xref: /openbmc/qemu/hw/pci-host/q35.c (revision c7b64948f8ae4142b65f644164d0678892fe223d)
1 /*
2  * QEMU MCH/ICH9 PCI Bridge Emulation
3  *
4  * Copyright (c) 2006 Fabrice Bellard
5  * Copyright (c) 2009, 2010, 2011
6  *               Isaku Yamahata <yamahata at valinux co jp>
7  *               VA Linux Systems Japan K.K.
8  * Copyright (C) 2012 Jason Baron <jbaron@redhat.com>
9  *
10  * This is based on piix.c, but heavily modified.
11  *
12  * Permission is hereby granted, free of charge, to any person obtaining a copy
13  * of this software and associated documentation files (the "Software"), to deal
14  * in the Software without restriction, including without limitation the rights
15  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
16  * copies of the Software, and to permit persons to whom the Software is
17  * furnished to do so, subject to the following conditions:
18  *
19  * The above copyright notice and this permission notice shall be included in
20  * all copies or substantial portions of the Software.
21  *
22  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
23  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
24  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
25  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
26  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
27  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
28  * THE SOFTWARE.
29  */
30 
31 #include "qemu/osdep.h"
32 #include "qemu/log.h"
33 #include "hw/i386/pc.h"
34 #include "hw/pci-host/q35.h"
35 #include "hw/qdev-properties.h"
36 #include "migration/vmstate.h"
37 #include "qapi/error.h"
38 #include "qapi/visitor.h"
39 #include "qemu/module.h"
40 
41 /****************************************************************************
42  * Q35 host
43  */
44 
45 #define Q35_PCI_HOST_HOLE64_SIZE_DEFAULT (1ULL << 35)
46 
47 static void q35_host_realize(DeviceState *dev, Error **errp)
48 {
49     PCIHostState *pci = PCI_HOST_BRIDGE(dev);
50     Q35PCIHost *s = Q35_HOST_DEVICE(dev);
51     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
52 
53     memory_region_add_subregion(s->mch.address_space_io,
54                                 MCH_HOST_BRIDGE_CONFIG_ADDR, &pci->conf_mem);
55     sysbus_init_ioports(sbd, MCH_HOST_BRIDGE_CONFIG_ADDR, 4);
56 
57     memory_region_add_subregion(s->mch.address_space_io,
58                                 MCH_HOST_BRIDGE_CONFIG_DATA, &pci->data_mem);
59     sysbus_init_ioports(sbd, MCH_HOST_BRIDGE_CONFIG_DATA, 4);
60 
61     /* register q35 0xcf8 port as coalesced pio */
62     memory_region_set_flush_coalesced(&pci->data_mem);
63     memory_region_add_coalescing(&pci->conf_mem, 0, 4);
64 
65     pci->bus = pci_root_bus_new(DEVICE(s), "pcie.0",
66                                 s->mch.pci_address_space,
67                                 s->mch.address_space_io,
68                                 0, TYPE_PCIE_BUS);
69     PC_MACHINE(qdev_get_machine())->bus = pci->bus;
70     pci->bypass_iommu =
71         PC_MACHINE(qdev_get_machine())->default_bus_bypass_iommu;
72     qdev_realize(DEVICE(&s->mch), BUS(pci->bus), &error_fatal);
73 }
74 
75 static const char *q35_host_root_bus_path(PCIHostState *host_bridge,
76                                           PCIBus *rootbus)
77 {
78     Q35PCIHost *s = Q35_HOST_DEVICE(host_bridge);
79 
80      /* For backwards compat with old device paths */
81     if (s->mch.short_root_bus) {
82         return "0000";
83     }
84     return "0000:00";
85 }
86 
87 static void q35_host_get_pci_hole_start(Object *obj, Visitor *v,
88                                         const char *name, void *opaque,
89                                         Error **errp)
90 {
91     Q35PCIHost *s = Q35_HOST_DEVICE(obj);
92     uint64_t val64;
93     uint32_t value;
94 
95     val64 = range_is_empty(&s->mch.pci_hole)
96         ? 0 : range_lob(&s->mch.pci_hole);
97     value = val64;
98     assert(value == val64);
99     visit_type_uint32(v, name, &value, errp);
100 }
101 
102 static void q35_host_get_pci_hole_end(Object *obj, Visitor *v,
103                                       const char *name, void *opaque,
104                                       Error **errp)
105 {
106     Q35PCIHost *s = Q35_HOST_DEVICE(obj);
107     uint64_t val64;
108     uint32_t value;
109 
110     val64 = range_is_empty(&s->mch.pci_hole)
111         ? 0 : range_upb(&s->mch.pci_hole) + 1;
112     value = val64;
113     assert(value == val64);
114     visit_type_uint32(v, name, &value, errp);
115 }
116 
117 /*
118  * The 64bit PCI hole start is set by the Guest firmware
119  * as the address of the first 64bit PCI MEM resource.
