1 /* 2 * ASPEED AST2400 SMC Controller (SPI Flash Only) 3 * 4 * Copyright (C) 2016 IBM Corp. 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #include "qemu/osdep.h" 26 #include "hw/sysbus.h" 27 #include "migration/vmstate.h" 28 #include "qemu/log.h" 29 #include "qemu/module.h" 30 #include "qemu/error-report.h" 31 #include "qapi/error.h" 32 #include "exec/address-spaces.h" 33 #include "qemu/units.h" 34 35 #include "hw/irq.h" 36 #include "hw/qdev-properties.h" 37 #include "hw/ssi/aspeed_smc.h" 38 39 /* CE Type Setting Register */ 40 #define R_CONF (0x00 / 4) 41 #define CONF_LEGACY_DISABLE (1 << 31) 42 #define CONF_ENABLE_W4 20 43 #define CONF_ENABLE_W3 19 44 #define CONF_ENABLE_W2 18 45 #define CONF_ENABLE_W1 17 46 #define CONF_ENABLE_W0 16 47 #define CONF_FLASH_TYPE4 8 48 #define CONF_FLASH_TYPE3 6 49 #define CONF_FLASH_TYPE2 4 50 #define CONF_FLASH_TYPE1 2 51 #define CONF_FLASH_TYPE0 0 52 #define CONF_FLASH_TYPE_NOR 0x0 53 #define CONF_FLASH_TYPE_NAND 0x1 54 #define CONF_FLASH_TYPE_SPI 0x2 /* AST2600 is SPI only */ 55 56 /* CE Control Register */ 57 #define R_CE_CTRL (0x04 / 4) 58 #define CTRL_EXTENDED4 4 /* 32 bit addressing for SPI */ 59 #define CTRL_EXTENDED3 3 /* 32 bit addressing for SPI */ 60 #define CTRL_EXTENDED2 2 /* 32 bit addressing for SPI */ 61 #define CTRL_EXTENDED1 1 /* 32 bit addressing for SPI */ 62 #define CTRL_EXTENDED0 0 /* 32 bit addressing for SPI */ 63 64 /* Interrupt Control and Status Register */ 65 #define R_INTR_CTRL (0x08 / 4) 66 #define INTR_CTRL_DMA_STATUS (1 << 11) 67 #define INTR_CTRL_CMD_ABORT_STATUS (1 << 10) 68 #define INTR_CTRL_WRITE_PROTECT_STATUS (1 << 9) 69 #define INTR_CTRL_DMA_EN (1 << 3) 70 #define INTR_CTRL_CMD_ABORT_EN (1 << 2) 71 #define INTR_CTRL_WRITE_PROTECT_EN (1 << 1) 72 73 /* CEx Control Register */ 74 #define R_CTRL0 (0x10 / 4) 75 #define CTRL_IO_QPI (1 << 31) 76 #define CTRL_IO_QUAD_DATA (1 << 30) 77 #define CTRL_IO_DUAL_DATA (1 << 29) 78 #define CTRL_IO_DUAL_ADDR_DATA (1 << 28) /* Includes dummies */ 79 #define CTRL_IO_QUAD_ADDR_DATA (1 << 28) /* Includes dummies */ 80 #define CTRL_CMD_SHIFT 16 81 #define CTRL_CMD_MASK 0xff 82 #define CTRL_DUMMY_HIGH_SHIFT 14 83 #define CTRL_AST2400_SPI_4BYTE (1 << 13) 84 #define CE_CTRL_CLOCK_FREQ_SHIFT 8 85 #define CE_CTRL_CLOCK_FREQ_MASK 0xf 86 #define CE_CTRL_CLOCK_FREQ(div) \ 87 (((div) & CE_CTRL_CLOCK_FREQ_MASK) << CE_CTRL_CLOCK_FREQ_SHIFT) 88 #define CTRL_DUMMY_LOW_SHIFT 6 /* 2 bits [7:6] */ 89 #define CTRL_CE_STOP_ACTIVE (1 << 2) 90 #define CTRL_CMD_MODE_MASK 0x3 91 #define CTRL_READMODE 0x0 92 #define CTRL_FREADMODE 0x1 93 #define CTRL_WRITEMODE 0x2 94 #define CTRL_USERMODE 0x3 95 #define R_CTRL1 (0x14 / 4) 96 #define R_CTRL2 (0x18 / 4) 97 #define R_CTRL3 (0x1C / 4) 98 #define R_CTRL4 (0x20 / 4) 99 100 /* CEx Segment Address Register */ 101 #define R_SEG_ADDR0 (0x30 / 4) 102 #define SEG_END_SHIFT 24 /* 8MB units */ 103 #define SEG_END_MASK 0xff 104 #define SEG_START_SHIFT 16 /* address bit [A29-A23] */ 105 #define SEG_START_MASK 0xff 106 #define R_SEG_ADDR1 (0x34 / 4) 107 #define R_SEG_ADDR2 (0x38 / 4) 108 #define R_SEG_ADDR3 (0x3C / 4) 109 #define R_SEG_ADDR4 (0x40 / 4) 110 111 /* Misc Control Register #1 */ 112 #define R_MISC_CTRL1 (0x50 / 4) 113 114 /* SPI dummy cycle data */ 115 #define R_DUMMY_DATA (0x54 / 4) 116 117 /* DMA Control/Status Register */ 118 #define R_DMA_CTRL (0x80 / 4) 119 #define DMA_CTRL_DELAY_MASK 0xf 120 #define DMA_CTRL_DELAY_SHIFT 8 121 #define DMA_CTRL_FREQ_MASK 0xf 122 #define DMA_CTRL_FREQ_SHIFT 4 123 #define DMA_CTRL_CALIB (1 << 3) 124 #define DMA_CTRL_CKSUM (1 << 2) 125 #define DMA_CTRL_WRITE (1 << 1) 126 #define DMA_CTRL_ENABLE (1 << 0) 127 128 /* DMA Flash Side Address */ 129 #define R_DMA_FLASH_ADDR (0x84 / 4) 130 131 /* DMA DRAM Side Address */ 132 #define R_DMA_DRAM_ADDR (0x88 / 4) 133 134 /* DMA Length Register */ 135 #define R_DMA_LEN (0x8C / 4) 136 137 /* Checksum Calculation Result */ 138 #define R_DMA_CHECKSUM (0x90 / 4) 139 140 /* Misc Control Register #2 */ 141 #define R_TIMINGS (0x94 / 4) 142 143 /* SPI controller registers and bits (AST2400) */ 144 #define R_SPI_CONF (0x00 / 4) 145 #define SPI_CONF_ENABLE_W0 0 146 #define R_SPI_CTRL0 (0x4 / 4) 147 #define R_SPI_MISC_CTRL (0x10 / 4) 148 #define R_SPI_TIMINGS (0x14 / 4) 149 150 #define ASPEED_SMC_R_SPI_MAX (0x20 / 4) 151 #define ASPEED_SMC_R_SMC_MAX (0x20 / 4) 152 153 #define ASPEED_SOC_SMC_FLASH_BASE 0x10000000 154 #define ASPEED_SOC_FMC_FLASH_BASE 0x20000000 155 #define ASPEED_SOC_SPI_FLASH_BASE 0x30000000 156 #define ASPEED_SOC_SPI2_FLASH_BASE 0x38000000 157 158 /* 159 * DMA DRAM addresses should be 4 bytes aligned and the valid address 160 * range is 0x40000000 - 0x5FFFFFFF (AST2400) 161 * 0x80000000 - 0xBFFFFFFF (AST2500) 162 * 163 * DMA flash addresses should be 4 bytes aligned and the valid address 164 * range is 0x20000000 - 0x2FFFFFFF. 165 * 166 * DMA length is from 4 bytes to 32MB 167 * 0: 4 bytes 168 * 0x7FFFFF: 32M bytes 169 */ 170 #define DMA_DRAM_ADDR(s, val) ((s)->sdram_base | \ 171 ((val) & (s)->ctrl->dma_dram_mask)) 172 #define DMA_FLASH_ADDR(s, val) ((s)->ctrl->flash_window_base | \ 173 ((val) & (s)->ctrl->dma_flash_mask)) 174 #define DMA_LENGTH(val) ((val) & 0x01FFFFFC) 175 176 /* Flash opcodes. */ 177 #define SPI_OP_READ 0x03 /* Read data bytes (low frequency) */ 178 179 #define SNOOP_OFF 0xFF 180 #define SNOOP_START 0x0 181 182 /* 183 * Default segments mapping addresses and size for each slave per 184 * controller. These can be changed when board is initialized with the 185 * Segment Address Registers. 