|  | /* | 
|  | * QEMU emulation of an RISC-V IOMMU | 
|  | * | 
|  | * Copyright (C) 2021-2023, Rivos Inc. | 
|  | * | 
|  | * This program is free software; you can redistribute it and/or modify it | 
|  | * under the terms and conditions of the GNU General Public License, | 
|  | * version 2 or later, as published by the Free Software Foundation. | 
|  | * | 
|  | * This program is distributed in the hope that it will be useful, | 
|  | * but WITHOUT ANY WARRANTY; without even the implied warranty of | 
|  | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | 
|  | * GNU General Public License for more details. | 
|  | * | 
|  | * You should have received a copy of the GNU General Public License along | 
|  | * with this program; if not, see <http://www.gnu.org/licenses/>. | 
|  | */ | 
|  |  | 
|  | #include "qemu/osdep.h" | 
|  | #include "qom/object.h" | 
|  | #include "exec/target_page.h" | 
|  | #include "hw/pci/pci_bus.h" | 
|  | #include "hw/pci/pci_device.h" | 
|  | #include "hw/qdev-properties.h" | 
|  | #include "hw/riscv/riscv_hart.h" | 
|  | #include "migration/vmstate.h" | 
|  | #include "qapi/error.h" | 
|  | #include "qemu/timer.h" | 
|  |  | 
|  | #include "cpu_bits.h" | 
|  | #include "riscv-iommu.h" | 
|  | #include "riscv-iommu-bits.h" | 
|  | #include "riscv-iommu-hpm.h" | 
|  | #include "trace.h" | 
|  |  | 
|  | #define LIMIT_CACHE_CTX               (1U << 7) | 
|  | #define LIMIT_CACHE_IOT               (1U << 20) | 
|  |  | 
|  | /* Physical page number coversions */ | 
|  | #define PPN_PHYS(ppn)                 ((ppn) << TARGET_PAGE_BITS) | 
|  | #define PPN_DOWN(phy)                 ((phy) >> TARGET_PAGE_BITS) | 
|  |  | 
|  | typedef struct RISCVIOMMUEntry RISCVIOMMUEntry; | 
|  |  | 
|  | /* Device assigned I/O address space */ | 
|  | struct RISCVIOMMUSpace { | 
|  | IOMMUMemoryRegion iova_mr;  /* IOVA memory region for attached device */ | 
|  | AddressSpace iova_as;       /* IOVA address space for attached device */ | 
|  | RISCVIOMMUState *iommu;     /* Managing IOMMU device state */ | 
|  | uint32_t devid;             /* Requester identifier, AKA device_id */ | 
|  | bool notifier;              /* IOMMU unmap notifier enabled */ | 
|  | QLIST_ENTRY(RISCVIOMMUSpace) list; | 
|  | }; | 
|  |  | 
|  | typedef enum RISCVIOMMUTransTag { | 
|  | RISCV_IOMMU_TRANS_TAG_BY,  /* Bypass */ | 
|  | RISCV_IOMMU_TRANS_TAG_SS,  /* Single Stage */ | 
|  | RISCV_IOMMU_TRANS_TAG_VG,  /* G-stage only */ | 
|  | RISCV_IOMMU_TRANS_TAG_VN,  /* Nested translation */ | 
|  | } RISCVIOMMUTransTag; | 
|  |  | 
|  | /* Address translation cache entry */ | 
|  | struct RISCVIOMMUEntry { | 
|  | RISCVIOMMUTransTag tag;     /* Translation Tag */ | 
|  | uint64_t iova:44;           /* IOVA Page Number */ | 
|  | uint64_t pscid:20;          /* Process Soft-Context identifier */ | 
|  | uint64_t phys:44;           /* Physical Page Number */ | 
|  | uint64_t gscid:16;          /* Guest Soft-Context identifier */ | 
|  | uint64_t perm:2;            /* IOMMU_RW flags */ | 
|  | }; | 
|  |  | 
|  | /* IOMMU index for transactions without process_id specified. */ | 
|  | #define RISCV_IOMMU_NOPROCID 0 | 
|  |  | 
|  | static uint8_t riscv_iommu_get_icvec_vector(uint32_t icvec, uint32_t vec_type) | 
|  | { | 
|  | switch (vec_type) { | 
|  | case RISCV_IOMMU_INTR_CQ: | 
|  | return icvec & RISCV_IOMMU_ICVEC_CIV; | 
|  | case RISCV_IOMMU_INTR_FQ: | 
|  | return (icvec & RISCV_IOMMU_ICVEC_FIV) >> 4; | 
|  | case RISCV_IOMMU_INTR_PM: | 
|  | return (icvec & RISCV_IOMMU_ICVEC_PMIV) >> 8; | 
|  | case RISCV_IOMMU_INTR_PQ: | 
|  | return (icvec & RISCV_IOMMU_ICVEC_PIV) >> 12; | 
|  | default: | 
|  | g_assert_not_reached(); | 
|  | } | 
|  | } | 
|  |  | 
|  | void riscv_iommu_notify(RISCVIOMMUState *s, int vec_type) | 
|  | { | 
|  | uint32_t ipsr, icvec, vector; | 
|  |  | 
|  | if (!s->notify) { | 
|  | return; | 
|  | } | 
|  |  | 
|  | icvec = riscv_iommu_reg_get32(s, RISCV_IOMMU_REG_ICVEC); | 
|  | ipsr = riscv_iommu_reg_mod32(s, RISCV_IOMMU_REG_IPSR, (1 << vec_type), 0); | 
|  |  | 
|  | if (!(ipsr & (1 << vec_type))) { | 
|  | vector = riscv_iommu_get_icvec_vector(icvec, vec_type); | 
|  | s->notify(s, vector); | 
|  | trace_riscv_iommu_notify_int_vector(vec_type, vector); | 
|  | } | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_fault(RISCVIOMMUState *s, | 
|  | struct riscv_iommu_fq_record *ev) | 
|  | { | 
|  | uint32_t ctrl = riscv_iommu_reg_get32(s, RISCV_IOMMU_REG_FQCSR); | 
|  | uint32_t head = riscv_iommu_reg_get32(s, RISCV_IOMMU_REG_FQH) & s->fq_mask; | 
|  | uint32_t tail = riscv_iommu_reg_get32(s, RISCV_IOMMU_REG_FQT) & s->fq_mask; | 
|  | uint32_t next = (tail + 1) & s->fq_mask; | 
|  | uint32_t devid = get_field(ev->hdr, RISCV_IOMMU_FQ_HDR_DID); | 
|  |  | 
|  | trace_riscv_iommu_flt(s->parent_obj.id, PCI_BUS_NUM(devid), PCI_SLOT(devid), | 
|  | PCI_FUNC(devid), ev->hdr, ev->iotval); | 
|  |  | 
|  | if (!(ctrl & RISCV_IOMMU_FQCSR_FQON) || | 
|  | !!(ctrl & (RISCV_IOMMU_FQCSR_FQOF | RISCV_IOMMU_FQCSR_FQMF))) { | 
|  | return; | 
|  | } | 
|  |  | 
|  | if (head == next) { | 
|  | riscv_iommu_reg_mod32(s, RISCV_IOMMU_REG_FQCSR, | 
|  | RISCV_IOMMU_FQCSR_FQOF, 0); | 
|  | } else { | 
|  | dma_addr_t addr = s->fq_addr + tail * sizeof(*ev); | 
|  | if (dma_memory_write(s->target_as, addr, ev, sizeof(*ev), | 
|  | MEMTXATTRS_UNSPECIFIED) != MEMTX_OK) { | 
|  | riscv_iommu_reg_mod32(s, RISCV_IOMMU_REG_FQCSR, | 
|  | RISCV_IOMMU_FQCSR_FQMF, 0); | 
|  | } else { | 
|  | riscv_iommu_reg_set32(s, RISCV_IOMMU_REG_FQT, next); | 
|  | } | 
|  | } | 
|  |  | 
|  | if (ctrl & RISCV_IOMMU_FQCSR_FIE) { | 
|  | riscv_iommu_notify(s, RISCV_IOMMU_INTR_FQ); | 
|  | } | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_pri(RISCVIOMMUState *s, | 
|  | struct riscv_iommu_pq_record *pr) | 
|  | { | 
|  | uint32_t ctrl = riscv_iommu_reg_get32(s, RISCV_IOMMU_REG_PQCSR); | 
|  | uint32_t head = riscv_iommu_reg_get32(s, RISCV_IOMMU_REG_PQH) & s->pq_mask; | 
|  | uint32_t tail = riscv_iommu_reg_get32(s, RISCV_IOMMU_REG_PQT) & s->pq_mask; | 
|  | uint32_t next = (tail + 1) & s->pq_mask; | 
|  | uint32_t devid = get_field(pr->hdr, RISCV_IOMMU_PREQ_HDR_DID); | 
|  |  | 
|  | trace_riscv_iommu_pri(s->parent_obj.id, PCI_BUS_NUM(devid), PCI_SLOT(devid), | 
|  | PCI_FUNC(devid), pr->payload); | 
|  |  | 
|  | if (!(ctrl & RISCV_IOMMU_PQCSR_PQON) || | 
|  | !!(ctrl & (RISCV_IOMMU_PQCSR_PQOF | RISCV_IOMMU_PQCSR_PQMF))) { | 
|  | return; | 
|  | } | 
|  |  | 
|  | if (head == next) { | 
|  | riscv_iommu_reg_mod32(s, RISCV_IOMMU_REG_PQCSR, | 
|  | RISCV_IOMMU_PQCSR_PQOF, 0); | 
|  | } else { | 
|  | dma_addr_t addr = s->pq_addr + tail * sizeof(*pr); | 
|  | if (dma_memory_write(s->target_as, addr, pr, sizeof(*pr), | 
|  | MEMTXATTRS_UNSPECIFIED) != MEMTX_OK) { | 
|  | riscv_iommu_reg_mod32(s, RISCV_IOMMU_REG_PQCSR, | 
|  | RISCV_IOMMU_PQCSR_PQMF, 0); | 
|  | } else { | 
|  | riscv_iommu_reg_set32(s, RISCV_IOMMU_REG_PQT, next); | 
|  | } | 
|  | } | 
|  |  | 
|  | if (ctrl & RISCV_IOMMU_PQCSR_PIE) { | 
|  | riscv_iommu_notify(s, RISCV_IOMMU_INTR_PQ); | 
|  | } | 
|  | } | 
|  |  | 
|  | /* | 
|  | * Discards all bits from 'val' whose matching bits in the same | 
|  | * positions in the mask 'ext' are zeros, and packs the remaining | 
|  | * bits from 'val' contiguously at the least-significant end of the | 
|  | * result, keeping the same bit order as 'val' and filling any | 
|  | * other bits at the most-significant end of the result with zeros. | 
|  | * | 
|  | * For example, for the following 'val' and 'ext', the return 'ret' | 
|  | * will be: | 
|  | * | 
|  | * val = a b c d e f g h | 
|  | * ext = 1 0 1 0 0 1 1 0 | 
|  | * ret = 0 0 0 0 a c f g | 
|  | * | 
|  | * This function, taken from the riscv-iommu 1.0 spec, section 2.3.3 | 
|  | * "Process to translate addresses of MSIs", is similar to bit manip | 
|  | * function PEXT (Parallel bits extract) from x86. | 
|  | */ | 
|  | static uint64_t riscv_iommu_pext_u64(uint64_t val, uint64_t ext) | 
|  | { | 
|  | uint64_t ret = 0; | 
|  | uint64_t rot = 1; | 
|  |  | 
|  | while (ext) { | 
|  | if (ext & 1) { | 
|  | if (val & 1) { | 
|  | ret |= rot; | 
|  | } | 
|  | rot <<= 1; | 
|  | } | 
|  | val >>= 1; | 
|  | ext >>= 1; | 
|  | } | 
|  |  | 
|  | return ret; | 
|  | } | 
|  |  | 
|  | /* Check if GPA matches MSI/MRIF pattern. */ | 
|  | static bool riscv_iommu_msi_check(RISCVIOMMUState *s, RISCVIOMMUContext *ctx, | 
|  | dma_addr_t gpa) | 
|  | { | 
|  | if (!s->enable_msi) { | 
|  | return false; | 
|  | } | 
|  |  | 
|  | if (get_field(ctx->msiptp, RISCV_IOMMU_DC_MSIPTP_MODE) != | 
|  | RISCV_IOMMU_DC_MSIPTP_MODE_FLAT) { | 
|  | return false; /* Invalid MSI/MRIF mode */ | 
|  | } | 
|  |  | 
|  | if ((PPN_DOWN(gpa) ^ ctx->msi_addr_pattern) & ~ctx->msi_addr_mask) { | 
|  | return false; /* GPA not in MSI range defined by AIA IMSIC rules. */ | 
|  | } | 
|  |  | 
|  | return true; | 
|  | } | 
|  |  | 
|  | /* | 
|  | * RISCV IOMMU Address Translation Lookup - Page Table Walk | 
|  | * | 
|  | * Note: Code is based on get_physical_address() from target/riscv/cpu_helper.c | 
|  | * Both implementation can be merged into single helper function in future. | 
|  | * Keeping them separate for now, as error reporting and flow specifics are | 
|  | * sufficiently different for separate implementation. | 
|  | * | 
|  | * @s        : IOMMU Device State | 
|  | * @ctx      : Translation context for device id and process address space id. | 
|  | * @iotlb    : translation data: physical address and access mode. | 
|  | * @return   : success or fault cause code. | 
|  | */ | 
|  | static int riscv_iommu_spa_fetch(RISCVIOMMUState *s, RISCVIOMMUContext *ctx, | 
|  | IOMMUTLBEntry *iotlb) | 
|  | { | 
|  | dma_addr_t addr, base; | 
|  | uint64_t satp, gatp, pte; | 
|  | bool en_s, en_g; | 
|  | struct { | 
|  | unsigned char step; | 
|  | unsigned char levels; | 
|  | unsigned char ptidxbits; | 
|  | unsigned char ptesize; | 
|  | } sc[2]; | 
|  | /* Translation stage phase */ | 
|  | enum { | 
|  | S_STAGE = 0, | 
|  | G_STAGE = 1, | 
|  | } pass; | 
|  | MemTxResult ret; | 
|  |  | 
|  | satp = get_field(ctx->satp, RISCV_IOMMU_ATP_MODE_FIELD); | 
|  | gatp = get_field(ctx->gatp, RISCV_IOMMU_ATP_MODE_FIELD); | 
|  |  | 
|  | en_s = satp != RISCV_IOMMU_DC_FSC_MODE_BARE; | 
|  | en_g = gatp != RISCV_IOMMU_DC_IOHGATP_MODE_BARE; | 
|  |  | 
|  | /* | 
|  | * Early check for MSI address match when IOVA == GPA. | 
|  | * Note that the (!en_s) condition means that the MSI | 
|  | * page table may only be used when guest pages are | 
|  | * mapped using the g-stage page table, whether single- | 
|  | * or two-stage paging is enabled. It's unavoidable though, | 
|  | * because the spec mandates that we do a first-stage | 
|  | * translation before we check the MSI page table, which | 
|  | * means we can't do an early MSI check unless we have | 
|  | * strictly !en_s. | 
|  | */ | 
|  | if (!en_s && (iotlb->perm & IOMMU_WO) && | 
|  | riscv_iommu_msi_check(s, ctx, iotlb->iova)) { | 
|  | iotlb->target_as = &s->trap_as; | 
|  | iotlb->translated_addr = iotlb->iova; | 
|  | iotlb->addr_mask = ~TARGET_PAGE_MASK; | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | /* Exit early for pass-through mode. */ | 
|  | if (!(en_s || en_g)) { | 
|  | iotlb->translated_addr = iotlb->iova; | 
|  | iotlb->addr_mask = ~TARGET_PAGE_MASK; | 
|  | /* Allow R/W in pass-through mode */ | 
|  | iotlb->perm = IOMMU_RW; | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | /* S/G translation parameters. */ | 
|  | for (pass = 0; pass < 2; pass++) { | 
|  | uint32_t sv_mode; | 
|  |  | 
|  | sc[pass].step = 0; | 
|  | if (pass ? (s->fctl & RISCV_IOMMU_FCTL_GXL) : | 
|  | (ctx->tc & RISCV_IOMMU_DC_TC_SXL)) { | 
|  | /* 32bit mode for GXL/SXL == 1 */ | 
|  | switch (pass ? gatp : satp) { | 
|  | case RISCV_IOMMU_DC_IOHGATP_MODE_BARE: | 
|  | sc[pass].levels    = 0; | 
