129d62771SThomas Huth /* 229d62771SThomas Huth * IGD device quirks 329d62771SThomas Huth * 429d62771SThomas Huth * Copyright Red Hat, Inc. 2016 529d62771SThomas Huth * 629d62771SThomas Huth * Authors: 729d62771SThomas Huth * Alex Williamson <alex.williamson@redhat.com> 829d62771SThomas Huth * 929d62771SThomas Huth * This work is licensed under the terms of the GNU GPL, version 2. See 1029d62771SThomas Huth * the COPYING file in the top-level directory. 1129d62771SThomas Huth */ 1229d62771SThomas Huth 1329d62771SThomas Huth #include "qemu/osdep.h" 1429d62771SThomas Huth #include "qemu/units.h" 1529d62771SThomas Huth #include "qapi/error.h" 1629d62771SThomas Huth #include "hw/hw.h" 1729d62771SThomas Huth #include "hw/nvram/fw_cfg.h" 1829d62771SThomas Huth #include "pci.h" 1929d62771SThomas Huth #include "trace.h" 2029d62771SThomas Huth 2129d62771SThomas Huth /* 2229d62771SThomas Huth * Intel IGD support 2329d62771SThomas Huth * 2429d62771SThomas Huth * Obviously IGD is not a discrete device, this is evidenced not only by it 2529d62771SThomas Huth * being integrated into the CPU, but by the various chipset and BIOS 2629d62771SThomas Huth * dependencies that it brings along with it. Intel is trying to move away 2729d62771SThomas Huth * from this and Broadwell and newer devices can run in what Intel calls 2829d62771SThomas Huth * "Universal Pass-Through" mode, or UPT. Theoretically in UPT mode, nothing 2929d62771SThomas Huth * more is required beyond assigning the IGD device to a VM. There are 3029d62771SThomas Huth * however support limitations to this mode. It only supports IGD as a 3129d62771SThomas Huth * secondary graphics device in the VM and it doesn't officially support any 3229d62771SThomas Huth * physical outputs. 3329d62771SThomas Huth * 3429d62771SThomas Huth * The code here attempts to enable what we'll call legacy mode assignment, 3529d62771SThomas Huth * IGD retains most of the capabilities we expect for it to have on bare 3629d62771SThomas Huth * metal. To enable this mode, the IGD device must be assigned to the VM 3729d62771SThomas Huth * at PCI address 00:02.0, it must have a ROM, it very likely needs VGA 3829d62771SThomas Huth * support, we must have VM BIOS support for reserving and populating some 3929d62771SThomas Huth * of the required tables, and we need to tweak the chipset with revisions 4029d62771SThomas Huth * and IDs and an LPC/ISA bridge device. The intention is to make all of 4129d62771SThomas Huth * this happen automatically by installing the device at the correct VM PCI 4229d62771SThomas Huth * bus address. If any of the conditions are not met, we cross our fingers 4329d62771SThomas Huth * and hope the user knows better. 4429d62771SThomas Huth * 4529d62771SThomas Huth * NB - It is possible to enable physical outputs in UPT mode by supplying 4629d62771SThomas Huth * an OpRegion table. We don't do this by default because the guest driver 4729d62771SThomas Huth * behaves differently if an OpRegion is provided and no monitor is attached 4829d62771SThomas Huth * vs no OpRegion and a monitor being attached or not. Effectively, if a 4929d62771SThomas Huth * headless setup is desired, the OpRegion gets in the way of that. 5029d62771SThomas Huth */ 5129d62771SThomas Huth 5229d62771SThomas Huth /* 5329d62771SThomas Huth * This presumes the device is already known to be an Intel VGA device, so we 5429d62771SThomas Huth * take liberties in which device ID bits match which generation. This should 5529d62771SThomas Huth * not be taken as an indication that all the devices are supported, or even 5629d62771SThomas Huth * supportable, some of them don't even support VT-d. 5729d62771SThomas Huth * See linux:include/drm/i915_pciids.h for IDs. 5829d62771SThomas Huth */ 5929d62771SThomas Huth static int igd_gen(VFIOPCIDevice *vdev) 6029d62771SThomas Huth { 6129d62771SThomas Huth if ((vdev->device_id & 0xfff) == 0xa84) { 6229d62771SThomas Huth return 8; /* Broxton */ 6329d62771SThomas Huth } 6429d62771SThomas Huth 6529d62771SThomas Huth switch (vdev->device_id & 0xff00) { 6629d62771SThomas Huth /* Old, untested, unavailable, unknown */ 6729d62771SThomas Huth case 0x0000: 6829d62771SThomas