xref: /openbmc/qemu/hw/ppc/spapr_pci.c (revision 2038f8c8)
1 /*
2  * QEMU sPAPR PCI host originated from Uninorth PCI host
3  *
4  * Copyright (c) 2011 Alexey Kardashevskiy, IBM Corporation.
5  * Copyright (C) 2011 David Gibson, IBM Corporation.
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23  * THE SOFTWARE.
24  */
25 
26 #include "qemu/osdep.h"
27 #include "qapi/error.h"
28 #include "cpu.h"
29 #include "hw/irq.h"
30 #include "hw/sysbus.h"
31 #include "migration/vmstate.h"
32 #include "hw/pci/pci.h"
33 #include "hw/pci/msi.h"
34 #include "hw/pci/msix.h"
35 #include "hw/pci/pci_host.h"
36 #include "hw/ppc/spapr.h"
37 #include "hw/pci-host/spapr.h"
38 #include "exec/address-spaces.h"
39 #include "exec/ram_addr.h"
40 #include <libfdt.h>
41 #include "trace.h"
42 #include "qemu/error-report.h"
43 #include "qemu/module.h"
44 #include "qapi/qmp/qerror.h"
45 #include "hw/ppc/fdt.h"
46 #include "hw/pci/pci_bridge.h"
47 #include "hw/pci/pci_bus.h"
48 #include "hw/pci/pci_ids.h"
49 #include "hw/ppc/spapr_drc.h"
50 #include "hw/qdev-properties.h"
51 #include "sysemu/device_tree.h"
52 #include "sysemu/kvm.h"
53 #include "sysemu/hostmem.h"
54 #include "sysemu/numa.h"
55 
56 /* Copied from the kernel arch/powerpc/platforms/pseries/msi.c */
57 #define RTAS_QUERY_FN           0
58 #define RTAS_CHANGE_FN          1
59 #define RTAS_RESET_FN           2
60 #define RTAS_CHANGE_MSI_FN      3
61 #define RTAS_CHANGE_MSIX_FN     4
62 
63 /* Interrupt types to return on RTAS_CHANGE_* */
64 #define RTAS_TYPE_MSI           1
65 #define RTAS_TYPE_MSIX          2
66 
67 SpaprPhbState *spapr_pci_find_phb(SpaprMachineState *spapr, uint64_t buid)
68 {
69     SpaprPhbState *sphb;
70 
71     QLIST_FOREACH(sphb, &spapr->phbs, list) {
72         if (sphb->buid != buid) {
73             continue;
74         }
75         return sphb;
76     }
77 
78     return NULL;
79 }
80 
81 PCIDevice *spapr_pci_find_dev(SpaprMachineState *spapr, uint64_t buid,
82                               uint32_t config_addr)
83 {
84     SpaprPhbState *sphb = spapr_pci_find_phb(spapr, buid);
85     PCIHostState *phb = PCI_HOST_BRIDGE(sphb);
86     int bus_num = (config_addr >> 16) & 0xFF;
87     int devfn = (config_addr >> 8) & 0xFF;
88 
89     if (!phb) {
90         return NULL;
91     }
92 
93     return pci_find_device(phb->bus, bus_num, devfn);
94 }
95 
96 static uint32_t rtas_pci_cfgaddr(uint32_t arg)
97 {
98     /* This handles the encoding of extended config space addresses */
99     return ((arg >> 20) & 0xf00) | (arg & 0xff);
100 }
101 
102 static void finish_read_pci_config(SpaprMachineState *spapr, uint64_t buid,
103                                    uint32_t addr, uint32_t size,
104                                    target_ulong rets)
105 {
106     PCIDevice *pci_dev;
107     uint32_t val;
108 
109     if ((size != 1) && (size != 2) && (size != 4)) {
110         /* access must be 1, 2 or 4 bytes */
111         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
112         return;
113     }
114 
115     pci_dev = spapr_pci_find_dev(spapr, buid, addr);
116     addr = rtas_pci_cfgaddr(addr);
117 
118     if (!pci_dev || (addr % size) || (addr >= pci_config_size(pci_dev))) {
119         /* Access must be to a valid device, within bounds and
120          * naturally aligned */
121         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
122         return;
123     }
124 
125     val = pci_host_config_read_common(pci_dev, addr,
126                                       pci_config_size(pci_dev), size);
127 
128     rtas_st(rets, 0, RTAS_OUT_SUCCESS);
129     rtas_st(rets, 1, val);
130 }
131 
132 static void rtas_ibm_read_pci_config(PowerPCCPU *cpu, SpaprMachineState *spapr,
133                                      uint32_t token, uint32_t nargs,
134                                      target_ulong args,
135                                      uint32_t nret, target_ulong rets)
136 {
137     uint64_t buid;
138     uint32_t size, addr;
139 
140     if ((nargs != 4) || (nret != 2)) {
141         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
142         return;
143     }
144 
145     buid = rtas_ldq(args, 1);
146     size = rtas_ld(args, 3);
147     addr = rtas_ld(args, 0);
148 
149     finish_read_pci_config(spapr, buid, addr, size, rets);
150 }
151 
152 static void rtas_read_pci_config(PowerPCCPU *cpu, SpaprMachineState *spapr,
153                                  uint32_t token, uint32_t nargs,
154                                  target_ulong args,
155                                  uint32_t nret, target_ulong rets)
156 {
157     uint32_t size, addr;
158 
159     if ((nargs != 2) || (nret != 2)) {
160         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
161         return;
162     }
163 
164     size = rtas_ld(args, 1);
165     addr = rtas_ld(args, 0);
166 
167     finish_read_pci_config(spapr, 0, addr, size, rets);
168 }
169 
170 static void finish_write_pci_config(SpaprMachineState *spapr, uint64_t buid,
171                                     uint32_t addr, uint32_t size,
172                                     uint32_t val, target_ulong rets)
173 {
174     PCIDevice *pci_dev;
175 
176     if ((size != 1) && (size != 2) && (size != 4)) {
177         /* access must be 1, 2 or 4 bytes */
178         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
179         return;
180     }
181 
182     pci_dev = spapr_pci_find_dev(spapr, buid, addr);
183     addr = rtas_pci_cfgaddr(addr);
184 
185     if (!pci_dev || (addr % size) || (addr >= pci_config_size(pci_dev))) {
186         /* Access must be to a valid device, within bounds and
187          * naturally aligned */
188         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
189         return;
190     }
191 
192     pci_host_config_write_common(pci_dev, addr, pci_config_size(pci_dev),
193                                  val, size);
194 
195     rtas_st(rets, 0, RTAS_OUT_SUCCESS);
196 }
197 
198 static void rtas_ibm_write_pci_config(PowerPCCPU *cpu, SpaprMachineState *spapr,
199                                       uint32_t token, uint32_t nargs,
200                                       target_ulong args,
201                                       uint32_t nret, target_ulong rets)
202 {
203     uint64_t buid;
204     uint32_t val, size, addr;
205 
206     if ((nargs != 5) || (nret != 1)) {
207         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
208         return;
209     }
210 
211     buid = rtas_ldq(args, 1);
212     val = rtas_ld(args, 4);
213     size = rtas_ld(args, 3);
214     addr = rtas_ld(args, 0);
215 
216     finish_write_pci_config(spapr, buid, addr, size, val, rets);
217 }
218 
219 static void rtas_write_pci_config(PowerPCCPU *cpu, SpaprMachineState *spapr,
220                                   uint32_t token, uint32_t nargs,
221                                   target_ulong args,
222                                   uint32_t nret, target_ulong rets)
223 {
224     uint32_t val, size, addr;
225 
226     if ((nargs != 3) || (nret != 1)) {
227         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
228         return;
229     }
230 
231 
232     val = rtas_ld(args, 2);
233     size = rtas_ld(args, 1);
234     addr = rtas_ld(args, 0);
235 
236     finish_write_pci_config(spapr, 0, addr, size, val, rets);
237 }
238 
239 /*
240  * Set MSI/MSIX message data.
241  * This is required for msi_notify()/msix_notify() which
242  * will write at the addresses via spapr_msi_write().
243  *
244  * If hwaddr == 0, all entries will have .data == first_irq i.e.
245  * table will be reset.
246  */
247 static void spapr_msi_setmsg(PCIDevice *pdev, hwaddr addr, bool msix,
248                              unsigned first_irq, unsigned req_num)
249 {
250     unsigned i;
251     MSIMessage msg = { .address = addr, .data = first_irq };
252 
253     if (!msix) {
254         msi_set_message(pdev, msg);
255         trace_spapr_pci_msi_setup(pdev->name, 0, msg.address);
256         return;
257     }
258 
259     for (i = 0; i < req_num; ++i) {
260         msix_set_message(pdev, i, msg);
261         trace_spapr_pci_msi_setup(pdev->name, i, msg.address);
262         if (addr) {
263             ++msg.data;
264         }
265     }
266 }
267 
268 static void rtas_ibm_change_msi(PowerPCCPU *cpu, SpaprMachineState *spapr,
269                                 uint32_t token, uint32_t nargs,
270                                 target_ulong args, uint32_t nret,
271                                 target_ulong rets)
272 {
273     SpaprMachineClass *smc = SPAPR_MACHINE_GET_CLASS(spapr);
274     uint32_t config_addr = rtas_ld(args, 0);
275     uint64_t buid = rtas_ldq(args, 1);
276     unsigned int func = rtas_ld(args, 3);
277     unsigned int req_num = rtas_ld(args, 4); /* 0 == remove all */
278     unsigned int seq_num = rtas_ld(args, 5);
279     unsigned int ret_intr_type;
280     unsigned int irq, max_irqs = 0;
281     SpaprPhbState *phb = NULL;
282     PCIDevice *pdev = NULL;
283     SpaprPciMsi *msi;
284     int *config_addr_key;
285     Error *err = NULL;
286     int i;
287 
288     /* Fins SpaprPhbState */
289     phb = spapr_pci_find_phb(spapr, buid);
290     if (phb) {
291         pdev = spapr_pci_find_dev(spapr, buid, config_addr);
292     }
293     if (!phb || !pdev) {
294         rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
295         return;
296     }
297 
298     switch (func) {
299     case RTAS_CHANGE_FN:
300         if (msi_present(pdev)) {
301             ret_intr_type = RTAS_TYPE_MSI;
302         } else if (msix_present(pdev)) {
303             ret_intr_type = RTAS_TYPE_MSIX;
304         } else {
305             rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
306             return;
307         }
308         break;
309     case RTAS_CHANGE_MSI_FN:
310         if (msi_present(pdev)) {
311             ret_intr_type = RTAS_TYPE_MSI;
312         } else {
313             rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
314             return;
315         }
316         break;
317     case RTAS_CHANGE_MSIX_FN:
318         if (msix_present(pdev)) {
319             ret_intr_type = RTAS_TYPE_MSIX;
320         } else {
321             rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
322             return;
323         }
324         break;
325     default:
326         error_report("rtas_ibm_change_msi(%u) is not implemented", func);
327         rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
328         return;
329     }
330 
331     msi = (SpaprPciMsi *) g_hash_table_lookup(phb->msi, &config_addr);
332 
333     /* Releasing MSIs */
334     if (!req_num) {
335         if (!msi) {
336             trace_spapr_pci_msi("Releasing wrong config", config_addr);
337             rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
338             return;
339         }
340 
341         if (msi_present(pdev)) {
342             spapr_msi_setmsg(pdev, 0, false, 0, 0);
343         }
344         if (msix_present(pdev)) {
345             spapr_msi_setmsg(pdev, 0, true, 0, 0);
346         }
347         g_hash_table_remove(phb->msi, &config_addr);
348 
349         trace_spapr_pci_msi("Released MSIs", config_addr);
350         rtas_st(rets, 0, RTAS_OUT_SUCCESS);
351         rtas_st(rets, 1, 0);
352         return;
353     }
354 
355     /* Enabling MSI */
356 
357     /* Check if the device supports as many IRQs as requested */
358     if (ret_intr_type == RTAS_TYPE_MSI) {
359         max_irqs = msi_nr_vectors_allocated(pdev);
360     } else if (ret_intr_type == RTAS_TYPE_MSIX) {
361         max_irqs = pdev->msix_entries_nr;
362     }
363     if (!max_irqs) {
364         error_report("Requested interrupt type %d is not enabled for device %x",
365                      ret_intr_type, config_addr);
366         rtas_st(rets, 0, -1); /* Hardware error */
367         return;
368     }
369     /* Correct the number if the guest asked for too many */
370     if (req_num > max_irqs) {
371         trace_spapr_pci_msi_retry(config_addr, req_num, max_irqs);
372         req_num = max_irqs;
373         irq = 0; /* to avoid misleading trace */
374         goto out;
375     }
376 
377     /* Allocate MSIs */
378     if (smc->legacy_irq_allocation) {
379         irq = spapr_irq_find(spapr, req_num, ret_intr_type == RTAS_TYPE_MSI,
380                              &err);
381     } else {
382         irq = spapr_irq_msi_alloc(spapr, req_num,
383                                   ret_intr_type == RTAS_TYPE_MSI, &err);
384     }
385     if (err) {
386         error_reportf_err(err, "Can't allocate MSIs for device %x: ",
387                           config_addr);
388         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
389         return;
390     }
391 
392     for (i = 0; i < req_num; i++) {
393         spapr_irq_claim(spapr, irq + i, false, &err);
394         if (err) {
395             if (i) {
396                 spapr_irq_free(spapr, irq, i);
397             }
398             if (!smc->legacy_irq_allocation) {
399                 spapr_irq_msi_free(spapr, irq, req_num);
400             }
401             error_reportf_err(err, "Can't allocate MSIs for device %x: ",
402                               config_addr);
