xref: /openbmc/qemu/hw/char/serial.c (revision 7618fffd)
1  /*
2   * QEMU 16550A UART emulation
3   *
4   * Copyright (c) 2003-2004 Fabrice Bellard
5   * Copyright (c) 2008 Citrix Systems, Inc.
6   *
7   * Permission is hereby granted, free of charge, to any person obtaining a copy
8   * of this software and associated documentation files (the "Software"), to deal
9   * in the Software without restriction, including without limitation the rights
10   * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11   * copies of the Software, and to permit persons to whom the Software is
12   * furnished to do so, subject to the following conditions:
13   *
14   * The above copyright notice and this permission notice shall be included in
15   * all copies or substantial portions of the Software.
16   *
17   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20   * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23   * THE SOFTWARE.
24   */
25  
26  #include "qemu/osdep.h"
27  #include "qemu/bitops.h"
28  #include "hw/char/serial.h"
29  #include "hw/irq.h"
30  #include "migration/vmstate.h"
31  #include "chardev/char-serial.h"
32  #include "qapi/error.h"
33  #include "qemu/timer.h"
34  #include "sysemu/reset.h"
35  #include "sysemu/runstate.h"
36  #include "qemu/error-report.h"
37  #include "trace.h"
38  #include "hw/qdev-properties.h"
39  #include "hw/qdev-properties-system.h"
40  
41  #define UART_LCR_DLAB   0x80    /* Divisor latch access bit */
42  
43  #define UART_IER_MSI    0x08    /* Enable Modem status interrupt */
44  #define UART_IER_RLSI   0x04    /* Enable receiver line status interrupt */
45  #define UART_IER_THRI   0x02    /* Enable Transmitter holding register int. */
46  #define UART_IER_RDI    0x01    /* Enable receiver data interrupt */
47  
48  #define UART_IIR_NO_INT 0x01    /* No interrupts pending */
49  #define UART_IIR_ID     0x06    /* Mask for the interrupt ID */
50  
51  #define UART_IIR_MSI    0x00    /* Modem status interrupt */
52  #define UART_IIR_THRI   0x02    /* Transmitter holding register empty */
53  #define UART_IIR_RDI    0x04    /* Receiver data interrupt */
54  #define UART_IIR_RLSI   0x06    /* Receiver line status interrupt */
55  #define UART_IIR_CTI    0x0C    /* Character Timeout Indication */
56  
57  #define UART_IIR_FENF   0x80    /* Fifo enabled, but not functioning */
58  #define UART_IIR_FE     0xC0    /* Fifo enabled */
59  
60  /*
61   * These are the definitions for the Modem Control Register
62   */
63  #define UART_MCR_LOOP   0x10    /* Enable loopback test mode */
64  #define UART_MCR_OUT2   0x08    /* Out2 complement */
65  #define UART_MCR_OUT1   0x04    /* Out1 complement */
66  #define UART_MCR_RTS    0x02    /* RTS complement */
67  #define UART_MCR_DTR    0x01    /* DTR complement */
68  
69  /*
70   * These are the definitions for the Modem Status Register
71   */
72  #define UART_MSR_DCD        0x80    /* Data Carrier Detect */
73  #define UART_MSR_RI         0x40    /* Ring Indicator */
74  #define UART_MSR_DSR        0x20    /* Data Set Ready */
75  #define UART_MSR_CTS        0x10    /* Clear to Send */
76  #define UART_MSR_DDCD       0x08    /* Delta DCD */
77  #define UART_MSR_TERI       0x04    /* Trailing edge ring indicator */
78  #define UART_MSR_DDSR       0x02    /* Delta DSR */
79  #define UART_MSR_DCTS       0x01    /* Delta CTS */
80  #define UART_MSR_ANY_DELTA  0x0F    /* Any of the delta bits! */
81  
82  #define UART_LSR_TEMT       0x40    /* Transmitter empty */
83  #define UART_LSR_THRE       0x20    /* Transmit-hold-register empty */
84  #define UART_LSR_BI         0x10    /* Break interrupt indicator */
85  #define UART_LSR_FE         0x08    /* Frame error indicator */
86  #define UART_LSR_PE         0x04    /* Parity error indicator */
87  #define UART_LSR_OE         0x02    /* Overrun error indicator */
88  #define UART_LSR_DR         0x01    /* Receiver data ready */
89  #define UART_LSR_INT_ANY    0x1E    /* Any of the lsr-interrupt-triggering status bits */
90  
91  /* Interrupt trigger levels. The byte-counts are for 16550A - in newer UARTs the byte-count for each ITL is higher. */
92  
93  #define UART_FCR_ITL_1      0x00 /* 1 byte ITL */
94  #define UART_FCR_ITL_2      0x40 /* 4 bytes ITL */
95  #define UART_FCR_ITL_3      0x80 /* 8 bytes ITL */
96  #define UART_FCR_ITL_4      0xC0 /* 14 bytes ITL */
