2 * Arm PrimeCell PL181 MultiMedia Card Interface
4 * Copyright (c) 2007 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licensed under the GPL.
10 #include "sysemu/block-backend.h"
11 #include "sysemu/blockdev.h"
12 #include "hw/sysbus.h"
15 //#define DEBUG_PL181 1
18 #define DPRINTF(fmt, ...) \
19 do { printf("pl181: " fmt , ## __VA_ARGS__); } while (0)
21 #define DPRINTF(fmt, ...) do {} while(0)
24 #define PL181_FIFO_LEN 16
26 #define TYPE_PL181 "pl181"
27 #define PL181(obj) OBJECT_CHECK(PL181State, (obj), TYPE_PL181)
29 typedef struct PL181State
{
30 SysBusDevice parent_obj
;
48 /* The linux 2.6.21 driver is buggy, and misbehaves if new data arrives
49 while it is reading the FIFO. We hack around this by deferring
50 subsequent transfers until after the driver polls the status word.
51 http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=4446/1
54 uint32_t fifo
[PL181_FIFO_LEN
];
56 /* GPIO outputs for 'card is readonly' and 'card inserted' */
57 qemu_irq cardstatus
[2];
60 static const VMStateDescription vmstate_pl181
= {
63 .minimum_version_id
= 1,
64 .fields
= (VMStateField
[]) {
65 VMSTATE_UINT32(clock
, PL181State
),
66 VMSTATE_UINT32(power
, PL181State
),
67 VMSTATE_UINT32(cmdarg
, PL181State
),
68 VMSTATE_UINT32(cmd
, PL181State
),
69 VMSTATE_UINT32(datatimer
, PL181State
),
70 VMSTATE_UINT32(datalength
, PL181State
),
71 VMSTATE_UINT32(respcmd
, PL181State
),
72 VMSTATE_UINT32_ARRAY(response
, PL181State
, 4),
73 VMSTATE_UINT32(datactrl
, PL181State
),
74 VMSTATE_UINT32(datacnt
, PL181State
),
75 VMSTATE_UINT32(status
, PL181State
),
76 VMSTATE_UINT32_ARRAY(mask
, PL181State
, 2),
77 VMSTATE_INT32(fifo_pos
, PL181State
),
78 VMSTATE_INT32(fifo_len
, PL181State
),
79 VMSTATE_INT32(linux_hack
, PL181State
),
80 VMSTATE_UINT32_ARRAY(fifo
, PL181State
, PL181_FIFO_LEN
),
85 #define PL181_CMD_INDEX 0x3f
86 #define PL181_CMD_RESPONSE (1 << 6)
87 #define PL181_CMD_LONGRESP (1 << 7)
88 #define PL181_CMD_INTERRUPT (1 << 8)
89 #define PL181_CMD_PENDING (1 << 9)
90 #define PL181_CMD_ENABLE (1 << 10)
92 #define PL181_DATA_ENABLE (1 << 0)
93 #define PL181_DATA_DIRECTION (1 << 1)
94 #define PL181_DATA_MODE (1 << 2)
95 #define PL181_DATA_DMAENABLE (1 << 3)
97 #define PL181_STATUS_CMDCRCFAIL (1 << 0)
98 #define PL181_STATUS_DATACRCFAIL (1 << 1)
99 #define PL181_STATUS_CMDTIMEOUT (1 << 2)
100 #define PL181_STATUS_DATATIMEOUT (1 << 3)
101 #define PL181_STATUS_TXUNDERRUN (1 << 4)
102 #define PL181_STATUS_RXOVERRUN (1 << 5)
103 #define PL181_STATUS_CMDRESPEND (1 << 6)
104 #define PL181_STATUS_CMDSENT (1 << 7)
105 #define PL181_STATUS_DATAEND (1 << 8)
106 #define PL181_STATUS_DATABLOCKEND (1 << 10)
107 #define PL181_STATUS_CMDACTIVE (1 << 11)
108 #define PL181_STATUS_TXACTIVE (1 << 12)
