search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ppc/pnv: check size before data buffer access
[qemu/ar7.git] / hw / net / can / can_sja1000.c
blob9a85038c8ad0095472bc6db39554d4bce53cd593
1 /*
2 * CAN device - SJA1000 chip emulation for QEMU
3 *
4 * Copyright (c) 2013-2014 Jin Yang
5 * Copyright (c) 2014-2018 Pavel Pisa
6 *
7 * Initial development supported by Google GSoC 2013 from RTEMS project slot
8 *
9 * Permission is hereby granted, free of charge, to any person obtaining a copy
10 * of this software and associated documentation files (the "Software"), to deal
11 * in the Software without restriction, including without limitation the rights
12 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
13 * copies of the Software, and to permit persons to whom the Software is
14 * furnished to do so, subject to the following conditions:
15 *
16 * The above copyright notice and this permission notice shall be included in
17 * all copies or substantial portions of the Software.
18 *
19 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
22 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
23 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
24 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25 * THE SOFTWARE.
26 */
27 #include "qemu/osdep.h"
28 #include "qemu/log.h"
29 #include "chardev/char.h"
30 #include "hw/hw.h"
31 #include "net/can_emu.h"
32
33 #include "can_sja1000.h"
34
35 #ifndef DEBUG_FILTER
36 #define DEBUG_FILTER 0
37 #endif /*DEBUG_FILTER*/
38
39 #ifndef DEBUG_CAN
40 #define DEBUG_CAN 0
41 #endif /*DEBUG_CAN*/
42
43 #define DPRINTF(fmt, ...) \
44 do { \
45 if (DEBUG_CAN) { \
46 qemu_log("[cansja]: " fmt , ## __VA_ARGS__); \
47 } \
48 } while (0)
49
50 static void can_sja_software_reset(CanSJA1000State *s)
51 {
52 s->mode &= ~0x31;
53 s->mode |= 0x01;
54 s->status_pel &= ~0x37;
55 s->status_pel |= 0x34;
56
57 s->rxbuf_start = 0x00;
58 s->rxmsg_cnt = 0x00;
59 s->rx_cnt = 0x00;
60 }
61
62 void can_sja_hardware_reset(CanSJA1000State *s)
63 {
64 /* Reset by hardware, p10 */
65 s->mode = 0x01;
66 s->status_pel = 0x3c;
67 s->interrupt_pel = 0x00;
68 s->clock = 0x00;
69 s->rxbuf_start = 0x00;
70 s->rxmsg_cnt = 0x00;
71 s->rx_cnt = 0x00;
72
73 s->control = 0x01;
74 s->status_bas = 0x0c;
75 s->interrupt_bas = 0x00;
76
77 qemu_irq_lower(s->irq);
78 }
79
80 static
81 void can_sja_single_filter(struct qemu_can_filter *filter,
82 const uint8_t *acr, const uint8_t *amr, int extended)
83 {
84 if (extended) {
85 filter->can_id = (uint32_t)acr[0] << 21;
86 filter->can_id |= (uint32_t)acr[1] << 13;
87 filter->can_id |= (uint32_t)acr[2] << 5;
88 filter->can_id |= (uint32_t)acr[3] >> 3;
89 if (acr[3] & 4) {
90 filter->can_id |= QEMU_CAN_RTR_FLAG;
91 }
92
93 filter->can_mask = (uint32_t)amr[0] << 21;
94 filter->can_mask |= (uint32_t)amr[1] << 13;
95 filter->can_mask |= (uint32_t)amr[2] << 5;
96 filter->can_mask |= (uint32_t)amr[3] >> 3;
97 filter->can_mask = ~filter->can_mask & QEMU_CAN_EFF_MASK;
98 if (!(amr[3] & 4)) {
99 filter->can_mask |= QEMU_CAN_RTR_FLAG;
100 }
101 } else {
102 filter->can_id = (uint32_t)acr[0] << 3;
103 filter->can_id |= (uint32_t)acr[1] >> 5;
