xref: /openbmc/qemu/hw/ppc/spapr_pci.c (revision 126d4123c50a78a99e04196126d42627911ef5b8)
1 /*
2  * QEMU sPAPR PCI host originated from Uninorth PCI host
3  *
4  * Copyright (c) 2011 Alexey Kardashevskiy, IBM Corporation.
5  * Copyright (C) 2011 David Gibson, IBM Corporation.
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23  * THE SOFTWARE.
24  */
25 
26 #include "qemu/osdep.h"
27 #include "qapi/error.h"
28 #include "hw/irq.h"
29 #include "hw/sysbus.h"
30 #include "migration/vmstate.h"
31 #include "hw/pci/pci.h"
32 #include "hw/pci/msi.h"
33 #include "hw/pci/msix.h"
34 #include "hw/pci/pci_host.h"
35 #include "hw/ppc/spapr.h"
36 #include "hw/pci-host/spapr.h"
37 #include "exec/ram_addr.h"
38 #include <libfdt.h>
39 #include "trace.h"
40 #include "qemu/error-report.h"
41 #include "qemu/module.h"
42 #include "qapi/qmp/qerror.h"
43 #include "hw/ppc/fdt.h"
44 #include "hw/pci/pci_bridge.h"
45 #include "hw/pci/pci_bus.h"
46 #include "hw/pci/pci_ids.h"
47 #include "hw/ppc/spapr_drc.h"
48 #include "hw/qdev-properties.h"
49 #include "sysemu/device_tree.h"
50 #include "sysemu/kvm.h"
51 #include "sysemu/hostmem.h"
52 #include "sysemu/numa.h"
53 #include "hw/ppc/spapr_numa.h"
54 #include "qemu/log.h"
55 
56 /* Copied from the kernel arch/powerpc/platforms/pseries/msi.c */
57 #define RTAS_QUERY_FN           0
58 #define RTAS_CHANGE_FN          1
59 #define RTAS_RESET_FN           2
60 #define RTAS_CHANGE_MSI_FN      3
61 #define RTAS_CHANGE_MSIX_FN     4
62 
63 /* Interrupt types to return on RTAS_CHANGE_* */
64 #define RTAS_TYPE_MSI           1
65 #define RTAS_TYPE_MSIX          2
66 
67 SpaprPhbState *spapr_pci_find_phb(SpaprMachineState *spapr, uint64_t buid)
68 {
69     SpaprPhbState *sphb;
70 
71     QLIST_FOREACH(sphb, &spapr->phbs, list) {
72         if (sphb->buid != buid) {
73             continue;
74         }
75         return sphb;
76     }
77 
78     return NULL;
79 }
80 
81 PCIDevice *spapr_pci_find_dev(SpaprMachineState *spapr, uint64_t buid,
82                               uint32_t config_addr)
83 {
84     SpaprPhbState *sphb = spapr_pci_find_phb(spapr, buid);
85     PCIHostState *phb = PCI_HOST_BRIDGE(sphb);
86     int bus_num = (config_addr >> 16) & 0xFF;
87     int devfn = (config_addr >> 8) & 0xFF;
88 
89     if (!phb) {
90         return NULL;
91     }
92 
93     return pci_find_device(phb->bus, bus_num, devfn);
94 }
95 
96 static uint32_t rtas_pci_cfgaddr(uint32_t arg)
97 {
98     /* This handles the encoding of extended config space addresses */
99     return ((arg >> 20) & 0xf00) | (arg & 0xff);
100 }
101 
102 static void finish_read_pci_config(SpaprMachineState *spapr, uint64_t buid,
103                                    uint32_t addr, uint32_t size,
104                                    target_ulong rets)
105 {
106     PCIDevice *pci_dev;
107     uint32_t val;
108 
109     if ((size != 1) && (size != 2) && (size != 4)) {
110         /* access must be 1, 2 or 4 bytes */
111         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
112         return;
113     }
114 
115     pci_dev = spapr_pci_find_dev(spapr, buid, addr);
116     addr = rtas_pci_cfgaddr(addr);
117 
118     if (!pci_dev || (addr % size) || (addr >= pci_config_size(pci_dev))) {
119         /* Access must be to a valid device, within bounds and
120          * naturally aligned */
121         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
122         return;
123     }
124 
125     val = pci_host_config_read_common(pci_dev, addr,
126                                       pci_config_size(pci_dev), size);
127 
128     rtas_st(rets, 0, RTAS_OUT_SUCCESS);
129     rtas_st(rets, 1, val);
130 }
131 
132 static void rtas_ibm_read_pci_config(PowerPCCPU *cpu, SpaprMachineState *spapr,
133                                      uint32_t token, uint32_t nargs,
134                                      target_ulong args,
135                                      uint32_t nret, target_ulong rets)
136 {
137     uint64_t buid;
138     uint32_t size, addr;
139 
140     if ((nargs != 4) || (nret != 2)) {
141         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
142         return;
143     }
144 
145     buid = rtas_ldq(args, 1);
146     size = rtas_ld(args, 3);
147     addr = rtas_ld(args, 0);
148 
149     finish_read_pci_config(spapr, buid, addr, size, rets);
150 }
151 
152 static void rtas_read_pci_config(PowerPCCPU *cpu, SpaprMachineState *spapr,
153                                  uint32_t token, uint32_t nargs,
154                                  target_ulong args,
155                                  uint32_t nret, target_ulong rets)
156 {
157     uint32_t size, addr;
158 
159     if ((nargs != 2) || (nret != 2)) {
160         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
161         return;
162     }
163 
164     size = rtas_ld(args, 1);
165     addr = rtas_ld(args, 0);
166 
167     finish_read_pci_config(spapr, 0, addr, size, rets);
168 }
169 
170 static void finish_write_pci_config(SpaprMachineState *spapr, uint64_t buid,
171                                     uint32_t addr, uint32_t size,
172                                     uint32_t val, target_ulong rets)
173 {
174     PCIDevice *pci_dev;
175 
176     if ((size != 1) && (size != 2) && (size != 4)) {
177         /* access must be 1, 2 or 4 bytes */
178         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
179         return;
180     }
181 
182     pci_dev = spapr_pci_find_dev(spapr, buid, addr);
183     addr = rtas_pci_cfgaddr(addr);
184 
185     if (!pci_dev || (addr % size) || (addr >= pci_config_size(pci_dev))) {
186         /* Access must be to a valid device, within bounds and
187          * naturally aligned */
188         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
189         return;
190     }
191 
192     pci_host_config_write_common(pci_dev, addr, pci_config_size(pci_dev),
193                                  val, size);
194 
195     rtas_st(rets, 0, RTAS_OUT_SUCCESS);
196 }
197 
198 static void rtas_ibm_write_pci_config(PowerPCCPU *cpu, SpaprMachineState *spapr,
199                                       uint32_t token, uint32_t nargs,
200                                       target_ulong args,
201                                       uint32_t nret, target_ulong rets)
202 {
203     uint64_t buid;
204     uint32_t val, size, addr;
205 
206     if ((nargs != 5) || (nret != 1)) {
207         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
208         return;
209     }
210 
211     buid = rtas_ldq(args, 1);
212     val = rtas_ld(args, 4);
213     size = rtas_ld(args, 3);
214     addr = rtas_ld(args, 0);
215 
216     finish_write_pci_config(spapr, buid, addr, size, val, rets);
217 }
218 
219 static void rtas_write_pci_config(PowerPCCPU *cpu, SpaprMachineState *spapr,
220                                   uint32_t token, uint32_t nargs,
221                                   target_ulong args,
222                                   uint32_t nret, target_ulong rets)
223 {
224     uint32_t val, size, addr;
225 
226     if ((nargs != 3) || (nret != 1)) {
227         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
228         return;
229     }
230 
231 
232     val = rtas_ld(args, 2);
233     size = rtas_ld(args, 1);
234     addr = rtas_ld(args, 0);
235 
236     finish_write_pci_config(spapr, 0, addr, size, val, rets);
237 }
238 
239 /*
240  * Set MSI/MSIX message data.
241  * This is required for msi_notify()/msix_notify() which
242  * will write at the addresses via spapr_msi_write().
243  *
244  * If hwaddr == 0, all entries will have .data == first_irq i.e.
245  * table will be reset.
246  */
247 static void spapr_msi_setmsg(PCIDevice *pdev, hwaddr addr, bool msix,
248                              unsigned first_irq, unsigned req_num)
249 {
250     unsigned i;
251     MSIMessage msg = { .address = addr, .data = first_irq };
252 
253     if (!msix) {
254         msi_set_message(pdev, msg);
255         trace_spapr_pci_msi_setup(pdev->name, 0, msg.address);
256         return;
257     }
258 
259     for (i = 0; i < req_num; ++i) {
260         msix_set_message(pdev, i, msg);
261         trace_spapr_pci_msi_setup(pdev->name, i, msg.address);
262         if (addr) {
263             ++msg.data;
264         }
265     }
266 }
267 
268 static void rtas_ibm_change_msi(PowerPCCPU *cpu, SpaprMachineState *spapr,
269                                 uint32_t token, uint32_t nargs,
270                                 target_ulong args, uint32_t nret,
271                                 target_ulong rets)
272 {
273     SpaprMachineClass *smc = SPAPR_MACHINE_GET_CLASS(spapr);
274     uint32_t config_addr = rtas_ld(args, 0);
275     uint64_t buid = rtas_ldq(args, 1);
276     unsigned int func = rtas_ld(args, 3);
277     unsigned int req_num = rtas_ld(args, 4); /* 0 == remove all */
278     unsigned int seq_num = rtas_ld(args, 5);
279     unsigned int ret_intr_type;
280     unsigned int irq, max_irqs = 0;
281     SpaprPhbState *phb = NULL;
282     PCIDevice *pdev = NULL;
283     SpaprPciMsi *msi;
284     int *config_addr_key;
285     Error *err = NULL;
286     int i;
287 
288     /* Fins SpaprPhbState */
289     phb = spapr_pci_find_phb(spapr, buid);
290     if (phb) {
291         pdev = spapr_pci_find_dev(spapr, buid, config_addr);
292     }
293     if (!phb || !pdev) {
294         rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
295         return;
296     }
297 
298     switch (func) {
299     case RTAS_CHANGE_FN:
300         if (msi_present(pdev)) {
301             ret_intr_type = RTAS_TYPE_MSI;
302         } else if (msix_present(pdev)) {
303             ret_intr_type = RTAS_TYPE_MSIX;
304         } else {
305             rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
306             return;
307         }
308         break;
309     case RTAS_CHANGE_MSI_FN:
310         if (msi_present(pdev)) {
311             ret_intr_type = RTAS_TYPE_MSI;
312         } else {
313             rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
314             return;
315         }
316         break;
317     case RTAS_CHANGE_MSIX_FN:
318         if (msix_present(pdev)) {
319             ret_intr_type = RTAS_TYPE_MSIX;
320         } else {
321             rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
322             return;
323         }
324         break;
325     default:
326         error_report("rtas_ibm_change_msi(%u) is not implemented", func);
327         rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
328         return;
329     }
330 
331     msi = (SpaprPciMsi *) g_hash_table_lookup(phb->msi, &config_addr);
332 
333     /* Releasing MSIs */
334     if (!req_num) {
335         if (!msi) {
336             trace_spapr_pci_msi("Releasing wrong config", config_addr);
337             rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
338             return;
339         }
340 
341         if (msi_present(pdev)) {
342             spapr_msi_setmsg(pdev, 0, false, 0, 0);
343         }
344         if (msix_present(pdev)) {
345             spapr_msi_setmsg(pdev, 0, true, 0, 0);
346         }
347         g_hash_table_remove(phb->msi, &config_addr);
348 
349         trace_spapr_pci_msi("Released MSIs", config_addr);
350         rtas_st(rets, 0, RTAS_OUT_SUCCESS);
351         rtas_st(rets, 1, 0);
352         return;
353     }
354 
355     /* Enabling MSI */
356 
357     /* Check if the device supports as many IRQs as requested */
358     if (ret_intr_type == RTAS_TYPE_MSI) {
359         max_irqs = msi_nr_vectors_allocated(pdev);
360     } else if (ret_intr_type == RTAS_TYPE_MSIX) {
361         max_irqs = pdev->msix_entries_nr;
362     }
363     if (!max_irqs) {
364         error_report("Requested interrupt type %d is not enabled for device %x",
365                      ret_intr_type, config_addr);
366         rtas_st(rets, 0, -1); /* Hardware error */
367         return;
368     }
369     /* Correct the number if the guest asked for too many */
370     if (req_num > max_irqs) {
371         trace_spapr_pci_msi_retry(config_addr, req_num, max_irqs);
372         req_num = max_irqs;
373         irq = 0; /* to avoid misleading trace */
374         goto out;
375     }
376 
377     /* Allocate MSIs */
378     if (smc->legacy_irq_allocation) {
379         irq = spapr_irq_find(spapr, req_num, ret_intr_type == RTAS_TYPE_MSI,
380                              &err);
381     } else {
382         irq = spapr_irq_msi_alloc(spapr, req_num,
