1 /* 2 * ASPEED AST2400 SMC Controller (SPI Flash Only) 3 * 4 * Copyright (C) 2016 IBM Corp. 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #include "qemu/osdep.h" 26 #include "hw/sysbus.h" 27 #include "migration/vmstate.h" 28 #include "qemu/log.h" 29 #include "qemu/module.h" 30 #include "qemu/error-report.h" 31 #include "qapi/error.h" 32 #include "exec/address-spaces.h" 33 34 #include "hw/irq.h" 35 #include "hw/qdev-properties.h" 36 #include "hw/ssi/aspeed_smc.h" 37 38 /* CE Type Setting Register */ 39 #define R_CONF (0x00 / 4) 40 #define CONF_LEGACY_DISABLE (1 << 31) 41 #define CONF_ENABLE_W4 20 42 #define CONF_ENABLE_W3 19 43 #define CONF_ENABLE_W2 18 44 #define CONF_ENABLE_W1 17 45 #define CONF_ENABLE_W0 16 46 #define CONF_FLASH_TYPE4 8 47 #define CONF_FLASH_TYPE3 6 48 #define CONF_FLASH_TYPE2 4 49 #define CONF_FLASH_TYPE1 2 50 #define CONF_FLASH_TYPE0 0 51 #define CONF_FLASH_TYPE_NOR 0x0 52 #define CONF_FLASH_TYPE_NAND 0x1 53 #define CONF_FLASH_TYPE_SPI 0x2 54 55 /* CE Control Register */ 56 #define R_CE_CTRL (0x04 / 4) 57 #define CTRL_EXTENDED4 4 /* 32 bit addressing for SPI */ 58 #define CTRL_EXTENDED3 3 /* 32 bit addressing for SPI */ 59 #define CTRL_EXTENDED2 2 /* 32 bit addressing for SPI */ 60 #define CTRL_EXTENDED1 1 /* 32 bit addressing for SPI */ 61 #define CTRL_EXTENDED0 0 /* 32 bit addressing for SPI */ 62 63 /* Interrupt Control and Status Register */ 64 #define R_INTR_CTRL (0x08 / 4) 65 #define INTR_CTRL_DMA_STATUS (1 << 11) 66 #define INTR_CTRL_CMD_ABORT_STATUS (1 << 10) 67 #define INTR_CTRL_WRITE_PROTECT_STATUS (1 << 9) 68 #define INTR_CTRL_DMA_EN (1 << 3) 69 #define INTR_CTRL_CMD_ABORT_EN (1 << 2) 70 #define INTR_CTRL_WRITE_PROTECT_EN (1 << 1) 71 72 /* CEx Control Register */ 73 #define R_CTRL0 (0x10 / 4) 74 #define CTRL_IO_DUAL_DATA (1 << 29) 75 #define CTRL_IO_DUAL_ADDR_DATA (1 << 28) /* Includes dummies */ 76 #define CTRL_CMD_SHIFT 16 77 #define CTRL_CMD_MASK 0xff 78 #define CTRL_DUMMY_HIGH_SHIFT 14 79 #define CTRL_AST2400_SPI_4BYTE (1 << 13) 80 #define CE_CTRL_CLOCK_FREQ_SHIFT 8 81 #define CE_CTRL_CLOCK_FREQ_MASK 0xf 82 #define CE_CTRL_CLOCK_FREQ(div) \ 83 (((div) & CE_CTRL_CLOCK_FREQ_MASK) << CE_CTRL_CLOCK_FREQ_SHIFT) 84 #define CTRL_DUMMY_LOW_SHIFT 6 /* 2 bits [7:6] */ 85 #define CTRL_CE_STOP_ACTIVE (1 << 2) 86 #define CTRL_CMD_MODE_MASK 0x3 87 #define CTRL_READMODE 0x0 88 #define CTRL_FREADMODE 0x1 89 #define CTRL_WRITEMODE 0x2 90 #define CTRL_USERMODE 0x3 91 #define R_CTRL1 (0x14 / 4) 92 #define R_CTRL2 (0x18 / 4) 93 #define R_CTRL3 (0x1C / 4) 94 #define R_CTRL4 (0x20 / 4) 95 96 /* CEx Segment Address Register */ 97 #define R_SEG_ADDR0 (0x30 / 4) 98 #define SEG_END_SHIFT 24 /* 8MB units */ 99 #define SEG_END_MASK 0xff 100 #define SEG_START_SHIFT 16 /* address bit [A29-A23] */ 101 #define SEG_START_MASK 0xff 102 #define R_SEG_ADDR1 (0x34 / 4) 103 #define R_SEG_ADDR2 (0x38 / 4) 104 #define R_SEG_ADDR3 (0x3C / 4) 105 #define R_SEG_ADDR4 (0x40 / 4) 106 107 /* Misc Control Register #1 */ 108 #define R_MISC_CTRL1 (0x50 / 4) 109 110 /* SPI dummy cycle data */ 111 #define R_DUMMY_DATA (0x54 / 4) 112 113 /* DMA Control/Status Register */ 114 #define R_DMA_CTRL (0x80 / 4) 115 #define DMA_CTRL_DELAY_MASK 0xf 116 #define DMA_CTRL_DELAY_SHIFT 8 117 #define DMA_CTRL_FREQ_MASK 0xf 118 #define DMA_CTRL_FREQ_SHIFT 4 119 #define DMA_CTRL_CALIB (1 << 3) 120 #define DMA_CTRL_CKSUM (1 << 2) 121 #define DMA_CTRL_WRITE (1 << 1) 122 #define DMA_CTRL_ENABLE (1 << 0) 123 124 /* DMA Flash Side Address */ 125 #define R_DMA_FLASH_ADDR (0x84 / 4) 126 127 /* DMA DRAM Side Address */ 128 #define R_DMA_DRAM_ADDR (0x88 / 4) 129 130 /* DMA Length Register */ 131 #define R_DMA_LEN (0x8C / 4) 132 133 /* Checksum Calculation Result */ 134 #define R_DMA_CHECKSUM (0x90 / 4) 135 136 /* Misc Control Register #2 */ 137 #define R_TIMINGS (0x94 / 4) 138 139 /* SPI controller registers and bits */ 140 #define R_SPI_CONF (0x00 / 4) 141 #define SPI_CONF_ENABLE_W0 0 142 #define R_SPI_CTRL0 (0x4 / 4) 143 #define R_SPI_MISC_CTRL (0x10 / 4) 144 #define R_SPI_TIMINGS (0x14 / 4) 145 146 #define ASPEED_SMC_R_SPI_MAX (0x20 / 4) 147 #define ASPEED_SMC_R_SMC_MAX (0x20 / 4) 148 149 #define ASPEED_SOC_SMC_FLASH_BASE 0x10000000 150 #define ASPEED_SOC_FMC_FLASH_BASE 0x20000000 151 #define ASPEED_SOC_SPI_FLASH_BASE 0x30000000 152 #define ASPEED_SOC_SPI2_FLASH_BASE 0x38000000 153 154 /* 155 * DMA DRAM addresses should be 4 bytes aligned and the valid address 156 * range is 0x40000000 - 0x5FFFFFFF (AST2400) 157 * 0x80000000 - 0xBFFFFFFF (AST2500) 158 * 159 * DMA flash addresses should be 4 bytes aligned and the valid address 160 * range is 0x20000000 - 0x2FFFFFFF. 