xref: /openbmc/qemu/hw/riscv/virt.c (revision 90bb6d67)
1 /*
2  * QEMU RISC-V VirtIO Board
3  *
4  * Copyright (c) 2017 SiFive, Inc.
5  *
6  * RISC-V machine with 16550a UART and VirtIO MMIO
7  *
8  * This program is free software; you can redistribute it and/or modify it
9  * under the terms and conditions of the GNU General Public License,
10  * version 2 or later, as published by the Free Software Foundation.
11  *
12  * This program is distributed in the hope it will be useful, but WITHOUT
13  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
15  * more details.
16  *
17  * You should have received a copy of the GNU General Public License along with
18  * this program.  If not, see <http://www.gnu.org/licenses/>.
19  */
20 
21 #include "qemu/osdep.h"
22 #include "qemu/units.h"
23 #include "qemu/error-report.h"
24 #include "qemu/guest-random.h"
25 #include "qapi/error.h"
26 #include "hw/boards.h"
27 #include "hw/loader.h"
28 #include "hw/sysbus.h"
29 #include "hw/qdev-properties.h"
30 #include "hw/char/serial.h"
31 #include "target/riscv/cpu.h"
32 #include "hw/core/sysbus-fdt.h"
33 #include "target/riscv/pmu.h"
34 #include "hw/riscv/riscv_hart.h"
35 #include "hw/riscv/virt.h"
36 #include "hw/riscv/boot.h"
37 #include "hw/riscv/numa.h"
38 #include "kvm/kvm_riscv.h"
39 #include "hw/intc/riscv_aclint.h"
40 #include "hw/intc/riscv_aplic.h"
41 #include "hw/intc/riscv_imsic.h"
42 #include "hw/intc/sifive_plic.h"
43 #include "hw/misc/sifive_test.h"
44 #include "hw/platform-bus.h"
45 #include "chardev/char.h"
46 #include "sysemu/device_tree.h"
47 #include "sysemu/sysemu.h"
48 #include "sysemu/tcg.h"
49 #include "sysemu/kvm.h"
50 #include "sysemu/tpm.h"
51 #include "hw/pci/pci.h"
52 #include "hw/pci-host/gpex.h"
53 #include "hw/display/ramfb.h"
54 #include "hw/acpi/aml-build.h"
55 #include "qapi/qapi-visit-common.h"
56 
57 /*
58  * The virt machine physical address space used by some of the devices
59  * namely ACLINT, PLIC, APLIC, and IMSIC depend on number of Sockets,
60  * number of CPUs, and number of IMSIC guest files.
61  *
62  * Various limits defined by VIRT_SOCKETS_MAX_BITS, VIRT_CPUS_MAX_BITS,
63  * and VIRT_IRQCHIP_MAX_GUESTS_BITS are tuned for maximum utilization
64  * of virt machine physical address space.
65  */
66 
67 #define VIRT_IMSIC_GROUP_MAX_SIZE      (1U << IMSIC_MMIO_GROUP_MIN_SHIFT)
68 #if VIRT_IMSIC_GROUP_MAX_SIZE < \
69     IMSIC_GROUP_SIZE(VIRT_CPUS_MAX_BITS, VIRT_IRQCHIP_MAX_GUESTS_BITS)
70 #error "Can't accommodate single IMSIC group in address space"
71 #endif
72 
73 #define VIRT_IMSIC_MAX_SIZE            (VIRT_SOCKETS_MAX * \
74                                         VIRT_IMSIC_GROUP_MAX_SIZE)
75 #if 0x4000000 < VIRT_IMSIC_MAX_SIZE
76 #error "Can't accommodate all IMSIC groups in address space"
77 #endif
78 
79 /* KVM AIA only supports APLIC MSI. APLIC Wired is always emulated by QEMU. */
80 static bool virt_use_kvm_aia(RISCVVirtState *s)
81 {
82     return kvm_irqchip_in_kernel() && s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC;
83 }
84 
85 static const MemMapEntry virt_memmap[] = {
86     [VIRT_DEBUG] =        {        0x0,         0x100 },
87     [VIRT_MROM] =         {     0x1000,        0xf000 },
88     [VIRT_TEST] =         {   0x100000,        0x1000 },
89     [VIRT_RTC] =          {   0x101000,        0x1000 },
90     [VIRT_CLINT] =        {  0x2000000,       0x10000 },
91     [VIRT_ACLINT_SSWI] =  {  0x2F00000,        0x4000 },
92     [VIRT_PCIE_PIO] =     {  0x3000000,       0x10000 },
93     [VIRT_PLATFORM_BUS] = {  0x4000000,     0x2000000 },
94     [VIRT_PLIC] =         {  0xc000000, VIRT_PLIC_SIZE(VIRT_CPUS_MAX * 2) },
95     [VIRT_APLIC_M] =      {  0xc000000, APLIC_SIZE(VIRT_CPUS_MAX) },
96     [VIRT_APLIC_S] =      {  0xd000000, APLIC_SIZE(VIRT_CPUS_MAX) },
97     [VIRT_UART0] =        { 0x10000000,         0x100 },
98     [VIRT_VIRTIO] =       { 0x10001000,        0x1000 },
99     [VIRT_FW_CFG] =       { 0x10100000,          0x18 },
100     [VIRT_FLASH] =        { 0x20000000,     0x4000000 },
101     [VIRT_IMSIC_M] =      { 0x24000000, VIRT_IMSIC_MAX_SIZE },
102     [VIRT_IMSIC_S] =      { 0x28000000, VIRT_IMSIC_MAX_SIZE },
103     [VIRT_PCIE_ECAM] =    { 0x30000000,    0x10000000 },
104     [VIRT_PCIE_MMIO] =    { 0x40000000,    0x40000000 },
105     [VIRT_DRAM] =         { 0x80000000,           0x0 },
106 };
107 
108 /* PCIe high mmio is fixed for RV32 */
109 #define VIRT32_HIGH_PCIE_MMIO_BASE  0x300000000ULL
110 #define VIRT32_HIGH_PCIE_MMIO_SIZE  (4 * GiB)
111 
112 /* PCIe high mmio for RV64, size is fixed but base depends on top of RAM */
113 #define VIRT64_HIGH_PCIE_MMIO_SIZE  (16 * GiB)
114 
115 static MemMapEntry virt_high_pcie_memmap;
116 
117 #define VIRT_FLASH_SECTOR_SIZE (256 * KiB)
118 
119 static PFlashCFI01 *virt_flash_create1(RISCVVirtState *s,
120                                        const char *name,
121                                        const char *alias_prop_name)
122 {
123     /*
124      * Create a single flash device.  We use the same parameters as
125      * the flash devices on the ARM virt board.
126      */
127     DeviceState *dev = qdev_new(TYPE_PFLASH_CFI01);
128 
129     qdev_prop_set_uint64(dev, "sector-length", VIRT_FLASH_SECTOR_SIZE);
130     qdev_prop_set_uint8(dev, "width", 4);
131     qdev_prop_set_uint8(dev, "device-width", 2);
132     qdev_prop_set_bit(dev, "big-endian", false);
133     qdev_prop_set_uint16(dev, "id0", 0x89);
134     qdev_prop_set_uint16(dev, "id1", 0x18);
135     qdev_prop_set_uint16(dev, "id2", 0x00);
136     qdev_prop_set_uint16(dev, "id3", 0x00);
137     qdev_prop_set_string(dev, "name", name);
138 
139     object_property_add_child(OBJECT(s), name, OBJECT(dev));
140     object_property_add_alias(OBJECT(s), alias_prop_name,
141                               OBJECT(dev), "drive");
142 
143     return PFLASH_CFI01(dev);
144 }
145 
146 static void virt_flash_create(RISCVVirtState *s)
147 {
148     s->flash[0] = virt_flash_create1(s, "virt.flash0", "pflash0");
149     s->flash[1] = virt_flash_create1(s, "virt.flash1", "pflash1");
150 }
151 
152 static void virt_flash_map1(PFlashCFI01 *flash,
153                             hwaddr base, hwaddr size,
154                             MemoryRegion *sysmem)
155 {
156     DeviceState *dev = DEVICE(flash);
157 
158     assert(QEMU_IS_ALIGNED(size, VIRT_FLASH_SECTOR_SIZE));
159     assert(size / VIRT_FLASH_SECTOR_SIZE <= UINT32_MAX);
160     qdev_prop_set_uint32(dev, "num-blocks", size / VIRT_FLASH_SECTOR_SIZE);
161     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
162 
163     memory_region_add_subregion(sysmem, base,
164                                 sysbus_mmio_get_region(SYS_BUS_DEVICE(dev),
165                                                        0));
166 }
167 
168 static void virt_flash_map(RISCVVirtState *s,
169                            MemoryRegion *sysmem)
170 {
171     hwaddr flashsize = virt_memmap[VIRT_FLASH].size / 2;
172     hwaddr flashbase = virt_memmap[VIRT_FLASH].base;
173 
174     virt_flash_map1(s->flash[0], flashbase, flashsize,
175                     sysmem);
176     virt_flash_map1(s->flash[1], flashbase + flashsize, flashsize,
177                     sysmem);
178 }
179 
180 static void create_pcie_irq_map(RISCVVirtState *s, void *fdt, char *nodename,
181                                 uint32_t irqchip_phandle)
182 {
183     int pin, dev;
184     uint32_t irq_map_stride = 0;
185     uint32_t full_irq_map[GPEX_NUM_IRQS * GPEX_NUM_IRQS *
186                           FDT_MAX_INT_MAP_WIDTH] = {};
187     uint32_t *irq_map = full_irq_map;
188 
189     /* This code creates a standard swizzle of interrupts such that
190      * each device's first interrupt is based on it's PCI_SLOT number.
191      * (See pci_swizzle_map_irq_fn())
192      *
193      * We only need one entry per interrupt in the table (not one per
194      * possible slot) seeing the interrupt-map-mask will allow the table
195      * to wrap to any number of devices.