120  * If no PCI device has resources on the 64bit area,
121  * the 64bit PCI hole will start after "over 4G RAM" and the
122  * reserved space for memory hotplug if any.
123  */
124 static uint64_t q35_host_get_pci_hole64_start_value(Object *obj)
125 {
126     PCIHostState *h = PCI_HOST_BRIDGE(obj);
127     Q35PCIHost *s = Q35_HOST_DEVICE(obj);
128     Range w64;
129     uint64_t value;
130 
131     pci_bus_get_w64_range(h->bus, &w64);
132     value = range_is_empty(&w64) ? 0 : range_lob(&w64);
133     if (!value && s->pci_hole64_fix) {
134         value = pc_pci_hole64_start();
135     }
136     return value;
137 }
138 
139 static void q35_host_get_pci_hole64_start(Object *obj, Visitor *v,
140                                           const char *name, void *opaque,
141                                           Error **errp)
142 {
143     uint64_t hole64_start = q35_host_get_pci_hole64_start_value(obj);
144 
145     visit_type_uint64(v, name, &hole64_start, errp);
146 }
147 
148 /*
149  * The 64bit PCI hole end is set by the Guest firmware
150  * as the address of the last 64bit PCI MEM resource.
151  * Then it is expanded to the PCI_HOST_PROP_PCI_HOLE64_SIZE
152  * that can be configured by the user.
153  */
154 static void q35_host_get_pci_hole64_end(Object *obj, Visitor *v,
155                                         const char *name, void *opaque,
156                                         Error **errp)
157 {
158     PCIHostState *h = PCI_HOST_BRIDGE(obj);
159     Q35PCIHost *s = Q35_HOST_DEVICE(obj);
160     uint64_t hole64_start = q35_host_get_pci_hole64_start_value(obj);
161     Range w64;
162     uint64_t value, hole64_end;
163 
164     pci_bus_get_w64_range(h->bus, &w64);
165     value = range_is_empty(&w64) ? 0 : range_upb(&w64) + 1;
166     hole64_end = ROUND_UP(hole64_start + s->mch.pci_hole64_size, 1ULL << 30);
167     if (s->pci_hole64_fix && value < hole64_end) {
168         value = hole64_end;
169     }
170     visit_type_uint64(v, name, &value, errp);
171 }
172 
173 /*
174  * NOTE: setting defaults for the mch.* fields in this table
175  * doesn't work, because mch is a separate QOM object that is
176  * zeroed by the object_initialize(&s->mch, ...) call inside
177  * q35_host_initfn().  The default values for those
178  * properties need to be initialized manually by
179  * q35_host_initfn() after the object_initialize() call.
