1 /* 2 * SD Association Host Standard Specification v2.0 controller emulation 3 * 4 * Copyright (c) 2011 Samsung Electronics Co., Ltd. 5 * Mitsyanko Igor <i.mitsyanko@samsung.com> 6 * Peter A.G. Crosthwaite <peter.crosthwaite@petalogix.com> 7 * 8 * Based on MMC controller for Samsung S5PC1xx-based board emulation 9 * by Alexey Merkulov and Vladimir Monakhov. 10 * 11 * This program is free software; you can redistribute it and/or modify it 12 * under the terms of the GNU General Public License as published by the 13 * Free Software Foundation; either version 2 of the License, or (at your 14 * option) any later version. 15 * 16 * This program is distributed in the hope that it will be useful, 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 19 * See the GNU General Public License for more details. 20 * 21 * You should have received a copy of the GNU General Public License along 22 * with this program; if not, see <http://www.gnu.org/licenses/>. 23 */ 24 25 #include "qemu/osdep.h" 26 #include "qapi/error.h" 27 #include "hw/hw.h" 28 #include "sysemu/block-backend.h" 29 #include "sysemu/blockdev.h" 30 #include "sysemu/dma.h" 31 #include "qemu/timer.h" 32 #include "qemu/bitops.h" 33 #include "hw/sd/sdhci.h" 34 #include "sdhci-internal.h" 35 #include "qemu/log.h" 36 #include "trace.h" 37 38 #define TYPE_SDHCI_BUS "sdhci-bus" 39 #define SDHCI_BUS(obj) OBJECT_CHECK(SDBus, (obj), TYPE_SDHCI_BUS) 40 41 /* Default SD/MMC host controller features information, which will be 42 * presented in CAPABILITIES register of generic SD host controller at reset. 43 * If not stated otherwise: 44 * 0 - not supported, 1 - supported, other - prohibited. 45 */ 46 #define SDHC_CAPAB_64BITBUS 0ul /* 64-bit System Bus Support */ 47 #define SDHC_CAPAB_18V 1ul /* Voltage support 1.8v */ 48 #define SDHC_CAPAB_30V 0ul /* Voltage support 3.0v */ 49 #define SDHC_CAPAB_33V 1ul /* Voltage support 3.3v */ 50 #define SDHC_CAPAB_SUSPRESUME 0ul /* Suspend/resume support */ 51 #define SDHC_CAPAB_SDMA 1ul /* SDMA support */ 52 #define SDHC_CAPAB_HIGHSPEED 1ul /* High speed support */ 53 #define SDHC_CAPAB_ADMA1 1ul /* ADMA1 support */ 54 #define SDHC_CAPAB_ADMA2 1ul /* ADMA2 support */ 55 /* Maximum host controller R/W buffers size 56 * Possible values: 512, 1024, 2048 bytes */ 57 #define SDHC_CAPAB_MAXBLOCKLENGTH 512ul 58 /* Maximum clock frequency for SDclock in MHz 59 * value in range 10-63 MHz, 0 - not defined */ 60 #define SDHC_CAPAB_BASECLKFREQ 52ul 61 #define SDHC_CAPAB_TOUNIT 1ul /* Timeout clock unit 0 - kHz, 1 - MHz */ 62 /* Timeout clock frequency 1-63, 0 - not defined */ 63 #define SDHC_CAPAB_TOCLKFREQ 52ul 64 65 /* Now check all parameters and calculate CAPABILITIES REGISTER value */ 66 #if SDHC_CAPAB_64BITBUS > 1 || SDHC_CAPAB_18V > 1 || SDHC_CAPAB_30V > 1 || \ 67 SDHC_CAPAB_33V > 1 || SDHC_CAPAB_SUSPRESUME > 1 || SDHC_CAPAB_SDMA > 1 || \ 68 SDHC_CAPAB_HIGHSPEED > 1 || SDHC_CAPAB_ADMA2 > 1 || SDHC_CAPAB_ADMA1 > 1 ||\ 69 SDHC_CAPAB_TOUNIT > 1 70 #error Capabilities features can have value 0 or 1 only! 71 #endif 72 73 #if SDHC_CAPAB_MAXBLOCKLENGTH == 512 74 #define MAX_BLOCK_LENGTH 0ul 75 #elif SDHC_CAPAB_MAXBLOCKLENGTH == 1024 76 #define MAX_BLOCK_LENGTH 1ul 77 #elif SDHC_CAPAB_MAXBLOCKLENGTH == 2048 78 #define MAX_BLOCK_LENGTH 2ul 79 #else 80 #error Max host controller block size can have value 512, 1024 or 2048 only! 81 #endif 82 83 #if (SDHC_CAPAB_BASECLKFREQ > 0 && SDHC_CAPAB_BASECLKFREQ < 10) || \ 84 SDHC_CAPAB_BASECLKFREQ > 63 85 #error SDclock frequency can have value in range 0, 10-63 only! 86 #endif 87 88 #if SDHC_CAPAB_TOCLKFREQ > 63 89 #error Timeout clock frequency can have value in range 0-63 only! 90 #endif 91 92 #define SDHC_CAPAB_REG_DEFAULT \ 93 ((SDHC_CAPAB_64BITBUS << 28) | (SDHC_CAPAB_18V << 26) | \ 94 (SDHC_CAPAB_30V << 25) | (SDHC_CAPAB_33V << 24) | \ 95 (SDHC_CAPAB_SUSPRESUME << 23) | (SDHC_CAPAB_SDMA << 22) | \ 96 (SDHC_CAPAB_HIGHSPEED << 21) | (SDHC_CAPAB_ADMA1 << 20) | \ 97 (SDHC_CAPAB_ADMA2 << 19) | (MAX_BLOCK_LENGTH << 16) | \ 98 (SDHC_CAPAB_BASECLKFREQ << 8) | (SDHC_CAPAB_TOUNIT << 7) | \ 99 (SDHC_CAPAB_TOCLKFREQ)) 100 101 #define MASKED_WRITE(reg, mask, val) (reg = (reg & (mask)) | (val)) 102 103 static uint8_t sdhci_slotint(SDHCIState *s) 104 { 105 return (s->norintsts & s->norintsigen) || (s->errintsts & s->errintsigen) || 106 ((s->norintsts & SDHC_NIS_INSERT) && (s->wakcon & SDHC_WKUP_ON_INS)) || 107 ((s->norintsts & SDHC_NIS_REMOVE) && (s->wakcon & SDHC_WKUP_ON_RMV)); 108 } 109 110 static inline void sdhci_update_irq(SDHCIState *s) 111 { 112 qemu_set_irq(s->irq, sdhci_slotint(s)); 113 } 114 115 static void sdhci_raise_insertion_irq(void *opaque) 116 { 117 SDHCIState *s = (SDHCIState *)opaque; 118 119 if (s->norintsts & SDHC_NIS_REMOVE) { 120 timer_mod(s->insert_timer, 121 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + SDHC_INSERTION_DELAY); 122 } else { 123 s->prnsts = 0x1ff0000; 124 if (s->norintstsen & SDHC_NISEN_INSERT) { 125 s->norintsts |= SDHC_NIS_INSERT; 126 } 127 sdhci_update_irq(s); 128 } 129 } 130 131 static void sdhci_set_inserted(DeviceState *dev, bool level) 132 { 133 SDHCIState *s = (SDHCIState *)dev; 134 135 trace_sdhci_set_inserted(level ? "insert" : "eject"); 136 if ((s->norintsts & SDHC_NIS_REMOVE) && level) { 137 /* Give target some time to notice card ejection */ 138 timer_mod(s->insert_timer, 139 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + SDHC_INSERTION_DELAY); 140 } else { 141 if (level) { 142 s->prnsts = 0x1ff0000; 143 if (s->norintstsen & SDHC_NISEN_INSERT) { 144 s->norintsts |= SDHC_NIS_INSERT; 145 } 146 } else { 147 s->prnsts = 0x1fa0000; 148 s->pwrcon &= ~SDHC_POWER_ON; 149 s->clkcon &= ~SDHC_CLOCK_SDCLK_EN; 150 if (s->norintstsen & SDHC_NISEN_REMOVE) { 151 s->norintsts |= SDHC_NIS_REMOVE; 152 } 153 } 154 sdhci_update_irq(s); 155 } 156 } 157 158 static void sdhci_set_readonly(DeviceState *dev, bool level) 159 { 160 SDHCIState *s = (SDHCIState *)dev; 161 162 if (level) { 163 s->prnsts &= ~SDHC_WRITE_PROTECT; 164 } else { 165 /* Write enabled */ 166 s->prnsts |= SDHC_WRITE_PROTECT; 167 } 168 } 169 170 static void sdhci_reset(SDHCIState *s) 171 { 172 DeviceState *dev = DEVICE(s); 173 174 timer_del(s->insert_timer); 175 timer_del(s->transfer_timer); 176 /* Set all registers to 0. Capabilities registers are not cleared 177 * and assumed to always preserve their value, given to them during 178 * initialization */ 179 memset(&s->sdmasysad, 0, (uintptr_t)&s->capareg - (uintptr_t)&s->sdmasysad); 180 181 /* Reset other state based on current card insertion/readonly status */ 182 sdhci_set_inserted(dev, sdbus_get_inserted(&s->sdbus)); 183 sdhci_set_readonly(dev, sdbus_get_readonly(&s->sdbus)); 184 185 s->data_count = 0; 186 s->stopped_state = sdhc_not_stopped; 187 s->pending_insert_state = false; 188 } 189 190 static void sdhci_poweron_reset(DeviceState *dev) 191 { 192 /* QOM (ie power-on) reset. This is identical to reset 193 * commanded via device register apart from handling of the 194 * 'pending insert on powerup' quirk. 