1 /* 2 * QEMU I3C bus interface. 3 * 4 * Copyright 2023 Google LLC 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License as published by the 8 * Free Software Foundation; either version 2 of the License, or 9 * (at your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * for more details. 15 */ 16 17 #include "qemu/osdep.h" 18 #include "qemu/log.h" 19 #include "qapi/error.h" 20 #include "trace.h" 21 #include "hw/i3c/i3c.h" 22 #include "hw/qdev-properties.h" 23 24 static Property i3c_props[] = { 25 DEFINE_PROP_UINT8("static-address", struct I3CTarget, static_address, 0), 26 DEFINE_PROP_UINT8("dcr", struct I3CTarget, dcr, 0), 27 DEFINE_PROP_UINT8("bcr", struct I3CTarget, bcr, 0), 28 DEFINE_PROP_UINT64("pid", struct I3CTarget, pid, 0), 29 DEFINE_PROP_END_OF_LIST(), 30 }; 31 32 static const TypeInfo i3c_bus_info = { 33 .name = TYPE_I3C_BUS, 34 .parent = TYPE_BUS, 35 .instance_size = sizeof(I3CBus), 36 .class_size = sizeof(I3CBusClass), 37 }; 38 39 I3CBus *i3c_init_bus(DeviceState *parent, const char *name) 40 { 41 return i3c_init_bus_type(TYPE_I3C_BUS, parent, name); 42 } 43 44 I3CBus *i3c_init_bus_type(const char *type, DeviceState *parent, 45 const char *name) 46 { 47 I3CBus *bus; 48 49 bus = I3C_BUS(qbus_new(type, parent, name)); 50 QLIST_INIT(&bus->current_devs); 51 bus->broadcast = false; 52 bus->in_entdaa = false; 53 bus->in_ccc = false; 54 55 /* I2C init. */ 56 g_autofree gchar *i2c_bus_name = g_strdup_printf("%s-legacy-i2c", name); 57 bus->i2c_bus = i2c_init_bus(parent, i2c_bus_name); 58 59 return bus; 60 } 61 62 bool i3c_bus_busy(I3CBus *bus) 63 { 64 return !QLIST_EMPTY(&bus->current_devs); 65 } 66 67 bool i3c_target_match(I3CBus *bus, I3CTarget *target, uint8_t address) 68 { 69 /* Once a target has a dynamic address, it only responds to that. */ 70 uint8_t targ_addr = target->address ? target->address : 71 target->static_address; 72 73 if (bus->in_entdaa) { 74 if (address != I3C_BROADCAST) { 75 qemu_log_mask(LOG_GUEST_ERROR, "%s: I3C Address 0x%.2x sent during " 76 "ENTDAA instead of a broadcast address\n", 77 object_get_canonical_path(OBJECT(bus)), address); 78 return false; 79 } 80 81 /* 82 * Targets should only ACK ENTDAA broadcasts if they have no dynamic 83 * address. 84 */ 85 if (target->address == 0) { 86 I3CNode *node = g_new(struct I3CNode, 1); 87 node->target = target; 88 QLIST_INSERT_HEAD(&bus->current_devs, node, next); 89 } 90 return target->address == 0; 91 } 92 93 if ((targ_addr == address) || bus->broadcast) { 94 I3CNode *node = g_new(struct I3CNode, 1); 95 node->target = target; 96 QLIST_INSERT_HEAD(&bus->current_devs, node, next); 97 return true; 98 } 99 100 return false; 101 } 102 103 bool i3c_scan_bus(I3CBus *bus, uint8_t address) 104 { 105 BusChild *child; 106 I3CNode *node, *next; 107 108 /* Clear out any devices from a previous (re-)START. */ 109 QLIST_FOREACH_SAFE(node, &bus->current_devs, next, next) { 110 QLIST_REMOVE(node, next); 111 g_free(node); 112 } 113 114 QTAILQ_FOREACH(child, &bus->qbus.children, sibling) { 115 DeviceState *qdev = child->child; 116 I3CTarget *target = I3C_TARGET(qdev); 117 118 if (i3c_target_match(bus, target, address)) { 119 return true; 120 } 121 } 122 123 /* No one on the bus could respond. */ 124 return false; 125 } 126 127 /* Class-level event handling, since we do some CCCs at the class level. */ 128 static int i3c_target_event(I3CTarget *t, enum I3CEvent event) 129 { 130 I3CTargetClass *tc = I3C_TARGET_GET_CLASS(t); 131 trace_i3c_target_event(t->address, event); 132 133 if (event == I3C_STOP) { 134 t->curr_ccc = 0; 135 t->ccc_byte_offset = 0; 136 t->in_ccc = false; 137 } 138 return tc->event(t, event); 139 } 140 141 /* 142 * Sends a START or repeated START and the address for an I3C transaction. 