xref: /openbmc/qemu/hw/char/pl011.c (revision 990d2c18)
1 /*
2  * Arm PrimeCell PL011 UART
3  *
4  * Copyright (c) 2006 CodeSourcery.
5  * Written by Paul Brook
6  *
7  * This code is licensed under the GPL.
8  */
9 
10 /*
11  * QEMU interface:
12  *  + sysbus MMIO region 0: device registers
13  *  + sysbus IRQ 0: UARTINTR (combined interrupt line)
14  *  + sysbus IRQ 1: UARTRXINTR (receive FIFO interrupt line)
15  *  + sysbus IRQ 2: UARTTXINTR (transmit FIFO interrupt line)
16  *  + sysbus IRQ 3: UARTRTINTR (receive timeout interrupt line)
17  *  + sysbus IRQ 4: UARTMSINTR (momem status interrupt line)
18  *  + sysbus IRQ 5: UARTEINTR (error interrupt line)
19  */
20 
21 #include "qemu/osdep.h"
22 #include "qapi/error.h"
23 #include "hw/char/pl011.h"
24 #include "hw/irq.h"
25 #include "hw/sysbus.h"
26 #include "hw/qdev-clock.h"
27 #include "hw/qdev-properties.h"
28 #include "hw/qdev-properties-system.h"
29 #include "migration/vmstate.h"
30 #include "chardev/char-fe.h"
31 #include "chardev/char-serial.h"
32 #include "qemu/log.h"
33 #include "qemu/module.h"
34 #include "trace.h"
35 
36 DeviceState *pl011_create(hwaddr addr, qemu_irq irq, Chardev *chr)
37 {
38     DeviceState *dev;
39     SysBusDevice *s;
40 
41     dev = qdev_new("pl011");
42     s = SYS_BUS_DEVICE(dev);
43     qdev_prop_set_chr(dev, "chardev", chr);
44     sysbus_realize_and_unref(s, &error_fatal);
45     sysbus_mmio_map(s, 0, addr);
46     sysbus_connect_irq(s, 0, irq);
47 
48     return dev;
49 }
50 
51 /* Flag Register, UARTFR */
52 #define PL011_FLAG_RI   0x100
53 #define PL011_FLAG_TXFE 0x80
54 #define PL011_FLAG_RXFF 0x40
55 #define PL011_FLAG_TXFF 0x20
56 #define PL011_FLAG_RXFE 0x10
57 #define PL011_FLAG_DCD  0x04
58 #define PL011_FLAG_DSR  0x02
59 #define PL011_FLAG_CTS  0x01
60 
61 /* Data Register, UARTDR */
62 #define DR_BE   (1 << 10)
63 
64 /* Interrupt status bits in UARTRIS, UARTMIS, UARTIMSC */
65 #define INT_OE (1 << 10)
66 #define INT_BE (1 << 9)
67 #define INT_PE (1 << 8)
68 #define INT_FE (1 << 7)
69 #define INT_RT (1 << 6)
70 #define INT_TX (1 << 5)
71 #define INT_RX (1 << 4)
72 #define INT_DSR (1 << 3)
73 #define INT_DCD (1 << 2)
74 #define INT_CTS (1 << 1)
75 #define INT_RI (1 << 0)
76 #define INT_E (INT_OE | INT_BE | INT_PE | INT_FE)
77 #define INT_MS (INT_RI | INT_DSR | INT_DCD | INT_CTS)
78 
79 /* Line Control Register, UARTLCR_H */
80 #define LCR_FEN     (1 << 4)
81 #define LCR_BRK     (1 << 0)
82 
83 /* Control Register, UARTCR */
84 #define CR_OUT2     (1 << 13)
85 #define CR_OUT1     (1 << 12)
86 #define CR_RTS      (1 << 11)
87 #define CR_DTR      (1 << 10)
88 #define CR_LBE      (1 << 7)
89 
90 /* Integer Baud Rate Divider, UARTIBRD */
91 #define IBRD_MASK 0x3f
92 
93 /* Fractional Baud Rate Divider, UARTFBRD */
94 #define FBRD_MASK 0xffff
95 
96 static const unsigned char pl011_id_arm[8] =
97   { 0x11, 0x10, 0x14, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
98 static const unsigned char pl011_id_luminary[8] =
99   { 0x11, 0x00, 0x18, 0x01, 0x0d, 0xf0, 0x05, 0xb1 };
100 
101 static const char *pl011_regname(hwaddr offset)
102 {
103     static const char *const rname[] = {
104         [0] = "DR", [1] = "RSR", [6] = "FR", [8] = "ILPR", [9] = "IBRD",
105         [10] = "FBRD", [11] = "LCRH", [12] = "CR", [13] = "IFLS", [14] = "IMSC",
106         [15] = "RIS", [16] = "MIS", [17] = "ICR", [18] = "DMACR",
