xref: /openbmc/qemu/hw/riscv/virt.c (revision a65d5170)
1 /*
2  * QEMU RISC-V VirtIO Board
3  *
4  * Copyright (c) 2017 SiFive, Inc.
5  *
6  * RISC-V machine with 16550a UART and VirtIO MMIO
7  *
8  * This program is free software; you can redistribute it and/or modify it
9  * under the terms and conditions of the GNU General Public License,
10  * version 2 or later, as published by the Free Software Foundation.
11  *
12  * This program is distributed in the hope it will be useful, but WITHOUT
13  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
15  * more details.
16  *
17  * You should have received a copy of the GNU General Public License along with
18  * this program.  If not, see <http://www.gnu.org/licenses/>.
19  */
20 
21 #include "qemu/osdep.h"
22 #include "qemu/units.h"
23 #include "qemu/error-report.h"
24 #include "qemu/guest-random.h"
25 #include "qapi/error.h"
26 #include "hw/boards.h"
27 #include "hw/loader.h"
28 #include "hw/sysbus.h"
29 #include "hw/qdev-properties.h"
30 #include "hw/char/serial.h"
31 #include "target/riscv/cpu.h"
32 #include "hw/core/sysbus-fdt.h"
33 #include "target/riscv/pmu.h"
34 #include "hw/riscv/riscv_hart.h"
35 #include "hw/riscv/virt.h"
36 #include "hw/riscv/boot.h"
37 #include "hw/riscv/numa.h"
38 #include "kvm/kvm_riscv.h"
39 #include "hw/firmware/smbios.h"
40 #include "hw/intc/riscv_aclint.h"
41 #include "hw/intc/riscv_aplic.h"
42 #include "hw/intc/sifive_plic.h"
43 #include "hw/misc/sifive_test.h"
44 #include "hw/platform-bus.h"
45 #include "chardev/char.h"
46 #include "sysemu/device_tree.h"
47 #include "sysemu/sysemu.h"
48 #include "sysemu/tcg.h"
49 #include "sysemu/kvm.h"
50 #include "sysemu/tpm.h"
51 #include "hw/pci/pci.h"
52 #include "hw/pci-host/gpex.h"
53 #include "hw/display/ramfb.h"
54 #include "hw/acpi/aml-build.h"
55 #include "qapi/qapi-visit-common.h"
56 
57 /* KVM AIA only supports APLIC MSI. APLIC Wired is always emulated by QEMU. */
58 static bool virt_use_kvm_aia(RISCVVirtState *s)
59 {
60     return kvm_irqchip_in_kernel() && s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC;
61 }
62 
63 static const MemMapEntry virt_memmap[] = {
64     [VIRT_DEBUG] =        {        0x0,         0x100 },
65     [VIRT_MROM] =         {     0x1000,        0xf000 },
66     [VIRT_TEST] =         {   0x100000,        0x1000 },
67     [VIRT_RTC] =          {   0x101000,        0x1000 },
68     [VIRT_CLINT] =        {  0x2000000,       0x10000 },
69     [VIRT_ACLINT_SSWI] =  {  0x2F00000,        0x4000 },
70     [VIRT_PCIE_PIO] =     {  0x3000000,       0x10000 },
71     [VIRT_PLATFORM_BUS] = {  0x4000000,     0x2000000 },
72     [VIRT_PLIC] =         {  0xc000000, VIRT_PLIC_SIZE(VIRT_CPUS_MAX * 2) },
73     [VIRT_APLIC_M] =      {  0xc000000, APLIC_SIZE(VIRT_CPUS_MAX) },
74     [VIRT_APLIC_S] =      {  0xd000000, APLIC_SIZE(VIRT_CPUS_MAX) },
75     [VIRT_UART0] =        { 0x10000000,         0x100 },
76     [VIRT_VIRTIO] =       { 0x10001000,        0x1000 },
77     [VIRT_FW_CFG] =       { 0x10100000,          0x18 },
78     [VIRT_FLASH] =        { 0x20000000,     0x4000000 },
79     [VIRT_IMSIC_M] =      { 0x24000000, VIRT_IMSIC_MAX_SIZE },
80     [VIRT_IMSIC_S] =      { 0x28000000, VIRT_IMSIC_MAX_SIZE },
81     [VIRT_PCIE_ECAM] =    { 0x30000000,    0x10000000 },
82     [VIRT_PCIE_MMIO] =    { 0x40000000,    0x40000000 },
83     [VIRT_DRAM] =         { 0x80000000,           0x0 },
84 };
85 
86 /* PCIe high mmio is fixed for RV32 */
87 #define VIRT32_HIGH_PCIE_MMIO_BASE  0x300000000ULL
88 #define VIRT32_HIGH_PCIE_MMIO_SIZE  (4 * GiB)
89 
90 /* PCIe high mmio for RV64, size is fixed but base depends on top of RAM */
91 #define VIRT64_HIGH_PCIE_MMIO_SIZE  (16 * GiB)
92 
93 static MemMapEntry virt_high_pcie_memmap;
94 
95 #define VIRT_FLASH_SECTOR_SIZE (256 * KiB)
96 
97 static PFlashCFI01 *virt_flash_create1(RISCVVirtState *s,
98                                        const char *name,
99                                        const char *alias_prop_name)
100 {
101     /*
102      * Create a single flash device.  We use the same parameters as
103      * the flash devices on the ARM virt board.
104      */
105     DeviceState *dev = qdev_new(TYPE_PFLASH_CFI01);
106 
107     qdev_prop_set_uint64(dev, "sector-length", VIRT_FLASH_SECTOR_SIZE);
108     qdev_prop_set_uint8(dev, "width", 4);
109     qdev_prop_set_uint8(dev, "device-width", 2);
110     qdev_prop_set_bit(dev, "big-endian", false);
111     qdev_prop_set_uint16(dev, "id0", 0x89);
112     qdev_prop_set_uint16(dev, "id1", 0x18);
113     qdev_prop_set_uint16(dev, "id2", 0x00);
114     qdev_prop_set_uint16(dev, "id3", 0x00);
115     qdev_prop_set_string(dev, "name", name);
116 
117     object_property_add_child(OBJECT(s), name, OBJECT(dev));
118     object_property_add_alias(OBJECT(s), alias_prop_name,
119                               OBJECT(dev), "drive");
120 
121     return PFLASH_CFI01(dev);
122 }
123 
124 static void virt_flash_create(RISCVVirtState *s)
125 {
126     s->flash[0] = virt_flash_create1(s, "virt.flash0", "pflash0");
127     s->flash[1] = virt_flash_create1(s, "virt.flash1", "pflash1");
128 }
129 
130 static void virt_flash_map1(PFlashCFI01 *flash,
131                             hwaddr base, hwaddr size,
132                             MemoryRegion *sysmem)
133 {
134     DeviceState *dev = DEVICE(flash);
135 
136     assert(QEMU_IS_ALIGNED(size, VIRT_FLASH_SECTOR_SIZE));
137     assert(size / VIRT_FLASH_SECTOR_SIZE <= UINT32_MAX);
138     qdev_prop_set_uint32(dev, "num-blocks", size / VIRT_FLASH_SECTOR_SIZE);
139     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
140 
141     memory_region_add_subregion(sysmem, base,
142                                 sysbus_mmio_get_region(SYS_BUS_DEVICE(dev),
143                                                        0));
144 }
145 
146 static void virt_flash_map(RISCVVirtState *s,
147                            MemoryRegion *sysmem)
148 {
149     hwaddr flashsize = virt_memmap[VIRT_FLASH].size / 2;
150     hwaddr flashbase = virt_memmap[VIRT_FLASH].base;
151 
152     virt_flash_map1(s->flash[0], flashbase, flashsize,
153                     sysmem);
154     virt_flash_map1(s->flash[1], flashbase + flashsize, flashsize,
155                     sysmem);
156 }
157 
158 static void create_pcie_irq_map(RISCVVirtState *s, void *fdt, char *nodename,
159                                 uint32_t irqchip_phandle)
160 {
161     int pin, dev;
162     uint32_t irq_map_stride = 0;
163     uint32_t full_irq_map[GPEX_NUM_IRQS * GPEX_NUM_IRQS *
164                           FDT_MAX_INT_MAP_WIDTH] = {};
165     uint32_t *irq_map = full_irq_map;
166 
167     /* This code creates a standard swizzle of interrupts such that
168      * each device's first interrupt is based on it's PCI_SLOT number.
169      * (See pci_swizzle_map_irq_fn())
170      *
171      * We only need one entry per interrupt in the table (not one per
172      * possible slot) seeing the interrupt-map-mask will allow the table
173      * to wrap to any number of devices.
