[qemu.git] / hw / sd / pl181.c

/*
 * Arm PrimeCell PL181 MultiMedia Card Interface
 *
 * Copyright (c) 2007 CodeSourcery.
 * Written by Paul Brook
 *
 * This code is licensed under the GPL.
 */

#include "sysemu/blockdev.h"
#include "hw/sysbus.h"
#include "hw/sd.h"

//#define DEBUG_PL181 1

#ifdef DEBUG_PL181
#define DPRINTF(fmt, ...) \
do { printf("pl181: " fmt , ## __VA_ARGS__); } while (0)
#else
#define DPRINTF(fmt, ...) do {} while(0)
#endif

#define PL181_FIFO_LEN 16

typedef struct {
    SysBusDevice busdev;
    MemoryRegion iomem;
    SDState *card;
    uint32_t clock;
    uint32_t power;
    uint32_t cmdarg;
    uint32_t cmd;
    uint32_t datatimer;
    uint32_t datalength;
    uint32_t respcmd;
    uint32_t response[4];
    uint32_t datactrl;
    uint32_t datacnt;
    uint32_t status;
    uint32_t mask[2];
    int32_t fifo_pos;
    int32_t fifo_len;
    /* The linux 2.6.21 driver is buggy, and misbehaves if new data arrives
       while it is reading the FIFO.  We hack around this be defering
       subsequent transfers until after the driver polls the status word.
       http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=4446/1
     */
    int32_t linux_hack;
    uint32_t fifo[PL181_FIFO_LEN];
    qemu_irq irq[2];
    /* GPIO outputs for 'card is readonly' and 'card inserted' */
    qemu_irq cardstatus[2];
} pl181_state;

static const VMStateDescription vmstate_pl181 = {
    .name = "pl181",
    .version_id = 1,
    .minimum_version_id = 1,
    .fields = (VMStateField[]) {
        VMSTATE_UINT32(clock, pl181_state),
        VMSTATE_UINT32(power, pl181_state),
        VMSTATE_UINT32(cmdarg, pl181_state),
        VMSTATE_UINT32(cmd, pl181_state),
        VMSTATE_UINT32(datatimer, pl181_state),
        VMSTATE_UINT32(datalength, pl181_state),
        VMSTATE_UINT32(respcmd, pl181_state),
        VMSTATE_UINT32_ARRAY(response, pl181_state, 4),
        VMSTATE_UINT32(datactrl, pl181_state),
        VMSTATE_UINT32(datacnt, pl181_state),
        VMSTATE_UINT32(status, pl181_state),
        VMSTATE_UINT32_ARRAY(mask, pl181_state, 2),
        VMSTATE_INT32(fifo_pos, pl181_state),
        VMSTATE_INT32(fifo_len, pl181_state),
        VMSTATE_INT32(linux_hack, pl181_state),
        VMSTATE_UINT32_ARRAY(fifo, pl181_state, PL181_FIFO_LEN),
        VMSTATE_END_OF_LIST()
    }
};

#define PL181_CMD_INDEX     0x3f
#define PL181_CMD_RESPONSE  (1 << 6)
#define PL181_CMD_LONGRESP  (1 << 7)
#define PL181_CMD_INTERRUPT (1 << 8)
#define PL181_CMD_PENDING   (1 << 9)
#define PL181_CMD_ENABLE    (1 << 10)

#define PL181_DATA_ENABLE             (1 << 0)
#define PL181_DATA_DIRECTION          (1 << 1)
#define PL181_DATA_MODE               (1 << 2)
#define PL181_DATA_DMAENABLE          (1 << 3)

#define PL181_STATUS_CMDCRCFAIL       (1 << 0)
#define PL181_STATUS_DATACRCFAIL      (1 << 1)
#define PL181_STATUS_CMDTIMEOUT       (1 << 2)
#define PL181_STATUS_DATATIMEOUT      (1 << 3)
#define PL181_STATUS_TXUNDERRUN       (1 << 4)
#define PL181_STATUS_RXOVERRUN        (1 << 5)
#define PL181_STATUS_CMDRESPEND       (1 << 6)
#define PL181_STATUS_CMDSENT          (1 << 7)
#define PL181_STATUS_DATAEND          (1 << 8)
#define PL181_STATUS_DATABLOCKEND     (1 << 10)
#define PL181_STATUS_CMDACTIVE        (1 << 11)
#define PL181_STATUS_TXACTIVE         (1 << 12)
#define PL181_STATUS_RXACTIVE         (1 << 13)
#define PL181_STATUS_TXFIFOHALFEMPTY  (1 << 14)
#define PL181_STATUS_RXFIFOHALFFULL   (1 << 15)
#define PL181_STATUS_TXFIFOFULL       (1 << 16)
#define PL181_STATUS_RXFIFOFULL       (1 << 17)
#define PL181_STATUS_TXFIFOEMPTY      (1 << 18)
#define PL181_STATUS_RXFIFOEMPTY      (1 << 19)
#define PL181_STATUS_TXDATAAVLBL      (1 << 20)
#define PL181_STATUS_RXDATAAVLBL      (1 << 21)

