1 /* 2 * DesignWare I3C Controller 3 * 4 * Copyright (C) 2021 ASPEED Technology Inc. 5 * Copyright (C) 2025 Google, LLC 6 * 7 * SPDX-License-Identifier: GPL-2.0-or-later 8 */ 9 10 #include "qemu/osdep.h" 11 #include "qemu/log.h" 12 #include "qemu/error-report.h" 13 #include "hw/i3c/i3c.h" 14 #include "hw/i3c/dw-i3c.h" 15 #include "hw/registerfields.h" 16 #include "hw/qdev-properties.h" 17 #include "qapi/error.h" 18 #include "migration/vmstate.h" 19 #include "trace.h" 20 #include "hw/irq.h" 21 22 /* 23 * Disable event command values. sent along with a DISEC CCC to disable certain 24 * events on targets. 25 */ 26 #define DISEC_HJ 0x08 27 #define DISEC_CR 0x02 28 #define DISEC_INT 0x01 29 30 REG32(DEVICE_CTRL, 0x00) 31 FIELD(DEVICE_CTRL, I3C_BROADCAST_ADDR_INC, 0, 1) 32 FIELD(DEVICE_CTRL, I2C_SLAVE_PRESENT, 7, 1) 33 FIELD(DEVICE_CTRL, HOT_JOIN_ACK_NACK_CTRL, 8, 1) 34 FIELD(DEVICE_CTRL, IDLE_CNT_MULTIPLIER, 24, 2) 35 FIELD(DEVICE_CTRL, SLV_ADAPT_TO_I2C_I3C_MODE, 27, 1) 36 FIELD(DEVICE_CTRL, DMA_HANDSHAKE_EN, 28, 1) 37 FIELD(DEVICE_CTRL, I3C_ABORT, 29, 1) 38 FIELD(DEVICE_CTRL, I3C_RESUME, 30, 1) 39 FIELD(DEVICE_CTRL, I3C_EN, 31, 1) 40 REG32(DEVICE_ADDR, 0x04) 41 FIELD(DEVICE_ADDR, STATIC_ADDR, 0, 7) 42 FIELD(DEVICE_ADDR, STATIC_ADDR_VALID, 15, 1) 43 FIELD(DEVICE_ADDR, DYNAMIC_ADDR, 16, 7) 44 FIELD(DEVICE_ADDR, DYNAMIC_ADDR_VALID, 15, 1) 45 REG32(HW_CAPABILITY, 0x08) 46 FIELD(HW_CAPABILITY, DEVICE_ROLE_CONFIG, 0, 2) 47 FIELD(HW_CAPABILITY, HDR_DDR, 3, 1) 48 FIELD(HW_CAPABILITY, HDR_TS, 4, 1) 49 REG32(COMMAND_QUEUE_PORT, 0x0c) 50 FIELD(COMMAND_QUEUE_PORT, CMD_ATTR, 0, 3) 51 /* Transfer command structure */ 52 FIELD(COMMAND_QUEUE_PORT, TID, 3, 4) 53 FIELD(COMMAND_QUEUE_PORT, CMD, 7, 8) 54 FIELD(COMMAND_QUEUE_PORT, CP, 15, 1) 55 FIELD(COMMAND_QUEUE_PORT, DEV_INDEX, 16, 5) 56 FIELD(COMMAND_QUEUE_PORT, SPEED, 21, 3) 57 FIELD(COMMAND_QUEUE_PORT, ROC, 26, 1) 58 FIELD(COMMAND_QUEUE_PORT, SDAP, 27, 1) 59 FIELD(COMMAND_QUEUE_PORT, RNW, 28, 1) 60 FIELD(COMMAND_QUEUE_PORT, TOC, 30, 1) 61 FIELD(COMMAND_QUEUE_PORT, PEC, 31, 1) 62 /* Transfer argument data structure */ 63 FIELD(COMMAND_QUEUE_PORT, DB, 8, 8) 64 FIELD(COMMAND_QUEUE_PORT, DL, 16, 16) 65 /* Short data argument data structure */ 66 FIELD(COMMAND_QUEUE_PORT, BYTE_STRB, 3, 3) 67 FIELD(COMMAND_QUEUE_PORT, BYTE0, 8, 8) 68 FIELD(COMMAND_QUEUE_PORT, BYTE1, 16, 8) 69 FIELD(COMMAND_QUEUE_PORT, BYTE2, 24, 8) 70 /* Address assignment command structure */ 71 /* 72 * bits 3..21 and 26..31 are the same as the transfer command structure, or 73 * marked as reserved. 74 */ 75 FIELD(COMMAND_QUEUE_PORT, DEV_COUNT, 21, 3) 76 REG32(RESPONSE_QUEUE_PORT, 0x10) 77 FIELD(RESPONSE_QUEUE_PORT, DL, 0, 16) 78 FIELD(RESPONSE_QUEUE_PORT, CCCT, 16, 8) 79 FIELD(RESPONSE_QUEUE_PORT, TID, 24, 4) 80 FIELD(RESPONSE_QUEUE_PORT, ERR_STATUS, 28, 4) 81 REG32(RX_TX_DATA_PORT, 0x14) 82 REG32(IBI_QUEUE_STATUS, 0x18) 83 FIELD(IBI_QUEUE_STATUS, IBI_DATA_LEN, 0, 8) 84 FIELD(IBI_QUEUE_STATUS, IBI_ID, 8, 8) 85 FIELD(IBI_QUEUE_STATUS, LAST_STATUS, 24, 1) 86 FIELD(IBI_QUEUE_STATUS, ERROR, 30, 1) 87 FIELD(IBI_QUEUE_STATUS, IBI_STATUS, 31, 1) 88 REG32(IBI_QUEUE_DATA, 0x18) 89 REG32(QUEUE_THLD_CTRL, 0x1c) 90 FIELD(QUEUE_THLD_CTRL, CMD_BUF_EMPTY_THLD, 0, 8); 91 FIELD(QUEUE_THLD_CTRL, RESP_BUF_THLD, 8, 8); 92 FIELD(QUEUE_THLD_CTRL, IBI_DATA_THLD, 16, 8); 93 FIELD(QUEUE_THLD_CTRL, IBI_STATUS_THLD, 24, 8); 94 REG32(DATA_BUFFER_THLD_CTRL, 0x20) 95 FIELD(DATA_BUFFER_THLD_CTRL, TX_BUF_THLD, 0, 3) 96 FIELD(DATA_BUFFER_THLD_CTRL, RX_BUF_THLD, 10, 3) 97 FIELD(DATA_BUFFER_THLD_CTRL, TX_START_THLD, 16, 3) 98 FIELD(DATA_BUFFER_THLD_CTRL, RX_START_THLD, 24, 3) 99 REG32(IBI_QUEUE_CTRL, 0x24) 100 FIELD(IBI_QUEUE_CTRL, NOTIFY_REJECTED_HOT_JOIN, 0, 1) 101 FIELD(IBI_QUEUE_CTRL, NOTIFY_REJECTED_MASTER_REQ, 1, 1) 102 FIELD(IBI_QUEUE_CTRL, NOTIFY_REJECTED_SLAVE_IRQ, 3, 1) 103 REG32(IBI_MR_REQ_REJECT, 0x2c) 104 REG32(IBI_SIR_REQ_REJECT, 0x30) 105 REG32(RESET_CTRL, 0x34) 106 FIELD(RESET_CTRL, CORE_RESET, 0, 1) 107 FIELD(RESET_CTRL, CMD_QUEUE_RESET, 1, 1) 108 FIELD(RESET_CTRL, RESP_QUEUE_RESET, 2, 1) 109 FIELD(RESET_CTRL, TX_BUF_RESET, 3, 1) 110 FIELD(RESET_CTRL, RX_BUF_RESET, 4, 1) 111 FIELD(RESET_CTRL, IBI_QUEUE_RESET, 5, 1) 112 REG32(SLV_EVENT_CTRL, 0x38) 113 FIELD(SLV_EVENT_CTRL, SLV_INTERRUPT, 0, 1) 114 FIELD(SLV_EVENT_CTRL, MASTER_INTERRUPT, 1, 1) 115 FIELD(SLV_EVENT_CTRL, HOT_JOIN_INTERRUPT, 3, 1) 116 FIELD(SLV_EVENT_CTRL, ACTIVITY_STATE, 4, 2) 117 FIELD(SLV_EVENT_CTRL, MRL_UPDATED, 6, 1) 118 FIELD(SLV_EVENT_CTRL, MWL_UPDATED, 7, 1) 119 REG32(INTR_STATUS, 0x3c) 120 FIELD(INTR_STATUS, TX_THLD, 0, 1) 121 FIELD(INTR_STATUS, RX_THLD, 1, 1) 122 FIELD(INTR_STATUS, IBI_THLD, 2, 1) 123 FIELD(INTR_STATUS, CMD_QUEUE_RDY, 3, 1) 124 FIELD(INTR_STATUS, RESP_RDY, 4, 1) 125 FIELD(INTR_STATUS, TRANSFER_ABORT, 5, 1) 126 FIELD(INTR_STATUS, CCC_UPDATED, 6, 1) 127 FIELD(INTR_STATUS, DYN_ADDR_ASSGN, 8, 1) 128 FIELD(INTR_STATUS, TRANSFER_ERR, 9, 1) 129 FIELD(INTR_STATUS, DEFSLV, 10, 1) 130 FIELD(INTR_STATUS, READ_REQ_RECV, 11, 1) 131 FIELD(INTR_STATUS, IBI_UPDATED, 12, 1) 132 FIELD(INTR_STATUS, BUSOWNER_UPDATED, 13, 1) 133 REG32(INTR_STATUS_EN, 0x40) 134 FIELD(INTR_STATUS_EN, TX_THLD, 0, 1) 135 FIELD(INTR_STATUS_EN, RX_THLD, 1, 1) 136 FIELD(INTR_STATUS_EN, IBI_THLD, 2, 1) 137 FIELD(INTR_STATUS_EN, CMD_QUEUE_RDY, 3, 1) 138 FIELD(INTR_STATUS_EN, RESP_RDY, 4, 1) 139 FIELD(INTR_STATUS_EN, TRANSFER_ABORT, 5, 1) 140 FIELD(INTR_STATUS_EN, CCC_UPDATED, 6, 1) 141 FIELD(INTR_STATUS_EN, DYN_ADDR_ASSGN, 8, 1) 142 FIELD(INTR_STATUS_EN, TRANSFER_ERR, 9, 1) 143 FIELD(INTR_STATUS_EN, DEFSLV, 10, 1) 144 FIELD(INTR_STATUS_EN, READ_REQ_RECV, 11, 1) 145 FIELD(INTR_STATUS_EN, IBI_UPDATED, 12, 1) 146 FIELD(INTR_STATUS_EN, BUSOWNER_UPDATED, 13, 1) 147 REG32(INTR_SIGNAL_EN, 0x44) 148 FIELD(INTR_SIGNAL_EN, TX_THLD, 0, 1) 149 FIELD(INTR_SIGNAL_EN, RX_THLD, 1, 1) 150 FIELD(INTR_SIGNAL_EN, IBI_THLD, 2, 1) 151 FIELD(INTR_SIGNAL_EN, CMD_QUEUE_RDY, 3, 1) 152 FIELD(INTR_SIGNAL_EN, RESP_RDY, 4, 1) 153 FIELD(INTR_SIGNAL_EN, TRANSFER_ABORT, 5, 1) 154 FIELD(INTR_SIGNAL_EN, CCC_UPDATED, 6, 1) 155 FIELD(INTR_SIGNAL_EN, DYN_ADDR_ASSGN, 8, 1) 156 FIELD(INTR_SIGNAL_EN, TRANSFER_ERR, 9, 1) 157 FIELD(INTR_SIGNAL_EN, DEFSLV, 10, 1) 158 FIELD(INTR_SIGNAL_EN, READ_REQ_RECV, 11, 1) 159 FIELD(INTR_SIGNAL_EN, IBI_UPDATED, 12, 1) 160 FIELD(INTR_SIGNAL_EN, BUSOWNER_UPDATED, 13, 1) 161 REG32(INTR_FORCE, 0x48) 162 FIELD(INTR_FORCE, TX_THLD, 0, 1) 163 FIELD(INTR_FORCE, RX_THLD, 1, 1) 164 FIELD(INTR_FORCE, IBI_THLD, 2, 1) 165 FIELD(INTR_FORCE, CMD_QUEUE_RDY, 3, 1) 166 FIELD(INTR_FORCE, RESP_RDY, 4, 1) 167 FIELD(INTR_FORCE, TRANSFER_ABORT, 5, 1) 168 FIELD(INTR_FORCE, CCC_UPDATED, 6, 1) 169 FIELD(INTR_FORCE, DYN_ADDR_ASSGN, 8, 1) 170 FIELD(INTR_FORCE, TRANSFER_ERR, 9, 1) 171 FIELD(INTR_FORCE, DEFSLV, 10, 1) 172 FIELD(INTR_FORCE, READ_REQ_RECV, 11, 1) 173 FIELD(INTR_FORCE, IBI_UPDATED, 12, 1) 174 FIELD(INTR_FORCE, BUSOWNER_UPDATED, 13, 1) 175 REG32(QUEUE_STATUS_LEVEL, 0x4c) 176 FIELD(QUEUE_STATUS_LEVEL, CMD_QUEUE_EMPTY_LOC, 0, 8) 177 FIELD(QUEUE_STATUS_LEVEL, RESP_BUF_BLR, 8, 8) 178 FIELD(QUEUE_STATUS_LEVEL, IBI_BUF_BLR, 16, 8) 179 FIELD(QUEUE_STATUS_LEVEL, IBI_STATUS_CNT, 24, 5) 180 REG32(DATA_BUFFER_STATUS_LEVEL, 0x50) 181 FIELD(DATA_BUFFER_STATUS_LEVEL, TX_BUF_EMPTY_LOC, 0, 8) 182 FIELD(DATA_BUFFER_STATUS_LEVEL, RX_BUF_BLR, 16, 8) 183 REG32(PRESENT_STATE, 0x54) 184 FIELD(PRESENT_STATE, SCL_LINE_SIGNAL_LEVEL, 0, 1) 185 FIELD(PRESENT_STATE, SDA_LINE_SIGNAL_LEVEL, 1, 1) 186 FIELD(PRESENT_STATE, CURRENT_MASTER, 2, 1) 187 FIELD(PRESENT_STATE, CM_TFR_STATUS, 8, 6) 188 FIELD(PRESENT_STATE, CM_TFR_ST_STATUS, 