2 * Arm PrimeCell PL181 MultiMedia Card Interface
4 * Copyright (c) 2007 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licensed under the GPL.
10 #include "qemu/osdep.h"
11 #include "sysemu/block-backend.h"
12 #include "sysemu/blockdev.h"
13 #include "hw/sysbus.h"
16 #include "qapi/error.h"
18 //#define DEBUG_PL181 1
21 #define DPRINTF(fmt, ...) \
22 do { printf("pl181: " fmt , ## __VA_ARGS__); } while (0)
24 #define DPRINTF(fmt, ...) do {} while(0)
27 #define PL181_FIFO_LEN 16
29 #define TYPE_PL181 "pl181"
30 #define PL181(obj) OBJECT_CHECK(PL181State, (obj), TYPE_PL181)
32 typedef struct PL181State
{
33 SysBusDevice parent_obj
;
51 /* The linux 2.6.21 driver is buggy, and misbehaves if new data arrives
52 while it is reading the FIFO. We hack around this by deferring
53 subsequent transfers until after the driver polls the status word.
54 http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=4446/1
57 uint32_t fifo
[PL181_FIFO_LEN
];
59 /* GPIO outputs for 'card is readonly' and 'card inserted' */
60 qemu_irq cardstatus
[2];
63 static const VMStateDescription vmstate_pl181
= {
66 .minimum_version_id
= 1,
67 .fields
= (VMStateField
[]) {
68 VMSTATE_UINT32(clock
, PL181State
),
69 VMSTATE_UINT32(power
, PL181State
),
70 VMSTATE_UINT32(cmdarg
, PL181State
),
71 VMSTATE_UINT32(cmd
, PL181State
),
72 VMSTATE_UINT32(datatimer
, PL181State
),
73 VMSTATE_UINT32(datalength
, PL181State
),
74 VMSTATE_UINT32(respcmd
, PL181State
),
75 VMSTATE_UINT32_ARRAY(response
, PL181State
, 4),
76 VMSTATE_UINT32(datactrl
, PL181State
),
77 VMSTATE_UINT32(datacnt
, PL181State
),
78 VMSTATE_UINT32(status
, PL181State
),
79 VMSTATE_UINT32_ARRAY(mask
, PL181State
, 2),
80 VMSTATE_INT32(fifo_pos
, PL181State
),
81 VMSTATE_INT32(fifo_len
, PL181State
),
82 VMSTATE_INT32(linux_hack
, PL181State
),
83 VMSTATE_UINT32_ARRAY(fifo
, PL181State
, PL181_FIFO_LEN
),
88 #define PL181_CMD_INDEX 0x3f
89 #define PL181_CMD_RESPONSE (1 << 6)
90 #define PL181_CMD_LONGRESP (1 << 7)
91 #define PL181_CMD_INTERRUPT (1 << 8)
92 #define PL181_CMD_PENDING (1 << 9)
93 #define PL181_CMD_ENABLE (1 << 10)
95 #define PL181_DATA_ENABLE (1 << 0)
96 #define PL181_DATA_DIRECTION (1 << 1)
97 #define PL181_DATA_MODE (1 << 2)
98 #define PL181_DATA_DMAENABLE (1 << 3)
100 #define PL181_STATUS_CMDCRCFAIL (1 << 0)
101 #define PL181_STATUS_DATACRCFAIL (1 << 1)
102 #define PL181_STATUS_CMDTIMEOUT (1 << 2)
103 #define PL181_STATUS_DATATIMEOUT (1 << 3)
104 #define PL181_STATUS_TXUNDERRUN (1 << 4)
105 #define PL181_STATUS_RXOVERRUN (1 << 5)
106 #define PL181_STATUS_CMDRESPEND (1 << 6)
107 #define PL181_STATUS_CMDSENT (1 << 7)
108 #define PL181_STATUS_DATAEND (1 << 8)
109 #define PL181_STATUS_DATABLOCKEND (1 << 10)
110 #define PL181_STATUS_CMDACTIVE (1 << 11)
