arch/arm/include/asm/spinlock.h
+++ b/hypervisor/arch/arm/include/asm/spinlock.h
@@ -8,25 +8,72 @@
*
* This work is licensed under the terms of the GNU GPL, version 2. See
* the COPYING file in the top-level directory.
+ *
+ * Copied from arch/arm/include/asm/spinlock.h in Linux
*/
+#ifndef _JAILHOUSE_ASM_SPINLOCK_H
+#define _JAILHOUSE_ASM_SPINLOCK_H

#include <asm/bitops.h>
#include <asm/processor.h>

-typedef struct {
- unsigned long state;
-} spinlock_t;
+#ifndef __ASSEMBLY__

#define DEFINE_SPINLOCK(name) spinlock_t (name)
+#define TICKET_SHIFT 16
+
+typedef struct {
+ union {
+ u32 slock;
+ struct __raw_tickets {
+ u16 owner;
+ u16 next;
+ } tickets;
+ };
+} spinlock_t;

static inline void spin_lock(spinlock_t *lock)
{
-// while (test_and_set_bit(0, &lock->state))
-// cpu_relax();
+ unsigned long tmp;
+ u32 newval;
+ spinlock_t lockval;
+
+ /* Take the lock by updating the high part atomically */
+ asm volatile (
+" .arch_extension mp\n"
+" pldw [%3]\n"
+"1: ldrex %0, [%3]\n"
+" add %1, %0, %4\n"
+" strex %2, %1, [%3]\n"
+" teq %2, #0\n"
+" bne 1b"
+ : "=&r" (lockval), "=&r" (newval), "=&r" (tmp)
+ : "r" (&lock->slock), "I" (1 << TICKET_SHIFT)
+ : "cc");
+
+ while (lockval.tickets.next != lockval.tickets.owner)
+ asm volatile (
+ "wfe\n"
+ "ldrh %0, [%1]\n"
+ : "=r" (lockval.tickets.owner)
+ : "r" (&lock->tickets.owner));
+
+ /* Ensure we have the lock before doing any more memory ops */
+ dmb(ish);
}

static inline void spin_unlock(spinlock_t *lock)
{
-// asm volatile("": : :"memory");
-// clear_bit(0, &lock->state);
+ /* Ensure all memory ops are finished before releasing the lock */
+ dmb(ish);
+
+ /* No need for an exclusive, since only one CPU can unlock at a time. */
+ lock->tickets.owner++;
+
+ /* Ensure the spinlock is updated before notifying other CPUs */
+ dsb(ishst);
+ sev();
}
+
+#endif /* !__ASSEMBLY__ */
+#endif /* !_JAILHOUSE_ASM_SPINLOCK_H */

The EL2 installation is done in two times:
- First, an HVC is issued to jump into the kernel stub and install the
bootstrap vectors.
- Then, a second HVC allows the setup code to switch to physical address
space.
Execution continues at EL2. Once the whole initialisation is done, the
final vectors are installed, and arch_cpu_activate_vmm will do an ERET
to jump back to the kernel, which is now a guest.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/Makefile | 3 +-
hypervisor/arch/arm/entry.S | 21 ++++++++++
hypervisor/arch/arm/exception.S | 26 ++++++++++++
hypervisor/arch/arm/include/asm/percpu.h | 3 +-
hypervisor/arch/arm/include/asm/processor.h | 17 ++++++++
hypervisor/arch/arm/include/asm/setup.h | 56 ++++++++++++++++++++++++++
hypervisor/arch/arm/include/asm/setup_mmu.h | 58 +++++++++++++++++++++++++++
hypervisor/arch/arm/include/asm/sysregs.h | 3 ++
hypervisor/arch/arm/mmu_hyp.c | 44 ++++++++++++++++++++
hypervisor/arch/arm/setup.c | 28 ++++++++++++-
10 files changed, 254 insertions(+), 5 deletions(-)
create mode 100644 hypervisor/arch/arm/exception.S
create mode 100644 hypervisor/arch/arm/include/asm/setup.h
create mode 100644 hypervisor/arch/arm/include/asm/setup_mmu.h
create mode 100644 hypervisor/arch/arm/mmu_hyp.c

diff --git a/hypervisor/arch/arm/Makefile b/hypervisor/arch/arm/Makefile
index bb9203c..41e3394 100644
--- a/hypervisor/arch/arm/Makefile
+++ b/hypervisor/arch/arm/Makefile
@@ -14,7 +14,8 @@ KBUILD_AFLAGS := $(filter-out -include asm/unified.h,$(KBUILD_AFLAGS))

always := built-in.o

-obj-y := entry.o dbg-write.o setup.o lib.o
+obj-y := entry.o dbg-write.o exception.o setup.o lib.o
+obj-y += mmu_hyp.o
obj-$(CONFIG_ARCH_VEXPRESS) += dbg-write-pl011.o

# Needed for kconfig
diff --git a/hypervisor/arch/arm/entry.S b/hypervisor/arch/arm/entry.S
index a910f13..2dd1a9a 100644
--- a/hypervisor/arch/arm/entry.S
+++ b/hypervisor/arch/arm/entry.S
@@ -40,3 +40,24 @@ arch_entry:
add sp, #PERCPU_STACK_END
/* Call entry(cpuid, struct per_cpu*) */
b entry
+
+ .globl bootstrap_vectors
+ .align 5
+bootstrap_vectors:
+ b .
+ b .
+ b .
+ b .
+ b .
+ b setup_el2
+ b .
+ b .
+
+setup_el2:
+ /*
+ * Load the physical values of lr and sp, and continue execution at EL2.
+ */
+ mov lr, r0
+ mov sp, r1
+
+ bx lr
diff --git a/hypervisor/arch/arm/exception.S b/hypervisor/arch/arm/exception.S
new file mode 100644
index 0000000..8c483aa
--- /dev/null
+++ b/hypervisor/arch/arm/exception.S
@@ -0,0 +1,26 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#include <asm/head.h>
+
+ .text
+ .globl hyp_vectors
+ .align 5
+hyp_vectors:
+ b .
+ b .
+ b .
+ b .
+ b .
+ b .
+ b .
+ b .
diff --git a/hypervisor/arch/arm/include/asm/percpu.h b/hypervisor/arch/arm/include/asm/percpu.h
index 1121ee8..b361116 100644
--- a/hypervisor/arch/arm/include/asm/percpu.h
+++ b/hypervisor/arch/arm/include/asm/percpu.h
@@ -33,6 +33,7 @@ struct per_cpu {
unsigned long linux_sp;
unsigned long linux_ret;
unsigned long linux_flags;
+ unsigned long linux_reg[NUM_ENTRY_REGS];

unsigned int cpu_id;
// u32 apic_id;
@@ -40,8 +41,6 @@ struct per_cpu {

u32 stats[JAILHOUSE_NUM_CPU_STATS];

- unsigned long linux_reg[NUM_ENTRY_REGS];
-// unsigned long linux_ip;
bool initialized;

volatile bool stop_cpu;
diff --git a/hypervisor/arch/arm/include/asm/processor.h b/hypervisor/arch/arm/include/asm/processor.h
index 25bab65..61ff3f2 100644
--- a/hypervisor/arch/arm/include/asm/processor.h
+++ b/hypervisor/arch/arm/include/asm/processor.h
@@ -13,6 +13,23 @@
#ifndef _JAILHOUSE_ASM_PROCESSOR_H
#define _JAILHOUSE_ASM_PROCESSOR_H

+#define PSR_MODE_MASK 0xf
+#define PSR_USR_MODE 0x0
+#define PSR_FIQ_MODE 0x1
+#define PSR_IRQ_MODE 0x2
+#define PSR_SVC_MODE 0x3
+#define PSR_MON_MODE 0x6
+#define PSR_ABT_MODE 0x7
+#define PSR_HYP_MODE 0xa
+#define PSR_UND_MODE 0xb
+#define PSR_SYS_MODE 0xf
+
+#define PSR_32_BIT (1 << 4)
+#define PSR_T_BIT (1 << 5)
+#define PSR_F_BIT (1 << 6)
+#define PSR_I_BIT (1 << 7)
+#define PSR_A_BIT (1 << 8)
+
#define MPIDR_CPUID_MASK 0x00ffffff

#ifndef __ASSEMBLY__
diff --git a/hypervisor/arch/arm/include/asm/setup.h b/hypervisor/arch/arm/include/asm/setup.h
new file mode 100644
index 0000000..e73214c
--- /dev/null
+++ b/hypervisor/arch/arm/include/asm/setup.h
@@ -0,0 +1,56 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#ifndef _JAILHOUSE_ASM_SETUP_H
+#define _JAILHOUSE_ASM_SETUP_H
+
+#include <asm/head.h>
+#include <asm/percpu.h>
+
+#ifndef __ASSEMBLY__
+
+static inline void __attribute__((always_inline))
+cpu_return_el1(struct per_cpu *cpu_data)
+{
+ /* Return value */
+ cpu_data->linux_reg[0] = 0;
+
+ asm volatile(
+ /* Reset the hypervisor stack */
+ "mov sp, %4\n"
+
+ "msr sp_svc, %0\n"
+ "msr elr_hyp, %1\n"
+ "msr spsr_hyp, %2\n"
+ /*
+ * We don't care about clobbering the other registers from now on. Must
+ * be in sync with arch_entry.
+ */
+ "ldm %3, {r0 - r12}\n"
+ /* After this, the kernel won't be able to access the hypervisor code */
+ "eret\n"
+ :
+ : "r" (cpu_data->linux_sp + (NUM_ENTRY_REGS * sizeof(unsigned long))),
+ "r" (cpu_data->linux_ret),
+ "r" (cpu_data->linux_flags),
+ "r" (cpu_data->linux_reg),
+ "r" (cpu_data->stack + PERCPU_STACK_END)
+ :);
+}
+
+int switch_exception_level(struct per_cpu *cpu_data);
+inline int arch_map_device(unsigned long paddr, unsigned long vaddr,
+ unsigned long size);
+inline int arch_unmap_device(unsigned long addr, unsigned long size);
+
+#endif /* !__ASSEMBLY__ */
+#endif /* !_JAILHOUSE_ASM_SETUP_H */
diff --git a/hypervisor/arch/arm/include/asm/setup_mmu.h b/hypervisor/arch/arm/include/asm/setup_mmu.h
new file mode 100644
index 0000000..758f516
--- /dev/null
+++ b/hypervisor/arch/arm/include/asm/setup_mmu.h
@@ -0,0 +1,58 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#ifndef _JAILHOUSE_ASM_SETUP_MMU_H
+#define _JAILHOUSE_ASM_SETUP_MMU_H
+
+#include <asm/head.h>
+#include <asm/percpu.h>
+
+#ifndef __ASSEMBLY__
+
+/* Procedures used to translate addresses during the MMU setup process */
+typedef void* (*phys2virt_t)(unsigned long);
+typedef unsigned long (*virt2phys_t)(volatile const void *);
+
+static void __attribute__((naked)) __attribute__((noinline))
+cpu_switch_el2(unsigned long phys_bootstrap, virt2phys_t virt2phys)
+{
+ asm volatile(
+ /*
+ * The linux hyp stub allows to install the vectors with a single hvc.
+ * The vector base address is in r0 (phys_bootstrap).
+ */
+ "hvc #0\n"
+
+ /*
+ * Now that the bootstrap vectors are installed, call setup_el2 with
+ * the translated physical values of lr and sp as arguments
+ */
+ "mov r0, sp\n"
+ "push {lr}\n"
+ "blx %0\n"
+ "pop {lr}\n"
+ "push {r0}\n"
+ "mov r0, lr\n"
+ "blx %0\n"
+ "pop {r1}\n"
+ "hvc #0\n"
+ :
+ : "r" (virt2phys)
+ /*
+ * The call to virt2phys may clobber all temp registers. This list
+ * ensures that the compiler uses a decent register for hvirt2phys.
+ */
+ : "cc", "memory", "r0", "r1", "r2", "r3");
+}
+
+#endif /* !__ASSEMBLY__ */
+#endif /* _JAILHOUSE_ASM_SETUP_MMU_H */
diff --git a/hypervisor/arch/arm/include/asm/sysregs.h b/hypervisor/arch/arm/include/asm/sysregs.h
index b5dddcf..b27375f 100644
--- a/hypervisor/arch/arm/include/asm/sysregs.h
+++ b/hypervisor/arch/arm/include/asm/sysregs.h
@@ -30,6 +30,9 @@
* (Use the AArch64 names to ease the compatibility work)
*/
#define MPIDR_EL1 SYSREG_32(0, c0, c0, 5)
+#define TPIDR_EL2 SYSREG_32(4, c13, c0, 2)
+
+#define HVBAR SYSREG_32(4, c12, c0, 0)

#define SYSREG_32(...) 32, __VA_ARGS__
#define SYSREG_64(...) 64, __VA_ARGS__
diff --git a/hypervisor/arch/arm/mmu_hyp.c b/hypervisor/arch/arm/mmu_hyp.c
new file mode 100644
index 0000000..c756576
--- /dev/null
+++ b/hypervisor/arch/arm/mmu_hyp.c
@@ -0,0 +1,44 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#include <asm/setup.h>
+#include <asm/setup_mmu.h>
+#include <asm/sysregs.h>
+#include <jailhouse/paging.h>
+
+/*
+ * Jumping to EL2 in the same C code represents an interesting challenge, since
+ * it will switch from virtual addresses to physical ones, and then back to
+ * virtual after setting up the EL2 MMU.
+ */
+int switch_exception_level(struct per_cpu *cpu_data)
+{
+ extern unsigned long bootstrap_vectors;
+ extern unsigned long hyp_vectors;
+
+ /* Save the virtual address of the phys2virt function for later */
+ phys2virt_t phys2virt = page_map_phys2hvirt;
+ virt2phys_t virt2phys = page_map_hvirt2phys;
+ unsigned long phys_bootstrap = virt2phys(&bootstrap_vectors);
+
+ cpu_switch_el2(phys_bootstrap, virt2phys);
+ /*
+ * At this point, we are at EL2, and we work with physical addresses.
+ * The MMU needs to be initialised and execution must go back to virtual
+ * addresses before returning, or else we are pretty much doomed.
+ */
+
+ /* Set the new vectors once we're back to a sane, virtual state */
+ arm_write_sysreg(HVBAR, &hyp_vectors);
+
+ return 0;
+}
diff --git a/hypervisor/arch/arm/setup.c b/hypervisor/arch/arm/setup.c
index 99dc79c..599ad39 100644
--- a/hypervisor/arch/arm/setup.c
+++ b/hypervisor/arch/arm/setup.c
@@ -10,7 +10,11 @@
* the COPYING file in the top-level directory.
*/

+#include <asm/setup.h>
+#include <asm/sysregs.h>
#include <jailhouse/entry.h>
+#include <jailhouse/paging.h>
+#include <jailhouse/string.h>

int arch_init_early(void)
{
@@ -19,7 +23,25 @@ int arch_init_early(void)

int arch_cpu_init(struct per_cpu *cpu_data)
{
- return -ENOSYS;
+ int err = 0;
+
+ /*
+ * Copy the registers to restore from the linux stack here, because we
+ * won't be able to access it later
+ */
+ memcpy(&cpu_data->linux_reg, (void *)cpu_data->linux_sp, NUM_ENTRY_REGS
+ * sizeof(unsigned long));
+
+ err = switch_exception_level(cpu_data);
+
+ /*
+ * Save pointer in the thread local storage
+ * Must be done early in order to handle aborts and errors in the setup
+ * code.
+ */
+ arm_write_sysreg(TPIDR_EL2, cpu_data);
+
+ return err;
}

int arch_init_late(void)
@@ -29,6 +51,9 @@ int arch_init_late(void)

void arch_cpu_activate_vmm(struct per_cpu *cpu_data)
{
+ /* Return to the kernel */
+ cpu_return_el1(cpu_data);
+
while (1);
}

@@ -41,7 +66,6 @@ void arch_cpu_restore(struct per_cpu *cpu_data)
#include <jailhouse/processor.h>
#include <jailhouse/control.h>
#include <jailhouse/string.h>
-#include <jailhouse/paging.h>
void arch_suspend_cpu(unsigned int cpu_id) {}
void arch_resume_cpu(unsigned int cpu_id) {}
void arch_reset_cpu(unsigned int cpu_id) {}

Verify that virtualization is actually supported before going any further
in the initialisation process.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/include/asm/processor.h | 2 ++
hypervisor/arch/arm/include/asm/sysregs.h | 2 ++
hypervisor/arch/arm/setup.c | 14 ++++++++++++++
3 files changed, 18 insertions(+)

diff --git a/hypervisor/arch/arm/include/asm/processor.h b/hypervisor/arch/arm/include/asm/processor.h
index 85ff33e..7835fc4 100644
--- a/hypervisor/arch/arm/include/asm/processor.h
+++ b/hypervisor/arch/arm/include/asm/processor.h
@@ -34,6 +34,8 @@

#define MPIDR_CPUID_MASK 0x00ffffff

+#define PFR1_VIRT(pfr) ((pfr) >> 12 & 0xf)
+
#define SCTLR_M_BIT (1 << 0)
#define SCTLR_A_BIT (1 << 1)
#define SCTLR_C_BIT (1 << 2)
diff --git a/hypervisor/arch/arm/include/asm/sysregs.h b/hypervisor/arch/arm/include/asm/sysregs.h
index ea7bc7a..1679734 100644
--- a/hypervisor/arch/arm/include/asm/sysregs.h
+++ b/hypervisor/arch/arm/include/asm/sysregs.h
@@ -30,6 +30,8 @@
* (Use the AArch64 names to ease the compatibility work)
*/
#define MPIDR_EL1 SYSREG_32(0, c0, c0, 5)
+#define ID_PFR0_EL1 SYSREG_32(0, c0, c1, 0)
+#define ID_PFR1_EL1 SYSREG_32(0, c0, c1, 1)
#define SCTLR_EL2 SYSREG_32(4, c1, c0, 0)
#define TPIDR_EL2 SYSREG_32(4, c13, c0, 2)
#define TTBR0_EL2 SYSREG_64(4, c2)
diff --git a/hypervisor/arch/arm/setup.c b/hypervisor/arch/arm/setup.c
index 881e196..08761d3 100644
--- a/hypervisor/arch/arm/setup.c
+++ b/hypervisor/arch/arm/setup.c
@@ -20,10 +20,24 @@
#include <jailhouse/paging.h>
#include <jailhouse/string.h>

+static int arch_check_features(void)
+{
+ u32 pfr1;
+ arm_read_sysreg(ID_PFR1_EL1, pfr1);
+
+ if (!PFR1_VIRT(pfr1))
+ return -ENODEV;
+
+ return 0;
+}
+
int arch_init_early(void)
{
int err = 0;

+ if ((err = arch_check_features()) != 0)
+ return err;
+
err = arch_mmu_cell_init(&root_cell);
if (err)
return err;

This patch introduces a pending_irq structure to provide a level of
abstraction, in order to store the interrupts waiting to be injected in
the cell. They are allocated as a static array of 256 IRQs for each CPU,
which should be more than enough. Insertion finds the first available slot
and builds a linked list of pending vIRQs.

Two cases justify the need for this structure:
- The GIC has a limited number of list registers for injecting virtual
interrupts. Once they are full, software must store the pending ones
itself, and use the GIC's maintenance IRQ to be informed when they are
available again.
In jailhouse, this case should be very rare since IRQs are directly
injected, but it must be taken into account nonetheless.
- IPIs sent by a core need to be stored somewhere to let the other CPUs
inject them into their own list registers.

The GIC backend will need to call irqchip_inject_pending when receiving
a maintenance IRQ or a synchronisation SGI in order to clean the list.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/gic-v3.c | 6 ++
hypervisor/arch/arm/include/asm/irqchip.h | 34 ++++++++
hypervisor/arch/arm/include/asm/percpu.h | 8 ++
hypervisor/arch/arm/irqchip.c | 126 +++++++++++++++++++++++++++++
4 files changed, 174 insertions(+)

diff --git a/hypervisor/arch/arm/gic-v3.c b/hypervisor/arch/arm/gic-v3.c
index b8ffaa8..b0c5dac 100644
--- a/hypervisor/arch/arm/gic-v3.c
+++ b/hypervisor/arch/arm/gic-v3.c
@@ -151,9 +151,15 @@ static void gic_handle_irq(struct per_cpu *cpu_data)
{
}

+static int gic_inject_irq(struct per_cpu *cpu_data, struct pending_irq *irq)
+{
+ return 0;
+}
+
struct irqchip_ops gic_irqchip = {
.init = gic_init,
.cpu_init = gic_cpu_init,
.send_sgi = gic_send_sgi,
.handle_irq = gic_handle_irq,
+ .inject_irq = gic_inject_irq,
};
diff --git a/hypervisor/arch/arm/include/asm/irqchip.h b/hypervisor/arch/arm/include/asm/irqchip.h
index 0ef5fe0..3fa37fd 100644
--- a/hypervisor/arch/arm/include/asm/irqchip.h
+++ b/hypervisor/arch/arm/include/asm/irqchip.h
@@ -13,6 +13,14 @@
#ifndef _JAILHOUSE_ASM_IRQCHIP_H
#define _JAILHOUSE_ASM_IRQCHIP_H

+/*
+ * Since there is no finer-grained allocation than page-alloc for the moment,
+ * and it is very complicated to predict the total size needed at
+ * initialisation, each cpu is allocated one page of pending irqs.
+ * This allows for 256 pending IRQs, which should be sufficient.
+ */
+#define MAX_PENDING_IRQS (PAGE_SIZE / sizeof(struct pending_irq))
+
#include <asm/percpu.h>

#ifndef __ASSEMBLY__
@@ -40,13 +48,39 @@ struct irqchip_ops {

int (*send_sgi)(struct sgi *sgi);
void (*handle_irq)(struct per_cpu *cpu_data);
+ int (*inject_irq)(struct per_cpu *cpu_data, struct pending_irq *irq);
};

+/* Virtual interrupts waiting to be injected */
+struct pending_irq {
+ u32 virt_id;
+
+ u8 priority;
+ u8 hw;
+ union {
+ /* Physical id, when hw is 1 */
+ u16 irq;
+ struct {
+ /* GICv2 needs cpuid for SGIs */
+ u16 cpuid : 15;
+ /* EOI generates a maintenance irq */
+ u16 maintenance : 1;
+ } sgi __attribute__((packed));
+ } type;
+
+ struct pending_irq *next;
+ struct pending_irq *prev;
+} __attribute__((packed));
+
int irqchip_init(void);
int irqchip_cpu_init(struct per_cpu *cpu_data);

int irqchip_send_sgi(struct sgi *sgi);
void irqchip_handle_irq(struct per_cpu *cpu_data);

+int irqchip_inject_pending(struct per_cpu *cpu_data);
+int irqchip_insert_pending(struct per_cpu *cpu_data, struct pending_irq *irq);
+int irqchip_remove_pending(struct per_cpu *cpu_data, struct pending_irq *irq);
+
#endif /* __ASSEMBLY__ */
#endif /* _JAILHOUSE_ASM_IRQCHIP_H */
diff --git a/hypervisor/arch/arm/include/asm/percpu.h b/hypervisor/arch/arm/include/asm/percpu.h
index e224254..16750c0 100644
--- a/hypervisor/arch/arm/include/asm/percpu.h
+++ b/hypervisor/arch/arm/include/asm/percpu.h
@@ -26,6 +26,9 @@
#ifndef __ASSEMBLY__

#include <asm/cell.h>
+#include <asm/spinlock.h>
+
+struct pending_irq;

struct per_cpu {
/* Keep these two in sync with defines above! */
@@ -36,6 +39,11 @@ struct per_cpu {
unsigned long linux_reg[NUM_ENTRY_REGS];

unsigned int cpu_id;
+
+ /* Other CPUs can insert sgis into the pending array */
+ spinlock_t gic_lock;
+ struct pending_irq *pending_irqs;
+ struct pending_irq *first_pending;
/* Only GICv3: redistributor base */
void *gicr_base;

diff --git a/hypervisor/arch/arm/irqchip.c b/hypervisor/arch/arm/irqchip.c
index 8fb4415..75acdd7 100644
--- a/hypervisor/arch/arm/irqchip.c
+++ b/hypervisor/arch/arm/irqchip.c
@@ -31,6 +31,126 @@ unsigned long gicd_size;
static bool irqchip_is_init;
static struct irqchip_ops irqchip;

+static int irqchip_init_pending(struct per_cpu *cpu_data)
+{
+ struct pending_irq *pend_array = page_alloc(&mem_pool, 1);
+
+ if (pend_array == NULL)
+ return -ENOMEM;
+ memset(pend_array, 0, PAGE_SIZE);
+
+ cpu_data->pending_irqs = pend_array;
+ cpu_data->first_pending = NULL;
+
+ return 0;
+}
+
+/*
+ * Find the first available pending struct for insertion. The `prev' pointer is
+ * set to the previous pending interrupt, if any, to help inserting the new one
+ * into the list.
+ * Returns NULL when no slot is available
+ */
+static struct pending_irq* get_pending_slot(struct per_cpu *cpu_data,
+ struct pending_irq **prev)
+{
+ u32 i, pending_idx;
+ struct pending_irq *pending = cpu_data->first_pending;
+
+ *prev = NULL;
+
+ for (i = 0; i < MAX_PENDING_IRQS; i++) {
+ pending_idx = pending - cpu_data->pending_irqs;
+ if (pending == NULL || i < pending_idx)
+ return cpu_data->pending_irqs + i;
+
+ *prev = pending;
+ pending = pending->next;
+ }
+
+ return NULL;
+}
+
+int irqchip_insert_pending(struct per_cpu *cpu_data, struct pending_irq *irq)
+{
+ struct pending_irq *prev = NULL;
+ struct pending_irq *slot;
+
+ spin_lock(&cpu_data->gic_lock);
+
+ slot = get_pending_slot(cpu_data, &prev);
+ if (slot == NULL) {
+ spin_unlock(&cpu_data->gic_lock);
+ return -ENOMEM;
+ }
+
+ /*
+ * Don't override the pointers yet, they may be read by the injection
+ * loop. Odds are astronomically low, but hey.
+ */
+ memcpy(slot, irq, sizeof(struct pending_irq) - 2 * sizeof(void *));
+ slot->prev = prev;
+ if (prev) {
+ slot->next = prev->next;
+ prev->next = slot;
+ } else {
+ slot->next = cpu_data->first_pending;
+ cpu_data->first_pending = slot;
+ }
+ if (slot->next)
+ slot->next->prev = slot;
+
+ spin_unlock(&cpu_data->gic_lock);
+
+ return 0;
+}
+
+/*
+ * Only executed by `irqchip_inject_pending' on a CPU to inject its own stuff.
+ */
+int irqchip_remove_pending(struct per_cpu *cpu_data, struct pending_irq *irq)
+{
+ spin_lock(&cpu_data->gic_lock);
+
+ if (cpu_data->first_pending == irq)
+ cpu_data->first_pending = irq->next;
+ if (irq->prev)
+ irq->prev->next = irq->next;
+ if (irq->next)
+ irq->next->prev = irq->prev;
+
+ spin_unlock(&cpu_data->gic_lock);
+
+ return 0;
+}
+
+int irqchip_inject_pending(struct per_cpu *cpu_data)
+{
+ int err;
+ struct pending_irq *pending = cpu_data->first_pending;
+
+ while (pending != NULL) {
+ err = irqchip.inject_irq(cpu_data, pending);
+ if (err == -EBUSY)
+ /* The list registers are full. */
+ break;
+ else
+ /*
+ * Removal only changes the pointers, but does not
+ * deallocate anything.
+ * Concurrent accesses are avoided with the spinlock,
+ * but the `next' pointer of the current pending object
+ * may be rewritten by an external insert before or
+ * after this removal, which isn't an issue.
+ */
+ irqchip_remove_pending(cpu_data, pending);
+
+ pending = pending->next;
+ }
+
+ return 0;
+}
+
void irqchip_handle_irq(struct per_cpu *cpu_data)
{
irqchip.handle_irq(cpu_data);
@@ -43,6 +163,12 @@ int irqchip_send_sgi(struct sgi *sgi)

int irqchip_cpu_init(struct per_cpu *cpu_data)
{
+ int err;
+
+ err = irqchip_init_pending(cpu_data);
+ if (err)
+ return err;
+
if (irqchip.cpu_init)
return irqchip.cpu_init(cpu_data);

Each CPU saves its general-purpose registers on the stack, switches to
the hypervisor stack and saves the return context in the per-cpu datas.
After that, it jumps to the core entry which will do the necessary
initialisation to setup EL2.