97  
98  #define UART_FCR_DMS        0x08    /* DMA Mode Select */
99  #define UART_FCR_XFR        0x04    /* XMIT Fifo Reset */
100  #define UART_FCR_RFR        0x02    /* RCVR Fifo Reset */
101  #define UART_FCR_FE         0x01    /* FIFO Enable */
102  
103  #define MAX_XMIT_RETRY      4
104  
105  static void serial_receive1(void *opaque, const uint8_t *buf, int size);
106  static void serial_xmit(SerialState *s);
107  
108  static inline void recv_fifo_put(SerialState *s, uint8_t chr)
109  {
110      /* Receive overruns do not overwrite FIFO contents. */
111      if (!fifo8_is_full(&s->recv_fifo)) {
112          fifo8_push(&s->recv_fifo, chr);
113      } else {
114          s->lsr |= UART_LSR_OE;
115      }
116  }
117  
118  static void serial_update_irq(SerialState *s)
119  {
120      uint8_t tmp_iir = UART_IIR_NO_INT;
121  
122      if ((s->ier & UART_IER_RLSI) && (s->lsr & UART_LSR_INT_ANY)) {
123          tmp_iir = UART_IIR_RLSI;
124      } else if ((s->ier & UART_IER_RDI) && s->timeout_ipending) {
125          /* Note that(s->ier & UART_IER_RDI) can mask this interrupt,
126           * this is not in the specification but is observed on existing
127           * hardware.  */
128          tmp_iir = UART_IIR_CTI;
129      } else if ((s->ier & UART_IER_RDI) && (s->lsr & UART_LSR_DR) &&
130                 (!(s->fcr & UART_FCR_FE) ||
131                  s->recv_fifo.num >= s->recv_fifo_itl)) {
132          tmp_iir = UART_IIR_RDI;
133      } else if ((s->ier & UART_IER_THRI) && s->thr_ipending) {
134          tmp_iir = UART_IIR_THRI;
135      } else if ((s->ier & UART_IER_MSI) && (s->msr & UART_MSR_ANY_DELTA)) {
136          tmp_iir = UART_IIR_MSI;
137      }
138  
139      s->iir = tmp_iir | (s->iir & 0xF0);
140  
141      if (tmp_iir != UART_IIR_NO_INT) {
142          qemu_irq_raise(s->irq);
143      } else {
144          qemu_irq_lower(s->irq);
145      }
146  }
147  
148  static void serial_update_parameters(SerialState *s)
149  {
150      float speed;
151      int parity, data_bits, stop_bits, frame_size;
152      QEMUSerialSetParams ssp;
153  
154      /* Start bit. */
155      frame_size = 1;
156      if (s->lcr & 0x08) {
157          /* Parity bit. */
158          frame_size++;
159          if (s->lcr & 0x10)
160              parity = 'E';
161          else
162              parity = 'O';
163      } else {
164              parity = 'N';
165      }
166      if (s->lcr & 0x04) {
167          stop_bits = 2;
168      } else {
169          stop_bits = 1;
170      }
171  
172      data_bits = (s->lcr & 0x03) + 5;
173      frame_size += data_bits + stop_bits;
174      /* Zero divisor should give about 3500 baud */
175      speed = (s->divider == 0) ? 3500 : (float) s->baudbase / s->divider;
176      ssp.speed = speed;
177      ssp.parity = parity;
178      ssp.data_bits = data_bits;
179      ssp.stop_bits = stop_bits;
180      s->char_transmit_time =  (NANOSECONDS_PER_SECOND / speed) * frame_size;
181      qemu_chr_fe_ioctl(&s->chr, CHR_IOCTL_SERIAL_SET_PARAMS, &ssp);
182      trace_serial_update_parameters(speed, parity, data_bits, stop_bits);
183  }
184  
185  static void serial_update_msl(SerialState *s)
186  {
187      uint8_t omsr;
188      int flags;
189  
190      timer_del(s->modem_status_poll);
191  
192      if (qemu_chr_fe_ioctl(&s->chr, CHR_IOCTL_SERIAL_GET_TIOCM,
193                            &flags) == -ENOTSUP) {
194          s->poll_msl = -1;
195          return;
196      }
197  
198      omsr = s->msr;
199  
200      s->msr = (flags & CHR_TIOCM_CTS) ? s->msr | UART_MSR_CTS : s->msr & ~UART_MSR_CTS;
201      s->msr = (flags & CHR_TIOCM_DSR) ? s->msr | UART_MSR_DSR : s->msr & ~UART_MSR_DSR;
202      s->msr = (flags & CHR_TIOCM_CAR) ? s->msr | UART_MSR_DCD : s->msr & ~UART_MSR_DCD;
203      s->msr = (flags & CHR_TIOCM_RI) ? s->msr | UART_MSR_RI : s->msr & ~UART_MSR_RI;
204  
205      if (s->msr != omsr) {
206           /* Set delta bits */
207           s->msr = s->msr | ((s->msr >> 4) ^ (omsr >> 4));
208           /* UART_MSR_TERI only if change was from 1 -> 0 */
209           if ((s->msr & UART_MSR_TERI) && !(omsr & UART_MSR_RI))
210               s->msr &= ~UART_MSR_TERI;
211           serial_update_irq(s);
212      }
213  
214      /* The real 16550A apparently has a 250ns response latency to line status changes.
