1 /* 2 * QEMU Universal Flash Storage (UFS) Controller 3 * 4 * Copyright (c) 2023 Samsung Electronics Co., Ltd. All rights reserved. 5 * 6 * Written by Jeuk Kim <jeuk20.kim@samsung.com> 7 * 8 * SPDX-License-Identifier: GPL-2.0-or-later 9 */ 10 11 /** 12 * Reference Specs: https://www.jedec.org/, 4.0 13 * 14 * Usage 15 * ----- 16 * 17 * Add options: 18 * -drive file=<file>,if=none,id=<drive_id> 19 * -device ufs,serial=<serial>,id=<bus_name>, \ 20 * nutrs=<N[optional]>,nutmrs=<N[optional]> 21 * -device ufs-lu,drive=<drive_id>,bus=<bus_name> 22 */ 23 24 #include "qemu/osdep.h" 25 #include "qapi/error.h" 26 #include "migration/vmstate.h" 27 #include "scsi/constants.h" 28 #include "trace.h" 29 #include "ufs.h" 30 31 /* The QEMU-UFS device follows spec version 4.0 */ 32 #define UFS_SPEC_VER 0x0400 33 #define UFS_MAX_NUTRS 32 34 #define UFS_MAX_NUTMRS 8 35 #define UFS_MCQ_QCFGPTR 2 36 37 static void ufs_exec_req(UfsRequest *req); 38 static void ufs_clear_req(UfsRequest *req); 39 40 static inline uint64_t ufs_mcq_reg_addr(UfsHc *u, int qid) 41 { 42 /* Submission Queue MCQ Registers offset (400h) */ 43 return (UFS_MCQ_QCFGPTR * 0x200) + qid * 0x40; 44 } 45 46 static inline uint64_t ufs_mcq_op_reg_addr(UfsHc *u, int qid) 47 { 48 /* MCQ Operation & Runtime Registers offset (1000h) */ 49 return UFS_MCQ_OPR_START + qid * 48; 50 } 51 52 static inline uint64_t ufs_reg_size(UfsHc *u) 53 { 54 /* Total UFS HCI Register size in bytes */ 55 return ufs_mcq_op_reg_addr(u, 0) + sizeof(u->mcq_op_reg); 56 } 57 58 static inline bool ufs_is_mcq_reg(UfsHc *u, uint64_t addr, unsigned size) 59 { 60 uint64_t mcq_reg_addr; 61 62 if (!u->params.mcq) { 63 return false; 64 } 65 66 mcq_reg_addr = ufs_mcq_reg_addr(u, 0); 67 return (addr >= mcq_reg_addr && 68 addr + size <= mcq_reg_addr + sizeof(u->mcq_reg)); 69 } 70 71 static inline bool ufs_is_mcq_op_reg(UfsHc *u, uint64_t addr, unsigned size) 72 { 73 uint64_t mcq_op_reg_addr; 74 75 if (!u->params.mcq) { 76 return false; 77 } 78 79 mcq_op_reg_addr = ufs_mcq_op_reg_addr(u, 0); 80 return (addr >= mcq_op_reg_addr && 81 addr + size <= mcq_op_reg_addr + sizeof(u->mcq_op_reg)); 82 } 83 84 static MemTxResult ufs_addr_read(UfsHc *u, hwaddr addr, void *buf, int size) 85 { 86 hwaddr hi = addr + size - 1; 87 88 if (hi < addr) { 89 return MEMTX_DECODE_ERROR; 90 } 91 92 if (!FIELD_EX32(u->reg.cap, CAP, 64AS) && (hi >> 32)) { 93 return MEMTX_DECODE_ERROR; 94 } 95 96 return pci_dma_read(PCI_DEVICE(u), addr, buf, size); 97 } 98 99 static MemTxResult ufs_addr_write(UfsHc *u, hwaddr addr, const void *buf, 100 int size) 101 { 102 hwaddr hi = addr + size - 1; 103 if (hi < addr) { 104 return MEMTX_DECODE_ERROR; 105 } 106 107 if (!FIELD_EX32(u->reg.cap, CAP, 64AS) && (hi >> 32)) { 108 return MEMTX_DECODE_ERROR; 109 } 110 111 return pci_dma_write(PCI_DEVICE(u), addr, buf, size); 112 } 113 114 static inline hwaddr ufs_get_utrd_addr(UfsHc *u, uint32_t slot) 115 { 116 hwaddr utrl_base_addr = (((hwaddr)u->reg.utrlbau) << 32) + u->reg.utrlba; 117 hwaddr utrd_addr = utrl_base_addr + slot * sizeof(UtpTransferReqDesc); 118 119 return utrd_addr; 120 } 121 122 static inline hwaddr ufs_get_req_upiu_base_addr(const UtpTransferReqDesc *utrd) 123 { 124 uint32_t cmd_desc_base_addr_lo = 125 le32_to_cpu(utrd->command_desc_base_addr_lo); 126 uint32_t cmd_desc_base_addr_hi = 127 le32_to_cpu(utrd->command_desc_base_addr_hi); 128 129 return (((hwaddr)cmd_desc_base_addr_hi) << 32) + cmd_desc_base_addr_lo; 130 } 131 132 static inline hwaddr ufs_get_rsp_upiu_base_addr(const UtpTransferReqDesc *utrd) 133 { 134 hwaddr req_upiu_base_addr = ufs_get_req_upiu_base_addr(utrd); 135 uint32_t rsp_upiu_byte_off = 136 le16_to_cpu(utrd->response_upiu_offset) * sizeof(uint32_t); 137 return req_upiu_base_addr + rsp_upiu_byte_off; 138 } 139 140 static MemTxResult ufs_dma_read_utrd(UfsRequest *req) 141 { 142 UfsHc *u = req->hc; 143 hwaddr utrd_addr = ufs_get_utrd_addr(u, req->slot); 144 MemTxResult ret; 145 146 ret = ufs_addr_read(u, utrd_addr, &req->utrd, sizeof(req->utrd)); 147 if (ret) { 148 trace_ufs_err_dma_read_utrd(req->slot, utrd_addr); 149 } 150 return ret; 151 } 152 153 static MemTxResult ufs_dma_read_req_upiu(UfsRequest *req) 154 { 155 UfsHc *u = req->hc; 156 hwaddr req_upiu_base_addr = ufs_get_req_upiu_base_addr(&req->utrd); 157 UtpUpiuReq *req_upiu = &req->req_upiu; 158 uint32_t copy_size; 159 uint16_t data_segment_length; 160 MemTxResult ret; 161 162 /* 163 * To know the size of the req_upiu, we need to read the 164 * data_segment_length in the header first. 165 */ 166 ret = ufs_addr_read(u, req_upiu_base_addr, &req_upiu->header, 167 sizeof(UtpUpiuHeader)); 168 if (ret) { 169 trace_ufs_err_dma_read_req_upiu(req->slot, req_upiu_base_addr); 170 return ret; 171 } 172 data_segment_length = be16_to_cpu(req_upiu->header.data_segment_length); 173 174 copy_size = sizeof(UtpUpiuHeader) + UFS_TRANSACTION_SPECIFIC_FIELD_SIZE + 175 data_segment_length; 176 177 if (copy_size > sizeof(req->req_upiu)) { 178 copy_size = sizeof(req->req_upiu); 179 } 180 181 ret = ufs_addr_read(u, req_upiu_base_addr, &req->req_upiu, copy_size); 182 if (ret) { 183 trace_ufs_err_dma_read_req_upiu(req->slot, req_upiu_base_addr); 184 } 185 return ret; 186 } 187 188 static MemTxResult ufs_dma_read_prdt(UfsRequest *req) 189 { 190 UfsHc *u = req->hc; 191 uint16_t prdt_len = le16_to_cpu(req->utrd.prd_table_length); 192 uint16_t prdt_byte_off = 193 le16_to_cpu(req->utrd.prd_table_offset) * sizeof(uint32_t); 194 uint32_t prdt_size = prdt_len * sizeof(UfshcdSgEntry); 195 g_autofree UfshcdSgEntry *prd_entries = NULL; 196 hwaddr req_upiu_base_addr, prdt_base_addr; 197 int err; 198 199 assert(!req->sg); 200 201 if (prdt_size == 0) { 202 return MEMTX_OK; 203 } 204 prd_entries = g_new(UfshcdSgEntry, prdt_size); 205 206 req_upiu_base_addr = ufs_get_req_upiu_base_addr(&req->utrd); 207 prdt_base_addr = req_upiu_base_addr + prdt_byte_off; 208 209 err = ufs_addr_read(u, prdt_base_addr, prd_entries, prdt_size); 210 if (err) { 211 trace_ufs_err_dma_read_prdt(req->slot, prdt_base_addr); 212 return err; 213 } 214 215 req->sg = g_malloc0(sizeof(QEMUSGList)); 216 pci_dma_sglist_init(req->sg, PCI_DEVICE(u), prdt_len); 217 req->data_len = 0; 218 219 for (uint16_t i = 0; i < prdt_len; ++i) { 220 hwaddr data_dma_addr = le64_to_cpu(prd_entries[i].addr); 221 uint32_t data_byte_count = le32_to_cpu(prd_entries[i].size) + 1; 222 qemu_sglist_add(req->sg, data_dma_addr, data_byte_count); 223 req->data_len += data_byte_count; 224 } 225 