|  | sc[pass].ptidxbits = 0; | 
|  | sc[pass].ptesize   = 0; | 
|  | break; | 
|  | case RISCV_IOMMU_DC_IOHGATP_MODE_SV32X4: | 
|  | sv_mode = pass ? RISCV_IOMMU_CAP_SV32X4 : RISCV_IOMMU_CAP_SV32; | 
|  | if (!(s->cap & sv_mode)) { | 
|  | return RISCV_IOMMU_FQ_CAUSE_DDT_MISCONFIGURED; | 
|  | } | 
|  | sc[pass].levels    = 2; | 
|  | sc[pass].ptidxbits = 10; | 
|  | sc[pass].ptesize   = 4; | 
|  | break; | 
|  | default: | 
|  | return RISCV_IOMMU_FQ_CAUSE_DDT_MISCONFIGURED; | 
|  | } | 
|  | } else { | 
|  | /* 64bit mode for GXL/SXL == 0 */ | 
|  | switch (pass ? gatp : satp) { | 
|  | case RISCV_IOMMU_DC_IOHGATP_MODE_BARE: | 
|  | sc[pass].levels    = 0; | 
|  | sc[pass].ptidxbits = 0; | 
|  | sc[pass].ptesize   = 0; | 
|  | break; | 
|  | case RISCV_IOMMU_DC_IOHGATP_MODE_SV39X4: | 
|  | sv_mode = pass ? RISCV_IOMMU_CAP_SV39X4 : RISCV_IOMMU_CAP_SV39; | 
|  | if (!(s->cap & sv_mode)) { | 
|  | return RISCV_IOMMU_FQ_CAUSE_DDT_MISCONFIGURED; | 
|  | } | 
|  | sc[pass].levels    = 3; | 
|  | sc[pass].ptidxbits = 9; | 
|  | sc[pass].ptesize   = 8; | 
|  | break; | 
|  | case RISCV_IOMMU_DC_IOHGATP_MODE_SV48X4: | 
|  | sv_mode = pass ? RISCV_IOMMU_CAP_SV48X4 : RISCV_IOMMU_CAP_SV48; | 
|  | if (!(s->cap & sv_mode)) { | 
|  | return RISCV_IOMMU_FQ_CAUSE_DDT_MISCONFIGURED; | 
|  | } | 
|  | sc[pass].levels    = 4; | 
|  | sc[pass].ptidxbits = 9; | 
|  | sc[pass].ptesize   = 8; | 
|  | break; | 
|  | case RISCV_IOMMU_DC_IOHGATP_MODE_SV57X4: | 
|  | sv_mode = pass ? RISCV_IOMMU_CAP_SV57X4 : RISCV_IOMMU_CAP_SV57; | 
|  | if (!(s->cap & sv_mode)) { | 
|  | return RISCV_IOMMU_FQ_CAUSE_DDT_MISCONFIGURED; | 
|  | } | 
|  | sc[pass].levels    = 5; | 
|  | sc[pass].ptidxbits = 9; | 
|  | sc[pass].ptesize   = 8; | 
|  | break; | 
|  | default: | 
|  | return RISCV_IOMMU_FQ_CAUSE_DDT_MISCONFIGURED; | 
|  | } | 
|  | } | 
|  | }; | 
|  |  | 
|  | /* S/G stages translation tables root pointers */ | 
|  | gatp = PPN_PHYS(get_field(ctx->gatp, RISCV_IOMMU_ATP_PPN_FIELD)); | 
|  | satp = PPN_PHYS(get_field(ctx->satp, RISCV_IOMMU_ATP_PPN_FIELD)); | 
|  | addr = (en_s && en_g) ? satp : iotlb->iova; | 
|  | base = en_g ? gatp : satp; | 
|  | pass = en_g ? G_STAGE : S_STAGE; | 
|  |  | 
|  | do { | 
|  | const unsigned widened = (pass && !sc[pass].step) ? 2 : 0; | 
|  | const unsigned va_bits = widened + sc[pass].ptidxbits; | 
|  | const unsigned va_skip = TARGET_PAGE_BITS + sc[pass].ptidxbits * | 
|  | (sc[pass].levels - 1 - sc[pass].step); | 
|  | const unsigned idx = (addr >> va_skip) & ((1 << va_bits) - 1); | 
|  | const dma_addr_t pte_addr = base + idx * sc[pass].ptesize; | 
|  | const bool ade = | 
|  | ctx->tc & (pass ? RISCV_IOMMU_DC_TC_GADE : RISCV_IOMMU_DC_TC_SADE); | 
|  |  | 
|  | /* Address range check before first level lookup */ | 
|  | if (!sc[pass].step) { | 
|  | const uint64_t va_len = va_skip + va_bits; | 
|  | const uint64_t va_mask = (1ULL << va_len) - 1; | 
|  |  | 
|  | if (pass == S_STAGE && va_len > 32) { | 
|  | target_ulong mask, masked_msbs; | 
|  |  | 
|  | mask = (1L << (TARGET_LONG_BITS - (va_len - 1))) - 1; | 
|  | masked_msbs = (addr >> (va_len - 1)) & mask; | 
|  |  | 
|  | if (masked_msbs != 0 && masked_msbs != mask) { | 
|  | return (iotlb->perm & IOMMU_WO) ? | 
|  | RISCV_IOMMU_FQ_CAUSE_WR_FAULT_S : | 
|  | RISCV_IOMMU_FQ_CAUSE_RD_FAULT_S; | 
|  | } | 
|  | } else { | 
|  | if ((addr & va_mask) != addr) { | 
|  | return (iotlb->perm & IOMMU_WO) ? | 
|  | RISCV_IOMMU_FQ_CAUSE_WR_FAULT_VS : | 
|  | RISCV_IOMMU_FQ_CAUSE_RD_FAULT_VS; | 
|  | } | 
|  | } | 
|  | } | 
|  |  | 
|  |  | 
|  | if (pass == S_STAGE) { | 
|  | riscv_iommu_hpm_incr_ctr(s, ctx, RISCV_IOMMU_HPMEVENT_S_VS_WALKS); | 
|  | } else { | 
|  | riscv_iommu_hpm_incr_ctr(s, ctx, RISCV_IOMMU_HPMEVENT_G_WALKS); | 
|  | } | 
|  |  | 
|  | /* Read page table entry */ | 
|  | if (sc[pass].ptesize == 4) { | 
|  | uint32_t pte32 = 0; | 
|  | ret = ldl_le_dma(s->target_as, pte_addr, &pte32, | 
|  | MEMTXATTRS_UNSPECIFIED); | 
|  | pte = pte32; | 
|  | } else { | 
|  | ret = ldq_le_dma(s->target_as, pte_addr, &pte, | 
|  | MEMTXATTRS_UNSPECIFIED); | 
|  | } | 
|  | if (ret != MEMTX_OK) { | 
|  | return (iotlb->perm & IOMMU_WO) ? RISCV_IOMMU_FQ_CAUSE_WR_FAULT | 
|  | : RISCV_IOMMU_FQ_CAUSE_RD_FAULT; | 
|  | } | 
|  |  | 
|  | sc[pass].step++; | 
|  | hwaddr ppn = pte >> PTE_PPN_SHIFT; | 
|  |  | 
|  | if (!(pte & PTE_V)) { | 
|  | break;                /* Invalid PTE */ | 
|  | } else if (!(pte & (PTE_R | PTE_W | PTE_X))) { | 
|  | base = PPN_PHYS(ppn); /* Inner PTE, continue walking */ | 
|  | } else if ((pte & (PTE_R | PTE_W | PTE_X)) == PTE_W) { | 
|  | break;                /* Reserved leaf PTE flags: PTE_W */ | 
|  | } else if ((pte & (PTE_R | PTE_W | PTE_X)) == (PTE_W | PTE_X)) { | 
|  | break;                /* Reserved leaf PTE flags: PTE_W + PTE_X */ | 
|  | } else if (ppn & ((1ULL << (va_skip - TARGET_PAGE_BITS)) - 1)) { | 
|  | break;                /* Misaligned PPN */ | 
|  | } else if ((iotlb->perm & IOMMU_RO) && !(pte & PTE_R)) { | 
|  | break;                /* Read access check failed */ | 
|  | } else if ((iotlb->perm & IOMMU_WO) && !(pte & PTE_W)) { | 
|  | break;                /* Write access check failed */ | 
|  | } else if ((iotlb->perm & IOMMU_RO) && !ade && !(pte & PTE_A)) { | 
|  | break;                /* Access bit not set */ | 
|  | } else if ((iotlb->perm & IOMMU_WO) && !ade && !(pte & PTE_D)) { | 
|  | break;                /* Dirty bit not set */ | 
|  | } else { | 
|  | /* Leaf PTE, translation completed. */ | 
|  | sc[pass].step = sc[pass].levels; | 
|  | base = PPN_PHYS(ppn) | (addr & ((1ULL << va_skip) - 1)); | 
|  | /* Update address mask based on smallest translation granularity */ | 
|  | iotlb->addr_mask &= (1ULL << va_skip) - 1; | 
|  | /* Continue with S-Stage translation? */ | 
|  | if (pass && sc[0].step != sc[0].levels) { | 
|  | pass = S_STAGE; | 
|  | addr = iotlb->iova; | 
|  | continue; | 
|  | } | 
|  | /* Translation phase completed (GPA or SPA) */ | 
|  | iotlb->translated_addr = base; | 
|  | iotlb->perm = (pte & PTE_W) ? ((pte & PTE_R) ? IOMMU_RW : IOMMU_WO) | 
|  | : IOMMU_RO; | 
|  |  | 
|  | /* Check MSI GPA address match */ | 
|  | if (pass == S_STAGE && (iotlb->perm & IOMMU_WO) && | 
|  | riscv_iommu_msi_check(s, ctx, base)) { | 
|  | /* Trap MSI writes and return GPA address. */ | 
|  | iotlb->target_as = &s->trap_as; | 
|  | iotlb->addr_mask = ~TARGET_PAGE_MASK; | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | /* Continue with G-Stage translation? */ | 
|  | if (!pass && en_g) { | 
|  | pass = G_STAGE; | 
|  | addr = base; | 
|  | base = gatp; | 
|  | sc[pass].step = 0; | 
|  | continue; | 
|  | } | 
|  |  | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | if (sc[pass].step == sc[pass].levels) { | 
|  | break; /* Can't find leaf PTE */ | 
|  | } | 
|  |  | 
|  | /* Continue with G-Stage translation? */ | 
|  | if (!pass && en_g) { | 
|  | pass = G_STAGE; | 
|  | addr = base; | 
|  | base = gatp; | 
|  | sc[pass].step = 0; | 
|  | } | 
|  | } while (1); | 
|  |  | 
|  | return (iotlb->perm & IOMMU_WO) ? | 
|  | (pass ? RISCV_IOMMU_FQ_CAUSE_WR_FAULT_VS : | 
|  | RISCV_IOMMU_FQ_CAUSE_WR_FAULT_S) : | 
|  | (pass ? RISCV_IOMMU_FQ_CAUSE_RD_FAULT_VS : | 
|  | RISCV_IOMMU_FQ_CAUSE_RD_FAULT_S); | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_report_fault(RISCVIOMMUState *s, | 
|  | RISCVIOMMUContext *ctx, | 
|  | uint32_t fault_type, uint32_t cause, | 
|  | bool pv, | 
|  | uint64_t iotval, uint64_t iotval2) | 
|  | { | 
|  | struct riscv_iommu_fq_record ev = { 0 }; | 
|  |  | 
|  | if (ctx->tc & RISCV_IOMMU_DC_TC_DTF) { | 
|  | switch (cause) { | 
|  | case RISCV_IOMMU_FQ_CAUSE_DMA_DISABLED: | 
|  | case RISCV_IOMMU_FQ_CAUSE_DDT_LOAD_FAULT: | 
|  | case RISCV_IOMMU_FQ_CAUSE_DDT_INVALID: | 
|  | case RISCV_IOMMU_FQ_CAUSE_DDT_MISCONFIGURED: | 
|  | case RISCV_IOMMU_FQ_CAUSE_DDT_CORRUPTED: | 
|  | case RISCV_IOMMU_FQ_CAUSE_INTERNAL_DP_ERROR: | 
|  | case RISCV_IOMMU_FQ_CAUSE_MSI_WR_FAULT: | 
|  | break; | 
|  | default: | 
|  | /* DTF prevents reporting a fault for this given cause */ | 
|  | return; | 
|  | } | 
|  | } | 
|  |  | 
|  | ev.hdr = set_field(ev.hdr, RISCV_IOMMU_FQ_HDR_CAUSE, cause); | 
|  | ev.hdr = set_field(ev.hdr, RISCV_IOMMU_FQ_HDR_TTYPE, fault_type); | 
|  | ev.hdr = set_field(ev.hdr, RISCV_IOMMU_FQ_HDR_DID, ctx->devid); | 
|  | ev.hdr = set_field(ev.hdr, RISCV_IOMMU_FQ_HDR_PV, true); | 
|  |  | 
|  | if (pv) { | 
|  | ev.hdr = set_field(ev.hdr, RISCV_IOMMU_FQ_HDR_PID, ctx->process_id); | 
|  | } | 
|  |  | 
|  | ev.iotval = iotval; | 
|  | ev.iotval2 = iotval2; | 
|  |  | 
|  | riscv_iommu_fault(s, &ev); | 
|  | } | 
|  |  | 
|  | /* Redirect MSI write for given GPA. */ | 
|  | static MemTxResult riscv_iommu_msi_write(RISCVIOMMUState *s, | 
|  | RISCVIOMMUContext *ctx, uint64_t gpa, uint64_t data, | 
|  | unsigned size, MemTxAttrs attrs) | 
|  | { | 
|  | MemTxResult res; | 
|  | dma_addr_t addr; | 
|  | uint64_t intn; | 
|  | uint32_t n190; | 
|  | uint64_t pte[2]; | 
|  | int fault_type = RISCV_IOMMU_FQ_TTYPE_UADDR_WR; | 
|  | int cause; | 
|  |  | 
|  | /* Interrupt File Number */ | 
|  | intn = riscv_iommu_pext_u64(PPN_DOWN(gpa), ctx->msi_addr_mask); | 
|  | if (intn >= 256) { | 
|  | /* Interrupt file number out of range */ | 
|  | res = MEMTX_ACCESS_ERROR; | 
|  | cause = RISCV_IOMMU_FQ_CAUSE_MSI_LOAD_FAULT; | 
|  | goto err; | 
|  | } | 
|  |  | 
|  | /* fetch MSI PTE */ | 
|  | addr = PPN_PHYS(get_field(ctx->msiptp, RISCV_IOMMU_DC_MSIPTP_PPN)); | 
|  | addr = addr | (intn * sizeof(pte)); | 
|  | res = dma_memory_read(s->target_as, addr, &pte, sizeof(pte), | 
|  | MEMTXATTRS_UNSPECIFIED); | 
|  | if (res != MEMTX_OK) { | 
|  | if (res == MEMTX_DECODE_ERROR) { | 
|  | cause = RISCV_IOMMU_FQ_CAUSE_MSI_PT_CORRUPTED; | 
|  | } else { | 
|  | cause = RISCV_IOMMU_FQ_CAUSE_MSI_LOAD_FAULT; | 
|  | } | 
|  | goto err; | 
|  | } | 
|  |  | 
|  | le64_to_cpus(&pte[0]); | 
|  | le64_to_cpus(&pte[1]); | 
|  |  | 
|  | if (!(pte[0] & RISCV_IOMMU_MSI_PTE_V) || (pte[0] & RISCV_IOMMU_MSI_PTE_C)) { | 
|  | /* | 
|  | * The spec mentions that: "If msipte.C == 1, then further | 
|  | * processing to interpret the PTE is implementation | 
|  | * defined.". We'll abort with cause = 262 for this | 
|  | * case too. | 
|  | */ | 
|  | res = MEMTX_ACCESS_ERROR; | 
|  | cause = RISCV_IOMMU_FQ_CAUSE_MSI_INVALID; | 
|  | goto err; | 
|  | } | 
|  |  | 
|  | switch (get_field(pte[0], RISCV_IOMMU_MSI_PTE_M)) { | 
|  | case RISCV_IOMMU_MSI_PTE_M_BASIC: | 
|  | /* MSI Pass-through mode */ | 
|  | addr = PPN_PHYS(get_field(pte[0], RISCV_IOMMU_MSI_PTE_PPN)); | 
|  |  | 
|  | trace_riscv_iommu_msi(s->parent_obj.id, PCI_BUS_NUM(ctx->devid), | 
|  | PCI_SLOT(ctx->devid), PCI_FUNC(ctx->devid), | 
|  | gpa, addr); | 
|  |  | 
|  | res = dma_memory_write(s->target_as, addr, &data, size, attrs); | 
|  | if (res != MEMTX_OK) { | 
|  | cause = RISCV_IOMMU_FQ_CAUSE_MSI_WR_FAULT; | 
|  | goto err; | 
|  | } | 
|  |  | 
|  | return MEMTX_OK; | 
|  | case RISCV_IOMMU_MSI_PTE_M_MRIF: | 
|  | /* MRIF mode, continue. */ | 
|  | break; | 
|  | default: | 
|  | res = MEMTX_ACCESS_ERROR; | 
|  | cause = RISCV_IOMMU_FQ_CAUSE_MSI_MISCONFIGURED; | 
|  | goto err; | 
|  | } | 
|  |  | 
|  | /* | 
|  | * Report an error for interrupt identities exceeding the maximum allowed | 
|  | * for an IMSIC interrupt file (2047) or destination address is not 32-bit | 
|  | * aligned. See IOMMU Specification, Chapter 2.3. MSI page tables. | 
|  | */ | 
|  | if ((data > 2047) || (gpa & 3)) { | 
|  | res = MEMTX_ACCESS_ERROR; | 
|  | cause = RISCV_IOMMU_FQ_CAUSE_MSI_MISCONFIGURED; | 
|  | goto err; | 
|  | } | 
|  |  | 
|  | /* MSI MRIF mode, non atomic pending bit update */ | 
|  |  | 
|  | /* MRIF pending bit address */ | 
|  | addr = get_field(pte[0], RISCV_IOMMU_MSI_PTE_MRIF_ADDR) << 9; | 
|  | addr = addr | ((data & 0x7c0) >> 3); | 
|  |  | 