403             rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
404             return;
405         }
406     }
407 
408     /* Release previous MSIs */
409     if (msi) {
410         g_hash_table_remove(phb->msi, &config_addr);
411     }
412 
413     /* Setup MSI/MSIX vectors in the device (via cfgspace or MSIX BAR) */
414     spapr_msi_setmsg(pdev, SPAPR_PCI_MSI_WINDOW, ret_intr_type == RTAS_TYPE_MSIX,
415                      irq, req_num);
416 
417     /* Add MSI device to cache */
418     msi = g_new(SpaprPciMsi, 1);
419     msi->first_irq = irq;
420     msi->num = req_num;
421     config_addr_key = g_new(int, 1);
422     *config_addr_key = config_addr;
423     g_hash_table_insert(phb->msi, config_addr_key, msi);
424 
425 out:
426     rtas_st(rets, 0, RTAS_OUT_SUCCESS);
427     rtas_st(rets, 1, req_num);
428     rtas_st(rets, 2, ++seq_num);
429     if (nret > 3) {
430         rtas_st(rets, 3, ret_intr_type);
431     }
432 
433     trace_spapr_pci_rtas_ibm_change_msi(config_addr, func, req_num, irq);
434 }
435 
436 static void rtas_ibm_query_interrupt_source_number(PowerPCCPU *cpu,
437                                                    SpaprMachineState *spapr,
438                                                    uint32_t token,
439                                                    uint32_t nargs,
440                                                    target_ulong args,
441                                                    uint32_t nret,
442                                                    target_ulong rets)
443 {
444     uint32_t config_addr = rtas_ld(args, 0);
445     uint64_t buid = rtas_ldq(args, 1);
446     unsigned int intr_src_num = -1, ioa_intr_num = rtas_ld(args, 3);
447     SpaprPhbState *phb = NULL;
448     PCIDevice *pdev = NULL;
449     SpaprPciMsi *msi;
450 
451     /* Find SpaprPhbState */
452     phb = spapr_pci_find_phb(spapr, buid);
453     if (phb) {
454         pdev = spapr_pci_find_dev(spapr, buid, config_addr);
455     }
456     if (!phb || !pdev) {
457         rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
458         return;
459     }
460 
461     /* Find device descriptor and start IRQ */
462     msi = (SpaprPciMsi *) g_hash_table_lookup(phb->msi, &config_addr);
463     if (!msi || !msi->first_irq || !msi->num || (ioa_intr_num >= msi->num)) {
464         trace_spapr_pci_msi("Failed to return vector", config_addr);
465         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
466         return;
467     }
468     intr_src_num = msi->first_irq + ioa_intr_num;
469     trace_spapr_pci_rtas_ibm_query_interrupt_source_number(ioa_intr_num,
470                                                            intr_src_num);
471 
472     rtas_st(rets, 0, RTAS_OUT_SUCCESS);
473     rtas_st(rets, 1, intr_src_num);
474     rtas_st(rets, 2, 1);/* 0 == level; 1 == edge */
475 }
476 
477 static void rtas_ibm_set_eeh_option(PowerPCCPU *cpu,
478                                     SpaprMachineState *spapr,
479                                     uint32_t token, uint32_t nargs,
480                                     target_ulong args, uint32_t nret,
481                                     target_ulong rets)
482 {
483     SpaprPhbState *sphb;
484     uint32_t addr, option;
485     uint64_t buid;
486     int ret;
487 
488     if ((nargs != 4) || (nret != 1)) {
489         goto param_error_exit;
490     }
491 
492     buid = rtas_ldq(args, 1);
493     addr = rtas_ld(args, 0);
494     option = rtas_ld(args, 3);
495 
496     sphb = spapr_pci_find_phb(spapr, buid);
497     if (!sphb) {
498         goto param_error_exit;
499     }
500 
501     if (!spapr_phb_eeh_available(sphb)) {
502         goto param_error_exit;
503     }
504 
505     ret = spapr_phb_vfio_eeh_set_option(sphb, addr, option);
506     rtas_st(rets, 0, ret);
507     return;
508 
509 param_error_exit:
510     rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
511 }
512 
513 static void rtas_ibm_get_config_addr_info2(PowerPCCPU *cpu,
514                                            SpaprMachineState *spapr,
515                                            uint32_t token, uint32_t nargs,
516                                            target_ulong args, uint32_t nret,
517                                            target_ulong rets)
518 {
519     SpaprPhbState *sphb;
520     PCIDevice *pdev;
521     uint32_t addr, option;
522     uint64_t buid;
523 
524     if ((nargs != 4) || (nret != 2)) {
525         goto param_error_exit;
526     }
527 
528     buid = rtas_ldq(args, 1);
529     sphb = spapr_pci_find_phb(spapr, buid);
530     if (!sphb) {
531         goto param_error_exit;
532     }
533 
534     if (!spapr_phb_eeh_available(sphb)) {
535         goto param_error_exit;
536     }
537 
538     /*
539      * We always have PE address of form "00BB0001". "BB"
540      * represents the bus number of PE's primary bus.
541      */
542     option = rtas_ld(args, 3);
543     switch (option) {
544     case RTAS_GET_PE_ADDR:
545         addr = rtas_ld(args, 0);
546         pdev = spapr_pci_find_dev(spapr, buid, addr);
547         if (!pdev) {
548             goto param_error_exit;
549         }
550 
551         rtas_st(rets, 1, (pci_bus_num(pci_get_bus(pdev)) << 16) + 1);
552         break;
553     case RTAS_GET_PE_MODE:
554         rtas_st(rets, 1, RTAS_PE_MODE_SHARED);
555         break;
556     default:
557         goto param_error_exit;
558     }
559 
560     rtas_st(rets, 0, RTAS_OUT_SUCCESS);
561     return;
562 
563 param_error_exit:
564     rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
565 }
566 
567 static void rtas_ibm_read_slot_reset_state2(PowerPCCPU *cpu,
568                                             SpaprMachineState *spapr,
569                                             uint32_t token, uint32_t nargs,
570                                             target_ulong args, uint32_t nret,
571                                             target_ulong rets)
572 {
573     SpaprPhbState *sphb;
574     uint64_t buid;
575     int state, ret;
576 
577     if ((nargs != 3) || (nret != 4 && nret != 5)) {
578         goto param_error_exit;
579     }
580 
581     buid = rtas_ldq(args, 1);
582     sphb = spapr_pci_find_phb(spapr, buid);
583     if (!sphb) {
584         goto param_error_exit;
585     }
586 
587     if (!spapr_phb_eeh_available(sphb)) {
588         goto param_error_exit;
589     }
590 
591     ret = spapr_phb_vfio_eeh_get_state(sphb, &state);
592     rtas_st(rets, 0, ret);
593     if (ret != RTAS_OUT_SUCCESS) {
594         return;
595     }
596 
597     rtas_st(rets, 1, state);
598     rtas_st(rets, 2, RTAS_EEH_SUPPORT);
599     rtas_st(rets, 3, RTAS_EEH_PE_UNAVAIL_INFO);
600     if (nret >= 5) {
601         rtas_st(rets, 4, RTAS_EEH_PE_RECOVER_INFO);
602     }
603     return;
604 
605 param_error_exit:
606     rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
607 }
608 
609 static void rtas_ibm_set_slot_reset(PowerPCCPU *cpu,
610                                     SpaprMachineState *spapr,
611                                     uint32_t token, uint32_t nargs,
612                                     target_ulong args, uint32_t nret,
613                                     target_ulong rets)
614 {
615     SpaprPhbState *sphb;
616     uint32_t option;
617     uint64_t buid;
618     int ret;
619 
620     if ((nargs != 4) || (nret != 1)) {
621         goto param_error_exit;
622     }
623 
624     buid = rtas_ldq(args, 1);
625     option = rtas_ld(args, 3);
626     sphb = spapr_pci_find_phb(spapr, buid);
627     if (!sphb) {
628         goto param_error_exit;
629     }
630 
631     if (!spapr_phb_eeh_available(sphb)) {
632         goto param_error_exit;
633     }
634 
635     ret = spapr_phb_vfio_eeh_reset(sphb, option);
636     rtas_st(rets, 0, ret);
637     return;
638 
639 param_error_exit:
640     rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
641 }
642 
643 static void rtas_ibm_configure_pe(PowerPCCPU *cpu,
644                                   SpaprMachineState *spapr,
645                                   uint32_t token, uint32_t nargs,
646                                   target_ulong args, uint32_t nret,
647                                   target_ulong rets)
648 {
649     SpaprPhbState *sphb;
650     uint64_t buid;
651     int ret;
652 
653     if ((nargs != 3) || (nret != 1)) {
654         goto param_error_exit;
655     }
656 
657     buid = rtas_ldq(args, 1);
658     sphb = spapr_pci_find_phb(spapr, buid);
659     if (!sphb) {
660         goto param_error_exit;
661     }
662 
663     if (!spapr_phb_eeh_available(sphb)) {
664         goto param_error_exit;
665     }
666 
667     ret = spapr_phb_vfio_eeh_configure(sphb);
668     rtas_st(rets, 0, ret);
669     return;
670 
671 param_error_exit:
672     rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
673 }
674 
675 /* To support it later */
676 static void rtas_ibm_slot_error_detail(PowerPCCPU *cpu,
677                                        SpaprMachineState *spapr,
678                                        uint32_t token, uint32_t nargs,
679                                        target_ulong args, uint32_t nret,
680                                        target_ulong rets)
681 {
682     SpaprPhbState *sphb;
683     int option;
684     uint64_t buid;
685 
686     if ((nargs != 8) || (nret != 1)) {
687         goto param_error_exit;
688     }
689 
690     buid = rtas_ldq(args, 1);
691     sphb = spapr_pci_find_phb(spapr, buid);
692     if (!sphb) {
693         goto param_error_exit;
694     }
695 
696     if (!spapr_phb_eeh_available(sphb)) {
697         goto param_error_exit;
698     }
699 
700     option = rtas_ld(args, 7);
701     switch (option) {
702     case RTAS_SLOT_TEMP_ERR_LOG:
703     case RTAS_SLOT_PERM_ERR_LOG:
704         break;
705     default:
706         goto param_error_exit;
707     }
708 
709     /* We don't have error log yet */
710     rtas_st(rets, 0, RTAS_OUT_NO_ERRORS_FOUND);
711     return;
712 
713 param_error_exit:
714     rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
715 }
716 
717 static void pci_spapr_set_irq(void *opaque, int irq_num, int level)
718 {
719     /*
720      * Here we use the number returned by pci_swizzle_map_irq_fn to find a
721      * corresponding qemu_irq.
722      */
723     SpaprPhbState *phb = opaque;
724 
725     trace_spapr_pci_lsi_set(phb->dtbusname, irq_num, phb->lsi_table[irq_num].irq);
726     qemu_set_irq(spapr_phb_lsi_qirq(phb, irq_num), level);
727 }
728 
729 static PCIINTxRoute spapr_route_intx_pin_to_irq(void *opaque, int pin)
730 {
731     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(opaque);
732     PCIINTxRoute route;
733 
734     route.mode = PCI_INTX_ENABLED;
735     route.irq = sphb->lsi_table[pin].irq;
736 
737     return route;
738 }
739 
740 /*
741  * MSI/MSIX memory region implementation.
742  * The handler handles both MSI and MSIX.
743  * The vector number is encoded in least bits in data.
744  */
745 static void spapr_msi_write(void *opaque, hwaddr addr,
746                             uint64_t data, unsigned size)
747 {
748     SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
749     uint32_t irq = data;
750 
751     trace_spapr_pci_msi_write(addr, data, irq);
752 
753     qemu_irq_pulse(spapr_qirq(spapr, irq));
754 }
755 
756 static const MemoryRegionOps spapr_msi_ops = {
757     /* There is no .read as the read result is undefined by PCI spec */
758     .read = NULL,
759     .write = spapr_msi_write,
760     .endianness = DEVICE_LITTLE_ENDIAN
761 };
762 
763 /*
764  * PHB PCI device
765  */
766 static AddressSpace *spapr_pci_dma_iommu(PCIBus *bus, void *opaque, int devfn)
767 {
768     SpaprPhbState *phb = opaque;
769 
770     return &phb->iommu_as;
771 }
772 
773 static char *spapr_phb_vfio_get_loc_code(SpaprPhbState *sphb,  PCIDevice *pdev)
774 {
775     char *path = NULL, *buf = NULL, *host = NULL;
776 
777     /* Get the PCI VFIO host id */
778     host = object_property_get_str(OBJECT(pdev), "host", NULL);
779     if (!host) {
780         goto err_out;
781     }
782 
783     /* Construct the path of the file that will give us the DT location */
784     path = g_strdup_printf("/sys/bus/pci/devices/%s/devspec", host);
785     g_free(host);
786     if (!g_file_get_contents(path, &buf, NULL, NULL)) {
787         goto err_out;
788     }
789     g_free(path);
790 
791     /* Construct and read from host device tree the loc-code */
792     path = g_strdup_printf("/proc/device-tree%s/ibm,loc-code", buf);
793     g_free(buf);
794     if (!g_file_get_contents(path, &buf, NULL, NULL)) {
795         goto err_out;
796     }
797     return buf;
798 
799 err_out:
800     g_free(path);
801     return NULL;
802 }
803 
804 static char *spapr_phb_get_loc_code(SpaprPhbState *sphb, PCIDevice *pdev)
805 {
806     char *buf;
807     const char *devtype = "qemu";
808     uint32_t busnr = pci_bus_num(PCI_BUS(qdev_get_parent_bus(DEVICE(pdev))));
809 
810     if (object_dynamic_cast(OBJECT(pdev), "vfio-pci")) {
811         buf = spapr_phb_vfio_get_loc_code(sphb, pdev);
812         if (buf) {
813             return buf;
814         }
815         devtype = "vfio";
816     }
817     /*
818      * For emulated devices and VFIO-failure case, make up
819      * the loc-code.
