1 /* 2 * ASPEED AST2400 SMC Controller (SPI Flash Only) 3 * 4 * Copyright (C) 2016 IBM Corp. 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #include "qemu/osdep.h" 26 #include "hw/sysbus.h" 27 #include "migration/vmstate.h" 28 #include "qemu/log.h" 29 #include "qemu/module.h" 30 #include "qemu/error-report.h" 31 #include "qapi/error.h" 32 #include "exec/address-spaces.h" 33 #include "qemu/units.h" 34 35 #include "hw/irq.h" 36 #include "hw/qdev-properties.h" 37 #include "hw/ssi/aspeed_smc.h" 38 39 /* CE Type Setting Register */ 40 #define R_CONF (0x00 / 4) 41 #define CONF_LEGACY_DISABLE (1 << 31) 42 #define CONF_ENABLE_W4 20 43 #define CONF_ENABLE_W3 19 44 #define CONF_ENABLE_W2 18 45 #define CONF_ENABLE_W1 17 46 #define CONF_ENABLE_W0 16 47 #define CONF_FLASH_TYPE4 8 48 #define CONF_FLASH_TYPE3 6 49 #define CONF_FLASH_TYPE2 4 50 #define CONF_FLASH_TYPE1 2 51 #define CONF_FLASH_TYPE0 0 52 #define CONF_FLASH_TYPE_NOR 0x0 53 #define CONF_FLASH_TYPE_NAND 0x1 54 #define CONF_FLASH_TYPE_SPI 0x2 /* AST2600 is SPI only */ 55 56 /* CE Control Register */ 57 #define R_CE_CTRL (0x04 / 4) 58 #define CTRL_EXTENDED4 4 /* 32 bit addressing for SPI */ 59 #define CTRL_EXTENDED3 3 /* 32 bit addressing for SPI */ 60 #define CTRL_EXTENDED2 2 /* 32 bit addressing for SPI */ 61 #define CTRL_EXTENDED1 1 /* 32 bit addressing for SPI */ 62 #define CTRL_EXTENDED0 0 /* 32 bit addressing for SPI */ 63 64 /* Interrupt Control and Status Register */ 65 #define R_INTR_CTRL (0x08 / 4) 66 #define INTR_CTRL_DMA_STATUS (1 << 11) 67 #define INTR_CTRL_CMD_ABORT_STATUS (1 << 10) 68 #define INTR_CTRL_WRITE_PROTECT_STATUS (1 << 9) 69 #define INTR_CTRL_DMA_EN (1 << 3) 70 #define INTR_CTRL_CMD_ABORT_EN (1 << 2) 71 #define INTR_CTRL_WRITE_PROTECT_EN (1 << 1) 72 73 /* CEx Control Register */ 74 #define R_CTRL0 (0x10 / 4) 75 #define CTRL_IO_QPI (1 << 31) 76 #define CTRL_IO_QUAD_DATA (1 << 30) 77 #define CTRL_IO_DUAL_DATA (1 << 29) 78 #define CTRL_IO_DUAL_ADDR_DATA (1 << 28) /* Includes dummies */ 79 #define CTRL_IO_QUAD_ADDR_DATA (1 << 28) /* Includes dummies */ 80 #define CTRL_CMD_SHIFT 16 81 #define CTRL_CMD_MASK 0xff 82 #define CTRL_DUMMY_HIGH_SHIFT 14 83 #define CTRL_AST2400_SPI_4BYTE (1 << 13) 84 #define CE_CTRL_CLOCK_FREQ_SHIFT 8 85 #define CE_CTRL_CLOCK_FREQ_MASK 0xf 86 #define CE_CTRL_CLOCK_FREQ(div) \ 87 (((div) & CE_CTRL_CLOCK_FREQ_MASK) << CE_CTRL_CLOCK_FREQ_SHIFT) 88 #define CTRL_DUMMY_LOW_SHIFT 6 /* 2 bits [7:6] */ 89 #define CTRL_CE_STOP_ACTIVE (1 << 2) 90 #define CTRL_CMD_MODE_MASK 0x3 91 #define CTRL_READMODE 0x0 92 #define CTRL_FREADMODE 0x1 93 #define CTRL_WRITEMODE 0x2 94 #define CTRL_USERMODE 0x3 95 #define R_CTRL1 (0x14 / 4) 96 #define R_CTRL2 (0x18 / 4) 97 #define R_CTRL3 (0x1C / 4) 98 #define R_CTRL4 (0x20 / 4) 99 100 /* CEx Segment Address Register */ 101 #define R_SEG_ADDR0 (0x30 / 4) 102 #define SEG_END_SHIFT 24 /* 8MB units */ 103 #define SEG_END_MASK 0xff 104 #define SEG_START_SHIFT 16 /* address bit [A29-A23] */ 105 #define SEG_START_MASK 0xff 106 #define R_SEG_ADDR1 (0x34 / 4) 107 #define R_SEG_ADDR2 (0x38 / 4) 108 #define R_SEG_ADDR3 (0x3C / 4) 109 #define R_SEG_ADDR4 (0x40 / 4) 110 111 /* Misc Control Register #1 */ 112 #define R_MISC_CTRL1 (0x50 / 4) 113 114 /* SPI dummy cycle data */ 115 #define R_DUMMY_DATA (0x54 / 4) 116 117 /* DMA Control/Status Register */ 118 #define R_DMA_CTRL (0x80 / 4) 119 #define DMA_CTRL_DELAY_MASK 0xf 120 #define DMA_CTRL_DELAY_SHIFT 8 121 #define DMA_CTRL_FREQ_MASK 0xf 122 #define DMA_CTRL_FREQ_SHIFT 4 123 #define DMA_CTRL_CALIB (1 << 3) 124 #define DMA_CTRL_CKSUM (1 << 2) 125 #define DMA_CTRL_WRITE (1 << 1) 126 #define DMA_CTRL_ENABLE (1 << 0) 127 128 /* DMA Flash Side Address */ 129 #define R_DMA_FLASH_ADDR (0x84 / 4) 130 131 /* DMA DRAM Side Address */ 132 #define R_DMA_DRAM_ADDR (0x88 / 4) 133 134 /* DMA Length Register */ 135 #define R_DMA_LEN (0x8C / 4) 136 137 /* Checksum Calculation Result */ 138 #define R_DMA_CHECKSUM (0x90 / 4) 139 140 /* Read Timing Compensation Register */ 141 #define R_TIMINGS (0x94 / 4) 142 143 /* SPI controller registers and bits (AST2400) */ 144 #define R_SPI_CONF (0x00 / 4) 145 #define SPI_CONF_ENABLE_W0 0 146 #define R_SPI_CTRL0 (0x4 / 4) 147 #define R_SPI_MISC_CTRL (0x10 / 4) 148 #define R_SPI_TIMINGS (0x14 / 4) 149 150 #define ASPEED_SMC_R_SPI_MAX (0x20 / 4) 151 #define ASPEED_SMC_R_SMC_MAX (0x20 / 4) 152 153 #define ASPEED_SOC_SMC_FLASH_BASE 0x10000000 154 #define ASPEED_SOC_FMC_FLASH_BASE 0x20000000 155 #define ASPEED_SOC_SPI_FLASH_BASE 0x30000000 156 #define ASPEED_SOC_SPI2_FLASH_BASE 0x38000000 157 158 /* 159 * DMA DRAM addresses should be 4 bytes aligned and the valid address 160 * range is 0x40000000 - 0x5FFFFFFF (AST2400) 161 * 0x80000000 - 0xBFFFFFFF (AST2500) 162 * 163 * DMA flash addresses should be 4 bytes aligned and the valid address 164 * range is 0x20000000 - 0x2FFFFFFF. 165 * 166 * DMA length is from 4 bytes to 32MB 167 * 0: 4 bytes 168 * 0x7FFFFF: 32M bytes 169 */ 170 #define DMA_DRAM_ADDR(s, val) ((s)->sdram_base | \ 171 ((val) & (s)->ctrl->dma_dram_mask)) 172 #define DMA_FLASH_ADDR(s, val) ((s)->ctrl->flash_window_base | \ 173 ((val) & (s)->ctrl->dma_flash_mask)) 174 #define DMA_LENGTH(val) ((val) & 0x01FFFFFC) 175 176 /* Flash opcodes. */ 177 #define SPI_OP_READ 0x03 /* Read data bytes (low frequency) */ 178 179 #define SNOOP_OFF 0xFF 180 #define SNOOP_START 0x0 181 182 /* 183 * Default segments mapping addresses and size for each slave per 184 * controller. These can be changed when board is initialized with the 185 * Segment Address Registers. 186 */ 187 static const AspeedSegments aspeed_segments_legacy[] = { 188 { 0x10000000, 32 * 1024 * 1024 }, 189 }; 190 191 static const AspeedSegments aspeed_segments_fmc[] = { 192 { 0x20000000, 64 * 1024 * 1024 }, /* start address is readonly */ 193 { 0x24000000, 32 * 1024 * 1024 }, 194 { 0x26000000, 32 * 1024 * 1024 }, 195 { 0x28000000, 32 * 1024 * 1024 }, 196 { 0x2A000000, 32 * 1024 * 1024 } 197 }; 198 199 static const AspeedSegments aspeed_segments_spi[] = { 200 { 0x30000000, 64 * 1024 * 1024 }, 201 }; 202 203 static const AspeedSegments aspeed_segments_ast2500_fmc[] = { 204 { 0x20000000, 128 * 1024 * 1024 }, /* start address is readonly */ 205 { 0x28000000, 32 * 1024 * 1024 }, 206 { 0x2A000000, 32 * 1024 * 1024 }, 207 }; 208 209 static const AspeedSegments aspeed_segments_ast2500_spi1[] = { 210 { 0x30000000, 32 * 1024 * 1024 }, /* start address is readonly */ 211 { 0x32000000, 96 * 1024 * 1024 }, /* end address is readonly */ 212 }; 213 214 static const AspeedSegments aspeed_segments_ast2500_spi2[] = { 215 { 0x38000000, 32 * 1024 * 1024 }, /* start address is readonly */ 216 { 0x3A000000, 96 * 1024 * 1024 }, /* end address is readonly */ 217 }; 218 static uint32_t aspeed_smc_segment_to_reg(const AspeedSMCState *s, 219 const AspeedSegments *seg); 220 static void aspeed_smc_reg_to_segment(const AspeedSMCState *s, uint32_t reg, 221 AspeedSegments *seg); 222 223 /* 224 * AST2600 definitions 225 */ 226 #define ASPEED26_SOC_FMC_FLASH_BASE 0x20000000 227 #define ASPEED26_SOC_SPI_FLASH_BASE 0x30000000 228 #define ASPEED26_SOC_SPI2_FLASH_BASE 0x50000000 229 230 static const AspeedSegments aspeed_segments_ast2600_fmc[] = { 231 { 0x0, 128 * MiB }, /* start address is readonly */ 232 { 0x0, 0 }, /* disabled */ 233 { 0x0, 0 }, /* disabled */ 234 }; 235 236 static const AspeedSegments aspeed_segments_ast2600_spi1[] = { 237 { 0x0, 128 * MiB }, /* start address is readonly */ 238 { 0x0, 0 }, /* disabled */ 239 }; 240 241 static const AspeedSegments aspeed_segments_ast2600_spi2[] = { 242 { 0x0, 128 * MiB }, /* start address is readonly */ 243 { 0x0, 0 }, /* disabled */ 244 { 0x0, 0 }, /* disabled */ 245 }; 246 247 static uint32_t aspeed_2600_smc_segment_to_reg(const AspeedSMCState *s, 248 const AspeedSegments *seg); 249 static void aspeed_2600_smc_reg_to_segment(const AspeedSMCState *s, 250 uint32_t reg, AspeedSegments *seg); 251 252 static const AspeedSMCController controllers[] = { 253 { 254 .name = "aspeed.smc-ast2400", 255 .r_conf = R_CONF, 256 .r_ce_ctrl = R_CE_CTRL, 257 .r_ctrl0 = R_CTRL0, 258 .r_timings = R_TIMINGS, 259 .nregs_timings = 1, 260 .conf_enable_w0 = CONF_ENABLE_W0, 261 .max_slaves = 5, 262 .segments = aspeed_segments_legacy, 263 .flash_window_base = ASPEED_SOC_SMC_FLASH_BASE, 264 .flash_window_size = 0x6000000, 265 .has_dma = false, 266 .nregs = ASPEED_SMC_R_SMC_MAX, 267 .segment_to_reg = aspeed_smc_segment_to_reg, 268 .reg_to_segment = aspeed_smc_reg_to_segment, 269 }, { 270 .name = "aspeed.fmc-ast2400", 271 .r_conf = R_CONF, 272 .r_ce_ctrl = R_CE_CTRL, 273 .r_ctrl0 = R_CTRL0, 274 .r_timings = R_TIMINGS, 275 .nregs_timings = 1, 276 .conf_enable_w0 = CONF_ENABLE_W0, 277 .max_slaves = 5, 278 .segments = aspeed_segments_fmc, 279 .flash_window_base = ASPEED_SOC_FMC_FLASH_BASE, 280 .flash_window_size = 0x10000000, 281 .has_dma = true, 282 .dma_flash_mask = 0x0FFFFFFC, 283 .dma_dram_mask = 0x1FFFFFFC, 284 .nregs = ASPEED_SMC_R_MAX, 285 .segment_to_reg = aspeed_smc_segment_to_reg, 286 .reg_to_segment = aspeed_smc_reg_to_segment, 287 }, { 288 .name = "aspeed.spi1-ast2400", 289 .r_conf = R_SPI_CONF, 290 .r_ce_ctrl = 0xff, 291 .r_ctrl0 = R_SPI_CTRL0, 292 .r_timings = R_SPI_TIMINGS, 293 .nregs_timings = 1, 294 .conf_enable_w0 = SPI_CONF_ENABLE_W0, 295 .max_slaves = 1, 296 .segments = aspeed_segments_spi, 297 .flash_window_base = ASPEED_SOC_SPI_FLASH_BASE, 298 .flash_window_size = 0x10000000, 299 .has_dma = false, 300 .nregs = ASPEED_SMC_R_SPI_MAX, 301 .segment_to_reg = aspeed_smc_segment_to_reg, 302 .reg_to_segment = aspeed_smc_reg_to_segment, 303 }, { 304 .name = "aspeed.fmc-ast2500", 305 .r_conf = R_CONF, 306 .r_ce_ctrl = R_CE_CTRL, 307 .r_ctrl0 = R_CTRL0, 308 .r_timings = R_TIMINGS, 309 .nregs_timings = 1, 310 .conf_enable_w0 = CONF_ENABLE_W0, 311 .max_slaves = 3, 312 .segments = aspeed_segments_ast2500_fmc, 313 .flash_window_base = ASPEED_SOC_FMC_FLASH_BASE, 314 .flash_window_size = 0x10000000, 315 .has_dma = true, 316 .dma_flash_mask = 0x0FFFFFFC, 317 .dma_dram_mask = 0x3FFFFFFC, 318 .nregs = ASPEED_SMC_R_MAX, 319 .segment_to_reg = aspeed_smc_segment_to_reg, 320 .reg_to_segment = aspeed_smc_reg_to_segment, 321 }, { 322 .name = "aspeed.spi1-ast2500", 323 .r_conf = R_CONF, 324 .r_ce_ctrl = R_CE_CTRL, 325 .r_ctrl0 = R_CTRL0, 326 .r_timings = R_TIMINGS, 327 .nregs_timings = 1, 328 .conf_enable_w0 = CONF_ENABLE_W0, 329 .max_slaves = 2, 330 .segments = aspeed_segments_ast2500_spi1, 331 .flash_window_base = ASPEED_SOC_SPI_FLASH_BASE, 332 .flash_window_size = 0x8000000, 333 .has_dma = false, 334 .nregs = ASPEED_SMC_R_MAX, 335 .segment_to_reg = aspeed_smc_segment_to_reg, 336 .reg_to_segment = aspeed_smc_reg_to_segment, 337 }, { 338 .name = "aspeed.spi2-ast2500", 339 .r_conf = R_CONF, 340 .r_ce_ctrl = R_CE_CTRL, 341 .r_ctrl0 = R_CTRL0, 342 .r_timings = R_TIMINGS, 343 .nregs_timings = 1, 344 .conf_enable_w0 = CONF_ENABLE_W0, 345 .max_slaves = 2, 346 .segments = aspeed_segments_ast2500_spi2, 347 .flash_window_base = ASPEED_SOC_SPI2_FLASH_BASE, 348 .flash_window_size = 0x8000000, 349 .has_dma = false, 350 .nregs = ASPEED_SMC_R_MAX, 351 .segment_to_reg = aspeed_smc_segment_to_reg, 352 .reg_to_segment = aspeed_smc_reg_to_segment, 353 }, { 354 .name = "aspeed.fmc-ast2600", 355 .r_conf = R_CONF, 356 .r_ce_ctrl = R_CE_CTRL, 357 .r_ctrl0 = R_CTRL0, 358 .r_timings = R_TIMINGS, 359 .nregs_timings = 1, 360 .conf_enable_w0 = CONF_ENABLE_W0, 361 .max_slaves = 3, 362 .segments = aspeed_segments_ast2600_fmc, 363 .flash_window_base = ASPEED26_SOC_FMC_FLASH_BASE, 364 .flash_window_size = 0x10000000, 365 .has_dma = true, 366 .nregs = ASPEED_SMC_R_MAX, 367 .segment_to_reg = aspeed_2600_smc_segment_to_reg, 368 .reg_to_segment = aspeed_2600_smc_reg_to_segment, 369 }, { 370 .name = "aspeed.spi1-ast2600", 371 .r_conf = R_CONF, 372 .r_ce_ctrl = R_CE_CTRL, 373 .r_ctrl0 = R_CTRL0, 374 .r_timings = R_TIMINGS, 375 .nregs_timings = 2, 376 .conf_enable_w0 = CONF_ENABLE_W0, 377 .max_slaves = 2, 378 .segments = aspeed_segments_ast2600_spi1, 379 .flash_window_base = ASPEED26_SOC_SPI_FLASH_BASE, 380 .flash_window_size = 0x10000000, 381 .has_dma = false, 382 .nregs = ASPEED_SMC_R_MAX, 383 .segment_to_reg = aspeed_2600_smc_segment_to_reg, 384 .reg_to_segment = aspeed_2600_smc_reg_to_segment, 385 }, { 386 .name = "aspeed.spi2-ast2600", 387 .r_conf = R_CONF, 388 .r_ce_ctrl = R_CE_CTRL, 389 .r_ctrl0 = R_CTRL0, 390 .r_timings = R_TIMINGS, 391 .nregs_timings = 3, 392 .conf_enable_w0 = CONF_ENABLE_W0, 393 .max_slaves = 3, 394 .segments = aspeed_segments_ast2600_spi2, 395 .flash_window_base = ASPEED26_SOC_SPI2_FLASH_BASE, 396 .flash_window_size = 0x10000000, 397 .has_dma = false, 398 .nregs = ASPEED_SMC_R_MAX, 399 .segment_to_reg = aspeed_2600_smc_segment_to_reg, 400 .reg_to_segment = aspeed_2600_smc_reg_to_segment, 401 }, 402 }; 403 404 /* 405 * The Segment Registers of the AST2400 and AST2500 have a 8MB 406 * unit. The address range of a flash SPI slave is encoded with 407 * absolute addresses which should be part of the overall controller 408 * window. 409 */ 410 static uint32_t aspeed_smc_segment_to_reg(const AspeedSMCState *s, 411 const AspeedSegments *seg) 412 { 413 uint32_t reg = 0; 414 reg |= ((seg->addr >> 23) & SEG_START_MASK) << SEG_START_SHIFT; 415 reg |= (((seg->addr + seg->size) >> 23) & SEG_END_MASK) << SEG_END_SHIFT; 416 return reg; 417 } 418 419 static void aspeed_smc_reg_to_segment(const AspeedSMCState *s, 420 uint32_t reg, AspeedSegments *seg) 421 { 422 seg->addr = ((reg >> SEG_START_SHIFT) & SEG_START_MASK) << 23; 423 seg->size = (((reg >> SEG_END_SHIFT) & SEG_END_MASK) << 23) - seg->addr; 424 } 425 426 /* 427 * The Segment Registers of the AST2600 have a 1MB unit. The address 428 * range of a flash SPI slave is encoded with offsets in the overall 429 * controller window. The previous SoC AST2400 and AST2500 used 430 * absolute addresses. Only bits [27:20] are relevant and the end 431 * address is an upper bound limit. 432 */ 433 #define AST2600_SEG_ADDR_MASK 0x0ff00000 434 435 static uint32_t aspeed_2600_smc_segment_to_reg(const AspeedSMCState *s, 436 const AspeedSegments *seg) 437 { 438 uint32_t reg = 0; 439 440 /* Disabled segments have a nil register */ 441 if (!seg->size) { 442 return 0; 443 } 444 445 reg |= (seg->addr & AST2600_SEG_ADDR_MASK) >> 16; /* start offset */ 446 reg |= (seg->addr + seg->size - 1) & AST2600_SEG_ADDR_MASK; /* end offset */ 447 return reg; 448 } 449 450 static void aspeed_2600_smc_reg_to_segment(const AspeedSMCState *s, 451 uint32_t reg, AspeedSegments *seg) 452 { 453 uint32_t start_offset = (reg << 16) & AST2600_SEG_ADDR_MASK; 454 uint32_t end_offset = reg & AST2600_SEG_ADDR_MASK; 455 456 if (reg) { 457 seg->addr = s->ctrl->flash_window_base + start_offset; 458 seg->size = end_offset + MiB - start_offset; 459 } else { 460 seg->addr = s->ctrl->flash_window_base; 461 seg->size = 0; 462 } 463 } 464 465 static bool aspeed_smc_flash_overlap(const AspeedSMCState *s, 466 const AspeedSegments *new, 467 int cs) 468 { 469 AspeedSegments seg; 470 int i; 471 472 for (i = 0; i < s->ctrl->max_slaves; i++) { 473 if (i == cs) { 474 continue; 475 } 476 477 s->ctrl->reg_to_segment(s, s->regs[R_SEG_ADDR0 + i], &seg); 478 479 if (new->addr + new->size > seg.addr && 480 new->addr < seg.addr + seg.size) { 481 qemu_log_mask(LOG_GUEST_ERROR, "%s: new segment CS%d [ 0x%" 482 HWADDR_PRIx" - 0x%"HWADDR_PRIx" ] overlaps with " 483 "CS%d [ 0x%"HWADDR_PRIx" - 0x%"HWADDR_PRIx" ]\n", 484 s->ctrl->name, cs, new->addr, new->addr + new->size, 485 i, seg.addr, seg.addr + seg.size); 486 return true; 487 } 488 } 489 return false; 490 } 491 492 static void aspeed_smc_flash_set_segment_region(AspeedSMCState *s, int cs, 493 uint64_t regval) 494 { 495 AspeedSMCFlash *fl = &s->flashes[cs]; 496 AspeedSegments seg; 497 498 s->ctrl->reg_to_segment(s, regval, &seg); 499 500 memory_region_transaction_begin(); 501 memory_region_set_size(&fl->mmio, seg.size); 502 memory_region_set_address(&fl->mmio, seg.addr - s->ctrl->flash_window_base); 503 memory_region_set_enabled(&fl->mmio, !!seg.size); 504 memory_region_transaction_commit(); 505 506 s->regs[R_SEG_ADDR0 + cs] = regval; 507 } 508 509 static void aspeed_smc_flash_set_segment(AspeedSMCState *s, int cs, 510 uint64_t new) 511 { 512 AspeedSegments seg; 513 514 s->ctrl->reg_to_segment(s, new, &seg); 515 516 /* The start address of CS0 is read-only */ 517 if (cs == 0 && seg.addr != s->ctrl->flash_window_base) { 518 qemu_log_mask(LOG_GUEST_ERROR, 519 "%s: Tried to change CS0 start address to 0x%" 520 HWADDR_PRIx "\n", s->ctrl->name, seg.addr); 521 seg.addr = s->ctrl->flash_window_base; 522 new = s->ctrl->segment_to_reg(s, &seg); 523 } 524 525 /* 526 * The end address of