return MEMTX_OK; 226 } 227 228 static MemTxResult ufs_dma_read_upiu(UfsRequest *req) 229 { 230 MemTxResult ret; 231 232 /* 233 * In case of MCQ, UTRD has already been read from a SQ, so skip it. 234 */ 235 if (!ufs_mcq_req(req)) { 236 ret = ufs_dma_read_utrd(req); 237 if (ret) { 238 return ret; 239 } 240 } 241 242 ret = ufs_dma_read_req_upiu(req); 243 if (ret) { 244 return ret; 245 } 246 247 ret = ufs_dma_read_prdt(req); 248 if (ret) { 249 return ret; 250 } 251 252 return 0; 253 } 254 255 static MemTxResult ufs_dma_write_utrd(UfsRequest *req) 256 { 257 UfsHc *u = req->hc; 258 hwaddr utrd_addr = ufs_get_utrd_addr(u, req->slot); 259 MemTxResult ret; 260 261 ret = ufs_addr_write(u, utrd_addr, &req->utrd, sizeof(req->utrd)); 262 if (ret) { 263 trace_ufs_err_dma_write_utrd(req->slot, utrd_addr); 264 } 265 return ret; 266 } 267 268 static MemTxResult ufs_dma_write_rsp_upiu(UfsRequest *req) 269 { 270 UfsHc *u = req->hc; 271 hwaddr rsp_upiu_base_addr = ufs_get_rsp_upiu_base_addr(&req->utrd); 272 uint32_t rsp_upiu_byte_len = 273 le16_to_cpu(req->utrd.response_upiu_length) * sizeof(uint32_t); 274 uint16_t data_segment_length = 275 be16_to_cpu(req->rsp_upiu.header.data_segment_length); 276 uint32_t copy_size = sizeof(UtpUpiuHeader) + 277 UFS_TRANSACTION_SPECIFIC_FIELD_SIZE + 278 data_segment_length; 279 MemTxResult ret; 280 281 if (copy_size > rsp_upiu_byte_len) { 282 copy_size = rsp_upiu_byte_len; 283 } 284 285 if (copy_size > sizeof(req->rsp_upiu)) { 286 copy_size = sizeof(req->rsp_upiu); 287 } 288 289 ret = ufs_addr_write(u, rsp_upiu_base_addr, &req->rsp_upiu, copy_size); 290 if (ret) { 291 trace_ufs_err_dma_write_rsp_upiu(req->slot, rsp_upiu_base_addr); 292 } 293 return ret; 294 } 295 296 static MemTxResult ufs_dma_write_upiu(UfsRequest *req) 297 { 298 MemTxResult ret; 299 300 ret = ufs_dma_write_rsp_upiu(req); 301 if (ret) { 302 return ret; 303 } 304 305 return ufs_dma_write_utrd(req); 306 } 307 308 static void ufs_irq_check(UfsHc *u) 309 { 310 PCIDevice *pci = PCI_DEVICE(u); 311 312 if ((u->reg.is & UFS_INTR_MASK) & u->reg.ie) { 313 trace_ufs_irq_raise(); 314 pci_irq_assert(pci); 315 } else { 316 trace_ufs_irq_lower(); 317 pci_irq_deassert(pci); 318 } 319 } 320 321 static void ufs_process_db(UfsHc *u, uint32_t val) 322 { 323 DECLARE_BITMAP(doorbell, UFS_MAX_NUTRS); 324 uint32_t slot; 325 uint32_t nutrs = u->params.nutrs; 326 UfsRequest *req; 327 328 val &= ~u->reg.utrldbr; 329 if (!val) { 330 return; 331 } 332 333 doorbell[0] = val; 334 slot = find_first_bit(doorbell, nutrs); 335 336 while (slot < nutrs) { 337 req = &u->req_list[slot]; 338 if (req->state == UFS_REQUEST_ERROR) { 339 trace_ufs_err_utrl_slot_error(req->slot); 340 return; 341 } 342 343 if (req->state != UFS_REQUEST_IDLE) { 344 trace_ufs_err_utrl_slot_busy(req->slot); 345 return; 346 } 347 348 trace_ufs_process_db(slot); 349 req->state = UFS_REQUEST_READY; 350 slot = find_next_bit(doorbell, nutrs, slot + 1); 351 } 352 353 qemu_bh_schedule(u->doorbell_bh); 354 } 355 356 static void ufs_process_uiccmd(UfsHc *u, uint32_t val) 357 { 358 trace_ufs_process_uiccmd(val, u->reg.ucmdarg1, u->reg.ucmdarg2, 359 u->reg.ucmdarg3); 360 /* 361 * Only the essential uic commands for running drivers on Linux and Windows 362 * are implemented. 363 */ 364 switch (val) { 365 case UFS_UIC_CMD_DME_LINK_STARTUP: 366 u->reg.hcs = FIELD_DP32(u->reg.hcs, HCS, DP, 1); 367 u->reg.hcs = FIELD_DP32(u->reg.hcs, HCS, UTRLRDY, 1); 368 u->reg.hcs = FIELD_DP32(u->reg.hcs, HCS, UTMRLRDY, 1); 369 u->reg.ucmdarg2 = UFS_UIC_CMD_RESULT_SUCCESS; 370 break; 371 /* TODO: Revisit it when Power Management is implemented */ 372 case UFS_UIC_CMD_DME_HIBER_ENTER: 373 u->reg.is = FIELD_DP32(u->reg.is, IS, UHES, 1); 374 u->reg.hcs = FIELD_DP32(u->reg.hcs, HCS, UPMCRS, UFS_PWR_LOCAL); 375 u->reg.ucmdarg2 = UFS_UIC_CMD_RESULT_SUCCESS; 376 break; 377 case UFS_UIC_CMD_DME_HIBER_EXIT: 378 u->reg.is = FIELD_DP32(u->reg.is, IS, UHXS, 1); 379 u->reg.hcs = FIELD_DP32(u->reg.hcs, HCS, UPMCRS, UFS_PWR_LOCAL); 380 u->reg.ucmdarg2 = UFS_UIC_CMD_RESULT_SUCCESS; 381 break; 382 default: 383 u->reg.ucmdarg2 = UFS_UIC_CMD_RESULT_FAILURE; 384 } 385 386 u->reg.is = FIELD_DP32(u->reg.is, IS, UCCS, 1); 387 388 ufs_irq_check(u); 389 } 390 391 static void ufs_mcq_init_req(UfsHc *u, UfsRequest *req, UfsSq *sq) 392 { 393 memset(req, 0, sizeof(*req)); 394 395 req->hc = u; 396 req->state = UFS_REQUEST_IDLE; 397 req->slot = UFS_INVALID_SLOT; 398 req->sq = sq; 399 } 400 401 static void ufs_mcq_process_sq(void *opaque) 402 { 403 UfsSq *sq = opaque; 404 UfsHc *u = sq->u; 405 UfsSqEntry sqe; 406 UfsRequest *req; 407 hwaddr addr; 408 uint16_t head = ufs_mcq_sq_head(u, sq->sqid); 409 int err; 410 411 while (!(ufs_mcq_sq_empty(u, sq->sqid) || QTAILQ_EMPTY(&sq->req_list))) { 412 addr = sq->addr + head; 413 err = ufs_addr_read(sq->u, addr, (void *)&sqe, sizeof(sqe)); 414 if (err) { 415 trace_ufs_err_dma_read_sq(sq->sqid, addr); 416 return; 417 } 418 419 head = (head + sizeof(sqe)) % (sq->size * sizeof(sqe)); 420 ufs_mcq_update_sq_head(u, sq->sqid, head); 421 422 req = QTAILQ_FIRST(&sq->req_list); 423 QTAILQ_REMOVE(&sq->req_list, req, entry); 424 425 ufs_mcq_init_req(sq->u, req, sq); 426 memcpy(&req->utrd, &sqe, sizeof(req->utrd)); 427 428 req->state = UFS_REQUEST_RUNNING; 429 ufs_exec_req(req); 430 } 431 } 432 433 static void ufs_mcq_process_cq(void *opaque) 434 { 435 UfsCq *cq = opaque; 436 UfsHc *u = cq->u; 437 UfsRequest *req, *next; 438 MemTxResult ret; 439 uint32_t tail = ufs_mcq_cq_tail(u, cq->cqid); 440 441 QTAILQ_FOREACH_SAFE(req, &cq->req_list, entry, next) 442 { 443 ufs_dma_write_rsp_upiu(req); 444 445 req->cqe.utp_addr = 446 ((uint64_t)req->utrd.command_desc_base_addr_hi << 32ULL) | 447 req->utrd.command_desc_base_addr_lo; 448 req->cqe.utp_addr |= req->sq->sqid; 449 req->cqe.resp_len = req->utrd.response_upiu_length; 450 req->cqe.resp_off = req->utrd.response_upiu_offset; 451 req->cqe.prdt_len = req->utrd.prd_table_length; 452 req->cqe.prdt_off = req->utrd.prd_table_offset; 453 req->cqe.status = req->utrd.header.dword_2 & 0xf; 454 req->cqe.error = 0; 455 456 ret = ufs_addr_write(u, cq->addr + tail, &req->cqe, sizeof(req->cqe)); 457 if (ret) { 458 trace_ufs_err_dma_write_cq(cq->cqid, cq->addr + tail); 459 } 460 QTAILQ_REMOVE(&cq->req_list, req, entry); 461 462 tail = (tail + sizeof(req->cqe)) % (cq->size * sizeof(req->cqe)); 463 ufs_mcq_update_cq_tail(u, cq->cqid, tail); 464 465 ufs_clear_req(req); 466 QTAILQ_INSERT_TAIL(&req->sq->req_list, req, entry); 