#define PL181_STATUS_TX_FIFO (PL181_STATUS_TXACTIVE \
                             |PL181_STATUS_TXFIFOHALFEMPTY \
                             |PL181_STATUS_TXFIFOFULL \
                             |PL181_STATUS_TXFIFOEMPTY \
                             |PL181_STATUS_TXDATAAVLBL)
#define PL181_STATUS_RX_FIFO (PL181_STATUS_RXACTIVE \
                             |PL181_STATUS_RXFIFOHALFFULL \
                             |PL181_STATUS_RXFIFOFULL \
                             |PL181_STATUS_RXFIFOEMPTY \
                             |PL181_STATUS_RXDATAAVLBL)

static const unsigned char pl181_id[] =
{ 0x81, 0x11, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };

static void pl181_update(pl181_state *s)
{
    int i;
    for (i = 0; i < 2; i++) {
        qemu_set_irq(s->irq[i], (s->status & s->mask[i]) != 0);
    }
}

static void pl181_fifo_push(pl181_state *s, uint32_t value)
{
    int n;

    if (s->fifo_len == PL181_FIFO_LEN) {
        fprintf(stderr, "pl181: FIFO overflow\n");
        return;
    }
    n = (s->fifo_pos + s->fifo_len) & (PL181_FIFO_LEN - 1);
    s->fifo_len++;
    s->fifo[n] = value;
    DPRINTF("FIFO push %08x\n", (int)value);
}

static uint32_t pl181_fifo_pop(pl181_state *s)
{
    uint32_t value;

    if (s->fifo_len == 0) {
        fprintf(stderr, "pl181: FIFO underflow\n");
        return 0;
    }
    value = s->fifo[s->fifo_pos];
    s->fifo_len--;
    s->fifo_pos = (s->fifo_pos + 1) & (PL181_FIFO_LEN - 1);
    DPRINTF("FIFO pop %08x\n", (int)value);
    return value;
}

static void pl181_send_command(pl181_state *s)
{
    SDRequest request;
    uint8_t response[16];
    int rlen;

    request.cmd = s->cmd & PL181_CMD_INDEX;
    request.arg = s->cmdarg;
    DPRINTF("Command %d %08x\n", request.cmd, request.arg);
    rlen = sd_do_command(s->card, &request, response);
    if (rlen < 0)
        goto error;
    if (s->cmd & PL181_CMD_RESPONSE) {
#define RWORD(n) (((uint32_t)response[n] << 24) | (response[n + 1] << 16) \
                  | (response[n + 2] << 8) | response[n + 3])
        if (rlen == 0 || (rlen == 4 && (s->cmd & PL181_CMD_LONGRESP)))
            goto error;
        if (rlen != 4 && rlen != 16)
            goto error;
        s->response[0] = RWORD(0);
        if (rlen == 4) {
            s->response[1] = s->response[2] = s->response[3] = 0;
        } else {
            s->response[1] = RWORD(4);
            s->response[2] = RWORD(8);
            s->response[3] = RWORD(12) & ~1;
        }
        DPRINTF("Response received\n");
        s->status |= PL181_STATUS_CMDRESPEND;
#undef RWORD
    } else {
        DPRINTF("Command sent\n");
        s->status |= PL181_STATUS_CMDSENT;
    }
    return;

error:
    DPRINTF("Timeout\n");
    s->status |= PL181_STATUS_CMDTIMEOUT;
}

/* Transfer data between the card and the FIFO.  This is complicated by
   the FIFO holding 32-bit words and the card taking data in single byte
   chunks.  FIFO bytes are transferred in little-endian order.  */

static void pl181_fifo_run(pl181_state *s)
{
    uint32_t bits;
    uint32_t value = 0;
    int n;
    int is_read;

    is_read = (s->datactrl & PL181_DATA_DIRECTION) != 0;
    if (s->datacnt != 0 && (!is_read || sd_data_ready(s->card))
            && !s->linux_hack) {
        if (is_read) {
            n = 0;
            while (s->datacnt && s->fifo_len < PL181_FIFO_LEN) {
                value |= (uint32_t)sd_read_data(s->card) << (n * 8);
                s->datacnt--;
                n++;
                if (n == 4) {
                    pl181_fifo_push(s, value);
                    n = 0;
                    value = 0;
                }
            }
            if (n != 0) {
                pl181_fifo_push(s, value);
            }
        } else { /* write */
            n = 0;
            while (s->datacnt > 0 && (s->fifo_len > 0 || n > 0)) {
                if (n == 0) {
                    value = pl181_fifo_pop(s);
                    n = 4;
                }
                n--;
                s->datacnt--;
                sd_write_data(s->card, value & 0xff);
                value >>= 8;
            }
        }
    }
    s->status &= ~(PL181_STATUS_RX_FIFO | PL181_STATUS_TX_FIFO);
    if (s->datacnt == 0) {
        s->status |= PL181_STATUS_DATAEND;
        /* HACK: */
        s->status |= PL181_STATUS_DATABLOCKEND;
        DPRINTF("Transfer Complete\n");
    }
    if (s->datacnt == 0 && s->fifo_len == 0) {
        s->datactrl &= ~PL181_DATA_ENABLE;
        DPRINTF("Data engine idle\n");
    } else {
        /* Update FIFO bits.  */
        bits = PL181_STATUS_TXACTIVE | PL181_STATUS_RXACTIVE;
        if (s->fifo_len == 0) {
            bits |= PL181_STATUS_TXFIFOEMPTY;
            bits |= PL181_STATUS_RXFIFOEMPTY;
        } else {
            bits |= PL181_STATUS_TXDATAAVLBL;
            bits |= PL181_STATUS_RXDATAAVLBL;
        }
        if (s->fifo_len == 16) {
            bits |= PL181_STATUS_TXFIFOFULL;
            bits |= PL181_STATUS_RXFIFOFULL;
        }
        if (s->fifo_len <= 8) {
            bits |= PL181_STATUS_TXFIFOHALFEMPTY;
        }
        if (s->fifo_len >= 8) {
            bits |= PL181_STATUS_RXFIFOHALFFULL;
        }
        if (s->datactrl & PL181_DATA_DIRECTION) {
            bits &= PL181_STATUS_RX_FIFO;
        } else {
            bits &= PL181_STATUS_TX_FIFO;
        }
        s->status |= bits;
    }
}

