[qemu.git] / hw / sd / pl181.c

/*
 * Arm PrimeCell PL181 MultiMedia Card Interface
 *
 * Copyright (c) 2007 CodeSourcery.
 * Written by Paul Brook
 *
 * This code is licensed under the GPL.
 */

#include "qemu/osdep.h"
#include "sysemu/blockdev.h"
#include "hw/sysbus.h"
#include "hw/sd/sd.h"
#include "qemu/log.h"
#include "qapi/error.h"

//#define DEBUG_PL181 1

#ifdef DEBUG_PL181
#define DPRINTF(fmt, ...) \
do { printf("pl181: " fmt , ## __VA_ARGS__); } while (0)
#else
#define DPRINTF(fmt, ...) do {} while(0)
#endif

#define PL181_FIFO_LEN 16

#define TYPE_PL181 "pl181"
#define PL181(obj) OBJECT_CHECK(PL181State, (obj), TYPE_PL181)

typedef struct PL181State {
    SysBusDevice parent_obj;

    MemoryRegion iomem;
    SDState *card;
    uint32_t clock;
    uint32_t power;
    uint32_t cmdarg;
    uint32_t cmd;
    uint32_t datatimer;
    uint32_t datalength;
    uint32_t respcmd;
    uint32_t response[4];
    uint32_t datactrl;
    uint32_t datacnt;
    uint32_t status;
    uint32_t mask[2];
    int32_t fifo_pos;
    int32_t fifo_len;
    /* The linux 2.6.21 driver is buggy, and misbehaves if new data arrives
       while it is reading the FIFO.  We hack around this by deferring
       subsequent transfers until after the driver polls the status word.
       http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=4446/1
     */
    int32_t linux_hack;
    uint32_t fifo[PL181_FIFO_LEN];
    qemu_irq irq[2];
    /* GPIO outputs for 'card is readonly' and 'card inserted' */
    qemu_irq cardstatus[2];
} PL181State;

static const VMStateDescription vmstate_pl181 = {
    .name = "pl181",
    .version_id = 1,
    .minimum_version_id = 1,
    .fields = (VMStateField[]) {
        VMSTATE_UINT32(clock, PL181State),
        VMSTATE_UINT32(power, PL181State),
        VMSTATE_UINT32(cmdarg, PL181State),
        VMSTATE_UINT32(cmd, PL181State),
        VMSTATE_UINT32(datatimer, PL181State),
        VMSTATE_UINT32(datalength, PL181State),
        VMSTATE_UINT32(respcmd, PL181State),
        VMSTATE_UINT32_ARRAY(response, PL181State, 4),
        VMSTATE_UINT32(datactrl, PL181State),
        VMSTATE_UINT32(datacnt, PL181State),
        VMSTATE_UINT32(status, PL181State),
        VMSTATE_UINT32_ARRAY(mask, PL181State, 2),
        VMSTATE_INT32(fifo_pos, PL181State),
        VMSTATE_INT32(fifo_len, PL181State),
        VMSTATE_INT32(linux_hack, PL181State),
        VMSTATE_UINT32_ARRAY(fifo, PL181State, PL181_FIFO_LEN),
        VMSTATE_END_OF_LIST()
    }
};

#define PL181_CMD_INDEX     0x3f
#define PL181_CMD_RESPONSE  (1 << 6)
#define PL181_CMD_LONGRESP  (1 << 7)
#define PL181_CMD_INTERRUPT (1 << 8)
#define PL181_CMD_PENDING   (1 << 9)
#define PL181_CMD_ENABLE    (1 << 10)

#define PL181_DATA_ENABLE             (1 << 0)
#define PL181_DATA_DIRECTION          (1 << 1)
#define PL181_DATA_MODE               (1 << 2)
#define PL181_DATA_DMAENABLE          (1 << 3)

#define PL181_STATUS_CMDCRCFAIL       (1 << 0)
#define PL181_STATUS_DATACRCFAIL      (1 << 1)
#define PL181_STATUS_CMDTIMEOUT       (1 << 2)
#define PL181_STATUS_DATATIMEOUT      (1 << 3)
#define PL181_STATUS_TXUNDERRUN       (1 << 4)
#define PL181_STATUS_RXOVERRUN        (1 << 5)
#define PL181_STATUS_CMDRESPEND       (1 << 6)
#define PL181_STATUS_CMDSENT          (1 << 7)
#define PL181_STATUS_DATAEND          (1 << 8)
#define PL181_STATUS_DATABLOCKEND     (1 << 10)
#define PL181_STATUS_CMDACTIVE        (1 << 11)
#define PL181_STATUS_TXACTIVE         (1 << 12)
#define PL181_STATUS_RXACTIVE         (1 << 13)
#define PL181_STATUS_TXFIFOHALFEMPTY  (1 << 14)
#define PL181_STATUS_RXFIFOHALFFULL   (1 << 15)
#define PL181_STATUS_TXFIFOFULL       (1 << 16)
#define PL181_STATUS_RXFIFOFULL       (1 << 17)
#define PL181_STATUS_TXFIFOEMPTY      (1 << 18)
#define PL181_STATUS_RXFIFOEMPTY      (1 << 19)
#define PL181_STATUS_TXDATAAVLBL      (1 << 20)
#define PL181_STATUS_RXDATAAVLBL      (1 << 21)

