xref: /qemu/target/riscv/kvm/kvm-cpu.c (revision b6096103494506514d9bfa442f62fef36ffc8fba) 
1 /*
2  * RISC-V implementation of KVM hooks
3  *
4  * Copyright (c) 2020 Huawei Technologies Co., Ltd
5  *
6  * This program is free software; you can redistribute it and/or modify it
7  * under the terms and conditions of the GNU General Public License,
8  * version 2 or later, as published by the Free Software Foundation.
9  *
10  * This program is distributed in the hope it will be useful, but WITHOUT
11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
13  * more details.
14  *
15  * You should have received a copy of the GNU General Public License along with
16  * this program.  If not, see <http://www.gnu.org/licenses/>.
17  */
18 
19 #include "qemu/osdep.h"
20 #include <sys/ioctl.h>
21 #include <sys/prctl.h>
22 
23 #include <linux/kvm.h>
24 
25 #include "qemu/timer.h"
26 #include "qapi/error.h"
27 #include "qemu/error-report.h"
28 #include "qemu/main-loop.h"
29 #include "qapi/visitor.h"
30 #include "system/system.h"
31 #include "system/kvm.h"
32 #include "system/kvm_int.h"
33 #include "cpu.h"
34 #include "trace.h"
35 #include "accel/accel-cpu-target.h"
36 #include "hw/pci/pci.h"
37 #include "exec/memattrs.h"
38 #include "system/address-spaces.h"
39 #include "hw/boards.h"
40 #include "hw/irq.h"
41 #include "hw/intc/riscv_imsic.h"
42 #include "qemu/log.h"
43 #include "hw/loader.h"
44 #include "kvm_riscv.h"
45 #include "sbi_ecall_interface.h"
46 #include "chardev/char-fe.h"
47 #include "migration/misc.h"
48 #include "system/runstate.h"
49 #include "hw/riscv/numa.h"
50 
51 #define PR_RISCV_V_SET_CONTROL            69
52 #define PR_RISCV_V_VSTATE_CTRL_ON          2
53 
54 void riscv_kvm_aplic_request(void *opaque, int irq, int level)
55 {
56     kvm_set_irq(kvm_state, irq, !!level);
57 }
58 
59 static bool cap_has_mp_state;
60 
61 #define KVM_RISCV_REG_ID_U32(type, idx) (KVM_REG_RISCV | KVM_REG_SIZE_U32 | \
62                                          type | idx)
63 
64 #define KVM_RISCV_REG_ID_U64(type, idx) (KVM_REG_RISCV | KVM_REG_SIZE_U64 | \
65                                          type | idx)
66 
67 static uint64_t kvm_riscv_reg_id_ulong(CPURISCVState *env, uint64_t type,
68                                  uint64_t idx)
69 {
70     uint64_t id = KVM_REG_RISCV | type | idx;
71 
72     switch (riscv_cpu_mxl(env)) {
73     case MXL_RV32:
74         id |= KVM_REG_SIZE_U32;
75         break;
76     case MXL_RV64:
77         id |= KVM_REG_SIZE_U64;
78         break;
79     default:
80         g_assert_not_reached();
81     }
82     return id;
83 }
84 
85 static uint64_t kvm_encode_reg_size_id(uint64_t id, size_t size_b)
86 {
87     uint64_t size_ctz = __builtin_ctz(size_b);
88 
89     return id | (size_ctz << KVM_REG_SIZE_SHIFT);
90 }
91 
92 static uint64_t kvm_riscv_vector_reg_id(RISCVCPU *cpu,
93                                         uint64_t idx)
94 {
95     uint64_t id;
96     size_t size_b;
97 
98     g_assert(idx < 32);
99 
100     id = KVM_REG_RISCV | KVM_REG_RISCV_VECTOR | KVM_REG_RISCV_VECTOR_REG(idx);
101     size_b = cpu->cfg.vlenb;
102 
103     return kvm_encode_reg_size_id(id, size_b);
104 }
105 
106 #define RISCV_CORE_REG(env, name) \
107     kvm_riscv_reg_id_ulong(env, KVM_REG_RISCV_CORE, \
108                            KVM_REG_RISCV_CORE_REG(name))
109 
110 #define RISCV_CSR_REG(env, name) \
111     kvm_riscv_reg_id_ulong(env, KVM_REG_RISCV_CSR, \
112                            KVM_REG_RISCV_CSR_REG(name))
113 
114 #define RISCV_CONFIG_REG(env, name) \
115     kvm_riscv_reg_id_ulong(env, KVM_REG_RISCV_CONFIG, \
116                            KVM_REG_RISCV_CONFIG_REG(name))
117 
118 #define RISCV_TIMER_REG(name)  KVM_RISCV_REG_ID_U64(KVM_REG_RISCV_TIMER, \
119                  KVM_REG_RISCV_TIMER_REG(name))
120 
121 #define RISCV_FP_F_REG(idx)  KVM_RISCV_REG_ID_U32(KVM_REG_RISCV_FP_F, idx)
122 
123 #define RISCV_FP_D_REG(idx)  KVM_RISCV_REG_ID_U64(KVM_REG_RISCV_FP_D, idx)
124 
125 #define RISCV_VECTOR_CSR_REG(env, name) \
126     kvm_riscv_reg_id_ulong(env, KVM_REG_RISCV_VECTOR, \
127                            KVM_REG_RISCV_VECTOR_CSR_REG(name))
128 
129 #define KVM_RISCV_GET_CSR(cs, env, csr, reg) \
130     do { \
131         int _ret = kvm_get_one_reg(cs, RISCV_CSR_REG(env, csr), &reg); \
132         if (_ret) { \
133             return _ret; \
134         } \
135     } while (0)
136 
137 #define KVM_RISCV_SET_CSR(cs, env, csr, reg) \
138     do { \
139         int _ret = kvm_set_one_reg(cs, RISCV_CSR_REG(env, csr), &reg); \
140         if (_ret) { \
141             return _ret; \
142         } \
143     } while (0)
144 
145 #define KVM_RISCV_GET_TIMER(cs, name, reg) \
146     do { \
147         int ret = kvm_get_one_reg(cs, RISCV_TIMER_REG(name), &reg); \
148         if (ret) { \
149             abort(); \
150         } \
151     } while (0)
152 
153 #define KVM_RISCV_SET_TIMER(cs, name, reg) \
154     do { \
155         int ret = kvm_set_one_reg(cs, RISCV_TIMER_REG(name), &reg); \
156         if (ret) { \
157             abort(); \
158         } \
159     } while (0)
160 
161 typedef struct KVMCPUConfig {
162     const char *name;
163     const char *description;
164     target_ulong offset;
165     uint64_t kvm_reg_id;
166     bool user_set;
167     bool supported;
168 } KVMCPUConfig;
169 
170 #define KVM_MISA_CFG(_bit, _reg_id) \
171     {.offset = _bit, .kvm_reg_id = _reg_id}
172 
173 /* KVM ISA extensions */
174 static KVMCPUConfig kvm_misa_ext_cfgs[] = {
175     KVM_MISA_CFG(RVA, KVM_RISCV_ISA_EXT_A),
176     KVM_MISA_CFG(RVC, KVM_RISCV_ISA_EXT_C),
177     KVM_MISA_CFG(RVD, KVM_RISCV_ISA_EXT_D),
178     KVM_MISA_CFG(RVF, KVM_RISCV_ISA_EXT_F),
179     KVM_MISA_CFG(RVH, KVM_RISCV_ISA_EXT_H),
180     KVM_MISA_CFG(RVI, KVM_RISCV_ISA_EXT_I),
181     KVM_MISA_CFG(RVM, KVM_RISCV_ISA_EXT_M),
182     KVM_MISA_CFG(RVV, KVM_RISCV_ISA_EXT_V),
183 };
184 
185 static void kvm_cpu_get_misa_ext_cfg(Object *obj, Visitor *v,
186                                      const char *name,
187                                      void *opaque, Error **errp)
188 {
189     KVMCPUConfig *misa_ext_cfg = opaque;
190     target_ulong misa_bit = misa_ext_cfg->offset;
191     RISCVCPU *cpu = RISCV_CPU(obj);
192     CPURISCVState *env = &cpu->env;
193     bool value = env->misa_ext_mask & misa_bit;
194 
195     visit_type_bool(v, name, &value, errp);
196 }
197 
198 static void kvm_cpu_set_misa_ext_cfg(Object *obj, Visitor *v,
199                                      const char *name,
200                                      void *opaque, Error **errp)
201 {
202     KVMCPUConfig *misa_ext_cfg = opaque;
203     target_ulong misa_bit = misa_ext_cfg->offset;
204     RISCVCPU *cpu = RISCV_CPU(obj);
205     CPURISCVState *env = &cpu->env;
206     bool value, host_bit;
207 
208     if (!visit_type_bool(v, name, &value, errp)) {
209         return;
210     }
211 
212     host_bit = env->misa_ext_mask & misa_bit;
213 
214     if (value == host_bit) {
215         return;
216     }
217 
218     if (!value) {
219         misa_ext_cfg->user_set = true;
220         return;
221     }
222 
223     /*
224      * Forbid users to enable extensions that aren't
225      * available in the hart.
226      */
227     error_setg(errp, "Enabling MISA bit '%s' is not allowed: it's not "
228                "enabled in the host", misa_ext_cfg->name);
229 }
230 
231 static void kvm_riscv_update_cpu_misa_ext(RISCVCPU *cpu, CPUState *cs)
232 {
233     CPURISCVState *env = &cpu->env;
234     uint64_t id, reg;
235     int i, ret;
236 
237     for (i = 0; i < ARRAY_SIZE(kvm_misa_ext_cfgs); i++) {
238         KVMCPUConfig *misa_cfg = &kvm_misa_ext_cfgs[i];
239         target_ulong misa_bit = misa_cfg->offset;
240 
241         if (!misa_cfg->user_set) {
242             continue;
243         }
244 
245         /* If we're here we're going to disable the MISA bit */
246         reg = 0;
247         id = kvm_riscv_reg_id_ulong(env, KVM_REG_RISCV_ISA_EXT,
248                                     misa_cfg->kvm_reg_id);
249         ret = kvm_set_one_reg(cs, id, &reg);
250         if (ret != 0) {
251             /*
252              * We're not checking for -EINVAL because if the bit is about
253              * to be disabled, it means that it was already enabled by
254              * KVM. We determined that by fetching the 'isa' register
255              * during init() time. Any error at this point is worth
256              * aborting.
