1 /* 2 * SD Association Host Standard Specification v2.0 controller emulation 3 * 4 * Copyright (c) 2011 Samsung Electronics Co., Ltd. 5 * Mitsyanko Igor <i.mitsyanko@samsung.com> 6 * Peter A.G. Crosthwaite <peter.crosthwaite@petalogix.com> 7 * 8 * Based on MMC controller for Samsung S5PC1xx-based board emulation 9 * by Alexey Merkulov and Vladimir Monakhov. 10 * 11 * This program is free software; you can redistribute it and/or modify it 12 * under the terms of the GNU General Public License as published by the 13 * Free Software Foundation; either version 2 of the License, or (at your 14 * option) any later version. 15 * 16 * This program is distributed in the hope that it will be useful, 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 19 * See the GNU General Public License for more details. 20 * 21 * You should have received a copy of the GNU General Public License along 22 * with this program; if not, see <http://www.gnu.org/licenses/>. 23 */ 24 25 #include "qemu/osdep.h" 26 #include "qapi/error.h" 27 #include "hw/hw.h" 28 #include "sysemu/block-backend.h" 29 #include "sysemu/blockdev.h" 30 #include "sysemu/dma.h" 31 #include "qemu/timer.h" 32 #include "qemu/bitops.h" 33 #include "hw/sd/sdhci.h" 34 #include "sdhci-internal.h" 35 #include "qapi/error.h" 36 #include "qemu/log.h" 37 #include "trace.h" 38 39 #define TYPE_SDHCI_BUS "sdhci-bus" 40 #define SDHCI_BUS(obj) OBJECT_CHECK(SDBus, (obj), TYPE_SDHCI_BUS) 41 42 /* Default SD/MMC host controller features information, which will be 43 * presented in CAPABILITIES register of generic SD host controller at reset. 44 * If not stated otherwise: 45 * 0 - not supported, 1 - supported, other - prohibited. 46 */ 47 #define SDHC_CAPAB_64BITBUS 0ul /* 64-bit System Bus Support */ 48 #define SDHC_CAPAB_18V 1ul /* Voltage support 1.8v */ 49 #define SDHC_CAPAB_30V 0ul /* Voltage support 3.0v */ 50 #define SDHC_CAPAB_33V 1ul /* Voltage support 3.3v */ 51 #define SDHC_CAPAB_SUSPRESUME 0ul /* Suspend/resume support */ 52 #define SDHC_CAPAB_SDMA 1ul /* SDMA support */ 53 #define SDHC_CAPAB_HIGHSPEED 1ul /* High speed support */ 54 #define SDHC_CAPAB_ADMA1 1ul /* ADMA1 support */ 55 #define SDHC_CAPAB_ADMA2 1ul /* ADMA2 support */ 56 /* Maximum host controller R/W buffers size 57 * Possible values: 512, 1024, 2048 bytes */ 58 #define SDHC_CAPAB_MAXBLOCKLENGTH 512ul 59 /* Maximum clock frequency for SDclock in MHz 60 * value in range 10-63 MHz, 0 - not defined */ 61 #define SDHC_CAPAB_BASECLKFREQ 52ul 62 #define SDHC_CAPAB_TOUNIT 1ul /* Timeout clock unit 0 - kHz, 1 - MHz */ 63 /* Timeout clock frequency 1-63, 0 - not defined */ 64 #define SDHC_CAPAB_TOCLKFREQ 52ul 65 66 /* Now check all parameters and calculate CAPABILITIES REGISTER value */ 67 #if SDHC_CAPAB_64BITBUS > 1 || SDHC_CAPAB_18V > 1 || SDHC_CAPAB_30V > 1 || \ 68 SDHC_CAPAB_33V > 1 || SDHC_CAPAB_SUSPRESUME > 1 || SDHC_CAPAB_SDMA > 1 || \ 69 SDHC_CAPAB_HIGHSPEED > 1 || SDHC_CAPAB_ADMA2 > 1 || SDHC_CAPAB_ADMA1 > 1 ||\ 70 SDHC_CAPAB_TOUNIT > 1 71 #error Capabilities features can have value 0 or 1 only! 72 #endif 73 74 #if SDHC_CAPAB_MAXBLOCKLENGTH == 512 75 #define MAX_BLOCK_LENGTH 0ul 76 #elif SDHC_CAPAB_MAXBLOCKLENGTH == 1024 77 #define MAX_BLOCK_LENGTH 1ul 78 #elif SDHC_CAPAB_MAXBLOCKLENGTH == 2048 79 #define MAX_BLOCK_LENGTH 2ul 80 #else 81 #error Max host controller block size can have value 512, 1024 or 2048 only! 82 #endif 83 84 #if (SDHC_CAPAB_BASECLKFREQ > 0 && SDHC_CAPAB_BASECLKFREQ < 10) || \ 85 SDHC_CAPAB_BASECLKFREQ > 63 86 #error SDclock frequency can have value in range 0, 10-63 only! 87 #endif 88 89 #if SDHC_CAPAB_TOCLKFREQ > 63 90 #error Timeout clock frequency can have value in range 0-63 only! 91 #endif 92 93 #define SDHC_CAPAB_REG_DEFAULT \ 94 ((SDHC_CAPAB_64BITBUS << 28) | (SDHC_CAPAB_18V << 26) | \ 95 (SDHC_CAPAB_30V << 25) | (SDHC_CAPAB_33V << 24) | \ 96 (SDHC_CAPAB_SUSPRESUME << 23) | (SDHC_CAPAB_SDMA << 22) | \ 97 (SDHC_CAPAB_HIGHSPEED << 21) | (SDHC_CAPAB_ADMA1 << 20) | \ 98 (SDHC_CAPAB_ADMA2 << 19) | (MAX_BLOCK_LENGTH << 16) | \ 99 (SDHC_CAPAB_BASECLKFREQ << 8) | (SDHC_CAPAB_TOUNIT << 7) | \ 100 (SDHC_CAPAB_TOCLKFREQ)) 101 102 #define MASKED_WRITE(reg, mask, val) (reg = (reg & (mask)) | (val)) 103 104 static uint8_t sdhci_slotint(SDHCIState *s) 105 { 106 return (s->norintsts & s->norintsigen) || (s->errintsts & s->errintsigen) || 107 ((s->norintsts & SDHC_NIS_INSERT) && (s->wakcon & SDHC_WKUP_ON_INS)) || 108 ((s->norintsts & SDHC_NIS_REMOVE) && (s->wakcon & SDHC_WKUP_ON_RMV)); 109 } 110 111 static inline void sdhci_update_irq(SDHCIState *s) 112 { 113 qemu_set_irq(s->irq, sdhci_slotint(s)); 114 } 115 116 static void sdhci_raise_insertion_irq(void *opaque) 117 { 118 SDHCIState *s = (SDHCIState *)opaque; 119 120 if (s->norintsts & SDHC_NIS_REMOVE) { 121 timer_mod(s->insert_timer, 122 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + SDHC_INSERTION_DELAY); 123 } else { 124 s->prnsts = 0x1ff0000; 125 if (s->norintstsen & SDHC_NISEN_INSERT) { 126 s->norintsts |= SDHC_NIS_INSERT; 127 } 128 sdhci_update_irq(s); 129 } 130 } 131 132 static void sdhci_set_inserted(DeviceState *dev, bool level) 133 { 134 SDHCIState *s = (SDHCIState *)dev; 135 136 trace_sdhci_set_inserted(level ? "insert" : "eject"); 137 if ((s->norintsts & SDHC_NIS_REMOVE) && level) { 138 /* Give target some time to notice card ejection */ 139 timer_mod(s->insert_timer, 140 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + SDHC_INSERTION_DELAY); 141 } else { 142 if (level) { 143 s->prnsts = 0x1ff0000; 144 if (s->norintstsen & SDHC_NISEN_INSERT) { 145 s->norintsts |= SDHC_NIS_INSERT; 146 } 147 } else { 148 s->prnsts = 0x1fa0000; 149 s->pwrcon &= ~SDHC_POWER_ON; 150 s->clkcon &= ~SDHC_CLOCK_SDCLK_EN; 151 if (s->norintstsen & SDHC_NISEN_REMOVE) { 152 s->norintsts |= SDHC_NIS_REMOVE; 153 } 154 } 155 sdhci_update_irq(s); 156 } 157 } 158 159 static void sdhci_set_readonly(DeviceState *dev, bool level) 160 { 161 SDHCIState *s = (SDHCIState *)dev; 162 163 if (level) { 164 s->prnsts &= ~SDHC_WRITE_PROTECT; 165 } else { 166 /* Write enabled */ 167 s->prnsts |= SDHC_WRITE_PROTECT; 168 } 169 } 170 171 static void sdhci_reset(SDHCIState *s) 172 { 173 DeviceState *dev = DEVICE(s); 174 175 timer_del(s->insert_timer); 176 timer_del(s->transfer_timer); 177 /* Set all registers to 0. Capabilities registers are not cleared 178 * and assumed to always preserve their value, given to them during 179 * initialization */ 180 memset(&s->sdmasysad, 0, (uintptr_t)&s->capareg - (uintptr_t)&s->sdmasysad); 181 182 /* Reset other state based on current card insertion/readonly status */ 183 sdhci_set_inserted(dev, sdbus_get_inserted(&s->sdbus)); 184 sdhci_set_readonly(dev, sdbus_get_readonly(&s->sdbus)); 185 186 s->data_count = 0; 187 s->stopped_state = sdhc_not_stopped; 188 s->pending_insert_state = false; 189 } 190 191 static void sdhci_poweron_reset(DeviceState *dev) 192 { 193 /* QOM (ie power-on) reset. This is identical to reset 194 * commanded via device register apart from handling of the 195 * 'pending insert on powerup' quirk. 