1 /* 2 * Arm PrimeCell PL181 MultiMedia Card Interface 3 * 4 * Copyright (c) 2007 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the GPL. 8 */ 9 10 #include "qemu/osdep.h" 11 #include "sysemu/blockdev.h" 12 #include "hw/sysbus.h" 13 #include "migration/vmstate.h" 14 #include "hw/irq.h" 15 #include "hw/sd/sd.h" 16 #include "qemu/log.h" 17 #include "qemu/module.h" 18 #include "qemu/error-report.h" 19 #include "qapi/error.h" 20 21 //#define DEBUG_PL181 1 22 23 #ifdef DEBUG_PL181 24 #define DPRINTF(fmt, ...) \ 25 do { printf("pl181: " fmt , ## __VA_ARGS__); } while (0) 26 #else 27 #define DPRINTF(fmt, ...) do {} while(0) 28 #endif 29 30 #define PL181_FIFO_LEN 16 31 32 #define TYPE_PL181 "pl181" 33 #define PL181(obj) OBJECT_CHECK(PL181State, (obj), TYPE_PL181) 34 35 typedef struct PL181State { 36 SysBusDevice parent_obj; 37 38 MemoryRegion iomem; 39 SDState *card; 40 uint32_t clock; 41 uint32_t power; 42 uint32_t cmdarg; 43 uint32_t cmd; 44 uint32_t datatimer; 45 uint32_t datalength; 46 uint32_t respcmd; 47 uint32_t response[4]; 48 uint32_t datactrl; 49 uint32_t datacnt; 50 uint32_t status; 51 uint32_t mask[2]; 52 int32_t fifo_pos; 53 int32_t fifo_len; 54 /* The linux 2.6.21 driver is buggy, and misbehaves if new data arrives 55 while it is reading the FIFO. We hack around this by deferring 56 subsequent transfers until after the driver polls the status word. 57 http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=4446/1 58 */ 59 int32_t linux_hack; 60 uint32_t fifo[PL181_FIFO_LEN]; /* TODO use Fifo32 */ 61 qemu_irq irq[2]; 62 /* GPIO outputs for 'card is readonly' and 'card inserted' */ 63 qemu_irq card_readonly; 64 qemu_irq card_inserted; 65 } PL181State; 66 67 static const VMStateDescription vmstate_pl181 = { 68 .name = "pl181", 69 .version_id = 1, 70 .minimum_version_id = 1, 71 .fields = (VMStateField[]) { 72 VMSTATE_UINT32(clock, PL181State), 73 VMSTATE_UINT32(power, PL181State), 74 VMSTATE_UINT32(cmdarg, PL181State), 75 VMSTATE_UINT32(cmd, PL181State), 76 VMSTATE_UINT32(datatimer, PL181State), 77 VMSTATE_UINT32(datalength, PL181State), 78 VMSTATE_UINT32(respcmd, PL181State), 79 VMSTATE_UINT32_ARRAY(response, PL181State, 4), 80 VMSTATE_UINT32(datactrl, PL181State), 81 VMSTATE_UINT32(datacnt, PL181State), 82 VMSTATE_UINT32(status, PL181State), 83 VMSTATE_UINT32_ARRAY(mask, PL181State, 2), 84 VMSTATE_INT32(fifo_pos, PL181State), 85 VMSTATE_INT32(fifo_len, PL181State), 86 VMSTATE_INT32(linux_hack, PL181State), 87 VMSTATE_UINT32_ARRAY(fifo, PL181State, PL181_FIFO_LEN), 88 VMSTATE_END_OF_LIST() 89 } 90 }; 91 92 #define PL181_CMD_INDEX 0x3f 93 #define PL181_CMD_RESPONSE (1 << 6) 94 #define PL181_CMD_LONGRESP (1 << 7) 95 #define PL181_CMD_INTERRUPT (1 << 8) 96 #define PL181_CMD_PENDING (1 << 9) 97 #define PL181_CMD_ENABLE (1 << 10) 98 99 #define PL181_DATA_ENABLE (1 << 0) 100 #define PL181_DATA_DIRECTION (1 << 1) 101 #define PL181_DATA_MODE (1 << 2) 102 #define PL181_DATA_DMAENABLE (1 << 3) 103 104 #define PL181_STATUS_CMDCRCFAIL (1 << 0) 105 #define PL181_STATUS_DATACRCFAIL (1 << 1) 106 #define