search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
block/iscsi: fix ioctl cancel use-after-free
[qemu/kevin.git] / hw / pci-host / q35.c
blob7b871b5734c966d9698c97e462ea52304f7a2155
1 /*
2 * QEMU MCH/ICH9 PCI Bridge Emulation
3 *
4 * Copyright (c) 2006 Fabrice Bellard
5 * Copyright (c) 2009, 2010, 2011
6 * Isaku Yamahata <yamahata at valinux co jp>
7 * VA Linux Systems Japan K.K.
8 * Copyright (C) 2012 Jason Baron <jbaron@redhat.com>
9 *
10 * This is based on piix.c, but heavily modified.
11 *
12 * Permission is hereby granted, free of charge, to any person obtaining a copy
13 * of this software and associated documentation files (the "Software"), to deal
14 * in the Software without restriction, including without limitation the rights
15 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
16 * copies of the Software, and to permit persons to whom the Software is
17 * furnished to do so, subject to the following conditions:
18 *
19 * The above copyright notice and this permission notice shall be included in
20 * all copies or substantial portions of the Software.
21 *
22 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
23 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
24 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
25 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
26 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
27 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
28 * THE SOFTWARE.
29 */
30 #include "qemu/osdep.h"
31 #include "hw/hw.h"
32 #include "hw/pci-host/q35.h"
33 #include "qapi/error.h"
34 #include "qapi/visitor.h"
35
36 /****************************************************************************
37 * Q35 host
38 */
39
40 #define Q35_PCI_HOST_HOLE64_SIZE_DEFAULT (1ULL << 35)
41
42 static void q35_host_realize(DeviceState *dev, Error **errp)
43 {
44 PCIHostState *pci = PCI_HOST_BRIDGE(dev);
45 Q35PCIHost *s = Q35_HOST_DEVICE(dev);
46 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
47
48 sysbus_add_io(sbd, MCH_HOST_BRIDGE_CONFIG_ADDR, &pci->conf_mem);
49 sysbus_init_ioports(sbd, MCH_HOST_BRIDGE_CONFIG_ADDR, 4);
50
51 sysbus_add_io(sbd, MCH_HOST_BRIDGE_CONFIG_DATA, &pci->data_mem);
52 sysbus_init_ioports(sbd, MCH_HOST_BRIDGE_CONFIG_DATA, 4);
53
54 /* register q35 0xcf8 port as coalesced pio */
55 memory_region_set_flush_coalesced(&pci->data_mem);
56 memory_region_add_coalescing(&pci->conf_mem, 0, 4);
57
58 pci->bus = pci_root_bus_new(DEVICE(s), "pcie.0",
59 s->mch.pci_address_space,
60 s->mch.address_space_io,
61 0, TYPE_PCIE_BUS);
62 PC_MACHINE(qdev_get_machine())->bus = pci->bus;
63 qdev_set_parent_bus(DEVICE(&s->mch), BUS(pci->bus));
64 qdev_init_nofail(DEVICE(&s->mch));
65 }
66
67 static const char *q35_host_root_bus_path(PCIHostState *host_bridge,
68 PCIBus *rootbus)
69 {
70 Q35PCIHost *s = Q35_HOST_DEVICE(host_bridge);
71
72 /* For backwards compat with old device paths */
73 if (s->mch.short_root_bus) {
74 return "0000";
75 }
76 return "0000:00";
77 }
78
79 static void q35_host_get_pci_hole_start(Object *obj, Visitor *v,
80 const char *name, void *opaque,
81 Error **errp)
82 {
83 Q35PCIHost *s = Q35_HOST_DEVICE(obj);
84 uint64_t val64;
85 uint32_t value;
86
87 val64 = range_is_empty(&s->mch.pci_hole)
88 ? 0 : range_lob(&s->mch.pci_hole);
89 value = val64;
90 assert(value == val64);
91 visit_type_uint32(v, name, &value, errp);
92 }
93
94 static void q35_host_get_pci_hole_end(Object *obj, Visitor *v,
95 const char *name, void *opaque,
96 Error **errp)
97 {
98 Q35PCIHost *s = Q35_HOST_DEVICE(obj);
99 uint64_t val64;
100 uint32_t value;
101
102 val64 = range_is_empty(&s->mch.pci_hole)
103 ? 0 : range_upb(&s->mch.pci_hole) + 1;
104 value = val64;
105 assert(value == val64);
106 visit_type_uint32(v, name, &value, errp);
107 }
108
109 /*
110 * The 64bit PCI hole start is set by the Guest firmware
111 * as the address of the first 64bit PCI MEM resource.