196 */ 197 SDHCIState *s = (SDHCIState *)dev; 198 199 sdhci_reset(s); 200 201 if (s->pending_insert_quirk) { 202 s->pending_insert_state = true; 203 } 204 } 205 206 static void sdhci_data_transfer(void *opaque); 207 208 static void sdhci_send_command(SDHCIState *s) 209 { 210 SDRequest request; 211 uint8_t response[16]; 212 int rlen; 213 214 s->errintsts = 0; 215 s->acmd12errsts = 0; 216 request.cmd = s->cmdreg >> 8; 217 request.arg = s->argument; 218 219 trace_sdhci_send_command(request.cmd, request.arg); 220 rlen = sdbus_do_command(&s->sdbus, &request, response); 221 222 if (s->cmdreg & SDHC_CMD_RESPONSE) { 223 if (rlen == 4) { 224 s->rspreg[0] = (response[0] << 24) | (response[1] << 16) | 225 (response[2] << 8) | response[3]; 226 s->rspreg[1] = s->rspreg[2] = s->rspreg[3] = 0; 227 trace_sdhci_response4(s->rspreg[0]); 228 } else if (rlen == 16) { 229 s->rspreg[0] = (response[11] << 24) | (response[12] << 16) | 230 (response[13] << 8) | response[14]; 231 s->rspreg[1] = (response[7] << 24) | (response[8] << 16) | 232 (response[9] << 8) | response[10]; 233 s->rspreg[2] = (response[3] << 24) | (response[4] << 16) | 234 (response[5] << 8) | response[6]; 235 s->rspreg[3] = (response[0] << 16) | (response[1] << 8) | 236 response[2]; 237 trace_sdhci_response16(s->rspreg[3], s->rspreg[2], 238 s->rspreg[1], s->rspreg[0]); 239 } else { 240 trace_sdhci_error("timeout waiting for command response"); 241 if (s->errintstsen & SDHC_EISEN_CMDTIMEOUT) { 242 s->errintsts |= SDHC_EIS_CMDTIMEOUT; 243 s->norintsts |= SDHC_NIS_ERR; 244 } 245 } 246 247 if (!(s->quirks & SDHCI_QUIRK_NO_BUSY_IRQ) && 248 (s->norintstsen & SDHC_NISEN_TRSCMP) && 249 (s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY) { 250 s->norintsts |= SDHC_NIS_TRSCMP; 251 } 252 } 253 254 if (s->norintstsen & SDHC_NISEN_CMDCMP) { 255 s->norintsts |= SDHC_NIS_CMDCMP; 256 } 257 258 sdhci_update_irq(s); 259 260 if (s->blksize && (s->cmdreg & SDHC_CMD_DATA_PRESENT)) { 261 s->data_count = 0; 262 sdhci_data_transfer(s); 263 } 264 } 265 266 static void sdhci_end_transfer(SDHCIState *s) 267 { 268 /* Automatically send CMD12 to stop transfer if AutoCMD12 enabled */ 269 if ((s->trnmod & SDHC_TRNS_ACMD12) != 0) { 270 SDRequest request; 271 uint8_t response[16]; 272 273 request.cmd = 0x0C; 274 request.arg = 0; 275 trace_sdhci_end_transfer(request.cmd, request.arg); 276 sdbus_do_command(&s->sdbus, &request, response); 277 /* Auto CMD12 response goes to the upper Response register */ 278 s->rspreg[3] = (response[0] << 24) | (response[1] << 16) | 279 (response[2] << 8) | response[3]; 280 } 281 282 s->prnsts &= ~(SDHC_DOING_READ | SDHC_DOING_WRITE | 283 SDHC_DAT_LINE_ACTIVE | SDHC_DATA_INHIBIT | 284 SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE); 285 286 if (s->norintstsen & SDHC_NISEN_TRSCMP) { 287 s->norintsts |= SDHC_NIS_TRSCMP; 288 } 289 290 sdhci_update_irq(s); 291 } 292 293 /* 294 * Programmed i/o data transfer 295 */ 296 297 /* Fill host controller's read buffer with BLKSIZE bytes of data from card */ 298 static void sdhci_read_block_from_card(SDHCIState *s) 299 { 300 int index = 0; 301 302 if ((s->trnmod & SDHC_TRNS_MULTI) && 303 (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0)) { 304 return; 305 } 306 307 for (index = 0; index < (s->blksize & 0x0fff); index++) { 308 s->fifo_buffer[index] = sdbus_read_data(&s->sdbus); 309 } 310 311 /* New data now available for READ through Buffer Port Register */ 312 s->prnsts |= SDHC_DATA_AVAILABLE; 313 if (s->norintstsen & SDHC_NISEN_RBUFRDY) { 314 s->norintsts |= SDHC_NIS_RBUFRDY; 315 } 316 317 /* Clear DAT line active status if that was the last block */ 318 if ((s->trnmod & SDHC_TRNS_MULTI) == 0 || 319 ((s->trnmod & SDHC_TRNS_MULTI) && s->blkcnt == 1)) { 320 s->prnsts &= ~SDHC_DAT_LINE_ACTIVE; 321 } 322 323 /* If stop at block gap request was set and it's not the last block of 324 * data - generate Block Event interrupt */ 325 if (s->stopped_state == sdhc_gap_read && (s->trnmod & SDHC_TRNS_MULTI) && 326 s->blkcnt != 1) { 327 s->prnsts &= ~SDHC_DAT_LINE_ACTIVE; 328 if (s->norintstsen & SDHC_EISEN_BLKGAP) { 329 s->norintsts |= SDHC_EIS_BLKGAP; 330 } 331 } 332 333 sdhci_update_irq(s); 334 } 335 336 /* Read @size byte of data from host controller @s BUFFER DATA PORT register */ 337 static uint32_t sdhci_read_dataport(SDHCIState *s, unsigned size) 338 { 339 uint32_t value = 0; 340 int i; 341 342 /* first check that a valid data exists in host controller input buffer */ 343 if ((s->prnsts & SDHC_DATA_AVAILABLE) == 0) { 344 trace_sdhci_error("read from empty buffer"); 345 return 0; 346 } 347 348 for (i = 0; i < size; i++) { 349 value |= s->fifo_buffer[s->data_count] << i * 8; 350 s->data_count++; 351 /* check if we've read all valid data (blksize bytes) from buffer */ 352 if ((s->data_count) >= (s->blksize & 0x0fff)) { 353 trace_sdhci_read_dataport(s->data_count); 354 s->prnsts &= ~SDHC_DATA_AVAILABLE; /* no more data in a buffer */ 355 s->data_count = 0; /* next buff read must start at position [0] */ 356 357 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) { 358 s->blkcnt--; 359 } 360 361 /* if that was the last block of data */ 362 if ((s->trnmod & SDHC_TRNS_MULTI) == 0 || 363 ((s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0)) || 364 /* stop at gap request */ 365 (s->stopped_state == sdhc_gap_read && 366 !