the AST2500 spi controllers is also 527 * read-only. 528 */ 529 if ((s->ctrl->segments == aspeed_segments_ast2500_spi1 || 530 s->ctrl->segments == aspeed_segments_ast2500_spi2) && 531 cs == s->ctrl->max_slaves && 532 seg.addr + seg.size != s->ctrl->segments[cs].addr + 533 s->ctrl->segments[cs].size) { 534 qemu_log_mask(LOG_GUEST_ERROR, 535 "%s: Tried to change CS%d end address to 0x%" 536 HWADDR_PRIx "\n", s->ctrl->name, cs, seg.addr + seg.size); 537 seg.size = s->ctrl->segments[cs].addr + s->ctrl->segments[cs].size - 538 seg.addr; 539 new = s->ctrl->segment_to_reg(s, &seg); 540 } 541 542 /* Keep the segment in the overall flash window */ 543 if (seg.size && 544 (seg.addr + seg.size <= s->ctrl->flash_window_base || 545 seg.addr > s->ctrl->flash_window_base + s->ctrl->flash_window_size)) { 546 qemu_log_mask(LOG_GUEST_ERROR, "%s: new segment for CS%d is invalid : " 547 "[ 0x%"HWADDR_PRIx" - 0x%"HWADDR_PRIx" ]\n", 548 s->ctrl->name, cs, seg.addr, seg.addr + seg.size); 549 return; 550 } 551 552 /* Check start address vs. alignment */ 553 if (seg.size && !QEMU_IS_ALIGNED(seg.addr, seg.size)) { 554 qemu_log_mask(LOG_GUEST_ERROR, "%s: new segment for CS%d is not " 555 "aligned : [ 0x%"HWADDR_PRIx" - 0x%"HWADDR_PRIx" ]\n", 556 s->ctrl->name, cs, seg.addr, seg.addr + seg.size); 557 } 558 559 /* And segments should not overlap (in the specs) */ 560 aspeed_smc_flash_overlap(s, &seg, cs); 561 562 /* All should be fine now to move the region */ 563 aspeed_smc_flash_set_segment_region(s, cs, new); 564 } 565 566 static uint64_t aspeed_smc_flash_default_read(void *opaque, hwaddr addr, 567 unsigned size) 568 { 569 qemu_log_mask(LOG_GUEST_ERROR, "%s: To 0x%" HWADDR_PRIx " of size %u" 570 PRIx64 "\n", __func__, addr, size); 571 return 0; 572 } 573 574 static void aspeed_smc_flash_default_write(void *opaque, hwaddr addr, 575 uint64_t data, unsigned size) 576 { 577 qemu_log_mask(LOG_GUEST_ERROR, "%s: To 0x%" HWADDR_PRIx " of size %u: 0x%" 578 PRIx64 "\n", __func__, addr, size, data); 579 } 580 581 static const MemoryRegionOps aspeed_smc_flash_default_ops = { 582 .read = aspeed_smc_flash_default_read, 583 .write = aspeed_smc_flash_default_write, 584 .endianness = DEVICE_LITTLE_ENDIAN, 585 .valid = { 586 .min_access_size = 1, 587 .max_access_size = 4, 588 }, 589 }; 590 591 static inline int aspeed_smc_flash_mode(const AspeedSMCFlash *fl) 592 { 593 const AspeedSMCState *s = fl->controller; 594 595 return s->regs[s->r_ctrl0 + fl->id] & CTRL_CMD_MODE_MASK; 596 } 597 598 static inline bool aspeed_smc_is_writable(const AspeedSMCFlash *fl) 599 { 600 const AspeedSMCState *s = fl->controller; 601 602 return s->regs[s->r_conf] & (1 << (s->conf_enable_w0 + fl->id)); 603 } 604 605 static inline int aspeed_smc_flash_cmd(const AspeedSMCFlash *fl) 606 { 607 const AspeedSMCState *s = fl->controller; 608 int cmd = (s->regs[s->r_ctrl0 + fl->id] >> CTRL_CMD_SHIFT) & CTRL_CMD_MASK; 609 610 /* 611 * In read mode, the default SPI command is READ (0x3). In other 612 * modes, the command should necessarily be defined 613 * 614 * TODO: add support for READ4 (0x13) on AST2600 615 */ 616 if (aspeed_smc_flash_mode(fl) == CTRL_READMODE) { 617 cmd = SPI_OP_READ; 618 } 619 620 if (!cmd) { 621 qemu_log_mask(LOG_GUEST_ERROR, "%s: no command defined for mode %d\n", 622 __func__, aspeed_smc_flash_mode(fl)); 623 } 624 625 return cmd; 626 } 627 628 static inline int aspeed_smc_flash_is_4byte(const AspeedSMCFlash *fl) 629 { 630 const AspeedSMCState *s = fl->controller; 631 632 if (s->ctrl->segments == aspeed_segments_spi) { 633 return s->regs[s->r_ctrl0] & CTRL_AST2400_SPI_4BYTE; 634 } else { 635 return s->regs[s->r_ce_ctrl] & (1 << (CTRL_EXTENDED0 + fl->id)); 636 } 637 } 638 639 static inline bool aspeed_smc_is_ce_stop_active(const AspeedSMCFlash *fl) 640 { 641 const AspeedSMCState *s = fl->controller; 642 643 return s->regs[s->r_ctrl0 + fl->id] & CTRL_CE_STOP_ACTIVE; 644 } 645 646 static void aspeed_smc_flash_select(AspeedSMCFlash *fl) 647 { 648 AspeedSMCState *s = fl->controller; 649 650 s->regs[s->r_ctrl0 + fl->id] &= ~CTRL_CE_STOP_ACTIVE; 651 qemu_set_irq(s->cs_lines[fl->id], aspeed_smc_is_ce_stop_active(fl)); 652 } 653 654 static void aspeed_smc_flash_unselect(AspeedSMCFlash *fl) 655 { 656 AspeedSMCState *s = fl->controller; 657 658 s->regs[s->r_ctrl0 + fl->id] |= CTRL_CE_STOP_ACTIVE; 659 qemu_set_irq(s->cs_lines[fl->id], aspeed_smc_is_ce_stop_active(fl)); 660 } 661 662 static uint32_t aspeed_smc_check_segment_addr(const AspeedSMCFlash *fl, 663 uint32_t addr) 664 { 665 const AspeedSMCState *s = fl->controller; 666 AspeedSegments seg; 667 668 s->ctrl->reg_to_segment(s, s->regs[R_SEG_ADDR0 + fl->id], &seg); 669 if ((addr % seg.size) != addr) { 670 qemu_log_mask(LOG_GUEST_ERROR, 671 "%s: invalid address 0x%08x for CS%d segment : " 672 "[ 0x%"HWADDR_PRIx" - 0x%"HWADDR_PRIx" ]\n", 673 s->ctrl->name, addr, fl->id, seg.addr, 674 seg.addr + seg.size); 675 addr %= seg.size; 676 } 677 678 return addr; 679 } 680 681 static int aspeed_smc_flash_dummies(const AspeedSMCFlash *fl) 682 { 683 const AspeedSMCState *s = fl->controller; 684 uint32_t r_ctrl0 = s->regs[s->r_ctrl0 + fl->id]; 685 uint32_t dummy_high = (r_ctrl0 >> CTRL_DUMMY_HIGH_SHIFT) & 0x1; 686 uint32_t dummy_low = (r_ctrl0 >> CTRL_DUMMY_LOW_SHIFT) & 0x3; 687 uint32_t dummies = ((dummy_high << 2) | dummy_low) * 8; 688 689 if (r_ctrl0 & CTRL_IO_DUAL_ADDR_DATA) { 690 dummies /= 2; 691 } 692 693 return dummies; 694 } 695 696 static void aspeed_smc_flash_setup(AspeedSMCFlash *fl, uint32_t addr) 697 { 698 const AspeedSMCState *s = fl->controller; 