xref: /openbmc/qemu/hw/ppc/spapr_pci.c (revision c63ca4ff)
1 /*
2  * QEMU sPAPR PCI host originated from Uninorth PCI host
3  *
4  * Copyright (c) 2011 Alexey Kardashevskiy, IBM Corporation.
5  * Copyright (C) 2011 David Gibson, IBM Corporation.
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23  * THE SOFTWARE.
24  */
25 
26 #include "qemu/osdep.h"
27 #include "qapi/error.h"
28 #include "cpu.h"
29 #include "hw/irq.h"
30 #include "hw/sysbus.h"
31 #include "migration/vmstate.h"
32 #include "hw/pci/pci.h"
33 #include "hw/pci/msi.h"
34 #include "hw/pci/msix.h"
35 #include "hw/pci/pci_host.h"
36 #include "hw/ppc/spapr.h"
37 #include "hw/pci-host/spapr.h"
38 #include "exec/address-spaces.h"
39 #include "exec/ram_addr.h"
40 #include <libfdt.h>
41 #include "trace.h"
42 #include "qemu/error-report.h"
43 #include "qemu/module.h"
44 #include "qapi/qmp/qerror.h"
45 #include "hw/ppc/fdt.h"
46 #include "hw/pci/pci_bridge.h"
47 #include "hw/pci/pci_bus.h"
48 #include "hw/pci/pci_ids.h"
49 #include "hw/ppc/spapr_drc.h"
50 #include "hw/qdev-properties.h"
51 #include "sysemu/device_tree.h"
52 #include "sysemu/kvm.h"
53 #include "sysemu/hostmem.h"
54 #include "sysemu/numa.h"
55 #include "hw/ppc/spapr_numa.h"
56 
57 /* Copied from the kernel arch/powerpc/platforms/pseries/msi.c */
58 #define RTAS_QUERY_FN           0
59 #define RTAS_CHANGE_FN          1
60 #define RTAS_RESET_FN           2
61 #define RTAS_CHANGE_MSI_FN      3
62 #define RTAS_CHANGE_MSIX_FN     4
63 
64 /* Interrupt types to return on RTAS_CHANGE_* */
65 #define RTAS_TYPE_MSI           1
66 #define RTAS_TYPE_MSIX          2
67 
68 SpaprPhbState *spapr_pci_find_phb(SpaprMachineState *spapr, uint64_t buid)
69 {
70     SpaprPhbState *sphb;
71 
72     QLIST_FOREACH(sphb, &spapr->phbs, list) {
73         if (sphb->buid != buid) {
74             continue;
75         }
76         return sphb;
77     }
78 
79     return NULL;
80 }
81 
82 PCIDevice *spapr_pci_find_dev(SpaprMachineState *spapr, uint64_t buid,
83                               uint32_t config_addr)
84 {
85     SpaprPhbState *sphb = spapr_pci_find_phb(spapr, buid);
86     PCIHostState *phb = PCI_HOST_BRIDGE(sphb);
87     int bus_num = (config_addr >> 16) & 0xFF;
88     int devfn = (config_addr >> 8) & 0xFF;
89 
90     if (!phb) {
91         return NULL;
92     }
93 
94     return pci_find_device(phb->bus, bus_num, devfn);
95 }
96 
97 static uint32_t rtas_pci_cfgaddr(uint32_t arg)
98 {
99     /* This handles the encoding of extended config space addresses */
100     return ((arg >> 20) & 0xf00) | (arg & 0xff);
101 }
102 
103 static void finish_read_pci_config(SpaprMachineState *spapr, uint64_t buid,
104                                    uint32_t addr, uint32_t size,
105                                    target_ulong rets)
106 {
107     PCIDevice *pci_dev;
108     uint32_t val;
109 
110     if ((size != 1) && (size != 2) && (size != 4)) {
111         /* access must be 1, 2 or 4 bytes */
112         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
113         return;
114     }
115 
116     pci_dev = spapr_pci_find_dev(spapr, buid, addr);
117     addr = rtas_pci_cfgaddr(addr);
118 
119     if (!pci_dev || (addr % size) || (addr >= pci_config_size(pci_dev))) {
120         /* Access must be to a valid device, within bounds and
121          * naturally aligned */
122         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
123         return;
124     }
125 
126     val = pci_host_config_read_common(pci_dev, addr,
127                                       pci_config_size(pci_dev), size);
128 
129     rtas_st(rets, 0, RTAS_OUT_SUCCESS);
130     rtas_st(rets, 1, val);
131 }
132 
133 static void rtas_ibm_read_pci_config(PowerPCCPU *cpu, SpaprMachineState *spapr,
134                                      uint32_t token, uint32_t nargs,
135                                      target_ulong args,
136                                      uint32_t nret, target_ulong rets)
137 {
138     uint64_t buid;
139     uint32_t size, addr;
140 
141     if ((nargs != 4) || (nret != 2)) {
142         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
143         return;
144     }
145 
146     buid = rtas_ldq(args, 1);
147     size = rtas_ld(args, 3);
148     addr = rtas_ld(args, 0);
149 
150     finish_read_pci_config(spapr, buid, addr, size, rets);
151 }
152 
153 static void rtas_read_pci_config(PowerPCCPU *cpu, SpaprMachineState *spapr,
154                                  uint32_t token, uint32_t nargs,
155                                  target_ulong args,
156                                  uint32_t nret, target_ulong rets)
157 {
158     uint32_t size, addr;
159 
160     if ((nargs != 2) || (nret != 2)) {
161         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
162         return;
163     }
164 
165     size = rtas_ld(args, 1);
166     addr = rtas_ld(args, 0);
167 
168     finish_read_pci_config(spapr, 0, addr, size, rets);
169 }
170 
171 static void finish_write_pci_config(SpaprMachineState *spapr, uint64_t buid,
172                                     uint32_t addr, uint32_t size,
173                                     uint32_t val, target_ulong rets)
174 {
175     PCIDevice *pci_dev;
176 
177     if ((size != 1) && (size != 2) && (size != 4)) {
178         /* access must be 1, 2 or 4 bytes */
179         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
180         return;
181     }
182 
183     pci_dev = spapr_pci_find_dev(spapr, buid, addr);
184     addr = rtas_pci_cfgaddr(addr);
185 
186     if (!pci_dev || (addr % size) || (addr >= pci_config_size(pci_dev))) {
187         /* Access must be to a valid device, within bounds and
188          * naturally aligned */
189         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
190         return;
191     }
192 
193     pci_host_config_write_common(pci_dev, addr, pci_config_size(pci_dev),
194                                  val, size);
195 
196     rtas_st(rets, 0, RTAS_OUT_SUCCESS);
197 }
198 
199 static void rtas_ibm_write_pci_config(PowerPCCPU *cpu, SpaprMachineState *spapr,
200                                       uint32_t token, uint32_t nargs,
201                                       target_ulong args,
202                                       uint32_t nret, target_ulong rets)
203 {
204     uint64_t buid;
205     uint32_t val, size, addr;
206 
207     if ((nargs != 5) || (nret != 1)) {
208         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
209         return;
210     }
211 
212     buid = rtas_ldq(args, 1);
213     val = rtas_ld(args, 4);
214     size = rtas_ld(args, 3);
215     addr = rtas_ld(args, 0);
216 
217     finish_write_pci_config(spapr, buid, addr, size, val, rets);
218 }
219 
220 static void rtas_write_pci_config(PowerPCCPU *cpu, SpaprMachineState *spapr,
221                                   uint32_t token, uint32_t nargs,
222                                   target_ulong args,
223                                   uint32_t nret, target_ulong rets)
224 {
225     uint32_t val, size, addr;
226 
227     if ((nargs != 3) || (nret != 1)) {
228         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
229         return;
230     }
231 
232 
233     val = rtas_ld(args, 2);
234     size = rtas_ld(args, 1);
235     addr = rtas_ld(args, 0);
236 
237     finish_write_pci_config(spapr, 0, addr, size, val, rets);
238 }
239 
240 /*
241  * Set MSI/MSIX message data.
242  * This is required for msi_notify()/msix_notify() which
243  * will write at the addresses via spapr_msi_write().
244  *
245  * If hwaddr == 0, all entries will have .data == first_irq i.e.
246  * table will be reset.
247  */
248 static void spapr_msi_setmsg(PCIDevice *pdev, hwaddr addr, bool msix,
249                              unsigned first_irq, unsigned req_num)
250 {
251     unsigned i;
252     MSIMessage msg = { .address = addr, .data = first_irq };
253 
254     if (!msix) {
255         msi_set_message(pdev, msg);
256         trace_spapr_pci_msi_setup(pdev->name, 0, msg.address);
257         return;
258     }
259 
260     for (i = 0; i < req_num; ++i) {
261         msix_set_message(pdev, i, msg);
262         trace_spapr_pci_msi_setup(pdev->name, i, msg.address);
263         if (addr) {
264             ++msg.data;
265         }
266     }
267 }
268 
269 static void rtas_ibm_change_msi(PowerPCCPU *cpu, SpaprMachineState *spapr,
270                                 uint32_t token, uint32_t nargs,
271                                 target_ulong args, uint32_t nret,
272                                 target_ulong rets)
273 {
274     SpaprMachineClass *smc = SPAPR_MACHINE_GET_CLASS(spapr);
275     uint32_t config_addr = rtas_ld(args, 0);
276     uint64_t buid = rtas_ldq(args, 1);
277     unsigned int func = rtas_ld(args, 3);
278     unsigned int req_num = rtas_ld(args, 4); /* 0 == remove all */
279     unsigned int seq_num = rtas_ld(args, 5);
280     unsigned int ret_intr_type;
281     unsigned int irq, max_irqs = 0;
282     SpaprPhbState *phb = NULL;
283     PCIDevice *pdev = NULL;
284     SpaprPciMsi *msi;
285     int *config_addr_key;
286     Error *err = NULL;
287     int i;
288 
289     /* Fins SpaprPhbState */
290     phb = spapr_pci_find_phb(spapr, buid);
291     if (phb) {
292         pdev = spapr_pci_find_dev(spapr, buid, config_addr);
293     }
294     if (!phb || !pdev) {
295         rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
296         return;
297     }
298 
299     switch (func) {
300     case RTAS_CHANGE_FN:
301         if (msi_present(pdev)) {
302             ret_intr_type = RTAS_TYPE_MSI;
303         } else if (msix_present(pdev)) {
304             ret_intr_type = RTAS_TYPE_MSIX;
305         } else {
306             rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
307             return;
308         }
309         break;
310     case RTAS_CHANGE_MSI_FN:
311         if (msi_present(pdev)) {
312             ret_intr_type = RTAS_TYPE_MSI;
313         } else {
314             rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
315             return;
316         }
317         break;
318     case RTAS_CHANGE_MSIX_FN:
319         if (msix_present(pdev)) {
320             ret_intr_type = RTAS_TYPE_MSIX;
321         } else {
322             rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
323             return;
324         }
325         break;
326     default:
327         error_report("rtas_ibm_change_msi(%u) is not implemented", func);
328         rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
329         return;
330     }
331 
332     msi = (SpaprPciMsi *) g_hash_table_lookup(phb->msi, &config_addr);
333 
334     /* Releasing MSIs */
335     if (!req_num) {
336         if (!msi) {
337             trace_spapr_pci_msi("Releasing wrong config", config_addr);
338             rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
339             return;
340         }
341 
342         if (msi_present(pdev)) {
343             spapr_msi_setmsg(pdev, 0, false, 0, 0);
344         }
345         if (msix_present(pdev)) {
346             spapr_msi_setmsg(pdev, 0, true, 0, 0);
347         }
348         g_hash_table_remove(phb->msi, &config_addr);
349 
350         trace_spapr_pci_msi("Released MSIs", config_addr);
351         rtas_st(rets, 0, RTAS_OUT_SUCCESS);
352         rtas_st(rets, 1, 0);
353         return;
354     }
355 
356     /* Enabling MSI */
357 
358     /* Check if the device supports as many IRQs as requested */
359     if (ret_intr_type == RTAS_TYPE_MSI) {
360         max_irqs = msi_nr_vectors_allocated(pdev);
361     } else if (ret_intr_type == RTAS_TYPE_MSIX) {
362         max_irqs = pdev->msix_entries_nr;
363     }
364     if (!max_irqs) {
365         error_report("Requested interrupt type %d is not enabled for device %x",
366                      ret_intr_type, config_addr);
367         rtas_st(rets, 0, -1); /* Hardware error */
368         return;
369     }
370     /* Correct the number if the guest asked for too many */
371     if (req_num > max_irqs) {
372         trace_spapr_pci_msi_retry(config_addr, req_num, max_irqs);
373         req_num = max_irqs;
374         irq = 0; /* to avoid misleading trace */
375         goto out;
376     }
377 
378     /* Allocate MSIs */
379     if (smc->legacy_irq_allocation) {
380         irq = spapr_irq_find(spapr, req_num, ret_intr_type == RTAS_TYPE_MSI,
381                              &err);
382     } else {
383         irq = spapr_irq_msi_alloc(spapr, req_num,
384                                   ret_intr_type == RTAS_TYPE_MSI, &err);
385     }
386     if (err) {
387         error_reportf_err(err, "Can't allocate MSIs for device %x: ",
388                           config_addr);
389         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
390         return;
391     }
392 
393     for (i = 0; i < req_num; i++) {
394         spapr_irq_claim(spapr, irq + i, false, &err);
395         if (err) {
396             if (i) {
397                 spapr_irq_free(spapr, irq, i);
398             }
399             if (!smc->legacy_irq_allocation) {
400                 spapr_irq_msi_free(spapr, irq, req_num);
401             }
402             error_reportf_err(err, "Can't allocate MSIs for device %x: ",
403                               config_addr);
404             rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