Clusters are not supported yet: they will require the entry code to
fetch the total number of possible CPUs from the header, in order to
deduce an efficient base address for the per-cpu datas.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/entry.S | 27 +++++++++++++++++++++------
hypervisor/arch/arm/include/asm/percpu.h | 4 +++-
2 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/hypervisor/arch/arm/entry.S b/hypervisor/arch/arm/entry.S
index 25325a0..a910f13 100644
--- a/hypervisor/arch/arm/entry.S
+++ b/hypervisor/arch/arm/entry.S
@@ -17,11 +17,26 @@
.text
.globl arch_entry
arch_entry:
- mvn %r0,#~-38
- bx %lr
+ /* r0: cpuid */
+ push {r0 - r12}

+ ldr r1, =__page_pool
+ mov r2, #1
+ lsl r2, #PERCPU_SIZE_SHIFT
+ /*
+ * percpu data = pool + cpuid * shift
+ * TODO: handle aff1 and aff2
+ */
+ mla r1, r2, r0, r1
+ add r2, r1, #PERCPU_LINUX_SP

-/* Fix up Global Offset Table with absolute hypervisor address */
- .globl got_init
-got_init:
- bx %lr
+ /* Save SP, LR, CPSR */
+ str sp, [r2], #4
+ str lr, [r2], #4
+ mrs r3, cpsr
+ str r3, [r2]
+
+ mov sp, r1
+ add sp, #PERCPU_STACK_END
+ /* Call entry(cpuid, struct per_cpu*) */
+ b entry
diff --git a/hypervisor/arch/arm/include/asm/percpu.h b/hypervisor/arch/arm/include/asm/percpu.h
index c8aaf09..1121ee8 100644
--- a/hypervisor/arch/arm/include/asm/percpu.h
+++ b/hypervisor/arch/arm/include/asm/percpu.h
@@ -16,7 +16,7 @@
#include <asm/types.h>
#include <asm/paging.h>

-#define NUM_ENTRY_REGS 6
+#define NUM_ENTRY_REGS 13

/* Keep in sync with struct per_cpu! */
#define PERCPU_SIZE_SHIFT 13
@@ -31,6 +31,8 @@ struct per_cpu {
/* Keep these two in sync with defines above! */
u8 stack[PAGE_SIZE];
unsigned long linux_sp;
+ unsigned long linux_ret;
+ unsigned long linux_flags;

unsigned int cpu_id;
// u32 apic_id;

Linux's arch/arm/include/io.h uses inline asm to make sure that the
compiler doesn't generate any register write-back, which are extremely
difficult to emulate.
It shouldn't be a requirement in Jailhouse, since arm doesn't currently
support nested hypervisors.
The `volatile' attribute should thus be sufficient to ensure that the
compiler doesn't optimize these away.

This patch still separates the IO accessors from the core, to facilitate
a possible replacement with inline assembly.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/include/asm/io.h | 63 ++++++++++++++++++++++++++++++++++
1 file changed, 63 insertions(+)
create mode 100644 hypervisor/arch/arm/include/asm/io.h

diff --git a/hypervisor/arch/arm/include/asm/io.h b/hypervisor/arch/arm/include/asm/io.h
new file mode 100644
index 0000000..10705f5
--- /dev/null
+++ b/hypervisor/arch/arm/include/asm/io.h
@@ -0,0 +1,63 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#ifndef _JAILHOUSE_ASM_IO_H
+#define _JAILHOUSE_ASM_IO_H
+
+#include <asm/types.h>
+
+#ifndef __ASSEMBLY__
+
+static inline void writeb_relaxed(u8 val, volatile void *addr)
+{
+ *(volatile u8 *)addr = val;
+}
+
+static inline void writew_relaxed(u16 val, volatile void *addr)
+{
+ *(volatile u16 *)addr = val;
+}
+
+static inline void writel_relaxed(u32 val, volatile void *addr)
+{
+ *(volatile u32 *)addr = val;
+}
+
+static inline void writeq_relaxed(u64 val, volatile void *addr)
+{
+ /* Warning: no guarantee of atomicity */
+ *(volatile u64 *)addr = val;
+}
+
+static inline u8 readb_relaxed(volatile void *addr)
+{
+ return *(volatile u8 *)addr;
+}
+
+static inline u16 readw_relaxed(volatile void *addr)
+{
+ return *(volatile u16 *)addr;
+}
+
+static inline u32 readl_relaxed(volatile void *addr)
+{
+ return *(volatile u32 *)addr;
+}
+
+static inline u64 readq_relaxed(volatile void *addr)
+{
+ /* Warning: no guarantee of atomicity */
+ return *(volatile u64 *)addr;
+}
+
+#endif /* !__ASSEMBLY__ */
+#endif /* !_JAILHOUSE_ASM_IO_H */

Initial code for handling hypervisor traps. Only the non-banked registers
need to be saved in the low-level handler, the rest of the context won't
be overwritten.
The per-cpu datas are loaded from TPIDR_EL2 and the general-purpose
registers are saved directly on the stack and supplied as 'struct
registers' to the dispatcher.
The latter then inspects the ESR value and calls the core accordingly.
The return value and the general-purpose registers are passed back to the
driver by retrieving 'struct registers' from the stack, before doing the
final ERET.
This patch allows to handle all status querying hypercalls.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/Makefile | 2 +-
hypervisor/arch/arm/exception.S | 15 +++++++-
hypervisor/arch/arm/include/asm/control.h | 1 +
hypervisor/arch/arm/include/asm/processor.h | 32 +++++++++++++++++
hypervisor/arch/arm/include/asm/sysregs.h | 1 +
hypervisor/arch/arm/include/asm/traps.h | 43 ++++++++++++++++++++++
hypervisor/arch/arm/traps.c | 52 +++++++++++++++++++++++++++
7 files changed, 144 insertions(+), 2 deletions(-)
create mode 100644 hypervisor/arch/arm/include/asm/traps.h
create mode 100644 hypervisor/arch/arm/traps.c

diff --git a/hypervisor/arch/arm/Makefile b/hypervisor/arch/arm/Makefile
index 9bc393e..0016e15 100644
--- a/hypervisor/arch/arm/Makefile
+++ b/hypervisor/arch/arm/Makefile
@@ -14,7 +14,7 @@ KBUILD_AFLAGS := $(filter-out -include asm/unified.h,$(KBUILD_AFLAGS))

always := built-in.o

-obj-y := entry.o dbg-write.o exception.o setup.o lib.o
+obj-y := entry.o dbg-write.o exception.o setup.o lib.o traps.o
obj-y += paging.o mmu_hyp.o mmu_cell.o
obj-$(CONFIG_ARCH_VEXPRESS) += dbg-write-pl011.o

diff --git a/hypervisor/arch/arm/exception.S b/hypervisor/arch/arm/exception.S
index 8c483aa..075172b 100644
--- a/hypervisor/arch/arm/exception.S
+++ b/hypervisor/arch/arm/exception.S
@@ -11,6 +11,7 @@
*/

#include <asm/head.h>
+#include <asm/sysregs.h>

.text
.globl hyp_vectors
@@ -21,6 +22,18 @@ hyp_vectors:
b .
b .
b .
+ b hyp_trap
b .
b .
- b .
+
+hyp_trap:
+ /* Fill the struct registers. Should comply with NUM_USR_REGS */
+ push {r0-r12, lr}
+
+ arm_read_sysreg(TPIDR_EL2, r0)
+ mov r1, sp
+ bl arch_handle_trap
+
+ /* Restore usr regs */
+ pop {r0-r12, lr}
+ eret
diff --git a/hypervisor/arch/arm/include/asm/control.h b/hypervisor/arch/arm/include/asm/control.h
index b569cba..4903d87 100644
--- a/hypervisor/arch/arm/include/asm/control.h
+++ b/hypervisor/arch/arm/include/asm/control.h
@@ -20,6 +20,7 @@

int arch_mmu_cell_init(struct cell *cell);
int arch_mmu_cpu_cell_init(struct per_cpu *cpu_data);
+void arch_handle_trap(struct per_cpu *cpu_data, struct registers *guest_regs);

#endif /* !__ASSEMBLY__ */

diff --git a/hypervisor/arch/arm/include/asm/processor.h b/hypervisor/arch/arm/include/asm/processor.h
index 7835fc4..6dbcd07 100644
--- a/hypervisor/arch/arm/include/asm/processor.h
+++ b/hypervisor/arch/arm/include/asm/processor.h
@@ -98,9 +98,41 @@
#define PAR_ATTR_SHIFT 56
#define PAR_ATTR_MASK 0xff

+/* exception class */
+#define ESR_EC_SHIFT 26
+#define ESR_EC(hsr) ((hsr) >> ESR_EC_SHIFT & 0x3f)
+/* instruction length */
+#define ESR_IL_SHIFT 25
+#define ESR_IL(hsr) ((hsr) >> ESR_IL_SHIFT & 0x1)
+/* Instruction specific */
+#define ESR_ICC_MASK 0x1ffffff
+#define ESR_ICC(hsr) ((hsr) & ESR_ICC_MASK)
+/* Exception classes values */
+#define ESR_EC_UNK 0x00
+#define ESR_EC_WFI 0x01
+#define ESR_EC_CP15_32 0x03
+#define ESR_EC_CP15_64 0x04
+#define ESR_EC_CP14_32 0x05
+#define ESR_EC_CP14_LC 0x06
+#define ESR_EC_HCPTR 0x07
+#define ESR_EC_CP10 0x08
+#define ESR_EC_CP14_64 0x0c
+#define ESR_EC_SVC_HYP 0x11
+#define ESR_EC_HVC 0x12
+#define ESR_EC_SMC 0x13
+#define ESR_EC_IABT 0x20
+#define ESR_EC_IABT_HYP 0x21
+#define ESR_EC_PCALIGN 0x22
+#define ESR_EC_DABT 0x24
+#define ESR_EC_DABT_HYP 0x25
+
+#define NUM_USR_REGS 14
+
#ifndef __ASSEMBLY__

struct registers {
+ /* r0 - r12 and lr. The other registers are banked. */
+ unsigned long usr[NUM_USR_REGS];
};

#define dmb(domain) asm volatile("dmb " #domain "\n" ::: "memory")
diff --git a/hypervisor/arch/arm/include/asm/sysregs.h b/hypervisor/arch/arm/include/asm/sysregs.h
index 1679734..b2aaf06 100644
--- a/hypervisor/arch/arm/include/asm/sysregs.h
+++ b/hypervisor/arch/arm/include/asm/sysregs.h
@@ -33,6 +33,7 @@
#define ID_PFR0_EL1 SYSREG_32(0, c0, c1, 0)
#define ID_PFR1_EL1 SYSREG_32(0, c0, c1, 1)
#define SCTLR_EL2 SYSREG_32(4, c1, c0, 0)
+#define ESR_EL2 SYSREG_32(4, c5, c2, 0)
#define TPIDR_EL2 SYSREG_32(4, c13, c0, 2)
#define TTBR0_EL2 SYSREG_64(4, c2)
#define TCR_EL2 SYSREG_32(4, c2, c0, 2)
diff --git a/hypervisor/arch/arm/include/asm/traps.h b/hypervisor/arch/arm/include/asm/traps.h
new file mode 100644
index 0000000..9bab7e9
--- /dev/null
+++ b/hypervisor/arch/arm/include/asm/traps.h
@@ -0,0 +1,43 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#ifndef _JAILHOUSE_ASM_TRAPS_H
+#define _JAILHOUSE_ASM_TRAPS_H
+
+#include <asm/head.h>
+#include <asm/percpu.h>
+#include <asm/types.h>
+
+#ifndef __ASSEMBLY__
+
+enum trap_return {
+ TRAP_HANDLED = 1,
+ TRAP_UNHANDLED = 0,
+};
+
+struct trap_context {
+ unsigned long *regs;
+ u32 esr;
+ u32 cpsr;
+};
+
+typedef int (*trap_handler)(struct per_cpu *cpu_data,
+ struct trap_context *ctx);
+
+#define arm_read_banked_reg(reg, val) \
+ asm volatile ("mrs %0, " #reg "\n" : "=r" (val))
+
+#define arm_write_banked_reg(reg, val) \
+ asm volatile ("msr " #reg ", %0\n" : : "r" (val))
+
+#endif /* !__ASSEMBLY__ */
+#endif /* !_JAILHOUSE_ASM_TRAPS_H */
diff --git a/hypervisor/arch/arm/traps.c b/hypervisor/arch/arm/traps.c
new file mode 100644
index 0000000..95628c6
--- /dev/null
+++ b/hypervisor/arch/arm/traps.c
@@ -0,0 +1,52 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#include <asm/control.h>
+#include <asm/traps.h>
+#include <asm/sysregs.h>
+#include <jailhouse/printk.h>
+#include <jailhouse/control.h>
+
+static int arch_handle_hvc(struct per_cpu *cpu_data, struct trap_context *ctx)
+{
+ unsigned long *regs = ctx->regs;
+
+ regs[0] = hypercall(cpu_data, regs[0], regs[1], regs[2]);
+
+ return TRAP_HANDLED;
+}
+
+static const trap_handler trap_handlers[38] =
+{
+ [ESR_EC_HVC] = arch_handle_hvc,
+};
+
+void arch_handle_trap(struct per_cpu *cpu_data, struct registers *guest_regs)
+{
+ struct trap_context ctx;
+ u32 exception_class;
+ int ret = TRAP_UNHANDLED;
+
+ arm_read_banked_reg(SPSR_hyp, ctx.cpsr);
+ arm_read_sysreg(ESR_EL2, ctx.esr);
+ exception_class = ESR_EC(ctx.esr);
+ ctx.regs = guest_regs->usr;
+
+ if (trap_handlers[exception_class])
+ ret = trap_handlers[exception_class](cpu_data, &ctx);
+
+ if (ret != TRAP_HANDLED) {
+ panic_printk("CPU%d: Unhandled HYP trap, syndrome 0x%x\n",
+ cpu_data->cpu_id, ctx.esr);
+ while(1);
+ }
+}

This patch adds the ability to implement EL2 stage-1 and EL1 stage-2
MMU, using the struct paging defined by the core.
In the future, it may be useful to separate the stage1 and stage2
functions, like the x86 implementation, in order to use less translation
levels for the IPA->PA translation. For the moment, we keep the
hv_paging = arm_paging definition.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/Makefile | 2 +-
hypervisor/arch/arm/include/asm/paging.h | 149 ++++++++++++++++++++++--
hypervisor/arch/arm/include/asm/paging_modes.h | 5 +
hypervisor/arch/arm/paging.c | 148 +++++++++++++++++++++++
hypervisor/arch/arm/setup.c | 4 -
5 files changed, 295 insertions(+), 13 deletions(-)
create mode 100644 hypervisor/arch/arm/paging.c

diff --git a/hypervisor/arch/arm/Makefile b/hypervisor/arch/arm/Makefile
index 41e3394..b8cc50b 100644
--- a/hypervisor/arch/arm/Makefile
+++ b/hypervisor/arch/arm/Makefile
@@ -15,7 +15,7 @@ KBUILD_AFLAGS := $(filter-out -include asm/unified.h,$(KBUILD_AFLAGS))
always := built-in.o

obj-y := entry.o dbg-write.o exception.o setup.o lib.o
-obj-y += mmu_hyp.o
+obj-y += paging.o mmu_hyp.o
obj-$(CONFIG_ARCH_VEXPRESS) += dbg-write-pl011.o

# Needed for kconfig
diff --git a/hypervisor/arch/arm/include/asm/paging.h b/hypervisor/arch/arm/include/asm/paging.h
index 5b48790..251576e 100644
--- a/hypervisor/arch/arm/include/asm/paging.h
+++ b/hypervisor/arch/arm/include/asm/paging.h
@@ -13,21 +13,154 @@
#ifndef _JAILHOUSE_ASM_PAGING_H
#define _JAILHOUSE_ASM_PAGING_H

-#include <asm/types.h>
#include <asm/processor.h>
+#include <asm/types.h>
+#include <jailhouse/utils.h>

#define PAGE_SIZE 4096
#define PAGE_MASK ~(PAGE_SIZE - 1)
#define PAGE_OFFS_MASK (PAGE_SIZE - 1)

-#define MAX_PAGE_DIR_LEVELS 4
+#define MAX_PAGE_DIR_LEVELS 3
+
+/*
+ * When T0SZ == 0 and SL0 == 0, the EL2 MMU starts the IPA->PA translation at
+ * the level 2 table. The second table is indexed by IPA[31:21], the third one
+ * by IPA[20:12].
+ * This would allows to cover a 4GB memory map by using 4 concatenated level-2
+ * page tables and thus provide better table walk performances.
+ * For the moment, the core doesn't allow to use concatenated pages, so we will
+ * use three levels instead, starting at level 1.
+ *
+ * TODO: add a "u32 concatenated" field to the paging struct
+ */
+#if MAX_PAGE_DIR_LEVELS < 3
+#define T0SZ 0
+#define SL0 0
+#define PADDR_OFF (14 - T0SZ)
+#define L2_VADDR_MASK BIT_MASK(21, 17 + PADDR_OFF)
+#else
+#define T0SZ 0
+#define SL0 1
+#define PADDR_OFF (5 - T0SZ)
+#define L1_VADDR_MASK BIT_MASK(26 + PADDR_OFF, 30)
+#define L2_VADDR_MASK BIT_MASK(29, 21)
+#endif
+
+#define L3_VADDR_MASK BIT_MASK(20, 12)
+
+/*
+ * Stage-1 and Stage-2 lower attributes.
+ * FIXME: The upper attributes (contiguous hint and XN) are not currently in
+ * use. If needed in the future, they should be shifted towards the lower word,
+ * since the core uses unsigned long to pass the flags.
+ * An arch-specific typedef for the flags as well as the addresses would be
+ * useful.
+ * The contiguous bit is a hint that allows the PE to store blocks of 16 pages
+ * in the TLB. This may be a useful optimisation.
+ */
+#define PTE_ACCESS_FLAG (0x1 << 10)
+/*
+ * When combining shareability attributes, the stage-1 ones prevail. So we can
+ * safely leave everything non-shareable at stage 2.
+ */
+#define PTE_NON_SHAREABLE (0x0 << 8)
+#define PTE_OUTER_SHAREABLE (0x2 << 8)
+#define PTE_INNER_SHAREABLE (0x3 << 8)
+
+#define PTE_MEMATTR(val) ((val) << 2)
+#define PTE_FLAG_TERMINAL (0x1 << 1)
+#define PTE_FLAG_VALID (0x1 << 0)
+
+/* These bits differ in stage 1 and 2 translations */
+#define S1_PTE_NG (0x1 << 11)
+#define S1_PTE_ACCESS_RW (0x0 << 7)
+#define S1_PTE_ACCESS_RO (0x1 << 7)
+/* Res1 for EL2 stage-1 tables */
+#define S1_PTE_ACCESS_EL0 (0x1 << 6)
+
+#define S2_PTE_ACCESS_RO (0x1 << 6)
+#define S2_PTE_ACCESS_WO (0x2 << 6)
+#define S2_PTE_ACCESS_RW (0x3 << 6)
+
+/*
+ * Descriptor pointing to a page table
+ * (only for L1 and L2. L3 uses this encoding for terminal entries...)
+ */
+#define PTE_TABLE_FLAGS 0x3
+
+#define PTE_L1_BLOCK_ADDR_MASK BIT_MASK(39, 30)
+#define PTE_L2_BLOCK_ADDR_MASK BIT_MASK(39, 21)
+#define PTE_TABLE_ADDR_MASK BIT_MASK(39, 12)
+#define PTE_PAGE_ADDR_MASK BIT_MASK(39, 12)
+
+#define BLOCK_1G_VADDR_MASK BIT_MASK(29, 0)
+#define BLOCK_2M_VADDR_MASK BIT_MASK(20, 0)
+
+#define TTBR_MASK BIT_MASK(47, PADDR_OFF)
+
+#define HTCR_RES1 ((1 << 31) | (1 << 23))
+#define VTCR_RES1 ((1 << 31))
+#define TCR_RGN_NON_CACHEABLE 0x0
+#define TCR_RGN_WB_WA 0x1
+#define TCR_RGN_WT 0x2
+#define TCR_RGN_WB 0x3
+#define TCR_NON_SHAREABLE 0x0
+#define TCR_OUTER_SHAREABLE 0x2
+#define TCR_INNER_SHAREABLE 0x3
+
+#define TCR_SH0_SHIFT 12
+#define TCR_ORGN0_SHIFT 10
+#define TCR_IRGN0_SHIFT 8
+#define TCR_SL0_SHIFT 6
+#define TCR_S_SHIFT 4
+
+/*
+ * Memory attribute indexes:
+ * 0: normal WB, RA, WA, non-transient
+ * 1: dev-nGnRE
+ * 2: normal non-cacheable
+ * 3: normal WT, RA, transient
+ * 4: normal WB, WA, non-transient
+ * 5: normal WB, RA, non-transient
+ * 6: dev-nGnRnE
+ * 7: dev-nGnRnE (unused)
+ */
+#define MEMATTR_WBRAWA 0xff
+#define MEMATTR_DEV_nGnRE 0x04
+#define MEMATTR_NC 0x44
+#define MEMATTR_WTRA 0xaa
+#define MEMATTR_WBWA 0x55
+#define MEMATTR_WBRA 0xee
+#define MEMATTR_DEV_nGnRnE 0x00
+
+#define DEFAULT_HMAIR0 0xaa4404ff
+#define DEFAULT_HMAIR1 0x0000ee55
+#define HMAIR_IDX_WBRAWA 0
+#define HMAIR_IDX_DEV_nGnRE 1
+#define HMAIR_IDX_NC 2
+#define HMAIR_IDX_WTRA 3
+#define HMAIR_IDX_WBWA 4
+#define HMAIR_IDX_WBRA 5
+#define HMAIR_IDX_DEV_nGnRnE 6
+
+
+#define S1_PTE_FLAG_NORMAL PTE_MEMATTR(HMAIR_IDX_WBRAWA)
+#define S1_PTE_FLAG_DEVICE PTE_MEMATTR(HMAIR_IDX_DEV_nGnRE)
+#define S1_PTE_FLAG_UNCACHED PTE_MEMATTR(HMAIR_IDX_NC)
+
+#define S2_PTE_FLAG_NORMAL PTE_MEMATTR(MEMATTR_WBRAWA)
+#define S2_PTE_FLAG_DEVICE PTE_MEMATTR(MEMATTR_DEV_nGnRE)
+#define S2_PTE_FLAG_NC PTE_MEMATTR(MEMATTR_NC)

