xref: /openbmc/qemu/hw/riscv/virt.c (revision 8d3031fa)
1 /*
2  * QEMU RISC-V VirtIO Board
3  *
4  * Copyright (c) 2017 SiFive, Inc.
5  *
6  * RISC-V machine with 16550a UART and VirtIO MMIO
7  *
8  * This program is free software; you can redistribute it and/or modify it
9  * under the terms and conditions of the GNU General Public License,
10  * version 2 or later, as published by the Free Software Foundation.
11  *
12  * This program is distributed in the hope it will be useful, but WITHOUT
13  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
15  * more details.
16  *
17  * You should have received a copy of the GNU General Public License along with
18  * this program.  If not, see <http://www.gnu.org/licenses/>.
19  */
20 
21 #include "qemu/osdep.h"
22 #include "qemu/units.h"
23 #include "qemu/error-report.h"
24 #include "qemu/guest-random.h"
25 #include "qapi/error.h"
26 #include "hw/boards.h"
27 #include "hw/loader.h"
28 #include "hw/sysbus.h"
29 #include "hw/qdev-properties.h"
30 #include "hw/char/serial-mm.h"
31 #include "target/riscv/cpu.h"
32 #include "hw/core/sysbus-fdt.h"
33 #include "target/riscv/pmu.h"
34 #include "hw/riscv/riscv_hart.h"
35 #include "hw/riscv/virt.h"
36 #include "hw/riscv/boot.h"
37 #include "hw/riscv/numa.h"
38 #include "kvm/kvm_riscv.h"
39 #include "hw/firmware/smbios.h"
40 #include "hw/intc/riscv_aclint.h"
41 #include "hw/intc/riscv_aplic.h"
42 #include "hw/intc/sifive_plic.h"
43 #include "hw/misc/sifive_test.h"
44 #include "hw/platform-bus.h"
45 #include "chardev/char.h"
46 #include "sysemu/device_tree.h"
47 #include "sysemu/sysemu.h"
48 #include "sysemu/tcg.h"
49 #include "sysemu/kvm.h"
50 #include "sysemu/tpm.h"
51 #include "sysemu/qtest.h"
52 #include "hw/pci/pci.h"
53 #include "hw/pci-host/gpex.h"
54 #include "hw/display/ramfb.h"
55 #include "hw/acpi/aml-build.h"
56 #include "qapi/qapi-visit-common.h"
57 #include "hw/virtio/virtio-iommu.h"
58 
59 /* KVM AIA only supports APLIC MSI. APLIC Wired is always emulated by QEMU. */
60 static bool virt_use_kvm_aia(RISCVVirtState *s)
61 {
62     return kvm_irqchip_in_kernel() && s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC;
63 }
64 
65 static bool virt_aclint_allowed(void)
66 {
67     return tcg_enabled() || qtest_enabled();
68 }
69 
70 static const MemMapEntry virt_memmap[] = {
71     [VIRT_DEBUG] =        {        0x0,         0x100 },
72     [VIRT_MROM] =         {     0x1000,        0xf000 },
73     [VIRT_TEST] =         {   0x100000,        0x1000 },
74     [VIRT_RTC] =          {   0x101000,        0x1000 },
75     [VIRT_CLINT] =        {  0x2000000,       0x10000 },
76     [VIRT_ACLINT_SSWI] =  {  0x2F00000,        0x4000 },
77     [VIRT_PCIE_PIO] =     {  0x3000000,       0x10000 },
78     [VIRT_PLATFORM_BUS] = {  0x4000000,     0x2000000 },
79     [VIRT_PLIC] =         {  0xc000000, VIRT_PLIC_SIZE(VIRT_CPUS_MAX * 2) },
80     [VIRT_APLIC_M] =      {  0xc000000, APLIC_SIZE(VIRT_CPUS_MAX) },
81     [VIRT_APLIC_S] =      {  0xd000000, APLIC_SIZE(VIRT_CPUS_MAX) },
82     [VIRT_UART0] =        { 0x10000000,         0x100 },
83     [VIRT_VIRTIO] =       { 0x10001000,        0x1000 },
84     [VIRT_FW_CFG] =       { 0x10100000,          0x18 },
85     [VIRT_FLASH] =        { 0x20000000,     0x4000000 },
86     [VIRT_IMSIC_M] =      { 0x24000000, VIRT_IMSIC_MAX_SIZE },
87     [VIRT_IMSIC_S] =      { 0x28000000, VIRT_IMSIC_MAX_SIZE },
88     [VIRT_PCIE_ECAM] =    { 0x30000000,    0x10000000 },
89     [VIRT_PCIE_MMIO] =    { 0x40000000,    0x40000000 },
90     [VIRT_DRAM] =         { 0x80000000,           0x0 },
91 };
92 
93 /* PCIe high mmio is fixed for RV32 */
94 #define VIRT32_HIGH_PCIE_MMIO_BASE  0x300000000ULL
95 #define VIRT32_HIGH_PCIE_MMIO_SIZE  (4 * GiB)
96 
97 /* PCIe high mmio for RV64, size is fixed but base depends on top of RAM */
98 #define VIRT64_HIGH_PCIE_MMIO_SIZE  (16 * GiB)
99 
100 static MemMapEntry virt_high_pcie_memmap;
101 
102 #define VIRT_FLASH_SECTOR_SIZE (256 * KiB)
103 
104 static PFlashCFI01 *virt_flash_create1(RISCVVirtState *s,
105                                        const char *name,
106                                        const char *alias_prop_name)
107 {
108     /*
109      * Create a single flash device.  We use the same parameters as
110      * the flash devices on the ARM virt board.
111      */
112     DeviceState *dev = qdev_new(TYPE_PFLASH_CFI01);
113 
114     qdev_prop_set_uint64(dev, "sector-length", VIRT_FLASH_SECTOR_SIZE);
115     qdev_prop_set_uint8(dev, "width", 4);
116     qdev_prop_set_uint8(dev, "device-width", 2);
117     qdev_prop_set_bit(dev, "big-endian", false);
118     qdev_prop_set_uint16(dev, "id0", 0x89);
119     qdev_prop_set_uint16(dev, "id1", 0x18);
120     qdev_prop_set_uint16(dev, "id2", 0x00);
121     qdev_prop_set_uint16(dev, "id3", 0x00);
122     qdev_prop_set_string(dev, "name", name);
123 
124     object_property_add_child(OBJECT(s), name, OBJECT(dev));
125     object_property_add_alias(OBJECT(s), alias_prop_name,
126                               OBJECT(dev), "drive");
127 
128     return PFLASH_CFI01(dev);
129 }
130 
131 static void virt_flash_create(RISCVVirtState *s)
132 {
133     s->flash[0] = virt_flash_create1(s, "virt.flash0", "pflash0");
134     s->flash[1] = virt_flash_create1(s, "virt.flash1", "pflash1");
135 }
136 
137 static void virt_flash_map1(PFlashCFI01 *flash,
138                             hwaddr base, hwaddr size,
139                             MemoryRegion *sysmem)
140 {
141     DeviceState *dev = DEVICE(flash);
142 
143     assert(QEMU_IS_ALIGNED(size, VIRT_FLASH_SECTOR_SIZE));
144     assert(size / VIRT_FLASH_SECTOR_SIZE <= UINT32_MAX);
145     qdev_prop_set_uint32(dev, "num-blocks", size / VIRT_FLASH_SECTOR_SIZE);
146     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
147 
148     memory_region_add_subregion(sysmem, base,
149                                 sysbus_mmio_get_region(SYS_BUS_DEVICE(dev),
150                                                        0));
151 }
152 
153 static void virt_flash_map(RISCVVirtState *s,
154                            MemoryRegion *sysmem)
155 {
156     hwaddr flashsize = virt_memmap[VIRT_FLASH].size / 2;
157     hwaddr flashbase = virt_memmap[VIRT_FLASH].base;
158 
159     virt_flash_map1(s->flash[0], flashbase, flashsize,
160                     sysmem);
161     virt_flash_map1(s->flash[1], flashbase + flashsize, flashsize,
162                     sysmem);
163 }
164 
165 static void create_pcie_irq_map(RISCVVirtState *s, void *fdt, char *nodename,
166                                 uint32_t irqchip_phandle)
167 {
168     int pin, dev;
169     uint32_t irq_map_stride = 0;
170     uint32_t full_irq_map[GPEX_NUM_IRQS * GPEX_NUM_IRQS *
171                           FDT_MAX_INT_MAP_WIDTH] = {};
172     uint32_t *irq_map = full_irq_map;
173 
174     /* This code creates a standard swizzle of interrupts such that
175      * each device's first interrupt is based on it's PCI_SLOT number.
176      * (See pci_swizzle_map_irq_fn())
177      *
178      * We only need one entry per interrupt in the table (not one per
179      * possible slot) seeing the interrupt-map-mask will allow the table
180      * to wrap to any number of devices.