static uint64_t pl181_read(void *opaque, hwaddr offset,
                           unsigned size)
{
    pl181_state *s = (pl181_state *)opaque;
    uint32_t tmp;

    if (offset >= 0xfe0 && offset < 0x1000) {
        return pl181_id[(offset - 0xfe0) >> 2];
    }
    switch (offset) {
    case 0x00: /* Power */
        return s->power;
    case 0x04: /* Clock */
        return s->clock;
    case 0x08: /* Argument */
        return s->cmdarg;
    case 0x0c: /* Command */
        return s->cmd;
    case 0x10: /* RespCmd */
        return s->respcmd;
    case 0x14: /* Response0 */
        return s->response[0];
    case 0x18: /* Response1 */
        return s->response[1];
    case 0x1c: /* Response2 */
        return s->response[2];
    case 0x20: /* Response3 */
        return s->response[3];
    case 0x24: /* DataTimer */
        return s->datatimer;
    case 0x28: /* DataLength */
        return s->datalength;
    case 0x2c: /* DataCtrl */
        return s->datactrl;
    case 0x30: /* DataCnt */
        return s->datacnt;
    case 0x34: /* Status */
        tmp = s->status;
        if (s->linux_hack) {
            s->linux_hack = 0;
            pl181_fifo_run(s);
            pl181_update(s);
        }
        return tmp;
    case 0x3c: /* Mask0 */
        return s->mask[0];
    case 0x40: /* Mask1 */
        return s->mask[1];
    case 0x48: /* FifoCnt */
        /* The documentation is somewhat vague about exactly what FifoCnt
           does.  On real hardware it appears to be when decrememnted
           when a word is transferred between the FIFO and the serial
           data engine.  DataCnt is decremented after each byte is
           transferred between the serial engine and the card.
           We don't emulate this level of detail, so both can be the same.  */
        tmp = (s->datacnt + 3) >> 2;
        if (s->linux_hack) {
            s->linux_hack = 0;
            pl181_fifo_run(s);
            pl181_update(s);
        }
        return tmp;
    case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
    case 0x90: case 0x94: case 0x98: case 0x9c:
    case 0xa0: case 0xa4: case 0xa8: case 0xac:
    case 0xb0: case 0xb4: case 0xb8: case 0xbc:
        if (s->fifo_len == 0) {
            qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO read\n");
            return 0;
        } else {
            uint32_t value;
            value = pl181_fifo_pop(s);
            s->linux_hack = 1;
            pl181_fifo_run(s);
            pl181_update(s);
            return value;
        }
    default:
        qemu_log_mask(LOG_GUEST_ERROR,
                      "pl181_read: Bad offset %x\n", (int)offset);
        return 0;
    }
}

static void pl181_write(void *opaque, hwaddr offset,
                        uint64_t value, unsigned size)
{
    pl181_state *s = (pl181_state *)opaque;

    switch (offset) {
    case 0x00: /* Power */
        s->power = value & 0xff;
        break;
    case 0x04: /* Clock */
        s->clock = value & 0xff;
        break;
    case 0x08: /* Argument */
        s->cmdarg = value;
        break;
    case 0x0c: /* Command */
        s->cmd = value;
        if (s->cmd & PL181_CMD_ENABLE) {
            if (s->cmd & PL181_CMD_INTERRUPT) {
                qemu_log_mask(LOG_UNIMP,
                              "pl181: Interrupt mode not implemented\n");
            } if (s->cmd & PL181_CMD_PENDING) {
                qemu_log_mask(LOG_UNIMP,
                              "pl181: Pending commands not implemented\n");
            } else {
                pl181_send_command(s);
                pl181_fifo_run(s);
            }
            /* The command has completed one way or the other.  */
            s->cmd &= ~PL181_CMD_ENABLE;
        }
        break;
    case 0x24: /* DataTimer */
        s->datatimer = value;
        break;
    case 0x28: /* DataLength */
        s->datalength = value & 0xffff;
        break;
    case 0x2c: /* DataCtrl */
        s->datactrl = value & 0xff;
        if (value & PL181_DATA_ENABLE) {
            s->datacnt = s->datalength;
            pl181_fifo_run(s);
        }
        break;
    case 0x38: /* Clear */
        s->status &= ~(value & 0x7ff);
        break;
    case 0x3c: /* Mask0 */
        s->mask[0] = value;
        break;
    case 0x40: /* Mask1 */
        s->mask[1] = value;
        break;
    case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
    case 0x90: case 0x94: case 0x98: case 0x9c:
    case 0xa0: case 0xa4: case 0xa8: case 0xac:
    case 0xb0: case 0xb4: case 0xb8: case 0xbc:
        if (s->datacnt == 0) {
            qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO write\n");
        } else {
            pl181_fifo_push(s, value);
            pl181_fifo_run(s);
        }
        break;
    default:
        qemu_log_mask(LOG_GUEST_ERROR,
                      "pl181_write: Bad offset %x\n", (int)offset);
    }
    pl181_update(s);
}

