1 /* 2 * DesignWare I3C Controller 3 * 4 * Copyright (C) 2021 ASPEED Technology Inc. 5 * Copyright (C) 2025 Google, LLC 6 * 7 * SPDX-License-Identifier: GPL-2.0-or-later 8 */ 9 10 #include "qemu/osdep.h" 11 #include "qemu/log.h" 12 #include "qemu/error-report.h" 13 #include "hw/i3c/i3c.h" 14 #include "hw/i3c/dw-i3c.h" 15 #include "hw/registerfields.h" 16 #include "hw/qdev-properties.h" 17 #include "qapi/error.h" 18 #include "migration/vmstate.h" 19 #include "trace.h" 20 #include "hw/irq.h" 21 22 /* 23 * Disable event command values. sent along with a DISEC CCC to disable certain 24 * events on targets. 25 */ 26 #define DISEC_HJ 0x08 27 #define DISEC_CR 0x02 28 #define DISEC_INT 0x01 29 30 REG32(DEVICE_CTRL, 0x00) 31 FIELD(DEVICE_CTRL, I3C_BROADCAST_ADDR_INC, 0, 1) 32 FIELD(DEVICE_CTRL, I2C_SLAVE_PRESENT, 7, 1) 33 FIELD(DEVICE_CTRL, HOT_JOIN_ACK_NACK_CTRL, 8, 1) 34 FIELD(DEVICE_CTRL, IDLE_CNT_MULTIPLIER, 24, 2) 35 FIELD(DEVICE_CTRL, SLV_ADAPT_TO_I2C_I3C_MODE, 27, 1) 36 FIELD(DEVICE_CTRL, DMA_HANDSHAKE_EN, 28, 1) 37 FIELD(DEVICE_CTRL, I3C_ABORT, 29, 1) 38 FIELD(DEVICE_CTRL, I3C_RESUME, 30, 1) 39 FIELD(DEVICE_CTRL, I3C_EN, 31, 1) 40 REG32(DEVICE_ADDR, 0x04) 41 FIELD(DEVICE_ADDR, STATIC_ADDR, 0, 7) 42 FIELD(DEVICE_ADDR, STATIC_ADDR_VALID, 15, 1) 43 FIELD(DEVICE_ADDR, DYNAMIC_ADDR, 16, 7) 44 FIELD(DEVICE_ADDR, DYNAMIC_ADDR_VALID, 15, 1) 45 REG32(HW_CAPABILITY, 0x08) 46 FIELD(HW_CAPABILITY, DEVICE_ROLE_CONFIG, 0, 2) 47 FIELD(HW_CAPABILITY, HDR_DDR, 3, 1) 48 FIELD(HW_CAPABILITY, HDR_TS, 4, 1) 49 REG32(COMMAND_QUEUE_PORT, 0x0c) 50 FIELD(COMMAND_QUEUE_PORT, CMD_ATTR, 0, 3) 51 /* Transfer command structure */ 52 FIELD(COMMAND_QUEUE_PORT, TID, 3, 4) 53 FIELD(COMMAND_QUEUE_PORT, CMD, 7, 8) 54 FIELD(COMMAND_QUEUE_PORT, CP, 15, 1) 55 FIELD(COMMAND_QUEUE_PORT, DEV_INDEX, 16, 5) 56 FIELD(COMMAND_QUEUE_PORT, SPEED, 21, 3) 57 FIELD(COMMAND_QUEUE_PORT, ROC, 26, 1) 58 FIELD(COMMAND_QUEUE_PORT, SDAP, 27, 1) 59 FIELD(COMMAND_QUEUE_PORT, RNW, 28, 1) 60 FIELD(COMMAND_QUEUE_PORT, TOC, 30, 1) 61 FIELD(COMMAND_QUEUE_PORT, PEC, 31, 1) 62 /* Transfer argument data structure */ 63 FIELD(COMMAND_QUEUE_PORT, DB, 8, 8) 64 FIELD(COMMAND_QUEUE_PORT, DL, 16, 16) 65 /* Short data argument data structure */ 66 FIELD(COMMAND_QUEUE_PORT, BYTE_STRB, 3, 3) 67 FIELD(COMMAND_QUEUE_PORT, BYTE0, 8, 8) 68 FIELD(COMMAND_QUEUE_PORT, BYTE1, 16, 8) 69 FIELD(COMMAND_QUEUE_PORT, BYTE2, 24, 8) 70 /* Address assignment command structure */ 71 /* 72 * bits 3..21 and 26..31 are the same as the transfer command structure, or 73 * marked as reserved. 74 */ 75 FIELD(COMMAND_QUEUE_PORT, DEV_COUNT, 21, 3) 76 REG32(RESPONSE_QUEUE_PORT, 0x10) 77 FIELD(RESPONSE_QUEUE_PORT, DL, 0, 16) 78 FIELD(RESPONSE_QUEUE_PORT, CCCT, 16, 8) 79 FIELD(RESPONSE_QUEUE_PORT, TID, 24, 4) 80 FIELD(RESPONSE_QUEUE_PORT, ERR_STATUS, 28, 4) 81 REG32(RX_TX_DATA_PORT, 0x14) 82 REG32(IBI_QUEUE_STATUS, 0x18) 83 FIELD(IBI_QUEUE_STATUS, IBI_DATA_LEN, 0, 8) 84 FIELD(IBI_QUEUE_STATUS, IBI_ID, 8, 8) 85 FIELD(IBI_QUEUE_STATUS, LAST_STATUS, 24, 1) 86 FIELD(IBI_QUEUE_STATUS, ERROR, 30, 1) 87 FIELD(IBI_QUEUE_STATUS, IBI_STATUS, 31, 1) 88 REG32(IBI_QUEUE_DATA, 0x18) 89 REG32(QUEUE_THLD_CTRL, 0x1c) 90 FIELD(QUEUE_THLD_CTRL, CMD_BUF_EMPTY_THLD, 0, 8); 91 FIELD(QUEUE_THLD_CTRL, RESP_BUF_THLD, 8, 8); 92 FIELD(QUEUE_THLD_CTRL, IBI_DATA_THLD, 16, 8); 93 FIELD(QUEUE_THLD_CTRL, IBI_STATUS_THLD, 24, 8); 94 REG32(DATA_BUFFER_THLD_CTRL, 0x20) 95 FIELD(DATA_BUFFER_THLD_CTRL, TX_BUF_THLD, 0, 3) 96 FIELD(DATA_BUFFER_THLD_CTRL, RX_BUF_THLD, 10, 3) 97 FIELD(DATA_BUFFER_THLD_CTRL, TX_START_THLD, 16, 3) 98 FIELD(DATA_BUFFER_THLD_CTRL, RX_START_THLD, 24, 3) 99 REG32(IBI_QUEUE_CTRL, 0x24) 100 FIELD(IBI_QUEUE_CTRL, NOTIFY_REJECTED_HOT_JOIN, 0, 1) 101 FIELD(IBI_QUEUE_CTRL, NOTIFY_REJECTED_MASTER_REQ, 1, 1) 102 FIELD(IBI_QUEUE_CTRL, NOTIFY_REJECTED_SLAVE_IRQ, 3, 1) 103 REG32(IBI_MR_REQ_REJECT, 0x2c) 104 REG32(IBI_SIR_REQ_REJECT, 0x30) 105 REG32(RESET_CTRL, 0x34) 106 FIELD(RESET_CTRL, CORE_RESET, 0, 1) 107 FIELD(RESET_CTRL, CMD_QUEUE_RESET, 1, 1) 108 FIELD(RESET_CTRL, RESP_QUEUE_RESET, 2, 1) 109 FIELD(RESET_CTRL, TX_BUF_RESET, 3, 1) 110 FIELD(RESET_CTRL, RX_BUF_RESET, 4, 1) 111 FIELD(RESET_CTRL, IBI_QUEUE_RESET, 5, 1) 112 REG32(SLV_EVENT_CTRL, 0x38) 113 FIELD(SLV_EVENT_CTRL, SLV_INTERRUPT, 0, 1) 114 FIELD(SLV_EVENT_CTRL, MASTER_INTERRUPT, 1, 1) 115 FIELD(SLV_EVENT_CTRL, HOT_JOIN_INTERRUPT, 3, 1) 116 FIELD(SLV_EVENT_CTRL, ACTIVITY_STATE, 4, 2) 117 FIELD(SLV_EVENT_CTRL, MRL_UPDATED, 6, 1) 118 FIELD(SLV_EVENT_CTRL, MWL_UPDATED, 7, 1) 119 REG32(INTR_STATUS, 0x3c) 120 FIELD(INTR_STATUS, TX_THLD, 0, 1) 121 FIELD(INTR_STATUS, RX_THLD, 1, 1) 122 FIELD(INTR_STATUS, IBI_THLD, 2, 1) 123 FIELD(INTR_STATUS, CMD_QUEUE_RDY, 3, 1) 124 FIELD(INTR_STATUS, RESP_RDY, 4, 1) 125 FIELD(INTR_STATUS, TRANSFER_ABORT, 5, 1) 126 FIELD(INTR_STATUS, CCC_UPDATED, 6, 1) 127 FIELD(INTR_STATUS, DYN_ADDR_ASSGN, 8, 1) 128 FIELD(INTR_STATUS, TRANSFER_ERR, 9, 1) 129 FIELD(INTR_STATUS, DEFSLV, 10, 1) 130 FIELD(INTR_STATUS, READ_REQ_RECV, 11, 1) 131 FIELD(INTR_STATUS, IBI_UPDATED, 12, 1) 132 FIELD(INTR_STATUS, BUSOWNER_UPDATED, 13, 1) 133 REG32(INTR_STATUS_EN, 0x40) 134 FIELD(INTR_STATUS_EN, TX_THLD, 0, 1) 135 FIELD(INTR_STATUS_EN, RX_THLD, 1, 1) 136 FIELD(INTR_STATUS_EN, IBI_THLD, 2, 1) 137 FIELD(INTR_STATUS_EN, CMD_QUEUE_RDY, 3, 1) 138 FIELD(INTR_STATUS_EN, RESP_RDY, 4, 1) 139 FIELD(INTR_STATUS_EN, TRANSFER_ABORT, 5, 1) 140 FIELD(INTR_STATUS_EN, CCC_UPDATED, 6, 1) 141 FIELD(INTR_STATUS_EN, DYN_ADDR_ASSGN, 8, 1) 142 FIELD(INTR_STATUS_EN, TRANSFER_ERR, 9, 1) 143 FIELD(INTR_STATUS_EN, DEFSLV, 10, 1) 144 FIELD(INTR_STATUS_EN, READ_REQ_RECV, 11, 1) 145 FIELD(INTR_STATUS_EN, IBI_UPDATED, 12, 1) 146 FIELD(INTR_STATUS_EN, BUSOWNER_UPDATED, 13, 1) 147 REG32(INTR_SIGNAL_EN, 0x44) 148 FIELD(INTR_SIGNAL_EN, TX_THLD, 0, 1) 149 FIELD(INTR_SIGNAL_EN, RX_THLD, 1, 1) 150 FIELD(INTR_SIGNAL_EN, IBI_THLD, 2, 1) 151 FIELD(INTR_SIGNAL_EN, CMD_QUEUE_RDY, 3, 1) 152 FIELD(INTR_SIGNAL_EN, RESP_RDY, 4, 1) 153 FIELD(INTR_SIGNAL_EN, TRANSFER_ABORT, 5, 1) 154 FIELD(INTR_SIGNAL_EN, CCC_UPDATED, 6, 1) 155 FIELD(INTR_SIGNAL_EN, DYN_ADDR_ASSGN, 8, 1) 156 FIELD(INTR_SIGNAL_EN, TRANSFER_ERR, 9, 1) 157 FIELD(INTR_SIGNAL_EN, DEFSLV, 10, 1) 158 FIELD(INTR_SIGNAL_EN, READ_REQ_RECV, 11, 1) 159 FIELD(INTR_SIGNAL_EN, IBI_UPDATED, 12, 1) 160 FIELD(INTR_SIGNAL_EN, BUSOWNER_UPDATED, 13, 1) 161 REG32(INTR_FORCE, 0x48) 162 FIELD(INTR_FORCE, TX_THLD, 0, 1) 163 FIELD(INTR_FORCE, RX_THLD, 1, 1) 164 FIELD(INTR_FORCE, IBI_THLD, 2, 1) 165 FIELD(INTR_FORCE, CMD_QUEUE_RDY, 3, 1) 166 FIELD(INTR_FORCE, RESP_RDY, 4, 1) 167 FIELD(INTR_FORCE, TRANSFER_ABORT, 5, 1) 168 FIELD(INTR_FORCE, CCC_UPDATED, 6, 1) 169 FIELD(INTR_FORCE, DYN_ADDR_ASSGN, 8, 1) 170 FIELD(INTR_FORCE, TRANSFER_ERR, 9, 1) 171 FIELD(INTR_FORCE, DEFSLV, 10, 1) 172 FIELD(INTR_FORCE, READ_REQ_RECV, 11, 1) 173 FIELD(INTR_FORCE, IBI_UPDATED, 12, 1) 174 FIELD(INTR_FORCE, BUSOWNER_UPDATED, 13, 1) 175 REG32(QUEUE_STATUS_LEVEL, 0x4c) 176 FIELD(QUEUE_STATUS_LEVEL, CMD_QUEUE_EMPTY_LOC, 0, 8) 177 FIELD(QUEUE_STATUS_LEVEL, RESP_BUF_BLR, 8, 8) 178 FIELD(QUEUE_STATUS_LEVEL, IBI_BUF_BLR, 16, 8) 179 FIELD(QUEUE_STATUS_LEVEL, IBI_STATUS_CNT, 24, 5) 180 REG32(DATA_BUFFER_STATUS_LEVEL, 0x50) 181 FIELD(DATA_BUFFER_STATUS_LEVEL, TX_BUF_EMPTY_LOC, 0, 8) 182 FIELD(DATA_BUFFER_STATUS_LEVEL, RX_BUF_BLR, 16, 8) 183 REG32(PRESENT_STATE, 0x54) 184 FIELD(PRESENT_STATE, SCL_LINE_SIGNAL_LEVEL, 0, 1) 185 FIELD(PRESENT_STATE, SDA_LINE_SIGNAL_LEVEL, 