104 if (acr[1] & 0x10) {
105 filter->can_id |= QEMU_CAN_RTR_FLAG;
106 }
107
108 filter->can_mask = (uint32_t)amr[0] << 3;
109 filter->can_mask |= (uint32_t)amr[1] << 5;
110 filter->can_mask = ~filter->can_mask & QEMU_CAN_SFF_MASK;
111 if (!(amr[1] & 0x10)) {
112 filter->can_mask |= QEMU_CAN_RTR_FLAG;
113 }
114 }
115 }
116
117 static
118 void can_sja_dual_filter(struct qemu_can_filter *filter,
119 const uint8_t *acr, const uint8_t *amr, int extended)
120 {
121 if (extended) {
122 filter->can_id = (uint32_t)acr[0] << 21;
123 filter->can_id |= (uint32_t)acr[1] << 13;
124
125 filter->can_mask = (uint32_t)amr[0] << 21;
126 filter->can_mask |= (uint32_t)amr[1] << 13;
127 filter->can_mask = ~filter->can_mask & QEMU_CAN_EFF_MASK & ~0x1fff;
128 } else {
129 filter->can_id = (uint32_t)acr[0] << 3;
130 filter->can_id |= (uint32_t)acr[1] >> 5;
131 if (acr[1] & 0x10) {
132 filter->can_id |= QEMU_CAN_RTR_FLAG;
133 }
134
135 filter->can_mask = (uint32_t)amr[0] << 3;
136 filter->can_mask |= (uint32_t)amr[1] >> 5;
137 filter->can_mask = ~filter->can_mask & QEMU_CAN_SFF_MASK;
138 if (!(amr[1] & 0x10)) {
139 filter->can_mask |= QEMU_CAN_RTR_FLAG;
140 }
141 }
142 }
143
144 /* Details in DS-p22, what we need to do here is to test the data. */
145 static
146 int can_sja_accept_filter(CanSJA1000State *s,
147 const qemu_can_frame *frame)
148 {
149
150 struct qemu_can_filter filter;
151
152 if (s->clock & 0x80) { /* PeliCAN Mode */
153 if (s->mode & (1 << 3)) { /* Single mode. */
154 if (frame->can_id & QEMU_CAN_EFF_FLAG) { /* EFF */
155 can_sja_single_filter(&filter,
156 s->code_mask + 0, s->code_mask + 4, 1);
157
158 if (!can_bus_filter_match(&filter, frame->can_id)) {
159 return 0;
160 }
161 } else { /* SFF */
162 can_sja_single_filter(&filter,
163 s->code_mask + 0, s->code_mask + 4, 0);
164
165 if (!can_bus_filter_match(&filter, frame->can_id)) {
166 return 0;
167 }
168
169 if (frame->can_id & QEMU_CAN_RTR_FLAG) { /* RTR */
170 return 1;
171 }
172
173 if (frame->can_dlc == 0) {
174 return 1;
175 }
176
177 if ((frame->data[0] & ~(s->code_mask[6])) !=
178 (s->code_mask[2] & ~(s->code_mask[6]))) {
179 return 0;
180 }
181
182 if (frame->can_dlc < 2) {
183 return 1;
184 }
185
186 if ((frame->data[1] & ~(s->code_mask[7])) ==
187 (s->code_mask[3] & ~(s->code_mask[7]))) {
188 return 1;
189 }
190
191 return 0;
192 }
193 } else { /* Dual mode */
194 if (frame->can_id & QEMU_CAN_EFF_FLAG) { /* EFF */
195 can_sja_dual_filter(&filter,
196 s->code_mask + 0, s->code_mask + 4, 1);
197
198 if (can_bus_filter_match(&filter, frame->can_id)) {
199 return 1;
200 }
201
202 can_sja_dual_filter(&filter,
203 s->code_mask + 2, s->code_mask + 6, 1);
204
205 if (can_bus_filter_match(&filter, frame->can_id)) {
206 return 1;
207 }
208
209 return 0;
210 } else {
211 can_sja_dual_filter(&filter,
212 s->code_mask + 0, s->code_mask + 4, 0);
213
214 if (can_bus_filter_match(&filter, frame->can_id)) {
215 uint8_t expect;
216 uint8_t mask;
217 expect = s->code_mask[1] << 4;
218 expect |= s->code_mask[3] & 0x0f;
219
220 mask = s->code_mask[5] << 4;
221 mask |= s->code_mask[7] & 0x0f;
222 mask = ~mask & 0xff;
223
224 if ((frame->data[0] & mask) ==
225 (expect & mask)) {