#define PL181_STATUS_TX_FIFO (PL181_STATUS_TXACTIVE \
                             |PL181_STATUS_TXFIFOHALFEMPTY \
                             |PL181_STATUS_TXFIFOFULL \
                             |PL181_STATUS_TXFIFOEMPTY \
                             |PL181_STATUS_TXDATAAVLBL)
#define PL181_STATUS_RX_FIFO (PL181_STATUS_RXACTIVE \
                             |PL181_STATUS_RXFIFOHALFFULL \
                             |PL181_STATUS_RXFIFOFULL \
                             |PL181_STATUS_RXFIFOEMPTY \
                             |PL181_STATUS_RXDATAAVLBL)

static const unsigned char pl181_id[] =
{ 0x81, 0x11, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };

static void pl181_update(PL181State *s)
{
    int i;
    for (i = 0; i < 2; i++) {
        qemu_set_irq(s->irq[i], (s->status & s->mask[i]) != 0);
    }
}

static void pl181_fifo_push(PL181State *s, uint32_t value)
{
    int n;

    if (s->fifo_len == PL181_FIFO_LEN) {
        fprintf(stderr, "pl181: FIFO overflow\n");
        return;
    }
    n = (s->fifo_pos + s->fifo_len) & (PL181_FIFO_LEN - 1);
    s->fifo_len++;
    s->fifo[n] = value;
    DPRINTF("FIFO push %08x\n", (int)value);
}

static uint32_t pl181_fifo_pop(PL181State *s)
{
    uint32_t value;

    if (s->fifo_len == 0) {
        fprintf(stderr, "pl181: FIFO underflow\n");
        return 0;
    }
    value = s->fifo[s->fifo_pos];
    s->fifo_len--;
    s->fifo_pos = (s->fifo_pos + 1) & (PL181_FIFO_LEN - 1);
    DPRINTF("FIFO pop %08x\n", (int)value);
    return value;
}

static void pl181_send_command(PL181State *s)
{
    SDRequest request;
    uint8_t response[16];
    int rlen;

    request.cmd = s->cmd & PL181_CMD_INDEX;
    request.arg = s->cmdarg;
    DPRINTF("Command %d %08x\n", request.cmd, request.arg);
    rlen = sd_do_command(s->card, &request, response);
    if (rlen < 0)
        goto error;
    if (s->cmd & PL181_CMD_RESPONSE) {
        if (rlen == 0 || (rlen == 4 && (s->cmd & PL181_CMD_LONGRESP)))
            goto error;
        if (rlen != 4 && rlen != 16)
            goto error;
        s->response[0] = ldl_be_p(&response[0]);
        if (rlen == 4) {
            s->response[1] = s->response[2] = s->response[3] = 0;
        } else {
            s->response[1] = ldl_be_p(&response[4]);
            s->response[2] = ldl_be_p(&response[8]);
            s->response[3] = ldl_be_p(&response[12]) & ~1;
        }
        DPRINTF("Response received\n");
        s->status |= PL181_STATUS_CMDRESPEND;
    } else {
        DPRINTF("Command sent\n");
        s->status |= PL181_STATUS_CMDSENT;
    }
    return;

error:
    DPRINTF("Timeout\n");
    s->status |= PL181_STATUS_CMDTIMEOUT;
}

/* Transfer data between the card and the FIFO.  This is complicated by
   the FIFO holding 32-bit words and the card taking data in single byte
   chunks.  FIFO bytes are transferred in little-endian order.  */

static void pl181_fifo_run(PL181State *s)
{
    uint32_t bits;
    uint32_t value = 0;
    int n;
    int is_read;

    is_read = (s->datactrl & PL181_DATA_DIRECTION) != 0;
    if (s->datacnt != 0 && (!is_read || sd_data_ready(s->card))
            && !s->linux_hack) {
        if (is_read) {
            n = 0;
            while (s->datacnt && s->fifo_len < PL181_FIFO_LEN) {
                value |= (uint32_t)sd_read_data(s->card) << (n * 8);
                s->datacnt--;
                n++;
                if (n == 4) {
                    pl181_fifo_push(s, value);
                    n = 0;
                    value = 0;
                }
            }
            if (n != 0) {
                pl181_fifo_push(s, value);
            }
        } else { /* write */
            n = 0;
            while (s->datacnt > 0 && (s->fifo_len > 0 || n > 0)) {
                if (n == 0) {
                    value = pl181_fifo_pop(s);
                    n = 4;
                }
                n--;
                s->datacnt--;
                sd_write_data(s->card, value & 0xff);
                value >>= 8;
            }
        }
    }
    s->status &= ~(PL181_STATUS_RX_FIFO | PL181_STATUS_TX_FIFO);
    if (s->datacnt == 0) {
        s->status |= PL181_STATUS_DATAEND;
        /* HACK: */
        s->status |= PL181_STATUS_DATABLOCKEND;
        DPRINTF("Transfer Complete\n");
    }
    if (s->datacnt == 0 && s->fifo_len == 0) {
        s->datactrl &= ~PL181_DATA_ENABLE;
        DPRINTF("Data engine idle\n");
    } else {
        /* Update FIFO bits.  */
        bits = PL181_STATUS_TXACTIVE | PL181_STATUS_RXACTIVE;
        if (s->fifo_len == 0) {
            bits |= PL181_STATUS_TXFIFOEMPTY;
            bits |= PL181_STATUS_RXFIFOEMPTY;
        } else {
            bits |= PL181_STATUS_TXDATAAVLBL;
            bits |= PL181_STATUS_RXDATAAVLBL;
        }
        if (s->fifo_len == 16) {
            bits |= PL181_STATUS_TXFIFOFULL;
            bits |= PL181_STATUS_RXFIFOFULL;
        }
        if (s->fifo_len <= 8) {
            bits |= PL181_STATUS_TXFIFOHALFEMPTY;
        }
        if (s->fifo_len >= 8) {
            bits |= PL181_STATUS_RXFIFOHALFFULL;
        }
        if (s->datactrl & PL181_DATA_DIRECTION) {
            bits &= PL181_STATUS_RX_FIFO;
        } else {
            bits &= PL181_STATUS_TX_FIFO;
        }
        s->status |= bits;
    }
}

