pnv_phb3.c (34748B)
1/* 2 * QEMU PowerPC PowerNV (POWER8) PHB3 model 3 * 4 * Copyright (c) 2014-2020, IBM Corporation. 5 * 6 * This code is licensed under the GPL version 2 or later. See the 7 * COPYING file in the top-level directory. 8 */ 9#include "qemu/osdep.h" 10#include "qemu/log.h" 11#include "qapi/visitor.h" 12#include "qapi/error.h" 13#include "qemu-common.h" 14#include "hw/pci-host/pnv_phb3_regs.h" 15#include "hw/pci-host/pnv_phb3.h" 16#include "hw/pci/pcie_host.h" 17#include "hw/pci/pcie_port.h" 18#include "hw/ppc/pnv.h" 19#include "hw/irq.h" 20#include "hw/qdev-properties.h" 21#include "qom/object.h" 22 23#define phb3_error(phb, fmt, ...) \ 24 qemu_log_mask(LOG_GUEST_ERROR, "phb3[%d:%d]: " fmt "\n", \ 25 (phb)->chip_id, (phb)->phb_id, ## __VA_ARGS__) 26 27static PCIDevice *pnv_phb3_find_cfg_dev(PnvPHB3 *phb) 28{ 29 PCIHostState *pci = PCI_HOST_BRIDGE(phb); 30 uint64_t addr = phb->regs[PHB_CONFIG_ADDRESS >> 3]; 31 uint8_t bus, devfn; 32 33 if (!(addr >> 63)) { 34 return NULL; 35 } 36 bus = (addr >> 52) & 0xff; 37 devfn = (addr >> 44) & 0xff; 38 39 return pci_find_device(pci->bus, bus, devfn); 40} 41 42/* 43 * The CONFIG_DATA register expects little endian accesses, but as the 44 * region is big endian, we have to swap the value. 45 */ 46static void pnv_phb3_config_write(PnvPHB3 *phb, unsigned off, 47 unsigned size, uint64_t val) 48{ 49 uint32_t cfg_addr, limit; 50 PCIDevice *pdev; 51 52 pdev = pnv_phb3_find_cfg_dev(phb); 53 if (!pdev) { 54 return; 55 } 56 cfg_addr = (phb->regs[PHB_CONFIG_ADDRESS >> 3] >> 32) & 0xffc; 57 cfg_addr |= off; 58 limit = pci_config_size(pdev); 59 if (limit <= cfg_addr) { 60 /* 61 * conventional pci device can be behind pcie-to-pci bridge. 62 * 256 <= addr < 4K has no effects. 63 */ 64 return; 65 } 66 switch (size) { 67 case 1: 68 break; 69 case 2: 70 val = bswap16(val); 71 break; 72 case 4: 73 val = bswap32(val); 74 break; 75 default: 76 g_assert_not_reached(); 77 } 78 pci_host_config_write_common(pdev, cfg_addr, limit, val, size); 79} 80 81static uint64_t pnv_phb3_config_read(PnvPHB3 *phb, unsigned off, 82 unsigned size) 83{ 84 uint32_t cfg_addr, limit; 85 PCIDevice *pdev; 86 uint64_t val; 87 88 pdev = pnv_phb3_find_cfg_dev(phb); 89 if (!pdev) { 90 return ~0ull; 91 } 92 cfg_addr = (phb->regs[PHB_CONFIG_ADDRESS >> 3] >> 32) & 0xffc; 93 cfg_addr |= off; 94 limit = pci_config_size(pdev); 95 if (limit <= cfg_addr) { 96 /* 97 * conventional pci device can be behind pcie-to-pci bridge. 98 * 256 <= addr < 4K has no effects. 99 */ 100 return ~0ull; 101 } 102 val = pci_host_config_read_common(pdev, cfg_addr, limit, size); 103 switch (size) { 104 case 1: 105 return val; 106 case 2: 107 return bswap16(val); 108 case 4: 109 return bswap32(val); 110 default: 111 g_assert_not_reached(); 112 } 113} 114 115static void pnv_phb3_check_m32(PnvPHB3 *phb) 116{ 117 uint64_t base, start, size; 118 MemoryRegion *parent; 119 PnvPBCQState *pbcq = &phb->pbcq; 120 121 if (memory_region_is_mapped(&phb->mr_m32)) { 122 memory_region_del_subregion(phb->mr_m32.container, &phb->mr_m32); 123 } 124 125 if (!(phb->regs[PHB_PHB3_CONFIG >> 3] & PHB_PHB3C_M32_EN)) { 126 return; 127 } 128 129 /* Grab geometry from registers */ 130 base = phb->regs[PHB_M32_BASE_ADDR >> 3]; 131 start = phb->regs[PHB_M32_START_ADDR >> 3]; 132 size = ~(phb->regs[PHB_M32_BASE_MASK >> 3] | 0xfffc000000000000ull) + 1; 133 134 /* Check if it matches an enabled MMIO region in the PBCQ */ 135 if (memory_region_is_mapped(&pbcq->mmbar0) && 136 base >= pbcq->mmio0_base && 137 (base + size) <= (pbcq->mmio0_base + pbcq->mmio0_size)) { 138 parent = &pbcq->mmbar0; 139 base -= pbcq->mmio0_base; 140 } else if (memory_region_is_mapped(&pbcq->mmbar1) && 141 base >= pbcq->mmio1_base && 142 (base + size) <= (pbcq->mmio1_base + pbcq->mmio1_size)) { 143 parent = &pbcq->mmbar1; 144 base -= pbcq->mmio1_base; 145 } else { 146 return; 147 } 148 149 /* Create alias */ 150 memory_region_init_alias(&phb->mr_m32, OBJECT(phb), "phb3-m32", 151 &phb->pci_mmio, start, size); 152 memory_region_add_subregion(parent, base, &phb->mr_m32); 153} 154 155static void pnv_phb3_check_m64(PnvPHB3 *phb, uint32_t index) 156{ 157 uint64_t base, start, size, m64; 158 MemoryRegion *parent; 159 PnvPBCQState *pbcq = &phb->pbcq; 160 161 if (memory_region_is_mapped(&phb->mr_m64[index])) { 162 /* Should we destroy it in RCU friendly way... ? */ 163 memory_region_del_subregion(phb->mr_m64[index].container, 164 &phb->mr_m64[index]); 165 } 166 167 /* Get table entry */ 168 m64 = phb->ioda_M64BT[index]; 169 170 if (!