|  | trace_riscv_iommu_msi(s->parent_obj.id, PCI_BUS_NUM(ctx->devid), | 
|  | PCI_SLOT(ctx->devid), PCI_FUNC(ctx->devid), | 
|  | gpa, addr); | 
|  |  | 
|  | /* MRIF pending bit mask */ | 
|  | data = 1ULL << (data & 0x03f); | 
|  | res = dma_memory_read(s->target_as, addr, &intn, sizeof(intn), attrs); | 
|  | if (res != MEMTX_OK) { | 
|  | cause = RISCV_IOMMU_FQ_CAUSE_MSI_LOAD_FAULT; | 
|  | goto err; | 
|  | } | 
|  |  | 
|  | intn = intn | data; | 
|  | res = dma_memory_write(s->target_as, addr, &intn, sizeof(intn), attrs); | 
|  | if (res != MEMTX_OK) { | 
|  | cause = RISCV_IOMMU_FQ_CAUSE_MSI_WR_FAULT; | 
|  | goto err; | 
|  | } | 
|  |  | 
|  | /* Get MRIF enable bits */ | 
|  | addr = addr + sizeof(intn); | 
|  | res = dma_memory_read(s->target_as, addr, &intn, sizeof(intn), attrs); | 
|  | if (res != MEMTX_OK) { | 
|  | cause = RISCV_IOMMU_FQ_CAUSE_MSI_LOAD_FAULT; | 
|  | goto err; | 
|  | } | 
|  |  | 
|  | if (!(intn & data)) { | 
|  | /* notification disabled, MRIF update completed. */ | 
|  | return MEMTX_OK; | 
|  | } | 
|  |  | 
|  | /* Send notification message */ | 
|  | addr = PPN_PHYS(get_field(pte[1], RISCV_IOMMU_MSI_MRIF_NPPN)); | 
|  | n190 = get_field(pte[1], RISCV_IOMMU_MSI_MRIF_NID) | | 
|  | (get_field(pte[1], RISCV_IOMMU_MSI_MRIF_NID_MSB) << 10); | 
|  |  | 
|  | res = dma_memory_write(s->target_as, addr, &n190, sizeof(n190), attrs); | 
|  | if (res != MEMTX_OK) { | 
|  | cause = RISCV_IOMMU_FQ_CAUSE_MSI_WR_FAULT; | 
|  | goto err; | 
|  | } | 
|  |  | 
|  | trace_riscv_iommu_mrif_notification(s->parent_obj.id, n190, addr); | 
|  |  | 
|  | return MEMTX_OK; | 
|  |  | 
|  | err: | 
|  | riscv_iommu_report_fault(s, ctx, fault_type, cause, | 
|  | !!ctx->process_id, 0, 0); | 
|  | return res; | 
|  | } | 
|  |  | 
|  | /* | 
|  | * Check device context configuration as described by the | 
|  | * riscv-iommu spec section "Device-context configuration | 
|  | * checks". | 
|  | */ | 
|  | static bool riscv_iommu_validate_device_ctx(RISCVIOMMUState *s, | 
|  | RISCVIOMMUContext *ctx) | 
|  | { | 
|  | uint32_t fsc_mode, msi_mode; | 
|  | uint64_t gatp; | 
|  |  | 
|  | if (!(s->cap & RISCV_IOMMU_CAP_ATS) && | 
|  | (ctx->tc & RISCV_IOMMU_DC_TC_EN_ATS || | 
|  | ctx->tc & RISCV_IOMMU_DC_TC_EN_PRI || | 
|  | ctx->tc & RISCV_IOMMU_DC_TC_PRPR)) { | 
|  | return false; | 
|  | } | 
|  |  | 
|  | if (!(ctx->tc & RISCV_IOMMU_DC_TC_EN_ATS) && | 
|  | (ctx->tc & RISCV_IOMMU_DC_TC_T2GPA || | 
|  | ctx->tc & RISCV_IOMMU_DC_TC_EN_PRI)) { | 
|  | return false; | 
|  | } | 
|  |  | 
|  | if (!(ctx->tc & RISCV_IOMMU_DC_TC_EN_PRI) && | 
|  | ctx->tc & RISCV_IOMMU_DC_TC_PRPR) { | 
|  | return false; | 
|  | } | 
|  |  | 
|  | if (!(s->cap & RISCV_IOMMU_CAP_T2GPA) && | 
|  | ctx->tc & RISCV_IOMMU_DC_TC_T2GPA) { | 
|  | return false; | 
|  | } | 
|  |  | 
|  | if (s->cap & RISCV_IOMMU_CAP_MSI_FLAT) { | 
|  | msi_mode = get_field(ctx->msiptp, RISCV_IOMMU_DC_MSIPTP_MODE); | 
|  |  | 
|  | if (msi_mode != RISCV_IOMMU_DC_MSIPTP_MODE_OFF && | 
|  | msi_mode != RISCV_IOMMU_DC_MSIPTP_MODE_FLAT) { | 
|  | return false; | 
|  | } | 
|  | } | 
|  |  | 
|  | gatp = get_field(ctx->gatp, RISCV_IOMMU_ATP_MODE_FIELD); | 
|  | if (ctx->tc & RISCV_IOMMU_DC_TC_T2GPA && | 
|  | gatp == RISCV_IOMMU_DC_IOHGATP_MODE_BARE) { | 
|  | return false; | 
|  | } | 
|  |  | 
|  | fsc_mode = get_field(ctx->satp, RISCV_IOMMU_DC_FSC_MODE); | 
|  |  | 
|  | if (ctx->tc & RISCV_IOMMU_DC_TC_PDTV) { | 
|  | switch (fsc_mode) { | 
|  | case RISCV_IOMMU_DC_FSC_PDTP_MODE_PD8: | 
|  | if (!(s->cap & RISCV_IOMMU_CAP_PD8)) { | 
|  | return false; | 
|  | } | 
|  | break; | 
|  | case RISCV_IOMMU_DC_FSC_PDTP_MODE_PD17: | 
|  | if (!(s->cap & RISCV_IOMMU_CAP_PD17)) { | 
|  | return false; | 
|  | } | 
|  | break; | 
|  | case RISCV_IOMMU_DC_FSC_PDTP_MODE_PD20: | 
|  | if (!(s->cap & RISCV_IOMMU_CAP_PD20)) { | 
|  | return false; | 
|  | } | 
|  | break; | 
|  | } | 
|  | } else { | 
|  | /* DC.tc.PDTV is 0 */ | 
|  | if (ctx->tc & RISCV_IOMMU_DC_TC_DPE) { | 
|  | return false; | 
|  | } | 
|  |  | 
|  | if (ctx->tc & RISCV_IOMMU_DC_TC_SXL) { | 
|  | if (fsc_mode == RISCV_IOMMU_CAP_SV32 && | 
|  | !(s->cap & RISCV_IOMMU_CAP_SV32)) { | 
|  | return false; | 
|  | } | 
|  | } else { | 
|  | switch (fsc_mode) { | 
|  | case RISCV_IOMMU_DC_FSC_IOSATP_MODE_SV39: | 
|  | if (!(s->cap & RISCV_IOMMU_CAP_SV39)) { | 
|  | return false; | 
|  | } | 
|  | break; | 
|  | case RISCV_IOMMU_DC_FSC_IOSATP_MODE_SV48: | 
|  | if (!(s->cap & RISCV_IOMMU_CAP_SV48)) { | 
|  | return false; | 
|  | } | 
|  | break; | 
|  | case RISCV_IOMMU_DC_FSC_IOSATP_MODE_SV57: | 
|  | if (!(s->cap & RISCV_IOMMU_CAP_SV57)) { | 
|  | return false; | 
|  | } | 
|  | break; | 
|  | } | 
|  | } | 
|  | } | 
|  |  | 
|  | /* | 
|  | * CAP_END is always zero (only one endianess). FCTL_BE is | 
|  | * always zero (little-endian accesses). Thus TC_SBE must | 
|  | * always be LE, i.e. zero. | 
|  | */ | 
|  | if (ctx->tc & RISCV_IOMMU_DC_TC_SBE) { | 
|  | return false; | 
|  | } | 
|  |  | 
|  | return true; | 
|  | } | 
|  |  | 
|  | /* | 
|  | * Validate process context (PC) according to section | 
|  | * "Process-context configuration checks". | 
|  | */ | 
|  | static bool riscv_iommu_validate_process_ctx(RISCVIOMMUState *s, | 
|  | RISCVIOMMUContext *ctx) | 
|  | { | 
|  | uint32_t mode; | 
|  |  | 
|  | if (get_field(ctx->ta, RISCV_IOMMU_PC_TA_RESERVED)) { | 
|  | return false; | 
|  | } | 
|  |  | 
|  | if (get_field(ctx->satp, RISCV_IOMMU_PC_FSC_RESERVED)) { | 
|  | return false; | 
|  | } | 
|  |  | 
|  | mode = get_field(ctx->satp, RISCV_IOMMU_DC_FSC_MODE); | 
|  | switch (mode) { | 
|  | case RISCV_IOMMU_DC_FSC_MODE_BARE: | 
|  | /* sv39 and sv32 modes have the same value (8) */ | 
|  | case RISCV_IOMMU_DC_FSC_IOSATP_MODE_SV39: | 
|  | case RISCV_IOMMU_DC_FSC_IOSATP_MODE_SV48: | 
|  | case RISCV_IOMMU_DC_FSC_IOSATP_MODE_SV57: | 
|  | break; | 
|  | default: | 
|  | return false; | 
|  | } | 
|  |  | 
|  | if (ctx->tc & RISCV_IOMMU_DC_TC_SXL) { | 
|  | if (mode == RISCV_IOMMU_DC_FSC_IOSATP_MODE_SV32 && | 
|  | !(s->cap & RISCV_IOMMU_CAP_SV32)) { | 
|  | return false; | 
|  | } | 
|  | } else { | 
|  | switch (mode) { | 
|  | case RISCV_IOMMU_DC_FSC_IOSATP_MODE_SV39: | 
|  | if (!(s->cap & RISCV_IOMMU_CAP_SV39)) { | 
|  | return false; | 
|  | } | 
|  | break; | 
|  | case RISCV_IOMMU_DC_FSC_IOSATP_MODE_SV48: | 
|  | if (!(s->cap & RISCV_IOMMU_CAP_SV48)) { | 
|  | return false; | 
|  | } | 
|  | break; | 
|  | case RISCV_IOMMU_DC_FSC_IOSATP_MODE_SV57: | 
|  | if (!(s->cap & RISCV_IOMMU_CAP_SV57)) { | 
|  | return false; | 
|  | } | 
|  | break; | 
|  | } | 
|  | } | 
|  |  | 
|  | return true; | 
|  | } | 
|  |  | 
|  | /* | 
|  | * RISC-V IOMMU Device Context Loopkup - Device Directory Tree Walk | 
|  | * | 
|  | * @s         : IOMMU Device State | 
|  | * @ctx       : Device Translation Context with devid and process_id set. | 
|  | * @return    : success or fault code. | 
|  | */ | 
|  | static int riscv_iommu_ctx_fetch(RISCVIOMMUState *s, RISCVIOMMUContext *ctx) | 
|  | { | 
|  | const uint64_t ddtp = s->ddtp; | 
|  | unsigned mode = get_field(ddtp, RISCV_IOMMU_DDTP_MODE); | 
|  | dma_addr_t addr = PPN_PHYS(get_field(ddtp, RISCV_IOMMU_DDTP_PPN)); | 
|  | struct riscv_iommu_dc dc; | 
|  | /* Device Context format: 0: extended (64 bytes) | 1: base (32 bytes) */ | 
|  | const int dc_fmt = !s->enable_msi; | 
|  | const size_t dc_len = sizeof(dc) >> dc_fmt; | 
|  | int depth; | 
|  | uint64_t de; | 
|  |  | 
|  | switch (mode) { | 
|  | case RISCV_IOMMU_DDTP_MODE_OFF: | 
|  | return RISCV_IOMMU_FQ_CAUSE_DMA_DISABLED; | 
|  |  | 
|  | case RISCV_IOMMU_DDTP_MODE_BARE: | 
|  | /* mock up pass-through translation context */ | 
|  | ctx->gatp = set_field(0, RISCV_IOMMU_ATP_MODE_FIELD, | 
|  | RISCV_IOMMU_DC_IOHGATP_MODE_BARE); | 
|  | ctx->satp = set_field(0, RISCV_IOMMU_ATP_MODE_FIELD, | 
|  | RISCV_IOMMU_DC_FSC_MODE_BARE); | 
|  |  | 
|  | ctx->tc = RISCV_IOMMU_DC_TC_V; | 
|  | if (s->enable_ats) { | 
|  | ctx->tc |= RISCV_IOMMU_DC_TC_EN_ATS; | 
|  | } | 
|  |  | 
|  | ctx->ta = 0; | 
|  | ctx->msiptp = 0; | 
|  | return 0; | 
|  |  | 
|  | case RISCV_IOMMU_DDTP_MODE_1LVL: | 
|  | depth = 0; | 
|  | break; | 
|  |  | 
|  | case RISCV_IOMMU_DDTP_MODE_2LVL: | 
|  | depth = 1; | 
|  | break; | 
|  |  | 
|  | case RISCV_IOMMU_DDTP_MODE_3LVL: | 
|  | depth = 2; | 
|  | break; | 
|  |  | 
|  | default: | 
|  | return RISCV_IOMMU_FQ_CAUSE_DDT_MISCONFIGURED; | 
|  | } | 
|  |  | 
|  | /* | 
|  | * Check supported device id width (in bits). | 
|  | * See IOMMU Specification, Chapter 6. Software guidelines. | 
|  | * - if extended device-context format is used: | 
|  | *   1LVL: 6, 2LVL: 15, 3LVL: 24 | 
|  | * - if base device-context format is used: | 
|  | *   1LVL: 7, 2LVL: 16, 3LVL: 24 | 
|  | */ | 
|  | if (ctx->devid >= (1 << (depth * 9 + 6 + (dc_fmt && depth != 2)))) { | 
|  | return RISCV_IOMMU_FQ_CAUSE_TTYPE_BLOCKED; | 
|  | } | 
|  |  | 
|  | /* Device directory tree walk */ | 
|  | for (; depth-- > 0; ) { | 
|  | riscv_iommu_hpm_incr_ctr(s, ctx, RISCV_IOMMU_HPMEVENT_DD_WALK); | 
|  | /* | 
|  | * Select device id index bits based on device directory tree level | 
|  | * and device context format. | 
|  | * See IOMMU Specification, Chapter 2. Data Structures. | 
|  | * - if extended device-context format is used: | 
|  | *   device index: [23:15][14:6][5:0] | 
|  | * - if base device-context format is used: | 
|  | *   device index: [23:16][15:7][6:0] | 
|  | */ | 
|  | const int split = depth * 9 + 6 + dc_fmt; | 
|  | addr |= ((ctx->devid >> split) << 3) & ~TARGET_PAGE_MASK; | 
|  | if (dma_memory_read(s->target_as, addr, &de, sizeof(de), | 
|  | MEMTXATTRS_UNSPECIFIED) != MEMTX_OK) { | 
|  | return RISCV_IOMMU_FQ_CAUSE_DDT_LOAD_FAULT; | 
|  | } | 
|  | le64_to_cpus(&de); | 
|  | if (!(de & RISCV_IOMMU_DDTE_VALID)) { | 
|  | /* invalid directory entry */ | 
|  | return RISCV_IOMMU_FQ_CAUSE_DDT_INVALID; | 
|  | } | 
|  | if (de & ~(RISCV_IOMMU_DDTE_PPN | RISCV_IOMMU_DDTE_VALID)) { | 
|  | /* reserved bits set */ | 
|  | return RISCV_IOMMU_FQ_CAUSE_DDT_MISCONFIGURED; | 
|  | } | 
|  | addr = PPN_PHYS(get_field(de, RISCV_IOMMU_DDTE_PPN)); | 
|  | } | 
|  |  | 
|  | riscv_iommu_hpm_incr_ctr(s, ctx, RISCV_IOMMU_HPMEVENT_DD_WALK); | 
|  |  | 
|  | /* index into device context entry page */ | 
|  | addr |= (ctx->devid * dc_len) & ~TARGET_PAGE_MASK; | 
|  |  | 
|  | memset(&dc, 0, sizeof(dc)); | 
|  | if (dma_memory_read(s->target_as, addr, &dc, dc_len, | 
|  | MEMTXATTRS_UNSPECIFIED) != MEMTX_OK) { | 
|  | return RISCV_IOMMU_FQ_CAUSE_DDT_LOAD_FAULT; | 
|  | } | 
|  |  | 
|  | /* Set translation context. */ | 
|  | ctx->tc = le64_to_cpu(dc.tc); | 
|  | ctx->gatp = le64_to_cpu(dc.iohgatp); | 
|  | ctx->satp = le64_to_cpu(dc.fsc); | 
|  | ctx->ta = le64_to_cpu(dc.ta); | 
|  | ctx->msiptp = le64_to_cpu(dc.msiptp); | 
|  | ctx->msi_addr_mask = le64_to_cpu(dc.msi_addr_mask); | 
|  | ctx->msi_addr_pattern = le64_to_cpu(dc.msi_addr_pattern); | 
|  |  | 
|  | if (!(ctx->tc & RISCV_IOMMU_DC_TC_V)) { | 
|  | return RISCV_IOMMU_FQ_CAUSE_DDT_INVALID; | 
|  | } | 
|  |  | 
|  | if (!riscv_iommu_validate_device_ctx(s, ctx)) { | 
|  | return RISCV_IOMMU_FQ_CAUSE_DDT_MISCONFIGURED; | 
|  | } | 
|  |  | 
|  | /* FSC field checks */ | 
|  | mode = get_field(ctx->satp, RISCV_IOMMU_DC_FSC_MODE); | 
|  | addr = PPN_PHYS(get_field(ctx->satp, RISCV_IOMMU_DC_FSC_PPN)); | 
|  |  | 
|  | if (!(ctx->tc & RISCV_IOMMU_DC_TC_PDTV)) { | 
|  | if (ctx->process_id != RISCV_IOMMU_NOPROCID) { | 
|  | /* PID is disabled */ | 
|  | return RISCV_IOMMU_FQ_CAUSE_TTYPE_BLOCKED; | 
|  | } | 
|  | if (mode > RISCV_IOMMU_DC_FSC_IOSATP_MODE_SV57) { | 
|  | /* Invalid translation mode */ | 
|  | return RISCV_IOMMU_FQ_CAUSE_DDT_INVALID; | 
|  | } | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | if (ctx->process_id == RISCV_IOMMU_NOPROCID) { | 
|  | if (!(ctx->tc & RISCV_IOMMU_DC_TC_DPE)) { | 
