search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
target/arm: Deliver BKPT/BRK exceptions to correct exception level
[qemu/ar7.git] / hw / misc / bcm2835_mbox.c
bloba87da5ee533c95b932905f3ded0de0342cb83229
1 /*
2 * Raspberry Pi emulation (c) 2012 Gregory Estrade
3 * This code is licensed under the GNU GPLv2 and later.
4 *
5 * This file models the system mailboxes, which are used for
6 * communication with low-bandwidth GPU peripherals. Refs:
7 * https://github.com/raspberrypi/firmware/wiki/Mailboxes
8 * https://github.com/raspberrypi/firmware/wiki/Accessing-mailboxes
9 */
10
11 #include "qemu/osdep.h"
12 #include "qapi/error.h"
13 #include "hw/misc/bcm2835_mbox.h"
14 #include "qemu/log.h"
15 #include "qemu/module.h"
16
17 #define MAIL0_PEEK 0x90
18 #define MAIL0_SENDER 0x94
19 #define MAIL1_STATUS 0xb8
20
21 /* Mailbox status register */
22 #define MAIL0_STATUS 0x98
23 #define ARM_MS_FULL 0x80000000
24 #define ARM_MS_EMPTY 0x40000000
25 #define ARM_MS_LEVEL 0x400000FF /* Max. value depends on mailbox depth */
26
27 /* MAILBOX config/status register */
28 #define MAIL0_CONFIG 0x9c
29 /* ANY write to this register clears the error bits! */
30 #define ARM_MC_IHAVEDATAIRQEN 0x00000001 /* mbox irq enable: has data */
31 #define ARM_MC_IHAVESPACEIRQEN 0x00000002 /* mbox irq enable: has space */
32 #define ARM_MC_OPPISEMPTYIRQEN 0x00000004 /* mbox irq enable: Opp is empty */
33 #define ARM_MC_MAIL_CLEAR 0x00000008 /* mbox clear write 1, then 0 */
34 #define ARM_MC_IHAVEDATAIRQPEND 0x00000010 /* mbox irq pending: has space */
35 #define ARM_MC_IHAVESPACEIRQPEND 0x00000020 /* mbox irq pending: Opp is empty */
36 #define ARM_MC_OPPISEMPTYIRQPEND 0x00000040 /* mbox irq pending */
37 /* Bit 7 is unused */
38 #define ARM_MC_ERRNOOWN 0x00000100 /* error : none owner read from mailbox */
39 #define ARM_MC_ERROVERFLW 0x00000200 /* error : write to fill mailbox */
40 #define ARM_MC_ERRUNDRFLW 0x00000400 /* error : read from empty mailbox */
41
42 static void mbox_update_status(BCM2835Mbox *mb)
43 {
44 mb->status &= ~(ARM_MS_EMPTY | ARM_MS_FULL);
45 if (mb->count == 0) {
46 mb->status |= ARM_MS_EMPTY;
47 } else if (mb->count == MBOX_SIZE) {
48 mb->status |= ARM_MS_FULL;
49 }
50 }
51
52 static void mbox_reset(BCM2835Mbox *mb)
53 {
54 int n;
55
56 mb->count = 0;
57 mb->config = 0;
58 for (n = 0; n < MBOX_SIZE; n++) {
59 mb->reg[n] = MBOX_INVALID_DATA;
60 }
61 mbox_update_status(mb);
62 }
63
64 static uint32_t mbox_pull(BCM2835Mbox *mb, int index)
65 {
66 int n;
67 uint32_t val;
68
69 assert(mb->count > 0);
70 assert(index < mb->count);
71
72 val = mb->reg[index];
73 for (n = index + 1; n < mb->count; n++) {
74 mb->reg[n - 1] = mb->reg[n];
75 }
76 mb->count--;
77 mb->reg[mb->count] = MBOX_INVALID_DATA;
78
79 mbox_update_status(mb);
80
81 return val;
82 }
83
84 static void mbox_push(BCM2835Mbox *mb, uint32_t val)
85 {
86 assert(mb->count < MBOX_SIZE);
87 mb->reg[mb->count++] = val;
88 mbox_update_status(mb);
89 }
90
91 static void bcm2835_mbox_update(BCM2835MboxState *s)
92 {
93 uint32_t value;
94 bool set;
95 int n;
96
97 s->mbox_irq_disabled = true;
98
99 /* Get pending responses and put them in the vc->arm mbox,
100 * as long as it's not full
