1 /*
2 * QEMU Universal Flash Storage (UFS) Controller
3 *
4 * Copyright (c) 2023 Samsung Electronics Co., Ltd. All rights reserved.
5 *
6 * Written by Jeuk Kim <jeuk20.kim@samsung.com>
7 *
8 * SPDX-License-Identifier: GPL-2.0-or-later
9 */
10
11 /**
12 * Reference Specs: https://www.jedec.org/, 4.0
13 *
14 * Usage
15 * -----
16 *
17 * Add options:
18 * -drive file=<file>,if=none,id=<drive_id>
19 * -device ufs,serial=<serial>,id=<bus_name>, \
20 * nutrs=<N[optional]>,nutmrs=<N[optional]>
21 * -device ufs-lu,drive=<drive_id>,bus=<bus_name>
22 */
23
24 #include "qemu/osdep.h"
25 #include "qapi/error.h"
26 #include "migration/vmstate.h"
27 #include "scsi/constants.h"
28 #include "trace.h"
29 #include "ufs.h"
30
31 /* The QEMU-UFS device follows spec version 4.0 */
32 #define UFS_SPEC_VER 0x0400
33 #define UFS_MAX_NUTRS 32
34 #define UFS_MAX_NUTMRS 8
35 #define UFS_MCQ_QCFGPTR 2
36
37 static void ufs_exec_req(UfsRequest *req);
38 static void ufs_clear_req(UfsRequest *req);
39
ufs_mcq_reg_addr(UfsHc * u,int qid)40 static inline uint64_t ufs_mcq_reg_addr(UfsHc *u, int qid)
41 {
42 /* Submission Queue MCQ Registers offset (400h) */
43 return (UFS_MCQ_QCFGPTR * 0x200) + qid * 0x40;
44 }
45
ufs_mcq_op_reg_addr(UfsHc * u,int qid)46 static inline uint64_t ufs_mcq_op_reg_addr(UfsHc *u, int qid)
47 {
48 /* MCQ Operation & Runtime Registers offset (1000h) */
49 return UFS_MCQ_OPR_START + qid * 48;
50 }
51
ufs_reg_size(UfsHc * u)52 static inline uint64_t ufs_reg_size(UfsHc *u)
53 {
54 /* Total UFS HCI Register size in bytes */
55 return ufs_mcq_op_reg_addr(u, 0) + sizeof(u->mcq_op_reg);
56 }
57
ufs_is_mcq_reg(UfsHc * u,uint64_t addr,unsigned size)58 static inline bool ufs_is_mcq_reg(UfsHc *u, uint64_t addr, unsigned size)
59 {
60 uint64_t mcq_reg_addr;
61
62 if (!u->params.mcq) {
63 return false;
64 }
65
66 mcq_reg_addr = ufs_mcq_reg_addr(u, 0);
67 return (addr >= mcq_reg_addr &&
68 addr + size <= mcq_reg_addr + sizeof(u->mcq_reg));
69 }
70
ufs_is_mcq_op_reg(UfsHc * u,uint64_t addr,unsigned size)71 static inline bool ufs_is_mcq_op_reg(UfsHc *u, uint64_t addr, unsigned size)
72 {
73 uint64_t mcq_op_reg_addr;
74
75 if (!u->params.mcq) {
76 return false;
77 }
78
79 mcq_op_reg_addr = ufs_mcq_op_reg_addr(u, 0);
80 return (addr >= mcq_op_reg_addr &&
81 addr + size <= mcq_op_reg_addr + sizeof(u->mcq_op_reg));
82 }
83
ufs_addr_read(UfsHc * u,hwaddr addr,void * buf,int size)84 static MemTxResult ufs_addr_read(UfsHc *u, hwaddr addr, void *buf, int size)
85 {
86 hwaddr hi = addr + size - 1;
87
88 if (hi < addr) {
89 return MEMTX_DECODE_ERROR;
90 }
91
92 if (!FIELD_EX32(u->reg.cap, CAP, 64AS) && (hi >> 32)) {
93 return MEMTX_DECODE_ERROR;
94 }
95
96 return pci_dma_read(PCI_DEVICE(u), addr, buf, size);
97 }
98
ufs_addr_write(UfsHc * u,hwaddr addr,const void * buf,int size)99 static MemTxResult ufs_addr_write(UfsHc *u, hwaddr addr, const void *buf,
100 int size)
101 {
102 hwaddr hi = addr + size - 1;
103 if (hi < addr) {
104 return MEMTX_DECODE_ERROR;
105 }
106
107 if (!FIELD_EX32(u->reg.cap, CAP, 64AS) && (hi >> 32)) {
108 return MEMTX_DECODE_ERROR;
109 }
110
111 return pci_dma_write(PCI_DEVICE(u), addr, buf, size);
112 }
113
ufs_get_utrd_addr(UfsHc * u,uint32_t slot)114 static inline hwaddr ufs_get_utrd_addr(UfsHc *u, uint32_t slot)
115 {
116 hwaddr utrl_base_addr = (((hwaddr)u->reg.utrlbau) << 32) + u->reg.utrlba;
117 hwaddr utrd_addr = utrl_base_addr + slot * sizeof(UtpTransferReqDesc);
118
119 return utrd_addr;
120 }
121
ufs_get_req_upiu_base_addr(const UtpTransferReqDesc * utrd)122 static inline hwaddr ufs_get_req_upiu_base_addr(const UtpTransferReqDesc *utrd)
123 {
124 uint32_t cmd_desc_base_addr_lo =
125 le32_to_cpu(utrd->command_desc_base_addr_lo);
126 uint32_t cmd_desc_base_addr_hi =
127 le32_to_cpu(utrd->command_desc_base_addr_hi);
128
129 return (((hwaddr)cmd_desc_base_addr_hi) << 32) + cmd_desc_base_addr_lo;
130 }
131
ufs_get_rsp_upiu_base_addr(const UtpTransferReqDesc * utrd)132 static inline hwaddr ufs_get_rsp_upiu_base_addr(const UtpTransferReqDesc *utrd)
133 {
134 hwaddr req_upiu_base_addr = ufs_get_req_upiu_base_addr(utrd);
135 uint32_t rsp_upiu_byte_off =
136 le16_to_cpu(utrd->response_upiu_offset) * sizeof(uint32_t);
137 return req_upiu_base_addr + rsp_upiu_byte_off;
138 }
139
ufs_dma_read_utrd(UfsRequest * req)140 static MemTxResult ufs_dma_read_utrd(UfsRequest *req)
141 {
142 UfsHc *u = req->hc;
143 hwaddr utrd_addr = ufs_get_utrd_addr(u, req->slot);
144 MemTxResult ret;
145
146 ret = ufs_addr_read(u, utrd_addr, &req->utrd, sizeof(req->utrd));
147 if (ret) {
148 trace_ufs_err_dma_read_utrd(req->slot, utrd_addr);
149 }
150 return ret;
151 }
152
ufs_dma_read_req_upiu(UfsRequest * req)153 static MemTxResult ufs_dma_read_req_upiu(UfsRequest *req)
154 {
155 UfsHc *u = req->hc;
156 hwaddr req_upiu_base_addr = ufs_get_req_upiu_base_addr(&req->utrd);
157 UtpUpiuReq *req_upiu = &req->req_upiu;
158 uint32_t copy_size;
159 uint16_t data_segment_length;
160 MemTxResult ret;
161
162 /*
163 * To know the size of the req_upiu, we need to read the
164 * data_segment_length in the header first.
165 */
166 ret = ufs_addr_read(u, req_upiu_base_addr, &req_upiu->header,
167 sizeof(UtpUpiuHeader));
168 if (ret) {
169 trace_ufs_err_dma_read_req_upiu(req->slot, req_upiu_base_addr);
170 return ret;
171 }
172 data_segment_length = be16_to_cpu(req_upiu->header.data_segment_length);
173
174 copy_size = sizeof(UtpUpiuHeader) + UFS_TRANSACTION_SPECIFIC_FIELD_SIZE +
175 data_segment_length;
176
177 if (copy_size > sizeof(req->req_upiu)) {
178 copy_size = sizeof(req->req_upiu);
179 }
180
181 ret = ufs_addr_read(u, req_upiu_base_addr, &req->req_upiu, copy_size);
182 if (ret) {
183 trace_ufs_err_dma_read_req_upiu(req->slot, req_upiu_base_addr);
184 }
185 return ret;
186 }
187
ufs_dma_read_prdt(UfsRequest * req)188 static MemTxResult ufs_dma_read_prdt(UfsRequest *req)
189 {
190 UfsHc *u = req->hc;
191 uint16_t prdt_len = le16_to_cpu(req->utrd.prd_table_length);
192 uint16_t prdt_byte_off =
193 le16_to_cpu(req->utrd.prd_table_offset) * sizeof(uint32_t);
194 uint32_t prdt_size = prdt_len * sizeof(UfshcdSgEntry);
195 g_autofree UfshcdSgEntry *prd_entries = NULL;
196 hwaddr req_upiu_base_addr, prdt_base_addr;
197 int err;
198
199 assert(!req->sg);
200
201 if (prdt_size == 0) {
202 return MEMTX_OK;
203 }
204 prd_entries = g_new(UfshcdSgEntry, prdt_size);
205
206 req_upiu_base_addr = ufs_get_req_upiu_base_addr(&req->utrd);
207 prdt_base_addr = req_upiu_base_addr + prdt_byte_off;
208
209 err = ufs_addr_read(u, prdt_base_addr, prd_entries, prdt_size);
210 if (err) {
211 trace_ufs_err_dma_read_prdt(req->slot, prdt_base_addr);
212 return err;
213 }
214
215 req->sg = g_malloc0(sizeof(QEMUSGList));
216 pci_dma_sglist_init(req->sg, PCI_DEVICE(u), prdt_len);
217 req->data_len = 0;
218
219 for (uint16_t i = 0; i < prdt_len; ++i) {
220 hwaddr data_dma_addr = le64_to_cpu(prd_entries[i].addr);
221 uint32_t data_byte_count = le32_to_cpu(prd_entries[i].size) + 1;
222 qemu_sglist_add(req->sg, data_dma_addr, data_byte_count);
223 req->data_len += data_byte_count;
224 }
225 return MEMTX_OK;
226 }
227
ufs_dma_read_upiu(UfsRequest * req)228 static MemTxResult ufs_dma_read_upiu(UfsRequest *req)
229 {
230 MemTxResult ret;
231
232 /*
233 * In case of MCQ, UTRD has already been read from a SQ, so skip it.