-#define PAGE_FLAG_PRESENT 0x01
-#define PAGE_FLAG_RW 0x02
-#define PAGE_FLAG_UNCACHED 0x10
+#define S1_DEFAULT_FLAGS (PTE_FLAG_VALID | PTE_ACCESS_FLAG \
+ | S1_PTE_FLAG_NORMAL | PTE_INNER_SHAREABLE\
+ | S1_PTE_ACCESS_EL0)

-#define PAGE_DEFAULT_FLAGS (PAGE_FLAG_PRESENT | PAGE_FLAG_RW)
-#define PAGE_READONLY_FLAGS PAGE_FLAG_PRESENT
+/* Macros used by the core, only for the EL2 stage-1 mappings */
+#define PAGE_FLAG_UNCACHED S1_PTE_FLAG_NC
+#define PAGE_DEFAULT_FLAGS (S1_DEFAULT_FLAGS | S1_PTE_ACCESS_RW)
+#define PAGE_READONLY_FLAGS (S1_DEFAULT_FLAGS | S1_PTE_ACCESS_RO)
#define PAGE_NONPRESENT_FLAGS 0

#define INVALID_PHYS_ADDR (~0UL)
@@ -39,7 +172,7 @@

#ifndef __ASSEMBLY__

-typedef unsigned long *pt_entry_t;
+typedef u64 *pt_entry_t;

static inline void arch_tlb_flush_page(unsigned long addr)
{
diff --git a/hypervisor/arch/arm/include/asm/paging_modes.h b/hypervisor/arch/arm/include/asm/paging_modes.h
index 932fb6e..72950eb 100644
--- a/hypervisor/arch/arm/include/asm/paging_modes.h
+++ b/hypervisor/arch/arm/include/asm/paging_modes.h
@@ -10,8 +10,13 @@
* the COPYING file in the top-level directory.
*/

+#ifndef __ASSEMBLY__
+
#include <jailhouse/paging.h>

+/* Long-descriptor paging */
extern const struct paging arm_paging[];

#define hv_paging arm_paging
+
+#endif /* !__ASSEMBLY__ */
diff --git a/hypervisor/arch/arm/paging.c b/hypervisor/arch/arm/paging.c
new file mode 100644
index 0000000..b4ac06f
--- /dev/null
+++ b/hypervisor/arch/arm/paging.c
@@ -0,0 +1,148 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#include <jailhouse/paging.h>
+
+static bool arm_entry_valid(pt_entry_t entry)
+{
+ return *entry & 1;
+}
+
+static unsigned long arm_get_entry_flags(pt_entry_t entry)
+{
+ /* Upper flags (contiguous hint and XN are currently ignored */
+ return *entry & 0xfff;
+}
+
+static void arm_clear_entry(pt_entry_t entry)
+{
+ *entry = 0;
+}
+
+static bool arm_page_table_empty(page_table_t page_table)
+{
+ unsigned long n;
+ pt_entry_t pte;
+
+ for (n = 0, pte = page_table; n < PAGE_SIZE / sizeof(pt_entry_t); n++, pte++)
+ if (arm_entry_valid(pte))
+ return false;
+ return true;
+}
+
+#if MAX_PAGE_DIR_LEVELS > 2
+static pt_entry_t arm_get_l1_entry(page_table_t page_table, unsigned long virt)
+{
+ return &page_table[(virt & L1_VADDR_MASK) >> 30];
+}
+
+static void arm_set_l1_block(pt_entry_t pte, unsigned long phys, unsigned long flags)
+{
+ *pte = ((u64)phys & PTE_L1_BLOCK_ADDR_MASK) | flags;
+}
+
+static unsigned long arm_get_l1_phys(pt_entry_t pte, unsigned long virt)
+{
+ if ((*pte & PTE_TABLE_FLAGS) == PTE_TABLE_FLAGS)
+ return INVALID_PHYS_ADDR;
+ return (*pte & PTE_L1_BLOCK_ADDR_MASK) | (virt & BLOCK_1G_VADDR_MASK);
+}
+#endif
+
+static pt_entry_t arm_get_l2_entry(page_table_t page_table, unsigned long virt)
+{
+ return &page_table[(virt & L2_VADDR_MASK) >> 21];
+}
+
+static pt_entry_t arm_get_l3_entry(page_table_t page_table, unsigned long virt)
+{
+ return &page_table[(virt & L3_VADDR_MASK) >> 12];
+}
+
+static void arm_set_l2_block(pt_entry_t pte, unsigned long phys, unsigned long flags)
+{
+ *pte = ((u64)phys & PTE_L2_BLOCK_ADDR_MASK) | flags;
+}
+
+static void arm_set_l3_page(pt_entry_t pte, unsigned long phys, unsigned long flags)
+{
+ *pte = ((u64)phys & PTE_PAGE_ADDR_MASK) | flags | PTE_FLAG_TERMINAL;
+}
+
+static void arm_set_l12_table(pt_entry_t pte, unsigned long next_pt)
+{
+ *pte = ((u64)next_pt & PTE_TABLE_ADDR_MASK) | PTE_TABLE_FLAGS;
+}
+
+static unsigned long arm_get_l12_table(pt_entry_t pte)
+{
+ return *pte & PTE_TABLE_ADDR_MASK;
+}
+
+static unsigned long arm_get_l2_phys(pt_entry_t pte, unsigned long virt)
+{
+ if ((*pte & PTE_TABLE_FLAGS) == PTE_TABLE_FLAGS)
+ return INVALID_PHYS_ADDR;
+ return (*pte & PTE_L2_BLOCK_ADDR_MASK) | (virt & BLOCK_2M_VADDR_MASK);
+}
+
+static unsigned long arm_get_l3_phys(pt_entry_t pte, unsigned long virt)
+{
+ if (!(*pte & PTE_FLAG_TERMINAL))
+ return INVALID_PHYS_ADDR;
+ return (*pte & PTE_PAGE_ADDR_MASK) | (virt & PAGE_MASK);
+}
+
+#define ARM_PAGING_COMMON \
+ .entry_valid = arm_entry_valid, \
+ .get_flags = arm_get_entry_flags, \
+ .clear_entry = arm_clear_entry, \
+ .page_table_empty = arm_page_table_empty,
+
+const struct paging arm_paging[] = {
+#if MAX_PAGE_DIR_LEVELS > 2
+ {
+ ARM_PAGING_COMMON
+ /* Block entry: 1GB */
+ .page_size = 1024 * 1024 * 1024,
+ .get_entry = arm_get_l1_entry,
+ .set_terminal = arm_set_l1_block,
+ .get_phys = arm_get_l1_phys,
+
+ .set_next_pt = arm_set_l12_table,
+ .get_next_pt = arm_get_l12_table,
+ },
+#endif
+ {
+ ARM_PAGING_COMMON
+ /* Block entry: 2MB */
+ .page_size = 2 * 1024 * 1024,
+ .get_entry = arm_get_l2_entry,
+ .set_terminal = arm_set_l2_block,
+ .get_phys = arm_get_l2_phys,
+
+ .set_next_pt = arm_set_l12_table,
+ .get_next_pt = arm_get_l12_table,
+ },
+ {
+ ARM_PAGING_COMMON
+ /* Page entry: 4kB */
+ .page_size = 4 * 1024,
+ .get_entry = arm_get_l3_entry,
+ .set_terminal = arm_set_l3_page,
+ .get_phys = arm_get_l3_phys,
+ }
+};
+
+void arch_paging_init(void)
+{
+}
diff --git a/hypervisor/arch/arm/setup.c b/hypervisor/arch/arm/setup.c
index 599ad39..43ef1eb 100644
--- a/hypervisor/arch/arm/setup.c
+++ b/hypervisor/arch/arm/setup.c
@@ -86,9 +86,5 @@ void arch_shutdown(void) {}
unsigned long arch_page_map_gphys2phys(struct per_cpu *cpu_data,
unsigned long gphys)
{ return INVALID_PHYS_ADDR; }
-void arch_paging_init(void) { }
-
-const struct paging arm_paging[1];
-
void arch_panic_stop(struct per_cpu *cpu_data) {__builtin_unreachable();}
void arch_panic_halt(struct per_cpu *cpu_data) {}

This is not the final thing: it can only be used internally for
suspending, resuming and parking CPUs while reconfiguring the cells.
Using this base, a trivial PSCI 0.2 emulation can be added by implementing
the appropriate trap hooks.

The mailbox in the per_cpu structure is used to store the address and
context where psci_cpu_off returns.
CPUs doing reconfiguration on the cells can use the psci_suspend and
psci_resume wrappers to store all affected cores.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/Makefile | 1 +
hypervisor/arch/arm/include/asm/percpu.h | 4 ++
hypervisor/arch/arm/include/asm/psci.h | 64 ++++++++++++++++++++++++++
hypervisor/arch/arm/psci.c | 74 ++++++++++++++++++++++++++++++
hypervisor/arch/arm/psci_low.S | 71 ++++++++++++++++++++++++++++
hypervisor/arch/arm/setup.c | 2 +
6 files changed, 216 insertions(+)
create mode 100644 hypervisor/arch/arm/include/asm/psci.h
create mode 100644 hypervisor/arch/arm/psci.c
create mode 100644 hypervisor/arch/arm/psci_low.S

diff --git a/hypervisor/arch/arm/Makefile b/hypervisor/arch/arm/Makefile
index 641b55d..6ad6b47 100644
--- a/hypervisor/arch/arm/Makefile
+++ b/hypervisor/arch/arm/Makefile
@@ -16,6 +16,7 @@ always := built-in.o

obj-y := entry.o dbg-write.o exception.o setup.o control.o lib.o traps.o
obj-y += paging.o mmu_hyp.o mmu_cell.o
+obj-y += psci.o psci_low.o
obj-y += irqchip.o
obj-$(CONFIG_ARM_GIC_V3) += gic-v3.o
obj-$(CONFIG_ARCH_VEXPRESS) += dbg-write-pl011.o
diff --git a/hypervisor/arch/arm/include/asm/percpu.h b/hypervisor/arch/arm/include/asm/percpu.h
index 16750c0..53bf97f 100644
--- a/hypervisor/arch/arm/include/asm/percpu.h
+++ b/hypervisor/arch/arm/include/asm/percpu.h
@@ -26,6 +26,7 @@
#ifndef __ASSEMBLY__

#include <asm/cell.h>
+#include <asm/psci.h>
#include <asm/spinlock.h>

struct pending_irq;
@@ -53,6 +54,9 @@ struct per_cpu {

bool initialized;

+ /* The mbox will be accessed with a ldrd, which requires alignment */
+ __attribute__((aligned(8))) struct psci_mbox psci_mbox;
+
volatile bool stop_cpu;
volatile bool wait_for_sipi;
volatile bool cpu_stopped;
diff --git a/hypervisor/arch/arm/include/asm/psci.h b/hypervisor/arch/arm/include/asm/psci.h
new file mode 100644
index 0000000..1883a6d
--- /dev/null
+++ b/hypervisor/arch/arm/include/asm/psci.h
@@ -0,0 +1,64 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#ifndef _JAILHOUSE_ASM_PSCI_H
+#define _JAILHOUSE_ASM_PSCI_H
+
+#define PSCI_VERSION 0x84000000
+#define PSCI_CPU_SUSPEND_32 0x84000001
+#define PSCI_CPU_SUSPEND_64 0xc4000001
+#define PSCI_CPU_OFF 0x84000002
+#define PSCI_CPU_ON_32 0x84000003
+#define PSCI_CPU_ON_64 0xc4000003
+#define PSCI_AFFINITY_INFO_32 0x84000004
+#define PSCI_AFFINITY_INFO_64 0xc4000004
+#define PSCI_MIGRATE_32 0x84000005
+#define PSCI_MIGRATE_64 0xc4000005
+#define PSCI_MIGRATE_INFO_TYPE 0x84000006
+#define PSCI_MIGRATE_INFO_UP_CPU_32 0x84000007
+#define PSCI_MIGRATE_INFO_UP_CPU_64 0xc4000007
+#define PSCI_SYSTEM_OFF 0x84000008
+#define PSCI_SYSTEM_RESET 0x84000009
+
+#define PSCI_SUCCESS 0
+#define PSCI_NOT_SUPPORTED (-1)
+#define PSCI_INVALID_PARAMETERS (-2)
+#define PSCI_DENIED (-3)
+#define PSCI_ALREADY_ON (-4)
+#define PSCI_ON_PENDING (-5)
+#define PSCI_INTERNAL_FAILURE (-6)
+#define PSCI_NOT_PRESENT (-7)
+#define PSCI_DISABLED (-8)
+
+#define PSCI_INVALID_ADDRESS 0xffffffff
+
+#ifndef __ASSEMBLY__
+
+struct trap_context;
+struct per_cpu;
+struct psci_mbox {
+ unsigned long entry;
+ unsigned long context;
+};
+
+void psci_cpu_off(struct per_cpu *cpu_data);
+long psci_cpu_on(unsigned int target, unsigned long entry,
+ unsigned long context);
+bool psci_cpu_stopped(unsigned int cpu_id);
+int psci_wait_cpu_stopped(unsigned int cpu_id);
+
+void psci_suspend(struct per_cpu *cpu_data);
+long psci_resume(unsigned int target);
+long psci_try_resume(unsigned int cpu_id);
+
+#endif /* !__ASSEMBLY__ */
+#endif /* _JAILHOUSE_ASM_PSCI_H */
diff --git a/hypervisor/arch/arm/psci.c b/hypervisor/arch/arm/psci.c
new file mode 100644
index 0000000..132d6a0
--- /dev/null
+++ b/hypervisor/arch/arm/psci.c
@@ -0,0 +1,74 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#include <asm/control.h>
+#include <asm/psci.h>
+#include <asm/traps.h>
+
+void _psci_cpu_off(struct psci_mbox *);
+long _psci_cpu_on(struct psci_mbox *, unsigned long, unsigned long);
+void _psci_suspend(struct psci_mbox *, unsigned long *address);
+void _psci_suspend_return(void);
+
+void psci_cpu_off(struct per_cpu *cpu_data)
+{
+ _psci_cpu_off(&cpu_data->psci_mbox);
+}
+
+long psci_cpu_on(unsigned int target, unsigned long entry,
+ unsigned long context)
+{
+ struct per_cpu *cpu_data = per_cpu(target);
+ struct psci_mbox *mbox = &cpu_data->psci_mbox;
+
+ return _psci_cpu_on(mbox, entry, context);
+}
+
+/*
+ * Not a real psci_cpu_suspend implementation. Only used to semantically
+ * differentiate from `cpu_off'. Return is done via psci_resume.
+ */
+void psci_suspend(struct per_cpu *cpu_data)
+{
+ psci_cpu_off(cpu_data);
+}
+
+long psci_resume(unsigned int target)
+{
+ psci_wait_cpu_stopped(target);
+ return psci_cpu_on(target, (unsigned long)&_psci_suspend_return, 0);
+}
+
+bool psci_cpu_stopped(unsigned int cpu_id)
+{
+ return per_cpu(cpu_id)->psci_mbox.entry == PSCI_INVALID_ADDRESS;
+}
+
+long psci_try_resume(unsigned int cpu_id)
+{
+ if (psci_cpu_stopped(cpu_id))
+ return psci_resume(cpu_id);
+
+ return -EBUSY;
+}
+
+int psci_wait_cpu_stopped(unsigned int cpu_id)
+{
+ /* FIXME: add a delay */
+ do {
+ if (psci_cpu_stopped(cpu_id))
+ return 0;
+ cpu_relax();
+ } while (1);
+
+ return -EBUSY;
+}
diff --git a/hypervisor/arch/arm/psci_low.S b/hypervisor/arch/arm/psci_low.S
new file mode 100644
index 0000000..76eeaba
--- /dev/null
+++ b/hypervisor/arch/arm/psci_low.S
@@ -0,0 +1,71 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#include <asm/head.h>
+#include <asm/psci.h>
+
+ .global _psci_cpu_off
+ /* r0: struct psci_mbox* */
+_psci_cpu_off:
+ ldr r2, =PSCI_INVALID_ADDRESS
+ /* Clear mbox */
+ str r2, [r0]
+ /*
+ * No reordering against the ldr below for the PEs in our domain, so no
+ * need for a barrier. Other CPUs will wait for an invalid address
+ * before issuing a CPU_ON.
+ */
+
+ /* Wait for a CPU_ON call that updates the mbox */
+1: wfe
+ ldr r1, [r0]
+ cmp r1, r2
+ beq 1b
+
+ /* Jump to the requested entry, with a parameter */
+ ldr r0, [r0, #4]
+ bx r1
+
+ .global _psci_cpu_on
+ /* r0: struct psci_mbox*, r1: entry, r2: context */
+_psci_cpu_on:
+ push {r4, r5, lr}
+ /* strd needs to start with an even register */
+ mov r3, r2
+ mov r2, r1
+ ldr r1, =PSCI_INVALID_ADDRESS
+
+ ldrexd r4, r5, [r0]
+ cmp r4, r1
+ bne store_failed
+ strexd r1, r2, r3, [r0]
+ /* r1 contains the ex store flag */
+ cmp r1, #0
+ bne store_failed
+
+ /*
+ * Ensure that the stopped CPU can read the new address when receiving
+ * the event.
+ */
+ dsb ish
+ sev
+ mov r0, #0
+ pop {r4, r5, pc}
+
+store_failed:
+ clrex
+ mov r0, #PSCI_ALREADY_ON
+ pop {r4, r5, pc}
+
+ .global _psci_suspend_return
+_psci_suspend_return:
+ bx lr
diff --git a/hypervisor/arch/arm/setup.c b/hypervisor/arch/arm/setup.c
index d293c2c..e7a0845 100644
--- a/hypervisor/arch/arm/setup.c
+++ b/hypervisor/arch/arm/setup.c
@@ -53,6 +53,8 @@ int arch_cpu_init(struct per_cpu *cpu_data)
int err = 0;
unsigned long hcr = HCR_VM_BIT | HCR_IMO_BIT | HCR_FMO_BIT;

+ cpu_data->psci_mbox.entry = 0;
+
/*
* Copy the registers to restore from the linux stack here, because we
* won't be able to access it later

memcpy and phys_processor_id implementations are required before going
any further. This patch introduces a very trivial version of those
functions.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/Makefile | 2 +-
hypervisor/arch/arm/include/asm/processor.h | 2 ++
hypervisor/arch/arm/include/asm/sysregs.h | 5 ++++
hypervisor/arch/arm/lib.c | 36 +++++++++++++++++++++++++++
hypervisor/arch/arm/setup.c | 2 --
5 files changed, 44 insertions(+), 3 deletions(-)
create mode 100644 hypervisor/arch/arm/lib.c

diff --git a/hypervisor/arch/arm/Makefile b/hypervisor/arch/arm/Makefile
index 6ceb061..425f221 100644
--- a/hypervisor/arch/arm/Makefile
+++ b/hypervisor/arch/arm/Makefile
@@ -14,4 +14,4 @@ KBUILD_AFLAGS := $(filter-out -include asm/unified.h,$(KBUILD_AFLAGS))

always := built-in.o

-obj-y := entry.o setup.o
+obj-y := entry.o setup.o lib.o
diff --git a/hypervisor/arch/arm/include/asm/processor.h b/hypervisor/arch/arm/include/asm/processor.h
index d42be81..ef76687 100644
--- a/hypervisor/arch/arm/include/asm/processor.h
+++ b/hypervisor/arch/arm/include/asm/processor.h
@@ -13,6 +13,8 @@
#ifndef _JAILHOUSE_ASM_PROCESSOR_H
#define _JAILHOUSE_ASM_PROCESSOR_H

+#define MPIDR_CPUID_MASK 0x00ffffff
+
#ifndef __ASSEMBLY__

struct registers {
diff --git a/hypervisor/arch/arm/include/asm/sysregs.h b/hypervisor/arch/arm/include/asm/sysregs.h
index 8be5ce1..b5dddcf 100644
--- a/hypervisor/arch/arm/include/asm/sysregs.h
+++ b/hypervisor/arch/arm/include/asm/sysregs.h
@@ -25,6 +25,11 @@
* - arm_read_sysreg(SYSREG_NAME, reg)
*/

+/*
+ * 32bit sysregs definitions
+ * (Use the AArch64 names to ease the compatibility work)
+ */
+#define MPIDR_EL1 SYSREG_32(0, c0, c0, 5)

#define SYSREG_32(...) 32, __VA_ARGS__
#define SYSREG_64(...) 64, __VA_ARGS__
diff --git a/hypervisor/arch/arm/lib.c b/hypervisor/arch/arm/lib.c
new file mode 100644
index 0000000..a0b2b5b
--- /dev/null
+++ b/hypervisor/arch/arm/lib.c
@@ -0,0 +1,36 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#include <asm/sysregs.h>
+#include <asm/types.h>
+#include <jailhouse/processor.h>
+#include <jailhouse/string.h>
+
+int phys_processor_id(void)
+{
+ u32 mpidr;
+
+ arm_read_sysreg(MPIDR_EL1, mpidr);
+ return mpidr & MPIDR_CPUID_MASK;
+}
+
+void *memcpy(void *dest, const void *src, unsigned long n)
+{
+ unsigned long i;
+ const char *csrc = src;
+ char *cdest = dest;
+
+ for (i = 0; i < n; i++)
+ cdest[i] = csrc[i];
+
+ return dest;
+}
diff --git a/hypervisor/arch/arm/setup.c b/hypervisor/arch/arm/setup.c
index a282685..74dc0e6 100644
--- a/hypervisor/arch/arm/setup.c
+++ b/hypervisor/arch/arm/setup.c
@@ -43,7 +43,6 @@ void arch_cpu_restore(struct per_cpu *cpu_data)
#include <jailhouse/string.h>
#include <jailhouse/paging.h>
void arch_dbg_write_init(void) {}
-int phys_processor_id(void) { return 0; }
void arch_suspend_cpu(unsigned int cpu_id) {}
void arch_resume_cpu(unsigned int cpu_id) {}
void arch_reset_cpu(unsigned int cpu_id) {}
@@ -60,7 +59,6 @@ int arch_unmap_memory_region(struct cell *cell,
void arch_cell_destroy(struct per_cpu *cpu_data, struct cell *new_cell) {}
void arch_config_commit(struct per_cpu *cpu_data,
struct cell *cell_added_removed) {}
-void *memcpy(void *dest, const void *src, unsigned long n) { return NULL; }
void arch_dbg_write(const char *msg) {}
void arch_shutdown(void) {}
unsigned long arch_page_map_gphys2phys(struct per_cpu *cpu_data,

Since IRQs taken to HYP use a different vector, the trap handler needs to
be aware of the exit context. To this end, the patch adds an 'exit_reason'
field to the struct registers.
The structure is still passed to the dispatcher as a pointer to the stack,
but care must be taken to ignore the exit field when restoring the user
registers.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/Makefile | 2 +-
hypervisor/arch/arm/control.c | 31 +++++++++++++++++++++++++++
hypervisor/arch/arm/exception.S | 20 ++++++++++++++---
hypervisor/arch/arm/include/asm/control.h | 1 +
hypervisor/arch/arm/include/asm/processor.h | 4 ++++
hypervisor/arch/arm/setup.c | 2 +-
6 files changed, 55 insertions(+), 5 deletions(-)
create mode 100644 hypervisor/arch/arm/control.c

diff --git a/hypervisor/arch/arm/Makefile b/hypervisor/arch/arm/Makefile
index 78890ef..641b55d 100644
--- a/hypervisor/arch/arm/Makefile
+++ b/hypervisor/arch/arm/Makefile
@@ -14,7 +14,7 @@ KBUILD_AFLAGS := $(filter-out -include asm/unified.h,$(KBUILD_AFLAGS))

always := built-in.o

-obj-y := entry.o dbg-write.o exception.o setup.o lib.o traps.o
+obj-y := entry.o dbg-write.o exception.o setup.o control.o lib.o traps.o
obj-y += paging.o mmu_hyp.o mmu_cell.o
obj-y += irqchip.o
obj-$(CONFIG_ARM_GIC_V3) += gic-v3.o
diff --git a/hypervisor/arch/arm/control.c b/hypervisor/arch/arm/control.c
new file mode 100644
index 0000000..e740977
--- /dev/null
+++ b/hypervisor/arch/arm/control.c
@@ -0,0 +1,31 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#include <asm/control.h>
+#include <asm/irqchip.h>
+#include <jailhouse/printk.h>
+
+void arch_handle_exit(struct per_cpu *cpu_data, struct registers *regs)
+{
+ switch (regs->exit_reason) {
+ case EXIT_REASON_IRQ:
+ irqchip_handle_irq(cpu_data);
+ break;
+ case EXIT_REASON_TRAP:
+ arch_handle_trap(cpu_data, regs);
+ break;
+ default:
+ printk("Internal error: %d exit not implemented\n",
+ regs->exit_reason);
+ while(1);
+ }
+}
diff --git a/hypervisor/arch/arm/exception.S b/hypervisor/arch/arm/exception.S
index 075172b..230da47 100644
--- a/hypervisor/arch/arm/exception.S
+++ b/hypervisor/arch/arm/exception.S
@@ -11,6 +11,7 @@
*/

#include <asm/head.h>
+#include <asm/processor.h>
#include <asm/sysregs.h>

.text
@@ -23,16 +24,29 @@ hyp_vectors:
b .
b .
b hyp_trap
- b .
+ b hyp_irq
b .

