xref: /openbmc/qemu/hw/riscv/virt.c (revision 42fe7499)
1 /*
2  * QEMU RISC-V VirtIO Board
3  *
4  * Copyright (c) 2017 SiFive, Inc.
5  *
6  * RISC-V machine with 16550a UART and VirtIO MMIO
7  *
8  * This program is free software; you can redistribute it and/or modify it
9  * under the terms and conditions of the GNU General Public License,
10  * version 2 or later, as published by the Free Software Foundation.
11  *
12  * This program is distributed in the hope it will be useful, but WITHOUT
13  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
15  * more details.
16  *
17  * You should have received a copy of the GNU General Public License along with
18  * this program.  If not, see <http://www.gnu.org/licenses/>.
19  */
20 
21 #include "qemu/osdep.h"
22 #include "qemu/units.h"
23 #include "qemu/error-report.h"
24 #include "qemu/guest-random.h"
25 #include "qapi/error.h"
26 #include "hw/boards.h"
27 #include "hw/loader.h"
28 #include "hw/sysbus.h"
29 #include "hw/qdev-properties.h"
30 #include "hw/char/serial.h"
31 #include "target/riscv/cpu.h"
32 #include "hw/core/sysbus-fdt.h"
33 #include "target/riscv/pmu.h"
34 #include "hw/riscv/riscv_hart.h"
35 #include "hw/riscv/virt.h"
36 #include "hw/riscv/boot.h"
37 #include "hw/riscv/numa.h"
38 #include "hw/intc/riscv_aclint.h"
39 #include "hw/intc/riscv_aplic.h"
40 #include "hw/intc/riscv_imsic.h"
41 #include "hw/intc/sifive_plic.h"
42 #include "hw/misc/sifive_test.h"
43 #include "hw/platform-bus.h"
44 #include "chardev/char.h"
45 #include "sysemu/device_tree.h"
46 #include "sysemu/sysemu.h"
47 #include "sysemu/tcg.h"
48 #include "sysemu/kvm.h"
49 #include "sysemu/tpm.h"
50 #include "hw/pci/pci.h"
51 #include "hw/pci-host/gpex.h"
52 #include "hw/display/ramfb.h"
53 #include "hw/acpi/aml-build.h"
54 #include "qapi/qapi-visit-common.h"
55 
56 /*
57  * The virt machine physical address space used by some of the devices
58  * namely ACLINT, PLIC, APLIC, and IMSIC depend on number of Sockets,
59  * number of CPUs, and number of IMSIC guest files.
60  *
61  * Various limits defined by VIRT_SOCKETS_MAX_BITS, VIRT_CPUS_MAX_BITS,
62  * and VIRT_IRQCHIP_MAX_GUESTS_BITS are tuned for maximum utilization
63  * of virt machine physical address space.
64  */
65 
66 #define VIRT_IMSIC_GROUP_MAX_SIZE      (1U << IMSIC_MMIO_GROUP_MIN_SHIFT)
67 #if VIRT_IMSIC_GROUP_MAX_SIZE < \
68     IMSIC_GROUP_SIZE(VIRT_CPUS_MAX_BITS, VIRT_IRQCHIP_MAX_GUESTS_BITS)
69 #error "Can't accommodate single IMSIC group in address space"
70 #endif
71 
72 #define VIRT_IMSIC_MAX_SIZE            (VIRT_SOCKETS_MAX * \
73                                         VIRT_IMSIC_GROUP_MAX_SIZE)
74 #if 0x4000000 < VIRT_IMSIC_MAX_SIZE
75 #error "Can't accommodate all IMSIC groups in address space"
76 #endif
77 
78 static const MemMapEntry virt_memmap[] = {
79     [VIRT_DEBUG] =        {        0x0,         0x100 },
80     [VIRT_MROM] =         {     0x1000,        0xf000 },
81     [VIRT_TEST] =         {   0x100000,        0x1000 },
82     [VIRT_RTC] =          {   0x101000,        0x1000 },
83     [VIRT_CLINT] =        {  0x2000000,       0x10000 },
84     [VIRT_ACLINT_SSWI] =  {  0x2F00000,        0x4000 },
85     [VIRT_PCIE_PIO] =     {  0x3000000,       0x10000 },
86     [VIRT_PLATFORM_BUS] = {  0x4000000,     0x2000000 },
87     [VIRT_PLIC] =         {  0xc000000, VIRT_PLIC_SIZE(VIRT_CPUS_MAX * 2) },
88     [VIRT_APLIC_M] =      {  0xc000000, APLIC_SIZE(VIRT_CPUS_MAX) },
89     [VIRT_APLIC_S] =      {  0xd000000, APLIC_SIZE(VIRT_CPUS_MAX) },
90     [VIRT_UART0] =        { 0x10000000,         0x100 },
91     [VIRT_VIRTIO] =       { 0x10001000,        0x1000 },
92     [VIRT_FW_CFG] =       { 0x10100000,          0x18 },
93     [VIRT_FLASH] =        { 0x20000000,     0x4000000 },
94     [VIRT_IMSIC_M] =      { 0x24000000, VIRT_IMSIC_MAX_SIZE },
95     [VIRT_IMSIC_S] =      { 0x28000000, VIRT_IMSIC_MAX_SIZE },
96     [VIRT_PCIE_ECAM] =    { 0x30000000,    0x10000000 },
97     [VIRT_PCIE_MMIO] =    { 0x40000000,    0x40000000 },
98     [VIRT_DRAM] =         { 0x80000000,           0x0 },
99 };
100 
101 /* PCIe high mmio is fixed for RV32 */
102 #define VIRT32_HIGH_PCIE_MMIO_BASE  0x300000000ULL
103 #define VIRT32_HIGH_PCIE_MMIO_SIZE  (4 * GiB)
104 
105 /* PCIe high mmio for RV64, size is fixed but base depends on top of RAM */
106 #define VIRT64_HIGH_PCIE_MMIO_SIZE  (16 * GiB)
107 
108 static MemMapEntry virt_high_pcie_memmap;
109 
110 #define VIRT_FLASH_SECTOR_SIZE (256 * KiB)
111 
112 static PFlashCFI01 *virt_flash_create1(RISCVVirtState *s,
113                                        const char *name,
114                                        const char *alias_prop_name)
115 {
116     /*
117      * Create a single flash device.  We use the same parameters as
118      * the flash devices on the ARM virt board.
119      */
120     DeviceState *dev = qdev_new(TYPE_PFLASH_CFI01);
121 
122     qdev_prop_set_uint64(dev, "sector-length", VIRT_FLASH_SECTOR_SIZE);
123     qdev_prop_set_uint8(dev, "width", 4);
124     qdev_prop_set_uint8(dev, "device-width", 2);
125     qdev_prop_set_bit(dev, "big-endian", false);
126     qdev_prop_set_uint16(dev, "id0", 0x89);
127     qdev_prop_set_uint16(dev, "id1", 0x18);
128     qdev_prop_set_uint16(dev, "id2", 0x00);
129     qdev_prop_set_uint16(dev, "id3", 0x00);
130     qdev_prop_set_string(dev, "name", name);
131 
132     object_property_add_child(OBJECT(s), name, OBJECT(dev));
133     object_property_add_alias(OBJECT(s), alias_prop_name,
134                               OBJECT(dev), "drive");
135 
136     return PFLASH_CFI01(dev);
137 }
138 
139 static void virt_flash_create(RISCVVirtState *s)
140 {
141     s->flash[0] = virt_flash_create1(s, "virt.flash0", "pflash0");
142     s->flash[1] = virt_flash_create1(s, "virt.flash1", "pflash1");
143 }
144 
145 static void virt_flash_map1(PFlashCFI01 *flash,
146                             hwaddr base, hwaddr size,
147                             MemoryRegion *sysmem)
148 {
149     DeviceState *dev = DEVICE(flash);
150 
151     assert(QEMU_IS_ALIGNED(size, VIRT_FLASH_SECTOR_SIZE));
152     assert(size / VIRT_FLASH_SECTOR_SIZE <= UINT32_MAX);
153     qdev_prop_set_uint32(dev, "num-blocks", size / VIRT_FLASH_SECTOR_SIZE);
154     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
155 
156     memory_region_add_subregion(sysmem, base,
157                                 sysbus_mmio_get_region(SYS_BUS_DEVICE(dev),
158                                                        0));
159 }
160 
161 static void virt_flash_map(RISCVVirtState *s,
162                            MemoryRegion *sysmem)
163 {
164     hwaddr flashsize = virt_memmap[VIRT_FLASH].size / 2;
165     hwaddr flashbase = virt_memmap[VIRT_FLASH].base;
166 
167     virt_flash_map1(s->flash[0], flashbase, flashsize,
168                     sysmem);
169     virt_flash_map1(s->flash[1], flashbase + flashsize, flashsize,
170                     sysmem);
171 }
172 
173 static void create_pcie_irq_map(RISCVVirtState *s, void *fdt, char *nodename,
174                                 uint32_t irqchip_phandle)
175 {
176     int pin, dev;
177     uint32_t irq_map_stride = 0;
178     uint32_t full_irq_map[GPEX_NUM_IRQS * GPEX_NUM_IRQS *
179                           FDT_MAX_INT_MAP_WIDTH] = {};
180     uint32_t *irq_map = full_irq_map;
181 
182     /* This code creates a standard swizzle of interrupts such that
183      * each device's first interrupt is based on it's PCI_SLOT number.
184      * (See pci_swizzle_map_irq_fn())
185      *
186      * We only need one entry per interrupt in the table (not one per
187      * possible slot) seeing the interrupt-map-mask will allow the table
188      * to wrap to any number of devices.
