1
2
3
4
5
6
7
8
9
10
11
12
13#include "qemu/osdep.h"
14#include "qemu/error-report.h"
15#include "qemu/range.h"
16#include "qapi/error.h"
17#include "hw/nvram/fw_cfg.h"
18#include "pci.h"
19#include "trace.h"
20
21
22static bool vfio_pci_is(VFIOPCIDevice *vdev, uint32_t vendor, uint32_t device)
23{
24 return (vendor == PCI_ANY_ID || vendor == vdev->vendor_id) &&
25 (device == PCI_ANY_ID || device == vdev->device_id);
26}
27
28static bool vfio_is_vga(VFIOPCIDevice *vdev)
29{
30 PCIDevice *pdev = &vdev->pdev;
31 uint16_t class = pci_get_word(pdev->config + PCI_CLASS_DEVICE);
32
33 return class == PCI_CLASS_DISPLAY_VGA;
34}
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49static const struct {
50 uint32_t vendor;
51 uint32_t device;
52} romblacklist[] = {
53 { 0x14e4, 0x168e },
54};
55
56bool vfio_blacklist_opt_rom(VFIOPCIDevice *vdev)
57{
58 int i;
59
60 for (i = 0 ; i < ARRAY_SIZE(romblacklist); i++) {
61 if (vfio_pci_is(vdev, romblacklist[i].vendor, romblacklist[i].device)) {
62 trace_vfio_quirk_rom_blacklisted(vdev->vbasedev.name,
63 romblacklist[i].vendor,
64 romblacklist[i].device);
65 return true;
66 }
67 }
68 return false;
69}
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86typedef struct VFIOConfigWindowMatch {
87 uint32_t match;
88 uint32_t mask;
89} VFIOConfigWindowMatch;
90
91typedef struct VFIOConfigWindowQuirk {
92 struct VFIOPCIDevice *vdev;
93
94 uint32_t address_val;
95
96 uint32_t address_offset;
97 uint32_t data_offset;
98
99 bool window_enabled;
100 uint8_t bar;
101
102 MemoryRegion *addr_mem;
103 MemoryRegion *data_mem;
104
105 uint32_t nr_matches;
106 VFIOConfigWindowMatch matches[];
107} VFIOConfigWindowQuirk;
108
109static uint64_t vfio_generic_window_quirk_address_read(void *opaque,
110 hwaddr addr,
111 unsigned size)
112{
113 VFIOConfigWindowQuirk *window = opaque;
114 VFIOPCIDevice *vdev = window->vdev;
115
116 return vfio_region_read(&vdev->bars[window->bar].region,
117 addr + window->address_offset, size);
118}
119
120static void vfio_generic_window_quirk_address_write(void *opaque, hwaddr addr,
121 uint64_t data,
122 unsigned size)
123{
124 VFIOConfigWindowQuirk *window = opaque;
125 VFIOPCIDevice *vdev = window->vdev;
126 int i;
127
128 window->window_enabled = false;
129
130 vfio_region_write(&vdev->bars[window->bar].region,
131 addr + window->address_offset, data, size);
132
133 for (i = 0; i < window->nr_matches; i++) {
134 if ((data & ~window->matches[i].mask) == window->matches[i].match) {
135 window->window_enabled = true;
136 window->address_val = data & window->matches[i].mask;
137 trace_vfio_quirk_generic_window_address_write(vdev->vbasedev.name,
138 memory_region_name(window->addr_mem), data);
139 break;
140 }
141 }
142}
143
144static const MemoryRegionOps vfio_generic_window_address_quirk = {
145 .read = vfio_generic_window_quirk_address_read,
146 .write = vfio_generic_window_quirk_address_write,
147 .endianness = DEVICE_LITTLE_ENDIAN,
148};
149
150static uint64_t vfio_generic_window_quirk_data_read(void *opaque,
151 hwaddr addr, unsigned size)
152{
153 VFIOConfigWindowQuirk *window = opaque;
154 VFIOPCIDevice *vdev = window->vdev;
155 uint64_t data;
156
157
158 data = vfio_region_read(&vdev->bars[window->bar].region,
159 addr + window->data_offset, size);
160
161 if (window->window_enabled) {
162 data = vfio_pci_read_config(&vdev->pdev, window->address_val, size);
163 trace_vfio_quirk_generic_window_data_read(vdev->vbasedev.name,
164 memory_region_name(window->data_mem), data);
165 }
166
167 return data;
168}
169
170static void vfio_generic_window_quirk_data_write(void *opaque, hwaddr addr,
171 uint64_t data, unsigned size)
172{
173 VFIOConfigWindowQuirk *window = opaque;
174 VFIOPCIDevice *vdev = window->vdev;
175
176 if (window->window_enabled) {
177 vfio_pci_write_config(&vdev->pdev, window->address_val, data, size);
178 trace_vfio_quirk_generic_window_data_write(vdev->vbasedev.name,
179 memory_region_name(window->data_mem), data);
180 return;
181 }
182
183 vfio_region_write(&vdev->bars[window->bar].region,
184 addr + window->data_offset, data, size);
185}
186
187static const MemoryRegionOps vfio_generic_window_data_quirk = {
188 .read = vfio_generic_window_quirk_data_read,
189 .write = vfio_generic_window_quirk_data_write,
190 .endianness = DEVICE_LITTLE_ENDIAN,
191};
192
193
194
195
196
197
198
199typedef struct VFIOConfigMirrorQuirk {
200 struct VFIOPCIDevice *vdev;
201 uint32_t offset;
202 uint8_t bar;
203 MemoryRegion *mem;
204} VFIOConfigMirrorQuirk;
205
206static uint64_t vfio_generic_quirk_mirror_read(void *opaque,
207 hwaddr addr, unsigned size)
208{
209 VFIOConfigMirrorQuirk *mirror = opaque;
210 VFIOPCIDevice *vdev = mirror->vdev;
211 uint64_t data;
212
213
214 (void)vfio_region_read(&vdev->bars[mirror->bar].region,
215 addr + mirror->offset, size);
216
217 data = vfio_pci_read_config(&vdev->pdev, addr, size);
218 trace_vfio_quirk_generic_mirror_read(vdev->vbasedev.name,
219 memory_region_name(mirror->mem),
220 addr, data);
221 return data;
222}
223
224static void vfio_generic_quirk_mirror_write(void *opaque, hwaddr addr,
225 uint64_t data, unsigned size)
226{
227 VFIOConfigMirrorQuirk *mirror = opaque;
228 VFIOPCIDevice *vdev = mirror->vdev;
229
230 vfio_pci_write_config(&vdev->pdev, addr, data, size);
231 trace_vfio_quirk_generic_mirror_write(vdev->vbasedev.name,
232 memory_region_name(mirror->mem),
233 addr, data);
234}
235
236static const MemoryRegionOps vfio_generic_mirror_quirk = {
237 .read = vfio_generic_quirk_mirror_read,
238 .write = vfio_generic_quirk_mirror_write,
239 .endianness = DEVICE_LITTLE_ENDIAN,
240};
241
242
243static bool vfio_range_contained(uint64_t first1, uint64_t len1,
