[mirror_qemu.git] / hw / sd / pl181.c

/*
 * Arm PrimeCell PL181 MultiMedia Card Interface
 *
 * Copyright (c) 2007 CodeSourcery.
 * Written by Paul Brook
 *
 * This code is licensed under the GPL.
 */

#include "qemu/osdep.h"
#include "sysemu/blockdev.h"
#include "hw/sysbus.h"
#include "hw/sd/sd.h"
#include "qemu/log.h"
#include "qemu/module.h"
#include "qapi/error.h"

//#define DEBUG_PL181 1

#ifdef DEBUG_PL181
#define DPRINTF(fmt, ...) \
do { printf("pl181: " fmt , ## __VA_ARGS__); } while (0)
#else
#define DPRINTF(fmt, ...) do {} while(0)
#endif

#define PL181_FIFO_LEN 16

#define TYPE_PL181 "pl181"
#define PL181(obj) OBJECT_CHECK(PL181State, (obj), TYPE_PL181)

typedef struct PL181State {
    SysBusDevice parent_obj;

    MemoryRegion iomem;
    SDState *card;
    uint32_t clock;
    uint32_t power;
    uint32_t cmdarg;
    uint32_t cmd;
    uint32_t datatimer;
    uint32_t datalength;
    uint32_t respcmd;
    uint32_t response[4];
    uint32_t datactrl;
    uint32_t datacnt;
    uint32_t status;
    uint32_t mask[2];
    int32_t fifo_pos;
    int32_t fifo_len;
    /* The linux 2.6.21 driver is buggy, and misbehaves if new data arrives
       while it is reading the FIFO.  We hack around this by deferring
       subsequent transfers until after the driver polls the status word.
       http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=4446/1
     */
    int32_t linux_hack;
    uint32_t fifo[PL181_FIFO_LEN];
    qemu_irq irq[2];
    /* GPIO outputs for 'card is readonly' and 'card inserted' */
    qemu_irq cardstatus[2];
} PL181State;

static const VMStateDescription vmstate_pl181 = {
    .name = "pl181",
    .version_id = 1,
    .minimum_version_id = 1,
    .fields = (VMStateField[]) {
        VMSTATE_UINT32(clock, PL181State),
        VMSTATE_UINT32(power, PL181State),
        VMSTATE_UINT32(cmdarg, PL181State),
        VMSTATE_UINT32(cmd, PL181State),
        VMSTATE_UINT32(datatimer, PL181State),
        VMSTATE_UINT32(datalength, PL181State),
        VMSTATE_UINT32(respcmd, PL181State),
        VMSTATE_UINT32_ARRAY(response, PL181State, 4),
        VMSTATE_UINT32(datactrl, PL181State),
        VMSTATE_UINT32(datacnt, PL181State),
        VMSTATE_UINT32(status, PL181State),
        VMSTATE_UINT32_ARRAY(mask, PL181State, 2),
        VMSTATE_INT32(fifo_pos, PL181State),
        VMSTATE_INT32(fifo_len, PL181State),
        VMSTATE_INT32(linux_hack, PL181State),
        VMSTATE_UINT32_ARRAY(fifo, PL181State, PL181_FIFO_LEN),
        VMSTATE_END_OF_LIST()
    }
};

#define PL181_CMD_INDEX     0x3f
#define PL181_CMD_RESPONSE  (1 << 6)
#define PL181_CMD_LONGRESP  (1 << 7)
#define PL181_CMD_INTERRUPT (1 << 8)
#define PL181_CMD_PENDING   (1 << 9)
#define PL181_CMD_ENABLE    (1 << 10)

#define PL181_DATA_ENABLE             (1 << 0)
#define PL181_DATA_DIRECTION          (1 << 1)
#define PL181_DATA_MODE               (1 << 2)
#define PL181_DATA_DMAENABLE          (1 << 3)

#define PL181_STATUS_CMDCRCFAIL       (1 << 0)
#define PL181_STATUS_DATACRCFAIL      (1 << 1)
#define PL181_STATUS_CMDTIMEOUT       (1 << 2)
#define PL181_STATUS_DATATIMEOUT      (1 << 3)
#define PL181_STATUS_TXUNDERRUN       (1 << 4)
#define PL181_STATUS_RXOVERRUN        (1 << 5)
#define PL181_STATUS_CMDRESPEND       (1 << 6)
#define PL181_STATUS_CMDSENT          (1 << 7)
#define PL181_STATUS_DATAEND          (1 << 8)
#define PL181_STATUS_DATABLOCKEND     (1 << 10)
#define PL181_STATUS_CMDACTIVE        (1 << 11)
#define PL181_STATUS_TXACTIVE         (1 << 12)
#define PL181_STATUS_RXACTIVE         (1 << 13)
#define PL181_STATUS_TXFIFOHALFEMPTY  (1 << 14)
#define PL181_STATUS_RXFIFOHALFFULL   (1 << 15)
#define PL181_STATUS_TXFIFOFULL       (1 << 16)
#define PL181_STATUS_RXFIFOFULL       (1 << 17)
#define PL181_STATUS_TXFIFOEMPTY      (1 << 18)
#define PL181_STATUS_RXFIFOEMPTY      (1 << 19)
#define PL181_STATUS_TXDATAAVLBL      (1 << 20)
#define PL181_STATUS_RXDATAAVLBL      (1 << 21)