467 } 468 469 if (!ufs_mcq_cq_empty(u, cq->cqid)) { 470 u->mcq_op_reg[cq->cqid].cq_int.is = 471 FIELD_DP32(u->mcq_op_reg[cq->cqid].cq_int.is, CQIS, TEPS, 1); 472 473 u->reg.is = FIELD_DP32(u->reg.is, IS, CQES, 1); 474 ufs_irq_check(u); 475 } 476 } 477 478 static bool ufs_mcq_create_sq(UfsHc *u, uint8_t qid, uint32_t attr) 479 { 480 UfsMcqReg *reg = &u->mcq_reg[qid]; 481 UfsSq *sq; 482 uint8_t cqid = FIELD_EX32(attr, SQATTR, CQID); 483 484 if (qid >= u->params.mcq_maxq) { 485 trace_ufs_err_mcq_create_sq_invalid_sqid(qid); 486 return false; 487 } 488 489 if (u->sq[qid]) { 490 trace_ufs_err_mcq_create_sq_already_exists(qid); 491 return false; 492 } 493 494 if (!u->cq[cqid]) { 495 trace_ufs_err_mcq_create_sq_invalid_cqid(qid); 496 return false; 497 } 498 499 sq = g_malloc0(sizeof(*sq)); 500 sq->u = u; 501 sq->sqid = qid; 502 sq->cq = u->cq[cqid]; 503 sq->addr = ((uint64_t)reg->squba << 32) | reg->sqlba; 504 sq->size = ((FIELD_EX32(attr, SQATTR, SIZE) + 1) << 2) / sizeof(UfsSqEntry); 505 506 sq->bh = qemu_bh_new_guarded(ufs_mcq_process_sq, sq, 507 &DEVICE(u)->mem_reentrancy_guard); 508 sq->req = g_new0(UfsRequest, sq->size); 509 QTAILQ_INIT(&sq->req_list); 510 for (int i = 0; i < sq->size; i++) { 511 ufs_mcq_init_req(u, &sq->req[i], sq); 512 QTAILQ_INSERT_TAIL(&sq->req_list, &sq->req[i], entry); 513 } 514 515 u->sq[qid] = sq; 516 517 trace_ufs_mcq_create_sq(sq->sqid, sq->cq->cqid, sq->addr, sq->size); 518 return true; 519 } 520 521 static bool ufs_mcq_delete_sq(UfsHc *u, uint8_t qid) 522 { 523 UfsSq *sq; 524 525 if (qid >= u->params.mcq_maxq) { 526 trace_ufs_err_mcq_delete_sq_invalid_sqid(qid); 527 return false; 528 } 529 530 if (!u->sq[qid]) { 531 trace_ufs_err_mcq_delete_sq_not_exists(qid); 532 return false; 533 } 534 535 sq = u->sq[qid]; 536 537 qemu_bh_delete(sq->bh); 538 g_free(sq->req); 539 g_free(sq); 540 u->sq[qid] = NULL; 541 return true; 542 } 543 544 static bool ufs_mcq_create_cq(UfsHc *u, uint8_t qid, uint32_t attr) 545 { 546 UfsMcqReg *reg = &u->mcq_reg[qid]; 547 UfsCq *cq; 548 549 if (qid >= u->params.mcq_maxq) { 550 trace_ufs_err_mcq_create_cq_invalid_cqid(qid); 551 return false; 552 } 553 554 if (u->cq[qid]) { 555 trace_ufs_err_mcq_create_cq_already_exists(qid); 556 return false; 557 } 558 559 cq = g_malloc0(sizeof(*cq)); 560 cq->u = u; 561 cq->cqid = qid; 562 cq->addr = ((uint64_t)reg->cquba << 32) | reg->cqlba; 563 cq->size = ((FIELD_EX32(attr, CQATTR, SIZE) + 1) << 2) / sizeof(UfsCqEntry); 564 565 cq->bh = qemu_bh_new_guarded(ufs_mcq_process_cq, cq, 566 &DEVICE(u)->mem_reentrancy_guard); 567 QTAILQ_INIT(&cq->req_list); 568 569 u->cq[qid] = cq; 570 571 trace_ufs_mcq_create_cq(cq->cqid, cq->addr, cq->size); 572 return true; 573 } 574 575 static bool ufs_mcq_delete_cq(UfsHc *u, uint8_t qid) 576 { 577 UfsCq *cq; 578 579 if (qid >= u->params.mcq_maxq) { 580 trace_ufs_err_mcq_delete_cq_invalid_cqid(qid); 581 return false; 582 } 583 584 if (!u->cq[qid]) { 585 trace_ufs_err_mcq_delete_cq_not_exists(qid); 586 return false; 587 } 588 589 for (int i = 0; i < ARRAY_SIZE(u->sq); i++) { 590 if (u->sq[i] && u->sq[i]->cq->cqid == qid) { 591 trace_ufs_err_mcq_delete_cq_sq_not_deleted(i, qid); 592 return false; 593 } 594 } 595 596 cq = u->cq[qid]; 597 598 qemu_bh_delete(cq->bh); 599 g_free(cq); 600 u->cq[qid] = NULL; 601 return true; 602 } 603 604 static void ufs_write_reg(UfsHc *u, hwaddr offset, uint32_t data, unsigned size) 605 { 606 switch (offset) { 607 case A_IS: 608 u->reg.is &= ~data; 609 ufs_irq_check(u); 610 break; 611 case A_IE: 612 u->reg.ie = data; 613 ufs_irq_check(u); 614 break; 615 case A_HCE: 616 if (!FIELD_EX32(u->reg.hce, HCE, HCE) && FIELD_EX32(data, HCE, HCE)) { 617 u->reg.hcs = FIELD_DP32(u->reg.hcs, HCS, UCRDY, 1); 618 u->reg.hce = FIELD_DP32(u->reg.hce, HCE, HCE, 1); 619 } else if (FIELD_EX32(u->reg.hce, HCE, HCE) && 620 !FIELD_EX32(data, HCE, HCE)) { 621 u->reg.hcs = 0; 622 u->reg.hce = FIELD_DP32(u->reg.hce, HCE, HCE, 0); 623 } 624 break; 625 case A_UTRLBA: 626 u->reg.utrlba = data & R_UTRLBA_UTRLBA_MASK; 627 break; 628 case A_UTRLBAU: 629 u->reg.utrlbau = data; 630 break; 631 case A_UTRLDBR: 632 ufs_process_db(u, data); 633 u->reg.utrldbr |= data; 634 break; 635 case A_UTRLRSR: 636 u->reg.utrlrsr = data; 637 break; 638 case A_UTRLCNR: 639 u->reg.utrlcnr &= ~data; 640 break; 641 case A_UTMRLBA: 642 u->reg.utmrlba = data & R_UTMRLBA_UTMRLBA_MASK; 643 break; 644 case A_UTMRLBAU: 645 u->reg.utmrlbau = data; 646 break; 647 case A_UICCMD: 648 ufs_process_uiccmd(u, data); 649 break; 650 case A_UCMDARG1: 651 u->reg.ucmdarg1 = data; 652 break; 653 case A_UCMDARG2: 654 u->reg.ucmdarg2 = data; 655 break; 656 case A_UCMDARG3: 657 u->reg.ucmdarg3 = data; 658 break; 659 case A_CONFIG: 660 u->reg.config = data; 661 break; 662 case A_MCQCONFIG: 663 u->reg.mcqconfig = data; 664 break; 665 case A_UTRLCLR: 666 case A_UTMRLDBR: 667 case A_UTMRLCLR: 668 case A_UTMRLRSR: 669 trace_ufs_err_unsupport_register_offset(offset); 670 break; 671 default: 672 trace_ufs_err_invalid_register_offset(offset); 673 break; 674 } 675 } 676 677 static void ufs_write_mcq_reg(UfsHc *u, hwaddr offset, uint32_t data, 678 unsigned size) 679 { 680 int qid = offset / sizeof(UfsMcqReg); 681 UfsMcqReg *reg = &u->mcq_reg[qid]; 682 683 switch (offset % sizeof(UfsMcqReg)) { 684 case A_SQATTR: 685 if (!FIELD_EX32(reg->sqattr, SQATTR, SQEN) && 686 FIELD_EX32(data, SQATTR, SQEN)) { 687 if (!ufs_mcq_create_sq(u, qid, data)) { 688 break; 689 } 690 } else if (FIELD_EX32(reg->sqattr, SQATTR, SQEN) && 691 !FIELD_EX32(data, SQATTR, SQEN)) { 692 if (!ufs_mcq_delete_sq(u, qid)) { 693 break; 694 } 695 } 696 reg->sqattr = data; 697 break; 698 case A_SQLBA: 699 reg->sqlba = data; 700 break; 701 case A_SQUBA: 702 reg->squba = data; 703 break; 704 case A_SQCFG: 705 reg->sqcfg = data; 706 break; 707 case A_CQATTR: 708 if (!FIELD_EX32(reg->cqattr, CQATTR, CQEN) && 709 FIELD_EX32(data, CQATTR, CQEN)) { 710 if (!ufs_mcq_create_cq(u, qid, data)) { 711 break; 712 } 713 } else if (FIELD_EX32(reg->cqattr, CQATTR, CQEN) && 714 !FIELD_EX32(data, CQATTR, CQEN)) { 715 if (!ufs_mcq_delete_cq(u, qid)) { 716 break; 717 } 718 } 719 reg->cqattr = data; 720 break; 721 case A_CQLBA: 722 reg->cqlba = data; 723 break; 724 case A_CQUBA: 725 reg->cquba = data; 726 break; 727 case A_CQCFG: 728 reg->cqcfg = data; 729 break; 730 case A_SQDAO: 731 case A_SQISAO: 732 case A_CQDAO: 733 case A_CQISAO: 734 trace_ufs_err_unsupport_register_offset(offset); 735 break; 736 default: 737 