1 /* 2 * Raspberry Pi emulation (c) 2012 Gregory Estrade 3 * This code is licensed under the GNU GPLv2 and later. 4 * 5 * This file models the system mailboxes, which are used for 6 * communication with low-bandwidth GPU peripherals. Refs: 7 * https://github.com/raspberrypi/firmware/wiki/Mailboxes 8 * https://github.com/raspberrypi/firmware/wiki/Accessing-mailboxes 9 */ 10 11 #include "qemu/osdep.h" 12 #include "qapi/error.h" 13 #include "hw/irq.h" 14 #include "hw/misc/bcm2835_mbox.h" 15 #include "migration/vmstate.h" 16 #include "qemu/log.h" 17 #include "qemu/module.h" 18 19 #define MAIL0_PEEK 0x90 20 #define MAIL0_SENDER 0x94 21 #define MAIL1_STATUS 0xb8 22 23 /* Mailbox status register */ 24 #define MAIL0_STATUS 0x98 25 #define ARM_MS_FULL 0x80000000 26 #define ARM_MS_EMPTY 0x40000000 27 #define ARM_MS_LEVEL 0x400000FF /* Max. value depends on mailbox depth */ 28 29 /* MAILBOX config/status register */ 30 #define MAIL0_CONFIG 0x9c 31 /* ANY write to this register clears the error bits! */ 32 #define ARM_MC_IHAVEDATAIRQEN 0x00000001 /* mbox irq enable: has data */ 33 #define ARM_MC_IHAVESPACEIRQEN 0x00000002 /* mbox irq enable: has space */ 34 #define ARM_MC_OPPISEMPTYIRQEN 0x00000004 /* mbox irq enable: Opp is empty */ 35 #define ARM_MC_MAIL_CLEAR 0x00000008 /* mbox clear write 1, then 0 */ 36 #define ARM_MC_IHAVEDATAIRQPEND 0x00000010 /* mbox irq pending: has space */ 37 #define ARM_MC_IHAVESPACEIRQPEND 0x00000020 /* mbox irq pending: Opp is empty */ 38 #define ARM_MC_OPPISEMPTYIRQPEND 0x00000040 /* mbox irq pending */ 39 /* Bit 7 is unused */ 40 #define ARM_MC_ERRNOOWN 0x00000100 /* error : none owner read from mailbox */ 41 #define ARM_MC_ERROVERFLW 0x00000200 /* error : write to fill mailbox */ 42 #define ARM_MC_ERRUNDRFLW 0x00000400 /* error : read from empty mailbox */ 43 44 static void mbox_update_status(BCM2835Mbox *mb) 45 { 46 mb->status &= ~(ARM_MS_EMPTY | ARM_MS_FULL); 47 if (mb->count == 0) { 48 mb->status |= ARM_MS_EMPTY; 49 } else if (mb->count == MBOX_SIZE) { 50 mb->status |= ARM_MS_FULL; 51 } 52 } 53 54 static void mbox_reset(BCM2835Mbox *mb) 55 { 56 int n; 57 58 mb->count = 0; 59 mb->config = 0; 60 for (n = 0; n < MBOX_SIZE; n++) { 61 mb->reg[n] = MBOX_INVALID_DATA; 62 } 63 mbox_update_status(mb); 64 } 65 66 static uint32_t mbox_pull(BCM2835Mbox *mb, int index) 67 { 68 int n; 69 uint32_t val; 70 71 assert(mb->count > 0); 72 assert(index < mb->count); 73 74 val = mb->reg[index]; 75 for (n = index + 1; n < mb->count; n++) { 76 mb->reg[n - 1] = mb->reg[n]; 77 } 78 mb->count--; 79 mb->reg[mb->count] = MBOX_INVALID_DATA; 80 81 mbox_update_status(mb); 82 83 return val; 84 } 85 86 static void mbox_push(BCM2835Mbox *mb, uint32_t val) 87 { 88 assert(mb->count < MBOX_SIZE); 89 mb->reg[mb->count++] = val; 90 mbox_update_status(mb); 91 } 92 93 static void bcm2835_mbox_update(BCM2835MboxState *s) 94 { 95 uint32_t value; 96 bool set; 97 int n; 98 99 s->mbox_irq_disabled = true; 100 101 /* Get pending responses and put them in the vc->arm mbox, 102 * as long as it's not full 103 */ 104 for (n = 0; n < MBOX_CHAN_COUNT; n++) { 105 while (s->available[n] && !