16, 6) 189 FIELD(PRESENT_STATE, CMD_TID, 24, 4) 190 REG32(CCC_DEVICE_STATUS, 0x58) 191 FIELD(CCC_DEVICE_STATUS, PENDING_INTR, 0, 4) 192 FIELD(CCC_DEVICE_STATUS, PROTOCOL_ERR, 4, 2) 193 FIELD(CCC_DEVICE_STATUS, ACTIVITY_MODE, 6, 2) 194 FIELD(CCC_DEVICE_STATUS, UNDER_ERR, 8, 1) 195 FIELD(CCC_DEVICE_STATUS, SLV_BUSY, 9, 1) 196 FIELD(CCC_DEVICE_STATUS, OVERFLOW_ERR, 10, 1) 197 FIELD(CCC_DEVICE_STATUS, DATA_NOT_READY, 11, 1) 198 FIELD(CCC_DEVICE_STATUS, BUFFER_NOT_AVAIL, 12, 1) 199 REG32(DEVICE_ADDR_TABLE_POINTER, 0x5c) 200 FIELD(DEVICE_ADDR_TABLE_POINTER, DEPTH, 16, 16) 201 FIELD(DEVICE_ADDR_TABLE_POINTER, ADDR, 0, 16) 202 REG32(DEV_CHAR_TABLE_POINTER, 0x60) 203 FIELD(DEV_CHAR_TABLE_POINTER, P_DEV_CHAR_TABLE_START_ADDR, 0, 12) 204 FIELD(DEV_CHAR_TABLE_POINTER, DEV_CHAR_TABLE_DEPTH, 12, 7) 205 FIELD(DEV_CHAR_TABLE_POINTER, PRESENT_DEV_CHAR_TABLE_INDEX, 19, 3) 206 REG32(VENDOR_SPECIFIC_REG_POINTER, 0x6c) 207 FIELD(VENDOR_SPECIFIC_REG_POINTER, P_VENDOR_REG_START_ADDR, 0, 16) 208 REG32(SLV_MIPI_PID_VALUE, 0x70) 209 REG32(SLV_PID_VALUE, 0x74) 210 FIELD(SLV_PID_VALUE, SLV_PID_DCR, 0, 12) 211 FIELD(SLV_PID_VALUE, SLV_INST_ID, 12, 4) 212 FIELD(SLV_PID_VALUE, SLV_PART_ID, 16, 16) 213 REG32(SLV_CHAR_CTRL, 0x78) 214 FIELD(SLV_CHAR_CTRL, BCR, 0, 8) 215 FIELD(SLV_CHAR_CTRL, DCR, 8, 8) 216 FIELD(SLV_CHAR_CTRL, HDR_CAP, 16, 8) 217 REG32(SLV_MAX_LEN, 0x7c) 218 FIELD(SLV_MAX_LEN, MWL, 0, 16) 219 FIELD(SLV_MAX_LEN, MRL, 16, 16) 220 REG32(MAX_READ_TURNAROUND, 0x80) 221 REG32(MAX_DATA_SPEED, 0x84) 222 REG32(SLV_DEBUG_STATUS, 0x88) 223 REG32(SLV_INTR_REQ, 0x8c) 224 FIELD(SLV_INTR_REQ, SIR, 0, 1) 225 FIELD(SLV_INTR_REQ, SIR_CTRL, 1, 2) 226 FIELD(SLV_INTR_REQ, MIR, 3, 1) 227 FIELD(SLV_INTR_REQ, TS, 4, 1) 228 FIELD(SLV_INTR_REQ, IBI_STS, 8, 2) 229 FIELD(SLV_INTR_REQ, MDB, 8, 8) 230 FIELD(SLV_INTR_REQ, SIR_DATA_LEN, 16, 8) 231 REG32(SLV_TSX_SYMBL_TIMING, 0x90) 232 FIELD(SLV_TSX_SYMBL_TIMING, SLV_TSX_SYMBL_CNT, 0, 6) 233 REG32(SLV_SIR_DATA, 0x94) 234 FIELD(SLV_SIR_DATA, SIR_DATA_BYTE0, 0, 8) 235 FIELD(SLV_SIR_DATA, SIR_DATA_BYTE1, 8, 8) 236 FIELD(SLV_SIR_DATA, SIR_DATA_BYTE2, 16, 8) 237 FIELD(SLV_SIR_DATA, SIR_DATA_BYTE3, 24, 8) 238 REG32(SLV_IBI_RESP, 0x98) 239 FIELD(SLV_IBI_RESP, IBI_STS, 0, 2) 240 FIELD(SLV_IBI_RESP, SIR_RESP_DATA_LEN, 8, 16) 241 REG32(DEVICE_CTRL_EXTENDED, 0xb0) 242 FIELD(DEVICE_CTRL_EXTENDED, MODE, 0, 2) 243 FIELD(DEVICE_CTRL_EXTENDED, REQMST_ACK_CTRL, 3, 1) 244 REG32(SCL_I3C_OD_TIMING, 0xb4) 245 FIELD(SCL_I3C_OD_TIMING, I3C_OD_LCNT, 0, 8) 246 FIELD(SCL_I3C_OD_TIMING, I3C_OD_HCNT, 16, 8) 247 REG32(SCL_I3C_PP_TIMING, 0xb8) 248 FIELD(SCL_I3C_PP_TIMING, I3C_PP_LCNT, 0, 8) 249 FIELD(SCL_I3C_PP_TIMING, I3C_PP_HCNT, 16, 8) 250 REG32(SCL_I2C_FM_TIMING, 0xbc) 251 REG32(SCL_I2C_FMP_TIMING, 0xc0) 252 FIELD(SCL_I2C_FMP_TIMING, I2C_FMP_LCNT, 0, 16) 253 FIELD(SCL_I2C_FMP_TIMING, I2C_FMP_HCNT, 16, 8) 254 REG32(SCL_EXT_LCNT_TIMING, 0xc8) 255 REG32(SCL_EXT_TERMN_LCNT_TIMING, 0xcc) 256 REG32(BUS_FREE_TIMING, 0xd4) 257 REG32(BUS_IDLE_TIMING, 0xd8) 258 FIELD(BUS_IDLE_TIMING, BUS_IDLE_TIME, 0, 20) 259 REG32(I3C_VER_ID, 0xe0) 260 REG32(I3C_VER_TYPE, 0xe4) 261 REG32(EXTENDED_CAPABILITY, 0xe8) 262 FIELD(EXTENDED_CAPABILITY, APP_IF_MODE, 0, 2) 263 FIELD(EXTENDED_CAPABILITY, APP_IF_DATA_WIDTH, 2, 2) 264 FIELD(EXTENDED_CAPABILITY, OPERATION_MODE, 4, 2) 265 FIELD(EXTENDED_CAPABILITY, CLK_PERIOD, 8, 6) 266 REG32(SLAVE_CONFIG, 0xec) 267 FIELD(SLAVE_CONFIG, DMA_EN, 0, 1) 268 FIELD(SLAVE_CONFIG, HJ_CAP, 0, 1) 269 FIELD(SLAVE_CONFIG, CLK_PERIOD, 2, 14) 270 /* Device characteristic table fields */ 271 REG32(DEVICE_CHARACTERISTIC_TABLE_LOC1, 0x200) 272 REG32(DEVICE_CHARACTERISTIC_TABLE_LOC_SECONDARY, 0x200) 273 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC_SECONDARY, DYNAMIC_ADDR, 0, 8) 274 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC_SECONDARY, DCR, 8, 8) 275 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC_SECONDARY, BCR, 16, 8) 276 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC_SECONDARY, STATIC_ADDR, 24, 8) 277 REG32(DEVICE_CHARACTERISTIC_TABLE_LOC2, 0x204) 278 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC2, MSB_PID, 0, 16) 279 REG32(DEVICE_CHARACTERISTIC_TABLE_LOC3, 0x208) 280 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC3, DCR, 0, 8) 281 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC3, BCR, 8, 8) 282 REG32(DEVICE_CHARACTERISTIC_TABLE_LOC4, 0x20c) 283 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC4, DEV_DYNAMIC_ADDR, 0, 8) 284 /* Dev addr table fields */ 285 REG32(DEVICE_ADDR_TABLE_LOC1, 0x280) 286 FIELD(DEVICE_ADDR_TABLE_LOC1, DEV_STATIC_ADDR, 0, 7) 287 FIELD(DEVICE_ADDR_TABLE_LOC1, IBI_PEC_EN, 11, 1) 288 FIELD(DEVICE_ADDR_TABLE_LOC1, IBI_WITH_DATA, 12, 1) 289 FIELD(DEVICE_ADDR_TABLE_LOC1, SIR_REJECT, 13, 1) 290 FIELD(DEVICE_ADDR_TABLE_LOC1, MR_REJECT, 14, 1) 291 FIELD(DEVICE_ADDR_TABLE_LOC1, DEV_DYNAMIC_ADDR, 16, 8) 292 FIELD(DEVICE_ADDR_TABLE_LOC1, IBI_ADDR_MASK, 24, 2) 293 FIELD(DEVICE_ADDR_TABLE_LOC1, DEV_NACK_RETRY_CNT, 29, 2) 294 FIELD(DEVICE_ADDR_TABLE_LOC1, LEGACY_I2C_DEVICE, 31, 1) 295 296 static const uint32_t dw_i3c_resets[DW_I3C_NR_REGS] = { 297 /* Target mode is not supported, don't advertise it for now. */ 298 [R_HW_CAPABILITY] = 0x000e00b9, 299 [R_QUEUE_THLD_CTRL] = 0x01000101, 300 [R_DATA_BUFFER_THLD_CTRL] = 0x01010100, 301 [R_SLV_EVENT_CTRL] = 0x0000000b, 302 [R_QUEUE_STATUS_LEVEL] = 0x00000002, 303 [R_DATA_BUFFER_STATUS_LEVEL] = 0x00000010, 304 [R_PRESENT_STATE] = 0x00000003, 305 [R_I3C_VER_ID] = 0x3130302a, 306 [R_I3C_VER_TYPE] = 0x6c633033, 307 [R_DEVICE_ADDR_TABLE_POINTER] = 0x00080280, 308 [R_DEV_CHAR_TABLE_POINTER] = 0x00020200, 309 [R_SLV_CHAR_CTRL] = 0x00010000, 310 [A_VENDOR_SPECIFIC_REG_POINTER] = 0x000000b0, 311 [R_SLV_MAX_LEN] = 0x00ff00ff, 312 [R_SLV_TSX_SYMBL_TIMING] = 0x0000003f, 313 [R_SCL_I3C_OD_TIMING] = 0x000a0010, 314 [R_SCL_I3C_PP_TIMING] = 0x000a000a, 315 [R_SCL_I2C_FM_TIMING] = 0x00100010, 316 [R_SCL_I2C_FMP_TIMING] = 0x00100010, 317 [R_SCL_EXT_LCNT_TIMING] = 0x20202020, 318 [R_SCL_EXT_TERMN_LCNT_TIMING] = 0x00300000, 319 [R_BUS_FREE_TIMING] = 0x00200020, 320 [R_BUS_IDLE_TIMING] = 0x00000020, 321 [R_EXTENDED_CAPABILITY] = 0x00000239, 322 [R_SLAVE_CONFIG] = 0x00000023, 323 }; 324 325 static const uint32_t dw_i3c_ro[DW_I3C_NR_REGS] = { 326 [R_DEVICE_CTRL] = 0x04fffe00, 327 [R_DEVICE_ADDR] = 0x7f807f80, 328 [R_HW_CAPABILITY] = 0xffffffff, 329 [R_IBI_QUEUE_STATUS] = 0xffffffff, 330 [R_DATA_BUFFER_THLD_CTRL] = 0xf8f8f8f8, 331 [R_IBI_QUEUE_CTRL] = 0xfffffff0, 332 [R_RESET_CTRL] = 0xffffffc0, 333 [R_SLV_EVENT_CTRL] = 0xffffff3f, 334 [R_INTR_STATUS] = 0xffff809f, 335 [R_INTR_STATUS_EN] = 0xffff8080, 336 [R_INTR_SIGNAL_EN] = 0xffff8080, 337 [R_INTR_FORCE] = 0xffff8000, 338 [R_QUEUE_STATUS_LEVEL] = 0xffffffff, 339 [R_DATA_BUFFER_STATUS_LEVEL] = 0xffffffff, 340 [R_PRESENT_STATE] = 0xffffffff, 341 [R_CCC_DEVICE_STATUS] = 0xffffffff, 342 [R_I3C_VER_ID] = 0xffffffff, 343 [R_I3C_VER_TYPE] = 0xffffffff, 344 [R_DEVICE_ADDR_TABLE_POINTER] = 0xffffffff, 345 [R_DEV_CHAR_TABLE_POINTER] = 0xffcbffff, 346 [R_SLV_PID_VALUE] = 0xffff0fff, 347 [R_SLV_CHAR_CTRL] = 0xffffffff, 348 [A_VENDOR_SPECIFIC_REG_POINTER] = 0xffffffff, 349 [R_SLV_MAX_LEN] = 0xffffffff, 350 [R_MAX_READ_TURNAROUND] = 0xffffffff, 351 [R_MAX_DATA_SPEED] = 0xffffffff, 352 [R_SLV_INTR_REQ] = 0xfffffff0, 353 [R_SLV_TSX_SYMBL_TIMING] = 0xffffffc0, 354 [R_DEVICE_CTRL_EXTENDED] = 0xfffffff8, 355 [R_SCL_I3C_OD_TIMING] = 0xff00ff00, 356 [R_SCL_I3C_PP_TIMING] = 0xff00ff00, 357 [R_SCL_I2C_FMP_TIMING] = 0xff000000, 358 [R_SCL_EXT_TERMN_LCNT_TIMING] = 0x0000fff0, 359 [R_BUS_IDLE_TIMING] = 0xfff00000, 360 [R_EXTENDED_CAPABILITY] = 0xffffffff, 361 [R_SLAVE_CONFIG] = 0xffffffff, 362 }; 363 364 static void dw_i3c_cmd_queue_execute(DWI3C *s); 365 366 static inline bool dw_i3c_has_hdr_ts(DWI3C *s) 367 { 368 return ARRAY_FIELD_EX32(s->regs, HW_CAPABILITY, HDR_TS); 369 } 370 371 static inline bool dw_i3c_has_hdr_ddr(DWI3C *s) 372 { 373 return ARRAY_FIELD_EX32(s->regs, HW_CAPABILITY, HDR_DDR); 374 } 375 376 static inline bool dw_i3c_can_transmit(DWI3C *s) 377 { 378 /* 379 * We can only transmit if we're enabled and the resume bit is cleared. 