181      */
182     for (dev = 0; dev < GPEX_NUM_IRQS; dev++) {
183         int devfn = dev * 0x8;
184 
185         for (pin = 0; pin < GPEX_NUM_IRQS; pin++) {
186             int irq_nr = PCIE_IRQ + ((pin + PCI_SLOT(devfn)) % GPEX_NUM_IRQS);
187             int i = 0;
188 
189             /* Fill PCI address cells */
190             irq_map[i] = cpu_to_be32(devfn << 8);
191             i += FDT_PCI_ADDR_CELLS;
192 
193             /* Fill PCI Interrupt cells */
194             irq_map[i] = cpu_to_be32(pin + 1);
195             i += FDT_PCI_INT_CELLS;
196 
197             /* Fill interrupt controller phandle and cells */
198             irq_map[i++] = cpu_to_be32(irqchip_phandle);
199             irq_map[i++] = cpu_to_be32(irq_nr);
200             if (s->aia_type != VIRT_AIA_TYPE_NONE) {
201                 irq_map[i++] = cpu_to_be32(0x4);
202             }
203 
204             if (!irq_map_stride) {
205                 irq_map_stride = i;
206             }
207             irq_map += irq_map_stride;
208         }
209     }
210 
211     qemu_fdt_setprop(fdt, nodename, "interrupt-map", full_irq_map,
212                      GPEX_NUM_IRQS * GPEX_NUM_IRQS *
213                      irq_map_stride * sizeof(uint32_t));
214 
215     qemu_fdt_setprop_cells(fdt, nodename, "interrupt-map-mask",
216                            0x1800, 0, 0, 0x7);
217 }
218 
219 static void create_fdt_socket_cpus(RISCVVirtState *s, int socket,
220                                    char *clust_name, uint32_t *phandle,
221                                    uint32_t *intc_phandles)
222 {
223     int cpu;
224     uint32_t cpu_phandle;
225     MachineState *ms = MACHINE(s);
226     bool is_32_bit = riscv_is_32bit(&s->soc[0]);
227     uint8_t satp_mode_max;
228 
229     for (cpu = s->soc[socket].num_harts - 1; cpu >= 0; cpu--) {
230         RISCVCPU *cpu_ptr = &s->soc[socket].harts[cpu];
231         g_autofree char *cpu_name = NULL;
232         g_autofree char *core_name = NULL;
233         g_autofree char *intc_name = NULL;
234         g_autofree char *sv_name = NULL;
235 
236         cpu_phandle = (*phandle)++;
237 
238         cpu_name = g_strdup_printf("/cpus/cpu@%d",
239             s->soc[socket].hartid_base + cpu);
240         qemu_fdt_add_subnode(ms->fdt, cpu_name);
241 
242         if (cpu_ptr->cfg.satp_mode.supported != 0) {
243             satp_mode_max = satp_mode_max_from_map(cpu_ptr->cfg.satp_mode.map);
244             sv_name = g_strdup_printf("riscv,%s",
245                                       satp_mode_str(satp_mode_max, is_32_bit));
246             qemu_fdt_setprop_string(ms->fdt, cpu_name, "mmu-type", sv_name);
247         }
248 
249         riscv_isa_write_fdt(cpu_ptr, ms->fdt, cpu_name);
250 
251         if (cpu_ptr->cfg.ext_zicbom) {
252             qemu_fdt_setprop_cell(ms->fdt, cpu_name, "riscv,cbom-block-size",
253                                   cpu_ptr->cfg.cbom_blocksize);
254         }
255 
256         if (cpu_ptr->cfg.ext_zicboz) {
257             qemu_fdt_setprop_cell(ms->fdt, cpu_name, "riscv,cboz-block-size",
258                                   cpu_ptr->cfg.cboz_blocksize);
259         }
260 
261         if (cpu_ptr->cfg.ext_zicbop) {
262             qemu_fdt_setprop_cell(ms->fdt, cpu_name, "riscv,cbop-block-size",
263                                   cpu_ptr->cfg.cbop_blocksize);
264         }
265 
266         qemu_fdt_setprop_string(ms->fdt, cpu_name, "compatible", "riscv");
267         qemu_fdt_setprop_string(ms->fdt, cpu_name, "status", "okay");
268         qemu_fdt_setprop_cell(ms->fdt, cpu_name, "reg",
269             s->soc[socket].hartid_base + cpu);
270         qemu_fdt_setprop_string(ms->fdt, cpu_name, "device_type", "cpu");
271         riscv_socket_fdt_write_id(ms, cpu_name, socket);
272         qemu_fdt_setprop_cell(ms->fdt, cpu_name, "phandle", cpu_phandle);
273 
274         intc_phandles[cpu] = (*phandle)++;
275 
276         intc_name = g_strdup_printf("%s/interrupt-controller", cpu_name);
277         qemu_fdt_add_subnode(ms->fdt, intc_name);
278         qemu_fdt_setprop_cell(ms->fdt, intc_name, "phandle",
279             intc_phandles[cpu]);
280         qemu_fdt_setprop_string(ms->fdt, intc_name, "compatible",
281             "riscv,cpu-intc");
282         qemu_fdt_setprop(ms->fdt, intc_name, "interrupt-controller", NULL, 0);
283         qemu_fdt_setprop_cell(ms->fdt, intc_name, "#interrupt-cells", 1);
284 
285         core_name = g_strdup_printf("%s/core%d", clust_name, cpu);
286         qemu_fdt_add_subnode(ms->fdt, core_name);
287         qemu_fdt_setprop_cell(ms->fdt, core_name, "cpu", cpu_phandle);
288     }
289 }
290 
291 static void create_fdt_socket_memory(RISCVVirtState *s,
292                                      const MemMapEntry *memmap, int socket)
293 {
294     g_autofree char *mem_name = NULL;
295     uint64_t addr, size;
296     MachineState *ms = MACHINE(s);
297 
298     addr = memmap[VIRT_DRAM].base + riscv_socket_mem_offset(ms, socket);
299     size = riscv_socket_mem_size(ms, socket);
300     mem_name = g_strdup_printf("/memory@%lx", (long)addr);
301     qemu_fdt_add_subnode(ms->fdt, mem_name);
302     qemu_fdt_setprop_cells(ms->fdt, mem_name, "reg",
303         addr >> 32, addr, size >> 32, size);
304     qemu_fdt_setprop_string(ms->fdt, mem_name, "device_type", "memory");
305     riscv_socket_fdt_write_id(ms, mem_name, socket);
306 }
307 
308 static void create_fdt_socket_clint(RISCVVirtState *s,
309                                     const MemMapEntry *memmap, int socket,
310                                     uint32_t *intc_phandles)
311 {
312     int cpu;
313     g_autofree char *clint_name = NULL;
314     g_autofree uint32_t *clint_cells = NULL;
315     unsigned long clint_addr;
316     MachineState *ms = MACHINE(s);
317     static const char * const clint_compat[2] = {
318         "sifive,clint0", "riscv,clint0"
319     };
320 
321     clint_cells = g_new0(uint32_t, s->soc[socket].num_harts * 4);
322 
323     for (cpu = 0; cpu < s->soc[socket].num_harts; cpu++) {
324         clint_cells[cpu * 4 + 0] = cpu_to_be32(intc_phandles[cpu]);
325         clint_cells[cpu * 4 + 1] = cpu_to_be32(IRQ_M_SOFT);
326         clint_cells[cpu * 4 + 2] = cpu_to_be32(intc_phandles[cpu]);
327         clint_cells[cpu * 4 + 3] = cpu_to_be32(IRQ_M_TIMER);
328     }
329 
330     clint_addr = memmap[VIRT_CLINT].base + (memmap[VIRT_CLINT].size * socket);
331     clint_name = g_strdup_printf("/soc/clint@%lx", clint_addr);
332     qemu_fdt_add_subnode(ms->fdt, clint_name);
333     qemu_fdt_setprop_string_array(ms->fdt, clint_name, "compatible",
334                                   (char **)&clint_compat,
335                                   ARRAY_SIZE(clint_compat));
336     qemu_fdt_setprop_cells(ms->fdt, clint_name, "reg",
337         0x0, clint_addr, 0x0, memmap[VIRT_CLINT].size);
338     qemu_fdt_setprop(ms->fdt, clint_name, "interrupts-extended",
339         clint_cells, s->soc[socket].num_harts * sizeof(uint32_t) * 4);
340     riscv_socket_fdt_write_id(ms, clint_name, socket);
341 }
342 
343 static void create_fdt_socket_aclint(RISCVVirtState *s,
344                                      const MemMapEntry *memmap, int socket,
345                                      uint32_t *intc_phandles)
346 {
347     int cpu;
348     char *name;
349     unsigned long addr, size;
350     uint32_t aclint_cells_size;
351     g_autofree uint32_t *aclint_mswi_cells = NULL;
352     g_autofree uint32_t *aclint_sswi_cells = NULL;
353     g_autofree uint32_t *aclint_mtimer_cells = NULL;
354     MachineState *ms = MACHINE(s);
355 
356     aclint_mswi_cells = g_new0(uint32_t, s->soc[socket].num_harts * 2);
357     aclint_mtimer_cells = g_new0(uint32_t, s->soc[socket].num_harts * 2);
358     aclint_sswi_cells = g_new0(uint32_t, s->soc[socket].num_harts * 2);
359 
360     for (cpu = 0; cpu < s->soc[socket].num_harts; cpu++) {
361         aclint_mswi_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
362         aclint_mswi_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_M_SOFT);
363         aclint_mtimer_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
364         aclint_mtimer_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_M_TIMER);
365         aclint_sswi_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
366         aclint_sswi_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_S_SOFT);
367     }
368     aclint_cells_size = s->soc[socket].num_harts * sizeof(uint32_t) * 2;
369 
370     if (s->aia_type != VIRT_AIA_TYPE_APLIC_IMSIC) {
371         addr = memmap[VIRT_CLINT].base + (memmap[VIRT_CLINT].size * socket);
372         name = g_strdup_printf("/soc/mswi@%lx", addr);
373         qemu_fdt_add_subnode(ms->fdt, name);
374         qemu_fdt_setprop_string(ms->fdt, name, "compatible",
375             "riscv,aclint-mswi");
376         qemu_fdt_setprop_cells(ms->fdt, name, "reg",
377             0x0, addr, 0x0, RISCV_ACLINT_SWI_SIZE);
378         qemu_fdt_setprop(ms->fdt, name, "interrupts-extended",
379             aclint_mswi_cells, aclint_cells_size);
380         qemu_fdt_setprop(ms->fdt, name, "interrupt-controller", NULL, 0);
381         qemu_fdt_setprop_cell(ms->fdt, name, "#interrupt-cells", 0);
382         riscv_socket_fdt_write_id(ms, name, socket);
383         g_free(name);
384     }
385 
386     if (s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC) {
387         addr = memmap[VIRT_CLINT].base +
388                (RISCV_ACLINT_DEFAULT_MTIMER_SIZE * socket);
389         size = RISCV_ACLINT_DEFAULT_MTIMER_SIZE;
390     } else {
391         addr = memmap[VIRT_CLINT].base + RISCV_ACLINT_SWI_SIZE +
392             (memmap[VIRT_CLINT].size * socket);
393         size = memmap[VIRT_CLINT].size - RISCV_ACLINT_SWI_SIZE;
394     }
395     name = g_strdup_printf("/soc/mtimer@%lx", addr);
396     qemu_fdt_add_subnode(ms->fdt, name);
397     qemu_fdt_setprop_string(ms->fdt, name, "compatible",
398         "riscv,aclint-mtimer");
399     qemu_fdt_setprop_cells(ms->fdt, name, "reg",
400         0x0, addr + RISCV_ACLINT_DEFAULT_MTIME,
401         0x0, size - RISCV_ACLINT_DEFAULT_MTIME,
402         0x0, addr + RISCV_ACLINT_DEFAULT_MTIMECMP,
403         0x0, RISCV_ACLINT_DEFAULT_MTIME);
404     qemu_fdt_setprop(ms->fdt, name, "interrupts-extended",
405         aclint_mtimer_cells, aclint_cells_size);
406     riscv_socket_fdt_write_id(ms, name, socket);
407     g_free(name);
408 
409     if (s->aia_type != VIRT_AIA_TYPE_APLIC_IMSIC) {
410         addr = memmap[VIRT_ACLINT_SSWI].base +
411             (memmap[VIRT_ACLINT_SSWI].size * socket);
412         name = g_strdup_printf("/soc/sswi@%lx", addr);
413         qemu_fdt_add_subnode(ms->fdt, name);
414         qemu_fdt_setprop_string(ms->fdt, name, "compatible",
415             "riscv,aclint-sswi");
416         qemu_fdt_setprop_cells(ms->fdt, name, "reg",
417             0x0, addr, 0x0, memmap[VIRT_ACLINT_SSWI].size);
418         qemu_fdt_setprop(ms->fdt, name, "interrupts-extended",
419             aclint_sswi_cells, aclint_cells_size);