static uint64_t pl181_read(void *opaque, hwaddr offset,
                           unsigned size)
{
    PL181State *s = (PL181State *)opaque;
    uint32_t tmp;

    if (offset >= 0xfe0 && offset < 0x1000) {
        return pl181_id[(offset - 0xfe0) >> 2];
    }
    switch (offset) {
    case 0x00: /* Power */
        return s->power;
    case 0x04: /* Clock */
        return s->clock;
    case 0x08: /* Argument */
        return s->cmdarg;
    case 0x0c: /* Command */
        return s->cmd;
    case 0x10: /* RespCmd */
        return s->respcmd;
    case 0x14: /* Response0 */
        return s->response[0];
    case 0x18: /* Response1 */
        return s->response[1];
    case 0x1c: /* Response2 */
        return s->response[2];
    case 0x20: /* Response3 */
        return s->response[3];
    case 0x24: /* DataTimer */
        return s->datatimer;
    case 0x28: /* DataLength */
        return s->datalength;
    case 0x2c: /* DataCtrl */
        return s->datactrl;
    case 0x30: /* DataCnt */
        return s->datacnt;
    case 0x34: /* Status */
        tmp = s->status;
        if (s->linux_hack) {
            s->linux_hack = 0;
            pl181_fifo_run(s);
            pl181_update(s);
        }
        return tmp;
    case 0x3c: /* Mask0 */
        return s->mask[0];
    case 0x40: /* Mask1 */
        return s->mask[1];
    case 0x48: /* FifoCnt */
        /* The documentation is somewhat vague about exactly what FifoCnt
           does.  On real hardware it appears to be when decrememnted
           when a word is transferred between the FIFO and the serial
           data engine.  DataCnt is decremented after each byte is
           transferred between the serial engine and the card.
           We don't emulate this level of detail, so both can be the same.  */
        tmp = (s->datacnt + 3) >> 2;
        if (s->linux_hack) {
            s->linux_hack = 0;
            pl181_fifo_run(s);
            pl181_update(s);
        }
        return tmp;
    case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
    case 0x90: case 0x94: case 0x98: case 0x9c:
    case 0xa0: case 0xa4: case 0xa8: case 0xac:
    case 0xb0: case 0xb4: case 0xb8: case 0xbc:
        if (s->fifo_len == 0) {
            qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO read\n");
            return 0;
        } else {
            uint32_t value;
            value = pl181_fifo_pop(s);
            s->linux_hack = 1;
            pl181_fifo_run(s);
            pl181_update(s);
            return value;
        }
    default:
        qemu_log_mask(LOG_GUEST_ERROR,
                      "pl181_read: Bad offset %x\n", (int)offset);
        return 0;
    }
}

static void pl181_write(void *opaque, hwaddr offset,
                        uint64_t value, unsigned size)
{
    PL181State *s = (PL181State *)opaque;

    switch (offset) {
    case 0x00: /* Power */
        s->power = value & 0xff;
        break;
    case 0x04: /* Clock */
        s->clock = value & 0xff;
        break;
    case 0x08: /* Argument */
        s->cmdarg = value;
        break;
    case 0x0c: /* Command */
        s->cmd = value;
        if (s->cmd & PL181_CMD_ENABLE) {
            if (s->cmd & PL181_CMD_INTERRUPT) {
                qemu_log_mask(LOG_UNIMP,
                              "pl181: Interrupt mode not implemented\n");
            } if (s->cmd & PL181_CMD_PENDING) {
                qemu_log_mask(LOG_UNIMP,
                              "pl181: Pending commands not implemented\n");
            } else {
                pl181_send_command(s);
                pl181_fifo_run(s);
            }
            /* The command has completed one way or the other.  */
            s->cmd &= ~PL181_CMD_ENABLE;
        }
        break;
    case 0x24: /* DataTimer */
        s->datatimer = value;
        break;
    case 0x28: /* DataLength */
        s->datalength = value & 0xffff;
        break;
    case 0x2c: /* DataCtrl */
        s->datactrl = value & 0xff;
        if (value & PL181_DATA_ENABLE) {
            s->datacnt = s->datalength;
            pl181_fifo_run(s);
        }
        break;
    case 0x38: /* Clear */
        s->status &= ~(value & 0x7ff);
        break;
    case 0x3c: /* Mask0 */
        s->mask[0] = value;
        break;
    case 0x40: /* Mask1 */
        s->mask[1] = value;
        break;
    case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
    case 0x90: case 0x94: case 0x98: case 0x9c:
    case 0xa0: case 0xa4: case 0xa8: case 0xac:
    case 0xb0: case 0xb4: case 0xb8: case 0xbc:
        if (s->datacnt == 0) {
            qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO write\n");
        } else {
            pl181_fifo_push(s, value);
            pl181_fifo_run(s);
        }
        break;
    default:
        qemu_log_mask(LOG_GUEST_ERROR,
                      "pl181_write: Bad offset %x\n", (int)offset);
    }
    pl181_update(s);
}

static const MemoryRegionOps pl181_ops = {
    .read = pl181_read,
    .write = pl181_write,
    .endianness = DEVICE_NATIVE_ENDIAN,
};

static void pl181_reset(DeviceState *d)
{
    PL181State *s = PL181(d);

    s->power = 0;
    s->cmdarg = 0;
    s->cmd = 0;
    s->datatimer = 0;
    s->datalength = 0;
    s->respcmd = 0;
    s->response[0] = 0;
    s->response[1] = 0;
    s->response[2] = 0;
    s->response[3] = 0;
    s->datatimer = 0;
    s->datalength = 0;
    s->datactrl = 0;
    s->datacnt = 0;
    s->status = 0;
    s->linux_hack = 0;
    s->mask[0] = 0;
    s->mask[1] = 0;

