1 /* 2 * SD Association Host Standard Specification v2.0 controller emulation 3 * 4 * Copyright (c) 2011 Samsung Electronics Co., Ltd. 5 * Mitsyanko Igor <i.mitsyanko@samsung.com> 6 * Peter A.G. Crosthwaite <peter.crosthwaite@petalogix.com> 7 * 8 * Based on MMC controller for Samsung S5PC1xx-based board emulation 9 * by Alexey Merkulov and Vladimir Monakhov. 10 * 11 * This program is free software; you can redistribute it and/or modify it 12 * under the terms of the GNU General Public License as published by the 13 * Free Software Foundation; either version 2 of the License, or (at your 14 * option) any later version. 15 * 16 * This program is distributed in the hope that it will be useful, 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 19 * See the GNU General Public License for more details. 20 * 21 * You should have received a copy of the GNU General Public License along 22 * with this program; if not, see <http://www.gnu.org/licenses/>. 23 */ 24 25 #include "qemu/osdep.h" 26 #include "qemu/error-report.h" 27 #include "qapi/error.h" 28 #include "hw/hw.h" 29 #include "sysemu/block-backend.h" 30 #include "sysemu/blockdev.h" 31 #include "sysemu/dma.h" 32 #include "qemu/timer.h" 33 #include "qemu/bitops.h" 34 #include "hw/sd/sdhci.h" 35 #include "sdhci-internal.h" 36 #include "qemu/log.h" 37 #include "qemu/cutils.h" 38 #include "trace.h" 39 40 #define TYPE_SDHCI_BUS "sdhci-bus" 41 #define SDHCI_BUS(obj) OBJECT_CHECK(SDBus, (obj), TYPE_SDHCI_BUS) 42 43 #define MASKED_WRITE(reg, mask, val) (reg = (reg & (mask)) | (val)) 44 45 /* Default SD/MMC host controller features information, which will be 46 * presented in CAPABILITIES register of generic SD host controller at reset. 47 * 48 * support: 49 * - 3.3v and 1.8v voltages 50 * - SDMA/ADMA1/ADMA2 51 * - high-speed 52 * max host controller R/W buffers size: 512B 53 * max clock frequency for SDclock: 52 MHz 54 * timeout clock frequency: 52 MHz 55 * 56 * does not support: 57 * - 3.0v voltage 58 * - 64-bit system bus 59 * - suspend/resume 60 */ 61 #define SDHC_CAPAB_REG_DEFAULT 0x057834b4 62 63 static inline unsigned int sdhci_get_fifolen(SDHCIState *s) 64 { 65 return 1 << (9 + FIELD_EX32(s->capareg, SDHC_CAPAB, MAXBLOCKLENGTH)); 66 } 67 68 /* return true on error */ 69 static bool sdhci_check_capab_freq_range(SDHCIState *s, const char *desc, 70 uint8_t freq, Error **errp) 71 { 72 switch (freq) { 73 case 0: 74 case 10 ... 63: 75 break; 76 default: 77 error_setg(errp, "SD %s clock frequency can have value" 78 "in range 0-63 only", desc); 79 return true; 80 } 81 return false; 82 } 83 84 static void sdhci_check_capareg(SDHCIState *s, Error **errp) 85 { 86 uint64_t msk = s->capareg; 87 uint32_t val; 88 bool y; 89 90 switch (s->sd_spec_version) { 91 case 2: /* default version */ 92 val = FIELD_EX64(s->capareg, SDHC_CAPAB, ADMA2); 93 trace_sdhci_capareg("ADMA2", val); 94 msk = FIELD_DP64(msk, SDHC_CAPAB, ADMA2, 0); 95 96 val = FIELD_EX64(s->capareg, SDHC_CAPAB, ADMA1); 97 trace_sdhci_capareg("ADMA1", val); 98 msk = FIELD_DP64(msk, SDHC_CAPAB, ADMA1, 0); 99 100 val = FIELD_EX64(s->capareg, SDHC_CAPAB, BUS64BIT); 101 trace_sdhci_capareg("64-bit system bus", val); 102 msk = FIELD_DP64(msk, SDHC_CAPAB, BUS64BIT, 0); 103 104 /* fallthrough */ 105 case 1: 106 y = FIELD_EX64(s->capareg, SDHC_CAPAB, TOUNIT); 107 msk = FIELD_DP64(msk, SDHC_CAPAB, TOUNIT, 0); 108 109 val = FIELD_EX64(s->capareg, SDHC_CAPAB, TOCLKFREQ); 110 trace_sdhci_capareg(y ? "timeout (MHz)" : "Timeout (KHz)", val); 111 if (sdhci_check_capab_freq_range(s, "timeout", val, errp)) { 112 return; 113 } 114 msk = FIELD_DP64(msk, SDHC_CAPAB, TOCLKFREQ, 0); 115 116 val = FIELD_EX64(s->capareg, SDHC_CAPAB, BASECLKFREQ); 117 trace_sdhci_capareg(y ? "base (MHz)" : "Base (KHz)", val); 118 if (sdhci_check_capab_freq_range(s, "base", val, errp)) { 119 return; 120 } 121 msk = FIELD_DP64(msk, SDHC_CAPAB, BASECLKFREQ, 0); 122 123 val = FIELD_EX64(s->capareg, SDHC_CAPAB, MAXBLOCKLENGTH); 124 if (val >= 3) { 125 error_setg(errp, "block size can be 512, 1024 or 2048 only"); 126 return; 127 } 128 trace_sdhci_capareg("max block length", sdhci_get_fifolen(s)); 129 msk = FIELD_DP64(msk, SDHC_CAPAB, MAXBLOCKLENGTH, 0); 130 131 val = FIELD_EX64(s->capareg, SDHC_CAPAB, HIGHSPEED); 132 trace_sdhci_capareg("high speed", val); 133 msk = FIELD_DP64(msk, SDHC_CAPAB, HIGHSPEED, 0); 134 135 val = FIELD_EX64(s->capareg, SDHC_CAPAB, SDMA); 136 trace_sdhci_capareg("SDMA", val); 137 msk = FIELD_DP64(msk, SDHC_CAPAB, SDMA, 0); 138 139 val = FIELD_EX64(s->capareg, SDHC_CAPAB, SUSPRESUME); 140 trace_sdhci_capareg("suspend/resume", val); 141 msk = FIELD_DP64(msk, SDHC_CAPAB, SUSPRESUME, 0); 142 143 val = FIELD_EX64(s->capareg, SDHC_CAPAB, V33); 144 trace_sdhci_capareg("3.3v", val); 145 msk = FIELD_DP64(msk, SDHC_CAPAB, V33, 0); 146 147 val = FIELD_EX64(s->capareg, SDHC_CAPAB, V30); 148 trace_sdhci_capareg("3.0v", val); 149 msk = FIELD_DP64(msk, SDHC_CAPAB, V30, 0); 150 151 val = FIELD_EX64(s->capareg, SDHC_CAPAB, V18); 152 trace_sdhci_capareg("1.8v", val); 153 msk = FIELD_DP64(msk, SDHC_CAPAB, V18, 0); 154 break; 155 156 default: 157 error_setg(errp, "Unsupported spec version: %u", s->sd_spec_version); 158 } 159 if (msk) { 160 qemu_log_mask(LOG_UNIMP, 161 "SDHCI: unknown CAPAB mask: 0x%016" PRIx64 "\n", msk); 162 } 163 } 164 165 static uint8_t sdhci_slotint(SDHCIState *s) 166 { 167 return (s->norintsts & s->norintsigen) || (s->errintsts & s->errintsigen) || 168 ((s->norintsts & SDHC_NIS_INSERT) && (s->wakcon & SDHC_WKUP_ON_INS)) || 169 ((s->norintsts & SDHC_NIS_REMOVE) && (s->wakcon & SDHC_WKUP_ON_RMV)); 170 } 171 172 static inline void sdhci_update_irq(SDHCIState *s) 173 { 174 qemu_set_irq(s->irq, sdhci_slotint(s)); 175 } 176 177 static void sdhci_raise_insertion_irq(void *opaque) 178 { 179 SDHCIState *s = (SDHCIState *)opaque; 180 181 if (s->norintsts & SDHC_NIS_REMOVE) { 182 timer_mod(s->insert_timer, 183 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + SDHC_INSERTION_DELAY); 184 } else { 185 s->prnsts = 0x1ff0000; 186 if (s->norintstsen & SDHC_NISEN_INSERT) { 187 s->norintsts |= SDHC_NIS_INSERT; 188 } 189 sdhci_update_irq(s); 190 } 191 } 192 193 static void sdhci_set_inserted(DeviceState *dev, bool level) 194 { 195 SDHCIState *s = (SDHCIState *)dev; 196 197 trace_sdhci_set_inserted(level ? "insert" : "eject"); 198 if ((s->norintsts & SDHC_NIS_REMOVE) && level) { 199 /* Give target some time to notice card ejection */ 200 timer_mod(s->insert_timer, 201 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + SDHC_INSERTION_DELAY); 202 } else { 203 if (level) { 204 s->prnsts = 0x1ff0000; 205 if (s->norintstsen & SDHC_NISEN_INSERT) { 206 s->norintsts |= SDHC_NIS_INSERT; 207 } 208 } else { 209 s->prnsts = 0x1fa0000; 210 s->pwrcon &= ~SDHC_POWER_ON; 211 s->clkcon &= ~SDHC_CLOCK_SDCLK_EN; 212 if (s->norintstsen & SDHC_NISEN_REMOVE) { 213 s->norintsts |= SDHC_NIS_REMOVE; 214 } 215 } 216 sdhci_update_irq(s); 217 } 218 } 219 220 static void sdhci_set_readonly(DeviceState *dev, bool level) 221 { 222 SDHCIState *s = (SDHCIState *)dev; 223 224 if (level) { 225 s->prnsts &= ~SDHC_WRITE_PROTECT; 226 } else { 227 /* Write enabled */ 228 s->prnsts |= SDHC_WRITE_PROTECT; 229 } 230 } 231 232 static void sdhci_reset(SDHCIState *s) 233 { 234 DeviceState *dev = DEVICE(s); 235 236 timer_del(s->insert_timer); 237 timer_del(s->transfer_timer); 238 239 /* Set all registers to 0. Capabilities/Version registers are not cleared 240 * and assumed to always preserve their value, given to them during 241 * initialization */ 242 memset(&s->sdmasysad, 0, (uintptr_t)&s->capareg - (uintptr_t)&s->sdmasysad); 243 244 /* Reset other state based on current card insertion/readonly status */ 245 sdhci_set_inserted(dev, sdbus_get_inserted(&s->sdbus)); 246 sdhci_set_readonly(dev, sdbus_get_readonly(&s->sdbus)); 247 248 s->data_count = 0; 249 s->stopped_state = sdhc_not_stopped; 250 s->pending_insert_state = false; 251 } 252 253 static void sdhci_poweron_reset(DeviceState *dev) 254 { 255 /* QOM (ie power-on) reset. This is identical to reset 256 * commanded via device register apart from handling of the 257 * 'pending insert on powerup' quirk. 258 */ 259 SDHCIState *s = (SDHCIState *)dev; 260 261 sdhci_reset(s); 262 263 if (s->pending_insert_quirk) { 264 s->pending_insert_state = true; 265 } 266 } 267 268 static void sdhci_data_transfer(void *opaque); 269 270 static void sdhci_send_command(SDHCIState *s) 271 { 272 SDRequest request; 273 uint8_t response[16]; 274 int rlen; 275 276 s->errintsts = 0; 277 s->acmd12errsts = 0; 278 request.cmd = s->cmdreg >> 8; 279 request.arg = s->argument; 280 281 trace_sdhci_send_command(request.cmd, request.arg); 282 rlen = sdbus_do_command(&s->sdbus, &request, response); 283 284 if (s->cmdreg & SDHC_CMD_RESPONSE) { 285 if (rlen == 4) { 286 s->rspreg[0] = (response[0] << 24) | (response[1] << 16) | 287 (response[2] << 8) | response[3]; 288 s->rspreg[1] = s->rspreg[2] = s->rspreg[3] = 0; 289 trace_sdhci_response4(s->rspreg[0]); 290 } else if (rlen == 16) { 291 s->rspreg[0] = (response[11] << 24) | (response[12] << 16) | 292 (response[13] << 8) | response[14]; 293 s->rspreg[1] = (response[7] << 24) | (response[8] << 16) | 294 (response[9] << 8) | response[10]; 295 s->rspreg[2] = (response[3] << 24) | (response[4] << 16) | 296 (response[5] << 8) | response[6]; 297 s->rspreg[3] = (response[0] << 16) | (response[1] << 8) | 298 response[2]; 299 trace_sdhci_response16(s->rspreg[3], s->rspreg[2], 300 s->rspreg[1], s->rspreg[0]); 301 } else { 302 trace_sdhci_error("timeout waiting for command response"); 303 if (s->errintstsen & SDHC_EISEN_CMDTIMEOUT) { 304 s->errintsts |= SDHC_EIS_CMDTIMEOUT; 305 s->norintsts |= SDHC_NIS_ERR; 306 } 307 } 308 309 if (!(s->quirks & SDHCI_QUIRK_NO_BUSY_IRQ) && 310 (s->norintstsen & SDHC_NISEN_TRSCMP) && 311 (s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY) { 312 s->norintsts |= SDHC_NIS_TRSCMP; 313 } 314 } 315 316 if (s->norintstsen & SDHC_NISEN_CMDCMP) { 317 s->norintsts |= SDHC_NIS_CMDCMP; 318 } 319 320 sdhci_update_irq(s); 321 322 if (s->blksize && (s->cmdreg & SDHC_CMD_DATA_PRESENT)) { 323 s->data_count = 0; 324 sdhci_data_transfer(s); 325 } 326 } 327 328 static void sdhci_end_transfer(SDHCIState *s) 329 { 330 /* Automatically send CMD12 to stop transfer if AutoCMD12 enabled */ 331 if ((s->trnmod & SDHC_TRNS_ACMD12) != 0) { 332 SDRequest request; 333 uint8_t response[16]; 334 335 request.cmd = 0x0C; 336 request.arg = 0; 337 trace_sdhci_end_transfer(request.cmd, request.arg); 338 sdbus_do_command(&s->sdbus, &request, response); 339 /* Auto CMD12 response goes to the upper Response register */ 340 s->rspreg[3] = (response[0] << 24) | (response[1] << 16) | 341 (response[2] << 8) | response[3]; 342 } 343 344 s->prnsts &= ~(SDHC_DOING_READ | SDHC_DOING_WRITE | 345 SDHC_DAT_LINE_ACTIVE | SDHC_DATA_INHIBIT | 346 SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE); 347 348 if (s->norintstsen & SDHC_NISEN_TRSCMP) { 349 s->norintsts |= SDHC_NIS_TRSCMP; 350 } 351 352 sdhci_update_irq(s); 353 } 354 355 /* 356 * Programmed i/o data transfer 357 */ 358 #define BLOCK_SIZE_MASK (4 * K_BYTE - 1) 359 360 /* Fill host controller's read buffer with BLKSIZE bytes of data from card */ 361 static void sdhci_read_block_from_card(SDHCIState *s) 362 { 363 int index = 0; 364 365 if ((s->trnmod & SDHC_TRNS_MULTI) && 366 (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0)) { 367 return; 368 } 369 370 for (index = 0; index < (s->blksize & BLOCK_SIZE_MASK); index++) { 371 s->fifo_buffer[index] = sdbus_read_data(&s->sdbus); 372 } 373 374 /* New data now available for READ through Buffer Port Register */ 375 s->prnsts |= SDHC_DATA_AVAILABLE; 376 if (s->norintstsen & SDHC_NISEN_RBUFRDY) { 377 s->norintsts |= SDHC_NIS_RBUFRDY; 378 } 379 380 /* Clear DAT line active status if that was the last block */ 381 if ((s->trnmod & SDHC_TRNS_MULTI) == 0 || 382 ((s->trnmod & SDHC_TRNS_MULTI) && s->blkcnt == 1)) { 383 s->prnsts &= ~SDHC_DAT_LINE_ACTIVE; 384 } 385 386 /* If stop at block gap request was set and it's not the last block of 387 * data - generate Block Event interrupt */ 388 if (s->stopped_state == sdhc_gap_read && (s->trnmod & SDHC_TRNS_MULTI) && 389 s->blkcnt != 1) { 390 s->prnsts &= ~SDHC_DAT_LINE_ACTIVE; 391 if (s->norintstsen & SDHC_EISEN_BLKGAP) { 392 s->norintsts |= SDHC_EIS_BLKGAP; 393 } 394 } 395 396 sdhci_update_irq(s); 397 } 398 399 /* Read @size byte of data from host controller @s BUFFER DATA PORT register */ 400 static uint32_t sdhci_read_dataport(SDHCIState *s, unsigned size) 401 { 402 uint32_t value = 0; 403 int i; 404 405 /* first check that a valid data exists in host controller input buffer */ 406 if ((s->prnsts & SDHC_DATA_AVAILABLE) == 0) { 407 trace_sdhci_error("read from empty buffer"); 408 return 0; 409 } 410 411 for (i = 0; i < size; i++) { 412 value |= s->fifo_buffer[s->data_count] << i * 8; 413 s->data_count++; 414 /* check if we've read all valid data (blksize bytes) from buffer */ 415 if ((s->data_count) >= (s->blksize & BLOCK_SIZE_MASK)) { 416 trace_sdhci_read_dataport(s->data_count); 417 s->prnsts &= ~SDHC_DATA_AVAILABLE; /* no more data in a buffer */ 418 s->data_count = 0; /* next buff read must start at position [0] */ 419 420 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) { 421 s->blkcnt--; 422 } 423 424 /* if that was the last block of data */ 425 if ((s->trnmod & SDHC_TRNS_MULTI) == 0 || 426 ((s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0)) || 427 /* stop at gap request */ 428 (s->stopped_state == sdhc_gap_read && 429 !