420         qemu_fdt_setprop(ms->fdt, name, "interrupt-controller", NULL, 0);
421         qemu_fdt_setprop_cell(ms->fdt, name, "#interrupt-cells", 0);
422         riscv_socket_fdt_write_id(ms, name, socket);
423         g_free(name);
424     }
425 }
426 
427 static void create_fdt_socket_plic(RISCVVirtState *s,
428                                    const MemMapEntry *memmap, int socket,
429                                    uint32_t *phandle, uint32_t *intc_phandles,
430                                    uint32_t *plic_phandles)
431 {
432     int cpu;
433     g_autofree char *plic_name = NULL;
434     g_autofree uint32_t *plic_cells;
435     unsigned long plic_addr;
436     MachineState *ms = MACHINE(s);
437     static const char * const plic_compat[2] = {
438         "sifive,plic-1.0.0", "riscv,plic0"
439     };
440 
441     plic_phandles[socket] = (*phandle)++;
442     plic_addr = memmap[VIRT_PLIC].base + (memmap[VIRT_PLIC].size * socket);
443     plic_name = g_strdup_printf("/soc/plic@%lx", plic_addr);
444     qemu_fdt_add_subnode(ms->fdt, plic_name);
445     qemu_fdt_setprop_cell(ms->fdt, plic_name,
446         "#interrupt-cells", FDT_PLIC_INT_CELLS);
447     qemu_fdt_setprop_cell(ms->fdt, plic_name,
448         "#address-cells", FDT_PLIC_ADDR_CELLS);
449     qemu_fdt_setprop_string_array(ms->fdt, plic_name, "compatible",
450                                   (char **)&plic_compat,
451                                   ARRAY_SIZE(plic_compat));
452     qemu_fdt_setprop(ms->fdt, plic_name, "interrupt-controller", NULL, 0);
453 
454     if (kvm_enabled()) {
455         plic_cells = g_new0(uint32_t, s->soc[socket].num_harts * 2);
456 
457         for (cpu = 0; cpu < s->soc[socket].num_harts; cpu++) {
458             plic_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
459             plic_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_S_EXT);
460         }
461 
462         qemu_fdt_setprop(ms->fdt, plic_name, "interrupts-extended",
463                          plic_cells,
464                          s->soc[socket].num_harts * sizeof(uint32_t) * 2);
465    } else {
466         plic_cells = g_new0(uint32_t, s->soc[socket].num_harts * 4);
467 
468         for (cpu = 0; cpu < s->soc[socket].num_harts; cpu++) {
469             plic_cells[cpu * 4 + 0] = cpu_to_be32(intc_phandles[cpu]);
470             plic_cells[cpu * 4 + 1] = cpu_to_be32(IRQ_M_EXT);
471             plic_cells[cpu * 4 + 2] = cpu_to_be32(intc_phandles[cpu]);
472             plic_cells[cpu * 4 + 3] = cpu_to_be32(IRQ_S_EXT);
473         }
474 
475         qemu_fdt_setprop(ms->fdt, plic_name, "interrupts-extended",
476                          plic_cells,
477                          s->soc[socket].num_harts * sizeof(uint32_t) * 4);
478     }
479 
480     qemu_fdt_setprop_cells(ms->fdt, plic_name, "reg",
481         0x0, plic_addr, 0x0, memmap[VIRT_PLIC].size);
482     qemu_fdt_setprop_cell(ms->fdt, plic_name, "riscv,ndev",
483                           VIRT_IRQCHIP_NUM_SOURCES - 1);
484     riscv_socket_fdt_write_id(ms, plic_name, socket);
485     qemu_fdt_setprop_cell(ms->fdt, plic_name, "phandle",
486         plic_phandles[socket]);
487 
488     if (!socket) {
489         platform_bus_add_all_fdt_nodes(ms->fdt, plic_name,
490                                        memmap[VIRT_PLATFORM_BUS].base,
491                                        memmap[VIRT_PLATFORM_BUS].size,
492                                        VIRT_PLATFORM_BUS_IRQ);
493     }
494 }
495 
496 uint32_t imsic_num_bits(uint32_t count)
497 {
498     uint32_t ret = 0;
499 
500     while (BIT(ret) < count) {
501         ret++;
502     }
503 
504     return ret;
505 }
506 
507 static void create_fdt_one_imsic(RISCVVirtState *s, hwaddr base_addr,
508                                  uint32_t *intc_phandles, uint32_t msi_phandle,
509                                  bool m_mode, uint32_t imsic_guest_bits)
510 {
511     int cpu, socket;
512     g_autofree char *imsic_name = NULL;
513     MachineState *ms = MACHINE(s);
514     int socket_count = riscv_socket_count(ms);
515     uint32_t imsic_max_hart_per_socket, imsic_addr, imsic_size;
516     g_autofree uint32_t *imsic_cells = NULL;
517     g_autofree uint32_t *imsic_regs = NULL;
518     static const char * const imsic_compat[2] = {
519         "qemu,imsics", "riscv,imsics"
520     };
521 
522     imsic_cells = g_new0(uint32_t, ms->smp.cpus * 2);
523     imsic_regs = g_new0(uint32_t, socket_count * 4);
524 
525     for (cpu = 0; cpu < ms->smp.cpus; cpu++) {
526         imsic_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
527         imsic_cells[cpu * 2 + 1] = cpu_to_be32(m_mode ? IRQ_M_EXT : IRQ_S_EXT);
528     }
529 
530     imsic_max_hart_per_socket = 0;
531     for (socket = 0; socket < socket_count; socket++) {
532         imsic_addr = base_addr + socket * VIRT_IMSIC_GROUP_MAX_SIZE;
533         imsic_size = IMSIC_HART_SIZE(imsic_guest_bits) *
534                      s->soc[socket].num_harts;
535         imsic_regs[socket * 4 + 0] = 0;
536         imsic_regs[socket * 4 + 1] = cpu_to_be32(imsic_addr);
537         imsic_regs[socket * 4 + 2] = 0;
538         imsic_regs[socket * 4 + 3] = cpu_to_be32(imsic_size);
539         if (imsic_max_hart_per_socket < s->soc[socket].num_harts) {
540             imsic_max_hart_per_socket = s->soc[socket].num_harts;
541         }
542     }
543 
544     imsic_name = g_strdup_printf("/soc/interrupt-controller@%lx",
545                                  (unsigned long)base_addr);
546     qemu_fdt_add_subnode(ms->fdt, imsic_name);
547     qemu_fdt_setprop_string_array(ms->fdt, imsic_name, "compatible",
548                                   (char **)&imsic_compat,
549                                   ARRAY_SIZE(imsic_compat));
550 
551     qemu_fdt_setprop_cell(ms->fdt, imsic_name, "#interrupt-cells",
552                           FDT_IMSIC_INT_CELLS);
553     qemu_fdt_setprop(ms->fdt, imsic_name, "interrupt-controller", NULL, 0);
554     qemu_fdt_setprop(ms->fdt, imsic_name, "msi-controller", NULL, 0);
555     qemu_fdt_setprop(ms->fdt, imsic_name, "interrupts-extended",
556                      imsic_cells, ms->smp.cpus * sizeof(uint32_t) * 2);
557     qemu_fdt_setprop(ms->fdt, imsic_name, "reg", imsic_regs,
558                      socket_count * sizeof(uint32_t) * 4);
559     qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,num-ids",
560                      VIRT_IRQCHIP_NUM_MSIS);
561 
562     if (imsic_guest_bits) {
563         qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,guest-index-bits",
564                               imsic_guest_bits);
565     }
566 
567     if (socket_count > 1) {
568         qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,hart-index-bits",
569                               imsic_num_bits(imsic_max_hart_per_socket));
570         qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,group-index-bits",
571                               imsic_num_bits(socket_count));
572         qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,group-index-shift",
573                               IMSIC_MMIO_GROUP_MIN_SHIFT);
574     }
575     qemu_fdt_setprop_cell(ms->fdt, imsic_name, "phandle", msi_phandle);
576 }
577 
578 static void create_fdt_imsic(RISCVVirtState *s, const MemMapEntry *memmap,
579                              uint32_t *phandle, uint32_t *intc_phandles,
580                              uint32_t *msi_m_phandle, uint32_t *msi_s_phandle)
581 {
582     *msi_m_phandle = (*phandle)++;
583     *msi_s_phandle = (*phandle)++;
584 
585     if (!kvm_enabled()) {
586         /* M-level IMSIC node */
587         create_fdt_one_imsic(s, memmap[VIRT_IMSIC_M].base, intc_phandles,
588                              *msi_m_phandle, true, 0);
589     }
590 
591     /* S-level IMSIC node */
592     create_fdt_one_imsic(s, memmap[VIRT_IMSIC_S].base, intc_phandles,
593                          *msi_s_phandle, false,
594                          imsic_num_bits(s->aia_guests + 1));
595 
596 }
597 
598 /* Caller must free string after use */
599 static char *fdt_get_aplic_nodename(unsigned long aplic_addr)
600 {
601     return g_strdup_printf("/soc/interrupt-controller@%lx", aplic_addr);
602 }
603 
604 static void create_fdt_one_aplic(RISCVVirtState *s, int socket,
605                                  unsigned long aplic_addr, uint32_t aplic_size,
606                                  uint32_t msi_phandle,
607                                  uint32_t *intc_phandles,
608                                  uint32_t aplic_phandle,
609                                  uint32_t aplic_child_phandle,
610                                  bool m_mode, int num_harts)
611 {
612     int cpu;
613     g_autofree char *aplic_name = fdt_get_aplic_nodename(aplic_addr);
614     g_autofree uint32_t *aplic_cells = g_new0(uint32_t, num_harts * 2);
615     MachineState *ms = MACHINE(s);
616     static const char * const aplic_compat[2] = {
617         "qemu,aplic", "riscv,aplic"
618     };
619 
620     for (cpu = 0; cpu < num_harts; cpu++) {
621         aplic_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
622         aplic_cells[cpu * 2 + 1] = cpu_to_be32(m_mode ? IRQ_M_EXT : IRQ_S_EXT);
623     }
624 
625     qemu_fdt_add_subnode(ms->fdt, aplic_name);
626     qemu_fdt_setprop_string_array(ms->fdt, aplic_name, "compatible",
627                                   (char **)&aplic_compat,
628                                   ARRAY_SIZE(aplic_compat));
629     qemu_fdt_setprop_cell(ms->fdt, aplic_name, "#address-cells",
630                           FDT_APLIC_ADDR_CELLS);
631     qemu_fdt_setprop_cell(ms->fdt, aplic_name,
632                           "#interrupt-cells", FDT_APLIC_INT_CELLS);
633     qemu_fdt_setprop(ms->fdt, aplic_name, "interrupt-controller", NULL, 0);
634 
635     if (s->aia_type == VIRT_AIA_TYPE_APLIC) {
636         qemu_fdt_setprop(ms->fdt, aplic_name, "interrupts-extended",
637                          aplic_cells, num_harts * sizeof(uint32_t) * 2);
638     } else {
639         qemu_fdt_setprop_cell(ms->fdt, aplic_name, "msi-parent", msi_phandle);
640     }
641 
642     qemu_fdt_setprop_cells(ms->fdt, aplic_name, "reg",
643                            0x0, aplic_addr, 0x0, aplic_size);
644     qemu_fdt_setprop_cell(ms->fdt, aplic_name, "riscv,num-sources",
645                           VIRT_IRQCHIP_NUM_SOURCES);
646 
647     if (aplic_child_phandle) {
648         qemu_fdt_setprop_cell(ms->fdt, aplic_name, "riscv,children",
649                               aplic_child_phandle);
650         qemu_fdt_setprop_cells(ms->fdt, aplic_name, "riscv,delegation",
651                                aplic_child_phandle, 0x1,
652                                VIRT_IRQCHIP_NUM_SOURCES);
653         /*
654          * DEPRECATED_9.1: Compat property kept temporarily
655          * to allow old firmwares to work with AIA. Do *not*
656          * use 'riscv,delegate' in new code: use
657          * 'riscv,delegation' instead.