405             return;
406         }
407     }
408 
409     /* Release previous MSIs */
410     if (msi) {
411         g_hash_table_remove(phb->msi, &config_addr);
412     }
413 
414     /* Setup MSI/MSIX vectors in the device (via cfgspace or MSIX BAR) */
415     spapr_msi_setmsg(pdev, SPAPR_PCI_MSI_WINDOW, ret_intr_type == RTAS_TYPE_MSIX,
416                      irq, req_num);
417 
418     /* Add MSI device to cache */
419     msi = g_new(SpaprPciMsi, 1);
420     msi->first_irq = irq;
421     msi->num = req_num;
422     config_addr_key = g_new(int, 1);
423     *config_addr_key = config_addr;
424     g_hash_table_insert(phb->msi, config_addr_key, msi);
425 
426 out:
427     rtas_st(rets, 0, RTAS_OUT_SUCCESS);
428     rtas_st(rets, 1, req_num);
429     rtas_st(rets, 2, ++seq_num);
430     if (nret > 3) {
431         rtas_st(rets, 3, ret_intr_type);
432     }
433 
434     trace_spapr_pci_rtas_ibm_change_msi(config_addr, func, req_num, irq);
435 }
436 
437 static void rtas_ibm_query_interrupt_source_number(PowerPCCPU *cpu,
438                                                    SpaprMachineState *spapr,
439                                                    uint32_t token,
440                                                    uint32_t nargs,
441                                                    target_ulong args,
442                                                    uint32_t nret,
443                                                    target_ulong rets)
444 {
445     uint32_t config_addr = rtas_ld(args, 0);
446     uint64_t buid = rtas_ldq(args, 1);
447     unsigned int intr_src_num = -1, ioa_intr_num = rtas_ld(args, 3);
448     SpaprPhbState *phb = NULL;
449     PCIDevice *pdev = NULL;
450     SpaprPciMsi *msi;
451 
452     /* Find SpaprPhbState */
453     phb = spapr_pci_find_phb(spapr, buid);
454     if (phb) {
455         pdev = spapr_pci_find_dev(spapr, buid, config_addr);
456     }
457     if (!phb || !pdev) {
458         rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
459         return;
460     }
461 
462     /* Find device descriptor and start IRQ */
463     msi = (SpaprPciMsi *) g_hash_table_lookup(phb->msi, &config_addr);
464     if (!msi || !msi->first_irq || !msi->num || (ioa_intr_num >= msi->num)) {
465         trace_spapr_pci_msi("Failed to return vector", config_addr);
466         rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
467         return;
468     }
469     intr_src_num = msi->first_irq + ioa_intr_num;
470     trace_spapr_pci_rtas_ibm_query_interrupt_source_number(ioa_intr_num,
471                                                            intr_src_num);
472 
473     rtas_st(rets, 0, RTAS_OUT_SUCCESS);
474     rtas_st(rets, 1, intr_src_num);
475     rtas_st(rets, 2, 1);/* 0 == level; 1 == edge */
476 }
477 
478 static void rtas_ibm_set_eeh_option(PowerPCCPU *cpu,
479                                     SpaprMachineState *spapr,
480                                     uint32_t token, uint32_t nargs,
481                                     target_ulong args, uint32_t nret,
482                                     target_ulong rets)
483 {
484     SpaprPhbState *sphb;
485     uint32_t addr, option;
486     uint64_t buid;
487     int ret;
488 
489     if ((nargs != 4) || (nret != 1)) {
490         goto param_error_exit;
491     }
492 
493     buid = rtas_ldq(args, 1);
494     addr = rtas_ld(args, 0);
495     option = rtas_ld(args, 3);
496 
497     sphb = spapr_pci_find_phb(spapr, buid);
498     if (!sphb) {
499         goto param_error_exit;
500     }
501 
502     if (!spapr_phb_eeh_available(sphb)) {
503         goto param_error_exit;
504     }
505 
506     ret = spapr_phb_vfio_eeh_set_option(sphb, addr, option);
507     rtas_st(rets, 0, ret);
508     return;
509 
510 param_error_exit:
511     rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
512 }
513 
514 static void rtas_ibm_get_config_addr_info2(PowerPCCPU *cpu,
515                                            SpaprMachineState *spapr,
516                                            uint32_t token, uint32_t nargs,
517                                            target_ulong args, uint32_t nret,
518                                            target_ulong rets)
519 {
520     SpaprPhbState *sphb;
521     PCIDevice *pdev;
522     uint32_t addr, option;
523     uint64_t buid;
524 
525     if ((nargs != 4) || (nret != 2)) {
526         goto param_error_exit;
527     }
528 
529     buid = rtas_ldq(args, 1);
530     sphb = spapr_pci_find_phb(spapr, buid);
531     if (!sphb) {
532         goto param_error_exit;
533     }
534 
535     if (!spapr_phb_eeh_available(sphb)) {
536         goto param_error_exit;
537     }
538 
539     /*
540      * We always have PE address of form "00BB0001". "BB"
541      * represents the bus number of PE's primary bus.
542      */
543     option = rtas_ld(args, 3);
544     switch (option) {
545     case RTAS_GET_PE_ADDR:
546         addr = rtas_ld(args, 0);
547         pdev = spapr_pci_find_dev(spapr, buid, addr);
548         if (!pdev) {
549             goto param_error_exit;
550         }
551 
552         rtas_st(rets, 1, (pci_bus_num(pci_get_bus(pdev)) << 16) + 1);
553         break;
554     case RTAS_GET_PE_MODE:
555         rtas_st(rets, 1, RTAS_PE_MODE_SHARED);
556         break;
557     default:
558         goto param_error_exit;
559     }
560 
561     rtas_st(rets, 0, RTAS_OUT_SUCCESS);
562     return;
563 
564 param_error_exit:
565     rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
566 }
567 
568 static void rtas_ibm_read_slot_reset_state2(PowerPCCPU *cpu,
569                                             SpaprMachineState *spapr,
570                                             uint32_t token, uint32_t nargs,
571                                             target_ulong args, uint32_t nret,
572                                             target_ulong rets)
573 {
574     SpaprPhbState *sphb;
575     uint64_t buid;
576     int state, ret;
577 
578     if ((nargs != 3) || (nret != 4 && nret != 5)) {
579         goto param_error_exit;
580     }
581 
582     buid = rtas_ldq(args, 1);
583     sphb = spapr_pci_find_phb(spapr, buid);
584     if (!sphb) {
585         goto param_error_exit;
586     }
587 
588     if (!spapr_phb_eeh_available(sphb)) {
589         goto param_error_exit;
590     }
591 
592     ret = spapr_phb_vfio_eeh_get_state(sphb, &state);
593     rtas_st(rets, 0, ret);
594     if (ret != RTAS_OUT_SUCCESS) {
595         return;
596     }
597 
598     rtas_st(rets, 1, state);
599     rtas_st(rets, 2, RTAS_EEH_SUPPORT);
600     rtas_st(rets, 3, RTAS_EEH_PE_UNAVAIL_INFO);
601     if (nret >= 5) {
602         rtas_st(rets, 4, RTAS_EEH_PE_RECOVER_INFO);
603     }
604     return;
605 
606 param_error_exit:
607     rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
608 }
609 
610 static void rtas_ibm_set_slot_reset(PowerPCCPU *cpu,
611                                     SpaprMachineState *spapr,
612                                     uint32_t token, uint32_t nargs,
613                                     target_ulong args, uint32_t nret,
614                                     target_ulong rets)
615 {
616     SpaprPhbState *sphb;
617     uint32_t option;
618     uint64_t buid;
619     int ret;
620 
621     if ((nargs != 4) || (nret != 1)) {
622         goto param_error_exit;
623     }
624 
625     buid = rtas_ldq(args, 1);
626     option = rtas_ld(args, 3);
627     sphb = spapr_pci_find_phb(spapr, buid);
628     if (!sphb) {
629         goto param_error_exit;
630     }
631 
632     if (!spapr_phb_eeh_available(sphb)) {
633         goto param_error_exit;
634     }
635 
636     ret = spapr_phb_vfio_eeh_reset(sphb, option);
637     rtas_st(rets, 0, ret);
638     return;
639 
640 param_error_exit:
641     rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
642 }
643 
644 static void rtas_ibm_configure_pe(PowerPCCPU *cpu,
645                                   SpaprMachineState *spapr,
646                                   uint32_t token, uint32_t nargs,
647                                   target_ulong args, uint32_t nret,
648                                   target_ulong rets)
649 {
650     SpaprPhbState *sphb;
651     uint64_t buid;
652     int ret;
653 
654     if ((nargs != 3) || (nret != 1)) {
655         goto param_error_exit;
656     }
657 
658     buid = rtas_ldq(args, 1);
659     sphb = spapr_pci_find_phb(spapr, buid);
660     if (!sphb) {
661         goto param_error_exit;
662     }
663 
664     if (!spapr_phb_eeh_available(sphb)) {
665         goto param_error_exit;
666     }
667 
668     ret = spapr_phb_vfio_eeh_configure(sphb);
669     rtas_st(rets, 0, ret);
670     return;
671 
672 param_error_exit:
673     rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
674 }
675 
676 /* To support it later */
677 static void rtas_ibm_slot_error_detail(PowerPCCPU *cpu,
678                                        SpaprMachineState *spapr,
679                                        uint32_t token, uint32_t nargs,
680                                        target_ulong args, uint32_t nret,
681                                        target_ulong rets)
682 {
683     SpaprPhbState *sphb;
684     int option;
685     uint64_t buid;
686 
687     if ((nargs != 8) || (nret != 1)) {
688         goto param_error_exit;
689     }
690 
691     buid = rtas_ldq(args, 1);
692     sphb = spapr_pci_find_phb(spapr, buid);
693     if (!sphb) {
694         goto param_error_exit;
695     }
696 
697     if (!spapr_phb_eeh_available(sphb)) {
698         goto param_error_exit;
699     }
700 
701     option = rtas_ld(args, 7);
702     switch (option) {
703     case RTAS_SLOT_TEMP_ERR_LOG:
704     case RTAS_SLOT_PERM_ERR_LOG:
705         break;
706     default:
707         goto param_error_exit;
708     }
709 
710     /* We don't have error log yet */
711     rtas_st(rets, 0, RTAS_OUT_NO_ERRORS_FOUND);
712     return;
713 
714 param_error_exit:
715     rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
716 }
717 
718 static void pci_spapr_set_irq(void *opaque, int irq_num, int level)
719 {
720     /*
721      * Here we use the number returned by pci_swizzle_map_irq_fn to find a
722      * corresponding qemu_irq.
723      */
724     SpaprPhbState *phb = opaque;
725     SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
726 
727     trace_spapr_pci_lsi_set(phb->dtbusname, irq_num, phb->lsi_table[irq_num].irq);
728     qemu_set_irq(spapr_qirq(spapr, phb->lsi_table[irq_num].irq), level);
729 }
730 
731 static PCIINTxRoute spapr_route_intx_pin_to_irq(void *opaque, int pin)
732 {
733     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(opaque);
734     PCIINTxRoute route;
735 
736     route.mode = PCI_INTX_ENABLED;
737     route.irq = sphb->lsi_table[pin].irq;
738 
739     return route;
740 }
741 
742 /*
743  * MSI/MSIX memory region implementation.
744  * The handler handles both MSI and MSIX.
745  * The vector number is encoded in least bits in data.
746  */
747 static void spapr_msi_write(void *opaque, hwaddr addr,
748                             uint64_t data, unsigned size)
749 {
750     SpaprMachineState *spapr = opaque;
751     uint32_t irq = data;
752 
753     trace_spapr_pci_msi_write(addr, data, irq);
754 
755     qemu_irq_pulse(spapr_qirq(spapr, irq));
756 }
757 
758 static const MemoryRegionOps spapr_msi_ops = {
759     /* There is no .read as the read result is undefined by PCI spec */
760     .read = NULL,
761     .write = spapr_msi_write,
762     .endianness = DEVICE_LITTLE_ENDIAN
763 };
764 
765 /*
766  * PHB PCI device
767  */
768 static AddressSpace *spapr_pci_dma_iommu(PCIBus *bus, void *opaque, int devfn)
769 {
770     SpaprPhbState *phb = opaque;
771 
772     return &phb->iommu_as;
773 }
774 
775 static char *spapr_phb_vfio_get_loc_code(SpaprPhbState *sphb,  PCIDevice *pdev)
776 {
777     char *path = NULL, *buf = NULL, *host = NULL;
778 
779     /* Get the PCI VFIO host id */
780     host = object_property_get_str(OBJECT(pdev), "host", NULL);
781     if (!host) {
782         goto err_out;
783     }
784 
785     /* Construct the path of the file that will give us the DT location */
786     path = g_strdup_printf("/sys/bus/pci/devices/%s/devspec", host);
787     g_free(host);
788     if (!g_file_get_contents(path, &buf, NULL, NULL)) {
789         goto err_out;
790     }
791     g_free(path);
792 
793     /* Construct and read from host device tree the loc-code */
794     path = g_strdup_printf("/proc/device-tree%s/ibm,loc-code", buf);
795     g_free(buf);
796     if (!g_file_get_contents(path, &buf, NULL, NULL)) {
797         goto err_out;
798     }
799     return buf;
800 
801 err_out:
802     g_free(path);
803     return NULL;
804 }
805 
806 static char *spapr_phb_get_loc_code(SpaprPhbState *sphb, PCIDevice *pdev)
807 {
808     char *buf;
809     const char *devtype = "qemu";
810     uint32_t busnr = pci_bus_num(PCI_BUS(qdev_get_parent_bus(DEVICE(pdev))));
811 
812     if (object_dynamic_cast(OBJECT(pdev), "vfio-pci")) {
813         buf = spapr_phb_vfio_get_loc_code(sphb, pdev);
814         if (buf) {
815             return buf;
816         }
817         devtype = "vfio";
818     }
819     /*
820      * For emulated devices and VFIO-failure case, make up
821      * the loc-code.