#define PL181_STATUS_TX_FIFO (PL181_STATUS_TXACTIVE \
                             |PL181_STATUS_TXFIFOHALFEMPTY \
                             |PL181_STATUS_TXFIFOFULL \
                             |PL181_STATUS_TXFIFOEMPTY \
                             |PL181_STATUS_TXDATAAVLBL)
#define PL181_STATUS_RX_FIFO (PL181_STATUS_RXACTIVE \
                             |PL181_STATUS_RXFIFOHALFFULL \
                             |PL181_STATUS_RXFIFOFULL \
                             |PL181_STATUS_RXFIFOEMPTY \
                             |PL181_STATUS_RXDATAAVLBL)

static const unsigned char pl181_id[] =
{ 0x81, 0x11, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };

static void pl181_update(PL181State *s)
{
    int i;
    for (i = 0; i < 2; i++) {
        qemu_set_irq(s->irq[i], (s->status & s->mask[i]) != 0);
    }
}

static void pl181_fifo_push(PL181State *s, uint32_t value)
{
    int n;

    if (s->fifo_len == PL181_FIFO_LEN) {
        fprintf(stderr, "pl181: FIFO overflow\n");
        return;
    }
    n = (s->fifo_pos + s->fifo_len) & (PL181_FIFO_LEN - 1);
    s->fifo_len++;
    s->fifo[n] = value;
    DPRINTF("FIFO push %08x\n", (int)value);
}

static uint32_t pl181_fifo_pop(PL181State *s)
{
    uint32_t value;

    if (s->fifo_len == 0) {
        fprintf(stderr, "pl181: FIFO underflow\n");
        return 0;
    }
    value = s->fifo[s->fifo_pos];
    s->fifo_len--;
    s->fifo_pos = (s->fifo_pos + 1) & (PL181_FIFO_LEN - 1);
    DPRINTF("FIFO pop %08x\n", (int)value);
    return value;
}

static void pl181_send_command(PL181State *s)
{
    SDRequest request;
    uint8_t response[16];
    int rlen;

    request.cmd = s->cmd & PL181_CMD_INDEX;
    request.arg = s->cmdarg;
    DPRINTF("Command %d %08x\n", request.cmd, request.arg);
    rlen = sd_do_command(s->card, &request, response);
    if (rlen < 0)
        goto error;
    if (s->cmd & PL181_CMD_RESPONSE) {
        if (rlen == 0 || (rlen == 4 && (s->cmd & PL181_CMD_LONGRESP)))
            goto error;
        if (rlen != 4 && rlen != 16)
            goto error;
        s->response[0] = ldl_be_p(&response[0]);
        if (rlen == 4) {
            s->response[1] = s->response[2] = s->response[3] = 0;
        } else {
            s->response[1] = ldl_be_p(&response[4]);
            s->response[2] = ldl_be_p(&response[8]);
            s->response[3] = ldl_be_p(&response[12]) & ~1;
        }
        DPRINTF("Response received\n");
        s->status |= PL181_STATUS_CMDRESPEND;
    } else {
        DPRINTF("Command sent\n");
        s->status |= PL181_STATUS_CMDSENT;
    }
    return;

error:
    DPRINTF("Timeout\n");
    s->status |= PL181_STATUS_CMDTIMEOUT;
}

/* Transfer data between the card and the FIFO.  This is complicated by
   the FIFO holding 32-bit words and the card taking data in single byte
   chunks.  FIFO bytes are transferred in little-endian order.  */

static void pl181_fifo_run(PL181State *s)
{
    uint32_t bits;
    uint32_t value = 0;
    int n;
    int is_read;

    is_read = (s->datactrl & PL181_DATA_DIRECTION) != 0;
    if (s->datacnt != 0 && (!is_read || sd_data_ready(s->card))
            && !s->linux_hack) {
        if (is_read) {
            n = 0;
            while (s->datacnt && s->fifo_len < PL181_FIFO_LEN) {
                value |= (uint32_t)sd_read_data(s->card) << (n * 8);
                s->datacnt--;
                n++;
                if (n == 4) {
                    pl181_fifo_push(s, value);
                    n = 0;
                    value = 0;
                }
            }
            if (n != 0) {
                pl181_fifo_push(s, value);
            }
        } else { /* write */
            n = 0;
            while (s->datacnt > 0 && (s->fifo_len > 0 || n > 0)) {
                if (n == 0) {
                    value = pl181_fifo_pop(s);
                    n = 4;
                }
                n--;
                s->datacnt--;
                sd_write_data(s->card, value & 0xff);
                value >>= 8;
            }
        }
    }
    s->status &= ~(PL181_STATUS_RX_FIFO | PL181_STATUS_TX_FIFO);
    if (s->datacnt == 0) {
        s->status |= PL181_STATUS_DATAEND;
        /* HACK: */
        s->status |= PL181_STATUS_DATABLOCKEND;
        DPRINTF("Transfer Complete\n");
    }
    if (s->datacnt == 0 && s->fifo_len == 0) {
        s->datactrl &= ~PL181_DATA_ENABLE;
        DPRINTF("Data engine idle\n");
    } else {
        /* Update FIFO bits.  */
        bits = PL181_STATUS_TXACTIVE | PL181_STATUS_RXACTIVE;
        if (s->fifo_len == 0) {
            bits |= PL181_STATUS_TXFIFOEMPTY;
            bits |= PL181_STATUS_RXFIFOEMPTY;
        } else {
            bits |= PL181_STATUS_TXDATAAVLBL;
            bits |= PL181_STATUS_RXDATAAVLBL;
        }
        if (s->fifo_len == 16) {
            bits |= PL181_STATUS_TXFIFOFULL;
            bits |= PL181_STATUS_RXFIFOFULL;
        }
        if (s->fifo_len <= 8) {
            bits |= PL181_STATUS_TXFIFOHALFEMPTY;
        }
        if (s->fifo_len >= 8) {
            bits |= PL181_STATUS_RXFIFOHALFFULL;
        }
        if (s->datactrl & PL181_DATA_DIRECTION) {
            bits &= PL181_STATUS_RX_FIFO;
        } else {
            bits &= PL181_STATUS_TX_FIFO;
        }
        s->status |= bits;
    }
}

