From 74e75d7fbcda3dfb09d016d128f1567c141e83cd Mon Sep 17 00:00:00 2001
From: Stefan Kalkowski <stefan.kalkowski@genode-labs.com>
Date: Wed, 25 Mar 2020 19:09:36 +0100
Subject: [PATCH] hw: enable virtualization support for virt_qemu

Ref #3638
---
 .../lib/mk/spec/arm_v7/core-hw-virt_qemu.mk   |  12 +-
 .../lib/mk/spec/arm_v8/core-hw-virt_qemu.mk   |  10 +-
 .../src/bootstrap/spec/virt_qemu/board.h      |   4 +-
 .../src/bootstrap/spec/virt_qemu/platform.cc  | 150 ++++++++++++++++--
 .../src/bootstrap/spec/virt_qemu_64/board.h   |   2 +-
 repos/base-hw/src/core/spec/virt_qemu/board.h |  24 ++-
 .../src/core/spec/virt_qemu_64/board.h        |  66 +++++++-
 .../src/include/hw/spec/arm/virt_qemu_board.h |  16 +-
 repos/os/run/vmm_arm.run                      |   3 +-
 tool/run/power_on/qemu                        |   2 +-
 10 files changed, 259 insertions(+), 30 deletions(-)

diff --git a/repos/base-hw/lib/mk/spec/arm_v7/core-hw-virt_qemu.mk b/repos/base-hw/lib/mk/spec/arm_v7/core-hw-virt_qemu.mk
index 64fb035bf..091780e3f 100644
--- a/repos/base-hw/lib/mk/spec/arm_v7/core-hw-virt_qemu.mk
+++ b/repos/base-hw/lib/mk/spec/arm_v7/core-hw-virt_qemu.mk
@@ -1,10 +1,18 @@
 INC_DIR += $(REP_DIR)/src/core/spec/virt_qemu
+INC_DIR += $(REP_DIR)/src/core/spec/arm/virtualization
 
 # add C++ sources
-SRC_CC += kernel/vm_thread_off.cc
-SRC_CC += platform_services.cc
+SRC_CC += kernel/vm_thread_on.cc
 SRC_CC += spec/arm/generic_timer.cc
 SRC_CC += spec/arm/gicv2.cc
+SRC_CC += spec/arm_v7/virtualization/kernel/vm.cc
+SRC_CC += spec/arm/virtualization/gicv2.cc
+SRC_CC += spec/arm/virtualization/platform_services.cc
+SRC_CC += spec/arm/virtualization/vm_session_component.cc
+SRC_CC += vm_session_common.cc
+SRC_CC += vm_session_component.cc
+
+SRC_S += spec/arm_v7/virtualization/exception_vector.s
 
 NR_OF_CPUS = 2
 
diff --git a/repos/base-hw/lib/mk/spec/arm_v8/core-hw-virt_qemu.mk b/repos/base-hw/lib/mk/spec/arm_v8/core-hw-virt_qemu.mk
index cea773992..258ba7af6 100644
--- a/repos/base-hw/lib/mk/spec/arm_v8/core-hw-virt_qemu.mk
+++ b/repos/base-hw/lib/mk/spec/arm_v8/core-hw-virt_qemu.mk
@@ -1,10 +1,10 @@
 INC_DIR += $(REP_DIR)/src/core/spec/virt_qemu_64
 INC_DIR += $(REP_DIR)/src/core/spec/arm_v8
+INC_DIR += $(REP_DIR)/src/core/spec/arm/virtualization
 
 # add C++ sources
 SRC_CC += kernel/cpu_mp.cc
-SRC_CC += kernel/vm_thread_off.cc
-SRC_CC += platform_services.cc
+SRC_CC += kernel/vm_thread_on.cc
 SRC_CC += spec/64bit/memory_map.cc
 SRC_CC += spec/arm/generic_timer.cc
 SRC_CC += spec/arm/gicv3.cc
@@ -13,10 +13,16 @@ SRC_CC += spec/arm/platform_support.cc
 SRC_CC += spec/arm_v8/cpu.cc
 SRC_CC += spec/arm_v8/kernel/cpu.cc
 SRC_CC += spec/arm_v8/kernel/thread.cc
+SRC_CC += spec/arm_v8/virtualization/kernel/vm.cc
+SRC_CC += spec/arm/virtualization/platform_services.cc
+SRC_CC += spec/arm/virtualization/vm_session_component.cc
+SRC_CC += vm_session_common.cc
+SRC_CC += vm_session_component.cc
 