226 return 1;
227 }
228 }
229
230 can_sja_dual_filter(&filter,
231 s->code_mask + 2, s->code_mask + 6, 0);
232
233 if (can_bus_filter_match(&filter, frame->can_id)) {
234 return 1;
235 }
236
237 return 0;
238 }
239 }
240 }
241
242 return 1;
243 }
244
245 static void can_display_msg(const char *prefix, const qemu_can_frame *msg)
246 {
247 int i;
248
249 qemu_log_lock();
250 qemu_log("%s%03X [%01d] %s %s",
251 prefix,
252 msg->can_id & QEMU_CAN_EFF_MASK,
253 msg->can_dlc,
254 msg->can_id & QEMU_CAN_EFF_FLAG ? "EFF" : "SFF",
255 msg->can_id & QEMU_CAN_RTR_FLAG ? "RTR" : "DAT");
256
257 for (i = 0; i < msg->can_dlc; i++) {
258 qemu_log(" %02X", msg->data[i]);
259 }
260 qemu_log("\n");
261 qemu_log_flush();
262 qemu_log_unlock();
263 }
264
265 static void buff2frame_pel(const uint8_t *buff, qemu_can_frame *frame)
266 {
267 uint8_t i;
268
269 frame->can_id = 0;
270 if (buff[0] & 0x40) { /* RTR */
271 frame->can_id = QEMU_CAN_RTR_FLAG;
272 }
273 frame->can_dlc = buff[0] & 0x0f;
274
275 if (buff[0] & 0x80) { /* Extended */
276 frame->can_id |= QEMU_CAN_EFF_FLAG;
277 frame->can_id |= buff[1] << 21; /* ID.28~ID.21 */
278 frame->can_id |= buff[2] << 13; /* ID.20~ID.13 */
279 frame->can_id |= buff[3] << 5;
280 frame->can_id |= buff[4] >> 3;
281 for (i = 0; i < frame->can_dlc; i++) {
282 frame->data[i] = buff[5 + i];
283 }
284 for (; i < 8; i++) {
285 frame->data[i] = 0;
286 }
287 } else {
288 frame->can_id |= buff[1] << 3;
289 frame->can_id |= buff[2] >> 5;
290 for (i = 0; i < frame->can_dlc; i++) {
291 frame->data[i] = buff[3 + i];
292 }
293 for (; i < 8; i++) {
294 frame->data[i] = 0;
295 }
296 }
297 }
298
299
300 static void buff2frame_bas(const uint8_t *buff, qemu_can_frame *frame)
301 {
302 uint8_t i;
303
304 frame->can_id = ((buff[0] << 3) & (0xff << 3)) + ((buff[1] >> 5) & 0x07);
305 if (buff[1] & 0x10) { /* RTR */
306 frame->can_id = QEMU_CAN_RTR_FLAG;
307 }
308 frame->can_dlc = buff[1] & 0x0f;
309
310 for (i = 0; i < frame->can_dlc; i++) {
311 frame->data[i] = buff[2 + i];
312 }
313 for (; i < 8; i++) {
314 frame->data[i] = 0;
315 }
316 }
317
318
319 static int frame2buff_pel(const qemu_can_frame *frame, uint8_t *buff)
320 {
321 int i;
322
323 if (frame->can_id & QEMU_CAN_ERR_FLAG) { /* error frame, NOT support now. */
324 return -1;
325 }
326
327 buff[0] = 0x0f & frame->can_dlc; /* DLC */
328 if (frame->can_id & QEMU_CAN_RTR_FLAG) { /* RTR */
329 buff[0] |= (1 << 6);
330 }
331 if (frame->can_id & QEMU_CAN_EFF_FLAG) { /* EFF */
332 buff[0] |= (1 << 7);
333 buff[1] = extract32(frame->can_id, 21, 8); /* ID.28~ID.21 */
334 buff[2] = extract32(frame->can_id, 13, 8); /* ID.20~ID.13 */
335 buff[3] = extract32(frame->can_id, 5, 8); /* ID.12~ID.05 */
336 buff[4] = extract32(frame->can_id, 0, 5) << 3; /* ID.04~ID.00,xxx */
337 for (i = 0; i < frame->can_dlc; i++) {
338 buff[5 + i] = frame->data[i];
339 }
340 return frame->can_dlc + 5;
341 } else { /* SFF */
342 buff[1] = extract32(frame->can_id, 3, 8); /* ID.10~ID.03 */
343 buff[2] = extract32(frame->can_id, 0, 3) << 5; /* ID.02~ID.00,xxxxx */
344 for (i = 0; i < frame->can_dlc; i++) {
345 buff[3 + i] = frame->data[i];
346 }
347