189      */
190     for (dev = 0; dev < GPEX_NUM_IRQS; dev++) {
191         int devfn = dev * 0x8;
192 
193         for (pin = 0; pin < GPEX_NUM_IRQS; pin++) {
194             int irq_nr = PCIE_IRQ + ((pin + PCI_SLOT(devfn)) % GPEX_NUM_IRQS);
195             int i = 0;
196 
197             /* Fill PCI address cells */
198             irq_map[i] = cpu_to_be32(devfn << 8);
199             i += FDT_PCI_ADDR_CELLS;
200 
201             /* Fill PCI Interrupt cells */
202             irq_map[i] = cpu_to_be32(pin + 1);
203             i += FDT_PCI_INT_CELLS;
204 
205             /* Fill interrupt controller phandle and cells */
206             irq_map[i++] = cpu_to_be32(irqchip_phandle);
207             irq_map[i++] = cpu_to_be32(irq_nr);
208             if (s->aia_type != VIRT_AIA_TYPE_NONE) {
209                 irq_map[i++] = cpu_to_be32(0x4);
210             }
211 
212             if (!irq_map_stride) {
213                 irq_map_stride = i;
214             }
215             irq_map += irq_map_stride;
216         }
217     }
218 
219     qemu_fdt_setprop(fdt, nodename, "interrupt-map", full_irq_map,
220                      GPEX_NUM_IRQS * GPEX_NUM_IRQS *
221                      irq_map_stride * sizeof(uint32_t));
222 
223     qemu_fdt_setprop_cells(fdt, nodename, "interrupt-map-mask",
224                            0x1800, 0, 0, 0x7);
225 }
226 
227 static void create_fdt_socket_cpus(RISCVVirtState *s, int socket,
228                                    char *clust_name, uint32_t *phandle,
229                                    uint32_t *intc_phandles)
230 {
231     int cpu;
232     uint32_t cpu_phandle;
233     MachineState *ms = MACHINE(s);
234     char *name, *cpu_name, *core_name, *intc_name, *sv_name;
235     bool is_32_bit = riscv_is_32bit(&s->soc[0]);
236     uint8_t satp_mode_max;
237 
238     for (cpu = s->soc[socket].num_harts - 1; cpu >= 0; cpu--) {
239         RISCVCPU *cpu_ptr = &s->soc[socket].harts[cpu];
240 
241         cpu_phandle = (*phandle)++;
242 
243         cpu_name = g_strdup_printf("/cpus/cpu@%d",
244             s->soc[socket].hartid_base + cpu);
245         qemu_fdt_add_subnode(ms->fdt, cpu_name);
246 
247         if (cpu_ptr->cfg.satp_mode.supported != 0) {
248             satp_mode_max = satp_mode_max_from_map(cpu_ptr->cfg.satp_mode.map);
249             sv_name = g_strdup_printf("riscv,%s",
250                                       satp_mode_str(satp_mode_max, is_32_bit));
251             qemu_fdt_setprop_string(ms->fdt, cpu_name, "mmu-type", sv_name);
252             g_free(sv_name);
253         }
254 
255         name = riscv_isa_string(cpu_ptr);
256         qemu_fdt_setprop_string(ms->fdt, cpu_name, "riscv,isa", name);
257         g_free(name);
258 
259         if (cpu_ptr->cfg.ext_icbom) {
260             qemu_fdt_setprop_cell(ms->fdt, cpu_name, "riscv,cbom-block-size",
261                                   cpu_ptr->cfg.cbom_blocksize);
262         }
263 
264         if (cpu_ptr->cfg.ext_icboz) {
265             qemu_fdt_setprop_cell(ms->fdt, cpu_name, "riscv,cboz-block-size",
266                                   cpu_ptr->cfg.cboz_blocksize);
267         }
268 
269         qemu_fdt_setprop_string(ms->fdt, cpu_name, "compatible", "riscv");
270         qemu_fdt_setprop_string(ms->fdt, cpu_name, "status", "okay");
271         qemu_fdt_setprop_cell(ms->fdt, cpu_name, "reg",
272             s->soc[socket].hartid_base + cpu);
273         qemu_fdt_setprop_string(ms->fdt, cpu_name, "device_type", "cpu");
274         riscv_socket_fdt_write_id(ms, cpu_name, socket);
275         qemu_fdt_setprop_cell(ms->fdt, cpu_name, "phandle", cpu_phandle);
276 
277         intc_phandles[cpu] = (*phandle)++;
278 
279         intc_name = g_strdup_printf("%s/interrupt-controller", cpu_name);
280         qemu_fdt_add_subnode(ms->fdt, intc_name);
281         qemu_fdt_setprop_cell(ms->fdt, intc_name, "phandle",
282             intc_phandles[cpu]);
283         qemu_fdt_setprop_string(ms->fdt, intc_name, "compatible",
284             "riscv,cpu-intc");
285         qemu_fdt_setprop(ms->fdt, intc_name, "interrupt-controller", NULL, 0);
286         qemu_fdt_setprop_cell(ms->fdt, intc_name, "#interrupt-cells", 1);
287 
288         core_name = g_strdup_printf("%s/core%d", clust_name, cpu);
289         qemu_fdt_add_subnode(ms->fdt, core_name);
290         qemu_fdt_setprop_cell(ms->fdt, core_name, "cpu", cpu_phandle);
291 
292         g_free(core_name);
293         g_free(intc_name);
294         g_free(cpu_name);
295     }
296 }
297 
298 static void create_fdt_socket_memory(RISCVVirtState *s,
299                                      const MemMapEntry *memmap, int socket)
300 {
301     char *mem_name;
302     uint64_t addr, size;
303     MachineState *ms = MACHINE(s);
304 
305     addr = memmap[VIRT_DRAM].base + riscv_socket_mem_offset(ms, socket);
306     size = riscv_socket_mem_size(ms, socket);
307     mem_name = g_strdup_printf("/memory@%lx", (long)addr);
308     qemu_fdt_add_subnode(ms->fdt, mem_name);
309     qemu_fdt_setprop_cells(ms->fdt, mem_name, "reg",
310         addr >> 32, addr, size >> 32, size);
311     qemu_fdt_setprop_string(ms->fdt, mem_name, "device_type", "memory");
312     riscv_socket_fdt_write_id(ms, mem_name, socket);
313     g_free(mem_name);
314 }
315 
316 static void create_fdt_socket_clint(RISCVVirtState *s,
317                                     const MemMapEntry *memmap, int socket,
318                                     uint32_t *intc_phandles)
319 {
320     int cpu;
321     char *clint_name;
322     uint32_t *clint_cells;
323     unsigned long clint_addr;
324     MachineState *ms = MACHINE(s);
325     static const char * const clint_compat[2] = {
326         "sifive,clint0", "riscv,clint0"
327     };
328 
329     clint_cells = g_new0(uint32_t, s->soc[socket].num_harts * 4);
330 
331     for (cpu = 0; cpu < s->soc[socket].num_harts; cpu++) {
332         clint_cells[cpu * 4 + 0] = cpu_to_be32(intc_phandles[cpu]);
333         clint_cells[cpu * 4 + 1] = cpu_to_be32(IRQ_M_SOFT);
334         clint_cells[cpu * 4 + 2] = cpu_to_be32(intc_phandles[cpu]);
335         clint_cells[cpu * 4 + 3] = cpu_to_be32(IRQ_M_TIMER);
336     }
337 
338     clint_addr = memmap[VIRT_CLINT].base + (memmap[VIRT_CLINT].size * socket);
339     clint_name = g_strdup_printf("/soc/clint@%lx", clint_addr);
340     qemu_fdt_add_subnode(ms->fdt, clint_name);
341     qemu_fdt_setprop_string_array(ms->fdt, clint_name, "compatible",
342                                   (char **)&clint_compat,
343                                   ARRAY_SIZE(clint_compat));
344     qemu_fdt_setprop_cells(ms->fdt, clint_name, "reg",
345         0x0, clint_addr, 0x0, memmap[VIRT_CLINT].size);
346     qemu_fdt_setprop(ms->fdt, clint_name, "interrupts-extended",
347         clint_cells, s->soc[socket].num_harts * sizeof(uint32_t) * 4);
348     riscv_socket_fdt_write_id(ms, clint_name, socket);
349     g_free(clint_name);
350 
351     g_free(clint_cells);
352 }
353 
354 static void create_fdt_socket_aclint(RISCVVirtState *s,
355                                      const MemMapEntry *memmap, int socket,
356                                      uint32_t *intc_phandles)
357 {
358     int cpu;
359     char *name;
360     unsigned long addr, size;
361     uint32_t aclint_cells_size;
362     uint32_t *aclint_mswi_cells;
363     uint32_t *aclint_sswi_cells;
364     uint32_t *aclint_mtimer_cells;
365     MachineState *ms = MACHINE(s);
366 
367     aclint_mswi_cells = g_new0(uint32_t, s->soc[socket].num_harts * 2);
368     aclint_mtimer_cells = g_new0(uint32_t, s->soc[socket].num_harts * 2);
369     aclint_sswi_cells = g_new0(uint32_t, s->soc[socket].num_harts * 2);
370 
371     for (cpu = 0; cpu < s->soc[socket].num_harts; cpu++) {
372         aclint_mswi_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
373         aclint_mswi_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_M_SOFT);
374         aclint_mtimer_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
375         aclint_mtimer_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_M_TIMER);
376         aclint_sswi_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
377         aclint_sswi_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_S_SOFT);
378     }
379     aclint_cells_size = s->soc[socket].num_harts * sizeof(uint32_t) * 2;
380 
381     if (s->aia_type != VIRT_AIA_TYPE_APLIC_IMSIC) {
382         addr = memmap[VIRT_CLINT].base + (memmap[VIRT_CLINT].size * socket);
383         name = g_strdup_printf("/soc/mswi@%lx", addr);
384         qemu_fdt_add_subnode(ms->fdt, name);
385         qemu_fdt_setprop_string(ms->fdt, name, "compatible",
386             "riscv,aclint-mswi");
387         qemu_fdt_setprop_cells(ms->fdt, name, "reg",
388             0x0, addr, 0x0, RISCV_ACLINT_SWI_SIZE);
389         qemu_fdt_setprop(ms->fdt, name, "interrupts-extended",
390             aclint_mswi_cells, aclint_cells_size);
391         qemu_fdt_setprop(ms->fdt, name, "interrupt-controller", NULL, 0);
392         qemu_fdt_setprop_cell(ms->fdt, name, "#interrupt-cells", 0);
393         riscv_socket_fdt_write_id(ms, name, socket);
394         g_free(name);
395     }
396 
397     if (s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC) {
398         addr = memmap[VIRT_CLINT].base +
399                (RISCV_ACLINT_DEFAULT_MTIMER_SIZE * socket);
400         size = RISCV_ACLINT_DEFAULT_MTIMER_SIZE;
401     } else {