822      */
823     buf = g_strdup_printf("%s_%s:%04x:%02x:%02x.%x",
824                           devtype, pdev->name, sphb->index, busnr,
825                           PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn));
826     return buf;
827 }
828 
829 /* Macros to operate with address in OF binding to PCI */
830 #define b_x(x, p, l)    (((x) & ((1<<(l))-1)) << (p))
831 #define b_n(x)          b_x((x), 31, 1) /* 0 if relocatable */
832 #define b_p(x)          b_x((x), 30, 1) /* 1 if prefetchable */
833 #define b_t(x)          b_x((x), 29, 1) /* 1 if the address is aliased */
834 #define b_ss(x)         b_x((x), 24, 2) /* the space code */
835 #define b_bbbbbbbb(x)   b_x((x), 16, 8) /* bus number */
836 #define b_ddddd(x)      b_x((x), 11, 5) /* device number */
837 #define b_fff(x)        b_x((x), 8, 3)  /* function number */
838 #define b_rrrrrrrr(x)   b_x((x), 0, 8)  /* register number */
839 
840 /* for 'reg' OF properties */
841 #define RESOURCE_CELLS_SIZE 2
842 #define RESOURCE_CELLS_ADDRESS 3
843 
844 typedef struct ResourceFields {
845     uint32_t phys_hi;
846     uint32_t phys_mid;
847     uint32_t phys_lo;
848     uint32_t size_hi;
849     uint32_t size_lo;
850 } QEMU_PACKED ResourceFields;
851 
852 typedef struct ResourceProps {
853     ResourceFields reg[8];
854     uint32_t reg_len;
855 } ResourceProps;
856 
857 /* fill in the 'reg' OF properties for
858  * a PCI device. 'reg' describes resource requirements for a
859  * device's IO/MEM regions.
860  *
861  * the property is an array of ('phys-addr', 'size') pairs describing
862  * the addressable regions of the PCI device, where 'phys-addr' is a
863  * RESOURCE_CELLS_ADDRESS-tuple of 32-bit integers corresponding to
864  * (phys.hi, phys.mid, phys.lo), and 'size' is a
865  * RESOURCE_CELLS_SIZE-tuple corresponding to (size.hi, size.lo).
866  *
867  * phys.hi = 0xYYXXXXZZ, where:
868  *   0xYY = npt000ss
869  *          |||   |
870  *          |||   +-- space code
871  *          |||               |
872  *          |||               +  00 if configuration space
873  *          |||               +  01 if IO region,
874  *          |||               +  10 if 32-bit MEM region
875  *          |||               +  11 if 64-bit MEM region
876  *          |||
877  *          ||+------ for non-relocatable IO: 1 if aliased
878  *          ||        for relocatable IO: 1 if below 64KB
879  *          ||        for MEM: 1 if below 1MB
880  *          |+------- 1 if region is prefetchable
881  *          +-------- 1 if region is non-relocatable
882  *   0xXXXX = bbbbbbbb dddddfff, encoding bus, slot, and function
883  *            bits respectively
884  *   0xZZ = rrrrrrrr, the register number of the BAR corresponding
885  *          to the region
886  *
887  * phys.mid and phys.lo correspond respectively to the hi/lo portions
888  * of the actual address of the region.
889  *
890  * note also that addresses defined in this property are, at least
891  * for PAPR guests, relative to the PHBs IO/MEM windows, and
892  * correspond directly to the addresses in the BARs.
893  *
894  * in accordance with PCI Bus Binding to Open Firmware,
895  * IEEE Std 1275-1994, section 4.1.1, as implemented by PAPR+ v2.7,
896  * Appendix C.
897  */
898 static void populate_resource_props(PCIDevice *d, ResourceProps *rp)
899 {
900     int bus_num = pci_bus_num(PCI_BUS(qdev_get_parent_bus(DEVICE(d))));
901     uint32_t dev_id = (b_bbbbbbbb(bus_num) |
902                        b_ddddd(PCI_SLOT(d->devfn)) |
903                        b_fff(PCI_FUNC(d->devfn)));
904     ResourceFields *reg;
905     int i, reg_idx = 0;
906 
907     /* config space region */
908     reg = &rp->reg[reg_idx++];
909     reg->phys_hi = cpu_to_be32(dev_id);
910     reg->phys_mid = 0;
911     reg->phys_lo = 0;
912     reg->size_hi = 0;
913     reg->size_lo = 0;
914 
915     for (i = 0; i < PCI_NUM_REGIONS; i++) {
916         if (!d->io_regions[i].size) {
917             continue;
918         }
919 
920         reg = &rp->reg[reg_idx++];
921 
922         reg->phys_hi = cpu_to_be32(dev_id | b_rrrrrrrr(pci_bar(d, i)));
923         if (d->io_regions[i].type & PCI_BASE_ADDRESS_SPACE_IO) {
924             reg->phys_hi |= cpu_to_be32(b_ss(1));
925         } else if (d->io_regions[i].type & PCI_BASE_ADDRESS_MEM_TYPE_64) {
926             reg->phys_hi |= cpu_to_be32(b_ss(3));
927         } else {
928             reg->phys_hi |= cpu_to_be32(b_ss(2));
929         }
930         reg->phys_mid = 0;
931         reg->phys_lo = 0;
932         reg->size_hi = cpu_to_be32(d->io_regions[i].size >> 32);
933         reg->size_lo = cpu_to_be32(d->io_regions[i].size);
934     }
935 
936     rp->reg_len = reg_idx * sizeof(ResourceFields);
937 }
938 
939 typedef struct PCIClass PCIClass;
940 typedef struct PCISubClass PCISubClass;
941 typedef struct PCIIFace PCIIFace;
942 
943 struct PCIIFace {
944     int iface;
945     const char *name;
946 };
947 
948 struct PCISubClass {
949     int subclass;
950     const char *name;
951     const PCIIFace *iface;
952 };
953 
954 struct PCIClass {
955     const char *name;
956     const PCISubClass *subc;
957 };
958 
959 static const PCISubClass undef_subclass[] = {
960     { PCI_CLASS_NOT_DEFINED_VGA, "display", NULL },
961     { 0xFF, NULL, NULL },
962 };
963 
964 static const PCISubClass mass_subclass[] = {
965     { PCI_CLASS_STORAGE_SCSI, "scsi", NULL },
966     { PCI_CLASS_STORAGE_IDE, "ide", NULL },
967     { PCI_CLASS_STORAGE_FLOPPY, "fdc", NULL },
968     { PCI_CLASS_STORAGE_IPI, "ipi", NULL },
969     { PCI_CLASS_STORAGE_RAID, "raid", NULL },
970     { PCI_CLASS_STORAGE_ATA, "ata", NULL },
971     { PCI_CLASS_STORAGE_SATA, "sata", NULL },
972     { PCI_CLASS_STORAGE_SAS, "sas", NULL },
973     { 0xFF, NULL, NULL },
974 };
975 
976 static const PCISubClass net_subclass[] = {
977     { PCI_CLASS_NETWORK_ETHERNET, "ethernet", NULL },
978     { PCI_CLASS_NETWORK_TOKEN_RING, "token-ring", NULL },
979     { PCI_CLASS_NETWORK_FDDI, "fddi", NULL },
980     { PCI_CLASS_NETWORK_ATM, "atm", NULL },
981     { PCI_CLASS_NETWORK_ISDN, "isdn", NULL },
982     { PCI_CLASS_NETWORK_WORLDFIP, "worldfip", NULL },
983     { PCI_CLASS_NETWORK_PICMG214, "picmg", NULL },
984     { 0xFF, NULL, NULL },
985 };
986 
987 static const PCISubClass displ_subclass[] = {
988     { PCI_CLASS_DISPLAY_VGA, "vga", NULL },
989     { PCI_CLASS_DISPLAY_XGA, "xga", NULL },
990     { PCI_CLASS_DISPLAY_3D, "3d-controller", NULL },
991     { 0xFF, NULL, NULL },
992 };
993 
994 static const PCISubClass media_subclass[] = {
995     { PCI_CLASS_MULTIMEDIA_VIDEO, "video", NULL },
996     { PCI_CLASS_MULTIMEDIA_AUDIO, "sound", NULL },
997     { PCI_CLASS_MULTIMEDIA_PHONE, "telephony", NULL },
998     { 0xFF, NULL, NULL },
999 };
1000 
1001 static const PCISubClass mem_subclass[] = {
1002     { PCI_CLASS_MEMORY_RAM, "memory", NULL },
1003     { PCI_CLASS_MEMORY_FLASH, "flash", NULL },
1004     { 0xFF, NULL, NULL },
1005 };
1006 
1007 static const PCISubClass bridg_subclass[] = {
1008     { PCI_CLASS_BRIDGE_HOST, "host", NULL },
1009     { PCI_CLASS_BRIDGE_ISA, "isa", NULL },
1010     { PCI_CLASS_BRIDGE_EISA, "eisa", NULL },
1011     { PCI_CLASS_BRIDGE_MC, "mca", NULL },
1012     { PCI_CLASS_BRIDGE_PCI, "pci", NULL },
1013     { PCI_CLASS_BRIDGE_PCMCIA, "pcmcia", NULL },
1014     { PCI_CLASS_BRIDGE_NUBUS, "nubus", NULL },
1015     { PCI_CLASS_BRIDGE_CARDBUS, "cardbus", NULL },
1016     { PCI_CLASS_BRIDGE_RACEWAY, "raceway", NULL },
1017     { PCI_CLASS_BRIDGE_PCI_SEMITP, "semi-transparent-pci", NULL },
1018     { PCI_CLASS_BRIDGE_IB_PCI, "infiniband", NULL },
1019     { 0xFF, NULL, NULL },
1020 };
1021 
1022 static const PCISubClass comm_subclass[] = {
1023     { PCI_CLASS_COMMUNICATION_SERIAL, "serial", NULL },
1024     { PCI_CLASS_COMMUNICATION_PARALLEL, "parallel", NULL },
1025     { PCI_CLASS_COMMUNICATION_MULTISERIAL, "multiport-serial", NULL },
1026     { PCI_CLASS_COMMUNICATION_MODEM, "modem", NULL },
1027     { PCI_CLASS_COMMUNICATION_GPIB, "gpib", NULL },
1028     { PCI_CLASS_COMMUNICATION_SC, "smart-card", NULL },
1029     { 0xFF, NULL, NULL, },
1030 };
1031 
1032 static const PCIIFace pic_iface[] = {
1033     { PCI_CLASS_SYSTEM_PIC_IOAPIC, "io-apic" },
1034     { PCI_CLASS_SYSTEM_PIC_IOXAPIC, "io-xapic" },
1035     { 0xFF, NULL },
1036 };
1037 
1038 static const PCISubClass sys_subclass[] = {
1039     { PCI_CLASS_SYSTEM_PIC, "interrupt-controller", pic_iface },
1040     { PCI_CLASS_SYSTEM_DMA, "dma-controller", NULL },
1041     { PCI_CLASS_SYSTEM_TIMER, "timer", NULL },
1042     { PCI_CLASS_SYSTEM_RTC, "rtc", NULL },
1043     { PCI_CLASS_SYSTEM_PCI_HOTPLUG, "hot-plug-controller", NULL },
1044     { PCI_CLASS_SYSTEM_SDHCI, "sd-host-controller", NULL },
1045     { 0xFF, NULL, NULL },
1046 };
1047 
1048 static const PCISubClass inp_subclass[] = {
1049     { PCI_CLASS_INPUT_KEYBOARD, "keyboard", NULL },
1050     { PCI_CLASS_INPUT_PEN, "pen", NULL },
1051     { PCI_CLASS_INPUT_MOUSE, "mouse", NULL },
1052     { PCI_CLASS_INPUT_SCANNER, "scanner", NULL },
1053     { PCI_CLASS_INPUT_GAMEPORT, "gameport", NULL },
1054     { 0xFF, NULL, NULL },
1055 };
1056 
1057 static const PCISubClass dock_subclass[] = {
1058     { PCI_CLASS_DOCKING_GENERIC, "dock", NULL },
1059     { 0xFF, NULL, NULL },
1060 };
1061 
1062 static const PCISubClass cpu_subclass[] = {
1063     { PCI_CLASS_PROCESSOR_PENTIUM, "pentium", NULL },
1064     { PCI_CLASS_PROCESSOR_POWERPC, "powerpc", NULL },
1065     { PCI_CLASS_PROCESSOR_MIPS, "mips", NULL },
1066     { PCI_CLASS_PROCESSOR_CO, "co-processor", NULL },
1067     { 0xFF, NULL, NULL },
1068 };
1069 
1070 static const PCIIFace usb_iface[] = {
1071     { PCI_CLASS_SERIAL_USB_UHCI, "usb-uhci" },
1072     { PCI_CLASS_SERIAL_USB_OHCI, "usb-ohci", },
1073     { PCI_CLASS_SERIAL_USB_EHCI, "usb-ehci" },
1074     { PCI_CLASS_SERIAL_USB_XHCI, "usb-xhci" },
1075     { PCI_CLASS_SERIAL_USB_UNKNOWN, "usb-unknown" },
1076     { PCI_CLASS_SERIAL_USB_DEVICE, "usb-device" },
1077     { 0xFF, NULL },
1078 };
1079 
1080 static const PCISubClass ser_subclass[] = {
1081     { PCI_CLASS_SERIAL_FIREWIRE, "firewire", NULL },
1082     { PCI_CLASS_SERIAL_ACCESS, "access-bus", NULL },
1083     { PCI_CLASS_SERIAL_SSA, "ssa", NULL },
1084     { PCI_CLASS_SERIAL_USB, "usb", usb_iface },