(m64 & IODA2_M64BT_ENABLE)) { 171 return; 172 } 173 174 /* Grab geometry from registers */ 175 base = GETFIELD(IODA2_M64BT_BASE, m64) << 20; 176 if (m64 & IODA2_M64BT_SINGLE_PE) { 177 base &= ~0x1ffffffull; 178 } 179 size = GETFIELD(IODA2_M64BT_MASK, m64) << 20; 180 size |= 0xfffc000000000000ull; 181 size = ~size + 1; 182 start = base | (phb->regs[PHB_M64_UPPER_BITS >> 3]); 183 184 /* Check if it matches an enabled MMIO region in the PBCQ */ 185 if (memory_region_is_mapped(&pbcq->mmbar0) && 186 base >= pbcq->mmio0_base && 187 (base + size) <= (pbcq->mmio0_base + pbcq->mmio0_size)) { 188 parent = &pbcq->mmbar0; 189 base -= pbcq->mmio0_base; 190 } else if (memory_region_is_mapped(&pbcq->mmbar1) && 191 base >= pbcq->mmio1_base && 192 (base + size) <= (pbcq->mmio1_base + pbcq->mmio1_size)) { 193 parent = &pbcq->mmbar1; 194 base -= pbcq->mmio1_base; 195 } else { 196 return; 197 } 198 199 /* Create alias */ 200 memory_region_init_alias(&phb->mr_m64[index], OBJECT(phb), "phb3-m64", 201 &phb->pci_mmio, start, size); 202 memory_region_add_subregion(parent, base, &phb->mr_m64[index]); 203} 204 205static void pnv_phb3_check_all_m64s(PnvPHB3 *phb) 206{ 207 uint64_t i; 208 209 for (i = 0; i < PNV_PHB3_NUM_M64; i++) { 210 pnv_phb3_check_m64(phb, i); 211 } 212} 213 214static void pnv_phb3_lxivt_write(PnvPHB3 *phb, unsigned idx, uint64_t val) 215{ 216 uint8_t server, prio; 217 218 phb->ioda_LXIVT[idx] = val & (IODA2_LXIVT_SERVER | 219 IODA2_LXIVT_PRIORITY | 220 IODA2_LXIVT_NODE_ID); 221 server = GETFIELD(IODA2_LXIVT_SERVER, val); 222 prio = GETFIELD(IODA2_LXIVT_PRIORITY, val); 223 224 /* 225 * The low order 2 bits are the link pointer (Type II interrupts). 226 * Shift back to get a valid IRQ server. 227 */ 228 server >>= 2; 229 230 ics_write_xive(&phb->lsis, idx, server, prio, prio); 231} 232 233static uint64_t *pnv_phb3_ioda_access(PnvPHB3 *phb, 234 unsigned *out_table, unsigned *out_idx) 235{ 236 uint64_t adreg = phb->regs[PHB_IODA_ADDR >> 3]; 237 unsigned int index = GETFIELD(PHB_IODA_AD_TADR, adreg); 238 unsigned int table = GETFIELD(PHB_IODA_AD_TSEL, adreg); 239 unsigned int mask; 240 uint64_t *tptr = NULL; 241 242 switch (table) { 243 case IODA2_TBL_LIST: 244 tptr = phb->ioda_LIST; 245 mask = 7; 246 break; 247 case IODA2_TBL_LXIVT: 248 tptr = phb->ioda_LXIVT; 249 mask = 7; 250 break; 251 case IODA2_TBL_IVC_CAM: 252 case IODA2_TBL_RBA: 253 mask = 31; 254 break; 255 case IODA2_TBL_RCAM: 256 mask = 63; 257 break; 258 case IODA2_TBL_MRT: 259 mask = 7; 260 break; 261 case IODA2_TBL_PESTA: 262 case IODA2_TBL_PESTB: 263 mask = 255; 264 break; 265 case IODA2_TBL_TVT: 266 tptr = phb->ioda_TVT; 267 mask = 511; 268 break; 269 case IODA2_TBL_TCAM: 270 case IODA2_TBL_TDR: 271 mask = 63; 272 break; 273 case IODA2_TBL_M64BT: 274 tptr = phb->ioda_M64BT; 275 mask = 15; 276 break; 277 case IODA2_TBL_M32DT: 278 tptr = phb->ioda_MDT; 279 mask = 255; 280 break; 281 case IODA2_TBL_PEEV: 282 tptr = phb->ioda_PEEV; 283 mask = 3; 284 break; 285 default: 286 phb3_error(phb, "invalid IODA table %d", table); 287 return NULL; 288 } 289 index &= mask; 290 if (out_idx) { 291 *out_idx = index; 292 } 293 if (out_table) { 294 *out_table = table; 295 } 296 if (tptr) { 297 tptr += index; 298 } 299 if (adreg & PHB_IODA_AD_AUTOINC) { 300 index = (index + 1) & mask; 301 adreg = SETFIELD(PHB_IODA_AD_TADR, adreg, index); 302 } 303 phb->regs[PHB_IODA_ADDR >> 3] = adreg; 304 return tptr; 305} 306 307static uint64_t pnv_phb3_ioda_read(PnvPHB3 *phb) 308{ 309 unsigned table; 310 uint64_t *tptr; 311 312 tptr = pnv_phb3_ioda_access(phb, &table, NULL); 313 if (!tptr) { 314 /* Return 0 on unsupported tables, not ff's */ 315 return 0; 