129d62771SThomas Huth /* 229d62771SThomas Huth * IGD device quirks 329d62771SThomas Huth * 429d62771SThomas Huth * Copyright Red Hat, Inc. 2016 529d62771SThomas Huth * 629d62771SThomas Huth * Authors: 729d62771SThomas Huth * Alex Williamson <alex.williamson@redhat.com> 829d62771SThomas Huth * 929d62771SThomas Huth * This work is licensed under the terms of the GNU GPL, version 2. See 1029d62771SThomas Huth * the COPYING file in the top-level directory. 1129d62771SThomas Huth */ 1229d62771SThomas Huth 1329d62771SThomas Huth #include "qemu/osdep.h" 1429d62771SThomas Huth #include "qemu/units.h" 15cc37d98bSRichard Henderson #include "qemu/error-report.h" 1629d62771SThomas Huth #include "qapi/error.h" 1729d62771SThomas Huth #include "hw/hw.h" 1829d62771SThomas Huth #include "hw/nvram/fw_cfg.h" 1929d62771SThomas Huth #include "pci.h" 2029d62771SThomas Huth #include "trace.h" 2129d62771SThomas Huth 2229d62771SThomas Huth /* 2329d62771SThomas Huth * Intel IGD support 2429d62771SThomas Huth * 2529d62771SThomas Huth * Obviously IGD is not a discrete device, this is evidenced not only by it 2629d62771SThomas Huth * being integrated into the CPU, but by the various chipset and BIOS 2729d62771SThomas Huth * dependencies that it brings along with it. Intel is trying to move away 2829d62771SThomas Huth * from this and Broadwell and newer devices can run in what Intel calls 2929d62771SThomas Huth * "Universal Pass-Through" mode, or UPT. Theoretically in UPT mode, nothing 3029d62771SThomas Huth * more is required beyond assigning the IGD device to a VM. There are 3129d62771SThomas Huth * however support limitations to this mode. It only supports IGD as a 3229d62771SThomas Huth * secondary graphics device in the VM and it doesn't officially support any 3329d62771SThomas Huth * physical outputs. 3429d62771SThomas Huth * 3529d62771SThomas Huth * The code here attempts to enable what we'll call legacy mode assignment, 3629d62771SThomas Huth * IGD retains most of the capabilities we expect for it to have on bare 3729d62771SThomas Huth * metal. To enable this mode, the IGD device must be assigned to the VM 3829d62771SThomas Huth * at PCI address 00:02.0, it must have a ROM, it very likely needs VGA 3929d62771SThomas Huth * support, we must have VM BIOS support for reserving and populating some 4029d62771SThomas Huth * of the required tables, and we need to tweak the chipset with revisions 4129d62771SThomas Huth * and IDs and an LPC/ISA bridge device. The intention is to make all of 4229d62771SThomas Huth * this happen automatically by installing the device at the correct VM PCI 4329d62771SThomas Huth * bus address. If any of the conditions are not met, we cross our fingers 4429d62771SThomas Huth * and hope the user knows better. 4529d62771SThomas Huth * 4629d62771SThomas Huth * NB - It is possible to enable physical outputs in UPT mode by supplying 4729d62771SThomas Huth * an OpRegion table. We don't do this by default because the guest driver 4829d62771SThomas Huth * behaves differently if an OpRegion is provided and no monitor is attached 4929d62771SThomas Huth * vs no OpRegion and a monitor being attached or not. Effectively, if a 5029d62771SThomas Huth * headless setup is desired, the OpRegion gets in the way of that. 5129d62771SThomas Huth */ 5229d62771SThomas Huth 5329d62771SThomas Huth /* 5429d62771SThomas Huth * This presumes the device is already known to be an Intel VGA device, so we 5529d62771SThomas Huth * take liberties in which device ID bits match which generation. This should 5629d62771SThomas Huth * not be taken as an indication that all the devices are supported, or even 5729d62771SThomas Huth * supportable, some of them don't even support VT-d. 5829d62771SThomas Huth * See linux:include/drm/i915_pciids.h for IDs. 5929d62771SThomas Huth */ 6029d62771SThomas Huth static int igd_gen(VFIOPCIDevice *vdev) 6129d62771SThomas Huth { 6229d62771SThomas Huth if ((vdev->device_id & 0xfff) == 0xa84) { 6329d62771SThomas Huth return 8; /* Broxton */ 6429d62771SThomas Huth } 6529d62771SThomas Huth 6629d62771SThomas Huth switch (vdev->device_id & 0xff00) { 6729d62771SThomas Huth /* Old, untested, unavailable, unknown */ 