xref: /openbmc/qemu/hw/sd/sdhci.c (revision a89f364a)
1 /*
2  * SD Association Host Standard Specification v2.0 controller emulation
3  *
4  * Copyright (c) 2011 Samsung Electronics Co., Ltd.
5  * Mitsyanko Igor <i.mitsyanko@samsung.com>
6  * Peter A.G. Crosthwaite <peter.crosthwaite@petalogix.com>
7  *
8  * Based on MMC controller for Samsung S5PC1xx-based board emulation
9  * by Alexey Merkulov and Vladimir Monakhov.
10  *
11  * This program is free software; you can redistribute it and/or modify it
12  * under the terms of the GNU General Public License as published by the
13  * Free Software Foundation; either version 2 of the License, or (at your
14  * option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
19  * See the GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, see <http://www.gnu.org/licenses/>.
23  */
24 
25 #include "qemu/osdep.h"
26 #include "qapi/error.h"
27 #include "hw/hw.h"
28 #include "sysemu/block-backend.h"
29 #include "sysemu/blockdev.h"
30 #include "sysemu/dma.h"
31 #include "qemu/timer.h"
32 #include "qemu/bitops.h"
33 #include "hw/sd/sdhci.h"
34 #include "sdhci-internal.h"
35 #include "qapi/error.h"
36 #include "qemu/log.h"
37 #include "trace.h"
38 
39 #define TYPE_SDHCI_BUS "sdhci-bus"
40 #define SDHCI_BUS(obj) OBJECT_CHECK(SDBus, (obj), TYPE_SDHCI_BUS)
41 
42 /* Default SD/MMC host controller features information, which will be
43  * presented in CAPABILITIES register of generic SD host controller at reset.
44  * If not stated otherwise:
45  * 0 - not supported, 1 - supported, other - prohibited.
46  */
47 #define SDHC_CAPAB_64BITBUS       0ul        /* 64-bit System Bus Support */
48 #define SDHC_CAPAB_18V            1ul        /* Voltage support 1.8v */
49 #define SDHC_CAPAB_30V            0ul        /* Voltage support 3.0v */
50 #define SDHC_CAPAB_33V            1ul        /* Voltage support 3.3v */
51 #define SDHC_CAPAB_SUSPRESUME     0ul        /* Suspend/resume support */
52 #define SDHC_CAPAB_SDMA           1ul        /* SDMA support */
53 #define SDHC_CAPAB_HIGHSPEED      1ul        /* High speed support */
54 #define SDHC_CAPAB_ADMA1          1ul        /* ADMA1 support */
55 #define SDHC_CAPAB_ADMA2          1ul        /* ADMA2 support */
56 /* Maximum host controller R/W buffers size
57  * Possible values: 512, 1024, 2048 bytes */
58 #define SDHC_CAPAB_MAXBLOCKLENGTH 512ul
59 /* Maximum clock frequency for SDclock in MHz
60  * value in range 10-63 MHz, 0 - not defined */
61 #define SDHC_CAPAB_BASECLKFREQ    52ul
62 #define SDHC_CAPAB_TOUNIT         1ul  /* Timeout clock unit 0 - kHz, 1 - MHz */
63 /* Timeout clock frequency 1-63, 0 - not defined */
64 #define SDHC_CAPAB_TOCLKFREQ      52ul
65 
66 /* Now check all parameters and calculate CAPABILITIES REGISTER value */
67 #if SDHC_CAPAB_64BITBUS > 1 || SDHC_CAPAB_18V > 1 || SDHC_CAPAB_30V > 1 ||     \
68     SDHC_CAPAB_33V > 1 || SDHC_CAPAB_SUSPRESUME > 1 || SDHC_CAPAB_SDMA > 1 ||  \
69     SDHC_CAPAB_HIGHSPEED > 1 || SDHC_CAPAB_ADMA2 > 1 || SDHC_CAPAB_ADMA1 > 1 ||\
70     SDHC_CAPAB_TOUNIT > 1
71 #error Capabilities features can have value 0 or 1 only!
72 #endif
73 
74 #if SDHC_CAPAB_MAXBLOCKLENGTH == 512
75 #define MAX_BLOCK_LENGTH 0ul
76 #elif SDHC_CAPAB_MAXBLOCKLENGTH == 1024
77 #define MAX_BLOCK_LENGTH 1ul
78 #elif SDHC_CAPAB_MAXBLOCKLENGTH == 2048
79 #define MAX_BLOCK_LENGTH 2ul
80 #else
81 #error Max host controller block size can have value 512, 1024 or 2048 only!
82 #endif
83 
84 #if (SDHC_CAPAB_BASECLKFREQ > 0 && SDHC_CAPAB_BASECLKFREQ < 10) || \
85     SDHC_CAPAB_BASECLKFREQ > 63
86 #error SDclock frequency can have value in range 0, 10-63 only!
87 #endif
88 
89 #if SDHC_CAPAB_TOCLKFREQ > 63
90 #error Timeout clock frequency can have value in range 0-63 only!
91 #endif
92 
93 #define SDHC_CAPAB_REG_DEFAULT                                 \
94    ((SDHC_CAPAB_64BITBUS << 28) | (SDHC_CAPAB_18V << 26) |     \
95     (SDHC_CAPAB_30V << 25) | (SDHC_CAPAB_33V << 24) |          \
96     (SDHC_CAPAB_SUSPRESUME << 23) | (SDHC_CAPAB_SDMA << 22) |  \
97     (SDHC_CAPAB_HIGHSPEED << 21) | (SDHC_CAPAB_ADMA1 << 20) |  \
98     (SDHC_CAPAB_ADMA2 << 19) | (MAX_BLOCK_LENGTH << 16) |      \
99     (SDHC_CAPAB_BASECLKFREQ << 8) | (SDHC_CAPAB_TOUNIT << 7) | \
100     (SDHC_CAPAB_TOCLKFREQ))
101 
102 #define MASKED_WRITE(reg, mask, val)  (reg = (reg & (mask)) | (val))
103 
104 static uint8_t sdhci_slotint(SDHCIState *s)
105 {
106     return (s->norintsts & s->norintsigen) || (s->errintsts & s->errintsigen) ||
107          ((s->norintsts & SDHC_NIS_INSERT) && (s->wakcon & SDHC_WKUP_ON_INS)) ||
108          ((s->norintsts & SDHC_NIS_REMOVE) && (s->wakcon & SDHC_WKUP_ON_RMV));
109 }
110 
111 static inline void sdhci_update_irq(SDHCIState *s)
112 {
113     qemu_set_irq(s->irq, sdhci_slotint(s));
114 }
115 
116 static void sdhci_raise_insertion_irq(void *opaque)
117 {
118     SDHCIState *s = (SDHCIState *)opaque;
119 
120     if (s->norintsts & SDHC_NIS_REMOVE) {
121         timer_mod(s->insert_timer,
122                        qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + SDHC_INSERTION_DELAY);
123     } else {
124         s->prnsts = 0x1ff0000;
125         if (s->norintstsen & SDHC_NISEN_INSERT) {
126             s->norintsts |= SDHC_NIS_INSERT;
127         }
128         sdhci_update_irq(s);
129     }
130 }
131 
132 static void sdhci_set_inserted(DeviceState *dev, bool level)
133 {
134     SDHCIState *s = (SDHCIState *)dev;
135 
136     trace_sdhci_set_inserted(level ? "insert" : "eject");
137     if ((s->norintsts & SDHC_NIS_REMOVE) && level) {
138         /* Give target some time to notice card ejection */
139         timer_mod(s->insert_timer,
140                        qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + SDHC_INSERTION_DELAY);
141     } else {
142         if (level) {
143             s->prnsts = 0x1ff0000;
144             if (s->norintstsen & SDHC_NISEN_INSERT) {
145                 s->norintsts |= SDHC_NIS_INSERT;
146             }
147         } else {
148             s->prnsts = 0x1fa0000;
149             s->pwrcon &= ~SDHC_POWER_ON;
150             s->clkcon &= ~SDHC_CLOCK_SDCLK_EN;
151             if (s->norintstsen & SDHC_NISEN_REMOVE) {
152                 s->norintsts |= SDHC_NIS_REMOVE;
153             }
154         }
155         sdhci_update_irq(s);
156     }
157 }
158 
159 static void sdhci_set_readonly(DeviceState *dev, bool level)
160 {
161     SDHCIState *s = (SDHCIState *)dev;
162 
163     if (level) {
164         s->prnsts &= ~SDHC_WRITE_PROTECT;
165     } else {
166         /* Write enabled */
167         s->prnsts |= SDHC_WRITE_PROTECT;
168     }
169 }
170 
171 static void sdhci_reset(SDHCIState *s)
172 {
173     DeviceState *dev = DEVICE(s);
174 
175     timer_del(s->insert_timer);
176     timer_del(s->transfer_timer);
177     /* Set all registers to 0. Capabilities registers are not cleared
178      * and assumed to always preserve their value, given to them during
179      * initialization */
180     memset(&s->sdmasysad, 0, (uintptr_t)&s->capareg - (uintptr_t)&s->sdmasysad);
181 
182     /* Reset other state based on current card insertion/readonly status */
183     sdhci_set_inserted(dev, sdbus_get_inserted(&s->sdbus));
184     sdhci_set_readonly(dev, sdbus_get_readonly(&s->sdbus));
185 
186     s->data_count = 0;
187     s->stopped_state = sdhc_not_stopped;
188     s->pending_insert_state = false;
189 }
190 
191 static void sdhci_poweron_reset(DeviceState *dev)
192 {
193     /* QOM (ie power-on) reset. This is identical to reset
194      * commanded via device register apart from handling of the
195      * 'pending insert on powerup' quirk.