174      */
175     for (dev = 0; dev < GPEX_NUM_IRQS; dev++) {
176         int devfn = dev * 0x8;
177 
178         for (pin = 0; pin < GPEX_NUM_IRQS; pin++) {
179             int irq_nr = PCIE_IRQ + ((pin + PCI_SLOT(devfn)) % GPEX_NUM_IRQS);
180             int i = 0;
181 
182             /* Fill PCI address cells */
183             irq_map[i] = cpu_to_be32(devfn << 8);
184             i += FDT_PCI_ADDR_CELLS;
185 
186             /* Fill PCI Interrupt cells */
187             irq_map[i] = cpu_to_be32(pin + 1);
188             i += FDT_PCI_INT_CELLS;
189 
190             /* Fill interrupt controller phandle and cells */
191             irq_map[i++] = cpu_to_be32(irqchip_phandle);
192             irq_map[i++] = cpu_to_be32(irq_nr);
193             if (s->aia_type != VIRT_AIA_TYPE_NONE) {
194                 irq_map[i++] = cpu_to_be32(0x4);
195             }
196 
197             if (!irq_map_stride) {
198                 irq_map_stride = i;
199             }
200             irq_map += irq_map_stride;
201         }
202     }
203 
204     qemu_fdt_setprop(fdt, nodename, "interrupt-map", full_irq_map,
205                      GPEX_NUM_IRQS * GPEX_NUM_IRQS *
206                      irq_map_stride * sizeof(uint32_t));
207 
208     qemu_fdt_setprop_cells(fdt, nodename, "interrupt-map-mask",
209                            0x1800, 0, 0, 0x7);
210 }
211 
212 static void create_fdt_socket_cpus(RISCVVirtState *s, int socket,
213                                    char *clust_name, uint32_t *phandle,
214                                    uint32_t *intc_phandles)
215 {
216     int cpu;
217     uint32_t cpu_phandle;
218     MachineState *ms = MACHINE(s);
219     bool is_32_bit = riscv_is_32bit(&s->soc[0]);
220     uint8_t satp_mode_max;
221 
222     for (cpu = s->soc[socket].num_harts - 1; cpu >= 0; cpu--) {
223         RISCVCPU *cpu_ptr = &s->soc[socket].harts[cpu];
224         g_autofree char *cpu_name = NULL;
225         g_autofree char *core_name = NULL;
226         g_autofree char *intc_name = NULL;
227         g_autofree char *sv_name = NULL;
228 
229         cpu_phandle = (*phandle)++;
230 
231         cpu_name = g_strdup_printf("/cpus/cpu@%d",
232             s->soc[socket].hartid_base + cpu);
233         qemu_fdt_add_subnode(ms->fdt, cpu_name);
234 
235         if (cpu_ptr->cfg.satp_mode.supported != 0) {
236             satp_mode_max = satp_mode_max_from_map(cpu_ptr->cfg.satp_mode.map);
237             sv_name = g_strdup_printf("riscv,%s",
238                                       satp_mode_str(satp_mode_max, is_32_bit));
239             qemu_fdt_setprop_string(ms->fdt, cpu_name, "mmu-type", sv_name);
240         }
241 
242         riscv_isa_write_fdt(cpu_ptr, ms->fdt, cpu_name);
243 
244         if (cpu_ptr->cfg.ext_zicbom) {
245             qemu_fdt_setprop_cell(ms->fdt, cpu_name, "riscv,cbom-block-size",
246                                   cpu_ptr->cfg.cbom_blocksize);
247         }
248 
249         if (cpu_ptr->cfg.ext_zicboz) {
250             qemu_fdt_setprop_cell(ms->fdt, cpu_name, "riscv,cboz-block-size",
251                                   cpu_ptr->cfg.cboz_blocksize);
252         }
253 
254         if (cpu_ptr->cfg.ext_zicbop) {
255             qemu_fdt_setprop_cell(ms->fdt, cpu_name, "riscv,cbop-block-size",
256                                   cpu_ptr->cfg.cbop_blocksize);
257         }
258 
259         qemu_fdt_setprop_string(ms->fdt, cpu_name, "compatible", "riscv");
260         qemu_fdt_setprop_string(ms->fdt, cpu_name, "status", "okay");
261         qemu_fdt_setprop_cell(ms->fdt, cpu_name, "reg",
262             s->soc[socket].hartid_base + cpu);
263         qemu_fdt_setprop_string(ms->fdt, cpu_name, "device_type", "cpu");
264         riscv_socket_fdt_write_id(ms, cpu_name, socket);
265         qemu_fdt_setprop_cell(ms->fdt, cpu_name, "phandle", cpu_phandle);
266 
267         intc_phandles[cpu] = (*phandle)++;
268 
269         intc_name = g_strdup_printf("%s/interrupt-controller", cpu_name);
270         qemu_fdt_add_subnode(ms->fdt, intc_name);
271         qemu_fdt_setprop_cell(ms->fdt, intc_name, "phandle",
272             intc_phandles[cpu]);
273         qemu_fdt_setprop_string(ms->fdt, intc_name, "compatible",
274             "riscv,cpu-intc");
275         qemu_fdt_setprop(ms->fdt, intc_name, "interrupt-controller", NULL, 0);
276         qemu_fdt_setprop_cell(ms->fdt, intc_name, "#interrupt-cells", 1);
277 
278         core_name = g_strdup_printf("%s/core%d", clust_name, cpu);
279         qemu_fdt_add_subnode(ms->fdt, core_name);
280         qemu_fdt_setprop_cell(ms->fdt, core_name, "cpu", cpu_phandle);
281     }
282 }
283 
284 static void create_fdt_socket_memory(RISCVVirtState *s,
285                                      const MemMapEntry *memmap, int socket)
286 {
287     g_autofree char *mem_name = NULL;
288     uint64_t addr, size;
289     MachineState *ms = MACHINE(s);
290 
291     addr = memmap[VIRT_DRAM].base + riscv_socket_mem_offset(ms, socket);
292     size = riscv_socket_mem_size(ms, socket);
293     mem_name = g_strdup_printf("/memory@%lx", (long)addr);
294     qemu_fdt_add_subnode(ms->fdt, mem_name);
295     qemu_fdt_setprop_cells(ms->fdt, mem_name, "reg",
296         addr >> 32, addr, size >> 32, size);
297     qemu_fdt_setprop_string(ms->fdt, mem_name, "device_type", "memory");
298     riscv_socket_fdt_write_id(ms, mem_name, socket);
299 }
300 
301 static void create_fdt_socket_clint(RISCVVirtState *s,
302                                     const MemMapEntry *memmap, int socket,
303                                     uint32_t *intc_phandles)
304 {
305     int cpu;
306     g_autofree char *clint_name = NULL;
307     g_autofree uint32_t *clint_cells = NULL;
308     unsigned long clint_addr;
309     MachineState *ms = MACHINE(s);
310     static const char * const clint_compat[2] = {
311         "sifive,clint0", "riscv,clint0"
312     };
313 
314     clint_cells = g_new0(uint32_t, s->soc[socket].num_harts * 4);
315 
316     for (cpu = 0; cpu < s->soc[socket].num_harts; cpu++) {
317         clint_cells[cpu * 4 + 0] = cpu_to_be32(intc_phandles[cpu]);
318         clint_cells[cpu * 4 + 1] = cpu_to_be32(IRQ_M_SOFT);
319         clint_cells[cpu * 4 + 2] = cpu_to_be32(intc_phandles[cpu]);
320         clint_cells[cpu * 4 + 3] = cpu_to_be32(IRQ_M_TIMER);
321     }
322 
323     clint_addr = memmap[VIRT_CLINT].base + (memmap[VIRT_CLINT].size * socket);
324     clint_name = g_strdup_printf("/soc/clint@%lx", clint_addr);
325     qemu_fdt_add_subnode(ms->fdt, clint_name);
326     qemu_fdt_setprop_string_array(ms->fdt, clint_name, "compatible",
327                                   (char **)&clint_compat,
328                                   ARRAY_SIZE(clint_compat));
329     qemu_fdt_setprop_cells(ms->fdt, clint_name, "reg",
330         0x0, clint_addr, 0x0, memmap[VIRT_CLINT].size);
331     qemu_fdt_setprop(ms->fdt, clint_name, "interrupts-extended",
332         clint_cells, s->soc[socket].num_harts * sizeof(uint32_t) * 4);
333     riscv_socket_fdt_write_id(ms, clint_name, socket);
334 }
335 
336 static void create_fdt_socket_aclint(RISCVVirtState *s,
337                                      const MemMapEntry *memmap, int socket,
338                                      uint32_t *intc_phandles)
339 {
340     int cpu;
341     char *name;
342     unsigned long addr, size;
343     uint32_t aclint_cells_size;
344     g_autofree uint32_t *aclint_mswi_cells = NULL;
345     g_autofree uint32_t *aclint_sswi_cells = NULL;
346     g_autofree uint32_t *aclint_mtimer_cells = NULL;
347     MachineState *ms = MACHINE(s);
348 
349     aclint_mswi_cells = g_new0(uint32_t, s->soc[socket].num_harts * 2);
350     aclint_mtimer_cells = g_new0(uint32_t, s->soc[socket].num_harts * 2);
351     aclint_sswi_cells = g_new0(uint32_t, s->soc[socket].num_harts * 2);
352 
353     for (cpu = 0; cpu < s->soc[socket].num_harts; cpu++) {
354         aclint_mswi_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
355         aclint_mswi_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_M_SOFT);
356         aclint_mtimer_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
357         aclint_mtimer_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_M_TIMER);
358         aclint_sswi_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
359         aclint_sswi_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_S_SOFT);
360     }
361     aclint_cells_size = s->soc[socket].num_harts * sizeof(uint32_t) * 2;
362 
363     if (s->aia_type != VIRT_AIA_TYPE_APLIC_IMSIC) {
364         addr = memmap[VIRT_CLINT].base + (memmap[VIRT_CLINT].size * socket);
365         name = g_strdup_printf("/soc/mswi@%lx", addr);
366         qemu_fdt_add_subnode(ms->fdt, name);
367         qemu_fdt_setprop_string(ms->fdt, name, "compatible",
368             "riscv,aclint-mswi");
369         qemu_fdt_setprop_cells(ms->fdt, name, "reg",
370             0x0, addr, 0x0, RISCV_ACLINT_SWI_SIZE);
371         qemu_fdt_setprop(ms->fdt, name, "interrupts-extended",
372             aclint_mswi_cells, aclint_cells_size);
373         qemu_fdt_setprop(ms->fdt, name, "interrupt-controller", NULL, 0);
374         qemu_fdt_setprop_cell(ms->fdt, name, "#interrupt-cells", 0);
375         riscv_socket_fdt_write_id(ms, name, socket);
376         g_free(name);
377     }
378 
379     if (s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC) {
380         addr = memmap[VIRT_CLINT].base +
381                (RISCV_ACLINT_DEFAULT_MTIMER_SIZE * socket);
382         size = RISCV_ACLINT_DEFAULT_MTIMER_SIZE;
383     } else {
384         addr = memmap[VIRT_CLINT].base + RISCV_ACLINT_SWI_SIZE +
385             (memmap[VIRT_CLINT].size * socket);
386         size = memmap[VIRT_CLINT].size - RISCV_ACLINT_SWI_SIZE;
387     }
388     name = g_strdup_printf("/soc/mtimer@%lx", addr);
389     qemu_fdt_add_subnode(ms->fdt, name);
390     qemu_fdt_setprop_string(ms->fdt, name, "compatible",
391         "riscv,aclint-mtimer");