(s->prnsts & SDHC_DAT_LINE_ACTIVE))) { 367 sdhci_end_transfer(s); 368 } else { /* if there are more data, read next block from card */ 369 sdhci_read_block_from_card(s); 370 } 371 break; 372 } 373 } 374 375 return value; 376 } 377 378 /* Write data from host controller FIFO to card */ 379 static void sdhci_write_block_to_card(SDHCIState *s) 380 { 381 int index = 0; 382 383 if (s->prnsts & SDHC_SPACE_AVAILABLE) { 384 if (s->norintstsen & SDHC_NISEN_WBUFRDY) { 385 s->norintsts |= SDHC_NIS_WBUFRDY; 386 } 387 sdhci_update_irq(s); 388 return; 389 } 390 391 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) { 392 if (s->blkcnt == 0) { 393 return; 394 } else { 395 s->blkcnt--; 396 } 397 } 398 399 for (index = 0; index < (s->blksize & 0x0fff); index++) { 400 sdbus_write_data(&s->sdbus, s->fifo_buffer[index]); 401 } 402 403 /* Next data can be written through BUFFER DATORT register */ 404 s->prnsts |= SDHC_SPACE_AVAILABLE; 405 406 /* Finish transfer if that was the last block of data */ 407 if ((s->trnmod & SDHC_TRNS_MULTI) == 0 || 408 ((s->trnmod & SDHC_TRNS_MULTI) && 409 (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0))) { 410 sdhci_end_transfer(s); 411 } else if (s->norintstsen & SDHC_NISEN_WBUFRDY) { 412 s->norintsts |= SDHC_NIS_WBUFRDY; 413 } 414 415 /* Generate Block Gap Event if requested and if not the last block */ 416 if (s->stopped_state == sdhc_gap_write && (s->trnmod & SDHC_TRNS_MULTI) && 417 s->blkcnt > 0) { 418 s->prnsts &= ~SDHC_DOING_WRITE; 419 if (s->norintstsen & SDHC_EISEN_BLKGAP) { 420 s->norintsts |= SDHC_EIS_BLKGAP; 421 } 422 sdhci_end_transfer(s); 423 } 424 425 sdhci_update_irq(s); 426 } 427 428 /* Write @size bytes of @value data to host controller @s Buffer Data Port 429 * register */ 430 static void sdhci_write_dataport(SDHCIState *s, uint32_t value, unsigned size) 431 { 432 unsigned i; 433 434 /* Check that there is free space left in a buffer */ 435 if (!(s->prnsts & SDHC_SPACE_AVAILABLE)) { 436 trace_sdhci_error("Can't write to data buffer: buffer full"); 437 return; 438 } 439 440 for (i = 0; i < size; i++) { 441 s->fifo_buffer[s->data_count] = value & 0xFF; 442 s->data_count++; 443 value >>= 8; 444 if (s->data_count >= (s->blksize & 0x0fff)) { 445 trace_sdhci_write_dataport(s->data_count); 446 s->data_count = 0; 447 s->prnsts &= ~SDHC_SPACE_AVAILABLE; 448 if (s->prnsts & SDHC_DOING_WRITE) { 449 sdhci_write_block_to_card(s); 450 } 451 } 452 } 453 } 454 455 /* 456 * Single DMA data transfer 457 */ 458 459 /* Multi block SDMA transfer */ 460 static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s) 461 { 462 bool page_aligned = false; 463 unsigned int n, begin; 464 const uint16_t block_size = s->blksize & 0x0fff; 465 uint32_t boundary_chk = 1 << (((s->blksize & 0xf000) >> 12) + 12); 466 uint32_t boundary_count = boundary_chk - (s->sdmasysad % boundary_chk); 467 468 if (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || !s->blkcnt) { 469 qemu_log_mask(LOG_UNIMP, "infinite transfer is not supported\n"); 470 return; 471 } 472 473 /* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for 474 * possible stop at page boundary if initial address is not page aligned, 475 * allow them to work properly */ 476 if ((s->sdmasysad % boundary_chk) == 0) { 477 page_aligned = true; 478 } 479 480 if (s->trnmod & SDHC_TRNS_READ) { 481 s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT | 482 SDHC_DAT_LINE_ACTIVE; 483 while (s->blkcnt) { 484 if (s->data_count == 0) { 485 for (n = 0; n < block_size; n++) { 486 s->fifo_buffer[n] = sdbus_read_data(&s->sdbus); 487 } 488 } 489 begin = s->data_count; 490 if (((boundary_count + begin) < block_size) && page_aligned) { 491 s->data_count = boundary_count + begin; 492 boundary_count = 0; 493 } else { 494 s->data_count = block_size; 495 boundary_count -= block_size - begin; 496 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) { 497 s->blkcnt--; 498 } 499 } 500 dma_memory_write(s->dma_as, s->sdmasysad, 501 &s->fifo_buffer[begin], s->data_count - begin); 502 s->sdmasysad += s->data_count - begin; 503 if (s->data_count == block_size) { 504 s->data_count = 0; 505 } 506 if (page_aligned && boundary_count == 0) { 507 break; 508 } 509 } 510 } else { 511 s->prnsts |= SDHC_DOING_WRITE | SDHC_DATA_INHIBIT | 512 SDHC_DAT_LINE_ACTIVE; 513 while (s->blkcnt) { 514 begin = s->data_count; 515 if (((boundary_count + begin) < block_size) && page_aligned) { 516 s->data_count = boundary_count + begin; 517 boundary_count = 0; 518 } else { 519 s->data_count = block_size; 520 boundary_count -= block_size - begin; 521 } 522 dma_memory_read(s->dma_as, s->sdmasysad, 523 &s->fifo_buffer[begin], s->data_count - begin); 524 s->sdmasysad += s->data_count - begin; 525 if (s->data_count == block_size) { 526 for (n = 0; n < block_size; n++) { 527 sdbus_write_data(&s->sdbus, s->fifo_buffer[n]); 528 } 529 s->data_count = 0; 530 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) { 531 s->blkcnt--; 532 } 533 } 534 if (page_aligned && boundary_count == 0) { 535 break; 536 } 537 } 538 } 539 540 if (s->blkcnt == 0) { 541 sdhci_end_transfer(s); 542 } else { 543 if (s->norintstsen & SDHC_NISEN_DMA) { 544 s->norintsts |= SDHC_NIS_DMA; 545 } 546 sdhci_update_irq(s); 547 } 548 } 549 550 /* single block SDMA transfer */ 551 static void sdhci_sdma_transfer_single_block(SDHCIState *s) 552 { 553 int n; 554 uint32_t datacnt = s->blksize & 0x0fff; 555 556 if (s->trnmod & SDHC_TRNS_READ) { 557 for (n = 0; n < datacnt; n++) { 558 s->fifo_buffer[n] = sdbus_read_data(&s->sdbus); 559 } 560 dma_memory_write(s->dma_as, s->sdmasysad, s->fifo_buffer, datacnt); 561 } else { 562 dma_memory_read(s->dma_as, s->sdmasysad, s->fifo_buffer, datacnt); 563 for (n = 0; n < datacnt; n++) { 564 sdbus_write_data(&s->sdbus, s->fifo_buffer[n]); 565 } 566 } 567 s->blkcnt--; 568 569 sdhci_end_transfer(s); 570 } 571 572 typedef struct ADMADescr { 573 hwaddr addr; 574 uint16_t length; 575 uint8_t attr; 576 uint8_t incr; 577 } ADMADescr; 578 579 static void get_adma_description(SDHCIState *s, ADMADescr *dscr) 580 { 581 uint32_t adma1 = 0; 582 uint64_t adma2 = 0; 583 hwaddr entry_addr = (hwaddr)s->admasysaddr; 584 switch (SDHC_DMA_TYPE(s->hostctl)) { 585 case SDHC_CTRL_ADMA2_32: 586 dma_memory_read(s->dma_as, entry_addr, (uint8_t *)&adma2, 587 sizeof(adma2)); 588 adma2 = le64_to_cpu(adma2); 589 /* The spec does not specify endianness of descriptor table. 