|  | /* No default process_id enabled, set BARE mode */ | 
|  | ctx->satp = 0ULL; | 
|  | return 0; | 
|  | } else { | 
|  | /* Use default process_id #0 */ | 
|  | ctx->process_id = 0; | 
|  | } | 
|  | } | 
|  |  | 
|  | if (mode == RISCV_IOMMU_DC_FSC_MODE_BARE) { | 
|  | /* No S-Stage translation, done. */ | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | /* FSC.TC.PDTV enabled */ | 
|  | if (mode > RISCV_IOMMU_DC_FSC_PDTP_MODE_PD20) { | 
|  | /* Invalid PDTP.MODE */ | 
|  | return RISCV_IOMMU_FQ_CAUSE_PDT_MISCONFIGURED; | 
|  | } | 
|  |  | 
|  | for (depth = mode - RISCV_IOMMU_DC_FSC_PDTP_MODE_PD8; depth-- > 0; ) { | 
|  | riscv_iommu_hpm_incr_ctr(s, ctx, RISCV_IOMMU_HPMEVENT_PD_WALK); | 
|  |  | 
|  | /* | 
|  | * Select process id index bits based on process directory tree | 
|  | * level. See IOMMU Specification, 2.2. Process-Directory-Table. | 
|  | */ | 
|  | const int split = depth * 9 + 8; | 
|  | addr |= ((ctx->process_id >> split) << 3) & ~TARGET_PAGE_MASK; | 
|  | if (dma_memory_read(s->target_as, addr, &de, sizeof(de), | 
|  | MEMTXATTRS_UNSPECIFIED) != MEMTX_OK) { | 
|  | return RISCV_IOMMU_FQ_CAUSE_PDT_LOAD_FAULT; | 
|  | } | 
|  | le64_to_cpus(&de); | 
|  | if (!(de & RISCV_IOMMU_PDTE_VALID)) { | 
|  | return RISCV_IOMMU_FQ_CAUSE_PDT_INVALID; | 
|  | } | 
|  | addr = PPN_PHYS(get_field(de, RISCV_IOMMU_PDTE_PPN)); | 
|  | } | 
|  |  | 
|  | riscv_iommu_hpm_incr_ctr(s, ctx, RISCV_IOMMU_HPMEVENT_PD_WALK); | 
|  |  | 
|  | /* Leaf entry in PDT */ | 
|  | addr |= (ctx->process_id << 4) & ~TARGET_PAGE_MASK; | 
|  | if (dma_memory_read(s->target_as, addr, &dc.ta, sizeof(uint64_t) * 2, | 
|  | MEMTXATTRS_UNSPECIFIED) != MEMTX_OK) { | 
|  | return RISCV_IOMMU_FQ_CAUSE_PDT_LOAD_FAULT; | 
|  | } | 
|  |  | 
|  | /* Use FSC and TA from process directory entry. */ | 
|  | ctx->ta = le64_to_cpu(dc.ta); | 
|  | ctx->satp = le64_to_cpu(dc.fsc); | 
|  |  | 
|  | if (!(ctx->ta & RISCV_IOMMU_PC_TA_V)) { | 
|  | return RISCV_IOMMU_FQ_CAUSE_PDT_INVALID; | 
|  | } | 
|  |  | 
|  | if (!riscv_iommu_validate_process_ctx(s, ctx)) { | 
|  | return RISCV_IOMMU_FQ_CAUSE_PDT_MISCONFIGURED; | 
|  | } | 
|  |  | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | /* Translation Context cache support */ | 
|  | static gboolean riscv_iommu_ctx_equal(gconstpointer v1, gconstpointer v2) | 
|  | { | 
|  | RISCVIOMMUContext *c1 = (RISCVIOMMUContext *) v1; | 
|  | RISCVIOMMUContext *c2 = (RISCVIOMMUContext *) v2; | 
|  | return c1->devid == c2->devid && | 
|  | c1->process_id == c2->process_id; | 
|  | } | 
|  |  | 
|  | static guint riscv_iommu_ctx_hash(gconstpointer v) | 
|  | { | 
|  | RISCVIOMMUContext *ctx = (RISCVIOMMUContext *) v; | 
|  | /* | 
|  | * Generate simple hash of (process_id, devid) | 
|  | * assuming 24-bit wide devid. | 
|  | */ | 
|  | return (guint)(ctx->devid) + ((guint)(ctx->process_id) << 24); | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_ctx_inval_devid_procid(gpointer key, gpointer value, | 
|  | gpointer data) | 
|  | { | 
|  | RISCVIOMMUContext *ctx = (RISCVIOMMUContext *) value; | 
|  | RISCVIOMMUContext *arg = (RISCVIOMMUContext *) data; | 
|  | if (ctx->tc & RISCV_IOMMU_DC_TC_V && | 
|  | ctx->devid == arg->devid && | 
|  | ctx->process_id == arg->process_id) { | 
|  | ctx->tc &= ~RISCV_IOMMU_DC_TC_V; | 
|  | } | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_ctx_inval_devid(gpointer key, gpointer value, | 
|  | gpointer data) | 
|  | { | 
|  | RISCVIOMMUContext *ctx = (RISCVIOMMUContext *) value; | 
|  | RISCVIOMMUContext *arg = (RISCVIOMMUContext *) data; | 
|  | if (ctx->tc & RISCV_IOMMU_DC_TC_V && | 
|  | ctx->devid == arg->devid) { | 
|  | ctx->tc &= ~RISCV_IOMMU_DC_TC_V; | 
|  | } | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_ctx_inval_all(gpointer key, gpointer value, | 
|  | gpointer data) | 
|  | { | 
|  | RISCVIOMMUContext *ctx = (RISCVIOMMUContext *) value; | 
|  | if (ctx->tc & RISCV_IOMMU_DC_TC_V) { | 
|  | ctx->tc &= ~RISCV_IOMMU_DC_TC_V; | 
|  | } | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_ctx_inval(RISCVIOMMUState *s, GHFunc func, | 
|  | uint32_t devid, uint32_t process_id) | 
|  | { | 
|  | GHashTable *ctx_cache; | 
|  | RISCVIOMMUContext key = { | 
|  | .devid = devid, | 
|  | .process_id = process_id, | 
|  | }; | 
|  | ctx_cache = g_hash_table_ref(s->ctx_cache); | 
|  | g_hash_table_foreach(ctx_cache, func, &key); | 
|  | g_hash_table_unref(ctx_cache); | 
|  | } | 
|  |  | 
|  | /* Find or allocate translation context for a given {device_id, process_id} */ | 
|  | static RISCVIOMMUContext *riscv_iommu_ctx(RISCVIOMMUState *s, | 
|  | unsigned devid, unsigned process_id, | 
|  | void **ref) | 
|  | { | 
|  | GHashTable *ctx_cache; | 
|  | RISCVIOMMUContext *ctx; | 
|  | RISCVIOMMUContext key = { | 
|  | .devid = devid, | 
|  | .process_id = process_id, | 
|  | }; | 
|  |  | 
|  | ctx_cache = g_hash_table_ref(s->ctx_cache); | 
|  | ctx = g_hash_table_lookup(ctx_cache, &key); | 
|  |  | 
|  | if (ctx && (ctx->tc & RISCV_IOMMU_DC_TC_V)) { | 
|  | *ref = ctx_cache; | 
|  | return ctx; | 
|  | } | 
|  |  | 
|  | ctx = g_new0(RISCVIOMMUContext, 1); | 
|  | ctx->devid = devid; | 
|  | ctx->process_id = process_id; | 
|  |  | 
|  | int fault = riscv_iommu_ctx_fetch(s, ctx); | 
|  | if (!fault) { | 
|  | if (g_hash_table_size(ctx_cache) >= LIMIT_CACHE_CTX) { | 
|  | g_hash_table_unref(ctx_cache); | 
|  | ctx_cache = g_hash_table_new_full(riscv_iommu_ctx_hash, | 
|  | riscv_iommu_ctx_equal, | 
|  | g_free, NULL); | 
|  | g_hash_table_ref(ctx_cache); | 
|  | g_hash_table_unref(qatomic_xchg(&s->ctx_cache, ctx_cache)); | 
|  | } | 
|  | g_hash_table_add(ctx_cache, ctx); | 
|  | *ref = ctx_cache; | 
|  | return ctx; | 
|  | } | 
|  |  | 
|  | g_hash_table_unref(ctx_cache); | 
|  | *ref = NULL; | 
|  |  | 
|  | riscv_iommu_report_fault(s, ctx, RISCV_IOMMU_FQ_TTYPE_UADDR_RD, | 
|  | fault, !!process_id, 0, 0); | 
|  |  | 
|  | g_free(ctx); | 
|  | return NULL; | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_ctx_put(RISCVIOMMUState *s, void *ref) | 
|  | { | 
|  | if (ref) { | 
|  | g_hash_table_unref((GHashTable *)ref); | 
|  | } | 
|  | } | 
|  |  | 
|  | /* Find or allocate address space for a given device */ | 
|  | static AddressSpace *riscv_iommu_space(RISCVIOMMUState *s, uint32_t devid) | 
|  | { | 
|  | RISCVIOMMUSpace *as; | 
|  |  | 
|  | /* FIXME: PCIe bus remapping for attached endpoints. */ | 
|  | devid |= s->bus << 8; | 
|  |  | 
|  | QLIST_FOREACH(as, &s->spaces, list) { | 
|  | if (as->devid == devid) { | 
|  | break; | 
|  | } | 
|  | } | 
|  |  | 
|  | if (as == NULL) { | 
|  | char name[64]; | 
|  | as = g_new0(RISCVIOMMUSpace, 1); | 
|  |  | 
|  | as->iommu = s; | 
|  | as->devid = devid; | 
|  |  | 
|  | snprintf(name, sizeof(name), "riscv-iommu-%04x:%02x.%d-iova", | 
|  | PCI_BUS_NUM(as->devid), PCI_SLOT(as->devid), PCI_FUNC(as->devid)); | 
|  |  | 
|  | /* IOVA address space, untranslated addresses */ | 
|  | memory_region_init_iommu(&as->iova_mr, sizeof(as->iova_mr), | 
|  | TYPE_RISCV_IOMMU_MEMORY_REGION, | 
|  | OBJECT(as), "riscv_iommu", UINT64_MAX); | 
|  | address_space_init(&as->iova_as, MEMORY_REGION(&as->iova_mr), name); | 
|  |  | 
|  | QLIST_INSERT_HEAD(&s->spaces, as, list); | 
|  |  | 
|  | trace_riscv_iommu_new(s->parent_obj.id, PCI_BUS_NUM(as->devid), | 
|  | PCI_SLOT(as->devid), PCI_FUNC(as->devid)); | 
|  | } | 
|  | return &as->iova_as; | 
|  | } | 
|  |  | 
|  | /* Translation Object cache support */ | 
|  | static gboolean riscv_iommu_iot_equal(gconstpointer v1, gconstpointer v2) | 
|  | { | 
|  | RISCVIOMMUEntry *t1 = (RISCVIOMMUEntry *) v1; | 
|  | RISCVIOMMUEntry *t2 = (RISCVIOMMUEntry *) v2; | 
|  | return t1->gscid == t2->gscid && t1->pscid == t2->pscid && | 
|  | t1->iova == t2->iova && t1->tag == t2->tag; | 
|  | } | 
|  |  | 
|  | static guint riscv_iommu_iot_hash(gconstpointer v) | 
|  | { | 
|  | RISCVIOMMUEntry *t = (RISCVIOMMUEntry *) v; | 
|  | return (guint)t->iova; | 
|  | } | 
|  |  | 
|  | /* GV: 0 AV: 0 PSCV: 0 GVMA: 0 */ | 
|  | /* GV: 0 AV: 0 GVMA: 1 */ | 
|  | static | 
|  | void riscv_iommu_iot_inval_all(gpointer key, gpointer value, gpointer data) | 
|  | { | 
|  | RISCVIOMMUEntry *iot = (RISCVIOMMUEntry *) value; | 
|  | RISCVIOMMUEntry *arg = (RISCVIOMMUEntry *) data; | 
|  | if (iot->tag == arg->tag) { | 
|  | iot->perm = IOMMU_NONE; | 
|  | } | 
|  | } | 
|  |  | 
|  | /* GV: 0 AV: 0 PSCV: 1 GVMA: 0 */ | 
|  | static | 
|  | void riscv_iommu_iot_inval_pscid(gpointer key, gpointer value, gpointer data) | 
|  | { | 
|  | RISCVIOMMUEntry *iot = (RISCVIOMMUEntry *) value; | 
|  | RISCVIOMMUEntry *arg = (RISCVIOMMUEntry *) data; | 
|  | if (iot->tag == arg->tag && | 
|  | iot->pscid == arg->pscid) { | 
|  | iot->perm = IOMMU_NONE; | 
|  | } | 
|  | } | 
|  |  | 
|  | /* GV: 0 AV: 1 PSCV: 0 GVMA: 0 */ | 
|  | static | 
|  | void riscv_iommu_iot_inval_iova(gpointer key, gpointer value, gpointer data) | 
|  | { | 
|  | RISCVIOMMUEntry *iot = (RISCVIOMMUEntry *) value; | 
|  | RISCVIOMMUEntry *arg = (RISCVIOMMUEntry *) data; | 
|  | if (iot->tag == arg->tag && | 
|  | iot->iova == arg->iova) { | 
|  | iot->perm = IOMMU_NONE; | 
|  | } | 
|  | } | 
|  |  | 
|  | /* GV: 0 AV: 1 PSCV: 1 GVMA: 0 */ | 
|  | static void riscv_iommu_iot_inval_pscid_iova(gpointer key, gpointer value, | 
|  | gpointer data) | 
|  | { | 
|  | RISCVIOMMUEntry *iot = (RISCVIOMMUEntry *) value; | 
|  | RISCVIOMMUEntry *arg = (RISCVIOMMUEntry *) data; | 
|  | if (iot->tag == arg->tag && | 
|  | iot->pscid == arg->pscid && | 
|  | iot->iova == arg->iova) { | 
|  | iot->perm = IOMMU_NONE; | 
|  | } | 
|  | } | 
|  |  | 
|  | /* GV: 1 AV: 0 PSCV: 0 GVMA: 0 */ | 
|  | /* GV: 1 AV: 0 GVMA: 1 */ | 
|  | static | 
|  | void riscv_iommu_iot_inval_gscid(gpointer key, gpointer value, gpointer data) | 
|  | { | 
|  | RISCVIOMMUEntry *iot = (RISCVIOMMUEntry *) value; | 
|  | RISCVIOMMUEntry *arg = (RISCVIOMMUEntry *) data; | 
|  | if (iot->tag == arg->tag && | 
|  | iot->gscid == arg->gscid) { | 
|  | iot->perm = IOMMU_NONE; | 
|  | } | 
|  | } | 
|  |  | 
|  | /* GV: 1 AV: 0 PSCV: 1 GVMA: 0 */ | 
|  | static void riscv_iommu_iot_inval_gscid_pscid(gpointer key, gpointer value, | 
|  | gpointer data) | 
|  | { | 
|  | RISCVIOMMUEntry *iot = (RISCVIOMMUEntry *) value; | 
|  | RISCVIOMMUEntry *arg = (RISCVIOMMUEntry *) data; | 
|  | if (iot->tag == arg->tag && | 
|  | iot->gscid == arg->gscid && | 
|  | iot->pscid == arg->pscid) { | 
|  | iot->perm = IOMMU_NONE; | 
|  | } | 
|  | } | 
|  |  | 
|  | /* GV: 1 AV: 1 PSCV: 0 GVMA: 0 */ | 
|  | /* GV: 1 AV: 1 GVMA: 1 */ | 
|  | static void riscv_iommu_iot_inval_gscid_iova(gpointer key, gpointer value, | 
|  | gpointer data) | 
|  | { | 
|  | RISCVIOMMUEntry *iot = (RISCVIOMMUEntry *) value; | 
|  | RISCVIOMMUEntry *arg = (RISCVIOMMUEntry *) data; | 
|  | if (iot->tag == arg->tag && | 
|  | iot->gscid == arg->gscid && | 
|  | iot->iova == arg->iova) { | 
|  | iot->perm = IOMMU_NONE; | 
|  | } | 
|  | } | 
|  |  | 
|  | /* GV: 1 AV: 1 PSCV: 1 GVMA: 0 */ | 
|  | static void riscv_iommu_iot_inval_gscid_pscid_iova(gpointer key, gpointer value, | 
|  | gpointer data) | 
|  | { | 
|  | RISCVIOMMUEntry *iot = (RISCVIOMMUEntry *) value; | 
|  | RISCVIOMMUEntry *arg = (RISCVIOMMUEntry *) data; | 
|  | if (iot->tag == arg->tag && | 
|  | iot->gscid == arg->gscid && | 
|  | iot->pscid == arg->pscid && | 
|  | iot->iova == arg->iova) { | 
|  | iot->perm = IOMMU_NONE; | 
|  | } | 
|  | } | 
|  |  | 
|  | /* caller should keep ref-count for iot_cache object */ | 
|  | static RISCVIOMMUEntry *riscv_iommu_iot_lookup(RISCVIOMMUContext *ctx, | 
|  | GHashTable *iot_cache, hwaddr iova, RISCVIOMMUTransTag transtag) | 
|  | { | 
|  | RISCVIOMMUEntry key = { | 
|  | .tag   = transtag, | 
|  | .gscid = get_field(ctx->gatp, RISCV_IOMMU_DC_IOHGATP_GSCID), | 
|  | .pscid = get_field(ctx->ta, RISCV_IOMMU_DC_TA_PSCID), | 
|  | .iova  = PPN_DOWN(iova), | 
|  | }; | 
