1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2014, Neel Natu (neel@freebsd.org) 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice unmodified, this list of conditions, and the following 12 * disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 #include <sys/cdefs.h> 30 #include "opt_bhyve_snapshot.h" 31 32 #include <sys/param.h> 33 #include <sys/systm.h> 34 #include <sys/queue.h> 35 #include <sys/kernel.h> 36 #include <sys/malloc.h> 37 #include <sys/lock.h> 38 #include <sys/mutex.h> 39 #include <sys/clock.h> 40 #include <sys/sysctl.h> 41 42 #include <machine/vmm.h> 43 #include <machine/vmm_snapshot.h> 44 45 #include <isa/rtc.h> 46 47 #include "vmm_ktr.h" 48 #include "vatpic.h" 49 #include "vioapic.h" 50 #include "vrtc.h" 51 52 /* Register layout of the RTC */ 53 struct rtcdev { 54 uint8_t sec; 55 uint8_t alarm_sec; 56 uint8_t min; 57 uint8_t alarm_min; 58 uint8_t hour; 59 uint8_t alarm_hour; 60 uint8_t day_of_week; 61 uint8_t day_of_month; 62 uint8_t month; 63 uint8_t year; 64 uint8_t reg_a; 65 uint8_t reg_b; 66 uint8_t reg_c; 67 uint8_t reg_d; 68 uint8_t nvram[36]; 69 uint8_t century; 70 uint8_t nvram2[128 - 51]; 71 } __packed; 72 CTASSERT(sizeof(struct rtcdev) == 128); 73 CTASSERT(offsetof(struct rtcdev, century) == RTC_CENTURY); 74 75 struct vrtc { 76 struct vm *vm; 77 struct mtx mtx; 78 struct callout callout; 79 u_int addr; /* RTC register to read or write */ 80 sbintime_t base_uptime; 81 time_t base_rtctime; 82 struct rtcdev rtcdev; 83 }; 84 85 #define VRTC_LOCK(vrtc) mtx_lock(&((vrtc)->mtx)) 86 #define VRTC_UNLOCK(vrtc) mtx_unlock(&((vrtc)->mtx)) 87 #define VRTC_LOCKED(vrtc) mtx_owned(&((vrtc)->mtx)) 88 89 /* 90 * RTC time is considered "broken" if: 91 * - RTC updates are halted by the guest 92 * - RTC date/time fields have invalid values 93 */ 94 #define VRTC_BROKEN_TIME ((time_t)-1) 95 96 #define RTC_IRQ 8 97 #define RTCSB_BIN 0x04 98 #define RTCSB_ALL_INTRS (RTCSB_UINTR | RTCSB_AINTR | RTCSB_PINTR) 99 #define rtc_halted(vrtc) ((vrtc->rtcdev.reg_b & RTCSB_HALT) != 0) 100 #define aintr_enabled(vrtc) (((vrtc)->rtcdev.reg_b & RTCSB_AINTR) != 0) 101 #define pintr_enabled(vrtc) (((vrtc)->rtcdev.reg_b & RTCSB_PINTR) != 0) 102 #define uintr_enabled(vrtc) (((vrtc)->rtcdev.reg_b & RTCSB_UINTR) != 0) 103 104 static void vrtc_callout_handler(void *arg); 105 static void vrtc_set_reg_c(struct vrtc *vrtc, uint8_t newval); 106 107 static MALLOC_DEFINE(M_VRTC, "vrtc", "bhyve virtual rtc"); 108 109 SYSCTL_DECL(_hw_vmm); 110 SYSCTL_NODE(_hw_vmm, OID_AUTO, vrtc, CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, 111 NULL); 112 113 static int rtc_flag_broken_time = 1; 114 SYSCTL_INT(_hw_vmm_vrtc, OID_AUTO, flag_broken_time, CTLFLAG_RDTUN, 115 &rtc_flag_broken_time, 0, "Stop guest when invalid RTC time is detected"); 116 117 static __inline bool 118 divider_enabled(int reg_a) 119 { 120 /* 121 * The RTC is counting only when dividers are not held in reset. 122 */ 123 return ((reg_a & 0x70) == 0x20); 124 } 125 126 static __inline bool 127 update_enabled(struct vrtc *vrtc) 128 { 129 /* 130 * RTC date/time can be updated only if: 131 * - divider is not held in reset 132 * - guest has not disabled updates 133 * - the date/time fields have valid contents 134 */ 135 if (!divider_enabled(vrtc->rtcdev.reg_a)) 136 return (false); 137 138 if (rtc_halted(vrtc)) 139 return (false); 140 141 if (vrtc->base_rtctime == VRTC_BROKEN_TIME) 142 return (false); 143 144 return (true); 