xref: /openbmc/qemu/hw/i386/acpi-build.c (revision f41389ae3c54bd5e2040e3f95a2872981c3ed965)
1 /* Support for generating ACPI tables and passing them to Guests
2  *
3  * Copyright (C) 2008-2010  Kevin O'Connor <kevin@koconnor.net>
4  * Copyright (C) 2006 Fabrice Bellard
5  * Copyright (C) 2013 Red Hat Inc
6  *
7  * Author: Michael S. Tsirkin <mst@redhat.com>
8  *
9  * This program is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13 
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU General Public License for more details.
18 
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, see <http://www.gnu.org/licenses/>.
21  */
22 
23 #include "acpi-build.h"
24 #include <stddef.h>
25 #include <glib.h>
26 #include "qemu-common.h"
27 #include "qemu/bitmap.h"
28 #include "qemu/osdep.h"
29 #include "qemu/range.h"
30 #include "qemu/error-report.h"
31 #include "hw/pci/pci.h"
32 #include "qom/cpu.h"
33 #include "hw/i386/pc.h"
34 #include "target-i386/cpu.h"
35 #include "hw/timer/hpet.h"
36 #include "hw/i386/acpi-defs.h"
37 #include "hw/acpi/acpi.h"
38 #include "hw/nvram/fw_cfg.h"
39 #include "bios-linker-loader.h"
40 #include "hw/loader.h"
41 #include "hw/isa/isa.h"
42 #include "hw/acpi/memory_hotplug.h"
43 #include "sysemu/tpm.h"
44 #include "hw/acpi/tpm.h"
45 
46 /* Supported chipsets: */
47 #include "hw/acpi/piix4.h"
48 #include "hw/acpi/pcihp.h"
49 #include "hw/i386/ich9.h"
50 #include "hw/pci/pci_bus.h"
51 #include "hw/pci-host/q35.h"
52 #include "hw/i386/intel_iommu.h"
53 
54 #include "hw/i386/q35-acpi-dsdt.hex"
55 #include "hw/i386/acpi-dsdt.hex"
56 
57 #include "qapi/qmp/qint.h"
58 #include "qom/qom-qobject.h"
59 #include "exec/ram_addr.h"
60 
61 /* These are used to size the ACPI tables for -M pc-i440fx-1.7 and
62  * -M pc-i440fx-2.0.  Even if the actual amount of AML generated grows
63  * a little bit, there should be plenty of free space since the DSDT
64  * shrunk by ~1.5k between QEMU 2.0 and QEMU 2.1.
65  */
66 #define ACPI_BUILD_LEGACY_CPU_AML_SIZE    97
67 #define ACPI_BUILD_ALIGN_SIZE             0x1000
68 
69 #define ACPI_BUILD_TABLE_SIZE             0x20000
70 
71 typedef struct AcpiCpuInfo {
72     DECLARE_BITMAP(found_cpus, ACPI_CPU_HOTPLUG_ID_LIMIT);
73 } AcpiCpuInfo;
74 
75 typedef struct AcpiMcfgInfo {
76     uint64_t mcfg_base;
77     uint32_t mcfg_size;
78 } AcpiMcfgInfo;
79 
80 typedef struct AcpiPmInfo {
81     bool s3_disabled;
82     bool s4_disabled;
83     bool pcihp_bridge_en;
84     uint8_t s4_val;
85     uint16_t sci_int;
86     uint8_t acpi_enable_cmd;
87     uint8_t acpi_disable_cmd;
88     uint32_t gpe0_blk;
89     uint32_t gpe0_blk_len;
90     uint32_t io_base;
91 } AcpiPmInfo;
92 
93 typedef struct AcpiMiscInfo {
94     bool has_hpet;
95     bool has_tpm;
96     DECLARE_BITMAP(slot_hotplug_enable, PCI_SLOT_MAX);
97     const unsigned char *dsdt_code;
98     unsigned dsdt_size;
99     uint16_t pvpanic_port;
100 } AcpiMiscInfo;
101 
102 typedef struct AcpiBuildPciBusHotplugState {
103     GArray *device_table;
104     GArray *notify_table;
105     struct AcpiBuildPciBusHotplugState *parent;
106     bool pcihp_bridge_en;
107 } AcpiBuildPciBusHotplugState;
108 
109 static void acpi_get_dsdt(AcpiMiscInfo *info)
110 {
111     uint16_t *applesmc_sta;
112     Object *piix = piix4_pm_find();
113     Object *lpc = ich9_lpc_find();
114     assert(!!piix != !!lpc);
115 
116     if (piix) {
117         info->dsdt_code = AcpiDsdtAmlCode;
118         info->dsdt_size = sizeof AcpiDsdtAmlCode;
119         applesmc_sta = piix_dsdt_applesmc_sta;
120     }
121     if (lpc) {
122         info->dsdt_code = Q35AcpiDsdtAmlCode;
123         info->dsdt_size = sizeof Q35AcpiDsdtAmlCode;
124         applesmc_sta = q35_dsdt_applesmc_sta;
125     }
126 
127     /* Patch in appropriate value for AppleSMC _STA */
128     *(uint8_t *)(info->dsdt_code + *applesmc_sta) =
129         applesmc_find() ? 0x0b : 0x00;
130 }
131 
132 static
133 int acpi_add_cpu_info(Object *o, void *opaque)
134 {
135     AcpiCpuInfo *cpu = opaque;
136     uint64_t apic_id;
137 
138     if (object_dynamic_cast(o, TYPE_CPU)) {
139         apic_id = object_property_get_int(o, "apic-id", NULL);
140         assert(apic_id < ACPI_CPU_HOTPLUG_ID_LIMIT);
141 
142         set_bit(apic_id, cpu->found_cpus);
143     }
144 
145     object_child_foreach(o, acpi_add_cpu_info, opaque);
146     return 0;
147 }
148 
149 static void acpi_get_cpu_info(AcpiCpuInfo *cpu)
150 {
151     Object *root = object_get_root();
152 
153     memset(cpu->found_cpus, 0, sizeof cpu->found_cpus);
154     object_child_foreach(root, acpi_add_cpu_info, cpu);
155 }
156 
157 static void acpi_get_pm_info(AcpiPmInfo *pm)
158 {
159     Object *piix = piix4_pm_find();
160     Object *lpc = ich9_lpc_find();
161     Object *obj = NULL;
162     QObject *o;
163 
164     if (piix) {
165         obj = piix;
166     }
167     if (lpc) {
168         obj = lpc;
169     }
170     assert(obj);
171 
172     /* Fill in optional s3/s4 related properties */
173     o = object_property_get_qobject(obj, ACPI_PM_PROP_S3_DISABLED, NULL);
174     if (o) {
175         pm->s3_disabled = qint_get_int(qobject_to_qint(o));
176     } else {
177         pm->s3_disabled = false;
178     }
179     qobject_decref(o);
180     o = object_property_get_qobject(obj, ACPI_PM_PROP_S4_DISABLED, NULL);
181     if (o) {
182         pm->s4_disabled = qint_get_int(qobject_to_qint(o));
183     } else {
184         pm->s4_disabled = false;
185     }
186     qobject_decref(o);
187     o = object_property_get_qobject(obj, ACPI_PM_PROP_S4_VAL, NULL);
188     if (o) {
189         pm->s4_val = qint_get_int(qobject_to_qint(o));
190     } else {
191         pm->s4_val = false;
192     }
193     qobject_decref(o);
194 
195     /* Fill in mandatory properties */
196     pm->sci_int = object_property_get_int(obj, ACPI_PM_PROP_SCI_INT, NULL);
197 
198     pm->acpi_enable_cmd = object_property_get_int(obj,
199                                                   ACPI_PM_PROP_ACPI_ENABLE_CMD,
200                                                   NULL);
201     pm->acpi_disable_cmd = object_property_get_int(obj,
202                                                   ACPI_PM_PROP_ACPI_DISABLE_CMD,
203                                                   NULL);
204     pm->io_base = object_property_get_int(obj, ACPI_PM_PROP_PM_IO_BASE,
205                                           NULL);
206     pm->gpe0_blk = object_property_get_int(obj, ACPI_PM_PROP_GPE0_BLK,
207                                            NULL);
208     pm->gpe0_blk_len = object_property_get_int(obj, ACPI_PM_PROP_GPE0_BLK_LEN,
209                                                NULL);
210     pm->pcihp_bridge_en =
211         object_property_get_bool(obj, "acpi-pci-hotplug-with-bridge-support",
212                                  NULL);
213 }
214 
215 static void acpi_get_misc_info(AcpiMiscInfo *info)
216 {
217     info->has_hpet = hpet_find();
218     info->has_tpm = tpm_find();
219     info->pvpanic_port = pvpanic_port();
220 }
221 
222 static void acpi_get_pci_info(PcPciInfo *info)
223 {
224     Object *pci_host;
225     bool ambiguous;
226 
227     pci_host = object_resolve_path_type("", TYPE_PCI_HOST_BRIDGE, &ambiguous);
228     g_assert(!ambiguous);
229     g_assert(pci_host);
230 
231     info->w32.begin = object_property_get_int(pci_host,
232                                               PCI_HOST_PROP_PCI_HOLE_START,
233                                               NULL);
234     info->w32.end = object_property_get_int(pci_host,
235                                             PCI_HOST_PROP_PCI_HOLE_END,
236                                             NULL);
237     info->w64.begin = object_property_get_int(pci_host,
238                                               PCI_HOST_PROP_PCI_HOLE64_START,
239                                               NULL);
240     info->w64.end = object_property_get_int(pci_host,
241                                             PCI_HOST_PROP_PCI_HOLE64_END,
242                                             NULL);
243 }
244 
245 #define ACPI_BUILD_APPNAME  "Bochs"
246 #define ACPI_BUILD_APPNAME6 "BOCHS "
247 #define ACPI_BUILD_APPNAME4 "BXPC"
248 
249 #define ACPI_BUILD_DPRINTF(level, fmt, ...) do {} while (0)
250 
251 #define ACPI_BUILD_TABLE_FILE "etc/acpi/tables"
252 #define ACPI_BUILD_RSDP_FILE "etc/acpi/rsdp"
253 #define ACPI_BUILD_TPMLOG_FILE "etc/tpm/log"
254 
255 static void
256 build_header(GArray *linker, GArray *table_data,
257              AcpiTableHeader *h, const char *sig, int len, uint8_t rev)
258 {
259     memcpy(&h->signature, sig, 4);
260     h->length = cpu_to_le32(len);
261     h->revision = rev;
262     memcpy(h->oem_id, ACPI_BUILD_APPNAME6, 6);
263     memcpy(h->oem_table_id, ACPI_BUILD_APPNAME4, 4);
264     memcpy(h->oem_table_id + 4, sig, 4);
265     h->oem_revision = cpu_to_le32(1);
266     memcpy(h->asl_compiler_id, ACPI_BUILD_APPNAME4, 4);
267     h->asl_compiler_revision = cpu_to_le32(1);
268     h->checksum = 0;
269     /* Checksum to be filled in by Guest linker */
270     bios_linker_loader_add_checksum(linker, ACPI_BUILD_TABLE_FILE,
271                                     table_data->data, h, len, &h->checksum);
272 }
273 
274 static inline GArray *build_alloc_array(void)
275 {
276         return g_array_new(false, true /* clear */, 1);
277 }
278 
279 static inline void build_free_array(GArray *array)
280 {
281         g_array_free(array, true);
282 }
283 
284 static inline void build_prepend_byte(GArray *array, uint8_t val)
285 {
286     g_array_prepend_val(array, val);
287 }
288 
289 static inline void build_append_byte(GArray *array, uint8_t val)
290 {
291     g_array_append_val(array, val);
292 }
293 
294 static inline void build_append_array(GArray *array, GArray *val)
295 {
296     g_array_append_vals(array, val->data, val->len);
297 }
298 
299 static void GCC_FMT_ATTR(2, 3)
300 build_append_nameseg(GArray *array, const char *format, ...)