111 #define PL181_STATUS_TXACTIVE (1 << 12)
112 #define PL181_STATUS_RXACTIVE (1 << 13)
113 #define PL181_STATUS_TXFIFOHALFEMPTY (1 << 14)
114 #define PL181_STATUS_RXFIFOHALFFULL (1 << 15)
115 #define PL181_STATUS_TXFIFOFULL (1 << 16)
116 #define PL181_STATUS_RXFIFOFULL (1 << 17)
117 #define PL181_STATUS_TXFIFOEMPTY (1 << 18)
118 #define PL181_STATUS_RXFIFOEMPTY (1 << 19)
119 #define PL181_STATUS_TXDATAAVLBL (1 << 20)
120 #define PL181_STATUS_RXDATAAVLBL (1 << 21)
122 #define PL181_STATUS_TX_FIFO (PL181_STATUS_TXACTIVE \
123 |PL181_STATUS_TXFIFOHALFEMPTY \
124 |PL181_STATUS_TXFIFOFULL \
125 |PL181_STATUS_TXFIFOEMPTY \
126 |PL181_STATUS_TXDATAAVLBL)
127 #define PL181_STATUS_RX_FIFO (PL181_STATUS_RXACTIVE \
128 |PL181_STATUS_RXFIFOHALFFULL \
129 |PL181_STATUS_RXFIFOFULL \
130 |PL181_STATUS_RXFIFOEMPTY \
131 |PL181_STATUS_RXDATAAVLBL)
133 static const unsigned char pl181_id
[] =
134 { 0x81, 0x11, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
136 static void pl181_update(PL181State
*s
)
139 for (i
= 0; i
< 2; i
++) {
140 qemu_set_irq(s
->irq
[i
], (s
->status
& s
->mask
[i
]) != 0);
144 static void pl181_fifo_push(PL181State
*s
, uint32_t value
)
148 if (s
->fifo_len
== PL181_FIFO_LEN
) {
149 fprintf(stderr
, "pl181: FIFO overflow\n");
152 n
= (s
->fifo_pos
+ s
->fifo_len
) & (PL181_FIFO_LEN
- 1);
155 DPRINTF("FIFO push %08x\n", (int)value
);
158 static uint32_t pl181_fifo_pop(PL181State
*s
)
162 if (s
->fifo_len
== 0) {
163 fprintf(stderr
, "pl181: FIFO underflow\n");
166 value
= s
->fifo
[s
->fifo_pos
];
168 s
->fifo_pos
= (s
->fifo_pos
+ 1) & (PL181_FIFO_LEN
- 1);
169 DPRINTF("FIFO pop %08x\n", (int)value
);
173 static void pl181_send_command(PL181State
*s
)
176 uint8_t response
[16];
179 request
.cmd
= s
->cmd
& PL181_CMD_INDEX
;
180 request
.arg
= s
->cmdarg
;
181 DPRINTF("Command %d %08x\n", request
.cmd
, request
.arg
);
182 rlen
= sd_do_command(s
->card
, &request
, response
);
185 if (s
->cmd
& PL181_CMD_RESPONSE
) {
186 #define RWORD(n) (((uint32_t)response[n] << 24) | (response[n + 1] << 16) \
187 | (response[n + 2] << 8) | response[n + 3])
188 if (rlen
== 0 || (rlen
== 4 && (s
->cmd
& PL181_CMD_LONGRESP
)))
190 if (rlen
!= 4 && rlen
!= 16)
192 s
->response
[0] = RWORD(0);
194 s
->response
[1] = s
->response
[2] = s
->response
[3] = 0;
196 s
->response
[1] = RWORD(4);
197 s
->response
[2] = RWORD(8);
198 s
->response
[3] = RWORD(12) & ~1;
200 DPRINTF("Response received\n");
201 s
->status
|= PL181_STATUS_CMDRESPEND
;
204 DPRINTF("Command sent\n");
205 s
->status
|= PL181_STATUS_CMDSENT
;
210 DPRINTF("Timeout\n");
211 s
->status
|= PL181_STATUS_CMDTIMEOUT
;
214 /* Transfer data between the card and the FIFO. This is complicated by