|  | return g_hash_table_lookup(iot_cache, &key); | 
|  | } | 
|  |  | 
|  | /* caller should keep ref-count for iot_cache object */ | 
|  | static void riscv_iommu_iot_update(RISCVIOMMUState *s, | 
|  | GHashTable *iot_cache, RISCVIOMMUEntry *iot) | 
|  | { | 
|  | if (!s->iot_limit) { | 
|  | return; | 
|  | } | 
|  |  | 
|  | if (g_hash_table_size(s->iot_cache) >= s->iot_limit) { | 
|  | iot_cache = g_hash_table_new_full(riscv_iommu_iot_hash, | 
|  | riscv_iommu_iot_equal, | 
|  | g_free, NULL); | 
|  | g_hash_table_unref(qatomic_xchg(&s->iot_cache, iot_cache)); | 
|  | } | 
|  | g_hash_table_add(iot_cache, iot); | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_iot_inval(RISCVIOMMUState *s, GHFunc func, | 
|  | uint32_t gscid, uint32_t pscid, hwaddr iova, RISCVIOMMUTransTag transtag) | 
|  | { | 
|  | GHashTable *iot_cache; | 
|  | RISCVIOMMUEntry key = { | 
|  | .tag = transtag, | 
|  | .gscid = gscid, | 
|  | .pscid = pscid, | 
|  | .iova  = PPN_DOWN(iova), | 
|  | }; | 
|  |  | 
|  | iot_cache = g_hash_table_ref(s->iot_cache); | 
|  | g_hash_table_foreach(iot_cache, func, &key); | 
|  | g_hash_table_unref(iot_cache); | 
|  | } | 
|  |  | 
|  | static RISCVIOMMUTransTag riscv_iommu_get_transtag(RISCVIOMMUContext *ctx) | 
|  | { | 
|  | uint64_t satp = get_field(ctx->satp, RISCV_IOMMU_ATP_MODE_FIELD); | 
|  | uint64_t gatp = get_field(ctx->gatp, RISCV_IOMMU_ATP_MODE_FIELD); | 
|  |  | 
|  | if (satp == RISCV_IOMMU_DC_FSC_MODE_BARE) { | 
|  | return (gatp == RISCV_IOMMU_DC_IOHGATP_MODE_BARE) ? | 
|  | RISCV_IOMMU_TRANS_TAG_BY : RISCV_IOMMU_TRANS_TAG_VG; | 
|  | } else { | 
|  | return (gatp == RISCV_IOMMU_DC_IOHGATP_MODE_BARE) ? | 
|  | RISCV_IOMMU_TRANS_TAG_SS : RISCV_IOMMU_TRANS_TAG_VN; | 
|  | } | 
|  | } | 
|  |  | 
|  | static int riscv_iommu_translate(RISCVIOMMUState *s, RISCVIOMMUContext *ctx, | 
|  | IOMMUTLBEntry *iotlb, bool enable_cache) | 
|  | { | 
|  | RISCVIOMMUTransTag transtag = riscv_iommu_get_transtag(ctx); | 
|  | RISCVIOMMUEntry *iot; | 
|  | IOMMUAccessFlags perm; | 
|  | bool enable_pid; | 
|  | bool enable_pri; | 
|  | GHashTable *iot_cache; | 
|  | int fault; | 
|  |  | 
|  | riscv_iommu_hpm_incr_ctr(s, ctx, RISCV_IOMMU_HPMEVENT_URQ); | 
|  |  | 
|  | iot_cache = g_hash_table_ref(s->iot_cache); | 
|  | /* | 
|  | * TC[32] is reserved for custom extensions, used here to temporarily | 
|  | * enable automatic page-request generation for ATS queries. | 
|  | */ | 
|  | enable_pri = (iotlb->perm == IOMMU_NONE) && (ctx->tc & BIT_ULL(32)); | 
|  | enable_pid = (ctx->tc & RISCV_IOMMU_DC_TC_PDTV); | 
|  |  | 
|  | /* Check for ATS request. */ | 
|  | if (iotlb->perm == IOMMU_NONE) { | 
|  | riscv_iommu_hpm_incr_ctr(s, ctx, RISCV_IOMMU_HPMEVENT_ATS_RQ); | 
|  | /* Check if ATS is disabled. */ | 
|  | if (!(ctx->tc & RISCV_IOMMU_DC_TC_EN_ATS)) { | 
|  | enable_pri = false; | 
|  | fault = RISCV_IOMMU_FQ_CAUSE_TTYPE_BLOCKED; | 
|  | goto done; | 
|  | } | 
|  | } | 
|  |  | 
|  | iot = riscv_iommu_iot_lookup(ctx, iot_cache, iotlb->iova, transtag); | 
|  | perm = iot ? iot->perm : IOMMU_NONE; | 
|  | if (perm != IOMMU_NONE) { | 
|  | iotlb->translated_addr = PPN_PHYS(iot->phys); | 
|  | iotlb->addr_mask = ~TARGET_PAGE_MASK; | 
|  | iotlb->perm = perm; | 
|  | fault = 0; | 
|  | goto done; | 
|  | } | 
|  |  | 
|  | riscv_iommu_hpm_incr_ctr(s, ctx, RISCV_IOMMU_HPMEVENT_TLB_MISS); | 
|  |  | 
|  | /* Translate using device directory / page table information. */ | 
|  | fault = riscv_iommu_spa_fetch(s, ctx, iotlb); | 
|  |  | 
|  | if (!fault && iotlb->target_as == &s->trap_as) { | 
|  | /* Do not cache trapped MSI translations */ | 
|  | goto done; | 
|  | } | 
|  |  | 
|  | /* | 
|  | * We made an implementation choice to not cache identity-mapped | 
|  | * translations, as allowed by the specification, to avoid | 
|  | * translation cache evictions for other devices sharing the | 
|  | * IOMMU hardware model. | 
|  | */ | 
|  | if (!fault && iotlb->translated_addr != iotlb->iova && enable_cache) { | 
|  | iot = g_new0(RISCVIOMMUEntry, 1); | 
|  | iot->iova = PPN_DOWN(iotlb->iova); | 
|  | iot->phys = PPN_DOWN(iotlb->translated_addr); | 
|  | iot->gscid = get_field(ctx->gatp, RISCV_IOMMU_DC_IOHGATP_GSCID); | 
|  | iot->pscid = get_field(ctx->ta, RISCV_IOMMU_DC_TA_PSCID); | 
|  | iot->perm = iotlb->perm; | 
|  | iot->tag = transtag; | 
|  | riscv_iommu_iot_update(s, iot_cache, iot); | 
|  | } | 
|  |  | 
|  | done: | 
|  | g_hash_table_unref(iot_cache); | 
|  |  | 
|  | if (enable_pri && fault) { | 
|  | struct riscv_iommu_pq_record pr = {0}; | 
|  | if (enable_pid) { | 
|  | pr.hdr = set_field(RISCV_IOMMU_PREQ_HDR_PV, | 
|  | RISCV_IOMMU_PREQ_HDR_PID, ctx->process_id); | 
|  | } | 
|  | pr.hdr = set_field(pr.hdr, RISCV_IOMMU_PREQ_HDR_DID, ctx->devid); | 
|  | pr.payload = (iotlb->iova & TARGET_PAGE_MASK) | | 
|  | RISCV_IOMMU_PREQ_PAYLOAD_M; | 
|  | riscv_iommu_pri(s, &pr); | 
|  | return fault; | 
|  | } | 
|  |  | 
|  | if (fault) { | 
|  | unsigned ttype = RISCV_IOMMU_FQ_TTYPE_PCIE_ATS_REQ; | 
|  |  | 
|  | if (iotlb->perm & IOMMU_RW) { | 
|  | ttype = RISCV_IOMMU_FQ_TTYPE_UADDR_WR; | 
|  | } else if (iotlb->perm & IOMMU_RO) { | 
|  | ttype = RISCV_IOMMU_FQ_TTYPE_UADDR_RD; | 
|  | } | 
|  |  | 
|  | riscv_iommu_report_fault(s, ctx, ttype, fault, enable_pid, | 
|  | iotlb->iova, iotlb->translated_addr); | 
|  | return fault; | 
|  | } | 
|  |  | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | /* IOMMU Command Interface */ | 
|  | static MemTxResult riscv_iommu_iofence(RISCVIOMMUState *s, bool notify, | 
|  | uint64_t addr, uint32_t data) | 
|  | { | 
|  | /* | 
|  | * ATS processing in this implementation of the IOMMU is synchronous, | 
|  | * no need to wait for completions here. | 
|  | */ | 
|  | if (!notify) { | 
|  | return MEMTX_OK; | 
|  | } | 
|  |  | 
|  | return dma_memory_write(s->target_as, addr, &data, sizeof(data), | 
|  | MEMTXATTRS_UNSPECIFIED); | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_ats(RISCVIOMMUState *s, | 
|  | struct riscv_iommu_command *cmd, IOMMUNotifierFlag flag, | 
|  | IOMMUAccessFlags perm, | 
|  | void (*trace_fn)(const char *id)) | 
|  | { | 
|  | RISCVIOMMUSpace *as = NULL; | 
|  | IOMMUNotifier *n; | 
|  | IOMMUTLBEvent event; | 
|  | uint32_t pid; | 
|  | uint32_t devid; | 
|  | const bool pv = cmd->dword0 & RISCV_IOMMU_CMD_ATS_PV; | 
|  |  | 
|  | if (cmd->dword0 & RISCV_IOMMU_CMD_ATS_DSV) { | 
|  | /* Use device segment and requester id */ | 
|  | devid = get_field(cmd->dword0, | 
|  | RISCV_IOMMU_CMD_ATS_DSEG | RISCV_IOMMU_CMD_ATS_RID); | 
|  | } else { | 
|  | devid = get_field(cmd->dword0, RISCV_IOMMU_CMD_ATS_RID); | 
|  | } | 
|  |  | 
|  | pid = get_field(cmd->dword0, RISCV_IOMMU_CMD_ATS_PID); | 
|  |  | 
|  | QLIST_FOREACH(as, &s->spaces, list) { | 
|  | if (as->devid == devid) { | 
|  | break; | 
|  | } | 
|  | } | 
|  |  | 
|  | if (!as || !as->notifier) { | 
|  | return; | 
|  | } | 
|  |  | 
|  | event.type = flag; | 
|  | event.entry.perm = perm; | 
|  | event.entry.target_as = s->target_as; | 
|  |  | 
|  | IOMMU_NOTIFIER_FOREACH(n, &as->iova_mr) { | 
|  | if (!pv || n->iommu_idx == pid) { | 
|  | event.entry.iova = n->start; | 
|  | event.entry.addr_mask = n->end - n->start; | 
|  | trace_fn(as->iova_mr.parent_obj.name); | 
|  | memory_region_notify_iommu_one(n, &event); | 
|  | } | 
|  | } | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_ats_inval(RISCVIOMMUState *s, | 
|  | struct riscv_iommu_command *cmd) | 
|  | { | 
|  | return riscv_iommu_ats(s, cmd, IOMMU_NOTIFIER_DEVIOTLB_UNMAP, IOMMU_NONE, | 
|  | trace_riscv_iommu_ats_inval); | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_ats_prgr(RISCVIOMMUState *s, | 
|  | struct riscv_iommu_command *cmd) | 
|  | { | 
|  | unsigned resp_code = get_field(cmd->dword1, | 
|  | RISCV_IOMMU_CMD_ATS_PRGR_RESP_CODE); | 
|  |  | 
|  | /* Using the access flag to carry response code information */ | 
|  | IOMMUAccessFlags perm = resp_code ? IOMMU_NONE : IOMMU_RW; | 
|  | return riscv_iommu_ats(s, cmd, IOMMU_NOTIFIER_MAP, perm, | 
|  | trace_riscv_iommu_ats_prgr); | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_process_ddtp(RISCVIOMMUState *s) | 
|  | { | 
|  | uint64_t old_ddtp = s->ddtp; | 
|  | uint64_t new_ddtp = riscv_iommu_reg_get64(s, RISCV_IOMMU_REG_DDTP); | 
|  | unsigned new_mode = get_field(new_ddtp, RISCV_IOMMU_DDTP_MODE); | 
|  | unsigned old_mode = get_field(old_ddtp, RISCV_IOMMU_DDTP_MODE); | 
|  | bool ok = false; | 
|  |  | 
|  | /* | 
|  | * Check for allowed DDTP.MODE transitions: | 
|  | * {OFF, BARE}        -> {OFF, BARE, 1LVL, 2LVL, 3LVL} | 
|  | * {1LVL, 2LVL, 3LVL} -> {OFF, BARE} | 
|  | */ | 
|  | if (new_mode == old_mode || | 
|  | new_mode == RISCV_IOMMU_DDTP_MODE_OFF || | 
|  | new_mode == RISCV_IOMMU_DDTP_MODE_BARE) { | 
|  | ok = true; | 
|  | } else if (new_mode == RISCV_IOMMU_DDTP_MODE_1LVL || | 
|  | new_mode == RISCV_IOMMU_DDTP_MODE_2LVL || | 
|  | new_mode == RISCV_IOMMU_DDTP_MODE_3LVL) { | 
|  | ok = old_mode == RISCV_IOMMU_DDTP_MODE_OFF || | 
|  | old_mode == RISCV_IOMMU_DDTP_MODE_BARE; | 
|  | } | 
|  |  | 
|  | if (ok) { | 
|  | /* clear reserved and busy bits, report back sanitized version */ | 
|  | new_ddtp = set_field(new_ddtp & RISCV_IOMMU_DDTP_PPN, | 
|  | RISCV_IOMMU_DDTP_MODE, new_mode); | 
|  | } else { | 
|  | new_ddtp = old_ddtp; | 
|  | } | 
|  | s->ddtp = new_ddtp; | 
|  |  | 
|  | riscv_iommu_reg_set64(s, RISCV_IOMMU_REG_DDTP, new_ddtp); | 
|  | } | 
|  |  | 
|  | /* Command function and opcode field. */ | 
|  | #define RISCV_IOMMU_CMD(func, op) (((func) << 7) | (op)) | 
|  |  | 
|  | static void riscv_iommu_process_cq_tail(RISCVIOMMUState *s) | 
|  | { | 
|  | struct riscv_iommu_command cmd; | 
|  | MemTxResult res; | 
|  | dma_addr_t addr; | 
|  | uint32_t tail, head, ctrl; | 
|  | uint64_t cmd_opcode; | 
|  | GHFunc func; | 
|  |  | 
|  | ctrl = riscv_iommu_reg_get32(s, RISCV_IOMMU_REG_CQCSR); | 
|  | tail = riscv_iommu_reg_get32(s, RISCV_IOMMU_REG_CQT) & s->cq_mask; | 
|  | head = riscv_iommu_reg_get32(s, RISCV_IOMMU_REG_CQH) & s->cq_mask; | 
|  |  | 
|  | /* Check for pending error or queue processing disabled */ | 
|  | if (!(ctrl & RISCV_IOMMU_CQCSR_CQON) || | 
|  | !!(ctrl & (RISCV_IOMMU_CQCSR_CMD_ILL | RISCV_IOMMU_CQCSR_CQMF))) { | 
|  | return; | 
|  | } | 
|  |  | 
|  | while (tail != head) { | 
|  | addr = s->cq_addr  + head * sizeof(cmd); | 
|  | res = dma_memory_read(s->target_as, addr, &cmd, sizeof(cmd), | 
|  | MEMTXATTRS_UNSPECIFIED); | 
|  |  | 
|  | if (res != MEMTX_OK) { | 
|  | riscv_iommu_reg_mod32(s, RISCV_IOMMU_REG_CQCSR, | 
|  | RISCV_IOMMU_CQCSR_CQMF, 0); | 
|  | goto fault; | 
|  | } | 
|  |  | 
|  | trace_riscv_iommu_cmd(s->parent_obj.id, cmd.dword0, cmd.dword1); | 
|  |  | 
|  | cmd_opcode = get_field(cmd.dword0, | 
|  | RISCV_IOMMU_CMD_OPCODE | RISCV_IOMMU_CMD_FUNC); | 
|  |  | 
|  | switch (cmd_opcode) { | 
|  | case RISCV_IOMMU_CMD(RISCV_IOMMU_CMD_IOFENCE_FUNC_C, | 
|  | RISCV_IOMMU_CMD_IOFENCE_OPCODE): | 
|  | res = riscv_iommu_iofence(s, | 
|  | cmd.dword0 & RISCV_IOMMU_CMD_IOFENCE_AV, cmd.dword1 << 2, | 
|  | get_field(cmd.dword0, RISCV_IOMMU_CMD_IOFENCE_DATA)); | 
|  |  | 
|  | if (res != MEMTX_OK) { | 
|  | riscv_iommu_reg_mod32(s, RISCV_IOMMU_REG_CQCSR, | 
|  | RISCV_IOMMU_CQCSR_CQMF, 0); | 
|  | goto fault; | 
|  | } | 
|  | break; | 
|  |  | 
|  | case RISCV_IOMMU_CMD(RISCV_IOMMU_CMD_IOTINVAL_FUNC_GVMA, | 
|  | RISCV_IOMMU_CMD_IOTINVAL_OPCODE): | 
|  | { | 
|  | bool gv = !!(cmd.dword0 & RISCV_IOMMU_CMD_IOTINVAL_GV); | 
|  | bool av = !!(cmd.dword0 & RISCV_IOMMU_CMD_IOTINVAL_AV); | 
|  | bool pscv = !!(cmd.dword0 & RISCV_IOMMU_CMD_IOTINVAL_PSCV); | 
|  | uint32_t gscid = get_field(cmd.dword0, | 
|  | RISCV_IOMMU_CMD_IOTINVAL_GSCID); | 
|  | uint32_t pscid = get_field(cmd.dword0, | 
|  | RISCV_IOMMU_CMD_IOTINVAL_PSCID); | 
|  | hwaddr iova = (cmd.dword1 << 2) & TARGET_PAGE_MASK; | 
|  |  | 
|  | if (pscv) { | 