348 return frame->can_dlc + 3;
349 }
350
351 return -1;
352 }
353
354 static int frame2buff_bas(const qemu_can_frame *frame, uint8_t *buff)
355 {
356 int i;
357
358 /*
359 * EFF, no support for BasicMode
360 * No use for Error frames now,
361 * they could be used in future to update SJA1000 error state
362 */
363 if ((frame->can_id & QEMU_CAN_EFF_FLAG) ||
364 (frame->can_id & QEMU_CAN_ERR_FLAG)) {
365 return -1;
366 }
367
368 buff[0] = extract32(frame->can_id, 3, 8); /* ID.10~ID.03 */
369 buff[1] = extract32(frame->can_id, 0, 3) << 5; /* ID.02~ID.00,xxxxx */
370 if (frame->can_id & QEMU_CAN_RTR_FLAG) { /* RTR */
371 buff[1] |= (1 << 4);
372 }
373 buff[1] |= frame->can_dlc & 0x0f;
374 for (i = 0; i < frame->can_dlc; i++) {
375 buff[2 + i] = frame->data[i];
376 }
377
378 return frame->can_dlc + 2;
379 }
380
381 static void can_sja_update_pel_irq(CanSJA1000State *s)
382 {
383 if (s->interrupt_en & s->interrupt_pel) {
384 qemu_irq_raise(s->irq);
385 } else {
386 qemu_irq_lower(s->irq);
387 }
388 }
389
390 static void can_sja_update_bas_irq(CanSJA1000State *s)
391 {
392 if ((s->control >> 1) & s->interrupt_bas) {
393 qemu_irq_raise(s->irq);
394 } else {
395 qemu_irq_lower(s->irq);
396 }
397 }
398
399 void can_sja_mem_write(CanSJA1000State *s, hwaddr addr, uint64_t val,
400 unsigned size)
401 {
402 qemu_can_frame frame;
403 uint32_t tmp;
404 uint8_t tmp8, count;
405
406
407 DPRINTF("write 0x%02llx addr 0x%02x\n",
408 (unsigned long long)val, (unsigned int)addr);
409
410 if (addr > CAN_SJA_MEM_SIZE) {
411 return ;
412 }
413
414 if (s->clock & 0x80) { /* PeliCAN Mode */
415 switch (addr) {
416 case SJA_MOD: /* Mode register */
417 s->mode = 0x1f & val;
418 if ((s->mode & 0x01) && ((val & 0x01) == 0)) {
419 /* Go to operation mode from reset mode. */
420 if (s->mode & (1 << 3)) { /* Single mode. */
421 /* For EFF */
422 can_sja_single_filter(&s->filter[0],
423 s->code_mask + 0, s->code_mask + 4, 1);
424
425 /* For SFF */
426 can_sja_single_filter(&s->filter[1],
427 s->code_mask + 0, s->code_mask + 4, 0);
428
429 can_bus_client_set_filters(&s->bus_client, s->filter, 2);
430 } else { /* Dual mode */
431 /* For EFF */
432 can_sja_dual_filter(&s->filter[0],
433 s->code_mask + 0, s->code_mask + 4, 1);
434
435 can_sja_dual_filter(&s->filter[1],
436 s->code_mask + 2, s->code_mask + 6, 1);
437
438 /* For SFF */
439 can_sja_dual_filter(&s->filter[2],
440 s->code_mask + 0, s->code_mask + 4, 0);
441
442 can_sja_dual_filter(&s->filter[3],
443 s->code_mask + 2, s->code_mask + 6, 0);
444
445 can_bus_client_set_filters(&s->bus_client, s->filter, 4);
446 }
447
448 s->rxmsg_cnt = 0;
449 s->rx_cnt = 0;
450 }
451 break;
452
453 case SJA_CMR: /* Command register. */
454 if (0x01 & val) { /* Send transmission request. */
455 buff2frame_pel(s->tx_buff, &frame);
456 if (DEBUG_FILTER) {
457 can_display_msg("[cansja]: Tx request " , &frame);
458 }
459
460 /*
461 * Clear transmission complete status,
462 * and Transmit Buffer Status.
463 * write to the backends.
464 */
465 s->status_pel &= ~(3 << 2);
466
467 can_bus_client_send(&s->bus_client, &frame, 1);
468
469 /*
470 * Set transmission complete status
471 * and Transmit Buffer Status.
472 */
473 s->status_pel |= (3 << 2);
474
475 /* Clear transmit status. */
476 s->status_pel &= ~(1 << 5);
477 s->interrupt_pel |= 0x02;
478 can_sja_update_pel_irq(s);
479 }
480 if (0x04 & val) { /* Release Receive Buffer */
481 if (s->rxmsg_cnt <= 0) {
482 break;
483 }
484
485 tmp8 = s->rx_buff[s->rxbuf_start]; count = 0;
486 if (tmp8 & (1 << 7)) { /* EFF */
487 count += 2;
488 }
489 count += 3;
490 if (!(tmp8 & (1 << 6))) { /* DATA */
491 count += (tmp8 & 0x0f);
492 }
493
494 if (DEBUG_FILTER) {
495 qemu_log("[cansja]: message released from "
496 "Rx FIFO cnt=%d, count=%d\n", s->rx_cnt, count);
497 }
498
499 s->rxbuf_start += count;
500 s->rxbuf_start %= SJA_RCV_BUF_LEN;
501
502 s->rx_cnt -= count;
503 s->rxmsg_cnt--;
504 if (s->rxmsg_cnt == 0) {
505 s->status_pel &= ~(1 << 0);
506 s->interrupt_pel &= ~(1 << 0);
507 can_sja_update_pel_irq(s);
508 }
509 }
510 if (0x08 & val) { /* Clear data overrun */
511 s->status_pel &= ~(1 << 1);
512 s->interrupt_pel &= ~(1 << 3);
513 can_sja_update_pel_irq(s);
514 }
515 break;
516 case SJA_SR: /* Status register */
517 case SJA_IR: /* Interrupt register */
518 break; /* Do nothing */
519 case SJA_IER: /* Interrupt enable register */
520 s->interrupt_en = val;
521 break;
522 case 16: /* RX frame information addr16-28. */
523 s->status_pel |= (1 << 5); /* Set transmit status. */
524 case 17 ... 28:
525 if (s->mode & 0x01) { /* Reset mode */
526 if (addr < 24) {
527 s->code_mask[addr - 16] = val;
528 }
529 } else { /* Operation mode */
530 s->tx_buff[addr - 16] = val; /* Store to TX buffer directly. */
531 }
532 break;
533 case SJA_CDR:
534 s->clock = val;
535 break;
536 }
537 } else { /* Basic Mode */
538 switch (addr) {
539 case SJA_BCAN_CTR: /* Control register, addr 0 */
540 if ((s->control & 0x01) && ((val & 0x01) == 0)) {
541 /* Go to operation mode from reset mode. */
542 s->filter[0].can_id = (s->code << 3) & (0xff << 3);
543 tmp = (~(s->mask << 3)) & (0xff << 3);
544 tmp |= QEMU_CAN_EFF_FLAG; /* Only Basic CAN Frame. */
545 s->filter[0].can_mask = tmp;
546 can_bus_client_set_filters(&s->bus_client, s->filter, 1);
547
548 s->rxmsg_cnt = 0;
549 s->rx_cnt = 0;
550 } else if (!(s->control & 0x01) && !(val & 0x01)) {
551 can_sja_software_reset(s);
552 }
553
554 s->control = 0x1f & val;
555 break;
556 case SJA_BCAN_CMR: /* Command register, addr 1 */
557 if (0x01 & val) { /* Send transmission request. */
558 buff2frame_bas(s->tx_buff, &frame);
559 if (DEBUG_FILTER) {
560 can_display_msg("[cansja]: Tx request " , &frame);
561 }
562
563 /*
564 * Clear transmission complete status,
565 * and Transmit Buffer Status.
566 */
567 s->status_bas &= ~(3 << 2);
568
569 /* write to the backends. */
570 can_bus_client_send(&s->bus_client, &frame, 1);
571
572 /*
573 * Set transmission complete status,
574 * and Transmit Buffer Status.