820      */
821     buf = g_strdup_printf("%s_%s:%04x:%02x:%02x.%x",
822                           devtype, pdev->name, sphb->index, busnr,
823                           PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn));
824     return buf;
825 }
826 
827 /* Macros to operate with address in OF binding to PCI */
828 #define b_x(x, p, l)    (((x) & ((1<<(l))-1)) << (p))
829 #define b_n(x)          b_x((x), 31, 1) /* 0 if relocatable */
830 #define b_p(x)          b_x((x), 30, 1) /* 1 if prefetchable */
831 #define b_t(x)          b_x((x), 29, 1) /* 1 if the address is aliased */
832 #define b_ss(x)         b_x((x), 24, 2) /* the space code */
833 #define b_bbbbbbbb(x)   b_x((x), 16, 8) /* bus number */
834 #define b_ddddd(x)      b_x((x), 11, 5) /* device number */
835 #define b_fff(x)        b_x((x), 8, 3)  /* function number */
836 #define b_rrrrrrrr(x)   b_x((x), 0, 8)  /* register number */
837 
838 /* for 'reg'/'assigned-addresses' OF properties */
839 #define RESOURCE_CELLS_SIZE 2
840 #define RESOURCE_CELLS_ADDRESS 3
841 
842 typedef struct ResourceFields {
843     uint32_t phys_hi;
844     uint32_t phys_mid;
845     uint32_t phys_lo;
846     uint32_t size_hi;
847     uint32_t size_lo;
848 } QEMU_PACKED ResourceFields;
849 
850 typedef struct ResourceProps {
851     ResourceFields reg[8];
852     ResourceFields assigned[7];
853     uint32_t reg_len;
854     uint32_t assigned_len;
855 } ResourceProps;
856 
857 /* fill in the 'reg'/'assigned-resources' OF properties for
858  * a PCI device. 'reg' describes resource requirements for a
859  * device's IO/MEM regions, 'assigned-addresses' describes the
860  * actual resource assignments.
861  *
862  * the properties are arrays of ('phys-addr', 'size') pairs describing
863  * the addressable regions of the PCI device, where 'phys-addr' is a
864  * RESOURCE_CELLS_ADDRESS-tuple of 32-bit integers corresponding to
865  * (phys.hi, phys.mid, phys.lo), and 'size' is a
866  * RESOURCE_CELLS_SIZE-tuple corresponding to (size.hi, size.lo).
867  *
868  * phys.hi = 0xYYXXXXZZ, where:
869  *   0xYY = npt000ss
870  *          |||   |
871  *          |||   +-- space code
872  *          |||               |
873  *          |||               +  00 if configuration space
874  *          |||               +  01 if IO region,
875  *          |||               +  10 if 32-bit MEM region
876  *          |||               +  11 if 64-bit MEM region
877  *          |||
878  *          ||+------ for non-relocatable IO: 1 if aliased
879  *          ||        for relocatable IO: 1 if below 64KB
880  *          ||        for MEM: 1 if below 1MB
881  *          |+------- 1 if region is prefetchable
882  *          +-------- 1 if region is non-relocatable
883  *   0xXXXX = bbbbbbbb dddddfff, encoding bus, slot, and function
884  *            bits respectively
885  *   0xZZ = rrrrrrrr, the register number of the BAR corresponding
886  *          to the region
887  *
888  * phys.mid and phys.lo correspond respectively to the hi/lo portions
889  * of the actual address of the region.
890  *
891  * how the phys-addr/size values are used differ slightly between
892  * 'reg' and 'assigned-addresses' properties. namely, 'reg' has
893  * an additional description for the config space region of the
894  * device, and in the case of QEMU has n=0 and phys.mid=phys.lo=0
895  * to describe the region as relocatable, with an address-mapping
896  * that corresponds directly to the PHB's address space for the
897  * resource. 'assigned-addresses' always has n=1 set with an absolute
898  * address assigned for the resource. in general, 'assigned-addresses'
899  * won't be populated, since addresses for PCI devices are generally
900  * unmapped initially and left to the guest to assign.
901  *
902  * note also that addresses defined in these properties are, at least
903  * for PAPR guests, relative to the PHBs IO/MEM windows, and
904  * correspond directly to the addresses in the BARs.
905  *
906  * in accordance with PCI Bus Binding to Open Firmware,
907  * IEEE Std 1275-1994, section 4.1.1, as implemented by PAPR+ v2.7,
908  * Appendix C.
909  */
910 static void populate_resource_props(PCIDevice *d, ResourceProps *rp)
911 {
912     int bus_num = pci_bus_num(PCI_BUS(qdev_get_parent_bus(DEVICE(d))));
913     uint32_t dev_id = (b_bbbbbbbb(bus_num) |
914                        b_ddddd(PCI_SLOT(d->devfn)) |
915                        b_fff(PCI_FUNC(d->devfn)));
916     ResourceFields *reg, *assigned;
917     int i, reg_idx = 0, assigned_idx = 0;
918 
919     /* config space region */
920     reg = &rp->reg[reg_idx++];
921     reg->phys_hi = cpu_to_be32(dev_id);
922     reg->phys_mid = 0;
923     reg->phys_lo = 0;
924     reg->size_hi = 0;
925     reg->size_lo = 0;
926 
927     for (i = 0; i < PCI_NUM_REGIONS; i++) {
928         if (!d->io_regions[i].size) {
929             continue;
930         }
931 
932         reg = &rp->reg[reg_idx++];
933 
934         reg->phys_hi = cpu_to_be32(dev_id | b_rrrrrrrr(pci_bar(d, i)));
935         if (d->io_regions[i].type & PCI_BASE_ADDRESS_SPACE_IO) {
936             reg->phys_hi |= cpu_to_be32(b_ss(1));
937         } else if (d->io_regions[i].type & PCI_BASE_ADDRESS_MEM_TYPE_64) {
938             reg->phys_hi |= cpu_to_be32(b_ss(3));
939         } else {
940             reg->phys_hi |= cpu_to_be32(b_ss(2));
941         }
942         reg->phys_mid = 0;
943         reg->phys_lo = 0;
944         reg->size_hi = cpu_to_be32(d->io_regions[i].size >> 32);
945         reg->size_lo = cpu_to_be32(d->io_regions[i].size);
946 
947         if (d->io_regions[i].addr == PCI_BAR_UNMAPPED) {
948             continue;
949         }
950 
951         assigned = &rp->assigned[assigned_idx++];
952         assigned->phys_hi = cpu_to_be32(be32_to_cpu(reg->phys_hi) | b_n(1));
953         assigned->phys_mid = cpu_to_be32(d->io_regions[i].addr >> 32);
954         assigned->phys_lo = cpu_to_be32(d->io_regions[i].addr);
955         assigned->size_hi = reg->size_hi;
956         assigned->size_lo = reg->size_lo;
957     }
958 
959     rp->reg_len = reg_idx * sizeof(ResourceFields);
960     rp->assigned_len = assigned_idx * sizeof(ResourceFields);
961 }
962 
963 typedef struct PCIClass PCIClass;
964 typedef struct PCISubClass PCISubClass;
965 typedef struct PCIIFace PCIIFace;
966 
967 struct PCIIFace {
968     int iface;
969     const char *name;
970 };
971 
972 struct PCISubClass {
973     int subclass;
974     const char *name;
975     const PCIIFace *iface;
976 };
977 
978 struct PCIClass {
979     const char *name;
980     const PCISubClass *subc;
981 };
982 
983 static const PCISubClass undef_subclass[] = {
984     { PCI_CLASS_NOT_DEFINED_VGA, "display", NULL },
985     { 0xFF, NULL, NULL },
986 };
987 
988 static const PCISubClass mass_subclass[] = {
989     { PCI_CLASS_STORAGE_SCSI, "scsi", NULL },
990     { PCI_CLASS_STORAGE_IDE, "ide", NULL },
991     { PCI_CLASS_STORAGE_FLOPPY, "fdc", NULL },
992     { PCI_CLASS_STORAGE_IPI, "ipi", NULL },
993     { PCI_CLASS_STORAGE_RAID, "raid", NULL },
994     { PCI_CLASS_STORAGE_ATA, "ata", NULL },
995     { PCI_CLASS_STORAGE_SATA, "sata", NULL },
996     { PCI_CLASS_STORAGE_SAS, "sas", NULL },
997     { 0xFF, NULL, NULL },
998 };
999 
1000 static const PCISubClass net_subclass[] = {
1001     { PCI_CLASS_NETWORK_ETHERNET, "ethernet", NULL },
1002     { PCI_CLASS_NETWORK_TOKEN_RING, "token-ring", NULL },
1003     { PCI_CLASS_NETWORK_FDDI, "fddi", NULL },
1004     { PCI_CLASS_NETWORK_ATM, "atm", NULL },
1005     { PCI_CLASS_NETWORK_ISDN, "isdn", NULL },
1006     { PCI_CLASS_NETWORK_WORLDFIP, "worldfip", NULL },
1007     { PCI_CLASS_NETWORK_PICMG214, "picmg", NULL },
1008     { 0xFF, NULL, NULL },
1009 };
1010 
1011 static const PCISubClass displ_subclass[] = {
1012     { PCI_CLASS_DISPLAY_VGA, "vga", NULL },
1013     { PCI_CLASS_DISPLAY_XGA, "xga", NULL },
1014     { PCI_CLASS_DISPLAY_3D, "3d-controller", NULL },
1015     { 0xFF, NULL, NULL },
1016 };
1017 
1018 static const PCISubClass media_subclass[] = {
1019     { PCI_CLASS_MULTIMEDIA_VIDEO, "video", NULL },
1020     { PCI_CLASS_MULTIMEDIA_AUDIO, "sound", NULL },
1021     { PCI_CLASS_MULTIMEDIA_PHONE, "telephony", NULL },
1022     { 0xFF, NULL, NULL },
1023 };
1024 
1025 static const PCISubClass mem_subclass[] = {
1026     { PCI_CLASS_MEMORY_RAM, "memory", NULL },
1027     { PCI_CLASS_MEMORY_FLASH, "flash", NULL },
1028     { 0xFF, NULL, NULL },
1029 };
1030 
1031 static const PCISubClass bridg_subclass[] = {
1032     { PCI_CLASS_BRIDGE_HOST, "host", NULL },
1033     { PCI_CLASS_BRIDGE_ISA, "isa", NULL },
1034     { PCI_CLASS_BRIDGE_EISA, "eisa", NULL },
1035     { PCI_CLASS_BRIDGE_MC, "mca", NULL },
1036     { PCI_CLASS_BRIDGE_PCI, "pci", NULL },
1037     { PCI_CLASS_BRIDGE_PCMCIA, "pcmcia", NULL },
1038     { PCI_CLASS_BRIDGE_NUBUS, "nubus", NULL },
1039     { PCI_CLASS_BRIDGE_CARDBUS, "cardbus", NULL },
1040     { PCI_CLASS_BRIDGE_RACEWAY, "raceway", NULL },
1041     { PCI_CLASS_BRIDGE_PCI_SEMITP, "semi-transparent-pci", NULL },
1042     { PCI_CLASS_BRIDGE_IB_PCI, "infiniband", NULL },
1043     { 0xFF, NULL, NULL },
1044 };
1045 
1046 static const PCISubClass comm_subclass[] = {
1047     { PCI_CLASS_COMMUNICATION_SERIAL, "serial", NULL },
1048     { PCI_CLASS_COMMUNICATION_PARALLEL, "parallel", NULL },
1049     { PCI_CLASS_COMMUNICATION_MULTISERIAL, "multiport-serial", NULL },
1050     { PCI_CLASS_COMMUNICATION_MODEM, "modem", NULL },
1051     { PCI_CLASS_COMMUNICATION_GPIB, "gpib", NULL },
1052     { PCI_CLASS_COMMUNICATION_SC, "smart-card", NULL },
1053     { 0xFF, NULL, NULL, },
1054 };
1055 
1056 static const PCIIFace pic_iface[] = {
1057     { PCI_CLASS_SYSTEM_PIC_IOAPIC, "io-apic" },
1058     { PCI_CLASS_SYSTEM_PIC_IOXAPIC, "io-xapic" },
1059     { 0xFF, NULL },
1060 };
1061 
1062 static const PCISubClass sys_subclass[] = {
1063     { PCI_CLASS_SYSTEM_PIC, "interrupt-controller", pic_iface },
1064     { PCI_CLASS_SYSTEM_DMA, "dma-controller", NULL },
1065     { PCI_CLASS_SYSTEM_TIMER, "timer", NULL },
1066     { PCI_CLASS_SYSTEM_RTC, "rtc", NULL },
1067     { PCI_CLASS_SYSTEM_PCI_HOTPLUG, "hot-plug-controller", NULL },
1068     { PCI_CLASS_SYSTEM_SDHCI, "sd-host-controller", NULL },
1069     { 0xFF, NULL, NULL },
1070 };
1071 
1072 static const PCISubClass inp_subclass[] = {
1073     { PCI_CLASS_INPUT_KEYBOARD, "keyboard", NULL },
1074     { PCI_CLASS_INPUT_PEN, "pen", NULL },
1075     { PCI_CLASS_INPUT_MOUSE, "mouse", NULL },
1076     { PCI_CLASS_INPUT_SCANNER, "scanner", NULL },
1077     { PCI_CLASS_INPUT_GAMEPORT, "gameport", NULL },
1078     { 0xFF, NULL, NULL },
1079 };
1080 
1081 static const PCISubClass dock_subclass[] = {
1082     { PCI_CLASS_DOCKING_GENERIC, "dock", NULL },
1083     { 0xFF, NULL, NULL },
1084 };
1085 
1086 static const PCISubClass cpu_subclass[] = {
1087     { PCI_CLASS_PROCESSOR_PENTIUM, "pentium", NULL },
1088     { PCI_CLASS_PROCESSOR_POWERPC, "powerpc", NULL },
1089     { PCI_CLASS_PROCESSOR_MIPS, "mips", NULL },
1090     { PCI_CLASS_PROCESSOR_CO, "co-processor", NULL },
1091     { 0xFF, NULL, NULL },
1092 };
1093 
1094 static const PCIIFace usb_iface[] = {
1095     { PCI_CLASS_SERIAL_USB_UHCI, "usb-uhci" },
1096     { PCI_CLASS_SERIAL_USB_OHCI, "usb-ohci", },