180  */
181 static Property q35_host_props[] = {
182     DEFINE_PROP_UINT64(PCIE_HOST_MCFG_BASE, Q35PCIHost, parent_obj.base_addr,
183                         MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT),
184     DEFINE_PROP_SIZE(PCI_HOST_PROP_PCI_HOLE64_SIZE, Q35PCIHost,
185                      mch.pci_hole64_size, Q35_PCI_HOST_HOLE64_SIZE_DEFAULT),
186     DEFINE_PROP_UINT32("short_root_bus", Q35PCIHost, mch.short_root_bus, 0),
187     DEFINE_PROP_SIZE(PCI_HOST_BELOW_4G_MEM_SIZE, Q35PCIHost,
188                      mch.below_4g_mem_size, 0),
189     DEFINE_PROP_SIZE(PCI_HOST_ABOVE_4G_MEM_SIZE, Q35PCIHost,
190                      mch.above_4g_mem_size, 0),
191     DEFINE_PROP_BOOL("x-pci-hole64-fix", Q35PCIHost, pci_hole64_fix, true),
192     DEFINE_PROP_END_OF_LIST(),
193 };
194 
195 static void q35_host_class_init(ObjectClass *klass, void *data)
196 {
197     DeviceClass *dc = DEVICE_CLASS(klass);
198     PCIHostBridgeClass *hc = PCI_HOST_BRIDGE_CLASS(klass);
199 
200     hc->root_bus_path = q35_host_root_bus_path;
201     dc->realize = q35_host_realize;
202     device_class_set_props(dc, q35_host_props);
203     /* Reason: needs to be wired up by pc_q35_init */
204     dc->user_creatable = false;
205     set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
206     dc->fw_name = "pci";
207 }
208 
209 static void q35_host_initfn(Object *obj)
210 {
211     Q35PCIHost *s = Q35_HOST_DEVICE(obj);
212     PCIHostState *phb = PCI_HOST_BRIDGE(obj);
213     PCIExpressHost *pehb = PCIE_HOST_BRIDGE(obj);
214 
215     memory_region_init_io(&phb->conf_mem, obj, &pci_host_conf_le_ops, phb,
216                           "pci-conf-idx", 4);
217     memory_region_init_io(&phb->data_mem, obj, &pci_host_data_le_ops, phb,
218                           "pci-conf-data", 4);
219 
220     object_initialize_child(OBJECT(s), "mch", &s->mch, TYPE_MCH_PCI_DEVICE);
221     qdev_prop_set_int32(DEVICE(&s->mch), "addr", PCI_DEVFN(0, 0));
222     qdev_prop_set_bit(DEVICE(&s->mch), "multifunction", false);
223     /* mch's object_initialize resets the default value, set it again */
224     qdev_prop_set_uint64(DEVICE(s), PCI_HOST_PROP_PCI_HOLE64_SIZE,
225                          Q35_PCI_HOST_HOLE64_SIZE_DEFAULT);
226     object_property_add(obj, PCI_HOST_PROP_PCI_HOLE_START, "uint32",
227                         q35_host_get_pci_hole_start,
228                         NULL, NULL, NULL);
229 
230     object_property_add(obj, PCI_HOST_PROP_PCI_HOLE_END, "uint32",
231                         q35_host_get_pci_hole_end,
232                         NULL, NULL, NULL);
233 
234     object_property_add(obj, PCI_HOST_PROP_PCI_HOLE64_START, "uint64",
235                         q35_host_get_pci_hole64_start,
236                         NULL, NULL, NULL);
237 
238     object_property_add(obj, PCI_HOST_PROP_PCI_HOLE64_END, "uint64",
239                         q35_host_get_pci_hole64_end,
240                         NULL, NULL, NULL);
241 
242     object_property_add_uint64_ptr(obj, PCIE_HOST_MCFG_SIZE,
243                                    &pehb->size, OBJ_PROP_FLAG_READ);
244 
245     object_property_add_link(obj, MCH_HOST_PROP_RAM_MEM, TYPE_MEMORY_REGION,
246                              (Object **) &s->mch.ram_memory,
247                              qdev_prop_allow_set_link_before_realize, 0);
248 
249     object_property_add_link(obj, MCH_HOST_PROP_PCI_MEM, TYPE_MEMORY_REGION,
250                              (Object **) &s->mch.pci_address_space,
251                              qdev_prop_allow_set_link_before_realize, 0);