316 } 317 return *tptr; 318} 319 320static void pnv_phb3_ioda_write(PnvPHB3 *phb, uint64_t val) 321{ 322 unsigned table, idx; 323 uint64_t *tptr; 324 325 tptr = pnv_phb3_ioda_access(phb, &table, &idx); 326 if (!tptr) { 327 return; 328 } 329 330 /* Handle side effects */ 331 switch (table) { 332 case IODA2_TBL_LXIVT: 333 pnv_phb3_lxivt_write(phb, idx, val); 334 break; 335 case IODA2_TBL_M64BT: 336 *tptr = val; 337 pnv_phb3_check_m64(phb, idx); 338 break; 339 default: 340 *tptr = val; 341 } 342} 343 344/* 345 * This is called whenever the PHB LSI, MSI source ID register or 346 * the PBCQ irq filters are written. 347 */ 348void pnv_phb3_remap_irqs(PnvPHB3 *phb) 349{ 350 ICSState *ics = &phb->lsis; 351 uint32_t local, global, count, mask, comp; 352 uint64_t baren; 353 PnvPBCQState *pbcq = &phb->pbcq; 354 355 /* 356 * First check if we are enabled. Unlike real HW we don't separate 357 * TX and RX so we enable if both are set 358 */ 359 baren = pbcq->nest_regs[PBCQ_NEST_BAR_EN]; 360 if (!(baren & PBCQ_NEST_BAR_EN_IRSN_RX) || 361 !(baren & PBCQ_NEST_BAR_EN_IRSN_TX)) { 362 ics->offset = 0; 363 return; 364 } 365 366 /* Grab local LSI source ID */ 367 local = GETFIELD(PHB_LSI_SRC_ID, phb->regs[PHB_LSI_SOURCE_ID >> 3]) << 3; 368 369 /* Grab global one and compare */ 370 global = GETFIELD(PBCQ_NEST_LSI_SRC, 371 pbcq->nest_regs[PBCQ_NEST_LSI_SRC_ID]) << 3; 372 if (global != local) { 373 /* 374 * This happens during initialization, let's come back when we 375 * are properly configured 376 */ 377 ics->offset = 0; 378 return; 379 } 380 381 /* Get the base on the powerbus */ 382 comp = GETFIELD(PBCQ_NEST_IRSN_COMP, 383 pbcq->nest_regs[PBCQ_NEST_IRSN_COMPARE]); 384 mask = GETFIELD(PBCQ_NEST_IRSN_COMP, 385 pbcq->nest_regs[PBCQ_NEST_IRSN_MASK]); 386 count = ((~mask) + 1) & 0x7ffff; 387 phb->total_irq = count; 388 389 /* Sanity checks */ 390 if ((global + PNV_PHB3_NUM_LSI) > count) { 391 phb3_error(phb, "LSIs out of reach: LSI base=%d total irq=%d", global, 392 count); 393 } 394 395 if (count > 2048) { 396 phb3_error(phb, "More interrupts than supported: %d", count); 397 } 398 399 if ((comp & mask) != comp) { 400 phb3_error(phb, "IRQ compare bits not in mask: comp=0x%x mask=0x%x", 401 comp, mask); 402 comp &= mask; 403 } 404 /* Setup LSI offset */ 405 ics->offset = comp + global; 406 407 /* Setup MSI offset */ 408 pnv_phb3_msi_update_config(&phb->msis, comp, count - PNV_PHB3_NUM_LSI); 409} 410 411static void pnv_phb3_lsi_src_id_write(PnvPHB3 *phb, uint64_t val) 412{ 413 /* Sanitize content */ 414 val &= PHB_LSI_SRC_ID; 415 phb->regs[PHB_LSI_SOURCE_ID >> 3] = val; 416 pnv_phb3_remap_irqs(phb); 417} 418 419static void pnv_phb3_rtc_invalidate(PnvPHB3 *phb, uint64_t val) 420{ 421 PnvPhb3DMASpace *ds; 422 423 /* Always invalidate all for now ... */ 424 QLIST_FOREACH(ds, &phb->dma_spaces, list) { 425 ds->pe_num = PHB_INVALID_PE; 426 } 427} 428 429 430static void pnv_phb3_update_msi_regions(PnvPhb3DMASpace *ds) 431{ 432 uint64_t cfg = ds->phb->regs[PHB_PHB3_CONFIG >> 3]; 433 434 if (cfg & PHB_PHB3C_32BIT_MSI_EN) { 435 if (!memory_region_is_mapped(&ds->msi32_mr)) { 436 memory_region_add_subregion(MEMORY_REGION(&ds->dma_mr), 437 0xffff0000, &ds->msi32_mr); 438 } 439 } else { 440 if (memory_region_is_mapped(&ds->msi32_mr)) { 441 memory_region_del_subregion(MEMORY_REGION(&ds->dma_mr), 442 &ds->msi32_mr); 443 } 444 } 445 446 if (cfg & PHB_PHB3C_64BIT_MSI_EN) { 447 if (!memory_region_is_mapped(&ds->msi64_mr)) { 448 memory_region_add_subregion(MEMORY_REGION(&ds->dma_mr), 449 (1ull << 60), &ds->msi64_mr); 450 } 451 } else { 452 if (memory_region_is_mapped(&ds->msi64_mr)) { 453 memory_region_del_subregion(MEMORY_REGION(&ds->dma_mr), 454 &ds->msi64_mr); 455 } 456 } 457} 458 459static void pnv_phb3_update_all_msi_regions(PnvPHB3 *phb) 460{ 461 PnvPhb3DMASpace *ds; 462 463 QLIST_FOREACH(ds, &phb->dma_spaces, list) { 464 pnv_phb3_update_msi_regions(ds); 465 } 466} 467 468void pnv_phb3_reg_write(void *opaque, hwaddr off, uint64_t val, unsigned size) 469{ 470 PnvPHB3 *phb = opaque; 471 bool changed; 472 473 /* Special case configuration data */ 