1097     { PCI_CLASS_SERIAL_USB_EHCI, "usb-ehci" },
1098     { PCI_CLASS_SERIAL_USB_XHCI, "usb-xhci" },
1099     { PCI_CLASS_SERIAL_USB_UNKNOWN, "usb-unknown" },
1100     { PCI_CLASS_SERIAL_USB_DEVICE, "usb-device" },
1101     { 0xFF, NULL },
1102 };
1103 
1104 static const PCISubClass ser_subclass[] = {
1105     { PCI_CLASS_SERIAL_FIREWIRE, "firewire", NULL },
1106     { PCI_CLASS_SERIAL_ACCESS, "access-bus", NULL },
1107     { PCI_CLASS_SERIAL_SSA, "ssa", NULL },
1108     { PCI_CLASS_SERIAL_USB, "usb", usb_iface },
1109     { PCI_CLASS_SERIAL_FIBER, "fibre-channel", NULL },
1110     { PCI_CLASS_SERIAL_SMBUS, "smb", NULL },
1111     { PCI_CLASS_SERIAL_IB, "infiniband", NULL },
1112     { PCI_CLASS_SERIAL_IPMI, "ipmi", NULL },
1113     { PCI_CLASS_SERIAL_SERCOS, "sercos", NULL },
1114     { PCI_CLASS_SERIAL_CANBUS, "canbus", NULL },
1115     { 0xFF, NULL, NULL },
1116 };
1117 
1118 static const PCISubClass wrl_subclass[] = {
1119     { PCI_CLASS_WIRELESS_IRDA, "irda", NULL },
1120     { PCI_CLASS_WIRELESS_CIR, "consumer-ir", NULL },
1121     { PCI_CLASS_WIRELESS_RF_CONTROLLER, "rf-controller", NULL },
1122     { PCI_CLASS_WIRELESS_BLUETOOTH, "bluetooth", NULL },
1123     { PCI_CLASS_WIRELESS_BROADBAND, "broadband", NULL },
1124     { 0xFF, NULL, NULL },
1125 };
1126 
1127 static const PCISubClass sat_subclass[] = {
1128     { PCI_CLASS_SATELLITE_TV, "satellite-tv", NULL },
1129     { PCI_CLASS_SATELLITE_AUDIO, "satellite-audio", NULL },
1130     { PCI_CLASS_SATELLITE_VOICE, "satellite-voice", NULL },
1131     { PCI_CLASS_SATELLITE_DATA, "satellite-data", NULL },
1132     { 0xFF, NULL, NULL },
1133 };
1134 
1135 static const PCISubClass crypt_subclass[] = {
1136     { PCI_CLASS_CRYPT_NETWORK, "network-encryption", NULL },
1137     { PCI_CLASS_CRYPT_ENTERTAINMENT,
1138       "entertainment-encryption", NULL },
1139     { 0xFF, NULL, NULL },
1140 };
1141 
1142 static const PCISubClass spc_subclass[] = {
1143     { PCI_CLASS_SP_DPIO, "dpio", NULL },
1144     { PCI_CLASS_SP_PERF, "counter", NULL },
1145     { PCI_CLASS_SP_SYNCH, "measurement", NULL },
1146     { PCI_CLASS_SP_MANAGEMENT, "management-card", NULL },
1147     { 0xFF, NULL, NULL },
1148 };
1149 
1150 static const PCIClass pci_classes[] = {
1151     { "legacy-device", undef_subclass },
1152     { "mass-storage",  mass_subclass },
1153     { "network", net_subclass },
1154     { "display", displ_subclass, },
1155     { "multimedia-device", media_subclass },
1156     { "memory-controller", mem_subclass },
1157     { "unknown-bridge", bridg_subclass },
1158     { "communication-controller", comm_subclass},
1159     { "system-peripheral", sys_subclass },
1160     { "input-controller", inp_subclass },
1161     { "docking-station", dock_subclass },
1162     { "cpu", cpu_subclass },
1163     { "serial-bus", ser_subclass },
1164     { "wireless-controller", wrl_subclass },
1165     { "intelligent-io", NULL },
1166     { "satellite-device", sat_subclass },
1167     { "encryption", crypt_subclass },
1168     { "data-processing-controller", spc_subclass },
1169 };
1170 
1171 static const char *dt_name_from_class(uint8_t class, uint8_t subclass,
1172                                       uint8_t iface)
1173 {
1174     const PCIClass *pclass;
1175     const PCISubClass *psubclass;
1176     const PCIIFace *piface;
1177     const char *name;
1178 
1179     if (class >= ARRAY_SIZE(pci_classes)) {
1180         return "pci";
1181     }
1182 
1183     pclass = pci_classes + class;
1184     name = pclass->name;
1185 
1186     if (pclass->subc == NULL) {
1187         return name;
1188     }
1189 
1190     psubclass = pclass->subc;
1191     while ((psubclass->subclass & 0xff) != 0xff) {
1192         if ((psubclass->subclass & 0xff) == subclass) {
1193             name = psubclass->name;
1194             break;
1195         }
1196         psubclass++;
1197     }
1198 
1199     piface = psubclass->iface;
1200     if (piface == NULL) {
1201         return name;
1202     }
1203     while ((piface->iface & 0xff) != 0xff) {
1204         if ((piface->iface & 0xff) == iface) {
1205             name = piface->name;
1206             break;
1207         }
1208         piface++;
1209     }
1210 
1211     return name;
1212 }
1213 
1214 /*
1215  * DRC helper functions
1216  */
1217 
1218 static uint32_t drc_id_from_devfn(SpaprPhbState *phb,
1219                                   uint8_t chassis, int32_t devfn)
1220 {
1221     return (phb->index << 16) | (chassis << 8) | devfn;
1222 }
1223 
1224 static SpaprDrc *drc_from_devfn(SpaprPhbState *phb,
1225                                 uint8_t chassis, int32_t devfn)
1226 {
1227     return spapr_drc_by_id(TYPE_SPAPR_DRC_PCI,
1228                            drc_id_from_devfn(phb, chassis, devfn));
1229 }
1230 
1231 static uint8_t chassis_from_bus(PCIBus *bus, Error **errp)
1232 {
1233     if (pci_bus_is_root(bus)) {
1234         return 0;
1235     } else {
1236         PCIDevice *bridge = pci_bridge_get_device(bus);
1237 
1238         return object_property_get_uint(OBJECT(bridge), "chassis_nr", errp);
1239     }
1240 }
1241 
1242 static SpaprDrc *drc_from_dev(SpaprPhbState *phb, PCIDevice *dev)
1243 {
1244     Error *local_err = NULL;
1245     uint8_t chassis = chassis_from_bus(pci_get_bus(dev), &local_err);
1246 
1247     if (local_err) {
1248         error_report_err(local_err);
1249         return NULL;
1250     }
1251 
1252     return drc_from_devfn(phb, chassis, dev->devfn);
1253 }
1254 
1255 static void add_drcs(SpaprPhbState *phb, PCIBus *bus, Error **errp)
1256 {
1257     Object *owner;
1258     int i;
1259     uint8_t chassis;
1260     Error *local_err = NULL;
1261 
1262     if (!phb->dr_enabled) {
1263         return;
1264     }
1265 
1266     chassis = chassis_from_bus(bus, &local_err);
1267     if (local_err) {
1268         error_propagate(errp, local_err);
1269         return;
1270     }
1271 
1272     if (pci_bus_is_root(bus)) {
1273         owner = OBJECT(phb);
1274     } else {
1275         owner = OBJECT(pci_bridge_get_device(bus));
1276     }
1277 
1278     for (i = 0; i < PCI_SLOT_MAX * PCI_FUNC_MAX; i++) {
1279         spapr_dr_connector_new(owner, TYPE_SPAPR_DRC_PCI,
1280                                drc_id_from_devfn(phb, chassis, i));
1281     }
1282 }
1283 
1284 static void remove_drcs(SpaprPhbState *phb, PCIBus *bus, Error **errp)
1285 {
1286     int i;
1287     uint8_t chassis;
1288     Error *local_err = NULL;
1289 
1290     if (!phb->dr_enabled) {
1291         return;
1292     }
1293 
1294     chassis = chassis_from_bus(bus, &local_err);
1295     if (local_err) {
1296         error_propagate(errp, local_err);
1297         return;
1298     }
1299 
1300     for (i = PCI_SLOT_MAX * PCI_FUNC_MAX - 1; i >= 0; i--) {
1301         SpaprDrc *drc = drc_from_devfn(phb, chassis, i);
1302 
1303         if (drc) {
1304             object_unparent(OBJECT(drc));
1305         }
1306     }
1307 }
1308 
1309 typedef struct PciWalkFdt {
1310     void *fdt;
1311     int offset;
1312     SpaprPhbState *sphb;
1313     int err;
1314 } PciWalkFdt;
1315 
1316 static int spapr_dt_pci_device(SpaprPhbState *sphb, PCIDevice *dev,
1317                                void *fdt, int parent_offset);
1318 
1319 static void spapr_dt_pci_device_cb(PCIBus *bus, PCIDevice *pdev,
1320                                    void *opaque)
1321 {
1322     PciWalkFdt *p = opaque;
1323     int err;
1324 
1325     if (p->err) {
1326         /* Something's already broken, don't keep going */
1327         return;
1328     }
1329 
1330     err = spapr_dt_pci_device(p->sphb, pdev, p->fdt, p->offset);
1331     if (err < 0) {
1332         p->err = err;
1333     }
1334 }
1335 
1336 /* Augment PCI device node with bridge specific information */
1337 static int spapr_dt_pci_bus(SpaprPhbState *sphb, PCIBus *bus,
1338                                void *fdt, int offset)
1339 {
1340     Object *owner;
1341     PciWalkFdt cbinfo = {
1342         .fdt = fdt,
1343         .offset = offset,
1344         .sphb = sphb,
1345         .err = 0,
1346     };
1347     int ret;
1348 
1349     _FDT(fdt_setprop_cell(fdt, offset, "#address-cells",
1350                           RESOURCE_CELLS_ADDRESS));
1351     _FDT(fdt_setprop_cell(fdt, offset, "#size-cells",
1352                           RESOURCE_CELLS_SIZE));
1353 
1354     assert(bus);
1355     pci_for_each_device_reverse(bus, pci_bus_num(bus),
1356                                 spapr_dt_pci_device_cb, &cbinfo);
1357     if (cbinfo.err) {
1358         return cbinfo.err;
1359     }
1360 
1361     if (pci_bus_is_root(bus)) {
1362         owner = OBJECT(sphb);
1363     } else {
1364         owner = OBJECT(pci_bridge_get_device(bus));
1365     }
1366 
1367     ret = spapr_dt_drc(fdt, offset, owner,
1368                        SPAPR_DR_CONNECTOR_TYPE_PCI);
1369     if (ret) {
1370         return ret;
1371     }
1372 
1373     return offset;
1374 }
1375 
1376 /* create OF node for pci device and required OF DT properties */
1377 static int spapr_dt_pci_device(SpaprPhbState *sphb, PCIDevice *dev,
1378                                void *fdt, int parent_offset)
1379 {
1380     int offset;
1381     const gchar *basename;
1382     gchar *nodename;
1383     int slot = PCI_SLOT(dev->devfn);
1384     int func = PCI_FUNC(dev->devfn);
1385     PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
1386     ResourceProps rp;
1387     SpaprDrc *drc = drc_from_dev(sphb, dev);
1388     uint32_t vendor_id = pci_default_read_config(dev, PCI_VENDOR_ID, 2);
1389     uint32_t device_id = pci_default_read_config(dev, PCI_DEVICE_ID, 2);
1390     uint32_t revision_id = pci_default_read_config(dev, PCI_REVISION_ID, 1);
1391     uint32_t ccode = pci_default_read_config(dev, PCI_CLASS_PROG, 3);
1392     uint32_t irq_pin = pci_default_read_config(dev, PCI_INTERRUPT_PIN, 1);
1393     uint32_t subsystem_id = pci_default_read_config(dev, PCI_SUBSYSTEM_ID, 2);
1394     uint32_t subsystem_vendor_id =
1395         pci_default_read_config(dev, PCI_SUBSYSTEM_VENDOR_ID, 2);
1396     uint32_t cache_line_size =
1397         pci_default_read_config(dev, PCI_CACHE_LINE_SIZE, 1);
1398     uint32_t pci_status = pci_default_read_config(dev, PCI_STATUS, 2);
1399     gchar *loc_code;
1400 
1401     basename = dt_name_from_class((ccode >> 16) & 0xff, (ccode >> 8) & 0xff,
1402                                   ccode & 0xff);
1403 
1404     if (func != 0) {
1405         nodename = g_strdup_printf("%s@%x,%x", basename, slot, func);
1406     } else {
1407         nodename = g_strdup_printf("%s@%x", basename, slot);
1408     }
1409 
1410     _FDT(offset = fdt_add_subnode(fdt, parent_offset, nodename));
1411 
1412     g_free(nodename);
1413 
1414     /* in accordance with PAPR+ v2.7 13.6.3, Table 181 */
1415     _FDT(fdt_setprop_cell(fdt, offset, "vendor-id", vendor_id));
1416     _FDT(fdt_setprop_cell(fdt, offset, "device-id", device_id));
1417     _FDT(fdt_setprop_cell(fdt, offset, "revision-id", revision_id));
1418 
1419     _FDT(fdt_setprop_cell(fdt, offset, "class-code", ccode));
1420     if (irq_pin) {
1421         _FDT(fdt_setprop_cell(fdt, offset, "interrupts", irq_pin));
1422     }
1423 
1424     if (subsystem_id) {
1425         _FDT(fdt_setprop_cell(fdt, offset, "subsystem-id", subsystem_id));
