1 /* 2 * ARM mach-virt emulation 3 * 4 * Copyright (c) 2013 Linaro Limited 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms and conditions of the GNU General Public License, 8 * version 2 or later, as published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 13 * more details. 14 * 15 * You should have received a copy of the GNU General Public License along with 16 * this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 * Emulate a virtual board which works by passing Linux all the information 19 * it needs about what devices are present via the device tree. 20 * There are some restrictions about what we can do here: 21 * + we can only present devices whose Linux drivers will work based 22 * purely on the device tree with no platform data at all 23 * + we want to present a very stripped-down minimalist platform, 24 * both because this reduces the security attack surface from the guest 25 * and also because it reduces our exposure to being broken when 26 * the kernel updates its device tree bindings and requires further 27 * information in a device binding that we aren't providing. 28 * This is essentially the same approach kvmtool uses. 29 */ 30 31 #include "hw/sysbus.h" 32 #include "hw/arm/arm.h" 33 #include "hw/arm/primecell.h" 34 #include "hw/devices.h" 35 #include "net/net.h" 36 #include "sysemu/block-backend.h" 37 #include "sysemu/device_tree.h" 38 #include "sysemu/sysemu.h" 39 #include "sysemu/kvm.h" 40 #include "hw/boards.h" 41 #include "hw/loader.h" 42 #include "exec/address-spaces.h" 43 #include "qemu/bitops.h" 44 #include "qemu/error-report.h" 45 46 #define NUM_VIRTIO_TRANSPORTS 32 47 48 /* Number of external interrupt lines to configure the GIC with */ 49 #define NUM_IRQS 128 50 51 #define GIC_FDT_IRQ_TYPE_SPI 0 52 #define GIC_FDT_IRQ_TYPE_PPI 1 53 54 #define GIC_FDT_IRQ_FLAGS_EDGE_LO_HI 1 55 #define GIC_FDT_IRQ_FLAGS_EDGE_HI_LO 2 56 #define GIC_FDT_IRQ_FLAGS_LEVEL_HI 4 57 #define GIC_FDT_IRQ_FLAGS_LEVEL_LO 8 58 59 #define GIC_FDT_IRQ_PPI_CPU_START 8 60 #define GIC_FDT_IRQ_PPI_CPU_WIDTH 8 61 62 enum { 63 VIRT_FLASH, 64 VIRT_MEM, 65 VIRT_CPUPERIPHS, 66 VIRT_GIC_DIST, 67 VIRT_GIC_CPU, 68 VIRT_UART, 69 VIRT_MMIO, 70 VIRT_RTC, 71 VIRT_FW_CFG, 72 }; 73 74 typedef struct MemMapEntry { 75 hwaddr base; 76 hwaddr size; 77 } MemMapEntry; 78 79 typedef struct VirtBoardInfo { 80 struct arm_boot_info bootinfo; 81 const char *cpu_model; 82 const MemMapEntry *memmap; 83 const int *irqmap; 84 int smp_cpus; 85 void *fdt; 86 int fdt_size; 87 uint32_t clock_phandle; 88 } VirtBoardInfo; 89 90 typedef struct { 91 MachineClass parent; 92 VirtBoardInfo *daughterboard; 93 } VirtMachineClass; 94 95 typedef struct { 96 MachineState parent; 97 bool secure; 98 } VirtMachineState; 99 100 #define TYPE_VIRT_MACHINE "virt" 101 #define VIRT_MACHINE(obj) \ 102 OBJECT_CHECK(VirtMachineState, (obj), TYPE_VIRT_MACHINE) 103 #define VIRT_MACHINE_GET_CLASS(obj) \ 104 OBJECT_GET_CLASS(VirtMachineClass, obj, TYPE_VIRT_MACHINE) 105 #define VIRT_MACHINE_CLASS(klass) \ 106 OBJECT_CLASS_CHECK(VirtMachineClass, klass, TYPE_VIRT_MACHINE) 107 108 /* Addresses and sizes of our components. 109 * 0..128MB is space for a flash device so we can run bootrom code such as UEFI. 110 * 128MB..256MB is used for miscellaneous device I/O. 111 * 256MB..1GB is reserved for possible future PCI support (ie where the 112 * PCI memory window will go if we add a PCI host controller). 113 * 1GB and up is RAM (which may happily spill over into the 114 * high memory region beyond 4GB). 115 * This represents a compromise between how much RAM can be given to 116 * a 32 bit VM and leaving space for expansion and in particular for PCI. 117 * Note that devices should generally be placed at multiples of 0x10000, 118 * to accommodate guests using 64K pages. 119 */ 120 static const MemMapEntry a15memmap[] = { 121 /* Space up to 0x8000000 is reserved for a boot ROM */ 122 [VIRT_FLASH] = { 0, 0x08000000 }, 123 [VIRT_CPUPERIPHS] = { 0x08000000, 0x00020000 }, 124 /* GIC distributor and CPU interfaces sit inside the CPU peripheral space */ 125 [VIRT_GIC_DIST] = { 0x08000000, 0x00010000 }, 126 [VIRT_GIC_CPU] = { 0x08010000, 0x00010000 }, 127 [VIRT_UART] = { 0x09000000, 0x00001000 }, 128 [VIRT_RTC] = { 0x09010000, 0x00001000 }, 129 [VIRT_FW_CFG] = { 0x09020000, 0x0000000a }, 130 [VIRT_MMIO] = { 0x0a000000, 0x00000200 }, 131 /* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that size */ 132 /* 0x10000000 .. 0x40000000 reserved for PCI */ 133 [VIRT_MEM] = { 0x40000000, 30ULL * 1024 * 1024 * 1024 }, 134 }; 135 136 static const int a15irqmap[] = { 137 [VIRT_UART] = 1, 138 [VIRT_RTC] = 2, 139 [VIRT_MMIO] = 16, /* ...to 16 + NUM_VIRTIO_TRANSPORTS - 1 */ 140 }; 141 142 static VirtBoardInfo machines[] = { 143 { 144 .cpu_model = "cortex-a15", 145 .memmap = a15memmap, 146 .irqmap = a15irqmap, 147 }, 148 { 149 .cpu_model = "cortex-a57", 150 .memmap = a15memmap, 151 .irqmap = a15irqmap, 152 }, 153 { 154 .cpu_model = "host", 155 .memmap = a15memmap, 156 .irqmap = a15irqmap, 157 }, 158 }; 159 160 static VirtBoardInfo *find_machine_info(const char *cpu) 161 { 162 int i; 163 164 for (i = 0; i < ARRAY_SIZE(machines); i++) { 165 if (strcmp(cpu, machines[i].cpu_model) == 0) { 166 return &machines[i]; 167 } 168 } 169 return NULL; 170 } 171 172 static void create_fdt(VirtBoardInfo *vbi) 173 { 174 void *fdt = create_device_tree(&vbi->fdt_size); 175 176 if (!fdt) { 177 error_report("create_device_tree() failed"); 178 exit(1); 179 } 180 181 vbi->fdt = fdt; 182 183 /* Header */ 184 qemu_fdt_setprop_string(fdt, "/", "compatible", "linux,dummy-virt"); 185 qemu_fdt_setprop_cell(fdt, "/", "#address-cells", 0x2); 186 qemu_fdt_setprop_cell(fdt, "/", "#size-cells", 0x2); 187 188 /* 189 * /chosen and /memory nodes must exist for load_dtb 190 * to fill in necessary properties later 191 */ 192 qemu_fdt_add_subnode(fdt, "/chosen"); 193 qemu_fdt_add_subnode(fdt, "/memory"); 194 qemu_fdt_setprop_string(fdt, "/memory", "device_type", "memory"); 195 196 /* Clock node, for the benefit of the UART. The kernel device tree 197 * binding documentation claims the PL011 node clock properties are 198 * optional but in practice if you omit them the kernel refuses to 199 * probe for the device. 200 */ 201 vbi->clock_phandle = qemu_fdt_alloc_phandle(fdt); 202 qemu_fdt_add_subnode(fdt, "/apb-pclk"); 203 qemu_fdt_setprop_string(fdt, "/apb-pclk", "compatible", "fixed-clock"); 204 qemu_fdt_setprop_cell(fdt, "/apb-pclk", "#clock-cells", 0x0); 205 qemu_fdt_setprop_cell(fdt, "/apb-pclk", "clock-frequency", 24000000); 206 qemu_fdt_setprop_string(fdt, "/apb-pclk", "clock-output-names", 207 "clk24mhz"); 208 qemu_fdt_setprop_cell(fdt, "/apb-pclk", "phandle", vbi->clock_phandle); 209 210 } 211 212 static void fdt_add_psci_node(const VirtBoardInfo *vbi) 213 { 214 uint32_t cpu_suspend_fn; 215 uint32_t cpu_off_fn; 216 uint32_t cpu_on_fn; 217 uint32_t migrate_fn; 218 void *fdt = vbi->fdt; 219 ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(0)); 220 221 qemu_fdt_add_subnode(fdt, "/psci"); 222 if (armcpu->psci_version == 2) { 223 const char comp[] = "arm,psci-0.2\0arm,psci"; 224 qemu_fdt_setprop(fdt, "/psci", "compatible", comp, sizeof(comp)); 225 226 cpu_off_fn = QEMU_PSCI_0_2_FN_CPU_OFF; 227 if (arm_feature(&armcpu->env, ARM_FEATURE_AARCH64)) { 228 cpu_suspend_fn = QEMU_PSCI_0_2_FN64_CPU_SUSPEND; 229 cpu_on_fn = QEMU_PSCI_0_2_FN64_CPU_ON; 230 migrate_fn = QEMU_PSCI_0_2_FN64_MIGRATE; 231 } else { 232 cpu_suspend_fn = QEMU_PSCI_0_2_FN_CPU_SUSPEND; 233 cpu_on_fn = QEMU_PSCI_0_2_FN_CPU_ON; 234 migrate_fn = QEMU_PSCI_0_2_FN_MIGRATE; 235 } 236 } else { 237 qemu_fdt_setprop_string(fdt, "/psci", "compatible", "arm,psci"); 238 239 cpu_suspend_fn = QEMU_PSCI_0_1_FN_CPU_SUSPEND; 240 cpu_off_fn = QEMU_PSCI_0_1_FN_CPU_OFF; 241 cpu_on_fn = QEMU_PSCI_0_1_FN_CPU_ON; 242 migrate_fn = QEMU_PSCI_0_1_FN_MIGRATE; 243 } 244 245 /* We adopt the PSCI spec's nomenclature, and use 'conduit' to refer 246 * to the instruction that should be used to invoke PSCI functions. 247 * However, the device tree binding uses 'method' instead, so that is 248 * what we should use here. 249 */ 250 qemu_fdt_setprop_string(fdt, "/psci", "method", "hvc"); 251 252 qemu_fdt_setprop_cell(fdt, "/psci", "cpu_suspend", cpu_suspend_fn); 253 qemu_fdt_setprop_cell(fdt, "/psci", "cpu_off", cpu_off_fn); 254 qemu_fdt_setprop_cell(fdt, "/psci", "cpu_on", cpu_on_fn); 255 qemu_fdt_setprop_cell(fdt, "/psci", "migrate", migrate_fn); 256 } 257 258 static void fdt_add_timer_nodes(const VirtBoardInfo *vbi) 259 { 260 /* Note that on A15 h/w these interrupts are level-triggered, 261 * but for the GIC implementation provided by both QEMU and KVM 262 * they are edge-triggered. 263 */ 264 ARMCPU *armcpu; 265 uint32_t irqflags = GIC_FDT_IRQ_FLAGS_EDGE_LO_HI; 266 267 irqflags = deposit32(irqflags, GIC_FDT_IRQ_PPI_CPU_START, 268 GIC_FDT_IRQ_PPI_CPU_WIDTH, (1 << vbi->smp_cpus) - 1); 269 270 qemu_fdt_add_subnode(vbi->fdt, "/timer"); 271 272 armcpu = ARM_CPU(qemu_get_cpu(0)); 273 if (arm_feature(&armcpu->env, ARM_FEATURE_V8)) { 274 const char compat[] = "arm,armv8-timer\0arm,armv7-timer"; 275 qemu_fdt_setprop(vbi->fdt, "/timer", "compatible", 276 compat, sizeof(compat)); 277 } else { 278 qemu_fdt_setprop_string(vbi->fdt, "/timer", "compatible", 279 "arm,armv7-timer"); 280 } 281 qemu_fdt_setprop_cells(vbi->fdt, "/timer", "interrupts", 282 GIC_FDT_IRQ_TYPE_PPI, 13, irqflags, 283 GIC_FDT_IRQ_TYPE_PPI, 14, irqflags, 284 GIC_FDT_IRQ_TYPE_PPI, 11, irqflags, 285 GIC_FDT_IRQ_TYPE_PPI, 10, irqflags); 286 } 287 288 static void fdt_add_cpu_nodes(const VirtBoardInfo *vbi) 289 { 290 int cpu; 291 292 qemu_fdt_add_subnode(vbi->fdt, "/cpus"); 293 qemu_fdt_setprop_cell(vbi->fdt, "/cpus", "#address-cells", 0x1); 294 qemu_fdt_setprop_cell(vbi->fdt, "/cpus", "#size-cells", 0x0); 295 296 for (cpu = vbi->smp_cpus - 1; cpu >= 0; cpu--) { 297 char *nodename = g_strdup_printf("/cpus/cpu@%d", cpu); 298 ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(cpu)); 299 300 qemu_fdt_add_subnode(vbi->fdt, nodename); 301 qemu_fdt_setprop_string(vbi->fdt, nodename, "device_type", "cpu"); 302 qemu_fdt_setprop_string(vbi->fdt, nodename, "compatible", 303 armcpu->dtb_compatible); 304 305 if (vbi->smp_cpus > 1) { 306 qemu_fdt_setprop_string(vbi->fdt, nodename, 307 "enable-method", "psci"); 308 } 309 310 qemu_fdt_setprop_cell(vbi->fdt, nodename, "reg", cpu); 311 g_free(nodename); 312 } 313 } 314 315 static void fdt_add_gic_node(const VirtBoardInfo *vbi) 316 { 317 uint32_t gic_phandle; 318 319 gic_phandle = qemu_fdt_alloc_phandle(vbi->fdt); 320 qemu_fdt_setprop_cell(vbi->fdt, "/", "interrupt-parent", gic_phandle); 321 322 qemu_fdt_add_subnode(vbi->fdt, "/intc"); 323 /* 'cortex-a15-gic' means 'GIC v2' */ 324 qemu_fdt_setprop_string(vbi->fdt, "/intc", "compatible", 325 "arm,cortex-a15-gic"); 326 qemu_fdt_setprop_cell(vbi->fdt, "/intc", "#interrupt-cells", 3); 327 qemu_fdt_setprop(vbi->fdt, "/intc", "interrupt-controller", NULL, 0); 328 qemu_fdt_setprop_sized_cells(vbi->fdt, "/intc", "reg", 329 2, vbi->memmap[VIRT_GIC_DIST].base, 330 2, vbi->memmap[VIRT_GIC_DIST].size, 331 2, vbi->memmap[VIRT_GIC_CPU].base, 332 2, vbi->memmap[VIRT_GIC_CPU].size); 333 qemu_fdt_setprop_cell(vbi->fdt, "/intc", "phandle", gic_phandle); 334 } 335 336 static void create_gic(const VirtBoardInfo *vbi, qemu_irq *pic) 337 { 338 /* We create a standalone GIC v2 */ 339 DeviceState *gicdev; 340 SysBusDevice *gicbusdev; 341 const char *gictype = "arm_gic"; 342 int i; 343 344 if (kvm_irqchip_in_kernel()) { 345 gictype = "kvm-arm-gic"; 346 } 347 348 gicdev = qdev_create(NULL, gictype); 349 qdev_prop_set_uint32(gicdev, "revision", 2); 350 qdev_prop_set_uint32(gicdev, "num-cpu", smp_cpus); 351 /* Note that the num-irq property counts both internal and external 352 * interrupts; there are always 32 of the former (mandated by GIC spec). 353 */ 354 qdev_prop_set_uint32(gicdev, "num-irq", NUM_IRQS + 32); 355 qdev_init_nofail(gicdev); 356 gicbusdev = SYS_BUS_DEVICE(gicdev); 357 sysbus_mmio_map(gicbusdev, 0, vbi->memmap[VIRT_GIC_DIST].base); 358 sysbus_mmio_map(gicbusdev, 1, vbi->memmap[VIRT_GIC_CPU].base); 359 360 /* Wire the outputs from each CPU's generic timer to the 361 * appropriate GIC PPI inputs, and the GIC's IRQ output to 362 * the CPU's IRQ input. 363 */ 364 for (i = 0; i < smp_cpus; i++) { 365 DeviceState *cpudev = DEVICE(qemu_get_cpu(i)); 366 int ppibase = NUM_IRQS + i * 32; 367 /* physical timer; we wire it up to the non-secure timer's ID, 368 * since a real A15 always has TrustZone but QEMU doesn't. 369 */ 370 qdev_connect_gpio_out(cpudev, 0, 371 qdev_get_gpio_in(gicdev, ppibase + 30)); 372 /* virtual timer */ 373 qdev_connect_gpio_out(cpudev, 1, 374 qdev_get_gpio_in(gicdev, ppibase + 27)); 375 376 sysbus_connect_irq(gicbusdev, i, qdev_get_gpio_in(cpudev, ARM_CPU_IRQ)); 377 } 378 379 for (i = 0; i < NUM_IRQS; i++) { 380 pic[i] = qdev_get_gpio_in(gicdev, i); 381 } 382 383 fdt_add_gic_node(vbi); 384 } 385 386 static void create_uart(const VirtBoardInfo *vbi, qemu_irq *pic) 387 { 388 char *nodename; 389 hwaddr base = vbi->memmap[VIRT_UART].base; 390 hwaddr size = vbi->memmap[VIRT_UART].size; 391 int irq = vbi->irqmap[VIRT_UART]; 392 const char compat[] = "arm,pl011\0arm,primecell"; 393 const char clocknames[] = "uartclk\0apb_pclk"; 394 395 sysbus_create_simple("pl011", base, pic[irq]); 396 397 nodename = g_strdup_printf("/pl011@%" PRIx64, base); 398 qemu_fdt_add_subnode(vbi->fdt, nodename); 399 /* Note that we can't use setprop_string because of the embedded NUL */ 400 qemu_fdt_setprop(vbi->fdt, nodename, "compatible", 401 compat, sizeof(compat)); 402 qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg", 403 2, base, 2, size); 404 qemu_fdt_setprop_cells(vbi->fdt, nodename, "interrupts", 405 GIC_FDT_IRQ_TYPE_SPI, irq, 406 GIC_FDT_IRQ_FLAGS_LEVEL_HI); 407 qemu_fdt_setprop_cells(vbi->fdt, nodename, "clocks", 408 vbi->clock_phandle, vbi->clock_phandle); 409 qemu_fdt_setprop(vbi->fdt, nodename, "clock-names", 410 clocknames, sizeof(clocknames)); 411 412 qemu_fdt_setprop_string(vbi->fdt, "/chosen", "stdout-path", nodename); 413 g_free(nodename); 414 } 415 416 static void create_rtc(const VirtBoardInfo *vbi, qemu_irq *pic) 417 { 418 char *nodename; 419 hwaddr base = vbi->memmap[VIRT_RTC].base; 420 hwaddr size = vbi->memmap[VIRT_RTC].size; 421 int irq = vbi->irqmap[VIRT_RTC]; 422 const char compat[] = "arm,pl031\0arm,primecell"; 423 424 sysbus_create_simple("pl031", base, pic[irq]); 425 426 nodename = g_strdup_printf("/pl031@%" PRIx64, base); 427 qemu_fdt_add_subnode(vbi->fdt, nodename); 428 qemu_fdt_setprop(vbi->fdt, nodename, "compatible", compat, sizeof(compat)); 429 qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg", 430 2, base, 2, size); 431 qemu_fdt_setprop_cells(vbi->fdt, nodename, "interrupts", 432 GIC_FDT_IRQ_TYPE_SPI, irq, 433 GIC_FDT_IRQ_FLAGS_LEVEL_HI); 434 qemu_fdt_setprop_cell(vbi->fdt, nodename, "clocks", vbi->clock_phandle); 435 qemu_fdt_setprop_string(vbi->fdt, nodename, "clock-names", "apb_pclk"); 436 g_free(nodename); 437 } 438 439 static void create_virtio_devices(const VirtBoardInfo *vbi, qemu_irq *pic) 440 { 441 int i; 442 hwaddr size = vbi->memmap[VIRT_MMIO].size; 443 444 /* We create the transports in forwards order. Since qbus_realize() 445 * prepends (not appends) new child buses, the incrementing loop below will 446 * create a list of virtio-mmio buses with decreasing base addresses. 447 * 448 * When a -device option is processed from the command line, 449 * qbus_find_recursive() picks the next free virtio-mmio bus in forwards 450 * order. The upshot is that -device options in increasing command line 451 * order are mapped to virtio-mmio buses with decreasing base addresses. 452 * 453 * When this code was originally written, that arrangement ensured that the 454 * guest Linux kernel would give the lowest "name" (/dev/vda, eth0, etc) to 455 * the first -device on the command line. (The end-to-end order is a 456 * function of this loop, qbus_realize(), qbus_find_recursive(), and the 457 * guest kernel's name-to-address assignment strategy.) 458 * 459 * Meanwhile, the kernel's traversal seems to have been reversed; see eg. 460 * the message, if not necessarily the code, of commit 70161ff336. 461 * Therefore the loop now establishes the inverse of the original intent. 462 * 463 * Unfortunately, we can't counteract the kernel change by reversing the 464 * loop; it would break existing command lines. 465 * 466 * In any case, the kernel makes no guarantee about the stability of 467 * enumeration order of virtio devices (as demonstrated by it changing 468 * between kernel versions). For reliable and stable identification 469 * of disks users must use UUIDs or similar mechanisms. 470 */ 471 for (i = 0; i < NUM_VIRTIO_TRANSPORTS; i++) { 472 int irq = vbi->irqmap[VIRT_MMIO] + i; 473 hwaddr base = vbi->memmap[VIRT_MMIO].base + i * size; 474 475 sysbus_create_simple("virtio-mmio", base, pic[irq]); 476 } 477 478 /* We add dtb nodes in reverse order so that they appear in the finished 479 * device tree lowest address first. 480 * 481 * Note that this mapping is independent of the loop above. The previous 482 * loop influences virtio device to virtio transport assignment, whereas 483 * this loop controls how virtio transports are laid out in the dtb. 484 */ 485 for (i = NUM_VIRTIO_TRANSPORTS - 1; i >= 0; i--) { 486 char *nodename; 487 int irq = vbi->irqmap[VIRT_MMIO] + i; 488 hwaddr base = vbi->memmap[VIRT_MMIO].base + i * size; 489 490 nodename = g_strdup_printf("/virtio_mmio@%" PRIx64, base); 491 qemu_fdt_add_subnode(vbi->fdt, nodename); 492 qemu_fdt_setprop_string(vbi->fdt, nodename, 493 "compatible", "virtio,mmio"); 494 qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg", 495 2, base, 2, size); 496 qemu_fdt_setprop_cells(vbi->fdt, nodename, "interrupts", 497 GIC_FDT_IRQ_TYPE_SPI, irq, 498 GIC_FDT_IRQ_FLAGS_EDGE_LO_HI); 499 g_free(nodename); 500 } 501 } 502 503 static void create_one_flash(const char *name, hwaddr flashbase, 504 hwaddr flashsize) 505 { 506 /* Create and map a single flash device. We use the same 507 * parameters as the flash devices on the Versatile Express board. 508 */ 509 DriveInfo *dinfo = drive_get_next(IF_PFLASH); 510 DeviceState *dev = qdev_create(NULL, "cfi.pflash01"); 511 const uint64_t sectorlength = 256 * 1024; 512 513 if (dinfo && qdev_prop_set_drive(dev, "drive", 514 blk_by_legacy_dinfo(dinfo))) { 515 abort(); 516 } 517 518 qdev_prop_set_uint32(dev, "num-blocks", flashsize / sectorlength); 519 qdev_prop_set_uint64(dev, "sector-length", sectorlength); 520 qdev_prop_set_uint8(dev, "width", 4); 521 qdev_prop_set_uint8(dev, "device-width", 2); 522 qdev_prop_set_uint8(dev, "big-endian", 0); 523 qdev_prop_set_uint16(dev, "id0", 0x89); 524 qdev_prop_set_uint16(dev, "id1", 0x18); 525 qdev_prop_set_uint16(dev, "id2", 0x00); 526 qdev_prop_set_uint16(dev, "id3", 0x00); 527 qdev_prop_set_string(dev, "name", name); 528 qdev_init_nofail(dev); 529 530 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, flashbase); 531 } 532 533 static void create_flash(const VirtBoardInfo *vbi) 534 { 535 /* Create two flash devices to fill the VIRT_FLASH space in the memmap. 536 * Any file passed via -bios goes in the first of these. 537 */ 538 hwaddr flashsize = vbi->memmap[VIRT_FLASH].size / 2; 539 hwaddr flashbase = vbi->memmap[VIRT_FLASH].base; 540 char *nodename; 541 542 if (bios_name) { 543 const char *fn; 544 545 if (drive_get(IF_PFLASH, 0, 0)) { 546 error_report("The contents of the first flash device may be " 547 "specified with -bios or with -drive if=pflash... " 548 "but you cannot use both options at once"); 549 exit(1); 550 } 551 fn = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name); 552 if (!fn || load_image_targphys(fn, flashbase, flashsize) < 0) { 553 error_report("Could not load ROM image '%s'", bios_name); 554 exit(1); 555 } 556 } 557 558 create_one_flash("virt.flash0", flashbase, flashsize); 559 create_one_flash("virt.flash1", flashbase + flashsize, flashsize); 560 561 nodename = g_strdup_printf("/flash@%" PRIx64, flashbase); 562 qemu_fdt_add_subnode(vbi->fdt, nodename); 563 qemu_fdt_setprop_string(vbi->fdt, nodename, "compatible", "cfi-flash"); 564 qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg", 565 2, flashbase, 2, flashsize, 566 2, flashbase + flashsize, 2, flashsize); 567 qemu_fdt_setprop_cell(vbi->fdt, nodename, "bank-width", 4); 568 g_free(nodename); 569 } 570 571 static void create_fw_cfg(const VirtBoardInfo *vbi) 572 { 573 hwaddr base = vbi->memmap[VIRT_FW_CFG].base; 574 hwaddr size = vbi->memmap[VIRT_FW_CFG].size; 575 char *nodename; 576 577 fw_cfg_init_mem_wide(base + 8, base, 8); 578 579 nodename = g_strdup_printf("/fw-cfg@%" PRIx64, base); 580 qemu_fdt_add_subnode(vbi->fdt, nodename); 581 qemu_fdt_setprop_string(vbi->fdt, nodename, 582 "compatible", "qemu,fw-cfg-mmio"); 583 qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg", 584 2, base, 2, size); 585 g_free(nodename); 586 } 587 588 static void *machvirt_dtb(const struct arm_boot_info *binfo, int *fdt_size) 589 { 590 const VirtBoardInfo *board = (const VirtBoardInfo *)binfo; 591 592 *fdt_size = board->fdt_size; 593 return board->fdt; 594 } 595 596 static void machvirt_init(MachineState *machine) 597 { 598 VirtMachineState *vms = VIRT_MACHINE(machine); 599 qemu_irq pic[NUM_IRQS]; 600 MemoryRegion *sysmem = get_system_memory(); 601 int n; 602 MemoryRegion *ram = g_new(MemoryRegion, 1); 603 const char *cpu_model = machine->cpu_model; 604 VirtBoardInfo *vbi; 605 606 if (!cpu_model) { 607 cpu_model = "cortex-a15"; 608 } 609 610 vbi = find_machine_info(cpu_model); 611 612 if (!vbi) { 613 error_report("mach-virt: CPU %s not supported", cpu_model); 614 exit(1); 615 } 616 617 vbi->smp_cpus = smp_cpus; 618 619 if (machine->ram_size > vbi->memmap[VIRT_MEM].size) { 620 error_report("mach-virt: cannot model more than 30GB RAM"); 621 exit(1); 622 } 623 624 create_fdt(vbi); 625 626 for (n = 0; n < smp_cpus; n++) { 627 ObjectClass *oc = cpu_class_by_name(TYPE_ARM_CPU, cpu_model); 628 Object *cpuobj; 629 630 if (!oc) { 631 fprintf(stderr, "Unable to find CPU definition\n"); 632 exit(1); 633 } 634 cpuobj = object_new(object_class_get_name(oc)); 635 636 if (!vms->secure) { 637 object_property_set_bool(cpuobj, false, "has_el3", NULL); 