PL181_STATUS_CMDTIMEOUT (1 << 2) 107 #define PL181_STATUS_DATATIMEOUT (1 << 3) 108 #define PL181_STATUS_TXUNDERRUN (1 << 4) 109 #define PL181_STATUS_RXOVERRUN (1 << 5) 110 #define PL181_STATUS_CMDRESPEND (1 << 6) 111 #define PL181_STATUS_CMDSENT (1 << 7) 112 #define PL181_STATUS_DATAEND (1 << 8) 113 #define PL181_STATUS_DATABLOCKEND (1 << 10) 114 #define PL181_STATUS_CMDACTIVE (1 << 11) 115 #define PL181_STATUS_TXACTIVE (1 << 12) 116 #define PL181_STATUS_RXACTIVE (1 << 13) 117 #define PL181_STATUS_TXFIFOHALFEMPTY (1 << 14) 118 #define PL181_STATUS_RXFIFOHALFFULL (1 << 15) 119 #define PL181_STATUS_TXFIFOFULL (1 << 16) 120 #define PL181_STATUS_RXFIFOFULL (1 << 17) 121 #define PL181_STATUS_TXFIFOEMPTY (1 << 18) 122 #define PL181_STATUS_RXFIFOEMPTY (1 << 19) 123 #define PL181_STATUS_TXDATAAVLBL (1 << 20) 124 #define PL181_STATUS_RXDATAAVLBL (1 << 21) 125 126 #define PL181_STATUS_TX_FIFO (PL181_STATUS_TXACTIVE \ 127 |PL181_STATUS_TXFIFOHALFEMPTY \ 128 |PL181_STATUS_TXFIFOFULL \ 129 |PL181_STATUS_TXFIFOEMPTY \ 130 |PL181_STATUS_TXDATAAVLBL) 131 #define PL181_STATUS_RX_FIFO (PL181_STATUS_RXACTIVE \ 132 |PL181_STATUS_RXFIFOHALFFULL \ 133 |PL181_STATUS_RXFIFOFULL \ 134 |PL181_STATUS_RXFIFOEMPTY \ 135 |PL181_STATUS_RXDATAAVLBL) 136 137 static const unsigned char pl181_id[] = 138 { 0x81, 0x11, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 }; 139 140 static void pl181_update(PL181State *s) 141 { 142 int i; 143 for (i = 0; i < 2; i++) { 144 qemu_set_irq(s->irq[i], (s->status & s->mask[i]) != 0); 145 } 146 } 147 148 static void pl181_fifo_push(PL181State *s, uint32_t value) 149 { 150 int n; 151 152 if (s->fifo_len == PL181_FIFO_LEN) { 153 error_report("%s: FIFO overflow", __func__); 154 return; 155 } 156 n = (s->fifo_pos + s->fifo_len) & (PL181_FIFO_LEN - 1); 157 s->fifo_len++; 158 s->fifo[n] = value; 159 DPRINTF("FIFO push %08x\n", (int)value); 160 } 161 162 static uint32_t pl181_fifo_pop(PL181State *s) 163 { 164 uint32_t value; 165 166 if (s->fifo_len == 0) { 167 error_report("%s: FIFO underflow", __func__); 168 return 0; 169 } 170 value = s->fifo[s->fifo_pos]; 171 s->fifo_len--; 172 s->fifo_pos = (s->fifo_pos + 1) & (PL181_FIFO_LEN - 1); 173 DPRINTF("FIFO pop %08x\n", (int)value); 174 return value; 175 } 176 177 static void pl181_do_command(PL181State *s) 178 { 179 SDRequest request; 180 uint8_t response[16]; 181 int rlen; 182 183 request.cmd = s->cmd & PL181_CMD_INDEX; 184 request.arg = s->cmdarg; 185 DPRINTF("Command %d %08x\n", request.cmd, request.arg); 186 rlen = sd_do_command(s->card, &request, response); 187 if (rlen < 0) 188 goto error; 189 if (s->cmd & PL181_CMD_RESPONSE) { 190 if (rlen == 0 || (rlen == 4 && (s->cmd & PL181_CMD_LONGRESP))) 191 goto error; 192 if (rlen != 4 && rlen != 16) 193 goto error; 194 s->response[0] = ldl_be_p(&response[0]); 195 if (rlen == 4) { 196 s->response[1] = s->response[2] = s->response[3] = 0; 197 } else { 198 s->response[1] = ldl_be_p(&response[4]); 199 s->response[2] = ldl_be_p(&response[8]); 200 s->response[3] = ldl_be_p(&response[12]) & ~1; 201 } 202 DPRINTF("Response