xref: /openbmc/qemu/hw/pci-host/pnv_phb4.c (revision fca9d723)
1 /*
2  * QEMU PowerPC PowerNV (POWER9) PHB4 model
3  *
4  * Copyright (c) 2018-2020, IBM Corporation.
5  *
6  * This code is licensed under the GPL version 2 or later. See the
7  * COPYING file in the top-level directory.
8  */
9 #include "qemu/osdep.h"
10 #include "qemu/log.h"
11 #include "qapi/visitor.h"
12 #include "qapi/error.h"
13 #include "qemu-common.h"
14 #include "monitor/monitor.h"
15 #include "target/ppc/cpu.h"
16 #include "hw/pci-host/pnv_phb4_regs.h"
17 #include "hw/pci-host/pnv_phb4.h"
18 #include "hw/pci/pcie_host.h"
19 #include "hw/pci/pcie_port.h"
20 #include "hw/ppc/pnv.h"
21 #include "hw/ppc/pnv_xscom.h"
22 #include "hw/irq.h"
23 #include "hw/qdev-properties.h"
24 #include "qom/object.h"
25 
26 #define phb_error(phb, fmt, ...)                                        \
27     qemu_log_mask(LOG_GUEST_ERROR, "phb4[%d:%d]: " fmt "\n",            \
28                   (phb)->chip_id, (phb)->phb_id, ## __VA_ARGS__)
29 
30 /*
31  * QEMU version of the GETFIELD/SETFIELD macros
32  *
33  * These are common with the PnvXive model.
34  */
35 static inline uint64_t GETFIELD(uint64_t mask, uint64_t word)
36 {
37     return (word & mask) >> ctz64(mask);
38 }
39 
40 static inline uint64_t SETFIELD(uint64_t mask, uint64_t word,
41                                 uint64_t value)
42 {
43     return (word & ~mask) | ((value << ctz64(mask)) & mask);
44 }
45 
46 static PCIDevice *pnv_phb4_find_cfg_dev(PnvPHB4 *phb)
47 {
48     PCIHostState *pci = PCI_HOST_BRIDGE(phb);
49     uint64_t addr = phb->regs[PHB_CONFIG_ADDRESS >> 3];
50     uint8_t bus, devfn;
51 
52     if (!(addr >> 63)) {
53         return NULL;
54     }
55     bus = (addr >> 52) & 0xff;
56     devfn = (addr >> 44) & 0xff;
57 
58     /* We don't access the root complex this way */
59     if (bus == 0 && devfn == 0) {
60         return NULL;
61     }
62     return pci_find_device(pci->bus, bus, devfn);
63 }
64 
65 /*
66  * The CONFIG_DATA register expects little endian accesses, but as the
67  * region is big endian, we have to swap the value.
68  */
69 static void pnv_phb4_config_write(PnvPHB4 *phb, unsigned off,
70                                   unsigned size, uint64_t val)
71 {
72     uint32_t cfg_addr, limit;
73     PCIDevice *pdev;
74 
75     pdev = pnv_phb4_find_cfg_dev(phb);
76     if (!pdev) {
77         return;
78     }
79     cfg_addr = (phb->regs[PHB_CONFIG_ADDRESS >> 3] >> 32) & 0xffc;
80     cfg_addr |= off;
81     limit = pci_config_size(pdev);
82     if (limit <= cfg_addr) {
83         /*
84          * conventional pci device can be behind pcie-to-pci bridge.
85          * 256 <= addr < 4K has no effects.
86          */
87         return;
88     }
89     switch (size) {
90     case 1:
91         break;
92     case 2:
93         val = bswap16(val);
94         break;
95     case 4:
96         val = bswap32(val);
97         break;
98     default:
99         g_assert_not_reached();
100     }
101     pci_host_config_write_common(pdev, cfg_addr, limit, val, size);
102 }
103 
104 static uint64_t pnv_phb4_config_read(PnvPHB4 *phb, unsigned off,
105                                      unsigned size)
106 {
107     uint32_t cfg_addr, limit;
108     PCIDevice *pdev;
109     uint64_t val;
110 
111     pdev = pnv_phb4_find_cfg_dev(phb);
112     if (!pdev) {
113         return ~0ull;
114     }
115     cfg_addr = (phb->regs[PHB_CONFIG_ADDRESS >> 3] >> 32) & 0xffc;
116     cfg_addr |= off;
117     limit = pci_config_size(pdev);
118     if (limit <= cfg_addr) {
119         /*
120          * conventional pci device can be behind pcie-to-pci bridge.
121          * 256 <= addr < 4K has no effects.
122          */
123         return ~0ull;
124     }
125     val = pci_host_config_read_common(pdev, cfg_addr, limit, size);
126     switch (size) {
127     case 1:
128         return val;
129     case 2:
130         return bswap16(val);
131     case 4:
132         return bswap32(val);
133     default:
134         g_assert_not_reached();
135     }
136 }
137 
138 /*
139  * Root complex register accesses are memory mapped.
140  */
141 static void pnv_phb4_rc_config_write(PnvPHB4 *phb, unsigned off,
142                                      unsigned size, uint64_t val)
143 {
144     PCIHostState *pci = PCI_HOST_BRIDGE(phb);
145     PCIDevice *pdev;
146 
147     if (size != 4) {
148         phb_error(phb, "rc_config_write invalid size %d\n", size);
149         return;
150     }
151 
152     pdev = pci_find_device(pci->bus, 0, 0);
153     assert(pdev);
154 
155     pci_host_config_write_common(pdev, off, PHB_RC_CONFIG_SIZE,
156                                  bswap32(val), 4);
157 }
158 
159 static uint64_t pnv_phb4_rc_config_read(PnvPHB4 *phb, unsigned off,
160                                         unsigned size)
161 {
162     PCIHostState *pci = PCI_HOST_BRIDGE(phb);
163     PCIDevice *pdev;
164     uint64_t val;
165 
166     if (size != 4) {
167         phb_error(phb, "rc_config_read invalid size %d\n", size);
168         return ~0ull;
169     }
170 
171     pdev = pci_find_device(pci->bus, 0, 0);
172     assert(pdev);
173 
174     val = pci_host_config_read_common(pdev, off, PHB_RC_CONFIG_SIZE, 4);
175     return bswap32(val);
176 }
177 
178 static void pnv_phb4_check_mbt(PnvPHB4 *phb, uint32_t index)
179 {
180     uint64_t base, start, size, mbe0, mbe1;
181     MemoryRegion *parent;
182     char name[64];
183 
184     /* Unmap first */
185     if (memory_region_is_mapped(&phb->mr_mmio[index])) {
186         /* Should we destroy it in RCU friendly way... ? */
187         memory_region_del_subregion(phb->mr_mmio[index].container,
188                                     &phb->mr_mmio[index]);
189     }
190 
191     /* Get table entry */
192     mbe0 = phb->ioda_MBT[(index << 1)];
193     mbe1 = phb->ioda_MBT[(index << 1) + 1];
194 
195     if (!(mbe0 & IODA3_MBT0_ENABLE)) {
196         return;
197     }
198 
199     /* Grab geometry from registers */
200     base = GETFIELD(IODA3_MBT0_BASE_ADDR, mbe0) << 12;
