xref: /openbmc/qemu/hw/arm/sbsa-ref.c (revision 72baef13b9dce71f20ae840d9951e559e14abf6d)
1 /*
2  * ARM SBSA Reference Platform emulation
3  *
4  * Copyright (c) 2018 Linaro Limited
5  * Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
6  * Written by Hongbo Zhang <hongbo.zhang@linaro.org>
7  *
8  * This program is free software; you can redistribute it and/or modify it
9  * under the terms and conditions of the GNU General Public License,
10  * version 2 or later, as published by the Free Software Foundation.
11  *
12  * This program is distributed in the hope it will be useful, but WITHOUT
13  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
15  * more details.
16  *
17  * You should have received a copy of the GNU General Public License along with
18  * this program.  If not, see <http://www.gnu.org/licenses/>.
19  */
20 
21 #include "qemu/osdep.h"
22 #include "qemu/datadir.h"
23 #include "qapi/error.h"
24 #include "qemu/error-report.h"
25 #include "qemu/units.h"
26 #include "sysemu/device_tree.h"
27 #include "sysemu/kvm.h"
28 #include "sysemu/numa.h"
29 #include "sysemu/runstate.h"
30 #include "sysemu/sysemu.h"
31 #include "exec/hwaddr.h"
32 #include "kvm_arm.h"
33 #include "hw/arm/boot.h"
34 #include "hw/arm/bsa.h"
35 #include "hw/arm/fdt.h"
36 #include "hw/arm/smmuv3.h"
37 #include "hw/block/flash.h"
38 #include "hw/boards.h"
39 #include "hw/ide/ide-bus.h"
40 #include "hw/ide/ahci-sysbus.h"
41 #include "hw/intc/arm_gicv3_common.h"
42 #include "hw/intc/arm_gicv3_its_common.h"
43 #include "hw/loader.h"
44 #include "hw/pci-host/gpex.h"
45 #include "hw/qdev-properties.h"
46 #include "hw/usb.h"
47 #include "hw/usb/xhci.h"
48 #include "hw/char/pl011.h"
49 #include "hw/watchdog/sbsa_gwdt.h"
50 #include "net/net.h"
51 #include "qapi/qmp/qlist.h"
52 #include "qom/object.h"
53 #include "target/arm/cpu-qom.h"
54 #include "target/arm/gtimer.h"
55 
56 #define RAMLIMIT_GB 8192
57 #define RAMLIMIT_BYTES (RAMLIMIT_GB * GiB)
58 
59 #define NUM_IRQS        256
60 #define NUM_SMMU_IRQS   4
61 #define NUM_SATA_PORTS  6
62 
63 /*
64  * Generic timer frequency in Hz (which drives both the CPU generic timers
65  * and the SBSA watchdog-timer). Older versions of the TF-A firmware
66  * typically used with sbsa-ref (including the binaries in our Avocado test
67  * Aarch64SbsarefMachine.test_sbsaref_alpine_linux_max_pauth_impdef
68  * assume it is this value.
69  *
70  * TODO: this value is not architecturally correct for an Armv8.6 or
71  * better CPU, so we should move to 1GHz once the TF-A fix above has
72  * made it into a release and into our Avocado test.
73  */
74 #define SBSA_GTIMER_HZ 62500000
75 
76 enum {
77     SBSA_FLASH,
78     SBSA_MEM,
79     SBSA_CPUPERIPHS,
80     SBSA_GIC_DIST,
81     SBSA_GIC_REDIST,
82     SBSA_GIC_ITS,
83     SBSA_SECURE_EC,
84     SBSA_GWDT_WS0,
85     SBSA_GWDT_REFRESH,
86     SBSA_GWDT_CONTROL,
87     SBSA_SMMU,
88     SBSA_UART,
89     SBSA_RTC,
90     SBSA_PCIE,
91     SBSA_PCIE_MMIO,
92     SBSA_PCIE_MMIO_HIGH,
93     SBSA_PCIE_PIO,
94     SBSA_PCIE_ECAM,
95     SBSA_GPIO,
96     SBSA_SECURE_UART,
97     SBSA_SECURE_UART_MM,
98     SBSA_SECURE_MEM,
99     SBSA_AHCI,
100     SBSA_XHCI,
101 };
102 
103 struct SBSAMachineState {
104     MachineState parent;
105     struct arm_boot_info bootinfo;
106     int smp_cpus;
107     void *fdt;
108     int fdt_size;
109     int psci_conduit;
110     DeviceState *gic;
111     PFlashCFI01 *flash[2];
112 };
113 
114 #define TYPE_SBSA_MACHINE   MACHINE_TYPE_NAME("sbsa-ref")
115 OBJECT_DECLARE_SIMPLE_TYPE(SBSAMachineState, SBSA_MACHINE)
116 
117 static const MemMapEntry sbsa_ref_memmap[] = {
118     /* 512M boot ROM */
119     [SBSA_FLASH] =              {          0, 0x20000000 },
120     /* 512M secure memory */
121     [SBSA_SECURE_MEM] =         { 0x20000000, 0x20000000 },
122     /* Space reserved for CPU peripheral devices */
123     [SBSA_CPUPERIPHS] =         { 0x40000000, 0x00040000 },
124     [SBSA_GIC_DIST] =           { 0x40060000, 0x00010000 },
125     [SBSA_GIC_REDIST] =         { 0x40080000, 0x04000000 },
126     [SBSA_GIC_ITS] =            { 0x44081000, 0x00020000 },
127     [SBSA_SECURE_EC] =          { 0x50000000, 0x00001000 },