195 */ 196 SDHCIState *s = (SDHCIState *)dev; 197 198 sdhci_reset(s); 199 200 if (s->pending_insert_quirk) { 201 s->pending_insert_state = true; 202 } 203 } 204 205 static void sdhci_data_transfer(void *opaque); 206 207 static void sdhci_send_command(SDHCIState *s) 208 { 209 SDRequest request; 210 uint8_t response[16]; 211 int rlen; 212 213 s->errintsts = 0; 214 s->acmd12errsts = 0; 215 request.cmd = s->cmdreg >> 8; 216 request.arg = s->argument; 217 218 trace_sdhci_send_command(request.cmd, request.arg); 219 rlen = sdbus_do_command(&s->sdbus, &request, response); 220 221 if (s->cmdreg & SDHC_CMD_RESPONSE) { 222 if (rlen == 4) { 223 s->rspreg[0] = (response[0] << 24) | (response[1] << 16) | 224 (response[2] << 8) | response[3]; 225 s->rspreg[1] = s->rspreg[2] = s->rspreg[3] = 0; 226 trace_sdhci_response4(s->rspreg[0]); 227 } else if (rlen == 16) { 228 s->rspreg[0] = (response[11] << 24) | (response[12] << 16) | 229 (response[13] << 8) | response[14]; 230 s->rspreg[1] = (response[7] << 24) | (response[8] << 16) | 231 (response[9] << 8) | response[10]; 232 s->rspreg[2] = (response[3] << 24) | (response[4] << 16) | 233 (response[5] << 8) | response[6]; 234 s->rspreg[3] = (response[0] << 16) | (response[1] << 8) | 235 response[2]; 236 trace_sdhci_response16(s->rspreg[3], s->rspreg[2], 237 s->rspreg[1], s->rspreg[0]); 238 } else { 239 trace_sdhci_error("timeout waiting for command response"); 240 if (s->errintstsen & SDHC_EISEN_CMDTIMEOUT) { 241 s->errintsts |= SDHC_EIS_CMDTIMEOUT; 242 s->norintsts |= SDHC_NIS_ERR; 243 } 244 } 245 246 if (!(s->quirks & SDHCI_QUIRK_NO_BUSY_IRQ) && 247 (s->norintstsen & SDHC_NISEN_TRSCMP) && 248 (s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY) { 249 s->norintsts |= SDHC_NIS_TRSCMP; 250 } 251 } 252 253 if (s->norintstsen & SDHC_NISEN_CMDCMP) { 254 s->norintsts |= SDHC_NIS_CMDCMP; 255 } 256 257 sdhci_update_irq(s); 258 259 if (s->blksize && (s->cmdreg & SDHC_CMD_DATA_PRESENT)) { 260 s->data_count = 0; 261 sdhci_data_transfer(s); 262 } 263 } 264 265 static void sdhci_end_transfer(SDHCIState *s) 266 { 267 /* Automatically send CMD12 to stop transfer if AutoCMD12 enabled */ 268 if ((s->trnmod & SDHC_TRNS_ACMD12) != 0) { 269 SDRequest request; 270 uint8_t response[16]; 271 272 request.cmd = 0x0C; 273 request.arg = 0; 274 trace_sdhci_end_transfer(request.cmd, request.arg); 275 sdbus_do_command(&s->sdbus, &request, response); 276 /* Auto CMD12 response goes to the upper Response register */ 277 s->rspreg[3] = (response[0] << 24) | (response[1] << 16) | 278 (response[2] << 8) | response[3]; 279 } 280 281 s->prnsts &= ~(SDHC_DOING_READ | SDHC_DOING_WRITE | 282 SDHC_DAT_LINE_ACTIVE | SDHC_DATA_INHIBIT | 283 SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE); 284 285 if (s->norintstsen & SDHC_NISEN_TRSCMP) { 286 s->norintsts |= SDHC_NIS_TRSCMP; 287 } 288 289 sdhci_update_irq(s); 290 } 291 292 /* 293 * Programmed i/o data transfer 294 */ 295 296 /* Fill host controller's read buffer with BLKSIZE bytes of data from card */ 297 static void sdhci_read_block_from_card(SDHCIState *s) 298 { 299 int index = 0; 300 301 if ((s->trnmod & SDHC_TRNS_MULTI) && 302 (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0)) { 303 return; 304 } 305 306 for (index = 0; index < (s->blksize & 0x0fff); index++) { 307 s->fifo_buffer[index] = sdbus_read_data(&s->sdbus); 308 } 309 310 /* New data now available for READ through Buffer Port Register */ 311 s->prnsts |= SDHC_DATA_AVAILABLE; 312 if (s->norintstsen & SDHC_NISEN_RBUFRDY) { 313 s->norintsts |= SDHC_NIS_RBUFRDY; 314 } 315 316 /* Clear DAT line active status if that was the last block */ 317 if ((s->trnmod & SDHC_TRNS_MULTI) == 0 || 318 ((s->trnmod & SDHC_TRNS_MULTI) && s->blkcnt == 1)) { 319 s->prnsts &= ~SDHC_DAT_LINE_ACTIVE; 320 } 321 322 /* If stop at block gap request was set and it's not the last block of 323 * data - generate Block Event interrupt */ 324 if (s->stopped_state == sdhc_gap_read && (s->trnmod & SDHC_TRNS_MULTI) && 325 s->blkcnt != 1) { 326 s->prnsts &= ~SDHC_DAT_LINE_ACTIVE; 327 if (s->norintstsen & SDHC_EISEN_BLKGAP) { 328 s->norintsts |= SDHC_EIS_BLKGAP; 329 } 330 } 331 332 sdhci_update_irq(s); 333 } 334 335 /* Read @size byte of data from host controller @s BUFFER DATA PORT register */ 336 static uint32_t sdhci_read_dataport(SDHCIState *s, unsigned size) 337 { 338 uint32_t value = 0; 339 int i; 340 341 /* first check that a valid data exists in host controller input buffer */ 342 if ((s->prnsts & SDHC_DATA_AVAILABLE) == 0) { 343 trace_sdhci_error("read from empty buffer"); 344 return 0; 345 } 346 347 for (i = 0; i < size; i++) { 348 value |= s->fifo_buffer[s->data_count] << i * 8; 349 s->data_count++; 350 /* check if we've read all valid data (blksize bytes) from buffer */ 351 if ((s->data_count) >= (s->blksize & 0x0fff)) { 352 trace_sdhci_read_dataport(s->data_count); 353 s->prnsts &= ~SDHC_DATA_AVAILABLE; /* no more data in a buffer */ 354 s->data_count = 0; /* next buff read must start at position [0] */ 355 356 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) { 357 s->blkcnt--; 358 } 359 360 /* if that was the last block of data */ 361 if ((s->trnmod & SDHC_TRNS_MULTI) == 0 || 362 ((s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0)) || 363 /* stop at gap request */ 364 (s->stopped_state == sdhc_gap_read && 365 !