LXR qemu/hw/pci-host/q35.c

   1/*
   2 * QEMU MCH/ICH9 PCI Bridge Emulation
   3 *
   4 * Copyright (c) 2006 Fabrice Bellard
   5 * Copyright (c) 2009, 2010, 2011
   6 *               Isaku Yamahata <yamahata at valinux co jp>
   7 *               VA Linux Systems Japan K.K.
   8 * Copyright (C) 2012 Jason Baron <jbaron@redhat.com>
   9 *
  10 * This is based on piix.c, but heavily modified.
  11 *
  12 * Permission is hereby granted, free of charge, to any person obtaining a copy
  13 * of this software and associated documentation files (the "Software"), to deal
  14 * in the Software without restriction, including without limitation the rights
  15 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  16 * copies of the Software, and to permit persons to whom the Software is
  17 * furnished to do so, subject to the following conditions:
  18 *
  19 * The above copyright notice and this permission notice shall be included in
  20 * all copies or substantial portions of the Software.
  21 *
  22 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  23 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  24 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
  25 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  26 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  27 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  28 * THE SOFTWARE.
  29 */
  30
  31#include "qemu/osdep.h"
  32#include "qemu/log.h"
  33#include "hw/i386/pc.h"
  34#include "hw/pci-host/q35.h"
  35#include "hw/qdev-properties.h"
  36#include "migration/vmstate.h"
  37#include "qapi/error.h"
  38#include "qapi/visitor.h"
  39#include "qemu/module.h"
  40
  41/****************************************************************************
  42 * Q35 host
  43 */
  44
  45#define Q35_PCI_HOST_HOLE64_SIZE_DEFAULT (1ULL << 35)
  46
  47static void q35_host_realize(DeviceState *dev, Error **errp)
  48{
  49    PCIHostState *pci = PCI_HOST_BRIDGE(dev);
  50    Q35PCIHost *s = Q35_HOST_DEVICE(dev);
  51    SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
  52
  53    sysbus_add_io(sbd, MCH_HOST_BRIDGE_CONFIG_ADDR, &pci->conf_mem);
  54    sysbus_init_ioports(sbd, MCH_HOST_BRIDGE_CONFIG_ADDR, 4);
  55
  56    sysbus_add_io(sbd, MCH_HOST_BRIDGE_CONFIG_DATA, &pci->data_mem);
  57    sysbus_init_ioports(sbd, MCH_HOST_BRIDGE_CONFIG_DATA, 4);
  58
  59    /* register q35 0xcf8 port as coalesced pio */
  60    memory_region_set_flush_coalesced(&pci->data_mem);
  61    memory_region_add_coalescing(&pci->conf_mem, 0, 4);
  62
  63    pci->bus = pci_root_bus_new(DEVICE(s), "pcie.0",
  64                                s->mch.pci_address_space,
  65                                s->mch.address_space_io,
  66                                0, TYPE_PCIE_BUS);
  67    PC_MACHINE(qdev_get_machine())->bus = pci->bus;
  68    pci->bypass_iommu =
  69        PC_MACHINE(qdev_get_machine())->default_bus_bypass_iommu;
  70    qdev_realize(DEVICE(&s->mch), BUS(pci->bus), &error_fatal);
  71}
  72
  73static const char *q35_host_root_bus_path(PCIHostState *host_bridge,
  74                                          PCIBus *rootbus)
  75{
  76    Q35PCIHost *s = Q35_HOST_DEVICE(host_bridge);
  77
  78     /* For backwards compat with old device paths */
  79    if (s->mch.short_root_bus) {
  80        return "0000";
  81    }
  82    return "0000:00";
  83}
  84
  85static void q35_host_get_pci_hole_start(Object *obj, Visitor *v,
  86                                        const char *name, void *opaque,
  87                                        Error **errp)
  88{
  89    Q35PCIHost *s = Q35_HOST_DEVICE(obj);
  90    uint64_t val64;
  91    uint32_t value;
  92
  93    val64 = range_is_empty(&s->mch.pci_hole)
  94        ? 0 : range_lob(&s->mch.pci_hole);
  95    value = val64;
  96    assert(value == val64);
  97    visit_type_uint32(v, name, &value, errp);
  98}
  99
 100static void q35_host_get_pci_hole_end(Object *obj, Visitor *v,
 101                                      const char *name, void *opaque,
 102                                      Error **errp)
 103{
 104    Q35PCIHost *s = Q35_HOST_DEVICE(obj);
 105    uint64_t val64;
 106    uint32_t value;
 107
 108    val64 = range_is_empty(&s->mch.pci_hole)
 109        ? 0 : range_upb(&s->mch.pci_hole) + 1;
 110    value = val64;
 111    assert(value == val64);
 112    visit_type_uint32(v, name, &value, errp);
 113}
 114
 115/*
 116 * The 64bit PCI hole start is set by the Guest firmware
 117 * as the address of the first 64bit PCI MEM resource.
