1 /* 2 * ASPEED I3C Controller 3 * 4 * Copyright (C) 2021 ASPEED Technology Inc. 5 * Copyright (C) 2023 Google LLC 6 * 7 * This code is licensed under the GPL version 2 or later. See 8 * the COPYING file in the top-level directory. 9 */ 10 11 #include "qemu/osdep.h" 12 #include "qemu/log.h" 13 #include "qemu/error-report.h" 14 #include "hw/i3c/aspeed_i3c.h" 15 #include "hw/registerfields.h" 16 #include "hw/qdev-properties.h" 17 #include "qapi/error.h" 18 #include "migration/vmstate.h" 19 #include "trace.h" 20 #include "hw/i3c/i3c.h" 21 #include "hw/irq.h" 22 23 /* I3C Controller Registers */ 24 REG32(I3C1_REG0, 0x10) 25 REG32(I3C1_REG1, 0x14) 26 FIELD(I3C1_REG1, I2C_MODE, 0, 1) 27 FIELD(I3C1_REG1, SLV_TEST_MODE, 1, 1) 28 FIELD(I3C1_REG1, ACT_MODE, 2, 2) 29 FIELD(I3C1_REG1, PENDING_INT, 4, 4) 30 FIELD(I3C1_REG1, SA, 8, 7) 31 FIELD(I3C1_REG1, SA_EN, 15, 1) 32 FIELD(I3C1_REG1, INST_ID, 16, 4) 33 REG32(I3C2_REG0, 0x20) 34 REG32(I3C2_REG1, 0x24) 35 FIELD(I3C2_REG1, I2C_MODE, 0, 1) 36 FIELD(I3C2_REG1, SLV_TEST_MODE, 1, 1) 37 FIELD(I3C2_REG1, ACT_MODE, 2, 2) 38 FIELD(I3C2_REG1, PENDING_INT, 4, 4) 39 FIELD(I3C2_REG1, SA, 8, 7) 40 FIELD(I3C2_REG1, SA_EN, 15, 1) 41 FIELD(I3C2_REG1, INST_ID, 16, 4) 42 REG32(I3C3_REG0, 0x30) 43 REG32(I3C3_REG1, 0x34) 44 FIELD(I3C3_REG1, I2C_MODE, 0, 1) 45 FIELD(I3C3_REG1, SLV_TEST_MODE, 1, 1) 46 FIELD(I3C3_REG1, ACT_MODE, 2, 2) 47 FIELD(I3C3_REG1, PENDING_INT, 4, 4) 48 FIELD(I3C3_REG1, SA, 8, 7) 49 FIELD(I3C3_REG1, SA_EN, 15, 1) 50 FIELD(I3C3_REG1, INST_ID, 16, 4) 51 REG32(I3C4_REG0, 0x40) 52 REG32(I3C4_REG1, 0x44) 53 FIELD(I3C4_REG1, I2C_MODE, 0, 1) 54 FIELD(I3C4_REG1, SLV_TEST_MODE, 1, 1) 55 FIELD(I3C4_REG1, ACT_MODE, 2, 2) 56 FIELD(I3C4_REG1, PENDING_INT, 4, 4) 57 FIELD(I3C4_REG1, SA, 8, 7) 58 FIELD(I3C4_REG1, SA_EN, 15, 1) 59 FIELD(I3C4_REG1, INST_ID, 16, 4) 60 REG32(I3C5_REG0, 0x50) 61 REG32(I3C5_REG1, 0x54) 62 FIELD(I3C5_REG1, I2C_MODE, 0, 1) 63 FIELD(I3C5_REG1, SLV_TEST_MODE, 1, 1) 64 FIELD(I3C5_REG1, ACT_MODE, 2, 2) 65 FIELD(I3C5_REG1, PENDING_INT, 4, 4) 66 FIELD(I3C5_REG1, SA, 8, 7) 67 FIELD(I3C5_REG1, SA_EN, 15, 1) 68 FIELD(I3C5_REG1, INST_ID, 16, 4) 69 REG32(I3C6_REG0, 0x60) 70 REG32(I3C6_REG1, 0x64) 71 FIELD(I3C6_REG1, I2C_MODE, 0, 1) 72 FIELD(I3C6_REG1, SLV_TEST_MODE, 1, 1) 73 FIELD(I3C6_REG1, ACT_MODE, 2, 2) 74 FIELD(I3C6_REG1, PENDING_INT, 4, 4) 75 FIELD(I3C6_REG1, SA, 8, 7) 76 FIELD(I3C6_REG1, SA_EN, 15, 1) 77 FIELD(I3C6_REG1, INST_ID, 16, 4) 78 79 /* I3C Device Registers */ 80 REG32(DEVICE_CTRL, 0x00) 81 FIELD(DEVICE_CTRL, I3C_BROADCAST_ADDR_INC, 0, 1) 82 FIELD(DEVICE_CTRL, I2C_SLAVE_PRESENT, 7, 1) 83 FIELD(DEVICE_CTRL, HOT_JOIN_ACK_NACK_CTRL, 8, 1) 84 FIELD(DEVICE_CTRL, IDLE_CNT_MULTIPLIER, 24, 2) 85 FIELD(DEVICE_CTRL, SLV_ADAPT_TO_I2C_I3C_MODE, 27, 1) 86 FIELD(DEVICE_CTRL, DMA_HANDSHAKE_EN, 28, 1) 87 FIELD(DEVICE_CTRL, I3C_ABORT, 29, 1) 88 FIELD(DEVICE_CTRL, I3C_RESUME, 30, 1) 89 FIELD(DEVICE_CTRL, I3C_EN, 31, 1) 90 REG32(DEVICE_ADDR, 0x04) 91 FIELD(DEVICE_ADDR, STATIC_ADDR, 0, 7) 92 FIELD(DEVICE_ADDR, STATIC_ADDR_VALID, 15, 1) 93 FIELD(DEVICE_ADDR, DYNAMIC_ADDR, 16, 7) 94 FIELD(DEVICE_ADDR, DYNAMIC_ADDR_VALID, 15, 1) 95 REG32(HW_CAPABILITY, 0x08) 96 FIELD(HW_CAPABILITY, ENTDAA, 0, 1) 97 FIELD(HW_CAPABILITY, HDR_DDR, 3, 1) 98 FIELD(HW_CAPABILITY, HDR_TS, 4, 1) 99 REG32(COMMAND_QUEUE_PORT, 0x0c) 100 FIELD(COMMAND_QUEUE_PORT, CMD_ATTR, 0, 3) 101 /* Transfer command structure */ 102 FIELD(COMMAND_QUEUE_PORT, TID, 3, 4) 103 FIELD(COMMAND_QUEUE_PORT, CMD, 7, 8) 104 FIELD(COMMAND_QUEUE_PORT, CP, 15, 1) 105 FIELD(COMMAND_QUEUE_PORT, DEV_INDEX, 16, 5) 106 FIELD(COMMAND_QUEUE_PORT, SPEED, 21, 3) 107 FIELD(COMMAND_QUEUE_PORT, ROC, 26, 1) 108 FIELD(COMMAND_QUEUE_PORT, SDAP, 27, 1) 109 FIELD(COMMAND_QUEUE_PORT, RNW, 28, 1) 110 FIELD(COMMAND_QUEUE_PORT, TOC, 30, 1) 111 FIELD(COMMAND_QUEUE_PORT, PEC, 31, 1) 112 /* Transfer argument data structure */ 113 FIELD(COMMAND_QUEUE_PORT, DB, 8, 8) 114 FIELD(COMMAND_QUEUE_PORT, DL, 16, 16) 115 /* Short data argument data structure */ 116 FIELD(COMMAND_QUEUE_PORT, BYTE_STRB, 3, 3) 117 FIELD(COMMAND_QUEUE_PORT, BYTE0, 8, 8) 118 FIELD(COMMAND_QUEUE_PORT, BYTE1, 16, 8) 119 FIELD(COMMAND_QUEUE_PORT, BYTE2, 24, 8) 120 /* Address assignment command structure */ 121 /* 122 * bits 3..21 and 26..31 are the same as the transfer command structure, or 123 * marked as reserved. 124 */ 125 FIELD(COMMAND_QUEUE_PORT, DEV_COUNT, 21, 3) 126 REG32(RESPONSE_QUEUE_PORT, 0x10) 127 FIELD(RESPONSE_QUEUE_PORT, DL, 0, 16) 128 FIELD(RESPONSE_QUEUE_PORT, CCCT, 16, 8) 129 FIELD(RESPONSE_QUEUE_PORT, TID, 24, 4) 130 FIELD(RESPONSE_QUEUE_PORT, ERR_STATUS, 28, 4) 131 REG32(RX_TX_DATA_PORT, 0x14) 132 REG32(IBI_QUEUE_STATUS, 0x18) 133 FIELD(IBI_QUEUE_STATUS, IBI_DATA_LEN, 0, 8) 134 FIELD(IBI_QUEUE_STATUS, IBI_ID, 8, 8) 135 FIELD(IBI_QUEUE_STATUS, LAST_STATUS, 24, 1) 136 FIELD(IBI_QUEUE_STATUS, ERROR, 30, 1) 137 FIELD(IBI_QUEUE_STATUS, IBI_STATUS, 31, 1) 138 REG32(IBI_QUEUE_DATA, 0x18) 139 REG32(QUEUE_THLD_CTRL, 0x1c) 140 FIELD(QUEUE_THLD_CTRL, CMD_BUF_EMPTY_THLD, 0, 8); 141 FIELD(QUEUE_THLD_CTRL, RESP_BUF_THLD, 8, 8); 142 FIELD(QUEUE_THLD_CTRL, IBI_DATA_THLD, 16, 8); 143 FIELD(QUEUE_THLD_CTRL, IBI_STATUS_THLD, 24, 8); 144 REG32(DATA_BUFFER_THLD_CTRL, 0x20) 145 FIELD(DATA_BUFFER_THLD_CTRL, TX_BUF_THLD, 0, 3) 146 FIELD(DATA_BUFFER_THLD_CTRL, RX_BUF_THLD, 10, 3) 147 FIELD(DATA_BUFFER_THLD_CTRL, TX_START_THLD, 16, 3) 148 FIELD(DATA_BUFFER_THLD_CTRL, RX_START_THLD, 24, 3) 149 REG32(IBI_QUEUE_CTRL, 0x24) 150 FIELD(IBI_QUEUE_CTRL, NOTIFY_REJECTED_HOT_JOIN, 0, 1) 151 FIELD(IBI_QUEUE_CTRL, NOTIFY_REJECTED_MASTER_REQ, 1, 1) 152 FIELD(IBI_QUEUE_CTRL, NOTIFY_REJECTED_SLAVE_IRQ, 3, 1) 153 REG32(IBI_MR_REQ_REJECT, 0x2c) 154 REG32(IBI_SIR_REQ_REJECT, 0x30) 155 REG32(RESET_CTRL, 0x34) 156 FIELD(RESET_CTRL, CORE_RESET, 0, 1) 157 FIELD(RESET_CTRL, CMD_QUEUE_RESET, 1, 1) 158 FIELD(RESET_CTRL, RESP_QUEUE_RESET, 2, 1) 159 FIELD(RESET_CTRL, TX_BUF_RESET, 3, 1) 160 FIELD(RESET_CTRL, RX_BUF_RESET, 4, 1) 161 FIELD(RESET_CTRL, IBI_QUEUE_RESET, 5, 1) 162 REG32(SLV_EVENT_CTRL, 0x38) 163 FIELD(SLV_EVENT_CTRL, SLV_INTERRUPT, 0, 1) 164 FIELD(SLV_EVENT_CTRL, MASTER_INTERRUPT, 1, 1) 165 FIELD(SLV_EVENT_CTRL, HOT_JOIN_INTERRUPT, 3, 1) 166 FIELD(SLV_EVENT_CTRL, ACTIVITY_STATE, 4, 2) 167 FIELD(SLV_EVENT_CTRL, MRL_UPDATED, 6, 1) 168 FIELD(SLV_EVENT_CTRL, MWL_UPDATED, 7, 1) 169 REG32(INTR_STATUS, 0x3c) 170 FIELD(INTR_STATUS, TX_THLD, 0, 1) 171 FIELD(INTR_STATUS, RX_THLD, 1, 1) 172 FIELD(INTR_STATUS, IBI_THLD, 2, 1) 173 FIELD(INTR_STATUS, CMD_QUEUE_RDY, 3, 1) 174 FIELD(INTR_STATUS, RESP_RDY, 4, 1) 175 FIELD(INTR_STATUS, TRANSFER_ABORT, 5, 1) 176 FIELD(INTR_STATUS, CCC_UPDATED, 6, 1) 177 FIELD(INTR_STATUS, DYN_ADDR_ASSGN, 8, 1) 178 FIELD(INTR_STATUS, TRANSFER_ERR, 9, 1) 179 FIELD(INTR_STATUS, DEFSLV, 10, 1) 180 FIELD(INTR_STATUS, READ_REQ_RECV, 11, 1) 181 FIELD(INTR_STATUS, IBI_UPDATED, 12, 1) 182 FIELD(INTR_STATUS, BUSOWNER_UPDATED, 13, 1) 183 REG32(INTR_STATUS_EN, 