392     qemu_fdt_setprop_cells(ms->fdt, name, "reg",
393         0x0, addr + RISCV_ACLINT_DEFAULT_MTIME,
394         0x0, size - RISCV_ACLINT_DEFAULT_MTIME,
395         0x0, addr + RISCV_ACLINT_DEFAULT_MTIMECMP,
396         0x0, RISCV_ACLINT_DEFAULT_MTIME);
397     qemu_fdt_setprop(ms->fdt, name, "interrupts-extended",
398         aclint_mtimer_cells, aclint_cells_size);
399     riscv_socket_fdt_write_id(ms, name, socket);
400     g_free(name);
401 
402     if (s->aia_type != VIRT_AIA_TYPE_APLIC_IMSIC) {
403         addr = memmap[VIRT_ACLINT_SSWI].base +
404             (memmap[VIRT_ACLINT_SSWI].size * socket);
405         name = g_strdup_printf("/soc/sswi@%lx", addr);
406         qemu_fdt_add_subnode(ms->fdt, name);
407         qemu_fdt_setprop_string(ms->fdt, name, "compatible",
408             "riscv,aclint-sswi");
409         qemu_fdt_setprop_cells(ms->fdt, name, "reg",
410             0x0, addr, 0x0, memmap[VIRT_ACLINT_SSWI].size);
411         qemu_fdt_setprop(ms->fdt, name, "interrupts-extended",
412             aclint_sswi_cells, aclint_cells_size);
413         qemu_fdt_setprop(ms->fdt, name, "interrupt-controller", NULL, 0);
414         qemu_fdt_setprop_cell(ms->fdt, name, "#interrupt-cells", 0);
415         riscv_socket_fdt_write_id(ms, name, socket);
416         g_free(name);
417     }
418 }
419 
420 static void create_fdt_socket_plic(RISCVVirtState *s,
421                                    const MemMapEntry *memmap, int socket,
422                                    uint32_t *phandle, uint32_t *intc_phandles,
423                                    uint32_t *plic_phandles)
424 {
425     int cpu;
426     g_autofree char *plic_name = NULL;
427     g_autofree uint32_t *plic_cells;
428     unsigned long plic_addr;
429     MachineState *ms = MACHINE(s);
430     static const char * const plic_compat[2] = {
431         "sifive,plic-1.0.0", "riscv,plic0"
432     };
433 
434     plic_phandles[socket] = (*phandle)++;
435     plic_addr = memmap[VIRT_PLIC].base + (memmap[VIRT_PLIC].size * socket);
436     plic_name = g_strdup_printf("/soc/plic@%lx", plic_addr);
437     qemu_fdt_add_subnode(ms->fdt, plic_name);
438     qemu_fdt_setprop_cell(ms->fdt, plic_name,
439         "#interrupt-cells", FDT_PLIC_INT_CELLS);
440     qemu_fdt_setprop_cell(ms->fdt, plic_name,
441         "#address-cells", FDT_PLIC_ADDR_CELLS);
442     qemu_fdt_setprop_string_array(ms->fdt, plic_name, "compatible",
443                                   (char **)&plic_compat,
444                                   ARRAY_SIZE(plic_compat));
445     qemu_fdt_setprop(ms->fdt, plic_name, "interrupt-controller", NULL, 0);
446 
447     if (kvm_enabled()) {
448         plic_cells = g_new0(uint32_t, s->soc[socket].num_harts * 2);
449 
450         for (cpu = 0; cpu < s->soc[socket].num_harts; cpu++) {
451             plic_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
452             plic_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_S_EXT);
453         }
454 
455         qemu_fdt_setprop(ms->fdt, plic_name, "interrupts-extended",
456                          plic_cells,
457                          s->soc[socket].num_harts * sizeof(uint32_t) * 2);
458    } else {
459         plic_cells = g_new0(uint32_t, s->soc[socket].num_harts * 4);
460 
461         for (cpu = 0; cpu < s->soc[socket].num_harts; cpu++) {
462             plic_cells[cpu * 4 + 0] = cpu_to_be32(intc_phandles[cpu]);
463             plic_cells[cpu * 4 + 1] = cpu_to_be32(IRQ_M_EXT);
464             plic_cells[cpu * 4 + 2] = cpu_to_be32(intc_phandles[cpu]);
465             plic_cells[cpu * 4 + 3] = cpu_to_be32(IRQ_S_EXT);
466         }
467 
468         qemu_fdt_setprop(ms->fdt, plic_name, "interrupts-extended",
469                          plic_cells,
470                          s->soc[socket].num_harts * sizeof(uint32_t) * 4);
471     }
472 
473     qemu_fdt_setprop_cells(ms->fdt, plic_name, "reg",
474         0x0, plic_addr, 0x0, memmap[VIRT_PLIC].size);
475     qemu_fdt_setprop_cell(ms->fdt, plic_name, "riscv,ndev",
476                           VIRT_IRQCHIP_NUM_SOURCES - 1);
477     riscv_socket_fdt_write_id(ms, plic_name, socket);
478     qemu_fdt_setprop_cell(ms->fdt, plic_name, "phandle",
479         plic_phandles[socket]);
480 
481     if (!socket) {
482         platform_bus_add_all_fdt_nodes(ms->fdt, plic_name,
483                                        memmap[VIRT_PLATFORM_BUS].base,
484                                        memmap[VIRT_PLATFORM_BUS].size,
485                                        VIRT_PLATFORM_BUS_IRQ);
486     }
487 }
488 
489 uint32_t imsic_num_bits(uint32_t count)
490 {
491     uint32_t ret = 0;
492 
493     while (BIT(ret) < count) {
494         ret++;
495     }
496 
497     return ret;
498 }
499 
500 static void create_fdt_one_imsic(RISCVVirtState *s, hwaddr base_addr,
501                                  uint32_t *intc_phandles, uint32_t msi_phandle,
502                                  bool m_mode, uint32_t imsic_guest_bits)
503 {
504     int cpu, socket;
505     g_autofree char *imsic_name = NULL;
506     MachineState *ms = MACHINE(s);
507     int socket_count = riscv_socket_count(ms);
508     uint32_t imsic_max_hart_per_socket, imsic_addr, imsic_size;
509     g_autofree uint32_t *imsic_cells = NULL;
510     g_autofree uint32_t *imsic_regs = NULL;
511 
512     imsic_cells = g_new0(uint32_t, ms->smp.cpus * 2);
513     imsic_regs = g_new0(uint32_t, socket_count * 4);
514 
515     for (cpu = 0; cpu < ms->smp.cpus; cpu++) {
516         imsic_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
517         imsic_cells[cpu * 2 + 1] = cpu_to_be32(m_mode ? IRQ_M_EXT : IRQ_S_EXT);
518     }
519 
520     imsic_max_hart_per_socket = 0;
521     for (socket = 0; socket < socket_count; socket++) {
522         imsic_addr = base_addr + socket * VIRT_IMSIC_GROUP_MAX_SIZE;
523         imsic_size = IMSIC_HART_SIZE(imsic_guest_bits) *
524                      s->soc[socket].num_harts;
525         imsic_regs[socket * 4 + 0] = 0;
526         imsic_regs[socket * 4 + 1] = cpu_to_be32(imsic_addr);
527         imsic_regs[socket * 4 + 2] = 0;
528         imsic_regs[socket * 4 + 3] = cpu_to_be32(imsic_size);
529         if (imsic_max_hart_per_socket < s->soc[socket].num_harts) {
530             imsic_max_hart_per_socket = s->soc[socket].num_harts;
531         }
532     }
533 
534     imsic_name = g_strdup_printf("/soc/imsics@%lx", (unsigned long)base_addr);
535     qemu_fdt_add_subnode(ms->fdt, imsic_name);
536     qemu_fdt_setprop_string(ms->fdt, imsic_name, "compatible", "riscv,imsics");
537     qemu_fdt_setprop_cell(ms->fdt, imsic_name, "#interrupt-cells",
538                           FDT_IMSIC_INT_CELLS);
539     qemu_fdt_setprop(ms->fdt, imsic_name, "interrupt-controller", NULL, 0);
540     qemu_fdt_setprop(ms->fdt, imsic_name, "msi-controller", NULL, 0);
541     qemu_fdt_setprop(ms->fdt, imsic_name, "interrupts-extended",
542                      imsic_cells, ms->smp.cpus * sizeof(uint32_t) * 2);
543     qemu_fdt_setprop(ms->fdt, imsic_name, "reg", imsic_regs,
544                      socket_count * sizeof(uint32_t) * 4);
545     qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,num-ids",
546                      VIRT_IRQCHIP_NUM_MSIS);
547 
548     if (imsic_guest_bits) {
549         qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,guest-index-bits",
550                               imsic_guest_bits);
551     }
552 
553     if (socket_count > 1) {
554         qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,hart-index-bits",
555                               imsic_num_bits(imsic_max_hart_per_socket));
556         qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,group-index-bits",
557                               imsic_num_bits(socket_count));
558         qemu_fdt_setprop_cell(ms->fdt, imsic_name, "riscv,group-index-shift",
559                               IMSIC_MMIO_GROUP_MIN_SHIFT);
560     }
561     qemu_fdt_setprop_cell(ms->fdt, imsic_name, "phandle", msi_phandle);
562 }
563 
564 static void create_fdt_imsic(RISCVVirtState *s, const MemMapEntry *memmap,
565                              uint32_t *phandle, uint32_t *intc_phandles,
566                              uint32_t *msi_m_phandle, uint32_t *msi_s_phandle)
567 {
568     *msi_m_phandle = (*phandle)++;
569     *msi_s_phandle = (*phandle)++;
570 
571     if (!kvm_enabled()) {
572         /* M-level IMSIC node */
573         create_fdt_one_imsic(s, memmap[VIRT_IMSIC_M].base, intc_phandles,
574                              *msi_m_phandle, true, 0);
575     }
576 
577     /* S-level IMSIC node */
578     create_fdt_one_imsic(s, memmap[VIRT_IMSIC_S].base, intc_phandles,
579                          *msi_s_phandle, false,
580                          imsic_num_bits(s->aia_guests + 1));
581 
582 }
583 
584 static void create_fdt_one_aplic(RISCVVirtState *s, int socket,
585                                  unsigned long aplic_addr, uint32_t aplic_size,
586                                  uint32_t msi_phandle,
587                                  uint32_t *intc_phandles,
588                                  uint32_t aplic_phandle,
589                                  uint32_t aplic_child_phandle,
590                                  bool m_mode, int num_harts)
591 {
592     int cpu;
593     g_autofree char *aplic_name = NULL;
594     g_autofree uint32_t *aplic_cells = g_new0(uint32_t, num_harts * 2);
595     MachineState *ms = MACHINE(s);
596 
597     for (cpu = 0; cpu < num_harts; cpu++) {
598         aplic_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
599         aplic_cells[cpu * 2 + 1] = cpu_to_be32(m_mode ? IRQ_M_EXT : IRQ_S_EXT);
600     }
601 
602     aplic_name = g_strdup_printf("/soc/aplic@%lx", aplic_addr);
603     qemu_fdt_add_subnode(ms->fdt, aplic_name);
604     qemu_fdt_setprop_string(ms->fdt, aplic_name, "compatible", "riscv,aplic");
605     qemu_fdt_setprop_cell(ms->fdt, aplic_name,
