virtio-net: check the existence of peer before accessing vDPA config
[qemu.git] / hw / pci-host / versatile.c
1 /*
2 * ARM Versatile/PB PCI host controller
3 *
4 * Copyright (c) 2006-2009 CodeSourcery.
5 * Written by Paul Brook
6 *
7 * This code is licensed under the LGPL.
8 */
9
10 #include "qemu/osdep.h"
11 #include "qemu/units.h"
12 #include "hw/sysbus.h"
13 #include "migration/vmstate.h"
14 #include "hw/irq.h"
15 #include "hw/pci/pci.h"
16 #include "hw/pci/pci_bus.h"
17 #include "hw/pci/pci_host.h"
18 #include "hw/qdev-properties.h"
19 #include "qemu/log.h"
20 #include "qemu/module.h"
21
22 /* Old and buggy versions of QEMU used the wrong mapping from
23 * PCI IRQs to system interrupt lines. Unfortunately the Linux
24 * kernel also had the corresponding bug in setting up interrupts
25 * (so older kernels work on QEMU and not on real hardware).
26 * We automatically detect these broken kernels and flip back
27 * to the broken irq mapping by spotting guest writes to the
28 * PCI_INTERRUPT_LINE register to see where the guest thinks
29 * interrupts are going to be routed. So we start in state
30 * ASSUME_OK on reset, and transition to either BROKEN or
31 * FORCE_OK at the first write to an INTERRUPT_LINE register for
32 * a slot where broken and correct interrupt mapping would differ.
33 * Once in either BROKEN or FORCE_OK we never transition again;
34 * this allows a newer kernel to use the INTERRUPT_LINE
35 * registers arbitrarily once it has indicated that it isn't
36 * broken in its init code somewhere.
37 *
38 * Unfortunately we have to cope with multiple different
39 * variants on the broken kernel behaviour:
40 * phase I (before kernel commit 1bc39ac5d) kernels assume old
41 * QEMU behaviour, so they use IRQ 27 for all slots
42 * phase II (1bc39ac5d and later, but before e3e92a7be6) kernels
43 * swizzle IRQs between slots, but do it wrongly, so they
44 * work only for every fourth PCI card, and only if (like old
45 * QEMU) the PCI host device is at slot 0 rather than where
46 * the h/w actually puts it
47 * phase III (e3e92a7be6 and later) kernels still swizzle IRQs between
48 * slots wrongly, but add a fixed offset of 64 to everything
49 * they write to PCI_INTERRUPT_LINE.
50 *
51 * We live in hope of a mythical phase IV kernel which might
52 * actually behave in ways that work on the hardware. Such a
53 * kernel should probably start off by writing some value neither
54 * 27 nor 91 to slot zero's PCI_INTERRUPT_LINE register to
55 * disable the autodetection. After that it can do what it likes.
56 *
57 * Slot % 4 | hw | I | II | III
58 * -------------------------------
59 * 0 | 29 | 27 | 27 | 91
60 * 1 | 30 | 27 | 28 | 92
61 * 2 | 27 | 27 | 29 | 93
62 * 3 | 28 | 27 | 30 | 94
63 *
64 * Since our autodetection is not perfect we also provide a
65 * property so the user can make us start in BROKEN or FORCE_OK
66 * on reset if they know they have a bad or good kernel.
67 */
68 enum {
69 PCI_VPB_IRQMAP_ASSUME_OK,
70 PCI_VPB_IRQMAP_BROKEN,
71 PCI_VPB_IRQMAP_FORCE_OK,
72 };
73
74 typedef struct {
75 PCIHostState parent_obj;
76
77 qemu_irq irq[4];
78 MemoryRegion controlregs;
79 MemoryRegion mem_config;
80 MemoryRegion mem_config2;
81 /* Containers representing the PCI address spaces */
82 MemoryRegion pci_io_space;
83 MemoryRegion pci_mem_space;
84 /* Alias regions into PCI address spaces which we expose as sysbus regions.
85 * The offsets into pci_mem_space are controlled by the imap registers.
86 */
87 MemoryRegion pci_io_window;
88 MemoryRegion pci_mem_window[3];
89 PCIBus pci_bus;
90 PCIDevice pci_dev;
91
92 /* Constant for life of device: */
93 int realview;
94 uint32_t mem_win_size[3];
95 uint8_t irq_mapping_prop;
96
97 /* Variable state: */
98 uint32_t imap[3];
99 uint32_t smap[3];
100 uint32_t selfid;
101 uint32_t flags;
102 uint8_t irq_mapping;
103 } PCIVPBState;
104
105 static void pci_vpb_update_window(PCIVPBState *s, int i)
106 {
107 /* Adjust the offset of the alias region we use for
108 * the memory window i to account for a change in the
109 * value of the corresponding IMAP register.
