xref: /openbmc/qemu/hw/i386/acpi-build.c (revision db76ec62)
1 /* Support for generating ACPI tables and passing them to Guests
2  *
3  * Copyright (C) 2008-2010  Kevin O'Connor <kevin@koconnor.net>
4  * Copyright (C) 2006 Fabrice Bellard
5  * Copyright (C) 2013 Red Hat Inc
6  *
7  * Author: Michael S. Tsirkin <mst@redhat.com>
8  *
9  * This program is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13 
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU General Public License for more details.
18 
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, see <http://www.gnu.org/licenses/>.
21  */
22 
23 #include "acpi-build.h"
24 #include <stddef.h>
25 #include <glib.h>
26 #include "qemu-common.h"
27 #include "qemu/bitmap.h"
28 #include "qemu/range.h"
29 #include "hw/pci/pci.h"
30 #include "qom/cpu.h"
31 #include "hw/i386/pc.h"
32 #include "target-i386/cpu.h"
33 #include "hw/timer/hpet.h"
34 #include "hw/i386/acpi-defs.h"
35 #include "hw/acpi/acpi.h"
36 #include "hw/nvram/fw_cfg.h"
37 #include "bios-linker-loader.h"
38 #include "hw/loader.h"
39 #include "hw/isa/isa.h"
40 
41 /* Supported chipsets: */
42 #include "hw/acpi/piix4.h"
43 #include "hw/acpi/pcihp.h"
44 #include "hw/i386/ich9.h"
45 #include "hw/pci/pci_bus.h"
46 #include "hw/pci-host/q35.h"
47 
48 #include "hw/i386/q35-acpi-dsdt.hex"
49 #include "hw/i386/acpi-dsdt.hex"
50 
51 #include "qapi/qmp/qint.h"
52 #include "qom/qom-qobject.h"
53 
54 typedef struct AcpiCpuInfo {
55     DECLARE_BITMAP(found_cpus, ACPI_CPU_HOTPLUG_ID_LIMIT);
56 } AcpiCpuInfo;
57 
58 typedef struct AcpiMcfgInfo {
59     uint64_t mcfg_base;
60     uint32_t mcfg_size;
61 } AcpiMcfgInfo;
62 
63 typedef struct AcpiPmInfo {
64     bool s3_disabled;
65     bool s4_disabled;
66     uint8_t s4_val;
67     uint16_t sci_int;
68     uint8_t acpi_enable_cmd;
69     uint8_t acpi_disable_cmd;
70     uint32_t gpe0_blk;
71     uint32_t gpe0_blk_len;
72     uint32_t io_base;
73 } AcpiPmInfo;
74 
75 typedef struct AcpiMiscInfo {
76     bool has_hpet;
77     DECLARE_BITMAP(slot_hotplug_enable, PCI_SLOT_MAX);
78     const unsigned char *dsdt_code;
79     unsigned dsdt_size;
80     uint16_t pvpanic_port;
81 } AcpiMiscInfo;
82 
83 typedef struct AcpiBuildPciBusHotplugState {
84     GArray *device_table;
85     GArray *notify_table;
86     struct AcpiBuildPciBusHotplugState *parent;
87 } AcpiBuildPciBusHotplugState;
88 
89 static void acpi_get_dsdt(AcpiMiscInfo *info)
90 {
91     uint16_t *applesmc_sta;
92     Object *piix = piix4_pm_find();
93     Object *lpc = ich9_lpc_find();
94     assert(!!piix != !!lpc);
95 
96     if (piix) {
97         info->dsdt_code = AcpiDsdtAmlCode;
98         info->dsdt_size = sizeof AcpiDsdtAmlCode;
99         applesmc_sta = piix_dsdt_applesmc_sta;
100     }
101     if (lpc) {
102         info->dsdt_code = Q35AcpiDsdtAmlCode;
103         info->dsdt_size = sizeof Q35AcpiDsdtAmlCode;
104         applesmc_sta = q35_dsdt_applesmc_sta;
105     }
106 
107     /* Patch in appropriate value for AppleSMC _STA */
108     *(uint8_t *)(info->dsdt_code + *applesmc_sta) =
109         applesmc_find() ? 0x0b : 0x00;
110 }
111 
112 static
113 int acpi_add_cpu_info(Object *o, void *opaque)
114 {
115     AcpiCpuInfo *cpu = opaque;
116     uint64_t apic_id;
117 
118     if (object_dynamic_cast(o, TYPE_CPU)) {
119         apic_id = object_property_get_int(o, "apic-id", NULL);
120         assert(apic_id < ACPI_CPU_HOTPLUG_ID_LIMIT);
121 
122         set_bit(apic_id, cpu->found_cpus);
123     }
124 
125     object_child_foreach(o, acpi_add_cpu_info, opaque);
126     return 0;
127 }
128 
129 static void acpi_get_cpu_info(AcpiCpuInfo *cpu)
130 {
131     Object *root = object_get_root();
132 
133     memset(cpu->found_cpus, 0, sizeof cpu->found_cpus);
134     object_child_foreach(root, acpi_add_cpu_info, cpu);
135 }
136 
137 static void acpi_get_pm_info(AcpiPmInfo *pm)
138 {
139     Object *piix = piix4_pm_find();
140     Object *lpc = ich9_lpc_find();
141     Object *obj = NULL;
142     QObject *o;
143 
144     if (piix) {
145         obj = piix;
146     }
147     if (lpc) {
148         obj = lpc;
149     }
150     assert(obj);
151 
152     /* Fill in optional s3/s4 related properties */
153     o = object_property_get_qobject(obj, ACPI_PM_PROP_S3_DISABLED, NULL);
154     if (o) {
155         pm->s3_disabled = qint_get_int(qobject_to_qint(o));
156     } else {
157         pm->s3_disabled = false;
158     }
159     qobject_decref(o);
160     o = object_property_get_qobject(obj, ACPI_PM_PROP_S4_DISABLED, NULL);
161     if (o) {
162         pm->s4_disabled = qint_get_int(qobject_to_qint(o));
163     } else {
164         pm->s4_disabled = false;
165     }
166     qobject_decref(o);
167     o = object_property_get_qobject(obj, ACPI_PM_PROP_S4_VAL, NULL);
168     if (o) {
169         pm->s4_val = qint_get_int(qobject_to_qint(o));
170     } else {
171         pm->s4_val = false;
172     }
173     qobject_decref(o);
174 
175     /* Fill in mandatory properties */
176     pm->sci_int = object_property_get_int(obj, ACPI_PM_PROP_SCI_INT, NULL);
177 
178     pm->acpi_enable_cmd = object_property_get_int(obj,
179                                                   ACPI_PM_PROP_ACPI_ENABLE_CMD,
180                                                   NULL);
181     pm->acpi_disable_cmd = object_property_get_int(obj,
182                                                   ACPI_PM_PROP_ACPI_DISABLE_CMD,
183                                                   NULL);
184     pm->io_base = object_property_get_int(obj, ACPI_PM_PROP_PM_IO_BASE,
185                                           NULL);
186     pm->gpe0_blk = object_property_get_int(obj, ACPI_PM_PROP_GPE0_BLK,
187                                            NULL);
188     pm->gpe0_blk_len = object_property_get_int(obj, ACPI_PM_PROP_GPE0_BLK_LEN,
189                                                NULL);
190 }
191 
192 static void acpi_get_misc_info(AcpiMiscInfo *info)
193 {
194     info->has_hpet = hpet_find();
195     info->pvpanic_port = pvpanic_port();
196 }
197 
198 static void acpi_get_pci_info(PcPciInfo *info)
199 {
200     Object *pci_host;
201     bool ambiguous;
202 
203     pci_host = object_resolve_path_type("", TYPE_PCI_HOST_BRIDGE, &ambiguous);
204     g_assert(!ambiguous);
205     g_assert(pci_host);
206 
207     info->w32.begin = object_property_get_int(pci_host,
208                                               PCI_HOST_PROP_PCI_HOLE_START,
209                                               NULL);
210     info->w32.end = object_property_get_int(pci_host,
211                                             PCI_HOST_PROP_PCI_HOLE_END,
212                                             NULL);
213     info->w64.begin = object_property_get_int(pci_host,
214                                               PCI_HOST_PROP_PCI_HOLE64_START,
215                                               NULL);
216     info->w64.end = object_property_get_int(pci_host,
217                                             PCI_HOST_PROP_PCI_HOLE64_END,
218                                             NULL);
219 }
220 
221 #define ACPI_BUILD_APPNAME  "Bochs"
222 #define ACPI_BUILD_APPNAME6 "BOCHS "
223 #define ACPI_BUILD_APPNAME4 "BXPC"
224 
225 #define ACPI_BUILD_DPRINTF(level, fmt, ...) do {} while (0)
226 
227 #define ACPI_BUILD_TABLE_FILE "etc/acpi/tables"
228 #define ACPI_BUILD_RSDP_FILE "etc/acpi/rsdp"
229 
230 static void
231 build_header(GArray *linker, GArray *table_data,
232              AcpiTableHeader *h, const char *sig, int len, uint8_t rev)
233 {
234     memcpy(&h->signature, sig, 4);
235     h->length = cpu_to_le32(len);
236     h->revision = rev;
237     memcpy(h->oem_id, ACPI_BUILD_APPNAME6, 6);
238     memcpy(h->oem_table_id, ACPI_BUILD_APPNAME4, 4);
239     memcpy(h->oem_table_id + 4, sig, 4);
240     h->oem_revision = cpu_to_le32(1);
241     memcpy(h->asl_compiler_id, ACPI_BUILD_APPNAME4, 4);
242     h->asl_compiler_revision = cpu_to_le32(1);
243     h->checksum = 0;
244     /* Checksum to be filled in by Guest linker */
245     bios_linker_loader_add_checksum(linker, ACPI_BUILD_TABLE_FILE,
246                                     table_data->data, h, len, &h->checksum);
247 }
248 
249 static inline GArray *build_alloc_array(void)
250 {
251         return g_array_new(false, true /* clear */, 1);
252 }
253 
254 static inline void build_free_array(GArray *array)
255 {
256         g_array_free(array, true);
257 }
258 
259 static inline void build_prepend_byte(GArray *array, uint8_t val)
260 {
261     g_array_prepend_val(array, val);
262 }
263 
264 static inline void build_append_byte(GArray *array, uint8_t val)
265 {
266     g_array_append_val(array, val);
267 }
268 
269 static inline void build_append_array(GArray *array, GArray *val)
270 {
271     g_array_append_vals(array, val->data, val->len);
272 }
273 
274 static void GCC_FMT_ATTR(2, 3)
275 build_append_nameseg(GArray *array, const char *format, ...)