1, 1) 186 FIELD(PRESENT_STATE, CURRENT_MASTER, 2, 1) 187 FIELD(PRESENT_STATE, CM_TFR_STATUS, 8, 6) 188 FIELD(PRESENT_STATE, CM_TFR_ST_STATUS, 16, 6) 189 FIELD(PRESENT_STATE, CMD_TID, 24, 4) 190 REG32(CCC_DEVICE_STATUS, 0x58) 191 FIELD(CCC_DEVICE_STATUS, PENDING_INTR, 0, 4) 192 FIELD(CCC_DEVICE_STATUS, PROTOCOL_ERR, 4, 2) 193 FIELD(CCC_DEVICE_STATUS, ACTIVITY_MODE, 6, 2) 194 FIELD(CCC_DEVICE_STATUS, UNDER_ERR, 8, 1) 195 FIELD(CCC_DEVICE_STATUS, SLV_BUSY, 9, 1) 196 FIELD(CCC_DEVICE_STATUS, OVERFLOW_ERR, 10, 1) 197 FIELD(CCC_DEVICE_STATUS, DATA_NOT_READY, 11, 1) 198 FIELD(CCC_DEVICE_STATUS, BUFFER_NOT_AVAIL, 12, 1) 199 REG32(DEVICE_ADDR_TABLE_POINTER, 0x5c) 200 FIELD(DEVICE_ADDR_TABLE_POINTER, DEPTH, 16, 16) 201 FIELD(DEVICE_ADDR_TABLE_POINTER, ADDR, 0, 16) 202 REG32(DEV_CHAR_TABLE_POINTER, 0x60) 203 FIELD(DEV_CHAR_TABLE_POINTER, P_DEV_CHAR_TABLE_START_ADDR, 0, 12) 204 FIELD(DEV_CHAR_TABLE_POINTER, DEV_CHAR_TABLE_DEPTH, 12, 7) 205 FIELD(DEV_CHAR_TABLE_POINTER, PRESENT_DEV_CHAR_TABLE_INDEX, 19, 3) 206 REG32(VENDOR_SPECIFIC_REG_POINTER, 0x6c) 207 FIELD(VENDOR_SPECIFIC_REG_POINTER, P_VENDOR_REG_START_ADDR, 0, 16) 208 REG32(SLV_MIPI_PID_VALUE, 0x70) 209 REG32(SLV_PID_VALUE, 0x74) 210 FIELD(SLV_PID_VALUE, SLV_PID_DCR, 0, 12) 211 FIELD(SLV_PID_VALUE, SLV_INST_ID, 12, 4) 212 FIELD(SLV_PID_VALUE, SLV_PART_ID, 16, 16) 213 REG32(SLV_CHAR_CTRL, 0x78) 214 FIELD(SLV_CHAR_CTRL, BCR, 0, 8) 215 FIELD(SLV_CHAR_CTRL, DCR, 8, 8) 216 FIELD(SLV_CHAR_CTRL, HDR_CAP, 16, 8) 217 REG32(SLV_MAX_LEN, 0x7c) 218 FIELD(SLV_MAX_LEN, MWL, 0, 16) 219 FIELD(SLV_MAX_LEN, MRL, 16, 16) 220 REG32(MAX_READ_TURNAROUND, 0x80) 221 REG32(MAX_DATA_SPEED, 0x84) 222 REG32(SLV_DEBUG_STATUS, 0x88) 223 REG32(SLV_INTR_REQ, 0x8c) 224 FIELD(SLV_INTR_REQ, SIR, 0, 1) 225 FIELD(SLV_INTR_REQ, SIR_CTRL, 1, 2) 226 FIELD(SLV_INTR_REQ, MIR, 3, 1) 227 FIELD(SLV_INTR_REQ, TS, 4, 1) 228 FIELD(SLV_INTR_REQ, IBI_STS, 8, 2) 229 FIELD(SLV_INTR_REQ, MDB, 8, 8) 230 FIELD(SLV_INTR_REQ, SIR_DATA_LEN, 16, 8) 231 REG32(SLV_TSX_SYMBL_TIMING, 0x90) 232 FIELD(SLV_TSX_SYMBL_TIMING, SLV_TSX_SYMBL_CNT, 0, 6) 233 REG32(SLV_SIR_DATA, 0x94) 234 FIELD(SLV_SIR_DATA, SIR_DATA_BYTE0, 0, 8) 235 FIELD(SLV_SIR_DATA, SIR_DATA_BYTE1, 8, 8) 236 FIELD(SLV_SIR_DATA, SIR_DATA_BYTE2, 16, 8) 237 FIELD(SLV_SIR_DATA, SIR_DATA_BYTE3, 24, 8) 238 REG32(SLV_IBI_RESP, 0x98) 239 FIELD(SLV_IBI_RESP, IBI_STS, 0, 2) 240 FIELD(SLV_IBI_RESP, SIR_RESP_DATA_LEN, 8, 16) 241 REG32(DEVICE_CTRL_EXTENDED, 0xb0) 242 FIELD(DEVICE_CTRL_EXTENDED, MODE, 0, 2) 243 FIELD(DEVICE_CTRL_EXTENDED, REQMST_ACK_CTRL, 3, 1) 244 REG32(SCL_I3C_OD_TIMING, 0xb4) 245 FIELD(SCL_I3C_OD_TIMING, I3C_OD_LCNT, 0, 8) 246 FIELD(SCL_I3C_OD_TIMING, I3C_OD_HCNT, 16, 8) 247 REG32(SCL_I3C_PP_TIMING, 0xb8) 248 FIELD(SCL_I3C_PP_TIMING, I3C_PP_LCNT, 0, 8) 249 FIELD(SCL_I3C_PP_TIMING, I3C_PP_HCNT, 16, 8) 250 REG32(SCL_I2C_FM_TIMING, 0xbc) 251 REG32(SCL_I2C_FMP_TIMING, 0xc0) 252 FIELD(SCL_I2C_FMP_TIMING, I2C_FMP_LCNT, 0, 16) 253 FIELD(SCL_I2C_FMP_TIMING, I2C_FMP_HCNT, 16, 8) 254 REG32(SCL_EXT_LCNT_TIMING, 0xc8) 255 REG32(SCL_EXT_TERMN_LCNT_TIMING, 0xcc) 256 REG32(BUS_FREE_TIMING, 0xd4) 257 REG32(BUS_IDLE_TIMING, 0xd8) 258 FIELD(BUS_IDLE_TIMING, BUS_IDLE_TIME, 0, 20) 259 REG32(I3C_VER_ID, 0xe0) 260 REG32(I3C_VER_TYPE, 0xe4) 261 REG32(EXTENDED_CAPABILITY, 0xe8) 262 FIELD(EXTENDED_CAPABILITY, APP_IF_MODE, 0, 2) 263 FIELD(EXTENDED_CAPABILITY, APP_IF_DATA_WIDTH, 2, 2) 264 FIELD(EXTENDED_CAPABILITY, OPERATION_MODE, 4, 2) 265 FIELD(EXTENDED_CAPABILITY, CLK_PERIOD, 8, 6) 266 REG32(SLAVE_CONFIG, 0xec) 267 FIELD(SLAVE_CONFIG, DMA_EN, 0, 1) 268 FIELD(SLAVE_CONFIG, HJ_CAP, 0, 1) 269 FIELD(SLAVE_CONFIG, CLK_PERIOD, 2, 14) 270 /* Device characteristic table fields */ 271 REG32(DEVICE_CHARACTERISTIC_TABLE_LOC1, 0x200) 272 REG32(DEVICE_CHARACTERISTIC_TABLE_LOC_SECONDARY, 0x200) 273 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC_SECONDARY, DYNAMIC_ADDR, 0, 8) 274 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC_SECONDARY, DCR, 8, 8) 275 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC_SECONDARY, BCR, 16, 8) 276 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC_SECONDARY, STATIC_ADDR, 24, 8) 277 REG32(DEVICE_CHARACTERISTIC_TABLE_LOC2, 0x204) 278 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC2, MSB_PID, 0, 16) 279 REG32(DEVICE_CHARACTERISTIC_TABLE_LOC3, 0x208) 280 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC3, DCR, 0, 8) 281 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC3, BCR, 8, 8) 282 REG32(DEVICE_CHARACTERISTIC_TABLE_LOC4, 0x20c) 283 FIELD(DEVICE_CHARACTERISTIC_TABLE_LOC4, DEV_DYNAMIC_ADDR, 0, 8) 284 /* Dev addr table fields */ 285 REG32(DEVICE_ADDR_TABLE_LOC1, 0x280) 286 FIELD(DEVICE_ADDR_TABLE_LOC1, DEV_STATIC_ADDR, 0, 7) 287 FIELD(DEVICE_ADDR_TABLE_LOC1, IBI_PEC_EN, 11, 1) 288 FIELD(DEVICE_ADDR_TABLE_LOC1, IBI_WITH_DATA, 12, 1) 289 FIELD(DEVICE_ADDR_TABLE_LOC1, SIR_REJECT, 13, 1) 290 FIELD(DEVICE_ADDR_TABLE_LOC1, MR_REJECT, 14, 1) 291 FIELD(DEVICE_ADDR_TABLE_LOC1, DEV_DYNAMIC_ADDR, 16, 8) 292 FIELD(DEVICE_ADDR_TABLE_LOC1, IBI_ADDR_MASK, 24, 2) 293 FIELD(DEVICE_ADDR_TABLE_LOC1, DEV_NACK_RETRY_CNT, 29, 2) 294 FIELD(DEVICE_ADDR_TABLE_LOC1, LEGACY_I2C_DEVICE, 31, 1) 295 296 static const uint32_t dw_i3c_resets[DW_I3C_NR_REGS] = { 297 /* Target mode is not supported, don't advertise it for now. */ 298 [R_HW_CAPABILITY] = 0x000e00b9, 299 [R_QUEUE_THLD_CTRL] = 0x01000101, 300 [R_DATA_BUFFER_THLD_CTRL] = 0x01010100, 301 [R_SLV_EVENT_CTRL] = 0x0000000b, 302 [R_QUEUE_STATUS_LEVEL] = 0x00000002, 303 [R_DATA_BUFFER_STATUS_LEVEL] = 0x00000010, 304 [R_PRESENT_STATE] = 0x00000003, 305 [R_I3C_VER_ID] = 0x3130302a, 306 [R_I3C_VER_TYPE] = 0x6c633033, 307 [R_DEVICE_ADDR_TABLE_POINTER] = 0x00080280, 308 [R_DEV_CHAR_TABLE_POINTER] = 0x00020200, 309 [R_SLV_CHAR_CTRL] = 0x00010000, 310 [A_VENDOR_SPECIFIC_REG_POINTER] = 0x000000b0, 311 [R_SLV_MAX_LEN] = 0x00ff00ff, 312 [R_SLV_TSX_SYMBL_TIMING] = 0x0000003f, 313 [R_SCL_I3C_OD_TIMING] = 0x000a0010, 314 [R_SCL_I3C_PP_TIMING] = 0x000a000a, 315 [R_SCL_I2C_FM_TIMING] = 0x00100010, 316 [R_SCL_I2C_FMP_TIMING] = 0x00100010, 317 [R_SCL_EXT_LCNT_TIMING] = 0x20202020, 318 [R_SCL_EXT_TERMN_LCNT_TIMING] = 0x00300000, 319 [R_BUS_FREE_TIMING] = 0x00200020, 320 [R_BUS_IDLE_TIMING] = 0x00000020, 321 [R_EXTENDED_CAPABILITY] = 0x00000239, 322 [R_SLAVE_CONFIG] = 0x00000023, 323 }; 324 325 static const uint32_t dw_i3c_ro[DW_I3C_NR_REGS] = { 326 [R_DEVICE_CTRL] = 0x04fffe00, 327 [R_DEVICE_ADDR] = 0x7f807f80, 328 [R_HW_CAPABILITY] = 0xffffffff, 329 [R_IBI_QUEUE_STATUS] = 0xffffffff, 330 [R_DATA_BUFFER_THLD_CTRL] = 0xf8f8f8f8, 331 [R_IBI_QUEUE_CTRL] = 0xfffffff0, 332 [R_RESET_CTRL] = 0xffffffc0, 333 [R_SLV_EVENT_CTRL] = 0xffffff3f, 334 [R_INTR_STATUS] = 0xffff809f, 335 [R_INTR_STATUS_EN] = 0xffff8080, 336 [R_INTR_SIGNAL_EN] = 0xffff8080, 337 [R_INTR_FORCE] = 0xffff8000, 338 [R_QUEUE_STATUS_LEVEL] = 0xffffffff, 339 [R_DATA_BUFFER_STATUS_LEVEL] = 0xffffffff, 340 [R_PRESENT_STATE] = 0xffffffff, 341 [R_CCC_DEVICE_STATUS] = 0xffffffff, 342 [R_I3C_VER_ID] = 0xffffffff, 343 [R_I3C_VER_TYPE] = 0xffffffff, 344 [R_DEVICE_ADDR_TABLE_POINTER] = 0xffffffff, 345 [R_DEV_CHAR_TABLE_POINTER] = 0xffcbffff, 346 [R_SLV_PID_VALUE] = 0xffff0fff, 347 [R_SLV_CHAR_CTRL] = 0xffffffff, 348 [A_VENDOR_SPECIFIC_REG_POINTER] = 0xffffffff, 349 [R_SLV_MAX_LEN] = 0xffffffff, 350 [R_MAX_READ_TURNAROUND] = 0xffffffff, 351 [R_MAX_DATA_SPEED] = 0xffffffff, 352 [R_SLV_INTR_REQ] = 0xfffffff0, 353 [R_SLV_TSX_SYMBL_TIMING] = 0xffffffc0, 354 [R_DEVICE_CTRL_EXTENDED] = 0xfffffff8, 355 [R_SCL_I3C_OD_TIMING] = 0xff00ff00, 356 [R_SCL_I3C_PP_TIMING] = 0xff00ff00, 357 [R_SCL_I2C_FMP_TIMING] = 0xff000000, 358 [R_SCL_EXT_TERMN_LCNT_TIMING] = 0x0000fff0, 359 [R_BUS_IDLE_TIMING] = 0xfff00000, 360 [R_EXTENDED_CAPABILITY] = 0xffffffff, 361 [R_SLAVE_CONFIG] = 0xffffffff, 362 }; 363 364 static inline bool dw_i3c_has_hdr_ts(DWI3C *s) 365 { 366 return ARRAY_FIELD_EX32(s->regs, HW_CAPABILITY, HDR_TS); 367 } 368 369 static inline bool dw_i3c_has_hdr_ddr(DWI3C *s) 370 { 371 return ARRAY_FIELD_EX32(s->regs, HW_CAPABILITY, HDR_DDR); 372 } 373 374 static inline bool dw_i3c_can_transmit(DWI3C *s) 375 { 376 /* 377 * We can only transmit if we're enabled and the resume bit is cleared. 