110 * Note that the semantics of the IMAP register differ
111 * for realview and versatile variants of the controller.
112 */
113 hwaddr offset;
114 if (s->realview) {
115 /* Top bits of register (masked according to window size) provide
116 * top bits of PCI address.
117 */
118 offset = s->imap[i] & ~(s->mem_win_size[i] - 1);
119 } else {
120 /* Bottom 4 bits of register provide top 4 bits of PCI address */
121 offset = s->imap[i] << 28;
122 }
123 memory_region_set_alias_offset(&s->pci_mem_window[i], offset);
124 }
125
126 static void pci_vpb_update_all_windows(PCIVPBState *s)
127 {
128 /* Update all alias windows based on the current register state */
129 int i;
130
131 for (i = 0; i < 3; i++) {
132 pci_vpb_update_window(s, i);
133 }
134 }
135
136 static int pci_vpb_post_load(void *opaque, int version_id)
137 {
138 PCIVPBState *s = opaque;
139 pci_vpb_update_all_windows(s);
140 return 0;
141 }
142
143 static const VMStateDescription pci_vpb_vmstate = {
144 .name = "versatile-pci",
145 .version_id = 1,
146 .minimum_version_id = 1,
147 .post_load = pci_vpb_post_load,
148 .fields = (VMStateField[]) {
149 VMSTATE_UINT32_ARRAY(imap, PCIVPBState, 3),
150 VMSTATE_UINT32_ARRAY(smap, PCIVPBState, 3),
151 VMSTATE_UINT32(selfid, PCIVPBState),
152 VMSTATE_UINT32(flags, PCIVPBState),
153 VMSTATE_UINT8(irq_mapping, PCIVPBState),
154 VMSTATE_END_OF_LIST()
155 }
156 };
157
158 #define TYPE_VERSATILE_PCI "versatile_pci"
159 #define PCI_VPB(obj) \
160 OBJECT_CHECK(PCIVPBState, (obj), TYPE_VERSATILE_PCI)
161
162 #define TYPE_VERSATILE_PCI_HOST "versatile_pci_host"
163 #define PCI_VPB_HOST(obj) \
164 OBJECT_CHECK(PCIDevice, (obj), TYPE_VERSATILE_PCIHOST)
165
166 typedef enum {
167 PCI_IMAP0 = 0x0,
168 PCI_IMAP1 = 0x4,
169 PCI_IMAP2 = 0x8,
170 PCI_SELFID = 0xc,
171 PCI_FLAGS = 0x10,
172 PCI_SMAP0 = 0x14,
173 PCI_SMAP1 = 0x18,
174 PCI_SMAP2 = 0x1c,
175 } PCIVPBControlRegs;
176
177 static void pci_vpb_reg_write(void *opaque, hwaddr addr,
178 uint64_t val, unsigned size)
179 {
180 PCIVPBState *s = opaque;
181
182 switch (addr) {
183 case PCI_IMAP0:
184 case PCI_IMAP1:
185 case PCI_IMAP2:
186 {
187 int win = (addr - PCI_IMAP0) >> 2;
188 s->imap[win] = val;
189 pci_vpb_update_window(s, win);
190 break;
191 }
192 case PCI_SELFID:
193 s->selfid = val;
194 break;
195 case PCI_FLAGS:
196 s->flags = val;
197 break;
198 case PCI_SMAP0:
199 case PCI_SMAP1:
200 case PCI_SMAP2:
201 {
202 int win = (addr - PCI_SMAP0) >> 2;
203 s->smap[win] = val;
204 break;
205 }
206 default:
207 qemu_log_mask(LOG_GUEST_ERROR,
208 "pci_vpb_reg_write: Bad offset %x\n", (int)addr);
209 break;
210 }
211 }
212
213 static uint64_t pci_vpb_reg_read(void *opaque, hwaddr addr,
214 unsigned size)
215 {
216 PCIVPBState *s = opaque;
217
218 switch (addr) {
219 case PCI_IMAP0:
220 case PCI_IMAP1:
221 case PCI_IMAP2:
222 {
223 int win = (addr - PCI_IMAP0) >> 2;
224 return s->imap[win];
225 }
226 case PCI_SELFID:
227 return s->selfid;
228 case PCI_FLAGS:
229 return s->flags;
230 case PCI_SMAP0:
231 case PCI_SMAP1:
232 case PCI_SMAP2:
233 {
234 int win = (addr - PCI_SMAP0) >> 2;
235 return s->smap[win];
236 }
237 default:
238 qemu_log_mask(LOG_GUEST_ERROR,
239 "pci_vpb_reg_read: Bad offset %x\n", (int)addr);
240 return 0;
241 }
242 }
243
244 static const MemoryRegionOps pci_vpb_reg_ops = {
245 .read = pci_vpb_reg_read,
246 .write = pci_vpb_reg_write,
247 .endianness = DEVICE_NATIVE_ENDIAN,
248 .valid = {
249 .min_access_size = 4,
250 .max_access_size = 4,
251 },
252 };
253
254 static int pci_vpb_broken_irq(int slot, int irq)
255 {
256 /* Determine whether this IRQ value for this slot represents a
257 * known broken Linux kernel behaviour for this slot.
