Fix 32-bit overflow in parallels image support
[qemu-kvm/fedora.git] / hw / omap_mmc.c
blob9aadfc9042036d4ac91b358e77683ca8f0e8a3bd
1 /*
2 * OMAP on-chip MMC/SD host emulation.
4 * Copyright (C) 2006-2007 Andrzej Zaborowski <balrog@zabor.org>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License as
8 * published by the Free Software Foundation; either version 2 or
9 * (at your option) version 3 of the License.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, see <http://www.gnu.org/licenses/>.
19 #include "hw.h"
20 #include "omap.h"
21 #include "sd.h"
23 struct omap_mmc_s {
24 qemu_irq irq;
25 qemu_irq *dma;
26 qemu_irq coverswitch;
27 omap_clk clk;
28 SDState *card;
29 uint16_t last_cmd;
30 uint16_t sdio;
31 uint16_t rsp[8];
32 uint32_t arg;
33 int lines;
34 int dw;
35 int mode;
36 int enable;
37 int be;
38 int rev;
39 uint16_t status;
40 uint16_t mask;
41 uint8_t cto;
42 uint16_t dto;
43 int clkdiv;
44 uint16_t fifo[32];
45 int fifo_start;
46 int fifo_len;
47 uint16_t blen;
48 uint16_t blen_counter;
49 uint16_t nblk;
50 uint16_t nblk_counter;
51 int tx_dma;
52 int rx_dma;
53 int af_level;
54 int ae_level;
56 int ddir;
57 int transfer;
59 int cdet_wakeup;
60 int cdet_enable;
61 int cdet_state;
62 qemu_irq cdet;
65 static void omap_mmc_interrupts_update(struct omap_mmc_s *s)
67 qemu_set_irq(s->irq, !!(s->status & s->mask));
70 static void omap_mmc_fifolevel_update(struct omap_mmc_s *host)
72 if (!host->transfer && !host->fifo_len) {
73 host->status &= 0xf3ff;
74 return;
77 if (host->fifo_len > host->af_level && host->ddir) {
78 if (host->rx_dma) {
79 host->status &= 0xfbff;
80 qemu_irq_raise(host->dma[1]);
81 } else
82 host->status |= 0x0400;
83 } else {
84 host->status &= 0xfbff;
85 qemu_irq_lower(host->dma[1]);
88 if (host->fifo_len < host->ae_level && !host->ddir) {
89 if (host->tx_dma) {
90 host->status &= 0xf7ff;
91 qemu_irq_raise(host->dma[0]);
92 } else
93 host->status |= 0x0800;
94 } else {
95 qemu_irq_lower(host->dma[0]);
96 host->status &= 0xf7ff;
100 typedef enum {
101 sd_nore = 0, /* no response */
102 sd_r1, /* normal response command */
103 sd_r2, /* CID, CSD registers */
104 sd_r3, /* OCR register */
105 sd_r6 = 6, /* Published RCA response */
106 sd_r1b = -1,
107 } sd_rsp_type_t;
109 static void omap_mmc_command(struct omap_mmc_s *host, int cmd, int dir,
110 sd_cmd_type_t type, int busy, sd_rsp_type_t resptype, int init)
112 uint32_t rspstatus, mask;
113 int rsplen, timeout;
114 SDRequest request;
115 uint8_t response[16];
117 if (init && cmd == 0) {
118 host->status |= 0x0001;
119 return;
122 if (resptype == sd_r1 && busy)
123 resptype = sd_r1b;
125 if (type == sd_adtc) {
126 host->fifo_start = 0;
127 host->fifo_len = 0;
128 host->transfer = 1;
129 host->ddir = dir;
130 } else
131 host->transfer = 0;
132 timeout = 0;
133 mask = 0;
134 rspstatus = 0;
136 request.cmd = cmd;