    /* We can assume our GPIO outputs have been wired up now */
    sd_set_cb(s->card, s->cardstatus[0], s->cardstatus[1]);
    /* Since we're still using the legacy SD API the card is not plugged
     * into any bus, and we must reset it manually.
     */
    device_reset(DEVICE(s->card));
}

static void pl181_init(Object *obj)
{
    DeviceState *dev = DEVICE(obj);
    PL181State *s = PL181(obj);
    SysBusDevice *sbd = SYS_BUS_DEVICE(obj);

    memory_region_init_io(&s->iomem, obj, &pl181_ops, s, "pl181", 0x1000);
    sysbus_init_mmio(sbd, &s->iomem);
    sysbus_init_irq(sbd, &s->irq[0]);
    sysbus_init_irq(sbd, &s->irq[1]);
    qdev_init_gpio_out(dev, s->cardstatus, 2);
}

static void pl181_realize(DeviceState *dev, Error **errp)
{
    PL181State *s = PL181(dev);
    DriveInfo *dinfo;

    /* FIXME use a qdev drive property instead of drive_get_next() */
    dinfo = drive_get_next(IF_SD);
    s->card = sd_init(dinfo ? blk_by_legacy_dinfo(dinfo) : NULL, false);
    if (s->card == NULL) {
        error_setg(errp, "sd_init failed");
    }
}

static void pl181_class_init(ObjectClass *klass, void *data)
{
    DeviceClass *k = DEVICE_CLASS(klass);

    k->vmsd = &vmstate_pl181;
    k->reset = pl181_reset;
    /* Reason: init() method uses drive_get_next() */
    k->user_creatable = false;
    k->realize = pl181_realize;
}

static const TypeInfo pl181_info = {
    .name          = TYPE_PL181,
    .parent        = TYPE_SYS_BUS_DEVICE,
    .instance_size = sizeof(PL181State),
    .instance_init = pl181_init,
    .class_init    = pl181_class_init,
};

static void pl181_register_types(void)
{
    type_register_static(&pl181_info);
}