196      */
197     SDHCIState *s = (SDHCIState *)dev;
198 
199     sdhci_reset(s);
200 
201     if (s->pending_insert_quirk) {
202         s->pending_insert_state = true;
203     }
204 }
205 
206 static void sdhci_data_transfer(void *opaque);
207 
208 static void sdhci_send_command(SDHCIState *s)
209 {
210     SDRequest request;
211     uint8_t response[16];
212     int rlen;
213 
214     s->errintsts = 0;
215     s->acmd12errsts = 0;
216     request.cmd = s->cmdreg >> 8;
217     request.arg = s->argument;
218 
219     trace_sdhci_send_command(request.cmd, request.arg);
220     rlen = sdbus_do_command(&s->sdbus, &request, response);
221 
222     if (s->cmdreg & SDHC_CMD_RESPONSE) {
223         if (rlen == 4) {
224             s->rspreg[0] = (response[0] << 24) | (response[1] << 16) |
225                            (response[2] << 8)  |  response[3];
226             s->rspreg[1] = s->rspreg[2] = s->rspreg[3] = 0;
227             trace_sdhci_response4(s->rspreg[0]);
228         } else if (rlen == 16) {
229             s->rspreg[0] = (response[11] << 24) | (response[12] << 16) |
230                            (response[13] << 8) |  response[14];
231             s->rspreg[1] = (response[7] << 24) | (response[8] << 16) |
232                            (response[9] << 8)  |  response[10];
233             s->rspreg[2] = (response[3] << 24) | (response[4] << 16) |
234                            (response[5] << 8)  |  response[6];
235             s->rspreg[3] = (response[0] << 16) | (response[1] << 8) |
236                             response[2];
237             trace_sdhci_response16(s->rspreg[3], s->rspreg[2],
238                                    s->rspreg[1], s->rspreg[0]);
239         } else {
240             trace_sdhci_error("timeout waiting for command response");
241             if (s->errintstsen & SDHC_EISEN_CMDTIMEOUT) {
242                 s->errintsts |= SDHC_EIS_CMDTIMEOUT;
243                 s->norintsts |= SDHC_NIS_ERR;
244             }
245         }
246 
247         if ((s->norintstsen & SDHC_NISEN_TRSCMP) &&
248             (s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY) {
249             s->norintsts |= SDHC_NIS_TRSCMP;
250         }
251     }
252 
253     if (s->norintstsen & SDHC_NISEN_CMDCMP) {
254         s->norintsts |= SDHC_NIS_CMDCMP;
255     }
256 
257     sdhci_update_irq(s);
258 
259     if (s->blksize && (s->cmdreg & SDHC_CMD_DATA_PRESENT)) {
260         s->data_count = 0;
261         sdhci_data_transfer(s);
262     }
263 }
264 
265 static void sdhci_end_transfer(SDHCIState *s)
266 {
267     /* Automatically send CMD12 to stop transfer if AutoCMD12 enabled */
268     if ((s->trnmod & SDHC_TRNS_ACMD12) != 0) {
269         SDRequest request;
270         uint8_t response[16];
271 
272         request.cmd = 0x0C;
273         request.arg = 0;
274         trace_sdhci_end_transfer(request.cmd, request.arg);
275         sdbus_do_command(&s->sdbus, &request, response);
276         /* Auto CMD12 response goes to the upper Response register */
277         s->rspreg[3] = (response[0] << 24) | (response[1] << 16) |
278                 (response[2] << 8) | response[3];
279     }
280 
281     s->prnsts &= ~(SDHC_DOING_READ | SDHC_DOING_WRITE |
282             SDHC_DAT_LINE_ACTIVE | SDHC_DATA_INHIBIT |
283             SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE);
284 
285     if (s->norintstsen & SDHC_NISEN_TRSCMP) {
286         s->norintsts |= SDHC_NIS_TRSCMP;
287     }
288 
289     sdhci_update_irq(s);
290 }
291 
292 /*
293  * Programmed i/o data transfer
294  */
295 
296 /* Fill host controller's read buffer with BLKSIZE bytes of data from card */
297 static void sdhci_read_block_from_card(SDHCIState *s)
298 {
299     int index = 0;
300 
301     if ((s->trnmod & SDHC_TRNS_MULTI) &&
302             (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0)) {
303         return;
304     }
305 
306     for (index = 0; index < (s->blksize & 0x0fff); index++) {
307         s->fifo_buffer[index] = sdbus_read_data(&s->sdbus);
308     }
309 
310     /* New data now available for READ through Buffer Port Register */
311     s->prnsts |= SDHC_DATA_AVAILABLE;
312     if (s->norintstsen & SDHC_NISEN_RBUFRDY) {
313         s->norintsts |= SDHC_NIS_RBUFRDY;
314     }
315 
316     /* Clear DAT line active status if that was the last block */
317     if ((s->trnmod & SDHC_TRNS_MULTI) == 0 ||
318             ((s->trnmod & SDHC_TRNS_MULTI) && s->blkcnt == 1)) {
319         s->prnsts &= ~SDHC_DAT_LINE_ACTIVE;
320     }
321 
322     /* If stop at block gap request was set and it's not the last block of
323      * data - generate Block Event interrupt */
324     if (s->stopped_state == sdhc_gap_read && (s->trnmod & SDHC_TRNS_MULTI) &&
325             s->blkcnt != 1)    {
326         s->prnsts &= ~SDHC_DAT_LINE_ACTIVE;
327         if (s->norintstsen & SDHC_EISEN_BLKGAP) {
328             s->norintsts |= SDHC_EIS_BLKGAP;
329         }
330     }
331 
332     sdhci_update_irq(s);
333 }
334 
335 /* Read @size byte of data from host controller @s BUFFER DATA PORT register */
336 static uint32_t sdhci_read_dataport(SDHCIState *s, unsigned size)
337 {
338     uint32_t value = 0;
339     int i;
340 
341     /* first check that a valid data exists in host controller input buffer */
342     if ((s->prnsts & SDHC_DATA_AVAILABLE) == 0) {
343         trace_sdhci_error("read from empty buffer");
344         return 0;
345     }
346 
347     for (i = 0; i < size; i++) {
348         value |= s->fifo_buffer[s->data_count] << i * 8;
349         s->data_count++;
350         /* check if we've read all valid data (blksize bytes) from buffer */
351         if ((s->data_count) >= (s->blksize & 0x0fff)) {
352             trace_sdhci_read_dataport(s->data_count);
353             s->prnsts &= ~SDHC_DATA_AVAILABLE; /* no more data in a buffer */
354             s->data_count = 0;  /* next buff read must start at position [0] */
355 
356             if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
357                 s->blkcnt--;
358             }
359 
360             /* if that was the last block of data */
361             if ((s->trnmod & SDHC_TRNS_MULTI) == 0 ||
362                 ((s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0)) ||
363                  /* stop at gap request */
364                 (s->stopped_state == sdhc_gap_read &&
365                  !(s->prnsts & SDHC_DAT_LINE_ACTIVE))) {
366                 sdhci_end_transfer(s);
367             } else { /* if there are more data, read next block from card */
368                 sdhci_read_block_from_card(s);
369             }
370             break;
371         }
372     }
373 
374     return value;
375 }
376 
377 /* Write data from host controller FIFO to card */
378 static void sdhci_write_block_to_card(SDHCIState *s)
379 {
380     int index = 0;
381 
382     if (s->prnsts & SDHC_SPACE_AVAILABLE) {
383         if (s->norintstsen & SDHC_NISEN_WBUFRDY) {
384             s->norintsts |= SDHC_NIS_WBUFRDY;
385         }
386         sdhci_update_irq(s);
387         return;
388     }
389 
390     if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
391         if (s->blkcnt == 0) {
392             return;