606                           "#interrupt-cells", FDT_APLIC_INT_CELLS);
607     qemu_fdt_setprop(ms->fdt, aplic_name, "interrupt-controller", NULL, 0);
608 
609     if (s->aia_type == VIRT_AIA_TYPE_APLIC) {
610         qemu_fdt_setprop(ms->fdt, aplic_name, "interrupts-extended",
611                          aplic_cells, num_harts * sizeof(uint32_t) * 2);
612     } else {
613         qemu_fdt_setprop_cell(ms->fdt, aplic_name, "msi-parent", msi_phandle);
614     }
615 
616     qemu_fdt_setprop_cells(ms->fdt, aplic_name, "reg",
617                            0x0, aplic_addr, 0x0, aplic_size);
618     qemu_fdt_setprop_cell(ms->fdt, aplic_name, "riscv,num-sources",
619                           VIRT_IRQCHIP_NUM_SOURCES);
620 
621     if (aplic_child_phandle) {
622         qemu_fdt_setprop_cell(ms->fdt, aplic_name, "riscv,children",
623                               aplic_child_phandle);
624         qemu_fdt_setprop_cells(ms->fdt, aplic_name, "riscv,delegate",
625                                aplic_child_phandle, 0x1,
626                                VIRT_IRQCHIP_NUM_SOURCES);
627     }
628 
629     riscv_socket_fdt_write_id(ms, aplic_name, socket);
630     qemu_fdt_setprop_cell(ms->fdt, aplic_name, "phandle", aplic_phandle);
631 }
632 
633 static void create_fdt_socket_aplic(RISCVVirtState *s,
634                                     const MemMapEntry *memmap, int socket,
635                                     uint32_t msi_m_phandle,
636                                     uint32_t msi_s_phandle,
637                                     uint32_t *phandle,
638                                     uint32_t *intc_phandles,
639                                     uint32_t *aplic_phandles,
640                                     int num_harts)
641 {
642     g_autofree char *aplic_name = NULL;
643     unsigned long aplic_addr;
644     MachineState *ms = MACHINE(s);
645     uint32_t aplic_m_phandle, aplic_s_phandle;
646 
647     aplic_m_phandle = (*phandle)++;
648     aplic_s_phandle = (*phandle)++;
649 
650     if (!kvm_enabled()) {
651         /* M-level APLIC node */
652         aplic_addr = memmap[VIRT_APLIC_M].base +
653                      (memmap[VIRT_APLIC_M].size * socket);
654         create_fdt_one_aplic(s, socket, aplic_addr, memmap[VIRT_APLIC_M].size,
655                              msi_m_phandle, intc_phandles,
656                              aplic_m_phandle, aplic_s_phandle,
657                              true, num_harts);
658     }
659 
660     /* S-level APLIC node */
661     aplic_addr = memmap[VIRT_APLIC_S].base +
662                  (memmap[VIRT_APLIC_S].size * socket);
663     create_fdt_one_aplic(s, socket, aplic_addr, memmap[VIRT_APLIC_S].size,
664                          msi_s_phandle, intc_phandles,
665                          aplic_s_phandle, 0,
666                          false, num_harts);
667 
668     aplic_name = g_strdup_printf("/soc/aplic@%lx", aplic_addr);
669 
670     if (!socket) {
671         platform_bus_add_all_fdt_nodes(ms->fdt, aplic_name,
672                                        memmap[VIRT_PLATFORM_BUS].base,
673                                        memmap[VIRT_PLATFORM_BUS].size,
674                                        VIRT_PLATFORM_BUS_IRQ);
675     }
676 
677     aplic_phandles[socket] = aplic_s_phandle;
678 }
679 
680 static void create_fdt_pmu(RISCVVirtState *s)
681 {
682     g_autofree char *pmu_name = g_strdup_printf("/pmu");
683     MachineState *ms = MACHINE(s);
684     RISCVCPU hart = s->soc[0].harts[0];
685 
686     qemu_fdt_add_subnode(ms->fdt, pmu_name);
687     qemu_fdt_setprop_string(ms->fdt, pmu_name, "compatible", "riscv,pmu");
688     riscv_pmu_generate_fdt_node(ms->fdt, hart.pmu_avail_ctrs, pmu_name);
689 }
690 
691 static void create_fdt_sockets(RISCVVirtState *s, const MemMapEntry *memmap,
692                                uint32_t *phandle,
693                                uint32_t *irq_mmio_phandle,
694                                uint32_t *irq_pcie_phandle,
695                                uint32_t *irq_virtio_phandle,
696                                uint32_t *msi_pcie_phandle)
697 {
698     int socket, phandle_pos;
699     MachineState *ms = MACHINE(s);
700     uint32_t msi_m_phandle = 0, msi_s_phandle = 0;
701     uint32_t xplic_phandles[MAX_NODES];
702     g_autofree uint32_t *intc_phandles = NULL;
703     int socket_count = riscv_socket_count(ms);
704 
705     qemu_fdt_add_subnode(ms->fdt, "/cpus");
706     qemu_fdt_setprop_cell(ms->fdt, "/cpus", "timebase-frequency",
707                           RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ);
708     qemu_fdt_setprop_cell(ms->fdt, "/cpus", "#size-cells", 0x0);
709     qemu_fdt_setprop_cell(ms->fdt, "/cpus", "#address-cells", 0x1);
710     qemu_fdt_add_subnode(ms->fdt, "/cpus/cpu-map");
711 
712     intc_phandles = g_new0(uint32_t, ms->smp.cpus);
713 
714     phandle_pos = ms->smp.cpus;
715     for (socket = (socket_count - 1); socket >= 0; socket--) {
716         g_autofree char *clust_name = NULL;
717         phandle_pos -= s->soc[socket].num_harts;
718 
719         clust_name = g_strdup_printf("/cpus/cpu-map/cluster%d", socket);
720         qemu_fdt_add_subnode(ms->fdt, clust_name);
721 
722         create_fdt_socket_cpus(s, socket, clust_name, phandle,
723                                &intc_phandles[phandle_pos]);
724 
725         create_fdt_socket_memory(s, memmap, socket);
726 
727         if (tcg_enabled()) {
728             if (s->have_aclint) {
729                 create_fdt_socket_aclint(s, memmap, socket,
730                     &intc_phandles[phandle_pos]);
731             } else {
732                 create_fdt_socket_clint(s, memmap, socket,
733                     &intc_phandles[phandle_pos]);
734             }
735         }
736     }
737 
738     if (s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC) {
739         create_fdt_imsic(s, memmap, phandle, intc_phandles,
740             &msi_m_phandle, &msi_s_phandle);
741         *msi_pcie_phandle = msi_s_phandle;
742     }
743 
744     /* KVM AIA only has one APLIC instance */
745     if (kvm_enabled() && virt_use_kvm_aia(s)) {
746         create_fdt_socket_aplic(s, memmap, 0,
747                                 msi_m_phandle, msi_s_phandle, phandle,
748                                 &intc_phandles[0], xplic_phandles,
749                                 ms->smp.cpus);
750     } else {
751         phandle_pos = ms->smp.cpus;
752         for (socket = (socket_count - 1); socket >= 0; socket--) {
753             phandle_pos -= s->soc[socket].num_harts;
754 
755             if (s->aia_type == VIRT_AIA_TYPE_NONE) {
756                 create_fdt_socket_plic(s, memmap, socket, phandle,
757                                        &intc_phandles[phandle_pos],
758                                        xplic_phandles);
759             } else {
760                 create_fdt_socket_aplic(s, memmap, socket,
761                                         msi_m_phandle, msi_s_phandle, phandle,
762                                         &intc_phandles[phandle_pos],
763                                         xplic_phandles,
764                                         s->soc[socket].num_harts);
765             }
766         }
767     }
768 
769     if (kvm_enabled() && virt_use_kvm_aia(s)) {
770         *irq_mmio_phandle = xplic_phandles[0];
771         *irq_virtio_phandle = xplic_phandles[0];
772         *irq_pcie_phandle = xplic_phandles[0];
773     } else {
774         for (socket = 0; socket < socket_count; socket++) {
775             if (socket == 0) {
776                 *irq_mmio_phandle = xplic_phandles[socket];
777                 *irq_virtio_phandle = xplic_phandles[socket];
778                 *irq_pcie_phandle = xplic_phandles[socket];
779             }
780             if (socket == 1) {
781                 *irq_virtio_phandle = xplic_phandles[socket];
782                 *irq_pcie_phandle = xplic_phandles[socket];
783             }
784             if (socket == 2) {
785                 *irq_pcie_phandle = xplic_phandles[socket];
786             }
787         }
788     }
789 
790     riscv_socket_fdt_write_distance_matrix(ms);
791 }
792 
793 static void create_fdt_virtio(RISCVVirtState *s, const MemMapEntry *memmap,
794                               uint32_t irq_virtio_phandle)
795 {
796     int i;
797     MachineState *ms = MACHINE(s);
798 
799     for (i = 0; i < VIRTIO_COUNT; i++) {
800         g_autofree char *name =  g_strdup_printf("/soc/virtio_mmio@%lx",
801             (long)(memmap[VIRT_VIRTIO].base + i * memmap[VIRT_VIRTIO].size));
802 
803         qemu_fdt_add_subnode(ms->fdt, name);
804         qemu_fdt_setprop_string(ms->fdt, name, "compatible", "virtio,mmio");
805         qemu_fdt_setprop_cells(ms->fdt, name, "reg",
806             0x0, memmap[VIRT_VIRTIO].base + i * memmap[VIRT_VIRTIO].size,
807             0x0, memmap[VIRT_VIRTIO].size);
808         qemu_fdt_setprop_cell(ms->fdt, name, "interrupt-parent",
809             irq_virtio_phandle);
810         if (s->aia_type == VIRT_AIA_TYPE_NONE) {
811             qemu_fdt_setprop_cell(ms->fdt, name, "interrupts",
812                                   VIRTIO_IRQ + i);
813         } else {
814             qemu_fdt_setprop_cells(ms->fdt, name, "interrupts",
815                                    VIRTIO_IRQ + i, 0x4);
816         }
817     }
818 }
819 
820 static void create_fdt_pcie(RISCVVirtState *s, const MemMapEntry *memmap,
821                             uint32_t irq_pcie_phandle,
822                             uint32_t msi_pcie_phandle)
823 {
824     g_autofree char *name = NULL;
825     MachineState *ms = MACHINE(s);
826 
827     name = g_strdup_printf("/soc/pci@%lx",
828         (long) memmap[VIRT_PCIE_ECAM].base);
829     qemu_fdt_add_subnode(ms->fdt, name);
830     qemu_fdt_setprop_cell(ms->fdt, name, "#address-cells",
831         FDT_PCI_ADDR_CELLS);