575 */
576 s->status_bas |= (3 << 2);
577
578 /* Clear transmit status. */
579 s->status_bas &= ~(1 << 5);
580 s->interrupt_bas |= 0x02;
581 can_sja_update_bas_irq(s);
582 }
583 if (0x04 & val) { /* Release Receive Buffer */
584 if (s->rxmsg_cnt <= 0) {
585 break;
586 }
587
588 tmp8 = s->rx_buff[(s->rxbuf_start + 1) % SJA_RCV_BUF_LEN];
589 count = 2 + (tmp8 & 0x0f);
590
591 if (DEBUG_FILTER) {
592 qemu_log("[cansja]: message released from "
593 "Rx FIFO cnt=%d, count=%d\n", s->rx_cnt, count);
594 }
595
596 s->rxbuf_start += count;
597 s->rxbuf_start %= SJA_RCV_BUF_LEN;
598 s->rx_cnt -= count;
599 s->rxmsg_cnt--;
600
601 if (s->rxmsg_cnt == 0) {
602 s->status_bas &= ~(1 << 0);
603 s->interrupt_bas &= ~(1 << 0);
604 can_sja_update_bas_irq(s);
605 }
606 }
607 if (0x08 & val) { /* Clear data overrun */
608 s->status_bas &= ~(1 << 1);
609 s->interrupt_bas &= ~(1 << 3);
610 can_sja_update_bas_irq(s);
611 }
612 break;
613 case 4:
614 s->code = val;
615 break;
616 case 5:
617 s->mask = val;
618 break;
619 case 10:
620 s->status_bas |= (1 << 5); /* Set transmit status. */
621 case 11 ... 19:
622 if ((s->control & 0x01) == 0) { /* Operation mode */
623 s->tx_buff[addr - 10] = val; /* Store to TX buffer directly. */
624 }
625 break;
626 case SJA_CDR:
627 s->clock = val;
628 break;
629 }
630 }
631 }
632
633 uint64_t can_sja_mem_read(CanSJA1000State *s, hwaddr addr, unsigned size)
634 {
635 uint64_t temp = 0;
636
637 DPRINTF("read addr 0x%02x ...\n", (unsigned int)addr);
638
639 if (addr > CAN_SJA_MEM_SIZE) {
640 return 0;
641 }
642
643 if (s->clock & 0x80) { /* PeliCAN Mode */
644 switch (addr) {
645 case SJA_MOD: /* Mode register, addr 0 */
646 temp = s->mode;
647 break;
648 case SJA_CMR: /* Command register, addr 1 */
649 temp = 0x00; /* Command register, cannot be read. */
650 break;
651 case SJA_SR: /* Status register, addr 2 */
652 temp = s->status_pel;
653 break;
654 case SJA_IR: /* Interrupt register, addr 3 */
655 temp = s->interrupt_pel;
656 s->interrupt_pel = 0;
657 if (s->rxmsg_cnt) {
658 s->interrupt_pel |= (1 << 0); /* Receive interrupt. */
659 }
660 can_sja_update_pel_irq(s);
661 break;
662 case SJA_IER: /* Interrupt enable register, addr 4 */
663 temp = s->interrupt_en;
664 break;
665 case 5: /* Reserved */
666 case 6: /* Bus timing 0, hardware related, not support now. */
667 case 7: /* Bus timing 1, hardware related, not support now. */
668 case 8: /*
669 * Output control register, hardware related,
670 * not supported for now.
671 */
672 case 9: /* Test. */
673 case 10 ... 15: /* Reserved */
674 temp = 0x00;
675 break;
676
677 case 16 ... 28:
678 if (s->mode & 0x01) { /* Reset mode */
679 if (addr < 24) {
680 temp = s->code_mask[addr - 16];
681 } else {
682 temp = 0x00;
683 }
684 } else { /* Operation mode */
685 temp = s->rx_buff[(s->rxbuf_start + addr - 16) %
686 SJA_RCV_BUF_LEN];
687 }
688 break;
689 case SJA_CDR:
690 temp = s->clock;
691 break;
692 default:
693 temp = 0xff;
694 }
695 } else { /* Basic Mode */
696 switch (addr) {
697 case SJA_BCAN_CTR: /* Control register, addr 0 */
698 temp = s->control;
699 break;
700 case SJA_BCAN_SR: /* Status register, addr 2 */
701 temp = s->status_bas;
702 break;
703 case SJA_BCAN_IR: /* Interrupt register, addr 3 */
704 temp = s->interrupt_bas;