137 request.arg = host->arg;
138 request.crc = 0; /* FIXME */
140 rsplen = sd_do_command(host->card, &request, response);
142 /* TODO: validate CRCs */
143 switch (resptype) {
144 case sd_nore:
145 rsplen = 0;
146 break;
148 case sd_r1:
149 case sd_r1b:
150 if (rsplen < 4) {
151 timeout = 1;
152 break;
154 rsplen = 4;
156 mask = OUT_OF_RANGE | ADDRESS_ERROR | BLOCK_LEN_ERROR |
157 ERASE_SEQ_ERROR | ERASE_PARAM | WP_VIOLATION |
158 LOCK_UNLOCK_FAILED | COM_CRC_ERROR | ILLEGAL_COMMAND |
159 CARD_ECC_FAILED | CC_ERROR | SD_ERROR |
160 CID_CSD_OVERWRITE;
161 if (host->sdio & (1 << 13))
162 mask |= AKE_SEQ_ERROR;
163 rspstatus = (response[0] << 24) | (response[1] << 16) |
164 (response[2] << 8) | (response[3] << 0);
165 break;
167 case sd_r2:
168 if (rsplen < 16) {
169 timeout = 1;
170 break;
172 rsplen = 16;
173 break;
175 case sd_r3:
176 if (rsplen < 4) {
177 timeout = 1;
178 break;
180 rsplen = 4;
182 rspstatus = (response[0] << 24) | (response[1] << 16) |
183 (response[2] << 8) | (response[3] << 0);
184 if (rspstatus & 0x80000000)
185 host->status &= 0xe000;
186 else
187 host->status |= 0x1000;
188 break;
190 case sd_r6:
191 if (rsplen < 4) {
192 timeout = 1;
193 break;
195 rsplen = 4;
197 mask = 0xe000 | AKE_SEQ_ERROR;
198 rspstatus = (response[2] << 8) | (response[3] << 0);
201 if (rspstatus & mask)
202 host->status |= 0x4000;
203 else
204 host->status &= 0xb000;
206 if (rsplen)
207 for (rsplen = 0; rsplen < 8; rsplen ++)
208 host->rsp[~rsplen & 7] = response[(rsplen << 1) | 1] |
209 (response[(rsplen << 1) | 0] << 8);
211 if (timeout)
212 host->status |= 0x0080;
213 else if (cmd == 12)
214 host->status |= 0x0005; /* Makes it more real */
215 else
216 host->status |= 0x0001;
219 static void omap_mmc_transfer(struct omap_mmc_s *host)
221 uint8_t value;
223 if (!host->transfer)
224 return;
226 while (1) {
227 if (host->ddir) {
228 if (host->fifo_len > host->af_level)
229 break;
231 value = sd_read_data(host->card);
232 host->fifo[(host->fifo_start + host->fifo_len) & 31] = value;
233 if (-- host->blen_counter) {
234 value = sd_read_data(host->card);
235 host->fifo[(host->fifo_start + host->fifo_len) & 31] |=
236 value << 8;
237 host->blen_counter --;
240 host->fifo_len ++;
241 } else {
242 if (!host->fifo_len)
243 break;
245 value = host->fifo[host->fifo_start] & 0xff;
246 sd_write_data(host->card, value);
247 if (-- host->blen_counter) {
248 value = host->fifo[host->fifo_start] >> 8;
249 sd_write_data(host->card, value);
250 host->blen_counter --;
253 host->fifo_start ++;
254 host->fifo_len --;
255 host->fifo_start &= 31;
258 if (host->blen_counter == 0) {
259 host->nblk_counter --;
260 host->blen_counter = host->blen;
262 if (host->nblk_counter == 0) {
263 host->nblk_counter = host->nblk;
264 host->transfer = 0;
265 host->status |= 0x0008;
266 break;
272 static void omap_mmc_update(void *opaque)
