[qemu.git] / hw / arm / virt.c

/*
 * ARM mach-virt emulation
 *
 * Copyright (c) 2013 Linaro Limited
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms and conditions of the GNU General Public License,
 * version 2 or later, as published by the Free Software Foundation.
 *
 * This program is distributed in the hope it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
 * more details.
 *
 * You should have received a copy of the GNU General Public License along with
 * this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 * Emulate a virtual board which works by passing Linux all the information
 * it needs about what devices are present via the device tree.
 * There are some restrictions about what we can do here:
 *  + we can only present devices whose Linux drivers will work based
 *    purely on the device tree with no platform data at all
 *  + we want to present a very stripped-down minimalist platform,
 *    both because this reduces the security attack surface from the guest
 *    and also because it reduces our exposure to being broken when
 *    the kernel updates its device tree bindings and requires further
 *    information in a device binding that we aren't providing.
 * This is essentially the same approach kvmtool uses.
 */

#include "hw/sysbus.h"
#include "hw/arm/arm.h"
#include "hw/arm/primecell.h"
#include "hw/devices.h"
#include "net/net.h"
#include "sysemu/device_tree.h"
#include "sysemu/sysemu.h"
#include "sysemu/kvm.h"
#include "hw/boards.h"
#include "exec/address-spaces.h"
#include "qemu/bitops.h"
#include "qemu/error-report.h"

#define NUM_VIRTIO_TRANSPORTS 32

/* Number of external interrupt lines to configure the GIC with */
#define NUM_IRQS 128

#define GIC_FDT_IRQ_TYPE_SPI 0
#define GIC_FDT_IRQ_TYPE_PPI 1

#define GIC_FDT_IRQ_FLAGS_EDGE_LO_HI 1
#define GIC_FDT_IRQ_FLAGS_EDGE_HI_LO 2
#define GIC_FDT_IRQ_FLAGS_LEVEL_HI 4
#define GIC_FDT_IRQ_FLAGS_LEVEL_LO 8

#define GIC_FDT_IRQ_PPI_CPU_START 8
#define GIC_FDT_IRQ_PPI_CPU_WIDTH 8

enum {
    VIRT_FLASH,
    VIRT_MEM,
    VIRT_CPUPERIPHS,
    VIRT_GIC_DIST,
    VIRT_GIC_CPU,
    VIRT_UART,
    VIRT_MMIO,
    VIRT_RTC,
};

typedef struct MemMapEntry {
    hwaddr base;
    hwaddr size;
} MemMapEntry;

typedef struct VirtBoardInfo {
    struct arm_boot_info bootinfo;
    const char *cpu_model;
    const MemMapEntry *memmap;
    const int *irqmap;
    int smp_cpus;
    void *fdt;
    int fdt_size;
    uint32_t clock_phandle;
} VirtBoardInfo;

/* Addresses and sizes of our components.
 * 0..128MB is space for a flash device so we can run bootrom code such as UEFI.
 * 128MB..256MB is used for miscellaneous device I/O.
 * 256MB..1GB is reserved for possible future PCI support (ie where the
 * PCI memory window will go if we add a PCI host controller).
 * 1GB and up is RAM (which may happily spill over into the
 * high memory region beyond 4GB).
 * This represents a compromise between how much RAM can be given to
 * a 32 bit VM and leaving space for expansion and in particular for PCI.
 * Note that devices should generally be placed at multiples of 0x10000,
 * to accommodate guests using 64K pages.
 */
static const MemMapEntry a15memmap[] = {
    /* Space up to 0x8000000 is reserved for a boot ROM */
    [VIRT_FLASH] = { 0, 0x8000000 },
    [VIRT_CPUPERIPHS] = { 0x8000000, 0x20000 },
    /* GIC distributor and CPU interfaces sit inside the CPU peripheral space */
    [VIRT_GIC_DIST] = { 0x8000000, 0x10000 },
    [VIRT_GIC_CPU] = { 0x8010000, 0x10000 },
    [VIRT_UART] = { 0x9000000, 0x1000 },
    [VIRT_RTC] = { 0x90010000, 0x1000 },
    [VIRT_MMIO] = { 0xa000000, 0x200 },
    /* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that size */
    /* 0x10000000 .. 0x40000000 reserved for PCI */
    [VIRT_MEM] = { 0x40000000, 30ULL * 1024 * 1024 * 1024 },
};

static const int a15irqmap[] = {
    [VIRT_UART] = 1,
    [VIRT_RTC] = 2,
    [VIRT_MMIO] = 16, /* ...to 16 + NUM_VIRTIO_TRANSPORTS - 1 */
};

static VirtBoardInfo machines[] = {
    {
        .cpu_model = "cortex-a15",
        .memmap = a15memmap,
        .irqmap = a15irqmap,
    },
    {
        .cpu_model = "cortex-a57",
        .memmap = a15memmap,
        .irqmap = a15irqmap,
    },
    {
        .cpu_model = "host",
        .memmap = a15memmap,
        .irqmap = a15irqmap,
    },
};

static VirtBoardInfo *find_machine_info(const char *cpu)
{
    int i;

    for (i = 0; i < ARRAY_SIZE(machines); i++) {
        if (strcmp(cpu, machines[i].cpu_model) == 0) {
            return &machines[i];
        }
    }
    return NULL;
}

static void create_fdt(VirtBoardInfo *vbi)
{
    void *fdt = create_device_tree(&vbi->fdt_size);

    if (!fdt) {
        error_report("create_device_tree() failed");
        exit(1);
    }

    vbi->fdt = fdt;

    /* Header */
    qemu_fdt_setprop_string(fdt, "/", "compatible", "linux,dummy-virt");
    qemu_fdt_setprop_cell(fdt, "/", "#address-cells", 0x2);
    qemu_fdt_setprop_cell(fdt, "/", "#size-cells", 0x2);

    /*
     * /chosen and /memory nodes must exist for load_dtb
     * to fill in necessary properties later
     */
    qemu_fdt_add_subnode(fdt, "/chosen");
    qemu_fdt_add_subnode(fdt, "/memory");
    qemu_fdt_setprop_string(fdt, "/memory", "device_type", "memory");