107     };
108     unsigned idx = offset >> 2;
109 
110     if (idx < ARRAY_SIZE(rname) && rname[idx]) {
111         return rname[idx];
112     }
113     if (idx >= 0x3f8 && idx <= 0x400) {
114         return "ID";
115     }
116     return "UNKN";
117 }
118 
119 /* Which bits in the interrupt status matter for each outbound IRQ line ? */
120 static const uint32_t irqmask[] = {
121     INT_E | INT_MS | INT_RT | INT_TX | INT_RX, /* combined IRQ */
122     INT_RX,
123     INT_TX,
124     INT_RT,
125     INT_MS,
126     INT_E,
127 };
128 
129 static void pl011_update(PL011State *s)
130 {
131     uint32_t flags;
132     int i;
133 
134     flags = s->int_level & s->int_enabled;
135     trace_pl011_irq_state(flags != 0);
136     for (i = 0; i < ARRAY_SIZE(s->irq); i++) {
137         qemu_set_irq(s->irq[i], (flags & irqmask[i]) != 0);
138     }
139 }
140 
141 static bool pl011_is_fifo_enabled(PL011State *s)
142 {
143     return (s->lcr & LCR_FEN) != 0;
144 }
145 
146 static inline unsigned pl011_get_fifo_depth(PL011State *s)
147 {
148     /* Note: FIFO depth is expected to be power-of-2 */
149     return pl011_is_fifo_enabled(s) ? PL011_FIFO_DEPTH : 1;
150 }
151 
152 static inline void pl011_reset_fifo(PL011State *s)
153 {
154     s->read_count = 0;
155     s->read_pos = 0;
156 
157     /* Reset FIFO flags */
158     s->flags &= ~(PL011_FLAG_RXFF | PL011_FLAG_TXFF);
159     s->flags |= PL011_FLAG_RXFE | PL011_FLAG_TXFE;
160 }
161 
162 static uint64_t pl011_read(void *opaque, hwaddr offset,
163                            unsigned size)
164 {
165     PL011State *s = (PL011State *)opaque;
166     uint32_t c;
167     uint64_t r;
168 
169     switch (offset >> 2) {
170     case 0: /* UARTDR */
171         s->flags &= ~PL011_FLAG_RXFF;
172         c = s->read_fifo[s->read_pos];
173         if (s->read_count > 0) {
174             s->read_count--;
175             s->read_pos = (s->read_pos + 1) & (pl011_get_fifo_depth(s) - 1);
176         }
177         if (s->read_count == 0) {
178             s->flags |= PL011_FLAG_RXFE;
179         }
180         if (s->read_count == s->read_trigger - 1)
181             s->int_level &= ~ INT_RX;
182         trace_pl011_read_fifo(s->read_count);
183         s->rsr = c >> 8;
184         pl011_update(s);
185         qemu_chr_fe_accept_input(&s->chr);
186         r = c;
187         break;
188     case 1: /* UARTRSR */
189         r = s->rsr;
190         break;
191     case 6: /* UARTFR */
192         r = s->flags;
193         break;
194     case 8: /* UARTILPR */
195         r = s->ilpr;
196         break;
197     case 9: /* UARTIBRD */
198         r = s->ibrd;
199         break;
200     case 10: /* UARTFBRD */
201         r = s->fbrd;
202         break;
203     case 11: /* UARTLCR_H */
204         r = s->lcr;
205         break;
206     case 12: /* UARTCR */
207         r = s->cr;
208         break;
209     case 13: /* UARTIFLS */
210         r = s->ifl;
211         break;
212     case 14: /* UARTIMSC */
213         r = s->int_enabled;
214         break;
215     case 15: /* UARTRIS */
216         r = s->int_level;
217         break;
218     case 16: /* UARTMIS */
219         r = s->int_level & s->int_enabled;
220         break;
221     case 18: /* UARTDMACR */
222         r = s->dmacr;
223         break;
224     case 0x3f8 ... 0x400:
225         r = s->id[(offset - 0xfe0) >> 2];
226         break;
227     default:
228         qemu_log_mask(LOG_GUEST_ERROR,
229                       "pl011_read: Bad offset 0x%x\n", (int)offset);
230         r = 0;
231         break;
232     }
233 
234     trace_pl011_read(offset, r, pl011_regname(offset));
235     return r;
236 }
237 
238 static void pl011_set_read_trigger(PL011State *s)
239 {
240 #if 0
241     /* The docs say the RX interrupt is triggered when the FIFO exceeds
242        the threshold.  However linux only reads the FIFO in response to an
243        interrupt.  Triggering the interrupt when the FIFO is non-empty seems
244        to make things work.  */
245     if (s->lcr & LCR_FEN)
246         s->read_trigger = (s->ifl >> 1) & 0x1c;
247     else
248 #endif
249         s->read_trigger = 1;
250 }
251 
252 static unsigned int pl011_get_baudrate(const PL011State *s)
253 {
254     uint64_t clk;
255 
256     if (s->ibrd == 0) {
257         return 0;
258     }
259 
260     clk = clock_get_hz(s->clk);
261     return (clk / ((s->ibrd << 6) + s->fbrd)) << 2;
262 }
263 
264 static void pl011_trace_baudrate_change(const PL011State *s)
265 {
266     trace_pl011_baudrate_change(pl011_get_baudrate(s),
267                                 clock_get_hz(s->clk),
268                                 s->ibrd, s->fbrd);
269 }
270 
271 static bool pl011_loopback_enabled(PL011State *s)
272 {
273     return !!(s->cr & CR_LBE);
274 }
275 
276 static void pl011_loopback_mdmctrl(PL011State *s)
277 {
278     uint32_t cr, fr, il;
279 
280     if (!pl011_loopback_enabled(s)) {
281         return;
282     }
283 
284     /*
285      * Loopback software-driven modem control outputs to modem status inputs:
286      *   FR.RI  <= CR.Out2
287      *   FR.DCD <= CR.Out1
288      *   FR.CTS <= CR.RTS
289      *   FR.DSR <= CR.DTR
290      *
291      * The loopback happens immediately even if this call is triggered
292      * by setting only CR.LBE.
293      *
294      * CTS/RTS updates due to enabled hardware flow controls are not
295      * dealt with here.
296      */
297     cr = s->cr;
298     fr = s->flags & ~(PL011_FLAG_RI | PL011_FLAG_DCD |
299                       PL011_FLAG_DSR | PL011_FLAG_CTS);
300     fr |= (cr & CR_OUT2) ? PL011_FLAG_RI  : 0;
301     fr |= (cr & CR_OUT1) ? PL011_FLAG_DCD : 0;
302     fr |= (cr & CR_RTS)  ? PL011_FLAG_CTS : 0;
303     fr |= (cr & CR_DTR)  ? PL011_FLAG_DSR : 0;
304 
305     /* Change interrupts based on updated FR */
306     il = s->int_level & ~(INT_DSR | INT_DCD | INT_CTS | INT_RI);
307     il |= (fr & PL011_FLAG_DSR) ? INT_DSR : 0;
308     il |= (fr & PL011_FLAG_DCD) ? INT_DCD : 0;
309     il |= (fr & PL011_FLAG_CTS) ? INT_CTS : 0;
310     il |= (fr & PL011_FLAG_RI)  ? INT_RI  : 0;
311 
312     s->flags = fr;
313     s->int_level = il;
314     pl011_update(s);
315 }
316 
317 static void pl011_put_fifo(void *opaque, uint32_t value);
318 
319 static void pl011_loopback_tx(PL011State *s, uint32_t value)
320 {
321     if (!pl011_loopback_enabled(s)) {
322         return;
323     }
324 
325     /*
326      * Caveat:
327      *
328      * In real hardware, TX loopback happens at the serial-bit level
329      * and then reassembled by the RX logics back into bytes and placed
330      * into the RX fifo. That is, loopback happens after TX fifo.
331      *
332      * Because the real hardware TX fifo is time-drained at the frame
333      * rate governed by the configured serial format, some loopback
334      * bytes in TX fifo may still be able to get into the RX fifo
335      * that could be full at times while being drained at software
336      * pace.
337      *
338      * In such scenario, the RX draining pace is the major factor
339      * deciding which loopback bytes get into the RX fifo, unless
340      * hardware flow-control is enabled.
341      *
342      * For simplicity, the above described is not emulated.
343      */
344     pl011_put_fifo(s, value);
345 }
346 
347 static void pl011_loopback_break(PL011State *s, int brk_enable)
348 {
349     if (brk_enable) {
350         pl011_loopback_tx(s, DR_BE);
351     }
352 }
353 
354 static void pl011_write(void *opaque, hwaddr offset,
355                         uint64_t value, unsigned size)
356 {
357     PL011State *s = (PL011State *)opaque;
358     unsigned char ch;
359 
360     trace_pl011_write(offset, value, pl011_regname(offset));
361 
362     switch (offset >> 2) {
363     case 0: /* UARTDR */
364         /* ??? Check if transmitter is enabled.  */
365         ch = value;
366         /* XXX this blocks entire thread. Rewrite to use
367          * qemu_chr_fe_write and background I/O callbacks */
368         qemu_chr_fe_write_all(&s->chr, &ch, 1);
369         pl011_loopback_tx(s, ch);
370         s->int_level |= INT_TX;
371         pl011_update(s);
372         break;
373     case 1: /* UARTRSR/UARTECR */
374         s->rsr = 0;
375         break;
376     case 6: /* UARTFR */
377         /* Writes to Flag register are ignored.  */
378         break;
379     case 8: /* UARTILPR */
380         s->ilpr = value;
381         break;
382     case 9: /* UARTIBRD */
383         s->ibrd = value & IBRD_MASK;
384         pl011_trace_baudrate_change(s);
385         break;
386     case 10: /* UARTFBRD */
387         s->fbrd = value & FBRD_MASK;
388         pl011_trace_baudrate_change(s);
389         break;
390     case 11: /* UARTLCR_H */
391         /* Reset the FIFO state on FIFO enable or disable */
392         if ((s->lcr ^ value) & LCR_FEN) {
393             pl011_reset_fifo(s);
394         }
395         if ((s->lcr ^ value) & LCR_BRK) {
396             int break_enable = value & LCR_BRK;
397             qemu_chr_fe_ioctl(&s->chr, CHR_IOCTL_SERIAL_SET_BREAK,
398                               &break_enable);
399             pl011_loopback_break(s, break_enable);
400         }
401         s->lcr = value;
402         pl011_set_read_trigger(s);
403         break;
404     case 12: /* UARTCR */
405         /* ??? Need to implement the enable bit.  */
406         s->cr = value;
407         pl011_loopback_mdmctrl(s);
408         break;
409     case 13: /* UARTIFS */
410         s->ifl = value;
411         pl011_set_read_trigger(s);
412         break;
413     case 14: /* UARTIMSC */
414         s->int_enabled = value;
415         pl011_update(s);
416         break;
417     case 17: /* UARTICR */
418         s->int_level &= ~value;
419         pl011_update(s);
420         break;
421     case 18: /* UARTDMACR */
422         s->dmacr = value;
423         if (value & 3) {
424             qemu_log_mask(LOG_UNIMP, "pl011: DMA not implemented\n");