1426     }
1427 
1428     if (subsystem_vendor_id) {
1429         _FDT(fdt_setprop_cell(fdt, offset, "subsystem-vendor-id",
1430                               subsystem_vendor_id));
1431     }
1432 
1433     _FDT(fdt_setprop_cell(fdt, offset, "cache-line-size", cache_line_size));
1434 
1435 
1436     /* the following fdt cells are masked off the pci status register */
1437     _FDT(fdt_setprop_cell(fdt, offset, "devsel-speed",
1438                           PCI_STATUS_DEVSEL_MASK & pci_status));
1439 
1440     if (pci_status & PCI_STATUS_FAST_BACK) {
1441         _FDT(fdt_setprop(fdt, offset, "fast-back-to-back", NULL, 0));
1442     }
1443     if (pci_status & PCI_STATUS_66MHZ) {
1444         _FDT(fdt_setprop(fdt, offset, "66mhz-capable", NULL, 0));
1445     }
1446     if (pci_status & PCI_STATUS_UDF) {
1447         _FDT(fdt_setprop(fdt, offset, "udf-supported", NULL, 0));
1448     }
1449 
1450     loc_code = spapr_phb_get_loc_code(sphb, dev);
1451     _FDT(fdt_setprop_string(fdt, offset, "ibm,loc-code", loc_code));
1452     g_free(loc_code);
1453 
1454     if (drc) {
1455         _FDT(fdt_setprop_cell(fdt, offset, "ibm,my-drc-index",
1456                               spapr_drc_index(drc)));
1457     }
1458 
1459     if (msi_present(dev)) {
1460         uint32_t max_msi = msi_nr_vectors_allocated(dev);
1461         if (max_msi) {
1462             _FDT(fdt_setprop_cell(fdt, offset, "ibm,req#msi", max_msi));
1463         }
1464     }
1465     if (msix_present(dev)) {
1466         uint32_t max_msix = dev->msix_entries_nr;
1467         if (max_msix) {
1468             _FDT(fdt_setprop_cell(fdt, offset, "ibm,req#msi-x", max_msix));
1469         }
1470     }
1471 
1472     populate_resource_props(dev, &rp);
1473     _FDT(fdt_setprop(fdt, offset, "reg", (uint8_t *)rp.reg, rp.reg_len));
1474     _FDT(fdt_setprop(fdt, offset, "assigned-addresses",
1475                      (uint8_t *)rp.assigned, rp.assigned_len));
1476 
1477     if (sphb->pcie_ecs && pci_is_express(dev)) {
1478         _FDT(fdt_setprop_cell(fdt, offset, "ibm,pci-config-space-type", 0x1));
1479     }
1480 
1481     spapr_phb_nvgpu_populate_pcidev_dt(dev, fdt, offset, sphb);
1482 
1483     if (!pc->is_bridge) {
1484         /* Properties only for non-bridges */
1485         uint32_t min_grant = pci_default_read_config(dev, PCI_MIN_GNT, 1);
1486         uint32_t max_latency = pci_default_read_config(dev, PCI_MAX_LAT, 1);
1487         _FDT(fdt_setprop_cell(fdt, offset, "min-grant", min_grant));
1488         _FDT(fdt_setprop_cell(fdt, offset, "max-latency", max_latency));
1489         return offset;
1490     } else {
1491         PCIBus *sec_bus = pci_bridge_get_sec_bus(PCI_BRIDGE(dev));
1492 
1493         return spapr_dt_pci_bus(sphb, sec_bus, fdt, offset);
1494     }
1495 }
1496 
1497 /* Callback to be called during DRC release. */
1498 void spapr_phb_remove_pci_device_cb(DeviceState *dev)
1499 {
1500     HotplugHandler *hotplug_ctrl = qdev_get_hotplug_handler(dev);
1501 
1502     hotplug_handler_unplug(hotplug_ctrl, dev, &error_abort);
1503     object_unparent(OBJECT(dev));
1504 }
1505 
1506 int spapr_pci_dt_populate(SpaprDrc *drc, SpaprMachineState *spapr,
1507                           void *fdt, int *fdt_start_offset, Error **errp)
1508 {
1509     HotplugHandler *plug_handler = qdev_get_hotplug_handler(drc->dev);
1510     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(plug_handler);
1511     PCIDevice *pdev = PCI_DEVICE(drc->dev);
1512 
1513     *fdt_start_offset = spapr_dt_pci_device(sphb, pdev, fdt, 0);
1514     return 0;
1515 }
1516 
1517 static void spapr_pci_bridge_plug(SpaprPhbState *phb,
1518                                   PCIBridge *bridge,
1519                                   Error **errp)
1520 {
1521     Error *local_err = NULL;
1522     PCIBus *bus = pci_bridge_get_sec_bus(bridge);
1523 
1524     add_drcs(phb, bus, &local_err);
1525     if (local_err) {
1526         error_propagate(errp, local_err);
1527         return;
1528     }
1529 }
1530 
1531 static void spapr_pci_plug(HotplugHandler *plug_handler,
1532                            DeviceState *plugged_dev, Error **errp)
1533 {
1534     SpaprPhbState *phb = SPAPR_PCI_HOST_BRIDGE(DEVICE(plug_handler));
1535     PCIDevice *pdev = PCI_DEVICE(plugged_dev);
1536     PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(plugged_dev);
1537     SpaprDrc *drc = drc_from_dev(phb, pdev);
1538     Error *local_err = NULL;
1539     PCIBus *bus = PCI_BUS(qdev_get_parent_bus(DEVICE(pdev)));
1540     uint32_t slotnr = PCI_SLOT(pdev->devfn);
1541 
1542     /* if DR is disabled we don't need to do anything in the case of
1543      * hotplug or coldplug callbacks
1544      */
1545     if (!phb->dr_enabled) {
1546         /* if this is a hotplug operation initiated by the user
1547          * we need to let them know it's not enabled
1548          */
1549         if (plugged_dev->hotplugged) {
1550             error_setg(&local_err, QERR_BUS_NO_HOTPLUG,
1551                        object_get_typename(OBJECT(phb)));
1552         }
1553         goto out;
1554     }
1555 
1556     g_assert(drc);
1557 
1558     if (pc->is_bridge) {
1559         spapr_pci_bridge_plug(phb, PCI_BRIDGE(plugged_dev), &local_err);
1560         if (local_err) {
1561             error_propagate(errp, local_err);
1562             return;
1563         }
1564     }
1565 
1566     /* Following the QEMU convention used for PCIe multifunction
1567      * hotplug, we do not allow functions to be hotplugged to a
1568      * slot that already has function 0 present
1569      */
1570     if (plugged_dev->hotplugged && bus->devices[PCI_DEVFN(slotnr, 0)] &&
1571         PCI_FUNC(pdev->devfn) != 0) {
1572         error_setg(&local_err, "PCI: slot %d function 0 already ocuppied by %s,"
1573                    " additional functions can no longer be exposed to guest.",
1574                    slotnr, bus->devices[PCI_DEVFN(slotnr, 0)]->name);
1575         goto out;
1576     }
1577 
1578     spapr_drc_attach(drc, DEVICE(pdev), &local_err);
1579     if (local_err) {
1580         goto out;
1581     }
1582 
1583     /* If this is function 0, signal hotplug for all the device functions.
1584      * Otherwise defer sending the hotplug event.
1585      */
1586     if (!spapr_drc_hotplugged(plugged_dev)) {
1587         spapr_drc_reset(drc);
1588     } else if (PCI_FUNC(pdev->devfn) == 0) {
1589         int i;
1590         uint8_t chassis = chassis_from_bus(pci_get_bus(pdev), &local_err);
1591 
1592         if (local_err) {
1593             error_propagate(errp, local_err);
1594             return;
1595         }
1596 
1597         for (i = 0; i < 8; i++) {
1598             SpaprDrc *func_drc;
1599             SpaprDrcClass *func_drck;
1600             SpaprDREntitySense state;
1601 
1602             func_drc = drc_from_devfn(phb, chassis, PCI_DEVFN(slotnr, i));
1603             func_drck = SPAPR_DR_CONNECTOR_GET_CLASS(func_drc);
1604             state = func_drck->dr_entity_sense(func_drc);
1605 
1606             if (state == SPAPR_DR_ENTITY_SENSE_PRESENT) {
1607                 spapr_hotplug_req_add_by_index(func_drc);
1608             }
1609         }
1610     }
1611 
1612 out:
1613     error_propagate(errp, local_err);
1614 }
1615 
1616 static void spapr_pci_bridge_unplug(SpaprPhbState *phb,
1617                                     PCIBridge *bridge,
1618                                     Error **errp)
1619 {
1620     Error *local_err = NULL;
1621     PCIBus *bus = pci_bridge_get_sec_bus(bridge);
1622 
1623     remove_drcs(phb, bus, &local_err);
1624     if (local_err) {
1625         error_propagate(errp, local_err);
1626         return;
1627     }
1628 }
1629 
1630 static void spapr_pci_unplug(HotplugHandler *plug_handler,
1631                              DeviceState *plugged_dev, Error **errp)
1632 {
1633     PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(plugged_dev);
1634     SpaprPhbState *phb = SPAPR_PCI_HOST_BRIDGE(DEVICE(plug_handler));
1635 
1636     /* some version guests do not wait for completion of a device
1637      * cleanup (generally done asynchronously by the kernel) before
1638      * signaling to QEMU that the device is safe, but instead sleep
1639      * for some 'safe' period of time. unfortunately on a busy host
1640      * this sleep isn't guaranteed to be long enough, resulting in
1641      * bad things like IRQ lines being left asserted during final
1642      * device removal. to deal with this we call reset just prior
1643      * to finalizing the device, which will put the device back into
1644      * an 'idle' state, as the device cleanup code expects.
1645      */
1646     pci_device_reset(PCI_DEVICE(plugged_dev));
1647 
1648     if (pc->is_bridge) {
1649         Error *local_err = NULL;
1650         spapr_pci_bridge_unplug(phb, PCI_BRIDGE(plugged_dev), &local_err);
1651         if (local_err) {
1652             error_propagate(errp, local_err);
1653         }
1654         return;
1655     }
1656 
1657     object_property_set_bool(OBJECT(plugged_dev), false, "realized", NULL);
1658 }
1659 
1660 static void spapr_pci_unplug_request(HotplugHandler *plug_handler,
1661                                      DeviceState *plugged_dev, Error **errp)
1662 {
1663     SpaprPhbState *phb = SPAPR_PCI_HOST_BRIDGE(DEVICE(plug_handler));
1664     PCIDevice *pdev = PCI_DEVICE(plugged_dev);
1665     SpaprDrc *drc = drc_from_dev(phb, pdev);
1666 
1667     if (!phb->dr_enabled) {
1668         error_setg(errp, QERR_BUS_NO_HOTPLUG,
1669                    object_get_typename(OBJECT(phb)));
1670         return;
1671     }
1672 
1673     g_assert(drc);
1674     g_assert(drc->dev == plugged_dev);
1675 
1676     if (!spapr_drc_unplug_requested(drc)) {
1677         PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(plugged_dev);
1678         uint32_t slotnr = PCI_SLOT(pdev->devfn);
1679         SpaprDrc *func_drc;
1680         SpaprDrcClass *func_drck;
1681         SpaprDREntitySense state;
1682         int i;
1683         Error *local_err = NULL;
1684         uint8_t chassis = chassis_from_bus(pci_get_bus(pdev), &local_err);
1685 
1686         if (local_err) {
1687             error_propagate(errp, local_err);
1688             return;
1689         }
1690 
1691         if (pc->is_bridge) {
1692             error_setg(errp, "PCI: Hot unplug of PCI bridges not supported");
1693         }
1694 
1695         /* ensure any other present functions are pending unplug */
1696         if (PCI_FUNC(pdev->devfn) == 0) {
1697             for (i = 1; i < 8; i++) {
1698                 func_drc = drc_from_devfn(phb, chassis, PCI_DEVFN(slotnr, i));
1699                 func_drck = SPAPR_DR_CONNECTOR_GET_CLASS(func_drc);
1700                 state = func_drck->dr_entity_sense(func_drc);
1701                 if (state == SPAPR_DR_ENTITY_SENSE_PRESENT
1702                     && !spapr_drc_unplug_requested(func_drc)) {
1703                     /*
1704                      * Attempting to remove function 0 of a multifunction
1705                      * device will will cascade into removing all child
1706                      * functions, even if their unplug weren't requested
1707                      * beforehand.