6829d62771SThomas Huth case 0x0000: 6929d62771SThomas Huth case 0x2500: 7029d62771SThomas Huth case 0x2700: 7129d62771SThomas Huth case 0x2900: 7229d62771SThomas Huth case 0x2a00: 7329d62771SThomas Huth case 0x2e00: 7429d62771SThomas Huth case 0x3500: 7529d62771SThomas Huth case 0xa000: 7629d62771SThomas Huth return -1; 7729d62771SThomas Huth /* SandyBridge, IvyBridge, ValleyView, Haswell */ 7829d62771SThomas Huth case 0x0100: 7929d62771SThomas Huth case 0x0400: 8029d62771SThomas Huth case 0x0a00: 8129d62771SThomas Huth case 0x0c00: 8229d62771SThomas Huth case 0x0d00: 8329d62771SThomas Huth case 0x0f00: 8429d62771SThomas Huth return 6; 8529d62771SThomas Huth /* BroadWell, CherryView, SkyLake, KabyLake */ 8629d62771SThomas Huth case 0x1600: 8729d62771SThomas Huth case 0x1900: 8829d62771SThomas Huth case 0x2200: 8929d62771SThomas Huth case 0x5900: 9029d62771SThomas Huth return 8; 9129d62771SThomas Huth } 9229d62771SThomas Huth 9329d62771SThomas Huth return 8; /* Assume newer is compatible */ 9429d62771SThomas Huth } 9529d62771SThomas Huth 9629d62771SThomas Huth typedef struct VFIOIGDQuirk { 9729d62771SThomas Huth struct VFIOPCIDevice *vdev; 9829d62771SThomas Huth uint32_t index; 9929d62771SThomas Huth uint32_t bdsm; 10029d62771SThomas Huth } VFIOIGDQuirk; 10129d62771SThomas Huth 10229d62771SThomas Huth #define IGD_GMCH 0x50 /* Graphics Control Register */ 10329d62771SThomas Huth #define IGD_BDSM 0x5c /* Base Data of Stolen Memory */ 10429d62771SThomas Huth 10529d62771SThomas Huth 10629d62771SThomas Huth /* 10729d62771SThomas Huth * The rather short list of registers that we copy from the host devices. 10829d62771SThomas Huth * The LPC/ISA bridge values are definitely needed to support the vBIOS, the 10929d62771SThomas Huth * host bridge values may or may not be needed depending on the guest OS. 11029d62771SThomas Huth * Since we're only munging revision and subsystem values on the host bridge, 11129d62771SThomas Huth * we don't require our own device. The LPC/ISA bridge needs to be our very 11229d62771SThomas Huth * own though. 11329d62771SThomas Huth */ 11429d62771SThomas Huth typedef struct { 11529d62771SThomas Huth uint8_t offset; 11629d62771SThomas Huth uint8_t len; 11729d62771SThomas Huth } IGDHostInfo; 11829d62771SThomas Huth 11929d62771SThomas Huth static const IGDHostInfo igd_host_bridge_infos[] = { 12029d62771SThomas Huth {PCI_REVISION_ID, 2}, 12129d62771SThomas Huth {PCI_SUBSYSTEM_VENDOR_ID, 2}, 12229d62771SThomas Huth {PCI_SUBSYSTEM_ID, 2}, 12329d62771SThomas Huth }; 12429d62771SThomas Huth 12529d62771SThomas Huth static const IGDHostInfo igd_lpc_bridge_infos[] = { 12629d62771SThomas Huth {PCI_VENDOR_ID, 2}, 12729d62771SThomas Huth {PCI_DEVICE_ID, 2}, 12829d62771SThomas Huth {PCI_REVISION_ID, 2}, 12929d62771SThomas Huth {PCI_SUBSYSTEM_VENDOR_ID, 2}, 13029d62771SThomas Huth {PCI_SUBSYSTEM_ID, 2}, 13129d62771SThomas Huth }; 13229d62771SThomas Huth 13329d62771SThomas Huth static int vfio_pci_igd_copy(VFIOPCIDevice *vdev, PCIDevice *pdev, 13429d62771SThomas Huth struct vfio_region_info *info, 13529d62771SThomas Huth const IGDHostInfo *list, int len) 13629d62771SThomas Huth { 13729d62771SThomas Huth int i, ret; 13829d62771SThomas Huth 13929d62771SThomas Huth for (i = 0; i < len; i++) { 14029d62771SThomas Huth ret = pread(vdev->vbasedev.fd, pdev->config + list[i].offset, 14129d62771SThomas Huth list[i].len, info->offset + list[i].offset); 14229d62771SThomas Huth if (ret != list[i].len) { 14329d62771SThomas Huth error_report("IGD copy failed: %m"); 14429d62771SThomas Huth return -errno; 14529d62771SThomas Huth } 14629d62771SThomas Huth } 14729d62771SThomas Huth 14829d62771SThomas Huth return 0; 14929d62771SThomas Huth } 15029d62771SThomas Huth 15129d62771SThomas Huth /* 15229d62771SThomas Huth * Stuff a few values into the host bridge. 