215         We'll be lazy and poll only every 10ms, and only poll it at all if MSI interrupts are turned on */
216  
217      if (s->poll_msl) {
218          timer_mod(s->modem_status_poll, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
219                    NANOSECONDS_PER_SECOND / 100);
220      }
221  }
222  
223  static gboolean serial_watch_cb(void *do_not_use, GIOCondition cond,
224                                  void *opaque)
225  {
226      SerialState *s = opaque;
227      s->watch_tag = 0;
228      serial_xmit(s);
229      return G_SOURCE_REMOVE;
230  }
231  
232  static void serial_xmit(SerialState *s)
233  {
234      do {
235          assert(!(s->lsr & UART_LSR_TEMT));
236          if (s->tsr_retry == 0) {
237              assert(!(s->lsr & UART_LSR_THRE));
238  
239              if (s->fcr & UART_FCR_FE) {
240                  assert(!fifo8_is_empty(&s->xmit_fifo));
241                  s->tsr = fifo8_pop(&s->xmit_fifo);
242                  if (!s->xmit_fifo.num) {
243                      s->lsr |= UART_LSR_THRE;
244                  }
245              } else {
246                  s->tsr = s->thr;
247                  s->lsr |= UART_LSR_THRE;
248              }
249              if ((s->lsr & UART_LSR_THRE) && !s->thr_ipending) {
250                  s->thr_ipending = 1;
251                  serial_update_irq(s);
252              }
253          }
254  
255          if (s->mcr & UART_MCR_LOOP) {
256              /* in loopback mode, say that we just received a char */
257              serial_receive1(s, &s->tsr, 1);
258          } else {
259              int rc = qemu_chr_fe_write(&s->chr, &s->tsr, 1);
260  
261              if ((rc == 0 ||
262                   (rc == -1 && errno == EAGAIN)) &&
263                  s->tsr_retry < MAX_XMIT_RETRY) {
264                  assert(s->watch_tag == 0);
265                  s->watch_tag =
266                      qemu_chr_fe_add_watch(&s->chr, G_IO_OUT | G_IO_HUP,
267                                            serial_watch_cb, s);
268                  if (s->watch_tag > 0) {
269                      s->tsr_retry++;
270                      return;
271                  }
272              }
273          }
274          s->tsr_retry = 0;
275  
276          /* Transmit another byte if it is already available. It is only
277             possible when FIFO is enabled and not empty. */
278      } while (!(s->lsr & UART_LSR_THRE));
279  
280      s->last_xmit_ts = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
281      s->lsr |= UART_LSR_TEMT;
282  }
283  
284  /* Setter for FCR.
285     is_load flag means, that value is set while loading VM state
286     and interrupt should not be invoked */
287  static void serial_write_fcr(SerialState *s, uint8_t val)
288  {
289      /* Set fcr - val only has the bits that are supposed to "stick" */
290      s->fcr = val;
291  
292      if (val & UART_FCR_FE) {
293          s->iir |= UART_IIR_FE;
294          /* Set recv_fifo trigger Level */
295          switch (val & 0xC0) {
296          case UART_FCR_ITL_1:
297              s->recv_fifo_itl = 1;
298              break;
299          case UART_FCR_ITL_2:
300              s->recv_fifo_itl = 4;
301              break;
302          case UART_FCR_ITL_3:
303              s->recv_fifo_itl = 8;
304              break;
305          case UART_FCR_ITL_4:
306              s->recv_fifo_itl = 14;
307              break;
308          }
309      } else {
310          s->iir &= ~UART_IIR_FE;
311      }
312  }
313  
314  static void serial_update_tiocm(SerialState *s)
315  {
316      int flags;
317  
318      qemu_chr_fe_ioctl(&s->chr, CHR_IOCTL_SERIAL_GET_TIOCM, &flags);
319  
320      flags &= ~(CHR_TIOCM_RTS | CHR_TIOCM_DTR);
321  
322      if (s->mcr & UART_MCR_RTS) {
323          flags |= CHR_TIOCM_RTS;
324      }
325      if (s->mcr & UART_MCR_DTR) {
326          flags |= CHR_TIOCM_DTR;
327      }
328  
329      qemu_chr_fe_ioctl(&s->chr, CHR_IOCTL_SERIAL_SET_TIOCM, &flags);
330  }
331  
332  static void serial_ioport_write(void *opaque, hwaddr addr, uint64_t val,
333                                  unsigned size)
334  {
335      SerialState *s = opaque;
336  
337      assert(size == 1 && addr < 8);
338      trace_serial_write(addr, val);
339      switch(addr) {
340      default:
341      case 0:
342          if (s->lcr & UART_LCR_DLAB) {
343              s->divider = deposit32(s->divider, 8 * addr, 8, val);
344              serial_update_parameters(s);
345          } else {
346              s->thr = (uint8_t) val;
347              if(s->fcr & UART_FCR_FE) {
348                  /* xmit overruns overwrite data, so make space if needed */
349                  if (fifo8_is_full(&s->xmit_fifo)) {
350                      fifo8_pop(&s->xmit_fifo);
351                  }
352                  fifo8_push(&s->xmit_fifo, s->thr);
353              }
354              s->thr_ipending = 0;
355              s->lsr &= ~UART_LSR_THRE;
356              s->lsr &= ~UART_LSR_TEMT;
357              serial_update_irq(s);
358              if (s->tsr_retry == 0) {
359                  serial_xmit(s);
360              }
361          }
362          break;
363      case 1:
364          if (s->lcr & UART_LCR_DLAB) {
365              s->divider = deposit32(s->divider, 8 * addr, 8, val);
366              serial_update_parameters(s);
367          } else {
368              uint8_t changed = (s->ier ^ val) & 0x0f;
369              s->ier = val & 0x0f;
370              /* If the backend device is a real serial port, turn polling of the modem
371               * status lines on physical port on or off depending on UART_IER_MSI state.
372               */
373              if ((changed & UART_IER_MSI) && s->poll_msl >= 0) {
374                  if (s->ier & UART_IER_MSI) {
375                       s->poll_msl = 1;
376                       serial_update_msl(s);
377                  } else {
378                       timer_del(s->modem_status_poll);
379                       s->poll_msl = 0;
380                  }
381              }
382  
383              /* Turning on the THRE interrupt on IER can trigger the interrupt
384               * if LSR.THRE=1, even if it had been masked before by reading IIR.
385               * This is not in the datasheet, but Windows relies on it.  It is
386               * unclear if THRE has to be resampled every time THRI becomes
387               * 1, or only on the rising edge.  Bochs does the latter, and Windows
388               * always toggles IER to all zeroes and back to all ones, so do the
389               * same.