383                                   ret_intr_type == RTAS_TYPE_MSI, &err);
384     }
385     if (err) {
386         error_reportf_err(err, "Can't allocate MSIs for device %x: ",
387                           config_addr);
388         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
389         return;
390     }
391 
392     for (i = 0; i < req_num; i++) {
393         spapr_irq_claim(spapr, irq + i, false, &err);
394         if (err) {
395             if (i) {
396                 spapr_irq_free(spapr, irq, i);
397             }
398             if (!smc->legacy_irq_allocation) {
399                 spapr_irq_msi_free(spapr, irq, req_num);
400             }
401             error_reportf_err(err, "Can't allocate MSIs for device %x: ",
402                               config_addr);
403             rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
404             return;
405         }
406     }
407 
408     /* Release previous MSIs */
409     if (msi) {
410         g_hash_table_remove(phb->msi, &config_addr);
411     }
412 
413     /* Setup MSI/MSIX vectors in the device (via cfgspace or MSIX BAR) */
414     spapr_msi_setmsg(pdev, SPAPR_PCI_MSI_WINDOW, ret_intr_type == RTAS_TYPE_MSIX,
415                      irq, req_num);
416 
417     /* Add MSI device to cache */
418     msi = g_new(SpaprPciMsi, 1);
419     msi->first_irq = irq;
420     msi->num = req_num;
421     config_addr_key = g_new(int, 1);
422     *config_addr_key = config_addr;
423     g_hash_table_insert(phb->msi, config_addr_key, msi);
424 
425 out:
426     rtas_st(rets, 0, RTAS_OUT_SUCCESS);
427     rtas_st(rets, 1, req_num);
428     rtas_st(rets, 2, ++seq_num);
429     if (nret > 3) {
430         rtas_st(rets, 3, ret_intr_type);
431     }
432 
433     trace_spapr_pci_rtas_ibm_change_msi(config_addr, func, req_num, irq);
434 }
435 
436 static void rtas_ibm_query_interrupt_source_number(PowerPCCPU *cpu,
437                                                    SpaprMachineState *spapr,
438                                                    uint32_t token,
439                                                    uint32_t nargs,
440                                                    target_ulong args,
441                                                    uint32_t nret,
442                                                    target_ulong rets)
443 {
444     uint32_t config_addr = rtas_ld(args, 0);
445     uint64_t buid = rtas_ldq(args, 1);
446     unsigned int intr_src_num = -1, ioa_intr_num = rtas_ld(args, 3);
447     SpaprPhbState *phb = NULL;
448     PCIDevice *pdev = NULL;
449     SpaprPciMsi *msi;
450 
451     /* Find SpaprPhbState */
452     phb = spapr_pci_find_phb(spapr, buid);
453     if (phb) {
454         pdev = spapr_pci_find_dev(spapr, buid, config_addr);
455     }
456     if (!phb || !pdev) {
457         rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
458         return;
459     }
460 
461     /* Find device descriptor and start IRQ */
462     msi = (SpaprPciMsi *) g_hash_table_lookup(phb->msi, &config_addr);
463     if (!msi || !msi->first_irq || !msi->num || (ioa_intr_num >= msi->num)) {
464         trace_spapr_pci_msi("Failed to return vector", config_addr);
465         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
466         return;
467     }
468     intr_src_num = msi->first_irq + ioa_intr_num;
469     trace_spapr_pci_rtas_ibm_query_interrupt_source_number(ioa_intr_num,
470                                                            intr_src_num);
471 
472     rtas_st(rets, 0, RTAS_OUT_SUCCESS);
473     rtas_st(rets, 1, intr_src_num);
474     rtas_st(rets, 2, 1);/* 0 == level; 1 == edge */
475 }
476 
477 static void rtas_ibm_set_eeh_option(PowerPCCPU *cpu,
478                                     SpaprMachineState *spapr,
479                                     uint32_t token, uint32_t nargs,
480                                     target_ulong args, uint32_t nret,
481                                     target_ulong rets)
482 {
483     SpaprPhbState *sphb;
484     uint32_t addr, option;
485     uint64_t buid;
486     int ret;
487 
488     if ((nargs != 4) || (nret != 1)) {
489         goto param_error_exit;
490     }
491 
492     buid = rtas_ldq(args, 1);
493     addr = rtas_ld(args, 0);
494     option = rtas_ld(args, 3);
495 
496     sphb = spapr_pci_find_phb(spapr, buid);
497     if (!sphb) {
498         goto param_error_exit;
499     }
500 
501     if (!spapr_phb_eeh_available(sphb)) {
502         goto param_error_exit;
503     }
504 
505     ret = spapr_phb_vfio_eeh_set_option(sphb, addr, option);
506     rtas_st(rets, 0, ret);
507     return;
508 
509 param_error_exit:
510     rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
511 }
512 
513 static void rtas_ibm_get_config_addr_info2(PowerPCCPU *cpu,
514                                            SpaprMachineState *spapr,
515                                            uint32_t token, uint32_t nargs,
516                                            target_ulong args, uint32_t nret,
517                                            target_ulong rets)
518 {
519     SpaprPhbState *sphb;
520     PCIDevice *pdev;
521     uint32_t addr, option;
522     uint64_t buid;
523 
524     if ((nargs != 4) || (nret != 2)) {
525         goto param_error_exit;
526     }
527 
528     buid = rtas_ldq(args, 1);
529     sphb = spapr_pci_find_phb(spapr, buid);
530     if (!sphb) {
531         goto param_error_exit;
532     }
533 
534     if (!spapr_phb_eeh_available(sphb)) {
535         goto param_error_exit;
536     }
537 
538     /*
539      * We always have PE address of form "00BB0001". "BB"
540      * represents the bus number of PE's primary bus.
541      */
542     option = rtas_ld(args, 3);
543     switch (option) {
544     case RTAS_GET_PE_ADDR:
545         addr = rtas_ld(args, 0);
546         pdev = spapr_pci_find_dev(spapr, buid, addr);
547         if (!pdev) {
548             goto param_error_exit;
549         }
550 
551         rtas_st(rets, 1, (pci_bus_num(pci_get_bus(pdev)) << 16) + 1);
552         break;
553     case RTAS_GET_PE_MODE:
554         rtas_st(rets, 1, RTAS_PE_MODE_SHARED);
555         break;
556     default:
557         goto param_error_exit;
558     }
559 
560     rtas_st(rets, 0, RTAS_OUT_SUCCESS);
561     return;
562 
563 param_error_exit:
564     rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
565 }
566 
567 static void rtas_ibm_read_slot_reset_state2(PowerPCCPU *cpu,
568                                             SpaprMachineState *spapr,
569                                             uint32_t token, uint32_t nargs,
570                                             target_ulong args, uint32_t nret,
571                                             target_ulong rets)
572 {
573     SpaprPhbState *sphb;
574     uint64_t buid;
575     int state, ret;
576 
577     if ((nargs != 3) || (nret != 4 && nret != 5)) {
578         goto param_error_exit;
579     }
580 
581     buid = rtas_ldq(args, 1);
582     sphb = spapr_pci_find_phb(spapr, buid);
583     if (!sphb) {
584         goto param_error_exit;
585     }
586 
587     if (!spapr_phb_eeh_available(sphb)) {
588         goto param_error_exit;
589     }
590 
591     ret = spapr_phb_vfio_eeh_get_state(sphb, &state);
592     rtas_st(rets, 0, ret);
593     if (ret != RTAS_OUT_SUCCESS) {
594         return;
595     }
596 
597     rtas_st(rets, 1, state);
598     rtas_st(rets, 2, RTAS_EEH_SUPPORT);
599     rtas_st(rets, 3, RTAS_EEH_PE_UNAVAIL_INFO);
600     if (nret >= 5) {
601         rtas_st(rets, 4, RTAS_EEH_PE_RECOVER_INFO);
602     }
603     return;
604 
605 param_error_exit:
606     rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
607 }
608 
609 static void rtas_ibm_set_slot_reset(PowerPCCPU *cpu,
610                                     SpaprMachineState *spapr,
611                                     uint32_t token, uint32_t nargs,
612                                     target_ulong args, uint32_t nret,
613                                     target_ulong rets)
614 {
615     SpaprPhbState *sphb;
616     uint32_t option;
617     uint64_t buid;
618     int ret;
619 
620     if ((nargs != 4) || (nret != 1)) {
621         goto param_error_exit;
622     }
623 
624     buid = rtas_ldq(args, 1);
625     option = rtas_ld(args, 3);
626     sphb = spapr_pci_find_phb(spapr, buid);
627     if (!sphb) {
628         goto param_error_exit;
629     }
630 
631     if (!spapr_phb_eeh_available(sphb)) {
632         goto param_error_exit;
633     }
634 
635     ret = spapr_phb_vfio_eeh_reset(sphb, option);
636     rtas_st(rets, 0, ret);
637     return;
638 
639 param_error_exit:
640     rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
641 }
642 
643 static void rtas_ibm_configure_pe(PowerPCCPU *cpu,
644                                   SpaprMachineState *spapr,
645                                   uint32_t token, uint32_t nargs,
646                                   target_ulong args, uint32_t nret,
647                                   target_ulong rets)
648 {
649     SpaprPhbState *sphb;
650     uint64_t buid;
651     int ret;
652 
653     if ((nargs != 3) || (nret != 1)) {
654         goto param_error_exit;
655     }
656 
657     buid = rtas_ldq(args, 1);
658     sphb = spapr_pci_find_phb(spapr, buid);
659     if (!sphb) {
660         goto param_error_exit;
661     }
662 
663     if (!spapr_phb_eeh_available(sphb)) {
664         goto param_error_exit;
665     }
666 
667     ret = spapr_phb_vfio_eeh_configure(sphb);
668     rtas_st(rets, 0, ret);
669     return;
670 
671 param_error_exit:
672     rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
673 }
674 
675 /* To support it later */
676 static void rtas_ibm_slot_error_detail(PowerPCCPU *cpu,
677                                        SpaprMachineState *spapr,
678                                        uint32_t token, uint32_t nargs,
679                                        target_ulong args, uint32_t nret,
680                                        target_ulong rets)
681 {
682     SpaprPhbState *sphb;
683     int option;
684     uint64_t buid;
685 
686     if ((nargs != 8) || (nret != 1)) {
687         goto param_error_exit;
688     }
689 
690     buid = rtas_ldq(args, 1);
691     sphb = spapr_pci_find_phb(spapr, buid);
692     if (!sphb) {
693         goto param_error_exit;
694     }
695 
696     if (!spapr_phb_eeh_available(sphb)) {
697         goto param_error_exit;
698     }
699 
700     option = rtas_ld(args, 7);
701     switch (option) {
702     case RTAS_SLOT_TEMP_ERR_LOG:
703     case RTAS_SLOT_PERM_ERR_LOG:
704         break;
705     default:
706         goto param_error_exit;
707     }
708 
709     /* We don't have error log yet */
710     rtas_st(rets, 0, RTAS_OUT_NO_ERRORS_FOUND);
711     return;
712 
713 param_error_exit:
714     rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
715 }
716 
717 static void pci_spapr_set_irq(void *opaque, int irq_num, int level)
718 {
719     /*
720      * Here we use the number returned by pci_swizzle_map_irq_fn to find a
721      * corresponding qemu_irq.
722      */
723     SpaprPhbState *phb = opaque;
724     SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
725 
726     trace_spapr_pci_lsi_set(phb->dtbusname, irq_num, phb->lsi_table[irq_num].irq);
727     qemu_set_irq(spapr_qirq(spapr, phb->lsi_table[irq_num].irq), level);
728 }
729 
730 static PCIINTxRoute spapr_route_intx_pin_to_irq(void *opaque, int pin)
731 {
732     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(opaque);
733     PCIINTxRoute route;
734 
735     route.mode = PCI_INTX_ENABLED;
736     route.irq = sphb->lsi_table[pin].irq;
737 
738     return route;
739 }
740 
741 static uint64_t spapr_msi_read(void *opaque, hwaddr addr, unsigned size)
742 {
743     qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid access\n", __func__);
744     return 0;
745 }
746 
747 /*
748  * MSI/MSIX memory region implementation.
749  * The handler handles both MSI and MSIX.
750  * The vector number is encoded in least bits in data.
751  */
752 static void spapr_msi_write(void *opaque, hwaddr addr,
753                             uint64_t data, unsigned size)
754 {
755     SpaprMachineState *spapr = opaque;
756     uint32_t irq = data;
757 
758     trace_spapr_pci_msi_write(addr, data, irq);
759 
760     qemu_irq_pulse(spapr_qirq(spapr, irq));
761 }
762 
763 static const MemoryRegionOps spapr_msi_ops = {
764     /*
765      * .read result is undefined by PCI spec.