128     [SBSA_GWDT_REFRESH] =       { 0x50010000, 0x00001000 },
129     [SBSA_GWDT_CONTROL] =       { 0x50011000, 0x00001000 },
130     [SBSA_UART] =               { 0x60000000, 0x00001000 },
131     [SBSA_RTC] =                { 0x60010000, 0x00001000 },
132     [SBSA_GPIO] =               { 0x60020000, 0x00001000 },
133     [SBSA_SECURE_UART] =        { 0x60030000, 0x00001000 },
134     [SBSA_SECURE_UART_MM] =     { 0x60040000, 0x00001000 },
135     [SBSA_SMMU] =               { 0x60050000, 0x00020000 },
136     /* Space here reserved for more SMMUs */
137     [SBSA_AHCI] =               { 0x60100000, 0x00010000 },
138     [SBSA_XHCI] =               { 0x60110000, 0x00010000 },
139     /* Space here reserved for other devices */
140     [SBSA_PCIE_PIO] =           { 0x7fff0000, 0x00010000 },
141     /* 32-bit address PCIE MMIO space */
142     [SBSA_PCIE_MMIO] =          { 0x80000000, 0x70000000 },
143     /* 256M PCIE ECAM space */
144     [SBSA_PCIE_ECAM] =          { 0xf0000000, 0x10000000 },
145     /* ~1TB PCIE MMIO space (4GB to 1024GB boundary) */
146     [SBSA_PCIE_MMIO_HIGH] =     { 0x100000000ULL, 0xFF00000000ULL },
147     [SBSA_MEM] =                { 0x10000000000ULL, RAMLIMIT_BYTES },
148 };
149 
150 static const int sbsa_ref_irqmap[] = {
151     [SBSA_UART] = 1,
152     [SBSA_RTC] = 2,
153     [SBSA_PCIE] = 3, /* ... to 6 */
154     [SBSA_GPIO] = 7,
155     [SBSA_SECURE_UART] = 8,
156     [SBSA_SECURE_UART_MM] = 9,
157     [SBSA_AHCI] = 10,
158     [SBSA_XHCI] = 11,
159     [SBSA_SMMU] = 12, /* ... to 15 */
160     [SBSA_GWDT_WS0] = 16,
161 };
162 
163 static uint64_t sbsa_ref_cpu_mp_affinity(SBSAMachineState *sms, int idx)
164 {
165     uint8_t clustersz = ARM_DEFAULT_CPUS_PER_CLUSTER;
166     return arm_build_mp_affinity(idx, clustersz);
167 }
168 
169 static void sbsa_fdt_add_gic_node(SBSAMachineState *sms)
170 {
171     char *nodename;
172 
173     nodename = g_strdup_printf("/intc");
174     qemu_fdt_add_subnode(sms->fdt, nodename);
175     qemu_fdt_setprop_sized_cells(sms->fdt, nodename, "reg",
176                                  2, sbsa_ref_memmap[SBSA_GIC_DIST].base,
177                                  2, sbsa_ref_memmap[SBSA_GIC_DIST].size,
178                                  2, sbsa_ref_memmap[SBSA_GIC_REDIST].base,
179                                  2, sbsa_ref_memmap[SBSA_GIC_REDIST].size);
180 
181     nodename = g_strdup_printf("/intc/its");
182     qemu_fdt_add_subnode(sms->fdt, nodename);
183     qemu_fdt_setprop_sized_cells(sms->fdt, nodename, "reg",
184                                  2, sbsa_ref_memmap[SBSA_GIC_ITS].base,
185                                  2, sbsa_ref_memmap[SBSA_GIC_ITS].size);
186 
187     g_free(nodename);
188 }
189 
190 /*
191  * Firmware on this machine only uses ACPI table to load OS, these limited
192  * device tree nodes are just to let firmware know the info which varies from
193  * command line parameters, so it is not necessary to be fully compatible
194  * with the kernel CPU and NUMA binding rules.
195  */
196 static void create_fdt(SBSAMachineState *sms)
197 {
198     void *fdt = create_device_tree(&sms->fdt_size);
199     const MachineState *ms = MACHINE(sms);
200     int nb_numa_nodes = ms->numa_state->num_nodes;
201     int cpu;
202 
203     if (!fdt) {
204         error_report("create_device_tree() failed");
205         exit(1);
206     }
207 
208     sms->fdt = fdt;
209 
210     qemu_fdt_setprop_string(fdt, "/", "compatible", "linux,sbsa-ref");
211     qemu_fdt_setprop_cell(fdt, "/", "#address-cells", 0x2);
212     qemu_fdt_setprop_cell(fdt, "/", "#size-cells", 0x2);
213 
214     /*
215      * This versioning scheme is for informing platform fw only. It is neither:
216      * - A QEMU versioned machine type; a given version of QEMU will emulate
217      *   a given version of the platform.
218      * - A reflection of level of SBSA (now SystemReady SR) support provided.
219      *
220      * machine-version-major: updated when changes breaking fw compatibility
221      *                        are introduced.
222      * machine-version-minor: updated when features are added that don't break
223      *                        fw compatibility.