186 */ 187 static const AspeedSegments aspeed_segments_legacy[] = { 188 { 0x10000000, 32 * 1024 * 1024 }, 189 }; 190 191 static const AspeedSegments aspeed_segments_fmc[] = { 192 { 0x20000000, 64 * 1024 * 1024 }, /* start address is readonly */ 193 { 0x24000000, 32 * 1024 * 1024 }, 194 { 0x26000000, 32 * 1024 * 1024 }, 195 { 0x28000000, 32 * 1024 * 1024 }, 196 { 0x2A000000, 32 * 1024 * 1024 } 197 }; 198 199 static const AspeedSegments aspeed_segments_spi[] = { 200 { 0x30000000, 64 * 1024 * 1024 }, 201 }; 202 203 static const AspeedSegments aspeed_segments_ast2500_fmc[] = { 204 { 0x20000000, 128 * 1024 * 1024 }, /* start address is readonly */ 205 { 0x28000000, 32 * 1024 * 1024 }, 206 { 0x2A000000, 32 * 1024 * 1024 }, 207 }; 208 209 static const AspeedSegments aspeed_segments_ast2500_spi1[] = { 210 { 0x30000000, 32 * 1024 * 1024 }, /* start address is readonly */ 211 { 0x32000000, 96 * 1024 * 1024 }, /* end address is readonly */ 212 }; 213 214 static const AspeedSegments aspeed_segments_ast2500_spi2[] = { 215 { 0x38000000, 32 * 1024 * 1024 }, /* start address is readonly */ 216 { 0x3A000000, 96 * 1024 * 1024 }, /* end address is readonly */ 217 }; 218 static uint32_t aspeed_smc_segment_to_reg(const AspeedSMCState *s, 219 const AspeedSegments *seg); 220 static void aspeed_smc_reg_to_segment(const AspeedSMCState *s, uint32_t reg, 221 AspeedSegments *seg); 222 223 /* 224 * AST2600 definitions 225 */ 226 #define ASPEED26_SOC_FMC_FLASH_BASE 0x20000000 227 #define ASPEED26_SOC_SPI_FLASH_BASE 0x30000000 228 #define ASPEED26_SOC_SPI2_FLASH_BASE 0x50000000 229 230 static const AspeedSegments aspeed_segments_ast2600_fmc[] = { 231 { 0x0, 128 * MiB }, /* start address is readonly */ 232 { 0x0, 0 }, /* disabled */ 233 { 0x0, 0 }, /* disabled */ 234 }; 235 236 static const AspeedSegments aspeed_segments_ast2600_spi1[] = { 237 { 0x0, 128 * MiB }, /* start address is readonly */ 238 { 0x0, 0 }, /* disabled */ 239 }; 240 241 static const AspeedSegments aspeed_segments_ast2600_spi2[] = { 242 { 0x0, 128 * MiB }, /* start address is readonly */ 243 { 0x0, 0 }, /* disabled */ 244 { 0x0, 0 }, /* disabled */ 245 }; 246 247 static uint32_t aspeed_2600_smc_segment_to_reg(const AspeedSMCState *s, 248 const AspeedSegments *seg); 249 static void aspeed_2600_smc_reg_to_segment(const AspeedSMCState *s, 250 uint32_t reg, AspeedSegments *seg); 251 252 static const AspeedSMCController controllers[] = { 253 { 254 .name = "aspeed.smc-ast2400", 255 .r_conf = R_CONF, 256 .r_ce_ctrl = R_CE_CTRL, 257 .r_ctrl0 = R_CTRL0, 258 .r_timings = R_TIMINGS, 259 .conf_enable_w0 = CONF_ENABLE_W0, 260 .max_slaves = 5, 261 .segments = aspeed_segments_legacy, 262 .flash_window_base = ASPEED_SOC_SMC_FLASH_BASE, 263 .flash_window_size = 0x6000000, 264 .has_dma = false, 265 .nregs = ASPEED_SMC_R_SMC_MAX, 266 .segment_to_reg = aspeed_smc_segment_to_reg, 267 .reg_to_segment = aspeed_smc_reg_to_segment, 268 }, { 269 .name = "aspeed.fmc-ast2400", 270 .r_conf = R_CONF, 271 .r_ce_ctrl = R_CE_CTRL, 272 .r_ctrl0 = R_CTRL0, 273 .r_timings = R_TIMINGS, 274 .conf_enable_w0 = CONF_ENABLE_W0, 275 .max_slaves = 5, 276 .segments = aspeed_segments_fmc, 277 .flash_window_base = ASPEED_SOC_FMC_FLASH_BASE, 278 .flash_window_size = 0x10000000, 279 .has_dma = true, 280 .dma_flash_mask = 0x0FFFFFFC, 281 .dma_dram_mask = 0x1FFFFFFC, 282 .nregs = ASPEED_SMC_R_MAX, 283 .segment_to_reg = aspeed_smc_segment_to_reg, 284 .reg_to_segment = aspeed_smc_reg_to_segment, 285 }, { 286 .name = "aspeed.spi1-ast2400", 287 .r_conf = R_SPI_CONF, 288 .r_ce_ctrl = 0xff, 289 .r_ctrl0 = R_SPI_CTRL0, 290 .r_timings = R_SPI_TIMINGS, 291 .conf_enable_w0 = SPI_CONF_ENABLE_W0, 292 .max_slaves = 1, 293 .segments = aspeed_segments_spi, 294 .flash_window_base = ASPEED_SOC_SPI_FLASH_BASE, 295 .flash_window_size = 0x10000000, 296 .has_dma = false, 297 .nregs = ASPEED_SMC_R_SPI_MAX, 298 .segment_to_reg = aspeed_smc_segment_to_reg, 299 .reg_to_segment = aspeed_smc_reg_to_segment, 300 }, { 301 .name = "aspeed.fmc-ast2500", 302 .r_conf = R_CONF, 303 .r_ce_ctrl = R_CE_CTRL, 304 .r_ctrl0 = R_CTRL0, 305 .r_timings = R_TIMINGS, 306 .conf_enable_w0 = CONF_ENABLE_W0, 307 .max_slaves = 3, 308 .segments = aspeed_segments_ast2500_fmc, 309 .flash_window_base = ASPEED_SOC_FMC_FLASH_BASE, 310 .flash_window_size = 0x10000000, 311 .has_dma = true, 312 .dma_flash_mask = 0x0FFFFFFC, 313 .dma_dram_mask = 0x3FFFFFFC, 314 .nregs = ASPEED_SMC_R_MAX, 315 .segment_to_reg = aspeed_smc_segment_to_reg, 316 .reg_to_segment = aspeed_smc_reg_to_segment, 317 }, { 318 .name = "aspeed.spi1-ast2500", 319 .r_conf = R_CONF, 320 .r_ce_ctrl = R_CE_CTRL, 321 .r_ctrl0 = R_CTRL0, 322 .r_timings = R_TIMINGS, 323 .conf_enable_w0 = CONF_ENABLE_W0, 324 .max_slaves = 2, 325 .segments = aspeed_segments_ast2500_spi1, 326 .flash_window_base = ASPEED_SOC_SPI_FLASH_BASE, 327 .flash_window_size = 0x8000000, 328 .has_dma = false, 329 .nregs = ASPEED_SMC_R_MAX, 330 .segment_to_reg = aspeed_smc_segment_to_reg, 331 .reg_to_segment = aspeed_smc_reg_to_segment, 332 }, { 333 .name = "aspeed.spi2-ast2500", 334 .r_conf = R_CONF, 335 .r_ce_ctrl = R_CE_CTRL, 336 .r_ctrl0 = R_CTRL0, 337 .r_timings = R_TIMINGS, 338 .conf_enable_w0 = CONF_ENABLE_W0, 339 .max_slaves = 2, 340 .segments = aspeed_segments_ast2500_spi2, 341 .flash_window_base = ASPEED_SOC_SPI2_FLASH_BASE, 342 .flash_window_size = 0x8000000, 343 .has_dma = false, 344 .nregs = ASPEED_SMC_R_MAX, 345 .segment_to_reg = aspeed_smc_segment_to_reg, 346 .reg_to_segment = aspeed_smc_reg_to_segment, 347 }, { 348 .name = "aspeed.fmc-ast2600", 349 .r_conf = R_CONF, 350 .r_ce_ctrl = R_CE_CTRL, 351 .r_ctrl0 = R_CTRL0, 352 .r_timings = R_TIMINGS, 353 .conf_enable_w0 = CONF_ENABLE_W0, 354 .max_slaves = 3, 355 .segments = aspeed_segments_ast2600_fmc, 356 .flash_window_base = ASPEED26_SOC_FMC_FLASH_BASE, 357 .flash_window_size = 0x10000000, 358 .has_dma = true, 359 .nregs = ASPEED_SMC_R_MAX, 360 .segment_to_reg = aspeed_2600_smc_segment_to_reg, 361 .reg_to_segment = aspeed_2600_smc_reg_to_segment, 362 }, { 363 .name = "aspeed.spi1-ast2600", 364 .r_conf = R_CONF, 365 .r_ce_ctrl = R_CE_CTRL, 366 .r_ctrl0 = R_CTRL0, 367 .r_timings = R_TIMINGS, 368 .conf_enable_w0 = CONF_ENABLE_W0, 369 .max_slaves = 2, 370 .segments = aspeed_segments_ast2600_spi1, 371 .flash_window_base = ASPEED26_SOC_SPI_FLASH_BASE, 372 .flash_window_size = 0x10000000, 373 .has_dma = false, 374 .nregs = ASPEED_SMC_R_MAX, 375 .segment_to_reg = aspeed_2600_smc_segment_to_reg, 376 .reg_to_segment = aspeed_2600_smc_reg_to_segment, 377 }, { 378 .name = "aspeed.spi2-ast2600", 379 .r_conf = R_CONF, 380 .r_ce_ctrl = R_CE_CTRL, 381 .r_ctrl0 = R_CTRL0, 382 .r_timings = R_TIMINGS, 383 .conf_enable_w0 = CONF_ENABLE_W0, 384 .max_slaves = 3, 385 .segments = aspeed_segments_ast2600_spi2, 386 .flash_window_base = ASPEED26_SOC_SPI2_FLASH_BASE, 387 .flash_window_size = 0x10000000, 388 .has_dma = false, 389 .nregs = ASPEED_SMC_R_MAX, 390 .segment_to_reg = aspeed_2600_smc_segment_to_reg, 391 .reg_to_segment = aspeed_2600_smc_reg_to_segment, 392 }, 393 }; 394 395 /* 396 * The Segment Registers of the AST2400 and AST2500 have a 8MB 397 * unit. The address range of a flash SPI slave is encoded with 398 * absolute addresses which should be part of the overall controller 399 * window. 400 */ 401 static uint32_t aspeed_smc_segment_to_reg(const AspeedSMCState *s, 402 const AspeedSegments *seg) 403 { 404 uint32_t reg = 0; 405 reg |= ((seg->addr >> 23) & SEG_START_MASK) << SEG_START_SHIFT; 406 reg |= (((seg->addr + seg->size) >> 23) & SEG_END_MASK) << SEG_END_SHIFT; 407 return reg; 408 } 409 410 static void aspeed_smc_reg_to_segment(const AspeedSMCState *s, 411 uint32_t reg, AspeedSegments *seg) 412 { 413 seg->addr = ((reg >> SEG_START_SHIFT) & SEG_START_MASK) << 23; 414 seg->size = (((reg >> SEG_END_SHIFT) & SEG_END_MASK) << 23) - seg->addr; 415 } 416 417 /* 418 * The Segment Registers of the AST2600 have a 1MB unit. The address 419 * range of a flash SPI slave is encoded with offsets in the overall 420 * controller window. The previous SoC AST2400 and AST2500 used 421 * absolute addresses. Only bits [27:20] are relevant and the end 422 * address is an upper bound limit. 423 */ 424 #define AST2600_SEG_ADDR_MASK 0x0ff00000 425 426 static uint32_t aspeed_2600_smc_segment_to_reg(const AspeedSMCState *s, 427 const AspeedSegments *seg) 428 { 429 uint32_t reg = 0; 430 431 /* Disabled segments have a nil register */ 432 if (!seg->size) { 433 return 0; 434 } 435 436 reg |= (seg->addr & AST2600_SEG_ADDR_MASK) >> 16; /* start offset */ 437 reg |= (seg->addr + seg->size - 1) & AST2600_SEG_ADDR_MASK; /* end offset */ 438 return reg; 439 } 440 441 static void aspeed_2600_smc_reg_to_segment(const AspeedSMCState *s, 442 uint32_t reg, AspeedSegments *seg) 443 { 444 uint32_t start_offset = (reg << 16) & AST2600_SEG_ADDR_MASK; 445 uint32_t end_offset = reg & AST2600_SEG_ADDR_MASK; 446 447 seg->addr = s->ctrl->flash_window_base + start_offset; 448 seg->size = end_offset + MiB - start_offset; 449 } 450 451 static bool aspeed_smc_flash_overlap(const AspeedSMCState *s, 452 const AspeedSegments *new, 453 int cs) 454 { 455 AspeedSegments seg; 456 int i; 457 458 for (i = 0; i < s->ctrl->max_slaves; i++) { 459 if (i == cs) { 460 continue; 461 } 462 463 s->ctrl->reg_to_segment(s, s->regs[R_SEG_ADDR0 + i], &seg); 464 465 if (new->addr + new->size > seg.addr && 466 new->addr < seg.addr + seg.size) { 467 qemu_log_mask(LOG_GUEST_ERROR, "%s: new segment CS%d [ 0x%" 468 HWADDR_PRIx" - 0x%"HWADDR_PRIx" ] overlaps with " 469 "CS%d [ 0x%"HWADDR_PRIx" - 0x%"HWADDR_PRIx" ]\n", 470 s->ctrl->name, cs, new->addr, new->addr + new->size, 471 i, seg.addr, seg.addr + seg.size); 472 return true; 473 } 474 } 475 return false; 476 } 477 478 static void aspeed_smc_flash_set_segment(AspeedSMCState *s, int cs, 479 uint64_t new) 480 { 481 AspeedSMCFlash *fl = &s->flashes[cs]; 482 AspeedSegments seg; 483 484 s->ctrl->reg_to_segment(s, new, &seg); 485 486 /* The start address of CS0 is read-only */ 487 if (cs == 0 && seg.addr != s->ctrl->flash_window_base) { 488 qemu_log_mask(LOG_GUEST_ERROR, 489 "%s: Tried to change CS0 start address to 0x%" 490 HWADDR_PRIx "\n", s->ctrl->name, seg.addr); 491 seg.addr = s->ctrl->flash_window_base; 492 new = s->ctrl->segment_to_reg(s, &seg); 493 } 494 495 /* 496 * The end address of the AST2500 spi controllers is also 497 * read-only. 498 */ 499 if ((s->ctrl->segments == aspeed_segments_ast2500_spi1 || 500 s->ctrl->segments == aspeed_segments_ast2500_spi2) && 501 cs == s->ctrl->max_slaves && 502 seg.addr + seg.size != s->ctrl->segments[cs].addr + 503 s->ctrl->segments[cs].size) { 504 qemu_log_mask(LOG_GUEST_ERROR, 505 "%s: Tried to change CS%d end address to 0x%" 506 HWADDR_PRIx "\n", s->ctrl->name, cs, seg.addr + seg.size); 507 seg.size = s->ctrl->segments[cs].addr + s->ctrl->segments[cs].size - 508 