638 } 639 640 object_property_set_int(cpuobj, QEMU_PSCI_CONDUIT_HVC, "psci-conduit", 641 NULL); 642 643 /* Secondary CPUs start in PSCI powered-down state */ 644 if (n > 0) { 645 object_property_set_bool(cpuobj, true, "start-powered-off", NULL); 646 } 647 648 if (object_property_find(cpuobj, "reset-cbar", NULL)) { 649 object_property_set_int(cpuobj, vbi->memmap[VIRT_CPUPERIPHS].base, 650 "reset-cbar", &error_abort); 651 } 652 653 object_property_set_bool(cpuobj, true, "realized", NULL); 654 } 655 fdt_add_timer_nodes(vbi); 656 fdt_add_cpu_nodes(vbi); 657 fdt_add_psci_node(vbi); 658 659 memory_region_init_ram(ram, NULL, "mach-virt.ram", machine->ram_size, 660 &error_abort); 661 vmstate_register_ram_global(ram); 662 memory_region_add_subregion(sysmem, vbi->memmap[VIRT_MEM].base, ram); 663 664 create_flash(vbi); 665 666 create_gic(vbi, pic); 667 668 create_uart(vbi, pic); 669 670 create_rtc(vbi, pic); 671 672 /* Create mmio transports, so the user can create virtio backends 673 * (which will be automatically plugged in to the transports). If 674 * no backend is created the transport will just sit harmlessly idle. 675 */ 676 create_virtio_devices(vbi, pic); 677 678 create_fw_cfg(vbi); 679 680 vbi->bootinfo.ram_size = machine->ram_size; 681 vbi->bootinfo.kernel_filename = machine->kernel_filename; 682 vbi->bootinfo.kernel_cmdline = machine->kernel_cmdline; 683 vbi->bootinfo.initrd_filename = machine->initrd_filename; 684 vbi->bootinfo.nb_cpus = smp_cpus; 685 vbi->bootinfo.board_id = -1; 686 vbi->bootinfo.loader_start = vbi->memmap[VIRT_MEM].base; 687 vbi->bootinfo.get_dtb = machvirt_dtb; 688 vbi->bootinfo.firmware_loaded = bios_name || drive_get(IF_PFLASH, 0, 0); 689 arm_load_kernel(ARM_CPU(first_cpu), &vbi->bootinfo); 690 } 691 692 static bool virt_get_secure(Object *obj, Error **errp) 693 { 694 VirtMachineState *vms = VIRT_MACHINE(obj); 695 696 return vms->secure; 697 } 698 699 static void virt_set_secure(Object *obj, bool value, Error **errp) 700 { 701 VirtMachineState *vms = VIRT_MACHINE(obj); 702 703 vms->secure = value; 704 } 705 706 static void virt_instance_init(Object *obj) 707 { 708 VirtMachineState *vms = VIRT_MACHINE(obj); 709 710 /* EL3 is enabled by default on virt */ 711 vms->secure = true; 712 object_property_add_bool(obj, "secure", virt_get_secure, 713 virt_set_secure, NULL); 714 object_property_set_description(obj, "secure", 715 "Set on/off to enable/disable the ARM " 716 "Security Extensions (TrustZone)", 717 NULL); 718 } 719 720 static void virt_class_init(ObjectClass *oc, void *data) 721 { 722 MachineClass *mc = MACHINE_CLASS(oc); 723 724 mc->name = TYPE_VIRT_MACHINE; 725 mc->desc = "ARM Virtual Machine", 726 mc->init = machvirt_init; 727 mc->max_cpus = 8; 728 } 729 730 static const TypeInfo machvirt_info = { 731 .name = TYPE_VIRT_MACHINE, 732 .parent = TYPE_MACHINE, 733 .instance_size = sizeof(VirtMachineState), 734 .instance_init = virt_instance_init, 735 .class_size = sizeof(VirtMachineClass), 736 .class_init = virt_class_init, 737 }; 738 739 static void machvirt_machine_init(void) 740 { 741 type_register_static(&machvirt_info); 742 } 743 744 machine_init(machvirt_machine_init); 745