474 if ((off & 0xfffc) == PHB_CONFIG_DATA) { 475 pnv_phb3_config_write(phb, off & 0x3, size, val); 476 return; 477 } 478 479 /* Other registers are 64-bit only */ 480 if (size != 8 || off & 0x7) { 481 phb3_error(phb, "Invalid register access, offset: 0x%"PRIx64" size: %d", 482 off, size); 483 return; 484 } 485 486 /* Handle masking & filtering */ 487 switch (off) { 488 case PHB_M64_UPPER_BITS: 489 val &= 0xfffc000000000000ull; 490 break; 491 case PHB_Q_DMA_R: 492 /* 493 * This is enough logic to make SW happy but we aren't actually 494 * quiescing the DMAs 495 */ 496 if (val & PHB_Q_DMA_R_AUTORESET) { 497 val = 0; 498 } else { 499 val &= PHB_Q_DMA_R_QUIESCE_DMA; 500 } 501 break; 502 /* LEM stuff */ 503 case PHB_LEM_FIR_AND_MASK: 504 phb->regs[PHB_LEM_FIR_ACCUM >> 3] &= val; 505 return; 506 case PHB_LEM_FIR_OR_MASK: 507 phb->regs[PHB_LEM_FIR_ACCUM >> 3] |= val; 508 return; 509 case PHB_LEM_ERROR_AND_MASK: 510 phb->regs[PHB_LEM_ERROR_MASK >> 3] &= val; 511 return; 512 case PHB_LEM_ERROR_OR_MASK: 513 phb->regs[PHB_LEM_ERROR_MASK >> 3] |= val; 514 return; 515 case PHB_LEM_WOF: 516 val = 0; 517 break; 518 } 519 520 /* Record whether it changed */ 521 changed = phb->regs[off >> 3] != val; 522 523 /* Store in register cache first */ 524 phb->regs[off >> 3] = val; 525 526 /* Handle side effects */ 527 switch (off) { 528 case PHB_PHB3_CONFIG: 529 if (changed) { 530 pnv_phb3_update_all_msi_regions(phb); 531 } 532 /* fall through */ 533 case PHB_M32_BASE_ADDR: 534 case PHB_M32_BASE_MASK: 535 case PHB_M32_START_ADDR: 536 if (changed) { 537 pnv_phb3_check_m32(phb); 538 } 539 break; 540 case PHB_M64_UPPER_BITS: 541 if (changed) { 542 pnv_phb3_check_all_m64s(phb); 543 } 544 break; 545 case PHB_LSI_SOURCE_ID: 546 if (changed) { 547 pnv_phb3_lsi_src_id_write(phb, val); 548 } 549 break; 550 551 /* IODA table accesses */ 552 case PHB_IODA_DATA0: 553 pnv_phb3_ioda_write(phb, val); 554 break; 555 556 /* RTC invalidation */ 557 case PHB_RTC_INVALIDATE: 558 pnv_phb3_rtc_invalidate(phb, val); 559 break; 560 561 /* FFI request */ 562 case PHB_FFI_REQUEST: 563 pnv_phb3_msi_ffi(&phb->msis, val); 564 break; 565 566 /* Silent simple writes */ 567 case PHB_CONFIG_ADDRESS: 568 case PHB_IODA_ADDR: 569 case PHB_TCE_KILL: 570 case PHB_TCE_SPEC_CTL: 571 case PHB_PEST_BAR: 572 case PHB_PELTV_BAR: 573 case PHB_RTT_BAR: 574 case PHB_RBA_BAR: 575 case PHB_IVT_BAR: 576 case PHB_FFI_LOCK: 577 case PHB_LEM_FIR_ACCUM: 578 case PHB_LEM_ERROR_MASK: 579 case PHB_LEM_ACTION0: 580 case PHB_LEM_ACTION1: 581 break; 582 583 /* Noise on anything else */ 584 default: 585 qemu_log_mask(LOG_UNIMP, "phb3: reg_write 0x%"PRIx64"=%"PRIx64"\n", 586 off, val); 587 } 588} 589 590uint64_t pnv_phb3_reg_read(void *opaque, hwaddr off, unsigned size) 591{ 592 PnvPHB3 *phb = opaque; 593 PCIHostState *pci = PCI_HOST_BRIDGE(phb); 594 uint64_t val; 595 596 if ((off & 0xfffc) == PHB_CONFIG_DATA) { 597 return pnv_phb3_config_read(phb, off & 0x3, size); 598 } 599 600 /* Other registers are 64-bit only */ 601 if (size != 8 || off & 0x7) { 602 phb3_error(phb, "Invalid register access, offset: 0x%"PRIx64" size: %d", 603 off, size); 604 return ~0ull; 605 } 606 607 /* Default read from cache */ 608 val = phb->regs[off >> 3]; 609 610 switch (off) { 611 /* Simulate venice DD2.0 */ 612 case PHB_VERSION: 613 return 0x000000a300000005ull; 614 case PHB_PCIE_SYSTEM_CONFIG: 615 return 0x441100fc30000000; 616 617 /* IODA table accesses */ 618 case PHB_IODA_DATA0: 619 return pnv_phb3_ioda_read(phb); 620 621 /* Link training always appears trained */ 622 case PHB_PCIE_DLP_TRAIN_CTL: 623 if (!pci_find_device(pci->bus, 1, 0)) { 624 return 0; 625 } 626 return PHB_PCIE_DLP_INBAND_PRESENCE | PHB_PCIE_DLP_TC_DL_LINKACT; 627 628 /* FFI Lock */ 629 case PHB_FFI_LOCK: 630 /* Set lock and return previous value */ 631 phb->regs[off >> 3] |= PHB_FFI_LOCK_STATE; 632 return val; 633 634 /* DMA read sync: make it look like it's complete */ 635 case PHB_DMARD_SYNC: 636 return PHB_DMARD_SYNC_COMPLETE; 637 638 /* Silent simple reads */ 639 case PHB_PHB3_CONFIG: 640 case PHB_M32_BASE_ADDR: 641 case PHB_M32_BASE_MASK: 