201     size = GETFIELD(IODA3_MBT1_MASK, mbe1) << 12;
202     size |= 0xff00000000000000ull;
203     size = ~size + 1;
204 
205     /* Calculate PCI side start address based on M32/M64 window type */
206     if (mbe0 & IODA3_MBT0_TYPE_M32) {
207         start = phb->regs[PHB_M32_START_ADDR >> 3];
208         if ((start + size) > 0x100000000ull) {
209             phb_error(phb, "M32 set beyond 4GB boundary !");
210             size = 0x100000000 - start;
211         }
212     } else {
213         start = base | (phb->regs[PHB_M64_UPPER_BITS >> 3]);
214     }
215 
216     /* TODO: Figure out how to implemet/decode AOMASK */
217 
218     /* Check if it matches an enabled MMIO region in the PEC stack */
219     if (memory_region_is_mapped(&phb->stack->mmbar0) &&
220         base >= phb->stack->mmio0_base &&
221         (base + size) <= (phb->stack->mmio0_base + phb->stack->mmio0_size)) {
222         parent = &phb->stack->mmbar0;
223         base -= phb->stack->mmio0_base;
224     } else if (memory_region_is_mapped(&phb->stack->mmbar1) &&
225         base >= phb->stack->mmio1_base &&
226         (base + size) <= (phb->stack->mmio1_base + phb->stack->mmio1_size)) {
227         parent = &phb->stack->mmbar1;
228         base -= phb->stack->mmio1_base;
229     } else {
230         phb_error(phb, "PHB MBAR %d out of parent bounds", index);
231         return;
232     }
233 
234     /* Create alias (better name ?) */
235     snprintf(name, sizeof(name), "phb4-mbar%d", index);
236     memory_region_init_alias(&phb->mr_mmio[index], OBJECT(phb), name,
237                              &phb->pci_mmio, start, size);
238     memory_region_add_subregion(parent, base, &phb->mr_mmio[index]);
239 }
240 
241 static void pnv_phb4_check_all_mbt(PnvPHB4 *phb)
242 {
243     uint64_t i;
244     uint32_t num_windows = phb->big_phb ? PNV_PHB4_MAX_MMIO_WINDOWS :
245         PNV_PHB4_MIN_MMIO_WINDOWS;
246 
247     for (i = 0; i < num_windows; i++) {
248         pnv_phb4_check_mbt(phb, i);
249     }
250 }
251 
252 static uint64_t *pnv_phb4_ioda_access(PnvPHB4 *phb,
253                                       unsigned *out_table, unsigned *out_idx)
254 {
255     uint64_t adreg = phb->regs[PHB_IODA_ADDR >> 3];
256     unsigned int index = GETFIELD(PHB_IODA_AD_TADR, adreg);
257     unsigned int table = GETFIELD(PHB_IODA_AD_TSEL, adreg);
258     unsigned int mask;
259     uint64_t *tptr = NULL;
260 
261     switch (table) {
262     case IODA3_TBL_LIST:
263         tptr = phb->ioda_LIST;
264         mask = 7;
265         break;
266     case IODA3_TBL_MIST:
267         tptr = phb->ioda_MIST;
268         mask = phb->big_phb ? PNV_PHB4_MAX_MIST : (PNV_PHB4_MAX_MIST >> 1);
269         mask -= 1;
270         break;
271     case IODA3_TBL_RCAM:
272         mask = phb->big_phb ? 127 : 63;
273         break;
274     case IODA3_TBL_MRT:
275         mask = phb->big_phb ? 15 : 7;
276         break;
277     case IODA3_TBL_PESTA:
278     case IODA3_TBL_PESTB:
279         mask = phb->big_phb ? PNV_PHB4_MAX_PEs : (PNV_PHB4_MAX_PEs >> 1);
280         mask -= 1;
281         break;
282     case IODA3_TBL_TVT:
283         tptr = phb->ioda_TVT;
284         mask = phb->big_phb ? PNV_PHB4_MAX_TVEs : (PNV_PHB4_MAX_TVEs >> 1);
285         mask -= 1;
286         break;
287     case IODA3_TBL_TCR:
288     case IODA3_TBL_TDR:
289         mask = phb->big_phb ? 1023 : 511;
290         break;
291     case IODA3_TBL_MBT:
292         tptr = phb->ioda_MBT;
293         mask = phb->big_phb ? PNV_PHB4_MAX_MBEs : (PNV_PHB4_MAX_MBEs >> 1);
294         mask -= 1;
295         break;
296     case IODA3_TBL_MDT:
297         tptr = phb->ioda_MDT;
298         mask = phb->big_phb ? PNV_PHB4_MAX_PEs : (PNV_PHB4_MAX_PEs >> 1);
299         mask -= 1;
300         break;
301     case IODA3_TBL_PEEV:
302         tptr = phb->ioda_PEEV;
303         mask = phb->big_phb ? PNV_PHB4_MAX_PEEVs : (PNV_PHB4_MAX_PEEVs >> 1);
304         mask -= 1;
305         break;
306     default:
307         phb_error(phb, "invalid IODA table %d", table);
308         return NULL;
309     }
310     index &= mask;
311     if (out_idx) {
312         *out_idx = index;
313     }
314     if (out_table) {
315         *out_table = table;
316     }
317     if (tptr) {
318         tptr += index;
319     }
320     if (adreg & PHB_IODA_AD_AUTOINC) {
321         index = (index + 1) & mask;
322         adreg = SETFIELD(PHB_IODA_AD_TADR, adreg, index);
323     }
324 
325     phb->regs[PHB_IODA_ADDR >> 3] = adreg;
326     return tptr;
327 }
328 
329 static uint64_t pnv_phb4_ioda_read(PnvPHB4 *phb)
330 {
331     unsigned table, idx;
332     uint64_t *tptr;
333 
334     tptr = pnv_phb4_ioda_access(phb, &table, &idx);
335     if (!tptr) {
336         /* Special PESTA case */
337         if (table == IODA3_TBL_PESTA) {
338             return ((uint64_t)(phb->ioda_PEST_AB[idx] & 1)) << 63;
339         } else if (table == IODA3_TBL_PESTB) {
340             return ((uint64_t)(phb->ioda_PEST_AB[idx] & 2)) << 62;
341         }
342         /* Return 0 on unsupported tables, not ff's */
343         return 0;
344     }
345     return *tptr;
346 }
347 
348 static void pnv_phb4_ioda_write(PnvPHB4 *phb, uint64_t val)
349 {
350     unsigned table, idx;
351     uint64_t *tptr;
352 
353     tptr = pnv_phb4_ioda_access(phb, &table, &idx);
354     if (!tptr) {
355         /* Special PESTA case */
356         if (table == IODA3_TBL_PESTA) {
357             phb->ioda_PEST_AB[idx] &= ~1;
358             phb->ioda_PEST_AB[idx] |= (val >> 63) & 1;
359         } else if (table == IODA3_TBL_PESTB) {
360             phb->ioda_PEST_AB[idx] &= ~2;
361             phb->ioda_PEST_AB[idx] |= (val >> 62) & 2;
362         }
363         return;
364     }
365 
366     /* Handle side effects */
367     switch (table) {
368     case IODA3_TBL_LIST:
369         break;
370     case IODA3_TBL_MIST: {
371         /* Special mask for MIST partial write */
372         uint64_t adreg = phb->regs[PHB_IODA_ADDR >> 3];
373         uint32_t mmask = GETFIELD(PHB_IODA_AD_MIST_PWV, adreg);
