1 /* 2 * IGD device quirks 3 * 4 * Copyright Red Hat, Inc. 2016 5 * 6 * Authors: 7 * Alex Williamson <alex.williamson@redhat.com> 8 * 9 * This work is licensed under the terms of the GNU GPL, version 2. See 10 * the COPYING file in the top-level directory. 11 */ 12 13 #include "qemu/osdep.h" 14 #include "qemu/units.h" 15 #include "qemu/error-report.h" 16 #include "qapi/error.h" 17 #include "qapi/qmp/qerror.h" 18 #include "hw/hw.h" 19 #include "hw/nvram/fw_cfg.h" 20 #include "pci.h" 21 #include "trace.h" 22 23 /* 24 * Intel IGD support 25 * 26 * Obviously IGD is not a discrete device, this is evidenced not only by it 27 * being integrated into the CPU, but by the various chipset and BIOS 28 * dependencies that it brings along with it. Intel is trying to move away 29 * from this and Broadwell and newer devices can run in what Intel calls 30 * "Universal Pass-Through" mode, or UPT. Theoretically in UPT mode, nothing 31 * more is required beyond assigning the IGD device to a VM. There are 32 * however support limitations to this mode. It only supports IGD as a 33 * secondary graphics device in the VM and it doesn't officially support any 34 * physical outputs. 35 * 36 * The code here attempts to enable what we'll call legacy mode assignment, 37 * IGD retains most of the capabilities we expect for it to have on bare 38 * metal. To enable this mode, the IGD device must be assigned to the VM 39 * at PCI address 00:02.0, it must have a ROM, it very likely needs VGA 40 * support, we must have VM BIOS support for reserving and populating some 41 * of the required tables, and we need to tweak the chipset with revisions 42 * and IDs and an LPC/ISA bridge device. The intention is to make all of 43 * this happen automatically by installing the device at the correct VM PCI 44 * bus address. If any of the conditions are not met, we cross our fingers 45 * and hope the user knows better. 46 * 47 * NB - It is possible to enable physical outputs in UPT mode by supplying 48 * an OpRegion table. We don't do this by default because the guest driver 49 * behaves differently if an OpRegion is provided and no monitor is attached 50 * vs no OpRegion and a monitor being attached or not. Effectively, if a 51 * headless setup is desired, the OpRegion gets in the way of that. 52 */ 53 54 /* 55 * This presumes the device is already known to be an Intel VGA device, so we 56 * take liberties in which device ID bits match which generation. This should 57 * not be taken as an indication that all the devices are supported, or even 58 * supportable, some of them don't even support VT-d. 59 * See linux:include/drm/i915_pciids.h for IDs. 60 */ 61 static int igd_gen(VFIOPCIDevice *vdev) 62 { 63 /* 64 * Device IDs for Broxton/Apollo Lake are 0x0a84, 0x1a84, 0x1a85, 0x5a84 65 * and 0x5a85, match bit 11:1 here 66 * Prefix 0x0a is taken by Haswell, this rule should be matched first. 67 */ 68 if ((vdev->device_id & 0xffe) == 0xa84) { 69 return 9; 70 } 71 72 switch (vdev->device_id & 0xff00) { 73 case 0x0100: /* SandyBridge, IvyBridge */ 74 return 6; 75 case 0x0400: /* Haswell */ 76 case 0x0a00: /* Haswell */ 77 case 0x0c00: /* Haswell */ 78 case 0x0d00: /* Haswell */ 79 case 0x0f00: /* Valleyview/Bay Trail */ 80 return 7; 81 case 0x1600: /* Broadwell */ 82 case 0x2200: /* Cherryview */ 83 return 8; 84 case 0x1900: /* Skylake */ 85 case 0x3100: /* Gemini Lake */ 86 case 0x5900: /* Kaby