276 {
277     /* It would be nicer to use g_string_vprintf but it's only there in 2.22 */
278     char s[] = "XXXX";
279     int len;
280     va_list args;
281 
282     va_start(args, format);
283     len = vsnprintf(s, sizeof s, format, args);
284     va_end(args);
285 
286     assert(len == 4);
287     g_array_append_vals(array, s, len);
288 }
289 
290 /* 5.4 Definition Block Encoding */
291 enum {
292     PACKAGE_LENGTH_1BYTE_SHIFT = 6, /* Up to 63 - use extra 2 bits. */
293     PACKAGE_LENGTH_2BYTE_SHIFT = 4,
294     PACKAGE_LENGTH_3BYTE_SHIFT = 12,
295     PACKAGE_LENGTH_4BYTE_SHIFT = 20,
296 };
297 
298 static void build_prepend_package_length(GArray *package, unsigned min_bytes)
299 {
300     uint8_t byte;
301     unsigned length = package->len;
302     unsigned length_bytes;
303 
304     if (length + 1 < (1 << PACKAGE_LENGTH_1BYTE_SHIFT)) {
305         length_bytes = 1;
306     } else if (length + 2 < (1 << PACKAGE_LENGTH_3BYTE_SHIFT)) {
307         length_bytes = 2;
308     } else if (length + 3 < (1 << PACKAGE_LENGTH_4BYTE_SHIFT)) {
309         length_bytes = 3;
310     } else {
311         length_bytes = 4;
312     }
313 
314     /* Force length to at least min_bytes.
315      * This wastes memory but that's how bios did it.
316      */
317     length_bytes = MAX(length_bytes, min_bytes);
318 
319     /* PkgLength is the length of the inclusive length of the data. */
320     length += length_bytes;
321 
322     switch (length_bytes) {
323     case 1:
324         byte = length;
325         build_prepend_byte(package, byte);
326         return;
327     case 4:
328         byte = length >> PACKAGE_LENGTH_4BYTE_SHIFT;
329         build_prepend_byte(package, byte);
330         length &= (1 << PACKAGE_LENGTH_4BYTE_SHIFT) - 1;
331         /* fall through */
332     case 3:
333         byte = length >> PACKAGE_LENGTH_3BYTE_SHIFT;
334         build_prepend_byte(package, byte);
335         length &= (1 << PACKAGE_LENGTH_3BYTE_SHIFT) - 1;
336         /* fall through */
337     case 2:
338         byte = length >> PACKAGE_LENGTH_2BYTE_SHIFT;
339         build_prepend_byte(package, byte);
340         length &= (1 << PACKAGE_LENGTH_2BYTE_SHIFT) - 1;
341         /* fall through */
342     }
343     /*
344      * Most significant two bits of byte zero indicate how many following bytes
345      * are in PkgLength encoding.
346      */
347     byte = ((length_bytes - 1) << PACKAGE_LENGTH_1BYTE_SHIFT) | length;
348     build_prepend_byte(package, byte);
349 }
350 
351 static void build_package(GArray *package, uint8_t op, unsigned min_bytes)
352 {
353     build_prepend_package_length(package, min_bytes);
354     build_prepend_byte(package, op);
355 }
356 
357 static void build_extop_package(GArray *package, uint8_t op)
358 {
359     build_package(package, op, 1);
360     build_prepend_byte(package, 0x5B); /* ExtOpPrefix */
361 }
362 
363 static void build_append_value(GArray *table, uint32_t value, int size)
364 {
365     uint8_t prefix;
366     int i;
367 
368     switch (size) {
369     case 1:
370         prefix = 0x0A; /* BytePrefix */
371         break;
372     case 2:
373         prefix = 0x0B; /* WordPrefix */
374         break;
375     case 4:
376         prefix = 0x0C; /* DWordPrefix */
377         break;
378     default:
379         assert(0);
380         return;
381     }
382     build_append_byte(table, prefix);
383     for (i = 0; i < size; ++i) {
384         build_append_byte(table, value & 0xFF);
385         value = value >> 8;
386     }
387 }
388 
389 static void build_append_int(GArray *table, uint32_t value)
390 {
391     if (value == 0x00) {
392         build_append_byte(table, 0x00); /* ZeroOp */
393     } else if (value == 0x01) {
394         build_append_byte(table, 0x01); /* OneOp */
395     } else if (value <= 0xFF) {
396         build_append_value(table, value, 1);
397     } else if (value <= 0xFFFF) {
398         build_append_value(table, value, 2);
399     } else {
400         build_append_value(table, value, 4);
401     }
402 }
403 
404 static GArray *build_alloc_method(const char *name, uint8_t arg_count)
405 {
406     GArray *method = build_alloc_array();
407 
408     build_append_nameseg(method, "%s", name);
409     build_append_byte(method, arg_count); /* MethodFlags: ArgCount */
410 
411     return method;
412 }
413 
414 static void build_append_and_cleanup_method(GArray *device, GArray *method)
415 {
416     uint8_t op = 0x14; /* MethodOp */
417 
418     build_package(method, op, 0);
419 
420     build_append_array(device, method);
421     build_free_array(method);
422 }
423 
424 static void build_append_notify_target_ifequal(GArray *method,
425                                                GArray *target_name,
426                                                uint32_t value, int size)
427 {
428     GArray *notify = build_alloc_array();
429     uint8_t op = 0xA0; /* IfOp */
430 
431     build_append_byte(notify, 0x93); /* LEqualOp */
432     build_append_byte(notify, 0x68); /* Arg0Op */
433     build_append_value(notify, value, size);
434     build_append_byte(notify, 0x86); /* NotifyOp */
435     build_append_array(notify, target_name);
436     build_append_byte(notify, 0x69); /* Arg1Op */
437 
438     /* Pack it up */
439     build_package(notify, op, 1);
440 
441     build_append_array(method, notify);
442 
443     build_free_array(notify);
444 }
445 
446 /* End here */
447 #define ACPI_PORT_SMI_CMD           0x00b2 /* TODO: this is APM_CNT_IOPORT */
448 
449 static inline void *acpi_data_push(GArray *table_data, unsigned size)
450 {
451     unsigned off = table_data->len;
452     g_array_set_size(table_data, off + size);
453     return table_data->data + off;
454 }
455 
456 static unsigned acpi_data_len(GArray *table)
457 {
458 #if GLIB_CHECK_VERSION(2, 22, 0)
459     assert(g_array_get_element_size(table) == 1);
460 #endif
461     return table->len;
462 }
463 
464 static void acpi_align_size(GArray *blob, unsigned align)
465 {
466     /* Align size to multiple of given size. This reduces the chance
467      * we need to change size in the future (breaking cross version migration).