390               *
391               * If IER.THRI is zero, thr_ipending is not used.  Set it to zero
392               * so that the thr_ipending subsection is not migrated.
393               */
394              if (changed & UART_IER_THRI) {
395                  if ((s->ier & UART_IER_THRI) && (s->lsr & UART_LSR_THRE)) {
396                      s->thr_ipending = 1;
397                  } else {
398                      s->thr_ipending = 0;
399                  }
400              }
401  
402              if (changed) {
403                  serial_update_irq(s);
404              }
405          }
406          break;
407      case 2:
408          /* Did the enable/disable flag change? If so, make sure FIFOs get flushed */
409          if ((val ^ s->fcr) & UART_FCR_FE) {
410              val |= UART_FCR_XFR | UART_FCR_RFR;
411          }
412  
413          /* FIFO clear */
414  
415          if (val & UART_FCR_RFR) {
416              s->lsr &= ~(UART_LSR_DR | UART_LSR_BI);
417              timer_del(s->fifo_timeout_timer);
418              s->timeout_ipending = 0;
419              fifo8_reset(&s->recv_fifo);
420          }
421  
422          if (val & UART_FCR_XFR) {
423              s->lsr |= UART_LSR_THRE;
424              s->thr_ipending = 1;
425              fifo8_reset(&s->xmit_fifo);
426          }
427  
428          serial_write_fcr(s, val & 0xC9);
429          serial_update_irq(s);
430          break;
431      case 3:
432          {
433              int break_enable;
434              s->lcr = val;
435              serial_update_parameters(s);
436              break_enable = (val >> 6) & 1;
437              if (break_enable != s->last_break_enable) {
438                  s->last_break_enable = break_enable;
439                  qemu_chr_fe_ioctl(&s->chr, CHR_IOCTL_SERIAL_SET_BREAK,
440                                    &break_enable);
441              }
442          }
443          break;
444      case 4:
445          {
446              int old_mcr = s->mcr;
447              s->mcr = val & 0x1f;
448              if (val & UART_MCR_LOOP)
449                  break;
450  
451              if (s->poll_msl >= 0 && old_mcr != s->mcr) {
452                  serial_update_tiocm(s);
453                  /* Update the modem status after a one-character-send wait-time, since there may be a response
454                     from the device/computer at the other end of the serial line */
455                  timer_mod(s->modem_status_poll, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + s->char_transmit_time);
456              }
457          }
458          break;
459      case 5:
460          break;
461      case 6:
462          break;
463      case 7:
464          s->scr = val;
465          break;
466      }
467  }
468  
469  static uint64_t serial_ioport_read(void *opaque, hwaddr addr, unsigned size)
470  {
471      SerialState *s = opaque;
472      uint32_t ret;
473  
474      assert(size == 1 && addr < 8);
475      switch(addr) {
476      default:
477      case 0:
478          if (s->lcr & UART_LCR_DLAB) {
479              ret = extract16(s->divider, 8 * addr, 8);
480          } else {
481              if(s->fcr & UART_FCR_FE) {
482                  ret = fifo8_is_empty(&s->recv_fifo) ?
483                              0 : fifo8_pop(&s->recv_fifo);
484                  if (s->recv_fifo.num == 0) {
485                      s->lsr &= ~(UART_LSR_DR | UART_LSR_BI);
486                  } else {
487                      timer_mod(s->fifo_timeout_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + s->char_transmit_time * 4);
488                  }
489                  s->timeout_ipending = 0;
490              } else {
491                  ret = s->rbr;
492                  s->lsr &= ~(UART_LSR_DR | UART_LSR_BI);
493              }
494              serial_update_irq(s);
495              if (!(s->mcr & UART_MCR_LOOP)) {
496                  /* in loopback mode, don't receive any data */
497                  qemu_chr_fe_accept_input(&s->chr);
498              }
499          }
500          break;
501      case 1:
502          if (s->lcr & UART_LCR_DLAB) {
503              ret = extract16(s->divider, 8 * addr, 8);
504          } else {
505              ret = s->ier;
506          }
507          break;
508      case 2:
509          ret = s->iir;
510          if ((ret & UART_IIR_ID) == UART_IIR_THRI) {
511              s->thr_ipending = 0;
512              serial_update_irq(s);
513          }
514          break;
515      case 3:
516          ret = s->lcr;
517          break;
518      case 4:
519          ret = s->mcr;
520          break;
521      case 5:
522          ret = s->lsr;
523          /* Clear break and overrun interrupts */
524          if (s->lsr & (UART_LSR_BI|UART_LSR_OE)) {
525              s->lsr &= ~(UART_LSR_BI|UART_LSR_OE);
526              serial_update_irq(s);
527          }
528          break;
529      case 6:
530          if (s->mcr & UART_MCR_LOOP) {
531              /* in loopback, the modem output pins are connected to the
532                 inputs */
533              ret = (s->mcr & 0x0c) << 4;
534              ret |= (s->mcr & 0x02) << 3;
535              ret |= (s->mcr & 0x01) << 5;
536          } else {
537              if (s->poll_msl >= 0)
538                  serial_update_msl(s);
539              ret = s->msr;
540              /* Clear delta bits & msr int after read, if they were set */
541              if (s->msr & UART_MSR_ANY_DELTA) {
542                  s->msr &= 0xF0;
543                  serial_update_irq(s);
544              }
545          }
546          break;
547      case 7:
548          ret = s->scr;
549          break;
550      }
551      trace_serial_read(addr, ret);
552      return ret;
553  }
554  
555  static int serial_can_receive(SerialState *s)
556  {
557      if(s->fcr & UART_FCR_FE) {
558          if (s->recv_fifo.num < UART_FIFO_LENGTH) {
559              /*
560               * Advertise (fifo.itl - fifo.count) bytes when count < ITL, and 1
561               * if above. If UART_FIFO_LENGTH - fifo.count is advertised the
562               * effect will be to almost always fill the fifo completely before
563               * the guest has a chance to respond, effectively overriding the ITL
564               * that the guest has set.