112 * If no PCI device has resources on the 64bit area,
113 * the 64bit PCI hole will start after "over 4G RAM" and the
114 * reserved space for memory hotplug if any.
115 */
116 static uint64_t q35_host_get_pci_hole64_start_value(Object *obj)
117 {
118 PCIHostState *h = PCI_HOST_BRIDGE(obj);
119 Q35PCIHost *s = Q35_HOST_DEVICE(obj);
120 Range w64;
121 uint64_t value;
122
123 pci_bus_get_w64_range(h->bus, &w64);
124 value = range_is_empty(&w64) ? 0 : range_lob(&w64);
125 if (!value && s->pci_hole64_fix) {
126 value = pc_pci_hole64_start();
127 }
128 return value;
129 }
130
131 static void q35_host_get_pci_hole64_start(Object *obj, Visitor *v,
132 const char *name, void *opaque,
133 Error **errp)
134 {
135 uint64_t hole64_start = q35_host_get_pci_hole64_start_value(obj);
136
137 visit_type_uint64(v, name, &hole64_start, errp);
138 }
139
140 /*
141 * The 64bit PCI hole end is set by the Guest firmware
142 * as the address of the last 64bit PCI MEM resource.
143 * Then it is expanded to the PCI_HOST_PROP_PCI_HOLE64_SIZE
144 * that can be configured by the user.
145 */
146 static void q35_host_get_pci_hole64_end(Object *obj, Visitor *v,
147 const char *name, void *opaque,
148 Error **errp)
149 {
150 PCIHostState *h = PCI_HOST_BRIDGE(obj);
151 Q35PCIHost *s = Q35_HOST_DEVICE(obj);
152 uint64_t hole64_start = q35_host_get_pci_hole64_start_value(obj);
153 Range w64;
154 uint64_t value, hole64_end;
155
156 pci_bus_get_w64_range(h->bus, &w64);
157 value = range_is_empty(&w64) ? 0 : range_upb(&w64) + 1;
158 hole64_end = ROUND_UP(hole64_start + s->mch.pci_hole64_size, 1ULL << 30);
159 if (s->pci_hole64_fix && value < hole64_end) {
160 value = hole64_end;
161 }
162 visit_type_uint64(v, name, &value, errp);
163 }
164
165 static void q35_host_get_mmcfg_size(Object *obj, Visitor *v, const char *name,
166 void *opaque, Error **errp)
167 {
168 PCIExpressHost *e = PCIE_HOST_BRIDGE(obj);
169
170 visit_type_uint64(v, name, &e->size, errp);
171 }
172
173 /*
174 * NOTE: setting defaults for the mch.* fields in this table
175 * doesn't work, because mch is a separate QOM object that is
176 * zeroed by the object_initialize(&s->mch, ...) call inside
177 * q35_host_initfn(). The default values for those
178 * properties need to be initialized manually by
179 * q35_host_initfn() after the object_initialize() call.