378 * The resume bit is set on a transaction error, and software must clear it. 379 */ 380 return ARRAY_FIELD_EX32(s->regs, DEVICE_CTRL, I3C_EN) && 381 !ARRAY_FIELD_EX32(s->regs, DEVICE_CTRL, I3C_RESUME); 382 } 383 384 static inline uint8_t dw_i3c_ibi_slice_size(DWI3C *s) 385 { 386 uint8_t ibi_slice_size = ARRAY_FIELD_EX32(s->regs, QUEUE_THLD_CTRL, 387 IBI_DATA_THLD); 388 /* The minimum supported slice size is 4 bytes. */ 389 if (ibi_slice_size == 0) { 390 ibi_slice_size = 1; 391 } 392 ibi_slice_size *= sizeof(uint32_t); 393 /* maximum supported size is 63 bytes. */ 394 if (ibi_slice_size >= 64) { 395 ibi_slice_size = 63; 396 } 397 398 return ibi_slice_size; 399 } 400 401 static inline uint8_t dw_i3c_fifo_threshold_from_reg(uint8_t regval) 402 { 403 return regval = regval ? (2 << regval) : 1; 404 } 405 406 static void dw_i3c_update_irq(DWI3C *s) 407 { 408 bool level = !!(s->regs[R_INTR_SIGNAL_EN] & s->regs[R_INTR_STATUS]); 409 qemu_set_irq(s->irq, level); 410 } 411 412 static void dw_i3c_end_transfer(DWI3C *s, bool is_i2c) 413 { 414 if (is_i2c) { 415 legacy_i2c_end_transfer(s->bus); 416 } else { 417 i3c_end_transfer(s->bus); 418 } 419 } 420 421 static int dw_i3c_send_start(DWI3C *s, uint8_t addr, bool is_recv, bool is_i2c) 422 { 423 int ret; 424 425 if (is_i2c) { 426 ret = legacy_i2c_start_transfer(s->bus, addr, is_recv); 427 } else { 428 ret = i3c_start_transfer(s->bus, addr, is_recv); 429 } 430 if (ret) { 431 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 432 qemu_log_mask(LOG_GUEST_ERROR, "%s: NACKed on TX with addr 0x%.2x\n", 433 path, addr); 434 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 435 DW_I3C_TRANSFER_STATE_HALT); 436 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_STATUS, 437 DW_I3C_TRANSFER_STATUS_HALT); 438 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, TRANSFER_ERR, 1); 439 ARRAY_FIELD_DP32(s->regs, DEVICE_CTRL, I3C_RESUME, 1); 440 } 441 442 return ret; 443 } 444 445 static int dw_i3c_send(DWI3C *s, const uint8_t *data, uint32_t num_to_send, 446 uint32_t *num_sent, bool is_i2c) 447 { 448 int ret; 449 uint32_t i; 450 451 *num_sent = 0; 452 if (is_i2c) { 453 /* Legacy I2C must be byte-by-byte. */ 454 for (i = 0; i < num_to_send; i++) { 455 ret = legacy_i2c_send(s->bus, data[i]); 456 if (ret) { 457 break; 458 } 459 (*num_sent)++; 460 } 461 } else { 462 ret = i3c_send(s->bus, data, num_to_send, num_sent); 463 } 464 if (ret) { 465 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 466 qemu_log_mask(LOG_GUEST_ERROR, "%s: NACKed sending byte 0x%.2x\n", 467 path, data[*num_sent]); 468 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 469 DW_I3C_TRANSFER_STATE_HALT); 470 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_STATUS, 471 DW_I3C_TRANSFER_STATUS_HALT); 472 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, TRANSFER_ERR, 1); 473 ARRAY_FIELD_DP32(s->regs, DEVICE_CTRL, I3C_RESUME, 1); 474 } 475 476 trace_dw_i3c_send(s->cfg.id, *num_sent); 477 478 return ret; 479 } 480 481 static int dw_i3c_send_byte(DWI3C *s, uint8_t byte, bool is_i2c) 482 { 483 /* 484 * Ignored, the caller will know if we sent 0 or 1 bytes depending on if 485 * we were ACKed/NACKed. 486 */ 487 uint32_t num_sent; 488 return dw_i3c_send(s, &byte, 1, &num_sent, is_i2c); 489 } 490 491 static int dw_i3c_recv_data(DWI3C *s, bool is_i2c, uint8_t *data, 492 uint16_t num_to_read, uint32_t *num_read) 493 { 494 int ret; 495 496 if (is_i2c) { 497 for (uint16_t i = 0; i < num_to_read; i++) { 498 data[i] = legacy_i2c_recv(s->bus); 499 } 500 /* I2C devices can neither NACK a read, nor end transfers early. */ 501 *num_read = num_to_read; 502 trace_dw_i3c_recv_data(s->cfg.id, *num_read); 503 return 0; 504 } 505 /* I3C devices can NACK if the controller sends an unsupported CCC. */ 506 ret = i3c_recv(s->bus, data, num_to_read, num_read); 507 if (ret) { 508 qemu_log_mask(LOG_GUEST_ERROR, "%s: NACKed receiving byte\n", 509 object_get_canonical_path(OBJECT(s))); 510 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 511 DW_I3C_TRANSFER_STATE_HALT); 512 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_STATUS, 513 DW_I3C_TRANSFER_STATUS_HALT); 514 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, TRANSFER_ERR, 1); 515 ARRAY_FIELD_DP32(s->regs, DEVICE_CTRL, I3C_RESUME, 1); 516 } 517 518 trace_dw_i3c_recv_data(s->cfg.id, *num_read); 519 520 return ret; 521 } 522 523 static inline bool dw_i3c_target_is_i2c(DWI3C *s, uint16_t offset) 524 { 525 /* / sizeof(uint32_t) because we're indexing into our 32-bit reg array. */ 526 uint16_t dev_index = (ARRAY_FIELD_EX32(s->regs, DEVICE_ADDR_TABLE_POINTER, 527 ADDR) / sizeof(uint32_t)) + offset; 528 return FIELD_EX32(s->regs[dev_index], DEVICE_ADDR_TABLE_LOC1, 529 LEGACY_I2C_DEVICE); 530 } 531 532 static uint8_t dw_i3c_target_addr(DWI3C *s, uint16_t offset) 533 { 534 if (offset > s->cfg.num_addressable_devices) { 535 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 536 qemu_log_mask(LOG_GUEST_ERROR, "%s: Device addr table offset %d out of " 537 "bounds\n", path, offset); 538 /* If we're out of bounds, return an address of 0. */ 539 return 0; 540 } 541 542 /* / sizeof(uint32_t) because we're indexing into our 32-bit reg array. */ 543 uint16_t dev_index = (ARRAY_FIELD_EX32(s->regs, DEVICE_ADDR_TABLE_POINTER, 544 ADDR) / sizeof(uint32_t)) + offset; 545 /* I2C devices use a static address. */ 546 if (dw_i3c_target_is_i2c(s, offset)) { 547 return FIELD_EX32(s->regs[dev_index], DEVICE_ADDR_TABLE_LOC1, 548 DEV_STATIC_ADDR); 549 } 550 return FIELD_EX32(s->regs[dev_index], DEVICE_ADDR_TABLE_LOC1, 551 DEV_DYNAMIC_ADDR); 552 } 553 554 static int dw_i3c_addr_table_index_from_addr(DWI3C *s, uint8_t addr) 555 { 556 uint8_t table_size = ARRAY_FIELD_EX32(s->regs, DEVICE_ADDR_TABLE_POINTER, 557 DEPTH); 558 for (uint8_t i = 0; i < table_size; i++) { 559 if (dw_i3c_target_addr(s, i) == addr) { 560 return i; 561 } 562 } 563 return -1; 564 } 565 566 static void dw_i3c_send_disec(DWI3C *s) 567 { 568 uint8_t ccc = I3C_CCC_DISEC; 569 if (s->ibi_data.send_direct_disec) { 570 ccc = I3C_CCCD_DISEC; 571 } 572 573 dw_i3c_send_start(s, I3C_BROADCAST, /*is_recv=*/false, 574 /*is_i2c=*/false); 575 dw_i3c_send_byte(s, ccc, /*is_i2c=*/false); 576 if (s->ibi_data.send_direct_disec) { 577 dw_i3c_send_start(s, s->ibi_data.disec_addr, 578 /*is_recv=*/false, /*is_i2c=*/false); 579 } 580 dw_i3c_send_byte(s, s->ibi_data.disec_byte, /*is_i2c=*/false); 581 } 582 583 static int dw_i3c_handle_hj(DWI3C *s) 584 { 585 if (ARRAY_FIELD_EX32(s->regs, IBI_QUEUE_CTRL, NOTIFY_REJECTED_HOT_JOIN)) { 586 s->ibi_data.notify_ibi_nack = true; 587 } 588 589 bool nack_and_disable = ARRAY_FIELD_EX32(s->regs, DEVICE_CTRL, 590 HOT_JOIN_ACK_NACK_CTRL); 591 if (nack_and_disable) { 592 s->ibi_data.ibi_queue_status = FIELD_DP32(s->ibi_data.ibi_queue_status, 593 IBI_QUEUE_STATUS, 594 IBI_STATUS, 1); 595 s->ibi_data.ibi_nacked = true; 596 s->ibi_data.disec_byte = DISEC_HJ; 597 return -1; 598 } 599 return 0; 600 } 601 602 static int dw_i3c_handle_ctlr_req(DWI3C *s, uint8_t addr) 603 { 604 if (ARRAY_FIELD_EX32(s->regs, IBI_QUEUE_CTRL, NOTIFY_REJECTED_MASTER_REQ)) { 605 s->ibi_data.notify_ibi_nack = true; 606 } 607 608 int table_offset = dw_i3c_addr_table_index_from_addr(s, addr); 609 /* Doesn't exist in the table, NACK it, don't DISEC. */ 610 if (table_offset < 0) { 611 return -1; 612 } 613 614 /* / sizeof(uint32_t) because we're indexing into our 32-bit reg array. */ 615 table_offset += (ARRAY_FIELD_EX32(s->regs, DEVICE_ADDR_TABLE_POINTER, 616 ADDR) / sizeof(uint32_t)); 617 if (FIELD_EX32(s->regs[table_offset], DEVICE_ADDR_TABLE_LOC1, MR_REJECT)) { 618 s->ibi_data.ibi_queue_status = FIELD_DP32(s->ibi_data.ibi_queue_status, 619 IBI_QUEUE_STATUS, 620 IBI_STATUS, 1); 621 s->ibi_data.ibi_nacked = true; 622 s->ibi_data.disec_addr = addr; 623 /* Tell the requester to disable controller role requests. */ 624 s->ibi_data.disec_byte = DISEC_CR; 625 s->ibi_data.send_direct_disec = true; 626 return -1; 627 } 628 return 0; 629 } 630 631 static int dw_i3c_handle_targ_irq(DWI3C *s, uint8_t addr) 632 { 633 if (ARRAY_FIELD_EX32(s->regs, IBI_QUEUE_CTRL, NOTIFY_REJECTED_SLAVE_IRQ)) { 634 s->ibi_data.notify_ibi_nack = true; 635 } 636 637 int table_offset = dw_i3c_addr_table_index_from_addr(s, addr); 638 /* Doesn't exist in the table, NACK it, don't DISEC. */ 639 if (table_offset < 0) { 640 return -1; 641 } 642 643 /* / sizeof(uint32_t) because we're indexing into our 32-bit reg array. */ 644 table_offset += (ARRAY_FIELD_EX32(s->regs, DEVICE_ADDR_TABLE_POINTER, 645 ADDR) / sizeof(uint32_t)); 646 if (FIELD_EX32(s->regs[table_offset], DEVICE_ADDR_TABLE_LOC1, SIR_REJECT)) { 647 s->ibi_data.ibi_queue_status = FIELD_DP32(s->ibi_data.ibi_queue_status, 648 IBI_QUEUE_STATUS, 649 IBI_STATUS, 1); 650 s->ibi_data.ibi_nacked = true; 651 s->ibi_data.disec_addr = addr; 652 /* Tell the requester to disable interrupts. */ 653 s->ibi_data.disec_byte = DISEC_INT; 654 s->ibi_data.send_direct_disec = true; 655 return -1; 656 } 657 return 0; 658 } 659 660 static int dw_i3c_ibi_handle(I3CBus *bus, uint8_t addr, bool is_recv) 661 { 662 DWI3C *s = DW_I3C(bus->qbus.parent); 663 664 trace_dw_i3c_ibi_handle(s->cfg.id, addr, is_recv); 665 s->ibi_data.ibi_queue_status = FIELD_DP32(s->ibi_data.ibi_queue_status, 666 IBI_QUEUE_STATUS, IBI_ID, 667 (addr << 1) | is_recv); 668 /* Is this a hot join request? */ 669 if (addr == I3C_HJ_ADDR) { 670 return dw_i3c_handle_hj(s); 671 } 672 /* Is secondary controller requesting access? */ 673 if (!is_recv) { 674 return dw_i3c_handle_ctlr_req(s, addr); 675 } 676 /* Is this a target IRQ? */ 677 if (is_recv) { 678 return dw_i3c_handle_targ_irq(s, addr); 679 } 680 681 /* At this point the IBI should have been ACKed or NACKed. */ 682 g_assert_not_reached(); 683 return -1; 684 } 685 686 static int dw_i3c_ibi_recv(I3CBus *bus, uint8_t data) 687 { 688 DWI3C *s = DW_I3C(bus->qbus.parent); 689 if (fifo8_is_full(&s->ibi_data.ibi_intermediate_queue)) { 690 return -1; 691 } 692 693 fifo8_push(&s->ibi_data.ibi_intermediate_queue, data); 694 trace_dw_i3c_ibi_recv(s->cfg.id, data); 695 return 0; 696 } 697 698 static void dw_i3c_ibi_queue_push(DWI3C *s) 699 { 700 /* Stored value is in 32-bit chunks, convert it to byte chunks. */ 701 uint8_t ibi_slice_size = dw_i3c_ibi_slice_size(s); 702 uint8_t num_slices = (fifo8_num_used(&s->ibi_data.ibi_intermediate_queue) / 703 ibi_slice_size) + 704 ((fifo8_num_used(&s->ibi_data.ibi_intermediate_queue) % 705 ibi_slice_size) ? 1 : 0); 706 uint8_t ibi_status_count = num_slices; 707 union { 708 uint8_t b[sizeof(uint32_t)]; 709 uint32_t val32; 710 } ibi_data = { 711 .val32 = 0 712 }; 713 714 /* The report was suppressed, do nothing. */ 715 if (s->ibi_data.ibi_nacked && !s->ibi_data.notify_ibi_nack) { 716 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 717 DW_I3C_TRANSFER_STATE_IDLE); 718 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_STATUS, 719 DW_I3C_TRANSFER_STATUS_IDLE); 720 return; 721 } 722 723 /* If we don't have any slices to push, just push the status. */ 724 if (num_slices == 0) { 725 s->ibi_data.ibi_queue_status = 726 FIELD_DP32(s->ibi_data.ibi_queue_status, IBI_QUEUE_STATUS, 727 LAST_STATUS, 1); 728 fifo32_push(&s->ibi_queue, s->ibi_data.ibi_queue_status); 729 ibi_status_count = 1; 730 } 731 732 for (uint8_t i = 0; i < num_slices; i++) { 733 /* If this is the last slice, set LAST_STATUS. */ 734 if (fifo8_num_used(&s->ibi_data.ibi_intermediate_queue) < 735 ibi_slice_size) { 736 s->ibi_data.ibi_queue_status = 737 FIELD_DP32(s->ibi_data.ibi_queue_status, IBI_QUEUE_STATUS, 738 IBI_DATA_LEN, 739 fifo8_num_used(&s->ibi_data.ibi_intermediate_queue)); 740 s->ibi_data.ibi_queue_status = 741 FIELD_DP32(s->ibi_data.ibi_queue_status, IBI_QUEUE_STATUS, 742 LAST_STATUS, 1); 743 } else { 744 s->ibi_data.ibi_queue_status = 745 FIELD_DP32(s->ibi_data.ibi_queue_status, IBI_QUEUE_STATUS, 746 IBI_DATA_LEN, ibi_slice_size); 747 } 748 749 /* Push the IBI status header. */ 750 fifo32_push(&s->ibi_queue, s->ibi_data.ibi_queue_status); 751 /* Move each IBI byte into a 32-bit word and push it into the queue. */ 752 for (uint8_t j = 0; j < ibi_slice_size; ++j) { 753 if (fifo8_is_empty(&s->ibi_data.ibi_intermediate_queue)) { 754 break; 755 } 756 757 ibi_data.b[j & 3] = fifo8_pop(&s->ibi_data.ibi_intermediate_queue); 758 /* We have 32-bits, push it to the IBI FIFO. */ 759 if ((j & 0x03) == 0x03) { 760 fifo32_push(&s->ibi_queue, ibi_data.val32); 761 ibi_data.val32 = 0; 762 } 763 } 764 /* If the data isn't 32-bit aligned, push the leftover bytes. */ 765 if (ibi_slice_size & 0x03) { 766 fifo32_push(&s->ibi_queue, ibi_data.val32); 767 } 768 769 /* Clear out the data length for the next iteration. */ 770 s->ibi_data.ibi_queue_status = FIELD_DP32(s->ibi_data.ibi_queue_status, 771 IBI_QUEUE_STATUS, IBI_DATA_LEN, 0); 772 } 773 774 ARRAY_FIELD_DP32(s->regs, QUEUE_STATUS_LEVEL, IBI_BUF_BLR, 775 fifo32_num_used(&s->ibi_queue)); 776 ARRAY_FIELD_DP32(s->regs, QUEUE_STATUS_LEVEL, IBI_STATUS_CNT, 777 ibi_status_count); 778 /* Threshold is the register value + 1. */ 779 uint8_t threshold = ARRAY_FIELD_EX32(s->regs, QUEUE_THLD_CTRL, 780 IBI_STATUS_THLD) + 1; 781 if (fifo32_num_used(&s->ibi_queue) >= threshold) { 782 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, IBI_THLD, 1); 783 dw_i3c_update_irq(s); 784 } 785 786 /* State update. */ 787 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 788 DW_I3C_TRANSFER_STATE_IDLE); 789 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_STATUS, 790 DW_I3C_TRANSFER_STATUS_IDLE); 791 } 792 793 static int dw_i3c_ibi_finish(I3CBus *bus) 794 { 795 DWI3C *s = DW_I3C(bus->qbus.parent); 796 bool nack_and_disable_hj = ARRAY_FIELD_EX32(s->regs, DEVICE_CTRL, 797 HOT_JOIN_ACK_NACK_CTRL); 798 if (nack_and_disable_hj || s->ibi_data.send_direct_disec) { 799 dw_i3c_send_disec(s); 800 } 801 dw_i3c_ibi_queue_push(s); 802 803 /* Clear out the intermediate values. */ 804 s->ibi_data.ibi_queue_status = 0; 805 s->ibi_data.disec_addr = 0; 806 s->ibi_data.disec_byte = 0; 807 s->ibi_data.send_direct_disec = false; 