Lake */ 87 case 0x3e00: /* Coffee Lake */ 88 case 0x9B00: /* Comet Lake */ 89 return 9; 90 case 0x8A00: /* Ice Lake */ 91 case 0x4500: /* Elkhart Lake */ 92 case 0x4E00: /* Jasper Lake */ 93 return 11; 94 case 0x9A00: /* Tiger Lake */ 95 case 0x4C00: /* Rocket Lake */ 96 case 0x4600: /* Alder Lake */ 97 case 0xA700: /* Raptor Lake */ 98 return 12; 99 } 100 101 /* 102 * Unfortunately, Intel changes it's specification quite often. This makes 103 * it impossible to use a suitable default value for unknown devices. 104 */ 105 return -1; 106 } 107 108 typedef struct VFIOIGDQuirk { 109 struct VFIOPCIDevice *vdev; 110 uint32_t index; 111 uint64_t bdsm; 112 } VFIOIGDQuirk; 113 114 #define IGD_GMCH 0x50 /* Graphics Control Register */ 115 #define IGD_BDSM 0x5c /* Base Data of Stolen Memory */ 116 #define IGD_BDSM_GEN11 0xc0 /* Base Data of Stolen Memory of gen 11 and later */ 117 118 #define IGD_GMCH_GEN6_GMS_SHIFT 3 /* SNB_GMCH in i915 */ 119 #define IGD_GMCH_GEN6_GMS_MASK 0x1f 120 #define IGD_GMCH_GEN6_GGMS_SHIFT 8 121 #define IGD_GMCH_GEN6_GGMS_MASK 0x3 122 #define IGD_GMCH_GEN8_GMS_SHIFT 8 /* BDW_GMCH in i915 */ 123 #define IGD_GMCH_GEN8_GMS_MASK 0xff 124 #define IGD_GMCH_GEN8_GGMS_SHIFT 6 125 #define IGD_GMCH_GEN8_GGMS_MASK 0x3 126 127 static uint64_t igd_gtt_memory_size(int gen, uint16_t gmch) 128 { 129 uint64_t ggms; 130 131 if (gen < 8) { 132 ggms = (gmch >> IGD_GMCH_GEN6_GGMS_SHIFT) & IGD_GMCH_GEN6_GGMS_MASK; 133 } else { 134 ggms = (gmch >> IGD_GMCH_GEN8_GGMS_SHIFT) & IGD_GMCH_GEN8_GGMS_MASK; 135 if (ggms != 0) { 136 ggms = 1 << ggms; 137 } 138 } 139 140 return ggms * MiB; 141 } 142 143 static uint64_t igd_stolen_memory_size(int gen, uint32_t gmch) 144 { 145 uint64_t gms; 146 147 if (gen < 8) { 148 gms = (gmch >> IGD_GMCH_GEN6_GMS_SHIFT) & IGD_GMCH_GEN6_GMS_MASK; 149 } else { 150 gms = (gmch >> IGD_GMCH_GEN8_GMS_SHIFT) & IGD_GMCH_GEN8_GMS_MASK; 151 } 152 153 if (gen < 9) { 154 return gms * 32 * MiB; 155 } else { 156 if (gms < 0xf0) { 157 return gms * 32 * MiB; 158 } else { 159 return (gms - 0xf0 + 1) * 4 * MiB; 160 } 161 } 162 163 return 0; 164 } 165 166 /* 167 * The rather short list of registers that we copy from the host devices. 168 * The LPC/ISA bridge values are definitely needed to support the vBIOS, the 169 * host bridge values may or may not be needed depending on the guest OS. 170 * Since we're only munging revision and subsystem values on the host bridge, 171 * we don't require our own device. The LPC/ISA bridge needs to be our very 172 * own though. 173 */ 174 typedef struct { 175 uint8_t offset; 176 uint8_t len; 177 } IGDHostInfo; 178 179 static const IGDHostInfo igd_host_bridge_infos[] = { 180 {PCI_REVISION_ID, 2}, 181 {PCI_SUBSYSTEM_VENDOR_ID, 2}, 182 {PCI_SUBSYSTEM_ID, 2}, 183 }; 184 185 static const IGDHostInfo igd_lpc_bridge_infos[] = { 186 {PCI_VENDOR_ID, 2}, 187 {PCI_DEVICE_ID, 2}, 188 {PCI_REVISION_ID, 2}, 189 {PCI_SUBSYSTEM_VENDOR_ID, 2}, 190 {PCI_SUBSYSTEM_ID, 2}, 191 }; 192 193 static int vfio_pci_igd_copy(VFIOPCIDevice *vdev, PCIDevice *pdev, 194 struct vfio_region_info *info, 195 const IGDHostInfo *list, int len) 196 { 197 int i, ret; 198 199 for (i = 0; i < len; i++) { 200 ret = pread(vdev->vbasedev.fd, pdev->config + list[i].offset, 201 list[i].len, info->offset + list[i].offset); 202 if (ret != list[i].len) { 203 error_report("IGD copy failed: %m"); 204 return -errno; 205 } 206 } 207 208 return 0; 209 } 210 211 /* 212 * Stuff a few values into the host bridge. 