xref: /openbmc/qemu/hw/pci-host/q35.c (revision f0984d40)
1 /*
2  * QEMU MCH/ICH9 PCI Bridge Emulation
3  *
4  * Copyright (c) 2006 Fabrice Bellard
5  * Copyright (c) 2009, 2010, 2011
6  *               Isaku Yamahata <yamahata at valinux co jp>
7  *               VA Linux Systems Japan K.K.
8  * Copyright (C) 2012 Jason Baron <jbaron@redhat.com>
9  *
10  * This is based on piix.c, but heavily modified.
11  *
12  * Permission is hereby granted, free of charge, to any person obtaining a copy
13  * of this software and associated documentation files (the "Software"), to deal
14  * in the Software without restriction, including without limitation the rights
15  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
16  * copies of the Software, and to permit persons to whom the Software is
17  * furnished to do so, subject to the following conditions:
18  *
19  * The above copyright notice and this permission notice shall be included in
20  * all copies or substantial portions of the Software.
21  *
22  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
23  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
24  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
25  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
26  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
27  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
28  * THE SOFTWARE.
29  */
30 
31 #include "qemu/osdep.h"
32 #include "qemu/log.h"
33 #include "hw/i386/pc.h"
34 #include "hw/pci-host/q35.h"
35 #include "hw/qdev-properties.h"
36 #include "migration/vmstate.h"
37 #include "qapi/error.h"
38 #include "qapi/visitor.h"
39 #include "qemu/module.h"
40 
41 /****************************************************************************
42  * Q35 host
43  */
44 
45 #define Q35_PCI_HOST_HOLE64_SIZE_DEFAULT (1ULL << 35)
46 
47 static void q35_host_realize(DeviceState *dev, Error **errp)
48 {
49     PCIHostState *pci = PCI_HOST_BRIDGE(dev);
50     Q35PCIHost *s = Q35_HOST_DEVICE(dev);
51     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
52 
53     sysbus_add_io(sbd, MCH_HOST_BRIDGE_CONFIG_ADDR, &pci->conf_mem);
54     sysbus_init_ioports(sbd, MCH_HOST_BRIDGE_CONFIG_ADDR, 4);
55 
56     sysbus_add_io(sbd, MCH_HOST_BRIDGE_CONFIG_DATA, &pci->data_mem);
57     sysbus_init_ioports(sbd, MCH_HOST_BRIDGE_CONFIG_DATA, 4);
58 
59     /* register q35 0xcf8 port as coalesced pio */
60     memory_region_set_flush_coalesced(&pci->data_mem);
61     memory_region_add_coalescing(&pci->conf_mem, 0, 4);
62 
63     pci->bus = pci_root_bus_new(DEVICE(s), "pcie.0",
64                                 s->mch.pci_address_space,
65                                 s->mch.address_space_io,
66                                 0, TYPE_PCIE_BUS);
67     PC_MACHINE(qdev_get_machine())->bus = pci->bus;
68     pci->bypass_iommu =
69         PC_MACHINE(qdev_get_machine())->default_bus_bypass_iommu;
70     qdev_realize(DEVICE(&s->mch), BUS(pci->bus), &error_fatal);
71 }
72 
73 static const char *q35_host_root_bus_path(PCIHostState *host_bridge,
74                                           PCIBus *rootbus)
75 {
76     Q35PCIHost *s = Q35_HOST_DEVICE(host_bridge);
77 
78      /* For backwards compat with old device paths */
79     if (s->mch.short_root_bus) {
80         return "0000";
81     }
82     return "0000:00";
83 }
84 
85 static void q35_host_get_pci_hole_start(Object *obj, Visitor *v,
86                                         const char *name, void *opaque,
87                                         Error **errp)
88 {
89     Q35PCIHost *s = Q35_HOST_DEVICE(obj);
90     uint64_t val64;
91     uint32_t value;
92 
93     val64 = range_is_empty(&s->mch.pci_hole)
94         ? 0 : range_lob(&s->mch.pci_hole);
95     value = val64;
96     assert(value == val64);
97     visit_type_uint32(v, name, &value, errp);
98 }
99 
100 static void q35_host_get_pci_hole_end(Object *obj, Visitor *v,
101                                       const char *name, void *opaque,
102                                       Error **errp)
103 {
104     Q35PCIHost *s = Q35_HOST_DEVICE(obj);
105     uint64_t val64;
106     uint32_t value;
107 
108     val64 = range_is_empty(&s->mch.pci_hole)
109         ? 0 : range_upb(&s->mch.pci_hole) + 1;
110     value = val64;
111     assert(value == val64);
112     visit_type_uint32(v, name, &value, errp);
113 }
114 
115 /*
116  * The 64bit PCI hole start is set by the Guest firmware
117  * as the address of the first 64bit PCI MEM resource.