374         uint64_t v = *tptr;
375         if (mmask == 0) {
376             mmask = 0xf;
377         }
378         if (mmask & 8) {
379             v &= 0x0000ffffffffffffull;
380             v |= 0xcfff000000000000ull & val;
381         }
382         if (mmask & 4) {
383             v &= 0xffff0000ffffffffull;
384             v |= 0x0000cfff00000000ull & val;
385         }
386         if (mmask & 2) {
387             v &= 0xffffffff0000ffffull;
388             v |= 0x00000000cfff0000ull & val;
389         }
390         if (mmask & 1) {
391             v &= 0xffffffffffff0000ull;
392             v |= 0x000000000000cfffull & val;
393         }
394         *tptr = val;
395         break;
396     }
397     case IODA3_TBL_MBT:
398         *tptr = val;
399 
400         /* Copy accross the valid bit to the other half */
401         phb->ioda_MBT[idx ^ 1] &= 0x7fffffffffffffffull;
402         phb->ioda_MBT[idx ^ 1] |= 0x8000000000000000ull & val;
403 
404         /* Update mappings */
405         pnv_phb4_check_mbt(phb, idx >> 1);
406         break;
407     default:
408         *tptr = val;
409     }
410 }
411 
412 static void pnv_phb4_rtc_invalidate(PnvPHB4 *phb, uint64_t val)
413 {
414     PnvPhb4DMASpace *ds;
415 
416     /* Always invalidate all for now ... */
417     QLIST_FOREACH(ds, &phb->dma_spaces, list) {
418         ds->pe_num = PHB_INVALID_PE;
419     }
420 }
421 
422 static void pnv_phb4_update_msi_regions(PnvPhb4DMASpace *ds)
423 {
424     uint64_t cfg = ds->phb->regs[PHB_PHB4_CONFIG >> 3];
425 
426     if (cfg & PHB_PHB4C_32BIT_MSI_EN) {
427         if (!memory_region_is_mapped(MEMORY_REGION(&ds->msi32_mr))) {
428             memory_region_add_subregion(MEMORY_REGION(&ds->dma_mr),
429                                         0xffff0000, &ds->msi32_mr);
430         }
431     } else {
432         if (memory_region_is_mapped(MEMORY_REGION(&ds->msi32_mr))) {
433             memory_region_del_subregion(MEMORY_REGION(&ds->dma_mr),
434                                         &ds->msi32_mr);
435         }
436     }
437 
438     if (cfg & PHB_PHB4C_64BIT_MSI_EN) {
439         if (!memory_region_is_mapped(MEMORY_REGION(&ds->msi64_mr))) {
440             memory_region_add_subregion(MEMORY_REGION(&ds->dma_mr),
441                                         (1ull << 60), &ds->msi64_mr);
442         }
443     } else {
444         if (memory_region_is_mapped(MEMORY_REGION(&ds->msi64_mr))) {
445             memory_region_del_subregion(MEMORY_REGION(&ds->dma_mr),
446                                         &ds->msi64_mr);
447         }
448     }
449 }
450 
451 static void pnv_phb4_update_all_msi_regions(PnvPHB4 *phb)
452 {
453     PnvPhb4DMASpace *ds;
454 
455     QLIST_FOREACH(ds, &phb->dma_spaces, list) {
456         pnv_phb4_update_msi_regions(ds);
457     }
458 }
459 
460 static void pnv_phb4_update_xsrc(PnvPHB4 *phb)
461 {
462     int shift, flags, i, lsi_base;
463     XiveSource *xsrc = &phb->xsrc;
464 
465     /* The XIVE source characteristics can be set at run time */
466     if (phb->regs[PHB_CTRLR >> 3] & PHB_CTRLR_IRQ_PGSZ_64K) {
467         shift = XIVE_ESB_64K;
468     } else {
469         shift = XIVE_ESB_4K;
470     }
471     if (phb->regs[PHB_CTRLR >> 3] & PHB_CTRLR_IRQ_STORE_EOI) {
472         flags = XIVE_SRC_STORE_EOI;
473     } else {
474         flags = 0;
475     }
476 
477     phb->xsrc.esb_shift = shift;
478     phb->xsrc.esb_flags = flags;
479 
480     lsi_base = GETFIELD(PHB_LSI_SRC_ID, phb->regs[PHB_LSI_SOURCE_ID >> 3]);
481     lsi_base <<= 3;
482 
483     /* TODO: handle reset values of PHB_LSI_SRC_ID */
484     if (!lsi_base) {
485         return;
486     }
487 
488     /* TODO: need a xive_source_irq_reset_lsi() */
489     bitmap_zero(xsrc->lsi_map, xsrc->nr_irqs);
490 
491     for (i = 0; i < xsrc->nr_irqs; i++) {
492         bool msi = (i < lsi_base || i >= (lsi_base + 8));
493         if (!msi) {
494             xive_source_irq_set_lsi(xsrc, i);
495         }
496     }
497 }
498 
499 static void pnv_phb4_reg_write(void *opaque, hwaddr off, uint64_t val,
500                                unsigned size)
501 {
502     PnvPHB4 *phb = PNV_PHB4(opaque);
503     bool changed;
504 
505     /* Special case outbound configuration data */
506     if ((off & 0xfffc) == PHB_CONFIG_DATA) {
507         pnv_phb4_config_write(phb, off & 0x3, size, val);
508         return;
509     }
510 
511     /* Special case RC configuration space */
512     if ((off & 0xf800) == PHB_RC_CONFIG_BASE) {
513         pnv_phb4_rc_config_write(phb, off & 0x7ff, size, val);
514         return;
515     }
516 
517     /* Other registers are 64-bit only */
518     if (size != 8 || off & 0x7) {
519         phb_error(phb, "Invalid register access, offset: 0x%"PRIx64" size: %d",
520                    off, size);
521         return;
522     }
523 
524     /* Handle masking */
525     switch (off) {
526     case PHB_LSI_SOURCE_ID:
527         val &= PHB_LSI_SRC_ID;
528         break;
529     case PHB_M64_UPPER_BITS:
530         val &= 0xff00000000000000ull;
531         break;
532     /* TCE Kill */
533     case PHB_TCE_KILL:
534         /* Clear top 3 bits which HW does to indicate successful queuing */
535         val &= ~(PHB_TCE_KILL_ALL | PHB_TCE_KILL_PE | PHB_TCE_KILL_ONE);
536         break;
537     case PHB_Q_DMA_R:
538         /*
539          * This is enough logic to make SW happy but we aren't
540          * actually quiescing the DMAs
541          */
542         if (val & PHB_Q_DMA_R_AUTORESET) {
543             val = 0;
544         } else {
545             val &= PHB_Q_DMA_R_QUIESCE_DMA;
546         }
547         break;
548     /* LEM stuff */
549     case PHB_LEM_FIR_AND_MASK:
550         phb->regs[PHB_LEM_FIR_ACCUM >> 3] &= val;
551         return;
552     case PHB_LEM_FIR_OR_MASK:
553         phb->regs[PHB_LEM_FIR_ACCUM >> 3] |= val;
554         return;
555     case PHB_LEM_ERROR_AND_MASK:
556         phb->regs[PHB_LEM_ERROR_MASK >> 3] &= val;
557         return;
558     case PHB_LEM_ERROR_OR_MASK:
559         phb->regs[PHB_LEM_ERROR_MASK >> 3] |= val;
560         return;
561     case PHB_LEM_WOF:
562         val = 0;
563         break;
564     /* TODO: More regs ..., maybe create a table with masks... */
565 
566     /* Read only registers */
567     case PHB_CPU_LOADSTORE_STATUS:
568     case PHB_ETU_ERR_SUMMARY:
569     case PHB_PHB4_GEN_CAP:
570     case PHB_PHB4_TCE_CAP:
571     case PHB_PHB4_IRQ_CAP:
572     case PHB_PHB4_EEH_CAP:
573         return;
574     }
575 
576     /* Record whether it changed */
577     changed = phb->regs[off >> 3] != val;
578 
579     /* Store in register cache first */
580     phb->regs[off >> 3] = val;
581 
582     /* Handle side effects */
583     switch (off) {
584     case PHB_PHB4_CONFIG:
585         if (changed) {
586             pnv_phb4_update_all_msi_regions(phb);
587         }
588         break;
589     case PHB_M32_START_ADDR:
590     case PHB_M64_UPPER_BITS:
591         if (changed) {
592             pnv_phb4_check_all_mbt(phb);
593         }
594         break;
595 
596     /* IODA table accesses */
597     case PHB_IODA_DATA0:
598         pnv_phb4_ioda_write(phb, val);
599         break;
600 
601     /* RTC invalidation */
602     case PHB_RTC_INVALIDATE:
603         pnv_phb4_rtc_invalidate(phb, val);
604         break;
605 
606     /* PHB Control (Affects XIVE source) */
607     case PHB_CTRLR:
608     case PHB_LSI_SOURCE_ID:
609         pnv_phb4_update_xsrc(phb);
610         break;
611 
612     /* Silent simple writes */
613     case PHB_ASN_CMPM:
614     case PHB_CONFIG_ADDRESS:
615     case PHB_IODA_ADDR:
616     case PHB_TCE_KILL:
617     case PHB_TCE_SPEC_CTL:
618     case PHB_PEST_BAR:
619     case PHB_PELTV_BAR:
620     case PHB_RTT_BAR:
621     case PHB_LEM_FIR_ACCUM:
622     case PHB_LEM_ERROR_MASK:
623     case PHB_LEM_ACTION0:
624     case PHB_LEM_ACTION1:
625     case PHB_TCE_TAG_ENABLE:
626     case PHB_INT_NOTIFY_ADDR:
627     case PHB_INT_NOTIFY_INDEX:
628     case PHB_DMARD_SYNC:
629        break;
630 
631     /* Noise on anything else */
632     default:
633         qemu_log_mask(LOG_UNIMP, "phb4: reg_write 0x%"PRIx64"=%"PRIx64"\n",
634                       off, val);
635     }
636 }
637 
638 static uint64_t pnv_phb4_reg_read(void *opaque, hwaddr off, unsigned size)
639 {
640     PnvPHB4 *phb = PNV_PHB4(opaque);
641     uint64_t val;
642 
643     if ((off & 0xfffc) == PHB_CONFIG_DATA) {
644         return pnv_phb4_config_read(phb, off & 0x3, size);
645     }
646 
647     /* Special case RC configuration space */
648     if ((off & 0xf800) == PHB_RC_CONFIG_BASE) {
649         return pnv_phb4_rc_config_read(phb, off & 0x7ff, size);
650     }
651 
652     /* Other registers are 64-bit only */
653     if (size != 8 || off & 0x7) {
654         phb_error(phb, "Invalid register access, offset: 0x%"PRIx64" size: %d",
655                    off, size);
656         return ~0ull;
657     }
658 
659     /* Default read from cache */
660     val = phb->regs[off >> 3];
661 
662     switch (off) {
663     case PHB_VERSION:
664         return phb->version;
665 
666         /* Read-only */
667     case PHB_PHB4_GEN_CAP:
668         return 0xe4b8000000000000ull;
669     case PHB_PHB4_TCE_CAP:
670         return phb->big_phb ? 0x4008440000000400ull : 0x2008440000000200ull;
671     case PHB_PHB4_IRQ_CAP:
672         return phb->big_phb ? 0x0800000000001000ull : 0x0800000000000800ull;
673     case PHB_PHB4_EEH_CAP:
674         return phb->big_phb ? 0x2000000000000000ull : 0x1000000000000000ull;
675 
676     /* IODA table accesses */
677     case PHB_IODA_DATA0:
678         return pnv_phb4_ioda_read(phb);
679 
680     /* Link training always appears trained */
681     case PHB_PCIE_DLP_TRAIN_CTL:
682         /* TODO: Do something sensible with speed ? */
683         return PHB_PCIE_DLP_INBAND_PRESENCE | PHB_PCIE_DLP_TL_LINKACT;
684 
685     /* DMA read sync: make it look like it's complete */
686     case PHB_DMARD_SYNC:
687         return PHB_DMARD_SYNC_COMPLETE;
688 
689     /* Silent simple reads */
690     case PHB_LSI_SOURCE_ID:
691     case PHB_CPU_LOADSTORE_STATUS:
692     case PHB_ASN_CMPM:
693     case PHB_PHB4_CONFIG:
694     case PHB_M32_START_ADDR:
695     case PHB_CONFIG_ADDRESS:
696     case PHB_IODA_ADDR:
697     case PHB_RTC_INVALIDATE:
698     case PHB_TCE_KILL:
699     case PHB_TCE_SPEC_CTL:
700     case PHB_PEST_BAR:
701     case PHB_PELTV_BAR:
702     case PHB_RTT_BAR:
703     case PHB_M64_UPPER_BITS:
704     case PHB_CTRLR:
705     case PHB_LEM_FIR_ACCUM:
706     case PHB_LEM_ERROR_MASK:
707     case PHB_LEM_ACTION0:
708     case PHB_LEM_ACTION1:
709     case PHB_TCE_TAG_ENABLE:
710     case PHB_INT_NOTIFY_ADDR:
711     case PHB_INT_NOTIFY_INDEX:
712     case PHB_Q_DMA_R:
713     case PHB_ETU_ERR_SUMMARY:
714         break;
715 
716     /* Noise on anything else */
717     default:
718         qemu_log_mask(LOG_UNIMP, "phb4: reg_read 0x%"PRIx64"=%"PRIx64"\n",
719                       off, val);
720     }
721     return val;
722 }
723 
724 static const MemoryRegionOps pnv_phb4_reg_ops = {
725     .read = pnv_phb4_reg_read,
726     .write = pnv_phb4_reg_write,
727     .valid.min_access_size = 1,
728     .valid.max_access_size = 8,
729     .impl.min_access_size = 1,
730     .impl.max_access_size = 8,
731     .endianness = DEVICE_BIG_ENDIAN,
732 };
733 
734 static uint64_t pnv_phb4_xscom_read(void *opaque, hwaddr addr, unsigned size)
735 {
736     PnvPHB4 *phb = PNV_PHB4(opaque);
737     uint32_t reg = addr >> 3;
738     uint64_t val;
739     hwaddr offset;
740 
741     switch (reg) {
742     case PHB_SCOM_HV_IND_ADDR:
743         return phb->scom_hv_ind_addr_reg;
744 
745     case PHB_SCOM_HV_IND_DATA:
746         if (!(phb->scom_hv_ind_addr_reg & PHB_SCOM_HV_IND_ADDR_VALID)) {
747             phb_error(phb, "Invalid indirect address");
748             return ~0ull;
749         }
750         size = (phb->scom_hv_ind_addr_reg & PHB_SCOM_HV_IND_ADDR_4B) ? 4 : 8;
751         offset = GETFIELD(PHB_SCOM_HV_IND_ADDR_ADDR, phb->scom_hv_ind_addr_reg);