-hyp_trap:
+.macro handle_vmexit exit_reason
/* Fill the struct registers. Should comply with NUM_USR_REGS */
push {r0-r12, lr}
+ mov r0, #\exit_reason
+ b vmexit_common
+.endm
+
+hyp_irq:
+ handle_vmexit EXIT_REASON_IRQ
+hyp_trap:
+ handle_vmexit EXIT_REASON_TRAP
+
+vmexit_common:
+ push {r0}

arm_read_sysreg(TPIDR_EL2, r0)
mov r1, sp
- bl arch_handle_trap
+ bl arch_handle_exit
+
+ add sp, sp, #4

/* Restore usr regs */
pop {r0-r12, lr}
diff --git a/hypervisor/arch/arm/include/asm/control.h b/hypervisor/arch/arm/include/asm/control.h
index 4903d87..c974bc1 100644
--- a/hypervisor/arch/arm/include/asm/control.h
+++ b/hypervisor/arch/arm/include/asm/control.h
@@ -21,6 +21,7 @@
int arch_mmu_cell_init(struct cell *cell);
int arch_mmu_cpu_cell_init(struct per_cpu *cpu_data);
void arch_handle_trap(struct per_cpu *cpu_data, struct registers *guest_regs);
+void arch_handle_exit(struct per_cpu *cpu_data, struct registers *guest_regs);

#endif /* !__ASSEMBLY__ */

diff --git a/hypervisor/arch/arm/include/asm/processor.h b/hypervisor/arch/arm/include/asm/processor.h
index 6dbcd07..5744c0e 100644
--- a/hypervisor/arch/arm/include/asm/processor.h
+++ b/hypervisor/arch/arm/include/asm/processor.h
@@ -126,11 +126,15 @@
#define ESR_EC_DABT 0x24
#define ESR_EC_DABT_HYP 0x25

+#define EXIT_REASON_TRAP 0x1
+#define EXIT_REASON_IRQ 0x2
+
#define NUM_USR_REGS 14

#ifndef __ASSEMBLY__

struct registers {
+ unsigned long exit_reason;
/* r0 - r12 and lr. The other registers are banked. */
unsigned long usr[NUM_USR_REGS];
};
diff --git a/hypervisor/arch/arm/setup.c b/hypervisor/arch/arm/setup.c
index 3afabbf..d293c2c 100644
--- a/hypervisor/arch/arm/setup.c
+++ b/hypervisor/arch/arm/setup.c
@@ -51,7 +51,7 @@ int arch_init_early(void)
int arch_cpu_init(struct per_cpu *cpu_data)
{
int err = 0;
- unsigned long hcr = HCR_VM_BIT;
+ unsigned long hcr = HCR_VM_BIT | HCR_IMO_BIT | HCR_FMO_BIT;

/*
* Copy the registers to restore from the linux stack here, because we

On some implementations, instructions may trap before the PE was able to
check their conditional code. This patch adds the ability to check it
before emulating something that wouldn't be executed. In thumb mode, the IT
state has to be updated when skipping instructions.

Most of this patch is copied and adapted from Linux and KVM.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/include/asm/processor.h | 5 ++
hypervisor/arch/arm/traps.c | 116 +++++++++++++++++++++++++++
2 files changed, 121 insertions(+)

diff --git a/hypervisor/arch/arm/include/asm/processor.h b/hypervisor/arch/arm/include/asm/processor.h
index 5744c0e..599f4f6 100644
--- a/hypervisor/arch/arm/include/asm/processor.h
+++ b/hypervisor/arch/arm/include/asm/processor.h
@@ -31,6 +31,8 @@
#define PSR_F_BIT (1 << 6)
#define PSR_I_BIT (1 << 7)
#define PSR_A_BIT (1 << 8)
+#define PSR_IT_MASK(it) (((it) & 0x3) << 25 | ((it) & 0xfc) << 8)
+#define PSR_IT(psr) (((psr) >> 25 & 0x3) | ((psr) >> 8 & 0xfc))

#define MPIDR_CPUID_MASK 0x00ffffff

@@ -125,6 +127,9 @@
#define ESR_EC_PCALIGN 0x22
#define ESR_EC_DABT 0x24
#define ESR_EC_DABT_HYP 0x25
+/* Condition code */
+#define ESR_ICC_CV_BIT (1 << 24)
+#define ESR_ICC_COND(icc) ((icc) >> 20 & 0xf)

#define EXIT_REASON_TRAP 0x1
#define EXIT_REASON_IRQ 0x2
diff --git a/hypervisor/arch/arm/traps.c b/hypervisor/arch/arm/traps.c
index 7367357..9de1657 100644
--- a/hypervisor/arch/arm/traps.c
+++ b/hypervisor/arch/arm/traps.c
@@ -8,6 +8,10 @@
*
* This work is licensed under the terms of the GNU GPL, version 2. See
* the COPYING file in the top-level directory.
+ *
+ * Condition check code is copied from Linux's
+ * - arch/arm/kernel/opcodes.c
+ * - arch/arm/kvm/emulate.c
*/

#include <asm/control.h>
@@ -16,6 +20,107 @@
#include <jailhouse/printk.h>
#include <jailhouse/control.h>

+/*
+ * condition code lookup table
+ * index into the table is test code: EQ, NE, ... LT, GT, AL, NV
+ *
+ * bit position in short is condition code: NZCV
+ */
+static const unsigned short cc_map[16] = {
+ 0xF0F0, /* EQ == Z set */
+ 0x0F0F, /* NE */
+ 0xCCCC, /* CS == C set */
+ 0x3333, /* CC */
+ 0xFF00, /* MI == N set */
+ 0x00FF, /* PL */
+ 0xAAAA, /* VS == V set */
+ 0x5555, /* VC */
+ 0x0C0C, /* HI == C set && Z clear */
+ 0xF3F3, /* LS == C clear || Z set */
+ 0xAA55, /* GE == (N==V) */
+ 0x55AA, /* LT == (N!=V) */
+ 0x0A05, /* GT == (!Z && (N==V)) */
+ 0xF5FA, /* LE == (Z || (N!=V)) */
+ 0xFFFF, /* AL always */
+ 0 /* NV */
+};
+
+/* Check condition field either from ESR or from SPSR in thumb mode */
+static bool arch_failed_condition(struct trap_context *ctx)
+{
+ u32 class = ESR_EC(ctx->esr);
+ u32 icc = ESR_ICC(ctx->esr);
+ u32 cpsr = ctx->cpsr;
+ u32 flags = cpsr >> 28;
+ u32 cond;
+ /*
+ * Trapped instruction is unconditional, already passed the condition
+ * check, or is invalid
+ */
+ if (class & 0x30 || class == 0)
+ return false;
+
+ /* Is condition field valid? */
+ if (icc & ESR_ICC_CV_BIT) {
+ cond = ESR_ICC_COND(icc);
+ } else {
+ /* This can happen in Thumb mode: examine IT state. */
+ unsigned long it = PSR_IT(cpsr);
+
+ /* it == 0 => unconditional. */
+ if (it == 0)
+ return false;
+
+ /* The cond for this insn works out as the top 4 bits. */
+ cond = (it >> 4);
+ }
+
+ /* Compare the apsr flags with the condition code */
+ if ((cc_map[cond] >> flags) & 1)
+ return false;
+
+ return true;
+}
+
+/*
+ * When exceptions occur while instructions are executed in Thumb IF-THEN
+ * blocks, the ITSTATE field of the CPSR is not advanced (updated), so we have
+ * to do this little bit of work manually. The fields map like this:
+ *
+ * IT[7:0] -> CPSR[26:25],CPSR[15:10]
+ */
+static void arch_advance_itstate(struct trap_context *ctx)
+{
+ unsigned long itbits, cond;
+ unsigned long cpsr = ctx->cpsr;
+
+ if (!(cpsr & PSR_IT_MASK(0xff)))
+ return;
+
+ itbits = PSR_IT(cpsr);
+ cond = itbits >> 5;
+
+ if ((itbits & 0x7) == 0)
+ /* One instruction left in the block, next itstate is 0 */
+ itbits = cond = 0;
+ else
+ itbits = (itbits << 1) & 0x1f;
+
+ itbits |= (cond << 5);
+ cpsr &= ~PSR_IT_MASK(0xff);
+ cpsr |= PSR_IT_MASK(itbits);
+
+ ctx->cpsr = cpsr;
+}
+
+static void arch_skip_instruction(struct trap_context *ctx)
+{
+ u32 instruction_length = ESR_IL(ctx->esr);
+
+ ctx->pc += (instruction_length ? 4 : 2);
+ arch_advance_itstate(ctx);
+}
+
static void access_cell_reg(struct trap_context *ctx, u8 reg,
unsigned long *val, bool is_read)
{
@@ -107,6 +212,15 @@ void arch_handle_trap(struct per_cpu *cpu_data, struct registers *guest_regs)
exception_class = ESR_EC(ctx.esr);
ctx.regs = guest_regs->usr;

+ /*
+ * On some implementations, instructions that fail their condition check
+ * can trap.
+ */
+ if (arch_failed_condition(&ctx)) {
+ arch_skip_instruction(&ctx);
+ goto restore_context;
+ }
+
if (trap_handlers[exception_class])
ret = trap_handlers[exception_class](cpu_data, &ctx);

@@ -116,5 +230,7 @@ void arch_handle_trap(struct per_cpu *cpu_data, struct registers *guest_regs)
while(1);
}

+restore_context:
+ arm_write_banked_reg(SPSR_hyp, ctx.cpsr);
arm_write_banked_reg(ELR_hyp, ctx.pc);
}

This patch uses the kernel config to detect which UART is available.
Currently, only the vexpress platform is implemented.
It assumes that the first UART uses the default, fixed VA->PA mapping
set by the kernel for the vexpress low-level printk.

This is far from ideal: a clean implementation would either need to
communicate the uart address from the driver, or postpone all debug
printks until the hypervisor is able to use its own mappings, as linux
does when earlyprintk is disabled.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/Makefile | 7 +-
hypervisor/arch/arm/dbg-write-pl011.c | 24 ++++++
hypervisor/arch/arm/dbg-write.c | 46 +++++++++++
hypervisor/arch/arm/include/asm/debug.h | 35 ++++++++
hypervisor/arch/arm/include/asm/platform.h | 27 ++++++
hypervisor/arch/arm/include/asm/uart_pl011.h | 113 ++++++++++++++++++++++++++
hypervisor/arch/arm/setup.c | 2 -
7 files changed, 251 insertions(+), 3 deletions(-)
create mode 100644 hypervisor/arch/arm/dbg-write-pl011.c
create mode 100644 hypervisor/arch/arm/dbg-write.c
create mode 100644 hypervisor/arch/arm/include/asm/debug.h
create mode 100644 hypervisor/arch/arm/include/asm/platform.h
create mode 100644 hypervisor/arch/arm/include/asm/uart_pl011.h

diff --git a/hypervisor/arch/arm/Makefile b/hypervisor/arch/arm/Makefile
index 425f221..bb9203c 100644
--- a/hypervisor/arch/arm/Makefile
+++ b/hypervisor/arch/arm/Makefile
@@ -14,4 +14,9 @@ KBUILD_AFLAGS := $(filter-out -include asm/unified.h,$(KBUILD_AFLAGS))

always := built-in.o

-obj-y := entry.o setup.o lib.o
+obj-y := entry.o dbg-write.o setup.o lib.o
+obj-$(CONFIG_ARCH_VEXPRESS) += dbg-write-pl011.o
+
+# Needed for kconfig
+ccflags-y += -I$(KERNELDIR)/include
+asflags-y += -I$(KERNELDIR)/include
diff --git a/hypervisor/arch/arm/dbg-write-pl011.c b/hypervisor/arch/arm/dbg-write-pl011.c
new file mode 100644
index 0000000..06f386f
--- /dev/null
+++ b/hypervisor/arch/arm/dbg-write-pl011.c
@@ -0,0 +1,24 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#include <asm/io.h>
+#include <asm/uart_pl011.h>
+
+/* All the helpers are in the header, to make them re-usable by the inmates */
+void uart_chip_init(struct uart_chip *chip)
+{
+ chip->wait = uart_wait;
+ chip->busy = uart_busy;
+ chip->write = uart_write;
+
+ uart_init(chip);
+}
diff --git a/hypervisor/arch/arm/dbg-write.c b/hypervisor/arch/arm/dbg-write.c
new file mode 100644
index 0000000..411c753
--- /dev/null
+++ b/hypervisor/arch/arm/dbg-write.c
@@ -0,0 +1,46 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#include <asm/debug.h>
+#include <asm/platform.h>
+#include <jailhouse/printk.h>
+#include <jailhouse/processor.h>
+
+static struct uart_chip uart;
+
+void arch_dbg_write_init(void)
+{
+ /* FIXME: parse a device tree */
+ uart.baudrate = 115200;
+ uart.fifo_enabled = true;
+ uart.virt_base = UART_BASE_VIRT;
+ uart.phys_base = UART_BASE_PHYS;
+
+ uart_chip_init(&uart);
+}
+
+void arch_dbg_write(const char *msg)
+{
+ char c;
+
+ while (1) {
+ c = *msg++;
+ if (!c)
+ break;
+
+ uart.wait(&uart);
+ if (panic_in_progress && panic_cpu != phys_processor_id())
+ break;
+ uart.write(&uart, c);
+ uart.busy(&uart);
+ }
+}
diff --git a/hypervisor/arch/arm/include/asm/debug.h b/hypervisor/arch/arm/include/asm/debug.h
new file mode 100644
index 0000000..0df7fdb
--- /dev/null
+++ b/hypervisor/arch/arm/include/asm/debug.h
@@ -0,0 +1,35 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#ifndef JAILHOUSE_ASM_DEBUG_H_
+#define JAILHOUSE_ASM_DEBUG_H_
+
+#include <asm/types.h>
+
+#ifndef __ASSEMBLY__
+
+/* Defines the bare minimum for debug writes */
+struct uart_chip {
+ void *virt_base;
+ void *phys_base;
+ unsigned int baudrate;
+ bool fifo_enabled;
+
+ void (*wait)(struct uart_chip *);
+ void (*busy)(struct uart_chip *);
+ void (*write)(struct uart_chip *, char c);
+};
+
+void uart_chip_init(struct uart_chip *chip);
+
+#endif /* !__ASSEMBLY__ */
+#endif /* !JAILHOUSE_ASM_DEBUG_H_ */
diff --git a/hypervisor/arch/arm/include/asm/platform.h b/hypervisor/arch/arm/include/asm/platform.h
new file mode 100644
index 0000000..f18dd83
--- /dev/null
+++ b/hypervisor/arch/arm/include/asm/platform.h
@@ -0,0 +1,27 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#ifndef _JAILHOUSE_ASM_PLATFORM_H
+#define _JAILHOUSE_ASM_PLATFORM_H
+
+#include <linux/kconfig.h>
+
+#ifndef __ASSEMBLY__
+
+#ifdef CONFIG_ARCH_VEXPRESS
+
+#define UART_BASE_PHYS ((void *)0x1c090000)
+#define UART_BASE_VIRT ((void *)0xf8090000)
+
+#endif /* CONFIG_ARCH_VEXPRESS */
+#endif /* !__ASSEMBLY__ */
+#endif /* !_JAILHOUSE_ASM_PLATFORM_H */
diff --git a/hypervisor/arch/arm/include/asm/uart_pl011.h b/hypervisor/arch/arm/include/asm/uart_pl011.h
new file mode 100644
index 0000000..cfa29f3
--- /dev/null
+++ b/hypervisor/arch/arm/include/asm/uart_pl011.h
@@ -0,0 +1,113 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#ifndef _JAILHOUSE_ASM_DEBUG_PL011_H
+#define _JAILHOUSE_ASM_DEBUG_PL011_H
+
+#include <asm/debug.h>
+#include <asm/io.h>
+#include <asm/processor.h>
+
+#define UART_CLK 24000000
+
+#define UARTDR 0x00
+#define UARTRSR 0x04
+#define UARTECR 0x04
+#define UARTFR 0x18
+#define UARTILPR 0x20
+#define UARTIBRD 0x24
+#define UARTFBRD 0x28
+#define UARTLCR_H 0x2c
+#define UARTCR 0x30
+#define UARTIFLS 0x34
+#define UARTIMSC 0x38
+#define UARTRIS 0x3c
+#define UARTMIS 0x40
+#define UARTICR 0x44
+#define UARTDMACR 0x48
+
+#define UARTFR_RXFF (1 << 6)
+#define UARTFR_TXFE (1 << 7)
+#define UARTFR_TXFF (1 << 5)
+#define UARTFR_RXFE (1 << 4)
+#define UARTFR_BUSY (1 << 3)
+#define UARTFR_DCD (1 << 2)
+#define UARTFR_DSR (1 << 1)
+#define UARTFR_CTS (1 << 0)
+
+#define UARTCR_CTSEn (1 << 15)
+#define UARTCR_RTSEn (1 << 14)
+#define UARTCR_Out2 (1 << 13)
+#define UARTCR_Out1 (1 << 12)
+#define UARTCR_RTS (1 << 11)
+#define UARTCR_DTR (1 << 10)
+#define UARTCR_RXE (1 << 9)
+#define UARTCR_TXE (1 << 8)
+#define UARTCR_LBE (1 << 7)
+#define UARTCR_SIRLP (1 << 2)
+#define UARTCR_SIREN (1 << 1)
+#define UARTCR_EN (1 << 0)
+
+#define UARTLCR_H_SPS (1 << 7)
+#define UARTLCR_H_WLEN (3 << 5)
+#define UARTLCR_H_FEN (1 << 4)
+#define UARTLCR_H_STP2 (1 << 3)
+#define UARTLCR_H_EPS (1 << 2)
+#define UARTLCR_H_PEN (1 << 1)
+#define UARTLCR_H_BRK (1 << 0)
+
+#ifndef __ASSEMBLY__
+
+static void uart_init(struct uart_chip *chip)
+{
+ /* 115200 8N1 */
+ /* FIXME: Can be improved with an implementation of __aeabi_uidiv */
+ u32 bauddiv = UART_CLK / (16 * 115200);
+ void *base = chip->virt_base;
+
+ writew_relaxed(0, base + UARTCR);
+ while (readb_relaxed(base + UARTFR) & UARTFR_BUSY)
+ cpu_relax();
+
+ writeb_relaxed(UARTLCR_H_WLEN, base + UARTLCR_H);
+ writew_relaxed(bauddiv, base + UARTIBRD);
+ writew_relaxed((UARTCR_EN | UARTCR_TXE | UARTCR_RXE | UARTCR_Out1
+ | UARTCR_Out2), base + UARTCR);
+}
+
+static void uart_wait(struct uart_chip *chip)
+{
+ u32 flags;
+
+ do {
+ flags = readl_relaxed(chip->virt_base + UARTFR);
+ cpu_relax();
+ } while (flags & UARTFR_TXFF); /* FIFO full */
+}
+
+static void uart_busy(struct uart_chip *chip)
+{
+ u32 flags;
+
+ do {
+ flags = readl_relaxed(chip->virt_base + UARTFR);
+ cpu_relax();
+ } while (flags & UARTFR_BUSY);
+}
+
+static void uart_write(struct uart_chip *chip, char c)
+{
+ writel_relaxed(c, chip->virt_base + UARTDR);
+}
+
+#endif /* !__ASSEMBLY__ */
+#endif /* !_JAILHOUSE_ASM_DEBUG_PL011_H */
diff --git a/hypervisor/arch/arm/setup.c b/hypervisor/arch/arm/setup.c
index 74dc0e6..99dc79c 100644
--- a/hypervisor/arch/arm/setup.c
+++ b/hypervisor/arch/arm/setup.c
@@ -42,7 +42,6 @@ void arch_cpu_restore(struct per_cpu *cpu_data)
#include <jailhouse/control.h>
#include <jailhouse/string.h>
#include <jailhouse/paging.h>
-void arch_dbg_write_init(void) {}
void arch_suspend_cpu(unsigned int cpu_id) {}
void arch_resume_cpu(unsigned int cpu_id) {}
void arch_reset_cpu(unsigned int cpu_id) {}
@@ -59,7 +58,6 @@ int arch_unmap_memory_region(struct cell *cell,
void arch_cell_destroy(struct per_cpu *cpu_data, struct cell *new_cell) {}
void arch_config_commit(struct per_cpu *cpu_data,
struct cell *cell_added_removed) {}
-void arch_dbg_write(const char *msg) {}
void arch_shutdown(void) {}
unsigned long arch_page_map_gphys2phys(struct per_cpu *cpu_data,
unsigned long gphys)

Most armv7-compatible toolchains still need an additional flag to
recognise instructions such as ERET or an MSR to banked registers.
This patch allows to includes the virt flag in files that require it.
It also forces the hypervisor image to only use the ARM instruction
set.
Support for Thumb2 hypervisor and kernel will be added later.
Guests should still be able to run in Thumb2, as long as they allow
to be entered in ARM mode.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/Makefile | 4 ++++
hypervisor/arch/arm/Makefile | 1 -
hypervisor/arch/arm/entry.S | 1 +
hypervisor/arch/arm/include/asm/head.h | 24 ++++++++++++++++++++++++
4 files changed, 29 insertions(+), 1 deletion(-)
create mode 100644 hypervisor/arch/arm/include/asm/head.h

diff --git a/hypervisor/Makefile b/hypervisor/Makefile
index 827209f..688d7f0 100644
--- a/hypervisor/Makefile
+++ b/hypervisor/Makefile
@@ -21,6 +21,10 @@ KBUILD_CFLAGS += -mcmodel=kernel
KBUILD_CPPFLAGS += -m64
endif

+ifeq ($(SRCARCH),arm)
+KBUILD_CFLAGS += -marm
+endif
+
ifneq ($(wildcard $(src)/include/jailhouse/config.h),)
KBUILD_CFLAGS += -include $(src)/include/jailhouse/config.h
endif
diff --git a/hypervisor/arch/arm/Makefile b/hypervisor/arch/arm/Makefile
index d5991cd..6ceb061 100644
--- a/hypervisor/arch/arm/Makefile
+++ b/hypervisor/arch/arm/Makefile
@@ -14,5 +14,4 @@ KBUILD_AFLAGS := $(filter-out -include asm/unified.h,$(KBUILD_AFLAGS))

always := built-in.o

-#obj-y := dbg-write.o entry.o setup.o fault.o control.o mmio.o
obj-y := entry.o setup.o
diff --git a/hypervisor/arch/arm/entry.S b/hypervisor/arch/arm/entry.S
index c374614..25325a0 100644
--- a/hypervisor/arch/arm/entry.S
+++ b/hypervisor/arch/arm/entry.S
@@ -10,6 +10,7 @@
* the COPYING file in the top-level directory.
*/

+#include <asm/head.h>
#include <asm/percpu.h>

/* Entry point for Linux loader module on JAILHOUSE_ENABLE */
diff --git a/hypervisor/arch/arm/include/asm/head.h b/hypervisor/arch/arm/include/asm/head.h
new file mode 100644
index 0000000..aee1ade
--- /dev/null
+++ b/hypervisor/arch/arm/include/asm/head.h
@@ -0,0 +1,24 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#ifndef _JAILHOUSE_ASM_HEAD_H
+#define _JAILHOUSE_ASM_HEAD_H_
+
+#ifdef __ASSEMBLY__
+ .arch_extension virt
+ .arm
+ .syntax unified
+#else
+ asm(".arch_extension virt\n");
+#endif
+
+#endif /* !_JAILHOUSE_ASM_HEAD_H */

This patch adds a few simple macros that allow the C code to use
specific ARM instructions.
The memory_barrier helper is only used to commit the changes of cpu_init
on the last core before allowing the others to return to EL1.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/include/asm/processor.h | 10 ++++++++++
1 file changed, 10 insertions(+)

diff --git a/hypervisor/arch/arm/include/asm/processor.h b/hypervisor/arch/arm/include/asm/processor.h
index ef76687..25bab65 100644
--- a/hypervisor/arch/arm/include/asm/processor.h
+++ b/hypervisor/arch/arm/include/asm/processor.h
@@ -20,12 +20,22 @@
struct registers {
};

+#define dmb(domain) asm volatile("dmb " #domain "\n" ::: "memory")
+#define dsb(domain) asm volatile("dsb " #domain "\n" ::: "memory")
+#define isb() asm volatile("isb\n")
+
+#define wfe() asm volatile("wfe\n")
+#define wfi() asm volatile("wfi\n")
+#define sev() asm volatile("sev\n")
+
static inline void cpu_relax(void)
{
+ asm volatile("" : : : "memory");
}

static inline void memory_barrier(void)
{
+ dmb(ish);
}

#endif /* !__ASSEMBLY__ */

There is no need for any code in init_late for the moment. The x86 side
uses it to initialise vtd and pci for the root cell.
This patch allows to run a complete hypervisor setup from the driver and
return to the kernel normally.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/setup.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hypervisor/arch/arm/setup.c b/hypervisor/arch/arm/setup.c
index 08761d3..ef18a7d 100644
--- a/hypervisor/arch/arm/setup.c
+++ b/hypervisor/arch/arm/setup.c
@@ -80,7 +80,7 @@ int arch_cpu_init(struct per_cpu *cpu_data)

int arch_init_late(void)
{
- return -ENOSYS;
+ return 0;
}

void arch_cpu_activate_vmm(struct per_cpu *cpu_data)

