[mirror_qemu.git] / hw / sd / pl181.c

/*
 * Arm PrimeCell PL181 MultiMedia Card Interface
 *
 * Copyright (c) 2007 CodeSourcery.
 * Written by Paul Brook
 *
 * This code is licensed under the GPL.
 */

#include "qemu/osdep.h"
#include "sysemu/blockdev.h"
#include "hw/sysbus.h"
#include "migration/vmstate.h"
#include "hw/irq.h"
#include "hw/sd/sd.h"
#include "qemu/log.h"
#include "qemu/module.h"
#include "qapi/error.h"

//#define DEBUG_PL181 1

#ifdef DEBUG_PL181
#define DPRINTF(fmt, ...) \
do { printf("pl181: " fmt , ## __VA_ARGS__); } while (0)
#else
#define DPRINTF(fmt, ...) do {} while(0)
#endif

#define PL181_FIFO_LEN 16

#define TYPE_PL181 "pl181"
#define PL181(obj) OBJECT_CHECK(PL181State, (obj), TYPE_PL181)

typedef struct PL181State {
    SysBusDevice parent_obj;

    MemoryRegion iomem;
    SDState *card;
    uint32_t clock;
    uint32_t power;
    uint32_t cmdarg;
    uint32_t cmd;
    uint32_t datatimer;
    uint32_t datalength;
    uint32_t respcmd;
    uint32_t response[4];
    uint32_t datactrl;
    uint32_t datacnt;
    uint32_t status;
    uint32_t mask[2];
    int32_t fifo_pos;
    int32_t fifo_len;
    /* The linux 2.6.21 driver is buggy, and misbehaves if new data arrives
       while it is reading the FIFO.  We hack around this by deferring
       subsequent transfers until after the driver polls the status word.
       http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=4446/1
     */
    int32_t linux_hack;
    uint32_t fifo[PL181_FIFO_LEN];
    qemu_irq irq[2];
    /* GPIO outputs for 'card is readonly' and 'card inserted' */
    qemu_irq cardstatus[2];
} PL181State;

static const VMStateDescription vmstate_pl181 = {
    .name = "pl181",
    .version_id = 1,
    .minimum_version_id = 1,
    .fields = (VMStateField[]) {
        VMSTATE_UINT32(clock, PL181State),
        VMSTATE_UINT32(power, PL181State),
        VMSTATE_UINT32(cmdarg, PL181State),
        VMSTATE_UINT32(cmd, PL181State),
        VMSTATE_UINT32(datatimer, PL181State),
        VMSTATE_UINT32(datalength, PL181State),
        VMSTATE_UINT32(respcmd, PL181State),
        VMSTATE_UINT32_ARRAY(response, PL181State, 4),
        VMSTATE_UINT32(datactrl, PL181State),
        VMSTATE_UINT32(datacnt, PL181State),
        VMSTATE_UINT32(status, PL181State),
        VMSTATE_UINT32_ARRAY(mask, PL181State, 2),
        VMSTATE_INT32(fifo_pos, PL181State),
        VMSTATE_INT32(fifo_len, PL181State),
        VMSTATE_INT32(linux_hack, PL181State),
        VMSTATE_UINT32_ARRAY(fifo, PL181State, PL181_FIFO_LEN),
        VMSTATE_END_OF_LIST()
    }
};

#define PL181_CMD_INDEX     0x3f
#define PL181_CMD_RESPONSE  (1 << 6)
#define PL181_CMD_LONGRESP  (1 << 7)
#define PL181_CMD_INTERRUPT (1 << 8)
#define PL181_CMD_PENDING   (1 << 9)
#define PL181_CMD_ENABLE    (1 << 10)

#define PL181_DATA_ENABLE             (1 << 0)
#define PL181_DATA_DIRECTION          (1 << 1)
#define PL181_DATA_MODE               (1 << 2)
#define PL181_DATA_DMAENABLE          (1 << 3)

#define PL181_STATUS_CMDCRCFAIL       (1 << 0)
#define PL181_STATUS_DATACRCFAIL      (1 << 1)
#define PL181_STATUS_CMDTIMEOUT       (1 << 2)
#define PL181_STATUS_DATATIMEOUT      (1 << 3)
#define PL181_STATUS_TXUNDERRUN       (1 << 4)
#define PL181_STATUS_RXOVERRUN        (1 << 5)
#define PL181_STATUS_CMDRESPEND       (1 << 6)
#define PL181_STATUS_CMDSENT          (1 << 7)
#define PL181_STATUS_DATAEND          (1 << 8)
#define PL181_STATUS_DATABLOCKEND     (1 << 10)
#define PL181_STATUS_CMDACTIVE        (1 << 11)
#define PL181_STATUS_TXACTIVE         (1 << 12)
#define PL181_STATUS_RXACTIVE         (1 << 13)
#define PL181_STATUS_TXFIFOHALFEMPTY  (1 << 14)
#define PL181_STATUS_RXFIFOHALFFULL   (1 << 15)
#define PL181_STATUS_TXFIFOFULL       (1 << 16)
#define PL181_STATUS_RXFIFOFULL       (1 << 17)
#define PL181_STATUS_TXFIFOEMPTY      (1 << 18)
#define PL181_STATUS_RXFIFOEMPTY      (1 << 19)
#define PL181_STATUS_TXDATAAVLBL      (1 << 20)
#define PL181_STATUS_RXDATAAVLBL      (1 << 21)

