xref: /openbmc/qemu/hw/pci-host/q35.c (revision 90bb6d67)
1 /*
2  * QEMU MCH/ICH9 PCI Bridge Emulation
3  *
4  * Copyright (c) 2006 Fabrice Bellard
5  * Copyright (c) 2009, 2010, 2011
6  *               Isaku Yamahata <yamahata at valinux co jp>
7  *               VA Linux Systems Japan K.K.
8  * Copyright (C) 2012 Jason Baron <jbaron@redhat.com>
9  *
10  * This is based on piix.c, but heavily modified.
11  *
12  * Permission is hereby granted, free of charge, to any person obtaining a copy
13  * of this software and associated documentation files (the "Software"), to deal
14  * in the Software without restriction, including without limitation the rights
15  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
16  * copies of the Software, and to permit persons to whom the Software is
17  * furnished to do so, subject to the following conditions:
18  *
19  * The above copyright notice and this permission notice shall be included in
20  * all copies or substantial portions of the Software.
21  *
22  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
23  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
24  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
25  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
26  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
27  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
28  * THE SOFTWARE.
29  */
30 
31 #include "qemu/osdep.h"
32 #include "qemu/log.h"
33 #include "hw/i386/pc.h"
34 #include "hw/pci-host/q35.h"
35 #include "hw/qdev-properties.h"
36 #include "migration/vmstate.h"
37 #include "qapi/error.h"
38 #include "qapi/visitor.h"
39 #include "qemu/module.h"
40 
41 /****************************************************************************
42  * Q35 host
43  */
44 
45 #define Q35_PCI_HOST_HOLE64_SIZE_DEFAULT (1ULL << 35)
46 
47 static void q35_host_realize(DeviceState *dev, Error **errp)
48 {
49     PCIHostState *pci = PCI_HOST_BRIDGE(dev);
50     Q35PCIHost *s = Q35_HOST_DEVICE(dev);
51     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
52 
53     memory_region_add_subregion(s->mch.address_space_io,
54                                 MCH_HOST_BRIDGE_CONFIG_ADDR, &pci->conf_mem);
55     sysbus_init_ioports(sbd, MCH_HOST_BRIDGE_CONFIG_ADDR, 4);
56 
57     memory_region_add_subregion(s->mch.address_space_io,
58                                 MCH_HOST_BRIDGE_CONFIG_DATA, &pci->data_mem);
59     sysbus_init_ioports(sbd, MCH_HOST_BRIDGE_CONFIG_DATA, 4);
60 
61     /* register q35 0xcf8 port as coalesced pio */
62     memory_region_set_flush_coalesced(&pci->data_mem);
63     memory_region_add_coalescing(&pci->conf_mem, 0, 4);
64 
65     pci->bus = pci_root_bus_new(DEVICE(s), "pcie.0",
66                                 s->mch.pci_address_space,
67                                 s->mch.address_space_io,
68                                 0, TYPE_PCIE_BUS);
69 
70     qdev_realize(DEVICE(&s->mch), BUS(pci->bus), &error_fatal);
71 }
72 
73 static const char *q35_host_root_bus_path(PCIHostState *host_bridge,
74                                           PCIBus *rootbus)
75 {
76     return "0000:00";
77 }
78 
79 static void q35_host_get_pci_hole_start(Object *obj, Visitor *v,
80                                         const char *name, void *opaque,
81                                         Error **errp)
82 {
83     Q35PCIHost *s = Q35_HOST_DEVICE(obj);
84     uint64_t val64;
85     uint32_t value;
86 
87     val64 = range_is_empty(&s->mch.pci_hole)
88         ? 0 : range_lob(&s->mch.pci_hole);
89     value = val64;
90     assert(value == val64);
91     visit_type_uint32(v, name, &value, errp);
92 }
93 
94 static void q35_host_get_pci_hole_end(Object *obj, Visitor *v,
95                                       const char *name, void *opaque,
96                                       Error **errp)
97 {
98     Q35PCIHost *s = Q35_HOST_DEVICE(obj);
99     uint64_t val64;
100     uint32_t value;
101 
102     val64 = range_is_empty(&s->mch.pci_hole)
103         ? 0 : range_upb(&s->mch.pci_hole) + 1;
104     value = val64;
105     assert(value == val64);
106     visit_type_uint32(v, name, &value, errp);
107 }
108 
109 /*
110  * The 64bit PCI hole start is set by the Guest firmware
111  * as the address of the first 64bit PCI MEM resource.