(s->prnsts & SDHC_DAT_LINE_ACTIVE))) { 430 sdhci_end_transfer(s); 431 } else { /* if there are more data, read next block from card */ 432 sdhci_read_block_from_card(s); 433 } 434 break; 435 } 436 } 437 438 return value; 439 } 440 441 /* Write data from host controller FIFO to card */ 442 static void sdhci_write_block_to_card(SDHCIState *s) 443 { 444 int index = 0; 445 446 if (s->prnsts & SDHC_SPACE_AVAILABLE) { 447 if (s->norintstsen & SDHC_NISEN_WBUFRDY) { 448 s->norintsts |= SDHC_NIS_WBUFRDY; 449 } 450 sdhci_update_irq(s); 451 return; 452 } 453 454 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) { 455 if (s->blkcnt == 0) { 456 return; 457 } else { 458 s->blkcnt--; 459 } 460 } 461 462 for (index = 0; index < (s->blksize & BLOCK_SIZE_MASK); index++) { 463 sdbus_write_data(&s->sdbus, s->fifo_buffer[index]); 464 } 465 466 /* Next data can be written through BUFFER DATORT register */ 467 s->prnsts |= SDHC_SPACE_AVAILABLE; 468 469 /* Finish transfer if that was the last block of data */ 470 if ((s->trnmod & SDHC_TRNS_MULTI) == 0 || 471 ((s->trnmod & SDHC_TRNS_MULTI) && 472 (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0))) { 473 sdhci_end_transfer(s); 474 } else if (s->norintstsen & SDHC_NISEN_WBUFRDY) { 475 s->norintsts |= SDHC_NIS_WBUFRDY; 476 } 477 478 /* Generate Block Gap Event if requested and if not the last block */ 479 if (s->stopped_state == sdhc_gap_write && (s->trnmod & SDHC_TRNS_MULTI) && 480 s->blkcnt > 0) { 481 s->prnsts &= ~SDHC_DOING_WRITE; 482 if (s->norintstsen & SDHC_EISEN_BLKGAP) { 483 s->norintsts |= SDHC_EIS_BLKGAP; 484 } 485 sdhci_end_transfer(s); 486 } 487 488 sdhci_update_irq(s); 489 } 490 491 /* Write @size bytes of @value data to host controller @s Buffer Data Port 492 * register */ 493 static void sdhci_write_dataport(SDHCIState *s, uint32_t value, unsigned size) 494 { 495 unsigned i; 496 497 /* Check that there is free space left in a buffer */ 498 if (!(s->prnsts & SDHC_SPACE_AVAILABLE)) { 499 trace_sdhci_error("Can't write to data buffer: buffer full"); 500 return; 501 } 502 503 for (i = 0; i < size; i++) { 504 s->fifo_buffer[s->data_count] = value & 0xFF; 505 s->data_count++; 506 value >>= 8; 507 if (s->data_count >= (s->blksize & BLOCK_SIZE_MASK)) { 508 trace_sdhci_write_dataport(s->data_count); 509 s->data_count = 0; 510 s->prnsts &= ~SDHC_SPACE_AVAILABLE; 511 if (s->prnsts & SDHC_DOING_WRITE) { 512 sdhci_write_block_to_card(s); 513 } 514 } 515 } 516 } 517 518 /* 519 * Single DMA data transfer 520 */ 521 522 /* Multi block SDMA transfer */ 523 static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s) 524 { 525 bool page_aligned = false; 526 unsigned int n, begin; 527 const uint16_t block_size = s->blksize & BLOCK_SIZE_MASK; 528 uint32_t boundary_chk = 1 << (((s->blksize & ~BLOCK_SIZE_MASK) >> 12) + 12); 529 uint32_t boundary_count = boundary_chk - (s->sdmasysad % boundary_chk); 530 531 if (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || !s->blkcnt) { 532 qemu_log_mask(LOG_UNIMP, "infinite transfer is not supported\n"); 533 return; 534 } 535 536 /* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for 537 * possible stop at page boundary if initial address is not page aligned, 538 * allow them to work properly */ 539 if ((s->sdmasysad % boundary_chk) == 0) { 540 page_aligned = true; 541 } 542 543 if (s->trnmod & SDHC_TRNS_READ) { 544 s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT | 545 SDHC_DAT_LINE_ACTIVE; 546 while (s->blkcnt) { 547 if (s->data_count == 0) { 548 for (n = 0; n < block_size; n++) { 549 s->fifo_buffer[n] = sdbus_read_data(&s->sdbus); 550 } 551 } 552 begin = s->data_count; 553 if (((boundary_count + begin) < block_size) && page_aligned) { 554 s->data_count = boundary_count + begin; 555 boundary_count = 0; 556 } else { 557 s->data_count = block_size; 558 boundary_count -= block_size - begin; 559 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) { 560 s->blkcnt--; 561 } 562 } 563 dma_memory_write(s->dma_as, s->sdmasysad, 564 &s->fifo_buffer[begin], s->data_count - begin); 565 s->sdmasysad += s->data_count - begin; 566 if (s->data_count == block_size) { 567 s->data_count = 0; 568 } 569 if (page_aligned && boundary_count == 0) { 570 break; 571 } 572 } 573 } else { 574 s->prnsts |= SDHC_DOING_WRITE | SDHC_DATA_INHIBIT | 575 SDHC_DAT_LINE_ACTIVE; 576 while (s->blkcnt) { 577 begin = s->data_count; 578 if (((boundary_count + begin) < block_size) && page_aligned) { 579 s->data_count = boundary_count + begin; 580 boundary_count = 0; 581 } else { 582 s->data_count = block_size; 583 boundary_count -= block_size - begin; 584 } 585 dma_memory_read(s->dma_as, s->sdmasysad, 586 &s->fifo_buffer[begin], s->data_count - begin); 587 s->sdmasysad += s->data_count - begin; 588 if (s->data_count == block_size) { 589 for (n = 0; n < block_size; n++) { 590 sdbus_write_data(&s->sdbus, s->fifo_buffer[n]); 591 } 592 s->data_count = 0; 593 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) { 594 s->blkcnt--; 595 } 596 } 597 if (page_aligned && boundary_count == 0) { 598 break; 599 } 600 } 601 } 602 603 if (s->blkcnt == 0) { 604 sdhci_end_transfer(s); 605 } else { 606 if (s->norintstsen & SDHC_NISEN_DMA) { 607 s->norintsts |= SDHC_NIS_DMA; 608 } 609 sdhci_update_irq(s); 610 } 611 } 612 613 /* single block SDMA transfer */ 614 static void sdhci_sdma_transfer_single_block(SDHCIState *s) 615 { 616 int n; 617 uint32_t datacnt = s->blksize & BLOCK_SIZE_MASK; 618 619 if (s->trnmod & SDHC_TRNS_READ) { 620 for (n = 0; n < datacnt; n++) { 621 s->fifo_buffer[n] = sdbus_read_data(&s->sdbus); 622 } 623 dma_memory_write(s->dma_as, s->sdmasysad, s->fifo_buffer, datacnt); 624 } else { 625 dma_memory_read(s->dma_as, s->sdmasysad, s->fifo_buffer, datacnt); 626 for (n = 0; n < datacnt; n++) { 627 sdbus_write_data(&s->sdbus, s->fifo_buffer[n]); 628 } 629 } 630 s->blkcnt--; 631 632 sdhci_end_transfer(s); 633 } 634 635 typedef struct ADMADescr { 636 hwaddr addr; 637 uint16_t length; 638 uint8_t attr; 639 uint8_t incr; 640 } ADMADescr; 641 642 static void get_adma_description(SDHCIState *s, ADMADescr *dscr) 643 { 644 uint32_t adma1 = 0; 645 uint64_t adma2 = 0; 646 hwaddr entry_addr = (hwaddr)s->admasysaddr; 647 switch (SDHC_DMA_TYPE(s->hostctl)) { 648 case SDHC_CTRL_ADMA2_32: 649 dma_memory_read(s->dma_as, entry_addr, (uint8_t *)&adma2, 650 sizeof(adma2)); 651 adma2 = le64_to_cpu(adma2); 652 /* The spec does not specify endianness of descriptor table. 