1708                      */
1709                     spapr_drc_detach(func_drc);
1710                 }
1711             }
1712         }
1713 
1714         spapr_drc_detach(drc);
1715 
1716         /* if this isn't func 0, defer unplug event. otherwise signal removal
1717          * for all present functions
1718          */
1719         if (PCI_FUNC(pdev->devfn) == 0) {
1720             for (i = 7; i >= 0; i--) {
1721                 func_drc = drc_from_devfn(phb, chassis, PCI_DEVFN(slotnr, i));
1722                 func_drck = SPAPR_DR_CONNECTOR_GET_CLASS(func_drc);
1723                 state = func_drck->dr_entity_sense(func_drc);
1724                 if (state == SPAPR_DR_ENTITY_SENSE_PRESENT) {
1725                     spapr_hotplug_req_remove_by_index(func_drc);
1726                 }
1727             }
1728         }
1729     }
1730 }
1731 
1732 static void spapr_phb_finalizefn(Object *obj)
1733 {
1734     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(obj);
1735 
1736     g_free(sphb->dtbusname);
1737     sphb->dtbusname = NULL;
1738 }
1739 
1740 static void spapr_phb_unrealize(DeviceState *dev, Error **errp)
1741 {
1742     SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
1743     SysBusDevice *s = SYS_BUS_DEVICE(dev);
1744     PCIHostState *phb = PCI_HOST_BRIDGE(s);
1745     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(phb);
1746     SpaprTceTable *tcet;
1747     int i;
1748     const unsigned windows_supported = spapr_phb_windows_supported(sphb);
1749     Error *local_err = NULL;
1750 
1751     spapr_phb_nvgpu_free(sphb);
1752 
1753     if (sphb->msi) {
1754         g_hash_table_unref(sphb->msi);
1755         sphb->msi = NULL;
1756     }
1757 
1758     /*
1759      * Remove IO/MMIO subregions and aliases, rest should get cleaned
1760      * via PHB's unrealize->object_finalize
1761      */
1762     for (i = windows_supported - 1; i >= 0; i--) {
1763         tcet = spapr_tce_find_by_liobn(sphb->dma_liobn[i]);
1764         if (tcet) {
1765             memory_region_del_subregion(&sphb->iommu_root,
1766                                         spapr_tce_get_iommu(tcet));
1767         }
1768     }
1769 
1770     remove_drcs(sphb, phb->bus, &local_err);
1771     if (local_err) {
1772         error_propagate(errp, local_err);
1773         return;
1774     }
1775 
1776     for (i = PCI_NUM_PINS - 1; i >= 0; i--) {
1777         if (sphb->lsi_table[i].irq) {
1778             spapr_irq_free(spapr, sphb->lsi_table[i].irq, 1);
1779             sphb->lsi_table[i].irq = 0;
1780         }
1781     }
1782 
1783     QLIST_REMOVE(sphb, list);
1784 
1785     memory_region_del_subregion(&sphb->iommu_root, &sphb->msiwindow);
1786 
1787     /*
1788      * An attached PCI device may have memory listeners, eg. VFIO PCI. We have
1789      * unmapped all sections. Remove the listeners now, before destroying the
1790      * address space.
1791      */
1792     address_space_remove_listeners(&sphb->iommu_as);
1793     address_space_destroy(&sphb->iommu_as);
1794 
1795     qbus_set_hotplug_handler(BUS(phb->bus), NULL, &error_abort);
1796     pci_unregister_root_bus(phb->bus);
1797 
1798     memory_region_del_subregion(get_system_memory(), &sphb->iowindow);
1799     if (sphb->mem64_win_pciaddr != (hwaddr)-1) {
1800         memory_region_del_subregion(get_system_memory(), &sphb->mem64window);
1801     }
1802     memory_region_del_subregion(get_system_memory(), &sphb->mem32window);
1803 }
1804 
1805 static void spapr_phb_destroy_msi(gpointer opaque)
1806 {
1807     SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
1808     SpaprMachineClass *smc = SPAPR_MACHINE_GET_CLASS(spapr);
1809     SpaprPciMsi *msi = opaque;
1810 
1811     if (!smc->legacy_irq_allocation) {
1812         spapr_irq_msi_free(spapr, msi->first_irq, msi->num);
1813     }
1814     spapr_irq_free(spapr, msi->first_irq, msi->num);
1815     g_free(msi);
1816 }
1817 
1818 static void spapr_phb_realize(DeviceState *dev, Error **errp)
1819 {
1820     /* We don't use SPAPR_MACHINE() in order to exit gracefully if the user
1821      * tries to add a sPAPR PHB to a non-pseries machine.
1822      */
1823     SpaprMachineState *spapr =
1824         (SpaprMachineState *) object_dynamic_cast(qdev_get_machine(),
1825                                                   TYPE_SPAPR_MACHINE);
1826     SpaprMachineClass *smc = spapr ? SPAPR_MACHINE_GET_CLASS(spapr) : NULL;
1827     SysBusDevice *s = SYS_BUS_DEVICE(dev);
1828     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(s);
1829     PCIHostState *phb = PCI_HOST_BRIDGE(s);
1830     MachineState *ms = MACHINE(spapr);
1831     char *namebuf;
1832     int i;
1833     PCIBus *bus;
1834     uint64_t msi_window_size = 4096;
1835     SpaprTceTable *tcet;
1836     const unsigned windows_supported = spapr_phb_windows_supported(sphb);
1837     Error *local_err = NULL;
1838 
1839     if (!spapr) {
1840         error_setg(errp, TYPE_SPAPR_PCI_HOST_BRIDGE " needs a pseries machine");
1841         return;
1842     }
1843 
1844     assert(sphb->index != (uint32_t)-1); /* checked in spapr_phb_pre_plug() */
1845 
1846     if (sphb->mem64_win_size != 0) {
1847         if (sphb->mem_win_size > SPAPR_PCI_MEM32_WIN_SIZE) {
1848             error_setg(errp, "32-bit memory window of size 0x%"HWADDR_PRIx
1849                        " (max 2 GiB)", sphb->mem_win_size);
1850             return;
1851         }
1852 
1853         /* 64-bit window defaults to identity mapping */
1854         sphb->mem64_win_pciaddr = sphb->mem64_win_addr;
1855     } else if (sphb->mem_win_size > SPAPR_PCI_MEM32_WIN_SIZE) {
1856         /*
1857          * For compatibility with old configuration, if no 64-bit MMIO
1858          * window is specified, but the ordinary (32-bit) memory
1859          * window is specified as > 2GiB, we treat it as a 2GiB 32-bit
1860          * window, with a 64-bit MMIO window following on immediately
1861          * afterwards
1862          */
1863         sphb->mem64_win_size = sphb->mem_win_size - SPAPR_PCI_MEM32_WIN_SIZE;
1864         sphb->mem64_win_addr = sphb->mem_win_addr + SPAPR_PCI_MEM32_WIN_SIZE;
1865         sphb->mem64_win_pciaddr =
1866             SPAPR_PCI_MEM_WIN_BUS_OFFSET + SPAPR_PCI_MEM32_WIN_SIZE;
1867         sphb->mem_win_size = SPAPR_PCI_MEM32_WIN_SIZE;
1868     }
1869 
1870     if (spapr_pci_find_phb(spapr, sphb->buid)) {
1871         SpaprPhbState *s;
1872 
1873         error_setg(errp, "PCI host bridges must have unique indexes");
1874         error_append_hint(errp, "The following indexes are already in use:");
1875         QLIST_FOREACH(s, &spapr->phbs, list) {
1876             error_append_hint(errp, " %d", s->index);
1877         }
1878         error_append_hint(errp, "\nTry another value for the index property\n");
1879         return;
1880     }
1881 
1882     if (sphb->numa_node != -1 &&
1883         (sphb->numa_node >= MAX_NODES ||
1884          !ms->numa_state->nodes[sphb->numa_node].present)) {
1885         error_setg(errp, "Invalid NUMA node ID for PCI host bridge");
1886         return;
1887     }
1888 
1889     sphb->dtbusname = g_strdup_printf("pci@%" PRIx64, sphb->buid);
1890 
1891     /* Initialize memory regions */
1892     namebuf = g_strdup_printf("%s.mmio", sphb->dtbusname);
1893     memory_region_init(&sphb->memspace, OBJECT(sphb), namebuf, UINT64_MAX);
1894     g_free(namebuf);
1895 
1896     namebuf = g_strdup_printf("%s.mmio32-alias", sphb->dtbusname);
1897     memory_region_init_alias(&sphb->mem32window, OBJECT(sphb),
1898                              namebuf, &sphb->memspace,
1899                              SPAPR_PCI_MEM_WIN_BUS_OFFSET, sphb->mem_win_size);
1900     g_free(namebuf);
1901     memory_region_add_subregion(get_system_memory(), sphb->mem_win_addr,
1902                                 &sphb->mem32window);
1903 
1904     if (sphb->mem64_win_size != 0) {
1905         namebuf = g_strdup_printf("%s.mmio64-alias", sphb->dtbusname);
1906         memory_region_init_alias(&sphb->mem64window, OBJECT(sphb),
1907                                  namebuf, &sphb->memspace,
1908                                  sphb->mem64_win_pciaddr, sphb->mem64_win_size);
1909         g_free(namebuf);
1910 
1911         memory_region_add_subregion(get_system_memory(),
1912                                     sphb->mem64_win_addr,
1913                                     &sphb->mem64window);
1914     }
1915 
1916     /* Initialize IO regions */
1917     namebuf = g_strdup_printf("%s.io", sphb->dtbusname);
1918     memory_region_init(&sphb->iospace, OBJECT(sphb),
1919                        namebuf, SPAPR_PCI_IO_WIN_SIZE);
1920     g_free(namebuf);
1921 
1922     namebuf = g_strdup_printf("%s.io-alias", sphb->dtbusname);
1923     memory_region_init_alias(&sphb->iowindow, OBJECT(sphb), namebuf,
1924                              &sphb->iospace, 0, SPAPR_PCI_IO_WIN_SIZE);
1925     g_free(namebuf);
1926     memory_region_add_subregion(get_system_memory(), sphb->io_win_addr,
1927                                 &sphb->iowindow);
1928 
1929     bus = pci_register_root_bus(dev, NULL,
1930                                 pci_spapr_set_irq, pci_swizzle_map_irq_fn, sphb,
1931                                 &sphb->memspace, &sphb->iospace,
1932                                 PCI_DEVFN(0, 0), PCI_NUM_PINS,
1933                                 TYPE_PCI_BUS);
1934 
1935     /*
1936      * Despite resembling a vanilla PCI bus in most ways, the PAPR
1937      * para-virtualized PCI bus *does* permit PCI-E extended config
1938      * space access
1939      */
1940     if (sphb->pcie_ecs) {
1941         bus->flags |= PCI_BUS_EXTENDED_CONFIG_SPACE;
1942     }
1943     phb->bus = bus;
1944     qbus_set_hotplug_handler(BUS(phb->bus), OBJECT(sphb), NULL);
1945 
1946     /*
1947      * Initialize PHB address space.
1948      * By default there will be at least one subregion for default
1949      * 32bit DMA window.
1950      * Later the guest might want to create another DMA window
1951      * which will become another memory subregion.
1952      */
1953     namebuf = g_strdup_printf("%s.iommu-root", sphb->dtbusname);
1954     memory_region_init(&sphb->iommu_root, OBJECT(sphb),
1955                        namebuf, UINT64_MAX);
1956     g_free(namebuf);
1957     address_space_init(&sphb->iommu_as, &sphb->iommu_root,
1958                        sphb->dtbusname);
1959 
1960     /*
1961      * As MSI/MSIX interrupts trigger by writing at MSI/MSIX vectors,
1962      * we need to allocate some memory to catch those writes coming
1963      * from msi_notify()/msix_notify().
1964      * As MSIMessage:addr is going to be the same and MSIMessage:data
1965      * is going to be a VIRQ number, 4 bytes of the MSI MR will only
1966      * be used.