15329d62771SThomas Huth */ 15429d62771SThomas Huth static int vfio_pci_igd_host_init(VFIOPCIDevice *vdev, 15529d62771SThomas Huth struct vfio_region_info *info) 15629d62771SThomas Huth { 15729d62771SThomas Huth PCIBus *bus; 15829d62771SThomas Huth PCIDevice *host_bridge; 15929d62771SThomas Huth int ret; 16029d62771SThomas Huth 16129d62771SThomas Huth bus = pci_device_root_bus(&vdev->pdev); 16229d62771SThomas Huth host_bridge = pci_find_device(bus, 0, PCI_DEVFN(0, 0)); 16329d62771SThomas Huth 16429d62771SThomas Huth if (!host_bridge) { 16529d62771SThomas Huth error_report("Can't find host bridge"); 16629d62771SThomas Huth return -ENODEV; 16729d62771SThomas Huth } 16829d62771SThomas Huth 16929d62771SThomas Huth ret = vfio_pci_igd_copy(vdev, host_bridge, info, igd_host_bridge_infos, 17029d62771SThomas Huth ARRAY_SIZE(igd_host_bridge_infos)); 17129d62771SThomas Huth if (!ret) { 17229d62771SThomas Huth trace_vfio_pci_igd_host_bridge_enabled(vdev->vbasedev.name); 17329d62771SThomas Huth } 17429d62771SThomas Huth 17529d62771SThomas Huth return ret; 17629d62771SThomas Huth } 17729d62771SThomas Huth 17829d62771SThomas Huth /* 17929d62771SThomas Huth * IGD LPC/ISA bridge support code. The vBIOS needs this, but we can't write 18029d62771SThomas Huth * arbitrary values into just any bridge, so we must create our own. We try 18129d62771SThomas Huth * to handle if the user has created it for us, which they might want to do 18229d62771SThomas Huth * to enable multifunction so we don't occupy the whole PCI slot. 18329d62771SThomas Huth */ 18429d62771SThomas Huth static void vfio_pci_igd_lpc_bridge_realize(PCIDevice *pdev, Error **errp) 18529d62771SThomas Huth { 18629d62771SThomas Huth if (pdev->devfn != PCI_DEVFN(0x1f, 0)) { 18729d62771SThomas Huth error_setg(errp, "VFIO dummy ISA/LPC bridge must have address 1f.0"); 18829d62771SThomas Huth } 18929d62771SThomas Huth } 19029d62771SThomas Huth 19129d62771SThomas Huth static void vfio_pci_igd_lpc_bridge_class_init(ObjectClass *klass, void *data) 19229d62771SThomas Huth { 19329d62771SThomas Huth DeviceClass *dc = DEVICE_CLASS(klass); 19429d62771SThomas Huth PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 19529d62771SThomas Huth 19629d62771SThomas Huth set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); 19729d62771SThomas Huth dc->desc = "VFIO dummy ISA/LPC bridge for IGD assignment"; 19829d62771SThomas Huth dc->hotpluggable = false; 19929d62771SThomas Huth k->realize = vfio_pci_igd_lpc_bridge_realize; 20029d62771SThomas Huth k->class_id = PCI_CLASS_BRIDGE_ISA; 20129d62771SThomas Huth } 20229d62771SThomas Huth 2035e78c98bSBernhard Beschow static const TypeInfo vfio_pci_igd_lpc_bridge_info = { 20429d62771SThomas Huth .name = "vfio-pci-igd-lpc-bridge", 20529d62771SThomas Huth .parent = TYPE_PCI_DEVICE, 20629d62771SThomas Huth .class_init = vfio_pci_igd_lpc_bridge_class_init, 20729d62771SThomas Huth .interfaces = (InterfaceInfo[]) { 20829d62771SThomas Huth { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 20929d62771SThomas Huth { }, 21029d62771SThomas Huth }, 21129d62771SThomas Huth }; 21229d62771SThomas Huth 21329d62771SThomas Huth static void vfio_pci_igd_register_types(void) 21429d62771SThomas Huth { 21529d62771SThomas Huth type_register_static(&vfio_pci_igd_lpc_bridge_info); 21629d62771SThomas Huth } 21729d62771SThomas Huth 21829d62771SThomas Huth type_init(vfio_pci_igd_register_types) 21929d62771SThomas Huth 22029d62771SThomas Huth static int vfio_pci_igd_lpc_init(VFIOPCIDevice *vdev, 22129d62771SThomas Huth struct vfio_region_info *info) 22229d62771SThomas Huth { 22329d62771SThomas Huth PCIDevice *lpc_bridge; 22429d62771SThomas Huth int ret; 22529d62771SThomas Huth 22629d62771SThomas Huth lpc_bridge = pci_find_device(pci_device_root_bus(&vdev->pdev), 22729d62771SThomas Huth 0, PCI_DEVFN(0x1f, 0)); 22829d62771SThomas Huth if (!lpc_bridge) { 22929d62771SThomas Huth lpc_bridge = pci_create_simple(pci_device_root_bus(&vdev->pdev), 23029d62771SThomas Huth PCI_DEVFN(0x1f, 0), "vfio-pci-igd-lpc-bridge"); 23129d62771SThomas Huth } 23229d62771SThomas Huth 23329d62771SThomas Huth ret = vfio_pci_igd_copy(vdev, lpc_bridge, info, igd_lpc_bridge_infos, 23429d62771SThomas Huth ARRAY_SIZE(igd_lpc_bridge_infos)); 23529d62771SThomas Huth if (!ret) { 23629d62771SThomas Huth trace_vfio_pci_igd_lpc_bridge_enabled(vdev->vbasedev.name); 23729d62771SThomas Huth } 23829d62771SThomas Huth 23929d62771SThomas Huth return ret; 24029d62771SThomas Huth } 24129d62771SThomas Huth 24229d62771SThomas Huth /* 24329d62771SThomas Huth * IGD Gen8 and newer support up to 8MB for the GTT and use a 64bit PTE 24429d62771SThomas Huth * entry, older IGDs use 2MB and 32bit. Each PTE maps a 4k page. Therefore 24529d62771SThomas Huth * we either have 2M/4k * 4 = 2k or 8M/4k * 8 = 16k as the maximum iobar index 24629d62771SThomas Huth * for programming the GTT. 24729d62771SThomas Huth * 24829d62771SThomas Huth * See linux:include/drm/i915_drm.h for shift and mask values. 