752         val = pnv_phb4_reg_read(phb, offset, size);
753         if (phb->scom_hv_ind_addr_reg & PHB_SCOM_HV_IND_ADDR_AUTOINC) {
754             offset += size;
755             offset &= 0x3fff;
756             phb->scom_hv_ind_addr_reg = SETFIELD(PHB_SCOM_HV_IND_ADDR_ADDR,
757                                                  phb->scom_hv_ind_addr_reg,
758                                                  offset);
759         }
760         return val;
761     case PHB_SCOM_ETU_LEM_FIR:
762     case PHB_SCOM_ETU_LEM_FIR_AND:
763     case PHB_SCOM_ETU_LEM_FIR_OR:
764     case PHB_SCOM_ETU_LEM_FIR_MSK:
765     case PHB_SCOM_ETU_LEM_ERR_MSK_AND:
766     case PHB_SCOM_ETU_LEM_ERR_MSK_OR:
767     case PHB_SCOM_ETU_LEM_ACT0:
768     case PHB_SCOM_ETU_LEM_ACT1:
769     case PHB_SCOM_ETU_LEM_WOF:
770         offset = ((reg - PHB_SCOM_ETU_LEM_FIR) << 3) + PHB_LEM_FIR_ACCUM;
771         return pnv_phb4_reg_read(phb, offset, size);
772     case PHB_SCOM_ETU_PMON_CONFIG:
773     case PHB_SCOM_ETU_PMON_CTR0:
774     case PHB_SCOM_ETU_PMON_CTR1:
775     case PHB_SCOM_ETU_PMON_CTR2:
776     case PHB_SCOM_ETU_PMON_CTR3:
777         offset = ((reg - PHB_SCOM_ETU_PMON_CONFIG) << 3) + PHB_PERFMON_CONFIG;
778         return pnv_phb4_reg_read(phb, offset, size);
779 
780     default:
781         qemu_log_mask(LOG_UNIMP, "phb4: xscom_read 0x%"HWADDR_PRIx"\n", addr);
782         return ~0ull;
783     }
784 }
785 
786 static void pnv_phb4_xscom_write(void *opaque, hwaddr addr,
787                                  uint64_t val, unsigned size)
788 {
789     PnvPHB4 *phb = PNV_PHB4(opaque);
790     uint32_t reg = addr >> 3;
791     hwaddr offset;
792 
793     switch (reg) {
794     case PHB_SCOM_HV_IND_ADDR:
795         phb->scom_hv_ind_addr_reg = val & 0xe000000000001fff;
796         break;
797     case PHB_SCOM_HV_IND_DATA:
798         if (!(phb->scom_hv_ind_addr_reg & PHB_SCOM_HV_IND_ADDR_VALID)) {
799             phb_error(phb, "Invalid indirect address");
800             break;
801         }
802         size = (phb->scom_hv_ind_addr_reg & PHB_SCOM_HV_IND_ADDR_4B) ? 4 : 8;
803         offset = GETFIELD(PHB_SCOM_HV_IND_ADDR_ADDR, phb->scom_hv_ind_addr_reg);
804         pnv_phb4_reg_write(phb, offset, val, size);
805         if (phb->scom_hv_ind_addr_reg & PHB_SCOM_HV_IND_ADDR_AUTOINC) {
806             offset += size;
807             offset &= 0x3fff;
808             phb->scom_hv_ind_addr_reg = SETFIELD(PHB_SCOM_HV_IND_ADDR_ADDR,
809                                                  phb->scom_hv_ind_addr_reg,
810                                                  offset);
811         }
812         break;
813     case PHB_SCOM_ETU_LEM_FIR:
814     case PHB_SCOM_ETU_LEM_FIR_AND:
815     case PHB_SCOM_ETU_LEM_FIR_OR:
816     case PHB_SCOM_ETU_LEM_FIR_MSK:
817     case PHB_SCOM_ETU_LEM_ERR_MSK_AND:
818     case PHB_SCOM_ETU_LEM_ERR_MSK_OR:
819     case PHB_SCOM_ETU_LEM_ACT0:
820     case PHB_SCOM_ETU_LEM_ACT1:
821     case PHB_SCOM_ETU_LEM_WOF:
822         offset = ((reg - PHB_SCOM_ETU_LEM_FIR) << 3) + PHB_LEM_FIR_ACCUM;
823         pnv_phb4_reg_write(phb, offset, val, size);
824         break;
825     case PHB_SCOM_ETU_PMON_CONFIG:
826     case PHB_SCOM_ETU_PMON_CTR0:
827     case PHB_SCOM_ETU_PMON_CTR1:
828     case PHB_SCOM_ETU_PMON_CTR2:
829     case PHB_SCOM_ETU_PMON_CTR3:
830         offset = ((reg - PHB_SCOM_ETU_PMON_CONFIG) << 3) + PHB_PERFMON_CONFIG;
831         pnv_phb4_reg_write(phb, offset, val, size);
832         break;
833     default:
834         qemu_log_mask(LOG_UNIMP, "phb4: xscom_write 0x%"HWADDR_PRIx
835                       "=%"PRIx64"\n", addr, val);
836     }
837 }
838 
839 const MemoryRegionOps pnv_phb4_xscom_ops = {
840     .read = pnv_phb4_xscom_read,
841     .write = pnv_phb4_xscom_write,
842     .valid.min_access_size = 8,
843     .valid.max_access_size = 8,
844     .impl.min_access_size = 8,
845     .impl.max_access_size = 8,
846     .endianness = DEVICE_BIG_ENDIAN,
847 };
848 
849 static int pnv_phb4_map_irq(PCIDevice *pci_dev, int irq_num)
850 {
851     /* Check that out properly ... */
852     return irq_num & 3;
853 }
854 
855 static void pnv_phb4_set_irq(void *opaque, int irq_num, int level)
856 {
857     PnvPHB4 *phb = PNV_PHB4(opaque);
858     uint32_t lsi_base;
859 
860     /* LSI only ... */
861     if (irq_num > 3) {
862         phb_error(phb, "IRQ %x is not an LSI", irq_num);
863     }
864     lsi_base = GETFIELD(PHB_LSI_SRC_ID, phb->regs[PHB_LSI_SOURCE_ID >> 3]);
865     lsi_base <<= 3;
866     qemu_set_irq(phb->qirqs[lsi_base + irq_num], level);
867 }
868 
869 static bool pnv_phb4_resolve_pe(PnvPhb4DMASpace *ds)
870 {
871     uint64_t rtt, addr;
872     uint16_t rte;
873     int bus_num;
874     int num_PEs;
875 
876     /* Already resolved ? */
877     if (ds->pe_num != PHB_INVALID_PE) {
878         return true;
879     }
880 
881     /* We need to lookup the RTT */
882     rtt = ds->phb->regs[PHB_RTT_BAR >> 3];
883     if (!(rtt & PHB_RTT_BAR_ENABLE)) {
884         phb_error(ds->phb, "DMA with RTT BAR disabled !");
885         /* Set error bits ? fence ? ... */
886         return false;
887     }
888 
889     /* Read RTE */
890     bus_num = pci_bus_num(ds->bus);
891     addr = rtt & PHB_RTT_BASE_ADDRESS_MASK;
892     addr += 2 * ((bus_num << 8) | ds->devfn);
893     if (dma_memory_read(&address_space_memory, addr, &rte, sizeof(rte))) {
894         phb_error(ds->phb, "Failed to read RTT entry at 0x%"PRIx64, addr);
895         /* Set error bits ? fence ? ... */
896         return false;
897     }
898     rte = be16_to_cpu(rte);
899 
900     /* Fail upon reading of invalid PE# */
901     num_PEs = ds->phb->big_phb ? PNV_PHB4_MAX_PEs : (PNV_PHB4_MAX_PEs >> 1);
902     if (rte >= num_PEs) {
903         phb_error(ds->phb, "RTE for RID 0x%x invalid (%04x", ds->devfn, rte);
904         rte &= num_PEs - 1;
905     }
906     ds->pe_num = rte;
907     return true;
908 }
909 
910 static void pnv_phb4_translate_tve(PnvPhb4DMASpace *ds, hwaddr addr,
911                                    bool is_write, uint64_t tve,