224      */
225     qemu_fdt_setprop_cell(fdt, "/", "machine-version-major", 0);
226     qemu_fdt_setprop_cell(fdt, "/", "machine-version-minor", 3);
227 
228     if (ms->numa_state->have_numa_distance) {
229         int size = nb_numa_nodes * nb_numa_nodes * 3 * sizeof(uint32_t);
230         uint32_t *matrix = g_malloc0(size);
231         int idx, i, j;
232 
233         for (i = 0; i < nb_numa_nodes; i++) {
234             for (j = 0; j < nb_numa_nodes; j++) {
235                 idx = (i * nb_numa_nodes + j) * 3;
236                 matrix[idx + 0] = cpu_to_be32(i);
237                 matrix[idx + 1] = cpu_to_be32(j);
238                 matrix[idx + 2] =
239                     cpu_to_be32(ms->numa_state->nodes[i].distance[j]);
240             }
241         }
242 
243         qemu_fdt_add_subnode(fdt, "/distance-map");
244         qemu_fdt_setprop(fdt, "/distance-map", "distance-matrix",
245                          matrix, size);
246         g_free(matrix);
247     }
248 
249     /*
250      * From Documentation/devicetree/bindings/arm/cpus.yaml
251      *  On ARM v8 64-bit systems this property is required
252      *    and matches the MPIDR_EL1 register affinity bits.
253      *
254      *    * If cpus node's #address-cells property is set to 2
255      *
256      *      The first reg cell bits [7:0] must be set to
257      *      bits [39:32] of MPIDR_EL1.
258      *
259      *      The second reg cell bits [23:0] must be set to
260      *      bits [23:0] of MPIDR_EL1.
261      */
262     qemu_fdt_add_subnode(sms->fdt, "/cpus");
263     qemu_fdt_setprop_cell(sms->fdt, "/cpus", "#address-cells", 2);
264     qemu_fdt_setprop_cell(sms->fdt, "/cpus", "#size-cells", 0x0);
265 
266     for (cpu = sms->smp_cpus - 1; cpu >= 0; cpu--) {
267         char *nodename = g_strdup_printf("/cpus/cpu@%d", cpu);
268         ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(cpu));
269         CPUState *cs = CPU(armcpu);
270         uint64_t mpidr = sbsa_ref_cpu_mp_affinity(sms, cpu);
271 
272         qemu_fdt_add_subnode(sms->fdt, nodename);
273         qemu_fdt_setprop_u64(sms->fdt, nodename, "reg", mpidr);
274 
275         if (ms->possible_cpus->cpus[cs->cpu_index].props.has_node_id) {
276             qemu_fdt_setprop_cell(sms->fdt, nodename, "numa-node-id",
277                 ms->possible_cpus->cpus[cs->cpu_index].props.node_id);
278         }
279 
280         g_free(nodename);
281     }
282 
283     sbsa_fdt_add_gic_node(sms);
284 }
285 
286 #define SBSA_FLASH_SECTOR_SIZE (256 * KiB)
287 
288 static PFlashCFI01 *sbsa_flash_create1(SBSAMachineState *sms,
289                                         const char *name,
290                                         const char *alias_prop_name)
291 {
292     /*
293      * Create a single flash device.  We use the same parameters as
294      * the flash devices on the Versatile Express board.
295      */
296     DeviceState *dev = qdev_new(TYPE_PFLASH_CFI01);
297 
298     qdev_prop_set_uint64(dev, "sector-length", SBSA_FLASH_SECTOR_SIZE);
299     qdev_prop_set_uint8(dev, "width", 4);
300     qdev_prop_set_uint8(dev, "device-width", 2);
301     qdev_prop_set_bit(dev, "big-endian", false);
302     qdev_prop_set_uint16(dev, "id0", 0x89);
303     qdev_prop_set_uint16(dev, "id1", 0x18);
304     qdev_prop_set_uint16(dev, "id2", 0x00);
305     qdev_prop_set_uint16(dev, "id3", 0x00);
306     qdev_prop_set_string(dev, "name", name);
307     object_property_add_child(OBJECT(sms), name, OBJECT(dev));
308     object_property_add_alias(OBJECT(sms), alias_prop_name,
309                               OBJECT(dev), "drive");
310     return PFLASH_CFI01(dev);
311 }
312 
313 static void sbsa_flash_create(SBSAMachineState *sms)
314 {
315     sms->flash[0] = sbsa_flash_create1(sms, "sbsa.flash0", "pflash0");
316     sms->flash[1] = sbsa_flash_create1(sms, "sbsa.flash1", "pflash1");
317 }
318 
319 static void sbsa_flash_map1(PFlashCFI01 *flash,
320                             hwaddr base, hwaddr size,
321                             MemoryRegion *sysmem)
322 {
323     DeviceState *dev = DEVICE(flash);
324 
325     assert(QEMU_IS_ALIGNED(size, SBSA_FLASH_SECTOR_SIZE));
326     assert(size / SBSA_FLASH_SECTOR_SIZE <= UINT32_MAX);
327     qdev_prop_set_uint32(dev, "num-blocks", size / SBSA_FLASH_SECTOR_SIZE);
328     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
329 
330     memory_region_add_subregion(sysmem, base,
331                                 sysbus_mmio_get_region(SYS_BUS_DEVICE(dev),
332                                                        0));
333 }
334 
335 static void sbsa_flash_map(SBSAMachineState *sms,
336                            MemoryRegion *sysmem,
337                            MemoryRegion *secure_sysmem)
338 {
339     /*
340      * Map two flash devices to fill the SBSA_FLASH space in the memmap.