196      */
197     for (dev = 0; dev < GPEX_NUM_IRQS; dev++) {
198         int devfn = dev * 0x8;
199 
200         for (pin = 0; pin < GPEX_NUM_IRQS; pin++) {
201             int irq_nr = PCIE_IRQ + ((pin + PCI_SLOT(devfn)) % GPEX_NUM_IRQS);
202             int i = 0;
203 
204             /* Fill PCI address cells */
205             irq_map[i] = cpu_to_be32(devfn << 8);
206             i += FDT_PCI_ADDR_CELLS;
207 
208             /* Fill PCI Interrupt cells */
209             irq_map[i] = cpu_to_be32(pin + 1);
210             i += FDT_PCI_INT_CELLS;
211 
212             /* Fill interrupt controller phandle and cells */
213             irq_map[i++] = cpu_to_be32(irqchip_phandle);
214             irq_map[i++] = cpu_to_be32(irq_nr);
215             if (s->aia_type != VIRT_AIA_TYPE_NONE) {
216                 irq_map[i++] = cpu_to_be32(0x4);
217             }
218 
219             if (!irq_map_stride) {
220                 irq_map_stride = i;
221             }
222             irq_map += irq_map_stride;
223         }
224     }
225 
226     qemu_fdt_setprop(fdt, nodename, "interrupt-map", full_irq_map,
227                      GPEX_NUM_IRQS * GPEX_NUM_IRQS *
228                      irq_map_stride * sizeof(uint32_t));
229 
230     qemu_fdt_setprop_cells(fdt, nodename, "interrupt-map-mask",
231                            0x1800, 0, 0, 0x7);
232 }
233 
234 static void create_fdt_socket_cpus(RISCVVirtState *s, int socket,
235                                    char *clust_name, uint32_t *phandle,
236                                    uint32_t *intc_phandles)
237 {
238     int cpu;
239     uint32_t cpu_phandle;
240     MachineState *ms = MACHINE(s);
241     char *name, *cpu_name, *core_name, *intc_name, *sv_name;
242     bool is_32_bit = riscv_is_32bit(&s->soc[0]);
243     uint8_t satp_mode_max;
244 
245     for (cpu = s->soc[socket].num_harts - 1; cpu >= 0; cpu--) {
246         RISCVCPU *cpu_ptr = &s->soc[socket].harts[cpu];
247 
248         cpu_phandle = (*phandle)++;
249 
250         cpu_name = g_strdup_printf("/cpus/cpu@%d",
251             s->soc[socket].hartid_base + cpu);
252         qemu_fdt_add_subnode(ms->fdt, cpu_name);
253 
254         if (cpu_ptr->cfg.satp_mode.supported != 0) {
255             satp_mode_max = satp_mode_max_from_map(cpu_ptr->cfg.satp_mode.map);
256             sv_name = g_strdup_printf("riscv,%s",
257                                       satp_mode_str(satp_mode_max, is_32_bit));
258             qemu_fdt_setprop_string(ms->fdt, cpu_name, "mmu-type", sv_name);
259             g_free(sv_name);
260         }
261 
262         name = riscv_isa_string(cpu_ptr);
263         qemu_fdt_setprop_string(ms->fdt, cpu_name, "riscv,isa", name);
264         g_free(name);
265 
266         if (cpu_ptr->cfg.ext_zicbom) {
267             qemu_fdt_setprop_cell(ms->fdt, cpu_name, "riscv,cbom-block-size",
268                                   cpu_ptr->cfg.cbom_blocksize);
269         }
270 
271         if (cpu_ptr->cfg.ext_zicboz) {
272             qemu_fdt_setprop_cell(ms->fdt, cpu_name, "riscv,cboz-block-size",
273                                   cpu_ptr->cfg.cboz_blocksize);
274         }
275 
276         qemu_fdt_setprop_string(ms->fdt, cpu_name, "compatible", "riscv");
277         qemu_fdt_setprop_string(ms->fdt, cpu_name, "status", "okay");
278         qemu_fdt_setprop_cell(ms->fdt, cpu_name, "reg",
279             s->soc[socket].hartid_base + cpu);
280         qemu_fdt_setprop_string(ms->fdt, cpu_name, "device_type", "cpu");
281         riscv_socket_fdt_write_id(ms, cpu_name, socket);
282         qemu_fdt_setprop_cell(ms->fdt, cpu_name, "phandle", cpu_phandle);
283 
284         intc_phandles[cpu] = (*phandle)++;
285 
286         intc_name = g_strdup_printf("%s/interrupt-controller", cpu_name);
287         qemu_fdt_add_subnode(ms->fdt, intc_name);
288         qemu_fdt_setprop_cell(ms->fdt, intc_name, "phandle",
289             intc_phandles[cpu]);
290         qemu_fdt_setprop_string(ms->fdt, intc_name, "compatible",
291             "riscv,cpu-intc");
292         qemu_fdt_setprop(ms->fdt, intc_name, "interrupt-controller", NULL, 0);
293         qemu_fdt_setprop_cell(ms->fdt, intc_name, "#interrupt-cells", 1);
294 
295         core_name = g_strdup_printf("%s/core%d", clust_name, cpu);
296         qemu_fdt_add_subnode(ms->fdt, core_name);
297         qemu_fdt_setprop_cell(ms->fdt, core_name, "cpu", cpu_phandle);
298 
299         g_free(core_name);
300         g_free(intc_name);
301         g_free(cpu_name);
302     }
303 }
304 
305 static void create_fdt_socket_memory(RISCVVirtState *s,
306                                      const MemMapEntry *memmap, int socket)
307 {
308     char *mem_name;
309     uint64_t addr, size;
310     MachineState *ms = MACHINE(s);
311 
312     addr = memmap[VIRT_DRAM].base + riscv_socket_mem_offset(ms, socket);
313     size = riscv_socket_mem_size(ms, socket);
314     mem_name = g_strdup_printf("/memory@%lx", (long)addr);
315     qemu_fdt_add_subnode(ms->fdt, mem_name);
316     qemu_fdt_setprop_cells(ms->fdt, mem_name, "reg",
317         addr >> 32, addr, size >> 32, size);
318     qemu_fdt_setprop_string(ms->fdt, mem_name, "device_type", "memory");
319     riscv_socket_fdt_write_id(ms, mem_name, socket);
320     g_free(mem_name);
321 }
322 
323 static void create_fdt_socket_clint(RISCVVirtState *s,
324                                     const MemMapEntry *memmap, int socket,
325                                     uint32_t *intc_phandles)
326 {
327     int cpu;
328     char *clint_name;
329     uint32_t *clint_cells;
330     unsigned long clint_addr;
331     MachineState *ms = MACHINE(s);
332     static const char * const clint_compat[2] = {
333         "sifive,clint0", "riscv,clint0"
334     };
335 
336     clint_cells = g_new0(uint32_t, s->soc[socket].num_harts * 4);
337 
338     for (cpu = 0; cpu < s->soc[socket].num_harts; cpu++) {
339         clint_cells[cpu * 4 + 0] = cpu_to_be32(intc_phandles[cpu]);
340         clint_cells[cpu * 4 + 1] = cpu_to_be32(IRQ_M_SOFT);
341         clint_cells[cpu * 4 + 2] = cpu_to_be32(intc_phandles[cpu]);
342         clint_cells[cpu * 4 + 3] = cpu_to_be32(IRQ_M_TIMER);
343     }
344 
345     clint_addr = memmap[VIRT_CLINT].base + (memmap[VIRT_CLINT].size * socket);
346     clint_name = g_strdup_printf("/soc/clint@%lx", clint_addr);
347     qemu_fdt_add_subnode(ms->fdt, clint_name);
348     qemu_fdt_setprop_string_array(ms->fdt, clint_name, "compatible",
349                                   (char **)&clint_compat,
350                                   ARRAY_SIZE(clint_compat));
351     qemu_fdt_setprop_cells(ms->fdt, clint_name, "reg",
352         0x0, clint_addr, 0x0, memmap[VIRT_CLINT].size);
353     qemu_fdt_setprop(ms->fdt, clint_name, "interrupts-extended",
354         clint_cells, s->soc[socket].num_harts * sizeof(uint32_t) * 4);
355     riscv_socket_fdt_write_id(ms, clint_name, socket);
356     g_free(clint_name);
357 
358     g_free(clint_cells);
359 }
360 
361 static void create_fdt_socket_aclint(RISCVVirtState *s,
362                                      const MemMapEntry *memmap, int socket,
363                                      uint32_t *intc_phandles)
364 {
365     int cpu;
366     char *name;
367     unsigned long addr, size;
368     uint32_t aclint_cells_size;
369     uint32_t *aclint_mswi_cells;
370     uint32_t *aclint_sswi_cells;
371     uint32_t *aclint_mtimer_cells;
372     MachineState *ms = MACHINE(s);
373 
374     aclint_mswi_cells = g_new0(uint32_t, s->soc[socket].num_harts * 2);
375     aclint_mtimer_cells = g_new0(uint32_t, s->soc[socket].num_harts * 2);
376     aclint_sswi_cells = g_new0(uint32_t, s->soc[socket].num_harts * 2);
377 
378     for (cpu = 0; cpu < s->soc[socket].num_harts; cpu++) {
379         aclint_mswi_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
380         aclint_mswi_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_M_SOFT);
381         aclint_mtimer_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
382         aclint_mtimer_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_M_TIMER);
383         aclint_sswi_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
384         aclint_sswi_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_S_SOFT);
385     }
386     aclint_cells_size = s->soc[socket].num_harts * sizeof(uint32_t) * 2;
387 
388     if (s->aia_type != VIRT_AIA_TYPE_APLIC_IMSIC) {
389         addr = memmap[VIRT_CLINT].base + (memmap[VIRT_CLINT].size * socket);
390         name = g_strdup_printf("/soc/mswi@%lx", addr);
391         qemu_fdt_add_subnode(ms->fdt, name);
392         qemu_fdt_setprop_string(ms->fdt, name, "compatible",
393             "riscv,aclint-mswi");
394         qemu_fdt_setprop_cells(ms->fdt, name, "reg",
395             0x0, addr, 0x0, RISCV_ACLINT_SWI_SIZE);
396         qemu_fdt_setprop(ms->fdt, name, "interrupts-extended",
397             aclint_mswi_cells, aclint_cells_size);
398         qemu_fdt_setprop(ms->fdt, name, "interrupt-controller", NULL, 0);
399         qemu_fdt_setprop_cell(ms->fdt, name, "#interrupt-cells", 0);
400         riscv_socket_fdt_write_id(ms, name, socket);
401         g_free(name);
402     }
403 
404     if (s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC) {
405         addr = memmap[VIRT_CLINT].base +
406                (RISCV_ACLINT_DEFAULT_MTIMER_SIZE * socket);
407         size = RISCV_ACLINT_DEFAULT_MTIMER_SIZE;
408     } else {