213 */ 214 static int vfio_pci_igd_host_init(VFIOPCIDevice *vdev, 215 struct vfio_region_info *info) 216 { 217 PCIBus *bus; 218 PCIDevice *host_bridge; 219 int ret; 220 221 bus = pci_device_root_bus(&vdev->pdev); 222 host_bridge = pci_find_device(bus, 0, PCI_DEVFN(0, 0)); 223 224 if (!host_bridge) { 225 error_report("Can't find host bridge"); 226 return -ENODEV; 227 } 228 229 ret = vfio_pci_igd_copy(vdev, host_bridge, info, igd_host_bridge_infos, 230 ARRAY_SIZE(igd_host_bridge_infos)); 231 if (!ret) { 232 trace_vfio_pci_igd_host_bridge_enabled(vdev->vbasedev.name); 233 } 234 235 return ret; 236 } 237 238 /* 239 * IGD LPC/ISA bridge support code. The vBIOS needs this, but we can't write 240 * arbitrary values into just any bridge, so we must create our own. We try 241 * to handle if the user has created it for us, which they might want to do 242 * to enable multifunction so we don't occupy the whole PCI slot. 243 */ 244 static void vfio_pci_igd_lpc_bridge_realize(PCIDevice *pdev, Error **errp) 245 { 246 if (pdev->devfn != PCI_DEVFN(0x1f, 0)) { 247 error_setg(errp, "VFIO dummy ISA/LPC bridge must have address 1f.0"); 248 } 249 } 250 251 static void vfio_pci_igd_lpc_bridge_class_init(ObjectClass *klass, void *data) 252 { 253 DeviceClass *dc = DEVICE_CLASS(klass); 254 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 255 256 set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); 257 dc->desc = "VFIO dummy ISA/LPC bridge for IGD assignment"; 258 dc->hotpluggable = false; 259 k->realize = vfio_pci_igd_lpc_bridge_realize; 260 k->class_id = PCI_CLASS_BRIDGE_ISA; 261 } 262 263 static const TypeInfo vfio_pci_igd_lpc_bridge_info = { 264 .name = "vfio-pci-igd-lpc-bridge", 265 .parent = TYPE_PCI_DEVICE, 266 .class_init = vfio_pci_igd_lpc_bridge_class_init, 267 .interfaces = (InterfaceInfo[]) { 268 { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 269 { }, 270 }, 271 }; 272 273 static void vfio_pci_igd_register_types(void) 274 { 275 type_register_static(&vfio_pci_igd_lpc_bridge_info); 276 } 277 278 type_init(vfio_pci_igd_register_types) 279 280 static int vfio_pci_igd_lpc_init(VFIOPCIDevice *vdev, 281 struct vfio_region_info *info) 282 { 283 PCIDevice *lpc_bridge; 284 int ret; 285 286 lpc_bridge = pci_find_device(pci_device_root_bus(&vdev->pdev), 287 0, PCI_DEVFN(0x1f, 0)); 288 if (!lpc_bridge) { 289 lpc_bridge = pci_create_simple(pci_device_root_bus(&vdev->pdev), 290 PCI_DEVFN(0x1f, 0), "vfio-pci-igd-lpc-bridge"); 291 } 292 293 ret = vfio_pci_igd_copy(vdev, lpc_bridge, info, igd_lpc_bridge_infos, 294 ARRAY_SIZE(igd_lpc_bridge_infos)); 295 if (!ret) { 296 trace_vfio_pci_igd_lpc_bridge_enabled(vdev->vbasedev.name); 297 } 298 299 return ret; 300 } 301 302 /* 303 * IGD Gen8 and newer support up to 8MB for the GTT and use a 64bit PTE 304 * entry, older IGDs use 2MB and 32bit. Each PTE maps a 4k page. Therefore 305 * we either have 2M/4k * 4 = 2k or 8M/4k * 8 = 16k as the maximum iobar index 306 * for programming the GTT. 307 * 308 * See linux:include/drm/i915_drm.h for shift and mask values. 309 */ 310 static int vfio_igd_gtt_max(VFIOPCIDevice *vdev) 311 { 312 uint32_t gmch = vfio_pci_read_config(&vdev->pdev, IGD_GMCH, sizeof(gmch)); 313 int gen = igd_gen(vdev); 314 uint64_t ggms_size = igd_gtt_memory_size(gen, gmch); 315 316 return (ggms_size / (4 * KiB)) * (gen < 8 ? 