static const MemoryRegionOps pl181_ops = {
    .read = pl181_read,
    .write = pl181_write,
    .endianness = DEVICE_NATIVE_ENDIAN,
};

static void pl181_reset(DeviceState *d)
{
    pl181_state *s = DO_UPCAST(pl181_state, busdev.qdev, d);

    s->power = 0;
    s->cmdarg = 0;
    s->cmd = 0;
    s->datatimer = 0;
    s->datalength = 0;
    s->respcmd = 0;
    s->response[0] = 0;
    s->response[1] = 0;
    s->response[2] = 0;
    s->response[3] = 0;
    s->datatimer = 0;
    s->datalength = 0;
    s->datactrl = 0;
    s->datacnt = 0;
    s->status = 0;
    s->linux_hack = 0;
    s->mask[0] = 0;
    s->mask[1] = 0;

    /* We can assume our GPIO outputs have been wired up now */
    sd_set_cb(s->card, s->cardstatus[0], s->cardstatus[1]);
}

static int pl181_init(SysBusDevice *dev)
{
    pl181_state *s = FROM_SYSBUS(pl181_state, dev);
    DriveInfo *dinfo;

    memory_region_init_io(&s->iomem, OBJECT(s), &pl181_ops, s, "pl181", 0x1000);
    sysbus_init_mmio(dev, &s->iomem);
    sysbus_init_irq(dev, &s->irq[0]);
    sysbus_init_irq(dev, &s->irq[1]);
    qdev_init_gpio_out(&s->busdev.qdev, s->cardstatus, 2);
    dinfo = drive_get_next(IF_SD);
    s->card = sd_init(dinfo ? dinfo->bdrv : NULL, false);
    return 0;
}

static void pl181_class_init(ObjectClass *klass, void *data)
{
    SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
    DeviceClass *k = DEVICE_CLASS(klass);

    sdc->init = pl181_init;
    k->vmsd = &vmstate_pl181;
    k->reset = pl181_reset;
    k->no_user = 1;
}

static const TypeInfo pl181_info = {
    .name          = "pl181",
    .parent        = TYPE_SYS_BUS_DEVICE,
    .instance_size = sizeof(pl181_state),
    .class_init    = pl181_class_init,
};

static void pl181_register_types(void)
{
    type_register_static(&pl181_info);
}