409         addr = memmap[VIRT_CLINT].base + RISCV_ACLINT_SWI_SIZE +
410             (memmap[VIRT_CLINT].size * socket);
411         size = memmap[VIRT_CLINT].size - RISCV_ACLINT_SWI_SIZE;
412     }
413     name = g_strdup_printf("/soc/mtimer@%lx", addr);
414     qemu_fdt_add_subnode(ms->fdt, name);
415     qemu_fdt_setprop_string(ms->fdt, name, "compatible",
416         "riscv,aclint-mtimer");
417     qemu_fdt_setprop_cells(ms->fdt, name, "reg",
418         0x0, addr + RISCV_ACLINT_DEFAULT_MTIME,
419         0x0, size - RISCV_ACLINT_DEFAULT_MTIME,
420         0x0, addr + RISCV_ACLINT_DEFAULT_MTIMECMP,
421         0x0, RISCV_ACLINT_DEFAULT_MTIME);
422     qemu_fdt_setprop(ms->fdt, name, "interrupts-extended",
423         aclint_mtimer_cells, aclint_cells_size);
424     riscv_socket_fdt_write_id(ms, name, socket);
425     g_free(name);
426 
427     if (s->aia_type != VIRT_AIA_TYPE_APLIC_IMSIC) {
428         addr = memmap[VIRT_ACLINT_SSWI].base +
429             (memmap[VIRT_ACLINT_SSWI].size * socket);
430         name = g_strdup_printf("/soc/sswi@%lx", addr);
431         qemu_fdt_add_subnode(ms->fdt, name);
432         qemu_fdt_setprop_string(ms->fdt, name, "compatible",
433             "riscv,aclint-sswi");
434         qemu_fdt_setprop_cells(ms->fdt, name, "reg",
435             0x0, addr, 0x0, memmap[VIRT_ACLINT_SSWI].size);
436         qemu_fdt_setprop(ms->fdt, name, "interrupts-extended",
437             aclint_sswi_cells, aclint_cells_size);
438         qemu_fdt_setprop(ms->fdt, name, "interrupt-controller", NULL, 0);
439         qemu_fdt_setprop_cell(ms->fdt, name, "#interrupt-cells", 0);
440         riscv_socket_fdt_write_id(ms, name, socket);
441         g_free(name);
442     }
443 
444     g_free(aclint_mswi_cells);
445     g_free(aclint_mtimer_cells);
446     g_free(aclint_sswi_cells);
447 }
448 
449 static void create_fdt_socket_plic(RISCVVirtState *s,
450                                    const MemMapEntry *memmap, int socket,
451                                    uint32_t *phandle, uint32_t *intc_phandles,
452                                    uint32_t *plic_phandles)
453 {
454     int cpu;
455     char *plic_name;
456     uint32_t *plic_cells;
457     unsigned long plic_addr;
458     MachineState *ms = MACHINE(s);
459     static const char * const plic_compat[2] = {
460         "sifive,plic-1.0.0", "riscv,plic0"
461     };
462 
463     if (kvm_enabled()) {
464         plic_cells = g_new0(uint32_t, s->soc[socket].num_harts * 2);
465     } else {
466         plic_cells = g_new0(uint32_t, s->soc[socket].num_harts * 4);
467     }
468 
469     for (cpu = 0; cpu < s->soc[socket].num_harts; cpu++) {
470         if (kvm_enabled()) {
471             plic_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
472             plic_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_S_EXT);
473         } else {
474             plic_cells[cpu * 4 + 0] = cpu_to_be32(intc_phandles[cpu]);
475             plic_cells[cpu * 4 + 1] = cpu_to_be32(IRQ_M_EXT);
476             plic_cells[cpu * 4 + 2] = cpu_to_be32(intc_phandles[cpu]);
477             plic_cells[cpu * 4 + 3] = cpu_to_be32(IRQ_S_EXT);
478         }
479     }
480 
481     plic_phandles[socket] = (*phandle)++;
482     plic_addr = memmap[VIRT_PLIC].base + (memmap[VIRT_PLIC].size * socket);
483     plic_name = g_strdup_printf("/soc/plic@%lx", plic_addr);
484     qemu_fdt_add_subnode(ms->fdt, plic_name);
485     qemu_fdt_setprop_cell(ms->fdt, plic_name,
486         "#interrupt-cells", FDT_PLIC_INT_CELLS);
487     qemu_fdt_setprop_cell(ms->fdt, plic_name,
488         "#address-cells", FDT_PLIC_ADDR_CELLS);
489     qemu_fdt_setprop_string_array(ms->fdt, plic_name, "compatible",
490                                   (char **)&plic_compat,
491                                   ARRAY_SIZE(plic_compat));
492     qemu_fdt_setprop(ms->fdt, plic_name, "interrupt-controller", NULL, 0);
493     qemu_fdt_setprop(ms->fdt, plic_name, "interrupts-extended",
494         plic_cells, s->soc[socket].num_harts * sizeof(uint32_t) * 4);
495     qemu_fdt_setprop_cells(ms->fdt, plic_name, "reg",
496         0x0, plic_addr, 0x0, memmap[VIRT_PLIC].size);
497     qemu_fdt_setprop_cell(ms->fdt, plic_name, "riscv,ndev",
498                           VIRT_IRQCHIP_NUM_SOURCES - 1);
499     riscv_socket_fdt_write_id(ms, plic_name, socket);
500     qemu_fdt_setprop_cell(ms->fdt, plic_name, "phandle",
501         plic_phandles[socket]);
502 
503     if (!socket) {
504         platform_bus_add_all_fdt_nodes(ms->fdt, plic_name,
505                                        memmap[VIRT_PLATFORM_BUS].base,
506                                        memmap[VIRT_PLATFORM_BUS].size,
507                                        VIRT_PLATFORM_BUS_IRQ);
508     }
509 
510     g_free(plic_name);
511 
512     g_free(plic_cells);
513 }
514 
515 static uint32_t imsic_num_bits(uint32_t count)
516 {
517     uint32_t ret = 0;
518 
519     while (BIT(ret) < count) {
520         ret++;
521     }
522 
523     return ret;
524 }
525 
526 static void create_fdt_one_imsic(RISCVVirtState *s, hwaddr base_addr,
527                                  uint32_t *intc_phandles, uint32_t msi_phandle,
528                                  bool m_mode, uint32_t imsic_guest_bits)
529 {
530     int cpu, socket;
531     char *imsic_name;
532     MachineState *ms = MACHINE(s);
533     int socket_count = riscv_socket_count(ms);
534     uint32_t imsic_max_hart_per_socket;
535     uint32_t *imsic_cells, *imsic_regs, imsic_addr, imsic_size;
536 
537     imsic_cells = g_new0(uint32_t, ms->smp.cpus * 2);
538     imsic_regs = g_new0(uint32_t, socket_count * 4);
539 
540     for (cpu = 0; cpu < ms->smp.cpus; cpu++) {
541         imsic_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
542         imsic_cells[cpu * 2 + 1] = cpu_to_be32(m_mode ? IRQ_M_EXT : IRQ_S_EXT);
543     }
544 
545     imsic_max_hart_per_socket = 0;
546     for (socket = 0; socket < socket_count; socket++) {
547         imsic_addr = base_addr + socket * VIRT_IMSIC_GROUP_MAX_SIZE;
548         imsic_size = IMSIC_HART_SIZE(imsic_guest_bits) *
549                      s->soc[socket].num_harts;
550         imsic_regs[socket * 4 + 0] = 0;
551         imsic_regs[socket * 4 + 1] = cpu_to_be32(imsic_addr);
552         imsic_regs[socket * 4 + 2] = 0;
553         imsic_regs[socket * 4 + 3] = cpu_to_be32(imsic_size);
554         if (imsic_max_hart_per_socket < s->soc[socket].num_harts) {
555             imsic_max_hart_per_socket = s->soc[socket].num_harts;
556         }
557     }
558 
559     imsic_name = g_strdup_printf("/soc/imsics@%lx", (unsigned long)base_addr);
560     qemu_fdt_add_subnode(ms->fdt, imsic_name);
561     qemu_fdt_setprop_string(ms->fdt, imsic_name, "compatible", "riscv,imsics");
562     qemu_fdt_setprop_cell(ms->fdt, imsic_name, "#interrupt-cells",
563                           FDT_IMSIC_INT_CELLS);
564     qemu_fdt_setprop(ms->fdt, imsic_name, "interrupt-controller", NULL, 0);
565     qemu_fdt_setprop(ms->fdt, imsic_name, "msi-controller", NULL, 0);
566     qemu_fdt_setprop(ms->fdt, imsic_name, "interrupts-extended",
567                      imsic_cells, ms->smp.cpus * sizeof(uint32_t) * 2);
568     qemu_fdt_setprop(ms->fdt, imsic_name, "reg", imsic_regs,
569                      socket_count * sizeof(uint32_t) * 4);
570     qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,num-ids",
571                      VIRT_IRQCHIP_NUM_MSIS);
572 
573     if (imsic_guest_bits) {
574         qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,guest-index-bits",
575                               imsic_guest_bits);
576     }
577 
578     if (socket_count > 1) {
579         qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,hart-index-bits",
580                               imsic_num_bits(imsic_max_hart_per_socket));
581         qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,group-index-bits",
582                               imsic_num_bits(socket_count));
583         qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,group-index-shift",
584                               IMSIC_MMIO_GROUP_MIN_SHIFT);
585     }
586     qemu_fdt_setprop_cell(ms->fdt, imsic_name, "phandle", msi_phandle);
587 
588     g_free(imsic_name);
589     g_free(imsic_regs);
590     g_free(imsic_cells);
591 }
592 
593 static void create_fdt_imsic(RISCVVirtState *s, const MemMapEntry *memmap,
594                              uint32_t *phandle, uint32_t *intc_phandles,
595                              uint32_t *msi_m_phandle, uint32_t *msi_s_phandle)
596 {
597     *msi_m_phandle = (*phandle)++;
598     *msi_s_phandle = (*phandle)++;
599 
600     if (!kvm_enabled()) {
601         /* M-level IMSIC node */
602         create_fdt_one_imsic(s, memmap[VIRT_IMSIC_M].base, intc_phandles,
603                              *msi_m_phandle, true, 0);
604     }
605 
606     /* S-level IMSIC node */
607     create_fdt_one_imsic(s, memmap[VIRT_IMSIC_S].base, intc_phandles,
608                          *msi_s_phandle, false,
609                          imsic_num_bits(s->aia_guests + 1));
610 
611 }
612 
613 static void create_fdt_one_aplic(RISCVVirtState *s, int socket,
614                                  unsigned long aplic_addr, uint32_t aplic_size,
615                                  uint32_t msi_phandle,
616                                  uint32_t *intc_phandles,
617                                  uint32_t aplic_phandle,