258 * Return one of the PCI_VPB_IRQMAP_ constants:
259 * BROKEN : if this definitely looks like a broken kernel
260 * FORCE_OK : if this definitely looks good
261 * ASSUME_OK : if we can't tell
262 */
263 slot %= PCI_NUM_PINS;
264
265 if (irq == 27) {
266 if (slot == 2) {
267 /* Might be a Phase I kernel, or might be a fixed kernel,
268 * since slot 2 is where we expect this IRQ.
269 */
270 return PCI_VPB_IRQMAP_ASSUME_OK;
271 }
272 /* Phase I kernel */
273 return PCI_VPB_IRQMAP_BROKEN;
274 }
275 if (irq == slot + 27) {
276 /* Phase II kernel */
277 return PCI_VPB_IRQMAP_BROKEN;
278 }
279 if (irq == slot + 27 + 64) {
280 /* Phase III kernel */
281 return PCI_VPB_IRQMAP_BROKEN;
282 }
283 /* Anything else must be a fixed kernel, possibly using an
284 * arbitrary irq map.
285 */
286 return PCI_VPB_IRQMAP_FORCE_OK;
287 }
288
289 static void pci_vpb_config_write(void *opaque, hwaddr addr,
290 uint64_t val, unsigned size)
291 {
292 PCIVPBState *s = opaque;
293 if (!s->realview && (addr & 0xff) == PCI_INTERRUPT_LINE
294 && s->irq_mapping == PCI_VPB_IRQMAP_ASSUME_OK) {
295 uint8_t devfn = addr >> 8;
296 s->irq_mapping = pci_vpb_broken_irq(PCI_SLOT(devfn), val);
297 }
298 pci_data_write(&s->pci_bus, addr, val, size);
299 }
300
301 static uint64_t pci_vpb_config_read(void *opaque, hwaddr addr,
302 unsigned size)
303 {
304 PCIVPBState *s = opaque;
305 uint32_t val;
306 val = pci_data_read(&s->pci_bus, addr, size);
307 return val;
308 }
309
310 static const MemoryRegionOps pci_vpb_config_ops = {
311 .read = pci_vpb_config_read,
312 .write = pci_vpb_config_write,
313 .endianness = DEVICE_NATIVE_ENDIAN,
314 };
315
316 static int pci_vpb_map_irq(PCIDevice *d, int irq_num)
317 {
318 PCIVPBState *s = container_of(pci_get_bus(d), PCIVPBState, pci_bus);
319
320 if (s->irq_mapping == PCI_VPB_IRQMAP_BROKEN) {
321 /* Legacy broken IRQ mapping for compatibility with old and
322 * buggy Linux guests
323 */
324 return irq_num;
325 }
326
327 /* Slot to IRQ mapping for RealView Platform Baseboard 926 backplane
328 * name slot IntA IntB IntC IntD
329 * A 31 IRQ28 IRQ29 IRQ30 IRQ27
330 * B 30 IRQ27 IRQ28 IRQ29 IRQ30
331 * C 29 IRQ30 IRQ27 IRQ28 IRQ29
332 * Slot C is for the host bridge; A and B the peripherals.
333 * Our output irqs 0..3 correspond to the baseboard's 27..30.
334 *
335 * This mapping function takes account of an oddity in the PB926
336 * board wiring, where the FPGA's P_nINTA input is connected to
337 * the INTB connection on the board PCI edge connector, P_nINTB
338 * is connected to INTC, and so on, so everything is one number
339 * further round from where you might expect.