244 uint64_t first2, uint64_t len2) {
245 return (first1 >= first2 && first1 + len1 <= first2 + len2);
246}
247
248#define PCI_VENDOR_ID_ATI 0x1002
249
250
251
252
253
254
255
256
257
258
259
260static uint64_t vfio_ati_3c3_quirk_read(void *opaque,
261 hwaddr addr, unsigned size)
262{
263 VFIOPCIDevice *vdev = opaque;
264 uint64_t data = vfio_pci_read_config(&vdev->pdev,
265 PCI_BASE_ADDRESS_4 + 1, size);
266
267 trace_vfio_quirk_ati_3c3_read(vdev->vbasedev.name, data);
268
269 return data;
270}
271
272static const MemoryRegionOps vfio_ati_3c3_quirk = {
273 .read = vfio_ati_3c3_quirk_read,
274 .endianness = DEVICE_LITTLE_ENDIAN,
275};
276
277static void vfio_vga_probe_ati_3c3_quirk(VFIOPCIDevice *vdev)
278{
279 VFIOQuirk *quirk;
280
281
282
283
284
285 if (!vfio_pci_is(vdev, PCI_VENDOR_ID_ATI, PCI_ANY_ID) ||
286 !vdev->bars[4].ioport || vdev->bars[4].region.size < 256) {
287 return;
288 }
289
290 quirk = g_malloc0(sizeof(*quirk));
291 quirk->mem = g_new0(MemoryRegion, 1);
292 quirk->nr_mem = 1;
293
294 memory_region_init_io(quirk->mem, OBJECT(vdev), &vfio_ati_3c3_quirk, vdev,
295 "vfio-ati-3c3-quirk", 1);
296 memory_region_add_subregion(&vdev->vga->region[QEMU_PCI_VGA_IO_HI].mem,
297 3 , quirk->mem);
298
299 QLIST_INSERT_HEAD(&vdev->vga->region[QEMU_PCI_VGA_IO_HI].quirks,
300 quirk, next);
301
302 trace_vfio_quirk_ati_3c3_probe(vdev->vbasedev.name);
303}
304
305
306
307
308
309
310
311
312
313
314static void vfio_probe_ati_bar4_quirk(VFIOPCIDevice *vdev, int nr)
315{
316 VFIOQuirk *quirk;
317 VFIOConfigWindowQuirk *window;
318
319
320 if (!vfio_pci_is(vdev, PCI_VENDOR_ID_ATI, PCI_ANY_ID) ||
321 !vdev->vga || nr != 4) {
322 return;
323 }
324
325 quirk = g_malloc0(sizeof(*quirk));
326 quirk->mem = g_new0(MemoryRegion, 2);
327 quirk->nr_mem = 2;
328 window = quirk->data = g_malloc0(sizeof(*window) +
329 sizeof(VFIOConfigWindowMatch));
330 window->vdev = vdev;
331 window->address_offset = 0;
332 window->data_offset = 4;
333 window->nr_matches = 1;
334 window->matches[0].match = 0x4000;
335 window->matches[0].mask = vdev->config_size - 1;
336 window->bar = nr;
337 window->addr_mem = &quirk->mem[0];
338 window->data_mem = &quirk->mem[1];
339
340 memory_region_init_io(window->addr_mem, OBJECT(vdev),
341 &vfio_generic_window_address_quirk, window,
342 "vfio-ati-bar4-window-address-quirk", 4);
343 memory_region_add_subregion_overlap(vdev->bars[nr].region.mem,
344 window->address_offset,
345 window->addr_mem, 1);
346
347 memory_region_init_io(window->data_mem, OBJECT(vdev),
348 &vfio_generic_window_data_quirk, window,
349 "vfio-ati-bar4-window-data-quirk", 4);
350 memory_region_add_subregion_overlap(vdev->bars[nr].region.mem,
351 window->data_offset,
352 window->data_mem, 1);
353
354 QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next);
355
356 trace_vfio_quirk_ati_bar4_probe(vdev->vbasedev.name);
357}
358
359
360
361
362static void vfio_probe_ati_bar2_quirk(VFIOPCIDevice *vdev, int nr)
363{
364 VFIOQuirk *quirk;
365 VFIOConfigMirrorQuirk *mirror;
366
367
368 if (!vfio_pci_is(vdev, PCI_VENDOR_ID_ATI, PCI_ANY_ID) ||
369 !vdev->vga || nr != 2 || !vdev->bars[2].mem64) {
370 return;
371 }
372
373 quirk = g_malloc0(sizeof(*quirk));
374 mirror = quirk->data = g_malloc0(sizeof(*mirror));
375 mirror->mem = quirk->mem = g_new0(MemoryRegion, 1);
376 quirk->nr_mem = 1;
377 mirror->vdev = vdev;
378 mirror->offset = 0x4000;
379 mirror->bar = nr;
380
381 memory_region_init_io(mirror->mem, OBJECT(vdev),
382 &vfio_generic_mirror_quirk, mirror,
383 "vfio-ati-bar2-4000-quirk", PCI_CONFIG_SPACE_SIZE);
384 memory_region_add_subregion_overlap(vdev->bars[nr].region.mem,
385 mirror->offset, mirror->mem, 1);
386
387 QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next);
388
389 trace_vfio_quirk_ati_bar2_probe(vdev->vbasedev.name);
390}
391
392
393
394
395
396
397
398
399#define PCI_VENDOR_ID_NVIDIA 0x10de
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416typedef enum {NONE = 0, SELECT, WINDOW, READ, WRITE} VFIONvidia3d0State;
417static const char *nv3d0_states[] = { "NONE", "SELECT",
418 "WINDOW", "READ", "WRITE" };
419
420typedef struct VFIONvidia3d0Quirk {
421 VFIOPCIDevice *vdev;
422 VFIONvidia3d0State state;
423 uint32_t offset;
424} VFIONvidia3d0Quirk;
425
426static uint64_t vfio_nvidia_3d4_quirk_read(void *opaque,
427 hwaddr addr, unsigned size)
428{
429 VFIONvidia3d0Quirk *quirk = opaque;
430 VFIOPCIDevice *vdev = quirk->vdev;
431
432 quirk->state = NONE;
433
434 return vfio_vga_read(&vdev->vga->region[QEMU_PCI_VGA_IO_HI],
435 addr + 0x14, size);
436}
437
438static void vfio_nvidia_3d4_quirk_write(void *opaque, hwaddr addr,
439 uint64_t data, unsigned size)
440{
441 VFIONvidia3d0Quirk *quirk = opaque;
442 VFIOPCIDevice *vdev = quirk->vdev;
443 VFIONvidia3d0State old_state = quirk->state;
444
445 quirk->state = NONE;
446
447 switch (data) {
448 case 0x338:
449 if (old_state == NONE) {
450 quirk->state = SELECT;
451 trace_vfio_quirk_nvidia_3d0_state(vdev->vbasedev.name,
452 nv3d0_states[quirk->state]);
453 }
454 break;
455 case 0x538:
456 if (old_state == WINDOW) {
457 quirk->state = READ;
458 trace_vfio_quirk_nvidia_3d0_state(vdev->vbasedev.name,
459 nv3d0_states[quirk->state]);
460 }
461 break;
462 case 0x738:
463 if (old_state == WINDOW) {
464 quirk->state = WRITE;
465 trace_vfio_quirk_nvidia_3d0_state(vdev->vbasedev.name,
466 nv3d0_states[quirk->state]);
467 }
468 break;
469 }
470
471 vfio_vga_write(&vdev->vga->region[QEMU_PCI_VGA_IO_HI],
472 addr + 0x14, data, size);
473}
474
475static const MemoryRegionOps vfio_nvidia_3d4_quirk = {
476 .read = vfio_nvidia_3d4_quirk_read,
477 .write = vfio_nvidia_3d4_quirk_write,