Huth case 0x2500: 6929d62771SThomas Huth case 0x2700: 7029d62771SThomas Huth case 0x2900: 7129d62771SThomas Huth case 0x2a00: 7229d62771SThomas Huth case 0x2e00: 7329d62771SThomas Huth case 0x3500: 7429d62771SThomas Huth case 0xa000: 7529d62771SThomas Huth return -1; 7629d62771SThomas Huth /* SandyBridge, IvyBridge, ValleyView, Haswell */ 7729d62771SThomas Huth case 0x0100: 7829d62771SThomas Huth case 0x0400: 7929d62771SThomas Huth case 0x0a00: 8029d62771SThomas Huth case 0x0c00: 8129d62771SThomas Huth case 0x0d00: 8229d62771SThomas Huth case 0x0f00: 8329d62771SThomas Huth return 6; 8429d62771SThomas Huth /* BroadWell, CherryView, SkyLake, KabyLake */ 8529d62771SThomas Huth case 0x1600: 8629d62771SThomas Huth case 0x1900: 8729d62771SThomas Huth case 0x2200: 8829d62771SThomas Huth case 0x5900: 8929d62771SThomas Huth return 8; 9029d62771SThomas Huth } 9129d62771SThomas Huth 9229d62771SThomas Huth return 8; /* Assume newer is compatible */ 9329d62771SThomas Huth } 9429d62771SThomas Huth 9529d62771SThomas Huth typedef struct VFIOIGDQuirk { 9629d62771SThomas Huth struct VFIOPCIDevice *vdev; 9729d62771SThomas Huth uint32_t index; 9829d62771SThomas Huth uint32_t bdsm; 9929d62771SThomas Huth } VFIOIGDQuirk; 10029d62771SThomas Huth 10129d62771SThomas Huth #define IGD_GMCH 0x50 /* Graphics Control Register */ 10229d62771SThomas Huth #define IGD_BDSM 0x5c /* Base Data of Stolen Memory */ 10329d62771SThomas Huth 10429d62771SThomas Huth 10529d62771SThomas Huth /* 10629d62771SThomas Huth * The rather short list of registers that we copy from the host devices. 10729d62771SThomas Huth * The LPC/ISA bridge values are definitely needed to support the vBIOS, the 10829d62771SThomas Huth * host bridge values may or may not be needed depending on the guest OS. 10929d62771SThomas Huth * Since we're only munging revision and subsystem values on the host bridge, 11029d62771SThomas Huth * we don't require our own device. The LPC/ISA bridge needs to be our very 11129d62771SThomas Huth * own though. 11229d62771SThomas Huth */ 11329d62771SThomas Huth typedef struct { 11429d62771SThomas Huth uint8_t offset; 11529d62771SThomas Huth uint8_t len; 11629d62771SThomas Huth } IGDHostInfo; 11729d62771SThomas Huth 11829d62771SThomas Huth static const IGDHostInfo igd_host_bridge_infos[] = { 11929d62771SThomas Huth {PCI_REVISION_ID, 2}, 12029d62771SThomas Huth {PCI_SUBSYSTEM_VENDOR_ID, 2}, 12129d62771SThomas Huth {PCI_SUBSYSTEM_ID, 2}, 12229d62771SThomas Huth }; 12329d62771SThomas Huth 12429d62771SThomas Huth static const IGDHostInfo igd_lpc_bridge_infos[] = { 12529d62771SThomas Huth {PCI_VENDOR_ID, 2}, 12629d62771SThomas Huth {PCI_DEVICE_ID, 2}, 12729d62771SThomas Huth {PCI_REVISION_ID, 2}, 12829d62771SThomas Huth {PCI_SUBSYSTEM_VENDOR_ID, 2}, 12929d62771SThomas Huth {PCI_SUBSYSTEM_ID, 2}, 13029d62771SThomas Huth }; 13129d62771SThomas Huth 13229d62771SThomas Huth static int vfio_pci_igd_copy(VFIOPCIDevice *vdev, PCIDevice *pdev, 13329d62771SThomas Huth struct vfio_region_info *info, 13429d62771SThomas Huth const IGDHostInfo *list, int len) 13529d62771SThomas Huth { 13629d62771SThomas Huth int i, ret; 13729d62771SThomas Huth 13829d62771SThomas Huth for (i = 0; i < len; i++) { 13929d62771SThomas Huth ret = pread(vdev->vbasedev.fd, pdev->config + list[i].offset, 14029d62771SThomas Huth list[i].len, info->offset + list[i].offset); 14129d62771SThomas Huth if (ret != list[i].len) { 14229d62771SThomas Huth error_report("IGD copy failed: %m"); 14329d62771SThomas Huth return -errno; 14429d62771SThomas Huth } 14529d62771SThomas Huth } 14629d62771SThomas Huth 14729d62771SThomas Huth return 0; 14829d62771SThomas Huth } 14929d62771SThomas Huth 15029d62771SThomas Huth /* 15129d62771SThomas Huth * Stuff a few values into the host bridge. 