705 s->interrupt_bas = 0;
706 if (s->rxmsg_cnt) {
707 s->interrupt_bas |= (1 << 0); /* Receive interrupt. */
708 }
709 can_sja_update_bas_irq(s);
710 break;
711 case 4:
712 temp = s->code;
713 break;
714 case 5:
715 temp = s->mask;
716 break;
717 case 20 ... 29:
718 temp = s->rx_buff[(s->rxbuf_start + addr - 20) % SJA_RCV_BUF_LEN];
719 break;
720 case 31:
721 temp = s->clock;
722 break;
723 default:
724 temp = 0xff;
725 break;
726 }
727 }
728 DPRINTF("read addr 0x%02x, %d bytes, content 0x%02lx\n",
729 (int)addr, size, (long unsigned int)temp);
730
731 return temp;
732 }
733
734 int can_sja_can_receive(CanBusClientState *client)
735 {
736 CanSJA1000State *s = container_of(client, CanSJA1000State, bus_client);
737
738 if (s->clock & 0x80) { /* PeliCAN Mode */
739 if (s->mode & 0x01) { /* reset mode. */
740 return 0;
741 }
742 } else { /* BasicCAN mode */
743 if (s->control & 0x01) {
744 return 0;
745 }
746 }
747
748 return 1; /* always return 1, when operation mode */
749 }
750
751 ssize_t can_sja_receive(CanBusClientState *client, const qemu_can_frame *frames,
752 size_t frames_cnt)
753 {
754 CanSJA1000State *s = container_of(client, CanSJA1000State, bus_client);
755 static uint8_t rcv[SJA_MSG_MAX_LEN];
756 int i;
757 int ret = -1;
758 const qemu_can_frame *frame = frames;
759
760 if (frames_cnt <= 0) {
761 return 0;
762 }
763 if (DEBUG_FILTER) {
764 can_display_msg("[cansja]: receive ", frame);
765 }
766
767 if (s->clock & 0x80) { /* PeliCAN Mode */
768
769 /* the CAN controller is receiving a message */
770 s->status_pel |= (1 << 4);
771
772 if (can_sja_accept_filter(s, frame) == 0) {
773 s->status_pel &= ~(1 << 4);
774 if (DEBUG_FILTER) {
775 qemu_log("[cansja]: filter rejects message\n");
776 }
777 return ret;
778 }
779
780 ret = frame2buff_pel(frame, rcv);
781 if (ret < 0) {
782 s->status_pel &= ~(1 << 4);
783 if (DEBUG_FILTER) {
784 qemu_log("[cansja]: message store failed\n");
785 }
786 return ret; /* maybe not support now. */
787 }
788
789 if (s->rx_cnt + ret > SJA_RCV_BUF_LEN) { /* Data overrun. */
790 s->status_pel |= (1 << 1); /* Overrun status */
791 s->interrupt_pel |= (1 << 3);
792 s->status_pel &= ~(1 << 4);
793 if (DEBUG_FILTER) {
794 qemu_log("[cansja]: receive FIFO overrun\n");
795 }
796 can_sja_update_pel_irq(s);
797 return ret;
798 }
799 s->rx_cnt += ret;
800 s->rxmsg_cnt++;
801 if (DEBUG_FILTER) {
802 qemu_log("[cansja]: message stored in receive FIFO\n");
803 }
804
805 for (i = 0; i < ret; i++) {
806 s->rx_buff[(s->rx_ptr++) % SJA_RCV_BUF_LEN] = rcv[i];
807 }
808 s->rx_ptr %= SJA_RCV_BUF_LEN; /* update the pointer. */
809
810 s->status_pel |= 0x01; /* Set the Receive Buffer Status. DS-p23 */
811 s->interrupt_pel |= 0x01;
812 s->status_pel &= ~(1 << 4);
813 s->status_pel |= (1 << 0);
814 can_sja_update_pel_irq(s);
815 } else { /* BasicCAN mode */
816
817 /* the CAN controller is receiving a message */
818 s->status_bas |= (1 << 4);
819
820 ret = frame2buff_bas(frame, rcv);
821 if (ret < 0) {
822 s->status_bas &= ~(1 << 4);
823 if (DEBUG_FILTER) {
824 qemu_log("[cansja]: message store failed\n");
825 }
826 return ret; /* maybe not support now. */
827 }
828
829 if (s->rx_cnt + ret > SJA_RCV_BUF_LEN) { /* Data overrun. */
830 s->status_bas |= (1 << 1); /* Overrun status */