static uint64_t pl181_read(void *opaque, hwaddr offset,
                           unsigned size)
{
    PL181State *s = (PL181State *)opaque;
    uint32_t tmp;

    if (offset >= 0xfe0 && offset < 0x1000) {
        return pl181_id[(offset - 0xfe0) >> 2];
    }
    switch (offset) {
    case 0x00: /* Power */
        return s->power;
    case 0x04: /* Clock */
        return s->clock;
    case 0x08: /* Argument */
        return s->cmdarg;
    case 0x0c: /* Command */
        return s->cmd;
    case 0x10: /* RespCmd */
        return s->respcmd;
    case 0x14: /* Response0 */
        return s->response[0];
    case 0x18: /* Response1 */
        return s->response[1];
    case 0x1c: /* Response2 */
        return s->response[2];
    case 0x20: /* Response3 */
        return s->response[3];
    case 0x24: /* DataTimer */
        return s->datatimer;
    case 0x28: /* DataLength */
        return s->datalength;
    case 0x2c: /* DataCtrl */
        return s->datactrl;
    case 0x30: /* DataCnt */
        return s->datacnt;
    case 0x34: /* Status */
        tmp = s->status;
        if (s->linux_hack) {
            s->linux_hack = 0;
            pl181_fifo_run(s);
            pl181_update(s);
        }
        return tmp;
    case 0x3c: /* Mask0 */
        return s->mask[0];
    case 0x40: /* Mask1 */
        return s->mask[1];
    case 0x48: /* FifoCnt */
        /* The documentation is somewhat vague about exactly what FifoCnt
           does.  On real hardware it appears to be when decrememnted
           when a word is transferred between the FIFO and the serial
           data engine.  DataCnt is decremented after each byte is
           transferred between the serial engine and the card.
           We don't emulate this level of detail, so both can be the same.  */
        tmp = (s->datacnt + 3) >> 2;
        if (s->linux_hack) {
            s->linux_hack = 0;
            pl181_fifo_run(s);
            pl181_update(s);
        }
        return tmp;
    case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
    case 0x90: case 0x94: case 0x98: case 0x9c:
    case 0xa0: case 0xa4: case 0xa8: case 0xac:
    case 0xb0: case 0xb4: case 0xb8: case 0xbc:
        if (s->fifo_len == 0) {
            qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO read\n");
            return 0;
        } else {
            uint32_t value;
            value = pl181_fifo_pop(s);
            s->linux_hack = 1;
            pl181_fifo_run(s);
            pl181_update(s);
            return value;
        }
    default:
        qemu_log_mask(LOG_GUEST_ERROR,
                      "pl181_read: Bad offset %x\n", (int)offset);
        return 0;
    }
}

static void pl181_write(void *opaque, hwaddr offset,
                        uint64_t value, unsigned size)
{
    PL181State *s = (PL181State *)opaque;

    switch (offset) {
    case 0x00: /* Power */
        s->power = value & 0xff;
        break;
    case 0x04: /* Clock */
        s->clock = value & 0xff;
        break;
    case 0x08: /* Argument */
        s->cmdarg = value;
        break;
    case 0x0c: /* Command */
        s->cmd = value;
        if (s->cmd & PL181_CMD_ENABLE) {
            if (s->cmd & PL181_CMD_INTERRUPT) {
                qemu_log_mask(LOG_UNIMP,
                              "pl181: Interrupt mode not implemented\n");
            } if (s->cmd & PL181_CMD_PENDING) {
                qemu_log_mask(LOG_UNIMP,
                              "pl181: Pending commands not implemented\n");
            } else {
                pl181_send_command(s);
                pl181_fifo_run(s);
            }
            /* The command has completed one way or the other.  */
            s->cmd &= ~PL181_CMD_ENABLE;
        }
        break;
    case 0x24: /* DataTimer */
        s->datatimer = value;
        break;
    case 0x28: /* DataLength */
        s->datalength = value & 0xffff;
        break;
    case 0x2c: /* DataCtrl */
        s->datactrl = value & 0xff;
        if (value & PL181_DATA_ENABLE) {
            s->datacnt = s->datalength;
            pl181_fifo_run(s);
        }
        break;
    case 0x38: /* Clear */
        s->status &= ~(value & 0x7ff);
        break;
    case 0x3c: /* Mask0 */
        s->mask[0] = value;
        break;
    case 0x40: /* Mask1 */
        s->mask[1] = value;
        break;
    case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
    case 0x90: case 0x94: case 0x98: case 0x9c:
    case 0xa0: case 0xa4: case 0xa8: case 0xac:
    case 0xb0: case 0xb4: case 0xb8: case 0xbc:
        if (s->datacnt == 0) {
            qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO write\n");
        } else {
            pl181_fifo_push(s, value);
            pl181_fifo_run(s);
        }
        break;
    default:
        qemu_log_mask(LOG_GUEST_ERROR,
                      "pl181_write: Bad offset %x\n", (int)offset);
    }
    pl181_update(s);
}

static const MemoryRegionOps pl181_ops = {
    .read = pl181_read,
    .write = pl181_write,
    .endianness = DEVICE_NATIVE_ENDIAN,
};

static void pl181_reset(DeviceState *d)
{
    PL181State *s = PL181(d);

    s->power = 0;
    s->cmdarg = 0;
    s->cmd = 0;
    s->datatimer = 0;
    s->datalength = 0;
    s->respcmd = 0;
    s->response[0] = 0;
    s->response[1] = 0;
    s->response[2] = 0;
    s->response[3] = 0;
    s->datatimer = 0;
    s->datalength = 0;
    s->datactrl = 0;
    s->datacnt = 0;
    s->status = 0;
    s->linux_hack = 0;
    s->mask[0] = 0;
    s->mask[1] = 0;