478 .endianness = DEVICE_LITTLE_ENDIAN,
479};
480
481static uint64_t vfio_nvidia_3d0_quirk_read(void *opaque,
482 hwaddr addr, unsigned size)
483{
484 VFIONvidia3d0Quirk *quirk = opaque;
485 VFIOPCIDevice *vdev = quirk->vdev;
486 VFIONvidia3d0State old_state = quirk->state;
487 uint64_t data = vfio_vga_read(&vdev->vga->region[QEMU_PCI_VGA_IO_HI],
488 addr + 0x10, size);
489
490 quirk->state = NONE;
491
492 if (old_state == READ &&
493 (quirk->offset & ~(PCI_CONFIG_SPACE_SIZE - 1)) == 0x1800) {
494 uint8_t offset = quirk->offset & (PCI_CONFIG_SPACE_SIZE - 1);
495
496 data = vfio_pci_read_config(&vdev->pdev, offset, size);
497 trace_vfio_quirk_nvidia_3d0_read(vdev->vbasedev.name,
498 offset, size, data);
499 }
500
501 return data;
502}
503
504static void vfio_nvidia_3d0_quirk_write(void *opaque, hwaddr addr,
505 uint64_t data, unsigned size)
506{
507 VFIONvidia3d0Quirk *quirk = opaque;
508 VFIOPCIDevice *vdev = quirk->vdev;
509 VFIONvidia3d0State old_state = quirk->state;
510
511 quirk->state = NONE;
512
513 if (old_state == SELECT) {
514 quirk->offset = (uint32_t)data;
515 quirk->state = WINDOW;
516 trace_vfio_quirk_nvidia_3d0_state(vdev->vbasedev.name,
517 nv3d0_states[quirk->state]);
518 } else if (old_state == WRITE) {
519 if ((quirk->offset & ~(PCI_CONFIG_SPACE_SIZE - 1)) == 0x1800) {
520 uint8_t offset = quirk->offset & (PCI_CONFIG_SPACE_SIZE - 1);
521
522 vfio_pci_write_config(&vdev->pdev, offset, data, size);
523 trace_vfio_quirk_nvidia_3d0_write(vdev->vbasedev.name,
524 offset, data, size);
525 return;
526 }
527 }
528
529 vfio_vga_write(&vdev->vga->region[QEMU_PCI_VGA_IO_HI],
530 addr + 0x10, data, size);
531}
532
533static const MemoryRegionOps vfio_nvidia_3d0_quirk = {
534 .read = vfio_nvidia_3d0_quirk_read,
535 .write = vfio_nvidia_3d0_quirk_write,
536 .endianness = DEVICE_LITTLE_ENDIAN,
537};
538
539static void vfio_vga_probe_nvidia_3d0_quirk(VFIOPCIDevice *vdev)
540{
541 VFIOQuirk *quirk;
542 VFIONvidia3d0Quirk *data;
543
544 if (!vfio_pci_is(vdev, PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID) ||
545 !vdev->bars[1].region.size) {
546 return;
547 }
548
549 quirk = g_malloc0(sizeof(*quirk));
550 quirk->data = data = g_malloc0(sizeof(*data));
551 quirk->mem = g_new0(MemoryRegion, 2);
552 quirk->nr_mem = 2;
553 data->vdev = vdev;
554
555 memory_region_init_io(&quirk->mem[0], OBJECT(vdev), &vfio_nvidia_3d4_quirk,
556 data, "vfio-nvidia-3d4-quirk", 2);
557 memory_region_add_subregion(&vdev->vga->region[QEMU_PCI_VGA_IO_HI].mem,
558 0x14 , &quirk->mem[0]);
559
560 memory_region_init_io(&quirk->mem[1], OBJECT(vdev), &vfio_nvidia_3d0_quirk,
561 data, "vfio-nvidia-3d0-quirk", 2);
562 memory_region_add_subregion(&vdev->vga->region[QEMU_PCI_VGA_IO_HI].mem,
563 0x10 , &quirk->mem[1]);
564
565 QLIST_INSERT_HEAD(&vdev->vga->region[QEMU_PCI_VGA_IO_HI].quirks,
566 quirk, next);
567
568 trace_vfio_quirk_nvidia_3d0_probe(vdev->vbasedev.name);
569}
570
571
572
573
574
575
576
577
578typedef struct VFIONvidiaBAR5Quirk {
579 uint32_t master;
580 uint32_t enable;
581 MemoryRegion *addr_mem;
582 MemoryRegion *data_mem;
583 bool enabled;
584 VFIOConfigWindowQuirk window;
585} VFIONvidiaBAR5Quirk;
586
587static void vfio_nvidia_bar5_enable(VFIONvidiaBAR5Quirk *bar5)
588{
589 VFIOPCIDevice *vdev = bar5->window.vdev;
590
591 if (((bar5->master & bar5->enable) & 0x1) == bar5->enabled) {
592 return;
593 }
594
595 bar5->enabled = !bar5->enabled;
596 trace_vfio_quirk_nvidia_bar5_state(vdev->vbasedev.name,
597 bar5->enabled ? "Enable" : "Disable");
598 memory_region_set_enabled(bar5->addr_mem, bar5->enabled);
599 memory_region_set_enabled(bar5->data_mem, bar5->enabled);
600}
601
602static uint64_t vfio_nvidia_bar5_quirk_master_read(void *opaque,
603 hwaddr addr, unsigned size)
604{
605 VFIONvidiaBAR5Quirk *bar5 = opaque;
606 VFIOPCIDevice *vdev = bar5->window.vdev;
607
608 return vfio_region_read(&vdev->bars[5].region, addr, size);
609}
610
611static void vfio_nvidia_bar5_quirk_master_write(void *opaque, hwaddr addr,
612 uint64_t data, unsigned size)
613{
614 VFIONvidiaBAR5Quirk *bar5 = opaque;
615 VFIOPCIDevice *vdev = bar5->window.vdev;
616
617 vfio_region_write(&vdev->bars[5].region, addr, data, size);
618
619 bar5->master = data;
620 vfio_nvidia_bar5_enable(bar5);
621}
622
623static const MemoryRegionOps vfio_nvidia_bar5_quirk_master = {
624 .read = vfio_nvidia_bar5_quirk_master_read,
625 .write = vfio_nvidia_bar5_quirk_master_write,
626 .endianness = DEVICE_LITTLE_ENDIAN,
627};
628
629static uint64_t vfio_nvidia_bar5_quirk_enable_read(void *opaque,
630 hwaddr addr, unsigned size)
631{
632 VFIONvidiaBAR5Quirk *bar5 = opaque;
633 VFIOPCIDevice *vdev = bar5->window.vdev;
634
635 return vfio_region_read(&vdev->bars[5].region, addr + 4, size);
636}
637
638static void vfio_nvidia_bar5_quirk_enable_write(void *opaque, hwaddr addr,
639 uint64_t data, unsigned size)
640{
641 VFIONvidiaBAR5Quirk *bar5 = opaque;
642 VFIOPCIDevice *vdev = bar5->window.vdev;
643
644 vfio_region_write(&vdev->bars[5].region, addr + 4, data, size);
645
646 bar5->enable = data;
647 vfio_nvidia_bar5_enable(bar5);
648}
649
650static const MemoryRegionOps vfio_nvidia_bar5_quirk_enable = {
651 .read = vfio_nvidia_bar5_quirk_enable_read,
652 .write = vfio_nvidia_bar5_quirk_enable_write,
653 .endianness = DEVICE_LITTLE_ENDIAN,
654};
655
656static void vfio_probe_nvidia_bar5_quirk(VFIOPCIDevice *vdev, int nr)
657{
658 VFIOQuirk *quirk;
659 VFIONvidiaBAR5Quirk *bar5;
660 VFIOConfigWindowQuirk *window;
661
662 if (!vfio_pci_is(vdev, PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID) ||
663 !vdev->vga || nr != 5) {
664 return;
665 }
666
667 quirk = g_malloc0(sizeof(*quirk));