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/include/asm/bitops.h | 90 ++++++++++++++++++++++++++----
1 file changed, 80 insertions(+), 10 deletions(-)

diff --git a/hypervisor/arch/arm/include/asm/bitops.h b/hypervisor/arch/arm/include/asm/bitops.h
index fd3d785..de63d39 100644
--- a/hypervisor/arch/arm/include/asm/bitops.h
+++ b/hypervisor/arch/arm/include/asm/bitops.h
@@ -15,41 +15,111 @@

#include <asm/types.h>

+#ifndef __ASSEMBLY__
+
+#define BITOPT_ALIGN(bits, addr) \
+ do { \
+ (addr) = (unsigned long *)((u32)(addr) & ~0x3) \
+ + (bits) / BITS_PER_LONG; \
+ (bits) %= BITS_PER_LONG; \
+ } while (0)
+
+/* Load the cacheline in exclusive state */
+#define PRELOAD(addr) \
+ asm volatile (".arch_extension mp\n" \
+ "pldw %0\n" \
+ : "+Qo" (*(volatile unsigned long *)addr));
+
static inline __attribute__((always_inline)) void
clear_bit(int nr, volatile unsigned long *addr)
{
+ unsigned long ret, val;
+
+ BITOPT_ALIGN(nr, addr);
+
+ PRELOAD(addr);
+ do {
+ asm volatile (
+ "ldrex %1, %2\n"
+ "bic %1, %3\n"
+ "strex %0, %1, %2\n"
+ : "=r" (ret), "=r" (val),
+ /* Declare the clobbering of this address to the compiler */
+ "+Qo" (*(volatile unsigned long *)addr)
+ : "r" (1 << nr));
+ } while (ret);
}

static inline __attribute__((always_inline)) void
set_bit(unsigned int nr, volatile unsigned long *addr)
{
+ unsigned long ret, val;
+
+ BITOPT_ALIGN(nr, addr);
+
+ PRELOAD(addr);
+ do {
+ asm volatile (
+ "ldrex %1, %2\n"
+ "orr %1, %3\n"
+ "strex %0, %1, %2\n"
+ : "=r" (ret), "=r" (val),
+ "+Qo" (*(volatile unsigned long *)addr)
+ : "r" (1 << nr));
+ } while (ret);
}

static inline __attribute__((always_inline)) int
-constant_test_bit(unsigned int nr, const volatile unsigned long *addr)
+test_bit(unsigned int nr, const volatile unsigned long *addr)
{
return ((1UL << (nr % BITS_PER_LONG)) &
(addr[nr / BITS_PER_LONG])) != 0;
}

-static inline int variable_test_bit(int nr, volatile const unsigned long *addr)
+static inline int test_and_set_bit(int nr, volatile unsigned long *addr)
{
- return 0;
+ unsigned long ret, val, test;
+
+ BITOPT_ALIGN(nr, addr);
+
+ PRELOAD(addr);
+ do {
+ asm volatile (
+ "ldrex %1, %3\n"
+ "ands %2, %1, %4\n"
+ "it eq\n"
+ "orreq %1, %4\n"
+ "strex %0, %1, %3\n"
+ : "=r" (ret), "=r" (val), "=r" (test),
+ "+Qo" (*(volatile unsigned long *)addr)
+ : "r" (1 << nr));
+ } while (ret);
+
+ return !!(test);
}

-#define test_bit(nr, addr) \
- (__builtin_constant_p((nr)) \
- ? constant_test_bit((nr), (addr)) \
- : variable_test_bit((nr), (addr)))

-static inline int test_and_set_bit(int nr, volatile unsigned long *addr)
+/* Count leading zeroes */
+static inline unsigned long clz(unsigned long word)
+{
+ unsigned long val;
+ asm volatile ("clz %0, %1\n" : "=r" (val) : "r" (word));
+ return val;
+}
+
+/* Returns the position of the least significant 1, MSB=31, LSB=0*/
+static inline unsigned long ffsl(unsigned long word)
{
- return 0;
+ if (!word)
+ return 0;
+ asm volatile ("rbit %0, %0\n" : "+r" (word));
+ return clz(word);
}

static inline unsigned long ffzl(unsigned long word)
{
- return 0;
+ return ffsl(~word);
}

+#endif /* !__ASSEMBLY__ */
#endif /* !_JAILHOUSE_ASM_BITOPS_H */

Assuming there is a GIC distributor at address GICD_BASE, this patch
checks its version and call the gic init function. Linux's kconfig header
is used to guess the base address of the distributor.
Ideally, a device tree would be passed to the hypervisor in the root
cell's config, allowing to remove all constant base addresses.

The patch also assumes that most of the GIC has been setup by Linux prior
to the hypervisor installation, and only initialises the vGIC.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/Makefile | 1 +
hypervisor/arch/arm/gic-v3.c | 159 +++++++++++++++++
hypervisor/arch/arm/include/asm/gic_common.h | 43 +++++
hypervisor/arch/arm/include/asm/gic_v3.h | 248 ++++++++++++++++++++++++++
hypervisor/arch/arm/include/asm/io.h | 3 +
hypervisor/arch/arm/include/asm/percpu.h | 4 +-
hypervisor/arch/arm/include/asm/platform.h | 18 +-
hypervisor/arch/arm/irqchip.c | 51 +++++-
8 files changed, 522 insertions(+), 5 deletions(-)
create mode 100644 hypervisor/arch/arm/gic-v3.c
create mode 100644 hypervisor/arch/arm/include/asm/gic_common.h
create mode 100644 hypervisor/arch/arm/include/asm/gic_v3.h

diff --git a/hypervisor/arch/arm/Makefile b/hypervisor/arch/arm/Makefile
index 3932f85..78890ef 100644
--- a/hypervisor/arch/arm/Makefile
+++ b/hypervisor/arch/arm/Makefile
@@ -17,6 +17,7 @@ always := built-in.o
obj-y := entry.o dbg-write.o exception.o setup.o lib.o traps.o
obj-y += paging.o mmu_hyp.o mmu_cell.o
obj-y += irqchip.o
+obj-$(CONFIG_ARM_GIC_V3) += gic-v3.o
obj-$(CONFIG_ARCH_VEXPRESS) += dbg-write-pl011.o

# Needed for kconfig
diff --git a/hypervisor/arch/arm/gic-v3.c b/hypervisor/arch/arm/gic-v3.c
new file mode 100644
index 0000000..b8ffaa8
--- /dev/null
+++ b/hypervisor/arch/arm/gic-v3.c
@@ -0,0 +1,159 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#include <asm/types.h>
+#include <asm/io.h>
+#include <asm/irqchip.h>
+#include <asm/gic_common.h>
+#include <asm/platform.h>
+#include <asm/setup.h>
+#include <jailhouse/printk.h>
+#include <jailhouse/processor.h>
+
+/*
+ * This implementation assumes that the kernel driver already initialised most
+ * of the GIC.
+ * There is almost no instruction barrier, since IRQs are always disabled in the
+ * hyp, and ERET serves as the context synchronization event.
+ */
+
+static unsigned int gic_num_lr;
+
+static void *gicr_base;
+static unsigned int gicr_size;
+
+static int gic_init(void)
+{
+ int err;
+
+ /* FIXME: parse a dt */
+ gicr_base = GICR_BASE;
+ gicr_size = GICR_SIZE;
+
+ /* Let the per-cpu code access the redistributors */
+ err = arch_map_device(gicr_base, gicr_base, gicr_size);
+
+ return err;
+}
+
+static int gic_cpu_init(struct per_cpu *cpu_data)
+{
+ u64 typer;
+ u32 pidr;
+ u32 gic_version;
+ u32 cell_icc_ctlr, cell_icc_pmr, cell_icc_igrpen1;
+ u32 ich_vtr;
+ u32 ich_vmcr;
+ void *redist_base = gicr_base;
+
+ /* Find redistributor */
+ do {
+ pidr = readl_relaxed(redist_base + GICR_PIDR2);
+ gic_version = GICR_PIDR2_ARCH(pidr);
+ if (gic_version != 3 && gic_version != 4)
+ break;
+
+ typer = readq_relaxed(redist_base + GICR_TYPER);
+ if ((typer >> 32) == cpu_data->cpu_id) {
+ cpu_data->gicr_base = redist_base;
+ break;
+ }
+
+ redist_base += 0x20000;
+ if (gic_version == 4)
+ redist_base += 0x20000;
+ } while (!(typer & GICR_TYPER_Last));
+
+ if (cpu_data->gicr_base == 0) {
+ printk("GIC: No redist found for CPU%d\n", cpu_data->cpu_id);
+ return -ENODEV;
+ }
+
+ /* Ensure all IPIs are enabled */
+ writel_relaxed(0x0000ffff, redist_base + GICR_SGI_BASE + GICR_ISENABLER);
+
+ /*
+ * Set EOIMode to 1
+ * This allow to drop the priority of level-triggered interrupts without
+ * deactivating them, and thus ensure that they won't be immediately
+ * re-triggered. (e.g. timer)
+ * They can then be injected into the guest using the LR.HW bit, and
+ * will be deactivated once the guest does an EOI after handling the
+ * interrupt source.
+ */
+ arm_read_sysreg(ICC_CTLR_EL1, cell_icc_ctlr);
+ arm_write_sysreg(ICC_CTLR_EL1, ICC_CTLR_EOImode);
+
+ arm_read_sysreg(ICC_PMR_EL1, cell_icc_pmr);
+ arm_write_sysreg(ICC_PMR_EL1, ICC_PMR_DEFAULT);
+
+ arm_read_sysreg(ICC_IGRPEN1_EL1, cell_icc_igrpen1);
+ arm_write_sysreg(ICC_IGRPEN1_EL1, ICC_IGRPEN1_EN);
+
+ arm_read_sysreg(ICH_VTR_EL2, ich_vtr);
+ gic_num_lr = (ich_vtr & 0xf) + 1;
+
+ ich_vmcr = (cell_icc_pmr & ICC_PMR_MASK) << ICH_VMCR_VPMR_SHIFT;
+ if (cell_icc_igrpen1 & ICC_IGRPEN1_EN)
+ ich_vmcr |= ICH_VMCR_VENG1;
+ if (cell_icc_ctlr & ICC_CTLR_EOImode)
+ ich_vmcr |= ICH_VMCR_VEOIM;
+ arm_write_sysreg(ICH_VMCR_EL2, ich_vmcr);
+
+ /* After this, the cells access the virtual interface of the GIC. */
+ arm_write_sysreg(ICH_HCR_EL2, ICH_HCR_EN);
+
+ return 0;
+}
+
+static int gic_send_sgi(struct sgi *sgi)
+{
+ u64 val;
+ u16 targets = sgi->targets;
+
+ if (!is_sgi(sgi->id))
+ return -EINVAL;
+
+ if (sgi->routing_mode == 2)
+ targets = 1 << phys_processor_id();
+
+ val = (u64)sgi->aff3 << ICC_SGIR_AFF3_SHIFT
+ | (u64)sgi->aff2 << ICC_SGIR_AFF2_SHIFT
+ | sgi->aff1 << ICC_SGIR_AFF1_SHIFT
+ | (targets & ICC_SGIR_TARGET_MASK)
+ | (sgi->id & 0xf) << ICC_SGIR_IRQN_SHIFT;
+
+ if (sgi->routing_mode == 1)
+ val |= ICC_SGIR_ROUTING_BIT;
+
+ /*
+ * Ensure the targets see our modifications to their per-cpu
+ * structures.
+ */
+ dsb(ish);
+
+ arm_write_sysreg(ICC_SGI1R_EL1, val);
+ isb();
+
+ return 0;
+}
+
+static void gic_handle_irq(struct per_cpu *cpu_data)
+{
+}
+
+struct irqchip_ops gic_irqchip = {
+ .init = gic_init,
+ .cpu_init = gic_cpu_init,
+ .send_sgi = gic_send_sgi,
+ .handle_irq = gic_handle_irq,
+};
diff --git a/hypervisor/arch/arm/include/asm/gic_common.h b/hypervisor/arch/arm/include/asm/gic_common.h
new file mode 100644
index 0000000..d2ff6ac
--- /dev/null
+++ b/hypervisor/arch/arm/include/asm/gic_common.h
@@ -0,0 +1,43 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#ifndef _JAILHOUSE_ASM_GIC_COMMON_H
+#define _JAILHOUSE_ASM_GIC_COMMON_H
+
+#include <asm/types.h>
+
+#define GICD_CTLR 0x0000
+#define GICD_TYPER 0x0004
+#define GICD_IIDR 0x0008
+#define GICD_IGROUPR 0x0080
+#define GICD_ISENABLER 0x0100
+#define GICD_ICENABLER 0x0180
+#define GICD_ISPENDR 0x0200
+#define GICD_ICPENDR 0x0280
+#define GICD_ISACTIVER 0x0300
+#define GICD_ICACTIVER 0x0380
+#define GICD_IPRIORITYR 0x0400
+#define GICD_ITARGETSR 0x0800
+#define GICD_ICFGR 0x0c00
+#define GICD_NSACR 0x0e00
+#define GICD_SGIR 0x0f00
+#define GICD_CPENDSGIR 0x0f10
+#define GICD_SPENDSGIR 0x0f20
+#define GICD_IROUTER 0x6000
+
+#define GICD_PIDR2_ARCH(pidr) (((pidr) & 0xf0) >> 4)
+
+#define is_sgi(irqn) ((u32)(irqn) < 16)
+#define is_ppi(irqn) ((irqn) > 15 && (irqn) < 32)
+#define is_spi(irqn) ((irqn) > 31 && (irqn) < 1020)
+
+#endif /* !_JAILHOUSE_ASM_GIC_COMMON_H */
diff --git a/hypervisor/arch/arm/include/asm/gic_v3.h b/hypervisor/arch/arm/include/asm/gic_v3.h
new file mode 100644
index 0000000..6768e7b
--- /dev/null
+++ b/hypervisor/arch/arm/include/asm/gic_v3.h
@@ -0,0 +1,248 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#ifndef _JAILHOUSE_ASM_GIC_V3_H
+#define _JAILHOUSE_ASM_GIC_V3_H
+
+#include <asm/sysregs.h>
+
+#define GICD_CIDR0 0xfff0
+#define GICD_CIDR1 0xfff4
+#define GICD_CIDR2 0xfff8
+#define GICD_CIDR3 0xfffc
+
+#define GICD_PIDR0 0xffe0
+#define GICD_PIDR1 0xffe4
+#define GICD_PIDR2 0xffe8
+#define GICD_PIDR3 0xffec
+#define GICD_PIDR4 0xffd0
+#define GICD_PIDR5 0xffd4
+#define GICD_PIDR6 0xffd8
+#define GICD_PIDR7 0xffdc
+
+#define GICR_CTLR GICD_CTLR
+#define GICR_TYPER 0x0008
+#define GICR_WAKER 0x0014
+#define GICR_CIDR0 GICD_CIDR0
+#define GICR_CIDR1 GICD_CIDR1
+#define GICR_CIDR2 GICD_CIDR2
+#define GICR_CIDR3 GICD_CIDR3
+#define GICR_PIDR0 GICD_PIDR0
+#define GICR_PIDR1 GICD_PIDR1
+#define GICR_PIDR2 GICD_PIDR2
+#define GICR_PIDR3 GICD_PIDR3
+#define GICR_PIDR4 GICD_PIDR4
+#define GICR_PIDR5 GICD_PIDR5
+#define GICR_PIDR6 GICD_PIDR6
+#define GICR_PIDR7 GICD_PIDR7
+
+#define GICR_SGI_BASE 0x10000
+#define GICR_IGROUPR GICD_IGROUPR
+#define GICR_ISENABLER GICD_ISENABLER
+#define GICR_ICENABLER GICD_ICENABLER
+#define GICR_ISACTIVER GICD_ISACTIVER
+#define GICR_ICACTIVER GICD_ICACTIVER
+#define GICR_IPRIORITY GICD_IPRIORITY
+
+#define GICR_TYPER_Last (1 << 4)
+#define GICR_PIDR2_ARCH GICD_PIDR2_ARCH
+
+#define ICC_IAR1_EL1 SYSREG_32(0, c12, c12, 0)
+#define ICC_EOIR1_EL1 SYSREG_32(0, c12, c12, 1)
+#define ICC_HPPIR1_EL1 SYSREG_32(0, c12, c12, 2)
+#define ICC_BPR1_EL1 SYSREG_32(0, c12, c12, 3)
+#define ICC_DIR_EL1 SYSREG_32(0, c12, c11, 1)
+#define ICC_PMR_EL1 SYSREG_32(0, c4, c6, 0)
+#define ICC_RPR_EL1 SYSREG_32(0, c12, c11, 3)
+#define ICC_CTLR_EL1 SYSREG_32(0, c12, c12, 4)
+#define ICC_SRE_EL1 SYSREG_32(0, c12, c12, 5)
+#define ICC_SRE_EL2 SYSREG_32(4, c12, c9, 5)
+#define ICC_IGRPEN1_EL1 SYSREG_32(0, c12, c12, 7)
+#define ICC_SGI1R_EL1 SYSREG_64(0, c12)
+
+#define ICH_HCR_EL2 SYSREG_32(4, c12, c11, 0)
+#define ICH_VTR_EL2 SYSREG_32(4, c12, c11, 1)
+#define ICH_MISR_EL2 SYSREG_32(4, c12, c11, 2)
+#define ICH_EISR_EL2 SYSREG_32(4, c12, c11, 3)
+#define ICH_ELSR_EL2 SYSREG_32(4, c12, c11, 5)
+#define ICH_VMCR_EL2 SYSREG_32(4, c12, c11, 7)
+
+/* Different on AArch32 and AArch64... */
+#define __ICH_LR0(x) SYSREG_32(4, c12, c12, x)
+#define __ICH_LR8(x) SYSREG_32(4, c12, c13, x)
+#define __ICH_LRC0(x) SYSREG_32(4, c12, c14, x)
+#define __ICH_LRC8(x) SYSREG_32(4, c12, c15, x)
+
+#define ICH_LR0 __ICH_LR0(0)
+#define ICH_LR1 __ICH_LR0(1)
+#define ICH_LR2 __ICH_LR0(2)
+#define ICH_LR3 __ICH_LR0(3)
+#define ICH_LR4 __ICH_LR0(4)
+#define ICH_LR5 __ICH_LR0(5)
+#define ICH_LR6 __ICH_LR0(6)
+#define ICH_LR7 __ICH_LR0(7)
+#define ICH_LR8 __ICH_LR8(0)
+#define ICH_LR9 __ICH_LR8(1)
+#define ICH_LR10 __ICH_LR8(2)
+#define ICH_LR11 __ICH_LR8(3)
+#define ICH_LR12 __ICH_LR8(4)
+#define ICH_LR13 __ICH_LR8(5)
+#define ICH_LR14 __ICH_LR8(6)
+#define ICH_LR15 __ICH_LR8(7)
+#define ICH_LRC0 __ICH_LRC0(0)
+#define ICH_LRC1 __ICH_LRC0(1)
+#define ICH_LRC2 __ICH_LRC0(2)
+#define ICH_LRC3 __ICH_LRC0(3)
+#define ICH_LRC4 __ICH_LRC0(4)
+#define ICH_LRC5 __ICH_LRC0(5)
+#define ICH_LRC6 __ICH_LRC0(6)
+#define ICH_LRC7 __ICH_LRC0(7)
+#define ICH_LRC8 __ICH_LRC8(0)
+#define ICH_LRC9 __ICH_LRC8(1)
+#define ICH_LRC10 __ICH_LRC8(2)
+#define ICH_LRC11 __ICH_LRC8(3)
+#define ICH_LRC12 __ICH_LRC8(4)
+#define ICH_LRC13 __ICH_LRC8(5)
+#define ICH_LRC14 __ICH_LRC8(6)
+#define ICH_LRC15 __ICH_LRC8(7)
+
+#define ICC_CTLR_EOImode 0x2
+#define ICC_PMR_MASK 0xff
+#define ICC_PMR_DEFAULT 0xf0
+#define ICC_IGRPEN1_EN 0x1
+
+#define ICC_SGIR_AFF3_SHIFT 48
+#define ICC_SGIR_AFF2_SHIFT 32
+#define ICC_SGIR_AFF1_SHIFT 16
+#define ICC_SGIR_TARGET_MASK 0xffff
+#define ICC_SGIR_IRQN_SHIFT 24
+#define ICC_SGIR_ROUTING_BIT (1ULL << 40)
+
+#define ICH_HCR_EN (1 << 0)
+#define ICH_HCR_UIE (1 << 1)
+#define ICH_HCR_LRENPIE (1 << 2)
+#define ICH_HCR_NPIE (1 << 3)
+#define ICH_HCR_VGRP0EIE (1 << 4)
+#define ICH_HCR_VGRP0DIE (1 << 5)
+#define ICH_HCR_VGRP1EIE (1 << 6)
+#define ICH_HCR_VGRP1DIE (1 << 7)
+#define ICH_HCR_VARE (1 << 9)
+#define ICH_HCR_TC (1 << 10)
+#define ICH_HCR_TALL0 (1 << 11)
+#define ICH_HCR_TALL1 (1 << 12)
+#define ICH_HCR_TSEI (1 << 13)
+#define ICH_HCR_EOICount (0x1f << 27)
+
+#define ICH_MISR_EOI (1 << 0)
+#define ICH_MISR_U (1 << 1)
+#define ICH_MISR_LRENP (1 << 2)
+#define ICH_MISR_NP (1 << 3)
+#define ICH_MISR_VGRP0E (1 << 4)
+#define ICH_MISR_VGRP0D (1 << 5)
+#define ICH_MISR_VGRP1E (1 << 6)
+#define ICH_MISR_VGRP1D (1 << 7)
+
+#define ICH_VMCR_VENG0 (1 << 0)
+#define ICH_VMCR_VENG1 (1 << 1)
+#define ICH_VMCR_VACKCTL (1 << 2)
+#define ICH_VMCR_VFIQEN (1 << 3)
+#define ICH_VMCR_VCBPR (1 << 4)
+#define ICH_VMCR_VEOIM (1 << 9)
+#define ICH_VMCR_VBPR1_SHIFT 18
+#define ICH_VMCR_VBPR0_SHIFT 21
+#define ICH_VMCR_VPMR_SHIFT 24
+
+/* List registers upper bits */
+#define ICH_LR_INVALID (0x0ULL << 62)
+#define ICH_LR_PENDING (0x1ULL << 62)
+#define ICH_LR_ACTIVE (0x2ULL << 62)
+#define ICH_LR_PENDACTIVE (0x3ULL << 62)
+#define ICH_LR_HW_BIT (0x1ULL << 61)
+#define ICH_LR_GROUP_BIT (0x1ULL << 60)
+#define ICH_LR_PRIORITY_SHIFT 48
+#define ICH_LR_SGI_EOI (0x1ULL << 41)
+#define ICH_LR_PHYS_ID_SHIFT 32
+
+#ifndef __ASSEMBLY__
+
+#include <asm/types.h>
+
+static inline u64 gic_read_lr(unsigned int n)
+{
+ u32 lr, lrc;
+
+ switch (n) {
+#define __READ_LR(n) \
+ case n: \
+ arm_read_sysreg(ICH_LR##n, lr); \
+ arm_read_sysreg(ICH_LRC##n, lrc); \
+ break;
+
+ __READ_LR(0)
+ __READ_LR(1)
+ __READ_LR(2)
+ __READ_LR(3)
+ __READ_LR(4)
+ __READ_LR(5)
+ __READ_LR(6)
+ __READ_LR(7)
+ __READ_LR(8)
+ __READ_LR(9)
+ __READ_LR(10)
+ __READ_LR(11)
+ __READ_LR(12)
+ __READ_LR(13)
+ __READ_LR(14)
+ __READ_LR(15)
+#undef __READ_LR
+
+ default:
+ return (u64)(-1);
+ }
+
+ return (u64)lrc << 32 | lr;
+}
+
+static inline void gic_write_lr(unsigned int n, u64 val)
+{
+ u32 lr = (u32)val;
+ u32 lrc = val >> 32;
+
+ switch (n) {
+#define __WRITE_LR(n) \
+ case n: \
+ arm_write_sysreg(ICH_LR##n, lr); \
+ arm_write_sysreg(ICH_LRC##n, lrc); \
+ break;
+
+ __WRITE_LR(0)
+ __WRITE_LR(1)
+ __WRITE_LR(2)
+ __WRITE_LR(3)
+ __WRITE_LR(4)
+ __WRITE_LR(5)
+ __WRITE_LR(6)
+ __WRITE_LR(7)
+ __WRITE_LR(8)
+ __WRITE_LR(9)
+ __WRITE_LR(10)
+ __WRITE_LR(11)
+ __WRITE_LR(12)
+ __WRITE_LR(13)
+ __WRITE_LR(14)
+ __WRITE_LR(15)
+#undef __WRITE_LR
+ }
+}
+
+#endif /* __ASSEMBLY__ */
+#endif /* _JAILHOUSE_ASM_GIC_V3_H */
diff --git a/hypervisor/arch/arm/include/asm/io.h b/hypervisor/arch/arm/include/asm/io.h
index 10705f5..21f085b 100644
--- a/hypervisor/arch/arm/include/asm/io.h
+++ b/hypervisor/arch/arm/include/asm/io.h
@@ -15,6 +15,9 @@