590 * We currently assume that it is LE. 591 */ 592 dscr->addr = (hwaddr)extract64(adma2, 32, 32) & ~0x3ull; 593 dscr->length = (uint16_t)extract64(adma2, 16, 16); 594 dscr->attr = (uint8_t)extract64(adma2, 0, 7); 595 dscr->incr = 8; 596 break; 597 case SDHC_CTRL_ADMA1_32: 598 dma_memory_read(s->dma_as, entry_addr, (uint8_t *)&adma1, 599 sizeof(adma1)); 600 adma1 = le32_to_cpu(adma1); 601 dscr->addr = (hwaddr)(adma1 & 0xFFFFF000); 602 dscr->attr = (uint8_t)extract32(adma1, 0, 7); 603 dscr->incr = 4; 604 if ((dscr->attr & SDHC_ADMA_ATTR_ACT_MASK) == SDHC_ADMA_ATTR_SET_LEN) { 605 dscr->length = (uint16_t)extract32(adma1, 12, 16); 606 } else { 607 dscr->length = 4096; 608 } 609 break; 610 case SDHC_CTRL_ADMA2_64: 611 dma_memory_read(s->dma_as, entry_addr, 612 (uint8_t *)(&dscr->attr), 1); 613 dma_memory_read(s->dma_as, entry_addr + 2, 614 (uint8_t *)(&dscr->length), 2); 615 dscr->length = le16_to_cpu(dscr->length); 616 dma_memory_read(s->dma_as, entry_addr + 4, 617 (uint8_t *)(&dscr->addr), 8); 618 dscr->attr = le64_to_cpu(dscr->attr); 619 dscr->attr &= 0xfffffff8; 620 dscr->incr = 12; 621 break; 622 } 623 } 624 625 /* Advanced DMA data transfer */ 626 627 static void sdhci_do_adma(SDHCIState *s) 628 { 629 unsigned int n, begin, length; 630 const uint16_t block_size = s->blksize & 0x0fff; 631 ADMADescr dscr = {}; 632 int i; 633 634 for (i = 0; i < SDHC_ADMA_DESCS_PER_DELAY; ++i) { 635 s->admaerr &= ~SDHC_ADMAERR_LENGTH_MISMATCH; 636 637 get_adma_description(s, &dscr); 638 trace_sdhci_adma_loop(dscr.addr, dscr.length, dscr.attr); 639 640 if ((dscr.attr & SDHC_ADMA_ATTR_VALID) == 0) { 641 /* Indicate that error occurred in ST_FDS state */ 642 s->admaerr &= ~SDHC_ADMAERR_STATE_MASK; 643 s->admaerr |= SDHC_ADMAERR_STATE_ST_FDS; 644 645 /* Generate ADMA error interrupt */ 646 if (s->errintstsen & SDHC_EISEN_ADMAERR) { 647 s->errintsts |= SDHC_EIS_ADMAERR; 648 s->norintsts |= SDHC_NIS_ERR; 649 } 650 651 sdhci_update_irq(s); 652 return; 653 } 654 655 length = dscr.length ? dscr.length : 65536; 656 657 switch (dscr.attr & SDHC_ADMA_ATTR_ACT_MASK) { 658 case SDHC_ADMA_ATTR_ACT_TRAN: /* data transfer */ 659 660 if (s->trnmod & SDHC_TRNS_READ) { 661 while (length) { 662 if (s->data_count == 0) { 663 for (n = 0; n < block_size; n++) { 664 s->fifo_buffer[n] = sdbus_read_data(&s->sdbus); 665 } 666 } 667 begin = s->data_count; 668 if ((length + begin) < block_size) { 669 s->data_count = length + begin; 670 length = 0; 671 } else { 672 s->data_count = block_size; 673 length -= block_size - begin; 674 } 675 dma_memory_write(s->dma_as, dscr.addr, 676 &s->fifo_buffer[begin], 677 s->data_count - begin); 678 dscr.addr += s->data_count - begin; 679 if (s->data_count == block_size) { 680 s->data_count = 0; 681 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) { 682 s->blkcnt--; 683 if (s->blkcnt == 0) { 684 break; 685 } 686 } 687 } 688 } 689 } else { 690 while (length) { 691 begin = s->data_count; 692 if ((length + begin) < block_size) { 693 s->data_count = length + begin; 694 length = 0; 695 } else { 696 s->data_count = block_size; 697 length -= block_size - begin; 698 } 699 dma_memory_read(s->dma_as, dscr.addr, 700 &s->fifo_buffer[begin], 701 s->data_count - begin); 702 dscr.addr += s->data_count - begin; 703 if (s->data_count == block_size) { 704 for (n = 0; n < block_size; n++) { 705 sdbus_write_data(&s->sdbus, s->fifo_buffer[n]); 706 } 707 s->data_count = 0; 708 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) { 709 s->blkcnt--; 710 if (s->blkcnt == 0) { 711 break; 712 } 713 } 714 } 715 } 716 } 717 s->admasysaddr += dscr.incr; 718 break; 719 case SDHC_ADMA_ATTR_ACT_LINK: /* link to next descriptor table */ 720 s->admasysaddr = dscr.addr; 721 trace_sdhci_adma("link", s->admasysaddr); 722 break; 723 default: 724 s->admasysaddr += dscr.incr; 725 break; 726 } 727 728 if (dscr.attr & SDHC_ADMA_ATTR_INT) { 729 trace_sdhci_adma("interrupt", s->admasysaddr); 730 if (s->norintstsen & SDHC_NISEN_DMA) { 731 s->norintsts |= SDHC_NIS_DMA; 732 } 733 734 sdhci_update_irq(s); 735 } 736 737 /* ADMA transfer terminates if blkcnt == 0 or by END attribute */ 738 if (((s->trnmod & SDHC_TRNS_BLK_CNT_EN) && 739 (s->blkcnt == 0)) || (dscr.attr & SDHC_ADMA_ATTR_END)) { 740 trace_sdhci_adma_transfer_completed(); 741 if (length || ((dscr.attr & SDHC_ADMA_ATTR_END) && 742 (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && 743 s->blkcnt != 0)) { 744 trace_sdhci_error("SD/MMC host ADMA length mismatch"); 745 s->admaerr |= SDHC_ADMAERR_LENGTH_MISMATCH | 746 SDHC_ADMAERR_STATE_ST_TFR; 747 if (s->errintstsen & SDHC_EISEN_ADMAERR) { 748 trace_sdhci_error("Set ADMA error flag"); 749 s->errintsts |= SDHC_EIS_ADMAERR; 750 s->norintsts |= SDHC_NIS_ERR; 751 } 752 753 sdhci_update_irq(s); 754 } 755 sdhci_end_transfer(s); 756 return; 757 } 758 759 } 760 761 /* we have unfinished business - reschedule to continue ADMA */ 762 timer_mod(s->transfer_timer, 763 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + SDHC_TRANSFER_DELAY); 764 } 765 766 /* Perform data transfer according to controller configuration */ 767 768 static void sdhci_data_transfer(void *opaque) 769 { 770 SDHCIState *s = (SDHCIState *)opaque; 771 772 if (s->trnmod & SDHC_TRNS_DMA) { 773 switch (SDHC_DMA_TYPE(s->hostctl)) { 774 case SDHC_CTRL_SDMA: 775 if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) { 776 sdhci_sdma_transfer_single_block(s); 777 } else { 778 sdhci_sdma_transfer_multi_blocks(s); 779 } 780 781 break; 782 case SDHC_CTRL_ADMA1_32: 783 if (!(s->capareg & SDHC_CAN_DO_ADMA1)) { 784 trace_sdhci_error("ADMA1 not supported"); 785 break; 786 } 787 788 sdhci_do_adma(s); 789 break; 790 case SDHC_CTRL_ADMA2_32: 791 if (!(s->capareg & SDHC_CAN_DO_ADMA2)) { 792 trace_sdhci_error("ADMA2 not supported"); 793 break; 794 } 795 796 sdhci_do_adma(s); 797 break; 798 case SDHC_CTRL_ADMA2_64: 799 if (!(s->capareg & SDHC_CAN_DO_ADMA2) || 800 !(s->capareg & SDHC_64_BIT_BUS_SUPPORT)) { 801 trace_sdhci_error("64 bit ADMA not supported"); 802 break; 803 } 804 805 sdhci_do_adma(s); 806 break; 807 default: 808 trace_sdhci_error("Unsupported DMA type"); 809 break; 810 } 811 } else { 812 if ((s->trnmod & SDHC_TRNS_READ) && sdbus_data_ready(&s->sdbus)) { 813 s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT | 814 SDHC_DAT_LINE_ACTIVE; 815 sdhci_read_block_from_card(s); 816 } else { 817 s->prnsts |= SDHC_DOING_WRITE | SDHC_DAT_LINE_ACTIVE | 818 SDHC_SPACE_AVAILABLE | SDHC_DATA_INHIBIT; 819 sdhci_write_block_to_card(s); 820 } 821 } 822 } 823 824 static bool sdhci_can_issue_command(SDHCIState *s) 825 { 826 if (!SDHC_CLOCK_IS_ON(s->clkcon) || 827 (((s->prnsts & SDHC_DATA_INHIBIT) || s->stopped_state) && 828 ((s->cmdreg & SDHC_CMD_DATA_PRESENT) || 829 ((s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY && 830 !