425         }
426         break;
427     default:
428         qemu_log_mask(LOG_GUEST_ERROR,
429                       "pl011_write: Bad offset 0x%x\n", (int)offset);
430     }
431 }
432 
433 static int pl011_can_receive(void *opaque)
434 {
435     PL011State *s = (PL011State *)opaque;
436     int r;
437 
438     r = s->read_count < pl011_get_fifo_depth(s);
439     trace_pl011_can_receive(s->lcr, s->read_count, r);
440     return r;
441 }
442 
443 static void pl011_put_fifo(void *opaque, uint32_t value)
444 {
445     PL011State *s = (PL011State *)opaque;
446     int slot;
447     unsigned pipe_depth;
448 
449     pipe_depth = pl011_get_fifo_depth(s);
450     slot = (s->read_pos + s->read_count) & (pipe_depth - 1);
451     s->read_fifo[slot] = value;
452     s->read_count++;
453     s->flags &= ~PL011_FLAG_RXFE;
454     trace_pl011_put_fifo(value, s->read_count);
455     if (s->read_count == pipe_depth) {
456         trace_pl011_put_fifo_full();
457         s->flags |= PL011_FLAG_RXFF;
458     }
459     if (s->read_count == s->read_trigger) {
460         s->int_level |= INT_RX;
461         pl011_update(s);
462     }
463 }
464 
465 static void pl011_receive(void *opaque, const uint8_t *buf, int size)
466 {
467     /*
468      * In loopback mode, the RX input signal is internally disconnected
469      * from the entire receiving logics; thus, all inputs are ignored,
470      * and BREAK detection on RX input signal is also not performed.
471      */
472     if (pl011_loopback_enabled(opaque)) {
473         return;
474     }
475 
476     pl011_put_fifo(opaque, *buf);
477 }
478 
479 static void pl011_event(void *opaque, QEMUChrEvent event)
480 {
481     if (event == CHR_EVENT_BREAK && !pl011_loopback_enabled(opaque)) {
482         pl011_put_fifo(opaque, DR_BE);
483     }
484 }
485 
486 static void pl011_clock_update(void *opaque, ClockEvent event)
487 {
488     PL011State *s = PL011(opaque);
489 
490     pl011_trace_baudrate_change(s);
491 }
492 
493 static const MemoryRegionOps pl011_ops = {
494     .read = pl011_read,
495     .write = pl011_write,
496     .endianness = DEVICE_NATIVE_ENDIAN,
497     .impl.min_access_size = 4,
498     .impl.max_access_size = 4,
499 };
500 
501 static bool pl011_clock_needed(void *opaque)
502 {
503     PL011State *s = PL011(opaque);
504 
505     return s->migrate_clk;
506 }
507 
508 static const VMStateDescription vmstate_pl011_clock = {
509     .name = "pl011/clock",
510     .version_id = 1,
511     .minimum_version_id = 1,
512     .needed = pl011_clock_needed,
513     .fields = (const VMStateField[]) {
514         VMSTATE_CLOCK(clk, PL011State),
515         VMSTATE_END_OF_LIST()
516     }
517 };
518 
519 static int pl011_post_load(void *opaque, int version_id)
520 {
521     PL011State* s = opaque;
522 
523     /* Sanity-check input state */
524     if (s->read_pos >= ARRAY_SIZE(s->read_fifo) ||
525         s->read_count > ARRAY_SIZE(s->read_fifo)) {
526         return -1;
527     }
528 
529     if (!pl011_is_fifo_enabled(s) && s->read_count > 0 && s->read_pos > 0) {
530         /*
531          * Older versions of PL011 didn't ensure that the single
532          * character in the FIFO in FIFO-disabled mode is in
533          * element 0 of the array; convert to follow the current
534          * code's assumptions.