766      * define .read method to avoid assert failure in memory_region_init_io
767      */
768     .read = spapr_msi_read,
769     .write = spapr_msi_write,
770     .endianness = DEVICE_LITTLE_ENDIAN
771 };
772 
773 /*
774  * PHB PCI device
775  */
776 static AddressSpace *spapr_pci_dma_iommu(PCIBus *bus, void *opaque, int devfn)
777 {
778     SpaprPhbState *phb = opaque;
779 
780     return &phb->iommu_as;
781 }
782 
783 static char *spapr_phb_vfio_get_loc_code(SpaprPhbState *sphb,  PCIDevice *pdev)
784 {
785     g_autofree char *path = NULL;
786     g_autofree char *host = NULL;
787     g_autofree char *devspec = NULL;
788     char *buf = NULL;
789 
790     /* Get the PCI VFIO host id */
791     host = object_property_get_str(OBJECT(pdev), "host", NULL);
792     if (!host) {
793         return NULL;
794     }
795 
796     /* Construct the path of the file that will give us the DT location */
797     path = g_strdup_printf("/sys/bus/pci/devices/%s/devspec", host);
798     if (!g_file_get_contents(path, &devspec, NULL, NULL)) {
799         return NULL;
800     }
801 
802     /* Construct and read from host device tree the loc-code */
803     path = g_strdup_printf("/proc/device-tree%s/ibm,loc-code", devspec);
804     if (!g_file_get_contents(path, &buf, NULL, NULL)) {
805         return NULL;
806     }
807     return buf;
808 }
809 
810 static char *spapr_phb_get_loc_code(SpaprPhbState *sphb, PCIDevice *pdev)
811 {
812     char *buf;
813     const char *devtype = "qemu";
814     uint32_t busnr = pci_bus_num(PCI_BUS(qdev_get_parent_bus(DEVICE(pdev))));
815 
816     if (object_dynamic_cast(OBJECT(pdev), "vfio-pci")) {
817         buf = spapr_phb_vfio_get_loc_code(sphb, pdev);
818         if (buf) {
819             return buf;
820         }
821         devtype = "vfio";
822     }
823     /*
824      * For emulated devices and VFIO-failure case, make up
825      * the loc-code.
826      */
827     buf = g_strdup_printf("%s_%s:%04x:%02x:%02x.%x",
828                           devtype, pdev->name, sphb->index, busnr,
829                           PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn));
830     return buf;
831 }
832 
833 /* Macros to operate with address in OF binding to PCI */
834 #define b_x(x, p, l)    (((x) & ((1<<(l))-1)) << (p))
835 #define b_n(x)          b_x((x), 31, 1) /* 0 if relocatable */
836 #define b_p(x)          b_x((x), 30, 1) /* 1 if prefetchable */
837 #define b_t(x)          b_x((x), 29, 1) /* 1 if the address is aliased */
838 #define b_ss(x)         b_x((x), 24, 2) /* the space code */
839 #define b_bbbbbbbb(x)   b_x((x), 16, 8) /* bus number */
840 #define b_ddddd(x)      b_x((x), 11, 5) /* device number */
841 #define b_fff(x)        b_x((x), 8, 3)  /* function number */
842 #define b_rrrrrrrr(x)   b_x((x), 0, 8)  /* register number */
843 
844 /* for 'reg' OF properties */
845 #define RESOURCE_CELLS_SIZE 2
846 #define RESOURCE_CELLS_ADDRESS 3
847 
848 typedef struct ResourceFields {
849     uint32_t phys_hi;
850     uint32_t phys_mid;
851     uint32_t phys_lo;
852     uint32_t size_hi;
853     uint32_t size_lo;
854 } QEMU_PACKED ResourceFields;
855 
856 typedef struct ResourceProps {
857     ResourceFields reg[8];
858     uint32_t reg_len;
859 } ResourceProps;
860 
861 /* fill in the 'reg' OF properties for
862  * a PCI device. 'reg' describes resource requirements for a
863  * device's IO/MEM regions.
864  *
865  * the property is an array of ('phys-addr', 'size') pairs describing
866  * the addressable regions of the PCI device, where 'phys-addr' is a
867  * RESOURCE_CELLS_ADDRESS-tuple of 32-bit integers corresponding to
868  * (phys.hi, phys.mid, phys.lo), and 'size' is a
869  * RESOURCE_CELLS_SIZE-tuple corresponding to (size.hi, size.lo).
870  *
871  * phys.hi = 0xYYXXXXZZ, where:
872  *   0xYY = npt000ss
873  *          |||   |
874  *          |||   +-- space code
875  *          |||               |
876  *          |||               +  00 if configuration space
877  *          |||               +  01 if IO region,
878  *          |||               +  10 if 32-bit MEM region
879  *          |||               +  11 if 64-bit MEM region
880  *          |||
881  *          ||+------ for non-relocatable IO: 1 if aliased
882  *          ||        for relocatable IO: 1 if below 64KB
883  *          ||        for MEM: 1 if below 1MB
884  *          |+------- 1 if region is prefetchable
885  *          +-------- 1 if region is non-relocatable
886  *   0xXXXX = bbbbbbbb dddddfff, encoding bus, slot, and function
887  *            bits respectively
888  *   0xZZ = rrrrrrrr, the register number of the BAR corresponding
889  *          to the region
890  *
891  * phys.mid and phys.lo correspond respectively to the hi/lo portions
892  * of the actual address of the region.
893  *
894  * note also that addresses defined in this property are, at least
895  * for PAPR guests, relative to the PHBs IO/MEM windows, and
896  * correspond directly to the addresses in the BARs.
897  *
898  * in accordance with PCI Bus Binding to Open Firmware,
899  * IEEE Std 1275-1994, section 4.1.1, as implemented by PAPR+ v2.7,
900  * Appendix C.
901  */
902 static void populate_resource_props(PCIDevice *d, ResourceProps *rp)
903 {
904     int bus_num = pci_bus_num(PCI_BUS(qdev_get_parent_bus(DEVICE(d))));
905     uint32_t dev_id = (b_bbbbbbbb(bus_num) |
906                        b_ddddd(PCI_SLOT(d->devfn)) |
907                        b_fff(PCI_FUNC(d->devfn)));
908     ResourceFields *reg;
909     int i, reg_idx = 0;
910 
911     /* config space region */
912     reg = &rp->reg[reg_idx++];
913     reg->phys_hi = cpu_to_be32(dev_id);
914     reg->phys_mid = 0;
915     reg->phys_lo = 0;
916     reg->size_hi = 0;
917     reg->size_lo = 0;
918 
919     for (i = 0; i < PCI_NUM_REGIONS; i++) {
920         if (!d->io_regions[i].size) {
921             continue;
922         }
923 
924         reg = &rp->reg[reg_idx++];
925 
926         reg->phys_hi = cpu_to_be32(dev_id | b_rrrrrrrr(pci_bar(d, i)));
927         if (d->io_regions[i].type & PCI_BASE_ADDRESS_SPACE_IO) {
928             reg->phys_hi |= cpu_to_be32(b_ss(1));
929         } else if (d->io_regions[i].type & PCI_BASE_ADDRESS_MEM_TYPE_64) {
930             reg->phys_hi |= cpu_to_be32(b_ss(3));
931         } else {
932             reg->phys_hi |= cpu_to_be32(b_ss(2));
933         }
934         reg->phys_mid = 0;
935         reg->phys_lo = 0;
936         reg->size_hi = cpu_to_be32(d->io_regions[i].size >> 32);
937         reg->size_lo = cpu_to_be32(d->io_regions[i].size);
938     }
939 
940     rp->reg_len = reg_idx * sizeof(ResourceFields);
941 }
942 
943 typedef struct PCIClass PCIClass;
944 typedef struct PCISubClass PCISubClass;
945 typedef struct PCIIFace PCIIFace;
946 
947 struct PCIIFace {
948     int iface;
949     const char *name;
950 };
951 
952 struct PCISubClass {
953     int subclass;
954     const char *name;
955     const PCIIFace *iface;
956 };
957 
958 struct PCIClass {
959     const char *name;
960     const PCISubClass *subc;
961 };
962 
963 static const PCISubClass undef_subclass[] = {
964     { PCI_CLASS_NOT_DEFINED_VGA, "display", NULL },
965     { 0xFF, NULL, NULL },
966 };
967 
968 static const PCISubClass mass_subclass[] = {
969     { PCI_CLASS_STORAGE_SCSI, "scsi", NULL },
970     { PCI_CLASS_STORAGE_IDE, "ide", NULL },
971     { PCI_CLASS_STORAGE_FLOPPY, "fdc", NULL },
972     { PCI_CLASS_STORAGE_IPI, "ipi", NULL },
973     { PCI_CLASS_STORAGE_RAID, "raid", NULL },
974     { PCI_CLASS_STORAGE_ATA, "ata", NULL },
975     { PCI_CLASS_STORAGE_SATA, "sata", NULL },
976     { PCI_CLASS_STORAGE_SAS, "sas", NULL },
977     { 0xFF, NULL, NULL },
978 };
979 
980 static const PCISubClass net_subclass[] = {
981     { PCI_CLASS_NETWORK_ETHERNET, "ethernet", NULL },
982     { PCI_CLASS_NETWORK_TOKEN_RING, "token-ring", NULL },
983     { PCI_CLASS_NETWORK_FDDI, "fddi", NULL },
984     { PCI_CLASS_NETWORK_ATM, "atm", NULL },
985     { PCI_CLASS_NETWORK_ISDN, "isdn", NULL },
986     { PCI_CLASS_NETWORK_WORLDFIP, "worldfip", NULL },
987     { PCI_CLASS_NETWORK_PICMG214, "picmg", NULL },
988     { 0xFF, NULL, NULL },
989 };
990 
991 static const PCISubClass displ_subclass[] = {
992     { PCI_CLASS_DISPLAY_VGA, "vga", NULL },
993     { PCI_CLASS_DISPLAY_XGA, "xga", NULL },
994     { PCI_CLASS_DISPLAY_3D, "3d-controller", NULL },
995     { 0xFF, NULL, NULL },
996 };
997 
998 static const PCISubClass media_subclass[] = {
999     { PCI_CLASS_MULTIMEDIA_VIDEO, "video", NULL },
1000     { PCI_CLASS_MULTIMEDIA_AUDIO, "sound", NULL },
1001     { PCI_CLASS_MULTIMEDIA_PHONE, "telephony", NULL },
1002     { 0xFF, NULL, NULL },
1003 };
1004 
1005 static const PCISubClass mem_subclass[] = {
1006     { PCI_CLASS_MEMORY_RAM, "memory", NULL },
1007     { PCI_CLASS_MEMORY_FLASH, "flash", NULL },
1008     { 0xFF, NULL, NULL },
1009 };
1010 
1011 static const PCISubClass bridg_subclass[] = {
1012     { PCI_CLASS_BRIDGE_HOST, "host", NULL },
1013     { PCI_CLASS_BRIDGE_ISA, "isa", NULL },
1014     { PCI_CLASS_BRIDGE_EISA, "eisa", NULL },
1015     { PCI_CLASS_BRIDGE_MC, "mca", NULL },
1016     { PCI_CLASS_BRIDGE_PCI, "pci", NULL },
1017     { PCI_CLASS_BRIDGE_PCMCIA, "pcmcia", NULL },
1018     { PCI_CLASS_BRIDGE_NUBUS, "nubus", NULL },
1019     { PCI_CLASS_BRIDGE_CARDBUS, "cardbus", NULL },
1020     { PCI_CLASS_BRIDGE_RACEWAY, "raceway", NULL },
1021     { PCI_CLASS_BRIDGE_PCI_SEMITP, "semi-transparent-pci", NULL },
1022     { PCI_CLASS_BRIDGE_IB_PCI, "infiniband", NULL },
1023     { 0xFF, NULL, NULL },
1024 };
1025 
1026 static const PCISubClass comm_subclass[] = {
1027     { PCI_CLASS_COMMUNICATION_SERIAL, "serial", NULL },
1028     { PCI_CLASS_COMMUNICATION_PARALLEL, "parallel", NULL },
1029     { PCI_CLASS_COMMUNICATION_MULTISERIAL, "multiport-serial", NULL },
1030     { PCI_CLASS_COMMUNICATION_MODEM, "modem", NULL },
1031     { PCI_CLASS_COMMUNICATION_GPIB, "gpib", NULL },
1032     { PCI_CLASS_COMMUNICATION_SC, "smart-card", NULL },
1033     { 0xFF, NULL, NULL, },
1034 };
1035 
1036 static const PCIIFace pic_iface[] = {
1037     { PCI_CLASS_SYSTEM_PIC_IOAPIC, "io-apic" },
1038     { PCI_CLASS_SYSTEM_PIC_IOXAPIC, "io-xapic" },
1039     { 0xFF, NULL },
1040 };
1041 
1042 static const PCISubClass sys_subclass[] = {
1043     { PCI_CLASS_SYSTEM_PIC, "interrupt-controller", pic_iface },
1044     { PCI_CLASS_SYSTEM_DMA, "dma-controller", NULL },
1045     { PCI_CLASS_SYSTEM_TIMER, "timer", NULL },
1046     { PCI_CLASS_SYSTEM_RTC, "rtc", NULL },
1047     { PCI_CLASS_SYSTEM_PCI_HOTPLUG, "hot-plug-controller", NULL },
1048     { PCI_CLASS_SYSTEM_SDHCI, "sd-host-controller", NULL },
1049     { 0xFF, NULL, NULL },
1050 };
1051 
1052 static const PCISubClass inp_subclass[] = {
1053     { PCI_CLASS_INPUT_KEYBOARD, "keyboard", NULL },
1054     { PCI_CLASS_INPUT_PEN, "pen", NULL },
1055     { PCI_CLASS_INPUT_MOUSE, "mouse", NULL },
1056     { PCI_CLASS_INPUT_SCANNER, "scanner", NULL },
