diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c index 46102b9ddd..9e49ec4a5c 100644 --- a/hw/ppc/spapr_iommu.c +++ b/hw/ppc/spapr_iommu.c @@ -140,6 +140,7 @@ static int spapr_tce_table_realize(DeviceState *dev) } sPAPRTCETable *spapr_tce_new_table(DeviceState *owner, uint32_t liobn, + uint64_t bus_offset, uint32_t page_shift, uint32_t nb_table) { @@ -157,6 +158,7 @@ sPAPRTCETable *spapr_tce_new_table(DeviceState *owner, uint32_t liobn, tcet = SPAPR_TCE_TABLE(object_new(TYPE_SPAPR_TCE_TABLE)); tcet->liobn = liobn; + tcet->bus_offset = bus_offset; tcet->page_shift = page_shift; tcet->nb_table = nb_table; @@ -204,14 +206,15 @@ static target_ulong put_tce_emu(sPAPRTCETable *tcet, target_ulong ioba, { IOMMUTLBEntry entry; hwaddr page_mask = IOMMU_PAGE_MASK(tcet->page_shift); + unsigned long index = (ioba - tcet->bus_offset) >> tcet->page_shift; - if ((ioba >> tcet->page_shift) >= tcet->nb_table) { + if (index >= tcet->nb_table) { hcall_dprintf("spapr_vio_put_tce on out-of-bounds IOBA 0x" TARGET_FMT_lx "\n", ioba); return H_PARAMETER; } - tcet->table[ioba >> tcet->page_shift] = tce; + tcet->table[index] = tce; entry.target_as = &address_space_memory, entry.iova = ioba & page_mask; @@ -330,13 +333,15 @@ static target_ulong h_put_tce(PowerPCCPU *cpu, sPAPREnvironment *spapr, static target_ulong get_tce_emu(sPAPRTCETable *tcet, target_ulong ioba, target_ulong *tce) { - if ((ioba >> tcet->page_shift) >= tcet->nb_table) { + unsigned long index = (ioba - tcet->bus_offset) >> tcet->page_shift; + + if (index >= tcet->nb_table) { hcall_dprintf("spapr_iommu_get_tce on out-of-bounds IOBA 0x" TARGET_FMT_lx "\n", ioba); return H_PARAMETER; } - *tce = tcet->table[ioba >> tcet->page_shift]; + *tce = tcet->table[index]; return H_SUCCESS; } diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c index ee1ff9e2bb..3b01beadbb 100644 --- a/hw/ppc/spapr_pci.c +++ b/hw/ppc/spapr_pci.c @@ -656,6 +656,7 @@ static void spapr_phb_finish_realize(sPAPRPHBState *sphb, Error **errp) sPAPRTCETable *tcet; tcet = spapr_tce_new_table(DEVICE(sphb), sphb->dma_liobn, + 0, SPAPR_TCE_PAGE_SHIFT, 0x40000000 >> SPAPR_TCE_PAGE_SHIFT); if (!tcet) { @@ -813,8 +814,8 @@ static int spapr_phb_children_dt(Object *child, void *opaque) } spapr_dma_dt(p->fdt, p->node_off, "ibm,dma-window", - tcet->liobn, 0, - tcet->nb_table << SPAPR_TCE_PAGE_SHIFT); + tcet->liobn, tcet->bus_offset, + tcet->nb_table << tcet->page_shift); /* Stop after the first window */ return 1; diff --git a/hw/ppc/spapr_vio.c b/hw/ppc/spapr_vio.c index 75a93481ac..04e16ae04d 100644 --- a/hw/ppc/spapr_vio.c +++ b/hw/ppc/spapr_vio.c @@ -457,6 +457,7 @@ static int spapr_vio_busdev_init(DeviceState *qdev) if (pc->rtce_window_size) { uint32_t liobn = SPAPR_VIO_BASE_LIOBN | dev->reg; dev->tcet = spapr_tce_new_table(qdev, liobn, + 0, SPAPR_TCE_PAGE_SHIFT, pc->rtce_window_size >> SPAPR_TCE_PAGE_SHIFT); diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h index 38e61cfab0..4ffb903f86 100644 --- a/include/hw/ppc/spapr.h +++ b/include/hw/ppc/spapr.h @@ -398,6 +398,7 @@ struct sPAPRTCETable { DeviceState parent; uint32_t liobn; uint32_t nb_table; + uint64_t bus_offset; uint32_t page_shift; uint64_t *table; bool bypass; @@ -410,6 +411,7 @@ void spapr_events_init(sPAPREnvironment *spapr); void spapr_events_fdt_skel(void *fdt, uint32_t epow_irq); int spapr_h_cas_compose_response(target_ulong addr, target_ulong size); sPAPRTCETable *spapr_tce_new_table(DeviceState *owner, uint32_t liobn, + uint64_t bus_offset, uint32_t page_shift, uint32_t nb_table); MemoryRegion *spapr_tce_get_iommu(sPAPRTCETable *tcet);