642 case PHB_M32_START_ADDR: 643 case PHB_CONFIG_ADDRESS: 644 case PHB_IODA_ADDR: 645 case PHB_RTC_INVALIDATE: 646 case PHB_TCE_KILL: 647 case PHB_TCE_SPEC_CTL: 648 case PHB_PEST_BAR: 649 case PHB_PELTV_BAR: 650 case PHB_RTT_BAR: 651 case PHB_RBA_BAR: 652 case PHB_IVT_BAR: 653 case PHB_M64_UPPER_BITS: 654 case PHB_LEM_FIR_ACCUM: 655 case PHB_LEM_ERROR_MASK: 656 case PHB_LEM_ACTION0: 657 case PHB_LEM_ACTION1: 658 break; 659 660 /* Noise on anything else */ 661 default: 662 qemu_log_mask(LOG_UNIMP, "phb3: reg_read 0x%"PRIx64"=%"PRIx64"\n", 663 off, val); 664 } 665 return val; 666} 667 668static const MemoryRegionOps pnv_phb3_reg_ops = { 669 .read = pnv_phb3_reg_read, 670 .write = pnv_phb3_reg_write, 671 .valid.min_access_size = 1, 672 .valid.max_access_size = 8, 673 .impl.min_access_size = 1, 674 .impl.max_access_size = 8, 675 .endianness = DEVICE_BIG_ENDIAN, 676}; 677 678static int pnv_phb3_map_irq(PCIDevice *pci_dev, int irq_num) 679{ 680 /* Check that out properly ... */ 681 return irq_num & 3; 682} 683 684static void pnv_phb3_set_irq(void *opaque, int irq_num, int level) 685{ 686 PnvPHB3 *phb = opaque; 687 688 /* LSI only ... */ 689 if (irq_num > 3) { 690 phb3_error(phb, "Unknown IRQ to set %d", irq_num); 691 } 692 qemu_set_irq(phb->qirqs[irq_num], level); 693} 694 695static bool pnv_phb3_resolve_pe(PnvPhb3DMASpace *ds) 696{ 697 uint64_t rtt, addr; 698 uint16_t rte; 699 int bus_num; 700 701 /* Already resolved ? */ 702 if (ds->pe_num != PHB_INVALID_PE) { 703 return true; 704 } 705 706 /* We need to lookup the RTT */ 707 rtt = ds->phb->regs[PHB_RTT_BAR >> 3]; 708 if (!(rtt & PHB_RTT_BAR_ENABLE)) { 709 phb3_error(ds->phb, "DMA with RTT BAR disabled !"); 710 /* Set error bits ? fence ? ... */ 711 return false; 712 } 713 714 /* Read RTE */ 715 bus_num = pci_bus_num(ds->bus); 716 addr = rtt & PHB_RTT_BASE_ADDRESS_MASK; 717 addr += 2 * ((bus_num << 8) | ds->devfn); 718 if (dma_memory_read(&address_space_memory, addr, &rte, sizeof(rte))) { 719 phb3_error(ds->phb, "Failed to read RTT entry at 0x%"PRIx64, addr); 720 /* Set error bits ? fence ? ... */ 721 return false; 722 } 723 rte = be16_to_cpu(rte); 724 725 /* Fail upon reading of invalid PE# */ 726 if (rte >= PNV_PHB3_NUM_PE) { 727 phb3_error(ds->phb, "RTE for RID 0x%x invalid (%04x", ds->devfn, rte); 728 /* Set error bits ? fence ? ... */ 729 return false; 730 } 731 ds->pe_num = rte; 732 return true; 733} 734 735static void pnv_phb3_translate_tve(PnvPhb3DMASpace *ds, hwaddr addr, 736 bool is_write, uint64_t tve, 737 IOMMUTLBEntry *tlb) 738{ 739 uint64_t tta = GETFIELD(IODA2_TVT_TABLE_ADDR, tve); 740 int32_t lev = GETFIELD(IODA2_TVT_NUM_LEVELS, tve); 741 uint32_t tts = GETFIELD(IODA2_TVT_TCE_TABLE_SIZE, tve); 742 uint32_t tps = GETFIELD(IODA2_TVT_IO_PSIZE, tve); 743 PnvPHB3 *phb = ds->phb; 744 745 /* Invalid levels */ 746 if (lev > 4) { 747 phb3_error(phb, "Invalid #levels in TVE %d", lev); 748 return; 749 } 750 751 /* IO Page Size of 0 means untranslated, else use TCEs */ 752 if (tps == 0) { 753 /* 754 * We only support non-translate in top window. 755 * 756 * TODO: Venice/Murano support it on bottom window above 4G and 757 * Naples suports it on everything 758 */ 759 if (!(tve & PPC_BIT(51))) { 760 phb3_error(phb, "xlate for invalid non-translate TVE"); 761 return; 762 } 763 /* TODO: Handle boundaries */ 764 765 /* Use 4k pages like q35 ... for now */ 766 tlb->iova = addr & 0xfffffffffffff000ull; 767 tlb->translated_addr = addr & 0x0003fffffffff000ull; 768 tlb->addr_mask = 0xfffull; 769 tlb->perm = IOMMU_RW; 770 } else { 771 uint32_t tce_shift, tbl_shift, sh; 772 uint64_t base, taddr, tce, tce_mask; 773 774 /* TVE disabled ? */ 775 if (tts == 0) { 776 phb3_error(phb, "xlate for invalid translated TVE"); 777 return; 778 } 779 780 /* Address bits per bottom level TCE entry */ 781 tce_shift = tps + 11; 782 783 /* Address bits per table level */ 784 tbl_shift = tts + 8; 785 786 /* Top level table base address */ 787 base = tta << 12; 788 789 /* Total shift to first level */ 790 sh = tbl_shift * lev + tce_shift; 791 792 /* TODO: Multi-level untested */ 793 while ((lev--) >= 0) { 794 /* Grab the TCE address */ 795 taddr = base | (((addr >> sh) & ((1ul << tbl_shift) - 1)) << 3); 796 if (dma_memory_read(&address_space_memory, taddr, &tce, 797 sizeof(tce))) { 798 phb3_error(phb, "Failed to read TCE at 0x%"PRIx64, taddr); 799 return; 800 } 801 tce = be64_to_cpu(tce); 802 803 /* Check permission for indirect TCE */ 804 if ((lev >= 0) && !