1057     { PCI_CLASS_INPUT_GAMEPORT, "gameport", NULL },
1058     { 0xFF, NULL, NULL },
1059 };
1060 
1061 static const PCISubClass dock_subclass[] = {
1062     { PCI_CLASS_DOCKING_GENERIC, "dock", NULL },
1063     { 0xFF, NULL, NULL },
1064 };
1065 
1066 static const PCISubClass cpu_subclass[] = {
1067     { PCI_CLASS_PROCESSOR_PENTIUM, "pentium", NULL },
1068     { PCI_CLASS_PROCESSOR_POWERPC, "powerpc", NULL },
1069     { PCI_CLASS_PROCESSOR_MIPS, "mips", NULL },
1070     { PCI_CLASS_PROCESSOR_CO, "co-processor", NULL },
1071     { 0xFF, NULL, NULL },
1072 };
1073 
1074 static const PCIIFace usb_iface[] = {
1075     { PCI_CLASS_SERIAL_USB_UHCI, "usb-uhci" },
1076     { PCI_CLASS_SERIAL_USB_OHCI, "usb-ohci", },
1077     { PCI_CLASS_SERIAL_USB_EHCI, "usb-ehci" },
1078     { PCI_CLASS_SERIAL_USB_XHCI, "usb-xhci" },
1079     { PCI_CLASS_SERIAL_USB_UNKNOWN, "usb-unknown" },
1080     { PCI_CLASS_SERIAL_USB_DEVICE, "usb-device" },
1081     { 0xFF, NULL },
1082 };
1083 
1084 static const PCISubClass ser_subclass[] = {
1085     { PCI_CLASS_SERIAL_FIREWIRE, "firewire", NULL },
1086     { PCI_CLASS_SERIAL_ACCESS, "access-bus", NULL },
1087     { PCI_CLASS_SERIAL_SSA, "ssa", NULL },
1088     { PCI_CLASS_SERIAL_USB, "usb", usb_iface },
1089     { PCI_CLASS_SERIAL_FIBER, "fibre-channel", NULL },
1090     { PCI_CLASS_SERIAL_SMBUS, "smb", NULL },
1091     { PCI_CLASS_SERIAL_IB, "infiniband", NULL },
1092     { PCI_CLASS_SERIAL_IPMI, "ipmi", NULL },
1093     { PCI_CLASS_SERIAL_SERCOS, "sercos", NULL },
1094     { PCI_CLASS_SERIAL_CANBUS, "canbus", NULL },
1095     { 0xFF, NULL, NULL },
1096 };
1097 
1098 static const PCISubClass wrl_subclass[] = {
1099     { PCI_CLASS_WIRELESS_IRDA, "irda", NULL },
1100     { PCI_CLASS_WIRELESS_CIR, "consumer-ir", NULL },
1101     { PCI_CLASS_WIRELESS_RF_CONTROLLER, "rf-controller", NULL },
1102     { PCI_CLASS_WIRELESS_BLUETOOTH, "bluetooth", NULL },
1103     { PCI_CLASS_WIRELESS_BROADBAND, "broadband", NULL },
1104     { 0xFF, NULL, NULL },
1105 };
1106 
1107 static const PCISubClass sat_subclass[] = {
1108     { PCI_CLASS_SATELLITE_TV, "satellite-tv", NULL },
1109     { PCI_CLASS_SATELLITE_AUDIO, "satellite-audio", NULL },
1110     { PCI_CLASS_SATELLITE_VOICE, "satellite-voice", NULL },
1111     { PCI_CLASS_SATELLITE_DATA, "satellite-data", NULL },
1112     { 0xFF, NULL, NULL },
1113 };
1114 
1115 static const PCISubClass crypt_subclass[] = {
1116     { PCI_CLASS_CRYPT_NETWORK, "network-encryption", NULL },
1117     { PCI_CLASS_CRYPT_ENTERTAINMENT,
1118       "entertainment-encryption", NULL },
1119     { 0xFF, NULL, NULL },
1120 };
1121 
1122 static const PCISubClass spc_subclass[] = {
1123     { PCI_CLASS_SP_DPIO, "dpio", NULL },
1124     { PCI_CLASS_SP_PERF, "counter", NULL },
1125     { PCI_CLASS_SP_SYNCH, "measurement", NULL },
1126     { PCI_CLASS_SP_MANAGEMENT, "management-card", NULL },
1127     { 0xFF, NULL, NULL },
1128 };
1129 
1130 static const PCIClass pci_classes[] = {
1131     { "legacy-device", undef_subclass },
1132     { "mass-storage",  mass_subclass },
1133     { "network", net_subclass },
1134     { "display", displ_subclass, },
1135     { "multimedia-device", media_subclass },
1136     { "memory-controller", mem_subclass },
1137     { "unknown-bridge", bridg_subclass },
1138     { "communication-controller", comm_subclass},
1139     { "system-peripheral", sys_subclass },
1140     { "input-controller", inp_subclass },
1141     { "docking-station", dock_subclass },
1142     { "cpu", cpu_subclass },
1143     { "serial-bus", ser_subclass },
1144     { "wireless-controller", wrl_subclass },
1145     { "intelligent-io", NULL },
1146     { "satellite-device", sat_subclass },
1147     { "encryption", crypt_subclass },
1148     { "data-processing-controller", spc_subclass },
1149 };
1150 
1151 static const char *dt_name_from_class(uint8_t class, uint8_t subclass,
1152                                       uint8_t iface)
1153 {
1154     const PCIClass *pclass;
1155     const PCISubClass *psubclass;
1156     const PCIIFace *piface;
1157     const char *name;
1158 
1159     if (class >= ARRAY_SIZE(pci_classes)) {
1160         return "pci";
1161     }
1162 
1163     pclass = pci_classes + class;
1164     name = pclass->name;
1165 
1166     if (pclass->subc == NULL) {
1167         return name;
1168     }
1169 
1170     psubclass = pclass->subc;
1171     while ((psubclass->subclass & 0xff) != 0xff) {
1172         if ((psubclass->subclass & 0xff) == subclass) {
1173             name = psubclass->name;
1174             break;
1175         }
1176         psubclass++;
1177     }
1178 
1179     piface = psubclass->iface;
1180     if (piface == NULL) {
1181         return name;
1182     }
1183     while ((piface->iface & 0xff) != 0xff) {
1184         if ((piface->iface & 0xff) == iface) {
1185             name = piface->name;
1186             break;
1187         }
1188         piface++;
1189     }
1190 
1191     return name;
1192 }
1193 
1194 /*
1195  * DRC helper functions
1196  */
1197 
1198 static uint32_t drc_id_from_devfn(SpaprPhbState *phb,
1199                                   uint8_t chassis, int32_t devfn)
1200 {
1201     return (phb->index << 16) | (chassis << 8) | devfn;
1202 }
1203 
1204 static SpaprDrc *drc_from_devfn(SpaprPhbState *phb,
1205                                 uint8_t chassis, int32_t devfn)
1206 {
1207     return spapr_drc_by_id(TYPE_SPAPR_DRC_PCI,
1208                            drc_id_from_devfn(phb, chassis, devfn));
1209 }
1210 
1211 static uint8_t chassis_from_bus(PCIBus *bus)
1212 {
1213     if (pci_bus_is_root(bus)) {
1214         return 0;
1215     } else {
1216         PCIDevice *bridge = pci_bridge_get_device(bus);
1217 
1218         return object_property_get_uint(OBJECT(bridge), "chassis_nr",
1219                                         &error_abort);
1220     }
1221 }
1222 
1223 static SpaprDrc *drc_from_dev(SpaprPhbState *phb, PCIDevice *dev)
1224 {
1225     uint8_t chassis = chassis_from_bus(pci_get_bus(dev));
1226 
1227     return drc_from_devfn(phb, chassis, dev->devfn);
1228 }
1229 
1230 static void add_drcs(SpaprPhbState *phb, PCIBus *bus)
1231 {
1232     Object *owner;
1233     int i;
1234     uint8_t chassis;
1235 
1236     if (!phb->dr_enabled) {
1237         return;
1238     }
1239 
1240     chassis = chassis_from_bus(bus);
1241 
1242     if (pci_bus_is_root(bus)) {
1243         owner = OBJECT(phb);
1244     } else {
1245         owner = OBJECT(pci_bridge_get_device(bus));
1246     }
1247 
1248     for (i = 0; i < PCI_SLOT_MAX * PCI_FUNC_MAX; i++) {
1249         spapr_dr_connector_new(owner, TYPE_SPAPR_DRC_PCI,
1250                                drc_id_from_devfn(phb, chassis, i));
1251     }
1252 }
1253 
1254 static void remove_drcs(SpaprPhbState *phb, PCIBus *bus)
1255 {
1256     int i;
1257     uint8_t chassis;
1258 
1259     if (!phb->dr_enabled) {
1260         return;
1261     }
1262 
1263     chassis = chassis_from_bus(bus);
1264 
1265     for (i = PCI_SLOT_MAX * PCI_FUNC_MAX - 1; i >= 0; i--) {
1266         SpaprDrc *drc = drc_from_devfn(phb, chassis, i);
1267 
1268         if (drc) {
1269             object_unparent(OBJECT(drc));
1270         }
1271     }
1272 }
1273 
1274 typedef struct PciWalkFdt {
1275     void *fdt;
1276     int offset;
1277     SpaprPhbState *sphb;
1278     int err;
1279 } PciWalkFdt;
1280 
1281 static int spapr_dt_pci_device(SpaprPhbState *sphb, PCIDevice *dev,
1282                                void *fdt, int parent_offset);
1283 
1284 static void spapr_dt_pci_device_cb(PCIBus *bus, PCIDevice *pdev,
1285                                    void *opaque)
1286 {
1287     PciWalkFdt *p = opaque;
1288     int err;
1289 
1290     if (p->err) {
1291         /* Something's already broken, don't keep going */
1292         return;
1293     }
1294 
1295     err = spapr_dt_pci_device(p->sphb, pdev, p->fdt, p->offset);
1296     if (err < 0) {
1297         p->err = err;
1298     }
1299 }
1300 
1301 /* Augment PCI device node with bridge specific information */
1302 static int spapr_dt_pci_bus(SpaprPhbState *sphb, PCIBus *bus,
1303                                void *fdt, int offset)
1304 {
1305     Object *owner;
1306     PciWalkFdt cbinfo = {
1307         .fdt = fdt,
1308         .offset = offset,
1309         .sphb = sphb,
1310         .err = 0,
1311     };
1312     int ret;
1313 
1314     _FDT(fdt_setprop_cell(fdt, offset, "#address-cells",
1315                           RESOURCE_CELLS_ADDRESS));
1316     _FDT(fdt_setprop_cell(fdt, offset, "#size-cells",
1317                           RESOURCE_CELLS_SIZE));
1318 
1319     assert(bus);
1320     pci_for_each_device_under_bus_reverse(bus, spapr_dt_pci_device_cb, &cbinfo);
1321     if (cbinfo.err) {
1322         return cbinfo.err;
1323     }
1324 
1325     if (pci_bus_is_root(bus)) {
1326         owner = OBJECT(sphb);
1327     } else {
1328         owner = OBJECT(pci_bridge_get_device(bus));
1329     }
1330 
1331     ret = spapr_dt_drc(fdt, offset, owner,
1332                        SPAPR_DR_CONNECTOR_TYPE_PCI);
1333     if (ret) {
1334         return ret;
1335     }
1336 
1337     return offset;
1338 }
1339 
1340 char *spapr_pci_fw_dev_name(PCIDevice *dev)
1341 {
1342     const gchar *basename;
1343     int slot = PCI_SLOT(dev->devfn);
1344     int func = PCI_FUNC(dev->devfn);
1345     uint32_t ccode = pci_default_read_config(dev, PCI_CLASS_PROG, 3);
1346 
1347     basename = dt_name_from_class((ccode >> 16) & 0xff, (ccode >> 8) & 0xff,
1348                                   ccode & 0xff);
1349 
1350     if (func != 0) {
1351         return g_strdup_printf("%s@%x,%x", basename, slot, func);
1352     } else {
1353         return g_strdup_printf("%s@%x", basename, slot);
1354     }
1355 }
1356 
1357 /* create OF node for pci device and required OF DT properties */
1358 static int spapr_dt_pci_device(SpaprPhbState *sphb, PCIDevice *dev,
1359                                void *fdt, int parent_offset)
1360 {
1361     int offset;
1362     g_autofree gchar *nodename = spapr_pci_fw_dev_name(dev);
1363     PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
1364     ResourceProps rp;
1365     SpaprDrc *drc = drc_from_dev(sphb, dev);
1366     uint32_t vendor_id = pci_default_read_config(dev, PCI_VENDOR_ID, 2);
1367     uint32_t device_id = pci_default_read_config(dev, PCI_DEVICE_ID, 2);
1368     uint32_t revision_id = pci_default_read_config(dev, PCI_REVISION_ID, 1);
1369     uint32_t ccode = pci_default_read_config(dev, PCI_CLASS_PROG, 3);
1370     uint32_t irq_pin = pci_default_read_config(dev, PCI_INTERRUPT_PIN, 1);
1371     uint32_t subsystem_id = pci_default_read_config(dev, PCI_SUBSYSTEM_ID, 2);
1372     uint32_t subsystem_vendor_id =
1373         pci_default_read_config(dev, PCI_SUBSYSTEM_VENDOR_ID, 2);
1374     uint32_t cache_line_size =
1375         pci_default_read_config(dev, PCI_CACHE_LINE_SIZE, 1);
1376     uint32_t pci_status = pci_default_read_config(dev, PCI_STATUS, 2);
1377     gchar *loc_code;