699 uint8_t cmd = aspeed_smc_flash_cmd(fl); 700 int i; 701 702 /* Flash access can not exceed CS segment */ 703 addr = aspeed_smc_check_segment_addr(fl, addr); 704 705 ssi_transfer(s->spi, cmd); 706 707 if (aspeed_smc_flash_is_4byte(fl)) { 708 ssi_transfer(s->spi, (addr >> 24) & 0xff); 709 } 710 ssi_transfer(s->spi, (addr >> 16) & 0xff); 711 ssi_transfer(s->spi, (addr >> 8) & 0xff); 712 ssi_transfer(s->spi, (addr & 0xff)); 713 714 /* 715 * Use fake transfers to model dummy bytes. The value should 716 * be configured to some non-zero value in fast read mode and 717 * zero in read mode. But, as the HW allows inconsistent 718 * settings, let's check for fast read mode. 719 */ 720 if (aspeed_smc_flash_mode(fl) == CTRL_FREADMODE) { 721 for (i = 0; i < aspeed_smc_flash_dummies(fl); i++) { 722 ssi_transfer(fl->controller->spi, s->regs[R_DUMMY_DATA] & 0xff); 723 } 724 } 725 } 726 727 static uint64_t aspeed_smc_flash_read(void *opaque, hwaddr addr, unsigned size) 728 { 729 AspeedSMCFlash *fl = opaque; 730 AspeedSMCState *s = fl->controller; 731 uint64_t ret = 0; 732 int i; 733 734 switch (aspeed_smc_flash_mode(fl)) { 735 case CTRL_USERMODE: 736 for (i = 0; i < size; i++) { 737 ret |= ssi_transfer(s->spi, 0x0) << (8 * i); 738 } 739 break; 740 case CTRL_READMODE: 741 case CTRL_FREADMODE: 742 aspeed_smc_flash_select(fl); 743 aspeed_smc_flash_setup(fl, addr); 744 745 for (i = 0; i < size; i++) { 746 ret |= ssi_transfer(s->spi, 0x0) << (8 * i); 747 } 748 749 aspeed_smc_flash_unselect(fl); 750 break; 751 default: 752 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid flash mode %d\n", 753 __func__, aspeed_smc_flash_mode(fl)); 754 } 755 756 return ret; 757 } 758 759 /* 760 * TODO (clg@kaod.org): stolen from xilinx_spips.c. Should move to a 761 * common include header. 762 */ 763 typedef enum { 764 READ = 0x3, READ_4 = 0x13, 765 FAST_READ = 0xb, FAST_READ_4 = 0x0c, 766 DOR = 0x3b, DOR_4 = 0x3c, 767 QOR = 0x6b, QOR_4 = 0x6c, 768 DIOR = 0xbb, DIOR_4 = 0xbc, 769 QIOR = 0xeb, QIOR_4 = 0xec, 770 771 PP = 0x2, PP_4 = 0x12, 772 DPP = 0xa2, 773 QPP = 0x32, QPP_4 = 0x34, 774 } FlashCMD; 775 776 static int aspeed_smc_num_dummies(uint8_t command) 777 { 778 switch (command) { /* check for dummies */ 779 case READ: /* no dummy bytes/cycles */ 780 case PP: 781 case DPP: 782 case QPP: 783 case READ_4: 784 case PP_4: 785 case QPP_4: 786 return 0; 787 case FAST_READ: 788 case DOR: 789 case QOR: 790 case DOR_4: 791 case QOR_4: 792 return 1; 793 case DIOR: 794 case FAST_READ_4: 795 case DIOR_4: 796 return 2; 797 case QIOR: 798 case QIOR_4: 799 return 4; 800 default: 801 return -1; 802 } 803 } 804 805 static bool aspeed_smc_do_snoop(AspeedSMCFlash *fl, uint64_t data, 806 unsigned size) 807 { 808 AspeedSMCState *s = fl->controller; 809 uint8_t addr_width = aspeed_smc_flash_is_4byte(fl) ? 4 : 3; 810 811 if (s->snoop_index == SNOOP_OFF) { 812 return false; /* Do nothing */ 813 814 } else if (s->snoop_index == SNOOP_START) { 815 uint8_t cmd = data & 0xff; 816 int ndummies = aspeed_smc_num_dummies(cmd); 817 818 /* 819 * No dummy cycles are expected with the current command. Turn 820 * off snooping and let the transfer proceed normally. 821 */ 822 if (ndummies <= 0) { 823 s->snoop_index = SNOOP_OFF; 824 return false; 825 } 826 827 s->snoop_dummies = ndummies * 8; 828 829 } else if (s->snoop_index >= addr_width + 1) { 830 831 /* The SPI transfer has reached the dummy cycles sequence */ 832 for (; s->snoop_dummies; s->snoop_dummies--) { 833 ssi_transfer(s->spi, s->regs[R_DUMMY_DATA] & 0xff); 834 } 835 836 /* If no more dummy cycles are expected, turn off snooping */ 837 if (!s->snoop_dummies) { 838 s->snoop_index = SNOOP_OFF; 839 } else { 840 s->snoop_index += size; 841 } 842 843 /* 844 * Dummy cycles have been faked already. Ignore the current 845 * SPI transfer 846 */ 847 return true; 848 } 849 850 s->snoop_index += size; 851 return false; 852 } 853 854 static void aspeed_smc_flash_write(void *opaque, hwaddr addr, uint64_t data, 855 unsigned size) 856 { 857 AspeedSMCFlash *fl = opaque; 858 AspeedSMCState *s = fl->controller; 859 int i; 860 861 if (!aspeed_smc_is_writable(fl)) { 862 qemu_log_mask(LOG_GUEST_ERROR, "%s: flash is not writable at 0x%" 863 HWADDR_PRIx "\n", __func__, addr); 864 return; 865 } 866 867 switch (aspeed_smc_flash_mode(fl)) { 868 case CTRL_USERMODE: 869 if (aspeed_smc_do_snoop(fl, data, size)) { 870 break; 871 } 872 873 for (i = 0; i < size; i++) { 874 ssi_transfer(s->spi, (data >> (8 * i)) & 0xff); 875 } 876 break; 877 case CTRL_WRITEMODE: 878 aspeed_smc_flash_select(fl); 879 aspeed_smc_flash_setup(fl, addr); 880 881 for (i = 0; i < size; i++) { 882 ssi_transfer(s->spi, (data >> (8 * i)) & 0xff); 883 } 884 885 aspeed_smc_flash_unselect(fl); 886 break; 887 default: 888 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid flash mode %d\n", 889 __func__, aspeed_smc_flash_mode(fl)); 890 } 891 } 892 893 static const MemoryRegionOps aspeed_smc_flash_ops = { 894 .read = aspeed_smc_flash_read, 895 .write = aspeed_smc_flash_write, 896 .endianness = DEVICE_LITTLE_ENDIAN, 897 .valid = { 898 .min_access_size = 1, 899 .max_access_size = 4, 900 }, 901 }; 902 903 static void aspeed_smc_flash_update_cs(AspeedSMCFlash *fl) 904 { 905 AspeedSMCState *s = fl->controller; 906 907 s->snoop_index = aspeed_smc_is_ce_stop_active(fl) ? SNOOP_OFF : SNOOP_START; 908 909 qemu_set_irq(s->cs_lines[fl->id], aspeed_smc_is_ce_stop_active(fl)); 910 } 911 912 static void aspeed_smc_reset(DeviceState *d) 913 { 914 AspeedSMCState *s = ASPEED_SMC(d); 915 int i; 916 917 memset(s->regs, 