15229d62771SThomas Huth */ 15329d62771SThomas Huth static int vfio_pci_igd_host_init(VFIOPCIDevice *vdev, 15429d62771SThomas Huth struct vfio_region_info *info) 15529d62771SThomas Huth { 15629d62771SThomas Huth PCIBus *bus; 15729d62771SThomas Huth PCIDevice *host_bridge; 15829d62771SThomas Huth int ret; 15929d62771SThomas Huth 16029d62771SThomas Huth bus = pci_device_root_bus(&vdev->pdev); 16129d62771SThomas Huth host_bridge = pci_find_device(bus, 0, PCI_DEVFN(0, 0)); 16229d62771SThomas Huth 16329d62771SThomas Huth if (!host_bridge) { 16429d62771SThomas Huth error_report("Can't find host bridge"); 16529d62771SThomas Huth return -ENODEV; 16629d62771SThomas Huth } 16729d62771SThomas Huth 16829d62771SThomas Huth ret = vfio_pci_igd_copy(vdev, host_bridge, info, igd_host_bridge_infos, 16929d62771SThomas Huth ARRAY_SIZE(igd_host_bridge_infos)); 17029d62771SThomas Huth if (!ret) { 17129d62771SThomas Huth trace_vfio_pci_igd_host_bridge_enabled(vdev->vbasedev.name); 17229d62771SThomas Huth } 17329d62771SThomas Huth 17429d62771SThomas Huth return ret; 17529d62771SThomas Huth } 17629d62771SThomas Huth 17729d62771SThomas Huth /* 17829d62771SThomas Huth * IGD LPC/ISA bridge support code. The vBIOS needs this, but we can't write 17929d62771SThomas Huth * arbitrary values into just any bridge, so we must create our own. We try 18029d62771SThomas Huth * to handle if the user has created it for us, which they might want to do 18129d62771SThomas Huth * to enable multifunction so we don't occupy the whole PCI slot. 18229d62771SThomas Huth */ 18329d62771SThomas Huth static void vfio_pci_igd_lpc_bridge_realize(PCIDevice *pdev, Error **errp) 18429d62771SThomas Huth { 18529d62771SThomas Huth if (pdev->devfn != PCI_DEVFN(0x1f, 0)) { 18629d62771SThomas Huth error_setg(errp, "VFIO dummy ISA/LPC bridge must have address 1f.0"); 18729d62771SThomas Huth } 18829d62771SThomas Huth } 18929d62771SThomas Huth 19029d62771SThomas Huth static void vfio_pci_igd_lpc_bridge_class_init(ObjectClass *klass, void *data) 19129d62771SThomas Huth { 19229d62771SThomas Huth DeviceClass *dc = DEVICE_CLASS(klass); 19329d62771SThomas Huth PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 19429d62771SThomas Huth 19529d62771SThomas Huth set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); 19629d62771SThomas Huth dc->desc = "VFIO dummy ISA/LPC bridge for IGD assignment"; 19729d62771SThomas Huth dc->hotpluggable = false; 19829d62771SThomas Huth k->realize = vfio_pci_igd_lpc_bridge_realize; 19929d62771SThomas Huth k->class_id = PCI_CLASS_BRIDGE_ISA; 20029d62771SThomas Huth } 20129d62771SThomas Huth 20229d62771SThomas Huth static TypeInfo vfio_pci_igd_lpc_bridge_info = { 20329d62771SThomas Huth .name = "vfio-pci-igd-lpc-bridge", 20429d62771SThomas Huth .parent = TYPE_PCI_DEVICE, 20529d62771SThomas Huth .class_init = vfio_pci_igd_lpc_bridge_class_init, 20629d62771SThomas Huth .interfaces = (InterfaceInfo[]) { 20729d62771SThomas Huth { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 20829d62771SThomas Huth { }, 20929d62771SThomas Huth }, 21029d62771SThomas Huth }; 21129d62771SThomas Huth 21229d62771SThomas Huth static void vfio_pci_igd_register_types(void) 21329d62771SThomas Huth { 21429d62771SThomas Huth type_register_static(&vfio_pci_igd_lpc_bridge_info); 21529d62771SThomas Huth } 21629d62771SThomas Huth 21729d62771SThomas Huth type_init(vfio_pci_igd_register_types) 21829d62771SThomas Huth 21929d62771SThomas Huth static int vfio_pci_igd_lpc_init(VFIOPCIDevice *vdev, 22029d62771SThomas Huth struct vfio_region_info *info) 22129d62771SThomas Huth { 22229d62771SThomas Huth PCIDevice *lpc_bridge; 22329d62771SThomas Huth int ret; 22429d62771SThomas Huth 22529d62771SThomas Huth lpc_bridge = pci_find_device(pci_device_root_bus(&vdev->pdev), 22629d62771SThomas Huth 0, PCI_DEVFN(0x1f, 0)); 22729d62771SThomas Huth if (!lpc_bridge) { 22829d62771SThomas Huth lpc_bridge = pci_create_simple(pci_device_root_bus(&vdev->pdev), 22929d62771SThomas Huth PCI_DEVFN(0x1f, 0), "vfio-pci-igd-lpc-bridge"); 23029d62771SThomas Huth } 23129d62771SThomas Huth 23229d62771SThomas Huth ret = vfio_pci_igd_copy(vdev, lpc_bridge, info, igd_lpc_bridge_infos, 23329d62771SThomas Huth ARRAY_SIZE(igd_lpc_bridge_infos)); 23429d62771SThomas Huth if (!ret) { 23529d62771SThomas Huth trace_vfio_pci_igd_lpc_bridge_enabled(vdev->vbasedev.name); 23629d62771SThomas Huth } 23729d62771SThomas Huth 23829d62771SThomas Huth return ret; 23929d62771SThomas Huth } 24029d62771SThomas Huth 24129d62771SThomas Huth /* 24229d62771SThomas Huth * IGD Gen8 and newer support up to 8MB for the GTT and use a 64bit PTE 24329d62771SThomas Huth * entry, older IGDs use 2MB and 32bit. Each PTE maps a 4k page. Therefore 24429d62771SThomas Huth * we either have 2M/4k * 4 = 2k or 8M/4k * 8 = 16k as the maximum iobar index 24529d62771SThomas Huth * for programming the GTT. 24629d62771SThomas Huth * 24729d62771SThomas Huth * See linux:include/drm/i915_drm.h for shift and mask values. 