#include <asm/types.h>

+/* AMBA's biosfood */
+#define AMBA_DEVICE 0xb105f00d
+
#ifndef __ASSEMBLY__

static inline void writeb_relaxed(u8 val, volatile void *addr)
diff --git a/hypervisor/arch/arm/include/asm/percpu.h b/hypervisor/arch/arm/include/asm/percpu.h
index b361116..e224254 100644
--- a/hypervisor/arch/arm/include/asm/percpu.h
+++ b/hypervisor/arch/arm/include/asm/percpu.h
@@ -36,7 +36,9 @@ struct per_cpu {
unsigned long linux_reg[NUM_ENTRY_REGS];

unsigned int cpu_id;
-// u32 apic_id;
+ /* Only GICv3: redistributor base */
+ void *gicr_base;
+
struct cell *cell;

u32 stats[JAILHOUSE_NUM_CPU_STATS];
diff --git a/hypervisor/arch/arm/include/asm/platform.h b/hypervisor/arch/arm/include/asm/platform.h
index f18dd83..a69d744 100644
--- a/hypervisor/arch/arm/include/asm/platform.h
+++ b/hypervisor/arch/arm/include/asm/platform.h
@@ -15,12 +15,26 @@

#include <linux/kconfig.h>

+/*
+ * All those things are defined in the device tree. This header *must*
+ * disappear. The GIC includes will need to be sanitized in order to avoid ID
+ * naming conflicts.
+ */
#ifndef __ASSEMBLY__

#ifdef CONFIG_ARCH_VEXPRESS

-#define UART_BASE_PHYS ((void *)0x1c090000)
-#define UART_BASE_VIRT ((void *)0xf8090000)
+# define UART_BASE_PHYS ((void *)0x1c090000)
+# define UART_BASE_VIRT ((void *)0xf8090000)
+
+# ifdef CONFIG_ARM_GIC_V3
+# define GICD_BASE ((void *)0x2f000000)
+# define GICD_SIZE 0x10000
+# define GICR_BASE ((void *)0x2f100000)
+# define GICR_SIZE 0x100000
+
+# include <asm/gic_v3.h>
+# endif /* GIC */

#endif /* CONFIG_ARCH_VEXPRESS */
#endif /* !__ASSEMBLY__ */
diff --git a/hypervisor/arch/arm/irqchip.c b/hypervisor/arch/arm/irqchip.c
index 67eef60..8fb4415 100644
--- a/hypervisor/arch/arm/irqchip.c
+++ b/hypervisor/arch/arm/irqchip.c
@@ -10,13 +10,20 @@
* the COPYING file in the top-level directory.
*/

+#include <asm/gic_common.h>
#include <asm/irqchip.h>
+#include <asm/io.h>
+#include <asm/platform.h>
+#include <asm/setup.h>
#include <asm/sysregs.h>
#include <jailhouse/entry.h>
#include <jailhouse/paging.h>
#include <jailhouse/printk.h>
#include <jailhouse/string.h>

+void *gicd_base;
+unsigned long gicd_size;
+
/*
* The init function must be called after the MMU setup, and whilst in the
* per-cpu setup, which means that a bool must be set by the master CPU
@@ -42,14 +49,54 @@ int irqchip_cpu_init(struct per_cpu *cpu_data)
return 0;
}

+/* Only the GIC is implemented */
+extern struct irqchip_ops gic_irqchip;
+
int irqchip_init(void)
{
+ int i, err;
+ u32 pidr2, cidr;
+ u32 dev_id = 0;
+
/* Only executed on master CPU */
if (irqchip_is_init)
return 0;

- memset(&irqchip, 0, sizeof(irqchip));
- irqchip_is_init = true;
+ /* FIXME: parse device tree */
+ gicd_base = GICD_BASE;
+ gicd_size = GICD_SIZE;
+
+ if ((err = arch_map_device(gicd_base, gicd_base, gicd_size)) != 0)
+ return err;
+
+ for (i = 3; i >= 0; i--) {
+ cidr = readl_relaxed(gicd_base + GICD_CIDR0 + i * 4);
+ dev_id |= cidr << i * 8;
+ }
+ if (dev_id != AMBA_DEVICE)
+ goto err_no_distributor;
+
+ /* Probe the GIC version */
+ pidr2 = readl_relaxed(gicd_base + GICD_PIDR2);
+ switch (GICD_PIDR2_ARCH(pidr2)) {
+ case 0x2:
+ break;
+ case 0x3:
+ case 0x4:
+ memcpy(&irqchip, &gic_irqchip, sizeof(struct irqchip_ops));
+ break;
+ }
+
+ if (irqchip.init) {
+ err = irqchip.init();
+ irqchip_is_init = true;
+
+ return err;
+ }
+
+err_no_distributor:
+ printk("GIC: no distributor found\n");
+ arch_unmap_device(gicd_base, gicd_size);

return -ENODEV;
}

This patch enables the EL2 stage-1 MMU, after the core initialisation of
all the paging structures needed by the hypervisor.
The arm backend also needs to map the needed devices for MMIOs. In order
to stay compatible with the linux ioremaps (which is quite dodgy, cf.
ecfa8d1a), the UART is still accessed through high memory, but the GIC
should be accessed at its real address.

Some temporary mappings allow the mmu setup code to run at its physical
address while enabling the translations. Given the current hypervisor
configuration, there shouldn't be any conflict with existing mappings.
Once the PE runs at EL2, the HTTBR is installed, setup_mmu jumps back to
the virtual addresses, and the identity mappings are deleted.

This patch attempts to make most of the process 64bit-compatible. Only a
small bit of assembly is needed, which calls phys2hvirt and hvirt2phys
to translate the lr and sp addresses. Since these functions consist of
simple additions, they are currently harmless. This code would blow up
if they needed to dereference some pointers one day, but it should be
safe for the time being.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/Makefile | 1 +
hypervisor/arch/arm/include/asm/processor.h | 31 +++++
hypervisor/arch/arm/include/asm/sections.lds | 7 +
hypervisor/arch/arm/include/asm/setup.h | 5 +-
hypervisor/arch/arm/include/asm/setup_mmu.h | 20 +++
hypervisor/arch/arm/include/asm/sysregs.h | 37 +++++
hypervisor/arch/arm/mmu_hyp.c | 193 ++++++++++++++++++++++++++
hypervisor/arch/arm/setup.c | 4 +-
8 files changed, 294 insertions(+), 4 deletions(-)
create mode 100644 hypervisor/arch/arm/include/asm/sections.lds

diff --git a/hypervisor/Makefile b/hypervisor/Makefile
index 688d7f0..00fbf3d 100644
--- a/hypervisor/Makefile
+++ b/hypervisor/Makefile
@@ -23,6 +23,7 @@ endif

ifeq ($(SRCARCH),arm)
KBUILD_CFLAGS += -marm
+KBUILD_CPPFLAGS += -DARCH_LINK
endif

ifneq ($(wildcard $(src)/include/jailhouse/config.h),)
diff --git a/hypervisor/arch/arm/include/asm/processor.h b/hypervisor/arch/arm/include/asm/processor.h
index 61ff3f2..e33550f 100644
--- a/hypervisor/arch/arm/include/asm/processor.h
+++ b/hypervisor/arch/arm/include/asm/processor.h
@@ -13,6 +13,8 @@
#ifndef _JAILHOUSE_ASM_PROCESSOR_H
#define _JAILHOUSE_ASM_PROCESSOR_H

+#include <jailhouse/utils.h>
+
#define PSR_MODE_MASK 0xf
#define PSR_USR_MODE 0x0
#define PSR_FIQ_MODE 0x1
@@ -32,6 +34,35 @@

#define MPIDR_CPUID_MASK 0x00ffffff

+#define SCTLR_M_BIT (1 << 0)
+#define SCTLR_A_BIT (1 << 1)
+#define SCTLR_C_BIT (1 << 2)
+#define SCTLR_CP15B_BIT (1 << 5)
+#define SCTLR_ITD_BIT (1 << 7)
+#define SCTLR_SED_BIT (1 << 8)
+#define SCTLR_I_BIT (1 << 12)
+#define SCTLR_V_BIT (1 << 13)
+#define SCTLR_nTWI (1 << 16)
+#define SCTLR_nTWE (1 << 18)
+#define SCTLR_WXN_BIT (1 << 19)
+#define SCTLR_UWXN_BIT (1 << 20)
+#define SCTLR_FI_BIT (1 << 21)
+#define SCTLR_EE_BIT (1 << 25)
+#define SCTLR_TRE_BIT (1 << 28)
+#define SCTLR_AFE_BIT (1 << 29)
+#define SCTLR_TE_BIT (1 << 30)
+
+#define PAR_F_BIT 0x1
+#define PAR_FST_SHIFT 1
+#define PAR_FST_MASK 0x3f
+#define PAR_SHA_SHIFT 7
+#define PAR_SHA_MASK 0x3
+#define PAR_NS_BIT (0x1 << 9)
+#define PAR_LPAE_BIT (0x1 << 11)
+#define PAR_PA_MASK BIT_MASK(39, 12)
+#define PAR_ATTR_SHIFT 56
+#define PAR_ATTR_MASK 0xff
+
#ifndef __ASSEMBLY__

struct registers {
diff --git a/hypervisor/arch/arm/include/asm/sections.lds b/hypervisor/arch/arm/include/asm/sections.lds
new file mode 100644
index 0000000..0251e83
--- /dev/null
+++ b/hypervisor/arch/arm/include/asm/sections.lds
@@ -0,0 +1,7 @@
+
+. = ALIGN(0x1000);
+.trampoline : {
+ trampoline_start = .;
+ *(.trampoline)
+ trampoline_end = .;
+}
diff --git a/hypervisor/arch/arm/include/asm/setup.h b/hypervisor/arch/arm/include/asm/setup.h
index e73214c..ca9acaf 100644
--- a/hypervisor/arch/arm/include/asm/setup.h
+++ b/hypervisor/arch/arm/include/asm/setup.h
@@ -48,9 +48,8 @@ cpu_return_el1(struct per_cpu *cpu_data)
}

int switch_exception_level(struct per_cpu *cpu_data);
-inline int arch_map_device(unsigned long paddr, unsigned long vaddr,
- unsigned long size);
-inline int arch_unmap_device(unsigned long addr, unsigned long size);
+inline int arch_map_device(void *paddr, void *vaddr, unsigned long size);
+inline int arch_unmap_device(void *addr, unsigned long size);

#endif /* !__ASSEMBLY__ */
#endif /* !_JAILHOUSE_ASM_SETUP_H */
diff --git a/hypervisor/arch/arm/include/asm/setup_mmu.h b/hypervisor/arch/arm/include/asm/setup_mmu.h
index 758f516..7b6e8bb 100644
--- a/hypervisor/arch/arm/include/asm/setup_mmu.h
+++ b/hypervisor/arch/arm/include/asm/setup_mmu.h
@@ -54,5 +54,25 @@ cpu_switch_el2(unsigned long phys_bootstrap, virt2phys_t virt2phys)
: "cc", "memory", "r0", "r1", "r2", "r3");
}

+static inline void __attribute__((always_inline))
+cpu_switch_phys2virt(phys2virt_t phys2virt)
+{
+ /* phys2virt is allowed to touch the stack */
+ asm volatile(
+ "mov r0, lr\n"
+ "blx %0\n"
+ /* Save virt_lr */
+ "push {r0}\n"
+ /* Translate phys_sp */
+ "mov r0, sp\n"
+ "blx %0\n"
+ /* Jump back to virtual addresses */
+ "mov sp, r0\n"
+ "pop {pc}\n"
+ :
+ : "r" (phys2virt)
+ : "cc", "r0", "r1", "r2", "r3", "lr", "sp");
+}
+
#endif /* !__ASSEMBLY__ */
#endif /* _JAILHOUSE_ASM_SETUP_MMU_H */
diff --git a/hypervisor/arch/arm/include/asm/sysregs.h b/hypervisor/arch/arm/include/asm/sysregs.h
index b27375f..261d934 100644
--- a/hypervisor/arch/arm/include/asm/sysregs.h
+++ b/hypervisor/arch/arm/include/asm/sysregs.h
@@ -30,10 +30,47 @@
* (Use the AArch64 names to ease the compatibility work)
*/
#define MPIDR_EL1 SYSREG_32(0, c0, c0, 5)
+#define SCTLR_EL2 SYSREG_32(4, c1, c0, 0)
#define TPIDR_EL2 SYSREG_32(4, c13, c0, 2)
+#define TTBR0_EL2 SYSREG_64(4, c2)
+#define TCR_EL2 SYSREG_32(4, c2, c0, 2)
+#define VTTBR_EL2 SYSREG_64(6, c2)
+#define VTCR_EL2 SYSREG_32(4, c2, c1, 2)

+#define PAR_EL1 SYSREG_64(0, c7)
+
+/* AArch32-specific registers */
+#define HMAIR0 SYSREG_32(4, c10, c2, 0)
+#define HMAIR1 SYSREG_32(4, c10, c2, 1)
#define HVBAR SYSREG_32(4, c12, c0, 0)

+#define ATS1HR SYSREG_32(4, c7, c8, 0)
+
+#define TLBIALL SYSREG_32(0, c8, c7, 0)
+#define TLBIALLIS SYSREG_32(0, c8, c3, 0)
+#define TLBIASID SYSREG_32(0, c8, c7, 2)
+#define TLBIASIDIS SYSREG_32(0, c8, c3, 2)
+#define TLBIMVA SYSREG_32(0, c8, c7, 1)
+#define TLBIMVAIS SYSREG_32(0, c8, c3, 1)
+#define TLBIMVAL SYSREG_32(0, c8, c7, 5)
+#define TLBIMVALIS SYSREG_32(0, c8, c3, 5)
+#define TLBIMVAA SYSREG_32(0, c8, c7, 3)
+#define TLBIMVAAIS SYSREG_32(0, c8, c3, 3)
+#define TLBIMVAAL SYSREG_32(0, c8, c7, 7)
+#define TLBIMVAALIS SYSREG_32(0, c8, c3, 7)
+#define TLBIALLH SYSREG_32(4, c8, c7, 0)
+#define TLBIALLHIS SYSREG_32(4, c8, c3, 0)
+#define TLBIALLNSNH SYSREG_32(4, c8, c7, 4)
+#define TLBIALLNSNHIS SYSREG_32(4, c8, c3, 4)
+#define TLBIMVAH SYSREG_32(4, c8, c7, 1)
+#define TLBIMVAHIS SYSREG_32(4, c8, c3, 1)
+#define TLBIMVALH SYSREG_32(4, c8, c7, 5)
+#define TLBIMVALHIS SYSREG_32(4, c8, c3, 5)
+#define TLBIIPAS2 SYSREG_32(4, c8, c4, 1)
+#define TLBIIPAS2IS SYSREG_32(4, c8, c0, 1)
+#define TLBIIPAS2L SYSREG_32(4, c8, c5, 5)
+#define TLBIIPAS2LIS SYSREG_32(4, c8, c0, 5)
+
#define SYSREG_32(...) 32, __VA_ARGS__
#define SYSREG_64(...) 64, __VA_ARGS__

diff --git a/hypervisor/arch/arm/mmu_hyp.c b/hypervisor/arch/arm/mmu_hyp.c
index c756576..fcfae05 100644
--- a/hypervisor/arch/arm/mmu_hyp.c
+++ b/hypervisor/arch/arm/mmu_hyp.c
@@ -14,11 +14,154 @@
#include <asm/setup_mmu.h>
#include <asm/sysregs.h>
#include <jailhouse/paging.h>
+#include <jailhouse/printk.h>
+
+/*
+ * Two identity mappings need to be created for enabling the MMU: one for the
+ * code and one for the stack.
+ * There should not currently be any conflict with the existing mappings, but we
+ * still make sure not to override anything by using the 'conflict' flag.
+ */
+static struct {
+ unsigned long addr;
+ unsigned long flags;
+ bool conflict;
+} id_maps[2];
+
+extern unsigned long trampoline_start, trampoline_end;
+
+static int set_id_map(int i, unsigned long address, unsigned long size)
+{
+ if (i >= ARRAY_SIZE(id_maps))
+ return -ENOMEM;
+
+ /* The trampoline code should be contained in one page. */
+ if ((address & PAGE_MASK) != ((address + size - 1) & PAGE_MASK)) {
+ printk("FATAL: Unable to IDmap more than one page at at time.\n");
+ return -E2BIG;
+ }
+
+ id_maps[i].addr = address;
+ id_maps[i].conflict = false;
+ id_maps[i].flags = PAGE_DEFAULT_FLAGS;
+
+ return 0;
+}
+
+static void create_id_maps(void)
+{
+ unsigned long i;
+ bool conflict;
+
+ for (i = 0; i < ARRAY_SIZE(id_maps); i++) {
+ conflict = (page_map_virt2phys(&hv_paging_structs,
+ id_maps[i].addr) != INVALID_PHYS_ADDR);
+ if (conflict) {
+ /*
+ * TODO: Get the flags, and update them if they are
+ * insufficient. Save the current flags in id_maps.
+ * This extraction should be implemented in the core.
+ */
+ } else {
+ page_map_create(&hv_paging_structs, id_maps[i].addr,
+ PAGE_SIZE, id_maps[i].addr, id_maps[i].flags,
+ PAGE_MAP_NON_COHERENT);
+ }
+ id_maps[i].conflict = conflict;
+ }
+}
+
+static void destroy_id_maps(void)
+{
+ unsigned long i;
+
+ for (i = 0; i < ARRAY_SIZE(id_maps); i++) {
+ if (id_maps[i].conflict) {
+ /* TODO: Switch back to the original flags */
+ } else {
+ page_map_destroy(&hv_paging_structs, id_maps[i].addr,
+ PAGE_SIZE, PAGE_MAP_NON_COHERENT);
+ }
+ }
+}
+
+/*
+ * This code is put in the id-mapped `.trampoline' section, allowing to enable
+ * and disable the MMU in a readable and portable fashion.
+ * This process makes the following function quite fragile: cpu_switch_phys2virt
+ * attempts to translate LR and SP using a call to the virtual address of
+ * phys2virt.
+ * Those two registers are thus supposed to be left intact by the whole MMU
+ * setup. The stack is all the same usable, since it is id-mapped as well.
+ */
+static void __attribute__((naked)) __attribute__((section(".trampoline")))
+setup_mmu_el2(struct per_cpu *cpu_data, phys2virt_t phys2virt, u64 ttbr)
+{
+ u32 tcr = T0SZ
+ | (TCR_RGN_WB_WA << TCR_IRGN0_SHIFT)
+ | (TCR_RGN_WB_WA << TCR_ORGN0_SHIFT)
+ | (TCR_INNER_SHAREABLE << TCR_SH0_SHIFT)
+ | HTCR_RES1;
+ u32 sctlr;
+
+ /* Ensure that MMU is disabled. */
+ arm_read_sysreg(SCTLR_EL2, sctlr);
+ if (sctlr & SCTLR_M_BIT)
+ return;
+
+ /*
+ * This setup code is always preceded by a complete cache flush, so
+ * there is already a few memory barriers between the page table writes
+ * and here.
+ */
+ isb();
+ arm_write_sysreg(HMAIR0, DEFAULT_HMAIR0);
+ arm_write_sysreg(HMAIR1, DEFAULT_HMAIR1);
+ arm_write_sysreg(TTBR0_EL2, ttbr);
+ arm_write_sysreg(TCR_EL2, tcr);
+
+ /* Flush TLB */
+ arm_write_sysreg(TLBIALLH, 1);
+ dsb(nsh);
+
+ /* Enable stage-1 translation */
+ arm_read_sysreg(SCTLR_EL2, sctlr);
+ sctlr |= SCTLR_M_BIT;
+ arm_write_sysreg(SCTLR_EL2, sctlr);
+ isb();
+
+ /*
+ * Inlined epilogue that returns to switch_exception_level.
+ * Must not touch anything else than the stack
+ */
+ cpu_switch_phys2virt(phys2virt);
+
+ /* Not reached (cannot be a while(1), it confuses the compiler) */
+ asm volatile("b .\n");
+}
+
+static void check_mmu_map(unsigned long virt_addr, unsigned long phys_addr)
+{
+ unsigned long phys_base;
+ u64 par;
+
+ arm_write_sysreg(ATS1HR, virt_addr);
+ isb();
+ arm_read_sysreg(PAR_EL1, par);
+ phys_base = (unsigned long)(par & PAR_PA_MASK);
+ if ((par & PAR_F_BIT) || (phys_base != phys_addr)) {
+ printk("VA->PA check failed, expected %x, got %x\n",
+ phys_addr, phys_base);
+ while (1);
+ }
+}

/*
* Jumping to EL2 in the same C code represents an interesting challenge, since
* it will switch from virtual addresses to physical ones, and then back to
* virtual after setting up the EL2 MMU.
+ * To this end, the setup_mmu and cpu_switch_el2 functions are naked and must
+ * handle the stack themselves.
*/
int switch_exception_level(struct per_cpu *cpu_data)
{
@@ -29,6 +172,34 @@ int switch_exception_level(struct per_cpu *cpu_data)
phys2virt_t phys2virt = page_map_phys2hvirt;
virt2phys_t virt2phys = page_map_hvirt2phys;
unsigned long phys_bootstrap = virt2phys(&bootstrap_vectors);
+ struct per_cpu *phys_cpu_data = (struct per_cpu *)virt2phys(cpu_data);
+ unsigned long trampoline_phys = virt2phys((void *)&trampoline_start);
+ unsigned long trampoline_size = &trampoline_end - &trampoline_start;
+ unsigned long stack_virt = (unsigned long)cpu_data->stack;
+ unsigned long stack_phys = virt2phys((void *)stack_virt);
+ u64 ttbr_el2;
+
+ /* Check the paging structures as well as the MMU initialisation */
+ unsigned long jailhouse_base_phys = page_map_virt2phys(&hv_paging_structs,
+ JAILHOUSE_BASE);
+
+ /*
+ * paging struct won't be easily accessible when initializing el2, only
+ * the CPU datas will be readable at their physical address
+ */
+ ttbr_el2 = (u64)virt2phys(hv_paging_structs.root_table) & TTBR_MASK;
+
+ /*
+ * Mirror the mmu setup code, so that we are able to jump to the virtual
+ * address after enabling it.
+ * Those regions must fit on one page.
+ */
+
+ if (set_id_map(0, trampoline_phys, trampoline_size) != 0)
+ return -E2BIG;
+ if (set_id_map(1, stack_phys, PAGE_SIZE) != 0)
+ return -E2BIG;
+ create_id_maps();

cpu_switch_el2(phys_bootstrap, virt2phys);
/*
@@ -37,8 +208,30 @@ int switch_exception_level(struct per_cpu *cpu_data)
* addresses before returning, or else we are pretty much doomed.
*/

+ setup_mmu_el2(phys_cpu_data, phys2virt, ttbr_el2);
+
+ /* Sanity check */
+ check_mmu_map(JAILHOUSE_BASE, jailhouse_base_phys);
+
/* Set the new vectors once we're back to a sane, virtual state */
arm_write_sysreg(HVBAR, &hyp_vectors);

+ /* Remove the identity mapping */
+ destroy_id_maps();
+
return 0;
}
+
+int arch_map_device(void *paddr, void *vaddr, unsigned long size)
+{
+ return page_map_create(&hv_paging_structs, (unsigned long)paddr, size,
+ (unsigned long)vaddr,
+ PAGE_DEFAULT_FLAGS | S1_PTE_FLAG_DEVICE,
+ PAGE_MAP_NON_COHERENT);
+}
+
+int arch_unmap_device(void *vaddr, unsigned long size)
+{
+ return page_map_destroy(&hv_paging_structs, (unsigned long)vaddr, size,
+ PAGE_MAP_NON_COHERENT);
+}
diff --git a/hypervisor/arch/arm/setup.c b/hypervisor/arch/arm/setup.c
index 43ef1eb..f895b16 100644
--- a/hypervisor/arch/arm/setup.c
+++ b/hypervisor/arch/arm/setup.c
@@ -10,6 +10,8 @@
* the COPYING file in the top-level directory.
*/

+#include <asm/percpu.h>
+#include <asm/platform.h>
#include <asm/setup.h>
#include <asm/sysregs.h>
#include <jailhouse/entry.h>
@@ -18,7 +20,7 @@

int arch_init_early(void)
{
- return -ENOSYS;
+ return arch_map_device(UART_BASE_PHYS, UART_BASE_VIRT, PAGE_SIZE);
}

int arch_cpu_init(struct per_cpu *cpu_data)

This patch adds an optional include inside the hypervisor's linker
script in order to add sections specific to the architecture.
For instance on ARM, a trampoline section will need to be added to
safely enable and disable the EL2 MMU. To avoid overlapping
complications, it will be less than one page, and aligned.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/hypervisor.lds.S | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/hypervisor/hypervisor.lds.S b/hypervisor/hypervisor.lds.S
index 99a25e3..e1a57ce 100644
--- a/hypervisor/hypervisor.lds.S
+++ b/hypervisor/hypervisor.lds.S
@@ -22,6 +22,10 @@ SECTIONS
__text_start = .;
.text : { *(.text) }

+#ifdef ARCH_LINK
+#include <asm/sections.lds>
+#endif
+
. = ALIGN(16);
.rodata : { *(.rodata) }

Since the GIC uses MMIOs, its initialisation must be done at EL2. This
is why arch_cpu_init first calls irqchip_init on the master CPU, to map
the devices, and then irqchip_cpu_init on all CPUs.