0x40) 184 FIELD(INTR_STATUS_EN, TX_THLD, 0, 1) 185 FIELD(INTR_STATUS_EN, RX_THLD, 1, 1) 186 FIELD(INTR_STATUS_EN, IBI_THLD, 2, 1) 187 FIELD(INTR_STATUS_EN, CMD_QUEUE_RDY, 3, 1) 188 FIELD(INTR_STATUS_EN, RESP_RDY, 4, 1) 189 FIELD(INTR_STATUS_EN, TRANSFER_ABORT, 5, 1) 190 FIELD(INTR_STATUS_EN, CCC_UPDATED, 6, 1) 191 FIELD(INTR_STATUS_EN, DYN_ADDR_ASSGN, 8, 1) 192 FIELD(INTR_STATUS_EN, TRANSFER_ERR, 9, 1) 193 FIELD(INTR_STATUS_EN, DEFSLV, 10, 1) 194 FIELD(INTR_STATUS_EN, READ_REQ_RECV, 11, 1) 195 FIELD(INTR_STATUS_EN, IBI_UPDATED, 12, 1) 196 FIELD(INTR_STATUS_EN, BUSOWNER_UPDATED, 13, 1) 197 REG32(INTR_SIGNAL_EN, 0x44) 198 FIELD(INTR_SIGNAL_EN, TX_THLD, 0, 1) 199 FIELD(INTR_SIGNAL_EN, RX_THLD, 1, 1) 200 FIELD(INTR_SIGNAL_EN, IBI_THLD, 2, 1) 201 FIELD(INTR_SIGNAL_EN, CMD_QUEUE_RDY, 3, 1) 202 FIELD(INTR_SIGNAL_EN, RESP_RDY, 4, 1) 203 FIELD(INTR_SIGNAL_EN, TRANSFER_ABORT, 5, 1) 204 FIELD(INTR_SIGNAL_EN, CCC_UPDATED, 6, 1) 205 FIELD(INTR_SIGNAL_EN, DYN_ADDR_ASSGN, 8, 1) 206 FIELD(INTR_SIGNAL_EN, TRANSFER_ERR, 9, 1) 207 FIELD(INTR_SIGNAL_EN, DEFSLV, 10, 1) 208 FIELD(INTR_SIGNAL_EN, READ_REQ_RECV, 11, 1) 209 FIELD(INTR_SIGNAL_EN, IBI_UPDATED, 12, 1) 210 FIELD(INTR_SIGNAL_EN, BUSOWNER_UPDATED, 13, 1) 211 REG32(INTR_FORCE, 0x48) 212 FIELD(INTR_FORCE, TX_THLD, 0, 1) 213 FIELD(INTR_FORCE, RX_THLD, 1, 1) 214 FIELD(INTR_FORCE, IBI_THLD, 2, 1) 215 FIELD(INTR_FORCE, CMD_QUEUE_RDY, 3, 1) 216 FIELD(INTR_FORCE, RESP_RDY, 4, 1) 217 FIELD(INTR_FORCE, TRANSFER_ABORT, 5, 1) 218 FIELD(INTR_FORCE, CCC_UPDATED, 6, 1) 219 FIELD(INTR_FORCE, DYN_ADDR_ASSGN, 8, 1) 220 FIELD(INTR_FORCE, TRANSFER_ERR, 9, 1) 221 FIELD(INTR_FORCE, DEFSLV, 10, 1) 222 FIELD(INTR_FORCE, READ_REQ_RECV, 11, 1) 223 FIELD(INTR_FORCE, IBI_UPDATED, 12, 1) 224 FIELD(INTR_FORCE, BUSOWNER_UPDATED, 13, 1) 225 REG32(QUEUE_STATUS_LEVEL, 0x4c) 226 FIELD(QUEUE_STATUS_LEVEL, CMD_QUEUE_EMPTY_LOC, 0, 8) 227 FIELD(QUEUE_STATUS_LEVEL, RESP_BUF_BLR, 8, 8) 228 FIELD(QUEUE_STATUS_LEVEL, IBI_BUF_BLR, 16, 8) 229 FIELD(QUEUE_STATUS_LEVEL, IBI_STATUS_CNT, 24, 5) 230 REG32(DATA_BUFFER_STATUS_LEVEL, 0x50) 231 FIELD(DATA_BUFFER_STATUS_LEVEL, TX_BUF_EMPTY_LOC, 0, 8) 232 FIELD(DATA_BUFFER_STATUS_LEVEL, RX_BUF_BLR, 16, 8) 233 REG32(PRESENT_STATE, 0x54) 234 FIELD(PRESENT_STATE, SCL_LINE_SIGNAL_LEVEL, 0, 1) 235 FIELD(PRESENT_STATE, SDA_LINE_SIGNAL_LEVEL, 1, 1) 236 FIELD(PRESENT_STATE, CURRENT_MASTER, 2, 1) 237 FIELD(PRESENT_STATE, CM_TFR_STATUS, 8, 6) 238 FIELD(PRESENT_STATE, CM_TFR_ST_STATUS, 16, 6) 239 FIELD(PRESENT_STATE, CMD_TID, 24, 4) 240 REG32(CCC_DEVICE_STATUS, 0x58) 241 FIELD(CCC_DEVICE_STATUS, PENDING_INTR, 0, 4) 242 FIELD(CCC_DEVICE_STATUS, PROTOCOL_ERR, 4, 2) 243 FIELD(CCC_DEVICE_STATUS, ACTIVITY_MODE, 6, 2) 244 FIELD(CCC_DEVICE_STATUS, UNDER_ERR, 8, 1) 245 FIELD(CCC_DEVICE_STATUS, SLV_BUSY, 9, 1) 246 FIELD(CCC_DEVICE_STATUS, OVERFLOW_ERR, 10, 1) 247 FIELD(CCC_DEVICE_STATUS, DATA_NOT_READY, 11, 1) 248 FIELD(CCC_DEVICE_STATUS, BUFFER_NOT_AVAIL, 12, 1) 249 REG32(DEVICE_ADDR_TABLE_POINTER, 0x5c) 250 FIELD(DEVICE_ADDR_TABLE_POINTER, DEPTH, 16, 16) 251 FIELD(DEVICE_ADDR_TABLE_POINTER, ADDR, 0, 16) 252 REG32(DEV_CHAR_TABLE_POINTER, 0x60) 253 FIELD(DEV_CHAR_TABLE_POINTER, P_DEV_CHAR_TABLE_START_ADDR, 0, 12) 254 FIELD(DEV_CHAR_TABLE_POINTER, DEV_CHAR_TABLE_DEPTH, 12, 7) 255 FIELD(DEV_CHAR_TABLE_POINTER, PRESENT_DEV_CHAR_TABLE_INDEX, 19, 3) 256 REG32(VENDOR_SPECIFIC_REG_POINTER, 0x6c) 257 FIELD(VENDOR_SPECIFIC_REG_POINTER, P_VENDOR_REG_START_ADDR, 0, 16) 258 REG32(SLV_MIPI_PID_VALUE, 0x70) 259 REG32(SLV_PID_VALUE, 0x74) 260 FIELD(SLV_PID_VALUE, SLV_PID_DCR, 0, 12) 261 FIELD(SLV_PID_VALUE, SLV_INST_ID, 12, 4) 262 FIELD(SLV_PID_VALUE, SLV_PART_ID, 16, 16) 263 REG32(SLV_CHAR_CTRL, 0x78) 264 FIELD(SLV_CHAR_CTRL, BCR, 0, 8) 265 FIELD(SLV_CHAR_CTRL, DCR, 8, 8) 266 FIELD(SLV_CHAR_CTRL, HDR_CAP, 16, 8) 267 REG32(SLV_MAX_LEN, 0x7c) 268 FIELD(SLV_MAX_LEN, MWL, 0, 16) 269 FIELD(SLV_MAX_LEN, MRL, 16, 16) 270 REG32(MAX_READ_TURNAROUND, 0x80) 271 REG32(MAX_DATA_SPEED, 0x84) 272 REG32(SLV_DEBUG_STATUS, 0x88) 273 REG32(SLV_INTR_REQ, 0x8c) 274 FIELD(SLV_INTR_REQ, SIR, 0, 1) 275 FIELD(SLV_INTR_REQ, SIR_CTRL, 1, 2) 276 FIELD(SLV_INTR_REQ, MIR, 3, 1) 277 FIELD(SLV_INTR_REQ, IBI_STS, 8, 2) 278 REG32(SLV_TSX_SYMBL_TIMING, 0x90) 279 FIELD(SLV_TSX_SYMBL_TIMING, SLV_TSX_SYMBL_CNT, 0, 6) 280 REG32(DEVICE_CTRL_EXTENDED, 0xb0) 281 FIELD(DEVICE_CTRL_EXTENDED, MODE, 0, 2) 282 FIELD(DEVICE_CTRL_EXTENDED, REQMST_ACK_CTRL, 3, 1) 283 REG32(SCL_I3C_OD_TIMING, 0xb4) 284 FIELD(SCL_I3C_OD_TIMING, I3C_OD_LCNT, 0, 8) 285 FIELD(SCL_I3C_OD_TIMING, I3C_OD_HCNT, 16, 8) 286 REG32(SCL_I3C_PP_TIMING, 0xb8) 287 FIELD(SCL_I3C_PP_TIMING, I3C_PP_LCNT, 0, 8) 288 FIELD(SCL_I3C_PP_TIMING, I3C_PP_HCNT, 16, 8) 289 REG32(SCL_I2C_FM_TIMING, 0xbc) 290 REG32(SCL_I2C_FMP_TIMING, 0xc0) 291 FIELD(SCL_I2C_FMP_TIMING, I2C_FMP_LCNT, 0, 16) 292 FIELD(SCL_I2C_FMP_TIMING, I2C_FMP_HCNT, 16, 8) 293 REG32(SCL_EXT_LCNT_TIMING, 0xc8) 294 REG32(SCL_EXT_TERMN_LCNT_TIMING, 0xcc) 295 REG32(BUS_FREE_TIMING, 0xd4) 296 REG32(BUS_IDLE_TIMING, 0xd8) 297 FIELD(BUS_IDLE_TIMING, BUS_IDLE_TIME, 0, 20) 298 REG32(I3C_VER_ID, 0xe0) 299 REG32(I3C_VER_TYPE, 0xe4) 300 REG32(EXTENDED_CAPABILITY, 0xe8) 301 FIELD(EXTENDED_CAPABILITY, APP_IF_MODE, 0, 2) 302 FIELD(EXTENDED_CAPABILITY, APP_IF_DATA_WIDTH, 2, 2) 303 FIELD(EXTENDED_CAPABILITY, OPERATION_MODE, 4, 2) 304 FIELD(EXTENDED_CAPABILITY, CLK_PERIOD, 8, 6) 305 REG32(SLAVE_CONFIG, 0xec) 306 FIELD(SLAVE_CONFIG, DMA_EN, 0, 1) 307 FIELD(SLAVE_CONFIG, HJ_CAP, 0, 1) 308 FIELD(SLAVE_CONFIG, CLK_PERIOD, 2, 14) 309 /* Device characteristic table fields */ 310 REG32(DEVICE_CHARACTERISTIC_TABLE_LOC1, 0x200) 311 REG32(DEVICE_CHARACTERISTIC_TABLE_LOC_SECONDARY, 0x200) 312 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC_SECONDARY, DYNAMIC_ADDR, 0, 8) 313 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC_SECONDARY, DCR, 8, 8) 314 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC_SECONDARY, BCR, 16, 8) 315 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC_SECONDARY, STATIC_ADDR, 24, 8) 316 REG32(DEVICE_CHARACTERISTIC_TABLE_LOC2, 0x204) 317 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC2, MSB_PID, 0, 16) 318 REG32(DEVICE_CHARACTERISTIC_TABLE_LOC3, 0x208) 319 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC3, DCR, 0, 8) 320 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC3, BCR, 8, 8) 321 REG32(DEVICE_CHARACTERISTIC_TABLE_LOC4, 0x20c) 322 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC4, DEV_DYNAMIC_ADDR, 0, 8) 323 /* Dev addr table fields */ 324 REG32(DEVICE_ADDR_TABLE_LOC1, 0x280) 325 FIELD(DEVICE_ADDR_TABLE_LOC1, DEV_STATIC_ADDR, 0, 7) 326 FIELD(DEVICE_ADDR_TABLE_LOC1, IBI_PEC_EN, 11, 1) 327 FIELD(DEVICE_ADDR_TABLE_LOC1, IBI_WITH_DATA, 12, 1) 328 FIELD(DEVICE_ADDR_TABLE_LOC1, SIR_REJECT, 13, 1) 329 FIELD(DEVICE_ADDR_TABLE_LOC1, MR_REJECT, 14, 1) 330 FIELD(DEVICE_ADDR_TABLE_LOC1, DEV_DYNAMIC_ADDR, 16, 8) 331 FIELD(DEVICE_ADDR_TABLE_LOC1, IBI_ADDR_MASK, 