668 quirk->mem = g_new0(MemoryRegion, 4);
669 quirk->nr_mem = 4;
670 bar5 = quirk->data = g_malloc0(sizeof(*bar5) +
671 (sizeof(VFIOConfigWindowMatch) * 2));
672 window = &bar5->window;
673
674 window->vdev = vdev;
675 window->address_offset = 0x8;
676 window->data_offset = 0xc;
677 window->nr_matches = 2;
678 window->matches[0].match = 0x1800;
679 window->matches[0].mask = PCI_CONFIG_SPACE_SIZE - 1;
680 window->matches[1].match = 0x88000;
681 window->matches[1].mask = vdev->config_size - 1;
682 window->bar = nr;
683 window->addr_mem = bar5->addr_mem = &quirk->mem[0];
684 window->data_mem = bar5->data_mem = &quirk->mem[1];
685
686 memory_region_init_io(window->addr_mem, OBJECT(vdev),
687 &vfio_generic_window_address_quirk, window,
688 "vfio-nvidia-bar5-window-address-quirk", 4);
689 memory_region_add_subregion_overlap(vdev->bars[nr].region.mem,
690 window->address_offset,
691 window->addr_mem, 1);
692 memory_region_set_enabled(window->addr_mem, false);
693
694 memory_region_init_io(window->data_mem, OBJECT(vdev),
695 &vfio_generic_window_data_quirk, window,
696 "vfio-nvidia-bar5-window-data-quirk", 4);
697 memory_region_add_subregion_overlap(vdev->bars[nr].region.mem,
698 window->data_offset,
699 window->data_mem, 1);
700 memory_region_set_enabled(window->data_mem, false);
701
702 memory_region_init_io(&quirk->mem[2], OBJECT(vdev),
703 &vfio_nvidia_bar5_quirk_master, bar5,
704 "vfio-nvidia-bar5-master-quirk", 4);
705 memory_region_add_subregion_overlap(vdev->bars[nr].region.mem,
706 0, &quirk->mem[2], 1);
707
708 memory_region_init_io(&quirk->mem[3], OBJECT(vdev),
709 &vfio_nvidia_bar5_quirk_enable, bar5,
710 "vfio-nvidia-bar5-enable-quirk", 4);
711 memory_region_add_subregion_overlap(vdev->bars[nr].region.mem,
712 4, &quirk->mem[3], 1);
713
714 QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next);
715
716 trace_vfio_quirk_nvidia_bar5_probe(vdev->vbasedev.name);
717}
718
719
720
721
722
723static void vfio_nvidia_quirk_mirror_write(void *opaque, hwaddr addr,
724 uint64_t data, unsigned size)
725{
726 VFIOConfigMirrorQuirk *mirror = opaque;
727 VFIOPCIDevice *vdev = mirror->vdev;
728 PCIDevice *pdev = &vdev->pdev;
729
730 vfio_generic_quirk_mirror_write(opaque, addr, data, size);
731
732
733
734
735
736
737 if ((pdev->cap_present & QEMU_PCI_CAP_MSI) &&
738 vfio_range_contained(addr, size, pdev->msi_cap, PCI_MSI_FLAGS)) {
739 vfio_region_write(&vdev->bars[mirror->bar].region,
740 addr + mirror->offset, data, size);
741 trace_vfio_quirk_nvidia_bar0_msi_ack(vdev->vbasedev.name);
742 }
743}
744
745static const MemoryRegionOps vfio_nvidia_mirror_quirk = {
746 .read = vfio_generic_quirk_mirror_read,
747 .write = vfio_nvidia_quirk_mirror_write,
748 .endianness = DEVICE_LITTLE_ENDIAN,
749};
750
751static void vfio_probe_nvidia_bar0_quirk(VFIOPCIDevice *vdev, int nr)
752{
753 VFIOQuirk *quirk;
754 VFIOConfigMirrorQuirk *mirror;
755
756 if (!vfio_pci_is(vdev, PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID) ||
757 !vfio_is_vga(vdev) || nr != 0) {
758 return;
759 }
760
761 quirk = g_malloc0(sizeof(*quirk));
762 mirror = quirk->data = g_malloc0(sizeof(*mirror));
763 mirror->mem = quirk->mem = g_new0(MemoryRegion, 1);
764 quirk->nr_mem = 1;
765 mirror->vdev = vdev;
766 mirror->offset = 0x88000;
767 mirror->bar = nr;
768
769 memory_region_init_io(mirror->mem, OBJECT(vdev),
770 &vfio_nvidia_mirror_quirk, mirror,
771 "vfio-nvidia-bar0-88000-mirror-quirk",
772 vdev->config_size);
773 memory_region_add_subregion_overlap(vdev->bars[nr].region.mem,
774 mirror->offset, mirror->mem, 1);
775
776 QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next);
777
778
779 if (vdev->vga) {
780 quirk = g_malloc0(sizeof(*quirk));
781 mirror = quirk->data = g_malloc0(sizeof(*mirror));
782 mirror->mem = quirk->mem = g_new0(MemoryRegion, 1);
783 quirk->nr_mem = 1;
784 mirror->vdev = vdev;
785 mirror->offset = 0x1800;
786 mirror->bar = nr;
787
788 memory_region_init_io(mirror->mem, OBJECT(vdev),
789 &vfio_nvidia_mirror_quirk, mirror,
790 "vfio-nvidia-bar0-1800-mirror-quirk",
791 PCI_CONFIG_SPACE_SIZE);
792 memory_region_add_subregion_overlap(vdev->bars[nr].region.mem,
793 mirror->offset, mirror->mem, 1);
794
795 QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next);
796 }
797
798 trace_vfio_quirk_nvidia_bar0_probe(vdev->vbasedev.name);
799}
800
801
802
803
804
805
806
807#define PCI_VENDOR_ID_REALTEK 0x10ec
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831typedef struct VFIOrtl8168Quirk {
832 VFIOPCIDevice *vdev;
833 uint32_t addr;
834 uint32_t data;
835 bool enabled;
836} VFIOrtl8168Quirk;
837
838static uint64_t vfio_rtl8168_quirk_address_read(void *opaque,
839 hwaddr addr, unsigned size)
840{
841 VFIOrtl8168Quirk *rtl = opaque;
842 VFIOPCIDevice *vdev = rtl->vdev;
843 uint64_t data = vfio_region_read(&vdev->bars[2].region, addr + 0x74, size);
844
845 if (rtl->enabled) {
846 data = rtl->addr ^ 0x80000000U;
847 trace_vfio_quirk_rtl8168_fake_latch(vdev->vbasedev.name, data);
848 }
849
850 return data;
851}
852
853static void vfio_rtl8168_quirk_address_write(void *opaque, hwaddr addr,
854 uint64_t data, unsigned size)
855{
856 VFIOrtl8168Quirk *rtl = opaque;
857 VFIOPCIDevice *vdev = rtl->vdev;
858
859 rtl->enabled = false;
860
861 if ((data & 0x7fff0000) == 0x10000) {
862 rtl->enabled = true;
863 rtl->addr = (uint32_t)data;
864
865 if (data & 0x80000000U) {
866 if (vdev->pdev.cap_present & QEMU_PCI_CAP_MSIX) {
867 hwaddr offset = data & 0xfff;
868 uint64_t val = rtl->data;
869
870 trace_vfio_quirk_rtl8168_msix_write(vdev->vbasedev.name,
871 (uint16_t)offset, val);
872
873
874 memory_region_dispatch_write(&vdev->pdev.msix_table_mmio,