340 */
341 return pci_swizzle_map_irq_fn(d, irq_num + 2);
342 }
343
344 static int pci_vpb_rv_map_irq(PCIDevice *d, int irq_num)
345 {
346 /* Slot to IRQ mapping for RealView EB and PB1176 backplane
347 * name slot IntA IntB IntC IntD
348 * A 31 IRQ50 IRQ51 IRQ48 IRQ49
349 * B 30 IRQ49 IRQ50 IRQ51 IRQ48
350 * C 29 IRQ48 IRQ49 IRQ50 IRQ51
351 * Slot C is for the host bridge; A and B the peripherals.
352 * Our output irqs 0..3 correspond to the baseboard's 48..51.
353 *
354 * The PB1176 and EB boards don't have the PB926 wiring oddity
355 * described above; P_nINTA connects to INTA, P_nINTB to INTB
356 * and so on, which is why this mapping function is different.
357 */
358 return pci_swizzle_map_irq_fn(d, irq_num + 3);
359 }
360
361 static void pci_vpb_set_irq(void *opaque, int irq_num, int level)
362 {
363 qemu_irq *pic = opaque;
364
365 qemu_set_irq(pic[irq_num], level);
366 }
367
368 static void pci_vpb_reset(DeviceState *d)
369 {
370 PCIVPBState *s = PCI_VPB(d);
371
372 s->imap[0] = 0;
373 s->imap[1] = 0;
374 s->imap[2] = 0;
375 s->smap[0] = 0;
376 s->smap[1] = 0;
377 s->smap[2] = 0;
378 s->selfid = 0;
379 s->flags = 0;
380 s->irq_mapping = s->irq_mapping_prop;
381
382 pci_vpb_update_all_windows(s);
383 }
384
385 static void pci_vpb_init(Object *obj)
386 {
387 PCIVPBState *s = PCI_VPB(obj);
388
389 /* Window sizes for VersatilePB; realview_pci's init will override */
390 s->mem_win_size[0] = 0x0c000000;
391 s->mem_win_size[1] = 0x10000000;
392 s->mem_win_size[2] = 0x10000000;
393 }
394
395 static void pci_vpb_realize(DeviceState *dev, Error **errp)
396 {
397 PCIVPBState *s = PCI_VPB(dev);
398 PCIHostState *h = PCI_HOST_BRIDGE(dev);
399 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
400 pci_map_irq_fn mapfn;
401 int i;
402
403 memory_region_init(&s->pci_io_space, OBJECT(s), "pci_io", 4 * GiB);
404 memory_region_init(&s->pci_mem_space, OBJECT(s), "pci_mem", 4 * GiB);
405
406 pci_root_bus_new_inplace(&s->pci_bus, sizeof(s->pci_bus), dev, "pci",
407 &s->pci_mem_space, &s->pci_io_space,
408 PCI_DEVFN(11, 0), TYPE_PCI_BUS);
409 h->bus = &s->pci_bus;
410
411 object_initialize(&s->pci_dev, sizeof(s->pci_dev), TYPE_VERSATILE_PCI_HOST);
412
413 for (i = 0; i < 4; i++) {
414 sysbus_init_irq(sbd, &s->irq[i]);
415 }
416
417 if (s->realview) {
418 mapfn = pci_vpb_rv_map_irq;
419 } else {
420 mapfn = pci_vpb_map_irq;
421 }
422
423 pci_bus_irqs(&s->pci_bus, pci_vpb_set_irq, mapfn, s->irq, 4);
424
425 /* Our memory regions are:
426 * 0 : our control registers
427 * 1 : PCI self config window
428 * 2 : PCI config window
429 * 3 : PCI IO window
430 * 4..6 : PCI memory windows
431 */
432 memory_region_init_io(&s->controlregs, OBJECT(s), &pci_vpb_reg_ops, s,
433 "pci-vpb-regs", 0x1000);
434 sysbus_init_mmio(sbd, &s->controlregs);
435 memory_region_init_io(&s->mem_config, OBJECT(s), &pci_vpb_config_ops, s,
436 "pci-vpb-selfconfig", 0x1000000);
437 sysbus_init_mmio(sbd, &s->mem_config);
438 memory_region_init_io(&s->mem_config2, OBJECT(s), &pci_vpb_config_ops, s,
439 "pci-vpb-config", 0x1000000);
440 sysbus_init_mmio(sbd, &s->mem_config2);
441
442 /* The window into I/O space is always into a fixed base address;
443 * its size is the same for both realview and versatile.
