1 /* 2 * device quirks for PCI devices 3 * 4 * Copyright Red Hat, Inc. 2012-2015 5 * 6 * Authors: 7 * Alex Williamson <alex.williamson@redhat.com> 8 * 9 * This work is licensed under the terms of the GNU GPL, version 2. See 10 * the COPYING file in the top-level directory. 11 */ 12 13 #include "pci.h" 14 #include "trace.h" 15 #include "qemu/range.h" 16 17 #define PCI_ANY_ID (~0) 18 19 /* Use uin32_t for vendor & device so PCI_ANY_ID expands and cannot match hw */ 20 static bool vfio_pci_is(VFIOPCIDevice *vdev, uint32_t vendor, uint32_t device) 21 { 22 PCIDevice *pdev = &vdev->pdev; 23 24 return (vendor == PCI_ANY_ID || 25 vendor == pci_get_word(pdev->config + PCI_VENDOR_ID)) && 26 (device == PCI_ANY_ID || 27 device == pci_get_word(pdev->config + PCI_DEVICE_ID)); 28 } 29 30 static bool vfio_is_vga(VFIOPCIDevice *vdev) 31 { 32 PCIDevice *pdev = &vdev->pdev; 33 uint16_t class = pci_get_word(pdev->config + PCI_CLASS_DEVICE); 34 35 return class == PCI_CLASS_DISPLAY_VGA; 36 } 37 38 /* 39 * List of device ids/vendor ids for which to disable 40 * option rom loading. This avoids the guest hangs during rom 41 * execution as noticed with the BCM 57810 card for lack of a 42 * more better way to handle such issues. 43 * The user can still override by specifying a romfile or 44 * rombar=1. 45 * Please see https://bugs.launchpad.net/qemu/+bug/1284874 46 * for an analysis of the 57810 card hang. When adding 47 * a new vendor id/device id combination below, please also add 48 * your card/environment details and information that could 49 * help in debugging to the bug tracking this issue 50 */ 51 static const struct { 52 uint32_t vendor; 53 uint32_t device; 54 } romblacklist[] = { 55 { 0x14e4, 0x168e }, /* Broadcom BCM 57810 */ 56 }; 57 58 bool vfio_blacklist_opt_rom(VFIOPCIDevice *vdev) 59 { 60 int i; 61 62 for (i = 0 ; i < ARRAY_SIZE(romblacklist); i++) { 63 if (vfio_pci_is(vdev, romblacklist[i].vendor, romblacklist[i].device)) { 64 trace_vfio_quirk_rom_blacklisted(vdev->vbasedev.name, 65 romblacklist[i].vendor, 66 romblacklist[i].device); 67 return true; 68 } 69 } 70 return false; 71 } 72 73 /* 74 * Device specific region quirks (mostly backdoors to PCI config space) 75 */ 76 77 /* 78 * The generic window quirks operate on an address and data register, 79 * vfio_generic_window_address_quirk handles the address register and 80 * vfio_generic_window_data_quirk handles the data register. These ops 81 * pass reads and writes through to hardware until a value matching the 82 * stored address match/mask is written. When this occurs, the data 83 * register access emulated PCI config space for the device rather than 84 * passing through accesses. This enables devices where PCI config space 85 * is accessible behind a window register to maintain the virtualization 86 * provided through vfio. 87 */ 88 typedef struct VFIOConfigWindowMatch { 89 uint32_t match; 90 uint32_t mask; 91 } VFIOConfigWindowMatch; 92 93 typedef struct VFIOConfigWindowQuirk { 94 struct VFIOPCIDevice *vdev; 95 96 uint32_t address_val; 97 98 uint32_t address_offset; 99 uint32_t data_offset; 100 101 bool window_enabled; 102 uint8_t bar; 103 104 MemoryRegion *addr_mem; 105 MemoryRegion *data_mem; 106 107 uint32_t nr_matches; 108 VFIOConfigWindowMatch matches[]; 109 } VFIOConfigWindowQuirk; 110 111 static uint64_t vfio_generic_window_quirk_address_read(void *opaque, 112 hwaddr addr, 113 unsigned size) 114 { 115 VFIOConfigWindowQuirk *window = opaque; 116 VFIOPCIDevice *vdev = window->vdev; 117 118 return vfio_region_read(&vdev->bars[window->bar].region, 119 addr + window->address_offset, size); 120 } 121 122 static void vfio_generic_window_quirk_address_write(void *opaque, hwaddr addr, 123 uint64_t data, 124 unsigned size) 125 { 126 VFIOConfigWindowQuirk *window = opaque; 127 VFIOPCIDevice *vdev = window->vdev; 128 int i; 129 130 window->window_enabled = false; 131 132 vfio_region_write(&vdev->bars[window->bar].region, 133 addr + window->address_offset, data, size); 134 135 for (i = 0; i < window->nr_matches; i++) { 136 if ((data & ~window->matches[i].mask) == window->matches[i].match) { 137 window->window_enabled = true; 138 window->address_val = data & window->matches[i].mask; 139 trace_vfio_quirk_generic_window_address_write(vdev->vbasedev.name, 140 memory_region_name(window->addr_mem), data); 141 break; 142 } 143 } 144 } 145 146 static const MemoryRegionOps vfio_generic_window_address_quirk = { 147 .read = vfio_generic_window_quirk_address_read, 148 .write = vfio_generic_window_quirk_address_write, 149 .endianness = DEVICE_LITTLE_ENDIAN, 150 }; 151 152 static uint64_t vfio_generic_window_quirk_data_read(void *opaque, 153 hwaddr addr, unsigned size) 154 { 155 VFIOConfigWindowQuirk *window = opaque; 156 VFIOPCIDevice *vdev = window->vdev; 157 uint64_t data; 158 159 /* Always read data reg, discard if window enabled */ 160 data = vfio_region_read(&vdev->bars[window->bar].region, 161 addr + window->data_offset, size); 162 163 if (window->window_enabled) { 164 data = vfio_pci_read_config(&vdev->pdev, window->address_val, size); 