143 * 144 * This function returns 0 if a device on the bus was able to respond to the 145 * address, and non-zero otherwise. 146 * A non-zero return represents a NACK. 147 */ 148 static int i3c_do_start_transfer(I3CBus *bus, uint8_t address, 149 enum I3CEvent event) 150 { 151 I3CTargetClass *tc; 152 I3CNode *node; 153 154 if (address == I3C_BROADCAST) { 155 bus->broadcast = true; 156 /* If we're not in ENTDAA, a broadcast is the start of a new CCC. */ 157 if (!bus->in_entdaa) { 158 bus->in_ccc = false; 159 } 160 } else { 161 bus->broadcast = false; 162 } 163 164 /* No one responded to the address, NACK it. */ 165 if (!i3c_scan_bus(bus, address)) { 166 return -1; 167 } 168 169 QLIST_FOREACH(node, &bus->current_devs, next) { 170 I3CTarget *t = node->target; 171 172 tc = I3C_TARGET_GET_CLASS(t); 173 if (tc->event) { 174 int rv = i3c_target_event(t, event); 175 if (rv && !bus->broadcast) { 176 return rv; 177 } 178 } 179 } 180 181 return 0; 182 } 183 184 int i3c_start_transfer(I3CBus *bus, uint8_t address, bool is_recv) 185 { 186 trace_i3c_start_transfer(address, is_recv); 187 return i3c_do_start_transfer(bus, address, is_recv 188 ? I3C_START_RECV 189 : I3C_START_SEND); 190 } 191 192 int i3c_start_recv(I3CBus *bus, uint8_t address) 193 { 194 trace_i3c_start_transfer(address, true); 195 return i3c_do_start_transfer(bus, address, I3C_START_RECV); 196 } 197 198 int i3c_start_send(I3CBus *bus, uint8_t address) 199 { 200 trace_i3c_start_transfer(address, false); 201 return i3c_do_start_transfer(bus, address, I3C_START_SEND); 202 } 203 204 void i3c_end_transfer(I3CBus *bus) 205 { 206 I3CTargetClass *tc; 207 I3CNode *node, *next; 208 209 trace_i3c_end_transfer(); 210 211 /* 212 * If we're in ENTDAA, we need to notify all devices when ENTDAA is done. 213 * This is because everyone initially participates due to the broadcast, 214 * but gradually drops out as they get assigned addresses. 215 * Since the current_devs list only stores who's currently participating, 216 * and not everyone who previously participated, we send the STOP to all 217 * children. 218 */ 219 if (bus->in_entdaa) { 220 BusChild *child; 221 222 QTAILQ_FOREACH(child, &bus->qbus.children, sibling) { 223 DeviceState *qdev = child->child; 224 I3CTarget *t = I3C_TARGET(qdev); 225 tc = I3C_TARGET_GET_CLASS(t); 226 if (tc->event) { 227 i3c_target_event(t, I3C_STOP); 228 } 229 } 230 } else { 231 QLIST_FOREACH_SAFE(node, &bus->current_devs, next, next) { 232 I3CTarget *t = node->target; 233 tc = I3C_TARGET_GET_CLASS(t); 234 if (tc->event) { 235 i3c_target_event(t, I3C_STOP); 236 } 237 QLIST_REMOVE(node, next); 238 g_free(node); 239 } 240 } 241 bus->broadcast = false; 242 bus->in_entdaa = false; 243 bus->in_ccc = false; 244 } 245 246 /* 247 * Any CCCs that are universal across all I3C devices should be handled here. 248 * Once they're handled, we pass the CCC up to the I3C target to do anything 249 * else it may want with the bytes. 