4 : 8); 317 } 318 319 /* 320 * The IGD ROM will make use of stolen memory (GGMS) for support of VESA modes. 321 * Somehow the host stolen memory range is used for this, but how the ROM gets 322 * it is a mystery, perhaps it's hardcoded into the ROM. Thankfully though, it 323 * reprograms the GTT through the IOBAR where we can trap it and transpose the 324 * programming to the VM allocated buffer. That buffer gets reserved by the VM 325 * firmware via the fw_cfg entry added below. Here we're just monitoring the 326 * IOBAR address and data registers to detect a write sequence targeting the 327 * GTTADR. This code is developed by observed behavior and doesn't have a 328 * direct spec reference, unfortunately. 329 */ 330 static uint64_t vfio_igd_quirk_data_read(void *opaque, 331 hwaddr addr, unsigned size) 332 { 333 VFIOIGDQuirk *igd = opaque; 334 VFIOPCIDevice *vdev = igd->vdev; 335 336 igd->index = ~0; 337 338 return vfio_region_read(&vdev->bars[4].region, addr + 4, size); 339 } 340 341 static void vfio_igd_quirk_data_write(void *opaque, hwaddr addr, 342 uint64_t data, unsigned size) 343 { 344 VFIOIGDQuirk *igd = opaque; 345 VFIOPCIDevice *vdev = igd->vdev; 346 uint64_t val = data; 347 int gen = igd_gen(vdev); 348 349 /* 350 * Programming the GGMS starts at index 0x1 and uses every 4th index (ie. 351 * 0x1, 0x5, 0x9, 0xd,...). For pre-Gen8 each 4-byte write is a whole PTE 352 * entry, with 0th bit enable set. For Gen8 and up, PTEs are 64bit, so 353 * entries 0x5 & 0xd are the high dword, in our case zero. Each PTE points 354 * to a 4k page, which we translate to a page from the VM allocated region, 355 * pointed to by the BDSM register. If this is not set, we fail. 356 * 357 * We trap writes to the full configured GTT size, but we typically only 358 * see the vBIOS writing up to (nearly) the 1MB barrier. In fact it often 359 * seems to miss the last entry for an even 1MB GTT. Doing a gratuitous 360 * write of that last entry does work, but is hopefully unnecessary since 361 * we clear the previous GTT on initialization. 362 */ 363 if ((igd->index % 4 == 1) && igd->index < vfio_igd_gtt_max(vdev)) { 364 if (gen < 8 || (igd->index % 8 == 1)) { 365 uint64_t base; 366 367 if (gen < 11) { 368 base = pci_get_long(vdev->pdev.config + IGD_BDSM); 369 } else { 370 base = pci_get_quad(vdev->pdev.config + IGD_BDSM_GEN11); 371 } 372 if (!base) { 373 hw_error("vfio-igd: Guest attempted to program IGD GTT before " 374 "BIOS reserved stolen memory. Unsupported BIOS?"); 375 } 376 377 val = data - igd->bdsm + base; 378 } else { 379 val = 0; /* upper 32bits of pte, we only enable below 4G PTEs */ 380 } 381 382 trace_vfio_pci_igd_bar4_write(vdev->vbasedev.name, 383 igd->index, data, val); 384 } 385 386 vfio_region_write(&vdev->bars[4].region, addr + 4, val, size); 387 388 igd->index = ~0; 389 } 390 391 static const MemoryRegionOps vfio_igd_data_quirk = { 392 .read = vfio_igd_quirk_data_read, 393 .write = vfio_igd_quirk_data_write, 394 .endianness = DEVICE_LITTLE_ENDIAN, 395 }; 396 397 static uint64_t vfio_igd_quirk_index_read(void *opaque, 398 hwaddr addr, unsigned size) 399 { 400 VFIOIGDQuirk *igd = opaque; 401 VFIOPCIDevice *vdev = igd->vdev; 402 403 igd->index = ~0; 404 405 return vfio_region_read(&vdev->bars[4].region, addr, size); 406 } 407 408 static void vfio_igd_quirk_index_write(void *opaque, hwaddr addr, 409 uint64_t data, unsigned size) 410 { 411 VFIOIGDQuirk *igd = opaque; 412 