    /* We can assume our GPIO outputs have been wired up now */
    sd_set_cb(s->card, s->cardstatus[0], s->cardstatus[1]);
    /* Since we're still using the legacy SD API the card is not plugged
     * into any bus, and we must reset it manually.
     */
    device_reset(DEVICE(s->card));
}

static void pl181_init(Object *obj)
{
    DeviceState *dev = DEVICE(obj);
    PL181State *s = PL181(obj);
    SysBusDevice *sbd = SYS_BUS_DEVICE(obj);

    memory_region_init_io(&s->iomem, obj, &pl181_ops, s, "pl181", 0x1000);
    sysbus_init_mmio(sbd, &s->iomem);
    sysbus_init_irq(sbd, &s->irq[0]);
    sysbus_init_irq(sbd, &s->irq[1]);
    qdev_init_gpio_out(dev, s->cardstatus, 2);
}

static void pl181_realize(DeviceState *dev, Error **errp)
{
    PL181State *s = PL181(dev);
    DriveInfo *dinfo;

    /* FIXME use a qdev drive property instead of drive_get_next() */
    dinfo = drive_get_next(IF_SD);
    s->card = sd_init(dinfo ? blk_by_legacy_dinfo(dinfo) : NULL, false);
    if (s->card == NULL) {
        error_setg(errp, "sd_init failed");
    }
}

static void pl181_class_init(ObjectClass *klass, void *data)
{
    DeviceClass *k = DEVICE_CLASS(klass);

    k->vmsd = &vmstate_pl181;
    k->reset = pl181_reset;
    /* Reason: init() method uses drive_get_next() */
    k->user_creatable = false;
    k->realize = pl181_realize;
}

static const TypeInfo pl181_info = {
    .name          = TYPE_PL181,
    .parent        = TYPE_SYS_BUS_DEVICE,
    .instance_size = sizeof(PL181State),
    .instance_init = pl181_init,
    .class_init    = pl181_class_init,
};

static void pl181_register_types(void)
{
    type_register_static(&pl181_info);
}