|  | /* illegal command arguments IOTINVAL.GVMA & PSCV == 1 */ | 
|  | goto cmd_ill; | 
|  | } | 
|  |  | 
|  | func = riscv_iommu_iot_inval_all; | 
|  |  | 
|  | if (gv) { | 
|  | func = (av) ? riscv_iommu_iot_inval_gscid_iova : | 
|  | riscv_iommu_iot_inval_gscid; | 
|  | } | 
|  |  | 
|  | riscv_iommu_iot_inval( | 
|  | s, func, gscid, pscid, iova, RISCV_IOMMU_TRANS_TAG_VG); | 
|  |  | 
|  | riscv_iommu_iot_inval( | 
|  | s, func, gscid, pscid, iova, RISCV_IOMMU_TRANS_TAG_VN); | 
|  | break; | 
|  | } | 
|  |  | 
|  | case RISCV_IOMMU_CMD(RISCV_IOMMU_CMD_IOTINVAL_FUNC_VMA, | 
|  | RISCV_IOMMU_CMD_IOTINVAL_OPCODE): | 
|  | { | 
|  | bool gv = !!(cmd.dword0 & RISCV_IOMMU_CMD_IOTINVAL_GV); | 
|  | bool av = !!(cmd.dword0 & RISCV_IOMMU_CMD_IOTINVAL_AV); | 
|  | bool pscv = !!(cmd.dword0 & RISCV_IOMMU_CMD_IOTINVAL_PSCV); | 
|  | uint32_t gscid = get_field(cmd.dword0, | 
|  | RISCV_IOMMU_CMD_IOTINVAL_GSCID); | 
|  | uint32_t pscid = get_field(cmd.dword0, | 
|  | RISCV_IOMMU_CMD_IOTINVAL_PSCID); | 
|  | hwaddr iova = (cmd.dword1 << 2) & TARGET_PAGE_MASK; | 
|  | RISCVIOMMUTransTag transtag; | 
|  |  | 
|  | if (gv) { | 
|  | transtag = RISCV_IOMMU_TRANS_TAG_VN; | 
|  | if (pscv) { | 
|  | func = (av) ? riscv_iommu_iot_inval_gscid_pscid_iova : | 
|  | riscv_iommu_iot_inval_gscid_pscid; | 
|  | } else { | 
|  | func = (av) ? riscv_iommu_iot_inval_gscid_iova : | 
|  | riscv_iommu_iot_inval_gscid; | 
|  | } | 
|  | } else { | 
|  | transtag = RISCV_IOMMU_TRANS_TAG_SS; | 
|  | if (pscv) { | 
|  | func = (av) ? riscv_iommu_iot_inval_pscid_iova : | 
|  | riscv_iommu_iot_inval_pscid; | 
|  | } else { | 
|  | func = (av) ? riscv_iommu_iot_inval_iova : | 
|  | riscv_iommu_iot_inval_all; | 
|  | } | 
|  | } | 
|  |  | 
|  | riscv_iommu_iot_inval(s, func, gscid, pscid, iova, transtag); | 
|  | break; | 
|  | } | 
|  |  | 
|  | case RISCV_IOMMU_CMD(RISCV_IOMMU_CMD_IODIR_FUNC_INVAL_DDT, | 
|  | RISCV_IOMMU_CMD_IODIR_OPCODE): | 
|  | if (!(cmd.dword0 & RISCV_IOMMU_CMD_IODIR_DV)) { | 
|  | /* invalidate all device context cache mappings */ | 
|  | func = riscv_iommu_ctx_inval_all; | 
|  | } else { | 
|  | /* invalidate all device context matching DID */ | 
|  | func = riscv_iommu_ctx_inval_devid; | 
|  | } | 
|  | riscv_iommu_ctx_inval(s, func, | 
|  | get_field(cmd.dword0, RISCV_IOMMU_CMD_IODIR_DID), 0); | 
|  | break; | 
|  |  | 
|  | case RISCV_IOMMU_CMD(RISCV_IOMMU_CMD_IODIR_FUNC_INVAL_PDT, | 
|  | RISCV_IOMMU_CMD_IODIR_OPCODE): | 
|  | if (!(cmd.dword0 & RISCV_IOMMU_CMD_IODIR_DV)) { | 
|  | /* illegal command arguments IODIR_PDT & DV == 0 */ | 
|  | goto cmd_ill; | 
|  | } else { | 
|  | func = riscv_iommu_ctx_inval_devid_procid; | 
|  | } | 
|  | riscv_iommu_ctx_inval(s, func, | 
|  | get_field(cmd.dword0, RISCV_IOMMU_CMD_IODIR_DID), | 
|  | get_field(cmd.dword0, RISCV_IOMMU_CMD_IODIR_PID)); | 
|  | break; | 
|  |  | 
|  | /* ATS commands */ | 
|  | case RISCV_IOMMU_CMD(RISCV_IOMMU_CMD_ATS_FUNC_INVAL, | 
|  | RISCV_IOMMU_CMD_ATS_OPCODE): | 
|  | if (!s->enable_ats) { | 
|  | goto cmd_ill; | 
|  | } | 
|  |  | 
|  | riscv_iommu_ats_inval(s, &cmd); | 
|  | break; | 
|  |  | 
|  | case RISCV_IOMMU_CMD(RISCV_IOMMU_CMD_ATS_FUNC_PRGR, | 
|  | RISCV_IOMMU_CMD_ATS_OPCODE): | 
|  | if (!s->enable_ats) { | 
|  | goto cmd_ill; | 
|  | } | 
|  |  | 
|  | riscv_iommu_ats_prgr(s, &cmd); | 
|  | break; | 
|  |  | 
|  | default: | 
|  | cmd_ill: | 
|  | /* Invalid instruction, do not advance instruction index. */ | 
|  | riscv_iommu_reg_mod32(s, RISCV_IOMMU_REG_CQCSR, | 
|  | RISCV_IOMMU_CQCSR_CMD_ILL, 0); | 
|  | goto fault; | 
|  | } | 
|  |  | 
|  | /* Advance and update head pointer after command completes. */ | 
|  | head = (head + 1) & s->cq_mask; | 
|  | riscv_iommu_reg_set32(s, RISCV_IOMMU_REG_CQH, head); | 
|  | } | 
|  | return; | 
|  |  | 
|  | fault: | 
|  | if (ctrl & RISCV_IOMMU_CQCSR_CIE) { | 
|  | riscv_iommu_notify(s, RISCV_IOMMU_INTR_CQ); | 
|  | } | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_process_cq_control(RISCVIOMMUState *s) | 
|  | { | 
|  | uint64_t base; | 
|  | uint32_t ctrl_set = riscv_iommu_reg_get32(s, RISCV_IOMMU_REG_CQCSR); | 
|  | uint32_t ctrl_clr; | 
|  | bool enable = !!(ctrl_set & RISCV_IOMMU_CQCSR_CQEN); | 
|  | bool active = !!(ctrl_set & RISCV_IOMMU_CQCSR_CQON); | 
|  |  | 
|  | if (enable && !active) { | 
|  | base = riscv_iommu_reg_get64(s, RISCV_IOMMU_REG_CQB); | 
|  | s->cq_mask = (2ULL << get_field(base, RISCV_IOMMU_CQB_LOG2SZ)) - 1; | 
|  | s->cq_addr = PPN_PHYS(get_field(base, RISCV_IOMMU_CQB_PPN)); | 
|  | stl_le_p(&s->regs_ro[RISCV_IOMMU_REG_CQT], ~s->cq_mask); | 
|  | stl_le_p(&s->regs_rw[RISCV_IOMMU_REG_CQH], 0); | 
|  | stl_le_p(&s->regs_rw[RISCV_IOMMU_REG_CQT], 0); | 
|  | ctrl_set = RISCV_IOMMU_CQCSR_CQON; | 
|  | ctrl_clr = RISCV_IOMMU_CQCSR_BUSY | RISCV_IOMMU_CQCSR_CQMF | | 
|  | RISCV_IOMMU_CQCSR_CMD_ILL | RISCV_IOMMU_CQCSR_CMD_TO | | 
|  | RISCV_IOMMU_CQCSR_FENCE_W_IP; | 
|  | } else if (!enable && active) { | 
|  | stl_le_p(&s->regs_ro[RISCV_IOMMU_REG_CQT], ~0); | 
|  | ctrl_set = 0; | 
|  | ctrl_clr = RISCV_IOMMU_CQCSR_BUSY | RISCV_IOMMU_CQCSR_CQON; | 
|  | } else { | 
|  | ctrl_set = 0; | 
|  | ctrl_clr = RISCV_IOMMU_CQCSR_BUSY; | 
|  | } | 
|  |  | 
|  | riscv_iommu_reg_mod32(s, RISCV_IOMMU_REG_CQCSR, ctrl_set, ctrl_clr); | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_process_fq_control(RISCVIOMMUState *s) | 
|  | { | 
|  | uint64_t base; | 
|  | uint32_t ctrl_set = riscv_iommu_reg_get32(s, RISCV_IOMMU_REG_FQCSR); | 
|  | uint32_t ctrl_clr; | 
|  | bool enable = !!(ctrl_set & RISCV_IOMMU_FQCSR_FQEN); | 
|  | bool active = !!(ctrl_set & RISCV_IOMMU_FQCSR_FQON); | 
|  |  | 
|  | if (enable && !active) { | 
|  | base = riscv_iommu_reg_get64(s, RISCV_IOMMU_REG_FQB); | 
|  | s->fq_mask = (2ULL << get_field(base, RISCV_IOMMU_FQB_LOG2SZ)) - 1; | 
|  | s->fq_addr = PPN_PHYS(get_field(base, RISCV_IOMMU_FQB_PPN)); | 
|  | stl_le_p(&s->regs_ro[RISCV_IOMMU_REG_FQH], ~s->fq_mask); | 
|  | stl_le_p(&s->regs_rw[RISCV_IOMMU_REG_FQH], 0); | 
|  | stl_le_p(&s->regs_rw[RISCV_IOMMU_REG_FQT], 0); | 
|  | ctrl_set = RISCV_IOMMU_FQCSR_FQON; | 
|  | ctrl_clr = RISCV_IOMMU_FQCSR_BUSY | RISCV_IOMMU_FQCSR_FQMF | | 
|  | RISCV_IOMMU_FQCSR_FQOF; | 
|  | } else if (!enable && active) { | 
|  | stl_le_p(&s->regs_ro[RISCV_IOMMU_REG_FQH], ~0); | 
|  | ctrl_set = 0; | 
|  | ctrl_clr = RISCV_IOMMU_FQCSR_BUSY | RISCV_IOMMU_FQCSR_FQON; | 
|  | } else { | 
|  | ctrl_set = 0; | 
|  | ctrl_clr = RISCV_IOMMU_FQCSR_BUSY; | 
|  | } | 
|  |  | 
|  | riscv_iommu_reg_mod32(s, RISCV_IOMMU_REG_FQCSR, ctrl_set, ctrl_clr); | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_process_pq_control(RISCVIOMMUState *s) | 
|  | { | 
|  | uint64_t base; | 
|  | uint32_t ctrl_set = riscv_iommu_reg_get32(s, RISCV_IOMMU_REG_PQCSR); | 
|  | uint32_t ctrl_clr; | 
|  | bool enable = !!(ctrl_set & RISCV_IOMMU_PQCSR_PQEN); | 
|  | bool active = !!(ctrl_set & RISCV_IOMMU_PQCSR_PQON); | 
|  |  | 
|  | if (enable && !active) { | 
|  | base = riscv_iommu_reg_get64(s, RISCV_IOMMU_REG_PQB); | 
|  | s->pq_mask = (2ULL << get_field(base, RISCV_IOMMU_PQB_LOG2SZ)) - 1; | 
|  | s->pq_addr = PPN_PHYS(get_field(base, RISCV_IOMMU_PQB_PPN)); | 
|  | stl_le_p(&s->regs_ro[RISCV_IOMMU_REG_PQH], ~s->pq_mask); | 
|  | stl_le_p(&s->regs_rw[RISCV_IOMMU_REG_PQH], 0); | 
|  | stl_le_p(&s->regs_rw[RISCV_IOMMU_REG_PQT], 0); | 
|  | ctrl_set = RISCV_IOMMU_PQCSR_PQON; | 
|  | ctrl_clr = RISCV_IOMMU_PQCSR_BUSY | RISCV_IOMMU_PQCSR_PQMF | | 
|  | RISCV_IOMMU_PQCSR_PQOF; | 
|  | } else if (!enable && active) { | 
|  | stl_le_p(&s->regs_ro[RISCV_IOMMU_REG_PQH], ~0); | 
|  | ctrl_set = 0; | 
|  | ctrl_clr = RISCV_IOMMU_PQCSR_BUSY | RISCV_IOMMU_PQCSR_PQON; | 
|  | } else { | 
|  | ctrl_set = 0; | 
|  | ctrl_clr = RISCV_IOMMU_PQCSR_BUSY; | 
|  | } | 
|  |  | 
|  | riscv_iommu_reg_mod32(s, RISCV_IOMMU_REG_PQCSR, ctrl_set, ctrl_clr); | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_process_dbg(RISCVIOMMUState *s) | 
|  | { | 
|  | uint64_t iova = riscv_iommu_reg_get64(s, RISCV_IOMMU_REG_TR_REQ_IOVA); | 
|  | uint64_t ctrl = riscv_iommu_reg_get64(s, RISCV_IOMMU_REG_TR_REQ_CTL); | 
|  | unsigned devid = get_field(ctrl, RISCV_IOMMU_TR_REQ_CTL_DID); | 
|  | unsigned pid = get_field(ctrl, RISCV_IOMMU_TR_REQ_CTL_PID); | 
|  | RISCVIOMMUContext *ctx; | 
|  | void *ref; | 
|  |  | 
|  | if (!(ctrl & RISCV_IOMMU_TR_REQ_CTL_GO_BUSY)) { | 
|  | return; | 
|  | } | 
|  |  | 
|  | ctx = riscv_iommu_ctx(s, devid, pid, &ref); | 
|  | if (ctx == NULL) { | 
|  | riscv_iommu_reg_set64(s, RISCV_IOMMU_REG_TR_RESPONSE, | 
|  | RISCV_IOMMU_TR_RESPONSE_FAULT | | 
|  | (RISCV_IOMMU_FQ_CAUSE_DMA_DISABLED << 10)); | 
|  | } else { | 
|  | IOMMUTLBEntry iotlb = { | 
|  | .iova = iova, | 
|  | .perm = ctrl & RISCV_IOMMU_TR_REQ_CTL_NW ? IOMMU_RO : IOMMU_RW, | 
|  | .addr_mask = ~0, | 
|  | .target_as = NULL, | 
|  | }; | 
|  | int fault = riscv_iommu_translate(s, ctx, &iotlb, false); | 
|  | if (fault) { | 
|  | iova = RISCV_IOMMU_TR_RESPONSE_FAULT | (((uint64_t) fault) << 10); | 
|  | } else { | 
|  | iova = iotlb.translated_addr & ~iotlb.addr_mask; | 
|  | iova >>= TARGET_PAGE_BITS; | 
|  | iova &= RISCV_IOMMU_TR_RESPONSE_PPN; | 
|  |  | 
|  | /* We do not support superpages (> 4kbs) for now */ | 
|  | iova &= ~RISCV_IOMMU_TR_RESPONSE_S; | 
|  | } | 
|  | riscv_iommu_reg_set64(s, RISCV_IOMMU_REG_TR_RESPONSE, iova); | 
|  | } | 
|  |  | 
|  | riscv_iommu_reg_mod64(s, RISCV_IOMMU_REG_TR_REQ_CTL, 0, | 
|  | RISCV_IOMMU_TR_REQ_CTL_GO_BUSY); | 
|  | riscv_iommu_ctx_put(s, ref); | 
|  | } | 
|  |  | 
|  | typedef void riscv_iommu_process_fn(RISCVIOMMUState *s); | 
|  |  | 
|  | static void riscv_iommu_update_icvec(RISCVIOMMUState *s, uint64_t data) | 
|  | { | 
|  | uint64_t icvec = 0; | 
|  |  | 
|  | icvec |= MIN(data & RISCV_IOMMU_ICVEC_CIV, | 
|  | s->icvec_avail_vectors & RISCV_IOMMU_ICVEC_CIV); | 
|  |  | 
|  | icvec |= MIN(data & RISCV_IOMMU_ICVEC_FIV, | 
|  | s->icvec_avail_vectors & RISCV_IOMMU_ICVEC_FIV); | 
|  |  | 
|  | icvec |= MIN(data & RISCV_IOMMU_ICVEC_PMIV, | 
|  | s->icvec_avail_vectors & RISCV_IOMMU_ICVEC_PMIV); | 
|  |  | 
|  | icvec |= MIN(data & RISCV_IOMMU_ICVEC_PIV, | 
|  | s->icvec_avail_vectors & RISCV_IOMMU_ICVEC_PIV); | 
|  |  | 
|  | trace_riscv_iommu_icvec_write(data, icvec); | 
|  |  | 
|  | riscv_iommu_reg_set64(s, RISCV_IOMMU_REG_ICVEC, icvec); | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_update_ipsr(RISCVIOMMUState *s, uint64_t data) | 
|  | { | 
|  | uint32_t cqcsr, fqcsr, pqcsr; | 
|  | uint32_t ipsr_set = 0; | 
|  | uint32_t ipsr_clr = 0; | 
|  |  | 
|  | if (data & RISCV_IOMMU_IPSR_CIP) { | 
|  | cqcsr = riscv_iommu_reg_get32(s, RISCV_IOMMU_REG_CQCSR); | 
|  |  | 
|  | if (cqcsr & RISCV_IOMMU_CQCSR_CIE && | 
|  | (cqcsr & RISCV_IOMMU_CQCSR_FENCE_W_IP || | 
|  | cqcsr & RISCV_IOMMU_CQCSR_CMD_ILL || | 
|  | cqcsr & RISCV_IOMMU_CQCSR_CMD_TO || | 
|  | cqcsr & RISCV_IOMMU_CQCSR_CQMF)) { | 
|  | ipsr_set |= RISCV_IOMMU_IPSR_CIP; | 
|  | } else { | 
|  | ipsr_clr |= RISCV_IOMMU_IPSR_CIP; | 
|  | } | 
|  | } else { | 
|  | ipsr_clr |= RISCV_IOMMU_IPSR_CIP; | 
|  | } | 
|  |  | 
|  | if (data & RISCV_IOMMU_IPSR_FIP) { | 
|  | fqcsr = riscv_iommu_reg_get32(s, RISCV_IOMMU_REG_FQCSR); | 
|  |  | 
|  | if (fqcsr & RISCV_IOMMU_FQCSR_FIE && | 
|  | (fqcsr & RISCV_IOMMU_FQCSR_FQOF || | 
|  | fqcsr & RISCV_IOMMU_FQCSR_FQMF)) { | 
|  | ipsr_set |= RISCV_IOMMU_IPSR_FIP; | 
|  | } else { | 
|  | ipsr_clr |= RISCV_IOMMU_IPSR_FIP; | 
|  | } | 
|  | } else { | 
|  | ipsr_clr |= RISCV_IOMMU_IPSR_FIP; | 
|  | } | 
|  |  | 
|  | if (data & RISCV_IOMMU_IPSR_PIP) { | 
|  | pqcsr = riscv_iommu_reg_get32(s, RISCV_IOMMU_REG_PQCSR); | 
|  |  | 
|  | if (pqcsr & RISCV_IOMMU_PQCSR_PIE && | 
|  | (pqcsr & RISCV_IOMMU_PQCSR_PQOF || | 
|  | pqcsr & RISCV_IOMMU_PQCSR_PQMF)) { | 
|  | ipsr_set |= RISCV_IOMMU_IPSR_PIP; | 
|  | } else { | 
|  | ipsr_clr |= RISCV_IOMMU_IPSR_PIP; | 
|  | } | 
|  | } else { | 
|  | ipsr_clr |= RISCV_IOMMU_IPSR_PIP; | 