1378 
1379     _FDT(offset = fdt_add_subnode(fdt, parent_offset, nodename));
1380 
1381     /* in accordance with PAPR+ v2.7 13.6.3, Table 181 */
1382     _FDT(fdt_setprop_cell(fdt, offset, "vendor-id", vendor_id));
1383     _FDT(fdt_setprop_cell(fdt, offset, "device-id", device_id));
1384     _FDT(fdt_setprop_cell(fdt, offset, "revision-id", revision_id));
1385 
1386     _FDT(fdt_setprop_cell(fdt, offset, "class-code", ccode));
1387     if (irq_pin) {
1388         _FDT(fdt_setprop_cell(fdt, offset, "interrupts", irq_pin));
1389     }
1390 
1391     if (subsystem_id) {
1392         _FDT(fdt_setprop_cell(fdt, offset, "subsystem-id", subsystem_id));
1393     }
1394 
1395     if (subsystem_vendor_id) {
1396         _FDT(fdt_setprop_cell(fdt, offset, "subsystem-vendor-id",
1397                               subsystem_vendor_id));
1398     }
1399 
1400     _FDT(fdt_setprop_cell(fdt, offset, "cache-line-size", cache_line_size));
1401 
1402 
1403     /* the following fdt cells are masked off the pci status register */
1404     _FDT(fdt_setprop_cell(fdt, offset, "devsel-speed",
1405                           PCI_STATUS_DEVSEL_MASK & pci_status));
1406 
1407     if (pci_status & PCI_STATUS_FAST_BACK) {
1408         _FDT(fdt_setprop(fdt, offset, "fast-back-to-back", NULL, 0));
1409     }
1410     if (pci_status & PCI_STATUS_66MHZ) {
1411         _FDT(fdt_setprop(fdt, offset, "66mhz-capable", NULL, 0));
1412     }
1413     if (pci_status & PCI_STATUS_UDF) {
1414         _FDT(fdt_setprop(fdt, offset, "udf-supported", NULL, 0));
1415     }
1416 
1417     loc_code = spapr_phb_get_loc_code(sphb, dev);
1418     _FDT(fdt_setprop_string(fdt, offset, "ibm,loc-code", loc_code));
1419     g_free(loc_code);
1420 
1421     if (drc) {
1422         _FDT(fdt_setprop_cell(fdt, offset, "ibm,my-drc-index",
1423                               spapr_drc_index(drc)));
1424     }
1425 
1426     if (msi_present(dev)) {
1427         uint32_t max_msi = msi_nr_vectors_allocated(dev);
1428         if (max_msi) {
1429             _FDT(fdt_setprop_cell(fdt, offset, "ibm,req#msi", max_msi));
1430         }
1431     }
1432     if (msix_present(dev)) {
1433         uint32_t max_msix = dev->msix_entries_nr;
1434         if (max_msix) {
1435             _FDT(fdt_setprop_cell(fdt, offset, "ibm,req#msi-x", max_msix));
1436         }
1437     }
1438 
1439     populate_resource_props(dev, &rp);
1440     _FDT(fdt_setprop(fdt, offset, "reg", (uint8_t *)rp.reg, rp.reg_len));
1441 
1442     if (sphb->pcie_ecs && pci_is_express(dev)) {
1443         _FDT(fdt_setprop_cell(fdt, offset, "ibm,pci-config-space-type", 0x1));
1444     }
1445 
1446     spapr_phb_nvgpu_populate_pcidev_dt(dev, fdt, offset, sphb);
1447 
1448     if (!pc->is_bridge) {
1449         /* Properties only for non-bridges */
1450         uint32_t min_grant = pci_default_read_config(dev, PCI_MIN_GNT, 1);
1451         uint32_t max_latency = pci_default_read_config(dev, PCI_MAX_LAT, 1);
1452         _FDT(fdt_setprop_cell(fdt, offset, "min-grant", min_grant));
1453         _FDT(fdt_setprop_cell(fdt, offset, "max-latency", max_latency));
1454         return offset;
1455     } else {
1456         PCIBus *sec_bus = pci_bridge_get_sec_bus(PCI_BRIDGE(dev));
1457 
1458         return spapr_dt_pci_bus(sphb, sec_bus, fdt, offset);
1459     }
1460 }
1461 
1462 /* Callback to be called during DRC release. */
1463 void spapr_phb_remove_pci_device_cb(DeviceState *dev)
1464 {
1465     HotplugHandler *hotplug_ctrl = qdev_get_hotplug_handler(dev);
1466 
1467     hotplug_handler_unplug(hotplug_ctrl, dev, &error_abort);
1468     object_unparent(OBJECT(dev));
1469 }
1470 
1471 int spapr_pci_dt_populate(SpaprDrc *drc, SpaprMachineState *spapr,
1472                           void *fdt, int *fdt_start_offset, Error **errp)
1473 {
1474     HotplugHandler *plug_handler = qdev_get_hotplug_handler(drc->dev);
1475     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(plug_handler);
1476     PCIDevice *pdev = PCI_DEVICE(drc->dev);
1477 
1478     *fdt_start_offset = spapr_dt_pci_device(sphb, pdev, fdt, 0);
1479     return 0;
1480 }
1481 
1482 static void spapr_pci_bridge_plug(SpaprPhbState *phb,
1483                                   PCIBridge *bridge)
1484 {
1485     PCIBus *bus = pci_bridge_get_sec_bus(bridge);
1486 
1487     add_drcs(phb, bus);
1488 }
1489 
1490 /* Returns non-zero if the value of "chassis_nr" is already in use */
1491 static int check_chassis_nr(Object *obj, void *opaque)
1492 {
1493     int new_chassis_nr =
1494         object_property_get_uint(opaque, "chassis_nr", &error_abort);
1495     int chassis_nr =
1496         object_property_get_uint(obj, "chassis_nr", NULL);
1497 
1498     if (!object_dynamic_cast(obj, TYPE_PCI_BRIDGE)) {
1499         return 0;
1500     }
1501 
1502     /* Skip unsupported bridge types */
1503     if (!chassis_nr) {
1504         return 0;
1505     }
1506 
1507     /* Skip self */
1508     if (obj == opaque) {
1509         return 0;
1510     }
1511 
1512     return chassis_nr == new_chassis_nr;
1513 }
1514 
1515 static bool bridge_has_valid_chassis_nr(Object *bridge, Error **errp)
1516 {
1517     int chassis_nr =
1518         object_property_get_uint(bridge, "chassis_nr", NULL);
1519 
1520     /*
1521      * slotid_cap_init() already ensures that "chassis_nr" isn't null for
1522      * standard PCI bridges, so this really tells if "chassis_nr" is present
1523      * or not.
1524      */
1525     if (!chassis_nr) {
1526         error_setg(errp, "PCI Bridge lacks a \"chassis_nr\" property");
1527         error_append_hint(errp, "Try -device pci-bridge instead.\n");
1528         return false;
1529     }
1530 
1531     /* We want unique values for "chassis_nr" */
1532     if (object_child_foreach_recursive(object_get_root(), check_chassis_nr,
1533                                        bridge)) {
1534         error_setg(errp, "Bridge chassis %d already in use", chassis_nr);
1535         return false;
1536     }
1537 
1538     return true;
1539 }
1540 
1541 static void spapr_pci_pre_plug(HotplugHandler *plug_handler,
1542                                DeviceState *plugged_dev, Error **errp)
1543 {
1544     SpaprPhbState *phb = SPAPR_PCI_HOST_BRIDGE(DEVICE(plug_handler));
1545     PCIDevice *pdev = PCI_DEVICE(plugged_dev);
1546     PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(plugged_dev);
1547     SpaprDrc *drc = drc_from_dev(phb, pdev);
1548     PCIBus *bus = PCI_BUS(qdev_get_parent_bus(DEVICE(pdev)));
1549     uint32_t slotnr = PCI_SLOT(pdev->devfn);
1550 
1551     if (!phb->dr_enabled) {
1552         /* if this is a hotplug operation initiated by the user
1553          * we need to let them know it's not enabled
1554          */
1555         if (plugged_dev->hotplugged) {
1556             error_setg(errp, QERR_BUS_NO_HOTPLUG,
1557                        object_get_typename(OBJECT(phb)));
1558             return;
1559         }
1560     }
1561 
1562     if (pc->is_bridge) {
1563         if (!bridge_has_valid_chassis_nr(OBJECT(plugged_dev), errp)) {
1564             return;
1565         }
1566     }
1567 
1568     /* Following the QEMU convention used for PCIe multifunction
1569      * hotplug, we do not allow functions to be hotplugged to a
1570      * slot that already has function 0 present
1571      */
1572     if (plugged_dev->hotplugged && bus->devices[PCI_DEVFN(slotnr, 0)] &&
1573         PCI_FUNC(pdev->devfn) != 0) {
1574         error_setg(errp, "PCI: slot %d function 0 already occupied by %s,"
1575                    " additional functions can no longer be exposed to guest.",
1576                    slotnr, bus->devices[PCI_DEVFN(slotnr, 0)]->name);
1577     }
1578 
1579     if (drc && drc->dev) {
1580         error_setg(errp, "PCI: slot %d already occupied by %s", slotnr,
1581                    pci_get_function_0(PCI_DEVICE(drc->dev))->name);
1582         return;
1583     }
1584 }
1585 
1586 static void spapr_pci_plug(HotplugHandler *plug_handler,
1587                            DeviceState *plugged_dev, Error **errp)
1588 {
1589     SpaprPhbState *phb = SPAPR_PCI_HOST_BRIDGE(DEVICE(plug_handler));
1590     PCIDevice *pdev = PCI_DEVICE(plugged_dev);
1591     PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(plugged_dev);
1592     SpaprDrc *drc = drc_from_dev(phb, pdev);
1593     uint32_t slotnr = PCI_SLOT(pdev->devfn);
1594 
1595     /*
1596      * If DR is disabled we don't need to do anything in the case of
1597      * hotplug or coldplug callbacks.
1598      */
1599     if (!phb->dr_enabled) {
1600         return;
1601     }
1602 
1603     g_assert(drc);
1604 
1605     if (pc->is_bridge) {
1606         spapr_pci_bridge_plug(phb, PCI_BRIDGE(plugged_dev));
1607     }
1608 
1609     /* spapr_pci_pre_plug() already checked the DRC is attachable */
1610     spapr_drc_attach(drc, DEVICE(pdev));
1611 
1612     /* If this is function 0, signal hotplug for all the device functions.
1613      * Otherwise defer sending the hotplug event.
1614      */
1615     if (!spapr_drc_hotplugged(plugged_dev)) {
1616         spapr_drc_reset(drc);
1617     } else if (PCI_FUNC(pdev->devfn) == 0) {
1618         int i;
1619         uint8_t chassis = chassis_from_bus(pci_get_bus(pdev));
1620 
1621         for (i = 0; i < 8; i++) {
1622             SpaprDrc *func_drc;
1623             SpaprDrcClass *func_drck;
1624             SpaprDREntitySense state;
1625 
1626             func_drc = drc_from_devfn(phb, chassis, PCI_DEVFN(slotnr, i));
1627             func_drck = SPAPR_DR_CONNECTOR_GET_CLASS(func_drc);
1628             state = func_drck->dr_entity_sense(func_drc);
1629 
1630             if (state == SPAPR_DR_ENTITY_SENSE_PRESENT) {
1631                 spapr_hotplug_req_add_by_index(func_drc);
1632             }
1633         }
1634     }
1635 }
1636 
1637 static void spapr_pci_bridge_unplug(SpaprPhbState *phb,
1638                                     PCIBridge *bridge)
1639 {
1640     PCIBus *bus = pci_bridge_get_sec_bus(bridge);
1641 
1642     remove_drcs(phb, bus);
1643 }
1644 
1645 static void spapr_pci_unplug(HotplugHandler *plug_handler,
1646                              DeviceState *plugged_dev, Error **errp)
1647 {
1648     PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(plugged_dev);
1649     SpaprPhbState *phb = SPAPR_PCI_HOST_BRIDGE(DEVICE(plug_handler));
1650 
1651     /* some version guests do not wait for completion of a device
1652      * cleanup (generally done asynchronously by the kernel) before
1653      * signaling to QEMU that the device is safe, but instead sleep
1654      * for some 'safe' period of time. unfortunately on a busy host
1655      * this sleep isn't guaranteed to be long enough, resulting in
1656      * bad things like IRQ lines being left asserted during final
1657      * device removal. to deal with this we call reset just prior
1658      * to finalizing the device, which will put the device back into
1659      * an 'idle' state, as the device cleanup code expects.