type_init(pl181_register_types)
Commit	Line	Data
5fafdf24	1	/*
a1bb27b1 PB	2	* Arm PrimeCell PL181 MultiMedia Card Interface
	3	*
	4	* Copyright (c) 2007 CodeSourcery.
	5	* Written by Paul Brook
	6	*
8e31bf38	7	* This code is licensed under the GPL.
a1bb27b1 PB	8	*/
a1bb27b1 PB	9
8ef94f0b	10	#include "qemu/osdep.h"
9c17d615	11	#include "sysemu/blockdev.h"
83c9f4ca	12	#include "hw/sysbus.h"
e3382ef0	13	#include "hw/sd/sd.h"
03dd024f	14	#include "qemu/log.h"
0b8fa32f	15	#include "qemu/module.h"
0d554cb0	16	#include "qapi/error.h"
a1bb27b1 PB	17
	18	//#define DEBUG_PL181 1
	19
	20	#ifdef DEBUG_PL181
001faf32 BS	21	#define DPRINTF(fmt, ...) \
001faf32 BS	22	do { printf("pl181: " fmt , ## __VA_ARGS__); } while (0)
a1bb27b1	23	#else
001faf32	24	#define DPRINTF(fmt, ...) do {} while(0)
a1bb27b1 PB	25	#endif
	26
	27	#define PL181_FIFO_LEN 16
	28
630f4442 AF	29	#define TYPE_PL181 "pl181"
	30	#define PL181(obj) OBJECT_CHECK(PL181State, (obj), TYPE_PL181)
	31
1d998d93	32	typedef struct PL181State {
630f4442 AF	33	SysBusDevice parent_obj;
630f4442 AF	34
ca45842a	35	MemoryRegion iomem;
42a10898	36	SDState *card;
a1bb27b1 PB	37	uint32_t clock;
	38	uint32_t power;
	39	uint32_t cmdarg;
	40	uint32_t cmd;
	41	uint32_t datatimer;
	42	uint32_t datalength;
	43	uint32_t respcmd;
	44	uint32_t response[4];
	45	uint32_t datactrl;
	46	uint32_t datacnt;
	47	uint32_t status;
	48	uint32_t mask[2];
624923be PM	49	int32_t fifo_pos;
624923be PM	50	int32_t fifo_len;
6361cdb6	51	/* The linux 2.6.21 driver is buggy, and misbehaves if new data arrives
67cc32eb	52	while it is reading the FIFO. We hack around this by deferring
6361cdb6 PB	53	subsequent transfers until after the driver polls the status word.
	54	http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=4446/1
	55	*/
624923be	56	int32_t linux_hack;
a1bb27b1	57	uint32_t fifo[PL181_FIFO_LEN];
d537cf6c	58	qemu_irq irq[2];
c31a4724 PM	59	/* GPIO outputs for 'card is readonly' and 'card inserted' */
c31a4724 PM	60	qemu_irq cardstatus[2];
1d998d93	61	} PL181State;
a1bb27b1	62
624923be PM	63	static const VMStateDescription vmstate_pl181 = {
	64	.name = "pl181",
	65	.version_id = 1,
	66	.minimum_version_id = 1,
	67	.fields = (VMStateField[]) {
1d998d93 AF	68	VMSTATE_UINT32(clock, PL181State),
	69	VMSTATE_UINT32(power, PL181State),
	70	VMSTATE_UINT32(cmdarg, PL181State),
	71	VMSTATE_UINT32(cmd, PL181State),
	72	VMSTATE_UINT32(datatimer, PL181State),
	73	VMSTATE_UINT32(datalength, PL181State),
	74	VMSTATE_UINT32(respcmd, PL181State),
	75	VMSTATE_UINT32_ARRAY(response, PL181State, 4),
	76	VMSTATE_UINT32(datactrl, PL181State),
	77	VMSTATE_UINT32(datacnt, PL181State),
	78	VMSTATE_UINT32(status, PL181State),
	79	VMSTATE_UINT32_ARRAY(mask, PL181State, 2),
	80	VMSTATE_INT32(fifo_pos, PL181State),
	81	VMSTATE_INT32(fifo_len, PL181State),
	82	VMSTATE_INT32(linux_hack, PL181State),
	83	VMSTATE_UINT32_ARRAY(fifo, PL181State, PL181_FIFO_LEN),
624923be PM	84	VMSTATE_END_OF_LIST()
	85	}
	86	};
	87
a1bb27b1 PB	88	#define PL181_CMD_INDEX 0x3f
	89	#define PL181_CMD_RESPONSE (1 << 6)
	90	#define PL181_CMD_LONGRESP (1 << 7)
	91	#define PL181_CMD_INTERRUPT (1 << 8)
	92	#define PL181_CMD_PENDING (1 << 9)
	93	#define PL181_CMD_ENABLE (1 << 10)
	94
	95	#define PL181_DATA_ENABLE (1 << 0)
	96	#define PL181_DATA_DIRECTION (1 << 1)
	97	#define PL181_DATA_MODE (1 << 2)
	98	#define PL181_DATA_DMAENABLE (1 << 3)
	99
	100	#define PL181_STATUS_CMDCRCFAIL (1 << 0)
	101	#define PL181_STATUS_DATACRCFAIL (1 << 1)
	102	#define PL181_STATUS_CMDTIMEOUT (1 << 2)
	103	#define PL181_STATUS_DATATIMEOUT (1 << 3)
	104	#define PL181_STATUS_TXUNDERRUN (1 << 4)
	105	#define PL181_STATUS_RXOVERRUN (1 << 5)
	106	#define PL181_STATUS_CMDRESPEND (1 << 6)
	107	#define PL181_STATUS_CMDSENT (1 << 7)
	108	#define PL181_STATUS_DATAEND (1 << 8)
	109	#define PL181_STATUS_DATABLOCKEND (1 << 10)
	110	#define PL181_STATUS_CMDACTIVE (1 << 11)
	111	#define PL181_STATUS_TXACTIVE (1 << 12)
	112	#define PL181_STATUS_RXACTIVE (1 << 13)
	113	#define PL181_STATUS_TXFIFOHALFEMPTY (1 << 14)
	114	#define PL181_STATUS_RXFIFOHALFFULL (1 << 15)
	115	#define PL181_STATUS_TXFIFOFULL (1 << 16)
	116	#define PL181_STATUS_RXFIFOFULL (1 << 17)
	117	#define PL181_STATUS_TXFIFOEMPTY (1 << 18)
	118	#define PL181_STATUS_RXFIFOEMPTY (1 << 19)
	119	#define PL181_STATUS_TXDATAAVLBL (1 << 20)
	120	#define PL181_STATUS_RXDATAAVLBL (1 << 21)
	121