234 */
235 if (!ufs_mcq_req(req)) {
236 ret = ufs_dma_read_utrd(req);
237 if (ret) {
238 return ret;
239 }
240 }
241
242 ret = ufs_dma_read_req_upiu(req);
243 if (ret) {
244 return ret;
245 }
246
247 ret = ufs_dma_read_prdt(req);
248 if (ret) {
249 return ret;
250 }
251
252 return 0;
253 }
254
ufs_dma_write_utrd(UfsRequest * req)255 static MemTxResult ufs_dma_write_utrd(UfsRequest *req)
256 {
257 UfsHc *u = req->hc;
258 hwaddr utrd_addr = ufs_get_utrd_addr(u, req->slot);
259 MemTxResult ret;
260
261 ret = ufs_addr_write(u, utrd_addr, &req->utrd, sizeof(req->utrd));
262 if (ret) {
263 trace_ufs_err_dma_write_utrd(req->slot, utrd_addr);
264 }
265 return ret;
266 }
267
ufs_dma_write_rsp_upiu(UfsRequest * req)268 static MemTxResult ufs_dma_write_rsp_upiu(UfsRequest *req)
269 {
270 UfsHc *u = req->hc;
271 hwaddr rsp_upiu_base_addr = ufs_get_rsp_upiu_base_addr(&req->utrd);
272 uint32_t rsp_upiu_byte_len =
273 le16_to_cpu(req->utrd.response_upiu_length) * sizeof(uint32_t);
274 uint16_t data_segment_length =
275 be16_to_cpu(req->rsp_upiu.header.data_segment_length);
276 uint32_t copy_size = sizeof(UtpUpiuHeader) +
277 UFS_TRANSACTION_SPECIFIC_FIELD_SIZE +
278 data_segment_length;
279 MemTxResult ret;
280
281 if (copy_size > rsp_upiu_byte_len) {
282 copy_size = rsp_upiu_byte_len;
283 }
284
285 if (copy_size > sizeof(req->rsp_upiu)) {
286 copy_size = sizeof(req->rsp_upiu);
287 }
288
289 ret = ufs_addr_write(u, rsp_upiu_base_addr, &req->rsp_upiu, copy_size);
290 if (ret) {
291 trace_ufs_err_dma_write_rsp_upiu(req->slot, rsp_upiu_base_addr);
292 }
293 return ret;
294 }
295
ufs_dma_write_upiu(UfsRequest * req)296 static MemTxResult ufs_dma_write_upiu(UfsRequest *req)
297 {
298 MemTxResult ret;
299
300 ret = ufs_dma_write_rsp_upiu(req);
301 if (ret) {
302 return ret;
303 }
304
305 return ufs_dma_write_utrd(req);
306 }
307
ufs_irq_check(UfsHc * u)308 static void ufs_irq_check(UfsHc *u)
309 {
310 PCIDevice *pci = PCI_DEVICE(u);
311
312 if ((u->reg.is & UFS_INTR_MASK) & u->reg.ie) {
313 trace_ufs_irq_raise();
314 pci_irq_assert(pci);
315 } else {
316 trace_ufs_irq_lower();
317 pci_irq_deassert(pci);
318 }
319 }
320
ufs_process_db(UfsHc * u,uint32_t val)321 static void ufs_process_db(UfsHc *u, uint32_t val)
322 {
323 DECLARE_BITMAP(doorbell, UFS_MAX_NUTRS);
324 uint32_t slot;
325 uint32_t nutrs = u->params.nutrs;
326 UfsRequest *req;
327
328 val &= ~u->reg.utrldbr;
329 if (!val) {
330 return;
331 }
332
333 doorbell[0] = val;
334 slot = find_first_bit(doorbell, nutrs);
335
336 while (slot < nutrs) {
337 req = &u->req_list[slot];
338 if (req->state == UFS_REQUEST_ERROR) {
339 trace_ufs_err_utrl_slot_error(req->slot);
340 return;
341 }
342
343 if (req->state != UFS_REQUEST_IDLE) {
344 trace_ufs_err_utrl_slot_busy(req->slot);
345 return;
346 }
347
348 trace_ufs_process_db(slot);
349 req->state = UFS_REQUEST_READY;
350 slot = find_next_bit(doorbell, nutrs, slot + 1);
351 }
352
353 qemu_bh_schedule(u->doorbell_bh);
354 }
355
ufs_process_uiccmd(UfsHc * u,uint32_t val)356 static void ufs_process_uiccmd(UfsHc *u, uint32_t val)
357 {
358 trace_ufs_process_uiccmd(val, u->reg.ucmdarg1, u->reg.ucmdarg2,
359 u->reg.ucmdarg3);
360 /*
361 * Only the essential uic commands for running drivers on Linux and Windows
362 * are implemented.
363 */
364 switch (val) {
365 case UFS_UIC_CMD_DME_LINK_STARTUP:
366 u->reg.hcs = FIELD_DP32(u->reg.hcs, HCS, DP, 1);
367 u->reg.hcs = FIELD_DP32(u->reg.hcs, HCS, UTRLRDY, 1);
368 u->reg.hcs = FIELD_DP32(u->reg.hcs, HCS, UTMRLRDY, 1);
369 u->reg.ucmdarg2 = UFS_UIC_CMD_RESULT_SUCCESS;
370 break;
371 /* TODO: Revisit it when Power Management is implemented */
372 case UFS_UIC_CMD_DME_HIBER_ENTER:
373 u->reg.is = FIELD_DP32(u->reg.is, IS, UHES, 1);
374 u->reg.hcs = FIELD_DP32(u->reg.hcs, HCS, UPMCRS, UFS_PWR_LOCAL);
375 u->reg.ucmdarg2 = UFS_UIC_CMD_RESULT_SUCCESS;
376 break;
377 case UFS_UIC_CMD_DME_HIBER_EXIT:
378 u->reg.is = FIELD_DP32(u->reg.is, IS, UHXS, 1);
379 u->reg.hcs = FIELD_DP32(u->reg.hcs, HCS, UPMCRS, UFS_PWR_LOCAL);
380 u->reg.ucmdarg2 = UFS_UIC_CMD_RESULT_SUCCESS;
381 break;
382 default:
383 u->reg.ucmdarg2 = UFS_UIC_CMD_RESULT_FAILURE;
384 }
385
386 u->reg.is = FIELD_DP32(u->reg.is, IS, UCCS, 1);
387
388 ufs_irq_check(u);
389 }
390
ufs_mcq_init_req(UfsHc * u,UfsRequest * req,UfsSq * sq)391 static void ufs_mcq_init_req(UfsHc *u, UfsRequest *req, UfsSq *sq)
392 {
393 memset(req, 0, sizeof(*req));
394
395 req->hc = u;
396 req->state = UFS_REQUEST_IDLE;
397 req->slot = UFS_INVALID_SLOT;
398 req->sq = sq;
399 }
400
ufs_mcq_process_sq(void * opaque)401 static void ufs_mcq_process_sq(void *opaque)
402 {
403 UfsSq *sq = opaque;
404 UfsHc *u = sq->u;
405 UfsSqEntry sqe;
406 UfsRequest *req;
407 hwaddr addr;
408 uint16_t head = ufs_mcq_sq_head(u, sq->sqid);
409 int err;
410
411 while (!(ufs_mcq_sq_empty(u, sq->sqid) || QTAILQ_EMPTY(&sq->req_list))) {
412 addr = sq->addr + head;
413 err = ufs_addr_read(sq->u, addr, (void *)&sqe, sizeof(sqe));
414 if (err) {
415 trace_ufs_err_dma_read_sq(sq->sqid, addr);
416 return;
417 }
418
419 head = (head + sizeof(sqe)) % (sq->size * sizeof(sqe));
420 ufs_mcq_update_sq_head(u, sq->sqid, head);
421
422 req = QTAILQ_FIRST(&sq->req_list);
423 QTAILQ_REMOVE(&sq->req_list, req, entry);
424
425 ufs_mcq_init_req(sq->u, req, sq);
426 memcpy(&req->utrd, &sqe, sizeof(req->utrd));
427
428 req->state = UFS_REQUEST_RUNNING;
429 ufs_exec_req(req);
430 }
431 }
432
ufs_mcq_process_cq(void * opaque)433 static void ufs_mcq_process_cq(void *opaque)
434 {
435 UfsCq *cq = opaque;
436 UfsHc *u = cq->u;
437 UfsRequest *req, *next;
438 MemTxResult ret;
439 uint32_t tail = ufs_mcq_cq_tail(u, cq->cqid);
440
441 QTAILQ_FOREACH_SAFE(req, &cq->req_list, entry, next)
442 {
443 ufs_dma_write_rsp_upiu(req);
444
445 req->cqe.utp_addr =
446 ((uint64_t)req->utrd.command_desc_base_addr_hi << 32ULL) |
447 req->utrd.command_desc_base_addr_lo;
448 req->cqe.utp_addr |= req->sq->sqid;
449 req->cqe.resp_len = req->utrd.response_upiu_length;
450 req->cqe.resp_off = req->utrd.response_upiu_offset;
451 req->cqe.prdt_len = req->utrd.prd_table_length;
452 req->cqe.prdt_off = req->utrd.prd_table_offset;
453 req->cqe.status = req->utrd.header.dword_2 & 0xf;
454 req->cqe.error = 0;
455
456 ret = ufs_addr_write(u, cq->addr + tail, &req->cqe, sizeof(req->cqe));
457 if (ret) {
458 trace_ufs_err_dma_write_cq(cq->cqid, cq->addr + tail);
459 }
460 QTAILQ_REMOVE(&cq->req_list, req, entry);
461
462 tail = (tail + sizeof(req->cqe)) % (cq->size * sizeof(req->cqe));
463 ufs_mcq_update_cq_tail(u, cq->cqid, tail);
464
465 ufs_clear_req(req);
466 QTAILQ_INSERT_TAIL(&req->sq->req_list, req, entry);
467 }
468
469 if (!ufs_mcq_cq_empty(u, cq->cqid)) {
470 u->mcq_op_reg[cq->cqid].cq_int.is =
471 FIELD_DP32(u->mcq_op_reg[cq->cqid].cq_int.is, CQIS, TEPS, 1);
472
473 u->reg.is = FIELD_DP32(u->reg.is, IS, CQES, 1);
474 ufs_irq_check(u);
475 }
476 }
477
ufs_mcq_create_sq(UfsHc * u,uint8_t qid,uint32_t attr)478 static bool ufs_mcq_create_sq(UfsHc *u, uint8_t qid, uint32_t attr)
479 {
480 UfsMcqReg *reg = &u->mcq_reg[qid];
481 UfsSq *sq;
482 uint8_t cqid = FIELD_EX32(attr, SQATTR, CQID);
483
484 if (qid >= u->params.mcq_maxq) {
485 trace_ufs_err_mcq_create_sq_invalid_sqid(qid);
486 return false;
487 }
488
489 if (u->sq[qid]) {
490 trace_ufs_err_mcq_create_sq_already_exists(qid);
491 return false;
492 }
493
494 if (!u->cq[cqid]) {
495 trace_ufs_err_mcq_create_sq_invalid_cqid(qid);
496 return false;
497 }
498
499 sq = g_malloc0(sizeof(*sq));
500 sq->u = u;
501 sq->sqid = qid;
502 sq->cq = u->cq[cqid];
503 sq->addr = ((uint64_t)reg->squba << 32) | reg->sqlba;
504 sq->size = ((FIELD_EX32(attr, SQATTR, SIZE) + 1) << 2) / sizeof(UfsSqEntry);
505
506 sq->bh = qemu_bh_new_guarded(ufs_mcq_process_sq, sq,
507 &DEVICE(u)->mem_reentrancy_guard);
508 sq->req = g_new0(UfsRequest, sq->size);
509 QTAILQ_INIT(&sq->req_list);
510 for (int i = 0; i < sq->size; i++) {
511 ufs_mcq_init_req(u, &sq->req[i], sq);
512 QTAILQ_INSERT_TAIL(&sq->req_list, &sq->req[i], entry);
513 }
514
515 u->sq[qid] = sq;
516
517 trace_ufs_mcq_create_sq(sq->sqid, sq->cq->cqid, sq->addr, sq->size);
518 return true;
519 }
520
ufs_mcq_delete_sq(UfsHc * u,uint8_t qid)521 static bool ufs_mcq_delete_sq(UfsHc *u, uint8_t qid)
522 {
523 UfsSq *sq;
524
525 if (qid >= u->params.mcq_maxq) {
526 trace_ufs_err_mcq_delete_sq_invalid_sqid(qid);
527 return false;
528 }
529
530 if (!u->sq[qid]) {
531 trace_ufs_err_mcq_delete_sq_not_exists(qid);
532 return false;
533 }
534
535 sq = u->sq[qid];
536
537 qemu_bh_delete(sq->bh);
538 g_free(sq->req);
539 g_free(sq);
540 u->sq[qid] = NULL;
541 return true;
542 }
543
ufs_mcq_create_cq(UfsHc * u,uint8_t qid,uint32_t attr)544 static bool ufs_mcq_create_cq(UfsHc *u, uint8_t qid, uint32_t attr)
545 {
546 UfsMcqReg *reg = &u->mcq_reg[qid];
547 UfsCq *cq;
548
549 if (qid >= u->params.mcq_maxq) {
550 trace_ufs_err_mcq_create_cq_invalid_cqid(qid);
551 return false;
552 }
553
554 if (u->cq[qid]) {
555 trace_ufs_err_mcq_create_cq_already_exists(qid);
556 return false;
557 }
558
559 cq = g_malloc0(sizeof(*cq));
560 cq->u = u;
561 cq->cqid = qid;
562 cq->addr = ((uint64_t)reg->cquba << 32) | reg->cqlba;
563 cq->size = ((FIELD_EX32(attr, CQATTR, SIZE) + 1) << 2) / sizeof(UfsCqEntry);
564
565 cq->bh = qemu_bh_new_guarded(ufs_mcq_process_cq, cq,
566 &DEVICE(u)->mem_reentrancy_guard);
567 QTAILQ_INIT(&cq->req_list);
568
569 u->cq[qid] = cq;
570
571 trace_ufs_mcq_create_cq(cq->cqid, cq->addr, cq->size);
572 return true;
573 }
574
ufs_mcq_delete_cq(UfsHc * u,uint8_t qid)575 static bool ufs_mcq_delete_cq(UfsHc *u, uint8_t qid)
576 {
577 UfsCq *cq;
578
579 if (qid >= u->params.mcq_maxq) {
580 trace_ufs_err_mcq_delete_cq_invalid_cqid(qid);
581 return false;
582 }
583
584 if (!u->cq[qid]) {
585 trace_ufs_err_mcq_delete_cq_not_exists(qid);
586 return false;
587 }
588
589 for (int i = 0; i < ARRAY_SIZE(u->sq); i++) {
590 if (u->sq[i] && u->sq[i]->cq->cqid == qid) {
591 trace_ufs_err_mcq_delete_cq_sq_not_deleted(i, qid);
592 return false;
593 }
594 }
595
596 cq = u->cq[qid];
597
598 qemu_bh_delete(cq->bh);
599 g_free(cq);
600 u->cq[qid] = NULL;
601 return true;
602 }
603
ufs_write_reg(UfsHc * u,hwaddr offset,uint32_t data,unsigned size)604 static void ufs_write_reg(UfsHc *u, hwaddr offset, uint32_t data, unsigned size)
605 {
606 switch (offset) {
607 case A_IS:
608 u->reg.is &= ~data;
609 ufs_irq_check(u);
610 break;
611 case A_IE:
612 u->reg.ie = data;
613 ufs_irq_check(u);
614 break;
615 case A_HCE:
616 if (!FIELD_EX32(u->reg.hce, HCE, HCE) && FIELD_EX32(data, HCE, HCE)) {
617 u->reg.hcs = FIELD_DP32(u->reg.hcs, HCS, UCRDY, 1);
618 u->reg.hce = FIELD_DP32(u->reg.hce, HCE, HCE, 1);
619 } else if (FIELD_EX32(u->reg.hce, HCE, HCE) &&
620 !FIELD_EX32(data, HCE, HCE)) {
621 u->reg.hcs = 0;
622 u->reg.hce = FIELD_DP32(u->reg.hce, HCE, HCE, 0);
623 }
624 break;
625 case A_UTRLBA:
626 u->reg.utrlba = data & R_UTRLBA_UTRLBA_MASK;
627 break;
628 case A_UTRLBAU:
629 u->reg.utrlbau = data;
630 break;
631 case A_UTRLDBR:
632 ufs_process_db(u, data);
633 u->reg.utrldbr |= data;
634 break;
635 case A_UTRLRSR:
636 u->reg.utrlrsr = data;
637 break;
638 case A_UTRLCNR:
639 u->reg.utrlcnr &= ~data;
640 break;
641 case A_UTMRLBA:
642 u->reg.utmrlba = data & R_UTMRLBA_UTMRLBA_MASK;
643 break;
644 case A_UTMRLBAU:
645 u->reg.utmrlbau = data;
646 break;
647 case A_UICCMD:
648 ufs_process_uiccmd(u, data);
649 break;
650 case A_UCMDARG1:
651 u->reg.ucmdarg1 = data;
652 break;
653 case A_UCMDARG2:
654 u->reg.ucmdarg2 = data;
655 break;
656 case A_UCMDARG3:
657 u->reg.ucmdarg3 = data;
658 break;
659 case A_CONFIG:
660 u->reg.config = data;
661 break;
662 case A_MCQCONFIG:
663 u->reg.mcqconfig = data;
664 break;
665 case A_UTRLCLR:
666 case A_UTMRLDBR:
667 case A_UTMRLCLR:
668 case A_UTMRLRSR:
669 trace_ufs_err_unsupport_register_offset(offset);
670 break;
671 default:
672 trace_ufs_err_invalid_register_offset(offset);
673 break;
674 }
675 }
676
ufs_write_mcq_reg(UfsHc * u,hwaddr offset,uint32_t data,unsigned size)677 static void ufs_write_mcq_reg(UfsHc *u, hwaddr offset, uint32_t data,
678 unsigned size)
679 {
680 int qid = offset / sizeof(UfsMcqReg);
681 UfsMcqReg *reg = &u->mcq_reg[qid];
682
683 switch (offset % sizeof(UfsMcqReg)) {
684 case A_SQATTR:
685 if (!FIELD_EX32(reg->sqattr, SQATTR, SQEN) &&
686 FIELD_EX32(data, SQATTR, SQEN)) {
687 if (!ufs_mcq_create_sq(u, qid, data)) {
688 break;
689 }
690 } else if (FIELD_EX32(reg->sqattr, SQATTR, SQEN) &&
691 !FIELD_EX32(data, SQATTR, SQEN)) {
692 if (!ufs_mcq_delete_sq(u, qid)) {
693 break;
694 }
695 }
696 reg->sqattr = data;
697 break;
698 case A_SQLBA:
699 reg->sqlba = data;
700 break;
701 case A_SQUBA:
702 reg->squba = data;
703 break;
704 case A_SQCFG:
705 reg->sqcfg = data;
706 break;
707 case A_CQATTR:
708 if (!FIELD_EX32(reg->cqattr, CQATTR, CQEN) &&
709 FIELD_EX32(data, CQATTR, CQEN)) {
710 if (!ufs_mcq_create_cq(u, qid, data)) {
711 break;
712 }
713 } else if (FIELD_EX32(reg->cqattr, CQATTR, CQEN) &&
714 !FIELD_EX32(data, CQATTR, CQEN)) {
715 if (!ufs_mcq_delete_cq(u, qid)) {
716 break;
717 }
718 }
719 reg->cqattr = data;
720 break;
721 case A_CQLBA:
722 reg->cqlba = data;
723 break;
724 case A_CQUBA:
725 reg->cquba = data;
726 break;
727 case A_CQCFG:
728 reg->cqcfg = data;
729 break;
730 case A_SQDAO:
731 case A_SQISAO:
732 case A_CQDAO:
733 case A_CQISAO:
734 trace_ufs_err_unsupport_register_offset(offset);
735 break;
736 default:
737 trace_ufs_err_invalid_register_offset(offset);
738 break;
739 }
740 }
741
ufs_mcq_process_db(UfsHc * u,uint8_t qid,uint32_t db)742 static void ufs_mcq_process_db(UfsHc *u, uint8_t qid, uint32_t db)
743 {
744 UfsSq *sq;
745
746 if (qid >= u->params.mcq_maxq) {
747 trace_ufs_err_mcq_db_wr_invalid_sqid(qid);
748 return;
749 }
750
751 sq = u->sq[qid];
752 if (sq->size * sizeof(UfsSqEntry) <= db) {
753 trace_ufs_err_mcq_db_wr_invalid_db(qid, db);
754 return;
755 }
756
757 ufs_mcq_update_sq_tail(u, sq->sqid, db);
758 qemu_bh_schedule(sq->bh);
759 }
760
ufs_write_mcq_op_reg(UfsHc * u,hwaddr offset,uint32_t data,unsigned size)761 static void ufs_write_mcq_op_reg(UfsHc *u, hwaddr offset, uint32_t data,
762 unsigned size)
763 {
764 int qid = offset / sizeof(UfsMcqOpReg);
765 UfsMcqOpReg *opr = &u->mcq_op_reg[qid];
766
767 switch (offset % sizeof(UfsMcqOpReg)) {
768 case offsetof(UfsMcqOpReg, sq.tp):
769 if (opr->sq.tp != data) {
770 ufs_mcq_process_db(u, qid, data);
771 }
772 opr->sq.tp = data;
773 break;
774 case offsetof(UfsMcqOpReg, cq.hp):
775 opr->cq.hp = data;
776 ufs_mcq_update_cq_head(u, qid, data);
777 break;
