xref: /openbmc/qemu/hw/net/can/can_sja1000.c (revision 666952ea7c12c4c44282a3b00b817509008df215)
1 /*
2  * CAN device - SJA1000 chip emulation for QEMU
3  *
4  * Copyright (c) 2013-2014 Jin Yang
5  * Copyright (c) 2014-2018 Pavel Pisa
6  *
7  * Initial development supported by Google GSoC 2013 from RTEMS project slot
8  *
9  * Permission is hereby granted, free of charge, to any person obtaining a copy
10  * of this software and associated documentation files (the "Software"), to deal
11  * in the Software without restriction, including without limitation the rights
12  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
13  * copies of the Software, and to permit persons to whom the Software is
14  * furnished to do so, subject to the following conditions:
15  *
16  * The above copyright notice and this permission notice shall be included in
17  * all copies or substantial portions of the Software.
18  *
19  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
22  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
23  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
24  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25  * THE SOFTWARE.
26  */
27 #include "qemu/osdep.h"
28 #include "qemu/log.h"
29 #include "chardev/char.h"
30 #include "hw/hw.h"
31 #include "net/can_emu.h"
32 
33 #include "can_sja1000.h"
34 
35 #ifndef DEBUG_FILTER
36 #define DEBUG_FILTER 0
37 #endif /*DEBUG_FILTER*/
38 
39 #ifndef DEBUG_CAN
40 #define DEBUG_CAN 0
41 #endif /*DEBUG_CAN*/
42 
43 #define DPRINTF(fmt, ...) \
44     do { \
45         if (DEBUG_CAN) { \
46             qemu_log("[cansja]: " fmt , ## __VA_ARGS__); \
47         } \
48     } while (0)
49 
50 static void can_sja_software_reset(CanSJA1000State *s)
51 {
52     s->mode        &= ~0x31;
53     s->mode        |= 0x01;
54     s->status_pel  &= ~0x37;
55     s->status_pel  |= 0x34;
56 
57     s->rxbuf_start = 0x00;
58     s->rxmsg_cnt   = 0x00;
59     s->rx_cnt      = 0x00;
60 }
61 
62 void can_sja_hardware_reset(CanSJA1000State *s)
63 {
64     /* Reset by hardware, p10 */
65     s->mode        = 0x01;
66     s->status_pel  = 0x3c;
67     s->interrupt_pel = 0x00;
68     s->clock       = 0x00;
69     s->rxbuf_start = 0x00;
70     s->rxmsg_cnt   = 0x00;
71     s->rx_cnt      = 0x00;
72 
73     s->control     = 0x01;
74     s->status_bas  = 0x0c;
75     s->interrupt_bas = 0x00;
76 
77     qemu_irq_lower(s->irq);
78 }
79 
80 static
81 void can_sja_single_filter(struct qemu_can_filter *filter,
82             const uint8_t *acr,  const uint8_t *amr, int extended)
83 {
84     if (extended) {
85         filter->can_id = (uint32_t)acr[0] << 21;
86         filter->can_id |= (uint32_t)acr[1] << 13;
87         filter->can_id |= (uint32_t)acr[2] << 5;
88         filter->can_id |= (uint32_t)acr[3] >> 3;
89         if (acr[3] & 4) {
90             filter->can_id |= QEMU_CAN_RTR_FLAG;
91         }
92 
93         filter->can_mask = (uint32_t)amr[0] << 21;
94         filter->can_mask |= (uint32_t)amr[1] << 13;
95         filter->can_mask |= (uint32_t)amr[2] << 5;
96         filter->can_mask |= (uint32_t)amr[3] >> 3;
97         filter->can_mask = ~filter->can_mask & QEMU_CAN_EFF_MASK;
98         if (!(amr[3] & 4)) {
99             filter->can_mask |= QEMU_CAN_RTR_FLAG;
100         }
101     } else {
102         filter->can_id = (uint32_t)acr[0] << 3;
103         filter->can_id |= (uint32_t)acr[1] >> 5;
104         if (acr[1] & 0x10) {
105             filter->can_id |= QEMU_CAN_RTR_FLAG;
106         }
107 
108         filter->can_mask = (uint32_t)amr[0] << 3;
109         filter->can_mask |= (uint32_t)amr[1] << 5;
110         filter->can_mask = ~filter->can_mask & QEMU_CAN_SFF_MASK;
111         if (!(amr[1] & 0x10)) {
112             filter->can_mask |= QEMU_CAN_RTR_FLAG;
113         }
114     }
115 }
116 
117 static
118 void can_sja_dual_filter(struct qemu_can_filter *filter,
119             const uint8_t *acr,  const uint8_t *amr, int extended)
120 {
121     if (extended) {