402         addr = memmap[VIRT_CLINT].base + RISCV_ACLINT_SWI_SIZE +
403             (memmap[VIRT_CLINT].size * socket);
404         size = memmap[VIRT_CLINT].size - RISCV_ACLINT_SWI_SIZE;
405     }
406     name = g_strdup_printf("/soc/mtimer@%lx", addr);
407     qemu_fdt_add_subnode(ms->fdt, name);
408     qemu_fdt_setprop_string(ms->fdt, name, "compatible",
409         "riscv,aclint-mtimer");
410     qemu_fdt_setprop_cells(ms->fdt, name, "reg",
411         0x0, addr + RISCV_ACLINT_DEFAULT_MTIME,
412         0x0, size - RISCV_ACLINT_DEFAULT_MTIME,
413         0x0, addr + RISCV_ACLINT_DEFAULT_MTIMECMP,
414         0x0, RISCV_ACLINT_DEFAULT_MTIME);
415     qemu_fdt_setprop(ms->fdt, name, "interrupts-extended",
416         aclint_mtimer_cells, aclint_cells_size);
417     riscv_socket_fdt_write_id(ms, name, socket);
418     g_free(name);
419 
420     if (s->aia_type != VIRT_AIA_TYPE_APLIC_IMSIC) {
421         addr = memmap[VIRT_ACLINT_SSWI].base +
422             (memmap[VIRT_ACLINT_SSWI].size * socket);
423         name = g_strdup_printf("/soc/sswi@%lx", addr);
424         qemu_fdt_add_subnode(ms->fdt, name);
425         qemu_fdt_setprop_string(ms->fdt, name, "compatible",
426             "riscv,aclint-sswi");
427         qemu_fdt_setprop_cells(ms->fdt, name, "reg",
428             0x0, addr, 0x0, memmap[VIRT_ACLINT_SSWI].size);
429         qemu_fdt_setprop(ms->fdt, name, "interrupts-extended",
430             aclint_sswi_cells, aclint_cells_size);
431         qemu_fdt_setprop(ms->fdt, name, "interrupt-controller", NULL, 0);
432         qemu_fdt_setprop_cell(ms->fdt, name, "#interrupt-cells", 0);
433         riscv_socket_fdt_write_id(ms, name, socket);
434         g_free(name);
435     }
436 
437     g_free(aclint_mswi_cells);
438     g_free(aclint_mtimer_cells);
439     g_free(aclint_sswi_cells);
440 }
441 
442 static void create_fdt_socket_plic(RISCVVirtState *s,
443                                    const MemMapEntry *memmap, int socket,
444                                    uint32_t *phandle, uint32_t *intc_phandles,
445                                    uint32_t *plic_phandles)
446 {
447     int cpu;
448     char *plic_name;
449     uint32_t *plic_cells;
450     unsigned long plic_addr;
451     MachineState *ms = MACHINE(s);
452     static const char * const plic_compat[2] = {
453         "sifive,plic-1.0.0", "riscv,plic0"
454     };
455 
456     if (kvm_enabled()) {
457         plic_cells = g_new0(uint32_t, s->soc[socket].num_harts * 2);
458     } else {
459         plic_cells = g_new0(uint32_t, s->soc[socket].num_harts * 4);
460     }
461 
462     for (cpu = 0; cpu < s->soc[socket].num_harts; cpu++) {
463         if (kvm_enabled()) {
464             plic_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
465             plic_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_S_EXT);
466         } else {
467             plic_cells[cpu * 4 + 0] = cpu_to_be32(intc_phandles[cpu]);
468             plic_cells[cpu * 4 + 1] = cpu_to_be32(IRQ_M_EXT);
469             plic_cells[cpu * 4 + 2] = cpu_to_be32(intc_phandles[cpu]);
470             plic_cells[cpu * 4 + 3] = cpu_to_be32(IRQ_S_EXT);
471         }
472     }
473 
474     plic_phandles[socket] = (*phandle)++;
475     plic_addr = memmap[VIRT_PLIC].base + (memmap[VIRT_PLIC].size * socket);
476     plic_name = g_strdup_printf("/soc/plic@%lx", plic_addr);
477     qemu_fdt_add_subnode(ms->fdt, plic_name);
478     qemu_fdt_setprop_cell(ms->fdt, plic_name,
479         "#interrupt-cells", FDT_PLIC_INT_CELLS);
480     qemu_fdt_setprop_cell(ms->fdt, plic_name,
481         "#address-cells", FDT_PLIC_ADDR_CELLS);
482     qemu_fdt_setprop_string_array(ms->fdt, plic_name, "compatible",
483                                   (char **)&plic_compat,
484                                   ARRAY_SIZE(plic_compat));
485     qemu_fdt_setprop(ms->fdt, plic_name, "interrupt-controller", NULL, 0);
486     qemu_fdt_setprop(ms->fdt, plic_name, "interrupts-extended",
487         plic_cells, s->soc[socket].num_harts * sizeof(uint32_t) * 4);
488     qemu_fdt_setprop_cells(ms->fdt, plic_name, "reg",
489         0x0, plic_addr, 0x0, memmap[VIRT_PLIC].size);
490     qemu_fdt_setprop_cell(ms->fdt, plic_name, "riscv,ndev",
491                           VIRT_IRQCHIP_NUM_SOURCES - 1);
492     riscv_socket_fdt_write_id(ms, plic_name, socket);
493     qemu_fdt_setprop_cell(ms->fdt, plic_name, "phandle",
494         plic_phandles[socket]);
495 
496     if (!socket) {
497         platform_bus_add_all_fdt_nodes(ms->fdt, plic_name,
498                                        memmap[VIRT_PLATFORM_BUS].base,
499                                        memmap[VIRT_PLATFORM_BUS].size,
500                                        VIRT_PLATFORM_BUS_IRQ);
501     }
502 
503     g_free(plic_name);
504 
505     g_free(plic_cells);
506 }
507 
508 static uint32_t imsic_num_bits(uint32_t count)
509 {
510     uint32_t ret = 0;
511 
512     while (BIT(ret) < count) {
513         ret++;
514     }
515 
516     return ret;
517 }
518 
519 static void create_fdt_imsic(RISCVVirtState *s, const MemMapEntry *memmap,
520                              uint32_t *phandle, uint32_t *intc_phandles,
521                              uint32_t *msi_m_phandle, uint32_t *msi_s_phandle)
522 {
523     int cpu, socket;
524     char *imsic_name;
525     MachineState *ms = MACHINE(s);
526     int socket_count = riscv_socket_count(ms);
527     uint32_t imsic_max_hart_per_socket, imsic_guest_bits;
528     uint32_t *imsic_cells, *imsic_regs, imsic_addr, imsic_size;
529 
530     *msi_m_phandle = (*phandle)++;
531     *msi_s_phandle = (*phandle)++;
532     imsic_cells = g_new0(uint32_t, ms->smp.cpus * 2);
533     imsic_regs = g_new0(uint32_t, socket_count * 4);
534 
535     /* M-level IMSIC node */
536     for (cpu = 0; cpu < ms->smp.cpus; cpu++) {
537         imsic_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
538         imsic_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_M_EXT);
539     }
540     imsic_max_hart_per_socket = 0;
541     for (socket = 0; socket < socket_count; socket++) {
542         imsic_addr = memmap[VIRT_IMSIC_M].base +
543                      socket * VIRT_IMSIC_GROUP_MAX_SIZE;
544         imsic_size = IMSIC_HART_SIZE(0) * s->soc[socket].num_harts;
545         imsic_regs[socket * 4 + 0] = 0;
546         imsic_regs[socket * 4 + 1] = cpu_to_be32(imsic_addr);
547         imsic_regs[socket * 4 + 2] = 0;
548         imsic_regs[socket * 4 + 3] = cpu_to_be32(imsic_size);
549         if (imsic_max_hart_per_socket < s->soc[socket].num_harts) {
550             imsic_max_hart_per_socket = s->soc[socket].num_harts;
551         }
552     }
553     imsic_name = g_strdup_printf("/soc/imsics@%lx",
554         (unsigned long)memmap[VIRT_IMSIC_M].base);
555     qemu_fdt_add_subnode(ms->fdt, imsic_name);
556     qemu_fdt_setprop_string(ms->fdt, imsic_name, "compatible",
557         "riscv,imsics");
558     qemu_fdt_setprop_cell(ms->fdt, imsic_name, "#interrupt-cells",
559         FDT_IMSIC_INT_CELLS);
560     qemu_fdt_setprop(ms->fdt, imsic_name, "interrupt-controller",
561         NULL, 0);
562     qemu_fdt_setprop(ms->fdt, imsic_name, "msi-controller",
563         NULL, 0);
564     qemu_fdt_setprop(ms->fdt, imsic_name, "interrupts-extended",
565         imsic_cells, ms->smp.cpus * sizeof(uint32_t) * 2);
566     qemu_fdt_setprop(ms->fdt, imsic_name, "reg", imsic_regs,
567         socket_count * sizeof(uint32_t) * 4);
568     qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,num-ids",
569         VIRT_IRQCHIP_NUM_MSIS);
570     if (socket_count > 1) {
571         qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,hart-index-bits",
572             imsic_num_bits(imsic_max_hart_per_socket));
573         qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,group-index-bits",
574             imsic_num_bits(socket_count));
575         qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,group-index-shift",
576             IMSIC_MMIO_GROUP_MIN_SHIFT);
577     }
578     qemu_fdt_setprop_cell(ms->fdt, imsic_name, "phandle", *msi_m_phandle);
579 
580     g_free(imsic_name);
581 
582     /* S-level IMSIC node */
583     for (cpu = 0; cpu < ms->smp.cpus; cpu++) {
584         imsic_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
585         imsic_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_S_EXT);
586     }
587     imsic_guest_bits = imsic_num_bits(s->aia_guests + 1);
588     imsic_max_hart_per_socket = 0;
589     for (socket = 0; socket < socket_count; socket++) {
590         imsic_addr = memmap[VIRT_IMSIC_S].base +
591                      socket * VIRT_IMSIC_GROUP_MAX_SIZE;
592         imsic_size = IMSIC_HART_SIZE(imsic_guest_bits) *
593                      s->soc[socket].num_harts;
594         imsic_regs[socket * 4 + 0] = 0;
595         imsic_regs[socket * 4 + 1] = cpu_to_be32(imsic_addr);
596         imsic_regs[socket * 4 + 2] = 0;
597         imsic_regs[socket * 4 + 3] = cpu_to_be32(imsic_size);
598         if (imsic_max_hart_per_socket < s->soc[socket].num_harts) {
599             imsic_max_hart_per_socket = s->soc[socket].num_harts;
600         }
601     }
602     imsic_name = g_strdup_printf("/soc/imsics@%lx",
603         (unsigned long)memmap[VIRT_IMSIC_S].base);
604     qemu_fdt_add_subnode(ms->fdt, imsic_name);
605     qemu_fdt_setprop_string(ms->fdt, imsic_name, "compatible",
606         "riscv,imsics");
607     qemu_fdt_setprop_cell(ms->fdt, imsic_name, "#interrupt-cells",