618                                  uint32_t aplic_child_phandle,
619                                  bool m_mode, int num_harts)
620 {
621     int cpu;
622     char *aplic_name;
623     uint32_t *aplic_cells;
624     MachineState *ms = MACHINE(s);
625 
626     aplic_cells = g_new0(uint32_t, num_harts * 2);
627 
628     for (cpu = 0; cpu < num_harts; cpu++) {
629         aplic_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
630         aplic_cells[cpu * 2 + 1] = cpu_to_be32(m_mode ? IRQ_M_EXT : IRQ_S_EXT);
631     }
632 
633     aplic_name = g_strdup_printf("/soc/aplic@%lx", aplic_addr);
634     qemu_fdt_add_subnode(ms->fdt, aplic_name);
635     qemu_fdt_setprop_string(ms->fdt, aplic_name, "compatible", "riscv,aplic");
636     qemu_fdt_setprop_cell(ms->fdt, aplic_name,
637                           "#interrupt-cells", FDT_APLIC_INT_CELLS);
638     qemu_fdt_setprop(ms->fdt, aplic_name, "interrupt-controller", NULL, 0);
639 
640     if (s->aia_type == VIRT_AIA_TYPE_APLIC) {
641         qemu_fdt_setprop(ms->fdt, aplic_name, "interrupts-extended",
642                          aplic_cells, num_harts * sizeof(uint32_t) * 2);
643     } else {
644         qemu_fdt_setprop_cell(ms->fdt, aplic_name, "msi-parent", msi_phandle);
645     }
646 
647     qemu_fdt_setprop_cells(ms->fdt, aplic_name, "reg",
648                            0x0, aplic_addr, 0x0, aplic_size);
649     qemu_fdt_setprop_cell(ms->fdt, aplic_name, "riscv,num-sources",
650                           VIRT_IRQCHIP_NUM_SOURCES);
651 
652     if (aplic_child_phandle) {
653         qemu_fdt_setprop_cell(ms->fdt, aplic_name, "riscv,children",
654                               aplic_child_phandle);
655         qemu_fdt_setprop_cells(ms->fdt, aplic_name, "riscv,delegate",
656                                aplic_child_phandle, 0x1,
657                                VIRT_IRQCHIP_NUM_SOURCES);
658     }
659 
660     riscv_socket_fdt_write_id(ms, aplic_name, socket);
661     qemu_fdt_setprop_cell(ms->fdt, aplic_name, "phandle", aplic_phandle);
662 
663     g_free(aplic_name);
664     g_free(aplic_cells);
665 }
666 
667 static void create_fdt_socket_aplic(RISCVVirtState *s,
668                                     const MemMapEntry *memmap, int socket,
669                                     uint32_t msi_m_phandle,
670                                     uint32_t msi_s_phandle,
671                                     uint32_t *phandle,
672                                     uint32_t *intc_phandles,
673                                     uint32_t *aplic_phandles,
674                                     int num_harts)
675 {
676     char *aplic_name;
677     unsigned long aplic_addr;
678     MachineState *ms = MACHINE(s);
679     uint32_t aplic_m_phandle, aplic_s_phandle;
680 
681     aplic_m_phandle = (*phandle)++;
682     aplic_s_phandle = (*phandle)++;
683 
684     if (!kvm_enabled()) {
685         /* M-level APLIC node */
686         aplic_addr = memmap[VIRT_APLIC_M].base +
687                      (memmap[VIRT_APLIC_M].size * socket);
688         create_fdt_one_aplic(s, socket, aplic_addr, memmap[VIRT_APLIC_M].size,
689                              msi_m_phandle, intc_phandles,
690                              aplic_m_phandle, aplic_s_phandle,
691                              true, num_harts);
692     }
693 
694     /* S-level APLIC node */
695     aplic_addr = memmap[VIRT_APLIC_S].base +
696                  (memmap[VIRT_APLIC_S].size * socket);
697     create_fdt_one_aplic(s, socket, aplic_addr, memmap[VIRT_APLIC_S].size,
698                          msi_s_phandle, intc_phandles,
699                          aplic_s_phandle, 0,
700                          false, num_harts);
701 
702     aplic_name = g_strdup_printf("/soc/aplic@%lx", aplic_addr);
703 
704     if (!socket) {
705         platform_bus_add_all_fdt_nodes(ms->fdt, aplic_name,
706                                        memmap[VIRT_PLATFORM_BUS].base,
707                                        memmap[VIRT_PLATFORM_BUS].size,
708                                        VIRT_PLATFORM_BUS_IRQ);
709     }
710 
711     g_free(aplic_name);
712 
713     aplic_phandles[socket] = aplic_s_phandle;
714 }
715 
716 static void create_fdt_pmu(RISCVVirtState *s)
717 {
718     char *pmu_name;
719     MachineState *ms = MACHINE(s);
720     RISCVCPU hart = s->soc[0].harts[0];
721 
722     pmu_name = g_strdup_printf("/pmu");
723     qemu_fdt_add_subnode(ms->fdt, pmu_name);
724     qemu_fdt_setprop_string(ms->fdt, pmu_name, "compatible", "riscv,pmu");
725     riscv_pmu_generate_fdt_node(ms->fdt, hart.pmu_avail_ctrs, pmu_name);
726 
727     g_free(pmu_name);
728 }
729 
730 static void create_fdt_sockets(RISCVVirtState *s, const MemMapEntry *memmap,
731                                uint32_t *phandle,
732                                uint32_t *irq_mmio_phandle,
733                                uint32_t *irq_pcie_phandle,
734                                uint32_t *irq_virtio_phandle,
735                                uint32_t *msi_pcie_phandle)
736 {
737     char *clust_name;
738     int socket, phandle_pos;
739     MachineState *ms = MACHINE(s);
740     uint32_t msi_m_phandle = 0, msi_s_phandle = 0;
741     uint32_t *intc_phandles, xplic_phandles[MAX_NODES];
742     int socket_count = riscv_socket_count(ms);
743 
744     qemu_fdt_add_subnode(ms->fdt, "/cpus");
745     qemu_fdt_setprop_cell(ms->fdt, "/cpus", "timebase-frequency",
746                           RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ);
747     qemu_fdt_setprop_cell(ms->fdt, "/cpus", "#size-cells", 0x0);
748     qemu_fdt_setprop_cell(ms->fdt, "/cpus", "#address-cells", 0x1);
749     qemu_fdt_add_subnode(ms->fdt, "/cpus/cpu-map");
750 
751     intc_phandles = g_new0(uint32_t, ms->smp.cpus);
752 
753     phandle_pos = ms->smp.cpus;
754     for (socket = (socket_count - 1); socket >= 0; socket--) {
755         phandle_pos -= s->soc[socket].num_harts;
756 
757         clust_name = g_strdup_printf("/cpus/cpu-map/cluster%d", socket);
758         qemu_fdt_add_subnode(ms->fdt, clust_name);
759 
760         create_fdt_socket_cpus(s, socket, clust_name, phandle,
761                                &intc_phandles[phandle_pos]);
762 
763         create_fdt_socket_memory(s, memmap, socket);
764 
765         g_free(clust_name);
766 
767         if (tcg_enabled()) {
768             if (s->have_aclint) {
769                 create_fdt_socket_aclint(s, memmap, socket,
770                     &intc_phandles[phandle_pos]);
771             } else {
772                 create_fdt_socket_clint(s, memmap, socket,
773                     &intc_phandles[phandle_pos]);
774             }
775         }
776     }
777 
778     if (s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC) {
779         create_fdt_imsic(s, memmap, phandle, intc_phandles,
780             &msi_m_phandle, &msi_s_phandle);
781         *msi_pcie_phandle = msi_s_phandle;
782     }
783 
784     /* KVM AIA only has one APLIC instance */
785     if (kvm_enabled() && virt_use_kvm_aia(s)) {
786         create_fdt_socket_aplic(s, memmap, 0,
787                                 msi_m_phandle, msi_s_phandle, phandle,
788                                 &intc_phandles[0], xplic_phandles,
789                                 ms->smp.cpus);
790     } else {
791         phandle_pos = ms->smp.cpus;
792         for (socket = (socket_count - 1); socket >= 0; socket--) {
793             phandle_pos -= s->soc[socket].num_harts;
794 
795             if (s->aia_type == VIRT_AIA_TYPE_NONE) {
796                 create_fdt_socket_plic(s, memmap, socket, phandle,
797                                        &intc_phandles[phandle_pos],
798                                        xplic_phandles);
799             } else {
800                 create_fdt_socket_aplic(s, memmap, socket,
801                                         msi_m_phandle, msi_s_phandle, phandle,
802                                         &intc_phandles[phandle_pos],
803                                         xplic_phandles,
804                                         s->soc[socket].num_harts);
805             }
806         }
807     }
808 
809     g_free(intc_phandles);
810 
811     if (kvm_enabled() && virt_use_kvm_aia(s)) {
812         *irq_mmio_phandle = xplic_phandles[0];
813         *irq_virtio_phandle = xplic_phandles[0];
814         *irq_pcie_phandle = xplic_phandles[0];
815     } else {
816         for (socket = 0; socket < socket_count; socket++) {
817             if (socket == 0) {
818                 *irq_mmio_phandle = xplic_phandles[socket];
819                 *irq_virtio_phandle = xplic_phandles[socket];
820                 *irq_pcie_phandle = xplic_phandles[socket];
821             }
822             if (socket == 1) {
823                 *irq_virtio_phandle = xplic_phandles[socket];
824                 *irq_pcie_phandle = xplic_phandles[socket];
825             }
826             if (socket == 2) {
827                 *irq_pcie_phandle = xplic_phandles[socket];
828             }
829         }
830     }
831 
832     riscv_socket_fdt_write_distance_matrix(ms);
833 }
834 
835 static void create_fdt_virtio(RISCVVirtState *s, const MemMapEntry *memmap,
836                               uint32_t irq_virtio_phandle)
837 {
838     int i;
839     char *name;
840     MachineState *ms = MACHINE(s);
841 
842     for (i = 0; i < VIRTIO_COUNT; i++) {