1967      *
1968      * For KVM we want to ensure that this memory is a full page so that
1969      * our memory slot is of page size granularity.
1970      */
1971     if (kvm_enabled()) {
1972         msi_window_size = getpagesize();
1973     }
1974 
1975     memory_region_init_io(&sphb->msiwindow, OBJECT(sphb), &spapr_msi_ops, spapr,
1976                           "msi", msi_window_size);
1977     memory_region_add_subregion(&sphb->iommu_root, SPAPR_PCI_MSI_WINDOW,
1978                                 &sphb->msiwindow);
1979 
1980     pci_setup_iommu(bus, spapr_pci_dma_iommu, sphb);
1981 
1982     pci_bus_set_route_irq_fn(bus, spapr_route_intx_pin_to_irq);
1983 
1984     QLIST_INSERT_HEAD(&spapr->phbs, sphb, list);
1985 
1986     /* Initialize the LSI table */
1987     for (i = 0; i < PCI_NUM_PINS; i++) {
1988         uint32_t irq = SPAPR_IRQ_PCI_LSI + sphb->index * PCI_NUM_PINS + i;
1989 
1990         if (smc->legacy_irq_allocation) {
1991             irq = spapr_irq_findone(spapr, &local_err);
1992             if (local_err) {
1993                 error_propagate_prepend(errp, local_err,
1994                                         "can't allocate LSIs: ");
1995                 /*
1996                  * Older machines will never support PHB hotplug, ie, this is an
1997                  * init only path and QEMU will terminate. No need to rollback.
1998                  */
1999                 return;
2000             }
2001         }
2002 
2003         spapr_irq_claim(spapr, irq, true, &local_err);
2004         if (local_err) {
2005             error_propagate_prepend(errp, local_err, "can't allocate LSIs: ");
2006             goto unrealize;
2007         }
2008 
2009         sphb->lsi_table[i].irq = irq;
2010     }
2011 
2012     /* allocate connectors for child PCI devices */
2013     add_drcs(sphb, phb->bus, &local_err);
2014     if (local_err) {
2015         error_propagate(errp, local_err);
2016         goto unrealize;
2017     }
2018 
2019     /* DMA setup */
2020     for (i = 0; i < windows_supported; ++i) {
2021         tcet = spapr_tce_new_table(DEVICE(sphb), sphb->dma_liobn[i]);
2022         if (!tcet) {
2023             error_setg(errp, "Creating window#%d failed for %s",
2024                        i, sphb->dtbusname);
2025             goto unrealize;
2026         }
2027         memory_region_add_subregion(&sphb->iommu_root, 0,
2028                                     spapr_tce_get_iommu(tcet));
2029     }
2030 
2031     sphb->msi = g_hash_table_new_full(g_int_hash, g_int_equal, g_free,
2032                                       spapr_phb_destroy_msi);
2033     return;
2034 
2035 unrealize:
2036     spapr_phb_unrealize(dev, NULL);
2037 }
2038 
2039 static int spapr_phb_children_reset(Object *child, void *opaque)
2040 {
2041     DeviceState *dev = (DeviceState *) object_dynamic_cast(child, TYPE_DEVICE);
2042 
2043     if (dev) {
2044         device_reset(dev);
2045     }
2046 
2047     return 0;
2048 }
2049 
2050 void spapr_phb_dma_reset(SpaprPhbState *sphb)
2051 {
2052     int i;
2053     SpaprTceTable *tcet;
2054 
2055     for (i = 0; i < SPAPR_PCI_DMA_MAX_WINDOWS; ++i) {
2056         tcet = spapr_tce_find_by_liobn(sphb->dma_liobn[i]);
2057 
2058         if (tcet && tcet->nb_table) {
2059             spapr_tce_table_disable(tcet);
2060         }
2061     }
2062 
2063     /* Register default 32bit DMA window */
2064     tcet = spapr_tce_find_by_liobn(sphb->dma_liobn[0]);
2065     spapr_tce_table_enable(tcet, SPAPR_TCE_PAGE_SHIFT, sphb->dma_win_addr,
2066                            sphb->dma_win_size >> SPAPR_TCE_PAGE_SHIFT);
2067 }
2068 
2069 static void spapr_phb_reset(DeviceState *qdev)
2070 {
2071     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(qdev);
2072     Error *errp = NULL;
2073 
2074     spapr_phb_dma_reset(sphb);
2075     spapr_phb_nvgpu_free(sphb);
2076     spapr_phb_nvgpu_setup(sphb, &errp);
2077     if (errp) {
2078         error_report_err(errp);
2079     }
2080 
2081     /* Reset the IOMMU state */
2082     object_child_foreach(OBJECT(qdev), spapr_phb_children_reset, NULL);
2083 
2084     if (spapr_phb_eeh_available(SPAPR_PCI_HOST_BRIDGE(qdev))) {
2085         spapr_phb_vfio_reset(qdev);
2086     }
2087 
2088     g_hash_table_remove_all(sphb->msi);
2089 }
2090 
2091 static Property spapr_phb_properties[] = {
2092     DEFINE_PROP_UINT32("index", SpaprPhbState, index, -1),
2093     DEFINE_PROP_UINT64("mem_win_size", SpaprPhbState, mem_win_size,
2094                        SPAPR_PCI_MEM32_WIN_SIZE),
2095     DEFINE_PROP_UINT64("mem64_win_size", SpaprPhbState, mem64_win_size,
2096                        SPAPR_PCI_MEM64_WIN_SIZE),
2097     DEFINE_PROP_UINT64("io_win_size", SpaprPhbState, io_win_size,
2098                        SPAPR_PCI_IO_WIN_SIZE),
2099     DEFINE_PROP_BOOL("dynamic-reconfiguration", SpaprPhbState, dr_enabled,
2100                      true),
2101     /* Default DMA window is 0..1GB */
2102     DEFINE_PROP_UINT64("dma_win_addr", SpaprPhbState, dma_win_addr, 0),
2103     DEFINE_PROP_UINT64("dma_win_size", SpaprPhbState, dma_win_size, 0x40000000),
2104     DEFINE_PROP_UINT64("dma64_win_addr", SpaprPhbState, dma64_win_addr,
2105                        0x800000000000000ULL),
2106     DEFINE_PROP_BOOL("ddw", SpaprPhbState, ddw_enabled, true),
2107     DEFINE_PROP_UINT64("pgsz", SpaprPhbState, page_size_mask,
2108                        (1ULL << 12) | (1ULL << 16)
2109                        | (1ULL << 21) | (1ULL << 24)),
2110     DEFINE_PROP_UINT32("numa_node", SpaprPhbState, numa_node, -1),
2111     DEFINE_PROP_BOOL("pre-2.8-migration", SpaprPhbState,
2112                      pre_2_8_migration, false),
2113     DEFINE_PROP_BOOL("pcie-extended-configuration-space", SpaprPhbState,
2114                      pcie_ecs, true),
2115     DEFINE_PROP_UINT64("gpa", SpaprPhbState, nv2_gpa_win_addr, 0),
2116     DEFINE_PROP_UINT64("atsd", SpaprPhbState, nv2_atsd_win_addr, 0),
2117     DEFINE_PROP_END_OF_LIST(),
2118 };
2119 
2120 static const VMStateDescription vmstate_spapr_pci_lsi = {
2121     .name = "spapr_pci/lsi",
2122     .version_id = 1,
2123     .minimum_version_id = 1,
2124     .fields = (VMStateField[]) {
2125         VMSTATE_UINT32_EQUAL(irq, SpaprPciLsi, NULL),
2126 
2127         VMSTATE_END_OF_LIST()
2128     },
2129 };
2130 
2131 static const VMStateDescription vmstate_spapr_pci_msi = {
2132     .name = "spapr_pci/msi",
2133     .version_id = 1,
2134     .minimum_version_id = 1,
2135     .fields = (VMStateField []) {
2136         VMSTATE_UINT32(key, SpaprPciMsiMig),
2137         VMSTATE_UINT32(value.first_irq, SpaprPciMsiMig),
2138         VMSTATE_UINT32(value.num, SpaprPciMsiMig),
2139         VMSTATE_END_OF_LIST()
2140     },
2141 };
2142 
2143 static int spapr_pci_pre_save(void *opaque)
2144 {
2145     SpaprPhbState *sphb = opaque;
2146     GHashTableIter iter;
2147     gpointer key, value;
2148     int i;
2149 
2150     if (sphb->pre_2_8_migration) {
2151         sphb->mig_liobn = sphb->dma_liobn[0];
2152         sphb->mig_mem_win_addr = sphb->mem_win_addr;
2153         sphb->mig_mem_win_size = sphb->mem_win_size;
2154         sphb->mig_io_win_addr = sphb->io_win_addr;
2155         sphb->mig_io_win_size = sphb->io_win_size;
2156 
2157         if ((sphb->mem64_win_size != 0)
2158             && (sphb->mem64_win_addr
2159                 == (sphb->mem_win_addr + sphb->mem_win_size))) {
2160             sphb->mig_mem_win_size += sphb->mem64_win_size;
2161         }
2162     }
2163 
2164     g_free(sphb->msi_devs);
2165     sphb->msi_devs = NULL;
2166     sphb->msi_devs_num = g_hash_table_size(sphb->msi);
2167     if (!sphb->msi_devs_num) {
2168         return 0;
2169     }
2170     sphb->msi_devs = g_new(SpaprPciMsiMig, sphb->msi_devs_num);
2171 
2172     g_hash_table_iter_init(&iter, sphb->msi);
2173     for (i = 0; g_hash_table_iter_next(&iter, &key, &value); ++i) {
2174         sphb->msi_devs[i].key = *(uint32_t *) key;
2175         sphb->msi_devs[i].value = *(SpaprPciMsi *) value;
2176     }
2177 
2178     return 0;
2179 }
2180 
2181 static int spapr_pci_post_load(void *opaque, int version_id)
2182 {
2183     SpaprPhbState *sphb = opaque;
2184     gpointer key, value;
2185     int i;
2186 
2187     for (i = 0; i < sphb->msi_devs_num; ++i) {
2188         key = g_memdup(&sphb->msi_devs[i].key,
2189                        sizeof(sphb->msi_devs[i].key));
2190         value = g_memdup(&sphb->msi_devs[i].value,
2191                          sizeof(sphb->msi_devs[i].value));
2192         g_hash_table_insert(sphb->msi, key, value);
2193     }
2194     g_free(sphb->msi_devs);
2195     sphb->msi_devs = NULL;
2196     sphb->msi_devs_num = 0;
2197 
2198     return 0;
2199 }
2200 
2201 static bool pre_2_8_migration(void *opaque, int version_id)
2202 {
2203     SpaprPhbState *sphb = opaque;
2204 
2205     return sphb->pre_2_8_migration;
2206 }
2207 
2208 static const VMStateDescription vmstate_spapr_pci = {
2209     .name = "spapr_pci",
2210     .version_id = 2,
2211     .minimum_version_id = 2,
2212     .pre_save = spapr_pci_pre_save,
2213     .post_load = spapr_pci_post_load,
2214     .fields = (VMStateField[]) {
2215         VMSTATE_UINT64_EQUAL(buid, SpaprPhbState, NULL),
2216         VMSTATE_UINT32_TEST(mig_liobn, SpaprPhbState, pre_2_8_migration),
2217         VMSTATE_UINT64_TEST(mig_mem_win_addr, SpaprPhbState, pre_2_8_migration),
2218         VMSTATE_UINT64_TEST(mig_mem_win_size, SpaprPhbState, pre_2_8_migration),
2219         VMSTATE_UINT64_TEST(mig_io_win_addr, SpaprPhbState, pre_2_8_migration),
2220         VMSTATE_UINT64_TEST(mig_io_win_size, SpaprPhbState, pre_2_8_migration),
2221         VMSTATE_STRUCT_ARRAY(lsi_table, SpaprPhbState, PCI_NUM_PINS, 0,
2222                              vmstate_spapr_pci_lsi, SpaprPciLsi),
2223         VMSTATE_INT32(msi_devs_num, SpaprPhbState),
2224         VMSTATE_STRUCT_VARRAY_ALLOC(msi_devs, SpaprPhbState, msi_devs_num, 0,
2225                                     vmstate_spapr_pci_msi, SpaprPciMsiMig),
2226         VMSTATE_END_OF_LIST()
2227     },
2228 };
2229 
2230 static const char *spapr_phb_root_bus_path(PCIHostState *host_bridge,
2231                                            PCIBus *rootbus)
2232 {
2233     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(host_bridge);
2234 
2235     return sphb->dtbusname;
2236 }
2237 
2238 static void spapr_phb_class_init(ObjectClass *klass, void *data)
2239 {
2240     PCIHostBridgeClass *hc = PCI_HOST_BRIDGE_CLASS(klass);
2241     DeviceClass *dc = DEVICE_CLASS(klass);
2242     HotplugHandlerClass *hp = HOTPLUG_HANDLER_CLASS(klass);
2243 
2244     hc->root_bus_path = spapr_phb_root_bus_path;
2245     dc->realize = spapr_phb_realize;
2246     dc->unrealize = spapr_phb_unrealize;
2247     dc->props = spapr_phb_properties;
2248     dc->reset = spapr_phb_reset;
2249     dc->vmsd = &vmstate_spapr_pci;
2250     /* Supported by TYPE_SPAPR_MACHINE */
2251     dc->user_creatable = true;