    /* Clock node, for the benefit of the UART. The kernel device tree
     * binding documentation claims the PL011 node clock properties are
     * optional but in practice if you omit them the kernel refuses to
     * probe for the device.
     */
    vbi->clock_phandle = qemu_fdt_alloc_phandle(fdt);
    qemu_fdt_add_subnode(fdt, "/apb-pclk");
    qemu_fdt_setprop_string(fdt, "/apb-pclk", "compatible", "fixed-clock");
    qemu_fdt_setprop_cell(fdt, "/apb-pclk", "#clock-cells", 0x0);
    qemu_fdt_setprop_cell(fdt, "/apb-pclk", "clock-frequency", 24000000);
    qemu_fdt_setprop_string(fdt, "/apb-pclk", "clock-output-names",
                                "clk24mhz");
    qemu_fdt_setprop_cell(fdt, "/apb-pclk", "phandle", vbi->clock_phandle);

}

static void fdt_add_psci_node(const VirtBoardInfo *vbi)
{
    void *fdt = vbi->fdt;
    ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(0));

    /* No PSCI for TCG yet */
    if (kvm_enabled()) {
        qemu_fdt_add_subnode(fdt, "/psci");
        if (armcpu->psci_version == 2) {
            const char comp[] = "arm,psci-0.2\0arm,psci";
            qemu_fdt_setprop(fdt, "/psci", "compatible", comp, sizeof(comp));
        } else {
            qemu_fdt_setprop_string(fdt, "/psci", "compatible", "arm,psci");
        }

        qemu_fdt_setprop_string(fdt, "/psci", "method", "hvc");
        qemu_fdt_setprop_cell(fdt, "/psci", "cpu_suspend",
                                  PSCI_FN_CPU_SUSPEND);
        qemu_fdt_setprop_cell(fdt, "/psci", "cpu_off", PSCI_FN_CPU_OFF);
        qemu_fdt_setprop_cell(fdt, "/psci", "cpu_on", PSCI_FN_CPU_ON);
        qemu_fdt_setprop_cell(fdt, "/psci", "migrate", PSCI_FN_MIGRATE);
    }
}

static void fdt_add_timer_nodes(const VirtBoardInfo *vbi)
{
    /* Note that on A15 h/w these interrupts are level-triggered,
     * but for the GIC implementation provided by both QEMU and KVM
     * they are edge-triggered.
     */
    uint32_t irqflags = GIC_FDT_IRQ_FLAGS_EDGE_LO_HI;

    irqflags = deposit32(irqflags, GIC_FDT_IRQ_PPI_CPU_START,
                         GIC_FDT_IRQ_PPI_CPU_WIDTH, (1 << vbi->smp_cpus) - 1);

    qemu_fdt_add_subnode(vbi->fdt, "/timer");
    qemu_fdt_setprop_string(vbi->fdt, "/timer",
                                "compatible", "arm,armv7-timer");
    qemu_fdt_setprop_cells(vbi->fdt, "/timer", "interrupts",
                               GIC_FDT_IRQ_TYPE_PPI, 13, irqflags,
                               GIC_FDT_IRQ_TYPE_PPI, 14, irqflags,
                               GIC_FDT_IRQ_TYPE_PPI, 11, irqflags,
                               GIC_FDT_IRQ_TYPE_PPI, 10, irqflags);
}

static void fdt_add_cpu_nodes(const VirtBoardInfo *vbi)
{
    int cpu;

    qemu_fdt_add_subnode(vbi->fdt, "/cpus");
    qemu_fdt_setprop_cell(vbi->fdt, "/cpus", "#address-cells", 0x1);
    qemu_fdt_setprop_cell(vbi->fdt, "/cpus", "#size-cells", 0x0);

    for (cpu = vbi->smp_cpus - 1; cpu >= 0; cpu--) {
        char *nodename = g_strdup_printf("/cpus/cpu@%d", cpu);
        ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(cpu));

        qemu_fdt_add_subnode(vbi->fdt, nodename);
        qemu_fdt_setprop_string(vbi->fdt, nodename, "device_type", "cpu");
        qemu_fdt_setprop_string(vbi->fdt, nodename, "compatible",
                                    armcpu->dtb_compatible);

        if (vbi->smp_cpus > 1) {
            qemu_fdt_setprop_string(vbi->fdt, nodename,
                                        "enable-method", "psci");
        }

        qemu_fdt_setprop_cell(vbi->fdt, nodename, "reg", cpu);
        g_free(nodename);
    }
}

static void fdt_add_gic_node(const VirtBoardInfo *vbi)
{
    uint32_t gic_phandle;

    gic_phandle = qemu_fdt_alloc_phandle(vbi->fdt);
    qemu_fdt_setprop_cell(vbi->fdt, "/", "interrupt-parent", gic_phandle);

    qemu_fdt_add_subnode(vbi->fdt, "/intc");
    /* 'cortex-a15-gic' means 'GIC v2' */
    qemu_fdt_setprop_string(vbi->fdt, "/intc", "compatible",
                            "arm,cortex-a15-gic");
    qemu_fdt_setprop_cell(vbi->fdt, "/intc", "#interrupt-cells", 3);
    qemu_fdt_setprop(vbi->fdt, "/intc", "interrupt-controller", NULL, 0);
    qemu_fdt_setprop_sized_cells(vbi->fdt, "/intc", "reg",
                                     2, vbi->memmap[VIRT_GIC_DIST].base,
                                     2, vbi->memmap[VIRT_GIC_DIST].size,
                                     2, vbi->memmap[VIRT_GIC_CPU].base,
                                     2, vbi->memmap[VIRT_GIC_CPU].size);
    qemu_fdt_setprop_cell(vbi->fdt, "/intc", "phandle", gic_phandle);
}

static void create_gic(const VirtBoardInfo *vbi, qemu_irq *pic)
{
    /* We create a standalone GIC v2 */
    DeviceState *gicdev;
    SysBusDevice *gicbusdev;
    const char *gictype = "arm_gic";
    int i;

    if (kvm_irqchip_in_kernel()) {
        gictype = "kvm-arm-gic";
    }

    gicdev = qdev_create(NULL, gictype);
    qdev_prop_set_uint32(gicdev, "revision", 2);
    qdev_prop_set_uint32(gicdev, "num-cpu", smp_cpus);
    /* Note that the num-irq property counts both internal and external
     * interrupts; there are always 32 of the former (mandated by GIC spec).
     */
    qdev_prop_set_uint32(gicdev, "num-irq", NUM_IRQS + 32);
    qdev_init_nofail(gicdev);
    gicbusdev = SYS_BUS_DEVICE(gicdev);
    sysbus_mmio_map(gicbusdev, 0, vbi->memmap[VIRT_GIC_DIST].base);
    sysbus_mmio_map(gicbusdev, 1, vbi->memmap[VIRT_GIC_CPU].base);