778 case offsetof(UfsMcqOpReg, cq_int.is):
779 opr->cq_int.is &= ~data;
780 break;
781 default:
782 trace_ufs_err_invalid_register_offset(offset);
783 break;
784 }
785 }
786
ufs_mmio_read(void * opaque,hwaddr addr,unsigned size)787 static uint64_t ufs_mmio_read(void *opaque, hwaddr addr, unsigned size)
788 {
789 UfsHc *u = (UfsHc *)opaque;
790 uint32_t *ptr;
791 uint64_t value;
792 uint64_t offset;
793
794 if (addr + size <= sizeof(u->reg)) {
795 offset = addr;
796 ptr = (uint32_t *)&u->reg;
797 } else if (ufs_is_mcq_reg(u, addr, size)) {
798 offset = addr - ufs_mcq_reg_addr(u, 0);
799 ptr = (uint32_t *)&u->mcq_reg;
800 } else if (ufs_is_mcq_op_reg(u, addr, size)) {
801 offset = addr - ufs_mcq_op_reg_addr(u, 0);
802 ptr = (uint32_t *)&u->mcq_op_reg;
803 } else {
804 trace_ufs_err_invalid_register_offset(addr);
805 return 0;
806 }
807
808 value = ptr[offset >> 2];
809 trace_ufs_mmio_read(addr, value, size);
810 return value;
811 }
812
ufs_mmio_write(void * opaque,hwaddr addr,uint64_t data,unsigned size)813 static void ufs_mmio_write(void *opaque, hwaddr addr, uint64_t data,
814 unsigned size)
815 {
816 UfsHc *u = (UfsHc *)opaque;
817
818 trace_ufs_mmio_write(addr, data, size);
819
820 if (addr + size <= sizeof(u->reg)) {
821 ufs_write_reg(u, addr, data, size);
822 } else if (ufs_is_mcq_reg(u, addr, size)) {
823 ufs_write_mcq_reg(u, addr - ufs_mcq_reg_addr(u, 0), data, size);
824 } else if (ufs_is_mcq_op_reg(u, addr, size)) {
825 ufs_write_mcq_op_reg(u, addr - ufs_mcq_op_reg_addr(u, 0), data, size);
826 } else {
827 trace_ufs_err_invalid_register_offset(addr);
828 }
829 }
830
831 static const MemoryRegionOps ufs_mmio_ops = {
832 .read = ufs_mmio_read,
833 .write = ufs_mmio_write,
834 .endianness = DEVICE_LITTLE_ENDIAN,
835 .impl = {
836 .min_access_size = 4,
837 .max_access_size = 4,
838 },
839 };
840
841
ufs_build_upiu_header(UfsRequest * req,uint8_t trans_type,uint8_t flags,uint8_t response,uint8_t scsi_status,uint16_t data_segment_length)842 void ufs_build_upiu_header(UfsRequest *req, uint8_t trans_type, uint8_t flags,
843 uint8_t response, uint8_t scsi_status,
844 uint16_t data_segment_length)
845 {
846 memcpy(&req->rsp_upiu.header, &req->req_upiu.header, sizeof(UtpUpiuHeader));
847 req->rsp_upiu.header.trans_type = trans_type;
848 req->rsp_upiu.header.flags = flags;
849 req->rsp_upiu.header.response = response;
850 req->rsp_upiu.header.scsi_status = scsi_status;
851 req->rsp_upiu.header.data_segment_length = cpu_to_be16(data_segment_length);
852 }
853
ufs_exec_scsi_cmd(UfsRequest * req)854 static UfsReqResult ufs_exec_scsi_cmd(UfsRequest *req)
855 {
856 UfsHc *u = req->hc;
857 uint8_t lun = req->req_upiu.header.lun;
858
859 UfsLu *lu = NULL;
860
861 trace_ufs_exec_scsi_cmd(req->slot, lun, req->req_upiu.sc.cdb[0]);
862
863 if (!is_wlun(lun) && (lun >= UFS_MAX_LUS || u->lus[lun] == NULL)) {
864 trace_ufs_err_scsi_cmd_invalid_lun(lun);
865 return UFS_REQUEST_FAIL;
866 }
867
868 switch (lun) {
869 case UFS_UPIU_REPORT_LUNS_WLUN:
870 lu = &u->report_wlu;
871 break;
872 case UFS_UPIU_UFS_DEVICE_WLUN:
873 lu = &u->dev_wlu;
874 break;
875 case UFS_UPIU_BOOT_WLUN:
876 lu = &u->boot_wlu;
877 break;
878 case UFS_UPIU_RPMB_WLUN:
879 lu = &u->rpmb_wlu;
880 break;
881 default:
882 lu = u->lus[lun];
883 }
884
885 return lu->scsi_op(lu, req);
886 }
887
ufs_exec_nop_cmd(UfsRequest * req)888 static UfsReqResult ufs_exec_nop_cmd(UfsRequest *req)
889 {
890 trace_ufs_exec_nop_cmd(req->slot);
891 ufs_build_upiu_header(req, UFS_UPIU_TRANSACTION_NOP_IN, 0, 0, 0, 0);
892 return UFS_REQUEST_SUCCESS;
893 }
894
895 /*
896 * This defines the permission of flags based on their IDN. There are some
897 * things that are declared read-only, which is inconsistent with the ufs spec,
898 * because we want to return an error for features that are not yet supported.
899 */
900 static const int flag_permission[UFS_QUERY_FLAG_IDN_COUNT] = {
901 [UFS_QUERY_FLAG_IDN_FDEVICEINIT] = UFS_QUERY_FLAG_READ | UFS_QUERY_FLAG_SET,
902 /* Write protection is not supported */
903 [UFS_QUERY_FLAG_IDN_PERMANENT_WPE] = UFS_QUERY_FLAG_READ,
904 [UFS_QUERY_FLAG_IDN_PWR_ON_WPE] = UFS_QUERY_FLAG_READ,
905 [UFS_QUERY_FLAG_IDN_BKOPS_EN] = UFS_QUERY_FLAG_READ | UFS_QUERY_FLAG_SET |
906 UFS_QUERY_FLAG_CLEAR |
907 UFS_QUERY_FLAG_TOGGLE,
908 [UFS_QUERY_FLAG_IDN_LIFE_SPAN_MODE_ENABLE] =
909 UFS_QUERY_FLAG_READ | UFS_QUERY_FLAG_SET | UFS_QUERY_FLAG_CLEAR |
910 UFS_QUERY_FLAG_TOGGLE,
911 /* Purge Operation is not supported */
912 [UFS_QUERY_FLAG_IDN_PURGE_ENABLE] = UFS_QUERY_FLAG_NONE,
913 /* Refresh Operation is not supported */
914 [UFS_QUERY_FLAG_IDN_REFRESH_ENABLE] = UFS_QUERY_FLAG_NONE,
915 /* Physical Resource Removal is not supported */
916 [UFS_QUERY_FLAG_IDN_FPHYRESOURCEREMOVAL] = UFS_QUERY_FLAG_READ,
917 [UFS_QUERY_FLAG_IDN_BUSY_RTC] = UFS_QUERY_FLAG_READ,
918 [UFS_QUERY_FLAG_IDN_PERMANENTLY_DISABLE_FW_UPDATE] = UFS_QUERY_FLAG_READ,
919 /* Write Booster is not supported */
920 [UFS_QUERY_FLAG_IDN_WB_EN] = UFS_QUERY_FLAG_READ,
921 [UFS_QUERY_FLAG_IDN_WB_BUFF_FLUSH_EN] = UFS_QUERY_FLAG_READ,
922 [UFS_QUERY_FLAG_IDN_WB_BUFF_FLUSH_DURING_HIBERN8] = UFS_QUERY_FLAG_READ,
923 };
924
ufs_flag_check_idn_valid(uint8_t idn,int op)925 static inline QueryRespCode ufs_flag_check_idn_valid(uint8_t idn, int op)
926 {
927 if (idn >= UFS_QUERY_FLAG_IDN_COUNT) {
928 return UFS_QUERY_RESULT_INVALID_IDN;
929 }
930
931 if (!(flag_permission[idn] & op)) {
932 if (op == UFS_QUERY_FLAG_READ) {
933 trace_ufs_err_query_flag_not_readable(idn);
934 return UFS_QUERY_RESULT_NOT_READABLE;
935 }
936 trace_ufs_err_query_flag_not_writable(idn);
937 return UFS_QUERY_RESULT_NOT_WRITEABLE;
938 }
939
940 return UFS_QUERY_RESULT_SUCCESS;
941 }
942
943 static const int attr_permission[UFS_QUERY_ATTR_IDN_COUNT] = {
944 /* booting is not supported */
945 [UFS_QUERY_ATTR_IDN_BOOT_LU_EN] = UFS_QUERY_ATTR_READ,
946 [UFS_QUERY_ATTR_IDN_POWER_MODE] = UFS_QUERY_ATTR_READ,
947 [UFS_QUERY_ATTR_IDN_ACTIVE_ICC_LVL] =
948 UFS_QUERY_ATTR_READ | UFS_QUERY_ATTR_WRITE,
949 [UFS_QUERY_ATTR_IDN_OOO_DATA_EN] = UFS_QUERY_ATTR_READ,
950 [UFS_QUERY_ATTR_IDN_BKOPS_STATUS] = UFS_QUERY_ATTR_READ,
951 [UFS_QUERY_ATTR_IDN_PURGE_STATUS] = UFS_QUERY_ATTR_READ,
952 [UFS_QUERY_ATTR_IDN_MAX_DATA_IN] =
953 UFS_QUERY_ATTR_READ | UFS_QUERY_ATTR_WRITE,
954 [UFS_QUERY_ATTR_IDN_MAX_DATA_OUT] =
955 UFS_QUERY_ATTR_READ | UFS_QUERY_ATTR_WRITE,
956 [UFS_QUERY_ATTR_IDN_DYN_CAP_NEEDED] = UFS_QUERY_ATTR_READ,
957 [UFS_QUERY_ATTR_IDN_REF_CLK_FREQ] =
958 UFS_QUERY_ATTR_READ | UFS_QUERY_ATTR_WRITE,
959 [UFS_QUERY_ATTR_IDN_CONF_DESC_LOCK] = UFS_QUERY_ATTR_READ,
960 [UFS_QUERY_ATTR_IDN_MAX_NUM_OF_RTT] =
961 UFS_QUERY_ATTR_READ | UFS_QUERY_ATTR_WRITE,
962 [UFS_QUERY_ATTR_IDN_EE_CONTROL] =
963 UFS_QUERY_ATTR_READ | UFS_QUERY_ATTR_WRITE,
964 [UFS_QUERY_ATTR_IDN_EE_STATUS] = UFS_QUERY_ATTR_READ,
965 [UFS_QUERY_ATTR_IDN_SECONDS_PASSED] = UFS_QUERY_ATTR_WRITE,
966 [UFS_QUERY_ATTR_IDN_CNTX_CONF] = UFS_QUERY_ATTR_READ,
967 [UFS_QUERY_ATTR_IDN_FFU_STATUS] = UFS_QUERY_ATTR_READ,
968 [UFS_QUERY_ATTR_IDN_PSA_STATE] = UFS_QUERY_ATTR_READ | UFS_QUERY_ATTR_WRITE,
969 [UFS_QUERY_ATTR_IDN_PSA_DATA_SIZE] =
970 UFS_QUERY_ATTR_READ | UFS_QUERY_ATTR_WRITE,
971 [UFS_QUERY_ATTR_IDN_REF_CLK_GATING_WAIT_TIME] = UFS_QUERY_ATTR_READ,
972 [UFS_QUERY_ATTR_IDN_CASE_ROUGH_TEMP] = UFS_QUERY_ATTR_READ,