(s->prnsts & SDHC_DAT_LINE_ACTIVE))) { 366 sdhci_end_transfer(s); 367 } else { /* if there are more data, read next block from card */ 368 sdhci_read_block_from_card(s); 369 } 370 break; 371 } 372 } 373 374 return value; 375 } 376 377 /* Write data from host controller FIFO to card */ 378 static void sdhci_write_block_to_card(SDHCIState *s) 379 { 380 int index = 0; 381 382 if (s->prnsts & SDHC_SPACE_AVAILABLE) { 383 if (s->norintstsen & SDHC_NISEN_WBUFRDY) { 384 s->norintsts |= SDHC_NIS_WBUFRDY; 385 } 386 sdhci_update_irq(s); 387 return; 388 } 389 390 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) { 391 if (s->blkcnt == 0) { 392 return; 393 } else { 394 s->blkcnt--; 395 } 396 } 397 398 for (index = 0; index < (s->blksize & 0x0fff); index++) { 399 sdbus_write_data(&s->sdbus, s->fifo_buffer[index]); 400 } 401 402 /* Next data can be written through BUFFER DATORT register */ 403 s->prnsts |= SDHC_SPACE_AVAILABLE; 404 405 /* Finish transfer if that was the last block of data */ 406 if ((s->trnmod & SDHC_TRNS_MULTI) == 0 || 407 ((s->trnmod & SDHC_TRNS_MULTI) && 408 (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0))) { 409 sdhci_end_transfer(s); 410 } else if (s->norintstsen & SDHC_NISEN_WBUFRDY) { 411 s->norintsts |= SDHC_NIS_WBUFRDY; 412 } 413 414 /* Generate Block Gap Event if requested and if not the last block */ 415 if (s->stopped_state == sdhc_gap_write && (s->trnmod & SDHC_TRNS_MULTI) && 416 s->blkcnt > 0) { 417 s->prnsts &= ~SDHC_DOING_WRITE; 418 if (s->norintstsen & SDHC_EISEN_BLKGAP) { 419 s->norintsts |= SDHC_EIS_BLKGAP; 420 } 421 sdhci_end_transfer(s); 422 } 423 424 sdhci_update_irq(s); 425 } 426 427 /* Write @size bytes of @value data to host controller @s Buffer Data Port 428 * register */ 429 static void sdhci_write_dataport(SDHCIState *s, uint32_t value, unsigned size) 430 { 431 unsigned i; 432 433 /* Check that there is free space left in a buffer */ 434 if (!(s->prnsts & SDHC_SPACE_AVAILABLE)) { 435 trace_sdhci_error("Can't write to data buffer: buffer full"); 436 return; 437 } 438 439 for (i = 0; i < size; i++) { 440 s->fifo_buffer[s->data_count] = value & 0xFF; 441 s->data_count++; 442 value >>= 8; 443 if (s->data_count >= (s->blksize & 0x0fff)) { 444 trace_sdhci_write_dataport(s->data_count); 445 s->data_count = 0; 446 s->prnsts &= ~SDHC_SPACE_AVAILABLE; 447 if (s->prnsts & SDHC_DOING_WRITE) { 448 sdhci_write_block_to_card(s); 449 } 450 } 451 } 452 } 453 454 /* 455 * Single DMA data transfer 456 */ 457 458 /* Multi block SDMA transfer */ 459 static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s) 460 { 461 bool page_aligned = false; 462 unsigned int n, begin; 463 const uint16_t block_size = s->blksize & 0x0fff; 464 uint32_t boundary_chk = 1 << (((s->blksize & 0xf000) >> 12) + 12); 465 uint32_t boundary_count = boundary_chk - (s->sdmasysad % boundary_chk); 466 467 if (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || !s->blkcnt) { 468 qemu_log_mask(LOG_UNIMP, "infinite transfer is not supported\n"); 469 return; 470 } 471 472 /* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for 473 * possible stop at page boundary if initial address is not page aligned, 474 * allow them to work properly */ 475 if ((s->sdmasysad % boundary_chk) == 0) { 476 page_aligned = true; 477 } 478 479 if (s->trnmod & SDHC_TRNS_READ) { 480 s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT | 481 SDHC_DAT_LINE_ACTIVE; 482 while (s->blkcnt) { 483 if (s->data_count == 0) { 484 for (n = 0; n < block_size; n++) { 485 s->fifo_buffer[n] = sdbus_read_data(&s->sdbus); 486 } 487 } 488 begin = s->data_count; 489 if (((boundary_count + begin) < block_size) && page_aligned) { 490 s->data_count = boundary_count + begin; 491 boundary_count = 0; 492 } else { 493 s->data_count = block_size; 494 boundary_count -= block_size - begin; 495 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) { 496 s->blkcnt--; 497 } 498 } 499 dma_memory_write(s->dma_as, s->sdmasysad, 500 &s->fifo_buffer[begin], s->data_count - begin); 501 s->sdmasysad += s->data_count - begin; 502 if (s->data_count == block_size) { 503 s->data_count = 0; 504 } 505 if (page_aligned && boundary_count == 0) { 506 break; 507 } 508 } 509 } else { 510 s->prnsts |= SDHC_DOING_WRITE | SDHC_DATA_INHIBIT | 511 SDHC_DAT_LINE_ACTIVE; 512 while (s->blkcnt) { 513 begin = s->data_count; 514 if (((boundary_count + begin) < block_size) && page_aligned) { 515 s->data_count = boundary_count + begin; 516 boundary_count = 0; 517 } else { 518 s->data_count = block_size; 519 boundary_count -= block_size - begin; 520 } 521 dma_memory_read(s->dma_as, s->sdmasysad, 522 &s->fifo_buffer[begin], s->data_count - begin); 523 s->sdmasysad += s->data_count - begin; 524 if (s->data_count == block_size) { 525 for (n = 0; n < block_size; n++) { 526 sdbus_write_data(&s->sdbus, s->fifo_buffer[n]); 527 } 528 s->data_count = 0; 529 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) { 530 s->blkcnt--; 531 } 532 } 533 if (page_aligned && boundary_count == 0) { 534 break; 535 } 536 } 537 } 538 539 if (s->blkcnt == 0) { 540 sdhci_end_transfer(s); 541 } else { 542 if (s->norintstsen & SDHC_NISEN_DMA) { 543 s->norintsts |= SDHC_NIS_DMA; 544 } 545 sdhci_update_irq(s); 546 } 547 } 548 549 /* single block SDMA transfer */ 550 static void sdhci_sdma_transfer_single_block(SDHCIState *s) 551 { 552 int n; 553 uint32_t datacnt = s->blksize & 0x0fff; 554 555 if (s->trnmod & SDHC_TRNS_READ) { 556 for (n = 0; n < datacnt; n++) { 557 s->fifo_buffer[n] = sdbus_read_data(&s->sdbus); 558 } 559 dma_memory_write(s->dma_as, s->sdmasysad, s->fifo_buffer, datacnt); 560 } else { 561 dma_memory_read(s->dma_as, s->sdmasysad, s->fifo_buffer, datacnt); 562 for (n = 0; n < datacnt; n++) { 563 sdbus_write_data(&s->sdbus, s->fifo_buffer[n]); 564 } 565 } 566 s->blkcnt--; 567 568 sdhci_end_transfer(s); 569 } 570 571 typedef struct ADMADescr { 572 hwaddr addr; 573 uint16_t length; 574 uint8_t attr; 575 uint8_t incr; 576 } ADMADescr; 577 578 static void get_adma_description(SDHCIState *s, ADMADescr *dscr) 579 { 580 uint32_t adma1 = 0; 581 uint64_t adma2 = 0; 582 hwaddr entry_addr = (hwaddr)s->admasysaddr; 583 switch (SDHC_DMA_TYPE(s->hostctl)) { 584 case SDHC_CTRL_ADMA2_32: 585 dma_memory_read(s->dma_as, entry_addr, (uint8_t *)&adma2, 586 sizeof(adma2)); 587 adma2 = le64_to_cpu(adma2); 588 /* The spec does not specify endianness of descriptor table. 