kvmvapic: Catch invalid ROM size
[qemu/ar7.git] / hw / pci-host / versatile.c
blob6b28929d26a523c9f80db8cc396cedcb52ddd1c4
1 /*
2 * ARM Versatile/PB PCI host controller
4 * Copyright (c) 2006-2009 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licensed under the LGPL.
8 */
10 #include "hw/sysbus.h"
11 #include "hw/pci/pci.h"
12 #include "hw/pci/pci_bus.h"
13 #include "hw/pci/pci_host.h"
14 #include "exec/address-spaces.h"
16 /* Old and buggy versions of QEMU used the wrong mapping from
17 * PCI IRQs to system interrupt lines. Unfortunately the Linux
18 * kernel also had the corresponding bug in setting up interrupts
19 * (so older kernels work on QEMU and not on real hardware).
20 * We automatically detect these broken kernels and flip back
21 * to the broken irq mapping by spotting guest writes to the
22 * PCI_INTERRUPT_LINE register to see where the guest thinks
23 * interrupts are going to be routed. So we start in state
24 * ASSUME_OK on reset, and transition to either BROKEN or
25 * FORCE_OK at the first write to an INTERRUPT_LINE register for
26 * a slot where broken and correct interrupt mapping would differ.
27 * Once in either BROKEN or FORCE_OK we never transition again;
28 * this allows a newer kernel to use the INTERRUPT_LINE
29 * registers arbitrarily once it has indicated that it isn't
30 * broken in its init code somewhere.
32 * Unfortunately we have to cope with multiple different
33 * variants on the broken kernel behaviour:
34 * phase I (before kernel commit 1bc39ac5d) kernels assume old
35 * QEMU behaviour, so they use IRQ 27 for all slots
36 * phase II (1bc39ac5d and later, but before e3e92a7be6) kernels
37 * swizzle IRQs between slots, but do it wrongly, so they
38 * work only for every fourth PCI card, and only if (like old
39 * QEMU) the PCI host device is at slot 0 rather than where
40 * the h/w actually puts it
41 * phase III (e3e92a7be6 and later) kernels still swizzle IRQs between
42 * slots wrongly, but add a fixed offset of 64 to everything
43 * they write to PCI_INTERRUPT_LINE.
45 * We live in hope of a mythical phase IV kernel which might
46 * actually behave in ways that work on the hardware. Such a
47 * kernel should probably start off by writing some value neither
48 * 27 nor 91 to slot zero's PCI_INTERRUPT_LINE register to
49 * disable the autodetection. After that it can do what it likes.
51 * Slot % 4 | hw | I | II | III
52 * -------------------------------
53 * 0 | 29 | 27 | 27 | 91
54 * 1 | 30 | 27 | 28 | 92
55 * 2 | 27 | 27 | 29 | 93
56 * 3 | 28 | 27 | 30 | 94
58 * Since our autodetection is not perfect we also provide a
59 * property so the user can make us start in BROKEN or FORCE_OK
60 * on reset if they know they have a bad or good kernel.
62 enum {
63 PCI_VPB_IRQMAP_ASSUME_OK,
64 PCI_VPB_IRQMAP_BROKEN,
65 PCI_VPB_IRQMAP_FORCE_OK,
68 typedef struct {
69 PCIHostState parent_obj;
71 qemu_irq irq[4];
72 MemoryRegion controlregs;
73 MemoryRegion mem_config;
74 MemoryRegion mem_config2;
75 /* Containers representing the PCI address spaces */
76 MemoryRegion pci_io_space;
77 MemoryRegion pci_mem_space;
78 /* Alias regions into PCI address spaces which we expose as sysbus regions.
79 * The offsets into pci_mem_space are controlled by the imap registers.
81 MemoryRegion pci_io_window;
82 MemoryRegion pci_mem_window[3];
83 PCIBus pci_bus;
84 PCIDevice pci_dev;
86 /* Constant for life of device: */
87 int realview;
88 uint32_t mem_win_size[3];
89 uint8_t irq_mapping_prop;
91 /* Variable state: */
92 uint32_t imap[3];
93 uint32_t smap[3];
94 uint32_t selfid;
95 uint32_t flags;
96 uint8_t irq_mapping;
97 } PCIVPBState;
99 static void pci_vpb_update_window(PCIVPBState *s, int i)
101 /* Adjust the offset of the alias region we use for
102 * the memory window i to account for a change in the
103 * value of the corresponding IMAP register.