843         name = g_strdup_printf("/soc/virtio_mmio@%lx",
844             (long)(memmap[VIRT_VIRTIO].base + i * memmap[VIRT_VIRTIO].size));
845         qemu_fdt_add_subnode(ms->fdt, name);
846         qemu_fdt_setprop_string(ms->fdt, name, "compatible", "virtio,mmio");
847         qemu_fdt_setprop_cells(ms->fdt, name, "reg",
848             0x0, memmap[VIRT_VIRTIO].base + i * memmap[VIRT_VIRTIO].size,
849             0x0, memmap[VIRT_VIRTIO].size);
850         qemu_fdt_setprop_cell(ms->fdt, name, "interrupt-parent",
851             irq_virtio_phandle);
852         if (s->aia_type == VIRT_AIA_TYPE_NONE) {
853             qemu_fdt_setprop_cell(ms->fdt, name, "interrupts",
854                                   VIRTIO_IRQ + i);
855         } else {
856             qemu_fdt_setprop_cells(ms->fdt, name, "interrupts",
857                                    VIRTIO_IRQ + i, 0x4);
858         }
859         g_free(name);
860     }
861 }
862 
863 static void create_fdt_pcie(RISCVVirtState *s, const MemMapEntry *memmap,
864                             uint32_t irq_pcie_phandle,
865                             uint32_t msi_pcie_phandle)
866 {
867     char *name;
868     MachineState *ms = MACHINE(s);
869 
870     name = g_strdup_printf("/soc/pci@%lx",
871         (long) memmap[VIRT_PCIE_ECAM].base);
872     qemu_fdt_add_subnode(ms->fdt, name);
873     qemu_fdt_setprop_cell(ms->fdt, name, "#address-cells",
874         FDT_PCI_ADDR_CELLS);
875     qemu_fdt_setprop_cell(ms->fdt, name, "#interrupt-cells",
876         FDT_PCI_INT_CELLS);
877     qemu_fdt_setprop_cell(ms->fdt, name, "#size-cells", 0x2);
878     qemu_fdt_setprop_string(ms->fdt, name, "compatible",
879         "pci-host-ecam-generic");
880     qemu_fdt_setprop_string(ms->fdt, name, "device_type", "pci");
881     qemu_fdt_setprop_cell(ms->fdt, name, "linux,pci-domain", 0);
882     qemu_fdt_setprop_cells(ms->fdt, name, "bus-range", 0,
883         memmap[VIRT_PCIE_ECAM].size / PCIE_MMCFG_SIZE_MIN - 1);
884     qemu_fdt_setprop(ms->fdt, name, "dma-coherent", NULL, 0);
885     if (s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC) {
886         qemu_fdt_setprop_cell(ms->fdt, name, "msi-parent", msi_pcie_phandle);
887     }
888     qemu_fdt_setprop_cells(ms->fdt, name, "reg", 0,
889         memmap[VIRT_PCIE_ECAM].base, 0, memmap[VIRT_PCIE_ECAM].size);
890     qemu_fdt_setprop_sized_cells(ms->fdt, name, "ranges",
891         1, FDT_PCI_RANGE_IOPORT, 2, 0,
892         2, memmap[VIRT_PCIE_PIO].base, 2, memmap[VIRT_PCIE_PIO].size,
893         1, FDT_PCI_RANGE_MMIO,
894         2, memmap[VIRT_PCIE_MMIO].base,
895         2, memmap[VIRT_PCIE_MMIO].base, 2, memmap[VIRT_PCIE_MMIO].size,
896         1, FDT_PCI_RANGE_MMIO_64BIT,
897         2, virt_high_pcie_memmap.base,
898         2, virt_high_pcie_memmap.base, 2, virt_high_pcie_memmap.size);
899 
900     create_pcie_irq_map(s, ms->fdt, name, irq_pcie_phandle);
901     g_free(name);
902 }
903 
904 static void create_fdt_reset(RISCVVirtState *s, const MemMapEntry *memmap,
905                              uint32_t *phandle)
906 {
907     char *name;
908     uint32_t test_phandle;
909     MachineState *ms = MACHINE(s);
910 
911     test_phandle = (*phandle)++;
912     name = g_strdup_printf("/soc/test@%lx",
913         (long)memmap[VIRT_TEST].base);
914     qemu_fdt_add_subnode(ms->fdt, name);
915     {
916         static const char * const compat[3] = {
917             "sifive,test1", "sifive,test0", "syscon"
918         };
919         qemu_fdt_setprop_string_array(ms->fdt, name, "compatible",
920                                       (char **)&compat, ARRAY_SIZE(compat));
921     }
922     qemu_fdt_setprop_cells(ms->fdt, name, "reg",
923         0x0, memmap[VIRT_TEST].base, 0x0, memmap[VIRT_TEST].size);
924     qemu_fdt_setprop_cell(ms->fdt, name, "phandle", test_phandle);
925     test_phandle = qemu_fdt_get_phandle(ms->fdt, name);
926     g_free(name);
927 
928     name = g_strdup_printf("/reboot");
929     qemu_fdt_add_subnode(ms->fdt, name);
930     qemu_fdt_setprop_string(ms->fdt, name, "compatible", "syscon-reboot");
931     qemu_fdt_setprop_cell(ms->fdt, name, "regmap", test_phandle);
932     qemu_fdt_setprop_cell(ms->fdt, name, "offset", 0x0);
933     qemu_fdt_setprop_cell(ms->fdt, name, "value", FINISHER_RESET);
934     g_free(name);
935 
936     name = g_strdup_printf("/poweroff");
937     qemu_fdt_add_subnode(ms->fdt, name);
938     qemu_fdt_setprop_string(ms->fdt, name, "compatible", "syscon-poweroff");
939     qemu_fdt_setprop_cell(ms->fdt, name, "regmap", test_phandle);
940     qemu_fdt_setprop_cell(ms->fdt, name, "offset", 0x0);
941     qemu_fdt_setprop_cell(ms->fdt, name, "value", FINISHER_PASS);
942     g_free(name);
943 }
944 
945 static void create_fdt_uart(RISCVVirtState *s, const MemMapEntry *memmap,
946                             uint32_t irq_mmio_phandle)
947 {
948     char *name;
949     MachineState *ms = MACHINE(s);
950 
951     name = g_strdup_printf("/soc/serial@%lx", (long)memmap[VIRT_UART0].base);
952     qemu_fdt_add_subnode(ms->fdt, name);
953     qemu_fdt_setprop_string(ms->fdt, name, "compatible", "ns16550a");
954     qemu_fdt_setprop_cells(ms->fdt, name, "reg",
955         0x0, memmap[VIRT_UART0].base,
956         0x0, memmap[VIRT_UART0].size);
957     qemu_fdt_setprop_cell(ms->fdt, name, "clock-frequency", 3686400);
958     qemu_fdt_setprop_cell(ms->fdt, name, "interrupt-parent", irq_mmio_phandle);
959     if (s->aia_type == VIRT_AIA_TYPE_NONE) {
960         qemu_fdt_setprop_cell(ms->fdt, name, "interrupts", UART0_IRQ);
961     } else {
962         qemu_fdt_setprop_cells(ms->fdt, name, "interrupts", UART0_IRQ, 0x4);
963     }
964 
965     qemu_fdt_setprop_string(ms->fdt, "/chosen", "stdout-path", name);
966     g_free(name);
967 }
968 
969 static void create_fdt_rtc(RISCVVirtState *s, const MemMapEntry *memmap,
970                            uint32_t irq_mmio_phandle)
971 {
972     char *name;
973     MachineState *ms = MACHINE(s);
974 
975     name = g_strdup_printf("/soc/rtc@%lx", (long)memmap[VIRT_RTC].base);
976     qemu_fdt_add_subnode(ms->fdt, name);
977     qemu_fdt_setprop_string(ms->fdt, name, "compatible",
978         "google,goldfish-rtc");
979     qemu_fdt_setprop_cells(ms->fdt, name, "reg",
980         0x0, memmap[VIRT_RTC].base, 0x0, memmap[VIRT_RTC].size);
981     qemu_fdt_setprop_cell(ms->fdt, name, "interrupt-parent",
982         irq_mmio_phandle);
983     if (s->aia_type == VIRT_AIA_TYPE_NONE) {
984         qemu_fdt_setprop_cell(ms->fdt, name, "interrupts", RTC_IRQ);
985     } else {
986         qemu_fdt_setprop_cells(ms->fdt, name, "interrupts", RTC_IRQ, 0x4);
987     }
988     g_free(name);
989 }
990 
991 static void create_fdt_flash(RISCVVirtState *s, const MemMapEntry *memmap)
992 {
993     char *name;
994     MachineState *ms = MACHINE(s);
995     hwaddr flashsize = virt_memmap[VIRT_FLASH].size / 2;
996     hwaddr flashbase = virt_memmap[VIRT_FLASH].base;
997 
998     name = g_strdup_printf("/flash@%" PRIx64, flashbase);
999     qemu_fdt_add_subnode(ms->fdt, name);
1000     qemu_fdt_setprop_string(ms->fdt, name, "compatible", "cfi-flash");
1001     qemu_fdt_setprop_sized_cells(ms->fdt, name, "reg",
1002                                  2, flashbase, 2, flashsize,
1003                                  2, flashbase + flashsize, 2, flashsize);
1004     qemu_fdt_setprop_cell(ms->fdt, name, "bank-width", 4);
1005     g_free(name);
1006 }
1007 
1008 static void create_fdt_fw_cfg(RISCVVirtState *s, const MemMapEntry *memmap)
1009 {
1010     char *nodename;
1011     MachineState *ms = MACHINE(s);
1012     hwaddr base = memmap[VIRT_FW_CFG].base;
1013     hwaddr size = memmap[VIRT_FW_CFG].size;
1014 
1015     nodename = g_strdup_printf("/fw-cfg@%" PRIx64, base);
1016     qemu_fdt_add_subnode(ms->fdt, nodename);
1017     qemu_fdt_setprop_string(ms->fdt, nodename,
1018                             "compatible", "qemu,fw-cfg-mmio");
1019     qemu_fdt_setprop_sized_cells(ms->fdt, nodename, "reg",
1020                                  2, base, 2, size);
1021     qemu_fdt_setprop(ms->fdt, nodename, "dma-coherent", NULL, 0);
1022     g_free(nodename);
1023 }
1024 
1025 static void finalize_fdt(RISCVVirtState *s)
1026 {
1027     uint32_t phandle = 1, irq_mmio_phandle = 1, msi_pcie_phandle = 1;
1028     uint32_t irq_pcie_phandle = 1, irq_virtio_phandle = 1;
1029 
1030     create_fdt_sockets(s, virt_memmap, &phandle, &irq_mmio_phandle,
1031                        &irq_pcie_phandle, &irq_virtio_phandle,
1032                        &msi_pcie_phandle);
1033 
1034     create_fdt_virtio(s, virt_memmap, irq_virtio_phandle);
1035 
1036     create_fdt_pcie(s, virt_memmap, irq_pcie_phandle, msi_pcie_phandle);
1037 
1038     create_fdt_reset(s, virt_memmap, &phandle);
1039 
1040     create_fdt_uart(s, virt_memmap, irq_mmio_phandle);
1041 
1042     create_fdt_rtc(s, virt_memmap, irq_mmio_phandle);
1043 }
1044 
1045 static void create_fdt(RISCVVirtState *s, const MemMapEntry *memmap)
1046 {
1047     MachineState *ms = MACHINE(s);
1048     uint8_t rng_seed[32];
1049 
1050     ms->fdt = create_device_tree(&s->fdt_size);
1051     if (!ms->fdt) {
1052         error_report("create_device_tree() failed");
1053         exit(1);
1054     }
1055 
1056     qemu_fdt_setprop_string(ms->fdt, "/", "model", "riscv-virtio,qemu");
1057     qemu_fdt_setprop_string(ms->fdt, "/", "compatible", "riscv-virtio");