24829d62771SThomas Huth */ 24929d62771SThomas Huth static int vfio_igd_gtt_max(VFIOPCIDevice *vdev) 25029d62771SThomas Huth { 25129d62771SThomas Huth uint32_t gmch = vfio_pci_read_config(&vdev->pdev, IGD_GMCH, sizeof(gmch)); 25229d62771SThomas Huth int ggms, gen = igd_gen(vdev); 25329d62771SThomas Huth 25429d62771SThomas Huth gmch = vfio_pci_read_config(&vdev->pdev, IGD_GMCH, sizeof(gmch)); 25529d62771SThomas Huth ggms = (gmch >> (gen < 8 ? 8 : 6)) & 0x3; 25629d62771SThomas Huth if (gen > 6) { 25729d62771SThomas Huth ggms = 1 << ggms; 25829d62771SThomas Huth } 25929d62771SThomas Huth 26029d62771SThomas Huth ggms *= MiB; 26129d62771SThomas Huth 26229d62771SThomas Huth return (ggms / (4 * KiB)) * (gen < 8 ? 4 : 8); 26329d62771SThomas Huth } 26429d62771SThomas Huth 26529d62771SThomas Huth /* 26629d62771SThomas Huth * The IGD ROM will make use of stolen memory (GGMS) for support of VESA modes. 26729d62771SThomas Huth * Somehow the host stolen memory range is used for this, but how the ROM gets 26829d62771SThomas Huth * it is a mystery, perhaps it's hardcoded into the ROM. Thankfully though, it 26929d62771SThomas Huth * reprograms the GTT through the IOBAR where we can trap it and transpose the 27029d62771SThomas Huth * programming to the VM allocated buffer. That buffer gets reserved by the VM 27129d62771SThomas Huth * firmware via the fw_cfg entry added below. Here we're just monitoring the 27229d62771SThomas Huth * IOBAR address and data registers to detect a write sequence targeting the 27329d62771SThomas Huth * GTTADR. This code is developed by observed behavior and doesn't have a 27429d62771SThomas Huth * direct spec reference, unfortunately. 27529d62771SThomas Huth */ 27629d62771SThomas Huth static uint64_t vfio_igd_quirk_data_read(void *opaque, 27729d62771SThomas Huth hwaddr addr, unsigned size) 27829d62771SThomas Huth { 27929d62771SThomas Huth VFIOIGDQuirk *igd = opaque; 28029d62771SThomas Huth VFIOPCIDevice *vdev = igd->vdev; 28129d62771SThomas Huth 28229d62771SThomas Huth igd->index = ~0; 28329d62771SThomas Huth 28429d62771SThomas Huth return vfio_region_read(&vdev->bars[4].region, addr + 4, size); 28529d62771SThomas Huth } 28629d62771SThomas Huth 28729d62771SThomas Huth static void vfio_igd_quirk_data_write(void *opaque, hwaddr addr, 28829d62771SThomas Huth uint64_t data, unsigned size) 28929d62771SThomas Huth { 29029d62771SThomas Huth VFIOIGDQuirk *igd = opaque; 29129d62771SThomas Huth VFIOPCIDevice *vdev = igd->vdev; 29229d62771SThomas Huth uint64_t val = data; 29329d62771SThomas Huth int gen = igd_gen(vdev); 29429d62771SThomas Huth 29529d62771SThomas Huth /* 29629d62771SThomas Huth * Programming the GGMS starts at index 0x1 and uses every 4th index (ie. 29729d62771SThomas Huth * 0x1, 0x5, 0x9, 0xd,...). For pre-Gen8 each 4-byte write is a whole PTE 29829d62771SThomas Huth * entry, with 0th bit enable set. For Gen8 and up, PTEs are 64bit, so 29929d62771SThomas Huth * entries 0x5 & 0xd are the high dword, in our case zero. Each PTE points 30029d62771SThomas Huth * to a 4k page, which we translate to a page from the VM allocated region, 30129d62771SThomas Huth * pointed to by the BDSM register. If this is not set, we fail. 30229d62771SThomas Huth * 30329d62771SThomas Huth * We trap writes to the full configured GTT size, but we typically only 30429d62771SThomas Huth * see the vBIOS writing up to (nearly) the 1MB barrier. In fact it often 30529d62771SThomas Huth * seems to miss the last entry for an even 1MB GTT. Doing a gratuitous 30629d62771SThomas Huth * write of that last entry does work, but is hopefully unnecessary since 30729d62771SThomas Huth * we clear the previous GTT on initialization. 