104 * Note that the semantics of the IMAP register differ
105 * for realview and versatile variants of the controller.
107 hwaddr offset;
108 if (s->realview) {
109 /* Top bits of register (masked according to window size) provide
110 * top bits of PCI address.
112 offset = s->imap[i] & ~(s->mem_win_size[i] - 1);
113 } else {
114 /* Bottom 4 bits of register provide top 4 bits of PCI address */
115 offset = s->imap[i] << 28;
117 memory_region_set_alias_offset(&s->pci_mem_window[i], offset);
120 static void pci_vpb_update_all_windows(PCIVPBState *s)
122 /* Update all alias windows based on the current register state */
123 int i;
125 for (i = 0; i < 3; i++) {
126 pci_vpb_update_window(s, i);
130 static int pci_vpb_post_load(void *opaque, int version_id)
132 PCIVPBState *s = opaque;
133 pci_vpb_update_all_windows(s);
134 return 0;
137 static const VMStateDescription pci_vpb_vmstate = {
138 .name = "versatile-pci",
139 .version_id = 1,
140 .minimum_version_id = 1,
141 .post_load = pci_vpb_post_load,
142 .fields = (VMStateField[]) {
143 VMSTATE_UINT32_ARRAY(imap, PCIVPBState, 3),
144 VMSTATE_UINT32_ARRAY(smap, PCIVPBState, 3),
145 VMSTATE_UINT32(selfid, PCIVPBState),
146 VMSTATE_UINT32(flags, PCIVPBState),
147 VMSTATE_UINT8(irq_mapping, PCIVPBState),
148 VMSTATE_END_OF_LIST()
152 #define TYPE_VERSATILE_PCI "versatile_pci"
153 #define PCI_VPB(obj) \
154 OBJECT_CHECK(PCIVPBState, (obj), TYPE_VERSATILE_PCI)
156 #define TYPE_VERSATILE_PCI_HOST "versatile_pci_host"
157 #define PCI_VPB_HOST(obj) \
158 OBJECT_CHECK(PCIDevice, (obj), TYPE_VERSATILE_PCIHOST)
160 typedef enum {
161 PCI_IMAP0 = 0x0,
162 PCI_IMAP1 = 0x4,
163 PCI_IMAP2 = 0x8,
164 PCI_SELFID = 0xc,
165 PCI_FLAGS = 0x10,
166 PCI_SMAP0 = 0x14,
167 PCI_SMAP1 = 0x18,
168 PCI_SMAP2 = 0x1c,
169 } PCIVPBControlRegs;
171 static void pci_vpb_reg_write(void *opaque, hwaddr addr,
172 uint64_t val, unsigned size)
174 PCIVPBState *s = opaque;
176 switch (addr) {
177 case PCI_IMAP0:
178 case PCI_IMAP1:
179 case PCI_IMAP2:
181 int win = (addr - PCI_IMAP0) >> 2;
182 s->imap[win] = val;
183 pci_vpb_update_window(s, win);
184 break;
186 case PCI_SELFID:
187 s->selfid = val;
188 break;
189 case PCI_FLAGS:
190 s->flags = val;
191 break;
192 case PCI_SMAP0:
193 case PCI_SMAP1:
194 case PCI_SMAP2:
196 int win = (addr - PCI_SMAP0) >> 2;
197 s->smap[win] = val;
198 break;
200 default:
201 qemu_log_mask(LOG_GUEST_ERROR,
202 "pci_vpb_reg_write: Bad offset %x\n", (int)addr);
203 break;
207 static uint64_t pci_vpb_reg_read(void *opaque, hwaddr addr,
208 unsigned size)
210 PCIVPBState *s = opaque;
212 switch (addr) {
213 case PCI_IMAP0:
214 case PCI_IMAP1:
215 case PCI_IMAP2:
217 int win = (addr - PCI_IMAP0) >> 2;
218 return s->imap[win];
220 case PCI_SELFID:
221 return s->selfid;
222 case PCI_FLAGS:
223 return s->flags;
224 case PCI_SMAP0:
225 case PCI_SMAP1:
226 case PCI_SMAP2:
228 int win = (addr - PCI_SMAP0) >> 2;
229 return s->smap[win];
231 default:
232 qemu_log_mask(LOG_GUEST_ERROR,
233 "pci_vpb_reg_read: Bad offset %x\n", (int)addr);
234 return 0;
238 static const MemoryRegionOps pci_vpb_reg_ops = {
239 .read = pci_vpb_reg_read,
240 .write = pci_vpb_reg_write,
241 .endianness = DEVICE_NATIVE_ENDIAN,
242 .valid = {
243 .min_access_size = 4,
244 .max_access_size = 4,
248 static int pci_vpb_broken_irq(int slot, int irq)
250 /* Determine whether this IRQ value for this slot represents a
251 * known broken Linux kernel behaviour for this slot.