1058     qemu_fdt_setprop_cell(ms->fdt, "/", "#size-cells", 0x2);
1059     qemu_fdt_setprop_cell(ms->fdt, "/", "#address-cells", 0x2);
1060 
1061     qemu_fdt_add_subnode(ms->fdt, "/soc");
1062     qemu_fdt_setprop(ms->fdt, "/soc", "ranges", NULL, 0);
1063     qemu_fdt_setprop_string(ms->fdt, "/soc", "compatible", "simple-bus");
1064     qemu_fdt_setprop_cell(ms->fdt, "/soc", "#size-cells", 0x2);
1065     qemu_fdt_setprop_cell(ms->fdt, "/soc", "#address-cells", 0x2);
1066 
1067     qemu_fdt_add_subnode(ms->fdt, "/chosen");
1068 
1069     /* Pass seed to RNG */
1070     qemu_guest_getrandom_nofail(rng_seed, sizeof(rng_seed));
1071     qemu_fdt_setprop(ms->fdt, "/chosen", "rng-seed",
1072                      rng_seed, sizeof(rng_seed));
1073 
1074     create_fdt_flash(s, memmap);
1075     create_fdt_fw_cfg(s, memmap);
1076     create_fdt_pmu(s);
1077 }
1078 
1079 static inline DeviceState *gpex_pcie_init(MemoryRegion *sys_mem,
1080                                           hwaddr ecam_base, hwaddr ecam_size,
1081                                           hwaddr mmio_base, hwaddr mmio_size,
1082                                           hwaddr high_mmio_base,
1083                                           hwaddr high_mmio_size,
1084                                           hwaddr pio_base,
1085                                           DeviceState *irqchip)
1086 {
1087     DeviceState *dev;
1088     MemoryRegion *ecam_alias, *ecam_reg;
1089     MemoryRegion *mmio_alias, *high_mmio_alias, *mmio_reg;
1090     qemu_irq irq;
1091     int i;
1092 
1093     dev = qdev_new(TYPE_GPEX_HOST);
1094 
1095     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
1096 
1097     ecam_alias = g_new0(MemoryRegion, 1);
1098     ecam_reg = sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 0);
1099     memory_region_init_alias(ecam_alias, OBJECT(dev), "pcie-ecam",
1100                              ecam_reg, 0, ecam_size);
1101     memory_region_add_subregion(get_system_memory(), ecam_base, ecam_alias);
1102 
1103     mmio_alias = g_new0(MemoryRegion, 1);
1104     mmio_reg = sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 1);
1105     memory_region_init_alias(mmio_alias, OBJECT(dev), "pcie-mmio",
1106                              mmio_reg, mmio_base, mmio_size);
1107     memory_region_add_subregion(get_system_memory(), mmio_base, mmio_alias);
1108 
1109     /* Map high MMIO space */
1110     high_mmio_alias = g_new0(MemoryRegion, 1);
1111     memory_region_init_alias(high_mmio_alias, OBJECT(dev), "pcie-mmio-high",
1112                              mmio_reg, high_mmio_base, high_mmio_size);
1113     memory_region_add_subregion(get_system_memory(), high_mmio_base,
1114                                 high_mmio_alias);
1115 
1116     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 2, pio_base);
1117 
1118     for (i = 0; i < GPEX_NUM_IRQS; i++) {
1119         irq = qdev_get_gpio_in(irqchip, PCIE_IRQ + i);
1120 
1121         sysbus_connect_irq(SYS_BUS_DEVICE(dev), i, irq);
1122         gpex_set_irq_num(GPEX_HOST(dev), i, PCIE_IRQ + i);
1123     }
1124 
1125     return dev;
1126 }
1127 
1128 static FWCfgState *create_fw_cfg(const MachineState *ms)
1129 {
1130     hwaddr base = virt_memmap[VIRT_FW_CFG].base;
1131     FWCfgState *fw_cfg;
1132 
1133     fw_cfg = fw_cfg_init_mem_wide(base + 8, base, 8, base + 16,
1134                                   &address_space_memory);
1135     fw_cfg_add_i16(fw_cfg, FW_CFG_NB_CPUS, (uint16_t)ms->smp.cpus);
1136 
1137     return fw_cfg;
1138 }
1139 
1140 static DeviceState *virt_create_plic(const MemMapEntry *memmap, int socket,
1141                                      int base_hartid, int hart_count)
1142 {
1143     DeviceState *ret;
1144     char *plic_hart_config;
1145 
1146     /* Per-socket PLIC hart topology configuration string */
1147     plic_hart_config = riscv_plic_hart_config_string(hart_count);
1148 
1149     /* Per-socket PLIC */
1150     ret = sifive_plic_create(
1151             memmap[VIRT_PLIC].base + socket * memmap[VIRT_PLIC].size,
1152             plic_hart_config, hart_count, base_hartid,
1153             VIRT_IRQCHIP_NUM_SOURCES,
1154             ((1U << VIRT_IRQCHIP_NUM_PRIO_BITS) - 1),
1155             VIRT_PLIC_PRIORITY_BASE,
1156             VIRT_PLIC_PENDING_BASE,
1157             VIRT_PLIC_ENABLE_BASE,
1158             VIRT_PLIC_ENABLE_STRIDE,
1159             VIRT_PLIC_CONTEXT_BASE,
1160             VIRT_PLIC_CONTEXT_STRIDE,
1161             memmap[VIRT_PLIC].size);
1162 
1163     g_free(plic_hart_config);
1164 
1165     return ret;
1166 }
1167 
1168 static DeviceState *virt_create_aia(RISCVVirtAIAType aia_type, int aia_guests,
1169                                     const MemMapEntry *memmap, int socket,
1170                                     int base_hartid, int hart_count)
1171 {
1172     int i;
1173     hwaddr addr;
1174     uint32_t guest_bits;
1175     DeviceState *aplic_s = NULL;
1176     DeviceState *aplic_m = NULL;
1177     bool msimode = aia_type == VIRT_AIA_TYPE_APLIC_IMSIC;
1178 
1179     if (msimode) {
1180         if (!kvm_enabled()) {
1181             /* Per-socket M-level IMSICs */
1182             addr = memmap[VIRT_IMSIC_M].base +
1183                    socket * VIRT_IMSIC_GROUP_MAX_SIZE;
1184             for (i = 0; i < hart_count; i++) {
1185                 riscv_imsic_create(addr + i * IMSIC_HART_SIZE(0),
1186                                    base_hartid + i, true, 1,
1187                                    VIRT_IRQCHIP_NUM_MSIS);
1188             }
1189         }
1190 
1191         /* Per-socket S-level IMSICs */
1192         guest_bits = imsic_num_bits(aia_guests + 1);
1193         addr = memmap[VIRT_IMSIC_S].base + socket * VIRT_IMSIC_GROUP_MAX_SIZE;
1194         for (i = 0; i < hart_count; i++) {
1195             riscv_imsic_create(addr + i * IMSIC_HART_SIZE(guest_bits),
1196                                base_hartid + i, false, 1 + aia_guests,
1197                                VIRT_IRQCHIP_NUM_MSIS);
1198         }
1199     }
1200 
1201     if (!kvm_enabled()) {
1202         /* Per-socket M-level APLIC */
1203         aplic_m = riscv_aplic_create(memmap[VIRT_APLIC_M].base +
1204                                      socket * memmap[VIRT_APLIC_M].size,
1205                                      memmap[VIRT_APLIC_M].size,
1206                                      (msimode) ? 0 : base_hartid,
1207                                      (msimode) ? 0 : hart_count,
1208                                      VIRT_IRQCHIP_NUM_SOURCES,
1209                                      VIRT_IRQCHIP_NUM_PRIO_BITS,
1210                                      msimode, true, NULL);
1211     }
1212 
1213     /* Per-socket S-level APLIC */
1214     aplic_s = riscv_aplic_create(memmap[VIRT_APLIC_S].base +
1215                                  socket * memmap[VIRT_APLIC_S].size,
1216                                  memmap[VIRT_APLIC_S].size,
1217                                  (msimode) ? 0 : base_hartid,
1218                                  (msimode) ? 0 : hart_count,
1219                                  VIRT_IRQCHIP_NUM_SOURCES,
1220                                  VIRT_IRQCHIP_NUM_PRIO_BITS,
1221                                  msimode, false, aplic_m);
1222 
1223     return kvm_enabled() ? aplic_s : aplic_m;
1224 }
1225 
1226 static void create_platform_bus(RISCVVirtState *s, DeviceState *irqchip)
1227 {
1228     DeviceState *dev;
1229     SysBusDevice *sysbus;
1230     const MemMapEntry *memmap = virt_memmap;
1231     int i;
1232     MemoryRegion *sysmem = get_system_memory();
1233 
1234     dev = qdev_new(TYPE_PLATFORM_BUS_DEVICE);
1235     dev->id = g_strdup(TYPE_PLATFORM_BUS_DEVICE);
1236     qdev_prop_set_uint32(dev, "num_irqs", VIRT_PLATFORM_BUS_NUM_IRQS);
1237     qdev_prop_set_uint32(dev, "mmio_size", memmap[VIRT_PLATFORM_BUS].size);
1238     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
1239     s->platform_bus_dev = dev;
1240 
1241     sysbus = SYS_BUS_DEVICE(dev);
1242     for (i = 0; i < VIRT_PLATFORM_BUS_NUM_IRQS; i++) {
1243         int irq = VIRT_PLATFORM_BUS_IRQ + i;
1244         sysbus_connect_irq(sysbus, i, qdev_get_gpio_in(irqchip, irq));
1245     }
1246 
1247     memory_region_add_subregion(sysmem,
1248                                 memmap[VIRT_PLATFORM_BUS].base,
1249                                 sysbus_mmio_get_region(sysbus, 0));
1250 }
1251 
1252 static void virt_machine_done(Notifier *notifier, void *data)
1253 {
1254     RISCVVirtState *s = container_of(notifier, RISCVVirtState,
1255                                      machine_done);
1256     const MemMapEntry *memmap = virt_memmap;
1257     MachineState *machine = MACHINE(s);
1258     target_ulong start_addr = memmap[VIRT_DRAM].base;
1259     target_ulong firmware_end_addr, kernel_start_addr;
1260     const char *firmware_name = riscv_default_firmware_name(&s->soc[0]);
1261     uint64_t fdt_load_addr;
1262     uint64_t kernel_entry = 0;
1263     BlockBackend *pflash_blk0;
1264 
1265     /*
1266      * An user provided dtb must include everything, including
1267      * dynamic sysbus devices. Our FDT needs to be finalized.
1268      */
1269     if (machine->dtb == NULL) {
1270         finalize_fdt(s);
1271     }
1272 
1273     /*
1274      * Only direct boot kernel is currently supported for KVM VM,
1275      * so the "-bios" parameter is not supported when KVM is enabled.