565               */
566              return (s->recv_fifo.num <= s->recv_fifo_itl) ?
567                          s->recv_fifo_itl - s->recv_fifo.num : 1;
568          } else {
569              return 0;
570          }
571      } else {
572          return !(s->lsr & UART_LSR_DR);
573      }
574  }
575  
576  static void serial_receive_break(SerialState *s)
577  {
578      s->rbr = 0;
579      /* When the LSR_DR is set a null byte is pushed into the fifo */
580      recv_fifo_put(s, '\0');
581      s->lsr |= UART_LSR_BI | UART_LSR_DR;
582      serial_update_irq(s);
583  }
584  
585  /* There's data in recv_fifo and s->rbr has not been read for 4 char transmit times */
586  static void fifo_timeout_int (void *opaque) {
587      SerialState *s = opaque;
588      if (s->recv_fifo.num) {
589          s->timeout_ipending = 1;
590          serial_update_irq(s);
591      }
592  }
593  
594  static int serial_can_receive1(void *opaque)
595  {
596      SerialState *s = opaque;
597      return serial_can_receive(s);
598  }
599  
600  static void serial_receive1(void *opaque, const uint8_t *buf, int size)
601  {
602      SerialState *s = opaque;
603  
604      if (s->wakeup) {
605          qemu_system_wakeup_request(QEMU_WAKEUP_REASON_OTHER, NULL);
606      }
607      if(s->fcr & UART_FCR_FE) {
608          int i;
609          for (i = 0; i < size; i++) {
610              recv_fifo_put(s, buf[i]);
611          }
612          s->lsr |= UART_LSR_DR;
613          /* call the timeout receive callback in 4 char transmit time */
614          timer_mod(s->fifo_timeout_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + s->char_transmit_time * 4);
615      } else {
616          if (s->lsr & UART_LSR_DR)
617              s->lsr |= UART_LSR_OE;
618          s->rbr = buf[0];
619          s->lsr |= UART_LSR_DR;
620      }
621      serial_update_irq(s);
622  }
623  
624  static void serial_event(void *opaque, QEMUChrEvent event)
625  {
626      SerialState *s = opaque;
627      if (event == CHR_EVENT_BREAK)
628          serial_receive_break(s);
629  }
630  
631  static int serial_pre_save(void *opaque)
632  {
633      SerialState *s = opaque;
634      s->fcr_vmstate = s->fcr;
635  
636      return 0;
637  }
638  
639  static int serial_pre_load(void *opaque)
640  {
641      SerialState *s = opaque;
642      s->thr_ipending = -1;
643      s->poll_msl = -1;
644      return 0;
645  }
646  
647  static int serial_post_load(void *opaque, int version_id)
648  {
649      SerialState *s = opaque;
650  
651      if (version_id < 3) {
652          s->fcr_vmstate = 0;
653      }
654      if (s->thr_ipending == -1) {
655          s->thr_ipending = ((s->iir & UART_IIR_ID) == UART_IIR_THRI);
656      }
657  
658      if (s->tsr_retry > 0) {
659          /* tsr_retry > 0 implies LSR.TEMT = 0 (transmitter not empty).  */
660          if (s->lsr & UART_LSR_TEMT) {
661              error_report("inconsistent state in serial device "
662                           "(tsr empty, tsr_retry=%d", s->tsr_retry);
663              return -1;
664          }
665  
666          if (s->tsr_retry > MAX_XMIT_RETRY) {
667              s->tsr_retry = MAX_XMIT_RETRY;
668          }
669  
670          assert(s->watch_tag == 0);
671          s->watch_tag = qemu_chr_fe_add_watch(&s->chr, G_IO_OUT | G_IO_HUP,
672                                               serial_watch_cb, s);
673      } else {
674          /* tsr_retry == 0 implies LSR.TEMT = 1 (transmitter empty).  */
675          if (!(s->lsr & UART_LSR_TEMT)) {
676              error_report("inconsistent state in serial device "
677                           "(tsr not empty, tsr_retry=0");
678              return -1;
679          }
680      }
681  
682      s->last_break_enable = (s->lcr >> 6) & 1;
683      /* Initialize fcr via setter to perform essential side-effects */
684      serial_write_fcr(s, s->fcr_vmstate);
685      serial_update_parameters(s);
686      return 0;
687  }
688  
689  static bool serial_thr_ipending_needed(void *opaque)
690  {
691      SerialState *s = opaque;
692  
693      if (s->ier & UART_IER_THRI) {
694          bool expected_value = ((s->iir & UART_IIR_ID) == UART_IIR_THRI);
695          return s->thr_ipending != expected_value;
696      } else {
697          /* LSR.THRE will be sampled again when the interrupt is
698           * enabled.  thr_ipending is not used in this case, do
699           * not migrate it.