	122	#define PL181_STATUS_TX_FIFO (PL181_STATUS_TXACTIVE \
	123	\|PL181_STATUS_TXFIFOHALFEMPTY \
	124	\|PL181_STATUS_TXFIFOFULL \
	125	\|PL181_STATUS_TXFIFOEMPTY \
	126	\|PL181_STATUS_TXDATAAVLBL)
	127	#define PL181_STATUS_RX_FIFO (PL181_STATUS_RXACTIVE \
	128	\|PL181_STATUS_RXFIFOHALFFULL \
	129	\|PL181_STATUS_RXFIFOFULL \
	130	\|PL181_STATUS_RXFIFOEMPTY \
	131	\|PL181_STATUS_RXDATAAVLBL)
	132
	133	static const unsigned char pl181_id[] =
	134	{ 0x81, 0x11, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
	135
1d998d93	136	static void pl181_update(PL181State *s)
a1bb27b1 PB	137	{
	138	int i;
	139	for (i = 0; i < 2; i++) {
d537cf6c	140	qemu_set_irq(s->irq[i], (s->status & s->mask[i]) != 0);
a1bb27b1 PB	141	}
	142	}
	143
1d998d93	144	static void pl181_fifo_push(PL181State *s, uint32_t value)
a1bb27b1 PB	145	{
	146	int n;
	147
	148	if (s->fifo_len == PL181_FIFO_LEN) {
	149	fprintf(stderr, "pl181: FIFO overflow\n");
	150	return;
	151	}
	152	n = (s->fifo_pos + s->fifo_len) & (PL181_FIFO_LEN - 1);
	153	s->fifo_len++;
	154	s->fifo[n] = value;
	155	DPRINTF("FIFO push %08x\n", (int)value);
	156	}
	157
1d998d93	158	static uint32_t pl181_fifo_pop(PL181State *s)
a1bb27b1 PB	159	{
	160	uint32_t value;
	161
	162	if (s->fifo_len == 0) {
	163	fprintf(stderr, "pl181: FIFO underflow\n");
	164	return 0;
	165	}
	166	value = s->fifo[s->fifo_pos];
	167	s->fifo_len--;
	168	s->fifo_pos = (s->fifo_pos + 1) & (PL181_FIFO_LEN - 1);
	169	DPRINTF("FIFO pop %08x\n", (int)value);
	170	return value;
	171	}
	172
1d998d93	173	static void pl181_send_command(PL181State *s)
a1bb27b1	174	{
bc24a225	175	SDRequest request;
a1bb27b1 PB	176	uint8_t response[16];
	177	int rlen;
	178
	179	request.cmd = s->cmd & PL181_CMD_INDEX;
	180	request.arg = s->cmdarg;
	181	DPRINTF("Command %d %08x\n", request.cmd, request.arg);
	182	rlen = sd_do_command(s->card, &request, response);
	183	if (rlen < 0)
	184	goto error;
	185	if (s->cmd & PL181_CMD_RESPONSE) {
a1bb27b1 PB	186	if (rlen == 0 \|\| (rlen == 4 && (s->cmd & PL181_CMD_LONGRESP)))
	187	goto error;
	188	if (rlen != 4 && rlen != 16)
	189	goto error;
b3141c06	190	s->response[0] = ldl_be_p(&response[0]);
a1bb27b1 PB	191	if (rlen == 4) {
	192	s->response[1] = s->response[2] = s->response[3] = 0;
	193	} else {
b3141c06 PMD	194	s->response[1] = ldl_be_p(&response[4]);
	195	s->response[2] = ldl_be_p(&response[8]);
	196	s->response[3] = ldl_be_p(&response[12]) & ~1;
a1bb27b1	197	}
aa1f17c1	198	DPRINTF("Response received\n");
a1bb27b1	199	s->status \|= PL181_STATUS_CMDRESPEND;
a1bb27b1 PB	200	} else {
	201	DPRINTF("Command sent\n");
	202	s->status \|= PL181_STATUS_CMDSENT;
	203	}
	204	return;
	205
	206	error:
	207	DPRINTF("Timeout\n");
	208	s->status \|= PL181_STATUS_CMDTIMEOUT;
	209	}
	210
aa1f17c1	211	/* Transfer data between the card and the FIFO. This is complicated by
a1bb27b1 PB	212	the FIFO holding 32-bit words and the card taking data in single byte
a1bb27b1 PB	213	chunks. FIFO bytes are transferred in little-endian order. */
3b46e624	214
1d998d93	215	static void pl181_fifo_run(PL181State *s)
a1bb27b1 PB	216	{
a1bb27b1 PB	217	uint32_t bits;
f21126df	218	uint32_t value = 0;
a1bb27b1	219	int n;
a1bb27b1 PB	220	int is_read;
	221
	222	is_read = (s->datactrl & PL181_DATA_DIRECTION) != 0;
6361cdb6 PB	223	if (s->datacnt != 0 && (!is_read \|\| sd_data_ready(s->card))
6361cdb6 PB	224	&& !s->linux_hack) {
bc3b26f5 PB	225	if (is_read) {
bc3b26f5 PB	226	n = 0;
bc3b26f5	227	while (s->datacnt && s->fifo_len < PL181_FIFO_LEN) {
a1bb27b1	228	value \|= (uint32_t)sd_read_data(s->card) << (n * 8);
bc3b26f5	229	s->datacnt--;
a1bb27b1 PB	230	n++;
	231	if (n == 4) {
	232	pl181_fifo_push(s, value);
a1bb27b1	233	n = 0;
bc3b26f5	234	value = 0;
a1bb27b1	235	}
bc3b26f5 PB	236	}
	237	if (n != 0) {
	238	pl181_fifo_push(s, value);
	239	}
	240	} else { /* write */
	241	n = 0;
	242	while (s->datacnt > 0 && (s->fifo_len > 0 \|\| n > 0)) {
a1bb27b1 PB	243	if (n == 0) {
	244	value = pl181_fifo_pop(s);
	245	n = 4;
	246	}
bc3b26f5 PB	247	n--;
bc3b26f5 PB	248	s->datacnt--;
a1bb27b1 PB	249	sd_write_data(s->card, value & 0xff);
a1bb27b1 PB	250	value >>= 8;
a1bb27b1	251	}
a1bb27b1 PB	252	}
	253	}
	254	s->status &= ~(PL181_STATUS_RX_FIFO \| PL181_STATUS_TX_FIFO);
	255	if (s->datacnt == 0) {
	256	s->status \|= PL181_STATUS_DATAEND;
	257	/* HACK: */
	258	s->status \|= PL181_STATUS_DATABLOCKEND;
	259	DPRINTF("Transfer Complete\n");
	260	}
