Commit 0962289b authored by Marc Zyngier's avatar Marc Zyngier
Browse files

irqchip/gic: Deal with broken firmware exposing only 4kB of GICv2 CPU interface

There is a lot of broken firmware out there that don't really
expose the information the kernel requires when it comes with dealing
with GICv2:

(1) Firmware that only describes the first 4kB of GICv2
(2) Firmware that describe 128kB of CPU interface, while
    the usable portion of the address space is between
    60 and 68kB

So far, we only deal with (2). But we have platforms exhibiting
behaviour (1), resulting in two sub-cases:
(a) The GIC is occupying 8kB, as required by the GICv2 architecture
(b) It is actually spread 128kB, and this is likely to be a version
    of (2)

This patch tries to work around both (a) and (b) by poking at
the outside of the described memory region, and try to work out
what is actually there. This is of course unsafe, and should
only be enabled if there is no way to otherwise fix the DT provided
by the firmware (we provide a "irqchip.gicv2_force_probe" option
to that effect).

Note that for the time being, we restrict ourselves to GICv2
implementations provided by ARM, since there I have no knowledge
of an alternative implementations. This could be relaxed if such
an implementation comes to light on a broken platform.
Reviewed-by: default avatarChristoffer Dall <>
Signed-off-by: default avatarMarc Zyngier <>
parent d4d7b4ad
......@@ -1713,6 +1713,13 @@
irqaffinity= [SMP] Set the default irq affinity mask
The argument is a cpu list, as described above.
[ARM, ARM64]
Format: <bool>
Force the kernel to look for the second 4kB page
of a GICv2 controller even if the memory range
exposed by the device tree is too small.
irqfixup [HW]
When an interrupt is not handled search all handlers
for it. Intended to get systems with badly broken
......@@ -1256,6 +1256,19 @@ static void gic_teardown(struct gic_chip_data *gic)
#ifdef CONFIG_OF
static int gic_cnt __initdata;
static bool gicv2_force_probe;
static int __init gicv2_force_probe_cfg(char *buf)
return strtobool(buf, &gicv2_force_probe);
early_param("irqchip.gicv2_force_probe", gicv2_force_probe_cfg);
static bool gic_check_gicv2(void __iomem *base)
u32 val = readl_relaxed(base + GIC_CPU_IDENT);
return (val & 0xff0fff) == 0x02043B;
static bool gic_check_eoimode(struct device_node *node, void __iomem **base)
......@@ -1265,20 +1278,60 @@ static bool gic_check_eoimode(struct device_node *node, void __iomem **base)
if (!is_hyp_mode_available())
return false;
if (resource_size(&cpuif_res) < SZ_8K)
return false;
if (resource_size(&cpuif_res) == SZ_128K) {
u32 val_low, val_high;
if (resource_size(&cpuif_res) < SZ_8K) {
void __iomem *alt;
* Check for a stupid firmware that only exposes the
* first page of a GICv2.
if (!gic_check_gicv2(*base))
return false;
if (!gicv2_force_probe) {
pr_warn("GIC: GICv2 detected, but range too small and irqchip.gicv2_force_probe not set\n");
return false;
alt = ioremap(cpuif_res.start, SZ_8K);
if (!alt)
return false;
if (!gic_check_gicv2(alt + SZ_4K)) {
* The first page was that of a GICv2, and
* the second was *something*. Let's trust it
* to be a GICv2, and update the mapping.
pr_warn("GIC: GICv2 at %pa, but range is too small (broken DT?), assuming 8kB\n",
*base = alt;
return true;
* We detected *two* initial GICv2 pages in a
* row. Could be a GICv2 aliased over two 64kB
* pages. Update the resource, map the iospace, and
* pray.
alt = ioremap(cpuif_res.start, SZ_128K);
if (!alt)
return false;
pr_warn("GIC: Aliased GICv2 at %pa, trying to find the canonical range over 128kB\n",
cpuif_res.end = cpuif_res.start + SZ_128K -1;
*base = alt;
if (resource_size(&cpuif_res) == SZ_128K) {
* Verify that we have the first 4kB of a GIC400
* Verify that we have the first 4kB of a GICv2
* aliased over the first 64kB by checking the
* GICC_IIDR register on both ends.
val_low = readl_relaxed(*base + GIC_CPU_IDENT);
val_high = readl_relaxed(*base + GIC_CPU_IDENT + 0xf000);
if ((val_low & 0xffff0fff) != 0x0202043B ||
val_low != val_high)
if (!gic_check_gicv2(*base) ||
!gic_check_gicv2(*base + 0xf000))
return false;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment