1 /* 2 * ARM mach-virt emulation 3 * 4 * Copyright (c) 2013 Linaro Limited 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms and conditions of the GNU General Public License, 8 * version 2 or later, as published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 13 * more details. 14 * 15 * You should have received a copy of the GNU General Public License along with 16 * this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 * Emulate a virtual board which works by passing Linux all the information 19 * it needs about what devices are present via the device tree. 20 * There are some restrictions about what we can do here: 21 * + we can only present devices whose Linux drivers will work based 22 * purely on the device tree with no platform data at all 23 * + we want to present a very stripped-down minimalist platform, 24 * both because this reduces the security attack surface from the guest 25 * and also because it reduces our exposure to being broken when 26 * the kernel updates its device tree bindings and requires further 27 * information in a device binding that we aren't providing. 28 * This is essentially the same approach kvmtool uses. 29 */ 30 31 #include "hw/sysbus.h" 32 #include "hw/arm/arm.h" 33 #include "hw/arm/primecell.h" 34 #include "hw/arm/virt.h" 35 #include "hw/devices.h" 36 #include "net/net.h" 37 #include "sysemu/block-backend.h" 38 #include "sysemu/device_tree.h" 39 #include "sysemu/sysemu.h" 40 #include "sysemu/kvm.h" 41 #include "hw/boards.h" 42 #include "hw/loader.h" 43 #include "exec/address-spaces.h" 44 #include "qemu/bitops.h" 45 #include "qemu/error-report.h" 46 #include "hw/pci-host/gpex.h" 47 #include "hw/arm/virt-acpi-build.h" 48 49 /* Number of external interrupt lines to configure the GIC with */ 50 #define NUM_IRQS 128 51 52 #define GIC_FDT_IRQ_TYPE_SPI 0 53 #define GIC_FDT_IRQ_TYPE_PPI 1 54 55 #define GIC_FDT_IRQ_FLAGS_EDGE_LO_HI 1 56 #define GIC_FDT_IRQ_FLAGS_EDGE_HI_LO 2 57 #define GIC_FDT_IRQ_FLAGS_LEVEL_HI 4 58 #define GIC_FDT_IRQ_FLAGS_LEVEL_LO 8 59 60 #define GIC_FDT_IRQ_PPI_CPU_START 8 61 #define GIC_FDT_IRQ_PPI_CPU_WIDTH 8 62 63 typedef struct VirtBoardInfo { 64 struct arm_boot_info bootinfo; 65 const char *cpu_model; 66 const MemMapEntry *memmap; 67 const int *irqmap; 68 int smp_cpus; 69 void *fdt; 70 int fdt_size; 71 uint32_t clock_phandle; 72 uint32_t gic_phandle; 73 uint32_t v2m_phandle; 74 } VirtBoardInfo; 75 76 typedef struct { 77 MachineClass parent; 78 VirtBoardInfo *daughterboard; 79 } VirtMachineClass; 80 81 typedef struct { 82 MachineState parent; 83 bool secure; 84 } VirtMachineState; 85 86 #define TYPE_VIRT_MACHINE "virt" 87 #define VIRT_MACHINE(obj) \ 88 OBJECT_CHECK(VirtMachineState, (obj), TYPE_VIRT_MACHINE) 89 #define VIRT_MACHINE_GET_CLASS(obj) \ 90 OBJECT_GET_CLASS(VirtMachineClass, obj, TYPE_VIRT_MACHINE) 91 #define VIRT_MACHINE_CLASS(klass) \ 92 OBJECT_CLASS_CHECK(VirtMachineClass, klass, TYPE_VIRT_MACHINE) 93 94 /* Addresses and sizes of our components. 95 * 0..128MB is space for a flash device so we can run bootrom code such as UEFI. 96 * 128MB..256MB is used for miscellaneous device I/O. 97 * 256MB..1GB is reserved for possible future PCI support (ie where the 98 * PCI memory window will go if we add a PCI host controller). 99 * 1GB and up is RAM (which may happily spill over into the 100 * high memory region beyond 4GB). 101 * This represents a compromise between how much RAM can be given to 102 * a 32 bit VM and leaving space for expansion and in particular for PCI. 103 * Note that devices should generally be placed at multiples of 0x10000, 104 * to accommodate guests using 64K pages. 105 */ 106 static const MemMapEntry a15memmap[] = { 107 /* Space up to 0x8000000 is reserved for a boot ROM */ 108 [VIRT_FLASH] = { 0, 0x08000000 }, 109 [VIRT_CPUPERIPHS] = { 0x08000000, 0x00020000 }, 110 /* GIC distributor and CPU interfaces sit inside the CPU peripheral space */ 111 [VIRT_GIC_DIST] = { 0x08000000, 0x00010000 }, 112 [VIRT_GIC_CPU] = { 0x08010000, 0x00010000 }, 113 [VIRT_GIC_V2M] = { 0x08020000, 0x00001000 }, 114 [VIRT_UART] = { 0x09000000, 0x00001000 }, 115 [VIRT_RTC] = { 0x09010000, 0x00001000 }, 116 [VIRT_FW_CFG] = { 0x09020000, 0x0000000a }, 117 [VIRT_MMIO] = { 0x0a000000, 0x00000200 }, 118 /* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that size */ 119 [VIRT_PCIE_MMIO] = { 0x10000000, 0x2eff0000 }, 120 [VIRT_PCIE_PIO] = { 0x3eff0000, 0x00010000 }, 121 [VIRT_PCIE_ECAM] = { 0x3f000000, 0x01000000 }, 122 [VIRT_MEM] = { 0x40000000, 30ULL * 1024 * 1024 * 1024 }, 123 }; 124 125 static const int a15irqmap[] = { 126 [VIRT_UART] = 1, 127 [VIRT_RTC] = 2, 128 [VIRT_PCIE] = 3, /* ... to 6 */ 129 [VIRT_MMIO] = 16, /* ...to 16 + NUM_VIRTIO_TRANSPORTS - 1 */ 130 [VIRT_GIC_V2M] = 48, /* ...to 48 + NUM_GICV2M_SPIS - 1 */ 131 }; 132 133 static VirtBoardInfo machines[] = { 134 { 135 .cpu_model = "cortex-a15", 136 .memmap = a15memmap, 137 .irqmap = a15irqmap, 138 }, 139 { 140 .cpu_model = "cortex-a57", 141 .memmap = a15memmap, 142 .irqmap = a15irqmap, 143 }, 144 { 145 .cpu_model = "host", 146 .memmap = a15memmap, 147 .irqmap = a15irqmap, 148 }, 149 }; 150 151 static VirtBoardInfo *find_machine_info(const char *cpu) 152 { 153 int i; 154 155 for (i = 0; i < ARRAY_SIZE(machines); i++) { 156 if (strcmp(cpu, machines[i].cpu_model) == 0) { 157 return &machines[i]; 158 } 159 } 160 return NULL; 161 } 162 163 static void create_fdt(VirtBoardInfo *vbi) 164 { 165 void *fdt = create_device_tree(&vbi->fdt_size); 166 167 if (!fdt) { 168 error_report("create_device_tree() failed"); 169 exit(1); 170 } 171 172 vbi->fdt = fdt; 173 174 /* Header */ 175 qemu_fdt_setprop_string(fdt, "/", "compatible", "linux,dummy-virt"); 176 qemu_fdt_setprop_cell(fdt, "/", "#address-cells", 0x2); 177 qemu_fdt_setprop_cell(fdt, "/", "#size-cells", 0x2); 178 179 /* 180 * /chosen and /memory nodes must exist for load_dtb 181 * to fill in necessary properties later 182 */ 183 qemu_fdt_add_subnode(fdt, "/chosen"); 184 qemu_fdt_add_subnode(fdt, "/memory"); 185 qemu_fdt_setprop_string(fdt, "/memory", "device_type", "memory"); 186 187 /* Clock node, for the benefit of the UART. The kernel device tree 188 * binding documentation claims the PL011 node clock properties are 189 * optional but in practice if you omit them the kernel refuses to 190 * probe for the device. 191 */ 192 vbi->clock_phandle = qemu_fdt_alloc_phandle(fdt); 193 qemu_fdt_add_subnode(fdt, "/apb-pclk"); 194 qemu_fdt_setprop_string(fdt, "/apb-pclk", "compatible", "fixed-clock"); 195 qemu_fdt_setprop_cell(fdt, "/apb-pclk", "#clock-cells", 0x0); 196 qemu_fdt_setprop_cell(fdt, "/apb-pclk", "clock-frequency", 24000000); 197 qemu_fdt_setprop_string(fdt, "/apb-pclk", "clock-output-names", 198 "clk24mhz"); 199 qemu_fdt_setprop_cell(fdt, "/apb-pclk", "phandle", vbi->clock_phandle); 200 201 } 202 203 static void fdt_add_psci_node(const VirtBoardInfo *vbi) 204 { 205 uint32_t cpu_suspend_fn; 206 uint32_t cpu_off_fn; 207 uint32_t cpu_on_fn; 208 uint32_t migrate_fn; 209 void *fdt = vbi->fdt; 210 ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(0)); 211 212 qemu_fdt_add_subnode(fdt, "/psci"); 213 if (armcpu->psci_version == 2) { 214 const char comp[] = "arm,psci-0.2\0arm,psci"; 215 qemu_fdt_setprop(fdt, "/psci", "compatible", comp, sizeof(comp)); 216 217 cpu_off_fn = QEMU_PSCI_0_2_FN_CPU_OFF; 218 if (arm_feature(&armcpu->env, ARM_FEATURE_AARCH64)) { 219 cpu_suspend_fn = QEMU_PSCI_0_2_FN64_CPU_SUSPEND; 220 cpu_on_fn = QEMU_PSCI_0_2_FN64_CPU_ON; 221 migrate_fn = QEMU_PSCI_0_2_FN64_MIGRATE; 222 } else { 223 cpu_suspend_fn = QEMU_PSCI_0_2_FN_CPU_SUSPEND; 224 cpu_on_fn = QEMU_PSCI_0_2_FN_CPU_ON; 225 migrate_fn = QEMU_PSCI_0_2_FN_MIGRATE; 226 } 227 } else { 228 qemu_fdt_setprop_string(fdt, "/psci", "compatible", "arm,psci"); 229 230 cpu_suspend_fn = QEMU_PSCI_0_1_FN_CPU_SUSPEND; 231 cpu_off_fn = QEMU_PSCI_0_1_FN_CPU_OFF; 232 cpu_on_fn = QEMU_PSCI_0_1_FN_CPU_ON; 233 migrate_fn = QEMU_PSCI_0_1_FN_MIGRATE; 234 } 235 236 /* We adopt the PSCI spec's nomenclature, and use 'conduit' to refer 237 * to the instruction that should be used to invoke PSCI functions. 238 * However, the device tree binding uses 'method' instead, so that is 239 * what we should use here. 240 */ 241 qemu_fdt_setprop_string(fdt, "/psci", "method", "hvc"); 242 243 qemu_fdt_setprop_cell(fdt, "/psci", "cpu_suspend", cpu_suspend_fn); 244 qemu_fdt_setprop_cell(fdt, "/psci", "cpu_off", cpu_off_fn); 245 qemu_fdt_setprop_cell(fdt, "/psci", "cpu_on", cpu_on_fn); 246 qemu_fdt_setprop_cell(fdt, "/psci", "migrate", migrate_fn); 247 } 248 249 static void fdt_add_timer_nodes(const VirtBoardInfo *vbi) 250 { 251 /* Note that on A15 h/w these interrupts are level-triggered, 252 * but for the GIC implementation provided by both QEMU and KVM 253 * they are edge-triggered. 254 */ 255 ARMCPU *armcpu; 256 uint32_t irqflags = GIC_FDT_IRQ_FLAGS_EDGE_LO_HI; 257 258 irqflags = deposit32(irqflags, GIC_FDT_IRQ_PPI_CPU_START, 259 GIC_FDT_IRQ_PPI_CPU_WIDTH, (1 << vbi->smp_cpus) - 1); 260 261 qemu_fdt_add_subnode(vbi->fdt, "/timer"); 262 263 armcpu = ARM_CPU(qemu_get_cpu(0)); 264 if (arm_feature(&armcpu->env, ARM_FEATURE_V8)) { 265 const char compat[] = "arm,armv8-timer\0arm,armv7-timer"; 266 qemu_fdt_setprop(vbi->fdt, "/timer", "compatible", 267 compat, sizeof(compat)); 268 } else { 269 qemu_fdt_setprop_string(vbi->fdt, "/timer", "compatible", 270 "arm,armv7-timer"); 271 } 272 qemu_fdt_setprop_cells(vbi->fdt, "/timer", "interrupts", 273 GIC_FDT_IRQ_TYPE_PPI, ARCH_TIMER_S_EL1_IRQ, irqflags, 274 GIC_FDT_IRQ_TYPE_PPI, ARCH_TIMER_NS_EL1_IRQ, irqflags, 275 GIC_FDT_IRQ_TYPE_PPI, ARCH_TIMER_VIRT_IRQ, irqflags, 276 GIC_FDT_IRQ_TYPE_PPI, ARCH_TIMER_NS_EL2_IRQ, irqflags); 277 } 278 279 static void fdt_add_cpu_nodes(const VirtBoardInfo *vbi) 280 { 281 int cpu; 282 283 qemu_fdt_add_subnode(vbi->fdt, "/cpus"); 284 qemu_fdt_setprop_cell(vbi->fdt, "/cpus", "#address-cells", 0x1); 285 qemu_fdt_setprop_cell(vbi->fdt, "/cpus", "#size-cells", 0x0); 286 287 for (cpu = vbi->smp_cpus - 1; cpu >= 0; cpu--) { 288 char *nodename = g_strdup_printf("/cpus/cpu@%d", cpu); 289 ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(cpu)); 290 291 qemu_fdt_add_subnode(vbi->fdt, nodename); 292 qemu_fdt_setprop_string(vbi->fdt, nodename, "device_type", "cpu"); 293 qemu_fdt_setprop_string(vbi->fdt, nodename, "compatible", 294 armcpu->dtb_compatible); 295 296 if (vbi->smp_cpus > 1) { 297 qemu_fdt_setprop_string(vbi->fdt, nodename, 298 "enable-method", "psci"); 299 } 300 301 qemu_fdt_setprop_cell(vbi->fdt, nodename, "reg", cpu); 302 g_free(nodename); 303 } 304 } 305 306 static void fdt_add_v2m_gic_node(VirtBoardInfo *vbi) 307 { 308 vbi->v2m_phandle = qemu_fdt_alloc_phandle(vbi->fdt); 309 qemu_fdt_add_subnode(vbi->fdt, "/intc/v2m"); 310 qemu_fdt_setprop_string(vbi->fdt, "/intc/v2m", "compatible", 311 "arm,gic-v2m-frame"); 312 qemu_fdt_setprop(vbi->fdt, "/intc/v2m", "msi-controller", NULL, 0); 313 qemu_fdt_setprop_sized_cells(vbi->fdt, "/intc/v2m", "reg", 314 2, vbi->memmap[VIRT_GIC_V2M].base, 315 2, vbi->memmap[VIRT_GIC_V2M].size); 316 qemu_fdt_setprop_cell(vbi->fdt, "/intc/v2m", "phandle", vbi->v2m_phandle); 317 } 318 319 static void fdt_add_gic_node(VirtBoardInfo *vbi) 320 { 321 vbi->gic_phandle = qemu_fdt_alloc_phandle(vbi->fdt); 322 qemu_fdt_setprop_cell(vbi->fdt, "/", "interrupt-parent", vbi->gic_phandle); 323 324 qemu_fdt_add_subnode(vbi->fdt, "/intc"); 325 /* 'cortex-a15-gic' means 'GIC v2' */ 326 qemu_fdt_setprop_string(vbi->fdt, "/intc", "compatible", 327 "arm,cortex-a15-gic"); 328 qemu_fdt_setprop_cell(vbi->fdt, "/intc", "#interrupt-cells", 3); 329 qemu_fdt_setprop(vbi->fdt, "/intc", "interrupt-controller", NULL, 0); 330 qemu_fdt_setprop_sized_cells(vbi->fdt, "/intc", "reg", 331 2, vbi->memmap[VIRT_GIC_DIST].base, 332 2, vbi->memmap[VIRT_GIC_DIST].size, 333 2, vbi->memmap[VIRT_GIC_CPU].base, 334 2, vbi->memmap[VIRT_GIC_CPU].size); 335 qemu_fdt_setprop_cell(vbi->fdt, "/intc", "#address-cells", 0x2); 336 qemu_fdt_setprop_cell(vbi->fdt, "/intc", "#size-cells", 0x2); 337 qemu_fdt_setprop(vbi->fdt, "/intc", "ranges", NULL, 0); 338 qemu_fdt_setprop_cell(vbi->fdt, "/intc", "phandle", vbi->gic_phandle); 