vvfat: fat_chksum(): fix access above array bounds
[qemu.git] / hw / tusb6010.c
blob4864be5e8d01ab5bfc22d70ff32190d74f62f86a
1 /*
2 * Texas Instruments TUSB6010 emulation.
3 * Based on reverse-engineering of a linux driver.
5 * Copyright (C) 2008 Nokia Corporation
6 * Written by Andrzej Zaborowski <andrew@openedhand.com>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License as
10 * published by the Free Software Foundation; either version 2 or
11 * (at your option) version 3 of the License.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, see <http://www.gnu.org/licenses/>.
21 #include "qemu-common.h"
22 #include "qemu-timer.h"
23 #include "usb.h"
24 #include "omap.h"
25 #include "irq.h"
26 #include "devices.h"
28 struct TUSBState {
29 int iomemtype[2];
30 qemu_irq irq;
31 MUSBState *musb;
32 QEMUTimer *otg_timer;
33 QEMUTimer *pwr_timer;
35 int power;
36 uint32_t scratch;
37 uint16_t test_reset;
38 uint32_t prcm_config;
39 uint32_t prcm_mngmt;
40 uint16_t otg_status;
41 uint32_t dev_config;
42 int host_mode;
43 uint32_t intr;
44 uint32_t intr_ok;
45 uint32_t mask;
46 uint32_t usbip_intr;
47 uint32_t usbip_mask;
48 uint32_t gpio_intr;
49 uint32_t gpio_mask;
50 uint32_t gpio_config;
51 uint32_t dma_intr;
52 uint32_t dma_mask;
53 uint32_t dma_map;
54 uint32_t dma_config;
55 uint32_t ep0_config;
56 uint32_t rx_config[15];
57 uint32_t tx_config[15];
58 uint32_t wkup_mask;
59 uint32_t pullup[2];
60 uint32_t control_config;
61 uint32_t otg_timer_val;
64 #define TUSB_DEVCLOCK 60000000 /* 60 MHz */
66 #define TUSB_VLYNQ_CTRL 0x004
68 /* Mentor Graphics OTG core registers. */
69 #define TUSB_BASE_OFFSET 0x400
71 /* FIFO registers, 32-bit. */
72 #define TUSB_FIFO_BASE 0x600
74 /* Device System & Control registers, 32-bit. */
75 #define TUSB_SYS_REG_BASE 0x800
77 #define TUSB_DEV_CONF (TUSB_SYS_REG_BASE + 0x000)
78 #define TUSB_DEV_CONF_USB_HOST_MODE (1 << 16)
79 #define TUSB_DEV_CONF_PROD_TEST_MODE (1 << 15)
80 #define TUSB_DEV_CONF_SOFT_ID (1 << 1)
81 #define TUSB_DEV_CONF_ID_SEL (1 << 0)
83 #define TUSB_PHY_OTG_CTRL_ENABLE (TUSB_SYS_REG_BASE + 0x004)
84 #define TUSB_PHY_OTG_CTRL (TUSB_SYS_REG_BASE + 0x008)
85 #define TUSB_PHY_OTG_CTRL_WRPROTECT (0xa5 << 24)
86 #define TUSB_PHY_OTG_CTRL_O_ID_PULLUP (1 << 23)
87 #define TUSB_PHY_OTG_CTRL_O_VBUS_DET_EN (1 << 19)
88 #define TUSB_PHY_OTG_CTRL_O_SESS_END_EN (1 << 18)
89 #define TUSB_PHY_OTG_CTRL_TESTM2 (1 << 17)
90 #define TUSB_PHY_OTG_CTRL_TESTM1 (1 << 16)
91 #define TUSB_PHY_OTG_CTRL_TESTM0 (1 << 15)
92 #define TUSB_PHY_OTG_CTRL_TX_DATA2 (1 << 14)
93 #define TUSB_PHY_OTG_CTRL_TX_GZ2 (1 << 13)
94 #define TUSB_PHY_OTG_CTRL_TX_ENABLE2 (1 << 12)
95 #define TUSB_PHY_OTG_CTRL_DM_PULLDOWN (1 << 11)
96 #define TUSB_PHY_OTG_CTRL_DP_PULLDOWN (1 << 10)
97 #define TUSB_PHY_OTG_CTRL_OSC_EN (1 << 9)
98 #define TUSB_PHY_OTG_CTRL_PHYREF_CLK(v) (((v) & 3) << 7)
99 #define TUSB_PHY_OTG_CTRL_PD (1 << 6)
100 #define TUSB_PHY_OTG_CTRL_PLL_ON (1 << 5)
101 #define TUSB_PHY_OTG_CTRL_EXT_RPU (1 << 4)
102 #define TUSB_PHY_OTG_CTRL_PWR_GOOD (1 << 3)
103 #define TUSB_PHY_OTG_CTRL_RESET (1 << 2)
104 #define TUSB_PHY_OTG_CTRL_SUSPENDM (1 << 1)
105 #define TUSB_PHY_OTG_CTRL_CLK_MODE (1 << 0)
107 /* OTG status register */
108 #define TUSB_DEV_OTG_STAT (TUSB_SYS_REG_BASE + 0x00c)
109 #define TUSB_DEV_OTG_STAT_PWR_CLK_GOOD (1 << 8)
110 #define TUSB_DEV_OTG_STAT_SESS_END (1 << 7)
111 #define TUSB_DEV_OTG_STAT_SESS_VALID (1 << 6)
112 #define TUSB_DEV_OTG_STAT_VBUS_VALID (1 << 5)
113 #define TUSB_DEV_OTG_STAT_VBUS_SENSE (1 << 4)
114 #define TUSB_DEV_OTG_STAT_ID_STATUS (1 << 3)
115 #define TUSB_DEV_OTG_STAT_HOST_DISCON (1 << 2)
116 #define TUSB_DEV_OTG_STAT_LINE_STATE (3 << 0)
117 #define TUSB_DEV_OTG_STAT_DP_ENABLE (1 << 1)
118 #define TUSB_DEV_OTG_STAT_DM_ENABLE (1 << 0)
120 #define TUSB_DEV_OTG_TIMER (TUSB_SYS_REG_BASE + 0x010)
121 #define TUSB_DEV_OTG_TIMER_ENABLE (1 << 31)
122 #define TUSB_DEV_OTG_TIMER_VAL(v) ((v) & 0x07ffffff)
123 #define TUSB_PRCM_REV (TUSB_SYS_REG_BASE + 0x014)
125 /* PRCM configuration register */
126 #define TUSB_PRCM_CONF (TUSB_SYS_REG_BASE + 0x018)
127 #define TUSB_PRCM_CONF_SFW_CPEN (1 << 24)
128 #define TUSB_PRCM_CONF_SYS_CLKSEL(v) (((v) & 3) << 16)
130 /* PRCM management register */
131 #define TUSB_PRCM_MNGMT (TUSB_SYS_REG_BASE + 0x01c)
132 #define TUSB_PRCM_MNGMT_SRP_FIX_TMR(v) (((v) & 0xf) << 25)
133 #define TUSB_PRCM_MNGMT_SRP_FIX_EN (1 << 24)
134 #define TUSB_PRCM_MNGMT_VBUS_VAL_TMR(v) (((v) & 0xf) << 20)
135 #define TUSB_PRCM_MNGMT_VBUS_VAL_FLT_EN (1 << 19)
136 #define TUSB_PRCM_MNGMT_DFT_CLK_DIS (1 << 18)
137 #define TUSB_PRCM_MNGMT_VLYNQ_CLK_DIS (1 << 17)
138 #define TUSB_PRCM_MNGMT_OTG_SESS_END_EN (1 << 10)
139 #define TUSB_PRCM_MNGMT_OTG_VBUS_DET_EN (1 << 9)
140 #define TUSB_PRCM_MNGMT_OTG_ID_PULLUP (1 << 8)
141 #define TUSB_PRCM_MNGMT_15_SW_EN (1 << 4)
142 #define TUSB_PRCM_MNGMT_33_SW_EN (1 << 3)
143 #define TUSB_PRCM_MNGMT_5V_CPEN (1 << 2)
144 #define TUSB_PRCM_MNGMT_PM_IDLE (1 << 1)
145 #define TUSB_PRCM_MNGMT_DEV_IDLE (1 << 0)
147 /* Wake-up source clear and mask registers */
148 #define TUSB_PRCM_WAKEUP_SOURCE (TUSB_SYS_REG_BASE + 0x020)
149 #define TUSB_PRCM_WAKEUP_CLEAR (TUSB_SYS_REG_BASE + 0x028)
150 #define TUSB_PRCM_WAKEUP_MASK (TUSB_SYS_REG_BASE + 0x02c)
151 #define TUSB_PRCM_WAKEUP_RESERVED_BITS (0xffffe << 13)
152 #define TUSB_PRCM_WGPIO_7 (1 << 12)
153 #define TUSB_PRCM_WGPIO_6 (1 << 11)
154 #define TUSB_PRCM_WGPIO_5 (1 << 10)
155 #define TUSB_PRCM_WGPIO_4 (1 << 9)
156 #define TUSB_PRCM_WGPIO_3 (1 << 8)
157 #define TUSB_PRCM_WGPIO_2 (1 << 7)
158 #define TUSB_PRCM_WGPIO_1 (1 << 6)
159 #define TUSB_PRCM_WGPIO_0 (1 << 5)
160 #define TUSB_PRCM_WHOSTDISCON (1 << 4) /* Host disconnect */
161 #define TUSB_PRCM_WBUS (1 << 3) /* USB bus resume */
162 #define TUSB_PRCM_WNORCS (1 << 2) /* NOR chip select */