608         FDT_IMSIC_INT_CELLS);
609     qemu_fdt_setprop(ms->fdt, imsic_name, "interrupt-controller",
610         NULL, 0);
611     qemu_fdt_setprop(ms->fdt, imsic_name, "msi-controller",
612         NULL, 0);
613     qemu_fdt_setprop(ms->fdt, imsic_name, "interrupts-extended",
614         imsic_cells, ms->smp.cpus * sizeof(uint32_t) * 2);
615     qemu_fdt_setprop(ms->fdt, imsic_name, "reg", imsic_regs,
616         socket_count * sizeof(uint32_t) * 4);
617     qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,num-ids",
618         VIRT_IRQCHIP_NUM_MSIS);
619     if (imsic_guest_bits) {
620         qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,guest-index-bits",
621             imsic_guest_bits);
622     }
623     if (socket_count > 1) {
624         qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,hart-index-bits",
625             imsic_num_bits(imsic_max_hart_per_socket));
626         qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,group-index-bits",
627             imsic_num_bits(socket_count));
628         qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,group-index-shift",
629             IMSIC_MMIO_GROUP_MIN_SHIFT);
630     }
631     qemu_fdt_setprop_cell(ms->fdt, imsic_name, "phandle", *msi_s_phandle);
632     g_free(imsic_name);
633 
634     g_free(imsic_regs);
635     g_free(imsic_cells);
636 }
637 
638 static void create_fdt_socket_aplic(RISCVVirtState *s,
639                                     const MemMapEntry *memmap, int socket,
640                                     uint32_t msi_m_phandle,
641                                     uint32_t msi_s_phandle,
642                                     uint32_t *phandle,
643                                     uint32_t *intc_phandles,
644                                     uint32_t *aplic_phandles)
645 {
646     int cpu;
647     char *aplic_name;
648     uint32_t *aplic_cells;
649     unsigned long aplic_addr;
650     MachineState *ms = MACHINE(s);
651     uint32_t aplic_m_phandle, aplic_s_phandle;
652 
653     aplic_m_phandle = (*phandle)++;
654     aplic_s_phandle = (*phandle)++;
655     aplic_cells = g_new0(uint32_t, s->soc[socket].num_harts * 2);
656 
657     /* M-level APLIC node */
658     for (cpu = 0; cpu < s->soc[socket].num_harts; cpu++) {
659         aplic_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
660         aplic_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_M_EXT);
661     }
662     aplic_addr = memmap[VIRT_APLIC_M].base +
663                  (memmap[VIRT_APLIC_M].size * socket);
664     aplic_name = g_strdup_printf("/soc/aplic@%lx", aplic_addr);
665     qemu_fdt_add_subnode(ms->fdt, aplic_name);
666     qemu_fdt_setprop_string(ms->fdt, aplic_name, "compatible", "riscv,aplic");
667     qemu_fdt_setprop_cell(ms->fdt, aplic_name,
668         "#interrupt-cells", FDT_APLIC_INT_CELLS);
669     qemu_fdt_setprop(ms->fdt, aplic_name, "interrupt-controller", NULL, 0);
670     if (s->aia_type == VIRT_AIA_TYPE_APLIC) {
671         qemu_fdt_setprop(ms->fdt, aplic_name, "interrupts-extended",
672             aplic_cells, s->soc[socket].num_harts * sizeof(uint32_t) * 2);
673     } else {
674         qemu_fdt_setprop_cell(ms->fdt, aplic_name, "msi-parent",
675             msi_m_phandle);
676     }
677     qemu_fdt_setprop_cells(ms->fdt, aplic_name, "reg",
678         0x0, aplic_addr, 0x0, memmap[VIRT_APLIC_M].size);
679     qemu_fdt_setprop_cell(ms->fdt, aplic_name, "riscv,num-sources",
680         VIRT_IRQCHIP_NUM_SOURCES);
681     qemu_fdt_setprop_cell(ms->fdt, aplic_name, "riscv,children",
682         aplic_s_phandle);
683     qemu_fdt_setprop_cells(ms->fdt, aplic_name, "riscv,delegate",
684         aplic_s_phandle, 0x1, VIRT_IRQCHIP_NUM_SOURCES);
685     riscv_socket_fdt_write_id(ms, aplic_name, socket);
686     qemu_fdt_setprop_cell(ms->fdt, aplic_name, "phandle", aplic_m_phandle);
687     g_free(aplic_name);
688 
689     /* S-level APLIC node */
690     for (cpu = 0; cpu < s->soc[socket].num_harts; cpu++) {
691         aplic_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
692         aplic_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_S_EXT);
693     }
694     aplic_addr = memmap[VIRT_APLIC_S].base +
695                  (memmap[VIRT_APLIC_S].size * socket);
696     aplic_name = g_strdup_printf("/soc/aplic@%lx", aplic_addr);
697     qemu_fdt_add_subnode(ms->fdt, aplic_name);
698     qemu_fdt_setprop_string(ms->fdt, aplic_name, "compatible", "riscv,aplic");
699     qemu_fdt_setprop_cell(ms->fdt, aplic_name,
700         "#interrupt-cells", FDT_APLIC_INT_CELLS);
701     qemu_fdt_setprop(ms->fdt, aplic_name, "interrupt-controller", NULL, 0);
702     if (s->aia_type == VIRT_AIA_TYPE_APLIC) {
703         qemu_fdt_setprop(ms->fdt, aplic_name, "interrupts-extended",
704             aplic_cells, s->soc[socket].num_harts * sizeof(uint32_t) * 2);
705     } else {
706         qemu_fdt_setprop_cell(ms->fdt, aplic_name, "msi-parent",
707             msi_s_phandle);
708     }
709     qemu_fdt_setprop_cells(ms->fdt, aplic_name, "reg",
710         0x0, aplic_addr, 0x0, memmap[VIRT_APLIC_S].size);
711     qemu_fdt_setprop_cell(ms->fdt, aplic_name, "riscv,num-sources",
712         VIRT_IRQCHIP_NUM_SOURCES);
713     riscv_socket_fdt_write_id(ms, aplic_name, socket);
714     qemu_fdt_setprop_cell(ms->fdt, aplic_name, "phandle", aplic_s_phandle);
715 
716     if (!socket) {
717         platform_bus_add_all_fdt_nodes(ms->fdt, aplic_name,
718                                        memmap[VIRT_PLATFORM_BUS].base,
719                                        memmap[VIRT_PLATFORM_BUS].size,
720                                        VIRT_PLATFORM_BUS_IRQ);
721     }
722 
723     g_free(aplic_name);
724 
725     g_free(aplic_cells);
726     aplic_phandles[socket] = aplic_s_phandle;
727 }
728 
729 static void create_fdt_pmu(RISCVVirtState *s)
730 {
731     char *pmu_name;
732     MachineState *ms = MACHINE(s);
733     RISCVCPU hart = s->soc[0].harts[0];
734 
735     pmu_name = g_strdup_printf("/soc/pmu");
736     qemu_fdt_add_subnode(ms->fdt, pmu_name);
737     qemu_fdt_setprop_string(ms->fdt, pmu_name, "compatible", "riscv,pmu");
738     riscv_pmu_generate_fdt_node(ms->fdt, hart.cfg.pmu_num, pmu_name);
739 
740     g_free(pmu_name);
741 }
742 
743 static void create_fdt_sockets(RISCVVirtState *s, const MemMapEntry *memmap,
744                                uint32_t *phandle,
745                                uint32_t *irq_mmio_phandle,
746                                uint32_t *irq_pcie_phandle,
747                                uint32_t *irq_virtio_phandle,
748                                uint32_t *msi_pcie_phandle)
749 {
750     char *clust_name;
751     int socket, phandle_pos;
752     MachineState *ms = MACHINE(s);
753     uint32_t msi_m_phandle = 0, msi_s_phandle = 0;
754     uint32_t *intc_phandles, xplic_phandles[MAX_NODES];
755     int socket_count = riscv_socket_count(ms);
756 
757     qemu_fdt_add_subnode(ms->fdt, "/cpus");
758     qemu_fdt_setprop_cell(ms->fdt, "/cpus", "timebase-frequency",
759                           RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ);
760     qemu_fdt_setprop_cell(ms->fdt, "/cpus", "#size-cells", 0x0);
761     qemu_fdt_setprop_cell(ms->fdt, "/cpus", "#address-cells", 0x1);
762     qemu_fdt_add_subnode(ms->fdt, "/cpus/cpu-map");
763 
764     intc_phandles = g_new0(uint32_t, ms->smp.cpus);
765 
766     phandle_pos = ms->smp.cpus;
767     for (socket = (socket_count - 1); socket >= 0; socket--) {
768         phandle_pos -= s->soc[socket].num_harts;
769 
770         clust_name = g_strdup_printf("/cpus/cpu-map/cluster%d", socket);
771         qemu_fdt_add_subnode(ms->fdt, clust_name);
772 
773         create_fdt_socket_cpus(s, socket, clust_name, phandle,
774                                &intc_phandles[phandle_pos]);
775 
776         create_fdt_socket_memory(s, memmap, socket);
777 
778         g_free(clust_name);
779 
780         if (tcg_enabled()) {
781             if (s->have_aclint) {
782                 create_fdt_socket_aclint(s, memmap, socket,
783                     &intc_phandles[phandle_pos]);
784             } else {
785                 create_fdt_socket_clint(s, memmap, socket,
786                     &intc_phandles[phandle_pos]);
787             }
788         }
789     }
790 
791     if (s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC) {
792         create_fdt_imsic(s, memmap, phandle, intc_phandles,
793             &msi_m_phandle, &msi_s_phandle);
794         *msi_pcie_phandle = msi_s_phandle;
795     }
796 
797     phandle_pos = ms->smp.cpus;
798     for (socket = (socket_count - 1); socket >= 0; socket--) {
799         phandle_pos -= s->soc[socket].num_harts;
800 
801         if (s->aia_type == VIRT_AIA_TYPE_NONE) {
802             create_fdt_socket_plic(s, memmap, socket, phandle,
803                 &intc_phandles[phandle_pos], xplic_phandles);
804         } else {
805             create_fdt_socket_aplic(s, memmap, socket,
806                 msi_m_phandle, msi_s_phandle, phandle,
807                 &intc_phandles[phandle_pos], xplic_phandles);
808         }
809     }
810 
811     g_free(intc_phandles);
812 
813     for (socket = 0; socket < socket_count; socket++) {
814         if (socket == 0) {
815             *irq_mmio_phandle = xplic_phandles[socket];
816             *irq_virtio_phandle = xplic_phandles[socket];
817             *irq_pcie_phandle = xplic_phandles[socket];
818         }
819         if (socket == 1) {
820             *irq_virtio_phandle = xplic_phandles[socket];
821             *irq_pcie_phandle = xplic_phandles[socket];
822         }
823         if (socket == 2) {
824             *irq_pcie_phandle = xplic_phandles[socket];
825         }
826     }
827 
828     riscv_socket_fdt_write_distance_matrix(ms);
829 }
830 
831 static void create_fdt_virtio(RISCVVirtState *s, const MemMapEntry *memmap,
832                               uint32_t irq_virtio_phandle)
833 {
834     int i;
835     char *name;
836     MachineState *ms = MACHINE(s);
837 
838     for (i = 0; i < VIRTIO_COUNT; i++) {
839         name = g_strdup_printf("/soc/virtio_mmio@%lx",
840             (long)(memmap[VIRT_VIRTIO].base + i * memmap[VIRT_VIRTIO].size));
841         qemu_fdt_add_subnode(ms->fdt, name);
842         qemu_fdt_setprop_string(ms->fdt, name, "compatible", "virtio,mmio");
843         qemu_fdt_setprop_cells(ms->fdt, name, "reg",
844             0x0, memmap[VIRT_VIRTIO].base + i * memmap[VIRT_VIRTIO].size,
845             0x0, memmap[VIRT_VIRTIO].size);
846         qemu_fdt_setprop_cell(ms->fdt, name, "interrupt-parent",
847             irq_virtio_phandle);
848         if (s->aia_type == VIRT_AIA_TYPE_NONE) {
849             qemu_fdt_setprop_cell(ms->fdt, name, "interrupts",
850                                   VIRTIO_IRQ + i);
851         } else {
852             qemu_fdt_setprop_cells(ms->fdt, name, "interrupts",
853                                    VIRTIO_IRQ + i, 0x4);
854         }
855         g_free(name);
856     }
857 }
858 
859 static void create_fdt_pcie(RISCVVirtState *s, const MemMapEntry *memmap,
860                             uint32_t irq_pcie_phandle,
861                             uint32_t msi_pcie_phandle)
862 {
863     char *name;
864     MachineState *ms = MACHINE(s);
865 
866     name = g_strdup_printf("/soc/pci@%lx",
867         (long) memmap[VIRT_PCIE_ECAM].base);
868     qemu_fdt_add_subnode(ms->fdt, name);
869     qemu_fdt_setprop_cell(ms->fdt, name, "#address-cells",
870         FDT_PCI_ADDR_CELLS);
871     qemu_fdt_setprop_cell(ms->fdt, name, "#interrupt-cells",
872         FDT_PCI_INT_CELLS);
873     qemu_fdt_setprop_cell(ms->fdt, name, "#size-cells", 0x2);
874     qemu_fdt_setprop_string(ms->fdt, name, "compatible",
875         "pci-host-ecam-generic");
876     qemu_fdt_setprop_string(ms->fdt, name, "device_type", "pci");
877     qemu_fdt_setprop_cell(ms->fdt, name, "linux,pci-domain", 0);
878     qemu_fdt_setprop_cells(ms->fdt, name, "bus-range", 0,
879         memmap[VIRT_PCIE_ECAM].size / PCIE_MMCFG_SIZE_MIN - 1);
880     qemu_fdt_setprop(ms->fdt, name, "dma-coherent", NULL, 0);
881     if (s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC) {
882         qemu_fdt_setprop_cell(ms->fdt, name, "msi-parent", msi_pcie_phandle);
883     }
884     qemu_fdt_setprop_cells(ms->fdt, name, "reg", 0,
885         memmap[VIRT_PCIE_ECAM].base, 0, memmap[VIRT_PCIE_ECAM].size);
886     qemu_fdt_setprop_sized_cells(ms->fdt, name, "ranges",
887         1, FDT_PCI_RANGE_IOPORT, 2, 0,
888         2, memmap[VIRT_PCIE_PIO].base, 2, memmap[VIRT_PCIE_PIO].size,
889         1, FDT_PCI_RANGE_MMIO,
890         2, memmap[VIRT_PCIE_MMIO].base,
891         2, memmap[VIRT_PCIE_MMIO].base, 2, memmap[VIRT_PCIE_MMIO].size,
892         1, FDT_PCI_RANGE_MMIO_64BIT,
893         2, virt_high_pcie_memmap.base,
894         2, virt_high_pcie_memmap.base, 2, virt_high_pcie_memmap.size);
895 
896     create_pcie_irq_map(s, ms->fdt, name, irq_pcie_phandle);
897     g_free(name);
898 }
899 
900 static void create_fdt_reset(RISCVVirtState *s, const MemMapEntry *memmap,
901                              uint32_t *phandle)
902 {
903     char *name;
904     uint32_t test_phandle;
905     MachineState *ms = MACHINE(s);
906 
907     test_phandle = (*phandle)++;
908     name = g_strdup_printf("/soc/test@%lx",
909         (long)memmap[VIRT_TEST].base);
910     qemu_fdt_add_subnode(ms->fdt, name);
911     {
912         static const char * const compat[3] = {
913             "sifive,test1", "sifive,test0", "syscon"
914         };
915         qemu_fdt_setprop_string_array(ms->fdt, name, "compatible",
916                                       (char **)&compat, ARRAY_SIZE(compat));
917     }
918     qemu_fdt_setprop_cells(ms->fdt, name, "reg",
919         0x0, memmap[VIRT_TEST].base, 0x0, memmap[VIRT_TEST].size);
920     qemu_fdt_setprop_cell(ms->fdt, name, "phandle", test_phandle);
921     test_phandle = qemu_fdt_get_phandle(ms->fdt, name);
922     g_free(name);
923 
924     name = g_strdup_printf("/reboot");
925     qemu_fdt_add_subnode(ms->fdt, name);
926     qemu_fdt_setprop_string(ms->fdt, name, "compatible", "syscon-reboot");
927     qemu_fdt_setprop_cell(ms->fdt, name, "regmap", test_phandle);
928     qemu_fdt_setprop_cell(ms->fdt, name, "offset", 0x0);
929     qemu_fdt_setprop_cell(ms->fdt, name, "value", FINISHER_RESET);
930     g_free(name);
931 
932     name = g_strdup_printf("/poweroff");
933     qemu_fdt_add_subnode(ms->fdt, name);
934     qemu_fdt_setprop_string(ms->fdt, name, "compatible", "syscon-poweroff");
935     qemu_fdt_setprop_cell(ms->fdt, name, "regmap", test_phandle);
936     qemu_fdt_setprop_cell(ms->fdt, name, "offset", 0x0);
937     qemu_fdt_setprop_cell(ms->fdt, name, "value", FINISHER_PASS);
938     g_free(name);
939 }
940 
941 static void create_fdt_uart(RISCVVirtState *s, const MemMapEntry *memmap,
942                             uint32_t irq_mmio_phandle)
943 {
944     char *name;
945     MachineState *ms = MACHINE(s);
946 
947     name = g_strdup_printf("/soc/serial@%lx", (long)memmap[VIRT_UART0].base);
948     qemu_fdt_add_subnode(ms->fdt, name);
949     qemu_fdt_setprop_string(ms->fdt, name, "compatible", "ns16550a");
950     qemu_fdt_setprop_cells(ms->fdt, name, "reg",
951         0x0, memmap[VIRT_UART0].base,
952         0x0, memmap[VIRT_UART0].size);
953     qemu_fdt_setprop_cell(ms->fdt, name, "clock-frequency", 3686400);
954     qemu_fdt_setprop_cell(ms->fdt, name, "interrupt-parent", irq_mmio_phandle);
955     if (s->aia_type == VIRT_AIA_TYPE_NONE) {
956         qemu_fdt_setprop_cell(ms->fdt, name, "interrupts", UART0_IRQ);
957     } else {
958         qemu_fdt_setprop_cells(ms->fdt, name, "interrupts", UART0_IRQ, 0x4);
959     }
960 
961     qemu_fdt_add_subnode(ms->fdt, "/chosen");
962     qemu_fdt_setprop_string(ms->fdt, "/chosen", "stdout-path", name);
963     g_free(name);
964 }
965 
966 static void create_fdt_rtc(RISCVVirtState *s, const MemMapEntry *memmap,
967                            uint32_t irq_mmio_phandle)
968 {
969     char *name;
970     MachineState *ms = MACHINE(s);
971 
972     name = g_strdup_printf("/soc/rtc@%lx", (long)memmap[VIRT_RTC].base);
973     qemu_fdt_add_subnode(ms->fdt, name);
974     qemu_fdt_setprop_string(ms->fdt, name, "compatible",
975         "google,goldfish-rtc");
976     qemu_fdt_setprop_cells(ms->fdt, name, "reg",
977         0x0, memmap[VIRT_RTC].base, 0x0, memmap[VIRT_RTC].size);
978     qemu_fdt_setprop_cell(ms->fdt, name, "interrupt-parent",
979         irq_mmio_phandle);
980     if (s->aia_type == VIRT_AIA_TYPE_NONE) {
981         qemu_fdt_setprop_cell(ms->fdt, name, "interrupts", RTC_IRQ);
982     } else {
983         qemu_fdt_setprop_cells(ms->fdt, name, "interrupts", RTC_IRQ, 0x4);
984     }
985     g_free(name);
986 }
987 
988 static void create_fdt_flash(RISCVVirtState *s, const MemMapEntry *memmap)
989 {
990     char *name;
991     MachineState *ms = MACHINE(s);
992     hwaddr flashsize = virt_memmap[VIRT_FLASH].size / 2;
993     hwaddr flashbase = virt_memmap[VIRT_FLASH].base;
994 
995     name = g_strdup_printf("/flash@%" PRIx64, flashbase);
996     qemu_fdt_add_subnode(ms->fdt, name);
997     qemu_fdt_setprop_string(ms->fdt, name, "compatible", "cfi-flash");
998     qemu_fdt_setprop_sized_cells(ms->fdt, name, "reg",
999                                  2, flashbase, 2, flashsize,
1000                                  2, flashbase + flashsize, 2, flashsize);
1001     qemu_fdt_setprop_cell(ms->fdt, name, "bank-width", 4);
1002     g_free(name);
1003 }
1004 
1005 static void create_fdt_fw_cfg(RISCVVirtState *s, const MemMapEntry *memmap)
1006 {
1007     char *nodename;
1008     MachineState *ms = MACHINE(s);
1009     hwaddr base = memmap[VIRT_FW_CFG].base;
1010     hwaddr size = memmap[VIRT_FW_CFG].size;
1011 
1012     nodename = g_strdup_printf("/fw-cfg@%" PRIx64, base);
1013     qemu_fdt_add_subnode(ms->fdt, nodename);
1014     qemu_fdt_setprop_string(ms->fdt, nodename,
1015                             "compatible", "qemu,fw-cfg-mmio");
1016     qemu_fdt_setprop_sized_cells(ms->fdt, nodename, "reg",
1017                                  2, base, 2, size);
1018     qemu_fdt_setprop(ms->fdt, nodename, "dma-coherent", NULL, 0);
1019     g_free(nodename);
1020 }
1021 
1022 static void create_fdt(RISCVVirtState *s, const MemMapEntry *memmap)
1023 {
1024     MachineState *ms = MACHINE(s);
1025     uint32_t phandle = 1, irq_mmio_phandle = 1, msi_pcie_phandle = 1;
1026     uint32_t irq_pcie_phandle = 1, irq_virtio_phandle = 1;
1027     uint8_t rng_seed[32];
1028 
1029     ms->fdt = create_device_tree(&s->fdt_size);
1030     if (!ms->fdt) {
1031         error_report("create_device_tree() failed");
1032         exit(1);
1033     }
1034 
1035     qemu_fdt_setprop_string(ms->fdt, "/", "model", "riscv-virtio,qemu");
1036     qemu_fdt_setprop_string(ms->fdt, "/", "compatible", "riscv-virtio");