912                                    IOMMUTLBEntry *tlb)
913 {
914     uint64_t tta = GETFIELD(IODA3_TVT_TABLE_ADDR, tve);
915     int32_t  lev = GETFIELD(IODA3_TVT_NUM_LEVELS, tve);
916     uint32_t tts = GETFIELD(IODA3_TVT_TCE_TABLE_SIZE, tve);
917     uint32_t tps = GETFIELD(IODA3_TVT_IO_PSIZE, tve);
918 
919     /* Invalid levels */
920     if (lev > 4) {
921         phb_error(ds->phb, "Invalid #levels in TVE %d", lev);
922         return;
923     }
924 
925     /* Invalid entry */
926     if (tts == 0) {
927         phb_error(ds->phb, "Access to invalid TVE");
928         return;
929     }
930 
931     /* IO Page Size of 0 means untranslated, else use TCEs */
932     if (tps == 0) {
933         /* TODO: Handle boundaries */
934 
935         /* Use 4k pages like q35 ... for now */
936         tlb->iova = addr & 0xfffffffffffff000ull;
937         tlb->translated_addr = addr & 0x0003fffffffff000ull;
938         tlb->addr_mask = 0xfffull;
939         tlb->perm = IOMMU_RW;
940     } else {
941         uint32_t tce_shift, tbl_shift, sh;
942         uint64_t base, taddr, tce, tce_mask;
943 
944         /* Address bits per bottom level TCE entry */
945         tce_shift = tps + 11;
946 
947         /* Address bits per table level */
948         tbl_shift = tts + 8;
949 
950         /* Top level table base address */
951         base = tta << 12;
952 
953         /* Total shift to first level */
954         sh = tbl_shift * lev + tce_shift;
955 
956         /* TODO: Limit to support IO page sizes */
957 
958         /* TODO: Multi-level untested */
959         while ((lev--) >= 0) {
960             /* Grab the TCE address */
961             taddr = base | (((addr >> sh) & ((1ul << tbl_shift) - 1)) << 3);
962             if (dma_memory_read(&address_space_memory, taddr, &tce,
963                                 sizeof(tce))) {
964                 phb_error(ds->phb, "Failed to read TCE at 0x%"PRIx64, taddr);
965                 return;
966             }
967             tce = be64_to_cpu(tce);
968 
969             /* Check permission for indirect TCE */
970             if ((lev >= 0) && !(tce & 3)) {
971                 phb_error(ds->phb, "Invalid indirect TCE at 0x%"PRIx64, taddr);
972                 phb_error(ds->phb, " xlate %"PRIx64":%c TVE=%"PRIx64, addr,
973                            is_write ? 'W' : 'R', tve);
974                 phb_error(ds->phb, " tta=%"PRIx64" lev=%d tts=%d tps=%d",
975                            tta, lev, tts, tps);
976                 return;
977             }
978             sh -= tbl_shift;
979             base = tce & ~0xfffull;
980         }
981 
982         /* We exit the loop with TCE being the final TCE */
983         tce_mask = ~((1ull << tce_shift) - 1);
984         tlb->iova = addr & tce_mask;
985         tlb->translated_addr = tce & tce_mask;
986         tlb->addr_mask = ~tce_mask;
987         tlb->perm = tce & 3;
988         if ((is_write & !(tce & 2)) || ((!is_write) && !(tce & 1))) {
989             phb_error(ds->phb, "TCE access fault at 0x%"PRIx64, taddr);
990             phb_error(ds->phb, " xlate %"PRIx64":%c TVE=%"PRIx64, addr,
991                        is_write ? 'W' : 'R', tve);
992             phb_error(ds->phb, " tta=%"PRIx64" lev=%d tts=%d tps=%d",
993                        tta, lev, tts, tps);
994         }
995     }
996 }
997 
998 static IOMMUTLBEntry pnv_phb4_translate_iommu(IOMMUMemoryRegion *iommu,
999                                               hwaddr addr,
1000                                               IOMMUAccessFlags flag,
1001                                               int iommu_idx)
1002 {
1003     PnvPhb4DMASpace *ds = container_of(iommu, PnvPhb4DMASpace, dma_mr);
1004     int tve_sel;
1005     uint64_t tve, cfg;
1006     IOMMUTLBEntry ret = {
1007         .target_as = &address_space_memory,
1008         .iova = addr,
1009         .translated_addr = 0,
1010         .addr_mask = ~(hwaddr)0,
1011         .perm = IOMMU_NONE,
1012     };
1013 
1014     /* Resolve PE# */
1015     if (!pnv_phb4_resolve_pe(ds)) {
1016         phb_error(ds->phb, "Failed to resolve PE# for bus @%p (%d) devfn 0x%x",
1017                    ds->bus, pci_bus_num(ds->bus), ds->devfn);
1018         return ret;
1019     }
1020 
1021     /* Check top bits */
1022     switch (addr >> 60) {
1023     case 00:
1024         /* DMA or 32-bit MSI ? */
1025         cfg = ds->phb->regs[PHB_PHB4_CONFIG >> 3];
1026         if ((cfg & PHB_PHB4C_32BIT_MSI_EN) &&
1027             ((addr & 0xffffffffffff0000ull) == 0xffff0000ull)) {
1028             phb_error(ds->phb, "xlate on 32-bit MSI region");
1029             return ret;
1030         }
1031         /* Choose TVE XXX Use PHB4 Control Register */
1032         tve_sel = (addr >> 59) & 1;
1033         tve = ds->phb->ioda_TVT[ds->pe_num * 2 + tve_sel];
1034         pnv_phb4_translate_tve(ds, addr, flag & IOMMU_WO, tve, &ret);
1035         break;
1036     case 01:
1037         phb_error(ds->phb, "xlate on 64-bit MSI region");
1038         break;
1039     default:
1040         phb_error(ds->phb, "xlate on unsupported address 0x%"PRIx64, addr);
1041     }
1042     return ret;
1043 }
1044 
1045 #define TYPE_PNV_PHB4_IOMMU_MEMORY_REGION "pnv-phb4-iommu-memory-region"
1046 DECLARE_INSTANCE_CHECKER(IOMMUMemoryRegion, PNV_PHB4_IOMMU_MEMORY_REGION,
1047                          TYPE_PNV_PHB4_IOMMU_MEMORY_REGION)
1048 
1049 static void pnv_phb4_iommu_memory_region_class_init(ObjectClass *klass,
1050                                                     void *data)
1051 {
1052     IOMMUMemoryRegionClass *imrc = IOMMU_MEMORY_REGION_CLASS(klass);
1053 
1054     imrc->translate = pnv_phb4_translate_iommu;
1055 }
1056 
1057 static const TypeInfo pnv_phb4_iommu_memory_region_info = {
1058     .parent = TYPE_IOMMU_MEMORY_REGION,
1059     .name = TYPE_PNV_PHB4_IOMMU_MEMORY_REGION,
1060     .class_init = pnv_phb4_iommu_memory_region_class_init,
1061 };
1062 
1063 /*
1064  * MSI/MSIX memory region implementation.
1065  * The handler handles both MSI and MSIX.