112  * If no PCI device has resources on the 64bit area,
113  * the 64bit PCI hole will start after "over 4G RAM" and the
114  * reserved space for memory hotplug if any.
115  */
116 static uint64_t q35_host_get_pci_hole64_start_value(Object *obj)
117 {
118     PCIHostState *h = PCI_HOST_BRIDGE(obj);
119     Q35PCIHost *s = Q35_HOST_DEVICE(obj);
120     Range w64;
121     uint64_t value;
122 
123     pci_bus_get_w64_range(h->bus, &w64);
124     value = range_is_empty(&w64) ? 0 : range_lob(&w64);
125     if (!value && s->pci_hole64_fix) {
126         value = pc_pci_hole64_start();
127     }
128     return value;
129 }
130 
131 static void q35_host_get_pci_hole64_start(Object *obj, Visitor *v,
132                                           const char *name, void *opaque,
133                                           Error **errp)
134 {
135     uint64_t hole64_start = q35_host_get_pci_hole64_start_value(obj);
136 
137     visit_type_uint64(v, name, &hole64_start, errp);
138 }
139 
140 /*
141  * The 64bit PCI hole end is set by the Guest firmware
142  * as the address of the last 64bit PCI MEM resource.
143  * Then it is expanded to the PCI_HOST_PROP_PCI_HOLE64_SIZE
144  * that can be configured by the user.
145  */
146 static void q35_host_get_pci_hole64_end(Object *obj, Visitor *v,
147                                         const char *name, void *opaque,
148                                         Error **errp)
149 {
150     PCIHostState *h = PCI_HOST_BRIDGE(obj);
151     Q35PCIHost *s = Q35_HOST_DEVICE(obj);
152     uint64_t hole64_start = q35_host_get_pci_hole64_start_value(obj);
153     Range w64;
154     uint64_t value, hole64_end;
155 
156     pci_bus_get_w64_range(h->bus, &w64);
157     value = range_is_empty(&w64) ? 0 : range_upb(&w64) + 1;
158     hole64_end = ROUND_UP(hole64_start + s->mch.pci_hole64_size, 1ULL << 30);
159     if (s->pci_hole64_fix && value < hole64_end) {
160         value = hole64_end;
161     }
162     visit_type_uint64(v, name, &value, errp);
163 }
164 
165 /*
166  * NOTE: setting defaults for the mch.* fields in this table
167  * doesn't work, because mch is a separate QOM object that is
168  * zeroed by the object_initialize(&s->mch, ...) call inside
169  * q35_host_initfn().  The default values for those
170  * properties need to be initialized manually by
171  * q35_host_initfn() after the object_initialize() call.