589 * We currently assume that it is LE. 590 */ 591 dscr->addr = (hwaddr)extract64(adma2, 32, 32) & ~0x3ull; 592 dscr->length = (uint16_t)extract64(adma2, 16, 16); 593 dscr->attr = (uint8_t)extract64(adma2, 0, 7); 594 dscr->incr = 8; 595 break; 596 case SDHC_CTRL_ADMA1_32: 597 dma_memory_read(s->dma_as, entry_addr, (uint8_t *)&adma1, 598 sizeof(adma1)); 599 adma1 = le32_to_cpu(adma1); 600 dscr->addr = (hwaddr)(adma1 & 0xFFFFF000); 601 dscr->attr = (uint8_t)extract32(adma1, 0, 7); 602 dscr->incr = 4; 603 if ((dscr->attr & SDHC_ADMA_ATTR_ACT_MASK) == SDHC_ADMA_ATTR_SET_LEN) { 604 dscr->length = (uint16_t)extract32(adma1, 12, 16); 605 } else { 606 dscr->length = 4096; 607 } 608 break; 609 case SDHC_CTRL_ADMA2_64: 610 dma_memory_read(s->dma_as, entry_addr, 611 (uint8_t *)(&dscr->attr), 1); 612 dma_memory_read(s->dma_as, entry_addr + 2, 613 (uint8_t *)(&dscr->length), 2); 614 dscr->length = le16_to_cpu(dscr->length); 615 dma_memory_read(s->dma_as, entry_addr + 4, 616 (uint8_t *)(&dscr->addr), 8); 617 dscr->attr = le64_to_cpu(dscr->attr); 618 dscr->attr &= 0xfffffff8; 619 dscr->incr = 12; 620 break; 621 } 622 } 623 624 /* Advanced DMA data transfer */ 625 626 static void sdhci_do_adma(SDHCIState *s) 627 { 628 unsigned int n, begin, length; 629 const uint16_t block_size = s->blksize & 0x0fff; 630 ADMADescr dscr = {}; 631 int i; 632 633 for (i = 0; i < SDHC_ADMA_DESCS_PER_DELAY; ++i) { 634 s->admaerr &= ~SDHC_ADMAERR_LENGTH_MISMATCH; 635 636 get_adma_description(s, &dscr); 637 trace_sdhci_adma_loop(dscr.addr, dscr.length, dscr.attr); 638 639 if ((dscr.attr & SDHC_ADMA_ATTR_VALID) == 0) { 640 /* Indicate that error occurred in ST_FDS state */ 641 s->admaerr &= ~SDHC_ADMAERR_STATE_MASK; 642 s->admaerr |= SDHC_ADMAERR_STATE_ST_FDS; 643 644 /* Generate ADMA error interrupt */ 645 if (s->errintstsen & SDHC_EISEN_ADMAERR) { 646 s->errintsts |= SDHC_EIS_ADMAERR; 647 s->norintsts |= SDHC_NIS_ERR; 648 } 649 650 sdhci_update_irq(s); 651 return; 652 } 653 654 length = dscr.length ? dscr.length : 65536; 655 656 switch (dscr.attr & SDHC_ADMA_ATTR_ACT_MASK) { 657 case SDHC_ADMA_ATTR_ACT_TRAN: /* data transfer */ 658 659 if (s->trnmod & SDHC_TRNS_READ) { 660 while (length) { 661 if (s->data_count == 0) { 662 for (n = 0; n < block_size; n++) { 663 s->fifo_buffer[n] = sdbus_read_data(&s->sdbus); 664 } 665 } 666 begin = s->data_count; 667 if ((length + begin) < block_size) { 668 s->data_count = length + begin; 669 length = 0; 670 } else { 671 s->data_count = block_size; 672 length -= block_size - begin; 673 } 674 dma_memory_write(s->dma_as, dscr.addr, 675 &s->fifo_buffer[begin], 676 s->data_count - begin); 677 dscr.addr += s->data_count - begin; 678 if (s->data_count == block_size) { 679 s->data_count = 0; 680 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) { 681 s->blkcnt--; 682 if (s->blkcnt == 0) { 683 break; 684 } 685 } 686 } 687 } 688 } else { 689 while (length) { 690 begin = s->data_count; 691 if ((length + begin) < block_size) { 692 s->data_count = length + begin; 693 length = 0; 694 } else { 695 s->data_count = block_size; 696 length -= block_size - begin; 697 } 698 dma_memory_read(s->dma_as, dscr.addr, 699 &s->fifo_buffer[begin], 700 s->data_count - begin); 701 dscr.addr += s->data_count - begin; 702 if (s->data_count == block_size) { 703 for (n = 0; n < block_size; n++) { 704 sdbus_write_data(&s->sdbus, s->fifo_buffer[n]); 705 } 706 s->data_count = 0; 707 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) { 708 s->blkcnt--; 709 if (s->blkcnt == 0) { 710 break; 711 } 712 } 713 } 714 } 715 } 716 s->admasysaddr += dscr.incr; 717 break; 718 case SDHC_ADMA_ATTR_ACT_LINK: /* link to next descriptor table */ 719 s->admasysaddr = dscr.addr; 720 trace_sdhci_adma("link", s->admasysaddr); 721 break; 722 default: 723 s->admasysaddr += dscr.incr; 724 break; 725 } 726 727 if (dscr.attr & SDHC_ADMA_ATTR_INT) { 728 trace_sdhci_adma("interrupt", s->admasysaddr); 729 if (s->norintstsen & SDHC_NISEN_DMA) { 730 s->norintsts |= SDHC_NIS_DMA; 731 } 732 733 sdhci_update_irq(s); 734 } 735 736 /* ADMA transfer terminates if blkcnt == 0 or by END attribute */ 737 if (((s->trnmod & SDHC_TRNS_BLK_CNT_EN) && 738 (s->blkcnt == 0)) || (dscr.attr & SDHC_ADMA_ATTR_END)) { 739 trace_sdhci_adma_transfer_completed(); 740 if (length || ((dscr.attr & SDHC_ADMA_ATTR_END) && 741 (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && 742 s->blkcnt != 0)) { 743 trace_sdhci_error("SD/MMC host ADMA length mismatch"); 744 s->admaerr |= SDHC_ADMAERR_LENGTH_MISMATCH | 745 SDHC_ADMAERR_STATE_ST_TFR; 746 if (s->errintstsen & SDHC_EISEN_ADMAERR) { 747 trace_sdhci_error("Set ADMA error flag"); 748 s->errintsts |= SDHC_EIS_ADMAERR; 749 s->norintsts |= SDHC_NIS_ERR; 750 } 751 752 sdhci_update_irq(s); 753 } 754 sdhci_end_transfer(s); 755 return; 756 } 757 758 } 759 760 /* we have unfinished business - reschedule to continue ADMA */ 761 timer_mod(s->transfer_timer, 762 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + SDHC_TRANSFER_DELAY); 763 } 764 765 /* Perform data transfer according to controller configuration */ 766 767 static void sdhci_data_transfer(void *opaque) 768 { 769 SDHCIState *s = (SDHCIState *)opaque; 770 771 if (s->trnmod & SDHC_TRNS_DMA) { 772 switch (SDHC_DMA_TYPE(s->hostctl)) { 773 case SDHC_CTRL_SDMA: 774 if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) { 775 sdhci_sdma_transfer_single_block(s); 776 } else { 777 sdhci_sdma_transfer_multi_blocks(s); 778 } 779 780 break; 781 case SDHC_CTRL_ADMA1_32: 782 if (!(s->capareg & SDHC_CAN_DO_ADMA1)) { 783 trace_sdhci_error("ADMA1 not supported"); 784 break; 785 } 786 787 sdhci_do_adma(s); 788 break; 789 case SDHC_CTRL_ADMA2_32: 790 if (!(s->capareg & SDHC_CAN_DO_ADMA2)) { 791 trace_sdhci_error("ADMA2 not supported"); 792 break; 793 } 794 795 sdhci_do_adma(s); 796 break; 797 case SDHC_CTRL_ADMA2_64: 798 if (!(s->capareg & SDHC_CAN_DO_ADMA2) || 799 !(s->capareg & SDHC_64_BIT_BUS_SUPPORT)) { 800 trace_sdhci_error("64 bit ADMA not supported"); 801 break; 802 } 803 804 sdhci_do_adma(s); 805 break; 806 default: 807 trace_sdhci_error("Unsupported DMA type"); 808 break; 809 } 810 } else { 811 if ((s->trnmod & SDHC_TRNS_READ) && sdbus_data_ready(&s->sdbus)) { 812 s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT | 813 SDHC_DAT_LINE_ACTIVE; 814 sdhci_read_block_from_card(s); 815 } else { 816 s->prnsts |= SDHC_DOING_WRITE | SDHC_DAT_LINE_ACTIVE | 817 SDHC_SPACE_AVAILABLE | SDHC_DATA_INHIBIT; 818 sdhci_write_block_to_card(s); 819 } 820 } 821 } 822 823 static bool sdhci_can_issue_command(SDHCIState *s) 824 { 825 if (!SDHC_CLOCK_IS_ON(s->clkcon) || 826 (((s->prnsts & SDHC_DATA_INHIBIT) || s->stopped_state) && 827 ((s->cmdreg & SDHC_CMD_DATA_PRESENT) || 828 ((s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY && 829 !