#define PL181_STATUS_TX_FIFO (PL181_STATUS_TXACTIVE \
                             |PL181_STATUS_TXFIFOHALFEMPTY \
                             |PL181_STATUS_TXFIFOFULL \
                             |PL181_STATUS_TXFIFOEMPTY \
                             |PL181_STATUS_TXDATAAVLBL)
#define PL181_STATUS_RX_FIFO (PL181_STATUS_RXACTIVE \
                             |PL181_STATUS_RXFIFOHALFFULL \
                             |PL181_STATUS_RXFIFOFULL \
                             |PL181_STATUS_RXFIFOEMPTY \
                             |PL181_STATUS_RXDATAAVLBL)

static const unsigned char pl181_id[] =
{ 0x81, 0x11, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };

static void pl181_update(PL181State *s)
{
    int i;
    for (i = 0; i < 2; i++) {
        qemu_set_irq(s->irq[i], (s->status & s->mask[i]) != 0);
    }
}

static void pl181_fifo_push(PL181State *s, uint32_t value)
{
    int n;

    if (s->fifo_len == PL181_FIFO_LEN) {
        fprintf(stderr, "pl181: FIFO overflow\n");
        return;
    }
    n = (s->fifo_pos + s->fifo_len) & (PL181_FIFO_LEN - 1);
    s->fifo_len++;
    s->fifo[n] = value;
    DPRINTF("FIFO push %08x\n", (int)value);
}

static uint32_t pl181_fifo_pop(PL181State *s)
{
    uint32_t value;

    if (s->fifo_len == 0) {
        fprintf(stderr, "pl181: FIFO underflow\n");
        return 0;
    }
    value = s->fifo[s->fifo_pos];
    s->fifo_len--;
    s->fifo_pos = (s->fifo_pos + 1) & (PL181_FIFO_LEN - 1);
    DPRINTF("FIFO pop %08x\n", (int)value);
    return value;
}

static void pl181_send_command(PL181State *s)
{
    SDRequest request;
    uint8_t response[16];
    int rlen;

    request.cmd = s->cmd & PL181_CMD_INDEX;
    request.arg = s->cmdarg;
    DPRINTF("Command %d %08x\n", request.cmd, request.arg);
    rlen = sd_do_command(s->card, &request, response);
    if (rlen < 0)
        goto error;
    if (s->cmd & PL181_CMD_RESPONSE) {
        if (rlen == 0 || (rlen == 4 && (s->cmd & PL181_CMD_LONGRESP)))
            goto error;
        if (rlen != 4 && rlen != 16)
            goto error;
        s->response[0] = ldl_be_p(&response[0]);
        if (rlen == 4) {
            s->response[1] = s->response[2] = s->response[3] = 0;
        } else {
            s->response[1] = ldl_be_p(&response[4]);
            s->response[2] = ldl_be_p(&response[8]);
            s->response[3] = ldl_be_p(&response[12]) & ~1;
        }
        DPRINTF("Response received\n");
        s->status |= PL181_STATUS_CMDRESPEND;
    } else {
        DPRINTF("Command sent\n");
        s->status |= PL181_STATUS_CMDSENT;
    }
    return;

error:
    DPRINTF("Timeout\n");
    s->status |= PL181_STATUS_CMDTIMEOUT;
}

/* Transfer data between the card and the FIFO.  This is complicated by
   the FIFO holding 32-bit words and the card taking data in single byte
   chunks.  FIFO bytes are transferred in little-endian order.  */

static void pl181_fifo_run(PL181State *s)
{
    uint32_t bits;
    uint32_t value = 0;
    int n;
    int is_read;

    is_read = (s->datactrl & PL181_DATA_DIRECTION) != 0;
    if (s->datacnt != 0 && (!is_read || sd_data_ready(s->card))
            && !s->linux_hack) {
        if (is_read) {
            n = 0;
            while (s->datacnt && s->fifo_len < PL181_FIFO_LEN) {
                value |= (uint32_t)sd_read_data(s->card) << (n * 8);
                s->datacnt--;
                n++;
                if (n == 4) {
                    pl181_fifo_push(s, value);
                    n = 0;
                    value = 0;
                }
            }
            if (n != 0) {
                pl181_fifo_push(s, value);
            }
        } else { /* write */
            n = 0;
            while (s->datacnt > 0 && (s->fifo_len > 0 || n > 0)) {
                if (n == 0) {
                    value = pl181_fifo_pop(s);
                    n = 4;
                }
                n--;
                s->datacnt--;
                sd_write_data(s->card, value & 0xff);
                value >>= 8;
            }
        }
    }
    s->status &= ~(PL181_STATUS_RX_FIFO | PL181_STATUS_TX_FIFO);
    if (s->datacnt == 0) {
        s->status |= PL181_STATUS_DATAEND;
        /* HACK: */
        s->status |= PL181_STATUS_DATABLOCKEND;
        DPRINTF("Transfer Complete\n");
    }
    if (s->datacnt == 0 && s->fifo_len == 0) {
        s->datactrl &= ~PL181_DATA_ENABLE;
        DPRINTF("Data engine idle\n");
    } else {
        /* Update FIFO bits.  */
        bits = PL181_STATUS_TXACTIVE | PL181_STATUS_RXACTIVE;
        if (s->fifo_len == 0) {
            bits |= PL181_STATUS_TXFIFOEMPTY;
            bits |= PL181_STATUS_RXFIFOEMPTY;
        } else {
            bits |= PL181_STATUS_TXDATAAVLBL;
            bits |= PL181_STATUS_RXDATAAVLBL;
        }
        if (s->fifo_len == 16) {
            bits |= PL181_STATUS_TXFIFOFULL;
            bits |= PL181_STATUS_RXFIFOFULL;
        }
        if (s->fifo_len <= 8) {
            bits |= PL181_STATUS_TXFIFOHALFEMPTY;
        }
        if (s->fifo_len >= 8) {
            bits |= PL181_STATUS_RXFIFOHALFFULL;
        }
        if (s->datactrl & PL181_DATA_DIRECTION) {
            bits &= PL181_STATUS_RX_FIFO;
        } else {
            bits &= PL181_STATUS_TX_FIFO;
        }
        s->status |= bits;
    }
}