468      */
469     g_array_set_size(blob, ROUND_UP(acpi_data_len(blob), align));
470 }
471 
472 /* Set a value within table in a safe manner */
473 #define ACPI_BUILD_SET_LE(table, size, off, bits, val) \
474     do { \
475         uint64_t ACPI_BUILD_SET_LE_val = cpu_to_le64(val); \
476         memcpy(acpi_data_get_ptr(table, size, off, \
477                                  (bits) / BITS_PER_BYTE), \
478                &ACPI_BUILD_SET_LE_val, \
479                (bits) / BITS_PER_BYTE); \
480     } while (0)
481 
482 static inline void *acpi_data_get_ptr(uint8_t *table_data, unsigned table_size,
483                                       unsigned off, unsigned size)
484 {
485     assert(off + size > off);
486     assert(off + size <= table_size);
487     return table_data + off;
488 }
489 
490 static inline void acpi_add_table(GArray *table_offsets, GArray *table_data)
491 {
492     uint32_t offset = cpu_to_le32(table_data->len);
493     g_array_append_val(table_offsets, offset);
494 }
495 
496 /* FACS */
497 static void
498 build_facs(GArray *table_data, GArray *linker, PcGuestInfo *guest_info)
499 {
500     AcpiFacsDescriptorRev1 *facs = acpi_data_push(table_data, sizeof *facs);
501     memcpy(&facs->signature, "FACS", 4);
502     facs->length = cpu_to_le32(sizeof(*facs));
503 }
504 
505 /* Load chipset information in FADT */
506 static void fadt_setup(AcpiFadtDescriptorRev1 *fadt, AcpiPmInfo *pm)
507 {
508     fadt->model = 1;
509     fadt->reserved1 = 0;
510     fadt->sci_int = cpu_to_le16(pm->sci_int);
511     fadt->smi_cmd = cpu_to_le32(ACPI_PORT_SMI_CMD);
512     fadt->acpi_enable = pm->acpi_enable_cmd;
513     fadt->acpi_disable = pm->acpi_disable_cmd;
514     /* EVT, CNT, TMR offset matches hw/acpi/core.c */
515     fadt->pm1a_evt_blk = cpu_to_le32(pm->io_base);
516     fadt->pm1a_cnt_blk = cpu_to_le32(pm->io_base + 0x04);
517     fadt->pm_tmr_blk = cpu_to_le32(pm->io_base + 0x08);
518     fadt->gpe0_blk = cpu_to_le32(pm->gpe0_blk);
519     /* EVT, CNT, TMR length matches hw/acpi/core.c */
520     fadt->pm1_evt_len = 4;
521     fadt->pm1_cnt_len = 2;
522     fadt->pm_tmr_len = 4;
523     fadt->gpe0_blk_len = pm->gpe0_blk_len;
524     fadt->plvl2_lat = cpu_to_le16(0xfff); /* C2 state not supported */
525     fadt->plvl3_lat = cpu_to_le16(0xfff); /* C3 state not supported */
526     fadt->flags = cpu_to_le32((1 << ACPI_FADT_F_WBINVD) |
527                               (1 << ACPI_FADT_F_PROC_C1) |
528                               (1 << ACPI_FADT_F_SLP_BUTTON) |
529                               (1 << ACPI_FADT_F_RTC_S4));
530     fadt->flags |= cpu_to_le32(1 << ACPI_FADT_F_USE_PLATFORM_CLOCK);
531 }
532 
533 
534 /* FADT */
535 static void
536 build_fadt(GArray *table_data, GArray *linker, AcpiPmInfo *pm,
537            unsigned facs, unsigned dsdt)
538 {
539     AcpiFadtDescriptorRev1 *fadt = acpi_data_push(table_data, sizeof(*fadt));
540 
541     fadt->firmware_ctrl = cpu_to_le32(facs);
542     /* FACS address to be filled by Guest linker */
543     bios_linker_loader_add_pointer(linker, ACPI_BUILD_TABLE_FILE,
544                                    ACPI_BUILD_TABLE_FILE,
545                                    table_data, &fadt->firmware_ctrl,
546                                    sizeof fadt->firmware_ctrl);
547 
548     fadt->dsdt = cpu_to_le32(dsdt);
549     /* DSDT address to be filled by Guest linker */
550     bios_linker_loader_add_pointer(linker, ACPI_BUILD_TABLE_FILE,
551                                    ACPI_BUILD_TABLE_FILE,
552                                    table_data, &fadt->dsdt,
553                                    sizeof fadt->dsdt);
554 
555     fadt_setup(fadt, pm);
556 
557     build_header(linker, table_data,
558                  (void *)fadt, "FACP", sizeof(*fadt), 1);
559 }
560 
561 static void
562 build_madt(GArray *table_data, GArray *linker, AcpiCpuInfo *cpu,
563            PcGuestInfo *guest_info)
564 {
565     int madt_start = table_data->len;
566 
567     AcpiMultipleApicTable *madt;
568     AcpiMadtIoApic *io_apic;
569     AcpiMadtIntsrcovr *intsrcovr;
570     AcpiMadtLocalNmi *local_nmi;
571     int i;
572 
573     madt = acpi_data_push(table_data, sizeof *madt);
574     madt->local_apic_address = cpu_to_le32(APIC_DEFAULT_ADDRESS);
575     madt->flags = cpu_to_le32(1);
576 
577     for (i = 0; i < guest_info->apic_id_limit; i++) {
578         AcpiMadtProcessorApic *apic = acpi_data_push(table_data, sizeof *apic);
579         apic->type = ACPI_APIC_PROCESSOR;
580         apic->length = sizeof(*apic);
581         apic->processor_id = i;
582         apic->local_apic_id = i;
583         if (test_bit(i, cpu->found_cpus)) {
584             apic->flags = cpu_to_le32(1);
585         } else {
586             apic->flags = cpu_to_le32(0);
587         }
588     }
589     io_apic = acpi_data_push(table_data, sizeof *io_apic);
590     io_apic->type = ACPI_APIC_IO;
591     io_apic->length = sizeof(*io_apic);
592 #define ACPI_BUILD_IOAPIC_ID 0x0
593     io_apic->io_apic_id = ACPI_BUILD_IOAPIC_ID;
594     io_apic->address = cpu_to_le32(IO_APIC_DEFAULT_ADDRESS);
595     io_apic->interrupt = cpu_to_le32(0);
596 
597     if (guest_info->apic_xrupt_override) {
598         intsrcovr = acpi_data_push(table_data, sizeof *intsrcovr);
599         intsrcovr->type   = ACPI_APIC_XRUPT_OVERRIDE;
600         intsrcovr->length = sizeof(*intsrcovr);
601         intsrcovr->source = 0;
602         intsrcovr->gsi    = cpu_to_le32(2);