1660      */
1661     pci_device_reset(PCI_DEVICE(plugged_dev));
1662 
1663     if (pc->is_bridge) {
1664         spapr_pci_bridge_unplug(phb, PCI_BRIDGE(plugged_dev));
1665         return;
1666     }
1667 
1668     qdev_unrealize(plugged_dev);
1669 }
1670 
1671 static void spapr_pci_unplug_request(HotplugHandler *plug_handler,
1672                                      DeviceState *plugged_dev, Error **errp)
1673 {
1674     SpaprPhbState *phb = SPAPR_PCI_HOST_BRIDGE(DEVICE(plug_handler));
1675     PCIDevice *pdev = PCI_DEVICE(plugged_dev);
1676     SpaprDrc *drc = drc_from_dev(phb, pdev);
1677 
1678     if (!phb->dr_enabled) {
1679         error_setg(errp, QERR_BUS_NO_HOTPLUG,
1680                    object_get_typename(OBJECT(phb)));
1681         return;
1682     }
1683 
1684     g_assert(drc);
1685     g_assert(drc->dev == plugged_dev);
1686 
1687     if (!spapr_drc_unplug_requested(drc)) {
1688         PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(plugged_dev);
1689         uint32_t slotnr = PCI_SLOT(pdev->devfn);
1690         SpaprDrc *func_drc;
1691         SpaprDrcClass *func_drck;
1692         SpaprDREntitySense state;
1693         int i;
1694         uint8_t chassis = chassis_from_bus(pci_get_bus(pdev));
1695 
1696         if (pc->is_bridge) {
1697             error_setg(errp, "PCI: Hot unplug of PCI bridges not supported");
1698             return;
1699         }
1700         if (object_property_get_uint(OBJECT(pdev), "nvlink2-tgt", NULL)) {
1701             error_setg(errp, "PCI: Cannot unplug NVLink2 devices");
1702             return;
1703         }
1704 
1705         /* ensure any other present functions are pending unplug */
1706         if (PCI_FUNC(pdev->devfn) == 0) {
1707             for (i = 1; i < 8; i++) {
1708                 func_drc = drc_from_devfn(phb, chassis, PCI_DEVFN(slotnr, i));
1709                 func_drck = SPAPR_DR_CONNECTOR_GET_CLASS(func_drc);
1710                 state = func_drck->dr_entity_sense(func_drc);
1711                 if (state == SPAPR_DR_ENTITY_SENSE_PRESENT
1712                     && !spapr_drc_unplug_requested(func_drc)) {
1713                     /*
1714                      * Attempting to remove function 0 of a multifunction
1715                      * device will will cascade into removing all child
1716                      * functions, even if their unplug weren't requested
1717                      * beforehand.
1718                      */
1719                     spapr_drc_unplug_request(func_drc);
1720                 }
1721             }
1722         }
1723 
1724         spapr_drc_unplug_request(drc);
1725 
1726         /* if this isn't func 0, defer unplug event. otherwise signal removal
1727          * for all present functions
1728          */
1729         if (PCI_FUNC(pdev->devfn) == 0) {
1730             for (i = 7; i >= 0; i--) {
1731                 func_drc = drc_from_devfn(phb, chassis, PCI_DEVFN(slotnr, i));
1732                 func_drck = SPAPR_DR_CONNECTOR_GET_CLASS(func_drc);
1733                 state = func_drck->dr_entity_sense(func_drc);
1734                 if (state == SPAPR_DR_ENTITY_SENSE_PRESENT) {
1735                     spapr_hotplug_req_remove_by_index(func_drc);
1736                 }
1737             }
1738         }
1739     } else {
1740         error_setg(errp,
1741                    "PCI device unplug already in progress for device %s",
1742                    drc->dev->id);
1743     }
1744 }
1745 
1746 static void spapr_phb_finalizefn(Object *obj)
1747 {
1748     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(obj);
1749 
1750     g_free(sphb->dtbusname);
1751     sphb->dtbusname = NULL;
1752 }
1753 
1754 static void spapr_phb_unrealize(DeviceState *dev)
1755 {
1756     SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
1757     SysBusDevice *s = SYS_BUS_DEVICE(dev);
1758     PCIHostState *phb = PCI_HOST_BRIDGE(s);
1759     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(phb);
1760     SpaprTceTable *tcet;
1761     int i;
1762     const unsigned windows_supported = spapr_phb_windows_supported(sphb);
1763 
1764     spapr_phb_nvgpu_free(sphb);
1765 
1766     if (sphb->msi) {
1767         g_hash_table_unref(sphb->msi);
1768         sphb->msi = NULL;
1769     }
1770 
1771     /*
1772      * Remove IO/MMIO subregions and aliases, rest should get cleaned
1773      * via PHB's unrealize->object_finalize
1774      */
1775     for (i = windows_supported - 1; i >= 0; i--) {
1776         tcet = spapr_tce_find_by_liobn(sphb->dma_liobn[i]);
1777         if (tcet) {
1778             memory_region_del_subregion(&sphb->iommu_root,
1779                                         spapr_tce_get_iommu(tcet));
1780         }
1781     }
1782 
1783     remove_drcs(sphb, phb->bus);
1784 
1785     for (i = PCI_NUM_PINS - 1; i >= 0; i--) {
1786         if (sphb->lsi_table[i].irq) {
1787             spapr_irq_free(spapr, sphb->lsi_table[i].irq, 1);
1788             sphb->lsi_table[i].irq = 0;
1789         }
1790     }
1791 
1792     QLIST_REMOVE(sphb, list);
1793 
1794     memory_region_del_subregion(&sphb->iommu_root, &sphb->msiwindow);
1795 
1796     /*
1797      * An attached PCI device may have memory listeners, eg. VFIO PCI. We have
1798      * unmapped all sections. Remove the listeners now, before destroying the
1799      * address space.
1800      */
1801     address_space_remove_listeners(&sphb->iommu_as);
1802     address_space_destroy(&sphb->iommu_as);
1803 
1804     qbus_set_hotplug_handler(BUS(phb->bus), NULL);
1805     pci_unregister_root_bus(phb->bus);
1806 
1807     memory_region_del_subregion(get_system_memory(), &sphb->iowindow);
1808     if (sphb->mem64_win_pciaddr != (hwaddr)-1) {
1809         memory_region_del_subregion(get_system_memory(), &sphb->mem64window);
1810     }
1811     memory_region_del_subregion(get_system_memory(), &sphb->mem32window);
1812 }
1813 
1814 static void spapr_phb_destroy_msi(gpointer opaque)
1815 {
1816     SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
1817     SpaprMachineClass *smc = SPAPR_MACHINE_GET_CLASS(spapr);
1818     SpaprPciMsi *msi = opaque;
1819 
1820     if (!smc->legacy_irq_allocation) {
1821         spapr_irq_msi_free(spapr, msi->first_irq, msi->num);
1822     }
1823     spapr_irq_free(spapr, msi->first_irq, msi->num);
1824     g_free(msi);
1825 }
1826 
1827 static void spapr_phb_realize(DeviceState *dev, Error **errp)
1828 {
1829     ERRP_GUARD();
1830     /* We don't use SPAPR_MACHINE() in order to exit gracefully if the user
1831      * tries to add a sPAPR PHB to a non-pseries machine.
1832      */
1833     SpaprMachineState *spapr =
1834         (SpaprMachineState *) object_dynamic_cast(qdev_get_machine(),
1835                                                   TYPE_SPAPR_MACHINE);
1836     SpaprMachineClass *smc = spapr ? SPAPR_MACHINE_GET_CLASS(spapr) : NULL;
1837     SysBusDevice *s = SYS_BUS_DEVICE(dev);
1838     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(s);
1839     PCIHostState *phb = PCI_HOST_BRIDGE(s);
1840     MachineState *ms = MACHINE(spapr);
1841     char *namebuf;
1842     int i;
1843     PCIBus *bus;
1844     uint64_t msi_window_size = 4096;
1845     SpaprTceTable *tcet;
1846     const unsigned windows_supported = spapr_phb_windows_supported(sphb);
1847 
1848     if (!spapr) {
1849         error_setg(errp, TYPE_SPAPR_PCI_HOST_BRIDGE " needs a pseries machine");
1850         return;
1851     }
1852 
1853     assert(sphb->index != (uint32_t)-1); /* checked in spapr_phb_pre_plug() */
1854 
1855     if (sphb->mem64_win_size != 0) {
1856         if (sphb->mem_win_size > SPAPR_PCI_MEM32_WIN_SIZE) {
1857             error_setg(errp, "32-bit memory window of size 0x%"HWADDR_PRIx
1858                        " (max 2 GiB)", sphb->mem_win_size);
1859             return;
1860         }
1861 
1862         /* 64-bit window defaults to identity mapping */
1863         sphb->mem64_win_pciaddr = sphb->mem64_win_addr;
1864     } else if (sphb->mem_win_size > SPAPR_PCI_MEM32_WIN_SIZE) {
1865         /*
1866          * For compatibility with old configuration, if no 64-bit MMIO
1867          * window is specified, but the ordinary (32-bit) memory
1868          * window is specified as > 2GiB, we treat it as a 2GiB 32-bit
1869          * window, with a 64-bit MMIO window following on immediately
1870          * afterwards
1871          */
1872         sphb->mem64_win_size = sphb->mem_win_size - SPAPR_PCI_MEM32_WIN_SIZE;
1873         sphb->mem64_win_addr = sphb->mem_win_addr + SPAPR_PCI_MEM32_WIN_SIZE;
1874         sphb->mem64_win_pciaddr =
1875             SPAPR_PCI_MEM_WIN_BUS_OFFSET + SPAPR_PCI_MEM32_WIN_SIZE;
1876         sphb->mem_win_size = SPAPR_PCI_MEM32_WIN_SIZE;
1877     }
1878 
1879     if (spapr_pci_find_phb(spapr, sphb->buid)) {
1880         SpaprPhbState *s;
1881 
1882         error_setg(errp, "PCI host bridges must have unique indexes");
1883         error_append_hint(errp, "The following indexes are already in use:");
1884         QLIST_FOREACH(s, &spapr->phbs, list) {
1885             error_append_hint(errp, " %d", s->index);
1886         }
1887         error_append_hint(errp, "\nTry another value for the index property\n");
1888         return;
1889     }
1890 
1891     if (sphb->numa_node != -1 &&
1892         (sphb->numa_node >= MAX_NODES ||
1893          !ms->numa_state->nodes[sphb->numa_node].present)) {
1894         error_setg(errp, "Invalid NUMA node ID for PCI host bridge");
1895         return;
1896     }
1897 
1898     sphb->dtbusname = g_strdup_printf("pci@%" PRIx64, sphb->buid);
1899 
1900     /* Initialize memory regions */
1901     namebuf = g_strdup_printf("%s.mmio", sphb->dtbusname);
1902     memory_region_init(&sphb->memspace, OBJECT(sphb), namebuf, UINT64_MAX);
1903     g_free(namebuf);
1904 
1905     namebuf = g_strdup_printf("%s.mmio32-alias", sphb->dtbusname);
1906     memory_region_init_alias(&sphb->mem32window, OBJECT(sphb),
1907                              namebuf, &sphb->memspace,
1908                              SPAPR_PCI_MEM_WIN_BUS_OFFSET, sphb->mem_win_size);
1909     g_free(namebuf);
1910     memory_region_add_subregion(get_system_memory(), sphb->mem_win_addr,
1911                                 &sphb->mem32window);
1912 
1913     if (sphb->mem64_win_size != 0) {
1914         namebuf = g_strdup_printf("%s.mmio64-alias", sphb->dtbusname);
1915         memory_region_init_alias(&sphb->mem64window, OBJECT(sphb),
1916                                  namebuf, &sphb->memspace,
1917                                  sphb->mem64_win_pciaddr, sphb->mem64_win_size);
1918         g_free(namebuf);
1919 
1920         memory_region_add_subregion(get_system_memory(),
1921                                     sphb->mem64_win_addr,
1922                                     &sphb->mem64window);
1923     }
1924 
1925     /* Initialize IO regions */
1926     namebuf = g_strdup_printf("%s.io", sphb->dtbusname);
1927     memory_region_init(&sphb->iospace, OBJECT(sphb),
1928                        namebuf, SPAPR_PCI_IO_WIN_SIZE);
1929     g_free(namebuf);
1930 
1931     namebuf = g_strdup_printf("%s.io-alias", sphb->dtbusname);
1932     memory_region_init_alias(&sphb->iowindow, OBJECT(sphb), namebuf,
1933                              &sphb->iospace, 0, SPAPR_PCI_IO_WIN_SIZE);
1934     g_free(namebuf);
1935     memory_region_add_subregion(get_system_memory(), sphb->io_win_addr,
1936                                 &sphb->iowindow);
1937 
1938     bus = pci_register_root_bus(dev, NULL,
1939                                 pci_spapr_set_irq, pci_swizzle_map_irq_fn, sphb,
1940                                 &sphb->memspace, &sphb->iospace,
1941                                 PCI_DEVFN(0, 0), PCI_NUM_PINS,
1942                                 TYPE_PCI_BUS);
1943 
1944     /*
1945      * Despite resembling a vanilla PCI bus in most ways, the PAPR
1946      * para-virtualized PCI bus *does* permit PCI-E extended config
1947      * space access
1948      */
1949     if (sphb->pcie_ecs) {
1950         bus->flags |= PCI_BUS_EXTENDED_CONFIG_SPACE;
1951     }
1952     phb->bus = bus;
1953     qbus_set_hotplug_handler(BUS(phb->bus), OBJECT(sphb));
1954 
1955     /*
1956      * Initialize PHB address space.
1957      * By default there will be at least one subregion for default
1958      * 32bit DMA window.
1959      * Later the guest might want to create another DMA window
1960      * which will become another memory subregion.
1961      */
1962     namebuf = g_strdup_printf("%s.iommu-root", sphb->dtbusname);
1963     memory_region_init(&sphb->iommu_root, OBJECT(sphb),
1964                        namebuf, UINT64_MAX);
1965     g_free(namebuf);
1966     address_space_init(&sphb->iommu_as, &sphb->iommu_root,
1967                        sphb->dtbusname);
1968 
1969     /*
1970      * As MSI/MSIX interrupts trigger by writing at MSI/MSIX vectors,
1971      * we need to allocate some memory to catch those writes coming
1972      * from msi_notify()/msix_notify().
1973      * As MSIMessage:addr is going to be the same and MSIMessage:data
1974      * is going to be a VIRQ number, 4 bytes of the MSI MR will only
1975      * be used.
1976      *
1977      * For KVM we want to ensure that this memory is a full page so that
1978      * our memory slot is of page size granularity.