The aim of this patch is to allow support for both GICv2 and GICv3. It
abstracts the GIC operations by using `struct irqchip_ops', and fills it
with the right device hooks after detecting which irqchip is available.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/Makefile | 1 +
hypervisor/arch/arm/include/asm/irqchip.h | 52 +++++++++++++++++++++++++++
hypervisor/arch/arm/irqchip.c | 55 +++++++++++++++++++++++++++++
hypervisor/arch/arm/setup.c | 9 +++++
4 files changed, 117 insertions(+)
create mode 100644 hypervisor/arch/arm/include/asm/irqchip.h
create mode 100644 hypervisor/arch/arm/irqchip.c

diff --git a/hypervisor/arch/arm/Makefile b/hypervisor/arch/arm/Makefile
index 0016e15..3932f85 100644
--- a/hypervisor/arch/arm/Makefile
+++ b/hypervisor/arch/arm/Makefile
@@ -16,6 +16,7 @@ always := built-in.o

obj-y := entry.o dbg-write.o exception.o setup.o lib.o traps.o
obj-y += paging.o mmu_hyp.o mmu_cell.o
+obj-y += irqchip.o
obj-$(CONFIG_ARCH_VEXPRESS) += dbg-write-pl011.o

# Needed for kconfig
diff --git a/hypervisor/arch/arm/include/asm/irqchip.h b/hypervisor/arch/arm/include/asm/irqchip.h
new file mode 100644
index 0000000..0ef5fe0
--- /dev/null
+++ b/hypervisor/arch/arm/include/asm/irqchip.h
@@ -0,0 +1,52 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#ifndef _JAILHOUSE_ASM_IRQCHIP_H
+#define _JAILHOUSE_ASM_IRQCHIP_H
+
+#include <asm/percpu.h>
+
+#ifndef __ASSEMBLY__
+
+struct sgi {
+ /*
+ * Routing mode values:
+ * 0: use aff3.aff2.aff1.targets
+ * 1: all processors in the cell except this CPU
+ * 2: only this CPU
+ */
+ u8 routing_mode;
+ /* GICv2 only uses 8bit in targets, and no affinity routing */
+ u8 aff1;
+ u8 aff2;
+ /* Only available on 64-bit, when CTLR.A3V is 1 */
+ u8 aff3;
+ u16 targets;
+ u16 id;
+};
+
+struct irqchip_ops {
+ int (*init)(void);
+ int (*cpu_init)(struct per_cpu *cpu_data);
+
+ int (*send_sgi)(struct sgi *sgi);
+ void (*handle_irq)(struct per_cpu *cpu_data);
+};
+
+int irqchip_init(void);
+int irqchip_cpu_init(struct per_cpu *cpu_data);
+
+int irqchip_send_sgi(struct sgi *sgi);
+void irqchip_handle_irq(struct per_cpu *cpu_data);
+
+#endif /* __ASSEMBLY__ */
+#endif /* _JAILHOUSE_ASM_IRQCHIP_H */
diff --git a/hypervisor/arch/arm/irqchip.c b/hypervisor/arch/arm/irqchip.c
new file mode 100644
index 0000000..67eef60
--- /dev/null
+++ b/hypervisor/arch/arm/irqchip.c
@@ -0,0 +1,55 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Copyright (c) ARM Limited, 2014
+ *
+ * Authors:
+ * Jean-Philippe Brucker <jean-***@arm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#include <asm/irqchip.h>
+#include <asm/sysregs.h>
+#include <jailhouse/entry.h>
+#include <jailhouse/paging.h>
+#include <jailhouse/printk.h>
+#include <jailhouse/string.h>
+
+/*
+ * The init function must be called after the MMU setup, and whilst in the
+ * per-cpu setup, which means that a bool must be set by the master CPU
+ */
+static bool irqchip_is_init;
+static struct irqchip_ops irqchip;
+
+void irqchip_handle_irq(struct per_cpu *cpu_data)
+{
+ irqchip.handle_irq(cpu_data);
+}
+
+int irqchip_send_sgi(struct sgi *sgi)
+{
+ return irqchip.send_sgi(sgi);
+}
+
+int irqchip_cpu_init(struct per_cpu *cpu_data)
+{
+ if (irqchip.cpu_init)
+ return irqchip.cpu_init(cpu_data);
+
+ return 0;
+}
+
+int irqchip_init(void)
+{
+ /* Only executed on master CPU */
+ if (irqchip_is_init)
+ return 0;
+
+ memset(&irqchip, 0, sizeof(irqchip));
+ irqchip_is_init = true;
+
+ return -ENODEV;
+}
diff --git a/hypervisor/arch/arm/setup.c b/hypervisor/arch/arm/setup.c
index ef18a7d..3afabbf 100644
--- a/hypervisor/arch/arm/setup.c
+++ b/hypervisor/arch/arm/setup.c
@@ -11,6 +11,7 @@
*/

#include <asm/control.h>
+#include <asm/irqchip.h>
#include <asm/percpu.h>
#include <asm/platform.h>
#include <asm/setup.h>
@@ -74,6 +75,14 @@ int arch_cpu_init(struct per_cpu *cpu_data)
arm_write_sysreg(HCR, hcr);

err = arch_mmu_cpu_cell_init(cpu_data);
+ if (err)
+ return err;
+
+ err = irqchip_init();
+ if (err)
+ return err;
+
+ err = irqchip_cpu_init(cpu_data);

return err;
}

This patch allows to enter new guests with cache disabled. By cleaning
the data caches, it makes sure that the recently written guest code and
datas are present in memory before returning to an environment with only
a stage-2 MMU.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/control.c | 19 ++++++++++++++++++-
hypervisor/arch/arm/include/asm/cell.h | 4 ++++
hypervisor/arch/arm/include/asm/control.h | 2 ++
hypervisor/arch/arm/include/asm/processor.h | 7 +++++++
hypervisor/arch/arm/mmu_cell.c | 26 ++++++++++++++++++++++++++
5 files changed, 57 insertions(+), 1 deletion(-)

diff --git a/hypervisor/arch/arm/control.c b/hypervisor/arch/arm/control.c
index f8941a4..1988850 100644
--- a/hypervisor/arch/arm/control.c
+++ b/hypervisor/arch/arm/control.c
@@ -12,6 +12,7 @@

#include <asm/control.h>
#include <asm/irqchip.h>
+#include <asm/processor.h>
#include <asm/sysregs.h>
#include <asm/traps.h>
#include <jailhouse/control.h>
@@ -20,6 +21,8 @@

static void arch_reset_el1(struct registers *regs)
{
+ u32 sctlr;
+
/* Wipe all banked and usr regs */
memset(regs, 0, sizeof(struct registers));

@@ -49,7 +52,9 @@ static void arch_reset_el1(struct registers *regs)
arm_write_banked_reg(SPSR_fiq, 0);

/* Wipe the system registers */
- arm_write_sysreg(SCTLR_EL1, 0);
+ arm_read_sysreg(SCTLR_EL1, sctlr);
+ sctlr = sctlr & ~SCTLR_MASK;
+ arm_write_sysreg(SCTLR_EL1, sctlr);
arm_write_sysreg(ACTLR_EL1, 0);
arm_write_sysreg(CPACR_EL1, 0);
arm_write_sysreg(CONTEXTIDR_EL1, 0);
@@ -87,11 +92,19 @@ static void arch_reset_self(struct per_cpu *cpu_data)
{
int err;
unsigned long reset_address;
+ struct cell *cell = cpu_data->cell;
struct registers *regs = guest_regs(cpu_data);

err = arch_mmu_cpu_cell_init(cpu_data);
if (err)
printk("MMU setup failed\n");
+ /*
+ * On the first CPU to reach this, write all cell datas to memory so it
+ * can be started with caches disabled.
+ * On all CPUs, invalidate the instruction caches to take into account
+ * the potential new instructions.
+ */
+ arch_cell_caches_flush(cell);

/*
* We come from the IRQ handler, but we won't return there, so the IPI
@@ -156,12 +169,16 @@ void arch_resume_cpu(unsigned int cpu_id)
/* CPU must be stopped */
void arch_park_cpu(unsigned int cpu_id)
{
+ struct per_cpu *cpu_data = per_cpu(cpu_id);
+
/*
* Reset always follows park_cpu, so we just need to make sure that the
* CPU is suspended
*/
if (psci_wait_cpu_stopped(cpu_id) != 0)
printk("ERROR: CPU%d is supposed to be stopped\n", cpu_id);
+ else
+ cpu_data->cell->arch.needs_flush = true;
}

/* CPU must be stopped */
diff --git a/hypervisor/arch/arm/include/asm/cell.h b/hypervisor/arch/arm/include/asm/cell.h
index 88fe125..8f65a96 100644
--- a/hypervisor/arch/arm/include/asm/cell.h
+++ b/hypervisor/arch/arm/include/asm/cell.h
@@ -13,6 +13,7 @@
#ifndef _JAILHOUSE_ASM_CELL_H
#define _JAILHOUSE_ASM_CELL_H

+#include <asm/spinlock.h>
#include <asm/types.h>

#ifndef __ASSEMBLY__
@@ -23,6 +24,9 @@

struct arch_cell {
struct paging_structures mm;
+
+ spinlock_t caches_lock;
+ bool needs_flush;
};

struct cell {
diff --git a/hypervisor/arch/arm/include/asm/control.h b/hypervisor/arch/arm/include/asm/control.h
index 2ada50d..592ee29 100644
--- a/hypervisor/arch/arm/include/asm/control.h
+++ b/hypervisor/arch/arm/include/asm/control.h
@@ -25,6 +25,8 @@
#ifndef __ASSEMBLY__

void arch_cpu_dcaches_flush(unsigned int action);
+void arch_cpu_icache_flush(void);
+void arch_cell_caches_flush(struct cell *cell);
int arch_mmu_cell_init(struct cell *cell);
void arch_mmu_cell_destroy(struct cell *cell);
int arch_mmu_cpu_cell_init(struct per_cpu *cpu_data);
diff --git a/hypervisor/arch/arm/include/asm/processor.h b/hypervisor/arch/arm/include/asm/processor.h
index 00ffcf0..9c1fe75 100644
--- a/hypervisor/arch/arm/include/asm/processor.h
+++ b/hypervisor/arch/arm/include/asm/processor.h
@@ -59,6 +59,13 @@
#define SCTLR_AFE_BIT (1 << 29)
#define SCTLR_TE_BIT (1 << 30)

+/* Bits to wipe on cell reset */
+#define SCTLR_MASK (SCTLR_M_BIT | SCTLR_A_BIT | SCTLR_C_BIT \
+ | SCTLR_I_BIT | SCTLR_V_BIT | SCTLR_WXN_BIT \
+ | SCTLR_UWXN_BIT | SCTLR_FI_BIT | SCTLR_EE_BIT \
+ | SCTLR_TRE_BIT | SCTLR_AFE_BIT | SCTLR_TE_BIT)
+
+
#define HCR_TRVM_BIT (1 << 30)
#define HCR_TVM_BIT (1 << 26)
#define HCR_HDC_BIT (1 << 29)
diff --git a/hypervisor/arch/arm/mmu_cell.c b/hypervisor/arch/arm/mmu_cell.c
index 968ca3a..e7e57f7 100644
--- a/hypervisor/arch/arm/mmu_cell.c
+++ b/hypervisor/arch/arm/mmu_cell.c
@@ -104,3 +104,29 @@ int arch_mmu_cpu_cell_init(struct per_cpu *cpu_data)

return 0;
}
+
+void arch_cell_caches_flush(struct cell *cell)
+{
+ /* Only the first CPU needs to clean the data caches */
+ spin_lock(&cell->arch.caches_lock);
+ if (cell->arch.needs_flush) {
+ /*
+ * Since there is no way to know which virtual addresses have been used
+ * by the root cell to write the new cell's data, a complete clean has
+ * to be performed.
+ */
+ arch_cpu_dcaches_flush(CACHES_CLEAN_INVALIDATE);
+ cell->arch.needs_flush = false;
+ }
+ spin_unlock(&cell->arch.caches_lock);
+
+ /*
+ * New instructions may have been written, so the I-cache needs to be
+ * invalidated even though the VMID is different.
+ * A complete invalidation is the only way to ensure all virtual aliases
+ * of these memory locations are invalidated, whatever the cache type.
+ */
+ arch_cpu_icache_flush();
+
+ /* ERET will ensure context synchronization */
+}

In GICv3, IPIs are sent by writing the system register `ICC_SGIR'.
This patch moderates those writes by injecting the IPIs into the
appropriate cells, and issues an hypervisor IPI to let the cell's CPUs
fill their list registers.

Since there shouldn't be many cases where Jailhouse needs to emulate
system register accesses, this patch keeps it simple, by calling directly
the GICv3 function from the trap handler, without abstracting it through
irqchip.
However, this change adds an ungraceful ifdef, since the GICv2 and v3
headers are mutually exclusive for the moment.
In GICv2, the SGIR register is 32bit and will be handled directly in the
gic-common.c code, using an MMIO trap of the distributor accesses.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/control.c | 6 ++++-
hypervisor/arch/arm/gic-v3.c | 35 +++++++++++++++++++++++++++++
hypervisor/arch/arm/include/asm/control.h | 2 ++
hypervisor/arch/arm/include/asm/gic_v3.h | 3 +++
hypervisor/arch/arm/include/asm/traps.h | 1 +
hypervisor/arch/arm/traps.c | 33 +++++++++++++++++++++++++++
6 files changed, 79 insertions(+), 1 deletion(-)

diff --git a/hypervisor/arch/arm/control.c b/hypervisor/arch/arm/control.c
index 4a6011c..6cdb133 100644
--- a/hypervisor/arch/arm/control.c
+++ b/hypervisor/arch/arm/control.c
@@ -16,7 +16,11 @@

void arch_handle_sgi(struct per_cpu *cpu_data, u32 irqn)
{
-
+ switch (irqn) {
+ case SGI_INJECT:
+ irqchip_inject_pending(cpu_data);
+ break;
+ }
}

void arch_handle_exit(struct per_cpu *cpu_data, struct registers *regs)
diff --git a/hypervisor/arch/arm/gic-v3.c b/hypervisor/arch/arm/gic-v3.c
index 6c75561..d67e59c 100644
--- a/hypervisor/arch/arm/gic-v3.c
+++ b/hypervisor/arch/arm/gic-v3.c
@@ -17,6 +17,7 @@
#include <asm/platform.h>
#include <asm/setup.h>
#include <asm/control.h>
+#include <asm/traps.h>
#include <jailhouse/control.h>
#include <jailhouse/printk.h>
#include <jailhouse/processor.h>
@@ -149,6 +150,40 @@ static int gic_send_sgi(struct sgi *sgi)
return 0;
}

+int gicv3_handle_sgir_write(struct per_cpu *cpu_data, u64 sgir)
+{
+ struct sgi sgi;
+ struct cell *cell = cpu_data->cell;
+ unsigned int cpu;
+ unsigned long this_cpu = cpu_data->cpu_id;
+ unsigned long routing_mode = !!(sgir & ICC_SGIR_ROUTING_BIT);
+ unsigned long targets = sgir & ICC_SGIR_TARGET_MASK;
+ u32 irq = sgir >> ICC_SGIR_IRQN_SHIFT & 0xf;
+
+ /* FIXME: clusters are not supported yet. */
+ sgi.targets = 0;
+ sgi.routing_mode = routing_mode;
+ sgi.aff1 = sgir >> ICC_SGIR_AFF1_SHIFT & 0xff;
+ sgi.aff2 = sgir >> ICC_SGIR_AFF2_SHIFT & 0xff;
+ sgi.aff3 = sgir >> ICC_SGIR_AFF3_SHIFT & 0xff;
+ sgi.id = SGI_INJECT;
+
+ for_each_cpu_except(cpu, cell->cpu_set, this_cpu) {
+ if (routing_mode == 0 && !test_bit(cpu, &targets))
+ continue;
+ else if (routing_mode == 1 && cpu == this_cpu)
+ continue;
+
+ irqchip_set_pending(per_cpu(cpu), irq, false);
+ sgi.targets |= (1 << cpu);
+ }
+
+ /* Let the other CPUS inject their SGIs */
+ gic_send_sgi(&sgi);
+
+ return TRAP_HANDLED;
+}
+
/*
* Handle the maintenance interrupt, the rest is injected into the cell.
* Return true when the IRQ has been handled by the hyp.
diff --git a/hypervisor/arch/arm/include/asm/control.h b/hypervisor/arch/arm/include/asm/control.h
index 1e90148..ed571a2 100644
--- a/hypervisor/arch/arm/include/asm/control.h
+++ b/hypervisor/arch/arm/include/asm/control.h
@@ -16,6 +16,8 @@
#include <asm/cell.h>
#include <asm/percpu.h>

+#define SGI_INJECT 0
+
#ifndef __ASSEMBLY__

int arch_mmu_cell_init(struct cell *cell);
diff --git a/hypervisor/arch/arm/include/asm/gic_v3.h b/hypervisor/arch/arm/include/asm/gic_v3.h
index 6768e7b..edc8767 100644
--- a/hypervisor/arch/arm/include/asm/gic_v3.h
+++ b/hypervisor/arch/arm/include/asm/gic_v3.h
@@ -244,5 +244,8 @@ static inline void gic_write_lr(unsigned int n, u64 val)
}
}

+struct per_cpu;
+int gicv3_handle_sgir_write(struct per_cpu *cpu_data, u64 sgir);
+
#endif /* __ASSEMBLY__ */
#endif /* _JAILHOUSE_ASM_GIC_V3_H */
diff --git a/hypervisor/arch/arm/include/asm/traps.h b/hypervisor/arch/arm/include/asm/traps.h
index 6965f81..b18709b 100644
--- a/hypervisor/arch/arm/include/asm/traps.h
+++ b/hypervisor/arch/arm/include/asm/traps.h
@@ -23,6 +23,7 @@
enum trap_return {
TRAP_HANDLED = 1,
TRAP_UNHANDLED = 0,
+ TRAP_FORBIDDEN = -1,
};

struct trap_context {
diff --git a/hypervisor/arch/arm/traps.c b/hypervisor/arch/arm/traps.c
index 9de1657..1016ece 100644
--- a/hypervisor/arch/arm/traps.c
+++ b/hypervisor/arch/arm/traps.c
@@ -15,6 +15,8 @@
*/

#include <asm/control.h>
+#include <asm/gic_common.h>
+#include <asm/platform.h>
#include <asm/traps.h>
#include <asm/sysregs.h>
#include <jailhouse/printk.h>
@@ -195,8 +197,39 @@ static int arch_handle_hvc(struct per_cpu *cpu_data, struct trap_context *ctx)
return TRAP_HANDLED;
}

+static int arch_handle_cp15_64(struct per_cpu *cpu_data, struct trap_context *ctx)
+{
+ unsigned long rt_val, rt2_val;
+ u32 opc1 = ctx->esr >> 16 & 0x7;
+ u32 rt2 = ctx->esr >> 10 & 0xf;
+ u32 rt = ctx->esr >> 5 & 0xf;
+ u32 crm = ctx->esr >> 1 & 0xf;
+ u32 read = ctx->esr & 1;
+
+ if (!read) {
+ access_cell_reg(ctx, rt, &rt_val, true);
+ access_cell_reg(ctx, rt2, &rt2_val, true);
+ }
+
+#ifdef CONFIG_ARM_GIC_V3
+ /* Trapped ICC_SGI1R write */
+ if (!read && opc1 == 0 && crm == 12) {
+ arch_skip_instruction(ctx);
+ return gicv3_handle_sgir_write(cpu_data,
+ (u64)rt2_val << 32 | rt_val);
+ }
+#else
+ /* Avoid `unused' warning... */
+ crm = crm;
+ opc1 = opc1;
+#endif
+
+ return TRAP_UNHANDLED;
+}
+
static const trap_handler trap_handlers[38] =
{
+ [ESR_EC_CP15_64] = arch_handle_cp15_64,
[ESR_EC_HVC] = arch_handle_hvc,
};

When emulating instructions, the trap handler will need to access the
cell registers according to the guest's processor mode when the trap
occurred, which is stored inside the saved PSR.
This patch allows to directly read and write the banked registers.
If HSR reports a load into r14 and the mode was IRQ for instance, the
hypervisor will need to write something into LR_IRQ instead of the LR
saved on the stack.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/include/asm/traps.h | 47 +++++++++++++++++++++
hypervisor/arch/arm/traps.c | 68 +++++++++++++++++++++++++++++++
2 files changed, 115 insertions(+)

diff --git a/hypervisor/arch/arm/include/asm/traps.h b/hypervisor/arch/arm/include/asm/traps.h
index 9bab7e9..6965f81 100644
--- a/hypervisor/arch/arm/include/asm/traps.h
+++ b/hypervisor/arch/arm/include/asm/traps.h
@@ -16,6 +16,7 @@
#include <asm/head.h>
#include <asm/percpu.h>
#include <asm/types.h>
+#include <jailhouse/printk.h>

#ifndef __ASSEMBLY__

@@ -28,6 +29,7 @@ struct trap_context {
unsigned long *regs;
u32 esr;
u32 cpsr;
+ u32 pc;
};

typedef int (*trap_handler)(struct per_cpu *cpu_data,
@@ -39,5 +41,50 @@ typedef int (*trap_handler)(struct per_cpu *cpu_data,
#define arm_write_banked_reg(reg, val) \
asm volatile ("msr " #reg ", %0\n" : : "r" (val))

+#define _access_banked(reg, val, is_read) \
+ do { \
+ if (is_read) \
+ arm_write_banked_reg(reg, val); \
+ else \
+ arm_read_banked_reg(reg, val); \
+ } while (0)
+
+#define access_banked_reg(mode, reg, val, is_read) \
+ do { \
+ switch (reg) { \
+ case 13: \
+ _access_banked(SP_##mode, *val, is_read); \
+ break; \
+ case 14: \
+ _access_banked(LR_##mode, *val, is_read); \
+ break; \
+ default: \
+ printk("ERROR: access r%d in "#mode"\n", reg); \
+ } \
+ } while (0)
+
+static inline void access_fiq_reg(u8 reg, unsigned long *val, bool is_read)
+{
+ switch (reg) {
+ case 8: _access_banked(r8_fiq, *val, is_read); break;
+ case 9: _access_banked(r9_fiq, *val, is_read); break;
+ case 10: _access_banked(r10_fiq, *val, is_read); break;
+ case 11: _access_banked(r11_fiq, *val, is_read); break;
+ case 12: _access_banked(r12_fiq, *val, is_read); break;
+ default:
+ /* Use existing error reporting */
+ access_banked_reg(fiq, reg, val, is_read);
+ }
+}
+
+static inline void access_usr_reg(struct trap_context *ctx, u8 reg,
+ unsigned long *val, bool is_read)
+{
+ if (is_read)
+ *val = ctx->regs[reg];
+ else
+ ctx->regs[reg] = *val;
+}
+
#endif /* !__ASSEMBLY__ */
#endif /* !_JAILHOUSE_ASM_TRAPS_H */
diff --git a/hypervisor/arch/arm/traps.c b/hypervisor/arch/arm/traps.c
index 95628c6..7367357 100644
--- a/hypervisor/arch/arm/traps.c
+++ b/hypervisor/arch/arm/traps.c
@@ -16,6 +16,71 @@
#include <jailhouse/printk.h>
#include <jailhouse/control.h>

+static void access_cell_reg(struct trap_context *ctx, u8 reg,
+ unsigned long *val, bool is_read)
+{
+ unsigned long mode = ctx->cpsr & PSR_MODE_MASK;
+
+ switch (reg) {
+ case 0 ... 7:
+ access_usr_reg(ctx, reg, val, is_read);
+ break;
+ case 8 ... 12:
+ if (mode == PSR_FIQ_MODE)
+ access_fiq_reg(reg, val, is_read);
+ else
+ access_usr_reg(ctx, reg, val, is_read);
+ break;
+ case 13 ... 14:
+ switch (mode) {
+ case PSR_USR_MODE:
+ case PSR_SYS_MODE:
+ /*
+ * lr is saved on the stack, as it is not banked in HYP
+ * mode. sp is banked, so lr is at offset 13 in the USR
+ * regs.
+ */
+ if (reg == 13)
+ access_banked_reg(usr, reg, val, is_read);
+ else
+ access_usr_reg(ctx, 13, val, is_read);
+ break;
+ case PSR_SVC_MODE:
+ access_banked_reg(svc, reg, val, is_read);
+ break;
+ case PSR_UND_MODE:
+ access_banked_reg(und, reg, val, is_read);
+ break;
+ case PSR_ABT_MODE:
+ access_banked_reg(abt, reg, val, is_read);
+ break;
+ case PSR_IRQ_MODE:
+ access_banked_reg(irq, reg, val, is_read);
+ break;
+ case PSR_FIQ_MODE:
+ access_banked_reg(fiq, reg, val, is_read);
+ break;
+ }
+ break;
+ case 15:
+ /*
+ * A trapped instruction that accesses the PC? Probably a bug,
+ * but nothing seems to prevent it.
+ */
+ printk("WARNING: trapped instruction attempted to explicitly "
+ "access the PC.\n");
+ if (is_read)
+ *val = ctx->pc;
+ else
+ ctx->pc = *val;
+ break;
+ default:
+ /* Programming error */
+ printk("ERROR: attempt to write register %d\n", reg);
+ break;
+ }
+}
+
static int arch_handle_hvc(struct per_cpu *cpu_data, struct trap_context *ctx)
{
unsigned long *regs = ctx->regs;
@@ -36,6 +101,7 @@ void arch_handle_trap(struct per_cpu *cpu_data, struct registers *guest_regs)
u32 exception_class;
int ret = TRAP_UNHANDLED;