603         intsrcovr->flags  = cpu_to_le16(0); /* conforms to bus specifications */
604     }
605     for (i = 1; i < 16; i++) {
606 #define ACPI_BUILD_PCI_IRQS ((1<<5) | (1<<9) | (1<<10) | (1<<11))
607         if (!(ACPI_BUILD_PCI_IRQS & (1 << i))) {
608             /* No need for a INT source override structure. */
609             continue;
610         }
611         intsrcovr = acpi_data_push(table_data, sizeof *intsrcovr);
612         intsrcovr->type   = ACPI_APIC_XRUPT_OVERRIDE;
613         intsrcovr->length = sizeof(*intsrcovr);
614         intsrcovr->source = i;
615         intsrcovr->gsi    = cpu_to_le32(i);
616         intsrcovr->flags  = cpu_to_le16(0xd); /* active high, level triggered */
617     }
618 
619     local_nmi = acpi_data_push(table_data, sizeof *local_nmi);
620     local_nmi->type         = ACPI_APIC_LOCAL_NMI;
621     local_nmi->length       = sizeof(*local_nmi);
622     local_nmi->processor_id = 0xff; /* all processors */
623     local_nmi->flags        = cpu_to_le16(0);
624     local_nmi->lint         = 1; /* ACPI_LINT1 */
625 
626     build_header(linker, table_data,
627                  (void *)(table_data->data + madt_start), "APIC",
628                  table_data->len - madt_start, 1);
629 }
630 
631 /* Encode a hex value */
632 static inline char acpi_get_hex(uint32_t val)
633 {
634     val &= 0x0f;
635     return (val <= 9) ? ('0' + val) : ('A' + val - 10);
636 }
637 
638 #include "hw/i386/ssdt-proc.hex"
639 
640 /* 0x5B 0x83 ProcessorOp PkgLength NameString ProcID */
641 #define ACPI_PROC_OFFSET_CPUHEX (*ssdt_proc_name - *ssdt_proc_start + 2)
642 #define ACPI_PROC_OFFSET_CPUID1 (*ssdt_proc_name - *ssdt_proc_start + 4)
643 #define ACPI_PROC_OFFSET_CPUID2 (*ssdt_proc_id - *ssdt_proc_start)
644 #define ACPI_PROC_SIZEOF (*ssdt_proc_end - *ssdt_proc_start)
645 #define ACPI_PROC_AML (ssdp_proc_aml + *ssdt_proc_start)
646 
647 /* 0x5B 0x82 DeviceOp PkgLength NameString */
648 #define ACPI_PCIHP_OFFSET_HEX (*ssdt_pcihp_name - *ssdt_pcihp_start + 1)
649 #define ACPI_PCIHP_OFFSET_ID (*ssdt_pcihp_id - *ssdt_pcihp_start)
650 #define ACPI_PCIHP_OFFSET_ADR (*ssdt_pcihp_adr - *ssdt_pcihp_start)
651 #define ACPI_PCIHP_OFFSET_EJ0 (*ssdt_pcihp_ej0 - *ssdt_pcihp_start)
652 #define ACPI_PCIHP_SIZEOF (*ssdt_pcihp_end - *ssdt_pcihp_start)
653 #define ACPI_PCIHP_AML (ssdp_pcihp_aml + *ssdt_pcihp_start)
654 
655 #define ACPI_PCINOHP_OFFSET_HEX (*ssdt_pcinohp_name - *ssdt_pcinohp_start + 1)
656 #define ACPI_PCINOHP_OFFSET_ADR (*ssdt_pcinohp_adr - *ssdt_pcinohp_start)
657 #define ACPI_PCINOHP_SIZEOF (*ssdt_pcinohp_end - *ssdt_pcinohp_start)
658 #define ACPI_PCINOHP_AML (ssdp_pcihp_aml + *ssdt_pcinohp_start)
659 
660 #define ACPI_PCIVGA_OFFSET_HEX (*ssdt_pcivga_name - *ssdt_pcivga_start + 1)
661 #define ACPI_PCIVGA_OFFSET_ADR (*ssdt_pcivga_adr - *ssdt_pcivga_start)
662 #define ACPI_PCIVGA_SIZEOF (*ssdt_pcivga_end - *ssdt_pcivga_start)
663 #define ACPI_PCIVGA_AML (ssdp_pcihp_aml + *ssdt_pcivga_start)
664 
665 #define ACPI_PCIQXL_OFFSET_HEX (*ssdt_pciqxl_name - *ssdt_pciqxl_start + 1)
666 #define ACPI_PCIQXL_OFFSET_ADR (*ssdt_pciqxl_adr - *ssdt_pciqxl_start)
667 #define ACPI_PCIQXL_SIZEOF (*ssdt_pciqxl_end - *ssdt_pciqxl_start)
668 #define ACPI_PCIQXL_AML (ssdp_pcihp_aml + *ssdt_pciqxl_start)
669 
670 #define ACPI_SSDT_SIGNATURE 0x54445353 /* SSDT */
671 #define ACPI_SSDT_HEADER_LENGTH 36
672 
673 #include "hw/i386/ssdt-misc.hex"
674 #include "hw/i386/ssdt-pcihp.hex"
675 
676 static void
677 build_append_notify_method(GArray *device, const char *name,
678                            const char *format, int count)
679 {
680     int i;
681     GArray *method = build_alloc_method(name, 2);
682 
683     for (i = 0; i < count; i++) {
684         GArray *target = build_alloc_array();
685         build_append_nameseg(target, format, i);
686         assert(i < 256); /* Fits in 1 byte */
687         build_append_notify_target_ifequal(method, target, i, 1);
688         build_free_array(target);
689     }
690 
691     build_append_and_cleanup_method(device, method);
692 }
693 
694 static void patch_pcihp(int slot, uint8_t *ssdt_ptr)
695 {
696     unsigned devfn = PCI_DEVFN(slot, 0);
697 
698     ssdt_ptr[ACPI_PCIHP_OFFSET_HEX] = acpi_get_hex(devfn >> 4);
699     ssdt_ptr[ACPI_PCIHP_OFFSET_HEX + 1] = acpi_get_hex(devfn);
700     ssdt_ptr[ACPI_PCIHP_OFFSET_ID] = slot;
701     ssdt_ptr[ACPI_PCIHP_OFFSET_ADR + 2] = slot;
702 }
703 
704 static void patch_pcinohp(int slot, uint8_t *ssdt_ptr)
705 {
706     unsigned devfn = PCI_DEVFN(slot, 0);
707 
708     ssdt_ptr[ACPI_PCINOHP_OFFSET_HEX] = acpi_get_hex(devfn >> 4);
709     ssdt_ptr[ACPI_PCINOHP_OFFSET_HEX + 1] = acpi_get_hex(devfn);
710     ssdt_ptr[ACPI_PCINOHP_OFFSET_ADR + 2] = slot;
711 }
712 
713 static void patch_pcivga(int slot, uint8_t *ssdt_ptr)
714 {
715     unsigned devfn = PCI_DEVFN(slot, 0);
716 
717     ssdt_ptr[ACPI_PCIVGA_OFFSET_HEX] = acpi_get_hex(devfn >> 4);
718     ssdt_ptr[ACPI_PCIVGA_OFFSET_HEX + 1] = acpi_get_hex(devfn);
719     ssdt_ptr[ACPI_PCIVGA_OFFSET_ADR + 2] = slot;
720 }
721 
722 static void patch_pciqxl(int slot, uint8_t *ssdt_ptr)
723 {
724     unsigned devfn = PCI_DEVFN(slot, 0);
725 
726     ssdt_ptr[ACPI_PCIQXL_OFFSET_HEX] = acpi_get_hex(devfn >> 4);
727     ssdt_ptr[ACPI_PCIQXL_OFFSET_HEX + 1] = acpi_get_hex(devfn);
728     ssdt_ptr[ACPI_PCIQXL_OFFSET_ADR + 2] = slot;
729 }
730 
731 /* Assign BSEL property to all buses.  In the future, this can be changed
732  * to only assign to buses that support hotplug.