1037     qemu_fdt_setprop_cell(ms->fdt, "/", "#size-cells", 0x2);
1038     qemu_fdt_setprop_cell(ms->fdt, "/", "#address-cells", 0x2);
1039 
1040     qemu_fdt_add_subnode(ms->fdt, "/soc");
1041     qemu_fdt_setprop(ms->fdt, "/soc", "ranges", NULL, 0);
1042     qemu_fdt_setprop_string(ms->fdt, "/soc", "compatible", "simple-bus");
1043     qemu_fdt_setprop_cell(ms->fdt, "/soc", "#size-cells", 0x2);
1044     qemu_fdt_setprop_cell(ms->fdt, "/soc", "#address-cells", 0x2);
1045 
1046     create_fdt_sockets(s, memmap, &phandle, &irq_mmio_phandle,
1047                        &irq_pcie_phandle, &irq_virtio_phandle,
1048                        &msi_pcie_phandle);
1049 
1050     create_fdt_virtio(s, memmap, irq_virtio_phandle);
1051 
1052     create_fdt_pcie(s, memmap, irq_pcie_phandle, msi_pcie_phandle);
1053 
1054     create_fdt_reset(s, memmap, &phandle);
1055 
1056     create_fdt_uart(s, memmap, irq_mmio_phandle);
1057 
1058     create_fdt_rtc(s, memmap, irq_mmio_phandle);
1059 
1060     create_fdt_flash(s, memmap);
1061     create_fdt_fw_cfg(s, memmap);
1062     create_fdt_pmu(s);
1063 
1064     /* Pass seed to RNG */
1065     qemu_guest_getrandom_nofail(rng_seed, sizeof(rng_seed));
1066     qemu_fdt_setprop(ms->fdt, "/chosen", "rng-seed",
1067                      rng_seed, sizeof(rng_seed));
1068 }
1069 
1070 static inline DeviceState *gpex_pcie_init(MemoryRegion *sys_mem,
1071                                           hwaddr ecam_base, hwaddr ecam_size,
1072                                           hwaddr mmio_base, hwaddr mmio_size,
1073                                           hwaddr high_mmio_base,
1074                                           hwaddr high_mmio_size,
1075                                           hwaddr pio_base,
1076                                           DeviceState *irqchip)
1077 {
1078     DeviceState *dev;
1079     MemoryRegion *ecam_alias, *ecam_reg;
1080     MemoryRegion *mmio_alias, *high_mmio_alias, *mmio_reg;
1081     qemu_irq irq;
1082     int i;
1083 
1084     dev = qdev_new(TYPE_GPEX_HOST);
1085 
1086     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
1087 
1088     ecam_alias = g_new0(MemoryRegion, 1);
1089     ecam_reg = sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 0);
1090     memory_region_init_alias(ecam_alias, OBJECT(dev), "pcie-ecam",
1091                              ecam_reg, 0, ecam_size);
1092     memory_region_add_subregion(get_system_memory(), ecam_base, ecam_alias);
1093 
1094     mmio_alias = g_new0(MemoryRegion, 1);
1095     mmio_reg = sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 1);
1096     memory_region_init_alias(mmio_alias, OBJECT(dev), "pcie-mmio",
1097                              mmio_reg, mmio_base, mmio_size);
1098     memory_region_add_subregion(get_system_memory(), mmio_base, mmio_alias);
1099 
1100     /* Map high MMIO space */
1101     high_mmio_alias = g_new0(MemoryRegion, 1);
1102     memory_region_init_alias(high_mmio_alias, OBJECT(dev), "pcie-mmio-high",
1103                              mmio_reg, high_mmio_base, high_mmio_size);
1104     memory_region_add_subregion(get_system_memory(), high_mmio_base,
1105                                 high_mmio_alias);
1106 
1107     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 2, pio_base);
1108 
1109     for (i = 0; i < GPEX_NUM_IRQS; i++) {
1110         irq = qdev_get_gpio_in(irqchip, PCIE_IRQ + i);
1111 
1112         sysbus_connect_irq(SYS_BUS_DEVICE(dev), i, irq);
1113         gpex_set_irq_num(GPEX_HOST(dev), i, PCIE_IRQ + i);
1114     }
1115 
1116     return dev;
1117 }
1118 
1119 static FWCfgState *create_fw_cfg(const MachineState *ms)
1120 {
1121     hwaddr base = virt_memmap[VIRT_FW_CFG].base;
1122     FWCfgState *fw_cfg;
1123 
1124     fw_cfg = fw_cfg_init_mem_wide(base + 8, base, 8, base + 16,
1125                                   &address_space_memory);
1126     fw_cfg_add_i16(fw_cfg, FW_CFG_NB_CPUS, (uint16_t)ms->smp.cpus);
1127 
1128     return fw_cfg;
1129 }
1130 
1131 static DeviceState *virt_create_plic(const MemMapEntry *memmap, int socket,
1132                                      int base_hartid, int hart_count)
1133 {
1134     DeviceState *ret;
1135     char *plic_hart_config;
1136 
1137     /* Per-socket PLIC hart topology configuration string */
1138     plic_hart_config = riscv_plic_hart_config_string(hart_count);
1139 
1140     /* Per-socket PLIC */
1141     ret = sifive_plic_create(
1142             memmap[VIRT_PLIC].base + socket * memmap[VIRT_PLIC].size,
1143             plic_hart_config, hart_count, base_hartid,
1144             VIRT_IRQCHIP_NUM_SOURCES,
1145             ((1U << VIRT_IRQCHIP_NUM_PRIO_BITS) - 1),
1146             VIRT_PLIC_PRIORITY_BASE,
1147             VIRT_PLIC_PENDING_BASE,
1148             VIRT_PLIC_ENABLE_BASE,
1149             VIRT_PLIC_ENABLE_STRIDE,
1150             VIRT_PLIC_CONTEXT_BASE,
1151             VIRT_PLIC_CONTEXT_STRIDE,
1152             memmap[VIRT_PLIC].size);
1153 
1154     g_free(plic_hart_config);
1155 
1156     return ret;
1157 }
1158 
1159 static DeviceState *virt_create_aia(RISCVVirtAIAType aia_type, int aia_guests,
1160                                     const MemMapEntry *memmap, int socket,
1161                                     int base_hartid, int hart_count)
1162 {
1163     int i;
1164     hwaddr addr;
1165     uint32_t guest_bits;
1166     DeviceState *aplic_m;
1167     bool msimode = (aia_type == VIRT_AIA_TYPE_APLIC_IMSIC) ? true : false;
1168 
1169     if (msimode) {
1170         /* Per-socket M-level IMSICs */
1171         addr = memmap[VIRT_IMSIC_M].base + socket * VIRT_IMSIC_GROUP_MAX_SIZE;
1172         for (i = 0; i < hart_count; i++) {
1173             riscv_imsic_create(addr + i * IMSIC_HART_SIZE(0),
1174                                base_hartid + i, true, 1,
1175                                VIRT_IRQCHIP_NUM_MSIS);
1176         }
1177 
1178         /* Per-socket S-level IMSICs */
1179         guest_bits = imsic_num_bits(aia_guests + 1);
1180         addr = memmap[VIRT_IMSIC_S].base + socket * VIRT_IMSIC_GROUP_MAX_SIZE;
1181         for (i = 0; i < hart_count; i++) {
1182             riscv_imsic_create(addr + i * IMSIC_HART_SIZE(guest_bits),
1183                                base_hartid + i, false, 1 + aia_guests,
1184                                VIRT_IRQCHIP_NUM_MSIS);
1185         }
1186     }
1187 
1188     /* Per-socket M-level APLIC */
1189     aplic_m = riscv_aplic_create(
1190         memmap[VIRT_APLIC_M].base + socket * memmap[VIRT_APLIC_M].size,
1191         memmap[VIRT_APLIC_M].size,
1192         (msimode) ? 0 : base_hartid,
1193         (msimode) ? 0 : hart_count,
1194         VIRT_IRQCHIP_NUM_SOURCES,
1195         VIRT_IRQCHIP_NUM_PRIO_BITS,
1196         msimode, true, NULL);
1197 
1198     if (aplic_m) {
1199         /* Per-socket S-level APLIC */
1200         riscv_aplic_create(
1201             memmap[VIRT_APLIC_S].base + socket * memmap[VIRT_APLIC_S].size,
1202             memmap[VIRT_APLIC_S].size,
1203             (msimode) ? 0 : base_hartid,
1204             (msimode) ? 0 : hart_count,
1205             VIRT_IRQCHIP_NUM_SOURCES,
1206             VIRT_IRQCHIP_NUM_PRIO_BITS,
1207             msimode, false, aplic_m);
1208     }
1209 
1210     return aplic_m;
1211 }
1212 
1213 static void create_platform_bus(RISCVVirtState *s, DeviceState *irqchip)
1214 {
1215     DeviceState *dev;
1216     SysBusDevice *sysbus;
1217     const MemMapEntry *memmap = virt_memmap;
1218     int i;
1219     MemoryRegion *sysmem = get_system_memory();
1220 
1221     dev = qdev_new(TYPE_PLATFORM_BUS_DEVICE);
1222     dev->id = g_strdup(TYPE_PLATFORM_BUS_DEVICE);
1223     qdev_prop_set_uint32(dev, "num_irqs", VIRT_PLATFORM_BUS_NUM_IRQS);
1224     qdev_prop_set_uint32(dev, "mmio_size", memmap[VIRT_PLATFORM_BUS].size);
1225     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
1226     s->platform_bus_dev = dev;
1227 
1228     sysbus = SYS_BUS_DEVICE(dev);
1229     for (i = 0; i < VIRT_PLATFORM_BUS_NUM_IRQS; i++) {
1230         int irq = VIRT_PLATFORM_BUS_IRQ + i;
1231         sysbus_connect_irq(sysbus, i, qdev_get_gpio_in(irqchip, irq));
1232     }
1233 
1234     memory_region_add_subregion(sysmem,
1235                                 memmap[VIRT_PLATFORM_BUS].base,
1236                                 sysbus_mmio_get_region(sysbus, 0));
1237 }
1238 
1239 static void virt_machine_done(Notifier *notifier, void *data)
1240 {
1241     RISCVVirtState *s = container_of(notifier, RISCVVirtState,
1242                                      machine_done);
1243     const MemMapEntry *memmap = virt_memmap;
1244     MachineState *machine = MACHINE(s);
1245     target_ulong start_addr = memmap[VIRT_DRAM].base;
1246     target_ulong firmware_end_addr, kernel_start_addr;
1247     const char *firmware_name = riscv_default_firmware_name(&s->soc[0]);
1248     uint64_t fdt_load_addr;
1249     uint64_t kernel_entry = 0;
1250     BlockBackend *pflash_blk0;
1251 
1252     /* load/create device tree */
1253     if (machine->dtb) {
1254         machine->fdt = load_device_tree(machine->dtb, &s->fdt_size);
1255         if (!machine->fdt) {
1256             error_report("load_device_tree() failed");
1257             exit(1);
1258         }
1259     } else {
1260         create_fdt(s, memmap);
1261     }
1262 
1263     /*
1264      * Only direct boot kernel is currently supported for KVM VM,
1265      * so the "-bios" parameter is not supported when KVM is enabled.