180 */
181 static Property q35_host_props[] = {
182 DEFINE_PROP_UINT64(PCIE_HOST_MCFG_BASE, Q35PCIHost, parent_obj.base_addr,
183 MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT),
184 DEFINE_PROP_SIZE(PCI_HOST_PROP_PCI_HOLE64_SIZE, Q35PCIHost,
185 mch.pci_hole64_size, Q35_PCI_HOST_HOLE64_SIZE_DEFAULT),
186 DEFINE_PROP_UINT32("short_root_bus", Q35PCIHost, mch.short_root_bus, 0),
187 DEFINE_PROP_SIZE(PCI_HOST_BELOW_4G_MEM_SIZE, Q35PCIHost,
188 mch.below_4g_mem_size, 0),
189 DEFINE_PROP_SIZE(PCI_HOST_ABOVE_4G_MEM_SIZE, Q35PCIHost,
190 mch.above_4g_mem_size, 0),
191 DEFINE_PROP_BOOL("x-pci-hole64-fix", Q35PCIHost, pci_hole64_fix, true),
192 DEFINE_PROP_END_OF_LIST(),
193 };
194
195 static void q35_host_class_init(ObjectClass *klass, void *data)
196 {
197 DeviceClass *dc = DEVICE_CLASS(klass);
198 PCIHostBridgeClass *hc = PCI_HOST_BRIDGE_CLASS(klass);
199
200 hc->root_bus_path = q35_host_root_bus_path;
201 dc->realize = q35_host_realize;
202 dc->props = q35_host_props;
203 /* Reason: needs to be wired up by pc_q35_init */
204 dc->user_creatable = false;
205 set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
206 dc->fw_name = "pci";
207 }
208
209 static void q35_host_initfn(Object *obj)
210 {
211 Q35PCIHost *s = Q35_HOST_DEVICE(obj);
212 PCIHostState *phb = PCI_HOST_BRIDGE(obj);
213
214 memory_region_init_io(&phb->conf_mem, obj, &pci_host_conf_le_ops, phb,
215 "pci-conf-idx", 4);
216 memory_region_init_io(&phb->data_mem, obj, &pci_host_data_le_ops, phb,
217 "pci-conf-data", 4);
218
219 object_initialize(&s->mch, sizeof(s->mch), TYPE_MCH_PCI_DEVICE);
220 object_property_add_child(OBJECT(s), "mch", OBJECT(&s->mch), NULL);
221 qdev_prop_set_int32(DEVICE(&s->mch), "addr", PCI_DEVFN(0, 0));
222 qdev_prop_set_bit(DEVICE(&s->mch), "multifunction", false);
223 /* mch's object_initialize resets the default value, set it again */
224 qdev_prop_set_uint64(DEVICE(s), PCI_HOST_PROP_PCI_HOLE64_SIZE,
225 Q35_PCI_HOST_HOLE64_SIZE_DEFAULT);
226 object_property_add(obj, PCI_HOST_PROP_PCI_HOLE_START, "uint32",
227 q35_host_get_pci_hole_start,
228 NULL, NULL, NULL, NULL);
229
230 object_property_add(obj, PCI_HOST_PROP_PCI_HOLE_END, "uint32",
231 q35_host_get_pci_hole_end,
232 NULL, NULL, NULL, NULL);
233
234 object_property_add(obj, PCI_HOST_PROP_PCI_HOLE64_START, "uint64",
235 q35_host_get_pci_hole64_start,
236 NULL, NULL, NULL, NULL);
237
238 object_property_add(obj, PCI_HOST_PROP_PCI_HOLE64_END, "uint64",
239 q35_host_get_pci_hole64_end,
240 NULL, NULL, NULL, NULL);
241
242 object_property_add(obj, PCIE_HOST_MCFG_SIZE, "uint64",
243 q35_host_get_mmcfg_size,
244 NULL, NULL, NULL, NULL);
245
246 object_property_add_link(obj, MCH_HOST_PROP_RAM_MEM, TYPE_MEMORY_REGION,
247 (Object **) &s->mch.ram_memory,
248 qdev_prop_allow_set_link_before_realize, 0, NULL);
249
250 object_property_add_link(obj, MCH_HOST_PROP_PCI_MEM, TYPE_MEMORY_REGION,
251 (Object **) &s->mch.pci_address_space,
252 qdev_prop_allow_set_link_before_realize, 0, NULL);
253
254 object_property_add_link(obj, MCH_HOST_PROP_SYSTEM_MEM, TYPE_MEMORY_REGION,
255 (Object **) &s->mch.system_memory,
256 qdev_prop_allow_set_link_before_realize, 0, NULL);
257
258 object_property_add_link(obj, MCH_HOST_PROP_IO_MEM, TYPE_MEMORY_REGION,
259 (Object **) &s->mch.address_space_io,
260 qdev_prop_allow_set_link_before_realize, 0, NULL);
261
262 /* Leave enough space for the biggest MCFG BAR */
263 /* TODO: this matches current bios behaviour, but
264 * it's not a power of two, which means an MTRR
265 * can't cover it exactly.