973 [UFS_QUERY_ATTR_IDN_HIGH_TEMP_BOUND] = UFS_QUERY_ATTR_READ,
974 [UFS_QUERY_ATTR_IDN_LOW_TEMP_BOUND] = UFS_QUERY_ATTR_READ,
975 [UFS_QUERY_ATTR_IDN_THROTTLING_STATUS] = UFS_QUERY_ATTR_READ,
976 [UFS_QUERY_ATTR_IDN_WB_FLUSH_STATUS] = UFS_QUERY_ATTR_READ,
977 [UFS_QUERY_ATTR_IDN_AVAIL_WB_BUFF_SIZE] = UFS_QUERY_ATTR_READ,
978 [UFS_QUERY_ATTR_IDN_WB_BUFF_LIFE_TIME_EST] = UFS_QUERY_ATTR_READ,
979 [UFS_QUERY_ATTR_IDN_CURR_WB_BUFF_SIZE] = UFS_QUERY_ATTR_READ,
980 /* refresh operation is not supported */
981 [UFS_QUERY_ATTR_IDN_REFRESH_STATUS] = UFS_QUERY_ATTR_READ,
982 [UFS_QUERY_ATTR_IDN_REFRESH_FREQ] = UFS_QUERY_ATTR_READ,
983 [UFS_QUERY_ATTR_IDN_REFRESH_UNIT] = UFS_QUERY_ATTR_READ,
984 };
985
ufs_attr_check_idn_valid(uint8_t idn,int op)986 static inline QueryRespCode ufs_attr_check_idn_valid(uint8_t idn, int op)
987 {
988 if (idn >= UFS_QUERY_ATTR_IDN_COUNT) {
989 return UFS_QUERY_RESULT_INVALID_IDN;
990 }
991
992 if (!(attr_permission[idn] & op)) {
993 if (op == UFS_QUERY_ATTR_READ) {
994 trace_ufs_err_query_attr_not_readable(idn);
995 return UFS_QUERY_RESULT_NOT_READABLE;
996 }
997 trace_ufs_err_query_attr_not_writable(idn);
998 return UFS_QUERY_RESULT_NOT_WRITEABLE;
999 }
1000
1001 return UFS_QUERY_RESULT_SUCCESS;
1002 }
1003
ufs_exec_query_flag(UfsRequest * req,int op)1004 static QueryRespCode ufs_exec_query_flag(UfsRequest *req, int op)
1005 {
1006 UfsHc *u = req->hc;
1007 uint8_t idn = req->req_upiu.qr.idn;
1008 uint32_t value;
1009 QueryRespCode ret;
1010
1011 ret = ufs_flag_check_idn_valid(idn, op);
1012 if (ret) {
1013 return ret;
1014 }
1015
1016 if (idn == UFS_QUERY_FLAG_IDN_FDEVICEINIT) {
1017 value = 0;
1018 } else if (op == UFS_QUERY_FLAG_READ) {
1019 value = *(((uint8_t *)&u->flags) + idn);
1020 } else if (op == UFS_QUERY_FLAG_SET) {
1021 value = 1;
1022 } else if (op == UFS_QUERY_FLAG_CLEAR) {
1023 value = 0;
1024 } else if (op == UFS_QUERY_FLAG_TOGGLE) {
1025 value = *(((uint8_t *)&u->flags) + idn);
1026 value = !value;
1027 } else {
1028 trace_ufs_err_query_invalid_opcode(op);
1029 return UFS_QUERY_RESULT_INVALID_OPCODE;
1030 }
1031
1032 *(((uint8_t *)&u->flags) + idn) = value;
1033 req->rsp_upiu.qr.value = cpu_to_be32(value);
1034 return UFS_QUERY_RESULT_SUCCESS;
1035 }
1036
ufs_read_attr_value(UfsHc * u,uint8_t idn)1037 static uint32_t ufs_read_attr_value(UfsHc *u, uint8_t idn)
1038 {
1039 switch (idn) {
1040 case UFS_QUERY_ATTR_IDN_BOOT_LU_EN:
1041 return u->attributes.boot_lun_en;
1042 case UFS_QUERY_ATTR_IDN_POWER_MODE:
1043 return u->attributes.current_power_mode;
1044 case UFS_QUERY_ATTR_IDN_ACTIVE_ICC_LVL:
1045 return u->attributes.active_icc_level;
1046 case UFS_QUERY_ATTR_IDN_OOO_DATA_EN:
1047 return u->attributes.out_of_order_data_en;
1048 case UFS_QUERY_ATTR_IDN_BKOPS_STATUS:
1049 return u->attributes.background_op_status;
1050 case UFS_QUERY_ATTR_IDN_PURGE_STATUS:
1051 return u->attributes.purge_status;
1052 case UFS_QUERY_ATTR_IDN_MAX_DATA_IN:
1053 return u->attributes.max_data_in_size;
1054 case UFS_QUERY_ATTR_IDN_MAX_DATA_OUT:
1055 return u->attributes.max_data_out_size;
1056 case UFS_QUERY_ATTR_IDN_DYN_CAP_NEEDED:
1057 return be32_to_cpu(u->attributes.dyn_cap_needed);
1058 case UFS_QUERY_ATTR_IDN_REF_CLK_FREQ:
1059 return u->attributes.ref_clk_freq;
1060 case UFS_QUERY_ATTR_IDN_CONF_DESC_LOCK:
1061 return u->attributes.config_descr_lock;
1062 case UFS_QUERY_ATTR_IDN_MAX_NUM_OF_RTT:
1063 return u->attributes.max_num_of_rtt;
1064 case UFS_QUERY_ATTR_IDN_EE_CONTROL:
1065 return be16_to_cpu(u->attributes.exception_event_control);
1066 case UFS_QUERY_ATTR_IDN_EE_STATUS:
1067 return be16_to_cpu(u->attributes.exception_event_status);
1068 case UFS_QUERY_ATTR_IDN_SECONDS_PASSED:
1069 return be32_to_cpu(u->attributes.seconds_passed);
1070 case UFS_QUERY_ATTR_IDN_CNTX_CONF:
1071 return be16_to_cpu(u->attributes.context_conf);
1072 case UFS_QUERY_ATTR_IDN_FFU_STATUS:
1073 return u->attributes.device_ffu_status;
1074 case UFS_QUERY_ATTR_IDN_PSA_STATE:
1075 return be32_to_cpu(u->attributes.psa_state);
1076 case UFS_QUERY_ATTR_IDN_PSA_DATA_SIZE:
1077 return be32_to_cpu(u->attributes.psa_data_size);
1078 case UFS_QUERY_ATTR_IDN_REF_CLK_GATING_WAIT_TIME:
1079 return u->attributes.ref_clk_gating_wait_time;
1080 case UFS_QUERY_ATTR_IDN_CASE_ROUGH_TEMP:
1081 return u->attributes.device_case_rough_temperaure;
1082 case UFS_QUERY_ATTR_IDN_HIGH_TEMP_BOUND:
1083 return u->attributes.device_too_high_temp_boundary;
1084 case UFS_QUERY_ATTR_IDN_LOW_TEMP_BOUND:
1085 return u->attributes.device_too_low_temp_boundary;
1086 case UFS_QUERY_ATTR_IDN_THROTTLING_STATUS:
1087 return u->attributes.throttling_status;
1088 case UFS_QUERY_ATTR_IDN_WB_FLUSH_STATUS:
1089 return u->attributes.wb_buffer_flush_status;
1090 case UFS_QUERY_ATTR_IDN_AVAIL_WB_BUFF_SIZE:
1091 return u->attributes.available_wb_buffer_size;
1092 case UFS_QUERY_ATTR_IDN_WB_BUFF_LIFE_TIME_EST:
1093 return u->attributes.wb_buffer_life_time_est;
1094 case UFS_QUERY_ATTR_IDN_CURR_WB_BUFF_SIZE:
1095 return be32_to_cpu(u->attributes.current_wb_buffer_size);
1096 case UFS_QUERY_ATTR_IDN_REFRESH_STATUS:
1097 return u->attributes.refresh_status;
1098 case UFS_QUERY_ATTR_IDN_REFRESH_FREQ:
1099 return u->attributes.refresh_freq;
1100 case UFS_QUERY_ATTR_IDN_REFRESH_UNIT:
1101 return u->attributes.refresh_unit;
1102 }
1103 return 0;
1104 }
1105
ufs_write_attr_value(UfsHc * u,uint8_t idn,uint32_t value)1106 static void ufs_write_attr_value(UfsHc *u, uint8_t idn, uint32_t value)
1107 {
1108 switch (idn) {
1109 case UFS_QUERY_ATTR_IDN_ACTIVE_ICC_LVL:
1110 u->attributes.active_icc_level = value;
1111 break;
1112 case UFS_QUERY_ATTR_IDN_MAX_DATA_IN:
1113 u->attributes.max_data_in_size = value;
1114 break;
1115 case UFS_QUERY_ATTR_IDN_MAX_DATA_OUT:
1116 u->attributes.max_data_out_size = value;
1117 break;
1118 case UFS_QUERY_ATTR_IDN_REF_CLK_FREQ:
1119 u->attributes.ref_clk_freq = value;
1120 break;
1121 case UFS_QUERY_ATTR_IDN_MAX_NUM_OF_RTT:
1122 u->attributes.max_num_of_rtt = value;
1123 break;
1124 case UFS_QUERY_ATTR_IDN_EE_CONTROL:
1125 u->attributes.exception_event_control = cpu_to_be16(value);
1126 break;
1127 case UFS_QUERY_ATTR_IDN_SECONDS_PASSED:
1128 u->attributes.seconds_passed = cpu_to_be32(value);
1129 break;
1130 case UFS_QUERY_ATTR_IDN_PSA_STATE:
1131 u->attributes.psa_state = value;
1132 break;
1133 case UFS_QUERY_ATTR_IDN_PSA_DATA_SIZE:
1134 u->attributes.psa_data_size = cpu_to_be32(value);
1135 break;
1136 }
1137 }
1138
ufs_exec_query_attr(UfsRequest * req,int op)1139 static QueryRespCode ufs_exec_query_attr(UfsRequest *req, int op)
1140 {
1141 UfsHc *u = req->hc;
1142 uint8_t idn = req->req_upiu.qr.idn;
1143 uint32_t value;
1144 QueryRespCode ret;
1145
1146 ret = ufs_attr_check_idn_valid(idn, op);
1147 if (ret) {
1148 return ret;
1149 }
1150
1151 if (op == UFS_QUERY_ATTR_READ) {
1152 value = ufs_read_attr_value(u, idn);
1153 } else {
1154 value = be32_to_cpu(req->req_upiu.qr.value);
1155 ufs_write_attr_value(u, idn, value);
1156 }
1157
1158 req->rsp_upiu.qr.value = cpu_to_be32(value);
1159 return UFS_QUERY_RESULT_SUCCESS;
1160 }
1161
1162 static const RpmbUnitDescriptor rpmb_unit_desc = {
1163 .length = sizeof(RpmbUnitDescriptor),
1164 .descriptor_idn = 2,
1165 .unit_index = UFS_UPIU_RPMB_WLUN,
1166 .lu_enable = 0,
1167 };
1168