122         filter->can_id = (uint32_t)acr[0] << 21;
123         filter->can_id |= (uint32_t)acr[1] << 13;
124 
125         filter->can_mask = (uint32_t)amr[0] << 21;
126         filter->can_mask |= (uint32_t)amr[1] << 13;
127         filter->can_mask = ~filter->can_mask & QEMU_CAN_EFF_MASK & ~0x1fff;
128     } else {
129         filter->can_id = (uint32_t)acr[0] << 3;
130         filter->can_id |= (uint32_t)acr[1] >> 5;
131         if (acr[1] & 0x10) {
132             filter->can_id |= QEMU_CAN_RTR_FLAG;
133         }
134 
135         filter->can_mask = (uint32_t)amr[0] << 3;
136         filter->can_mask |= (uint32_t)amr[1] >> 5;
137         filter->can_mask = ~filter->can_mask & QEMU_CAN_SFF_MASK;
138         if (!(amr[1] & 0x10)) {
139             filter->can_mask |= QEMU_CAN_RTR_FLAG;
140         }
141     }
142 }
143 
144 /* Details in DS-p22, what we need to do here is to test the data. */
145 static
146 int can_sja_accept_filter(CanSJA1000State *s,
147                                  const qemu_can_frame *frame)
148 {
149 
150     struct qemu_can_filter filter;
151 
152     if (s->clock & 0x80) { /* PeliCAN Mode */
153         if (s->mode & (1 << 3)) { /* Single mode. */
154             if (frame->can_id & QEMU_CAN_EFF_FLAG) { /* EFF */
155                 can_sja_single_filter(&filter,
156                     s->code_mask + 0, s->code_mask + 4, 1);
157 
158                 if (!can_bus_filter_match(&filter, frame->can_id)) {
159                     return 0;
160                 }
161             } else { /* SFF */
162                 can_sja_single_filter(&filter,
163                     s->code_mask + 0, s->code_mask + 4, 0);
164 
165                 if (!can_bus_filter_match(&filter, frame->can_id)) {
166                     return 0;
167                 }
168 
169                 if (frame->can_id & QEMU_CAN_RTR_FLAG) { /* RTR */
170                     return 1;
171                 }
172 
173                 if (frame->can_dlc == 0) {
174                     return 1;
175                 }
176 
177                 if ((frame->data[0] & ~(s->code_mask[6])) !=
178                    (s->code_mask[2] & ~(s->code_mask[6]))) {
179                     return 0;
180                 }
181 
182                 if (frame->can_dlc < 2) {
183                     return 1;
184                 }
185 
186                 if ((frame->data[1] & ~(s->code_mask[7])) ==
187                     (s->code_mask[3] & ~(s->code_mask[7]))) {
188                     return 1;
189                 }
190 
191                 return 0;
192             }
193         } else { /* Dual mode */
194             if (frame->can_id & QEMU_CAN_EFF_FLAG) { /* EFF */
195                 can_sja_dual_filter(&filter,
196                     s->code_mask + 0, s->code_mask + 4, 1);
197 
198                 if (can_bus_filter_match(&filter, frame->can_id)) {
199                     return 1;
200                 }
201 
202                 can_sja_dual_filter(&filter,
203                     s->code_mask + 2, s->code_mask + 6, 1);
204 
205                 if (can_bus_filter_match(&filter, frame->can_id)) {
206                     return 1;
207                 }
208 
209                 return 0;
210             } else {
211                 can_sja_dual_filter(&filter,
212                     s->code_mask + 0, s->code_mask + 4, 0);
213 
214                 if (can_bus_filter_match(&filter, frame->can_id)) {
215                     uint8_t expect;
216                     uint8_t mask;
217                     expect = s->code_mask[1] << 4;
218                     expect |= s->code_mask[3] & 0x0f;
219 
220                     mask = s->code_mask[5] << 4;
221                     mask |= s->code_mask[7] & 0x0f;
222                         mask = ~mask & 0xff;
223 
224                     if ((frame->data[0] & mask) ==
225                         (expect & mask)) {
226                         return 1;
227                     }
228                 }
229 
230                 can_sja_dual_filter(&filter,