type_init(pl181_register_types)
Commit	Line	Data
5fafdf24	1	/*
a1bb27b1 PB	2	* Arm PrimeCell PL181 MultiMedia Card Interface
	3	*
	4	* Copyright (c) 2007 CodeSourcery.
	5	* Written by Paul Brook
	6	*
8e31bf38	7	* This code is licensed under the GPL.
a1bb27b1 PB	8	*/
a1bb27b1 PB	9
9c17d615	10	#include "sysemu/blockdev.h"
83c9f4ca PB	11	#include "hw/sysbus.h"
83c9f4ca PB	12	#include "hw/sd.h"
a1bb27b1 PB	13
	14	//#define DEBUG_PL181 1
	15
	16	#ifdef DEBUG_PL181
001faf32 BS	17	#define DPRINTF(fmt, ...) \
001faf32 BS	18	do { printf("pl181: " fmt , ## __VA_ARGS__); } while (0)
a1bb27b1	19	#else
001faf32	20	#define DPRINTF(fmt, ...) do {} while(0)
a1bb27b1 PB	21	#endif
	22
	23	#define PL181_FIFO_LEN 16
	24
	25	typedef struct {
aa9311d8	26	SysBusDevice busdev;
ca45842a	27	MemoryRegion iomem;
42a10898	28	SDState *card;
a1bb27b1 PB	29	uint32_t clock;
	30	uint32_t power;
	31	uint32_t cmdarg;
	32	uint32_t cmd;
	33	uint32_t datatimer;
	34	uint32_t datalength;
	35	uint32_t respcmd;
	36	uint32_t response[4];
	37	uint32_t datactrl;
	38	uint32_t datacnt;
	39	uint32_t status;
	40	uint32_t mask[2];
624923be PM	41	int32_t fifo_pos;
624923be PM	42	int32_t fifo_len;
6361cdb6 PB	43	/* The linux 2.6.21 driver is buggy, and misbehaves if new data arrives
	44	while it is reading the FIFO. We hack around this be defering
	45	subsequent transfers until after the driver polls the status word.
	46	http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=4446/1
	47	*/
624923be	48	int32_t linux_hack;
a1bb27b1	49	uint32_t fifo[PL181_FIFO_LEN];
d537cf6c	50	qemu_irq irq[2];
c31a4724 PM	51	/* GPIO outputs for 'card is readonly' and 'card inserted' */
c31a4724 PM	52	qemu_irq cardstatus[2];
a1bb27b1 PB	53	} pl181_state;
a1bb27b1 PB	54
624923be PM	55	static const VMStateDescription vmstate_pl181 = {
	56	.name = "pl181",
	57	.version_id = 1,
	58	.minimum_version_id = 1,
	59	.fields = (VMStateField[]) {
	60	VMSTATE_UINT32(clock, pl181_state),
	61	VMSTATE_UINT32(power, pl181_state),
	62	VMSTATE_UINT32(cmdarg, pl181_state),
	63	VMSTATE_UINT32(cmd, pl181_state),
	64	VMSTATE_UINT32(datatimer, pl181_state),
	65	VMSTATE_UINT32(datalength, pl181_state),
	66	VMSTATE_UINT32(respcmd, pl181_state),
	67	VMSTATE_UINT32_ARRAY(response, pl181_state, 4),
	68	VMSTATE_UINT32(datactrl, pl181_state),
	69	VMSTATE_UINT32(datacnt, pl181_state),
	70	VMSTATE_UINT32(status, pl181_state),
	71	VMSTATE_UINT32_ARRAY(mask, pl181_state, 2),
	72	VMSTATE_INT32(fifo_pos, pl181_state),
	73	VMSTATE_INT32(fifo_len, pl181_state),
	74	VMSTATE_INT32(linux_hack, pl181_state),
	75	VMSTATE_UINT32_ARRAY(fifo, pl181_state, PL181_FIFO_LEN),
	76	VMSTATE_END_OF_LIST()
	77	}
	78	};
	79
a1bb27b1 PB	80	#define PL181_CMD_INDEX 0x3f
	81	#define PL181_CMD_RESPONSE (1 << 6)
	82	#define PL181_CMD_LONGRESP (1 << 7)
	83	#define PL181_CMD_INTERRUPT (1 << 8)
	84	#define PL181_CMD_PENDING (1 << 9)
	85	#define PL181_CMD_ENABLE (1 << 10)
	86
	87	#define PL181_DATA_ENABLE (1 << 0)
	88	#define PL181_DATA_DIRECTION (1 << 1)
	89	#define PL181_DATA_MODE (1 << 2)
	90	#define PL181_DATA_DMAENABLE (1 << 3)
	91
	92	#define PL181_STATUS_CMDCRCFAIL (1 << 0)
	93	#define PL181_STATUS_DATACRCFAIL (1 << 1)
	94	#define PL181_STATUS_CMDTIMEOUT (1 << 2)
	95	#define PL181_STATUS_DATATIMEOUT (1 << 3)
	96	#define PL181_STATUS_TXUNDERRUN (1 << 4)
	97	#define PL181_STATUS_RXOVERRUN (1 << 5)
	98	#define PL181_STATUS_CMDRESPEND (1 << 6)
	99	#define PL181_STATUS_CMDSENT (1 << 7)
	100	#define PL181_STATUS_DATAEND (1 << 8)
	101	#define PL181_STATUS_DATABLOCKEND (1 << 10)
	102	#define PL181_STATUS_CMDACTIVE (1 << 11)
	103	#define PL181_STATUS_TXACTIVE (1 << 12)
	104	#define PL181_STATUS_RXACTIVE (1 << 13)
	105	#define PL181_STATUS_TXFIFOHALFEMPTY (1 << 14)
	106	#define PL181_STATUS_RXFIFOHALFFULL (1 << 15)
	107	#define PL181_STATUS_TXFIFOFULL (1 << 16)
	108	#define PL181_STATUS_RXFIFOFULL (1 << 17)
	109	#define PL181_STATUS_TXFIFOEMPTY (1 << 18)
	110	#define PL181_STATUS_RXFIFOEMPTY (1 << 19)
	111	#define PL181_STATUS_TXDATAAVLBL (1 << 20)
	112	#define PL181_STATUS_RXDATAAVLBL (1 << 21)
	113
	114	#define PL181_STATUS_TX_FIFO (PL181_STATUS_TXACTIVE \
	115	\|PL181_STATUS_TXFIFOHALFEMPTY \