301 {
302     /* It would be nicer to use g_string_vprintf but it's only there in 2.22 */
303     char s[] = "XXXX";
304     int len;
305     va_list args;
306 
307     va_start(args, format);
308     len = vsnprintf(s, sizeof s, format, args);
309     va_end(args);
310 
311     assert(len == 4);
312     g_array_append_vals(array, s, len);
313 }
314 
315 /* 5.4 Definition Block Encoding */
316 enum {
317     PACKAGE_LENGTH_1BYTE_SHIFT = 6, /* Up to 63 - use extra 2 bits. */
318     PACKAGE_LENGTH_2BYTE_SHIFT = 4,
319     PACKAGE_LENGTH_3BYTE_SHIFT = 12,
320     PACKAGE_LENGTH_4BYTE_SHIFT = 20,
321 };
322 
323 static void build_prepend_package_length(GArray *package, unsigned min_bytes)
324 {
325     uint8_t byte;
326     unsigned length = package->len;
327     unsigned length_bytes;
328 
329     if (length + 1 < (1 << PACKAGE_LENGTH_1BYTE_SHIFT)) {
330         length_bytes = 1;
331     } else if (length + 2 < (1 << PACKAGE_LENGTH_3BYTE_SHIFT)) {
332         length_bytes = 2;
333     } else if (length + 3 < (1 << PACKAGE_LENGTH_4BYTE_SHIFT)) {
334         length_bytes = 3;
335     } else {
336         length_bytes = 4;
337     }
338 
339     /* Force length to at least min_bytes.
340      * This wastes memory but that's how bios did it.
341      */
342     length_bytes = MAX(length_bytes, min_bytes);
343 
344     /* PkgLength is the length of the inclusive length of the data. */
345     length += length_bytes;
346 
347     switch (length_bytes) {
348     case 1:
349         byte = length;
350         build_prepend_byte(package, byte);
351         return;
352     case 4:
353         byte = length >> PACKAGE_LENGTH_4BYTE_SHIFT;
354         build_prepend_byte(package, byte);
355         length &= (1 << PACKAGE_LENGTH_4BYTE_SHIFT) - 1;
356         /* fall through */
357     case 3:
358         byte = length >> PACKAGE_LENGTH_3BYTE_SHIFT;
359         build_prepend_byte(package, byte);
360         length &= (1 << PACKAGE_LENGTH_3BYTE_SHIFT) - 1;
361         /* fall through */
362     case 2:
363         byte = length >> PACKAGE_LENGTH_2BYTE_SHIFT;
364         build_prepend_byte(package, byte);
365         length &= (1 << PACKAGE_LENGTH_2BYTE_SHIFT) - 1;
366         /* fall through */
367     }
368     /*
369      * Most significant two bits of byte zero indicate how many following bytes
370      * are in PkgLength encoding.
371      */
372     byte = ((length_bytes - 1) << PACKAGE_LENGTH_1BYTE_SHIFT) | length;
373     build_prepend_byte(package, byte);
374 }
375 
376 static void build_package(GArray *package, uint8_t op, unsigned min_bytes)
377 {
378     build_prepend_package_length(package, min_bytes);
379     build_prepend_byte(package, op);
380 }
381 
382 static void build_extop_package(GArray *package, uint8_t op)
383 {
384     build_package(package, op, 1);
385     build_prepend_byte(package, 0x5B); /* ExtOpPrefix */
386 }
387 
388 static void build_append_value(GArray *table, uint32_t value, int size)
389 {
390     uint8_t prefix;
391     int i;
392 
393     switch (size) {
394     case 1:
395         prefix = 0x0A; /* BytePrefix */
396         break;
397     case 2:
398         prefix = 0x0B; /* WordPrefix */
399         break;
400     case 4:
401         prefix = 0x0C; /* DWordPrefix */
402         break;
403     default:
404         assert(0);
405         return;
406     }
407     build_append_byte(table, prefix);
408     for (i = 0; i < size; ++i) {
409         build_append_byte(table, value & 0xFF);
410         value = value >> 8;
411     }
412 }
413 
414 static void build_append_int(GArray *table, uint32_t value)
415 {
416     if (value == 0x00) {
417         build_append_byte(table, 0x00); /* ZeroOp */
418     } else if (value == 0x01) {
419         build_append_byte(table, 0x01); /* OneOp */
420     } else if (value <= 0xFF) {
421         build_append_value(table, value, 1);
422     } else if (value <= 0xFFFF) {
423         build_append_value(table, value, 2);
424     } else {
425         build_append_value(table, value, 4);
426     }
427 }
428 
429 static GArray *build_alloc_method(const char *name, uint8_t arg_count)
430 {
431     GArray *method = build_alloc_array();
432 
433     build_append_nameseg(method, "%s", name);
434     build_append_byte(method, arg_count); /* MethodFlags: ArgCount */
435 
436     return method;
437 }
438 
439 static void build_append_and_cleanup_method(GArray *device, GArray *method)
440 {
441     uint8_t op = 0x14; /* MethodOp */
442 
443     build_package(method, op, 0);
444 
445     build_append_array(device, method);
446     build_free_array(method);
447 }
448 
449 static void build_append_notify_target_ifequal(GArray *method,
450                                                GArray *target_name,
451                                                uint32_t value, int size)
452 {
453     GArray *notify = build_alloc_array();
454     uint8_t op = 0xA0; /* IfOp */
455 
456     build_append_byte(notify, 0x93); /* LEqualOp */
457     build_append_byte(notify, 0x68); /* Arg0Op */
458     build_append_value(notify, value, size);
459     build_append_byte(notify, 0x86); /* NotifyOp */
460     build_append_array(notify, target_name);
461     build_append_byte(notify, 0x69); /* Arg1Op */
462 
463     /* Pack it up */
464     build_package(notify, op, 1);
465 
466     build_append_array(method, notify);
467 
468     build_free_array(notify);
469 }
470 
471 /* End here */
472 #define ACPI_PORT_SMI_CMD           0x00b2 /* TODO: this is APM_CNT_IOPORT */
473 
474 static inline void *acpi_data_push(GArray *table_data, unsigned size)
475 {
476     unsigned off = table_data->len;
477     g_array_set_size(table_data, off + size);
478     return table_data->data + off;
479 }
480 
481 static unsigned acpi_data_len(GArray *table)
482 {
483 #if GLIB_CHECK_VERSION(2, 22, 0)
484     assert(g_array_get_element_size(table) == 1);
485 #endif
486     return table->len;
487 }
488 
489 static void acpi_align_size(GArray *blob, unsigned align)
490 {
491     /* Align size to multiple of given size. This reduces the chance
492      * we need to change size in the future (breaking cross version migration).