165 trace_vfio_quirk_generic_window_data_read(vdev->vbasedev.name, 166 memory_region_name(window->data_mem), data); 167 } 168 169 return data; 170 } 171 172 static void vfio_generic_window_quirk_data_write(void *opaque, hwaddr addr, 173 uint64_t data, unsigned size) 174 { 175 VFIOConfigWindowQuirk *window = opaque; 176 VFIOPCIDevice *vdev = window->vdev; 177 178 if (window->window_enabled) { 179 vfio_pci_write_config(&vdev->pdev, window->address_val, data, size); 180 trace_vfio_quirk_generic_window_data_write(vdev->vbasedev.name, 181 memory_region_name(window->data_mem), data); 182 return; 183 } 184 185 vfio_region_write(&vdev->bars[window->bar].region, 186 addr + window->data_offset, data, size); 187 } 188 189 static const MemoryRegionOps vfio_generic_window_data_quirk = { 190 .read = vfio_generic_window_quirk_data_read, 191 .write = vfio_generic_window_quirk_data_write, 192 .endianness = DEVICE_LITTLE_ENDIAN, 193 }; 194 195 /* 196 * The generic mirror quirk handles devices which expose PCI config space 197 * through a region within a BAR. When enabled, reads and writes are 198 * redirected through to emulated PCI config space. XXX if PCI config space 199 * used memory regions, this could just be an alias. 200 */ 201 typedef struct VFIOConfigMirrorQuirk { 202 struct VFIOPCIDevice *vdev; 203 uint32_t offset; 204 uint8_t bar; 205 MemoryRegion *mem; 206 } VFIOConfigMirrorQuirk; 207 208 static uint64_t vfio_generic_quirk_mirror_read(void *opaque, 209 hwaddr addr, unsigned size) 210 { 211 VFIOConfigMirrorQuirk *mirror = opaque; 212 VFIOPCIDevice *vdev = mirror->vdev; 213 uint64_t data; 214 215 /* Read and discard in case the hardware cares */ 216 (void)vfio_region_read(&vdev->bars[mirror->bar].region, 217 addr + mirror->offset, size); 218 219 data = vfio_pci_read_config(&vdev->pdev, addr, size); 220 trace_vfio_quirk_generic_mirror_read(vdev->vbasedev.name, 221 memory_region_name(mirror->mem), 222 addr, data); 223 return data; 224 } 225 226 static void vfio_generic_quirk_mirror_write(void *opaque, hwaddr addr, 227 uint64_t data, unsigned size) 228 { 229 VFIOConfigMirrorQuirk *mirror = opaque; 230 VFIOPCIDevice *vdev = mirror->vdev; 231 232 vfio_pci_write_config(&vdev->pdev, addr, data, size); 233 trace_vfio_quirk_generic_mirror_write(vdev->vbasedev.name, 234 memory_region_name(mirror->mem), 235 addr, data); 236 } 237 238 static const MemoryRegionOps vfio_generic_mirror_quirk = { 239 .read = vfio_generic_quirk_mirror_read, 240 .write = vfio_generic_quirk_mirror_write, 241 .endianness = DEVICE_LITTLE_ENDIAN, 242 }; 243 244 /* Is range1 fully contained within range2? */ 245 static bool vfio_range_contained(uint64_t first1, uint64_t len1, 246 uint64_t first2, uint64_t len2) { 247 return (first1 >= first2 && first1 + len1 <= first2 + len2); 248 } 249 250 #define PCI_VENDOR_ID_ATI 0x1002 251 252 /* 253 * Radeon HD cards (HD5450 & HD7850) report the upper byte of the I/O port BAR 254 * through VGA register 0x3c3. On newer cards, the I/O port BAR is always 255 * BAR4 (older cards like the X550 used BAR1, but we don't care to support 256 * those). Note that on bare metal, a read of 0x3c3 doesn't always return the 257 * I/O port BAR address. Originally this was coded to return the virtual BAR 258 * address only if the physical register read returns the actual BAR address, 259 * but users have reported greater success if we return the virtual address 260 * unconditionally. 261 */ 262 static uint64_t vfio_ati_3c3_quirk_read(void *opaque, 263 hwaddr addr, unsigned size) 264 { 265 VFIOPCIDevice *vdev = opaque; 266 uint64_t data = vfio_pci_read_config(&vdev->pdev, 267 PCI_BASE_ADDRESS_4 + 1, size); 268 269 trace_vfio_quirk_ati_3c3_read(vdev->vbasedev.name, data); 270 271 return data; 272 } 273 274 static const MemoryRegionOps vfio_ati_3c3_quirk = { 275 .read = vfio_ati_3c3_quirk_read, 276 .endianness = DEVICE_LITTLE_ENDIAN, 277 }; 278 279 static void vfio_vga_probe_ati_3c3_quirk(VFIOPCIDevice *vdev) 280 { 281 VFIOQuirk *quirk; 282 283 /* 284 * As long as the BAR is >= 256 bytes it will be aligned such that the 285 * lower byte is always zero. Filter out anything else, if it exists. 286 */ 287 if (!vfio_pci_is(vdev, PCI_VENDOR_ID_ATI, PCI_ANY_ID) || 288 !vdev->bars[4].ioport || vdev->bars[4].region.size < 256) { 289 return; 290 } 291 292 quirk = g_malloc0(sizeof(*quirk)); 293 quirk->mem = g_malloc0_n(sizeof(MemoryRegion), 1); 294 quirk->nr_mem = 1; 295 296 memory_region_init_io(quirk->mem, OBJECT(vdev), &vfio_ati_3c3_quirk, vdev, 297 "vfio-ati-3c3-quirk", 1); 298 memory_region_add_subregion(&vdev->vga.region[QEMU_PCI_VGA_IO_HI].mem, 299 3 /* offset 3 bytes from 0x3c0 */, quirk->mem); 300 301 QLIST_INSERT_HEAD(&vdev->vga.region[QEMU_PCI_VGA_IO_HI].quirks, 302 quirk, next); 303 304 trace_vfio_quirk_ati_3c3_probe(vdev->vbasedev.name); 305 } 306 307 /* 308 * Newer ATI/AMD devices, including HD5450 and HD7850, have a mirror to PCI 309 * config space through MMIO BAR2 at offset 0x4000. Nothing seems to access 310 * the MMIO space directly, but a window to this space is provided through 311 * I/O port BAR4. Offset 0x0 is the address register and offset 0x4 is the 312 * data register. When the address is programmed to a range of 0x4000-0x4fff 313 * PCI configuration space is available. Experimentation seems to indicate 314 * that read-only may be provided by hardware. 