 118 * If no PCI device has resources on the 64bit area,
 119 * the 64bit PCI hole will start after "over 4G RAM" and the
 120 * reserved space for memory hotplug if any.
 121 */
 122static uint64_t q35_host_get_pci_hole64_start_value(Object *obj)
 123{
 124    PCIHostState *h = PCI_HOST_BRIDGE(obj);
 125    Q35PCIHost *s = Q35_HOST_DEVICE(obj);
 126    Range w64;
 127    uint64_t value;
 128
 129    pci_bus_get_w64_range(h->bus, &w64);
 130    value = range_is_empty(&w64) ? 0 : range_lob(&w64);
 131    if (!value && s->pci_hole64_fix) {
 132        value = pc_pci_hole64_start();
 133    }
 134    return value;
 135}
 136
 137static void q35_host_get_pci_hole64_start(Object *obj, Visitor *v,
 138                                          const char *name, void *opaque,
 139                                          Error **errp)
 140{
 141    uint64_t hole64_start = q35_host_get_pci_hole64_start_value(obj);
 142
 143    visit_type_uint64(v, name, &hole64_start, errp);
 144}
 145
 146/*
 147 * The 64bit PCI hole end is set by the Guest firmware
 148 * as the address of the last 64bit PCI MEM resource.
 149 * Then it is expanded to the PCI_HOST_PROP_PCI_HOLE64_SIZE
 150 * that can be configured by the user.
 151 */
 152static void q35_host_get_pci_hole64_end(Object *obj, Visitor *v,
 153                                        const char *name, void *opaque,
 154                                        Error **errp)
 155{
 156    PCIHostState *h = PCI_HOST_BRIDGE(obj);
 157    Q35PCIHost *s = Q35_HOST_DEVICE(obj);
 158    uint64_t hole64_start = q35_host_get_pci_hole64_start_value(obj);
 159    Range w64;
 160    uint64_t value, hole64_end;
 161
 162    pci_bus_get_w64_range(h->bus, &w64);
 163    value = range_is_empty(&w64) ? 0 : range_upb(&w64) + 1;
 164    hole64_end = ROUND_UP(hole64_start + s->mch.pci_hole64_size, 1ULL << 30);
 165    if (s->pci_hole64_fix && value < hole64_end) {
 166        value = hole64_end;
 167    }
 168    visit_type_uint64(v, name, &value, errp);
 169}
 170
 171/*
 172 * NOTE: setting defaults for the mch.* fields in this table
 173 * doesn't work, because mch is a separate QOM object that is
 174 * zeroed by the object_initialize(&s->mch, ...) call inside
 175 * q35_host_initfn().  The default values for those
 176 * properties need to be initialized manually by
 177 * q35_host_initfn() after the object_initialize() call.