ufs_read_unit_desc(UfsRequest * req)1169 static QueryRespCode ufs_read_unit_desc(UfsRequest *req)
1170 {
1171 UfsHc *u = req->hc;
1172 uint8_t lun = req->req_upiu.qr.index;
1173
1174 if (lun != UFS_UPIU_RPMB_WLUN &&
1175 (lun >= UFS_MAX_LUS || u->lus[lun] == NULL)) {
1176 trace_ufs_err_query_invalid_index(req->req_upiu.qr.opcode, lun);
1177 return UFS_QUERY_RESULT_INVALID_INDEX;
1178 }
1179
1180 if (lun == UFS_UPIU_RPMB_WLUN) {
1181 memcpy(&req->rsp_upiu.qr.data, &rpmb_unit_desc, rpmb_unit_desc.length);
1182 } else {
1183 memcpy(&req->rsp_upiu.qr.data, &u->lus[lun]->unit_desc,
1184 sizeof(u->lus[lun]->unit_desc));
1185 }
1186
1187 return UFS_QUERY_RESULT_SUCCESS;
1188 }
1189
manufacturer_str_desc(void)1190 static inline StringDescriptor manufacturer_str_desc(void)
1191 {
1192 StringDescriptor desc = {
1193 .length = 0x12,
1194 .descriptor_idn = UFS_QUERY_DESC_IDN_STRING,
1195 };
1196 desc.UC[0] = cpu_to_be16('R');
1197 desc.UC[1] = cpu_to_be16('E');
1198 desc.UC[2] = cpu_to_be16('D');
1199 desc.UC[3] = cpu_to_be16('H');
1200 desc.UC[4] = cpu_to_be16('A');
1201 desc.UC[5] = cpu_to_be16('T');
1202 return desc;
1203 }
1204
product_name_str_desc(void)1205 static inline StringDescriptor product_name_str_desc(void)
1206 {
1207 StringDescriptor desc = {
1208 .length = 0x22,
1209 .descriptor_idn = UFS_QUERY_DESC_IDN_STRING,
1210 };
1211 desc.UC[0] = cpu_to_be16('Q');
1212 desc.UC[1] = cpu_to_be16('E');
1213 desc.UC[2] = cpu_to_be16('M');
1214 desc.UC[3] = cpu_to_be16('U');
1215 desc.UC[4] = cpu_to_be16(' ');
1216 desc.UC[5] = cpu_to_be16('U');
1217 desc.UC[6] = cpu_to_be16('F');
1218 desc.UC[7] = cpu_to_be16('S');
1219 return desc;
1220 }
1221
product_rev_level_str_desc(void)1222 static inline StringDescriptor product_rev_level_str_desc(void)
1223 {
1224 StringDescriptor desc = {
1225 .length = 0x0a,
1226 .descriptor_idn = UFS_QUERY_DESC_IDN_STRING,
1227 };
1228 desc.UC[0] = cpu_to_be16('0');
1229 desc.UC[1] = cpu_to_be16('0');
1230 desc.UC[2] = cpu_to_be16('0');
1231 desc.UC[3] = cpu_to_be16('1');
1232 return desc;
1233 }
1234
1235 static const StringDescriptor null_str_desc = {
1236 .length = 0x02,
1237 .descriptor_idn = UFS_QUERY_DESC_IDN_STRING,
1238 };
1239
ufs_read_string_desc(UfsRequest * req)1240 static QueryRespCode ufs_read_string_desc(UfsRequest *req)
1241 {
1242 UfsHc *u = req->hc;
1243 uint8_t index = req->req_upiu.qr.index;
1244 StringDescriptor desc;
1245
1246 if (index == u->device_desc.manufacturer_name) {
1247 desc = manufacturer_str_desc();
1248 memcpy(&req->rsp_upiu.qr.data, &desc, desc.length);
1249 } else if (index == u->device_desc.product_name) {
1250 desc = product_name_str_desc();
1251 memcpy(&req->rsp_upiu.qr.data, &desc, desc.length);
1252 } else if (index == u->device_desc.serial_number) {
1253 memcpy(&req->rsp_upiu.qr.data, &null_str_desc, null_str_desc.length);
1254 } else if (index == u->device_desc.oem_id) {
1255 memcpy(&req->rsp_upiu.qr.data, &null_str_desc, null_str_desc.length);
1256 } else if (index == u->device_desc.product_revision_level) {
1257 desc = product_rev_level_str_desc();
1258 memcpy(&req->rsp_upiu.qr.data, &desc, desc.length);
1259 } else {
1260 trace_ufs_err_query_invalid_index(req->req_upiu.qr.opcode, index);
1261 return UFS_QUERY_RESULT_INVALID_INDEX;
1262 }
1263 return UFS_QUERY_RESULT_SUCCESS;
1264 }
1265
interconnect_desc(void)1266 static inline InterconnectDescriptor interconnect_desc(void)
1267 {
1268 InterconnectDescriptor desc = {
1269 .length = sizeof(InterconnectDescriptor),
1270 .descriptor_idn = UFS_QUERY_DESC_IDN_INTERCONNECT,
1271 };
1272 desc.bcd_unipro_version = cpu_to_be16(0x180);
1273 desc.bcd_mphy_version = cpu_to_be16(0x410);
1274 return desc;
1275 }
1276
ufs_read_desc(UfsRequest * req)1277 static QueryRespCode ufs_read_desc(UfsRequest *req)
1278 {
1279 UfsHc *u = req->hc;
1280 QueryRespCode status;
1281 uint8_t idn = req->req_upiu.qr.idn;
1282 uint16_t length = be16_to_cpu(req->req_upiu.qr.length);
1283 InterconnectDescriptor desc;
1284
1285 switch (idn) {
1286 case UFS_QUERY_DESC_IDN_DEVICE:
1287 memcpy(&req->rsp_upiu.qr.data, &u->device_desc, sizeof(u->device_desc));
1288 status = UFS_QUERY_RESULT_SUCCESS;
1289 break;
1290 case UFS_QUERY_DESC_IDN_UNIT:
1291 status = ufs_read_unit_desc(req);
1292 break;
1293 case UFS_QUERY_DESC_IDN_GEOMETRY:
1294 memcpy(&req->rsp_upiu.qr.data, &u->geometry_desc,
1295 sizeof(u->geometry_desc));
1296 status = UFS_QUERY_RESULT_SUCCESS;
1297 break;
1298 case UFS_QUERY_DESC_IDN_INTERCONNECT: {
1299 desc = interconnect_desc();
1300 memcpy(&req->rsp_upiu.qr.data, &desc, sizeof(InterconnectDescriptor));
1301 status = UFS_QUERY_RESULT_SUCCESS;
1302 break;
1303 }
1304 case UFS_QUERY_DESC_IDN_STRING:
1305 status = ufs_read_string_desc(req);
1306 break;
1307 case UFS_QUERY_DESC_IDN_POWER:
1308 /* mocking of power descriptor is not supported */
1309 memset(&req->rsp_upiu.qr.data, 0, sizeof(PowerParametersDescriptor));
1310 req->rsp_upiu.qr.data[0] = sizeof(PowerParametersDescriptor);
1311 req->rsp_upiu.qr.data[1] = UFS_QUERY_DESC_IDN_POWER;
1312 status = UFS_QUERY_RESULT_SUCCESS;
1313 break;
1314 case UFS_QUERY_DESC_IDN_HEALTH:
1315 /* mocking of health descriptor is not supported */
1316 memset(&req->rsp_upiu.qr.data, 0, sizeof(DeviceHealthDescriptor));
1317 req->rsp_upiu.qr.data[0] = sizeof(DeviceHealthDescriptor);
1318 req->rsp_upiu.qr.data[1] = UFS_QUERY_DESC_IDN_HEALTH;
1319 status = UFS_QUERY_RESULT_SUCCESS;
1320 break;
1321 default:
1322 length = 0;
1323 trace_ufs_err_query_invalid_idn(req->req_upiu.qr.opcode, idn);
1324 status = UFS_QUERY_RESULT_INVALID_IDN;
1325 }
1326
1327 if (length > req->rsp_upiu.qr.data[0]) {
1328 length = req->rsp_upiu.qr.data[0];
1329 }
1330 req->rsp_upiu.qr.opcode = req->req_upiu.qr.opcode;
1331 req->rsp_upiu.qr.idn = req->req_upiu.qr.idn;
1332 req->rsp_upiu.qr.index = req->req_upiu.qr.index;
1333 req->rsp_upiu.qr.selector = req->req_upiu.qr.selector;
1334 req->rsp_upiu.qr.length = cpu_to_be16(length);
1335
1336 return status;
1337 }
1338
ufs_exec_query_read(UfsRequest * req)1339 static QueryRespCode ufs_exec_query_read(UfsRequest *req)
1340 {
1341 QueryRespCode status;
1342 switch (req->req_upiu.qr.opcode) {
1343 case UFS_UPIU_QUERY_OPCODE_NOP:
1344 status = UFS_QUERY_RESULT_SUCCESS;
1345 break;
1346 case UFS_UPIU_QUERY_OPCODE_READ_DESC:
1347 status = ufs_read_desc(req);
1348 break;
1349 case UFS_UPIU_QUERY_OPCODE_READ_ATTR:
1350 status = ufs_exec_query_attr(req, UFS_QUERY_ATTR_READ);
1351 break;
1352 case UFS_UPIU_QUERY_OPCODE_READ_FLAG:
1353 status = ufs_exec_query_flag(req, UFS_QUERY_FLAG_READ);
1354 break;
1355 default:
1356 trace_ufs_err_query_invalid_opcode(req->req_upiu.qr.opcode);
1357 status = UFS_QUERY_RESULT_INVALID_OPCODE;
1358 break;
1359 }
1360
1361 return status;
1362 }
1363
ufs_exec_query_write(UfsRequest * req)1364 static QueryRespCode ufs_exec_query_write(UfsRequest *req)
1365 {
1366 QueryRespCode status;
1367 switch (req->req_upiu.qr.opcode) {
1368 case UFS_UPIU_QUERY_OPCODE_NOP:
1369 status = UFS_QUERY_RESULT_SUCCESS;
1370 break;
1371 case UFS_UPIU_QUERY_OPCODE_WRITE_DESC:
1372 /* write descriptor is not supported */
1373 status = UFS_QUERY_RESULT_NOT_WRITEABLE;
1374 break;
1375 case UFS_UPIU_QUERY_OPCODE_WRITE_ATTR:
1376 status = ufs_exec_query_attr(req, UFS_QUERY_ATTR_WRITE);