393         } else {
394             s->blkcnt--;
395         }
396     }
397 
398     for (index = 0; index < (s->blksize & 0x0fff); index++) {
399         sdbus_write_data(&s->sdbus, s->fifo_buffer[index]);
400     }
401 
402     /* Next data can be written through BUFFER DATORT register */
403     s->prnsts |= SDHC_SPACE_AVAILABLE;
404 
405     /* Finish transfer if that was the last block of data */
406     if ((s->trnmod & SDHC_TRNS_MULTI) == 0 ||
407             ((s->trnmod & SDHC_TRNS_MULTI) &&
408             (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0))) {
409         sdhci_end_transfer(s);
410     } else if (s->norintstsen & SDHC_NISEN_WBUFRDY) {
411         s->norintsts |= SDHC_NIS_WBUFRDY;
412     }
413 
414     /* Generate Block Gap Event if requested and if not the last block */
415     if (s->stopped_state == sdhc_gap_write && (s->trnmod & SDHC_TRNS_MULTI) &&
416             s->blkcnt > 0) {
417         s->prnsts &= ~SDHC_DOING_WRITE;
418         if (s->norintstsen & SDHC_EISEN_BLKGAP) {
419             s->norintsts |= SDHC_EIS_BLKGAP;
420         }
421         sdhci_end_transfer(s);
422     }
423 
424     sdhci_update_irq(s);
425 }
426 
427 /* Write @size bytes of @value data to host controller @s Buffer Data Port
428  * register */
429 static void sdhci_write_dataport(SDHCIState *s, uint32_t value, unsigned size)
430 {
431     unsigned i;
432 
433     /* Check that there is free space left in a buffer */
434     if (!(s->prnsts & SDHC_SPACE_AVAILABLE)) {
435         trace_sdhci_error("Can't write to data buffer: buffer full");
436         return;
437     }
438 
439     for (i = 0; i < size; i++) {
440         s->fifo_buffer[s->data_count] = value & 0xFF;
441         s->data_count++;
442         value >>= 8;
443         if (s->data_count >= (s->blksize & 0x0fff)) {
444             trace_sdhci_write_dataport(s->data_count);
445             s->data_count = 0;
446             s->prnsts &= ~SDHC_SPACE_AVAILABLE;
447             if (s->prnsts & SDHC_DOING_WRITE) {
448                 sdhci_write_block_to_card(s);
449             }
450         }
451     }
452 }
453 
454 /*
455  * Single DMA data transfer
456  */
457 
458 /* Multi block SDMA transfer */
459 static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
460 {
461     bool page_aligned = false;
462     unsigned int n, begin;
463     const uint16_t block_size = s->blksize & 0x0fff;
464     uint32_t boundary_chk = 1 << (((s->blksize & 0xf000) >> 12) + 12);
465     uint32_t boundary_count = boundary_chk - (s->sdmasysad % boundary_chk);
466 
467     if (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || !s->blkcnt) {
468         qemu_log_mask(LOG_UNIMP, "infinite transfer is not supported\n");
469         return;
470     }
471 
472     /* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for
473      * possible stop at page boundary if initial address is not page aligned,
474      * allow them to work properly */
475     if ((s->sdmasysad % boundary_chk) == 0) {
476         page_aligned = true;
477     }
478 
479     if (s->trnmod & SDHC_TRNS_READ) {
480         s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT |
481                 SDHC_DAT_LINE_ACTIVE;
482         while (s->blkcnt) {
483             if (s->data_count == 0) {
484                 for (n = 0; n < block_size; n++) {
485                     s->fifo_buffer[n] = sdbus_read_data(&s->sdbus);
486                 }
487             }
488             begin = s->data_count;
489             if (((boundary_count + begin) < block_size) && page_aligned) {
490                 s->data_count = boundary_count + begin;
491                 boundary_count = 0;
492              } else {
493                 s->data_count = block_size;
494                 boundary_count -= block_size - begin;
495                 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
496                     s->blkcnt--;
497                 }
498             }
499             dma_memory_write(s->dma_as, s->sdmasysad,
500                              &s->fifo_buffer[begin], s->data_count - begin);
501             s->sdmasysad += s->data_count - begin;
502             if (s->data_count == block_size) {
503                 s->data_count = 0;
504             }
505             if (page_aligned && boundary_count == 0) {
506                 break;
507             }
508         }
509     } else {
510         s->prnsts |= SDHC_DOING_WRITE | SDHC_DATA_INHIBIT |
511                 SDHC_DAT_LINE_ACTIVE;
512         while (s->blkcnt) {
513             begin = s->data_count;
514             if (((boundary_count + begin) < block_size) && page_aligned) {
515                 s->data_count = boundary_count + begin;
516                 boundary_count = 0;
517              } else {
518                 s->data_count = block_size;
519                 boundary_count -= block_size - begin;
520             }
521             dma_memory_read(s->dma_as, s->sdmasysad,
522                             &s->fifo_buffer[begin], s->data_count - begin);
523             s->sdmasysad += s->data_count - begin;
524             if (s->data_count == block_size) {
525                 for (n = 0; n < block_size; n++) {
526                     sdbus_write_data(&s->sdbus, s->fifo_buffer[n]);
527                 }
528                 s->data_count = 0;
529                 if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
530                     s->blkcnt--;
531                 }
532             }
533             if (page_aligned && boundary_count == 0) {
534                 break;
535             }
536         }
537     }
538 
539     if (s->blkcnt == 0) {
540         sdhci_end_transfer(s);
541     } else {
542         if (s->norintstsen & SDHC_NISEN_DMA) {
543             s->norintsts |= SDHC_NIS_DMA;
544         }
545         sdhci_update_irq(s);
546     }
547 }
548 
549 /* single block SDMA transfer */
550 static void sdhci_sdma_transfer_single_block(SDHCIState *s)
551 {
552     int n;
553     uint32_t datacnt = s->blksize & 0x0fff;
554 
555     if (s->trnmod & SDHC_TRNS_READ) {
556         for (n = 0; n < datacnt; n++) {
557             s->fifo_buffer[n] = sdbus_read_data(&s->sdbus);
558         }
559         dma_memory_write(s->dma_as, s->sdmasysad, s->fifo_buffer, datacnt);
560     } else {
561         dma_memory_read(s->dma_as, s->sdmasysad, s->fifo_buffer, datacnt);
562         for (n = 0; n < datacnt; n++) {
563             sdbus_write_data(&s->sdbus, s->fifo_buffer[n]);
564         }
565     }
566     s->blkcnt--;
567 
568     sdhci_end_transfer(s);
569 }
570 
571 typedef struct ADMADescr {
572     hwaddr addr;
573     uint16_t length;
574     uint8_t attr;
575     uint8_t incr;
576 } ADMADescr;
577 
578 static void get_adma_description(SDHCIState *s, ADMADescr *dscr)
579 {
580     uint32_t adma1 = 0;
581     uint64_t adma2 = 0;
582     hwaddr entry_addr = (hwaddr)s->admasysaddr;
583     switch (SDHC_DMA_TYPE(s->hostctl)) {
584     case SDHC_CTRL_ADMA2_32:
585         dma_memory_read(s->dma_as, entry_addr, (uint8_t *)&adma2,
586                         sizeof(adma2));
587         adma2 = le64_to_cpu(adma2);
588         /* The spec does not specify endianness of descriptor table.