315 */ 316 static void vfio_probe_ati_bar4_quirk(VFIOPCIDevice *vdev, int nr) 317 { 318 VFIOQuirk *quirk; 319 VFIOConfigWindowQuirk *window; 320 321 /* This windows doesn't seem to be used except by legacy VGA code */ 322 if (!vfio_pci_is(vdev, PCI_VENDOR_ID_ATI, PCI_ANY_ID) || 323 !vdev->has_vga || nr != 4) { 324 return; 325 } 326 327 quirk = g_malloc0(sizeof(*quirk)); 328 quirk->mem = g_malloc0_n(sizeof(MemoryRegion), 2); 329 quirk->nr_mem = 2; 330 window = quirk->data = g_malloc0(sizeof(*window) + 331 sizeof(VFIOConfigWindowMatch)); 332 window->vdev = vdev; 333 window->address_offset = 0; 334 window->data_offset = 4; 335 window->nr_matches = 1; 336 window->matches[0].match = 0x4000; 337 window->matches[0].mask = PCIE_CONFIG_SPACE_SIZE - 1; 338 window->bar = nr; 339 window->addr_mem = &quirk->mem[0]; 340 window->data_mem = &quirk->mem[1]; 341 342 memory_region_init_io(window->addr_mem, OBJECT(vdev), 343 &vfio_generic_window_address_quirk, window, 344 "vfio-ati-bar4-window-address-quirk", 4); 345 memory_region_add_subregion_overlap(&vdev->bars[nr].region.mem, 346 window->address_offset, 347 window->addr_mem, 1); 348 349 memory_region_init_io(window->data_mem, OBJECT(vdev), 350 &vfio_generic_window_data_quirk, window, 351 "vfio-ati-bar4-window-data-quirk", 4); 352 memory_region_add_subregion_overlap(&vdev->bars[nr].region.mem, 353 window->data_offset, 354 window->data_mem, 1); 355 356 QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next); 357 358 trace_vfio_quirk_ati_bar4_probe(vdev->vbasedev.name); 359 } 360 361 /* 362 * Trap the BAR2 MMIO mirror to config space as well. 363 */ 364 static void vfio_probe_ati_bar2_quirk(VFIOPCIDevice *vdev, int nr) 365 { 366 VFIOQuirk *quirk; 367 VFIOConfigMirrorQuirk *mirror; 368 369 /* Only enable on newer devices where BAR2 is 64bit */ 370 if (!vfio_pci_is(vdev, PCI_VENDOR_ID_ATI, PCI_ANY_ID) || 371 !vdev->has_vga || nr != 2 || !vdev->bars[2].mem64) { 372 return; 373 } 374 375 quirk = g_malloc0(sizeof(*quirk)); 376 mirror = quirk->data = g_malloc0(sizeof(*mirror)); 377 mirror->mem = quirk->mem = g_malloc0_n(sizeof(MemoryRegion), 1); 378 quirk->nr_mem = 1; 379 mirror->vdev = vdev; 380 mirror->offset = 0x4000; 381 mirror->bar = nr; 382 383 memory_region_init_io(mirror->mem, OBJECT(vdev), 384 &vfio_generic_mirror_quirk, mirror, 385 "vfio-ati-bar2-4000-quirk", PCI_CONFIG_SPACE_SIZE); 386 memory_region_add_subregion_overlap(&vdev->bars[nr].region.mem, 387 mirror->offset, mirror->mem, 1); 388 389 QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next); 390 391 trace_vfio_quirk_ati_bar2_probe(vdev->vbasedev.name); 392 } 393 394 /* 395 * Older ATI/AMD cards like the X550 have a similar window to that above. 396 * I/O port BAR1 provides a window to a mirror of PCI config space located 397 * in BAR2 at offset 0xf00. We don't care to support such older cards, but 398 * note it for future reference. 399 */ 400 401 #define PCI_VENDOR_ID_NVIDIA 0x10de 402 403 /* 404 * Nvidia has several different methods to get to config space, the 405 * nouveu project has several of these documented here: 406 * https://github.com/pathscale/envytools/tree/master/hwdocs 407 * 408 * The first quirk is actually not documented in envytools and is found 409 * on 10de:01d1 (NVIDIA Corporation G72 [GeForce 7300 LE]). This is an 410 * NV46 chipset. The backdoor uses the legacy VGA I/O ports to access 411 * the mirror of PCI config space found at BAR0 offset 0x1800. The access 412 * sequence first writes 0x338 to I/O port 0x3d4. The target offset is 413 * then written to 0x3d0. Finally 0x538 is written for a read and 0x738 414 * is written for a write to 0x3d4. The BAR0 offset is then accessible 415 * through 0x3d0. This quirk doesn't seem to be necessary on newer cards 416 * that use the I/O port BAR5 window but it doesn't hurt to leave it. 417 */ 418 typedef enum {NONE = 0, SELECT, WINDOW, READ, WRITE} VFIONvidia3d0State; 419 static const char *nv3d0_states[] = { "NONE", "SELECT", 420 "WINDOW", "READ", "WRITE" }; 421 422 typedef struct VFIONvidia3d0Quirk { 423 VFIOPCIDevice *vdev; 424 VFIONvidia3d0State state; 425 uint32_t offset; 426 } VFIONvidia3d0Quirk; 427 428 static uint64_t vfio_nvidia_3d4_quirk_read(void *opaque, 429 hwaddr addr, unsigned size) 430 { 431 VFIONvidia3d0Quirk *quirk = opaque; 432 VFIOPCIDevice *vdev = quirk->vdev; 433 434 quirk->state = NONE; 435 436 return vfio_vga_read(&vdev->vga.region[QEMU_PCI_VGA_IO_HI], 437 addr + 0x14, size); 438 } 439 440 static void vfio_nvidia_3d4_quirk_write(void *opaque, hwaddr addr, 441 uint64_t data, unsigned size) 442 { 443 VFIONvidia3d0Quirk *quirk = opaque; 444 VFIOPCIDevice *vdev = quirk->vdev; 445 VFIONvidia3d0State old_state = quirk->state; 446 447 quirk->state = NONE; 448 449 switch (data) { 450 case 0x338: 451 if (old_state == NONE) { 452 quirk->state = SELECT; 453 trace_vfio_quirk_nvidia_3d0_state(vdev->vbasedev.name, 454 nv3d0_states[quirk->state]); 455 } 456 break; 457 case 0x538: 458 if (old_state == WINDOW) { 459 quirk->state = READ; 460 trace_vfio_quirk_nvidia_3d0_state(vdev->vbasedev.name, 461 nv3d0_states[quirk->state]); 462 } 463 break; 464 case 0x738: 465 if (old_state == WINDOW) { 466 quirk->state = WRITE; 467 trace_vfio_quirk_nvidia_3d0_state(vdev->vbasedev.name, 468 nv3d0_states[quirk->state]); 469 } 470 break; 471 } 472 473 vfio_vga_write(&vdev->vga.region[QEMU_PCI_VGA_IO_HI], 474 addr + 0x14, data, size); 475 } 476 477 static const MemoryRegionOps vfio_nvidia_3d4_quirk = { 478 .read = vfio_nvidia_3d4_quirk_read, 479 .write = vfio_nvidia_3d4_quirk_write, 480 .endianness = DEVICE_LITTLE_ENDIAN, 481 }; 482 483 static uint64_t vfio_nvidia_3d0_quirk_read(void *opaque, 484 hwaddr addr, unsigned size) 485 { 486 VFIONvidia3d0Quirk *quirk = opaque; 487 VFIOPCIDevice *vdev = quirk->vdev; 488 VFIONvidia3d0State old_state = quirk->state; 489 uint64_t data = vfio_vga_read(&vdev->vga.region[QEMU_PCI_VGA_IO_HI], 490 addr + 0x10, size); 491 492 quirk->state = NONE; 493 494 if (old_state == READ && 495 (quirk->offset & ~(PCI_CONFIG_SPACE_SIZE - 1)) == 0x1800) { 496 uint8_t offset = quirk->offset & (PCI_CONFIG_SPACE_SIZE - 1); 497 498 data = vfio_pci_read_config(&vdev->pdev, offset, size); 499 trace_vfio_quirk_nvidia_3d0_read(vdev->vbasedev.name, 500 offset, size, data); 501 } 502 503 return data; 504 } 505 506 static void vfio_nvidia_3d0_quirk_write(void *opaque, hwaddr addr, 507 uint64_t data, unsigned size) 508 { 509 VFIONvidia3d0Quirk *quirk = opaque; 510 VFIOPCIDevice *vdev = quirk->vdev; 511 VFIONvidia3d0State old_state = quirk->state; 512 513 quirk->state = NONE; 514 515 if (old_state == SELECT) { 516 quirk->offset = (uint32_t)data; 517 quirk->state = WINDOW; 518 trace_vfio_quirk_nvidia_3d0_state(vdev->vbasedev.name, 519 nv3d0_states[quirk->state]); 520 } else if (old_state == WRITE) { 521 if ((quirk->offset & ~(PCI_CONFIG_SPACE_SIZE - 1)) == 0x1800) { 522 uint8_t offset = quirk->offset & (PCI_CONFIG_SPACE_SIZE - 1); 523 524 vfio_pci_write_config(&vdev->pdev, offset, data, size); 525 trace_vfio_quirk_nvidia_3d0_write(vdev->vbasedev.name, 526 offset, data, size); 527 return; 528 } 529 } 530 531 vfio_vga_write(&vdev->vga.region[QEMU_PCI_VGA_IO_HI], 532 addr + 0x10, data, size); 533 } 534 535 static const MemoryRegionOps vfio_nvidia_3d0_quirk = { 536 .read = vfio_nvidia_3d0_quirk_read, 537 .write = vfio_nvidia_3d0_quirk_write, 538 .endianness = DEVICE_LITTLE_ENDIAN, 539 }; 540 541 static void vfio_vga_probe_nvidia_3d0_quirk(VFIOPCIDevice *vdev) 542 { 543 VFIOQuirk *quirk; 544 VFIONvidia3d0Quirk *data; 545 546 if (!vfio_pci_is(vdev, PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID) || 547 !vdev->bars[1].region.size) { 548 return; 549 } 550 551 quirk = g_malloc0(sizeof(*quirk)); 552 quirk->data = data = g_malloc0(sizeof(*data)); 553 quirk->mem = g_malloc0_n(sizeof(MemoryRegion), 2); 554 quirk->nr_mem = 2; 555 data->vdev = vdev; 556 557 memory_region_init_io(&quirk->mem[0], OBJECT(vdev), &vfio_nvidia_3d4_quirk, 558 data, "vfio-nvidia-3d4-quirk", 2); 559 memory_region_add_subregion(&vdev->vga.region[QEMU_PCI_VGA_IO_HI].mem, 560 0x14 /* 0x3c0 + 0x14 */, &quirk->mem[0]); 561 562 memory_region_init_io(&quirk->mem[1], OBJECT(vdev), &vfio_nvidia_3d0_quirk, 563 data, "vfio-nvidia-3d0-quirk", 2); 564 memory_region_add_subregion(&vdev->vga.region[QEMU_PCI_VGA_IO_HI].mem, 565 0x10 /* 0x3c0 + 0x10 */, &quirk->mem[1]); 566 567 QLIST_INSERT_HEAD(&vdev->vga.region[QEMU_PCI_VGA_IO_HI].quirks, 568 quirk, next); 569 570 trace_vfio_quirk_nvidia_3d0_probe(vdev->vbasedev.name); 571 } 572 573 /* 574 * The second quirk is documented in envytools. The I/O port BAR5 is just 575 * a set of address/data ports to the MMIO BARs. The BAR we care about is 576 * again BAR0. This backdoor is apparently a bit newer than the one above 577 * so we need to not only trap 256 bytes @0x1800, but all of PCI config 578 * space, including extended space is available at the 4k @0x88000. 579 */ 580 typedef struct VFIONvidiaBAR5Quirk { 581 uint32_t master; 582 uint32_t enable; 583 MemoryRegion *addr_mem; 584 MemoryRegion *data_mem; 585 bool enabled; 586 VFIOConfigWindowQuirk window; /* last for match data */ 587 } VFIONvidiaBAR5Quirk; 588 589 static void vfio_nvidia_bar5_enable(VFIONvidiaBAR5Quirk *bar5) 590 { 591 VFIOPCIDevice *vdev = bar5->window.vdev; 592 593 if (((bar5->master & bar5->enable) & 0x1) == bar5->enabled) { 594 return; 595 } 596 597 bar5->enabled = !bar5->enabled; 598 trace_vfio_quirk_nvidia_bar5_state(vdev->vbasedev.name, 599 bar5->enabled ? "Enable" : "Disable"); 600 memory_region_set_enabled(bar5->addr_mem, bar5->enabled); 601 memory_region_set_enabled(bar5->data_mem, bar5->enabled); 602 } 603 604 static uint64_t vfio_nvidia_bar5_quirk_master_read(void *opaque, 605 hwaddr addr, unsigned size) 606 { 607 VFIONvidiaBAR5Quirk *bar5 = opaque; 608 VFIOPCIDevice *vdev = bar5->window.vdev; 609 610 return