type_init(pl181_register_types)
Commit	Line	Data
5fafdf24	1	/*
a1bb27b1 PB	2	* Arm PrimeCell PL181 MultiMedia Card Interface
	3	*
	4	* Copyright (c) 2007 CodeSourcery.
	5	* Written by Paul Brook
	6	*
8e31bf38	7	* This code is licensed under the GPL.
a1bb27b1 PB	8	*/
a1bb27b1 PB	9
8ef94f0b	10	#include "qemu/osdep.h"
9c17d615	11	#include "sysemu/blockdev.h"
83c9f4ca	12	#include "hw/sysbus.h"
e3382ef0	13	#include "hw/sd/sd.h"
03dd024f	14	#include "qemu/log.h"
0d554cb0	15	#include "qapi/error.h"
a1bb27b1 PB	16
	17	//#define DEBUG_PL181 1
	18
	19	#ifdef DEBUG_PL181
001faf32 BS	20	#define DPRINTF(fmt, ...) \
001faf32 BS	21	do { printf("pl181: " fmt , ## __VA_ARGS__); } while (0)
a1bb27b1	22	#else
001faf32	23	#define DPRINTF(fmt, ...) do {} while(0)
a1bb27b1 PB	24	#endif
	25
	26	#define PL181_FIFO_LEN 16
	27
630f4442 AF	28	#define TYPE_PL181 "pl181"
	29	#define PL181(obj) OBJECT_CHECK(PL181State, (obj), TYPE_PL181)
	30
1d998d93	31	typedef struct PL181State {
630f4442 AF	32	SysBusDevice parent_obj;
630f4442 AF	33
ca45842a	34	MemoryRegion iomem;
42a10898	35	SDState *card;
a1bb27b1 PB	36	uint32_t clock;
	37	uint32_t power;
	38	uint32_t cmdarg;
	39	uint32_t cmd;
	40	uint32_t datatimer;
	41	uint32_t datalength;
	42	uint32_t respcmd;
	43	uint32_t response[4];
	44	uint32_t datactrl;
	45	uint32_t datacnt;
	46	uint32_t status;
	47	uint32_t mask[2];
624923be PM	48	int32_t fifo_pos;
624923be PM	49	int32_t fifo_len;
6361cdb6	50	/* The linux 2.6.21 driver is buggy, and misbehaves if new data arrives
67cc32eb	51	while it is reading the FIFO. We hack around this by deferring
6361cdb6 PB	52	subsequent transfers until after the driver polls the status word.
	53	http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=4446/1
	54	*/
624923be	55	int32_t linux_hack;
a1bb27b1	56	uint32_t fifo[PL181_FIFO_LEN];
d537cf6c	57	qemu_irq irq[2];
c31a4724 PM	58	/* GPIO outputs for 'card is readonly' and 'card inserted' */
c31a4724 PM	59	qemu_irq cardstatus[2];
1d998d93	60	} PL181State;
a1bb27b1	61
624923be PM	62	static const VMStateDescription vmstate_pl181 = {
	63	.name = "pl181",
	64	.version_id = 1,
	65	.minimum_version_id = 1,
	66	.fields = (VMStateField[]) {
1d998d93 AF	67	VMSTATE_UINT32(clock, PL181State),
	68	VMSTATE_UINT32(power, PL181State),
	69	VMSTATE_UINT32(cmdarg, PL181State),
	70	VMSTATE_UINT32(cmd, PL181State),
	71	VMSTATE_UINT32(datatimer, PL181State),
	72	VMSTATE_UINT32(datalength, PL181State),
	73	VMSTATE_UINT32(respcmd, PL181State),
	74	VMSTATE_UINT32_ARRAY(response, PL181State, 4),
	75	VMSTATE_UINT32(datactrl, PL181State),
	76	VMSTATE_UINT32(datacnt, PL181State),
	77	VMSTATE_UINT32(status, PL181State),
	78	VMSTATE_UINT32_ARRAY(mask, PL181State, 2),
	79	VMSTATE_INT32(fifo_pos, PL181State),
	80	VMSTATE_INT32(fifo_len, PL181State),
	81	VMSTATE_INT32(linux_hack, PL181State),
	82	VMSTATE_UINT32_ARRAY(fifo, PL181State, PL181_FIFO_LEN),
624923be PM	83	VMSTATE_END_OF_LIST()
	84	}
	85	};
	86
a1bb27b1 PB	87	#define PL181_CMD_INDEX 0x3f
	88	#define PL181_CMD_RESPONSE (1 << 6)
	89	#define PL181_CMD_LONGRESP (1 << 7)
	90	#define PL181_CMD_INTERRUPT (1 << 8)
	91	#define PL181_CMD_PENDING (1 << 9)
	92	#define PL181_CMD_ENABLE (1 << 10)
	93
	94	#define PL181_DATA_ENABLE (1 << 0)
	95	#define PL181_DATA_DIRECTION (1 << 1)
	96	#define PL181_DATA_MODE (1 << 2)
	97	#define PL181_DATA_DMAENABLE (1 << 3)
	98
	99	#define PL181_STATUS_CMDCRCFAIL (1 << 0)
	100	#define PL181_STATUS_DATACRCFAIL (1 << 1)
	101	#define PL181_STATUS_CMDTIMEOUT (1 << 2)
	102	#define PL181_STATUS_DATATIMEOUT (1 << 3)
	103	#define PL181_STATUS_TXUNDERRUN (1 << 4)
	104	#define PL181_STATUS_RXOVERRUN (1 << 5)
	105	#define PL181_STATUS_CMDRESPEND (1 << 6)
	106	#define PL181_STATUS_CMDSENT (1 << 7)
	107	#define PL181_STATUS_DATAEND (1 << 8)
	108	#define PL181_STATUS_DATABLOCKEND (1 << 10)
	109	#define PL181_STATUS_CMDACTIVE (1 << 11)
	110	#define PL181_STATUS_TXACTIVE (1 << 12)
	111	#define PL181_STATUS_RXACTIVE (1 << 13)
	112	#define PL181_STATUS_TXFIFOHALFEMPTY (1 << 14)
	113	#define PL181_STATUS_RXFIFOHALFFULL (1 << 15)
	114	#define PL181_STATUS_TXFIFOFULL (1 << 16)
	115	#define PL181_STATUS_RXFIFOFULL (1 << 17)
	116	#define PL181_STATUS_TXFIFOEMPTY (1 << 18)
	117	#define PL181_STATUS_RXFIFOEMPTY (1 << 19)
	118	#define PL181_STATUS_TXDATAAVLBL (1 << 20)
	119	#define PL181_STATUS_RXDATAAVLBL (1 << 21)
	120
	121	#define PL181_STATUS_TX_FIFO (PL181_STATUS_TXACTIVE \