589          * We currently assume that it is LE.
590          */
591         dscr->addr = (hwaddr)extract64(adma2, 32, 32) & ~0x3ull;
592         dscr->length = (uint16_t)extract64(adma2, 16, 16);
593         dscr->attr = (uint8_t)extract64(adma2, 0, 7);
594         dscr->incr = 8;
595         break;
596     case SDHC_CTRL_ADMA1_32:
597         dma_memory_read(s->dma_as, entry_addr, (uint8_t *)&adma1,
598                         sizeof(adma1));
599         adma1 = le32_to_cpu(adma1);
600         dscr->addr = (hwaddr)(adma1 & 0xFFFFF000);
601         dscr->attr = (uint8_t)extract32(adma1, 0, 7);
602         dscr->incr = 4;
603         if ((dscr->attr & SDHC_ADMA_ATTR_ACT_MASK) == SDHC_ADMA_ATTR_SET_LEN) {
604             dscr->length = (uint16_t)extract32(adma1, 12, 16);
605         } else {
606             dscr->length = 4096;
607         }
608         break;
609     case SDHC_CTRL_ADMA2_64:
610         dma_memory_read(s->dma_as, entry_addr,
611                         (uint8_t *)(&dscr->attr), 1);
612         dma_memory_read(s->dma_as, entry_addr + 2,
613                         (uint8_t *)(&dscr->length), 2);
614         dscr->length = le16_to_cpu(dscr->length);
615         dma_memory_read(s->dma_as, entry_addr + 4,
616                         (uint8_t *)(&dscr->addr), 8);
617         dscr->attr = le64_to_cpu(dscr->attr);
618         dscr->attr &= 0xfffffff8;
619         dscr->incr = 12;
620         break;
621     }
622 }
623 
624 /* Advanced DMA data transfer */
625 
626 static void sdhci_do_adma(SDHCIState *s)
627 {
628     unsigned int n, begin, length;
629     const uint16_t block_size = s->blksize & 0x0fff;
630     ADMADescr dscr = {};
631     int i;
632 
633     for (i = 0; i < SDHC_ADMA_DESCS_PER_DELAY; ++i) {
634         s->admaerr &= ~SDHC_ADMAERR_LENGTH_MISMATCH;
635 
636         get_adma_description(s, &dscr);
637         trace_sdhci_adma_loop(dscr.addr, dscr.length, dscr.attr);
638 
639         if ((dscr.attr & SDHC_ADMA_ATTR_VALID) == 0) {
640             /* Indicate that error occurred in ST_FDS state */
641             s->admaerr &= ~SDHC_ADMAERR_STATE_MASK;
642             s->admaerr |= SDHC_ADMAERR_STATE_ST_FDS;
643 
644             /* Generate ADMA error interrupt */
645             if (s->errintstsen & SDHC_EISEN_ADMAERR) {
646                 s->errintsts |= SDHC_EIS_ADMAERR;
647                 s->norintsts |= SDHC_NIS_ERR;
648             }
649 
650             sdhci_update_irq(s);
651             return;
652         }
653 
654         length = dscr.length ? dscr.length : 65536;
655 
656         switch (dscr.attr & SDHC_ADMA_ATTR_ACT_MASK) {
657         case SDHC_ADMA_ATTR_ACT_TRAN:  /* data transfer */
658 
659             if (s->trnmod & SDHC_TRNS_READ) {
660                 while (length) {
661                     if (s->data_count == 0) {
662                         for (n = 0; n < block_size; n++) {
663                             s->fifo_buffer[n] = sdbus_read_data(&s->sdbus);
664                         }
665                     }
666                     begin = s->data_count;
667                     if ((length + begin) < block_size) {
668                         s->data_count = length + begin;
669                         length = 0;
670                      } else {
671                         s->data_count = block_size;
672                         length -= block_size - begin;
673                     }
674                     dma_memory_write(s->dma_as, dscr.addr,
675                                      &s->fifo_buffer[begin],
676                                      s->data_count - begin);
677                     dscr.addr += s->data_count - begin;
678                     if (s->data_count == block_size) {
679                         s->data_count = 0;
680                         if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
681                             s->blkcnt--;
682                             if (s->blkcnt == 0) {
683                                 break;
684                             }
685                         }
686                     }
687                 }
688             } else {
689                 while (length) {
690                     begin = s->data_count;
691                     if ((length + begin) < block_size) {
692                         s->data_count = length + begin;
693                         length = 0;
694                      } else {
695                         s->data_count = block_size;
696                         length -= block_size - begin;
697                     }
698                     dma_memory_read(s->dma_as, dscr.addr,
699                                     &s->fifo_buffer[begin],
700                                     s->data_count - begin);
701                     dscr.addr += s->data_count - begin;
702                     if (s->data_count == block_size) {
703                         for (n = 0; n < block_size; n++) {
704                             sdbus_write_data(&s->sdbus, s->fifo_buffer[n]);
705                         }
706                         s->data_count = 0;
707                         if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
708                             s->blkcnt--;
709                             if (s->blkcnt == 0) {
710                                 break;
711                             }
712                         }
713                     }
714                 }
715             }
716             s->admasysaddr += dscr.incr;
717             break;
718         case SDHC_ADMA_ATTR_ACT_LINK:   /* link to next descriptor table */
719             s->admasysaddr = dscr.addr;
720             trace_sdhci_adma("link", s->admasysaddr);
721             break;
722         default:
723             s->admasysaddr += dscr.incr;
724             break;
725         }
726 
727         if (dscr.attr & SDHC_ADMA_ATTR_INT) {
728             trace_sdhci_adma("interrupt", s->admasysaddr);
729             if (s->norintstsen & SDHC_NISEN_DMA) {
730                 s->norintsts |= SDHC_NIS_DMA;
731             }
732 
733             sdhci_update_irq(s);
734         }
735 
736         /* ADMA transfer terminates if blkcnt == 0 or by END attribute */
737         if (((s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
738                     (s->blkcnt == 0)) || (dscr.attr & SDHC_ADMA_ATTR_END)) {
739             trace_sdhci_adma_transfer_completed();
740             if (length || ((dscr.attr & SDHC_ADMA_ATTR_END) &&