1085     { PCI_CLASS_SERIAL_FIBER, "fibre-channel", NULL },
1086     { PCI_CLASS_SERIAL_SMBUS, "smb", NULL },
1087     { PCI_CLASS_SERIAL_IB, "infiniband", NULL },
1088     { PCI_CLASS_SERIAL_IPMI, "ipmi", NULL },
1089     { PCI_CLASS_SERIAL_SERCOS, "sercos", NULL },
1090     { PCI_CLASS_SERIAL_CANBUS, "canbus", NULL },
1091     { 0xFF, NULL, NULL },
1092 };
1093 
1094 static const PCISubClass wrl_subclass[] = {
1095     { PCI_CLASS_WIRELESS_IRDA, "irda", NULL },
1096     { PCI_CLASS_WIRELESS_CIR, "consumer-ir", NULL },
1097     { PCI_CLASS_WIRELESS_RF_CONTROLLER, "rf-controller", NULL },
1098     { PCI_CLASS_WIRELESS_BLUETOOTH, "bluetooth", NULL },
1099     { PCI_CLASS_WIRELESS_BROADBAND, "broadband", NULL },
1100     { 0xFF, NULL, NULL },
1101 };
1102 
1103 static const PCISubClass sat_subclass[] = {
1104     { PCI_CLASS_SATELLITE_TV, "satellite-tv", NULL },
1105     { PCI_CLASS_SATELLITE_AUDIO, "satellite-audio", NULL },
1106     { PCI_CLASS_SATELLITE_VOICE, "satellite-voice", NULL },
1107     { PCI_CLASS_SATELLITE_DATA, "satellite-data", NULL },
1108     { 0xFF, NULL, NULL },
1109 };
1110 
1111 static const PCISubClass crypt_subclass[] = {
1112     { PCI_CLASS_CRYPT_NETWORK, "network-encryption", NULL },
1113     { PCI_CLASS_CRYPT_ENTERTAINMENT,
1114       "entertainment-encryption", NULL },
1115     { 0xFF, NULL, NULL },
1116 };
1117 
1118 static const PCISubClass spc_subclass[] = {
1119     { PCI_CLASS_SP_DPIO, "dpio", NULL },
1120     { PCI_CLASS_SP_PERF, "counter", NULL },
1121     { PCI_CLASS_SP_SYNCH, "measurement", NULL },
1122     { PCI_CLASS_SP_MANAGEMENT, "management-card", NULL },
1123     { 0xFF, NULL, NULL },
1124 };
1125 
1126 static const PCIClass pci_classes[] = {
1127     { "legacy-device", undef_subclass },
1128     { "mass-storage",  mass_subclass },
1129     { "network", net_subclass },
1130     { "display", displ_subclass, },
1131     { "multimedia-device", media_subclass },
1132     { "memory-controller", mem_subclass },
1133     { "unknown-bridge", bridg_subclass },
1134     { "communication-controller", comm_subclass},
1135     { "system-peripheral", sys_subclass },
1136     { "input-controller", inp_subclass },
1137     { "docking-station", dock_subclass },
1138     { "cpu", cpu_subclass },
1139     { "serial-bus", ser_subclass },
1140     { "wireless-controller", wrl_subclass },
1141     { "intelligent-io", NULL },
1142     { "satellite-device", sat_subclass },
1143     { "encryption", crypt_subclass },
1144     { "data-processing-controller", spc_subclass },
1145 };
1146 
1147 static const char *dt_name_from_class(uint8_t class, uint8_t subclass,
1148                                       uint8_t iface)
1149 {
1150     const PCIClass *pclass;
1151     const PCISubClass *psubclass;
1152     const PCIIFace *piface;
1153     const char *name;
1154 
1155     if (class >= ARRAY_SIZE(pci_classes)) {
1156         return "pci";
1157     }
1158 
1159     pclass = pci_classes + class;
1160     name = pclass->name;
1161 
1162     if (pclass->subc == NULL) {
1163         return name;
1164     }
1165 
1166     psubclass = pclass->subc;
1167     while ((psubclass->subclass & 0xff) != 0xff) {
1168         if ((psubclass->subclass & 0xff) == subclass) {
1169             name = psubclass->name;
1170             break;
1171         }
1172         psubclass++;
1173     }
1174 
1175     piface = psubclass->iface;
1176     if (piface == NULL) {
1177         return name;
1178     }
1179     while ((piface->iface & 0xff) != 0xff) {
1180         if ((piface->iface & 0xff) == iface) {
1181             name = piface->name;
1182             break;
1183         }
1184         piface++;
1185     }
1186 
1187     return name;
1188 }
1189 
1190 /*
1191  * DRC helper functions
1192  */
1193 
1194 static uint32_t drc_id_from_devfn(SpaprPhbState *phb,
1195                                   uint8_t chassis, int32_t devfn)
1196 {
1197     return (phb->index << 16) | (chassis << 8) | devfn;
1198 }
1199 
1200 static SpaprDrc *drc_from_devfn(SpaprPhbState *phb,
1201                                 uint8_t chassis, int32_t devfn)
1202 {
1203     return spapr_drc_by_id(TYPE_SPAPR_DRC_PCI,
1204                            drc_id_from_devfn(phb, chassis, devfn));
1205 }
1206 
1207 static uint8_t chassis_from_bus(PCIBus *bus)
1208 {
1209     if (pci_bus_is_root(bus)) {
1210         return 0;
1211     } else {
1212         PCIDevice *bridge = pci_bridge_get_device(bus);
1213 
1214         return object_property_get_uint(OBJECT(bridge), "chassis_nr",
1215                                         &error_abort);
1216     }
1217 }
1218 
1219 static SpaprDrc *drc_from_dev(SpaprPhbState *phb, PCIDevice *dev)
1220 {
1221     uint8_t chassis = chassis_from_bus(pci_get_bus(dev));
1222 
1223     return drc_from_devfn(phb, chassis, dev->devfn);
1224 }
1225 
1226 static void add_drcs(SpaprPhbState *phb, PCIBus *bus)
1227 {
1228     Object *owner;
1229     int i;
1230     uint8_t chassis;
1231 
1232     if (!phb->dr_enabled) {
1233         return;
1234     }
1235 
1236     chassis = chassis_from_bus(bus);
1237 
1238     if (pci_bus_is_root(bus)) {
1239         owner = OBJECT(phb);
1240     } else {
1241         owner = OBJECT(pci_bridge_get_device(bus));
1242     }
1243 
1244     for (i = 0; i < PCI_SLOT_MAX * PCI_FUNC_MAX; i++) {
1245         spapr_dr_connector_new(owner, TYPE_SPAPR_DRC_PCI,
1246                                drc_id_from_devfn(phb, chassis, i));
1247     }
1248 }
1249 
1250 static void remove_drcs(SpaprPhbState *phb, PCIBus *bus)
1251 {
1252     int i;
1253     uint8_t chassis;
1254 
1255     if (!phb->dr_enabled) {
1256         return;
1257     }
1258 
1259     chassis = chassis_from_bus(bus);
1260 
1261     for (i = PCI_SLOT_MAX * PCI_FUNC_MAX - 1; i >= 0; i--) {
1262         SpaprDrc *drc = drc_from_devfn(phb, chassis, i);
1263 
1264         if (drc) {
1265             object_unparent(OBJECT(drc));
1266         }
1267     }
1268 }
1269 
1270 typedef struct PciWalkFdt {
1271     void *fdt;
1272     int offset;
1273     SpaprPhbState *sphb;
1274     int err;
1275 } PciWalkFdt;
1276 
1277 static int spapr_dt_pci_device(SpaprPhbState *sphb, PCIDevice *dev,
1278                                void *fdt, int parent_offset);
1279 
1280 static void spapr_dt_pci_device_cb(PCIBus *bus, PCIDevice *pdev,
1281                                    void *opaque)
1282 {
1283     PciWalkFdt *p = opaque;
1284     int err;
1285 
1286     if (p->err) {
1287         /* Something's already broken, don't keep going */
1288         return;
1289     }
1290 
1291     err = spapr_dt_pci_device(p->sphb, pdev, p->fdt, p->offset);
1292     if (err < 0) {
1293         p->err = err;
1294     }
1295 }
1296 
1297 /* Augment PCI device node with bridge specific information */
1298 static int spapr_dt_pci_bus(SpaprPhbState *sphb, PCIBus *bus,
1299                                void *fdt, int offset)
1300 {
1301     Object *owner;
1302     PciWalkFdt cbinfo = {
1303         .fdt = fdt,
1304         .offset = offset,
1305         .sphb = sphb,
1306         .err = 0,
1307     };
1308     int ret;
1309 
1310     _FDT(fdt_setprop_cell(fdt, offset, "#address-cells",
1311                           RESOURCE_CELLS_ADDRESS));
1312     _FDT(fdt_setprop_cell(fdt, offset, "#size-cells",
1313                           RESOURCE_CELLS_SIZE));
1314 
1315     assert(bus);
1316     pci_for_each_device_reverse(bus, pci_bus_num(bus),
1317                                 spapr_dt_pci_device_cb, &cbinfo);
1318     if (cbinfo.err) {
1319         return cbinfo.err;
1320     }
1321 
1322     if (pci_bus_is_root(bus)) {
1323         owner = OBJECT(sphb);
1324     } else {
1325         owner = OBJECT(pci_bridge_get_device(bus));
1326     }
1327 
1328     ret = spapr_dt_drc(fdt, offset, owner,
1329                        SPAPR_DR_CONNECTOR_TYPE_PCI);
1330     if (ret) {
1331         return ret;
1332     }
1333 
1334     return offset;
1335 }
1336 
1337 /* create OF node for pci device and required OF DT properties */
1338 static int spapr_dt_pci_device(SpaprPhbState *sphb, PCIDevice *dev,
1339                                void *fdt, int parent_offset)
1340 {
1341     int offset;
1342     const gchar *basename;
1343     gchar *nodename;
1344     int slot = PCI_SLOT(dev->devfn);
1345     int func = PCI_FUNC(dev->devfn);
1346     PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
1347     ResourceProps rp;
1348     SpaprDrc *drc = drc_from_dev(sphb, dev);
1349     uint32_t vendor_id = pci_default_read_config(dev, PCI_VENDOR_ID, 2);
1350     uint32_t device_id = pci_default_read_config(dev, PCI_DEVICE_ID, 2);
1351     uint32_t revision_id = pci_default_read_config(dev, PCI_REVISION_ID, 1);
1352     uint32_t ccode = pci_default_read_config(dev, PCI_CLASS_PROG, 3);
1353     uint32_t irq_pin = pci_default_read_config(dev, PCI_INTERRUPT_PIN, 1);
1354     uint32_t subsystem_id = pci_default_read_config(dev, PCI_SUBSYSTEM_ID, 2);
1355     uint32_t subsystem_vendor_id =
1356         pci_default_read_config(dev, PCI_SUBSYSTEM_VENDOR_ID, 2);
1357     uint32_t cache_line_size =
1358         pci_default_read_config(dev, PCI_CACHE_LINE_SIZE, 1);
1359     uint32_t pci_status = pci_default_read_config(dev, PCI_STATUS, 2);
1360     gchar *loc_code;
1361 
1362     basename = dt_name_from_class((ccode >> 16) & 0xff, (ccode >> 8) & 0xff,
1363                                   ccode & 0xff);
1364 
1365     if (func != 0) {
1366         nodename = g_strdup_printf("%s@%x,%x", basename, slot, func);
1367     } else {
1368         nodename = g_strdup_printf("%s@%x", basename, slot);
1369     }
1370 
1371     _FDT(offset = fdt_add_subnode(fdt, parent_offset, nodename));
1372 
1373     g_free(nodename);
1374 
1375     /* in accordance with PAPR+ v2.7 13.6.3, Table 181 */
1376     _FDT(fdt_setprop_cell(fdt, offset, "vendor-id", vendor_id));
1377     _FDT(fdt_setprop_cell(fdt, offset, "device-id", device_id));
1378     _FDT(fdt_setprop_cell(fdt, offset, "revision-id", revision_id));
1379 
1380     _FDT(fdt_setprop_cell(fdt, offset, "class-code", ccode));
1381     if (irq_pin) {
1382         _FDT(fdt_setprop_cell(fdt, offset, "interrupts", irq_pin));
1383     }
1384 
1385     if (subsystem_id) {
1386         _FDT(fdt_setprop_cell(fdt, offset, "subsystem-id", subsystem_id));
1387     }
1388 