145 } 146 147 static time_t 148 vrtc_curtime(struct vrtc *vrtc, sbintime_t *basetime) 149 { 150 sbintime_t now, delta; 151 time_t t, secs; 152 153 KASSERT(VRTC_LOCKED(vrtc), ("%s: vrtc not locked", __func__)); 154 155 t = vrtc->base_rtctime; 156 *basetime = vrtc->base_uptime; 157 if (update_enabled(vrtc)) { 158 now = sbinuptime(); 159 delta = now - vrtc->base_uptime; 160 KASSERT(delta >= 0, ("vrtc_curtime: uptime went backwards: " 161 "%#lx to %#lx", vrtc->base_uptime, now)); 162 secs = delta / SBT_1S; 163 t += secs; 164 *basetime += secs * SBT_1S; 165 } 166 return (t); 167 } 168 169 static __inline uint8_t 170 rtcset(struct rtcdev *rtc, int val) 171 { 172 173 KASSERT(val >= 0 && val < 100, ("%s: invalid bin2bcd index %d", 174 __func__, val)); 175 176 return ((rtc->reg_b & RTCSB_BIN) ? val : bin2bcd_data[val]); 177 } 178 179 static void 180 secs_to_rtc(time_t rtctime, struct vrtc *vrtc, int force_update) 181 { 182 struct clocktime ct; 183 struct timespec ts; 184 struct rtcdev *rtc; 185 int hour; 186 187 KASSERT(VRTC_LOCKED(vrtc), ("%s: vrtc not locked", __func__)); 188 189 if (rtctime < 0) { 190 KASSERT(rtctime == VRTC_BROKEN_TIME, 191 ("%s: invalid vrtc time %#lx", __func__, rtctime)); 192 return; 193 } 194 195 /* 196 * If the RTC is halted then the guest has "ownership" of the 197 * date/time fields. Don't update the RTC date/time fields in 198 * this case (unless forced). 199 */ 200 if (rtc_halted(vrtc) && !force_update) 201 return; 202 203 ts.tv_sec = rtctime; 204 ts.tv_nsec = 0; 205 clock_ts_to_ct(&ts, &ct); 206 207 KASSERT(ct.sec >= 0 && ct.sec <= 59, ("invalid clocktime sec %d", 208 ct.sec)); 209 KASSERT(ct.min >= 0 && ct.min <= 59, ("invalid clocktime min %d", 210 ct.min)); 211 KASSERT(ct.hour >= 0 && ct.hour <= 23, ("invalid clocktime hour %d", 212 ct.hour)); 213 KASSERT(ct.dow >= 0 && ct.dow <= 6, ("invalid clocktime wday %d", 214 ct.dow)); 215 KASSERT(ct.day >= 1 && ct.day <= 31, ("invalid clocktime mday %d", 216 ct.day)); 217 KASSERT(ct.mon >= 1 && ct.mon <= 12, ("invalid clocktime month %d", 218 ct.mon)); 219 KASSERT(ct.year >= POSIX_BASE_YEAR, ("invalid clocktime year %d", 220 ct.year)); 221 222 rtc = &vrtc->rtcdev; 223 rtc->sec = rtcset(rtc, ct.sec); 224 rtc->min = rtcset(rtc, ct.min); 225 226 if (rtc->reg_b & RTCSB_24HR) { 227 hour = ct.hour; 228 } else { 229 /* 230 * Convert to the 12-hour format. 231 */ 232 switch (ct.hour) { 233 case 0: /* 12 AM */ 234 case 12: /* 12 PM */ 235 hour = 12; 236 break; 237 default: 238 /* 239 * The remaining 'ct.hour' values are interpreted as: 240 * [1 - 11] -> 1 - 11 AM 241 * [13 - 23] -> 1 - 11 PM 242 */ 243 hour = ct.hour % 12; 244 break; 245 } 246 } 247 248 rtc->hour = rtcset(rtc, hour); 249 250 if ((rtc->reg_b & RTCSB_24HR) == 0 && ct.hour >= 12) 251 rtc->hour |= 0x80; /* set MSB to indicate PM */ 252 253 rtc->day_of_week = rtcset(rtc, ct.dow + 1); 254 rtc->day_of_month = rtcset(rtc, ct.day); 255 rtc->month = rtcset(rtc, ct.mon); 256 rtc->year = rtcset(rtc, ct.year % 100); 257 rtc->century = rtcset(rtc, ct.year / 100); 258 } 259 260 static int 261 rtcget(struct rtcdev *rtc, int val, int *retval) 262 { 263 uint8_t upper, lower; 264 265 if (rtc->reg_b & RTCSB_BIN) { 266 *retval = val; 267 return (0); 268 } 269 270 lower = val & 0xf; 271 upper = (val >> 4) & 0xf; 272 273 if (lower > 9 || upper > 9) 274 return (-1); 275 276 *retval = upper * 10 + lower; 277 return (0); 278 } 279 280 static time_t 281 rtc_to_secs(struct vrtc *vrtc) 282 { 283 struct clocktime ct; 284 struct timespec ts; 285 struct rtcdev *rtc; 286 #ifdef KTR 287 struct vm *vm = vrtc->vm; 288 #endif 289 int century, error, hour, pm, year; 290 291 KASSERT(VRTC_LOCKED(vrtc), ("%s: vrtc not locked", __func__)); 292 293 rtc = &vrtc->rtcdev; 294 295 bzero(&ct, sizeof(struct clocktime)); 296 297 error = rtcget(rtc, rtc->sec, &ct.sec); 298 if (error || ct.sec < 0 || ct.sec > 59) { 299 VM_CTR2(vm, "Invalid RTC sec %#x/%d", rtc->sec, ct.sec); 300 goto fail; 301 } 302 303 error = rtcget(rtc, rtc->min, &ct.min); 304 if (error || ct.min < 0 || ct.min > 59) { 305 VM_CTR2(vm, "Invalid RTC min %#x/%d", rtc->min, ct.min); 306 goto fail; 307 } 308 309 pm = 0; 310 hour = rtc->hour; 311 if ((rtc->reg_b & RTCSB_24HR) == 0) { 312 if (hour & 0x80) { 313 hour &= ~0x80; 314 pm = 1; 315 } 316 } 317 error = rtcget(rtc, hour, &ct.hour); 318 if ((rtc->reg_b & RTCSB_24HR) == 0) { 319 if (ct.hour >= 1 && ct.hour <= 12) { 320 /* 321 * Convert from 12-hour format to internal 24-hour 322 * representation as follows: 323 * 324 * 12-hour format ct.hour 325 * 12 AM 0 326 * 1 - 11 AM 1 - 11 327 * 12 PM 12 328 * 1 - 11 PM 13 - 23 329 */ 330 if (ct.hour == 12) 331 ct.hour = 0; 332 if (pm) 333 ct.hour += 12; 334 } else { 335 VM_CTR2(vm, "Invalid RTC 12-hour format %#x/%d", 336 rtc->hour, ct.hour); 337 goto fail; 338 } 339 } 340 341 if (error || ct.hour < 0 || ct.hour > 23) { 342 VM_CTR2(vm, "Invalid RTC hour %#x/%d", rtc->hour, ct.hour); 343 goto fail; 344 } 345 346 /* 347 * Ignore 'rtc->dow' because some guests like Linux don't bother 348 * setting it at all while others like OpenBSD/i386 set it incorrectly. 349 * 350 * clock_ct_to_ts() does not depend on 'ct.dow' anyways so ignore it. 351 */ 352 ct.dow = -1; 353 354 error = rtcget(rtc, rtc->day_of_month, &ct.day); 355 if (error || ct.day < 1 || ct.day > 31) { 356 VM_CTR2(vm, "Invalid RTC mday %#x/%d", rtc->day_of_month, 357 ct.day); 358 goto fail; 359 } 360 361 error = rtcget(rtc, rtc->month, &ct.mon); 362 if (error || ct.mon < 1 || ct.mon > 12) { 363 VM_CTR2(vm, "Invalid RTC month %#x/%d", rtc->month, ct.mon); 364 goto fail; 365 } 366 367 error = rtcget(rtc, rtc->year, &year); 368 if (error || year < 0 || year > 99) { 369 VM_CTR2(vm, "Invalid RTC year %#x/%d", rtc->year, year); 370 goto fail; 371 } 372 373 error = rtcget(rtc, rtc->century, ¢ury); 374 ct.year = century * 100 + year; 375 if (error || ct.year < POSIX_BASE_YEAR) { 376 VM_CTR2(vm, "Invalid RTC century %#x/%d", rtc->century, 377 ct.year); 378 goto fail; 379 } 380 381 error = clock_ct_to_ts(&ct, &ts); 382 if (error || ts.tv_sec < 0) { 383 VM_CTR3(vm, "Invalid RTC clocktime.date %04d-%02d-%02d", 384 ct.year, ct.mon, ct.day); 385 VM_CTR3(vm, "Invalid RTC clocktime.time %02d:%02d:%02d", 386 ct.hour, ct.min, ct.sec); 387 goto fail; 388 } 389 return (ts.tv_sec); /* success */ 390 fail: 391 /* 392 * Stop updating the RTC if the date/time fields programmed by 393 * the guest are invalid. 