30829d62771SThomas Huth */ 30929d62771SThomas Huth if ((igd->index % 4 == 1) && igd->index < vfio_igd_gtt_max(vdev)) { 31029d62771SThomas Huth if (gen < 8 || (igd->index % 8 == 1)) { 31129d62771SThomas Huth uint32_t base; 31229d62771SThomas Huth 31329d62771SThomas Huth base = pci_get_long(vdev->pdev.config + IGD_BDSM); 31429d62771SThomas Huth if (!base) { 31529d62771SThomas Huth hw_error("vfio-igd: Guest attempted to program IGD GTT before " 31629d62771SThomas Huth "BIOS reserved stolen memory. Unsupported BIOS?"); 31729d62771SThomas Huth } 31829d62771SThomas Huth 31929d62771SThomas Huth val = data - igd->bdsm + base; 32029d62771SThomas Huth } else { 32129d62771SThomas Huth val = 0; /* upper 32bits of pte, we only enable below 4G PTEs */ 32229d62771SThomas Huth } 32329d62771SThomas Huth 32429d62771SThomas Huth trace_vfio_pci_igd_bar4_write(vdev->vbasedev.name, 32529d62771SThomas Huth igd->index, data, val); 32629d62771SThomas Huth } 32729d62771SThomas Huth 32829d62771SThomas Huth vfio_region_write(&vdev->bars[4].region, addr + 4, val, size); 32929d62771SThomas Huth 33029d62771SThomas Huth igd->index = ~0; 33129d62771SThomas Huth } 33229d62771SThomas Huth 33329d62771SThomas Huth static const MemoryRegionOps vfio_igd_data_quirk = { 33429d62771SThomas Huth .read = vfio_igd_quirk_data_read, 33529d62771SThomas Huth .write = vfio_igd_quirk_data_write, 33629d62771SThomas Huth .endianness = DEVICE_LITTLE_ENDIAN, 33729d62771SThomas Huth }; 33829d62771SThomas Huth 33929d62771SThomas Huth static uint64_t vfio_igd_quirk_index_read(void *opaque, 34029d62771SThomas Huth hwaddr addr, unsigned size) 34129d62771SThomas Huth { 34229d62771SThomas Huth VFIOIGDQuirk *igd = opaque; 34329d62771SThomas Huth VFIOPCIDevice *vdev = igd->vdev; 34429d62771SThomas Huth 34529d62771SThomas Huth igd->index = ~0; 34629d62771SThomas Huth 34729d62771SThomas Huth return vfio_region_read(&vdev->bars[4].region, addr, size); 34829d62771SThomas Huth } 34929d62771SThomas Huth 35029d62771SThomas Huth static void vfio_igd_quirk_index_write(void *opaque, hwaddr addr, 35129d62771SThomas Huth uint64_t data, unsigned size) 35229d62771SThomas Huth { 35329d62771SThomas Huth VFIOIGDQuirk *igd = opaque; 35429d62771SThomas Huth VFIOPCIDevice *vdev = igd->vdev; 35529d62771SThomas Huth 35629d62771SThomas Huth igd->index = data; 35729d62771SThomas Huth 35829d62771SThomas Huth vfio_region_write(&vdev->bars[4].region, addr, data, size); 35929d62771SThomas Huth } 36029d62771SThomas Huth 36129d62771SThomas Huth static const MemoryRegionOps vfio_igd_index_quirk = { 36229d62771SThomas Huth .read = vfio_igd_quirk_index_read, 36329d62771SThomas Huth .write = vfio_igd_quirk_index_write, 36429d62771SThomas Huth .endianness = DEVICE_LITTLE_ENDIAN, 36529d62771SThomas Huth }; 36629d62771SThomas Huth 36729d62771SThomas Huth void vfio_probe_igd_bar4_quirk(VFIOPCIDevice *vdev, int nr) 36829d62771SThomas Huth { 36929d62771SThomas Huth struct vfio_region_info *rom = NULL, *opregion = NULL, 37029d62771SThomas Huth *host = NULL, *lpc = NULL; 37129d62771SThomas Huth VFIOQuirk *quirk; 37229d62771SThomas Huth VFIOIGDQuirk *igd; 37329d62771SThomas Huth PCIDevice *lpc_bridge; 37429d62771SThomas Huth int i, ret, ggms_mb, gms_mb = 0, gen; 37529d62771SThomas Huth uint64_t *bdsm_size; 37629d62771SThomas Huth uint32_t gmch; 37729d62771SThomas Huth uint16_t cmd_orig, cmd; 37829d62771SThomas Huth Error *err = NULL; 37929d62771SThomas Huth 38029d62771SThomas Huth /* 38129d62771SThomas Huth * This must be an Intel VGA device at address 00:02.0 for us to even 38229d62771SThomas Huth * consider enabling legacy mode. The vBIOS has dependencies on the 38329d62771SThomas Huth * PCI bus address. 38429d62771SThomas Huth */ 38529d62771SThomas Huth if (!vfio_pci_is(vdev, PCI_VENDOR_ID_INTEL, PCI_ANY_ID) || 38629d62771SThomas Huth !vfio_is_vga(vdev) || nr != 4 || 38729d62771SThomas Huth &vdev->pdev != pci_find_device(pci_device_root_bus(&vdev->pdev), 38829d62771SThomas Huth 0, PCI_DEVFN(0x2, 0))) { 38929d62771SThomas Huth return; 39029d62771SThomas Huth } 39129d62771SThomas Huth 39229d62771SThomas Huth /* 39329d62771SThomas Huth * We need to create an LPC/ISA bridge at PCI bus address 00:1f.0 that we 39429d62771SThomas Huth * can stuff host values into, so if there's already one there and it's not 39529d62771SThomas Huth * one we can hack on, legacy mode is no-go. Sorry Q35. 