24929d62771SThomas Huth */ 25029d62771SThomas Huth static int vfio_igd_gtt_max(VFIOPCIDevice *vdev) 25129d62771SThomas Huth { 25229d62771SThomas Huth uint32_t gmch = vfio_pci_read_config(&vdev->pdev, IGD_GMCH, sizeof(gmch)); 25329d62771SThomas Huth int ggms, gen = igd_gen(vdev); 25429d62771SThomas Huth 25529d62771SThomas Huth gmch = vfio_pci_read_config(&vdev->pdev, IGD_GMCH, sizeof(gmch)); 25629d62771SThomas Huth ggms = (gmch >> (gen < 8 ? 8 : 6)) & 0x3; 25729d62771SThomas Huth if (gen > 6) { 25829d62771SThomas Huth ggms = 1 << ggms; 25929d62771SThomas Huth } 26029d62771SThomas Huth 26129d62771SThomas Huth ggms *= MiB; 26229d62771SThomas Huth 26329d62771SThomas Huth return (ggms / (4 * KiB)) * (gen < 8 ? 4 : 8); 26429d62771SThomas Huth } 26529d62771SThomas Huth 26629d62771SThomas Huth /* 26729d62771SThomas Huth * The IGD ROM will make use of stolen memory (GGMS) for support of VESA modes. 26829d62771SThomas Huth * Somehow the host stolen memory range is used for this, but how the ROM gets 26929d62771SThomas Huth * it is a mystery, perhaps it's hardcoded into the ROM. Thankfully though, it 27029d62771SThomas Huth * reprograms the GTT through the IOBAR where we can trap it and transpose the 27129d62771SThomas Huth * programming to the VM allocated buffer. That buffer gets reserved by the VM 27229d62771SThomas Huth * firmware via the fw_cfg entry added below. Here we're just monitoring the 27329d62771SThomas Huth * IOBAR address and data registers to detect a write sequence targeting the 27429d62771SThomas Huth * GTTADR. This code is developed by observed behavior and doesn't have a 27529d62771SThomas Huth * direct spec reference, unfortunately. 27629d62771SThomas Huth */ 27729d62771SThomas Huth static uint64_t vfio_igd_quirk_data_read(void *opaque, 27829d62771SThomas Huth hwaddr addr, unsigned size) 27929d62771SThomas Huth { 28029d62771SThomas Huth VFIOIGDQuirk *igd = opaque; 28129d62771SThomas Huth VFIOPCIDevice *vdev = igd->vdev; 28229d62771SThomas Huth 28329d62771SThomas Huth igd->index = ~0; 28429d62771SThomas Huth 28529d62771SThomas Huth return vfio_region_read(&vdev->bars[4].region, addr + 4, size); 28629d62771SThomas Huth } 28729d62771SThomas Huth 28829d62771SThomas Huth static void vfio_igd_quirk_data_write(void *opaque, hwaddr addr, 28929d62771SThomas Huth uint64_t data, unsigned size) 29029d62771SThomas Huth { 29129d62771SThomas Huth VFIOIGDQuirk *igd = opaque; 29229d62771SThomas Huth VFIOPCIDevice *vdev = igd->vdev; 29329d62771SThomas Huth uint64_t val = data; 29429d62771SThomas Huth int gen = igd_gen(vdev); 29529d62771SThomas Huth 29629d62771SThomas Huth /* 29729d62771SThomas Huth * Programming the GGMS starts at index 0x1 and uses every 4th index (ie. 29829d62771SThomas Huth * 0x1, 0x5, 0x9, 0xd,...). For pre-Gen8 each 4-byte write is a whole PTE 29929d62771SThomas Huth * entry, with 0th bit enable set. For Gen8 and up, PTEs are 64bit, so 30029d62771SThomas Huth * entries 0x5 & 0xd are the high dword, in our case zero. Each PTE points 30129d62771SThomas Huth * to a 4k page, which we translate to a page from the VM allocated region, 30229d62771SThomas Huth * pointed to by the BDSM register. If this is not set, we fail. 30329d62771SThomas Huth * 30429d62771SThomas Huth * We trap writes to the full configured GTT size, but we typically only 30529d62771SThomas Huth * see the vBIOS writing up to (nearly) the 1MB barrier. In fact it often 30629d62771SThomas Huth * seems to miss the last entry for an even 1MB GTT. Doing a gratuitous 30729d62771SThomas Huth * write of that last entry does work, but is hopefully unnecessary since 30829d62771SThomas Huth * we clear the previous GTT on initialization. 