(SDHC_COMMAND_TYPE(s->cmdreg) == SDHC_CMD_ABORT))))) { 831 return false; 832 } 833 834 return true; 835 } 836 837 /* The Buffer Data Port register must be accessed in sequential and 838 * continuous manner */ 839 static inline bool 840 sdhci_buff_access_is_sequential(SDHCIState *s, unsigned byte_num) 841 { 842 if ((s->data_count & 0x3) != byte_num) { 843 trace_sdhci_error("Non-sequential access to Buffer Data Port register" 844 "is prohibited\n"); 845 return false; 846 } 847 return true; 848 } 849 850 static uint64_t sdhci_read(void *opaque, hwaddr offset, unsigned size) 851 { 852 SDHCIState *s = (SDHCIState *)opaque; 853 uint32_t ret = 0; 854 855 switch (offset & ~0x3) { 856 case SDHC_SYSAD: 857 ret = s->sdmasysad; 858 break; 859 case SDHC_BLKSIZE: 860 ret = s->blksize | (s->blkcnt << 16); 861 break; 862 case SDHC_ARGUMENT: 863 ret = s->argument; 864 break; 865 case SDHC_TRNMOD: 866 ret = s->trnmod | (s->cmdreg << 16); 867 break; 868 case SDHC_RSPREG0 ... SDHC_RSPREG3: 869 ret = s->rspreg[((offset & ~0x3) - SDHC_RSPREG0) >> 2]; 870 break; 871 case SDHC_BDATA: 872 if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) { 873 ret = sdhci_read_dataport(s, size); 874 trace_sdhci_access("rd", size << 3, offset, "->", ret, ret); 875 return ret; 876 } 877 break; 878 case SDHC_PRNSTS: 879 ret = s->prnsts; 880 break; 881 case SDHC_HOSTCTL: 882 ret = s->hostctl | (s->pwrcon << 8) | (s->blkgap << 16) | 883 (s->wakcon << 24); 884 break; 885 case SDHC_CLKCON: 886 ret = s->clkcon | (s->timeoutcon << 16); 887 break; 888 case SDHC_NORINTSTS: 889 ret = s->norintsts | (s->errintsts << 16); 890 break; 891 case SDHC_NORINTSTSEN: 892 ret = s->norintstsen | (s->errintstsen << 16); 893 break; 894 case SDHC_NORINTSIGEN: 895 ret = s->norintsigen | (s->errintsigen << 16); 896 break; 897 case SDHC_ACMD12ERRSTS: 898 ret = s->acmd12errsts; 899 break; 900 case SDHC_CAPAB: 901 ret = (uint32_t)s->capareg; 902 break; 903 case SDHC_CAPAB + 4: 904 ret = (uint32_t)(s->capareg >> 32); 905 break; 906 case SDHC_MAXCURR: 907 ret = (uint32_t)s->maxcurr; 908 break; 909 case SDHC_MAXCURR + 4: 910 ret = (uint32_t)(s->maxcurr >> 32); 911 break; 912 case SDHC_ADMAERR: 913 ret = s->admaerr; 914 break; 915 case SDHC_ADMASYSADDR: 916 ret = (uint32_t)s->admasysaddr; 917 break; 918 case SDHC_ADMASYSADDR + 4: 919 ret = (uint32_t)(s->admasysaddr >> 32); 920 break; 921 case SDHC_SLOT_INT_STATUS: 922 ret = (SD_HOST_SPECv2_VERS << 16) | sdhci_slotint(s); 923 break; 924 default: 925 qemu_log_mask(LOG_UNIMP, "SDHC rd_%ub @0x%02" HWADDR_PRIx " " 926 "not implemented\n", size, offset); 927 break; 928 } 929 930 ret >>= (offset & 0x3) * 8; 931 ret &= (1ULL << (size * 8)) - 1; 932 trace_sdhci_access("rd", size << 3, offset, "->", ret, ret); 933 return ret; 934 } 935 936 static inline void sdhci_blkgap_write(SDHCIState *s, uint8_t value) 937 { 938 if ((value & SDHC_STOP_AT_GAP_REQ) && (s->blkgap & SDHC_STOP_AT_GAP_REQ)) { 939 return; 940 } 941 s->blkgap = value & SDHC_STOP_AT_GAP_REQ; 942 943 if ((value & SDHC_CONTINUE_REQ) && s->stopped_state && 944 (s->blkgap & SDHC_STOP_AT_GAP_REQ) == 0) { 945 if (s->stopped_state == sdhc_gap_read) { 946 s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_READ; 947 sdhci_read_block_from_card(s); 948 } else { 949 s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_WRITE; 950 sdhci_write_block_to_card(s); 951 } 952 s->stopped_state = sdhc_not_stopped; 953 } else if (!s->stopped_state && (value & SDHC_STOP_AT_GAP_REQ)) { 954 if (s->prnsts & SDHC_DOING_READ) { 955 s->stopped_state = sdhc_gap_read; 956 } else if (s->prnsts & SDHC_DOING_WRITE) { 957 s->stopped_state = sdhc_gap_write; 958 } 959 } 960 } 961 962 static inline void sdhci_reset_write(SDHCIState *s, uint8_t value) 963 { 964 switch (value) { 965 case SDHC_RESET_ALL: 966 sdhci_reset(s); 967 break; 968 case SDHC_RESET_CMD: 969 s->prnsts &= ~SDHC_CMD_INHIBIT; 970 s->norintsts &= ~SDHC_NIS_CMDCMP; 971 break; 972 case SDHC_RESET_DATA: 973 s->data_count = 0; 974 s->prnsts &= ~(SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE | 975 SDHC_DOING_READ | SDHC_DOING_WRITE | 976 SDHC_DATA_INHIBIT | SDHC_DAT_LINE_ACTIVE); 977 s->blkgap &= ~(SDHC_STOP_AT_GAP_REQ | SDHC_CONTINUE_REQ); 978 s->stopped_state = sdhc_not_stopped; 979 s->norintsts &= ~(SDHC_NIS_WBUFRDY | SDHC_NIS_RBUFRDY | 980 SDHC_NIS_DMA | SDHC_NIS_TRSCMP | SDHC_NIS_BLKGAP); 981 break; 982 } 983 } 984 985 static void 986 sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) 987 { 988 SDHCIState *s = (SDHCIState *)opaque; 989 unsigned shift = 8 * (offset & 0x3); 990 uint32_t mask = ~(((1ULL << (size * 8)) - 1) << shift); 991 uint32_t value = val; 992 value <<= shift; 993 994 switch (offset & ~0x3) { 995 case SDHC_SYSAD: 996 s->sdmasysad = (s->sdmasysad & mask) | value; 997 MASKED_WRITE(s->sdmasysad, mask, value); 998 /* Writing to last byte of sdmasysad might trigger transfer */ 999 if (!(mask & 0xFF000000) && TRANSFERRING_DATA(s->prnsts) && s->blkcnt && 1000 s->blksize && SDHC_DMA_TYPE(s->hostctl) == SDHC_CTRL_SDMA) { 1001 if (s->trnmod & SDHC_TRNS_MULTI) { 1002 sdhci_sdma_transfer_multi_blocks(s); 1003 } else { 1004 sdhci_sdma_transfer_single_block(s); 1005 } 1006 } 1007 break; 1008 case SDHC_BLKSIZE: 1009 if (!TRANSFERRING_DATA(s->prnsts)) { 1010 MASKED_WRITE(s->blksize, mask, value); 1011 MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16); 1012 } 1013 1014 /* Limit block size to the maximum buffer size */ 1015 if (extract32(s->blksize, 0, 12) > s->buf_maxsz) { 1016 qemu_log_mask(LOG_GUEST_ERROR, "%s: Size 0x%x is larger than " \ 1017 "the maximum buffer 0x%x", __func__, s->blksize, 1018 s->buf_maxsz); 1019 1020 s->blksize = deposit32(s->blksize, 0, 12, s->buf_maxsz); 1021 } 1022 1023 break; 1024 case SDHC_ARGUMENT: 1025 MASKED_WRITE(s->argument, mask, value); 1026 break; 1027 case SDHC_TRNMOD: 1028 /* DMA can be enabled only if it is supported as indicated by 1029 * capabilities register */ 1030 if (!(s->capareg & SDHC_CAN_DO_DMA)) { 1031 value &= ~SDHC_TRNS_DMA; 1032 } 1033 MASKED_WRITE(s->trnmod, mask, value & SDHC_TRNMOD_MASK); 1034 MASKED_WRITE(s->cmdreg, mask >> 16, value >> 16); 1035 1036 /* Writing to the upper byte of CMDREG triggers SD command generation */ 1037 if ((mask & 0xFF000000) || !sdhci_can_issue_command(s)) { 1038 break; 1039 } 1040 1041 sdhci_send_command(s); 1042 break; 1043 case SDHC_BDATA: 1044 if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) { 1045 sdhci_write_dataport(s, value >> shift, size); 1046 } 1047 break; 1048 case SDHC_HOSTCTL: 1049 if (!(mask & 0xFF0000)) { 1050 sdhci_blkgap_write(s, value >> 16); 1051 } 1052 MASKED_WRITE(s->hostctl, mask, value); 1053 MASKED_WRITE(s->pwrcon, mask >> 8, value >> 8); 1054 MASKED_WRITE(s->wakcon, mask >> 24, value >> 24); 1055 if (!(s->prnsts & SDHC_CARD_PRESENT) || ((s->pwrcon >> 1) & 0x7) < 5 || 1056 !(s->capareg & (1 << (31 - ((s->pwrcon >> 1) & 0x7))))) { 1057 s->pwrcon &= ~SDHC_POWER_ON; 1058 } 1059 break; 1060 case SDHC_CLKCON: 1061 if (!(mask & 0xFF000000)) { 1062 sdhci_reset_write(s, value >> 24); 1063 } 1064 MASKED_WRITE(s->clkcon, mask, value); 1065 MASKED_WRITE(s->timeoutcon, mask >> 16, value >> 16); 1066 if (s->clkcon & SDHC_CLOCK_INT_EN) { 1067 s->clkcon |= SDHC_CLOCK_INT_STABLE; 1068 } else { 1069 s->clkcon &= ~SDHC_CLOCK_INT_STABLE; 1070 } 1071 break; 1072 case SDHC_NORINTSTS: 1073 if (s->norintstsen & SDHC_NISEN_CARDINT) { 1074 value &= ~SDHC_NIS_CARDINT; 1075 } 1076 s->norintsts &= mask | ~value; 1077 s->errintsts &= (mask >> 16) | ~(value >> 16); 1078 if (s->errintsts) { 1079 s->norintsts |= SDHC_NIS_ERR; 1080 } else { 1081 s->norintsts &= ~SDHC_NIS_ERR; 1082 } 1083 sdhci_update_irq(s); 1084 break; 1085 case SDHC_NORINTSTSEN: 1086 MASKED_WRITE(s->norintstsen, mask, value); 1087 MASKED_WRITE(s->errintstsen, mask >> 16, value >> 16); 1088 s->norintsts &= s->norintstsen; 1089 s->errintsts &= s->errintstsen; 1090 if (s->errintsts) { 1091 s->norintsts |= SDHC_NIS_ERR; 1092 } else { 1093 s->norintsts &= ~SDHC_NIS_ERR; 1094 } 1095 /* Quirk for Raspberry Pi: pending card insert interrupt 1096 * appears when first enabled after power on */ 1097 if ((s->norintstsen & SDHC_NISEN_INSERT) && s->pending_insert_state) { 1098 assert(s->pending_insert_quirk); 1099 s->norintsts |= SDHC_NIS_INSERT; 1100 s->pending_insert_state = false; 1101 } 1102 sdhci_update_irq(s); 1103 break; 1104 case SDHC_NORINTSIGEN: 1105 MASKED_WRITE(s->norintsigen, mask, value); 1106 MASKED_WRITE(s->errintsigen, mask >> 16, value >> 16); 1107 sdhci_update_irq(s); 1108 break; 1109 case SDHC_ADMAERR: 1110 MASKED_WRITE(s->admaerr, mask, value); 1111 break; 1112 case SDHC_ADMASYSADDR: 1113 s->admasysaddr = (s->admasysaddr & (0xFFFFFFFF00000000ULL | 1114 (uint64_t)mask)) | (uint64_t)value; 1115 break; 1116 case SDHC_ADMASYSADDR + 4: 1117 s->admasysaddr = (s->admasysaddr & (0x00000000FFFFFFFFULL | 1118 ((uint64_t)mask << 32))) | ((uint64_t)value << 32); 1119 break; 1120 case SDHC_FEAER: 1121 s->acmd12errsts |= value; 1122 s->errintsts |= (value >> 16) & s->errintstsen; 1123 if (s->acmd12errsts) { 1124 s->errintsts |= SDHC_EIS_CMD12ERR; 1125 } 1126 if (s->errintsts) { 1127 s->norintsts |= SDHC_NIS_ERR; 1128 } 1129 sdhci_update_irq(s); 1130 break; 1131 case SDHC_ACMD12ERRSTS: 1132 MASKED_WRITE(s->acmd12errsts, mask, value); 1133 break; 1134 1135 case SDHC_CAPAB: 1136 case SDHC_CAPAB + 4: 1137 case SDHC_MAXCURR: 1138 case SDHC_MAXCURR + 4: 1139 qemu_log_mask(LOG_GUEST_ERROR, "SDHC wr_%ub @0x%02" HWADDR_PRIx 1140 " <- 0x%08x read-only\n", size, offset, value >> shift); 1141 break; 1142 1143 default: 1144 qemu_log_mask(LOG_UNIMP, "SDHC wr_%ub @0x%02" HWADDR_PRIx " <- 0x%08x " 1145 "not implemented\n", size, offset, value >> shift); 1146 break; 1147 } 1148 trace_sdhci_access("wr", size << 3, offset, "<-", 1149 value >> shift, value >> shift); 1150 } 1151 1152 static const MemoryRegionOps sdhci_mmio_ops = { 1153 .read = sdhci_read, 1154 .write = sdhci_write, 1155 .valid = { 1156 .min_access_size = 1, 1157 .max_access_size = 4, 1158 .unaligned = false 1159 }, 1160 .endianness = DEVICE_LITTLE_ENDIAN, 1161 }; 1162 1163 static inline unsigned int sdhci_get_fifolen(SDHCIState *s) 1164 { 1165 switch (SDHC_CAPAB_BLOCKSIZE(s->capareg)) { 1166 case 0: 1167 return 512; 1168 case 1: 1169 return 1024; 1170 case 2: 1171 return 2048; 1172 default: 1173 hw_error("SDHC: unsupported value for maximum block size\n"); 1174 return 0; 1175 } 1176 } 1177 1178 /* --- qdev common --- */ 1179 1180 #define DEFINE_SDHCI_COMMON_PROPERTIES(_state) \ 1181 /* Capabilities registers provide information on supported features 1182 * of this specific host controller implementation */ \ 1183 DEFINE_PROP_UINT64("capareg", _state, capareg, SDHC_CAPAB_REG_DEFAULT), \ 1184 DEFINE_PROP_UINT64("maxcurr", _state, maxcurr, 0) 1185 1186 static void sdhci_initfn(SDHCIState *s) 1187 { 1188 qbus_create_inplace(&s->sdbus, sizeof(s->sdbus), 1189 TYPE_SDHCI_BUS, DEVICE(s), "sd-bus"); 1190 1191 s->insert_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sdhci_raise_insertion_irq, s); 1192 s->transfer_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sdhci_data_transfer, s); 1193 1194 s->io_ops = &sdhci_mmio_ops; 1195 } 1196 1197 static void sdhci_uninitfn(SDHCIState *s) 1198 { 1199 timer_del(s->insert_timer); 1200 timer_free(s->insert_timer); 1201 timer_del(s->transfer_timer); 1202 timer_free(s->transfer_timer); 1203 1204 g_free(s->fifo_buffer); 1205 s->fifo_buffer = NULL; 1206 } 1207 1208 static void sdhci_common_realize(SDHCIState *s, Error **errp) 1209 { 1210 s->buf_maxsz = sdhci_get_fifolen(s); 1211 s->fifo_buffer = g_malloc0(s->buf_maxsz); 1212 1213 memory_region_init_io(&s->iomem, OBJECT(s), &sdhci_mmio_ops, s, "sdhci", 1214 SDHC_REGISTERS_MAP_SIZE); 1215 } 1216 1217 static void sdhci_common_unrealize(SDHCIState *s, Error **errp) 1218 { 1219 /* This function is expected to be called only once for each class: 1220 * - SysBus: via DeviceClass->unrealize(), 1221 * - PCI: via PCIDeviceClass->exit(). 