seg.addr; 509 new = s->ctrl->segment_to_reg(s, &seg); 510 } 511 512 /* Keep the segment in the overall flash window */ 513 if (seg.addr + seg.size <= s->ctrl->flash_window_base || 514 seg.addr > s->ctrl->flash_window_base + s->ctrl->flash_window_size) { 515 qemu_log_mask(LOG_GUEST_ERROR, "%s: new segment for CS%d is invalid : " 516 "[ 0x%"HWADDR_PRIx" - 0x%"HWADDR_PRIx" ]\n", 517 s->ctrl->name, cs, seg.addr, seg.addr + seg.size); 518 return; 519 } 520 521 /* Check start address vs. alignment */ 522 if (seg.size && !QEMU_IS_ALIGNED(seg.addr, seg.size)) { 523 qemu_log_mask(LOG_GUEST_ERROR, "%s: new segment for CS%d is not " 524 "aligned : [ 0x%"HWADDR_PRIx" - 0x%"HWADDR_PRIx" ]\n", 525 s->ctrl->name, cs, seg.addr, seg.addr + seg.size); 526 } 527 528 /* And segments should not overlap (in the specs) */ 529 aspeed_smc_flash_overlap(s, &seg, cs); 530 531 /* All should be fine now to move the region */ 532 memory_region_transaction_begin(); 533 memory_region_set_size(&fl->mmio, seg.size); 534 memory_region_set_address(&fl->mmio, seg.addr - s->ctrl->flash_window_base); 535 memory_region_set_enabled(&fl->mmio, true); 536 memory_region_transaction_commit(); 537 538 s->regs[R_SEG_ADDR0 + cs] = new; 539 } 540 541 static uint64_t aspeed_smc_flash_default_read(void *opaque, hwaddr addr, 542 unsigned size) 543 { 544 qemu_log_mask(LOG_GUEST_ERROR, "%s: To 0x%" HWADDR_PRIx " of size %u" 545 PRIx64 "\n", __func__, addr, size); 546 return 0; 547 } 548 549 static void aspeed_smc_flash_default_write(void *opaque, hwaddr addr, 550 uint64_t data, unsigned size) 551 { 552 qemu_log_mask(LOG_GUEST_ERROR, "%s: To 0x%" HWADDR_PRIx " of size %u: 0x%" 553 PRIx64 "\n", __func__, addr, size, data); 554 } 555 556 static const MemoryRegionOps aspeed_smc_flash_default_ops = { 557 .read = aspeed_smc_flash_default_read, 558 .write = aspeed_smc_flash_default_write, 559 .endianness = DEVICE_LITTLE_ENDIAN, 560 .valid = { 561 .min_access_size = 1, 562 .max_access_size = 4, 563 }, 564 }; 565 566 static inline int aspeed_smc_flash_mode(const AspeedSMCFlash *fl) 567 { 568 const AspeedSMCState *s = fl->controller; 569 570 return s->regs[s->r_ctrl0 + fl->id] & CTRL_CMD_MODE_MASK; 571 } 572 573 static inline bool aspeed_smc_is_writable(const AspeedSMCFlash *fl) 574 { 575 const AspeedSMCState *s = fl->controller; 576 577 return s->regs[s->r_conf] & (1 << (s->conf_enable_w0 + fl->id)); 578 } 579 580 static inline int aspeed_smc_flash_cmd(const AspeedSMCFlash *fl) 581 { 582 const AspeedSMCState *s = fl->controller; 583 int cmd = (s->regs[s->r_ctrl0 + fl->id] >> CTRL_CMD_SHIFT) & CTRL_CMD_MASK; 584 585 /* 586 * In read mode, the default SPI command is READ (0x3). In other 587 * modes, the command should necessarily be defined 588 * 589 * TODO: add support for READ4 (0x13) on AST2600 590 */ 591 if (aspeed_smc_flash_mode(fl) == CTRL_READMODE) { 592 cmd = SPI_OP_READ; 593 } 594 595 if (!cmd) { 596 qemu_log_mask(LOG_GUEST_ERROR, "%s: no command defined for mode %d\n", 597 __func__, aspeed_smc_flash_mode(fl)); 598 } 599 600 return cmd; 601 } 602 603 static inline int aspeed_smc_flash_is_4byte(const AspeedSMCFlash *fl) 604 { 605 const AspeedSMCState *s = fl->controller; 606 607 if (s->ctrl->segments == aspeed_segments_spi) { 608 return s->regs[s->r_ctrl0] & CTRL_AST2400_SPI_4BYTE; 609 } else { 610 return s->regs[s->r_ce_ctrl] & (1 << (CTRL_EXTENDED0 + fl->id)); 611 } 612 } 613 614 static inline bool aspeed_smc_is_ce_stop_active(const AspeedSMCFlash *fl) 615 { 616 const AspeedSMCState *s = fl->controller; 617 618 return s->regs[s->r_ctrl0 + fl->id] & CTRL_CE_STOP_ACTIVE; 619 } 620 621 static void aspeed_smc_flash_select(AspeedSMCFlash *fl) 622 { 623 AspeedSMCState *s = fl->controller; 624 625 s->regs[s->r_ctrl0 + fl->id] &= ~CTRL_CE_STOP_ACTIVE; 626 qemu_set_irq(s->cs_lines[fl->id], aspeed_smc_is_ce_stop_active(fl)); 627 } 628 629 static void aspeed_smc_flash_unselect(AspeedSMCFlash *fl) 630 { 631 AspeedSMCState *s = fl->controller; 632 633 s->regs[s->r_ctrl0 + fl->id] |= CTRL_CE_STOP_ACTIVE; 634 qemu_set_irq(s->cs_lines[fl->id], aspeed_smc_is_ce_stop_active(fl)); 635 } 636 637 static uint32_t aspeed_smc_check_segment_addr(const AspeedSMCFlash *fl, 638 uint32_t addr) 639 { 640 const AspeedSMCState *s = fl->controller; 641 AspeedSegments seg; 642 643 s->ctrl->reg_to_segment(s, s->regs[R_SEG_ADDR0 + fl->id], &seg); 644 if ((addr % seg.size) != addr) { 645 qemu_log_mask(LOG_GUEST_ERROR, 646 "%s: invalid address 0x%08x for CS%d segment : " 647 "[ 0x%"HWADDR_PRIx" - 0x%"HWADDR_PRIx" ]\n", 648 s->ctrl->name, addr, fl->id, seg.addr, 649 seg.addr + seg.size); 650 addr %= seg.size; 651 } 652 653 return addr; 654 } 655 656 static int aspeed_smc_flash_dummies(const AspeedSMCFlash *fl) 657 { 658 const AspeedSMCState *s = fl->controller; 659 uint32_t r_ctrl0 = s->regs[s->r_ctrl0 + fl->id]; 660 uint32_t dummy_high = (r_ctrl0 >> CTRL_DUMMY_HIGH_SHIFT) & 0x1; 661 uint32_t dummy_low = (r_ctrl0 >> CTRL_DUMMY_LOW_SHIFT) & 0x3; 662 uint32_t dummies = ((dummy_high << 2) | dummy_low) * 8; 663 664 if (r_ctrl0 & CTRL_IO_DUAL_ADDR_DATA) { 665 dummies /= 2; 666 } 667 668 return dummies; 669 } 670 671 static void aspeed_smc_flash_setup(AspeedSMCFlash *fl, uint32_t addr) 672 { 673 const AspeedSMCState *s = fl->controller; 674 uint8_t cmd = aspeed_smc_flash_cmd(fl); 675 int i; 676 677 /* Flash access can not exceed CS segment */ 678 addr = aspeed_smc_check_segment_addr(fl, addr); 679 680 ssi_transfer(s->spi, cmd); 681 682 if (aspeed_smc_flash_is_4byte(fl)) { 683 ssi_transfer(s->spi, (addr >> 24) & 0xff); 684 } 685 ssi_transfer(s->spi, (addr >> 16) & 0xff); 686 ssi_transfer(s->spi, (addr >> 8) & 0xff); 687 ssi_transfer(s->spi, (addr & 0xff)); 688 689 /* 690 * Use fake transfers to model dummy bytes. The value should 691 * be configured to some non-zero value in fast read mode and 692 * zero in read mode. But, as the HW allows inconsistent 693 * settings, let's check for fast read mode. 694 */ 695 if (aspeed_smc_flash_mode(fl) == CTRL_FREADMODE) { 696 for (i = 0; i < aspeed_smc_flash_dummies(fl); i++) { 697 ssi_transfer(fl->controller->spi, s->regs[R_DUMMY_DATA] & 0xff); 698 } 699 } 700 } 701 702 static uint64_t aspeed_smc_flash_read(void *opaque, hwaddr addr, unsigned size) 703 { 704 AspeedSMCFlash *fl = opaque; 705 AspeedSMCState *s = fl->controller; 706 uint64_t ret = 0; 707 int i; 708 709 switch (aspeed_smc_flash_mode(fl)) { 710 case CTRL_USERMODE: 711 for (i = 0; i < size; i++) { 712 ret |= ssi_transfer(s->spi, 0x0) << (8 * i); 713 } 714 break; 715 case CTRL_READMODE: 716 case CTRL_FREADMODE: 717 aspeed_smc_flash_select(fl); 718 aspeed_smc_flash_setup(fl, addr); 719 720 for (i = 0; i < size; i++) { 721 ret |= ssi_transfer(s->spi, 0x0) << (8 * i); 722 } 723 724 aspeed_smc_flash_unselect(fl); 725 break; 726 default: 727 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid flash mode %d\n", 728 __func__, aspeed_smc_flash_mode(fl)); 729 } 730 731 return ret; 732 } 733 734 /* 735 * TODO (clg@kaod.org): stolen from xilinx_spips.c. Should move to a 736 * common include header. 737 */ 738 typedef enum { 739 READ = 0x3, READ_4 = 0x13, 740 FAST_READ = 0xb, FAST_READ_4 = 0x0c, 741 DOR = 0x3b, DOR_4 = 0x3c, 742 QOR = 0x6b, QOR_4 = 0x6c, 743 DIOR = 0xbb, DIOR_4 = 0xbc, 744 QIOR = 0xeb, QIOR_4 = 0xec, 745 746 PP = 0x2, PP_4 = 0x12, 747 DPP = 0xa2, 748 QPP = 0x32, QPP_4 = 0x34, 749 } FlashCMD; 750 751 static int aspeed_smc_num_dummies(uint8_t command) 752 { 753 switch (command) { /* check for dummies */ 754 case READ: /* no dummy bytes/cycles */ 755 case PP: 756 case DPP: 757 case QPP: 758 case READ_4: 759 case PP_4: 760 case QPP_4: 761 return 0; 762 case FAST_READ: 763 case DOR: 764 case QOR: 765 case DOR_4: 766 case QOR_4: 767 return 1; 768 case DIOR: 769 case FAST_READ_4: 770 case DIOR_4: 771 return 2; 772 case QIOR: 773 case QIOR_4: 774 return 4; 775 default: 776 return -1; 777 } 778 } 779 780 static bool aspeed_smc_do_snoop(AspeedSMCFlash *fl, uint64_t data, 781 unsigned size) 782 { 783 AspeedSMCState *s = fl->controller; 784 uint8_t addr_width = aspeed_smc_flash_is_4byte(fl) ? 4 : 3; 785 786 if (s->snoop_index == SNOOP_OFF) { 787 return false; /* Do nothing */ 788 789 } else if (s->snoop_index == SNOOP_START) { 790 uint8_t cmd = data & 0xff; 791 int ndummies = aspeed_smc_num_dummies(cmd); 792 793 /* 794 * No dummy cycles are expected with the current command. Turn 795 * off snooping and let the transfer proceed normally. 796 */ 797 if (ndummies <= 0) { 798 s->snoop_index = SNOOP_OFF; 799 return false; 800 } 801 802 s->snoop_dummies = ndummies * 8; 803 804 } else if (s->snoop_index >= addr_width + 1) { 805 806 /* The SPI transfer has reached the dummy cycles sequence */ 807 for (; s->snoop_dummies; s->snoop_dummies--) { 808 ssi_transfer(s->spi, s->regs[R_DUMMY_DATA] & 0xff); 809 } 810 811 /* If no more dummy cycles are expected, turn off snooping */ 812 if (!s->snoop_dummies) { 813 s->snoop_index = SNOOP_OFF; 814 } else { 815 s->snoop_index += size; 816 } 817 818 /* 819 * Dummy cycles have been faked already. Ignore the current 820 * SPI transfer 821 */ 822 return true; 823 } 824 825 s->snoop_index += size; 826 return false; 827 } 828 829 static void aspeed_smc_flash_write(void *opaque, hwaddr addr, uint64_t data, 830 unsigned size) 831 { 832 AspeedSMCFlash *fl = opaque; 833 AspeedSMCState *s = fl->controller; 834 int i; 835 836 if (!aspeed_smc_is_writable(fl)) { 837 qemu_log_mask(LOG_GUEST_ERROR, "%s: flash is not writable at 0x%" 838 HWADDR_PRIx "\n", __func__, addr); 839 return; 840 } 841 842 switch (aspeed_smc_flash_mode(fl)) { 843 case CTRL_USERMODE: 844 if (aspeed_smc_do_snoop(fl, data, size)) { 845 break; 846 } 847 848 for (i = 0; i < size; i++) { 849 ssi_transfer(s->spi, (data >> (8 * i)) & 0xff); 850 } 851 break; 852 case CTRL_WRITEMODE: 853 aspeed_smc_flash_select(fl); 854 aspeed_smc_flash_setup(fl, addr); 855 856 for (i = 0; i < size; i++) { 857 ssi_transfer(s->spi, (data >> (8 * i)) & 0xff); 858 } 859 860 aspeed_smc_flash_unselect(fl); 861 break; 862 default: 863 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid flash mode %d\n", 864 __func__, aspeed_smc_flash_mode(fl)); 865 } 866 } 867 868 static const MemoryRegionOps aspeed_smc_flash_ops = { 869 .read = aspeed_smc_flash_read, 870 .write = aspeed_smc_flash_write, 871 .endianness = DEVICE_LITTLE_ENDIAN, 872 .valid = { 873 .min_access_size = 1, 874 .max_access_size = 4, 875 }, 876 }; 877 878 static void aspeed_smc_flash_update_cs(AspeedSMCFlash *fl) 879 { 880 AspeedSMCState *s = fl->controller; 881 882 s->snoop_index = aspeed_smc_is_ce_stop_active(fl) ? SNOOP_OFF : SNOOP_START; 883 884 qemu_set_irq(s->cs_lines[fl->id], aspeed_smc_is_ce_stop_active(fl)); 885 } 886 887 static void aspeed_smc_reset(DeviceState *d) 888 { 889 AspeedSMCState *s = ASPEED_SMC(d); 890 int i; 891 892 memset(s->regs, 0, sizeof s->regs); 893 894 /* Unselect all slaves */ 895 for (i = 0; i < s->num_cs; ++i) { 896 