1389     if (subsystem_vendor_id) {
1390         _FDT(fdt_setprop_cell(fdt, offset, "subsystem-vendor-id",
1391                               subsystem_vendor_id));
1392     }
1393 
1394     _FDT(fdt_setprop_cell(fdt, offset, "cache-line-size", cache_line_size));
1395 
1396 
1397     /* the following fdt cells are masked off the pci status register */
1398     _FDT(fdt_setprop_cell(fdt, offset, "devsel-speed",
1399                           PCI_STATUS_DEVSEL_MASK & pci_status));
1400 
1401     if (pci_status & PCI_STATUS_FAST_BACK) {
1402         _FDT(fdt_setprop(fdt, offset, "fast-back-to-back", NULL, 0));
1403     }
1404     if (pci_status & PCI_STATUS_66MHZ) {
1405         _FDT(fdt_setprop(fdt, offset, "66mhz-capable", NULL, 0));
1406     }
1407     if (pci_status & PCI_STATUS_UDF) {
1408         _FDT(fdt_setprop(fdt, offset, "udf-supported", NULL, 0));
1409     }
1410 
1411     loc_code = spapr_phb_get_loc_code(sphb, dev);
1412     _FDT(fdt_setprop_string(fdt, offset, "ibm,loc-code", loc_code));
1413     g_free(loc_code);
1414 
1415     if (drc) {
1416         _FDT(fdt_setprop_cell(fdt, offset, "ibm,my-drc-index",
1417                               spapr_drc_index(drc)));
1418     }
1419 
1420     if (msi_present(dev)) {
1421         uint32_t max_msi = msi_nr_vectors_allocated(dev);
1422         if (max_msi) {
1423             _FDT(fdt_setprop_cell(fdt, offset, "ibm,req#msi", max_msi));
1424         }
1425     }
1426     if (msix_present(dev)) {
1427         uint32_t max_msix = dev->msix_entries_nr;
1428         if (max_msix) {
1429             _FDT(fdt_setprop_cell(fdt, offset, "ibm,req#msi-x", max_msix));
1430         }
1431     }
1432 
1433     populate_resource_props(dev, &rp);
1434     _FDT(fdt_setprop(fdt, offset, "reg", (uint8_t *)rp.reg, rp.reg_len));
1435 
1436     if (sphb->pcie_ecs && pci_is_express(dev)) {
1437         _FDT(fdt_setprop_cell(fdt, offset, "ibm,pci-config-space-type", 0x1));
1438     }
1439 
1440     spapr_phb_nvgpu_populate_pcidev_dt(dev, fdt, offset, sphb);
1441 
1442     if (!pc->is_bridge) {
1443         /* Properties only for non-bridges */
1444         uint32_t min_grant = pci_default_read_config(dev, PCI_MIN_GNT, 1);
1445         uint32_t max_latency = pci_default_read_config(dev, PCI_MAX_LAT, 1);
1446         _FDT(fdt_setprop_cell(fdt, offset, "min-grant", min_grant));
1447         _FDT(fdt_setprop_cell(fdt, offset, "max-latency", max_latency));
1448         return offset;
1449     } else {
1450         PCIBus *sec_bus = pci_bridge_get_sec_bus(PCI_BRIDGE(dev));
1451 
1452         return spapr_dt_pci_bus(sphb, sec_bus, fdt, offset);
1453     }
1454 }
1455 
1456 /* Callback to be called during DRC release. */
1457 void spapr_phb_remove_pci_device_cb(DeviceState *dev)
1458 {
1459     HotplugHandler *hotplug_ctrl = qdev_get_hotplug_handler(dev);
1460 
1461     hotplug_handler_unplug(hotplug_ctrl, dev, &error_abort);
1462     object_unparent(OBJECT(dev));
1463 }
1464 
1465 int spapr_pci_dt_populate(SpaprDrc *drc, SpaprMachineState *spapr,
1466                           void *fdt, int *fdt_start_offset, Error **errp)
1467 {
1468     HotplugHandler *plug_handler = qdev_get_hotplug_handler(drc->dev);
1469     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(plug_handler);
1470     PCIDevice *pdev = PCI_DEVICE(drc->dev);
1471 
1472     *fdt_start_offset = spapr_dt_pci_device(sphb, pdev, fdt, 0);
1473     return 0;
1474 }
1475 
1476 static void spapr_pci_bridge_plug(SpaprPhbState *phb,
1477                                   PCIBridge *bridge)
1478 {
1479     PCIBus *bus = pci_bridge_get_sec_bus(bridge);
1480 
1481     add_drcs(phb, bus);
1482 }
1483 
1484 /* Returns non-zero if the value of "chassis_nr" is already in use */
1485 static int check_chassis_nr(Object *obj, void *opaque)
1486 {
1487     int new_chassis_nr =
1488         object_property_get_uint(opaque, "chassis_nr", &error_abort);
1489     int chassis_nr =
1490         object_property_get_uint(obj, "chassis_nr", NULL);
1491 
1492     if (!object_dynamic_cast(obj, TYPE_PCI_BRIDGE)) {
1493         return 0;
1494     }
1495 
1496     /* Skip unsupported bridge types */
1497     if (!chassis_nr) {
1498         return 0;
1499     }
1500 
1501     /* Skip self */
1502     if (obj == opaque) {
1503         return 0;
1504     }
1505 
1506     return chassis_nr == new_chassis_nr;
1507 }
1508 
1509 static bool bridge_has_valid_chassis_nr(Object *bridge, Error **errp)
1510 {
1511     int chassis_nr =
1512         object_property_get_uint(bridge, "chassis_nr", NULL);
1513 
1514     /*
1515      * slotid_cap_init() already ensures that "chassis_nr" isn't null for
1516      * standard PCI bridges, so this really tells if "chassis_nr" is present
1517      * or not.
1518      */
1519     if (!chassis_nr) {
1520         error_setg(errp, "PCI Bridge lacks a \"chassis_nr\" property");
1521         error_append_hint(errp, "Try -device pci-bridge instead.\n");
1522         return false;
1523     }
1524 
1525     /* We want unique values for "chassis_nr" */
1526     if (object_child_foreach_recursive(object_get_root(), check_chassis_nr,
1527                                        bridge)) {
1528         error_setg(errp, "Bridge chassis %d already in use", chassis_nr);
1529         return false;
1530     }
1531 
1532     return true;
1533 }
1534 
1535 static void spapr_pci_pre_plug(HotplugHandler *plug_handler,
1536                                DeviceState *plugged_dev, Error **errp)
1537 {
1538     SpaprPhbState *phb = SPAPR_PCI_HOST_BRIDGE(DEVICE(plug_handler));
1539     PCIDevice *pdev = PCI_DEVICE(plugged_dev);
1540     PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(plugged_dev);
1541     SpaprDrc *drc = drc_from_dev(phb, pdev);
1542     PCIBus *bus = PCI_BUS(qdev_get_parent_bus(DEVICE(pdev)));
1543     uint32_t slotnr = PCI_SLOT(pdev->devfn);
1544 
1545     if (!phb->dr_enabled) {
1546         /* if this is a hotplug operation initiated by the user
1547          * we need to let them know it's not enabled
1548          */
1549         if (plugged_dev->hotplugged) {
1550             error_setg(errp, QERR_BUS_NO_HOTPLUG,
1551                        object_get_typename(OBJECT(phb)));
1552             return;
1553         }
1554     }
1555 
1556     if (pc->is_bridge) {
1557         if (!bridge_has_valid_chassis_nr(OBJECT(plugged_dev), errp)) {
1558             return;
1559         }
1560     }
1561 
1562     /* Following the QEMU convention used for PCIe multifunction
1563      * hotplug, we do not allow functions to be hotplugged to a
1564      * slot that already has function 0 present
1565      */
1566     if (plugged_dev->hotplugged && bus->devices[PCI_DEVFN(slotnr, 0)] &&
1567         PCI_FUNC(pdev->devfn) != 0) {
1568         error_setg(errp, "PCI: slot %d function 0 already occupied by %s,"
1569                    " additional functions can no longer be exposed to guest.",
1570                    slotnr, bus->devices[PCI_DEVFN(slotnr, 0)]->name);
1571     }
1572 
1573     if (drc && drc->dev) {
1574         error_setg(errp, "PCI: slot %d already occupied by %s", slotnr,
1575                    pci_get_function_0(PCI_DEVICE(drc->dev))->name);
1576         return;
1577     }
1578 }
1579 
1580 static void spapr_pci_plug(HotplugHandler *plug_handler,
1581                            DeviceState *plugged_dev, Error **errp)
1582 {
1583     SpaprPhbState *phb = SPAPR_PCI_HOST_BRIDGE(DEVICE(plug_handler));
1584     PCIDevice *pdev = PCI_DEVICE(plugged_dev);
1585     PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(plugged_dev);
1586     SpaprDrc *drc = drc_from_dev(phb, pdev);
1587     uint32_t slotnr = PCI_SLOT(pdev->devfn);
1588 
1589     /*
1590      * If DR is disabled we don't need to do anything in the case of
1591      * hotplug or coldplug callbacks.
1592      */
1593     if (!phb->dr_enabled) {
1594         return;
1595     }
1596 
1597     g_assert(drc);
1598 
1599     if (pc->is_bridge) {
1600         spapr_pci_bridge_plug(phb, PCI_BRIDGE(plugged_dev));
1601     }
1602 
1603     /* spapr_pci_pre_plug() already checked the DRC is attachable */
1604     spapr_drc_attach(drc, DEVICE(pdev));
1605 
1606     /* If this is function 0, signal hotplug for all the device functions.
1607      * Otherwise defer sending the hotplug event.
1608      */
1609     if (!spapr_drc_hotplugged(plugged_dev)) {
1610         spapr_drc_reset(drc);
1611     } else if (PCI_FUNC(pdev->devfn) == 0) {
1612         int i;
1613         uint8_t chassis = chassis_from_bus(pci_get_bus(pdev));
1614 
1615         for (i = 0; i < 8; i++) {
1616             SpaprDrc *func_drc;
1617             SpaprDrcClass *func_drck;
1618             SpaprDREntitySense state;
1619 
1620             func_drc = drc_from_devfn(phb, chassis, PCI_DEVFN(slotnr, i));
1621             func_drck = SPAPR_DR_CONNECTOR_GET_CLASS(func_drc);
1622             state = func_drck->dr_entity_sense(func_drc);
1623 
1624             if (state == SPAPR_DR_ENTITY_SENSE_PRESENT) {
1625                 spapr_hotplug_req_add_by_index(func_drc);
1626             }
1627         }
1628     }
1629 }
1630 
1631 static void spapr_pci_bridge_unplug(SpaprPhbState *phb,
1632                                     PCIBridge *bridge)
1633 {
1634     PCIBus *bus = pci_bridge_get_sec_bus(bridge);
1635 
1636     remove_drcs(phb, bus);
1637 }
1638 
1639 static void spapr_pci_unplug(HotplugHandler *plug_handler,
1640                              DeviceState *plugged_dev, Error **errp)
1641 {
1642     PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(plugged_dev);
1643     SpaprPhbState *phb = SPAPR_PCI_HOST_BRIDGE(DEVICE(plug_handler));
1644 
1645     /* some version guests do not wait for completion of a device
1646      * cleanup (generally done asynchronously by the kernel) before
1647      * signaling to QEMU that the device is safe, but instead sleep
1648      * for some 'safe' period of time. unfortunately on a busy host
1649      * this sleep isn't guaranteed to be long enough, resulting in
1650      * bad things like IRQ lines being left asserted during final
1651      * device removal. to deal with this we call reset just prior
1652      * to finalizing the device, which will put the device back into
1653      * an 'idle' state, as the device cleanup code expects.