493      */
494     g_array_set_size(blob, ROUND_UP(acpi_data_len(blob), align));
495 }
496 
497 /* Set a value within table in a safe manner */
498 #define ACPI_BUILD_SET_LE(table, size, off, bits, val) \
499     do { \
500         uint64_t ACPI_BUILD_SET_LE_val = cpu_to_le64(val); \
501         memcpy(acpi_data_get_ptr(table, size, off, \
502                                  (bits) / BITS_PER_BYTE), \
503                &ACPI_BUILD_SET_LE_val, \
504                (bits) / BITS_PER_BYTE); \
505     } while (0)
506 
507 static inline void *acpi_data_get_ptr(uint8_t *table_data, unsigned table_size,
508                                       unsigned off, unsigned size)
509 {
510     assert(off + size > off);
511     assert(off + size <= table_size);
512     return table_data + off;
513 }
514 
515 static inline void acpi_add_table(GArray *table_offsets, GArray *table_data)
516 {
517     uint32_t offset = cpu_to_le32(table_data->len);
518     g_array_append_val(table_offsets, offset);
519 }
520 
521 /* FACS */
522 static void
523 build_facs(GArray *table_data, GArray *linker, PcGuestInfo *guest_info)
524 {
525     AcpiFacsDescriptorRev1 *facs = acpi_data_push(table_data, sizeof *facs);
526     memcpy(&facs->signature, "FACS", 4);
527     facs->length = cpu_to_le32(sizeof(*facs));
528 }
529 
530 /* Load chipset information in FADT */
531 static void fadt_setup(AcpiFadtDescriptorRev1 *fadt, AcpiPmInfo *pm)
532 {
533     fadt->model = 1;
534     fadt->reserved1 = 0;
535     fadt->sci_int = cpu_to_le16(pm->sci_int);
536     fadt->smi_cmd = cpu_to_le32(ACPI_PORT_SMI_CMD);
537     fadt->acpi_enable = pm->acpi_enable_cmd;
538     fadt->acpi_disable = pm->acpi_disable_cmd;
539     /* EVT, CNT, TMR offset matches hw/acpi/core.c */
540     fadt->pm1a_evt_blk = cpu_to_le32(pm->io_base);
541     fadt->pm1a_cnt_blk = cpu_to_le32(pm->io_base + 0x04);
542     fadt->pm_tmr_blk = cpu_to_le32(pm->io_base + 0x08);
543     fadt->gpe0_blk = cpu_to_le32(pm->gpe0_blk);
544     /* EVT, CNT, TMR length matches hw/acpi/core.c */
545     fadt->pm1_evt_len = 4;
546     fadt->pm1_cnt_len = 2;
547     fadt->pm_tmr_len = 4;
548     fadt->gpe0_blk_len = pm->gpe0_blk_len;
549     fadt->plvl2_lat = cpu_to_le16(0xfff); /* C2 state not supported */
550     fadt->plvl3_lat = cpu_to_le16(0xfff); /* C3 state not supported */
551     fadt->flags = cpu_to_le32((1 << ACPI_FADT_F_WBINVD) |
552                               (1 << ACPI_FADT_F_PROC_C1) |
553                               (1 << ACPI_FADT_F_SLP_BUTTON) |
554                               (1 << ACPI_FADT_F_RTC_S4));
555     fadt->flags |= cpu_to_le32(1 << ACPI_FADT_F_USE_PLATFORM_CLOCK);
556     /* APIC destination mode ("Flat Logical") has an upper limit of 8 CPUs
557      * For more than 8 CPUs, "Clustered Logical" mode has to be used
558      */
559     if (max_cpus > 8) {
560         fadt->flags |= cpu_to_le32(1 << ACPI_FADT_F_FORCE_APIC_CLUSTER_MODEL);
561     }
562 }
563 
564 
565 /* FADT */
566 static void
567 build_fadt(GArray *table_data, GArray *linker, AcpiPmInfo *pm,
568            unsigned facs, unsigned dsdt)
569 {
570     AcpiFadtDescriptorRev1 *fadt = acpi_data_push(table_data, sizeof(*fadt));
571 
572     fadt->firmware_ctrl = cpu_to_le32(facs);
573     /* FACS address to be filled by Guest linker */
574     bios_linker_loader_add_pointer(linker, ACPI_BUILD_TABLE_FILE,
575                                    ACPI_BUILD_TABLE_FILE,
576                                    table_data, &fadt->firmware_ctrl,
577                                    sizeof fadt->firmware_ctrl);
578 
579     fadt->dsdt = cpu_to_le32(dsdt);
580     /* DSDT address to be filled by Guest linker */
581     bios_linker_loader_add_pointer(linker, ACPI_BUILD_TABLE_FILE,
582                                    ACPI_BUILD_TABLE_FILE,
583                                    table_data, &fadt->dsdt,
584                                    sizeof fadt->dsdt);
585 
586     fadt_setup(fadt, pm);
587 
588     build_header(linker, table_data,
589                  (void *)fadt, "FACP", sizeof(*fadt), 1);
590 }
591 
592 static void
593 build_madt(GArray *table_data, GArray *linker, AcpiCpuInfo *cpu,
594            PcGuestInfo *guest_info)
595 {
596     int madt_start = table_data->len;
597 
598     AcpiMultipleApicTable *madt;
599     AcpiMadtIoApic *io_apic;
600     AcpiMadtIntsrcovr *intsrcovr;
601     AcpiMadtLocalNmi *local_nmi;
602     int i;
603 
604     madt = acpi_data_push(table_data, sizeof *madt);
605     madt->local_apic_address = cpu_to_le32(APIC_DEFAULT_ADDRESS);
606     madt->flags = cpu_to_le32(1);
607 
608     for (i = 0; i < guest_info->apic_id_limit; i++) {
609         AcpiMadtProcessorApic *apic = acpi_data_push(table_data, sizeof *apic);
610         apic->type = ACPI_APIC_PROCESSOR;
611         apic->length = sizeof(*apic);
612         apic->processor_id = i;
613         apic->local_apic_id = i;
614         if (test_bit(i, cpu->found_cpus)) {
615             apic->flags = cpu_to_le32(1);
616         } else {
617             apic->flags = cpu_to_le32(0);
618         }
619     }
620     io_apic = acpi_data_push(table_data, sizeof *io_apic);
621     io_apic->type = ACPI_APIC_IO;
622     io_apic->length = sizeof(*io_apic);
623 #define ACPI_BUILD_IOAPIC_ID 0x0
624     io_apic->io_apic_id = ACPI_BUILD_IOAPIC_ID;
625     io_apic->address = cpu_to_le32(IO_APIC_DEFAULT_ADDRESS);
626     io_apic->interrupt = cpu_to_le32(0);
627 
628     if (guest_info->apic_xrupt_override) {
629         intsrcovr = acpi_data_push(table_data, sizeof *intsrcovr);
630         intsrcovr->type   = ACPI_APIC_XRUPT_OVERRIDE;
631         intsrcovr->length = sizeof(*intsrcovr);
632         intsrcovr->source = 0;
633         intsrcovr->gsi    = cpu_to_le32(2);
634         intsrcovr->flags  = cpu_to_le16(0); /* conforms to bus specifications */
635     }
636     for (i = 1; i < 16; i++) {
637 #define ACPI_BUILD_PCI_IRQS ((1<<5) | (1<<9) | (1<<10) | (1<<11))
638         if (!(ACPI_BUILD_PCI_IRQS & (1 << i))) {
639             /* No need for a INT source override structure. */
640             continue;
641         }
642         intsrcovr = acpi_data_push(table_data, sizeof *intsrcovr);
643         intsrcovr->type   = ACPI_APIC_XRUPT_OVERRIDE;
644         intsrcovr->length = sizeof(*intsrcovr);
645         intsrcovr->source = i;
646         intsrcovr->gsi    = cpu_to_le32(i);
647         intsrcovr->flags  = cpu_to_le16(0xd); /* active high, level triggered */
648     }
649 
650     local_nmi = acpi_data_push(table_data, sizeof *local_nmi);
651     local_nmi->type         = ACPI_APIC_LOCAL_NMI;
652     local_nmi->length       = sizeof(*local_nmi);
653     local_nmi->processor_id = 0xff; /* all processors */
654     local_nmi->flags        = cpu_to_le16(0);
655     local_nmi->lint         = 1; /* ACPI_LINT1 */
656 
657     build_header(linker, table_data,
658                  (void *)(table_data->data + madt_start), "APIC",
659                  table_data->len - madt_start, 1);
660 }
661 
662 /* Encode a hex value */
663 static inline char acpi_get_hex(uint32_t val)
664 {
665     val &= 0x0f;
666     return (val <= 9) ? ('0' + val) : ('A' + val - 10);
667 }
668 
669 #include "hw/i386/ssdt-proc.hex"
670 
671 /* 0x5B 0x83 ProcessorOp PkgLength NameString ProcID */
672 #define ACPI_PROC_OFFSET_CPUHEX (*ssdt_proc_name - *ssdt_proc_start + 2)
673 #define ACPI_PROC_OFFSET_CPUID1 (*ssdt_proc_name - *ssdt_proc_start + 4)
674 #define ACPI_PROC_OFFSET_CPUID2 (*ssdt_proc_id - *ssdt_proc_start)
675 #define ACPI_PROC_SIZEOF (*ssdt_proc_end - *ssdt_proc_start)
676 #define ACPI_PROC_AML (ssdp_proc_aml + *ssdt_proc_start)
677 
678 /* 0x5B 0x82 DeviceOp PkgLength NameString */
679 #define ACPI_PCIHP_OFFSET_HEX (*ssdt_pcihp_name - *ssdt_pcihp_start + 1)
680 #define ACPI_PCIHP_OFFSET_ID (*ssdt_pcihp_id - *ssdt_pcihp_start)
681 #define ACPI_PCIHP_OFFSET_ADR (*ssdt_pcihp_adr - *ssdt_pcihp_start)
682 #define ACPI_PCIHP_OFFSET_EJ0 (*ssdt_pcihp_ej0 - *ssdt_pcihp_start)
683 #define ACPI_PCIHP_SIZEOF (*ssdt_pcihp_end - *ssdt_pcihp_start)
684 #define ACPI_PCIHP_AML (ssdp_pcihp_aml + *ssdt_pcihp_start)
685 
686 #define ACPI_PCINOHP_OFFSET_HEX (*ssdt_pcinohp_name - *ssdt_pcinohp_start + 1)
687 #define ACPI_PCINOHP_OFFSET_ADR (*ssdt_pcinohp_adr - *ssdt_pcinohp_start)