	122	\|PL181_STATUS_TXFIFOHALFEMPTY \
	123	\|PL181_STATUS_TXFIFOFULL \
	124	\|PL181_STATUS_TXFIFOEMPTY \
	125	\|PL181_STATUS_TXDATAAVLBL)
	126	#define PL181_STATUS_RX_FIFO (PL181_STATUS_RXACTIVE \
	127	\|PL181_STATUS_RXFIFOHALFFULL \
	128	\|PL181_STATUS_RXFIFOFULL \
	129	\|PL181_STATUS_RXFIFOEMPTY \
	130	\|PL181_STATUS_RXDATAAVLBL)
	131
	132	static const unsigned char pl181_id[] =
	133	{ 0x81, 0x11, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
	134
1d998d93	135	static void pl181_update(PL181State *s)
a1bb27b1 PB	136	{
	137	int i;
	138	for (i = 0; i < 2; i++) {
d537cf6c	139	qemu_set_irq(s->irq[i], (s->status & s->mask[i]) != 0);
a1bb27b1 PB	140	}
	141	}
	142
1d998d93	143	static void pl181_fifo_push(PL181State *s, uint32_t value)
a1bb27b1 PB	144	{
	145	int n;
	146
	147	if (s->fifo_len == PL181_FIFO_LEN) {
	148	fprintf(stderr, "pl181: FIFO overflow\n");
	149	return;
	150	}
	151	n = (s->fifo_pos + s->fifo_len) & (PL181_FIFO_LEN - 1);
	152	s->fifo_len++;
	153	s->fifo[n] = value;
	154	DPRINTF("FIFO push %08x\n", (int)value);
	155	}
	156
1d998d93	157	static uint32_t pl181_fifo_pop(PL181State *s)
a1bb27b1 PB	158	{
	159	uint32_t value;
	160
	161	if (s->fifo_len == 0) {
	162	fprintf(stderr, "pl181: FIFO underflow\n");
	163	return 0;
	164	}
	165	value = s->fifo[s->fifo_pos];
	166	s->fifo_len--;
	167	s->fifo_pos = (s->fifo_pos + 1) & (PL181_FIFO_LEN - 1);
	168	DPRINTF("FIFO pop %08x\n", (int)value);
	169	return value;
	170	}
	171
1d998d93	172	static void pl181_send_command(PL181State *s)
a1bb27b1	173	{
bc24a225	174	SDRequest request;
a1bb27b1 PB	175	uint8_t response[16];
	176	int rlen;
	177
	178	request.cmd = s->cmd & PL181_CMD_INDEX;
	179	request.arg = s->cmdarg;
	180	DPRINTF("Command %d %08x\n", request.cmd, request.arg);
	181	rlen = sd_do_command(s->card, &request, response);
	182	if (rlen < 0)
	183	goto error;
	184	if (s->cmd & PL181_CMD_RESPONSE) {
a1bb27b1 PB	185	if (rlen == 0 \|\| (rlen == 4 && (s->cmd & PL181_CMD_LONGRESP)))
	186	goto error;
	187	if (rlen != 4 && rlen != 16)
	188	goto error;
b3141c06	189	s->response[0] = ldl_be_p(&response[0]);
a1bb27b1 PB	190	if (rlen == 4) {
	191	s->response[1] = s->response[2] = s->response[3] = 0;
	192	} else {
b3141c06 PMD	193	s->response[1] = ldl_be_p(&response[4]);
	194	s->response[2] = ldl_be_p(&response[8]);
	195	s->response[3] = ldl_be_p(&response[12]) & ~1;
a1bb27b1	196	}
aa1f17c1	197	DPRINTF("Response received\n");
a1bb27b1	198	s->status \|= PL181_STATUS_CMDRESPEND;
a1bb27b1 PB	199	} else {
	200	DPRINTF("Command sent\n");
	201	s->status \|= PL181_STATUS_CMDSENT;
	202	}
	203	return;
	204
	205	error:
	206	DPRINTF("Timeout\n");
	207	s->status \|= PL181_STATUS_CMDTIMEOUT;
	208	}
	209
aa1f17c1	210	/* Transfer data between the card and the FIFO. This is complicated by
a1bb27b1 PB	211	the FIFO holding 32-bit words and the card taking data in single byte
a1bb27b1 PB	212	chunks. FIFO bytes are transferred in little-endian order. */
3b46e624	213
1d998d93	214	static void pl181_fifo_run(PL181State *s)
a1bb27b1 PB	215	{
a1bb27b1 PB	216	uint32_t bits;
f21126df	217	uint32_t value = 0;
a1bb27b1	218	int n;
a1bb27b1 PB	219	int is_read;
	220
	221	is_read = (s->datactrl & PL181_DATA_DIRECTION) != 0;
6361cdb6 PB	222	if (s->datacnt != 0 && (!is_read \|\| sd_data_ready(s->card))
6361cdb6 PB	223	&& !s->linux_hack) {
bc3b26f5 PB	224	if (is_read) {
bc3b26f5 PB	225	n = 0;
bc3b26f5	226	while (s->datacnt && s->fifo_len < PL181_FIFO_LEN) {
a1bb27b1	227	value \|= (uint32_t)sd_read_data(s->card) << (n * 8);
bc3b26f5	228	s->datacnt--;
a1bb27b1 PB	229	n++;
	230	if (n == 4) {
	231	pl181_fifo_push(s, value);
a1bb27b1	232	n = 0;
bc3b26f5	233	value = 0;
a1bb27b1	234	}
bc3b26f5 PB	235	}
	236	if (n != 0) {
	237	pl181_fifo_push(s, value);
	238	}
	239	} else { /* write */
	240	n = 0;
	241	while (s->datacnt > 0 && (s->fifo_len > 0 \|\| n > 0)) {
a1bb27b1 PB	242	if (n == 0) {
	243	value = pl181_fifo_pop(s);
	244	n = 4;
	245	}
bc3b26f5 PB	246	n--;
bc3b26f5 PB	247	s->datacnt--;
a1bb27b1 PB	248	sd_write_data(s->card, value & 0xff);
a1bb27b1 PB	249	value >>= 8;
a1bb27b1	250	}
a1bb27b1 PB	251	}
	252	}
	253	s->status &= ~(PL181_STATUS_RX_FIFO \| PL181_STATUS_TX_FIFO);
	254	if (s->datacnt == 0) {
	255	s->status \|= PL181_STATUS_DATAEND;
	256	/* HACK: */
	257	s->status \|= PL181_STATUS_DATABLOCKEND;
	258	DPRINTF("Transfer Complete\n");
	259	}