733  */
734 static void *acpi_set_bsel(PCIBus *bus, void *opaque)
735 {
736     unsigned *bsel_alloc = opaque;
737     unsigned *bus_bsel;
738 
739     if (bus->qbus.allow_hotplug) {
740         bus_bsel = g_malloc(sizeof *bus_bsel);
741 
742         *bus_bsel = (*bsel_alloc)++;
743         object_property_add_uint32_ptr(OBJECT(bus), ACPI_PCIHP_PROP_BSEL,
744                                        bus_bsel, NULL);
745     }
746 
747     return bsel_alloc;
748 }
749 
750 static void acpi_set_pci_info(void)
751 {
752     PCIBus *bus = find_i440fx(); /* TODO: Q35 support */
753     unsigned bsel_alloc = 0;
754 
755     if (bus) {
756         /* Scan all PCI buses. Set property to enable acpi based hotplug. */
757         pci_for_each_bus_depth_first(bus, acpi_set_bsel, NULL, &bsel_alloc);
758     }
759 }
760 
761 static void build_pci_bus_state_init(AcpiBuildPciBusHotplugState *state,
762                                      AcpiBuildPciBusHotplugState *parent)
763 {
764     state->parent = parent;
765     state->device_table = build_alloc_array();
766     state->notify_table = build_alloc_array();
767 }
768 
769 static void build_pci_bus_state_cleanup(AcpiBuildPciBusHotplugState *state)
770 {
771     build_free_array(state->device_table);
772     build_free_array(state->notify_table);
773 }
774 
775 static void *build_pci_bus_begin(PCIBus *bus, void *parent_state)
776 {
777     AcpiBuildPciBusHotplugState *parent = parent_state;
778     AcpiBuildPciBusHotplugState *child = g_malloc(sizeof *child);
779 
780     build_pci_bus_state_init(child, parent);
781 
782     return child;
783 }
784 
785 static void build_pci_bus_end(PCIBus *bus, void *bus_state)
786 {
787     AcpiBuildPciBusHotplugState *child = bus_state;
788     AcpiBuildPciBusHotplugState *parent = child->parent;
789     GArray *bus_table = build_alloc_array();
790     DECLARE_BITMAP(slot_hotplug_enable, PCI_SLOT_MAX);
791     DECLARE_BITMAP(slot_device_present, PCI_SLOT_MAX);
792     DECLARE_BITMAP(slot_device_system, PCI_SLOT_MAX);
793     DECLARE_BITMAP(slot_device_vga, PCI_SLOT_MAX);
794     DECLARE_BITMAP(slot_device_qxl, PCI_SLOT_MAX);
795     uint8_t op;
796     int i;
797     QObject *bsel;
798     GArray *method;
799     bool bus_hotplug_support = false;
800 
801     if (bus->parent_dev) {
802         op = 0x82; /* DeviceOp */
803         build_append_nameseg(bus_table, "S%.02X_",
804                              bus->parent_dev->devfn);
805         build_append_byte(bus_table, 0x08); /* NameOp */
806         build_append_nameseg(bus_table, "_SUN");
807         build_append_value(bus_table, PCI_SLOT(bus->parent_dev->devfn), 1);
808         build_append_byte(bus_table, 0x08); /* NameOp */
809         build_append_nameseg(bus_table, "_ADR");
810         build_append_value(bus_table, (PCI_SLOT(bus->parent_dev->devfn) << 16) |
811                            PCI_FUNC(bus->parent_dev->devfn), 4);
812     } else {
813         op = 0x10; /* ScopeOp */;
814         build_append_nameseg(bus_table, "PCI0");
815     }
816 
817     bsel = object_property_get_qobject(OBJECT(bus), ACPI_PCIHP_PROP_BSEL, NULL);
818     if (bsel) {
819         build_append_byte(bus_table, 0x08); /* NameOp */
820         build_append_nameseg(bus_table, "BSEL");
821         build_append_int(bus_table, qint_get_int(qobject_to_qint(bsel)));
822         memset(slot_hotplug_enable, 0xff, sizeof slot_hotplug_enable);
823     } else {
824         /* No bsel - no slots are hot-pluggable */
825         memset(slot_hotplug_enable, 0x00, sizeof slot_hotplug_enable);
826     }
827 
828     memset(slot_device_present, 0x00, sizeof slot_device_present);
829     memset(slot_device_system, 0x00, sizeof slot_device_present);
830     memset(slot_device_vga, 0x00, sizeof slot_device_vga);
831     memset(slot_device_qxl, 0x00, sizeof slot_device_qxl);
832 
833     for (i = 0; i < ARRAY_SIZE(bus->devices); i += PCI_FUNC_MAX) {
834         DeviceClass *dc;
835         PCIDeviceClass *pc;
836         PCIDevice *pdev = bus->devices[i];
837         int slot = PCI_SLOT(i);
838 
839         if (!pdev) {
840             continue;
841         }
842 
843         set_bit(slot, slot_device_present);
844         pc = PCI_DEVICE_GET_CLASS(pdev);
845         dc = DEVICE_GET_CLASS(pdev);
846 
847         if (pc->class_id == PCI_CLASS_BRIDGE_ISA || pc->is_bridge) {
848             set_bit(slot, slot_device_system);
849         }
850 
851         if (pc->class_id == PCI_CLASS_DISPLAY_VGA) {
852             set_bit(slot, slot_device_vga);
853 
854             if (object_dynamic_cast(OBJECT(pdev), "qxl-vga")) {
855                 set_bit(slot, slot_device_qxl);
856             }
857         }
858 
859         if (!dc->hotpluggable || pc->is_bridge) {
860             clear_bit(slot, slot_hotplug_enable);
861         }
862     }
863 
864     /* Append Device object for each slot */
865     for (i = 0; i < PCI_SLOT_MAX; i++) {
866         bool can_eject = test_bit(i, slot_hotplug_enable);
867         bool present = test_bit(i, slot_device_present);
868         bool vga = test_bit(i, slot_device_vga);
869         bool qxl = test_bit(i, slot_device_qxl);
870         bool system = test_bit(i, slot_device_system);
871         if (can_eject) {
872             void *pcihp = acpi_data_push(bus_table,
873                                          ACPI_PCIHP_SIZEOF);
874             memcpy(pcihp, ACPI_PCIHP_AML, ACPI_PCIHP_SIZEOF);
875             patch_pcihp(i, pcihp);
876             bus_hotplug_support = true;
877         } else if (qxl) {
878             void *pcihp = acpi_data_push(bus_table,
879                                          ACPI_PCIQXL_SIZEOF);
880             memcpy(pcihp, ACPI_PCIQXL_AML, ACPI_PCIQXL_SIZEOF);
881             patch_pciqxl(i, pcihp);
882         } else if (vga) {
883             void *pcihp = acpi_data_push(bus_table,
884                                          ACPI_PCIVGA_SIZEOF);
885             memcpy(pcihp, ACPI_PCIVGA_AML, ACPI_PCIVGA_SIZEOF);
886             patch_pcivga(i, pcihp);
887         } else if (system) {
888             /* Nothing to do: system devices are in DSDT or in SSDT above. */
889         } else if (present) {
890             void *pcihp = acpi_data_push(bus_table,
891                                          ACPI_PCINOHP_SIZEOF);
892             memcpy(pcihp, ACPI_PCINOHP_AML, ACPI_PCINOHP_SIZEOF);
893             patch_pcinohp(i, pcihp);
894         }
895     }
896 
897     if (bsel) {
898         method = build_alloc_method("DVNT", 2);
899 
900         for (i = 0; i < PCI_SLOT_MAX; i++) {
901             GArray *notify;
902             uint8_t op;
903 
904             if (!test_bit(i, slot_hotplug_enable)) {
905                 continue;
906             }
907 
908             notify = build_alloc_array();
909             op = 0xA0; /* IfOp */
910 
911             build_append_byte(notify, 0x7B); /* AndOp */
912             build_append_byte(notify, 0x68); /* Arg0Op */
913             build_append_int(notify, 0x1U << i);
914             build_append_byte(notify, 0x00); /* NullName */
915             build_append_byte(notify, 0x86); /* NotifyOp */
916             build_append_nameseg(notify, "S%.02X_", PCI_DEVFN(i, 0));
917             build_append_byte(notify, 0x69); /* Arg1Op */
918 
919             /* Pack it up */
920             build_package(notify, op, 0);
921 
922             build_append_array(method, notify);
923 
924             build_free_array(notify);
925         }
926 
927         build_append_and_cleanup_method(bus_table, method);
928     }
929 
930     /* Append PCNT method to notify about events on local and child buses.
931      * Add unconditionally for root since DSDT expects it.
932      */
933     if (bus_hotplug_support || child->notify_table->len || !bus->parent_dev) {
934         method = build_alloc_method("PCNT", 0);
935 
936         /* If bus supports hotplug select it and notify about local events */
937         if (bsel) {
938             build_append_byte(method, 0x70); /* StoreOp */
939             build_append_int(method, qint_get_int(qobject_to_qint(bsel)));
940             build_append_nameseg(method, "BNUM");
941             build_append_nameseg(method, "DVNT");
942             build_append_nameseg(method, "PCIU");
943             build_append_int(method, 1); /* Device Check */
944             build_append_nameseg(method, "DVNT");
945             build_append_nameseg(method, "PCID");
946             build_append_int(method, 3); /* Eject Request */
947         }
948 
949         /* Notify about child bus events in any case */
950         build_append_array(method, child->notify_table);
951 
952         build_append_and_cleanup_method(bus_table, method);
953 
954         /* Append description of child buses */
955         build_append_array(bus_table, child->device_table);
956 
957         /* Pack it up */
958         if (bus->parent_dev) {
959             build_extop_package(bus_table, op);
960         } else {
961             build_package(bus_table, op, 0);
962         }
963 
964         /* Append our bus description to parent table */
965         build_append_array(parent->device_table, bus_table);
966 
967         /* Also tell parent how to notify us, invoking PCNT method.
968          * At the moment this is not needed for root as we have a single root.