252 
253     object_property_add_link(obj, MCH_HOST_PROP_SYSTEM_MEM, TYPE_MEMORY_REGION,
254                              (Object **) &s->mch.system_memory,
255                              qdev_prop_allow_set_link_before_realize, 0);
256 
257     object_property_add_link(obj, MCH_HOST_PROP_IO_MEM, TYPE_MEMORY_REGION,
258                              (Object **) &s->mch.address_space_io,
259                              qdev_prop_allow_set_link_before_realize, 0);
260 }
261 
262 static const TypeInfo q35_host_info = {
263     .name       = TYPE_Q35_HOST_DEVICE,
264     .parent     = TYPE_PCIE_HOST_BRIDGE,
265     .instance_size = sizeof(Q35PCIHost),
266     .instance_init = q35_host_initfn,
267     .class_init = q35_host_class_init,
268 };
269 
270 /****************************************************************************
271  * MCH D0:F0
272  */
273 
274 static uint64_t blackhole_read(void *ptr, hwaddr reg, unsigned size)
275 {
276     return 0xffffffff;
277 }
278 
279 static void blackhole_write(void *opaque, hwaddr addr, uint64_t val,
280                             unsigned width)
281 {
282     /* nothing */
283 }
284 
285 static const MemoryRegionOps blackhole_ops = {
286     .read = blackhole_read,
287     .write = blackhole_write,
288     .endianness = DEVICE_NATIVE_ENDIAN,
289     .valid.min_access_size = 1,
290     .valid.max_access_size = 4,
291     .impl.min_access_size = 4,
292     .impl.max_access_size = 4,
293     .endianness = DEVICE_LITTLE_ENDIAN,
294 };
295 
296 /* PCIe MMCFG */
297 static void mch_update_pciexbar(MCHPCIState *mch)
298 {
299     PCIDevice *pci_dev = PCI_DEVICE(mch);
300     BusState *bus = qdev_get_parent_bus(DEVICE(mch));
301     PCIExpressHost *pehb = PCIE_HOST_BRIDGE(bus->parent);
302 
303     uint64_t pciexbar;
304     int enable;
305     uint64_t addr;
306     uint64_t addr_mask;
307     uint32_t length;
308 
309     pciexbar = pci_get_quad(pci_dev->config + MCH_HOST_BRIDGE_PCIEXBAR);
310     enable = pciexbar & MCH_HOST_BRIDGE_PCIEXBAREN;
311     addr_mask = MCH_HOST_BRIDGE_PCIEXBAR_ADMSK;
312     switch (pciexbar & MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_MASK) {
313     case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_256M:
314         length = 256 * 1024 * 1024;
315         break;
316     case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_128M:
317         length = 128 * 1024 * 1024;
318         addr_mask |= MCH_HOST_BRIDGE_PCIEXBAR_128ADMSK |
319             MCH_HOST_BRIDGE_PCIEXBAR_64ADMSK;
320         break;
321     case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_64M:
322         length = 64 * 1024 * 1024;
323         addr_mask |= MCH_HOST_BRIDGE_PCIEXBAR_64ADMSK;
324         break;
325     case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_RVD:
326         qemu_log_mask(LOG_GUEST_ERROR, "Q35: Reserved PCIEXBAR LENGTH\n");
327         return;
328     default:
329         abort();
330     }
331     addr = pciexbar & addr_mask;
332     pcie_host_mmcfg_update(pehb, enable, addr, length);
333 }
334 
335 /* PAM */
336 static void mch_update_pam(MCHPCIState *mch)
337 {
338     PCIDevice *pd = PCI_DEVICE(mch);
339     int i;
340 
341     memory_region_transaction_begin();
342     for (i = 0; i < 13; i++) {
343         pam_update(&mch->pam_regions[i], i,
344                    pd->config[MCH_HOST_BRIDGE_PAM0 + DIV_ROUND_UP(i, 2)]);
345     }
346     memory_region_transaction_commit();
347 }
348 
349 /* SMRAM */
350 static void mch_update_smram(MCHPCIState *mch)
351 {
352     PCIDevice *pd = PCI_DEVICE(mch);