163 #define TUSB_PRCM_WVBUS (1 << 1) /* OTG PHY VBUS */
164 #define TUSB_PRCM_WID (1 << 0) /* OTG PHY ID detect */
166 #define TUSB_PULLUP_1_CTRL (TUSB_SYS_REG_BASE + 0x030)
167 #define TUSB_PULLUP_2_CTRL (TUSB_SYS_REG_BASE + 0x034)
168 #define TUSB_INT_CTRL_REV (TUSB_SYS_REG_BASE + 0x038)
169 #define TUSB_INT_CTRL_CONF (TUSB_SYS_REG_BASE + 0x03c)
170 #define TUSB_USBIP_INT_SRC (TUSB_SYS_REG_BASE + 0x040)
171 #define TUSB_USBIP_INT_SET (TUSB_SYS_REG_BASE + 0x044)
172 #define TUSB_USBIP_INT_CLEAR (TUSB_SYS_REG_BASE + 0x048)
173 #define TUSB_USBIP_INT_MASK (TUSB_SYS_REG_BASE + 0x04c)
174 #define TUSB_DMA_INT_SRC (TUSB_SYS_REG_BASE + 0x050)
175 #define TUSB_DMA_INT_SET (TUSB_SYS_REG_BASE + 0x054)
176 #define TUSB_DMA_INT_CLEAR (TUSB_SYS_REG_BASE + 0x058)
177 #define TUSB_DMA_INT_MASK (TUSB_SYS_REG_BASE + 0x05c)
178 #define TUSB_GPIO_INT_SRC (TUSB_SYS_REG_BASE + 0x060)
179 #define TUSB_GPIO_INT_SET (TUSB_SYS_REG_BASE + 0x064)
180 #define TUSB_GPIO_INT_CLEAR (TUSB_SYS_REG_BASE + 0x068)
181 #define TUSB_GPIO_INT_MASK (TUSB_SYS_REG_BASE + 0x06c)
183 /* NOR flash interrupt source registers */
184 #define TUSB_INT_SRC (TUSB_SYS_REG_BASE + 0x070)
185 #define TUSB_INT_SRC_SET (TUSB_SYS_REG_BASE + 0x074)
186 #define TUSB_INT_SRC_CLEAR (TUSB_SYS_REG_BASE + 0x078)
187 #define TUSB_INT_MASK (TUSB_SYS_REG_BASE + 0x07c)
188 #define TUSB_INT_SRC_TXRX_DMA_DONE (1 << 24)
189 #define TUSB_INT_SRC_USB_IP_CORE (1 << 17)
190 #define TUSB_INT_SRC_OTG_TIMEOUT (1 << 16)
191 #define TUSB_INT_SRC_VBUS_SENSE_CHNG (1 << 15)
192 #define TUSB_INT_SRC_ID_STATUS_CHNG (1 << 14)
193 #define TUSB_INT_SRC_DEV_WAKEUP (1 << 13)
194 #define TUSB_INT_SRC_DEV_READY (1 << 12)
195 #define TUSB_INT_SRC_USB_IP_TX (1 << 9)
196 #define TUSB_INT_SRC_USB_IP_RX (1 << 8)
197 #define TUSB_INT_SRC_USB_IP_VBUS_ERR (1 << 7)
198 #define TUSB_INT_SRC_USB_IP_VBUS_REQ (1 << 6)
199 #define TUSB_INT_SRC_USB_IP_DISCON (1 << 5)
200 #define TUSB_INT_SRC_USB_IP_CONN (1 << 4)
201 #define TUSB_INT_SRC_USB_IP_SOF (1 << 3)
202 #define TUSB_INT_SRC_USB_IP_RST_BABBLE (1 << 2)
203 #define TUSB_INT_SRC_USB_IP_RESUME (1 << 1)
204 #define TUSB_INT_SRC_USB_IP_SUSPEND (1 << 0)
206 #define TUSB_GPIO_REV (TUSB_SYS_REG_BASE + 0x080)
207 #define TUSB_GPIO_CONF (TUSB_SYS_REG_BASE + 0x084)
208 #define TUSB_DMA_CTRL_REV (TUSB_SYS_REG_BASE + 0x100)
209 #define TUSB_DMA_REQ_CONF (TUSB_SYS_REG_BASE + 0x104)
210 #define TUSB_EP0_CONF (TUSB_SYS_REG_BASE + 0x108)
211 #define TUSB_EP_IN_SIZE (TUSB_SYS_REG_BASE + 0x10c)
212 #define TUSB_DMA_EP_MAP (TUSB_SYS_REG_BASE + 0x148)
213 #define TUSB_EP_OUT_SIZE (TUSB_SYS_REG_BASE + 0x14c)
214 #define TUSB_EP_MAX_PACKET_SIZE_OFFSET (TUSB_SYS_REG_BASE + 0x188)
215 #define TUSB_SCRATCH_PAD (TUSB_SYS_REG_BASE + 0x1c4)
216 #define TUSB_WAIT_COUNT (TUSB_SYS_REG_BASE + 0x1c8)
217 #define TUSB_PROD_TEST_RESET (TUSB_SYS_REG_BASE + 0x1d8)
219 #define TUSB_DIDR1_LO (TUSB_SYS_REG_BASE + 0x1f8)