static uint64_t pl181_read(void *opaque, hwaddr offset,
                           unsigned size)
{
    PL181State *s = (PL181State *)opaque;
    uint32_t tmp;

    if (offset >= 0xfe0 && offset < 0x1000) {
        return pl181_id[(offset - 0xfe0) >> 2];
    }
    switch (offset) {
    case 0x00: /* Power */
        return s->power;
    case 0x04: /* Clock */
        return s->clock;
    case 0x08: /* Argument */
        return s->cmdarg;
    case 0x0c: /* Command */
        return s->cmd;
    case 0x10: /* RespCmd */
        return s->respcmd;
    case 0x14: /* Response0 */
        return s->response[0];
    case 0x18: /* Response1 */
        return s->response[1];
    case 0x1c: /* Response2 */
        return s->response[2];
    case 0x20: /* Response3 */
        return s->response[3];
    case 0x24: /* DataTimer */
        return s->datatimer;
    case 0x28: /* DataLength */
        return s->datalength;
    case 0x2c: /* DataCtrl */
        return s->datactrl;
    case 0x30: /* DataCnt */
        return s->datacnt;
    case 0x34: /* Status */
        tmp = s->status;
        if (s->linux_hack) {
            s->linux_hack = 0;
            pl181_fifo_run(s);
            pl181_update(s);
        }
        return tmp;
    case 0x3c: /* Mask0 */
        return s->mask[0];
    case 0x40: /* Mask1 */
        return s->mask[1];
    case 0x48: /* FifoCnt */
        /* The documentation is somewhat vague about exactly what FifoCnt
           does.  On real hardware it appears to be when decrememnted
           when a word is transferred between the FIFO and the serial
           data engine.  DataCnt is decremented after each byte is
           transferred between the serial engine and the card.
           We don't emulate this level of detail, so both can be the same.  */
        tmp = (s->datacnt + 3) >> 2;
        if (s->linux_hack) {
            s->linux_hack = 0;
            pl181_fifo_run(s);
            pl181_update(s);
        }
        return tmp;
    case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
    case 0x90: case 0x94: case 0x98: case 0x9c:
    case 0xa0: case 0xa4: case 0xa8: case 0xac:
    case 0xb0: case 0xb4: case 0xb8: case 0xbc:
        if (s->fifo_len == 0) {
            qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO read\n");
            return 0;
        } else {
            uint32_t value;
            value = pl181_fifo_pop(s);
            s->linux_hack = 1;
            pl181_fifo_run(s);
            pl181_update(s);
            return value;
        }
    default:
        qemu_log_mask(LOG_GUEST_ERROR,
                      "pl181_read: Bad offset %x\n", (int)offset);
        return 0;
    }
}

static void pl181_write(void *opaque, hwaddr offset,
                        uint64_t value, unsigned size)
{
    PL181State *s = (PL181State *)opaque;

    switch (offset) {
    case 0x00: /* Power */
        s->power = value & 0xff;
        break;
    case 0x04: /* Clock */
        s->clock = value & 0xff;
        break;
    case 0x08: /* Argument */
        s->cmdarg = value;
        break;
    case 0x0c: /* Command */
        s->cmd = value;
        if (s->cmd & PL181_CMD_ENABLE) {
            if (s->cmd & PL181_CMD_INTERRUPT) {
                qemu_log_mask(LOG_UNIMP,
                              "pl181: Interrupt mode not implemented\n");
            } if (s->cmd & PL181_CMD_PENDING) {
                qemu_log_mask(LOG_UNIMP,
                              "pl181: Pending commands not implemented\n");
            } else {
                pl181_send_command(s);
                pl181_fifo_run(s);
            }
            /* The command has completed one way or the other.  */
            s->cmd &= ~PL181_CMD_ENABLE;
        }
        break;
    case 0x24: /* DataTimer */
        s->datatimer = value;
        break;
    case 0x28: /* DataLength */
        s->datalength = value & 0xffff;
        break;
    case 0x2c: /* DataCtrl */
        s->datactrl = value & 0xff;
        if (value & PL181_DATA_ENABLE) {
            s->datacnt = s->datalength;
            pl181_fifo_run(s);
        }
        break;
    case 0x38: /* Clear */
        s->status &= ~(value & 0x7ff);
        break;
    case 0x3c: /* Mask0 */
        s->mask[0] = value;
        break;
    case 0x40: /* Mask1 */
        s->mask[1] = value;
        break;
    case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
    case 0x90: case 0x94: case 0x98: case 0x9c:
    case 0xa0: case 0xa4: case 0xa8: case 0xac:
    case 0xb0: case 0xb4: case 0xb8: case 0xbc:
        if (s->datacnt == 0) {
            qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO write\n");
        } else {
            pl181_fifo_push(s, value);
            pl181_fifo_run(s);
        }
        break;
    default:
        qemu_log_mask(LOG_GUEST_ERROR,
                      "pl181_write: Bad offset %x\n", (int)offset);
    }
    pl181_update(s);
}

static const MemoryRegionOps pl181_ops = {
    .read = pl181_read,
    .write = pl181_write,
    .endianness = DEVICE_NATIVE_ENDIAN,
};

static void pl181_reset(DeviceState *d)
{
    PL181State *s = PL181(d);

    s->power = 0;
    s->cmdarg = 0;
    s->cmd = 0;
    s->datatimer = 0;
    s->datalength = 0;
    s->respcmd = 0;
    s->response[0] = 0;
    s->response[1] = 0;
    s->response[2] = 0;
    s->response[3] = 0;
    s->datatimer = 0;
    s->datalength = 0;
    s->datactrl = 0;
    s->datacnt = 0;
    s->status = 0;
    s->linux_hack = 0;
    s->mask[0] = 0;
    s->mask[1] = 0;