	116	\|PL181_STATUS_TXFIFOFULL \
	117	\|PL181_STATUS_TXFIFOEMPTY \
	118	\|PL181_STATUS_TXDATAAVLBL)
	119	#define PL181_STATUS_RX_FIFO (PL181_STATUS_RXACTIVE \
	120	\|PL181_STATUS_RXFIFOHALFFULL \
	121	\|PL181_STATUS_RXFIFOFULL \
	122	\|PL181_STATUS_RXFIFOEMPTY \
	123	\|PL181_STATUS_RXDATAAVLBL)
	124
	125	static const unsigned char pl181_id[] =
	126	{ 0x81, 0x11, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
	127
	128	static void pl181_update(pl181_state *s)
	129	{
	130	int i;
	131	for (i = 0; i < 2; i++) {
d537cf6c	132	qemu_set_irq(s->irq[i], (s->status & s->mask[i]) != 0);
a1bb27b1 PB	133	}
	134	}
	135
	136	static void pl181_fifo_push(pl181_state *s, uint32_t value)
	137	{
	138	int n;
	139
	140	if (s->fifo_len == PL181_FIFO_LEN) {
	141	fprintf(stderr, "pl181: FIFO overflow\n");
	142	return;
	143	}
	144	n = (s->fifo_pos + s->fifo_len) & (PL181_FIFO_LEN - 1);
	145	s->fifo_len++;
	146	s->fifo[n] = value;
	147	DPRINTF("FIFO push %08x\n", (int)value);
	148	}
	149
	150	static uint32_t pl181_fifo_pop(pl181_state *s)
	151	{
	152	uint32_t value;
	153
	154	if (s->fifo_len == 0) {
	155	fprintf(stderr, "pl181: FIFO underflow\n");
	156	return 0;
	157	}
	158	value = s->fifo[s->fifo_pos];
	159	s->fifo_len--;
	160	s->fifo_pos = (s->fifo_pos + 1) & (PL181_FIFO_LEN - 1);
	161	DPRINTF("FIFO pop %08x\n", (int)value);
	162	return value;
	163	}
	164
	165	static void pl181_send_command(pl181_state *s)
	166	{
bc24a225	167	SDRequest request;
a1bb27b1 PB	168	uint8_t response[16];
	169	int rlen;
	170
	171	request.cmd = s->cmd & PL181_CMD_INDEX;
	172	request.arg = s->cmdarg;
	173	DPRINTF("Command %d %08x\n", request.cmd, request.arg);
	174	rlen = sd_do_command(s->card, &request, response);
	175	if (rlen < 0)
	176	goto error;
	177	if (s->cmd & PL181_CMD_RESPONSE) {
8827b0fb	178	#define RWORD(n) (((uint32_t)response[n] << 24) \| (response[n + 1] << 16) \
a1bb27b1 PB	179	\| (response[n + 2] << 8) \| response[n + 3])
	180	if (rlen == 0 \|\| (rlen == 4 && (s->cmd & PL181_CMD_LONGRESP)))
	181	goto error;
	182	if (rlen != 4 && rlen != 16)
	183	goto error;
	184	s->response[0] = RWORD(0);
	185	if (rlen == 4) {
	186	s->response[1] = s->response[2] = s->response[3] = 0;
	187	} else {
	188	s->response[1] = RWORD(4);
	189	s->response[2] = RWORD(8);
	190	s->response[3] = RWORD(12) & ~1;
	191	}
aa1f17c1	192	DPRINTF("Response received\n");
a1bb27b1 PB	193	s->status \|= PL181_STATUS_CMDRESPEND;
	194	#undef RWORD
	195	} else {
	196	DPRINTF("Command sent\n");
	197	s->status \|= PL181_STATUS_CMDSENT;
	198	}
	199	return;
	200
	201	error:
	202	DPRINTF("Timeout\n");
	203	s->status \|= PL181_STATUS_CMDTIMEOUT;
	204	}
	205
aa1f17c1	206	/* Transfer data between the card and the FIFO. This is complicated by
a1bb27b1 PB	207	the FIFO holding 32-bit words and the card taking data in single byte
a1bb27b1 PB	208	chunks. FIFO bytes are transferred in little-endian order. */
3b46e624	209
a1bb27b1 PB	210	static void pl181_fifo_run(pl181_state *s)
	211	{
	212	uint32_t bits;
f21126df	213	uint32_t value = 0;
a1bb27b1	214	int n;
a1bb27b1 PB	215	int is_read;
	216
	217	is_read = (s->datactrl & PL181_DATA_DIRECTION) != 0;
6361cdb6 PB	218	if (s->datacnt != 0 && (!is_read \|\| sd_data_ready(s->card))
6361cdb6 PB	219	&& !s->linux_hack) {
bc3b26f5 PB	220	if (is_read) {
bc3b26f5 PB	221	n = 0;
bc3b26f5	222	while (s->datacnt && s->fifo_len < PL181_FIFO_LEN) {
a1bb27b1	223	value \|= (uint32_t)sd_read_data(s->card) << (n * 8);
bc3b26f5	224	s->datacnt--;
a1bb27b1 PB	225	n++;
	226	if (n == 4) {
	227	pl181_fifo_push(s, value);
a1bb27b1	228	n = 0;
bc3b26f5	229	value = 0;
a1bb27b1	230	}
bc3b26f5 PB	231	}
	232	if (n != 0) {
	233	pl181_fifo_push(s, value);
	234	}
	235	} else { /* write */
	236	n = 0;
	237	while (s->datacnt > 0 && (s->fifo_len > 0 \|\| n > 0)) {
a1bb27b1 PB	238	if (n == 0) {
	239	value = pl181_fifo_pop(s);
	240	n = 4;
	241	}
bc3b26f5 PB	242	n--;
bc3b26f5 PB	243	s->datacnt--;
a1bb27b1 PB	244	sd_write_data(s->card, value & 0xff);
a1bb27b1 PB	245	value >>= 8;
a1bb27b1	246	}
a1bb27b1 PB	247	}
	248	}
	249	s->status &= ~(PL181_STATUS_RX_FIFO \| PL181_STATUS_TX_FIFO);
	250	if (s->datacnt == 0) {
	251	s->status \|= PL181_STATUS_DATAEND;