0, sizeof s->regs); 918 919 /* Unselect all slaves */ 920 for (i = 0; i < s->num_cs; ++i) { 921 s->regs[s->r_ctrl0 + i] |= CTRL_CE_STOP_ACTIVE; 922 qemu_set_irq(s->cs_lines[i], true); 923 } 924 925 /* setup the default segment register values and regions for all */ 926 for (i = 0; i < s->ctrl->max_slaves; ++i) { 927 aspeed_smc_flash_set_segment_region(s, i, 928 s->ctrl->segment_to_reg(s, &s->ctrl->segments[i])); 929 } 930 931 /* HW strapping flash type for the AST2600 controllers */ 932 if (s->ctrl->segments == aspeed_segments_ast2600_fmc) { 933 /* flash type is fixed to SPI for all */ 934 s->regs[s->r_conf] |= (CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE0); 935 s->regs[s->r_conf] |= (CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE1); 936 s->regs[s->r_conf] |= (CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE2); 937 } 938 939 /* HW strapping flash type for FMC controllers */ 940 if (s->ctrl->segments == aspeed_segments_ast2500_fmc) { 941 /* flash type is fixed to SPI for CE0 and CE1 */ 942 s->regs[s->r_conf] |= (CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE0); 943 s->regs[s->r_conf] |= (CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE1); 944 } 945 946 /* HW strapping for AST2400 FMC controllers (SCU70). Let's use the 947 * configuration of the palmetto-bmc machine */ 948 if (s->ctrl->segments == aspeed_segments_fmc) { 949 s->regs[s->r_conf] |= (CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE0); 950 } 951 952 s->snoop_index = SNOOP_OFF; 953 s->snoop_dummies = 0; 954 } 955 956 static uint64_t aspeed_smc_read(void *opaque, hwaddr addr, unsigned int size) 957 { 958 AspeedSMCState *s = ASPEED_SMC(opaque); 959 960 addr >>= 2; 961 962 if (addr == s->r_conf || 963 (addr >= s->r_timings && 964 addr < s->r_timings + s->ctrl->nregs_timings) || 965 addr == s->r_ce_ctrl || 966 addr == R_INTR_CTRL || 967 addr == R_DUMMY_DATA || 968 (s->ctrl->has_dma && addr == R_DMA_CTRL) || 969 (s->ctrl->has_dma && addr == R_DMA_FLASH_ADDR) || 970 (s->ctrl->has_dma && addr == R_DMA_DRAM_ADDR) || 971 (s->ctrl->has_dma && addr == R_DMA_LEN) || 972 (s->ctrl->has_dma && addr == R_DMA_CHECKSUM) || 973 (addr >= R_SEG_ADDR0 && addr < R_SEG_ADDR0 + s->ctrl->max_slaves) || 974 (addr >= s->r_ctrl0 && addr < s->r_ctrl0 + s->ctrl->max_slaves)) { 975 return s->regs[addr]; 976 } else { 977 qemu_log_mask(LOG_UNIMP, "%s: not implemented: 0x%" HWADDR_PRIx "\n", 978 __func__, addr); 979 return -1; 980 } 981 } 982 983 static uint8_t aspeed_smc_hclk_divisor(uint8_t hclk_mask) 984 { 985 /* HCLK/1 .. HCLK/16 */ 986 const uint8_t hclk_divisors[] = { 987 15, 7, 14, 6, 13, 5, 12, 4, 11, 3, 10, 2, 9, 1, 8, 0 988 }; 989 int i; 990 991 for (i = 0; i < ARRAY_SIZE(hclk_divisors); i++) { 992 if (hclk_mask == hclk_divisors[i]) { 993 return i + 1; 994 } 995 } 996 997 qemu_log_mask(LOG_GUEST_ERROR, "invalid HCLK mask %x", hclk_mask); 998 return 0; 999 } 1000 1001 /* 1002 * When doing calibration, the SPI clock rate in the CE0 Control 1003 * Register and the read delay cycles in the Read Timing Compensation 1004 * Register are set using bit[11:4] of the DMA Control Register. 1005 */ 1006 static void aspeed_smc_dma_calibration(AspeedSMCState *s) 1007 { 1008 uint8_t delay = 1009 (s->regs[R_DMA_CTRL] >> DMA_CTRL_DELAY_SHIFT) & DMA_CTRL_DELAY_MASK; 1010 uint8_t hclk_mask = 1011 (s->regs[R_DMA_CTRL] >> DMA_CTRL_FREQ_SHIFT) & DMA_CTRL_FREQ_MASK; 1012 uint8_t hclk_div = aspeed_smc_hclk_divisor(hclk_mask); 1013 uint32_t hclk_shift = (hclk_div - 1) << 2; 1014 uint8_t cs; 1015 1016 /* 1017 * The Read Timing Compensation Register values apply to all CS on 1018 * the SPI bus and only HCLK/1 - HCLK/5 can have tunable delays 1019 */ 1020 if (hclk_div && hclk_div < 6) { 1021 s->regs[s->r_timings] &= ~(0xf << hclk_shift); 1022 s->regs[s->r_timings] |= delay << hclk_shift; 1023 } 1024 1025 /* 1026 * TODO: compute the CS from the DMA address and the segment 1027 * registers. This is not really a problem for now because the 1028 * Timing Register values apply to all CS and software uses CS0 to 1029 * do calibration. 1030 */ 1031 cs = 0; 1032 s->regs[s->r_ctrl0 + cs] &= 1033 ~(CE_CTRL_CLOCK_FREQ_MASK << CE_CTRL_CLOCK_FREQ_SHIFT); 1034 s->regs[s->r_ctrl0 + cs] |= CE_CTRL_CLOCK_FREQ(hclk_div); 1035 } 1036 1037 /* 1038 * Emulate read errors in the DMA Checksum Register for high 1039 * frequencies and optimistic settings of the Read Timing Compensation 1040 * Register. This will help in tuning the SPI timing calibration 1041 * algorithm. 1042 */ 1043 static bool aspeed_smc_inject_read_failure(AspeedSMCState *s) 1044 { 1045 uint8_t delay = 1046 (s->regs[R_DMA_CTRL] >> DMA_CTRL_DELAY_SHIFT) & DMA_CTRL_DELAY_MASK; 1047 uint8_t hclk_mask = 1048 (s->regs[R_DMA_CTRL] >> DMA_CTRL_FREQ_SHIFT) & DMA_CTRL_FREQ_MASK; 1049 1050 /* 1051 * Typical values of a palmetto-bmc machine. 1052 */ 1053 switch (aspeed_smc_hclk_divisor(hclk_mask)) { 1054 case 4 ... 16: 1055 return false; 1056 case 3: /* at least one HCLK cycle delay */ 1057 return (delay & 0x7) < 1; 1058 case 2: /* at least two HCLK cycle delay */ 1059 return (delay & 0x7) < 2; 1060 case 1: /* (> 100MHz) is above the max freq of the controller */ 1061 return true; 1062 default: 1063 g_assert_not_reached(); 1064 } 1065 } 1066 1067 /* 1068 * Accumulate the result of the reads to provide a checksum that will 1069 * be used to validate the read timing settings. 