 #add assembly sources
 SRC_S += spec/arm_v8/exception_vector.s
 SRC_S += spec/arm_v8/crt0.s
+SRC_S += spec/arm_v8/virtualization/exception_vector.s
 
 vpath spec/64bit/memory_map.cc $(BASE_DIR)/../base-hw/src/lib/hw
 
diff --git a/repos/base-hw/src/bootstrap/spec/virt_qemu/board.h b/repos/base-hw/src/bootstrap/spec/virt_qemu/board.h
index 2df1bd3a5..d78d0dc57 100644
--- a/repos/base-hw/src/bootstrap/spec/virt_qemu/board.h
+++ b/repos/base-hw/src/bootstrap/spec/virt_qemu/board.h
@@ -23,9 +23,9 @@
 namespace Board {
 	using namespace Hw::Virt_qemu_board;
 
-	using Psci = Hw::Psci<Hw::Psci_hvc_functor>;
+	using Psci = Hw::Psci<Hw::Psci_smc_functor>;
 	using Pic = Hw::Gicv2;
-	static constexpr bool NON_SECURE = false;
+	static constexpr bool NON_SECURE = true;
 };
 
 #endif /* _SRC__BOOTSTRAP__SPEC__VIRT__QEMU_H_ */
diff --git a/repos/base-hw/src/bootstrap/spec/virt_qemu/platform.cc b/repos/base-hw/src/bootstrap/spec/virt_qemu/platform.cc
index 79498a403..acd29e694 100644
--- a/repos/base-hw/src/bootstrap/spec/virt_qemu/platform.cc
+++ b/repos/base-hw/src/bootstrap/spec/virt_qemu/platform.cc
@@ -13,7 +13,8 @@
 
 #include <platform.h>
 
-extern "C" void * _start_setup_stack;
+extern "C" void *    _start_setup_stack;   /* entrypoint for non-boot CPUs */
+static unsigned char hyp_mode_stack[1024]; /* hypervisor mode's kernel stack */
 
 using namespace Board;
 
