2 * Raspberry Pi emulation (c) 2012 Gregory Estrade
3 * This code is licensed under the GNU GPLv2 and later.
6 #include "hw/misc/bcm2835_property.h"
7 #include "hw/misc/bcm2835_mbox_defs.h"
8 #include "sysemu/dma.h"
10 /* https://github.com/raspberrypi/firmware/wiki/Mailbox-property-interface */
12 static void bcm2835_property_mbox_push(BCM2835PropertyState
*s
, uint32_t value
)
24 tot_len
= ldl_phys(&s
->dma_as
, value
);
26 /* @(addr + 4) : Buffer response code */
28 while (value
+ 8 <= s
->addr
+ tot_len
) {
29 tag
= ldl_phys(&s
->dma_as
, value
);
30 bufsize
= ldl_phys(&s
->dma_as
, value
+ 4);
31 /* @(value + 8) : Request/response indicator */
34 case 0x00000000: /* End tag */
36 case 0x00000001: /* Get firmware revision */
37 stl_phys(&s
->dma_as
, value
+ 12, 346337);
40 case 0x00010001: /* Get board model */
41 qemu_log_mask(LOG_UNIMP
,
42 "bcm2835_property: %x get board model NYI\n", tag
);
45 case 0x00010002: /* Get board revision */
46 qemu_log_mask(LOG_UNIMP
,
47 "bcm2835_property: %x get board revision NYI\n", tag
);
50 case 0x00010003: /* Get board MAC address */
51 resplen
= sizeof(s
->macaddr
.a
);
52 dma_memory_write(&s
->dma_as
, value
+ 12, s
->macaddr
.a
, resplen
);
54 case 0x00010004: /* Get board serial */
55 qemu_log_mask(LOG_UNIMP
,
56 "bcm2835_property: %x get board serial NYI\n", tag
);
59 case 0x00010005: /* Get ARM memory */
61 stl_phys(&s
->dma_as
, value
+ 12, 0);
63 stl_phys(&s
->dma_as
, value
+ 16, s
->ram_size
);
66 case 0x00028001: /* Set power state */
67 /* Assume that whatever device they asked for exists,
68 * and we'll just claim we set it to the desired state
70 tmp
= ldl_phys(&s
->dma_as
, value
+ 16);
71 stl_phys(&s
->dma_as
, value
+ 16, (tmp
& 1));
77 case 0x00030001: /* Get clock state */
78 stl_phys(&s
->dma_as
, value
+ 16, 0x1);
82 case 0x00038001: /* Set clock state */
83 qemu_log_mask(LOG_UNIMP
,
84 "bcm2835_property: %x set clock state NYI\n", tag
);
88 case 0x00030002: /* Get clock rate */
89 case 0x00030004: /* Get max clock rate */
90 case 0x00030007: /* Get min clock rate */
91 switch (ldl_phys(&s
->dma_as
, value
+ 12)) {
93 stl_phys(&s
->dma_as
, value
+ 16, 50000000);
96 stl_phys(&s
->dma_as
, value
+ 16, 3000000);
99 stl_phys(&s
->dma_as
, value
+ 16, 700000000);
105 case 0x00038002: /* Set clock rate */
106 case 0x00038004: /* Set max clock rate */
107 case 0x00038007: /* Set min clock rate */
108 qemu_log_mask(LOG_UNIMP
,
109 "bcm2835_property: %x set clock rates NYI\n", tag
);
115 case 0x00030006: /* Get temperature */
116 stl_phys(&s
->dma_as
, value
+ 16, 25000);
120 case 0x0003000A: /* Get max temperature */
121 stl_phys(&s
->dma_as
, value
+ 16, 99000);
126 case 0x00060001: /* Get DMA channels */
128 stl_phys(&s
->dma_as
, value
+ 12, 0x003C);
132 case 0x00050001: /* Get command line */
137 qemu_log_mask(LOG_GUEST_ERROR
,
138 "bcm2835_property: unhandled tag %08x\n", tag
);
146 stl_phys(&s
->dma_as
, value
+ 8, (1 << 31) | resplen
);
147 value
+= bufsize
+ 12;
150 /* Buffer response code */
151 stl_phys(&s
->dma_as
, s
->addr
+ 4, (1 << 31));