172  */
173 static Property q35_host_props[] = {
174     DEFINE_PROP_UINT64(PCIE_HOST_MCFG_BASE, Q35PCIHost, parent_obj.base_addr,
175                         MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT),
176     DEFINE_PROP_SIZE(PCI_HOST_PROP_PCI_HOLE64_SIZE, Q35PCIHost,
177                      mch.pci_hole64_size, Q35_PCI_HOST_HOLE64_SIZE_DEFAULT),
178     DEFINE_PROP_SIZE(PCI_HOST_BELOW_4G_MEM_SIZE, Q35PCIHost,
179                      mch.below_4g_mem_size, 0),
180     DEFINE_PROP_SIZE(PCI_HOST_ABOVE_4G_MEM_SIZE, Q35PCIHost,
181                      mch.above_4g_mem_size, 0),
182     DEFINE_PROP_BOOL("x-pci-hole64-fix", Q35PCIHost, pci_hole64_fix, true),
183     DEFINE_PROP_END_OF_LIST(),
184 };
185 
186 static void q35_host_class_init(ObjectClass *klass, void *data)
187 {
188     DeviceClass *dc = DEVICE_CLASS(klass);
189     PCIHostBridgeClass *hc = PCI_HOST_BRIDGE_CLASS(klass);
190 
191     hc->root_bus_path = q35_host_root_bus_path;
192     dc->realize = q35_host_realize;
193     device_class_set_props(dc, q35_host_props);
194     /* Reason: needs to be wired up by pc_q35_init */
195     dc->user_creatable = false;
196     set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
197     dc->fw_name = "pci";
198 }
199 
200 static void q35_host_initfn(Object *obj)
201 {
202     Q35PCIHost *s = Q35_HOST_DEVICE(obj);
203     PCIHostState *phb = PCI_HOST_BRIDGE(obj);
204     PCIExpressHost *pehb = PCIE_HOST_BRIDGE(obj);
205 
206     memory_region_init_io(&phb->conf_mem, obj, &pci_host_conf_le_ops, phb,
207                           "pci-conf-idx", 4);
208     memory_region_init_io(&phb->data_mem, obj, &pci_host_data_le_ops, phb,
209                           "pci-conf-data", 4);
210 
211     object_initialize_child(OBJECT(s), "mch", &s->mch, TYPE_MCH_PCI_DEVICE);
212     qdev_prop_set_int32(DEVICE(&s->mch), "addr", PCI_DEVFN(0, 0));
213     qdev_prop_set_bit(DEVICE(&s->mch), "multifunction", false);
214     /* mch's object_initialize resets the default value, set it again */
215     qdev_prop_set_uint64(DEVICE(s), PCI_HOST_PROP_PCI_HOLE64_SIZE,
216                          Q35_PCI_HOST_HOLE64_SIZE_DEFAULT);
217     object_property_add(obj, PCI_HOST_PROP_PCI_HOLE_START, "uint32",
218                         q35_host_get_pci_hole_start,
219                         NULL, NULL, NULL);
220 
221     object_property_add(obj, PCI_HOST_PROP_PCI_HOLE_END, "uint32",
222                         q35_host_get_pci_hole_end,
223                         NULL, NULL, NULL);
224 
225     object_property_add(obj, PCI_HOST_PROP_PCI_HOLE64_START, "uint64",
226                         q35_host_get_pci_hole64_start,
227                         NULL, NULL, NULL);
228 
229     object_property_add(obj, PCI_HOST_PROP_PCI_HOLE64_END, "uint64",
230                         q35_host_get_pci_hole64_end,
231                         NULL, NULL, NULL);
232 
233     object_property_add_uint64_ptr(obj, PCIE_HOST_MCFG_SIZE,
234                                    &pehb->size, OBJ_PROP_FLAG_READ);
235 
236     object_property_add_link(obj, PCI_HOST_PROP_RAM_MEM, TYPE_MEMORY_REGION,
237                              (Object **) &s->mch.ram_memory,
238                              qdev_prop_allow_set_link_before_realize, 0);
239 
240     object_property_add_link(obj, PCI_HOST_PROP_PCI_MEM, TYPE_MEMORY_REGION,
241                              (Object **) &s->mch.pci_address_space,
242                              qdev_prop_allow_set_link_before_realize, 0);
243 