257              */
258             error_report("Unable to set KVM reg %s, error %d",
259                          misa_cfg->name, ret);
260             exit(EXIT_FAILURE);
261         }
262         env->misa_ext &= ~misa_bit;
263     }
264 }
265 
266 #define KVM_EXT_CFG(_name, _prop, _reg_id) \
267     {.name = _name, .offset = CPU_CFG_OFFSET(_prop), \
268      .kvm_reg_id = _reg_id}
269 
270 static KVMCPUConfig kvm_multi_ext_cfgs[] = {
271     KVM_EXT_CFG("zicbom", ext_zicbom, KVM_RISCV_ISA_EXT_ZICBOM),
272     KVM_EXT_CFG("zicboz", ext_zicboz, KVM_RISCV_ISA_EXT_ZICBOZ),
273     KVM_EXT_CFG("ziccrse", ext_ziccrse, KVM_RISCV_ISA_EXT_ZICCRSE),
274     KVM_EXT_CFG("zicntr", ext_zicntr, KVM_RISCV_ISA_EXT_ZICNTR),
275     KVM_EXT_CFG("zicond", ext_zicond, KVM_RISCV_ISA_EXT_ZICOND),
276     KVM_EXT_CFG("zicsr", ext_zicsr, KVM_RISCV_ISA_EXT_ZICSR),
277     KVM_EXT_CFG("zifencei", ext_zifencei, KVM_RISCV_ISA_EXT_ZIFENCEI),
278     KVM_EXT_CFG("zihintntl", ext_zihintntl, KVM_RISCV_ISA_EXT_ZIHINTNTL),
279     KVM_EXT_CFG("zihintpause", ext_zihintpause, KVM_RISCV_ISA_EXT_ZIHINTPAUSE),
280     KVM_EXT_CFG("zihpm", ext_zihpm, KVM_RISCV_ISA_EXT_ZIHPM),
281     KVM_EXT_CFG("zimop", ext_zimop, KVM_RISCV_ISA_EXT_ZIMOP),
282     KVM_EXT_CFG("zcmop", ext_zcmop, KVM_RISCV_ISA_EXT_ZCMOP),
283     KVM_EXT_CFG("zabha", ext_zabha, KVM_RISCV_ISA_EXT_ZABHA),
284     KVM_EXT_CFG("zacas", ext_zacas, KVM_RISCV_ISA_EXT_ZACAS),
285     KVM_EXT_CFG("zawrs", ext_zawrs, KVM_RISCV_ISA_EXT_ZAWRS),
286     KVM_EXT_CFG("zfa", ext_zfa, KVM_RISCV_ISA_EXT_ZFA),
287     KVM_EXT_CFG("zfh", ext_zfh, KVM_RISCV_ISA_EXT_ZFH),
288     KVM_EXT_CFG("zfhmin", ext_zfhmin, KVM_RISCV_ISA_EXT_ZFHMIN),
289     KVM_EXT_CFG("zba", ext_zba, KVM_RISCV_ISA_EXT_ZBA),
290     KVM_EXT_CFG("zbb", ext_zbb, KVM_RISCV_ISA_EXT_ZBB),
291     KVM_EXT_CFG("zbc", ext_zbc, KVM_RISCV_ISA_EXT_ZBC),
292     KVM_EXT_CFG("zbkb", ext_zbkb, KVM_RISCV_ISA_EXT_ZBKB),
293     KVM_EXT_CFG("zbkc", ext_zbkc, KVM_RISCV_ISA_EXT_ZBKC),
294     KVM_EXT_CFG("zbkx", ext_zbkx, KVM_RISCV_ISA_EXT_ZBKX),
295     KVM_EXT_CFG("zbs", ext_zbs, KVM_RISCV_ISA_EXT_ZBS),
296     KVM_EXT_CFG("zca", ext_zca, KVM_RISCV_ISA_EXT_ZCA),
297     KVM_EXT_CFG("zcb", ext_zcb, KVM_RISCV_ISA_EXT_ZCB),
298     KVM_EXT_CFG("zcd", ext_zcd, KVM_RISCV_ISA_EXT_ZCD),
299     KVM_EXT_CFG("zcf", ext_zcf, KVM_RISCV_ISA_EXT_ZCF),
300     KVM_EXT_CFG("zknd", ext_zknd, KVM_RISCV_ISA_EXT_ZKND),
301     KVM_EXT_CFG("zkne", ext_zkne, KVM_RISCV_ISA_EXT_ZKNE),
302     KVM_EXT_CFG("zknh", ext_zknh, KVM_RISCV_ISA_EXT_ZKNH),
303     KVM_EXT_CFG("zkr", ext_zkr, KVM_RISCV_ISA_EXT_ZKR),
304     KVM_EXT_CFG("zksed", ext_zksed, KVM_RISCV_ISA_EXT_ZKSED),
305     KVM_EXT_CFG("zksh", ext_zksh, KVM_RISCV_ISA_EXT_ZKSH),
306     KVM_EXT_CFG("zkt", ext_zkt, KVM_RISCV_ISA_EXT_ZKT),
307     KVM_EXT_CFG("ztso", ext_ztso, KVM_RISCV_ISA_EXT_ZTSO),
308     KVM_EXT_CFG("zvbb", ext_zvbb, KVM_RISCV_ISA_EXT_ZVBB),
309     KVM_EXT_CFG("zvbc", ext_zvbc, KVM_RISCV_ISA_EXT_ZVBC),
310     KVM_EXT_CFG("zvfh", ext_zvfh, KVM_RISCV_ISA_EXT_ZVFH),
311     KVM_EXT_CFG("zvfhmin", ext_zvfhmin, KVM_RISCV_ISA_EXT_ZVFHMIN),
312     KVM_EXT_CFG("zvkb", ext_zvkb, KVM_RISCV_ISA_EXT_ZVKB),
313     KVM_EXT_CFG("zvkg", ext_zvkg, KVM_RISCV_ISA_EXT_ZVKG),
314     KVM_EXT_CFG("zvkned", ext_zvkned, KVM_RISCV_ISA_EXT_ZVKNED),
315     KVM_EXT_CFG("zvknha", ext_zvknha, KVM_RISCV_ISA_EXT_ZVKNHA),
316     KVM_EXT_CFG("zvknhb", ext_zvknhb, KVM_RISCV_ISA_EXT_ZVKNHB),
317     KVM_EXT_CFG("zvksed", ext_zvksed, KVM_RISCV_ISA_EXT_ZVKSED),
318     KVM_EXT_CFG("zvksh", ext_zvksh, KVM_RISCV_ISA_EXT_ZVKSH),
319     KVM_EXT_CFG("zvkt", ext_zvkt, KVM_RISCV_ISA_EXT_ZVKT),
320     KVM_EXT_CFG("smnpm", ext_smnpm, KVM_RISCV_ISA_EXT_SMNPM),
321     KVM_EXT_CFG("smstateen", ext_smstateen, KVM_RISCV_ISA_EXT_SMSTATEEN),
322     KVM_EXT_CFG("ssaia", ext_ssaia, KVM_RISCV_ISA_EXT_SSAIA),
323     KVM_EXT_CFG("sscofpmf", ext_sscofpmf, KVM_RISCV_ISA_EXT_SSCOFPMF),
324     KVM_EXT_CFG("ssnpm", ext_ssnpm, KVM_RISCV_ISA_EXT_SSNPM),
325     KVM_EXT_CFG("sstc", ext_sstc, KVM_RISCV_ISA_EXT_SSTC),
326     KVM_EXT_CFG("svade", ext_svade, KVM_RISCV_ISA_EXT_SVADE),
327     KVM_EXT_CFG("svadu", ext_svadu, KVM_RISCV_ISA_EXT_SVADU),
328     KVM_EXT_CFG("svinval", ext_svinval, KVM_RISCV_ISA_EXT_SVINVAL),
329     KVM_EXT_CFG("svnapot", ext_svnapot, KVM_RISCV_ISA_EXT_SVNAPOT),
330     KVM_EXT_CFG("svpbmt", ext_svpbmt, KVM_RISCV_ISA_EXT_SVPBMT),
331     KVM_EXT_CFG("svvptc", ext_svvptc, KVM_RISCV_ISA_EXT_SVVPTC),
332 };
333 
334 static void *kvmconfig_get_cfg_addr(RISCVCPU *cpu, KVMCPUConfig *kvmcfg)
335 {
336     return (void *)&cpu->cfg + kvmcfg->offset;
337 }
338 
339 static void kvm_cpu_cfg_set(RISCVCPU *cpu, KVMCPUConfig *multi_ext,
340                             uint32_t val)
341 {
342     bool *ext_enabled = kvmconfig_get_cfg_addr(cpu, multi_ext);
343 
344     *ext_enabled = val;
345 }
346 
347 static uint32_t kvm_cpu_cfg_get(RISCVCPU *cpu,
348                                 KVMCPUConfig *multi_ext)
349 {
350     bool *ext_enabled = kvmconfig_get_cfg_addr(cpu, multi_ext);
351 
352     return *ext_enabled;
353 }
354 
355 static void kvm_cpu_get_multi_ext_cfg(Object *obj, Visitor *v,
356                                       const char *name,
357                                       void *opaque, Error **errp)
358 {
359     KVMCPUConfig *multi_ext_cfg = opaque;
360     RISCVCPU *cpu = RISCV_CPU(obj);
361     bool value = kvm_cpu_cfg_get(cpu, multi_ext_cfg);
362 
363     visit_type_bool(v, name, &value, errp);
364 }
365 
366 static void kvm_cpu_set_multi_ext_cfg(Object *obj, Visitor *v,
367                                       const char *name,
368                                       void *opaque, Error **errp)
369 {
370     KVMCPUConfig *multi_ext_cfg = opaque;
371     RISCVCPU *cpu = RISCV_CPU(obj);
372     bool value, host_val;
373 
374     if (!visit_type_bool(v, name, &value, errp)) {
375         return;
376     }
377 
378     host_val = kvm_cpu_cfg_get(cpu, multi_ext_cfg);
379 
380     /*
381      * Ignore if the user is setting the same value
382      * as the host.
383      */
384     if (value == host_val) {
385         return;
386     }
387 
388     if (!multi_ext_cfg->supported) {
389         /*
390          * Error out if the user is trying to enable an
391          * extension that KVM doesn't support. Ignore
392          * option otherwise.