688 #define ACPI_PCINOHP_SIZEOF (*ssdt_pcinohp_end - *ssdt_pcinohp_start)
689 #define ACPI_PCINOHP_AML (ssdp_pcihp_aml + *ssdt_pcinohp_start)
690 
691 #define ACPI_PCIVGA_OFFSET_HEX (*ssdt_pcivga_name - *ssdt_pcivga_start + 1)
692 #define ACPI_PCIVGA_OFFSET_ADR (*ssdt_pcivga_adr - *ssdt_pcivga_start)
693 #define ACPI_PCIVGA_SIZEOF (*ssdt_pcivga_end - *ssdt_pcivga_start)
694 #define ACPI_PCIVGA_AML (ssdp_pcihp_aml + *ssdt_pcivga_start)
695 
696 #define ACPI_PCIQXL_OFFSET_HEX (*ssdt_pciqxl_name - *ssdt_pciqxl_start + 1)
697 #define ACPI_PCIQXL_OFFSET_ADR (*ssdt_pciqxl_adr - *ssdt_pciqxl_start)
698 #define ACPI_PCIQXL_SIZEOF (*ssdt_pciqxl_end - *ssdt_pciqxl_start)
699 #define ACPI_PCIQXL_AML (ssdp_pcihp_aml + *ssdt_pciqxl_start)
700 
701 #include "hw/i386/ssdt-mem.hex"
702 
703 /* 0x5B 0x82 DeviceOp PkgLength NameString DimmID */
704 #define ACPI_MEM_OFFSET_HEX (*ssdt_mem_name - *ssdt_mem_start + 2)
705 #define ACPI_MEM_OFFSET_ID (*ssdt_mem_id - *ssdt_mem_start + 7)
706 #define ACPI_MEM_SIZEOF (*ssdt_mem_end - *ssdt_mem_start)
707 #define ACPI_MEM_AML (ssdm_mem_aml + *ssdt_mem_start)
708 
709 #define ACPI_SSDT_SIGNATURE 0x54445353 /* SSDT */
710 #define ACPI_SSDT_HEADER_LENGTH 36
711 
712 #include "hw/i386/ssdt-misc.hex"
713 #include "hw/i386/ssdt-pcihp.hex"
714 #include "hw/i386/ssdt-tpm.hex"
715 
716 static void
717 build_append_notify_method(GArray *device, const char *name,
718                            const char *format, int count)
719 {
720     int i;
721     GArray *method = build_alloc_method(name, 2);
722 
723     for (i = 0; i < count; i++) {
724         GArray *target = build_alloc_array();
725         build_append_nameseg(target, format, i);
726         assert(i < 256); /* Fits in 1 byte */
727         build_append_notify_target_ifequal(method, target, i, 1);
728         build_free_array(target);
729     }
730 
731     build_append_and_cleanup_method(device, method);
732 }
733 
734 static void patch_pcihp(int slot, uint8_t *ssdt_ptr)
735 {
736     unsigned devfn = PCI_DEVFN(slot, 0);
737 
738     ssdt_ptr[ACPI_PCIHP_OFFSET_HEX] = acpi_get_hex(devfn >> 4);
739     ssdt_ptr[ACPI_PCIHP_OFFSET_HEX + 1] = acpi_get_hex(devfn);
740     ssdt_ptr[ACPI_PCIHP_OFFSET_ID] = slot;
741     ssdt_ptr[ACPI_PCIHP_OFFSET_ADR + 2] = slot;
742 }
743 
744 static void patch_pcinohp(int slot, uint8_t *ssdt_ptr)
745 {
746     unsigned devfn = PCI_DEVFN(slot, 0);
747 
748     ssdt_ptr[ACPI_PCINOHP_OFFSET_HEX] = acpi_get_hex(devfn >> 4);
749     ssdt_ptr[ACPI_PCINOHP_OFFSET_HEX + 1] = acpi_get_hex(devfn);
750     ssdt_ptr[ACPI_PCINOHP_OFFSET_ADR + 2] = slot;
751 }
752 
753 static void patch_pcivga(int slot, uint8_t *ssdt_ptr)
754 {
755     unsigned devfn = PCI_DEVFN(slot, 0);
756 
757     ssdt_ptr[ACPI_PCIVGA_OFFSET_HEX] = acpi_get_hex(devfn >> 4);
758     ssdt_ptr[ACPI_PCIVGA_OFFSET_HEX + 1] = acpi_get_hex(devfn);
759     ssdt_ptr[ACPI_PCIVGA_OFFSET_ADR + 2] = slot;
760 }
761 
762 static void patch_pciqxl(int slot, uint8_t *ssdt_ptr)
763 {
764     unsigned devfn = PCI_DEVFN(slot, 0);
765 
766     ssdt_ptr[ACPI_PCIQXL_OFFSET_HEX] = acpi_get_hex(devfn >> 4);
767     ssdt_ptr[ACPI_PCIQXL_OFFSET_HEX + 1] = acpi_get_hex(devfn);
768     ssdt_ptr[ACPI_PCIQXL_OFFSET_ADR + 2] = slot;
769 }
770 
771 /* Assign BSEL property to all buses.  In the future, this can be changed
772  * to only assign to buses that support hotplug.
773  */
774 static void *acpi_set_bsel(PCIBus *bus, void *opaque)
775 {
776     unsigned *bsel_alloc = opaque;
777     unsigned *bus_bsel;
778 
779     if (qbus_is_hotpluggable(BUS(bus))) {
780         bus_bsel = g_malloc(sizeof *bus_bsel);
781 
782         *bus_bsel = (*bsel_alloc)++;
783         object_property_add_uint32_ptr(OBJECT(bus), ACPI_PCIHP_PROP_BSEL,
784                                        bus_bsel, NULL);
785     }
786 
787     return bsel_alloc;
788 }
789 
790 static void acpi_set_pci_info(void)
791 {
792     PCIBus *bus = find_i440fx(); /* TODO: Q35 support */
793     unsigned bsel_alloc = 0;
794 
795     if (bus) {
796         /* Scan all PCI buses. Set property to enable acpi based hotplug. */
797         pci_for_each_bus_depth_first(bus, acpi_set_bsel, NULL, &bsel_alloc);
798     }
799 }
800 
801 static void build_pci_bus_state_init(AcpiBuildPciBusHotplugState *state,
802                                      AcpiBuildPciBusHotplugState *parent,
803                                      bool pcihp_bridge_en)
804 {
805     state->parent = parent;
806     state->device_table = build_alloc_array();
807     state->notify_table = build_alloc_array();
808     state->pcihp_bridge_en = pcihp_bridge_en;
809 }
810 
811 static void build_pci_bus_state_cleanup(AcpiBuildPciBusHotplugState *state)
812 {
813     build_free_array(state->device_table);
814     build_free_array(state->notify_table);
815 }
816 
817 static void *build_pci_bus_begin(PCIBus *bus, void *parent_state)
818 {
819     AcpiBuildPciBusHotplugState *parent = parent_state;
820     AcpiBuildPciBusHotplugState *child = g_malloc(sizeof *child);
821 
822     build_pci_bus_state_init(child, parent, parent->pcihp_bridge_en);
823 
824     return child;
825 }
826 
827 static void build_pci_bus_end(PCIBus *bus, void *bus_state)
828 {
829     AcpiBuildPciBusHotplugState *child = bus_state;
830     AcpiBuildPciBusHotplugState *parent = child->parent;
831     GArray *bus_table = build_alloc_array();
832     DECLARE_BITMAP(slot_hotplug_enable, PCI_SLOT_MAX);
833     DECLARE_BITMAP(slot_device_present, PCI_SLOT_MAX);
834     DECLARE_BITMAP(slot_device_system, PCI_SLOT_MAX);
835     DECLARE_BITMAP(slot_device_vga, PCI_SLOT_MAX);
836     DECLARE_BITMAP(slot_device_qxl, PCI_SLOT_MAX);
837     uint8_t op;
838     int i;
839     QObject *bsel;
840     GArray *method;
841     bool bus_hotplug_support = false;
842 
843     /*
844      * Skip bridge subtree creation if bridge hotplug is disabled
845      * to make acpi tables compatible with legacy machine types.
846      */
847     if (!child->pcihp_bridge_en && bus->parent_dev) {
848         return;
849     }
850 
851     if (bus->parent_dev) {
852         op = 0x82; /* DeviceOp */
853         build_append_nameseg(bus_table, "S%.02X_",
854                              bus->parent_dev->devfn);
855         build_append_byte(bus_table, 0x08); /* NameOp */
856         build_append_nameseg(bus_table, "_SUN");
857         build_append_value(bus_table, PCI_SLOT(bus->parent_dev->devfn), 1);
858         build_append_byte(bus_table, 0x08); /* NameOp */
859         build_append_nameseg(bus_table, "_ADR");
860         build_append_value(bus_table, (PCI_SLOT(bus->parent_dev->devfn) << 16) |
861                            PCI_FUNC(bus->parent_dev->devfn), 4);
862     } else {
863         op = 0x10; /* ScopeOp */;
864         build_append_nameseg(bus_table, "PCI0");
865     }
866 
867     bsel = object_property_get_qobject(OBJECT(bus), ACPI_PCIHP_PROP_BSEL, NULL);
868     if (bsel) {
869         build_append_byte(bus_table, 0x08); /* NameOp */
870         build_append_nameseg(bus_table, "BSEL");
871         build_append_int(bus_table, qint_get_int(qobject_to_qint(bsel)));
872         memset(slot_hotplug_enable, 0xff, sizeof slot_hotplug_enable);
873     } else {
874         /* No bsel - no slots are hot-pluggable */
875         memset(slot_hotplug_enable, 0x00, sizeof slot_hotplug_enable);
876     }
877 
878     memset(slot_device_present, 0x00, sizeof slot_device_present);
879     memset(slot_device_system, 0x00, sizeof slot_device_present);
880     memset(slot_device_vga, 0x00, sizeof slot_device_vga);
881     memset(slot_device_qxl, 0x00, sizeof slot_device_qxl);
882 
883     for (i = 0; i < ARRAY_SIZE(bus->devices); i += PCI_FUNC_MAX) {
884         DeviceClass *dc;
885         PCIDeviceClass *pc;
886         PCIDevice *pdev = bus->devices[i];
887         int slot = PCI_SLOT(i);
888         bool bridge_in_acpi;
889 
890         if (!pdev) {
891             continue;
892         }
893 
894         set_bit(slot, slot_device_present);
895         pc = PCI_DEVICE_GET_CLASS(pdev);
896         dc = DEVICE_GET_CLASS(pdev);
897 
898         /* When hotplug for bridges is enabled, bridges are
899          * described in ACPI separately (see build_pci_bus_end).
900          * In this case they aren't themselves hot-pluggable.