 178 */
 179static Property q35_host_props[] = {
 180    DEFINE_PROP_UINT64(PCIE_HOST_MCFG_BASE, Q35PCIHost, parent_obj.base_addr,
 181                        MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT),
 182    DEFINE_PROP_SIZE(PCI_HOST_PROP_PCI_HOLE64_SIZE, Q35PCIHost,
 183                     mch.pci_hole64_size, Q35_PCI_HOST_HOLE64_SIZE_DEFAULT),
 184    DEFINE_PROP_UINT32("short_root_bus", Q35PCIHost, mch.short_root_bus, 0),
 185    DEFINE_PROP_SIZE(PCI_HOST_BELOW_4G_MEM_SIZE, Q35PCIHost,
 186                     mch.below_4g_mem_size, 0),
 187    DEFINE_PROP_SIZE(PCI_HOST_ABOVE_4G_MEM_SIZE, Q35PCIHost,
 188                     mch.above_4g_mem_size, 0),
 189    DEFINE_PROP_BOOL("x-pci-hole64-fix", Q35PCIHost, pci_hole64_fix, true),
 190    DEFINE_PROP_END_OF_LIST(),
 191};
 192
 193static void q35_host_class_init(ObjectClass *klass, void *data)
 194{
 195    DeviceClass *dc = DEVICE_CLASS(klass);
 196    PCIHostBridgeClass *hc = PCI_HOST_BRIDGE_CLASS(klass);
 197
 198    hc->root_bus_path = q35_host_root_bus_path;
 199    dc->realize = q35_host_realize;
 200    device_class_set_props(dc, q35_host_props);
 201    /* Reason: needs to be wired up by pc_q35_init */
 202    dc->user_creatable = false;
 203    set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
 204    dc->fw_name = "pci";
 205}
 206
 207static void q35_host_initfn(Object *obj)
 208{
 209    Q35PCIHost *s = Q35_HOST_DEVICE(obj);
 210    PCIHostState *phb = PCI_HOST_BRIDGE(obj);
 211    PCIExpressHost *pehb = PCIE_HOST_BRIDGE(obj);
 212
 213    memory_region_init_io(&phb->conf_mem, obj, &pci_host_conf_le_ops, phb,
 214                          "pci-conf-idx", 4);
 215    memory_region_init_io(&phb->data_mem, obj, &pci_host_data_le_ops, phb,
 216                          "pci-conf-data", 4);
 217
 218    object_initialize_child(OBJECT(s), "mch", &s->mch, TYPE_MCH_PCI_DEVICE);
 219    qdev_prop_set_int32(DEVICE(&s->mch), "addr", PCI_DEVFN(0, 0));
 220    qdev_prop_set_bit(DEVICE(&s->mch), "multifunction", false);
 221    /* mch's object_initialize resets the default value, set it again */
 222    qdev_prop_set_uint64(DEVICE(s), PCI_HOST_PROP_PCI_HOLE64_SIZE,
 223                         Q35_PCI_HOST_HOLE64_SIZE_DEFAULT);
 224    object_property_add(obj, PCI_HOST_PROP_PCI_HOLE_START, "uint32",
 225                        q35_host_get_pci_hole_start,
 226                        NULL, NULL, NULL);
 227
 228    object_property_add(obj, PCI_HOST_PROP_PCI_HOLE_END, "uint32",
 229                        q35_host_get_pci_hole_end,
 230                        NULL, NULL, NULL);
 231
 232    object_property_add(obj, PCI_HOST_PROP_PCI_HOLE64_START, "uint64",
 233                        q35_host_get_pci_hole64_start,
 234                        NULL, NULL, NULL);
 235
 236    object_property_add(obj, PCI_HOST_PROP_PCI_HOLE64_END, "uint64",
 237                        q35_host_get_pci_hole64_end,
 238                        NULL, NULL, NULL);
 239
 240    object_property_add_uint64_ptr(obj, PCIE_HOST_MCFG_SIZE,
 241                                   &pehb->size, OBJ_PROP_FLAG_READ);
 242
 243    object_property_add_link(obj, MCH_HOST_PROP_RAM_MEM, TYPE_MEMORY_REGION,
 244                             (Object **) &s->mch.ram_memory,
 245                             qdev_prop_allow_set_link_before_realize, 0);
 246
 247    object_property_add_link(obj, MCH_HOST_PROP_PCI_MEM, TYPE_MEMORY_REGION,
 248                             (Object **) &s->mch.pci_address_space,
 249                             qdev_prop_allow_set_link_before_realize, 0);