741                 (s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
742                 s->blkcnt != 0)) {
743                 trace_sdhci_error("SD/MMC host ADMA length mismatch");
744                 s->admaerr |= SDHC_ADMAERR_LENGTH_MISMATCH |
745                         SDHC_ADMAERR_STATE_ST_TFR;
746                 if (s->errintstsen & SDHC_EISEN_ADMAERR) {
747                     trace_sdhci_error("Set ADMA error flag");
748                     s->errintsts |= SDHC_EIS_ADMAERR;
749                     s->norintsts |= SDHC_NIS_ERR;
750                 }
751 
752                 sdhci_update_irq(s);
753             }
754             sdhci_end_transfer(s);
755             return;
756         }
757 
758     }
759 
760     /* we have unfinished business - reschedule to continue ADMA */
761     timer_mod(s->transfer_timer,
762                    qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + SDHC_TRANSFER_DELAY);
763 }
764 
765 /* Perform data transfer according to controller configuration */
766 
767 static void sdhci_data_transfer(void *opaque)
768 {
769     SDHCIState *s = (SDHCIState *)opaque;
770 
771     if (s->trnmod & SDHC_TRNS_DMA) {
772         switch (SDHC_DMA_TYPE(s->hostctl)) {
773         case SDHC_CTRL_SDMA:
774             if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) {
775                 sdhci_sdma_transfer_single_block(s);
776             } else {
777                 sdhci_sdma_transfer_multi_blocks(s);
778             }
779 
780             break;
781         case SDHC_CTRL_ADMA1_32:
782             if (!(s->capareg & SDHC_CAN_DO_ADMA1)) {
783                 trace_sdhci_error("ADMA1 not supported");
784                 break;
785             }
786 
787             sdhci_do_adma(s);
788             break;
789         case SDHC_CTRL_ADMA2_32:
790             if (!(s->capareg & SDHC_CAN_DO_ADMA2)) {
791                 trace_sdhci_error("ADMA2 not supported");
792                 break;
793             }
794 
795             sdhci_do_adma(s);
796             break;
797         case SDHC_CTRL_ADMA2_64:
798             if (!(s->capareg & SDHC_CAN_DO_ADMA2) ||
799                     !(s->capareg & SDHC_64_BIT_BUS_SUPPORT)) {
800                 trace_sdhci_error("64 bit ADMA not supported");
801                 break;
802             }
803 
804             sdhci_do_adma(s);
805             break;
806         default:
807             trace_sdhci_error("Unsupported DMA type");
808             break;
809         }
810     } else {
811         if ((s->trnmod & SDHC_TRNS_READ) && sdbus_data_ready(&s->sdbus)) {
812             s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT |
813                     SDHC_DAT_LINE_ACTIVE;
814             sdhci_read_block_from_card(s);
815         } else {
816             s->prnsts |= SDHC_DOING_WRITE | SDHC_DAT_LINE_ACTIVE |
817                     SDHC_SPACE_AVAILABLE | SDHC_DATA_INHIBIT;
818             sdhci_write_block_to_card(s);
819         }
820     }
821 }
822 
823 static bool sdhci_can_issue_command(SDHCIState *s)
824 {
825     if (!SDHC_CLOCK_IS_ON(s->clkcon) ||
826         (((s->prnsts & SDHC_DATA_INHIBIT) || s->stopped_state) &&
827         ((s->cmdreg & SDHC_CMD_DATA_PRESENT) ||
828         ((s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY &&
829         !(SDHC_COMMAND_TYPE(s->cmdreg) == SDHC_CMD_ABORT))))) {
830         return false;
831     }
832 
833     return true;
834 }
835 
836 /* The Buffer Data Port register must be accessed in sequential and
837  * continuous manner */
838 static inline bool
839 sdhci_buff_access_is_sequential(SDHCIState *s, unsigned byte_num)
840 {
841     if ((s->data_count & 0x3) != byte_num) {
842         trace_sdhci_error("Non-sequential access to Buffer Data Port register"
843                           "is prohibited\n");
844         return false;
845     }
846     return true;
847 }
848 
849 static uint64_t sdhci_read(void *opaque, hwaddr offset, unsigned size)
850 {
851     SDHCIState *s = (SDHCIState *)opaque;
852     uint32_t ret = 0;
853 
854     switch (offset & ~0x3) {
855     case SDHC_SYSAD:
856         ret = s->sdmasysad;
857         break;
858     case SDHC_BLKSIZE:
859         ret = s->blksize | (s->blkcnt << 16);
860         break;
861     case SDHC_ARGUMENT:
862         ret = s->argument;
863         break;
864     case SDHC_TRNMOD:
865         ret = s->trnmod | (s->cmdreg << 16);
866         break;
867     case SDHC_RSPREG0 ... SDHC_RSPREG3:
868         ret = s->rspreg[((offset & ~0x3) - SDHC_RSPREG0) >> 2];
869         break;
870     case  SDHC_BDATA:
871         if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) {
872             ret = sdhci_read_dataport(s, size);
873             trace_sdhci_access("rd", size << 3, offset, "->", ret, ret);
874             return ret;
875         }
876         break;
877     case SDHC_PRNSTS:
878         ret = s->prnsts;
879         break;
880     case SDHC_HOSTCTL:
881         ret = s->hostctl | (s->pwrcon << 8) | (s->blkgap << 16) |
882               (s->wakcon << 24);
883         break;
884     case SDHC_CLKCON:
885         ret = s->clkcon | (s->timeoutcon << 16);
886         break;
887     case SDHC_NORINTSTS:
888         ret = s->norintsts | (s->errintsts << 16);
889         break;
890     case SDHC_NORINTSTSEN:
891         ret = s->norintstsen | (s->errintstsen << 16);
892         break;
893     case SDHC_NORINTSIGEN:
894         ret = s->norintsigen | (s->errintsigen << 16);
895         break;
896     case SDHC_ACMD12ERRSTS:
897         ret = s->acmd12errsts;
898         break;
899     case SDHC_CAPAB:
900         ret = (uint32_t)s->capareg;
901         break;
902     case SDHC_CAPAB + 4:
903         ret = (uint32_t)(s->capareg >> 32);
904         break;
905     case SDHC_MAXCURR:
906         ret = (uint32_t)s->maxcurr;
907         break;
908     case SDHC_MAXCURR + 4:
909         ret = (uint32_t)(s->maxcurr >> 32);
910         break;
911     case SDHC_ADMAERR:
912         ret =  s->admaerr;
913         break;
914     case SDHC_ADMASYSADDR:
915         ret = (uint32_t)s->admasysaddr;
916         break;
917     case SDHC_ADMASYSADDR + 4:
918         ret = (uint32_t)(s->admasysaddr >> 32);
919         break;
920     case SDHC_SLOT_INT_STATUS:
921         ret = (SD_HOST_SPECv2_VERS << 16) | sdhci_slotint(s);
922         break;
923     default:
924         qemu_log_mask(LOG_UNIMP, "SDHC rd_%ub @0x%02" HWADDR_PRIx " "