808 s->ibi_data.notify_ibi_nack = false; 809 s->ibi_data.ibi_nacked = false; 810 811 return 0; 812 } 813 814 static uint32_t dw_i3c_intr_status_r(DWI3C *s) 815 { 816 /* Only return the status whose corresponding EN bits are set. */ 817 return s->regs[R_INTR_STATUS] & s->regs[R_INTR_STATUS_EN]; 818 } 819 820 static void dw_i3c_intr_status_w(DWI3C *s, uint32_t val) 821 { 822 /* INTR_STATUS[13:5] is w1c, other bits are RO. */ 823 val &= 0x3fe0; 824 s->regs[R_INTR_STATUS] &= ~val; 825 826 dw_i3c_update_irq(s); 827 } 828 829 static void dw_i3c_intr_status_en_w(DWI3C *s, uint32_t val) 830 { 831 s->regs[R_INTR_STATUS_EN] = val; 832 dw_i3c_update_irq(s); 833 } 834 835 static void dw_i3c_intr_signal_en_w(DWI3C *s, uint32_t val) 836 { 837 s->regs[R_INTR_SIGNAL_EN] = val; 838 dw_i3c_update_irq(s); 839 } 840 841 static void dw_i3c_intr_force_w(DWI3C *s, uint32_t val) 842 { 843 /* INTR_FORCE is WO, just set the corresponding INTR_STATUS bits. */ 844 s->regs[R_INTR_STATUS] = val; 845 dw_i3c_update_irq(s); 846 } 847 848 static uint32_t dw_i3c_pop_rx(DWI3C *s) 849 { 850 if (fifo32_is_empty(&s->rx_queue)) { 851 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 852 qemu_log_mask(LOG_GUEST_ERROR, "%s: Tried to read RX FIFO when empty\n", 853 path); 854 return 0; 855 } 856 857 uint32_t val = fifo32_pop(&s->rx_queue); 858 ARRAY_FIELD_DP32(s->regs, DATA_BUFFER_STATUS_LEVEL, RX_BUF_BLR, 859 fifo32_num_used(&s->rx_queue)); 860 861 /* Threshold is 2^RX_BUF_THLD. */ 862 uint8_t threshold = ARRAY_FIELD_EX32(s->regs, DATA_BUFFER_THLD_CTRL, 863 RX_BUF_THLD); 864 threshold = dw_i3c_fifo_threshold_from_reg(threshold); 865 if (fifo32_num_used(&s->rx_queue) < threshold) { 866 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, RX_THLD, 0); 867 dw_i3c_update_irq(s); 868 } 869 870 trace_dw_i3c_pop_rx(s->cfg.id, val); 871 return val; 872 } 873 874 static uint32_t dw_i3c_ibi_queue_r(DWI3C *s) 875 { 876 if (fifo32_is_empty(&s->ibi_queue)) { 877 return 0; 878 } 879 880 uint32_t val = fifo32_pop(&s->ibi_queue); 881 ARRAY_FIELD_DP32(s->regs, QUEUE_STATUS_LEVEL, IBI_BUF_BLR, 882 fifo32_num_used(&s->ibi_queue)); 883 /* Threshold is the register value + 1. */ 884 uint8_t threshold = ARRAY_FIELD_EX32(s->regs, QUEUE_THLD_CTRL, 885 IBI_STATUS_THLD) + 1; 886 if (fifo32_num_used(&s->ibi_queue) < threshold) { 887 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, IBI_THLD, 0); 888 dw_i3c_update_irq(s); 889 } 890 return val; 891 } 892 893 static uint32_t dw_i3c_resp_queue_port_r(DWI3C *s) 894 { 895 if (fifo32_is_empty(&s->resp_queue)) { 896 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 897 qemu_log_mask(LOG_GUEST_ERROR, "%s: Tried to read response FIFO when " 898 "empty\n", path); 899 return 0; 900 } 901 902 uint32_t val = fifo32_pop(&s->resp_queue); 903 ARRAY_FIELD_DP32(s->regs, QUEUE_STATUS_LEVEL, RESP_BUF_BLR, 904 fifo32_num_used(&s->resp_queue)); 905 906 /* Threshold is the register value + 1. */ 907 uint8_t threshold = ARRAY_FIELD_EX32(s->regs, QUEUE_THLD_CTRL, 908 RESP_BUF_THLD) + 1; 909 if (fifo32_num_used(&s->resp_queue) < threshold) { 910 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, RESP_RDY, 0); 911 dw_i3c_update_irq(s); 912 } 913 914 return val; 915 } 916 917 static uint64_t dw_i3c_read(void *opaque, hwaddr offset, unsigned size) 918 { 919 DWI3C *s = DW_I3C(opaque); 920 uint32_t addr = offset >> 2; 921 uint64_t value; 922 923 switch (addr) { 924 /* RAZ */ 925 case R_COMMAND_QUEUE_PORT: 926 case R_RESET_CTRL: 927 case R_INTR_FORCE: 928 value = 0; 929 break; 930 case R_IBI_QUEUE_DATA: 931 value = dw_i3c_ibi_queue_r(s); 932 break; 933 case R_INTR_STATUS: 934 value = dw_i3c_intr_status_r(s); 935 break; 936 case R_RX_TX_DATA_PORT: 937 value = dw_i3c_pop_rx(s); 938 break; 939 case R_RESPONSE_QUEUE_PORT: 940 value = dw_i3c_resp_queue_port_r(s); 941 break; 942 default: 943 value = s->regs[addr]; 944 break; 945 } 946 947 trace_dw_i3c_read(s->cfg.id, offset, value); 948 949 return value; 950 } 951 952 static void dw_i3c_resp_queue_push(DWI3C *s, uint8_t err, uint8_t tid, 953 uint8_t ccc_type, uint16_t data_len) 954 { 955 uint32_t val = 0; 956 val = FIELD_DP32(val, RESPONSE_QUEUE_PORT, ERR_STATUS, err); 957 val = FIELD_DP32(val, RESPONSE_QUEUE_PORT, TID, tid); 958 val = FIELD_DP32(val, RESPONSE_QUEUE_PORT, CCCT, ccc_type); 959 val = FIELD_DP32(val, RESPONSE_QUEUE_PORT, DL, data_len); 960 if (!fifo32_is_full(&s->resp_queue)) { 961 trace_dw_i3c_resp_queue_push(s->cfg.id, val); 962 fifo32_push(&s->resp_queue, val); 963 } 964 965 ARRAY_FIELD_DP32(s->regs, QUEUE_STATUS_LEVEL, RESP_BUF_BLR, 966 fifo32_num_used(&s->resp_queue)); 967 /* Threshold is the register value + 1. */ 968 uint8_t threshold = ARRAY_FIELD_EX32(s->regs, QUEUE_THLD_CTRL, 969 RESP_BUF_THLD) + 1; 970 if (fifo32_num_used(&s->resp_queue) >= threshold) { 971 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, RESP_RDY, 1); 972 dw_i3c_update_irq(s); 973 } 974 } 975 976 static void dw_i3c_push_tx(DWI3C *s, uint32_t val) 977 { 978 if (fifo32_is_full(&s->tx_queue)) { 979 qemu_log_mask(LOG_GUEST_ERROR, "%s: Tried to push to TX FIFO when " 980 "full\n", object_get_canonical_path(OBJECT(s))); 981 return; 982 } 983 984 trace_dw_i3c_push_tx(s->cfg.id, val); 985 fifo32_push(&s->tx_queue, val); 986 ARRAY_FIELD_DP32(s->regs, DATA_BUFFER_STATUS_LEVEL, TX_BUF_EMPTY_LOC, 987 fifo32_num_free(&s->tx_queue)); 988 989 /* Threshold is 2^TX_BUF_THLD. */ 990 uint8_t empty_threshold = ARRAY_FIELD_EX32(s->regs, DATA_BUFFER_THLD_CTRL, 991 TX_BUF_THLD); 992 empty_threshold = 993 dw_i3c_fifo_threshold_from_reg(empty_threshold); 994 if (fifo32_num_free(&s->tx_queue) < empty_threshold) { 995 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, TX_THLD, 0); 996 dw_i3c_update_irq(s); 997 } 998 } 999 1000 static uint32_t dw_i3c_pop_tx(DWI3C *s) 1001 { 1002 if (fifo32_is_empty(&s->tx_queue)) { 1003 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1004 qemu_log_mask(LOG_GUEST_ERROR, "%s: Tried to pop from TX FIFO when " 1005 "empty\n", path); 1006 return 0; 1007 } 1008 1009 uint32_t val = fifo32_pop(&s->tx_queue); 1010 trace_dw_i3c_pop_tx(s->cfg.id, val); 1011 ARRAY_FIELD_DP32(s->regs, DATA_BUFFER_STATUS_LEVEL, TX_BUF_EMPTY_LOC, 1012 fifo32_num_free(&s->tx_queue)); 1013 1014 /* Threshold is 2^TX_BUF_THLD. */ 1015 uint8_t empty_threshold = ARRAY_FIELD_EX32(s->regs, DATA_BUFFER_THLD_CTRL, 1016 TX_BUF_THLD); 1017 empty_threshold = 1018 dw_i3c_fifo_threshold_from_reg(empty_threshold); 1019 if (fifo32_num_free(&s->tx_queue) >= empty_threshold) { 1020 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, TX_THLD, 1); 1021 dw_i3c_update_irq(s); 1022 } 1023 return val; 1024 } 1025 1026 static void dw_i3c_push_rx(DWI3C *s, uint32_t val) 1027 { 1028 if (fifo32_is_full(&s->rx_queue)) { 1029 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1030 qemu_log_mask(LOG_GUEST_ERROR, "%s: Tried to push to RX FIFO when " 1031 "full\n", path); 1032 return; 1033 } 1034 trace_dw_i3c_push_rx(s->cfg.id, val); 1035 fifo32_push(&s->rx_queue, val); 1036 1037 ARRAY_FIELD_DP32(s->regs, DATA_BUFFER_STATUS_LEVEL, RX_BUF_BLR, 1038 fifo32_num_used(&s->rx_queue)); 1039 /* Threshold is 2^RX_BUF_THLD. */ 1040 uint8_t threshold = ARRAY_FIELD_EX32(s->regs, DATA_BUFFER_THLD_CTRL, 1041 RX_BUF_THLD); 1042 threshold = dw_i3c_fifo_threshold_from_reg(threshold); 1043 if (fifo32_num_used(&s->rx_queue) >= threshold) { 1044 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, RX_THLD, 