252 * Return one of the PCI_VPB_IRQMAP_ constants:
253 * BROKEN : if this definitely looks like a broken kernel
254 * FORCE_OK : if this definitely looks good
255 * ASSUME_OK : if we can't tell
257 slot %= PCI_NUM_PINS;
259 if (irq == 27) {
260 if (slot == 2) {
261 /* Might be a Phase I kernel, or might be a fixed kernel,
262 * since slot 2 is where we expect this IRQ.
264 return PCI_VPB_IRQMAP_ASSUME_OK;
266 /* Phase I kernel */
267 return PCI_VPB_IRQMAP_BROKEN;
269 if (irq == slot + 27) {
270 /* Phase II kernel */
271 return PCI_VPB_IRQMAP_BROKEN;
273 if (irq == slot + 27 + 64) {
274 /* Phase III kernel */
275 return PCI_VPB_IRQMAP_BROKEN;
277 /* Anything else must be a fixed kernel, possibly using an
278 * arbitrary irq map.
280 return PCI_VPB_IRQMAP_FORCE_OK;
283 static void pci_vpb_config_write(void *opaque, hwaddr addr,
284 uint64_t val, unsigned size)
286 PCIVPBState *s = opaque;
287 if (!s->realview && (addr & 0xff) == PCI_INTERRUPT_LINE
288 && s->irq_mapping == PCI_VPB_IRQMAP_ASSUME_OK) {
289 uint8_t devfn = addr >> 8;
290 s->irq_mapping = pci_vpb_broken_irq(PCI_SLOT(devfn), val);
292 pci_data_write(&s->pci_bus, addr, val, size);
295 static uint64_t pci_vpb_config_read(void *opaque, hwaddr addr,
296 unsigned size)
298 PCIVPBState *s = opaque;
299 uint32_t val;
300 val = pci_data_read(&s->pci_bus, addr, size);
301 return val;
304 static const MemoryRegionOps pci_vpb_config_ops = {
305 .read = pci_vpb_config_read,
306 .write = pci_vpb_config_write,
307 .endianness = DEVICE_NATIVE_ENDIAN,
310 static int pci_vpb_map_irq(PCIDevice *d, int irq_num)
312 PCIVPBState *s = container_of(d->bus, PCIVPBState, pci_bus);
314 if (s->irq_mapping == PCI_VPB_IRQMAP_BROKEN) {
315 /* Legacy broken IRQ mapping for compatibility with old and
316 * buggy Linux guests
318 return irq_num;
321 /* Slot to IRQ mapping for RealView Platform Baseboard 926 backplane
322 * name slot IntA IntB IntC IntD
323 * A 31 IRQ28 IRQ29 IRQ30 IRQ27
324 * B 30 IRQ27 IRQ28 IRQ29 IRQ30
325 * C 29 IRQ30 IRQ27 IRQ28 IRQ29
326 * Slot C is for the host bridge; A and B the peripherals.
327 * Our output irqs 0..3 correspond to the baseboard's 27..30.