    /* Wire the outputs from each CPU's generic timer to the
     * appropriate GIC PPI inputs, and the GIC's IRQ output to
     * the CPU's IRQ input.
     */
    for (i = 0; i < smp_cpus; i++) {
        DeviceState *cpudev = DEVICE(qemu_get_cpu(i));
        int ppibase = NUM_IRQS + i * 32;
        /* physical timer; we wire it up to the non-secure timer's ID,
         * since a real A15 always has TrustZone but QEMU doesn't.
         */
        qdev_connect_gpio_out(cpudev, 0,
                              qdev_get_gpio_in(gicdev, ppibase + 30));
        /* virtual timer */
        qdev_connect_gpio_out(cpudev, 1,
                              qdev_get_gpio_in(gicdev, ppibase + 27));

        sysbus_connect_irq(gicbusdev, i, qdev_get_gpio_in(cpudev, ARM_CPU_IRQ));
    }

    for (i = 0; i < NUM_IRQS; i++) {
        pic[i] = qdev_get_gpio_in(gicdev, i);
    }

    fdt_add_gic_node(vbi);
}

static void create_uart(const VirtBoardInfo *vbi, qemu_irq *pic)
{
    char *nodename;
    hwaddr base = vbi->memmap[VIRT_UART].base;
    hwaddr size = vbi->memmap[VIRT_UART].size;
    int irq = vbi->irqmap[VIRT_UART];
    const char compat[] = "arm,pl011\0arm,primecell";
    const char clocknames[] = "uartclk\0apb_pclk";

    sysbus_create_simple("pl011", base, pic[irq]);

    nodename = g_strdup_printf("/pl011@%" PRIx64, base);
    qemu_fdt_add_subnode(vbi->fdt, nodename);
    /* Note that we can't use setprop_string because of the embedded NUL */
    qemu_fdt_setprop(vbi->fdt, nodename, "compatible",
                         compat, sizeof(compat));
    qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg",
                                     2, base, 2, size);
    qemu_fdt_setprop_cells(vbi->fdt, nodename, "interrupts",
                               GIC_FDT_IRQ_TYPE_SPI, irq,
                               GIC_FDT_IRQ_FLAGS_EDGE_LO_HI);
    qemu_fdt_setprop_cells(vbi->fdt, nodename, "clocks",
                               vbi->clock_phandle, vbi->clock_phandle);
    qemu_fdt_setprop(vbi->fdt, nodename, "clock-names",
                         clocknames, sizeof(clocknames));
    g_free(nodename);
}

static void create_rtc(const VirtBoardInfo *vbi, qemu_irq *pic)
{
    char *nodename;
    hwaddr base = vbi->memmap[VIRT_RTC].base;
    hwaddr size = vbi->memmap[VIRT_RTC].size;
    int irq = vbi->irqmap[VIRT_RTC];
    const char compat[] = "arm,pl031\0arm,primecell";

    sysbus_create_simple("pl031", base, pic[irq]);

    nodename = g_strdup_printf("/pl031@%" PRIx64, base);
    qemu_fdt_add_subnode(vbi->fdt, nodename);
    qemu_fdt_setprop(vbi->fdt, nodename, "compatible", compat, sizeof(compat));
    qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg",
                                 2, base, 2, size);
    qemu_fdt_setprop_cells(vbi->fdt, nodename, "interrupts",
                           GIC_FDT_IRQ_TYPE_SPI, irq,
                           GIC_FDT_IRQ_FLAGS_EDGE_LO_HI);
    qemu_fdt_setprop_cell(vbi->fdt, nodename, "clocks", vbi->clock_phandle);
    qemu_fdt_setprop_string(vbi->fdt, nodename, "clock-names", "apb_pclk");
    g_free(nodename);
}

static void create_virtio_devices(const VirtBoardInfo *vbi, qemu_irq *pic)
{
    int i;
    hwaddr size = vbi->memmap[VIRT_MMIO].size;

    /* Note that we have to create the transports in forwards order
     * so that command line devices are inserted lowest address first,
     * and then add dtb nodes in reverse order so that they appear in
     * the finished device tree lowest address first.
     */
    for (i = 0; i < NUM_VIRTIO_TRANSPORTS; i++) {
        int irq = vbi->irqmap[VIRT_MMIO] + i;
        hwaddr base = vbi->memmap[VIRT_MMIO].base + i * size;

        sysbus_create_simple("virtio-mmio", base, pic[irq]);
    }

    for (i = NUM_VIRTIO_TRANSPORTS - 1; i >= 0; i--) {
        char *nodename;
        int irq = vbi->irqmap[VIRT_MMIO] + i;
        hwaddr base = vbi->memmap[VIRT_MMIO].base + i * size;

        nodename = g_strdup_printf("/virtio_mmio@%" PRIx64, base);
        qemu_fdt_add_subnode(vbi->fdt, nodename);
        qemu_fdt_setprop_string(vbi->fdt, nodename,
                                "compatible", "virtio,mmio");
        qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg",
                                     2, base, 2, size);
        qemu_fdt_setprop_cells(vbi->fdt, nodename, "interrupts",
                               GIC_FDT_IRQ_TYPE_SPI, irq,
                               GIC_FDT_IRQ_FLAGS_EDGE_LO_HI);
        g_free(nodename);
    }
}

static void *machvirt_dtb(const struct arm_boot_info *binfo, int *fdt_size)
{
    const VirtBoardInfo *board = (const VirtBoardInfo *)binfo;