|  | } | 
|  |  | 
|  | riscv_iommu_reg_mod32(s, RISCV_IOMMU_REG_IPSR, ipsr_set, ipsr_clr); | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_process_hpm_writes(RISCVIOMMUState *s, | 
|  | uint32_t regb, | 
|  | bool prev_cy_inh) | 
|  | { | 
|  | switch (regb) { | 
|  | case RISCV_IOMMU_REG_IOCOUNTINH: | 
|  | riscv_iommu_process_iocntinh_cy(s, prev_cy_inh); | 
|  | break; | 
|  |  | 
|  | case RISCV_IOMMU_REG_IOHPMCYCLES: | 
|  | case RISCV_IOMMU_REG_IOHPMCYCLES + 4: | 
|  | riscv_iommu_process_hpmcycle_write(s); | 
|  | break; | 
|  |  | 
|  | case RISCV_IOMMU_REG_IOHPMEVT_BASE ... | 
|  | RISCV_IOMMU_REG_IOHPMEVT(RISCV_IOMMU_IOCOUNT_NUM) + 4: | 
|  | riscv_iommu_process_hpmevt_write(s, regb & ~7); | 
|  | break; | 
|  | } | 
|  | } | 
|  |  | 
|  | /* | 
|  | * Write the resulting value of 'data' for the reg specified | 
|  | * by 'reg_addr', after considering read-only/read-write/write-clear | 
|  | * bits, in the pointer 'dest'. | 
|  | * | 
|  | * The result is written in little-endian. | 
|  | */ | 
|  | static void riscv_iommu_write_reg_val(RISCVIOMMUState *s, | 
|  | void *dest, hwaddr reg_addr, | 
|  | int size, uint64_t data) | 
|  | { | 
|  | uint64_t ro = ldn_le_p(&s->regs_ro[reg_addr], size); | 
|  | uint64_t wc = ldn_le_p(&s->regs_wc[reg_addr], size); | 
|  | uint64_t rw = ldn_le_p(&s->regs_rw[reg_addr], size); | 
|  |  | 
|  | stn_le_p(dest, size, ((rw & ro) | (data & ~ro)) & ~(data & wc)); | 
|  | } | 
|  |  | 
|  | static MemTxResult riscv_iommu_mmio_write(void *opaque, hwaddr addr, | 
|  | uint64_t data, unsigned size, | 
|  | MemTxAttrs attrs) | 
|  | { | 
|  | riscv_iommu_process_fn *process_fn = NULL; | 
|  | RISCVIOMMUState *s = opaque; | 
|  | uint32_t regb = addr & ~3; | 
|  | uint32_t busy = 0; | 
|  | uint64_t val = 0; | 
|  | bool cy_inh = false; | 
|  |  | 
|  | if ((addr & (size - 1)) != 0) { | 
|  | /* Unsupported MMIO alignment or access size */ | 
|  | return MEMTX_ERROR; | 
|  | } | 
|  |  | 
|  | if (addr + size > RISCV_IOMMU_REG_MSI_CONFIG) { | 
|  | /* Unsupported MMIO access location. */ | 
|  | return MEMTX_ACCESS_ERROR; | 
|  | } | 
|  |  | 
|  | /* Track actionable MMIO write. */ | 
|  | switch (regb) { | 
|  | case RISCV_IOMMU_REG_DDTP: | 
|  | case RISCV_IOMMU_REG_DDTP + 4: | 
|  | process_fn = riscv_iommu_process_ddtp; | 
|  | regb = RISCV_IOMMU_REG_DDTP; | 
|  | busy = RISCV_IOMMU_DDTP_BUSY; | 
|  | break; | 
|  |  | 
|  | case RISCV_IOMMU_REG_CQT: | 
|  | process_fn = riscv_iommu_process_cq_tail; | 
|  | break; | 
|  |  | 
|  | case RISCV_IOMMU_REG_CQCSR: | 
|  | process_fn = riscv_iommu_process_cq_control; | 
|  | busy = RISCV_IOMMU_CQCSR_BUSY; | 
|  | break; | 
|  |  | 
|  | case RISCV_IOMMU_REG_FQCSR: | 
|  | process_fn = riscv_iommu_process_fq_control; | 
|  | busy = RISCV_IOMMU_FQCSR_BUSY; | 
|  | break; | 
|  |  | 
|  | case RISCV_IOMMU_REG_PQCSR: | 
|  | process_fn = riscv_iommu_process_pq_control; | 
|  | busy = RISCV_IOMMU_PQCSR_BUSY; | 
|  | break; | 
|  |  | 
|  | case RISCV_IOMMU_REG_ICVEC: | 
|  | case RISCV_IOMMU_REG_IPSR: | 
|  | /* | 
|  | * ICVEC and IPSR have special read/write procedures. We'll | 
|  | * call their respective helpers and exit. | 
|  | */ | 
|  | riscv_iommu_write_reg_val(s, &val, addr, size, data); | 
|  |  | 
|  | /* | 
|  | * 'val' is stored as LE. Switch to host endianess | 
|  | * before using it. | 
|  | */ | 
|  | val = le64_to_cpu(val); | 
|  |  | 
|  | if (regb == RISCV_IOMMU_REG_ICVEC) { | 
|  | riscv_iommu_update_icvec(s, val); | 
|  | } else { | 
|  | riscv_iommu_update_ipsr(s, val); | 
|  | } | 
|  |  | 
|  | return MEMTX_OK; | 
|  |  | 
|  | case RISCV_IOMMU_REG_TR_REQ_CTL: | 
|  | process_fn = riscv_iommu_process_dbg; | 
|  | regb = RISCV_IOMMU_REG_TR_REQ_CTL; | 
|  | busy = RISCV_IOMMU_TR_REQ_CTL_GO_BUSY; | 
|  | break; | 
|  |  | 
|  | case RISCV_IOMMU_REG_IOCOUNTINH: | 
|  | if (addr != RISCV_IOMMU_REG_IOCOUNTINH) { | 
|  | break; | 
|  | } | 
|  | /* Store previous value of CY bit. */ | 
|  | cy_inh = !!(riscv_iommu_reg_get32(s, RISCV_IOMMU_REG_IOCOUNTINH) & | 
|  | RISCV_IOMMU_IOCOUNTINH_CY); | 
|  | break; | 
|  |  | 
|  |  | 
|  | default: | 
|  | break; | 
|  | } | 
|  |  | 
|  | /* | 
|  | * Registers update might be not synchronized with core logic. | 
|  | * If system software updates register when relevant BUSY bit | 
|  | * is set IOMMU behavior of additional writes to the register | 
|  | * is UNSPECIFIED. | 
|  | */ | 
|  | riscv_iommu_write_reg_val(s, &s->regs_rw[addr], addr, size, data); | 
|  |  | 
|  | /* Busy flag update, MSB 4-byte register. */ | 
|  | if (busy) { | 
|  | uint32_t rw = ldl_le_p(&s->regs_rw[regb]); | 
|  | stl_le_p(&s->regs_rw[regb], rw | busy); | 
|  | } | 
|  |  | 
|  | /* Process HPM writes and update any internal state if needed. */ | 
|  | if (regb >= RISCV_IOMMU_REG_IOCOUNTOVF && | 
|  | regb <= (RISCV_IOMMU_REG_IOHPMEVT(RISCV_IOMMU_IOCOUNT_NUM) + 4)) { | 
|  | riscv_iommu_process_hpm_writes(s, regb, cy_inh); | 
|  | } | 
|  |  | 
|  | if (process_fn) { | 
|  | process_fn(s); | 
|  | } | 
|  |  | 
|  | return MEMTX_OK; | 
|  | } | 
|  |  | 
|  | static MemTxResult riscv_iommu_mmio_read(void *opaque, hwaddr addr, | 
|  | uint64_t *data, unsigned size, MemTxAttrs attrs) | 
|  | { | 
|  | RISCVIOMMUState *s = opaque; | 
|  | uint64_t val = -1; | 
|  | uint8_t *ptr; | 
|  |  | 
|  | if ((addr & (size - 1)) != 0) { | 
|  | /* Unsupported MMIO alignment. */ | 
|  | return MEMTX_ERROR; | 
|  | } | 
|  |  | 
|  | if (addr + size > RISCV_IOMMU_REG_MSI_CONFIG) { | 
|  | return MEMTX_ACCESS_ERROR; | 
|  | } | 
|  |  | 
|  | /* Compute cycle register value. */ | 
|  | if ((addr & ~7) == RISCV_IOMMU_REG_IOHPMCYCLES) { | 
|  | val = riscv_iommu_hpmcycle_read(s); | 
|  | ptr = (uint8_t *)&val + (addr & 7); | 
|  | } else if ((addr & ~3) == RISCV_IOMMU_REG_IOCOUNTOVF) { | 
|  | /* | 
|  | * Software can read RISCV_IOMMU_REG_IOCOUNTOVF before timer | 
|  | * callback completes. In which case CY_OF bit in | 
|  | * RISCV_IOMMU_IOHPMCYCLES_OVF would be 0. Here we take the | 
|  | * CY_OF bit state from RISCV_IOMMU_REG_IOHPMCYCLES register as | 
|  | * it's not dependent over the timer callback and is computed | 
|  | * from cycle overflow. | 
|  | */ | 
|  | val = ldq_le_p(&s->regs_rw[addr]); | 
|  | val |= (riscv_iommu_hpmcycle_read(s) & RISCV_IOMMU_IOHPMCYCLES_OVF) | 
|  | ? RISCV_IOMMU_IOCOUNTOVF_CY | 
|  | : 0; | 
|  | ptr = (uint8_t *)&val + (addr & 3); | 
|  | } else { | 
|  | ptr = &s->regs_rw[addr]; | 
|  | } | 
|  |  | 
|  | val = ldn_le_p(ptr, size); | 
|  |  | 
|  | *data = val; | 
|  |  | 
|  | return MEMTX_OK; | 
|  | } | 
|  |  | 
|  | static const MemoryRegionOps riscv_iommu_mmio_ops = { | 
|  | .read_with_attrs = riscv_iommu_mmio_read, | 
|  | .write_with_attrs = riscv_iommu_mmio_write, | 
|  | .endianness = DEVICE_NATIVE_ENDIAN, | 
|  | .impl = { | 
|  | .min_access_size = 4, | 
|  | .max_access_size = 8, | 
|  | .unaligned = false, | 
|  | }, | 
|  | .valid = { | 
|  | .min_access_size = 4, | 
|  | .max_access_size = 8, | 
|  | } | 
|  | }; | 
|  |  | 
|  | /* | 
|  | * Translations matching MSI pattern check are redirected to "riscv-iommu-trap" | 
|  | * memory region as untranslated address, for additional MSI/MRIF interception | 
|  | * by IOMMU interrupt remapping implementation. | 
|  | * Note: Device emulation code generating an MSI is expected to provide a valid | 
|  | * memory transaction attributes with requested_id set. | 
|  | */ | 
|  | static MemTxResult riscv_iommu_trap_write(void *opaque, hwaddr addr, | 
|  | uint64_t data, unsigned size, MemTxAttrs attrs) | 
|  | { | 
|  | RISCVIOMMUState* s = (RISCVIOMMUState *)opaque; | 
|  | RISCVIOMMUContext *ctx; | 
|  | MemTxResult res; | 
|  | void *ref; | 
|  | uint32_t devid = attrs.requester_id; | 
|  |  | 
|  | if (attrs.unspecified) { | 
|  | return MEMTX_ACCESS_ERROR; | 
|  | } | 
|  |  | 
|  | /* FIXME: PCIe bus remapping for attached endpoints. */ | 
|  | devid |= s->bus << 8; | 
|  |  | 
|  | ctx = riscv_iommu_ctx(s, devid, 0, &ref); | 
|  | if (ctx == NULL) { | 
|  | res = MEMTX_ACCESS_ERROR; | 
|  | } else { | 
|  | res = riscv_iommu_msi_write(s, ctx, addr, data, size, attrs); | 
|  | } | 
|  | riscv_iommu_ctx_put(s, ref); | 
|  | return res; | 
|  | } | 
|  |  | 
|  | static MemTxResult riscv_iommu_trap_read(void *opaque, hwaddr addr, | 
|  | uint64_t *data, unsigned size, MemTxAttrs attrs) | 
|  | { | 
|  | return MEMTX_ACCESS_ERROR; | 
|  | } | 
|  |  | 
|  | static const MemoryRegionOps riscv_iommu_trap_ops = { | 
|  | .read_with_attrs = riscv_iommu_trap_read, | 
|  | .write_with_attrs = riscv_iommu_trap_write, | 
|  | .endianness = DEVICE_LITTLE_ENDIAN, | 
|  | .impl = { | 
|  | .min_access_size = 4, | 
|  | .max_access_size = 8, | 
|  | .unaligned = true, | 
|  | }, | 
|  | .valid = { | 
|  | .min_access_size = 4, | 
|  | .max_access_size = 8, | 
|  | } | 
|  | }; | 
|  |  | 
|  | void riscv_iommu_set_cap_igs(RISCVIOMMUState *s, riscv_iommu_igs_mode mode) | 
|  | { | 
|  | s->cap = set_field(s->cap, RISCV_IOMMU_CAP_IGS, mode); | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_instance_init(Object *obj) | 
|  | { | 
|  | RISCVIOMMUState *s = RISCV_IOMMU(obj); | 
|  |  | 
|  | /* Enable translation debug interface */ | 
|  | s->cap = RISCV_IOMMU_CAP_DBG; | 
|  |  | 
|  | /* Report QEMU target physical address space limits */ | 
|  | s->cap = set_field(s->cap, RISCV_IOMMU_CAP_PAS, | 
|  | TARGET_PHYS_ADDR_SPACE_BITS); | 
|  |  | 
|  | /* TODO: method to report supported PID bits */ | 
|  | s->pid_bits = 8; /* restricted to size of MemTxAttrs.pid */ | 
|  | s->cap |= RISCV_IOMMU_CAP_PD8; | 
|  |  | 
|  | /* register storage */ | 
|  | s->regs_rw = g_new0(uint8_t, RISCV_IOMMU_REG_SIZE); | 
|  | s->regs_ro = g_new0(uint8_t, RISCV_IOMMU_REG_SIZE); | 
|  | s->regs_wc = g_new0(uint8_t, RISCV_IOMMU_REG_SIZE); | 
|  |  | 
|  | /* Mark all registers read-only */ | 
|  | memset(s->regs_ro, 0xff, RISCV_IOMMU_REG_SIZE); | 
|  |  | 
|  | /* Device translation context cache */ | 
|  | s->ctx_cache = g_hash_table_new_full(riscv_iommu_ctx_hash, | 
|  | riscv_iommu_ctx_equal, | 
|  | g_free, NULL); | 
|  |  | 
|  | s->iot_cache = g_hash_table_new_full(riscv_iommu_iot_hash, | 
|  | riscv_iommu_iot_equal, | 
|  | g_free, NULL); | 
|  |  | 
|  | s->iommus.le_next = NULL; | 
|  | s->iommus.le_prev = NULL; | 
|  | QLIST_INIT(&s->spaces); | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_realize(DeviceState *dev, Error **errp) | 
|  | { | 
|  | RISCVIOMMUState *s = RISCV_IOMMU(dev); | 
|  |  | 
|  | s->cap |= s->version & RISCV_IOMMU_CAP_VERSION; | 
|  | if (s->enable_msi) { | 
|  | s->cap |= RISCV_IOMMU_CAP_MSI_FLAT | RISCV_IOMMU_CAP_MSI_MRIF; | 
|  | } | 
|  | if (s->enable_ats) { | 
|  | s->cap |= RISCV_IOMMU_CAP_ATS; | 
|  | } | 
|  | if (s->enable_s_stage) { | 
|  | s->cap |= RISCV_IOMMU_CAP_SV32 | RISCV_IOMMU_CAP_SV39 | | 
|  | RISCV_IOMMU_CAP_SV48 | RISCV_IOMMU_CAP_SV57; | 
|  | } | 
|  | if (s->enable_g_stage) { | 
|  | s->cap |= RISCV_IOMMU_CAP_SV32X4 | RISCV_IOMMU_CAP_SV39X4 | | 
|  | RISCV_IOMMU_CAP_SV48X4 | RISCV_IOMMU_CAP_SV57X4; | 
|  | } | 
|  |  | 
|  | if (s->hpm_cntrs > 0) { | 
|  | /* Clip number of HPM counters to maximum supported (31). */ | 
|  | if (s->hpm_cntrs > RISCV_IOMMU_IOCOUNT_NUM) { | 
|  | s->hpm_cntrs = RISCV_IOMMU_IOCOUNT_NUM; | 
|  | } | 
|  | /* Enable hardware performance monitor interface */ | 
|  | s->cap |= RISCV_IOMMU_CAP_HPM; | 
|  | } | 
|  |  | 
|  | /* Out-of-reset translation mode: OFF (DMA disabled) BARE (passthrough) */ | 
|  | s->ddtp = set_field(0, RISCV_IOMMU_DDTP_MODE, s->enable_off ? | 
|  | RISCV_IOMMU_DDTP_MODE_OFF : RISCV_IOMMU_DDTP_MODE_BARE); | 
|  |  | 
|  | /* | 
|  | * Register complete MMIO space, including MSI/PBA registers. | 
|  | * Note, PCIDevice implementation will add overlapping MR for MSI/PBA, | 
|  | * managed directly by the PCIDevice implementation. | 
|  | */ | 