+ arm_read_banked_reg(ELR_hyp, ctx.pc);
arm_read_banked_reg(SPSR_hyp, ctx.cpsr);
arm_read_sysreg(ESR_EL2, ctx.esr);
exception_class = ESR_EC(ctx.esr);
@@ -49,4 +115,6 @@ void arch_handle_trap(struct per_cpu *cpu_data, struct registers *guest_regs)
cpu_data->cpu_id, ctx.esr);
while(1);
}
+
+ arm_write_banked_reg(ELR_hyp, ctx.pc);
}

The GIC IRQ handler loops over the ack register to get all pending IRQs.
It then dispatches them either in the common SGI handler, or injects
them into the cell.
A first attempt to directly inject an IRQ by writing to a free list
register is done. If it fails, the IRQ is appended to the pending list,
and an attempt will be made later on, once a maintenance interrupt is
received.
Injection in the GIC is a little bit expensive for the moment, because
it needs to iterate over all list registers that have a valid interrupt,
to check that there will be no duplication. This could be optimized by
only checking the `active' GIC register for SPIs and PPIs.
A future patch will also add proper handling of the maintenance bits in
the vGIC.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/control.c | 5 ++
hypervisor/arch/arm/gic-v3.c | 101 ++++++++++++++++++++++++++++
hypervisor/arch/arm/include/asm/control.h | 1 +
hypervisor/arch/arm/include/asm/irqchip.h | 1 +
hypervisor/arch/arm/include/asm/platform.h | 2 +
hypervisor/arch/arm/irqchip.c | 23 +++++++
6 files changed, 133 insertions(+)

diff --git a/hypervisor/arch/arm/control.c b/hypervisor/arch/arm/control.c
index e740977..4a6011c 100644
--- a/hypervisor/arch/arm/control.c
+++ b/hypervisor/arch/arm/control.c
@@ -14,6 +14,11 @@
#include <asm/irqchip.h>
#include <jailhouse/printk.h>

+void arch_handle_sgi(struct per_cpu *cpu_data, u32 irqn)
+{
+
+}
+
void arch_handle_exit(struct per_cpu *cpu_data, struct registers *regs)
{
switch (regs->exit_reason) {
diff --git a/hypervisor/arch/arm/gic-v3.c b/hypervisor/arch/arm/gic-v3.c
index b0c5dac..6c75561 100644
--- a/hypervisor/arch/arm/gic-v3.c
+++ b/hypervisor/arch/arm/gic-v3.c
@@ -16,6 +16,8 @@
#include <asm/gic_common.h>
#include <asm/platform.h>
#include <asm/setup.h>
+#include <asm/control.h>
+#include <jailhouse/control.h>
#include <jailhouse/printk.h>
#include <jailhouse/processor.h>

@@ -147,12 +149,111 @@ static int gic_send_sgi(struct sgi *sgi)
return 0;
}

+/*
+ * Handle the maintenance interrupt, the rest is injected into the cell.
+ * Return true when the IRQ has been handled by the hyp.
+ */
+static bool arch_handle_phys_irq(struct per_cpu *cpu_data, u32 irqn)
+{
+ if (irqn == MAINTENANCE_IRQ) {
+ irqchip_inject_pending(cpu_data);
+ return true;
+ }
+
+ irqchip_set_pending(cpu_data, irqn, true);
+
+ return false;
+}
+
static void gic_handle_irq(struct per_cpu *cpu_data)
{
+ bool handled = false;
+ u32 irq_id;
+
+ while (1) {
+ /* Read ICC_IAR1: set 'active' state */
+ arm_read_sysreg(ICC_IAR1_EL1, irq_id);
+
+ if (irq_id == 0x3ff) /* Spurious IRQ */
+ break;
+
+ /* Handle IRQ */
+ if (is_sgi(irq_id)) {
+ arch_handle_sgi(cpu_data, irq_id);
+ handled = true;
+ } else {
+ handled = arch_handle_phys_irq(cpu_data, irq_id);
+ }
+
+ /*
+ * Write ICC_EOIR1: drop priority, but stay active if handled is
+ * false.
+ * This allows to not be re-interrupted by a level-triggered
+ * interrupt that needs handling in the guest (e.g. timer)
+ */
+ arm_write_sysreg(ICC_EOIR1_EL1, irq_id);
+ /* Deactivate if necessary */
+ if (handled)
+ arm_write_sysreg(ICC_DIR_EL1, irq_id);
+ }
}

static int gic_inject_irq(struct per_cpu *cpu_data, struct pending_irq *irq)
{
+ int i;
+ int free_lr = -1;
+ u32 elsr;
+ u64 lr;
+
+ arm_read_sysreg(ICH_ELSR_EL2, elsr);
+ for (i = 0; i < gic_num_lr; i++) {
+ if ((elsr >> i) & 1) {
+ /* Entry is invalid, candidate for injection */
+ if (free_lr == -1)
+ free_lr = i;
+ continue;
+ }
+
+ /*
+ * Entry is in use, check that it doesn't match the one we want
+ * to inject.
+ */
+ lr = gic_read_lr(i);
+
+ /*
+ * A strict phys->virt id mapping is used for SPIs, so this test
+ * should be sufficient.
+ */
+ if ((u32)lr == irq->virt_id)
+ return -EINVAL;
+ }
+
+ if (free_lr == -1) {
+ u32 hcr;
+ /*
+ * All list registers are in use, trigger a maintenance
+ * interrupt once they are available again.
+ */
+ arm_read_sysreg(ICH_HCR_EL2, hcr);
+ hcr |= ICH_HCR_UIE;
+ arm_write_sysreg(ICH_HCR_EL2, hcr);
+
+ return -EBUSY;
+ }
+
+ lr = irq->virt_id;
+ /* Only group 1 interrupts */
+ lr |= ICH_LR_GROUP_BIT;
+ lr |= ICH_LR_PENDING;
+ if (irq->hw) {
+ lr |= ICH_LR_HW_BIT;
+ lr |= (u64)irq->type.irq << ICH_LR_PHYS_ID_SHIFT;
+ } else if (irq->type.sgi.maintenance) {
+ lr |= ICH_LR_SGI_EOI;
+ }
+
+ gic_write_lr(free_lr, lr);
+
return 0;
}

diff --git a/hypervisor/arch/arm/include/asm/control.h b/hypervisor/arch/arm/include/asm/control.h
index c974bc1..1e90148 100644
--- a/hypervisor/arch/arm/include/asm/control.h
+++ b/hypervisor/arch/arm/include/asm/control.h
@@ -20,6 +20,7 @@

int arch_mmu_cell_init(struct cell *cell);
int arch_mmu_cpu_cell_init(struct per_cpu *cpu_data);
+void arch_handle_sgi(struct per_cpu *cpu_data, u32 irqn);
void arch_handle_trap(struct per_cpu *cpu_data, struct registers *guest_regs);
void arch_handle_exit(struct per_cpu *cpu_data, struct registers *guest_regs);

diff --git a/hypervisor/arch/arm/include/asm/irqchip.h b/hypervisor/arch/arm/include/asm/irqchip.h
index 3fa37fd..a6b05e4 100644
--- a/hypervisor/arch/arm/include/asm/irqchip.h
+++ b/hypervisor/arch/arm/include/asm/irqchip.h
@@ -81,6 +81,7 @@ void irqchip_handle_irq(struct per_cpu *cpu_data);
int irqchip_inject_pending(struct per_cpu *cpu_data);
int irqchip_insert_pending(struct per_cpu *cpu_data, struct pending_irq *irq);
int irqchip_remove_pending(struct per_cpu *cpu_data, struct pending_irq *irq);
+int irqchip_set_pending(struct per_cpu *cpu_data, u32 irq_id, bool try_inject);

#endif /* __ASSEMBLY__ */
#endif /* _JAILHOUSE_ASM_IRQCHIP_H */
diff --git a/hypervisor/arch/arm/include/asm/platform.h b/hypervisor/arch/arm/include/asm/platform.h
index a69d744..8316689 100644
--- a/hypervisor/arch/arm/include/asm/platform.h
+++ b/hypervisor/arch/arm/include/asm/platform.h
@@ -36,6 +36,8 @@
# include <asm/gic_v3.h>
# endif /* GIC */

+# define MAINTENANCE_IRQ 25
+
#endif /* CONFIG_ARCH_VEXPRESS */
#endif /* !__ASSEMBLY__ */
#endif /* !_JAILHOUSE_ASM_PLATFORM_H */
diff --git a/hypervisor/arch/arm/irqchip.c b/hypervisor/arch/arm/irqchip.c
index 75acdd7..41f9754 100644
--- a/hypervisor/arch/arm/irqchip.c
+++ b/hypervisor/arch/arm/irqchip.c
@@ -105,6 +105,29 @@ int irqchip_insert_pending(struct per_cpu *cpu_data, struct pending_irq *irq)
return 0;
}

+int irqchip_set_pending(struct per_cpu *cpu_data, u32 irq_id, bool try_inject)
+{
+ struct pending_irq pending;
+
+ pending.virt_id = irq_id;
+ /* Priority must be less than ICC_PMR */
+ pending.priority = 0;
+
+ if (is_sgi(irq_id)) {
+ pending.hw = 0;
+ pending.type.sgi.maintenance = 0;
+ pending.type.sgi.cpuid = 0;
+ } else {
+ pending.hw = 1;
+ pending.type.irq = irq_id;
+ }
+
+ if (try_inject && irqchip.inject_irq(cpu_data, &pending) == 0)
+ return 0;
+
+ return irqchip_insert_pending(cpu_data, &pending);
+}
+
/*
* Only executed by `irqchip_inject_pending' on a CPU to inject its own stuff.
*/

This patch allows to boot the new guests with an -almost- empty context.
The reset function is still missing Performance Monitor, debug, SIMD and
float registers.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/control.c | 71 ++++++++++++++++++++++++++++-
hypervisor/arch/arm/include/asm/sysregs.h | 41 ++++++++++++++++-
2 files changed, 109 insertions(+), 3 deletions(-)

diff --git a/hypervisor/arch/arm/control.c b/hypervisor/arch/arm/control.c
index 9df8f04..f8941a4 100644
--- a/hypervisor/arch/arm/control.c
+++ b/hypervisor/arch/arm/control.c
@@ -12,11 +12,77 @@

#include <asm/control.h>
#include <asm/irqchip.h>
+#include <asm/sysregs.h>
#include <asm/traps.h>
#include <jailhouse/control.h>
#include <jailhouse/printk.h>
#include <jailhouse/string.h>

+static void arch_reset_el1(struct registers *regs)
+{
+ /* Wipe all banked and usr regs */
+ memset(regs, 0, sizeof(struct registers));
+
+ arm_write_banked_reg(SP_usr, 0);
+ arm_write_banked_reg(SP_svc, 0);
+ arm_write_banked_reg(SP_abt, 0);
+ arm_write_banked_reg(SP_und, 0);
+ arm_write_banked_reg(SP_svc, 0);
+ arm_write_banked_reg(SP_irq, 0);
+ arm_write_banked_reg(SP_fiq, 0);
+ arm_write_banked_reg(LR_svc, 0);
+ arm_write_banked_reg(LR_abt, 0);
+ arm_write_banked_reg(LR_und, 0);
+ arm_write_banked_reg(LR_svc, 0);
+ arm_write_banked_reg(LR_irq, 0);
+ arm_write_banked_reg(LR_fiq, 0);
+ arm_write_banked_reg(R8_fiq, 0);
+ arm_write_banked_reg(R9_fiq, 0);
+ arm_write_banked_reg(R10_fiq, 0);
+ arm_write_banked_reg(R11_fiq, 0);
+ arm_write_banked_reg(R12_fiq, 0);
+ arm_write_banked_reg(SPSR_svc, 0);
+ arm_write_banked_reg(SPSR_abt, 0);
+ arm_write_banked_reg(SPSR_und, 0);
+ arm_write_banked_reg(SPSR_svc, 0);
+ arm_write_banked_reg(SPSR_irq, 0);
+ arm_write_banked_reg(SPSR_fiq, 0);
+
+ /* Wipe the system registers */
+ arm_write_sysreg(SCTLR_EL1, 0);
+ arm_write_sysreg(ACTLR_EL1, 0);
+ arm_write_sysreg(CPACR_EL1, 0);
+ arm_write_sysreg(CONTEXTIDR_EL1, 0);
+ arm_write_sysreg(PAR_EL1, 0);
+ arm_write_sysreg(TTBR0_EL1, 0);
+ arm_write_sysreg(TTBR1_EL1, 0);
+ arm_write_sysreg(CSSELR_EL1, 0);
+
+ arm_write_sysreg(CNTKCTL_EL1, 0);
+ arm_write_sysreg(CNTP_CTL_EL0, 0);
+ arm_write_sysreg(CNTP_CVAL_EL0, 0);
+ arm_write_sysreg(CNTV_CTL_EL0, 0);
+ arm_write_sysreg(CNTV_CVAL_EL0, 0);
+
+ /* AArch32 specific */
+ arm_write_sysreg(TTBCR, 0);
+ arm_write_sysreg(DACR, 0);
+ arm_write_sysreg(VBAR, 0);
+ arm_write_sysreg(DFSR, 0);
+ arm_write_sysreg(DFAR, 0);
+ arm_write_sysreg(IFSR, 0);
+ arm_write_sysreg(IFAR, 0);
+ arm_write_sysreg(ADFSR, 0);
+ arm_write_sysreg(AIFSR, 0);
+ arm_write_sysreg(MAIR0, 0);
+ arm_write_sysreg(MAIR1, 0);
+ arm_write_sysreg(AMAIR0, 0);
+ arm_write_sysreg(AMAIR1, 0);
+ arm_write_sysreg(TPIDRURW, 0);
+ arm_write_sysreg(TPIDRURO, 0);
+ arm_write_sysreg(TPIDRPRW, 0);
+}
+
static void arch_reset_self(struct per_cpu *cpu_data)
{
int err;
@@ -43,11 +109,12 @@ static void arch_reset_self(struct per_cpu *cpu_data)
else
reset_address = 0;

+ /* Restore an empty context */
+ arch_reset_el1(regs);
+
arm_write_banked_reg(ELR_hyp, reset_address);
arm_write_banked_reg(SPSR_hyp, RESET_PSR);
- memset(regs, 0, sizeof(struct registers));

- /* Restore an empty context */
vmreturn(regs);
}

diff --git a/hypervisor/arch/arm/include/asm/sysregs.h b/hypervisor/arch/arm/include/asm/sysregs.h
index b2aaf06..9ed2d4e 100644
--- a/hypervisor/arch/arm/include/asm/sysregs.h
+++ b/hypervisor/arch/arm/include/asm/sysregs.h
@@ -32,6 +32,11 @@
#define MPIDR_EL1 SYSREG_32(0, c0, c0, 5)
#define ID_PFR0_EL1 SYSREG_32(0, c0, c1, 0)
#define ID_PFR1_EL1 SYSREG_32(0, c0, c1, 1)
+#define SCTLR_EL1 SYSREG_32(0, c1, c0, 0)
+#define ACTLR_EL1 SYSREG_32(0, c1, c0, 1)
+#define CPACR_EL1 SYSREG_32(0, c1, c0, 2)
+#define CONTEXTIDR_EL1 SYSREG_32(0, c13, c0, 1)
+#define CSSELR_EL1 SYSREG_32(2, c0, c0, 0)
#define SCTLR_EL2 SYSREG_32(4, c1, c0, 0)
#define ESR_EL2 SYSREG_32(4, c5, c2, 0)
#define TPIDR_EL2 SYSREG_32(4, c13, c0, 2)
@@ -40,15 +45,49 @@
#define VTTBR_EL2 SYSREG_64(6, c2)
#define VTCR_EL2 SYSREG_32(4, c2, c1, 2)

+#define TTBR0_EL1 SYSREG_64(0, c2)
+#define TTBR1_EL1 SYSREG_64(1, c2)
#define PAR_EL1 SYSREG_64(0, c7)

-/* AArch32-specific registers */
+#define CNTKCTL_EL1 SYSREG_32(0, c14, c1, 0)
+#define CNTP_TVAL_EL0 SYSREG_32(0, c14, c2, 0)
+#define CNTP_CTL_EL0 SYSREG_32(0, c14, c2, 1)
+#define CNTP_CVAL_EL0 SYSREG_64(2, c14)
+#define CNTV_TVAL_EL0 SYSREG_32(0, c14, c3, 0)
+#define CNTV_CTL_EL0 SYSREG_32(0, c14, c3, 1)
+#define CNTV_CVAL_EL0 SYSREG_64(3, c14)
+
+/*
+ * AArch32-specific registers: they are 64bit on AArch64, and will need some
+ * helpers if used frequently.
+ */
+#define TTBCR SYSREG_32(0, c2, c0, 2)
+#define DACR SYSREG_32(0, c3, c0, 0)
+#define VBAR SYSREG_32(0, c12, c0, 0)
#define HCR SYSREG_32(4, c1, c1, 0)
#define HCR2 SYSREG_32(4, c1, c1, 4)
#define HMAIR0 SYSREG_32(4, c10, c2, 0)
#define HMAIR1 SYSREG_32(4, c10, c2, 1)
#define HVBAR SYSREG_32(4, c12, c0, 0)

+/* Mapped to ESR, IFSR32 and FAR in AArch64 */
+#define DFSR SYSREG_32(0, c5, c0, 0)
+#define DFAR SYSREG_32(0, c6, c0, 0)
+#define IFSR SYSREG_32(0, c5, c0, 1)
+#define IFAR SYSREG_32(0, c6, c0, 2)
+#define ADFSR SYSREG_32(0, c5, c1, 0)
+#define AIFSR SYSREG_32(0, c5, c1, 1)
+
+/* Mapped to MAIR_EL1 */
+#define MAIR0 SYSREG_32(0, c10, c2, 0)
+#define MAIR1 SYSREG_32(0, c10, c2, 1)
+#define AMAIR0 SYSREG_32(0, c10, c3, 0)
+#define AMAIR1 SYSREG_32(0, c10, c3, 1)
+
+#define TPIDRURW SYSREG_32(0, c13, c0, 2)
+#define TPIDRURO SYSREG_32(0, c13, c0, 3)
+#define TPIDRPRW SYSREG_32(0, c13, c0, 4)
+
#define ATS1HR SYSREG_32(4, c7, c8, 0)

#define TLBIALL SYSREG_32(0, c8, c7, 0)

This patch implements two cases:
- When an error occurs before setting up EL2, there is nothing much
to do except restore the linux registers stored in the per_cpu
datas.
- When it happens after EL2 setup, arch_cpu_restore copies the saved
registers on the stack, and continues into arch_shutdown_self

When it happens during the MMU setup, chances of recovering a clean
state are pretty thin anyway. The bootstrap vectors could be used to
catch and dump a minimal context (which would require a raw_printk
implementation), but we cowardly ignore this case for the moment.

Signed-off-by: Jean-Philippe Brucker <jean-***@arm.com>
---
hypervisor/arch/arm/entry.S | 39 +++++++++++++++++++++-------
hypervisor/arch/arm/include/asm/setup.h | 42 ++++++++++++++++++++-----------
hypervisor/arch/arm/irqchip.c | 5 ++++
hypervisor/arch/arm/setup.c | 18 ++++++++++++-
4 files changed, 80 insertions(+), 24 deletions(-)

diff --git a/hypervisor/arch/arm/entry.S b/hypervisor/arch/arm/entry.S
index 2dd1a9a..6f9178c 100644
--- a/hypervisor/arch/arm/entry.S
+++ b/hypervisor/arch/arm/entry.S
@@ -21,25 +21,46 @@ arch_entry:
push {r0 - r12}

ldr r1, =__page_pool
- mov r2, #1
- lsl r2, #PERCPU_SIZE_SHIFT
+ mov r4, #1
+ lsl r4, #PERCPU_SIZE_SHIFT
/*
* percpu data = pool + cpuid * shift
* TODO: handle aff1 and aff2
*/
- mla r1, r2, r0, r1
- add r2, r1, #PERCPU_LINUX_SP
+ mla r1, r4, r0, r1
+ add r4, r1, #PERCPU_LINUX_SP

- /* Save SP, LR, CPSR */
- str sp, [r2], #4
- str lr, [r2], #4
+ /*
+ * Save SP, LR, CPSR
+ * r4 is used so that they can be easily retrieved on failure.
+ */
+ str sp, [r4], #4
+ str lr, [r4], #4
mrs r3, cpsr
- str r3, [r2]
+ str r3, [r4]

mov sp, r1
add sp, #PERCPU_STACK_END
+ /*
+ * Keep some space for a struct registers, in case setup fails and needs
+ * to return to the driver through the arch_shutdown_self path.
+ */
+ sub sp, #((NUM_USR_REGS + 1) * 4)
/* Call entry(cpuid, struct per_cpu*) */
- b entry
+ bl entry
+
+ /*
+ * entry only returns here when there is an error before setting up EL2
+ */
+ ldr r3, [r4], #-4
+ msr spsr, r3
+ ldr lr, [r4], #-4
+ ldr sp, [r4]
+
+ /* Keep the return value in r0 */
+ pop {r1}
+ pop {r1 - r12}
+ subs pc, lr, #0

.globl bootstrap_vectors
.align 5
diff --git a/hypervisor/arch/arm/include/asm/setup.h b/hypervisor/arch/arm/include/asm/setup.h
index ca9acaf..4a2ab6e 100644
--- a/hypervisor/arch/arm/include/asm/setup.h
+++ b/hypervisor/arch/arm/include/asm/setup.h
@@ -18,33 +18,47 @@

#ifndef __ASSEMBLY__

+#include <jailhouse/string.h>
+
static inline void __attribute__((always_inline))
-cpu_return_el1(struct per_cpu *cpu_data)
+cpu_return_el1(struct per_cpu *cpu_data, bool panic)
{
- /* Return value */
- cpu_data->linux_reg[0] = 0;
-
- asm volatile(
- /* Reset the hypervisor stack */
- "mov sp, %4\n"
+ /*
+ * Return value
+ * FIXME: there is no way, currently, to communicate the precise error
+ * number from the core. A `EDISASTER' would be appropriate here.
+ */
+ cpu_data->linux_reg[0] = (panic ? -EIO : 0);

+ asm volatile (
"msr sp_svc, %0\n"
"msr elr_hyp, %1\n"
"msr spsr_hyp, %2\n"
+ :
+ : "r" (cpu_data->linux_sp + (NUM_ENTRY_REGS * sizeof(unsigned long))),
+ "r" (cpu_data->linux_ret),
+ "r" (cpu_data->linux_flags));
+
+ if (panic) {
+ /* A panicking return needs to shutdown EL2 before the ERET. */
+ struct registers *ctx = guest_regs(cpu_data);
+ memcpy(&ctx->usr, &cpu_data->linux_reg, NUM_ENTRY_REGS);
+ return;
+ }
+
+ asm volatile(
+ /* Reset the hypervisor stack */
+ "mov sp, %0\n"
/*
* We don't care about clobbering the other registers from now on. Must
* be in sync with arch_entry.
*/
- "ldm %3, {r0 - r12}\n"
+ "ldm %1, {r0 - r12}\n"
/* After this, the kernel won't be able to access the hypervisor code */
"eret\n"
:
- : "r" (cpu_data->linux_sp + (NUM_ENTRY_REGS * sizeof(unsigned long))),
- "r" (cpu_data->linux_ret),
- "r" (cpu_data->linux_flags),
- "r" (cpu_data->linux_reg),
- "r" (cpu_data->stack + PERCPU_STACK_END)
- :);
+ : "r" (cpu_data->stack + PERCPU_STACK_END),
+ "r" (cpu_data->linux_reg));
}

int switch_exception_level(struct per_cpu *cpu_data);
diff --git a/hypervisor/arch/arm/irqchip.c b/hypervisor/arch/arm/irqchip.c
index b1a9a59..7f667cc 100644
--- a/hypervisor/arch/arm/irqchip.c
+++ b/hypervisor/arch/arm/irqchip.c
@@ -225,6 +225,11 @@ int irqchip_cpu_reset(struct per_cpu *cpu_data)

void irqchip_cpu_shutdown(struct per_cpu *cpu_data)
{
+ /*
+ * The GIC backend must take care of only resetting the hyp interface if
+ * it has been initialised: this function may be executed during the
+ * setup phase.
+ */
if (irqchip.cpu_reset)
irqchip.cpu_reset(cpu_data, true);
}
diff --git a/hypervisor/arch/arm/setup.c b/hypervisor/arch/arm/setup.c
index d4785b8..0006611 100644
--- a/hypervisor/arch/arm/setup.c
+++ b/hypervisor/arch/arm/setup.c
@@ -113,7 +113,7 @@ int arch_init_late(void)
void arch_cpu_activate_vmm(struct per_cpu *cpu_data)
{
/* Return to the kernel */
- cpu_return_el1(cpu_data);
+ cpu_return_el1(cpu_data, false);

while (1);
}
@@ -175,4 +175,20 @@ void arch_shutdown(void)

void arch_cpu_restore(struct per_cpu *cpu_data)
{
+ /*
+ * If we haven't reached switch_exception_level yet, there is nothing to
+ * clean up.
+ */
+ if (!is_el2())
+ return;
+
+ /*
+ * Otherwise, attempt do disable the MMU and return to EL1 using the
+ * arch_shutdown path. cpu_return will fill the banked registers and the
+ * guest regs structure (stored at the begginning of the stack) to
+ * prepare the ERET.
+ */
+ cpu_return_el1(cpu_data, true);
+
+ arch_shutdown_self(cpu_data);
}