339 } 340 341 static void create_v2m(VirtBoardInfo *vbi, qemu_irq *pic) 342 { 343 int i; 344 int irq = vbi->irqmap[VIRT_GIC_V2M]; 345 DeviceState *dev; 346 347 dev = qdev_create(NULL, "arm-gicv2m"); 348 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, vbi->memmap[VIRT_GIC_V2M].base); 349 qdev_prop_set_uint32(dev, "base-spi", irq); 350 qdev_prop_set_uint32(dev, "num-spi", NUM_GICV2M_SPIS); 351 qdev_init_nofail(dev); 352 353 for (i = 0; i < NUM_GICV2M_SPIS; i++) { 354 sysbus_connect_irq(SYS_BUS_DEVICE(dev), i, pic[irq + i]); 355 } 356 357 fdt_add_v2m_gic_node(vbi); 358 } 359 360 static void create_gic(VirtBoardInfo *vbi, qemu_irq *pic) 361 { 362 /* We create a standalone GIC v2 */ 363 DeviceState *gicdev; 364 SysBusDevice *gicbusdev; 365 const char *gictype = "arm_gic"; 366 int i; 367 368 if (kvm_irqchip_in_kernel()) { 369 gictype = "kvm-arm-gic"; 370 } 371 372 gicdev = qdev_create(NULL, gictype); 373 qdev_prop_set_uint32(gicdev, "revision", 2); 374 qdev_prop_set_uint32(gicdev, "num-cpu", smp_cpus); 375 /* Note that the num-irq property counts both internal and external 376 * interrupts; there are always 32 of the former (mandated by GIC spec). 377 */ 378 qdev_prop_set_uint32(gicdev, "num-irq", NUM_IRQS + 32); 379 qdev_init_nofail(gicdev); 380 gicbusdev = SYS_BUS_DEVICE(gicdev); 381 sysbus_mmio_map(gicbusdev, 0, vbi->memmap[VIRT_GIC_DIST].base); 382 sysbus_mmio_map(gicbusdev, 1, vbi->memmap[VIRT_GIC_CPU].base); 383 384 /* Wire the outputs from each CPU's generic timer to the 385 * appropriate GIC PPI inputs, and the GIC's IRQ output to 386 * the CPU's IRQ input. 387 */ 388 for (i = 0; i < smp_cpus; i++) { 389 DeviceState *cpudev = DEVICE(qemu_get_cpu(i)); 390 int ppibase = NUM_IRQS + i * 32; 391 /* physical timer; we wire it up to the non-secure timer's ID, 392 * since a real A15 always has TrustZone but QEMU doesn't. 393 */ 394 qdev_connect_gpio_out(cpudev, 0, 395 qdev_get_gpio_in(gicdev, ppibase + 30)); 396 /* virtual timer */ 397 qdev_connect_gpio_out(cpudev, 1, 398 qdev_get_gpio_in(gicdev, ppibase + 27)); 399 400 sysbus_connect_irq(gicbusdev, i, qdev_get_gpio_in(cpudev, ARM_CPU_IRQ)); 401 sysbus_connect_irq(gicbusdev, i + smp_cpus, 402 qdev_get_gpio_in(cpudev, ARM_CPU_FIQ)); 403 } 404 405 for (i = 0; i < NUM_IRQS; i++) { 406 pic[i] = qdev_get_gpio_in(gicdev, i); 407 } 408 409 fdt_add_gic_node(vbi); 410 411 create_v2m(vbi, pic); 412 } 413 414 static void create_uart(const VirtBoardInfo *vbi, qemu_irq *pic) 415 { 416 char *nodename; 417 hwaddr base = vbi->memmap[VIRT_UART].base; 418 hwaddr size = vbi->memmap[VIRT_UART].size; 419 int irq = vbi->irqmap[VIRT_UART]; 420 const char compat[] = "arm,pl011\0arm,primecell"; 421 const char clocknames[] = "uartclk\0apb_pclk"; 422 423 sysbus_create_simple("pl011", base, pic[irq]); 424 425 nodename = g_strdup_printf("/pl011@%" PRIx64, base); 426 qemu_fdt_add_subnode(vbi->fdt, nodename); 427 /* Note that we can't use setprop_string because of the embedded NUL */ 428 qemu_fdt_setprop(vbi->fdt, nodename, "compatible", 429 compat, sizeof(compat)); 430 qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg", 431 2, base, 2, size); 432 qemu_fdt_setprop_cells(vbi->fdt, nodename, "interrupts", 433 GIC_FDT_IRQ_TYPE_SPI, irq, 434 GIC_FDT_IRQ_FLAGS_LEVEL_HI); 435 qemu_fdt_setprop_cells(vbi->fdt, nodename, "clocks", 436 vbi->clock_phandle, vbi->clock_phandle); 437 qemu_fdt_setprop(vbi->fdt, nodename, "clock-names", 438 clocknames, sizeof(clocknames)); 439 440 qemu_fdt_setprop_string(vbi->fdt, "/chosen", "stdout-path", nodename); 441 g_free(nodename); 442 } 443 444 static void create_rtc(const VirtBoardInfo *vbi, qemu_irq *pic) 445 { 446 char *nodename; 447 hwaddr base = vbi->memmap[VIRT_RTC].base; 448 hwaddr size = vbi->memmap[VIRT_RTC].size; 449 int irq = vbi->irqmap[VIRT_RTC]; 450 const char compat[] = "arm,pl031\0arm,primecell"; 451 452 sysbus_create_simple("pl031", base, pic[irq]); 453 454 nodename = g_strdup_printf("/pl031@%" PRIx64, base); 455 qemu_fdt_add_subnode(vbi->fdt, nodename); 456 qemu_fdt_setprop(vbi->fdt, nodename, "compatible", compat, sizeof(compat)); 457 qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg", 458 2, base, 2, size); 459 qemu_fdt_setprop_cells(vbi->fdt, nodename, "interrupts", 460 GIC_FDT_IRQ_TYPE_SPI, irq, 461 GIC_FDT_IRQ_FLAGS_LEVEL_HI); 462 qemu_fdt_setprop_cell(vbi->fdt, nodename, "clocks", vbi->clock_phandle); 463 qemu_fdt_setprop_string(vbi->fdt, nodename, "clock-names", "apb_pclk"); 464 g_free(nodename); 465 } 466 467 static void create_virtio_devices(const VirtBoardInfo *vbi, qemu_irq *pic) 468 { 469 int i; 470 hwaddr size = vbi->memmap[VIRT_MMIO].size; 471 472 /* We create the transports in forwards order. Since qbus_realize() 473 * prepends (not appends) new child buses, the incrementing loop below will 474 * create a list of virtio-mmio buses with decreasing base addresses. 475 * 476 * When a -device option is processed from the command line, 477 * qbus_find_recursive() picks the next free virtio-mmio bus in forwards 478 * order. The upshot is that -device options in increasing command line 479 * order are mapped to virtio-mmio buses with decreasing base addresses. 480 * 481 * When this code was originally written, that arrangement ensured that the 482 * guest Linux kernel would give the lowest "name" (/dev/vda, eth0, etc) to 483 * the first -device on the command line. (The end-to-end order is a 484 * function of this loop, qbus_realize(), qbus_find_recursive(), and the 485 * guest kernel's name-to-address assignment strategy.) 486 * 487 * Meanwhile, the kernel's traversal seems to have been reversed; see eg. 488 * the message, if not necessarily the code, of commit 70161ff336. 489 * Therefore the loop now establishes the inverse of the original intent. 490 * 491 * Unfortunately, we can't counteract the kernel change by reversing the 492 * loop; it would break existing command lines. 493 * 494 * In any case, the kernel makes no guarantee about the stability of 495 * enumeration order of virtio devices (as demonstrated by it changing 496 * between kernel versions). For reliable and stable identification 497 * of disks users must use UUIDs or similar mechanisms. 498 */ 499 for (i = 0; i < NUM_VIRTIO_TRANSPORTS; i++) { 500 int irq = vbi->irqmap[VIRT_MMIO] + i; 501 hwaddr base = vbi->memmap[VIRT_MMIO].base + i * size; 502 503 sysbus_create_simple("virtio-mmio", base, pic[irq]); 504 } 505 506 /* We add dtb nodes in reverse order so that they appear in the finished 507 * device tree lowest address first. 508 * 509 * Note that this mapping is independent of the loop above. The previous 510 * loop influences virtio device to virtio transport assignment, whereas 511 * this loop controls how virtio transports are laid out in the dtb. 512 */ 513 for (i = NUM_VIRTIO_TRANSPORTS - 1; i >= 0; i--) { 514 char *nodename; 515 int irq = vbi->irqmap[VIRT_MMIO] + i; 516 hwaddr base = vbi->memmap[VIRT_MMIO].base + i * size; 517 518 nodename = g_strdup_printf("/virtio_mmio@%" PRIx64, base); 519 qemu_fdt_add_subnode(vbi->fdt, nodename); 520 qemu_fdt_setprop_string(vbi->fdt, nodename, 521 "compatible", "virtio,mmio"); 522 qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg", 523 2, base, 2, size); 524 qemu_fdt_setprop_cells(vbi->fdt, nodename, "interrupts", 525 GIC_FDT_IRQ_TYPE_SPI, irq, 526 GIC_FDT_IRQ_FLAGS_EDGE_LO_HI); 527 g_free(nodename); 528 } 529 } 530 531 static void create_one_flash(const char *name, hwaddr flashbase, 532 hwaddr flashsize) 533 { 534 /* Create and map a single flash device. We use the same 535 * parameters as the flash devices on the Versatile Express board. 