380 * The resume bit is set on a transaction error, and software must clear it. 381 */ 382 return ARRAY_FIELD_EX32(s->regs, DEVICE_CTRL, I3C_EN) && 383 !ARRAY_FIELD_EX32(s->regs, DEVICE_CTRL, I3C_RESUME); 384 } 385 386 static inline uint8_t dw_i3c_ibi_slice_size(DWI3C *s) 387 { 388 uint8_t ibi_slice_size = ARRAY_FIELD_EX32(s->regs, QUEUE_THLD_CTRL, 389 IBI_DATA_THLD); 390 /* The minimum supported slice size is 4 bytes. */ 391 if (ibi_slice_size == 0) { 392 ibi_slice_size = 1; 393 } 394 ibi_slice_size *= sizeof(uint32_t); 395 /* maximum supported size is 63 bytes. */ 396 if (ibi_slice_size >= 64) { 397 ibi_slice_size = 63; 398 } 399 400 return ibi_slice_size; 401 } 402 403 static inline uint8_t dw_i3c_fifo_threshold_from_reg(uint8_t regval) 404 { 405 return regval = regval ? (2 << regval) : 1; 406 } 407 408 static void dw_i3c_update_irq(DWI3C *s) 409 { 410 bool level = !!(s->regs[R_INTR_SIGNAL_EN] & s->regs[R_INTR_STATUS]); 411 qemu_set_irq(s->irq, level); 412 } 413 414 static void dw_i3c_end_transfer(DWI3C *s, bool is_i2c) 415 { 416 if (is_i2c) { 417 legacy_i2c_end_transfer(s->bus); 418 } else { 419 i3c_end_transfer(s->bus); 420 } 421 } 422 423 static int dw_i3c_send_start(DWI3C *s, uint8_t addr, bool is_recv, bool is_i2c) 424 { 425 int ret; 426 427 if (is_i2c) { 428 ret = legacy_i2c_start_transfer(s->bus, addr, is_recv); 429 } else { 430 ret = i3c_start_transfer(s->bus, addr, is_recv); 431 } 432 if (ret) { 433 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 434 qemu_log_mask(LOG_GUEST_ERROR, "%s: NACKed on TX with addr 0x%.2x\n", 435 path, addr); 436 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 437 DW_I3C_TRANSFER_STATE_HALT); 438 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_STATUS, 439 DW_I3C_TRANSFER_STATUS_HALT); 440 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, TRANSFER_ERR, 1); 441 ARRAY_FIELD_DP32(s->regs, DEVICE_CTRL, I3C_RESUME, 1); 442 } 443 444 return ret; 445 } 446 447 static int dw_i3c_send(DWI3C *s, const uint8_t *data, uint32_t num_to_send, 448 uint32_t *num_sent, bool is_i2c) 449 { 450 int ret; 451 uint32_t i; 452 453 *num_sent = 0; 454 if (is_i2c) { 455 /* Legacy I2C must be byte-by-byte. */ 456 for (i = 0; i < num_to_send; i++) { 457 ret = legacy_i2c_send(s->bus, data[i]); 458 if (ret) { 459 break; 460 } 461 (*num_sent)++; 462 } 463 } else { 464 ret = i3c_send(s->bus, data, num_to_send, num_sent); 465 } 466 if (ret) { 467 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 468 qemu_log_mask(LOG_GUEST_ERROR, "%s: NACKed sending byte 0x%.2x\n", 469 path, data[*num_sent]); 470 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 471 DW_I3C_TRANSFER_STATE_HALT); 472 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_STATUS, 473 DW_I3C_TRANSFER_STATUS_HALT); 474 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, TRANSFER_ERR, 1); 475 ARRAY_FIELD_DP32(s->regs, DEVICE_CTRL, I3C_RESUME, 1); 476 } 477 478 trace_dw_i3c_send(s->cfg.id, *num_sent); 479 480 return ret; 481 } 482 483 static int dw_i3c_send_byte(DWI3C *s, uint8_t byte, bool is_i2c) 484 { 485 /* 486 * Ignored, the caller will know if we sent 0 or 1 bytes depending on if 487 * we were ACKed/NACKed. 488 */ 489 uint32_t num_sent; 490 return dw_i3c_send(s, &byte, 1, &num_sent, is_i2c); 491 } 492 493 static int dw_i3c_recv_data(DWI3C *s, bool is_i2c, uint8_t *data, 494 uint16_t num_to_read, uint32_t *num_read) 495 { 496 int ret; 497 498 if (is_i2c) { 499 for (uint16_t i = 0; i < num_to_read; i++) { 500 data[i] = legacy_i2c_recv(s->bus); 501 } 502 /* I2C devices can neither NACK a read, nor end transfers early. */ 503 *num_read = num_to_read; 504 trace_dw_i3c_recv_data(s->cfg.id, *num_read); 505 return 0; 506 } 507 /* I3C devices can NACK if the controller sends an unsupported CCC. */ 508 ret = i3c_recv(s->bus, data, num_to_read, num_read); 509 if (ret) { 510 qemu_log_mask(LOG_GUEST_ERROR, "%s: NACKed receiving byte\n", 511 object_get_canonical_path(OBJECT(s))); 512 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 513 DW_I3C_TRANSFER_STATE_HALT); 514 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_STATUS, 515 DW_I3C_TRANSFER_STATUS_HALT); 516 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, TRANSFER_ERR, 1); 517 ARRAY_FIELD_DP32(s->regs, DEVICE_CTRL, I3C_RESUME, 1); 518 } 519 520 trace_dw_i3c_recv_data(s->cfg.id, *num_read); 521 522 return ret; 523 } 524 525 static void dw_i3c_ctrl_w(DWI3C *s, uint32_t val) 526 { 527 /* 528 * If the user is setting I3C_RESUME, the controller was halted. 529 * Try and resume execution and leave the bit cleared. 530 */ 531 if (FIELD_EX32(val, DEVICE_CTRL, I3C_RESUME)) { 532 dw_i3c_cmd_queue_execute(s); 533 val = FIELD_DP32(val, DEVICE_CTRL, I3C_RESUME, 0); 534 } 535 /* 536 * I3C_ABORT being set sends an I3C STOP. It's cleared when the STOP is 537 * sent. 538 */ 539 if (FIELD_EX32(val, DEVICE_CTRL, I3C_ABORT)) { 540 dw_i3c_end_transfer(s, /*is_i2c=*/true); 541 dw_i3c_end_transfer(s, /*is_i2c=*/false); 542 val = FIELD_DP32(val, DEVICE_CTRL, I3C_ABORT, 0); 543 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, TRANSFER_ABORT, 1); 544 dw_i3c_update_irq(s); 545 } 546 /* Update present state. */ 547 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 548 DW_I3C_TRANSFER_STATE_IDLE); 549 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_STATUS, 550 DW_I3C_TRANSFER_STATUS_IDLE); 551 552 s->regs[R_DEVICE_CTRL] = val; 553 } 554 555 static inline bool dw_i3c_target_is_i2c(DWI3C *s, uint16_t offset) 556 { 557 /* / sizeof(uint32_t) because we're indexing into our 32-bit reg array. */ 558 uint16_t dev_index = (ARRAY_FIELD_EX32(s->regs, DEVICE_ADDR_TABLE_POINTER, 559 ADDR) / sizeof(uint32_t)) + offset; 560 return FIELD_EX32(s->regs[dev_index], DEVICE_ADDR_TABLE_LOC1, 561 LEGACY_I2C_DEVICE); 562 } 563 564 static uint8_t dw_i3c_target_addr(DWI3C *s, uint16_t offset) 565 { 566 if (offset > s->cfg.num_addressable_devices) { 567 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 568 qemu_log_mask(LOG_GUEST_ERROR, "%s: Device addr table offset %d out of " 569 "bounds\n", path, offset); 570 /* If we're out of bounds, return an address of 0. */ 571 return 0; 572 } 573 574 /* / sizeof(uint32_t) because we're indexing into our 32-bit reg array. */ 575 uint16_t dev_index = (ARRAY_FIELD_EX32(s->regs, DEVICE_ADDR_TABLE_POINTER, 576 ADDR) / sizeof(uint32_t)) + offset; 577 /* I2C devices use a static address. */ 578 if (dw_i3c_target_is_i2c(s, offset)) { 579 return FIELD_EX32(s->regs[dev_index], DEVICE_ADDR_TABLE_LOC1, 580 DEV_STATIC_ADDR); 581 } 582 return FIELD_EX32(s->regs[dev_index], DEVICE_ADDR_TABLE_LOC1, 583 DEV_DYNAMIC_ADDR); 584 } 585 586 static int dw_i3c_addr_table_index_from_addr(DWI3C *s, uint8_t addr) 587 { 588 uint8_t table_size = ARRAY_FIELD_EX32(s->regs, DEVICE_ADDR_TABLE_POINTER, 589 DEPTH); 590 for (uint8_t i = 0; i < table_size; i++) { 591 if (dw_i3c_target_addr(s, i) == addr) { 592 return i; 593 } 594 } 595 return -1; 596 } 597 598 static void dw_i3c_send_disec(DWI3C *s) 599 { 600 