394 */ 395 VM_CTR0(vrtc->vm, "Invalid RTC date/time programming detected"); 396 return (VRTC_BROKEN_TIME); 397 } 398 399 static int 400 vrtc_time_update(struct vrtc *vrtc, time_t newtime, sbintime_t newbase) 401 { 402 struct rtcdev *rtc; 403 time_t oldtime; 404 uint8_t alarm_sec, alarm_min, alarm_hour; 405 406 KASSERT(VRTC_LOCKED(vrtc), ("%s: vrtc not locked", __func__)); 407 408 rtc = &vrtc->rtcdev; 409 alarm_sec = rtc->alarm_sec; 410 alarm_min = rtc->alarm_min; 411 alarm_hour = rtc->alarm_hour; 412 413 oldtime = vrtc->base_rtctime; 414 VM_CTR2(vrtc->vm, "Updating RTC secs from %#lx to %#lx", 415 oldtime, newtime); 416 417 VM_CTR2(vrtc->vm, "Updating RTC base uptime from %#lx to %#lx", 418 vrtc->base_uptime, newbase); 419 vrtc->base_uptime = newbase; 420 421 if (newtime == oldtime) 422 return (0); 423 424 /* 425 * If 'newtime' indicates that RTC updates are disabled then just 426 * record that and return. There is no need to do alarm interrupt 427 * processing in this case. 428 */ 429 if (newtime == VRTC_BROKEN_TIME) { 430 vrtc->base_rtctime = VRTC_BROKEN_TIME; 431 return (0); 432 } 433 434 /* 435 * Return an error if RTC updates are halted by the guest. 436 */ 437 if (rtc_halted(vrtc)) { 438 VM_CTR0(vrtc->vm, "RTC update halted by guest"); 439 return (EBUSY); 440 } 441 442 do { 443 /* 444 * If the alarm interrupt is enabled and 'oldtime' is valid 445 * then visit all the seconds between 'oldtime' and 'newtime' 446 * to check for the alarm condition. 447 * 448 * Otherwise move the RTC time forward directly to 'newtime'. 449 */ 450 if (aintr_enabled(vrtc) && oldtime != VRTC_BROKEN_TIME) 451 vrtc->base_rtctime++; 452 else 453 vrtc->base_rtctime = newtime; 454 455 if (aintr_enabled(vrtc)) { 456 /* 457 * Update the RTC date/time fields before checking 458 * if the alarm conditions are satisfied. 459 */ 460 secs_to_rtc(vrtc->base_rtctime, vrtc, 0); 461 462 if ((alarm_sec >= 0xC0 || alarm_sec == rtc->sec) && 463 (alarm_min >= 0xC0 || alarm_min == rtc->min) && 464 (alarm_hour >= 0xC0 || alarm_hour == rtc->hour)) { 465 vrtc_set_reg_c(vrtc, rtc->reg_c | RTCIR_ALARM); 466 } 467 } 468 } while (vrtc->base_rtctime != newtime); 469 470 if (uintr_enabled(vrtc)) 471 vrtc_set_reg_c(vrtc, rtc->reg_c | RTCIR_UPDATE); 472 473 return (0); 474 } 475 476 static sbintime_t 477 vrtc_freq(struct vrtc *vrtc) 478 { 479 int ratesel; 480 481 static sbintime_t pf[16] = { 482 0, 483 SBT_1S / 256, 484 SBT_1S / 128, 485 SBT_1S / 8192, 486 SBT_1S / 4096, 487 SBT_1S / 2048, 488 SBT_1S / 1024, 489 SBT_1S / 512, 490 SBT_1S / 256, 491 SBT_1S / 128, 492 SBT_1S / 64, 493 SBT_1S / 32, 494 SBT_1S / 16, 495 SBT_1S / 8, 496 SBT_1S / 4, 497 SBT_1S / 2, 498 }; 499 500 KASSERT(VRTC_LOCKED(vrtc), ("%s: vrtc not locked", __func__)); 501 502 /* 503 * If both periodic and alarm interrupts are enabled then use the 504 * periodic frequency to drive the callout. The minimum periodic 505 * frequency (2 Hz) is higher than the alarm frequency (1 Hz) so 506 * piggyback the alarm on top of it. The same argument applies to 507 * the update interrupt. 508 */ 509 if (pintr_enabled(vrtc) && divider_enabled(vrtc->rtcdev.reg_a)) { 510 ratesel = vrtc->rtcdev.reg_a & 0xf; 511 return (pf[ratesel]); 512 } else if (aintr_enabled(vrtc) && update_enabled(vrtc)) { 513 return (SBT_1S); 514 } else if (uintr_enabled(vrtc) && update_enabled(vrtc)) { 515 return (SBT_1S); 516 } else { 517 return (0); 518 } 519 } 520 521 static void 522 vrtc_callout_reset(struct vrtc *vrtc, sbintime_t freqsbt) 523 { 524 525 KASSERT(VRTC_LOCKED(vrtc), ("%s: vrtc not locked", __func__)); 526 527 if (freqsbt == 0) { 528 if (callout_active(&vrtc->callout)) { 529 VM_CTR0(vrtc->vm, "RTC callout stopped"); 530 callout_stop(&vrtc->callout); 531 } 532 return; 533 } 534 VM_CTR1(vrtc->vm, "RTC callout frequency %d hz", SBT_1S / freqsbt); 535 callout_reset_sbt(&vrtc->callout, freqsbt, 0, vrtc_callout_handler, 536 vrtc, 0); 537 } 538 539 static void 540 