231                     s->code_mask + 2, s->code_mask + 6, 0);
232 
233                 if (can_bus_filter_match(&filter, frame->can_id)) {
234                     return 1;
235                 }
236 
237                 return 0;
238             }
239         }
240     }
241 
242     return 1;
243 }
244 
245 static void can_display_msg(const char *prefix, const qemu_can_frame *msg)
246 {
247     int i;
248 
249     qemu_log_lock();
250     qemu_log("%s%03X [%01d] %s %s",
251              prefix,
252              msg->can_id & QEMU_CAN_EFF_MASK,
253              msg->can_dlc,
254              msg->can_id & QEMU_CAN_EFF_FLAG ? "EFF" : "SFF",
255              msg->can_id & QEMU_CAN_RTR_FLAG ? "RTR" : "DAT");
256 
257     for (i = 0; i < msg->can_dlc; i++) {
258         qemu_log(" %02X", msg->data[i]);
259     }
260     qemu_log("\n");
261     qemu_log_flush();
262     qemu_log_unlock();
263 }
264 
265 static void buff2frame_pel(const uint8_t *buff, qemu_can_frame *frame)
266 {
267     uint8_t i;
268 
269     frame->can_id = 0;
270     if (buff[0] & 0x40) { /* RTR */
271         frame->can_id = QEMU_CAN_RTR_FLAG;
272     }
273     frame->can_dlc = buff[0] & 0x0f;
274 
275     if (buff[0] & 0x80) { /* Extended */
276         frame->can_id |= QEMU_CAN_EFF_FLAG;
277         frame->can_id |= buff[1] << 21; /* ID.28~ID.21 */
278         frame->can_id |= buff[2] << 13; /* ID.20~ID.13 */
279         frame->can_id |= buff[3] <<  5;
280         frame->can_id |= buff[4] >>  3;
281         for (i = 0; i < frame->can_dlc; i++) {
282             frame->data[i] = buff[5 + i];
283         }
284         for (; i < 8; i++) {
285             frame->data[i] = 0;
286         }
287     } else {
288         frame->can_id |= buff[1] <<  3;
289         frame->can_id |= buff[2] >>  5;
290         for (i = 0; i < frame->can_dlc; i++) {
291             frame->data[i] = buff[3 + i];
292         }
293         for (; i < 8; i++) {
294             frame->data[i] = 0;
295         }
296     }
297 }
298 
299 
300 static void buff2frame_bas(const uint8_t *buff, qemu_can_frame *frame)
301 {
302     uint8_t i;
303 
304     frame->can_id = ((buff[0] << 3) & (0xff << 3)) + ((buff[1] >> 5) & 0x07);
305     if (buff[1] & 0x10) { /* RTR */
306         frame->can_id = QEMU_CAN_RTR_FLAG;
307     }
308     frame->can_dlc = buff[1] & 0x0f;
309 
310     for (i = 0; i < frame->can_dlc; i++) {
311         frame->data[i] = buff[2 + i];
312     }
313     for (; i < 8; i++) {
314         frame->data[i] = 0;
315     }
316 }
317 
318 
319 static int frame2buff_pel(const qemu_can_frame *frame, uint8_t *buff)
320 {
321     int i;
322 
323     if (frame->can_id & QEMU_CAN_ERR_FLAG) { /* error frame, NOT support now. */
324         return -1;
325     }
326 
327     buff[0] = 0x0f & frame->can_dlc; /* DLC */
328     if (frame->can_id & QEMU_CAN_RTR_FLAG) { /* RTR */
329         buff[0] |= (1 << 6);
330     }
331     if (frame->can_id & QEMU_CAN_EFF_FLAG) { /* EFF */
332         buff[0] |= (1 << 7);
333         buff[1] = extract32(frame->can_id, 21, 8); /* ID.28~ID.21 */
334         buff[2] = extract32(frame->can_id, 13, 8); /* ID.20~ID.13 */
335         buff[3] = extract32(frame->can_id, 5, 8);  /* ID.12~ID.05 */
336         buff[4] = extract32(frame->can_id, 0, 5) << 3; /* ID.04~ID.00,xxx */
337         for (i = 0; i < frame->can_dlc; i++) {
338             buff[5 + i] = frame->data[i];
339         }
340         return frame->can_dlc + 5;
341     } else { /* SFF */
342         buff[1] = extract32(frame->can_id, 3, 8); /* ID.10~ID.03 */
343         buff[2] = extract32(frame->can_id, 0, 3) << 5; /* ID.02~ID.00,xxxxx */
344         for (i = 0; i < frame->can_dlc; i++) {
345             buff[3 + i] = frame->data[i];
346         }
347 
348         return frame->can_dlc + 3;
349     }
350 
351     return -1;
352 }
353 
354 static int frame2buff_bas(const qemu_can_frame *frame, uint8_t *buff)
355 {
356     int i;
357 
358      /*
359       * EFF, no support for BasicMode