    /* We can assume our GPIO outputs have been wired up now */
    sd_set_cb(s->card, s->cardstatus[0], s->cardstatus[1]);
    /* Since we're still using the legacy SD API the card is not plugged
     * into any bus, and we must reset it manually.
     */
    device_reset(DEVICE(s->card));
}

static void pl181_init(Object *obj)
{
    DeviceState *dev = DEVICE(obj);
    PL181State *s = PL181(obj);
    SysBusDevice *sbd = SYS_BUS_DEVICE(obj);

    memory_region_init_io(&s->iomem, obj, &pl181_ops, s, "pl181", 0x1000);
    sysbus_init_mmio(sbd, &s->iomem);
    sysbus_init_irq(sbd, &s->irq[0]);
    sysbus_init_irq(sbd, &s->irq[1]);
    qdev_init_gpio_out(dev, s->cardstatus, 2);
}

static void pl181_realize(DeviceState *dev, Error **errp)
{
    PL181State *s = PL181(dev);
    DriveInfo *dinfo;

    /* FIXME use a qdev drive property instead of drive_get_next() */
    dinfo = drive_get_next(IF_SD);
    s->card = sd_init(dinfo ? blk_by_legacy_dinfo(dinfo) : NULL, false);
    if (s->card == NULL) {
        error_setg(errp, "sd_init failed");
    }
}

static void pl181_class_init(ObjectClass *klass, void *data)
{
    DeviceClass *k = DEVICE_CLASS(klass);

    k->vmsd = &vmstate_pl181;
    k->reset = pl181_reset;
    /* Reason: init() method uses drive_get_next() */
    k->user_creatable = false;
    k->realize = pl181_realize;
}

static const TypeInfo pl181_info = {
    .name          = TYPE_PL181,
    .parent        = TYPE_SYS_BUS_DEVICE,
    .instance_size = sizeof(PL181State),
    .instance_init = pl181_init,
    .class_init    = pl181_class_init,
};

static void pl181_register_types(void)
{
    type_register_static(&pl181_info);
}