832     qemu_fdt_setprop_cell(ms->fdt, name, "#interrupt-cells",
833         FDT_PCI_INT_CELLS);
834     qemu_fdt_setprop_cell(ms->fdt, name, "#size-cells", 0x2);
835     qemu_fdt_setprop_string(ms->fdt, name, "compatible",
836         "pci-host-ecam-generic");
837     qemu_fdt_setprop_string(ms->fdt, name, "device_type", "pci");
838     qemu_fdt_setprop_cell(ms->fdt, name, "linux,pci-domain", 0);
839     qemu_fdt_setprop_cells(ms->fdt, name, "bus-range", 0,
840         memmap[VIRT_PCIE_ECAM].size / PCIE_MMCFG_SIZE_MIN - 1);
841     qemu_fdt_setprop(ms->fdt, name, "dma-coherent", NULL, 0);
842     if (s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC) {
843         qemu_fdt_setprop_cell(ms->fdt, name, "msi-parent", msi_pcie_phandle);
844     }
845     qemu_fdt_setprop_cells(ms->fdt, name, "reg", 0,
846         memmap[VIRT_PCIE_ECAM].base, 0, memmap[VIRT_PCIE_ECAM].size);
847     qemu_fdt_setprop_sized_cells(ms->fdt, name, "ranges",
848         1, FDT_PCI_RANGE_IOPORT, 2, 0,
849         2, memmap[VIRT_PCIE_PIO].base, 2, memmap[VIRT_PCIE_PIO].size,
850         1, FDT_PCI_RANGE_MMIO,
851         2, memmap[VIRT_PCIE_MMIO].base,
852         2, memmap[VIRT_PCIE_MMIO].base, 2, memmap[VIRT_PCIE_MMIO].size,
853         1, FDT_PCI_RANGE_MMIO_64BIT,
854         2, virt_high_pcie_memmap.base,
855         2, virt_high_pcie_memmap.base, 2, virt_high_pcie_memmap.size);
856 
857     create_pcie_irq_map(s, ms->fdt, name, irq_pcie_phandle);
858 }
859 
860 static void create_fdt_reset(RISCVVirtState *s, const MemMapEntry *memmap,
861                              uint32_t *phandle)
862 {
863     char *name;
864     uint32_t test_phandle;
865     MachineState *ms = MACHINE(s);
866 
867     test_phandle = (*phandle)++;
868     name = g_strdup_printf("/soc/test@%lx",
869         (long)memmap[VIRT_TEST].base);
870     qemu_fdt_add_subnode(ms->fdt, name);
871     {
872         static const char * const compat[3] = {
873             "sifive,test1", "sifive,test0", "syscon"
874         };
875         qemu_fdt_setprop_string_array(ms->fdt, name, "compatible",
876                                       (char **)&compat, ARRAY_SIZE(compat));
877     }
878     qemu_fdt_setprop_cells(ms->fdt, name, "reg",
879         0x0, memmap[VIRT_TEST].base, 0x0, memmap[VIRT_TEST].size);
880     qemu_fdt_setprop_cell(ms->fdt, name, "phandle", test_phandle);
881     test_phandle = qemu_fdt_get_phandle(ms->fdt, name);
882     g_free(name);
883 
884     name = g_strdup_printf("/reboot");
885     qemu_fdt_add_subnode(ms->fdt, name);
886     qemu_fdt_setprop_string(ms->fdt, name, "compatible", "syscon-reboot");
887     qemu_fdt_setprop_cell(ms->fdt, name, "regmap", test_phandle);
888     qemu_fdt_setprop_cell(ms->fdt, name, "offset", 0x0);
889     qemu_fdt_setprop_cell(ms->fdt, name, "value", FINISHER_RESET);
890     g_free(name);
891 
892     name = g_strdup_printf("/poweroff");
893     qemu_fdt_add_subnode(ms->fdt, name);
894     qemu_fdt_setprop_string(ms->fdt, name, "compatible", "syscon-poweroff");
895     qemu_fdt_setprop_cell(ms->fdt, name, "regmap", test_phandle);
896     qemu_fdt_setprop_cell(ms->fdt, name, "offset", 0x0);
897     qemu_fdt_setprop_cell(ms->fdt, name, "value", FINISHER_PASS);
898     g_free(name);
899 }
900 
901 static void create_fdt_uart(RISCVVirtState *s, const MemMapEntry *memmap,
902                             uint32_t irq_mmio_phandle)
903 {
904     g_autofree char *name = NULL;
905     MachineState *ms = MACHINE(s);
906 
907     name = g_strdup_printf("/soc/serial@%lx", (long)memmap[VIRT_UART0].base);
908     qemu_fdt_add_subnode(ms->fdt, name);
909     qemu_fdt_setprop_string(ms->fdt, name, "compatible", "ns16550a");
910     qemu_fdt_setprop_cells(ms->fdt, name, "reg",
911         0x0, memmap[VIRT_UART0].base,
912         0x0, memmap[VIRT_UART0].size);
913     qemu_fdt_setprop_cell(ms->fdt, name, "clock-frequency", 3686400);
914     qemu_fdt_setprop_cell(ms->fdt, name, "interrupt-parent", irq_mmio_phandle);
915     if (s->aia_type == VIRT_AIA_TYPE_NONE) {
916         qemu_fdt_setprop_cell(ms->fdt, name, "interrupts", UART0_IRQ);
917     } else {
918         qemu_fdt_setprop_cells(ms->fdt, name, "interrupts", UART0_IRQ, 0x4);
919     }
920 
921     qemu_fdt_setprop_string(ms->fdt, "/chosen", "stdout-path", name);
922 }
923 
924 static void create_fdt_rtc(RISCVVirtState *s, const MemMapEntry *memmap,
925                            uint32_t irq_mmio_phandle)
926 {
927     g_autofree char *name = NULL;
928     MachineState *ms = MACHINE(s);
929 
930     name = g_strdup_printf("/soc/rtc@%lx", (long)memmap[VIRT_RTC].base);
931     qemu_fdt_add_subnode(ms->fdt, name);
932     qemu_fdt_setprop_string(ms->fdt, name, "compatible",
933         "google,goldfish-rtc");
934     qemu_fdt_setprop_cells(ms->fdt, name, "reg",
935         0x0, memmap[VIRT_RTC].base, 0x0, memmap[VIRT_RTC].size);
936     qemu_fdt_setprop_cell(ms->fdt, name, "interrupt-parent",
937         irq_mmio_phandle);
938     if (s->aia_type == VIRT_AIA_TYPE_NONE) {
939         qemu_fdt_setprop_cell(ms->fdt, name, "interrupts", RTC_IRQ);
940     } else {
941         qemu_fdt_setprop_cells(ms->fdt, name, "interrupts", RTC_IRQ, 0x4);
942     }
943 }
944 
945 static void create_fdt_flash(RISCVVirtState *s, const MemMapEntry *memmap)
946 {
947     MachineState *ms = MACHINE(s);
948     hwaddr flashsize = virt_memmap[VIRT_FLASH].size / 2;
949     hwaddr flashbase = virt_memmap[VIRT_FLASH].base;
950     g_autofree char *name = g_strdup_printf("/flash@%" PRIx64, flashbase);
951 
952     qemu_fdt_add_subnode(ms->fdt, name);
953     qemu_fdt_setprop_string(ms->fdt, name, "compatible", "cfi-flash");
954     qemu_fdt_setprop_sized_cells(ms->fdt, name, "reg",
955                                  2, flashbase, 2, flashsize,
956                                  2, flashbase + flashsize, 2, flashsize);
957     qemu_fdt_setprop_cell(ms->fdt, name, "bank-width", 4);
958 }
959 
960 static void create_fdt_fw_cfg(RISCVVirtState *s, const MemMapEntry *memmap)
961 {
962     MachineState *ms = MACHINE(s);
963     hwaddr base = memmap[VIRT_FW_CFG].base;
964     hwaddr size = memmap[VIRT_FW_CFG].size;
965     g_autofree char *nodename = g_strdup_printf("/fw-cfg@%" PRIx64, base);
966 
967     qemu_fdt_add_subnode(ms->fdt, nodename);
968     qemu_fdt_setprop_string(ms->fdt, nodename,
969                             "compatible", "qemu,fw-cfg-mmio");
970     qemu_fdt_setprop_sized_cells(ms->fdt, nodename, "reg",
971                                  2, base, 2, size);
972     qemu_fdt_setprop(ms->fdt, nodename, "dma-coherent", NULL, 0);
973 }
974 
975 static void finalize_fdt(RISCVVirtState *s)
976 {
977     uint32_t phandle = 1, irq_mmio_phandle = 1, msi_pcie_phandle = 1;
978     uint32_t irq_pcie_phandle = 1, irq_virtio_phandle = 1;
979 
980     create_fdt_sockets(s, virt_memmap, &phandle, &irq_mmio_phandle,
981                        &irq_pcie_phandle, &irq_virtio_phandle,
982                        &msi_pcie_phandle);
983 
984     create_fdt_virtio(s, virt_memmap, irq_virtio_phandle);
985 
986     create_fdt_pcie(s, virt_memmap, irq_pcie_phandle, msi_pcie_phandle);
987 
988     create_fdt_reset(s, virt_memmap, &phandle);
989 
990     create_fdt_uart(s, virt_memmap, irq_mmio_phandle);
991 
992     create_fdt_rtc(s, virt_memmap, irq_mmio_phandle);
993 }
994 
995 static void create_fdt(RISCVVirtState *s, const MemMapEntry *memmap)
996 {
997     MachineState *ms = MACHINE(s);
998     uint8_t rng_seed[32];
999 
1000     ms->fdt = create_device_tree(&s->fdt_size);
1001     if (!ms->fdt) {
1002         error_report("create_device_tree() failed");
1003         exit(1);
1004     }
1005 
1006     qemu_fdt_setprop_string(ms->fdt, "/", "model", "riscv-virtio,qemu");
1007     qemu_fdt_setprop_string(ms->fdt, "/", "compatible", "riscv-virtio");
1008     qemu_fdt_setprop_cell(ms->fdt, "/", "#size-cells", 0x2);
1009     qemu_fdt_setprop_cell(ms->fdt, "/", "#address-cells", 0x2);
1010 
1011     qemu_fdt_add_subnode(ms->fdt, "/soc");
1012     qemu_fdt_setprop(ms->fdt, "/soc", "ranges", NULL, 0);
1013     qemu_fdt_setprop_string(ms->fdt, "/soc", "compatible", "simple-bus");
1014     qemu_fdt_setprop_cell(ms->fdt, "/soc", "#size-cells", 0x2);
1015     qemu_fdt_setprop_cell(ms->fdt, "/soc", "#address-cells", 0x2);
1016 
1017     qemu_fdt_add_subnode(ms->fdt, "/chosen");
1018 
1019     /* Pass seed to RNG */
1020     qemu_guest_getrandom_nofail(rng_seed, sizeof(rng_seed));
1021     qemu_fdt_setprop(ms->fdt, "/chosen", "rng-seed",
1022                      rng_seed, sizeof(rng_seed));
1023 
1024     create_fdt_flash(s, memmap);
1025     create_fdt_fw_cfg(s, memmap);
1026     create_fdt_pmu(s);
1027 }
1028 
1029 static inline DeviceState *gpex_pcie_init(MemoryRegion *sys_mem,
1030                                           DeviceState *irqchip,
1031                                           RISCVVirtState *s)
1032 {
1033     DeviceState *dev;
1034     MemoryRegion *ecam_alias, *ecam_reg;
1035     MemoryRegion *mmio_alias, *high_mmio_alias, *mmio_reg;
1036     hwaddr ecam_base = s->memmap[VIRT_PCIE_ECAM].base;
1037     hwaddr ecam_size = s->memmap[VIRT_PCIE_ECAM].size;
1038     hwaddr mmio_base = s->memmap[VIRT_PCIE_MMIO].base;
1039     hwaddr mmio_size = s->memmap[VIRT_PCIE_MMIO].size;
1040     hwaddr high_mmio_base = virt_high_pcie_memmap.base;
1041     hwaddr high_mmio_size = virt_high_pcie_memmap.size;
1042     hwaddr pio_base = s->memmap[VIRT_PCIE_PIO].base;
1043     hwaddr pio_size = s->memmap[VIRT_PCIE_PIO].size;
1044     qemu_irq irq;
1045     int i;
1046 
1047     dev = qdev_new(TYPE_GPEX_HOST);
1048 
1049     /* Set GPEX object properties for the virt machine */
1050     object_property_set_uint(OBJECT(GPEX_HOST(dev)), PCI_HOST_ECAM_BASE,
1051                             ecam_base, NULL);
1052     object_property_set_int(OBJECT(GPEX_HOST(dev)), PCI_HOST_ECAM_SIZE,
1053                             ecam_size, NULL);
1054     object_property_set_uint(OBJECT(GPEX_HOST(dev)),