341      * sysmem is the system memory space. secure_sysmem is the secure view
342      * of the system, and the first flash device should be made visible only
343      * there. The second flash device is visible to both secure and nonsecure.
344      */
345     hwaddr flashsize = sbsa_ref_memmap[SBSA_FLASH].size / 2;
346     hwaddr flashbase = sbsa_ref_memmap[SBSA_FLASH].base;
347 
348     sbsa_flash_map1(sms->flash[0], flashbase, flashsize,
349                     secure_sysmem);
350     sbsa_flash_map1(sms->flash[1], flashbase + flashsize, flashsize,
351                     sysmem);
352 }
353 
354 static bool sbsa_firmware_init(SBSAMachineState *sms,
355                                MemoryRegion *sysmem,
356                                MemoryRegion *secure_sysmem)
357 {
358     const char *bios_name;
359     int i;
360     BlockBackend *pflash_blk0;
361 
362     /* Map legacy -drive if=pflash to machine properties */
363     for (i = 0; i < ARRAY_SIZE(sms->flash); i++) {
364         pflash_cfi01_legacy_drive(sms->flash[i],
365                                   drive_get(IF_PFLASH, 0, i));
366     }
367 
368     sbsa_flash_map(sms, sysmem, secure_sysmem);
369 
370     pflash_blk0 = pflash_cfi01_get_blk(sms->flash[0]);
371 
372     bios_name = MACHINE(sms)->firmware;
373     if (bios_name) {
374         char *fname;
375         MemoryRegion *mr;
376         int image_size;
377 
378         if (pflash_blk0) {
379             error_report("The contents of the first flash device may be "
380                          "specified with -bios or with -drive if=pflash... "
381                          "but you cannot use both options at once");
382             exit(1);
383         }
384 
385         /* Fall back to -bios */
386 
387         fname = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
388         if (!fname) {
389             error_report("Could not find ROM image '%s'", bios_name);
390             exit(1);
391         }
392         mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(sms->flash[0]), 0);
393         image_size = load_image_mr(fname, mr);
394         g_free(fname);
395         if (image_size < 0) {
396             error_report("Could not load ROM image '%s'", bios_name);
397             exit(1);
398         }
399     }
400 
401     return pflash_blk0 || bios_name;
402 }
403 
404 static void create_secure_ram(SBSAMachineState *sms,
405                               MemoryRegion *secure_sysmem)
406 {
407     MemoryRegion *secram = g_new(MemoryRegion, 1);
408     hwaddr base = sbsa_ref_memmap[SBSA_SECURE_MEM].base;
409     hwaddr size = sbsa_ref_memmap[SBSA_SECURE_MEM].size;
410 
411     memory_region_init_ram(secram, NULL, "sbsa-ref.secure-ram", size,
412                            &error_fatal);
413     memory_region_add_subregion(secure_sysmem, base, secram);
414 }
415 
416 static void create_its(SBSAMachineState *sms)
417 {
418     const char *itsclass = its_class_name();
419     DeviceState *dev;
420 
421     dev = qdev_new(itsclass);
422 
423     object_property_set_link(OBJECT(dev), "parent-gicv3", OBJECT(sms->gic),
424                              &error_abort);
425     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
426     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, sbsa_ref_memmap[SBSA_GIC_ITS].base);
427 }
428 
429 static void create_gic(SBSAMachineState *sms, MemoryRegion *mem)
430 {
431     unsigned int smp_cpus = MACHINE(sms)->smp.cpus;
432     SysBusDevice *gicbusdev;
433     const char *gictype;
434     uint32_t redist0_capacity, redist0_count;
435     QList *redist_region_count;
436     int i;
437 
438     gictype = gicv3_class_name();
439 
440     sms->gic = qdev_new(gictype);
441     qdev_prop_set_uint32(sms->gic, "revision", 3);
442     qdev_prop_set_uint32(sms->gic, "num-cpu", smp_cpus);
443     /*
444      * Note that the num-irq property counts both internal and external
445      * interrupts; there are always 32 of the former (mandated by GIC spec).
446      */
447     qdev_prop_set_uint32(sms->gic, "num-irq", NUM_IRQS + 32);
448     qdev_prop_set_bit(sms->gic, "has-security-extensions", true);
449 
450     redist0_capacity =
451                 sbsa_ref_memmap[SBSA_GIC_REDIST].size / GICV3_REDIST_SIZE;
452     redist0_count = MIN(smp_cpus, redist0_capacity);
453 
454     redist_region_count = qlist_new();
455     qlist_append_int(redist_region_count, redist0_count);
456     qdev_prop_set_array(sms->gic, "redist-region-count", redist_region_count);
457 
458     object_property_set_link(OBJECT(sms->gic), "sysmem",
459                              OBJECT(mem), &error_fatal);
460     qdev_prop_set_bit(sms->gic, "has-lpi", true);
461 
462     gicbusdev = SYS_BUS_DEVICE(sms->gic);
463     sysbus_realize_and_unref(gicbusdev, &error_fatal);
464     sysbus_mmio_map(gicbusdev, 0, sbsa_ref_memmap[SBSA_GIC_DIST].base);
465     sysbus_mmio_map(gicbusdev, 1, sbsa_ref_memmap[SBSA_GIC_REDIST].base);
466 
467     /*
468      * Wire the outputs from each CPU's generic timer and the GICv3
469      * maintenance interrupt signal to the appropriate GIC PPI inputs,
470      * and the GIC's IRQ/FIQ/VIRQ/VFIQ interrupt outputs to the CPU's inputs.