24, 2) 332 FIELD(DEVICE_ADDR_TABLE_LOC1, DEV_NACK_RETRY_CNT, 29, 2) 333 FIELD(DEVICE_ADDR_TABLE_LOC1, LEGACY_I2C_DEVICE, 31, 1) 334 335 static const uint32_t ast2600_i3c_controller_ro[ASPEED_I3C_DEVICE_NR_REGS] = { 336 [R_I3C1_REG0] = 0xfc000000, 337 [R_I3C1_REG1] = 0xfff00000, 338 [R_I3C2_REG0] = 0xfc000000, 339 [R_I3C2_REG1] = 0xfff00000, 340 [R_I3C3_REG0] = 0xfc000000, 341 [R_I3C3_REG1] = 0xfff00000, 342 [R_I3C4_REG0] = 0xfc000000, 343 [R_I3C4_REG1] = 0xfff00000, 344 [R_I3C5_REG0] = 0xfc000000, 345 [R_I3C5_REG1] = 0xfff00000, 346 [R_I3C6_REG0] = 0xfc000000, 347 [R_I3C6_REG1] = 0xfff00000, 348 }; 349 350 static const uint32_t ast2600_i3c_device_resets[ASPEED_I3C_DEVICE_NR_REGS] = { 351 [R_HW_CAPABILITY] = 0x000e00bf, 352 [R_QUEUE_THLD_CTRL] = 0x01000101, 353 [R_DATA_BUFFER_THLD_CTRL] = 0x01010100, 354 [R_SLV_EVENT_CTRL] = 0x0000000b, 355 [R_QUEUE_STATUS_LEVEL] = 0x00000002, 356 [R_DATA_BUFFER_STATUS_LEVEL] = 0x00000010, 357 [R_PRESENT_STATE] = 0x00000003, 358 [R_I3C_VER_ID] = 0x3130302a, 359 [R_I3C_VER_TYPE] = 0x6c633033, 360 [R_DEVICE_ADDR_TABLE_POINTER] = 0x00080280, 361 [R_DEV_CHAR_TABLE_POINTER] = 0x00020200, 362 [R_SLV_CHAR_CTRL] = 0x00010000, 363 [A_VENDOR_SPECIFIC_REG_POINTER] = 0x000000b0, 364 [R_SLV_MAX_LEN] = 0x00ff00ff, 365 [R_SLV_TSX_SYMBL_TIMING] = 0x0000003f, 366 [R_SCL_I3C_OD_TIMING] = 0x000a0010, 367 [R_SCL_I3C_PP_TIMING] = 0x000a000a, 368 [R_SCL_I2C_FM_TIMING] = 0x00100010, 369 [R_SCL_I2C_FMP_TIMING] = 0x00100010, 370 [R_SCL_EXT_LCNT_TIMING] = 0x20202020, 371 [R_SCL_EXT_TERMN_LCNT_TIMING] = 0x00300000, 372 [R_BUS_FREE_TIMING] = 0x00200020, 373 [R_BUS_IDLE_TIMING] = 0x00000020, 374 [R_EXTENDED_CAPABILITY] = 0x00000239, 375 [R_SLAVE_CONFIG] = 0x00000023, 376 }; 377 378 static const uint32_t ast2600_i3c_device_ro[ASPEED_I3C_DEVICE_NR_REGS] = { 379 [R_DEVICE_CTRL] = 0x04fffe00, 380 [R_DEVICE_ADDR] = 0x7f807f80, 381 [R_HW_CAPABILITY] = 0xffffffff, 382 [R_IBI_QUEUE_STATUS] = 0xffffffff, 383 [R_DATA_BUFFER_THLD_CTRL] = 0xf8f8f8f8, 384 [R_IBI_QUEUE_CTRL] = 0xfffffff0, 385 [R_RESET_CTRL] = 0xffffffc0, 386 [R_SLV_EVENT_CTRL] = 0xffffff3f, 387 [R_INTR_STATUS] = 0xffff809f, 388 [R_INTR_STATUS_EN] = 0xffff8080, 389 [R_INTR_SIGNAL_EN] = 0xffff8080, 390 [R_INTR_FORCE] = 0xffff8000, 391 [R_QUEUE_STATUS_LEVEL] = 0xffffffff, 392 [R_DATA_BUFFER_STATUS_LEVEL] = 0xffffffff, 393 [R_PRESENT_STATE] = 0xffffffff, 394 [R_CCC_DEVICE_STATUS] = 0xffffffff, 395 [R_I3C_VER_ID] = 0xffffffff, 396 [R_I3C_VER_TYPE] = 0xffffffff, 397 [R_DEVICE_ADDR_TABLE_POINTER] = 0xffffffff, 398 [R_DEV_CHAR_TABLE_POINTER] = 0xffcbffff, 399 [R_SLV_PID_VALUE] = 0xffff0fff, 400 [R_SLV_CHAR_CTRL] = 0xffffffff, 401 [A_VENDOR_SPECIFIC_REG_POINTER] = 0xffffffff, 402 [R_SLV_MAX_LEN] = 0xffffffff, 403 [R_MAX_READ_TURNAROUND] = 0xffffffff, 404 [R_MAX_DATA_SPEED] = 0xffffffff, 405 [R_SLV_INTR_REQ] = 0xfffffff0, 406 [R_SLV_TSX_SYMBL_TIMING] = 0xffffffc0, 407 [R_DEVICE_CTRL_EXTENDED] = 0xfffffff8, 408 [R_SCL_I3C_OD_TIMING] = 0xff00ff00, 409 [R_SCL_I3C_PP_TIMING] = 0xff00ff00, 410 [R_SCL_I2C_FMP_TIMING] = 0xff000000, 411 [R_SCL_EXT_TERMN_LCNT_TIMING] = 0x0000fff0, 412 [R_BUS_IDLE_TIMING] = 0xfff00000, 413 [R_EXTENDED_CAPABILITY] = 0xffffffff, 414 [R_SLAVE_CONFIG] = 0xffffffff, 415 }; 416 417 static inline bool aspeed_i3c_device_has_entdaa(AspeedI3CDevice *s) 418 { 419 return ARRAY_FIELD_EX32(s->regs, HW_CAPABILITY, ENTDAA); 420 } 421 422 static inline bool aspeed_i3c_device_has_hdr_ts(AspeedI3CDevice *s) 423 { 424 return ARRAY_FIELD_EX32(s->regs, HW_CAPABILITY, HDR_TS); 425 } 426 427 static inline bool aspeed_i3c_device_has_hdr_ddr(AspeedI3CDevice *s) 428 { 429 return ARRAY_FIELD_EX32(s->regs, HW_CAPABILITY, HDR_DDR); 430 } 431 432 static inline bool aspeed_i3c_device_can_transmit(AspeedI3CDevice *s) 433 { 434 /* 435 * We can only transmit if we're enabled and the resume bit is cleared. 436 * The resume bit is set on a transaction error, and software must clear it. 437 */ 438 return ARRAY_FIELD_EX32(s->regs, DEVICE_CTRL, I3C_EN) && 439 !ARRAY_FIELD_EX32(s->regs, DEVICE_CTRL, I3C_RESUME); 440 } 441 442 static inline uint8_t aspeed_i3c_device_fifo_threshold_from_reg(uint8_t regval) 443 { 444 return regval = regval ? (2 << regval) : 1; 445 } 446 447 static void aspeed_i3c_device_update_irq(AspeedI3CDevice *s) 448 { 449 bool level = !!(s->regs[R_INTR_SIGNAL_EN] & s->regs[R_INTR_STATUS]); 450 qemu_set_irq(s->irq, level); 451 } 452 453 static void aspeed_i3c_device_end_transfer(AspeedI3CDevice *s, bool is_i2c) 454 { 455 if (is_i2c) { 456 legacy_i2c_end_transfer(s->bus); 457 } else { 458 i3c_end_transfer(s->bus); 459 } 460 } 461 462 static int aspeed_i3c_device_send_start(AspeedI3CDevice *s, uint8_t addr, 463 bool is_recv, bool is_i2c) 464 { 465 int ret; 466 467 if (is_i2c) { 468 ret = legacy_i2c_start_transfer(s->bus, addr, is_recv); 469 } else { 470 ret = i3c_start_transfer(s->bus, addr, is_recv); 471 } 472 if (ret) { 473 qemu_log_mask(LOG_GUEST_ERROR, "%s: NACKed on TX with addr 0x%.2x\n", 474 object_get_canonical_path(OBJECT(s)), addr); 475 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 476 ASPEED_I3C_TRANSFER_STATE_HALT); 477 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_STATUS, 478 ASPEED_I3C_TRANSFER_STATUS_HALT); 479 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, TRANSFER_ERR, 1); 480 ARRAY_FIELD_DP32(s->regs, DEVICE_CTRL, I3C_RESUME, 1); 481 } 482 483 return ret; 484 } 485 486 static int aspeed_i3c_device_send(AspeedI3CDevice *s, const uint8_t *data, 487 uint32_t num_to_send, uint32_t *num_sent, 488 bool is_i2c) 489 { 490 int ret; 491 uint32_t i; 492 493 *num_sent = 0; 494 if (is_i2c) { 495 /* Legacy I2C must be byte-by-byte. */ 496 for (i = 0; i < num_to_send; i++) { 497 ret = legacy_i2c_send(s->bus, data[i]); 498 if (ret) { 499 break; 500 } 501 (*num_sent)++; 502 } 503 } else { 504 ret = i3c_send(s->bus, data, num_to_send, num_sent); 505 } 506 if (ret) { 507 qemu_log_mask(LOG_GUEST_ERROR, "%s: NACKed sending byte 0x%.2x\n", 508 object_get_canonical_path(OBJECT(s)), data[*num_sent]); 509 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 510 ASPEED_I3C_TRANSFER_STATE_HALT); 511 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_STATUS, 512 ASPEED_I3C_TRANSFER_STATUS_HALT); 513 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, TRANSFER_ERR, 1); 514 ARRAY_FIELD_DP32(s->regs, DEVICE_CTRL, I3C_RESUME, 1); 515 } 516 517 trace_aspeed_i3c_device_send(s->id, *num_sent); 518 519 return ret; 520 } 521 522 static int aspeed_i3c_device_send_byte(AspeedI3CDevice *s, uint8_t byte, 523 bool is_i2c) 524 { 525 /* 526 * Ignored, the caller will know if we sent 0 or 1 bytes depending on if 527 * we were ACKed/NACKed. 