1055                              PCI_HOST_BELOW_4G_MMIO_BASE,
1056                              mmio_base, NULL);
1057     object_property_set_int(OBJECT(GPEX_HOST(dev)), PCI_HOST_BELOW_4G_MMIO_SIZE,
1058                             mmio_size, NULL);
1059     object_property_set_uint(OBJECT(GPEX_HOST(dev)),
1060                              PCI_HOST_ABOVE_4G_MMIO_BASE,
1061                              high_mmio_base, NULL);
1062     object_property_set_int(OBJECT(GPEX_HOST(dev)), PCI_HOST_ABOVE_4G_MMIO_SIZE,
1063                             high_mmio_size, NULL);
1064     object_property_set_uint(OBJECT(GPEX_HOST(dev)), PCI_HOST_PIO_BASE,
1065                             pio_base, NULL);
1066     object_property_set_int(OBJECT(GPEX_HOST(dev)), PCI_HOST_PIO_SIZE,
1067                             pio_size, NULL);
1068 
1069     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
1070 
1071     ecam_alias = g_new0(MemoryRegion, 1);
1072     ecam_reg = sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 0);
1073     memory_region_init_alias(ecam_alias, OBJECT(dev), "pcie-ecam",
1074                              ecam_reg, 0, ecam_size);
1075     memory_region_add_subregion(get_system_memory(), ecam_base, ecam_alias);
1076 
1077     mmio_alias = g_new0(MemoryRegion, 1);
1078     mmio_reg = sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 1);
1079     memory_region_init_alias(mmio_alias, OBJECT(dev), "pcie-mmio",
1080                              mmio_reg, mmio_base, mmio_size);
1081     memory_region_add_subregion(get_system_memory(), mmio_base, mmio_alias);
1082 
1083     /* Map high MMIO space */
1084     high_mmio_alias = g_new0(MemoryRegion, 1);
1085     memory_region_init_alias(high_mmio_alias, OBJECT(dev), "pcie-mmio-high",
1086                              mmio_reg, high_mmio_base, high_mmio_size);
1087     memory_region_add_subregion(get_system_memory(), high_mmio_base,
1088                                 high_mmio_alias);
1089 
1090     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 2, pio_base);
1091 
1092     for (i = 0; i < GPEX_NUM_IRQS; i++) {
1093         irq = qdev_get_gpio_in(irqchip, PCIE_IRQ + i);
1094 
1095         sysbus_connect_irq(SYS_BUS_DEVICE(dev), i, irq);
1096         gpex_set_irq_num(GPEX_HOST(dev), i, PCIE_IRQ + i);
1097     }
1098 
1099     GPEX_HOST(dev)->gpex_cfg.bus = PCI_HOST_BRIDGE(GPEX_HOST(dev))->bus;
1100     return dev;
1101 }
1102 
1103 static FWCfgState *create_fw_cfg(const MachineState *ms)
1104 {
1105     hwaddr base = virt_memmap[VIRT_FW_CFG].base;
1106     FWCfgState *fw_cfg;
1107 
1108     fw_cfg = fw_cfg_init_mem_wide(base + 8, base, 8, base + 16,
1109                                   &address_space_memory);
1110     fw_cfg_add_i16(fw_cfg, FW_CFG_NB_CPUS, (uint16_t)ms->smp.cpus);
1111 
1112     return fw_cfg;
1113 }
1114 
1115 static DeviceState *virt_create_plic(const MemMapEntry *memmap, int socket,
1116                                      int base_hartid, int hart_count)
1117 {
1118     DeviceState *ret;
1119     g_autofree char *plic_hart_config = NULL;
1120 
1121     /* Per-socket PLIC hart topology configuration string */
1122     plic_hart_config = riscv_plic_hart_config_string(hart_count);
1123 
1124     /* Per-socket PLIC */
1125     ret = sifive_plic_create(
1126             memmap[VIRT_PLIC].base + socket * memmap[VIRT_PLIC].size,
1127             plic_hart_config, hart_count, base_hartid,
1128             VIRT_IRQCHIP_NUM_SOURCES,
1129             ((1U << VIRT_IRQCHIP_NUM_PRIO_BITS) - 1),
1130             VIRT_PLIC_PRIORITY_BASE,
1131             VIRT_PLIC_PENDING_BASE,
1132             VIRT_PLIC_ENABLE_BASE,
1133             VIRT_PLIC_ENABLE_STRIDE,
1134             VIRT_PLIC_CONTEXT_BASE,
1135             VIRT_PLIC_CONTEXT_STRIDE,
1136             memmap[VIRT_PLIC].size);
1137 
1138     return ret;
1139 }
1140 
1141 static DeviceState *virt_create_aia(RISCVVirtAIAType aia_type, int aia_guests,
1142                                     const MemMapEntry *memmap, int socket,
1143                                     int base_hartid, int hart_count)
1144 {
1145     int i;
1146     hwaddr addr;
1147     uint32_t guest_bits;
1148     DeviceState *aplic_s = NULL;
1149     DeviceState *aplic_m = NULL;
1150     bool msimode = aia_type == VIRT_AIA_TYPE_APLIC_IMSIC;
1151 
1152     if (msimode) {
1153         if (!kvm_enabled()) {
1154             /* Per-socket M-level IMSICs */
1155             addr = memmap[VIRT_IMSIC_M].base +
1156                    socket * VIRT_IMSIC_GROUP_MAX_SIZE;
1157             for (i = 0; i < hart_count; i++) {
1158                 riscv_imsic_create(addr + i * IMSIC_HART_SIZE(0),
1159                                    base_hartid + i, true, 1,
1160                                    VIRT_IRQCHIP_NUM_MSIS);
1161             }
1162         }
1163 
1164         /* Per-socket S-level IMSICs */
1165         guest_bits = imsic_num_bits(aia_guests + 1);
1166         addr = memmap[VIRT_IMSIC_S].base + socket * VIRT_IMSIC_GROUP_MAX_SIZE;
1167         for (i = 0; i < hart_count; i++) {
1168             riscv_imsic_create(addr + i * IMSIC_HART_SIZE(guest_bits),
1169                                base_hartid + i, false, 1 + aia_guests,
1170                                VIRT_IRQCHIP_NUM_MSIS);
1171         }
1172     }
1173 
1174     if (!kvm_enabled()) {
1175         /* Per-socket M-level APLIC */
1176         aplic_m = riscv_aplic_create(memmap[VIRT_APLIC_M].base +
1177                                      socket * memmap[VIRT_APLIC_M].size,
1178                                      memmap[VIRT_APLIC_M].size,
1179                                      (msimode) ? 0 : base_hartid,
1180                                      (msimode) ? 0 : hart_count,
1181                                      VIRT_IRQCHIP_NUM_SOURCES,
1182                                      VIRT_IRQCHIP_NUM_PRIO_BITS,
1183                                      msimode, true, NULL);
1184     }
1185 
1186     /* Per-socket S-level APLIC */
1187     aplic_s = riscv_aplic_create(memmap[VIRT_APLIC_S].base +
1188                                  socket * memmap[VIRT_APLIC_S].size,
1189                                  memmap[VIRT_APLIC_S].size,
1190                                  (msimode) ? 0 : base_hartid,
1191                                  (msimode) ? 0 : hart_count,
1192                                  VIRT_IRQCHIP_NUM_SOURCES,
1193                                  VIRT_IRQCHIP_NUM_PRIO_BITS,
1194                                  msimode, false, aplic_m);
1195 
1196     return kvm_enabled() ? aplic_s : aplic_m;
1197 }
1198 
1199 static void create_platform_bus(RISCVVirtState *s, DeviceState *irqchip)
1200 {
1201     DeviceState *dev;
1202     SysBusDevice *sysbus;
1203     const MemMapEntry *memmap = virt_memmap;
1204     int i;
1205     MemoryRegion *sysmem = get_system_memory();
1206 
1207     dev = qdev_new(TYPE_PLATFORM_BUS_DEVICE);
1208     dev->id = g_strdup(TYPE_PLATFORM_BUS_DEVICE);
1209     qdev_prop_set_uint32(dev, "num_irqs", VIRT_PLATFORM_BUS_NUM_IRQS);
1210     qdev_prop_set_uint32(dev, "mmio_size", memmap[VIRT_PLATFORM_BUS].size);
1211     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
1212     s->platform_bus_dev = dev;
1213 
1214     sysbus = SYS_BUS_DEVICE(dev);
1215     for (i = 0; i < VIRT_PLATFORM_BUS_NUM_IRQS; i++) {
1216         int irq = VIRT_PLATFORM_BUS_IRQ + i;
1217         sysbus_connect_irq(sysbus, i, qdev_get_gpio_in(irqchip, irq));
1218     }
1219 
1220     memory_region_add_subregion(sysmem,
1221                                 memmap[VIRT_PLATFORM_BUS].base,
1222                                 sysbus_mmio_get_region(sysbus, 0));
1223 }
1224 
1225 static void virt_build_smbios(RISCVVirtState *s)
1226 {
1227     MachineClass *mc = MACHINE_GET_CLASS(s);
1228     MachineState *ms = MACHINE(s);
1229     uint8_t *smbios_tables, *smbios_anchor;
1230     size_t smbios_tables_len, smbios_anchor_len;
1231     struct smbios_phys_mem_area mem_array;
1232     const char *product = "QEMU Virtual Machine";
1233 
1234     if (kvm_enabled()) {
1235         product = "KVM Virtual Machine";
1236     }
1237 
1238     smbios_set_defaults("QEMU", product, mc->name, false,
1239                         true, SMBIOS_ENTRY_POINT_TYPE_64);
1240 
1241     if (riscv_is_32bit(&s->soc[0])) {
1242         smbios_set_default_processor_family(0x200);
1243     } else {
1244         smbios_set_default_processor_family(0x201);
1245     }
1246 
1247     /* build the array of physical mem area from base_memmap */
1248     mem_array.address = s->memmap[VIRT_DRAM].base;
1249     mem_array.length = ms->ram_size;
1250 
1251     smbios_get_tables(ms, &mem_array, 1,
1252                       &smbios_tables, &smbios_tables_len,
1253                       &smbios_anchor, &smbios_anchor_len,
1254                       &error_fatal);
1255 
1256     if (smbios_anchor) {
1257         fw_cfg_add_file(s->fw_cfg, "etc/smbios/smbios-tables",
1258                         smbios_tables, smbios_tables_len);
1259         fw_cfg_add_file(s->fw_cfg, "etc/smbios/smbios-anchor",
1260                         smbios_anchor, smbios_anchor_len);
1261     }
1262 }
1263 
1264 static void virt_machine_done(Notifier *notifier, void *data)
1265 {
1266     RISCVVirtState *s = container_of(notifier, RISCVVirtState,
1267                                      machine_done);
1268     const MemMapEntry *memmap = virt_memmap;
1269     MachineState *machine = MACHINE(s);
1270     target_ulong start_addr = memmap[VIRT_DRAM].base;
1271     target_ulong firmware_end_addr, kernel_start_addr;
1272     const char *firmware_name = riscv_default_firmware_name(&s->soc[0]);
1273     uint64_t fdt_load_addr;
1274     uint64_t kernel_entry = 0;
1275     BlockBackend *pflash_blk0;
1276 
1277     /*
1278      * An user provided dtb must include everything, including
1279      * dynamic sysbus devices. Our FDT needs to be finalized.