vrtc_callout_handler(void *arg) 541 { 542 struct vrtc *vrtc = arg; 543 sbintime_t freqsbt, basetime; 544 time_t rtctime; 545 int error __diagused; 546 547 VM_CTR0(vrtc->vm, "vrtc callout fired"); 548 549 VRTC_LOCK(vrtc); 550 if (callout_pending(&vrtc->callout)) /* callout was reset */ 551 goto done; 552 553 if (!callout_active(&vrtc->callout)) /* callout was stopped */ 554 goto done; 555 556 callout_deactivate(&vrtc->callout); 557 558 KASSERT((vrtc->rtcdev.reg_b & RTCSB_ALL_INTRS) != 0, 559 ("gratuitous vrtc callout")); 560 561 if (pintr_enabled(vrtc)) 562 vrtc_set_reg_c(vrtc, vrtc->rtcdev.reg_c | RTCIR_PERIOD); 563 564 if (aintr_enabled(vrtc) || uintr_enabled(vrtc)) { 565 rtctime = vrtc_curtime(vrtc, &basetime); 566 error = vrtc_time_update(vrtc, rtctime, basetime); 567 KASSERT(error == 0, ("%s: vrtc_time_update error %d", 568 __func__, error)); 569 } 570 571 freqsbt = vrtc_freq(vrtc); 572 KASSERT(freqsbt != 0, ("%s: vrtc frequency cannot be zero", __func__)); 573 vrtc_callout_reset(vrtc, freqsbt); 574 done: 575 VRTC_UNLOCK(vrtc); 576 } 577 578 static __inline void 579 vrtc_callout_check(struct vrtc *vrtc, sbintime_t freq) 580 { 581 int active __diagused; 582 583 active = callout_active(&vrtc->callout) ? 1 : 0; 584 KASSERT((freq == 0 && !active) || (freq != 0 && active), 585 ("vrtc callout %s with frequency %#lx", 586 active ? "active" : "inactive", freq)); 587 } 588 589 static void 590 vrtc_set_reg_c(struct vrtc *vrtc, uint8_t newval) 591 { 592 struct rtcdev *rtc; 593 int oldirqf, newirqf; 594 uint8_t oldval, changed; 595 596 KASSERT(VRTC_LOCKED(vrtc), ("%s: vrtc not locked", __func__)); 597 598 rtc = &vrtc->rtcdev; 599 newval &= RTCIR_ALARM | RTCIR_PERIOD | RTCIR_UPDATE; 600 601 oldirqf = rtc->reg_c & RTCIR_INT; 602 if ((aintr_enabled(vrtc) && (newval & RTCIR_ALARM) != 0) || 603 (pintr_enabled(vrtc) && (newval & RTCIR_PERIOD) != 0) || 604 (uintr_enabled(vrtc) && (newval & RTCIR_UPDATE) != 0)) { 605 newirqf = RTCIR_INT; 606 } else { 607 newirqf = 0; 608 } 609 610 oldval = rtc->reg_c; 611 rtc->reg_c = newirqf | newval; 612 changed = oldval ^ rtc->reg_c; 613 if (changed) { 614 VM_CTR2(vrtc->vm, "RTC reg_c changed from %#x to %#x", 615 oldval, rtc->reg_c); 616 } 617 618 if (!oldirqf && newirqf) { 619 VM_CTR1(vrtc->vm, "RTC irq %d asserted", RTC_IRQ); 620 vatpic_pulse_irq(vrtc->vm, RTC_IRQ); 621 vioapic_pulse_irq(vrtc->vm, RTC_IRQ); 622 } else if (oldirqf && !newirqf) { 623 VM_CTR1(vrtc->vm, "RTC irq %d deasserted", RTC_IRQ); 624 } 625 } 626 627 static int 628 vrtc_set_reg_b(struct vrtc *vrtc, uint8_t newval) 629 { 630 struct rtcdev *rtc; 631 sbintime_t oldfreq, newfreq, basetime; 632 time_t curtime, rtctime; 633 int error __diagused; 634 uint8_t oldval, changed; 635 636 KASSERT(VRTC_LOCKED(vrtc), ("%s: vrtc not locked", __func__)); 637 638 rtc = &vrtc->rtcdev; 639 oldval = rtc->reg_b; 640 oldfreq = vrtc_freq(vrtc); 641 642 rtc->reg_b = newval; 643 changed = oldval ^ newval; 644 if (changed) { 645 VM_CTR2(vrtc->vm, "RTC reg_b changed from %#x to %#x", 646 oldval, newval); 647 } 648 649 if (changed & RTCSB_HALT) { 650 if ((newval & RTCSB_HALT) == 0) { 651 rtctime = rtc_to_secs(vrtc); 652 basetime = sbinuptime(); 653 if (rtctime == VRTC_BROKEN_TIME) { 654 if (rtc_flag_broken_time) 655 return (-1); 656 } 657 } else { 658 curtime = vrtc_curtime(vrtc, &basetime); 659 KASSERT(curtime == vrtc->base_rtctime, ("%s: mismatch " 660 "between vrtc basetime (%#lx) and curtime (%#lx)", 661 __func__, vrtc->base_rtctime, curtime)); 662 663 /* 664 * Force a refresh of the RTC date/time fields so 665 * they reflect the time right before the guest set 666 * the HALT bit. 667 */ 668 secs_to_rtc(curtime, vrtc, 1); 669 670 /* 671 * Updates are halted so mark 'base_rtctime' to denote 672 * that the RTC date/time is in flux. 673 */ 674 rtctime = VRTC_BROKEN_TIME; 675 rtc->reg_b &= ~RTCSB_UINTR; 676 } 677 error = vrtc_time_update(vrtc, rtctime, basetime); 678 KASSERT(error == 0, ("vrtc_time_update error %d", error)); 679 } 680 681 /* 682 * Side effect of changes to the interrupt enable bits. 683 */ 684 if (changed & RTCSB_ALL_INTRS) 685 vrtc_set_reg_c(vrtc, vrtc->rtcdev.reg_c); 686 687 /* 688 * Change the callout frequency if it has changed. 689 */ 690 newfreq = vrtc_freq(vrtc); 691 if (newfreq != oldfreq) 692 vrtc_callout_reset(vrtc, newfreq); 693 else 694 vrtc_callout_check(vrtc, newfreq); 695 696 /* 697 * The side effect of bits that control the RTC date/time format 698 * is handled lazily when those fields are actually read. 699 */ 700 return (0); 701 } 702 703 static void 704 vrtc_set_reg_a(struct vrtc *vrtc, uint8_t newval) 705 { 706 sbintime_t oldfreq, newfreq; 707 uint8_t oldval, changed; 708 709 KASSERT(VRTC_LOCKED(vrtc), ("%s: vrtc not locked", __func__)); 710 711 newval &= ~RTCSA_TUP; 712 oldval = vrtc->rtcdev.reg_a; 713 oldfreq = vrtc_freq(vrtc); 714 715 if (divider_enabled(oldval) && !divider_enabled(newval)) { 716 VM_CTR2(vrtc->vm, "RTC divider held in reset at %#lx/%#lx", 717 vrtc->base_rtctime, vrtc->base_uptime); 718 } else if (!divider_enabled(oldval) && divider_enabled(newval)) { 719 /* 720 * If the dividers are coming out of reset then update 721 * 'base_uptime' before this happens. This is done to 722 * maintain the illusion that the RTC date/time was frozen 723 * while the dividers were disabled. 724 */ 725 vrtc->base_uptime = sbinuptime(); 726 VM_CTR2(vrtc->vm, "RTC divider out of reset at %#lx/%#lx", 727 vrtc->base_rtctime, vrtc->base_uptime); 728 } else { 729 /* NOTHING */ 730 } 731 732 vrtc->rtcdev.reg_a = newval; 733 changed = oldval ^ newval; 734 if (changed) { 735 VM_CTR2(vrtc->vm, "RTC reg_a changed from %#x to %#x", 736 oldval, newval); 737 } 738 739 /* 740 * Side effect of changes to rate select and divider enable bits. 741 */ 742 newfreq = vrtc_freq(vrtc); 743 if (newfreq != oldfreq) 744 vrtc_callout_reset(vrtc, newfreq); 745 else 746 vrtc_callout_check(vrtc, newfreq); 747 } 748 749 int 750 vrtc_set_time(struct vm *vm, time_t secs) 751 { 752 struct vrtc *vrtc; 753 int error; 754 755 vrtc = vm_rtc(vm); 756 VRTC_LOCK(vrtc); 757 error = vrtc_time_update(vrtc, secs, sbinuptime()); 758 VRTC_UNLOCK(vrtc); 759 760 if (error) { 761 VM_CTR2(vrtc->vm, "Error %d setting RTC time to %#lx", error, 762 secs); 763 } else { 764 VM_CTR1(vrtc->vm, "RTC time set to %#lx", secs); 765 } 766 767 return (error); 768 } 769 770 time_t 771 vrtc_get_time(struct vm *vm) 772 { 773 struct vrtc *vrtc; 774 sbintime_t basetime; 775 time_t t; 776 777 vrtc = vm_rtc(vm); 778 VRTC_LOCK(vrtc); 779 t = vrtc_curtime(vrtc, &basetime); 780 VRTC_UNLOCK(vrtc); 781 782 return (t); 783 } 784 785 int 786 vrtc_nvram_write(struct vm *vm, int offset, uint8_t value) 787 { 788 struct vrtc *vrtc; 789 uint8_t *ptr; 790 791 vrtc = vm_rtc(vm); 792 793 /* 794 * Don't allow writes to RTC control registers or the date/time fields. 