(s->mbox[0].status & ARM_MS_FULL)) { 106 value = ldl_le_phys(&s->mbox_as, n << MBOX_AS_CHAN_SHIFT); 107 assert(value != MBOX_INVALID_DATA); /* Pending interrupt but no data */ 108 mbox_push(&s->mbox[0], value); 109 } 110 } 111 112 /* TODO (?): Try to push pending requests from the arm->vc mbox */ 113 114 /* Re-enable calls from the IRQ routine */ 115 s->mbox_irq_disabled = false; 116 117 /* Update ARM IRQ status */ 118 set = false; 119 s->mbox[0].config &= ~ARM_MC_IHAVEDATAIRQPEND; 120 if (!(s->mbox[0].status & ARM_MS_EMPTY)) { 121 s->mbox[0].config |= ARM_MC_IHAVEDATAIRQPEND; 122 if (s->mbox[0].config & ARM_MC_IHAVEDATAIRQEN) { 123 set = true; 124 } 125 } 126 qemu_set_irq(s->arm_irq, set); 127 } 128 129 static void bcm2835_mbox_set_irq(void *opaque, int irq, int level) 130 { 131 BCM2835MboxState *s = opaque; 132 133 s->available[irq] = level; 134 135 /* avoid recursively calling bcm2835_mbox_update when the interrupt 136 * status changes due to the ldl_phys call within that function 137 */ 138 if (!s->mbox_irq_disabled) { 139 bcm2835_mbox_update(s); 140 } 141 } 142 143 static uint64_t bcm2835_mbox_read(void *opaque, hwaddr offset, unsigned size) 144 { 145 BCM2835MboxState *s = opaque; 146 uint32_t res = 0; 147 148 offset &= 0xff; 149 150 switch (offset) { 151 case 0x80 ... 0x8c: /* MAIL0_READ */ 152 if (s->mbox[0].status & ARM_MS_EMPTY) { 153 res = MBOX_INVALID_DATA; 154 } else { 155 res = mbox_pull(&s->mbox[0], 0); 156 } 157 break; 158 159 case MAIL0_PEEK: 160 res = s->mbox[0].reg[0]; 161 break; 162 163 case MAIL0_SENDER: 164 break; 165 166 case MAIL0_STATUS: 167 res = s->mbox[0].status; 168 break; 169 170 case MAIL0_CONFIG: 171 res = s->mbox[0].config; 172 break; 173 174 case MAIL1_STATUS: 175 res = s->mbox[1].status; 176 break; 177 178 default: 179 qemu_log_mask(LOG_UNIMP, "%s: Unsupported offset 0x%"HWADDR_PRIx"\n", 180 __func__, offset); 181 return 0; 182 } 183 184 bcm2835_mbox_update(s); 185 186 return res; 187 } 188 189 static void bcm2835_mbox_write(void *opaque, hwaddr offset, 190 uint64_t value, unsigned size) 191 { 192 BCM2835MboxState *s = opaque; 193 hwaddr childaddr; 194 uint8_t ch; 195 196 offset &= 0xff; 197 198 switch (offset) { 199 case MAIL0_SENDER: 200 break; 201 202 case MAIL0_CONFIG: 203 s->mbox[0].config &= ~ARM_MC_IHAVEDATAIRQEN; 204 s->mbox[0].config |= value & ARM_MC_IHAVEDATAIRQEN; 205 break; 206 207 case 0xa0 ... 0xac: /* MAIL1_WRITE */ 208 if (s->mbox[1].status & ARM_MS_FULL) { 209 /* Mailbox full */ 210 qemu_log_mask(LOG_GUEST_ERROR, "%s: mailbox full\n", __func__); 211 } else { 212 ch = value & 0xf; 213 if (ch < MBOX_CHAN_COUNT) { 214 childaddr = ch << MBOX_AS_CHAN_SHIFT; 215 if (ldl_le_phys(&s->mbox_as, childaddr + MBOX_AS_PENDING)) { 216 /* Child busy, push delayed. Push it in the arm->vc mbox */ 217 mbox_push(&s->mbox[1], value); 218 } else { 219 /* Push it directly to the child device */ 220 stl_le_phys(&s->mbox_as, childaddr, value); 221 } 222 } else { 223 /* Invalid channel number */ 224 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid channel %u\n", 225 __func__, ch); 226 } 227 } 228 break; 229 230 default: 231 qemu_log_mask(LOG_UNIMP, "%s: Unsupported