1); 1045 dw_i3c_update_irq(s); 1046 } 1047 } 1048 1049 static void dw_i3c_short_transfer(DWI3C *s, DWI3CTransferCmd cmd, 1050 DWI3CShortArg arg) 1051 { 1052 uint8_t err = DW_I3C_RESP_QUEUE_ERR_NONE; 1053 uint8_t addr = dw_i3c_target_addr(s, cmd.dev_index); 1054 bool is_i2c = dw_i3c_target_is_i2c(s, cmd.dev_index); 1055 uint8_t data[4]; /* Max we can send on a short transfer is 4 bytes. */ 1056 uint8_t len = 0; 1057 uint32_t bytes_sent; /* Ignored on short transfers. */ 1058 1059 /* Can't do reads on a short transfer. */ 1060 if (cmd.rnw) { 1061 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1062 qemu_log_mask(LOG_GUEST_ERROR, "%s: Cannot do a read on a short " 1063 "transfer\n", path); 1064 return; 1065 } 1066 1067 if (dw_i3c_send_start(s, addr, /*is_recv=*/false, is_i2c)) { 1068 err = DW_I3C_RESP_QUEUE_ERR_I2C_NACK; 1069 goto transfer_done; 1070 } 1071 1072 /* Are we sending a command? */ 1073 if (cmd.cp) { 1074 data[len] = cmd.cmd; 1075 len++; 1076 /* 1077 * byte0 is the defining byte for a command, and is only sent if a 1078 * command is present and if the command has a defining byte present. 1079 * (byte_strb & 0x01) is always treated as set by the controller, and is 1080 * ignored. 1081 */ 1082 if (cmd.dbp) { 1083 data[len] += arg.byte0; 1084 len++; 1085 } 1086 } 1087 1088 /* Send the bytes passed in the argument. */ 1089 if (arg.byte_strb & 0x02) { 1090 data[len] = arg.byte1; 1091 len++; 1092 } 1093 if (arg.byte_strb & 0x04) { 1094 data[len] = arg.byte2; 1095 len++; 1096 } 1097 1098 if (dw_i3c_send(s, data, len, &bytes_sent, is_i2c)) { 1099 err = DW_I3C_RESP_QUEUE_ERR_I2C_NACK; 1100 } else { 1101 /* Only go to an idle state on a successful transfer. */ 1102 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 1103 DW_I3C_TRANSFER_STATE_IDLE); 1104 } 1105 1106 transfer_done: 1107 if (cmd.toc) { 1108 dw_i3c_end_transfer(s, is_i2c); 1109 } 1110 if (cmd.roc) { 1111 /* 1112 * ccc_type is always 0 in controller mode, data_len is 0 in short 1113 * transfers. 1114 */ 1115 dw_i3c_resp_queue_push(s, err, cmd.tid, /*ccc_type=*/0, 1116 /*data_len=*/0); 1117 } 1118 } 1119 1120 /* Returns number of bytes transmitted. */ 1121 static uint16_t dw_i3c_tx(DWI3C *s, uint16_t num, bool is_i2c) 1122 { 1123 uint16_t bytes_sent = 0; 1124 union { 1125 uint8_t b[sizeof(uint32_t)]; 1126 uint32_t val; 1127 } val32; 1128 1129 while (bytes_sent < num) { 1130 val32.val = dw_i3c_pop_tx(s); 1131 for (uint8_t i = 0; i < sizeof(val32.val); i++) { 1132 if (dw_i3c_send_byte(s, val32.b[i], is_i2c)) { 1133 return bytes_sent; 1134 } 1135 bytes_sent++; 1136 1137 /* We're not sending the full 32-bits, break early. */ 1138 if (bytes_sent >= num) { 1139 break; 1140 } 1141 } 1142 } 1143 1144 return bytes_sent; 1145 } 1146 1147 /* Returns number of bytes received. */ 1148 static uint16_t dw_i3c_rx(DWI3C *s, uint16_t num, bool is_i2c) 1149 { 1150 /* 1151 * Allocate a temporary buffer to read data from the target. 1152 * Zero it and word-align it as well in case we're reading unaligned data. 1153 */ 1154 g_autofree uint8_t *data = g_new0(uint8_t, num + (4 - (num & 0x03))); 1155 uint32_t *data32 = (uint32_t *)data; 1156 /* 1157 * 32-bits since the I3C API wants a 32-bit number, even though the 1158 * controller can only do 16-bit transfers. 1159 */ 1160 uint32_t num_read = 0; 1161 1162 /* Can NACK if the target receives an unsupported CCC. */ 1163 if (dw_i3c_recv_data(s, is_i2c, data, num, &num_read)) { 1164 return 0; 1165 } 1166 1167 for (uint16_t i = 0; i < num_read / 4; i++) { 1168 dw_i3c_push_rx(s, *data32); 1169 data32++; 1170 } 1171 /* 1172 * If we're pushing data that isn't 32-bit aligned, push what's left. 1173 * It's software's responsibility to know what bits are valid in the partial 1174 * data. 1175 */ 1176 if (num_read & 0x03) { 1177 dw_i3c_push_rx(s, *data32); 1178 } 1179 1180 return num_read; 1181 } 1182 1183 static int dw_i3c_transfer_ccc(DWI3C *s, DWI3CTransferCmd cmd, 1184 DWI3CTransferArg arg) 1185 { 1186 /* CCC start is always a write. CCCs cannot be done on I2C devices. */ 1187 if (dw_i3c_send_start(s, I3C_BROADCAST, /*is_recv=*/false, 1188 /*is_i2c=*/false)) { 1189 return DW_I3C_RESP_QUEUE_ERR_BROADCAST_NACK; 1190 } 1191 trace_dw_i3c_transfer_ccc(s->cfg.id, cmd.cmd); 1192 if (dw_i3c_send_byte(s, cmd.cmd, /*is_i2c=*/false)) { 1193 return DW_I3C_RESP_QUEUE_ERR_I2C_NACK; 1194 } 1195 1196 /* On a direct CCC, we do a restart and then send the target's address. */ 1197 if (CCC_IS_DIRECT(cmd.cmd)) { 1198 bool is_recv = cmd.rnw; 1199 uint8_t addr = dw_i3c_target_addr(s, cmd.dev_index); 1200 if (dw_i3c_send_start(s, addr, is_recv, /*is_i2c=*/false)) { 1201 return DW_I3C_RESP_QUEUE_ERR_BROADCAST_NACK; 1202 } 1203 } 1204 1205 return DW_I3C_RESP_QUEUE_ERR_NONE; 1206 } 1207 1208 static void dw_i3c_transfer(DWI3C *s, DWI3CTransferCmd cmd, 1209 DWI3CTransferArg arg) 1210 { 1211 bool is_recv = cmd.rnw; 1212 uint8_t err = DW_I3C_RESP_QUEUE_ERR_NONE; 1213 uint8_t addr = dw_i3c_target_addr(s, cmd.dev_index); 1214 bool is_i2c = dw_i3c_target_is_i2c(s, cmd.dev_index); 1215 uint16_t bytes_transferred = 0; 1216 1217 if (cmd.cp) { 1218 /* We're sending a CCC. */ 1219 err = dw_i3c_transfer_ccc(s, cmd, arg); 1220 if (err != DW_I3C_RESP_QUEUE_ERR_NONE) { 1221 goto transfer_done; 1222 } 1223 } else { 1224 if (ARRAY_FIELD_EX32(s->regs, DEVICE_CTRL, I3C_BROADCAST_ADDR_INC) && 1225 is_i2c == false) { 1226 if (dw_i3c_send_start(s, I3C_BROADCAST, 1227 /*is_recv=*/false, is_i2c)) { 1228 err = DW_I3C_RESP_QUEUE_ERR_I2C_NACK; 1229 goto transfer_done; 1230 } 1231 } 1232 /* Otherwise we're doing a private transfer. */ 1233 if (dw_i3c_send_start(s, addr, is_recv, is_i2c)) { 1234 err = DW_I3C_RESP_QUEUE_ERR_I2C_NACK; 1235 goto transfer_done; 1236 } 1237 } 1238 1239 if (is_recv) { 1240 bytes_transferred = dw_i3c_rx(s, arg.data_len, is_i2c); 1241 } else { 1242 bytes_transferred = dw_i3c_tx(s, arg.data_len, is_i2c); 1243 } 1244 1245 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 1246 DW_I3C_TRANSFER_STATE_IDLE); 1247 1248 transfer_done: 1249 if (cmd.toc) { 1250 dw_i3c_end_transfer(s, is_i2c); 1251 } 1252 if (cmd.roc) { 1253 /* 1254 * data_len is the number of bytes that still need to be TX'd, or the 1255 * number of bytes RX'd. 1256 */ 1257 uint16_t data_len = is_recv ? bytes_transferred : arg.data_len - 1258 bytes_transferred; 1259 /* CCCT is always 0 in controller mode. */ 1260 dw_i3c_resp_queue_push(s, err, cmd.tid, /*ccc_type=*/0, 1261 data_len); 1262 } 1263 1264 dw_i3c_update_irq(s); 1265 } 1266 1267 static void dw_i3c_transfer_cmd(DWI3C *s, DWI3CTransferCmd cmd, 1268 DWI3CCmdQueueData arg) 1269 { 1270 uint8_t arg_attr = FIELD_EX32(arg.word, COMMAND_QUEUE_PORT, CMD_ATTR); 1271 1272 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CMD_TID, cmd.tid); 1273 1274 /* User is trying to do HDR transfers, see if we can do them. */ 1275 if (cmd.speed == 0x06 && !dw_i3c_has_hdr_ddr(s)) { 1276 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1277 qemu_log_mask(LOG_GUEST_ERROR, "%s: HDR DDR is not supported\n", path); 1278 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 1279 DW_I3C_TRANSFER_STATE_HALT); 1280 return; 1281 } 1282 if (cmd.speed == 0x05 && !dw_i3c_has_hdr_ts(s)) { 1283 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1284 qemu_log_mask(LOG_GUEST_ERROR, "%s: HDR TS is not supported\n", path); 1285 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 1286 