118  * If no PCI device has resources on the 64bit area,
119  * the 64bit PCI hole will start after "over 4G RAM" and the
120  * reserved space for memory hotplug if any.
121  */
122 static uint64_t q35_host_get_pci_hole64_start_value(Object *obj)
123 {
124     PCIHostState *h = PCI_HOST_BRIDGE(obj);
125     Q35PCIHost *s = Q35_HOST_DEVICE(obj);
126     Range w64;
127     uint64_t value;
128 
129     pci_bus_get_w64_range(h->bus, &w64);
130     value = range_is_empty(&w64) ? 0 : range_lob(&w64);
131     if (!value && s->pci_hole64_fix) {
132         value = pc_pci_hole64_start();
133     }
134     return value;
135 }
136 
137 static void q35_host_get_pci_hole64_start(Object *obj, Visitor *v,
138                                           const char *name, void *opaque,
139                                           Error **errp)
140 {
141     uint64_t hole64_start = q35_host_get_pci_hole64_start_value(obj);
142 
143     visit_type_uint64(v, name, &hole64_start, errp);
144 }
145 
146 /*
147  * The 64bit PCI hole end is set by the Guest firmware
148  * as the address of the last 64bit PCI MEM resource.
149  * Then it is expanded to the PCI_HOST_PROP_PCI_HOLE64_SIZE
150  * that can be configured by the user.
151  */
152 static void q35_host_get_pci_hole64_end(Object *obj, Visitor *v,
153                                         const char *name, void *opaque,
154                                         Error **errp)
155 {
156     PCIHostState *h = PCI_HOST_BRIDGE(obj);
157     Q35PCIHost *s = Q35_HOST_DEVICE(obj);
158     uint64_t hole64_start = q35_host_get_pci_hole64_start_value(obj);
159     Range w64;
160     uint64_t value, hole64_end;
161 
162     pci_bus_get_w64_range(h->bus, &w64);
163     value = range_is_empty(&w64) ? 0 : range_upb(&w64) + 1;
164     hole64_end = ROUND_UP(hole64_start + s->mch.pci_hole64_size, 1ULL << 30);
165     if (s->pci_hole64_fix && value < hole64_end) {
166         value = hole64_end;
167     }
168     visit_type_uint64(v, name, &value, errp);
169 }
170 
171 /*
172  * NOTE: setting defaults for the mch.* fields in this table
173  * doesn't work, because mch is a separate QOM object that is
174  * zeroed by the object_initialize(&s->mch, ...) call inside
175  * q35_host_initfn().  The default values for those
176  * properties need to be initialized manually by
177  * q35_host_initfn() after the object_initialize() call.