(SDHC_COMMAND_TYPE(s->cmdreg) == SDHC_CMD_ABORT))))) { 830 return false; 831 } 832 833 return true; 834 } 835 836 /* The Buffer Data Port register must be accessed in sequential and 837 * continuous manner */ 838 static inline bool 839 sdhci_buff_access_is_sequential(SDHCIState *s, unsigned byte_num) 840 { 841 if ((s->data_count & 0x3) != byte_num) { 842 trace_sdhci_error("Non-sequential access to Buffer Data Port register" 843 "is prohibited\n"); 844 return false; 845 } 846 return true; 847 } 848 849 static uint64_t sdhci_read(void *opaque, hwaddr offset, unsigned size) 850 { 851 SDHCIState *s = (SDHCIState *)opaque; 852 uint32_t ret = 0; 853 854 switch (offset & ~0x3) { 855 case SDHC_SYSAD: 856 ret = s->sdmasysad; 857 break; 858 case SDHC_BLKSIZE: 859 ret = s->blksize | (s->blkcnt << 16); 860 break; 861 case SDHC_ARGUMENT: 862 ret = s->argument; 863 break; 864 case SDHC_TRNMOD: 865 ret = s->trnmod | (s->cmdreg << 16); 866 break; 867 case SDHC_RSPREG0 ... SDHC_RSPREG3: 868 ret = s->rspreg[((offset & ~0x3) - SDHC_RSPREG0) >> 2]; 869 break; 870 case SDHC_BDATA: 871 if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) { 872 ret = sdhci_read_dataport(s, size); 873 trace_sdhci_access("rd", size << 3, offset, "->", ret, ret); 874 return ret; 875 } 876 break; 877 case SDHC_PRNSTS: 878 ret = s->prnsts; 879 break; 880 case SDHC_HOSTCTL: 881 ret = s->hostctl | (s->pwrcon << 8) | (s->blkgap << 16) | 882 (s->wakcon << 24); 883 break; 884 case SDHC_CLKCON: 885 ret = s->clkcon | (s->timeoutcon << 16); 886 break; 887 case SDHC_NORINTSTS: 888 ret = s->norintsts | (s->errintsts << 16); 889 break; 890 case SDHC_NORINTSTSEN: 891 ret = s->norintstsen | (s->errintstsen << 16); 892 break; 893 case SDHC_NORINTSIGEN: 894 ret = s->norintsigen | (s->errintsigen << 16); 895 break; 896 case SDHC_ACMD12ERRSTS: 897 ret = s->acmd12errsts; 898 break; 899 case SDHC_CAPAB: 900 ret = (uint32_t)s->capareg; 901 break; 902 case SDHC_CAPAB + 4: 903 ret = (uint32_t)(s->capareg >> 32); 904 break; 905 case SDHC_MAXCURR: 906 ret = (uint32_t)s->maxcurr; 907 break; 908 case SDHC_MAXCURR + 4: 909 ret = (uint32_t)(s->maxcurr >> 32); 910 break; 911 case SDHC_ADMAERR: 912 ret = s->admaerr; 913 break; 914 case SDHC_ADMASYSADDR: 915 ret = (uint32_t)s->admasysaddr; 916 break; 917 case SDHC_ADMASYSADDR + 4: 918 ret = (uint32_t)(s->admasysaddr >> 32); 919 break; 920 case SDHC_SLOT_INT_STATUS: 921 ret = (SD_HOST_SPECv2_VERS << 16) | sdhci_slotint(s); 922 break; 923 default: 924 qemu_log_mask(LOG_UNIMP, "SDHC rd_%ub @0x%02" HWADDR_PRIx " " 925 "not implemented\n", size, offset); 926 break; 927 } 928 929 ret >>= (offset & 0x3) * 8; 930 ret &= (1ULL << (size * 8)) - 1; 931 trace_sdhci_access("rd", size << 3, offset, "->", ret, ret); 932 return ret; 933 } 934 935 static inline void sdhci_blkgap_write(SDHCIState *s, uint8_t value) 936 { 937 if ((value & SDHC_STOP_AT_GAP_REQ) && (s->blkgap & SDHC_STOP_AT_GAP_REQ)) { 938 return; 939 } 940 s->blkgap = value & SDHC_STOP_AT_GAP_REQ; 941 942 if ((value & SDHC_CONTINUE_REQ) && s->stopped_state && 943 (s->blkgap & SDHC_STOP_AT_GAP_REQ) == 0) { 944 if (s->stopped_state == sdhc_gap_read) { 945 s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_READ; 946 sdhci_read_block_from_card(s); 947 } else { 948 s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_WRITE; 949 sdhci_write_block_to_card(s); 950 } 951 s->stopped_state = sdhc_not_stopped; 952 } else if (!s->stopped_state && (value & SDHC_STOP_AT_GAP_REQ)) { 953 if (s->prnsts & SDHC_DOING_READ) { 954 s->stopped_state = sdhc_gap_read; 955 } else if (s->prnsts & SDHC_DOING_WRITE) { 956 s->stopped_state = sdhc_gap_write; 957 } 958 } 959 } 960 961 static inline void sdhci_reset_write(SDHCIState *s, uint8_t value) 962 { 963 switch (value) { 964 case SDHC_RESET_ALL: 965 sdhci_reset(s); 966 break; 967 case SDHC_RESET_CMD: 968 s->prnsts &= ~SDHC_CMD_INHIBIT; 969 s->norintsts &= ~SDHC_NIS_CMDCMP; 970 break; 971 case SDHC_RESET_DATA: 972 s->data_count = 0; 973 s->prnsts &= ~(SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE | 974 SDHC_DOING_READ | SDHC_DOING_WRITE | 975 SDHC_DATA_INHIBIT | SDHC_DAT_LINE_ACTIVE); 976 s->blkgap &= ~(SDHC_STOP_AT_GAP_REQ | SDHC_CONTINUE_REQ); 977 s->stopped_state = sdhc_not_stopped; 978 s->norintsts &= ~(SDHC_NIS_WBUFRDY | SDHC_NIS_RBUFRDY | 979 SDHC_NIS_DMA | SDHC_NIS_TRSCMP | SDHC_NIS_BLKGAP); 980 break; 981 } 982 } 983 984 static void 985 sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) 986 { 987 SDHCIState *s = (SDHCIState *)opaque; 988 unsigned shift = 8 * (offset & 0x3); 989 uint32_t mask = ~(((1ULL << (size * 8)) - 1) << shift); 990 uint32_t value = val; 991 value <<= shift; 992 993 switch (offset & ~0x3) { 994 case SDHC_SYSAD: 995 s->sdmasysad = (s->sdmasysad & mask) | value; 996 MASKED_WRITE(s->sdmasysad, mask, value); 997 /* Writing to last byte of sdmasysad might trigger transfer */ 998 if (!(mask & 0xFF000000) && TRANSFERRING_DATA(s->prnsts) && s->blkcnt && 999 s->blksize && SDHC_DMA_TYPE(s->hostctl) == SDHC_CTRL_SDMA) { 1000 if (s->trnmod & SDHC_TRNS_MULTI) { 1001 sdhci_sdma_transfer_multi_blocks(s); 1002 } else { 1003 sdhci_sdma_transfer_single_block(s); 1004 } 1005 } 1006 break; 1007 case SDHC_BLKSIZE: 1008 if (!TRANSFERRING_DATA(s->prnsts)) { 1009 MASKED_WRITE(s->blksize, mask, value); 1010 MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16); 1011 } 1012 1013 /* Limit block size to the maximum buffer size */ 1014 if (extract32(s->blksize, 0, 12) > s->buf_maxsz) { 1015 qemu_log_mask(LOG_GUEST_ERROR, "%s: Size 0x%x is larger than " \ 1016 "the maximum buffer 0x%x", __func__, s->blksize, 1017 s->buf_maxsz); 1018 1019 s->blksize = deposit32(s->blksize, 0, 12, s->buf_maxsz); 1020 } 1021 1022 break; 1023 case SDHC_ARGUMENT: 1024 MASKED_WRITE(s->argument, mask, value); 1025 break; 1026 case SDHC_TRNMOD: 1027 /* DMA can be enabled only if it is supported as indicated by 1028 * capabilities register */ 1029 if (!(s->capareg & SDHC_CAN_DO_DMA)) { 1030 value &= ~SDHC_TRNS_DMA; 1031 } 1032 MASKED_WRITE(s->trnmod, mask, value & SDHC_TRNMOD_MASK); 1033 MASKED_WRITE(s->cmdreg, mask >> 16, value >> 16); 1034 1035 /* Writing to the upper byte of CMDREG triggers SD command generation */ 1036 if ((mask & 0xFF000000) || !sdhci_can_issue_command(s)) { 1037 break; 1038 } 1039 1040 sdhci_send_command(s); 1041 break; 1042 case SDHC_BDATA: 1043 if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) { 1044 sdhci_write_dataport(s, value >> shift, size); 1045 } 1046 break; 1047 case SDHC_HOSTCTL: 1048 if (!