1377 break;
1378 case UFS_UPIU_QUERY_OPCODE_SET_FLAG:
1379 status = ufs_exec_query_flag(req, UFS_QUERY_FLAG_SET);
1380 break;
1381 case UFS_UPIU_QUERY_OPCODE_CLEAR_FLAG:
1382 status = ufs_exec_query_flag(req, UFS_QUERY_FLAG_CLEAR);
1383 break;
1384 case UFS_UPIU_QUERY_OPCODE_TOGGLE_FLAG:
1385 status = ufs_exec_query_flag(req, UFS_QUERY_FLAG_TOGGLE);
1386 break;
1387 default:
1388 trace_ufs_err_query_invalid_opcode(req->req_upiu.qr.opcode);
1389 status = UFS_QUERY_RESULT_INVALID_OPCODE;
1390 break;
1391 }
1392
1393 return status;
1394 }
1395
ufs_exec_query_cmd(UfsRequest * req)1396 static UfsReqResult ufs_exec_query_cmd(UfsRequest *req)
1397 {
1398 uint8_t query_func = req->req_upiu.header.query_func;
1399 uint16_t data_segment_length;
1400 QueryRespCode status;
1401
1402 trace_ufs_exec_query_cmd(req->slot, req->req_upiu.qr.opcode);
1403 if (query_func == UFS_UPIU_QUERY_FUNC_STANDARD_READ_REQUEST) {
1404 status = ufs_exec_query_read(req);
1405 } else if (query_func == UFS_UPIU_QUERY_FUNC_STANDARD_WRITE_REQUEST) {
1406 status = ufs_exec_query_write(req);
1407 } else {
1408 status = UFS_QUERY_RESULT_GENERAL_FAILURE;
1409 }
1410
1411 data_segment_length = be16_to_cpu(req->rsp_upiu.qr.length);
1412 ufs_build_upiu_header(req, UFS_UPIU_TRANSACTION_QUERY_RSP, 0, status, 0,
1413 data_segment_length);
1414
1415 if (status != UFS_QUERY_RESULT_SUCCESS) {
1416 return UFS_REQUEST_FAIL;
1417 }
1418 return UFS_REQUEST_SUCCESS;
1419 }
1420
ufs_exec_req(UfsRequest * req)1421 static void ufs_exec_req(UfsRequest *req)
1422 {
1423 UfsReqResult req_result;
1424
1425 if (ufs_dma_read_upiu(req)) {
1426 return;
1427 }
1428
1429 switch (req->req_upiu.header.trans_type) {
1430 case UFS_UPIU_TRANSACTION_NOP_OUT:
1431 req_result = ufs_exec_nop_cmd(req);
1432 break;
1433 case UFS_UPIU_TRANSACTION_COMMAND:
1434 req_result = ufs_exec_scsi_cmd(req);
1435 break;
1436 case UFS_UPIU_TRANSACTION_QUERY_REQ:
1437 req_result = ufs_exec_query_cmd(req);
1438 break;
1439 default:
1440 trace_ufs_err_invalid_trans_code(req->slot,
1441 req->req_upiu.header.trans_type);
1442 req_result = UFS_REQUEST_FAIL;
1443 }
1444
1445 /*
1446 * The ufs_complete_req for scsi commands is handled by the
1447 * ufs_scsi_command_complete() callback function. Therefore, to avoid
1448 * duplicate processing, ufs_complete_req() is not called for scsi commands.
1449 */
1450 if (req_result != UFS_REQUEST_NO_COMPLETE) {
1451 ufs_complete_req(req, req_result);
1452 }
1453 }
1454
ufs_process_req(void * opaque)1455 static void ufs_process_req(void *opaque)
1456 {
1457 UfsHc *u = opaque;
1458 UfsRequest *req;
1459 int slot;
1460
1461 for (slot = 0; slot < u->params.nutrs; slot++) {
1462 req = &u->req_list[slot];
1463
1464 if (req->state != UFS_REQUEST_READY) {
1465 continue;
1466 }
1467 trace_ufs_process_req(slot);
1468 req->state = UFS_REQUEST_RUNNING;
1469
1470 ufs_exec_req(req);
1471 }
1472 }
1473
ufs_complete_req(UfsRequest * req,UfsReqResult req_result)1474 void ufs_complete_req(UfsRequest *req, UfsReqResult req_result)
1475 {
1476 UfsHc *u = req->hc;
1477 assert(req->state == UFS_REQUEST_RUNNING);
1478
1479 if (req_result == UFS_REQUEST_SUCCESS) {
1480 req->utrd.header.dword_2 = cpu_to_le32(UFS_OCS_SUCCESS);
1481 } else {
1482 req->utrd.header.dword_2 = cpu_to_le32(UFS_OCS_INVALID_CMD_TABLE_ATTR);
1483 }
1484
1485 req->state = UFS_REQUEST_COMPLETE;
1486
1487 if (ufs_mcq_req(req)) {
1488 trace_ufs_mcq_complete_req(req->sq->sqid);
1489 QTAILQ_INSERT_TAIL(&req->sq->cq->req_list, req, entry);
1490 qemu_bh_schedule(req->sq->cq->bh);
1491 } else {
1492 trace_ufs_complete_req(req->slot);
1493 qemu_bh_schedule(u->complete_bh);
1494 }
1495 }
1496
ufs_clear_req(UfsRequest * req)1497 static void ufs_clear_req(UfsRequest *req)
1498 {
1499 if (req->sg != NULL) {
1500 qemu_sglist_destroy(req->sg);
1501 g_free(req->sg);
1502 req->sg = NULL;
1503 req->data_len = 0;
1504 }
1505
1506 memset(&req->utrd, 0, sizeof(req->utrd));
1507 memset(&req->req_upiu, 0, sizeof(req->req_upiu));
1508 memset(&req->rsp_upiu, 0, sizeof(req->rsp_upiu));
1509 }
1510
ufs_sendback_req(void * opaque)1511 static void ufs_sendback_req(void *opaque)
1512 {
1513 UfsHc *u = opaque;
1514 UfsRequest *req;
1515 int slot;
1516
1517 for (slot = 0; slot < u->params.nutrs; slot++) {
1518 req = &u->req_list[slot];
1519
1520 if (req->state != UFS_REQUEST_COMPLETE) {
1521 continue;
1522 }
1523
1524 if (ufs_dma_write_upiu(req)) {
1525 req->state = UFS_REQUEST_ERROR;
1526 continue;
1527 }
1528
1529 /*
1530 * TODO: UTP Transfer Request Interrupt Aggregation Control is not yet
1531 * supported
1532 */
1533 if (le32_to_cpu(req->utrd.header.dword_2) != UFS_OCS_SUCCESS ||
1534 le32_to_cpu(req->utrd.header.dword_0) & UFS_UTP_REQ_DESC_INT_CMD) {
1535 u->reg.is = FIELD_DP32(u->reg.is, IS, UTRCS, 1);
1536 }
1537
1538 u->reg.utrldbr &= ~(1 << slot);
1539 u->reg.utrlcnr |= (1 << slot);
1540
1541 trace_ufs_sendback_req(req->slot);
1542
1543 ufs_clear_req(req);
1544 req->state = UFS_REQUEST_IDLE;
1545 }
1546
1547 ufs_irq_check(u);
1548 }
1549
ufs_check_constraints(UfsHc * u,Error ** errp)1550 static bool ufs_check_constraints(UfsHc *u, Error **errp)
1551 {
1552 if (u->params.nutrs > UFS_MAX_NUTRS) {
1553 error_setg(errp, "nutrs must be less than or equal to %d",
1554 UFS_MAX_NUTRS);
1555 return false;
1556 }
1557
1558 if (u->params.nutmrs > UFS_MAX_NUTMRS) {
1559 error_setg(errp, "nutmrs must be less than or equal to %d",
1560 UFS_MAX_NUTMRS);
1561 return false;
1562 }
1563
1564 if (u->params.mcq_maxq >= UFS_MAX_MCQ_QNUM) {
1565 error_setg(errp, "mcq-maxq must be less than %d", UFS_MAX_MCQ_QNUM);
1566 return false;
1567 }
1568
1569 return true;
1570 }
1571
ufs_init_pci(UfsHc * u,PCIDevice * pci_dev)1572 static void ufs_init_pci(UfsHc *u, PCIDevice *pci_dev)
1573 {
1574 uint8_t *pci_conf = pci_dev->config;
1575
1576 pci_conf[PCI_INTERRUPT_PIN] = 1;
1577 pci_config_set_prog_interface(pci_conf, 0x1);
1578
1579 memory_region_init_io(&u->iomem, OBJECT(u), &ufs_mmio_ops, u, "ufs",
1580 u->reg_size);
1581 pci_register_bar(pci_dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &u->iomem);
1582 u->irq = pci_allocate_irq(pci_dev);
1583 }
1584
ufs_init_state(UfsHc * u)1585 static void ufs_init_state(UfsHc *u)
1586 {
1587 u->req_list = g_new0(UfsRequest, u->params.nutrs);
1588
1589 for (int i = 0; i < u->params.nutrs; i++) {
1590 u->req_list[i].hc = u;
1591 u->req_list[i].slot = i;
1592 u->req_list[i].sg = NULL;
1593 u->req_list[i].state = UFS_REQUEST_IDLE;
1594 }
1595
1596 u->doorbell_bh = qemu_bh_new_guarded(ufs_process_req, u,
1597 &DEVICE(u)->mem_reentrancy_guard);
1598 u->complete_bh = qemu_bh_new_guarded(ufs_sendback_req, u,
1599 &DEVICE(u)->mem_reentrancy_guard);
1600
1601 if (u->params.mcq) {
1602 memset(u->sq, 0, sizeof(u->sq));
1603 memset(u->cq, 0, sizeof(u->cq));
1604 }
1605 }
1606
ufs_init_hc(UfsHc * u)1607 static void ufs_init_hc(UfsHc *u)
1608 {
1609 uint32_t cap = 0;
1610 uint32_t mcqconfig = 0;
1611 uint32_t mcqcap = 0;
1612
1613 u->reg_size = pow2ceil(ufs_reg_size(u));
1614
1615 memset(&u->reg, 0, sizeof(u->reg));
1616 memset(&u->mcq_reg, 0, sizeof(u->mcq_reg));
1617 memset(&u->mcq_op_reg, 0, sizeof(u->mcq_op_reg));
1618 cap = FIELD_DP32(cap, CAP, NUTRS, (u->params.nutrs - 1));
1619 cap = FIELD_DP32(cap, CAP, RTT, 2);