vfio_region_read(&vdev->bars[5].region, addr, size); 611 } 612 613 static void vfio_nvidia_bar5_quirk_master_write(void *opaque, hwaddr addr, 614 uint64_t data, unsigned size) 615 { 616 VFIONvidiaBAR5Quirk *bar5 = opaque; 617 VFIOPCIDevice *vdev = bar5->window.vdev; 618 619 vfio_region_write(&vdev->bars[5].region, addr, data, size); 620 621 bar5->master = data; 622 vfio_nvidia_bar5_enable(bar5); 623 } 624 625 static const MemoryRegionOps vfio_nvidia_bar5_quirk_master = { 626 .read = vfio_nvidia_bar5_quirk_master_read, 627 .write = vfio_nvidia_bar5_quirk_master_write, 628 .endianness = DEVICE_LITTLE_ENDIAN, 629 }; 630 631 static uint64_t vfio_nvidia_bar5_quirk_enable_read(void *opaque, 632 hwaddr addr, unsigned size) 633 { 634 VFIONvidiaBAR5Quirk *bar5 = opaque; 635 VFIOPCIDevice *vdev = bar5->window.vdev; 636 637 return vfio_region_read(&vdev->bars[5].region, addr + 4, size); 638 } 639 640 static void vfio_nvidia_bar5_quirk_enable_write(void *opaque, hwaddr addr, 641 uint64_t data, unsigned size) 642 { 643 VFIONvidiaBAR5Quirk *bar5 = opaque; 644 VFIOPCIDevice *vdev = bar5->window.vdev; 645 646 vfio_region_write(&vdev->bars[5].region, addr + 4, data, size); 647 648 bar5->enable = data; 649 vfio_nvidia_bar5_enable(bar5); 650 } 651 652 static const MemoryRegionOps vfio_nvidia_bar5_quirk_enable = { 653 .read = vfio_nvidia_bar5_quirk_enable_read, 654 .write = vfio_nvidia_bar5_quirk_enable_write, 655 .endianness = DEVICE_LITTLE_ENDIAN, 656 }; 657 658 static void vfio_probe_nvidia_bar5_quirk(VFIOPCIDevice *vdev, int nr) 659 { 660 VFIOQuirk *quirk; 661 VFIONvidiaBAR5Quirk *bar5; 662 VFIOConfigWindowQuirk *window; 663 664 if (!vfio_pci_is(vdev, PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID) || 665 !vdev->has_vga || nr != 5) { 666 return; 667 } 668 669 quirk = g_malloc0(sizeof(*quirk)); 670 quirk->mem = g_malloc0_n(sizeof(MemoryRegion), 4); 671 quirk->nr_mem = 4; 672 bar5 = quirk->data = g_malloc0(sizeof(*bar5) + 673 (sizeof(VFIOConfigWindowMatch) * 2)); 674 window = &bar5->window; 675 676 window->vdev = vdev; 677 window->address_offset = 0x8; 678 window->data_offset = 0xc; 679 window->nr_matches = 2; 680 window->matches[0].match = 0x1800; 681 window->matches[0].mask = PCI_CONFIG_SPACE_SIZE - 1; 682 window->matches[1].match = 0x88000; 683 window->matches[1].mask = PCIE_CONFIG_SPACE_SIZE - 1; 684 window->bar = nr; 685 window->addr_mem = bar5->addr_mem = &quirk->mem[0]; 686 window->data_mem = bar5->data_mem = &quirk->mem[1]; 687 688 memory_region_init_io(window->addr_mem, OBJECT(vdev), 689 &vfio_generic_window_address_quirk, window, 690 "vfio-nvidia-bar5-window-address-quirk", 4); 691 memory_region_add_subregion_overlap(&vdev->bars[nr].region.mem, 692 window->address_offset, 693 window->addr_mem, 1); 694 memory_region_set_enabled(window->addr_mem, false); 695 696 memory_region_init_io(window->data_mem, OBJECT(vdev), 697 &vfio_generic_window_data_quirk, window, 698 "vfio-nvidia-bar5-window-data-quirk", 4); 699 memory_region_add_subregion_overlap(&vdev->bars[nr].region.mem, 700 window->data_offset, 701 window->data_mem, 1); 702 memory_region_set_enabled(window->data_mem, false); 703 704 memory_region_init_io(&quirk->mem[2], OBJECT(vdev), 705 &vfio_nvidia_bar5_quirk_master, bar5, 706 "vfio-nvidia-bar5-master-quirk", 4); 707 memory_region_add_subregion_overlap(&vdev->bars[nr].region.mem, 708 0, &quirk->mem[2], 1); 709 710 memory_region_init_io(&quirk->mem[3], OBJECT(vdev), 711 &vfio_nvidia_bar5_quirk_enable, bar5, 712 "vfio-nvidia-bar5-enable-quirk", 4); 713 memory_region_add_subregion_overlap(&vdev->bars[nr].region.mem, 714 4, &quirk->mem[3], 1); 715 716 QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next); 717 718 trace_vfio_quirk_nvidia_bar5_probe(vdev->vbasedev.name); 719 } 720 721 /* 722 * Finally, BAR0 itself. We want to redirect any accesses to either 723 * 0x1800 or 0x88000 through the PCI config space access functions. 724 */ 725 static void vfio_nvidia_quirk_mirror_write(void *opaque, hwaddr addr, 726 uint64_t data, unsigned size) 727 { 728 VFIOConfigMirrorQuirk *mirror = opaque; 729 VFIOPCIDevice *vdev = mirror->vdev; 730 PCIDevice *pdev = &vdev->pdev; 731 732 vfio_generic_quirk_mirror_write(opaque, addr, data, size); 733 734 /* 735 * Nvidia seems to acknowledge MSI interrupts by writing 0xff to the 736 * MSI capability ID register. Both the ID and next register are 737 * read-only, so we allow writes covering either of those to real hw. 738 */ 739 if ((pdev->cap_present & QEMU_PCI_CAP_MSI) && 740 vfio_range_contained(addr, size, pdev->msi_cap, PCI_MSI_FLAGS)) { 741 vfio_region_write(&vdev->bars[mirror->bar].region, 742 addr + mirror->offset, data, size); 743 trace_vfio_quirk_nvidia_bar0_msi_ack(vdev->vbasedev.name); 744 } 745 } 746 747 static const MemoryRegionOps vfio_nvidia_mirror_quirk = { 748 .read = vfio_generic_quirk_mirror_read, 749 .write = vfio_nvidia_quirk_mirror_write, 750 .endianness = DEVICE_LITTLE_ENDIAN, 751 }; 752 753 static void vfio_probe_nvidia_bar0_quirk(VFIOPCIDevice *vdev, int nr) 754 { 755 VFIOQuirk *quirk; 756 VFIOConfigMirrorQuirk *mirror; 757 