DW_I3C_TRANSFER_STATE_HALT); 1287 return; 1288 } 1289 1290 if (arg_attr == DW_I3C_CMD_ATTR_TRANSFER_ARG) { 1291 dw_i3c_transfer(s, cmd, arg.transfer_arg); 1292 } else if (arg_attr == DW_I3C_CMD_ATTR_SHORT_DATA_ARG) { 1293 dw_i3c_short_transfer(s, cmd, arg.short_arg); 1294 } else { 1295 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1296 qemu_log_mask(LOG_GUEST_ERROR, "%s: Unknown command queue cmd_attr 0x%x" 1297 "\n", path, arg_attr); 1298 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 1299 DW_I3C_TRANSFER_STATE_HALT); 1300 } 1301 } 1302 1303 static void dw_i3c_update_char_table(DWI3C *s, uint8_t offset, uint64_t pid, 1304 uint8_t bcr, uint8_t dcr, uint8_t addr) 1305 { 1306 if (offset > s->cfg.num_addressable_devices) { 1307 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1308 qemu_log_mask(LOG_GUEST_ERROR, "%s: Device char table offset %d out of " 1309 "bounds\n", path, offset); 1310 /* If we're out of bounds, do nothing. */ 1311 return; 1312 } 1313 1314 /* 1315 * Each device offset is 128 bits apart in the table, since each device gets 1316 * 4 * 32-bits of entries in the table. 1317 * / sizeof(uint32_t) because we're indexing into our 32-bit reg array. 1318 */ 1319 uint16_t dev_index = (ARRAY_FIELD_EX32(s->regs, DEV_CHAR_TABLE_POINTER, 1320 P_DEV_CHAR_TABLE_START_ADDR) / 1321 sizeof(uint32_t)) + 1322 (offset * sizeof(uint32_t)); 1323 s->regs[dev_index] = pid & 0xffffffff; 1324 pid >>= 32; 1325 s->regs[dev_index + 1] = FIELD_DP32(s->regs[dev_index + 1], 1326 DEVICE_CHARACTERISTIC_TABLE_LOC2, 1327 MSB_PID, pid); 1328 s->regs[dev_index + 2] = FIELD_DP32(s->regs[dev_index + 2], 1329 DEVICE_CHARACTERISTIC_TABLE_LOC3, DCR, 1330 dcr); 1331 s->regs[dev_index + 2] = FIELD_DP32(s->regs[dev_index + 2], 1332 DEVICE_CHARACTERISTIC_TABLE_LOC3, BCR, 1333 bcr); 1334 s->regs[dev_index + 3] = FIELD_DP32(s->regs[dev_index + 3], 1335 DEVICE_CHARACTERISTIC_TABLE_LOC4, 1336 DEV_DYNAMIC_ADDR, addr); 1337 1338 /* Increment PRESENT_DEV_CHAR_TABLE_INDEX. */ 1339 uint8_t idx = ARRAY_FIELD_EX32(s->regs, DEV_CHAR_TABLE_POINTER, 1340 PRESENT_DEV_CHAR_TABLE_INDEX); 1341 /* Increment and rollover. */ 1342 idx++; 1343 if (idx >= ARRAY_FIELD_EX32(s->regs, DEV_CHAR_TABLE_POINTER, 1344 DEV_CHAR_TABLE_DEPTH) / 4) { 1345 idx = 0; 1346 } 1347 ARRAY_FIELD_DP32(s->regs, DEV_CHAR_TABLE_POINTER, 1348 PRESENT_DEV_CHAR_TABLE_INDEX, idx); 1349 } 1350 1351 static void dw_i3c_addr_assign_cmd(DWI3C *s, DWI3CAddrAssignCmd cmd) 1352 { 1353 uint8_t i = 0; 1354 uint8_t err = DW_I3C_RESP_QUEUE_ERR_NONE; 1355 1356 /* Tell everyone to ENTDAA. If these error, no one is on the bus. */ 1357 if (dw_i3c_send_start(s, I3C_BROADCAST, /*is_recv=*/false, 1358 /*is_i2c=*/false)) { 1359 err = DW_I3C_RESP_QUEUE_ERR_BROADCAST_NACK; 1360 goto transfer_done; 1361 } 1362 if (dw_i3c_send_byte(s, cmd.cmd, /*is_i2c=*/false)) { 1363 err = DW_I3C_RESP_QUEUE_ERR_BROADCAST_NACK; 1364 goto transfer_done; 1365 } 1366 1367 /* Go through each device in the table and assign it an address. */ 1368 for (i = 0; i < cmd.dev_count; i++) { 1369 uint8_t addr = dw_i3c_target_addr(s, cmd.dev_index + i); 1370 union { 1371 uint64_t pid:48; 1372 uint8_t bcr; 1373 uint8_t dcr; 1374 uint32_t w[2]; 1375 uint8_t b[8]; 1376 } target_info; 1377 1378 /* If this fails, there was no one left to ENTDAA. */ 1379 if (dw_i3c_send_start(s, I3C_BROADCAST, /*is_recv=*/false, 1380 /*is_i2c=*/false)) { 1381 err = DW_I3C_RESP_QUEUE_ERR_BROADCAST_NACK; 1382 break; 1383 } 1384 1385 /* 1386 * In ENTDAA, we read 8 bytes from the target, which will be the 1387 * target's PID, BCR, and DCR. After that, we send it the dynamic 1388 * address. 1389 * Don't bother checking the number of bytes received, it must send 8 1390 * bytes during ENTDAA. 1391 */ 1392 uint32_t num_read; 1393 if (dw_i3c_recv_data(s, /*is_i2c=*/false, target_info.b, 1394 I3C_ENTDAA_SIZE, &num_read)) { 1395 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1396 qemu_log_mask(LOG_GUEST_ERROR, "%s: Target NACKed ENTDAA CCC\n", 1397 path); 1398 err = DW_I3C_RESP_QUEUE_ERR_DAA_NACK; 1399 goto transfer_done; 1400 } 1401 if (dw_i3c_send_byte(s, addr, /*is_i2c=*/false)) { 1402 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1403 qemu_log_mask(LOG_GUEST_ERROR, "%s: Target NACKed addr 0x%.2x " 1404 "during ENTDAA\n", path, addr); 1405 err = DW_I3C_RESP_QUEUE_ERR_DAA_NACK; 1406 break; 1407 } 1408 dw_i3c_update_char_table(s, cmd.dev_index + i, 1409 target_info.pid, target_info.bcr, 1410 target_info.dcr, addr); 1411 1412 /* Push the PID, BCR, and DCR to the RX queue. */ 1413 dw_i3c_push_rx(s, target_info.w[0]); 1414 dw_i3c_push_rx(s, target_info.w[1]); 1415 } 1416 1417 transfer_done: 1418 /* Do we send a STOP? */ 1419 if (cmd.toc) { 1420 dw_i3c_end_transfer(s, /*is_i2c=*/false); 1421 } 1422 /* 1423 * For addr assign commands, the length field is the number of devices 1424 * left to assign. CCCT is always 0 in controller mode. 1425 */ 1426 if (cmd.roc) { 1427 dw_i3c_resp_queue_push(s, err, cmd.tid, /*ccc_type=*/0, 1428 cmd.dev_count - i); 1429 } 1430 } 1431 1432 static uint32_t dw_i3c_cmd_queue_pop(DWI3C *s) 1433 { 1434 if (fifo32_is_empty(&s->cmd_queue)) { 1435 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1436 qemu_log_mask(LOG_GUEST_ERROR, "%s: Tried to dequeue command queue " 1437 "when it was empty\n", path); 1438 return 0; 1439 } 1440 uint32_t val = fifo32_pop(&s->cmd_queue); 1441 1442 uint8_t empty_threshold = ARRAY_FIELD_EX32(s->regs, QUEUE_THLD_CTRL, 1443 CMD_BUF_EMPTY_THLD); 1444 uint8_t cmd_queue_empty_loc = ARRAY_FIELD_EX32(s->regs, 1445 QUEUE_STATUS_LEVEL, 1446 CMD_QUEUE_EMPTY_LOC); 1447 cmd_queue_empty_loc++; 1448 ARRAY_FIELD_DP32(s->regs, QUEUE_STATUS_LEVEL, CMD_QUEUE_EMPTY_LOC, 1449 cmd_queue_empty_loc); 1450 if (cmd_queue_empty_loc >= empty_threshold) { 1451 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, CMD_QUEUE_RDY, 1); 1452 dw_i3c_update_irq(s); 1453 } 1454 1455 return val; 1456 } 1457 1458 static void dw_i3c_cmd_queue_execute(DWI3C *s) 1459 { 1460 ARRAY_FIELD_DP32(s->regs, PRESENT_STATE, CM_TFR_ST_STATUS, 1461 DW_I3C_TRANSFER_STATE_IDLE); 1462 if (!dw_i3c_can_transmit(s)) { 1463 return; 1464 } 1465 1466 /* 1467 * We only start executing when a command is passed into the FIFO. 1468 * We expect there to be a multiple of 2 items in the queue. The first item 1469 * should be an argument to a command, and the command should be the second 1470 * item. 1471 */ 1472 if (fifo32_num_used(&s->cmd_queue) & 1) { 1473 return; 1474 } 1475 1476 while (!fifo32_is_empty(&s->cmd_queue)) { 1477 DWI3CCmdQueueData arg; 1478 arg.word = dw_i3c_cmd_queue_pop(s); 1479 DWI3CCmdQueueData cmd; 1480 cmd.word = dw_i3c_cmd_queue_pop(s); 1481 trace_dw_i3c_cmd_queue_execute(s->cfg.id, cmd.word, arg.word); 1482 1483 uint8_t cmd_attr = FIELD_EX32(cmd.word, COMMAND_QUEUE_PORT, CMD_ATTR); 1484 switch (cmd_attr) { 1485 case DW_I3C_CMD_ATTR_TRANSFER_CMD: 1486 dw_i3c_transfer_cmd(s, cmd.transfer_cmd, arg); 1487 break; 1488 case DW_I3C_CMD_ATTR_ADDR_ASSIGN_CMD: 1489 /* Arg is discarded for addr assign commands. */ 1490 dw_i3c_addr_assign_cmd(s, cmd.addr_assign_cmd); 1491 break; 1492 case DW_I3C_CMD_ATTR_TRANSFER_ARG: 1493 case DW_I3C_CMD_ATTR_SHORT_DATA_ARG: 1494 { 1495 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1496 qemu_log_mask(LOG_GUEST_ERROR, "%s: Command queue received " 1497 "argument packet when it expected a command " 1498 "packet\n", path); 1499 } 1500 break; 1501 default: 1502 /* 1503 * The caller's check before queueing an item should prevent this 1504 * from happening. 