1979      */
1980     if (kvm_enabled()) {
1981         msi_window_size = qemu_real_host_page_size;
1982     }
1983 
1984     memory_region_init_io(&sphb->msiwindow, OBJECT(sphb), &spapr_msi_ops, spapr,
1985                           "msi", msi_window_size);
1986     memory_region_add_subregion(&sphb->iommu_root, SPAPR_PCI_MSI_WINDOW,
1987                                 &sphb->msiwindow);
1988 
1989     pci_setup_iommu(bus, spapr_pci_dma_iommu, sphb);
1990 
1991     pci_bus_set_route_irq_fn(bus, spapr_route_intx_pin_to_irq);
1992 
1993     QLIST_INSERT_HEAD(&spapr->phbs, sphb, list);
1994 
1995     /* Initialize the LSI table */
1996     for (i = 0; i < PCI_NUM_PINS; i++) {
1997         int irq = SPAPR_IRQ_PCI_LSI + sphb->index * PCI_NUM_PINS + i;
1998 
1999         if (smc->legacy_irq_allocation) {
2000             irq = spapr_irq_findone(spapr, errp);
2001             if (irq < 0) {
2002                 error_prepend(errp, "can't allocate LSIs: ");
2003                 /*
2004                  * Older machines will never support PHB hotplug, ie, this is an
2005                  * init only path and QEMU will terminate. No need to rollback.
2006                  */
2007                 return;
2008             }
2009         }
2010 
2011         if (spapr_irq_claim(spapr, irq, true, errp) < 0) {
2012             error_prepend(errp, "can't allocate LSIs: ");
2013             goto unrealize;
2014         }
2015 
2016         sphb->lsi_table[i].irq = irq;
2017     }
2018 
2019     /* allocate connectors for child PCI devices */
2020     add_drcs(sphb, phb->bus);
2021 
2022     /* DMA setup */
2023     for (i = 0; i < windows_supported; ++i) {
2024         tcet = spapr_tce_new_table(DEVICE(sphb), sphb->dma_liobn[i]);
2025         if (!tcet) {
2026             error_setg(errp, "Creating window#%d failed for %s",
2027                        i, sphb->dtbusname);
2028             goto unrealize;
2029         }
2030         memory_region_add_subregion(&sphb->iommu_root, 0,
2031                                     spapr_tce_get_iommu(tcet));
2032     }
2033 
2034     sphb->msi = g_hash_table_new_full(g_int_hash, g_int_equal, g_free,
2035                                       spapr_phb_destroy_msi);
2036     return;
2037 
2038 unrealize:
2039     spapr_phb_unrealize(dev);
2040 }
2041 
2042 static int spapr_phb_children_reset(Object *child, void *opaque)
2043 {
2044     DeviceState *dev = (DeviceState *) object_dynamic_cast(child, TYPE_DEVICE);
2045 
2046     if (dev) {
2047         device_legacy_reset(dev);
2048     }
2049 
2050     return 0;
2051 }
2052 
2053 void spapr_phb_dma_reset(SpaprPhbState *sphb)
2054 {
2055     int i;
2056     SpaprTceTable *tcet;
2057 
2058     for (i = 0; i < SPAPR_PCI_DMA_MAX_WINDOWS; ++i) {
2059         tcet = spapr_tce_find_by_liobn(sphb->dma_liobn[i]);
2060 
2061         if (tcet && tcet->nb_table) {
2062             spapr_tce_table_disable(tcet);
2063         }
2064     }
2065 
2066     /* Register default 32bit DMA window */
2067     tcet = spapr_tce_find_by_liobn(sphb->dma_liobn[0]);
2068     spapr_tce_table_enable(tcet, SPAPR_TCE_PAGE_SHIFT, sphb->dma_win_addr,
2069                            sphb->dma_win_size >> SPAPR_TCE_PAGE_SHIFT);
2070 }
2071 
2072 static void spapr_phb_reset(DeviceState *qdev)
2073 {
2074     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(qdev);
2075     Error *err = NULL;
2076 
2077     spapr_phb_dma_reset(sphb);
2078     spapr_phb_nvgpu_free(sphb);
2079     spapr_phb_nvgpu_setup(sphb, &err);
2080     if (err) {
2081         error_report_err(err);
2082     }
2083 
2084     /* Reset the IOMMU state */
2085     object_child_foreach(OBJECT(qdev), spapr_phb_children_reset, NULL);
2086 
2087     if (spapr_phb_eeh_available(SPAPR_PCI_HOST_BRIDGE(qdev))) {
2088         spapr_phb_vfio_reset(qdev);
2089     }
2090 
2091     g_hash_table_remove_all(sphb->msi);
2092 }
2093 
2094 static Property spapr_phb_properties[] = {
2095     DEFINE_PROP_UINT32("index", SpaprPhbState, index, -1),
2096     DEFINE_PROP_UINT64("mem_win_size", SpaprPhbState, mem_win_size,
2097                        SPAPR_PCI_MEM32_WIN_SIZE),
2098     DEFINE_PROP_UINT64("mem64_win_size", SpaprPhbState, mem64_win_size,
2099                        SPAPR_PCI_MEM64_WIN_SIZE),
2100     DEFINE_PROP_UINT64("io_win_size", SpaprPhbState, io_win_size,
2101                        SPAPR_PCI_IO_WIN_SIZE),
2102     DEFINE_PROP_BOOL("dynamic-reconfiguration", SpaprPhbState, dr_enabled,
2103                      true),
2104     /* Default DMA window is 0..1GB */
2105     DEFINE_PROP_UINT64("dma_win_addr", SpaprPhbState, dma_win_addr, 0),
2106     DEFINE_PROP_UINT64("dma_win_size", SpaprPhbState, dma_win_size, 0x40000000),
2107     DEFINE_PROP_UINT64("dma64_win_addr", SpaprPhbState, dma64_win_addr,
2108                        0x800000000000000ULL),
2109     DEFINE_PROP_BOOL("ddw", SpaprPhbState, ddw_enabled, true),
2110     DEFINE_PROP_UINT64("pgsz", SpaprPhbState, page_size_mask,
2111                        (1ULL << 12) | (1ULL << 16)
2112                        | (1ULL << 21) | (1ULL << 24)),
2113     DEFINE_PROP_UINT32("numa_node", SpaprPhbState, numa_node, -1),
2114     DEFINE_PROP_BOOL("pre-2.8-migration", SpaprPhbState,
2115                      pre_2_8_migration, false),
2116     DEFINE_PROP_BOOL("pcie-extended-configuration-space", SpaprPhbState,
2117                      pcie_ecs, true),
2118     DEFINE_PROP_UINT64("gpa", SpaprPhbState, nv2_gpa_win_addr, 0),
2119     DEFINE_PROP_UINT64("atsd", SpaprPhbState, nv2_atsd_win_addr, 0),
2120     DEFINE_PROP_BOOL("pre-5.1-associativity", SpaprPhbState,
2121                      pre_5_1_assoc, false),
2122     DEFINE_PROP_END_OF_LIST(),
2123 };
2124 
2125 static const VMStateDescription vmstate_spapr_pci_lsi = {
2126     .name = "spapr_pci/lsi",
2127     .version_id = 1,
2128     .minimum_version_id = 1,
2129     .fields = (VMStateField[]) {
2130         VMSTATE_UINT32_EQUAL(irq, SpaprPciLsi, NULL),
2131 
2132         VMSTATE_END_OF_LIST()
2133     },
2134 };
2135 
2136 static const VMStateDescription vmstate_spapr_pci_msi = {
2137     .name = "spapr_pci/msi",
2138     .version_id = 1,
2139     .minimum_version_id = 1,
2140     .fields = (VMStateField []) {
2141         VMSTATE_UINT32(key, SpaprPciMsiMig),
2142         VMSTATE_UINT32(value.first_irq, SpaprPciMsiMig),
2143         VMSTATE_UINT32(value.num, SpaprPciMsiMig),
2144         VMSTATE_END_OF_LIST()
2145     },
2146 };
2147 
2148 static int spapr_pci_pre_save(void *opaque)
2149 {
2150     SpaprPhbState *sphb = opaque;
2151     GHashTableIter iter;
2152     gpointer key, value;
2153     int i;
2154 
2155     if (sphb->pre_2_8_migration) {
2156         sphb->mig_liobn = sphb->dma_liobn[0];
2157         sphb->mig_mem_win_addr = sphb->mem_win_addr;
2158         sphb->mig_mem_win_size = sphb->mem_win_size;
2159         sphb->mig_io_win_addr = sphb->io_win_addr;
2160         sphb->mig_io_win_size = sphb->io_win_size;
2161 
2162         if ((sphb->mem64_win_size != 0)
2163             && (sphb->mem64_win_addr
2164                 == (sphb->mem_win_addr + sphb->mem_win_size))) {
2165             sphb->mig_mem_win_size += sphb->mem64_win_size;
2166         }
2167     }
2168 
2169     g_free(sphb->msi_devs);
2170     sphb->msi_devs = NULL;
2171     sphb->msi_devs_num = g_hash_table_size(sphb->msi);
2172     if (!sphb->msi_devs_num) {
2173         return 0;
2174     }
2175     sphb->msi_devs = g_new(SpaprPciMsiMig, sphb->msi_devs_num);
2176 
2177     g_hash_table_iter_init(&iter, sphb->msi);
2178     for (i = 0; g_hash_table_iter_next(&iter, &key, &value); ++i) {
2179         sphb->msi_devs[i].key = *(uint32_t *) key;
2180         sphb->msi_devs[i].value = *(SpaprPciMsi *) value;
2181     }
2182 
2183     return 0;
2184 }
2185 
2186 static int spapr_pci_post_save(void *opaque)
2187 {
2188     SpaprPhbState *sphb = opaque;
2189 
2190     g_free(sphb->msi_devs);
2191     sphb->msi_devs = NULL;
2192     sphb->msi_devs_num = 0;
2193     return 0;
2194 }
2195 
2196 static int spapr_pci_post_load(void *opaque, int version_id)
2197 {
2198     SpaprPhbState *sphb = opaque;
2199     gpointer key, value;
2200     int i;
2201 
2202     for (i = 0; i < sphb->msi_devs_num; ++i) {
2203         key = g_memdup(&sphb->msi_devs[i].key,
2204                        sizeof(sphb->msi_devs[i].key));
2205         value = g_memdup(&sphb->msi_devs[i].value,
2206                          sizeof(sphb->msi_devs[i].value));
2207         g_hash_table_insert(sphb->msi, key, value);
2208     }
2209     g_free(sphb->msi_devs);
2210     sphb->msi_devs = NULL;
2211     sphb->msi_devs_num = 0;
2212 
2213     return 0;
2214 }
2215 
2216 static bool pre_2_8_migration(void *opaque, int version_id)
2217 {
2218     SpaprPhbState *sphb = opaque;
2219 
2220     return sphb->pre_2_8_migration;
2221 }
2222 
2223 static const VMStateDescription vmstate_spapr_pci = {
2224     .name = "spapr_pci",
2225     .version_id = 2,
2226     .minimum_version_id = 2,
2227     .pre_save = spapr_pci_pre_save,
2228     .post_save = spapr_pci_post_save,
2229     .post_load = spapr_pci_post_load,
2230     .fields = (VMStateField[]) {
2231         VMSTATE_UINT64_EQUAL(buid, SpaprPhbState, NULL),
2232         VMSTATE_UINT32_TEST(mig_liobn, SpaprPhbState, pre_2_8_migration),
2233         VMSTATE_UINT64_TEST(mig_mem_win_addr, SpaprPhbState, pre_2_8_migration),
2234         VMSTATE_UINT64_TEST(mig_mem_win_size, SpaprPhbState, pre_2_8_migration),
2235         VMSTATE_UINT64_TEST(mig_io_win_addr, SpaprPhbState, pre_2_8_migration),
2236         VMSTATE_UINT64_TEST(mig_io_win_size, SpaprPhbState, pre_2_8_migration),
2237         VMSTATE_STRUCT_ARRAY(lsi_table, SpaprPhbState, PCI_NUM_PINS, 0,
2238                              vmstate_spapr_pci_lsi, SpaprPciLsi),
2239         VMSTATE_INT32(msi_devs_num, SpaprPhbState),
2240         VMSTATE_STRUCT_VARRAY_ALLOC(msi_devs, SpaprPhbState, msi_devs_num, 0,
2241                                     vmstate_spapr_pci_msi, SpaprPciMsiMig),
2242         VMSTATE_END_OF_LIST()
2243     },
2244 };
2245 
2246 static const char *spapr_phb_root_bus_path(PCIHostState *host_bridge,
2247                                            PCIBus *rootbus)
2248 {
2249     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(host_bridge);
2250 
2251     return sphb->dtbusname;
2252 }
2253 
2254 static void spapr_phb_class_init(ObjectClass *klass, void *data)
2255 {
2256     PCIHostBridgeClass *hc = PCI_HOST_BRIDGE_CLASS(klass);
2257     DeviceClass *dc = DEVICE_CLASS(klass);
2258     HotplugHandlerClass *hp = HOTPLUG_HANDLER_CLASS(klass);
2259 
2260     hc->root_bus_path = spapr_phb_root_bus_path;
2261     dc->realize = spapr_phb_realize;
2262     dc->unrealize = spapr_phb_unrealize;
2263     device_class_set_props(dc, spapr_phb_properties);
2264     dc->reset = spapr_phb_reset;