244     object_property_add_link(obj, PCI_HOST_PROP_SYSTEM_MEM, TYPE_MEMORY_REGION,
245                              (Object **) &s->mch.system_memory,
246                              qdev_prop_allow_set_link_before_realize, 0);
247 
248     object_property_add_link(obj, PCI_HOST_PROP_IO_MEM, TYPE_MEMORY_REGION,
249                              (Object **) &s->mch.address_space_io,
250                              qdev_prop_allow_set_link_before_realize, 0);
251 }
252 
253 static const TypeInfo q35_host_info = {
254     .name       = TYPE_Q35_HOST_DEVICE,
255     .parent     = TYPE_PCIE_HOST_BRIDGE,
256     .instance_size = sizeof(Q35PCIHost),
257     .instance_init = q35_host_initfn,
258     .class_init = q35_host_class_init,
259 };
260 
261 /****************************************************************************
262  * MCH D0:F0
263  */
264 
265 static uint64_t blackhole_read(void *ptr, hwaddr reg, unsigned size)
266 {
267     return 0xffffffff;
268 }
269 
270 static void blackhole_write(void *opaque, hwaddr addr, uint64_t val,
271                             unsigned width)
272 {
273     /* nothing */
274 }
275 
276 static const MemoryRegionOps blackhole_ops = {
277     .read = blackhole_read,
278     .write = blackhole_write,
279     .valid.min_access_size = 1,
280     .valid.max_access_size = 4,
281     .impl.min_access_size = 4,
282     .impl.max_access_size = 4,
283     .endianness = DEVICE_LITTLE_ENDIAN,
284 };
285 
286 /* PCIe MMCFG */
287 static void mch_update_pciexbar(MCHPCIState *mch)
288 {
289     PCIDevice *pci_dev = PCI_DEVICE(mch);
290     BusState *bus = qdev_get_parent_bus(DEVICE(mch));
291     PCIExpressHost *pehb = PCIE_HOST_BRIDGE(bus->parent);
292 
293     uint64_t pciexbar;
294     int enable;
295     uint64_t addr;
296     uint64_t addr_mask;
297     uint32_t length;
298 
299     pciexbar = pci_get_quad(pci_dev->config + MCH_HOST_BRIDGE_PCIEXBAR);
300     enable = pciexbar & MCH_HOST_BRIDGE_PCIEXBAREN;
301     addr_mask = MCH_HOST_BRIDGE_PCIEXBAR_ADMSK;
302     switch (pciexbar & MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_MASK) {
303     case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_256M:
304         length = 256 * 1024 * 1024;
305         break;
306     case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_128M:
307         length = 128 * 1024 * 1024;
308         addr_mask |= MCH_HOST_BRIDGE_PCIEXBAR_128ADMSK |
309             MCH_HOST_BRIDGE_PCIEXBAR_64ADMSK;
310         break;
311     case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_64M:
312         length = 64 * 1024 * 1024;
313         addr_mask |= MCH_HOST_BRIDGE_PCIEXBAR_64ADMSK;
314         break;
315     case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_RVD:
316         qemu_log_mask(LOG_GUEST_ERROR, "Q35: Reserved PCIEXBAR LENGTH\n");
317         return;
318     default:
319         abort();
320     }
321     addr = pciexbar & addr_mask;
322     pcie_host_mmcfg_update(pehb, enable, addr, length);
323 }
324 
325 /* PAM */
326 static void mch_update_pam(MCHPCIState *mch)
327 {
328     PCIDevice *pd = PCI_DEVICE(mch);
329     int i;
330 
331     memory_region_transaction_begin();
332     for (i = 0; i < 13; i++) {
333         pam_update(&mch->pam_regions[i], i,
334                    pd->config[MCH_HOST_BRIDGE_PAM0 + DIV_ROUND_UP(i, 2)]);
335     }
336     memory_region_transaction_commit();
337 }
338 
339 /* SMRAM */
340 static void mch_update_smram(MCHPCIState *mch)
341 {
342     PCIDevice *pd = PCI_DEVICE(mch);