178  */
179 static Property q35_host_props[] = {
180     DEFINE_PROP_UINT64(PCIE_HOST_MCFG_BASE, Q35PCIHost, parent_obj.base_addr,
181                         MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT),
182     DEFINE_PROP_SIZE(PCI_HOST_PROP_PCI_HOLE64_SIZE, Q35PCIHost,
183                      mch.pci_hole64_size, Q35_PCI_HOST_HOLE64_SIZE_DEFAULT),
184     DEFINE_PROP_UINT32("short_root_bus", Q35PCIHost, mch.short_root_bus, 0),
185     DEFINE_PROP_SIZE(PCI_HOST_BELOW_4G_MEM_SIZE, Q35PCIHost,
186                      mch.below_4g_mem_size, 0),
187     DEFINE_PROP_SIZE(PCI_HOST_ABOVE_4G_MEM_SIZE, Q35PCIHost,
188                      mch.above_4g_mem_size, 0),
189     DEFINE_PROP_BOOL("x-pci-hole64-fix", Q35PCIHost, pci_hole64_fix, true),
190     DEFINE_PROP_END_OF_LIST(),
191 };
192 
193 static void q35_host_class_init(ObjectClass *klass, void *data)
194 {
195     DeviceClass *dc = DEVICE_CLASS(klass);
196     PCIHostBridgeClass *hc = PCI_HOST_BRIDGE_CLASS(klass);
197 
198     hc->root_bus_path = q35_host_root_bus_path;
199     dc->realize = q35_host_realize;
200     device_class_set_props(dc, q35_host_props);
201     /* Reason: needs to be wired up by pc_q35_init */
202     dc->user_creatable = false;
203     set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
204     dc->fw_name = "pci";
205 }
206 
207 static void q35_host_initfn(Object *obj)
208 {
209     Q35PCIHost *s = Q35_HOST_DEVICE(obj);
210     PCIHostState *phb = PCI_HOST_BRIDGE(obj);
211     PCIExpressHost *pehb = PCIE_HOST_BRIDGE(obj);
212 
213     memory_region_init_io(&phb->conf_mem, obj, &pci_host_conf_le_ops, phb,
214                           "pci-conf-idx", 4);
215     memory_region_init_io(&phb->data_mem, obj, &pci_host_data_le_ops, phb,
216                           "pci-conf-data", 4);
217 
218     object_initialize_child(OBJECT(s), "mch", &s->mch, TYPE_MCH_PCI_DEVICE);
219     qdev_prop_set_int32(DEVICE(&s->mch), "addr", PCI_DEVFN(0, 0));
220     qdev_prop_set_bit(DEVICE(&s->mch), "multifunction", false);
221     /* mch's object_initialize resets the default value, set it again */
222     qdev_prop_set_uint64(DEVICE(s), PCI_HOST_PROP_PCI_HOLE64_SIZE,
223                          Q35_PCI_HOST_HOLE64_SIZE_DEFAULT);
224     object_property_add(obj, PCI_HOST_PROP_PCI_HOLE_START, "uint32",
225                         q35_host_get_pci_hole_start,
226                         NULL, NULL, NULL);
227 
228     object_property_add(obj, PCI_HOST_PROP_PCI_HOLE_END, "uint32",
229                         q35_host_get_pci_hole_end,
230                         NULL, NULL, NULL);
231 
232     object_property_add(obj, PCI_HOST_PROP_PCI_HOLE64_START, "uint64",
233                         q35_host_get_pci_hole64_start,
234                         NULL, NULL, NULL);
235 
236     object_property_add(obj, PCI_HOST_PROP_PCI_HOLE64_END, "uint64",
237                         q35_host_get_pci_hole64_end,
238                         NULL, NULL, NULL);
239 
240     object_property_add_uint64_ptr(obj, PCIE_HOST_MCFG_SIZE,
241                                    &pehb->size, OBJ_PROP_FLAG_READ);
242 
243     object_property_add_link(obj, MCH_HOST_PROP_RAM_MEM, TYPE_MEMORY_REGION,
244                              (Object **) &s->mch.ram_memory,
245                              qdev_prop_allow_set_link_before_realize, 0);
246 
247     object_property_add_link(obj, MCH_HOST_PROP_PCI_MEM, TYPE_MEMORY_REGION,
248                              (Object **) &s->mch.pci_address_space,
249                              qdev_prop_allow_set_link_before_realize, 0);