trace_ufs_err_invalid_register_offset(offset); 738 break; 739 } 740 } 741 742 static void ufs_mcq_process_db(UfsHc *u, uint8_t qid, uint32_t db) 743 { 744 UfsSq *sq; 745 746 if (qid >= u->params.mcq_maxq) { 747 trace_ufs_err_mcq_db_wr_invalid_sqid(qid); 748 return; 749 } 750 751 sq = u->sq[qid]; 752 if (sq->size * sizeof(UfsSqEntry) <= db) { 753 trace_ufs_err_mcq_db_wr_invalid_db(qid, db); 754 return; 755 } 756 757 ufs_mcq_update_sq_tail(u, sq->sqid, db); 758 qemu_bh_schedule(sq->bh); 759 } 760 761 static void ufs_write_mcq_op_reg(UfsHc *u, hwaddr offset, uint32_t data, 762 unsigned size) 763 { 764 int qid = offset / sizeof(UfsMcqOpReg); 765 UfsMcqOpReg *opr = &u->mcq_op_reg[qid]; 766 767 switch (offset % sizeof(UfsMcqOpReg)) { 768 case offsetof(UfsMcqOpReg, sq.tp): 769 if (opr->sq.tp != data) { 770 ufs_mcq_process_db(u, qid, data); 771 } 772 opr->sq.tp = data; 773 break; 774 case offsetof(UfsMcqOpReg, cq.hp): 775 opr->cq.hp = data; 776 ufs_mcq_update_cq_head(u, qid, data); 777 break; 778 case offsetof(UfsMcqOpReg, cq_int.is): 779 opr->cq_int.is &= ~data; 780 break; 781 default: 782 trace_ufs_err_invalid_register_offset(offset); 783 break; 784 } 785 } 786 787 static uint64_t ufs_mmio_read(void *opaque, hwaddr addr, unsigned size) 788 { 789 UfsHc *u = (UfsHc *)opaque; 790 uint32_t *ptr; 791 uint64_t value; 792 uint64_t offset; 793 794 if (addr + size <= sizeof(u->reg)) { 795 offset = addr; 796 ptr = (uint32_t *)&u->reg; 797 } else if (ufs_is_mcq_reg(u, addr, size)) { 798 offset = addr - ufs_mcq_reg_addr(u, 0); 799 ptr = (uint32_t *)&u->mcq_reg; 800 } else if (ufs_is_mcq_op_reg(u, addr, size)) { 801 offset = addr - ufs_mcq_op_reg_addr(u, 0); 802 ptr = (uint32_t *)&u->mcq_op_reg; 803 } else { 804 trace_ufs_err_invalid_register_offset(addr); 805 return 0; 806 } 807 808 value = ptr[offset >> 2]; 809 trace_ufs_mmio_read(addr, value, size); 810 return value; 811 } 812 813 static void ufs_mmio_write(void *opaque, hwaddr addr, uint64_t data, 814 unsigned size) 815 { 816 UfsHc *u = (UfsHc *)opaque; 817 818 trace_ufs_mmio_write(addr, data, size); 819 820 if (addr + size <= sizeof(u->reg)) { 821 ufs_write_reg(u, addr, data, size); 822 } else if (ufs_is_mcq_reg(u, addr, size)) { 823 ufs_write_mcq_reg(u, addr - ufs_mcq_reg_addr(u, 0), data, size); 824 } else if (ufs_is_mcq_op_reg(u, addr, size)) { 825 ufs_write_mcq_op_reg(u, addr - ufs_mcq_op_reg_addr(u, 0), data, size); 826 } else { 827 trace_ufs_err_invalid_register_offset(addr); 828 } 829 } 830 831 static const MemoryRegionOps ufs_mmio_ops = { 832 .read = ufs_mmio_read, 833 .write = ufs_mmio_write, 834 .endianness = DEVICE_LITTLE_ENDIAN, 835 .impl = { 836 .min_access_size = 4, 837 .max_access_size = 4, 838 }, 839 }; 840 841 842 void ufs_build_upiu_header(UfsRequest *req, uint8_t trans_type, uint8_t flags, 843 uint8_t response, uint8_t scsi_status, 844 uint16_t data_segment_length) 845 { 846 memcpy(&req->rsp_upiu.header, &req->req_upiu.header, sizeof(UtpUpiuHeader)); 847 req->rsp_upiu.header.trans_type = trans_type; 848 req->rsp_upiu.header.flags = flags; 849 req->rsp_upiu.header.response = response; 850 req->rsp_upiu.header.scsi_status = scsi_status; 851 req->rsp_upiu.header.data_segment_length = cpu_to_be16(data_segment_length); 852 } 853 854 static UfsReqResult ufs_exec_scsi_cmd(UfsRequest *req) 855 { 856 UfsHc *u = req->hc; 857 uint8_t lun = req->req_upiu.header.lun; 858 859 UfsLu *lu = NULL; 860 861 trace_ufs_exec_scsi_cmd(req->slot, lun, req->req_upiu.sc.cdb[0]); 862 863 if (!is_wlun(lun) && (lun >= UFS_MAX_LUS || u->lus[lun] == NULL)) { 864 trace_ufs_err_scsi_cmd_invalid_lun(lun); 865 return UFS_REQUEST_FAIL; 866 } 867 868 switch (lun) { 869 case UFS_UPIU_REPORT_LUNS_WLUN: 870 lu = &u->report_wlu; 871 break; 872 case UFS_UPIU_UFS_DEVICE_WLUN: 873 lu = &u->dev_wlu; 874 break; 875 case UFS_UPIU_BOOT_WLUN: 876 lu = &u->boot_wlu; 877 break; 878 case UFS_UPIU_RPMB_WLUN: 879 lu = &u->rpmb_wlu; 880 break; 881 default: 882 lu = u->lus[lun]; 883 } 884 885 return lu->scsi_op(lu, req); 886 } 887 888 static UfsReqResult ufs_exec_nop_cmd(UfsRequest *req) 889 { 890 trace_ufs_exec_nop_cmd(req->slot); 891 ufs_build_upiu_header(req, UFS_UPIU_TRANSACTION_NOP_IN, 0, 0, 0, 0); 892 return UFS_REQUEST_SUCCESS; 893 } 894 895 /* 896 * This defines the permission of flags based on their IDN. There are some 897 * things that are declared read-only, which is inconsistent with the ufs spec, 898 * because we want to return an error for features that are not yet supported. 899 */ 900 static const int flag_permission[UFS_QUERY_FLAG_IDN_COUNT] = { 901 [UFS_QUERY_FLAG_IDN_FDEVICEINIT] = UFS_QUERY_FLAG_READ | UFS_QUERY_FLAG_SET, 902 /* Write protection is not supported */ 903 [UFS_QUERY_FLAG_IDN_PERMANENT_WPE] = UFS_QUERY_FLAG_READ, 904 [UFS_QUERY_FLAG_IDN_PWR_ON_WPE] = UFS_QUERY_FLAG_READ, 905 [UFS_QUERY_FLAG_IDN_BKOPS_EN] = UFS_QUERY_FLAG_READ | UFS_QUERY_FLAG_SET | 906 UFS_QUERY_FLAG_CLEAR | 907 UFS_QUERY_FLAG_TOGGLE, 908 [UFS_QUERY_FLAG_IDN_LIFE_SPAN_MODE_ENABLE] = 909 UFS_QUERY_FLAG_READ | UFS_QUERY_FLAG_SET | UFS_QUERY_FLAG_CLEAR | 910 UFS_QUERY_FLAG_TOGGLE, 911 /* Purge Operation is not supported */ 912 [UFS_QUERY_FLAG_IDN_PURGE_ENABLE] = UFS_QUERY_FLAG_NONE, 913 /* Refresh Operation is not supported */ 914 [UFS_QUERY_FLAG_IDN_REFRESH_ENABLE] = UFS_QUERY_FLAG_NONE, 915 /* Physical Resource Removal is not supported */ 916 [UFS_QUERY_FLAG_IDN_FPHYRESOURCEREMOVAL] = UFS_QUERY_FLAG_READ, 917 [UFS_QUERY_FLAG_IDN_BUSY_RTC] = UFS_QUERY_FLAG_READ, 918 [UFS_QUERY_FLAG_IDN_PERMANENTLY_DISABLE_FW_UPDATE] = UFS_QUERY_FLAG_READ, 919 /* Write Booster is not supported */ 920 [UFS_QUERY_FLAG_IDN_WB_EN] = UFS_QUERY_FLAG_READ, 921 [UFS_QUERY_FLAG_IDN_WB_BUFF_FLUSH_EN] = UFS_QUERY_FLAG_READ, 922 [UFS_QUERY_FLAG_IDN_WB_BUFF_FLUSH_DURING_HIBERN8] = UFS_QUERY_FLAG_READ, 923 }; 924 925 static inline QueryRespCode ufs_flag_check_idn_valid(uint8_t idn, int op) 926 { 927 if (idn >= UFS_QUERY_FLAG_IDN_COUNT) { 928 return UFS_QUERY_RESULT_INVALID_IDN; 929 } 930 931 if (!