109 #define PL181_STATUS_RXACTIVE (1 << 13)
110 #define PL181_STATUS_TXFIFOHALFEMPTY (1 << 14)
111 #define PL181_STATUS_RXFIFOHALFFULL (1 << 15)
112 #define PL181_STATUS_TXFIFOFULL (1 << 16)
113 #define PL181_STATUS_RXFIFOFULL (1 << 17)
114 #define PL181_STATUS_TXFIFOEMPTY (1 << 18)
115 #define PL181_STATUS_RXFIFOEMPTY (1 << 19)
116 #define PL181_STATUS_TXDATAAVLBL (1 << 20)
117 #define PL181_STATUS_RXDATAAVLBL (1 << 21)
119 #define PL181_STATUS_TX_FIFO (PL181_STATUS_TXACTIVE \
120 |PL181_STATUS_TXFIFOHALFEMPTY \
121 |PL181_STATUS_TXFIFOFULL \
122 |PL181_STATUS_TXFIFOEMPTY \
123 |PL181_STATUS_TXDATAAVLBL)
124 #define PL181_STATUS_RX_FIFO (PL181_STATUS_RXACTIVE \
125 |PL181_STATUS_RXFIFOHALFFULL \
126 |PL181_STATUS_RXFIFOFULL \
127 |PL181_STATUS_RXFIFOEMPTY \
128 |PL181_STATUS_RXDATAAVLBL)
130 static const unsigned char pl181_id
[] =
131 { 0x81, 0x11, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
133 static void pl181_update(PL181State
*s
)
136 for (i
= 0; i
< 2; i
++) {
137 qemu_set_irq(s
->irq
[i
], (s
->status
& s
->mask
[i
]) != 0);
141 static void pl181_fifo_push(PL181State
*s
, uint32_t value
)
145 if (s
->fifo_len
== PL181_FIFO_LEN
) {
146 fprintf(stderr
, "pl181: FIFO overflow\n");
149 n
= (s
->fifo_pos
+ s
->fifo_len
) & (PL181_FIFO_LEN
- 1);
152 DPRINTF("FIFO push %08x\n", (int)value
);
155 static uint32_t pl181_fifo_pop(PL181State
*s
)
159 if (s
->fifo_len
== 0) {
160 fprintf(stderr
, "pl181: FIFO underflow\n");
163 value
= s
->fifo
[s
->fifo_pos
];
165 s
->fifo_pos
= (s
->fifo_pos
+ 1) & (PL181_FIFO_LEN
- 1);
166 DPRINTF("FIFO pop %08x\n", (int)value
);
170 static void pl181_send_command(PL181State
*s
)
173 uint8_t response
[16];
176 request
.cmd
= s
->cmd
& PL181_CMD_INDEX
;
177 request
.arg
= s
->cmdarg
;
178 DPRINTF("Command %d %08x\n", request
.cmd
, request
.arg
);
179 rlen
= sd_do_command(s
->card
, &request
, response
);
182 if (s
->cmd
& PL181_CMD_RESPONSE
) {
183 #define RWORD(n) (((uint32_t)response[n] << 24) | (response[n + 1] << 16) \
184 | (response[n + 2] << 8) | response[n + 3])
185 if (rlen
== 0 || (rlen
== 4 && (s
->cmd
& PL181_CMD_LONGRESP
)))
187 if (rlen
!= 4 && rlen
!= 16)
189 s
->response
[0] = RWORD(0);
191 s
->response
[1] = s
->response
[2] = s
->response
[3] = 0;
193 s
->response
[1] = RWORD(4);
194 s
->response
[2] = RWORD(8);
195 s
->response
[3] = RWORD(12) & ~1;
197 DPRINTF("Response received\n");
198 s
->status
|= PL181_STATUS_CMDRESPEND
;
201 DPRINTF("Command sent\n");
202 s
->status
|= PL181_STATUS_CMDSENT
;
207 DPRINTF("Timeout\n");
208 s
->status
|= PL181_STATUS_CMDTIMEOUT
;
211 /* Transfer data between the card and the FIFO. This is complicated by
212 the FIFO holding 32-bit words and the card taking data in single byte