(tce & 3)) { 805 phb3_error(phb, "Invalid indirect TCE at 0x%"PRIx64, taddr); 806 phb3_error(phb, " xlate %"PRIx64":%c TVE=%"PRIx64, addr, 807 is_write ? 'W' : 'R', tve); 808 phb3_error(phb, " tta=%"PRIx64" lev=%d tts=%d tps=%d", 809 tta, lev, tts, tps); 810 return; 811 } 812 sh -= tbl_shift; 813 base = tce & ~0xfffull; 814 } 815 816 /* We exit the loop with TCE being the final TCE */ 817 tce_mask = ~((1ull << tce_shift) - 1); 818 tlb->iova = addr & tce_mask; 819 tlb->translated_addr = tce & tce_mask; 820 tlb->addr_mask = ~tce_mask; 821 tlb->perm = tce & 3; 822 if ((is_write & !(tce & 2)) || ((!is_write) && !(tce & 1))) { 823 phb3_error(phb, "TCE access fault at 0x%"PRIx64, taddr); 824 phb3_error(phb, " xlate %"PRIx64":%c TVE=%"PRIx64, addr, 825 is_write ? 'W' : 'R', tve); 826 phb3_error(phb, " tta=%"PRIx64" lev=%d tts=%d tps=%d", 827 tta, lev, tts, tps); 828 } 829 } 830} 831 832static IOMMUTLBEntry pnv_phb3_translate_iommu(IOMMUMemoryRegion *iommu, 833 hwaddr addr, 834 IOMMUAccessFlags flag, 835 int iommu_idx) 836{ 837 PnvPhb3DMASpace *ds = container_of(iommu, PnvPhb3DMASpace, dma_mr); 838 int tve_sel; 839 uint64_t tve, cfg; 840 IOMMUTLBEntry ret = { 841 .target_as = &address_space_memory, 842 .iova = addr, 843 .translated_addr = 0, 844 .addr_mask = ~(hwaddr)0, 845 .perm = IOMMU_NONE, 846 }; 847 PnvPHB3 *phb = ds->phb; 848 849 /* Resolve PE# */ 850 if (!pnv_phb3_resolve_pe(ds)) { 851 phb3_error(phb, "Failed to resolve PE# for bus @%p (%d) devfn 0x%x", 852 ds->bus, pci_bus_num(ds->bus), ds->devfn); 853 return ret; 854 } 855 856 /* Check top bits */ 857 switch (addr >> 60) { 858 case 00: 859 /* DMA or 32-bit MSI ? */ 860 cfg = ds->phb->regs[PHB_PHB3_CONFIG >> 3]; 861 if ((cfg & PHB_PHB3C_32BIT_MSI_EN) && 862 ((addr & 0xffffffffffff0000ull) == 0xffff0000ull)) { 863 phb3_error(phb, "xlate on 32-bit MSI region"); 864 return ret; 865 } 866 /* Choose TVE XXX Use PHB3 Control Register */ 867 tve_sel = (addr >> 59) & 1; 868 tve = ds->phb->ioda_TVT[ds->pe_num * 2 + tve_sel]; 869 pnv_phb3_translate_tve(ds, addr, flag & IOMMU_WO, tve, &ret); 870 break; 871 case 01: 872 phb3_error(phb, "xlate on 64-bit MSI region"); 873 break; 874 default: 875 phb3_error(phb, "xlate on unsupported address 0x%"PRIx64, addr); 876 } 877 return ret; 878} 879 880#define TYPE_PNV_PHB3_IOMMU_MEMORY_REGION "pnv-phb3-iommu-memory-region" 881DECLARE_INSTANCE_CHECKER(IOMMUMemoryRegion, PNV_PHB3_IOMMU_MEMORY_REGION, 882 TYPE_PNV_PHB3_IOMMU_MEMORY_REGION) 883 884static void pnv_phb3_iommu_memory_region_class_init(ObjectClass *klass, 885 void *data) 886{ 887 IOMMUMemoryRegionClass *imrc = IOMMU_MEMORY_REGION_CLASS(klass); 888 889 imrc->translate = pnv_phb3_translate_iommu; 890} 891 892static const TypeInfo pnv_phb3_iommu_memory_region_info = { 893 .parent = TYPE_IOMMU_MEMORY_REGION, 894 .name = TYPE_PNV_PHB3_IOMMU_MEMORY_REGION, 895 .class_init = pnv_phb3_iommu_memory_region_class_init, 896}; 897 898/* 899 * MSI/MSIX memory region implementation. 900 * The handler handles both MSI and MSIX. 901 */ 902static void pnv_phb3_msi_write(void *opaque, hwaddr addr, 903 uint64_t data, unsigned size) 904{ 905 PnvPhb3DMASpace *ds = opaque; 906 907 /* Resolve PE# */ 908 if (!pnv_phb3_resolve_pe(ds)) { 909 phb3_error(ds->phb, "Failed to resolve PE# for bus @%p (%d) devfn 0x%x", 910 ds->bus, pci_bus_num(ds->bus), ds->devfn); 911 return; 912 } 913 914 pnv_phb3_msi_send(&ds->phb->msis, addr, data, ds->pe_num); 915} 916 917/* There is no .read as the read result is undefined by PCI spec */ 918static uint64_t pnv_phb3_msi_read(void *opaque, hwaddr addr, unsigned size) 919{ 920 PnvPhb3DMASpace *ds = opaque; 921 922 phb3_error(ds->phb, "invalid read @ 0x%" HWADDR_PRIx, addr); 923 return -1; 924} 