1066  */
1067 static void pnv_phb4_msi_write(void *opaque, hwaddr addr,
1068                                uint64_t data, unsigned size)
1069 {
1070     PnvPhb4DMASpace *ds = opaque;
1071     PnvPHB4 *phb = ds->phb;
1072 
1073     uint32_t src = ((addr >> 4) & 0xffff) | (data & 0x1f);
1074 
1075     /* Resolve PE# */
1076     if (!pnv_phb4_resolve_pe(ds)) {
1077         phb_error(phb, "Failed to resolve PE# for bus @%p (%d) devfn 0x%x",
1078                    ds->bus, pci_bus_num(ds->bus), ds->devfn);
1079         return;
1080     }
1081 
1082     /* TODO: Check it doesn't collide with LSIs */
1083     if (src >= phb->xsrc.nr_irqs) {
1084         phb_error(phb, "MSI %d out of bounds", src);
1085         return;
1086     }
1087 
1088     /* TODO: check PE/MSI assignement */
1089 
1090     qemu_irq_pulse(phb->qirqs[src]);
1091 }
1092 
1093 /* There is no .read as the read result is undefined by PCI spec */
1094 static uint64_t pnv_phb4_msi_read(void *opaque, hwaddr addr, unsigned size)
1095 {
1096     PnvPhb4DMASpace *ds = opaque;
1097 
1098     phb_error(ds->phb, "Invalid MSI read @ 0x%" HWADDR_PRIx, addr);
1099     return -1;
1100 }
1101 
1102 static const MemoryRegionOps pnv_phb4_msi_ops = {
1103     .read = pnv_phb4_msi_read,
1104     .write = pnv_phb4_msi_write,
1105     .endianness = DEVICE_LITTLE_ENDIAN
1106 };
1107 
1108 static PnvPhb4DMASpace *pnv_phb4_dma_find(PnvPHB4 *phb, PCIBus *bus, int devfn)
1109 {
1110     PnvPhb4DMASpace *ds;
1111 
1112     QLIST_FOREACH(ds, &phb->dma_spaces, list) {
1113         if (ds->bus == bus && ds->devfn == devfn) {
1114             break;
1115         }
1116     }
1117     return ds;
1118 }
1119 
1120 static AddressSpace *pnv_phb4_dma_iommu(PCIBus *bus, void *opaque, int devfn)
1121 {
1122     PnvPHB4 *phb = opaque;
1123     PnvPhb4DMASpace *ds;
1124     char name[32];
1125 
1126     ds = pnv_phb4_dma_find(phb, bus, devfn);
1127 
1128     if (ds == NULL) {
1129         ds = g_malloc0(sizeof(PnvPhb4DMASpace));
1130         ds->bus = bus;
1131         ds->devfn = devfn;
1132         ds->pe_num = PHB_INVALID_PE;
1133         ds->phb = phb;
1134         snprintf(name, sizeof(name), "phb4-%d.%d-iommu", phb->chip_id,
1135                  phb->phb_id);
1136         memory_region_init_iommu(&ds->dma_mr, sizeof(ds->dma_mr),
1137                                  TYPE_PNV_PHB4_IOMMU_MEMORY_REGION,
1138                                  OBJECT(phb), name, UINT64_MAX);
1139         address_space_init(&ds->dma_as, MEMORY_REGION(&ds->dma_mr),
1140                            name);
1141         memory_region_init_io(&ds->msi32_mr, OBJECT(phb), &pnv_phb4_msi_ops,
1142                               ds, "msi32", 0x10000);
1143         memory_region_init_io(&ds->msi64_mr, OBJECT(phb), &pnv_phb4_msi_ops,
1144                               ds, "msi64", 0x100000);
1145         pnv_phb4_update_msi_regions(ds);
1146 
1147         QLIST_INSERT_HEAD(&phb->dma_spaces, ds, list);
1148     }
1149     return &ds->dma_as;
1150 }
1151 
1152 static void pnv_phb4_instance_init(Object *obj)
1153 {
1154     PnvPHB4 *phb = PNV_PHB4(obj);
1155 
1156     QLIST_INIT(&phb->dma_spaces);
1157 
1158     /* XIVE interrupt source object */
1159     object_initialize_child(obj, "source", &phb->xsrc, TYPE_XIVE_SOURCE);
1160 
1161     /* Root Port */
1162     object_initialize_child(obj, "root", &phb->root, TYPE_PNV_PHB4_ROOT_PORT);
1163 
1164     qdev_prop_set_int32(DEVICE(&phb->root), "addr", PCI_DEVFN(0, 0));
1165     qdev_prop_set_bit(DEVICE(&phb->root), "multifunction", false);
1166 }
1167 
1168 static void pnv_phb4_realize(DeviceState *dev, Error **errp)
1169 {
1170     PnvPHB4 *phb = PNV_PHB4(dev);
1171     PCIHostState *pci = PCI_HOST_BRIDGE(dev);
1172     XiveSource *xsrc = &phb->xsrc;
1173     int nr_irqs;
1174     char name[32];
1175 
1176     assert(phb->stack);
1177 
1178     /* Set the "big_phb" flag */
1179     phb->big_phb = phb->phb_id == 0 || phb->phb_id == 3;
1180 
1181     /* Controller Registers */
1182     snprintf(name, sizeof(name), "phb4-%d.%d-regs", phb->chip_id,
1183              phb->phb_id);
1184     memory_region_init_io(&phb->mr_regs, OBJECT(phb), &pnv_phb4_reg_ops, phb,
1185                           name, 0x2000);
1186 
1187     /*
1188      * PHB4 doesn't support IO space. However, qemu gets very upset if
1189      * we don't have an IO region to anchor IO BARs onto so we just
1190      * initialize one which we never hook up to anything
1191      */
1192 
1193     snprintf(name, sizeof(name), "phb4-%d.%d-pci-io", phb->chip_id,
1194              phb->phb_id);
1195     memory_region_init(&phb->pci_io, OBJECT(phb), name, 0x10000);
1196 
1197     snprintf(name, sizeof(name), "phb4-%d.%d-pci-mmio", phb->chip_id,
1198              phb->phb_id);
1199     memory_region_init(&phb->pci_mmio, OBJECT(phb), name,
1200                        PCI_MMIO_TOTAL_SIZE);
1201 
1202     pci->bus = pci_register_root_bus(dev, "root-bus",
1203                                      pnv_phb4_set_irq, pnv_phb4_map_irq, phb,
1204                                      &phb->pci_mmio, &phb->pci_io,
1205                                      0, 4, TYPE_PNV_PHB4_ROOT_BUS);
1206     pci_setup_iommu(pci->bus, pnv_phb4_dma_iommu, phb);
1207 
1208     /* Add a single Root port */
1209     qdev_prop_set_uint8(DEVICE(&phb->root), "chassis", phb->chip_id);
1210     qdev_prop_set_uint16(DEVICE(&phb->root), "slot", phb->phb_id);
1211     qdev_realize(DEVICE(&phb->root), BUS(pci->bus), &error_fatal);
1212 
1213     /* Setup XIVE Source */
1214     if (phb->big_phb) {
1215         nr_irqs = PNV_PHB4_MAX_INTs;
1216     } else {
1217         nr_irqs = PNV_PHB4_MAX_INTs >> 1;
1218     }
1219     object_property_set_int(OBJECT(xsrc), "nr-irqs", nr_irqs, &error_fatal);
1220     object_property_set_link(OBJECT(xsrc), "xive", OBJECT(phb), &error_fatal);
1221     if (!qdev_realize(DEVICE(xsrc), NULL, errp)) {
1222         return;
1223     }
1224 
1225     pnv_phb4_update_xsrc(phb);
1226 
1227     phb->qirqs = qemu_allocate_irqs(xive_source_set_irq, xsrc, xsrc->nr_irqs);
1228 }
1229 
1230 static void pnv_phb4_reset(DeviceState *dev)
1231 {
1232     PnvPHB4 *phb = PNV_PHB4(dev);
1233     PCIDevice *root_dev = PCI_DEVICE(&phb->root);
1234 
1235     /*
1236      * Configure PCI device id at reset using a property.