528 */ 529 uint32_t num_sent; 530 return aspeed_i3c_device_send(s, &byte, 1, &num_sent, is_i2c); 531 } 532 533 static int aspeed_i3c_device_recv_data(AspeedI3CDevice *s, bool is_i2c, 534 uint8_t *data, uint16_t num_to_read, 535 uint32_t *num_read) 536 { 537 int ret; 538 539 if (is_i2c) { 540 for (uint16_t i = 0; i < num_to_read; i++) { 541 data[i] = legacy_i2c_recv(s->bus); 542 } 543 /* I2C devices can neither NACK a read, nor end transfers early. */ 544 *num_read = num_to_read; 545 trace_aspeed_i3c_device_recv_data(s->id, *num_read); 546 return 0; 547 } 548 /* I3C devices can NACK if the controller sends an unsupported CCC. */ 549 ret = i3c_recv(s->bus, data, num_to_read, num_read); 550 if (ret) { 551 qemu_log_mask(LOG_GUEST_ERROR, "%s: NACKed receiving byte\n", 552 object_get_canonical_path(OBJECT(s))); 553 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 554 ASPEED_I3C_TRANSFER_STATE_HALT); 555 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_STATUS, 556 ASPEED_I3C_TRANSFER_STATUS_HALT); 557 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, TRANSFER_ERR, 1); 558 ARRAY_FIELD_DP32(s->regs, DEVICE_CTRL, I3C_RESUME, 1); 559 } 560 561 trace_aspeed_i3c_device_recv_data(s->id, *num_read); 562 563 return ret; 564 } 565 566 static inline bool aspeed_i3c_device_target_is_i2c(AspeedI3CDevice *s, 567 uint16_t offset) 568 { 569 uint16_t dev_index = R_DEVICE_ADDR_TABLE_LOC1 + offset; 570 return FIELD_EX32(s->regs[dev_index], DEVICE_ADDR_TABLE_LOC1, 571 LEGACY_I2C_DEVICE); 572 } 573 574 static uint8_t aspeed_i3c_device_target_addr(AspeedI3CDevice *s, 575 uint16_t offset) 576 { 577 if (offset > ASPEED_I3C_NR_DEVICES) { 578 qemu_log_mask(LOG_GUEST_ERROR, "%s: Device addr table offset %d out of " 579 "bounds\n", object_get_canonical_path(OBJECT(s)), offset); 580 /* If we're out of bounds, return an address of 0. */ 581 return 0; 582 } 583 584 uint16_t dev_index = R_DEVICE_ADDR_TABLE_LOC1 + offset; 585 /* I2C devices use a static address. */ 586 if (aspeed_i3c_device_target_is_i2c(s, offset)) { 587 return FIELD_EX32(s->regs[dev_index], DEVICE_ADDR_TABLE_LOC1, 588 DEV_STATIC_ADDR); 589 } 590 return FIELD_EX32(s->regs[dev_index], DEVICE_ADDR_TABLE_LOC1, 591 DEV_DYNAMIC_ADDR); 592 } 593 594 static uint32_t aspeed_i3c_device_intr_status_r(AspeedI3CDevice *s) 595 { 596 /* Only return the status whose corresponding EN bits are set. */ 597 return s->regs[R_INTR_STATUS] & s->regs[R_INTR_STATUS_EN]; 598 } 599 600 static void aspeed_i3c_device_intr_status_w(AspeedI3CDevice *s, uint32_t val) 601 { 602 /* INTR_STATUS[13:5] is w1c, other bits are RO. */ 603 val &= 0x3fe0; 604 s->regs[R_INTR_STATUS] &= ~val; 605 606 aspeed_i3c_device_update_irq(s); 607 } 608 609 static void aspeed_i3c_device_intr_status_en_w(AspeedI3CDevice *s, uint32_t val) 610 { 611 s->regs[R_INTR_STATUS_EN] = val; 612 aspeed_i3c_device_update_irq(s); 613 } 614 615 static void aspeed_i3c_device_intr_signal_en_w(AspeedI3CDevice *s, uint32_t val) 616 { 617 s->regs[R_INTR_SIGNAL_EN] = val; 618 aspeed_i3c_device_update_irq(s); 619 } 620 621 static void aspeed_i3c_device_intr_force_w(AspeedI3CDevice *s, uint32_t val) 622 { 623 /* INTR_FORCE is WO, just set the corresponding INTR_STATUS bits. */ 624 s->regs[R_INTR_STATUS] = val; 625 aspeed_i3c_device_update_irq(s); 626 } 627 628 static uint32_t aspeed_i3c_device_pop_rx(AspeedI3CDevice *s) 629 { 630 if (fifo32_is_empty(&s->rx_queue)) { 631 qemu_log_mask(LOG_GUEST_ERROR, "%s: Tried to read RX FIFO when empty\n", 632 object_get_canonical_path(OBJECT(s))); 633 return 0; 634 } 635 636 uint32_t val = fifo32_pop(&s->rx_queue); 637 ARRAY_FIELD_DP32(s->regs, DATA_BUFFER_STATUS_LEVEL, RX_BUF_BLR, 638 fifo32_num_used(&s->rx_queue)); 639 640 /* Threshold is 2^RX_BUF_THLD. */ 641 uint8_t threshold = ARRAY_FIELD_EX32(s->regs, DATA_BUFFER_THLD_CTRL, 642 RX_BUF_THLD); 643 threshold = aspeed_i3c_device_fifo_threshold_from_reg(threshold); 644 if (fifo32_num_used(&s->rx_queue) < threshold) { 645 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, RX_THLD, 0); 646 aspeed_i3c_device_update_irq(s); 647 } 648 649 trace_aspeed_i3c_device_pop_rx(s->id, val); 650 return val; 651 } 652 653 static uint32_t aspeed_i3c_device_resp_queue_port_r(AspeedI3CDevice *s) 654 { 655 if (fifo32_is_empty(&s->resp_queue)) { 656 qemu_log_mask(LOG_GUEST_ERROR, "%s: Tried to read response FIFO when " 657 "empty\n", object_get_canonical_path(OBJECT(s))); 658 return 0; 659 } 660 661 uint32_t val = fifo32_pop(&s->resp_queue); 662 ARRAY_FIELD_DP32(s->regs, QUEUE_STATUS_LEVEL, RESP_BUF_BLR, 663 fifo32_num_used(&s->resp_queue)); 664 665 /* Threshold is the register value + 1. */ 666 uint8_t threshold = ARRAY_FIELD_EX32(s->regs, QUEUE_THLD_CTRL, 667 RESP_BUF_THLD) + 1; 668 if (fifo32_num_used(&s->resp_queue) < threshold) { 669 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, RESP_RDY, 0); 670 aspeed_i3c_device_update_irq(s); 671 } 672 673 return val; 674 } 675 676 static uint64_t aspeed_i3c_device_read(void *opaque, hwaddr offset, 677 unsigned size) 678 { 679 AspeedI3CDevice *s = ASPEED_I3C_DEVICE(opaque); 680 uint32_t addr = offset >> 2; 681 uint64_t value; 682 683 switch (addr) { 684 /* RAZ */ 685 case R_COMMAND_QUEUE_PORT: 686 case R_RESET_CTRL: 687 case R_INTR_FORCE: 688 value = 0; 689 break; 690 case R_INTR_STATUS: 691 value = aspeed_i3c_device_intr_status_r(s); 692 break; 693 case R_RX_TX_DATA_PORT: 694 value = aspeed_i3c_device_pop_rx(s); 695 break; 696 case R_RESPONSE_QUEUE_PORT: 697 value = aspeed_i3c_device_resp_queue_port_r(s); 698 break; 699 default: 700 value = s->regs[addr]; 701 break; 702 } 703 704 trace_aspeed_i3c_device_read(s->id, offset, value); 705 706 return value; 707 } 708 709 static void aspeed_i3c_device_resp_queue_push(AspeedI3CDevice *s, 710 uint8_t err, uint8_t tid, 711 uint8_t ccc_type, 712 uint16_t data_len) 713 { 714 uint32_t val = 0; 715 val = FIELD_DP32(val, RESPONSE_QUEUE_PORT, ERR_STATUS, err); 716 val = FIELD_DP32(val, RESPONSE_QUEUE_PORT, TID, tid); 717 val = FIELD_DP32(val, RESPONSE_QUEUE_PORT, CCCT, ccc_type); 718 val = FIELD_DP32(val, RESPONSE_QUEUE_PORT, DL, data_len); 719 if (!fifo32_is_full(&s->resp_queue)) { 720 trace_aspeed_i3c_device_resp_queue_push(s->id, val); 721 fifo32_push(&s->resp_queue, val); 722 } 723 724 ARRAY_FIELD_DP32(s->regs, QUEUE_STATUS_LEVEL, RESP_BUF_BLR, 725 fifo32_num_used(&s->resp_queue)); 726 /* Threshold is the register value + 1. */ 727 uint8_t threshold = ARRAY_FIELD_EX32(s->regs, QUEUE_THLD_CTRL, 728 RESP_BUF_THLD) + 1; 729 if (fifo32_num_used(&s->resp_queue) >= threshold) { 730 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, RESP_RDY, 1); 731 aspeed_i3c_device_update_irq(s); 732 } 733 } 734 735 static void aspeed_i3c_device_push_tx(AspeedI3CDevice *s, uint32_t val) 736 { 737 if (fifo32_is_full(&s->tx_queue)) { 738 qemu_log_mask(LOG_GUEST_ERROR, "%s: Tried to push to TX FIFO when " 739 "full\n", object_get_canonical_path(OBJECT(s))); 740 return; 741 } 742 743 trace_aspeed_i3c_device_push_tx(s->id, val); 744 fifo32_push(&s->tx_queue, val); 745 ARRAY_FIELD_DP32(s->regs, DATA_BUFFER_STATUS_LEVEL, TX_BUF_EMPTY_LOC, 746 fifo32_num_free(&s->tx_queue)); 747 748 /* Threshold is 2^TX_BUF_THLD. */ 749 uint8_t empty_threshold = ARRAY_FIELD_EX32(s->regs, DATA_BUFFER_THLD_CTRL, 750 TX_BUF_THLD); 751 empty_threshold = 752 aspeed_i3c_device_fifo_threshold_from_reg(empty_threshold); 753 if (fifo32_num_free(&s->tx_queue) < empty_threshold) { 754 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, TX_THLD, 0); 755 aspeed_i3c_device_update_irq(s); 756 } 757 } 758 759 static uint32_t aspeed_i3c_device_pop_tx(AspeedI3CDevice *s) 760 { 761 if (fifo32_is_empty(&s->tx_queue)) { 762 qemu_log_mask(LOG_GUEST_ERROR, "%s: Tried to pop from TX FIFO when " 763 "empty\n", object_get_canonical_path(OBJECT(s))); 764 return 0; 765 } 766 767 uint32_t val = fifo32_pop(&s->tx_queue); 768 trace_aspeed_i3c_device_pop_tx(s->id, val); 769 ARRAY_FIELD_DP32(s->regs, DATA_BUFFER_STATUS_LEVEL, TX_BUF_EMPTY_LOC, 770 fifo32_num_free(&s->tx_queue)); 771 772 /* Threshold is 2^TX_BUF_THLD. */ 773 uint8_t empty_threshold = ARRAY_FIELD_EX32(s->regs, DATA_BUFFER_THLD_CTRL, 774 TX_BUF_THLD); 775 empty_threshold = 776 aspeed_i3c_device_fifo_threshold_from_reg(empty_threshold); 777 if (fifo32_num_free(&s->tx_queue) >= empty_threshold) { 778 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, TX_THLD, 1); 779 aspeed_i3c_device_update_irq(s); 780 } 781 return val; 782 } 783 784 static void aspeed_i3c_device_push_rx(AspeedI3CDevice *s, uint32_t val) 785 { 786 if (fifo32_is_full(&s->rx_queue)) { 787 qemu_log_mask(LOG_GUEST_ERROR, "%s: Tried to push to RX FIFO when " 788 "full\n", object_get_canonical_path(OBJECT(s))); 789 return; 790 } 791 trace_aspeed_i3c_device_push_rx(s->id, val); 792 fifo32_push(&s->rx_queue, val); 793 794 ARRAY_FIELD_DP32(s->regs, DATA_BUFFER_STATUS_LEVEL, RX_BUF_BLR, 795 fifo32_num_used(&s->rx_queue)); 796 /* Threshold is 2^RX_BUF_THLD. */ 797 uint8_t threshold = ARRAY_FIELD_EX32(s->regs, DATA_BUFFER_THLD_CTRL, 798 RX_BUF_THLD); 799 threshold = aspeed_i3c_device_fifo_threshold_from_reg(threshold); 800 if (fifo32_num_used(&s->rx_queue) >= threshold) { 801 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, RX_THLD, 1); 802 aspeed_i3c_device_update_irq(s); 803 } 804 } 805 806 static void aspeed_i3c_device_short_transfer(AspeedI3CDevice *s, 807 AspeedI3CTransferCmd cmd, 808 AspeedI3CShortArg arg) 809 { 810 uint8_t err = ASPEED_I3C_RESP_QUEUE_ERR_NONE; 811 uint8_t addr = aspeed_i3c_device_target_addr(s, cmd.dev_index); 812 bool is_i2c = aspeed_i3c_device_target_is_i2c(s, cmd.dev_index); 813 uint8_t data[4]; /* Max we can send on a short transfer is 4 bytes. */ 814 uint8_t len = 0; 815 uint32_t bytes_sent; /* Ignored on short transfers. */ 816 817 /* Can't do reads on a short transfer. */ 818 if (cmd.rnw) { 819 qemu_log_mask(LOG_GUEST_ERROR, "%s: Cannot do a read on a short " 820 "transfer\n", object_get_canonical_path(OBJECT(s))); 821 return; 822 } 823 824 if (aspeed_i3c_device_send_start(s, addr, /*is_recv=*/false, is_i2c)) { 825 err = ASPEED_I3C_RESP_QUEUE_ERR_I2C_NACK; 826 goto transfer_done; 827 } 828 829 /* Are we sending a command? */ 830 if (cmd.cp) { 831 data[len] = cmd.cmd; 832 len++; 833 /* 834 * byte0 is the defining byte for a command, and is only sent if a 835 * command is present and if the command has a defining byte present. 836 * (byte_strb & 0x01) is always treated as set by the controller, and is 837 * ignored. 838 */ 839 if (cmd.dbp) { 840 data[len] += arg.byte0; 841 len++; 842 } 843 } 844 845 /* Send the bytes passed in the argument. */ 846 if (arg.byte_strb & 0x02) { 847 data[len] = arg.byte1; 848 len++; 849 } 850 if (arg.byte_strb & 0x04) { 851 data[len] = arg.byte2; 852 len++; 853 } 854 855 if (aspeed_i3c_device_send(s, data, len, &bytes_sent, is_i2c)) { 856 err = ASPEED_I3C_RESP_QUEUE_ERR_I2C_NACK; 857 } else { 858 /* Only go to an idle state on a successful transfer. */ 859 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 860 ASPEED_I3C_TRANSFER_STATE_IDLE); 861 } 862 863 transfer_done: 864 if (cmd.toc) { 865 aspeed_i3c_device_end_transfer(s, is_i2c); 866 } 867 if (cmd.roc) { 868 /* 869 * ccc_type is always 0 in controller mode, data_len is 0 in short 870 * transfers. 871 */ 872 aspeed_i3c_device_resp_queue_push(s, err, cmd.tid, /*ccc_type=*/0, 873 /*data_len=*/0); 874 } 875 } 876 877 /* Returns number of bytes transmitted. */ 878 static uint16_t aspeed_i3c_device_tx(AspeedI3CDevice *s, uint16_t num, 879 bool is_i2c) 880 { 881 uint16_t bytes_sent = 0; 882 union { 883 uint8_t b[sizeof(uint32_t)]; 884 uint32_t val; 885 } val32; 886 887 while (bytes_sent < num) { 888 val32.val = aspeed_i3c_device_pop_tx(s); 889 for (uint8_t i = 0; i < sizeof(val32.val); i++) { 890 if (aspeed_i3c_device_send_byte(s, val32.b[i], is_i2c)) { 891 return bytes_sent; 892 } 893 bytes_sent++; 894 895 /* We're not sending the full 32-bits, break early. */ 896 if (bytes_sent >= num) { 897 break; 898 } 899 } 900 } 901 902 return bytes_sent; 903 } 904 905 /* Returns number of bytes received. */ 906 static uint16_t aspeed_i3c_device_rx(AspeedI3CDevice *s, uint16_t num, 907 bool is_i2c) 908 { 909 /* 910 * Allocate a temporary buffer to read data from the target. 911 * Zero it and word-align it as well in case we're reading unaligned data. 912 */ 913 g_autofree uint8_t *data = g_new0(uint8_t, num + (num & 0x03)); 914 uint32_t *data32 = (uint32_t *)data; 915 /* 916 * 32-bits since the I3C API wants a 32-bit number, even though the 917 * controller can only do 16-bit transfers. 918 */ 919 uint32_t num_read = 0; 920 921 /* Can NACK if the target receives an unsupported CCC. */ 922 if (aspeed_i3c_device_recv_data(s, is_i2c, data, num, &num_read)) { 923 return 0; 924 } 925 926 for (uint16_t i = 0; i < num_read / 4; i++) { 927 aspeed_i3c_device_push_rx(s, *data32); 928 data32++; 929 } 930 /* 931 * If we're pushing data that isn't 32-bit aligned, push what's left. 932 * It's software's responsibility to know what bits are valid in the partial 933 * data. 934 */ 935 if (num_read & 0x03) { 936 aspeed_i3c_device_push_rx(s, *data32); 937 } 938 939 return num_read; 940 } 941 942 static int aspeed_i3c_device_transfer_ccc(AspeedI3CDevice *s, 943 AspeedI3CTransferCmd cmd, 944 AspeedI3CTransferArg arg) 945 { 946 /* CCC start is always a write. CCCs cannot be done on I2C devices. */ 947 if (aspeed_i3c_device_send_start(s, I3C_BROADCAST, /*is_recv=*/false, 948 /*is_i2c=*/false)) { 949 return ASPEED_I3C_RESP_QUEUE_ERR_BROADCAST_NACK; 950 } 951 trace_aspeed_i3c_device_transfer_ccc(s->id, cmd.cmd); 952 if (aspeed_i3c_device_send_byte(s, cmd.cmd, /*is_i2c=*/false)) { 953 return ASPEED_I3C_RESP_QUEUE_ERR_I2C_NACK; 954 } 955 956 /* On a direct CCC, we do a restart and then send the target's address. */ 957 if (CCC_IS_DIRECT(cmd.cmd)) { 958 bool is_recv = cmd.rnw; 959 uint8_t addr = aspeed_i3c_device_target_addr(s, cmd.dev_index); 960 if (aspeed_i3c_device_send_start(s, addr, is_recv, /*is_i2c=*/false)) { 961 return ASPEED_I3C_RESP_QUEUE_ERR_BROADCAST_NACK; 962 } 963 } 964 965 return ASPEED_I3C_RESP_QUEUE_ERR_NONE; 966 } 967 968 static void aspeed_i3c_device_transfer(AspeedI3CDevice *s, 969 AspeedI3CTransferCmd cmd, 970 AspeedI3CTransferArg arg) 971 { 972 bool is_recv = cmd.rnw; 973 uint8_t err = ASPEED_I3C_RESP_QUEUE_ERR_NONE; 974 uint8_t addr = aspeed_i3c_device_target_addr(s, cmd.dev_index); 975 bool is_i2c = aspeed_i3c_device_target_is_i2c(s, cmd.dev_index); 976 uint16_t bytes_transferred = 0; 977 978 if (cmd.cp) { 979 /* We're sending a CCC. */ 980 err = aspeed_i3c_device_transfer_ccc(s, cmd, arg); 981 if (err != ASPEED_I3C_RESP_QUEUE_ERR_NONE) { 982 goto transfer_done; 983 } 984 } else { 985 if (ARRAY_FIELD_EX32(s->regs, DEVICE_CTRL, I3C_BROADCAST_ADDR_INC) && 986 is_i2c == false) { 987 if (aspeed_i3c_device_send_start(s, I3C_BROADCAST, 988 /*is_recv=*/false, is_i2c)) { 989 err = ASPEED_I3C_RESP_QUEUE_ERR_I2C_NACK; 990 goto transfer_done; 991 } 992 } 993 /* Otherwise we're doing a private transfer. */ 994 if (aspeed_i3c_device_send_start(s, addr, is_recv, is_i2c)) { 995 err = ASPEED_I3C_RESP_QUEUE_ERR_I2C_NACK; 996 goto transfer_done; 997 } 998 } 999 1000 if (is_recv) { 1001 bytes_transferred = aspeed_i3c_device_rx(s, arg.data_len, is_i2c); 1002 } else { 1003 bytes_transferred = aspeed_i3c_device_tx(s, arg.data_len, is_i2c); 1004 } 1005 1006 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 1007 ASPEED_I3C_TRANSFER_STATE_IDLE); 1008 1009 transfer_done: 1010 if (cmd.toc) { 1011 aspeed_i3c_device_end_transfer(s, is_i2c); 1012 } 1013 if (cmd.roc) { 1014 /* 1015 * data_len is the number of bytes that still need to be TX'd, or the 1016 * number of bytes RX'd. 1017 */ 1018 uint16_t data_len = is_recv ? bytes_transferred : arg.data_len - 1019 bytes_transferred; 1020 /* CCCT is always 0 in controller mode. */ 1021 aspeed_i3c_device_resp_queue_push(s, err, cmd.tid, /*ccc_type=*/0, 1022 data_len); 1023 } 1024 1025 aspeed_i3c_device_update_irq(s); 1026 } 1027 1028 static void aspeed_i3c_device_transfer_cmd(AspeedI3CDevice *s, 1029 AspeedI3CTransferCmd cmd, 1030 AspeedI3CCmdQueueData arg) 1031 { 1032 uint8_t arg_attr = FIELD_EX32(arg.word, COMMAND_QUEUE_PORT, CMD_ATTR); 1033 1034 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CMD_TID, cmd.tid); 1035 1036 /* User is trying to do HDR transfers, see if we can do them. */ 1037 if (cmd.speed == 0x06 && !aspeed_i3c_device_has_hdr_ddr(s)) { 1038 qemu_log_mask(LOG_GUEST_ERROR, "%s: HDR DDR is not supported\n", 1039 object_get_canonical_path(OBJECT(s))); 1040 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 1041 ASPEED_I3C_TRANSFER_STATE_HALT); 1042 return; 1043 } 1044 if (cmd.speed == 0x05 && !aspeed_i3c_device_has_hdr_ts(s)) { 1045 qemu_log_mask(LOG_GUEST_ERROR, "%s: HDR TS is not supported\n", 1046 object_get_canonical_path(OBJECT(s))); 1047 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 1048 ASPEED_I3C_TRANSFER_STATE_HALT); 1049 return; 1050 } 1051 1052 if (arg_attr == ASPEED_I3C_CMD_ATTR_TRANSFER_ARG) { 1053 aspeed_i3c_device_transfer(s, cmd, arg.transfer_arg); 1054 } else if (arg_attr == ASPEED_I3C_CMD_ATTR_SHORT_DATA_ARG) { 1055 aspeed_i3c_device_short_transfer(s, cmd, arg.short_arg); 1056 } else { 1057 qemu_log_mask(LOG_GUEST_ERROR, "%s: Unknown command queue cmd_attr 0x%x" 1058 "\n", object_get_canonical_path(OBJECT(s)), arg_attr); 1059 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 1060 ASPEED_I3C_TRANSFER_STATE_HALT); 1061 } 1062 } 1063 1064 static void aspeed_i3c_device_update_char_table(AspeedI3CDevice *s, 1065 uint8_t offset, uint64_t pid, 1066 uint8_t bcr, uint8_t dcr, 1067 uint8_t addr) 1068 { 1069 if (offset > ASPEED_I3C_NR_DEVICES) { 1070 qemu_log_mask(LOG_GUEST_ERROR, "%s: Device char table offset %d out of " 1071 "bounds\n", object_get_canonical_path(OBJECT(s)), offset); 1072 /* If we're out of bounds, do nothing. */ 1073 return; 1074 } 1075 1076 /* Each char table index is 128 bits apart. */ 1077 uint16_t dev_index = R_DEVICE_CHARACTERISTIC_TABLE_LOC1 + offset * 1078 sizeof(uint32_t); 1079 s->regs[dev_index] = pid & 0xffffffff; 1080 pid >>= 32; 1081 s->regs[dev_index + 1] = FIELD_DP32(s->regs[dev_index + 1], 1082 DEVICE_CHARACTERISTIC_TABLE_LOC2, 1083 MSB_PID, pid); 1084 s->regs[dev_index + 2] = FIELD_DP32(s->regs[dev_index + 2], 1085 DEVICE_CHARACTERISTIC_TABLE_LOC3, DCR, 1086 dcr); 1087 s->regs[dev_index + 2] = FIELD_DP32(s->regs[dev_index + 2], 1088 DEVICE_CHARACTERISTIC_TABLE_LOC3, BCR, 1089 bcr); 1090 s->regs[dev_index + 3] = FIELD_DP32(s->regs[dev_index + 3], 1091 DEVICE_CHARACTERISTIC_TABLE_LOC4, 1092 DEV_DYNAMIC_ADDR, addr); 1093 1094 /* Increment PRESENT_DEV_CHAR_TABLE_INDEX. */ 1095 uint8_t idx = ARRAY_FIELD_EX32(s->regs, DEV_CHAR_TABLE_POINTER, 1096 PRESENT_DEV_CHAR_TABLE_INDEX); 1097 /* Increment and rollover. */ 1098 idx++; 1099 if (idx >= ARRAY_FIELD_EX32(s->regs, DEV_CHAR_TABLE_POINTER, 1100 DEV_CHAR_TABLE_DEPTH) / 4) { 1101 idx = 0; 1102 } 1103 ARRAY_FIELD_DP32(s->regs, DEV_CHAR_TABLE_POINTER, 1104 PRESENT_DEV_CHAR_TABLE_INDEX, idx); 1105 } 1106 1107 static void aspeed_i3c_device_addr_assign_cmd(AspeedI3CDevice *s, 1108 AspeedI3CAddrAssignCmd cmd) 1109 { 1110 uint8_t i = 0; 1111 uint8_t err = ASPEED_I3C_RESP_QUEUE_ERR_NONE; 1112 1113 if (!aspeed_i3c_device_has_entdaa(s)) { 1114 qemu_log_mask(LOG_GUEST_ERROR, "%s: ENTDAA is not supported\n", 1115 object_get_canonical_path(OBJECT(s))); 1116 return; 1117 } 1118 1119 /* Tell everyone to ENTDAA. If these error, no one is on the bus. */ 1120 if (aspeed_i3c_device_send_start(s, I3C_BROADCAST, /*is_recv=*/false, 1121 /*is_i2c=*/false)) { 1122 err = ASPEED_I3C_RESP_QUEUE_ERR_BROADCAST_NACK; 1123 goto transfer_done; 1124 } 1125 if (aspeed_i3c_device_send_byte(s, cmd.cmd, /*is_i2c=*/false)) { 1126 err = ASPEED_I3C_RESP_QUEUE_ERR_BROADCAST_NACK; 1127 goto transfer_done; 1128 } 1129 1130 /* Go through each device in the table and assign it an address. */ 1131 for (i = 0; i < cmd.dev_count; i++) { 1132 uint8_t addr = aspeed_i3c_device_target_addr(s, cmd.dev_index + i); 1133 union { 1134 uint64_t pid:48; 1135 uint8_t bcr; 1136 uint8_t dcr; 1137 uint32_t w[2]; 1138 uint8_t b[8]; 1139 } target_info; 1140 1141 /* If this fails, there was no one left to ENTDAA. */ 1142 if (aspeed_i3c_device_send_start(s, I3C_BROADCAST, /*is_recv=*/false, 1143 /*is_i2c=*/false)) { 1144 err = ASPEED_I3C_RESP_QUEUE_ERR_BROADCAST_NACK; 1145 break; 1146 } 1147 1148 /* 1149 * In ENTDAA, we read 8 bytes from the target, which will be the 1150 * target's PID, BCR, and DCR. After that, we send it the dynamic 1151 * address. 1152 * Don't bother checking the number of bytes received, it must send 8 1153 * bytes during ENTDAA. 