type_init(pl181_register_types)
Commit	Line	Data
5fafdf24	1	/*
a1bb27b1 PB	2	* Arm PrimeCell PL181 MultiMedia Card Interface
	3	*
	4	* Copyright (c) 2007 CodeSourcery.
	5	* Written by Paul Brook
	6	*
8e31bf38	7	* This code is licensed under the GPL.
a1bb27b1 PB	8	*/
a1bb27b1 PB	9
8ef94f0b	10	#include "qemu/osdep.h"
9c17d615	11	#include "sysemu/blockdev.h"
83c9f4ca	12	#include "hw/sysbus.h"
d6454270	13	#include "migration/vmstate.h"
64552b6b	14	#include "hw/irq.h"
e3382ef0	15	#include "hw/sd/sd.h"
03dd024f	16	#include "qemu/log.h"
0b8fa32f	17	#include "qemu/module.h"
0d554cb0	18	#include "qapi/error.h"
a1bb27b1 PB	19
	20	//#define DEBUG_PL181 1
	21
	22	#ifdef DEBUG_PL181
001faf32 BS	23	#define DPRINTF(fmt, ...) \
001faf32 BS	24	do { printf("pl181: " fmt , ## __VA_ARGS__); } while (0)
a1bb27b1	25	#else
001faf32	26	#define DPRINTF(fmt, ...) do {} while(0)
a1bb27b1 PB	27	#endif
	28
	29	#define PL181_FIFO_LEN 16
	30
630f4442 AF	31	#define TYPE_PL181 "pl181"
	32	#define PL181(obj) OBJECT_CHECK(PL181State, (obj), TYPE_PL181)
	33
1d998d93	34	typedef struct PL181State {
630f4442 AF	35	SysBusDevice parent_obj;
630f4442 AF	36
ca45842a	37	MemoryRegion iomem;
42a10898	38	SDState *card;
a1bb27b1 PB	39	uint32_t clock;
	40	uint32_t power;
	41	uint32_t cmdarg;
	42	uint32_t cmd;
	43	uint32_t datatimer;
	44	uint32_t datalength;
	45	uint32_t respcmd;
	46	uint32_t response[4];
	47	uint32_t datactrl;
	48	uint32_t datacnt;
	49	uint32_t status;
	50	uint32_t mask[2];
624923be PM	51	int32_t fifo_pos;
624923be PM	52	int32_t fifo_len;
6361cdb6	53	/* The linux 2.6.21 driver is buggy, and misbehaves if new data arrives
67cc32eb	54	while it is reading the FIFO. We hack around this by deferring
6361cdb6 PB	55	subsequent transfers until after the driver polls the status word.
	56	http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=4446/1
	57	*/
624923be	58	int32_t linux_hack;
a1bb27b1	59	uint32_t fifo[PL181_FIFO_LEN];
d537cf6c	60	qemu_irq irq[2];
c31a4724 PM	61	/* GPIO outputs for 'card is readonly' and 'card inserted' */
c31a4724 PM	62	qemu_irq cardstatus[2];
1d998d93	63	} PL181State;
a1bb27b1	64
624923be PM	65	static const VMStateDescription vmstate_pl181 = {
	66	.name = "pl181",
	67	.version_id = 1,
	68	.minimum_version_id = 1,
	69	.fields = (VMStateField[]) {
1d998d93 AF	70	VMSTATE_UINT32(clock, PL181State),
	71	VMSTATE_UINT32(power, PL181State),
	72	VMSTATE_UINT32(cmdarg, PL181State),
	73	VMSTATE_UINT32(cmd, PL181State),
	74	VMSTATE_UINT32(datatimer, PL181State),
	75	VMSTATE_UINT32(datalength, PL181State),
	76	VMSTATE_UINT32(respcmd, PL181State),
	77	VMSTATE_UINT32_ARRAY(response, PL181State, 4),
	78	VMSTATE_UINT32(datactrl, PL181State),
	79	VMSTATE_UINT32(datacnt, PL181State),
	80	VMSTATE_UINT32(status, PL181State),
	81	VMSTATE_UINT32_ARRAY(mask, PL181State, 2),
	82	VMSTATE_INT32(fifo_pos, PL181State),
	83	VMSTATE_INT32(fifo_len, PL181State),
	84	VMSTATE_INT32(linux_hack, PL181State),
	85	VMSTATE_UINT32_ARRAY(fifo, PL181State, PL181_FIFO_LEN),
624923be PM	86	VMSTATE_END_OF_LIST()
	87	}
	88	};
	89
a1bb27b1 PB	90	#define PL181_CMD_INDEX 0x3f
	91	#define PL181_CMD_RESPONSE (1 << 6)
	92	#define PL181_CMD_LONGRESP (1 << 7)
	93	#define PL181_CMD_INTERRUPT (1 << 8)
	94	#define PL181_CMD_PENDING (1 << 9)
	95	#define PL181_CMD_ENABLE (1 << 10)
	96
	97	#define PL181_DATA_ENABLE (1 << 0)
	98	#define PL181_DATA_DIRECTION (1 << 1)
	99	#define PL181_DATA_MODE (1 << 2)
	100	#define PL181_DATA_DMAENABLE (1 << 3)
	101
	102	#define PL181_STATUS_CMDCRCFAIL (1 << 0)
	103	#define PL181_STATUS_DATACRCFAIL (1 << 1)
	104	#define PL181_STATUS_CMDTIMEOUT (1 << 2)
	105	#define PL181_STATUS_DATATIMEOUT (1 << 3)
	106	#define PL181_STATUS_TXUNDERRUN (1 << 4)
	107	#define PL181_STATUS_RXOVERRUN (1 << 5)
	108	#define PL181_STATUS_CMDRESPEND (1 << 6)
	109	#define PL181_STATUS_CMDSENT (1 << 7)
	110	#define PL181_STATUS_DATAEND (1 << 8)
	111	#define PL181_STATUS_DATABLOCKEND (1 << 10)
	112	#define PL181_STATUS_CMDACTIVE (1 << 11)
	113	#define PL181_STATUS_TXACTIVE (1 << 12)
	114	#define PL181_STATUS_RXACTIVE (1 << 13)
	115	#define PL181_STATUS_TXFIFOHALFEMPTY (1 << 14)
	116	#define PL181_STATUS_RXFIFOHALFFULL (1 << 15)
	117	#define PL181_STATUS_TXFIFOFULL (1 << 16)
	118	#define PL181_STATUS_RXFIFOFULL (1 << 17)
	119	#define PL181_STATUS_TXFIFOEMPTY (1 << 18)
	120	#define PL181_STATUS_RXFIFOEMPTY (1 << 19)
	121	#define PL181_STATUS_TXDATAAVLBL (1 << 20)