220 #define TUSB_DIDR1_HI (TUSB_SYS_REG_BASE + 0x1fc)
222 /* Device System & Control register bitfields */
223 #define TUSB_INT_CTRL_CONF_INT_RLCYC(v) (((v) & 0x7) << 18)
224 #define TUSB_INT_CTRL_CONF_INT_POLARITY (1 << 17)
225 #define TUSB_INT_CTRL_CONF_INT_MODE (1 << 16)
226 #define TUSB_GPIO_CONF_DMAREQ(v) (((v) & 0x3f) << 24)
227 #define TUSB_DMA_REQ_CONF_BURST_SIZE(v) (((v) & 3) << 26)
228 #define TUSB_DMA_REQ_CONF_DMA_RQ_EN(v) (((v) & 0x3f) << 20)
229 #define TUSB_DMA_REQ_CONF_DMA_RQ_ASR(v) (((v) & 0xf) << 16)
230 #define TUSB_EP0_CONFIG_SW_EN (1 << 8)
231 #define TUSB_EP0_CONFIG_DIR_TX (1 << 7)
232 #define TUSB_EP0_CONFIG_XFR_SIZE(v) ((v) & 0x7f)
233 #define TUSB_EP_CONFIG_SW_EN (1 << 31)
234 #define TUSB_EP_CONFIG_XFR_SIZE(v) ((v) & 0x7fffffff)
235 #define TUSB_PROD_TEST_RESET_VAL 0xa596
237 int tusb6010_sync_io(TUSBState *s)
239 return s->iomemtype[0];
242 int tusb6010_async_io(TUSBState *s)
244 return s->iomemtype[1];
247 static void tusb_intr_update(TUSBState *s)
249 if (s->control_config & TUSB_INT_CTRL_CONF_INT_POLARITY)
250 qemu_set_irq(s->irq, s->intr & ~s->mask & s->intr_ok);
251 else
252 qemu_set_irq(s->irq, (!(s->intr & ~s->mask)) & s->intr_ok);
255 static void tusb_usbip_intr_update(TUSBState *s)
257 /* TX interrupt in the MUSB */
258 if (s->usbip_intr & 0x0000ffff & ~s->usbip_mask)
259 s->intr |= TUSB_INT_SRC_USB_IP_TX;
260 else
261 s->intr &= ~TUSB_INT_SRC_USB_IP_TX;
263 /* RX interrupt in the MUSB */
264 if (s->usbip_intr & 0xffff0000 & ~s->usbip_mask)
265 s->intr |= TUSB_INT_SRC_USB_IP_RX;
266 else
267 s->intr &= ~TUSB_INT_SRC_USB_IP_RX;
269 /* XXX: What about TUSB_INT_SRC_USB_IP_CORE? */
271 tusb_intr_update(s);
274 static void tusb_dma_intr_update(TUSBState *s)
276 if (s->dma_intr & ~s->dma_mask)
277 s->intr |= TUSB_INT_SRC_TXRX_DMA_DONE;
278 else
279 s->intr &= ~TUSB_INT_SRC_TXRX_DMA_DONE;
281 tusb_intr_update(s);
284 static void tusb_gpio_intr_update(TUSBState *s)
286 /* TODO: How is this signalled? */
289 extern CPUReadMemoryFunc * const musb_read[];
290 extern CPUWriteMemoryFunc * const musb_write[];
292 static uint32_t tusb_async_readb(void *opaque, target_phys_addr_t addr)
294 TUSBState *s = (TUSBState *) opaque;
296 switch (addr & 0xfff) {
297 case TUSB_BASE_OFFSET ... (TUSB_BASE_OFFSET | 0x1ff):
298 return musb_read[0](s->musb, addr & 0x1ff);
300 case TUSB_FIFO_BASE ... (TUSB_FIFO_BASE | 0x1ff):
301 return musb_read[0](s->musb, 0x20 + ((addr >> 3) & 0x3c));
304 printf("%s: unknown register at %03x\n",
305 __FUNCTION__, (int) (addr & 0xfff));
306 return 0;
309 static uint32_t tusb_async_readh(void *opaque, target_phys_addr_t addr)
311 TUSBState *s = (TUSBState *) opaque;
313 switch (addr & 0xfff) {
314 case TUSB_BASE_OFFSET ... (TUSB_BASE_OFFSET | 0x1ff):
315 return musb_read[1](s->musb, addr & 0x1ff);
317 case TUSB_FIFO_BASE ... (TUSB_FIFO_BASE | 0x1ff):
318 return musb_read[1](s->musb, 0x20 + ((addr >> 3) & 0x3c));