901          */
902         bridge_in_acpi = pc->is_bridge && child->pcihp_bridge_en;
903 
904         if (pc->class_id == PCI_CLASS_BRIDGE_ISA || bridge_in_acpi) {
905             set_bit(slot, slot_device_system);
906         }
907 
908         if (pc->class_id == PCI_CLASS_DISPLAY_VGA) {
909             set_bit(slot, slot_device_vga);
910 
911             if (object_dynamic_cast(OBJECT(pdev), "qxl-vga")) {
912                 set_bit(slot, slot_device_qxl);
913             }
914         }
915 
916         if (!dc->hotpluggable || bridge_in_acpi) {
917             clear_bit(slot, slot_hotplug_enable);
918         }
919     }
920 
921     /* Append Device object for each slot */
922     for (i = 0; i < PCI_SLOT_MAX; i++) {
923         bool can_eject = test_bit(i, slot_hotplug_enable);
924         bool present = test_bit(i, slot_device_present);
925         bool vga = test_bit(i, slot_device_vga);
926         bool qxl = test_bit(i, slot_device_qxl);
927         bool system = test_bit(i, slot_device_system);
928         if (can_eject) {
929             void *pcihp = acpi_data_push(bus_table,
930                                          ACPI_PCIHP_SIZEOF);
931             memcpy(pcihp, ACPI_PCIHP_AML, ACPI_PCIHP_SIZEOF);
932             patch_pcihp(i, pcihp);
933             bus_hotplug_support = true;
934         } else if (qxl) {
935             void *pcihp = acpi_data_push(bus_table,
936                                          ACPI_PCIQXL_SIZEOF);
937             memcpy(pcihp, ACPI_PCIQXL_AML, ACPI_PCIQXL_SIZEOF);
938             patch_pciqxl(i, pcihp);
939         } else if (vga) {
940             void *pcihp = acpi_data_push(bus_table,
941                                          ACPI_PCIVGA_SIZEOF);
942             memcpy(pcihp, ACPI_PCIVGA_AML, ACPI_PCIVGA_SIZEOF);
943             patch_pcivga(i, pcihp);
944         } else if (system) {
945             /* Nothing to do: system devices are in DSDT or in SSDT above. */
946         } else if (present) {
947             void *pcihp = acpi_data_push(bus_table,
948                                          ACPI_PCINOHP_SIZEOF);
949             memcpy(pcihp, ACPI_PCINOHP_AML, ACPI_PCINOHP_SIZEOF);
950             patch_pcinohp(i, pcihp);
951         }
952     }
953 
954     if (bsel) {
955         method = build_alloc_method("DVNT", 2);
956 
957         for (i = 0; i < PCI_SLOT_MAX; i++) {
958             GArray *notify;
959             uint8_t op;
960 
961             if (!test_bit(i, slot_hotplug_enable)) {
962                 continue;
963             }
964 
965             notify = build_alloc_array();
966             op = 0xA0; /* IfOp */
967 
968             build_append_byte(notify, 0x7B); /* AndOp */
969             build_append_byte(notify, 0x68); /* Arg0Op */
970             build_append_int(notify, 0x1U << i);
971             build_append_byte(notify, 0x00); /* NullName */
972             build_append_byte(notify, 0x86); /* NotifyOp */
973             build_append_nameseg(notify, "S%.02X_", PCI_DEVFN(i, 0));
974             build_append_byte(notify, 0x69); /* Arg1Op */
975 
976             /* Pack it up */
977             build_package(notify, op, 0);
978 
979             build_append_array(method, notify);
980 
981             build_free_array(notify);
982         }
983 
984         build_append_and_cleanup_method(bus_table, method);
985     }
986 
987     /* Append PCNT method to notify about events on local and child buses.
988      * Add unconditionally for root since DSDT expects it.
989      */
990     if (bus_hotplug_support || child->notify_table->len || !bus->parent_dev) {
991         method = build_alloc_method("PCNT", 0);
992 
993         /* If bus supports hotplug select it and notify about local events */
994         if (bsel) {
995             build_append_byte(method, 0x70); /* StoreOp */
996             build_append_int(method, qint_get_int(qobject_to_qint(bsel)));
997             build_append_nameseg(method, "BNUM");
998             build_append_nameseg(method, "DVNT");
999             build_append_nameseg(method, "PCIU");
1000             build_append_int(method, 1); /* Device Check */
1001             build_append_nameseg(method, "DVNT");
1002             build_append_nameseg(method, "PCID");
1003             build_append_int(method, 3); /* Eject Request */
1004         }
1005 
1006         /* Notify about child bus events in any case */
1007         build_append_array(method, child->notify_table);
1008 
1009         build_append_and_cleanup_method(bus_table, method);
1010 
1011         /* Append description of child buses */
1012         build_append_array(bus_table, child->device_table);
1013 
1014         /* Pack it up */
1015         if (bus->parent_dev) {
1016             build_extop_package(bus_table, op);
1017         } else {
1018             build_package(bus_table, op, 0);
1019         }
1020 
1021         /* Append our bus description to parent table */
1022         build_append_array(parent->device_table, bus_table);
1023 
1024         /* Also tell parent how to notify us, invoking PCNT method.
1025          * At the moment this is not needed for root as we have a single root.
1026          */
1027         if (bus->parent_dev) {
1028             build_append_byte(parent->notify_table, '^'); /* ParentPrefixChar */
1029             build_append_byte(parent->notify_table, 0x2E); /* DualNamePrefix */
1030             build_append_nameseg(parent->notify_table, "S%.02X_",
1031                                  bus->parent_dev->devfn);
1032             build_append_nameseg(parent->notify_table, "PCNT");
1033         }
1034     }
1035 
1036     qobject_decref(bsel);
1037     build_free_array(bus_table);
1038     build_pci_bus_state_cleanup(child);
1039     g_free(child);
1040 }
1041 
1042 static void patch_pci_windows(PcPciInfo *pci, uint8_t *start, unsigned size)
1043 {
1044     ACPI_BUILD_SET_LE(start, size, acpi_pci32_start[0], 32, pci->w32.begin);
1045 
1046     ACPI_BUILD_SET_LE(start, size, acpi_pci32_end[0], 32, pci->w32.end - 1);
1047 
1048     if (pci->w64.end || pci->w64.begin) {
1049         ACPI_BUILD_SET_LE(start, size, acpi_pci64_valid[0], 8, 1);
1050         ACPI_BUILD_SET_LE(start, size, acpi_pci64_start[0], 64, pci->w64.begin);
1051         ACPI_BUILD_SET_LE(start, size, acpi_pci64_end[0], 64, pci->w64.end - 1);
1052         ACPI_BUILD_SET_LE(start, size, acpi_pci64_length[0], 64, pci->w64.end - pci->w64.begin);
1053     } else {
1054         ACPI_BUILD_SET_LE(start, size, acpi_pci64_valid[0], 8, 0);
1055     }
1056 }
1057 
1058 static void
1059 build_ssdt(GArray *table_data, GArray *linker,
1060            AcpiCpuInfo *cpu, AcpiPmInfo *pm, AcpiMiscInfo *misc,
1061            PcPciInfo *pci, PcGuestInfo *guest_info)
1062 {
1063     MachineState *machine = MACHINE(qdev_get_machine());
1064     uint32_t nr_mem = machine->ram_slots;
1065     unsigned acpi_cpus = guest_info->apic_id_limit;
1066     int ssdt_start = table_data->len;
1067     uint8_t *ssdt_ptr;
1068     int i;
1069 
1070     /* The current AML generator can cover the APIC ID range [0..255],
1071      * inclusive, for VCPU hotplug. */
1072     QEMU_BUILD_BUG_ON(ACPI_CPU_HOTPLUG_ID_LIMIT > 256);
1073     g_assert(acpi_cpus <= ACPI_CPU_HOTPLUG_ID_LIMIT);
1074 
1075     /* Copy header and patch values in the S3_ / S4_ / S5_ packages */
1076     ssdt_ptr = acpi_data_push(table_data, sizeof(ssdp_misc_aml));
1077     memcpy(ssdt_ptr, ssdp_misc_aml, sizeof(ssdp_misc_aml));
1078     if (pm->s3_disabled) {
1079         ssdt_ptr[acpi_s3_name[0]] = 'X';
1080     }
1081     if (pm->s4_disabled) {
1082         ssdt_ptr[acpi_s4_name[0]] = 'X';
1083     } else {
1084         ssdt_ptr[acpi_s4_pkg[0] + 1] = ssdt_ptr[acpi_s4_pkg[0] + 3] =
1085             pm->s4_val;
1086     }
1087 
1088     patch_pci_windows(pci, ssdt_ptr, sizeof(ssdp_misc_aml));
1089 
1090     ACPI_BUILD_SET_LE(ssdt_ptr, sizeof(ssdp_misc_aml),
1091                       ssdt_isa_pest[0], 16, misc->pvpanic_port);
1092 
1093     ACPI_BUILD_SET_LE(ssdt_ptr, sizeof(ssdp_misc_aml),
1094                       ssdt_mctrl_nr_slots[0], 32, nr_mem);
1095 
1096     {
1097         GArray *sb_scope = build_alloc_array();
1098         uint8_t op = 0x10; /* ScopeOp */
1099 
1100         build_append_nameseg(sb_scope, "_SB_");
1101 
1102         /* build Processor object for each processor */
1103         for (i = 0; i < acpi_cpus; i++) {
1104             uint8_t *proc = acpi_data_push(sb_scope, ACPI_PROC_SIZEOF);
1105             memcpy(proc, ACPI_PROC_AML, ACPI_PROC_SIZEOF);
1106             proc[ACPI_PROC_OFFSET_CPUHEX] = acpi_get_hex(i >> 4);
1107             proc[ACPI_PROC_OFFSET_CPUHEX+1] = acpi_get_hex(i);
1108             proc[ACPI_PROC_OFFSET_CPUID1] = i;
1109             proc[ACPI_PROC_OFFSET_CPUID2] = i;
1110         }
1111 
1112         /* build this code:
1113          *   Method(NTFY, 2) {If (LEqual(Arg0, 0x00)) {Notify(CP00, Arg1)} ...}
1114          */
1115         /* Arg0 = Processor ID = APIC ID */
1116         build_append_notify_method(sb_scope, "NTFY", "CP%0.02X", acpi_cpus);
1117 
1118         /* build "Name(CPON, Package() { One, One, ..., Zero, Zero, ... })" */
1119         build_append_byte(sb_scope, 0x08); /* NameOp */
1120         build_append_nameseg(sb_scope, "CPON");
1121 
1122         {
1123             GArray *package = build_alloc_array();
1124             uint8_t op;
1125 
1126             /*
1127              * Note: The ability to create variable-sized packages was first introduced in ACPI 2.0. ACPI 1.0 only
1128              * allowed fixed-size packages with up to 255 elements.