250 
251     object_property_add_link(obj, MCH_HOST_PROP_SYSTEM_MEM, TYPE_MEMORY_REGION,
252                              (Object **) &s->mch.system_memory,
253                              qdev_prop_allow_set_link_before_realize, 0);
254 
255     object_property_add_link(obj, MCH_HOST_PROP_IO_MEM, TYPE_MEMORY_REGION,
256                              (Object **) &s->mch.address_space_io,
257                              qdev_prop_allow_set_link_before_realize, 0);
258 }
259 
260 static const TypeInfo q35_host_info = {
261     .name       = TYPE_Q35_HOST_DEVICE,
262     .parent     = TYPE_PCIE_HOST_BRIDGE,
263     .instance_size = sizeof(Q35PCIHost),
264     .instance_init = q35_host_initfn,
265     .class_init = q35_host_class_init,
266 };
267 
268 /****************************************************************************
269  * MCH D0:F0
270  */
271 
272 static uint64_t blackhole_read(void *ptr, hwaddr reg, unsigned size)
273 {
274     return 0xffffffff;
275 }
276 
277 static void blackhole_write(void *opaque, hwaddr addr, uint64_t val,
278                             unsigned width)
279 {
280     /* nothing */
281 }
282 
283 static const MemoryRegionOps blackhole_ops = {
284     .read = blackhole_read,
285     .write = blackhole_write,
286     .endianness = DEVICE_NATIVE_ENDIAN,
287     .valid.min_access_size = 1,
288     .valid.max_access_size = 4,
289     .impl.min_access_size = 4,
290     .impl.max_access_size = 4,
291     .endianness = DEVICE_LITTLE_ENDIAN,
292 };
293 
294 /* PCIe MMCFG */
295 static void mch_update_pciexbar(MCHPCIState *mch)
296 {
297     PCIDevice *pci_dev = PCI_DEVICE(mch);
298     BusState *bus = qdev_get_parent_bus(DEVICE(mch));
299     PCIExpressHost *pehb = PCIE_HOST_BRIDGE(bus->parent);
300 
301     uint64_t pciexbar;
302     int enable;
303     uint64_t addr;
304     uint64_t addr_mask;
305     uint32_t length;
306 
307     pciexbar = pci_get_quad(pci_dev->config + MCH_HOST_BRIDGE_PCIEXBAR);
308     enable = pciexbar & MCH_HOST_BRIDGE_PCIEXBAREN;
309     addr_mask = MCH_HOST_BRIDGE_PCIEXBAR_ADMSK;
310     switch (pciexbar & MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_MASK) {
311     case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_256M:
312         length = 256 * 1024 * 1024;
313         break;
314     case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_128M:
315         length = 128 * 1024 * 1024;
316         addr_mask |= MCH_HOST_BRIDGE_PCIEXBAR_128ADMSK |
317             MCH_HOST_BRIDGE_PCIEXBAR_64ADMSK;
318         break;
319     case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_64M:
320         length = 64 * 1024 * 1024;
321         addr_mask |= MCH_HOST_BRIDGE_PCIEXBAR_64ADMSK;
322         break;
323     case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_RVD:
324         qemu_log_mask(LOG_GUEST_ERROR, "Q35: Reserved PCIEXBAR LENGTH\n");
325         return;
326     default:
327         abort();
328     }
329     addr = pciexbar & addr_mask;
330     pcie_host_mmcfg_update(pehb, enable, addr, length);
331 }
332 
333 /* PAM */
334 static void mch_update_pam(MCHPCIState *mch)
335 {
336     PCIDevice *pd = PCI_DEVICE(mch);
337     int i;
338 
339     memory_region_transaction_begin();
340     for (i = 0; i < 13; i++) {
341         pam_update(&mch->pam_regions[i], i,
342                    pd->config[MCH_HOST_BRIDGE_PAM0 + DIV_ROUND_UP(i, 2)]);
343     }
344     memory_region_transaction_commit();
345 }
346 
347 /* SMRAM */
348 static void mch_update_smram(MCHPCIState *mch)
349 {
350     PCIDevice *pd = PCI_DEVICE(mch);