795 */ 796 if (offset < offsetof(struct rtcdev, nvram[0]) || 797 offset == RTC_CENTURY || offset >= sizeof(struct rtcdev)) { 798 VM_CTR1(vrtc->vm, "RTC nvram write to invalid offset %d", 799 offset); 800 return (EINVAL); 801 } 802 803 VRTC_LOCK(vrtc); 804 ptr = (uint8_t *)(&vrtc->rtcdev); 805 ptr[offset] = value; 806 VM_CTR2(vrtc->vm, "RTC nvram write %#x to offset %#x", value, offset); 807 VRTC_UNLOCK(vrtc); 808 809 return (0); 810 } 811 812 int 813 vrtc_nvram_read(struct vm *vm, int offset, uint8_t *retval) 814 { 815 struct vrtc *vrtc; 816 sbintime_t basetime; 817 time_t curtime; 818 uint8_t *ptr; 819 820 /* 821 * Allow all offsets in the RTC to be read. 822 */ 823 if (offset < 0 || offset >= sizeof(struct rtcdev)) 824 return (EINVAL); 825 826 vrtc = vm_rtc(vm); 827 VRTC_LOCK(vrtc); 828 829 /* 830 * Update RTC date/time fields if necessary. 831 */ 832 if (offset < 10 || offset == RTC_CENTURY) { 833 curtime = vrtc_curtime(vrtc, &basetime); 834 secs_to_rtc(curtime, vrtc, 0); 835 } 836 837 ptr = (uint8_t *)(&vrtc->rtcdev); 838 *retval = ptr[offset]; 839 840 VRTC_UNLOCK(vrtc); 841 return (0); 842 } 843 844 int 845 vrtc_addr_handler(struct vm *vm, bool in, int port, int bytes, uint32_t *val) 846 { 847 struct vrtc *vrtc; 848 849 vrtc = vm_rtc(vm); 850 851 if (bytes != 1) 852 return (-1); 853 854 if (in) { 855 *val = 0xff; 856 return (0); 857 } 858 859 VRTC_LOCK(vrtc); 860 vrtc->addr = *val & 0x7f; 861 VRTC_UNLOCK(vrtc); 862 863 return (0); 864 } 865 866 int 867 vrtc_data_handler(struct vm *vm, bool in, int port, int bytes, uint32_t *val) 868 { 869 struct vrtc *vrtc; 870 struct rtcdev *rtc; 871 sbintime_t basetime; 872 time_t curtime; 873 int error, offset; 874 875 vrtc = vm_rtc(vm); 876 rtc = &vrtc->rtcdev; 877 878 if (bytes != 1) 879 return (-1); 880 881 VRTC_LOCK(vrtc); 882 offset = vrtc->addr; 883 if (offset >= sizeof(struct rtcdev)) { 884 VRTC_UNLOCK(vrtc); 885 return (-1); 886 } 887 888 error = 0; 889 curtime = vrtc_curtime(vrtc, &basetime); 890 vrtc_time_update(vrtc, curtime, basetime); 891 892 /* 893 * Update RTC date/time fields if necessary. 894 * 895 * This is not just for reads of the RTC. The side-effect of writing 896 * the century byte requires other RTC date/time fields (e.g. sec) 897 * to be updated here. 898 */ 899 if (offset < 10 || offset == RTC_CENTURY) 900 secs_to_rtc(curtime, vrtc, 0); 901 902 if (in) { 903 if (offset == 12) { 904 /* 905 * XXX 906 * reg_c interrupt flags are updated only if the 907 * corresponding interrupt enable bit in reg_b is set. 908 */ 909 *val = vrtc->rtcdev.reg_c; 910 vrtc_set_reg_c(vrtc, 0); 911 } else { 912 *val = *((uint8_t *)rtc + offset); 913 } 914 VM_CTR2(vm, "Read value %#x from RTC offset %#x", 915 *val, offset); 916 } else { 917 switch (offset) { 918 case 10: 919 VM_CTR1(vm, "RTC reg_a set to %#x", *val); 920 vrtc_set_reg_a(vrtc, *val); 921 break; 922 case 11: 923 VM_CTR1(vm, "RTC reg_b set to %#x", *val); 924 error = vrtc_set_reg_b(vrtc, *val); 925 break; 926 case 12: 927 VM_CTR1(vm, "RTC reg_c set to %#x (ignored)", 928 *val); 929 break; 930 case 13: 931 VM_CTR1(vm, "RTC reg_d set to %#x (ignored)", 932 *val); 933 break; 934 case 0: 935 /* 936 * High order bit of 'seconds' is readonly. 