700           */
701          return false;
702      }
703  }
704  
705  static const VMStateDescription vmstate_serial_thr_ipending = {
706      .name = "serial/thr_ipending",
707      .version_id = 1,
708      .minimum_version_id = 1,
709      .needed = serial_thr_ipending_needed,
710      .fields = (const VMStateField[]) {
711          VMSTATE_INT32(thr_ipending, SerialState),
712          VMSTATE_END_OF_LIST()
713      }
714  };
715  
716  static bool serial_tsr_needed(void *opaque)
717  {
718      SerialState *s = (SerialState *)opaque;
719      return s->tsr_retry != 0;
720  }
721  
722  static const VMStateDescription vmstate_serial_tsr = {
723      .name = "serial/tsr",
724      .version_id = 1,
725      .minimum_version_id = 1,
726      .needed = serial_tsr_needed,
727      .fields = (const VMStateField[]) {
728          VMSTATE_UINT32(tsr_retry, SerialState),
729          VMSTATE_UINT8(thr, SerialState),
730          VMSTATE_UINT8(tsr, SerialState),
731          VMSTATE_END_OF_LIST()
732      }
733  };
734  
735  static bool serial_recv_fifo_needed(void *opaque)
736  {
737      SerialState *s = (SerialState *)opaque;
738      return !fifo8_is_empty(&s->recv_fifo);
739  
740  }
741  
742  static const VMStateDescription vmstate_serial_recv_fifo = {
743      .name = "serial/recv_fifo",
744      .version_id = 1,
745      .minimum_version_id = 1,
746      .needed = serial_recv_fifo_needed,
747      .fields = (const VMStateField[]) {
748          VMSTATE_STRUCT(recv_fifo, SerialState, 1, vmstate_fifo8, Fifo8),
749          VMSTATE_END_OF_LIST()
750      }
751  };
752  
753  static bool serial_xmit_fifo_needed(void *opaque)
754  {
755      SerialState *s = (SerialState *)opaque;
756      return !fifo8_is_empty(&s->xmit_fifo);
757  }
758  
759  static const VMStateDescription vmstate_serial_xmit_fifo = {
760      .name = "serial/xmit_fifo",
761      .version_id = 1,
762      .minimum_version_id = 1,
763      .needed = serial_xmit_fifo_needed,
764      .fields = (const VMStateField[]) {
765          VMSTATE_STRUCT(xmit_fifo, SerialState, 1, vmstate_fifo8, Fifo8),
766          VMSTATE_END_OF_LIST()
767      }
768  };
769  
770  static bool serial_fifo_timeout_timer_needed(void *opaque)
771  {
772      SerialState *s = (SerialState *)opaque;
773      return timer_pending(s->fifo_timeout_timer);
774  }
775  
776  static const VMStateDescription vmstate_serial_fifo_timeout_timer = {
777      .name = "serial/fifo_timeout_timer",
778      .version_id = 1,
779      .minimum_version_id = 1,
780      .needed = serial_fifo_timeout_timer_needed,
781      .fields = (const VMStateField[]) {
782          VMSTATE_TIMER_PTR(fifo_timeout_timer, SerialState),
783          VMSTATE_END_OF_LIST()
784      }
785  };
786  
787  static bool serial_timeout_ipending_needed(void *opaque)
788  {
789      SerialState *s = (SerialState *)opaque;
790      return s->timeout_ipending != 0;
791  }
792  
793  static const VMStateDescription vmstate_serial_timeout_ipending = {
794      .name = "serial/timeout_ipending",
795      .version_id = 1,
796      .minimum_version_id = 1,
797      .needed = serial_timeout_ipending_needed,
798      .fields = (const VMStateField[]) {
799          VMSTATE_INT32(timeout_ipending, SerialState),
800          VMSTATE_END_OF_LIST()
801      }
802  };
803  
804  static bool serial_poll_needed(void *opaque)
805  {
806      SerialState *s = (SerialState *)opaque;
807      return s->poll_msl >= 0;
808  }
809  
810  static const VMStateDescription vmstate_serial_poll = {
811      .name = "serial/poll",
812      .version_id = 1,
813      .needed = serial_poll_needed,
814      .minimum_version_id = 1,
815      .fields = (const VMStateField[]) {
816          VMSTATE_INT32(poll_msl, SerialState),
817          VMSTATE_TIMER_PTR(modem_status_poll, SerialState),
818          VMSTATE_END_OF_LIST()
819      }
820  };
821  
822  const VMStateDescription vmstate_serial = {
823      .name = "serial",
824      .version_id = 3,
825      .minimum_version_id = 2,
826      .pre_save = serial_pre_save,
827      .pre_load = serial_pre_load,
828      .post_load = serial_post_load,
829      .fields = (const VMStateField[]) {
830          VMSTATE_UINT16_V(divider, SerialState, 2),
831          VMSTATE_UINT8(rbr, SerialState),
832          VMSTATE_UINT8(ier, SerialState),
833          VMSTATE_UINT8(iir, SerialState),
834          VMSTATE_UINT8(lcr, SerialState),
835          VMSTATE_UINT8(mcr, SerialState),
836          VMSTATE_UINT8(lsr, SerialState),
837          VMSTATE_UINT8(msr, SerialState),
838          VMSTATE_UINT8(scr, SerialState),
839          VMSTATE_UINT8_V(fcr_vmstate, SerialState, 3),
840          VMSTATE_END_OF_LIST()
841      },
842      .subsections = (const VMStateDescription * const []) {
843          &vmstate_serial_thr_ipending,
844          &vmstate_serial_tsr,
845          &vmstate_serial_recv_fifo,
