search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
include/qemu/osdep.h: Don't include qapi/error.h
[qemu/ar7.git] / hw / misc / bcm2835_mbox.c
blob263280fd49f802c4bdc909657d1a51f8473efb8d
1 /*
2 * Raspberry Pi emulation (c) 2012 Gregory Estrade
3 * This code is licensed under the GNU GPLv2 and later.
4 *
5 * This file models the system mailboxes, which are used for
6 * communication with low-bandwidth GPU peripherals. Refs:
7 * https://github.com/raspberrypi/firmware/wiki/Mailboxes
8 * https://github.com/raspberrypi/firmware/wiki/Accessing-mailboxes
9 */
10
11 #include "qemu/osdep.h"
12 #include "qapi/error.h"
13 #include "hw/misc/bcm2835_mbox.h"
14
15 #define MAIL0_PEEK 0x90
16 #define MAIL0_SENDER 0x94
17 #define MAIL1_STATUS 0xb8
18
19 /* Mailbox status register */
20 #define MAIL0_STATUS 0x98
21 #define ARM_MS_FULL 0x80000000
22 #define ARM_MS_EMPTY 0x40000000
23 #define ARM_MS_LEVEL 0x400000FF /* Max. value depends on mailbox depth */
24
25 /* MAILBOX config/status register */
26 #define MAIL0_CONFIG 0x9c
27 /* ANY write to this register clears the error bits! */
28 #define ARM_MC_IHAVEDATAIRQEN 0x00000001 /* mbox irq enable: has data */
29 #define ARM_MC_IHAVESPACEIRQEN 0x00000002 /* mbox irq enable: has space */
30 #define ARM_MC_OPPISEMPTYIRQEN 0x00000004 /* mbox irq enable: Opp is empty */
31 #define ARM_MC_MAIL_CLEAR 0x00000008 /* mbox clear write 1, then 0 */
32 #define ARM_MC_IHAVEDATAIRQPEND 0x00000010 /* mbox irq pending: has space */
33 #define ARM_MC_IHAVESPACEIRQPEND 0x00000020 /* mbox irq pending: Opp is empty */
34 #define ARM_MC_OPPISEMPTYIRQPEND 0x00000040 /* mbox irq pending */
35 /* Bit 7 is unused */
36 #define ARM_MC_ERRNOOWN 0x00000100 /* error : none owner read from mailbox */
37 #define ARM_MC_ERROVERFLW 0x00000200 /* error : write to fill mailbox */
38 #define ARM_MC_ERRUNDRFLW 0x00000400 /* error : read from empty mailbox */
39
40 static void mbox_update_status(BCM2835Mbox *mb)
41 {
42 mb->status &= ~(ARM_MS_EMPTY | ARM_MS_FULL);
43 if (mb->count == 0) {
44 mb->status |= ARM_MS_EMPTY;
45 } else if (mb->count == MBOX_SIZE) {
46 mb->status |= ARM_MS_FULL;
47 }
48 }
49
50 static void mbox_reset(BCM2835Mbox *mb)
51 {
52 int n;
53
54 mb->count = 0;
55 mb->config = 0;
56 for (n = 0; n < MBOX_SIZE; n++) {
57 mb->reg[n] = MBOX_INVALID_DATA;
58 }
59 mbox_update_status(mb);
60 }
61
62 static uint32_t mbox_pull(BCM2835Mbox *mb, int index)
63 {
64 int n;
65 uint32_t val;
66
67 assert(mb->count > 0);
68 assert(index < mb->count);
69
70 val = mb->reg[index];
71 for (n = index + 1; n < mb->count; n++) {
72 mb->reg[n - 1] = mb->reg[n];
73 }
74 mb->count--;
75 mb->reg[mb->count] = MBOX_INVALID_DATA;
76
77 mbox_update_status(mb);
78
79 return val;
80 }
81
82 static void mbox_push(BCM2835Mbox *mb, uint32_t val)
83 {
84 assert(mb->count < MBOX_SIZE);
85 mb->reg[mb->count++] = val;
86 mbox_update_status(mb);
87 }
88
89 static void bcm2835_mbox_update(BCM2835MboxState *s)
90 {
91 uint32_t value;
92 bool set;
93 int n;
94
95 s->mbox_irq_disabled = true;
96
97 /* Get pending responses and put them in the vc->arm mbox,
98 * as long as it's not full
99 */
100 for (n = 0; n < MBOX_CHAN_COUNT; n++) {