1654      */
1655     pci_device_reset(PCI_DEVICE(plugged_dev));
1656 
1657     if (pc->is_bridge) {
1658         spapr_pci_bridge_unplug(phb, PCI_BRIDGE(plugged_dev));
1659         return;
1660     }
1661 
1662     qdev_unrealize(plugged_dev);
1663 }
1664 
1665 static void spapr_pci_unplug_request(HotplugHandler *plug_handler,
1666                                      DeviceState *plugged_dev, Error **errp)
1667 {
1668     SpaprPhbState *phb = SPAPR_PCI_HOST_BRIDGE(DEVICE(plug_handler));
1669     PCIDevice *pdev = PCI_DEVICE(plugged_dev);
1670     SpaprDrc *drc = drc_from_dev(phb, pdev);
1671 
1672     if (!phb->dr_enabled) {
1673         error_setg(errp, QERR_BUS_NO_HOTPLUG,
1674                    object_get_typename(OBJECT(phb)));
1675         return;
1676     }
1677 
1678     g_assert(drc);
1679     g_assert(drc->dev == plugged_dev);
1680 
1681     if (!spapr_drc_unplug_requested(drc)) {
1682         PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(plugged_dev);
1683         uint32_t slotnr = PCI_SLOT(pdev->devfn);
1684         SpaprDrc *func_drc;
1685         SpaprDrcClass *func_drck;
1686         SpaprDREntitySense state;
1687         int i;
1688         uint8_t chassis = chassis_from_bus(pci_get_bus(pdev));
1689 
1690         if (pc->is_bridge) {
1691             error_setg(errp, "PCI: Hot unplug of PCI bridges not supported");
1692             return;
1693         }
1694         if (object_property_get_uint(OBJECT(pdev), "nvlink2-tgt", NULL)) {
1695             error_setg(errp, "PCI: Cannot unplug NVLink2 devices");
1696             return;
1697         }
1698 
1699         /* ensure any other present functions are pending unplug */
1700         if (PCI_FUNC(pdev->devfn) == 0) {
1701             for (i = 1; i < 8; i++) {
1702                 func_drc = drc_from_devfn(phb, chassis, PCI_DEVFN(slotnr, i));
1703                 func_drck = SPAPR_DR_CONNECTOR_GET_CLASS(func_drc);
1704                 state = func_drck->dr_entity_sense(func_drc);
1705                 if (state == SPAPR_DR_ENTITY_SENSE_PRESENT
1706                     && !spapr_drc_unplug_requested(func_drc)) {
1707                     /*
1708                      * Attempting to remove function 0 of a multifunction
1709                      * device will will cascade into removing all child
1710                      * functions, even if their unplug weren't requested
1711                      * beforehand.
1712                      */
1713                     spapr_drc_detach(func_drc);
1714                 }
1715             }
1716         }
1717 
1718         spapr_drc_detach(drc);
1719 
1720         /* if this isn't func 0, defer unplug event. otherwise signal removal
1721          * for all present functions
1722          */
1723         if (PCI_FUNC(pdev->devfn) == 0) {
1724             for (i = 7; i >= 0; i--) {
1725                 func_drc = drc_from_devfn(phb, chassis, PCI_DEVFN(slotnr, i));
1726                 func_drck = SPAPR_DR_CONNECTOR_GET_CLASS(func_drc);
1727                 state = func_drck->dr_entity_sense(func_drc);
1728                 if (state == SPAPR_DR_ENTITY_SENSE_PRESENT) {
1729                     spapr_hotplug_req_remove_by_index(func_drc);
1730                 }
1731             }
1732         }
1733     }
1734 }
1735 
1736 static void spapr_phb_finalizefn(Object *obj)
1737 {
1738     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(obj);
1739 
1740     g_free(sphb->dtbusname);
1741     sphb->dtbusname = NULL;
1742 }
1743 
1744 static void spapr_phb_unrealize(DeviceState *dev)
1745 {
1746     SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
1747     SysBusDevice *s = SYS_BUS_DEVICE(dev);
1748     PCIHostState *phb = PCI_HOST_BRIDGE(s);
1749     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(phb);
1750     SpaprTceTable *tcet;
1751     int i;
1752     const unsigned windows_supported = spapr_phb_windows_supported(sphb);
1753 
1754     spapr_phb_nvgpu_free(sphb);
1755 
1756     if (sphb->msi) {
1757         g_hash_table_unref(sphb->msi);
1758         sphb->msi = NULL;
1759     }
1760 
1761     /*
1762      * Remove IO/MMIO subregions and aliases, rest should get cleaned
1763      * via PHB's unrealize->object_finalize
1764      */
1765     for (i = windows_supported - 1; i >= 0; i--) {
1766         tcet = spapr_tce_find_by_liobn(sphb->dma_liobn[i]);
1767         if (tcet) {
1768             memory_region_del_subregion(&sphb->iommu_root,
1769                                         spapr_tce_get_iommu(tcet));
1770         }
1771     }
1772 
1773     remove_drcs(sphb, phb->bus);
1774 
1775     for (i = PCI_NUM_PINS - 1; i >= 0; i--) {
1776         if (sphb->lsi_table[i].irq) {
1777             spapr_irq_free(spapr, sphb->lsi_table[i].irq, 1);
1778             sphb->lsi_table[i].irq = 0;
1779         }
1780     }
1781 
1782     QLIST_REMOVE(sphb, list);
1783 
1784     memory_region_del_subregion(&sphb->iommu_root, &sphb->msiwindow);
1785 
1786     /*
1787      * An attached PCI device may have memory listeners, eg. VFIO PCI. We have
1788      * unmapped all sections. Remove the listeners now, before destroying the
1789      * address space.
1790      */
1791     address_space_remove_listeners(&sphb->iommu_as);
1792     address_space_destroy(&sphb->iommu_as);
1793 
1794     qbus_set_hotplug_handler(BUS(phb->bus), NULL);
1795     pci_unregister_root_bus(phb->bus);
1796 
1797     memory_region_del_subregion(get_system_memory(), &sphb->iowindow);
1798     if (sphb->mem64_win_pciaddr != (hwaddr)-1) {
1799         memory_region_del_subregion(get_system_memory(), &sphb->mem64window);
1800     }
1801     memory_region_del_subregion(get_system_memory(), &sphb->mem32window);
1802 }
1803 
1804 static void spapr_phb_destroy_msi(gpointer opaque)
1805 {
1806     SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
1807     SpaprMachineClass *smc = SPAPR_MACHINE_GET_CLASS(spapr);
1808     SpaprPciMsi *msi = opaque;
1809 
1810     if (!smc->legacy_irq_allocation) {
1811         spapr_irq_msi_free(spapr, msi->first_irq, msi->num);
1812     }
1813     spapr_irq_free(spapr, msi->first_irq, msi->num);
1814     g_free(msi);
1815 }
1816 
1817 static void spapr_phb_realize(DeviceState *dev, Error **errp)
1818 {
1819     ERRP_GUARD();
1820     /* We don't use SPAPR_MACHINE() in order to exit gracefully if the user
1821      * tries to add a sPAPR PHB to a non-pseries machine.
1822      */
1823     SpaprMachineState *spapr =
1824         (SpaprMachineState *) object_dynamic_cast(qdev_get_machine(),
1825                                                   TYPE_SPAPR_MACHINE);
1826     SpaprMachineClass *smc = spapr ? SPAPR_MACHINE_GET_CLASS(spapr) : NULL;
1827     SysBusDevice *s = SYS_BUS_DEVICE(dev);
1828     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(s);
1829     PCIHostState *phb = PCI_HOST_BRIDGE(s);
1830     MachineState *ms = MACHINE(spapr);
1831     char *namebuf;
1832     int i;
1833     PCIBus *bus;
1834     uint64_t msi_window_size = 4096;
1835     SpaprTceTable *tcet;
1836     const unsigned windows_supported = spapr_phb_windows_supported(sphb);
1837 
1838     if (!spapr) {
1839         error_setg(errp, TYPE_SPAPR_PCI_HOST_BRIDGE " needs a pseries machine");
1840         return;
1841     }
1842 
1843     assert(sphb->index != (uint32_t)-1); /* checked in spapr_phb_pre_plug() */
1844 
1845     if (sphb->mem64_win_size != 0) {
1846         if (sphb->mem_win_size > SPAPR_PCI_MEM32_WIN_SIZE) {
1847             error_setg(errp, "32-bit memory window of size 0x%"HWADDR_PRIx
1848                        " (max 2 GiB)", sphb->mem_win_size);
1849             return;
1850         }
1851 
1852         /* 64-bit window defaults to identity mapping */
1853         sphb->mem64_win_pciaddr = sphb->mem64_win_addr;
1854     } else if (sphb->mem_win_size > SPAPR_PCI_MEM32_WIN_SIZE) {
1855         /*
1856          * For compatibility with old configuration, if no 64-bit MMIO
1857          * window is specified, but the ordinary (32-bit) memory
1858          * window is specified as > 2GiB, we treat it as a 2GiB 32-bit
1859          * window, with a 64-bit MMIO window following on immediately
1860          * afterwards
1861          */
1862         sphb->mem64_win_size = sphb->mem_win_size - SPAPR_PCI_MEM32_WIN_SIZE;
1863         sphb->mem64_win_addr = sphb->mem_win_addr + SPAPR_PCI_MEM32_WIN_SIZE;
1864         sphb->mem64_win_pciaddr =
1865             SPAPR_PCI_MEM_WIN_BUS_OFFSET + SPAPR_PCI_MEM32_WIN_SIZE;
1866         sphb->mem_win_size = SPAPR_PCI_MEM32_WIN_SIZE;
1867     }
1868 
1869     if (spapr_pci_find_phb(spapr, sphb->buid)) {
1870         SpaprPhbState *s;
1871 
1872         error_setg(errp, "PCI host bridges must have unique indexes");
1873         error_append_hint(errp, "The following indexes are already in use:");
1874         QLIST_FOREACH(s, &spapr->phbs, list) {
1875             error_append_hint(errp, " %d", s->index);
1876         }
1877         error_append_hint(errp, "\nTry another value for the index property\n");
1878         return;
1879     }
1880 
1881     if (sphb->numa_node != -1 &&
1882         (sphb->numa_node >= MAX_NODES ||
1883          !ms->numa_state->nodes[sphb->numa_node].present)) {
1884         error_setg(errp, "Invalid NUMA node ID for PCI host bridge");
1885         return;
1886     }
1887 
1888     sphb->dtbusname = g_strdup_printf("pci@%" PRIx64, sphb->buid);
1889 
1890     /* Initialize memory regions */
1891     namebuf = g_strdup_printf("%s.mmio", sphb->dtbusname);
1892     memory_region_init(&sphb->memspace, OBJECT(sphb), namebuf, UINT64_MAX);
1893     g_free(namebuf);
1894 
1895     namebuf = g_strdup_printf("%s.mmio32-alias", sphb->dtbusname);
1896     memory_region_init_alias(&sphb->mem32window, OBJECT(sphb),
1897                              namebuf, &sphb->memspace,
1898                              SPAPR_PCI_MEM_WIN_BUS_OFFSET, sphb->mem_win_size);
1899     g_free(namebuf);
1900     memory_region_add_subregion(get_system_memory(), sphb->mem_win_addr,
1901                                 &sphb->mem32window);
1902 
1903     if (sphb->mem64_win_size != 0) {
1904         namebuf = g_strdup_printf("%s.mmio64-alias", sphb->dtbusname);
1905         memory_region_init_alias(&sphb->mem64window, OBJECT(sphb),
1906                                  namebuf, &sphb->memspace,
1907                                  sphb->mem64_win_pciaddr, sphb->mem64_win_size);
1908         g_free(namebuf);
1909 
1910         memory_region_add_subregion(get_system_memory(),
1911                                     sphb->mem64_win_addr,
1912                                     &sphb->mem64window);
1913     }
1914 
1915     /* Initialize IO regions */
1916     namebuf = g_strdup_printf("%s.io", sphb->dtbusname);
1917     memory_region_init(&sphb->iospace, OBJECT(sphb),
1918                        namebuf, SPAPR_PCI_IO_WIN_SIZE);
1919     g_free(namebuf);
1920 
1921     namebuf = g_strdup_printf("%s.io-alias", sphb->dtbusname);
1922     memory_region_init_alias(&sphb->iowindow, OBJECT(sphb), namebuf,
1923                              &sphb->iospace, 0, SPAPR_PCI_IO_WIN_SIZE);
1924     g_free(namebuf);
1925     memory_region_add_subregion(get_system_memory(), sphb->io_win_addr,
1926                                 &sphb->iowindow);
1927 
1928     bus = pci_register_root_bus(dev, NULL,
1929                                 pci_spapr_set_irq, pci_swizzle_map_irq_fn, sphb,
1930                                 &sphb->memspace, &sphb->iospace,
1931                                 PCI_DEVFN(0, 0), PCI_NUM_PINS,
1932                                 TYPE_PCI_BUS);
1933 
1934     /*
1935      * Despite resembling a vanilla PCI bus in most ways, the PAPR
1936      * para-virtualized PCI bus *does* permit PCI-E extended config
1937      * space access
1938      */
1939     if (sphb->pcie_ecs) {
1940         bus->flags |= PCI_BUS_EXTENDED_CONFIG_SPACE;
1941     }
1942     phb->bus = bus;
1943     qbus_set_hotplug_handler(BUS(phb->bus), OBJECT(sphb));
1944 
1945     /*
1946      * Initialize PHB address space.
1947      * By default there will be at least one subregion for default
1948      * 32bit DMA window.
1949      * Later the guest might want to create another DMA window
1950      * which will become another memory subregion.
1951      */
1952     namebuf = g_strdup_printf("%s.iommu-root", sphb->dtbusname);
1953     memory_region_init(&sphb->iommu_root, OBJECT(sphb),
1954                        namebuf, UINT64_MAX);
1955     g_free(namebuf);
1956     address_space_init(&sphb->iommu_as, &sphb->iommu_root,
1957                        sphb->dtbusname);
1958 
1959     /*
1960      * As MSI/MSIX interrupts trigger by writing at MSI/MSIX vectors,
1961      * we need to allocate some memory to catch those writes coming
1962      * from msi_notify()/msix_notify().
1963      * As MSIMessage:addr is going to be the same and MSIMessage:data
1964      * is going to be a VIRQ number, 4 bytes of the MSI MR will only
1965      * be used.
1966      *
1967      * For KVM we want to ensure that this memory is a full page so that
1968      * our memory slot is of page size granularity.