uint8_t ccc = I3C_CCC_DISEC; 601 if (s->ibi_data.send_direct_disec) { 602 ccc = I3C_CCCD_DISEC; 603 } 604 605 dw_i3c_send_start(s, I3C_BROADCAST, /*is_recv=*/false, 606 /*is_i2c=*/false); 607 dw_i3c_send_byte(s, ccc, /*is_i2c=*/false); 608 if (s->ibi_data.send_direct_disec) { 609 dw_i3c_send_start(s, s->ibi_data.disec_addr, 610 /*is_recv=*/false, /*is_i2c=*/false); 611 } 612 dw_i3c_send_byte(s, s->ibi_data.disec_byte, /*is_i2c=*/false); 613 } 614 615 static int dw_i3c_handle_hj(DWI3C *s) 616 { 617 if (ARRAY_FIELD_EX32(s->regs, IBI_QUEUE_CTRL, NOTIFY_REJECTED_HOT_JOIN)) { 618 s->ibi_data.notify_ibi_nack = true; 619 } 620 621 bool nack_and_disable = ARRAY_FIELD_EX32(s->regs, DEVICE_CTRL, 622 HOT_JOIN_ACK_NACK_CTRL); 623 if (nack_and_disable) { 624 s->ibi_data.ibi_queue_status = FIELD_DP32(s->ibi_data.ibi_queue_status, 625 IBI_QUEUE_STATUS, 626 IBI_STATUS, 1); 627 s->ibi_data.ibi_nacked = true; 628 s->ibi_data.disec_byte = DISEC_HJ; 629 return -1; 630 } 631 return 0; 632 } 633 634 static int dw_i3c_handle_ctlr_req(DWI3C *s, uint8_t addr) 635 { 636 if (ARRAY_FIELD_EX32(s->regs, IBI_QUEUE_CTRL, NOTIFY_REJECTED_MASTER_REQ)) { 637 s->ibi_data.notify_ibi_nack = true; 638 } 639 640 int table_offset = dw_i3c_addr_table_index_from_addr(s, addr); 641 /* Doesn't exist in the table, NACK it, don't DISEC. */ 642 if (table_offset < 0) { 643 return -1; 644 } 645 646 /* / sizeof(uint32_t) because we're indexing into our 32-bit reg array. */ 647 table_offset += (ARRAY_FIELD_EX32(s->regs, DEVICE_ADDR_TABLE_POINTER, 648 ADDR) / sizeof(uint32_t)); 649 if (FIELD_EX32(s->regs[table_offset], DEVICE_ADDR_TABLE_LOC1, MR_REJECT)) { 650 s->ibi_data.ibi_queue_status = FIELD_DP32(s->ibi_data.ibi_queue_status, 651 IBI_QUEUE_STATUS, 652 IBI_STATUS, 1); 653 s->ibi_data.ibi_nacked = true; 654 s->ibi_data.disec_addr = addr; 655 /* Tell the requester to disable controller role requests. */ 656 s->ibi_data.disec_byte = DISEC_CR; 657 s->ibi_data.send_direct_disec = true; 658 return -1; 659 } 660 return 0; 661 } 662 663 static int dw_i3c_handle_targ_irq(DWI3C *s, uint8_t addr) 664 { 665 if (ARRAY_FIELD_EX32(s->regs, IBI_QUEUE_CTRL, NOTIFY_REJECTED_SLAVE_IRQ)) { 666 s->ibi_data.notify_ibi_nack = true; 667 } 668 669 int table_offset = dw_i3c_addr_table_index_from_addr(s, addr); 670 /* Doesn't exist in the table, NACK it, don't DISEC. */ 671 if (table_offset < 0) { 672 return -1; 673 } 674 675 /* / sizeof(uint32_t) because we're indexing into our 32-bit reg array. */ 676 table_offset += (ARRAY_FIELD_EX32(s->regs, DEVICE_ADDR_TABLE_POINTER, 677 ADDR) / sizeof(uint32_t)); 678 if (FIELD_EX32(s->regs[table_offset], DEVICE_ADDR_TABLE_LOC1, SIR_REJECT)) { 679 s->ibi_data.ibi_queue_status = FIELD_DP32(s->ibi_data.ibi_queue_status, 680 IBI_QUEUE_STATUS, 681 IBI_STATUS, 1); 682 s->ibi_data.ibi_nacked = true; 683 s->ibi_data.disec_addr = addr; 684 /* Tell the requester to disable interrupts. */ 685 s->ibi_data.disec_byte = DISEC_INT; 686 s->ibi_data.send_direct_disec = true; 687 return -1; 688 } 689 return 0; 690 } 691 692 static int dw_i3c_ibi_handle(I3CBus *bus, uint8_t addr, bool is_recv) 693 { 694 DWI3C *s = DW_I3C(bus->qbus.parent); 695 696 trace_dw_i3c_ibi_handle(s->cfg.id, addr, is_recv); 697 s->ibi_data.ibi_queue_status = FIELD_DP32(s->ibi_data.ibi_queue_status, 698 IBI_QUEUE_STATUS, IBI_ID, 699 (addr << 1) | is_recv); 700 /* Is this a hot join request? */ 701 if (addr == I3C_HJ_ADDR) { 702 return dw_i3c_handle_hj(s); 703 } 704 /* Is secondary controller requesting access? */ 705 if (!is_recv) { 706 return dw_i3c_handle_ctlr_req(s, addr); 707 } 708 /* Is this a target IRQ? */ 709 if (is_recv) { 710 return dw_i3c_handle_targ_irq(s, addr); 711 } 712 713 /* At this point the IBI should have been ACKed or NACKed. */ 714 g_assert_not_reached(); 715 return -1; 716 } 717 718 static int dw_i3c_ibi_recv(I3CBus *bus, uint8_t data) 719 { 720 DWI3C *s = DW_I3C(bus->qbus.parent); 721 if (fifo8_is_full(&s->ibi_data.ibi_intermediate_queue)) { 722 return -1; 723 } 724 725 fifo8_push(&s->ibi_data.ibi_intermediate_queue, data); 726 trace_dw_i3c_ibi_recv(s->cfg.id, data); 727 return 0; 728 } 729 730 static void dw_i3c_ibi_queue_push(DWI3C *s) 731 { 732 /* Stored value is in 32-bit chunks, convert it to byte chunks. */ 733 uint8_t ibi_slice_size = dw_i3c_ibi_slice_size(s); 734 uint8_t num_slices = (fifo8_num_used(&s->ibi_data.ibi_intermediate_queue) / 735 ibi_slice_size) + 736 ((fifo8_num_used(&s->ibi_data.ibi_intermediate_queue) % 737 ibi_slice_size) ? 1 : 0); 738 uint8_t ibi_status_count = num_slices; 739 union { 740 uint8_t b[sizeof(uint32_t)]; 741 uint32_t val32; 742 } ibi_data = { 743 .val32 = 0 744 }; 745 746 /* The report was suppressed, do nothing. */ 747 if (s->ibi_data.ibi_nacked && !s->ibi_data.notify_ibi_nack) { 748 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 749 DW_I3C_TRANSFER_STATE_IDLE); 750 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_STATUS, 751 DW_I3C_TRANSFER_STATUS_IDLE); 752 return; 753 } 754 755 /* If we don't have any slices to push, just push the status. */ 756 if (num_slices == 0) { 757 s->ibi_data.ibi_queue_status = 758 FIELD_DP32(s->ibi_data.ibi_queue_status, IBI_QUEUE_STATUS, 759 LAST_STATUS, 1); 760 fifo32_push(&s->ibi_queue, s->ibi_data.ibi_queue_status); 761 ibi_status_count = 1; 762 } 763 764 for (uint8_t i = 0; i < num_slices; i++) { 765 /* If this is the last slice, set LAST_STATUS. */ 766 if (fifo8_num_used(&s->ibi_data.ibi_intermediate_queue) < 767 ibi_slice_size) { 768 s->ibi_data.ibi_queue_status = 769 FIELD_DP32(s->ibi_data.ibi_queue_status, IBI_QUEUE_STATUS, 770 IBI_DATA_LEN, 771 fifo8_num_used(&s->ibi_data.ibi_intermediate_queue)); 772 s->ibi_data.ibi_queue_status = 773 FIELD_DP32(s->ibi_data.ibi_queue_status, IBI_QUEUE_STATUS, 774 LAST_STATUS, 1); 775 } else { 776 s->ibi_data.ibi_queue_status = 777 FIELD_DP32(s->ibi_data.ibi_queue_status, IBI_QUEUE_STATUS, 778 IBI_DATA_LEN, ibi_slice_size); 779 } 780 781 /* Push the IBI status header. */ 782 fifo32_push(&s->ibi_queue, s->ibi_data.ibi_queue_status); 783 /* Move each IBI byte into a 32-bit word and push it into the queue. */ 784 for (uint8_t j = 0; j < ibi_slice_size; ++j) { 785 if (fifo8_is_empty(&s->ibi_data.ibi_intermediate_queue)) { 786 break; 787 } 788 789 ibi_data.b[j & 3] = fifo8_pop(&s->ibi_data.ibi_intermediate_queue); 790 /* We have 32-bits, push it to the IBI FIFO. */ 791 if ((j & 0x03) == 0x03) { 792 fifo32_push(&s->ibi_queue, ibi_data.val32); 793 ibi_data.val32 = 0; 794 } 795 } 796 /* If the data isn't 32-bit aligned, push the leftover bytes. */ 797 if (ibi_slice_size & 0x03) { 798 fifo32_push(&s->ibi_queue, ibi_data.val32); 799 } 800 801 /* Clear out the data length for the next iteration. */ 802 s->ibi_data.ibi_queue_status = FIELD_DP32(s->ibi_data.ibi_queue_status, 803 IBI_QUEUE_STATUS, IBI_DATA_LEN, 0); 804 } 805 806 ARRAY_FIELD_DP32(s->regs, QUEUE_STATUS_LEVEL, IBI_BUF_BLR, 807 fifo32_num_used(&s->ibi_queue)); 808 ARRAY_FIELD_DP32(s->regs, QUEUE_STATUS_LEVEL, IBI_STATUS_CNT, 809 ibi_status_count); 810 /* Threshold is the register value + 1. */ 811 uint8_t threshold = ARRAY_FIELD_EX32(s->regs, QUEUE_THLD_CTRL, 812 IBI_STATUS_THLD) + 1; 813 if (fifo32_num_used(&s->ibi_queue) >= threshold) { 814 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, IBI_THLD, 1); 815 dw_i3c_update_irq(s); 816 } 817 818 /* State update. */ 819 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 820 DW_I3C_TRANSFER_STATE_IDLE); 821 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_STATUS, 822 DW_I3C_TRANSFER_STATUS_IDLE); 823 } 824 825 static int