@@ -24,27 +25,158 @@ Bootstrap::Platform::Board::Board()
             Memory_region { Cpu_mmio::IRQ_CONTROLLER_DISTR_BASE,
                             Cpu_mmio::IRQ_CONTROLLER_DISTR_SIZE },
             Memory_region { Cpu_mmio::IRQ_CONTROLLER_CPU_BASE,
-                            Cpu_mmio::IRQ_CONTROLLER_CPU_SIZE }) {}
+                            Cpu_mmio::IRQ_CONTROLLER_CPU_SIZE },
+            Memory_region { Cpu_mmio::IRQ_CONTROLLER_VT_CTRL_BASE,
+                            Cpu_mmio::IRQ_CONTROLLER_VT_CTRL_SIZE }) {}
+
+
+static inline void prepare_nonsecure_world(unsigned long timer_freq)
+{
+	using Cpu = Hw::Arm_cpu;
+
+	/* if we are already in HYP mode we're done (depends on u-boot version) */
+	if (Cpu::Psr::M::get(Cpu::Cpsr::read()) == Cpu::Psr::M::HYP)
+		return;
+
+	/* ARM generic timer counter freq needs to be set in secure mode */
+	Cpu::Cntfrq::write(timer_freq);
+
+	/*
+	 * enable coprocessor 10 + 11 access and SMP bit access in auxiliary control
+	 * register for non-secure world
+	 */
+	Cpu::Nsacr::access_t nsacr = 0;
+	Cpu::Nsacr::Cpnsae10::set(nsacr, 1);
+	Cpu::Nsacr::Cpnsae11::set(nsacr, 1);
+	Cpu::Nsacr::Ns_smp::set(nsacr, 1);
+	Cpu::Nsacr::write(nsacr);
+
+	asm volatile (
+		"msr sp_mon, sp \n" /* copy current mode's sp */
+		"msr lr_mon, lr \n" /* copy current mode's lr */
+		"cps #22        \n" /* switch to monitor mode */
+		);
+
+	Cpu::Scr::access_t scr = 0;
+	Cpu::Scr::Ns::set(scr,  1);
+	Cpu::Scr::Fw::set(scr,  1);
+	Cpu::Scr::Aw::set(scr,  1);
+	Cpu::Scr::Scd::set(scr, 1);
+	Cpu::Scr::Hce::set(scr, 1);
+	Cpu::Scr::Sif::set(scr, 1);
+	Cpu::Scr::write(scr);
+}
+
+
+static inline void prepare_hypervisor(Genode::addr_t table)
+{
+	using Cpu = Hw::Arm_cpu;
+
+	/* set hypervisor exception vector */
+	Cpu::Hvbar::write(Hw::Mm::hypervisor_exception_vector().base);
+
+	/* set hypervisor's translation table */
+	Cpu::Httbr_64bit::write(table);
+
+	Cpu::Ttbcr::access_t ttbcr = 0;
+	Cpu::Ttbcr::Irgn0::set(ttbcr, 1);
+	Cpu::Ttbcr::Orgn0::set(ttbcr, 1);
+	Cpu::Ttbcr::Sh0::set(ttbcr, 2);
+	Cpu::Ttbcr::Eae::set(ttbcr, 1);
+
+	/* prepare MMU usage by hypervisor code */
+	Cpu::Htcr::write(ttbcr);
+
+	/* don't trap on cporocessor 10 + 11, but all others */
+	Cpu::Hcptr::access_t hcptr = 0;
+	Cpu::Hcptr::Tcp<0>::set(hcptr, 1);
+	Cpu::Hcptr::Tcp<1>::set(hcptr, 1);
+	Cpu::Hcptr::Tcp<2>::set(hcptr, 1);
+	Cpu::Hcptr::Tcp<3>::set(hcptr, 1);
+	Cpu::Hcptr::Tcp<4>::set(hcptr, 1);
+	Cpu::Hcptr::Tcp<5>::set(hcptr, 1);
+	Cpu::Hcptr::Tcp<6>::set(hcptr, 1);
+	Cpu::Hcptr::Tcp<7>::set(hcptr, 1);
+	Cpu::Hcptr::Tcp<8>::set(hcptr, 1);
+	Cpu::Hcptr::Tcp<9>::set(hcptr, 1);
+	Cpu::Hcptr::Tcp<12>::set(hcptr, 1);
+	Cpu::Hcptr::Tcp<13>::set(hcptr, 1);
+	Cpu::Hcptr::Tta::set(hcptr, 1);
+	Cpu::Hcptr::Tcpac::set(hcptr, 1);
+	Cpu::Hcptr::write(hcptr);
+
+	enum Memory_attributes {
+		DEVICE_MEMORY          = 0x04,
+		NORMAL_MEMORY_UNCACHED = 0x44,
+		NORMAL_MEMORY_CACHED   = 0xff,
+	};
+
+	Cpu::Mair0::access_t mair0 = 0;
+	Cpu::Mair0::Attr0::set(mair0, NORMAL_MEMORY_UNCACHED);
+	Cpu::Mair0::Attr1::set(mair0, DEVICE_MEMORY);
+	Cpu::Mair0::Attr2::set(mair0, NORMAL_MEMORY_CACHED);
+	Cpu::Mair0::Attr3::set(mair0, DEVICE_MEMORY);
+	Cpu::Hmair0::write(mair0);
+
+	Cpu::Vtcr::access_t vtcr = ttbcr;
+	Cpu::Vtcr::Sl0::set(vtcr, 1); /* set to starting level 1 */
+	Cpu::Vtcr::write(vtcr);
+
+	Cpu::Sctlr::access_t sctlr = Cpu::Sctlr::read();
+	Cpu::Sctlr::C::set(sctlr, 1);
+	Cpu::Sctlr::I::set(sctlr, 1);
+	Cpu::Sctlr::V::set(sctlr, 1);
+	Cpu::Sctlr::M::set(sctlr, 1);
+	Cpu::Sctlr::Z::set(sctlr, 1);
+	Cpu::Hsctlr::write(sctlr);
+}
+
+
+static inline void switch_to_supervisor_mode()
+{
+	using Cpsr = Hw::Arm_cpu::Psr;
+
+	Cpsr::access_t cpsr = 0;
+	Cpsr::M::set(cpsr, Cpsr::M::SVC);
+	Cpsr::F::set(cpsr, 1);
+	Cpsr::I::set(cpsr, 1);
+
+	asm volatile (
+		"msr sp_svc, sp        \n" /* copy current mode's sp           */
+		"msr lr_svc, lr        \n" /* copy current mode's lr           */
+		"adr lr, 1f            \n" /* load exception return address    */
+		"msr elr_hyp, lr       \n" /* copy current mode's lr to hyp lr */
+		"mov sp, %[stack]  \n" /* copy to hyp stack pointer        */
+		"msr spsr_cxfs, %[cpsr] \n" /* set psr for supervisor mode      */
+		"eret                  \n" /* exception return                 */
+		"1:":: [cpsr] "r" (cpsr), [stack] "r" (&hyp_mode_stack));
+}
 