471      */
472     for (i = 0; i < smp_cpus; i++) {
473         DeviceState *cpudev = DEVICE(qemu_get_cpu(i));
474         int intidbase = NUM_IRQS + i * GIC_INTERNAL;
475         int irq;
476         /*
477          * Mapping from the output timer irq lines from the CPU to the
478          * GIC PPI inputs used for this board.
479          */
480         const int timer_irq[] = {
481             [GTIMER_PHYS] = ARCH_TIMER_NS_EL1_IRQ,
482             [GTIMER_VIRT] = ARCH_TIMER_VIRT_IRQ,
483             [GTIMER_HYP]  = ARCH_TIMER_NS_EL2_IRQ,
484             [GTIMER_SEC]  = ARCH_TIMER_S_EL1_IRQ,
485             [GTIMER_HYPVIRT] = ARCH_TIMER_NS_EL2_VIRT_IRQ,
486         };
487 
488         for (irq = 0; irq < ARRAY_SIZE(timer_irq); irq++) {
489             qdev_connect_gpio_out(cpudev, irq,
490                                   qdev_get_gpio_in(sms->gic,
491                                                    intidbase + timer_irq[irq]));
492         }
493 
494         qdev_connect_gpio_out_named(cpudev, "gicv3-maintenance-interrupt", 0,
495                                     qdev_get_gpio_in(sms->gic,
496                                                      intidbase
497                                                      + ARCH_GIC_MAINT_IRQ));
498 
499         qdev_connect_gpio_out_named(cpudev, "pmu-interrupt", 0,
500                                     qdev_get_gpio_in(sms->gic,
501                                                      intidbase
502                                                      + VIRTUAL_PMU_IRQ));
503 
504         sysbus_connect_irq(gicbusdev, i, qdev_get_gpio_in(cpudev, ARM_CPU_IRQ));
505         sysbus_connect_irq(gicbusdev, i + smp_cpus,
506                            qdev_get_gpio_in(cpudev, ARM_CPU_FIQ));
507         sysbus_connect_irq(gicbusdev, i + 2 * smp_cpus,
508                            qdev_get_gpio_in(cpudev, ARM_CPU_VIRQ));
509         sysbus_connect_irq(gicbusdev, i + 3 * smp_cpus,
510                            qdev_get_gpio_in(cpudev, ARM_CPU_VFIQ));
511     }
512     create_its(sms);
513 }
514 
515 static void create_uart(const SBSAMachineState *sms, int uart,
516                         MemoryRegion *mem, Chardev *chr)
517 {
518     hwaddr base = sbsa_ref_memmap[uart].base;
519     int irq = sbsa_ref_irqmap[uart];
520     DeviceState *dev = qdev_new(TYPE_PL011);
521     SysBusDevice *s = SYS_BUS_DEVICE(dev);
522 
523     qdev_prop_set_chr(dev, "chardev", chr);
524     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
525     memory_region_add_subregion(mem, base,
526                                 sysbus_mmio_get_region(s, 0));
527     sysbus_connect_irq(s, 0, qdev_get_gpio_in(sms->gic, irq));
528 }
529 
530 static void create_rtc(const SBSAMachineState *sms)
531 {
532     hwaddr base = sbsa_ref_memmap[SBSA_RTC].base;
533     int irq = sbsa_ref_irqmap[SBSA_RTC];
534 
535     sysbus_create_simple("pl031", base, qdev_get_gpio_in(sms->gic, irq));
536 }
537 
538 static void create_wdt(const SBSAMachineState *sms)
539 {
540     hwaddr rbase = sbsa_ref_memmap[SBSA_GWDT_REFRESH].base;
541     hwaddr cbase = sbsa_ref_memmap[SBSA_GWDT_CONTROL].base;
542     DeviceState *dev = qdev_new(TYPE_WDT_SBSA);
543     SysBusDevice *s = SYS_BUS_DEVICE(dev);
544     int irq = sbsa_ref_irqmap[SBSA_GWDT_WS0];
545 
546     qdev_prop_set_uint64(dev, "clock-frequency", SBSA_GTIMER_HZ);
547     sysbus_realize_and_unref(s, &error_fatal);
548     sysbus_mmio_map(s, 0, rbase);
549     sysbus_mmio_map(s, 1, cbase);
550     sysbus_connect_irq(s, 0, qdev_get_gpio_in(sms->gic, irq));
551 }
552 
553 static DeviceState *gpio_key_dev;
554 static void sbsa_ref_powerdown_req(Notifier *n, void *opaque)
555 {
556     /* use gpio Pin 3 for power button event */
557     qemu_set_irq(qdev_get_gpio_in(gpio_key_dev, 0), 1);
558 }
559 
560 static Notifier sbsa_ref_powerdown_notifier = {
561     .notify = sbsa_ref_powerdown_req
562 };
563 
564 static void create_gpio(const SBSAMachineState *sms)
565 {
566     DeviceState *pl061_dev;
567     hwaddr base = sbsa_ref_memmap[SBSA_GPIO].base;
568     int irq = sbsa_ref_irqmap[SBSA_GPIO];
569 
570     pl061_dev = sysbus_create_simple("pl061", base,
571                                      qdev_get_gpio_in(sms->gic, irq));
572 
573     gpio_key_dev = sysbus_create_simple("gpio-key", -1,
574                                         qdev_get_gpio_in(pl061_dev, 3));
575 