393          */
394         if (value) {
395             error_setg(errp, "KVM does not support disabling extension %s",
396                        multi_ext_cfg->name);
397         }
398 
399         return;
400     }
401 
402     multi_ext_cfg->user_set = true;
403     kvm_cpu_cfg_set(cpu, multi_ext_cfg, value);
404 }
405 
406 static KVMCPUConfig kvm_cbom_blocksize = {
407     .name = "cbom_blocksize",
408     .offset = CPU_CFG_OFFSET(cbom_blocksize),
409     .kvm_reg_id = KVM_REG_RISCV_CONFIG_REG(zicbom_block_size)
410 };
411 
412 static KVMCPUConfig kvm_cboz_blocksize = {
413     .name = "cboz_blocksize",
414     .offset = CPU_CFG_OFFSET(cboz_blocksize),
415     .kvm_reg_id = KVM_REG_RISCV_CONFIG_REG(zicboz_block_size)
416 };
417 
418 static KVMCPUConfig kvm_v_vlenb = {
419     .name = "vlenb",
420     .offset = CPU_CFG_OFFSET(vlenb),
421     .kvm_reg_id =  KVM_REG_RISCV | KVM_REG_SIZE_U64 | KVM_REG_RISCV_VECTOR |
422                    KVM_REG_RISCV_VECTOR_CSR_REG(vlenb)
423 };
424 
425 static KVMCPUConfig kvm_sbi_dbcn = {
426     .name = "sbi_dbcn",
427     .kvm_reg_id = KVM_REG_RISCV | KVM_REG_SIZE_U64 |
428                   KVM_REG_RISCV_SBI_EXT | KVM_RISCV_SBI_EXT_DBCN
429 };
430 
431 static void kvm_riscv_update_cpu_cfg_isa_ext(RISCVCPU *cpu, CPUState *cs)
432 {
433     CPURISCVState *env = &cpu->env;
434     uint64_t id, reg;
435     int i, ret;
436 
437     for (i = 0; i < ARRAY_SIZE(kvm_multi_ext_cfgs); i++) {
438         KVMCPUConfig *multi_ext_cfg = &kvm_multi_ext_cfgs[i];
439 
440         if (!multi_ext_cfg->user_set) {
441             continue;
442         }
443 
444         id = kvm_riscv_reg_id_ulong(env, KVM_REG_RISCV_ISA_EXT,
445                                     multi_ext_cfg->kvm_reg_id);
446         reg = kvm_cpu_cfg_get(cpu, multi_ext_cfg);
447         ret = kvm_set_one_reg(cs, id, &reg);
448         if (ret != 0) {
449             if (!reg && ret == -EINVAL) {
450                 warn_report("KVM cannot disable extension %s",
451                             multi_ext_cfg->name);
452             } else {
453                 error_report("Unable to enable extension %s in KVM, error %d",
454                              multi_ext_cfg->name, ret);
455                 exit(EXIT_FAILURE);
456             }
457         }
458     }
459 }
460 
461 static void cpu_get_cfg_unavailable(Object *obj, Visitor *v,
462                                     const char *name,
463                                     void *opaque, Error **errp)
464 {
465     bool value = false;
466 
467     visit_type_bool(v, name, &value, errp);
468 }
469 
470 static void cpu_set_cfg_unavailable(Object *obj, Visitor *v,
471                                     const char *name,
472                                     void *opaque, Error **errp)
473 {
474     const char *propname = opaque;
475     bool value;
476 
477     if (!visit_type_bool(v, name, &value, errp)) {
478         return;
479     }
480 
481     if (value) {
482         error_setg(errp, "'%s' is not available with KVM",
483                    propname);
484     }
485 }
486 
487 static void riscv_cpu_add_kvm_unavail_prop(Object *obj, const char *prop_name)
488 {
489     /* Check if KVM created the property already */
490     if (object_property_find(obj, prop_name)) {
491         return;
492     }
493 
494     /*
495      * Set the default to disabled for every extension
496      * unknown to KVM and error out if the user attempts
497      * to enable any of them.
498      */
499     object_property_add(obj, prop_name, "bool",
500                         cpu_get_cfg_unavailable,
501                         cpu_set_cfg_unavailable,
502                         NULL, (void *)prop_name);
503 }
504 
505 static void riscv_cpu_add_kvm_unavail_prop_array(Object *obj,
506                                         const RISCVCPUMultiExtConfig *array)
507 {
508     const RISCVCPUMultiExtConfig *prop;
509 
510     g_assert(array);
511 
512     for (prop = array; prop && prop->name; prop++) {
513         riscv_cpu_add_kvm_unavail_prop(obj, prop->name);
514     }
515 }
516 
517 static void kvm_riscv_add_cpu_user_properties(Object *cpu_obj)
518 {
519     int i;
520 
521     riscv_add_satp_mode_properties(cpu_obj);
522 
523     for (i = 0; i < ARRAY_SIZE(kvm_misa_ext_cfgs); i++) {
524         KVMCPUConfig *misa_cfg = &kvm_misa_ext_cfgs[i];
525         int bit = misa_cfg->offset;
526 
527         misa_cfg->name = riscv_get_misa_ext_name(bit);
528         misa_cfg->description = riscv_get_misa_ext_description(bit);
529 
530         object_property_add(cpu_obj, misa_cfg->name, "bool",
531                             kvm_cpu_get_misa_ext_cfg,
532                             kvm_cpu_set_misa_ext_cfg,
533                             NULL, misa_cfg);
534         object_property_set_description(cpu_obj, misa_cfg->name,
535                                         misa_cfg->description);
536     }
537 
538     for (i = 0; misa_bits[i] != 0; i++) {
539         const char *ext_name = riscv_get_misa_ext_name(misa_bits[i]);
540         riscv_cpu_add_kvm_unavail_prop(cpu_obj, ext_name);
541     }
542 
543     for (i = 0; i < ARRAY_SIZE(kvm_multi_ext_cfgs); i++) {
544         KVMCPUConfig *multi_cfg = &kvm_multi_ext_cfgs[i];
545 
546         object_property_add(cpu_obj, multi_cfg->name, "bool",
547                             kvm_cpu_get_multi_ext_cfg,
548                             kvm_cpu_set_multi_ext_cfg,
549                             NULL, multi_cfg);
550     }
551 
552     riscv_cpu_add_kvm_unavail_prop_array(cpu_obj, riscv_cpu_extensions);
553     riscv_cpu_add_kvm_unavail_prop_array(cpu_obj, riscv_cpu_vendor_exts);
554     riscv_cpu_add_kvm_unavail_prop_array(cpu_obj, riscv_cpu_experimental_exts);
555 
556    /* We don't have the needed KVM support for profiles */
557     for (i = 0; riscv_profiles[i] != NULL; i++) {
558         riscv_cpu_add_kvm_unavail_prop(cpu_obj, riscv_profiles[i]->name);
559     }
560 }
561 
562 static int kvm_riscv_get_regs_core(CPUState *cs)
563 {
564     int ret = 0;
565     int i;
566     target_ulong reg;
567     CPURISCVState *env = &RISCV_CPU(cs)->env;
568 
569     ret = kvm_get_one_reg(cs, RISCV_CORE_REG(env, regs.pc), &reg);
570     if (ret) {
571         return ret;
572     }
573     env->pc = reg;
574 
575     for (i = 1; i < 32; i++) {
576         uint64_t id = kvm_riscv_reg_id_ulong(env, KVM_REG_RISCV_CORE, i);
577         ret = kvm_get_one_reg(cs, id, &reg);
578         if (ret) {
579             return ret;
580         }
581         env->gpr[i] = reg;
582     }
583 
584     return ret;
585 }
586 
587 static int kvm_riscv_put_regs_core(CPUState *cs)
588 {
589     int ret = 0;
590     int i;
591     target_ulong reg;
592     CPURISCVState *env = &RISCV_CPU(cs)->env;
593 
594     reg = env->pc;
595     ret = kvm_set_one_reg(cs, RISCV_CORE_REG(env, regs.pc), &reg);
596     if (ret) {
597         return ret;
598     }
599 
600     for (i = 1; i < 32; i++) {
601         uint64_t id = kvm_riscv_reg_id_ulong(env, KVM_REG_RISCV_CORE, i);
602         reg = env->gpr[i];
603         ret = kvm_set_one_reg(cs, id, &reg);
604         if (ret) {
605             return ret;
606         }
607     }
608 
609     return ret;
610 }
611 
612 static int kvm_riscv_get_regs_csr(CPUState *cs)
613 {
614     CPURISCVState *env = &RISCV_CPU(cs)->env;
615 
616     KVM_RISCV_GET_CSR(cs, env, sstatus, env->mstatus);
617     KVM_RISCV_GET_CSR(cs, env, sie, env->mie);
618     KVM_RISCV_GET_CSR(cs, env, stvec, env->stvec);
619     KVM_RISCV_GET_CSR(cs, env, sscratch, env->sscratch);
620     KVM_RISCV_GET_CSR(cs, env, sepc, env->sepc);
621     KVM_RISCV_GET_CSR(cs, env, scause, env->scause);
622     KVM_RISCV_GET_CSR(cs, env, stval, env->stval);
623     KVM_RISCV_GET_CSR(cs, env, sip, env->mip);
624     KVM_RISCV_GET_CSR(cs, env, satp, env->satp);
625 
626     return 0;
627 }
628 
629 static int kvm_riscv_put_regs_csr(CPUState *cs)
630 {
631     CPURISCVState *env = &RISCV_CPU(cs)->env;
632 
633     KVM_RISCV_SET_CSR(cs, env, sstatus, env->mstatus);
634     KVM_RISCV_SET_CSR(cs, env, sie, env->mie);
635     KVM_RISCV_SET_CSR(cs, env, stvec, env->stvec);
636     KVM_RISCV_SET_CSR(cs, env, sscratch, env->sscratch);
637     KVM_RISCV_SET_CSR(cs, env, sepc, env->sepc);
638     KVM_RISCV_SET_CSR(cs, env, scause, env->scause);
639     KVM_RISCV_SET_CSR(cs, env, stval, env->stval);
640     KVM_RISCV_SET_CSR(cs, env, sip, env->mip);
641     KVM_RISCV_SET_CSR(cs, env, satp, env->satp);
642 
643     return 0;
644 }
645 
646 static void kvm_riscv_reset_regs_csr(CPURISCVState *env)
647 {
648     env->mstatus = 0;
649     env->mie = 0;
650     env->stvec = 0;
651     env->sscratch = 0;
652     env->sepc = 0;
653     env->scause = 0;
654     env->stval = 0;
655     env->mip = 0;
656     env->satp = 0;
657 }
658 
659 static int kvm_riscv_get_regs_fp(CPUState *cs)
660 {
661     int ret = 0;
662     int i;
663     CPURISCVState *env = &RISCV_CPU(cs)->env;
664 
665     if (riscv_has_ext(env, RVD)) {
666         uint64_t reg;
667         for (i = 0; i < 32; i++) {
668             ret = kvm_get_one_reg(cs, RISCV_FP_D_REG(i), &reg);
669             if (ret) {
670                 return ret;
671             }
672             env->fpr[i] = reg;
673         }
674         return ret;
675     }
676 
677     if (riscv_has_ext(env, RVF)) {
678         uint32_t reg;
679         for (i = 0; i < 32; i++) {
680             ret = kvm_get_one_reg(cs, RISCV_FP_F_REG(i), &reg);
681             if (ret) {
682                 return ret;
683             }
684             env->fpr[i] = reg;
685         }
686         return ret;
687     }
688 
689     return ret;
690 }
691 
692 static int kvm_riscv_put_regs_fp(CPUState *cs)
693 {
694     int ret = 0;
695     int i;
696     CPURISCVState *env = &RISCV_CPU(cs)->env;
697 
698     if (riscv_has_ext(env, RVD)) {
699         uint64_t reg;
700         for (i = 0; i < 32; i++) {
701             reg = env->fpr[i];
702             ret = kvm_set_one_reg(cs, RISCV_FP_D_REG(i), &reg);
703             if (ret) {
704                 return ret;
705             }
706         }
707         return ret;
708     }
709 
710     if (riscv_has_ext(env, RVF)) {
711         uint32_t reg;
712         for (i = 0; i < 32; i++) {
713             reg = env->fpr[i];
714             ret = kvm_set_one_reg(cs, RISCV_FP_F_REG(i), &reg);
715             if (ret) {
716                 return ret;
717             }
718         }
719         return ret;
720     }
721 
722     return ret;
723 }
724 
725 static void kvm_riscv_get_regs_timer(CPUState *cs)
726 {
727     CPURISCVState *env = &RISCV_CPU(cs)->env;
728 
729     if (env->kvm_timer_dirty) {
730         return;
731     }
732 
733     KVM_RISCV_GET_TIMER(cs, time, env->kvm_timer_time);
734     KVM_RISCV_GET_TIMER(cs, compare, env->kvm_timer_compare);
735     KVM_RISCV_GET_TIMER(cs, state, env->kvm_timer_state);
736     KVM_RISCV_GET_TIMER(cs, frequency, env->kvm_timer_frequency);
737 
738     env->kvm_timer_dirty = true;
739 }
740 
741 static void kvm_riscv_put_regs_timer(CPUState *cs)
742 {
743     uint64_t reg;
744     CPURISCVState *env = &RISCV_CPU(cs)->env;
745 
746     if (!env->kvm_timer_dirty) {
747         return;
748     }
749 
750     KVM_RISCV_SET_TIMER(cs, time, env->kvm_timer_time);
751     KVM_RISCV_SET_TIMER(cs, compare, env->kvm_timer_compare);
752 
753     /*
754      * To set register of RISCV_TIMER_REG(state) will occur a error from KVM
755      * on env->kvm_timer_state == 0, It's better to adapt in KVM, but it
756      * doesn't matter that adaping in QEMU now.