343     bool h_smrame = (pd->config[MCH_HOST_BRIDGE_ESMRAMC] & MCH_HOST_BRIDGE_ESMRAMC_H_SMRAME);
344     uint32_t tseg_size;
345 
346     /* implement SMRAM.D_LCK */
347     if (pd->config[MCH_HOST_BRIDGE_SMRAM] & MCH_HOST_BRIDGE_SMRAM_D_LCK) {
348         pd->config[MCH_HOST_BRIDGE_SMRAM] &= ~MCH_HOST_BRIDGE_SMRAM_D_OPEN;
349         pd->wmask[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_WMASK_LCK;
350         pd->wmask[MCH_HOST_BRIDGE_ESMRAMC] = MCH_HOST_BRIDGE_ESMRAMC_WMASK_LCK;
351     }
352 
353     memory_region_transaction_begin();
354 
355     if (pd->config[MCH_HOST_BRIDGE_SMRAM] & SMRAM_D_OPEN) {
356         /* Hide (!) low SMRAM if H_SMRAME = 1 */
357         memory_region_set_enabled(&mch->smram_region, h_smrame);
358         /* Show high SMRAM if H_SMRAME = 1 */
359         memory_region_set_enabled(&mch->open_high_smram, h_smrame);
360     } else {
361         /* Hide high SMRAM and low SMRAM */
362         memory_region_set_enabled(&mch->smram_region, true);
363         memory_region_set_enabled(&mch->open_high_smram, false);
364     }
365 
366     if (pd->config[MCH_HOST_BRIDGE_SMRAM] & SMRAM_G_SMRAME) {
367         memory_region_set_enabled(&mch->low_smram, !h_smrame);
368         memory_region_set_enabled(&mch->high_smram, h_smrame);
369     } else {
370         memory_region_set_enabled(&mch->low_smram, false);
371         memory_region_set_enabled(&mch->high_smram, false);
372     }
373 
374     if ((pd->config[MCH_HOST_BRIDGE_ESMRAMC] & MCH_HOST_BRIDGE_ESMRAMC_T_EN) &&
375         (pd->config[MCH_HOST_BRIDGE_SMRAM] & SMRAM_G_SMRAME)) {
376         switch (pd->config[MCH_HOST_BRIDGE_ESMRAMC] &
377                 MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_MASK) {
378         case MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_1MB:
379             tseg_size = 1024 * 1024;
380             break;
381         case MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_2MB:
382             tseg_size = 1024 * 1024 * 2;
383             break;
384         case MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_8MB:
385             tseg_size = 1024 * 1024 * 8;
386             break;
387         default:
388             tseg_size = 1024 * 1024 * (uint32_t)mch->ext_tseg_mbytes;
389             break;
390         }
391     } else {
392         tseg_size = 0;
393     }
394     memory_region_del_subregion(mch->system_memory, &mch->tseg_blackhole);
395     memory_region_set_enabled(&mch->tseg_blackhole, tseg_size);
396     memory_region_set_size(&mch->tseg_blackhole, tseg_size);
397     memory_region_add_subregion_overlap(mch->system_memory,
398                                         mch->below_4g_mem_size - tseg_size,
399                                         &mch->tseg_blackhole, 1);
400 
401     memory_region_set_enabled(&mch->tseg_window, tseg_size);
402     memory_region_set_size(&mch->tseg_window, tseg_size);
403     memory_region_set_address(&mch->tseg_window,
404                               mch->below_4g_mem_size - tseg_size);
405     memory_region_set_alias_offset(&mch->tseg_window,
406                                    mch->below_4g_mem_size - tseg_size);
407 
408     memory_region_transaction_commit();
409 }
410 
411 static void mch_update_ext_tseg_mbytes(MCHPCIState *mch)
412 {
413     PCIDevice *pd = PCI_DEVICE(mch);
414     uint8_t *reg = pd->config + MCH_HOST_BRIDGE_EXT_TSEG_MBYTES;
415 
416     if (mch->ext_tseg_mbytes > 0 &&
417         pci_get_word(reg) == MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_QUERY) {
418         pci_set_word(reg, mch->ext_tseg_mbytes);