(flag_permission[idn] & op)) { 932 if (op == UFS_QUERY_FLAG_READ) { 933 trace_ufs_err_query_flag_not_readable(idn); 934 return UFS_QUERY_RESULT_NOT_READABLE; 935 } 936 trace_ufs_err_query_flag_not_writable(idn); 937 return UFS_QUERY_RESULT_NOT_WRITEABLE; 938 } 939 940 return UFS_QUERY_RESULT_SUCCESS; 941 } 942 943 static const int attr_permission[UFS_QUERY_ATTR_IDN_COUNT] = { 944 /* booting is not supported */ 945 [UFS_QUERY_ATTR_IDN_BOOT_LU_EN] = UFS_QUERY_ATTR_READ, 946 [UFS_QUERY_ATTR_IDN_POWER_MODE] = UFS_QUERY_ATTR_READ, 947 [UFS_QUERY_ATTR_IDN_ACTIVE_ICC_LVL] = 948 UFS_QUERY_ATTR_READ | UFS_QUERY_ATTR_WRITE, 949 [UFS_QUERY_ATTR_IDN_OOO_DATA_EN] = UFS_QUERY_ATTR_READ, 950 [UFS_QUERY_ATTR_IDN_BKOPS_STATUS] = UFS_QUERY_ATTR_READ, 951 [UFS_QUERY_ATTR_IDN_PURGE_STATUS] = UFS_QUERY_ATTR_READ, 952 [UFS_QUERY_ATTR_IDN_MAX_DATA_IN] = 953 UFS_QUERY_ATTR_READ | UFS_QUERY_ATTR_WRITE, 954 [UFS_QUERY_ATTR_IDN_MAX_DATA_OUT] = 955 UFS_QUERY_ATTR_READ | UFS_QUERY_ATTR_WRITE, 956 [UFS_QUERY_ATTR_IDN_DYN_CAP_NEEDED] = UFS_QUERY_ATTR_READ, 957 [UFS_QUERY_ATTR_IDN_REF_CLK_FREQ] = 958 UFS_QUERY_ATTR_READ | UFS_QUERY_ATTR_WRITE, 959 [UFS_QUERY_ATTR_IDN_CONF_DESC_LOCK] = UFS_QUERY_ATTR_READ, 960 [UFS_QUERY_ATTR_IDN_MAX_NUM_OF_RTT] = 961 UFS_QUERY_ATTR_READ | UFS_QUERY_ATTR_WRITE, 962 [UFS_QUERY_ATTR_IDN_EE_CONTROL] = 963 UFS_QUERY_ATTR_READ | UFS_QUERY_ATTR_WRITE, 964 [UFS_QUERY_ATTR_IDN_EE_STATUS] = UFS_QUERY_ATTR_READ, 965 [UFS_QUERY_ATTR_IDN_SECONDS_PASSED] = UFS_QUERY_ATTR_WRITE, 966 [UFS_QUERY_ATTR_IDN_CNTX_CONF] = UFS_QUERY_ATTR_READ, 967 [UFS_QUERY_ATTR_IDN_FFU_STATUS] = UFS_QUERY_ATTR_READ, 968 [UFS_QUERY_ATTR_IDN_PSA_STATE] = UFS_QUERY_ATTR_READ | UFS_QUERY_ATTR_WRITE, 969 [UFS_QUERY_ATTR_IDN_PSA_DATA_SIZE] = 970 UFS_QUERY_ATTR_READ | UFS_QUERY_ATTR_WRITE, 971 [UFS_QUERY_ATTR_IDN_REF_CLK_GATING_WAIT_TIME] = UFS_QUERY_ATTR_READ, 972 [UFS_QUERY_ATTR_IDN_CASE_ROUGH_TEMP] = UFS_QUERY_ATTR_READ, 973 [UFS_QUERY_ATTR_IDN_HIGH_TEMP_BOUND] = UFS_QUERY_ATTR_READ, 974 [UFS_QUERY_ATTR_IDN_LOW_TEMP_BOUND] = UFS_QUERY_ATTR_READ, 975 [UFS_QUERY_ATTR_IDN_THROTTLING_STATUS] = UFS_QUERY_ATTR_READ, 976 [UFS_QUERY_ATTR_IDN_WB_FLUSH_STATUS] = UFS_QUERY_ATTR_READ, 977 [UFS_QUERY_ATTR_IDN_AVAIL_WB_BUFF_SIZE] = UFS_QUERY_ATTR_READ, 978 [UFS_QUERY_ATTR_IDN_WB_BUFF_LIFE_TIME_EST] = UFS_QUERY_ATTR_READ, 979 [UFS_QUERY_ATTR_IDN_CURR_WB_BUFF_SIZE] = UFS_QUERY_ATTR_READ, 980 /* refresh operation is not supported */ 981 [UFS_QUERY_ATTR_IDN_REFRESH_STATUS] = UFS_QUERY_ATTR_READ, 982 [UFS_QUERY_ATTR_IDN_REFRESH_FREQ] = UFS_QUERY_ATTR_READ, 983 [UFS_QUERY_ATTR_IDN_REFRESH_UNIT] = UFS_QUERY_ATTR_READ, 984 }; 985 986 static inline QueryRespCode ufs_attr_check_idn_valid(uint8_t idn, int op) 987 { 988 if (idn >= UFS_QUERY_ATTR_IDN_COUNT) { 989 return UFS_QUERY_RESULT_INVALID_IDN; 990 } 991 992 if (!(attr_permission[idn] & op)) { 993 if (op == UFS_QUERY_ATTR_READ) { 994 trace_ufs_err_query_attr_not_readable(idn); 995 return UFS_QUERY_RESULT_NOT_READABLE; 996 } 997 trace_ufs_err_query_attr_not_writable(idn); 998 return UFS_QUERY_RESULT_NOT_WRITEABLE; 999 } 1000 1001 return UFS_QUERY_RESULT_SUCCESS; 1002 } 1003 1004 static QueryRespCode ufs_exec_query_flag(UfsRequest *req, int op) 1005 { 1006 UfsHc *u = req->hc; 1007 uint8_t idn = req->req_upiu.qr.idn; 1008 uint32_t value; 1009 QueryRespCode ret; 1010 1011 ret = ufs_flag_check_idn_valid(idn, op); 1012 if (ret) { 1013 return ret; 1014 } 1015 1016 if (idn == UFS_QUERY_FLAG_IDN_FDEVICEINIT) { 1017 value = 0; 1018 } else if (op == UFS_QUERY_FLAG_READ) { 1019 value = *(((uint8_t *)&u->flags) + idn); 1020 } else if (op == UFS_QUERY_FLAG_SET) { 1021 value = 1; 1022 } else if (op == UFS_QUERY_FLAG_CLEAR) { 1023 value = 0; 1024 } else if (op == UFS_QUERY_FLAG_TOGGLE) { 1025 value = *(((uint8_t *)&u->flags) + idn); 1026 value = !value; 1027 } else { 1028 trace_ufs_err_query_invalid_opcode(op); 1029 return UFS_QUERY_RESULT_INVALID_OPCODE; 1030 } 1031 1032 *(((uint8_t *)&u->flags) + idn) = value; 1033 req->rsp_upiu.qr.value = cpu_to_be32(value); 1034 return UFS_QUERY_RESULT_SUCCESS; 1035 } 1036 1037 static uint32_t ufs_read_attr_value(UfsHc *u, uint8_t idn) 1038 { 1039 switch (idn) { 1040 case UFS_QUERY_ATTR_IDN_BOOT_LU_EN: 1041 return u->attributes.boot_lun_en; 1042 case UFS_QUERY_ATTR_IDN_POWER_MODE: 1043 return u->attributes.current_power_mode; 1044 case UFS_QUERY_ATTR_IDN_ACTIVE_ICC_LVL: 1045 return u->attributes.active_icc_level; 1046 case UFS_QUERY_ATTR_IDN_OOO_DATA_EN: 1047 return u->attributes.out_of_order_data_en; 1048 case UFS_QUERY_ATTR_IDN_BKOPS_STATUS: 1049 return u->attributes.background_op_status; 1050 case UFS_QUERY_ATTR_IDN_PURGE_STATUS: 1051 return u->attributes.purge_status; 1052 case UFS_QUERY_ATTR_IDN_MAX_DATA_IN: 1053 return u->attributes.max_data_in_size; 1054 case UFS_QUERY_ATTR_IDN_MAX_DATA_OUT: 1055 return u->attributes.max_data_out_size; 1056 case UFS_QUERY_ATTR_IDN_DYN_CAP_NEEDED: 1057 return be32_to_cpu(u->attributes.dyn_cap_needed); 1058 case UFS_QUERY_ATTR_IDN_REF_CLK_FREQ: 1059 return u->attributes.ref_clk_freq; 1060 case UFS_QUERY_ATTR_IDN_CONF_DESC_LOCK: 1061 return u->attributes.config_descr_lock; 1062 case UFS_QUERY_ATTR_IDN_MAX_NUM_OF_RTT: 1063 return u->attributes.max_num_of_rtt; 1064 case UFS_QUERY_ATTR_IDN_EE_CONTROL: 1065 return be16_to_cpu(u->attributes.exception_event_control); 1066 case UFS_QUERY_ATTR_IDN_EE_STATUS: 1067 return be16_to_cpu(u->attributes.exception_event_status); 1068 case UFS_QUERY_ATTR_IDN_SECONDS_PASSED: 1069 return be32_to_cpu(u->attributes.seconds_passed); 1070 case UFS_QUERY_ATTR_IDN_CNTX_CONF: 1071 return be16_to_cpu(u->attributes.context_conf); 1072 case UFS_QUERY_ATTR_IDN_FFU_STATUS: 1073 return u->attributes.device_ffu_status; 1074 case UFS_QUERY_ATTR_IDN_PSA_STATE: 1075 return be32_to_cpu(u->attributes.psa_state); 1076 case UFS_QUERY_ATTR_IDN_PSA_DATA_SIZE: 1077 return be32_to_cpu(u->attributes.psa_data_size); 1078 case UFS_QUERY_ATTR_IDN_REF_CLK_GATING_WAIT_TIME: 1079 return u->attributes.ref_clk_gating_wait_time; 1080 case UFS_QUERY_ATTR_IDN_CASE_ROUGH_TEMP: 1081 return u->attributes.device_case_rough_temperaure; 1082 case UFS_QUERY_ATTR_IDN_HIGH_TEMP_BOUND: 1083 return u->attributes.device_too_high_temp_boundary; 1084 case UFS_QUERY_ATTR_IDN_LOW_TEMP_BOUND: 1085 return u->attributes.device_too_low_temp_boundary; 1086 case UFS_QUERY_ATTR_IDN_THROTTLING_STATUS: 1087 return u->attributes.throttling_status; 1088 case UFS_QUERY_ATTR_IDN_WB_FLUSH_STATUS: 1089 return u->attributes.wb_buffer_flush_status; 1090 case UFS_QUERY_ATTR_IDN_AVAIL_WB_BUFF_SIZE: 1091 return u->attributes.available_wb_buffer_size; 1092 case UFS_QUERY_ATTR_IDN_WB_BUFF_LIFE_TIME_EST: 1093 return u->attributes.wb_buffer_life_time_est; 1094 case UFS_QUERY_ATTR_IDN_CURR_WB_BUFF_SIZE: 1095 return be32_to_cpu(u->attributes.current_wb_buffer_size); 1096 case UFS_QUERY_ATTR_IDN_REFRESH_STATUS: 1097 return u->attributes.refresh_status; 1098 case UFS_QUERY_ATTR_IDN_REFRESH_FREQ: 1099 return