 
 unsigned Bootstrap::Platform::enable_mmu()
 {
 	static volatile bool primary_cpu = true;
+	static unsigned long timer_freq  = Cpu::Cntfrq::read();
 
 	/* locally initialize interrupt controller */
 	::Board::Pic pic { };
 
+	/* primary cpu wakes up all others */
+	if (primary_cpu && NR_OF_CPUS > 1) {
+		Cpu::invalidate_data_cache();
+		primary_cpu = false;
+		Cpu::wake_up_all_cpus(&_start_setup_stack);
+	}
+
+	if (false) prepare_nonsecure_world(timer_freq);
+	prepare_hypervisor((addr_t)core_pd->table_base);
+	switch_to_supervisor_mode();
+
 	Cpu::Sctlr::init();
 	Cpu::Cpsr::init();
 
-        /* primary cpu wakes up all others */
-        if (primary_cpu && NR_OF_CPUS > 1) {
-                Cpu::invalidate_data_cache();
-                primary_cpu = false;
-                Cpu::wake_up_all_cpus(&_start_setup_stack);
-        }
-
 	Cpu::enable_mmu_and_caches((Genode::addr_t)core_pd->table_base);
+
 	return Cpu::Mpidr::Aff_0::get(Cpu::Mpidr::read());
 }
 
diff --git a/repos/base-hw/src/bootstrap/spec/virt_qemu_64/board.h b/repos/base-hw/src/bootstrap/spec/virt_qemu_64/board.h
index 507e6a249..78f130316 100644
--- a/repos/base-hw/src/bootstrap/spec/virt_qemu_64/board.h
+++ b/repos/base-hw/src/bootstrap/spec/virt_qemu_64/board.h
@@ -23,7 +23,7 @@
 namespace Board {
 	using namespace Hw::Virt_qemu_board;
 
-	using Psci = Hw::Psci<Hw::Psci_hvc_functor>;
+	using Psci = Hw::Psci<Hw::Psci_smc_functor>;
 
 	struct Cpu : Hw::Arm_64_cpu
 	{
diff --git a/repos/base-hw/src/core/spec/virt_qemu/board.h b/repos/base-hw/src/core/spec/virt_qemu/board.h
index e3f5175b7..f3d68001e 100644
--- a/repos/base-hw/src/core/spec/virt_qemu/board.h
+++ b/repos/base-hw/src/core/spec/virt_qemu/board.h
@@ -15,14 +15,32 @@
 #define _SRC__CORE__SPEC__VIRT__QEMU_H_
 