757      * TODO If KVM changes, adapt here.
758      */
759     if (env->kvm_timer_state) {
760         KVM_RISCV_SET_TIMER(cs, state, env->kvm_timer_state);
761     }
762 
763     /*
764      * For now, migration will not work between Hosts with different timer
765      * frequency. Therefore, we should check whether they are the same here
766      * during the migration.
767      */
768     if (migration_is_running()) {
769         KVM_RISCV_GET_TIMER(cs, frequency, reg);
770         if (reg != env->kvm_timer_frequency) {
771             error_report("Dst Hosts timer frequency != Src Hosts");
772         }
773     }
774 
775     env->kvm_timer_dirty = false;
776 }
777 
778 uint64_t kvm_riscv_get_timebase_frequency(RISCVCPU *cpu)
779 {
780     uint64_t reg;
781 
782     KVM_RISCV_GET_TIMER(CPU(cpu), frequency, reg);
783 
784     return reg;
785 }
786 
787 static int kvm_riscv_get_regs_vector(CPUState *cs)
788 {
789     RISCVCPU *cpu = RISCV_CPU(cs);
790     CPURISCVState *env = &cpu->env;
791     target_ulong reg;
792     uint64_t vreg_id;
793     int vreg_idx, ret = 0;
794 
795     if (!riscv_has_ext(env, RVV)) {
796         return 0;
797     }
798 
799     ret = kvm_get_one_reg(cs, RISCV_VECTOR_CSR_REG(env, vstart), &reg);
800     if (ret) {
801         return ret;
802     }
803     env->vstart = reg;
804 
805     ret = kvm_get_one_reg(cs, RISCV_VECTOR_CSR_REG(env, vl), &reg);
806     if (ret) {
807         return ret;
808     }
809     env->vl = reg;
810 
811     ret = kvm_get_one_reg(cs, RISCV_VECTOR_CSR_REG(env, vtype), &reg);
812     if (ret) {
813         return ret;
814     }
815     env->vtype = reg;
816 
817     if (kvm_v_vlenb.supported) {
818         ret = kvm_get_one_reg(cs, RISCV_VECTOR_CSR_REG(env, vlenb), &reg);
819         if (ret) {
820             return ret;
821         }
822         cpu->cfg.vlenb = reg;
823 
824         for (int i = 0; i < 32; i++) {
825             /*
826              * vreg[] is statically allocated using RV_VLEN_MAX.
827              * Use it instead of vlenb to calculate vreg_idx for
828              * simplicity.
829              */
830             vreg_idx = i * RV_VLEN_MAX / 64;
831             vreg_id = kvm_riscv_vector_reg_id(cpu, i);
832 
833             ret = kvm_get_one_reg(cs, vreg_id, &env->vreg[vreg_idx]);
834             if (ret) {
835                 return ret;
836             }
837         }
838     }
839 
840     return 0;
841 }
842 
843 static int kvm_riscv_put_regs_vector(CPUState *cs)
844 {
845     RISCVCPU *cpu = RISCV_CPU(cs);
846     CPURISCVState *env = &cpu->env;
847     target_ulong reg;
848     uint64_t vreg_id;
849     int vreg_idx, ret = 0;
850 
851     if (!riscv_has_ext(env, RVV)) {
852         return 0;
853     }
854 
855     reg = env->vstart;
856     ret = kvm_set_one_reg(cs, RISCV_VECTOR_CSR_REG(env, vstart), &reg);
857     if (ret) {
858         return ret;
859     }
860 
861     reg = env->vl;
862     ret = kvm_set_one_reg(cs, RISCV_VECTOR_CSR_REG(env, vl), &reg);
863     if (ret) {
864         return ret;
865     }
866 
867     reg = env->vtype;
868     ret = kvm_set_one_reg(cs, RISCV_VECTOR_CSR_REG(env, vtype), &reg);
869     if (ret) {
870         return ret;
871     }
872 
873     if (kvm_v_vlenb.supported) {
874         reg = cpu->cfg.vlenb;
875         ret = kvm_set_one_reg(cs, RISCV_VECTOR_CSR_REG(env, vlenb), &reg);
876 
877         for (int i = 0; i < 32; i++) {
878             /*
879              * vreg[] is statically allocated using RV_VLEN_MAX.
880              * Use it instead of vlenb to calculate vreg_idx for
881              * simplicity.
882              */
883             vreg_idx = i * RV_VLEN_MAX / 64;
884             vreg_id = kvm_riscv_vector_reg_id(cpu, i);
885 
886             ret = kvm_set_one_reg(cs, vreg_id, &env->vreg[vreg_idx]);
887             if (ret) {
888                 return ret;
889             }
890         }
891     }
892 
893     return ret;
894 }
895 
896 typedef struct KVMScratchCPU {
897     int kvmfd;
898     int vmfd;
899     int cpufd;
900 } KVMScratchCPU;
901 
902 /*
903  * Heavily inspired by kvm_arm_create_scratch_host_vcpu()
904  * from target/arm/kvm.c.
905  */
906 static bool kvm_riscv_create_scratch_vcpu(KVMScratchCPU *scratch)
907 {
908     int kvmfd = -1, vmfd = -1, cpufd = -1;
909 
910     kvmfd = qemu_open_old("/dev/kvm", O_RDWR);
911     if (kvmfd < 0) {
912         goto err;
913     }
914     do {
915         vmfd = ioctl(kvmfd, KVM_CREATE_VM, 0);
916     } while (vmfd == -1 && errno == EINTR);
917     if (vmfd < 0) {
918         goto err;
919     }
920     cpufd = ioctl(vmfd, KVM_CREATE_VCPU, 0);
921     if (cpufd < 0) {
922         goto err;
923     }
924 
925     scratch->kvmfd =  kvmfd;
926     scratch->vmfd = vmfd;
927     scratch->cpufd = cpufd;
928 
929     return true;
930 
931  err:
932     if (cpufd >= 0) {
933         close(cpufd);
934     }
935     if (vmfd >= 0) {
936         close(vmfd);
937     }
938     if (kvmfd >= 0) {
939         close(kvmfd);
940     }
941 
942     return false;
943 }
944 
945 static void kvm_riscv_destroy_scratch_vcpu(KVMScratchCPU *scratch)
946 {
947     close(scratch->cpufd);
948     close(scratch->vmfd);
949     close(scratch->kvmfd);
950 }
951 
952 static void kvm_riscv_init_machine_ids(RISCVCPU *cpu, KVMScratchCPU *kvmcpu)
953 {
954     CPURISCVState *env = &cpu->env;
955     struct kvm_one_reg reg;
956     int ret;
957 
958     reg.id = RISCV_CONFIG_REG(env, mvendorid);
959     reg.addr = (uint64_t)&cpu->cfg.mvendorid;
960     ret = ioctl(kvmcpu->cpufd, KVM_GET_ONE_REG, &reg);
961     if (ret != 0) {
962         error_report("Unable to retrieve mvendorid from host, error %d", ret);
963     }
964 
965     reg.id = RISCV_CONFIG_REG(env, marchid);
966     reg.addr = (uint64_t)&cpu->cfg.marchid;
967     ret = ioctl(kvmcpu->cpufd, KVM_GET_ONE_REG, &reg);
968     if (ret != 0) {
969         error_report("Unable to retrieve marchid from host, error %d", ret);
970     }
971 
972     reg.id = RISCV_CONFIG_REG(env, mimpid);
973     reg.addr = (uint64_t)&cpu->cfg.mimpid;
974     ret = ioctl(kvmcpu->cpufd, KVM_GET_ONE_REG, &reg);
975     if (ret != 0) {
976         error_report("Unable to retrieve mimpid from host, error %d", ret);
977     }
978 }
979 
980 static void kvm_riscv_init_misa_ext_mask(RISCVCPU *cpu,
981                                          KVMScratchCPU *kvmcpu)
982 {
983     CPURISCVState *env = &cpu->env;
984     struct kvm_one_reg reg;
985     int ret;
986 
987     reg.id = RISCV_CONFIG_REG(env, isa);
988     reg.addr = (uint64_t)&env->misa_ext_mask;
989     ret = ioctl(kvmcpu->cpufd, KVM_GET_ONE_REG, &reg);
990 
991     if (ret) {
992         error_report("Unable to fetch ISA register from KVM, "
993                      "error %d", ret);
994         kvm_riscv_destroy_scratch_vcpu(kvmcpu);
995         exit(EXIT_FAILURE);
996     }
997 
998     env->misa_ext = env->misa_ext_mask;
999 }
1000 
1001 static void kvm_riscv_read_cbomz_blksize(RISCVCPU *cpu, KVMScratchCPU *kvmcpu,
1002                                          KVMCPUConfig *cbomz_cfg)
1003 {
1004     CPURISCVState *env = &cpu->env;
1005     struct kvm_one_reg reg;
1006     int ret;
1007 
1008     reg.id = kvm_riscv_reg_id_ulong(env, KVM_REG_RISCV_CONFIG,
1009                                     cbomz_cfg->kvm_reg_id);
1010     reg.addr = (uint64_t)kvmconfig_get_cfg_addr(cpu, cbomz_cfg);
1011     ret = ioctl(kvmcpu->cpufd, KVM_GET_ONE_REG, &reg);
1012     if (ret != 0) {
1013         error_report("Unable to read KVM reg %s, error %d",
1014                      cbomz_cfg->name, ret);
1015         exit(EXIT_FAILURE);
1016     }
1017 }
1018 
1019 static void kvm_riscv_read_multiext_legacy(RISCVCPU *cpu,
1020                                            KVMScratchCPU *kvmcpu)
1021 {
1022     CPURISCVState *env = &cpu->env;
1023     uint64_t val;
1024     int i, ret;
1025 
1026     for (i = 0; i < ARRAY_SIZE(kvm_multi_ext_cfgs); i++) {
1027         KVMCPUConfig *multi_ext_cfg = &kvm_multi_ext_cfgs[i];
1028         struct kvm_one_reg reg;
1029 
1030         reg.id = kvm_riscv_reg_id_ulong(env, KVM_REG_RISCV_ISA_EXT,
1031                                         multi_ext_cfg->kvm_reg_id);
1032         reg.addr = (uint64_t)&val;
1033         ret = ioctl(kvmcpu->cpufd, KVM_GET_ONE_REG, &reg);
1034         if (ret != 0) {
1035             if (errno == EINVAL) {
1036                 /* Silently default to 'false' if KVM does not support it. */
1037                 multi_ext_cfg->supported = false;
1038                 val = false;
1039             } else {
1040                 error_report("Unable to read ISA_EXT KVM register %s: %s",
1041                              multi_ext_cfg->name, strerror(errno));
1042                 exit(EXIT_FAILURE);
1043             }
1044         } else {
1045             multi_ext_cfg->supported = true;
1046         }
1047 
1048         kvm_cpu_cfg_set(cpu, multi_ext_cfg, val);
1049     }
1050 
1051     if (cpu->cfg.ext_zicbom) {