received\n"); 203 s->status |= PL181_STATUS_CMDRESPEND; 204 } else { 205 DPRINTF("Command sent\n"); 206 s->status |= PL181_STATUS_CMDSENT; 207 } 208 return; 209 210 error: 211 DPRINTF("Timeout\n"); 212 s->status |= PL181_STATUS_CMDTIMEOUT; 213 } 214 215 /* Transfer data between the card and the FIFO. This is complicated by 216 the FIFO holding 32-bit words and the card taking data in single byte 217 chunks. FIFO bytes are transferred in little-endian order. */ 218 219 static void pl181_fifo_run(PL181State *s) 220 { 221 uint32_t bits; 222 uint32_t value = 0; 223 int n; 224 int is_read; 225 226 is_read = (s->datactrl & PL181_DATA_DIRECTION) != 0; 227 if (s->datacnt != 0 && (!is_read || sd_data_ready(s->card)) 228 && !s->linux_hack) { 229 if (is_read) { 230 n = 0; 231 while (s->datacnt && s->fifo_len < PL181_FIFO_LEN) { 232 value |= (uint32_t)sd_read_data(s->card) << (n * 8); 233 s->datacnt--; 234 n++; 235 if (n == 4) { 236 pl181_fifo_push(s, value); 237 n = 0; 238 value = 0; 239 } 240 } 241 if (n != 0) { 242 pl181_fifo_push(s, value); 243 } 244 } else { /* write */ 245 n = 0; 246 while (s->datacnt > 0 && (s->fifo_len > 0 || n > 0)) { 247 if (n == 0) { 248 value = pl181_fifo_pop(s); 249 n = 4; 250 } 251 n--; 252 s->datacnt--; 253 sd_write_data(s->card, value & 0xff); 254 value >>= 8; 255 } 256 } 257 } 258 s->status &= ~(PL181_STATUS_RX_FIFO | PL181_STATUS_TX_FIFO); 259 if (s->datacnt == 0) { 260 s->status |= PL181_STATUS_DATAEND; 261 /* HACK: */ 262 s->status |= PL181_STATUS_DATABLOCKEND; 263 DPRINTF("Transfer Complete\n"); 264 } 265 if (s->datacnt == 0 && s->fifo_len == 0) { 266 s->datactrl &= ~PL181_DATA_ENABLE; 267 DPRINTF("Data engine idle\n"); 268 } else { 269 /* Update FIFO bits. */ 270 bits = PL181_STATUS_TXACTIVE | PL181_STATUS_RXACTIVE; 271 if (s->fifo_len == 0) { 272 bits |= PL181_STATUS_TXFIFOEMPTY; 273 bits |= PL181_STATUS_RXFIFOEMPTY; 274 } else { 275 bits |= PL181_STATUS_TXDATAAVLBL; 276 bits |= PL181_STATUS_RXDATAAVLBL; 277 } 278 if (s->fifo_len == 16) { 279 bits |= PL181_STATUS_TXFIFOFULL; 280 bits |= PL181_STATUS_RXFIFOFULL; 281 } 282 if (s->fifo_len <= 8) { 283 bits |= PL181_STATUS_TXFIFOHALFEMPTY; 284 } 285 if (s->fifo_len >= 8) { 286 bits |= PL181_STATUS_RXFIFOHALFFULL; 287 } 288 if (s->datactrl & PL181_DATA_DIRECTION) { 289 bits &= PL181_STATUS_RX_FIFO; 290 } else { 291 bits &= PL181_STATUS_TX_FIFO; 292 } 293 s->status |= bits; 294 } 295 } 296 297 static uint64_t pl181_read(void *opaque, hwaddr offset, 298 unsigned size) 299 { 300 PL181State *s = (PL181State *)opaque; 301 uint32_t tmp; 302 303 if (offset >= 0xfe0 && offset < 0x1000) { 304 return pl181_id[(offset - 0xfe0) >> 2]; 305 } 306 switch (offset) { 307 case 0x00: /* Power */ 308 return s->power; 309 case 0x04: /* Clock */ 310 return s->clock; 311 case 0x08: /* Argument */ 312 return s->cmdarg; 313 case 0x0c: /* Command */ 314 return s->cmd; 315 case 0x10: /* RespCmd */ 316 return s->respcmd; 317 case 0x14: /* Response0 */ 318 return s->response[0]; 319 case 0x18: /* Response1 */ 320 return s->response[1]; 321 case 0x1c: /* Response2 */ 322 return s->response[2]; 323 case 0x20: /* Response3 */ 324 return s->response[3]; 325 case 0x24: /* DataTimer */ 326 return s->datatimer; 327 case 0x28: /* DataLength */ 328 return s->datalength; 329 case 0x2c: /* DataCtrl */ 330 return s->datactrl; 331 case 0x30: /* DataCnt */ 332 return s->datacnt; 333 case 0x34: /* Status */ 334 tmp = s->status; 335 if (s->linux_hack) { 336 s->linux_hack = 0; 337 pl181_fifo_run(s); 338 pl181_update(s); 339 } 340 return tmp; 341 case 0x3c: /* Mask0 */ 342 return s->mask[0]; 343 case 0x40: /* Mask1 */ 344 return s->mask[1]; 345 case 0x48: /* FifoCnt */ 346 /* The documentation is somewhat vague about exactly what FifoCnt 347 does. On real hardware it appears to be when decrememnted 348 when a word is transferred between the FIFO and the serial 349 data engine. DataCnt is decremented after each byte is 350 transferred between the serial engine and the card. 351 We don't emulate this level of detail, so both can be the same. */ 352 tmp = (s->datacnt + 3) >> 2; 353 if (s->linux_hack) { 354 s->linux_hack = 0; 355 pl181_fifo_run(s); 356 pl181_update(s); 357 } 358 return tmp; 359 case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */ 360 case 0x90: case 0x94: case 0x98: case 0x9c: 361 case 0xa0: case 0xa4: case 0xa8: case 0xac: 362 case 0xb0: case 0xb4: case 0xb8: case 0xbc: 363 if (s->fifo_len == 0) { 364 qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO read\n"); 365 return 0; 366 } else { 367 uint32_t value; 368 value = pl181_fifo_pop(s); 369 s->linux_hack = 1; 370 pl181_fifo_run(s); 371 pl181_update(s); 372 return value; 373 } 374 default: 375 qemu_log_mask(LOG_GUEST_ERROR, 376 "pl181_read: Bad offset %x\n", (int)offset); 377 return 0; 378 } 379 } 380 381 static void pl181_write(void *opaque, hwaddr offset, 382 uint64_t value, unsigned size) 383 { 384 PL181State *s = (PL181State *)opaque; 385 386 switch (offset) { 387 case 0x00: /* Power */ 388 s->power = value & 0xff; 389 break; 390 case 0x04: /* Clock */ 391 s->clock = value & 0xff; 392 break; 393 case 0x08: /* Argument */ 394 s->cmdarg = value; 395 break; 396 case 0x0c: /* Command */ 397 s->cmd = value; 398 if (s->cmd & PL181_CMD_ENABLE) { 399 if (s->cmd & PL181_CMD_INTERRUPT) { 400 qemu_log_mask(LOG_UNIMP, 401 "pl181: Interrupt mode not implemented\n"); 402 } if (s->cmd & PL181_CMD_PENDING) { 403 qemu_log_mask(LOG_UNIMP, 404 "pl181: Pending commands not implemented\n"); 405 } else { 406 pl181_do_command(s); 407 pl181_fifo_run(s); 408 } 409 /* The command has completed one way or the other. */ 410 s->cmd &= ~PL181_CMD_ENABLE; 411 } 412 break; 413 case 0x24: /* DataTimer */ 414 s->datatimer = value; 415 break; 416 case 0x28: /* DataLength */ 417 s->datalength = value & 0xffff; 418 break; 419 case 0x2c: /* DataCtrl */ 420 s->datactrl = value & 0xff; 421 if (value & PL181_DATA_ENABLE) { 422 s->datacnt = s->datalength; 423 pl181_fifo_run(s); 424 } 425 break; 426 case 0x38: /* Clear */ 427 s->status &= ~(value & 0x7ff); 428 break; 429 case 0x3c: /* Mask0 */ 430 s->mask[0] = value; 431 break; 432 case 