dw_i3c_ibi_finish(I3CBus *bus) 826 { 827 DWI3C *s = DW_I3C(bus->qbus.parent); 828 bool nack_and_disable_hj = ARRAY_FIELD_EX32(s->regs, DEVICE_CTRL, 829 HOT_JOIN_ACK_NACK_CTRL); 830 if (nack_and_disable_hj || s->ibi_data.send_direct_disec) { 831 dw_i3c_send_disec(s); 832 } 833 dw_i3c_ibi_queue_push(s); 834 835 /* Clear out the intermediate values. */ 836 s->ibi_data.ibi_queue_status = 0; 837 s->ibi_data.disec_addr = 0; 838 s->ibi_data.disec_byte = 0; 839 s->ibi_data.send_direct_disec = false; 840 s->ibi_data.notify_ibi_nack = false; 841 s->ibi_data.ibi_nacked = false; 842 843 return 0; 844 } 845 846 static uint32_t dw_i3c_intr_status_r(DWI3C *s) 847 { 848 /* Only return the status whose corresponding EN bits are set. */ 849 return s->regs[R_INTR_STATUS] & s->regs[R_INTR_STATUS_EN]; 850 } 851 852 static void dw_i3c_intr_status_w(DWI3C *s, uint32_t val) 853 { 854 /* INTR_STATUS[13:5] is w1c, other bits are RO. */ 855 val &= 0x3fe0; 856 s->regs[R_INTR_STATUS] &= ~val; 857 858 dw_i3c_update_irq(s); 859 } 860 861 static void dw_i3c_intr_status_en_w(DWI3C *s, uint32_t val) 862 { 863 s->regs[R_INTR_STATUS_EN] = val; 864 dw_i3c_update_irq(s); 865 } 866 867 static void dw_i3c_intr_signal_en_w(DWI3C *s, uint32_t val) 868 { 869 s->regs[R_INTR_SIGNAL_EN] = val; 870 dw_i3c_update_irq(s); 871 } 872 873 static void dw_i3c_intr_force_w(DWI3C *s, uint32_t val) 874 { 875 /* INTR_FORCE is WO, just set the corresponding INTR_STATUS bits. */ 876 s->regs[R_INTR_STATUS] = val; 877 dw_i3c_update_irq(s); 878 } 879 880 static uint32_t dw_i3c_pop_rx(DWI3C *s) 881 { 882 if (fifo32_is_empty(&s->rx_queue)) { 883 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 884 qemu_log_mask(LOG_GUEST_ERROR, "%s: Tried to read RX FIFO when empty\n", 885 path); 886 return 0; 887 } 888 889 uint32_t val = fifo32_pop(&s->rx_queue); 890 ARRAY_FIELD_DP32(s->regs, DATA_BUFFER_STATUS_LEVEL, RX_BUF_BLR, 891 fifo32_num_used(&s->rx_queue)); 892 893 /* Threshold is 2^RX_BUF_THLD. */ 894 uint8_t threshold = ARRAY_FIELD_EX32(s->regs, DATA_BUFFER_THLD_CTRL, 895 RX_BUF_THLD); 896 threshold = dw_i3c_fifo_threshold_from_reg(threshold); 897 if (fifo32_num_used(&s->rx_queue) < threshold) { 898 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, RX_THLD, 0); 899 dw_i3c_update_irq(s); 900 } 901 902 trace_dw_i3c_pop_rx(s->cfg.id, val); 903 return val; 904 } 905 906 static uint32_t dw_i3c_ibi_queue_r(DWI3C *s) 907 { 908 if (fifo32_is_empty(&s->ibi_queue)) { 909 return 0; 910 } 911 912 uint32_t val = fifo32_pop(&s->ibi_queue); 913 ARRAY_FIELD_DP32(s->regs, QUEUE_STATUS_LEVEL, IBI_BUF_BLR, 914 fifo32_num_used(&s->ibi_queue)); 915 /* Threshold is the register value + 1. */ 916 uint8_t threshold = ARRAY_FIELD_EX32(s->regs, QUEUE_THLD_CTRL, 917 IBI_STATUS_THLD) + 1; 918 if (fifo32_num_used(&s->ibi_queue) < threshold) { 919 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, IBI_THLD, 0); 920 dw_i3c_update_irq(s); 921 } 922 return val; 923 } 924 925 static uint32_t dw_i3c_resp_queue_port_r(DWI3C *s) 926 { 927 if (fifo32_is_empty(&s->resp_queue)) { 928 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 929 qemu_log_mask(LOG_GUEST_ERROR, "%s: Tried to read response FIFO when " 930 "empty\n", path); 931 return 0; 932 } 933 934 uint32_t val = fifo32_pop(&s->resp_queue); 935 ARRAY_FIELD_DP32(s->regs, QUEUE_STATUS_LEVEL, RESP_BUF_BLR, 936 fifo32_num_used(&s->resp_queue)); 937 938 /* Threshold is the register value + 1. */ 939 uint8_t threshold = ARRAY_FIELD_EX32(s->regs, QUEUE_THLD_CTRL, 940 RESP_BUF_THLD) + 1; 941 if (fifo32_num_used(&s->resp_queue) < threshold) { 942 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, RESP_RDY, 0); 943 dw_i3c_update_irq(s); 944 } 945 946 return val; 947 } 948 949 static uint64_t dw_i3c_read(void *opaque, hwaddr offset, unsigned size) 950 { 951 DWI3C *s = DW_I3C(opaque); 952 uint32_t addr = offset >> 2; 953 uint64_t value; 954 955 switch (addr) { 956 /* RAZ */ 957 case R_COMMAND_QUEUE_PORT: 958 case R_RESET_CTRL: 959 case R_INTR_FORCE: 960 value = 0; 961 break; 962 case R_IBI_QUEUE_DATA: 963 value = dw_i3c_ibi_queue_r(s); 964 break; 965 case R_INTR_STATUS: 966 value = dw_i3c_intr_status_r(s); 967 break; 968 case R_RX_TX_DATA_PORT: 969 value = dw_i3c_pop_rx(s); 970 break; 971 case R_RESPONSE_QUEUE_PORT: 972 value = dw_i3c_resp_queue_port_r(s); 973 break; 974 default: 975 value = s->regs[addr]; 976 break; 977 } 978 979 trace_dw_i3c_read(s->cfg.id, offset, value); 980 981 return value; 982 } 983 984 static void dw_i3c_resp_queue_push(DWI3C *s, uint8_t err, uint8_t tid, 985 uint8_t ccc_type, uint16_t data_len) 986 { 987 uint32_t val = 0; 988 val = FIELD_DP32(val, RESPONSE_QUEUE_PORT, ERR_STATUS, err); 989 val = FIELD_DP32(val, RESPONSE_QUEUE_PORT, TID, tid); 990 val = FIELD_DP32(val, RESPONSE_QUEUE_PORT, CCCT, ccc_type); 991 val = FIELD_DP32(val, RESPONSE_QUEUE_PORT, DL, data_len); 992 if (!fifo32_is_full(&s->resp_queue)) { 993 trace_dw_i3c_resp_queue_push(s->cfg.id, val); 994 fifo32_push(&s->resp_queue, val); 995 } 996 997 ARRAY_FIELD_DP32(s->regs, QUEUE_STATUS_LEVEL, RESP_BUF_BLR, 998 fifo32_num_used(&s->resp_queue)); 999 /* Threshold is the register value + 1. */ 1000 uint8_t threshold = ARRAY_FIELD_EX32(s->regs, QUEUE_THLD_CTRL, 1001 RESP_BUF_THLD) + 1; 1002 if (fifo32_num_used(&s->resp_queue) >= threshold) { 1003 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, RESP_RDY, 1); 1004 dw_i3c_update_irq(s); 1005 } 1006 } 1007 1008 static void dw_i3c_push_tx(DWI3C *s, uint32_t val) 1009 { 1010 if (fifo32_is_full(&s->tx_queue)) { 1011 qemu_log_mask(LOG_GUEST_ERROR, "%s: Tried to push to TX FIFO when " 1012 "full\n", object_get_canonical_path(OBJECT(s))); 1013 return; 1014 } 1015 1016 trace_dw_i3c_push_tx(s->cfg.id, val); 1017 fifo32_push(&s->tx_queue, val); 1018 ARRAY_FIELD_DP32(s->regs, DATA_BUFFER_STATUS_LEVEL, TX_BUF_EMPTY_LOC, 1019 fifo32_num_free(&s->tx_queue)); 1020 1021 /* Threshold is 2^TX_BUF_THLD. */ 1022 uint8_t empty_threshold = ARRAY_FIELD_EX32(s->regs, DATA_BUFFER_THLD_CTRL, 1023 TX_BUF_THLD); 1024 empty_threshold = 1025 dw_i3c_fifo_threshold_from_reg(empty_threshold); 1026 if (fifo32_num_free(&s->tx_queue) < empty_threshold) { 1027 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, TX_THLD, 0); 1028 dw_i3c_update_irq(s); 1029 } 1030 } 1031 1032 static uint32_t dw_i3c_pop_tx(DWI3C *s) 1033 { 1034 if (fifo32_is_empty(&s->tx_queue)) { 1035 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1036 qemu_log_mask(LOG_GUEST_ERROR, "%s: Tried to pop from TX FIFO when " 1037 "empty\n", path); 1038 return 0; 1039 } 1040 1041 uint32_t val = fifo32_pop(&s->tx_queue); 1042 trace_dw_i3c_pop_tx(s->cfg.id, val); 1043 ARRAY_FIELD_DP32(s->regs, DATA_BUFFER_STATUS_LEVEL, TX_BUF_EMPTY_LOC, 1044 fifo32_num_free(&s->tx_queue)); 1045 1046 /* Threshold is 2^TX_BUF_THLD. */ 1047 uint8_t empty_threshold = ARRAY_FIELD_EX32(s->regs, DATA_BUFFER_THLD_CTRL, 1048 TX_BUF_THLD); 1049 empty_threshold = 1050 dw_i3c_fifo_threshold_from_reg(empty_threshold); 1051 if (fifo32_num_free(&s->tx_queue) >= empty_threshold) { 1052 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, TX_THLD, 1); 1053 dw_i3c_update_irq(s); 1054 } 1055 return val; 1056 } 1057 1058 static void dw_i3c_push_rx(DWI3C *s, uint32_t val) 1059 { 1060 if (fifo32_is_full(&s->rx_queue)) { 1061 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1062 qemu_log_mask(LOG_GUEST_ERROR, "%s: Tried to push to RX FIFO when " 1063 "full\n", path); 1064 return; 1065 } 1066 trace_dw_i3c_push_rx(s->cfg.id, val); 1067 fifo32_push(&s->rx_queue, val); 1068 1069 