846          &vmstate_serial_xmit_fifo,
847          &vmstate_serial_fifo_timeout_timer,
848          &vmstate_serial_timeout_ipending,
849          &vmstate_serial_poll,
850          NULL
851      }
852  };
853  
854  static void serial_reset(void *opaque)
855  {
856      SerialState *s = opaque;
857  
858      if (s->watch_tag > 0) {
859          g_source_remove(s->watch_tag);
860          s->watch_tag = 0;
861      }
862  
863      s->rbr = 0;
864      s->ier = 0;
865      s->iir = UART_IIR_NO_INT;
866      s->lcr = 0;
867      s->lsr = UART_LSR_TEMT | UART_LSR_THRE;
868      s->msr = UART_MSR_DCD | UART_MSR_DSR | UART_MSR_CTS;
869      /* Default to 9600 baud, 1 start bit, 8 data bits, 1 stop bit, no parity. */
870      s->divider = 0x0C;
871      s->mcr = UART_MCR_OUT2;
872      s->scr = 0;
873      s->tsr_retry = 0;
874      s->char_transmit_time = (NANOSECONDS_PER_SECOND / 9600) * 10;
875      s->poll_msl = 0;
876  
877      s->timeout_ipending = 0;
878      timer_del(s->fifo_timeout_timer);
879      timer_del(s->modem_status_poll);
880  
881      fifo8_reset(&s->recv_fifo);
882      fifo8_reset(&s->xmit_fifo);
883  
884      s->last_xmit_ts = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
885  
886      s->thr_ipending = 0;
887      s->last_break_enable = 0;
888      qemu_irq_lower(s->irq);
889  
890      serial_update_msl(s);
891      s->msr &= ~UART_MSR_ANY_DELTA;
892  }
893  
894  static int serial_be_change(void *opaque)
895  {
896      SerialState *s = opaque;
897  
898      qemu_chr_fe_set_handlers(&s->chr, serial_can_receive1, serial_receive1,
899                               serial_event, serial_be_change, s, NULL, true);
900  
901      serial_update_parameters(s);
902  
903      qemu_chr_fe_ioctl(&s->chr, CHR_IOCTL_SERIAL_SET_BREAK,
904                        &s->last_break_enable);
905  
906      s->poll_msl = (s->ier & UART_IER_MSI) ? 1 : 0;
907      serial_update_msl(s);
908  
909      if (s->poll_msl >= 0 && !(s->mcr & UART_MCR_LOOP)) {
910          serial_update_tiocm(s);
911      }
912  
913      if (s->watch_tag > 0) {
914          g_source_remove(s->watch_tag);
915          s->watch_tag = qemu_chr_fe_add_watch(&s->chr, G_IO_OUT | G_IO_HUP,
916                                               serial_watch_cb, s);
917      }
918  
919      return 0;
920  }
921  
922  static void serial_realize(DeviceState *dev, Error **errp)
923  {
924      SerialState *s = SERIAL(dev);
925  
926      s->modem_status_poll = timer_new_ns(QEMU_CLOCK_VIRTUAL, (QEMUTimerCB *) serial_update_msl, s);
927  
928      s->fifo_timeout_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, (QEMUTimerCB *) fifo_timeout_int, s);
929      qemu_register_reset(serial_reset, s);
930  
931      qemu_chr_fe_set_handlers(&s->chr, serial_can_receive1, serial_receive1,
932                               serial_event, serial_be_change, s, NULL, true);
933      fifo8_create(&s->recv_fifo, UART_FIFO_LENGTH);
934      fifo8_create(&s->xmit_fifo, UART_FIFO_LENGTH);
935      serial_reset(s);
936  }
937  
938  static void serial_unrealize(DeviceState *dev)
939  {
940      SerialState *s = SERIAL(dev);
941  
942      qemu_chr_fe_deinit(&s->chr, false);
943  
944      timer_free(s->modem_status_poll);
945  
946      timer_free(s->fifo_timeout_timer);
947  
948      fifo8_destroy(&s->recv_fifo);
949      fifo8_destroy(&s->xmit_fifo);
950  
951      qemu_unregister_reset(serial_reset, s);
952  }
953  
954  /* Change the main reference oscillator frequency. */
955  void serial_set_frequency(SerialState *s, uint32_t frequency)
956  {
957      s->baudbase = frequency;
958      serial_update_parameters(s);
959  }
960  
961  const MemoryRegionOps serial_io_ops = {
962      .read = serial_ioport_read,
963      .write = serial_ioport_write,
964      .valid = {
965          .unaligned = 1,
966      },
967      .impl = {
968          .min_access_size = 1,
969          .max_access_size = 1,
970      },
971      .endianness = DEVICE_LITTLE_ENDIAN,
972  };
973  
974  static Property serial_properties[] = {
975      DEFINE_PROP_CHR("chardev", SerialState, chr),
976      DEFINE_PROP_UINT32("baudbase", SerialState, baudbase, 115200),
977      DEFINE_PROP_BOOL("wakeup", SerialState, wakeup, false),
978      DEFINE_PROP_END_OF_LIST(),
979  };
980  
981  static void serial_class_init(ObjectClass *klass, void* data)
982  {
983      DeviceClass *dc = DEVICE_CLASS(klass);
984  
985      /* internal device for serialio/serialmm, not user-creatable */
986      dc->user_creatable = false;
987      dc->realize = serial_realize;
988      dc->unrealize = serial_unrealize;
989      device_class_set_props(dc, serial_properties);
990  }
991  
992  static const TypeInfo serial_info = {
993      .name = TYPE_SERIAL,
994      .parent = TYPE_DEVICE,
995      .instance_size = sizeof(SerialState),
996      .class_init = serial_class_init,