1070 */ 1071 static void aspeed_smc_dma_checksum(AspeedSMCState *s) 1072 { 1073 MemTxResult result; 1074 uint32_t data; 1075 1076 if (s->regs[R_DMA_CTRL] & DMA_CTRL_WRITE) { 1077 qemu_log_mask(LOG_GUEST_ERROR, 1078 "%s: invalid direction for DMA checksum\n", __func__); 1079 return; 1080 } 1081 1082 if (s->regs[R_DMA_CTRL] & DMA_CTRL_CALIB) { 1083 aspeed_smc_dma_calibration(s); 1084 } 1085 1086 while (s->regs[R_DMA_LEN]) { 1087 data = address_space_ldl_le(&s->flash_as, s->regs[R_DMA_FLASH_ADDR], 1088 MEMTXATTRS_UNSPECIFIED, &result); 1089 if (result != MEMTX_OK) { 1090 qemu_log_mask(LOG_GUEST_ERROR, "%s: Flash read failed @%08x\n", 1091 __func__, s->regs[R_DMA_FLASH_ADDR]); 1092 return; 1093 } 1094 1095 /* 1096 * When the DMA is on-going, the DMA registers are updated 1097 * with the current working addresses and length. 1098 */ 1099 s->regs[R_DMA_CHECKSUM] += data; 1100 s->regs[R_DMA_FLASH_ADDR] += 4; 1101 s->regs[R_DMA_LEN] -= 4; 1102 } 1103 1104 if (s->inject_failure && aspeed_smc_inject_read_failure(s)) { 1105 s->regs[R_DMA_CHECKSUM] = 0xbadc0de; 1106 } 1107 1108 } 1109 1110 static void aspeed_smc_dma_rw(AspeedSMCState *s) 1111 { 1112 MemTxResult result; 1113 uint32_t data; 1114 1115 while (s->regs[R_DMA_LEN]) { 1116 if (s->regs[R_DMA_CTRL] & DMA_CTRL_WRITE) { 1117 data = address_space_ldl_le(&s->dram_as, s->regs[R_DMA_DRAM_ADDR], 1118 MEMTXATTRS_UNSPECIFIED, &result); 1119 if (result != MEMTX_OK) { 1120 qemu_log_mask(LOG_GUEST_ERROR, "%s: DRAM read failed @%08x\n", 1121 __func__, s->regs[R_DMA_DRAM_ADDR]); 1122 return; 1123 } 1124 1125 address_space_stl_le(&s->flash_as, s->regs[R_DMA_FLASH_ADDR], 1126 data, MEMTXATTRS_UNSPECIFIED, &result); 1127 if (result != MEMTX_OK) { 1128 qemu_log_mask(LOG_GUEST_ERROR, "%s: Flash write failed @%08x\n", 1129 __func__, s->regs[R_DMA_FLASH_ADDR]); 1130 return; 1131 } 1132 } else { 1133 data = address_space_ldl_le(&s->flash_as, s->regs[R_DMA_FLASH_ADDR], 1134 MEMTXATTRS_UNSPECIFIED, &result); 1135 if (result != MEMTX_OK) { 1136 qemu_log_mask(LOG_GUEST_ERROR, "%s: Flash read failed @%08x\n", 1137 __func__, s->regs[R_DMA_FLASH_ADDR]); 1138 return; 1139 } 1140 1141 address_space_stl_le(&s->dram_as, s->regs[R_DMA_DRAM_ADDR], 1142 data, MEMTXATTRS_UNSPECIFIED, &result); 1143 if (result != MEMTX_OK) { 1144 qemu_log_mask(LOG_GUEST_ERROR, "%s: DRAM write failed @%08x\n", 1145 __func__, s->regs[R_DMA_DRAM_ADDR]); 1146 return; 1147 } 1148 } 1149 1150 /* 1151 * When the DMA is on-going, the DMA registers are updated 1152 * with the current working addresses and length. 1153 */ 1154 s->regs[R_DMA_FLASH_ADDR] += 4; 1155 s->regs[R_DMA_DRAM_ADDR] += 4; 1156 s->regs[R_DMA_LEN] -= 4; 1157 s->regs[R_DMA_CHECKSUM] += data; 1158 } 1159 } 1160 1161 static void aspeed_smc_dma_stop(AspeedSMCState *s) 1162 { 1163 /* 1164 * When the DMA is disabled, INTR_CTRL_DMA_STATUS=0 means the 1165 * engine is idle 1166 */ 1167 s->regs[R_INTR_CTRL] &= ~INTR_CTRL_DMA_STATUS; 1168 s->regs[R_DMA_CHECKSUM] = 0; 1169 1170 /* 1171 * Lower the DMA irq in any case. The IRQ control register could 1172 * have been cleared before disabling the DMA. 1173 */ 1174 qemu_irq_lower(s->irq); 1175 } 1176 1177 /* 1178 * When INTR_CTRL_DMA_STATUS=1, the DMA has completed and a new DMA 1179 * can start even if the result of the previous was not collected. 1180 */ 1181 static bool aspeed_smc_dma_in_progress(AspeedSMCState *s) 1182 { 1183 return s->regs[R_DMA_CTRL] & DMA_CTRL_ENABLE && 1184 !(s->regs[R_INTR_CTRL] & INTR_CTRL_DMA_STATUS); 1185 } 1186 1187 static void aspeed_smc_dma_done(AspeedSMCState *s) 1188 { 1189 s->regs[R_INTR_CTRL] |= INTR_CTRL_DMA_STATUS; 1190 if (s->regs[R_INTR_CTRL] & INTR_CTRL_DMA_EN) { 1191 qemu_irq_raise(s->irq); 1192 } 1193 } 1194 1195 static void aspeed_smc_dma_ctrl(AspeedSMCState *s, uint64_t dma_ctrl) 1196 { 1197 if (!(dma_ctrl & DMA_CTRL_ENABLE)) { 1198 s->regs[R_DMA_CTRL] = dma_ctrl; 1199 1200 aspeed_smc_dma_stop(s); 1201 return; 1202 } 1203 1204 if (aspeed_smc_dma_in_progress(s)) { 1205 qemu_log_mask(LOG_GUEST_ERROR, "%s: DMA in progress\n", __func__); 1206 return; 1207 } 1208 1209 s->regs[R_DMA_CTRL] = dma_ctrl; 1210 1211 if (s->regs[R_DMA_CTRL] & DMA_CTRL_CKSUM) { 1212 aspeed_smc_dma_checksum(s); 1213 } else { 1214 aspeed_smc_dma_rw(s); 1215 } 1216 1217 aspeed_smc_dma_done(s); 1218 } 1219 1220 static void aspeed_smc_write(void *opaque, hwaddr addr, uint64_t data, 1221 unsigned int size) 1222 { 1223 AspeedSMCState *s = ASPEED_SMC(opaque); 1224 uint32_t value = data; 1225 1226 addr >>= 2; 1227 1228 if (addr == s->r_conf || 1229 (addr >= s->r_timings && 1230 addr < s->r_timings + s->ctrl->nregs_timings) || 1231 addr == s->r_ce_ctrl) { 1232 s->regs[addr] = value; 1233 } else if (addr >= s->r_ctrl0 && addr < s->r_ctrl0 + s->num_cs) { 1234 int cs = addr - s->r_ctrl0; 1235 s->regs[addr] = value; 1236 aspeed_smc_flash_update_cs(&s->flashes[cs]); 1237 } else if (addr >= R_SEG_ADDR0 && 1238 addr < R_SEG_ADDR0 + s->ctrl->max_slaves) { 1239 int cs = addr - R_SEG_ADDR0; 1240 1241 if (value != s->regs[R_SEG_ADDR0 + cs]) { 1242 aspeed_smc_flash_set_segment(s, cs, value); 1243 } 1244 } else if (addr == R_DUMMY_DATA) { 1245 s->regs[addr] = value & 0xff; 1246 } else if (addr == R_INTR_CTRL) { 1247 s->regs[addr] = value; 1248 } else if (s->ctrl->has_dma && addr == R_DMA_CTRL) { 1249 aspeed_smc_dma_ctrl(s, value); 1250 } else if (s->ctrl->has_dma && addr == R_DMA_DRAM_ADDR) { 1251 s->regs[addr] = DMA_DRAM_ADDR(s, value); 1252 } else if (s->ctrl->has_dma && addr == R_DMA_FLASH_ADDR) { 1253 s->regs[addr] = DMA_FLASH_ADDR(s, value); 1254 } else if (s->ctrl->has_dma && addr == R_DMA_LEN) { 1255 s->regs[addr] = DMA_LENGTH(value); 1256 } else { 1257 qemu_log_mask(LOG_UNIMP, "%s: not implemented: 0x%" HWADDR_PRIx "\n", 1258 __func__, addr); 1259 return; 1260 } 1261 } 1262 1263 static const MemoryRegionOps aspeed_smc_ops = { 1264 .read = aspeed_smc_read, 1265 .write = aspeed_smc_write, 1266 .endianness = DEVICE_LITTLE_ENDIAN, 1267 .valid.unaligned = true, 1268 }; 1269 1270 1271 /* 1272 * Initialize the custom address spaces for DMAs 1273 */ 1274 static void aspeed_smc_dma_setup(AspeedSMCState *s, Error **errp) 1275 { 1276 char *name; 1277 1278 if (!s->dram_mr) { 1279 error_setg(errp, TYPE_ASPEED_SMC ": 'dram' link not set"); 1280 return; 1281 } 1282 1283 name = g_strdup_printf("%s-dma-flash", s->ctrl->name); 1284 address_space_init(&s->flash_as, &s->mmio_flash, name); 1285 g_free(name); 1286 1287 name = g_strdup_printf("%s-dma-dram", s->ctrl->name); 1288 address_space_init(&s->dram_as, s->dram_mr, name); 1289 g_free(name); 1290 } 1291 1292 static void aspeed_smc_realize(DeviceState *dev, Error **errp) 1293 { 1294 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1295 AspeedSMCState *s = ASPEED_SMC(dev); 1296 AspeedSMCClass *mc = ASPEED_SMC_GET_CLASS(s); 1297 int i; 1298 char name[32]; 1299 hwaddr offset = 0; 1300 1301 s->ctrl = mc->ctrl; 1302 1303 /* keep a copy under AspeedSMCState to speed up accesses */ 1304 s->r_conf = s->ctrl->r_conf; 1305 s->r_ce_ctrl = s->ctrl->r_ce_ctrl; 1306 s->r_ctrl0 = s->ctrl->r_ctrl0; 1307 s->r_timings = s->ctrl->r_timings; 1308 s->conf_enable_w0 = s->ctrl->conf_enable_w0; 1309 1310 /* Enforce some real HW limits */ 1311 if (s->num_cs > s->ctrl->max_slaves) { 1312 qemu_log_mask(LOG_GUEST_ERROR, "%s: num_cs cannot exceed: %d\n", 1313 __func__, s->ctrl->max_slaves); 1314 s->num_cs = s->ctrl->max_slaves; 1315 } 1316 1317 /* DMA irq. Keep it first for the initialization in the SoC */ 1318 sysbus_init_irq(sbd, &s->irq); 1319 1320 s->spi = ssi_create_bus(dev, "spi"); 1321 1322 /* Setup cs_lines for slaves */ 1323 s->cs_lines = g_new0(qemu_irq, s->num_cs); 1324 ssi_auto_connect_slaves(dev, s->cs_lines, s->spi); 1325 1326 for (i = 0; i < s->num_cs; ++i) { 1327 sysbus_init_irq(sbd, &s->cs_lines[i]); 1328 } 1329 1330 /* The memory region for the controller registers */ 1331 memory_region_init_io(&s->mmio, OBJECT(s), &aspeed_smc_ops, s, 1332 s->ctrl->name, s->ctrl->nregs * 4); 1333 sysbus_init_mmio(sbd, &s->mmio); 1334 1335 /* 1336 * The container memory region representing the address space 1337 * window in which the flash modules are mapped. The size and 1338 * address depends on the SoC model and controller type. 1339 */ 1340 snprintf(name, sizeof(name), "%s.flash", s->ctrl->name); 1341 1342 memory_region_init_io(&s->mmio_flash, OBJECT(s), 1343 &aspeed_smc_flash_default_ops, s, name, 1344 s->ctrl->flash_window_size); 1345 sysbus_init_mmio(sbd, &s->mmio_flash); 1346 1347 s->flashes = g_new0(AspeedSMCFlash, s->ctrl->max_slaves); 1348 1349 /* 1350 * Let's create a sub memory region for each possible slave. All 1351 * have a configurable memory segment in the overall flash mapping 1352 * window of the controller but, there is not necessarily a flash 1353 * module behind to handle the memory accesses. This depends on 1354 * the board configuration. 1355 */ 1356 for (i = 0; i < s->ctrl->max_slaves; ++i) { 1357 AspeedSMCFlash *fl = &s->flashes[i]; 1358 1359 snprintf(name, sizeof(name), "%s.%d", s->ctrl->name, i); 1360 1361 fl->id = i; 1362 fl->controller = s; 1363 fl->size = s->ctrl->segments[i].size; 1364 memory_region_init_io(&fl->mmio, OBJECT(s), &aspeed_smc_flash_ops, 1365 fl, name, fl->size); 1366 memory_region_add_subregion(&s->mmio_flash, offset, &fl->mmio); 1367 offset += fl->size; 1368 } 1369 1370 /* DMA support */ 1371 if (s->ctrl->has_dma) { 1372 aspeed_smc_dma_setup(s, errp); 1373 } 1374 } 1375 1376 static const VMStateDescription vmstate_aspeed_smc = { 1377 .name = "aspeed.smc", 1378 .version_id = 2, 1379 .minimum_version_id = 2, 1380 .fields = (VMStateField[]) { 1381 VMSTATE_UINT32_ARRAY(regs, AspeedSMCState, ASPEED_SMC_R_MAX), 1382 VMSTATE_UINT8(snoop_index, AspeedSMCState), 1383 VMSTATE_UINT8(snoop_dummies, AspeedSMCState), 1384 VMSTATE_END_OF_LIST() 1385 } 1386 }; 1387 1388 static Property aspeed_smc_properties[] = { 1389 DEFINE_PROP_UINT32("num-cs", AspeedSMCState, num_cs, 1), 1390 DEFINE_PROP_BOOL("inject-failure", AspeedSMCState, inject_failure, false), 1391 DEFINE_PROP_UINT64("sdram-base", AspeedSMCState, sdram_base, 0), 1392 DEFINE_PROP_LINK("dram", AspeedSMCState, dram_mr, 1393 TYPE_MEMORY_REGION, MemoryRegion *), 1394 DEFINE_PROP_END_OF_LIST(), 1395 }; 1396 1397 static void aspeed_smc_class_init(ObjectClass *klass, void *data) 1398 { 1399 DeviceClass *dc = DEVICE_CLASS(klass); 1400 AspeedSMCClass *mc = ASPEED_SMC_CLASS(klass); 1401 1402 dc->realize = aspeed_smc_realize; 1403 dc->reset = aspeed_smc_reset; 1404 device_class_set_props(dc, aspeed_smc_properties); 1405 dc->vmsd = &vmstate_aspeed_smc; 1406 mc->ctrl = data; 1407 } 1408 1409 static const TypeInfo aspeed_smc_info = { 1410 .name = TYPE_ASPEED_SMC, 1411 .parent = TYPE_SYS_BUS_DEVICE, 1412 .instance_size = sizeof(AspeedSMCState), 1413 .class_size = sizeof(AspeedSMCClass), 1414 .abstract = true, 1415 }; 1416 1417 static void aspeed_smc_register_types(void) 1418 { 1419 int i; 1420 1421 type_register_static(&aspeed_smc_info); 1422 for (i = 0; i < ARRAY_SIZE(controllers); ++i) { 1423 TypeInfo ti = { 1424 .name = controllers[i].name, 1425 .parent = TYPE_ASPEED_SMC, 1426 .class_init = aspeed_smc_class_init, 1427 .class_data = (void *)&controllers[i], 1428 }; 1429 type_register(&ti); 1430 } 1431 } 1432 1433 type_init(aspeed_smc_register_types) 1434