360       * No use for Error frames now,
361       * they could be used in future to update SJA1000 error state
362       */
363     if ((frame->can_id & QEMU_CAN_EFF_FLAG) ||
364        (frame->can_id & QEMU_CAN_ERR_FLAG)) {
365         return -1;
366     }
367 
368     buff[0] = extract32(frame->can_id, 3, 8); /* ID.10~ID.03 */
369     buff[1] = extract32(frame->can_id, 0, 3) << 5; /* ID.02~ID.00,xxxxx */
370     if (frame->can_id & QEMU_CAN_RTR_FLAG) { /* RTR */
371         buff[1] |= (1 << 4);
372     }
373     buff[1] |= frame->can_dlc & 0x0f;
374     for (i = 0; i < frame->can_dlc; i++) {
375         buff[2 + i] = frame->data[i];
376     }
377 
378     return frame->can_dlc + 2;
379 }
380 
381 static void can_sja_update_pel_irq(CanSJA1000State *s)
382 {
383     if (s->interrupt_en & s->interrupt_pel) {
384         qemu_irq_raise(s->irq);
385     } else {
386         qemu_irq_lower(s->irq);
387     }
388 }
389 
390 static void can_sja_update_bas_irq(CanSJA1000State *s)
391 {
392     if ((s->control >> 1) & s->interrupt_bas) {
393         qemu_irq_raise(s->irq);
394     } else {
395         qemu_irq_lower(s->irq);
396     }
397 }
398 
399 void can_sja_mem_write(CanSJA1000State *s, hwaddr addr, uint64_t val,
400                        unsigned size)
401 {
402     qemu_can_frame   frame;
403     uint32_t         tmp;
404     uint8_t          tmp8, count;
405 
406 
407     DPRINTF("write 0x%02llx addr 0x%02x\n",
408             (unsigned long long)val, (unsigned int)addr);
409 
410     if (addr > CAN_SJA_MEM_SIZE) {
411         return ;
412     }
413 
414     if (s->clock & 0x80) { /* PeliCAN Mode */
415         switch (addr) {
416         case SJA_MOD: /* Mode register */
417             s->mode = 0x1f & val;
418             if ((s->mode & 0x01) && ((val & 0x01) == 0)) {
419                 /* Go to operation mode from reset mode. */
420                 if (s->mode & (1 << 3)) { /* Single mode. */
421                     /* For EFF */
422                     can_sja_single_filter(&s->filter[0],
423                         s->code_mask + 0, s->code_mask + 4, 1);
424 
425                     /* For SFF */
426                     can_sja_single_filter(&s->filter[1],
427                         s->code_mask + 0, s->code_mask + 4, 0);
428 
429                     can_bus_client_set_filters(&s->bus_client, s->filter, 2);
430                 } else { /* Dual mode */
431                     /* For EFF */
432                     can_sja_dual_filter(&s->filter[0],
433                         s->code_mask + 0, s->code_mask + 4, 1);
434 
435                     can_sja_dual_filter(&s->filter[1],
436                         s->code_mask + 2, s->code_mask + 6, 1);
437 
438                     /* For SFF */
439                     can_sja_dual_filter(&s->filter[2],
440                         s->code_mask + 0, s->code_mask + 4, 0);
441 
442                     can_sja_dual_filter(&s->filter[3],
443                         s->code_mask + 2, s->code_mask + 6, 0);
444 
445                     can_bus_client_set_filters(&s->bus_client, s->filter, 4);
446                 }
447 
448                 s->rxmsg_cnt = 0;
449                 s->rx_cnt = 0;
450             }
451             break;
452 
453         case SJA_CMR: /* Command register. */
454             if (0x01 & val) { /* Send transmission request. */
455                 buff2frame_pel(s->tx_buff, &frame);
456                 if (DEBUG_FILTER) {
457                     can_display_msg("[cansja]: Tx request " , &frame);
458                 }
459 
460                 /*
461                  * Clear transmission complete status,
462                  * and Transmit Buffer Status.
463                  * write to the backends.
464                  */
465                 s->status_pel &= ~(3 << 2);
466 
467                 can_bus_client_send(&s->bus_client, &frame, 1);
468 
469                 /*
470                  * Set transmission complete status
471                  * and Transmit Buffer Status.