535          */
536         s->read_fifo[0] = s->read_fifo[s->read_pos];
537         s->read_pos = 0;
538     }
539 
540     s->ibrd &= IBRD_MASK;
541     s->fbrd &= FBRD_MASK;
542 
543     return 0;
544 }
545 
546 static const VMStateDescription vmstate_pl011 = {
547     .name = "pl011",
548     .version_id = 2,
549     .minimum_version_id = 2,
550     .post_load = pl011_post_load,
551     .fields = (const VMStateField[]) {
552         VMSTATE_UINT32(readbuff, PL011State),
553         VMSTATE_UINT32(flags, PL011State),
554         VMSTATE_UINT32(lcr, PL011State),
555         VMSTATE_UINT32(rsr, PL011State),
556         VMSTATE_UINT32(cr, PL011State),
557         VMSTATE_UINT32(dmacr, PL011State),
558         VMSTATE_UINT32(int_enabled, PL011State),
559         VMSTATE_UINT32(int_level, PL011State),
560         VMSTATE_UINT32_ARRAY(read_fifo, PL011State, PL011_FIFO_DEPTH),
561         VMSTATE_UINT32(ilpr, PL011State),
562         VMSTATE_UINT32(ibrd, PL011State),
563         VMSTATE_UINT32(fbrd, PL011State),
564         VMSTATE_UINT32(ifl, PL011State),
565         VMSTATE_INT32(read_pos, PL011State),
566         VMSTATE_INT32(read_count, PL011State),
567         VMSTATE_INT32(read_trigger, PL011State),
568         VMSTATE_END_OF_LIST()
569     },
570     .subsections = (const VMStateDescription * const []) {
571         &vmstate_pl011_clock,
572         NULL
573     }
574 };
575 
576 static Property pl011_properties[] = {
577     DEFINE_PROP_CHR("chardev", PL011State, chr),
578     DEFINE_PROP_BOOL("migrate-clk", PL011State, migrate_clk, true),
579     DEFINE_PROP_END_OF_LIST(),
580 };
581 
582 static void pl011_init(Object *obj)
583 {
584     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
585     PL011State *s = PL011(obj);
586     int i;
587 
588     memory_region_init_io(&s->iomem, OBJECT(s), &pl011_ops, s, "pl011", 0x1000);
589     sysbus_init_mmio(sbd, &s->iomem);
590     for (i = 0; i < ARRAY_SIZE(s->irq); i++) {
591         sysbus_init_irq(sbd, &s->irq[i]);
592     }
593 
594     s->clk = qdev_init_clock_in(DEVICE(obj), "clk", pl011_clock_update, s,
595                                 ClockUpdate);
596 
597     s->id = pl011_id_arm;
598 }
599 
600 static void pl011_realize(DeviceState *dev, Error **errp)
601 {
602     PL011State *s = PL011(dev);
603 
604     qemu_chr_fe_set_handlers(&s->chr, pl011_can_receive, pl011_receive,
605                              pl011_event, NULL, s, NULL, true);
606 }
607 
608 static void pl011_reset(DeviceState *dev)
609 {
610     PL011State *s = PL011(dev);
611 
612     s->lcr = 0;
613     s->rsr = 0;
614     s->dmacr = 0;
615     s->int_enabled = 0;
616     s->int_level = 0;
617     s->ilpr = 0;
618     s->ibrd = 0;
619     s->fbrd = 0;
620     s->read_trigger = 1;
621     s->ifl = 0x12;
622     s->cr = 0x300;
623     s->flags = 0;
624     pl011_reset_fifo(s);
625 }
626 
627 static void pl011_class_init(ObjectClass *oc, void *data)
628 {
629     DeviceClass *dc = DEVICE_CLASS(oc);
630 
631     dc->realize = pl011_realize;
632     device_class_set_legacy_reset(dc, pl011_reset);
633     dc->vmsd = &vmstate_pl011;
634     device_class_set_props(dc, pl011_properties);
635 }
636 
637 static const TypeInfo pl011_arm_info = {
638     .name          = TYPE_PL011,
639     .parent        = TYPE_SYS_BUS_DEVICE,
640     .instance_size = sizeof(PL011State),
641     .instance_init = pl011_init,
642     .class_init    = pl011_class_init,
643 };
644 
645 static void pl011_luminary_init(Object *obj)
646 {
647     PL011State *s = PL011(obj);
648 
649     s->id = pl011_id_luminary;
650 }
651 
652 static const TypeInfo pl011_luminary_info = {
653     .name          = TYPE_PL011_LUMINARY,
654     .parent        = TYPE_PL011,
655     .instance_init = pl011_luminary_init,
656 };
657 
658 static void pl011_register_types(void)
659 {
660     type_register_static(&pl011_arm_info);
661     type_register_static(&pl011_luminary_info);
662 }
663 
664 type_init(pl011_register_types)
665