s->regs[s->r_ctrl0 + i] |= CTRL_CE_STOP_ACTIVE; 897 qemu_set_irq(s->cs_lines[i], true); 898 } 899 900 /* setup default segment register values for all */ 901 for (i = 0; i < s->ctrl->max_slaves; ++i) { 902 s->regs[R_SEG_ADDR0 + i] = 903 s->ctrl->segment_to_reg(s, &s->ctrl->segments[i]); 904 } 905 906 /* HW strapping flash type for the AST2600 controllers */ 907 if (s->ctrl->segments == aspeed_segments_ast2600_fmc) { 908 /* flash type is fixed to SPI for all */ 909 s->regs[s->r_conf] |= (CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE0); 910 s->regs[s->r_conf] |= (CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE1); 911 s->regs[s->r_conf] |= (CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE2); 912 } 913 914 /* HW strapping flash type for FMC controllers */ 915 if (s->ctrl->segments == aspeed_segments_ast2500_fmc) { 916 /* flash type is fixed to SPI for CE0 and CE1 */ 917 s->regs[s->r_conf] |= (CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE0); 918 s->regs[s->r_conf] |= (CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE1); 919 } 920 921 /* HW strapping for AST2400 FMC controllers (SCU70). Let's use the 922 * configuration of the palmetto-bmc machine */ 923 if (s->ctrl->segments == aspeed_segments_fmc) { 924 s->regs[s->r_conf] |= (CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE0); 925 } 926 927 s->snoop_index = SNOOP_OFF; 928 s->snoop_dummies = 0; 929 } 930 931 static uint64_t aspeed_smc_read(void *opaque, hwaddr addr, unsigned int size) 932 { 933 AspeedSMCState *s = ASPEED_SMC(opaque); 934 935 addr >>= 2; 936 937 if (addr == s->r_conf || 938 addr == s->r_timings || 939 addr == s->r_ce_ctrl || 940 addr == R_INTR_CTRL || 941 addr == R_DUMMY_DATA || 942 (s->ctrl->has_dma && addr == R_DMA_CTRL) || 943 (s->ctrl->has_dma && addr == R_DMA_FLASH_ADDR) || 944 (s->ctrl->has_dma && addr == R_DMA_DRAM_ADDR) || 945 (s->ctrl->has_dma && addr == R_DMA_LEN) || 946 (s->ctrl->has_dma && addr == R_DMA_CHECKSUM) || 947 (addr >= R_SEG_ADDR0 && addr < R_SEG_ADDR0 + s->ctrl->max_slaves) || 948 (addr >= s->r_ctrl0 && addr < s->r_ctrl0 + s->ctrl->max_slaves)) { 949 return s->regs[addr]; 950 } else { 951 qemu_log_mask(LOG_UNIMP, "%s: not implemented: 0x%" HWADDR_PRIx "\n", 952 __func__, addr); 953 return -1; 954 } 955 } 956 957 static uint8_t aspeed_smc_hclk_divisor(uint8_t hclk_mask) 958 { 959 /* HCLK/1 .. HCLK/16 */ 960 const uint8_t hclk_divisors[] = { 961 15, 7, 14, 6, 13, 5, 12, 4, 11, 3, 10, 2, 9, 1, 8, 0 962 }; 963 int i; 964 965 for (i = 0; i < ARRAY_SIZE(hclk_divisors); i++) { 966 if (hclk_mask == hclk_divisors[i]) { 967 return i + 1; 968 } 969 } 970 971 qemu_log_mask(LOG_GUEST_ERROR, "invalid HCLK mask %x", hclk_mask); 972 return 0; 973 } 974 975 /* 976 * When doing calibration, the SPI clock rate in the CE0 Control 977 * Register and the read delay cycles in the Read Timing Compensation 978 * Register are set using bit[11:4] of the DMA Control Register. 979 */ 980 static void aspeed_smc_dma_calibration(AspeedSMCState *s) 981 { 982 uint8_t delay = 983 (s->regs[R_DMA_CTRL] >> DMA_CTRL_DELAY_SHIFT) & DMA_CTRL_DELAY_MASK; 984 uint8_t hclk_mask = 985 (s->regs[R_DMA_CTRL] >> DMA_CTRL_FREQ_SHIFT) & DMA_CTRL_FREQ_MASK; 986 uint8_t hclk_div = aspeed_smc_hclk_divisor(hclk_mask); 987 uint32_t hclk_shift = (hclk_div - 1) << 2; 988 uint8_t cs; 989 990 /* 991 * The Read Timing Compensation Register values apply to all CS on 992 * the SPI bus and only HCLK/1 - HCLK/5 can have tunable delays 993 */ 994 if (hclk_div && hclk_div < 6) { 995 s->regs[s->r_timings] &= ~(0xf << hclk_shift); 996 s->regs[s->r_timings] |= delay << hclk_shift; 997 } 998 999 /* 1000 * TODO: compute the CS from the DMA address and the segment 1001 * registers. This is not really a problem for now because the 1002 * Timing Register values apply to all CS and software uses CS0 to 1003 * do calibration. 1004 */ 1005 cs = 0; 1006 s->regs[s->r_ctrl0 + cs] &= 1007 ~(CE_CTRL_CLOCK_FREQ_MASK << CE_CTRL_CLOCK_FREQ_SHIFT); 1008 s->regs[s->r_ctrl0 + cs] |= CE_CTRL_CLOCK_FREQ(hclk_div); 1009 } 1010 1011 /* 1012 * Emulate read errors in the DMA Checksum Register for high 1013 * frequencies and optimistic settings of the Read Timing Compensation 1014 * Register. This will help in tuning the SPI timing calibration 1015 * algorithm. 1016 */ 1017 static bool aspeed_smc_inject_read_failure(AspeedSMCState *s) 1018 { 1019 uint8_t delay = 1020 (s->regs[R_DMA_CTRL] >> DMA_CTRL_DELAY_SHIFT) & DMA_CTRL_DELAY_MASK; 1021 uint8_t hclk_mask = 1022 (s->regs[R_DMA_CTRL] >> DMA_CTRL_FREQ_SHIFT) & DMA_CTRL_FREQ_MASK; 1023 1024 /* 1025 * Typical values of a palmetto-bmc machine. 1026 */ 1027 switch (aspeed_smc_hclk_divisor(hclk_mask)) { 1028 case 4 ... 16: 1029 return false; 1030 case 3: /* at least one HCLK cycle delay */ 1031 return (delay & 0x7) < 1; 1032 case 2: /* at least two HCLK cycle delay */ 1033 return (delay & 0x7) < 2; 1034 case 1: /* (> 100MHz) is above the max freq of the controller */ 1035 return true; 1036 default: 1037 g_assert_not_reached(); 1038 } 1039 } 1040 1041 /* 1042 * Accumulate the result of the reads to provide a checksum that will 1043 * be used to validate the read timing settings. 1044 */ 1045 static void aspeed_smc_dma_checksum(AspeedSMCState *s) 1046 { 1047 MemTxResult result; 1048 uint32_t data; 1049 1050 if (s->regs[R_DMA_CTRL] & DMA_CTRL_WRITE) { 1051 qemu_log_mask(LOG_GUEST_ERROR, 1052 "%s: invalid direction for DMA checksum\n", __func__); 1053 return; 1054 } 1055 1056 if (s->regs[R_DMA_CTRL] & DMA_CTRL_CALIB) { 1057 aspeed_smc_dma_calibration(s); 1058 } 1059 1060 while (s->regs[R_DMA_LEN]) { 1061 data = address_space_ldl_le(&s->flash_as, s->regs[R_DMA_FLASH_ADDR], 1062 MEMTXATTRS_UNSPECIFIED, &result); 1063 if (result != MEMTX_OK) { 1064 qemu_log_mask(LOG_GUEST_ERROR, "%s: Flash read failed @%08x\n", 1065 __func__, s->regs[R_DMA_FLASH_ADDR]); 1066 return; 1067 } 1068 1069 /* 1070 * When the DMA is on-going, the DMA registers are updated 1071 * with the current working addresses and length. 1072 */ 1073 s->regs[R_DMA_CHECKSUM] += data; 1074 s->regs[R_DMA_FLASH_ADDR] += 4; 1075 s->regs[R_DMA_LEN] -= 4; 1076 } 1077 1078 if (s->inject_failure && aspeed_smc_inject_read_failure(s)) { 1079 s->regs[R_DMA_CHECKSUM] = 0xbadc0de; 1080 } 1081 1082 } 1083 1084 static void aspeed_smc_dma_rw(AspeedSMCState *s) 1085 { 1086 MemTxResult result; 1087 uint32_t data; 1088 1089 while (s->regs[R_DMA_LEN]) { 1090 if (s->regs[R_DMA_CTRL] & DMA_CTRL_WRITE) { 1091 data = address_space_ldl_le(&s->dram_as, s->regs[R_DMA_DRAM_ADDR], 1092 MEMTXATTRS_UNSPECIFIED, &result); 1093 if (result != MEMTX_OK) { 1094 qemu_log_mask(LOG_GUEST_ERROR, "%s: DRAM read failed @%08x\n", 1095 __func__, s->regs[R_DMA_DRAM_ADDR]); 1096 return; 1097 } 1098 1099 address_space_stl_le(&s->flash_as, s->regs[R_DMA_FLASH_ADDR], 1100 data, MEMTXATTRS_UNSPECIFIED, &result); 1101 if (result != MEMTX_OK) { 1102 qemu_log_mask(LOG_GUEST_ERROR, "%s: Flash write failed @%08x\n", 1103 __func__, s->regs[R_DMA_FLASH_ADDR]); 1104 return; 1105 } 1106 } else { 1107 data = address_space_ldl_le(&s->flash_as, s->regs[R_DMA_FLASH_ADDR], 1108 MEMTXATTRS_UNSPECIFIED, &result); 1109 if (result != MEMTX_OK) { 1110 qemu_log_mask(LOG_GUEST_ERROR, "%s: Flash read failed @%08x\n", 1111 __func__, s->regs[R_DMA_FLASH_ADDR]); 1112 return; 1113 } 1114 1115 address_space_stl_le(&s->dram_as, s->regs[R_DMA_DRAM_ADDR], 1116 data, MEMTXATTRS_UNSPECIFIED, &result); 1117 if (result != MEMTX_OK) { 1118 qemu_log_mask(LOG_GUEST_ERROR, "%s: DRAM write failed @%08x\n", 1119 __func__, s->regs[R_DMA_DRAM_ADDR]); 1120 return; 1121 } 1122 } 1123 1124 /* 1125 * When the DMA is on-going, the DMA registers are updated 1126 * with the current working addresses and length. 1127 */ 1128 s->regs[R_DMA_FLASH_ADDR] += 4; 1129 s->regs[R_DMA_DRAM_ADDR] += 4; 1130 s->regs[R_DMA_LEN] -= 4; 1131 s->regs[R_DMA_CHECKSUM] += data; 1132 } 1133 } 1134 1135 static void aspeed_smc_dma_stop(AspeedSMCState *s) 1136 { 1137 /* 1138 * When the DMA is disabled, INTR_CTRL_DMA_STATUS=0 means the 1139 * engine is idle 1140 */ 1141 s->regs[R_INTR_CTRL] &= ~INTR_CTRL_DMA_STATUS; 1142 s->regs[R_DMA_CHECKSUM] = 0; 1143 1144 /* 1145 * Lower the DMA irq in any case. The IRQ control register could 1146 * have been cleared before disabling the DMA. 1147 */ 1148 qemu_irq_lower(s->irq); 1149 } 1150 1151 /* 1152 * When INTR_CTRL_DMA_STATUS=1, the DMA has completed and a new DMA 1153 * can start even if the result of the previous was not collected. 1154 */ 1155 static bool aspeed_smc_dma_in_progress(AspeedSMCState *s) 1156 { 1157 return s->regs[R_DMA_CTRL] & DMA_CTRL_ENABLE && 1158 !(s->regs[R_INTR_CTRL] & INTR_CTRL_DMA_STATUS); 1159 } 1160 1161 static void aspeed_smc_dma_done(AspeedSMCState *s) 1162 { 1163 s->regs[R_INTR_CTRL] |= INTR_CTRL_DMA_STATUS; 1164 if (s->regs[R_INTR_CTRL] & INTR_CTRL_DMA_EN) { 1165 qemu_irq_raise(s->irq); 1166 } 1167 } 1168 1169 static void aspeed_smc_dma_ctrl(AspeedSMCState *s, uint64_t dma_ctrl) 1170 { 1171 if (!(dma_ctrl & DMA_CTRL_ENABLE)) { 1172 s->regs[R_DMA_CTRL] = dma_ctrl; 1173 1174 aspeed_smc_dma_stop(s); 1175 return; 1176 } 1177 1178 if (aspeed_smc_dma_in_progress(s)) { 1179 qemu_log_mask(LOG_GUEST_ERROR, "%s: DMA in progress\n", __func__); 1180 return; 1181 } 1182 1183 s->regs[R_DMA_CTRL] = dma_ctrl; 1184 1185 if (s->regs[R_DMA_CTRL] & DMA_CTRL_CKSUM) { 1186 aspeed_smc_dma_checksum(s); 1187 } else { 1188 aspeed_smc_dma_rw(s); 1189 } 1190 1191 aspeed_smc_dma_done(s); 1192 } 1193 1194 static void aspeed_smc_write(void *opaque, hwaddr addr, uint64_t data, 1195 unsigned int size) 1196 { 1197 AspeedSMCState *s = ASPEED_SMC(opaque); 1198 uint32_t value = data; 1199 1200 addr >>= 2; 1201 1202 if (addr == s->r_conf || 1203 addr == s->r_timings || 1204 addr == s->r_ce_ctrl) { 1205 s->regs[addr] = value; 1206 } else if (addr >= s->r_ctrl0 && addr < s->r_ctrl0 + s->num_cs) { 1207 int cs = addr - s->r_ctrl0; 1208 s->regs[addr] = value; 1209 aspeed_smc_flash_update_cs(&s->flashes[cs]); 1210 } else if (addr >= R_SEG_ADDR0 && 1211 addr < R_SEG_ADDR0 + s->ctrl->max_slaves) { 1212 int cs = addr - R_SEG_ADDR0; 1213 1214 if (value != s->regs[R_SEG_ADDR0 + cs]) { 1215 aspeed_smc_flash_set_segment(s, cs, value); 1216 } 1217 } else if (addr == R_DUMMY_DATA) { 1218 s->regs[addr] = value & 0xff; 1219 } else if (addr == R_INTR_CTRL) { 1220 s->regs[addr] = value; 1221 } else if (s->ctrl->has_dma && addr == R_DMA_CTRL) { 1222 aspeed_smc_dma_ctrl(s, value); 1223 } else if (s->ctrl->has_dma && addr == R_DMA_DRAM_ADDR) { 1224 s->regs[addr] = DMA_DRAM_ADDR(s, value); 1225 } else if (s->ctrl->has_dma && addr == R_DMA_FLASH_ADDR) { 1226 s->regs[addr] = DMA_FLASH_ADDR(s, value); 1227 } else if (s->ctrl->has_dma && addr == R_DMA_LEN) { 1228 s->regs[addr] = DMA_LENGTH(value); 1229 } else { 1230 qemu_log_mask(LOG_UNIMP, "%s: not implemented: 0x%" HWADDR_PRIx "\n", 1231 __func__, addr); 1232 return; 1233 } 1234 } 1235 1236 static const