215 the FIFO holding 32-bit words and the card taking data in single byte
216 chunks. FIFO bytes are transferred in little-endian order. */
218 static void pl181_fifo_run(PL181State
*s
)
225 is_read
= (s
->datactrl
& PL181_DATA_DIRECTION
) != 0;
226 if (s
->datacnt
!= 0 && (!is_read
|| sd_data_ready(s
->card
))
230 while (s
->datacnt
&& s
->fifo_len
< PL181_FIFO_LEN
) {
231 value
|= (uint32_t)sd_read_data(s
->card
) << (n
* 8);
235 pl181_fifo_push(s
, value
);
241 pl181_fifo_push(s
, value
);
245 while (s
->datacnt
> 0 && (s
->fifo_len
> 0 || n
> 0)) {
247 value
= pl181_fifo_pop(s
);
252 sd_write_data(s
->card
, value
& 0xff);
257 s
->status
&= ~(PL181_STATUS_RX_FIFO
| PL181_STATUS_TX_FIFO
);
258 if (s
->datacnt
== 0) {
259 s
->status
|= PL181_STATUS_DATAEND
;
261 s
->status
|= PL181_STATUS_DATABLOCKEND
;
262 DPRINTF("Transfer Complete\n");
264 if (s
->datacnt
== 0 && s
->fifo_len
== 0) {
265 s
->datactrl
&= ~PL181_DATA_ENABLE
;
266 DPRINTF("Data engine idle\n");
268 /* Update FIFO bits. */
269 bits
= PL181_STATUS_TXACTIVE
| PL181_STATUS_RXACTIVE
;
270 if (s
->fifo_len
== 0) {
271 bits
|= PL181_STATUS_TXFIFOEMPTY
;
272 bits
|= PL181_STATUS_RXFIFOEMPTY
;
274 bits
|= PL181_STATUS_TXDATAAVLBL
;
275 bits
|= PL181_STATUS_RXDATAAVLBL
;
277 if (s
->fifo_len
== 16) {
278 bits
|= PL181_STATUS_TXFIFOFULL
;
279 bits
|= PL181_STATUS_RXFIFOFULL
;
281 if (s
->fifo_len
<= 8) {
282 bits
|= PL181_STATUS_TXFIFOHALFEMPTY
;
284 if (s
->fifo_len
>= 8) {
285 bits
|= PL181_STATUS_RXFIFOHALFFULL
;
287 if (s
->datactrl
& PL181_DATA_DIRECTION
) {
288 bits
&= PL181_STATUS_RX_FIFO
;
290 bits
&= PL181_STATUS_TX_FIFO
;
296 static uint64_t pl181_read(void *opaque
, hwaddr offset
,
299 PL181State
*s
= (PL181State
*)opaque
;
302 if (offset
>= 0xfe0 && offset
< 0x1000) {
303 return pl181_id
[(offset
- 0xfe0) >> 2];
306 case 0x00: /* Power */
308 case 0x04: /* Clock */
310 case 0x08: /* Argument */
312 case 0x0c: /* Command */
314 case 0x10: /* RespCmd */
316 case 0x14: /* Response0 */
317 return s
->response
[0];
318 case 0x18: /* Response1 */
319 return s
->response
[1];
320 case 0x1c: /* Response2 */
321 return s
->response
[2];
322 case 0x20: /* Response3 */
323 return s
->response
[3];
324 case 0x24: /* DataTimer */
326 case 0x28: /* DataLength */
327 return s
->datalength
;
328 case 0x2c: /* DataCtrl */
330 case 0x30: /* DataCnt */
332 case 0x34: /* Status */
340 case 0x3c: /* Mask0 */
342 case 0x40: /* Mask1 */
344 case 0x48: /* FifoCnt */
345 /* The documentation is somewhat vague about exactly what FifoCnt
346 does. On real hardware it appears to be when decrememnted
347 when a word is transferred between the FIFO and the serial
348 data engine. DataCnt is decremented after each byte is
349 transferred between the serial engine and the card.