	252	/* HACK: */
	253	s->status \|= PL181_STATUS_DATABLOCKEND;
	254	DPRINTF("Transfer Complete\n");
	255	}
6361cdb6	256	if (s->datacnt == 0 && s->fifo_len == 0) {
a1bb27b1 PB	257	s->datactrl &= ~PL181_DATA_ENABLE;
	258	DPRINTF("Data engine idle\n");
	259	} else {
	260	/* Update FIFO bits. */
	261	bits = PL181_STATUS_TXACTIVE \| PL181_STATUS_RXACTIVE;
	262	if (s->fifo_len == 0) {
	263	bits \|= PL181_STATUS_TXFIFOEMPTY;
	264	bits \|= PL181_STATUS_RXFIFOEMPTY;
	265	} else {
	266	bits \|= PL181_STATUS_TXDATAAVLBL;
	267	bits \|= PL181_STATUS_RXDATAAVLBL;
	268	}
	269	if (s->fifo_len == 16) {
	270	bits \|= PL181_STATUS_TXFIFOFULL;
	271	bits \|= PL181_STATUS_RXFIFOFULL;
	272	}
	273	if (s->fifo_len <= 8) {
	274	bits \|= PL181_STATUS_TXFIFOHALFEMPTY;
	275	}
	276	if (s->fifo_len >= 8) {
	277	bits \|= PL181_STATUS_RXFIFOHALFFULL;
	278	}
	279	if (s->datactrl & PL181_DATA_DIRECTION) {
	280	bits &= PL181_STATUS_RX_FIFO;
	281	} else {
	282	bits &= PL181_STATUS_TX_FIFO;
	283	}
	284	s->status \|= bits;
	285	}
	286	}
	287
a8170e5e	288	static uint64_t pl181_read(void *opaque, hwaddr offset,
ca45842a	289	unsigned size)
a1bb27b1 PB	290	{
a1bb27b1 PB	291	pl181_state s = (pl181_state )opaque;
6361cdb6	292	uint32_t tmp;
a1bb27b1	293
a1bb27b1 PB	294	if (offset >= 0xfe0 && offset < 0x1000) {
	295	return pl181_id[(offset - 0xfe0) >> 2];
	296	}
	297	switch (offset) {
	298	case 0x00: /* Power */
	299	return s->power;
	300	case 0x04: /* Clock */
	301	return s->clock;
	302	case 0x08: /* Argument */
	303	return s->cmdarg;
	304	case 0x0c: /* Command */
	305	return s->cmd;
	306	case 0x10: /* RespCmd */
	307	return s->respcmd;
	308	case 0x14: /* Response0 */
	309	return s->response[0];
	310	case 0x18: /* Response1 */
	311	return s->response[1];
	312	case 0x1c: /* Response2 */
	313	return s->response[2];
	314	case 0x20: /* Response3 */
	315	return s->response[3];
	316	case 0x24: /* DataTimer */
	317	return s->datatimer;
	318	case 0x28: /* DataLength */
	319	return s->datalength;
	320	case 0x2c: /* DataCtrl */
	321	return s->datactrl;
	322	case 0x30: /* DataCnt */
	323	return s->datacnt;
	324	case 0x34: /* Status */
6361cdb6 PB	325	tmp = s->status;
	326	if (s->linux_hack) {
	327	s->linux_hack = 0;
	328	pl181_fifo_run(s);
	329	pl181_update(s);
	330	}
	331	return tmp;
a1bb27b1 PB	332	case 0x3c: /* Mask0 */
	333	return s->mask[0];
	334	case 0x40: /* Mask1 */
	335	return s->mask[1];
	336	case 0x48: /* FifoCnt */
6361cdb6 PB	337	/* The documentation is somewhat vague about exactly what FifoCnt
6361cdb6 PB	338	does. On real hardware it appears to be when decrememnted
66a0a2cb	339	when a word is transferred between the FIFO and the serial
6361cdb6	340	data engine. DataCnt is decremented after each byte is
66a0a2cb	341	transferred between the serial engine and the card.
6361cdb6 PB	342	We don't emulate this level of detail, so both can be the same. */
	343	tmp = (s->datacnt + 3) >> 2;
	344	if (s->linux_hack) {
	345	s->linux_hack = 0;
	346	pl181_fifo_run(s);
	347	pl181_update(s);
	348	}
	349	return tmp;
a1bb27b1 PB	350	case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
	351	case 0x90: case 0x94: case 0x98: case 0x9c:
	352	case 0xa0: case 0xa4: case 0xa8: case 0xac:
	353	case 0xb0: case 0xb4: case 0xb8: case 0xbc:
6361cdb6	354	if (s->fifo_len == 0) {
9351d708	355	qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO read\n");
a1bb27b1 PB	356	return 0;
	357	} else {
	358	uint32_t value;
a1bb27b1	359	value = pl181_fifo_pop(s);
6361cdb6	360	s->linux_hack = 1;
a1bb27b1 PB	361	pl181_fifo_run(s);
	362	pl181_update(s);
	363	return value;
	364	}
	365	default:
9351d708 PM	366	qemu_log_mask(LOG_GUEST_ERROR,
9351d708 PM	367	"pl181_read: Bad offset %x\n", (int)offset);
a1bb27b1 PB	368	return 0;
	369	}
	370	}
	371
a8170e5e	372	static void pl181_write(void *opaque, hwaddr offset,
ca45842a	373	uint64_t value, unsigned size)
a1bb27b1 PB	374	{
	375	pl181_state s = (pl181_state )opaque;
	376
a1bb27b1 PB	377	switch (offset) {
	378	case 0x00: /* Power */
	379	s->power = value & 0xff;
	380	break;
	381	case 0x04: /* Clock */
	382	s->clock = value & 0xff;
	383	break;
	384	case 0x08: /* Argument */
	385	s->cmdarg = value;