576     /* connect powerdown request */
577     qemu_register_powerdown_notifier(&sbsa_ref_powerdown_notifier);
578 }
579 
580 static void create_ahci(const SBSAMachineState *sms)
581 {
582     hwaddr base = sbsa_ref_memmap[SBSA_AHCI].base;
583     int irq = sbsa_ref_irqmap[SBSA_AHCI];
584     DeviceState *dev;
585     DriveInfo *hd[NUM_SATA_PORTS];
586     SysbusAHCIState *sysahci;
587 
588     dev = qdev_new("sysbus-ahci");
589     qdev_prop_set_uint32(dev, "num-ports", NUM_SATA_PORTS);
590     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
591     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
592     sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, qdev_get_gpio_in(sms->gic, irq));
593 
594     sysahci = SYSBUS_AHCI(dev);
595     ide_drive_get(hd, ARRAY_SIZE(hd));
596     ahci_ide_create_devs(&sysahci->ahci, hd);
597 }
598 
599 static void create_xhci(const SBSAMachineState *sms)
600 {
601     hwaddr base = sbsa_ref_memmap[SBSA_XHCI].base;
602     int irq = sbsa_ref_irqmap[SBSA_XHCI];
603     DeviceState *dev = qdev_new(TYPE_XHCI_SYSBUS);
604     qdev_prop_set_uint32(dev, "slots", XHCI_MAXSLOTS);
605 
606     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
607     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
608     sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, qdev_get_gpio_in(sms->gic, irq));
609 }
610 
611 static void create_smmu(const SBSAMachineState *sms, PCIBus *bus)
612 {
613     hwaddr base = sbsa_ref_memmap[SBSA_SMMU].base;
614     int irq =  sbsa_ref_irqmap[SBSA_SMMU];
615     DeviceState *dev;
616     int i;
617 
618     dev = qdev_new(TYPE_ARM_SMMUV3);
619 
620     object_property_set_link(OBJECT(dev), "primary-bus", OBJECT(bus),
621                              &error_abort);
622     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
623     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
624     for (i = 0; i < NUM_SMMU_IRQS; i++) {
625         sysbus_connect_irq(SYS_BUS_DEVICE(dev), i,
626                            qdev_get_gpio_in(sms->gic, irq + i));
627     }
628 }
629 
630 static void create_pcie(SBSAMachineState *sms)
631 {
632     hwaddr base_ecam = sbsa_ref_memmap[SBSA_PCIE_ECAM].base;
633     hwaddr size_ecam = sbsa_ref_memmap[SBSA_PCIE_ECAM].size;
634     hwaddr base_mmio = sbsa_ref_memmap[SBSA_PCIE_MMIO].base;
635     hwaddr size_mmio = sbsa_ref_memmap[SBSA_PCIE_MMIO].size;
636     hwaddr base_mmio_high = sbsa_ref_memmap[SBSA_PCIE_MMIO_HIGH].base;
637     hwaddr size_mmio_high = sbsa_ref_memmap[SBSA_PCIE_MMIO_HIGH].size;
638     hwaddr base_pio = sbsa_ref_memmap[SBSA_PCIE_PIO].base;
639     int irq = sbsa_ref_irqmap[SBSA_PCIE];
640     MachineClass *mc = MACHINE_GET_CLASS(sms);
641     MemoryRegion *mmio_alias, *mmio_alias_high, *mmio_reg;
642     MemoryRegion *ecam_alias, *ecam_reg;
643     DeviceState *dev;
644     PCIHostState *pci;
645     int i;
646 
647     dev = qdev_new(TYPE_GPEX_HOST);
648     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
649 
650     /* Map ECAM space */
651     ecam_alias = g_new0(MemoryRegion, 1);
652     ecam_reg = sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 0);
653     memory_region_init_alias(ecam_alias, OBJECT(dev), "pcie-ecam",
654                              ecam_reg, 0, size_ecam);
655     memory_region_add_subregion(get_system_memory(), base_ecam, ecam_alias);
656 
657     /* Map the MMIO space */
658     mmio_alias = g_new0(MemoryRegion, 1);
659     mmio_reg = sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 1);
660     memory_region_init_alias(mmio_alias, OBJECT(dev), "pcie-mmio",
661                              mmio_reg, base_mmio, size_mmio);
662     memory_region_add_subregion(get_system_memory(), base_mmio, mmio_alias);
663 
664     /* Map the MMIO_HIGH space */
665     mmio_alias_high = g_new0(MemoryRegion, 1);
666     memory_region_init_alias(mmio_alias_high, OBJECT(dev), "pcie-mmio-high",
667                              mmio_reg, base_mmio_high, size_mmio_high);
668     memory_region_add_subregion(get_system_memory(), base_mmio_high,
669                                 mmio_alias_high);
670 
671     /* Map IO port space */
672     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 2, base_pio);
673 
674     for (i = 0; i < GPEX_NUM_IRQS; i++) {
675         sysbus_connect_irq(SYS_BUS_DEVICE(dev), i,
676                            qdev_get_gpio_in(sms->gic, irq + i));