925 926static const MemoryRegionOps pnv_phb3_msi_ops = { 927 .read = pnv_phb3_msi_read, 928 .write = pnv_phb3_msi_write, 929 .endianness = DEVICE_LITTLE_ENDIAN 930}; 931 932static AddressSpace *pnv_phb3_dma_iommu(PCIBus *bus, void *opaque, int devfn) 933{ 934 PnvPHB3 *phb = opaque; 935 PnvPhb3DMASpace *ds; 936 937 QLIST_FOREACH(ds, &phb->dma_spaces, list) { 938 if (ds->bus == bus && ds->devfn == devfn) { 939 break; 940 } 941 } 942 943 if (ds == NULL) { 944 ds = g_malloc0(sizeof(PnvPhb3DMASpace)); 945 ds->bus = bus; 946 ds->devfn = devfn; 947 ds->pe_num = PHB_INVALID_PE; 948 ds->phb = phb; 949 memory_region_init_iommu(&ds->dma_mr, sizeof(ds->dma_mr), 950 TYPE_PNV_PHB3_IOMMU_MEMORY_REGION, 951 OBJECT(phb), "phb3_iommu", UINT64_MAX); 952 address_space_init(&ds->dma_as, MEMORY_REGION(&ds->dma_mr), 953 "phb3_iommu"); 954 memory_region_init_io(&ds->msi32_mr, OBJECT(phb), &pnv_phb3_msi_ops, 955 ds, "msi32", 0x10000); 956 memory_region_init_io(&ds->msi64_mr, OBJECT(phb), &pnv_phb3_msi_ops, 957 ds, "msi64", 0x100000); 958 pnv_phb3_update_msi_regions(ds); 959 960 QLIST_INSERT_HEAD(&phb->dma_spaces, ds, list); 961 } 962 return &ds->dma_as; 963} 964 965static void pnv_phb3_instance_init(Object *obj) 966{ 967 PnvPHB3 *phb = PNV_PHB3(obj); 968 969 QLIST_INIT(&phb->dma_spaces); 970 971 /* LSI sources */ 972 object_initialize_child(obj, "lsi", &phb->lsis, TYPE_ICS); 973 974 /* Default init ... will be fixed by HW inits */ 975 phb->lsis.offset = 0; 976 977 /* MSI sources */ 978 object_initialize_child(obj, "msi", &phb->msis, TYPE_PHB3_MSI); 979 980 /* Power Bus Common Queue */ 981 object_initialize_child(obj, "pbcq", &phb->pbcq, TYPE_PNV_PBCQ); 982 983 /* Root Port */ 984 object_initialize_child(obj, "root", &phb->root, TYPE_PNV_PHB3_ROOT_PORT); 985 qdev_prop_set_int32(DEVICE(&phb->root), "addr", PCI_DEVFN(0, 0)); 986 qdev_prop_set_bit(DEVICE(&phb->root), "multifunction", false); 987} 988 989static void pnv_phb3_realize(DeviceState *dev, Error **errp) 990{ 991 PnvPHB3 *phb = PNV_PHB3(dev); 992 PCIHostState *pci = PCI_HOST_BRIDGE(dev); 993 PnvMachineState *pnv = PNV_MACHINE(qdev_get_machine()); 994 int i; 995 996 if (phb->phb_id >= PNV8_CHIP_PHB3_MAX) { 997 error_setg(errp, "invalid PHB index: %d", phb->phb_id); 998 return; 999 } 1000 1001 /* LSI sources */ 1002 object_property_set_link(OBJECT(&phb->lsis), "xics", OBJECT(pnv), 1003 &error_abort); 1004 object_property_set_int(OBJECT(&phb->lsis), "nr-irqs", PNV_PHB3_NUM_LSI, 1005 &error_abort); 1006 if (!qdev_realize(DEVICE(&phb->lsis), NULL, errp)) { 1007 return; 1008 } 1009 1010 for (i = 0; i < phb->lsis.nr_irqs; i++) { 1011 ics_set_irq_type(&phb->lsis, i, true); 1012 } 1013 1014 phb->qirqs = qemu_allocate_irqs(ics_set_irq, &phb->lsis, phb->lsis.nr_irqs); 1015 1016 /* MSI sources */ 1017 object_property_set_link(OBJECT(&phb->msis), "phb", OBJECT(phb), 1018 &error_abort); 1019 object_property_set_link(OBJECT(&phb->msis), "xics", OBJECT(pnv), 1020 &error_abort); 1021 object_property_set_int(OBJECT(&phb->msis), "nr-irqs", PHB3_MAX_MSI, 1022 &error_abort); 1023 if (!qdev_realize(DEVICE(&phb->msis), NULL, errp)) { 1024 return; 1025 } 1026 1027 /* Power Bus Common Queue */ 1028 object_property_set_link(OBJECT(&phb->pbcq), "phb", OBJECT(phb), 1029 &error_abort); 1030 if (!qdev_realize(DEVICE(&phb->pbcq), NULL, errp)) { 1031 return; 1032 } 1033 1034 /* Controller Registers */ 1035 memory_region_init_io(&phb->mr_regs, OBJECT(phb), &pnv_phb3_reg_ops, phb, 1036 "phb3-regs", 0x1000); 1037 1038 /* 1039 * PHB3 doesn't support IO space. However, qemu gets very upset if 1040 * we don't have an IO region to anchor IO BARs onto so we just 1041 * initialize one which we never hook up to anything 1042 */ 1043 memory_region_init(&phb->pci_io, OBJECT(phb), "pci-io", 0x10000); 1044 memory_region_init(&phb->pci_mmio, OBJECT(phb), "pci-mmio", 1045 PCI_MMIO_TOTAL_SIZE); 1046 1047 pci->bus = pci_register_root_bus(dev, "root-bus", 1048 pnv_phb3_set_irq, pnv_phb3_map_irq, phb, 1049 &phb->pci_mmio, &phb->pci_io, 1050 0, 4, TYPE_PNV_PHB3_ROOT_BUS); 1051 1052 pci_setup_iommu(pci->bus, pnv_phb3_dma_iommu, phb); 