VFIOPCIDevice *vdev = igd->vdev; 413 414 igd->index = data; 415 416 vfio_region_write(&vdev->bars[4].region, addr, data, size); 417 } 418 419 static const MemoryRegionOps vfio_igd_index_quirk = { 420 .read = vfio_igd_quirk_index_read, 421 .write = vfio_igd_quirk_index_write, 422 .endianness = DEVICE_LITTLE_ENDIAN, 423 }; 424 425 static uint64_t vfio_igd_pci_config_read(VFIOPCIDevice *vdev, uint64_t offset, 426 unsigned size) 427 { 428 switch (size) { 429 case 1: 430 return pci_get_byte(vdev->pdev.config + offset); 431 case 2: 432 return pci_get_word(vdev->pdev.config + offset); 433 case 4: 434 return pci_get_long(vdev->pdev.config + offset); 435 case 8: 436 return pci_get_quad(vdev->pdev.config + offset); 437 default: 438 hw_error("igd: unsupported pci config read at %"PRIx64", size %u", 439 offset, size); 440 break; 441 } 442 443 return 0; 444 } 445 446 static void vfio_igd_pci_config_write(VFIOPCIDevice *vdev, uint64_t offset, 447 uint64_t data, unsigned size) 448 { 449 switch (size) { 450 case 1: 451 pci_set_byte(vdev->pdev.config + offset, data); 452 break; 453 case 2: 454 pci_set_word(vdev->pdev.config + offset, data); 455 break; 456 case 4: 457 pci_set_long(vdev->pdev.config + offset, data); 458 break; 459 case 8: 460 pci_set_quad(vdev->pdev.config + offset, data); 461 break; 462 default: 463 hw_error("igd: unsupported pci config write at %"PRIx64", size %u", 464 offset, size); 465 break; 466 } 467 } 468 469 #define VFIO_IGD_QUIRK_MIRROR_REG(reg, name) \ 470 static uint64_t vfio_igd_quirk_read_##name(void *opaque, \ 471 hwaddr addr, unsigned size) \ 472 { \ 473 VFIOPCIDevice *vdev = opaque; \ 474 \ 475 return vfio_igd_pci_config_read(vdev, reg + addr, size); \ 476 } \ 477 \ 478 static void vfio_igd_quirk_write_##name(void *opaque, hwaddr addr, \ 479 uint64_t data, unsigned size) \ 480 { \ 481 VFIOPCIDevice *vdev = opaque; \ 482 \ 483 vfio_igd_pci_config_write(vdev, reg + addr, data, size); \ 484 } \ 485 \ 486 static const MemoryRegionOps vfio_igd_quirk_mirror_##name = { \ 487 .read = vfio_igd_quirk_read_##name, \ 488 .write = vfio_igd_quirk_write_##name, \ 489 .endianness = DEVICE_LITTLE_ENDIAN, \ 490 }; 491 492 VFIO_IGD_QUIRK_MIRROR_REG(IGD_GMCH, ggc) 493 VFIO_IGD_QUIRK_MIRROR_REG(IGD_BDSM, bdsm) 494 VFIO_IGD_QUIRK_MIRROR_REG(IGD_BDSM_GEN11, bdsm64) 495 496 #define IGD_GGC_MMIO_OFFSET 0x108040 497 #define IGD_BDSM_MMIO_OFFSET 0x1080C0 498 499 void vfio_probe_igd_bar0_quirk(VFIOPCIDevice *vdev, int nr) 500 { 501 VFIOQuirk *quirk; 502 int gen; 503 504 /* 505 * This must be an Intel VGA device at address 00:02.0 for us to even 506 * consider enabling legacy mode. Some driver have dependencies on the PCI 507 * bus address. 508 */ 509 if (!vfio_pci_is(vdev, PCI_VENDOR_ID_INTEL, PCI_ANY_ID) || 510 !vfio_is_vga(vdev) || nr != 0 || 511 &vdev->pdev != pci_find_device(pci_device_root_bus(&vdev->pdev), 512 0, PCI_DEVFN(0x2, 0))) { 513 return; 514 } 515 516 /* 517 * Only on IGD devices of gen 11 and above, the BDSM register is mirrored 518 * into MMIO space and read from MMIO space by the Windows driver. 