	122	#define PL181_STATUS_RXDATAAVLBL (1 << 21)
	123
	124	#define PL181_STATUS_TX_FIFO (PL181_STATUS_TXACTIVE \
	125	\|PL181_STATUS_TXFIFOHALFEMPTY \
	126	\|PL181_STATUS_TXFIFOFULL \
	127	\|PL181_STATUS_TXFIFOEMPTY \
	128	\|PL181_STATUS_TXDATAAVLBL)
	129	#define PL181_STATUS_RX_FIFO (PL181_STATUS_RXACTIVE \
	130	\|PL181_STATUS_RXFIFOHALFFULL \
	131	\|PL181_STATUS_RXFIFOFULL \
	132	\|PL181_STATUS_RXFIFOEMPTY \
	133	\|PL181_STATUS_RXDATAAVLBL)
	134
	135	static const unsigned char pl181_id[] =
	136	{ 0x81, 0x11, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
	137
1d998d93	138	static void pl181_update(PL181State *s)
a1bb27b1 PB	139	{
	140	int i;
	141	for (i = 0; i < 2; i++) {
d537cf6c	142	qemu_set_irq(s->irq[i], (s->status & s->mask[i]) != 0);
a1bb27b1 PB	143	}
	144	}
	145
1d998d93	146	static void pl181_fifo_push(PL181State *s, uint32_t value)
a1bb27b1 PB	147	{
	148	int n;
	149
	150	if (s->fifo_len == PL181_FIFO_LEN) {
	151	fprintf(stderr, "pl181: FIFO overflow\n");
	152	return;
	153	}
	154	n = (s->fifo_pos + s->fifo_len) & (PL181_FIFO_LEN - 1);
	155	s->fifo_len++;
	156	s->fifo[n] = value;
	157	DPRINTF("FIFO push %08x\n", (int)value);
	158	}
	159
1d998d93	160	static uint32_t pl181_fifo_pop(PL181State *s)
a1bb27b1 PB	161	{
	162	uint32_t value;
	163
	164	if (s->fifo_len == 0) {
	165	fprintf(stderr, "pl181: FIFO underflow\n");
	166	return 0;
	167	}
	168	value = s->fifo[s->fifo_pos];
	169	s->fifo_len--;
	170	s->fifo_pos = (s->fifo_pos + 1) & (PL181_FIFO_LEN - 1);
	171	DPRINTF("FIFO pop %08x\n", (int)value);
	172	return value;
	173	}
	174
1d998d93	175	static void pl181_send_command(PL181State *s)
a1bb27b1	176	{
bc24a225	177	SDRequest request;
a1bb27b1 PB	178	uint8_t response[16];
	179	int rlen;
	180
	181	request.cmd = s->cmd & PL181_CMD_INDEX;
	182	request.arg = s->cmdarg;
	183	DPRINTF("Command %d %08x\n", request.cmd, request.arg);
	184	rlen = sd_do_command(s->card, &request, response);
	185	if (rlen < 0)
	186	goto error;
	187	if (s->cmd & PL181_CMD_RESPONSE) {
a1bb27b1 PB	188	if (rlen == 0 \|\| (rlen == 4 && (s->cmd & PL181_CMD_LONGRESP)))
	189	goto error;
	190	if (rlen != 4 && rlen != 16)
	191	goto error;
b3141c06	192	s->response[0] = ldl_be_p(&response[0]);
a1bb27b1 PB	193	if (rlen == 4) {
	194	s->response[1] = s->response[2] = s->response[3] = 0;
	195	} else {
b3141c06 PMD	196	s->response[1] = ldl_be_p(&response[4]);
	197	s->response[2] = ldl_be_p(&response[8]);
	198	s->response[3] = ldl_be_p(&response[12]) & ~1;
a1bb27b1	199	}
aa1f17c1	200	DPRINTF("Response received\n");
a1bb27b1	201	s->status \|= PL181_STATUS_CMDRESPEND;
a1bb27b1 PB	202	} else {
	203	DPRINTF("Command sent\n");
	204	s->status \|= PL181_STATUS_CMDSENT;
	205	}
	206	return;
	207
	208	error:
	209	DPRINTF("Timeout\n");
	210	s->status \|= PL181_STATUS_CMDTIMEOUT;
	211	}
	212
aa1f17c1	213	/* Transfer data between the card and the FIFO. This is complicated by
a1bb27b1 PB	214	the FIFO holding 32-bit words and the card taking data in single byte
a1bb27b1 PB	215	chunks. FIFO bytes are transferred in little-endian order. */
3b46e624	216
1d998d93	217	static void pl181_fifo_run(PL181State *s)
a1bb27b1 PB	218	{
a1bb27b1 PB	219	uint32_t bits;
f21126df	220	uint32_t value = 0;
a1bb27b1	221	int n;
a1bb27b1 PB	222	int is_read;
	223
	224	is_read = (s->datactrl & PL181_DATA_DIRECTION) != 0;
6361cdb6 PB	225	if (s->datacnt != 0 && (!is_read \|\| sd_data_ready(s->card))
6361cdb6 PB	226	&& !s->linux_hack) {
bc3b26f5 PB	227	if (is_read) {
bc3b26f5 PB	228	n = 0;
bc3b26f5	229	while (s->datacnt && s->fifo_len < PL181_FIFO_LEN) {
a1bb27b1	230	value \|= (uint32_t)sd_read_data(s->card) << (n * 8);
bc3b26f5	231	s->datacnt--;
a1bb27b1 PB	232	n++;
	233	if (n == 4) {
	234	pl181_fifo_push(s, value);
a1bb27b1	235	n = 0;
bc3b26f5	236	value = 0;
a1bb27b1	237	}
bc3b26f5 PB	238	}
	239	if (n != 0) {
	240	pl181_fifo_push(s, value);
	241	}
	242	} else { /* write */
	243	n = 0;
	244	while (s->datacnt > 0 && (s->fifo_len > 0 \|\| n > 0)) {
a1bb27b1 PB	245	if (n == 0) {
	246	value = pl181_fifo_pop(s);
	247	n = 4;
	248	}
bc3b26f5 PB	249	n--;
bc3b26f5 PB	250	s->datacnt--;
a1bb27b1 PB	251	sd_write_data(s->card, value & 0xff);
a1bb27b1 PB	252	value >>= 8;
a1bb27b1	253	}
a1bb27b1 PB	254	}
	255	}
	256	s->status &= ~(PL181_STATUS_RX_FIFO \| PL181_STATUS_TX_FIFO);
	257	if (s->datacnt == 0) {
	258	s->status \|= PL181_STATUS_DATAEND;
	259	/* HACK: */
	260	s->status \|= PL181_STATUS_DATABLOCKEND;