250 */ 251 static int i3c_target_handle_ccc_write(I3CTarget *t, const uint8_t *data, 252 uint32_t num_to_send, uint32_t *num_sent) 253 { 254 I3CTargetClass *tc = I3C_TARGET_GET_CLASS(t); 255 *num_sent = 0; 256 257 /* Is this the start of a new CCC? */ 258 if (!t->in_ccc) { 259 t->curr_ccc = *data; 260 t->in_ccc = true; 261 *num_sent = 1; 262 trace_i3c_target_handle_ccc(t->address, t->curr_ccc); 263 } 264 265 switch (t->curr_ccc) { 266 case I3C_CCC_ENTDAA: 267 /* 268 * This is the last byte of ENTDAA, the controller is assigning us an 269 * address. 270 */ 271 if (t->ccc_byte_offset == 8) { 272 t->address = *data; 273 t->in_ccc = false; 274 t->curr_ccc = 0; 275 t->ccc_byte_offset = 0; 276 *num_sent = 1; 277 } 278 break; 279 case I3C_CCCD_SETDASA: 280 t->address = t->static_address; 281 break; 282 case I3C_CCC_SETAASA: 283 t->address = t->static_address; 284 break; 285 case I3C_CCC_RSTDAA: 286 t->address = 0; 287 break; 288 case I3C_CCCD_SETNEWDA: 289 /* If this isn't the CCC byte, it's our new address. */ 290 if (*num_sent == 0) { 291 t->address = *data; 292 *num_sent = 1; 293 } 294 break; 295 /* Ignore other CCCs it's better to handle on a device-by-device basis. */ 296 default: 297 break; 298 } 299 return tc->handle_ccc_write(t, data, num_to_send, num_sent); 300 } 301 302 int i3c_send_byte(I3CBus *bus, uint8_t data) 303 { 304 /* 305 * Ignored, the caller can determine how many were sent based on if this was 306 * ACKed/NACKed. 307 */ 308 uint32_t num_sent; 309 return i3c_send(bus, &data, 1, &num_sent); 310 } 311 312 int i3c_send(I3CBus *bus, const uint8_t *data, uint32_t num_to_send, 313 uint32_t *num_sent) 314 { 315 I3CTargetClass *tc; 316 I3CTarget *t; 317 I3CNode *node; 318 int ret = 0; 319 320 /* If this message is a broadcast and no CCC has been found, grab it. */ 321 if (bus->broadcast && !bus->in_ccc) { 322 bus->ccc = *data; 323 bus->in_ccc = true; 324 /* 325 * We need to keep track if we're currently in ENTDAA. 326 * On any other CCC, the CCC is over on a RESTART or STOP, but ENTDAA 327 * is only over on a STOP. 328 */ 329 if (bus->ccc == I3C_CCC_ENTDAA) { 330 bus->in_entdaa = true; 331 } 332 } 333 334 QLIST_FOREACH(node, &bus->current_devs, next) { 335 t = node->target; 336 tc = I3C_TARGET_GET_CLASS(t); 337 if (bus->in_ccc) { 338 if (!tc->handle_ccc_write) { 339 ret = -1; 340 continue; 341 } 342 ret = i3c_target_handle_ccc_write(t, data, num_to_send, num_sent); 343 /* Targets should only NACK on a direct CCC. */ 344 if (ret && !CCC_IS_DIRECT(bus->ccc)) { 345 ret = 0; 346 } 347 } else { 348 if (tc->send) { 349 ret = ret || tc->send(t, data, num_to_send, num_sent); 350 } else { 351 ret = -1; 352 } 353 } 354 } 355 356 trace_i3c_send(*num_sent, num_to_send, ret == 0); 357 358 return ret ? -1 : 0; 359 } 360 361 static int i3c_target_handle_ccc_read(I3CTarget *t, uint8_t *data, 362 uint32_t num_to_read, uint32_t *num_read) 363 { 364 I3CTargetClass *tc = I3C_TARGET_GET_CLASS(t); 365 uint8_t read_count = 0; 366 367 switch (t->curr_ccc) { 368 case I3C_CCC_ENTDAA: 369 /* Return the 6-byte PID, followed by BCR then DCR. */ 370 while (t->ccc_byte_offset < 6) { 371 if (read_count >= num_to_read) { 372 break; 373 } 374 data[read_count] = (t->pid >> (t->ccc_byte_offset * 8)) & 0xff; 375 t->ccc_byte_offset++; 376 read_count++; 377 } 378 if (read_count < num_to_read) { 379 data[read_count] = t->bcr; 380 t->ccc_byte_offset++; 381 read_count++; 382 } 383 if (read_count < num_to_read) { 384 data[read_count] = t->dcr; 385 t->ccc_byte_offset++; 386 read_count++; 387 } 388 *num_read = read_count; 389 break; 390 case I3C_CCCD_GETPID: 391 while (t->ccc_byte_offset < 6) { 392 if (read_count >= num_to_read) { 393 break; 394 } 395 data[read_count] = (t->pid >> (t->ccc_byte_offset * 8)) & 0xff; 396 t->ccc_byte_offset++; 397 read_count++; 398 } 399 *num_read = read_count; 400 break; 401 case I3C_CCCD_GETBCR: 402 *data = t->bcr; 403 *num_read = 1; 404 break; 405 case I3C_CCCD_GETDCR: 406 *data = t->dcr; 407 *num_read = 1; 408 break; 409 default: 410 /* Unhandled on the I3CTarget class level. */ 411 break; 412 } 413 414 return tc->handle_ccc_read(t, data, num_to_read, num_read); 415 } 416 417 int i3c_recv_byte(I3CBus *bus, uint8_t *data) 418 { 419 /* 420 * Ignored, the caller can determine how many bytes were read based on if 421 * this is ACKed/NACKed. 422 */ 423 uint32_t num_read; 424 return i3c_recv(bus, data, 1, &num_read); 425 } 426 427 int i3c_recv(I3CBus *bus, uint8_t *data, uint32_t num_to_read, 428 uint32_t *num_read) 429 { 430 int ret = 0; 431 I3CTargetClass *tc; 432 I3CTarget *t; 433 434 *data = 0xff; 435 if (!QLIST_EMPTY(&bus->current_devs)) { 436 tc = I3C_TARGET_GET_CLASS(QLIST_FIRST(&bus->current_devs)->target); 437 t = QLIST_FIRST(&bus->current_devs)->target; 438 if (bus->in_ccc) { 439 if (!tc->handle_ccc_read) { 440 return -1; 441 } 442 ret = i3c_target_handle_ccc_read(t, data, num_to_read, num_read); 443 } else { 444 if (tc->recv) { 445 /* 446 * Targets cannot NACK on a direct transfer, so the data 447 * is returned directly. 448 */ 449 *num_read = tc->recv(t, data, num_to_read); 450 } 451 } 452 } 453 454 trace_i3c_recv(*num_read, num_to_read, ret == 0); 455 456 return ret; 457 } 458 459 void i3c_nack(I3CBus *bus) 460 { 461 I3CTargetClass *tc; 462 I3CNode *node; 463 464 if (QLIST_EMPTY(&bus->current_devs)) { 465 return; 466 } 467 468 QLIST_FOREACH(node, &bus->current_devs, next) { 469 tc = I3C_TARGET_GET_CLASS(node->target); 470 if (tc->event) { 471 i3c_target_event(node->target, I3C_NACK); 472 } 473 } 474 } 475 476 int i3c_target_send_ibi(I3CTarget *t, uint8_t addr, bool is_recv) 477 { 478 I3CBus *bus = I3C_BUS(t->qdev.parent_bus); 479 I3CBusClass *bc = I3C_BUS_GET_CLASS(bus); 480 trace_i3c_target_send_ibi(addr, is_recv); 481 return bc->ibi_handle(bus, t, addr, is_recv); 482 } 483 484 int i3c_target_send_ibi_bytes(I3CTarget *t, uint8_t data) 485 { 486 I3CBus *bus = I3C_BUS(t->qdev.parent_bus); 487 I3CBusClass *bc = I3C_BUS_GET_CLASS(bus); 488 trace_i3c_target_send_ibi_bytes(data); 489 return bc->ibi_recv(bus, data); 490 } 491 492 int i3c_target_ibi_finish(I3CTarget *t, uint8_t data) 493 { 494 I3CBus *bus = I3C_BUS(t->qdev.parent_bus); 495 I3CBusClass *bc = I3C_BUS_GET_CLASS(bus); 496 trace_i3c_target_ibi_finish(); 497 return bc->ibi_finish(bus); 498 } 499 500 static bool i3c_addr_is_rsvd(uint8_t addr) 501 { 502 const bool is_rsvd[255] = { 503 [0x00] = true, 504 [0x01] = true, 505 [0x02] = true, 506 [0x3e] = true, 507 [0x5e] = true, 508 [0x6e] = true, 509 [0x76] = true, 510 [0x7a] = true, 511 [0x7c] = true, 512 [0x7e] = true, 513 [0x7f] = true, 514 }; 515 516 return is_rsvd[addr]; 517 } 518 519 I3CTarget *i3c_target_new(const char *name, uint8_t addr, uint8_t dcr, 520 uint8_t bcr, uint64_t pid) 521 { 522 DeviceState *dev; 523 524 dev = qdev_new(name); 525 qdev_prop_set_uint8(dev, "static-address", addr); 526 qdev_prop_set_uint8(dev, "dcr", dcr); 527 qdev_prop_set_uint8(dev, "bcr", bcr); 528 qdev_prop_set_uint64(dev, "pid", pid); 529 530 if (i3c_addr_is_rsvd(addr)) { 531 qemu_log_mask(LOG_GUEST_ERROR, "%s: I3C target created with reserved " 532 "address 0x%.2x\n", 533 object_get_canonical_path(OBJECT(dev)), addr); 534 } 535 return I3C_TARGET(dev); 536 } 537 538 bool i3c_target_realize_and_unref(I3CTarget *dev, I3CBus *bus, Error **errp) 539 { 540 return qdev_realize_and_unref(&dev->qdev, &bus->qbus, errp); 541 } 542 543 I3CTarget *i3c_target_create_simple(I3CBus *bus, const char *name, uint8_t addr, 544 uint8_t dcr, uint8_t bcr, uint64_t pid) 545 { 546 I3CTarget *dev = i3c_target_new(name, addr, dcr, bcr, pid); 547 dev->address = 0; 548 i3c_target_realize_and_unref(dev, bus, &error_abort); 549 550 return dev; 551 } 552 553 /* Legacy I2C functions. */ 554 void legacy_i2c_nack(I3CBus *bus) 555 { 556 trace_legacy_i2c_nack(); 557 i2c_nack(bus->i2c_bus); 558 } 559 560 uint8_t legacy_i2c_recv(I3CBus *bus) 561 { 562 uint8_t byte = i2c_recv(bus->i2c_bus); 563 trace_legacy_i2c_recv(byte); 564 return byte; 565 } 566 567 int legacy_i2c_send(I3CBus *bus, uint8_t data) 568 { 569 trace_legacy_i2c_send(data); 570 return i2c_send(bus->i2c_bus, data); 571 } 572 573 int legacy_i2c_start_transfer(I3CBus *bus, uint8_t address, bool is_recv) 574 { 575 trace_legacy_i2c_start_transfer(address, is_recv); 576 return i2c_start_transfer(bus->i2c_bus, address, is_recv); 577 } 578 579 int legacy_i2c_start_recv(I3CBus *bus, uint8_t address) 580 { 581 trace_legacy_i2c_start_transfer(address, true); 582 return i2c_start_transfer(bus->i2c_bus, address, /*is_recv=*/true); 583 } 584 585 int legacy_i2c_start_send(I3CBus *bus, uint8_t address) 586 { 587 trace_legacy_i2c_start_transfer(address, false); 588 return i2c_start_transfer(bus->i2c_bus, address, /*is_recv=*/false); 589 } 590 591 void legacy_i2c_end_transfer(I3CBus *bus) 592 { 593 trace_legacy_i2c_end_transfer(); 594 i2c_end_transfer(bus->i2c_bus); 595 } 596 597 I2CSlave *legacy_i2c_device_create_simple(I3CBus *bus, const char *name, 598 uint8_t addr) 599 { 600 I2CSlave *dev = i2c_slave_new(name, addr); 601 602 i2c_slave_realize_and_unref(dev, bus->i2c_bus, &error_abort); 603 return dev; 604 } 605 606 static void i3c_target_class_init(ObjectClass *klass, void *data) 607 { 608 DeviceClass *k = DEVICE_CLASS(klass); 609 set_bit(DEVICE_CATEGORY_MISC, k->categories); 610 k->bus_type = TYPE_I3C_BUS; 611 device_class_set_props(k, i3c_props); 612 } 613 614 static const TypeInfo i3c_target_type_info = { 615 .name = TYPE_I3C_TARGET, 616 .parent = TYPE_DEVICE, 617 .instance_size = sizeof(I3CTarget), 618 .abstract = true, 619 .class_size = sizeof(I3CTargetClass), 620 .class_init = i3c_target_class_init, 621 }; 622 623 static void i3c_register_types(void) 624 { 625 type_register_static(&i3c_bus_info); 626 type_register_static(&i3c_target_type_info); 627 } 628 629 type_init(i3c_register_types) 630