937 */ 938 *val &= 0x7f; 939 /* FALLTHRU */ 940 default: 941 VM_CTR2(vm, "RTC offset %#x set to %#x", 942 offset, *val); 943 *((uint8_t *)rtc + offset) = *val; 944 break; 945 } 946 947 /* 948 * XXX some guests (e.g. OpenBSD) write the century byte 949 * outside of RTCSB_HALT so re-calculate the RTC date/time. 950 */ 951 if (offset == RTC_CENTURY && !rtc_halted(vrtc)) { 952 curtime = rtc_to_secs(vrtc); 953 error = vrtc_time_update(vrtc, curtime, sbinuptime()); 954 KASSERT(!error, ("vrtc_time_update error %d", error)); 955 if (curtime == VRTC_BROKEN_TIME && rtc_flag_broken_time) 956 error = -1; 957 } 958 } 959 VRTC_UNLOCK(vrtc); 960 return (error); 961 } 962 963 void 964 vrtc_reset(struct vrtc *vrtc) 965 { 966 struct rtcdev *rtc; 967 968 VRTC_LOCK(vrtc); 969 970 rtc = &vrtc->rtcdev; 971 vrtc_set_reg_b(vrtc, rtc->reg_b & ~(RTCSB_ALL_INTRS | RTCSB_SQWE)); 972 vrtc_set_reg_c(vrtc, 0); 973 KASSERT(!callout_active(&vrtc->callout), ("rtc callout still active")); 974 975 VRTC_UNLOCK(vrtc); 976 } 977 978 struct vrtc * 979 vrtc_init(struct vm *vm) 980 { 981 struct vrtc *vrtc; 982 struct rtcdev *rtc; 983 time_t curtime; 984 985 vrtc = malloc(sizeof(struct vrtc), M_VRTC, M_WAITOK | M_ZERO); 986 vrtc->vm = vm; 987 mtx_init(&vrtc->mtx, "vrtc lock", NULL, MTX_DEF); 988 callout_init(&vrtc->callout, 1); 989 990 /* Allow dividers to keep time but disable everything else */ 991 rtc = &vrtc->rtcdev; 992 rtc->reg_a = 0x20; 993 rtc->reg_b = RTCSB_24HR; 994 rtc->reg_c = 0; 995 rtc->reg_d = RTCSD_PWR; 996 997 /* Reset the index register to a safe value. */ 998 vrtc->addr = RTC_STATUSD; 999 1000 /* 1001 * Initialize RTC time to 00:00:00 Jan 1, 1970. 1002 */ 1003 curtime = 0; 1004 1005 VRTC_LOCK(vrtc); 1006 vrtc->base_rtctime = VRTC_BROKEN_TIME; 1007 vrtc_time_update(vrtc, curtime, sbinuptime()); 1008 secs_to_rtc(curtime, vrtc, 0); 1009 VRTC_UNLOCK(vrtc); 1010 1011 return (vrtc); 1012 } 1013 1014 void 1015 vrtc_cleanup(struct vrtc *vrtc) 1016 { 1017 1018 callout_drain(&vrtc->callout); 1019 mtx_destroy(&vrtc->mtx); 1020 free(vrtc, M_VRTC); 1021 } 1022 1023 #ifdef BHYVE_SNAPSHOT 1024 int 1025 vrtc_snapshot(struct vrtc *vrtc, struct vm_snapshot_meta *meta) 1026 { 1027 int ret; 1028 1029 VRTC_LOCK(vrtc); 1030 1031 SNAPSHOT_VAR_OR_LEAVE(vrtc->addr, meta, ret, done); 1032 if (meta->op == VM_SNAPSHOT_RESTORE) 1033 vrtc->base_uptime = sbinuptime(); 1034 SNAPSHOT_VAR_OR_LEAVE(vrtc->base_rtctime, meta, ret, done); 1035 1036 SNAPSHOT_VAR_OR_LEAVE(vrtc->rtcdev.sec, meta, ret, done); 1037 SNAPSHOT_VAR_OR_LEAVE(vrtc->rtcdev.alarm_sec, meta, ret, done); 1038 SNAPSHOT_VAR_OR_LEAVE(vrtc->rtcdev.min, meta, ret, done); 1039 SNAPSHOT_VAR_OR_LEAVE(vrtc->rtcdev.alarm_min, meta, ret, done); 1040 SNAPSHOT_VAR_OR_LEAVE(vrtc->rtcdev.hour, meta, ret, done); 1041 SNAPSHOT_VAR_OR_LEAVE(vrtc->rtcdev.alarm_hour, meta, ret, done); 1042 SNAPSHOT_VAR_OR_LEAVE(vrtc->rtcdev.day_of_week, meta, ret, done); 1043 SNAPSHOT_VAR_OR_LEAVE(vrtc->rtcdev.day_of_month, meta, ret, done); 1044 SNAPSHOT_VAR_OR_LEAVE(vrtc->rtcdev.month, meta, ret, done); 1045 SNAPSHOT_VAR_OR_LEAVE(vrtc->rtcdev.year, meta, ret, done); 1046 SNAPSHOT_VAR_OR_LEAVE(vrtc->rtcdev.reg_a, meta, ret, done); 1047 SNAPSHOT_VAR_OR_LEAVE(vrtc->rtcdev.reg_b, meta, ret, done); 1048 SNAPSHOT_VAR_OR_LEAVE(vrtc->rtcdev.reg_c, meta, ret, done); 1049 SNAPSHOT_VAR_OR_LEAVE(vrtc->rtcdev.reg_d, meta, ret, done); 1050 SNAPSHOT_BUF_OR_LEAVE(vrtc->rtcdev.nvram, sizeof(vrtc->rtcdev.nvram), 1051 meta, ret, done); 1052 SNAPSHOT_VAR_OR_LEAVE(vrtc->rtcdev.century, meta, ret, done); 1053 SNAPSHOT_BUF_OR_LEAVE(vrtc->rtcdev.nvram2, sizeof(vrtc->rtcdev.nvram2), 1054 meta, ret, done); 1055 1056 vrtc_callout_reset(vrtc, vrtc_freq(vrtc)); 1057 1058 VRTC_UNLOCK(vrtc); 1059 1060 done: 1061 return (ret); 1062 } 1063 #endif 1064