321 printf("%s: unknown register at %03x\n",
322 __FUNCTION__, (int) (addr & 0xfff));
323 return 0;
326 static uint32_t tusb_async_readw(void *opaque, target_phys_addr_t addr)
328 TUSBState *s = (TUSBState *) opaque;
329 int offset = addr & 0xfff;
330 int epnum;
331 uint32_t ret;
333 switch (offset) {
334 case TUSB_DEV_CONF:
335 return s->dev_config;
337 case TUSB_BASE_OFFSET ... (TUSB_BASE_OFFSET | 0x1ff):
338 return musb_read[2](s->musb, offset & 0x1ff);
340 case TUSB_FIFO_BASE ... (TUSB_FIFO_BASE | 0x1ff):
341 return musb_read[2](s->musb, 0x20 + ((addr >> 3) & 0x3c));
343 case TUSB_PHY_OTG_CTRL_ENABLE:
344 case TUSB_PHY_OTG_CTRL:
345 return 0x00; /* TODO */
347 case TUSB_DEV_OTG_STAT:
348 ret = s->otg_status;
349 #if 0
350 if (!(s->prcm_mngmt & TUSB_PRCM_MNGMT_OTG_VBUS_DET_EN))
351 ret &= ~TUSB_DEV_OTG_STAT_VBUS_VALID;
352 #endif
353 return ret;
354 case TUSB_DEV_OTG_TIMER:
355 return s->otg_timer_val;
357 case TUSB_PRCM_REV:
358 return 0x20;
359 case TUSB_PRCM_CONF:
360 return s->prcm_config;
361 case TUSB_PRCM_MNGMT:
362 return s->prcm_mngmt;
363 case TUSB_PRCM_WAKEUP_SOURCE:
364 case TUSB_PRCM_WAKEUP_CLEAR: /* TODO: What does this one return? */
365 return 0x00000000;
366 case TUSB_PRCM_WAKEUP_MASK:
367 return s->wkup_mask;
369 case TUSB_PULLUP_1_CTRL:
370 return s->pullup[0];
371 case TUSB_PULLUP_2_CTRL:
372 return s->pullup[1];
374 case TUSB_INT_CTRL_REV:
375 return 0x20;
376 case TUSB_INT_CTRL_CONF:
377 return s->control_config;
379 case TUSB_USBIP_INT_SRC:
380 case TUSB_USBIP_INT_SET: /* TODO: What do these two return? */
381 case TUSB_USBIP_INT_CLEAR:
382 return s->usbip_intr;
383 case TUSB_USBIP_INT_MASK:
384 return s->usbip_mask;
386 case TUSB_DMA_INT_SRC:
387 case TUSB_DMA_INT_SET: /* TODO: What do these two return? */
388 case TUSB_DMA_INT_CLEAR:
389 return s->dma_intr;
390 case TUSB_DMA_INT_MASK:
391 return s->dma_mask;
393 case TUSB_GPIO_INT_SRC: /* TODO: What do these two return? */
394 case TUSB_GPIO_INT_SET:
395 case TUSB_GPIO_INT_CLEAR:
396 return s->gpio_intr;
397 case TUSB_GPIO_INT_MASK:
398 return s->gpio_mask;
400 case TUSB_INT_SRC:
401 case TUSB_INT_SRC_SET: /* TODO: What do these two return? */
402 case TUSB_INT_SRC_CLEAR:
403 return s->intr;
404 case TUSB_INT_MASK:
405 return s->mask;
407 case TUSB_GPIO_REV:
408 return 0x30;
409 case TUSB_GPIO_CONF:
410 return s->gpio_config;
412 case TUSB_DMA_CTRL_REV:
413 return 0x30;
414 case TUSB_DMA_REQ_CONF:
415 return s->dma_config;
416 case TUSB_EP0_CONF:
417 return s->ep0_config;
418 case TUSB_EP_IN_SIZE ... (TUSB_EP_IN_SIZE + 0x3b):
419 epnum = (offset - TUSB_EP_IN_SIZE) >> 2;
420 return s->tx_config[epnum];
421 case TUSB_DMA_EP_MAP:
422 return s->dma_map;
423 case TUSB_EP_OUT_SIZE ... (TUSB_EP_OUT_SIZE + 0x3b):
424 epnum = (offset - TUSB_EP_OUT_SIZE) >> 2;
425 return s->rx_config[epnum];
426 case TUSB_EP_MAX_PACKET_SIZE_OFFSET ...