472                  */
473                 s->status_pel |= (3 << 2);
474 
475                 /* Clear transmit status. */
476                 s->status_pel &= ~(1 << 5);
477                 s->interrupt_pel |= 0x02;
478                 can_sja_update_pel_irq(s);
479             }
480             if (0x04 & val) { /* Release Receive Buffer */
481                 if (s->rxmsg_cnt <= 0) {
482                     break;
483                 }
484 
485                 tmp8 = s->rx_buff[s->rxbuf_start]; count = 0;
486                 if (tmp8 & (1 << 7)) { /* EFF */
487                     count += 2;
488                 }
489                 count += 3;
490                 if (!(tmp8 & (1 << 6))) { /* DATA */
491                     count += (tmp8 & 0x0f);
492                 }
493 
494                 if (DEBUG_FILTER) {
495                     qemu_log("[cansja]: message released from "
496                              "Rx FIFO cnt=%d, count=%d\n", s->rx_cnt, count);
497                 }
498 
499                 s->rxbuf_start += count;
500                 s->rxbuf_start %= SJA_RCV_BUF_LEN;
501 
502                 s->rx_cnt -= count;
503                 s->rxmsg_cnt--;
504                 if (s->rxmsg_cnt == 0) {
505                     s->status_pel &= ~(1 << 0);
506                     s->interrupt_pel &= ~(1 << 0);
507                     can_sja_update_pel_irq(s);
508                 }
509             }
510             if (0x08 & val) { /* Clear data overrun */
511                 s->status_pel &= ~(1 << 1);
512                 s->interrupt_pel &= ~(1 << 3);
513                 can_sja_update_pel_irq(s);
514             }
515             break;
516         case SJA_SR: /* Status register */
517         case SJA_IR: /* Interrupt register */
518             break; /* Do nothing */
519         case SJA_IER: /* Interrupt enable register */
520             s->interrupt_en = val;
521             break;
522         case 16: /* RX frame information addr16-28. */
523             s->status_pel |= (1 << 5); /* Set transmit status. */
524         case 17 ... 28:
525             if (s->mode & 0x01) { /* Reset mode */
526                 if (addr < 24) {
527                     s->code_mask[addr - 16] = val;
528                 }
529             } else { /* Operation mode */
530                 s->tx_buff[addr - 16] = val; /* Store to TX buffer directly. */
531             }
532             break;
533         case SJA_CDR:
534             s->clock = val;
535             break;
536         }
537     } else { /* Basic Mode */
538         switch (addr) {
539         case SJA_BCAN_CTR: /* Control register, addr 0 */
540             if ((s->control & 0x01) && ((val & 0x01) == 0)) {
541                 /* Go to operation mode from reset mode. */
542                 s->filter[0].can_id = (s->code << 3) & (0xff << 3);
543                 tmp = (~(s->mask << 3)) & (0xff << 3);
544                 tmp |= QEMU_CAN_EFF_FLAG; /* Only Basic CAN Frame. */
545                 s->filter[0].can_mask = tmp;
546                 can_bus_client_set_filters(&s->bus_client, s->filter, 1);
547 
548                 s->rxmsg_cnt = 0;
549                 s->rx_cnt = 0;
550             } else if (!(s->control & 0x01) && !(val & 0x01)) {
551                 can_sja_software_reset(s);
552             }
553 
554             s->control = 0x1f & val;
555             break;
556         case SJA_BCAN_CMR: /* Command register, addr 1 */
557             if (0x01 & val) { /* Send transmission request. */
558                 buff2frame_bas(s->tx_buff, &frame);
559                 if (DEBUG_FILTER) {
560                     can_display_msg("[cansja]: Tx request " , &frame);
561                 }
562 
563                 /*
564                  * Clear transmission complete status,
565                  * and Transmit Buffer Status.
566                  */
567                 s->status_bas &= ~(3 << 2);
568 
569                 /* write to the backends. */
570                 can_bus_client_send(&s->bus_client, &frame, 1);
571 
572                 /*
573                  * Set transmission complete status,
574                  * and Transmit Buffer Status.