213 chunks. FIFO bytes are transferred in little-endian order. */
215 static void pl181_fifo_run(PL181State
*s
)
222 is_read
= (s
->datactrl
& PL181_DATA_DIRECTION
) != 0;
223 if (s
->datacnt
!= 0 && (!is_read
|| sd_data_ready(s
->card
))
227 while (s
->datacnt
&& s
->fifo_len
< PL181_FIFO_LEN
) {
228 value
|= (uint32_t)sd_read_data(s
->card
) << (n
* 8);
232 pl181_fifo_push(s
, value
);
238 pl181_fifo_push(s
, value
);
242 while (s
->datacnt
> 0 && (s
->fifo_len
> 0 || n
> 0)) {
244 value
= pl181_fifo_pop(s
);
249 sd_write_data(s
->card
, value
& 0xff);
254 s
->status
&= ~(PL181_STATUS_RX_FIFO
| PL181_STATUS_TX_FIFO
);
255 if (s
->datacnt
== 0) {
256 s
->status
|= PL181_STATUS_DATAEND
;
258 s
->status
|= PL181_STATUS_DATABLOCKEND
;
259 DPRINTF("Transfer Complete\n");
261 if (s
->datacnt
== 0 && s
->fifo_len
== 0) {
262 s
->datactrl
&= ~PL181_DATA_ENABLE
;
263 DPRINTF("Data engine idle\n");
265 /* Update FIFO bits. */
266 bits
= PL181_STATUS_TXACTIVE
| PL181_STATUS_RXACTIVE
;
267 if (s
->fifo_len
== 0) {
268 bits
|= PL181_STATUS_TXFIFOEMPTY
;
269 bits
|= PL181_STATUS_RXFIFOEMPTY
;
271 bits
|= PL181_STATUS_TXDATAAVLBL
;
272 bits
|= PL181_STATUS_RXDATAAVLBL
;
274 if (s
->fifo_len
== 16) {
275 bits
|= PL181_STATUS_TXFIFOFULL
;
276 bits
|= PL181_STATUS_RXFIFOFULL
;
278 if (s
->fifo_len
<= 8) {
279 bits
|= PL181_STATUS_TXFIFOHALFEMPTY
;
281 if (s
->fifo_len
>= 8) {
282 bits
|= PL181_STATUS_RXFIFOHALFFULL
;
284 if (s
->datactrl
& PL181_DATA_DIRECTION
) {
285 bits
&= PL181_STATUS_RX_FIFO
;
287 bits
&= PL181_STATUS_TX_FIFO
;
293 static uint64_t pl181_read(void *opaque
, hwaddr offset
,
296 PL181State
*s
= (PL181State
*)opaque
;
299 if (offset
>= 0xfe0 && offset
< 0x1000) {
300 return pl181_id
[(offset
- 0xfe0) >> 2];
303 case 0x00: /* Power */
305 case 0x04: /* Clock */
307 case 0x08: /* Argument */
309 case 0x0c: /* Command */
311 case 0x10: /* RespCmd */
313 case 0x14: /* Response0 */
314 return s
->response
[0];
315 case 0x18: /* Response1 */
316 return s
->response
[1];
317 case 0x1c: /* Response2 */
318 return s
->response
[2];
319 case 0x20: /* Response3 */
320 return s
->response
[3];
321 case 0x24: /* DataTimer */
323 case 0x28: /* DataLength */
324 return s
->datalength
;
325 case 0x2c: /* DataCtrl */
327 case 0x30: /* DataCnt */
329 case 0x34: /* Status */
337 case 0x3c: /* Mask0 */
339 case 0x40: /* Mask1 */
341 case 0x48: /* FifoCnt */
342 /* The documentation is somewhat vague about exactly what FifoCnt
343 does. On real hardware it appears to be when decrememnted
344 when a word is transferred between the FIFO and the serial
345 data engine. DataCnt is decremented after each byte is
346 transferred between the serial engine and the card.