161 * 162 * DMA length is from 4 bytes to 32MB 163 * 0: 4 bytes 164 * 0x7FFFFF: 32M bytes 165 */ 166 #define DMA_DRAM_ADDR(s, val) ((s)->sdram_base | \ 167 ((val) & (s)->ctrl->dma_dram_mask)) 168 #define DMA_FLASH_ADDR(s, val) ((s)->ctrl->flash_window_base | \ 169 ((val) & (s)->ctrl->dma_flash_mask)) 170 #define DMA_LENGTH(val) ((val) & 0x01FFFFFC) 171 172 /* Flash opcodes. */ 173 #define SPI_OP_READ 0x03 /* Read data bytes (low frequency) */ 174 175 #define SNOOP_OFF 0xFF 176 #define SNOOP_START 0x0 177 178 /* 179 * Default segments mapping addresses and size for each slave per 180 * controller. These can be changed when board is initialized with the 181 * Segment Address Registers. 182 */ 183 static const AspeedSegments aspeed_segments_legacy[] = { 184 { 0x10000000, 32 * 1024 * 1024 }, 185 }; 186 187 static const AspeedSegments aspeed_segments_fmc[] = { 188 { 0x20000000, 64 * 1024 * 1024 }, /* start address is readonly */ 189 { 0x24000000, 32 * 1024 * 1024 }, 190 { 0x26000000, 32 * 1024 * 1024 }, 191 { 0x28000000, 32 * 1024 * 1024 }, 192 { 0x2A000000, 32 * 1024 * 1024 } 193 }; 194 195 static const AspeedSegments aspeed_segments_spi[] = { 196 { 0x30000000, 64 * 1024 * 1024 }, 197 }; 198 199 static const AspeedSegments aspeed_segments_ast2500_fmc[] = { 200 { 0x20000000, 128 * 1024 * 1024 }, /* start address is readonly */ 201 { 0x28000000, 32 * 1024 * 1024 }, 202 { 0x2A000000, 32 * 1024 * 1024 }, 203 }; 204 205 static const AspeedSegments aspeed_segments_ast2500_spi1[] = { 206 { 0x30000000, 32 * 1024 * 1024 }, /* start address is readonly */ 207 { 0x32000000, 96 * 1024 * 1024 }, /* end address is readonly */ 208 }; 209 210 static const AspeedSegments aspeed_segments_ast2500_spi2[] = { 211 { 0x38000000, 32 * 1024 * 1024 }, /* start address is readonly */ 212 { 0x3A000000, 96 * 1024 * 1024 }, /* end address is readonly */ 213 }; 214 215 static const AspeedSMCController controllers[] = { 216 { 217 .name = "aspeed.smc-ast2400", 218 .r_conf = R_CONF, 219 .r_ce_ctrl = R_CE_CTRL, 220 .r_ctrl0 = R_CTRL0, 221 .r_timings = R_TIMINGS, 222 .conf_enable_w0 = CONF_ENABLE_W0, 223 .max_slaves = 5, 224 .segments = aspeed_segments_legacy, 225 .flash_window_base = ASPEED_SOC_SMC_FLASH_BASE, 226 .flash_window_size = 0x6000000, 227 .has_dma = false, 228 .nregs = ASPEED_SMC_R_SMC_MAX, 229 }, { 230 .name = "aspeed.fmc-ast2400", 231 .r_conf = R_CONF, 232 .r_ce_ctrl = R_CE_CTRL, 233 .r_ctrl0 = R_CTRL0, 234 .r_timings = R_TIMINGS, 235 .conf_enable_w0 = CONF_ENABLE_W0, 236 .max_slaves = 5, 237 .segments = aspeed_segments_fmc, 238 .flash_window_base = ASPEED_SOC_FMC_FLASH_BASE, 239 .flash_window_size = 0x10000000, 240 .has_dma = true, 241 .dma_flash_mask = 0x0FFFFFFC, 242 .dma_dram_mask = 0x1FFFFFFC, 243 .nregs = ASPEED_SMC_R_MAX, 244 }, { 245 .name = "aspeed.spi1-ast2400", 246 .r_conf = R_SPI_CONF, 247 .r_ce_ctrl = 0xff, 248 .r_ctrl0 = R_SPI_CTRL0, 249 .r_timings = R_SPI_TIMINGS, 250 .conf_enable_w0 = SPI_CONF_ENABLE_W0, 251 .max_slaves = 1, 252 .segments = aspeed_segments_spi, 253 .flash_window_base = ASPEED_SOC_SPI_FLASH_BASE, 254 .flash_window_size = 0x10000000, 255 .has_dma = false, 256 .nregs = ASPEED_SMC_R_SPI_MAX, 257 }, { 258 .name = "aspeed.fmc-ast2500", 259 .r_conf = R_CONF, 260 .r_ce_ctrl = R_CE_CTRL, 261 .r_ctrl0 = R_CTRL0, 262 .r_timings = R_TIMINGS, 263 .conf_enable_w0 = CONF_ENABLE_W0, 264 .max_slaves = 3, 265 .segments = aspeed_segments_ast2500_fmc, 266 .flash_window_base = ASPEED_SOC_FMC_FLASH_BASE, 267 .flash_window_size = 0x10000000, 268 .has_dma = true, 269 .dma_flash_mask = 0x0FFFFFFC, 270 .dma_dram_mask = 0x3FFFFFFC, 271 .nregs = ASPEED_SMC_R_MAX, 272 }, { 273 .name = "aspeed.spi1-ast2500", 274 .r_conf = R_CONF, 275 .r_ce_ctrl = R_CE_CTRL, 276 .r_ctrl0 = R_CTRL0, 277 .r_timings = R_TIMINGS, 278 .conf_enable_w0 = CONF_ENABLE_W0, 279 .max_slaves = 2, 280 .segments = aspeed_segments_ast2500_spi1, 281 .flash_window_base = ASPEED_SOC_SPI_FLASH_BASE, 282 .flash_window_size = 0x8000000, 283 .has_dma = false, 284 .nregs = ASPEED_SMC_R_MAX, 285 }, { 286 .name = "aspeed.spi2-ast2500", 287 .r_conf = R_CONF, 288 .r_ce_ctrl = R_CE_CTRL, 289 .r_ctrl0 = R_CTRL0, 290 .r_timings = R_TIMINGS, 291 .conf_enable_w0 = CONF_ENABLE_W0, 292 .max_slaves = 2, 293 .segments = aspeed_segments_ast2500_spi2, 294 .flash_window_base = ASPEED_SOC_SPI2_FLASH_BASE, 295 .flash_window_size = 0x8000000, 296 .has_dma = false, 297 .nregs = ASPEED_SMC_R_MAX, 298 }, 299 }; 300 301 /* 302 * The Segment Register uses a 8MB unit to encode the start address 303 * and the end address of the mapping window of a flash SPI slave : 304 * 305 * | byte 1 | byte 2 | byte 3 | byte 4 | 306 * +--------+--------+--------+--------+ 307 * | end | start | 0 | 0 | 308 * 309 */ 310 static inline uint32_t aspeed_smc_segment_to_reg(const AspeedSegments *seg) 311 { 312 uint32_t reg = 0; 313 reg |= ((seg->addr >> 23) & SEG_START_MASK) << SEG_START_SHIFT; 314 reg |= (((seg->addr + seg->size) >> 