 250
 251    object_property_add_link(obj, MCH_HOST_PROP_SYSTEM_MEM, TYPE_MEMORY_REGION,
 252                             (Object **) &s->mch.system_memory,
 253                             qdev_prop_allow_set_link_before_realize, 0);
 254
 255    object_property_add_link(obj, MCH_HOST_PROP_IO_MEM, TYPE_MEMORY_REGION,
 256                             (Object **) &s->mch.address_space_io,
 257                             qdev_prop_allow_set_link_before_realize, 0);
 258}
 259
 260static const TypeInfo q35_host_info = {
 261    .name       = TYPE_Q35_HOST_DEVICE,
 262    .parent     = TYPE_PCIE_HOST_BRIDGE,
 263    .instance_size = sizeof(Q35PCIHost),
 264    .instance_init = q35_host_initfn,
 265    .class_init = q35_host_class_init,
 266};
 267
 268/****************************************************************************
 269 * MCH D0:F0
 270 */
 271
 272static uint64_t blackhole_read(void *ptr, hwaddr reg, unsigned size)
 273{
 274    return 0xffffffff;
 275}
 276
 277static void blackhole_write(void *opaque, hwaddr addr, uint64_t val,
 278                            unsigned width)
 279{
 280    /* nothing */
 281}
 282
 283static const MemoryRegionOps blackhole_ops = {
 284    .read = blackhole_read,
 285    .write = blackhole_write,
 286    .endianness = DEVICE_NATIVE_ENDIAN,
 287    .valid.min_access_size = 1,
 288    .valid.max_access_size = 4,
 289    .impl.min_access_size = 4,
 290    .impl.max_access_size = 4,
 291    .endianness = DEVICE_LITTLE_ENDIAN,
 292};
 293
 294/* PCIe MMCFG */
 295static void mch_update_pciexbar(MCHPCIState *mch)
 296{
 297    PCIDevice *pci_dev = PCI_DEVICE(mch);
 298    BusState *bus = qdev_get_parent_bus(DEVICE(mch));
 299    PCIExpressHost *pehb = PCIE_HOST_BRIDGE(bus->parent);
 300
 301    uint64_t pciexbar;
 302    int enable;
 303    uint64_t addr;
 304    uint64_t addr_mask;
 305    uint32_t length;
 306
 307    pciexbar = pci_get_quad(pci_dev->config + MCH_HOST_BRIDGE_PCIEXBAR);
 308    enable = pciexbar & MCH_HOST_BRIDGE_PCIEXBAREN;
 309    addr_mask = MCH_HOST_BRIDGE_PCIEXBAR_ADMSK;
 310    switch (pciexbar & MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_MASK) {
 311    case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_256M:
 312        length = 256 * 1024 * 1024;
 313        break;
 314    case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_128M:
 315        length = 128 * 1024 * 1024;
 316        addr_mask |= MCH_HOST_BRIDGE_PCIEXBAR_128ADMSK |
 317            MCH_HOST_BRIDGE_PCIEXBAR_64ADMSK;
 318        break;
 319    case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_64M:
 320        length = 64 * 1024 * 1024;
 321        addr_mask |= MCH_HOST_BRIDGE_PCIEXBAR_64ADMSK;
 322        break;
 323    case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_RVD:
 324        qemu_log_mask(LOG_GUEST_ERROR, "Q35: Reserved PCIEXBAR LENGTH\n");
 325        return;
 326    default:
 327        abort();
 328    }
 329    addr = pciexbar & addr_mask;
 330    pcie_host_mmcfg_update(pehb, enable, addr, length);
 331}
 332
 333/* PAM */
 334static void mch_update_pam(MCHPCIState *mch)
 335{
 336    PCIDevice *pd = PCI_DEVICE(mch);
 337    int i;
 338
 339    memory_region_transaction_begin();
 340    for (i = 0; i < 13; i++) {
 341        pam_update(&mch->pam_regions[i], i,
 342                   pd->config[MCH_HOST_BRIDGE_PAM0 + DIV_ROUND_UP(i, 2)]);
 343    }
 344    memory_region_transaction_commit();
 345}
 346
 347/* SMRAM */
 348static void mch_update_smram(MCHPCIState *mch)