101 */
102 for (n = 0; n < MBOX_CHAN_COUNT; n++) {
103 while (s->available[n] && !(s->mbox[0].status & ARM_MS_FULL)) {
104 value = ldl_le_phys(&s->mbox_as, n << MBOX_AS_CHAN_SHIFT);
105 assert(value != MBOX_INVALID_DATA); /* Pending interrupt but no data */
106 mbox_push(&s->mbox[0], value);
107 }
108 }
109
110 /* TODO (?): Try to push pending requests from the arm->vc mbox */
111
112 /* Re-enable calls from the IRQ routine */
113 s->mbox_irq_disabled = false;
114
115 /* Update ARM IRQ status */
116 set = false;
117 s->mbox[0].config &= ~ARM_MC_IHAVEDATAIRQPEND;
118 if (!(s->mbox[0].status & ARM_MS_EMPTY)) {
119 s->mbox[0].config |= ARM_MC_IHAVEDATAIRQPEND;
120 if (s->mbox[0].config & ARM_MC_IHAVEDATAIRQEN) {
121 set = true;
122 }
123 }
124 qemu_set_irq(s->arm_irq, set);
125 }
126
127 static void bcm2835_mbox_set_irq(void *opaque, int irq, int level)
128 {
129 BCM2835MboxState *s = opaque;
130
131 s->available[irq] = level;
132
133 /* avoid recursively calling bcm2835_mbox_update when the interrupt
134 * status changes due to the ldl_phys call within that function
135 */
136 if (!s->mbox_irq_disabled) {
137 bcm2835_mbox_update(s);
138 }
139 }
140
141 static uint64_t bcm2835_mbox_read(void *opaque, hwaddr offset, unsigned size)
142 {
143 BCM2835MboxState *s = opaque;
144 uint32_t res = 0;
145
146 offset &= 0xff;
147
148 switch (offset) {
149 case 0x80 ... 0x8c: /* MAIL0_READ */
150 if (s->mbox[0].status & ARM_MS_EMPTY) {
151 res = MBOX_INVALID_DATA;
152 } else {
153 res = mbox_pull(&s->mbox[0], 0);
154 }
155 break;
156
157 case MAIL0_PEEK:
158 res = s->mbox[0].reg[0];
159 break;
160
161 case MAIL0_SENDER:
162 break;
163
164 case MAIL0_STATUS:
165 res = s->mbox[0].status;
166 break;
167
168 case MAIL0_CONFIG:
169 res = s->mbox[0].config;
170 break;
171
172 case MAIL1_STATUS:
173 res = s->mbox[1].status;
174 break;
175
176 default:
177 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset %"HWADDR_PRIx"\n",
178 __func__, offset);
179 return 0;
180 }
181
182 bcm2835_mbox_update(s);
183
184 return res;
185 }
186
187 static void bcm2835_mbox_write(void *opaque, hwaddr offset,
188 uint64_t value, unsigned size)
189 {
190 BCM2835MboxState *s = opaque;
191 hwaddr childaddr;
192 uint8_t ch;
193
194 offset &= 0xff;
195
196 switch (offset) {
197 case MAIL0_SENDER:
198 break;
199
200 case MAIL0_CONFIG:
201 s->mbox[0].config &= ~ARM_MC_IHAVEDATAIRQEN;
202 s->mbox[0].config |= value & ARM_MC_IHAVEDATAIRQEN;
203 break;
204
205 case 0xa0 ... 0xac: /* MAIL1_WRITE */
206 if (s->mbox[1].status & ARM_MS_FULL) {
207 /* Mailbox full */
208 qemu_log_mask(LOG_GUEST_ERROR, "%s: mailbox full\n", __func__);
209 } else {
210 ch = value & 0xf;
211 if (ch < MBOX_CHAN_COUNT) {
212 childaddr = ch << MBOX_AS_CHAN_SHIFT;
213 if (ldl_le_phys(&s->mbox_as, childaddr + MBOX_AS_PENDING)) {
214 /* Child busy, push delayed. Push it in the arm->vc mbox */
215 mbox_push(&s->mbox[1], value);
216 } else {
217 /* Push it directly to the child device */
218 stl_le_phys(&s->mbox_as, childaddr, value);
219 }
220 } else {
221 /* Invalid channel number */
222 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid channel %u\n",
223 __func__, ch);
224 }
225 }
226 break;
227