329 * This mapping function takes account of an oddity in the PB926
330 * board wiring, where the FPGA's P_nINTA input is connected to
331 * the INTB connection on the board PCI edge connector, P_nINTB
332 * is connected to INTC, and so on, so everything is one number
333 * further round from where you might expect.
335 return pci_swizzle_map_irq_fn(d, irq_num + 2);
338 static int pci_vpb_rv_map_irq(PCIDevice *d, int irq_num)
340 /* Slot to IRQ mapping for RealView EB and PB1176 backplane
341 * name slot IntA IntB IntC IntD
342 * A 31 IRQ50 IRQ51 IRQ48 IRQ49
343 * B 30 IRQ49 IRQ50 IRQ51 IRQ48
344 * C 29 IRQ48 IRQ49 IRQ50 IRQ51
345 * Slot C is for the host bridge; A and B the peripherals.
346 * Our output irqs 0..3 correspond to the baseboard's 48..51.
348 * The PB1176 and EB boards don't have the PB926 wiring oddity
349 * described above; P_nINTA connects to INTA, P_nINTB to INTB
350 * and so on, which is why this mapping function is different.
352 return pci_swizzle_map_irq_fn(d, irq_num + 3);
355 static void pci_vpb_set_irq(void *opaque, int irq_num, int level)
357 qemu_irq *pic = opaque;
359 qemu_set_irq(pic[irq_num], level);
362 static void pci_vpb_reset(DeviceState *d)
364 PCIVPBState *s = PCI_VPB(d);
366 s->imap[0] = 0;
367 s->imap[1] = 0;
368 s->imap[2] = 0;
369 s->smap[0] = 0;
370 s->smap[1] = 0;
371 s->smap[2] = 0;
372 s->selfid = 0;
373 s->flags = 0;
374 s->irq_mapping = s->irq_mapping_prop;
376 pci_vpb_update_all_windows(s);
379 static void pci_vpb_init(Object *obj)
381 PCIHostState *h = PCI_HOST_BRIDGE(obj);
382 PCIVPBState *s = PCI_VPB(obj);
384 memory_region_init(&s->pci_io_space, OBJECT(s), "pci_io", 1ULL << 32);
385 memory_region_init(&s->pci_mem_space, OBJECT(s), "pci_mem", 1ULL << 32);
387 pci_bus_new_inplace(&s->pci_bus, sizeof(s->pci_bus), DEVICE(obj), "pci",
388 &s->pci_mem_space, &s->pci_io_space,
389 PCI_DEVFN(11, 0), TYPE_PCI_BUS);
390 h->bus = &s->pci_bus;
392 object_initialize(&s->pci_dev, sizeof(s->pci_dev), TYPE_VERSATILE_PCI_HOST);
393 qdev_set_parent_bus(DEVICE(&s->pci_dev), BUS(&s->pci_bus));
395 /* Window sizes for VersatilePB; realview_pci's init will override */
396 s->mem_win_size[0] = 0x0c000000;
397 s->mem_win_size[1] = 0x10000000;
398 s->mem_win_size[2] = 0x10000000;
401 static void pci_vpb_realize(DeviceState *dev, Error **errp)
403 PCIVPBState *s = PCI_VPB(dev);
404 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
405 pci_map_irq_fn mapfn;
406 int i;
408 for (i = 0; i < 4; i++) {
409 sysbus_init_irq(sbd, &s->irq[i]);
412 if (s->realview) {
413 mapfn = pci_vpb_rv_map_irq;
414 } else {
415 mapfn = pci_vpb_map_irq;
418 pci_bus_irqs(&s->pci_bus, pci_vpb_set_irq, mapfn, s->irq, 4);
420 /* Our memory regions are:
421 * 0 : our control registers
422 * 1 : PCI self config window
423 * 2 : PCI config window
424 * 3 : PCI IO window
425 * 4..6 : PCI memory windows
427 memory_region_init_io(&s->controlregs, OBJECT(s), &pci_vpb_reg_ops, s,
428 "pci-vpb-regs", 0x1000);
429 sysbus_init_mmio(sbd, &s->controlregs);
430 memory_region_init_io(&s->mem_config, OBJECT(s), &pci_vpb_config_ops, s,
431 "pci-vpb-selfconfig", 0x1000000);
432 sysbus_init_mmio(sbd, &s->mem_config);
433 memory_region_init_io(&s->mem_config2, OBJECT(s), &pci_vpb_config_ops, s,
434 "pci-vpb-config", 0x1000000);
435 sysbus_init_mmio(sbd, &s->mem_config2);
437 /* The window into I/O space is always into a fixed base address;
438 * its size is the same for both realview and versatile.