 349{
 350    PCIDevice *pd = PCI_DEVICE(mch);
 351    bool h_smrame = (pd->config[MCH_HOST_BRIDGE_ESMRAMC] & MCH_HOST_BRIDGE_ESMRAMC_H_SMRAME);
 352    uint32_t tseg_size;
 353
 354    /* implement SMRAM.D_LCK */
 355    if (pd->config[MCH_HOST_BRIDGE_SMRAM] & MCH_HOST_BRIDGE_SMRAM_D_LCK) {
 356        pd->config[MCH_HOST_BRIDGE_SMRAM] &= ~MCH_HOST_BRIDGE_SMRAM_D_OPEN;
 357        pd->wmask[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_WMASK_LCK;
 358        pd->wmask[MCH_HOST_BRIDGE_ESMRAMC] = MCH_HOST_BRIDGE_ESMRAMC_WMASK_LCK;
 359    }
 360
 361    memory_region_transaction_begin();
 362
 363    if (pd->config[MCH_HOST_BRIDGE_SMRAM] & SMRAM_D_OPEN) {
 364        /* Hide (!) low SMRAM if H_SMRAME = 1 */
 365        memory_region_set_enabled(&mch->smram_region, h_smrame);
 366        /* Show high SMRAM if H_SMRAME = 1 */
 367        memory_region_set_enabled(&mch->open_high_smram, h_smrame);
 368    } else {
 369        /* Hide high SMRAM and low SMRAM */
 370        memory_region_set_enabled(&mch->smram_region, true);
 371        memory_region_set_enabled(&mch->open_high_smram, false);
 372    }
 373
 374    if (pd->config[MCH_HOST_BRIDGE_SMRAM] & SMRAM_G_SMRAME) {
 375        memory_region_set_enabled(&mch->low_smram, !h_smrame);
 376        memory_region_set_enabled(&mch->high_smram, h_smrame);
 377    } else {
 378        memory_region_set_enabled(&mch->low_smram, false);
 379        memory_region_set_enabled(&mch->high_smram, false);
 380    }
 381
 382    if (pd->config[MCH_HOST_BRIDGE_ESMRAMC] & MCH_HOST_BRIDGE_ESMRAMC_T_EN) {
 383        switch (pd->config[MCH_HOST_BRIDGE_ESMRAMC] &
 384                MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_MASK) {
 385        case MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_1MB:
 386            tseg_size = 1024 * 1024;
 387            break;
 388        case MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_2MB:
 389            tseg_size = 1024 * 1024 * 2;
 390            break;
 391        case MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_8MB:
 392            tseg_size = 1024 * 1024 * 8;
 393            break;
 394        default:
 395            tseg_size = 1024 * 1024 * (uint32_t)mch->ext_tseg_mbytes;
 396            break;
 397        }
 398    } else {
 399        tseg_size = 0;
 400    }
 401    memory_region_del_subregion(mch->system_memory, &mch->tseg_blackhole);
 402    memory_region_set_enabled(&mch->tseg_blackhole, tseg_size);
 403    memory_region_set_size(&mch->tseg_blackhole, tseg_size);
 404    memory_region_add_subregion_overlap(mch->system_memory,
 405                                        mch->below_4g_mem_size - tseg_size,
 406                                        &mch->tseg_blackhole, 1);
 407
 408    memory_region_set_enabled(&mch->tseg_window, tseg_size);
 409    memory_region_set_size(&mch->tseg_window, tseg_size);
 410    memory_region_set_address(&mch->tseg_window,
 411                              mch->below_4g_mem_size - tseg_size);
 412    memory_region_set_alias_offset(&mch->tseg_window,
 413                                   mch->below_4g_mem_size - tseg_size);
 414
 415    memory_region_transaction_commit();
 416}
 417
 418static void mch_update_ext_tseg_mbytes(MCHPCIState *mch)
 419{
 420    PCIDevice *pd = PCI_DEVICE(mch);
 421    uint8_t *reg = pd->config + MCH_HOST_BRIDGE_EXT_TSEG_MBYTES;
 422
 423    if (mch->ext_tseg_mbytes > 0 &&
 424        pci_get_word(reg) == MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_QUERY) {