419     }
420 }
421 
422 static void mch_update_smbase_smram(MCHPCIState *mch)
423 {
424     PCIDevice *pd = PCI_DEVICE(mch);
425     uint8_t *reg = pd->config + MCH_HOST_BRIDGE_F_SMBASE;
426     bool lck;
427 
428     if (!mch->has_smram_at_smbase) {
429         return;
430     }
431 
432     if (*reg == MCH_HOST_BRIDGE_F_SMBASE_QUERY) {
433         pd->wmask[MCH_HOST_BRIDGE_F_SMBASE] =
434             MCH_HOST_BRIDGE_F_SMBASE_LCK;
435         *reg = MCH_HOST_BRIDGE_F_SMBASE_IN_RAM;
436         return;
437     }
438 
439     /*
440      * default/reset state, discard written value
441      * which will disable SMRAM balackhole at SMBASE
442      */
443     if (pd->wmask[MCH_HOST_BRIDGE_F_SMBASE] == 0xff) {
444         *reg = 0x00;
445     }
446 
447     memory_region_transaction_begin();
448     if (*reg & MCH_HOST_BRIDGE_F_SMBASE_LCK) {
449         /* disable all writes */
450         pd->wmask[MCH_HOST_BRIDGE_F_SMBASE] &=
451             ~MCH_HOST_BRIDGE_F_SMBASE_LCK;
452         *reg = MCH_HOST_BRIDGE_F_SMBASE_LCK;
453         lck = true;
454     } else {
455         lck = false;
456     }
457     memory_region_set_enabled(&mch->smbase_blackhole, lck);
458     memory_region_set_enabled(&mch->smbase_window, lck);
459     memory_region_transaction_commit();
460 }
461 
462 static void mch_write_config(PCIDevice *d,
463                               uint32_t address, uint32_t val, int len)
464 {
465     MCHPCIState *mch = MCH_PCI_DEVICE(d);
466 
467     pci_default_write_config(d, address, val, len);
468 
469     if (ranges_overlap(address, len, MCH_HOST_BRIDGE_PAM0,
470                        MCH_HOST_BRIDGE_PAM_SIZE)) {
471         mch_update_pam(mch);
472     }
473 
474     if (ranges_overlap(address, len, MCH_HOST_BRIDGE_PCIEXBAR,
475                        MCH_HOST_BRIDGE_PCIEXBAR_SIZE)) {
476         mch_update_pciexbar(mch);
477     }
478 
479     if (ranges_overlap(address, len, MCH_HOST_BRIDGE_SMRAM,
480                        MCH_HOST_BRIDGE_SMRAM_SIZE)) {
481         mch_update_smram(mch);
482     }
483 
484     if (ranges_overlap(address, len, MCH_HOST_BRIDGE_EXT_TSEG_MBYTES,
485                        MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_SIZE)) {
486         mch_update_ext_tseg_mbytes(mch);
487     }
488 
489     if (ranges_overlap(address, len, MCH_HOST_BRIDGE_F_SMBASE, 1)) {
490         mch_update_smbase_smram(mch);
491     }
492 }
493 
494 static void mch_update(MCHPCIState *mch)
495 {
496     mch_update_pciexbar(mch);
497     mch_update_pam(mch);
498     mch_update_smram(mch);
499     mch_update_ext_tseg_mbytes(mch);
500     mch_update_smbase_smram(mch);
501 
502     /*
503      * pci hole goes from end-of-low-ram to io-apic.
504      * mmconfig will be excluded by the dsdt builder.
505      */
506     range_set_bounds(&mch->pci_hole,
507                      mch->below_4g_mem_size,
508                      IO_APIC_DEFAULT_ADDRESS - 1);
509 }
510 
511 static int mch_post_load(void *opaque, int version_id)
512 {
513     MCHPCIState *mch = opaque;
514     mch_update(mch);
515     return 0;
516 }
517 
518 static const VMStateDescription vmstate_mch = {
519     .name = "mch",
520     .version_id = 1,
521     .minimum_version_id = 1,
522     .post_load = mch_post_load,
523     .fields = (VMStateField[]) {
524         VMSTATE_PCI_DEVICE(parent_obj, MCHPCIState),
525         /* Used to be smm_enabled, which was basically always zero because
526          * SeaBIOS hardly uses SMM.  SMRAM is now handled by CPU code.