MemoryRegionOps aspeed_smc_ops = { 1237 .read = aspeed_smc_read, 1238 .write = aspeed_smc_write, 1239 .endianness = DEVICE_LITTLE_ENDIAN, 1240 .valid.unaligned = true, 1241 }; 1242 1243 1244 /* 1245 * Initialize the custom address spaces for DMAs 1246 */ 1247 static void aspeed_smc_dma_setup(AspeedSMCState *s, Error **errp) 1248 { 1249 char *name; 1250 1251 if (!s->dram_mr) { 1252 error_setg(errp, TYPE_ASPEED_SMC ": 'dram' link not set"); 1253 return; 1254 } 1255 1256 name = g_strdup_printf("%s-dma-flash", s->ctrl->name); 1257 address_space_init(&s->flash_as, &s->mmio_flash, name); 1258 g_free(name); 1259 1260 name = g_strdup_printf("%s-dma-dram", s->ctrl->name); 1261 address_space_init(&s->dram_as, s->dram_mr, name); 1262 g_free(name); 1263 } 1264 1265 static void aspeed_smc_realize(DeviceState *dev, Error **errp) 1266 { 1267 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1268 AspeedSMCState *s = ASPEED_SMC(dev); 1269 AspeedSMCClass *mc = ASPEED_SMC_GET_CLASS(s); 1270 int i; 1271 char name[32]; 1272 hwaddr offset = 0; 1273 1274 s->ctrl = mc->ctrl; 1275 1276 /* keep a copy under AspeedSMCState to speed up accesses */ 1277 s->r_conf = s->ctrl->r_conf; 1278 s->r_ce_ctrl = s->ctrl->r_ce_ctrl; 1279 s->r_ctrl0 = s->ctrl->r_ctrl0; 1280 s->r_timings = s->ctrl->r_timings; 1281 s->conf_enable_w0 = s->ctrl->conf_enable_w0; 1282 1283 /* Enforce some real HW limits */ 1284 if (s->num_cs > s->ctrl->max_slaves) { 1285 qemu_log_mask(LOG_GUEST_ERROR, "%s: num_cs cannot exceed: %d\n", 1286 __func__, s->ctrl->max_slaves); 1287 s->num_cs = s->ctrl->max_slaves; 1288 } 1289 1290 /* DMA irq. Keep it first for the initialization in the SoC */ 1291 sysbus_init_irq(sbd, &s->irq); 1292 1293 s->spi = ssi_create_bus(dev, "spi"); 1294 1295 /* Setup cs_lines for slaves */ 1296 s->cs_lines = g_new0(qemu_irq, s->num_cs); 1297 ssi_auto_connect_slaves(dev, s->cs_lines, s->spi); 1298 1299 for (i = 0; i < s->num_cs; ++i) { 1300 sysbus_init_irq(sbd, &s->cs_lines[i]); 1301 } 1302 1303 /* The memory region for the controller registers */ 1304 memory_region_init_io(&s->mmio, OBJECT(s), &aspeed_smc_ops, s, 1305 s->ctrl->name, s->ctrl->nregs * 4); 1306 sysbus_init_mmio(sbd, &s->mmio); 1307 1308 /* 1309 * The container memory region representing the address space 1310 * window in which the flash modules are mapped. The size and 1311 * address depends on the SoC model and controller type. 1312 */ 1313 snprintf(name, sizeof(name), "%s.flash", s->ctrl->name); 1314 1315 memory_region_init_io(&s->mmio_flash, OBJECT(s), 1316 &aspeed_smc_flash_default_ops, s, name, 1317 s->ctrl->flash_window_size); 1318 sysbus_init_mmio(sbd, &s->mmio_flash); 1319 1320 s->flashes = g_new0(AspeedSMCFlash, s->ctrl->max_slaves); 1321 1322 /* 1323 * Let's create a sub memory region for each possible slave. All 1324 * have a configurable memory segment in the overall flash mapping 1325 * window of the controller but, there is not necessarily a flash 1326 * module behind to handle the memory accesses. This depends on 1327 * the board configuration. 1328 */ 1329 for (i = 0; i < s->ctrl->max_slaves; ++i) { 1330 AspeedSMCFlash *fl = &s->flashes[i]; 1331 1332 snprintf(name, sizeof(name), "%s.%d", s->ctrl->name, i); 1333 1334 fl->id = i; 1335 fl->controller = s; 1336 fl->size = s->ctrl->segments[i].size; 1337 memory_region_init_io(&fl->mmio, OBJECT(s), &aspeed_smc_flash_ops, 1338 fl, name, fl->size); 1339 memory_region_add_subregion(&s->mmio_flash, offset, &fl->mmio); 1340 offset += fl->size; 1341 } 1342 1343 /* DMA support */ 1344 if (s->ctrl->has_dma) { 1345 aspeed_smc_dma_setup(s, errp); 1346 } 1347 } 1348 1349 static const VMStateDescription vmstate_aspeed_smc = { 1350 .name = "aspeed.smc", 1351 .version_id = 2, 1352 .minimum_version_id = 2, 1353 .fields = (VMStateField[]) { 1354 VMSTATE_UINT32_ARRAY(regs, AspeedSMCState, ASPEED_SMC_R_MAX), 1355 VMSTATE_UINT8(snoop_index, AspeedSMCState), 1356 VMSTATE_UINT8(snoop_dummies, AspeedSMCState), 1357 VMSTATE_END_OF_LIST() 1358 } 1359 }; 1360 1361 static Property aspeed_smc_properties[] = { 1362 DEFINE_PROP_UINT32("num-cs", AspeedSMCState, num_cs, 1), 1363 DEFINE_PROP_BOOL("inject-failure", AspeedSMCState, inject_failure, false), 1364 DEFINE_PROP_UINT64("sdram-base", AspeedSMCState, sdram_base, 0), 1365 DEFINE_PROP_LINK("dram", AspeedSMCState, dram_mr, 1366 TYPE_MEMORY_REGION, MemoryRegion *), 1367 DEFINE_PROP_END_OF_LIST(), 1368 }; 1369 1370 static void aspeed_smc_class_init(ObjectClass *klass, void *data) 1371 { 1372 DeviceClass *dc = DEVICE_CLASS(klass); 1373 AspeedSMCClass *mc = ASPEED_SMC_CLASS(klass); 1374 1375 dc->realize = aspeed_smc_realize; 1376 dc->reset = aspeed_smc_reset; 1377 dc->props = aspeed_smc_properties; 1378 dc->vmsd = &vmstate_aspeed_smc; 1379 mc->ctrl = data; 1380 } 1381 1382 static const TypeInfo aspeed_smc_info = { 1383 .name = TYPE_ASPEED_SMC, 1384 .parent = TYPE_SYS_BUS_DEVICE, 1385 .instance_size = sizeof(AspeedSMCState), 1386 .class_size = sizeof(AspeedSMCClass), 1387 .abstract = true, 1388 }; 1389 1390 static void aspeed_smc_register_types(void) 1391 { 1392 int i; 1393 1394 type_register_static(&aspeed_smc_info); 1395 for (i = 0; i < ARRAY_SIZE(controllers); ++i) { 1396 TypeInfo ti = { 1397 .name = controllers[i].name, 1398 .parent = TYPE_ASPEED_SMC, 1399 .class_init = aspeed_smc_class_init, 1400 .class_data = (void *)&controllers[i], 1401 }; 1402 type_register(&ti); 1403 } 1404 } 1405 1406 type_init(aspeed_smc_register_types) 1407