30929d62771SThomas Huth */ 31029d62771SThomas Huth if ((igd->index % 4 == 1) && igd->index < vfio_igd_gtt_max(vdev)) { 31129d62771SThomas Huth if (gen < 8 || (igd->index % 8 == 1)) { 31229d62771SThomas Huth uint32_t base; 31329d62771SThomas Huth 31429d62771SThomas Huth base = pci_get_long(vdev->pdev.config + IGD_BDSM); 31529d62771SThomas Huth if (!base) { 31629d62771SThomas Huth hw_error("vfio-igd: Guest attempted to program IGD GTT before " 31729d62771SThomas Huth "BIOS reserved stolen memory. Unsupported BIOS?"); 31829d62771SThomas Huth } 31929d62771SThomas Huth 32029d62771SThomas Huth val = data - igd->bdsm + base; 32129d62771SThomas Huth } else { 32229d62771SThomas Huth val = 0; /* upper 32bits of pte, we only enable below 4G PTEs */ 32329d62771SThomas Huth } 32429d62771SThomas Huth 32529d62771SThomas Huth trace_vfio_pci_igd_bar4_write(vdev->vbasedev.name, 32629d62771SThomas Huth igd->index, data, val); 32729d62771SThomas Huth } 32829d62771SThomas Huth 32929d62771SThomas Huth vfio_region_write(&vdev->bars[4].region, addr + 4, val, size); 33029d62771SThomas Huth 33129d62771SThomas Huth igd->index = ~0; 33229d62771SThomas Huth } 33329d62771SThomas Huth 33429d62771SThomas Huth static const MemoryRegionOps vfio_igd_data_quirk = { 33529d62771SThomas Huth .read = vfio_igd_quirk_data_read, 33629d62771SThomas Huth .write = vfio_igd_quirk_data_write, 33729d62771SThomas Huth .endianness = DEVICE_LITTLE_ENDIAN, 33829d62771SThomas Huth }; 33929d62771SThomas Huth 34029d62771SThomas Huth static uint64_t vfio_igd_quirk_index_read(void *opaque, 34129d62771SThomas Huth hwaddr addr, unsigned size) 34229d62771SThomas Huth { 34329d62771SThomas Huth VFIOIGDQuirk *igd = opaque; 34429d62771SThomas Huth VFIOPCIDevice *vdev = igd->vdev; 34529d62771SThomas Huth 34629d62771SThomas Huth igd->index = ~0; 34729d62771SThomas Huth 34829d62771SThomas Huth return vfio_region_read(&vdev->bars[4].region, addr, size); 34929d62771SThomas Huth } 35029d62771SThomas Huth 35129d62771SThomas Huth static void vfio_igd_quirk_index_write(void *opaque, hwaddr addr, 35229d62771SThomas Huth uint64_t data, unsigned size) 35329d62771SThomas Huth { 35429d62771SThomas Huth VFIOIGDQuirk *igd = opaque; 35529d62771SThomas Huth VFIOPCIDevice *vdev = igd->vdev; 35629d62771SThomas Huth 35729d62771SThomas Huth igd->index = data; 35829d62771SThomas Huth 35929d62771SThomas Huth vfio_region_write(&vdev->bars[4].region, addr, data, size); 36029d62771SThomas Huth } 36129d62771SThomas Huth 36229d62771SThomas Huth static const MemoryRegionOps vfio_igd_index_quirk = { 36329d62771SThomas Huth .read = vfio_igd_quirk_index_read, 36429d62771SThomas Huth .write = vfio_igd_quirk_index_write, 36529d62771SThomas Huth .endianness = DEVICE_LITTLE_ENDIAN, 36629d62771SThomas Huth }; 36729d62771SThomas Huth 36829d62771SThomas Huth void vfio_probe_igd_bar4_quirk(VFIOPCIDevice *vdev, int nr) 36929d62771SThomas Huth { 37029d62771SThomas Huth struct vfio_region_info *rom = NULL, *opregion = NULL, 37129d62771SThomas Huth *host = NULL, *lpc = NULL; 37229d62771SThomas Huth VFIOQuirk *quirk; 37329d62771SThomas Huth VFIOIGDQuirk *igd; 37429d62771SThomas Huth PCIDevice *lpc_bridge; 37529d62771SThomas Huth int i, ret, ggms_mb, gms_mb = 0, gen; 37629d62771SThomas Huth uint64_t *bdsm_size; 37729d62771SThomas Huth uint32_t gmch; 37829d62771SThomas Huth uint16_t cmd_orig, cmd; 37929d62771SThomas Huth Error *err = NULL; 38029d62771SThomas Huth 38129d62771SThomas Huth /* 38229d62771SThomas Huth * This must be an Intel VGA device at address 00:02.0 for us to even 38329d62771SThomas Huth * consider enabling legacy mode. The vBIOS has dependencies on the 38429d62771SThomas Huth * PCI bus address. 38529d62771SThomas Huth */ 38629d62771SThomas Huth if (!vfio_pci_is(vdev, PCI_VENDOR_ID_INTEL, PCI_ANY_ID) || 38729d62771SThomas Huth !vfio_is_vga(vdev) || nr != 4 || 38829d62771SThomas Huth &vdev->pdev != pci_find_device(pci_device_root_bus(&vdev->pdev), 38929d62771SThomas Huth 0, PCI_DEVFN(0x2, 0))) { 39029d62771SThomas Huth return; 39129d62771SThomas Huth } 39229d62771SThomas Huth 39329d62771SThomas Huth /* 39429d62771SThomas Huth * We need to create an LPC/ISA bridge at PCI bus address 00:1f.0 that we 39529d62771SThomas Huth * can stuff host values into, so if there's already one there and it's not 39629d62771SThomas Huth * one we can hack on, legacy mode is no-go. Sorry Q35. 