653 * We currently assume that it is LE. 654 */ 655 dscr->addr = (hwaddr)extract64(adma2, 32, 32) & ~0x3ull; 656 dscr->length = (uint16_t)extract64(adma2, 16, 16); 657 dscr->attr = (uint8_t)extract64(adma2, 0, 7); 658 dscr->incr = 8; 659 break; 660 case SDHC_CTRL_ADMA1_32: 661 dma_memory_read(s->dma_as, entry_addr, (uint8_t *)&adma1, 662 sizeof(adma1)); 663 adma1 = le32_to_cpu(adma1); 664 dscr->addr = (hwaddr)(adma1 & 0xFFFFF000); 665 dscr->attr = (uint8_t)extract32(adma1, 0, 7); 666 dscr->incr = 4; 667 if ((dscr->attr & SDHC_ADMA_ATTR_ACT_MASK) == SDHC_ADMA_ATTR_SET_LEN) { 668 dscr->length = (uint16_t)extract32(adma1, 12, 16); 669 } else { 670 dscr->length = 4096; 671 } 672 break; 673 case SDHC_CTRL_ADMA2_64: 674 dma_memory_read(s->dma_as, entry_addr, 675 (uint8_t *)(&dscr->attr), 1); 676 dma_memory_read(s->dma_as, entry_addr + 2, 677 (uint8_t *)(&dscr->length), 2); 678 dscr->length = le16_to_cpu(dscr->length); 679 dma_memory_read(s->dma_as, entry_addr + 4, 680 (uint8_t *)(&dscr->addr), 8); 681 dscr->addr = le64_to_cpu(dscr->addr); 682 dscr->attr &= (uint8_t) ~0xC0; 683 dscr->incr = 12; 684 break; 685 } 686 } 687 688 /* Advanced DMA data transfer */ 689 690 static void sdhci_do_adma(SDHCIState *s) 691 { 692 unsigned int n, begin, length; 693 const uint16_t block_size = s->blksize & BLOCK_SIZE_MASK; 694 ADMADescr dscr = {}; 695 int i; 696 697 for (i = 0; i < SDHC_ADMA_DESCS_PER_DELAY; ++i) { 698 s->admaerr &= ~SDHC_ADMAERR_LENGTH_MISMATCH; 699 700 get_adma_description(s, &dscr); 701 trace_sdhci_adma_loop(dscr.addr, dscr.length, dscr.attr); 702 703 if ((dscr.attr & SDHC_ADMA_ATTR_VALID) == 0) { 704 /* Indicate that error occurred in ST_FDS state */ 705 s->admaerr &= ~SDHC_ADMAERR_STATE_MASK; 706 s->admaerr |= SDHC_ADMAERR_STATE_ST_FDS; 707 708 /* Generate ADMA error interrupt */ 709 if (s->errintstsen & SDHC_EISEN_ADMAERR) { 710 s->errintsts |= SDHC_EIS_ADMAERR; 711 s->norintsts |= SDHC_NIS_ERR; 712 } 713 714 sdhci_update_irq(s); 715 return; 716 } 717 718 length = dscr.length ? dscr.length : 65536; 719 720 switch (dscr.attr & SDHC_ADMA_ATTR_ACT_MASK) { 721 case SDHC_ADMA_ATTR_ACT_TRAN: /* data transfer */ 722 723 if (s->trnmod & SDHC_TRNS_READ) { 724 while (length) { 725 if (s->data_count == 0) { 726 for (n = 0; n < block_size; n++) { 727 s->fifo_buffer[n] = sdbus_read_data(&s->sdbus); 728 } 729 } 730 begin = s->data_count; 731 if ((length + begin) < block_size) { 732 s->data_count = length + begin; 733 length = 0; 734 } else { 735 s->data_count = block_size; 736 length -= block_size - begin; 737 } 738 dma_memory_write(s->dma_as, dscr.addr, 739 &s->fifo_buffer[begin], 740 s->data_count - begin); 741 dscr.addr += s->data_count - begin; 742 if (s->data_count == block_size) { 743 s->data_count = 0; 744 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) { 745 s->blkcnt--; 746 if (s->blkcnt == 0) { 747 break; 748 } 749 } 750 } 751 } 752 } else { 753 while (length) { 754 begin = s->data_count; 755 if ((length + begin) < block_size) { 756 s->data_count = length + begin; 757 length = 0; 758 } else { 759 s->data_count = block_size; 760 length -= block_size - begin; 761 } 762 dma_memory_read(s->dma_as, dscr.addr, 763 &s->fifo_buffer[begin], 764 s->data_count - begin); 765 dscr.addr += s->data_count - begin; 766 if (s->data_count == block_size) { 767 for (n = 0; n < block_size; n++) { 768 sdbus_write_data(&s->sdbus, s->fifo_buffer[n]); 769 } 770 s->data_count = 0; 771 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) { 772 s->blkcnt--; 773 if (s->blkcnt == 0) { 774 break; 775 } 776 } 777 } 778 } 779 } 780 s->admasysaddr += dscr.incr; 781 break; 782 case SDHC_ADMA_ATTR_ACT_LINK: /* link to next descriptor table */ 783 s->admasysaddr = dscr.addr; 784 trace_sdhci_adma("link", s->admasysaddr); 785 break; 786 default: 787 s->admasysaddr += dscr.incr; 788 break; 789 } 790 791 if (dscr.attr & SDHC_ADMA_ATTR_INT) { 792 trace_sdhci_adma("interrupt", s->admasysaddr); 793 if (s->norintstsen & SDHC_NISEN_DMA) { 794 s->norintsts |= SDHC_NIS_DMA; 795 } 796 797 sdhci_update_irq(s); 798 } 799 800 /* ADMA transfer terminates if blkcnt == 0 or by END attribute */ 801 if (((s->trnmod & SDHC_TRNS_BLK_CNT_EN) && 802 (s->blkcnt == 0)) || (dscr.attr & SDHC_ADMA_ATTR_END)) { 803 trace_sdhci_adma_transfer_completed(); 804 if (length || ((dscr.attr & SDHC_ADMA_ATTR_END) && 805 (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && 806 s->blkcnt != 0)) { 807 trace_sdhci_error("SD/MMC host ADMA length mismatch"); 808 s->admaerr |= SDHC_ADMAERR_LENGTH_MISMATCH | 809 SDHC_ADMAERR_STATE_ST_TFR; 810 if (s->errintstsen & SDHC_EISEN_ADMAERR) { 811 trace_sdhci_error("Set ADMA error flag"); 812 s->errintsts |= SDHC_EIS_ADMAERR; 813 s->norintsts |= SDHC_NIS_ERR; 814 } 815 816 sdhci_update_irq(s); 817 } 818 sdhci_end_transfer(s); 819 return; 820 } 821 822 } 823 824 /* we have unfinished business - reschedule to continue ADMA */ 825 timer_mod(s->transfer_timer, 826 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + SDHC_TRANSFER_DELAY); 827 } 828 829 /* Perform data transfer according to controller configuration */ 830 831 static void sdhci_data_transfer(void *opaque) 832 { 833 SDHCIState *s = (SDHCIState *)opaque; 834 835 if (s->trnmod & SDHC_TRNS_DMA) { 836 switch (SDHC_DMA_TYPE(s->hostctl)) { 837 case SDHC_CTRL_SDMA: 838 if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) { 839 sdhci_sdma_transfer_single_block(s); 840 } else { 841 sdhci_sdma_transfer_multi_blocks(s); 842 } 843 844 break; 845 case SDHC_CTRL_ADMA1_32: 846 if (!(s->capareg & R_SDHC_CAPAB_ADMA1_MASK)) { 847 trace_sdhci_error("ADMA1 not supported"); 848 break; 849 } 850 851 sdhci_do_adma(s); 852 break; 853 case SDHC_CTRL_ADMA2_32: 854 if (!(s->capareg & R_SDHC_CAPAB_ADMA2_MASK)) { 855 trace_sdhci_error("ADMA2 not supported"); 856 break; 857 } 858 859 sdhci_do_adma(s); 860 break; 861 case SDHC_CTRL_ADMA2_64: 862 if (!(s->capareg & R_SDHC_CAPAB_ADMA2_MASK) || 863 !(s->capareg & R_SDHC_CAPAB_BUS64BIT_MASK)) { 864 trace_sdhci_error("64 bit ADMA not supported"); 865 break; 866 } 867 868 sdhci_do_adma(s); 869 break; 870 default: 871 trace_sdhci_error("Unsupported DMA type"); 872 break; 873 } 874 } else { 875 if ((s->trnmod & SDHC_TRNS_READ) && sdbus_data_ready(&s->sdbus)) { 876 s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT | 877 SDHC_DAT_LINE_ACTIVE; 878 sdhci_read_block_from_card(s); 879 } else { 880 s->prnsts |= SDHC_DOING_WRITE | SDHC_DAT_LINE_ACTIVE | 881 SDHC_SPACE_AVAILABLE | SDHC_DATA_INHIBIT; 882 sdhci_write_block_to_card(s); 883 } 884 } 885 } 886 887 static bool sdhci_can_issue_command(SDHCIState *s) 888 { 889 if (!SDHC_CLOCK_IS_ON(s->clkcon) || 890 (((s->prnsts & SDHC_DATA_INHIBIT) || s->stopped_state) && 891 ((s->cmdreg & SDHC_CMD_DATA_PRESENT) || 892 ((s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY && 893 !