1129              * Windows guests up to win2k8 fail when VarPackageOp is used.
1130              */
1131             if (acpi_cpus <= 255) {
1132                 op = 0x12; /* PackageOp */
1133                 build_append_byte(package, acpi_cpus); /* NumElements */
1134             } else {
1135                 op = 0x13; /* VarPackageOp */
1136                 build_append_int(package, acpi_cpus); /* VarNumElements */
1137             }
1138 
1139             for (i = 0; i < acpi_cpus; i++) {
1140                 uint8_t b = test_bit(i, cpu->found_cpus) ? 0x01 : 0x00;
1141                 build_append_byte(package, b);
1142             }
1143 
1144             build_package(package, op, 2);
1145             build_append_array(sb_scope, package);
1146             build_free_array(package);
1147         }
1148 
1149         if (nr_mem) {
1150             assert(nr_mem <= ACPI_MAX_RAM_SLOTS);
1151             /* build memory devices */
1152             for (i = 0; i < nr_mem; i++) {
1153                 char id[3];
1154                 uint8_t *mem = acpi_data_push(sb_scope, ACPI_MEM_SIZEOF);
1155 
1156                 snprintf(id, sizeof(id), "%02X", i);
1157                 memcpy(mem, ACPI_MEM_AML, ACPI_MEM_SIZEOF);
1158                 memcpy(mem + ACPI_MEM_OFFSET_HEX, id, 2);
1159                 memcpy(mem + ACPI_MEM_OFFSET_ID, id, 2);
1160             }
1161 
1162             /* build Method(MEMORY_SLOT_NOTIFY_METHOD, 2) {
1163              *     If (LEqual(Arg0, 0x00)) {Notify(MP00, Arg1)} ...
1164              */
1165             build_append_notify_method(sb_scope,
1166                                        stringify(MEMORY_SLOT_NOTIFY_METHOD),
1167                                        "MP%0.02X", nr_mem);
1168         }
1169 
1170         {
1171             AcpiBuildPciBusHotplugState hotplug_state;
1172             Object *pci_host;
1173             PCIBus *bus = NULL;
1174             bool ambiguous;
1175 
1176             pci_host = object_resolve_path_type("", TYPE_PCI_HOST_BRIDGE, &ambiguous);
1177             if (!ambiguous && pci_host) {
1178                 bus = PCI_HOST_BRIDGE(pci_host)->bus;
1179             }
1180 
1181             build_pci_bus_state_init(&hotplug_state, NULL, pm->pcihp_bridge_en);
1182 
1183             if (bus) {
1184                 /* Scan all PCI buses. Generate tables to support hotplug. */
1185                 pci_for_each_bus_depth_first(bus, build_pci_bus_begin,
1186                                              build_pci_bus_end, &hotplug_state);
1187             }
1188 
1189             build_append_array(sb_scope, hotplug_state.device_table);
1190             build_pci_bus_state_cleanup(&hotplug_state);
1191         }
1192 
1193         build_package(sb_scope, op, 3);
1194         build_append_array(table_data, sb_scope);
1195         build_free_array(sb_scope);
1196     }
1197 
1198     build_header(linker, table_data,
1199                  (void *)(table_data->data + ssdt_start),
1200                  "SSDT", table_data->len - ssdt_start, 1);
1201 }
1202 
1203 static void
1204 build_hpet(GArray *table_data, GArray *linker)
1205 {
1206     Acpi20Hpet *hpet;
1207 
1208     hpet = acpi_data_push(table_data, sizeof(*hpet));
1209     /* Note timer_block_id value must be kept in sync with value advertised by
1210      * emulated hpet
1211      */
1212     hpet->timer_block_id = cpu_to_le32(0x8086a201);
1213     hpet->addr.address = cpu_to_le64(HPET_BASE);
1214     build_header(linker, table_data,
1215                  (void *)hpet, "HPET", sizeof(*hpet), 1);
1216 }
1217 
1218 static void
1219 build_tpm_tcpa(GArray *table_data, GArray *linker, GArray *tcpalog)
1220 {
1221     Acpi20Tcpa *tcpa = acpi_data_push(table_data, sizeof *tcpa);
1222     uint64_t log_area_start_address = acpi_data_len(tcpalog);
1223 
1224     tcpa->platform_class = cpu_to_le16(TPM_TCPA_ACPI_CLASS_CLIENT);
1225     tcpa->log_area_minimum_length = cpu_to_le32(TPM_LOG_AREA_MINIMUM_SIZE);
1226     tcpa->log_area_start_address = cpu_to_le64(log_area_start_address);
1227 
1228     bios_linker_loader_alloc(linker, ACPI_BUILD_TPMLOG_FILE, 1,
1229                              false /* high memory */);
1230 
1231     /* log area start address to be filled by Guest linker */
1232     bios_linker_loader_add_pointer(linker, ACPI_BUILD_TABLE_FILE,
1233                                    ACPI_BUILD_TPMLOG_FILE,
1234                                    table_data, &tcpa->log_area_start_address,
1235                                    sizeof(tcpa->log_area_start_address));
1236 
1237     build_header(linker, table_data,
1238                  (void *)tcpa, "TCPA", sizeof(*tcpa), 2);
1239 
1240     acpi_data_push(tcpalog, TPM_LOG_AREA_MINIMUM_SIZE);
1241 }
1242 
1243 static void
1244 build_tpm_ssdt(GArray *table_data, GArray *linker)
1245 {
1246     void *tpm_ptr;
1247 
1248     tpm_ptr = acpi_data_push(table_data, sizeof(ssdt_tpm_aml));
1249     memcpy(tpm_ptr, ssdt_tpm_aml, sizeof(ssdt_tpm_aml));
1250 }
1251 
1252 typedef enum {
1253     MEM_AFFINITY_NOFLAGS      = 0,
1254     MEM_AFFINITY_ENABLED      = (1 << 0),
1255     MEM_AFFINITY_HOTPLUGGABLE = (1 << 1),
1256     MEM_AFFINITY_NON_VOLATILE = (1 << 2),
1257 } MemoryAffinityFlags;
1258 
1259 static void
1260 acpi_build_srat_memory(AcpiSratMemoryAffinity *numamem, uint64_t base,
1261                        uint64_t len, int node, MemoryAffinityFlags flags)
1262 {
1263     numamem->type = ACPI_SRAT_MEMORY;
1264     numamem->length = sizeof(*numamem);
1265     memset(numamem->proximity, 0, 4);
1266     numamem->proximity[0] = node;
1267     numamem->flags = cpu_to_le32(flags);
1268     numamem->base_addr = cpu_to_le64(base);
1269     numamem->range_length = cpu_to_le64(len);
1270 }
1271 
1272 static void
1273 build_srat(GArray *table_data, GArray *linker, PcGuestInfo *guest_info)
1274 {
1275     AcpiSystemResourceAffinityTable *srat;
1276     AcpiSratProcessorAffinity *core;
1277     AcpiSratMemoryAffinity *numamem;
1278 
1279     int i;
1280     uint64_t curnode;
1281     int srat_start, numa_start, slots;
1282     uint64_t mem_len, mem_base, next_base;
1283     PCMachineState *pcms = PC_MACHINE(qdev_get_machine());
1284     ram_addr_t hotplugabble_address_space_size =
1285         object_property_get_int(OBJECT(pcms), PC_MACHINE_MEMHP_REGION_SIZE,
1286                                 NULL);
1287 
1288     srat_start = table_data->len;
1289 
1290     srat = acpi_data_push(table_data, sizeof *srat);
1291     srat->reserved1 = cpu_to_le32(1);
1292     core = (void *)(srat + 1);
1293 
1294     for (i = 0; i < guest_info->apic_id_limit; ++i) {
1295         core = acpi_data_push(table_data, sizeof *core);
1296         core->type = ACPI_SRAT_PROCESSOR;
1297         core->length = sizeof(*core);
1298         core->local_apic_id = i;
1299         curnode = guest_info->node_cpu[i];
1300         core->proximity_lo = curnode;
1301         memset(core->proximity_hi, 0, 3);
1302         core->local_sapic_eid = 0;
1303         core->flags = cpu_to_le32(1);
1304     }
1305 
1306 
1307     /* the memory map is a bit tricky, it contains at least one hole
1308      * from 640k-1M and possibly another one from 3.5G-4G.
1309      */
1310     next_base = 0;
1311     numa_start = table_data->len;
1312 
1313     numamem = acpi_data_push(table_data, sizeof *numamem);
1314     acpi_build_srat_memory(numamem, 0, 640*1024, 0, MEM_AFFINITY_ENABLED);
1315     next_base = 1024 * 1024;
1316     for (i = 1; i < guest_info->numa_nodes + 1; ++i) {
1317         mem_base = next_base;
1318         mem_len = guest_info->node_mem[i - 1];
1319         if (i == 1) {
1320             mem_len -= 1024 * 1024;
1321         }
1322         next_base = mem_base + mem_len;
1323 
1324         /* Cut out the ACPI_PCI hole */
1325         if (mem_base <= guest_info->ram_size_below_4g &&
1326             next_base > guest_info->ram_size_below_4g) {
1327             mem_len -= next_base - guest_info->ram_size_below_4g;
1328             if (mem_len > 0) {
1329                 numamem = acpi_data_push(table_data, sizeof *numamem);
1330                 acpi_build_srat_memory(numamem, mem_base, mem_len, i - 1,
1331                                        MEM_AFFINITY_ENABLED);
1332             }
1333             mem_base = 1ULL << 32;
1334             mem_len = next_base - guest_info->ram_size_below_4g;
1335             next_base += (1ULL << 32) - guest_info->ram_size_below_4g;
1336         }
1337         numamem = acpi_data_push(table_data, sizeof *numamem);
1338         acpi_build_srat_memory(numamem, mem_base, mem_len, i - 1,
1339                                MEM_AFFINITY_ENABLED);
1340     }
1341     slots = (table_data->len - numa_start) / sizeof *numamem;
1342     for (; slots < guest_info->numa_nodes + 2; slots++) {
1343         numamem = acpi_data_push(table_data, sizeof *numamem);
1344         acpi_build_srat_memory(numamem, 0, 0, 0, MEM_AFFINITY_NOFLAGS);
1345     }
1346 
1347     /*
1348      * Entry is required for Windows to enable memory hotplug in OS.