925                       "not implemented\n", size, offset);
926         break;
927     }
928 
929     ret >>= (offset & 0x3) * 8;
930     ret &= (1ULL << (size * 8)) - 1;
931     trace_sdhci_access("rd", size << 3, offset, "->", ret, ret);
932     return ret;
933 }
934 
935 static inline void sdhci_blkgap_write(SDHCIState *s, uint8_t value)
936 {
937     if ((value & SDHC_STOP_AT_GAP_REQ) && (s->blkgap & SDHC_STOP_AT_GAP_REQ)) {
938         return;
939     }
940     s->blkgap = value & SDHC_STOP_AT_GAP_REQ;
941 
942     if ((value & SDHC_CONTINUE_REQ) && s->stopped_state &&
943             (s->blkgap & SDHC_STOP_AT_GAP_REQ) == 0) {
944         if (s->stopped_state == sdhc_gap_read) {
945             s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_READ;
946             sdhci_read_block_from_card(s);
947         } else {
948             s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_WRITE;
949             sdhci_write_block_to_card(s);
950         }
951         s->stopped_state = sdhc_not_stopped;
952     } else if (!s->stopped_state && (value & SDHC_STOP_AT_GAP_REQ)) {
953         if (s->prnsts & SDHC_DOING_READ) {
954             s->stopped_state = sdhc_gap_read;
955         } else if (s->prnsts & SDHC_DOING_WRITE) {
956             s->stopped_state = sdhc_gap_write;
957         }
958     }
959 }
960 
961 static inline void sdhci_reset_write(SDHCIState *s, uint8_t value)
962 {
963     switch (value) {
964     case SDHC_RESET_ALL:
965         sdhci_reset(s);
966         break;
967     case SDHC_RESET_CMD:
968         s->prnsts &= ~SDHC_CMD_INHIBIT;
969         s->norintsts &= ~SDHC_NIS_CMDCMP;
970         break;
971     case SDHC_RESET_DATA:
972         s->data_count = 0;
973         s->prnsts &= ~(SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE |
974                 SDHC_DOING_READ | SDHC_DOING_WRITE |
975                 SDHC_DATA_INHIBIT | SDHC_DAT_LINE_ACTIVE);
976         s->blkgap &= ~(SDHC_STOP_AT_GAP_REQ | SDHC_CONTINUE_REQ);
977         s->stopped_state = sdhc_not_stopped;
978         s->norintsts &= ~(SDHC_NIS_WBUFRDY | SDHC_NIS_RBUFRDY |
979                 SDHC_NIS_DMA | SDHC_NIS_TRSCMP | SDHC_NIS_BLKGAP);
980         break;
981     }
982 }
983 
984 static void
985 sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size)
986 {
987     SDHCIState *s = (SDHCIState *)opaque;
988     unsigned shift =  8 * (offset & 0x3);
989     uint32_t mask = ~(((1ULL << (size * 8)) - 1) << shift);
990     uint32_t value = val;
991     value <<= shift;
992 
993     switch (offset & ~0x3) {
994     case SDHC_SYSAD:
995         s->sdmasysad = (s->sdmasysad & mask) | value;
996         MASKED_WRITE(s->sdmasysad, mask, value);
997         /* Writing to last byte of sdmasysad might trigger transfer */
998         if (!(mask & 0xFF000000) && TRANSFERRING_DATA(s->prnsts) && s->blkcnt &&
999                 s->blksize && SDHC_DMA_TYPE(s->hostctl) == SDHC_CTRL_SDMA) {
1000             if (s->trnmod & SDHC_TRNS_MULTI) {
1001                 sdhci_sdma_transfer_multi_blocks(s);
1002             } else {
1003                 sdhci_sdma_transfer_single_block(s);
1004             }
1005         }
1006         break;
1007     case SDHC_BLKSIZE:
1008         if (!TRANSFERRING_DATA(s->prnsts)) {
1009             MASKED_WRITE(s->blksize, mask, value);
1010             MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16);
1011         }
1012 
1013         /* Limit block size to the maximum buffer size */
1014         if (extract32(s->blksize, 0, 12) > s->buf_maxsz) {
1015             qemu_log_mask(LOG_GUEST_ERROR, "%s: Size 0x%x is larger than " \
1016                           "the maximum buffer 0x%x", __func__, s->blksize,
1017                           s->buf_maxsz);
1018 
1019             s->blksize = deposit32(s->blksize, 0, 12, s->buf_maxsz);
1020         }
1021 
1022         break;
1023     case SDHC_ARGUMENT:
1024         MASKED_WRITE(s->argument, mask, value);
1025         break;
1026     case SDHC_TRNMOD:
1027         /* DMA can be enabled only if it is supported as indicated by
1028          * capabilities register */
1029         if (!(s->capareg & SDHC_CAN_DO_DMA)) {
1030             value &= ~SDHC_TRNS_DMA;
1031         }
1032         MASKED_WRITE(s->trnmod, mask, value & SDHC_TRNMOD_MASK);
1033         MASKED_WRITE(s->cmdreg, mask >> 16, value >> 16);
1034 
1035         /* Writing to the upper byte of CMDREG triggers SD command generation */
1036         if ((mask & 0xFF000000) || !sdhci_can_issue_command(s)) {
1037             break;
1038         }
1039 
1040         sdhci_send_command(s);
1041         break;
1042     case  SDHC_BDATA:
1043         if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) {
1044             sdhci_write_dataport(s, value >> shift, size);
1045         }
1046         break;
1047     case SDHC_HOSTCTL:
1048         if (!(mask & 0xFF0000)) {
1049             sdhci_blkgap_write(s, value >> 16);
1050         }
1051         MASKED_WRITE(s->hostctl, mask, value);
1052         MASKED_WRITE(s->pwrcon, mask >> 8, value >> 8);
1053         MASKED_WRITE(s->wakcon, mask >> 24, value >> 24);
1054         if (!(s->prnsts & SDHC_CARD_PRESENT) || ((s->pwrcon >> 1) & 0x7) < 5 ||
1055                 !(s->capareg & (1 << (31 - ((s->pwrcon >> 1) & 0x7))))) {
1056             s->pwrcon &= ~SDHC_POWER_ON;
1057         }
1058         break;
1059     case SDHC_CLKCON:
1060         if (!(mask & 0xFF000000)) {
1061             sdhci_reset_write(s, value >> 24);
1062         }
1063         MASKED_WRITE(s->clkcon, mask, value);
1064         MASKED_WRITE(s->timeoutcon, mask >> 16, value >> 16);
1065         if (s->clkcon & SDHC_CLOCK_INT_EN) {
1066             s->clkcon |= SDHC_CLOCK_INT_STABLE;
1067         } else {
1068             s->clkcon &= ~SDHC_CLOCK_INT_STABLE;
1069         }
1070         break;
1071     case SDHC_NORINTSTS:
1072         if (s->norintstsen & SDHC_NISEN_CARDINT) {
1073             value &= ~SDHC_NIS_CARDINT;
1074         }
1075         s->norintsts &= mask | ~value;
1076         s->errintsts &= (mask >> 16) | ~(value >> 16);
1077         if (s->errintsts) {
1078             s->norintsts |= SDHC_NIS_ERR;
1079         } else {
1080             s->norintsts &= ~SDHC_NIS_ERR;
1081         }
1082         sdhci_update_irq(s);
1083         break;
1084     case SDHC_NORINTSTSEN:
1085         MASKED_WRITE(s->norintstsen, mask, value);