	386	break;
	387	case 0x0c: /* Command */
	388	s->cmd = value;
	389	if (s->cmd & PL181_CMD_ENABLE) {
	390	if (s->cmd & PL181_CMD_INTERRUPT) {
9351d708 PM	391	qemu_log_mask(LOG_UNIMP,
9351d708 PM	392	"pl181: Interrupt mode not implemented\n");
a1bb27b1	393	} if (s->cmd & PL181_CMD_PENDING) {
9351d708 PM	394	qemu_log_mask(LOG_UNIMP,
9351d708 PM	395	"pl181: Pending commands not implemented\n");
a1bb27b1 PB	396	} else {
	397	pl181_send_command(s);
	398	pl181_fifo_run(s);
	399	}
	400	/* The command has completed one way or the other. */
	401	s->cmd &= ~PL181_CMD_ENABLE;
	402	}
	403	break;
	404	case 0x24: /* DataTimer */
	405	s->datatimer = value;
	406	break;
	407	case 0x28: /* DataLength */
	408	s->datalength = value & 0xffff;
	409	break;
	410	case 0x2c: /* DataCtrl */
	411	s->datactrl = value & 0xff;
	412	if (value & PL181_DATA_ENABLE) {
	413	s->datacnt = s->datalength;
a1bb27b1 PB	414	pl181_fifo_run(s);
	415	}
	416	break;
	417	case 0x38: /* Clear */
	418	s->status &= ~(value & 0x7ff);
	419	break;
	420	case 0x3c: /* Mask0 */
	421	s->mask[0] = value;
	422	break;
	423	case 0x40: /* Mask1 */
	424	s->mask[1] = value;
	425	break;
	426	case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
	427	case 0x90: case 0x94: case 0x98: case 0x9c:
	428	case 0xa0: case 0xa4: case 0xa8: case 0xac:
	429	case 0xb0: case 0xb4: case 0xb8: case 0xbc:
6361cdb6	430	if (s->datacnt == 0) {
9351d708	431	qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO write\n");
a1bb27b1	432	} else {
a1bb27b1 PB	433	pl181_fifo_push(s, value);
	434	pl181_fifo_run(s);
	435	}
	436	break;
	437	default:
9351d708 PM	438	qemu_log_mask(LOG_GUEST_ERROR,
9351d708 PM	439	"pl181_write: Bad offset %x\n", (int)offset);
a1bb27b1 PB	440	}
	441	pl181_update(s);
	442	}
	443
ca45842a AK	444	static const MemoryRegionOps pl181_ops = {
	445	.read = pl181_read,
	446	.write = pl181_write,
	447	.endianness = DEVICE_NATIVE_ENDIAN,
a1bb27b1 PB	448	};
a1bb27b1 PB	449
624923be	450	static void pl181_reset(DeviceState *d)
a1bb27b1	451	{
624923be	452	pl181_state *s = DO_UPCAST(pl181_state, busdev.qdev, d);
a1bb27b1 PB	453
	454	s->power = 0;
	455	s->cmdarg = 0;
	456	s->cmd = 0;
	457	s->datatimer = 0;
	458	s->datalength = 0;
	459	s->respcmd = 0;
	460	s->response[0] = 0;
	461	s->response[1] = 0;
	462	s->response[2] = 0;
	463	s->response[3] = 0;
	464	s->datatimer = 0;
	465	s->datalength = 0;
	466	s->datactrl = 0;
	467	s->datacnt = 0;
	468	s->status = 0;
6361cdb6	469	s->linux_hack = 0;
a1bb27b1 PB	470	s->mask[0] = 0;
a1bb27b1 PB	471	s->mask[1] = 0;
c31a4724 PM	472
	473	/* We can assume our GPIO outputs have been wired up now */
	474	sd_set_cb(s->card, s->cardstatus[0], s->cardstatus[1]);
a1bb27b1 PB	475	}
a1bb27b1 PB	476
81a322d4	477	static int pl181_init(SysBusDevice *dev)
a1bb27b1	478	{
aa9311d8	479	pl181_state *s = FROM_SYSBUS(pl181_state, dev);
13839974	480	DriveInfo *dinfo;
a1bb27b1	481
29776739	482	memory_region_init_io(&s->iomem, OBJECT(s), &pl181_ops, s, "pl181", 0x1000);
750ecd44	483	sysbus_init_mmio(dev, &s->iomem);
aa9311d8 PB	484	sysbus_init_irq(dev, &s->irq[0]);
aa9311d8 PB	485	sysbus_init_irq(dev, &s->irq[1]);
c31a4724	486	qdev_init_gpio_out(&s->busdev.qdev, s->cardstatus, 2);
13839974	487	dinfo = drive_get_next(IF_SD);
6790f59d	488	s->card = sd_init(dinfo ? dinfo->bdrv : NULL, false);
81a322d4	489	return 0;
a1bb27b1	490	}
aa9311d8	491
999e12bb AL	492	static void pl181_class_init(ObjectClass klass, void data)
	493	{
	494	SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
39bffca2	495	DeviceClass *k = DEVICE_CLASS(klass);
999e12bb AL	496
999e12bb AL	497	sdc->init = pl181_init;
39bffca2 AL	498	k->vmsd = &vmstate_pl181;
	499	k->reset = pl181_reset;
	500	k->no_user = 1;
999e12bb AL	501	}
999e12bb AL	502
8c43a6f0	503	static const TypeInfo pl181_info = {
39bffca2 AL	504	.name = "pl181",
	505	.parent = TYPE_SYS_BUS_DEVICE,
	506	.instance_size = sizeof(pl181_state),
	507	.class_init = pl181_class_init,
624923be PM	508	};
624923be PM	509
83f7d43a	510	static void pl181_register_types(void)
aa9311d8	511	{
39bffca2	512	type_register_static(&pl181_info);
aa9311d8 PB	513	}
aa9311d8 PB	514
83f7d43a	515	type_init(pl181_register_types)