997  };
998  
999  /* Memory mapped interface */
1000  static uint64_t serial_mm_read(void *opaque, hwaddr addr,
1001                                 unsigned size)
1002  {
1003      SerialMM *s = SERIAL_MM(opaque);
1004      return serial_ioport_read(&s->serial, addr >> s->regshift, 1);
1005  }
1006  
1007  static void serial_mm_write(void *opaque, hwaddr addr,
1008                              uint64_t value, unsigned size)
1009  {
1010      SerialMM *s = SERIAL_MM(opaque);
1011      value &= 255;
1012      serial_ioport_write(&s->serial, addr >> s->regshift, value, 1);
1013  }
1014  
1015  static const MemoryRegionOps serial_mm_ops[3] = {
1016      [DEVICE_NATIVE_ENDIAN] = {
1017          .read = serial_mm_read,
1018          .write = serial_mm_write,
1019          .endianness = DEVICE_NATIVE_ENDIAN,
1020          .valid.max_access_size = 8,
1021          .impl.max_access_size = 8,
1022      },
1023      [DEVICE_LITTLE_ENDIAN] = {
1024          .read = serial_mm_read,
1025          .write = serial_mm_write,
1026          .endianness = DEVICE_LITTLE_ENDIAN,
1027          .valid.max_access_size = 8,
1028          .impl.max_access_size = 8,
1029      },
1030      [DEVICE_BIG_ENDIAN] = {
1031          .read = serial_mm_read,
1032          .write = serial_mm_write,
1033          .endianness = DEVICE_BIG_ENDIAN,
1034          .valid.max_access_size = 8,
1035          .impl.max_access_size = 8,
1036      },
1037  };
1038  
1039  static void serial_mm_realize(DeviceState *dev, Error **errp)
1040  {
1041      SerialMM *smm = SERIAL_MM(dev);
1042      SerialState *s = &smm->serial;
1043  
1044      if (!qdev_realize(DEVICE(s), NULL, errp)) {
1045          return;
1046      }
1047  
1048      memory_region_init_io(&s->io, OBJECT(dev),
1049                            &serial_mm_ops[smm->endianness], smm, "serial",
1050                            8 << smm->regshift);
1051      sysbus_init_mmio(SYS_BUS_DEVICE(smm), &s->io);
1052      sysbus_init_irq(SYS_BUS_DEVICE(smm), &smm->serial.irq);
1053  }
1054  
1055  static const VMStateDescription vmstate_serial_mm = {
1056      .name = "serial",
1057      .version_id = 3,
1058      .minimum_version_id = 2,
1059      .fields = (const VMStateField[]) {
1060          VMSTATE_STRUCT(serial, SerialMM, 0, vmstate_serial, SerialState),
1061          VMSTATE_END_OF_LIST()
1062      }
1063  };
1064  
1065  SerialMM *serial_mm_init(MemoryRegion *address_space,
1066                           hwaddr base, int regshift,
1067                           qemu_irq irq, int baudbase,
1068                           Chardev *chr, enum device_endian end)
1069  {
1070      SerialMM *smm = SERIAL_MM(qdev_new(TYPE_SERIAL_MM));
1071      MemoryRegion *mr;
1072  
1073      qdev_prop_set_uint8(DEVICE(smm), "regshift", regshift);
1074      qdev_prop_set_uint32(DEVICE(smm), "baudbase", baudbase);
1075      qdev_prop_set_chr(DEVICE(smm), "chardev", chr);
1076      qdev_set_legacy_instance_id(DEVICE(smm), base, 2);
1077      qdev_prop_set_uint8(DEVICE(smm), "endianness", end);
1078      sysbus_realize_and_unref(SYS_BUS_DEVICE(smm), &error_fatal);
1079  
1080      sysbus_connect_irq(SYS_BUS_DEVICE(smm), 0, irq);
1081      mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(smm), 0);
1082      memory_region_add_subregion(address_space, base, mr);
1083  
1084      return smm;
1085  }
1086  
1087  static void serial_mm_instance_init(Object *o)
1088  {
1089      SerialMM *smm = SERIAL_MM(o);
1090  
1091      object_initialize_child(o, "serial", &smm->serial, TYPE_SERIAL);
1092  
1093      qdev_alias_all_properties(DEVICE(&smm->serial), o);
1094  }
1095  
1096  static Property serial_mm_properties[] = {
1097      /*
1098       * Set the spacing between adjacent memory-mapped UART registers.
1099       * Each register will be at (1 << regshift) bytes after the
1100       * previous one.
1101       */
1102      DEFINE_PROP_UINT8("regshift", SerialMM, regshift, 0),
1103      DEFINE_PROP_UINT8("endianness", SerialMM, endianness, DEVICE_NATIVE_ENDIAN),
1104      DEFINE_PROP_END_OF_LIST(),
1105  };
1106  
1107  static void serial_mm_class_init(ObjectClass *oc, void *data)
1108  {
1109      DeviceClass *dc = DEVICE_CLASS(oc);
1110  
1111      device_class_set_props(dc, serial_mm_properties);
1112      dc->realize = serial_mm_realize;
1113      dc->vmsd = &vmstate_serial_mm;
1114  }
1115  
1116  static const TypeInfo serial_mm_info = {
1117      .name = TYPE_SERIAL_MM,
1118      .parent = TYPE_SYS_BUS_DEVICE,
1119      .class_init = serial_mm_class_init,
1120      .instance_init = serial_mm_instance_init,
1121      .instance_size = sizeof(SerialMM),
1122  };
1123  
1124  static void serial_register_types(void)
1125  {
1126      type_register_static(&serial_info);
1127      type_register_static(&serial_mm_info);
1128  }
1129  
1130  type_init(serial_register_types)
1131