6361cdb6	260	if (s->datacnt == 0 && s->fifo_len == 0) {
a1bb27b1 PB	261	s->datactrl &= ~PL181_DATA_ENABLE;
	262	DPRINTF("Data engine idle\n");
	263	} else {
	264	/* Update FIFO bits. */
	265	bits = PL181_STATUS_TXACTIVE \| PL181_STATUS_RXACTIVE;
	266	if (s->fifo_len == 0) {
	267	bits \|= PL181_STATUS_TXFIFOEMPTY;
	268	bits \|= PL181_STATUS_RXFIFOEMPTY;
	269	} else {
	270	bits \|= PL181_STATUS_TXDATAAVLBL;
	271	bits \|= PL181_STATUS_RXDATAAVLBL;
	272	}
	273	if (s->fifo_len == 16) {
	274	bits \|= PL181_STATUS_TXFIFOFULL;
	275	bits \|= PL181_STATUS_RXFIFOFULL;
	276	}
	277	if (s->fifo_len <= 8) {
	278	bits \|= PL181_STATUS_TXFIFOHALFEMPTY;
	279	}
	280	if (s->fifo_len >= 8) {
	281	bits \|= PL181_STATUS_RXFIFOHALFFULL;
	282	}
	283	if (s->datactrl & PL181_DATA_DIRECTION) {
	284	bits &= PL181_STATUS_RX_FIFO;
	285	} else {
	286	bits &= PL181_STATUS_TX_FIFO;
	287	}
	288	s->status \|= bits;
	289	}
	290	}
	291
a8170e5e	292	static uint64_t pl181_read(void *opaque, hwaddr offset,
ca45842a	293	unsigned size)
a1bb27b1	294	{
1d998d93	295	PL181State s = (PL181State )opaque;
6361cdb6	296	uint32_t tmp;
a1bb27b1	297
a1bb27b1 PB	298	if (offset >= 0xfe0 && offset < 0x1000) {
	299	return pl181_id[(offset - 0xfe0) >> 2];
	300	}
	301	switch (offset) {
	302	case 0x00: /* Power */
	303	return s->power;
	304	case 0x04: /* Clock */
	305	return s->clock;
	306	case 0x08: /* Argument */
	307	return s->cmdarg;
	308	case 0x0c: /* Command */
	309	return s->cmd;
	310	case 0x10: /* RespCmd */
	311	return s->respcmd;
	312	case 0x14: /* Response0 */
	313	return s->response[0];
	314	case 0x18: /* Response1 */
	315	return s->response[1];
	316	case 0x1c: /* Response2 */
	317	return s->response[2];
	318	case 0x20: /* Response3 */
	319	return s->response[3];
	320	case 0x24: /* DataTimer */
	321	return s->datatimer;
	322	case 0x28: /* DataLength */
	323	return s->datalength;
	324	case 0x2c: /* DataCtrl */
	325	return s->datactrl;
	326	case 0x30: /* DataCnt */
	327	return s->datacnt;
	328	case 0x34: /* Status */
6361cdb6 PB	329	tmp = s->status;
	330	if (s->linux_hack) {
	331	s->linux_hack = 0;
	332	pl181_fifo_run(s);
	333	pl181_update(s);
	334	}
	335	return tmp;
a1bb27b1 PB	336	case 0x3c: /* Mask0 */
	337	return s->mask[0];
	338	case 0x40: /* Mask1 */
	339	return s->mask[1];
	340	case 0x48: /* FifoCnt */
6361cdb6 PB	341	/* The documentation is somewhat vague about exactly what FifoCnt
6361cdb6 PB	342	does. On real hardware it appears to be when decrememnted
66a0a2cb	343	when a word is transferred between the FIFO and the serial
6361cdb6	344	data engine. DataCnt is decremented after each byte is
66a0a2cb	345	transferred between the serial engine and the card.
6361cdb6 PB	346	We don't emulate this level of detail, so both can be the same. */
	347	tmp = (s->datacnt + 3) >> 2;
	348	if (s->linux_hack) {
	349	s->linux_hack = 0;
	350	pl181_fifo_run(s);
	351	pl181_update(s);
	352	}
	353	return tmp;
a1bb27b1 PB	354	case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
	355	case 0x90: case 0x94: case 0x98: case 0x9c:
	356	case 0xa0: case 0xa4: case 0xa8: case 0xac:
	357	case 0xb0: case 0xb4: case 0xb8: case 0xbc:
6361cdb6	358	if (s->fifo_len == 0) {
9351d708	359	qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO read\n");
a1bb27b1 PB	360	return 0;
	361	} else {
	362	uint32_t value;
a1bb27b1	363	value = pl181_fifo_pop(s);
6361cdb6	364	s->linux_hack = 1;
a1bb27b1 PB	365	pl181_fifo_run(s);
	366	pl181_update(s);
	367	return value;
	368	}
	369	default:
9351d708 PM	370	qemu_log_mask(LOG_GUEST_ERROR,
9351d708 PM	371	"pl181_read: Bad offset %x\n", (int)offset);
a1bb27b1 PB	372	return 0;
	373	}
	374	}
	375
a8170e5e	376	static void pl181_write(void *opaque, hwaddr offset,
ca45842a	377	uint64_t value, unsigned size)
a1bb27b1	378	{
1d998d93	379	PL181State s = (PL181State )opaque;
a1bb27b1	380
a1bb27b1 PB	381	switch (offset) {
	382	case 0x00: /* Power */
	383	s->power = value & 0xff;
	384	break;
	385	case 0x04: /* Clock */
	386	s->clock = value & 0xff;
	387	break;
	388	case 0x08: /* Argument */
	389	s->cmdarg = value;
	390	break;
	391	case 0x0c: /* Command */
	392	s->cmd = value;
	393	if (s->cmd & PL181_CMD_ENABLE) {
	394	if (s->cmd & PL181_CMD_INTERRUPT) {
9351d708 PM	395	qemu_log_mask(LOG_UNIMP,
9351d708 PM	396	"pl181: Interrupt mode not implemented\n");
a1bb27b1	397	} if (s->cmd & PL181_CMD_PENDING) {
9351d708 PM	398	qemu_log_mask(LOG_UNIMP,