    *fdt_size = board->fdt_size;
    return board->fdt;
}

static void machvirt_init(MachineState *machine)
{
    qemu_irq pic[NUM_IRQS];
    MemoryRegion *sysmem = get_system_memory();
    int n;
    MemoryRegion *ram = g_new(MemoryRegion, 1);
    const char *cpu_model = machine->cpu_model;
    VirtBoardInfo *vbi;

    if (!cpu_model) {
        cpu_model = "cortex-a15";
    }

    vbi = find_machine_info(cpu_model);

    if (!vbi) {
        error_report("mach-virt: CPU %s not supported", cpu_model);
        exit(1);
    }

    vbi->smp_cpus = smp_cpus;

    /*
     * Only supported method of starting secondary CPUs is PSCI and
     * PSCI is not yet supported with TCG, so limit smp_cpus to 1
     * if we're not using KVM.
     */
    if (!kvm_enabled() && smp_cpus > 1) {
        error_report("mach-virt: must enable KVM to use multiple CPUs");
        exit(1);
    }

    if (machine->ram_size > vbi->memmap[VIRT_MEM].size) {
        error_report("mach-virt: cannot model more than 30GB RAM");
        exit(1);
    }

    create_fdt(vbi);
    fdt_add_timer_nodes(vbi);

    for (n = 0; n < smp_cpus; n++) {
        ObjectClass *oc = cpu_class_by_name(TYPE_ARM_CPU, cpu_model);
        Object *cpuobj;

        if (!oc) {
            fprintf(stderr, "Unable to find CPU definition\n");
            exit(1);
        }
        cpuobj = object_new(object_class_get_name(oc));

        /* Secondary CPUs start in PSCI powered-down state */
        if (n > 0) {
            object_property_set_bool(cpuobj, true, "start-powered-off", NULL);
        }

        if (object_property_find(cpuobj, "reset-cbar", NULL)) {
            object_property_set_int(cpuobj, vbi->memmap[VIRT_CPUPERIPHS].base,
                                    "reset-cbar", &error_abort);
        }

        object_property_set_bool(cpuobj, true, "realized", NULL);
    }
    fdt_add_cpu_nodes(vbi);
    fdt_add_psci_node(vbi);

    memory_region_init_ram(ram, NULL, "mach-virt.ram", machine->ram_size);
    vmstate_register_ram_global(ram);
    memory_region_add_subregion(sysmem, vbi->memmap[VIRT_MEM].base, ram);

    create_gic(vbi, pic);

    create_uart(vbi, pic);

    create_rtc(vbi, pic);

    /* Create mmio transports, so the user can create virtio backends
     * (which will be automatically plugged in to the transports). If
     * no backend is created the transport will just sit harmlessly idle.
     */
    create_virtio_devices(vbi, pic);

    vbi->bootinfo.ram_size = machine->ram_size;
    vbi->bootinfo.kernel_filename = machine->kernel_filename;
    vbi->bootinfo.kernel_cmdline = machine->kernel_cmdline;
    vbi->bootinfo.initrd_filename = machine->initrd_filename;
    vbi->bootinfo.nb_cpus = smp_cpus;
    vbi->bootinfo.board_id = -1;
    vbi->bootinfo.loader_start = vbi->memmap[VIRT_MEM].base;
    vbi->bootinfo.get_dtb = machvirt_dtb;
    arm_load_kernel(ARM_CPU(first_cpu), &vbi->bootinfo);
}

static QEMUMachine machvirt_a15_machine = {
    .name = "virt",
    .desc = "ARM Virtual Machine",
    .init = machvirt_init,
    .max_cpus = 4,
};

static void machvirt_machine_init(void)
{
    qemu_register_machine(&machvirt_a15_machine);
}