1280      */
1281     if (machine->dtb == NULL) {
1282         finalize_fdt(s);
1283     }
1284 
1285     /*
1286      * Only direct boot kernel is currently supported for KVM VM,
1287      * so the "-bios" parameter is not supported when KVM is enabled.
1288      */
1289     if (kvm_enabled()) {
1290         if (machine->firmware) {
1291             if (strcmp(machine->firmware, "none")) {
1292                 error_report("Machine mode firmware is not supported in "
1293                              "combination with KVM.");
1294                 exit(1);
1295             }
1296         } else {
1297             machine->firmware = g_strdup("none");
1298         }
1299     }
1300 
1301     firmware_end_addr = riscv_find_and_load_firmware(machine, firmware_name,
1302                                                      start_addr, NULL);
1303 
1304     pflash_blk0 = pflash_cfi01_get_blk(s->flash[0]);
1305     if (pflash_blk0) {
1306         if (machine->firmware && !strcmp(machine->firmware, "none") &&
1307             !kvm_enabled()) {
1308             /*
1309              * Pflash was supplied but bios is none and not KVM guest,
1310              * let's overwrite the address we jump to after reset to
1311              * the base of the flash.
1312              */
1313             start_addr = virt_memmap[VIRT_FLASH].base;
1314         } else {
1315             /*
1316              * Pflash was supplied but either KVM guest or bios is not none.
1317              * In this case, base of the flash would contain S-mode payload.
1318              */
1319             riscv_setup_firmware_boot(machine);
1320             kernel_entry = virt_memmap[VIRT_FLASH].base;
1321         }
1322     }
1323 
1324     if (machine->kernel_filename && !kernel_entry) {
1325         kernel_start_addr = riscv_calc_kernel_start_addr(&s->soc[0],
1326                                                          firmware_end_addr);
1327 
1328         kernel_entry = riscv_load_kernel(machine, &s->soc[0],
1329                                          kernel_start_addr, true, NULL);
1330     }
1331 
1332     fdt_load_addr = riscv_compute_fdt_addr(memmap[VIRT_DRAM].base,
1333                                            memmap[VIRT_DRAM].size,
1334                                            machine);
1335     riscv_load_fdt(fdt_load_addr, machine->fdt);
1336 
1337     /* load the reset vector */
1338     riscv_setup_rom_reset_vec(machine, &s->soc[0], start_addr,
1339                               virt_memmap[VIRT_MROM].base,
1340                               virt_memmap[VIRT_MROM].size, kernel_entry,
1341                               fdt_load_addr);
1342 
1343     /*
1344      * Only direct boot kernel is currently supported for KVM VM,
1345      * So here setup kernel start address and fdt address.
1346      * TODO:Support firmware loading and integrate to TCG start
1347      */
1348     if (kvm_enabled()) {
1349         riscv_setup_direct_kernel(kernel_entry, fdt_load_addr);
1350     }
1351 
1352     virt_build_smbios(s);
1353 
1354     if (virt_is_acpi_enabled(s)) {
1355         virt_acpi_setup(s);
1356     }
1357 }
1358 
1359 static void virt_machine_init(MachineState *machine)
1360 {
1361     const MemMapEntry *memmap = virt_memmap;
1362     RISCVVirtState *s = RISCV_VIRT_MACHINE(machine);
1363     MemoryRegion *system_memory = get_system_memory();
1364     MemoryRegion *mask_rom = g_new(MemoryRegion, 1);
1365     DeviceState *mmio_irqchip, *virtio_irqchip, *pcie_irqchip;
1366     int i, base_hartid, hart_count;
1367     int socket_count = riscv_socket_count(machine);
1368 
1369     /* Check socket count limit */
1370     if (VIRT_SOCKETS_MAX < socket_count) {
1371         error_report("number of sockets/nodes should be less than %d",
1372             VIRT_SOCKETS_MAX);
1373         exit(1);
1374     }
1375 
1376     if (!tcg_enabled() && s->have_aclint) {
1377         error_report("'aclint' is only available with TCG acceleration");
1378         exit(1);
1379     }
1380 
1381     /* Initialize sockets */
1382     mmio_irqchip = virtio_irqchip = pcie_irqchip = NULL;
1383     for (i = 0; i < socket_count; i++) {
1384         g_autofree char *soc_name = g_strdup_printf("soc%d", i);
1385 
1386         if (!riscv_socket_check_hartids(machine, i)) {
1387             error_report("discontinuous hartids in socket%d", i);
1388             exit(1);
1389         }
1390 
1391         base_hartid = riscv_socket_first_hartid(machine, i);
1392         if (base_hartid < 0) {
1393             error_report("can't find hartid base for socket%d", i);
1394             exit(1);
1395         }
1396 
1397         hart_count = riscv_socket_hart_count(machine, i);
1398         if (hart_count < 0) {
1399             error_report("can't find hart count for socket%d", i);
1400             exit(1);
1401         }
1402 
1403         object_initialize_child(OBJECT(machine), soc_name, &s->soc[i],
1404                                 TYPE_RISCV_HART_ARRAY);
1405         object_property_set_str(OBJECT(&s->soc[i]), "cpu-type",
1406                                 machine->cpu_type, &error_abort);
1407         object_property_set_int(OBJECT(&s->soc[i]), "hartid-base",
1408                                 base_hartid, &error_abort);
1409         object_property_set_int(OBJECT(&s->soc[i]), "num-harts",
1410                                 hart_count, &error_abort);
1411         sysbus_realize(SYS_BUS_DEVICE(&s->soc[i]), &error_fatal);
1412 
1413         if (tcg_enabled()) {
1414             if (s->have_aclint) {
1415                 if (s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC) {
1416                     /* Per-socket ACLINT MTIMER */
1417                     riscv_aclint_mtimer_create(memmap[VIRT_CLINT].base +
1418                             i * RISCV_ACLINT_DEFAULT_MTIMER_SIZE,
1419                         RISCV_ACLINT_DEFAULT_MTIMER_SIZE,
1420                         base_hartid, hart_count,
1421                         RISCV_ACLINT_DEFAULT_MTIMECMP,
1422                         RISCV_ACLINT_DEFAULT_MTIME,
1423                         RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ, true);
1424                 } else {
1425                     /* Per-socket ACLINT MSWI, MTIMER, and SSWI */
1426                     riscv_aclint_swi_create(memmap[VIRT_CLINT].base +
1427                             i * memmap[VIRT_CLINT].size,
1428                         base_hartid, hart_count, false);
1429                     riscv_aclint_mtimer_create(memmap[VIRT_CLINT].base +
1430                             i * memmap[VIRT_CLINT].size +
1431                             RISCV_ACLINT_SWI_SIZE,
1432                         RISCV_ACLINT_DEFAULT_MTIMER_SIZE,
1433                         base_hartid, hart_count,
1434                         RISCV_ACLINT_DEFAULT_MTIMECMP,
1435                         RISCV_ACLINT_DEFAULT_MTIME,
1436                         RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ, true);
1437                     riscv_aclint_swi_create(memmap[VIRT_ACLINT_SSWI].base +
1438                             i * memmap[VIRT_ACLINT_SSWI].size,
1439                         base_hartid, hart_count, true);
1440                 }
1441             } else {
1442                 /* Per-socket SiFive CLINT */
1443                 riscv_aclint_swi_create(
1444                     memmap[VIRT_CLINT].base + i * memmap[VIRT_CLINT].size,
1445                     base_hartid, hart_count, false);
1446                 riscv_aclint_mtimer_create(memmap[VIRT_CLINT].base +
1447                         i * memmap[VIRT_CLINT].size + RISCV_ACLINT_SWI_SIZE,
1448                     RISCV_ACLINT_DEFAULT_MTIMER_SIZE, base_hartid, hart_count,
1449                     RISCV_ACLINT_DEFAULT_MTIMECMP, RISCV_ACLINT_DEFAULT_MTIME,
1450                     RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ, true);
1451             }
1452         }
1453 
1454         /* Per-socket interrupt controller */
1455         if (s->aia_type == VIRT_AIA_TYPE_NONE) {
1456             s->irqchip[i] = virt_create_plic(memmap, i,
1457                                              base_hartid, hart_count);
1458         } else {
1459             s->irqchip[i] = virt_create_aia(s->aia_type, s->aia_guests,
1460                                             memmap, i, base_hartid,
1461                                             hart_count);
1462         }
1463 
1464         /* Try to use different IRQCHIP instance based device type */
1465         if (i == 0) {
1466             mmio_irqchip = s->irqchip[i];
1467             virtio_irqchip = s->irqchip[i];
1468             pcie_irqchip = s->irqchip[i];
1469         }
1470         if (i == 1) {
1471             virtio_irqchip = s->irqchip[i];
1472             pcie_irqchip = s->irqchip[i];
1473         }
1474         if (i == 2) {
1475             pcie_irqchip = s->irqchip[i];
1476         }
1477     }
1478 
1479     if (kvm_enabled() && virt_use_kvm_aia(s)) {
1480         kvm_riscv_aia_create(machine, IMSIC_MMIO_GROUP_MIN_SHIFT,
1481                              VIRT_IRQCHIP_NUM_SOURCES, VIRT_IRQCHIP_NUM_MSIS,
1482                              memmap[VIRT_APLIC_S].base,
1483                              memmap[VIRT_IMSIC_S].base,
1484                              s->aia_guests);
1485     }
1486 
1487     if (riscv_is_32bit(&s->soc[0])) {
1488 #if HOST_LONG_BITS == 64
1489         /* limit RAM size in a 32-bit system */
1490         if (machine->ram_size > 10 * GiB) {
1491             machine->ram_size = 10 * GiB;
1492             error_report("Limiting RAM size to 10 GiB");
1493         }
1494 #endif
1495         virt_high_pcie_memmap.base = VIRT32_HIGH_PCIE_MMIO_BASE;
1496         virt_high_pcie_memmap.size = VIRT32_HIGH_PCIE_MMIO_SIZE;
1497     } else {
1498         virt_high_pcie_memmap.size = VIRT64_HIGH_PCIE_MMIO_SIZE;
1499         virt_high_pcie_memmap.base = memmap[VIRT_DRAM].base + machine->ram_size;
1500         virt_high_pcie_memmap.base =
1501             ROUND_UP(virt_high_pcie_memmap.base, virt_high_pcie_memmap.size);
1502     }
1503 
1504     s->memmap = virt_memmap;
1505 
1506     /* register system main memory (actual RAM) */
1507     memory_region_add_subregion(system_memory, memmap[VIRT_DRAM].base,
1508         machine->ram);
1509 
1510     /* boot rom */
1511     memory_region_init_rom(mask_rom, NULL, "riscv_virt_board.mrom",
1512                            memmap[VIRT_MROM].size, &error_fatal);
1513     memory_region_add_subregion(system_memory, memmap[VIRT_MROM].base,
1514                                 mask_rom);
1515 
1516     /*
1517      * Init fw_cfg. Must be done before riscv_load_fdt, otherwise the
1518      * device tree cannot be altered and we get FDT_ERR_NOSPACE.