875 offset, val, size,
876 MEMTXATTRS_UNSPECIFIED);
877 }
878 return;
879 }
880 }
881
882 vfio_region_write(&vdev->bars[2].region, addr + 0x74, data, size);
883}
884
885static const MemoryRegionOps vfio_rtl_address_quirk = {
886 .read = vfio_rtl8168_quirk_address_read,
887 .write = vfio_rtl8168_quirk_address_write,
888 .valid = {
889 .min_access_size = 4,
890 .max_access_size = 4,
891 .unaligned = false,
892 },
893 .endianness = DEVICE_LITTLE_ENDIAN,
894};
895
896static uint64_t vfio_rtl8168_quirk_data_read(void *opaque,
897 hwaddr addr, unsigned size)
898{
899 VFIOrtl8168Quirk *rtl = opaque;
900 VFIOPCIDevice *vdev = rtl->vdev;
901 uint64_t data = vfio_region_read(&vdev->bars[2].region, addr + 0x70, size);
902
903 if (rtl->enabled && (vdev->pdev.cap_present & QEMU_PCI_CAP_MSIX)) {
904 hwaddr offset = rtl->addr & 0xfff;
905 memory_region_dispatch_read(&vdev->pdev.msix_table_mmio, offset,
906 &data, size, MEMTXATTRS_UNSPECIFIED);
907 trace_vfio_quirk_rtl8168_msix_read(vdev->vbasedev.name, offset, data);
908 }
909
910 return data;
911}
912
913static void vfio_rtl8168_quirk_data_write(void *opaque, hwaddr addr,
914 uint64_t data, unsigned size)
915{
916 VFIOrtl8168Quirk *rtl = opaque;
917 VFIOPCIDevice *vdev = rtl->vdev;
918
919 rtl->data = (uint32_t)data;
920
921 vfio_region_write(&vdev->bars[2].region, addr + 0x70, data, size);
922}
923
924static const MemoryRegionOps vfio_rtl_data_quirk = {
925 .read = vfio_rtl8168_quirk_data_read,
926 .write = vfio_rtl8168_quirk_data_write,
927 .valid = {
928 .min_access_size = 4,
929 .max_access_size = 4,
930 .unaligned = false,
931 },
932 .endianness = DEVICE_LITTLE_ENDIAN,
933};
934
935static void vfio_probe_rtl8168_bar2_quirk(VFIOPCIDevice *vdev, int nr)
936{
937 VFIOQuirk *quirk;
938 VFIOrtl8168Quirk *rtl;
939
940 if (!vfio_pci_is(vdev, PCI_VENDOR_ID_REALTEK, 0x8168) || nr != 2) {
941 return;
942 }
943
944 quirk = g_malloc0(sizeof(*quirk));
945 quirk->mem = g_new0(MemoryRegion, 2);
946 quirk->nr_mem = 2;
947 quirk->data = rtl = g_malloc0(sizeof(*rtl));
948 rtl->vdev = vdev;
949
950 memory_region_init_io(&quirk->mem[0], OBJECT(vdev),
951 &vfio_rtl_address_quirk, rtl,
952 "vfio-rtl8168-window-address-quirk", 4);
953 memory_region_add_subregion_overlap(vdev->bars[nr].region.mem,
954 0x74, &quirk->mem[0], 1);
955
956 memory_region_init_io(&quirk->mem[1], OBJECT(vdev),
957 &vfio_rtl_data_quirk, rtl,
958 "vfio-rtl8168-window-data-quirk", 4);
959 memory_region_add_subregion_overlap(vdev->bars[nr].region.mem,
960 0x70, &quirk->mem[1], 1);
961
962 QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next);
963
964 trace_vfio_quirk_rtl8168_probe(vdev->vbasedev.name);
965}
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005static int igd_gen(VFIOPCIDevice *vdev)
1006{
1007 if ((vdev->device_id & 0xfff) == 0xa84) {
1008 return 8;
1009 }
1010
1011 switch (vdev->device_id & 0xff00) {
1012
1013 case 0x0000:
1014 case 0x2500:
1015 case 0x2700:
1016 case 0x2900:
1017 case 0x2a00:
1018 case 0x2e00:
1019 case 0x3500:
1020 case 0xa000:
1021 return -1;
1022
1023 case 0x0100:
1024 case 0x0400:
1025 case 0x0a00:
1026 case 0x0c00:
1027 case 0x0d00:
1028 case 0x0f00:
1029 return 6;
1030
1031 case 0x1600:
1032 case 0x1900:
1033 case 0x2200:
1034 case 0x5900:
1035 return 8;
1036 }
1037
1038 return 8;
1039}
1040
1041typedef struct VFIOIGDQuirk {
1042 struct VFIOPCIDevice *vdev;
1043 uint32_t index;
1044} VFIOIGDQuirk;
1045
1046#define IGD_GMCH 0x50
1047#define IGD_BDSM 0x5c
1048#define IGD_ASLS 0xfc
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058int vfio_pci_igd_opregion_init(VFIOPCIDevice *vdev,
1059 struct vfio_region_info *info, Error **errp)
1060{
1061 int ret;
1062
1063 vdev->igd_opregion = g_malloc0(info->size);
1064 ret = pread(vdev->vbasedev.fd, vdev->igd_opregion,
1065 info->size, info->offset);
1066 if (ret != info->size) {
1067 error_setg(errp, "failed to read IGD OpRegion");
1068 g_free(vdev->igd_opregion);
1069 vdev->igd_opregion = NULL;
1070 return -EINVAL;
1071 }
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086 fw_cfg_add_file(fw_cfg_find(), "etc/igd-opregion",
1087 vdev->igd_opregion, info->size);
1088
1089 trace_vfio_pci_igd_opregion_enabled(vdev->vbasedev.name);
1090
1091 pci_set_long(vdev->pdev.config + IGD_ASLS, 0);
1092 pci_set_long(vdev->pdev.wmask + IGD_ASLS, ~0);
1093 pci_set_long(vdev->emulated_config_bits + IGD_ASLS, ~0);
1094
1095 return 0;
1096}
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106typedef struct {
1107 uint8_t offset;
1108 uint8_t len;
1109} IGDHostInfo;
1110
1111static const IGDHostInfo igd_host_bridge_infos[] = {
1112 {PCI_REVISION_ID, 2},
1113 {PCI_SUBSYSTEM_VENDOR_ID, 2},
1114 {PCI_SUBSYSTEM_ID, 2},
1115};
1116
1117static const IGDHostInfo igd_lpc_bridge_infos[] = {
1118 {PCI_VENDOR_ID, 2},
1119 {PCI_DEVICE_ID, 2},
1120 {PCI_REVISION_ID, 2},
1121 {PCI_SUBSYSTEM_VENDOR_ID, 2},
1122 {PCI_SUBSYSTEM_ID, 2},
1123};
1124
1125static int vfio_pci_igd_copy(VFIOPCIDevice *vdev, PCIDevice *pdev,
1126 struct vfio_region_info *info,
1127 const IGDHostInfo *list, int len)
1128{
1129 int i, ret;
1130
1131 for (i = 0; i < len; i++) {
1132 ret = pread(vdev->vbasedev.fd, pdev->config + list[i].offset,
1133 list[i].len, info->offset + list[i].offset);
1134 if (ret != list[i].len) {
1135 error_report("IGD copy failed: %m");
1136 return -errno;
1137 }
1138 }
1139
1140 return 0;
1141}
1142
1143
1144
1145
1146static int vfio_pci_igd_host_init(VFIOPCIDevice *vdev,
1147 struct vfio_region_info *info)
1148{
1149 PCIBus *bus;
1150 PCIDevice *host_bridge;
1151 int ret;
1152
1153 bus = pci_device_root_bus(&vdev->pdev);
1154 host_bridge = pci_find_device(bus, 0, PCI_DEVFN(0, 0));