machine_init(machvirt_machine_init);
Commit	Line	Data
f5fdcd6e PM	1	/*
	2	* ARM mach-virt emulation
	3	*
	4	* Copyright (c) 2013 Linaro Limited
	5	*
	6	* This program is free software; you can redistribute it and/or modify it
	7	* under the terms and conditions of the GNU General Public License,
	8	* version 2 or later, as published by the Free Software Foundation.
	9	*
	10	* This program is distributed in the hope it will be useful, but WITHOUT
	11	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	12	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
	13	* more details.
	14	*
	15	* You should have received a copy of the GNU General Public License along with
	16	* this program. If not, see <http://www.gnu.org/licenses/>.
	17	*
	18	* Emulate a virtual board which works by passing Linux all the information
	19	* it needs about what devices are present via the device tree.
	20	* There are some restrictions about what we can do here:
	21	* + we can only present devices whose Linux drivers will work based
	22	* purely on the device tree with no platform data at all
	23	* + we want to present a very stripped-down minimalist platform,
	24	* both because this reduces the security attack surface from the guest
	25	* and also because it reduces our exposure to being broken when
	26	* the kernel updates its device tree bindings and requires further
	27	* information in a device binding that we aren't providing.
	28	* This is essentially the same approach kvmtool uses.
	29	*/
	30
	31	#include "hw/sysbus.h"
	32	#include "hw/arm/arm.h"
	33	#include "hw/arm/primecell.h"
	34	#include "hw/devices.h"
	35	#include "net/net.h"
	36	#include "sysemu/device_tree.h"
	37	#include "sysemu/sysemu.h"
	38	#include "sysemu/kvm.h"
	39	#include "hw/boards.h"
	40	#include "exec/address-spaces.h"
	41	#include "qemu/bitops.h"
	42	#include "qemu/error-report.h"
	43
	44	#define NUM_VIRTIO_TRANSPORTS 32
	45
	46	/* Number of external interrupt lines to configure the GIC with */
	47	#define NUM_IRQS 128
	48
	49	#define GIC_FDT_IRQ_TYPE_SPI 0
	50	#define GIC_FDT_IRQ_TYPE_PPI 1
	51
	52	#define GIC_FDT_IRQ_FLAGS_EDGE_LO_HI 1
	53	#define GIC_FDT_IRQ_FLAGS_EDGE_HI_LO 2
	54	#define GIC_FDT_IRQ_FLAGS_LEVEL_HI 4
	55	#define GIC_FDT_IRQ_FLAGS_LEVEL_LO 8
	56
	57	#define GIC_FDT_IRQ_PPI_CPU_START 8
	58	#define GIC_FDT_IRQ_PPI_CPU_WIDTH 8
	59
	60	enum {
	61	VIRT_FLASH,
	62	VIRT_MEM,
	63	VIRT_CPUPERIPHS,
	64	VIRT_GIC_DIST,
65	VIRT_GIC_CPU,
66	VIRT_UART,
67	VIRT_MMIO,
6e411af9	68	VIRT_RTC,
f5fdcd6e PM	69	};
	70
	71	typedef struct MemMapEntry {
	72	hwaddr base;
	73	hwaddr size;
	74	} MemMapEntry;
	75
	76	typedef struct VirtBoardInfo {
	77	struct arm_boot_info bootinfo;
	78	const char *cpu_model;
f5fdcd6e PM	79	const MemMapEntry *memmap;
	80	const int *irqmap;
	81	int smp_cpus;
	82	void *fdt;
	83	int fdt_size;
	84	uint32_t clock_phandle;
	85	} VirtBoardInfo;
	86
	87	/* Addresses and sizes of our components.
	88	* 0..128MB is space for a flash device so we can run bootrom code such as UEFI.
	89	* 128MB..256MB is used for miscellaneous device I/O.
	90	* 256MB..1GB is reserved for possible future PCI support (ie where the
	91	* PCI memory window will go if we add a PCI host controller).
	92	* 1GB and up is RAM (which may happily spill over into the
	93	* high memory region beyond 4GB).
	94	* This represents a compromise between how much RAM can be given to
	95	* a 32 bit VM and leaving space for expansion and in particular for PCI.
6e411af9 PM	96	* Note that devices should generally be placed at multiples of 0x10000,
6e411af9 PM	97	* to accommodate guests using 64K pages.
f5fdcd6e PM	98	*/
	99	static const MemMapEntry a15memmap[] = {
	100	/* Space up to 0x8000000 is reserved for a boot ROM */
	101	[VIRT_FLASH] = { 0, 0x8000000 },
3078e848	102	[VIRT_CPUPERIPHS] = { 0x8000000, 0x20000 },
f5fdcd6e	103	/* GIC distributor and CPU interfaces sit inside the CPU peripheral space */
3078e848 PM	104	[VIRT_GIC_DIST] = { 0x8000000, 0x10000 },
3078e848 PM	105	[VIRT_GIC_CPU] = { 0x8010000, 0x10000 },
f5fdcd6e	106	[VIRT_UART] = { 0x9000000, 0x1000 },
6e411af9	107	[VIRT_RTC] = { 0x90010000, 0x1000 },
f5fdcd6e PM	108	[VIRT_MMIO] = { 0xa000000, 0x200 },
	109	/* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that size */
	110	/* 0x10000000 .. 0x40000000 reserved for PCI */
	111	[VIRT_MEM] = { 0x40000000, 30ULL * 1024 * 1024 * 1024 },
	112	};
	113
	114	static const int a15irqmap[] = {
	115	[VIRT_UART] = 1,
6e411af9	116	[VIRT_RTC] = 2,
f5fdcd6e PM	117	[VIRT_MMIO] = 16, /* ...to 16 + NUM_VIRTIO_TRANSPORTS - 1 */
	118	};
	119
	120	static VirtBoardInfo machines[] = {
	121	{
	122	.cpu_model = "cortex-a15",
f5fdcd6e PM	123	.memmap = a15memmap,
	124	.irqmap = a15irqmap,
	125	},
f42c5c8e PM	126	{
	127	.cpu_model = "cortex-a57",
	128	.memmap = a15memmap,
	129	.irqmap = a15irqmap,
	130	},
198aa064 PM	131	{
198aa064 PM	132	.cpu_model = "host",