ARRAY_FIELD_DP32(s->regs, DATA_BUFFER_STATUS_LEVEL, RX_BUF_BLR, 1070 fifo32_num_used(&s->rx_queue)); 1071 /* Threshold is 2^RX_BUF_THLD. */ 1072 uint8_t threshold = ARRAY_FIELD_EX32(s->regs, DATA_BUFFER_THLD_CTRL, 1073 RX_BUF_THLD); 1074 threshold = dw_i3c_fifo_threshold_from_reg(threshold); 1075 if (fifo32_num_used(&s->rx_queue) >= threshold) { 1076 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, RX_THLD, 1); 1077 dw_i3c_update_irq(s); 1078 } 1079 } 1080 1081 static void dw_i3c_short_transfer(DWI3C *s, DWI3CTransferCmd cmd, 1082 DWI3CShortArg arg) 1083 { 1084 uint8_t err = DW_I3C_RESP_QUEUE_ERR_NONE; 1085 uint8_t addr = dw_i3c_target_addr(s, cmd.dev_index); 1086 bool is_i2c = dw_i3c_target_is_i2c(s, cmd.dev_index); 1087 uint8_t data[4]; /* Max we can send on a short transfer is 4 bytes. */ 1088 uint8_t len = 0; 1089 uint32_t bytes_sent; /* Ignored on short transfers. */ 1090 1091 /* Can't do reads on a short transfer. */ 1092 if (cmd.rnw) { 1093 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1094 qemu_log_mask(LOG_GUEST_ERROR, "%s: Cannot do a read on a short " 1095 "transfer\n", path); 1096 return; 1097 } 1098 1099 if (dw_i3c_send_start(s, addr, /*is_recv=*/false, is_i2c)) { 1100 err = DW_I3C_RESP_QUEUE_ERR_I2C_NACK; 1101 goto transfer_done; 1102 } 1103 1104 /* Are we sending a command? */ 1105 if (cmd.cp) { 1106 data[len] = cmd.cmd; 1107 len++; 1108 /* 1109 * byte0 is the defining byte for a command, and is only sent if a 1110 * command is present and if the command has a defining byte present. 1111 * (byte_strb & 0x01) is always treated as set by the controller, and is 1112 * ignored. 1113 */ 1114 if (cmd.dbp) { 1115 data[len] += arg.byte0; 1116 len++; 1117 } 1118 } 1119 1120 /* Send the bytes passed in the argument. */ 1121 if (arg.byte_strb & 0x02) { 1122 data[len] = arg.byte1; 1123 len++; 1124 } 1125 if (arg.byte_strb & 0x04) { 1126 data[len] = arg.byte2; 1127 len++; 1128 } 1129 1130 if (dw_i3c_send(s, data, len, &bytes_sent, is_i2c)) { 1131 err = DW_I3C_RESP_QUEUE_ERR_I2C_NACK; 1132 } else { 1133 /* Only go to an idle state on a successful transfer. */ 1134 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 1135 DW_I3C_TRANSFER_STATE_IDLE); 1136 } 1137 1138 transfer_done: 1139 if (cmd.toc) { 1140 dw_i3c_end_transfer(s, is_i2c); 1141 } 1142 if (cmd.roc) { 1143 /* 1144 * ccc_type is always 0 in controller mode, data_len is 0 in short 1145 * transfers. 1146 */ 1147 dw_i3c_resp_queue_push(s, err, cmd.tid, /*ccc_type=*/0, 1148 /*data_len=*/0); 1149 } 1150 } 1151 1152 /* Returns number of bytes transmitted. */ 1153 static uint16_t dw_i3c_tx(DWI3C *s, uint16_t num, bool is_i2c) 1154 { 1155 uint16_t bytes_sent = 0; 1156 union { 1157 uint8_t b[sizeof(uint32_t)]; 1158 uint32_t val; 1159 } val32; 1160 1161 while (bytes_sent < num) { 1162 val32.val = dw_i3c_pop_tx(s); 1163 for (uint8_t i = 0; i < sizeof(val32.val); i++) { 1164 if (dw_i3c_send_byte(s, val32.b[i], is_i2c)) { 1165 return bytes_sent; 1166 } 1167 bytes_sent++; 1168 1169 /* We're not sending the full 32-bits, break early. */ 1170 if (bytes_sent >= num) { 1171 break; 1172 } 1173 } 1174 } 1175 1176 return bytes_sent; 1177 } 1178 1179 /* Returns number of bytes received. */ 1180 static uint16_t dw_i3c_rx(DWI3C *s, uint16_t num, bool is_i2c) 1181 { 1182 /* 1183 * Allocate a temporary buffer to read data from the target. 1184 * Zero it and word-align it as well in case we're reading unaligned data. 1185 */ 1186 g_autofree uint8_t *data = g_new0(uint8_t, num + (4 - (num & 0x03))); 1187 uint32_t *data32 = (uint32_t *)data; 1188 /* 1189 * 32-bits since the I3C API wants a 32-bit number, even though the 1190 * controller can only do 16-bit transfers. 1191 */ 1192 uint32_t num_read = 0; 1193 1194 /* Can NACK if the target receives an unsupported CCC. */ 1195 if (dw_i3c_recv_data(s, is_i2c, data, num, &num_read)) { 1196 return 0; 1197 } 1198 1199 for (uint16_t i = 0; i < num_read / 4; i++) { 1200 dw_i3c_push_rx(s, *data32); 1201 data32++; 1202 } 1203 /* 1204 * If we're pushing data that isn't 32-bit aligned, push what's left. 1205 * It's software's responsibility to know what bits are valid in the partial 1206 * data. 1207 */ 1208 if (num_read & 0x03) { 1209 dw_i3c_push_rx(s, *data32); 1210 } 1211 1212 return num_read; 1213 } 1214 1215 static int dw_i3c_transfer_ccc(DWI3C *s, DWI3CTransferCmd cmd, 1216 DWI3CTransferArg arg) 1217 { 1218 /* CCC start is always a write. CCCs cannot be done on I2C devices. */ 1219 if (dw_i3c_send_start(s, I3C_BROADCAST, /*is_recv=*/false, 1220 /*is_i2c=*/false)) { 1221 return DW_I3C_RESP_QUEUE_ERR_BROADCAST_NACK; 1222 } 1223 trace_dw_i3c_transfer_ccc(s->cfg.id, cmd.cmd); 1224 if (dw_i3c_send_byte(s, cmd.cmd, /*is_i2c=*/false)) { 1225 return DW_I3C_RESP_QUEUE_ERR_I2C_NACK; 1226 } 1227 1228 /* On a direct CCC, we do a restart and then send the target's address. */ 1229 if (CCC_IS_DIRECT(cmd.cmd)) { 1230 bool is_recv = cmd.rnw; 1231 uint8_t addr = dw_i3c_target_addr(s, cmd.dev_index); 1232 if (dw_i3c_send_start(s, addr, is_recv, /*is_i2c=*/false)) { 1233 return DW_I3C_RESP_QUEUE_ERR_BROADCAST_NACK; 1234 } 1235 } 1236 1237 return DW_I3C_RESP_QUEUE_ERR_NONE; 1238 } 1239 1240 static void dw_i3c_transfer(DWI3C *s, DWI3CTransferCmd cmd, 1241 DWI3CTransferArg arg) 1242 { 1243 bool is_recv = cmd.rnw; 1244 uint8_t err = DW_I3C_RESP_QUEUE_ERR_NONE; 1245 uint8_t addr = dw_i3c_target_addr(s, cmd.dev_index); 1246 bool is_i2c = dw_i3c_target_is_i2c(s, cmd.dev_index); 1247 uint16_t bytes_transferred = 0; 1248 1249 if (cmd.cp) { 1250 /* We're sending a CCC. */ 1251 err = dw_i3c_transfer_ccc(s, cmd, arg); 1252 if (err != DW_I3C_RESP_QUEUE_ERR_NONE) { 1253 goto transfer_done; 1254 } 1255 } else { 1256 if (ARRAY_FIELD_EX32(s->regs, DEVICE_CTRL, I3C_BROADCAST_ADDR_INC) && 1257 is_i2c == false) { 1258 if (dw_i3c_send_start(s, I3C_BROADCAST, 1259 /*is_recv=*/false, is_i2c)) { 1260 err = DW_I3C_RESP_QUEUE_ERR_I2C_NACK; 1261 goto transfer_done; 1262 } 1263 } 1264 /* Otherwise we're doing a private transfer. */ 1265 if (dw_i3c_send_start(s, addr, is_recv, is_i2c)) { 1266 err = DW_I3C_RESP_QUEUE_ERR_I2C_NACK; 1267 goto transfer_done; 1268 } 1269 } 1270 1271 if (is_recv) { 1272 bytes_transferred = dw_i3c_rx(s, arg.data_len, is_i2c); 1273 } else { 1274 bytes_transferred = dw_i3c_tx(s, arg.data_len, is_i2c); 1275 } 1276 1277 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 1278 DW_I3C_TRANSFER_STATE_IDLE); 1279 1280 transfer_done: 1281 if (cmd.toc) { 1282 dw_i3c_end_transfer(s, is_i2c); 1283 } 1284 if (cmd.roc) { 1285 /* 1286 * data_len is the number of bytes that still need to be TX'd, or the 1287 * number of bytes RX'd. 1288 */ 1289 uint16_t data_len = is_recv ? bytes_transferred : arg.data_len - 1290 bytes_transferred; 1291 /* CCCT is always 0 in controller mode. */ 1292 dw_i3c_resp_queue_push(s, err, cmd.tid, /*ccc_type=*/0, 1293 data_len); 1294 } 1295 1296 dw_i3c_update_irq(s); 1297 } 1298 1299 static void dw_i3c_transfer_cmd(DWI3C *s, DWI3CTransferCmd cmd, 1300 DWI3CCmdQueueData arg) 1301 { 1302 uint8_t arg_attr = FIELD_EX32(arg.word, COMMAND_QUEUE_PORT, CMD_ATTR); 1303 1304 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CMD_TID, cmd.tid); 1305 1306 /* User is trying to do HDR transfers, see if we can do them. */ 1307 if (cmd.speed == 0x06 && !dw_i3c_has_hdr_ddr(s)) { 1308 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1309 qemu_log_mask(LOG_GUEST_ERROR, "%s: HDR DDR is not supported\n", path); 1310 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 1311 DW_I3C_TRANSFER_STATE_HALT); 1312 return; 1313 } 1314 if (cmd.speed == 0x05 && !dw_i3c_has_hdr_ts(s)) { 1315 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1316 qemu_log_mask(LOG_GUEST_ERROR, "%s: HDR TS is not supported\n", path); 1317 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 1318 DW_I3C_TRANSFER_STATE_HALT); 1319 return; 1320 } 1321 1322 if (arg_attr == DW_I3C_CMD_ATTR_TRANSFER_ARG) { 1323 dw_i3c_transfer(s, cmd, arg.transfer_arg); 1324 } else if (arg_attr == DW_I3C_CMD_ATTR_SHORT_DATA_ARG) { 1325 dw_i3c_short_transfer(s, cmd, arg.short_arg); 1326 } else { 1327 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1328 qemu_log_mask(LOG_GUEST_ERROR, "%s: Unknown command queue cmd_attr 0x%x" 1329 "\n", path, arg_attr); 1330 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 1331 DW_I3C_TRANSFER_STATE_HALT); 1332 } 1333 } 1334 1335 static void dw_i3c_update_char_table(DWI3C *s, uint8_t offset, uint64_t pid, 1336 uint8_t bcr, uint8_t dcr, uint8_t addr) 1337 { 1338 if (offset > s->cfg.num_addressable_devices) { 1339 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1340 qemu_log_mask(LOG_GUEST_ERROR, "%s: Device char table offset %d out of " 1341 "bounds\n", path, offset); 1342 /* If we're out of bounds, do nothing. */ 1343 return; 1344 } 1345 1346 /* 1347 * Each device offset is 128 bits apart in the table, since each device gets 1348 * 4 * 32-bits of entries in the table. 1349 * / sizeof(uint32_t) because we're indexing into our 32-bit reg array. 1350 */ 1351 uint16_t dev_index = (ARRAY_FIELD_EX32(s->regs, DEV_CHAR_TABLE_POINTER, 1352 P_DEV_CHAR_TABLE_START_ADDR) / 1353 sizeof(uint32_t)) + 1354 (offset * sizeof(uint32_t)); 1355 s->regs[dev_index] = pid & 0xffffffff; 1356 pid >>= 32; 1357 s->regs[dev_index + 1] = FIELD_DP32(s->regs[dev_index + 1], 1358 DEVICE_CHARACTERISTIC_TABLE_LOC2, 1359 MSB_PID, pid); 1360 s->regs[dev_index + 2] = FIELD_DP32(s->regs[dev_index + 2], 1361 DEVICE_CHARACTERISTIC_TABLE_LOC3, DCR, 1362 dcr); 1363 s->regs[dev_index + 2] = FIELD_DP32(s->regs[dev_index + 2], 1364 DEVICE_CHARACTERISTIC_TABLE_LOC3, BCR, 1365 bcr); 1366 s->regs[dev_index + 3] = FIELD_DP32(s->regs[dev_index + 3], 1367 DEVICE_CHARACTERISTIC_TABLE_LOC4, 1368 DEV_DYNAMIC_ADDR, addr); 1369 1370 /* Increment PRESENT_DEV_CHAR_TABLE_INDEX. */ 1371 uint8_t idx = ARRAY_FIELD_EX32(s->regs, DEV_CHAR_TABLE_POINTER, 1372 PRESENT_DEV_CHAR_TABLE_INDEX); 1373 /* Increment and rollover. */ 1374 idx++; 1375 if (idx >= ARRAY_FIELD_EX32(s->regs, DEV_CHAR_TABLE_POINTER, 1376 DEV_CHAR_TABLE_DEPTH) / 4) { 1377 idx = 0; 1378 } 1379 ARRAY_FIELD_DP32(s->regs, DEV_CHAR_TABLE_POINTER, 1380 PRESENT_DEV_CHAR_TABLE_INDEX, idx); 1381 } 1382 1383 static void dw_i3c_addr_assign_cmd(DWI3C *s, DWI3CAddrAssignCmd cmd) 1384 { 1385 uint8_t i = 0; 1386 uint8_t err = DW_I3C_RESP_QUEUE_ERR_NONE; 1387 1388 /* Tell everyone to ENTDAA. If these error, no one is on the bus. */ 1389 if (dw_i3c_send_start(s, I3C_BROADCAST, /*is_recv=*/false, 1390 /*is_i2c=*/false)) { 1391 err = DW_I3C_RESP_QUEUE_ERR_BROADCAST_NACK; 1392 goto transfer_done; 1393 } 1394 if (dw_i3c_send_byte(s, cmd.cmd, /*is_i2c=*/false)) { 1395 err = DW_I3C_RESP_QUEUE_ERR_BROADCAST_NACK; 1396 goto transfer_done; 1397 } 1398 1399 /* Go through each device in the table and assign it an address. */ 1400 for (i = 0; i < cmd.dev_count; i++) { 1401 uint8_t addr = dw_i3c_target_addr(s, cmd.dev_index + i); 1402 union { 1403 uint64_t pid:48; 1404 uint8_t bcr; 1405 uint8_t dcr; 1406 uint32_t w[2]; 1407 uint8_t b[8]; 1408 } target_info; 1409 1410 /* If this fails, there was no one left to ENTDAA. */ 1411 if (dw_i3c_send_start(s, I3C_BROADCAST, /*is_recv=*/false, 1412 /*is_i2c=*/false)) { 1413 err = DW_I3C_RESP_QUEUE_ERR_BROADCAST_NACK; 1414 break; 1415 } 1416 1417 /* 1418 * In ENTDAA, we read 8 bytes from the target, which will be the 1419 * target's PID, BCR, and DCR. After that, we send it the dynamic 1420 * address. 1421 * Don't bother checking the number of bytes received, it must send 8 1422 * bytes during ENTDAA. 1423 */ 1424 uint32_t num_read; 1425 if (dw_i3c_recv_data(s, /*is_i2c=*/false, target_info.b, 1426 I3C_ENTDAA_SIZE, &num_read)) { 1427 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1428 qemu_log_mask(LOG_GUEST_ERROR, "%s: Target NACKed ENTDAA CCC\n", 1429 path); 1430 err = DW_I3C_RESP_QUEUE_ERR_DAA_NACK; 1431 goto transfer_done; 1432 } 1433 if (dw_i3c_send_byte(s, addr, /*is_i2c=*/false)) { 1434 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1435 qemu_log_mask(LOG_GUEST_ERROR, "%s: Target NACKed addr 0x%.2x " 1436 "during ENTDAA\n", path, addr); 1437 err = DW_I3C_RESP_QUEUE_ERR_DAA_NACK; 1438 break; 1439 } 1440 dw_i3c_update_char_table(s, cmd.dev_index + i, 1441 target_info.pid, target_info.bcr, 1442 target_info.dcr, addr); 1443 1444 /* Push the PID, BCR, and DCR to the RX queue. */ 1445 dw_i3c_push_rx(s, target_info.w[0]); 1446 dw_i3c_push_rx(s, target_info.w[1]); 1447 } 1448 1449 transfer_done: 1450 /* Do we send a STOP? */ 1451 if (cmd.toc) { 1452 dw_i3c_end_transfer(s, /*is_i2c=*/false); 1453 } 1454 /* 1455 * For addr assign commands, the length field is the number of devices 1456 * left to assign. CCCT is always 0 in controller mode. 1457 */ 1458 if (cmd.roc) { 1459 dw_i3c_resp_queue_push(s, err, cmd.tid, /*ccc_type=*/0, 1460 cmd.dev_count - i); 1461 } 1462 } 1463 1464 static uint32_t dw_i3c_cmd_queue_pop(DWI3C *s) 1465 { 1466 if (fifo32_is_empty(&s->cmd_queue)) { 1467 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1468 qemu_log_mask(LOG_GUEST_ERROR, "%s: Tried to dequeue command queue " 1469 "when it was empty\n", path); 1470 return 0; 1471 } 1472 uint32_t val = fifo32_pop(&s->cmd_queue); 1473 1474 uint8_t empty_threshold = ARRAY_FIELD_EX32(s->regs, QUEUE_THLD_CTRL, 1475 CMD_BUF_EMPTY_THLD); 1476 uint8_t cmd_queue_empty_loc = ARRAY_FIELD_EX32(s->regs, 1477 QUEUE_STATUS_LEVEL, 1478 CMD_QUEUE_EMPTY_LOC); 1479 cmd_queue_empty_loc++; 1480 ARRAY_FIELD_DP32(s->regs, QUEUE_STATUS_LEVEL, CMD_QUEUE_EMPTY_LOC, 1481 cmd_queue_empty_loc); 1482 if (cmd_queue_empty_loc >= empty_threshold) { 1483 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, CMD_QUEUE_RDY, 1); 1484 dw_i3c_update_irq(s); 1485 } 1486 1487 return val; 1488 } 1489 1490 static void dw_i3c_cmd_queue_execute(DWI3C *s) 1491 { 1492 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 1493 DW_I3C_TRANSFER_STATE_IDLE); 1494 if (!dw_i3c_can_transmit(s)) { 1495 return; 1496 } 1497 1498 /* 1499 * We only start executing when a command is passed into the FIFO. 1500 * We expect there to be a multiple of 2 items in the queue. The first item 1501 * should be an argument to a command, and the command should be the second 1502 * item. 1503 */ 1504 if (fifo32_num_used(&s->cmd_queue) & 1) { 1505 return; 1506 } 1507 1508 while (!fifo32_is_empty(&s->cmd_queue)) { 1509 DWI3CCmdQueueData arg; 1510 arg.word = dw_i3c_cmd_queue_pop(s); 1511 DWI3CCmdQueueData cmd; 1512 cmd.word = dw_i3c_cmd_queue_pop(s); 1513 trace_dw_i3c_cmd_queue_execute(s->cfg.id, cmd.word, arg.word); 1514 1515 uint8_t cmd_attr = FIELD_EX32(cmd.word, COMMAND_QUEUE_PORT, CMD_ATTR); 1516 switch (cmd_attr) { 1517 case DW_I3C_CMD_ATTR_TRANSFER_CMD: 1518 dw_i3c_transfer_cmd(s, cmd.transfer_cmd, arg); 1519 break; 1520 case DW_I3C_CMD_ATTR_ADDR_ASSIGN_CMD: 1521 /* Arg is discarded for addr assign commands. */ 1522 dw_i3c_addr_assign_cmd(s, cmd.addr_assign_cmd); 1523 break; 1524 case DW_I3C_CMD_ATTR_TRANSFER_ARG: 1525 case DW_I3C_CMD_ATTR_SHORT_DATA_ARG: 1526 { 1527 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1528 qemu_log_mask(LOG_GUEST_ERROR, "%s: Command queue received " 1529 "argument packet when it expected a command " 1530 "packet\n", path); 1531 } 1532 break; 1533 default: 1534 /* 1535 * The caller's check before queueing an item should prevent this 1536 * from happening. 