23) & SEG_END_MASK) << SEG_END_SHIFT; 315 return reg; 316 } 317 318 static inline void aspeed_smc_reg_to_segment(uint32_t reg, AspeedSegments *seg) 319 { 320 seg->addr = ((reg >> SEG_START_SHIFT) & SEG_START_MASK) << 23; 321 seg->size = (((reg >> SEG_END_SHIFT) & SEG_END_MASK) << 23) - seg->addr; 322 } 323 324 static bool aspeed_smc_flash_overlap(const AspeedSMCState *s, 325 const AspeedSegments *new, 326 int cs) 327 { 328 AspeedSegments seg; 329 int i; 330 331 for (i = 0; i < s->ctrl->max_slaves; i++) { 332 if (i == cs) { 333 continue; 334 } 335 336 aspeed_smc_reg_to_segment(s->regs[R_SEG_ADDR0 + i], &seg); 337 338 if (new->addr + new->size > seg.addr && 339 new->addr < seg.addr + seg.size) { 340 qemu_log_mask(LOG_GUEST_ERROR, "%s: new segment CS%d [ 0x%" 341 HWADDR_PRIx" - 0x%"HWADDR_PRIx" ] overlaps with " 342 "CS%d [ 0x%"HWADDR_PRIx" - 0x%"HWADDR_PRIx" ]\n", 343 s->ctrl->name, cs, new->addr, new->addr + new->size, 344 i, seg.addr, seg.addr + seg.size); 345 return true; 346 } 347 } 348 return false; 349 } 350 351 static void aspeed_smc_flash_set_segment(AspeedSMCState *s, int cs, 352 uint64_t new) 353 { 354 AspeedSMCFlash *fl = &s->flashes[cs]; 355 AspeedSegments seg; 356 357 aspeed_smc_reg_to_segment(new, &seg); 358 359 /* The start address of CS0 is read-only */ 360 if (cs == 0 && seg.addr != s->ctrl->flash_window_base) { 361 qemu_log_mask(LOG_GUEST_ERROR, 362 "%s: Tried to change CS0 start address to 0x%" 363 HWADDR_PRIx "\n", s->ctrl->name, seg.addr); 364 seg.addr = s->ctrl->flash_window_base; 365 new = aspeed_smc_segment_to_reg(&seg); 366 } 367 368 /* 369 * The end address of the AST2500 spi controllers is also 370 * read-only. 371 */ 372 if ((s->ctrl->segments == aspeed_segments_ast2500_spi1 || 373 s->ctrl->segments == aspeed_segments_ast2500_spi2) && 374 cs == s->ctrl->max_slaves && 375 seg.addr + seg.size != s->ctrl->segments[cs].addr + 376 s->ctrl->segments[cs].size) { 377 qemu_log_mask(LOG_GUEST_ERROR, 378 "%s: Tried to change CS%d end address to 0x%" 379 HWADDR_PRIx "\n", s->ctrl->name, cs, seg.addr + seg.size); 380 seg.size = s->ctrl->segments[cs].addr + s->ctrl->segments[cs].size - 381 seg.addr; 382 new = aspeed_smc_segment_to_reg(&seg); 383 } 384 385 /* Keep the segment in the overall flash window */ 386 if (seg.addr + seg.size <= s->ctrl->flash_window_base || 387 seg.addr > s->ctrl->flash_window_base + s->ctrl->flash_window_size) { 388 qemu_log_mask(LOG_GUEST_ERROR, "%s: new segment for CS%d is invalid : " 389 "[ 0x%"HWADDR_PRIx" - 0x%"HWADDR_PRIx" ]\n", 390 s->ctrl->name, cs, seg.addr, seg.addr + seg.size); 391 return; 392 } 393 394 /* Check start address vs. alignment */ 395 if (seg.size && !QEMU_IS_ALIGNED(seg.addr, seg.size)) { 396 qemu_log_mask(LOG_GUEST_ERROR, "%s: new segment for CS%d is not " 397 "aligned : [ 0x%"HWADDR_PRIx" - 0x%"HWADDR_PRIx" ]\n", 398 s->ctrl->name, cs, seg.addr, seg.addr + seg.size); 399 } 400 401 /* And segments should not overlap (in the specs) */ 402 aspeed_smc_flash_overlap(s, &seg, cs); 403 404 /* All should be fine now to move the region */ 405 memory_region_transaction_begin(); 406 memory_region_set_size(&fl->mmio, seg.size); 407 memory_region_set_address(&fl->mmio, seg.addr - s->ctrl->flash_window_base); 408 memory_region_set_enabled(&fl->mmio, true); 409 memory_region_transaction_commit(); 410 411 s->regs[R_SEG_ADDR0 + cs] = new; 412 } 413 414 static uint64_t aspeed_smc_flash_default_read(void *opaque, hwaddr addr, 415 unsigned size) 416 { 417 qemu_log_mask(LOG_GUEST_ERROR, "%s: To 0x%" HWADDR_PRIx " of size %u" 418 PRIx64 "\n", __func__, addr, size); 419 return 0; 420 } 421 422 static void aspeed_smc_flash_default_write(void *opaque, hwaddr addr, 423 uint64_t data, unsigned size) 424 { 425 qemu_log_mask(LOG_GUEST_ERROR, "%s: To 0x%" HWADDR_PRIx " of size %u: 0x%" 426 PRIx64 "\n", __func__, addr, size, data); 427 } 428 429 static const MemoryRegionOps aspeed_smc_flash_default_ops = { 430 .read = aspeed_smc_flash_default_read, 431 .write = aspeed_smc_flash_default_write, 432 .endianness = DEVICE_LITTLE_ENDIAN, 433 .valid = { 434 .min_access_size = 1, 435 .max_access_size = 4, 436 }, 437 }; 438 439 static inline int aspeed_smc_flash_mode(const AspeedSMCFlash *fl) 440 { 441 const AspeedSMCState *s = fl->controller; 442 443 return s->regs[s->r_ctrl0 + fl->id] & CTRL_CMD_MODE_MASK; 444 } 445 446 static inline bool aspeed_smc_is_writable(const AspeedSMCFlash *fl) 447 { 448 const AspeedSMCState *s = fl->controller; 449 450 return s->regs[s->r_conf] & (1 << (s->conf_enable_w0 + fl->id)); 451 } 452 453 static inline int aspeed_smc_flash_cmd(const AspeedSMCFlash *fl) 454 { 455 const AspeedSMCState *s = fl->controller; 456 int cmd = (s->regs[s->r_ctrl0 + fl->id] >> CTRL_CMD_SHIFT) & CTRL_CMD_MASK; 457 458 /* In read mode, the default SPI command is READ (0x3). In