|  | memory_region_init_io(&s->regs_mr, OBJECT(dev), &riscv_iommu_mmio_ops, s, | 
|  | "riscv-iommu-regs", RISCV_IOMMU_REG_SIZE); | 
|  |  | 
|  | /* Set power-on register state */ | 
|  | stq_le_p(&s->regs_rw[RISCV_IOMMU_REG_CAP], s->cap); | 
|  | stq_le_p(&s->regs_rw[RISCV_IOMMU_REG_FCTL], 0); | 
|  | stq_le_p(&s->regs_ro[RISCV_IOMMU_REG_FCTL], | 
|  | ~(RISCV_IOMMU_FCTL_BE | RISCV_IOMMU_FCTL_WSI)); | 
|  | stq_le_p(&s->regs_ro[RISCV_IOMMU_REG_DDTP], | 
|  | ~(RISCV_IOMMU_DDTP_PPN | RISCV_IOMMU_DDTP_MODE)); | 
|  | stq_le_p(&s->regs_ro[RISCV_IOMMU_REG_CQB], | 
|  | ~(RISCV_IOMMU_CQB_LOG2SZ | RISCV_IOMMU_CQB_PPN)); | 
|  | stq_le_p(&s->regs_ro[RISCV_IOMMU_REG_FQB], | 
|  | ~(RISCV_IOMMU_FQB_LOG2SZ | RISCV_IOMMU_FQB_PPN)); | 
|  | stq_le_p(&s->regs_ro[RISCV_IOMMU_REG_PQB], | 
|  | ~(RISCV_IOMMU_PQB_LOG2SZ | RISCV_IOMMU_PQB_PPN)); | 
|  | stl_le_p(&s->regs_wc[RISCV_IOMMU_REG_CQCSR], RISCV_IOMMU_CQCSR_CQMF | | 
|  | RISCV_IOMMU_CQCSR_CMD_TO | RISCV_IOMMU_CQCSR_CMD_ILL); | 
|  | stl_le_p(&s->regs_ro[RISCV_IOMMU_REG_CQCSR], RISCV_IOMMU_CQCSR_CQON | | 
|  | RISCV_IOMMU_CQCSR_BUSY); | 
|  | stl_le_p(&s->regs_wc[RISCV_IOMMU_REG_FQCSR], RISCV_IOMMU_FQCSR_FQMF | | 
|  | RISCV_IOMMU_FQCSR_FQOF); | 
|  | stl_le_p(&s->regs_ro[RISCV_IOMMU_REG_FQCSR], RISCV_IOMMU_FQCSR_FQON | | 
|  | RISCV_IOMMU_FQCSR_BUSY); | 
|  | stl_le_p(&s->regs_wc[RISCV_IOMMU_REG_PQCSR], RISCV_IOMMU_PQCSR_PQMF | | 
|  | RISCV_IOMMU_PQCSR_PQOF); | 
|  | stl_le_p(&s->regs_ro[RISCV_IOMMU_REG_PQCSR], RISCV_IOMMU_PQCSR_PQON | | 
|  | RISCV_IOMMU_PQCSR_BUSY); | 
|  | stl_le_p(&s->regs_wc[RISCV_IOMMU_REG_IPSR], ~0); | 
|  | stl_le_p(&s->regs_ro[RISCV_IOMMU_REG_ICVEC], 0); | 
|  | stq_le_p(&s->regs_rw[RISCV_IOMMU_REG_DDTP], s->ddtp); | 
|  | /* If debug registers enabled. */ | 
|  | if (s->cap & RISCV_IOMMU_CAP_DBG) { | 
|  | stq_le_p(&s->regs_ro[RISCV_IOMMU_REG_TR_REQ_IOVA], 0); | 
|  | stq_le_p(&s->regs_ro[RISCV_IOMMU_REG_TR_REQ_CTL], | 
|  | RISCV_IOMMU_TR_REQ_CTL_GO_BUSY); | 
|  | } | 
|  |  | 
|  | /* If HPM registers are enabled. */ | 
|  | if (s->cap & RISCV_IOMMU_CAP_HPM) { | 
|  | /* +1 for cycle counter bit. */ | 
|  | stl_le_p(&s->regs_ro[RISCV_IOMMU_REG_IOCOUNTINH], | 
|  | ~((2 << s->hpm_cntrs) - 1)); | 
|  | stq_le_p(&s->regs_ro[RISCV_IOMMU_REG_IOHPMCYCLES], 0); | 
|  | memset(&s->regs_ro[RISCV_IOMMU_REG_IOHPMCTR_BASE], | 
|  | 0x00, s->hpm_cntrs * 8); | 
|  | memset(&s->regs_ro[RISCV_IOMMU_REG_IOHPMEVT_BASE], | 
|  | 0x00, s->hpm_cntrs * 8); | 
|  | } | 
|  |  | 
|  | /* Memory region for downstream access, if specified. */ | 
|  | if (s->target_mr) { | 
|  | s->target_as = g_new0(AddressSpace, 1); | 
|  | address_space_init(s->target_as, s->target_mr, | 
|  | "riscv-iommu-downstream"); | 
|  | } else { | 
|  | /* Fallback to global system memory. */ | 
|  | s->target_as = &address_space_memory; | 
|  | } | 
|  |  | 
|  | /* Memory region for untranslated MRIF/MSI writes */ | 
|  | memory_region_init_io(&s->trap_mr, OBJECT(dev), &riscv_iommu_trap_ops, s, | 
|  | "riscv-iommu-trap", ~0ULL); | 
|  | address_space_init(&s->trap_as, &s->trap_mr, "riscv-iommu-trap-as"); | 
|  |  | 
|  | if (s->cap & RISCV_IOMMU_CAP_HPM) { | 
|  | s->hpm_timer = | 
|  | timer_new_ns(QEMU_CLOCK_VIRTUAL, riscv_iommu_hpm_timer_cb, s); | 
|  | s->hpm_event_ctr_map = g_hash_table_new(g_direct_hash, g_direct_equal); | 
|  | } | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_unrealize(DeviceState *dev) | 
|  | { | 
|  | RISCVIOMMUState *s = RISCV_IOMMU(dev); | 
|  |  | 
|  | g_hash_table_unref(s->iot_cache); | 
|  | g_hash_table_unref(s->ctx_cache); | 
|  |  | 
|  | if (s->cap & RISCV_IOMMU_CAP_HPM) { | 
|  | g_hash_table_unref(s->hpm_event_ctr_map); | 
|  | timer_free(s->hpm_timer); | 
|  | } | 
|  | } | 
|  |  | 
|  | void riscv_iommu_reset(RISCVIOMMUState *s) | 
|  | { | 
|  | uint32_t reg_clr; | 
|  | int ddtp_mode; | 
|  |  | 
|  | /* | 
|  | * Clear DDTP while setting DDTP_mode back to user | 
|  | * initial setting. | 
|  | */ | 
|  | ddtp_mode = s->enable_off ? | 
|  | RISCV_IOMMU_DDTP_MODE_OFF : RISCV_IOMMU_DDTP_MODE_BARE; | 
|  | s->ddtp = set_field(0, RISCV_IOMMU_DDTP_MODE, ddtp_mode); | 
|  | riscv_iommu_reg_set64(s, RISCV_IOMMU_REG_DDTP, s->ddtp); | 
|  |  | 
|  | reg_clr = RISCV_IOMMU_CQCSR_CQEN | RISCV_IOMMU_CQCSR_CIE | | 
|  | RISCV_IOMMU_CQCSR_CQON | RISCV_IOMMU_CQCSR_BUSY; | 
|  | riscv_iommu_reg_mod32(s, RISCV_IOMMU_REG_CQCSR, 0, reg_clr); | 
|  |  | 
|  | reg_clr = RISCV_IOMMU_FQCSR_FQEN | RISCV_IOMMU_FQCSR_FIE | | 
|  | RISCV_IOMMU_FQCSR_FQON | RISCV_IOMMU_FQCSR_BUSY; | 
|  | riscv_iommu_reg_mod32(s, RISCV_IOMMU_REG_FQCSR, 0, reg_clr); | 
|  |  | 
|  | reg_clr = RISCV_IOMMU_PQCSR_PQEN | RISCV_IOMMU_PQCSR_PIE | | 
|  | RISCV_IOMMU_PQCSR_PQON | RISCV_IOMMU_PQCSR_BUSY; | 
|  | riscv_iommu_reg_mod32(s, RISCV_IOMMU_REG_PQCSR, 0, reg_clr); | 
|  |  | 
|  | riscv_iommu_reg_mod64(s, RISCV_IOMMU_REG_TR_REQ_CTL, 0, | 
|  | RISCV_IOMMU_TR_REQ_CTL_GO_BUSY); | 
|  |  | 
|  | riscv_iommu_reg_set32(s, RISCV_IOMMU_REG_IPSR, 0); | 
|  |  | 
|  | g_hash_table_remove_all(s->ctx_cache); | 
|  | g_hash_table_remove_all(s->iot_cache); | 
|  | } | 
|  |  | 
|  | static const Property riscv_iommu_properties[] = { | 
|  | DEFINE_PROP_UINT32("version", RISCVIOMMUState, version, | 
|  | RISCV_IOMMU_SPEC_DOT_VER), | 
|  | DEFINE_PROP_UINT32("bus", RISCVIOMMUState, bus, 0x0), | 
|  | DEFINE_PROP_UINT32("ioatc-limit", RISCVIOMMUState, iot_limit, | 
|  | LIMIT_CACHE_IOT), | 
|  | DEFINE_PROP_BOOL("intremap", RISCVIOMMUState, enable_msi, TRUE), | 
|  | DEFINE_PROP_BOOL("ats", RISCVIOMMUState, enable_ats, TRUE), | 
|  | DEFINE_PROP_BOOL("off", RISCVIOMMUState, enable_off, TRUE), | 
|  | DEFINE_PROP_BOOL("s-stage", RISCVIOMMUState, enable_s_stage, TRUE), | 
|  | DEFINE_PROP_BOOL("g-stage", RISCVIOMMUState, enable_g_stage, TRUE), | 
|  | DEFINE_PROP_LINK("downstream-mr", RISCVIOMMUState, target_mr, | 
|  | TYPE_MEMORY_REGION, MemoryRegion *), | 
|  | DEFINE_PROP_UINT8("hpm-counters", RISCVIOMMUState, hpm_cntrs, | 
|  | RISCV_IOMMU_IOCOUNT_NUM), | 
|  | }; | 
|  |  | 
|  | static void riscv_iommu_class_init(ObjectClass *klass, const void *data) | 
|  | { | 
|  | DeviceClass *dc = DEVICE_CLASS(klass); | 
|  |  | 
|  | /* internal device for riscv-iommu-{pci/sys}, not user-creatable */ | 
|  | dc->user_creatable = false; | 
|  | dc->realize = riscv_iommu_realize; | 
|  | dc->unrealize = riscv_iommu_unrealize; | 
|  | device_class_set_props(dc, riscv_iommu_properties); | 
|  | } | 
|  |  | 
|  | static const TypeInfo riscv_iommu_info = { | 
|  | .name = TYPE_RISCV_IOMMU, | 
|  | .parent = TYPE_DEVICE, | 
|  | .instance_size = sizeof(RISCVIOMMUState), | 
|  | .instance_init = riscv_iommu_instance_init, | 
|  | .class_init = riscv_iommu_class_init, | 
|  | }; | 
|  |  | 
|  | static const char *IOMMU_FLAG_STR[] = { | 
|  | "NA", | 
|  | "RO", | 
|  | "WR", | 
|  | "RW", | 
|  | }; | 
|  |  | 
|  | /* RISC-V IOMMU Memory Region - Address Translation Space */ | 
|  | static IOMMUTLBEntry riscv_iommu_memory_region_translate( | 
|  | IOMMUMemoryRegion *iommu_mr, hwaddr addr, | 
|  | IOMMUAccessFlags flag, int iommu_idx) | 
|  | { | 
|  | RISCVIOMMUSpace *as = container_of(iommu_mr, RISCVIOMMUSpace, iova_mr); | 
|  | RISCVIOMMUContext *ctx; | 
|  | void *ref; | 
|  | IOMMUTLBEntry iotlb = { | 
|  | .iova = addr, | 
|  | .target_as = as->iommu->target_as, | 
|  | .addr_mask = ~0ULL, | 
|  | .perm = flag, | 
|  | }; | 
|  |  | 
|  | ctx = riscv_iommu_ctx(as->iommu, as->devid, iommu_idx, &ref); | 
|  | if (ctx == NULL) { | 
|  | /* Translation disabled or invalid. */ | 
|  | iotlb.addr_mask = 0; | 
|  | iotlb.perm = IOMMU_NONE; | 
|  | } else if (riscv_iommu_translate(as->iommu, ctx, &iotlb, true)) { | 
|  | /* Translation disabled or fault reported. */ | 
|  | iotlb.addr_mask = 0; | 
|  | iotlb.perm = IOMMU_NONE; | 
|  | } | 
|  |  | 
|  | /* Trace all dma translations with original access flags. */ | 
|  | trace_riscv_iommu_dma(as->iommu->parent_obj.id, PCI_BUS_NUM(as->devid), | 
|  | PCI_SLOT(as->devid), PCI_FUNC(as->devid), iommu_idx, | 
|  | IOMMU_FLAG_STR[flag & IOMMU_RW], iotlb.iova, | 
|  | iotlb.translated_addr); | 
|  |  | 
|  | riscv_iommu_ctx_put(as->iommu, ref); | 
|  |  | 
|  | return iotlb; | 
|  | } | 
|  |  | 
|  | static int riscv_iommu_memory_region_notify( | 
|  | IOMMUMemoryRegion *iommu_mr, IOMMUNotifierFlag old, | 
|  | IOMMUNotifierFlag new, Error **errp) | 
|  | { | 
|  | RISCVIOMMUSpace *as = container_of(iommu_mr, RISCVIOMMUSpace, iova_mr); | 
|  |  | 
|  | if (old == IOMMU_NOTIFIER_NONE) { | 
|  | as->notifier = true; | 
|  | trace_riscv_iommu_notifier_add(iommu_mr->parent_obj.name); | 
|  | } else if (new == IOMMU_NOTIFIER_NONE) { | 
|  | as->notifier = false; | 
|  | trace_riscv_iommu_notifier_del(iommu_mr->parent_obj.name); | 
|  | } | 
|  |  | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | static inline bool pci_is_iommu(PCIDevice *pdev) | 
|  | { | 
|  | return pci_get_word(pdev->config + PCI_CLASS_DEVICE) == 0x0806; | 
|  | } | 
|  |  | 
|  | static AddressSpace *riscv_iommu_find_as(PCIBus *bus, void *opaque, int devfn) | 
|  | { | 
|  | RISCVIOMMUState *s = (RISCVIOMMUState *) opaque; | 
|  | PCIDevice *pdev = pci_find_device(bus, pci_bus_num(bus), devfn); | 
|  | AddressSpace *as = NULL; | 
|  |  | 
|  | if (pdev && pci_is_iommu(pdev)) { | 
|  | return s->target_as; | 
|  | } | 
|  |  | 
|  | /* Find first registered IOMMU device */ | 
|  | while (s->iommus.le_prev) { | 
|  | s = *(s->iommus.le_prev); | 
|  | } | 
|  |  | 
|  | /* Find first matching IOMMU */ | 
|  | while (s != NULL && as == NULL) { | 
|  | as = riscv_iommu_space(s, PCI_BUILD_BDF(pci_bus_num(bus), devfn)); | 
|  | s = s->iommus.le_next; | 
|  | } | 
|  |  | 
|  | return as ? as : &address_space_memory; | 
|  | } | 
|  |  | 
|  | static const PCIIOMMUOps riscv_iommu_ops = { | 
|  | .get_address_space = riscv_iommu_find_as, | 
|  | }; | 
|  |  | 
|  | void riscv_iommu_pci_setup_iommu(RISCVIOMMUState *iommu, PCIBus *bus, | 
|  | Error **errp) | 
|  | { | 
|  | if (bus->iommu_ops && | 
|  | bus->iommu_ops->get_address_space == riscv_iommu_find_as) { | 
|  | /* Allow multiple IOMMUs on the same PCIe bus, link known devices */ | 
|  | RISCVIOMMUState *last = (RISCVIOMMUState *)bus->iommu_opaque; | 
|  | QLIST_INSERT_AFTER(last, iommu, iommus); | 
|  | } else if (!bus->iommu_ops && !bus->iommu_opaque) { | 
|  | pci_setup_iommu(bus, &riscv_iommu_ops, iommu); | 
|  | } else { | 
|  | error_setg(errp, "can't register secondary IOMMU for PCI bus #%d", | 
|  | pci_bus_num(bus)); | 
|  | } | 
|  | } | 
|  |  | 
|  | static int riscv_iommu_memory_region_index(IOMMUMemoryRegion *iommu_mr, | 
|  | MemTxAttrs attrs) | 
|  | { | 
|  | return attrs.unspecified ? RISCV_IOMMU_NOPROCID : (int)attrs.pid; | 
|  | } | 
|  |  | 
|  | static int riscv_iommu_memory_region_index_len(IOMMUMemoryRegion *iommu_mr) | 
|  | { | 
|  | RISCVIOMMUSpace *as = container_of(iommu_mr, RISCVIOMMUSpace, iova_mr); | 
|  | return 1 << as->iommu->pid_bits; | 
|  | } | 
|  |  | 
|  | static void riscv_iommu_memory_region_init(ObjectClass *klass, const void *data) | 
|  | { | 
|  | IOMMUMemoryRegionClass *imrc = IOMMU_MEMORY_REGION_CLASS(klass); | 
|  |  | 
|  | imrc->translate = riscv_iommu_memory_region_translate; | 
|  | imrc->notify_flag_changed = riscv_iommu_memory_region_notify; | 
|  | imrc->attrs_to_index = riscv_iommu_memory_region_index; | 
|  | imrc->num_indexes = riscv_iommu_memory_region_index_len; | 
|  | } | 
|  |  | 
|  | static const TypeInfo riscv_iommu_memory_region_info = { | 
|  | .parent = TYPE_IOMMU_MEMORY_REGION, | 
|  | .name = TYPE_RISCV_IOMMU_MEMORY_REGION, | 
|  | .class_init = riscv_iommu_memory_region_init, | 
|  | }; | 
|  |  | 
|  | static void riscv_iommu_register_mr_types(void) | 
|  | { | 
|  | type_register_static(&riscv_iommu_memory_region_info); | 
|  | type_register_static(&riscv_iommu_info); | 
|  | } | 
|  |  | 
|  | type_init(riscv_iommu_register_mr_types); |