353     bool h_smrame = (pd->config[MCH_HOST_BRIDGE_ESMRAMC] & MCH_HOST_BRIDGE_ESMRAMC_H_SMRAME);
354     uint32_t tseg_size;
355 
356     /* implement SMRAM.D_LCK */
357     if (pd->config[MCH_HOST_BRIDGE_SMRAM] & MCH_HOST_BRIDGE_SMRAM_D_LCK) {
358         pd->config[MCH_HOST_BRIDGE_SMRAM] &= ~MCH_HOST_BRIDGE_SMRAM_D_OPEN;
359         pd->wmask[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_WMASK_LCK;
360         pd->wmask[MCH_HOST_BRIDGE_ESMRAMC] = MCH_HOST_BRIDGE_ESMRAMC_WMASK_LCK;
361     }
362 
363     memory_region_transaction_begin();
364 
365     if (pd->config[MCH_HOST_BRIDGE_SMRAM] & SMRAM_D_OPEN) {
366         /* Hide (!) low SMRAM if H_SMRAME = 1 */
367         memory_region_set_enabled(&mch->smram_region, h_smrame);
368         /* Show high SMRAM if H_SMRAME = 1 */
369         memory_region_set_enabled(&mch->open_high_smram, h_smrame);
370     } else {
371         /* Hide high SMRAM and low SMRAM */
372         memory_region_set_enabled(&mch->smram_region, true);
373         memory_region_set_enabled(&mch->open_high_smram, false);
374     }
375 
376     if (pd->config[MCH_HOST_BRIDGE_SMRAM] & SMRAM_G_SMRAME) {
377         memory_region_set_enabled(&mch->low_smram, !h_smrame);
378         memory_region_set_enabled(&mch->high_smram, h_smrame);
379     } else {
380         memory_region_set_enabled(&mch->low_smram, false);
381         memory_region_set_enabled(&mch->high_smram, false);
382     }
383 
384     if ((pd->config[MCH_HOST_BRIDGE_ESMRAMC] & MCH_HOST_BRIDGE_ESMRAMC_T_EN) &&
385         (pd->config[MCH_HOST_BRIDGE_SMRAM] & SMRAM_G_SMRAME)) {
386         switch (pd->config[MCH_HOST_BRIDGE_ESMRAMC] &
387                 MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_MASK) {
388         case MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_1MB:
389             tseg_size = 1024 * 1024;
390             break;
391         case MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_2MB:
392             tseg_size = 1024 * 1024 * 2;
393             break;
394         case MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_8MB:
395             tseg_size = 1024 * 1024 * 8;
396             break;
397         default:
398             tseg_size = 1024 * 1024 * (uint32_t)mch->ext_tseg_mbytes;
399             break;
400         }
401     } else {
402         tseg_size = 0;
403     }
404     memory_region_del_subregion(mch->system_memory, &mch->tseg_blackhole);
405     memory_region_set_enabled(&mch->tseg_blackhole, tseg_size);
406     memory_region_set_size(&mch->tseg_blackhole, tseg_size);
407     memory_region_add_subregion_overlap(mch->system_memory,
408                                         mch->below_4g_mem_size - tseg_size,
409                                         &mch->tseg_blackhole, 1);
410 
411     memory_region_set_enabled(&mch->tseg_window, tseg_size);
412     memory_region_set_size(&mch->tseg_window, tseg_size);
413     memory_region_set_address(&mch->tseg_window,
414                               mch->below_4g_mem_size - tseg_size);
415     memory_region_set_alias_offset(&mch->tseg_window,
416                                    mch->below_4g_mem_size - tseg_size);
417 
418     memory_region_transaction_commit();
419 }
420 
421 static void mch_update_ext_tseg_mbytes(MCHPCIState *mch)
422 {
423     PCIDevice *pd = PCI_DEVICE(mch);
424     uint8_t *reg = pd->config + MCH_HOST_BRIDGE_EXT_TSEG_MBYTES;
425 
426     if (mch->ext_tseg_mbytes > 0 &&
427         pci_get_word(reg) == MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_QUERY) {