1086         MASKED_WRITE(s->errintstsen, mask >> 16, value >> 16);
1087         s->norintsts &= s->norintstsen;
1088         s->errintsts &= s->errintstsen;
1089         if (s->errintsts) {
1090             s->norintsts |= SDHC_NIS_ERR;
1091         } else {
1092             s->norintsts &= ~SDHC_NIS_ERR;
1093         }
1094         /* Quirk for Raspberry Pi: pending card insert interrupt
1095          * appears when first enabled after power on */
1096         if ((s->norintstsen & SDHC_NISEN_INSERT) && s->pending_insert_state) {
1097             assert(s->pending_insert_quirk);
1098             s->norintsts |= SDHC_NIS_INSERT;
1099             s->pending_insert_state = false;
1100         }
1101         sdhci_update_irq(s);
1102         break;
1103     case SDHC_NORINTSIGEN:
1104         MASKED_WRITE(s->norintsigen, mask, value);
1105         MASKED_WRITE(s->errintsigen, mask >> 16, value >> 16);
1106         sdhci_update_irq(s);
1107         break;
1108     case SDHC_ADMAERR:
1109         MASKED_WRITE(s->admaerr, mask, value);
1110         break;
1111     case SDHC_ADMASYSADDR:
1112         s->admasysaddr = (s->admasysaddr & (0xFFFFFFFF00000000ULL |
1113                 (uint64_t)mask)) | (uint64_t)value;
1114         break;
1115     case SDHC_ADMASYSADDR + 4:
1116         s->admasysaddr = (s->admasysaddr & (0x00000000FFFFFFFFULL |
1117                 ((uint64_t)mask << 32))) | ((uint64_t)value << 32);
1118         break;
1119     case SDHC_FEAER:
1120         s->acmd12errsts |= value;
1121         s->errintsts |= (value >> 16) & s->errintstsen;
1122         if (s->acmd12errsts) {
1123             s->errintsts |= SDHC_EIS_CMD12ERR;
1124         }
1125         if (s->errintsts) {
1126             s->norintsts |= SDHC_NIS_ERR;
1127         }
1128         sdhci_update_irq(s);
1129         break;
1130     case SDHC_ACMD12ERRSTS:
1131         MASKED_WRITE(s->acmd12errsts, mask, value);
1132         break;
1133 
1134     case SDHC_CAPAB:
1135     case SDHC_CAPAB + 4:
1136     case SDHC_MAXCURR:
1137     case SDHC_MAXCURR + 4:
1138         qemu_log_mask(LOG_GUEST_ERROR, "SDHC wr_%ub @0x%02" HWADDR_PRIx
1139                       " <- 0x%08x read-only\n", size, offset, value >> shift);
1140         break;
1141 
1142     default:
1143         qemu_log_mask(LOG_UNIMP, "SDHC wr_%ub @0x%02" HWADDR_PRIx " <- 0x%08x "
1144                       "not implemented\n", size, offset, value >> shift);
1145         break;
1146     }
1147     trace_sdhci_access("wr", size << 3, offset, "<-",
1148                        value >> shift, value >> shift);
1149 }
1150 
1151 static const MemoryRegionOps sdhci_mmio_ops = {
1152     .read = sdhci_read,
1153     .write = sdhci_write,
1154     .valid = {
1155         .min_access_size = 1,
1156         .max_access_size = 4,
1157         .unaligned = false
1158     },
1159     .endianness = DEVICE_LITTLE_ENDIAN,
1160 };
1161 
1162 static inline unsigned int sdhci_get_fifolen(SDHCIState *s)
1163 {
1164     switch (SDHC_CAPAB_BLOCKSIZE(s->capareg)) {
1165     case 0:
1166         return 512;
1167     case 1:
1168         return 1024;
1169     case 2:
1170         return 2048;
1171     default:
1172         hw_error("SDHC: unsupported value for maximum block size\n");
1173         return 0;
1174     }
1175 }
1176 
1177 /* --- qdev common --- */
1178 
1179 #define DEFINE_SDHCI_COMMON_PROPERTIES(_state) \
1180     /* Capabilities registers provide information on supported features
1181      * of this specific host controller implementation */ \
1182     DEFINE_PROP_UINT64("capareg", _state, capareg, SDHC_CAPAB_REG_DEFAULT), \
1183     DEFINE_PROP_UINT64("maxcurr", _state, maxcurr, 0)
1184 
1185 static void sdhci_initfn(SDHCIState *s)
1186 {
1187     qbus_create_inplace(&s->sdbus, sizeof(s->sdbus),
1188                         TYPE_SDHCI_BUS, DEVICE(s), "sd-bus");
1189 
1190     s->insert_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sdhci_raise_insertion_irq, s);
1191     s->transfer_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sdhci_data_transfer, s);
1192 }
1193 
1194 static void sdhci_uninitfn(SDHCIState *s)
1195 {
1196     timer_del(s->insert_timer);
1197     timer_free(s->insert_timer);
1198     timer_del(s->transfer_timer);
1199     timer_free(s->transfer_timer);
1200 
1201     g_free(s->fifo_buffer);
1202     s->fifo_buffer = NULL;
1203 }
1204 
1205 static void sdhci_common_realize(SDHCIState *s, Error **errp)
1206 {
1207     s->buf_maxsz = sdhci_get_fifolen(s);
1208     s->fifo_buffer = g_malloc0(s->buf_maxsz);
1209 
1210     memory_region_init_io(&s->iomem, OBJECT(s), &sdhci_mmio_ops, s, "sdhci",
1211                           SDHC_REGISTERS_MAP_SIZE);
1212 }
1213 
1214 static void sdhci_common_unrealize(SDHCIState *s, Error **errp)
1215 {
1216     /* This function is expected to be called only once for each class:
1217      * - SysBus:    via DeviceClass->unrealize(),
1218      * - PCI:       via PCIDeviceClass->exit().
1219      * However to avoid double-free and/or use-after-free we still nullify
1220      * this variable (better safe than sorry!). */
1221     g_free(s->fifo_buffer);
1222     s->fifo_buffer = NULL;
1223 }
1224 
1225 static bool sdhci_pending_insert_vmstate_needed(void *opaque)
1226 {
1227     SDHCIState *s = opaque;
1228 
1229     return s->pending_insert_state;
1230 }
1231 
1232 static const VMStateDescription sdhci_pending_insert_vmstate = {
1233     .name = "sdhci/pending-insert",
1234     .version_id = 1,
1235     .minimum_version_id = 1,
1236     .needed = sdhci_pending_insert_vmstate_needed,
1237     .fields = (VMStateField[]) {
1238         VMSTATE_BOOL(pending_insert_state, SDHCIState),
1239         VMSTATE_END_OF_LIST()
1240     },
1241 };
1242 
1243 const VMStateDescription sdhci_vmstate = {
1244     .name = "sdhci",
1245     .version_id = 1,
1246     .minimum_version_id = 1,
1247     .fields = (VMStateField[]) {
1248         VMSTATE_UINT32(sdmasysad, SDHCIState),
1249         VMSTATE_UINT16(blksize, SDHCIState),
1250         VMSTATE_UINT16(blkcnt, SDHCIState),
1251         VMSTATE_UINT32(argument, SDHCIState),
1252         VMSTATE_UINT16(trnmod, SDHCIState),
1253         VMSTATE_UINT16(cmdreg, SDHCIState),
1254         VMSTATE_UINT32_ARRAY(rspreg, SDHCIState, 4),
1255         VMSTATE_UINT32(prnsts, SDHCIState),
1256         VMSTATE_UINT8(hostctl, SDHCIState),
1257         VMSTATE_UINT8(pwrcon, SDHCIState),
1258         VMSTATE_UINT8(blkgap, SDHCIState),