440 memory_region_init_alias(&s->pci_io_window, OBJECT(s), "pci-vbp-io-window",
441 &s->pci_io_space, 0, 0x100000);
443 sysbus_init_mmio(sbd, &s->pci_io_space);
445 /* Create the alias regions corresponding to our three windows onto
446 * PCI memory space. The sizes vary from board to board; the base
447 * offsets are guest controllable via the IMAP registers.
449 for (i = 0; i < 3; i++) {
450 memory_region_init_alias(&s->pci_mem_window[i], OBJECT(s), "pci-vbp-window",
451 &s->pci_mem_space, 0, s->mem_win_size[i]);
452 sysbus_init_mmio(sbd, &s->pci_mem_window[i]);
455 /* TODO Remove once realize propagates to child devices. */
456 object_property_set_bool(OBJECT(&s->pci_dev), true, "realized", errp);
459 static int versatile_pci_host_init(PCIDevice *d)
461 pci_set_word(d->config + PCI_STATUS,
462 PCI_STATUS_66MHZ | PCI_STATUS_DEVSEL_MEDIUM);
463 pci_set_byte(d->config + PCI_LATENCY_TIMER, 0x10);
464 return 0;
467 static void versatile_pci_host_class_init(ObjectClass *klass, void *data)
469 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
471 k->init = versatile_pci_host_init;
472 k->vendor_id = PCI_VENDOR_ID_XILINX;
473 k->device_id = PCI_DEVICE_ID_XILINX_XC2VP30;
474 k->class_id = PCI_CLASS_PROCESSOR_CO;
477 static const TypeInfo versatile_pci_host_info = {
478 .name = TYPE_VERSATILE_PCI_HOST,
479 .parent = TYPE_PCI_DEVICE,
480 .instance_size = sizeof(PCIDevice),
481 .class_init = versatile_pci_host_class_init,
484 static Property pci_vpb_properties[] = {
485 DEFINE_PROP_UINT8("broken-irq-mapping", PCIVPBState, irq_mapping_prop,
486 PCI_VPB_IRQMAP_ASSUME_OK),
487 DEFINE_PROP_END_OF_LIST()
490 static void pci_vpb_class_init(ObjectClass *klass, void *data)
492 DeviceClass *dc = DEVICE_CLASS(klass);
494 dc->realize = pci_vpb_realize;
495 dc->reset = pci_vpb_reset;
496 dc->vmsd = &pci_vpb_vmstate;
497 dc->props = pci_vpb_properties;
500 static const TypeInfo pci_vpb_info = {
501 .name = TYPE_VERSATILE_PCI,
502 .parent = TYPE_PCI_HOST_BRIDGE,
503 .instance_size = sizeof(PCIVPBState),
504 .instance_init = pci_vpb_init,
505 .class_init = pci_vpb_class_init,
508 static void pci_realview_init(Object *obj)
510 PCIVPBState *s = PCI_VPB(obj);
512 s->realview = 1;
513 /* The PCI window sizes are different on Realview boards */
514 s->mem_win_size[0] = 0x01000000;
515 s->mem_win_size[1] = 0x04000000;
516 s->mem_win_size[2] = 0x08000000;
519 static const TypeInfo pci_realview_info = {
520 .name = "realview_pci",
521 .parent = TYPE_VERSATILE_PCI,
522 .instance_init = pci_realview_init,
525 static void versatile_pci_register_types(void)
527 type_register_static(&pci_vpb_info);
528 type_register_static(&pci_realview_info);
529 type_register_static(&versatile_pci_host_info);
532 type_init(versatile_pci_register_types)