266 */
267 range_set_bounds(&s->mch.pci_hole,
268 MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT + MCH_HOST_BRIDGE_PCIEXBAR_MAX,
269 IO_APIC_DEFAULT_ADDRESS - 1);
270 }
271
272 static const TypeInfo q35_host_info = {
273 .name = TYPE_Q35_HOST_DEVICE,
274 .parent = TYPE_PCIE_HOST_BRIDGE,
275 .instance_size = sizeof(Q35PCIHost),
276 .instance_init = q35_host_initfn,
277 .class_init = q35_host_class_init,
278 };
279
280 /****************************************************************************
281 * MCH D0:F0
282 */
283
284 static uint64_t tseg_blackhole_read(void *ptr, hwaddr reg, unsigned size)
285 {
286 return 0xffffffff;
287 }
288
289 static void tseg_blackhole_write(void *opaque, hwaddr addr, uint64_t val,
290 unsigned width)
291 {
292 /* nothing */
293 }
294
295 static const MemoryRegionOps tseg_blackhole_ops = {
296 .read = tseg_blackhole_read,
297 .write = tseg_blackhole_write,
298 .endianness = DEVICE_NATIVE_ENDIAN,
299 .valid.min_access_size = 1,
300 .valid.max_access_size = 4,
301 .impl.min_access_size = 4,
302 .impl.max_access_size = 4,
303 .endianness = DEVICE_LITTLE_ENDIAN,
304 };
305
306 /* PCIe MMCFG */
307 static void mch_update_pciexbar(MCHPCIState *mch)
308 {
309 PCIDevice *pci_dev = PCI_DEVICE(mch);
310 BusState *bus = qdev_get_parent_bus(DEVICE(mch));
311 PCIExpressHost *pehb = PCIE_HOST_BRIDGE(bus->parent);
312
313 uint64_t pciexbar;
314 int enable;
315 uint64_t addr;
316 uint64_t addr_mask;
317 uint32_t length;
318
319 pciexbar = pci_get_quad(pci_dev->config + MCH_HOST_BRIDGE_PCIEXBAR);
320 enable = pciexbar & MCH_HOST_BRIDGE_PCIEXBAREN;
321 addr_mask = MCH_HOST_BRIDGE_PCIEXBAR_ADMSK;
322 switch (pciexbar & MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_MASK) {
323 case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_256M:
324 length = 256 * 1024 * 1024;
325 break;
326 case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_128M:
327 length = 128 * 1024 * 1024;
328 addr_mask |= MCH_HOST_BRIDGE_PCIEXBAR_128ADMSK |
329 MCH_HOST_BRIDGE_PCIEXBAR_64ADMSK;
330 break;
331 case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_64M:
332 length = 64 * 1024 * 1024;
333 addr_mask |= MCH_HOST_BRIDGE_PCIEXBAR_64ADMSK;
334 break;
335 case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_RVD:
336 default:
337 abort();
338 }
339 addr = pciexbar & addr_mask;
340 pcie_host_mmcfg_update(pehb, enable, addr, length);
341 /* Leave enough space for the MCFG BAR */
342 /*
343 * TODO: this matches current bios behaviour, but it's not a power of two,
344 * which means an MTRR can't cover it exactly.
345 */
346 if (enable) {
347 range_set_bounds(&mch->pci_hole,
348 addr + length,
349 IO_APIC_DEFAULT_ADDRESS - 1);
350 } else {
351 range_set_bounds(&mch->pci_hole,
352 MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT,
353 IO_APIC_DEFAULT_ADDRESS - 1);
354 }
355 }
356
357 /* PAM */
358 static void mch_update_pam(MCHPCIState *mch)
359 {
360 PCIDevice *pd = PCI_DEVICE(mch);
361 int i;
362
363 memory_region_transaction_begin();
364 for (i = 0; i < 13; i++) {
365 pam_update(&mch->pam_regions[i], i,
366 pd->config[MCH_HOST_BRIDGE_PAM0 + DIV_ROUND_UP(i, 2)]);
367 }
368 memory_region_transaction_commit();
369 }
370
371 /* SMRAM */
372 static void mch_update_smram(MCHPCIState *mch)
373 {
374 PCIDevice *pd = PCI_DEVICE(mch);
375 bool h_smrame = (pd->config[MCH_HOST_BRIDGE_ESMRAMC] & MCH_HOST_BRIDGE_ESMRAMC_H_SMRAME);
376 uint32_t tseg_size;
377
378 /* implement SMRAM.D_LCK */
379 if (pd->config[MCH_HOST_BRIDGE_SMRAM] & MCH_HOST_BRIDGE_SMRAM_D_LCK) {
380 pd->config[MCH_HOST_BRIDGE_SMRAM] &= ~MCH_HOST_BRIDGE_SMRAM_D_OPEN;
381 pd->wmask[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_WMASK_LCK;
382 pd->wmask[MCH_HOST_BRIDGE_ESMRAMC] = MCH_HOST_BRIDGE_ESMRAMC_WMASK_LCK;
383 }
384
385 memory_region_transaction_begin();
386
387 if (pd->config[MCH_HOST_BRIDGE_SMRAM] & SMRAM_D_OPEN) {