1537 */ 1538 g_assert_not_reached(); 1539 break; 1540 } 1541 } 1542 } 1543 1544 static void dw_i3c_cmd_queue_push(DWI3C *s, uint32_t val) 1545 { 1546 if (fifo32_is_full(&s->cmd_queue)) { 1547 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1548 qemu_log_mask(LOG_GUEST_ERROR, "%s: Command queue received packet when " 1549 "already full\n", path); 1550 return; 1551 } 1552 trace_dw_i3c_cmd_queue_push(s->cfg.id, val); 1553 fifo32_push(&s->cmd_queue, val); 1554 1555 uint8_t empty_threshold = ARRAY_FIELD_EX32(s->regs, QUEUE_THLD_CTRL, 1556 CMD_BUF_EMPTY_THLD); 1557 uint8_t cmd_queue_empty_loc = ARRAY_FIELD_EX32(s->regs, 1558 QUEUE_STATUS_LEVEL, 1559 CMD_QUEUE_EMPTY_LOC); 1560 if (cmd_queue_empty_loc) { 1561 cmd_queue_empty_loc--; 1562 ARRAY_FIELD_DP32(s->regs, QUEUE_STATUS_LEVEL, CMD_QUEUE_EMPTY_LOC, 1563 cmd_queue_empty_loc); 1564 } 1565 if (cmd_queue_empty_loc < empty_threshold) { 1566 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, CMD_QUEUE_RDY, 0); 1567 dw_i3c_update_irq(s); 1568 } 1569 } 1570 1571 static void dw_i3c_cmd_queue_port_w(DWI3C *s, uint32_t val) 1572 { 1573 uint8_t cmd_attr = FIELD_EX32(val, COMMAND_QUEUE_PORT, CMD_ATTR); 1574 1575 switch (cmd_attr) { 1576 /* If a command is received we can start executing it. */ 1577 case DW_I3C_CMD_ATTR_TRANSFER_CMD: 1578 case DW_I3C_CMD_ATTR_ADDR_ASSIGN_CMD: 1579 dw_i3c_cmd_queue_push(s, val); 1580 dw_i3c_cmd_queue_execute(s); 1581 break; 1582 /* If we get an argument just push it. */ 1583 case DW_I3C_CMD_ATTR_TRANSFER_ARG: 1584 case DW_I3C_CMD_ATTR_SHORT_DATA_ARG: 1585 dw_i3c_cmd_queue_push(s, val); 1586 break; 1587 default: 1588 { 1589 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1590 qemu_log_mask(LOG_GUEST_ERROR, "%s: Command queue received packet " 1591 "with unknown cmd attr 0x%x\n", path, cmd_attr); 1592 } 1593 break; 1594 } 1595 } 1596 1597 static void dw_i3c_write(void *opaque, hwaddr offset, uint64_t value, 1598 unsigned size) 1599 { 1600 DWI3C *s = DW_I3C(opaque); 1601 uint32_t addr = offset >> 2; 1602 uint32_t val32 = (uint32_t)value; 1603 1604 trace_dw_i3c_write(s->cfg.id, offset, value); 1605 1606 val32 &= ~dw_i3c_ro[addr]; 1607 switch (addr) { 1608 case R_HW_CAPABILITY: 1609 case R_RESPONSE_QUEUE_PORT: 1610 case R_IBI_QUEUE_DATA: 1611 case R_QUEUE_STATUS_LEVEL: 1612 case R_PRESENT_STATE: 1613 case R_CCC_DEVICE_STATUS: 1614 case R_DEVICE_ADDR_TABLE_POINTER: 1615 case R_VENDOR_SPECIFIC_REG_POINTER: 1616 case R_SLV_CHAR_CTRL: 1617 case R_SLV_MAX_LEN: 1618 case R_MAX_READ_TURNAROUND: 1619 case R_I3C_VER_ID: 1620 case R_I3C_VER_TYPE: 1621 case R_EXTENDED_CAPABILITY: 1622 qemu_log_mask(LOG_GUEST_ERROR, 1623 "%s: write to readonly register[0x%02" HWADDR_PRIx 1624 "] = 0x%08" PRIx64 "\n", 1625 __func__, offset, value); 1626 break; 1627 case R_DEVICE_CTRL: 1628 dw_i3c_ctrl_w(s, val32); 1629 break; 1630 case R_RX_TX_DATA_PORT: 1631 dw_i3c_push_tx(s, val32); 1632 break; 1633 case R_COMMAND_QUEUE_PORT: 1634 dw_i3c_cmd_queue_port_w(s, val32); 1635 break; 1636 case R_RESET_CTRL: 1637 break; 1638 case R_INTR_STATUS: 1639 dw_i3c_intr_status_w(s, val32); 1640 break; 1641 case R_INTR_STATUS_EN: 1642 dw_i3c_intr_status_en_w(s, val32); 1643 break; 1644 case R_INTR_SIGNAL_EN: 1645 dw_i3c_intr_signal_en_w(s, val32); 1646 break; 1647 case R_INTR_FORCE: 1648 dw_i3c_intr_force_w(s, val32); 1649 break; 1650 default: 1651 s->regs[addr] = val32; 1652 break; 1653 } 1654 } 1655 1656 const VMStateDescription vmstate_dw_i3c = { 1657 .name = TYPE_DW_I3C, 1658 .version_id = 1, 1659 .minimum_version_id = 1, 1660 .fields = (VMStateField[]){ 1661 VMSTATE_UINT32_ARRAY(regs, DWI3C, DW_I3C_NR_REGS), 1662 VMSTATE_END_OF_LIST(), 1663 } 1664 }; 1665 1666 static const MemoryRegionOps dw_i3c_ops = { 1667 .read = dw_i3c_read, 1668 .write = dw_i3c_write, 1669 .endianness = DEVICE_LITTLE_ENDIAN, 1670 }; 1671 1672 static void dw_i3c_reset_enter(Object *obj, ResetType type) 1673 { 1674 DWI3C *s = DW_I3C(obj); 1675 1676 memcpy(s->regs, dw_i3c_resets, sizeof(s->regs)); 1677 /* 1678 * The user config for these may differ from our resets array, set them 1679 * manually. 1680 */ 1681 ARRAY_FIELD_DP32(s->regs, DEVICE_ADDR_TABLE_POINTER, ADDR, 1682 s->cfg.dev_addr_table_pointer); 1683 ARRAY_FIELD_DP32(s->regs, DEVICE_ADDR_TABLE_POINTER, DEPTH, 1684 s->cfg.dev_addr_table_depth); 1685 ARRAY_FIELD_DP32(s->regs, DEV_CHAR_TABLE_POINTER, 1686 P_DEV_CHAR_TABLE_START_ADDR, 1687 s->cfg.dev_char_table_pointer); 1688 ARRAY_FIELD_DP32(s->regs, DEV_CHAR_TABLE_POINTER, DEV_CHAR_TABLE_DEPTH, 1689 s->cfg.dev_char_table_depth); 1690 } 1691 1692 static void dw_i3c_realize(DeviceState *dev, Error **errp) 1693 { 1694 DWI3C *s = DW_I3C(dev); 1695 g_autofree char *name = g_strdup_printf(TYPE_DW_I3C ".%d", s->cfg.id); 1696 1697 sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq); 1698 1699 memory_region_init_io(&s->mr, OBJECT(s), &dw_i3c_ops, s, name, 1700 DW_I3C_NR_REGS << 2); 1701 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->mr); 1702 1703 fifo32_create(&s->cmd_queue, s->cfg.cmd_resp_queue_capacity_bytes); 1704 fifo32_create(&s->resp_queue, s->cfg.cmd_resp_queue_capacity_bytes); 1705 fifo32_create(&s->tx_queue, s->cfg.tx_rx_queue_capacity_bytes); 1706 fifo32_create(&s->rx_queue, s->cfg.tx_rx_queue_capacity_bytes); 1707 fifo32_create(&s->ibi_queue, s->cfg.ibi_queue_capacity_bytes); 1708 /* Arbitrarily large enough to not be an issue. */ 1709 fifo8_create(&s->ibi_data.ibi_intermediate_queue, 1710 s->cfg.ibi_queue_capacity_bytes * 8); 1711 1712 s->bus = i3c_init_bus(DEVICE(s), name); 1713 I3CBusClass *bc = I3C_BUS_GET_CLASS(s->bus); 1714 bc->ibi_handle = dw_i3c_ibi_handle; 1715 bc->ibi_recv = dw_i3c_ibi_recv; 1716 bc->ibi_finish = dw_i3c_ibi_finish; 1717 } 1718 1719 static const Property dw_i3c_properties[] = { 1720 DEFINE_PROP_UINT8("device-id", DWI3C, cfg.id, 0), 1721 DEFINE_PROP_UINT8("command-response-queue-capacity-bytes", DWI3C, 1722 cfg.cmd_resp_queue_capacity_bytes, 0x10), 1723 DEFINE_PROP_UINT16("tx-rx-queue-capacity-bytes", DWI3C, 1724 cfg.tx_rx_queue_capacity_bytes, 0x40), 1725 DEFINE_PROP_UINT8("ibi-queue-capacity-bytes", DWI3C, 1726 cfg.ibi_queue_capacity_bytes, 0x10), 1727 DEFINE_PROP_UINT8("num-addressable-devices", DWI3C, 1728 cfg.num_addressable_devices, 8), 1729 DEFINE_PROP_UINT16("dev-addr-table-pointer", DWI3C, 1730 cfg.dev_addr_table_pointer, 0x280), 1731 DEFINE_PROP_UINT16("dev-addr-table-depth", DWI3C, 1732 cfg.dev_addr_table_depth, 0x08), 1733 DEFINE_PROP_UINT16("dev-char-table-pointer", DWI3C, 1734 cfg.dev_char_table_pointer, 0x200), 1735 DEFINE_PROP_UINT16("dev-char-table-depth", DWI3C, 1736 cfg.dev_char_table_depth, 0x20), 1737 }; 1738 1739 static void dw_i3c_class_init(ObjectClass *klass, const void *data) 1740 { 1741 DeviceClass *dc = DEVICE_CLASS(klass); 1742 ResettableClass *rc = RESETTABLE_CLASS(klass); 1743 1744 rc->phases.enter = dw_i3c_reset_enter; 1745 1746 dc->desc = "DesignWare I3C Controller"; 1747 dc->realize = dw_i3c_realize; 1748 dc->vmsd = &vmstate_dw_i3c; 1749 device_class_set_props(dc, dw_i3c_properties); 1750 } 1751 1752 static const TypeInfo dw_i3c_info = { 1753 .name = TYPE_DW_I3C, 1754 .parent = TYPE_SYS_BUS_DEVICE, 1755 .instance_size = sizeof(DWI3C), 1756 .class_init = dw_i3c_class_init, 1757 }; 1758 1759 static void dw_i3c_register_types(void) 1760 { 1761 type_register_static(&dw_i3c_info); 1762 } 1763 1764 type_init(dw_i3c_register_types); 1765