other 459 * modes, the command should necessarily be defined */ 460 if (aspeed_smc_flash_mode(fl) == CTRL_READMODE) { 461 cmd = SPI_OP_READ; 462 } 463 464 if (!cmd) { 465 qemu_log_mask(LOG_GUEST_ERROR, "%s: no command defined for mode %d\n", 466 __func__, aspeed_smc_flash_mode(fl)); 467 } 468 469 return cmd; 470 } 471 472 static inline int aspeed_smc_flash_is_4byte(const AspeedSMCFlash *fl) 473 { 474 const AspeedSMCState *s = fl->controller; 475 476 if (s->ctrl->segments == aspeed_segments_spi) { 477 return s->regs[s->r_ctrl0] & CTRL_AST2400_SPI_4BYTE; 478 } else { 479 return s->regs[s->r_ce_ctrl] & (1 << (CTRL_EXTENDED0 + fl->id)); 480 } 481 } 482 483 static inline bool aspeed_smc_is_ce_stop_active(const AspeedSMCFlash *fl) 484 { 485 const AspeedSMCState *s = fl->controller; 486 487 return s->regs[s->r_ctrl0 + fl->id] & CTRL_CE_STOP_ACTIVE; 488 } 489 490 static void aspeed_smc_flash_select(AspeedSMCFlash *fl) 491 { 492 AspeedSMCState *s = fl->controller; 493 494 s->regs[s->r_ctrl0 + fl->id] &= ~CTRL_CE_STOP_ACTIVE; 495 qemu_set_irq(s->cs_lines[fl->id], aspeed_smc_is_ce_stop_active(fl)); 496 } 497 498 static void aspeed_smc_flash_unselect(AspeedSMCFlash *fl) 499 { 500 AspeedSMCState *s = fl->controller; 501 502 s->regs[s->r_ctrl0 + fl->id] |= CTRL_CE_STOP_ACTIVE; 503 qemu_set_irq(s->cs_lines[fl->id], aspeed_smc_is_ce_stop_active(fl)); 504 } 505 506 static uint32_t aspeed_smc_check_segment_addr(const AspeedSMCFlash *fl, 507 uint32_t addr) 508 { 509 const AspeedSMCState *s = fl->controller; 510 AspeedSegments seg; 511 512 aspeed_smc_reg_to_segment(s->regs[R_SEG_ADDR0 + fl->id], &seg); 513 if ((addr % seg.size) != addr) { 514 qemu_log_mask(LOG_GUEST_ERROR, 515 "%s: invalid address 0x%08x for CS%d segment : " 516 "[ 0x%"HWADDR_PRIx" - 0x%"HWADDR_PRIx" ]\n", 517 s->ctrl->name, addr, fl->id, seg.addr, 518 seg.addr + seg.size); 519 addr %= seg.size; 520 } 521 522 return addr; 523 } 524 525 static int aspeed_smc_flash_dummies(const AspeedSMCFlash *fl) 526 { 527 const AspeedSMCState *s = fl->controller; 528 uint32_t r_ctrl0 = s->regs[s->r_ctrl0 + fl->id]; 529 uint32_t dummy_high = (r_ctrl0 >> CTRL_DUMMY_HIGH_SHIFT) & 0x1; 530 uint32_t dummy_low = (r_ctrl0 >> CTRL_DUMMY_LOW_SHIFT) & 0x3; 531 uint32_t dummies = ((dummy_high << 2) | dummy_low) * 8; 532 533 if (r_ctrl0 & CTRL_IO_DUAL_ADDR_DATA) { 534 dummies /= 2; 535 } 536 537 return dummies; 538 } 539 540 static void aspeed_smc_flash_setup(AspeedSMCFlash *fl, uint32_t addr) 541 { 542 const AspeedSMCState *s = fl->controller; 543 uint8_t cmd = aspeed_smc_flash_cmd(fl); 544 int i; 545 546 /* Flash access can not exceed CS segment */ 547 addr = aspeed_smc_check_segment_addr(fl, addr); 548 549 ssi_transfer(s->spi, cmd); 550 551 if (aspeed_smc_flash_is_4byte(fl)) { 552 ssi_transfer(s->spi, (addr >> 24) & 0xff); 553 } 554 ssi_transfer(s->spi, (addr >> 16) & 0xff); 555 ssi_transfer(s->spi, (addr >> 8) & 0xff); 556 ssi_transfer(s->spi, (addr & 0xff)); 557 558 /* 559 * Use fake transfers to model dummy bytes. The value should 560 * be configured to some non-zero value in fast read mode and 561 * zero in read mode. But, as the HW allows inconsistent 562 * settings, let's check for fast read mode. 563 */ 564 if (aspeed_smc_flash_mode(fl) == CTRL_FREADMODE) { 565 for (i = 0; i < aspeed_smc_flash_dummies(fl); i++) { 566 ssi_transfer(fl->controller->spi, s->regs[R_DUMMY_DATA] & 0xff); 567 } 568 } 569 } 570 571 static uint64_t aspeed_smc_flash_read(void *opaque, hwaddr addr, unsigned size) 572 { 573 AspeedSMCFlash *fl = opaque; 574 AspeedSMCState *s = fl->controller; 575 uint64_t ret = 0; 576 int i; 577 578 switch (aspeed_smc_flash_mode(fl)) { 579 case CTRL_USERMODE: 580 for (i = 0; i < size; i++) { 581 ret |= ssi_transfer(s->spi, 0x0) << (8 * i); 582 } 583 break; 584 case CTRL_READMODE: 585 case CTRL_FREADMODE: 586 aspeed_smc_flash_select(fl); 587 aspeed_smc_flash_setup(fl, addr); 588 589 for (i = 0; i < size; i++) { 590 ret |= ssi_transfer(s->spi, 0x0) << (8 * i); 591 } 592 593 aspeed_smc_flash_unselect(fl); 594 break; 595 default: 596 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid flash mode %d\n", 597 __func__, aspeed_smc_flash_mode(fl)); 598 } 599 600 return ret; 601 } 602 603 /* 604 * TODO (clg@kaod.org): stolen from xilinx_spips.c. Should move to a 605 * common include header. 