101 while (s->available[n] && !(s->mbox[0].status & ARM_MS_FULL)) {
102 value = ldl_le_phys(&s->mbox_as, n << MBOX_AS_CHAN_SHIFT);
103 assert(value != MBOX_INVALID_DATA); /* Pending interrupt but no data */
104 mbox_push(&s->mbox[0], value);
105 }
106 }
107
108 /* TODO (?): Try to push pending requests from the arm->vc mbox */
109
110 /* Re-enable calls from the IRQ routine */
111 s->mbox_irq_disabled = false;
112
113 /* Update ARM IRQ status */
114 set = false;
115 s->mbox[0].config &= ~ARM_MC_IHAVEDATAIRQPEND;
116 if (!(s->mbox[0].status & ARM_MS_EMPTY)) {
117 s->mbox[0].config |= ARM_MC_IHAVEDATAIRQPEND;
118 if (s->mbox[0].config & ARM_MC_IHAVEDATAIRQEN) {
119 set = true;
120 }
121 }
122 qemu_set_irq(s->arm_irq, set);
123 }
124
125 static void bcm2835_mbox_set_irq(void *opaque, int irq, int level)
126 {
127 BCM2835MboxState *s = opaque;
128
129 s->available[irq] = level;
130
131 /* avoid recursively calling bcm2835_mbox_update when the interrupt
132 * status changes due to the ldl_phys call within that function
133 */
134 if (!s->mbox_irq_disabled) {
135 bcm2835_mbox_update(s);
136 }
137 }
138
139 static uint64_t bcm2835_mbox_read(void *opaque, hwaddr offset, unsigned size)
140 {
141 BCM2835MboxState *s = opaque;
142 uint32_t res = 0;
143
144 offset &= 0xff;
145
146 switch (offset) {
147 case 0x80 ... 0x8c: /* MAIL0_READ */
148 if (s->mbox[0].status & ARM_MS_EMPTY) {
149 res = MBOX_INVALID_DATA;
150 } else {
151 res = mbox_pull(&s->mbox[0], 0);
152 }
153 break;
154
155 case MAIL0_PEEK:
156 res = s->mbox[0].reg[0];
157 break;
158
159 case MAIL0_SENDER:
160 break;
161
162 case MAIL0_STATUS:
163 res = s->mbox[0].status;
164 break;
165
166 case MAIL0_CONFIG:
167 res = s->mbox[0].config;
168 break;
169
170 case MAIL1_STATUS:
171 res = s->mbox[1].status;
172 break;
173
174 default:
175 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset %"HWADDR_PRIx"\n",
176 __func__, offset);
177 return 0;
178 }
179
180 bcm2835_mbox_update(s);
181
182 return res;
183 }
184
185 static void bcm2835_mbox_write(void *opaque, hwaddr offset,
186 uint64_t value, unsigned size)
187 {
188 BCM2835MboxState *s = opaque;
189 hwaddr childaddr;
190 uint8_t ch;
191
192 offset &= 0xff;
193
194 switch (offset) {
195 case MAIL0_SENDER:
196 break;
197
198 case MAIL0_CONFIG:
199 s->mbox[0].config &= ~ARM_MC_IHAVEDATAIRQEN;
200 s->mbox[0].config |= value & ARM_MC_IHAVEDATAIRQEN;
201 break;
202
203 case 0xa0 ... 0xac: /* MAIL1_WRITE */
204 if (s->mbox[1].status & ARM_MS_FULL) {
205 /* Mailbox full */
206 qemu_log_mask(LOG_GUEST_ERROR, "%s: mailbox full\n", __func__);
207 } else {
208 ch = value & 0xf;
209 if (ch < MBOX_CHAN_COUNT) {
210 childaddr = ch << MBOX_AS_CHAN_SHIFT;
211 if (ldl_le_phys(&s->mbox_as, childaddr + MBOX_AS_PENDING)) {
212 /* Child busy, push delayed. Push it in the arm->vc mbox */
213 mbox_push(&s->mbox[1], value);
214 } else {
215 /* Push it directly to the child device */
216 stl_le_phys(&s->mbox_as, childaddr, value);
217 }
218 } else {
219 /* Invalid channel number */
220 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid channel %u\n",
221 __func__, ch);
222 }
223 }
224 break;
225
226 default:
227 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset %"HWADDR_PRIx"\n",
228 __func__, offset);
229 return;
230 }
231
232 bcm2835_mbox_update(s);
233 }
234
235 static const MemoryRegionOps bcm2835_mbox_ops = {
236 .read = bcm2835_mbox_read,
237 .write = bcm2835_mbox_write,
238 .endianness = DEVICE_NATIVE_ENDIAN,
239 .valid.min_access_size = 4,
240 .valid.max_access_size = 4,
241 };
242
243 /* vmstate of a single mailbox */
244 static const VMStateDescription vmstate_bcm2835_mbox_box = {
245 .name = TYPE_BCM2835_MBOX "_box",
246 .version_id = 1,
247 .minimum_version_id = 1,
248 .fields = (VMStateField[]) {
249 VMSTATE_UINT32_ARRAY(reg, BCM2835Mbox, MBOX_SIZE),
250 VMSTATE_UINT32(count, BCM2835Mbox),
251 VMSTATE_UINT32(status, BCM2835Mbox),
252 VMSTATE_UINT32(config, BCM2835Mbox),
253 VMSTATE_END_OF_LIST()
254 }
255 };
256
257 /* vmstate of the entire device */
258 static const VMStateDescription vmstate_bcm2835_mbox = {
259 .name = TYPE_BCM2835_MBOX,
260 .version_id = 1,
261 .minimum_version_id = 1,
262 .minimum_version_id_old = 1,
263 .fields = (VMStateField[]) {
264 VMSTATE_BOOL_ARRAY(available, BCM2835MboxState, MBOX_CHAN_COUNT),
265 VMSTATE_STRUCT_ARRAY(mbox, BCM2835MboxState, 2, 1,
266 vmstate_bcm2835_mbox_box, BCM2835Mbox),
267 VMSTATE_END_OF_LIST()
268 }
269 };
270
271 static void bcm2835_mbox_init(Object *obj)
272 {
273 BCM2835MboxState *s = BCM2835_MBOX(obj);
274
275 memory_region_init_io(&s->iomem, obj, &bcm2835_mbox_ops, s,
276 TYPE_BCM2835_MBOX, 0x400);
277 sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem);
278 sysbus_init_irq(SYS_BUS_DEVICE(s), &s->arm_irq);
279 qdev_init_gpio_in(DEVICE(s), bcm2835_mbox_set_irq, MBOX_CHAN_COUNT);
280 }
281
282 static void bcm2835_mbox_reset(DeviceState *dev)
283 {
284 BCM2835MboxState *s = BCM2835_MBOX(dev);
285 int n;
286
287 mbox_reset(&s->mbox[0]);
288 mbox_reset(&s->mbox[1]);
289 s->mbox_irq_disabled = false;
290 for (n = 0; n < MBOX_CHAN_COUNT; n++) {
291 s->available[n] = false;
292 }
293 }
294
295 static void bcm2835_mbox_realize(DeviceState *dev, Error **errp)
296 {
297 BCM2835MboxState *s = BCM2835_MBOX(dev);
298 Object *obj;
299 Error *err = NULL;
300
301 obj = object_property_get_link(OBJECT(dev), "mbox-mr", &err);
302 if (obj == NULL) {
303 error_setg(errp, "%s: required mbox-mr link not found: %s",
304 __func__, error_get_pretty(err));
305 return;
306 }
307
308 s->mbox_mr = MEMORY_REGION(obj);
309 address_space_init(&s->mbox_as, s->mbox_mr, NULL);
310 bcm2835_mbox_reset(dev);
311 }
312
313 static void bcm2835_mbox_class_init(ObjectClass *klass, void *data)
314 {
315 DeviceClass *dc = DEVICE_CLASS(klass);
316
317 dc->realize = bcm2835_mbox_realize;
318 dc->reset = bcm2835_mbox_reset;
319 dc->vmsd = &vmstate_bcm2835_mbox;
320 }
321
322 static TypeInfo bcm2835_mbox_info = {
323 .name = TYPE_BCM2835_MBOX,
324 .parent = TYPE_SYS_BUS_DEVICE,
325 .instance_size = sizeof(BCM2835MboxState),
326 .class_init = bcm2835_mbox_class_init,
327 .instance_init = bcm2835_mbox_init,
328 };
329
330 static void bcm2835_mbox_register_types(void)
331 {
332 type_register_static(&bcm2835_mbox_info);
333 }
334
335 type_init(bcm2835_mbox_register_types)
AR7 emulation for QEMU