(SDHC_COMMAND_TYPE(s->cmdreg) == SDHC_CMD_ABORT))))) { 894 return false; 895 } 896 897 return true; 898 } 899 900 /* The Buffer Data Port register must be accessed in sequential and 901 * continuous manner */ 902 static inline bool 903 sdhci_buff_access_is_sequential(SDHCIState *s, unsigned byte_num) 904 { 905 if ((s->data_count & 0x3) != byte_num) { 906 trace_sdhci_error("Non-sequential access to Buffer Data Port register" 907 "is prohibited\n"); 908 return false; 909 } 910 return true; 911 } 912 913 static uint64_t sdhci_read(void *opaque, hwaddr offset, unsigned size) 914 { 915 SDHCIState *s = (SDHCIState *)opaque; 916 uint32_t ret = 0; 917 918 switch (offset & ~0x3) { 919 case SDHC_SYSAD: 920 ret = s->sdmasysad; 921 break; 922 case SDHC_BLKSIZE: 923 ret = s->blksize | (s->blkcnt << 16); 924 break; 925 case SDHC_ARGUMENT: 926 ret = s->argument; 927 break; 928 case SDHC_TRNMOD: 929 ret = s->trnmod | (s->cmdreg << 16); 930 break; 931 case SDHC_RSPREG0 ... SDHC_RSPREG3: 932 ret = s->rspreg[((offset & ~0x3) - SDHC_RSPREG0) >> 2]; 933 break; 934 case SDHC_BDATA: 935 if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) { 936 ret = sdhci_read_dataport(s, size); 937 trace_sdhci_access("rd", size << 3, offset, "->", ret, ret); 938 return ret; 939 } 940 break; 941 case SDHC_PRNSTS: 942 ret = s->prnsts; 943 break; 944 case SDHC_HOSTCTL: 945 ret = s->hostctl | (s->pwrcon << 8) | (s->blkgap << 16) | 946 (s->wakcon << 24); 947 break; 948 case SDHC_CLKCON: 949 ret = s->clkcon | (s->timeoutcon << 16); 950 break; 951 case SDHC_NORINTSTS: 952 ret = s->norintsts | (s->errintsts << 16); 953 break; 954 case SDHC_NORINTSTSEN: 955 ret = s->norintstsen | (s->errintstsen << 16); 956 break; 957 case SDHC_NORINTSIGEN: 958 ret = s->norintsigen | (s->errintsigen << 16); 959 break; 960 case SDHC_ACMD12ERRSTS: 961 ret = s->acmd12errsts; 962 break; 963 case SDHC_CAPAB: 964 ret = (uint32_t)s->capareg; 965 break; 966 case SDHC_CAPAB + 4: 967 ret = (uint32_t)(s->capareg >> 32); 968 break; 969 case SDHC_MAXCURR: 970 ret = (uint32_t)s->maxcurr; 971 break; 972 case SDHC_MAXCURR + 4: 973 ret = (uint32_t)(s->maxcurr >> 32); 974 break; 975 case SDHC_ADMAERR: 976 ret = s->admaerr; 977 break; 978 case SDHC_ADMASYSADDR: 979 ret = (uint32_t)s->admasysaddr; 980 break; 981 case SDHC_ADMASYSADDR + 4: 982 ret = (uint32_t)(s->admasysaddr >> 32); 983 break; 984 case SDHC_SLOT_INT_STATUS: 985 ret = (s->version << 16) | sdhci_slotint(s); 986 break; 987 default: 988 qemu_log_mask(LOG_UNIMP, "SDHC rd_%ub @0x%02" HWADDR_PRIx " " 989 "not implemented\n", size, offset); 990 break; 991 } 992 993 ret >>= (offset & 0x3) * 8; 994 ret &= (1ULL << (size * 8)) - 1; 995 trace_sdhci_access("rd", size << 3, offset, "->", ret, ret); 996 return ret; 997 } 998 999 static inline void sdhci_blkgap_write(SDHCIState *s, uint8_t value) 1000 { 1001 if ((value & SDHC_STOP_AT_GAP_REQ) && (s->blkgap & SDHC_STOP_AT_GAP_REQ)) { 1002 return; 1003 } 1004 s->blkgap = value & SDHC_STOP_AT_GAP_REQ; 1005 1006 if ((value & SDHC_CONTINUE_REQ) && s->stopped_state && 1007 (s->blkgap & SDHC_STOP_AT_GAP_REQ) == 0) { 1008 if (s->stopped_state == sdhc_gap_read) { 1009 s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_READ; 1010 sdhci_read_block_from_card(s); 1011 } else { 1012 s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_WRITE; 1013 sdhci_write_block_to_card(s); 1014 } 1015 s->stopped_state = sdhc_not_stopped; 1016 } else if (!s->stopped_state && (value & SDHC_STOP_AT_GAP_REQ)) { 1017 if (s->prnsts & SDHC_DOING_READ) { 1018 s->stopped_state = sdhc_gap_read; 1019 } else if (s->prnsts & SDHC_DOING_WRITE) { 1020 s->stopped_state = sdhc_gap_write; 1021 } 1022 } 1023 } 1024 1025 static inline void sdhci_reset_write(SDHCIState *s, uint8_t value) 1026 { 1027 switch (value) { 1028 case SDHC_RESET_ALL: 1029 sdhci_reset(s); 1030 break; 1031 case SDHC_RESET_CMD: 1032 s->prnsts &= ~SDHC_CMD_INHIBIT; 1033 s->norintsts &= ~SDHC_NIS_CMDCMP; 1034 break; 1035 case SDHC_RESET_DATA: 1036 s->data_count = 0; 1037 s->prnsts &= ~(SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE | 1038 SDHC_DOING_READ | SDHC_DOING_WRITE | 1039 SDHC_DATA_INHIBIT | SDHC_DAT_LINE_ACTIVE); 1040 s->blkgap &= ~(SDHC_STOP_AT_GAP_REQ | SDHC_CONTINUE_REQ); 1041 s->stopped_state = sdhc_not_stopped; 1042 s->norintsts &= ~(SDHC_NIS_WBUFRDY | SDHC_NIS_RBUFRDY | 1043 SDHC_NIS_DMA | SDHC_NIS_TRSCMP | SDHC_NIS_BLKGAP); 1044 break; 1045 } 1046 } 1047 1048 static void 1049 sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) 1050 { 1051 SDHCIState *s = (SDHCIState *)opaque; 1052 unsigned shift = 8 * (offset & 0x3); 1053 uint32_t mask = ~(((1ULL << (size * 8)) - 1) << shift); 1054 uint32_t value = val; 1055 value <<= shift; 1056 1057 switch (offset & ~0x3) { 1058 case SDHC_SYSAD: 1059 s->sdmasysad = (s->sdmasysad & mask) | value; 1060 MASKED_WRITE(s->sdmasysad, mask, value); 1061 /* Writing to last byte of sdmasysad might trigger transfer */ 1062 if (!(mask & 0xFF000000) && TRANSFERRING_DATA(s->prnsts) && s->blkcnt && 1063 s->blksize && SDHC_DMA_TYPE(s->hostctl) == SDHC_CTRL_SDMA) { 1064 if (s->trnmod & SDHC_TRNS_MULTI) { 1065 sdhci_sdma_transfer_multi_blocks(s); 1066 } else { 1067 sdhci_sdma_transfer_single_block(s); 1068 } 1069 } 1070 break; 1071 case SDHC_BLKSIZE: 1072 if (!TRANSFERRING_DATA(s->prnsts)) { 1073 MASKED_WRITE(s->blksize, mask, value); 1074 MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16); 1075 } 1076 1077 /* Limit block size to the maximum buffer size */ 1078 if (extract32(s->blksize, 0, 12) > s->buf_maxsz) { 1079 qemu_log_mask(LOG_GUEST_ERROR, "%s: Size 0x%x is larger than " \ 1080 "the maximum buffer 0x%x", __func__, s->blksize, 1081 s->buf_maxsz); 1082 1083 s->blksize = deposit32(s->blksize, 0, 12, s->buf_maxsz); 1084 } 1085 1086 break; 1087 case SDHC_ARGUMENT: 1088 MASKED_WRITE(s->argument, mask, value); 1089 break; 1090 case SDHC_TRNMOD: 1091 /* DMA can be enabled only if it is supported as indicated by 1092 * capabilities register */ 1093 if (!(s->capareg & R_SDHC_CAPAB_SDMA_MASK)) { 1094 value &= ~SDHC_TRNS_DMA; 1095 } 1096 MASKED_WRITE(s->trnmod, mask, value & SDHC_TRNMOD_MASK); 1097 MASKED_WRITE(s->cmdreg, mask >> 16, value >> 16); 1098 1099 /* Writing to the upper byte of CMDREG triggers SD command generation */ 1100 if ((mask & 0xFF000000) || !sdhci_can_issue_command(s)) { 1101 break; 1102 } 1103 1104 sdhci_send_command(s); 1105 break; 1106 case SDHC_BDATA: 1107 if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) { 1108 sdhci_write_dataport(s, value >> shift, size); 1109 } 1110 break; 1111 case SDHC_HOSTCTL: 1112 if (!