154 static uint64_t bcm2835_property_read(void *opaque
, hwaddr offset
,
157 BCM2835PropertyState
*s
= opaque
;
162 res
= MBOX_CHAN_PROPERTY
| s
->addr
;
164 qemu_set_irq(s
->mbox_irq
, 0);
167 case MBOX_AS_PENDING
:
172 qemu_log_mask(LOG_GUEST_ERROR
, "%s: Bad offset %"HWADDR_PRIx
"\n",
180 static void bcm2835_property_write(void *opaque
, hwaddr offset
,
181 uint64_t value
, unsigned size
)
183 BCM2835PropertyState
*s
= opaque
;
187 /* bcm2835_mbox should check our pending status before pushing */
190 bcm2835_property_mbox_push(s
, value
);
191 qemu_set_irq(s
->mbox_irq
, 1);
195 qemu_log_mask(LOG_GUEST_ERROR
, "%s: Bad offset %"HWADDR_PRIx
"\n",
201 static const MemoryRegionOps bcm2835_property_ops
= {
202 .read
= bcm2835_property_read
,
203 .write
= bcm2835_property_write
,
204 .endianness
= DEVICE_NATIVE_ENDIAN
,
205 .valid
.min_access_size
= 4,
206 .valid
.max_access_size
= 4,
209 static const VMStateDescription vmstate_bcm2835_property
= {
210 .name
= TYPE_BCM2835_PROPERTY
,
212 .minimum_version_id
= 1,
213 .fields
= (VMStateField
[]) {
214 VMSTATE_MACADDR(macaddr
, BCM2835PropertyState
),
215 VMSTATE_UINT32(addr
, BCM2835PropertyState
),
216 VMSTATE_BOOL(pending
, BCM2835PropertyState
),
217 VMSTATE_END_OF_LIST()
221 static void bcm2835_property_init(Object
*obj
)
223 BCM2835PropertyState
*s
= BCM2835_PROPERTY(obj
);
225 memory_region_init_io(&s
->iomem
, OBJECT(s
), &bcm2835_property_ops
, s
,
226 TYPE_BCM2835_PROPERTY
, 0x10);
227 sysbus_init_mmio(SYS_BUS_DEVICE(s
), &s
->iomem
);
228 sysbus_init_irq(SYS_BUS_DEVICE(s
), &s
->mbox_irq
);
231 static void bcm2835_property_reset(DeviceState
*dev
)
233 BCM2835PropertyState
*s
= BCM2835_PROPERTY(dev
);
238 static void bcm2835_property_realize(DeviceState
*dev
, Error
**errp
)
240 BCM2835PropertyState
*s
= BCM2835_PROPERTY(dev
);
244 obj
= object_property_get_link(OBJECT(dev
), "dma-mr", &err
);
246 error_setg(errp
, "%s: required dma-mr link not found: %s",
247 __func__
, error_get_pretty(err
));
251 s
->dma_mr
= MEMORY_REGION(obj
);
252 address_space_init(&s
->dma_as
, s
->dma_mr
, NULL
);
254 /* TODO: connect to MAC address of USB NIC device, once we emulate it */
255 qemu_macaddr_default_if_unset(&s
->macaddr
);
257 bcm2835_property_reset(dev
);
260 static Property bcm2835_property_props
[] = {
261 DEFINE_PROP_UINT32("ram-size", BCM2835PropertyState
, ram_size
, 0),
262 DEFINE_PROP_END_OF_LIST()
265 static void bcm2835_property_class_init(ObjectClass
*klass
, void *data
)
267 DeviceClass
*dc
= DEVICE_CLASS(klass
);
269 dc
->props
= bcm2835_property_props
;
270 dc
->realize
= bcm2835_property_realize
;
271 dc
->vmsd
= &vmstate_bcm2835_property
;
274 static TypeInfo bcm2835_property_info
= {
275 .name
= TYPE_BCM2835_PROPERTY
,
276 .parent
= TYPE_SYS_BUS_DEVICE
,
277 .instance_size
= sizeof(BCM2835PropertyState
),
278 .class_init
= bcm2835_property_class_init
,
279 .instance_init
= bcm2835_property_init
,
282 static void bcm2835_property_register_types(void)
284 type_register_static(&bcm2835_property_info
);
287 type_init(bcm2835_property_register_types
)