536 */ 537 DriveInfo *dinfo = drive_get_next(IF_PFLASH); 538 DeviceState *dev = qdev_create(NULL, "cfi.pflash01"); 539 const uint64_t sectorlength = 256 * 1024; 540 541 if (dinfo) { 542 qdev_prop_set_drive(dev, "drive", blk_by_legacy_dinfo(dinfo), 543 &error_abort); 544 } 545 546 qdev_prop_set_uint32(dev, "num-blocks", flashsize / sectorlength); 547 qdev_prop_set_uint64(dev, "sector-length", sectorlength); 548 qdev_prop_set_uint8(dev, "width", 4); 549 qdev_prop_set_uint8(dev, "device-width", 2); 550 qdev_prop_set_uint8(dev, "big-endian", 0); 551 qdev_prop_set_uint16(dev, "id0", 0x89); 552 qdev_prop_set_uint16(dev, "id1", 0x18); 553 qdev_prop_set_uint16(dev, "id2", 0x00); 554 qdev_prop_set_uint16(dev, "id3", 0x00); 555 qdev_prop_set_string(dev, "name", name); 556 qdev_init_nofail(dev); 557 558 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, flashbase); 559 } 560 561 static void create_flash(const VirtBoardInfo *vbi) 562 { 563 /* Create two flash devices to fill the VIRT_FLASH space in the memmap. 564 * Any file passed via -bios goes in the first of these. 565 */ 566 hwaddr flashsize = vbi->memmap[VIRT_FLASH].size / 2; 567 hwaddr flashbase = vbi->memmap[VIRT_FLASH].base; 568 char *nodename; 569 570 if (bios_name) { 571 char *fn; 572 int image_size; 573 574 if (drive_get(IF_PFLASH, 0, 0)) { 575 error_report("The contents of the first flash device may be " 576 "specified with -bios or with -drive if=pflash... " 577 "but you cannot use both options at once"); 578 exit(1); 579 } 580 fn = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name); 581 if (!fn) { 582 error_report("Could not find ROM image '%s'", bios_name); 583 exit(1); 584 } 585 image_size = load_image_targphys(fn, flashbase, flashsize); 586 g_free(fn); 587 if (image_size < 0) { 588 error_report("Could not load ROM image '%s'", bios_name); 589 exit(1); 590 } 591 } 592 593 create_one_flash("virt.flash0", flashbase, flashsize); 594 create_one_flash("virt.flash1", flashbase + flashsize, flashsize); 595 596 nodename = g_strdup_printf("/flash@%" PRIx64, flashbase); 597 qemu_fdt_add_subnode(vbi->fdt, nodename); 598 qemu_fdt_setprop_string(vbi->fdt, nodename, "compatible", "cfi-flash"); 599 qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg", 600 2, flashbase, 2, flashsize, 601 2, flashbase + flashsize, 2, flashsize); 602 qemu_fdt_setprop_cell(vbi->fdt, nodename, "bank-width", 4); 603 g_free(nodename); 604 } 605 606 static void create_fw_cfg(const VirtBoardInfo *vbi) 607 { 608 hwaddr base = vbi->memmap[VIRT_FW_CFG].base; 609 hwaddr size = vbi->memmap[VIRT_FW_CFG].size; 610 char *nodename; 611 612 fw_cfg_init_mem_wide(base + 8, base, 8); 613 614 nodename = g_strdup_printf("/fw-cfg@%" PRIx64, base); 615 qemu_fdt_add_subnode(vbi->fdt, nodename); 616 qemu_fdt_setprop_string(vbi->fdt, nodename, 617 "compatible", "qemu,fw-cfg-mmio"); 618 qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg", 619 2, base, 2, size); 620 g_free(nodename); 621 } 622 623 static void create_pcie_irq_map(const VirtBoardInfo *vbi, uint32_t gic_phandle, 624 int first_irq, const char *nodename) 625 { 626 int devfn, pin; 627 uint32_t full_irq_map[4 * 4 * 10] = { 0 }; 628 uint32_t *irq_map = full_irq_map; 629 630 for (devfn = 0; devfn <= 0x18; devfn += 0x8) { 631 for (pin = 0; pin < 4; pin++) { 632 int irq_type = GIC_FDT_IRQ_TYPE_SPI; 633 int irq_nr = first_irq + ((pin + PCI_SLOT(devfn)) % PCI_NUM_PINS); 634 int irq_level = GIC_FDT_IRQ_FLAGS_LEVEL_HI; 635 int i; 636 637 uint32_t map[] = { 638 devfn << 8, 0, 0, /* devfn */ 639 pin + 1, /* PCI pin */ 640 gic_phandle, 0, 0, irq_type, irq_nr, irq_level }; /* GIC irq */ 641 642 /* Convert map to big endian */ 643 for (i = 0; i < 10; i++) { 644 irq_map[i] = cpu_to_be32(map[i]); 645 } 646 irq_map += 10; 647 } 648 } 649 650 qemu_fdt_setprop(vbi->fdt, nodename, "interrupt-map", 651 full_irq_map, sizeof(full_irq_map)); 652 653 qemu_fdt_setprop_cells(vbi->fdt, nodename, "interrupt-map-mask", 654 0x1800, 0, 0, /* devfn (PCI_SLOT(3)) */ 655 0x7 /* PCI irq */); 656 } 657 658 static void create_pcie(const VirtBoardInfo *vbi, qemu_irq *pic) 659 { 660 hwaddr base_mmio = vbi->memmap[VIRT_PCIE_MMIO].base; 661 hwaddr size_mmio = vbi->memmap[VIRT_PCIE_MMIO].size; 662 hwaddr base_pio = vbi->memmap[VIRT_PCIE_PIO].base; 663 hwaddr size_pio = vbi->memmap[VIRT_PCIE_PIO].size; 664 hwaddr base_ecam = vbi->memmap[VIRT_PCIE_ECAM].base; 665 hwaddr size_ecam = vbi->memmap[VIRT_PCIE_ECAM].size; 666 hwaddr base = base_mmio; 667 int nr_pcie_buses = size_ecam / PCIE_MMCFG_SIZE_MIN; 668 int