350 We don't emulate this level of detail, so both can be the same. */
351 tmp
= (s
->datacnt
+ 3) >> 2;
358 case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
359 case 0x90: case 0x94: case 0x98: case 0x9c:
360 case 0xa0: case 0xa4: case 0xa8: case 0xac:
361 case 0xb0: case 0xb4: case 0xb8: case 0xbc:
362 if (s
->fifo_len
== 0) {
363 qemu_log_mask(LOG_GUEST_ERROR
, "pl181: Unexpected FIFO read\n");
367 value
= pl181_fifo_pop(s
);
374 qemu_log_mask(LOG_GUEST_ERROR
,
375 "pl181_read: Bad offset %x\n", (int)offset
);
380 static void pl181_write(void *opaque
, hwaddr offset
,
381 uint64_t value
, unsigned size
)
383 PL181State
*s
= (PL181State
*)opaque
;
386 case 0x00: /* Power */
387 s
->power
= value
& 0xff;
389 case 0x04: /* Clock */
390 s
->clock
= value
& 0xff;
392 case 0x08: /* Argument */
395 case 0x0c: /* Command */
397 if (s
->cmd
& PL181_CMD_ENABLE
) {
398 if (s
->cmd
& PL181_CMD_INTERRUPT
) {
399 qemu_log_mask(LOG_UNIMP
,
400 "pl181: Interrupt mode not implemented\n");
401 } if (s
->cmd
& PL181_CMD_PENDING
) {
402 qemu_log_mask(LOG_UNIMP
,
403 "pl181: Pending commands not implemented\n");
405 pl181_send_command(s
);
408 /* The command has completed one way or the other. */
409 s
->cmd
&= ~PL181_CMD_ENABLE
;
412 case 0x24: /* DataTimer */
413 s
->datatimer
= value
;
415 case 0x28: /* DataLength */
416 s
->datalength
= value
& 0xffff;
418 case 0x2c: /* DataCtrl */
419 s
->datactrl
= value
& 0xff;
420 if (value
& PL181_DATA_ENABLE
) {
421 s
->datacnt
= s
->datalength
;
425 case 0x38: /* Clear */
426 s
->status
&= ~(value
& 0x7ff);
428 case 0x3c: /* Mask0 */
431 case 0x40: /* Mask1 */
434 case 0x80: case 0x84: case 0x88: case 0x8c: /* FifoData */
435 case 0x90: case 0x94: case 0x98: case 0x9c:
436 case 0xa0: case 0xa4: case 0xa8: case 0xac:
437 case 0xb0: case 0xb4: case 0xb8: case 0xbc:
438 if (s
->datacnt
== 0) {
439 qemu_log_mask(LOG_GUEST_ERROR
, "pl181: Unexpected FIFO write\n");
441 pl181_fifo_push(s
, value
);
446 qemu_log_mask(LOG_GUEST_ERROR
,
447 "pl181_write: Bad offset %x\n", (int)offset
);
452 static const MemoryRegionOps pl181_ops
= {
454 .write
= pl181_write
,
455 .endianness
= DEVICE_NATIVE_ENDIAN
,
458 static void pl181_reset(DeviceState
*d
)
460 PL181State
*s
= PL181(d
);
481 /* We can assume our GPIO outputs have been wired up now */
482 sd_set_cb(s
->card
, s
->cardstatus
[0], s
->cardstatus
[1]);
485 static void pl181_init(Object
*obj
)
487 DeviceState
*dev
= DEVICE(obj
);
488 PL181State
*s
= PL181(obj
);
489 SysBusDevice
*sbd
= SYS_BUS_DEVICE(obj
);
491 memory_region_init_io(&s
->iomem
, obj
, &pl181_ops
, s
, "pl181", 0x1000);
492 sysbus_init_mmio(sbd
, &s
->iomem
);
493 sysbus_init_irq(sbd
, &s
->irq
[0]);
494 sysbus_init_irq(sbd
, &s
->irq
[1]);
495 qdev_init_gpio_out(dev
, s
->cardstatus
, 2);
498 static void pl181_realize(DeviceState
*dev
, Error
**errp
)
500 PL181State
*s
= PL181(dev
);
503 /* FIXME use a qdev drive property instead of drive_get_next() */
504 dinfo
= drive_get_next(IF_SD
);
505 s
->card
= sd_init(dinfo
? blk_by_legacy_dinfo(dinfo
) : NULL
, false);
506 if (s
->card
== NULL
) {
507 error_setg(errp
, "sd_init failed");
511 static void pl181_class_init(ObjectClass
*klass
, void *data
)
513 DeviceClass
*k
= DEVICE_CLASS(klass
);
515 k
->vmsd
= &vmstate_pl181
;
516 k
->reset
= pl181_reset
;
517 /* Reason: init() method uses drive_get_next() */
518 k
->cannot_instantiate_with_device_add_yet
= true;
519 k
->realize
= pl181_realize
;
522 static const TypeInfo pl181_info
= {
524 .parent
= TYPE_SYS_BUS_DEVICE
,
525 .instance_size
= sizeof(PL181State
),
526 .instance_init
= pl181_init
,
527 .class_init
= pl181_class_init
,
530 static void pl181_register_types(void)
532 type_register_static(&pl181_info
);
535 type_init(pl181_register_types
)