1155
1156 if (!host_bridge) {
1157 error_report("Can't find host bridge");
1158 return -ENODEV;
1159 }
1160
1161 ret = vfio_pci_igd_copy(vdev, host_bridge, info, igd_host_bridge_infos,
1162 ARRAY_SIZE(igd_host_bridge_infos));
1163 if (!ret) {
1164 trace_vfio_pci_igd_host_bridge_enabled(vdev->vbasedev.name);
1165 }
1166
1167 return ret;
1168}
1169
1170
1171
1172
1173
1174
1175
1176static void vfio_pci_igd_lpc_bridge_realize(PCIDevice *pdev, Error **errp)
1177{
1178 if (pdev->devfn != PCI_DEVFN(0x1f, 0)) {
1179 error_setg(errp, "VFIO dummy ISA/LPC bridge must have address 1f.0");
1180 }
1181}
1182
1183static void vfio_pci_igd_lpc_bridge_class_init(ObjectClass *klass, void *data)
1184{
1185 DeviceClass *dc = DEVICE_CLASS(klass);
1186 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
1187
1188 dc->desc = "VFIO dummy ISA/LPC bridge for IGD assignment";
1189 dc->hotpluggable = false;
1190 k->realize = vfio_pci_igd_lpc_bridge_realize;
1191 k->class_id = PCI_CLASS_BRIDGE_ISA;
1192}
1193
1194static TypeInfo vfio_pci_igd_lpc_bridge_info = {
1195 .name = "vfio-pci-igd-lpc-bridge",
1196 .parent = TYPE_PCI_DEVICE,
1197 .class_init = vfio_pci_igd_lpc_bridge_class_init,
1198};
1199
1200static void vfio_pci_igd_register_types(void)
1201{
1202 type_register_static(&vfio_pci_igd_lpc_bridge_info);
1203}
1204
1205type_init(vfio_pci_igd_register_types)
1206
1207static int vfio_pci_igd_lpc_init(VFIOPCIDevice *vdev,
1208 struct vfio_region_info *info)
1209{
1210 PCIDevice *lpc_bridge;
1211 int ret;
1212
1213 lpc_bridge = pci_find_device(pci_device_root_bus(&vdev->pdev),
1214 0, PCI_DEVFN(0x1f, 0));
1215 if (!lpc_bridge) {
1216 lpc_bridge = pci_create_simple(pci_device_root_bus(&vdev->pdev),
1217 PCI_DEVFN(0x1f, 0), "vfio-pci-igd-lpc-bridge");
1218 }
1219
1220 ret = vfio_pci_igd_copy(vdev, lpc_bridge, info, igd_lpc_bridge_infos,
1221 ARRAY_SIZE(igd_lpc_bridge_infos));
1222 if (!ret) {
1223 trace_vfio_pci_igd_lpc_bridge_enabled(vdev->vbasedev.name);
1224 }
1225
1226 return ret;
1227}
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237static int vfio_igd_gtt_max(VFIOPCIDevice *vdev)
1238{
1239 uint32_t gmch = vfio_pci_read_config(&vdev->pdev, IGD_GMCH, sizeof(gmch));
1240 int ggms, gen = igd_gen(vdev);
1241
1242 gmch = vfio_pci_read_config(&vdev->pdev, IGD_GMCH, sizeof(gmch));
1243 ggms = (gmch >> (gen < 8 ? 8 : 6)) & 0x3;
1244 if (gen > 6) {
1245 ggms = 1 << ggms;
1246 }
1247
1248 ggms *= 1024 * 1024;
1249
1250 return (ggms / (4 * 1024)) * (gen < 8 ? 4 : 8);
1251}
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264static uint64_t vfio_igd_quirk_data_read(void *opaque,
1265 hwaddr addr, unsigned size)
1266{
1267 VFIOIGDQuirk *igd = opaque;
1268 VFIOPCIDevice *vdev = igd->vdev;
1269
1270 igd->index = ~0;
1271
1272 return vfio_region_read(&vdev->bars[4].region, addr + 4, size);
1273}
1274
1275static void vfio_igd_quirk_data_write(void *opaque, hwaddr addr,
1276 uint64_t data, unsigned size)
1277{
1278 VFIOIGDQuirk *igd = opaque;
1279 VFIOPCIDevice *vdev = igd->vdev;
1280 uint64_t val = data;
1281 int gen = igd_gen(vdev);
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297 if ((igd->index % 4 == 1) && igd->index < vfio_igd_gtt_max(vdev)) {
1298 if (gen < 8 || (igd->index % 8 == 1)) {
1299 uint32_t base;
1300
1301 base = pci_get_long(vdev->pdev.config + IGD_BDSM);
1302 if (!base) {
1303 hw_error("vfio-igd: Guest attempted to program IGD GTT before "
1304 "BIOS reserved stolen memory. Unsupported BIOS?");
1305 }
1306
1307 val = base | (data & ((1 << 20) - 1));
1308 } else {
1309 val = 0;
1310 }
1311
1312 trace_vfio_pci_igd_bar4_write(vdev->vbasedev.name,
1313 igd->index, data, val);
1314 }
1315
1316 vfio_region_write(&vdev->bars[4].region, addr + 4, val, size);
1317
1318 igd->index = ~0;
1319}
1320
1321static const MemoryRegionOps vfio_igd_data_quirk = {
1322 .read = vfio_igd_quirk_data_read,
1323 .write = vfio_igd_quirk_data_write,
1324 .endianness = DEVICE_LITTLE_ENDIAN,
1325};
1326
1327static uint64_t vfio_igd_quirk_index_read(void *opaque,
1328 hwaddr addr, unsigned size)
1329{
1330 VFIOIGDQuirk *igd = opaque;
1331 VFIOPCIDevice *vdev = igd->vdev;
1332
1333 igd->index = ~0;
1334
1335 return vfio_region_read(&vdev->bars[4].region, addr, size);
1336}
1337
1338static void vfio_igd_quirk_index_write(void *opaque, hwaddr addr,
1339 uint64_t data, unsigned size)
1340{
1341 VFIOIGDQuirk *igd = opaque;
1342 VFIOPCIDevice *vdev = igd->vdev;
1343
1344 igd->index = data;
1345
1346 vfio_region_write(&vdev->bars[4].region, addr, data, size);
1347}
1348
1349static const MemoryRegionOps vfio_igd_index_quirk = {
1350 .read = vfio_igd_quirk_index_read,
1351 .write = vfio_igd_quirk_index_write,
1352 .endianness = DEVICE_LITTLE_ENDIAN,
1353};
1354
1355static void vfio_probe_igd_bar4_quirk(VFIOPCIDevice *vdev, int nr)
1356{
1357 struct vfio_region_info *rom = NULL, *opregion = NULL,
1358 *host = NULL, *lpc = NULL;
1359 VFIOQuirk *quirk;
1360 VFIOIGDQuirk *igd;
1361 PCIDevice *lpc_bridge;
1362 int i, ret, ggms_mb, gms_mb = 0, gen;
1363 uint64_t *bdsm_size;
1364 uint32_t gmch;
1365 uint16_t cmd_orig, cmd;
1366 Error *err = NULL;
1367
1368
1369
1370
1371
1372
1373 if (!vfio_pci_is(vdev, PCI_VENDOR_ID_INTEL, PCI_ANY_ID) ||
1374 !vfio_is_vga(vdev) || nr != 4 ||
1375 &vdev->pdev != pci_find_device(pci_device_root_bus(&vdev->pdev),
1376 0, PCI_DEVFN(0x2, 0))) {
1377 return;
1378 }
1379
1380
1381
1382
1383
1384
1385 lpc_bridge = pci_find_device(pci_device_root_bus(&vdev->pdev),
1386 0, PCI_DEVFN(0x1f, 0));
1387 if (lpc_bridge && !object_dynamic_cast(OBJECT(lpc_bridge),
1388 "vfio-pci-igd-lpc-bridge")) {
1389 error_report("IGD device %s cannot support legacy mode due to existing "