351     bool h_smrame = (pd->config[MCH_HOST_BRIDGE_ESMRAMC] & MCH_HOST_BRIDGE_ESMRAMC_H_SMRAME);
352     uint32_t tseg_size;
353 
354     /* implement SMRAM.D_LCK */
355     if (pd->config[MCH_HOST_BRIDGE_SMRAM] & MCH_HOST_BRIDGE_SMRAM_D_LCK) {
356         pd->config[MCH_HOST_BRIDGE_SMRAM] &= ~MCH_HOST_BRIDGE_SMRAM_D_OPEN;
357         pd->wmask[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_WMASK_LCK;
358         pd->wmask[MCH_HOST_BRIDGE_ESMRAMC] = MCH_HOST_BRIDGE_ESMRAMC_WMASK_LCK;
359     }
360 
361     memory_region_transaction_begin();
362 
363     if (pd->config[MCH_HOST_BRIDGE_SMRAM] & SMRAM_D_OPEN) {
364         /* Hide (!) low SMRAM if H_SMRAME = 1 */
365         memory_region_set_enabled(&mch->smram_region, h_smrame);
366         /* Show high SMRAM if H_SMRAME = 1 */
367         memory_region_set_enabled(&mch->open_high_smram, h_smrame);
368     } else {
369         /* Hide high SMRAM and low SMRAM */
370         memory_region_set_enabled(&mch->smram_region, true);
371         memory_region_set_enabled(&mch->open_high_smram, false);
372     }
373 
374     if (pd->config[MCH_HOST_BRIDGE_SMRAM] & SMRAM_G_SMRAME) {
375         memory_region_set_enabled(&mch->low_smram, !h_smrame);
376         memory_region_set_enabled(&mch->high_smram, h_smrame);
377     } else {
378         memory_region_set_enabled(&mch->low_smram, false);
379         memory_region_set_enabled(&mch->high_smram, false);
380     }
381 
382     if ((pd->config[MCH_HOST_BRIDGE_ESMRAMC] & MCH_HOST_BRIDGE_ESMRAMC_T_EN) &&
383         (pd->config[MCH_HOST_BRIDGE_SMRAM] & SMRAM_G_SMRAME)) {
384         switch (pd->config[MCH_HOST_BRIDGE_ESMRAMC] &
385                 MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_MASK) {
386         case MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_1MB:
387             tseg_size = 1024 * 1024;
388             break;
389         case MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_2MB:
390             tseg_size = 1024 * 1024 * 2;
391             break;
392         case MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_8MB:
393             tseg_size = 1024 * 1024 * 8;
394             break;
395         default:
396             tseg_size = 1024 * 1024 * (uint32_t)mch->ext_tseg_mbytes;
397             break;
398         }
399     } else {
400         tseg_size = 0;
401     }
402     memory_region_del_subregion(mch->system_memory, &mch->tseg_blackhole);
403     memory_region_set_enabled(&mch->tseg_blackhole, tseg_size);
404     memory_region_set_size(&mch->tseg_blackhole, tseg_size);
405     memory_region_add_subregion_overlap(mch->system_memory,
406                                         mch->below_4g_mem_size - tseg_size,
407                                         &mch->tseg_blackhole, 1);
408 
409     memory_region_set_enabled(&mch->tseg_window, tseg_size);
410     memory_region_set_size(&mch->tseg_window, tseg_size);
411     memory_region_set_address(&mch->tseg_window,
412                               mch->below_4g_mem_size - tseg_size);
413     memory_region_set_alias_offset(&mch->tseg_window,
414                                    mch->below_4g_mem_size - tseg_size);
415 
416     memory_region_transaction_commit();
417 }
418 
419 static void mch_update_ext_tseg_mbytes(MCHPCIState *mch)
420 {
421     PCIDevice *pd = PCI_DEVICE(mch);
422     uint8_t *reg = pd->config + MCH_HOST_BRIDGE_EXT_TSEG_MBYTES;
423 
424     if (mch->ext_tseg_mbytes > 0 &&
425         pci_get_word(reg) == MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_QUERY) {