39629d62771SThomas Huth */ 39729d62771SThomas Huth lpc_bridge = pci_find_device(pci_device_root_bus(&vdev->pdev), 39829d62771SThomas Huth 0, PCI_DEVFN(0x1f, 0)); 39929d62771SThomas Huth if (lpc_bridge && !object_dynamic_cast(OBJECT(lpc_bridge), 40029d62771SThomas Huth "vfio-pci-igd-lpc-bridge")) { 40129d62771SThomas Huth error_report("IGD device %s cannot support legacy mode due to existing " 40229d62771SThomas Huth "devices at address 1f.0", vdev->vbasedev.name); 40329d62771SThomas Huth return; 40429d62771SThomas Huth } 40529d62771SThomas Huth 40629d62771SThomas Huth /* 40729d62771SThomas Huth * IGD is not a standard, they like to change their specs often. We 40829d62771SThomas Huth * only attempt to support back to SandBridge and we hope that newer 40929d62771SThomas Huth * devices maintain compatibility with generation 8. 41029d62771SThomas Huth */ 41129d62771SThomas Huth gen = igd_gen(vdev); 41229d62771SThomas Huth if (gen != 6 && gen != 8) { 41329d62771SThomas Huth error_report("IGD device %s is unsupported in legacy mode, " 41429d62771SThomas Huth "try SandyBridge or newer", vdev->vbasedev.name); 41529d62771SThomas Huth return; 41629d62771SThomas Huth } 41729d62771SThomas Huth 41829d62771SThomas Huth /* 41929d62771SThomas Huth * Most of what we're doing here is to enable the ROM to run, so if 42029d62771SThomas Huth * there's no ROM, there's no point in setting up this quirk. 42129d62771SThomas Huth * NB. We only seem to get BIOS ROMs, so a UEFI VM would need CSM support. 42229d62771SThomas Huth */ 42329d62771SThomas Huth ret = vfio_get_region_info(&vdev->vbasedev, 42429d62771SThomas Huth VFIO_PCI_ROM_REGION_INDEX, &rom); 42529d62771SThomas Huth if ((ret || !rom->size) && !vdev->pdev.romfile) { 42629d62771SThomas Huth error_report("IGD device %s has no ROM, legacy mode disabled", 42729d62771SThomas Huth vdev->vbasedev.name); 42829d62771SThomas Huth goto out; 42929d62771SThomas Huth } 43029d62771SThomas Huth 43129d62771SThomas Huth /* 43229d62771SThomas Huth * Ignore the hotplug corner case, mark the ROM failed, we can't 43329d62771SThomas Huth * create the devices we need for legacy mode in the hotplug scenario. 43429d62771SThomas Huth */ 43529d62771SThomas Huth if (vdev->pdev.qdev.hotplugged) { 43629d62771SThomas Huth error_report("IGD device %s hotplugged, ROM disabled, " 43729d62771SThomas Huth "legacy mode disabled", vdev->vbasedev.name); 43829d62771SThomas Huth vdev->rom_read_failed = true; 43929d62771SThomas Huth goto out; 44029d62771SThomas Huth } 44129d62771SThomas Huth 44229d62771SThomas Huth /* 44329d62771SThomas Huth * Check whether we have all the vfio device specific regions to 44429d62771SThomas Huth * support legacy mode (added in Linux v4.6). If not, bail. 44529d62771SThomas Huth */ 44629d62771SThomas Huth ret = vfio_get_dev_region_info(&vdev->vbasedev, 44729d62771SThomas Huth VFIO_REGION_TYPE_PCI_VENDOR_TYPE | PCI_VENDOR_ID_INTEL, 44829d62771SThomas Huth VFIO_REGION_SUBTYPE_INTEL_IGD_OPREGION, &opregion); 44929d62771SThomas Huth if (ret) { 45029d62771SThomas Huth error_report("IGD device %s does not support OpRegion access," 45129d62771SThomas Huth "legacy mode disabled", vdev->vbasedev.name); 45229d62771SThomas Huth goto out; 45329d62771SThomas Huth } 45429d62771SThomas Huth 45529d62771SThomas Huth ret = vfio_get_dev_region_info(&vdev->vbasedev, 45629d62771SThomas Huth VFIO_REGION_TYPE_PCI_VENDOR_TYPE | PCI_VENDOR_ID_INTEL, 45729d62771SThomas Huth VFIO_REGION_SUBTYPE_INTEL_IGD_HOST_CFG, &host); 45829d62771SThomas Huth if (ret) { 45929d62771SThomas Huth error_report("IGD device %s does not support host bridge access," 46029d62771SThomas Huth "legacy mode disabled", vdev->vbasedev.name); 46129d62771SThomas Huth goto out; 46229d62771SThomas Huth } 46329d62771SThomas Huth 46429d62771SThomas Huth ret = vfio_get_dev_region_info(&vdev->vbasedev, 46529d62771SThomas Huth VFIO_REGION_TYPE_PCI_VENDOR_TYPE | PCI_VENDOR_ID_INTEL, 46629d62771SThomas Huth VFIO_REGION_SUBTYPE_INTEL_IGD_LPC_CFG, &lpc); 46729d62771SThomas Huth if (ret) { 46829d62771SThomas Huth error_report("IGD device %s does not support LPC bridge access," 46929d62771SThomas Huth "legacy mode disabled", vdev->vbasedev.name); 47029d62771SThomas Huth goto out; 47129d62771SThomas Huth } 47229d62771SThomas Huth 47329d62771SThomas Huth gmch = vfio_pci_read_config(&vdev->pdev, IGD_GMCH, 4); 47429d62771SThomas Huth 47529d62771SThomas Huth /* 47629d62771SThomas Huth * If IGD VGA Disable is clear (expected) and VGA is not already enabled, 47729d62771SThomas Huth * try to enable it. Probably shouldn't be using legacy mode without VGA, 47829d62771SThomas Huth * but also no point in us enabling VGA if disabled in hardware. 