658          */
659         qemu_fdt_setprop_cells(ms->fdt, aplic_name, "riscv,delegate",
660                                aplic_child_phandle, 0x1,
661                                VIRT_IRQCHIP_NUM_SOURCES);
662     }
663 
664     riscv_socket_fdt_write_id(ms, aplic_name, socket);
665     qemu_fdt_setprop_cell(ms->fdt, aplic_name, "phandle", aplic_phandle);
666 }
667 
668 static void create_fdt_socket_aplic(RISCVVirtState *s,
669                                     const MemMapEntry *memmap, int socket,
670                                     uint32_t msi_m_phandle,
671                                     uint32_t msi_s_phandle,
672                                     uint32_t *phandle,
673                                     uint32_t *intc_phandles,
674                                     uint32_t *aplic_phandles,
675                                     int num_harts)
676 {
677     unsigned long aplic_addr;
678     MachineState *ms = MACHINE(s);
679     uint32_t aplic_m_phandle, aplic_s_phandle;
680 
681     aplic_m_phandle = (*phandle)++;
682     aplic_s_phandle = (*phandle)++;
683 
684     if (!kvm_enabled()) {
685         /* M-level APLIC node */
686         aplic_addr = memmap[VIRT_APLIC_M].base +
687                      (memmap[VIRT_APLIC_M].size * socket);
688         create_fdt_one_aplic(s, socket, aplic_addr, memmap[VIRT_APLIC_M].size,
689                              msi_m_phandle, intc_phandles,
690                              aplic_m_phandle, aplic_s_phandle,
691                              true, num_harts);
692     }
693 
694     /* S-level APLIC node */
695     aplic_addr = memmap[VIRT_APLIC_S].base +
696                  (memmap[VIRT_APLIC_S].size * socket);
697     create_fdt_one_aplic(s, socket, aplic_addr, memmap[VIRT_APLIC_S].size,
698                          msi_s_phandle, intc_phandles,
699                          aplic_s_phandle, 0,
700                          false, num_harts);
701 
702     if (!socket) {
703         g_autofree char *aplic_name = fdt_get_aplic_nodename(aplic_addr);
704         platform_bus_add_all_fdt_nodes(ms->fdt, aplic_name,
705                                        memmap[VIRT_PLATFORM_BUS].base,
706                                        memmap[VIRT_PLATFORM_BUS].size,
707                                        VIRT_PLATFORM_BUS_IRQ);
708     }
709 
710     aplic_phandles[socket] = aplic_s_phandle;
711 }
712 
713 static void create_fdt_pmu(RISCVVirtState *s)
714 {
715     g_autofree char *pmu_name = g_strdup_printf("/pmu");
716     MachineState *ms = MACHINE(s);
717     RISCVCPU hart = s->soc[0].harts[0];
718 
719     qemu_fdt_add_subnode(ms->fdt, pmu_name);
720     qemu_fdt_setprop_string(ms->fdt, pmu_name, "compatible", "riscv,pmu");
721     riscv_pmu_generate_fdt_node(ms->fdt, hart.pmu_avail_ctrs, pmu_name);
722 }
723 
724 static void create_fdt_sockets(RISCVVirtState *s, const MemMapEntry *memmap,
725                                uint32_t *phandle,
726                                uint32_t *irq_mmio_phandle,
727                                uint32_t *irq_pcie_phandle,
728                                uint32_t *irq_virtio_phandle,
729                                uint32_t *msi_pcie_phandle)
730 {
731     int socket, phandle_pos;
732     MachineState *ms = MACHINE(s);
733     uint32_t msi_m_phandle = 0, msi_s_phandle = 0;
734     uint32_t xplic_phandles[MAX_NODES];
735     g_autofree uint32_t *intc_phandles = NULL;
736     int socket_count = riscv_socket_count(ms);
737 
738     qemu_fdt_add_subnode(ms->fdt, "/cpus");
739     qemu_fdt_setprop_cell(ms->fdt, "/cpus", "timebase-frequency",
740                           kvm_enabled() ?
741                           kvm_riscv_get_timebase_frequency(first_cpu) :
742                           RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ);
743     qemu_fdt_setprop_cell(ms->fdt, "/cpus", "#size-cells", 0x0);
744     qemu_fdt_setprop_cell(ms->fdt, "/cpus", "#address-cells", 0x1);
745     qemu_fdt_add_subnode(ms->fdt, "/cpus/cpu-map");
746 
747     intc_phandles = g_new0(uint32_t, ms->smp.cpus);
748 
749     phandle_pos = ms->smp.cpus;
750     for (socket = (socket_count - 1); socket >= 0; socket--) {
751         g_autofree char *clust_name = NULL;
752         phandle_pos -= s->soc[socket].num_harts;
753 
754         clust_name = g_strdup_printf("/cpus/cpu-map/cluster%d", socket);
755         qemu_fdt_add_subnode(ms->fdt, clust_name);
756 
757         create_fdt_socket_cpus(s, socket, clust_name, phandle,
758                                &intc_phandles[phandle_pos]);
759 
760         create_fdt_socket_memory(s, memmap, socket);
761 
762         if (virt_aclint_allowed() && s->have_aclint) {
763             create_fdt_socket_aclint(s, memmap, socket,
764                                      &intc_phandles[phandle_pos]);
765         } else if (tcg_enabled()) {
766             create_fdt_socket_clint(s, memmap, socket,
767                                     &intc_phandles[phandle_pos]);
768         }
769     }
770 
771     if (s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC) {
772         create_fdt_imsic(s, memmap, phandle, intc_phandles,
773             &msi_m_phandle, &msi_s_phandle);
774         *msi_pcie_phandle = msi_s_phandle;
775     }
776 
777     /* KVM AIA only has one APLIC instance */
778     if (kvm_enabled() && virt_use_kvm_aia(s)) {
779         create_fdt_socket_aplic(s, memmap, 0,
780                                 msi_m_phandle, msi_s_phandle, phandle,
781                                 &intc_phandles[0], xplic_phandles,
782                                 ms->smp.cpus);
783     } else {
784         phandle_pos = ms->smp.cpus;
785         for (socket = (socket_count - 1); socket >= 0; socket--) {
786             phandle_pos -= s->soc[socket].num_harts;
787 
788             if (s->aia_type == VIRT_AIA_TYPE_NONE) {
789                 create_fdt_socket_plic(s, memmap, socket, phandle,
790                                        &intc_phandles[phandle_pos],
791                                        xplic_phandles);
792             } else {
793                 create_fdt_socket_aplic(s, memmap, socket,
794                                         msi_m_phandle, msi_s_phandle, phandle,
795                                         &intc_phandles[phandle_pos],
796                                         xplic_phandles,
797                                         s->soc[socket].num_harts);
798             }
799         }
800     }
801 
802     if (kvm_enabled() && virt_use_kvm_aia(s)) {
803         *irq_mmio_phandle = xplic_phandles[0];
804         *irq_virtio_phandle = xplic_phandles[0];
805         *irq_pcie_phandle = xplic_phandles[0];
806     } else {
807         for (socket = 0; socket < socket_count; socket++) {
808             if (socket == 0) {
809                 *irq_mmio_phandle = xplic_phandles[socket];
810                 *irq_virtio_phandle = xplic_phandles[socket];
811                 *irq_pcie_phandle = xplic_phandles[socket];
812             }
813             if (socket == 1) {
814                 *irq_virtio_phandle = xplic_phandles[socket];
815                 *irq_pcie_phandle = xplic_phandles[socket];
816             }
817             if (socket == 2) {
818                 *irq_pcie_phandle = xplic_phandles[socket];
819             }
820         }
821     }
822 
823     riscv_socket_fdt_write_distance_matrix(ms);
824 }
825 
826 static void create_fdt_virtio(RISCVVirtState *s, const MemMapEntry *memmap,
827                               uint32_t irq_virtio_phandle)
828 {
829     int i;
830     MachineState *ms = MACHINE(s);
831 
832     for (i = 0; i < VIRTIO_COUNT; i++) {
833         g_autofree char *name =  g_strdup_printf("/soc/virtio_mmio@%lx",
834             (long)(memmap[VIRT_VIRTIO].base + i * memmap[VIRT_VIRTIO].size));
835 
836         qemu_fdt_add_subnode(ms->fdt, name);
837         qemu_fdt_setprop_string(ms->fdt, name, "compatible", "virtio,mmio");
838         qemu_fdt_setprop_cells(ms->fdt, name, "reg",
839             0x0, memmap[VIRT_VIRTIO].base + i * memmap[VIRT_VIRTIO].size,
840             0x0, memmap[VIRT_VIRTIO].size);
841         qemu_fdt_setprop_cell(ms->fdt, name, "interrupt-parent",
842             irq_virtio_phandle);
843         if (s->aia_type == VIRT_AIA_TYPE_NONE) {
844             qemu_fdt_setprop_cell(ms->fdt, name, "interrupts",
845                                   VIRTIO_IRQ + i);
846         } else {
847             qemu_fdt_setprop_cells(ms->fdt, name, "interrupts",
848                                    VIRTIO_IRQ + i, 0x4);
849         }
850     }
851 }
852 
853 static void create_fdt_pcie(RISCVVirtState *s, const MemMapEntry *memmap,
854                             uint32_t irq_pcie_phandle,
855                             uint32_t msi_pcie_phandle)
856 {
857     g_autofree char *name = NULL;
858     MachineState *ms = MACHINE(s);
859 
860     name = g_strdup_printf("/soc/pci@%lx",
861         (long) memmap[VIRT_PCIE_ECAM].base);
862     qemu_fdt_setprop_cell(ms->fdt, name, "#address-cells",
863         FDT_PCI_ADDR_CELLS);
864     qemu_fdt_setprop_cell(ms->fdt, name, "#interrupt-cells",
865         FDT_PCI_INT_CELLS);
866     qemu_fdt_setprop_cell(ms->fdt, name, "#size-cells", 0x2);
867     qemu_fdt_setprop_string(ms->fdt, name, "compatible",
868         "pci-host-ecam-generic");
869     qemu_fdt_setprop_string(ms->fdt, name, "device_type", "pci");