 425        pci_set_word(reg, mch->ext_tseg_mbytes);
 426    }
 427}
 428
 429static void mch_update_smbase_smram(MCHPCIState *mch)
 430{
 431    PCIDevice *pd = PCI_DEVICE(mch);
 432    uint8_t *reg = pd->config + MCH_HOST_BRIDGE_F_SMBASE;
 433    bool lck;
 434
 435    if (!mch->has_smram_at_smbase) {
 436        return;
 437    }
 438
 439    if (*reg == MCH_HOST_BRIDGE_F_SMBASE_QUERY) {
 440        pd->wmask[MCH_HOST_BRIDGE_F_SMBASE] =
 441            MCH_HOST_BRIDGE_F_SMBASE_LCK;
 442        *reg = MCH_HOST_BRIDGE_F_SMBASE_IN_RAM;
 443        return;
 444    }
 445
 446    /*
 447     * default/reset state, discard written value
 448     * which will disable SMRAM balackhole at SMBASE
 449     */
 450    if (pd->wmask[MCH_HOST_BRIDGE_F_SMBASE] == 0xff) {
 451        *reg = 0x00;
 452    }
 453
 454    memory_region_transaction_begin();
 455    if (*reg & MCH_HOST_BRIDGE_F_SMBASE_LCK) {
 456        /* disable all writes */
 457        pd->wmask[MCH_HOST_BRIDGE_F_SMBASE] &=
 458            ~MCH_HOST_BRIDGE_F_SMBASE_LCK;
 459        *reg = MCH_HOST_BRIDGE_F_SMBASE_LCK;
 460        lck = true;
 461    } else {
 462        lck = false;
 463    }
 464    memory_region_set_enabled(&mch->smbase_blackhole, lck);
 465    memory_region_set_enabled(&mch->smbase_window, lck);
 466    memory_region_transaction_commit();
 467}
 468
 469static void mch_write_config(PCIDevice *d,
 470                              uint32_t address, uint32_t val, int len)
 471{
 472    MCHPCIState *mch = MCH_PCI_DEVICE(d);
 473
 474    pci_default_write_config(d, address, val, len);
 475
 476    if (ranges_overlap(address, len, MCH_HOST_BRIDGE_PAM0,
 477                       MCH_HOST_BRIDGE_PAM_SIZE)) {
 478        mch_update_pam(mch);
 479    }
 480
 481    if (ranges_overlap(address, len, MCH_HOST_BRIDGE_PCIEXBAR,
 482                       MCH_HOST_BRIDGE_PCIEXBAR_SIZE)) {
 483        mch_update_pciexbar(mch);
 484    }
 485
 486    if (ranges_overlap(address, len, MCH_HOST_BRIDGE_SMRAM,
 487                       MCH_HOST_BRIDGE_SMRAM_SIZE)) {
 488        mch_update_smram(mch);
 489    }
 490
 491    if (ranges_overlap(address, len, MCH_HOST_BRIDGE_EXT_TSEG_MBYTES,
 492                       MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_SIZE)) {
 493        mch_update_ext_tseg_mbytes(mch);
 494    }
 495
 496    if (ranges_overlap(address, len, MCH_HOST_BRIDGE_F_SMBASE, 1)) {
 497        mch_update_smbase_smram(mch);
 498    }
 499}
 500
 501static void mch_update(MCHPCIState *mch)
 502{
 503    mch_update_pciexbar(mch);
 504    mch_update_pam(mch);
 505    mch_update_smram(mch);
 506    mch_update_ext_tseg_mbytes(mch);
 507    mch_update_smbase_smram(mch);
 508
 509    /*
 510     * pci hole goes from end-of-low-ram to io-apic.
 511     * mmconfig will be excluded by the dsdt builder.
 512     */
 513    range_set_bounds(&mch->pci_hole,
 514                     mch->below_4g_mem_size,
 515                     IO_APIC_DEFAULT_ADDRESS - 1);
 516}
 517
 518static int mch_post_load(void *opaque, int version_id)
 519{
 520    MCHPCIState *mch = opaque;
 521    mch_update(mch);
 522    return 0;
 523}
 524
 525static const VMStateDescription vmstate_mch = {
 526    .name = "mch",
 527    .version_id = 1,
 528    .minimum_version_id = 1,
 529    .post_load = mch_post_load,
 530    .fields = (VMStateField[]) {
 531        VMSTATE_PCI_DEVICE(parent_obj, MCHPCIState),
 532        /* Used to be smm_enabled, which was basically always zero because
 533         * SeaBIOS hardly uses SMM.  SMRAM is now handled by CPU code.