2265     dc->vmsd = &vmstate_spapr_pci;
2266     /* Supported by TYPE_SPAPR_MACHINE */
2267     dc->user_creatable = true;
2268     set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
2269     hp->pre_plug = spapr_pci_pre_plug;
2270     hp->plug = spapr_pci_plug;
2271     hp->unplug = spapr_pci_unplug;
2272     hp->unplug_request = spapr_pci_unplug_request;
2273 }
2274 
2275 static const TypeInfo spapr_phb_info = {
2276     .name          = TYPE_SPAPR_PCI_HOST_BRIDGE,
2277     .parent        = TYPE_PCI_HOST_BRIDGE,
2278     .instance_size = sizeof(SpaprPhbState),
2279     .instance_finalize = spapr_phb_finalizefn,
2280     .class_init    = spapr_phb_class_init,
2281     .interfaces    = (InterfaceInfo[]) {
2282         { TYPE_HOTPLUG_HANDLER },
2283         { }
2284     }
2285 };
2286 
2287 static void spapr_phb_pci_enumerate_bridge(PCIBus *bus, PCIDevice *pdev,
2288                                            void *opaque)
2289 {
2290     unsigned int *bus_no = opaque;
2291     PCIBus *sec_bus = NULL;
2292 
2293     if ((pci_default_read_config(pdev, PCI_HEADER_TYPE, 1) !=
2294          PCI_HEADER_TYPE_BRIDGE)) {
2295         return;
2296     }
2297 
2298     (*bus_no)++;
2299     pci_default_write_config(pdev, PCI_PRIMARY_BUS, pci_dev_bus_num(pdev), 1);
2300     pci_default_write_config(pdev, PCI_SECONDARY_BUS, *bus_no, 1);
2301     pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, *bus_no, 1);
2302 
2303     sec_bus = pci_bridge_get_sec_bus(PCI_BRIDGE(pdev));
2304     if (!sec_bus) {
2305         return;
2306     }
2307 
2308     pci_for_each_device_under_bus(sec_bus, spapr_phb_pci_enumerate_bridge,
2309                                   bus_no);
2310     pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, *bus_no, 1);
2311 }
2312 
2313 static void spapr_phb_pci_enumerate(SpaprPhbState *phb)
2314 {
2315     PCIBus *bus = PCI_HOST_BRIDGE(phb)->bus;
2316     unsigned int bus_no = 0;
2317 
2318     pci_for_each_device_under_bus(bus, spapr_phb_pci_enumerate_bridge,
2319                                   &bus_no);
2320 
2321 }
2322 
2323 int spapr_dt_phb(SpaprMachineState *spapr, SpaprPhbState *phb,
2324                  uint32_t intc_phandle, void *fdt, int *node_offset)
2325 {
2326     int bus_off, i, j, ret;
2327     uint32_t bus_range[] = { cpu_to_be32(0), cpu_to_be32(0xff) };
2328     struct {
2329         uint32_t hi;
2330         uint64_t child;
2331         uint64_t parent;
2332         uint64_t size;
2333     } QEMU_PACKED ranges[] = {
2334         {
2335             cpu_to_be32(b_ss(1)), cpu_to_be64(0),
2336             cpu_to_be64(phb->io_win_addr),
2337             cpu_to_be64(memory_region_size(&phb->iospace)),
2338         },
2339         {
2340             cpu_to_be32(b_ss(2)), cpu_to_be64(SPAPR_PCI_MEM_WIN_BUS_OFFSET),
2341             cpu_to_be64(phb->mem_win_addr),
2342             cpu_to_be64(phb->mem_win_size),
2343         },
2344         {
2345             cpu_to_be32(b_ss(3)), cpu_to_be64(phb->mem64_win_pciaddr),
2346             cpu_to_be64(phb->mem64_win_addr),
2347             cpu_to_be64(phb->mem64_win_size),
2348         },
2349     };
2350     const unsigned sizeof_ranges =
2351         (phb->mem64_win_size ? 3 : 2) * sizeof(ranges[0]);
2352     uint64_t bus_reg[] = { cpu_to_be64(phb->buid), 0 };
2353     uint32_t interrupt_map_mask[] = {
2354         cpu_to_be32(b_ddddd(-1)|b_fff(0)), 0x0, 0x0, cpu_to_be32(-1)};
2355     uint32_t interrupt_map[PCI_SLOT_MAX * PCI_NUM_PINS][7];
2356     uint32_t ddw_applicable[] = {
2357         cpu_to_be32(RTAS_IBM_QUERY_PE_DMA_WINDOW),
2358         cpu_to_be32(RTAS_IBM_CREATE_PE_DMA_WINDOW),
2359         cpu_to_be32(RTAS_IBM_REMOVE_PE_DMA_WINDOW)
2360     };
2361     uint32_t ddw_extensions[] = {
2362         cpu_to_be32(1),
2363         cpu_to_be32(RTAS_IBM_RESET_PE_DMA_WINDOW)
2364     };
2365     SpaprTceTable *tcet;
2366     SpaprDrc *drc;
2367     Error *err = NULL;
2368 
2369     /* Start populating the FDT */
2370     _FDT(bus_off = fdt_add_subnode(fdt, 0, phb->dtbusname));
2371     if (node_offset) {
2372         *node_offset = bus_off;
2373     }
2374 
2375     /* Write PHB properties */
2376     _FDT(fdt_setprop_string(fdt, bus_off, "device_type", "pci"));
2377     _FDT(fdt_setprop_string(fdt, bus_off, "compatible", "IBM,Logical_PHB"));
2378     _FDT(fdt_setprop_cell(fdt, bus_off, "#interrupt-cells", 0x1));
2379     _FDT(fdt_setprop(fdt, bus_off, "used-by-rtas", NULL, 0));
2380     _FDT(fdt_setprop(fdt, bus_off, "bus-range", &bus_range, sizeof(bus_range)));
2381     _FDT(fdt_setprop(fdt, bus_off, "ranges", &ranges, sizeof_ranges));
2382     _FDT(fdt_setprop(fdt, bus_off, "reg", &bus_reg, sizeof(bus_reg)));
2383     _FDT(fdt_setprop_cell(fdt, bus_off, "ibm,pci-config-space-type", 0x1));
2384     _FDT(fdt_setprop_cell(fdt, bus_off, "ibm,pe-total-#msi",
2385                           spapr_irq_nr_msis(spapr)));
2386 
2387     /* Dynamic DMA window */
2388     if (phb->ddw_enabled) {
2389         _FDT(fdt_setprop(fdt, bus_off, "ibm,ddw-applicable", &ddw_applicable,
2390                          sizeof(ddw_applicable)));
2391         _FDT(fdt_setprop(fdt, bus_off, "ibm,ddw-extensions",
2392                          &ddw_extensions, sizeof(ddw_extensions)));
2393     }
2394 
2395     /* Advertise NUMA via ibm,associativity */
2396     if (phb->numa_node != -1) {
2397         spapr_numa_write_associativity_dt(spapr, fdt, bus_off, phb->numa_node);
2398     }
2399 
2400     /* Build the interrupt-map, this must matches what is done
2401      * in pci_swizzle_map_irq_fn
2402      */
2403     _FDT(fdt_setprop(fdt, bus_off, "interrupt-map-mask",
2404                      &interrupt_map_mask, sizeof(interrupt_map_mask)));
2405     for (i = 0; i < PCI_SLOT_MAX; i++) {
2406         for (j = 0; j < PCI_NUM_PINS; j++) {
2407             uint32_t *irqmap = interrupt_map[i*PCI_NUM_PINS + j];
2408             int lsi_num = pci_swizzle(i, j);
2409 
2410             irqmap[0] = cpu_to_be32(b_ddddd(i)|b_fff(0));
2411             irqmap[1] = 0;
2412             irqmap[2] = 0;
2413             irqmap[3] = cpu_to_be32(j+1);
2414             irqmap[4] = cpu_to_be32(intc_phandle);
2415             spapr_dt_irq(&irqmap[5], phb->lsi_table[lsi_num].irq, true);
2416         }
2417     }
2418     /* Write interrupt map */
2419     _FDT(fdt_setprop(fdt, bus_off, "interrupt-map", &interrupt_map,
2420                      sizeof(interrupt_map)));
2421 
2422     tcet = spapr_tce_find_by_liobn(phb->dma_liobn[0]);
2423     if (!tcet) {
2424         return -1;
2425     }
2426     spapr_dma_dt(fdt, bus_off, "ibm,dma-window",
2427                  tcet->liobn, tcet->bus_offset,
2428                  tcet->nb_table << tcet->page_shift);
2429 
2430     drc = spapr_drc_by_id(TYPE_SPAPR_DRC_PHB, phb->index);
2431     if (drc) {
2432         uint32_t drc_index = cpu_to_be32(spapr_drc_index(drc));
2433 
2434         _FDT(fdt_setprop(fdt, bus_off, "ibm,my-drc-index", &drc_index,
2435                          sizeof(drc_index)));
2436     }
2437 
2438     /* Walk the bridges and program the bus numbers*/
2439     spapr_phb_pci_enumerate(phb);
2440     _FDT(fdt_setprop_cell(fdt, bus_off, "qemu,phb-enumerated", 0x1));
2441 
2442     /* Walk the bridge and subordinate buses */
2443     ret = spapr_dt_pci_bus(phb, PCI_HOST_BRIDGE(phb)->bus, fdt, bus_off);
2444     if (ret < 0) {
2445         return ret;
2446     }
2447 
2448     spapr_phb_nvgpu_populate_dt(phb, fdt, bus_off, &err);
2449     if (err) {
2450         error_report_err(err);
2451     }
2452     spapr_phb_nvgpu_ram_populate_dt(phb, fdt);
2453 
2454     return 0;
2455 }
2456 
2457 void spapr_pci_rtas_init(void)
2458 {
2459     spapr_rtas_register(RTAS_READ_PCI_CONFIG, "read-pci-config",
2460                         rtas_read_pci_config);
2461     spapr_rtas_register(RTAS_WRITE_PCI_CONFIG, "write-pci-config",
2462                         rtas_write_pci_config);
2463     spapr_rtas_register(RTAS_IBM_READ_PCI_CONFIG, "ibm,read-pci-config",
2464                         rtas_ibm_read_pci_config);
2465     spapr_rtas_register(RTAS_IBM_WRITE_PCI_CONFIG, "ibm,write-pci-config",
2466                         rtas_ibm_write_pci_config);
2467     if (msi_nonbroken) {
2468         spapr_rtas_register(RTAS_IBM_QUERY_INTERRUPT_SOURCE_NUMBER,
2469                             "ibm,query-interrupt-source-number",
2470                             rtas_ibm_query_interrupt_source_number);
2471         spapr_rtas_register(RTAS_IBM_CHANGE_MSI, "ibm,change-msi",
2472                             rtas_ibm_change_msi);
2473     }
2474 
2475     spapr_rtas_register(RTAS_IBM_SET_EEH_OPTION,
2476                         "ibm,set-eeh-option",
2477                         rtas_ibm_set_eeh_option);
2478     spapr_rtas_register(RTAS_IBM_GET_CONFIG_ADDR_INFO2,
2479                         "ibm,get-config-addr-info2",
2480                         rtas_ibm_get_config_addr_info2);
2481     spapr_rtas_register(RTAS_IBM_READ_SLOT_RESET_STATE2,
2482                         "ibm,read-slot-reset-state2",
2483                         rtas_ibm_read_slot_reset_state2);
2484     spapr_rtas_register(RTAS_IBM_SET_SLOT_RESET,
2485                         "ibm,set-slot-reset",
2486                         rtas_ibm_set_slot_reset);
2487     spapr_rtas_register(RTAS_IBM_CONFIGURE_PE,
2488                         "ibm,configure-pe",
2489                         rtas_ibm_configure_pe);
2490     spapr_rtas_register(RTAS_IBM_SLOT_ERROR_DETAIL,
2491                         "ibm,slot-error-detail",
2492                         rtas_ibm_slot_error_detail);
2493 }
2494 
2495 static void spapr_pci_register_types(void)
2496 {
2497     type_register_static(&spapr_phb_info);
2498 }
2499 
2500 type_init(spapr_pci_register_types)
2501 
2502 static int spapr_switch_one_vga(DeviceState *dev, void *opaque)
2503 {
2504     bool be = *(bool *)opaque;
2505 
2506     if (object_dynamic_cast(OBJECT(dev), "VGA")
2507         || object_dynamic_cast(OBJECT(dev), "secondary-vga")
2508         || object_dynamic_cast(OBJECT(dev), "bochs-display")
2509         || object_dynamic_cast(OBJECT(dev), "virtio-vga")) {
2510         object_property_set_bool(OBJECT(dev), "big-endian-framebuffer", be,
2511                                  &error_abort);
2512     }
2513     return 0;
2514 }
2515 
2516 void spapr_pci_switch_vga(SpaprMachineState *spapr, bool big_endian)
2517 {
2518     SpaprPhbState *sphb;
2519 
2520     /*
2521      * For backward compatibility with existing guests, we switch
2522      * the endianness of the VGA controller when changing the guest
2523      * interrupt mode
2524      */
2525     QLIST_FOREACH(sphb, &spapr->phbs, list) {
2526         BusState *bus = &PCI_HOST_BRIDGE(sphb)->bus->qbus;
2527         qbus_walk_children(bus, spapr_switch_one_vga, NULL, NULL, NULL,
2528                            &big_endian);
2529     }
2530 }
2531