198aa064 PM	133	.memmap = a15memmap,
	134	.irqmap = a15irqmap,
	135	},
f5fdcd6e PM	136	};
	137
	138	static VirtBoardInfo find_machine_info(const char cpu)
	139	{
	140	int i;
	141
	142	for (i = 0; i < ARRAY_SIZE(machines); i++) {
	143	if (strcmp(cpu, machines[i].cpu_model) == 0) {
	144	return &machines[i];
	145	}
	146	}
	147	return NULL;
	148	}
	149
	150	static void create_fdt(VirtBoardInfo *vbi)
	151	{
	152	void *fdt = create_device_tree(&vbi->fdt_size);
	153
	154	if (!fdt) {
	155	error_report("create_device_tree() failed");
	156	exit(1);
	157	}
	158
	159	vbi->fdt = fdt;
	160
	161	/* Header */
5a4348d1 PC	162	qemu_fdt_setprop_string(fdt, "/", "compatible", "linux,dummy-virt");
	163	qemu_fdt_setprop_cell(fdt, "/", "#address-cells", 0x2);
	164	qemu_fdt_setprop_cell(fdt, "/", "#size-cells", 0x2);
f5fdcd6e PM	165
	166	/*
	167	* /chosen and /memory nodes must exist for load_dtb
	168	* to fill in necessary properties later
	169	*/
5a4348d1 PC	170	qemu_fdt_add_subnode(fdt, "/chosen");
	171	qemu_fdt_add_subnode(fdt, "/memory");
	172	qemu_fdt_setprop_string(fdt, "/memory", "device_type", "memory");
f5fdcd6e PM	173
	174	/* Clock node, for the benefit of the UART. The kernel device tree
	175	* binding documentation claims the PL011 node clock properties are
	176	* optional but in practice if you omit them the kernel refuses to
	177	* probe for the device.
	178	*/
5a4348d1 PC	179	vbi->clock_phandle = qemu_fdt_alloc_phandle(fdt);
	180	qemu_fdt_add_subnode(fdt, "/apb-pclk");
	181	qemu_fdt_setprop_string(fdt, "/apb-pclk", "compatible", "fixed-clock");
	182	qemu_fdt_setprop_cell(fdt, "/apb-pclk", "#clock-cells", 0x0);
	183	qemu_fdt_setprop_cell(fdt, "/apb-pclk", "clock-frequency", 24000000);
	184	qemu_fdt_setprop_string(fdt, "/apb-pclk", "clock-output-names",
f5fdcd6e	185	"clk24mhz");
5a4348d1	186	qemu_fdt_setprop_cell(fdt, "/apb-pclk", "phandle", vbi->clock_phandle);
f5fdcd6e	187
06955739 PS	188	}
	189
	190	static void fdt_add_psci_node(const VirtBoardInfo *vbi)
	191	{
	192	void *fdt = vbi->fdt;
	193	ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(0));
	194
f5fdcd6e PM	195	/* No PSCI for TCG yet */
f5fdcd6e PM	196	if (kvm_enabled()) {
5a4348d1	197	qemu_fdt_add_subnode(fdt, "/psci");
06955739 PS	198	if (armcpu->psci_version == 2) {
	199	const char comp[] = "arm,psci-0.2\0arm,psci";
	200	qemu_fdt_setprop(fdt, "/psci", "compatible", comp, sizeof(comp));
	201	} else {
	202	qemu_fdt_setprop_string(fdt, "/psci", "compatible", "arm,psci");
	203	}
	204
5a4348d1 PC	205	qemu_fdt_setprop_string(fdt, "/psci", "method", "hvc");
5a4348d1 PC	206	qemu_fdt_setprop_cell(fdt, "/psci", "cpu_suspend",
f5fdcd6e	207	PSCI_FN_CPU_SUSPEND);
5a4348d1 PC	208	qemu_fdt_setprop_cell(fdt, "/psci", "cpu_off", PSCI_FN_CPU_OFF);
	209	qemu_fdt_setprop_cell(fdt, "/psci", "cpu_on", PSCI_FN_CPU_ON);
	210	qemu_fdt_setprop_cell(fdt, "/psci", "migrate", PSCI_FN_MIGRATE);
f5fdcd6e PM	211	}
	212	}
	213
	214	static void fdt_add_timer_nodes(const VirtBoardInfo *vbi)
	215	{
	216	/* Note that on A15 h/w these interrupts are level-triggered,
	217	* but for the GIC implementation provided by both QEMU and KVM
	218	* they are edge-triggered.
	219	*/
	220	uint32_t irqflags = GIC_FDT_IRQ_FLAGS_EDGE_LO_HI;
	221
	222	irqflags = deposit32(irqflags, GIC_FDT_IRQ_PPI_CPU_START,
	223	GIC_FDT_IRQ_PPI_CPU_WIDTH, (1 << vbi->smp_cpus) - 1);
	224
5a4348d1 PC	225	qemu_fdt_add_subnode(vbi->fdt, "/timer");
5a4348d1 PC	226	qemu_fdt_setprop_string(vbi->fdt, "/timer",
f5fdcd6e	227	"compatible", "arm,armv7-timer");
5a4348d1	228	qemu_fdt_setprop_cells(vbi->fdt, "/timer", "interrupts",
f5fdcd6e PM	229	GIC_FDT_IRQ_TYPE_PPI, 13, irqflags,
	230	GIC_FDT_IRQ_TYPE_PPI, 14, irqflags,
	231	GIC_FDT_IRQ_TYPE_PPI, 11, irqflags,
	232	GIC_FDT_IRQ_TYPE_PPI, 10, irqflags);
	233	}
	234
	235	static void fdt_add_cpu_nodes(const VirtBoardInfo *vbi)
	236	{
	237	int cpu;
	238
5a4348d1 PC	239	qemu_fdt_add_subnode(vbi->fdt, "/cpus");
	240	qemu_fdt_setprop_cell(vbi->fdt, "/cpus", "#address-cells", 0x1);
	241	qemu_fdt_setprop_cell(vbi->fdt, "/cpus", "#size-cells", 0x0);
f5fdcd6e PM	242
	243	for (cpu = vbi->smp_cpus - 1; cpu >= 0; cpu--) {
	244	char *nodename = g_strdup_printf("/cpus/cpu@%d", cpu);
	245	ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(cpu));
	246
5a4348d1 PC	247	qemu_fdt_add_subnode(vbi->fdt, nodename);
	248	qemu_fdt_setprop_string(vbi->fdt, nodename, "device_type", "cpu");
	249	qemu_fdt_setprop_string(vbi->fdt, nodename, "compatible",
f5fdcd6e PM	250	armcpu->dtb_compatible);
	251
	252	if (vbi->smp_cpus > 1) {
5a4348d1	253	qemu_fdt_setprop_string(vbi->fdt, nodename,
f5fdcd6e PM	254	"enable-method", "psci");
	255	}
	256
5a4348d1	257	qemu_fdt_setprop_cell(vbi->fdt, nodename, "reg", cpu);
f5fdcd6e PM	258	g_free(nodename);
	259	}
	260	}
	261
	262	static void fdt_add_gic_node(const VirtBoardInfo *vbi)
	263	{
	264	uint32_t gic_phandle;
	265