758 if (!vfio_pci_is(vdev, PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID) || 759 !vfio_is_vga(vdev) || nr != 0) { 760 return; 761 } 762 763 quirk = g_malloc0(sizeof(*quirk)); 764 mirror = quirk->data = g_malloc0(sizeof(*mirror)); 765 mirror->mem = quirk->mem = g_malloc0_n(sizeof(MemoryRegion), 1); 766 quirk->nr_mem = 1; 767 mirror->vdev = vdev; 768 mirror->offset = 0x88000; 769 mirror->bar = nr; 770 771 memory_region_init_io(mirror->mem, OBJECT(vdev), 772 &vfio_nvidia_mirror_quirk, mirror, 773 "vfio-nvidia-bar0-88000-mirror-quirk", 774 PCIE_CONFIG_SPACE_SIZE); 775 memory_region_add_subregion_overlap(&vdev->bars[nr].region.mem, 776 mirror->offset, mirror->mem, 1); 777 778 QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next); 779 780 /* The 0x1800 offset mirror only seems to get used by legacy VGA */ 781 if (vdev->has_vga) { 782 quirk = g_malloc0(sizeof(*quirk)); 783 mirror = quirk->data = g_malloc0(sizeof(*mirror)); 784 mirror->mem = quirk->mem = g_malloc0_n(sizeof(MemoryRegion), 1); 785 quirk->nr_mem = 1; 786 mirror->vdev = vdev; 787 mirror->offset = 0x1800; 788 mirror->bar = nr; 789 790 memory_region_init_io(mirror->mem, OBJECT(vdev), 791 &vfio_nvidia_mirror_quirk, mirror, 792 "vfio-nvidia-bar0-1800-mirror-quirk", 793 PCI_CONFIG_SPACE_SIZE); 794 memory_region_add_subregion_overlap(&vdev->bars[nr].region.mem, 795 mirror->offset, mirror->mem, 1); 796 797 QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next); 798 } 799 800 trace_vfio_quirk_nvidia_bar0_probe(vdev->vbasedev.name); 801 } 802 803 /* 804 * TODO - Some Nvidia devices provide config access to their companion HDA 805 * device and even to their parent bridge via these config space mirrors. 806 * Add quirks for those regions. 807 */ 808 809 #define PCI_VENDOR_ID_REALTEK 0x10ec 810 811 /* 812 * RTL8168 devices have a backdoor that can access the MSI-X table. At BAR2 813 * offset 0x70 there is a dword data register, offset 0x74 is a dword address 814 * register. According to the Linux r8169 driver, the MSI-X table is addressed 815 * when the "type" portion of the address register is set to 0x1. This appears 816 * to be bits 16:30. Bit 31 is both a write indicator and some sort of 817 * "address latched" indicator. Bits 12:15 are a mask field, which we can 818 * ignore because the MSI-X table should always be accessed as a dword (full 819 * mask). Bits 0:11 is offset within the type. 820 * 821 * Example trace: 822 * 823 * Read from MSI-X table offset 0 824 * vfio: vfio_bar_write(0000:05:00.0:BAR2+0x74, 0x1f000, 4) // store read addr 825 * vfio: vfio_bar_read(0000:05:00.0:BAR2+0x74, 4) = 0x8001f000 // latch 826 * vfio: vfio_bar_read(0000:05:00.0:BAR2+0x70, 4) = 0xfee00398 // read data 827 * 828 * Write 0xfee00000 to MSI-X table offset 0 829 * vfio: vfio_bar_write(0000:05:00.0:BAR2+0x70, 0xfee00000, 4) // write data 830 * vfio: vfio_bar_write(0000:05:00.0:BAR2+0x74, 0x8001f000, 4) // do write 831 * vfio: vfio_bar_read(0000:05:00.0:BAR2+0x74, 4) = 0x1f000 // complete 832 */ 833 typedef struct VFIOrtl8168Quirk { 834 VFIOPCIDevice *vdev; 835 uint32_t addr; 836 uint32_t data; 837 bool enabled; 838 } VFIOrtl8168Quirk; 839 840 static uint64_t vfio_rtl8168_quirk_address_read(void *opaque, 841 hwaddr addr, unsigned size) 842 { 843 VFIOrtl8168Quirk *rtl = opaque; 844 VFIOPCIDevice *vdev = rtl->vdev; 845 uint64_t data = vfio_region_read(&vdev->bars[2].region, addr + 0x74, size); 846 847 if (rtl->enabled) { 848 data = rtl->addr ^ 0x80000000U; /* latch/complete */ 849 trace_vfio_quirk_rtl8168_fake_latch(vdev->vbasedev.name, data); 850 } 851 852 return data; 853 } 854 855 static void vfio_rtl8168_quirk_address_write(void *opaque, hwaddr addr, 856 uint64_t data, unsigned size) 857 { 858 VFIOrtl8168Quirk *rtl = opaque; 859 VFIOPCIDevice *vdev = rtl->vdev; 860 861 rtl->enabled = false; 862 863 if ((data & 0x7fff0000) == 0x10000) { /* MSI-X table */ 864 rtl->enabled = true; 865 rtl->addr = (uint32_t)data; 866 867 if (data & 0x80000000U) { /* Do write */ 868 if (vdev->pdev.cap_present & QEMU_PCI_CAP_MSIX) { 869 hwaddr offset = data & 0xfff; 870 uint64_t val = rtl->data; 871 872 trace_vfio_quirk_rtl8168_msix_write(vdev->vbasedev.name, 873 (uint16_t)offset, val); 874 875 /* Write to the proper guest MSI-X table instead */ 876 memory_region_dispatch_write(&vdev->pdev.msix_table_mmio, 877 offset, val, size, 878 MEMTXATTRS_UNSPECIFIED); 879 } 880 return; /* Do not write guest MSI-X data to hardware */ 881 } 882 } 883 884 vfio_region_write(&vdev->bars[2].region, addr + 0x74, data, size); 885 } 886 887 static const MemoryRegionOps vfio_rtl_address_quirk = { 888 .read = vfio_rtl8168_quirk_address_read, 889 .write = vfio_rtl8168_quirk_address_write, 890 .valid = { 891 .min_access_size = 4, 892 .max_access_size = 4, 893 .unaligned = false, 894 }, 895 .endianness = DEVICE_LITTLE_ENDIAN, 896 }; 897 898 static uint64_t vfio_rtl8168_quirk_data_read(void *opaque, 899 hwaddr addr, unsigned size) 900 { 901 VFIOrtl8168Quirk *rtl = opaque; 902 VFIOPCIDevice *vdev = rtl->vdev; 903 uint64_t data = vfio_region_read(&vdev->bars[2].region, addr + 0x74, size); 904 905 if (rtl->enabled && (vdev->pdev.cap_present & QEMU_PCI_CAP_MSIX)) { 906 hwaddr offset = rtl->addr & 0xfff; 907 memory_region_dispatch_read(&vdev->pdev.msix_table_mmio, offset, 908 &data, size, MEMTXATTRS_UNSPECIFIED); 909 trace_vfio_quirk_rtl8168_msix_read(vdev->vbasedev.name, offset, data); 910 } 911 912 return data; 913 } 914 915 static void vfio_rtl8168_quirk_data_write(void *opaque, hwaddr addr, 916 uint64_t data, unsigned size) 917 { 918 VFIOrtl8168Quirk *rtl = opaque; 919 VFIOPCIDevice *vdev = rtl->vdev; 920 921 rtl->data = (uint32_t)data; 922 923 vfio_region_write(&vdev->bars[2].region, addr + 0x70, data, size); 924 } 925 926 static const MemoryRegionOps vfio_rtl_data_quirk = { 927 .read = vfio_rtl8168_quirk_data_read, 928 .write = vfio_rtl8168_quirk_data_write, 929 .valid = { 930 .min_access_size = 4, 931 .max_access_size = 4, 932 .unaligned = false, 933 }, 934 .endianness = DEVICE_LITTLE_ENDIAN, 935 }; 936 937 static void vfio_probe_rtl8168_bar2_quirk(VFIOPCIDevice *vdev, int nr) 938 { 939 VFIOQuirk *quirk; 940 VFIOrtl8168Quirk *rtl; 941 942 if (!vfio_pci_is(vdev, PCI_VENDOR_ID_REALTEK, 0x8168) || nr != 2) { 943 return; 944 } 945 946 quirk = g_malloc0(sizeof(*quirk)); 947 quirk->mem = g_malloc0_n(sizeof(MemoryRegion), 2); 948 quirk->nr_mem = 2; 949 quirk->data = rtl = g_malloc0(sizeof(*rtl)); 950 rtl->vdev = vdev; 951 952 memory_region_init_io(&quirk->mem[0], OBJECT(vdev), 953 &vfio_rtl_address_quirk, rtl, 954 "vfio-rtl8168-window-address-quirk", 4); 955 memory_region_add_subregion_overlap(&vdev->bars[nr].region.mem, 956 0x74, &quirk->mem[0], 1); 957 958 memory_region_init_io(&quirk->mem[1], OBJECT(vdev), 959 &vfio_rtl_data_quirk, rtl, 960 "vfio-rtl8168-window-data-quirk", 4); 961 memory_region_add_subregion_overlap(&vdev->bars[nr].region.mem, 962 0x70, &quirk->mem[1], 1); 963 964 QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, quirk, next); 965 966 trace_vfio_quirk_rtl8168_probe(vdev->vbasedev.name); 967 } 968 969 /* 970 * Common quirk probe entry points. 971 */ 972 void vfio_vga_quirk_setup(VFIOPCIDevice *vdev) 973 { 974 vfio_vga_probe_ati_3c3_quirk(vdev); 975 vfio_vga_probe_nvidia_3d0_quirk(vdev); 976 } 977 978 void vfio_vga_quirk_teardown(VFIOPCIDevice *vdev) 979 { 980 VFIOQuirk *quirk; 981 int i, j; 982 983 for (i = 0; i < ARRAY_SIZE(vdev->vga.region); i++) { 984 QLIST_FOREACH(quirk, &vdev->vga.region[i].quirks, next) { 985 for (j = 0; j < quirk->nr_mem; j++) { 986 memory_region_del_subregion(&vdev->vga.region[i].mem, 987 &quirk->mem[j]); 988 } 989 } 990 } 991 } 992 993 void vfio_vga_quirk_free(VFIOPCIDevice *vdev) 994 { 995 int i, j; 996 997 for (i = 0; i < ARRAY_SIZE(vdev->vga.region); i++) { 998 while (!QLIST_EMPTY(&vdev->vga.region[i].quirks)) { 999 VFIOQuirk *quirk = QLIST_FIRST(&vdev->vga.region[i].quirks); 1000 QLIST_REMOVE(quirk, next); 1001 for (j = 0; j < quirk->nr_mem; j++) { 1002 object_unparent(OBJECT(&quirk->mem[j])); 1003 } 1004 g_free(quirk->mem); 1005 g_free(quirk->data); 1006 g_free(quirk); 1007 } 1008 } 1009 } 1010 1011 void vfio_bar_quirk_setup(VFIOPCIDevice *vdev, int nr) 1012 { 1013 vfio_probe_ati_bar4_quirk(vdev, nr); 1014 vfio_probe_ati_bar2_quirk(vdev, nr); 1015 vfio_probe_nvidia_bar5_quirk(vdev, nr); 1016 vfio_probe_nvidia_bar0_quirk(vdev, nr); 1017 vfio_probe_rtl8168_bar2_quirk(vdev, nr); 1018 } 1019 1020 void vfio_bar_quirk_teardown(VFIOPCIDevice *vdev, int nr) 1021 { 1022 VFIOBAR *bar = &vdev->bars[nr]; 1023 VFIOQuirk *quirk; 1024 int i; 1025 1026 QLIST_FOREACH(quirk, &bar->quirks, next) { 1027 for (i = 0; i < quirk->nr_mem; i++) { 1028 memory_region_del_subregion(&bar->region.mem, &quirk->mem[i]); 1029 } 1030 } 1031 } 1032 1033 void vfio_bar_quirk_free(VFIOPCIDevice *vdev, int nr) 1034 { 1035 VFIOBAR *bar = &vdev->bars[nr]; 1036 int i; 1037 1038 while (!QLIST_EMPTY(&bar->quirks)) { 1039 VFIOQuirk *quirk = QLIST_FIRST(&bar->quirks); 1040 QLIST_REMOVE(quirk, next); 1041 for (i = 0; i < quirk->nr_mem; i++) { 1042 object_unparent(OBJECT(&quirk->mem[i])); 1043 } 1044 g_free(quirk->mem); 1045 g_free(quirk->data); 1046 g_free(quirk); 1047 } 1048 } 1049 1050 /* 1051 * Reset quirks 1052 */ 1053 1054 /* 1055 * AMD Radeon PCI config reset, based on Linux: 1056 * drivers/gpu/drm/radeon/ci_smc.c:ci_is_smc_running() 1057 * drivers/gpu/drm/radeon/radeon_device.c:radeon_pci_config_reset 1058 * drivers/gpu/drm/radeon/ci_smc.c:ci_reset_smc() 1059 * drivers/gpu/drm/radeon/ci_smc.c:ci_stop_smc_clock() 1060 * IDs: include/drm/drm_pciids.h 1061 * Registers: http://cgit.freedesktop.org/~agd5f/linux/commit/?id=4e2aa447f6f0 1062 * 1063 * Bonaire and Hawaii GPUs do not respond to a bus reset. This is a bug in the 1064 * hardware that should be fixed on future ASICs. The symptom of this is that 1065 * once the accerlated driver loads, Windows guests will bsod on subsequent 1066 * attmpts to load the driver, such as after VM reset or shutdown/restart. To 1067 * work around this, we do an AMD specific PCI config reset, followed by an SMC 1068 * reset. The PCI config reset only works if SMC firmware is running, so we 1069 * have a dependency on the state of the device as to whether this reset will 1070 * be effective. There are still cases where we won't be able to kick the 1071 * device into working, but this greatly improves the usability overall. The 1072 * config reset magic is relatively common on AMD GPUs, but the setup and SMC 1073 * poking is largely ASIC specific. 