444 */
445 memory_region_init_alias(&s->pci_io_window, OBJECT(s), "pci-vbp-io-window",
446 &s->pci_io_space, 0, 0x100000);
447
448 sysbus_init_mmio(sbd, &s->pci_io_space);
449
450 /* Create the alias regions corresponding to our three windows onto
451 * PCI memory space. The sizes vary from board to board; the base
452 * offsets are guest controllable via the IMAP registers.
453 */
454 for (i = 0; i < 3; i++) {
455 memory_region_init_alias(&s->pci_mem_window[i], OBJECT(s), "pci-vbp-window",
456 &s->pci_mem_space, 0, s->mem_win_size[i]);
457 sysbus_init_mmio(sbd, &s->pci_mem_window[i]);
458 }
459
460 /* TODO Remove once realize propagates to child devices. */
461 qdev_realize(DEVICE(&s->pci_dev), BUS(&s->pci_bus), errp);
462 }
463
464 static void versatile_pci_host_realize(PCIDevice *d, Error **errp)
465 {
466 pci_set_word(d->config + PCI_STATUS,
467 PCI_STATUS_66MHZ | PCI_STATUS_DEVSEL_MEDIUM);
468 pci_set_byte(d->config + PCI_LATENCY_TIMER, 0x10);
469 }
470
471 static void versatile_pci_host_class_init(ObjectClass *klass, void *data)
472 {
473 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
474 DeviceClass *dc = DEVICE_CLASS(klass);
475
476 k->realize = versatile_pci_host_realize;
477 k->vendor_id = PCI_VENDOR_ID_XILINX;
478 k->device_id = PCI_DEVICE_ID_XILINX_XC2VP30;
479 k->class_id = PCI_CLASS_PROCESSOR_CO;
480 /*
481 * PCI-facing part of the host bridge, not usable without the
482 * host-facing part, which can't be device_add'ed, yet.
483 */
484 dc->user_creatable = false;
485 }
486
487 static const TypeInfo versatile_pci_host_info = {
488 .name = TYPE_VERSATILE_PCI_HOST,
489 .parent = TYPE_PCI_DEVICE,
490 .instance_size = sizeof(PCIDevice),
491 .class_init = versatile_pci_host_class_init,
492 .interfaces = (InterfaceInfo[]) {
493 { INTERFACE_CONVENTIONAL_PCI_DEVICE },
494 { },
495 },
496 };
497
498 static Property pci_vpb_properties[] = {
499 DEFINE_PROP_UINT8("broken-irq-mapping", PCIVPBState, irq_mapping_prop,
500 PCI_VPB_IRQMAP_ASSUME_OK),
501 DEFINE_PROP_END_OF_LIST()
502 };
503
504 static void pci_vpb_class_init(ObjectClass *klass, void *data)
505 {
506 DeviceClass *dc = DEVICE_CLASS(klass);
507
508 dc->realize = pci_vpb_realize;
509 dc->reset = pci_vpb_reset;
510 dc->vmsd = &pci_vpb_vmstate;
511 device_class_set_props(dc, pci_vpb_properties);
512 }
513
514 static const TypeInfo pci_vpb_info = {
515 .name = TYPE_VERSATILE_PCI,
516 .parent = TYPE_PCI_HOST_BRIDGE,
517 .instance_size = sizeof(PCIVPBState),
518 .instance_init = pci_vpb_init,
519 .class_init = pci_vpb_class_init,
520 };
521
522 static void pci_realview_init(Object *obj)
523 {
524 PCIVPBState *s = PCI_VPB(obj);
525
526 s->realview = 1;
527 /* The PCI window sizes are different on Realview boards */
528 s->mem_win_size[0] = 0x01000000;
529 s->mem_win_size[1] = 0x04000000;
530 s->mem_win_size[2] = 0x08000000;
531 }
532
533 static const TypeInfo pci_realview_info = {
534 .name = "realview_pci",
535 .parent = TYPE_VERSATILE_PCI,
536 .instance_init = pci_realview_init,
537 };
538
539 static void versatile_pci_register_types(void)
540 {
541 type_register_static(&pci_vpb_info);
542 type_register_static(&pci_realview_info);
543 type_register_static(&versatile_pci_host_info);
544 }
545
546 type_init(versatile_pci_register_types)