519 */ 520 gen = igd_gen(vdev); 521 if (gen < 6) { 522 return; 523 } 524 525 quirk = vfio_quirk_alloc(2); 526 quirk->data = vdev; 527 528 memory_region_init_io(&quirk->mem[0], OBJECT(vdev), 529 &vfio_igd_quirk_mirror_ggc, vdev, 530 "vfio-igd-ggc-quirk", 2); 531 memory_region_add_subregion_overlap(vdev->bars[0].region.mem, 532 IGD_GGC_MMIO_OFFSET, &quirk->mem[0], 533 1); 534 535 if (gen < 11) { 536 memory_region_init_io(&quirk->mem[1], OBJECT(vdev), 537 &vfio_igd_quirk_mirror_bdsm, vdev, 538 "vfio-igd-bdsm-quirk", 4); 539 memory_region_add_subregion_overlap(vdev->bars[0].region.mem, 540 IGD_BDSM_MMIO_OFFSET, 541 &quirk->mem[1], 1); 542 } else { 543 memory_region_init_io(&quirk->mem[1], OBJECT(vdev), 544 &vfio_igd_quirk_mirror_bdsm64, vdev, 545 "vfio-igd-bdsm-quirk", 8); 546 memory_region_add_subregion_overlap(vdev->bars[0].region.mem, 547 IGD_BDSM_MMIO_OFFSET, 548 &quirk->mem[1], 1); 549 } 550 551 QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next); 552 } 553 554 void vfio_probe_igd_bar4_quirk(VFIOPCIDevice *vdev, int nr) 555 { 556 g_autofree struct vfio_region_info *rom = NULL; 557 g_autofree struct vfio_region_info *opregion = NULL; 558 g_autofree struct vfio_region_info *host = NULL; 559 g_autofree struct vfio_region_info *lpc = NULL; 560 VFIOQuirk *quirk; 561 VFIOIGDQuirk *igd; 562 PCIDevice *lpc_bridge; 563 int i, ret, gen; 564 uint64_t ggms_size, gms_size; 565 uint64_t *bdsm_size; 566 uint32_t gmch; 567 uint16_t cmd_orig, cmd; 568 Error *err = NULL; 569 570 /* 571 * This must be an Intel VGA device at address 00:02.0 for us to even 572 * consider enabling legacy mode. The vBIOS has dependencies on the 573 * PCI bus address. 574 */ 575 if (!vfio_pci_is(vdev, PCI_VENDOR_ID_INTEL, PCI_ANY_ID) || 576 !vfio_is_vga(vdev) || nr != 4 || 577 &vdev->pdev != pci_find_device(pci_device_root_bus(&vdev->pdev), 578 0, PCI_DEVFN(0x2, 0))) { 579 return; 580 } 581 582 /* 583 * We need to create an LPC/ISA bridge at PCI bus address 00:1f.0 that we 584 * can stuff host values into, so if there's already one there and it's not 585 * one we can hack on, legacy mode is no-go. Sorry Q35. 586 */ 587 lpc_bridge = pci_find_device(pci_device_root_bus(&vdev->pdev), 588 0, PCI_DEVFN(0x1f, 0)); 589 if (lpc_bridge && !object_dynamic_cast(OBJECT(lpc_bridge), 590 "vfio-pci-igd-lpc-bridge")) { 591 error_report("IGD device %s cannot support legacy mode due to existing " 592 "devices at address 1f.0", vdev->vbasedev.name); 593 return; 594 } 595 596 /* 597 * IGD is not a standard, they like to change their specs often. We 598 * only attempt to support back to SandBridge and we hope that newer 599 * devices maintain compatibility with generation 8. 600 */ 601 gen = igd_gen(vdev); 602 if (gen == -1) { 603 error_report("IGD device %s is unsupported in legacy mode, " 604 "try SandyBridge or newer", vdev->vbasedev.name); 605 return; 606 } 607 608 /* 609 * Most of what we're doing here is to enable the ROM to run, so if 610 * there's no ROM, there's no point in setting up this quirk. 611 * NB. We only seem to get BIOS ROMs, so a UEFI VM would need CSM support. 612 */ 613 ret = vfio_get_region_info(&vdev->vbasedev, 614 VFIO_PCI_ROM_REGION_INDEX, &rom); 615 if ((ret || !rom->size) && !vdev->pdev.romfile) { 616 error_report("IGD device %s has no ROM, legacy mode disabled", 617 vdev->vbasedev.name); 618 return; 619 } 620 621 /* 622 * Ignore the hotplug corner case, mark the ROM failed, we can't 623 * create the devices we need for legacy mode in the hotplug scenario. 