1276      */
1277     if (kvm_enabled()) {
1278         if (machine->firmware) {
1279             if (strcmp(machine->firmware, "none")) {
1280                 error_report("Machine mode firmware is not supported in "
1281                              "combination with KVM.");
1282                 exit(1);
1283             }
1284         } else {
1285             machine->firmware = g_strdup("none");
1286         }
1287     }
1288 
1289     firmware_end_addr = riscv_find_and_load_firmware(machine, firmware_name,
1290                                                      start_addr, NULL);
1291 
1292     pflash_blk0 = pflash_cfi01_get_blk(s->flash[0]);
1293     if (pflash_blk0) {
1294         if (machine->firmware && !strcmp(machine->firmware, "none") &&
1295             !kvm_enabled()) {
1296             /*
1297              * Pflash was supplied but bios is none and not KVM guest,
1298              * let's overwrite the address we jump to after reset to
1299              * the base of the flash.
1300              */
1301             start_addr = virt_memmap[VIRT_FLASH].base;
1302         } else {
1303             /*
1304              * Pflash was supplied but either KVM guest or bios is not none.
1305              * In this case, base of the flash would contain S-mode payload.
1306              */
1307             riscv_setup_firmware_boot(machine);
1308             kernel_entry = virt_memmap[VIRT_FLASH].base;
1309         }
1310     }
1311 
1312     if (machine->kernel_filename && !kernel_entry) {
1313         kernel_start_addr = riscv_calc_kernel_start_addr(&s->soc[0],
1314                                                          firmware_end_addr);
1315 
1316         kernel_entry = riscv_load_kernel(machine, &s->soc[0],
1317                                          kernel_start_addr, true, NULL);
1318     }
1319 
1320     fdt_load_addr = riscv_compute_fdt_addr(memmap[VIRT_DRAM].base,
1321                                            memmap[VIRT_DRAM].size,
1322                                            machine);
1323     riscv_load_fdt(fdt_load_addr, machine->fdt);
1324 
1325     /* load the reset vector */
1326     riscv_setup_rom_reset_vec(machine, &s->soc[0], start_addr,
1327                               virt_memmap[VIRT_MROM].base,
1328                               virt_memmap[VIRT_MROM].size, kernel_entry,
1329                               fdt_load_addr);
1330 
1331     /*
1332      * Only direct boot kernel is currently supported for KVM VM,
1333      * So here setup kernel start address and fdt address.
1334      * TODO:Support firmware loading and integrate to TCG start
1335      */
1336     if (kvm_enabled()) {
1337         riscv_setup_direct_kernel(kernel_entry, fdt_load_addr);
1338     }
1339 
1340     if (virt_is_acpi_enabled(s)) {
1341         virt_acpi_setup(s);
1342     }
1343 }
1344 
1345 static void virt_machine_init(MachineState *machine)
1346 {
1347     const MemMapEntry *memmap = virt_memmap;
1348     RISCVVirtState *s = RISCV_VIRT_MACHINE(machine);
1349     MemoryRegion *system_memory = get_system_memory();
1350     MemoryRegion *mask_rom = g_new(MemoryRegion, 1);
1351     char *soc_name;
1352     DeviceState *mmio_irqchip, *virtio_irqchip, *pcie_irqchip;
1353     int i, base_hartid, hart_count;
1354     int socket_count = riscv_socket_count(machine);
1355 
1356     /* Check socket count limit */
1357     if (VIRT_SOCKETS_MAX < socket_count) {
1358         error_report("number of sockets/nodes should be less than %d",
1359             VIRT_SOCKETS_MAX);
1360         exit(1);
1361     }
1362 
1363     if (!tcg_enabled() && s->have_aclint) {
1364         error_report("'aclint' is only available with TCG acceleration");
1365         exit(1);
1366     }
1367 
1368     /* Initialize sockets */
1369     mmio_irqchip = virtio_irqchip = pcie_irqchip = NULL;
1370     for (i = 0; i < socket_count; i++) {
1371         if (!riscv_socket_check_hartids(machine, i)) {
1372             error_report("discontinuous hartids in socket%d", i);
1373             exit(1);
1374         }
1375 
1376         base_hartid = riscv_socket_first_hartid(machine, i);
1377         if (base_hartid < 0) {
1378             error_report("can't find hartid base for socket%d", i);
1379             exit(1);
1380         }
1381 
1382         hart_count = riscv_socket_hart_count(machine, i);
1383         if (hart_count < 0) {
1384             error_report("can't find hart count for socket%d", i);
1385             exit(1);
1386         }
1387 
1388         soc_name = g_strdup_printf("soc%d", i);
1389         object_initialize_child(OBJECT(machine), soc_name, &s->soc[i],
1390                                 TYPE_RISCV_HART_ARRAY);
1391         g_free(soc_name);
1392         object_property_set_str(OBJECT(&s->soc[i]), "cpu-type",
1393                                 machine->cpu_type, &error_abort);
1394         object_property_set_int(OBJECT(&s->soc[i]), "hartid-base",
1395                                 base_hartid, &error_abort);
1396         object_property_set_int(OBJECT(&s->soc[i]), "num-harts",
1397                                 hart_count, &error_abort);
1398         sysbus_realize(SYS_BUS_DEVICE(&s->soc[i]), &error_fatal);
1399 
1400         if (tcg_enabled()) {
1401             if (s->have_aclint) {
1402                 if (s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC) {
1403                     /* Per-socket ACLINT MTIMER */
1404                     riscv_aclint_mtimer_create(memmap[VIRT_CLINT].base +
1405                             i * RISCV_ACLINT_DEFAULT_MTIMER_SIZE,
1406                         RISCV_ACLINT_DEFAULT_MTIMER_SIZE,
1407                         base_hartid, hart_count,
1408                         RISCV_ACLINT_DEFAULT_MTIMECMP,
1409                         RISCV_ACLINT_DEFAULT_MTIME,
1410                         RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ, true);
1411                 } else {
1412                     /* Per-socket ACLINT MSWI, MTIMER, and SSWI */
1413                     riscv_aclint_swi_create(memmap[VIRT_CLINT].base +
1414                             i * memmap[VIRT_CLINT].size,
1415                         base_hartid, hart_count, false);
1416                     riscv_aclint_mtimer_create(memmap[VIRT_CLINT].base +
1417                             i * memmap[VIRT_CLINT].size +
1418                             RISCV_ACLINT_SWI_SIZE,
1419                         RISCV_ACLINT_DEFAULT_MTIMER_SIZE,
1420                         base_hartid, hart_count,
1421                         RISCV_ACLINT_DEFAULT_MTIMECMP,
1422                         RISCV_ACLINT_DEFAULT_MTIME,
1423                         RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ, true);
1424                     riscv_aclint_swi_create(memmap[VIRT_ACLINT_SSWI].base +
1425                             i * memmap[VIRT_ACLINT_SSWI].size,
1426                         base_hartid, hart_count, true);
1427                 }
1428             } else {
1429                 /* Per-socket SiFive CLINT */
1430                 riscv_aclint_swi_create(
1431                     memmap[VIRT_CLINT].base + i * memmap[VIRT_CLINT].size,
1432                     base_hartid, hart_count, false);
1433                 riscv_aclint_mtimer_create(memmap[VIRT_CLINT].base +
1434                         i * memmap[VIRT_CLINT].size + RISCV_ACLINT_SWI_SIZE,
1435                     RISCV_ACLINT_DEFAULT_MTIMER_SIZE, base_hartid, hart_count,
1436                     RISCV_ACLINT_DEFAULT_MTIMECMP, RISCV_ACLINT_DEFAULT_MTIME,
1437                     RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ, true);
1438             }
1439         }
1440 
1441         /* Per-socket interrupt controller */
1442         if (s->aia_type == VIRT_AIA_TYPE_NONE) {
1443             s->irqchip[i] = virt_create_plic(memmap, i,
1444                                              base_hartid, hart_count);
1445         } else {
1446             s->irqchip[i] = virt_create_aia(s->aia_type, s->aia_guests,
1447                                             memmap, i, base_hartid,
1448                                             hart_count);
1449         }
1450 
1451         /* Try to use different IRQCHIP instance based device type */
1452         if (i == 0) {
1453             mmio_irqchip = s->irqchip[i];
1454             virtio_irqchip = s->irqchip[i];
1455             pcie_irqchip = s->irqchip[i];
1456         }
1457         if (i == 1) {
1458             virtio_irqchip = s->irqchip[i];
1459             pcie_irqchip = s->irqchip[i];
1460         }
1461         if (i == 2) {
1462             pcie_irqchip = s->irqchip[i];
1463         }
1464     }
1465 
1466     if (kvm_enabled() && virt_use_kvm_aia(s)) {
1467         kvm_riscv_aia_create(machine, IMSIC_MMIO_GROUP_MIN_SHIFT,
1468                              VIRT_IRQCHIP_NUM_SOURCES, VIRT_IRQCHIP_NUM_MSIS,
1469                              memmap[VIRT_APLIC_S].base,
1470                              memmap[VIRT_IMSIC_S].base,
1471                              s->aia_guests);
1472     }
1473 
1474     if (riscv_is_32bit(&s->soc[0])) {
1475 #if HOST_LONG_BITS == 64
1476         /* limit RAM size in a 32-bit system */
1477         if (machine->ram_size > 10 * GiB) {
1478             machine->ram_size = 10 * GiB;
1479             error_report("Limiting RAM size to 10 GiB");
1480         }
1481 #endif
1482         virt_high_pcie_memmap.base = VIRT32_HIGH_PCIE_MMIO_BASE;
1483         virt_high_pcie_memmap.size = VIRT32_HIGH_PCIE_MMIO_SIZE;
1484     } else {
1485         virt_high_pcie_memmap.size = VIRT64_HIGH_PCIE_MMIO_SIZE;
1486         virt_high_pcie_memmap.base = memmap[VIRT_DRAM].base + machine->ram_size;
1487         virt_high_pcie_memmap.base =
1488             ROUND_UP(virt_high_pcie_memmap.base, virt_high_pcie_memmap.size);
1489     }
1490 
1491     s->memmap = virt_memmap;
1492 
1493     /* register system main memory (actual RAM) */
1494     memory_region_add_subregion(system_memory, memmap[VIRT_DRAM].base,
1495         machine->ram);
1496 
1497     /* boot rom */
1498     memory_region_init_rom(mask_rom, NULL, "riscv_virt_board.mrom",
1499                            memmap[VIRT_MROM].size, &error_fatal);
1500     memory_region_add_subregion(system_memory, memmap[VIRT_MROM].base,
1501                                 mask_rom);
1502 
1503     /*
1504      * Init fw_cfg. Must be done before riscv_load_fdt, otherwise the
1505      * device tree cannot be altered and we get FDT_ERR_NOSPACE.