6361cdb6	261	if (s->datacnt == 0 && s->fifo_len == 0) {
a1bb27b1 PB	262	s->datactrl &= ~PL181_DATA_ENABLE;
	263	DPRINTF("Data engine idle\n");
	264	} else {
	265	/* Update FIFO bits. */
	266	bits = PL181_STATUS_TXACTIVE \| PL181_STATUS_RXACTIVE;
	267	if (s->fifo_len == 0) {
	268	bits \|= PL181_STATUS_TXFIFOEMPTY;
	269	bits \|= PL181_STATUS_RXFIFOEMPTY;
	270	} else {
	271	bits \|= PL181_STATUS_TXDATAAVLBL;
	272	bits \|= PL181_STATUS_RXDATAAVLBL;
	273	}
	274	if (s->fifo_len == 16) {
	275	bits \|= PL181_STATUS_TXFIFOFULL;
	276	bits \|= PL181_STATUS_RXFIFOFULL;
	277	}
	278	if (s->fifo_len <= 8) {
	279	bits \|= PL181_STATUS_TXFIFOHALFEMPTY;
	280	}
	281	if (s->fifo_len >= 8) {
	282	bits \|= PL181_STATUS_RXFIFOHALFFULL;
	283	}
	284	if (s->datactrl & PL181_DATA_DIRECTION) {
	285	bits &= PL181_STATUS_RX_FIFO;
	286	} else {
	287	bits &= PL181_STATUS_TX_FIFO;
	288	}
	289	s->status \|= bits;
	290	}
	291	}
	292
a8170e5e	293	static uint64_t pl181_read(void *opaque, hwaddr offset,
ca45842a	294	unsigned size)
a1bb27b1	295	{
1d998d93	296	PL181State s = (PL181State )opaque;
6361cdb6	297	uint32_t tmp;
a1bb27b1	298
a1bb27b1 PB	299	if (offset >= 0xfe0 && offset < 0x1000) {
	300	return pl181_id[(offset - 0xfe0) >> 2];
	301	}
	302	switch (offset) {
	303	case 0x00: /* Power */
	304	return s->power;
	305	case 0x04: /* Clock */
	306	return s->clock;
	307	case 0x08: /* Argument */
	308	return s->cmdarg;
	309	case 0x0c: /* Command */
	310	return s->cmd;
	311	case 0x10: /* RespCmd */
	312	return s->respcmd;
	313	case 0x14: /* Response0 */
	314	return s->response[0];
	315	case 0x18: /* Response1 */
	316	return s->response[1];
	317	case 0x1c: /* Response2 */
	318	return s->response[2];
	319	case 0x20: /* Response3 */
	320	return s->response[3];
	321	case 0x24: /* DataTimer */
	322	return s->datatimer;
	323	case 0x28: /* DataLength */
	324	return s->datalength;
	325	case 0x2c: /* DataCtrl */
	326	return s->datactrl;
	327	case 0x30: /* DataCnt */
	328	return s->datacnt;
	329	case 0x34: /* Status */
6361cdb6 PB	330	tmp = s->status;
	331	if (s->linux_hack) {
	332	s->linux_hack = 0;
	333	pl181_fifo_run(s);
	334	pl181_update(s);
	335	}
	336	return tmp;
a1bb27b1 PB	337	case 0x3c: /* Mask0 */
	338	return s->mask[0];
	339	case 0x40: /* Mask1 */
	340	return s->mask[1];
	341	case 0x48: /* FifoCnt */
6361cdb6 PB	342	/* The documentation is somewhat vague about exactly what FifoCnt
6361cdb6 PB	343	does. On real hardware it appears to be when decrememnted
66a0a2cb	344	when a word is transferred between the FIFO and the serial
6361cdb6	345	data engine. DataCnt is decremented after each byte is
66a0a2cb	346	transferred between the serial engine and the card.
6361cdb6 PB	347	We don't emulate this level of detail, so both can be the same. */
	348	tmp = (s->datacnt + 3) >> 2;
	349	if (s->linux_hack) {
	350	s->linux_hack = 0;
	351	pl181_fifo_run(s);
	352	pl181_update(s);
	353	}
	354	return tmp;
a1bb27b1 PB	355	case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
	356	case 0x90: case 0x94: case 0x98: case 0x9c:
	357	case 0xa0: case 0xa4: case 0xa8: case 0xac:
	358	case 0xb0: case 0xb4: case 0xb8: case 0xbc:
6361cdb6	359	if (s->fifo_len == 0) {
9351d708	360	qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO read\n");
a1bb27b1 PB	361	return 0;
	362	} else {
	363	uint32_t value;
a1bb27b1	364	value = pl181_fifo_pop(s);
6361cdb6	365	s->linux_hack = 1;
a1bb27b1 PB	366	pl181_fifo_run(s);
	367	pl181_update(s);
	368	return value;
	369	}
	370	default:
9351d708 PM	371	qemu_log_mask(LOG_GUEST_ERROR,
9351d708 PM	372	"pl181_read: Bad offset %x\n", (int)offset);
a1bb27b1 PB	373	return 0;
	374	}
	375	}
	376
a8170e5e	377	static void pl181_write(void *opaque, hwaddr offset,
ca45842a	378	uint64_t value, unsigned size)
a1bb27b1	379	{
1d998d93	380	PL181State s = (PL181State )opaque;
a1bb27b1	381
a1bb27b1 PB	382	switch (offset) {
	383	case 0x00: /* Power */
	384	s->power = value & 0xff;
	385	break;
	386	case 0x04: /* Clock */
	387	s->clock = value & 0xff;
	388	break;
	389	case 0x08: /* Argument */
	390	s->cmdarg = value;
	391	break;
	392	case 0x0c: /* Command */
	393	s->cmd = value;
	394	if (s->cmd & PL181_CMD_ENABLE) {
	395	if (s->cmd & PL181_CMD_INTERRUPT) {
9351d708 PM	396	qemu_log_mask(LOG_UNIMP,
9351d708 PM	397	"pl181: Interrupt mode not implemented\n");
a1bb27b1	398	} if (s->cmd & PL181_CMD_PENDING) {
9351d708 PM	399	qemu_log_mask(LOG_UNIMP,