1349      * Memory devices may override proximity set by this entry,
1350      * providing _PXM method if necessary.
1351      */
1352     if (hotplugabble_address_space_size) {
1353         numamem = acpi_data_push(table_data, sizeof *numamem);
1354         acpi_build_srat_memory(numamem, pcms->hotplug_memory_base,
1355                                hotplugabble_address_space_size, 0,
1356                                MEM_AFFINITY_HOTPLUGGABLE |
1357                                MEM_AFFINITY_ENABLED);
1358     }
1359 
1360     build_header(linker, table_data,
1361                  (void *)(table_data->data + srat_start),
1362                  "SRAT",
1363                  table_data->len - srat_start, 1);
1364 }
1365 
1366 static void
1367 build_mcfg_q35(GArray *table_data, GArray *linker, AcpiMcfgInfo *info)
1368 {
1369     AcpiTableMcfg *mcfg;
1370     const char *sig;
1371     int len = sizeof(*mcfg) + 1 * sizeof(mcfg->allocation[0]);
1372 
1373     mcfg = acpi_data_push(table_data, len);
1374     mcfg->allocation[0].address = cpu_to_le64(info->mcfg_base);
1375     /* Only a single allocation so no need to play with segments */
1376     mcfg->allocation[0].pci_segment = cpu_to_le16(0);
1377     mcfg->allocation[0].start_bus_number = 0;
1378     mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->mcfg_size - 1);
1379 
1380     /* MCFG is used for ECAM which can be enabled or disabled by guest.
1381      * To avoid table size changes (which create migration issues),
1382      * always create the table even if there are no allocations,
1383      * but set the signature to a reserved value in this case.
1384      * ACPI spec requires OSPMs to ignore such tables.
1385      */
1386     if (info->mcfg_base == PCIE_BASE_ADDR_UNMAPPED) {
1387         /* Reserved signature: ignored by OSPM */
1388         sig = "QEMU";
1389     } else {
1390         sig = "MCFG";
1391     }
1392     build_header(linker, table_data, (void *)mcfg, sig, len, 1);
1393 }
1394 
1395 static void
1396 build_dmar_q35(GArray *table_data, GArray *linker)
1397 {
1398     int dmar_start = table_data->len;
1399 
1400     AcpiTableDmar *dmar;
1401     AcpiDmarHardwareUnit *drhd;
1402 
1403     dmar = acpi_data_push(table_data, sizeof(*dmar));
1404     dmar->host_address_width = VTD_HOST_ADDRESS_WIDTH - 1;
1405     dmar->flags = 0;    /* No intr_remap for now */
1406 
1407     /* DMAR Remapping Hardware Unit Definition structure */
1408     drhd = acpi_data_push(table_data, sizeof(*drhd));
1409     drhd->type = cpu_to_le16(ACPI_DMAR_TYPE_HARDWARE_UNIT);
1410     drhd->length = cpu_to_le16(sizeof(*drhd));   /* No device scope now */
1411     drhd->flags = ACPI_DMAR_INCLUDE_PCI_ALL;
1412     drhd->pci_segment = cpu_to_le16(0);
1413     drhd->address = cpu_to_le64(Q35_HOST_BRIDGE_IOMMU_ADDR);
1414 
1415     build_header(linker, table_data, (void *)(table_data->data + dmar_start),
1416                  "DMAR", table_data->len - dmar_start, 1);
1417 }
1418 
1419 static void
1420 build_dsdt(GArray *table_data, GArray *linker, AcpiMiscInfo *misc)
1421 {
1422     AcpiTableHeader *dsdt;
1423 
1424     assert(misc->dsdt_code && misc->dsdt_size);
1425 
1426     dsdt = acpi_data_push(table_data, misc->dsdt_size);
1427     memcpy(dsdt, misc->dsdt_code, misc->dsdt_size);
1428 
1429     memset(dsdt, 0, sizeof *dsdt);
1430     build_header(linker, table_data, dsdt, "DSDT",
1431                  misc->dsdt_size, 1);
1432 }
1433 
1434 /* Build final rsdt table */
1435 static void
1436 build_rsdt(GArray *table_data, GArray *linker, GArray *table_offsets)
1437 {
1438     AcpiRsdtDescriptorRev1 *rsdt;
1439     size_t rsdt_len;
1440     int i;
1441 
1442     rsdt_len = sizeof(*rsdt) + sizeof(uint32_t) * table_offsets->len;
1443     rsdt = acpi_data_push(table_data, rsdt_len);
1444     memcpy(rsdt->table_offset_entry, table_offsets->data,
1445            sizeof(uint32_t) * table_offsets->len);
1446     for (i = 0; i < table_offsets->len; ++i) {
1447         /* rsdt->table_offset_entry to be filled by Guest linker */
1448         bios_linker_loader_add_pointer(linker,
1449                                        ACPI_BUILD_TABLE_FILE,
1450                                        ACPI_BUILD_TABLE_FILE,
1451                                        table_data, &rsdt->table_offset_entry[i],
1452                                        sizeof(uint32_t));
1453     }
1454     build_header(linker, table_data,
1455                  (void *)rsdt, "RSDT", rsdt_len, 1);
1456 }
1457 
1458 static GArray *
1459 build_rsdp(GArray *rsdp_table, GArray *linker, unsigned rsdt)
1460 {
1461     AcpiRsdpDescriptor *rsdp = acpi_data_push(rsdp_table, sizeof *rsdp);
1462 
1463     bios_linker_loader_alloc(linker, ACPI_BUILD_RSDP_FILE, 16,
1464                              true /* fseg memory */);
1465 
1466     memcpy(&rsdp->signature, "RSD PTR ", 8);
1467     memcpy(rsdp->oem_id, ACPI_BUILD_APPNAME6, 6);
1468     rsdp->rsdt_physical_address = cpu_to_le32(rsdt);
1469     /* Address to be filled by Guest linker */
1470     bios_linker_loader_add_pointer(linker, ACPI_BUILD_RSDP_FILE,
1471                                    ACPI_BUILD_TABLE_FILE,
1472                                    rsdp_table, &rsdp->rsdt_physical_address,
1473                                    sizeof rsdp->rsdt_physical_address);
1474     rsdp->checksum = 0;
1475     /* Checksum to be filled by Guest linker */
1476     bios_linker_loader_add_checksum(linker, ACPI_BUILD_RSDP_FILE,
1477                                     rsdp, rsdp, sizeof *rsdp, &rsdp->checksum);
1478 
1479     return rsdp_table;
1480 }
1481 
1482 typedef
1483 struct AcpiBuildTables {
1484     GArray *table_data;
1485     GArray *rsdp;
1486     GArray *tcpalog;
1487     GArray *linker;
1488 } AcpiBuildTables;
1489 
1490 static inline void acpi_build_tables_init(AcpiBuildTables *tables)
1491 {
1492     tables->rsdp = g_array_new(false, true /* clear */, 1);
1493     tables->table_data = g_array_new(false, true /* clear */, 1);
1494     tables->tcpalog = g_array_new(false, true /* clear */, 1);
1495     tables->linker = bios_linker_loader_init();
1496 }
1497 
1498 static inline void acpi_build_tables_cleanup(AcpiBuildTables *tables, bool mfre)
1499 {
1500     void *linker_data = bios_linker_loader_cleanup(tables->linker);
1501     g_free(linker_data);
1502     g_array_free(tables->rsdp, mfre);
1503     g_array_free(tables->table_data, true);
1504     g_array_free(tables->tcpalog, mfre);
1505 }
1506 
1507 typedef
1508 struct AcpiBuildState {
1509     /* Copy of table in RAM (for patching). */
1510     ram_addr_t table_ram;
1511     uint32_t table_size;
1512     /* Is table patched? */
1513     uint8_t patched;
1514     PcGuestInfo *guest_info;
1515 } AcpiBuildState;
1516 
1517 static bool acpi_get_mcfg(AcpiMcfgInfo *mcfg)
1518 {
1519     Object *pci_host;
1520     QObject *o;
1521     bool ambiguous;
1522 
1523     pci_host = object_resolve_path_type("", TYPE_PCI_HOST_BRIDGE, &ambiguous);
1524     g_assert(!ambiguous);
1525     g_assert(pci_host);
1526 
1527     o = object_property_get_qobject(pci_host, PCIE_HOST_MCFG_BASE, NULL);
1528     if (!o) {
1529         return false;
1530     }
1531     mcfg->mcfg_base = qint_get_int(qobject_to_qint(o));
1532     qobject_decref(o);
1533 
1534     o = object_property_get_qobject(pci_host, PCIE_HOST_MCFG_SIZE, NULL);
1535     assert(o);
1536     mcfg->mcfg_size = qint_get_int(qobject_to_qint(o));
1537     qobject_decref(o);
1538     return true;
1539 }
1540 
1541 static bool acpi_has_iommu(void)
1542 {
1543     bool ambiguous;
1544     Object *intel_iommu;
1545 
1546     intel_iommu = object_resolve_path_type("", TYPE_INTEL_IOMMU_DEVICE,
1547                                            &ambiguous);
1548     return intel_iommu && !ambiguous;
1549 }
1550 
1551 static
1552 void acpi_build(PcGuestInfo *guest_info, AcpiBuildTables *tables)
1553 {
1554     GArray *table_offsets;
1555     unsigned facs, ssdt, dsdt, rsdt;
1556     AcpiCpuInfo cpu;
1557     AcpiPmInfo pm;
1558     AcpiMiscInfo misc;
1559     AcpiMcfgInfo mcfg;
1560     PcPciInfo pci;
1561     uint8_t *u;
1562     size_t aml_len = 0;
1563 
1564     acpi_get_cpu_info(&cpu);
1565     acpi_get_pm_info(&pm);
1566     acpi_get_dsdt(&misc);
1567     acpi_get_misc_info(&misc);
1568     acpi_get_pci_info(&pci);
1569 
1570     table_offsets = g_array_new(false, true /* clear */,
1571                                         sizeof(uint32_t));
1572     ACPI_BUILD_DPRINTF(3, "init ACPI tables\n");
1573 
1574     bios_linker_loader_alloc(tables->linker, ACPI_BUILD_TABLE_FILE,
1575                              64 /* Ensure FACS is aligned */,
1576                              false /* high memory */);
1577 
1578     /*
1579      * FACS is pointed to by FADT.