47929d62771SThomas Huth */ 48029d62771SThomas Huth if (!(gmch & 0x2) && !vdev->vga && vfio_populate_vga(vdev, &err)) { 48129d62771SThomas Huth error_reportf_err(err, VFIO_MSG_PREFIX, vdev->vbasedev.name); 48229d62771SThomas Huth error_report("IGD device %s failed to enable VGA access, " 48329d62771SThomas Huth "legacy mode disabled", vdev->vbasedev.name); 48429d62771SThomas Huth goto out; 48529d62771SThomas Huth } 48629d62771SThomas Huth 48729d62771SThomas Huth /* Create our LPC/ISA bridge */ 48829d62771SThomas Huth ret = vfio_pci_igd_lpc_init(vdev, lpc); 48929d62771SThomas Huth if (ret) { 49029d62771SThomas Huth error_report("IGD device %s failed to create LPC bridge, " 49129d62771SThomas Huth "legacy mode disabled", vdev->vbasedev.name); 49229d62771SThomas Huth goto out; 49329d62771SThomas Huth } 49429d62771SThomas Huth 49529d62771SThomas Huth /* Stuff some host values into the VM PCI host bridge */ 49629d62771SThomas Huth ret = vfio_pci_igd_host_init(vdev, host); 49729d62771SThomas Huth if (ret) { 49829d62771SThomas Huth error_report("IGD device %s failed to modify host bridge, " 49929d62771SThomas Huth "legacy mode disabled", vdev->vbasedev.name); 50029d62771SThomas Huth goto out; 50129d62771SThomas Huth } 50229d62771SThomas Huth 50329d62771SThomas Huth /* Setup OpRegion access */ 50429d62771SThomas Huth ret = vfio_pci_igd_opregion_init(vdev, opregion, &err); 50529d62771SThomas Huth if (ret) { 50629d62771SThomas Huth error_append_hint(&err, "IGD legacy mode disabled\n"); 50729d62771SThomas Huth error_reportf_err(err, VFIO_MSG_PREFIX, vdev->vbasedev.name); 50829d62771SThomas Huth goto out; 50929d62771SThomas Huth } 51029d62771SThomas Huth 51129d62771SThomas Huth /* Setup our quirk to munge GTT addresses to the VM allocated buffer */ 51229d62771SThomas Huth quirk = vfio_quirk_alloc(2); 51329d62771SThomas Huth igd = quirk->data = g_malloc0(sizeof(*igd)); 51429d62771SThomas Huth igd->vdev = vdev; 51529d62771SThomas Huth igd->index = ~0; 51629d62771SThomas Huth igd->bdsm = vfio_pci_read_config(&vdev->pdev, IGD_BDSM, 4); 51729d62771SThomas Huth igd->bdsm &= ~((1 * MiB) - 1); /* 1MB aligned */ 51829d62771SThomas Huth 51929d62771SThomas Huth memory_region_init_io(&quirk->mem[0], OBJECT(vdev), &vfio_igd_index_quirk, 52029d62771SThomas Huth igd, "vfio-igd-index-quirk", 4); 52129d62771SThomas Huth memory_region_add_subregion_overlap(vdev->bars[nr].region.mem, 52229d62771SThomas Huth 0, &quirk->mem[0], 1); 52329d62771SThomas Huth 52429d62771SThomas Huth memory_region_init_io(&quirk->mem[1], OBJECT(vdev), &vfio_igd_data_quirk, 52529d62771SThomas Huth igd, "vfio-igd-data-quirk", 4); 52629d62771SThomas Huth memory_region_add_subregion_overlap(vdev->bars[nr].region.mem, 52729d62771SThomas Huth 4, &quirk->mem[1], 1); 52829d62771SThomas Huth 52929d62771SThomas Huth QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next); 53029d62771SThomas Huth 53129d62771SThomas Huth /* Determine the size of stolen memory needed for GTT */ 53229d62771SThomas Huth ggms_mb = (gmch >> (gen < 8 ? 8 : 6)) & 0x3; 53329d62771SThomas Huth if (gen > 6) { 53429d62771SThomas Huth ggms_mb = 1 << ggms_mb; 53529d62771SThomas Huth } 53629d62771SThomas Huth 53729d62771SThomas Huth /* 538*ac9574bcSStefan Weil * Assume we have no GMS memory, but allow it to be overridden by device 53929d62771SThomas Huth * option (experimental). The spec doesn't actually allow zero GMS when 54029d62771SThomas Huth * when IVD (IGD VGA Disable) is clear, but the claim is that it's unused, 54129d62771SThomas Huth * so let's not waste VM memory for it. 54229d62771SThomas Huth */ 54329d62771SThomas Huth gmch &= ~((gen < 8 ? 