1222 * However to avoid double-free and/or use-after-free we still nullify 1223 * this variable (better safe than sorry!). */ 1224 g_free(s->fifo_buffer); 1225 s->fifo_buffer = NULL; 1226 } 1227 1228 static bool sdhci_pending_insert_vmstate_needed(void *opaque) 1229 { 1230 SDHCIState *s = opaque; 1231 1232 return s->pending_insert_state; 1233 } 1234 1235 static const VMStateDescription sdhci_pending_insert_vmstate = { 1236 .name = "sdhci/pending-insert", 1237 .version_id = 1, 1238 .minimum_version_id = 1, 1239 .needed = sdhci_pending_insert_vmstate_needed, 1240 .fields = (VMStateField[]) { 1241 VMSTATE_BOOL(pending_insert_state, SDHCIState), 1242 VMSTATE_END_OF_LIST() 1243 }, 1244 }; 1245 1246 const VMStateDescription sdhci_vmstate = { 1247 .name = "sdhci", 1248 .version_id = 1, 1249 .minimum_version_id = 1, 1250 .fields = (VMStateField[]) { 1251 VMSTATE_UINT32(sdmasysad, SDHCIState), 1252 VMSTATE_UINT16(blksize, SDHCIState), 1253 VMSTATE_UINT16(blkcnt, SDHCIState), 1254 VMSTATE_UINT32(argument, SDHCIState), 1255 VMSTATE_UINT16(trnmod, SDHCIState), 1256 VMSTATE_UINT16(cmdreg, SDHCIState), 1257 VMSTATE_UINT32_ARRAY(rspreg, SDHCIState, 4), 1258 VMSTATE_UINT32(prnsts, SDHCIState), 1259 VMSTATE_UINT8(hostctl, SDHCIState), 1260 VMSTATE_UINT8(pwrcon, SDHCIState), 1261 VMSTATE_UINT8(blkgap, SDHCIState), 1262 VMSTATE_UINT8(wakcon, SDHCIState), 1263 VMSTATE_UINT16(clkcon, SDHCIState), 1264 VMSTATE_UINT8(timeoutcon, SDHCIState), 1265 VMSTATE_UINT8(admaerr, SDHCIState), 1266 VMSTATE_UINT16(norintsts, SDHCIState), 1267 VMSTATE_UINT16(errintsts, SDHCIState), 1268 VMSTATE_UINT16(norintstsen, SDHCIState), 1269 VMSTATE_UINT16(errintstsen, SDHCIState), 1270 VMSTATE_UINT16(norintsigen, SDHCIState), 1271 VMSTATE_UINT16(errintsigen, SDHCIState), 1272 VMSTATE_UINT16(acmd12errsts, SDHCIState), 1273 VMSTATE_UINT16(data_count, SDHCIState), 1274 VMSTATE_UINT64(admasysaddr, SDHCIState), 1275 VMSTATE_UINT8(stopped_state, SDHCIState), 1276 VMSTATE_VBUFFER_UINT32(fifo_buffer, SDHCIState, 1, NULL, buf_maxsz), 1277 VMSTATE_TIMER_PTR(insert_timer, SDHCIState), 1278 VMSTATE_TIMER_PTR(transfer_timer, SDHCIState), 1279 VMSTATE_END_OF_LIST() 1280 }, 1281 .subsections = (const VMStateDescription*[]) { 1282 &sdhci_pending_insert_vmstate, 1283 NULL 1284 }, 1285 }; 1286 1287 static void sdhci_common_class_init(ObjectClass *klass, void *data) 1288 { 1289 DeviceClass *dc = DEVICE_CLASS(klass); 1290 1291 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 1292 dc->vmsd = &sdhci_vmstate; 1293 dc->reset = sdhci_poweron_reset; 1294 } 1295 1296 /* --- qdev PCI --- */ 1297 1298 static Property sdhci_pci_properties[] = { 1299 DEFINE_SDHCI_COMMON_PROPERTIES(SDHCIState), 1300 DEFINE_PROP_END_OF_LIST(), 1301 }; 1302 1303 static void sdhci_pci_realize(PCIDevice *dev, Error **errp) 1304 { 1305 SDHCIState *s = PCI_SDHCI(dev); 1306 1307 sdhci_initfn(s); 1308 sdhci_common_realize(s, errp); 1309 if (errp && *errp) { 1310 return; 1311 } 1312 1313 dev->config[PCI_CLASS_PROG] = 0x01; /* Standard Host supported DMA */ 1314 dev->config[PCI_INTERRUPT_PIN] = 0x01; /* interrupt pin A */ 1315 s->irq = pci_allocate_irq(dev); 1316 s->dma_as = pci_get_address_space(dev); 1317 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->iomem); 1318 } 1319 1320 static void sdhci_pci_exit(PCIDevice *dev) 1321 { 1322 SDHCIState *s = PCI_SDHCI(dev); 1323 1324 sdhci_common_unrealize(s, &error_abort); 1325 sdhci_uninitfn(s); 1326 } 1327 1328 static void sdhci_pci_class_init(ObjectClass *klass, void *data) 1329 { 1330 DeviceClass *dc = DEVICE_CLASS(klass); 1331 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 1332 1333 k->realize = sdhci_pci_realize; 1334 k->exit = sdhci_pci_exit; 1335 k->vendor_id = PCI_VENDOR_ID_REDHAT; 1336 k->device_id = PCI_DEVICE_ID_REDHAT_SDHCI; 1337 k->class_id = PCI_CLASS_SYSTEM_SDHCI; 1338 dc->props = sdhci_pci_properties; 1339 1340 sdhci_common_class_init(klass, data); 1341 } 1342 1343 static const TypeInfo sdhci_pci_info = { 1344 .name = TYPE_PCI_SDHCI, 1345 .parent = TYPE_PCI_DEVICE, 1346 .instance_size = sizeof(SDHCIState), 1347 .class_init = sdhci_pci_class_init, 1348 .interfaces = (InterfaceInfo[]) { 1349 { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 1350 { }, 1351 }, 1352 }; 1353 1354 /* --- qdev SysBus --- */ 1355 1356 static Property sdhci_sysbus_properties[] = { 1357 DEFINE_SDHCI_COMMON_PROPERTIES(SDHCIState), 1358 DEFINE_PROP_BOOL("pending-insert-quirk", SDHCIState, pending_insert_quirk, 1359 false), 1360 DEFINE_PROP_LINK("dma", SDHCIState, 1361 dma_mr, TYPE_MEMORY_REGION, MemoryRegion *), 1362 DEFINE_PROP_END_OF_LIST(), 1363 }; 1364 1365 static void sdhci_sysbus_init(Object *obj) 1366 { 1367 SDHCIState *s = SYSBUS_SDHCI(obj); 1368 1369 sdhci_initfn(s); 1370 } 1371 1372 static void sdhci_sysbus_finalize(Object *obj) 1373 { 1374 SDHCIState *s = SYSBUS_SDHCI(obj); 1375 1376 if (s->dma_mr) { 1377 object_unparent(OBJECT(s->dma_mr)); 1378 } 1379 1380 sdhci_uninitfn(s); 1381 } 1382 1383 static void sdhci_sysbus_realize(DeviceState *dev, Error ** errp) 1384 { 1385 SDHCIState *s = SYSBUS_SDHCI(dev); 1386 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1387 1388 sdhci_common_realize(s, errp); 1389 if (errp && *errp) { 1390 return; 1391 } 1392 1393 if (s->dma_mr) { 1394 s->dma_as = &s->sysbus_dma_as; 1395 address_space_init(s->dma_as, s->dma_mr, "sdhci-dma"); 1396 } else { 1397 /* use system_memory() if property "dma" not set */ 1398 s->dma_as = &address_space_memory; 1399 } 1400 1401 sysbus_init_irq(sbd, &s->irq); 1402 1403 memory_region_init_io(&s->iomem, OBJECT(s), s->io_ops, s, "sdhci", 1404 SDHC_REGISTERS_MAP_SIZE); 1405 1406 sysbus_init_mmio(sbd, &s->iomem); 1407 } 1408 1409 static void sdhci_sysbus_unrealize(DeviceState *dev, Error **errp) 1410 { 1411 SDHCIState *s = SYSBUS_SDHCI(dev); 1412 1413 sdhci_common_unrealize(s, &error_abort); 1414 1415 if (s->dma_mr) { 1416 address_space_destroy(s->dma_as); 1417 } 1418 } 1419 1420 static void sdhci_sysbus_class_init(ObjectClass *klass, void *data) 1421 { 1422 DeviceClass *dc = DEVICE_CLASS(klass); 1423 1424 dc->props = sdhci_sysbus_properties; 1425 dc->realize = sdhci_sysbus_realize; 1426 dc->unrealize = sdhci_sysbus_unrealize; 1427 1428 sdhci_common_class_init(klass, data); 1429 } 1430 1431 static const TypeInfo sdhci_sysbus_info = { 1432 .name = TYPE_SYSBUS_SDHCI, 1433 .parent = TYPE_SYS_BUS_DEVICE, 1434 .instance_size = sizeof(SDHCIState), 1435 .instance_init = sdhci_sysbus_init, 1436 .instance_finalize = sdhci_sysbus_finalize, 1437 .class_init = sdhci_sysbus_class_init, 1438 }; 1439 1440 /* --- qdev bus master --- */ 1441 1442 static void sdhci_bus_class_init(ObjectClass *klass, void *data) 1443 { 1444 SDBusClass *sbc = SD_BUS_CLASS(klass); 1445 1446 sbc->set_inserted = sdhci_set_inserted; 1447 sbc->set_readonly = sdhci_set_readonly; 1448 } 1449 1450 static const TypeInfo sdhci_bus_info = { 1451 .name = TYPE_SDHCI_BUS, 1452 .parent = TYPE_SD_BUS, 1453 .instance_size = sizeof(SDBus), 1454 .class_init = sdhci_bus_class_init, 1455 }; 1456 1457 static uint64_t usdhc_read(void *opaque, hwaddr offset, unsigned size) 1458 { 1459 SDHCIState *s = SYSBUS_SDHCI(opaque); 1460 uint32_t ret; 1461 uint16_t hostctl; 1462 1463 switch (offset) { 1464 default: 1465 return sdhci_read(opaque, offset, size); 