9351d708 PM	399	"pl181: Pending commands not implemented\n");
a1bb27b1 PB	400	} else {
	401	pl181_send_command(s);
	402	pl181_fifo_run(s);
	403	}
	404	/* The command has completed one way or the other. */
	405	s->cmd &= ~PL181_CMD_ENABLE;
	406	}
	407	break;
	408	case 0x24: /* DataTimer */
	409	s->datatimer = value;
	410	break;
	411	case 0x28: /* DataLength */
	412	s->datalength = value & 0xffff;
	413	break;
	414	case 0x2c: /* DataCtrl */
	415	s->datactrl = value & 0xff;
	416	if (value & PL181_DATA_ENABLE) {
	417	s->datacnt = s->datalength;
a1bb27b1 PB	418	pl181_fifo_run(s);
	419	}
	420	break;
	421	case 0x38: /* Clear */
	422	s->status &= ~(value & 0x7ff);
	423	break;
	424	case 0x3c: /* Mask0 */
	425	s->mask[0] = value;
	426	break;
	427	case 0x40: /* Mask1 */
	428	s->mask[1] = value;
	429	break;
	430	case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
	431	case 0x90: case 0x94: case 0x98: case 0x9c:
	432	case 0xa0: case 0xa4: case 0xa8: case 0xac:
	433	case 0xb0: case 0xb4: case 0xb8: case 0xbc:
6361cdb6	434	if (s->datacnt == 0) {
9351d708	435	qemu_log_mask(LOG_GUEST_ERROR, "pl181: Unexpected FIFO write\n");
a1bb27b1	436	} else {
a1bb27b1 PB	437	pl181_fifo_push(s, value);
	438	pl181_fifo_run(s);
	439	}
	440	break;
	441	default:
9351d708 PM	442	qemu_log_mask(LOG_GUEST_ERROR,
9351d708 PM	443	"pl181_write: Bad offset %x\n", (int)offset);
a1bb27b1 PB	444	}
	445	pl181_update(s);
	446	}
	447
ca45842a AK	448	static const MemoryRegionOps pl181_ops = {
	449	.read = pl181_read,
	450	.write = pl181_write,
	451	.endianness = DEVICE_NATIVE_ENDIAN,
a1bb27b1 PB	452	};
a1bb27b1 PB	453
624923be	454	static void pl181_reset(DeviceState *d)
a1bb27b1	455	{
630f4442	456	PL181State *s = PL181(d);
a1bb27b1 PB	457
	458	s->power = 0;
	459	s->cmdarg = 0;
	460	s->cmd = 0;
	461	s->datatimer = 0;
	462	s->datalength = 0;
	463	s->respcmd = 0;
	464	s->response[0] = 0;
	465	s->response[1] = 0;
	466	s->response[2] = 0;
	467	s->response[3] = 0;
	468	s->datatimer = 0;
	469	s->datalength = 0;
	470	s->datactrl = 0;
	471	s->datacnt = 0;
	472	s->status = 0;
6361cdb6	473	s->linux_hack = 0;
a1bb27b1 PB	474	s->mask[0] = 0;
a1bb27b1 PB	475	s->mask[1] = 0;
c31a4724 PM	476
	477	/* We can assume our GPIO outputs have been wired up now */
	478	sd_set_cb(s->card, s->cardstatus[0], s->cardstatus[1]);
0cb57cc7 PM	479	/* Since we're still using the legacy SD API the card is not plugged
	480	* into any bus, and we must reset it manually.
	481	*/
	482	device_reset(DEVICE(s->card));
a1bb27b1 PB	483	}
a1bb27b1 PB	484
0d554cb0	485	static void pl181_init(Object *obj)
a1bb27b1	486	{
0d554cb0 XZ	487	DeviceState *dev = DEVICE(obj);
	488	PL181State *s = PL181(obj);
	489	SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
a1bb27b1	490
0d554cb0	491	memory_region_init_io(&s->iomem, obj, &pl181_ops, s, "pl181", 0x1000);
630f4442 AF	492	sysbus_init_mmio(sbd, &s->iomem);
	493	sysbus_init_irq(sbd, &s->irq[0]);
	494	sysbus_init_irq(sbd, &s->irq[1]);
	495	qdev_init_gpio_out(dev, s->cardstatus, 2);
0d554cb0 XZ	496	}
	497
	498	static void pl181_realize(DeviceState dev, Error *errp)
	499	{
	500	PL181State *s = PL181(dev);
	501	DriveInfo *dinfo;
	502
af9e40aa	503	/* FIXME use a qdev drive property instead of drive_get_next() */
13839974	504	dinfo = drive_get_next(IF_SD);
4be74634	505	s->card = sd_init(dinfo ? blk_by_legacy_dinfo(dinfo) : NULL, false);
4f8a066b	506	if (s->card == NULL) {
0d554cb0	507	error_setg(errp, "sd_init failed");
4f8a066b	508	}
a1bb27b1	509	}
aa9311d8	510
999e12bb AL	511	static void pl181_class_init(ObjectClass klass, void data)
999e12bb AL	512	{
39bffca2	513	DeviceClass *k = DEVICE_CLASS(klass);
999e12bb	514
39bffca2 AL	515	k->vmsd = &vmstate_pl181;
39bffca2 AL	516	k->reset = pl181_reset;
9f9bdf43	517	/* Reason: init() method uses drive_get_next() */
e90f2a8c	518	k->user_creatable = false;
0d554cb0	519	k->realize = pl181_realize;
999e12bb AL	520	}
999e12bb AL	521
8c43a6f0	522	static const TypeInfo pl181_info = {
630f4442	523	.name = TYPE_PL181,
39bffca2	524	.parent = TYPE_SYS_BUS_DEVICE,
1d998d93	525	.instance_size = sizeof(PL181State),
0d554cb0	526	.instance_init = pl181_init,
39bffca2	527	.class_init = pl181_class_init,
624923be PM	528	};
624923be PM	529
83f7d43a	530	static void pl181_register_types(void)
aa9311d8	531	{
39bffca2	532	type_register_static(&pl181_info);
aa9311d8 PB	533	}
aa9311d8 PB	534
83f7d43a	535	type_init(pl181_register_types)