427 (TUSB_EP_MAX_PACKET_SIZE_OFFSET + 0x3b):
428 return 0x00000000; /* TODO */
429 case TUSB_WAIT_COUNT:
430 return 0x00; /* TODO */
432 case TUSB_SCRATCH_PAD:
433 return s->scratch;
435 case TUSB_PROD_TEST_RESET:
436 return s->test_reset;
438 /* DIE IDs */
439 case TUSB_DIDR1_LO:
440 return 0xa9453c59;
441 case TUSB_DIDR1_HI:
442 return 0x54059adf;
445 printf("%s: unknown register at %03x\n", __FUNCTION__, offset);
446 return 0;
449 static void tusb_async_writeb(void *opaque, target_phys_addr_t addr,
450 uint32_t value)
452 TUSBState *s = (TUSBState *) opaque;
454 switch (addr & 0xfff) {
455 case TUSB_BASE_OFFSET ... (TUSB_BASE_OFFSET | 0x1ff):
456 musb_write[0](s->musb, addr & 0x1ff, value);
457 break;
459 case TUSB_FIFO_BASE ... (TUSB_FIFO_BASE | 0x1ff):
460 musb_write[0](s->musb, 0x20 + ((addr >> 3) & 0x3c), value);
461 break;
463 default:
464 printf("%s: unknown register at %03x\n",
465 __FUNCTION__, (int) (addr & 0xfff));
466 return;
470 static void tusb_async_writeh(void *opaque, target_phys_addr_t addr,
471 uint32_t value)
473 TUSBState *s = (TUSBState *) opaque;
475 switch (addr & 0xfff) {
476 case TUSB_BASE_OFFSET ... (TUSB_BASE_OFFSET | 0x1ff):
477 musb_write[1](s->musb, addr & 0x1ff, value);
478 break;
480 case TUSB_FIFO_BASE ... (TUSB_FIFO_BASE | 0x1ff):
481 musb_write[1](s->musb, 0x20 + ((addr >> 3) & 0x3c), value);
482 break;
484 default:
485 printf("%s: unknown register at %03x\n",
486 __FUNCTION__, (int) (addr & 0xfff));
487 return;
491 static void tusb_async_writew(void *opaque, target_phys_addr_t addr,
492 uint32_t value)
494 TUSBState *s = (TUSBState *) opaque;
495 int offset = addr & 0xfff;
496 int epnum;
498 switch (offset) {
499 case TUSB_VLYNQ_CTRL:
500 break;
502 case TUSB_BASE_OFFSET ... (TUSB_BASE_OFFSET | 0x1ff):
503 musb_write[2](s->musb, offset & 0x1ff, value);
504 break;
506 case TUSB_FIFO_BASE ... (TUSB_FIFO_BASE | 0x1ff):
507 musb_write[2](s->musb, 0x20 + ((addr >> 3) & 0x3c), value);
508 break;
510 case TUSB_DEV_CONF:
511 s->dev_config = value;
512 s->host_mode = (value & TUSB_DEV_CONF_USB_HOST_MODE);
513 if (value & TUSB_DEV_CONF_PROD_TEST_MODE)
514 hw_error("%s: Product Test mode not allowed\n", __FUNCTION__);
515 break;
517 case TUSB_PHY_OTG_CTRL_ENABLE:
518 case TUSB_PHY_OTG_CTRL:
519 return; /* TODO */
520 case TUSB_DEV_OTG_TIMER:
521 s->otg_timer_val = value;
522 if (value & TUSB_DEV_OTG_TIMER_ENABLE)
523 qemu_mod_timer(s->otg_timer, qemu_get_clock(vm_clock) +
524 muldiv64(TUSB_DEV_OTG_TIMER_VAL(value),
525 get_ticks_per_sec(), TUSB_DEVCLOCK));