5a4348d1 PC	266	gic_phandle = qemu_fdt_alloc_phandle(vbi->fdt);
5a4348d1 PC	267	qemu_fdt_setprop_cell(vbi->fdt, "/", "interrupt-parent", gic_phandle);
f5fdcd6e	268
5a4348d1	269	qemu_fdt_add_subnode(vbi->fdt, "/intc");
64204743	270	/* 'cortex-a15-gic' means 'GIC v2' */
5a4348d1	271	qemu_fdt_setprop_string(vbi->fdt, "/intc", "compatible",
64204743	272	"arm,cortex-a15-gic");
5a4348d1 PC	273	qemu_fdt_setprop_cell(vbi->fdt, "/intc", "#interrupt-cells", 3);
	274	qemu_fdt_setprop(vbi->fdt, "/intc", "interrupt-controller", NULL, 0);
	275	qemu_fdt_setprop_sized_cells(vbi->fdt, "/intc", "reg",
f5fdcd6e PM	276	2, vbi->memmap[VIRT_GIC_DIST].base,
	277	2, vbi->memmap[VIRT_GIC_DIST].size,
	278	2, vbi->memmap[VIRT_GIC_CPU].base,
	279	2, vbi->memmap[VIRT_GIC_CPU].size);
5a4348d1	280	qemu_fdt_setprop_cell(vbi->fdt, "/intc", "phandle", gic_phandle);
f5fdcd6e PM	281	}
f5fdcd6e PM	282
64204743 PM	283	static void create_gic(const VirtBoardInfo vbi, qemu_irq pic)
	284	{
	285	/* We create a standalone GIC v2 */
	286	DeviceState *gicdev;
	287	SysBusDevice *gicbusdev;
	288	const char *gictype = "arm_gic";
	289	int i;
	290
	291	if (kvm_irqchip_in_kernel()) {
	292	gictype = "kvm-arm-gic";
	293	}
	294
	295	gicdev = qdev_create(NULL, gictype);
	296	qdev_prop_set_uint32(gicdev, "revision", 2);
	297	qdev_prop_set_uint32(gicdev, "num-cpu", smp_cpus);
	298	/* Note that the num-irq property counts both internal and external
	299	* interrupts; there are always 32 of the former (mandated by GIC spec).
	300	*/
	301	qdev_prop_set_uint32(gicdev, "num-irq", NUM_IRQS + 32);
	302	qdev_init_nofail(gicdev);
	303	gicbusdev = SYS_BUS_DEVICE(gicdev);
	304	sysbus_mmio_map(gicbusdev, 0, vbi->memmap[VIRT_GIC_DIST].base);
	305	sysbus_mmio_map(gicbusdev, 1, vbi->memmap[VIRT_GIC_CPU].base);
	306
	307	/* Wire the outputs from each CPU's generic timer to the
	308	* appropriate GIC PPI inputs, and the GIC's IRQ output to
	309	* the CPU's IRQ input.
	310	*/
	311	for (i = 0; i < smp_cpus; i++) {
	312	DeviceState *cpudev = DEVICE(qemu_get_cpu(i));
	313	int ppibase = NUM_IRQS + i * 32;
	314	/* physical timer; we wire it up to the non-secure timer's ID,
	315	* since a real A15 always has TrustZone but QEMU doesn't.
	316	*/
	317	qdev_connect_gpio_out(cpudev, 0,
	318	qdev_get_gpio_in(gicdev, ppibase + 30));
	319	/* virtual timer */
	320	qdev_connect_gpio_out(cpudev, 1,
	321	qdev_get_gpio_in(gicdev, ppibase + 27));
	322
	323	sysbus_connect_irq(gicbusdev, i, qdev_get_gpio_in(cpudev, ARM_CPU_IRQ));
	324	}
	325
	326	for (i = 0; i < NUM_IRQS; i++) {
	327	pic[i] = qdev_get_gpio_in(gicdev, i);
	328	}
	329
	330	fdt_add_gic_node(vbi);
	331	}
	332
f5fdcd6e PM	333	static void create_uart(const VirtBoardInfo vbi, qemu_irq pic)
	334	{
	335	char *nodename;
	336	hwaddr base = vbi->memmap[VIRT_UART].base;
	337	hwaddr size = vbi->memmap[VIRT_UART].size;
	338	int irq = vbi->irqmap[VIRT_UART];
	339	const char compat[] = "arm,pl011\0arm,primecell";
	340	const char clocknames[] = "uartclk\0apb_pclk";
	341
	342	sysbus_create_simple("pl011", base, pic[irq]);
	343
	344	nodename = g_strdup_printf("/pl011@%" PRIx64, base);
5a4348d1	345	qemu_fdt_add_subnode(vbi->fdt, nodename);
f5fdcd6e	346	/* Note that we can't use setprop_string because of the embedded NUL */
5a4348d1	347	qemu_fdt_setprop(vbi->fdt, nodename, "compatible",
f5fdcd6e	348	compat, sizeof(compat));
5a4348d1	349	qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg",
f5fdcd6e	350	2, base, 2, size);
5a4348d1	351	qemu_fdt_setprop_cells(vbi->fdt, nodename, "interrupts",
f5fdcd6e PM	352	GIC_FDT_IRQ_TYPE_SPI, irq,
f5fdcd6e PM	353	GIC_FDT_IRQ_FLAGS_EDGE_LO_HI);
5a4348d1	354	qemu_fdt_setprop_cells(vbi->fdt, nodename, "clocks",
f5fdcd6e	355	vbi->clock_phandle, vbi->clock_phandle);
5a4348d1	356	qemu_fdt_setprop(vbi->fdt, nodename, "clock-names",
f5fdcd6e PM	357	clocknames, sizeof(clocknames));
	358	g_free(nodename);
	359	}
	360
6e411af9 PM	361	static void create_rtc(const VirtBoardInfo vbi, qemu_irq pic)
	362	{
	363	char *nodename;
	364	hwaddr base = vbi->memmap[VIRT_RTC].base;
	365	hwaddr size = vbi->memmap[VIRT_RTC].size;
	366	int irq = vbi->irqmap[VIRT_RTC];
	367	const char compat[] = "arm,pl031\0arm,primecell";
	368
	369	sysbus_create_simple("pl031", base, pic[irq]);
	370
	371	nodename = g_strdup_printf("/pl031@%" PRIx64, base);
	372	qemu_fdt_add_subnode(vbi->fdt, nodename);
	373	qemu_fdt_setprop(vbi->fdt, nodename, "compatible", compat, sizeof(compat));
	374	qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg",
	375	2, base, 2, size);
	376	qemu_fdt_setprop_cells(vbi->fdt, nodename, "interrupts",
	377	GIC_FDT_IRQ_TYPE_SPI, irq,
	378	GIC_FDT_IRQ_FLAGS_EDGE_LO_HI);
	379	qemu_fdt_setprop_cell(vbi->fdt, nodename, "clocks", vbi->clock_phandle);
	380	qemu_fdt_setprop_string(vbi->fdt, nodename, "clock-names", "apb_pclk");
	381	g_free(nodename);
	382	}
	383
f5fdcd6e PM	384	static void create_virtio_devices(const VirtBoardInfo vbi, qemu_irq pic)