 #include <hw/spec/arm/virt_qemu_board.h>
-#include <hw/spec/arm/gicv2.h>
+#include <spec/arm/virtualization/gicv2.h>
 #include <spec/arm/generic_timer.h>
+#include <spec/arm/cpu/vm_state_virtualization.h>
+#include <translation_table.h>
+#include <kernel/configuration.h>
+
+namespace Kernel { class Cpu; }
 
 namespace Board {
 	using namespace Hw::Virt_qemu_board;
-	using Pic = Hw::Gicv2;
 
-	enum { TIMER_IRQ = 30 /* PPI IRQ 14 */ };
+	struct Virtual_local_pic {};
+
+	enum {
+		TIMER_IRQ           = 30 /* PPI IRQ 14 */,
+		VT_TIMER_IRQ        = 27,
+		VT_MAINTAINANCE_IRQ = 25,
+		VCPU_MAX            = 1
+	};
+
+	using Vm_state = Genode::Vm_state;
+	using Vm_page_table = Hw::Level_1_stage_2_translation_table;
+	using Vm_page_table_array =
+		Vm_page_table::Allocator::Array<Kernel::DEFAULT_TRANSLATION_TABLE_MAX>;
+
+	struct Vcpu_context { Vcpu_context(Kernel::Cpu &) {} };
 };
 
 #endif /* _SRC__CORE__SPEC__VIRT__QEMU_H_ */
diff --git a/repos/base-hw/src/core/spec/virt_qemu_64/board.h b/repos/base-hw/src/core/spec/virt_qemu_64/board.h
index 666220aa9..abbc95ef1 100644
--- a/repos/base-hw/src/core/spec/virt_qemu_64/board.h
+++ b/repos/base-hw/src/core/spec/virt_qemu_64/board.h
@@ -15,14 +15,74 @@
 #define _SRC__CORE__SPEC__VIRT_QEMU_64_H_
 
 #include <hw/spec/arm/virt_qemu_board.h>
-#include <hw/spec/arm/gicv3.h>
+//#include <hw/spec/arm/gicv3.h>
 #include <spec/arm/generic_timer.h>
+#include <spec/arm/virtualization/gicv3.h>
+#include <spec/arm_64/cpu/vm_state_virtualization.h>
+#include <translation_table.h>
+#include <kernel/configuration.h>
+#include <kernel/irq.h>
 
 namespace Board {
 	using namespace Hw::Virt_qemu_board;
-	using Hw::Pic;
 
-	enum { TIMER_IRQ = 30 /* PPI IRQ 14 */ };
+	enum {
+		TIMER_IRQ           = 30, /* PPI IRQ 14 */
+		VT_TIMER_IRQ        = 11 + 16,
+		VT_MAINTAINANCE_IRQ = 9  + 16,
+		VCPU_MAX            = 16
+	};
+
+	using Vm_page_table = Hw::Level_1_stage_2_translation_table;
+	using Vm_page_table_array =
+		Vm_page_table::Allocator::Array<Kernel::DEFAULT_TRANSLATION_TABLE_MAX>;
+
+	struct Vcpu_context;
+
+	using Vm_state = Genode::Vm_state;
+};
+
+namespace Kernel {
+	class Cpu;
+	class Vm;
+};
+
+struct Board::Vcpu_context
+{
+	struct Vm_irq : Kernel::Irq
+	{
+		Vm_irq(unsigned const irq, Kernel::Cpu &);
+		virtual ~Vm_irq() {};
+
+		virtual void handle(Kernel::Cpu &, Kernel::Vm & vm, unsigned irq);
+		void occurred() override;
+	};
+
+
+	struct Pic_maintainance_irq : Vm_irq
+	{
+		Pic_maintainance_irq(Kernel::Cpu &);
+
+		void handle(Kernel::Cpu &, Kernel::Vm &, unsigned) override { }
+	};
+
+
+	struct Virtual_timer_irq
+	{
+		Vm_irq irq;
+
+		Virtual_timer_irq(Kernel::Cpu &);
+
+		void enable();
+		void disable();
+	};
+
+	Vcpu_context(Kernel::Cpu & cpu)
+	: pic_irq(cpu), vtimer_irq(cpu) {}
+
+	Pic::Virtual_context pic {};
+	Pic_maintainance_irq pic_irq;
+	Virtual_timer_irq    vtimer_irq;
 };
 