624 */ 625 if (vdev->pdev.qdev.hotplugged) { 626 error_report("IGD device %s hotplugged, ROM disabled, " 627 "legacy mode disabled", vdev->vbasedev.name); 628 vdev->rom_read_failed = true; 629 return; 630 } 631 632 /* 633 * Check whether we have all the vfio device specific regions to 634 * support legacy mode (added in Linux v4.6). If not, bail. 635 */ 636 ret = vfio_get_dev_region_info(&vdev->vbasedev, 637 VFIO_REGION_TYPE_PCI_VENDOR_TYPE | PCI_VENDOR_ID_INTEL, 638 VFIO_REGION_SUBTYPE_INTEL_IGD_OPREGION, &opregion); 639 if (ret) { 640 error_report("IGD device %s does not support OpRegion access," 641 "legacy mode disabled", vdev->vbasedev.name); 642 return; 643 } 644 645 ret = vfio_get_dev_region_info(&vdev->vbasedev, 646 VFIO_REGION_TYPE_PCI_VENDOR_TYPE | PCI_VENDOR_ID_INTEL, 647 VFIO_REGION_SUBTYPE_INTEL_IGD_HOST_CFG, &host); 648 if (ret) { 649 error_report("IGD device %s does not support host bridge access," 650 "legacy mode disabled", vdev->vbasedev.name); 651 return; 652 } 653 654 ret = vfio_get_dev_region_info(&vdev->vbasedev, 655 VFIO_REGION_TYPE_PCI_VENDOR_TYPE | PCI_VENDOR_ID_INTEL, 656 VFIO_REGION_SUBTYPE_INTEL_IGD_LPC_CFG, &lpc); 657 if (ret) { 658 error_report("IGD device %s does not support LPC bridge access," 659 "legacy mode disabled", vdev->vbasedev.name); 660 return; 661 } 662 663 gmch = vfio_pci_read_config(&vdev->pdev, IGD_GMCH, 4); 664 665 /* 666 * If IGD VGA Disable is clear (expected) and VGA is not already enabled, 667 * try to enable it. Probably shouldn't be using legacy mode without VGA, 668 * but also no point in us enabling VGA if disabled in hardware. 669 */ 670 if (!(gmch & 0x2) && !vdev->vga && !vfio_populate_vga(vdev, &err)) { 671 error_reportf_err(err, VFIO_MSG_PREFIX, vdev->vbasedev.name); 672 error_report("IGD device %s failed to enable VGA access, " 673 "legacy mode disabled", vdev->vbasedev.name); 674 return; 675 } 676 677 /* Create our LPC/ISA bridge */ 678 ret = vfio_pci_igd_lpc_init(vdev, lpc); 679 if (ret) { 680 error_report("IGD device %s failed to create LPC bridge, " 681 "legacy mode disabled", vdev->vbasedev.name); 682 return; 683 } 684 685 /* Stuff some host values into the VM PCI host bridge */ 686 ret = vfio_pci_igd_host_init(vdev, host); 687 if (ret) { 688 error_report("IGD device %s failed to modify host bridge, " 689 "legacy mode disabled", vdev->vbasedev.name); 690 return; 691 } 692 693 /* Setup OpRegion access */ 694 if (!vfio_pci_igd_opregion_init(vdev, opregion, &err)) { 695 error_append_hint(&err, "IGD legacy mode disabled\n"); 696 error_reportf_err(err, VFIO_MSG_PREFIX, vdev->vbasedev.name); 697 return; 698 } 699 700 /* Setup our quirk to munge GTT addresses to the VM allocated buffer */ 701 quirk = vfio_quirk_alloc(2); 702 igd = quirk->data = g_malloc0(sizeof(*igd)); 703 igd->vdev = vdev; 704 igd->index = ~0; 705 if (gen < 11) { 706 igd->bdsm = vfio_pci_read_config(&vdev->pdev, IGD_BDSM, 4); 707 } else { 708 igd->bdsm = vfio_pci_read_config(&vdev->pdev, IGD_BDSM_GEN11, 4); 709 igd->bdsm |= 710 (uint64_t)vfio_pci_read_config(&vdev->pdev, IGD_BDSM_GEN11 + 4, 4) << 32; 711 } 712 igd->bdsm &= ~((1 * MiB) - 1); /* 1MB aligned */ 713 714 memory_region_init_io(&quirk->mem[0], OBJECT(vdev), &vfio_igd_index_quirk, 715 igd, "vfio-igd-index-quirk", 4); 716 memory_region_add_subregion_overlap(vdev->bars[nr].region.mem, 717 0, &quirk->mem[0], 1); 718 719 memory_region_init_io(&quirk->mem[1], OBJECT(vdev), &vfio_igd_data_quirk, 720 igd, "vfio-igd-data-quirk", 4); 721 memory_region_add_subregion_overlap(vdev->bars[nr].region.mem, 722 4, &quirk->mem[1], 1); 723 724 QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next); 725 726 /* 727 * Allow