1052         kvm_riscv_read_cbomz_blksize(cpu, kvmcpu, &kvm_cbom_blocksize);
1053     }
1054 
1055     if (cpu->cfg.ext_zicboz) {
1056         kvm_riscv_read_cbomz_blksize(cpu, kvmcpu, &kvm_cboz_blocksize);
1057     }
1058 }
1059 
1060 static int uint64_cmp(const void *a, const void *b)
1061 {
1062     uint64_t val1 = *(const uint64_t *)a;
1063     uint64_t val2 = *(const uint64_t *)b;
1064 
1065     if (val1 < val2) {
1066         return -1;
1067     }
1068 
1069     if (val1 > val2) {
1070         return 1;
1071     }
1072 
1073     return 0;
1074 }
1075 
1076 static void kvm_riscv_check_sbi_dbcn_support(RISCVCPU *cpu,
1077                                              struct kvm_reg_list *reglist)
1078 {
1079     struct kvm_reg_list *reg_search;
1080 
1081     reg_search = bsearch(&kvm_sbi_dbcn.kvm_reg_id, reglist->reg, reglist->n,
1082                          sizeof(uint64_t), uint64_cmp);
1083 
1084     if (reg_search) {
1085         kvm_sbi_dbcn.supported = true;
1086     }
1087 }
1088 
1089 static void kvm_riscv_read_vlenb(RISCVCPU *cpu, KVMScratchCPU *kvmcpu,
1090                                  struct kvm_reg_list *reglist)
1091 {
1092     struct kvm_one_reg reg;
1093     struct kvm_reg_list *reg_search;
1094     uint64_t val;
1095     int ret;
1096 
1097     reg_search = bsearch(&kvm_v_vlenb.kvm_reg_id, reglist->reg, reglist->n,
1098                          sizeof(uint64_t), uint64_cmp);
1099 
1100     if (reg_search) {
1101         reg.id = kvm_v_vlenb.kvm_reg_id;
1102         reg.addr = (uint64_t)&val;
1103 
1104         ret = ioctl(kvmcpu->cpufd, KVM_GET_ONE_REG, &reg);
1105         if (ret != 0) {
1106             error_report("Unable to read vlenb register, error code: %d",
1107                          errno);
1108             exit(EXIT_FAILURE);
1109         }
1110 
1111         kvm_v_vlenb.supported = true;
1112         cpu->cfg.vlenb = val;
1113     }
1114 }
1115 
1116 static void kvm_riscv_init_multiext_cfg(RISCVCPU *cpu, KVMScratchCPU *kvmcpu)
1117 {
1118     g_autofree struct kvm_reg_list *reglist = NULL;
1119     KVMCPUConfig *multi_ext_cfg;
1120     struct kvm_one_reg reg;
1121     struct kvm_reg_list rl_struct;
1122     uint64_t val, reg_id, *reg_search;
1123     int i, ret;
1124 
1125     rl_struct.n = 0;
1126     ret = ioctl(kvmcpu->cpufd, KVM_GET_REG_LIST, &rl_struct);
1127 
1128     /*
1129      * If KVM_GET_REG_LIST isn't supported we'll get errno 22
1130      * (EINVAL). Use read_legacy() in this case.
1131      */
1132     if (errno == EINVAL) {
1133         return kvm_riscv_read_multiext_legacy(cpu, kvmcpu);
1134     } else if (errno != E2BIG) {
1135         /*
1136          * E2BIG is an expected error message for the API since we
1137          * don't know the number of registers. The right amount will
1138          * be written in rl_struct.n.
1139          *
1140          * Error out if we get any other errno.
1141          */
1142         error_report("Error when accessing get-reg-list: %s",
1143                      strerror(errno));
1144         exit(EXIT_FAILURE);
1145     }
1146 
1147     reglist = g_malloc(sizeof(struct kvm_reg_list) +
1148                        rl_struct.n * sizeof(uint64_t));
1149     reglist->n = rl_struct.n;
1150     ret = ioctl(kvmcpu->cpufd, KVM_GET_REG_LIST, reglist);
1151     if (ret) {
1152         error_report("Error when reading KVM_GET_REG_LIST: %s",
1153                      strerror(errno));
1154         exit(EXIT_FAILURE);
1155     }
1156 
1157     /* sort reglist to use bsearch() */
1158     qsort(&reglist->reg, reglist->n, sizeof(uint64_t), uint64_cmp);
1159 
1160     for (i = 0; i < ARRAY_SIZE(kvm_multi_ext_cfgs); i++) {
1161         multi_ext_cfg = &kvm_multi_ext_cfgs[i];
1162         reg_id = kvm_riscv_reg_id_ulong(&cpu->env, KVM_REG_RISCV_ISA_EXT,
1163                                         multi_ext_cfg->kvm_reg_id);
1164         reg_search = bsearch(&reg_id, reglist->reg, reglist->n,
1165                              sizeof(uint64_t), uint64_cmp);
1166         if (!reg_search) {
1167             continue;
1168         }
1169 
1170         reg.id = reg_id;
1171         reg.addr = (uint64_t)&val;
1172         ret = ioctl(kvmcpu->cpufd, KVM_GET_ONE_REG, &reg);
1173         if (ret != 0) {
1174             error_report("Unable to read ISA_EXT KVM register %s: %s",
1175                          multi_ext_cfg->name, strerror(errno));
1176             exit(EXIT_FAILURE);
1177         }
1178 
1179         multi_ext_cfg->supported = true;
1180         kvm_cpu_cfg_set(cpu, multi_ext_cfg, val);
1181     }
1182 
1183     if (cpu->cfg.ext_zicbom) {
1184         kvm_riscv_read_cbomz_blksize(cpu, kvmcpu, &kvm_cbom_blocksize);
1185     }
1186 
1187     if (cpu->cfg.ext_zicboz) {
1188         kvm_riscv_read_cbomz_blksize(cpu, kvmcpu, &kvm_cboz_blocksize);
1189     }
1190 
1191     if (riscv_has_ext(&cpu->env, RVV)) {
1192         kvm_riscv_read_vlenb(cpu, kvmcpu, reglist);
1193     }
1194 
1195     kvm_riscv_check_sbi_dbcn_support(cpu, reglist);
1196 }
1197 
1198 static void riscv_init_kvm_registers(Object *cpu_obj)
1199 {
1200     RISCVCPU *cpu = RISCV_CPU(cpu_obj);
1201     KVMScratchCPU kvmcpu;
1202 
1203     if (!kvm_riscv_create_scratch_vcpu(&kvmcpu)) {
1204         return;
1205     }
1206 
1207     kvm_riscv_init_machine_ids(cpu, &kvmcpu);
1208     kvm_riscv_init_misa_ext_mask(cpu, &kvmcpu);
1209     kvm_riscv_init_multiext_cfg(cpu, &kvmcpu);
1210 
1211     kvm_riscv_destroy_scratch_vcpu(&kvmcpu);
1212 }
1213 
1214 const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
1215     KVM_CAP_LAST_INFO
1216 };
1217 
1218 int kvm_arch_get_registers(CPUState *cs, Error **errp)
1219 {
1220     int ret = 0;
1221 
1222     ret = kvm_riscv_get_regs_core(cs);
1223     if (ret) {
1224         return ret;
1225     }
1226 
1227     ret = kvm_riscv_get_regs_csr(cs);
1228     if (ret) {
1229         return ret;
1230     }
1231 
1232     ret = kvm_riscv_get_regs_fp(cs);
1233     if (ret) {
1234         return ret;
1235     }
1236 
1237     ret = kvm_riscv_get_regs_vector(cs);
1238     if (ret) {
1239         return ret;
1240     }
1241 
1242     return ret;
1243 }
1244 
1245 int kvm_riscv_sync_mpstate_to_kvm(RISCVCPU *cpu, int state)
1246 {
1247     if (cap_has_mp_state) {
1248         struct kvm_mp_state mp_state = {
1249             .mp_state = state
1250         };
1251 
1252         int ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MP_STATE, &mp_state);
1253         if (ret) {
1254             fprintf(stderr, "%s: failed to sync MP_STATE %d/%s\n",
1255                     __func__, ret, strerror(-ret));
1256             return -1;
1257         }
1258     }
1259 
1260     return 0;
1261 }
1262 
1263 int kvm_arch_put_registers(CPUState *cs, int level, Error **errp)
1264 {
1265     int ret = 0;
1266 
1267     ret = kvm_riscv_put_regs_core(cs);
1268     if (ret) {
1269         return ret;
1270     }
1271 
1272     ret = kvm_riscv_put_regs_csr(cs);
1273     if (ret) {
1274         return ret;
1275     }
1276 
1277     ret = kvm_riscv_put_regs_fp(cs);
1278     if (ret) {
1279         return ret;
1280     }
1281 
1282     ret = kvm_riscv_put_regs_vector(cs);
1283     if (ret) {
1284         return ret;
1285     }
1286 
1287     if (KVM_PUT_RESET_STATE == level) {
1288         RISCVCPU *cpu = RISCV_CPU(cs);
1289         if (cs->cpu_index == 0) {
1290             ret = kvm_riscv_sync_mpstate_to_kvm(cpu, KVM_MP_STATE_RUNNABLE);
1291         } else {
1292             ret = kvm_riscv_sync_mpstate_to_kvm(cpu, KVM_MP_STATE_STOPPED);
1293         }
1294         if (ret) {
1295             return ret;
1296         }
1297     }
1298 
1299     return ret;
1300 }
1301 
1302 int kvm_arch_release_virq_post(int virq)
1303 {
1304     return 0;
1305 }
1306 
1307 int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry *route,
1308                              uint64_t address, uint32_t data, PCIDevice *dev)
1309 {
1310     return 0;
1311 }
1312 
1313 int kvm_arch_destroy_vcpu(CPUState *cs)
1314 {
1315     return 0;
1316 }
1317 
1318 unsigned long kvm_arch_vcpu_id(CPUState *cpu)
1319 {
1320     return cpu->cpu_index;
1321 }
1322 
1323 static void kvm_riscv_vm_state_change(void *opaque, bool running,
1324                                       RunState state)
1325 {
1326     CPUState *cs = opaque;
1327 
1328     if (running) {
1329         kvm_riscv_put_regs_timer(cs);
1330     } else {
1331         kvm_riscv_get_regs_timer(cs);
1332     }
1333 }
1334 
1335 void kvm_arch_init_irq_routing(KVMState *s)
1336 {
1337 }
1338 
1339 static int kvm_vcpu_set_machine_ids(RISCVCPU *cpu, CPUState *cs)
1340 {
1341     CPURISCVState *env = &cpu->env;
1342     target_ulong reg;
1343     uint64_t id;
1344     int ret;
1345 
1346     id = RISCV_CONFIG_REG(env, mvendorid);
1347     /*
1348      * cfg.mvendorid is an uint32 but a target_ulong will
1349      * be written. Assign it to a target_ulong var to avoid
1350      * writing pieces of other cpu->cfg fields in the reg.