526 else
527 qemu_del_timer(s->otg_timer);
528 break;
530 case TUSB_PRCM_CONF:
531 s->prcm_config = value;
532 break;
533 case TUSB_PRCM_MNGMT:
534 s->prcm_mngmt = value;
535 break;
536 case TUSB_PRCM_WAKEUP_CLEAR:
537 break;
538 case TUSB_PRCM_WAKEUP_MASK:
539 s->wkup_mask = value;
540 break;
542 case TUSB_PULLUP_1_CTRL:
543 s->pullup[0] = value;
544 break;
545 case TUSB_PULLUP_2_CTRL:
546 s->pullup[1] = value;
547 break;
548 case TUSB_INT_CTRL_CONF:
549 s->control_config = value;
550 tusb_intr_update(s);
551 break;
553 case TUSB_USBIP_INT_SET:
554 s->usbip_intr |= value;
555 tusb_usbip_intr_update(s);
556 break;
557 case TUSB_USBIP_INT_CLEAR:
558 s->usbip_intr &= ~value;
559 tusb_usbip_intr_update(s);
560 musb_core_intr_clear(s->musb, ~value);
561 break;
562 case TUSB_USBIP_INT_MASK:
563 s->usbip_mask = value;
564 tusb_usbip_intr_update(s);
565 break;
567 case TUSB_DMA_INT_SET:
568 s->dma_intr |= value;
569 tusb_dma_intr_update(s);
570 break;
571 case TUSB_DMA_INT_CLEAR:
572 s->dma_intr &= ~value;
573 tusb_dma_intr_update(s);
574 break;
575 case TUSB_DMA_INT_MASK:
576 s->dma_mask = value;
577 tusb_dma_intr_update(s);
578 break;
580 case TUSB_GPIO_INT_SET:
581 s->gpio_intr |= value;
582 tusb_gpio_intr_update(s);
583 break;
584 case TUSB_GPIO_INT_CLEAR:
585 s->gpio_intr &= ~value;
586 tusb_gpio_intr_update(s);
587 break;
588 case TUSB_GPIO_INT_MASK:
589 s->gpio_mask = value;
590 tusb_gpio_intr_update(s);
591 break;
593 case TUSB_INT_SRC_SET:
594 s->intr |= value;
595 tusb_intr_update(s);
596 break;
597 case TUSB_INT_SRC_CLEAR:
598 s->intr &= ~value;
599 tusb_intr_update(s);
600 break;
601 case TUSB_INT_MASK:
602 s->mask = value;
603 tusb_intr_update(s);
604 break;
606 case TUSB_GPIO_CONF:
607 s->gpio_config = value;
608 break;
609 case TUSB_DMA_REQ_CONF:
610 s->dma_config = value;
611 break;
612 case TUSB_EP0_CONF:
613 s->ep0_config = value & 0x1ff;
614 musb_set_size(s->musb, 0, TUSB_EP0_CONFIG_XFR_SIZE(value),
615 value & TUSB_EP0_CONFIG_DIR_TX);
616 break;
617 case TUSB_EP_IN_SIZE ... (TUSB_EP_IN_SIZE + 0x3b):
618 epnum = (offset - TUSB_EP_IN_SIZE) >> 2;
619 s->tx_config[epnum] = value;
620 musb_set_size(s->musb, epnum + 1, TUSB_EP_CONFIG_XFR_SIZE(value), 1);
621 break;
622 case TUSB_DMA_EP_MAP:
623 s->dma_map = value;
624 break;
625 case TUSB_EP_OUT_SIZE ... (TUSB_EP_OUT_SIZE + 0x3b):
626 epnum = (offset - TUSB_EP_OUT_SIZE) >> 2;
627 s->rx_config[epnum] = value;
628 musb_set_size(s->musb, epnum + 1, TUSB_EP_CONFIG_XFR_SIZE(value), 0);
629 break;
630 case TUSB_EP_MAX_PACKET_SIZE_OFFSET ...