347 We don't emulate this level of detail, so both can be the same. */
348 tmp
= (s
->datacnt
+ 3) >> 2;
355 case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
356 case 0x90: case 0x94: case 0x98: case 0x9c:
357 case 0xa0: case 0xa4: case 0xa8: case 0xac:
358 case 0xb0: case 0xb4: case 0xb8: case 0xbc:
359 if (s
->fifo_len
== 0) {
360 qemu_log_mask(LOG_GUEST_ERROR
, "pl181: Unexpected FIFO read\n");
364 value
= pl181_fifo_pop(s
);
371 qemu_log_mask(LOG_GUEST_ERROR
,
372 "pl181_read: Bad offset %x\n", (int)offset
);
377 static void pl181_write(void *opaque
, hwaddr offset
,
378 uint64_t value
, unsigned size
)
380 PL181State
*s
= (PL181State
*)opaque
;
383 case 0x00: /* Power */
384 s
->power
= value
& 0xff;
386 case 0x04: /* Clock */
387 s
->clock
= value
& 0xff;
389 case 0x08: /* Argument */
392 case 0x0c: /* Command */
394 if (s
->cmd
& PL181_CMD_ENABLE
) {
395 if (s
->cmd
& PL181_CMD_INTERRUPT
) {
396 qemu_log_mask(LOG_UNIMP
,
397 "pl181: Interrupt mode not implemented\n");
398 } if (s
->cmd
& PL181_CMD_PENDING
) {
399 qemu_log_mask(LOG_UNIMP
,
400 "pl181: Pending commands not implemented\n");
402 pl181_send_command(s
);
405 /* The command has completed one way or the other. */
406 s
->cmd
&= ~PL181_CMD_ENABLE
;
409 case 0x24: /* DataTimer */
410 s
->datatimer
= value
;
412 case 0x28: /* DataLength */
413 s
->datalength
= value
& 0xffff;
415 case 0x2c: /* DataCtrl */
416 s
->datactrl
= value
& 0xff;
417 if (value
& PL181_DATA_ENABLE
) {
418 s
->datacnt
= s
->datalength
;
422 case 0x38: /* Clear */
423 s
->status
&= ~(value
& 0x7ff);
425 case 0x3c: /* Mask0 */
428 case 0x40: /* Mask1 */
431 case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
432 case 0x90: case 0x94: case 0x98: case 0x9c:
433 case 0xa0: case 0xa4: case 0xa8: case 0xac:
434 case 0xb0: case 0xb4: case 0xb8: case 0xbc:
435 if (s
->datacnt
== 0) {
436 qemu_log_mask(LOG_GUEST_ERROR
, "pl181: Unexpected FIFO write\n");
438 pl181_fifo_push(s
, value
);
443 qemu_log_mask(LOG_GUEST_ERROR
,
444 "pl181_write: Bad offset %x\n", (int)offset
);
449 static const MemoryRegionOps pl181_ops
= {
451 .write
= pl181_write
,
452 .endianness
= DEVICE_NATIVE_ENDIAN
,
455 static void pl181_reset(DeviceState
*d
)
457 PL181State
*s
= PL181(d
);
478 /* We can assume our GPIO outputs have been wired up now */
479 sd_set_cb(s
->card
, s
->cardstatus
[0], s
->cardstatus
[1]);
482 static int pl181_init(SysBusDevice
*sbd
)
484 DeviceState
*dev
= DEVICE(sbd
);
485 PL181State
*s
= PL181(dev
);
488 memory_region_init_io(&s
->iomem
, OBJECT(s
), &pl181_ops
, s
, "pl181", 0x1000);
489 sysbus_init_mmio(sbd
, &s
->iomem
);
490 sysbus_init_irq(sbd
, &s
->irq
[0]);
491 sysbus_init_irq(sbd
, &s
->irq
[1]);
492 qdev_init_gpio_out(dev
, s
->cardstatus
, 2);
493 /* FIXME use a qdev drive property instead of drive_get_next() */
494 dinfo
= drive_get_next(IF_SD
);
495 s
->card
= sd_init(dinfo
? blk_by_legacy_dinfo(dinfo
) : NULL
, false);
496 if (s
->card
== NULL
) {
503 static void pl181_class_init(ObjectClass
*klass
, void *data
)
505 SysBusDeviceClass
*sdc
= SYS_BUS_DEVICE_CLASS(klass
);
506 DeviceClass
*k
= DEVICE_CLASS(klass
);
508 sdc
->init
= pl181_init
;
509 k
->vmsd
= &vmstate_pl181
;
510 k
->reset
= pl181_reset
;
511 /* Reason: init() method uses drive_get_next() */
512 k
->cannot_instantiate_with_device_add_yet
= true;
515 static const TypeInfo pl181_info
= {
517 .parent
= TYPE_SYS_BUS_DEVICE
,
518 .instance_size
= sizeof(PL181State
),
519 .class_init
= pl181_class_init
,
522 static void pl181_register_types(void)
524 type_register_static(&pl181_info
);
527 type_init(pl181_register_types
)