428         pci_set_word(reg, mch->ext_tseg_mbytes);
429     }
430 }
431 
432 static void mch_update_smbase_smram(MCHPCIState *mch)
433 {
434     PCIDevice *pd = PCI_DEVICE(mch);
435     uint8_t *reg = pd->config + MCH_HOST_BRIDGE_F_SMBASE;
436     bool lck;
437 
438     if (!mch->has_smram_at_smbase) {
439         return;
440     }
441 
442     if (*reg == MCH_HOST_BRIDGE_F_SMBASE_QUERY) {
443         pd->wmask[MCH_HOST_BRIDGE_F_SMBASE] =
444             MCH_HOST_BRIDGE_F_SMBASE_LCK;
445         *reg = MCH_HOST_BRIDGE_F_SMBASE_IN_RAM;
446         return;
447     }
448 
449     /*
450      * default/reset state, discard written value
451      * which will disable SMRAM balackhole at SMBASE
452      */
453     if (pd->wmask[MCH_HOST_BRIDGE_F_SMBASE] == 0xff) {
454         *reg = 0x00;
455     }
456 
457     memory_region_transaction_begin();
458     if (*reg & MCH_HOST_BRIDGE_F_SMBASE_LCK) {
459         /* disable all writes */
460         pd->wmask[MCH_HOST_BRIDGE_F_SMBASE] &=
461             ~MCH_HOST_BRIDGE_F_SMBASE_LCK;
462         *reg = MCH_HOST_BRIDGE_F_SMBASE_LCK;
463         lck = true;
464     } else {
465         lck = false;
466     }
467     memory_region_set_enabled(&mch->smbase_blackhole, lck);
468     memory_region_set_enabled(&mch->smbase_window, lck);
469     memory_region_transaction_commit();
470 }
471 
472 static void mch_write_config(PCIDevice *d,
473                               uint32_t address, uint32_t val, int len)
474 {
475     MCHPCIState *mch = MCH_PCI_DEVICE(d);
476 
477     pci_default_write_config(d, address, val, len);
478 
479     if (ranges_overlap(address, len, MCH_HOST_BRIDGE_PAM0,
480                        MCH_HOST_BRIDGE_PAM_SIZE)) {
481         mch_update_pam(mch);
482     }
483 
484     if (ranges_overlap(address, len, MCH_HOST_BRIDGE_PCIEXBAR,
485                        MCH_HOST_BRIDGE_PCIEXBAR_SIZE)) {
486         mch_update_pciexbar(mch);
487     }
488 
489     if (ranges_overlap(address, len, MCH_HOST_BRIDGE_SMRAM,
490                        MCH_HOST_BRIDGE_SMRAM_SIZE)) {
491         mch_update_smram(mch);
492     }
493 
494     if (ranges_overlap(address, len, MCH_HOST_BRIDGE_EXT_TSEG_MBYTES,
495                        MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_SIZE)) {
496         mch_update_ext_tseg_mbytes(mch);
497     }
498 
499     if (ranges_overlap(address, len, MCH_HOST_BRIDGE_F_SMBASE, 1)) {
500         mch_update_smbase_smram(mch);
501     }
502 }
503 
504 static void mch_update(MCHPCIState *mch)
505 {
506     mch_update_pciexbar(mch);
507     mch_update_pam(mch);
508     mch_update_smram(mch);
509     mch_update_ext_tseg_mbytes(mch);
510     mch_update_smbase_smram(mch);
511 
512     /*
513      * pci hole goes from end-of-low-ram to io-apic.
514      * mmconfig will be excluded by the dsdt builder.
515      */
516     range_set_bounds(&mch->pci_hole,
517                      mch->below_4g_mem_size,
518                      IO_APIC_DEFAULT_ADDRESS - 1);
519 }
520 
521 static int mch_post_load(void *opaque, int version_id)
522 {
523     MCHPCIState *mch = opaque;
524     mch_update(mch);
525     return 0;
526 }
527 
528 static const VMStateDescription vmstate_mch = {
529     .name = "mch",
530     .version_id = 1,
531     .minimum_version_id = 1,
532     .post_load = mch_post_load,
533     .fields = (VMStateField[]) {
534         VMSTATE_PCI_DEVICE(parent_obj, MCHPCIState),
535         /* Used to be smm_enabled, which was basically always zero because
536          * SeaBIOS hardly uses SMM.  SMRAM is now handled by CPU code.