831 s->status_bas &= ~(1 << 4);
832 s->interrupt_bas |= (1 << 3);
833 can_sja_update_bas_irq(s);
834 if (DEBUG_FILTER) {
835 qemu_log("[cansja]: receive FIFO overrun\n");
836 }
837 return ret;
838 }
839 s->rx_cnt += ret;
840 s->rxmsg_cnt++;
841
842 if (DEBUG_FILTER) {
843 qemu_log("[cansja]: message stored\n");
844 }
845
846 for (i = 0; i < ret; i++) {
847 s->rx_buff[(s->rx_ptr++) % SJA_RCV_BUF_LEN] = rcv[i];
848 }
849 s->rx_ptr %= SJA_RCV_BUF_LEN; /* update the pointer. */
850
851 s->status_bas |= 0x01; /* Set the Receive Buffer Status. DS-p15 */
852 s->status_bas &= ~(1 << 4);
853 s->interrupt_bas |= (1 << 0);
854 can_sja_update_bas_irq(s);
855 }
856 return 1;
857 }
858
859 static CanBusClientInfo can_sja_bus_client_info = {
860 .can_receive = can_sja_can_receive,
861 .receive = can_sja_receive,
862 };
863
864
865 int can_sja_connect_to_bus(CanSJA1000State *s, CanBusState *bus)
866 {
867 s->bus_client.info = &can_sja_bus_client_info;
868
869 if (!bus) {
870 return -EINVAL;
871 }
872
873 if (can_bus_insert_client(bus, &s->bus_client) < 0) {
874 return -1;
875 }
876
877 return 0;
878 }
879
880 void can_sja_disconnect(CanSJA1000State *s)
881 {
882 can_bus_remove_client(&s->bus_client);
883 }
884
885 int can_sja_init(CanSJA1000State *s, qemu_irq irq)
886 {
887 s->irq = irq;
888
889 qemu_irq_lower(s->irq);
890
891 can_sja_hardware_reset(s);
892
893 return 0;
894 }
895
896 const VMStateDescription vmstate_qemu_can_filter = {
897 .name = "qemu_can_filter",
898 .version_id = 1,
899 .minimum_version_id = 1,
900 .minimum_version_id_old = 1,
901 .fields = (VMStateField[]) {
902 VMSTATE_UINT32(can_id, qemu_can_filter),
903 VMSTATE_UINT32(can_mask, qemu_can_filter),
904 VMSTATE_END_OF_LIST()
905 }
906 };
907
908 static int can_sja_post_load(void *opaque, int version_id)
909 {
910 CanSJA1000State *s = opaque;
911 if (s->clock & 0x80) { /* PeliCAN Mode */
912 can_sja_update_pel_irq(s);
913 } else {
914 can_sja_update_bas_irq(s);
915 }
916 return 0;
917 }
918
919 /* VMState is needed for live migration of QEMU images */
920 const VMStateDescription vmstate_can_sja = {
921 .name = "can_sja",
922 .version_id = 1,
923 .minimum_version_id = 1,
924 .minimum_version_id_old = 1,
925 .post_load = can_sja_post_load,
926 .fields = (VMStateField[]) {
927 VMSTATE_UINT8(mode, CanSJA1000State),
928
929 VMSTATE_UINT8(status_pel, CanSJA1000State),
930 VMSTATE_UINT8(interrupt_pel, CanSJA1000State),
931 VMSTATE_UINT8(interrupt_en, CanSJA1000State),
932 VMSTATE_UINT8(rxmsg_cnt, CanSJA1000State),
933 VMSTATE_UINT8(rxbuf_start, CanSJA1000State),
934 VMSTATE_UINT8(clock, CanSJA1000State),
935
936 VMSTATE_BUFFER(code_mask, CanSJA1000State),
937 VMSTATE_BUFFER(tx_buff, CanSJA1000State),
938
939 VMSTATE_BUFFER(rx_buff, CanSJA1000State),
940
941 VMSTATE_UINT32(rx_ptr, CanSJA1000State),
942 VMSTATE_UINT32(rx_cnt, CanSJA1000State),
943
944 VMSTATE_UINT8(control, CanSJA1000State),
945
946 VMSTATE_UINT8(status_bas, CanSJA1000State),
947 VMSTATE_UINT8(interrupt_bas, CanSJA1000State),
948 VMSTATE_UINT8(code, CanSJA1000State),
949 VMSTATE_UINT8(mask, CanSJA1000State),
950
951 VMSTATE_STRUCT_ARRAY(filter, CanSJA1000State, 4, 0,
952 vmstate_qemu_can_filter, qemu_can_filter),
953
954
955 VMSTATE_END_OF_LIST()
956 }
957 };
AR7 emulation for QEMU