1237      */
1238     pci_config_set_vendor_id(root_dev->config, PCI_VENDOR_ID_IBM);
1239     pci_config_set_device_id(root_dev->config, phb->device_id);
1240 }
1241 
1242 static const char *pnv_phb4_root_bus_path(PCIHostState *host_bridge,
1243                                           PCIBus *rootbus)
1244 {
1245     PnvPHB4 *phb = PNV_PHB4(host_bridge);
1246 
1247     snprintf(phb->bus_path, sizeof(phb->bus_path), "00%02x:%02x",
1248              phb->chip_id, phb->phb_id);
1249     return phb->bus_path;
1250 }
1251 
1252 static void pnv_phb4_xive_notify(XiveNotifier *xf, uint32_t srcno)
1253 {
1254     PnvPHB4 *phb = PNV_PHB4(xf);
1255     uint64_t notif_port = phb->regs[PHB_INT_NOTIFY_ADDR >> 3];
1256     uint32_t offset = phb->regs[PHB_INT_NOTIFY_INDEX >> 3];
1257     uint64_t data = XIVE_TRIGGER_PQ | offset | srcno;
1258     MemTxResult result;
1259 
1260     address_space_stq_be(&address_space_memory, notif_port, data,
1261                          MEMTXATTRS_UNSPECIFIED, &result);
1262     if (result != MEMTX_OK) {
1263         phb_error(phb, "trigger failed @%"HWADDR_PRIx "\n", notif_port);
1264         return;
1265     }
1266 }
1267 
1268 static Property pnv_phb4_properties[] = {
1269         DEFINE_PROP_UINT32("index", PnvPHB4, phb_id, 0),
1270         DEFINE_PROP_UINT32("chip-id", PnvPHB4, chip_id, 0),
1271         DEFINE_PROP_UINT64("version", PnvPHB4, version, 0),
1272         DEFINE_PROP_UINT16("device-id", PnvPHB4, device_id, 0),
1273         DEFINE_PROP_LINK("stack", PnvPHB4, stack, TYPE_PNV_PHB4_PEC_STACK,
1274                          PnvPhb4PecStack *),
1275         DEFINE_PROP_END_OF_LIST(),
1276 };
1277 
1278 static void pnv_phb4_class_init(ObjectClass *klass, void *data)
1279 {
1280     PCIHostBridgeClass *hc = PCI_HOST_BRIDGE_CLASS(klass);
1281     DeviceClass *dc = DEVICE_CLASS(klass);
1282     XiveNotifierClass *xfc = XIVE_NOTIFIER_CLASS(klass);
1283 
1284     hc->root_bus_path   = pnv_phb4_root_bus_path;
1285     dc->realize         = pnv_phb4_realize;
1286     device_class_set_props(dc, pnv_phb4_properties);
1287     set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
1288     dc->user_creatable  = false;
1289     dc->reset           = pnv_phb4_reset;
1290 
1291     xfc->notify         = pnv_phb4_xive_notify;
1292 }
1293 
1294 static const TypeInfo pnv_phb4_type_info = {
1295     .name          = TYPE_PNV_PHB4,
1296     .parent        = TYPE_PCIE_HOST_BRIDGE,
1297     .instance_init = pnv_phb4_instance_init,
1298     .instance_size = sizeof(PnvPHB4),
1299     .class_init    = pnv_phb4_class_init,
1300     .interfaces = (InterfaceInfo[]) {
1301             { TYPE_XIVE_NOTIFIER },
1302             { },
1303     }
1304 };
1305 
1306 static void pnv_phb4_root_bus_class_init(ObjectClass *klass, void *data)
1307 {
1308     BusClass *k = BUS_CLASS(klass);
1309 
1310     /*
1311      * PHB4 has only a single root complex. Enforce the limit on the
1312      * parent bus
1313      */
1314     k->max_dev = 1;
1315 }
1316 
1317 static const TypeInfo pnv_phb4_root_bus_info = {
1318     .name = TYPE_PNV_PHB4_ROOT_BUS,
1319     .parent = TYPE_PCIE_BUS,
1320     .class_init = pnv_phb4_root_bus_class_init,
1321     .interfaces = (InterfaceInfo[]) {
1322         { INTERFACE_PCIE_DEVICE },
1323         { }
1324     },
1325 };
1326 
1327 static void pnv_phb4_root_port_reset(DeviceState *dev)
1328 {
1329     PCIERootPortClass *rpc = PCIE_ROOT_PORT_GET_CLASS(dev);
1330     PCIDevice *d = PCI_DEVICE(dev);
1331     uint8_t *conf = d->config;
1332 
1333     rpc->parent_reset(dev);
1334 
1335     pci_byte_test_and_set_mask(conf + PCI_IO_BASE,
1336                                PCI_IO_RANGE_MASK & 0xff);
1337     pci_byte_test_and_clear_mask(conf + PCI_IO_LIMIT,
1338                                  PCI_IO_RANGE_MASK & 0xff);
1339     pci_set_word(conf + PCI_MEMORY_BASE, 0);
1340     pci_set_word(conf + PCI_MEMORY_LIMIT, 0xfff0);
1341     pci_set_word(conf + PCI_PREF_MEMORY_BASE, 0x1);
1342     pci_set_word(conf + PCI_PREF_MEMORY_LIMIT, 0xfff1);
1343     pci_set_long(conf + PCI_PREF_BASE_UPPER32, 0x1); /* Hack */
1344     pci_set_long(conf + PCI_PREF_LIMIT_UPPER32, 0xffffffff);
1345 }
1346 
1347 static void pnv_phb4_root_port_realize(DeviceState *dev, Error **errp)
1348 {
1349     PCIERootPortClass *rpc = PCIE_ROOT_PORT_GET_CLASS(dev);
1350     Error *local_err = NULL;
1351 
1352     rpc->parent_realize(dev, &local_err);
1353     if (local_err) {
1354         error_propagate(errp, local_err);
1355         return;
1356     }
1357 }
1358 
1359 static void pnv_phb4_root_port_class_init(ObjectClass *klass, void *data)
1360 {
1361     DeviceClass *dc = DEVICE_CLASS(klass);
1362     PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
1363     PCIERootPortClass *rpc = PCIE_ROOT_PORT_CLASS(klass);
1364 
1365     dc->desc     = "IBM PHB4 PCIE Root Port";
1366     dc->user_creatable = false;
1367 
1368     device_class_set_parent_realize(dc, pnv_phb4_root_port_realize,
1369                                     &rpc->parent_realize);
1370     device_class_set_parent_reset(dc, pnv_phb4_root_port_reset,
1371                                   &rpc->parent_reset);
1372 
1373     k->vendor_id = PCI_VENDOR_ID_IBM;
1374     k->device_id = PNV_PHB4_DEVICE_ID;
1375     k->revision  = 0;
1376 
1377     rpc->exp_offset = 0x48;
1378     rpc->aer_offset = 0x100;
1379 
1380     dc->reset = &pnv_phb4_root_port_reset;
1381 }
1382 
1383 static const TypeInfo pnv_phb4_root_port_info = {
1384     .name          = TYPE_PNV_PHB4_ROOT_PORT,
1385     .parent        = TYPE_PCIE_ROOT_PORT,
1386     .instance_size = sizeof(PnvPHB4RootPort),
1387     .class_init    = pnv_phb4_root_port_class_init,
1388 };
1389 
1390 static void pnv_phb4_register_types(void)
1391 {
1392     type_register_static(&pnv_phb4_root_bus_info);
1393     type_register_static(&pnv_phb4_root_port_info);
1394     type_register_static(&pnv_phb4_type_info);
1395     type_register_static(&pnv_phb4_iommu_memory_region_info);
1396 }
1397 
1398 type_init(pnv_phb4_register_types);
1399 
1400 void pnv_phb4_update_regions(PnvPhb4PecStack *stack)
1401 {
1402     PnvPHB4 *phb = &stack->phb;
1403 
1404     /* Unmap first always */
1405     if (memory_region_is_mapped(&phb->mr_regs)) {
1406         memory_region_del_subregion(&stack->phbbar, &phb->mr_regs);
1407     }
1408     if (memory_region_is_mapped(&phb->xsrc.esb_mmio)) {
1409         memory_region_del_subregion(&stack->intbar, &phb->xsrc.esb_mmio);
1410     }
1411 
1412     /* Map registers if enabled */
1413     if (memory_region_is_mapped(&stack->phbbar)) {
1414         memory_region_add_subregion(&stack->phbbar, 0, &phb->mr_regs);
1415     }
1416 
1417     /* Map ESB if enabled */
1418     if (memory_region_is_mapped(&stack->intbar)) {
1419         memory_region_add_subregion(&stack->intbar, 0, &phb->xsrc.esb_mmio);
1420     }
1421 
1422     /* Check/update m32 */
1423     pnv_phb4_check_all_mbt(phb);
1424 }
1425 
1426 void pnv_phb4_pic_print_info(PnvPHB4 *phb, Monitor *mon)
1427 {
1428     uint32_t offset = phb->regs[PHB_INT_NOTIFY_INDEX >> 3];
1429 
1430     monitor_printf(mon, "PHB4[%x:%x] Source %08x .. %08x\n",
1431                    phb->chip_id, phb->phb_id,
1432                    offset, offset + phb->xsrc.nr_irqs - 1);
1433     xive_source_pic_print_info(&phb->xsrc, 0, mon);
1434 }
1435