1154 */ 1155 uint32_t num_read; 1156 if (aspeed_i3c_device_recv_data(s, /*is_i2c=*/false, target_info.b, 1157 I3C_ENTDAA_SIZE, &num_read)) { 1158 qemu_log_mask(LOG_GUEST_ERROR, "%s: Target NACKed ENTDAA CCC\n", 1159 object_get_canonical_path(OBJECT(s))); 1160 err = ASPEED_I3C_RESP_QUEUE_ERR_DAA_NACK; 1161 goto transfer_done; 1162 } 1163 if (aspeed_i3c_device_send_byte(s, addr, /*is_i2c=*/false)) { 1164 qemu_log_mask(LOG_GUEST_ERROR, "%s: Target NACKed addr 0x%.2x " 1165 "during ENTDAA\n", 1166 object_get_canonical_path(OBJECT(s)), addr); 1167 err = ASPEED_I3C_RESP_QUEUE_ERR_DAA_NACK; 1168 break; 1169 } 1170 aspeed_i3c_device_update_char_table(s, cmd.dev_index + i, 1171 target_info.pid, target_info.bcr, 1172 target_info.dcr, addr); 1173 1174 /* Push the PID, BCR, and DCR to the RX queue. */ 1175 aspeed_i3c_device_push_rx(s, target_info.w[0]); 1176 aspeed_i3c_device_push_rx(s, target_info.w[1]); 1177 } 1178 1179 transfer_done: 1180 /* Do we send a STOP? */ 1181 if (cmd.toc) { 1182 aspeed_i3c_device_end_transfer(s, /*is_i2c=*/false); 1183 } 1184 /* 1185 * For addr assign commands, the length field is the number of devices 1186 * left to assign. CCCT is always 0 in controller mode. 1187 */ 1188 if (cmd.roc) { 1189 aspeed_i3c_device_resp_queue_push(s, err, cmd.tid, /*ccc_type=*/0, 1190 cmd.dev_count - i); 1191 } 1192 } 1193 1194 static uint32_t aspeed_i3c_device_cmd_queue_pop(AspeedI3CDevice *s) 1195 { 1196 if (fifo32_is_empty(&s->cmd_queue)) { 1197 qemu_log_mask(LOG_GUEST_ERROR, "%s: Tried to dequeue command queue " 1198 "when it was empty\n", 1199 object_get_canonical_path(OBJECT(s))); 1200 return 0; 1201 } 1202 uint32_t val = fifo32_pop(&s->cmd_queue); 1203 1204 uint8_t empty_threshold = ARRAY_FIELD_EX32(s->regs, QUEUE_THLD_CTRL, 1205 CMD_BUF_EMPTY_THLD); 1206 uint8_t cmd_queue_empty_loc = ARRAY_FIELD_EX32(s->regs, 1207 QUEUE_STATUS_LEVEL, 1208 CMD_QUEUE_EMPTY_LOC); 1209 cmd_queue_empty_loc++; 1210 ARRAY_FIELD_DP32(s->regs, QUEUE_STATUS_LEVEL, CMD_QUEUE_EMPTY_LOC, 1211 cmd_queue_empty_loc); 1212 if (cmd_queue_empty_loc >= empty_threshold) { 1213 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, CMD_QUEUE_RDY, 1); 1214 aspeed_i3c_device_update_irq(s); 1215 } 1216 1217 return val; 1218 } 1219 1220 static void aspeed_i3c_device_cmd_queue_execute(AspeedI3CDevice *s) 1221 { 1222 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 1223 ASPEED_I3C_TRANSFER_STATE_IDLE); 1224 if (!aspeed_i3c_device_can_transmit(s)) { 1225 return; 1226 } 1227 1228 /* 1229 * We only start executing when a command is passed into the FIFO. 1230 * We expect there to be a multiple of 2 items in the queue. The first item 1231 * should be an argument to a command, and the command should be the second 1232 * item. 1233 */ 1234 if (fifo32_num_used(&s->cmd_queue) & 1) { 1235 return; 1236 } 1237 1238 while (!fifo32_is_empty(&s->cmd_queue)) { 1239 AspeedI3CCmdQueueData arg; 1240 arg.word = aspeed_i3c_device_cmd_queue_pop(s); 1241 AspeedI3CCmdQueueData cmd; 1242 cmd.word = aspeed_i3c_device_cmd_queue_pop(s); 1243 trace_aspeed_i3c_device_cmd_queue_execute(s->id, cmd.word, arg.word); 1244 1245 uint8_t cmd_attr = FIELD_EX32(cmd.word, COMMAND_QUEUE_PORT, CMD_ATTR); 1246 switch (cmd_attr) { 1247 case ASPEED_I3C_CMD_ATTR_TRANSFER_CMD: 1248 aspeed_i3c_device_transfer_cmd(s, cmd.transfer_cmd, arg); 1249 break; 1250 case ASPEED_I3C_CMD_ATTR_ADDR_ASSIGN_CMD: 1251 /* Arg is discarded for addr assign commands. */ 1252 aspeed_i3c_device_addr_assign_cmd(s, cmd.addr_assign_cmd); 1253 break; 1254 case ASPEED_I3C_CMD_ATTR_TRANSFER_ARG: 1255 case ASPEED_I3C_CMD_ATTR_SHORT_DATA_ARG: 1256 qemu_log_mask(LOG_GUEST_ERROR, "%s: Command queue received argument" 1257 " packet when it expected a command packet\n", 1258 object_get_canonical_path(OBJECT(s))); 1259 break; 1260 default: 1261 /* 1262 * The caller's check before queueing an item should prevent this 1263 * from happening. 1264 */ 1265 g_assert_not_reached(); 1266 break; 1267 } 1268 } 1269 } 1270 1271 static void aspeed_i3c_device_cmd_queue_push(AspeedI3CDevice *s, uint32_t val) 1272 { 1273 if (fifo32_is_full(&s->cmd_queue)) { 1274 qemu_log_mask(LOG_GUEST_ERROR, "%s: Command queue received packet when " 1275 "already full\n", object_get_canonical_path(OBJECT(s))); 1276 return; 1277 } 1278 trace_aspeed_i3c_device_cmd_queue_push(s->id, val); 1279 fifo32_push(&s->cmd_queue, val); 1280 1281 uint8_t empty_threshold = ARRAY_FIELD_EX32(s->regs, QUEUE_THLD_CTRL, 1282 CMD_BUF_EMPTY_THLD); 1283 uint8_t cmd_queue_empty_loc = ARRAY_FIELD_EX32(s->regs, 1284 QUEUE_STATUS_LEVEL, 1285 CMD_QUEUE_EMPTY_LOC); 1286 if (cmd_queue_empty_loc) { 1287 cmd_queue_empty_loc--; 1288 ARRAY_FIELD_DP32(s->regs, QUEUE_STATUS_LEVEL, CMD_QUEUE_EMPTY_LOC, 1289 cmd_queue_empty_loc); 1290 } 1291 if (cmd_queue_empty_loc < empty_threshold) { 1292 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, CMD_QUEUE_RDY, 0); 1293 aspeed_i3c_device_update_irq(s); 1294 } 1295 } 1296 1297 static void aspeed_i3c_device_cmd_queue_port_w(AspeedI3CDevice *s, uint32_t val) 1298 { 1299 uint8_t cmd_attr = FIELD_EX32(val, COMMAND_QUEUE_PORT, CMD_ATTR); 1300 1301 switch (cmd_attr) { 1302 /* If a command is received we can start executing it. */ 1303 case ASPEED_I3C_CMD_ATTR_TRANSFER_CMD: 1304 case ASPEED_I3C_CMD_ATTR_ADDR_ASSIGN_CMD: 1305 aspeed_i3c_device_cmd_queue_push(s, val); 1306 aspeed_i3c_device_cmd_queue_execute(s); 1307 break; 1308 /* If we get an argument just push it. */ 1309 case ASPEED_I3C_CMD_ATTR_TRANSFER_ARG: 1310 case ASPEED_I3C_CMD_ATTR_SHORT_DATA_ARG: 1311 aspeed_i3c_device_cmd_queue_push(s, val); 1312 break; 1313 default: 1314 qemu_log_mask(LOG_GUEST_ERROR, "%s: Command queue received packet with " 1315 "unknown cmd attr 0x%x\n", 1316 object_get_canonical_path(OBJECT(s)), cmd_attr); 1317 break; 1318 } 1319 } 1320 1321 static void aspeed_i3c_device_write(void *opaque, hwaddr offset, 1322 uint64_t value, unsigned size) 1323 { 1324 AspeedI3CDevice *s = ASPEED_I3C_DEVICE(opaque); 1325 uint32_t addr = offset >> 2; 1326 uint32_t val32 = (uint32_t)value; 1327 1328 trace_aspeed_i3c_device_write(s->id, offset, value); 1329 1330 val32 &= ~ast2600_i3c_device_ro[addr]; 1331 switch (addr) { 1332 case R_HW_CAPABILITY: 1333 case R_RESPONSE_QUEUE_PORT: 1334 case R_IBI_QUEUE_DATA: 1335 case R_QUEUE_STATUS_LEVEL: 1336 case R_PRESENT_STATE: 1337 case R_CCC_DEVICE_STATUS: 1338 case R_DEVICE_ADDR_TABLE_POINTER: 1339 case R_VENDOR_SPECIFIC_REG_POINTER: 1340 case R_SLV_CHAR_CTRL: 1341 case R_SLV_MAX_LEN: 1342 case R_MAX_READ_TURNAROUND: 1343 case R_I3C_VER_ID: 1344 case R_I3C_VER_TYPE: 1345 case R_EXTENDED_CAPABILITY: 1346 qemu_log_mask(LOG_GUEST_ERROR, 1347 "%s: write to readonly register[0x%02" HWADDR_PRIx 1348 "] = 0x%08" PRIx64 "\n", 1349 __func__, offset, value); 1350 break; 1351 case R_RX_TX_DATA_PORT: 1352 aspeed_i3c_device_push_tx(s, val32); 1353 break; 1354 case R_COMMAND_QUEUE_PORT: 1355 aspeed_i3c_device_cmd_queue_port_w(s, val32); 1356 break; 1357 case R_RESET_CTRL: 1358 break; 1359 case R_INTR_STATUS: 1360 aspeed_i3c_device_intr_status_w(s, val32); 1361 break; 1362 case R_INTR_STATUS_EN: 1363 aspeed_i3c_device_intr_status_en_w(s, val32); 1364 break; 1365 case R_INTR_SIGNAL_EN: 