537          */
538         VMSTATE_UNUSED(1),
539         VMSTATE_END_OF_LIST()
540     }
541 };
542 
543 static void mch_reset(DeviceState *qdev)
544 {
545     PCIDevice *d = PCI_DEVICE(qdev);
546     MCHPCIState *mch = MCH_PCI_DEVICE(d);
547 
548     pci_set_quad(d->config + MCH_HOST_BRIDGE_PCIEXBAR,
549                  MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT);
550 
551     d->config[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_DEFAULT;
552     d->config[MCH_HOST_BRIDGE_ESMRAMC] = MCH_HOST_BRIDGE_ESMRAMC_DEFAULT;
553     d->wmask[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_WMASK;
554     d->wmask[MCH_HOST_BRIDGE_ESMRAMC] = MCH_HOST_BRIDGE_ESMRAMC_WMASK;
555 
556     if (mch->ext_tseg_mbytes > 0) {
557         pci_set_word(d->config + MCH_HOST_BRIDGE_EXT_TSEG_MBYTES,
558                      MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_QUERY);
559     }
560 
561     d->config[MCH_HOST_BRIDGE_F_SMBASE] = 0;
562     d->wmask[MCH_HOST_BRIDGE_F_SMBASE] = 0xff;
563 
564     mch_update(mch);
565 }
566 
567 static void mch_realize(PCIDevice *d, Error **errp)
568 {
569     int i;
570     MCHPCIState *mch = MCH_PCI_DEVICE(d);
571 
572     if (mch->ext_tseg_mbytes > MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_MAX) {
573         error_setg(errp, "invalid extended-tseg-mbytes value: %" PRIu16,
574                    mch->ext_tseg_mbytes);
575         return;
576     }
577 
578     /* setup pci memory mapping */
579     pc_pci_as_mapping_init(mch->system_memory, mch->pci_address_space);
580 
581     /* if *disabled* show SMRAM to all CPUs */
582     memory_region_init_alias(&mch->smram_region, OBJECT(mch), "smram-region",
583                              mch->pci_address_space, MCH_HOST_BRIDGE_SMRAM_C_BASE,
584                              MCH_HOST_BRIDGE_SMRAM_C_SIZE);
585     memory_region_add_subregion_overlap(mch->system_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
586                                         &mch->smram_region, 1);
587     memory_region_set_enabled(&mch->smram_region, true);
588 
589     memory_region_init_alias(&mch->open_high_smram, OBJECT(mch), "smram-open-high",
590                              mch->ram_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
591                              MCH_HOST_BRIDGE_SMRAM_C_SIZE);
592     memory_region_add_subregion_overlap(mch->system_memory, 0xfeda0000,
593                                         &mch->open_high_smram, 1);
594     memory_region_set_enabled(&mch->open_high_smram, false);
595 
596     /* smram, as seen by SMM CPUs */
597     memory_region_init(&mch->smram, OBJECT(mch), "smram", 4 * GiB);
598     memory_region_set_enabled(&mch->smram, true);
599     memory_region_init_alias(&mch->low_smram, OBJECT(mch), "smram-low",
600                              mch->ram_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
601                              MCH_HOST_BRIDGE_SMRAM_C_SIZE);
602     memory_region_set_enabled(&mch->low_smram, true);
603     memory_region_add_subregion(&mch->smram, MCH_HOST_BRIDGE_SMRAM_C_BASE,
604                                 &mch->low_smram);
605     memory_region_init_alias(&mch->high_smram, OBJECT(mch), "smram-high",
606                              mch->ram_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
607                              MCH_HOST_BRIDGE_SMRAM_C_SIZE);
608     memory_region_set_enabled(&mch->high_smram, true);
609     memory_region_add_subregion(&mch->smram, 0xfeda0000, &mch->high_smram);
610 
611     memory_region_init_io(&mch->tseg_blackhole, OBJECT(mch),
612                           &blackhole_ops, NULL,
613                           "tseg-blackhole", 0);
614     memory_region_set_enabled(&mch->tseg_blackhole, false);
615     memory_region_add_subregion_overlap(mch->system_memory,
616                                         mch->below_4g_mem_size,
617                                         &mch->tseg_blackhole, 1);
618 
619     memory_region_init_alias(&mch->tseg_window, OBJECT(mch), "tseg-window",
620                              mch->ram_memory, mch->below_4g_mem_size, 0);
621     memory_region_set_enabled(&mch->tseg_window, false);
622     memory_region_add_subregion(&mch->smram, mch->below_4g_mem_size,
623                                 &mch->tseg_window);
624 
625     /*
626      * This is not what hardware does, so it's QEMU specific hack.
627      * See commit message for details.