1466 1467 case SDHC_HOSTCTL: 1468 /* 1469 * For a detailed explanation on the following bit 1470 * manipulation code see comments in a similar part of 1471 * usdhc_write() 1472 */ 1473 hostctl = SDHC_DMA_TYPE(s->hostctl) << (8 - 3); 1474 1475 if (s->hostctl & SDHC_CTRL_8BITBUS) { 1476 hostctl |= ESDHC_CTRL_8BITBUS; 1477 } 1478 1479 if (s->hostctl & SDHC_CTRL_4BITBUS) { 1480 hostctl |= ESDHC_CTRL_4BITBUS; 1481 } 1482 1483 ret = hostctl; 1484 ret |= (uint32_t)s->blkgap << 16; 1485 ret |= (uint32_t)s->wakcon << 24; 1486 1487 break; 1488 1489 case ESDHC_DLL_CTRL: 1490 case ESDHC_TUNE_CTRL_STATUS: 1491 case ESDHC_UNDOCUMENTED_REG27: 1492 case ESDHC_TUNING_CTRL: 1493 case ESDHC_VENDOR_SPEC: 1494 case ESDHC_MIX_CTRL: 1495 case ESDHC_WTMK_LVL: 1496 ret = 0; 1497 break; 1498 } 1499 1500 return ret; 1501 } 1502 1503 static void 1504 usdhc_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) 1505 { 1506 SDHCIState *s = SYSBUS_SDHCI(opaque); 1507 uint8_t hostctl; 1508 uint32_t value = (uint32_t)val; 1509 1510 switch (offset) { 1511 case ESDHC_DLL_CTRL: 1512 case ESDHC_TUNE_CTRL_STATUS: 1513 case ESDHC_UNDOCUMENTED_REG27: 1514 case ESDHC_TUNING_CTRL: 1515 case ESDHC_WTMK_LVL: 1516 case ESDHC_VENDOR_SPEC: 1517 break; 1518 1519 case SDHC_HOSTCTL: 1520 /* 1521 * Here's What ESDHCI has at offset 0x28 (SDHC_HOSTCTL) 1522 * 1523 * 7 6 5 4 3 2 1 0 1524 * |-----------+--------+--------+-----------+----------+---------| 1525 * | Card | Card | Endian | DATA3 | Data | Led | 1526 * | Detect | Detect | Mode | as Card | Transfer | Control | 1527 * | Signal | Test | | Detection | Width | | 1528 * | Selection | Level | | Pin | | | 1529 * |-----------+--------+--------+-----------+----------+---------| 1530 * 1531 * and 0x29 1532 * 1533 * 15 10 9 8 1534 * |----------+------| 1535 * | Reserved | DMA | 1536 * | | Sel. | 1537 * | | | 1538 * |----------+------| 1539 * 1540 * and here's what SDCHI spec expects those offsets to be: 1541 * 1542 * 0x28 (Host Control Register) 1543 * 1544 * 7 6 5 4 3 2 1 0 1545 * |--------+--------+----------+------+--------+----------+---------| 1546 * | Card | Card | Extended | DMA | High | Data | LED | 1547 * | Detect | Detect | Data | Sel. | Speed | Transfer | Control | 1548 * | Signal | Test | Transfer | | Enable | Width | | 1549 * | Sel. | Level | Width | | | | | 1550 * |--------+--------+----------+------+--------+----------+---------| 1551 * 1552 * and 0x29 (Power Control Register) 1553 * 1554 * |----------------------------------| 1555 * | Power Control Register | 1556 * | | 1557 * | Description omitted, | 1558 * | since it has no analog in ESDHCI | 1559 * | | 1560 * |----------------------------------| 1561 * 1562 * Since offsets 0x2A and 0x2B should be compatible between 1563 * both IP specs we only need to reconcile least 16-bit of the 1564 * word we've been given. 1565 */ 1566 1567 /* 1568 * First, save bits 7 6 and 0 since they are identical 1569 */ 1570 hostctl = value & (SDHC_CTRL_LED | 1571 SDHC_CTRL_CDTEST_INS | 1572 SDHC_CTRL_CDTEST_EN); 1573 /* 1574 * Second, split "Data Transfer Width" from bits 2 and 1 in to 1575 * bits 5 and 1 1576 */ 1577 if (value & ESDHC_CTRL_8BITBUS) { 1578 hostctl |= SDHC_CTRL_8BITBUS; 1579 } 1580 1581 if (value & ESDHC_CTRL_4BITBUS) { 1582 hostctl |= ESDHC_CTRL_4BITBUS; 1583 } 1584 1585 /* 1586 * Third, move DMA select from bits 9 and 8 to bits 4 and 3 1587 */ 1588 hostctl |= SDHC_DMA_TYPE(value >> (8 - 3)); 1589 1590 /* 1591 * Now place the corrected value into low 16-bit of the value 1592 * we are going to give standard SDHCI write function 1593 * 1594 * NOTE: This transformation should be the inverse of what can 1595 * be found in drivers/mmc/host/sdhci-esdhc-imx.c in Linux 1596 * kernel 1597 */ 1598 value &= ~UINT16_MAX; 1599 value |= hostctl; 1600 value |= (uint16_t)s->pwrcon << 8; 1601 1602 sdhci_write(opaque, offset, value, size); 1603 break; 1604 1605 case ESDHC_MIX_CTRL: 1606 /* 1607 * So, when SD/MMC stack in Linux tries to write to "Transfer 1608 * Mode Register", ESDHC i.MX quirk code will translate it 1609 * into a write to ESDHC_MIX_CTRL, so we do the opposite in 1610 * order to get where we started 1611 * 1612 * Note that Auto CMD23 Enable bit is located in a wrong place 1613 * on i.MX, but since it is not used by QEMU we do not care. 1614 * 1615 * We don't want to call sdhci_write(.., SDHC_TRNMOD, ...) 1616 * here becuase it will result in a call to 1617 * sdhci_send_command(s) which we don't want. 1618 * 1619 */ 1620 s->trnmod = value & UINT16_MAX; 1621 break; 1622 case SDHC_TRNMOD: 1623 /* 1624 * Similar to above, but this time a write to "Command 1625 * Register" will be translated into a 4-byte write to 1626 * "Transfer Mode register" where lower 16-bit of value would 1627 * be set to zero. So what we do is fill those bits with 1628 * cached value from s->trnmod and let the SDHCI 1629 * infrastructure handle the rest 1630 */ 1631 sdhci_write(opaque, offset, val | s->trnmod, size); 1632 break; 1633 case SDHC_BLKSIZE: 1634 /* 1635 * ESDHCI does not implement "Host SDMA Buffer Boundary", and 1636 * Linux driver will try to zero this field out which will 1637 * break the rest of SDHCI emulation. 1638 * 1639 * Linux defaults to maximum possible setting (512K boundary) 1640 * and it seems to be the only option that i.MX IP implements, 1641 * so we artificially set it to that value. 1642 */ 1643 val |= 0x7 << 12; 1644 /* FALLTHROUGH */ 1645 default: 1646 sdhci_write(opaque, offset, val, size); 1647 break; 1648 } 1649 } 1650 1651 1652 static const MemoryRegionOps usdhc_mmio_ops = { 1653 .read = usdhc_read, 1654 .write = usdhc_write, 1655 .valid = { 1656 .min_access_size = 1, 1657 .max_access_size = 4, 1658 .unaligned = false 1659 }, 1660 .endianness = DEVICE_LITTLE_ENDIAN, 1661 }; 1662 1663 static void imx_usdhc_init(Object *obj) 1664 { 1665 SDHCIState *s = SYSBUS_SDHCI(obj); 1666 1667 s->io_ops = &usdhc_mmio_ops; 1668 s->quirks = SDHCI_QUIRK_NO_BUSY_IRQ; 1669 } 1670 1671 static const TypeInfo imx_usdhc_info = { 1672 .name = TYPE_IMX_USDHC, 1673 .parent = TYPE_SYSBUS_SDHCI, 1674 .instance_init = imx_usdhc_init, 1675 }; 1676 1677 static void sdhci_register_types(void) 1678 { 1679 type_register_static(&sdhci_pci_info); 1680 type_register_static(&sdhci_sysbus_info); 1681 type_register_static(&sdhci_bus_info); 1682 type_register_static(&imx_usdhc_info); 1683 } 1684 1685 type_init(sdhci_register_types) 1686