	385	{
	386	int i;
	387	hwaddr size = vbi->memmap[VIRT_MMIO].size;
	388
	389	/* Note that we have to create the transports in forwards order
	390	* so that command line devices are inserted lowest address first,
	391	* and then add dtb nodes in reverse order so that they appear in
	392	* the finished device tree lowest address first.
	393	*/
	394	for (i = 0; i < NUM_VIRTIO_TRANSPORTS; i++) {
	395	int irq = vbi->irqmap[VIRT_MMIO] + i;
	396	hwaddr base = vbi->memmap[VIRT_MMIO].base + i * size;
	397
	398	sysbus_create_simple("virtio-mmio", base, pic[irq]);
	399	}
	400
	401	for (i = NUM_VIRTIO_TRANSPORTS - 1; i >= 0; i--) {
	402	char *nodename;
	403	int irq = vbi->irqmap[VIRT_MMIO] + i;
	404	hwaddr base = vbi->memmap[VIRT_MMIO].base + i * size;
	405
	406	nodename = g_strdup_printf("/virtio_mmio@%" PRIx64, base);
5a4348d1 PC	407	qemu_fdt_add_subnode(vbi->fdt, nodename);
	408	qemu_fdt_setprop_string(vbi->fdt, nodename,
	409	"compatible", "virtio,mmio");
	410	qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg",
	411	2, base, 2, size);
	412	qemu_fdt_setprop_cells(vbi->fdt, nodename, "interrupts",
	413	GIC_FDT_IRQ_TYPE_SPI, irq,
	414	GIC_FDT_IRQ_FLAGS_EDGE_LO_HI);
f5fdcd6e PM	415	g_free(nodename);
	416	}
	417	}
	418
	419	static void machvirt_dtb(const struct arm_boot_info binfo, int *fdt_size)
	420	{
	421	const VirtBoardInfo board = (const VirtBoardInfo )binfo;
	422
	423	*fdt_size = board->fdt_size;
	424	return board->fdt;
	425	}
	426
3ef96221	427	static void machvirt_init(MachineState *machine)
f5fdcd6e PM	428	{
	429	qemu_irq pic[NUM_IRQS];
	430	MemoryRegion *sysmem = get_system_memory();
	431	int n;
	432	MemoryRegion *ram = g_new(MemoryRegion, 1);
3ef96221	433	const char *cpu_model = machine->cpu_model;
f5fdcd6e PM	434	VirtBoardInfo *vbi;
	435
	436	if (!cpu_model) {
	437	cpu_model = "cortex-a15";
	438	}
	439
	440	vbi = find_machine_info(cpu_model);
	441
	442	if (!vbi) {
	443	error_report("mach-virt: CPU %s not supported", cpu_model);
	444	exit(1);
	445	}
	446
	447	vbi->smp_cpus = smp_cpus;
	448
	449	/*
	450	* Only supported method of starting secondary CPUs is PSCI and
	451	* PSCI is not yet supported with TCG, so limit smp_cpus to 1
	452	* if we're not using KVM.
	453	*/
	454	if (!kvm_enabled() && smp_cpus > 1) {
	455	error_report("mach-virt: must enable KVM to use multiple CPUs");
	456	exit(1);
	457	}
	458
3ef96221	459	if (machine->ram_size > vbi->memmap[VIRT_MEM].size) {
f5fdcd6e PM	460	error_report("mach-virt: cannot model more than 30GB RAM");
	461	exit(1);
	462	}
	463
	464	create_fdt(vbi);
	465	fdt_add_timer_nodes(vbi);
	466
	467	for (n = 0; n < smp_cpus; n++) {
	468	ObjectClass *oc = cpu_class_by_name(TYPE_ARM_CPU, cpu_model);
	469	Object *cpuobj;
	470
	471	if (!oc) {
	472	fprintf(stderr, "Unable to find CPU definition\n");
	473	exit(1);
	474	}
	475	cpuobj = object_new(object_class_get_name(oc));
	476
	477	/* Secondary CPUs start in PSCI powered-down state */
	478	if (n > 0) {
	479	object_property_set_bool(cpuobj, true, "start-powered-off", NULL);
	480	}
ba750085 PM	481
	482	if (object_property_find(cpuobj, "reset-cbar", NULL)) {
	483	object_property_set_int(cpuobj, vbi->memmap[VIRT_CPUPERIPHS].base,
	484	"reset-cbar", &error_abort);
	485	}
	486
f5fdcd6e PM	487	object_property_set_bool(cpuobj, true, "realized", NULL);
	488	}
	489	fdt_add_cpu_nodes(vbi);
06955739	490	fdt_add_psci_node(vbi);
f5fdcd6e	491
3ef96221	492	memory_region_init_ram(ram, NULL, "mach-virt.ram", machine->ram_size);
f5fdcd6e PM	493	vmstate_register_ram_global(ram);
	494	memory_region_add_subregion(sysmem, vbi->memmap[VIRT_MEM].base, ram);
	495
64204743	496	create_gic(vbi, pic);
f5fdcd6e PM	497
	498	create_uart(vbi, pic);
	499
6e411af9 PM	500	create_rtc(vbi, pic);
6e411af9 PM	501
f5fdcd6e PM	502	/* Create mmio transports, so the user can create virtio backends
	503	* (which will be automatically plugged in to the transports). If
	504	* no backend is created the transport will just sit harmlessly idle.
	505	*/
	506	create_virtio_devices(vbi, pic);
	507
3ef96221 MA	508	vbi->bootinfo.ram_size = machine->ram_size;
	509	vbi->bootinfo.kernel_filename = machine->kernel_filename;
	510	vbi->bootinfo.kernel_cmdline = machine->kernel_cmdline;
	511	vbi->bootinfo.initrd_filename = machine->initrd_filename;
f5fdcd6e PM	512	vbi->bootinfo.nb_cpus = smp_cpus;
	513	vbi->bootinfo.board_id = -1;
	514	vbi->bootinfo.loader_start = vbi->memmap[VIRT_MEM].base;
	515	vbi->bootinfo.get_dtb = machvirt_dtb;
	516	arm_load_kernel(ARM_CPU(first_cpu), &vbi->bootinfo);
	517	}
	518
	519	static QEMUMachine machvirt_a15_machine = {
	520	.name = "virt",
	521	.desc = "ARM Virtual Machine",
	522	.init = machvirt_init,
	523	.max_cpus = 4,
	524	};
	525
	526	static void machvirt_machine_init(void)
	527	{
	528	qemu_register_machine(&machvirt_a15_machine);
	529	}
	530
	531	machine_init(machvirt_machine_init);