1620 cap = FIELD_DP32(cap, CAP, NUTMRS, (u->params.nutmrs - 1));
1621 cap = FIELD_DP32(cap, CAP, AUTOH8, 0);
1622 cap = FIELD_DP32(cap, CAP, 64AS, 1);
1623 cap = FIELD_DP32(cap, CAP, OODDS, 0);
1624 cap = FIELD_DP32(cap, CAP, UICDMETMS, 0);
1625 cap = FIELD_DP32(cap, CAP, CS, 0);
1626 cap = FIELD_DP32(cap, CAP, LSDBS, 1);
1627 cap = FIELD_DP32(cap, CAP, MCQS, u->params.mcq);
1628 u->reg.cap = cap;
1629
1630 if (u->params.mcq) {
1631 mcqconfig = FIELD_DP32(mcqconfig, MCQCONFIG, MAC, 0x1f);
1632 u->reg.mcqconfig = mcqconfig;
1633
1634 mcqcap = FIELD_DP32(mcqcap, MCQCAP, MAXQ, u->params.mcq_maxq - 1);
1635 mcqcap = FIELD_DP32(mcqcap, MCQCAP, RRP, 1);
1636 mcqcap = FIELD_DP32(mcqcap, MCQCAP, QCFGPTR, UFS_MCQ_QCFGPTR);
1637 u->reg.mcqcap = mcqcap;
1638
1639 for (int i = 0; i < ARRAY_SIZE(u->mcq_reg); i++) {
1640 uint64_t addr = ufs_mcq_op_reg_addr(u, i);
1641 u->mcq_reg[i].sqdao = addr;
1642 u->mcq_reg[i].sqisao = addr + sizeof(UfsMcqSqReg);
1643 addr += sizeof(UfsMcqSqReg);
1644 u->mcq_reg[i].cqdao = addr + sizeof(UfsMcqSqIntReg);
1645 addr += sizeof(UfsMcqSqIntReg);
1646 u->mcq_reg[i].cqisao = addr + sizeof(UfsMcqCqReg);
1647 }
1648 }
1649 u->reg.ver = UFS_SPEC_VER;
1650
1651 memset(&u->device_desc, 0, sizeof(DeviceDescriptor));
1652 u->device_desc.length = sizeof(DeviceDescriptor);
1653 u->device_desc.descriptor_idn = UFS_QUERY_DESC_IDN_DEVICE;
1654 u->device_desc.device_sub_class = 0x01;
1655 u->device_desc.number_lu = 0x00;
1656 u->device_desc.number_wlu = 0x04;
1657 /* TODO: Revisit it when Power Management is implemented */
1658 u->device_desc.init_power_mode = 0x01; /* Active Mode */
1659 u->device_desc.high_priority_lun = 0x7F; /* Same Priority */
1660 u->device_desc.spec_version = cpu_to_be16(UFS_SPEC_VER);
1661 u->device_desc.manufacturer_name = 0x00;
1662 u->device_desc.product_name = 0x01;
1663 u->device_desc.serial_number = 0x02;
1664 u->device_desc.oem_id = 0x03;
1665 u->device_desc.ud_0_base_offset = 0x16;
1666 u->device_desc.ud_config_p_length = 0x1A;
1667 u->device_desc.device_rtt_cap = 0x02;
1668 u->device_desc.queue_depth = u->params.nutrs;
1669 u->device_desc.product_revision_level = 0x04;
1670
1671 memset(&u->geometry_desc, 0, sizeof(GeometryDescriptor));
1672 u->geometry_desc.length = sizeof(GeometryDescriptor);
1673 u->geometry_desc.descriptor_idn = UFS_QUERY_DESC_IDN_GEOMETRY;
1674 u->geometry_desc.max_number_lu = (UFS_MAX_LUS == 32) ? 0x1 : 0x0;
1675 u->geometry_desc.segment_size = cpu_to_be32(0x2000); /* 4KB */
1676 u->geometry_desc.allocation_unit_size = 0x1; /* 4KB */
1677 u->geometry_desc.min_addr_block_size = 0x8; /* 4KB */
1678 u->geometry_desc.max_in_buffer_size = 0x8;
1679 u->geometry_desc.max_out_buffer_size = 0x8;
1680 u->geometry_desc.rpmb_read_write_size = 0x40;
1681 u->geometry_desc.data_ordering =
1682 0x0; /* out-of-order data transfer is not supported */
1683 u->geometry_desc.max_context_id_number = 0x5;
1684 u->geometry_desc.supported_memory_types = cpu_to_be16(0x8001);
1685
1686 memset(&u->attributes, 0, sizeof(u->attributes));
1687 u->attributes.max_data_in_size = 0x08;
1688 u->attributes.max_data_out_size = 0x08;
1689 u->attributes.ref_clk_freq = 0x01; /* 26 MHz */
1690 /* configure descriptor is not supported */
1691 u->attributes.config_descr_lock = 0x01;
1692 u->attributes.max_num_of_rtt = 0x02;
1693
1694 memset(&u->flags, 0, sizeof(u->flags));
1695 u->flags.permanently_disable_fw_update = 1;
1696 }
1697
ufs_realize(PCIDevice * pci_dev,Error ** errp)1698 static void ufs_realize(PCIDevice *pci_dev, Error **errp)
1699 {
1700 UfsHc *u = UFS(pci_dev);
1701
1702 if (!ufs_check_constraints(u, errp)) {
1703 return;
1704 }
1705
1706 qbus_init(&u->bus, sizeof(UfsBus), TYPE_UFS_BUS, &pci_dev->qdev,
1707 u->parent_obj.qdev.id);
1708
1709 ufs_init_state(u);
1710 ufs_init_hc(u);
1711 ufs_init_pci(u, pci_dev);
1712
1713 ufs_init_wlu(&u->report_wlu, UFS_UPIU_REPORT_LUNS_WLUN);
1714 ufs_init_wlu(&u->dev_wlu, UFS_UPIU_UFS_DEVICE_WLUN);
1715 ufs_init_wlu(&u->boot_wlu, UFS_UPIU_BOOT_WLUN);
1716 ufs_init_wlu(&u->rpmb_wlu, UFS_UPIU_RPMB_WLUN);
1717 }
1718
ufs_exit(PCIDevice * pci_dev)1719 static void ufs_exit(PCIDevice *pci_dev)
1720 {
1721 UfsHc *u = UFS(pci_dev);
1722
1723 qemu_bh_delete(u->doorbell_bh);
1724 qemu_bh_delete(u->complete_bh);
1725
1726 for (int i = 0; i < u->params.nutrs; i++) {
1727 ufs_clear_req(&u->req_list[i]);
1728 }
1729 g_free(u->req_list);
1730
1731 for (int i = 0; i < ARRAY_SIZE(u->sq); i++) {
1732 if (u->sq[i]) {
1733 ufs_mcq_delete_sq(u, i);
1734 }
1735 }
1736 for (int i = 0; i < ARRAY_SIZE(u->cq); i++) {
1737 if (u->cq[i]) {
1738 ufs_mcq_delete_cq(u, i);
1739 }
1740 }
1741 }
1742
1743 static Property ufs_props[] = {
1744 DEFINE_PROP_STRING("serial", UfsHc, params.serial),
1745 DEFINE_PROP_UINT8("nutrs", UfsHc, params.nutrs, 32),
1746 DEFINE_PROP_UINT8("nutmrs", UfsHc, params.nutmrs, 8),
1747 DEFINE_PROP_BOOL("mcq", UfsHc, params.mcq, false),
1748 DEFINE_PROP_UINT8("mcq-maxq", UfsHc, params.mcq_maxq, 2),
1749 DEFINE_PROP_END_OF_LIST(),
1750 };
1751
1752 static const VMStateDescription ufs_vmstate = {
1753 .name = "ufs",
1754 .unmigratable = 1,
1755 };
1756
ufs_class_init(ObjectClass * oc,void * data)1757 static void ufs_class_init(ObjectClass *oc, void *data)
1758 {
1759 DeviceClass *dc = DEVICE_CLASS(oc);
1760 PCIDeviceClass *pc = PCI_DEVICE_CLASS(oc);
1761
1762 pc->realize = ufs_realize;
1763 pc->exit = ufs_exit;
1764 pc->vendor_id = PCI_VENDOR_ID_REDHAT;
1765 pc->device_id = PCI_DEVICE_ID_REDHAT_UFS;
1766 pc->class_id = PCI_CLASS_STORAGE_UFS;
1767
1768 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
1769 dc->desc = "Universal Flash Storage";
1770 device_class_set_props(dc, ufs_props);
1771 dc->vmsd = &ufs_vmstate;
1772 }
1773
ufs_bus_check_address(BusState * qbus,DeviceState * qdev,Error ** errp)1774 static bool ufs_bus_check_address(BusState *qbus, DeviceState *qdev,
1775 Error **errp)
1776 {
1777 if (strcmp(object_get_typename(OBJECT(qdev)), TYPE_UFS_LU) != 0) {
1778 error_setg(errp, "%s cannot be connected to ufs-bus",
1779 object_get_typename(OBJECT(qdev)));
1780 return false;
1781 }
1782
1783 return true;
1784 }
1785
ufs_bus_get_dev_path(DeviceState * dev)1786 static char *ufs_bus_get_dev_path(DeviceState *dev)
1787 {
1788 BusState *bus = qdev_get_parent_bus(dev);
1789
1790 return qdev_get_dev_path(bus->parent);
1791 }
1792
ufs_bus_class_init(ObjectClass * class,void * data)1793 static void ufs_bus_class_init(ObjectClass *class, void *data)
1794 {
1795 BusClass *bc = BUS_CLASS(class);
1796 bc->get_dev_path = ufs_bus_get_dev_path;
1797 bc->check_address = ufs_bus_check_address;
1798 }
1799
1800 static const TypeInfo ufs_info = {
1801 .name = TYPE_UFS,
1802 .parent = TYPE_PCI_DEVICE,
1803 .class_init = ufs_class_init,
1804 .instance_size = sizeof(UfsHc),
1805 .interfaces = (InterfaceInfo[]){ { INTERFACE_PCIE_DEVICE }, {} },
1806 };
1807
1808 static const TypeInfo ufs_bus_info = {
1809 .name = TYPE_UFS_BUS,
1810 .parent = TYPE_BUS,
1811 .class_init = ufs_bus_class_init,
1812 .class_size = sizeof(UfsBusClass),
1813 .instance_size = sizeof(UfsBus),
1814 };
1815
ufs_register_types(void)1816 static void ufs_register_types(void)
1817 {
1818 type_register_static(&ufs_info);
1819 type_register_static(&ufs_bus_info);
1820 }
1821
1822 type_init(ufs_register_types)
1823