388 /* Hide (!) low SMRAM if H_SMRAME = 1 */
389 memory_region_set_enabled(&mch->smram_region, h_smrame);
390 /* Show high SMRAM if H_SMRAME = 1 */
391 memory_region_set_enabled(&mch->open_high_smram, h_smrame);
392 } else {
393 /* Hide high SMRAM and low SMRAM */
394 memory_region_set_enabled(&mch->smram_region, true);
395 memory_region_set_enabled(&mch->open_high_smram, false);
396 }
397
398 if (pd->config[MCH_HOST_BRIDGE_SMRAM] & SMRAM_G_SMRAME) {
399 memory_region_set_enabled(&mch->low_smram, !h_smrame);
400 memory_region_set_enabled(&mch->high_smram, h_smrame);
401 } else {
402 memory_region_set_enabled(&mch->low_smram, false);
403 memory_region_set_enabled(&mch->high_smram, false);
404 }
405
406 if (pd->config[MCH_HOST_BRIDGE_ESMRAMC] & MCH_HOST_BRIDGE_ESMRAMC_T_EN) {
407 switch (pd->config[MCH_HOST_BRIDGE_ESMRAMC] &
408 MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_MASK) {
409 case MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_1MB:
410 tseg_size = 1024 * 1024;
411 break;
412 case MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_2MB:
413 tseg_size = 1024 * 1024 * 2;
414 break;
415 case MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_8MB:
416 tseg_size = 1024 * 1024 * 8;
417 break;
418 default:
419 tseg_size = 1024 * 1024 * (uint32_t)mch->ext_tseg_mbytes;
420 break;
421 }
422 } else {
423 tseg_size = 0;
424 }
425 memory_region_del_subregion(mch->system_memory, &mch->tseg_blackhole);
426 memory_region_set_enabled(&mch->tseg_blackhole, tseg_size);
427 memory_region_set_size(&mch->tseg_blackhole, tseg_size);
428 memory_region_add_subregion_overlap(mch->system_memory,
429 mch->below_4g_mem_size - tseg_size,
430 &mch->tseg_blackhole, 1);
431
432 memory_region_set_enabled(&mch->tseg_window, tseg_size);
433 memory_region_set_size(&mch->tseg_window, tseg_size);
434 memory_region_set_address(&mch->tseg_window,
435 mch->below_4g_mem_size - tseg_size);
436 memory_region_set_alias_offset(&mch->tseg_window,
437 mch->below_4g_mem_size - tseg_size);
438
439 memory_region_transaction_commit();
440 }
441
442 static void mch_update_ext_tseg_mbytes(MCHPCIState *mch)
443 {
444 PCIDevice *pd = PCI_DEVICE(mch);
445 uint8_t *reg = pd->config + MCH_HOST_BRIDGE_EXT_TSEG_MBYTES;
446
447 if (mch->ext_tseg_mbytes > 0 &&
448 pci_get_word(reg) == MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_QUERY) {
449 pci_set_word(reg, mch->ext_tseg_mbytes);
450 }
451 }
452
453 static void mch_write_config(PCIDevice *d,
454 uint32_t address, uint32_t val, int len)
455 {
456 MCHPCIState *mch = MCH_PCI_DEVICE(d);
457
458 pci_default_write_config(d, address, val, len);
459
460 if (ranges_overlap(address, len, MCH_HOST_BRIDGE_PAM0,
461 MCH_HOST_BRIDGE_PAM_SIZE)) {
462 mch_update_pam(mch);
463 }
464
465 if (ranges_overlap(address, len, MCH_HOST_BRIDGE_PCIEXBAR,
466 MCH_HOST_BRIDGE_PCIEXBAR_SIZE)) {
467 mch_update_pciexbar(mch);
468 }
469
470 if (ranges_overlap(address, len, MCH_HOST_BRIDGE_SMRAM,
471 MCH_HOST_BRIDGE_SMRAM_SIZE)) {
472 mch_update_smram(mch);
473 }
474
475 if (ranges_overlap(address, len, MCH_HOST_BRIDGE_EXT_TSEG_MBYTES,
476 MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_SIZE)) {
477 mch_update_ext_tseg_mbytes(mch);
478 }
479 }
480
481 static void mch_update(MCHPCIState *mch)
482 {
483 mch_update_pciexbar(mch);
484 mch_update_pam(mch);
485 mch_update_smram(mch);
486 mch_update_ext_tseg_mbytes(mch);
487 }
488
489 static int mch_post_load(void *opaque, int version_id)
490 {
491 MCHPCIState *mch = opaque;
492 mch_update(mch);
493 return 0;
494 }
495
496 static const VMStateDescription vmstate_mch = {
497 .name = "mch",
498 .version_id = 1,
499 .minimum_version_id = 1,
500 .post_load = mch_post_load,
501 .fields = (VMStateField[]) {
502 VMSTATE_PCI_DEVICE(parent_obj, MCHPCIState),
503 /* Used to be smm_enabled, which was basically always zero because
504 * SeaBIOS hardly uses SMM. SMRAM is now handled by CPU code.