575                  */
576                 s->status_bas |= (3 << 2);
577 
578                 /* Clear transmit status. */
579                 s->status_bas &= ~(1 << 5);
580                 s->interrupt_bas |= 0x02;
581                 can_sja_update_bas_irq(s);
582             }
583             if (0x04 & val) { /* Release Receive Buffer */
584                 if (s->rxmsg_cnt <= 0) {
585                     break;
586                 }
587 
588                 tmp8 = s->rx_buff[(s->rxbuf_start + 1) % SJA_RCV_BUF_LEN];
589                 count = 2 + (tmp8 & 0x0f);
590 
591                 if (DEBUG_FILTER) {
592                     qemu_log("[cansja]: message released from "
593                              "Rx FIFO cnt=%d, count=%d\n", s->rx_cnt, count);
594                 }
595 
596                 s->rxbuf_start += count;
597                 s->rxbuf_start %= SJA_RCV_BUF_LEN;
598                 s->rx_cnt -= count;
599                 s->rxmsg_cnt--;
600 
601                 if (s->rxmsg_cnt == 0) {
602                     s->status_bas &= ~(1 << 0);
603                     s->interrupt_bas &= ~(1 << 0);
604                     can_sja_update_bas_irq(s);
605                 }
606             }
607             if (0x08 & val) { /* Clear data overrun */
608                 s->status_bas &= ~(1 << 1);
609                 s->interrupt_bas &= ~(1 << 3);
610                 can_sja_update_bas_irq(s);
611             }
612             break;
613         case 4:
614             s->code = val;
615             break;
616         case 5:
617             s->mask = val;
618             break;
619         case 10:
620             s->status_bas |= (1 << 5); /* Set transmit status. */
621         case 11 ... 19:
622             if ((s->control & 0x01) == 0) { /* Operation mode */
623                 s->tx_buff[addr - 10] = val; /* Store to TX buffer directly. */
624             }
625             break;
626         case SJA_CDR:
627             s->clock = val;
628             break;
629         }
630     }
631 }
632 
633 uint64_t can_sja_mem_read(CanSJA1000State *s, hwaddr addr, unsigned size)
634 {
635     uint64_t temp = 0;
636 
637     DPRINTF("read addr 0x%02x ...\n", (unsigned int)addr);
638 
639     if (addr > CAN_SJA_MEM_SIZE) {
640         return 0;
641     }
642 
643     if (s->clock & 0x80) { /* PeliCAN Mode */
644         switch (addr) {
645         case SJA_MOD: /* Mode register, addr 0 */
646             temp = s->mode;
647             break;
648         case SJA_CMR: /* Command register, addr 1 */
649             temp = 0x00; /* Command register, cannot be read. */
650             break;
651         case SJA_SR: /* Status register, addr 2 */
652             temp = s->status_pel;
653             break;
654         case SJA_IR: /* Interrupt register, addr 3 */
655             temp = s->interrupt_pel;
656             s->interrupt_pel = 0;
657             if (s->rxmsg_cnt) {
658                 s->interrupt_pel |= (1 << 0); /* Receive interrupt. */
659             }
660             can_sja_update_pel_irq(s);
661             break;
662         case SJA_IER: /* Interrupt enable register, addr 4 */
663             temp = s->interrupt_en;
664             break;
665         case 5: /* Reserved */
666         case 6: /* Bus timing 0, hardware related, not support now. */
667         case 7: /* Bus timing 1, hardware related, not support now. */
668         case 8: /*
669                  * Output control register, hardware related,
670                  * not supported for now.
671                  */
672         case 9: /* Test. */
673         case 10 ... 15: /* Reserved */
674             temp = 0x00;
675             break;
676 
677         case 16 ... 28:
678             if (s->mode & 0x01) { /* Reset mode */
679                 if (addr < 24) {
680                     temp = s->code_mask[addr - 16];
681                 } else {
682                     temp = 0x00;
683                 }
684             } else { /* Operation mode */
685                 temp = s->rx_buff[(s->rxbuf_start + addr - 16) %
686                        SJA_RCV_BUF_LEN];
687             }
688             break;
689         case SJA_CDR:
690             temp = s->clock;
691             break;
692         default:
693             temp = 0xff;
694         }
695     } else { /* Basic Mode */
696         switch (addr) {
697         case SJA_BCAN_CTR: /* Control register, addr 0 */
698             temp = s->control;
699             break;
700         case SJA_BCAN_SR: /* Status register, addr 2 */
701             temp = s->status_bas;
702             break;
703         case SJA_BCAN_IR: /* Interrupt register, addr 3 */
704             temp = s->interrupt_bas;
705             s->interrupt_bas = 0;
706             if (s->rxmsg_cnt) {
707                 s->interrupt_bas |= (1 << 0); /* Receive interrupt. */
708             }
709             can_sja_update_bas_irq(s);
710             break;
711         case 4:
712             temp = s->code;
713             break;
714         case 5:
715             temp = s->mask;
716             break;
717         case 20 ... 29:
718             temp = s->rx_buff[(s->rxbuf_start + addr - 20) % SJA_RCV_BUF_LEN];
719             break;
720         case 31:
721             temp = s->clock;
722             break;
723         default:
724             temp = 0xff;
725             break;
726         }
727     }
728     DPRINTF("read addr 0x%02x, %d bytes, content 0x%02lx\n",
729             (int)addr, size, (long unsigned int)temp);
730 
731     return temp;
732 }
733 
734 int can_sja_can_receive(CanBusClientState *client)
735 {
736     CanSJA1000State *s = container_of(client, CanSJA1000State, bus_client);
737 
738     if (s->clock & 0x80) { /* PeliCAN Mode */
739         if (s->mode & 0x01) { /* reset mode. */
740             return 0;
741         }
742     } else { /* BasicCAN mode */
743         if (s->control & 0x01) {
744             return 0;
745         }
746     }
747 
748     return 1; /* always return 1, when operation mode */
749 }
750 
751 ssize_t can_sja_receive(CanBusClientState *client, const qemu_can_frame *frames,
752                         size_t frames_cnt)
753 {
754     CanSJA1000State *s = container_of(client, CanSJA1000State, bus_client);
755     static uint8_t rcv[SJA_MSG_MAX_LEN];
756     int i;
757     int ret = -1;
758     const qemu_can_frame *frame = frames;
759 
760     if (frames_cnt <= 0) {
761         return 0;
762     }
763     if (DEBUG_FILTER) {
764         can_display_msg("[cansja]: receive ", frame);
765     }
766 
767     if (s->clock & 0x80) { /* PeliCAN Mode */
768 
769         /* the CAN controller is receiving a message */
770         s->status_pel |= (1 << 4);
771 
772         if (can_sja_accept_filter(s, frame) == 0) {
773             s->status_pel &= ~(1 << 4);
774             if (DEBUG_FILTER) {
775                 qemu_log("[cansja]: filter rejects message\n");
776             }
777             return ret;
778         }
779 
780         ret = frame2buff_pel(frame, rcv);
781         if (ret < 0) {
782             s->status_pel &= ~(1 << 4);
783             if (DEBUG_FILTER) {
784                 qemu_log("[cansja]: message store failed\n");
785             }
786             return ret; /* maybe not support now. */
787         }
788 
789         if (s->rx_cnt + ret > SJA_RCV_BUF_LEN) { /* Data overrun. */
790             s->status_pel |= (1 << 1); /* Overrun status */
791             s->interrupt_pel |= (1 << 3);
792             s->status_pel &= ~(1 << 4);
793             if (DEBUG_FILTER) {
794                 qemu_log("[cansja]: receive FIFO overrun\n");
795             }
796             can_sja_update_pel_irq(s);
797             return ret;
798         }
799         s->rx_cnt += ret;
800         s->rxmsg_cnt++;
801         if (DEBUG_FILTER) {
802             qemu_log("[cansja]: message stored in receive FIFO\n");
803         }
804 
805         for (i = 0; i < ret; i++) {
806             s->rx_buff[(s->rx_ptr++) % SJA_RCV_BUF_LEN] = rcv[i];
807         }
808         s->rx_ptr %= SJA_RCV_BUF_LEN; /* update the pointer. */
809 
810         s->status_pel |= 0x01; /* Set the Receive Buffer Status. DS-p23 */
811         s->interrupt_pel |= 0x01;
812         s->status_pel &= ~(1 << 4);
813         s->status_pel |= (1 << 0);
814         can_sja_update_pel_irq(s);
815     } else { /* BasicCAN mode */
816 
817         /* the CAN controller is receiving a message */
818         s->status_bas |= (1 << 4);
819 
820         ret = frame2buff_bas(frame, rcv);