1506      */
1507     s->fw_cfg = create_fw_cfg(machine);
1508     rom_set_fw(s->fw_cfg);
1509 
1510     /* SiFive Test MMIO device */
1511     sifive_test_create(memmap[VIRT_TEST].base);
1512 
1513     /* VirtIO MMIO devices */
1514     for (i = 0; i < VIRTIO_COUNT; i++) {
1515         sysbus_create_simple("virtio-mmio",
1516             memmap[VIRT_VIRTIO].base + i * memmap[VIRT_VIRTIO].size,
1517             qdev_get_gpio_in(virtio_irqchip, VIRTIO_IRQ + i));
1518     }
1519 
1520     gpex_pcie_init(system_memory,
1521                    memmap[VIRT_PCIE_ECAM].base,
1522                    memmap[VIRT_PCIE_ECAM].size,
1523                    memmap[VIRT_PCIE_MMIO].base,
1524                    memmap[VIRT_PCIE_MMIO].size,
1525                    virt_high_pcie_memmap.base,
1526                    virt_high_pcie_memmap.size,
1527                    memmap[VIRT_PCIE_PIO].base,
1528                    pcie_irqchip);
1529 
1530     create_platform_bus(s, mmio_irqchip);
1531 
1532     serial_mm_init(system_memory, memmap[VIRT_UART0].base,
1533         0, qdev_get_gpio_in(mmio_irqchip, UART0_IRQ), 399193,
1534         serial_hd(0), DEVICE_LITTLE_ENDIAN);
1535 
1536     sysbus_create_simple("goldfish_rtc", memmap[VIRT_RTC].base,
1537         qdev_get_gpio_in(mmio_irqchip, RTC_IRQ));
1538 
1539     for (i = 0; i < ARRAY_SIZE(s->flash); i++) {
1540         /* Map legacy -drive if=pflash to machine properties */
1541         pflash_cfi01_legacy_drive(s->flash[i],
1542                                   drive_get(IF_PFLASH, 0, i));
1543     }
1544     virt_flash_map(s, system_memory);
1545 
1546     /* load/create device tree */
1547     if (machine->dtb) {
1548         machine->fdt = load_device_tree(machine->dtb, &s->fdt_size);
1549         if (!machine->fdt) {
1550             error_report("load_device_tree() failed");
1551             exit(1);
1552         }
1553     } else {
1554         create_fdt(s, memmap);
1555     }
1556 
1557     s->machine_done.notify = virt_machine_done;
1558     qemu_add_machine_init_done_notifier(&s->machine_done);
1559 }
1560 
1561 static void virt_machine_instance_init(Object *obj)
1562 {
1563     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1564 
1565     virt_flash_create(s);
1566 
1567     s->oem_id = g_strndup(ACPI_BUILD_APPNAME6, 6);
1568     s->oem_table_id = g_strndup(ACPI_BUILD_APPNAME8, 8);
1569     s->acpi = ON_OFF_AUTO_AUTO;
1570 }
1571 
1572 static char *virt_get_aia_guests(Object *obj, Error **errp)
1573 {
1574     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1575     char val[32];
1576 
1577     sprintf(val, "%d", s->aia_guests);
1578     return g_strdup(val);
1579 }
1580 
1581 static void virt_set_aia_guests(Object *obj, const char *val, Error **errp)
1582 {
1583     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1584 
1585     s->aia_guests = atoi(val);
1586     if (s->aia_guests < 0 || s->aia_guests > VIRT_IRQCHIP_MAX_GUESTS) {
1587         error_setg(errp, "Invalid number of AIA IMSIC guests");
1588         error_append_hint(errp, "Valid values be between 0 and %d.\n",
1589                           VIRT_IRQCHIP_MAX_GUESTS);
1590     }
1591 }
1592 
1593 static char *virt_get_aia(Object *obj, Error **errp)
1594 {
1595     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1596     const char *val;
1597 
1598     switch (s->aia_type) {
1599     case VIRT_AIA_TYPE_APLIC:
1600         val = "aplic";
1601         break;
1602     case VIRT_AIA_TYPE_APLIC_IMSIC:
1603         val = "aplic-imsic";
1604         break;
1605     default:
1606         val = "none";
1607         break;
1608     };
1609 
1610     return g_strdup(val);
1611 }
1612 
1613 static void virt_set_aia(Object *obj, const char *val, Error **errp)
1614 {
1615     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1616 
1617     if (!strcmp(val, "none")) {
1618         s->aia_type = VIRT_AIA_TYPE_NONE;
1619     } else if (!strcmp(val, "aplic")) {
1620         s->aia_type = VIRT_AIA_TYPE_APLIC;
1621     } else if (!strcmp(val, "aplic-imsic")) {
1622         s->aia_type = VIRT_AIA_TYPE_APLIC_IMSIC;
1623     } else {
1624         error_setg(errp, "Invalid AIA interrupt controller type");
1625         error_append_hint(errp, "Valid values are none, aplic, and "
1626                           "aplic-imsic.\n");
1627     }
1628 }
1629 
1630 static bool virt_get_aclint(Object *obj, Error **errp)
1631 {
1632     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1633 
1634     return s->have_aclint;
1635 }
1636 
1637 static void virt_set_aclint(Object *obj, bool value, Error **errp)
1638 {
1639     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1640 
1641     s->have_aclint = value;
1642 }
1643 
1644 bool virt_is_acpi_enabled(RISCVVirtState *s)
1645 {
1646     return s->acpi != ON_OFF_AUTO_OFF;
1647 }
1648 
1649 static void virt_get_acpi(Object *obj, Visitor *v, const char *name,
1650                           void *opaque, Error **errp)
1651 {
1652     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1653     OnOffAuto acpi = s->acpi;
1654 
1655     visit_type_OnOffAuto(v, name, &acpi, errp);
1656 }
1657 
1658 static void virt_set_acpi(Object *obj, Visitor *v, const char *name,
1659                           void *opaque, Error **errp)
1660 {
1661     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1662 
1663     visit_type_OnOffAuto(v, name, &s->acpi, errp);
1664 }
1665 
1666 static HotplugHandler *virt_machine_get_hotplug_handler(MachineState *machine,
1667                                                         DeviceState *dev)
1668 {
1669     MachineClass *mc = MACHINE_GET_CLASS(machine);
1670 
1671     if (device_is_dynamic_sysbus(mc, dev)) {
1672         return HOTPLUG_HANDLER(machine);
1673     }
1674     return NULL;
1675 }
1676 
1677 static void virt_machine_device_plug_cb(HotplugHandler *hotplug_dev,
1678                                         DeviceState *dev, Error **errp)
1679 {
1680     RISCVVirtState *s = RISCV_VIRT_MACHINE(hotplug_dev);
1681 
1682     if (s->platform_bus_dev) {
1683         MachineClass *mc = MACHINE_GET_CLASS(s);
1684 
1685         if (device_is_dynamic_sysbus(mc, dev)) {
1686             platform_bus_link_device(PLATFORM_BUS_DEVICE(s->platform_bus_dev),
1687                                      SYS_BUS_DEVICE(dev));
1688         }
1689     }
1690 }
1691 
1692 static void virt_machine_class_init(ObjectClass *oc, void *data)
1693 {
1694     char str[128];
1695     MachineClass *mc = MACHINE_CLASS(oc);
1696     HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(oc);
1697 
1698     mc->desc = "RISC-V VirtIO board";
1699     mc->init = virt_machine_init;
1700     mc->max_cpus = VIRT_CPUS_MAX;
1701     mc->default_cpu_type = TYPE_RISCV_CPU_BASE;
1702     mc->pci_allow_0_address = true;
1703     mc->possible_cpu_arch_ids = riscv_numa_possible_cpu_arch_ids;
1704     mc->cpu_index_to_instance_props = riscv_numa_cpu_index_to_props;
1705     mc->get_default_cpu_node_id = riscv_numa_get_default_cpu_node_id;
1706     mc->numa_mem_supported = true;
1707     /* platform instead of architectural choice */
1708     mc->cpu_cluster_has_numa_boundary = true;
1709     mc->default_ram_id = "riscv_virt_board.ram";
1710     assert(!mc->get_hotplug_handler);
1711     mc->get_hotplug_handler = virt_machine_get_hotplug_handler;
1712 
1713     hc->plug = virt_machine_device_plug_cb;
1714 
1715     machine_class_allow_dynamic_sysbus_dev(mc, TYPE_RAMFB_DEVICE);
1716 #ifdef CONFIG_TPM
1717     machine_class_allow_dynamic_sysbus_dev(mc, TYPE_TPM_TIS_SYSBUS);
1718 #endif
1719 
1720 
1721     object_class_property_add_bool(oc, "aclint", virt_get_aclint,
1722                                    virt_set_aclint);
1723     object_class_property_set_description(oc, "aclint",
1724                                           "(TCG only) Set on/off to "
1725                                           "enable/disable emulating "
1726                                           "ACLINT devices");
1727 
1728     object_class_property_add_str(oc, "aia", virt_get_aia,
1729                                   virt_set_aia);
1730     object_class_property_set_description(oc, "aia",
1731                                           "Set type of AIA interrupt "
1732                                           "controller. Valid values are "
1733                                           "none, aplic, and aplic-imsic.");
1734 
1735     object_class_property_add_str(oc, "aia-guests",
1736                                   virt_get_aia_guests,
1737                                   virt_set_aia_guests);
1738     sprintf(str, "Set number of guest MMIO pages for AIA IMSIC. Valid value "
1739                  "should be between 0 and %d.", VIRT_IRQCHIP_MAX_GUESTS);
1740     object_class_property_set_description(oc, "aia-guests", str);
1741     object_class_property_add(oc, "acpi", "OnOffAuto",
1742                               virt_get_acpi, virt_set_acpi,
1743                               NULL, NULL);
1744     object_class_property_set_description(oc, "acpi",
1745                                           "Enable ACPI");
1746 }
1747 
1748 static const TypeInfo virt_machine_typeinfo = {
1749     .name       = MACHINE_TYPE_NAME("virt"),
1750     .parent     = TYPE_MACHINE,
1751     .class_init = virt_machine_class_init,
1752     .instance_init = virt_machine_instance_init,
1753     .instance_size = sizeof(RISCVVirtState),
1754     .interfaces = (InterfaceInfo[]) {
1755          { TYPE_HOTPLUG_HANDLER },
1756          { }
1757     },
1758 };
1759 
1760 static void virt_machine_init_register_types(void)
1761 {
1762     type_register_static(&virt_machine_typeinfo);
1763 }
1764 
1765 type_init(virt_machine_init_register_types)
1766