1519      */
1520     s->fw_cfg = create_fw_cfg(machine);
1521     rom_set_fw(s->fw_cfg);
1522 
1523     /* SiFive Test MMIO device */
1524     sifive_test_create(memmap[VIRT_TEST].base);
1525 
1526     /* VirtIO MMIO devices */
1527     for (i = 0; i < VIRTIO_COUNT; i++) {
1528         sysbus_create_simple("virtio-mmio",
1529             memmap[VIRT_VIRTIO].base + i * memmap[VIRT_VIRTIO].size,
1530             qdev_get_gpio_in(virtio_irqchip, VIRTIO_IRQ + i));
1531     }
1532 
1533     gpex_pcie_init(system_memory, pcie_irqchip, s);
1534 
1535     create_platform_bus(s, mmio_irqchip);
1536 
1537     serial_mm_init(system_memory, memmap[VIRT_UART0].base,
1538         0, qdev_get_gpio_in(mmio_irqchip, UART0_IRQ), 399193,
1539         serial_hd(0), DEVICE_LITTLE_ENDIAN);
1540 
1541     sysbus_create_simple("goldfish_rtc", memmap[VIRT_RTC].base,
1542         qdev_get_gpio_in(mmio_irqchip, RTC_IRQ));
1543 
1544     for (i = 0; i < ARRAY_SIZE(s->flash); i++) {
1545         /* Map legacy -drive if=pflash to machine properties */
1546         pflash_cfi01_legacy_drive(s->flash[i],
1547                                   drive_get(IF_PFLASH, 0, i));
1548     }
1549     virt_flash_map(s, system_memory);
1550 
1551     /* load/create device tree */
1552     if (machine->dtb) {
1553         machine->fdt = load_device_tree(machine->dtb, &s->fdt_size);
1554         if (!machine->fdt) {
1555             error_report("load_device_tree() failed");
1556             exit(1);
1557         }
1558     } else {
1559         create_fdt(s, memmap);
1560     }
1561 
1562     s->machine_done.notify = virt_machine_done;
1563     qemu_add_machine_init_done_notifier(&s->machine_done);
1564 }
1565 
1566 static void virt_machine_instance_init(Object *obj)
1567 {
1568     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1569 
1570     virt_flash_create(s);
1571 
1572     s->oem_id = g_strndup(ACPI_BUILD_APPNAME6, 6);
1573     s->oem_table_id = g_strndup(ACPI_BUILD_APPNAME8, 8);
1574     s->acpi = ON_OFF_AUTO_AUTO;
1575 }
1576 
1577 static char *virt_get_aia_guests(Object *obj, Error **errp)
1578 {
1579     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1580     char val[32];
1581 
1582     sprintf(val, "%d", s->aia_guests);
1583     return g_strdup(val);
1584 }
1585 
1586 static void virt_set_aia_guests(Object *obj, const char *val, Error **errp)
1587 {
1588     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1589 
1590     s->aia_guests = atoi(val);
1591     if (s->aia_guests < 0 || s->aia_guests > VIRT_IRQCHIP_MAX_GUESTS) {
1592         error_setg(errp, "Invalid number of AIA IMSIC guests");
1593         error_append_hint(errp, "Valid values be between 0 and %d.\n",
1594                           VIRT_IRQCHIP_MAX_GUESTS);
1595     }
1596 }
1597 
1598 static char *virt_get_aia(Object *obj, Error **errp)
1599 {
1600     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1601     const char *val;
1602 
1603     switch (s->aia_type) {
1604     case VIRT_AIA_TYPE_APLIC:
1605         val = "aplic";
1606         break;
1607     case VIRT_AIA_TYPE_APLIC_IMSIC:
1608         val = "aplic-imsic";
1609         break;
1610     default:
1611         val = "none";
1612         break;
1613     };
1614 
1615     return g_strdup(val);
1616 }
1617 
1618 static void virt_set_aia(Object *obj, const char *val, Error **errp)
1619 {
1620     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1621 
1622     if (!strcmp(val, "none")) {
1623         s->aia_type = VIRT_AIA_TYPE_NONE;
1624     } else if (!strcmp(val, "aplic")) {
1625         s->aia_type = VIRT_AIA_TYPE_APLIC;
1626     } else if (!strcmp(val, "aplic-imsic")) {
1627         s->aia_type = VIRT_AIA_TYPE_APLIC_IMSIC;
1628     } else {
1629         error_setg(errp, "Invalid AIA interrupt controller type");
1630         error_append_hint(errp, "Valid values are none, aplic, and "
1631                           "aplic-imsic.\n");
1632     }
1633 }
1634 
1635 static bool virt_get_aclint(Object *obj, Error **errp)
1636 {
1637     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1638 
1639     return s->have_aclint;
1640 }
1641 
1642 static void virt_set_aclint(Object *obj, bool value, Error **errp)
1643 {
1644     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1645 
1646     s->have_aclint = value;
1647 }
1648 
1649 bool virt_is_acpi_enabled(RISCVVirtState *s)
1650 {
1651     return s->acpi != ON_OFF_AUTO_OFF;
1652 }
1653 
1654 static void virt_get_acpi(Object *obj, Visitor *v, const char *name,
1655                           void *opaque, Error **errp)
1656 {
1657     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1658     OnOffAuto acpi = s->acpi;
1659 
1660     visit_type_OnOffAuto(v, name, &acpi, errp);
1661 }
1662 
1663 static void virt_set_acpi(Object *obj, Visitor *v, const char *name,
1664                           void *opaque, Error **errp)
1665 {
1666     RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
1667 
1668     visit_type_OnOffAuto(v, name, &s->acpi, errp);
1669 }
1670 
1671 static HotplugHandler *virt_machine_get_hotplug_handler(MachineState *machine,
1672                                                         DeviceState *dev)
1673 {
1674     MachineClass *mc = MACHINE_GET_CLASS(machine);
1675 
1676     if (device_is_dynamic_sysbus(mc, dev)) {
1677         return HOTPLUG_HANDLER(machine);
1678     }
1679     return NULL;
1680 }
1681 
1682 static void virt_machine_device_plug_cb(HotplugHandler *hotplug_dev,
1683                                         DeviceState *dev, Error **errp)
1684 {
1685     RISCVVirtState *s = RISCV_VIRT_MACHINE(hotplug_dev);
1686 
1687     if (s->platform_bus_dev) {
1688         MachineClass *mc = MACHINE_GET_CLASS(s);
1689 
1690         if (device_is_dynamic_sysbus(mc, dev)) {
1691             platform_bus_link_device(PLATFORM_BUS_DEVICE(s->platform_bus_dev),
1692                                      SYS_BUS_DEVICE(dev));
1693         }
1694     }
1695 }
1696 
1697 static void virt_machine_class_init(ObjectClass *oc, void *data)
1698 {
1699     char str[128];
1700     MachineClass *mc = MACHINE_CLASS(oc);
1701     HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(oc);
1702 
1703     mc->desc = "RISC-V VirtIO board";
1704     mc->init = virt_machine_init;
1705     mc->max_cpus = VIRT_CPUS_MAX;
1706     mc->default_cpu_type = TYPE_RISCV_CPU_BASE;
1707     mc->pci_allow_0_address = true;
1708     mc->possible_cpu_arch_ids = riscv_numa_possible_cpu_arch_ids;
1709     mc->cpu_index_to_instance_props = riscv_numa_cpu_index_to_props;
1710     mc->get_default_cpu_node_id = riscv_numa_get_default_cpu_node_id;
1711     mc->numa_mem_supported = true;
1712     /* platform instead of architectural choice */
1713     mc->cpu_cluster_has_numa_boundary = true;
1714     mc->default_ram_id = "riscv_virt_board.ram";
1715     assert(!mc->get_hotplug_handler);
1716     mc->get_hotplug_handler = virt_machine_get_hotplug_handler;
1717 
1718     hc->plug = virt_machine_device_plug_cb;
1719 
1720     machine_class_allow_dynamic_sysbus_dev(mc, TYPE_RAMFB_DEVICE);
1721 #ifdef CONFIG_TPM
1722     machine_class_allow_dynamic_sysbus_dev(mc, TYPE_TPM_TIS_SYSBUS);
1723 #endif
1724 
1725 
1726     object_class_property_add_bool(oc, "aclint", virt_get_aclint,
1727                                    virt_set_aclint);
1728     object_class_property_set_description(oc, "aclint",
1729                                           "(TCG only) Set on/off to "
1730                                           "enable/disable emulating "
1731                                           "ACLINT devices");
1732 
1733     object_class_property_add_str(oc, "aia", virt_get_aia,
1734                                   virt_set_aia);
1735     object_class_property_set_description(oc, "aia",
1736                                           "Set type of AIA interrupt "
1737                                           "controller. Valid values are "
1738                                           "none, aplic, and aplic-imsic.");
1739 
1740     object_class_property_add_str(oc, "aia-guests",
1741                                   virt_get_aia_guests,
1742                                   virt_set_aia_guests);
1743     sprintf(str, "Set number of guest MMIO pages for AIA IMSIC. Valid value "
1744                  "should be between 0 and %d.", VIRT_IRQCHIP_MAX_GUESTS);
1745     object_class_property_set_description(oc, "aia-guests", str);
1746     object_class_property_add(oc, "acpi", "OnOffAuto",
1747                               virt_get_acpi, virt_set_acpi,
1748                               NULL, NULL);
1749     object_class_property_set_description(oc, "acpi",
1750                                           "Enable ACPI");
1751 }
1752 
1753 static const TypeInfo virt_machine_typeinfo = {
1754     .name       = MACHINE_TYPE_NAME("virt"),
1755     .parent     = TYPE_MACHINE,
1756     .class_init = virt_machine_class_init,
1757     .instance_init = virt_machine_instance_init,
1758     .instance_size = sizeof(RISCVVirtState),
1759     .interfaces = (InterfaceInfo[]) {
1760          { TYPE_HOTPLUG_HANDLER },
1761          { }
1762     },
1763 };
1764 
1765 static void virt_machine_init_register_types(void)
1766 {
1767     type_register_static(&virt_machine_typeinfo);
1768 }
1769 
1770 type_init(virt_machine_init_register_types)
1771