 534         */
 535        VMSTATE_UNUSED(1),
 536        VMSTATE_END_OF_LIST()
 537    }
 538};
 539
 540static void mch_reset(DeviceState *qdev)
 541{
 542    PCIDevice *d = PCI_DEVICE(qdev);
 543    MCHPCIState *mch = MCH_PCI_DEVICE(d);
 544
 545    pci_set_quad(d->config + MCH_HOST_BRIDGE_PCIEXBAR,
 546                 MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT);
 547
 548    d->config[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_DEFAULT;
 549    d->config[MCH_HOST_BRIDGE_ESMRAMC] = MCH_HOST_BRIDGE_ESMRAMC_DEFAULT;
 550    d->wmask[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_WMASK;
 551    d->wmask[MCH_HOST_BRIDGE_ESMRAMC] = MCH_HOST_BRIDGE_ESMRAMC_WMASK;
 552
 553    if (mch->ext_tseg_mbytes > 0) {
 554        pci_set_word(d->config + MCH_HOST_BRIDGE_EXT_TSEG_MBYTES,
 555                     MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_QUERY);
 556    }
 557
 558    d->config[MCH_HOST_BRIDGE_F_SMBASE] = 0;
 559    d->wmask[MCH_HOST_BRIDGE_F_SMBASE] = 0xff;
 560
 561    mch_update(mch);
 562}
 563
 564static void mch_realize(PCIDevice *d, Error **errp)
 565{
 566    int i;
 567    MCHPCIState *mch = MCH_PCI_DEVICE(d);
 568
 569    if (mch->ext_tseg_mbytes > MCH_HOST_BRIDGE_EXT_TSEG_MBYTES_MAX) {
 570        error_setg(errp, "invalid extended-tseg-mbytes value: %" PRIu16,
 571                   mch->ext_tseg_mbytes);
 572        return;
 573    }
 574
 575    /* setup pci memory mapping */
 576    pc_pci_as_mapping_init(OBJECT(mch), mch->system_memory,
 577                           mch->pci_address_space);
 578
 579    /* if *disabled* show SMRAM to all CPUs */
 580    memory_region_init_alias(&mch->smram_region, OBJECT(mch), "smram-region",
 581                             mch->pci_address_space, MCH_HOST_BRIDGE_SMRAM_C_BASE,
 582                             MCH_HOST_BRIDGE_SMRAM_C_SIZE);
 583    memory_region_add_subregion_overlap(mch->system_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
 584                                        &mch->smram_region, 1);
 585    memory_region_set_enabled(&mch->smram_region, true);
 586
 587    memory_region_init_alias(&mch->open_high_smram, OBJECT(mch), "smram-open-high",
 588                             mch->ram_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
 589                             MCH_HOST_BRIDGE_SMRAM_C_SIZE);
 590    memory_region_add_subregion_overlap(mch->system_memory, 0xfeda0000,
 591                                        &mch->open_high_smram, 1);
 592    memory_region_set_enabled(&mch->open_high_smram, false);
 593
 594    /* smram, as seen by SMM CPUs */
 595    memory_region_init(&mch->smram, OBJECT(mch), "smram", 4 * GiB);
 596    memory_region_set_enabled(&mch->smram, true);
 597    memory_region_init_alias(&mch->low_smram, OBJECT(mch), "smram-low",
 598                             mch->ram_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
 599                             MCH_HOST_BRIDGE_SMRAM_C_SIZE);
 600    memory_region_set_enabled(&mch->low_smram, true);
 601    memory_region_add_subregion(&mch->smram, MCH_HOST_BRIDGE_SMRAM_C_BASE,
 602                                &mch->low_smram);
 603    memory_region_init_alias(&mch->high_smram, OBJECT(mch), "smram-high",
 604                             mch->ram_memory, MCH_HOST_BRIDGE_SMRAM_C_BASE,
 605                             MCH_HOST_BRIDGE_SMRAM_C_SIZE);
 606    memory_region_set_enabled(&mch->high_smram, true);
 607    memory_region_add_subregion(&mch->smram, 0xfeda0000, &mch->high_smram);
 608
 609    memory_region_init_io(&mch->tseg_blackhole, OBJECT(mch),
 610                          &blackhole_ops, NULL,
 611                          "tseg-blackhole", 0);
 612    memory_region_set_enabled(&mch->tseg_blackhole, false);
 613    memory_region_add_subregion_overlap(mch->system_memory,
 614                                        mch->below_4g_mem_size,
 615                                        &mch->tseg_blackhole, 1);
 616
 617    memory_region_init_alias(&mch->tseg_window, OBJECT(mch), "tseg-window",
 618                             mch->ram_memory, mch->below_4g_mem_size, 0);
 619    memory_region_set_enabled(&mch->tseg_window, false);
 620    memory_region_add_subregion(&mch->smram, mch->below_4g_mem_size,
 621                                &mch->tseg_window);
 622
 623    /*
 624     * This is not what hardware does, so it's QEMU specific hack.
 625     * See commit message for details.