0x1f : 0xff) << (gen < 8 ? 3 : 8)); 54429d62771SThomas Huth 54529d62771SThomas Huth if (vdev->igd_gms) { 54629d62771SThomas Huth if (vdev->igd_gms <= 0x10) { 54729d62771SThomas Huth gms_mb = vdev->igd_gms * 32; 54829d62771SThomas Huth gmch |= vdev->igd_gms << (gen < 8 ? 3 : 8); 54929d62771SThomas Huth } else { 55029d62771SThomas Huth error_report("Unsupported IGD GMS value 0x%x", vdev->igd_gms); 55129d62771SThomas Huth vdev->igd_gms = 0; 55229d62771SThomas Huth } 55329d62771SThomas Huth } 55429d62771SThomas Huth 55529d62771SThomas Huth /* 55629d62771SThomas Huth * Request reserved memory for stolen memory via fw_cfg. VM firmware 55729d62771SThomas Huth * must allocate a 1MB aligned reserved memory region below 4GB with 55829d62771SThomas Huth * the requested size (in bytes) for use by the Intel PCI class VGA 55929d62771SThomas Huth * device at VM address 00:02.0. The base address of this reserved 56029d62771SThomas Huth * memory region must be written to the device BDSM regsiter at PCI 56129d62771SThomas Huth * config offset 0x5C. 56229d62771SThomas Huth */ 56329d62771SThomas Huth bdsm_size = g_malloc(sizeof(*bdsm_size)); 56429d62771SThomas Huth *bdsm_size = cpu_to_le64((ggms_mb + gms_mb) * MiB); 56529d62771SThomas Huth fw_cfg_add_file(fw_cfg_find(), "etc/igd-bdsm-size", 56629d62771SThomas Huth bdsm_size, sizeof(*bdsm_size)); 56729d62771SThomas Huth 56829d62771SThomas Huth /* GMCH is read-only, emulated */ 56929d62771SThomas Huth pci_set_long(vdev->pdev.config + IGD_GMCH, gmch); 57029d62771SThomas Huth pci_set_long(vdev->pdev.wmask + IGD_GMCH, 0); 57129d62771SThomas Huth pci_set_long(vdev->emulated_config_bits + IGD_GMCH, ~0); 57229d62771SThomas Huth 57329d62771SThomas Huth /* BDSM is read-write, emulated. The BIOS needs to be able to write it */ 57429d62771SThomas Huth pci_set_long(vdev->pdev.config + IGD_BDSM, 0); 57529d62771SThomas Huth pci_set_long(vdev->pdev.wmask + IGD_BDSM, ~0); 57629d62771SThomas Huth pci_set_long(vdev->emulated_config_bits + IGD_BDSM, ~0); 57729d62771SThomas Huth 57829d62771SThomas Huth /* 57929d62771SThomas Huth * This IOBAR gives us access to GTTADR, which allows us to write to 58029d62771SThomas Huth * the GTT itself. So let's go ahead and write zero to all the GTT 58129d62771SThomas Huth * entries to avoid spurious DMA faults. Be sure I/O access is enabled 58229d62771SThomas Huth * before talking to the device. 58329d62771SThomas Huth */ 58429d62771SThomas Huth if (pread(vdev->vbasedev.fd, &cmd_orig, sizeof(cmd_orig), 58529d62771SThomas Huth vdev->config_offset + PCI_COMMAND) != sizeof(cmd_orig)) { 58629d62771SThomas Huth error_report("IGD device %s - failed to read PCI command register", 58729d62771SThomas Huth vdev->vbasedev.name); 58829d62771SThomas Huth } 58929d62771SThomas Huth 59029d62771SThomas Huth cmd = cmd_orig | PCI_COMMAND_IO; 59129d62771SThomas Huth 59229d62771SThomas Huth if (pwrite(vdev->vbasedev.fd, &cmd, sizeof(cmd), 59329d62771SThomas Huth vdev->config_offset + PCI_COMMAND) != sizeof(cmd)) { 59429d62771SThomas Huth error_report("IGD device %s - failed to write PCI command register", 59529d62771SThomas Huth vdev->vbasedev.name); 59629d62771SThomas Huth } 59729d62771SThomas Huth 59829d62771SThomas Huth for (i = 1; i < vfio_igd_gtt_max(vdev); i += 4) { 59929d62771SThomas Huth vfio_region_write(&vdev->bars[4].region, 0, i, 4); 60029d62771SThomas Huth vfio_region_write(&vdev->bars[4].region, 4, 0, 4); 60129d62771SThomas Huth } 60229d62771SThomas Huth 60329d62771SThomas Huth if (pwrite(vdev->vbasedev.fd, &cmd_orig, sizeof(cmd_orig), 60429d62771SThomas Huth vdev->config_offset + PCI_COMMAND) != sizeof(cmd_orig)) { 60529d62771SThomas Huth error_report("IGD device %s - failed to restore PCI command register", 60629d62771SThomas Huth vdev->vbasedev.name); 60729d62771SThomas Huth } 60829d62771SThomas Huth 60929d62771SThomas Huth trace_vfio_pci_igd_bdsm_enabled(vdev->vbasedev.name, ggms_mb + gms_mb); 61029d62771SThomas Huth 61129d62771SThomas Huth out: 61229d62771SThomas Huth g_free(rom); 61329d62771SThomas Huth g_free(opregion); 61429d62771SThomas Huth g_free(host); 61529d62771SThomas Huth g_free(lpc); 61629d62771SThomas Huth } 617