677         gpex_set_irq_num(GPEX_HOST(dev), i, irq + i);
678     }
679 
680     pci = PCI_HOST_BRIDGE(dev);
681 
682     pci_init_nic_devices(pci->bus, mc->default_nic);
683 
684     pci_create_simple(pci->bus, -1, "bochs-display");
685 
686     create_smmu(sms, pci->bus);
687 }
688 
689 static void *sbsa_ref_dtb(const struct arm_boot_info *binfo, int *fdt_size)
690 {
691     const SBSAMachineState *board = container_of(binfo, SBSAMachineState,
692                                                  bootinfo);
693 
694     *fdt_size = board->fdt_size;
695     return board->fdt;
696 }
697 
698 static void create_secure_ec(MemoryRegion *mem)
699 {
700     hwaddr base = sbsa_ref_memmap[SBSA_SECURE_EC].base;
701     DeviceState *dev = qdev_new("sbsa-ec");
702     SysBusDevice *s = SYS_BUS_DEVICE(dev);
703 
704     memory_region_add_subregion(mem, base,
705                                 sysbus_mmio_get_region(s, 0));
706 }
707 
708 static void sbsa_ref_init(MachineState *machine)
709 {
710     unsigned int smp_cpus = machine->smp.cpus;
711     unsigned int max_cpus = machine->smp.max_cpus;
712     SBSAMachineState *sms = SBSA_MACHINE(machine);
713     MachineClass *mc = MACHINE_GET_CLASS(machine);
714     MemoryRegion *sysmem = get_system_memory();
715     MemoryRegion *secure_sysmem = g_new(MemoryRegion, 1);
716     bool firmware_loaded;
717     const CPUArchIdList *possible_cpus;
718     int n, sbsa_max_cpus;
719 
720     if (kvm_enabled()) {
721         error_report("sbsa-ref: KVM is not supported for this machine");
722         exit(1);
723     }
724 
725     /*
726      * The Secure view of the world is the same as the NonSecure,
727      * but with a few extra devices. Create it as a container region
728      * containing the system memory at low priority; any secure-only
729      * devices go in at higher priority and take precedence.
730      */
731     memory_region_init(secure_sysmem, OBJECT(machine), "secure-memory",
732                        UINT64_MAX);
733     memory_region_add_subregion_overlap(secure_sysmem, 0, sysmem, -1);
734 
735     firmware_loaded = sbsa_firmware_init(sms, sysmem, secure_sysmem);
736 
737     /*
738      * This machine has EL3 enabled, external firmware should supply PSCI
739      * implementation, so the QEMU's internal PSCI is disabled.
740      */
741     sms->psci_conduit = QEMU_PSCI_CONDUIT_DISABLED;
742 
743     sbsa_max_cpus = sbsa_ref_memmap[SBSA_GIC_REDIST].size / GICV3_REDIST_SIZE;
744 
745     if (max_cpus > sbsa_max_cpus) {
746         error_report("Number of SMP CPUs requested (%d) exceeds max CPUs "
747                      "supported by machine 'sbsa-ref' (%d)",
748                      max_cpus, sbsa_max_cpus);
749         exit(1);
750     }
751 
752     sms->smp_cpus = smp_cpus;
753 
754     if (machine->ram_size > sbsa_ref_memmap[SBSA_MEM].size) {
755         error_report("sbsa-ref: cannot model more than %dGB RAM", RAMLIMIT_GB);
756         exit(1);
757     }
758 
759     possible_cpus = mc->possible_cpu_arch_ids(machine);
760     for (n = 0; n < possible_cpus->len; n++) {
761         Object *cpuobj;
762         CPUState *cs;
763 
764         if (n >= smp_cpus) {
765             break;
766         }
767 
768         cpuobj = object_new(possible_cpus->cpus[n].type);
769         object_property_set_int(cpuobj, "mp-affinity",
770                                 possible_cpus->cpus[n].arch_id, NULL);
771 
772         cs = CPU(cpuobj);
773         cs->cpu_index = n;
774 
775         numa_cpu_pre_plug(&possible_cpus->cpus[cs->cpu_index], DEVICE(cpuobj),
776                           &error_fatal);
777 
778         if (object_property_find(cpuobj, "reset-cbar")) {
779             object_property_set_int(cpuobj, "reset-cbar",
780                                     sbsa_ref_memmap[SBSA_CPUPERIPHS].base,
781                                     &error_abort);
782         }
783 
784         object_property_set_int(cpuobj, "cntfrq", SBSA_GTIMER_HZ, &error_abort);
785 
786         object_property_set_link(cpuobj, "memory", OBJECT(sysmem),
787                                  &error_abort);
788 
789         object_property_set_link(cpuobj, "secure-memory",
790                                  OBJECT(secure_sysmem), &error_abort);
791 
792         qdev_realize(DEVICE(cpuobj), NULL, &error_fatal);
793         object_unref(cpuobj);
794     }
795 
796     memory_region_add_subregion(sysmem, sbsa_ref_memmap[SBSA_MEM].base,