 626     */
 627    memory_region_init_io(&mch->smbase_blackhole, OBJECT(mch), &blackhole_ops,
 628                          NULL, "smbase-blackhole",
 629                          MCH_HOST_BRIDGE_SMBASE_SIZE);
 630    memory_region_set_enabled(&mch->smbase_blackhole, false);
 631    memory_region_add_subregion_overlap(mch->system_memory,
 632                                        MCH_HOST_BRIDGE_SMBASE_ADDR,
 633                                        &mch->smbase_blackhole, 1);
 634
 635    memory_region_init_alias(&mch->smbase_window, OBJECT(mch),
 636                             "smbase-window", mch->ram_memory,
 637                             MCH_HOST_BRIDGE_SMBASE_ADDR,
 638                             MCH_HOST_BRIDGE_SMBASE_SIZE);
 639    memory_region_set_enabled(&mch->smbase_window, false);
 640    memory_region_add_subregion(&mch->smram, MCH_HOST_BRIDGE_SMBASE_ADDR,
 641                                &mch->smbase_window);
 642
 643    object_property_add_const_link(qdev_get_machine(), "smram",
 644                                   OBJECT(&mch->smram));
 645
 646    init_pam(DEVICE(mch), mch->ram_memory, mch->system_memory,
 647             mch->pci_address_space, &mch->pam_regions[0],
 648             PAM_BIOS_BASE, PAM_BIOS_SIZE);
 649    for (i = 0; i < ARRAY_SIZE(mch->pam_regions) - 1; ++i) {
 650        init_pam(DEVICE(mch), mch->ram_memory, mch->system_memory,
 651                 mch->pci_address_space, &mch->pam_regions[i+1],
 652                 PAM_EXPAN_BASE + i * PAM_EXPAN_SIZE, PAM_EXPAN_SIZE);
 653    }
 654}
 655
 656uint64_t mch_mcfg_base(void)
 657{
 658    bool ambiguous;
 659    Object *o = object_resolve_path_type("", TYPE_MCH_PCI_DEVICE, &ambiguous);
 660    if (!o) {
 661        return 0;
 662    }
 663    return MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT;
 664}
 665
 666static Property mch_props[] = {
 667    DEFINE_PROP_UINT16("extended-tseg-mbytes", MCHPCIState, ext_tseg_mbytes,
 668                       16),
 669    DEFINE_PROP_BOOL("smbase-smram", MCHPCIState, has_smram_at_smbase, true),
 670    DEFINE_PROP_END_OF_LIST(),
 671};
 672
 673static void mch_class_init(ObjectClass *klass, void *data)
 674{
 675    PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
 676    DeviceClass *dc = DEVICE_CLASS(klass);
 677
 678    k->realize = mch_realize;
 679    k->config_write = mch_write_config;
 680    dc->reset = mch_reset;
 681    device_class_set_props(dc, mch_props);
 682    set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
 683    dc->desc = "Host bridge";
 684    dc->vmsd = &vmstate_mch;
 685    k->vendor_id = PCI_VENDOR_ID_INTEL;
 686    /*
 687     * The 'q35' machine type implements an Intel Series 3 chipset,
 688     * of which there are several variants. The key difference between
 689     * the 82P35 MCH ('p35') and 82Q35 GMCH ('q35') variants is that
 690     * the latter has an integrated graphics adapter. QEMU does not
 691     * implement integrated graphics, so uses the PCI ID for the 82P35
 692     * chipset.
 693     */
 694    k->device_id = PCI_DEVICE_ID_INTEL_P35_MCH;
 695    k->revision = MCH_HOST_BRIDGE_REVISION_DEFAULT;
 696    k->class_id = PCI_CLASS_BRIDGE_HOST;
 697    /*
 698     * PCI-facing part of the host bridge, not usable without the
 699     * host-facing part, which can't be device_add'ed, yet.
 700     */
 701    dc->user_creatable = false;
 702}
 703
 704static const TypeInfo mch_info = {
 705    .name = TYPE_MCH_PCI_DEVICE,
 706    .parent = TYPE_PCI_DEVICE,
 707    .instance_size = sizeof(MCHPCIState),
 708    .class_init = mch_class_init,
 709    .interfaces = (InterfaceInfo[]) {
 710        { INTERFACE_CONVENTIONAL_PCI_DEVICE },
 711        { },
 712    },
 713};
 714
 715static void q35_register(void)
 716{
 717    type_register_static(&mch_info);
 718    type_register_static(&q35_host_info);
 719}
 720
 721type_init(q35_register);
 722