870     qemu_fdt_setprop_cell(ms->fdt, name, "linux,pci-domain", 0);
871     qemu_fdt_setprop_cells(ms->fdt, name, "bus-range", 0,
872         memmap[VIRT_PCIE_ECAM].size / PCIE_MMCFG_SIZE_MIN - 1);
873     qemu_fdt_setprop(ms->fdt, name, "dma-coherent", NULL, 0);
874     if (s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC) {
875         qemu_fdt_setprop_cell(ms->fdt, name, "msi-parent", msi_pcie_phandle);
876     }
877     qemu_fdt_setprop_cells(ms->fdt, name, "reg", 0,
878         memmap[VIRT_PCIE_ECAM].base, 0, memmap[VIRT_PCIE_ECAM].size);
879     qemu_fdt_setprop_sized_cells(ms->fdt, name, "ranges",
880         1, FDT_PCI_RANGE_IOPORT, 2, 0,
881         2, memmap[VIRT_PCIE_PIO].base, 2, memmap[VIRT_PCIE_PIO].size,
882         1, FDT_PCI_RANGE_MMIO,
883         2, memmap[VIRT_PCIE_MMIO].base,
884         2, memmap[VIRT_PCIE_MMIO].base, 2, memmap[VIRT_PCIE_MMIO].size,
885         1, FDT_PCI_RANGE_MMIO_64BIT,
886         2, virt_high_pcie_memmap.base,
887         2, virt_high_pcie_memmap.base, 2, virt_high_pcie_memmap.size);
888 
889     create_pcie_irq_map(s, ms->fdt, name, irq_pcie_phandle);
890 }
891 
892 static void create_fdt_reset(RISCVVirtState *s, const MemMapEntry *memmap,
893                              uint32_t *phandle)
894 {
895     char *name;
896     uint32_t test_phandle;
897     MachineState *ms = MACHINE(s);
898 
899     test_phandle = (*phandle)++;
900     name = g_strdup_printf("/soc/test@%lx",
901         (long)memmap[VIRT_TEST].base);
902     qemu_fdt_add_subnode(ms->fdt, name);
903     {
904         static const char * const compat[3] = {
905             "sifive,test1", "sifive,test0", "syscon"
906         };
907         qemu_fdt_setprop_string_array(ms->fdt, name, "compatible",
908                                       (char **)&compat, ARRAY_SIZE(compat));
909     }
910     qemu_fdt_setprop_cells(ms->fdt, name, "reg",
911         0x0, memmap[VIRT_TEST].base, 0x0, memmap[VIRT_TEST].size);
912     qemu_fdt_setprop_cell(ms->fdt, name, "phandle", test_phandle);
913     test_phandle = qemu_fdt_get_phandle(ms->fdt, name);
914     g_free(name);
915 
916     name = g_strdup_printf("/reboot");
917     qemu_fdt_add_subnode(ms->fdt, name);
918     qemu_fdt_setprop_string(ms->fdt, name, "compatible", "syscon-reboot");
919     qemu_fdt_setprop_cell(ms->fdt, name, "regmap", test_phandle);
920     qemu_fdt_setprop_cell(ms->fdt, name, "offset", 0x0);
921     qemu_fdt_setprop_cell(ms->fdt, name, "value", FINISHER_RESET);
922     g_free(name);
923 
924     name = g_strdup_printf("/poweroff");
925     qemu_fdt_add_subnode(ms->fdt, name);
926     qemu_fdt_setprop_string(ms->fdt, name, "compatible", "syscon-poweroff");
927     qemu_fdt_setprop_cell(ms->fdt, name, "regmap", test_phandle);
928     qemu_fdt_setprop_cell(ms->fdt, name, "offset", 0x0);
929     qemu_fdt_setprop_cell(ms->fdt, name, "value", FINISHER_PASS);
930     g_free(name);
931 }
932 
933 static void create_fdt_uart(RISCVVirtState *s, const MemMapEntry *memmap,
934                             uint32_t irq_mmio_phandle)
935 {
936     g_autofree char *name = NULL;
937     MachineState *ms = MACHINE(s);
938 
939     name = g_strdup_printf("/soc/serial@%lx", (long)memmap[VIRT_UART0].base);
940     qemu_fdt_add_subnode(ms->fdt, name);
941     qemu_fdt_setprop_string(ms->fdt, name, "compatible", "ns16550a");
942     qemu_fdt_setprop_cells(ms->fdt, name, "reg",
943         0x0, memmap[VIRT_UART0].base,
944         0x0, memmap[VIRT_UART0].size);
945     qemu_fdt_setprop_cell(ms->fdt, name, "clock-frequency", 3686400);
946     qemu_fdt_setprop_cell(ms->fdt, name, "interrupt-parent", irq_mmio_phandle);
947     if (s->aia_type == VIRT_AIA_TYPE_NONE) {
948         qemu_fdt_setprop_cell(ms->fdt, name, "interrupts", UART0_IRQ);
949     } else {
950         qemu_fdt_setprop_cells(ms->fdt, name, "interrupts", UART0_IRQ, 0x4);
951     }
952 
953     qemu_fdt_setprop_string(ms->fdt, "/chosen", "stdout-path", name);
954 }
955 
956 static void create_fdt_rtc(RISCVVirtState *s, const MemMapEntry *memmap,
957                            uint32_t irq_mmio_phandle)
958 {
959     g_autofree char *name = NULL;
960     MachineState *ms = MACHINE(s);
961 
962     name = g_strdup_printf("/soc/rtc@%lx", (long)memmap[VIRT_RTC].base);
963     qemu_fdt_add_subnode(ms->fdt, name);
964     qemu_fdt_setprop_string(ms->fdt, name, "compatible",
965         "google,goldfish-rtc");
966     qemu_fdt_setprop_cells(ms->fdt, name, "reg",
967         0x0, memmap[VIRT_RTC].base, 0x0, memmap[VIRT_RTC].size);
968     qemu_fdt_setprop_cell(ms->fdt, name, "interrupt-parent",
969         irq_mmio_phandle);
970     if (s->aia_type == VIRT_AIA_TYPE_NONE) {
971         qemu_fdt_setprop_cell(ms->fdt, name, "interrupts", RTC_IRQ);
972     } else {
973         qemu_fdt_setprop_cells(ms->fdt, name, "interrupts", RTC_IRQ, 0x4);
974     }
975 }
976 
977 static void create_fdt_flash(RISCVVirtState *s, const MemMapEntry *memmap)
978 {
979     MachineState *ms = MACHINE(s);
980     hwaddr flashsize = virt_memmap[VIRT_FLASH].size / 2;
981     hwaddr flashbase = virt_memmap[VIRT_FLASH].base;
982     g_autofree char *name = g_strdup_printf("/flash@%" PRIx64, flashbase);
983 
984     qemu_fdt_add_subnode(ms->fdt, name);
985     qemu_fdt_setprop_string(ms->fdt, name, "compatible", "cfi-flash");
986     qemu_fdt_setprop_sized_cells(ms->fdt, name, "reg",
987                                  2, flashbase, 2, flashsize,
988                                  2, flashbase + flashsize, 2, flashsize);
989     qemu_fdt_setprop_cell(ms->fdt, name, "bank-width", 4);
990 }
991 
992 static void create_fdt_fw_cfg(RISCVVirtState *s, const MemMapEntry *memmap)
993 {
994     MachineState *ms = MACHINE(s);
995     hwaddr base = memmap[VIRT_FW_CFG].base;
996     hwaddr size = memmap[VIRT_FW_CFG].size;
997     g_autofree char *nodename = g_strdup_printf("/fw-cfg@%" PRIx64, base);
998 
999     qemu_fdt_add_subnode(ms->fdt, nodename);
1000     qemu_fdt_setprop_string(ms->fdt, nodename,
1001                             "compatible", "qemu,fw-cfg-mmio");
1002     qemu_fdt_setprop_sized_cells(ms->fdt, nodename, "reg",
1003                                  2, base, 2, size);
1004     qemu_fdt_setprop(ms->fdt, nodename, "dma-coherent", NULL, 0);
1005 }
1006 
1007 static void create_fdt_virtio_iommu(RISCVVirtState *s, uint16_t bdf)
1008 {
1009     const char compat[] = "virtio,pci-iommu\0pci1af4,1057";
1010     void *fdt = MACHINE(s)->fdt;
1011     uint32_t iommu_phandle;
1012     g_autofree char *iommu_node = NULL;
1013     g_autofree char *pci_node = NULL;
1014 
1015     pci_node = g_strdup_printf("/soc/pci@%lx",
1016                                (long) virt_memmap[VIRT_PCIE_ECAM].base);
1017     iommu_node = g_strdup_printf("%s/virtio_iommu@%x,%x", pci_node,
1018                                  PCI_SLOT(bdf), PCI_FUNC(bdf));
1019     iommu_phandle = qemu_fdt_alloc_phandle(fdt);
1020 
1021     qemu_fdt_add_subnode(fdt, iommu_node);
1022 
1023     qemu_fdt_setprop(fdt, iommu_node, "compatible", compat, sizeof(compat));
1024     qemu_fdt_setprop_sized_cells(fdt, iommu_node, "reg",
1025                                  1, bdf << 8, 1, 0, 1, 0,
1026                                  1, 0, 1, 0);
1027     qemu_fdt_setprop_cell(fdt, iommu_node, "#iommu-cells", 1);
1028     qemu_fdt_setprop_cell(fdt, iommu_node, "phandle", iommu_phandle);
1029 
1030     qemu_fdt_setprop_cells(fdt, pci_node, "iommu-map",
1031                            0, iommu_phandle, 0, bdf,
1032                            bdf + 1, iommu_phandle, bdf + 1, 0xffff - bdf);
1033 }
1034 
1035 static void finalize_fdt(RISCVVirtState *s)
1036 {
1037     uint32_t phandle = 1, irq_mmio_phandle = 1, msi_pcie_phandle = 1;
1038     uint32_t irq_pcie_phandle = 1, irq_virtio_phandle = 1;
1039 
1040     create_fdt_sockets(s, virt_memmap, &phandle, &irq_mmio_phandle,
1041                        &irq_pcie_phandle, &irq_virtio_phandle,
1042                        &msi_pcie_phandle);
1043 
1044     create_fdt_virtio(s, virt_memmap, irq_virtio_phandle);
1045 
1046     create_fdt_pcie(s, virt_memmap, irq_pcie_phandle, msi_pcie_phandle);
1047 
1048     create_fdt_reset(s, virt_memmap, &phandle);
1049 
1050     create_fdt_uart(s, virt_memmap, irq_mmio_phandle);
1051 
1052     create_fdt_rtc(s, virt_memmap, irq_mmio_phandle);
1053 }
1054 
1055 static void create_fdt(RISCVVirtState *s, const MemMapEntry *memmap)
1056 {
1057     MachineState *ms = MACHINE(s);
1058     uint8_t rng_seed[32];
1059     g_autofree char *name = NULL;
1060 
1061     ms->fdt = create_device_tree(&s->fdt_size);
1062     if (!ms->fdt) {
1063         error_report("create_device_tree() failed");
1064         exit(1);
1065     }
1066 
1067     qemu_fdt_setprop_string(ms->fdt, "/", "model", "riscv-virtio,qemu");
1068     qemu_fdt_setprop_string(ms->fdt, "/", "compatible", "riscv-virtio");
1069     qemu_fdt_setprop_cell(ms->fdt, "/", "#size-cells", 0x2);
1070     qemu_fdt_setprop_cell(ms->fdt, "/", "#address-cells", 0x2);
1071 
1072     qemu_fdt_add_subnode(ms->fdt, "/soc");
1073     qemu_fdt_setprop(ms->fdt, "/soc", "ranges", NULL, 0);
1074     qemu_fdt_setprop_string(ms->fdt, "/soc", "compatible", "simple-bus");
1075     qemu_fdt_setprop_cell(ms->fdt, "/soc", "#size-cells", 0x2);
1076     qemu_fdt_setprop_cell(ms->fdt, "/soc", "#address-cells", 0x2);
1077 
1078     /*
1079      * The "/soc/pci@..." node is needed for PCIE hotplugs
1080      * that might happen before finalize_fdt().