u->attributes.refresh_freq; 1100 case UFS_QUERY_ATTR_IDN_REFRESH_UNIT: 1101 return u->attributes.refresh_unit; 1102 } 1103 return 0; 1104 } 1105 1106 static void ufs_write_attr_value(UfsHc *u, uint8_t idn, uint32_t value) 1107 { 1108 switch (idn) { 1109 case UFS_QUERY_ATTR_IDN_ACTIVE_ICC_LVL: 1110 u->attributes.active_icc_level = value; 1111 break; 1112 case UFS_QUERY_ATTR_IDN_MAX_DATA_IN: 1113 u->attributes.max_data_in_size = value; 1114 break; 1115 case UFS_QUERY_ATTR_IDN_MAX_DATA_OUT: 1116 u->attributes.max_data_out_size = value; 1117 break; 1118 case UFS_QUERY_ATTR_IDN_REF_CLK_FREQ: 1119 u->attributes.ref_clk_freq = value; 1120 break; 1121 case UFS_QUERY_ATTR_IDN_MAX_NUM_OF_RTT: 1122 u->attributes.max_num_of_rtt = value; 1123 break; 1124 case UFS_QUERY_ATTR_IDN_EE_CONTROL: 1125 u->attributes.exception_event_control = cpu_to_be16(value); 1126 break; 1127 case UFS_QUERY_ATTR_IDN_SECONDS_PASSED: 1128 u->attributes.seconds_passed = cpu_to_be32(value); 1129 break; 1130 case UFS_QUERY_ATTR_IDN_PSA_STATE: 1131 u->attributes.psa_state = value; 1132 break; 1133 case UFS_QUERY_ATTR_IDN_PSA_DATA_SIZE: 1134 u->attributes.psa_data_size = cpu_to_be32(value); 1135 break; 1136 } 1137 } 1138 1139 static QueryRespCode ufs_exec_query_attr(UfsRequest *req, int op) 1140 { 1141 UfsHc *u = req->hc; 1142 uint8_t idn = req->req_upiu.qr.idn; 1143 uint32_t value; 1144 QueryRespCode ret; 1145 1146 ret = ufs_attr_check_idn_valid(idn, op); 1147 if (ret) { 1148 return ret; 1149 } 1150 1151 if (op == UFS_QUERY_ATTR_READ) { 1152 value = ufs_read_attr_value(u, idn); 1153 } else { 1154 value = be32_to_cpu(req->req_upiu.qr.value); 1155 ufs_write_attr_value(u, idn, value); 1156 } 1157 1158 req->rsp_upiu.qr.value = cpu_to_be32(value); 1159 return UFS_QUERY_RESULT_SUCCESS; 1160 } 1161 1162 static const RpmbUnitDescriptor rpmb_unit_desc = { 1163 .length = sizeof(RpmbUnitDescriptor), 1164 .descriptor_idn = 2, 1165 .unit_index = UFS_UPIU_RPMB_WLUN, 1166 .lu_enable = 0, 1167 }; 1168 1169 static QueryRespCode ufs_read_unit_desc(UfsRequest *req) 1170 { 1171 UfsHc *u = req->hc; 1172 uint8_t lun = req->req_upiu.qr.index; 1173 1174 if (lun != UFS_UPIU_RPMB_WLUN && 1175 (lun >= UFS_MAX_LUS || u->lus[lun] == NULL)) { 1176 trace_ufs_err_query_invalid_index(req->req_upiu.qr.opcode, lun); 1177 return UFS_QUERY_RESULT_INVALID_INDEX; 1178 } 1179 1180 if (lun == UFS_UPIU_RPMB_WLUN) { 1181 memcpy(&req->rsp_upiu.qr.data, &rpmb_unit_desc, rpmb_unit_desc.length); 1182 } else { 1183 memcpy(&req->rsp_upiu.qr.data, &u->lus[lun]->unit_desc, 1184 sizeof(u->lus[lun]->unit_desc)); 1185 } 1186 1187 return UFS_QUERY_RESULT_SUCCESS; 1188 } 1189 1190 static inline StringDescriptor manufacturer_str_desc(void) 1191 { 1192 StringDescriptor desc = { 1193 .length = 0x12, 1194 .descriptor_idn = UFS_QUERY_DESC_IDN_STRING, 1195 }; 1196 desc.UC[0] = cpu_to_be16('R'); 1197 desc.UC[1] = cpu_to_be16('E'); 1198 desc.UC[2] = cpu_to_be16('D'); 1199 desc.UC[3] = cpu_to_be16('H'); 1200 desc.UC[4] = cpu_to_be16('A'); 1201 desc.UC[5] = cpu_to_be16('T'); 1202 return desc; 1203 } 1204 1205 static inline StringDescriptor product_name_str_desc(void) 1206 { 1207 StringDescriptor desc = { 1208 .length = 0x22, 1209 .descriptor_idn = UFS_QUERY_DESC_IDN_STRING, 1210 }; 1211 desc.UC[0] = cpu_to_be16('Q'); 1212 desc.UC[1] = cpu_to_be16('E'); 1213 desc.UC[2] = cpu_to_be16('M'); 1214 desc.UC[3] = cpu_to_be16('U'); 1215 desc.UC[4] = cpu_to_be16(' '); 1216 desc.UC[5] = cpu_to_be16('U'); 1217 desc.UC[6] = cpu_to_be16('F'); 1218 desc.UC[7] = cpu_to_be16('S'); 1219 return desc; 1220 } 1221 1222 static inline StringDescriptor product_rev_level_str_desc(void) 1223 { 1224 StringDescriptor desc = { 1225 .length = 0x0a, 1226 .descriptor_idn = UFS_QUERY_DESC_IDN_STRING, 1227 }; 1228 desc.UC[0] = cpu_to_be16('0'); 1229 desc.UC[1] = cpu_to_be16('0'); 1230 desc.UC[2] = cpu_to_be16('0'); 1231 desc.UC[3] = cpu_to_be16('1'); 1232 return desc; 1233 } 1234 1235 static const StringDescriptor null_str_desc = { 1236 .length = 0x02, 1237 .descriptor_idn = UFS_QUERY_DESC_IDN_STRING, 1238 }; 1239 1240 static QueryRespCode ufs_read_string_desc(UfsRequest *req) 1241 { 1242 UfsHc *u = req->hc; 1243 uint8_t index = req->req_upiu.qr.index; 1244 StringDescriptor desc; 1245 1246 if (index == u->device_desc.manufacturer_name) { 1247 desc = manufacturer_str_desc(); 1248 memcpy(&req->rsp_upiu.qr.data, &desc, desc.length); 1249 } else if (index == u->device_desc.product_name) { 1250 desc = product_name_str_desc(); 1251 memcpy(&req->rsp_upiu.qr.data, &desc, desc.length); 1252 } else if (index == u->device_desc.serial_number) { 1253 memcpy(&req->rsp_upiu.qr.data, &null_str_desc, null_str_desc.length); 1254 } else if (index == u->device_desc.oem_id) { 1255 memcpy(&req->rsp_upiu.qr.data, &null_str_desc, null_str_desc.length); 1256 } else if (index == u->device_desc.product_revision_level) { 1257 desc = product_rev_level_str_desc(); 1258 memcpy(&req->rsp_upiu.qr.data, &desc, desc.length); 1259 } else { 1260 trace_ufs_err_query_invalid_index(req->req_upiu.qr.opcode, index); 1261 return UFS_QUERY_RESULT_INVALID_INDEX; 1262 } 1263 return UFS_QUERY_RESULT_SUCCESS; 1264 } 1265 1266 static inline InterconnectDescriptor interconnect_desc(void) 1267 { 1268 InterconnectDescriptor desc = { 1269 .length = sizeof(InterconnectDescriptor), 1270 .descriptor_idn = UFS_QUERY_DESC_IDN_INTERCONNECT, 1271 }; 1272 desc.bcd_unipro_version = cpu_to_be16(0x180); 1273 desc.bcd_mphy_version = cpu_to_be16(0x410); 1274 return desc; 1275 } 1276 1277 static QueryRespCode ufs_read_desc(UfsRequest *req) 1278 { 1279 UfsHc *u = req->hc; 1280 QueryRespCode status; 1281 uint8_t idn = req->req_upiu.qr.idn; 1282 uint16_t length = be16_to_cpu(req->req_upiu.qr.length); 1283 InterconnectDescriptor desc; 1284 1285 switch (idn) { 1286 case UFS_QUERY_DESC_IDN_DEVICE: 1287 memcpy(&req->rsp_upiu.qr.data, &u->device_desc, sizeof(u->device_desc)); 1288 status = UFS_QUERY_RESULT_SUCCESS; 1289 break; 1290 case UFS_QUERY_DESC_IDN_UNIT: 1291 status = ufs_read_unit_desc(req); 1292 break; 1293 case UFS_QUERY_DESC_IDN_GEOMETRY: 1294 memcpy(&req->rsp_upiu.qr.data, &u->geometry_desc, 1295 sizeof(u->geometry_desc)); 1296 status = UFS_QUERY_RESULT_SUCCESS; 1297 break; 1298 case UFS_QUERY_DESC_IDN_INTERCONNECT: { 1299 desc = interconnect_desc(); 1300 memcpy(&req->rsp_upiu.qr.data, &desc, sizeof(InterconnectDescriptor)); 1301 status = UFS_QUERY_RESULT_SUCCESS; 1302 break; 1303 } 1304 case UFS_QUERY_DESC_IDN_STRING: 1305 status = ufs_read_string_desc(req); 1306 break; 1307 case UFS_QUERY_DESC_IDN_POWER: 1308 /* mocking of power descriptor is not supported */ 1309 memset(&req->rsp_upiu.qr.data, 0, sizeof(PowerParametersDescriptor)); 1310 req->rsp_upiu.qr.data[0] = sizeof(PowerParametersDescriptor); 1311 req->rsp_upiu.qr.data[1] = UFS_QUERY_DESC_IDN_POWER; 1312 status = UFS_QUERY_RESULT_SUCCESS; 1313 break; 1314 case UFS_QUERY_DESC_IDN_HEALTH: 1315 /* mocking of health descriptor is not supported */ 1316 memset(&req->rsp_upiu.qr.data, 0, sizeof(DeviceHealthDescriptor)); 1317 req->rsp_upiu.qr.data[0] = sizeof(DeviceHealthDescriptor); 1318 req->rsp_upiu.qr.data[1] = UFS_QUERY_DESC_IDN_HEALTH; 1319 status = UFS_QUERY_RESULT_SUCCESS; 1320 break; 1321 default: 1322 length = 0; 1323 trace_ufs_err_query_invalid_idn(req->req_upiu.qr.opcode, idn); 1324 status = UFS_QUERY_RESULT_INVALID_IDN; 1325 } 1326 1327 if (length > req->rsp_upiu.qr.data[0]) { 1328 length = req->rsp_upiu.qr.data[0]; 1329 } 1330 req->rsp_upiu.qr.opcode = req->req_upiu.qr.opcode; 1331 req->rsp_upiu.qr.idn = req->req_upiu.qr.idn; 1332 req->rsp_upiu.qr.index = req->req_upiu.qr.index; 1333 req->rsp_upiu.qr.selector = req->req_upiu.qr.selector; 1334 req->rsp_upiu.qr.length = cpu_to_be16(length); 1335 1336 return status; 1337 } 1338 1339 static QueryRespCode ufs_exec_query_read(UfsRequest *req) 1340 { 1341 QueryRespCode status; 1342 switch (req->req_upiu.qr.opcode) { 1343 case UFS_UPIU_QUERY_OPCODE_NOP: 1344 status = UFS_QUERY_RESULT_SUCCESS; 1345 break; 1346 case UFS_UPIU_QUERY_OPCODE_READ_DESC: 1347 status = ufs_read_desc(req); 1348 break; 1349 case UFS_UPIU_QUERY_OPCODE_READ_ATTR: 1350 status = ufs_exec_query_attr(req, UFS_QUERY_ATTR_READ); 1351 break; 1352 case UFS_UPIU_QUERY_OPCODE_READ_FLAG: 1353 status = ufs_exec_query_flag(req, UFS_QUERY_FLAG_READ); 1354 break; 1355 default: 1356 trace_ufs_err_query_invalid_opcode(req->req_upiu.qr.opcode); 1357 status = UFS_QUERY_RESULT_INVALID_OPCODE; 1358 break; 1359 } 1360 1361 return status; 1362 } 1363 1364 static QueryRespCode ufs_exec_query_write(UfsRequest *req) 1365 { 1366 QueryRespCode status; 1367 switch (req->req_upiu.qr.opcode) { 1368 case UFS_UPIU_QUERY_OPCODE_NOP: 1369 status = UFS_QUERY_RESULT_SUCCESS; 1370 break; 1371 case UFS_UPIU_QUERY_OPCODE_WRITE_DESC: 1372 /* write descriptor is not supported */ 1373 status = UFS_QUERY_RESULT_NOT_WRITEABLE; 1374 break; 1375 case UFS_UPIU_QUERY_OPCODE_WRITE_ATTR: 1376 status = ufs_exec_query_attr(req, UFS_QUERY_ATTR_WRITE); 1377 break; 1378 case UFS_UPIU_QUERY_OPCODE_SET_FLAG: 1379 status = ufs_exec_query_flag(req, UFS_QUERY_FLAG_SET); 1380 break; 1381 case UFS_UPIU_QUERY_OPCODE_CLEAR_FLAG: 1382 status = ufs_exec_query_flag(req, UFS_QUERY_FLAG_CLEAR); 1383 break; 1384 case UFS_UPIU_QUERY_OPCODE_TOGGLE_FLAG: 1385 status = ufs_exec_query_flag(req, UFS_QUERY_FLAG_TOGGLE); 1386 break; 1387 default: 1388 trace_ufs_err_query_invalid_opcode(req->req_upiu.qr.opcode); 1389 status = UFS_QUERY_RESULT_INVALID_OPCODE; 1390 break; 1391 } 1392 1393 return status; 1394 } 1395 1396 static UfsReqResult ufs_exec_query_cmd(UfsRequest *req) 1397 { 1398 uint8_t query_func = req->req_upiu.header.query_func; 1399 uint16_t data_segment_length; 1400 QueryRespCode status; 1401 1402 trace_ufs_exec_query_cmd(req->slot, req->req_upiu.qr.opcode); 1403 if (query_func == UFS_UPIU_QUERY_FUNC_STANDARD_READ_REQUEST) { 1404 status = ufs_exec_query_read(req); 1405 } else if (query_func == UFS_UPIU_QUERY_FUNC_STANDARD_WRITE_REQUEST) { 1406 status = ufs_exec_query_write(req); 1407 } else { 1408 status = UFS_QUERY_RESULT_GENERAL_FAILURE; 1409 } 1410 1411 data_segment_length = be16_to_cpu(req->rsp_upiu.qr.length); 1412 ufs_build_upiu_header(req, UFS_UPIU_TRANSACTION_QUERY_RSP, 0, status, 0, 1413 data_segment_length); 1414 1415 if (status != UFS_QUERY_RESULT_SUCCESS) { 1416 return UFS_REQUEST_FAIL; 1417 } 1418 return UFS_REQUEST_SUCCESS; 1419 } 1420 1421 static void ufs_exec_req(UfsRequest *req) 1422 { 1423 UfsReqResult req_result; 1424 1425 if (ufs_dma_read_upiu(req)) { 1426 return; 1427 } 1428 1429 switch (req->req_upiu.header.trans_type) { 1430 case UFS_UPIU_TRANSACTION_NOP_OUT: 1431 req_result = ufs_exec_nop_cmd(req); 1432 break; 1433 case UFS_UPIU_TRANSACTION_COMMAND: 1434 req_result = ufs_exec_scsi_cmd(req); 1435 break; 1436 case UFS_UPIU_TRANSACTION_QUERY_REQ: 1437 req_result = ufs_exec_query_cmd(req); 1438 break; 1439 default: 1440 trace_ufs_err_invalid_trans_code(req->slot, 1441 req->req_upiu.header.trans_type); 1442 req_result = UFS_REQUEST_FAIL; 1443 } 1444 1445 /* 1446 * The ufs_complete_req for scsi commands is handled by the 1447 * ufs_scsi_command_complete() callback function. Therefore, to avoid 1448 * duplicate processing, ufs_complete_req() is not called for scsi commands. 1449 */ 1450 if (req_result != UFS_REQUEST_NO_COMPLETE) { 1451 ufs_complete_req(req, req_result); 1452 } 1453 } 1454 1455 static void ufs_process_req(void *opaque) 1456 { 1457 UfsHc *u = opaque; 1458 UfsRequest *req; 1459 int slot; 1460 1461 for (slot = 0; slot < u->params.nutrs; slot++) { 1462 req = &u->req_list[slot]; 1463 1464 if (req->state != UFS_REQUEST_READY) { 1465 continue; 1466 } 1467 trace_ufs_process_req(slot); 1468 req->state = UFS_REQUEST_RUNNING; 1469 1470 ufs_exec_req(req); 1471 } 1472 } 1473 1474 void ufs_complete_req(UfsRequest *req, UfsReqResult req_result) 1475 { 1476 UfsHc *u = req->hc; 1477 assert(req->state == UFS_REQUEST_RUNNING); 1478 1479 if (req_result == UFS_REQUEST_SUCCESS) { 1480 req->utrd.header.dword_2 = cpu_to_le32(UFS_OCS_SUCCESS); 1481 } else { 1482 req->utrd.header.dword_2 = cpu_to_le32(UFS_OCS_INVALID_CMD_TABLE_ATTR); 1483 } 1484 1485 req->state = UFS_REQUEST_COMPLETE; 1486 1487 if (ufs_mcq_req(req)) { 1488 trace_ufs_mcq_complete_req(req->sq->sqid); 1489 QTAILQ_INSERT_TAIL(&req->sq->cq->req_list, req, entry); 1490 qemu_bh_schedule(req->sq->cq->bh); 1491 } else { 1492 trace_ufs_complete_req(req->slot); 1493 qemu_bh_schedule(u->complete_bh); 1494 } 1495 } 1496 1497 static void ufs_clear_req(UfsRequest *req) 1498 { 1499 if (req->sg != NULL) { 1500 qemu_sglist_destroy(req->sg); 1501 g_free(req->sg); 1502 req->sg = NULL; 1503 req->data_len = 0; 1504 } 1505 1506 memset(&req->utrd, 0, sizeof(req->utrd)); 1507 memset(&req->req_upiu, 0, sizeof(req->req_upiu)); 1508 memset(&req->rsp_upiu, 0, sizeof(req->rsp_upiu)); 1509 } 1510 1511 static void ufs_sendback_req(void *opaque) 1512 { 1513 UfsHc *u = opaque; 1514 UfsRequest *req; 1515 