1390 "devices at address 1f.0", vdev->vbasedev.name);
1391 return;
1392 }
1393
1394
1395
1396
1397
1398
1399 gen = igd_gen(vdev);
1400 if (gen != 6 && gen != 8) {
1401 error_report("IGD device %s is unsupported in legacy mode, "
1402 "try SandyBridge or newer", vdev->vbasedev.name);
1403 return;
1404 }
1405
1406
1407
1408
1409
1410
1411 ret = vfio_get_region_info(&vdev->vbasedev,
1412 VFIO_PCI_ROM_REGION_INDEX, &rom);
1413 if ((ret || !rom->size) && !vdev->pdev.romfile) {
1414 error_report("IGD device %s has no ROM, legacy mode disabled",
1415 vdev->vbasedev.name);
1416 goto out;
1417 }
1418
1419
1420
1421
1422
1423 if (vdev->pdev.qdev.hotplugged) {
1424 error_report("IGD device %s hotplugged, ROM disabled, "
1425 "legacy mode disabled", vdev->vbasedev.name);
1426 vdev->rom_read_failed = true;
1427 goto out;
1428 }
1429
1430
1431
1432
1433
1434 ret = vfio_get_dev_region_info(&vdev->vbasedev,
1435 VFIO_REGION_TYPE_PCI_VENDOR_TYPE | PCI_VENDOR_ID_INTEL,
1436 VFIO_REGION_SUBTYPE_INTEL_IGD_OPREGION, &opregion);
1437 if (ret) {
1438 error_report("IGD device %s does not support OpRegion access,"
1439 "legacy mode disabled", vdev->vbasedev.name);
1440 goto out;
1441 }
1442
1443 ret = vfio_get_dev_region_info(&vdev->vbasedev,
1444 VFIO_REGION_TYPE_PCI_VENDOR_TYPE | PCI_VENDOR_ID_INTEL,
1445 VFIO_REGION_SUBTYPE_INTEL_IGD_HOST_CFG, &host);
1446 if (ret) {
1447 error_report("IGD device %s does not support host bridge access,"
1448 "legacy mode disabled", vdev->vbasedev.name);
1449 goto out;
1450 }
1451
1452 ret = vfio_get_dev_region_info(&vdev->vbasedev,
1453 VFIO_REGION_TYPE_PCI_VENDOR_TYPE | PCI_VENDOR_ID_INTEL,
1454 VFIO_REGION_SUBTYPE_INTEL_IGD_LPC_CFG, &lpc);
1455 if (ret) {
1456 error_report("IGD device %s does not support LPC bridge access,"
1457 "legacy mode disabled", vdev->vbasedev.name);
1458 goto out;
1459 }
1460
1461 gmch = vfio_pci_read_config(&vdev->pdev, IGD_GMCH, 4);
1462
1463
1464
1465
1466
1467
1468 if (!(gmch & 0x2) && !vdev->vga && vfio_populate_vga(vdev, &err)) {
1469 error_reportf_err(err, ERR_PREFIX, vdev->vbasedev.name);
1470 error_report("IGD device %s failed to enable VGA access, "
1471 "legacy mode disabled", vdev->vbasedev.name);
1472 goto out;
1473 }
1474
1475
1476 ret = vfio_pci_igd_lpc_init(vdev, lpc);
1477 if (ret) {
1478 error_report("IGD device %s failed to create LPC bridge, "
1479 "legacy mode disabled", vdev->vbasedev.name);
1480 goto out;
1481 }
1482
1483
1484 ret = vfio_pci_igd_host_init(vdev, host);
1485 if (ret) {
1486 error_report("IGD device %s failed to modify host bridge, "
1487 "legacy mode disabled", vdev->vbasedev.name);
1488 goto out;
1489 }
1490
1491
1492 ret = vfio_pci_igd_opregion_init(vdev, opregion, &err);
1493 if (ret) {
1494 error_append_hint(&err, "IGD legacy mode disabled\n");
1495 error_reportf_err(err, ERR_PREFIX, vdev->vbasedev.name);
1496 goto out;
1497 }
1498
1499
1500 quirk = g_malloc0(sizeof(*quirk));
1501 quirk->mem = g_new0(MemoryRegion, 2);
1502 quirk->nr_mem = 2;
1503 igd = quirk->data = g_malloc0(sizeof(*igd));
1504 igd->vdev = vdev;
1505 igd->index = ~0;
1506
1507 memory_region_init_io(&quirk->mem[0], OBJECT(vdev), &vfio_igd_index_quirk,
1508 igd, "vfio-igd-index-quirk", 4);
1509 memory_region_add_subregion_overlap(vdev->bars[nr].region.mem,
1510 0, &quirk->mem[0], 1);
1511
1512 memory_region_init_io(&quirk->mem[1], OBJECT(vdev), &vfio_igd_data_quirk,
1513 igd, "vfio-igd-data-quirk", 4);
1514 memory_region_add_subregion_overlap(vdev->bars[nr].region.mem,
1515 4, &quirk->mem[1], 1);
1516
1517 QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next);
1518
1519
1520 ggms_mb = (gmch >> (gen < 8 ? 8 : 6)) & 0x3;
1521 if (gen > 6) {
1522 ggms_mb = 1 << ggms_mb;
1523 }
1524
1525
1526
1527
1528
1529
1530
1531 gmch &= ~((gen < 8 ? 0x1f : 0xff) << (gen < 8 ? 3 : 8));
1532
1533 if (vdev->igd_gms) {
1534 if (vdev->igd_gms <= 0x10) {
1535 gms_mb = vdev->igd_gms * 32;
1536 gmch |= vdev->igd_gms << (gen < 8 ? 3 : 8);
1537 } else {
1538 error_report("Unsupported IGD GMS value 0x%x", vdev->igd_gms);
1539 vdev->igd_gms = 0;
1540 }
1541 }
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551 bdsm_size = g_malloc(sizeof(*bdsm_size));
1552 *bdsm_size = cpu_to_le64((ggms_mb + gms_mb) * 1024 * 1024);
1553 fw_cfg_add_file(fw_cfg_find(), "etc/igd-bdsm-size",
1554 bdsm_size, sizeof(*bdsm_size));
1555
1556
1557 pci_set_long(vdev->pdev.config + IGD_GMCH, gmch);
1558 pci_set_long(vdev->pdev.wmask + IGD_GMCH, 0);
1559 pci_set_long(vdev->emulated_config_bits + IGD_GMCH, ~0);
1560
1561
1562 pci_set_long(vdev->pdev.config + IGD_BDSM, 0);
1563 pci_set_long(vdev->pdev.wmask + IGD_BDSM, ~0);
1564 pci_set_long(vdev->emulated_config_bits + IGD_BDSM, ~0);
1565
1566
1567
1568
1569
1570
1571
1572 if (pread(vdev->vbasedev.fd, &cmd_orig, sizeof(cmd_orig),
1573 vdev->config_offset + PCI_COMMAND) != sizeof(cmd_orig)) {
1574 error_report("IGD device %s - failed to read PCI command register",
1575 vdev->vbasedev.name);
1576 }
1577
1578 cmd = cmd_orig | PCI_COMMAND_IO;
1579
1580 if (pwrite(vdev->vbasedev.fd, &cmd, sizeof(cmd),
1581 vdev->config_offset + PCI_COMMAND) != sizeof(cmd)) {
1582 error_report("IGD device %s - failed to write PCI command register",
1583 vdev->vbasedev.name);
1584 }
1585
1586 for (i = 1; i < vfio_igd_gtt_max(vdev); i += 4) {
1587 vfio_region_write(&vdev->bars[4].region, 0, i, 4);
1588 vfio_region_write(&vdev->bars[4].region, 4, 0, 4);
1589 }
1590
1591 if (pwrite(vdev->vbasedev.fd, &cmd_orig, sizeof(cmd_orig),
1592 vdev->config_offset + PCI_COMMAND) != sizeof(cmd_orig)) {
1593 error_report("IGD device %s - failed to restore PCI command register",
1594 vdev->vbasedev.name);