1266      */
1267     if (kvm_enabled()) {
1268         if (machine->firmware) {
1269             if (strcmp(machine->firmware, "none")) {
1270                 error_report("Machine mode firmware is not supported in "
1271                              "combination with KVM.");
1272                 exit(1);
1273             }
1274         } else {
1275             machine->firmware = g_strdup("none");
1276         }
1277     }
1278 
1279     firmware_end_addr = riscv_find_and_load_firmware(machine, firmware_name,
1280                                                      start_addr, NULL);
1281 
1282     pflash_blk0 = pflash_cfi01_get_blk(s->flash[0]);
1283     if (pflash_blk0) {
1284         if (machine->firmware && !strcmp(machine->firmware, "none") &&
1285             !kvm_enabled()) {
1286             /*
1287              * Pflash was supplied but bios is none and not KVM guest,
1288              * let's overwrite the address we jump to after reset to
1289              * the base of the flash.
1290              */
1291             start_addr = virt_memmap[VIRT_FLASH].base;
1292         } else {
1293             /*
1294              * Pflash was supplied but either KVM guest or bios is not none.
1295              * In this case, base of the flash would contain S-mode payload.
1296              */
1297             riscv_setup_firmware_boot(machine);
1298             kernel_entry = virt_memmap[VIRT_FLASH].base;
1299         }
1300     }
1301 
1302     if (machine->kernel_filename && !kernel_entry) {
1303         kernel_start_addr = riscv_calc_kernel_start_addr(&s->soc[0],
1304                                                          firmware_end_addr);
1305 
1306         kernel_entry = riscv_load_kernel(machine, &s->soc[0],
1307                                          kernel_start_addr, true, NULL);
1308     }
1309 
1310     fdt_load_addr = riscv_compute_fdt_addr(memmap[VIRT_DRAM].base,
1311                                            memmap[VIRT_DRAM].size,
1312                                            machine);
1313     riscv_load_fdt(fdt_load_addr, machine->fdt);
1314 
1315     /* load the reset vector */
1316     riscv_setup_rom_reset_vec(machine, &s->soc[0], start_addr,
1317                               virt_memmap[VIRT_MROM].base,
1318                               virt_memmap[VIRT_MROM].size, kernel_entry,
1319                               fdt_load_addr);
1320 
1321     /*
1322      * Only direct boot kernel is currently supported for KVM VM,
1323      * So here setup kernel start address and fdt address.
1324      * TODO:Support firmware loading and integrate to TCG start
1325      */
1326     if (kvm_enabled()) {
1327         riscv_setup_direct_kernel(kernel_entry, fdt_load_addr);
1328     }
1329 
1330     if (virt_is_acpi_enabled(s)) {
1331         virt_acpi_setup(s);
1332     }
1333 }
1334 
1335 static void virt_machine_init(MachineState *machine)
1336 {
1337     const MemMapEntry *memmap = virt_memmap;
1338     RISCVVirtState *s = RISCV_VIRT_MACHINE(machine);
1339     MemoryRegion *system_memory = get_system_memory();
1340     MemoryRegion *mask_rom = g_new(MemoryRegion, 1);
1341     char *soc_name;
1342     DeviceState *mmio_irqchip, *virtio_irqchip, *pcie_irqchip;
1343     int i, base_hartid, hart_count;
1344     int socket_count = riscv_socket_count(machine);
1345 
1346     /* Check socket count limit */
1347     if (VIRT_SOCKETS_MAX < socket_count) {
1348         error_report("number of sockets/nodes should be less than %d",
1349             VIRT_SOCKETS_MAX);
1350         exit(1);
1351     }
1352 
1353     if (!tcg_enabled() && s->have_aclint) {
1354         error_report("'aclint' is only available with TCG acceleration");
1355         exit(1);
1356     }
1357 
1358     /* Initialize sockets */
1359     mmio_irqchip = virtio_irqchip = pcie_irqchip = NULL;
1360     for (i = 0; i < socket_count; i++) {
1361         if (!riscv_socket_check_hartids(machine, i)) {
1362             error_report("discontinuous hartids in socket%d", i);
1363             exit(1);
1364         }
1365 
1366         base_hartid = riscv_socket_first_hartid(machine, i);
1367         if (base_hartid < 0) {
1368             error_report("can't find hartid base for socket%d", i);
1369             exit(1);
1370         }
1371 
1372         hart_count = riscv_socket_hart_count(machine, i);
1373         if (hart_count < 0) {
1374             error_report("can't find hart count for socket%d", i);
1375             exit(1);
1376         }
1377 
1378         soc_name = g_strdup_printf("soc%d", i);
1379         object_initialize_child(OBJECT(machine), soc_name, &s->soc[i],
1380                                 TYPE_RISCV_HART_ARRAY);
1381         g_free(soc_name);
1382         object_property_set_str(OBJECT(&s->soc[i]), "cpu-type",
1383                                 machine->cpu_type, &error_abort);
1384         object_property_set_int(OBJECT(&s->soc[i]), "hartid-base",
1385                                 base_hartid, &error_abort);
1386         object_property_set_int(OBJECT(&s->soc[i]), "num-harts",
1387                                 hart_count, &error_abort);
1388         sysbus_realize(SYS_BUS_DEVICE(&s->soc[i]), &error_fatal);
1389 
1390         if (tcg_enabled()) {
1391             if (s->have_aclint) {
1392                 if (s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC) {
1393                     /* Per-socket ACLINT MTIMER */
1394                     riscv_aclint_mtimer_create(memmap[VIRT_CLINT].base +
1395                             i * RISCV_ACLINT_DEFAULT_MTIMER_SIZE,
1396                         RISCV_ACLINT_DEFAULT_MTIMER_SIZE,
1397                         base_hartid, hart_count,
1398                         RISCV_ACLINT_DEFAULT_MTIMECMP,
1399                         RISCV_ACLINT_DEFAULT_MTIME,
1400                         RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ, true);
1401                 } else {
1402                     /* Per-socket ACLINT MSWI, MTIMER, and SSWI */
1403                     riscv_aclint_swi_create(memmap[VIRT_CLINT].base +
1404                             i * memmap[VIRT_CLINT].size,
1405                         base_hartid, hart_count, false);
1406                     riscv_aclint_mtimer_create(memmap[VIRT_CLINT].base +
1407                             i * memmap[VIRT_CLINT].size +
1408                             RISCV_ACLINT_SWI_SIZE,
1409                         RISCV_ACLINT_DEFAULT_MTIMER_SIZE,
1410                         base_hartid, hart_count,
1411                         RISCV_ACLINT_DEFAULT_MTIMECMP,
1412                         RISCV_ACLINT_DEFAULT_MTIME,
1413                         RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ, true);
1414                     riscv_aclint_swi_create(memmap[VIRT_ACLINT_SSWI].base +
1415                             i * memmap[VIRT_ACLINT_SSWI].size,
1416                         base_hartid, hart_count, true);
1417                 }
1418             } else {
1419                 /* Per-socket SiFive CLINT */
1420                 riscv_aclint_swi_create(
1421                     memmap[VIRT_CLINT].base + i * memmap[VIRT_CLINT].size,
1422                     base_hartid, hart_count, false);
1423                 riscv_aclint_mtimer_create(memmap[VIRT_CLINT].base +
1424                         i * memmap[VIRT_CLINT].size + RISCV_ACLINT_SWI_SIZE,
1425                     RISCV_ACLINT_DEFAULT_MTIMER_SIZE, base_hartid, hart_count,
1426                     RISCV_ACLINT_DEFAULT_MTIMECMP, RISCV_ACLINT_DEFAULT_MTIME,
1427                     RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ, true);
1428             }
1429         }
1430 
1431         /* Per-socket interrupt controller */
1432         if (s->aia_type == VIRT_AIA_TYPE_NONE) {
1433             s->irqchip[i] = virt_create_plic(memmap, i,
1434                                              base_hartid, hart_count);
1435         } else {
1436             s->irqchip[i] = virt_create_aia(s->aia_type, s->aia_guests,
1437                                             memmap, i, base_hartid,
1438                                             hart_count);
1439         }
1440 
1441         /* Try to use different IRQCHIP instance based device type */
1442         if (i == 0) {
1443             mmio_irqchip = s->irqchip[i];
1444             virtio_irqchip = s->irqchip[i];
1445             pcie_irqchip = s->irqchip[i];
1446         }
1447         if (i == 1) {
1448             virtio_irqchip = s->irqchip[i];
1449             pcie_irqchip = s->irqchip[i];
1450         }
1451         if (i == 2) {
1452             pcie_irqchip = s->irqchip[i];
1453         }
1454     }
1455 
1456     if (riscv_is_32bit(&s->soc[0])) {
1457 #if HOST_LONG_BITS == 64
1458         /* limit RAM size in a 32-bit system */
1459         if (machine->ram_size > 10 * GiB) {
1460             machine->ram_size = 10 * GiB;
1461             error_report("Limiting RAM size to 10 GiB");
1462         }
1463 #endif
1464         virt_high_pcie_memmap.base = VIRT32_HIGH_PCIE_MMIO_BASE;
1465         virt_high_pcie_memmap.size = VIRT32_HIGH_PCIE_MMIO_SIZE;
1466     } else {
1467         virt_high_pcie_memmap.size = VIRT64_HIGH_PCIE_MMIO_SIZE;
1468         virt_high_pcie_memmap.base = memmap[VIRT_DRAM].base + machine->ram_size;
1469         virt_high_pcie_memmap.base =
1470             ROUND_UP(virt_high_pcie_memmap.base, virt_high_pcie_memmap.size);
1471     }
1472 
1473     s->memmap = virt_memmap;
1474 
1475     /* register system main memory (actual RAM) */
1476     memory_region_add_subregion(system_memory, memmap[VIRT_DRAM].base,
1477         machine->ram);
1478 
1479     /* boot rom */
1480     memory_region_init_rom(mask_rom, NULL, "riscv_virt_board.mrom",
1481                            memmap[VIRT_MROM].size, &error_fatal);
1482     memory_region_add_subregion(system_memory, memmap[VIRT_MROM].base,
1483                                 mask_rom);
1484 
1485     /*
1486      * Init fw_cfg. Must be done before riscv_load_fdt, otherwise the
1487      * device tree cannot be altered and we get FDT_ERR_NOSPACE.