527          */
528         VMSTATE_UNUSED(1),
529         VMSTATE_END_OF_LIST()
530     }
531 };
532 
533 static void mch_reset(DeviceState *qdev)
534 {
535     PCIDevice *d = PCI_DEVICE(qdev);
536     MCHPCIState *mch = MCH_PCI_DEVICE(d);
537 
538     pci_set_quad(d->config + MCH_HOST_BRIDGE_PCIEXBAR,
539                  MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT);
540 
541     d->config[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_DEFAULT;
542     d->config[MCH_HOST_BRIDGE_ESMRAMC] = MCH_HOST_BRIDGE_ESMRAMC_DEFAULT;
543     d->wmask[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_WMASK;
544     d->wmask[MCH_HOST_BRIDGE_ESMRAMC] = MCH_HOST_BRIDGE_ESMRAMC_WMASK;
545 
546     if (mch->ext_tseg_mbytes > 0) {
547         pci_set_word(d->config + MCH_HOST_BRIDGE_EXT_TSEG_MBYTES,
548                      MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_QUERY);
549     }
550 
551     d->config[MCH_HOST_BRIDGE_F_SMBASE] = 0;
552     d->wmask[MCH_HOST_BRIDGE_F_SMBASE] = 0xff;
553 
554     mch_update(mch);
555 }
556 
557 static void mch_realize(PCIDevice *d, Error **errp)
558 {
559     int i;
560     MCHPCIState *mch = MCH_PCI_DEVICE(d);
561 
562     if (mch->ext_tseg_mbytes > MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_MAX) {
563         error_setg(errp, "invalid extended-tseg-mbytes value: %" PRIu16,
564                    mch->ext_tseg_mbytes);
565         return;
566     }
567 
568     /* setup pci memory mapping */
569     pc_pci_as_mapping_init(mch->system_memory, mch->pci_address_space);
570 
571     /* if *disabled* show SMRAM to all CPUs */
572     memory_region_init_alias(&mch->smram_region, OBJECT(mch), "smram-region",
573                              mch->pci_address_space, MCH_HOST_BRIDGE_SMRAM_C_BASE,
574                              MCH_HOST_BRIDGE_SMRAM_C_SIZE);
575     memory_region_add_subregion_overlap(mch->system_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
576                                         &mch->smram_region, 1);
577     memory_region_set_enabled(&mch->smram_region, true);
578 
579     memory_region_init_alias(&mch->open_high_smram, OBJECT(mch), "smram-open-high",
580                              mch->ram_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
581                              MCH_HOST_BRIDGE_SMRAM_C_SIZE);
582     memory_region_add_subregion_overlap(mch->system_memory, 0xfeda0000,
583                                         &mch->open_high_smram, 1);
584     memory_region_set_enabled(&mch->open_high_smram, false);
585 
586     /* smram, as seen by SMM CPUs */
587     memory_region_init(&mch->smram, OBJECT(mch), "smram", 4 * GiB);
588     memory_region_set_enabled(&mch->smram, true);
589     memory_region_init_alias(&mch->low_smram, OBJECT(mch), "smram-low",
590                              mch->ram_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
591                              MCH_HOST_BRIDGE_SMRAM_C_SIZE);
592     memory_region_set_enabled(&mch->low_smram, true);
593     memory_region_add_subregion(&mch->smram, MCH_HOST_BRIDGE_SMRAM_C_BASE,
594                                 &mch->low_smram);
595     memory_region_init_alias(&mch->high_smram, OBJECT(mch), "smram-high",
596                              mch->ram_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
597                              MCH_HOST_BRIDGE_SMRAM_C_SIZE);
598     memory_region_set_enabled(&mch->high_smram, true);
599     memory_region_add_subregion(&mch->smram, 0xfeda0000, &mch->high_smram);
600 
601     memory_region_init_io(&mch->tseg_blackhole, OBJECT(mch),
602                           &blackhole_ops, NULL,
603                           "tseg-blackhole", 0);
604     memory_region_set_enabled(&mch->tseg_blackhole, false);
605     memory_region_add_subregion_overlap(mch->system_memory,
606                                         mch->below_4g_mem_size,
607                                         &mch->tseg_blackhole, 1);
608 
609     memory_region_init_alias(&mch->tseg_window, OBJECT(mch), "tseg-window",
610                              mch->ram_memory, mch->below_4g_mem_size, 0);
611     memory_region_set_enabled(&mch->tseg_window, false);
612     memory_region_add_subregion(&mch->smram, mch->below_4g_mem_size,
613                                 &mch->tseg_window);
614 
615     /*
616      * This is not what hardware does, so it's QEMU specific hack.
617      * See commit message for details.