1081      */
1082     name = g_strdup_printf("/soc/pci@%lx", (long) memmap[VIRT_PCIE_ECAM].base);
1083     qemu_fdt_add_subnode(ms->fdt, name);
1084 
1085     qemu_fdt_add_subnode(ms->fdt, "/chosen");
1086 
1087     /* Pass seed to RNG */
1088     qemu_guest_getrandom_nofail(rng_seed, sizeof(rng_seed));
1089     qemu_fdt_setprop(ms->fdt, "/chosen", "rng-seed",
1090                      rng_seed, sizeof(rng_seed));
1091 
1092     create_fdt_flash(s, memmap);
1093     create_fdt_fw_cfg(s, memmap);
1094     create_fdt_pmu(s);
1095 }
1096 
1097 static inline DeviceState *gpex_pcie_init(MemoryRegion *sys_mem,
1098                                           DeviceState *irqchip,
1099                                           RISCVVirtState *s)
1100 {
1101     DeviceState *dev;
1102     MemoryRegion *ecam_alias, *ecam_reg;
1103     MemoryRegion *mmio_alias, *high_mmio_alias, *mmio_reg;
1104     hwaddr ecam_base = s->memmap[VIRT_PCIE_ECAM].base;
1105     hwaddr ecam_size = s->memmap[VIRT_PCIE_ECAM].size;
1106     hwaddr mmio_base = s->memmap[VIRT_PCIE_MMIO].base;
1107     hwaddr mmio_size = s->memmap[VIRT_PCIE_MMIO].size;
1108     hwaddr high_mmio_base = virt_high_pcie_memmap.base;
1109     hwaddr high_mmio_size = virt_high_pcie_memmap.size;
1110     hwaddr pio_base = s->memmap[VIRT_PCIE_PIO].base;
1111     hwaddr pio_size = s->memmap[VIRT_PCIE_PIO].size;
1112     qemu_irq irq;
1113     int i;
1114 
1115     dev = qdev_new(TYPE_GPEX_HOST);
1116 
1117     /* Set GPEX object properties for the virt machine */
1118     object_property_set_uint(OBJECT(GPEX_HOST(dev)), PCI_HOST_ECAM_BASE,
1119                             ecam_base, NULL);
1120     object_property_set_int(OBJECT(GPEX_HOST(dev)), PCI_HOST_ECAM_SIZE,
1121                             ecam_size, NULL);
1122     object_property_set_uint(OBJECT(GPEX_HOST(dev)),
1123                              PCI_HOST_BELOW_4G_MMIO_BASE,
1124                              mmio_base, NULL);
1125     object_property_set_int(OBJECT(GPEX_HOST(dev)), PCI_HOST_BELOW_4G_MMIO_SIZE,
1126                             mmio_size, NULL);
1127     object_property_set_uint(OBJECT(GPEX_HOST(dev)),
1128                              PCI_HOST_ABOVE_4G_MMIO_BASE,
1129                              high_mmio_base, NULL);
1130     object_property_set_int(OBJECT(GPEX_HOST(dev)), PCI_HOST_ABOVE_4G_MMIO_SIZE,
1131                             high_mmio_size, NULL);
1132     object_property_set_uint(OBJECT(GPEX_HOST(dev)), PCI_HOST_PIO_BASE,
1133                             pio_base, NULL);
1134     object_property_set_int(OBJECT(GPEX_HOST(dev)), PCI_HOST_PIO_SIZE,
1135                             pio_size, NULL);
1136 
1137     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
1138 
1139     ecam_alias = g_new0(MemoryRegion, 1);
1140     ecam_reg = sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 0);
1141     memory_region_init_alias(ecam_alias, OBJECT(dev), "pcie-ecam",
1142                              ecam_reg, 0, ecam_size);
1143     memory_region_add_subregion(get_system_memory(), ecam_base, ecam_alias);
1144 
1145     mmio_alias = g_new0(MemoryRegion, 1);
1146     mmio_reg = sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 1);
1147     memory_region_init_alias(mmio_alias, OBJECT(dev), "pcie-mmio",
1148                              mmio_reg, mmio_base, mmio_size);
1149     memory_region_add_subregion(get_system_memory(), mmio_base, mmio_alias);
1150 
1151     /* Map high MMIO space */
1152     high_mmio_alias = g_new0(MemoryRegion, 1);
1153     memory_region_init_alias(high_mmio_alias, OBJECT(dev), "pcie-mmio-high",
1154                              mmio_reg, high_mmio_base, high_mmio_size);
1155     memory_region_add_subregion(get_system_memory(), high_mmio_base,
1156                                 high_mmio_alias);
1157 
1158     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 2, pio_base);
1159 
1160     for (i = 0; i < GPEX_NUM_IRQS; i++) {
1161         irq = qdev_get_gpio_in(irqchip, PCIE_IRQ + i);
1162 
1163         sysbus_connect_irq(SYS_BUS_DEVICE(dev), i, irq);
1164         gpex_set_irq_num(GPEX_HOST(dev), i, PCIE_IRQ + i);
1165     }
1166 
1167     GPEX_HOST(dev)->gpex_cfg.bus = PCI_HOST_BRIDGE(GPEX_HOST(dev))->bus;
1168     return dev;
1169 }
1170 
1171 static FWCfgState *create_fw_cfg(const MachineState *ms)
1172 {
1173     hwaddr base = virt_memmap[VIRT_FW_CFG].base;
1174     FWCfgState *fw_cfg;
1175 
1176     fw_cfg = fw_cfg_init_mem_wide(base + 8, base, 8, base + 16,
1177                                   &address_space_memory);
1178     fw_cfg_add_i16(fw_cfg, FW_CFG_NB_CPUS, (uint16_t)ms->smp.cpus);
1179 
1180     return fw_cfg;
1181 }
1182 
1183 static DeviceState *virt_create_plic(const MemMapEntry *memmap, int socket,
1184                                      int base_hartid, int hart_count)
1185 {
1186     DeviceState *ret;
1187     g_autofree char *plic_hart_config = NULL;
1188 
1189     /* Per-socket PLIC hart topology configuration string */
1190     plic_hart_config = riscv_plic_hart_config_string(hart_count);
1191 
1192     /* Per-socket PLIC */
1193     ret = sifive_plic_create(
1194             memmap[VIRT_PLIC].base + socket * memmap[VIRT_PLIC].size,
1195             plic_hart_config, hart_count, base_hartid,
1196             VIRT_IRQCHIP_NUM_SOURCES,
1197             ((1U << VIRT_IRQCHIP_NUM_PRIO_BITS) - 1),
1198             VIRT_PLIC_PRIORITY_BASE,
1199             VIRT_PLIC_PENDING_BASE,
1200             VIRT_PLIC_ENABLE_BASE,
1201             VIRT_PLIC_ENABLE_STRIDE,
1202             VIRT_PLIC_CONTEXT_BASE,
1203             VIRT_PLIC_CONTEXT_STRIDE,
1204             memmap[VIRT_PLIC].size);
1205 
1206     return ret;
1207 }
1208 
1209 static DeviceState *virt_create_aia(RISCVVirtAIAType aia_type, int aia_guests,
1210                                     const MemMapEntry *memmap, int socket,
1211                                     int base_hartid, int hart_count)
1212 {
1213     int i;
1214     hwaddr addr;
1215     uint32_t guest_bits;
1216     DeviceState *aplic_s = NULL;
1217     DeviceState *aplic_m = NULL;
1218     bool msimode = aia_type == VIRT_AIA_TYPE_APLIC_IMSIC;
1219 
1220     if (msimode) {
1221         if (!kvm_enabled()) {
1222             /* Per-socket M-level IMSICs */
1223             addr = memmap[VIRT_IMSIC_M].base +
1224                    socket * VIRT_IMSIC_GROUP_MAX_SIZE;
1225             for (i = 0; i < hart_count; i++) {
1226                 riscv_imsic_create(addr + i * IMSIC_HART_SIZE(0),
1227                                    base_hartid + i, true, 1,
1228                                    VIRT_IRQCHIP_NUM_MSIS);
1229             }
1230         }
1231 
1232         /* Per-socket S-level IMSICs */
1233         guest_bits = imsic_num_bits(aia_guests + 1);
1234         addr = memmap[VIRT_IMSIC_S].base + socket * VIRT_IMSIC_GROUP_MAX_SIZE;
1235         for (i = 0; i < hart_count; i++) {
1236             riscv_imsic_create(addr + i * IMSIC_HART_SIZE(guest_bits),
1237                                base_hartid + i, false, 1 + aia_guests,
1238                                VIRT_IRQCHIP_NUM_MSIS);
1239         }
1240     }
1241 
1242     if (!kvm_enabled()) {
1243         /* Per-socket M-level APLIC */
1244         aplic_m = riscv_aplic_create(memmap[VIRT_APLIC_M].base +
1245                                      socket * memmap[VIRT_APLIC_M].size,
1246                                      memmap[VIRT_APLIC_M].size,
1247                                      (msimode) ? 0 : base_hartid,
1248                                      (msimode) ? 0 : hart_count,
1249                                      VIRT_IRQCHIP_NUM_SOURCES,
1250                                      VIRT_IRQCHIP_NUM_PRIO_BITS,
1251                                      msimode, true, NULL);
1252     }
1253 
1254     /* Per-socket S-level APLIC */
1255     aplic_s = riscv_aplic_create(memmap[VIRT_APLIC_S].base +
1256                                  socket * memmap[VIRT_APLIC_S].size,
1257                                  memmap[VIRT_APLIC_S].size,
1258                                  (msimode) ? 0 : base_hartid,
1259                                  (msimode) ? 0 : hart_count,
1260                                  VIRT_IRQCHIP_NUM_SOURCES,
1261                                  VIRT_IRQCHIP_NUM_PRIO_BITS,
1262                                  msimode, false, aplic_m);
1263 
1264     return kvm_enabled() ? aplic_s : aplic_m;
1265 }
1266 
1267 static void create_platform_bus(RISCVVirtState *s, DeviceState *irqchip)
1268 {
1269     DeviceState *dev;
1270     SysBusDevice *sysbus;
1271     const MemMapEntry *memmap = virt_memmap;
1272     int i;
1273     MemoryRegion *sysmem = get_system_memory();
1274 
1275     dev = qdev_new(TYPE_PLATFORM_BUS_DEVICE);
1276     dev->id = g_strdup(TYPE_PLATFORM_BUS_DEVICE);
1277     qdev_prop_set_uint32(dev, "num_irqs", VIRT_PLATFORM_BUS_NUM_IRQS);
1278     qdev_prop_set_uint32(dev, "mmio_size", memmap[VIRT_PLATFORM_BUS].size);
1279     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
1280     s->platform_bus_dev = dev;
1281 
1282     sysbus = SYS_BUS_DEVICE(dev);
1283     for (i = 0; i < VIRT_PLATFORM_BUS_NUM_IRQS; i++) {
1284         int irq = VIRT_PLATFORM_BUS_IRQ + i;
1285         sysbus_connect_irq(sysbus, i, qdev_get_gpio_in(irqchip, irq));
1286     }
1287 
1288     memory_region_add_subregion(sysmem,
1289                                 memmap[VIRT_PLATFORM_BUS].base,
1290                                 sysbus_mmio_get_region(sysbus, 0));
1291 }
1292 
1293 static void virt_build_smbios(RISCVVirtState *s)
1294 {
1295     MachineClass *mc = MACHINE_GET_CLASS(s);
1296     MachineState *ms = MACHINE(s);
1297     uint8_t *smbios_tables, *smbios_anchor;
1298     size_t smbios_tables_len, smbios_anchor_len;
1299     struct smbios_phys_mem_area mem_array;
1300     const char *product = "QEMU Virtual Machine";
1301 
1302     if (kvm_enabled()) {
1303         product = "KVM Virtual Machine";
1304     }
1305 
1306     smbios_set_defaults("QEMU", product, mc->name);
1307 
1308     if (riscv_is_32bit(&s->soc[0])) {
1309         smbios_set_default_processor_family(0x200);
1310     } else {
1311         smbios_set_default_processor_family(0x201);
1312     }
1313 
1314     /* build the array of physical mem area from base_memmap */
1315     mem_array.address = s->memmap[VIRT_DRAM].base;
1316     mem_array.length = ms->ram_size;
1317 
1318     smbios_get_tables(ms, SMBIOS_ENTRY_POINT_TYPE_64,
1319                       &mem_array, 1,
1320                       &smbios_tables, &smbios_tables_len,
1321                       &smbios_anchor, &smbios_anchor_len,
1322                       &error_fatal);
1323 
1324     if (smbios_anchor) {
1325         fw_cfg_add_file(s->fw_cfg, "etc/smbios/smbios-tables",
1326                         smbios_tables, smbios_tables_len);
1327         fw_cfg_add_file(s->fw_cfg, "etc/smbios/smbios-anchor",
1328                         smbios_anchor, smbios_anchor_len);
1329     }
1330 }
1331 
1332 static void virt_machine_done(Notifier *notifier, void *data)
1333 {
1334     RISCVVirtState *s = container_of(notifier, RISCVVirtState,
1335                                      machine_done);
1336     const MemMapEntry *memmap = virt_memmap;
1337     MachineState *machine = MACHINE(s);
1338     hwaddr start_addr = memmap[VIRT_DRAM].base;
1339     target_ulong firmware_end_addr, kernel_start_addr;
1340     const char *firmware_name = riscv_default_firmware_name(&s->soc[0]);
1341     uint64_t fdt_load_addr;
1342     uint64_t kernel_entry = 0;
1343     BlockBackend *pflash_blk0;
1344 
1345     /*
1346      * An user provided dtb must include everything, including
1347      * dynamic sysbus devices. Our FDT needs to be finalized.