user to override dsm size using x-igd-gms option, in multiples of 728 * 32MiB. This option should only be used when the desired size cannot be 729 * set from DVMT Pre-Allocated option in host BIOS. 730 */ 731 if (vdev->igd_gms) { 732 if (gen < 8) { 733 if (vdev->igd_gms <= 0x10) { 734 gmch &= ~(IGD_GMCH_GEN6_GMS_MASK << IGD_GMCH_GEN6_GMS_SHIFT); 735 gmch |= vdev->igd_gms << IGD_GMCH_GEN6_GMS_SHIFT; 736 } else { 737 error_report(QERR_INVALID_PARAMETER_VALUE, 738 "x-igd-gms", "0~0x10"); 739 } 740 } else { 741 if (vdev->igd_gms <= 0x40) { 742 gmch &= ~(IGD_GMCH_GEN8_GMS_MASK << IGD_GMCH_GEN8_GMS_SHIFT); 743 gmch |= vdev->igd_gms << IGD_GMCH_GEN8_GMS_SHIFT; 744 } else { 745 error_report(QERR_INVALID_PARAMETER_VALUE, 746 "x-igd-gms", "0~0x40"); 747 } 748 } 749 } 750 751 ggms_size = igd_gtt_memory_size(gen, gmch); 752 gms_size = igd_stolen_memory_size(gen, gmch); 753 754 /* 755 * Request reserved memory for stolen memory via fw_cfg. VM firmware 756 * must allocate a 1MB aligned reserved memory region below 4GB with 757 * the requested size (in bytes) for use by the Intel PCI class VGA 758 * device at VM address 00:02.0. The base address of this reserved 759 * memory region must be written to the device BDSM register at PCI 760 * config offset 0x5C. 761 */ 762 bdsm_size = g_malloc(sizeof(*bdsm_size)); 763 *bdsm_size = cpu_to_le64(ggms_size + gms_size); 764 fw_cfg_add_file(fw_cfg_find(), "etc/igd-bdsm-size", 765 bdsm_size, sizeof(*bdsm_size)); 766 767 /* GMCH is read-only, emulated */ 768 pci_set_long(vdev->pdev.config + IGD_GMCH, gmch); 769 pci_set_long(vdev->pdev.wmask + IGD_GMCH, 0); 770 pci_set_long(vdev->emulated_config_bits + IGD_GMCH, ~0); 771 772 /* BDSM is read-write, emulated. The BIOS needs to be able to write it */ 773 if (gen < 11) { 774 pci_set_long(vdev->pdev.config + IGD_BDSM, 0); 775 pci_set_long(vdev->pdev.wmask + IGD_BDSM, ~0); 776 pci_set_long(vdev->emulated_config_bits + IGD_BDSM, ~0); 777 } else { 778 pci_set_quad(vdev->pdev.config + IGD_BDSM_GEN11, 0); 779 pci_set_quad(vdev->pdev.wmask + IGD_BDSM_GEN11, ~0); 780 pci_set_quad(vdev->emulated_config_bits + IGD_BDSM_GEN11, ~0); 781 } 782 783 /* 784 * This IOBAR gives us access to GTTADR, which allows us to write to 785 * the GTT itself. So let's go ahead and write zero to all the GTT 786 * entries to avoid spurious DMA faults. Be sure I/O access is enabled 787 * before talking to the device. 788 */ 789 if (pread(vdev->vbasedev.fd, &cmd_orig, sizeof(cmd_orig), 790 vdev->config_offset + PCI_COMMAND) != sizeof(cmd_orig)) { 791 error_report("IGD device %s - failed to read PCI command register", 792 vdev->vbasedev.name); 793 } 794 795 cmd = cmd_orig | PCI_COMMAND_IO; 796 797 if (pwrite(vdev->vbasedev.fd, &cmd, sizeof(cmd), 798 vdev->config_offset + PCI_COMMAND) != sizeof(cmd)) { 799 error_report("IGD device %s - failed to write PCI command register", 800 vdev->vbasedev.name); 801 } 802 803 for (i = 1; i < vfio_igd_gtt_max(vdev); i += 4) { 804 vfio_region_write(&vdev->bars[4].region, 0, i, 4); 805 vfio_region_write(&vdev->bars[4].region, 4, 0, 4); 806 } 807 808 if (pwrite(vdev->vbasedev.fd, &cmd_orig, sizeof(cmd_orig), 809 vdev->config_offset + PCI_COMMAND) != sizeof(cmd_orig)) { 810 error_report("IGD device %s - failed to restore PCI command register", 811 vdev->vbasedev.name); 812 } 813 814 trace_vfio_pci_igd_bdsm_enabled(vdev->vbasedev.name, 815 (ggms_size + gms_size) / MiB); 816 } 817