969          */
970         if (bus->parent_dev) {
971             build_append_byte(parent->notify_table, '^'); /* ParentPrefixChar */
972             build_append_byte(parent->notify_table, 0x2E); /* DualNamePrefix */
973             build_append_nameseg(parent->notify_table, "S%.02X_",
974                                  bus->parent_dev->devfn);
975             build_append_nameseg(parent->notify_table, "PCNT");
976         }
977     }
978 
979     qobject_decref(bsel);
980     build_free_array(bus_table);
981     build_pci_bus_state_cleanup(child);
982     g_free(child);
983 }
984 
985 static void patch_pci_windows(PcPciInfo *pci, uint8_t *start, unsigned size)
986 {
987     ACPI_BUILD_SET_LE(start, size, acpi_pci32_start[0], 32, pci->w32.begin);
988 
989     ACPI_BUILD_SET_LE(start, size, acpi_pci32_end[0], 32, pci->w32.end - 1);
990 
991     if (pci->w64.end || pci->w64.begin) {
992         ACPI_BUILD_SET_LE(start, size, acpi_pci64_valid[0], 8, 1);
993         ACPI_BUILD_SET_LE(start, size, acpi_pci64_start[0], 64, pci->w64.begin);
994         ACPI_BUILD_SET_LE(start, size, acpi_pci64_end[0], 64, pci->w64.end - 1);
995         ACPI_BUILD_SET_LE(start, size, acpi_pci64_length[0], 64, pci->w64.end - pci->w64.begin);
996     } else {
997         ACPI_BUILD_SET_LE(start, size, acpi_pci64_valid[0], 8, 0);
998     }
999 }
1000 
1001 static void
1002 build_ssdt(GArray *table_data, GArray *linker,
1003            AcpiCpuInfo *cpu, AcpiPmInfo *pm, AcpiMiscInfo *misc,
1004            PcPciInfo *pci, PcGuestInfo *guest_info)
1005 {
1006     unsigned acpi_cpus = guest_info->apic_id_limit;
1007     int ssdt_start = table_data->len;
1008     uint8_t *ssdt_ptr;
1009     int i;
1010 
1011     /* The current AML generator can cover the APIC ID range [0..255],
1012      * inclusive, for VCPU hotplug. */
1013     QEMU_BUILD_BUG_ON(ACPI_CPU_HOTPLUG_ID_LIMIT > 256);
1014     g_assert(acpi_cpus <= ACPI_CPU_HOTPLUG_ID_LIMIT);
1015 
1016     /* Copy header and patch values in the S3_ / S4_ / S5_ packages */
1017     ssdt_ptr = acpi_data_push(table_data, sizeof(ssdp_misc_aml));
1018     memcpy(ssdt_ptr, ssdp_misc_aml, sizeof(ssdp_misc_aml));
1019     if (pm->s3_disabled) {
1020         ssdt_ptr[acpi_s3_name[0]] = 'X';
1021     }
1022     if (pm->s4_disabled) {
1023         ssdt_ptr[acpi_s4_name[0]] = 'X';
1024     } else {
1025         ssdt_ptr[acpi_s4_pkg[0] + 1] = ssdt_ptr[acpi_s4_pkg[0] + 3] =
1026             pm->s4_val;
1027     }
1028 
1029     patch_pci_windows(pci, ssdt_ptr, sizeof(ssdp_misc_aml));
1030 
1031     ACPI_BUILD_SET_LE(ssdt_ptr, sizeof(ssdp_misc_aml),
1032                       ssdt_isa_pest[0], 16, misc->pvpanic_port);
1033 
1034     {
1035         GArray *sb_scope = build_alloc_array();
1036         uint8_t op = 0x10; /* ScopeOp */
1037 
1038         build_append_nameseg(sb_scope, "_SB_");
1039 
1040         /* build Processor object for each processor */
1041         for (i = 0; i < acpi_cpus; i++) {
1042             uint8_t *proc = acpi_data_push(sb_scope, ACPI_PROC_SIZEOF);
1043             memcpy(proc, ACPI_PROC_AML, ACPI_PROC_SIZEOF);
1044             proc[ACPI_PROC_OFFSET_CPUHEX] = acpi_get_hex(i >> 4);
1045             proc[ACPI_PROC_OFFSET_CPUHEX+1] = acpi_get_hex(i);
1046             proc[ACPI_PROC_OFFSET_CPUID1] = i;
1047             proc[ACPI_PROC_OFFSET_CPUID2] = i;
1048         }
1049 
1050         /* build this code:
1051          *   Method(NTFY, 2) {If (LEqual(Arg0, 0x00)) {Notify(CP00, Arg1)} ...}
1052          */
1053         /* Arg0 = Processor ID = APIC ID */
1054         build_append_notify_method(sb_scope, "NTFY", "CP%0.02X", acpi_cpus);
1055 
1056         /* build "Name(CPON, Package() { One, One, ..., Zero, Zero, ... })" */
1057         build_append_byte(sb_scope, 0x08); /* NameOp */
1058         build_append_nameseg(sb_scope, "CPON");
1059 
1060         {
1061             GArray *package = build_alloc_array();
1062             uint8_t op;
1063 
1064             /*
1065              * Note: The ability to create variable-sized packages was first introduced in ACPI 2.0. ACPI 1.0 only
1066              * allowed fixed-size packages with up to 255 elements.
1067              * Windows guests up to win2k8 fail when VarPackageOp is used.
1068              */
1069             if (acpi_cpus <= 255) {
1070                 op = 0x12; /* PackageOp */
1071                 build_append_byte(package, acpi_cpus); /* NumElements */
1072             } else {
1073                 op = 0x13; /* VarPackageOp */
1074                 build_append_int(package, acpi_cpus); /* VarNumElements */
1075             }
1076 
1077             for (i = 0; i < acpi_cpus; i++) {
1078                 uint8_t b = test_bit(i, cpu->found_cpus) ? 0x01 : 0x00;
1079                 build_append_byte(package, b);
1080             }
1081 
1082             build_package(package, op, 2);
1083             build_append_array(sb_scope, package);
1084             build_free_array(package);
1085         }
1086 
1087         {
1088             AcpiBuildPciBusHotplugState hotplug_state;
1089             Object *pci_host;
1090             PCIBus *bus = NULL;
1091             bool ambiguous;
1092 
1093             pci_host = object_resolve_path_type("", TYPE_PCI_HOST_BRIDGE, &ambiguous);
1094             if (!ambiguous && pci_host) {
1095                 bus = PCI_HOST_BRIDGE(pci_host)->bus;
1096             }
1097 
1098             build_pci_bus_state_init(&hotplug_state, NULL);
1099 
1100             if (bus) {
1101                 /* Scan all PCI buses. Generate tables to support hotplug. */
1102                 pci_for_each_bus_depth_first(bus, build_pci_bus_begin,
1103                                              build_pci_bus_end, &hotplug_state);
1104             }
1105 
1106             build_append_array(sb_scope, hotplug_state.device_table);
1107             build_pci_bus_state_cleanup(&hotplug_state);
1108         }
1109 
1110         build_package(sb_scope, op, 3);
1111         build_append_array(table_data, sb_scope);
1112         build_free_array(sb_scope);
1113     }
1114 
1115     build_header(linker, table_data,
1116                  (void *)(table_data->data + ssdt_start),
1117                  "SSDT", table_data->len - ssdt_start, 1);
1118 }
1119 
1120 static void
1121 build_hpet(GArray *table_data, GArray *linker)
1122 {
1123     Acpi20Hpet *hpet;
1124 
1125     hpet = acpi_data_push(table_data, sizeof(*hpet));
1126     /* Note timer_block_id value must be kept in sync with value advertised by
1127      * emulated hpet
1128      */
1129     hpet->timer_block_id = cpu_to_le32(0x8086a201);
1130     hpet->addr.address = cpu_to_le64(HPET_BASE);
1131     build_header(linker, table_data,
1132                  (void *)hpet, "HPET", sizeof(*hpet), 1);
1133 }
1134 
1135 static void
1136 acpi_build_srat_memory(AcpiSratMemoryAffinity *numamem,
1137                        uint64_t base, uint64_t len, int node, int enabled)
1138 {
1139     numamem->type = ACPI_SRAT_MEMORY;
1140     numamem->length = sizeof(*numamem);
1141     memset(numamem->proximity, 0, 4);
1142     numamem->proximity[0] = node;
1143     numamem->flags = cpu_to_le32(!!enabled);
1144     numamem->base_addr = cpu_to_le64(base);
1145     numamem->range_length = cpu_to_le64(len);
1146 }
1147 
1148 static void
1149 build_srat(GArray *table_data, GArray *linker,
1150            AcpiCpuInfo *cpu, PcGuestInfo *guest_info)
1151 {
1152     AcpiSystemResourceAffinityTable *srat;
1153     AcpiSratProcessorAffinity *core;
1154     AcpiSratMemoryAffinity *numamem;
1155 
1156     int i;
1157     uint64_t curnode;
1158     int srat_start, numa_start, slots;
1159     uint64_t mem_len, mem_base, next_base;
1160 
1161     srat_start = table_data->len;
1162 
1163     srat = acpi_data_push(table_data, sizeof *srat);
1164     srat->reserved1 = cpu_to_le32(1);
1165     core = (void *)(srat + 1);
1166 
1167     for (i = 0; i < guest_info->apic_id_limit; ++i) {
1168         core = acpi_data_push(table_data, sizeof *core);
1169         core->type = ACPI_SRAT_PROCESSOR;
1170         core->length = sizeof(*core);
1171         core->local_apic_id = i;
1172         curnode = guest_info->node_cpu[i];
1173         core->proximity_lo = curnode;
1174         memset(core->proximity_hi, 0, 3);
1175         core->local_sapic_eid = 0;
1176         if (test_bit(i, cpu->found_cpus)) {
1177             core->flags = cpu_to_le32(1);
1178         } else {
1179             core->flags = cpu_to_le32(0);
1180         }
1181     }
1182 
1183 
1184     /* the memory map is a bit tricky, it contains at least one hole
1185      * from 640k-1M and possibly another one from 3.5G-4G.