274 struct omap_mmc_s *s = opaque;
275 omap_mmc_transfer(s);
276 omap_mmc_fifolevel_update(s);
277 omap_mmc_interrupts_update(s);
280 void omap_mmc_reset(struct omap_mmc_s *host)
282 host->last_cmd = 0;
283 memset(host->rsp, 0, sizeof(host->rsp));
284 host->arg = 0;
285 host->dw = 0;
286 host->mode = 0;
287 host->enable = 0;
288 host->status = 0;
289 host->mask = 0;
290 host->cto = 0;
291 host->dto = 0;
292 host->fifo_len = 0;
293 host->blen = 0;
294 host->blen_counter = 0;
295 host->nblk = 0;
296 host->nblk_counter = 0;
297 host->tx_dma = 0;
298 host->rx_dma = 0;
299 host->ae_level = 0x00;
300 host->af_level = 0x1f;
301 host->transfer = 0;
302 host->cdet_wakeup = 0;
303 host->cdet_enable = 0;
304 qemu_set_irq(host->coverswitch, host->cdet_state);
305 host->clkdiv = 0;
308 static uint32_t omap_mmc_read(void *opaque, target_phys_addr_t offset)
310 uint16_t i;
311 struct omap_mmc_s *s = (struct omap_mmc_s *) opaque;
312 offset &= OMAP_MPUI_REG_MASK;
314 switch (offset) {
315 case 0x00: /* MMC_CMD */
316 return s->last_cmd;
318 case 0x04: /* MMC_ARGL */
319 return s->arg & 0x0000ffff;
321 case 0x08: /* MMC_ARGH */
322 return s->arg >> 16;
324 case 0x0c: /* MMC_CON */
325 return (s->dw << 15) | (s->mode << 12) | (s->enable << 11) |
326 (s->be << 10) | s->clkdiv;
328 case 0x10: /* MMC_STAT */
329 return s->status;
331 case 0x14: /* MMC_IE */
332 return s->mask;
334 case 0x18: /* MMC_CTO */
335 return s->cto;
337 case 0x1c: /* MMC_DTO */
338 return s->dto;
340 case 0x20: /* MMC_DATA */
341 /* TODO: support 8-bit access */
342 i = s->fifo[s->fifo_start];
343 if (s->fifo_len == 0) {
344 printf("MMC: FIFO underrun\n");
345 return i;
347 s->fifo_start ++;
348 s->fifo_len --;
349 s->fifo_start &= 31;
350 omap_mmc_transfer(s);
351 omap_mmc_fifolevel_update(s);
352 omap_mmc_interrupts_update(s);
353 return i;
355 case 0x24: /* MMC_BLEN */
356 return s->blen_counter;
358 case 0x28: /* MMC_NBLK */
359 return s->nblk_counter;
361 case 0x2c: /* MMC_BUF */
362 return (s->rx_dma << 15) | (s->af_level << 8) |
363 (s->tx_dma << 7) | s->ae_level;
365 case 0x30: /* MMC_SPI */
366 return 0x0000;
367 case 0x34: /* MMC_SDIO */
368 return (s->cdet_wakeup << 2) | (s->cdet_enable) | s->sdio;
369 case 0x38: /* MMC_SYST */
370 return 0x0000;
372 case 0x3c: /* MMC_REV */
373 return s->rev;
375 case 0x40: /* MMC_RSP0 */
376 case 0x44: /* MMC_RSP1 */
377 case 0x48: /* MMC_RSP2 */
378 case 0x4c: /* MMC_RSP3 */
379 case 0x50: /* MMC_RSP4 */
380 case 0x54: /* MMC_RSP5 */
381 case 0x58: /* MMC_RSP6 */
382 case 0x5c: /* MMC_RSP7 */
383 return s->rsp[(offset - 0x40) >> 2];
385 /* OMAP2-specific */
386 case 0x60: /* MMC_IOSR */
387 case 0x64: /* MMC_SYSC */
388 return 0;
389 case 0x68: /* MMC_SYSS */
390 return 1; /* RSTD */
393 OMAP_BAD_REG(offset);
394 return 0;
397 static void omap_mmc_write(void *opaque, target_phys_addr_t offset,
398 uint32_t value)
400 int i;