2252     set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
2253     hp->plug = spapr_pci_plug;
2254     hp->unplug = spapr_pci_unplug;
2255     hp->unplug_request = spapr_pci_unplug_request;
2256 }
2257 
2258 static const TypeInfo spapr_phb_info = {
2259     .name          = TYPE_SPAPR_PCI_HOST_BRIDGE,
2260     .parent        = TYPE_PCI_HOST_BRIDGE,
2261     .instance_size = sizeof(SpaprPhbState),
2262     .instance_finalize = spapr_phb_finalizefn,
2263     .class_init    = spapr_phb_class_init,
2264     .interfaces    = (InterfaceInfo[]) {
2265         { TYPE_HOTPLUG_HANDLER },
2266         { }
2267     }
2268 };
2269 
2270 static void spapr_phb_pci_enumerate_bridge(PCIBus *bus, PCIDevice *pdev,
2271                                            void *opaque)
2272 {
2273     unsigned int *bus_no = opaque;
2274     PCIBus *sec_bus = NULL;
2275 
2276     if ((pci_default_read_config(pdev, PCI_HEADER_TYPE, 1) !=
2277          PCI_HEADER_TYPE_BRIDGE)) {
2278         return;
2279     }
2280 
2281     (*bus_no)++;
2282     pci_default_write_config(pdev, PCI_PRIMARY_BUS, pci_dev_bus_num(pdev), 1);
2283     pci_default_write_config(pdev, PCI_SECONDARY_BUS, *bus_no, 1);
2284     pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, *bus_no, 1);
2285 
2286     sec_bus = pci_bridge_get_sec_bus(PCI_BRIDGE(pdev));
2287     if (!sec_bus) {
2288         return;
2289     }
2290 
2291     pci_for_each_device(sec_bus, pci_bus_num(sec_bus),
2292                         spapr_phb_pci_enumerate_bridge, bus_no);
2293     pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, *bus_no, 1);
2294 }
2295 
2296 static void spapr_phb_pci_enumerate(SpaprPhbState *phb)
2297 {
2298     PCIBus *bus = PCI_HOST_BRIDGE(phb)->bus;
2299     unsigned int bus_no = 0;
2300 
2301     pci_for_each_device(bus, pci_bus_num(bus),
2302                         spapr_phb_pci_enumerate_bridge,
2303                         &bus_no);
2304 
2305 }
2306 
2307 int spapr_dt_phb(SpaprPhbState *phb, uint32_t intc_phandle, void *fdt,
2308                  uint32_t nr_msis, int *node_offset)
2309 {
2310     int bus_off, i, j, ret;
2311     uint32_t bus_range[] = { cpu_to_be32(0), cpu_to_be32(0xff) };
2312     struct {
2313         uint32_t hi;
2314         uint64_t child;
2315         uint64_t parent;
2316         uint64_t size;
2317     } QEMU_PACKED ranges[] = {
2318         {
2319             cpu_to_be32(b_ss(1)), cpu_to_be64(0),
2320             cpu_to_be64(phb->io_win_addr),
2321             cpu_to_be64(memory_region_size(&phb->iospace)),
2322         },
2323         {
2324             cpu_to_be32(b_ss(2)), cpu_to_be64(SPAPR_PCI_MEM_WIN_BUS_OFFSET),
2325             cpu_to_be64(phb->mem_win_addr),
2326             cpu_to_be64(phb->mem_win_size),
2327         },
2328         {
2329             cpu_to_be32(b_ss(3)), cpu_to_be64(phb->mem64_win_pciaddr),
2330             cpu_to_be64(phb->mem64_win_addr),
2331             cpu_to_be64(phb->mem64_win_size),
2332         },
2333     };
2334     const unsigned sizeof_ranges =
2335         (phb->mem64_win_size ? 3 : 2) * sizeof(ranges[0]);
2336     uint64_t bus_reg[] = { cpu_to_be64(phb->buid), 0 };
2337     uint32_t interrupt_map_mask[] = {
2338         cpu_to_be32(b_ddddd(-1)|b_fff(0)), 0x0, 0x0, cpu_to_be32(-1)};
2339     uint32_t interrupt_map[PCI_SLOT_MAX * PCI_NUM_PINS][7];
2340     uint32_t ddw_applicable[] = {
2341         cpu_to_be32(RTAS_IBM_QUERY_PE_DMA_WINDOW),
2342         cpu_to_be32(RTAS_IBM_CREATE_PE_DMA_WINDOW),
2343         cpu_to_be32(RTAS_IBM_REMOVE_PE_DMA_WINDOW)
2344     };
2345     uint32_t ddw_extensions[] = {
2346         cpu_to_be32(1),
2347         cpu_to_be32(RTAS_IBM_RESET_PE_DMA_WINDOW)
2348     };
2349     uint32_t associativity[] = {cpu_to_be32(0x4),
2350                                 cpu_to_be32(0x0),
2351                                 cpu_to_be32(0x0),
2352                                 cpu_to_be32(0x0),
2353                                 cpu_to_be32(phb->numa_node)};
2354     SpaprTceTable *tcet;
2355     SpaprDrc *drc;
2356     Error *errp = NULL;
2357 
2358     /* Start populating the FDT */
2359     _FDT(bus_off = fdt_add_subnode(fdt, 0, phb->dtbusname));
2360     if (node_offset) {
2361         *node_offset = bus_off;
2362     }
2363 
2364     /* Write PHB properties */
2365     _FDT(fdt_setprop_string(fdt, bus_off, "device_type", "pci"));
2366     _FDT(fdt_setprop_string(fdt, bus_off, "compatible", "IBM,Logical_PHB"));
2367     _FDT(fdt_setprop_cell(fdt, bus_off, "#interrupt-cells", 0x1));
2368     _FDT(fdt_setprop(fdt, bus_off, "used-by-rtas", NULL, 0));
2369     _FDT(fdt_setprop(fdt, bus_off, "bus-range", &bus_range, sizeof(bus_range)));
2370     _FDT(fdt_setprop(fdt, bus_off, "ranges", &ranges, sizeof_ranges));
2371     _FDT(fdt_setprop(fdt, bus_off, "reg", &bus_reg, sizeof(bus_reg)));
2372     _FDT(fdt_setprop_cell(fdt, bus_off, "ibm,pci-config-space-type", 0x1));
2373     _FDT(fdt_setprop_cell(fdt, bus_off, "ibm,pe-total-#msi", nr_msis));
2374 
2375     /* Dynamic DMA window */
2376     if (phb->ddw_enabled) {
2377         _FDT(fdt_setprop(fdt, bus_off, "ibm,ddw-applicable", &ddw_applicable,
2378                          sizeof(ddw_applicable)));
2379         _FDT(fdt_setprop(fdt, bus_off, "ibm,ddw-extensions",
2380                          &ddw_extensions, sizeof(ddw_extensions)));
2381     }
2382 
2383     /* Advertise NUMA via ibm,associativity */
2384     if (phb->numa_node != -1) {
2385         _FDT(fdt_setprop(fdt, bus_off, "ibm,associativity", associativity,
2386                          sizeof(associativity)));
2387     }
2388 
2389     /* Build the interrupt-map, this must matches what is done
2390      * in pci_swizzle_map_irq_fn
2391      */
2392     _FDT(fdt_setprop(fdt, bus_off, "interrupt-map-mask",
2393                      &interrupt_map_mask, sizeof(interrupt_map_mask)));
2394     for (i = 0; i < PCI_SLOT_MAX; i++) {
2395         for (j = 0; j < PCI_NUM_PINS; j++) {
2396             uint32_t *irqmap = interrupt_map[i*PCI_NUM_PINS + j];
2397             int lsi_num = pci_swizzle(i, j);
2398 
2399             irqmap[0] = cpu_to_be32(b_ddddd(i)|b_fff(0));
2400             irqmap[1] = 0;
2401             irqmap[2] = 0;
2402             irqmap[3] = cpu_to_be32(j+1);
2403             irqmap[4] = cpu_to_be32(intc_phandle);
2404             spapr_dt_irq(&irqmap[5], phb->lsi_table[lsi_num].irq, true);
2405         }
2406     }
2407     /* Write interrupt map */
2408     _FDT(fdt_setprop(fdt, bus_off, "interrupt-map", &interrupt_map,
2409                      sizeof(interrupt_map)));
2410 
2411     tcet = spapr_tce_find_by_liobn(phb->dma_liobn[0]);
2412     if (!tcet) {
2413         return -1;
2414     }
2415     spapr_dma_dt(fdt, bus_off, "ibm,dma-window",
2416                  tcet->liobn, tcet->bus_offset,
2417                  tcet->nb_table << tcet->page_shift);
2418 
2419     drc = spapr_drc_by_id(TYPE_SPAPR_DRC_PHB, phb->index);
2420     if (drc) {
2421         uint32_t drc_index = cpu_to_be32(spapr_drc_index(drc));
2422 
2423         _FDT(fdt_setprop(fdt, bus_off, "ibm,my-drc-index", &drc_index,
2424                          sizeof(drc_index)));
2425     }
2426 
2427     /* Walk the bridges and program the bus numbers*/
2428     spapr_phb_pci_enumerate(phb);
2429     _FDT(fdt_setprop_cell(fdt, bus_off, "qemu,phb-enumerated", 0x1));
2430 
2431     /* Walk the bridge and subordinate buses */
2432     ret = spapr_dt_pci_bus(phb, PCI_HOST_BRIDGE(phb)->bus, fdt, bus_off);
2433     if (ret < 0) {
2434         return ret;
2435     }
2436 
2437     spapr_phb_nvgpu_populate_dt(phb, fdt, bus_off, &errp);
2438     if (errp) {
2439         error_report_err(errp);
2440     }
2441     spapr_phb_nvgpu_ram_populate_dt(phb, fdt);
2442 
2443     return 0;
2444 }
2445 
2446 void spapr_pci_rtas_init(void)
2447 {
2448     spapr_rtas_register(RTAS_READ_PCI_CONFIG, "read-pci-config",
2449                         rtas_read_pci_config);
2450     spapr_rtas_register(RTAS_WRITE_PCI_CONFIG, "write-pci-config",
2451                         rtas_write_pci_config);
2452     spapr_rtas_register(RTAS_IBM_READ_PCI_CONFIG, "ibm,read-pci-config",
2453                         rtas_ibm_read_pci_config);
2454     spapr_rtas_register(RTAS_IBM_WRITE_PCI_CONFIG, "ibm,write-pci-config",
2455                         rtas_ibm_write_pci_config);
2456     if (msi_nonbroken) {
2457         spapr_rtas_register(RTAS_IBM_QUERY_INTERRUPT_SOURCE_NUMBER,
2458                             "ibm,query-interrupt-source-number",
2459                             rtas_ibm_query_interrupt_source_number);
2460         spapr_rtas_register(RTAS_IBM_CHANGE_MSI, "ibm,change-msi",
2461                             rtas_ibm_change_msi);
2462     }
2463 
2464     spapr_rtas_register(RTAS_IBM_SET_EEH_OPTION,
2465                         "ibm,set-eeh-option",
2466                         rtas_ibm_set_eeh_option);
2467     spapr_rtas_register(RTAS_IBM_GET_CONFIG_ADDR_INFO2,
2468                         "ibm,get-config-addr-info2",
2469                         rtas_ibm_get_config_addr_info2);
2470     spapr_rtas_register(RTAS_IBM_READ_SLOT_RESET_STATE2,
2471                         "ibm,read-slot-reset-state2",
2472                         rtas_ibm_read_slot_reset_state2);
2473     spapr_rtas_register(RTAS_IBM_SET_SLOT_RESET,
2474                         "ibm,set-slot-reset",
2475                         rtas_ibm_set_slot_reset);
2476     spapr_rtas_register(RTAS_IBM_CONFIGURE_PE,
2477                         "ibm,configure-pe",
2478                         rtas_ibm_configure_pe);
2479     spapr_rtas_register(RTAS_IBM_SLOT_ERROR_DETAIL,
2480                         "ibm,slot-error-detail",
2481                         rtas_ibm_slot_error_detail);
2482 }
2483 
2484 static void spapr_pci_register_types(void)
2485 {
2486     type_register_static(&spapr_phb_info);
2487 }
2488 
2489 type_init(spapr_pci_register_types)
2490 
2491 static int spapr_switch_one_vga(DeviceState *dev, void *opaque)
2492 {
2493     bool be = *(bool *)opaque;
2494 
2495     if (object_dynamic_cast(OBJECT(dev), "VGA")
2496         || object_dynamic_cast(OBJECT(dev), "secondary-vga")) {
2497         object_property_set_bool(OBJECT(dev), be, "big-endian-framebuffer",
2498                                  &error_abort);
2499     }
2500     return 0;
2501 }
2502 
2503 void spapr_pci_switch_vga(bool big_endian)
2504 {
2505     SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
2506     SpaprPhbState *sphb;
2507 
2508     /*
2509      * For backward compatibility with existing guests, we switch
2510      * the endianness of the VGA controller when changing the guest
2511      * interrupt mode
2512      */
2513     QLIST_FOREACH(sphb, &spapr->phbs, list) {
2514         BusState *bus = &PCI_HOST_BRIDGE(sphb)->bus->qbus;
2515         qbus_walk_children(bus, spapr_switch_one_vga, NULL, NULL, NULL,
2516                            &big_endian);
2517     }
2518 }
2519