(mask & 0xFF0000)) { 1049 sdhci_blkgap_write(s, value >> 16); 1050 } 1051 MASKED_WRITE(s->hostctl, mask, value); 1052 MASKED_WRITE(s->pwrcon, mask >> 8, value >> 8); 1053 MASKED_WRITE(s->wakcon, mask >> 24, value >> 24); 1054 if (!(s->prnsts & SDHC_CARD_PRESENT) || ((s->pwrcon >> 1) & 0x7) < 5 || 1055 !(s->capareg & (1 << (31 - ((s->pwrcon >> 1) & 0x7))))) { 1056 s->pwrcon &= ~SDHC_POWER_ON; 1057 } 1058 break; 1059 case SDHC_CLKCON: 1060 if (!(mask & 0xFF000000)) { 1061 sdhci_reset_write(s, value >> 24); 1062 } 1063 MASKED_WRITE(s->clkcon, mask, value); 1064 MASKED_WRITE(s->timeoutcon, mask >> 16, value >> 16); 1065 if (s->clkcon & SDHC_CLOCK_INT_EN) { 1066 s->clkcon |= SDHC_CLOCK_INT_STABLE; 1067 } else { 1068 s->clkcon &= ~SDHC_CLOCK_INT_STABLE; 1069 } 1070 break; 1071 case SDHC_NORINTSTS: 1072 if (s->norintstsen & SDHC_NISEN_CARDINT) { 1073 value &= ~SDHC_NIS_CARDINT; 1074 } 1075 s->norintsts &= mask | ~value; 1076 s->errintsts &= (mask >> 16) | ~(value >> 16); 1077 if (s->errintsts) { 1078 s->norintsts |= SDHC_NIS_ERR; 1079 } else { 1080 s->norintsts &= ~SDHC_NIS_ERR; 1081 } 1082 sdhci_update_irq(s); 1083 break; 1084 case SDHC_NORINTSTSEN: 1085 MASKED_WRITE(s->norintstsen, mask, value); 1086 MASKED_WRITE(s->errintstsen, mask >> 16, value >> 16); 1087 s->norintsts &= s->norintstsen; 1088 s->errintsts &= s->errintstsen; 1089 if (s->errintsts) { 1090 s->norintsts |= SDHC_NIS_ERR; 1091 } else { 1092 s->norintsts &= ~SDHC_NIS_ERR; 1093 } 1094 /* Quirk for Raspberry Pi: pending card insert interrupt 1095 * appears when first enabled after power on */ 1096 if ((s->norintstsen & SDHC_NISEN_INSERT) && s->pending_insert_state) { 1097 assert(s->pending_insert_quirk); 1098 s->norintsts |= SDHC_NIS_INSERT; 1099 s->pending_insert_state = false; 1100 } 1101 sdhci_update_irq(s); 1102 break; 1103 case SDHC_NORINTSIGEN: 1104 MASKED_WRITE(s->norintsigen, mask, value); 1105 MASKED_WRITE(s->errintsigen, mask >> 16, value >> 16); 1106 sdhci_update_irq(s); 1107 break; 1108 case SDHC_ADMAERR: 1109 MASKED_WRITE(s->admaerr, mask, value); 1110 break; 1111 case SDHC_ADMASYSADDR: 1112 s->admasysaddr = (s->admasysaddr & (0xFFFFFFFF00000000ULL | 1113 (uint64_t)mask)) | (uint64_t)value; 1114 break; 1115 case SDHC_ADMASYSADDR + 4: 1116 s->admasysaddr = (s->admasysaddr & (0x00000000FFFFFFFFULL | 1117 ((uint64_t)mask << 32))) | ((uint64_t)value << 32); 1118 break; 1119 case SDHC_FEAER: 1120 s->acmd12errsts |= value; 1121 s->errintsts |= (value >> 16) & s->errintstsen; 1122 if (s->acmd12errsts) { 1123 s->errintsts |= SDHC_EIS_CMD12ERR; 1124 } 1125 if (s->errintsts) { 1126 s->norintsts |= SDHC_NIS_ERR; 1127 } 1128 sdhci_update_irq(s); 1129 break; 1130 case SDHC_ACMD12ERRSTS: 1131 MASKED_WRITE(s->acmd12errsts, mask, value); 1132 break; 1133 1134 case SDHC_CAPAB: 1135 case SDHC_CAPAB + 4: 1136 case SDHC_MAXCURR: 1137 case SDHC_MAXCURR + 4: 1138 qemu_log_mask(LOG_GUEST_ERROR, "SDHC wr_%ub @0x%02" HWADDR_PRIx 1139 " <- 0x%08x read-only\n", size, offset, value >> shift); 1140 break; 1141 1142 default: 1143 qemu_log_mask(LOG_UNIMP, "SDHC wr_%ub @0x%02" HWADDR_PRIx " <- 0x%08x " 1144 "not implemented\n", size, offset, value >> shift); 1145 break; 1146 } 1147 trace_sdhci_access("wr", size << 3, offset, "<-", 1148 value >> shift, value >> shift); 1149 } 1150 1151 static const MemoryRegionOps sdhci_mmio_ops = { 1152 .read = sdhci_read, 1153 .write = sdhci_write, 1154 .valid = { 1155 .min_access_size = 1, 1156 .max_access_size = 4, 1157 .unaligned = false 1158 }, 1159 .endianness = DEVICE_LITTLE_ENDIAN, 1160 }; 1161 1162 static inline unsigned int sdhci_get_fifolen(SDHCIState *s) 1163 { 1164 switch (SDHC_CAPAB_BLOCKSIZE(s->capareg)) { 1165 case 0: 1166 return 512; 1167 case 1: 1168 return 1024; 1169 case 2: 1170 return 2048; 1171 default: 1172 hw_error("SDHC: unsupported value for maximum block size\n"); 1173 return 0; 1174 } 1175 } 1176 1177 /* --- qdev common --- */ 1178 1179 #define DEFINE_SDHCI_COMMON_PROPERTIES(_state) \ 1180 /* Capabilities registers provide information on supported features 1181 * of this specific host controller implementation */ \ 1182 DEFINE_PROP_UINT64("capareg", _state, capareg, SDHC_CAPAB_REG_DEFAULT), \ 1183 DEFINE_PROP_UINT64("maxcurr", _state, maxcurr, 0) 1184 1185 static void sdhci_initfn(SDHCIState *s) 1186 { 1187 qbus_create_inplace(&s->sdbus, sizeof(s->sdbus), 1188 TYPE_SDHCI_BUS, DEVICE(s), "sd-bus"); 1189 1190 s->insert_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sdhci_raise_insertion_irq, s); 1191 s->transfer_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sdhci_data_transfer, s); 1192 1193 s->io_ops = &sdhci_mmio_ops; 1194 } 1195 1196 static void sdhci_uninitfn(SDHCIState *s) 1197 { 1198 timer_del(s->insert_timer); 1199 timer_free(s->insert_timer); 1200 timer_del(s->transfer_timer); 1201 timer_free(s->transfer_timer); 1202 1203 g_free(s->fifo_buffer); 1204 s->fifo_buffer = NULL; 1205 } 1206 1207 static void sdhci_common_realize(SDHCIState *s, Error **errp) 1208 { 1209 s->buf_maxsz = sdhci_get_fifolen(s); 1210 s->fifo_buffer = g_malloc0(s->buf_maxsz); 1211 1212 memory_region_init_io(&s->iomem, OBJECT(s), &sdhci_mmio_ops, s, "sdhci", 1213 SDHC_REGISTERS_MAP_SIZE); 1214 } 1215 1216 static void sdhci_common_unrealize(SDHCIState *s, Error **errp) 1217 { 1218 /* This function is expected to be called only once for each class: 1219 * - SysBus: via DeviceClass->unrealize(), 1220 * - PCI: via PCIDeviceClass->exit(). 