1969      */
1970     if (kvm_enabled()) {
1971         msi_window_size = qemu_real_host_page_size;
1972     }
1973 
1974     memory_region_init_io(&sphb->msiwindow, OBJECT(sphb), &spapr_msi_ops, spapr,
1975                           "msi", msi_window_size);
1976     memory_region_add_subregion(&sphb->iommu_root, SPAPR_PCI_MSI_WINDOW,
1977                                 &sphb->msiwindow);
1978 
1979     pci_setup_iommu(bus, spapr_pci_dma_iommu, sphb);
1980 
1981     pci_bus_set_route_irq_fn(bus, spapr_route_intx_pin_to_irq);
1982 
1983     QLIST_INSERT_HEAD(&spapr->phbs, sphb, list);
1984 
1985     /* Initialize the LSI table */
1986     for (i = 0; i < PCI_NUM_PINS; i++) {
1987         int irq = SPAPR_IRQ_PCI_LSI + sphb->index * PCI_NUM_PINS + i;
1988 
1989         if (smc->legacy_irq_allocation) {
1990             irq = spapr_irq_findone(spapr, errp);
1991             if (irq < 0) {
1992                 error_prepend(errp, "can't allocate LSIs: ");
1993                 /*
1994                  * Older machines will never support PHB hotplug, ie, this is an
1995                  * init only path and QEMU will terminate. No need to rollback.
1996                  */
1997                 return;
1998             }
1999         }
2000 
2001         if (spapr_irq_claim(spapr, irq, true, errp) < 0) {
2002             error_prepend(errp, "can't allocate LSIs: ");
2003             goto unrealize;
2004         }
2005 
2006         sphb->lsi_table[i].irq = irq;
2007     }
2008 
2009     /* allocate connectors for child PCI devices */
2010     add_drcs(sphb, phb->bus);
2011 
2012     /* DMA setup */
2013     for (i = 0; i < windows_supported; ++i) {
2014         tcet = spapr_tce_new_table(DEVICE(sphb), sphb->dma_liobn[i]);
2015         if (!tcet) {
2016             error_setg(errp, "Creating window#%d failed for %s",
2017                        i, sphb->dtbusname);
2018             goto unrealize;
2019         }
2020         memory_region_add_subregion(&sphb->iommu_root, 0,
2021                                     spapr_tce_get_iommu(tcet));
2022     }
2023 
2024     sphb->msi = g_hash_table_new_full(g_int_hash, g_int_equal, g_free,
2025                                       spapr_phb_destroy_msi);
2026     return;
2027 
2028 unrealize:
2029     spapr_phb_unrealize(dev);
2030 }
2031 
2032 static int spapr_phb_children_reset(Object *child, void *opaque)
2033 {
2034     DeviceState *dev = (DeviceState *) object_dynamic_cast(child, TYPE_DEVICE);
2035 
2036     if (dev) {
2037         device_legacy_reset(dev);
2038     }
2039 
2040     return 0;
2041 }
2042 
2043 void spapr_phb_dma_reset(SpaprPhbState *sphb)
2044 {
2045     int i;
2046     SpaprTceTable *tcet;
2047 
2048     for (i = 0; i < SPAPR_PCI_DMA_MAX_WINDOWS; ++i) {
2049         tcet = spapr_tce_find_by_liobn(sphb->dma_liobn[i]);
2050 
2051         if (tcet && tcet->nb_table) {
2052             spapr_tce_table_disable(tcet);
2053         }
2054     }
2055 
2056     /* Register default 32bit DMA window */
2057     tcet = spapr_tce_find_by_liobn(sphb->dma_liobn[0]);
2058     spapr_tce_table_enable(tcet, SPAPR_TCE_PAGE_SHIFT, sphb->dma_win_addr,
2059                            sphb->dma_win_size >> SPAPR_TCE_PAGE_SHIFT);
2060 }
2061 
2062 static void spapr_phb_reset(DeviceState *qdev)
2063 {
2064     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(qdev);
2065     Error *err = NULL;
2066 
2067     spapr_phb_dma_reset(sphb);
2068     spapr_phb_nvgpu_free(sphb);
2069     spapr_phb_nvgpu_setup(sphb, &err);
2070     if (err) {
2071         error_report_err(err);
2072     }
2073 
2074     /* Reset the IOMMU state */
2075     object_child_foreach(OBJECT(qdev), spapr_phb_children_reset, NULL);
2076 
2077     if (spapr_phb_eeh_available(SPAPR_PCI_HOST_BRIDGE(qdev))) {
2078         spapr_phb_vfio_reset(qdev);
2079     }
2080 
2081     g_hash_table_remove_all(sphb->msi);
2082 }
2083 
2084 static Property spapr_phb_properties[] = {
2085     DEFINE_PROP_UINT32("index", SpaprPhbState, index, -1),
2086     DEFINE_PROP_UINT64("mem_win_size", SpaprPhbState, mem_win_size,
2087                        SPAPR_PCI_MEM32_WIN_SIZE),
2088     DEFINE_PROP_UINT64("mem64_win_size", SpaprPhbState, mem64_win_size,
2089                        SPAPR_PCI_MEM64_WIN_SIZE),
2090     DEFINE_PROP_UINT64("io_win_size", SpaprPhbState, io_win_size,
2091                        SPAPR_PCI_IO_WIN_SIZE),
2092     DEFINE_PROP_BOOL("dynamic-reconfiguration", SpaprPhbState, dr_enabled,
2093                      true),
2094     /* Default DMA window is 0..1GB */
2095     DEFINE_PROP_UINT64("dma_win_addr", SpaprPhbState, dma_win_addr, 0),
2096     DEFINE_PROP_UINT64("dma_win_size", SpaprPhbState, dma_win_size, 0x40000000),
2097     DEFINE_PROP_UINT64("dma64_win_addr", SpaprPhbState, dma64_win_addr,
2098                        0x800000000000000ULL),
2099     DEFINE_PROP_BOOL("ddw", SpaprPhbState, ddw_enabled, true),
2100     DEFINE_PROP_UINT64("pgsz", SpaprPhbState, page_size_mask,
2101                        (1ULL << 12) | (1ULL << 16)
2102                        | (1ULL << 21) | (1ULL << 24)),
2103     DEFINE_PROP_UINT32("numa_node", SpaprPhbState, numa_node, -1),
2104     DEFINE_PROP_BOOL("pre-2.8-migration", SpaprPhbState,
2105                      pre_2_8_migration, false),
2106     DEFINE_PROP_BOOL("pcie-extended-configuration-space", SpaprPhbState,
2107                      pcie_ecs, true),
2108     DEFINE_PROP_UINT64("gpa", SpaprPhbState, nv2_gpa_win_addr, 0),
2109     DEFINE_PROP_UINT64("atsd", SpaprPhbState, nv2_atsd_win_addr, 0),
2110     DEFINE_PROP_BOOL("pre-5.1-associativity", SpaprPhbState,
2111                      pre_5_1_assoc, false),
2112     DEFINE_PROP_END_OF_LIST(),
2113 };
2114 
2115 static const VMStateDescription vmstate_spapr_pci_lsi = {
2116     .name = "spapr_pci/lsi",
2117     .version_id = 1,
2118     .minimum_version_id = 1,
2119     .fields = (VMStateField[]) {
2120         VMSTATE_UINT32_EQUAL(irq, SpaprPciLsi, NULL),
2121 
2122         VMSTATE_END_OF_LIST()
2123     },
2124 };
2125 
2126 static const VMStateDescription vmstate_spapr_pci_msi = {
2127     .name = "spapr_pci/msi",
2128     .version_id = 1,
2129     .minimum_version_id = 1,
2130     .fields = (VMStateField []) {
2131         VMSTATE_UINT32(key, SpaprPciMsiMig),
2132         VMSTATE_UINT32(value.first_irq, SpaprPciMsiMig),
2133         VMSTATE_UINT32(value.num, SpaprPciMsiMig),
2134         VMSTATE_END_OF_LIST()
2135     },
2136 };
2137 
2138 static int spapr_pci_pre_save(void *opaque)
2139 {
2140     SpaprPhbState *sphb = opaque;
2141     GHashTableIter iter;
2142     gpointer key, value;
2143     int i;
2144 
2145     if (sphb->pre_2_8_migration) {
2146         sphb->mig_liobn = sphb->dma_liobn[0];
2147         sphb->mig_mem_win_addr = sphb->mem_win_addr;
2148         sphb->mig_mem_win_size = sphb->mem_win_size;
2149         sphb->mig_io_win_addr = sphb->io_win_addr;
2150         sphb->mig_io_win_size = sphb->io_win_size;
2151 
2152         if ((sphb->mem64_win_size != 0)
2153             && (sphb->mem64_win_addr
2154                 == (sphb->mem_win_addr + sphb->mem_win_size))) {
2155             sphb->mig_mem_win_size += sphb->mem64_win_size;
2156         }
2157     }
2158 
2159     g_free(sphb->msi_devs);
2160     sphb->msi_devs = NULL;
2161     sphb->msi_devs_num = g_hash_table_size(sphb->msi);
2162     if (!sphb->msi_devs_num) {
2163         return 0;
2164     }
2165     sphb->msi_devs = g_new(SpaprPciMsiMig, sphb->msi_devs_num);
2166 
2167     g_hash_table_iter_init(&iter, sphb->msi);
2168     for (i = 0; g_hash_table_iter_next(&iter, &key, &value); ++i) {
2169         sphb->msi_devs[i].key = *(uint32_t *) key;
2170         sphb->msi_devs[i].value = *(SpaprPciMsi *) value;
2171     }
2172 
2173     return 0;
2174 }
2175 
2176 static int spapr_pci_post_load(void *opaque, int version_id)
2177 {
2178     SpaprPhbState *sphb = opaque;
2179     gpointer key, value;
2180     int i;
2181 
2182     for (i = 0; i < sphb->msi_devs_num; ++i) {
2183         key = g_memdup(&sphb->msi_devs[i].key,
2184                        sizeof(sphb->msi_devs[i].key));
2185         value = g_memdup(&sphb->msi_devs[i].value,
2186                          sizeof(sphb->msi_devs[i].value));
2187         g_hash_table_insert(sphb->msi, key, value);
2188     }
2189     g_free(sphb->msi_devs);
2190     sphb->msi_devs = NULL;
2191     sphb->msi_devs_num = 0;
2192 
2193     return 0;
2194 }
2195 
2196 static bool pre_2_8_migration(void *opaque, int version_id)
2197 {
2198     SpaprPhbState *sphb = opaque;
2199 
2200     return sphb->pre_2_8_migration;
2201 }
2202 
2203 static const VMStateDescription vmstate_spapr_pci = {
2204     .name = "spapr_pci",
2205     .version_id = 2,
2206     .minimum_version_id = 2,
2207     .pre_save = spapr_pci_pre_save,
2208     .post_load = spapr_pci_post_load,
2209     .fields = (VMStateField[]) {
2210         VMSTATE_UINT64_EQUAL(buid, SpaprPhbState, NULL),
2211         VMSTATE_UINT32_TEST(mig_liobn, SpaprPhbState, pre_2_8_migration),
2212         VMSTATE_UINT64_TEST(mig_mem_win_addr, SpaprPhbState, pre_2_8_migration),
2213         VMSTATE_UINT64_TEST(mig_mem_win_size, SpaprPhbState, pre_2_8_migration),
2214         VMSTATE_UINT64_TEST(mig_io_win_addr, SpaprPhbState, pre_2_8_migration),
2215         VMSTATE_UINT64_TEST(mig_io_win_size, SpaprPhbState, pre_2_8_migration),
2216         VMSTATE_STRUCT_ARRAY(lsi_table, SpaprPhbState, PCI_NUM_PINS, 0,
2217                              vmstate_spapr_pci_lsi, SpaprPciLsi),
2218         VMSTATE_INT32(msi_devs_num, SpaprPhbState),
2219         VMSTATE_STRUCT_VARRAY_ALLOC(msi_devs, SpaprPhbState, msi_devs_num, 0,
2220                                     vmstate_spapr_pci_msi, SpaprPciMsiMig),
2221         VMSTATE_END_OF_LIST()
2222     },
2223 };
2224 
2225 static const char *spapr_phb_root_bus_path(PCIHostState *host_bridge,
2226                                            PCIBus *rootbus)
2227 {
2228     SpaprPhbState *sphb = SPAPR_PCI_HOST_BRIDGE(host_bridge);
2229 
2230     return sphb->dtbusname;
2231 }
2232 
2233 static void spapr_phb_class_init(ObjectClass *klass, void *data)
2234 {
2235     PCIHostBridgeClass *hc = PCI_HOST_BRIDGE_CLASS(klass);
2236     DeviceClass *dc = DEVICE_CLASS(klass);
2237     HotplugHandlerClass *hp = HOTPLUG_HANDLER_CLASS(klass);
2238 
2239     hc->root_bus_path = spapr_phb_root_bus_path;
2240     dc->realize = spapr_phb_realize;
2241     dc->unrealize = spapr_phb_unrealize;
2242     device_class_set_props(dc, spapr_phb_properties);
2243     dc->reset = spapr_phb_reset;
2244     dc->vmsd = &vmstate_spapr_pci;
2245     /* Supported by TYPE_SPAPR_MACHINE */
2246     dc->user_creatable = true;
2247     set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