1053 1054 /* Add a single Root port */ 1055 qdev_prop_set_uint8(DEVICE(&phb->root), "chassis", phb->chip_id); 1056 qdev_prop_set_uint16(DEVICE(&phb->root), "slot", phb->phb_id); 1057 qdev_realize(DEVICE(&phb->root), BUS(pci->bus), &error_fatal); 1058} 1059 1060void pnv_phb3_update_regions(PnvPHB3 *phb) 1061{ 1062 PnvPBCQState *pbcq = &phb->pbcq; 1063 1064 /* Unmap first always */ 1065 if (memory_region_is_mapped(&phb->mr_regs)) { 1066 memory_region_del_subregion(&pbcq->phbbar, &phb->mr_regs); 1067 } 1068 1069 /* Map registers if enabled */ 1070 if (memory_region_is_mapped(&pbcq->phbbar)) { 1071 /* TODO: We should use the PHB BAR 2 register but we don't ... */ 1072 memory_region_add_subregion(&pbcq->phbbar, 0, &phb->mr_regs); 1073 } 1074 1075 /* Check/update m32 */ 1076 if (memory_region_is_mapped(&phb->mr_m32)) { 1077 pnv_phb3_check_m32(phb); 1078 } 1079 pnv_phb3_check_all_m64s(phb); 1080} 1081 1082static const char *pnv_phb3_root_bus_path(PCIHostState *host_bridge, 1083 PCIBus *rootbus) 1084{ 1085 PnvPHB3 *phb = PNV_PHB3(host_bridge); 1086 1087 snprintf(phb->bus_path, sizeof(phb->bus_path), "00%02x:%02x", 1088 phb->chip_id, phb->phb_id); 1089 return phb->bus_path; 1090} 1091 1092static Property pnv_phb3_properties[] = { 1093 DEFINE_PROP_UINT32("index", PnvPHB3, phb_id, 0), 1094 DEFINE_PROP_UINT32("chip-id", PnvPHB3, chip_id, 0), 1095 DEFINE_PROP_END_OF_LIST(), 1096}; 1097 1098static void pnv_phb3_class_init(ObjectClass *klass, void *data) 1099{ 1100 PCIHostBridgeClass *hc = PCI_HOST_BRIDGE_CLASS(klass); 1101 DeviceClass *dc = DEVICE_CLASS(klass); 1102 1103 hc->root_bus_path = pnv_phb3_root_bus_path; 1104 dc->realize = pnv_phb3_realize; 1105 device_class_set_props(dc, pnv_phb3_properties); 1106 set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); 1107 dc->user_creatable = false; 1108} 1109 1110static const TypeInfo pnv_phb3_type_info = { 1111 .name = TYPE_PNV_PHB3, 1112 .parent = TYPE_PCIE_HOST_BRIDGE, 1113 .instance_size = sizeof(PnvPHB3), 1114 .class_init = pnv_phb3_class_init, 1115 .instance_init = pnv_phb3_instance_init, 1116}; 1117 1118static void pnv_phb3_root_bus_class_init(ObjectClass *klass, void *data) 1119{ 1120 BusClass *k = BUS_CLASS(klass); 1121 1122 /* 1123 * PHB3 has only a single root complex. Enforce the limit on the 1124 * parent bus 1125 */ 1126 k->max_dev = 1; 1127} 1128 1129static const TypeInfo pnv_phb3_root_bus_info = { 1130 .name = TYPE_PNV_PHB3_ROOT_BUS, 1131 .parent = TYPE_PCIE_BUS, 1132 .class_init = pnv_phb3_root_bus_class_init, 1133 .interfaces = (InterfaceInfo[]) { 1134 { INTERFACE_PCIE_DEVICE }, 1135 { } 1136 }, 1137}; 1138 1139static void pnv_phb3_root_port_realize(DeviceState *dev, Error **errp) 1140{ 1141 PCIERootPortClass *rpc = PCIE_ROOT_PORT_GET_CLASS(dev); 1142 Error *local_err = NULL; 1143 1144 rpc->parent_realize(dev, &local_err); 1145 if (local_err) { 1146 error_propagate(errp, local_err); 1147 return; 1148 } 1149} 1150 1151static void pnv_phb3_root_port_class_init(ObjectClass *klass, void *data) 1152{ 1153 DeviceClass *dc = DEVICE_CLASS(klass); 1154 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 1155 PCIERootPortClass *rpc = PCIE_ROOT_PORT_CLASS(klass); 1156 1157 dc->desc = "IBM PHB3 PCIE Root Port"; 1158 1159 device_class_set_parent_realize(dc, pnv_phb3_root_port_realize, 1160 &rpc->parent_realize); 1161 dc->user_creatable = false; 1162 1163 k->vendor_id = PCI_VENDOR_ID_IBM; 1164 k->device_id = 0x03dc; 1165 k->revision = 0; 1166 1167 rpc->exp_offset = 0x48; 1168 rpc->aer_offset = 0x100; 1169} 1170 1171static const TypeInfo pnv_phb3_root_port_info = { 1172 .name = TYPE_PNV_PHB3_ROOT_PORT, 1173 .parent = TYPE_PCIE_ROOT_PORT, 1174 .instance_size = sizeof(PnvPHB3RootPort), 1175 .class_init = pnv_phb3_root_port_class_init, 1176}; 1177 1178static void pnv_phb3_register_types(void) 1179{ 1180 type_register_static(&pnv_phb3_root_bus_info); 1181 type_register_static(&pnv_phb3_root_port_info); 1182 type_register_static(&pnv_phb3_type_info); 1183 type_register_static(&pnv_phb3_iommu_memory_region_info); 1184} 1185 1186type_init(pnv_phb3_register_types)