1580      * We place it first since it's the only table that has alignment
1581      * requirements.
1582      */
1583     facs = tables->table_data->len;
1584     build_facs(tables->table_data, tables->linker, guest_info);
1585 
1586     /* DSDT is pointed to by FADT */
1587     dsdt = tables->table_data->len;
1588     build_dsdt(tables->table_data, tables->linker, &misc);
1589 
1590     /* Count the size of the DSDT and SSDT, we will need it for legacy
1591      * sizing of ACPI tables.
1592      */
1593     aml_len += tables->table_data->len - dsdt;
1594 
1595     /* ACPI tables pointed to by RSDT */
1596     acpi_add_table(table_offsets, tables->table_data);
1597     build_fadt(tables->table_data, tables->linker, &pm, facs, dsdt);
1598 
1599     ssdt = tables->table_data->len;
1600     acpi_add_table(table_offsets, tables->table_data);
1601     build_ssdt(tables->table_data, tables->linker, &cpu, &pm, &misc, &pci,
1602                guest_info);
1603     aml_len += tables->table_data->len - ssdt;
1604 
1605     acpi_add_table(table_offsets, tables->table_data);
1606     build_madt(tables->table_data, tables->linker, &cpu, guest_info);
1607 
1608     if (misc.has_hpet) {
1609         acpi_add_table(table_offsets, tables->table_data);
1610         build_hpet(tables->table_data, tables->linker);
1611     }
1612     if (misc.has_tpm) {
1613         acpi_add_table(table_offsets, tables->table_data);
1614         build_tpm_tcpa(tables->table_data, tables->linker, tables->tcpalog);
1615 
1616         acpi_add_table(table_offsets, tables->table_data);
1617         build_tpm_ssdt(tables->table_data, tables->linker);
1618     }
1619     if (guest_info->numa_nodes) {
1620         acpi_add_table(table_offsets, tables->table_data);
1621         build_srat(tables->table_data, tables->linker, guest_info);
1622     }
1623     if (acpi_get_mcfg(&mcfg)) {
1624         acpi_add_table(table_offsets, tables->table_data);
1625         build_mcfg_q35(tables->table_data, tables->linker, &mcfg);
1626     }
1627     if (acpi_has_iommu()) {
1628         acpi_add_table(table_offsets, tables->table_data);
1629         build_dmar_q35(tables->table_data, tables->linker);
1630     }
1631 
1632     /* Add tables supplied by user (if any) */
1633     for (u = acpi_table_first(); u; u = acpi_table_next(u)) {
1634         unsigned len = acpi_table_len(u);
1635 
1636         acpi_add_table(table_offsets, tables->table_data);
1637         g_array_append_vals(tables->table_data, u, len);
1638     }
1639 
1640     /* RSDT is pointed to by RSDP */
1641     rsdt = tables->table_data->len;
1642     build_rsdt(tables->table_data, tables->linker, table_offsets);
1643 
1644     /* RSDP is in FSEG memory, so allocate it separately */
1645     build_rsdp(tables->rsdp, tables->linker, rsdt);
1646 
1647     /* We'll expose it all to Guest so we want to reduce
1648      * chance of size changes.
1649      * RSDP is small so it's easy to keep it immutable, no need to
1650      * bother with alignment.
1651      *
1652      * We used to align the tables to 4k, but of course this would
1653      * too simple to be enough.  4k turned out to be too small an
1654      * alignment very soon, and in fact it is almost impossible to
1655      * keep the table size stable for all (max_cpus, max_memory_slots)
1656      * combinations.  So the table size is always 64k for pc-i440fx-2.1
1657      * and we give an error if the table grows beyond that limit.
1658      *
1659      * We still have the problem of migrating from "-M pc-i440fx-2.0".  For
1660      * that, we exploit the fact that QEMU 2.1 generates _smaller_ tables
1661      * than 2.0 and we can always pad the smaller tables with zeros.  We can
1662      * then use the exact size of the 2.0 tables.
1663      *
1664      * All this is for PIIX4, since QEMU 2.0 didn't support Q35 migration.
1665      */
1666     if (guest_info->legacy_acpi_table_size) {
1667         /* Subtracting aml_len gives the size of fixed tables.  Then add the
1668          * size of the PIIX4 DSDT/SSDT in QEMU 2.0.
1669          */
1670         int legacy_aml_len =
1671             guest_info->legacy_acpi_table_size +
1672             ACPI_BUILD_LEGACY_CPU_AML_SIZE * max_cpus;
1673         int legacy_table_size =
1674             ROUND_UP(tables->table_data->len - aml_len + legacy_aml_len,
1675                      ACPI_BUILD_ALIGN_SIZE);
1676         if (tables->table_data->len > legacy_table_size) {
1677             /* Should happen only with PCI bridges and -M pc-i440fx-2.0.  */
1678             error_report("Warning: migration may not work.");
1679         }
1680         g_array_set_size(tables->table_data, legacy_table_size);
1681     } else {
1682         /* Make sure we have a buffer in case we need to resize the tables. */
1683         if (tables->table_data->len > ACPI_BUILD_TABLE_SIZE / 2) {
1684             /* As of QEMU 2.1, this fires with 160 VCPUs and 255 memory slots.  */
1685             error_report("Warning: ACPI tables are larger than 64k.");
1686             error_report("Warning: migration may not work.");
1687             error_report("Warning: please remove CPUs, NUMA nodes, "
1688                          "memory slots or PCI bridges.");
1689         }
1690         acpi_align_size(tables->table_data, ACPI_BUILD_TABLE_SIZE);
1691     }
1692 
1693     acpi_align_size(tables->linker, ACPI_BUILD_ALIGN_SIZE);
1694 
1695     /* Cleanup memory that's no longer used. */
1696     g_array_free(table_offsets, true);
1697 }
1698 
1699 static void acpi_build_update(void *build_opaque, uint32_t offset)
1700 {
1701     AcpiBuildState *build_state = build_opaque;
1702     AcpiBuildTables tables;
1703 
1704     /* No state to update or already patched? Nothing to do. */
1705     if (!build_state || build_state->patched) {
1706         return;
1707     }
1708     build_state->patched = 1;
1709 
1710     acpi_build_tables_init(&tables);
1711 
1712     acpi_build(build_state->guest_info, &tables);
1713 
1714     assert(acpi_data_len(tables.table_data) == build_state->table_size);
1715     memcpy(qemu_get_ram_ptr(build_state->table_ram), tables.table_data->data,
1716            build_state->table_size);
1717 
1718     cpu_physical_memory_set_dirty_range_nocode(build_state->table_ram,
1719                                                build_state->table_size);
1720 
1721     acpi_build_tables_cleanup(&tables, true);
1722 }
1723 
1724 static void acpi_build_reset(void *build_opaque)
1725 {
1726     AcpiBuildState *build_state = build_opaque;
1727     build_state->patched = 0;
1728 }
1729 
1730 static ram_addr_t acpi_add_rom_blob(AcpiBuildState *build_state, GArray *blob,
1731                                const char *name)
1732 {
1733     return rom_add_blob(name, blob->data, acpi_data_len(blob), -1, name,
1734                         acpi_build_update, build_state);
1735 }
1736 
1737 static const VMStateDescription vmstate_acpi_build = {
1738     .name = "acpi_build",
1739     .version_id = 1,
1740     .minimum_version_id = 1,
1741     .fields = (VMStateField[]) {
1742         VMSTATE_UINT8(patched, AcpiBuildState),
1743         VMSTATE_END_OF_LIST()
1744     },
1745 };
1746 
1747 void acpi_setup(PcGuestInfo *guest_info)
1748 {
1749     AcpiBuildTables tables;
1750     AcpiBuildState *build_state;
1751 
1752     if (!guest_info->fw_cfg) {
1753         ACPI_BUILD_DPRINTF(3, "No fw cfg. Bailing out.\n");
1754         return;
1755     }
1756 
1757     if (!guest_info->has_acpi_build) {
1758         ACPI_BUILD_DPRINTF(3, "ACPI build disabled. Bailing out.\n");
1759         return;
1760     }
1761 
1762     if (!acpi_enabled) {
1763         ACPI_BUILD_DPRINTF(3, "ACPI disabled. Bailing out.\n");
1764         return;
1765     }
1766 
1767     build_state = g_malloc0(sizeof *build_state);
1768 
1769     build_state->guest_info = guest_info;
1770 
1771     acpi_set_pci_info();
1772 
1773     acpi_build_tables_init(&tables);
1774     acpi_build(build_state->guest_info, &tables);
1775 
1776     /* Now expose it all to Guest */
1777     build_state->table_ram = acpi_add_rom_blob(build_state, tables.table_data,
1778                                                ACPI_BUILD_TABLE_FILE);
1779     assert(build_state->table_ram != RAM_ADDR_MAX);
1780     build_state->table_size = acpi_data_len(tables.table_data);
1781 
1782     acpi_add_rom_blob(NULL, tables.linker, "etc/table-loader");
1783 
1784     fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_TPMLOG_FILE,
1785                     tables.tcpalog->data, acpi_data_len(tables.tcpalog));
1786 
1787     /*
1788      * RSDP is small so it's easy to keep it immutable, no need to
1789      * bother with ROM blobs.
1790      */
1791     fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_RSDP_FILE,
1792                     tables.rsdp->data, acpi_data_len(tables.rsdp));
1793 
1794     qemu_register_reset(acpi_build_reset, build_state);
1795     acpi_build_reset(build_state);
1796     vmstate_register(NULL, 0, &vmstate_acpi_build, build_state);
1797 
1798     /* Cleanup tables but don't free the memory: we track it
1799      * in build_state.
1800      */
1801     acpi_build_tables_cleanup(&tables, false);
1802 }
1803