1351      */
1352     reg = cpu->cfg.mvendorid;
1353     ret = kvm_set_one_reg(cs, id, &reg);
1354     if (ret != 0) {
1355         return ret;
1356     }
1357 
1358     id = RISCV_CONFIG_REG(env, marchid);
1359     ret = kvm_set_one_reg(cs, id, &cpu->cfg.marchid);
1360     if (ret != 0) {
1361         return ret;
1362     }
1363 
1364     id = RISCV_CONFIG_REG(env, mimpid);
1365     ret = kvm_set_one_reg(cs, id, &cpu->cfg.mimpid);
1366 
1367     return ret;
1368 }
1369 
1370 static int kvm_vcpu_enable_sbi_dbcn(RISCVCPU *cpu, CPUState *cs)
1371 {
1372     target_ulong reg = 1;
1373 
1374     if (!kvm_sbi_dbcn.supported) {
1375         return 0;
1376     }
1377 
1378     return kvm_set_one_reg(cs, kvm_sbi_dbcn.kvm_reg_id, &reg);
1379 }
1380 
1381 int kvm_arch_init_vcpu(CPUState *cs)
1382 {
1383     int ret = 0;
1384     RISCVCPU *cpu = RISCV_CPU(cs);
1385 
1386     qemu_add_vm_change_state_handler(kvm_riscv_vm_state_change, cs);
1387 
1388     if (!object_dynamic_cast(OBJECT(cpu), TYPE_RISCV_CPU_HOST)) {
1389         ret = kvm_vcpu_set_machine_ids(cpu, cs);
1390         if (ret != 0) {
1391             return ret;
1392         }
1393     }
1394 
1395     kvm_riscv_update_cpu_misa_ext(cpu, cs);
1396     kvm_riscv_update_cpu_cfg_isa_ext(cpu, cs);
1397 
1398     ret = kvm_vcpu_enable_sbi_dbcn(cpu, cs);
1399 
1400     return ret;
1401 }
1402 
1403 int kvm_arch_msi_data_to_gsi(uint32_t data)
1404 {
1405     abort();
1406 }
1407 
1408 int kvm_arch_add_msi_route_post(struct kvm_irq_routing_entry *route,
1409                                 int vector, PCIDevice *dev)
1410 {
1411     return 0;
1412 }
1413 
1414 int kvm_arch_get_default_type(MachineState *ms)
1415 {
1416     return 0;
1417 }
1418 
1419 int kvm_arch_init(MachineState *ms, KVMState *s)
1420 {
1421     cap_has_mp_state = kvm_check_extension(s, KVM_CAP_MP_STATE);
1422     return 0;
1423 }
1424 
1425 int kvm_arch_irqchip_create(KVMState *s)
1426 {
1427     /*
1428      * We can create the VAIA using the newer device control API.
1429      */
1430     return kvm_check_extension(s, KVM_CAP_DEVICE_CTRL);
1431 }
1432 
1433 int kvm_arch_process_async_events(CPUState *cs)
1434 {
1435     return 0;
1436 }
1437 
1438 void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
1439 {
1440 }
1441 
1442 MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
1443 {
1444     return MEMTXATTRS_UNSPECIFIED;
1445 }
1446 
1447 bool kvm_arch_stop_on_emulation_error(CPUState *cs)
1448 {
1449     return true;
1450 }
1451 
1452 static void kvm_riscv_handle_sbi_dbcn(CPUState *cs, struct kvm_run *run)
1453 {
1454     g_autofree uint8_t *buf = NULL;
1455     RISCVCPU *cpu = RISCV_CPU(cs);
1456     target_ulong num_bytes;
1457     uint64_t addr;
1458     unsigned char ch;
1459     int ret;
1460 
1461     switch (run->riscv_sbi.function_id) {
1462     case SBI_EXT_DBCN_CONSOLE_READ:
1463     case SBI_EXT_DBCN_CONSOLE_WRITE:
1464         num_bytes = run->riscv_sbi.args[0];
1465 
1466         if (num_bytes == 0) {
1467             run->riscv_sbi.ret[0] = SBI_SUCCESS;
1468             run->riscv_sbi.ret[1] = 0;
1469             break;
1470         }
1471 
1472         addr = run->riscv_sbi.args[1];
1473 
1474         /*
1475          * Handle the case where a 32 bit CPU is running in a
1476          * 64 bit addressing env.
1477          */
1478         if (riscv_cpu_mxl(&cpu->env) == MXL_RV32) {
1479             addr |= (uint64_t)run->riscv_sbi.args[2] << 32;
1480         }
1481 
1482         buf = g_malloc0(num_bytes);
1483 
1484         if (run->riscv_sbi.function_id == SBI_EXT_DBCN_CONSOLE_READ) {
1485             ret = qemu_chr_fe_read_all(serial_hd(0)->be, buf, num_bytes);
1486             if (ret < 0) {
1487                 error_report("SBI_EXT_DBCN_CONSOLE_READ: error when "
1488                              "reading chardev");
1489                 exit(1);
1490             }
1491 
1492             cpu_physical_memory_write(addr, buf, ret);
1493         } else {
1494             cpu_physical_memory_read(addr, buf, num_bytes);
1495 
1496             ret = qemu_chr_fe_write_all(serial_hd(0)->be, buf, num_bytes);
1497             if (ret < 0) {
1498                 error_report("SBI_EXT_DBCN_CONSOLE_WRITE: error when "
1499                              "writing chardev");
1500                 exit(1);
1501             }
1502         }
1503 
1504         run->riscv_sbi.ret[0] = SBI_SUCCESS;
1505         run->riscv_sbi.ret[1] = ret;
1506         break;
1507     case SBI_EXT_DBCN_CONSOLE_WRITE_BYTE:
1508         ch = run->riscv_sbi.args[0];
1509         ret = qemu_chr_fe_write(serial_hd(0)->be, &ch, sizeof(ch));
1510 
1511         if (ret < 0) {
1512             error_report("SBI_EXT_DBCN_CONSOLE_WRITE_BYTE: error when "
1513                          "writing chardev");
1514             exit(1);
1515         }
1516 
1517         run->riscv_sbi.ret[0] = SBI_SUCCESS;
1518         run->riscv_sbi.ret[1] = 0;
1519         break;
1520     default:
1521         run->riscv_sbi.ret[0] = SBI_ERR_NOT_SUPPORTED;
1522     }
1523 }
1524 
1525 static int kvm_riscv_handle_sbi(CPUState *cs, struct kvm_run *run)
1526 {
1527     int ret = 0;
1528     unsigned char ch;
1529     switch (run->riscv_sbi.extension_id) {
1530     case SBI_EXT_0_1_CONSOLE_PUTCHAR:
1531         ch = run->riscv_sbi.args[0];
1532         qemu_chr_fe_write(serial_hd(0)->be, &ch, sizeof(ch));
1533         break;
1534     case SBI_EXT_0_1_CONSOLE_GETCHAR:
1535         ret = qemu_chr_fe_read_all(serial_hd(0)->be, &ch, sizeof(ch));
1536         if (ret == sizeof(ch)) {
1537             run->riscv_sbi.ret[0] = ch;
1538         } else {
1539             run->riscv_sbi.ret[0] = -1;
1540         }
1541         ret = 0;
1542         break;
1543     case SBI_EXT_DBCN:
1544         kvm_riscv_handle_sbi_dbcn(cs, run);
1545         break;
1546     default:
1547         qemu_log_mask(LOG_UNIMP,
1548                       "%s: un-handled SBI EXIT, specific reasons is %lu\n",
1549                       __func__, run->riscv_sbi.extension_id);
1550         ret = -1;
1551         break;
1552     }
1553     return ret;
1554 }
1555 
1556 static int kvm_riscv_handle_csr(CPUState *cs, struct kvm_run *run)
1557 {
1558     target_ulong csr_num = run->riscv_csr.csr_num;
1559     target_ulong new_value = run->riscv_csr.new_value;
1560     target_ulong write_mask = run->riscv_csr.write_mask;
1561     int ret = 0;
1562 
1563     switch (csr_num) {
1564     case CSR_SEED:
1565         run->riscv_csr.ret_value = riscv_new_csr_seed(new_value, write_mask);
1566         break;
1567     default:
1568         qemu_log_mask(LOG_UNIMP,
1569                       "%s: un-handled CSR EXIT for CSR %lx\n",
1570                       __func__, csr_num);
1571         ret = -1;
1572         break;
1573     }
1574 
1575     return ret;
1576 }
1577 
1578 static bool kvm_riscv_handle_debug(CPUState *cs)
1579 {
1580     RISCVCPU *cpu = RISCV_CPU(cs);
1581     CPURISCVState *env = &cpu->env;
1582 
1583     /* Ensure PC is synchronised */
1584     kvm_cpu_synchronize_state(cs);
1585 
1586     if (kvm_find_sw_breakpoint(cs, env->pc)) {
1587         return true;
1588     }
1589 
1590     return false;
1591 }
1592 
1593 int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
1594 {
1595     int ret = 0;
1596     switch (run->exit_reason) {
1597     case KVM_EXIT_RISCV_SBI:
1598         ret = kvm_riscv_handle_sbi(cs, run);
1599         break;
1600     case KVM_EXIT_RISCV_CSR:
1601         ret = kvm_riscv_handle_csr(cs, run);
1602         break;
1603     case KVM_EXIT_DEBUG:
1604         if (kvm_riscv_handle_debug(cs)) {
1605             ret = EXCP_DEBUG;
1606         }
1607         break;
1608     default:
1609         qemu_log_mask(LOG_UNIMP, "%s: un-handled exit reason %d\n",
1610                       __func__, run->exit_reason);
1611         ret = -1;
1612         break;
1613     }
1614     return ret;
1615 }
1616 
1617 void kvm_riscv_reset_vcpu(RISCVCPU *cpu)
1618 {
1619     CPURISCVState *env = &cpu->env;
1620     int i;
1621 
1622     for (i = 0; i < 32; i++) {
1623         env->gpr[i] = 0;
1624     }
1625     env->pc = cpu->env.kernel_addr;
1626     env->gpr[10] = kvm_arch_vcpu_id(CPU(cpu)); /* a0 */
1627     env->gpr[11] = cpu->env.fdt_addr;          /* a1 */
1628 