39729d62771SThomas Huth */ 39829d62771SThomas Huth lpc_bridge = pci_find_device(pci_device_root_bus(&vdev->pdev), 39929d62771SThomas Huth 0, PCI_DEVFN(0x1f, 0)); 40029d62771SThomas Huth if (lpc_bridge && !object_dynamic_cast(OBJECT(lpc_bridge), 40129d62771SThomas Huth "vfio-pci-igd-lpc-bridge")) { 40229d62771SThomas Huth error_report("IGD device %s cannot support legacy mode due to existing " 40329d62771SThomas Huth "devices at address 1f.0", vdev->vbasedev.name); 40429d62771SThomas Huth return; 40529d62771SThomas Huth } 40629d62771SThomas Huth 40729d62771SThomas Huth /* 40829d62771SThomas Huth * IGD is not a standard, they like to change their specs often. We 40929d62771SThomas Huth * only attempt to support back to SandBridge and we hope that newer 41029d62771SThomas Huth * devices maintain compatibility with generation 8. 41129d62771SThomas Huth */ 41229d62771SThomas Huth gen = igd_gen(vdev); 41329d62771SThomas Huth if (gen != 6 && gen != 8) { 41429d62771SThomas Huth error_report("IGD device %s is unsupported in legacy mode, " 41529d62771SThomas Huth "try SandyBridge or newer", vdev->vbasedev.name); 41629d62771SThomas Huth return; 41729d62771SThomas Huth } 41829d62771SThomas Huth 41929d62771SThomas Huth /* 42029d62771SThomas Huth * Most of what we're doing here is to enable the ROM to run, so if 42129d62771SThomas Huth * there's no ROM, there's no point in setting up this quirk. 42229d62771SThomas Huth * NB. We only seem to get BIOS ROMs, so a UEFI VM would need CSM support. 42329d62771SThomas Huth */ 42429d62771SThomas Huth ret = vfio_get_region_info(&vdev->vbasedev, 42529d62771SThomas Huth VFIO_PCI_ROM_REGION_INDEX, &rom); 42629d62771SThomas Huth if ((ret || !rom->size) && !vdev->pdev.romfile) { 42729d62771SThomas Huth error_report("IGD device %s has no ROM, legacy mode disabled", 42829d62771SThomas Huth vdev->vbasedev.name); 42929d62771SThomas Huth goto out; 43029d62771SThomas Huth } 43129d62771SThomas Huth 43229d62771SThomas Huth /* 43329d62771SThomas Huth * Ignore the hotplug corner case, mark the ROM failed, we can't 43429d62771SThomas Huth * create the devices we need for legacy mode in the hotplug scenario. 43529d62771SThomas Huth */ 43629d62771SThomas Huth if (vdev->pdev.qdev.hotplugged) { 43729d62771SThomas Huth error_report("IGD device %s hotplugged, ROM disabled, " 43829d62771SThomas Huth "legacy mode disabled", vdev->vbasedev.name); 43929d62771SThomas Huth vdev->rom_read_failed = true; 44029d62771SThomas Huth goto out; 44129d62771SThomas Huth } 44229d62771SThomas Huth 44329d62771SThomas Huth /* 44429d62771SThomas Huth * Check whether we have all the vfio device specific regions to 44529d62771SThomas Huth * support legacy mode (added in Linux v4.6). If not, bail. 44629d62771SThomas Huth */ 44729d62771SThomas Huth ret = vfio_get_dev_region_info(&vdev->vbasedev, 44829d62771SThomas Huth VFIO_REGION_TYPE_PCI_VENDOR_TYPE | PCI_VENDOR_ID_INTEL, 44929d62771SThomas Huth VFIO_REGION_SUBTYPE_INTEL_IGD_OPREGION, &opregion); 45029d62771SThomas Huth if (ret) { 45129d62771SThomas Huth error_report("IGD device %s does not support OpRegion access," 45229d62771SThomas Huth "legacy mode disabled", vdev->vbasedev.name); 45329d62771SThomas Huth goto out; 45429d62771SThomas Huth } 45529d62771SThomas Huth 45629d62771SThomas Huth ret = vfio_get_dev_region_info(&vdev->vbasedev, 45729d62771SThomas Huth VFIO_REGION_TYPE_PCI_VENDOR_TYPE | PCI_VENDOR_ID_INTEL, 45829d62771SThomas Huth VFIO_REGION_SUBTYPE_INTEL_IGD_HOST_CFG, &host); 45929d62771SThomas Huth if (ret) { 46029d62771SThomas Huth error_report("IGD device %s does not support host bridge access," 46129d62771SThomas Huth "legacy mode disabled", vdev->vbasedev.name); 46229d62771SThomas Huth goto out; 46329d62771SThomas Huth } 46429d62771SThomas Huth 46529d62771SThomas Huth ret = vfio_get_dev_region_info(&vdev->vbasedev, 46629d62771SThomas Huth VFIO_REGION_TYPE_PCI_VENDOR_TYPE | PCI_VENDOR_ID_INTEL, 46729d62771SThomas Huth VFIO_REGION_SUBTYPE_INTEL_IGD_LPC_CFG, &lpc); 46829d62771SThomas Huth if (ret) { 46929d62771SThomas Huth error_report("IGD device %s does not support LPC bridge access," 47029d62771SThomas Huth "legacy mode disabled", vdev->vbasedev.name); 47129d62771SThomas Huth goto out; 47229d62771SThomas Huth } 47329d62771SThomas Huth 47429d62771SThomas Huth gmch = vfio_pci_read_config(&vdev->pdev, IGD_GMCH, 4); 47529d62771SThomas Huth 47629d62771SThomas Huth /* 47729d62771SThomas Huth * If IGD VGA Disable is clear (expected) and VGA is not already enabled, 47829d62771SThomas Huth * try to enable it. Probably shouldn't be using legacy mode without VGA, 47929d62771SThomas Huth * but also no point in us enabling VGA if disabled in hardware. 