(mask & 0xFF0000)) { 1113 sdhci_blkgap_write(s, value >> 16); 1114 } 1115 MASKED_WRITE(s->hostctl, mask, value); 1116 MASKED_WRITE(s->pwrcon, mask >> 8, value >> 8); 1117 MASKED_WRITE(s->wakcon, mask >> 24, value >> 24); 1118 if (!(s->prnsts & SDHC_CARD_PRESENT) || ((s->pwrcon >> 1) & 0x7) < 5 || 1119 !(s->capareg & (1 << (31 - ((s->pwrcon >> 1) & 0x7))))) { 1120 s->pwrcon &= ~SDHC_POWER_ON; 1121 } 1122 break; 1123 case SDHC_CLKCON: 1124 if (!(mask & 0xFF000000)) { 1125 sdhci_reset_write(s, value >> 24); 1126 } 1127 MASKED_WRITE(s->clkcon, mask, value); 1128 MASKED_WRITE(s->timeoutcon, mask >> 16, value >> 16); 1129 if (s->clkcon & SDHC_CLOCK_INT_EN) { 1130 s->clkcon |= SDHC_CLOCK_INT_STABLE; 1131 } else { 1132 s->clkcon &= ~SDHC_CLOCK_INT_STABLE; 1133 } 1134 break; 1135 case SDHC_NORINTSTS: 1136 if (s->norintstsen & SDHC_NISEN_CARDINT) { 1137 value &= ~SDHC_NIS_CARDINT; 1138 } 1139 s->norintsts &= mask | ~value; 1140 s->errintsts &= (mask >> 16) | ~(value >> 16); 1141 if (s->errintsts) { 1142 s->norintsts |= SDHC_NIS_ERR; 1143 } else { 1144 s->norintsts &= ~SDHC_NIS_ERR; 1145 } 1146 sdhci_update_irq(s); 1147 break; 1148 case SDHC_NORINTSTSEN: 1149 MASKED_WRITE(s->norintstsen, mask, value); 1150 MASKED_WRITE(s->errintstsen, mask >> 16, value >> 16); 1151 s->norintsts &= s->norintstsen; 1152 s->errintsts &= s->errintstsen; 1153 if (s->errintsts) { 1154 s->norintsts |= SDHC_NIS_ERR; 1155 } else { 1156 s->norintsts &= ~SDHC_NIS_ERR; 1157 } 1158 /* Quirk for Raspberry Pi: pending card insert interrupt 1159 * appears when first enabled after power on */ 1160 if ((s->norintstsen & SDHC_NISEN_INSERT) && s->pending_insert_state) { 1161 assert(s->pending_insert_quirk); 1162 s->norintsts |= SDHC_NIS_INSERT; 1163 s->pending_insert_state = false; 1164 } 1165 sdhci_update_irq(s); 1166 break; 1167 case SDHC_NORINTSIGEN: 1168 MASKED_WRITE(s->norintsigen, mask, value); 1169 MASKED_WRITE(s->errintsigen, mask >> 16, value >> 16); 1170 sdhci_update_irq(s); 1171 break; 1172 case SDHC_ADMAERR: 1173 MASKED_WRITE(s->admaerr, mask, value); 1174 break; 1175 case SDHC_ADMASYSADDR: 1176 s->admasysaddr = (s->admasysaddr & (0xFFFFFFFF00000000ULL | 1177 (uint64_t)mask)) | (uint64_t)value; 1178 break; 1179 case SDHC_ADMASYSADDR + 4: 1180 s->admasysaddr = (s->admasysaddr & (0x00000000FFFFFFFFULL | 1181 ((uint64_t)mask << 32))) | ((uint64_t)value << 32); 1182 break; 1183 case SDHC_FEAER: 1184 s->acmd12errsts |= value; 1185 s->errintsts |= (value >> 16) & s->errintstsen; 1186 if (s->acmd12errsts) { 1187 s->errintsts |= SDHC_EIS_CMD12ERR; 1188 } 1189 if (s->errintsts) { 1190 s->norintsts |= SDHC_NIS_ERR; 1191 } 1192 sdhci_update_irq(s); 1193 break; 1194 case SDHC_ACMD12ERRSTS: 1195 MASKED_WRITE(s->acmd12errsts, mask, value); 1196 break; 1197 1198 case SDHC_CAPAB: 1199 case SDHC_CAPAB + 4: 1200 case SDHC_MAXCURR: 1201 case SDHC_MAXCURR + 4: 1202 qemu_log_mask(LOG_GUEST_ERROR, "SDHC wr_%ub @0x%02" HWADDR_PRIx 1203 " <- 0x%08x read-only\n", size, offset, value >> shift); 1204 break; 1205 1206 default: 1207 qemu_log_mask(LOG_UNIMP, "SDHC wr_%ub @0x%02" HWADDR_PRIx " <- 0x%08x " 1208 "not implemented\n", size, offset, value >> shift); 1209 break; 1210 } 1211 trace_sdhci_access("wr", size << 3, offset, "<-", 1212 value >> shift, value >> shift); 1213 } 1214 1215 static const MemoryRegionOps sdhci_mmio_ops = { 1216 .read = sdhci_read, 1217 .write = sdhci_write, 1218 .valid = { 1219 .min_access_size = 1, 1220 .max_access_size = 4, 1221 .unaligned = false 1222 }, 1223 .endianness = DEVICE_LITTLE_ENDIAN, 1224 }; 1225 1226 static void sdhci_init_readonly_registers(SDHCIState *s, Error **errp) 1227 { 1228 Error *local_err = NULL; 1229 1230 if (s->sd_spec_version != 2) { 1231 error_setg(errp, "Only Spec v2 is supported"); 1232 return; 1233 } 1234 s->version = (SDHC_HCVER_VENDOR << 8) | (s->sd_spec_version - 1); 1235 1236 sdhci_check_capareg(s, &local_err); 1237 if (local_err) { 1238 error_propagate(errp, local_err); 1239 return; 1240 } 1241 } 1242 1243 /* --- qdev common --- */ 1244 1245 #define DEFINE_SDHCI_COMMON_PROPERTIES(_state) \ 1246 DEFINE_PROP_UINT8("sd-spec-version", _state, sd_spec_version, 2), \ 1247 \ 1248 /* Capabilities registers provide information on supported 1249 * features of this specific host controller implementation */ \ 1250 DEFINE_PROP_UINT64("capareg", _state, capareg, SDHC_CAPAB_REG_DEFAULT), \ 1251 DEFINE_PROP_UINT64("maxcurr", _state, maxcurr, 0) 1252 1253 static void sdhci_initfn(SDHCIState *s) 1254 { 1255 qbus_create_inplace(&s->sdbus, sizeof(s->sdbus), 1256 TYPE_SDHCI_BUS, DEVICE(s), "sd-bus"); 1257 1258 s->insert_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sdhci_raise_insertion_irq, s); 1259 s->transfer_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sdhci_data_transfer, s); 1260 1261 s->io_ops = &sdhci_mmio_ops; 1262 } 1263 1264 static void sdhci_uninitfn(SDHCIState *s) 1265 { 1266 timer_del(s->insert_timer); 1267 timer_free(s->insert_timer); 1268 timer_del(s->transfer_timer); 1269 timer_free(s->transfer_timer); 1270 1271 g_free(s->fifo_buffer); 1272 s->fifo_buffer = NULL; 1273 } 1274 1275 static void sdhci_common_realize(SDHCIState *s, Error **errp) 1276 { 1277 Error *local_err = NULL; 1278 1279 sdhci_init_readonly_registers(s, &local_err); 1280 if (local_err) { 1281 error_propagate(errp, local_err); 1282 return; 1283 } 1284 s->buf_maxsz = sdhci_get_fifolen(s); 1285 s->fifo_buffer = g_malloc0(s->buf_maxsz); 1286 1287 memory_region_init_io(&s->iomem, OBJECT(s), &sdhci_mmio_ops, s, "sdhci", 1288 SDHC_REGISTERS_MAP_SIZE); 1289 } 1290 1291 static void sdhci_common_unrealize(SDHCIState *s, Error **errp) 1292 { 1293 /* This function is expected to be called only once for each class: 1294 * - SysBus: via DeviceClass->unrealize(), 1295 * - PCI: via PCIDeviceClass->exit(). 