505 */
506 VMSTATE_UNUSED(1),
507 VMSTATE_END_OF_LIST()
508 }
509 };
510
511 static void mch_reset(DeviceState *qdev)
512 {
513 PCIDevice *d = PCI_DEVICE(qdev);
514 MCHPCIState *mch = MCH_PCI_DEVICE(d);
515
516 pci_set_quad(d->config + MCH_HOST_BRIDGE_PCIEXBAR,
517 MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT);
518
519 d->config[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_DEFAULT;
520 d->config[MCH_HOST_BRIDGE_ESMRAMC] = MCH_HOST_BRIDGE_ESMRAMC_DEFAULT;
521 d->wmask[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_WMASK;
522 d->wmask[MCH_HOST_BRIDGE_ESMRAMC] = MCH_HOST_BRIDGE_ESMRAMC_WMASK;
523
524 if (mch->ext_tseg_mbytes > 0) {
525 pci_set_word(d->config + MCH_HOST_BRIDGE_EXT_TSEG_MBYTES,
526 MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_QUERY);
527 }
528
529 mch_update(mch);
530 }
531
532 static void mch_realize(PCIDevice *d, Error **errp)
533 {
534 int i;
535 MCHPCIState *mch = MCH_PCI_DEVICE(d);
536
537 if (mch->ext_tseg_mbytes > MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_MAX) {
538 error_setg(errp, "invalid extended-tseg-mbytes value: %" PRIu16,
539 mch->ext_tseg_mbytes);
540 return;
541 }
542
543 /* setup pci memory mapping */
544 pc_pci_as_mapping_init(OBJECT(mch), mch->system_memory,
545 mch->pci_address_space);
546
547 /* if *disabled* show SMRAM to all CPUs */
548 memory_region_init_alias(&mch->smram_region, OBJECT(mch), "smram-region",
549 mch->pci_address_space, MCH_HOST_BRIDGE_SMRAM_C_BASE,
550 MCH_HOST_BRIDGE_SMRAM_C_SIZE);
551 memory_region_add_subregion_overlap(mch->system_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
552 &mch->smram_region, 1);
553 memory_region_set_enabled(&mch->smram_region, true);
554
555 memory_region_init_alias(&mch->open_high_smram, OBJECT(mch), "smram-open-high",
556 mch->ram_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
557 MCH_HOST_BRIDGE_SMRAM_C_SIZE);
558 memory_region_add_subregion_overlap(mch->system_memory, 0xfeda0000,
559 &mch->open_high_smram, 1);
560 memory_region_set_enabled(&mch->open_high_smram, false);
561
562 /* smram, as seen by SMM CPUs */
563 memory_region_init(&mch->smram, OBJECT(mch), "smram", 1ull << 32);
564 memory_region_set_enabled(&mch->smram, true);
565 memory_region_init_alias(&mch->low_smram, OBJECT(mch), "smram-low",
566 mch->ram_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
567 MCH_HOST_BRIDGE_SMRAM_C_SIZE);
568 memory_region_set_enabled(&mch->low_smram, true);
569 memory_region_add_subregion(&mch->smram, MCH_HOST_BRIDGE_SMRAM_C_BASE,
570 &mch->low_smram);
571 memory_region_init_alias(&mch->high_smram, OBJECT(mch), "smram-high",
572 mch->ram_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
573 MCH_HOST_BRIDGE_SMRAM_C_SIZE);
574 memory_region_set_enabled(&mch->high_smram, true);
575 memory_region_add_subregion(&mch->smram, 0xfeda0000, &mch->high_smram);
576
577 memory_region_init_io(&mch->tseg_blackhole, OBJECT(mch),
578 &tseg_blackhole_ops, NULL,
579 "tseg-blackhole", 0);