48029d62771SThomas Huth */ 481*64410a74SZhenzhong Duan if (!(gmch & 0x2) && !vdev->vga && !vfio_populate_vga(vdev, &err)) { 48229d62771SThomas Huth error_reportf_err(err, VFIO_MSG_PREFIX, vdev->vbasedev.name); 48329d62771SThomas Huth error_report("IGD device %s failed to enable VGA access, " 48429d62771SThomas Huth "legacy mode disabled", vdev->vbasedev.name); 48529d62771SThomas Huth goto out; 48629d62771SThomas Huth } 48729d62771SThomas Huth 48829d62771SThomas Huth /* Create our LPC/ISA bridge */ 48929d62771SThomas Huth ret = vfio_pci_igd_lpc_init(vdev, lpc); 49029d62771SThomas Huth if (ret) { 49129d62771SThomas Huth error_report("IGD device %s failed to create LPC bridge, " 49229d62771SThomas Huth "legacy mode disabled", vdev->vbasedev.name); 49329d62771SThomas Huth goto out; 49429d62771SThomas Huth } 49529d62771SThomas Huth 49629d62771SThomas Huth /* Stuff some host values into the VM PCI host bridge */ 49729d62771SThomas Huth ret = vfio_pci_igd_host_init(vdev, host); 49829d62771SThomas Huth if (ret) { 49929d62771SThomas Huth error_report("IGD device %s failed to modify host bridge, " 50029d62771SThomas Huth "legacy mode disabled", vdev->vbasedev.name); 50129d62771SThomas Huth goto out; 50229d62771SThomas Huth } 50329d62771SThomas Huth 50429d62771SThomas Huth /* Setup OpRegion access */ 50529d62771SThomas Huth ret = vfio_pci_igd_opregion_init(vdev, opregion, &err); 50629d62771SThomas Huth if (ret) { 50729d62771SThomas Huth error_append_hint(&err, "IGD legacy mode disabled\n"); 50829d62771SThomas Huth error_reportf_err(err, VFIO_MSG_PREFIX, vdev->vbasedev.name); 50929d62771SThomas Huth goto out; 51029d62771SThomas Huth } 51129d62771SThomas Huth 51229d62771SThomas Huth /* Setup our quirk to munge GTT addresses to the VM allocated buffer */ 51329d62771SThomas Huth quirk = vfio_quirk_alloc(2); 51429d62771SThomas Huth igd = quirk->data = g_malloc0(sizeof(*igd)); 51529d62771SThomas Huth igd->vdev = vdev; 51629d62771SThomas Huth igd->index = ~0; 51729d62771SThomas Huth igd->bdsm = vfio_pci_read_config(&vdev->pdev, IGD_BDSM, 4); 51829d62771SThomas Huth igd->bdsm &= ~((1 * MiB) - 1); /* 1MB aligned */ 51929d62771SThomas Huth 52029d62771SThomas Huth memory_region_init_io(&quirk->mem[0], OBJECT(vdev), &vfio_igd_index_quirk, 52129d62771SThomas Huth igd, "vfio-igd-index-quirk", 4); 52229d62771SThomas Huth memory_region_add_subregion_overlap(vdev->bars[nr].region.mem, 52329d62771SThomas Huth 0, &quirk->mem[0], 1); 52429d62771SThomas Huth 52529d62771SThomas Huth memory_region_init_io(&quirk->mem[1], OBJECT(vdev), &vfio_igd_data_quirk, 52629d62771SThomas Huth igd, "vfio-igd-data-quirk", 4); 52729d62771SThomas Huth memory_region_add_subregion_overlap(vdev->bars[nr].region.mem, 52829d62771SThomas Huth 4, &quirk->mem[1], 1); 52929d62771SThomas Huth 53029d62771SThomas Huth QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next); 53129d62771SThomas Huth 53229d62771SThomas Huth /* Determine the size of stolen memory needed for GTT */ 53329d62771SThomas Huth ggms_mb = (gmch >> (gen < 8 ? 8 : 6)) & 0x3; 53429d62771SThomas Huth if (gen > 6) { 53529d62771SThomas Huth ggms_mb = 1 << ggms_mb; 53629d62771SThomas Huth } 53729d62771SThomas Huth 53829d62771SThomas Huth /* 539ac9574bcSStefan Weil * Assume we have no GMS memory, but allow it to be overridden by device 54029d62771SThomas Huth * option (experimental). The spec doesn't actually allow zero GMS when 54129d62771SThomas Huth * when IVD (IGD VGA Disable) is clear, but the claim is that it's unused, 54229d62771SThomas Huth * so let's not waste VM memory for it. 54329d62771SThomas Huth */ 54429d62771SThomas Huth gmch &= ~((gen < 8 ? 