9351d708 PM	400	"pl181: Pending commands not implemented\n");
a1bb27b1 PB	401	} else {
	402	pl181_send_command(s);
	403	pl181_fifo_run(s);
	404	}
	405	/* The command has completed one way or the other. */
	406	s->cmd &= ~PL181_CMD_ENABLE;
	407	}
	408	break;
	409	case 0x24: /* DataTimer */
	410	s->datatimer = value;
	411	break;
	412	case 0x28: /* DataLength */
	413	s->datalength = value & 0xffff;
	414	break;
	415	case 0x2c: /* DataCtrl */
	416	s->datactrl = value & 0xff;
	417	if (value & PL181_DATA_ENABLE) {
	418	s->datacnt = s->datalength;
a1bb27b1 PB	419	pl181_fifo_run(s);
	420	}
	421	break;
	422	case 0x38: /* Clear */
	423	s->status &= ~(value & 0x7ff);
	424	break;
	425	case 0x3c: /* Mask0 */
	426	s->mask[0] = value;
	427	break;
	428	case 0x40: /* Mask1 */
	429	s->mask[1] = value;
	430	break;
	431	case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
	432	case 0x90: case 0x94: case 0x98: case 0x9c:
	433	case 0xa0: case 0xa4: case 0xa8: case 0xac:
	434	case 0xb0: case 0xb4: case 0xb8: case 0xbc:
6361cdb6	435	if (s->datacnt == 0) {
9351d708	436	qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO write\n");
a1bb27b1	437	} else {
a1bb27b1 PB	438	pl181_fifo_push(s, value);
	439	pl181_fifo_run(s);
	440	}
	441	break;
	442	default:
9351d708 PM	443	qemu_log_mask(LOG_GUEST_ERROR,
9351d708 PM	444	"pl181_write: Bad offset %x\n", (int)offset);
a1bb27b1 PB	445	}
	446	pl181_update(s);
	447	}
	448
ca45842a AK	449	static const MemoryRegionOps pl181_ops = {
	450	.read = pl181_read,
	451	.write = pl181_write,
	452	.endianness = DEVICE_NATIVE_ENDIAN,
a1bb27b1 PB	453	};
a1bb27b1 PB	454
624923be	455	static void pl181_reset(DeviceState *d)
a1bb27b1	456	{
630f4442	457	PL181State *s = PL181(d);
a1bb27b1 PB	458
	459	s->power = 0;
	460	s->cmdarg = 0;
	461	s->cmd = 0;
	462	s->datatimer = 0;
	463	s->datalength = 0;
	464	s->respcmd = 0;
	465	s->response[0] = 0;
	466	s->response[1] = 0;
	467	s->response[2] = 0;
	468	s->response[3] = 0;
	469	s->datatimer = 0;
	470	s->datalength = 0;
	471	s->datactrl = 0;
	472	s->datacnt = 0;
	473	s->status = 0;
6361cdb6	474	s->linux_hack = 0;
a1bb27b1 PB	475	s->mask[0] = 0;
a1bb27b1 PB	476	s->mask[1] = 0;
c31a4724 PM	477
	478	/* We can assume our GPIO outputs have been wired up now */
	479	sd_set_cb(s->card, s->cardstatus[0], s->cardstatus[1]);
0cb57cc7 PM	480	/* Since we're still using the legacy SD API the card is not plugged
	481	* into any bus, and we must reset it manually.
	482	*/
	483	device_reset(DEVICE(s->card));
a1bb27b1 PB	484	}
a1bb27b1 PB	485
0d554cb0	486	static void pl181_init(Object *obj)
a1bb27b1	487	{
0d554cb0 XZ	488	DeviceState *dev = DEVICE(obj);
	489	PL181State *s = PL181(obj);
	490	SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
a1bb27b1	491
0d554cb0	492	memory_region_init_io(&s->iomem, obj, &pl181_ops, s, "pl181", 0x1000);
630f4442 AF	493	sysbus_init_mmio(sbd, &s->iomem);
	494	sysbus_init_irq(sbd, &s->irq[0]);
	495	sysbus_init_irq(sbd, &s->irq[1]);
	496	qdev_init_gpio_out(dev, s->cardstatus, 2);
0d554cb0 XZ	497	}
	498
	499	static void pl181_realize(DeviceState dev, Error *errp)
	500	{
	501	PL181State *s = PL181(dev);
	502	DriveInfo *dinfo;
	503
af9e40aa	504	/* FIXME use a qdev drive property instead of drive_get_next() */
13839974	505	dinfo = drive_get_next(IF_SD);
4be74634	506	s->card = sd_init(dinfo ? blk_by_legacy_dinfo(dinfo) : NULL, false);
4f8a066b	507	if (s->card == NULL) {
0d554cb0	508	error_setg(errp, "sd_init failed");
4f8a066b	509	}
a1bb27b1	510	}
aa9311d8	511
999e12bb AL	512	static void pl181_class_init(ObjectClass klass, void data)
999e12bb AL	513	{
39bffca2	514	DeviceClass *k = DEVICE_CLASS(klass);
999e12bb	515
39bffca2 AL	516	k->vmsd = &vmstate_pl181;
39bffca2 AL	517	k->reset = pl181_reset;
9f9bdf43	518	/* Reason: init() method uses drive_get_next() */
e90f2a8c	519	k->user_creatable = false;
0d554cb0	520	k->realize = pl181_realize;
999e12bb AL	521	}
999e12bb AL	522
8c43a6f0	523	static const TypeInfo pl181_info = {
630f4442	524	.name = TYPE_PL181,
39bffca2	525	.parent = TYPE_SYS_BUS_DEVICE,
1d998d93	526	.instance_size = sizeof(PL181State),
0d554cb0	527	.instance_init = pl181_init,
39bffca2	528	.class_init = pl181_class_init,
624923be PM	529	};
624923be PM	530
83f7d43a	531	static void pl181_register_types(void)
aa9311d8	532	{
39bffca2	533	type_register_static(&pl181_info);
aa9311d8 PB	534	}
aa9311d8 PB	535
83f7d43a	536	type_init(pl181_register_types)