	261	DPRINTF("Transfer Complete\n");
	262	}
6361cdb6	263	if (s->datacnt == 0 && s->fifo_len == 0) {
a1bb27b1 PB	264	s->datactrl &= ~PL181_DATA_ENABLE;
	265	DPRINTF("Data engine idle\n");
	266	} else {
	267	/* Update FIFO bits. */
	268	bits = PL181_STATUS_TXACTIVE \| PL181_STATUS_RXACTIVE;
	269	if (s->fifo_len == 0) {
	270	bits \|= PL181_STATUS_TXFIFOEMPTY;
	271	bits \|= PL181_STATUS_RXFIFOEMPTY;
	272	} else {
	273	bits \|= PL181_STATUS_TXDATAAVLBL;
	274	bits \|= PL181_STATUS_RXDATAAVLBL;
	275	}
	276	if (s->fifo_len == 16) {
	277	bits \|= PL181_STATUS_TXFIFOFULL;
	278	bits \|= PL181_STATUS_RXFIFOFULL;
	279	}
	280	if (s->fifo_len <= 8) {
	281	bits \|= PL181_STATUS_TXFIFOHALFEMPTY;
	282	}
	283	if (s->fifo_len >= 8) {
	284	bits \|= PL181_STATUS_RXFIFOHALFFULL;
	285	}
	286	if (s->datactrl & PL181_DATA_DIRECTION) {
	287	bits &= PL181_STATUS_RX_FIFO;
	288	} else {
	289	bits &= PL181_STATUS_TX_FIFO;
	290	}
	291	s->status \|= bits;
	292	}
	293	}
	294
a8170e5e	295	static uint64_t pl181_read(void *opaque, hwaddr offset,
ca45842a	296	unsigned size)
a1bb27b1	297	{
1d998d93	298	PL181State s = (PL181State )opaque;
6361cdb6	299	uint32_t tmp;
a1bb27b1	300
a1bb27b1 PB	301	if (offset >= 0xfe0 && offset < 0x1000) {
	302	return pl181_id[(offset - 0xfe0) >> 2];
	303	}
	304	switch (offset) {
	305	case 0x00: /* Power */
	306	return s->power;
	307	case 0x04: /* Clock */
	308	return s->clock;
	309	case 0x08: /* Argument */
	310	return s->cmdarg;
	311	case 0x0c: /* Command */
	312	return s->cmd;
	313	case 0x10: /* RespCmd */
	314	return s->respcmd;
	315	case 0x14: /* Response0 */
	316	return s->response[0];
	317	case 0x18: /* Response1 */
	318	return s->response[1];
	319	case 0x1c: /* Response2 */
	320	return s->response[2];
	321	case 0x20: /* Response3 */
	322	return s->response[3];
	323	case 0x24: /* DataTimer */
	324	return s->datatimer;
	325	case 0x28: /* DataLength */
	326	return s->datalength;
	327	case 0x2c: /* DataCtrl */
	328	return s->datactrl;
	329	case 0x30: /* DataCnt */
	330	return s->datacnt;
	331	case 0x34: /* Status */
6361cdb6 PB	332	tmp = s->status;
	333	if (s->linux_hack) {
	334	s->linux_hack = 0;
	335	pl181_fifo_run(s);
	336	pl181_update(s);
	337	}
	338	return tmp;
a1bb27b1 PB	339	case 0x3c: /* Mask0 */
	340	return s->mask[0];
	341	case 0x40: /* Mask1 */
	342	return s->mask[1];
	343	case 0x48: /* FifoCnt */
6361cdb6 PB	344	/* The documentation is somewhat vague about exactly what FifoCnt
6361cdb6 PB	345	does. On real hardware it appears to be when decrememnted
66a0a2cb	346	when a word is transferred between the FIFO and the serial
6361cdb6	347	data engine. DataCnt is decremented after each byte is
66a0a2cb	348	transferred between the serial engine and the card.
6361cdb6 PB	349	We don't emulate this level of detail, so both can be the same. */
	350	tmp = (s->datacnt + 3) >> 2;
	351	if (s->linux_hack) {
	352	s->linux_hack = 0;
	353	pl181_fifo_run(s);
	354	pl181_update(s);
	355	}
	356	return tmp;
a1bb27b1 PB	357	case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
	358	case 0x90: case 0x94: case 0x98: case 0x9c:
	359	case 0xa0: case 0xa4: case 0xa8: case 0xac:
	360	case 0xb0: case 0xb4: case 0xb8: case 0xbc:
6361cdb6	361	if (s->fifo_len == 0) {
9351d708	362	qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO read\n");
a1bb27b1 PB	363	return 0;
	364	} else {
	365	uint32_t value;
a1bb27b1	366	value = pl181_fifo_pop(s);
6361cdb6	367	s->linux_hack = 1;
a1bb27b1 PB	368	pl181_fifo_run(s);
	369	pl181_update(s);
	370	return value;
	371	}
	372	default:
9351d708 PM	373	qemu_log_mask(LOG_GUEST_ERROR,
9351d708 PM	374	"pl181_read: Bad offset %x\n", (int)offset);
a1bb27b1 PB	375	return 0;
	376	}
	377	}
	378
a8170e5e	379	static void pl181_write(void *opaque, hwaddr offset,
ca45842a	380	uint64_t value, unsigned size)
a1bb27b1	381	{
1d998d93	382	PL181State s = (PL181State )opaque;
a1bb27b1	383
a1bb27b1 PB	384	switch (offset) {
	385	case 0x00: /* Power */
	386	s->power = value & 0xff;
	387	break;
	388	case 0x04: /* Clock */
	389	s->clock = value & 0xff;
	390	break;
	391	case 0x08: /* Argument */
	392	s->cmdarg = value;
	393	break;
	394	case 0x0c: /* Command */
	395	s->cmd = value;
	396	if (s->cmd & PL181_CMD_ENABLE) {
	397	if (s->cmd & PL181_CMD_INTERRUPT) {
9351d708 PM	398	qemu_log_mask(LOG_UNIMP,
9351d708 PM	399	"pl181: Interrupt mode not implemented\n");
a1bb27b1	400	} if (s->cmd & PL181_CMD_PENDING) {
9351d708 PM	401	qemu_log_mask(LOG_UNIMP,