1348      */
1349     if (machine->dtb == NULL) {
1350         finalize_fdt(s);
1351     }
1352 
1353     /*
1354      * Only direct boot kernel is currently supported for KVM VM,
1355      * so the "-bios" parameter is not supported when KVM is enabled.
1356      */
1357     if (kvm_enabled()) {
1358         if (machine->firmware) {
1359             if (strcmp(machine->firmware, "none")) {
1360                 error_report("Machine mode firmware is not supported in "
1361                              "combination with KVM.");
1362                 exit(1);
1363             }
1364         } else {
1365             machine->firmware = g_strdup("none");
1366         }
1367     }
1368 
1369     firmware_end_addr = riscv_find_and_load_firmware(machine, firmware_name,
1370                                                      &start_addr, NULL);
1371 
1372     pflash_blk0 = pflash_cfi01_get_blk(s->flash[0]);
1373     if (pflash_blk0) {
1374         if (machine->firmware && !strcmp(machine->firmware, "none") &&
1375             !kvm_enabled()) {
1376             /*
1377              * Pflash was supplied but bios is none and not KVM guest,
1378              * let's overwrite the address we jump to after reset to
1379              * the base of the flash.
1380              */
1381             start_addr = virt_memmap[VIRT_FLASH].base;
1382         } else {
1383             /*
1384              * Pflash was supplied but either KVM guest or bios is not none.
1385              * In this case, base of the flash would contain S-mode payload.
1386              */
1387             riscv_setup_firmware_boot(machine);
1388             kernel_entry = virt_memmap[VIRT_FLASH].base;
1389         }
1390     }
1391 
1392     if (machine->kernel_filename && !kernel_entry) {
1393         kernel_start_addr = riscv_calc_kernel_start_addr(&s->soc[0],
1394                                                          firmware_end_addr);
1395 
1396         kernel_entry = riscv_load_kernel(machine, &s->soc[0],
1397                                          kernel_start_addr, true, NULL);
1398     }
1399 
1400     fdt_load_addr = riscv_compute_fdt_addr(memmap[VIRT_DRAM].base,
1401                                            memmap[VIRT_DRAM].size,
1402                                            machine);
1403     riscv_load_fdt(fdt_load_addr, machine->fdt);
1404 
1405     /* load the reset vector */
1406     riscv_setup_rom_reset_vec(machine, &s->soc[0], start_addr,
1407                               virt_memmap[VIRT_MROM].base,
1408                               virt_memmap[VIRT_MROM].size, kernel_entry,
1409                               fdt_load_addr);
1410 
1411     /*
1412      * Only direct boot kernel is currently supported for KVM VM,
1413      * So here setup kernel start address and fdt address.
1414      * TODO:Support firmware loading and integrate to TCG start
1415      */
1416     if (kvm_enabled()) {
1417         riscv_setup_direct_kernel(kernel_entry, fdt_load_addr);
1418     }
1419 
1420     virt_build_smbios(s);
1421 
1422     if (virt_is_acpi_enabled(s)) {
1423         virt_acpi_setup(s);
1424     }
1425 }
1426 
1427 static void virt_machine_init(MachineState *machine)
1428 {
1429     const MemMapEntry *memmap = virt_memmap;
1430     RISCVVirtState *s = RISCV_VIRT_MACHINE(machine);
1431     MemoryRegion *system_memory = get_system_memory();
1432     MemoryRegion *mask_rom = g_new(MemoryRegion, 1);
1433     DeviceState *mmio_irqchip, *virtio_irqchip, *pcie_irqchip;
1434     int i, base_hartid, hart_count;
1435     int socket_count = riscv_socket_count(machine);
1436 
1437     /* Check socket count limit */
1438     if (VIRT_SOCKETS_MAX < socket_count) {
1439         error_report("number of sockets/nodes should be less than %d",
1440             VIRT_SOCKETS_MAX);
1441         exit(1);
1442     }
1443 
1444     if (!virt_aclint_allowed() && s->have_aclint) {
1445         error_report("'aclint' is only available with TCG acceleration");
1446         exit(1);
1447     }
1448 
1449     /* Initialize sockets */
1450     mmio_irqchip = virtio_irqchip = pcie_irqchip = NULL;
1451     for (i = 0; i < socket_count; i++) {
1452         g_autofree char *soc_name = g_strdup_printf("soc%d", i);
1453 
1454         if (!riscv_socket_check_hartids(machine, i)) {
1455             error_report("discontinuous hartids in socket%d", i);
1456             exit(1);
1457         }
1458 
1459         base_hartid = riscv_socket_first_hartid(machine, i);
1460         if (base_hartid < 0) {
1461             error_report("can't find hartid base for socket%d", i);
1462             exit(1);
1463         }
1464 
1465         hart_count = riscv_socket_hart_count(machine, i);
1466         if (hart_count < 0) {
1467             error_report("can't find hart count for socket%d", i);
1468             exit(1);
1469         }
1470 
1471         object_initialize_child(OBJECT(machine), soc_name, &s->soc[i],
1472                                 TYPE_RISCV_HART_ARRAY);
1473         object_property_set_str(OBJECT(&s->soc[i]), "cpu-type",
1474                                 machine->cpu_type, &error_abort);
1475         object_property_set_int(OBJECT(&s->soc[i]), "hartid-base",
1476                                 base_hartid, &error_abort);
1477         object_property_set_int(OBJECT(&s->soc[i]), "num-harts",
1478                                 hart_count, &error_abort);
1479         sysbus_realize(SYS_BUS_DEVICE(&s->soc[i]), &error_fatal);
1480 
1481         if (virt_aclint_allowed() && s->have_aclint) {
1482             if (s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC) {
1483                 /* Per-socket ACLINT MTIMER */
1484                 riscv_aclint_mtimer_create(memmap[VIRT_CLINT].base +
1485                             i * RISCV_ACLINT_DEFAULT_MTIMER_SIZE,
1486                         RISCV_ACLINT_DEFAULT_MTIMER_SIZE,
1487                         base_hartid, hart_count,
1488                         RISCV_ACLINT_DEFAULT_MTIMECMP,
1489                         RISCV_ACLINT_DEFAULT_MTIME,
1490                         RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ, true);
1491             } else {
1492                 /* Per-socket ACLINT MSWI, MTIMER, and SSWI */
1493                 riscv_aclint_swi_create(memmap[VIRT_CLINT].base +
1494                             i * memmap[VIRT_CLINT].size,
1495                         base_hartid, hart_count, false);
1496                 riscv_aclint_mtimer_create(memmap[VIRT_CLINT].base +
1497                             i * memmap[VIRT_CLINT].size +
1498                             RISCV_ACLINT_SWI_SIZE,
1499                         RISCV_ACLINT_DEFAULT_MTIMER_SIZE,
1500                         base_hartid, hart_count,
1501                         RISCV_ACLINT_DEFAULT_MTIMECMP,
1502                         RISCV_ACLINT_DEFAULT_MTIME,
1503                         RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ, true);
1504                 riscv_aclint_swi_create(memmap[VIRT_ACLINT_SSWI].base +
1505                             i * memmap[VIRT_ACLINT_SSWI].size,
1506                         base_hartid, hart_count, true);
1507             }
1508         } else if (tcg_enabled()) {
1509             /* Per-socket SiFive CLINT */
1510             riscv_aclint_swi_create(
1511                     memmap[VIRT_CLINT].base + i * memmap[VIRT_CLINT].size,
1512                     base_hartid, hart_count, false);
1513             riscv_aclint_mtimer_create(memmap[VIRT_CLINT].base +
1514                         i * memmap[VIRT_CLINT].size + RISCV_ACLINT_SWI_SIZE,
1515                     RISCV_ACLINT_DEFAULT_MTIMER_SIZE, base_hartid, hart_count,
1516                     RISCV_ACLINT_DEFAULT_MTIMECMP, RISCV_ACLINT_DEFAULT_MTIME,
1517                     RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ, true);
1518         }
1519 
1520         /* Per-socket interrupt controller */
1521         if (s->aia_type == VIRT_AIA_TYPE_NONE) {
1522             s->irqchip[i] = virt_create_plic(memmap, i,
1523                                              base_hartid, hart_count);
1524         } else {
1525             s->irqchip[i] = virt_create_aia(s->aia_type, s->aia_guests,
1526                                             memmap, i, base_hartid,
1527                                             hart_count);
1528         }
1529 
1530         /* Try to use different IRQCHIP instance based device type */
1531         if (i == 0) {
1532             mmio_irqchip = s->irqchip[i];
1533             virtio_irqchip = s->irqchip[i];
1534             pcie_irqchip = s->irqchip[i];
1535         }
1536         if (i == 1) {
1537             virtio_irqchip = s->irqchip[i];
1538             pcie_irqchip = s->irqchip[i];
1539         }
1540         if (i == 2) {
1541             pcie_irqchip = s->irqchip[i];
1542         }
1543     }
1544 
1545     if (kvm_enabled() && virt_use_kvm_aia(s)) {
1546         kvm_riscv_aia_create(machine, IMSIC_MMIO_GROUP_MIN_SHIFT,
1547                              VIRT_IRQCHIP_NUM_SOURCES, VIRT_IRQCHIP_NUM_MSIS,
1548                              memmap[VIRT_APLIC_S].base,
1549                              memmap[VIRT_IMSIC_S].base,
1550                              s->aia_guests);
1551     }
1552 
1553     if (riscv_is_32bit(&s->soc[0])) {
1554 #if HOST_LONG_BITS == 64
1555         /* limit RAM size in a 32-bit system */
1556         if (machine->ram_size > 10 * GiB) {
1557             machine->ram_size = 10 * GiB;
1558             error_report("Limiting RAM size to 10 GiB");
1559         }
1560 #endif
1561         virt_high_pcie_memmap.base = VIRT32_HIGH_PCIE_MMIO_BASE;
1562         virt_high_pcie_memmap.size = VIRT32_HIGH_PCIE_MMIO_SIZE;
1563     } else {
1564         virt_high_pcie_memmap.size = VIRT64_HIGH_PCIE_MMIO_SIZE;
1565         virt_high_pcie_memmap.base = memmap[VIRT_DRAM].base + machine->ram_size;
1566         virt_high_pcie_memmap.base =
1567             ROUND_UP(virt_high_pcie_memmap.base, virt_high_pcie_memmap.size);
1568     }
1569 
1570     s->memmap = virt_memmap;
1571 
1572     /* register system main memory (actual RAM) */
1573     memory_region_add_subregion(system_memory, memmap[VIRT_DRAM].base,
1574         machine->ram);
1575 
1576     /* boot rom */
1577     memory_region_init_rom(mask_rom, NULL, "riscv_virt_board.mrom",
1578                            memmap[VIRT_MROM].size, &error_fatal);
1579     memory_region_add_subregion(system_memory, memmap[VIRT_MROM].base,
1580                                 mask_rom);
1581 
1582     /*
1583      * Init fw_cfg. Must be done before riscv_load_fdt, otherwise the
1584      * device tree cannot be altered and we get FDT_ERR_NOSPACE.