797                                 machine->ram);
798 
799     create_fdt(sms);
800 
801     create_secure_ram(sms, secure_sysmem);
802 
803     create_gic(sms, sysmem);
804 
805     create_uart(sms, SBSA_UART, sysmem, serial_hd(0));
806     create_uart(sms, SBSA_SECURE_UART, secure_sysmem, serial_hd(1));
807     /* Second secure UART for RAS and MM from EL0 */
808     create_uart(sms, SBSA_SECURE_UART_MM, secure_sysmem, serial_hd(2));
809 
810     create_rtc(sms);
811 
812     create_wdt(sms);
813 
814     create_gpio(sms);
815 
816     create_ahci(sms);
817 
818     create_xhci(sms);
819 
820     create_pcie(sms);
821 
822     create_secure_ec(secure_sysmem);
823 
824     sms->bootinfo.ram_size = machine->ram_size;
825     sms->bootinfo.board_id = -1;
826     sms->bootinfo.loader_start = sbsa_ref_memmap[SBSA_MEM].base;
827     sms->bootinfo.get_dtb = sbsa_ref_dtb;
828     sms->bootinfo.firmware_loaded = firmware_loaded;
829     arm_load_kernel(ARM_CPU(first_cpu), machine, &sms->bootinfo);
830 }
831 
832 static const CPUArchIdList *sbsa_ref_possible_cpu_arch_ids(MachineState *ms)
833 {
834     unsigned int max_cpus = ms->smp.max_cpus;
835     SBSAMachineState *sms = SBSA_MACHINE(ms);
836     int n;
837 
838     if (ms->possible_cpus) {
839         assert(ms->possible_cpus->len == max_cpus);
840         return ms->possible_cpus;
841     }
842 
843     ms->possible_cpus = g_malloc0(sizeof(CPUArchIdList) +
844                                   sizeof(CPUArchId) * max_cpus);
845     ms->possible_cpus->len = max_cpus;
846     for (n = 0; n < ms->possible_cpus->len; n++) {
847         ms->possible_cpus->cpus[n].type = ms->cpu_type;
848         ms->possible_cpus->cpus[n].arch_id =
849             sbsa_ref_cpu_mp_affinity(sms, n);
850         ms->possible_cpus->cpus[n].props.has_thread_id = true;
851         ms->possible_cpus->cpus[n].props.thread_id = n;
852     }
853     return ms->possible_cpus;
854 }
855 
856 static CpuInstanceProperties
857 sbsa_ref_cpu_index_to_props(MachineState *ms, unsigned cpu_index)
858 {
859     MachineClass *mc = MACHINE_GET_CLASS(ms);
860     const CPUArchIdList *possible_cpus = mc->possible_cpu_arch_ids(ms);
861 
862     assert(cpu_index < possible_cpus->len);
863     return possible_cpus->cpus[cpu_index].props;
864 }
865 
866 static int64_t
867 sbsa_ref_get_default_cpu_node_id(const MachineState *ms, int idx)
868 {
869     return idx % ms->numa_state->num_nodes;
870 }
871 
872 static void sbsa_ref_instance_init(Object *obj)
873 {
874     SBSAMachineState *sms = SBSA_MACHINE(obj);
875 
876     sbsa_flash_create(sms);
877 }
878 
879 static void sbsa_ref_class_init(ObjectClass *oc, void *data)
880 {
881     MachineClass *mc = MACHINE_CLASS(oc);
882     static const char * const valid_cpu_types[] = {
883         ARM_CPU_TYPE_NAME("cortex-a57"),
884         ARM_CPU_TYPE_NAME("cortex-a72"),
885         ARM_CPU_TYPE_NAME("neoverse-n1"),
886         ARM_CPU_TYPE_NAME("neoverse-v1"),
887         ARM_CPU_TYPE_NAME("neoverse-n2"),
888         ARM_CPU_TYPE_NAME("max"),
889         NULL,
890     };
891 
892     mc->init = sbsa_ref_init;
893     mc->desc = "QEMU 'SBSA Reference' ARM Virtual Machine";
894     mc->default_cpu_type = ARM_CPU_TYPE_NAME("neoverse-n2");
895     mc->valid_cpu_types = valid_cpu_types;
896     mc->max_cpus = 512;
897     mc->pci_allow_0_address = true;
898     mc->minimum_page_bits = 12;
899     mc->block_default_type = IF_IDE;
900     mc->no_cdrom = 1;
901     mc->default_nic = "e1000e";
902     mc->default_ram_size = 1 * GiB;
903     mc->default_ram_id = "sbsa-ref.ram";
904     mc->default_cpus = 4;
905     mc->possible_cpu_arch_ids = sbsa_ref_possible_cpu_arch_ids;
906     mc->cpu_index_to_instance_props = sbsa_ref_cpu_index_to_props;
907     mc->get_default_cpu_node_id = sbsa_ref_get_default_cpu_node_id;
908     /* platform instead of architectural choice */
909     mc->cpu_cluster_has_numa_boundary = true;
910 }
911 
912 static const TypeInfo sbsa_ref_info = {
913     .name          = TYPE_SBSA_MACHINE,
914     .parent        = TYPE_MACHINE,
915     .instance_init = sbsa_ref_instance_init,
916     .class_init    = sbsa_ref_class_init,
917     .instance_size = sizeof(SBSAMachineState),
918 };
919 
920 static void sbsa_ref_machine_init(void)
921 {
922     type_register_static(&sbsa_ref_info);
923 }
924 
925 type_init(sbsa_ref_machine_init);
926