1296 * However to avoid double-free and/or use-after-free we still nullify 1297 * this variable (better safe than sorry!). */ 1298 g_free(s->fifo_buffer); 1299 s->fifo_buffer = NULL; 1300 } 1301 1302 static bool sdhci_pending_insert_vmstate_needed(void *opaque) 1303 { 1304 SDHCIState *s = opaque; 1305 1306 return s->pending_insert_state; 1307 } 1308 1309 static const VMStateDescription sdhci_pending_insert_vmstate = { 1310 .name = "sdhci/pending-insert", 1311 .version_id = 1, 1312 .minimum_version_id = 1, 1313 .needed = sdhci_pending_insert_vmstate_needed, 1314 .fields = (VMStateField[]) { 1315 VMSTATE_BOOL(pending_insert_state, SDHCIState), 1316 VMSTATE_END_OF_LIST() 1317 }, 1318 }; 1319 1320 const VMStateDescription sdhci_vmstate = { 1321 .name = "sdhci", 1322 .version_id = 1, 1323 .minimum_version_id = 1, 1324 .fields = (VMStateField[]) { 1325 VMSTATE_UINT32(sdmasysad, SDHCIState), 1326 VMSTATE_UINT16(blksize, SDHCIState), 1327 VMSTATE_UINT16(blkcnt, SDHCIState), 1328 VMSTATE_UINT32(argument, SDHCIState), 1329 VMSTATE_UINT16(trnmod, SDHCIState), 1330 VMSTATE_UINT16(cmdreg, SDHCIState), 1331 VMSTATE_UINT32_ARRAY(rspreg, SDHCIState, 4), 1332 VMSTATE_UINT32(prnsts, SDHCIState), 1333 VMSTATE_UINT8(hostctl, SDHCIState), 1334 VMSTATE_UINT8(pwrcon, SDHCIState), 1335 VMSTATE_UINT8(blkgap, SDHCIState), 1336 VMSTATE_UINT8(wakcon, SDHCIState), 1337 VMSTATE_UINT16(clkcon, SDHCIState), 1338 VMSTATE_UINT8(timeoutcon, SDHCIState), 1339 VMSTATE_UINT8(admaerr, SDHCIState), 1340 VMSTATE_UINT16(norintsts, SDHCIState), 1341 VMSTATE_UINT16(errintsts, SDHCIState), 1342 VMSTATE_UINT16(norintstsen, SDHCIState), 1343 VMSTATE_UINT16(errintstsen, SDHCIState), 1344 VMSTATE_UINT16(norintsigen, SDHCIState), 1345 VMSTATE_UINT16(errintsigen, SDHCIState), 1346 VMSTATE_UINT16(acmd12errsts, SDHCIState), 1347 VMSTATE_UINT16(data_count, SDHCIState), 1348 VMSTATE_UINT64(admasysaddr, SDHCIState), 1349 VMSTATE_UINT8(stopped_state, SDHCIState), 1350 VMSTATE_VBUFFER_UINT32(fifo_buffer, SDHCIState, 1, NULL, buf_maxsz), 1351 VMSTATE_TIMER_PTR(insert_timer, SDHCIState), 1352 VMSTATE_TIMER_PTR(transfer_timer, SDHCIState), 1353 VMSTATE_END_OF_LIST() 1354 }, 1355 .subsections = (const VMStateDescription*[]) { 1356 &sdhci_pending_insert_vmstate, 1357 NULL 1358 }, 1359 }; 1360 1361 static void sdhci_common_class_init(ObjectClass *klass, void *data) 1362 { 1363 DeviceClass *dc = DEVICE_CLASS(klass); 1364 1365 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 1366 dc->vmsd = &sdhci_vmstate; 1367 dc->reset = sdhci_poweron_reset; 1368 } 1369 1370 /* --- qdev PCI --- */ 1371 1372 static Property sdhci_pci_properties[] = { 1373 DEFINE_SDHCI_COMMON_PROPERTIES(SDHCIState), 1374 DEFINE_PROP_END_OF_LIST(), 1375 }; 1376 1377 static void sdhci_pci_realize(PCIDevice *dev, Error **errp) 1378 { 1379 SDHCIState *s = PCI_SDHCI(dev); 1380 Error *local_err = NULL; 1381 1382 sdhci_initfn(s); 1383 sdhci_common_realize(s, errp); 1384 if (local_err) { 1385 error_propagate(errp, local_err); 1386 return; 1387 } 1388 1389 dev->config[PCI_CLASS_PROG] = 0x01; /* Standard Host supported DMA */ 1390 dev->config[PCI_INTERRUPT_PIN] = 0x01; /* interrupt pin A */ 1391 s->irq = pci_allocate_irq(dev); 1392 s->dma_as = pci_get_address_space(dev); 1393 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->iomem); 1394 } 1395 1396 static void sdhci_pci_exit(PCIDevice *dev) 1397 { 1398 SDHCIState *s = PCI_SDHCI(dev); 1399 1400 sdhci_common_unrealize(s, &error_abort); 1401 sdhci_uninitfn(s); 1402 } 1403 1404 static void sdhci_pci_class_init(ObjectClass *klass, void *data) 1405 { 1406 DeviceClass *dc = DEVICE_CLASS(klass); 1407 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 1408 1409 k->realize = sdhci_pci_realize; 1410 k->exit = sdhci_pci_exit; 1411 k->vendor_id = PCI_VENDOR_ID_REDHAT; 1412 k->device_id = PCI_DEVICE_ID_REDHAT_SDHCI; 1413 k->class_id = PCI_CLASS_SYSTEM_SDHCI; 1414 dc->props = sdhci_pci_properties; 1415 1416 sdhci_common_class_init(klass, data); 1417 } 1418 1419 static const TypeInfo sdhci_pci_info = { 1420 .name = TYPE_PCI_SDHCI, 1421 .parent = TYPE_PCI_DEVICE, 1422 .instance_size = sizeof(SDHCIState), 1423 .class_init = sdhci_pci_class_init, 1424 .interfaces = (InterfaceInfo[]) { 1425 { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 1426 { }, 1427 }, 1428 }; 1429 1430 /* --- qdev SysBus --- */ 1431 1432 static Property sdhci_sysbus_properties[] = { 1433 DEFINE_SDHCI_COMMON_PROPERTIES(SDHCIState), 1434 DEFINE_PROP_BOOL("pending-insert-quirk", SDHCIState, pending_insert_quirk, 1435 false), 1436 DEFINE_PROP_LINK("dma", SDHCIState, 1437 dma_mr, TYPE_MEMORY_REGION, MemoryRegion *), 1438 DEFINE_PROP_END_OF_LIST(), 1439 }; 1440 1441 static void sdhci_sysbus_init(Object *obj) 1442 { 1443 SDHCIState *s = SYSBUS_SDHCI(obj); 1444 1445 sdhci_initfn(s); 1446 } 1447 1448 static void sdhci_sysbus_finalize(Object *obj) 1449 { 1450 SDHCIState *s = SYSBUS_SDHCI(obj); 1451 1452 if (s->dma_mr) { 1453 object_unparent(OBJECT(s->dma_mr)); 1454 } 1455 1456 sdhci_uninitfn(s); 1457 } 1458 1459 static void sdhci_sysbus_realize(DeviceState *dev, Error ** errp) 1460 { 1461 SDHCIState *s = SYSBUS_SDHCI(dev); 1462 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1463 Error *local_err = NULL; 1464 1465 sdhci_common_realize(s, errp); 1466 if (local_err) { 1467 error_propagate(errp, local_err); 1468 return; 1469 } 1470 1471 if (s->dma_mr) { 1472 s->dma_as = &s->sysbus_dma_as; 1473 address_space_init(s->dma_as, s->dma_mr, "sdhci-dma"); 1474 } else { 1475 /* use system_memory() if property "dma" not set */ 1476 s->dma_as = &address_space_memory; 1477 } 1478 1479 sysbus_init_irq(sbd, &s->irq); 1480 1481 memory_region_init_io(&s->iomem, OBJECT(s), s->io_ops, s, "sdhci", 1482 SDHC_REGISTERS_MAP_SIZE); 1483 1484 sysbus_init_mmio(sbd, &s->iomem); 1485 } 1486 1487 static void sdhci_sysbus_unrealize(DeviceState *dev, Error **errp) 1488 { 1489 SDHCIState *s = SYSBUS_SDHCI(dev); 1490 1491 sdhci_common_unrealize(s, &error_abort); 1492 1493 if (s->dma_mr) { 1494 address_space_destroy(s->dma_as); 1495 } 1496 } 1497 1498 static void sdhci_sysbus_class_init(ObjectClass *klass, void *data) 1499 { 1500 DeviceClass *dc = DEVICE_CLASS(klass); 1501 1502 dc->props = sdhci_sysbus_properties; 1503 dc->realize = sdhci_sysbus_realize; 1504 dc->unrealize = sdhci_sysbus_unrealize; 1505 1506 sdhci_common_class_init(klass, data); 1507 } 1508 1509 static const TypeInfo sdhci_sysbus_info = { 1510 .name = TYPE_SYSBUS_SDHCI, 1511 .parent = TYPE_SYS_BUS_DEVICE, 1512 .instance_size = sizeof(SDHCIState), 1513 .instance_init = sdhci_sysbus_init, 1514 .instance_finalize = sdhci_sysbus_finalize, 1515 .class_init = sdhci_sysbus_class_init, 1516 }; 1517 1518 /* --- qdev bus master --- */ 1519 1520 static void sdhci_bus_class_init(ObjectClass *klass, void *data) 1521 { 1522 SDBusClass *sbc = SD_BUS_CLASS(klass); 1523 1524 sbc->set_inserted = sdhci_set_inserted; 1525 sbc->set_readonly = sdhci_set_readonly; 1526 } 1527 1528 static const TypeInfo sdhci_bus_info = { 1529 .name = TYPE_SDHCI_BUS, 1530 .parent = TYPE_SD_BUS, 1531 .instance_size = sizeof(SDBus), 1532 .class_init = sdhci_bus_class_init, 1533 }; 1534 1535 static uint64_t usdhc_read(void *opaque, hwaddr offset, unsigned size) 1536 { 1537 SDHCIState *s = SYSBUS_SDHCI(opaque); 1538 uint32_t ret; 1539 uint16_t hostctl; 1540 1541 switch (offset) { 1542 default: 1543 return sdhci_read(opaque, offset, size); 1544 1545 case SDHC_HOSTCTL: 1546 /* 1547 * For a detailed explanation on the following bit 1548 * manipulation code see comments in a similar part of 1549 * usdhc_write() 1550 */ 1551 hostctl = SDHC_DMA_TYPE(s->hostctl) << (8 - 3); 1552 1553 if (s->hostctl & SDHC_CTRL_8BITBUS) { 1554 hostctl |= ESDHC_CTRL_8BITBUS; 1555 } 1556 1557 if (s->hostctl & SDHC_CTRL_4BITBUS) { 1558 hostctl |= ESDHC_CTRL_4BITBUS; 1559 } 1560 1561 ret = hostctl; 1562 ret |= (uint32_t)s->blkgap << 16; 1563 ret |= (uint32_t)s->wakcon << 24; 1564 1565 break; 1566 1567 case ESDHC_DLL_CTRL: 1568 case ESDHC_TUNE_CTRL_STATUS: 1569 case ESDHC_UNDOCUMENTED_REG27: 1570 case ESDHC_TUNING_CTRL: 1571 case ESDHC_VENDOR_SPEC: 1572 case ESDHC_MIX_CTRL: 1573 case ESDHC_WTMK_LVL: 1574 ret = 0; 1575 break; 1576 } 1577 1578 return ret; 1579 } 1580 1581 static void 1582 usdhc_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) 1583 { 1584 SDHCIState *s = SYSBUS_SDHCI(opaque); 1585 uint8_t hostctl; 1586 uint32_t value = (uint32_t)val; 1587 1588 switch (offset) { 1589 case ESDHC_DLL_CTRL: 1590 case ESDHC_TUNE_CTRL_STATUS: 1591 case ESDHC_UNDOCUMENTED_REG27: 1592 case ESDHC_TUNING_CTRL: 1593 case ESDHC_WTMK_LVL: 1594 case ESDHC_VENDOR_SPEC: 1595 break; 1596 1597 case SDHC_HOSTCTL: 1598 /* 1599 * Here's What ESDHCI has at offset 0x28 (SDHC_HOSTCTL) 1600 * 1601 * 7 6 5 4 3 2 1 0 1602 * |-----------+--------+--------+-----------+----------+---------| 1603 * | Card | Card | Endian | DATA3 | Data | Led | 1604 * | Detect | Detect | Mode | as Card | Transfer | Control | 1605 * | Signal | Test | | Detection | Width | | 1606 * | Selection | Level | | Pin | | | 1607 * |-----------+--------+--------+-----------+----------+---------| 1608 * 1609 * and 0x29 1610 * 1611 * 15 10 9 8 1612 * |----------+------| 1613 * | Reserved | DMA | 1614 * | | Sel. | 1615 * | | | 1616 * |----------+------| 1617 * 1618 * and here's what SDCHI spec expects those offsets to be: 1619 * 1620 * 0x28 (Host Control Register) 1621 * 1622 * 7 6 5 4 3 2 1 0 1623 * |--------+--------+----------+------+--------+----------+---------| 1624 * | Card | Card | Extended | DMA | High | Data | LED | 1625 * | Detect | Detect | Data | Sel. | Speed | Transfer | Control | 1626 * | Signal | Test | Transfer | | Enable | Width | | 1627 * | Sel. | Level | Width | | | | | 1628 * |--------+--------+----------+------+--------+----------+---------| 1629 * 1630 * and 0x29 (Power Control Register) 1631 * 1632 * |----------------------------------| 1633 * | Power Control Register | 1634 * | | 1635 * | Description omitted, | 1636 * | since it has no analog in ESDHCI | 1637 * | | 1638 * |----------------------------------| 1639 * 1640 * Since offsets 0x2A and 0x2B should be compatible between 1641 * both IP specs we only need to reconcile least 16-bit of the 1642 * word we've been given. 1643 */ 1644 1645 /* 1646 * First, save bits 7 6 and 0 since they are identical 1647 */ 1648 hostctl = value & (SDHC_CTRL_LED | 1649 SDHC_CTRL_CDTEST_INS | 1650 SDHC_CTRL_CDTEST_EN); 1651 /* 1652 * Second, split "Data Transfer Width" from bits 2 and 1 in to 1653 * bits 5 and 1 1654 */ 1655 if (value & ESDHC_CTRL_8BITBUS) { 1656 hostctl |= SDHC_CTRL_8BITBUS; 1657 } 1658 1659 if (value & ESDHC_CTRL_4BITBUS) { 1660 hostctl |= ESDHC_CTRL_4BITBUS; 1661 } 1662 1663 /* 1664 * Third, move DMA select from bits 9 and 8 to bits 4 and 3 1665 */ 1666 hostctl |= SDHC_DMA_TYPE(value >> (8 - 3)); 1667 1668 /* 1669 * Now place the corrected value into low 16-bit of the value 1670 * we are going to give standard SDHCI write function 1671 * 1672 * NOTE: This transformation should be the inverse of what can 1673 * be found in drivers/mmc/host/sdhci-esdhc-imx.c in Linux 1674 * kernel 1675 */ 1676 value &= ~UINT16_MAX; 1677 value |= hostctl; 1678 value |= (uint16_t)s->pwrcon << 8; 1679 1680 sdhci_write(opaque, offset, value, size); 1681 break; 1682 1683 case ESDHC_MIX_CTRL: 1684 /* 1685 * So, when SD/MMC stack in Linux tries to write to "Transfer 1686 * Mode Register", ESDHC i.MX quirk code will translate it 1687 * into a write to ESDHC_MIX_CTRL, so we do the opposite in 1688 * order to get where we started 1689 * 1690 * Note that Auto CMD23 Enable bit is located in a wrong place 1691 * on i.MX, but since it is not used by QEMU we do not care. 1692 * 1693 * We don't want to call sdhci_write(.., SDHC_TRNMOD, ...) 1694 * here becuase it will result in a call to 1695 * sdhci_send_command(s) which we don't want. 1696 * 1697 */ 1698 s->trnmod = value & UINT16_MAX; 1699 break; 1700 case SDHC_TRNMOD: 1701 /* 1702 * Similar to above, but this time a write to "Command 1703 * Register" will be translated into a 4-byte write to 1704 * "Transfer Mode register" where lower 16-bit of value would 1705 * be set to zero. So what we do is fill those bits with 1706 * cached value from s->trnmod and let the SDHCI 1707 * infrastructure handle the rest 1708 */ 1709 sdhci_write(opaque, offset, val | s->trnmod, size); 1710 break; 1711 case SDHC_BLKSIZE: 1712 /* 1713 * ESDHCI does not implement "Host SDMA Buffer Boundary", and 1714 * Linux driver will try to zero this field out which will 1715 * break the rest of SDHCI emulation. 1716 * 1717 * Linux defaults to maximum possible setting (512K boundary) 1718 * and it seems to be the only option that i.MX IP implements, 1719 * so we artificially set it to that value. 1720 */ 1721 val |= 0x7 << 12; 1722 /* FALLTHROUGH */ 1723 default: 1724 sdhci_write(opaque, offset, val, size); 1725 break; 1726 } 1727 } 1728 1729 1730 static const MemoryRegionOps usdhc_mmio_ops = { 1731 .read = usdhc_read, 1732 .write = usdhc_write, 1733 .valid = { 1734 .min_access_size = 1, 1735 .max_access_size = 4, 1736 .unaligned = false 1737 }, 1738 .endianness = DEVICE_LITTLE_ENDIAN, 1739 }; 1740 1741 static void imx_usdhc_init(Object *obj) 1742 { 1743 SDHCIState *s = SYSBUS_SDHCI(obj); 1744 1745 s->io_ops = &usdhc_mmio_ops; 1746 s->quirks = SDHCI_QUIRK_NO_BUSY_IRQ; 1747 } 1748 1749 static const TypeInfo imx_usdhc_info = { 1750 .name = TYPE_IMX_USDHC, 1751 .parent = TYPE_SYSBUS_SDHCI, 1752 .instance_init = imx_usdhc_init, 1753 }; 1754 1755 static void sdhci_register_types(void) 1756 { 1757 type_register_static(&sdhci_pci_info); 1758 type_register_static(&sdhci_sysbus_info); 1759 type_register_static(&sdhci_bus_info); 1760 type_register_static(&imx_usdhc_info); 1761 } 1762 1763 type_init(sdhci_register_types) 1764