1629     kvm_riscv_reset_regs_csr(env);
1630 }
1631 
1632 void kvm_riscv_set_irq(RISCVCPU *cpu, int irq, int level)
1633 {
1634     int ret;
1635     unsigned virq = level ? KVM_INTERRUPT_SET : KVM_INTERRUPT_UNSET;
1636 
1637     if (irq != IRQ_S_EXT) {
1638         perror("kvm riscv set irq != IRQ_S_EXT\n");
1639         abort();
1640     }
1641 
1642     ret = kvm_vcpu_ioctl(CPU(cpu), KVM_INTERRUPT, &virq);
1643     if (ret < 0) {
1644         perror("Set irq failed");
1645         abort();
1646     }
1647 }
1648 
1649 static int aia_mode;
1650 
1651 static const char *kvm_aia_mode_str(uint64_t mode)
1652 {
1653     switch (mode) {
1654     case KVM_DEV_RISCV_AIA_MODE_EMUL:
1655         return "emul";
1656     case KVM_DEV_RISCV_AIA_MODE_HWACCEL:
1657         return "hwaccel";
1658     case KVM_DEV_RISCV_AIA_MODE_AUTO:
1659     default:
1660         return "auto";
1661     };
1662 }
1663 
1664 static char *riscv_get_kvm_aia(Object *obj, Error **errp)
1665 {
1666     return g_strdup(kvm_aia_mode_str(aia_mode));
1667 }
1668 
1669 static void riscv_set_kvm_aia(Object *obj, const char *val, Error **errp)
1670 {
1671     if (!strcmp(val, "emul")) {
1672         aia_mode = KVM_DEV_RISCV_AIA_MODE_EMUL;
1673     } else if (!strcmp(val, "hwaccel")) {
1674         aia_mode = KVM_DEV_RISCV_AIA_MODE_HWACCEL;
1675     } else if (!strcmp(val, "auto")) {
1676         aia_mode = KVM_DEV_RISCV_AIA_MODE_AUTO;
1677     } else {
1678         error_setg(errp, "Invalid KVM AIA mode");
1679         error_append_hint(errp, "Valid values are emul, hwaccel, and auto.\n");
1680     }
1681 }
1682 
1683 void kvm_arch_accel_class_init(ObjectClass *oc)
1684 {
1685     object_class_property_add_str(oc, "riscv-aia", riscv_get_kvm_aia,
1686                                   riscv_set_kvm_aia);
1687     object_class_property_set_description(oc, "riscv-aia",
1688         "Set KVM AIA mode. Valid values are 'emul', 'hwaccel' and 'auto'. "
1689         "Changing KVM AIA modes relies on host support. Defaults to 'auto' "
1690         "if the host supports it");
1691     object_property_set_default_str(object_class_property_find(oc, "riscv-aia"),
1692                                     "auto");
1693 }
1694 
1695 void kvm_riscv_aia_create(MachineState *machine, uint64_t group_shift,
1696                           uint64_t aia_irq_num, uint64_t aia_msi_num,
1697                           uint64_t aplic_base, uint64_t imsic_base,
1698                           uint64_t guest_num)
1699 {
1700     int ret, i;
1701     int aia_fd = -1;
1702     uint64_t default_aia_mode;
1703     uint64_t socket_count = riscv_socket_count(machine);
1704     uint64_t max_hart_per_socket = 0;
1705     uint64_t socket, base_hart, hart_count, socket_imsic_base, imsic_addr;
1706     uint64_t socket_bits, hart_bits, guest_bits;
1707     uint64_t max_group_id;
1708 
1709     aia_fd = kvm_create_device(kvm_state, KVM_DEV_TYPE_RISCV_AIA, false);
1710 
1711     if (aia_fd < 0) {
1712         error_report("Unable to create in-kernel irqchip");
1713         exit(1);
1714     }
1715 
1716     ret = kvm_device_access(aia_fd, KVM_DEV_RISCV_AIA_GRP_CONFIG,
1717                             KVM_DEV_RISCV_AIA_CONFIG_MODE,
1718                             &default_aia_mode, false, NULL);
1719     if (ret < 0) {
1720         error_report("KVM AIA: failed to get current KVM AIA mode");
1721         exit(1);
1722     }
1723 
1724     if (default_aia_mode != aia_mode) {
1725         ret = kvm_device_access(aia_fd, KVM_DEV_RISCV_AIA_GRP_CONFIG,
1726                                 KVM_DEV_RISCV_AIA_CONFIG_MODE,
1727                                 &aia_mode, true, NULL);
1728         if (ret < 0) {
1729             warn_report("KVM AIA: failed to set KVM AIA mode '%s', using "
1730                         "default host mode '%s'",
1731                         kvm_aia_mode_str(aia_mode),
1732                         kvm_aia_mode_str(default_aia_mode));
1733 
1734             /* failed to change AIA mode, use default */
1735             aia_mode = default_aia_mode;
1736         }
1737     }
1738 
1739     /*
1740      * Skip APLIC creation in KVM if we're running split mode.
1741      * This is done by leaving KVM_DEV_RISCV_AIA_CONFIG_SRCS
1742      * unset. We can also skip KVM_DEV_RISCV_AIA_ADDR_APLIC
1743      * since KVM won't be using it.
1744      */
1745     if (!kvm_kernel_irqchip_split()) {
1746         ret = kvm_device_access(aia_fd, KVM_DEV_RISCV_AIA_GRP_CONFIG,
1747                                 KVM_DEV_RISCV_AIA_CONFIG_SRCS,
1748                                 &aia_irq_num, true, NULL);
1749         if (ret < 0) {
1750             error_report("KVM AIA: failed to set number of input irq lines");
1751             exit(1);
1752         }
1753 
1754         ret = kvm_device_access(aia_fd, KVM_DEV_RISCV_AIA_GRP_ADDR,
1755                                 KVM_DEV_RISCV_AIA_ADDR_APLIC,
1756                                 &aplic_base, true, NULL);
1757         if (ret < 0) {
1758             error_report("KVM AIA: failed to set the base address of APLIC");
1759             exit(1);
1760         }
1761      }
1762 
1763     ret = kvm_device_access(aia_fd, KVM_DEV_RISCV_AIA_GRP_CONFIG,
1764                             KVM_DEV_RISCV_AIA_CONFIG_IDS,
1765                             &aia_msi_num, true, NULL);
1766     if (ret < 0) {
1767         error_report("KVM AIA: failed to set number of msi");
1768         exit(1);
1769     }
1770 
1771 
1772     if (socket_count > 1) {
1773         max_group_id = socket_count - 1;
1774         socket_bits = find_last_bit(&max_group_id, BITS_PER_LONG) + 1;
1775         ret = kvm_device_access(aia_fd, KVM_DEV_RISCV_AIA_GRP_CONFIG,
1776                                 KVM_DEV_RISCV_AIA_CONFIG_GROUP_BITS,
1777                                 &socket_bits, true, NULL);
1778         if (ret < 0) {
1779             error_report("KVM AIA: failed to set group_bits");
1780             exit(1);
1781         }
1782 
1783         ret = kvm_device_access(aia_fd, KVM_DEV_RISCV_AIA_GRP_CONFIG,
1784                                 KVM_DEV_RISCV_AIA_CONFIG_GROUP_SHIFT,
1785                                 &group_shift, true, NULL);
1786         if (ret < 0) {
1787             error_report("KVM AIA: failed to set group_shift");
1788             exit(1);
1789         }
1790     }
1791 
1792     guest_bits = guest_num == 0 ? 0 :
1793                  find_last_bit(&guest_num, BITS_PER_LONG) + 1;
1794     ret = kvm_device_access(aia_fd, KVM_DEV_RISCV_AIA_GRP_CONFIG,
1795                             KVM_DEV_RISCV_AIA_CONFIG_GUEST_BITS,
1796                             &guest_bits, true, NULL);
1797     if (ret < 0) {
1798         error_report("KVM AIA: failed to set guest_bits");
1799         exit(1);
1800     }
1801 
1802     for (socket = 0; socket < socket_count; socket++) {
1803         socket_imsic_base = imsic_base + socket * (1U << group_shift);
1804         hart_count = riscv_socket_hart_count(machine, socket);
1805         base_hart = riscv_socket_first_hartid(machine, socket);
1806 
1807         if (max_hart_per_socket < hart_count) {
1808             max_hart_per_socket = hart_count;
1809         }
1810 
1811         for (i = 0; i < hart_count; i++) {
1812             imsic_addr = socket_imsic_base + i * IMSIC_HART_SIZE(guest_bits);
1813             ret = kvm_device_access(aia_fd, KVM_DEV_RISCV_AIA_GRP_ADDR,
1814                                     KVM_DEV_RISCV_AIA_ADDR_IMSIC(i + base_hart),
1815                                     &imsic_addr, true, NULL);
1816             if (ret < 0) {
1817                 error_report("KVM AIA: failed to set the IMSIC address for hart %d", i);
1818                 exit(1);
1819             }
1820         }
1821     }
1822 
1823 
1824     if (max_hart_per_socket > 1) {
1825         max_hart_per_socket--;
1826         hart_bits = find_last_bit(&max_hart_per_socket, BITS_PER_LONG) + 1;
1827     } else {
1828         hart_bits = 0;
1829     }
1830 
1831     ret = kvm_device_access(aia_fd, KVM_DEV_RISCV_AIA_GRP_CONFIG,
1832                             KVM_DEV_RISCV_AIA_CONFIG_HART_BITS,
1833                             &hart_bits, true, NULL);
1834     if (ret < 0) {
1835         error_report("KVM AIA: failed to set hart_bits");
1836         exit(1);