 #endif /* _SRC__CORE__SPEC__VIRT_QEMU_64_H_ */
diff --git a/repos/base-hw/src/include/hw/spec/arm/virt_qemu_board.h b/repos/base-hw/src/include/hw/spec/arm/virt_qemu_board.h
index 97cac09d2..373291be2 100644
--- a/repos/base-hw/src/include/hw/spec/arm/virt_qemu_board.h
+++ b/repos/base-hw/src/include/hw/spec/arm/virt_qemu_board.h
@@ -33,12 +33,16 @@ namespace Hw::Virt_qemu_board {
 
 	namespace Cpu_mmio {
 		enum {
-			IRQ_CONTROLLER_DISTR_BASE  = 0x08000000,
-			IRQ_CONTROLLER_DISTR_SIZE  = 0x10000,
-			IRQ_CONTROLLER_CPU_BASE    = 0x08010000,
-			IRQ_CONTROLLER_CPU_SIZE    = 0x10000,
-			IRQ_CONTROLLER_REDIST_BASE = 0x080A0000,
-			IRQ_CONTROLLER_REDIST_SIZE = 0xC0000,
+			IRQ_CONTROLLER_DISTR_BASE   = 0x08000000,
+			IRQ_CONTROLLER_DISTR_SIZE   = 0x10000,
+			IRQ_CONTROLLER_CPU_BASE     = 0x08010000,
+			IRQ_CONTROLLER_CPU_SIZE     = 0x10000,
+			IRQ_CONTROLLER_VT_CTRL_BASE = 0x8030000,
+			IRQ_CONTROLLER_VT_CTRL_SIZE = 0x1000,
+			IRQ_CONTROLLER_VT_CPU_BASE  = 0x8040000,
+			IRQ_CONTROLLER_VT_CPU_SIZE  = 0x1000,
+			IRQ_CONTROLLER_REDIST_BASE  = 0x080A0000,
+			IRQ_CONTROLLER_REDIST_SIZE  = 0xC0000,
 		};
 	};
 };
diff --git a/repos/os/run/vmm_arm.run b/repos/os/run/vmm_arm.run
index c78cea858..47f44a5da 100644
--- a/repos/os/run/vmm_arm.run
+++ b/repos/os/run/vmm_arm.run
@@ -6,7 +6,7 @@
 
 assert_spec hw
 
-if { ![have_spec imx7d_sabre] && ![have_spec arndale] && ![have_spec imx8q_evk] } {
+if { ![have_spec imx7d_sabre] && ![have_spec arndale] && ![have_spec imx8q_evk]  && ![have_spec virt_qemu]} {
 	puts "Run script is not supported on this platform"
 	exit 0
 }
@@ -190,5 +190,6 @@ build_boot_image $boot_modules
 #
 # Execute test case
 #
+append qemu_args " -nographic "
 run_genode_until "\[init -> vm\] .*sbin.*" 220
 exec rm bin/linux bin/dtb
diff --git a/tool/run/power_on/qemu b/tool/run/power_on/qemu
index bac3d5aea..f6c980dff 100644
--- a/tool/run/power_on/qemu
+++ b/tool/run/power_on/qemu
@@ -110,7 +110,7 @@ proc run_power_on { } {
 	if {[have_spec rpi3]}   { append qemu_args " -M raspi3 -m 512 " }
 
 	if {[have_spec virt_qemu]} {
-		append qemu_args " -M virt"
+		append qemu_args " -M virt,virtualization=true"
 		if {[have_spec arm_v8a]} {
 			append qemu_args ",gic_version=3 -cpu cortex-a53 -smp 4"
 		}