0x1f : 0xff) << (gen < 8 ? 3 : 8)); 54529d62771SThomas Huth 54629d62771SThomas Huth if (vdev->igd_gms) { 54729d62771SThomas Huth if (vdev->igd_gms <= 0x10) { 54829d62771SThomas Huth gms_mb = vdev->igd_gms * 32; 54929d62771SThomas Huth gmch |= vdev->igd_gms << (gen < 8 ? 3 : 8); 55029d62771SThomas Huth } else { 55129d62771SThomas Huth error_report("Unsupported IGD GMS value 0x%x", vdev->igd_gms); 55229d62771SThomas Huth vdev->igd_gms = 0; 55329d62771SThomas Huth } 55429d62771SThomas Huth } 55529d62771SThomas Huth 55629d62771SThomas Huth /* 55729d62771SThomas Huth * Request reserved memory for stolen memory via fw_cfg. VM firmware 55829d62771SThomas Huth * must allocate a 1MB aligned reserved memory region below 4GB with 55929d62771SThomas Huth * the requested size (in bytes) for use by the Intel PCI class VGA 56029d62771SThomas Huth * device at VM address 00:02.0. The base address of this reserved 561631ba5a1SCai Huoqing * memory region must be written to the device BDSM register at PCI 56229d62771SThomas Huth * config offset 0x5C. 56329d62771SThomas Huth */ 56429d62771SThomas Huth bdsm_size = g_malloc(sizeof(*bdsm_size)); 56529d62771SThomas Huth *bdsm_size = cpu_to_le64((ggms_mb + gms_mb) * MiB); 56629d62771SThomas Huth fw_cfg_add_file(fw_cfg_find(), "etc/igd-bdsm-size", 56729d62771SThomas Huth bdsm_size, sizeof(*bdsm_size)); 56829d62771SThomas Huth 56929d62771SThomas Huth /* GMCH is read-only, emulated */ 57029d62771SThomas Huth pci_set_long(vdev->pdev.config + IGD_GMCH, gmch); 57129d62771SThomas Huth pci_set_long(vdev->pdev.wmask + IGD_GMCH, 0); 57229d62771SThomas Huth pci_set_long(vdev->emulated_config_bits + IGD_GMCH, ~0); 57329d62771SThomas Huth 57429d62771SThomas Huth /* BDSM is read-write, emulated. The BIOS needs to be able to write it */ 57529d62771SThomas Huth pci_set_long(vdev->pdev.config + IGD_BDSM, 0); 57629d62771SThomas Huth pci_set_long(vdev->pdev.wmask + IGD_BDSM, ~0); 57729d62771SThomas Huth pci_set_long(vdev->emulated_config_bits + IGD_BDSM, ~0); 57829d62771SThomas Huth 57929d62771SThomas Huth /* 58029d62771SThomas Huth * This IOBAR gives us access to GTTADR, which allows us to write to 58129d62771SThomas Huth * the GTT itself. So let's go ahead and write zero to all the GTT 58229d62771SThomas Huth * entries to avoid spurious DMA faults. Be sure I/O access is enabled 58329d62771SThomas Huth * before talking to the device. 58429d62771SThomas Huth */ 58529d62771SThomas Huth if (pread(vdev->vbasedev.fd, &cmd_orig, sizeof(cmd_orig), 58629d62771SThomas Huth vdev->config_offset + PCI_COMMAND) != sizeof(cmd_orig)) { 58729d62771SThomas Huth error_report("IGD device %s - failed to read PCI command register", 58829d62771SThomas Huth vdev->vbasedev.name); 58929d62771SThomas Huth } 59029d62771SThomas Huth 59129d62771SThomas Huth cmd = cmd_orig | PCI_COMMAND_IO; 59229d62771SThomas Huth 59329d62771SThomas Huth if (pwrite(vdev->vbasedev.fd, &cmd, sizeof(cmd), 59429d62771SThomas Huth vdev->config_offset + PCI_COMMAND) != sizeof(cmd)) { 59529d62771SThomas Huth error_report("IGD device %s - failed to write PCI command register", 59629d62771SThomas Huth vdev->vbasedev.name); 59729d62771SThomas Huth } 59829d62771SThomas Huth 59929d62771SThomas Huth for (i = 1; i < vfio_igd_gtt_max(vdev); i += 4) { 60029d62771SThomas Huth vfio_region_write(&vdev->bars[4].region, 0, i, 4); 60129d62771SThomas Huth vfio_region_write(&vdev->bars[4].region, 4, 0, 4); 60229d62771SThomas Huth } 60329d62771SThomas Huth 60429d62771SThomas Huth if (pwrite(vdev->vbasedev.fd, &cmd_orig, sizeof(cmd_orig), 60529d62771SThomas Huth vdev->config_offset + PCI_COMMAND) != sizeof(cmd_orig)) { 60629d62771SThomas Huth error_report("IGD device %s - failed to restore PCI command register", 60729d62771SThomas Huth vdev->vbasedev.name); 60829d62771SThomas Huth } 60929d62771SThomas Huth 61029d62771SThomas Huth trace_vfio_pci_igd_bdsm_enabled(vdev->vbasedev.name, ggms_mb + gms_mb); 61129d62771SThomas Huth 61229d62771SThomas Huth out: 61329d62771SThomas Huth g_free(rom); 61429d62771SThomas Huth g_free(opregion); 61529d62771SThomas Huth g_free(host); 61629d62771SThomas Huth g_free(lpc); 61729d62771SThomas Huth } 618