606 */ 607 typedef enum { 608 READ = 0x3, READ_4 = 0x13, 609 FAST_READ = 0xb, FAST_READ_4 = 0x0c, 610 DOR = 0x3b, DOR_4 = 0x3c, 611 QOR = 0x6b, QOR_4 = 0x6c, 612 DIOR = 0xbb, DIOR_4 = 0xbc, 613 QIOR = 0xeb, QIOR_4 = 0xec, 614 615 PP = 0x2, PP_4 = 0x12, 616 DPP = 0xa2, 617 QPP = 0x32, QPP_4 = 0x34, 618 } FlashCMD; 619 620 static int aspeed_smc_num_dummies(uint8_t command) 621 { 622 switch (command) { /* check for dummies */ 623 case READ: /* no dummy bytes/cycles */ 624 case PP: 625 case DPP: 626 case QPP: 627 case READ_4: 628 case PP_4: 629 case QPP_4: 630 return 0; 631 case FAST_READ: 632 case DOR: 633 case QOR: 634 case DOR_4: 635 case QOR_4: 636 return 1; 637 case DIOR: 638 case FAST_READ_4: 639 case DIOR_4: 640 return 2; 641 case QIOR: 642 case QIOR_4: 643 return 4; 644 default: 645 return -1; 646 } 647 } 648 649 static bool aspeed_smc_do_snoop(AspeedSMCFlash *fl, uint64_t data, 650 unsigned size) 651 { 652 AspeedSMCState *s = fl->controller; 653 uint8_t addr_width = aspeed_smc_flash_is_4byte(fl) ? 4 : 3; 654 655 if (s->snoop_index == SNOOP_OFF) { 656 return false; /* Do nothing */ 657 658 } else if (s->snoop_index == SNOOP_START) { 659 uint8_t cmd = data & 0xff; 660 int ndummies = aspeed_smc_num_dummies(cmd); 661 662 /* 663 * No dummy cycles are expected with the current command. Turn 664 * off snooping and let the transfer proceed normally. 665 */ 666 if (ndummies <= 0) { 667 s->snoop_index = SNOOP_OFF; 668 return false; 669 } 670 671 s->snoop_dummies = ndummies * 8; 672 673 } else if (s->snoop_index >= addr_width + 1) { 674 675 /* The SPI transfer has reached the dummy cycles sequence */ 676 for (; s->snoop_dummies; s->snoop_dummies--) { 677 ssi_transfer(s->spi, s->regs[R_DUMMY_DATA] & 0xff); 678 } 679 680 /* If no more dummy cycles are expected, turn off snooping */ 681 if (!s->snoop_dummies) { 682 s->snoop_index = SNOOP_OFF; 683 } else { 684 s->snoop_index += size; 685 } 686 687 /* 688 * Dummy cycles have been faked already. Ignore the current 689 * SPI transfer 690 */ 691 return true; 692 } 693 694 s->snoop_index += size; 695 return false; 696 } 697 698 static void aspeed_smc_flash_write(void *opaque, hwaddr addr, uint64_t data, 699 unsigned size) 700 { 701 AspeedSMCFlash *fl = opaque; 702 AspeedSMCState *s = fl->controller; 703 int i; 704 705 if (!aspeed_smc_is_writable(fl)) { 706 qemu_log_mask(LOG_GUEST_ERROR, "%s: flash is not writable at 0x%" 707 HWADDR_PRIx "\n", __func__, addr); 708 return; 709 } 710 711 switch (aspeed_smc_flash_mode(fl)) { 712 case CTRL_USERMODE: 713 if (aspeed_smc_do_snoop(fl, data, size)) { 714 break; 715 } 716 717 for (i = 0; i < size; i++) { 718 ssi_transfer(s->spi, (data >> (8 * i)) & 0xff); 719 } 720 break; 721 case CTRL_WRITEMODE: 722 aspeed_smc_flash_select(fl); 723 aspeed_smc_flash_setup(fl, addr); 724 725 for (i = 0; i < size; i++) { 726 ssi_transfer(s->spi, (data >> (8 * i)) & 0xff); 727 } 728 729 aspeed_smc_flash_unselect(fl); 730 break; 731 default: 732 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid flash mode %d\n", 733 __func__, aspeed_smc_flash_mode(fl)); 734 } 735 } 736 737 static const MemoryRegionOps aspeed_smc_flash_ops = { 738 .read = aspeed_smc_flash_read, 739 .write = aspeed_smc_flash_write, 740 .endianness = DEVICE_LITTLE_ENDIAN, 741 .valid = { 742 .min_access_size = 1, 743 .max_access_size = 4, 744 }, 745 }; 746 747 static void aspeed_smc_flash_update_cs(AspeedSMCFlash *fl) 748 { 749 AspeedSMCState *s = fl->controller; 750 751 s->snoop_index = aspeed_smc_is_ce_stop_active(fl) ? SNOOP_OFF : SNOOP_START; 752 753 qemu_set_irq(s->cs_lines[fl->id], aspeed_smc_is_ce_stop_active(fl)); 754 } 755 756 static void aspeed_smc_reset(DeviceState *d) 757 { 758 AspeedSMCState *s = ASPEED_SMC(d); 759 int i; 760 761 memset(s->regs, 0, sizeof s->regs); 762 763 /* Unselect all slaves */ 764 for (i = 0; i < s->num_cs; ++i) { 765 s->regs[s->r_ctrl0 + i] |= CTRL_CE_STOP_ACTIVE; 766 qemu_set_irq(s->cs_lines[i], true); 767 } 768 769 /* setup default segment register values for all */ 770 for (i = 0; i < s->ctrl->max_slaves; ++i) { 771 s->regs[R_SEG_ADDR0 + i] = 772 aspeed_smc_segment_to_reg(&s->ctrl->segments[i]); 773 } 774 775 /* HW strapping flash type for FMC controllers */ 776 if (s->ctrl->segments == aspeed_segments_ast2500_fmc) { 777 /* flash type is fixed to SPI for CE0 and CE1 */ 778 s->regs[s->r_conf] |= (CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE0); 779 s->regs[s->r_conf] |= (CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE1); 780 } 781 782 /* HW strapping for AST2400 FMC controllers (SCU70). Let's use the 783 * configuration of the palmetto-bmc machine */ 784 if (s->ctrl->segments == aspeed_segments_fmc) { 785 s->regs[s->r_conf] |= (CONF_FLASH_TYPE_SPI << CONF_FLASH_TYPE0); 786 } 787 788 s->snoop_index = SNOOP_OFF; 789 s->snoop_dummies = 0; 790 } 791 792 static uint64_t aspeed_smc_read(void *opaque, hwaddr addr, unsigned int size) 793 { 794 AspeedSMCState *s = ASPEED_SMC(opaque); 795 796 addr >>= 2; 797 798 if (addr == s->r_conf || 799 addr == s->r_timings || 800 addr == s->r_ce_ctrl || 801 addr == R_INTR_CTRL || 802 addr == R_DUMMY_DATA || 803 (s->ctrl->has_dma && addr == R_DMA_CTRL) || 804 (s->ctrl->has_dma && addr == R_DMA_FLASH_ADDR) || 805 (s->ctrl->has_dma && addr == R_DMA_DRAM_ADDR) || 806 (s->ctrl->has_dma && addr == R_DMA_LEN) || 807 (s->ctrl->has_dma && addr == R_DMA_CHECKSUM) || 808 (addr >= R_SEG_ADDR0 && addr < R_SEG_ADDR0 + s->ctrl->max_slaves) || 809 (addr >= s->r_ctrl0 && addr < s->r_ctrl0 + s->ctrl->max_slaves)) { 810 return s->regs[addr]; 811 } else { 812 qemu_log_mask(LOG_UNIMP, "%s: not implemented: 0x%" HWADDR_PRIx "\n", 813 __func__, addr); 814 return -1; 815 } 816 } 817 818 static uint8_t aspeed_smc_hclk_divisor(uint8_t hclk_mask) 819 { 820 /* HCLK/1 .. HCLK/16 */ 821 const uint8_t hclk_divisors[] = { 822 15, 7, 14, 6, 13, 5, 12, 4, 11, 3, 10, 2, 9, 1, 8, 0 823 }; 824 int i; 825 826 for (i = 0; i < ARRAY_SIZE(hclk_divisors); i++) { 827 if (hclk_mask == hclk_divisors[i]) { 828 return i + 1; 829 } 830 } 831 832 qemu_log_mask(LOG_GUEST_ERROR, "invalid HCLK mask %x", hclk_mask); 833 return 0; 834 } 835 836 /* 837 * When doing calibration, the SPI clock rate in the CE0 Control 838 * Register and the read delay cycles in the Read Timing Compensation 839 * Register are set using bit[11:4] of the DMA Control Register. 840 */ 841 static void aspeed_smc_dma_calibration(AspeedSMCState *s) 842 { 843 uint8_t delay = 844 (s->regs[R_DMA_CTRL] >> DMA_CTRL_DELAY_SHIFT) & DMA_CTRL_DELAY_MASK; 845 uint8_t hclk_mask = 846 (s->regs[R_DMA_CTRL] >> DMA_CTRL_FREQ_SHIFT) & DMA_CTRL_FREQ_MASK; 847 uint8_t hclk_div = aspeed_smc_hclk_divisor(hclk_mask); 848 uint32_t hclk_shift = (hclk_div - 1) << 2; 849 uint8_t cs; 850 851 /* 852 * The Read Timing Compensation Register values apply to all CS on 853 * the SPI bus and only HCLK/1 - HCLK/5 can have tunable delays 854 */ 855 if (hclk_div && hclk_div < 6) { 856 s->regs[s->r_timings] &= ~(0xf << hclk_shift); 857 s->regs[s->r_timings] |= delay << hclk_shift; 858 } 859 860 /* 861 * TODO: compute the CS from the DMA address and the segment 862 * registers. This is not really a problem for now because the 863 * Timing Register values apply to all CS and software uses CS0 to 864 * do calibration. 865 */ 866 cs = 0; 867 s->regs[s->r_ctrl0 + cs] &= 868 ~(CE_CTRL_CLOCK_FREQ_MASK << CE_CTRL_CLOCK_FREQ_SHIFT); 869 s->regs[s->r_ctrl0 + cs] |= CE_CTRL_CLOCK_FREQ(hclk_div); 870 } 871 872 /* 873 * Emulate read errors in the DMA Checksum Register for high 874 * frequencies and optimistic settings of the Read Timing Compensation 875 * Register. This will help in tuning the SPI timing calibration 876 * algorithm. 877 */ 878 static bool aspeed_smc_inject_read_failure(AspeedSMCState *s) 879 { 880 uint8_t delay = 881 (s->regs[R_DMA_CTRL] >> DMA_CTRL_DELAY_SHIFT) & DMA_CTRL_DELAY_MASK; 882 uint8_t hclk_mask = 883 (s->regs[R_DMA_CTRL] >> DMA_CTRL_FREQ_SHIFT) & DMA_CTRL_FREQ_MASK; 884 885 /* 886 * Typical values of a palmetto-bmc machine. 887 */ 888 switch (aspeed_smc_hclk_divisor(hclk_mask)) { 889 case 4 ... 16: 890 return false; 891 case 3: /* at least one HCLK cycle delay */ 892 return (delay & 0x7) < 1; 893 case 2: /* at least two HCLK cycle delay */ 894 return (delay & 0x7) < 2; 895 case 1: /* (> 100MHz) is above the max freq of the controller */ 896 return true; 897 default: 898 g_assert_not_reached(); 899 } 900 } 901 902 /* 903 * Accumulate the result of the reads to provide a checksum that will 904 * be used to validate the read timing settings. 905 */ 906 static void aspeed_smc_dma_checksum(AspeedSMCState *s) 907 { 908 MemTxResult result; 909 uint32_t data; 910 911 if (s->regs[R_DMA_CTRL] & DMA_CTRL_WRITE) { 912 qemu_log_mask(LOG_GUEST_ERROR, 913 "%s: invalid direction for DMA checksum\n", __func__); 914 return; 915 } 916 917 if (s->regs[R_DMA_CTRL] & DMA_CTRL_CALIB) { 918 aspeed_smc_dma_calibration(s); 919 } 920 921 while (s->regs[R_DMA_LEN]) { 922 data = address_space_ldl_le(&s->flash_as, s->regs[R_DMA_FLASH_ADDR], 923 MEMTXATTRS_UNSPECIFIED, &result); 924 if (result != MEMTX_OK) { 925 qemu_log_mask(LOG_GUEST_ERROR, "%s: Flash read failed @%08x\n", 926 __func__, s->regs[R_DMA_FLASH_ADDR]); 927 return; 928 } 929 930 /* 931 * When the DMA is on-going, the DMA registers are updated 932 * with the current working addresses and length. 933 */ 934 s->regs[R_DMA_CHECKSUM] += data; 935 s->regs[R_DMA_FLASH_ADDR] += 4; 936 s->regs[R_DMA_LEN] -= 4; 937 } 938 939 if (s->inject_failure && aspeed_smc_inject_read_failure(s)) { 940 s->regs[R_DMA_CHECKSUM] = 0xbadc0de; 941 } 942 943 } 944 945 static void aspeed_smc_dma_rw(AspeedSMCState *s) 946 { 947 MemTxResult result; 948 uint32_t data; 949 950 while (s->regs[R_DMA_LEN]) { 951 if (s->regs[R_DMA_CTRL] & DMA_CTRL_WRITE) { 952 data = address_space_ldl_le(&s->dram_as, s->regs[R_DMA_DRAM_ADDR], 953 MEMTXATTRS_UNSPECIFIED, &result); 954 if (result != MEMTX_OK) { 955 qemu_log_mask(LOG_GUEST_ERROR, "%s: DRAM read failed @%08x\n", 956 __func__, s->regs[R_DMA_DRAM_ADDR]); 957 return; 958 } 959 960 