1505 */ 1506 g_assert_not_reached(); 1507 break; 1508 } 1509 } 1510 } 1511 1512 static void dw_i3c_cmd_queue_push(DWI3C *s, uint32_t val) 1513 { 1514 if (fifo32_is_full(&s->cmd_queue)) { 1515 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1516 qemu_log_mask(LOG_GUEST_ERROR, "%s: Command queue received packet when " 1517 "already full\n", path); 1518 return; 1519 } 1520 trace_dw_i3c_cmd_queue_push(s->cfg.id, val); 1521 fifo32_push(&s->cmd_queue, val); 1522 1523 uint8_t empty_threshold = ARRAY_FIELD_EX32(s->regs, QUEUE_THLD_CTRL, 1524 CMD_BUF_EMPTY_THLD); 1525 uint8_t cmd_queue_empty_loc = ARRAY_FIELD_EX32(s->regs, 1526 QUEUE_STATUS_LEVEL, 1527 CMD_QUEUE_EMPTY_LOC); 1528 if (cmd_queue_empty_loc) { 1529 cmd_queue_empty_loc--; 1530 ARRAY_FIELD_DP32(s->regs, QUEUE_STATUS_LEVEL, CMD_QUEUE_EMPTY_LOC, 1531 cmd_queue_empty_loc); 1532 } 1533 if (cmd_queue_empty_loc < empty_threshold) { 1534 ARRAY_FIELD_DP32(s->regs, INTR_STATUS, CMD_QUEUE_RDY, 0); 1535 dw_i3c_update_irq(s); 1536 } 1537 } 1538 1539 static void dw_i3c_cmd_queue_port_w(DWI3C *s, uint32_t val) 1540 { 1541 uint8_t cmd_attr = FIELD_EX32(val, COMMAND_QUEUE_PORT, CMD_ATTR); 1542 1543 switch (cmd_attr) { 1544 /* If a command is received we can start executing it. */ 1545 case DW_I3C_CMD_ATTR_TRANSFER_CMD: 1546 case DW_I3C_CMD_ATTR_ADDR_ASSIGN_CMD: 1547 dw_i3c_cmd_queue_push(s, val); 1548 dw_i3c_cmd_queue_execute(s); 1549 break; 1550 /* If we get an argument just push it. */ 1551 case DW_I3C_CMD_ATTR_TRANSFER_ARG: 1552 case DW_I3C_CMD_ATTR_SHORT_DATA_ARG: 1553 dw_i3c_cmd_queue_push(s, val); 1554 break; 1555 default: 1556 { 1557 g_autofree char *path = object_get_canonical_path(OBJECT(s)); 1558 qemu_log_mask(LOG_GUEST_ERROR, "%s: Command queue received packet " 1559 "with unknown cmd attr 0x%x\n", path, cmd_attr); 1560 } 1561 break; 1562 } 1563 } 1564 1565 static void dw_i3c_write(void *opaque, hwaddr offset, uint64_t value, 1566 unsigned size) 1567 { 1568 DWI3C *s = DW_I3C(opaque); 1569 uint32_t addr = offset >> 2; 1570 uint32_t val32 = (uint32_t)value; 1571 1572 trace_dw_i3c_write(s->cfg.id, offset, value); 1573 1574 val32 &= ~dw_i3c_ro[addr]; 1575 switch (addr) { 1576 case R_HW_CAPABILITY: 1577 case R_RESPONSE_QUEUE_PORT: 1578 case R_IBI_QUEUE_DATA: 1579 case R_QUEUE_STATUS_LEVEL: 1580 case R_PRESENT_STATE: 1581 case R_CCC_DEVICE_STATUS: 1582 case R_DEVICE_ADDR_TABLE_POINTER: 1583 case R_VENDOR_SPECIFIC_REG_POINTER: 1584 case R_SLV_CHAR_CTRL: 1585 case R_SLV_MAX_LEN: 1586 case R_MAX_READ_TURNAROUND: 1587 case R_I3C_VER_ID: 1588 case R_I3C_VER_TYPE: 1589 case R_EXTENDED_CAPABILITY: 1590 qemu_log_mask(LOG_GUEST_ERROR, 1591 "%s: write to readonly register[0x%02" HWADDR_PRIx 1592 "] = 0x%08" PRIx64 "\n", 1593 __func__, offset, value); 1594 break; 1595 case R_RX_TX_DATA_PORT: 1596 dw_i3c_push_tx(s, val32); 1597 break; 1598 case R_COMMAND_QUEUE_PORT: 1599 dw_i3c_cmd_queue_port_w(s, val32); 1600 break; 1601 case R_RESET_CTRL: 1602 break; 1603 case R_INTR_STATUS: 1604 dw_i3c_intr_status_w(s, val32); 1605 break; 1606 case R_INTR_STATUS_EN: 1607 dw_i3c_intr_status_en_w(s, val32); 1608 break; 1609 case R_INTR_SIGNAL_EN: 1610 dw_i3c_intr_signal_en_w(s, val32); 1611 break; 1612 case R_INTR_FORCE: 1613 dw_i3c_intr_force_w(s, val32); 1614 break; 1615 default: 1616 s->regs[addr] = val32; 1617 break; 1618 } 1619 } 1620 1621 const VMStateDescription vmstate_dw_i3c = { 1622 .name = TYPE_DW_I3C, 1623 .version_id = 1, 1624 .minimum_version_id = 1, 1625 .fields = (VMStateField[]){ 1626 VMSTATE_UINT32_ARRAY(regs, DWI3C, DW_I3C_NR_REGS), 1627 VMSTATE_END_OF_LIST(), 1628 } 1629 }; 1630 1631 static const MemoryRegionOps dw_i3c_ops = { 1632 .read = dw_i3c_read, 1633 .write = dw_i3c_write, 1634 .endianness = DEVICE_LITTLE_ENDIAN, 1635 }; 1636 1637 static void dw_i3c_reset_enter(Object *obj, ResetType type) 1638 { 1639 DWI3C *s = DW_I3C(obj); 1640 1641 memcpy(s->regs, dw_i3c_resets, sizeof(s->regs)); 1642 /* 1643 * The user config for these may differ from our resets array, set them 1644 * manually. 1645 */ 1646 ARRAY_FIELD_DP32(s->regs, DEVICE_ADDR_TABLE_POINTER, ADDR, 1647 s->cfg.dev_addr_table_pointer); 1648 ARRAY_FIELD_DP32(s->regs, DEVICE_ADDR_TABLE_POINTER, DEPTH, 1649 s->cfg.dev_addr_table_depth); 1650 ARRAY_FIELD_DP32(s->regs, DEV_CHAR_TABLE_POINTER, 1651 P_DEV_CHAR_TABLE_START_ADDR, 1652 s->cfg.dev_char_table_pointer); 1653 ARRAY_FIELD_DP32(s->regs, DEV_CHAR_TABLE_POINTER, DEV_CHAR_TABLE_DEPTH, 1654 s->cfg.dev_char_table_depth); 1655 } 1656 1657 static void dw_i3c_realize(DeviceState *dev, Error **errp) 1658 { 1659 DWI3C *s = DW_I3C(dev); 1660 g_autofree char *name = g_strdup_printf(TYPE_DW_I3C ".%d", s->cfg.id); 1661 1662 sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq); 1663 1664 memory_region_init_io(&s->mr, OBJECT(s), &dw_i3c_ops, s, name, 1665 DW_I3C_NR_REGS << 2); 1666 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->mr); 1667 1668 fifo32_create(&s->cmd_queue, s->cfg.cmd_resp_queue_capacity_bytes); 1669 fifo32_create(&s->resp_queue, s->cfg.cmd_resp_queue_capacity_bytes); 1670 fifo32_create(&s->tx_queue, s->cfg.tx_rx_queue_capacity_bytes); 1671 fifo32_create(&s->rx_queue, s->cfg.tx_rx_queue_capacity_bytes); 1672 fifo32_create(&s->ibi_queue, s->cfg.ibi_queue_capacity_bytes); 1673 /* Arbitrarily large enough to not be an issue. */ 1674 fifo8_create(&s->ibi_data.ibi_intermediate_queue, 1675 s->cfg.ibi_queue_capacity_bytes * 8); 1676 1677 s->bus = i3c_init_bus(DEVICE(s), name); 1678 I3CBusClass *bc = I3C_BUS_GET_CLASS(s->bus); 1679 bc->ibi_handle = dw_i3c_ibi_handle; 1680 bc->ibi_recv = dw_i3c_ibi_recv; 1681 bc->ibi_finish = dw_i3c_ibi_finish; 1682 } 1683 1684 static const Property dw_i3c_properties[] = { 1685 DEFINE_PROP_UINT8("device-id", DWI3C, cfg.id, 0), 1686 DEFINE_PROP_UINT8("command-response-queue-capacity-bytes", DWI3C, 1687 cfg.cmd_resp_queue_capacity_bytes, 0x10), 1688 DEFINE_PROP_UINT16("tx-rx-queue-capacity-bytes", DWI3C, 1689 cfg.tx_rx_queue_capacity_bytes, 0x40), 1690 DEFINE_PROP_UINT8("ibi-queue-capacity-bytes", DWI3C, 1691 cfg.ibi_queue_capacity_bytes, 0x10), 1692 DEFINE_PROP_UINT8("num-addressable-devices", DWI3C, 1693 cfg.num_addressable_devices, 8), 1694 DEFINE_PROP_UINT16("dev-addr-table-pointer", DWI3C, 1695 cfg.dev_addr_table_pointer, 0x280), 1696 DEFINE_PROP_UINT16("dev-addr-table-depth", DWI3C, 1697 cfg.dev_addr_table_depth, 0x08), 1698 DEFINE_PROP_UINT16("dev-char-table-pointer", DWI3C, 1699 cfg.dev_char_table_pointer, 0x200), 1700 DEFINE_PROP_UINT16("dev-char-table-depth", DWI3C, 1701 cfg.dev_char_table_depth, 0x20), 1702 }; 1703 1704 static void dw_i3c_class_init(ObjectClass *klass, const void *data) 1705 { 1706 DeviceClass *dc = DEVICE_CLASS(klass); 1707 ResettableClass *rc = RESETTABLE_CLASS(klass); 1708 1709 rc->phases.enter = dw_i3c_reset_enter; 1710 1711 dc->desc = "DesignWare I3C Controller"; 1712 dc->realize = dw_i3c_realize; 1713 dc->vmsd = &vmstate_dw_i3c; 1714 device_class_set_props(dc, dw_i3c_properties); 1715 } 1716 1717 static const TypeInfo dw_i3c_info = { 1718 .name = TYPE_DW_I3C, 1719 .parent = TYPE_SYS_BUS_DEVICE, 1720 .instance_size = sizeof(DWI3C), 1721 .class_init = dw_i3c_class_init, 1722 }; 1723 1724 static void dw_i3c_register_types(void) 1725 { 1726 type_register_static(&dw_i3c_info); 1727 } 1728 1729 type_init(dw_i3c_register_types); 1730