0x40: /* Mask1 */ 433 s->mask[1] = value; 434 break; 435 case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */ 436 case 0x90: case 0x94: case 0x98: case 0x9c: 437 case 0xa0: case 0xa4: case 0xa8: case 0xac: 438 case 0xb0: case 0xb4: case 0xb8: case 0xbc: 439 if (s->datacnt == 0) { 440 qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO write\n"); 441 } else { 442 pl181_fifo_push(s, value); 443 pl181_fifo_run(s); 444 } 445 break; 446 default: 447 qemu_log_mask(LOG_GUEST_ERROR, 448 "pl181_write: Bad offset %x\n", (int)offset); 449 } 450 pl181_update(s); 451 } 452 453 static const MemoryRegionOps pl181_ops = { 454 .read = pl181_read, 455 .write = pl181_write, 456 .endianness = DEVICE_NATIVE_ENDIAN, 457 }; 458 459 static void pl181_reset(DeviceState *d) 460 { 461 PL181State *s = PL181(d); 462 463 s->power = 0; 464 s->cmdarg = 0; 465 s->cmd = 0; 466 s->datatimer = 0; 467 s->datalength = 0; 468 s->respcmd = 0; 469 s->response[0] = 0; 470 s->response[1] = 0; 471 s->response[2] = 0; 472 s->response[3] = 0; 473 s->datatimer = 0; 474 s->datalength = 0; 475 s->datactrl = 0; 476 s->datacnt = 0; 477 s->status = 0; 478 s->linux_hack = 0; 479 s->mask[0] = 0; 480 s->mask[1] = 0; 481 482 /* We can assume our GPIO outputs have been wired up now */ 483 sd_set_cb(s->card, s->card_readonly, s->card_inserted); 484 /* Since we're still using the legacy SD API the card is not plugged 485 * into any bus, and we must reset it manually. 486 */ 487 device_legacy_reset(DEVICE(s->card)); 488 } 489 490 static void pl181_init(Object *obj) 491 { 492 DeviceState *dev = DEVICE(obj); 493 PL181State *s = PL181(obj); 494 SysBusDevice *sbd = SYS_BUS_DEVICE(obj); 495 496 memory_region_init_io(&s->iomem, obj, &pl181_ops, s, "pl181", 0x1000); 497 sysbus_init_mmio(sbd, &s->iomem); 498 sysbus_init_irq(sbd, &s->irq[0]); 499 sysbus_init_irq(sbd, &s->irq[1]); 500 qdev_init_gpio_out_named(dev, &s->card_readonly, "card-read-only", 1); 501 qdev_init_gpio_out_named(dev, &s->card_inserted, "card-inserted", 1); 502 } 503 504 static void pl181_realize(DeviceState *dev, Error **errp) 505 { 506 PL181State *s = PL181(dev); 507 DriveInfo *dinfo; 508 509 /* FIXME use a qdev drive property instead of drive_get_next() */ 510 dinfo = drive_get_next(IF_SD); 511 s->card = sd_init(dinfo ? blk_by_legacy_dinfo(dinfo) : NULL, false); 512 if (s->card == NULL) { 513 error_setg(errp, "sd_init failed"); 514 } 515 } 516 517 static void pl181_class_init(ObjectClass *klass, void *data) 518 { 519 DeviceClass *k = DEVICE_CLASS(klass); 520 521 k->vmsd = &vmstate_pl181; 522 k->reset = pl181_reset; 523 /* Reason: init() method uses drive_get_next() */ 524 k->user_creatable = false; 525 k->realize = pl181_realize; 526 } 527 528 static const TypeInfo pl181_info = { 529 .name = TYPE_PL181, 530 .parent = TYPE_SYS_BUS_DEVICE, 531 .instance_size = sizeof(PL181State), 532 .instance_init = pl181_init, 533 .class_init = pl181_class_init, 534 }; 535 536 static void pl181_register_types(void) 537 { 538 type_register_static(&pl181_info); 539 } 540 541 type_init(pl181_register_types) 542