580 memory_region_set_enabled(&mch->tseg_blackhole, false);
581 memory_region_add_subregion_overlap(mch->system_memory,
582 mch->below_4g_mem_size,
583 &mch->tseg_blackhole, 1);
584
585 memory_region_init_alias(&mch->tseg_window, OBJECT(mch), "tseg-window",
586 mch->ram_memory, mch->below_4g_mem_size, 0);
587 memory_region_set_enabled(&mch->tseg_window, false);
588 memory_region_add_subregion(&mch->smram, mch->below_4g_mem_size,
589 &mch->tseg_window);
590 object_property_add_const_link(qdev_get_machine(), "smram",
591 OBJECT(&mch->smram), &error_abort);
592
593 init_pam(DEVICE(mch), mch->ram_memory, mch->system_memory,
594 mch->pci_address_space, &mch->pam_regions[0],
595 PAM_BIOS_BASE, PAM_BIOS_SIZE);
596 for (i = 0; i < 12; ++i) {
597 init_pam(DEVICE(mch), mch->ram_memory, mch->system_memory,
598 mch->pci_address_space, &mch->pam_regions[i+1],
599 PAM_EXPAN_BASE + i * PAM_EXPAN_SIZE, PAM_EXPAN_SIZE);
600 }
601 }
602
603 uint64_t mch_mcfg_base(void)
604 {
605 bool ambiguous;
606 Object *o = object_resolve_path_type("", TYPE_MCH_PCI_DEVICE, &ambiguous);
607 if (!o) {
608 return 0;
609 }
610 return MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT;
611 }
612
613 static Property mch_props[] = {
614 DEFINE_PROP_UINT16("extended-tseg-mbytes", MCHPCIState, ext_tseg_mbytes,
615 16),
616 DEFINE_PROP_END_OF_LIST(),
617 };
618
619 static void mch_class_init(ObjectClass *klass, void *data)
620 {
621 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
622 DeviceClass *dc = DEVICE_CLASS(klass);
623
624 k->realize = mch_realize;
625 k->config_write = mch_write_config;
626 dc->reset = mch_reset;
627 dc->props = mch_props;
628 set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
629 dc->desc = "Host bridge";
630 dc->vmsd = &vmstate_mch;
631 k->vendor_id = PCI_VENDOR_ID_INTEL;
632 /*
633 * The 'q35' machine type implements an Intel Series 3 chipset,
634 * of which there are several variants. The key difference between
635 * the 82P35 MCH ('p35') and 82Q35 GMCH ('q35') variants is that
636 * the latter has an integrated graphics adapter. QEMU does not
637 * implement integrated graphics, so uses the PCI ID for the 82P35
638 * chipset.
639 */
640 k->device_id = PCI_DEVICE_ID_INTEL_P35_MCH;
641 k->revision = MCH_HOST_BRIDGE_REVISION_DEFAULT;
642 k->class_id = PCI_CLASS_BRIDGE_HOST;
643 /*
644 * PCI-facing part of the host bridge, not usable without the
645 * host-facing part, which can't be device_add'ed, yet.
646 */
647 dc->user_creatable = false;
648 }
649
650 static const TypeInfo mch_info = {
651 .name = TYPE_MCH_PCI_DEVICE,
652 .parent = TYPE_PCI_DEVICE,
653 .instance_size = sizeof(MCHPCIState),
654 .class_init = mch_class_init,
655 .interfaces = (InterfaceInfo[]) {
656 { INTERFACE_CONVENTIONAL_PCI_DEVICE },
657 { },
658 },
659 };
660
661 static void q35_register(void)
662 {
663 type_register_static(&mch_info);
664 type_register_static(&q35_host_info);
665 }
666
667 type_init(q35_register);
Random patches