2248     hp->pre_plug = spapr_pci_pre_plug;
2249     hp->plug = spapr_pci_plug;
2250     hp->unplug = spapr_pci_unplug;
2251     hp->unplug_request = spapr_pci_unplug_request;
2252 }
2253 
2254 static const TypeInfo spapr_phb_info = {
2255     .name          = TYPE_SPAPR_PCI_HOST_BRIDGE,
2256     .parent        = TYPE_PCI_HOST_BRIDGE,
2257     .instance_size = sizeof(SpaprPhbState),
2258     .instance_finalize = spapr_phb_finalizefn,
2259     .class_init    = spapr_phb_class_init,
2260     .interfaces    = (InterfaceInfo[]) {
2261         { TYPE_HOTPLUG_HANDLER },
2262         { }
2263     }
2264 };
2265 
2266 static void spapr_phb_pci_enumerate_bridge(PCIBus *bus, PCIDevice *pdev,
2267                                            void *opaque)
2268 {
2269     unsigned int *bus_no = opaque;
2270     PCIBus *sec_bus = NULL;
2271 
2272     if ((pci_default_read_config(pdev, PCI_HEADER_TYPE, 1) !=
2273          PCI_HEADER_TYPE_BRIDGE)) {
2274         return;
2275     }
2276 
2277     (*bus_no)++;
2278     pci_default_write_config(pdev, PCI_PRIMARY_BUS, pci_dev_bus_num(pdev), 1);
2279     pci_default_write_config(pdev, PCI_SECONDARY_BUS, *bus_no, 1);
2280     pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, *bus_no, 1);
2281 
2282     sec_bus = pci_bridge_get_sec_bus(PCI_BRIDGE(pdev));
2283     if (!sec_bus) {
2284         return;
2285     }
2286 
2287     pci_for_each_device(sec_bus, pci_bus_num(sec_bus),
2288                         spapr_phb_pci_enumerate_bridge, bus_no);
2289     pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, *bus_no, 1);
2290 }
2291 
2292 static void spapr_phb_pci_enumerate(SpaprPhbState *phb)
2293 {
2294     PCIBus *bus = PCI_HOST_BRIDGE(phb)->bus;
2295     unsigned int bus_no = 0;
2296 
2297     pci_for_each_device(bus, pci_bus_num(bus),
2298                         spapr_phb_pci_enumerate_bridge,
2299                         &bus_no);
2300 
2301 }
2302 
2303 int spapr_dt_phb(SpaprMachineState *spapr, SpaprPhbState *phb,
2304                  uint32_t intc_phandle, void *fdt, int *node_offset)
2305 {
2306     int bus_off, i, j, ret;
2307     uint32_t bus_range[] = { cpu_to_be32(0), cpu_to_be32(0xff) };
2308     struct {
2309         uint32_t hi;
2310         uint64_t child;
2311         uint64_t parent;
2312         uint64_t size;
2313     } QEMU_PACKED ranges[] = {
2314         {
2315             cpu_to_be32(b_ss(1)), cpu_to_be64(0),
2316             cpu_to_be64(phb->io_win_addr),
2317             cpu_to_be64(memory_region_size(&phb->iospace)),
2318         },
2319         {
2320             cpu_to_be32(b_ss(2)), cpu_to_be64(SPAPR_PCI_MEM_WIN_BUS_OFFSET),
2321             cpu_to_be64(phb->mem_win_addr),
2322             cpu_to_be64(phb->mem_win_size),
2323         },
2324         {
2325             cpu_to_be32(b_ss(3)), cpu_to_be64(phb->mem64_win_pciaddr),
2326             cpu_to_be64(phb->mem64_win_addr),
2327             cpu_to_be64(phb->mem64_win_size),
2328         },
2329     };
2330     const unsigned sizeof_ranges =
2331         (phb->mem64_win_size ? 3 : 2) * sizeof(ranges[0]);
2332     uint64_t bus_reg[] = { cpu_to_be64(phb->buid), 0 };
2333     uint32_t interrupt_map_mask[] = {
2334         cpu_to_be32(b_ddddd(-1)|b_fff(0)), 0x0, 0x0, cpu_to_be32(-1)};
2335     uint32_t interrupt_map[PCI_SLOT_MAX * PCI_NUM_PINS][7];
2336     uint32_t ddw_applicable[] = {
2337         cpu_to_be32(RTAS_IBM_QUERY_PE_DMA_WINDOW),
2338         cpu_to_be32(RTAS_IBM_CREATE_PE_DMA_WINDOW),
2339         cpu_to_be32(RTAS_IBM_REMOVE_PE_DMA_WINDOW)
2340     };
2341     uint32_t ddw_extensions[] = {
2342         cpu_to_be32(1),
2343         cpu_to_be32(RTAS_IBM_RESET_PE_DMA_WINDOW)
2344     };
2345     SpaprTceTable *tcet;
2346     SpaprDrc *drc;
2347     Error *err = NULL;
2348 
2349     /* Start populating the FDT */
2350     _FDT(bus_off = fdt_add_subnode(fdt, 0, phb->dtbusname));
2351     if (node_offset) {
2352         *node_offset = bus_off;
2353     }
2354 
2355     /* Write PHB properties */
2356     _FDT(fdt_setprop_string(fdt, bus_off, "device_type", "pci"));
2357     _FDT(fdt_setprop_string(fdt, bus_off, "compatible", "IBM,Logical_PHB"));
2358     _FDT(fdt_setprop_cell(fdt, bus_off, "#interrupt-cells", 0x1));
2359     _FDT(fdt_setprop(fdt, bus_off, "used-by-rtas", NULL, 0));
2360     _FDT(fdt_setprop(fdt, bus_off, "bus-range", &bus_range, sizeof(bus_range)));
2361     _FDT(fdt_setprop(fdt, bus_off, "ranges", &ranges, sizeof_ranges));
2362     _FDT(fdt_setprop(fdt, bus_off, "reg", &bus_reg, sizeof(bus_reg)));
2363     _FDT(fdt_setprop_cell(fdt, bus_off, "ibm,pci-config-space-type", 0x1));
2364     _FDT(fdt_setprop_cell(fdt, bus_off, "ibm,pe-total-#msi",
2365                           spapr_irq_nr_msis(spapr)));
2366 
2367     /* Dynamic DMA window */
2368     if (phb->ddw_enabled) {
2369         _FDT(fdt_setprop(fdt, bus_off, "ibm,ddw-applicable", &ddw_applicable,
2370                          sizeof(ddw_applicable)));
2371         _FDT(fdt_setprop(fdt, bus_off, "ibm,ddw-extensions",
2372                          &ddw_extensions, sizeof(ddw_extensions)));
2373     }
2374 
2375     /* Advertise NUMA via ibm,associativity */
2376     if (phb->numa_node != -1) {
2377         spapr_numa_write_associativity_dt(spapr, fdt, bus_off, phb->numa_node);
2378     }
2379 
2380     /* Build the interrupt-map, this must matches what is done
2381      * in pci_swizzle_map_irq_fn
2382      */
2383     _FDT(fdt_setprop(fdt, bus_off, "interrupt-map-mask",
2384                      &interrupt_map_mask, sizeof(interrupt_map_mask)));
2385     for (i = 0; i < PCI_SLOT_MAX; i++) {
2386         for (j = 0; j < PCI_NUM_PINS; j++) {
2387             uint32_t *irqmap = interrupt_map[i*PCI_NUM_PINS + j];
2388             int lsi_num = pci_swizzle(i, j);
2389 
2390             irqmap[0] = cpu_to_be32(b_ddddd(i)|b_fff(0));
2391             irqmap[1] = 0;
2392             irqmap[2] = 0;
2393             irqmap[3] = cpu_to_be32(j+1);
2394             irqmap[4] = cpu_to_be32(intc_phandle);
2395             spapr_dt_irq(&irqmap[5], phb->lsi_table[lsi_num].irq, true);
2396         }
2397     }
2398     /* Write interrupt map */
2399     _FDT(fdt_setprop(fdt, bus_off, "interrupt-map", &interrupt_map,
2400                      sizeof(interrupt_map)));
2401 
2402     tcet = spapr_tce_find_by_liobn(phb->dma_liobn[0]);
2403     if (!tcet) {
2404         return -1;
2405     }
2406     spapr_dma_dt(fdt, bus_off, "ibm,dma-window",
2407                  tcet->liobn, tcet->bus_offset,
2408                  tcet->nb_table << tcet->page_shift);
2409 
2410     drc = spapr_drc_by_id(TYPE_SPAPR_DRC_PHB, phb->index);
2411     if (drc) {
2412         uint32_t drc_index = cpu_to_be32(spapr_drc_index(drc));
2413 
2414         _FDT(fdt_setprop(fdt, bus_off, "ibm,my-drc-index", &drc_index,
2415                          sizeof(drc_index)));
2416     }
2417 
2418     /* Walk the bridges and program the bus numbers*/
2419     spapr_phb_pci_enumerate(phb);
2420     _FDT(fdt_setprop_cell(fdt, bus_off, "qemu,phb-enumerated", 0x1));
2421 
2422     /* Walk the bridge and subordinate buses */
2423     ret = spapr_dt_pci_bus(phb, PCI_HOST_BRIDGE(phb)->bus, fdt, bus_off);
2424     if (ret < 0) {
2425         return ret;
2426     }
2427 
2428     spapr_phb_nvgpu_populate_dt(phb, fdt, bus_off, &err);
2429     if (err) {
2430         error_report_err(err);
2431     }
2432     spapr_phb_nvgpu_ram_populate_dt(phb, fdt);
2433 
2434     return 0;
2435 }
2436 
2437 void spapr_pci_rtas_init(void)
2438 {
2439     spapr_rtas_register(RTAS_READ_PCI_CONFIG, "read-pci-config",
2440                         rtas_read_pci_config);
2441     spapr_rtas_register(RTAS_WRITE_PCI_CONFIG, "write-pci-config",
2442                         rtas_write_pci_config);
2443     spapr_rtas_register(RTAS_IBM_READ_PCI_CONFIG, "ibm,read-pci-config",
2444                         rtas_ibm_read_pci_config);
2445     spapr_rtas_register(RTAS_IBM_WRITE_PCI_CONFIG, "ibm,write-pci-config",
2446                         rtas_ibm_write_pci_config);
2447     if (msi_nonbroken) {
2448         spapr_rtas_register(RTAS_IBM_QUERY_INTERRUPT_SOURCE_NUMBER,
2449                             "ibm,query-interrupt-source-number",
2450                             rtas_ibm_query_interrupt_source_number);
2451         spapr_rtas_register(RTAS_IBM_CHANGE_MSI, "ibm,change-msi",
2452                             rtas_ibm_change_msi);
2453     }
2454 
2455     spapr_rtas_register(RTAS_IBM_SET_EEH_OPTION,
2456                         "ibm,set-eeh-option",
2457                         rtas_ibm_set_eeh_option);
2458     spapr_rtas_register(RTAS_IBM_GET_CONFIG_ADDR_INFO2,
2459                         "ibm,get-config-addr-info2",
2460                         rtas_ibm_get_config_addr_info2);
2461     spapr_rtas_register(RTAS_IBM_READ_SLOT_RESET_STATE2,
2462                         "ibm,read-slot-reset-state2",
2463                         rtas_ibm_read_slot_reset_state2);
2464     spapr_rtas_register(RTAS_IBM_SET_SLOT_RESET,
2465                         "ibm,set-slot-reset",
2466                         rtas_ibm_set_slot_reset);
2467     spapr_rtas_register(RTAS_IBM_CONFIGURE_PE,
2468                         "ibm,configure-pe",
2469                         rtas_ibm_configure_pe);
2470     spapr_rtas_register(RTAS_IBM_SLOT_ERROR_DETAIL,
2471                         "ibm,slot-error-detail",
2472                         rtas_ibm_slot_error_detail);
2473 }
2474 
2475 static void spapr_pci_register_types(void)
2476 {
2477     type_register_static(&spapr_phb_info);
2478 }
2479 
2480 type_init(spapr_pci_register_types)
2481 
2482 static int spapr_switch_one_vga(DeviceState *dev, void *opaque)
2483 {
2484     bool be = *(bool *)opaque;
2485 
2486     if (object_dynamic_cast(OBJECT(dev), "VGA")
2487         || object_dynamic_cast(OBJECT(dev), "secondary-vga")
2488         || object_dynamic_cast(OBJECT(dev), "bochs-display")
2489         || object_dynamic_cast(OBJECT(dev), "virtio-vga")) {
2490         object_property_set_bool(OBJECT(dev), "big-endian-framebuffer", be,
2491                                  &error_abort);
2492     }
2493     return 0;
2494 }
2495 
2496 void spapr_pci_switch_vga(SpaprMachineState *spapr, bool big_endian)
2497 {
2498     SpaprPhbState *sphb;
2499 
2500     /*
2501      * For backward compatibility with existing guests, we switch
2502      * the endianness of the VGA controller when changing the guest
2503      * interrupt mode
2504      */
2505     QLIST_FOREACH(sphb, &spapr->phbs, list) {
2506         BusState *bus = &PCI_HOST_BRIDGE(sphb)->bus->qbus;
2507         qbus_walk_children(bus, spapr_switch_one_vga, NULL, NULL, NULL,
2508                            &big_endian);
2509     }
2510 }
2511