offset 0x%"HWADDR_PRIx 232 " value 0x%"PRIx64"\n", 233 __func__, offset, value); 234 return; 235 } 236 237 bcm2835_mbox_update(s); 238 } 239 240 static const MemoryRegionOps bcm2835_mbox_ops = { 241 .read = bcm2835_mbox_read, 242 .write = bcm2835_mbox_write, 243 .endianness = DEVICE_NATIVE_ENDIAN, 244 .valid.min_access_size = 4, 245 .valid.max_access_size = 4, 246 }; 247 248 /* vmstate of a single mailbox */ 249 static const VMStateDescription vmstate_bcm2835_mbox_box = { 250 .name = TYPE_BCM2835_MBOX "_box", 251 .version_id = 1, 252 .minimum_version_id = 1, 253 .fields = (VMStateField[]) { 254 VMSTATE_UINT32_ARRAY(reg, BCM2835Mbox, MBOX_SIZE), 255 VMSTATE_UINT32(count, BCM2835Mbox), 256 VMSTATE_UINT32(status, BCM2835Mbox), 257 VMSTATE_UINT32(config, BCM2835Mbox), 258 VMSTATE_END_OF_LIST() 259 } 260 }; 261 262 /* vmstate of the entire device */ 263 static const VMStateDescription vmstate_bcm2835_mbox = { 264 .name = TYPE_BCM2835_MBOX, 265 .version_id = 1, 266 .minimum_version_id = 1, 267 .minimum_version_id_old = 1, 268 .fields = (VMStateField[]) { 269 VMSTATE_BOOL_ARRAY(available, BCM2835MboxState, MBOX_CHAN_COUNT), 270 VMSTATE_STRUCT_ARRAY(mbox, BCM2835MboxState, 2, 1, 271 vmstate_bcm2835_mbox_box, BCM2835Mbox), 272 VMSTATE_END_OF_LIST() 273 } 274 }; 275 276 static void bcm2835_mbox_init(Object *obj) 277 { 278 BCM2835MboxState *s = BCM2835_MBOX(obj); 279 280 memory_region_init_io(&s->iomem, obj, &bcm2835_mbox_ops, s, 281 TYPE_BCM2835_MBOX, 0x400); 282 sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem); 283 sysbus_init_irq(SYS_BUS_DEVICE(s), &s->arm_irq); 284 qdev_init_gpio_in(DEVICE(s), bcm2835_mbox_set_irq, MBOX_CHAN_COUNT); 285 } 286 287 static void bcm2835_mbox_reset(DeviceState *dev) 288 { 289 BCM2835MboxState *s = BCM2835_MBOX(dev); 290 int n; 291 292 mbox_reset(&s->mbox[0]); 293 mbox_reset(&s->mbox[1]); 294 s->mbox_irq_disabled = false; 295 for (n = 0; n < MBOX_CHAN_COUNT; n++) { 296 s->available[n] = false; 297 } 298 } 299 300 static void bcm2835_mbox_realize(DeviceState *dev, Error **errp) 301 { 302 BCM2835MboxState *s = BCM2835_MBOX(dev); 303 Object *obj; 304 Error *err = NULL; 305 306 obj = object_property_get_link(OBJECT(dev), "mbox-mr", &err); 307 if (obj == NULL) { 308 error_setg(errp, "%s: required mbox-mr link not found: %s", 309 __func__, error_get_pretty(err)); 310 return; 311 } 312 313 s->mbox_mr = MEMORY_REGION(obj); 314 address_space_init(&s->mbox_as, s->mbox_mr, NULL); 315 bcm2835_mbox_reset(dev); 316 } 317 318 static void bcm2835_mbox_class_init(ObjectClass *klass, void *data) 319 { 320 DeviceClass *dc = DEVICE_CLASS(klass); 321 322 dc->realize = bcm2835_mbox_realize; 323 dc->reset = bcm2835_mbox_reset; 324 dc->vmsd = &vmstate_bcm2835_mbox; 325 } 326 327 static TypeInfo bcm2835_mbox_info = { 328 .name = TYPE_BCM2835_MBOX, 329 .parent = TYPE_SYS_BUS_DEVICE, 330 .instance_size = sizeof(BCM2835MboxState), 331 .class_init = bcm2835_mbox_class_init, 332 .instance_init = bcm2835_mbox_init, 333 }; 334 335 static void bcm2835_mbox_register_types(void) 336 { 337 type_register_static(&bcm2835_mbox_info); 338 } 339 340 type_init(bcm2835_mbox_register_types) 341