401 struct omap_mmc_s *s = (struct omap_mmc_s *) opaque;
402 offset &= OMAP_MPUI_REG_MASK;
404 switch (offset) {
405 case 0x00: /* MMC_CMD */
406 if (!s->enable)
407 break;
409 s->last_cmd = value;
410 for (i = 0; i < 8; i ++)
411 s->rsp[i] = 0x0000;
412 omap_mmc_command(s, value & 63, (value >> 15) & 1,
413 (sd_cmd_type_t) ((value >> 12) & 3),
414 (value >> 11) & 1,
415 (sd_rsp_type_t) ((value >> 8) & 7),
416 (value >> 7) & 1);
417 omap_mmc_update(s);
418 break;
420 case 0x04: /* MMC_ARGL */
421 s->arg &= 0xffff0000;
422 s->arg |= 0x0000ffff & value;
423 break;
425 case 0x08: /* MMC_ARGH */
426 s->arg &= 0x0000ffff;
427 s->arg |= value << 16;
428 break;
430 case 0x0c: /* MMC_CON */
431 s->dw = (value >> 15) & 1;
432 s->mode = (value >> 12) & 3;
433 s->enable = (value >> 11) & 1;
434 s->be = (value >> 10) & 1;
435 s->clkdiv = (value >> 0) & (s->rev >= 2 ? 0x3ff : 0xff);
436 if (s->mode != 0)
437 printf("SD mode %i unimplemented!\n", s->mode);
438 if (s->be != 0)
439 printf("SD FIFO byte sex unimplemented!\n");
440 if (s->dw != 0 && s->lines < 4)
441 printf("4-bit SD bus enabled\n");
442 if (!s->enable)
443 omap_mmc_reset(s);
444 break;
446 case 0x10: /* MMC_STAT */
447 s->status &= ~value;
448 omap_mmc_interrupts_update(s);
449 break;
451 case 0x14: /* MMC_IE */
452 s->mask = value & 0x7fff;
453 omap_mmc_interrupts_update(s);
454 break;
456 case 0x18: /* MMC_CTO */
457 s->cto = value & 0xff;
458 if (s->cto > 0xfd && s->rev <= 1)
459 printf("MMC: CTO of 0xff and 0xfe cannot be used!\n");
460 break;
462 case 0x1c: /* MMC_DTO */
463 s->dto = value & 0xffff;
464 break;
466 case 0x20: /* MMC_DATA */
467 /* TODO: support 8-bit access */
468 if (s->fifo_len == 32)
469 break;
470 s->fifo[(s->fifo_start + s->fifo_len) & 31] = value;
471 s->fifo_len ++;
472 omap_mmc_transfer(s);
473 omap_mmc_fifolevel_update(s);
474 omap_mmc_interrupts_update(s);
475 break;
477 case 0x24: /* MMC_BLEN */
478 s->blen = (value & 0x07ff) + 1;
479 s->blen_counter = s->blen;
480 break;
482 case 0x28: /* MMC_NBLK */
483 s->nblk = (value & 0x07ff) + 1;
484 s->nblk_counter = s->nblk;
485 s->blen_counter = s->blen;
486 break;
488 case 0x2c: /* MMC_BUF */
489 s->rx_dma = (value >> 15) & 1;
490 s->af_level = (value >> 8) & 0x1f;
491 s->tx_dma = (value >> 7) & 1;
492 s->ae_level = value & 0x1f;
494 if (s->rx_dma)
495 s->status &= 0xfbff;
496 if (s->tx_dma)
497 s->status &= 0xf7ff;
498 omap_mmc_fifolevel_update(s);
499 omap_mmc_interrupts_update(s);
500 break;
502 /* SPI, SDIO and TEST modes unimplemented */
503 case 0x30: /* MMC_SPI (OMAP1 only) */
504 break;
505 case 0x34: /* MMC_SDIO */
506 s->sdio = value & (s->rev >= 2 ? 0xfbf3 : 0x2020);
507 s->cdet_wakeup = (value >> 9) & 1;
508 s->cdet_enable = (value >> 2) & 1;
509 break;
510 case 0x38: /* MMC_SYST */
511 break;
513 case 0x3c: /* MMC_REV */
514 case 0x40: /* MMC_RSP0 */