address_space_stl_le(&s->flash_as, s->regs[R_DMA_FLASH_ADDR], 961 data, MEMTXATTRS_UNSPECIFIED, &result); 962 if (result != MEMTX_OK) { 963 qemu_log_mask(LOG_GUEST_ERROR, "%s: Flash write failed @%08x\n", 964 __func__, s->regs[R_DMA_FLASH_ADDR]); 965 return; 966 } 967 } else { 968 data = address_space_ldl_le(&s->flash_as, s->regs[R_DMA_FLASH_ADDR], 969 MEMTXATTRS_UNSPECIFIED, &result); 970 if (result != MEMTX_OK) { 971 qemu_log_mask(LOG_GUEST_ERROR, "%s: Flash read failed @%08x\n", 972 __func__, s->regs[R_DMA_FLASH_ADDR]); 973 return; 974 } 975 976 address_space_stl_le(&s->dram_as, s->regs[R_DMA_DRAM_ADDR], 977 data, MEMTXATTRS_UNSPECIFIED, &result); 978 if (result != MEMTX_OK) { 979 qemu_log_mask(LOG_GUEST_ERROR, "%s: DRAM write failed @%08x\n", 980 __func__, s->regs[R_DMA_DRAM_ADDR]); 981 return; 982 } 983 } 984 985 /* 986 * When the DMA is on-going, the DMA registers are updated 987 * with the current working addresses and length. 988 */ 989 s->regs[R_DMA_FLASH_ADDR] += 4; 990 s->regs[R_DMA_DRAM_ADDR] += 4; 991 s->regs[R_DMA_LEN] -= 4; 992 s->regs[R_DMA_CHECKSUM] += data; 993 } 994 } 995 996 static void aspeed_smc_dma_stop(AspeedSMCState *s) 997 { 998 /* 999 * When the DMA is disabled, INTR_CTRL_DMA_STATUS=0 means the 1000 * engine is idle 1001 */ 1002 s->regs[R_INTR_CTRL] &= ~INTR_CTRL_DMA_STATUS; 1003 s->regs[R_DMA_CHECKSUM] = 0; 1004 1005 /* 1006 * Lower the DMA irq in any case. The IRQ control register could 1007 * have been cleared before disabling the DMA. 1008 */ 1009 qemu_irq_lower(s->irq); 1010 } 1011 1012 /* 1013 * When INTR_CTRL_DMA_STATUS=1, the DMA has completed and a new DMA 1014 * can start even if the result of the previous was not collected. 1015 */ 1016 static bool aspeed_smc_dma_in_progress(AspeedSMCState *s) 1017 { 1018 return s->regs[R_DMA_CTRL] & DMA_CTRL_ENABLE && 1019 !(s->regs[R_INTR_CTRL] & INTR_CTRL_DMA_STATUS); 1020 } 1021 1022 static void aspeed_smc_dma_done(AspeedSMCState *s) 1023 { 1024 s->regs[R_INTR_CTRL] |= INTR_CTRL_DMA_STATUS; 1025 if (s->regs[R_INTR_CTRL] & INTR_CTRL_DMA_EN) { 1026 qemu_irq_raise(s->irq); 1027 } 1028 } 1029 1030 static void aspeed_smc_dma_ctrl(AspeedSMCState *s, uint64_t dma_ctrl) 1031 { 1032 if (!(dma_ctrl & DMA_CTRL_ENABLE)) { 1033 s->regs[R_DMA_CTRL] = dma_ctrl; 1034 1035 aspeed_smc_dma_stop(s); 1036 return; 1037 } 1038 1039 if (aspeed_smc_dma_in_progress(s)) { 1040 qemu_log_mask(LOG_GUEST_ERROR, "%s: DMA in progress\n", __func__); 1041 return; 1042 } 1043 1044 s->regs[R_DMA_CTRL] = dma_ctrl; 1045 1046 if (s->regs[R_DMA_CTRL] & DMA_CTRL_CKSUM) { 1047 aspeed_smc_dma_checksum(s); 1048 } else { 1049 aspeed_smc_dma_rw(s); 1050 } 1051 1052 aspeed_smc_dma_done(s); 1053 } 1054 1055 static void aspeed_smc_write(void *opaque, hwaddr addr, uint64_t data, 1056 unsigned int size) 1057 { 1058 AspeedSMCState *s = ASPEED_SMC(opaque); 1059 uint32_t value = data; 1060 1061 addr >>= 2; 1062 1063 if (addr == s->r_conf || 1064 addr == s->r_timings || 1065 addr == s->r_ce_ctrl) { 1066 s->regs[addr] = value; 1067 } else if (addr >= s->r_ctrl0 && addr < s->r_ctrl0 + s->num_cs) { 1068 int cs = addr - s->r_ctrl0; 1069 s->regs[addr] = value; 1070 aspeed_smc_flash_update_cs(&s->flashes[cs]); 1071 } else if (addr >= R_SEG_ADDR0 && 1072 addr < R_SEG_ADDR0 + s->ctrl->max_slaves) { 1073 int cs = addr - R_SEG_ADDR0; 1074 1075 if (value != s->regs[R_SEG_ADDR0 + cs]) { 1076 aspeed_smc_flash_set_segment(s, cs, value); 1077 } 1078 } else if (addr == R_DUMMY_DATA) { 1079 s->regs[addr] = value & 0xff; 1080 } else if (addr == R_INTR_CTRL) { 1081 s->regs[addr] = value; 1082 } else if (s->ctrl->has_dma && addr == R_DMA_CTRL) { 1083 aspeed_smc_dma_ctrl(s, value); 1084 } else if (s->ctrl->has_dma && addr == R_DMA_DRAM_ADDR) { 1085 s->regs[addr] = DMA_DRAM_ADDR(s, value); 1086 } else if (s->ctrl->has_dma && addr == R_DMA_FLASH_ADDR) { 1087 s->regs[addr] = DMA_FLASH_ADDR(s, value); 1088 } else if (s->ctrl->has_dma && addr == R_DMA_LEN) { 1089 s->regs[addr] = DMA_LENGTH(value); 1090 } else { 1091 qemu_log_mask(LOG_UNIMP, "%s: not implemented: 0x%" HWADDR_PRIx "\n", 1092 __func__, addr); 1093 return; 1094 } 1095 } 1096 1097 static const MemoryRegionOps aspeed_smc_ops = { 1098 .read = aspeed_smc_read, 1099 .write = aspeed_smc_write, 1100 .endianness = DEVICE_LITTLE_ENDIAN, 1101 .valid.unaligned = true, 1102 }; 1103 1104 1105 /* 1106 * Initialize the custom address spaces for DMAs 1107 */ 1108 static void aspeed_smc_dma_setup(AspeedSMCState *s, Error **errp) 1109 { 1110 char *name; 1111 1112 if (!s->dram_mr) { 1113 error_setg(errp, TYPE_ASPEED_SMC ": 'dram' link not set"); 1114 return; 1115 } 1116 1117 name = g_strdup_printf("%s-dma-flash", s->ctrl->name); 1118 address_space_init(&s->flash_as, &s->mmio_flash, name); 1119 g_free(name); 1120 1121 name = g_strdup_printf("%s-dma-dram", s->ctrl->name); 