1221 * However to avoid double-free and/or use-after-free we still nullify 1222 * this variable (better safe than sorry!). */ 1223 g_free(s->fifo_buffer); 1224 s->fifo_buffer = NULL; 1225 } 1226 1227 static bool sdhci_pending_insert_vmstate_needed(void *opaque) 1228 { 1229 SDHCIState *s = opaque; 1230 1231 return s->pending_insert_state; 1232 } 1233 1234 static const VMStateDescription sdhci_pending_insert_vmstate = { 1235 .name = "sdhci/pending-insert", 1236 .version_id = 1, 1237 .minimum_version_id = 1, 1238 .needed = sdhci_pending_insert_vmstate_needed, 1239 .fields = (VMStateField[]) { 1240 VMSTATE_BOOL(pending_insert_state, SDHCIState), 1241 VMSTATE_END_OF_LIST() 1242 }, 1243 }; 1244 1245 const VMStateDescription sdhci_vmstate = { 1246 .name = "sdhci", 1247 .version_id = 1, 1248 .minimum_version_id = 1, 1249 .fields = (VMStateField[]) { 1250 VMSTATE_UINT32(sdmasysad, SDHCIState), 1251 VMSTATE_UINT16(blksize, SDHCIState), 1252 VMSTATE_UINT16(blkcnt, SDHCIState), 1253 VMSTATE_UINT32(argument, SDHCIState), 1254 VMSTATE_UINT16(trnmod, SDHCIState), 1255 VMSTATE_UINT16(cmdreg, SDHCIState), 1256 VMSTATE_UINT32_ARRAY(rspreg, SDHCIState, 4), 1257 VMSTATE_UINT32(prnsts, SDHCIState), 1258 VMSTATE_UINT8(hostctl, SDHCIState), 1259 VMSTATE_UINT8(pwrcon, SDHCIState), 1260 VMSTATE_UINT8(blkgap, SDHCIState), 1261 VMSTATE_UINT8(wakcon, SDHCIState), 1262 VMSTATE_UINT16(clkcon, SDHCIState), 1263 VMSTATE_UINT8(timeoutcon, SDHCIState), 1264 VMSTATE_UINT8(admaerr, SDHCIState), 1265 VMSTATE_UINT16(norintsts, SDHCIState), 1266 VMSTATE_UINT16(errintsts, SDHCIState), 1267 VMSTATE_UINT16(norintstsen, SDHCIState), 1268 VMSTATE_UINT16(errintstsen, SDHCIState), 1269 VMSTATE_UINT16(norintsigen, SDHCIState), 1270 VMSTATE_UINT16(errintsigen, SDHCIState), 1271 VMSTATE_UINT16(acmd12errsts, SDHCIState), 1272 VMSTATE_UINT16(data_count, SDHCIState), 1273 VMSTATE_UINT64(admasysaddr, SDHCIState), 1274 VMSTATE_UINT8(stopped_state, SDHCIState), 1275 VMSTATE_VBUFFER_UINT32(fifo_buffer, SDHCIState, 1, NULL, buf_maxsz), 1276 VMSTATE_TIMER_PTR(insert_timer, SDHCIState), 1277 VMSTATE_TIMER_PTR(transfer_timer, SDHCIState), 1278 VMSTATE_END_OF_LIST() 1279 }, 1280 .subsections = (const VMStateDescription*[]) { 1281 &sdhci_pending_insert_vmstate, 1282 NULL 1283 }, 1284 }; 1285 1286 static void sdhci_common_class_init(ObjectClass *klass, void *data) 1287 { 1288 DeviceClass *dc = DEVICE_CLASS(klass); 1289 1290 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 1291 dc->vmsd = &sdhci_vmstate; 1292 dc->reset = sdhci_poweron_reset; 1293 } 1294 1295 /* --- qdev PCI --- */ 1296 1297 static Property sdhci_pci_properties[] = { 1298 DEFINE_SDHCI_COMMON_PROPERTIES(SDHCIState), 1299 DEFINE_PROP_END_OF_LIST(), 1300 }; 1301 1302 static void sdhci_pci_realize(PCIDevice *dev, Error **errp) 1303 { 1304 SDHCIState *s = PCI_SDHCI(dev); 1305 1306 sdhci_initfn(s); 1307 sdhci_common_realize(s, errp); 1308 if (errp && *errp) { 1309 return; 1310 } 1311 1312 dev->config[PCI_CLASS_PROG] = 0x01; /* Standard Host supported DMA */ 1313 dev->config[PCI_INTERRUPT_PIN] = 0x01; /* interrupt pin A */ 1314 s->irq = pci_allocate_irq(dev); 1315 s->dma_as = pci_get_address_space(dev); 1316 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->iomem); 1317 } 1318 1319 static void sdhci_pci_exit(PCIDevice *dev) 1320 { 1321 SDHCIState *s = PCI_SDHCI(dev); 1322 1323 sdhci_common_unrealize(s, &error_abort); 1324 sdhci_uninitfn(s); 1325 } 1326 1327 static void sdhci_pci_class_init(ObjectClass *klass, void *data) 1328 { 1329 DeviceClass *dc = DEVICE_CLASS(klass); 1330 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 1331 1332 k->realize = sdhci_pci_realize; 1333 k->exit = sdhci_pci_exit; 1334 k->vendor_id = PCI_VENDOR_ID_REDHAT; 1335 k->device_id = PCI_DEVICE_ID_REDHAT_SDHCI; 1336 k->class_id = PCI_CLASS_SYSTEM_SDHCI; 1337 dc->props = sdhci_pci_properties; 1338 1339 sdhci_common_class_init(klass, data); 1340 } 1341 1342 static const TypeInfo sdhci_pci_info = { 1343 .name = TYPE_PCI_SDHCI, 1344 .parent = TYPE_PCI_DEVICE, 1345 .instance_size = sizeof(SDHCIState), 1346 .class_init = sdhci_pci_class_init, 1347 .interfaces = (InterfaceInfo[]) { 1348 { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 1349 { }, 1350 }, 1351 }; 1352 1353 /* --- qdev SysBus --- */ 1354 1355 static Property sdhci_sysbus_properties[] = { 1356 DEFINE_SDHCI_COMMON_PROPERTIES(SDHCIState), 1357 DEFINE_PROP_BOOL("pending-insert-quirk", SDHCIState, pending_insert_quirk, 1358 false), 1359 DEFINE_PROP_LINK("dma", SDHCIState, 1360 dma_mr, TYPE_MEMORY_REGION, MemoryRegion *), 1361 DEFINE_PROP_END_OF_LIST(), 1362 }; 1363 1364 static void sdhci_sysbus_init(Object *obj) 1365 { 1366 SDHCIState *s = SYSBUS_SDHCI(obj); 1367 1368 sdhci_initfn(s); 1369 } 1370 1371 static void sdhci_sysbus_finalize(Object *obj) 1372 { 1373 SDHCIState *s = SYSBUS_SDHCI(obj); 1374 1375 if (s->dma_mr) { 1376 object_unparent(OBJECT(s->dma_mr)); 1377 } 1378 1379 sdhci_uninitfn(s); 1380 } 1381 1382 static void sdhci_sysbus_realize(DeviceState *dev, Error ** errp) 1383 { 1384 SDHCIState *s = SYSBUS_SDHCI(dev); 1385 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1386 1387 sdhci_common_realize(s, errp); 1388 if (errp && *errp) { 1389 return; 1390 } 1391 1392 if (s->dma_mr) { 1393 s->dma_as = &s->sysbus_dma_as; 1394 address_space_init(s->dma_as, s->dma_mr, "sdhci-dma"); 1395 } else { 1396 /* use system_memory() if property "dma" not set */ 1397 s->dma_as = &address_space_memory; 1398 } 1399 1400 sysbus_init_irq(sbd, &s->irq); 1401 1402 memory_region_init_io(&s->iomem, OBJECT(s), s->io_ops, s, "sdhci", 1403 SDHC_REGISTERS_MAP_SIZE); 1404 1405 sysbus_init_mmio(sbd, &s->iomem); 1406 } 1407 1408 static void sdhci_sysbus_unrealize(DeviceState *dev, Error **errp) 1409 { 1410 SDHCIState *s = SYSBUS_SDHCI(dev); 1411 1412 sdhci_common_unrealize(s, &error_abort); 1413 1414 if (s->dma_mr) { 1415 address_space_destroy(s->dma_as); 1416 } 1417 } 1418 1419 static void sdhci_sysbus_class_init(ObjectClass *klass, void *data) 1420 { 1421 DeviceClass *dc = DEVICE_CLASS(klass); 1422 1423 dc->props = sdhci_sysbus_properties; 1424 dc->realize = sdhci_sysbus_realize; 1425 dc->unrealize = sdhci_sysbus_unrealize; 1426 1427 sdhci_common_class_init(klass, data); 1428 } 1429 1430 static const TypeInfo sdhci_sysbus_info = { 1431 .name = TYPE_SYSBUS_SDHCI, 1432 .parent = TYPE_SYS_BUS_DEVICE, 1433 .instance_size = sizeof(SDHCIState), 1434 .instance_init = sdhci_sysbus_init, 1435 .instance_finalize = sdhci_sysbus_finalize, 1436 .class_init = sdhci_sysbus_class_init, 1437 }; 1438 1439 /* --- qdev bus master --- */ 1440 1441 static void sdhci_bus_class_init(ObjectClass *klass, void *data) 1442 { 1443 SDBusClass *sbc = SD_BUS_CLASS(klass); 1444 1445 sbc->set_inserted = sdhci_set_inserted; 1446 sbc->set_readonly = sdhci_set_readonly; 1447 } 1448 1449 static const TypeInfo sdhci_bus_info = { 1450 .name = TYPE_SDHCI_BUS, 1451 .parent = TYPE_SD_BUS, 1452 .instance_size = sizeof(SDBus), 1453 .class_init = sdhci_bus_class_init, 1454 }; 1455 1456 static uint64_t usdhc_read(void *opaque, hwaddr offset, unsigned size) 1457 { 1458 SDHCIState *s = SYSBUS_SDHCI(opaque); 1459 uint32_t ret; 1460 uint16_t hostctl; 1461 1462 switch (offset) { 1463 default: 1464 return sdhci_read(opaque, offset, size); 1465 