9351d708 PM	402	"pl181: Pending commands not implemented\n");
a1bb27b1 PB	403	} else {
	404	pl181_send_command(s);
	405	pl181_fifo_run(s);
	406	}
	407	/* The command has completed one way or the other. */
	408	s->cmd &= ~PL181_CMD_ENABLE;
	409	}
	410	break;
	411	case 0x24: /* DataTimer */
	412	s->datatimer = value;
	413	break;
	414	case 0x28: /* DataLength */
	415	s->datalength = value & 0xffff;
	416	break;
	417	case 0x2c: /* DataCtrl */
	418	s->datactrl = value & 0xff;
	419	if (value & PL181_DATA_ENABLE) {
	420	s->datacnt = s->datalength;
a1bb27b1 PB	421	pl181_fifo_run(s);
	422	}
	423	break;
	424	case 0x38: /* Clear */
	425	s->status &= ~(value & 0x7ff);
	426	break;
	427	case 0x3c: /* Mask0 */
	428	s->mask[0] = value;
	429	break;
	430	case 0x40: /* Mask1 */
	431	s->mask[1] = value;
	432	break;
	433	case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
	434	case 0x90: case 0x94: case 0x98: case 0x9c:
	435	case 0xa0: case 0xa4: case 0xa8: case 0xac:
	436	case 0xb0: case 0xb4: case 0xb8: case 0xbc:
6361cdb6	437	if (s->datacnt == 0) {
9351d708	438	qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO write\n");
a1bb27b1	439	} else {
a1bb27b1 PB	440	pl181_fifo_push(s, value);
	441	pl181_fifo_run(s);
	442	}
	443	break;
	444	default:
9351d708 PM	445	qemu_log_mask(LOG_GUEST_ERROR,
9351d708 PM	446	"pl181_write: Bad offset %x\n", (int)offset);
a1bb27b1 PB	447	}
	448	pl181_update(s);
	449	}
	450
ca45842a AK	451	static const MemoryRegionOps pl181_ops = {
	452	.read = pl181_read,
	453	.write = pl181_write,
	454	.endianness = DEVICE_NATIVE_ENDIAN,
a1bb27b1 PB	455	};
a1bb27b1 PB	456
624923be	457	static void pl181_reset(DeviceState *d)
a1bb27b1	458	{
630f4442	459	PL181State *s = PL181(d);
a1bb27b1 PB	460
	461	s->power = 0;
	462	s->cmdarg = 0;
	463	s->cmd = 0;
	464	s->datatimer = 0;
	465	s->datalength = 0;
	466	s->respcmd = 0;
	467	s->response[0] = 0;
	468	s->response[1] = 0;
	469	s->response[2] = 0;
	470	s->response[3] = 0;
	471	s->datatimer = 0;
	472	s->datalength = 0;
	473	s->datactrl = 0;
	474	s->datacnt = 0;
	475	s->status = 0;
6361cdb6	476	s->linux_hack = 0;
a1bb27b1 PB	477	s->mask[0] = 0;
a1bb27b1 PB	478	s->mask[1] = 0;
c31a4724 PM	479
	480	/* We can assume our GPIO outputs have been wired up now */
	481	sd_set_cb(s->card, s->cardstatus[0], s->cardstatus[1]);
0cb57cc7 PM	482	/* Since we're still using the legacy SD API the card is not plugged
	483	* into any bus, and we must reset it manually.
	484	*/
	485	device_reset(DEVICE(s->card));
a1bb27b1 PB	486	}
a1bb27b1 PB	487
0d554cb0	488	static void pl181_init(Object *obj)
a1bb27b1	489	{
0d554cb0 XZ	490	DeviceState *dev = DEVICE(obj);
	491	PL181State *s = PL181(obj);
	492	SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
a1bb27b1	493
0d554cb0	494	memory_region_init_io(&s->iomem, obj, &pl181_ops, s, "pl181", 0x1000);
630f4442 AF	495	sysbus_init_mmio(sbd, &s->iomem);
	496	sysbus_init_irq(sbd, &s->irq[0]);
	497	sysbus_init_irq(sbd, &s->irq[1]);
	498	qdev_init_gpio_out(dev, s->cardstatus, 2);
0d554cb0 XZ	499	}
	500
	501	static void pl181_realize(DeviceState dev, Error *errp)
	502	{
	503	PL181State *s = PL181(dev);
	504	DriveInfo *dinfo;
	505
af9e40aa	506	/* FIXME use a qdev drive property instead of drive_get_next() */
13839974	507	dinfo = drive_get_next(IF_SD);
4be74634	508	s->card = sd_init(dinfo ? blk_by_legacy_dinfo(dinfo) : NULL, false);
4f8a066b	509	if (s->card == NULL) {
0d554cb0	510	error_setg(errp, "sd_init failed");
4f8a066b	511	}
a1bb27b1	512	}
aa9311d8	513
999e12bb AL	514	static void pl181_class_init(ObjectClass klass, void data)
999e12bb AL	515	{
39bffca2	516	DeviceClass *k = DEVICE_CLASS(klass);
999e12bb	517
39bffca2 AL	518	k->vmsd = &vmstate_pl181;
39bffca2 AL	519	k->reset = pl181_reset;
9f9bdf43	520	/* Reason: init() method uses drive_get_next() */
e90f2a8c	521	k->user_creatable = false;
0d554cb0	522	k->realize = pl181_realize;
999e12bb AL	523	}
999e12bb AL	524
8c43a6f0	525	static const TypeInfo pl181_info = {
630f4442	526	.name = TYPE_PL181,
39bffca2	527	.parent = TYPE_SYS_BUS_DEVICE,
1d998d93	528	.instance_size = sizeof(PL181State),
0d554cb0	529	.instance_init = pl181_init,
39bffca2	530	.class_init = pl181_class_init,
624923be PM	531	};
624923be PM	532
83f7d43a	533	static void pl181_register_types(void)
aa9311d8	534	{
39bffca2	535	type_register_static(&pl181_info);
aa9311d8 PB	536	}
aa9311d8 PB	537
83f7d43a	538	type_init(pl181_register_types)