1488      */
1489     s->fw_cfg = create_fw_cfg(machine);
1490     rom_set_fw(s->fw_cfg);
1491 
1492     /* SiFive Test MMIO device */
1493     sifive_test_create(memmap[VIRT_TEST].base);
1494 
1495     /* VirtIO MMIO devices */
1496     for (i = 0; i < VIRTIO_COUNT; i++) {
1497         sysbus_create_simple("virtio-mmio",
1498             memmap[VIRT_VIRTIO].base + i * memmap[VIRT_VIRTIO].size,
1499             qdev_get_gpio_in(virtio_irqchip, VIRTIO_IRQ + i));
1500     }
1501 
1502     gpex_pcie_init(system_memory,
1503                    memmap[VIRT_PCIE_ECAM].base,
1504                    memmap[VIRT_PCIE_ECAM].size,
1505                    memmap[VIRT_PCIE_MMIO].base,
1506                    memmap[VIRT_PCIE_MMIO].size,
1507                    virt_high_pcie_memmap.base,
1508                    virt_high_pcie_memmap.size,
1509                    memmap[VIRT_PCIE_PIO].base,
1510                    pcie_irqchip);
1511 
1512     create_platform_bus(s, mmio_irqchip);
1513 
1514     serial_mm_init(system_memory, memmap[VIRT_UART0].base,
1515         0, qdev_get_gpio_in(mmio_irqchip, UART0_IRQ), 399193,
1516         serial_hd(0), DEVICE_LITTLE_ENDIAN);
1517 
1518     sysbus_create_simple("goldfish_rtc", memmap[VIRT_RTC].base,
1519         qdev_get_gpio_in(mmio_irqchip, RTC_IRQ));
1520 
1521     for (i = 0; i < ARRAY_SIZE(s->flash); i++) {
1522         /* Map legacy -drive if=pflash to machine properties */
1523         pflash_cfi01_legacy_drive(s->flash[i],
1524                                   drive_get(IF_PFLASH, 0, i));
1525     }
1526     virt_flash_map(s, system_memory);
1527 
1528     s->machine_done.notify = virt_machine_done;
1529     qemu_add_machine_init_done_notifier(&s->machine_done);
1530 }
1531 
1532 static void virt_machine_instance_init(Object *obj)
1533 {
1534     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1535 
1536     virt_flash_create(s);
1537 
1538     s->oem_id = g_strndup(ACPI_BUILD_APPNAME6, 6);
1539     s->oem_table_id = g_strndup(ACPI_BUILD_APPNAME8, 8);
1540     s->acpi = ON_OFF_AUTO_AUTO;
1541 }
1542 
1543 static char *virt_get_aia_guests(Object *obj, Error **errp)
1544 {
1545     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1546     char val[32];
1547 
1548     sprintf(val, "%d", s->aia_guests);
1549     return g_strdup(val);
1550 }
1551 
1552 static void virt_set_aia_guests(Object *obj, const char *val, Error **errp)
1553 {
1554     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1555 
1556     s->aia_guests = atoi(val);
1557     if (s->aia_guests < 0 || s->aia_guests > VIRT_IRQCHIP_MAX_GUESTS) {
1558         error_setg(errp, "Invalid number of AIA IMSIC guests");
1559         error_append_hint(errp, "Valid values be between 0 and %d.\n",
1560                           VIRT_IRQCHIP_MAX_GUESTS);
1561     }
1562 }
1563 
1564 static char *virt_get_aia(Object *obj, Error **errp)
1565 {
1566     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1567     const char *val;
1568 
1569     switch (s->aia_type) {
1570     case VIRT_AIA_TYPE_APLIC:
1571         val = "aplic";
1572         break;
1573     case VIRT_AIA_TYPE_APLIC_IMSIC:
1574         val = "aplic-imsic";
1575         break;
1576     default:
1577         val = "none";
1578         break;
1579     };
1580 
1581     return g_strdup(val);
1582 }
1583 
1584 static void virt_set_aia(Object *obj, const char *val, Error **errp)
1585 {
1586     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1587 
1588     if (!strcmp(val, "none")) {
1589         s->aia_type = VIRT_AIA_TYPE_NONE;
1590     } else if (!strcmp(val, "aplic")) {
1591         s->aia_type = VIRT_AIA_TYPE_APLIC;
1592     } else if (!strcmp(val, "aplic-imsic")) {
1593         s->aia_type = VIRT_AIA_TYPE_APLIC_IMSIC;
1594     } else {
1595         error_setg(errp, "Invalid AIA interrupt controller type");
1596         error_append_hint(errp, "Valid values are none, aplic, and "
1597                           "aplic-imsic.\n");
1598     }
1599 }
1600 
1601 static bool virt_get_aclint(Object *obj, Error **errp)
1602 {
1603     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1604 
1605     return s->have_aclint;
1606 }
1607 
1608 static void virt_set_aclint(Object *obj, bool value, Error **errp)
1609 {
1610     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1611 
1612     s->have_aclint = value;
1613 }
1614 
1615 bool virt_is_acpi_enabled(RISCVVirtState *s)
1616 {
1617     return s->acpi != ON_OFF_AUTO_OFF;
1618 }
1619 
1620 static void virt_get_acpi(Object *obj, Visitor *v, const char *name,
1621                           void *opaque, Error **errp)
1622 {
1623     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1624     OnOffAuto acpi = s->acpi;
1625 
1626     visit_type_OnOffAuto(v, name, &acpi, errp);
1627 }
1628 
1629 static void virt_set_acpi(Object *obj, Visitor *v, const char *name,
1630                           void *opaque, Error **errp)
1631 {
1632     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1633 
1634     visit_type_OnOffAuto(v, name, &s->acpi, errp);
1635 }
1636 
1637 static HotplugHandler *virt_machine_get_hotplug_handler(MachineState *machine,
1638                                                         DeviceState *dev)
1639 {
1640     MachineClass *mc = MACHINE_GET_CLASS(machine);
1641 
1642     if (device_is_dynamic_sysbus(mc, dev)) {
1643         return HOTPLUG_HANDLER(machine);
1644     }
1645     return NULL;
1646 }
1647 
1648 static void virt_machine_device_plug_cb(HotplugHandler *hotplug_dev,
1649                                         DeviceState *dev, Error **errp)
1650 {
1651     RISCVVirtState *s = RISCV_VIRT_MACHINE(hotplug_dev);
1652 
1653     if (s->platform_bus_dev) {
1654         MachineClass *mc = MACHINE_GET_CLASS(s);
1655 
1656         if (device_is_dynamic_sysbus(mc, dev)) {
1657             platform_bus_link_device(PLATFORM_BUS_DEVICE(s->platform_bus_dev),
1658                                      SYS_BUS_DEVICE(dev));
1659         }
1660     }
1661 }
1662 
1663 static void virt_machine_class_init(ObjectClass *oc, void *data)
1664 {
1665     char str[128];
1666     MachineClass *mc = MACHINE_CLASS(oc);
1667     HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(oc);
1668 
1669     mc->desc = "RISC-V VirtIO board";
1670     mc->init = virt_machine_init;
1671     mc->max_cpus = VIRT_CPUS_MAX;
1672     mc->default_cpu_type = TYPE_RISCV_CPU_BASE;
1673     mc->pci_allow_0_address = true;
1674     mc->possible_cpu_arch_ids = riscv_numa_possible_cpu_arch_ids;
1675     mc->cpu_index_to_instance_props = riscv_numa_cpu_index_to_props;
1676     mc->get_default_cpu_node_id = riscv_numa_get_default_cpu_node_id;
1677     mc->numa_mem_supported = true;
1678     /* platform instead of architectural choice */
1679     mc->cpu_cluster_has_numa_boundary = true;
1680     mc->default_ram_id = "riscv_virt_board.ram";
1681     assert(!mc->get_hotplug_handler);
1682     mc->get_hotplug_handler = virt_machine_get_hotplug_handler;
1683 
1684     hc->plug = virt_machine_device_plug_cb;
1685 
1686     machine_class_allow_dynamic_sysbus_dev(mc, TYPE_RAMFB_DEVICE);
1687 #ifdef CONFIG_TPM
1688     machine_class_allow_dynamic_sysbus_dev(mc, TYPE_TPM_TIS_SYSBUS);
1689 #endif
1690 
1691 
1692     object_class_property_add_bool(oc, "aclint", virt_get_aclint,
1693                                    virt_set_aclint);
1694     object_class_property_set_description(oc, "aclint",
1695                                           "(TCG only) Set on/off to "
1696                                           "enable/disable emulating "
1697                                           "ACLINT devices");
1698 
1699     object_class_property_add_str(oc, "aia", virt_get_aia,
1700                                   virt_set_aia);
1701     object_class_property_set_description(oc, "aia",
1702                                           "Set type of AIA interrupt "
1703                                           "controller. Valid values are "
1704                                           "none, aplic, and aplic-imsic.");
1705 
1706     object_class_property_add_str(oc, "aia-guests",
1707                                   virt_get_aia_guests,
1708                                   virt_set_aia_guests);
1709     sprintf(str, "Set number of guest MMIO pages for AIA IMSIC. Valid value "
1710                  "should be between 0 and %d.", VIRT_IRQCHIP_MAX_GUESTS);
1711     object_class_property_set_description(oc, "aia-guests", str);
1712     object_class_property_add(oc, "acpi", "OnOffAuto",
1713                               virt_get_acpi, virt_set_acpi,
1714                               NULL, NULL);
1715     object_class_property_set_description(oc, "acpi",
1716                                           "Enable ACPI");
1717 }
1718 
1719 static const TypeInfo virt_machine_typeinfo = {
1720     .name       = MACHINE_TYPE_NAME("virt"),
1721     .parent     = TYPE_MACHINE,
1722     .class_init = virt_machine_class_init,
1723     .instance_init = virt_machine_instance_init,
1724     .instance_size = sizeof(RISCVVirtState),
1725     .interfaces = (InterfaceInfo[]) {
1726          { TYPE_HOTPLUG_HANDLER },
1727          { }
1728     },
1729 };
1730 
1731 static void virt_machine_init_register_types(void)
1732 {
1733     type_register_static(&virt_machine_typeinfo);
1734 }
1735 
1736 type_init(virt_machine_init_register_types)
1737