1595 }
1596
1597 trace_vfio_pci_igd_bdsm_enabled(vdev->vbasedev.name, ggms_mb + gms_mb);
1598
1599out:
1600 g_free(rom);
1601 g_free(opregion);
1602 g_free(host);
1603 g_free(lpc);
1604}
1605
1606
1607
1608
1609void vfio_vga_quirk_setup(VFIOPCIDevice *vdev)
1610{
1611 vfio_vga_probe_ati_3c3_quirk(vdev);
1612 vfio_vga_probe_nvidia_3d0_quirk(vdev);
1613}
1614
1615void vfio_vga_quirk_exit(VFIOPCIDevice *vdev)
1616{
1617 VFIOQuirk *quirk;
1618 int i, j;
1619
1620 for (i = 0; i < ARRAY_SIZE(vdev->vga->region); i++) {
1621 QLIST_FOREACH(quirk, &vdev->vga->region[i].quirks, next) {
1622 for (j = 0; j < quirk->nr_mem; j++) {
1623 memory_region_del_subregion(&vdev->vga->region[i].mem,
1624 &quirk->mem[j]);
1625 }
1626 }
1627 }
1628}
1629
1630void vfio_vga_quirk_finalize(VFIOPCIDevice *vdev)
1631{
1632 int i, j;
1633
1634 for (i = 0; i < ARRAY_SIZE(vdev->vga->region); i++) {
1635 while (!QLIST_EMPTY(&vdev->vga->region[i].quirks)) {
1636 VFIOQuirk *quirk = QLIST_FIRST(&vdev->vga->region[i].quirks);
1637 QLIST_REMOVE(quirk, next);
1638 for (j = 0; j < quirk->nr_mem; j++) {
1639 object_unparent(OBJECT(&quirk->mem[j]));
1640 }
1641 g_free(quirk->mem);
1642 g_free(quirk->data);
1643 g_free(quirk);
1644 }
1645 }
1646}
1647
1648void vfio_bar_quirk_setup(VFIOPCIDevice *vdev, int nr)
1649{
1650 vfio_probe_ati_bar4_quirk(vdev, nr);
1651 vfio_probe_ati_bar2_quirk(vdev, nr);
1652 vfio_probe_nvidia_bar5_quirk(vdev, nr);
1653 vfio_probe_nvidia_bar0_quirk(vdev, nr);
1654 vfio_probe_rtl8168_bar2_quirk(vdev, nr);
1655 vfio_probe_igd_bar4_quirk(vdev, nr);
1656}
1657
1658void vfio_bar_quirk_exit(VFIOPCIDevice *vdev, int nr)
1659{
1660 VFIOBAR *bar = &vdev->bars[nr];
1661 VFIOQuirk *quirk;
1662 int i;
1663
1664 QLIST_FOREACH(quirk, &bar->quirks, next) {
1665 for (i = 0; i < quirk->nr_mem; i++) {
1666 memory_region_del_subregion(bar->region.mem, &quirk->mem[i]);
1667 }
1668 }
1669}
1670
1671void vfio_bar_quirk_finalize(VFIOPCIDevice *vdev, int nr)
1672{
1673 VFIOBAR *bar = &vdev->bars[nr];
1674 int i;
1675
1676 while (!QLIST_EMPTY(&bar->quirks)) {
1677 VFIOQuirk *quirk = QLIST_FIRST(&bar->quirks);
1678 QLIST_REMOVE(quirk, next);
1679 for (i = 0; i < quirk->nr_mem; i++) {
1680 object_unparent(OBJECT(&quirk->mem[i]));
1681 }
1682 g_free(quirk->mem);
1683 g_free(quirk->data);
1684 g_free(quirk);
1685 }
1686}
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713static bool vfio_radeon_smc_is_running(VFIOPCIDevice *vdev)
1714{
1715 uint32_t clk, pc_c;
1716
1717
1718
1719
1720
1721 vfio_region_write(&vdev->bars[5].region, 0x200, 0x80000004, 4);
1722 clk = vfio_region_read(&vdev->bars[5].region, 0x204, 4);
1723 vfio_region_write(&vdev->bars[5].region, 0x200, 0x80000370, 4);
1724 pc_c = vfio_region_read(&vdev->bars[5].region, 0x204, 4);
1725
1726 return (!(clk & 1) && (0x20100 <= pc_c));
1727}
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737static void vfio_radeon_set_gfx_only_reset(VFIOPCIDevice *vdev)
1738{
1739 uint32_t misc, fuse;
1740 bool a, b;
1741
1742 vfio_region_write(&vdev->bars[5].region, 0x200, 0xc00c0000, 4);
1743 fuse = vfio_region_read(&vdev->bars[5].region, 0x204, 4);
1744 b = fuse & 64;
1745
1746 vfio_region_write(&vdev->bars[5].region, 0x200, 0xc0000010, 4);
1747 misc = vfio_region_read(&vdev->bars[5].region, 0x204, 4);
1748 a = misc & 2;
1749
1750 if (a == b) {
1751 vfio_region_write(&vdev->bars[5].region, 0x204, misc ^ 2, 4);
1752 vfio_region_read(&vdev->bars[5].region, 0x204, 4);
1753 }
1754}
1755
1756static int vfio_radeon_reset(VFIOPCIDevice *vdev)
1757{
1758 PCIDevice *pdev = &vdev->pdev;
1759 int i, ret = 0;
1760 uint32_t data;
1761
1762
1763 if (vdev->vbasedev.reset_works) {
1764 trace_vfio_quirk_ati_bonaire_reset_skipped(vdev->vbasedev.name);
1765 return -ENODEV;
1766 }
1767
1768
1769 vfio_pci_write_config(pdev, PCI_COMMAND, PCI_COMMAND_MEMORY, 2);
1770
1771
1772 if (!vfio_radeon_smc_is_running(vdev)) {
1773 ret = -EINVAL;
1774 trace_vfio_quirk_ati_bonaire_reset_no_smc(vdev->vbasedev.name);
1775 goto out;
1776 }
1777
1778
1779 vfio_radeon_set_gfx_only_reset(vdev);
1780
1781
1782 vfio_pci_write_config(pdev, 0x7c, 0x39d5e86b, 4);
1783 usleep(100);
1784
1785
1786 for (i = 0; i < 100000; i++) {
1787 if (vfio_region_read(&vdev->bars[5].region, 0x5428, 4) != 0xffffffff) {
1788 goto reset_smc;
1789 }
1790 usleep(1);
1791 }
1792
1793 trace_vfio_quirk_ati_bonaire_reset_timeout(vdev->vbasedev.name);
1794
1795reset_smc:
1796
1797 vfio_region_write(&vdev->bars[5].region, 0x200, 0x80000000, 4);
1798 data = vfio_region_read(&vdev->bars[5].region, 0x204, 4);
1799 data |= 1;
1800 vfio_region_write(&vdev->bars[5].region, 0x204, data, 4);
1801
1802
1803 vfio_region_write(&vdev->bars[5].region, 0x200, 0x80000004, 4);
1804 data = vfio_region_read(&vdev->bars[5].region, 0x204, 4);
1805 data |= 1;
1806 vfio_region_write(&vdev->bars[5].region, 0x204, data, 4);
1807
1808 trace_vfio_quirk_ati_bonaire_reset_done(vdev->vbasedev.name);
1809
1810out:
1811
1812 vfio_pci_write_config(pdev, PCI_COMMAND, 0, 2);
1813
1814 return ret;
1815}
1816
1817void vfio_setup_resetfn_quirk(VFIOPCIDevice *vdev)
1818{
1819 switch (vdev->vendor_id) {
1820 case 0x1002:
1821 switch (vdev->device_id) {
1822
1823 case 0x6649:
1824 case 0x6650:
1825 case 0x6651:
1826 case 0x6658:
1827 case 0x665c:
1828 case 0x665d:
1829
1830 case 0x67A0:
1831 case 0x67A1:
1832 case 0x67A2:
1833 case 0x67A8:
1834 case 0x67A9:
1835 case 0x67AA:
1836 case 0x67B0:
1837 case 0x67B1:
1838 case 0x67B8:
1839 case 0x67B9:
1840 case 0x67BA:
1841 case 0x67BE:
1842 vdev->resetfn = vfio_radeon_reset;
1843 trace_vfio_quirk_ati_bonaire_reset(vdev->vbasedev.name);
1844 break;
1845 }
1846 break;
1847 }
1848}
1849