1466 case SDHC_HOSTCTL: 1467 /* 1468 * For a detailed explanation on the following bit 1469 * manipulation code see comments in a similar part of 1470 * usdhc_write() 1471 */ 1472 hostctl = SDHC_DMA_TYPE(s->hostctl) << (8 - 3); 1473 1474 if (s->hostctl & SDHC_CTRL_8BITBUS) { 1475 hostctl |= ESDHC_CTRL_8BITBUS; 1476 } 1477 1478 if (s->hostctl & SDHC_CTRL_4BITBUS) { 1479 hostctl |= ESDHC_CTRL_4BITBUS; 1480 } 1481 1482 ret = hostctl; 1483 ret |= (uint32_t)s->blkgap << 16; 1484 ret |= (uint32_t)s->wakcon << 24; 1485 1486 break; 1487 1488 case ESDHC_DLL_CTRL: 1489 case ESDHC_TUNE_CTRL_STATUS: 1490 case ESDHC_UNDOCUMENTED_REG27: 1491 case ESDHC_TUNING_CTRL: 1492 case ESDHC_VENDOR_SPEC: 1493 case ESDHC_MIX_CTRL: 1494 case ESDHC_WTMK_LVL: 1495 ret = 0; 1496 break; 1497 } 1498 1499 return ret; 1500 } 1501 1502 static void 1503 usdhc_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) 1504 { 1505 SDHCIState *s = SYSBUS_SDHCI(opaque); 1506 uint8_t hostctl; 1507 uint32_t value = (uint32_t)val; 1508 1509 switch (offset) { 1510 case ESDHC_DLL_CTRL: 1511 case ESDHC_TUNE_CTRL_STATUS: 1512 case ESDHC_UNDOCUMENTED_REG27: 1513 case ESDHC_TUNING_CTRL: 1514 case ESDHC_WTMK_LVL: 1515 case ESDHC_VENDOR_SPEC: 1516 break; 1517 1518 case SDHC_HOSTCTL: 1519 /* 1520 * Here's What ESDHCI has at offset 0x28 (SDHC_HOSTCTL) 1521 * 1522 * 7 6 5 4 3 2 1 0 1523 * |-----------+--------+--------+-----------+----------+---------| 1524 * | Card | Card | Endian | DATA3 | Data | Led | 1525 * | Detect | Detect | Mode | as Card | Transfer | Control | 1526 * | Signal | Test | | Detection | Width | | 1527 * | Selection | Level | | Pin | | | 1528 * |-----------+--------+--------+-----------+----------+---------| 1529 * 1530 * and 0x29 1531 * 1532 * 15 10 9 8 1533 * |----------+------| 1534 * | Reserved | DMA | 1535 * | | Sel. | 1536 * | | | 1537 * |----------+------| 1538 * 1539 * and here's what SDCHI spec expects those offsets to be: 1540 * 1541 * 0x28 (Host Control Register) 1542 * 1543 * 7 6 5 4 3 2 1 0 1544 * |--------+--------+----------+------+--------+----------+---------| 1545 * | Card | Card | Extended | DMA | High | Data | LED | 1546 * | Detect | Detect | Data | Sel. | Speed | Transfer | Control | 1547 * | Signal | Test | Transfer | | Enable | Width | | 1548 * | Sel. | Level | Width | | | | | 1549 * |--------+--------+----------+------+--------+----------+---------| 1550 * 1551 * and 0x29 (Power Control Register) 1552 * 1553 * |----------------------------------| 1554 * | Power Control Register | 1555 * | | 1556 * | Description omitted, | 1557 * | since it has no analog in ESDHCI | 1558 * | | 1559 * |----------------------------------| 1560 * 1561 * Since offsets 0x2A and 0x2B should be compatible between 1562 * both IP specs we only need to reconcile least 16-bit of the 1563 * word we've been given. 1564 */ 1565 1566 /* 1567 * First, save bits 7 6 and 0 since they are identical 1568 */ 1569 hostctl = value & (SDHC_CTRL_LED | 1570 SDHC_CTRL_CDTEST_INS | 1571 SDHC_CTRL_CDTEST_EN); 1572 /* 1573 * Second, split "Data Transfer Width" from bits 2 and 1 in to 1574 * bits 5 and 1 1575 */ 1576 if (value & ESDHC_CTRL_8BITBUS) { 1577 hostctl |= SDHC_CTRL_8BITBUS; 1578 } 1579 1580 if (value & ESDHC_CTRL_4BITBUS) { 1581 hostctl |= ESDHC_CTRL_4BITBUS; 1582 } 1583 1584 /* 1585 * Third, move DMA select from bits 9 and 8 to bits 4 and 3 1586 */ 1587 hostctl |= SDHC_DMA_TYPE(value >> (8 - 3)); 1588 1589 /* 1590 * Now place the corrected value into low 16-bit of the value 1591 * we are going to give standard SDHCI write function 1592 * 1593 * NOTE: This transformation should be the inverse of what can 1594 * be found in drivers/mmc/host/sdhci-esdhc-imx.c in Linux 1595 * kernel 1596 */ 1597 value &= ~UINT16_MAX; 1598 value |= hostctl; 1599 value |= (uint16_t)s->pwrcon << 8; 1600 1601 sdhci_write(opaque, offset, value, size); 1602 break; 1603 1604 case ESDHC_MIX_CTRL: 1605 /* 1606 * So, when SD/MMC stack in Linux tries to write to "Transfer 1607 * Mode Register", ESDHC i.MX quirk code will translate it 1608 * into a write to ESDHC_MIX_CTRL, so we do the opposite in 1609 * order to get where we started 1610 * 1611 * Note that Auto CMD23 Enable bit is located in a wrong place 1612 * on i.MX, but since it is not used by QEMU we do not care. 1613 * 1614 * We don't want to call sdhci_write(.., SDHC_TRNMOD, ...) 1615 * here becuase it will result in a call to 1616 * sdhci_send_command(s) which we don't want. 1617 * 1618 */ 1619 s->trnmod = value & UINT16_MAX; 1620 break; 1621 case SDHC_TRNMOD: 1622 /* 1623 * Similar to above, but this time a write to "Command 1624 * Register" will be translated into a 4-byte write to 1625 * "Transfer Mode register" where lower 16-bit of value would 1626 * be set to zero. So what we do is fill those bits with 1627 * cached value from s->trnmod and let the SDHCI 1628 * infrastructure handle the rest 1629 */ 1630 sdhci_write(opaque, offset, val | s->trnmod, size); 1631 break; 1632 case SDHC_BLKSIZE: 1633 /* 1634 * ESDHCI does not implement "Host SDMA Buffer Boundary", and 1635 * Linux driver will try to zero this field out which will 1636 * break the rest of SDHCI emulation. 1637 * 1638 * Linux defaults to maximum possible setting (512K boundary) 1639 * and it seems to be the only option that i.MX IP implements, 1640 * so we artificially set it to that value. 1641 */ 1642 val |= 0x7 << 12; 1643 /* FALLTHROUGH */ 1644 default: 1645 sdhci_write(opaque, offset, val, size); 1646 break; 1647 } 1648 } 1649 1650 1651 static const MemoryRegionOps usdhc_mmio_ops = { 1652 .read = usdhc_read, 1653 .write = usdhc_write, 1654 .valid = { 1655 .min_access_size = 1, 1656 .max_access_size = 4, 1657 .unaligned = false 1658 }, 1659 .endianness = DEVICE_LITTLE_ENDIAN, 1660 }; 1661 1662 static void imx_usdhc_init(Object *obj) 1663 { 1664 SDHCIState *s = SYSBUS_SDHCI(obj); 1665 1666 s->io_ops = &usdhc_mmio_ops; 1667 s->quirks = SDHCI_QUIRK_NO_BUSY_IRQ; 1668 } 1669 1670 static const TypeInfo imx_usdhc_info = { 1671 .name = TYPE_IMX_USDHC, 1672 .parent = TYPE_SYSBUS_SDHCI, 1673 .instance_init = imx_usdhc_init, 1674 }; 1675 1676 static void sdhci_register_types(void) 1677 { 1678 type_register_static(&sdhci_pci_info); 1679 type_register_static(&sdhci_sysbus_info); 1680 type_register_static(&sdhci_bus_info); 1681 type_register_static(&imx_usdhc_info); 1682 } 1683 1684 type_init(sdhci_register_types) 1685