631 (TUSB_EP_MAX_PACKET_SIZE_OFFSET + 0x3b):
632 return; /* TODO */
633 case TUSB_WAIT_COUNT:
634 return; /* TODO */
636 case TUSB_SCRATCH_PAD:
637 s->scratch = value;
638 break;
640 case TUSB_PROD_TEST_RESET:
641 s->test_reset = value;
642 break;
644 default:
645 printf("%s: unknown register at %03x\n", __FUNCTION__, offset);
646 return;
650 static CPUReadMemoryFunc * const tusb_async_readfn[] = {
651 tusb_async_readb,
652 tusb_async_readh,
653 tusb_async_readw,
656 static CPUWriteMemoryFunc * const tusb_async_writefn[] = {
657 tusb_async_writeb,
658 tusb_async_writeh,
659 tusb_async_writew,
662 static void tusb_otg_tick(void *opaque)
664 TUSBState *s = (TUSBState *) opaque;
666 s->otg_timer_val = 0;
667 s->intr |= TUSB_INT_SRC_OTG_TIMEOUT;
668 tusb_intr_update(s);
671 static void tusb_power_tick(void *opaque)
673 TUSBState *s = (TUSBState *) opaque;
675 if (s->power) {
676 s->intr_ok = ~0;
677 tusb_intr_update(s);
681 static void tusb_musb_core_intr(void *opaque, int source, int level)
683 TUSBState *s = (TUSBState *) opaque;
684 uint16_t otg_status = s->otg_status;
686 switch (source) {
687 case musb_set_vbus:
688 if (level)
689 otg_status |= TUSB_DEV_OTG_STAT_VBUS_VALID;
690 else
691 otg_status &= ~TUSB_DEV_OTG_STAT_VBUS_VALID;
693 /* XXX: only if TUSB_PHY_OTG_CTRL_OTG_VBUS_DET_EN set? */
694 /* XXX: only if TUSB_PRCM_MNGMT_OTG_VBUS_DET_EN set? */
695 if (s->otg_status != otg_status) {
696 s->otg_status = otg_status;
697 s->intr |= TUSB_INT_SRC_VBUS_SENSE_CHNG;
698 tusb_intr_update(s);
700 break;
702 case musb_set_session:
703 /* XXX: only if TUSB_PHY_OTG_CTRL_OTG_SESS_END_EN set? */
704 /* XXX: only if TUSB_PRCM_MNGMT_OTG_SESS_END_EN set? */
705 if (level) {
706 s->otg_status |= TUSB_DEV_OTG_STAT_SESS_VALID;
707 s->otg_status &= ~TUSB_DEV_OTG_STAT_SESS_END;
708 } else {
709 s->otg_status &= ~TUSB_DEV_OTG_STAT_SESS_VALID;
710 s->otg_status |= TUSB_DEV_OTG_STAT_SESS_END;
713 /* XXX: some IRQ or anything? */
714 break;
716 case musb_irq_tx:
717 case musb_irq_rx:
718 s->usbip_intr = musb_core_intr_get(s->musb);
719 /* Fall through. */
720 default:
721 if (level)
722 s->intr |= 1 << source;
723 else
724 s->intr &= ~(1 << source);
725 tusb_intr_update(s);
726 break;
730 TUSBState *tusb6010_init(qemu_irq intr)
732 TUSBState *s = qemu_mallocz(sizeof(*s));
734 s->test_reset = TUSB_PROD_TEST_RESET_VAL;
735 s->host_mode = 0;
736 s->dev_config = 0;
737 s->otg_status = 0; /* !TUSB_DEV_OTG_STAT_ID_STATUS means host mode */
738 s->power = 0;
739 s->mask = 0xffffffff;
740 s->intr = 0x00000000;
741 s->otg_timer_val = 0;
742 s->iomemtype[1] = cpu_register_io_memory(tusb_async_readfn,
743 tusb_async_writefn, s);
744 s->irq = intr;
745 s->otg_timer = qemu_new_timer(vm_clock, tusb_otg_tick, s);
746 s->pwr_timer = qemu_new_timer(vm_clock, tusb_power_tick, s);
747 s->musb = musb_init(qemu_allocate_irqs(tusb_musb_core_intr, s,
748 __musb_irq_max));
750 return s;
753 void tusb6010_power(TUSBState *s, int on)
755 if (!on)
756 s->power = 0;
757 else if (!s->power && on) {
758 s->power = 1;
760 /* Pull the interrupt down after TUSB6010 comes up. */
761 s->intr_ok = 0;
762 tusb_intr_update(s);
763 qemu_mod_timer(s->pwr_timer,
764 qemu_get_clock(vm_clock) + get_ticks_per_sec() / 2);