628      */
629     memory_region_init_io(&mch->smbase_blackhole, OBJECT(mch), &blackhole_ops,
630                           NULL, "smbase-blackhole",
631                           MCH_HOST_BRIDGE_SMBASE_SIZE);
632     memory_region_set_enabled(&mch->smbase_blackhole, false);
633     memory_region_add_subregion_overlap(mch->system_memory,
634                                         MCH_HOST_BRIDGE_SMBASE_ADDR,
635                                         &mch->smbase_blackhole, 1);
636 
637     memory_region_init_alias(&mch->smbase_window, OBJECT(mch),
638                              "smbase-window", mch->ram_memory,
639                              MCH_HOST_BRIDGE_SMBASE_ADDR,
640                              MCH_HOST_BRIDGE_SMBASE_SIZE);
641     memory_region_set_enabled(&mch->smbase_window, false);
642     memory_region_add_subregion(&mch->smram, MCH_HOST_BRIDGE_SMBASE_ADDR,
643                                 &mch->smbase_window);
644 
645     object_property_add_const_link(qdev_get_machine(), "smram",
646                                    OBJECT(&mch->smram));
647 
648     init_pam(&mch->pam_regions[0], OBJECT(mch), mch->ram_memory,
649              mch->system_memory, mch->pci_address_space,
650              PAM_BIOS_BASE, PAM_BIOS_SIZE);
651     for (i = 0; i < ARRAY_SIZE(mch->pam_regions) - 1; ++i) {
652         init_pam(&mch->pam_regions[i + 1], OBJECT(mch), mch->ram_memory,
653                  mch->system_memory, mch->pci_address_space,
654                  PAM_EXPAN_BASE + i * PAM_EXPAN_SIZE, PAM_EXPAN_SIZE);
655     }
656 }
657 
658 uint64_t mch_mcfg_base(void)
659 {
660     bool ambiguous;
661     Object *o = object_resolve_path_type("", TYPE_MCH_PCI_DEVICE, &ambiguous);
662     if (!o) {
663         return 0;
664     }
665     return MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT;
666 }
667 
668 static Property mch_props[] = {
669     DEFINE_PROP_UINT16("extended-tseg-mbytes", MCHPCIState, ext_tseg_mbytes,
670                        16),
671     DEFINE_PROP_BOOL("smbase-smram", MCHPCIState, has_smram_at_smbase, true),
672     DEFINE_PROP_END_OF_LIST(),
673 };
674 
675 static void mch_class_init(ObjectClass *klass, void *data)
676 {
677     PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
678     DeviceClass *dc = DEVICE_CLASS(klass);
679 
680     k->realize = mch_realize;
681     k->config_write = mch_write_config;
682     dc->reset = mch_reset;
683     device_class_set_props(dc, mch_props);
684     set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
685     dc->desc = "Host bridge";
686     dc->vmsd = &vmstate_mch;
687     k->vendor_id = PCI_VENDOR_ID_INTEL;
688     /*
689      * The 'q35' machine type implements an Intel Series 3 chipset,
690      * of which there are several variants. The key difference between
691      * the 82P35 MCH ('p35') and 82Q35 GMCH ('q35') variants is that
692      * the latter has an integrated graphics adapter. QEMU does not
693      * implement integrated graphics, so uses the PCI ID for the 82P35
694      * chipset.
695      */
696     k->device_id = PCI_DEVICE_ID_INTEL_P35_MCH;
697     k->revision = MCH_HOST_BRIDGE_REVISION_DEFAULT;
698     k->class_id = PCI_CLASS_BRIDGE_HOST;
699     /*
700      * PCI-facing part of the host bridge, not usable without the
701      * host-facing part, which can't be device_add'ed, yet.
702      */
703     dc->user_creatable = false;
704 }
705 
706 static const TypeInfo mch_info = {
707     .name = TYPE_MCH_PCI_DEVICE,
708     .parent = TYPE_PCI_DEVICE,
709     .instance_size = sizeof(MCHPCIState),
710     .class_init = mch_class_init,
711     .interfaces = (InterfaceInfo[]) {
712         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
713         { },
714     },
715 };
716 
717 static void q35_register(void)
718 {
719     type_register_static(&mch_info);
720     type_register_static(&q35_host_info);
721 }
722 
723 type_init(q35_register);
724