1837     }
1838 
1839     if (kvm_has_gsi_routing()) {
1840         for (uint64_t idx = 0; idx < aia_irq_num + 1; ++idx) {
1841             /* KVM AIA only has one APLIC instance */
1842             kvm_irqchip_add_irq_route(kvm_state, idx, 0, idx);
1843         }
1844         kvm_gsi_routing_allowed = true;
1845         kvm_irqchip_commit_routes(kvm_state);
1846     }
1847 
1848     ret = kvm_device_access(aia_fd, KVM_DEV_RISCV_AIA_GRP_CTRL,
1849                             KVM_DEV_RISCV_AIA_CTRL_INIT,
1850                             NULL, true, NULL);
1851     if (ret < 0) {
1852         error_report("KVM AIA: initialized fail");
1853         exit(1);
1854     }
1855 
1856     kvm_msi_via_irqfd_allowed = true;
1857 }
1858 
1859 static void kvm_cpu_instance_init(CPUState *cs)
1860 {
1861     Object *obj = OBJECT(RISCV_CPU(cs));
1862 
1863     riscv_init_kvm_registers(obj);
1864 
1865     kvm_riscv_add_cpu_user_properties(obj);
1866 }
1867 
1868 /*
1869  * We'll get here via the following path:
1870  *
1871  * riscv_cpu_realize()
1872  *   -> cpu_exec_realizefn()
1873  *      -> kvm_cpu_realize() (via accel_cpu_common_realize())
1874  */
1875 static bool kvm_cpu_realize(CPUState *cs, Error **errp)
1876 {
1877     RISCVCPU *cpu = RISCV_CPU(cs);
1878     int ret;
1879 
1880     if (riscv_has_ext(&cpu->env, RVV)) {
1881         ret = prctl(PR_RISCV_V_SET_CONTROL, PR_RISCV_V_VSTATE_CTRL_ON);
1882         if (ret) {
1883             error_setg(errp, "Error in prctl PR_RISCV_V_SET_CONTROL, code: %s",
1884                        strerrorname_np(errno));
1885             return false;
1886         }
1887     }
1888 
1889    return true;
1890 }
1891 
1892 void riscv_kvm_cpu_finalize_features(RISCVCPU *cpu, Error **errp)
1893 {
1894     CPURISCVState *env = &cpu->env;
1895     KVMScratchCPU kvmcpu;
1896     struct kvm_one_reg reg;
1897     uint64_t val;
1898     int ret;
1899 
1900     /* short-circuit without spinning the scratch CPU */
1901     if (!cpu->cfg.ext_zicbom && !cpu->cfg.ext_zicboz &&
1902         !riscv_has_ext(env, RVV)) {
1903         return;
1904     }
1905 
1906     if (!kvm_riscv_create_scratch_vcpu(&kvmcpu)) {
1907         error_setg(errp, "Unable to create scratch KVM cpu");
1908         return;
1909     }
1910 
1911     if (cpu->cfg.ext_zicbom &&
1912         riscv_cpu_option_set(kvm_cbom_blocksize.name)) {
1913 
1914         reg.id = kvm_riscv_reg_id_ulong(env, KVM_REG_RISCV_CONFIG,
1915                                         kvm_cbom_blocksize.kvm_reg_id);
1916         reg.addr = (uint64_t)&val;
1917         ret = ioctl(kvmcpu.cpufd, KVM_GET_ONE_REG, &reg);
1918         if (ret != 0) {
1919             error_setg(errp, "Unable to read cbom_blocksize, error %d", errno);
1920             return;
1921         }
1922 
1923         if (cpu->cfg.cbom_blocksize != val) {
1924             error_setg(errp, "Unable to set cbom_blocksize to a different "
1925                        "value than the host (%lu)", val);
1926             return;
1927         }
1928     }
1929 
1930     if (cpu->cfg.ext_zicboz &&
1931         riscv_cpu_option_set(kvm_cboz_blocksize.name)) {
1932 
1933         reg.id = kvm_riscv_reg_id_ulong(env, KVM_REG_RISCV_CONFIG,
1934                                         kvm_cboz_blocksize.kvm_reg_id);
1935         reg.addr = (uint64_t)&val;
1936         ret = ioctl(kvmcpu.cpufd, KVM_GET_ONE_REG, &reg);
1937         if (ret != 0) {
1938             error_setg(errp, "Unable to read cboz_blocksize, error %d", errno);
1939             return;
1940         }
1941 
1942         if (cpu->cfg.cboz_blocksize != val) {
1943             error_setg(errp, "Unable to set cboz_blocksize to a different "
1944                        "value than the host (%lu)", val);
1945             return;
1946         }
1947     }
1948 
1949     /* Users are setting vlen, not vlenb */
1950     if (riscv_has_ext(env, RVV) && riscv_cpu_option_set("vlen")) {
1951         if (!kvm_v_vlenb.supported) {
1952             error_setg(errp, "Unable to set 'vlenb': register not supported");
1953             return;
1954         }
1955 
1956         reg.id = kvm_v_vlenb.kvm_reg_id;
1957         reg.addr = (uint64_t)&val;
1958         ret = ioctl(kvmcpu.cpufd, KVM_GET_ONE_REG, &reg);
1959         if (ret != 0) {
1960             error_setg(errp, "Unable to read vlenb register, error %d", errno);
1961             return;
1962         }
1963 
1964         if (cpu->cfg.vlenb != val) {
1965             error_setg(errp, "Unable to set 'vlen' to a different "
1966                        "value than the host (%lu)", val * 8);
1967             return;
1968         }
1969     }
1970 
1971     kvm_riscv_destroy_scratch_vcpu(&kvmcpu);
1972 }
1973 
1974 static void kvm_cpu_accel_class_init(ObjectClass *oc, const void *data)
1975 {
1976     AccelCPUClass *acc = ACCEL_CPU_CLASS(oc);
1977 
1978     acc->cpu_instance_init = kvm_cpu_instance_init;
1979     acc->cpu_target_realize = kvm_cpu_realize;
1980 }
1981 
1982 static const TypeInfo kvm_cpu_accel_type_info = {
1983     .name = ACCEL_CPU_NAME("kvm"),
1984 
1985     .parent = TYPE_ACCEL_CPU,
1986     .class_init = kvm_cpu_accel_class_init,
1987     .abstract = true,
1988 };
1989 static void kvm_cpu_accel_register_types(void)
1990 {
1991     type_register_static(&kvm_cpu_accel_type_info);
1992 }
1993 type_init(kvm_cpu_accel_register_types);
1994 
1995 static void riscv_host_cpu_class_init(ObjectClass *c, const void *data)
1996 {
1997     RISCVCPUClass *mcc = RISCV_CPU_CLASS(c);
1998 
1999 #if defined(TARGET_RISCV32)
2000     mcc->misa_mxl_max = MXL_RV32;
2001 #elif defined(TARGET_RISCV64)
2002     mcc->misa_mxl_max = MXL_RV64;
2003 #endif
2004 }
2005 
2006 static const TypeInfo riscv_kvm_cpu_type_infos[] = {
2007     {
2008         .name = TYPE_RISCV_CPU_HOST,
2009         .parent = TYPE_RISCV_CPU,
2010         .class_init = riscv_host_cpu_class_init,
2011     }
2012 };
2013 
2014 DEFINE_TYPES(riscv_kvm_cpu_type_infos)
2015 
2016 static const uint32_t ebreak_insn = 0x00100073;
2017 static const uint16_t c_ebreak_insn = 0x9002;
2018 
2019 int kvm_arch_insert_sw_breakpoint(CPUState *cs, struct kvm_sw_breakpoint *bp)
2020 {
2021     if (cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&bp->saved_insn, 2, 0)) {
2022         return -EINVAL;
2023     }
2024 
2025     if ((bp->saved_insn & 0x3) == 0x3) {
2026         if (cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&bp->saved_insn, 4, 0)
2027             || cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&ebreak_insn, 4, 1)) {
2028             return -EINVAL;
2029         }
2030     } else {
2031         if (cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&c_ebreak_insn, 2, 1)) {
2032             return -EINVAL;
2033         }
2034     }
2035 
2036     return 0;
2037 }
2038 
2039 int kvm_arch_remove_sw_breakpoint(CPUState *cs, struct kvm_sw_breakpoint *bp)
2040 {
2041     uint32_t ebreak;
2042     uint16_t c_ebreak;
2043 
2044     if ((bp->saved_insn & 0x3) == 0x3) {
2045         if (cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&ebreak, 4, 0) ||
2046             ebreak != ebreak_insn ||
2047             cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&bp->saved_insn, 4, 1)) {
2048             return -EINVAL;
2049         }
2050     } else {
2051         if (cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&c_ebreak, 2, 0) ||
2052             c_ebreak != c_ebreak_insn ||
2053             cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&bp->saved_insn, 2, 1)) {
2054             return -EINVAL;
2055         }
2056     }
2057 
2058     return 0;
2059 }
2060 
2061 int kvm_arch_insert_hw_breakpoint(vaddr addr, vaddr len, int type)
2062 {
2063     /* TODO; To be implemented later. */
2064     return -EINVAL;
2065 }
2066 
2067 int kvm_arch_remove_hw_breakpoint(vaddr addr, vaddr len, int type)
2068 {
2069     /* TODO; To be implemented later. */
2070     return -EINVAL;
2071 }
2072 
2073 void kvm_arch_remove_all_hw_breakpoints(void)
2074 {
2075     /* TODO; To be implemented later. */
2076 }
2077 
2078 void kvm_arch_update_guest_debug(CPUState *cs, struct kvm_guest_debug *dbg)
2079 {
2080     if (kvm_sw_breakpoints_active(cs)) {
2081         dbg->control |= KVM_GUESTDBG_ENABLE;
2082     }
2083 }
2084