1122 address_space_init(&s->dram_as, s->dram_mr, name); 1123 g_free(name); 1124 } 1125 1126 static void aspeed_smc_realize(DeviceState *dev, Error **errp) 1127 { 1128 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1129 AspeedSMCState *s = ASPEED_SMC(dev); 1130 AspeedSMCClass *mc = ASPEED_SMC_GET_CLASS(s); 1131 int i; 1132 char name[32]; 1133 hwaddr offset = 0; 1134 1135 s->ctrl = mc->ctrl; 1136 1137 /* keep a copy under AspeedSMCState to speed up accesses */ 1138 s->r_conf = s->ctrl->r_conf; 1139 s->r_ce_ctrl = s->ctrl->r_ce_ctrl; 1140 s->r_ctrl0 = s->ctrl->r_ctrl0; 1141 s->r_timings = s->ctrl->r_timings; 1142 s->conf_enable_w0 = s->ctrl->conf_enable_w0; 1143 1144 /* Enforce some real HW limits */ 1145 if (s->num_cs > s->ctrl->max_slaves) { 1146 qemu_log_mask(LOG_GUEST_ERROR, "%s: num_cs cannot exceed: %d\n", 1147 __func__, s->ctrl->max_slaves); 1148 s->num_cs = s->ctrl->max_slaves; 1149 } 1150 1151 /* DMA irq. Keep it first for the initialization in the SoC */ 1152 sysbus_init_irq(sbd, &s->irq); 1153 1154 s->spi = ssi_create_bus(dev, "spi"); 1155 1156 /* Setup cs_lines for slaves */ 1157 s->cs_lines = g_new0(qemu_irq, s->num_cs); 1158 ssi_auto_connect_slaves(dev, s->cs_lines, s->spi); 1159 1160 for (i = 0; i < s->num_cs; ++i) { 1161 sysbus_init_irq(sbd, &s->cs_lines[i]); 1162 } 1163 1164 /* The memory region for the controller registers */ 1165 memory_region_init_io(&s->mmio, OBJECT(s), &aspeed_smc_ops, s, 1166 s->ctrl->name, s->ctrl->nregs * 4); 1167 sysbus_init_mmio(sbd, &s->mmio); 1168 1169 /* 1170 * The container memory region representing the address space 1171 * window in which the flash modules are mapped. The size and 1172 * address depends on the SoC model and controller type. 1173 */ 1174 snprintf(name, sizeof(name), "%s.flash", s->ctrl->name); 1175 1176 memory_region_init_io(&s->mmio_flash, OBJECT(s), 1177 &aspeed_smc_flash_default_ops, s, name, 1178 s->ctrl->flash_window_size); 1179 sysbus_init_mmio(sbd, &s->mmio_flash); 1180 1181 s->flashes = g_new0(AspeedSMCFlash, s->ctrl->max_slaves); 1182 1183 /* 1184 * Let's create a sub memory region for each possible slave. All 1185 * have a configurable memory segment in the overall flash mapping 1186 * window of the controller but, there is not necessarily a flash 1187 * module behind to handle the memory accesses. This depends on 1188 * the board configuration. 1189 */ 1190 for (i = 0; i < s->ctrl->max_slaves; ++i) { 1191 AspeedSMCFlash *fl = &s->flashes[i]; 1192 1193 snprintf(name, sizeof(name), "%s.%d", s->ctrl->name, i); 1194 1195 fl->id = i; 1196 fl->controller = s; 1197 fl->size = s->ctrl->segments[i].size; 1198 memory_region_init_io(&fl->mmio, OBJECT(s), &aspeed_smc_flash_ops, 1199 fl, name, fl->size); 1200 memory_region_add_subregion(&s->mmio_flash, offset, &fl->mmio); 1201 offset += fl->size; 1202 } 1203 1204 /* DMA support */ 1205 if (s->ctrl->has_dma) { 1206 aspeed_smc_dma_setup(s, errp); 1207 } 1208 } 1209 1210 static const VMStateDescription vmstate_aspeed_smc = { 1211 .name = "aspeed.smc", 1212 .version_id = 2, 1213 .minimum_version_id = 2, 1214 .fields = (VMStateField[]) { 1215 VMSTATE_UINT32_ARRAY(regs, AspeedSMCState, ASPEED_SMC_R_MAX), 1216 VMSTATE_UINT8(snoop_index, AspeedSMCState), 1217 VMSTATE_UINT8(snoop_dummies, AspeedSMCState), 1218 VMSTATE_END_OF_LIST() 1219 } 1220 }; 1221 1222 static Property aspeed_smc_properties[] = { 1223 DEFINE_PROP_UINT32("num-cs", AspeedSMCState, num_cs, 1), 1224 DEFINE_PROP_BOOL("inject-failure", AspeedSMCState, inject_failure, false), 1225 DEFINE_PROP_UINT64("sdram-base", AspeedSMCState, sdram_base, 0), 1226 DEFINE_PROP_LINK("dram", AspeedSMCState, dram_mr, 1227 TYPE_MEMORY_REGION, MemoryRegion *), 1228 DEFINE_PROP_END_OF_LIST(), 1229 }; 1230 1231 static void aspeed_smc_class_init(ObjectClass *klass, void *data) 1232 { 1233 DeviceClass *dc = DEVICE_CLASS(klass); 1234 AspeedSMCClass *mc = ASPEED_SMC_CLASS(klass); 1235 1236 dc->realize = aspeed_smc_realize; 1237 dc->reset = aspeed_smc_reset; 1238 dc->props = aspeed_smc_properties; 1239 dc->vmsd = &vmstate_aspeed_smc; 1240 mc->ctrl = data; 1241 } 1242 1243 static const TypeInfo aspeed_smc_info = { 1244 .name = TYPE_ASPEED_SMC, 1245 .parent = TYPE_SYS_BUS_DEVICE, 1246 .instance_size = sizeof(AspeedSMCState), 1247 .class_size = sizeof(AspeedSMCClass), 1248 .abstract = true, 1249 }; 1250 1251 static void aspeed_smc_register_types(void) 1252 { 1253 int i; 1254 1255 type_register_static(&aspeed_smc_info); 1256 for (i = 0; i < ARRAY_SIZE(controllers); ++i) { 1257 TypeInfo ti = { 1258 .name = controllers[i].name, 1259 .parent = TYPE_ASPEED_SMC, 1260 .class_init = aspeed_smc_class_init, 1261 .class_data = (void *)&controllers[i], 1262 }; 1263 type_register(&ti); 1264 } 1265 } 1266 1267 type_init(aspeed_smc_register_types) 1268