515 case 0x44: /* MMC_RSP1 */
516 case 0x48: /* MMC_RSP2 */
517 case 0x4c: /* MMC_RSP3 */
518 case 0x50: /* MMC_RSP4 */
519 case 0x54: /* MMC_RSP5 */
520 case 0x58: /* MMC_RSP6 */
521 case 0x5c: /* MMC_RSP7 */
522 OMAP_RO_REG(offset);
523 break;
525 /* OMAP2-specific */
526 case 0x60: /* MMC_IOSR */
527 if (value & 0xf)
528 printf("MMC: SDIO bits used!\n");
529 break;
530 case 0x64: /* MMC_SYSC */
531 if (value & (1 << 2)) /* SRTS */
532 omap_mmc_reset(s);
533 break;
534 case 0x68: /* MMC_SYSS */
535 OMAP_RO_REG(offset);
536 break;
538 default:
539 OMAP_BAD_REG(offset);
543 static CPUReadMemoryFunc *omap_mmc_readfn[] = {
544 omap_badwidth_read16,
545 omap_mmc_read,
546 omap_badwidth_read16,
549 static CPUWriteMemoryFunc *omap_mmc_writefn[] = {
550 omap_badwidth_write16,
551 omap_mmc_write,
552 omap_badwidth_write16,
555 static void omap_mmc_cover_cb(void *opaque, int line, int level)
557 struct omap_mmc_s *host = (struct omap_mmc_s *) opaque;
559 if (!host->cdet_state && level) {
560 host->status |= 0x0002;
561 omap_mmc_interrupts_update(host);
562 if (host->cdet_wakeup)
563 /* TODO: Assert wake-up */;
566 if (host->cdet_state != level) {
567 qemu_set_irq(host->coverswitch, level);
568 host->cdet_state = level;
572 struct omap_mmc_s *omap_mmc_init(target_phys_addr_t base,
573 BlockDriverState *bd,
574 qemu_irq irq, qemu_irq dma[], omap_clk clk)
576 int iomemtype;
577 struct omap_mmc_s *s = (struct omap_mmc_s *)
578 qemu_mallocz(sizeof(struct omap_mmc_s));
580 s->irq = irq;
581 s->dma = dma;
582 s->clk = clk;
583 s->lines = 1; /* TODO: needs to be settable per-board */
584 s->rev = 1;
586 omap_mmc_reset(s);
588 iomemtype = cpu_register_io_memory(omap_mmc_readfn,
589 omap_mmc_writefn, s);
590 cpu_register_physical_memory(base, 0x800, iomemtype);
592 /* Instantiate the storage */
593 s->card = sd_init(bd, 0);
595 return s;
598 struct omap_mmc_s *omap2_mmc_init(struct omap_target_agent_s *ta,
599 BlockDriverState *bd, qemu_irq irq, qemu_irq dma[],
600 omap_clk fclk, omap_clk iclk)
602 int iomemtype;
603 struct omap_mmc_s *s = (struct omap_mmc_s *)
604 qemu_mallocz(sizeof(struct omap_mmc_s));
606 s->irq = irq;
607 s->dma = dma;
608 s->clk = fclk;
609 s->lines = 4;
610 s->rev = 2;
612 omap_mmc_reset(s);
614 iomemtype = l4_register_io_memory(omap_mmc_readfn,
615 omap_mmc_writefn, s);
616 omap_l4_attach(ta, 0, iomemtype);
618 /* Instantiate the storage */
619 s->card = sd_init(bd, 0);
621 s->cdet = qemu_allocate_irqs(omap_mmc_cover_cb, s, 1)[0];
622 sd_set_cb(s->card, 0, s->cdet);
624 return s;
627 void omap_mmc_handlers(struct omap_mmc_s *s, qemu_irq ro, qemu_irq cover)
629 if (s->cdet) {
630 sd_set_cb(s->card, ro, s->cdet);
631 s->coverswitch = cover;
632 qemu_set_irq(cover, s->cdet_state);
633 } else
634 sd_set_cb(s->card, ro, cover);
637 void omap_mmc_enable(struct omap_mmc_s *s, int enable)
639 sd_enable(s->card, enable);