irq = vbi->irqmap[VIRT_PCIE]; 669 MemoryRegion *mmio_alias; 670 MemoryRegion *mmio_reg; 671 MemoryRegion *ecam_alias; 672 MemoryRegion *ecam_reg; 673 DeviceState *dev; 674 char *nodename; 675 int i; 676 677 dev = qdev_create(NULL, TYPE_GPEX_HOST); 678 qdev_init_nofail(dev); 679 680 /* Map only the first size_ecam bytes of ECAM space */ 681 ecam_alias = g_new0(MemoryRegion, 1); 682 ecam_reg = sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 0); 683 memory_region_init_alias(ecam_alias, OBJECT(dev), "pcie-ecam", 684 ecam_reg, 0, size_ecam); 685 memory_region_add_subregion(get_system_memory(), base_ecam, ecam_alias); 686 687 /* Map the MMIO window into system address space so as to expose 688 * the section of PCI MMIO space which starts at the same base address 689 * (ie 1:1 mapping for that part of PCI MMIO space visible through 690 * the window). 691 */ 692 mmio_alias = g_new0(MemoryRegion, 1); 693 mmio_reg = sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 1); 694 memory_region_init_alias(mmio_alias, OBJECT(dev), "pcie-mmio", 695 mmio_reg, base_mmio, size_mmio); 696 memory_region_add_subregion(get_system_memory(), base_mmio, mmio_alias); 697 698 /* Map IO port space */ 699 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 2, base_pio); 700 701 for (i = 0; i < GPEX_NUM_IRQS; i++) { 702 sysbus_connect_irq(SYS_BUS_DEVICE(dev), i, pic[irq + i]); 703 } 704 705 nodename = g_strdup_printf("/pcie@%" PRIx64, base); 706 qemu_fdt_add_subnode(vbi->fdt, nodename); 707 qemu_fdt_setprop_string(vbi->fdt, nodename, 708 "compatible", "pci-host-ecam-generic"); 709 qemu_fdt_setprop_string(vbi->fdt, nodename, "device_type", "pci"); 710 qemu_fdt_setprop_cell(vbi->fdt, nodename, "#address-cells", 3); 711 qemu_fdt_setprop_cell(vbi->fdt, nodename, "#size-cells", 2); 712 qemu_fdt_setprop_cells(vbi->fdt, nodename, "bus-range", 0, 713 nr_pcie_buses - 1); 714 715 qemu_fdt_setprop_cells(vbi->fdt, nodename, "msi-parent", vbi->v2m_phandle); 716 717 qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg", 718 2, base_ecam, 2, size_ecam); 719 qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "ranges", 720 1, FDT_PCI_RANGE_IOPORT, 2, 0, 721 2, base_pio, 2, size_pio, 722 1, FDT_PCI_RANGE_MMIO, 2, base_mmio, 723 2, base_mmio, 2, size_mmio); 724 725 qemu_fdt_setprop_cell(vbi->fdt, nodename, "#interrupt-cells", 1); 726 create_pcie_irq_map(vbi, vbi->gic_phandle, irq, nodename); 727 728 g_free(nodename); 729 } 730 731 static void *machvirt_dtb(const struct arm_boot_info *binfo, int *fdt_size) 732 { 733 const VirtBoardInfo *board = (const VirtBoardInfo *)binfo; 734 735 *fdt_size = board->fdt_size; 736 return board->fdt; 737 } 738 739 static 740 void virt_guest_info_machine_done(Notifier *notifier, void *data) 741 { 742 VirtGuestInfoState *guest_info_state = container_of(notifier, 743 VirtGuestInfoState, machine_done); 744 virt_acpi_setup(&guest_info_state->info); 745 } 746 747 static void machvirt_init(MachineState *machine) 748 { 749 VirtMachineState *vms = VIRT_MACHINE(machine); 750 qemu_irq pic[NUM_IRQS]; 751 MemoryRegion *sysmem = get_system_memory(); 752 int n; 753 MemoryRegion *ram = g_new(MemoryRegion, 1); 754 const char *cpu_model = machine->cpu_model; 755 VirtBoardInfo *vbi; 756 VirtGuestInfoState *guest_info_state = g_malloc0(sizeof *guest_info_state); 757 VirtGuestInfo *guest_info = &guest_info_state->info; 758 char **cpustr; 759 760 if (!cpu_model) { 761 cpu_model = "cortex-a15"; 762 } 763 764 /* Separate the actual CPU model name from any appended features */ 765 cpustr = g_strsplit(cpu_model, ",", 2); 766 767 vbi = find_machine_info(cpustr[0]); 768 769 if (!vbi) { 770 error_report("mach-virt: CPU %s not supported", cpustr[0]); 771 exit(1); 772 } 773 774 vbi->smp_cpus = smp_cpus; 775 776 if (machine->ram_size > vbi->memmap[VIRT_MEM].size) { 777 error_report("mach-virt: cannot model more than 30GB RAM"); 778 exit(1); 779 } 780 781 create_fdt(vbi); 782 783 for (n = 0; n < smp_cpus; n++) { 784 ObjectClass *oc = cpu_class_by_name(TYPE_ARM_CPU, cpustr[0]); 785 CPUClass *cc = CPU_CLASS(oc); 786 Object *cpuobj; 787 Error *err = NULL; 788 char *cpuopts = g_strdup(cpustr[1]); 789 790 if (!oc) { 791 fprintf(stderr, "Unable to find CPU definition\n"); 792 exit(1); 793 } 794 cpuobj = object_new(object_class_get_name(oc)); 795 796 /* Handle any CPU options specified by the user */ 797 cc->parse_features(CPU(cpuobj), cpuopts, &err); 798 g_free(cpuopts); 799 if (err) { 800 error_report_err(err); 801 exit(1); 802 } 803 804 if (!vms->secure) { 805 object_property_set_bool(cpuobj, false, "has_el3", NULL); 806 } 807 808 object_property_set_int(cpuobj, QEMU_PSCI_CONDUIT_HVC, "psci-conduit", 809 NULL); 810 811 /* Secondary CPUs start in PSCI powered-down state */ 812 if (n > 0) { 813 object_property_set_bool(cpuobj, true, "start-powered-off", NULL); 814 } 815 816 if (object_property_find(cpuobj, "reset-cbar", NULL)) { 817 object_property_set_int(cpuobj, vbi->memmap[VIRT_CPUPERIPHS].base, 818 "reset-cbar", &error_abort); 819 } 820 821 object_property_set_bool(cpuobj, true, "realized", NULL); 822 } 823 g_strfreev(cpustr); 824 fdt_add_timer_nodes(vbi); 825 fdt_add_cpu_nodes(vbi); 826 fdt_add_psci_node(vbi); 827 828 memory_region_allocate_system_memory(ram, NULL, "mach-virt.ram", 829 machine->ram_size); 830 memory_region_add_subregion(sysmem, vbi->memmap[VIRT_MEM].base, ram); 831 832 create_flash(vbi); 833 834 create_gic(vbi, pic); 835 836 create_uart(vbi, pic); 837 838 create_rtc(vbi, pic); 839 840 create_pcie(vbi, pic); 841 842 /* Create mmio transports, so the user can create virtio backends 843 * (which will be automatically plugged in to the transports). If 844 * no backend is created the transport will just sit harmlessly idle. 845 */ 846 create_virtio_devices(vbi, pic); 847 848 create_fw_cfg(vbi); 849 rom_set_fw(fw_cfg_find()); 850 851 guest_info->smp_cpus = smp_cpus; 852 guest_info->fw_cfg = fw_cfg_find(); 853 guest_info->memmap = vbi->memmap; 854 guest_info->irqmap = vbi->irqmap; 855 guest_info_state->machine_done.notify = virt_guest_info_machine_done; 856 qemu_add_machine_init_done_notifier(&guest_info_state->machine_done); 857 858 vbi->bootinfo.ram_size = machine->ram_size; 859 vbi->bootinfo.kernel_filename = machine->kernel_filename; 860 vbi->bootinfo.kernel_cmdline = machine->kernel_cmdline; 861 vbi->bootinfo.initrd_filename = machine->initrd_filename; 862 vbi->bootinfo.nb_cpus = smp_cpus; 863 vbi->bootinfo.board_id = -1; 864 vbi->bootinfo.loader_start = vbi->memmap[VIRT_MEM].base; 865 vbi->bootinfo.get_dtb = machvirt_dtb; 866 vbi->bootinfo.firmware_loaded = bios_name || drive_get(IF_PFLASH, 0, 0); 867 arm_load_kernel(ARM_CPU(first_cpu), &vbi->bootinfo); 868 } 869 870 static bool virt_get_secure(Object *obj, Error **errp) 871 { 872 VirtMachineState *vms = VIRT_MACHINE(obj); 873 874 return vms->secure; 875 } 876 877 static void virt_set_secure(Object *obj, bool value, Error **errp) 878 { 879 VirtMachineState *vms = VIRT_MACHINE(obj); 880 881 vms->secure = value; 882 } 883 884 static void virt_instance_init(Object *obj) 885 { 886 VirtMachineState *vms = VIRT_MACHINE(obj); 887 888 /* EL3 is enabled by default on virt */ 889 vms->secure = true; 890 object_property_add_bool(obj, "secure", virt_get_secure, 891 virt_set_secure, NULL); 892 object_property_set_description(obj, "secure", 893 "Set on/off to enable/disable the ARM " 894 "Security Extensions (TrustZone)", 895 NULL); 896 } 897 898 static void virt_class_init(ObjectClass *oc, void *data) 899 { 900 MachineClass *mc = MACHINE_CLASS(oc); 901 902 mc->name = TYPE_VIRT_MACHINE; 903 mc->desc = "ARM Virtual Machine", 904 mc->init = machvirt_init; 905 mc->max_cpus = 8; 906 } 907 908 static const TypeInfo machvirt_info = { 909 .name = TYPE_VIRT_MACHINE, 910 .parent = TYPE_MACHINE, 911 .instance_size = sizeof(VirtMachineState), 912 .instance_init = virt_instance_init, 913 .class_size = sizeof(VirtMachineClass), 914 .class_init = virt_class_init, 915 }; 916 917 static void machvirt_machine_init(void) 918 { 919 type_register_static(&machvirt_info); 920 } 921 922 machine_init(machvirt_machine_init); 923