821         if (ret < 0) {
822             s->status_bas &= ~(1 << 4);
823             if (DEBUG_FILTER) {
824                 qemu_log("[cansja]: message store failed\n");
825             }
826             return ret; /* maybe not support now. */
827         }
828 
829         if (s->rx_cnt + ret > SJA_RCV_BUF_LEN) { /* Data overrun. */
830             s->status_bas |= (1 << 1); /* Overrun status */
831             s->status_bas &= ~(1 << 4);
832             s->interrupt_bas |= (1 << 3);
833             can_sja_update_bas_irq(s);
834             if (DEBUG_FILTER) {
835                 qemu_log("[cansja]: receive FIFO overrun\n");
836             }
837             return ret;
838         }
839         s->rx_cnt += ret;
840         s->rxmsg_cnt++;
841 
842         if (DEBUG_FILTER) {
843             qemu_log("[cansja]: message stored\n");
844         }
845 
846         for (i = 0; i < ret; i++) {
847             s->rx_buff[(s->rx_ptr++) % SJA_RCV_BUF_LEN] = rcv[i];
848         }
849         s->rx_ptr %= SJA_RCV_BUF_LEN; /* update the pointer. */
850 
851         s->status_bas |= 0x01; /* Set the Receive Buffer Status. DS-p15 */
852         s->status_bas &= ~(1 << 4);
853         s->interrupt_bas |= (1 << 0);
854         can_sja_update_bas_irq(s);
855     }
856     return 1;
857 }
858 
859 static CanBusClientInfo can_sja_bus_client_info = {
860     .can_receive = can_sja_can_receive,
861     .receive = can_sja_receive,
862 };
863 
864 
865 int can_sja_connect_to_bus(CanSJA1000State *s, CanBusState *bus)
866 {
867     s->bus_client.info = &can_sja_bus_client_info;
868 
869     if (!bus) {
870         return -EINVAL;
871     }
872 
873     if (can_bus_insert_client(bus, &s->bus_client) < 0) {
874         return -1;
875     }
876 
877     return 0;
878 }
879 
880 void can_sja_disconnect(CanSJA1000State *s)
881 {
882     can_bus_remove_client(&s->bus_client);
883 }
884 
885 int can_sja_init(CanSJA1000State *s, qemu_irq irq)
886 {
887     s->irq = irq;
888 
889     qemu_irq_lower(s->irq);
890 
891     can_sja_hardware_reset(s);
892 
893     return 0;
894 }
895 
896 const VMStateDescription vmstate_qemu_can_filter = {
897     .name = "qemu_can_filter",
898     .version_id = 1,
899     .minimum_version_id = 1,
900     .minimum_version_id_old = 1,
901     .fields = (VMStateField[]) {
902         VMSTATE_UINT32(can_id, qemu_can_filter),
903         VMSTATE_UINT32(can_mask, qemu_can_filter),
904         VMSTATE_END_OF_LIST()
905     }
906 };
907 
908 static int can_sja_post_load(void *opaque, int version_id)
909 {
910     CanSJA1000State *s = opaque;
911     if (s->clock & 0x80) { /* PeliCAN Mode */
912         can_sja_update_pel_irq(s);
913     } else {
914         can_sja_update_bas_irq(s);
915     }
916     return 0;
917 }
918 
919 /* VMState is needed for live migration of QEMU images */
920 const VMStateDescription vmstate_can_sja = {
921     .name = "can_sja",
922     .version_id = 1,
923     .minimum_version_id = 1,
924     .minimum_version_id_old = 1,
925     .post_load = can_sja_post_load,
926     .fields = (VMStateField[]) {
927         VMSTATE_UINT8(mode, CanSJA1000State),
928 
929         VMSTATE_UINT8(status_pel, CanSJA1000State),
930         VMSTATE_UINT8(interrupt_pel, CanSJA1000State),
931         VMSTATE_UINT8(interrupt_en, CanSJA1000State),
932         VMSTATE_UINT8(rxmsg_cnt, CanSJA1000State),
933         VMSTATE_UINT8(rxbuf_start, CanSJA1000State),
934         VMSTATE_UINT8(clock, CanSJA1000State),
935 
936         VMSTATE_BUFFER(code_mask, CanSJA1000State),
937         VMSTATE_BUFFER(tx_buff, CanSJA1000State),
938 
939         VMSTATE_BUFFER(rx_buff, CanSJA1000State),
940 
941         VMSTATE_UINT32(rx_ptr, CanSJA1000State),
942         VMSTATE_UINT32(rx_cnt, CanSJA1000State),
943 
944         VMSTATE_UINT8(control, CanSJA1000State),
945 
946         VMSTATE_UINT8(status_bas, CanSJA1000State),
947         VMSTATE_UINT8(interrupt_bas, CanSJA1000State),
948         VMSTATE_UINT8(code, CanSJA1000State),
949         VMSTATE_UINT8(mask, CanSJA1000State),
950 
951         VMSTATE_STRUCT_ARRAY(filter, CanSJA1000State, 4, 0,
952                              vmstate_qemu_can_filter, qemu_can_filter),
953 
954 
955         VMSTATE_END_OF_LIST()
956     }
957 };
958