426         pci_set_word(reg, mch->ext_tseg_mbytes);
427     }
428 }
429 
430 static void mch_update_smbase_smram(MCHPCIState *mch)
431 {
432     PCIDevice *pd = PCI_DEVICE(mch);
433     uint8_t *reg = pd->config + MCH_HOST_BRIDGE_F_SMBASE;
434     bool lck;
435 
436     if (!mch->has_smram_at_smbase) {
437         return;
438     }
439 
440     if (*reg == MCH_HOST_BRIDGE_F_SMBASE_QUERY) {
441         pd->wmask[MCH_HOST_BRIDGE_F_SMBASE] =
442             MCH_HOST_BRIDGE_F_SMBASE_LCK;
443         *reg = MCH_HOST_BRIDGE_F_SMBASE_IN_RAM;
444         return;
445     }
446 
447     /*
448      * default/reset state, discard written value
449      * which will disable SMRAM balackhole at SMBASE
450      */
451     if (pd->wmask[MCH_HOST_BRIDGE_F_SMBASE] == 0xff) {
452         *reg = 0x00;
453     }
454 
455     memory_region_transaction_begin();
456     if (*reg & MCH_HOST_BRIDGE_F_SMBASE_LCK) {
457         /* disable all writes */
458         pd->wmask[MCH_HOST_BRIDGE_F_SMBASE] &=
459             ~MCH_HOST_BRIDGE_F_SMBASE_LCK;
460         *reg = MCH_HOST_BRIDGE_F_SMBASE_LCK;
461         lck = true;
462     } else {
463         lck = false;
464     }
465     memory_region_set_enabled(&mch->smbase_blackhole, lck);
466     memory_region_set_enabled(&mch->smbase_window, lck);
467     memory_region_transaction_commit();
468 }
469 
470 static void mch_write_config(PCIDevice *d,
471                               uint32_t address, uint32_t val, int len)
472 {
473     MCHPCIState *mch = MCH_PCI_DEVICE(d);
474 
475     pci_default_write_config(d, address, val, len);
476 
477     if (ranges_overlap(address, len, MCH_HOST_BRIDGE_PAM0,
478                        MCH_HOST_BRIDGE_PAM_SIZE)) {
479         mch_update_pam(mch);
480     }
481 
482     if (ranges_overlap(address, len, MCH_HOST_BRIDGE_PCIEXBAR,
483                        MCH_HOST_BRIDGE_PCIEXBAR_SIZE)) {
484         mch_update_pciexbar(mch);
485     }
486 
487     if (ranges_overlap(address, len, MCH_HOST_BRIDGE_SMRAM,
488                        MCH_HOST_BRIDGE_SMRAM_SIZE)) {
489         mch_update_smram(mch);
490     }
491 
492     if (ranges_overlap(address, len, MCH_HOST_BRIDGE_EXT_TSEG_MBYTES,
493                        MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_SIZE)) {
494         mch_update_ext_tseg_mbytes(mch);
495     }
496 
497     if (ranges_overlap(address, len, MCH_HOST_BRIDGE_F_SMBASE, 1)) {
498         mch_update_smbase_smram(mch);
499     }
500 }
501 
502 static void mch_update(MCHPCIState *mch)
503 {
504     mch_update_pciexbar(mch);
505     mch_update_pam(mch);
506     mch_update_smram(mch);
507     mch_update_ext_tseg_mbytes(mch);
508     mch_update_smbase_smram(mch);
509 
510     /*
511      * pci hole goes from end-of-low-ram to io-apic.
512      * mmconfig will be excluded by the dsdt builder.
513      */
514     range_set_bounds(&mch->pci_hole,
515                      mch->below_4g_mem_size,
516                      IO_APIC_DEFAULT_ADDRESS - 1);
517 }
518 
519 static int mch_post_load(void *opaque, int version_id)
520 {
521     MCHPCIState *mch = opaque;
522     mch_update(mch);
523     return 0;
524 }
525 
526 static const VMStateDescription vmstate_mch = {
527     .name = "mch",
528     .version_id = 1,
529     .minimum_version_id = 1,
530     .post_load = mch_post_load,
531     .fields = (VMStateField[]) {
532         VMSTATE_PCI_DEVICE(parent_obj, MCHPCIState),
533         /* Used to be smm_enabled, which was basically always zero because
534          * SeaBIOS hardly uses SMM.  SMRAM is now handled by CPU code.