1186      */
1187     next_base = 0;
1188     numa_start = table_data->len;
1189 
1190     numamem = acpi_data_push(table_data, sizeof *numamem);
1191     acpi_build_srat_memory(numamem, 0, 640*1024, 0, 1);
1192     next_base = 1024 * 1024;
1193     for (i = 1; i < guest_info->numa_nodes + 1; ++i) {
1194         mem_base = next_base;
1195         mem_len = guest_info->node_mem[i - 1];
1196         if (i == 1) {
1197             mem_len -= 1024 * 1024;
1198         }
1199         next_base = mem_base + mem_len;
1200 
1201         /* Cut out the ACPI_PCI hole */
1202         if (mem_base <= guest_info->ram_size_below_4g &&
1203             next_base > guest_info->ram_size_below_4g) {
1204             mem_len -= next_base - guest_info->ram_size_below_4g;
1205             if (mem_len > 0) {
1206                 numamem = acpi_data_push(table_data, sizeof *numamem);
1207                 acpi_build_srat_memory(numamem, mem_base, mem_len, i-1, 1);
1208             }
1209             mem_base = 1ULL << 32;
1210             mem_len = next_base - guest_info->ram_size_below_4g;
1211             next_base += (1ULL << 32) - guest_info->ram_size_below_4g;
1212         }
1213         numamem = acpi_data_push(table_data, sizeof *numamem);
1214         acpi_build_srat_memory(numamem, mem_base, mem_len, i - 1, 1);
1215     }
1216     slots = (table_data->len - numa_start) / sizeof *numamem;
1217     for (; slots < guest_info->numa_nodes + 2; slots++) {
1218         numamem = acpi_data_push(table_data, sizeof *numamem);
1219         acpi_build_srat_memory(numamem, 0, 0, 0, 0);
1220     }
1221 
1222     build_header(linker, table_data,
1223                  (void *)(table_data->data + srat_start),
1224                  "SRAT",
1225                  table_data->len - srat_start, 1);
1226 }
1227 
1228 static void
1229 build_mcfg_q35(GArray *table_data, GArray *linker, AcpiMcfgInfo *info)
1230 {
1231     AcpiTableMcfg *mcfg;
1232     const char *sig;
1233     int len = sizeof(*mcfg) + 1 * sizeof(mcfg->allocation[0]);
1234 
1235     mcfg = acpi_data_push(table_data, len);
1236     mcfg->allocation[0].address = cpu_to_le64(info->mcfg_base);
1237     /* Only a single allocation so no need to play with segments */
1238     mcfg->allocation[0].pci_segment = cpu_to_le16(0);
1239     mcfg->allocation[0].start_bus_number = 0;
1240     mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->mcfg_size - 1);
1241 
1242     /* MCFG is used for ECAM which can be enabled or disabled by guest.
1243      * To avoid table size changes (which create migration issues),
1244      * always create the table even if there are no allocations,
1245      * but set the signature to a reserved value in this case.
1246      * ACPI spec requires OSPMs to ignore such tables.
1247      */
1248     if (info->mcfg_base == PCIE_BASE_ADDR_UNMAPPED) {
1249         /* Reserved signature: ignored by OSPM */
1250         sig = "QEMU";
1251     } else {
1252         sig = "MCFG";
1253     }
1254     build_header(linker, table_data, (void *)mcfg, sig, len, 1);
1255 }
1256 
1257 static void
1258 build_dsdt(GArray *table_data, GArray *linker, AcpiMiscInfo *misc)
1259 {
1260     AcpiTableHeader *dsdt;
1261 
1262     assert(misc->dsdt_code && misc->dsdt_size);
1263 
1264     dsdt = acpi_data_push(table_data, misc->dsdt_size);
1265     memcpy(dsdt, misc->dsdt_code, misc->dsdt_size);
1266 
1267     memset(dsdt, 0, sizeof *dsdt);
1268     build_header(linker, table_data, dsdt, "DSDT",
1269                  misc->dsdt_size, 1);
1270 }
1271 
1272 /* Build final rsdt table */
1273 static void
1274 build_rsdt(GArray *table_data, GArray *linker, GArray *table_offsets)
1275 {
1276     AcpiRsdtDescriptorRev1 *rsdt;
1277     size_t rsdt_len;
1278     int i;
1279 
1280     rsdt_len = sizeof(*rsdt) + sizeof(uint32_t) * table_offsets->len;
1281     rsdt = acpi_data_push(table_data, rsdt_len);
1282     memcpy(rsdt->table_offset_entry, table_offsets->data,
1283            sizeof(uint32_t) * table_offsets->len);
1284     for (i = 0; i < table_offsets->len; ++i) {
1285         /* rsdt->table_offset_entry to be filled by Guest linker */
1286         bios_linker_loader_add_pointer(linker,
1287                                        ACPI_BUILD_TABLE_FILE,
1288                                        ACPI_BUILD_TABLE_FILE,
1289                                        table_data, &rsdt->table_offset_entry[i],
1290                                        sizeof(uint32_t));
1291     }
1292     build_header(linker, table_data,
1293                  (void *)rsdt, "RSDT", rsdt_len, 1);
1294 }
1295 
1296 static GArray *
1297 build_rsdp(GArray *rsdp_table, GArray *linker, unsigned rsdt)
1298 {
1299     AcpiRsdpDescriptor *rsdp = acpi_data_push(rsdp_table, sizeof *rsdp);
1300 
1301     bios_linker_loader_alloc(linker, ACPI_BUILD_RSDP_FILE, 1,
1302                              true /* fseg memory */);
1303 
1304     memcpy(&rsdp->signature, "RSD PTR ", 8);
1305     memcpy(rsdp->oem_id, ACPI_BUILD_APPNAME6, 6);
1306     rsdp->rsdt_physical_address = cpu_to_le32(rsdt);
1307     /* Address to be filled by Guest linker */
1308     bios_linker_loader_add_pointer(linker, ACPI_BUILD_RSDP_FILE,
1309                                    ACPI_BUILD_TABLE_FILE,
1310                                    rsdp_table, &rsdp->rsdt_physical_address,
1311                                    sizeof rsdp->rsdt_physical_address);
1312     rsdp->checksum = 0;
1313     /* Checksum to be filled by Guest linker */
1314     bios_linker_loader_add_checksum(linker, ACPI_BUILD_RSDP_FILE,
1315                                     rsdp, rsdp, sizeof *rsdp, &rsdp->checksum);
1316 
1317     return rsdp_table;
1318 }
1319 
1320 typedef
1321 struct AcpiBuildTables {
1322     GArray *table_data;
1323     GArray *rsdp;
1324     GArray *linker;
1325 } AcpiBuildTables;
1326 
1327 static inline void acpi_build_tables_init(AcpiBuildTables *tables)
1328 {
1329     tables->rsdp = g_array_new(false, true /* clear */, 1);
1330     tables->table_data = g_array_new(false, true /* clear */, 1);
1331     tables->linker = bios_linker_loader_init();
1332 }
1333 
1334 static inline void acpi_build_tables_cleanup(AcpiBuildTables *tables, bool mfre)
1335 {
1336     void *linker_data = bios_linker_loader_cleanup(tables->linker);
1337     if (mfre) {
1338         g_free(linker_data);
1339     }
1340     g_array_free(tables->rsdp, mfre);
1341     g_array_free(tables->table_data, mfre);
1342 }
1343 
1344 typedef
1345 struct AcpiBuildState {
1346     /* Copy of table in RAM (for patching). */
1347     uint8_t *table_ram;
1348     uint32_t table_size;
1349     /* Is table patched? */
1350     uint8_t patched;
1351     PcGuestInfo *guest_info;
1352 } AcpiBuildState;
1353 
1354 static bool acpi_get_mcfg(AcpiMcfgInfo *mcfg)
1355 {
1356     Object *pci_host;
1357     QObject *o;
1358     bool ambiguous;
1359 
1360     pci_host = object_resolve_path_type("", TYPE_PCI_HOST_BRIDGE, &ambiguous);
1361     g_assert(!ambiguous);
1362     g_assert(pci_host);
1363 
1364     o = object_property_get_qobject(pci_host, PCIE_HOST_MCFG_BASE, NULL);
1365     if (!o) {
1366         return false;
1367     }
1368     mcfg->mcfg_base = qint_get_int(qobject_to_qint(o));
1369     qobject_decref(o);
1370 
1371     o = object_property_get_qobject(pci_host, PCIE_HOST_MCFG_SIZE, NULL);
1372     assert(o);
1373     mcfg->mcfg_size = qint_get_int(qobject_to_qint(o));
1374     qobject_decref(o);
1375     return true;
1376 }
1377 
1378 static
1379 void acpi_build(PcGuestInfo *guest_info, AcpiBuildTables *tables)
1380 {
1381     GArray *table_offsets;
1382     unsigned facs, dsdt, rsdt;
1383     AcpiCpuInfo cpu;
1384     AcpiPmInfo pm;
1385     AcpiMiscInfo misc;
1386     AcpiMcfgInfo mcfg;
1387     PcPciInfo pci;
1388     uint8_t *u;
1389 
1390     acpi_get_cpu_info(&cpu);
1391     acpi_get_pm_info(&pm);
1392     acpi_get_dsdt(&misc);
1393     acpi_get_misc_info(&misc);
1394     acpi_get_pci_info(&pci);
1395 
1396     table_offsets = g_array_new(false, true /* clear */,
1397                                         sizeof(uint32_t));
1398     ACPI_BUILD_DPRINTF(3, "init ACPI tables\n");
1399 
1400     bios_linker_loader_alloc(tables->linker, ACPI_BUILD_TABLE_FILE,
1401                              64 /* Ensure FACS is aligned */,
1402                              false /* high memory */);
1403 
1404     /*
1405      * FACS is pointed to by FADT.