228 default:
229 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset %"HWADDR_PRIx"\n",
230 __func__, offset);
231 return;
232 }
233
234 bcm2835_mbox_update(s);
235 }
236
237 static const MemoryRegionOps bcm2835_mbox_ops = {
238 .read = bcm2835_mbox_read,
239 .write = bcm2835_mbox_write,
240 .endianness = DEVICE_NATIVE_ENDIAN,
241 .valid.min_access_size = 4,
242 .valid.max_access_size = 4,
243 };
244
245 /* vmstate of a single mailbox */
246 static const VMStateDescription vmstate_bcm2835_mbox_box = {
247 .name = TYPE_BCM2835_MBOX "_box",
248 .version_id = 1,
249 .minimum_version_id = 1,
250 .fields = (VMStateField[]) {
251 VMSTATE_UINT32_ARRAY(reg, BCM2835Mbox, MBOX_SIZE),
252 VMSTATE_UINT32(count, BCM2835Mbox),
253 VMSTATE_UINT32(status, BCM2835Mbox),
254 VMSTATE_UINT32(config, BCM2835Mbox),
255 VMSTATE_END_OF_LIST()
256 }
257 };
258
259 /* vmstate of the entire device */
260 static const VMStateDescription vmstate_bcm2835_mbox = {
261 .name = TYPE_BCM2835_MBOX,
262 .version_id = 1,
263 .minimum_version_id = 1,
264 .minimum_version_id_old = 1,
265 .fields = (VMStateField[]) {
266 VMSTATE_BOOL_ARRAY(available, BCM2835MboxState, MBOX_CHAN_COUNT),
267 VMSTATE_STRUCT_ARRAY(mbox, BCM2835MboxState, 2, 1,
268 vmstate_bcm2835_mbox_box, BCM2835Mbox),
269 VMSTATE_END_OF_LIST()
270 }
271 };
272
273 static void bcm2835_mbox_init(Object *obj)
274 {
275 BCM2835MboxState *s = BCM2835_MBOX(obj);
276
277 memory_region_init_io(&s->iomem, obj, &bcm2835_mbox_ops, s,
278 TYPE_BCM2835_MBOX, 0x400);
279 sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem);
280 sysbus_init_irq(SYS_BUS_DEVICE(s), &s->arm_irq);
281 qdev_init_gpio_in(DEVICE(s), bcm2835_mbox_set_irq, MBOX_CHAN_COUNT);
282 }
283
284 static void bcm2835_mbox_reset(DeviceState *dev)
285 {
286 BCM2835MboxState *s = BCM2835_MBOX(dev);
287 int n;
288
289 mbox_reset(&s->mbox[0]);
290 mbox_reset(&s->mbox[1]);
291 s->mbox_irq_disabled = false;
292 for (n = 0; n < MBOX_CHAN_COUNT; n++) {
293 s->available[n] = false;
294 }
295 }
296
297 static void bcm2835_mbox_realize(DeviceState *dev, Error **errp)
298 {
299 BCM2835MboxState *s = BCM2835_MBOX(dev);
300 Object *obj;
301 Error *err = NULL;
302
303 obj = object_property_get_link(OBJECT(dev), "mbox-mr", &err);
304 if (obj == NULL) {
305 error_setg(errp, "%s: required mbox-mr link not found: %s",
306 __func__, error_get_pretty(err));
307 return;
308 }
309
310 s->mbox_mr = MEMORY_REGION(obj);
311 address_space_init(&s->mbox_as, s->mbox_mr, NULL);
312 bcm2835_mbox_reset(dev);
313 }
314
315 static void bcm2835_mbox_class_init(ObjectClass *klass, void *data)
316 {
317 DeviceClass *dc = DEVICE_CLASS(klass);
318
319 dc->realize = bcm2835_mbox_realize;
320 dc->reset = bcm2835_mbox_reset;
321 dc->vmsd = &vmstate_bcm2835_mbox;
322 }
323
324 static TypeInfo bcm2835_mbox_info = {
325 .name = TYPE_BCM2835_MBOX,
326 .parent = TYPE_SYS_BUS_DEVICE,
327 .instance_size = sizeof(BCM2835MboxState),
328 .class_init = bcm2835_mbox_class_init,
329 .instance_init = bcm2835_mbox_init,
330 };
331
332 static void bcm2835_mbox_register_types(void)
333 {
334 type_register_static(&bcm2835_mbox_info);
335 }
336
337 type_init(bcm2835_mbox_register_types)
AR7 emulation for QEMU