535          */
536         VMSTATE_UNUSED(1),
537         VMSTATE_END_OF_LIST()
538     }
539 };
540 
541 static void mch_reset(DeviceState *qdev)
542 {
543     PCIDevice *d = PCI_DEVICE(qdev);
544     MCHPCIState *mch = MCH_PCI_DEVICE(d);
545 
546     pci_set_quad(d->config + MCH_HOST_BRIDGE_PCIEXBAR,
547                  MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT);
548 
549     d->config[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_DEFAULT;
550     d->config[MCH_HOST_BRIDGE_ESMRAMC] = MCH_HOST_BRIDGE_ESMRAMC_DEFAULT;
551     d->wmask[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_WMASK;
552     d->wmask[MCH_HOST_BRIDGE_ESMRAMC] = MCH_HOST_BRIDGE_ESMRAMC_WMASK;
553 
554     if (mch->ext_tseg_mbytes > 0) {
555         pci_set_word(d->config + MCH_HOST_BRIDGE_EXT_TSEG_MBYTES,
556                      MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_QUERY);
557     }
558 
559     d->config[MCH_HOST_BRIDGE_F_SMBASE] = 0;
560     d->wmask[MCH_HOST_BRIDGE_F_SMBASE] = 0xff;
561 
562     mch_update(mch);
563 }
564 
565 static void mch_realize(PCIDevice *d, Error **errp)
566 {
567     int i;
568     MCHPCIState *mch = MCH_PCI_DEVICE(d);
569 
570     if (mch->ext_tseg_mbytes > MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_MAX) {
571         error_setg(errp, "invalid extended-tseg-mbytes value: %" PRIu16,
572                    mch->ext_tseg_mbytes);
573         return;
574     }
575 
576     /* setup pci memory mapping */
577     pc_pci_as_mapping_init(mch->system_memory, mch->pci_address_space);
578 
579     /* if *disabled* show SMRAM to all CPUs */
580     memory_region_init_alias(&mch->smram_region, OBJECT(mch), "smram-region",
581                              mch->pci_address_space, MCH_HOST_BRIDGE_SMRAM_C_BASE,
582                              MCH_HOST_BRIDGE_SMRAM_C_SIZE);
583     memory_region_add_subregion_overlap(mch->system_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
584                                         &mch->smram_region, 1);
585     memory_region_set_enabled(&mch->smram_region, true);
586 
587     memory_region_init_alias(&mch->open_high_smram, OBJECT(mch), "smram-open-high",
588                              mch->ram_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
589                              MCH_HOST_BRIDGE_SMRAM_C_SIZE);
590     memory_region_add_subregion_overlap(mch->system_memory, 0xfeda0000,
591                                         &mch->open_high_smram, 1);
592     memory_region_set_enabled(&mch->open_high_smram, false);
593 
594     /* smram, as seen by SMM CPUs */
595     memory_region_init(&mch->smram, OBJECT(mch), "smram", 4 * GiB);
596     memory_region_set_enabled(&mch->smram, true);
597     memory_region_init_alias(&mch->low_smram, OBJECT(mch), "smram-low",
598                              mch->ram_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
599                              MCH_HOST_BRIDGE_SMRAM_C_SIZE);
600     memory_region_set_enabled(&mch->low_smram, true);
601     memory_region_add_subregion(&mch->smram, MCH_HOST_BRIDGE_SMRAM_C_BASE,
602                                 &mch->low_smram);
603     memory_region_init_alias(&mch->high_smram, OBJECT(mch), "smram-high",
604                              mch->ram_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
605                              MCH_HOST_BRIDGE_SMRAM_C_SIZE);
606     memory_region_set_enabled(&mch->high_smram, true);
607     memory_region_add_subregion(&mch->smram, 0xfeda0000, &mch->high_smram);
608 
609     memory_region_init_io(&mch->tseg_blackhole, OBJECT(mch),
610                           &blackhole_ops, NULL,
611                           "tseg-blackhole", 0);
612     memory_region_set_enabled(&mch->tseg_blackhole, false);
613     memory_region_add_subregion_overlap(mch->system_memory,
614                                         mch->below_4g_mem_size,
615                                         &mch->tseg_blackhole, 1);
616 
617     memory_region_init_alias(&mch->tseg_window, OBJECT(mch), "tseg-window",
618                              mch->ram_memory, mch->below_4g_mem_size, 0);
619     memory_region_set_enabled(&mch->tseg_window, false);
620     memory_region_add_subregion(&mch->smram, mch->below_4g_mem_size,
621                                 &mch->tseg_window);
622 
623     /*
624      * This is not what hardware does, so it's QEMU specific hack.
625      * See commit message for details.