1406      * We place it first since it's the only table that has alignment
1407      * requirements.
1408      */
1409     facs = tables->table_data->len;
1410     build_facs(tables->table_data, tables->linker, guest_info);
1411 
1412     /* DSDT is pointed to by FADT */
1413     dsdt = tables->table_data->len;
1414     build_dsdt(tables->table_data, tables->linker, &misc);
1415 
1416     /* ACPI tables pointed to by RSDT */
1417     acpi_add_table(table_offsets, tables->table_data);
1418     build_fadt(tables->table_data, tables->linker, &pm, facs, dsdt);
1419 
1420     acpi_add_table(table_offsets, tables->table_data);
1421     build_ssdt(tables->table_data, tables->linker, &cpu, &pm, &misc, &pci,
1422                guest_info);
1423 
1424     acpi_add_table(table_offsets, tables->table_data);
1425     build_madt(tables->table_data, tables->linker, &cpu, guest_info);
1426 
1427     if (misc.has_hpet) {
1428         acpi_add_table(table_offsets, tables->table_data);
1429         build_hpet(tables->table_data, tables->linker);
1430     }
1431     if (guest_info->numa_nodes) {
1432         acpi_add_table(table_offsets, tables->table_data);
1433         build_srat(tables->table_data, tables->linker, &cpu, guest_info);
1434     }
1435     if (acpi_get_mcfg(&mcfg)) {
1436         acpi_add_table(table_offsets, tables->table_data);
1437         build_mcfg_q35(tables->table_data, tables->linker, &mcfg);
1438     }
1439 
1440     /* Add tables supplied by user (if any) */
1441     for (u = acpi_table_first(); u; u = acpi_table_next(u)) {
1442         unsigned len = acpi_table_len(u);
1443 
1444         acpi_add_table(table_offsets, tables->table_data);
1445         g_array_append_vals(tables->table_data, u, len);
1446     }
1447 
1448     /* RSDT is pointed to by RSDP */
1449     rsdt = tables->table_data->len;
1450     build_rsdt(tables->table_data, tables->linker, table_offsets);
1451 
1452     /* RSDP is in FSEG memory, so allocate it separately */
1453     build_rsdp(tables->rsdp, tables->linker, rsdt);
1454 
1455     /* We'll expose it all to Guest so align size to reduce
1456      * chance of size changes.
1457      * RSDP is small so it's easy to keep it immutable, no need to
1458      * bother with alignment.
1459      */
1460     acpi_align_size(tables->table_data, 0x1000);
1461 
1462     acpi_align_size(tables->linker, 0x1000);
1463 
1464     /* Cleanup memory that's no longer used. */
1465     g_array_free(table_offsets, true);
1466 }
1467 
1468 static void acpi_build_update(void *build_opaque, uint32_t offset)
1469 {
1470     AcpiBuildState *build_state = build_opaque;
1471     AcpiBuildTables tables;
1472 
1473     /* No state to update or already patched? Nothing to do. */
1474     if (!build_state || build_state->patched) {
1475         return;
1476     }
1477     build_state->patched = 1;
1478 
1479     acpi_build_tables_init(&tables);
1480 
1481     acpi_build(build_state->guest_info, &tables);
1482 
1483     assert(acpi_data_len(tables.table_data) == build_state->table_size);
1484     memcpy(build_state->table_ram, tables.table_data->data,
1485            build_state->table_size);
1486 
1487     acpi_build_tables_cleanup(&tables, true);
1488 }
1489 
1490 static void acpi_build_reset(void *build_opaque)
1491 {
1492     AcpiBuildState *build_state = build_opaque;
1493     build_state->patched = 0;
1494 }
1495 
1496 static void *acpi_add_rom_blob(AcpiBuildState *build_state, GArray *blob,
1497                                const char *name)
1498 {
1499     return rom_add_blob(name, blob->data, acpi_data_len(blob), -1, name,
1500                         acpi_build_update, build_state);
1501 }
1502 
1503 static const VMStateDescription vmstate_acpi_build = {
1504     .name = "acpi_build",
1505     .version_id = 1,
1506     .minimum_version_id = 1,
1507     .minimum_version_id_old = 1,
1508     .fields      = (VMStateField[]) {
1509         VMSTATE_UINT8(patched, AcpiBuildState),
1510         VMSTATE_END_OF_LIST()
1511     },
1512 };
1513 
1514 void acpi_setup(PcGuestInfo *guest_info)
1515 {
1516     AcpiBuildTables tables;
1517     AcpiBuildState *build_state;
1518 
1519     if (!guest_info->fw_cfg) {
1520         ACPI_BUILD_DPRINTF(3, "No fw cfg. Bailing out.\n");
1521         return;
1522     }
1523 
1524     if (!guest_info->has_acpi_build) {
1525         ACPI_BUILD_DPRINTF(3, "ACPI build disabled. Bailing out.\n");
1526         return;
1527     }
1528 
1529     if (!acpi_enabled) {
1530         ACPI_BUILD_DPRINTF(3, "ACPI disabled. Bailing out.\n");
1531         return;
1532     }
1533 
1534     build_state = g_malloc0(sizeof *build_state);
1535 
1536     build_state->guest_info = guest_info;
1537 
1538     acpi_set_pci_info();
1539 
1540     acpi_build_tables_init(&tables);
1541     acpi_build(build_state->guest_info, &tables);
1542 
1543     /* Now expose it all to Guest */
1544     build_state->table_ram = acpi_add_rom_blob(build_state, tables.table_data,
1545                                                ACPI_BUILD_TABLE_FILE);
1546     build_state->table_size = acpi_data_len(tables.table_data);
1547 
1548     acpi_add_rom_blob(NULL, tables.linker, "etc/table-loader");
1549 
1550     /*
1551      * RSDP is small so it's easy to keep it immutable, no need to
1552      * bother with ROM blobs.
1553      */
1554     fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_RSDP_FILE,
1555                     tables.rsdp->data, acpi_data_len(tables.rsdp));
1556 
1557     qemu_register_reset(acpi_build_reset, build_state);
1558     acpi_build_reset(build_state);
1559     vmstate_register(NULL, 0, &vmstate_acpi_build, build_state);
1560 
1561     /* Cleanup tables but don't free the memory: we track it
1562      * in build_state.
1563      */
1564     acpi_build_tables_cleanup(&tables, false);
1565 }
1566