1366 aspeed_i3c_device_intr_signal_en_w(s, val32); 1367 break; 1368 case R_INTR_FORCE: 1369 aspeed_i3c_device_intr_force_w(s, val32); 1370 break; 1371 default: 1372 s->regs[addr] = val32; 1373 break; 1374 } 1375 } 1376 1377 static const VMStateDescription aspeed_i3c_device_vmstate = { 1378 .name = TYPE_ASPEED_I3C, 1379 .version_id = 1, 1380 .minimum_version_id = 1, 1381 .fields = (const VMStateField[]){ 1382 VMSTATE_UINT32_ARRAY(regs, AspeedI3CDevice, ASPEED_I3C_DEVICE_NR_REGS), 1383 VMSTATE_END_OF_LIST(), 1384 } 1385 }; 1386 1387 static const MemoryRegionOps aspeed_i3c_device_ops = { 1388 .read = aspeed_i3c_device_read, 1389 .write = aspeed_i3c_device_write, 1390 .endianness = DEVICE_LITTLE_ENDIAN, 1391 }; 1392 1393 static void aspeed_i3c_device_reset(DeviceState *dev) 1394 { 1395 AspeedI3CDevice *s = ASPEED_I3C_DEVICE(dev); 1396 1397 memcpy(s->regs, ast2600_i3c_device_resets, sizeof(s->regs)); 1398 } 1399 1400 static void aspeed_i3c_device_realize(DeviceState *dev, Error **errp) 1401 { 1402 AspeedI3CDevice *s = ASPEED_I3C_DEVICE(dev); 1403 g_autofree char *name = g_strdup_printf(TYPE_ASPEED_I3C_DEVICE ".%d", 1404 s->id); 1405 1406 sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq); 1407 1408 memory_region_init_io(&s->mr, OBJECT(s), &aspeed_i3c_device_ops, 1409 s, name, ASPEED_I3C_DEVICE_NR_REGS << 2); 1410 1411 fifo32_create(&s->cmd_queue, ASPEED_I3C_CMD_QUEUE_CAPACITY); 1412 fifo32_create(&s->resp_queue, ASPEED_I3C_RESP_QUEUE_CAPACITY); 1413 fifo32_create(&s->tx_queue, ASPEED_I3C_TX_QUEUE_CAPACITY); 1414 fifo32_create(&s->rx_queue, ASPEED_I3C_RX_QUEUE_CAPACITY); 1415 1416 s->bus = i3c_init_bus(DEVICE(s), name); 1417 } 1418 1419 static uint64_t aspeed_i3c_read(void *opaque, hwaddr addr, unsigned int size) 1420 { 1421 AspeedI3CState *s = ASPEED_I3C(opaque); 1422 uint64_t val = 0; 1423 1424 val = s->regs[addr >> 2]; 1425 1426 trace_aspeed_i3c_read(addr, val); 1427 1428 return val; 1429 } 1430 1431 static void aspeed_i3c_write(void *opaque, 1432 hwaddr addr, 1433 uint64_t data, 1434 unsigned int size) 1435 { 1436 AspeedI3CState *s = ASPEED_I3C(opaque); 1437 1438 trace_aspeed_i3c_write(addr, data); 1439 1440 addr >>= 2; 1441 1442 data &= ~ast2600_i3c_controller_ro[addr]; 1443 /* I3C controller register */ 1444 switch (addr) { 1445 case R_I3C1_REG1: 1446 case R_I3C2_REG1: 1447 case R_I3C3_REG1: 1448 case R_I3C4_REG1: 1449 case R_I3C5_REG1: 1450 case R_I3C6_REG1: 1451 if (data & R_I3C1_REG1_I2C_MODE_MASK) { 1452 qemu_log_mask(LOG_UNIMP, 1453 "%s: Unsupported I2C mode [0x%08" HWADDR_PRIx 1454 "]=%08" PRIx64 "\n", 1455 __func__, addr << 2, data); 1456 break; 1457 } 1458 if (data & R_I3C1_REG1_SA_EN_MASK) { 1459 qemu_log_mask(LOG_UNIMP, 1460 "%s: Unsupported slave mode [%08" HWADDR_PRIx 1461 "]=0x%08" PRIx64 "\n", 1462 __func__, addr << 2, data); 1463 break; 1464 } 1465 s->regs[addr] = data; 1466 break; 1467 default: 1468 s->regs[addr] = data; 1469 break; 1470 } 1471 } 1472 1473 static const MemoryRegionOps aspeed_i3c_ops = { 1474 .read = aspeed_i3c_read, 1475 .write = aspeed_i3c_write, 1476 .endianness = DEVICE_LITTLE_ENDIAN, 1477 .valid = { 1478 .min_access_size = 1, 1479 .max_access_size = 4, 1480 } 1481 }; 1482 1483 static void aspeed_i3c_reset(DeviceState *dev) 1484 { 1485 AspeedI3CState *s = ASPEED_I3C(dev); 1486 memset(s->regs, 0, sizeof(s->regs)); 1487 } 1488 1489 static void aspeed_i3c_instance_init(Object *obj) 1490 { 1491 AspeedI3CState *s = ASPEED_I3C(obj); 1492 int i; 1493 1494 for (i = 0; i < ASPEED_I3C_NR_DEVICES; ++i) { 1495 object_initialize_child(obj, "device[*]", &s->devices[i], 1496 TYPE_ASPEED_I3C_DEVICE); 1497 } 1498 } 1499 1500 static void aspeed_i3c_realize(DeviceState *dev, Error **errp) 1501 { 1502 int i; 1503 AspeedI3CState *s = ASPEED_I3C(dev); 1504 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1505 1506 memory_region_init(&s->iomem_container, OBJECT(s), 1507 TYPE_ASPEED_I3C ".container", 0x8000); 1508 1509 sysbus_init_mmio(sbd, &s->iomem_container); 1510 1511 memory_region_init_io(&s->iomem, OBJECT(s), &aspeed_i3c_ops, s, 1512 TYPE_ASPEED_I3C ".regs", ASPEED_I3C_NR_REGS << 2); 1513 1514 memory_region_add_subregion(&s->iomem_container, 0x0, &s->iomem); 1515 1516 for (i = 0; i < ASPEED_I3C_NR_DEVICES; ++i) { 1517 Object *i3c_dev = OBJECT(&s->devices[i]); 1518 1519 if (!object_property_set_uint(i3c_dev, "device-id", i, errp)) { 1520 return; 1521 } 1522 1523 if (!sysbus_realize(SYS_BUS_DEVICE(i3c_dev), errp)) { 1524 return; 1525 } 1526 1527 /* 1528 * Register Address of I3CX Device = 1529 * (Base Address of Global Register) + (Offset of I3CX) + Offset 1530 * X = 0, 1, 2, 3, 4, 5 1531 * Offset of I3C0 = 0x2000 1532 * Offset of I3C1 = 0x3000 1533 * Offset of I3C2 = 0x4000 1534 * Offset of I3C3 = 0x5000 1535 * Offset of I3C4 = 0x6000 1536 * Offset of I3C5 = 0x7000 1537 */ 1538 memory_region_add_subregion(&s->iomem_container, 1539 0x2000 + i * 0x1000, &s->devices[i].mr); 1540 } 1541 1542 } 1543 1544 static Property aspeed_i3c_device_properties[] = { 1545 DEFINE_PROP_UINT8("device-id", AspeedI3CDevice, id, 0), 1546 DEFINE_PROP_END_OF_LIST(), 1547 }; 1548 1549 static void aspeed_i3c_device_class_init(ObjectClass *klass, void *data) 1550 { 1551 DeviceClass *dc = DEVICE_CLASS(klass); 1552 1553 dc->desc = "Aspeed I3C Device"; 1554 dc->realize = aspeed_i3c_device_realize; 1555 device_class_set_legacy_reset(dc, aspeed_i3c_device_reset); 1556 device_class_set_props(dc, aspeed_i3c_device_properties); 1557 } 1558 1559 static const TypeInfo aspeed_i3c_device_info = { 1560 .name = TYPE_ASPEED_I3C_DEVICE, 1561 .parent = TYPE_SYS_BUS_DEVICE, 1562 .instance_size = sizeof(AspeedI3CDevice), 1563 .class_init = aspeed_i3c_device_class_init, 1564 }; 1565 1566 static const VMStateDescription vmstate_aspeed_i3c = { 1567 .name = TYPE_ASPEED_I3C, 1568 .version_id = 1, 1569 .minimum_version_id = 1, 1570 .fields = (const VMStateField[]) { 1571 VMSTATE_UINT32_ARRAY(regs, AspeedI3CState, ASPEED_I3C_NR_REGS), 1572 VMSTATE_STRUCT_ARRAY(devices, AspeedI3CState, ASPEED_I3C_NR_DEVICES, 1, 1573 aspeed_i3c_device_vmstate, AspeedI3CDevice), 1574 VMSTATE_END_OF_LIST(), 1575 } 1576 }; 1577 1578 static void aspeed_i3c_class_init(ObjectClass *klass, void *data) 1579 { 1580 DeviceClass *dc = DEVICE_CLASS(klass); 1581 1582 dc->realize = aspeed_i3c_realize; 1583 device_class_set_legacy_reset(dc, aspeed_i3c_reset); 1584 dc->desc = "Aspeed I3C Controller"; 1585 dc->vmsd = &vmstate_aspeed_i3c; 1586 } 1587 1588 static const TypeInfo aspeed_i3c_info = { 1589 .name = TYPE_ASPEED_I3C, 1590 .parent = TYPE_SYS_BUS_DEVICE, 1591 .instance_init = aspeed_i3c_instance_init, 1592 .instance_size = sizeof(AspeedI3CState), 1593 .class_init = aspeed_i3c_class_init, 1594 }; 1595 1596 static void aspeed_i3c_register_types(void) 1597 { 1598 type_register_static(&aspeed_i3c_device_info); 1599 type_register_static(&aspeed_i3c_info); 1600 } 1601 1602 type_init(aspeed_i3c_register_types); 1603