1074 */ 1075 static bool vfio_radeon_smc_is_running(VFIOPCIDevice *vdev) 1076 { 1077 uint32_t clk, pc_c; 1078 1079 /* 1080 * Registers 200h and 204h are index and data registers for accessing 1081 * indirect configuration registers within the device. 1082 */ 1083 vfio_region_write(&vdev->bars[5].region, 0x200, 0x80000004, 4); 1084 clk = vfio_region_read(&vdev->bars[5].region, 0x204, 4); 1085 vfio_region_write(&vdev->bars[5].region, 0x200, 0x80000370, 4); 1086 pc_c = vfio_region_read(&vdev->bars[5].region, 0x204, 4); 1087 1088 return (!(clk & 1) && (0x20100 <= pc_c)); 1089 } 1090 1091 /* 1092 * The scope of a config reset is controlled by a mode bit in the misc register 1093 * and a fuse, exposed as a bit in another register. The fuse is the default 1094 * (0 = GFX, 1 = whole GPU), the misc bit is a toggle, with the forumula 1095 * scope = !(misc ^ fuse), where the resulting scope is defined the same as 1096 * the fuse. A truth table therefore tells us that if misc == fuse, we need 1097 * to flip the value of the bit in the misc register. 1098 */ 1099 static void vfio_radeon_set_gfx_only_reset(VFIOPCIDevice *vdev) 1100 { 1101 uint32_t misc, fuse; 1102 bool a, b; 1103 1104 vfio_region_write(&vdev->bars[5].region, 0x200, 0xc00c0000, 4); 1105 fuse = vfio_region_read(&vdev->bars[5].region, 0x204, 4); 1106 b = fuse & 64; 1107 1108 vfio_region_write(&vdev->bars[5].region, 0x200, 0xc0000010, 4); 1109 misc = vfio_region_read(&vdev->bars[5].region, 0x204, 4); 1110 a = misc & 2; 1111 1112 if (a == b) { 1113 vfio_region_write(&vdev->bars[5].region, 0x204, misc ^ 2, 4); 1114 vfio_region_read(&vdev->bars[5].region, 0x204, 4); /* flush */ 1115 } 1116 } 1117 1118 static int vfio_radeon_reset(VFIOPCIDevice *vdev) 1119 { 1120 PCIDevice *pdev = &vdev->pdev; 1121 int i, ret = 0; 1122 uint32_t data; 1123 1124 /* Defer to a kernel implemented reset */ 1125 if (vdev->vbasedev.reset_works) { 1126 trace_vfio_quirk_ati_bonaire_reset_skipped(vdev->vbasedev.name); 1127 return -ENODEV; 1128 } 1129 1130 /* Enable only memory BAR access */ 1131 vfio_pci_write_config(pdev, PCI_COMMAND, PCI_COMMAND_MEMORY, 2); 1132 1133 /* Reset only works if SMC firmware is loaded and running */ 1134 if (!vfio_radeon_smc_is_running(vdev)) { 1135 ret = -EINVAL; 1136 trace_vfio_quirk_ati_bonaire_reset_no_smc(vdev->vbasedev.name); 1137 goto out; 1138 } 1139 1140 /* Make sure only the GFX function is reset */ 1141 vfio_radeon_set_gfx_only_reset(vdev); 1142 1143 /* AMD PCI config reset */ 1144 vfio_pci_write_config(pdev, 0x7c, 0x39d5e86b, 4); 1145 usleep(100); 1146 1147 /* Read back the memory size to make sure we're out of reset */ 1148 for (i = 0; i < 100000; i++) { 1149 if (vfio_region_read(&vdev->bars[5].region, 0x5428, 4) != 0xffffffff) { 1150 goto reset_smc; 1151 } 1152 usleep(1); 1153 } 1154 1155 trace_vfio_quirk_ati_bonaire_reset_timeout(vdev->vbasedev.name); 1156 1157 reset_smc: 1158 /* Reset SMC */ 1159 vfio_region_write(&vdev->bars[5].region, 0x200, 0x80000000, 4); 1160 data = vfio_region_read(&vdev->bars[5].region, 0x204, 4); 1161 data |= 1; 1162 vfio_region_write(&vdev->bars[5].region, 0x204, data, 4); 1163 1164 /* Disable SMC clock */ 1165 vfio_region_write(&vdev->bars[5].region, 0x200, 0x80000004, 4); 1166 data = vfio_region_read(&vdev->bars[5].region, 0x204, 4); 1167 data |= 1; 1168 vfio_region_write(&vdev->bars[5].region, 0x204, data, 4); 1169 1170 trace_vfio_quirk_ati_bonaire_reset_done(vdev->vbasedev.name); 1171 1172 out: 1173 /* Restore PCI command register */ 1174 vfio_pci_write_config(pdev, PCI_COMMAND, 0, 2); 1175 1176 return ret; 1177 } 1178 1179 void vfio_setup_resetfn_quirk(VFIOPCIDevice *vdev) 1180 { 1181 PCIDevice *pdev = &vdev->pdev; 1182 uint16_t vendor, device; 1183 1184 vendor = pci_get_word(pdev->config + PCI_VENDOR_ID); 1185 device = pci_get_word(pdev->config + PCI_DEVICE_ID); 1186 1187 switch (vendor) { 1188 case 0x1002: 1189 switch (device) { 1190 /* Bonaire */ 1191 case 0x6649: /* Bonaire [FirePro W5100] */ 1192 case 0x6650: 1193 case 0x6651: 1194 case 0x6658: /* Bonaire XTX [Radeon R7 260X] */ 1195 case 0x665c: /* Bonaire XT [Radeon HD 7790/8770 / R9 260 OEM] */ 1196 case 0x665d: /* Bonaire [Radeon R7 200 Series] */ 1197 /* Hawaii */ 1198 case 0x67A0: /* Hawaii XT GL [FirePro W9100] */ 1199 case 0x67A1: /* Hawaii PRO GL [FirePro W8100] */ 1200 case 0x67A2: 1201 case 0x67A8: 1202 case 0x67A9: 1203 case 0x67AA: 1204 case 0x67B0: /* Hawaii XT [Radeon R9 290X] */ 1205 case 0x67B1: /* Hawaii PRO [Radeon R9 290] */ 1206 case 0x67B8: 1207 case 0x67B9: 1208 case 0x67BA: 1209 case 0x67BE: 1210 vdev->resetfn = vfio_radeon_reset; 1211 trace_vfio_quirk_ati_bonaire_reset(vdev->vbasedev.name); 1212 break; 1213 } 1214 break; 1215 } 1216 } 1217