626      */
627     memory_region_init_io(&mch->smbase_blackhole, OBJECT(mch), &blackhole_ops,
628                           NULL, "smbase-blackhole",
629                           MCH_HOST_BRIDGE_SMBASE_SIZE);
630     memory_region_set_enabled(&mch->smbase_blackhole, false);
631     memory_region_add_subregion_overlap(mch->system_memory,
632                                         MCH_HOST_BRIDGE_SMBASE_ADDR,
633                                         &mch->smbase_blackhole, 1);
634 
635     memory_region_init_alias(&mch->smbase_window, OBJECT(mch),
636                              "smbase-window", mch->ram_memory,
637                              MCH_HOST_BRIDGE_SMBASE_ADDR,
638                              MCH_HOST_BRIDGE_SMBASE_SIZE);
639     memory_region_set_enabled(&mch->smbase_window, false);
640     memory_region_add_subregion(&mch->smram, MCH_HOST_BRIDGE_SMBASE_ADDR,
641                                 &mch->smbase_window);
642 
643     object_property_add_const_link(qdev_get_machine(), "smram",
644                                    OBJECT(&mch->smram));
645 
646     init_pam(DEVICE(mch), mch->ram_memory, mch->system_memory,
647              mch->pci_address_space, &mch->pam_regions[0],
648              PAM_BIOS_BASE, PAM_BIOS_SIZE);
649     for (i = 0; i < ARRAY_SIZE(mch->pam_regions) - 1; ++i) {
650         init_pam(DEVICE(mch), mch->ram_memory, mch->system_memory,
651                  mch->pci_address_space, &mch->pam_regions[i+1],
652                  PAM_EXPAN_BASE + i * PAM_EXPAN_SIZE, PAM_EXPAN_SIZE);
653     }
654 }
655 
656 uint64_t mch_mcfg_base(void)
657 {
658     bool ambiguous;
659     Object *o = object_resolve_path_type("", TYPE_MCH_PCI_DEVICE, &ambiguous);
660     if (!o) {
661         return 0;
662     }
663     return MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT;
664 }
665 
666 static Property mch_props[] = {
667     DEFINE_PROP_UINT16("extended-tseg-mbytes", MCHPCIState, ext_tseg_mbytes,
668                        16),
669     DEFINE_PROP_BOOL("smbase-smram", MCHPCIState, has_smram_at_smbase, true),
670     DEFINE_PROP_END_OF_LIST(),
671 };
672 
673 static void mch_class_init(ObjectClass *klass, void *data)
674 {
675     PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
676     DeviceClass *dc = DEVICE_CLASS(klass);
677 
678     k->realize = mch_realize;
679     k->config_write = mch_write_config;
680     dc->reset = mch_reset;
681     device_class_set_props(dc, mch_props);
682     set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
683     dc->desc = "Host bridge";
684     dc->vmsd = &vmstate_mch;
685     k->vendor_id = PCI_VENDOR_ID_INTEL;
686     /*
687      * The 'q35' machine type implements an Intel Series 3 chipset,
688      * of which there are several variants. The key difference between
689      * the 82P35 MCH ('p35') and 82Q35 GMCH ('q35') variants is that
690      * the latter has an integrated graphics adapter. QEMU does not
691      * implement integrated graphics, so uses the PCI ID for the 82P35
692      * chipset.
693      */
694     k->device_id = PCI_DEVICE_ID_INTEL_P35_MCH;
695     k->revision = MCH_HOST_BRIDGE_REVISION_DEFAULT;
696     k->class_id = PCI_CLASS_BRIDGE_HOST;
697     /*
698      * PCI-facing part of the host bridge, not usable without the
699      * host-facing part, which can't be device_add'ed, yet.
700      */
701     dc->user_creatable = false;
702 }
703 
704 static const TypeInfo mch_info = {
705     .name = TYPE_MCH_PCI_DEVICE,
706     .parent = TYPE_PCI_DEVICE,
707     .instance_size = sizeof(MCHPCIState),
708     .class_init = mch_class_init,
709     .interfaces = (InterfaceInfo[]) {
710         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
711         { },
712     },
713 };
714 
715 static void q35_register(void)
716 {
717     type_register_static(&mch_info);
718     type_register_static(&q35_host_info);
719 }
720 
721 type_init(q35_register);
722