1585      */
1586     s->fw_cfg = create_fw_cfg(machine);
1587     rom_set_fw(s->fw_cfg);
1588 
1589     /* SiFive Test MMIO device */
1590     sifive_test_create(memmap[VIRT_TEST].base);
1591 
1592     /* VirtIO MMIO devices */
1593     for (i = 0; i < VIRTIO_COUNT; i++) {
1594         sysbus_create_simple("virtio-mmio",
1595             memmap[VIRT_VIRTIO].base + i * memmap[VIRT_VIRTIO].size,
1596             qdev_get_gpio_in(virtio_irqchip, VIRTIO_IRQ + i));
1597     }
1598 
1599     gpex_pcie_init(system_memory, pcie_irqchip, s);
1600 
1601     create_platform_bus(s, mmio_irqchip);
1602 
1603     serial_mm_init(system_memory, memmap[VIRT_UART0].base,
1604         0, qdev_get_gpio_in(mmio_irqchip, UART0_IRQ), 399193,
1605         serial_hd(0), DEVICE_LITTLE_ENDIAN);
1606 
1607     sysbus_create_simple("goldfish_rtc", memmap[VIRT_RTC].base,
1608         qdev_get_gpio_in(mmio_irqchip, RTC_IRQ));
1609 
1610     for (i = 0; i < ARRAY_SIZE(s->flash); i++) {
1611         /* Map legacy -drive if=pflash to machine properties */
1612         pflash_cfi01_legacy_drive(s->flash[i],
1613                                   drive_get(IF_PFLASH, 0, i));
1614     }
1615     virt_flash_map(s, system_memory);
1616 
1617     /* load/create device tree */
1618     if (machine->dtb) {
1619         machine->fdt = load_device_tree(machine->dtb, &s->fdt_size);
1620         if (!machine->fdt) {
1621             error_report("load_device_tree() failed");
1622             exit(1);
1623         }
1624     } else {
1625         create_fdt(s, memmap);
1626     }
1627 
1628     s->machine_done.notify = virt_machine_done;
1629     qemu_add_machine_init_done_notifier(&s->machine_done);
1630 }
1631 
1632 static void virt_machine_instance_init(Object *obj)
1633 {
1634     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1635 
1636     virt_flash_create(s);
1637 
1638     s->oem_id = g_strndup(ACPI_BUILD_APPNAME6, 6);
1639     s->oem_table_id = g_strndup(ACPI_BUILD_APPNAME8, 8);
1640     s->acpi = ON_OFF_AUTO_AUTO;
1641 }
1642 
1643 static char *virt_get_aia_guests(Object *obj, Error **errp)
1644 {
1645     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1646 
1647     return g_strdup_printf("%d", s->aia_guests);
1648 }
1649 
1650 static void virt_set_aia_guests(Object *obj, const char *val, Error **errp)
1651 {
1652     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1653 
1654     s->aia_guests = atoi(val);
1655     if (s->aia_guests < 0 || s->aia_guests > VIRT_IRQCHIP_MAX_GUESTS) {
1656         error_setg(errp, "Invalid number of AIA IMSIC guests");
1657         error_append_hint(errp, "Valid values be between 0 and %d.\n",
1658                           VIRT_IRQCHIP_MAX_GUESTS);
1659     }
1660 }
1661 
1662 static char *virt_get_aia(Object *obj, Error **errp)
1663 {
1664     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1665     const char *val;
1666 
1667     switch (s->aia_type) {
1668     case VIRT_AIA_TYPE_APLIC:
1669         val = "aplic";
1670         break;
1671     case VIRT_AIA_TYPE_APLIC_IMSIC:
1672         val = "aplic-imsic";
1673         break;
1674     default:
1675         val = "none";
1676         break;
1677     };
1678 
1679     return g_strdup(val);
1680 }
1681 
1682 static void virt_set_aia(Object *obj, const char *val, Error **errp)
1683 {
1684     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1685 
1686     if (!strcmp(val, "none")) {
1687         s->aia_type = VIRT_AIA_TYPE_NONE;
1688     } else if (!strcmp(val, "aplic")) {
1689         s->aia_type = VIRT_AIA_TYPE_APLIC;
1690     } else if (!strcmp(val, "aplic-imsic")) {
1691         s->aia_type = VIRT_AIA_TYPE_APLIC_IMSIC;
1692     } else {
1693         error_setg(errp, "Invalid AIA interrupt controller type");
1694         error_append_hint(errp, "Valid values are none, aplic, and "
1695                           "aplic-imsic.\n");
1696     }
1697 }
1698 
1699 static bool virt_get_aclint(Object *obj, Error **errp)
1700 {
1701     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1702 
1703     return s->have_aclint;
1704 }
1705 
1706 static void virt_set_aclint(Object *obj, bool value, Error **errp)
1707 {
1708     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1709 
1710     s->have_aclint = value;
1711 }
1712 
1713 bool virt_is_acpi_enabled(RISCVVirtState *s)
1714 {
1715     return s->acpi != ON_OFF_AUTO_OFF;
1716 }
1717 
1718 static void virt_get_acpi(Object *obj, Visitor *v, const char *name,
1719                           void *opaque, Error **errp)
1720 {
1721     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1722     OnOffAuto acpi = s->acpi;
1723 
1724     visit_type_OnOffAuto(v, name, &acpi, errp);
1725 }
1726 
1727 static void virt_set_acpi(Object *obj, Visitor *v, const char *name,
1728                           void *opaque, Error **errp)
1729 {
1730     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1731 
1732     visit_type_OnOffAuto(v, name, &s->acpi, errp);
1733 }
1734 
1735 static HotplugHandler *virt_machine_get_hotplug_handler(MachineState *machine,
1736                                                         DeviceState *dev)
1737 {
1738     MachineClass *mc = MACHINE_GET_CLASS(machine);
1739 
1740     if (device_is_dynamic_sysbus(mc, dev) ||
1741         object_dynamic_cast(OBJECT(dev), TYPE_VIRTIO_IOMMU_PCI)) {
1742         return HOTPLUG_HANDLER(machine);
1743     }
1744     return NULL;
1745 }
1746 
1747 static void virt_machine_device_plug_cb(HotplugHandler *hotplug_dev,
1748                                         DeviceState *dev, Error **errp)
1749 {
1750     RISCVVirtState *s = RISCV_VIRT_MACHINE(hotplug_dev);
1751 
1752     if (s->platform_bus_dev) {
1753         MachineClass *mc = MACHINE_GET_CLASS(s);
1754 
1755         if (device_is_dynamic_sysbus(mc, dev)) {
1756             platform_bus_link_device(PLATFORM_BUS_DEVICE(s->platform_bus_dev),
1757                                      SYS_BUS_DEVICE(dev));
1758         }
1759     }
1760 
1761     if (object_dynamic_cast(OBJECT(dev), TYPE_VIRTIO_IOMMU_PCI)) {
1762         create_fdt_virtio_iommu(s, pci_get_bdf(PCI_DEVICE(dev)));
1763     }
1764 }
1765 
1766 static void virt_machine_class_init(ObjectClass *oc, void *data)
1767 {
1768     MachineClass *mc = MACHINE_CLASS(oc);
1769     HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(oc);
1770 
1771     mc->desc = "RISC-V VirtIO board";
1772     mc->init = virt_machine_init;
1773     mc->max_cpus = VIRT_CPUS_MAX;
1774     mc->default_cpu_type = TYPE_RISCV_CPU_BASE;
1775     mc->block_default_type = IF_VIRTIO;
1776     mc->no_cdrom = 1;
1777     mc->pci_allow_0_address = true;
1778     mc->possible_cpu_arch_ids = riscv_numa_possible_cpu_arch_ids;
1779     mc->cpu_index_to_instance_props = riscv_numa_cpu_index_to_props;
1780     mc->get_default_cpu_node_id = riscv_numa_get_default_cpu_node_id;
1781     mc->numa_mem_supported = true;
1782     /* platform instead of architectural choice */
1783     mc->cpu_cluster_has_numa_boundary = true;
1784     mc->default_ram_id = "riscv_virt_board.ram";
1785     assert(!mc->get_hotplug_handler);
1786     mc->get_hotplug_handler = virt_machine_get_hotplug_handler;
1787 
1788     hc->plug = virt_machine_device_plug_cb;
1789 
1790     machine_class_allow_dynamic_sysbus_dev(mc, TYPE_RAMFB_DEVICE);
1791 #ifdef CONFIG_TPM
1792     machine_class_allow_dynamic_sysbus_dev(mc, TYPE_TPM_TIS_SYSBUS);
1793 #endif
1794 
1795     object_class_property_add_bool(oc, "aclint", virt_get_aclint,
1796                                    virt_set_aclint);
1797     object_class_property_set_description(oc, "aclint",
1798                                           "(TCG only) Set on/off to "
1799                                           "enable/disable emulating "
1800                                           "ACLINT devices");
1801 
1802     object_class_property_add_str(oc, "aia", virt_get_aia,
1803                                   virt_set_aia);
1804     object_class_property_set_description(oc, "aia",
1805                                           "Set type of AIA interrupt "
1806                                           "controller. Valid values are "
1807                                           "none, aplic, and aplic-imsic.");
1808 
1809     object_class_property_add_str(oc, "aia-guests",
1810                                   virt_get_aia_guests,
1811                                   virt_set_aia_guests);
1812     {
1813         g_autofree char *str =
1814             g_strdup_printf("Set number of guest MMIO pages for AIA IMSIC. "
1815                             "Valid value should be between 0 and %d.",
1816                             VIRT_IRQCHIP_MAX_GUESTS);
1817         object_class_property_set_description(oc, "aia-guests", str);
1818     }
1819 
1820     object_class_property_add(oc, "acpi", "OnOffAuto",
1821                               virt_get_acpi, virt_set_acpi,
1822                               NULL, NULL);
1823     object_class_property_set_description(oc, "acpi",
1824                                           "Enable ACPI");
1825 }
1826 
1827 static const TypeInfo virt_machine_typeinfo = {
1828     .name       = MACHINE_TYPE_NAME("virt"),
1829     .parent     = TYPE_MACHINE,
1830     .class_init = virt_machine_class_init,
1831     .instance_init = virt_machine_instance_init,
1832     .instance_size = sizeof(RISCVVirtState),
1833     .interfaces = (InterfaceInfo[]) {
1834          { TYPE_HOTPLUG_HANDLER },
1835          { }
1836     },
1837 };
1838 
1839 static void virt_machine_init_register_types(void)
1840 {
1841     type_register_static(&virt_machine_typeinfo);
1842 }
1843 
1844 type_init(virt_machine_init_register_types)
1845