618      */
619     memory_region_init_io(&mch->smbase_blackhole, OBJECT(mch), &blackhole_ops,
620                           NULL, "smbase-blackhole",
621                           MCH_HOST_BRIDGE_SMBASE_SIZE);
622     memory_region_set_enabled(&mch->smbase_blackhole, false);
623     memory_region_add_subregion_overlap(mch->system_memory,
624                                         MCH_HOST_BRIDGE_SMBASE_ADDR,
625                                         &mch->smbase_blackhole, 1);
626 
627     memory_region_init_alias(&mch->smbase_window, OBJECT(mch),
628                              "smbase-window", mch->ram_memory,
629                              MCH_HOST_BRIDGE_SMBASE_ADDR,
630                              MCH_HOST_BRIDGE_SMBASE_SIZE);
631     memory_region_set_enabled(&mch->smbase_window, false);
632     memory_region_add_subregion(&mch->smram, MCH_HOST_BRIDGE_SMBASE_ADDR,
633                                 &mch->smbase_window);
634 
635     object_property_add_const_link(qdev_get_machine(), "smram",
636                                    OBJECT(&mch->smram));
637 
638     init_pam(&mch->pam_regions[0], OBJECT(mch), mch->ram_memory,
639              mch->system_memory, mch->pci_address_space,
640              PAM_BIOS_BASE, PAM_BIOS_SIZE);
641     for (i = 0; i < ARRAY_SIZE(mch->pam_regions) - 1; ++i) {
642         init_pam(&mch->pam_regions[i + 1], OBJECT(mch), mch->ram_memory,
643                  mch->system_memory, mch->pci_address_space,
644                  PAM_EXPAN_BASE + i * PAM_EXPAN_SIZE, PAM_EXPAN_SIZE);
645     }
646 }
647 
648 uint64_t mch_mcfg_base(void)
649 {
650     bool ambiguous;
651     Object *o = object_resolve_path_type("", TYPE_MCH_PCI_DEVICE, &ambiguous);
652     if (!o) {
653         return 0;
654     }
655     return MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT;
656 }
657 
658 static Property mch_props[] = {
659     DEFINE_PROP_UINT16("extended-tseg-mbytes", MCHPCIState, ext_tseg_mbytes,
660                        16),
661     DEFINE_PROP_BOOL("smbase-smram", MCHPCIState, has_smram_at_smbase, true),
662     DEFINE_PROP_END_OF_LIST(),
663 };
664 
665 static void mch_class_init(ObjectClass *klass, void *data)
666 {
667     PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
668     DeviceClass *dc = DEVICE_CLASS(klass);
669 
670     k->realize = mch_realize;
671     k->config_write = mch_write_config;
672     dc->reset = mch_reset;
673     device_class_set_props(dc, mch_props);
674     set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
675     dc->desc = "Host bridge";
676     dc->vmsd = &vmstate_mch;
677     k->vendor_id = PCI_VENDOR_ID_INTEL;
678     /*
679      * The 'q35' machine type implements an Intel Series 3 chipset,
680      * of which there are several variants. The key difference between
681      * the 82P35 MCH ('p35') and 82Q35 GMCH ('q35') variants is that
682      * the latter has an integrated graphics adapter. QEMU does not
683      * implement integrated graphics, so uses the PCI ID for the 82P35
684      * chipset.
685      */
686     k->device_id = PCI_DEVICE_ID_INTEL_P35_MCH;
687     k->revision = MCH_HOST_BRIDGE_REVISION_DEFAULT;
688     k->class_id = PCI_CLASS_BRIDGE_HOST;
689     /*
690      * PCI-facing part of the host bridge, not usable without the
691      * host-facing part, which can't be device_add'ed, yet.
692      */
693     dc->user_creatable = false;
694 }
695 
696 static const TypeInfo mch_info = {
697     .name = TYPE_MCH_PCI_DEVICE,
698     .parent = TYPE_PCI_DEVICE,
699     .instance_size = sizeof(MCHPCIState),
700     .class_init = mch_class_init,
701     .interfaces = (InterfaceInfo[]) {
702         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
703         { },
704     },
705 };
706 
707 static void q35_register(void)
708 {
709     type_register_static(&mch_info);
710     type_register_static(&q35_host_info);
711 }
712 
713 type_init(q35_register);
714