1259         VMSTATE_UINT8(wakcon, SDHCIState),
1260         VMSTATE_UINT16(clkcon, SDHCIState),
1261         VMSTATE_UINT8(timeoutcon, SDHCIState),
1262         VMSTATE_UINT8(admaerr, SDHCIState),
1263         VMSTATE_UINT16(norintsts, SDHCIState),
1264         VMSTATE_UINT16(errintsts, SDHCIState),
1265         VMSTATE_UINT16(norintstsen, SDHCIState),
1266         VMSTATE_UINT16(errintstsen, SDHCIState),
1267         VMSTATE_UINT16(norintsigen, SDHCIState),
1268         VMSTATE_UINT16(errintsigen, SDHCIState),
1269         VMSTATE_UINT16(acmd12errsts, SDHCIState),
1270         VMSTATE_UINT16(data_count, SDHCIState),
1271         VMSTATE_UINT64(admasysaddr, SDHCIState),
1272         VMSTATE_UINT8(stopped_state, SDHCIState),
1273         VMSTATE_VBUFFER_UINT32(fifo_buffer, SDHCIState, 1, NULL, buf_maxsz),
1274         VMSTATE_TIMER_PTR(insert_timer, SDHCIState),
1275         VMSTATE_TIMER_PTR(transfer_timer, SDHCIState),
1276         VMSTATE_END_OF_LIST()
1277     },
1278     .subsections = (const VMStateDescription*[]) {
1279         &sdhci_pending_insert_vmstate,
1280         NULL
1281     },
1282 };
1283 
1284 static void sdhci_common_class_init(ObjectClass *klass, void *data)
1285 {
1286     DeviceClass *dc = DEVICE_CLASS(klass);
1287 
1288     set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
1289     dc->vmsd = &sdhci_vmstate;
1290     dc->reset = sdhci_poweron_reset;
1291 }
1292 
1293 /* --- qdev PCI --- */
1294 
1295 static Property sdhci_pci_properties[] = {
1296     DEFINE_SDHCI_COMMON_PROPERTIES(SDHCIState),
1297     DEFINE_PROP_END_OF_LIST(),
1298 };
1299 
1300 static void sdhci_pci_realize(PCIDevice *dev, Error **errp)
1301 {
1302     SDHCIState *s = PCI_SDHCI(dev);
1303 
1304     sdhci_initfn(s);
1305     sdhci_common_realize(s, errp);
1306     if (errp && *errp) {
1307         return;
1308     }
1309 
1310     dev->config[PCI_CLASS_PROG] = 0x01; /* Standard Host supported DMA */
1311     dev->config[PCI_INTERRUPT_PIN] = 0x01; /* interrupt pin A */
1312     s->irq = pci_allocate_irq(dev);
1313     s->dma_as = pci_get_address_space(dev);
1314     pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->iomem);
1315 }
1316 
1317 static void sdhci_pci_exit(PCIDevice *dev)
1318 {
1319     SDHCIState *s = PCI_SDHCI(dev);
1320 
1321     sdhci_common_unrealize(s, &error_abort);
1322     sdhci_uninitfn(s);
1323 }
1324 
1325 static void sdhci_pci_class_init(ObjectClass *klass, void *data)
1326 {
1327     DeviceClass *dc = DEVICE_CLASS(klass);
1328     PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
1329 
1330     k->realize = sdhci_pci_realize;
1331     k->exit = sdhci_pci_exit;
1332     k->vendor_id = PCI_VENDOR_ID_REDHAT;
1333     k->device_id = PCI_DEVICE_ID_REDHAT_SDHCI;
1334     k->class_id = PCI_CLASS_SYSTEM_SDHCI;
1335     dc->props = sdhci_pci_properties;
1336 
1337     sdhci_common_class_init(klass, data);
1338 }
1339 
1340 static const TypeInfo sdhci_pci_info = {
1341     .name = TYPE_PCI_SDHCI,
1342     .parent = TYPE_PCI_DEVICE,
1343     .instance_size = sizeof(SDHCIState),
1344     .class_init = sdhci_pci_class_init,
1345     .interfaces = (InterfaceInfo[]) {
1346         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
1347         { },
1348     },
1349 };
1350 
1351 /* --- qdev SysBus --- */
1352 
1353 static Property sdhci_sysbus_properties[] = {
1354     DEFINE_SDHCI_COMMON_PROPERTIES(SDHCIState),
1355     DEFINE_PROP_BOOL("pending-insert-quirk", SDHCIState, pending_insert_quirk,
1356                      false),
1357     DEFINE_PROP_LINK("dma", SDHCIState,
1358                      dma_mr, TYPE_MEMORY_REGION, MemoryRegion *),
1359     DEFINE_PROP_END_OF_LIST(),
1360 };
1361 
1362 static void sdhci_sysbus_init(Object *obj)
1363 {
1364     SDHCIState *s = SYSBUS_SDHCI(obj);
1365 
1366     sdhci_initfn(s);
1367 }
1368 
1369 static void sdhci_sysbus_finalize(Object *obj)
1370 {
1371     SDHCIState *s = SYSBUS_SDHCI(obj);
1372 
1373     if (s->dma_mr) {
1374         object_unparent(OBJECT(s->dma_mr));
1375     }
1376 
1377     sdhci_uninitfn(s);
1378 }
1379 
1380 static void sdhci_sysbus_realize(DeviceState *dev, Error ** errp)
1381 {
1382     SDHCIState *s = SYSBUS_SDHCI(dev);
1383     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
1384 
1385     sdhci_common_realize(s, errp);
1386     if (errp && *errp) {
1387         return;
1388     }
1389 
1390     if (s->dma_mr) {
1391         address_space_init(s->dma_as, s->dma_mr, "sdhci-dma");
1392     } else {
1393         /* use system_memory() if property "dma" not set */
1394         s->dma_as = &address_space_memory;
1395     }
1396 
1397     sysbus_init_irq(sbd, &s->irq);
1398     sysbus_init_mmio(sbd, &s->iomem);
1399 }
1400 
1401 static void sdhci_sysbus_unrealize(DeviceState *dev, Error **errp)
1402 {
1403     SDHCIState *s = SYSBUS_SDHCI(dev);
1404 
1405     sdhci_common_unrealize(s, &error_abort);
1406 
1407      if (s->dma_mr) {
1408         address_space_destroy(s->dma_as);
1409     }
1410 }
1411 
1412 static void sdhci_sysbus_class_init(ObjectClass *klass, void *data)
1413 {
1414     DeviceClass *dc = DEVICE_CLASS(klass);
1415 
1416     dc->props = sdhci_sysbus_properties;
1417     dc->realize = sdhci_sysbus_realize;
1418     dc->unrealize = sdhci_sysbus_unrealize;
1419 
1420     sdhci_common_class_init(klass, data);
1421 }
1422 
1423 static const TypeInfo sdhci_sysbus_info = {
1424     .name = TYPE_SYSBUS_SDHCI,
1425     .parent = TYPE_SYS_BUS_DEVICE,
1426     .instance_size = sizeof(SDHCIState),
1427     .instance_init = sdhci_sysbus_init,
1428     .instance_finalize = sdhci_sysbus_finalize,
1429     .class_init = sdhci_sysbus_class_init,
1430 };
1431 
1432 /* --- qdev bus master --- */
1433 
1434 static void sdhci_bus_class_init(ObjectClass *klass, void *data)
1435 {
1436     SDBusClass *sbc = SD_BUS_CLASS(klass);
1437 
1438     sbc->set_inserted = sdhci_set_inserted;
1439     sbc->set_readonly = sdhci_set_readonly;
1440 }
1441 
1442 static const TypeInfo sdhci_bus_info = {
1443     .name = TYPE_SDHCI_BUS,
1444     .parent = TYPE_SD_BUS,
1445     .instance_size = sizeof(SDBus),
1446     .class_init = sdhci_bus_class_init,
1447 };
1448 
1449 static void sdhci_register_types(void)
1450 {
1451     type_register_static(&sdhci_pci_info);
1452     type_register_static(&sdhci_sysbus_info);
1453     type_register_static(&sdhci_bus_info);
1454 }
1455 
1456 type_init(sdhci_register_types)
1457