int slot; 1516 1517 for (slot = 0; slot < u->params.nutrs; slot++) { 1518 req = &u->req_list[slot]; 1519 1520 if (req->state != UFS_REQUEST_COMPLETE) { 1521 continue; 1522 } 1523 1524 if (ufs_dma_write_upiu(req)) { 1525 req->state = UFS_REQUEST_ERROR; 1526 continue; 1527 } 1528 1529 /* 1530 * TODO: UTP Transfer Request Interrupt Aggregation Control is not yet 1531 * supported 1532 */ 1533 if (le32_to_cpu(req->utrd.header.dword_2) != UFS_OCS_SUCCESS || 1534 le32_to_cpu(req->utrd.header.dword_0) & UFS_UTP_REQ_DESC_INT_CMD) { 1535 u->reg.is = FIELD_DP32(u->reg.is, IS, UTRCS, 1); 1536 } 1537 1538 u->reg.utrldbr &= ~(1 << slot); 1539 u->reg.utrlcnr |= (1 << slot); 1540 1541 trace_ufs_sendback_req(req->slot); 1542 1543 ufs_clear_req(req); 1544 req->state = UFS_REQUEST_IDLE; 1545 } 1546 1547 ufs_irq_check(u); 1548 } 1549 1550 static bool ufs_check_constraints(UfsHc *u, Error **errp) 1551 { 1552 if (u->params.nutrs > UFS_MAX_NUTRS) { 1553 error_setg(errp, "nutrs must be less than or equal to %d", 1554 UFS_MAX_NUTRS); 1555 return false; 1556 } 1557 1558 if (u->params.nutmrs > UFS_MAX_NUTMRS) { 1559 error_setg(errp, "nutmrs must be less than or equal to %d", 1560 UFS_MAX_NUTMRS); 1561 return false; 1562 } 1563 1564 if (u->params.mcq_maxq >= UFS_MAX_MCQ_QNUM) { 1565 error_setg(errp, "mcq-maxq must be less than %d", UFS_MAX_MCQ_QNUM); 1566 return false; 1567 } 1568 1569 return true; 1570 } 1571 1572 static void ufs_init_pci(UfsHc *u, PCIDevice *pci_dev) 1573 { 1574 uint8_t *pci_conf = pci_dev->config; 1575 1576 pci_conf[PCI_INTERRUPT_PIN] = 1; 1577 pci_config_set_prog_interface(pci_conf, 0x1); 1578 1579 memory_region_init_io(&u->iomem, OBJECT(u), &ufs_mmio_ops, u, "ufs", 1580 u->reg_size); 1581 pci_register_bar(pci_dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &u->iomem); 1582 u->irq = pci_allocate_irq(pci_dev); 1583 } 1584 1585 static void ufs_init_state(UfsHc *u) 1586 { 1587 u->req_list = g_new0(UfsRequest, u->params.nutrs); 1588 1589 for (int i = 0; i < u->params.nutrs; i++) { 1590 u->req_list[i].hc = u; 1591 u->req_list[i].slot = i; 1592 u->req_list[i].sg = NULL; 1593 u->req_list[i].state = UFS_REQUEST_IDLE; 1594 } 1595 1596 u->doorbell_bh = qemu_bh_new_guarded(ufs_process_req, u, 1597 &DEVICE(u)->mem_reentrancy_guard); 1598 u->complete_bh = qemu_bh_new_guarded(ufs_sendback_req, u, 1599 &DEVICE(u)->mem_reentrancy_guard); 1600 1601 if (u->params.mcq) { 1602 memset(u->sq, 0, sizeof(u->sq)); 1603 memset(u->cq, 0, sizeof(u->cq)); 1604 } 1605 } 1606 1607 static void ufs_init_hc(UfsHc *u) 1608 { 1609 uint32_t cap = 0; 1610 uint32_t mcqconfig = 0; 1611 uint32_t mcqcap = 0; 1612 1613 u->reg_size = pow2ceil(ufs_reg_size(u)); 1614 1615 memset(&u->reg, 0, sizeof(u->reg)); 1616 memset(&u->mcq_reg, 0, sizeof(u->mcq_reg)); 1617 memset(&u->mcq_op_reg, 0, sizeof(u->mcq_op_reg)); 1618 cap = FIELD_DP32(cap, CAP, NUTRS, (u->params.nutrs - 1)); 1619 cap = FIELD_DP32(cap, CAP, RTT, 2); 1620 cap = FIELD_DP32(cap, CAP, NUTMRS, (u->params.nutmrs - 1)); 1621 cap = FIELD_DP32(cap, CAP, AUTOH8, 0); 1622 cap = FIELD_DP32(cap, CAP, 64AS, 1); 1623 cap = FIELD_DP32(cap, CAP, OODDS, 0); 1624 cap = FIELD_DP32(cap, CAP, UICDMETMS, 0); 1625 cap = FIELD_DP32(cap, CAP, CS, 0); 1626 cap = FIELD_DP32(cap, CAP, LSDBS, 1); 1627 cap = FIELD_DP32(cap, CAP, MCQS, u->params.mcq); 1628 u->reg.cap = cap; 1629 1630 if (u->params.mcq) { 1631 mcqconfig = FIELD_DP32(mcqconfig, MCQCONFIG, MAC, 0x1f); 1632 u->reg.mcqconfig = mcqconfig; 1633 1634 mcqcap = FIELD_DP32(mcqcap, MCQCAP, MAXQ, u->params.mcq_maxq - 1); 1635 mcqcap = FIELD_DP32(mcqcap, MCQCAP, RRP, 1); 1636 mcqcap = FIELD_DP32(mcqcap, MCQCAP, QCFGPTR, UFS_MCQ_QCFGPTR); 1637 u->reg.mcqcap = mcqcap; 1638 1639 for (int i = 0; i < ARRAY_SIZE(u->mcq_reg); i++) { 1640 uint64_t addr = ufs_mcq_op_reg_addr(u, i); 1641 u->mcq_reg[i].sqdao = addr; 1642 u->mcq_reg[i].sqisao = addr + sizeof(UfsMcqSqReg); 1643 addr += sizeof(UfsMcqSqReg); 1644 u->mcq_reg[i].cqdao = addr + sizeof(UfsMcqSqIntReg); 1645 addr += sizeof(UfsMcqSqIntReg); 1646 u->mcq_reg[i].cqisao = addr + sizeof(UfsMcqCqReg); 1647 } 1648 } 1649 u->reg.ver = UFS_SPEC_VER; 1650 1651 memset(&u->device_desc, 0, sizeof(DeviceDescriptor)); 1652 u->device_desc.length = sizeof(DeviceDescriptor); 1653 u->device_desc.descriptor_idn = UFS_QUERY_DESC_IDN_DEVICE; 1654 u->device_desc.device_sub_class = 0x01; 1655 u->device_desc.number_lu = 0x00; 1656 u->device_desc.number_wlu = 0x04; 1657 /* TODO: Revisit it when Power Management is implemented */ 1658 u->device_desc.init_power_mode = 0x01; /* Active Mode */ 1659 u->device_desc.high_priority_lun = 0x7F; /* Same Priority */ 1660 u->device_desc.spec_version = cpu_to_be16(UFS_SPEC_VER); 1661 u->device_desc.manufacturer_name = 0x00; 1662 u->device_desc.product_name = 0x01; 1663 u->device_desc.serial_number = 0x02; 1664 u->device_desc.oem_id = 0x03; 1665 u->device_desc.ud_0_base_offset = 0x16; 1666 u->device_desc.ud_config_p_length = 0x1A; 1667 u->device_desc.device_rtt_cap = 0x02; 1668 u->device_desc.queue_depth = u->params.nutrs; 1669 u->device_desc.product_revision_level = 0x04; 1670 1671 memset(&u->geometry_desc, 0, sizeof(GeometryDescriptor)); 1672 u->geometry_desc.length = sizeof(GeometryDescriptor); 1673 u->geometry_desc.descriptor_idn = UFS_QUERY_DESC_IDN_GEOMETRY; 1674 u->geometry_desc.max_number_lu = (UFS_MAX_LUS == 32) ? 0x1 : 0x0; 1675 u->geometry_desc.segment_size = cpu_to_be32(0x2000); /* 4KB */ 1676 u->geometry_desc.allocation_unit_size = 0x1; /* 4KB */ 1677 u->geometry_desc.min_addr_block_size = 0x8; /* 4KB */ 1678 u->geometry_desc.max_in_buffer_size = 0x8; 1679 u->geometry_desc.max_out_buffer_size = 0x8; 1680 u->geometry_desc.rpmb_read_write_size = 0x40; 1681 u->geometry_desc.data_ordering = 1682 0x0; /* out-of-order data transfer is not supported */ 1683 u->geometry_desc.max_context_id_number = 0x5; 1684 u->geometry_desc.supported_memory_types = cpu_to_be16(0x8001); 1685 1686 memset(&u->attributes, 0, sizeof(u->attributes)); 1687 u->attributes.max_data_in_size = 0x08; 1688 u->attributes.max_data_out_size = 0x08; 1689 u->attributes.ref_clk_freq = 0x01; /* 26 MHz */ 1690 /* configure descriptor is not supported */ 1691 u->attributes.config_descr_lock = 0x01; 1692 u->attributes.max_num_of_rtt = 0x02; 1693 1694 memset(&u->flags, 0, sizeof(u->flags)); 1695 u->flags.permanently_disable_fw_update = 1; 1696 } 1697 1698 static void ufs_realize(PCIDevice *pci_dev, Error **errp) 1699 { 1700 UfsHc *u = UFS(pci_dev); 1701 1702 if (!ufs_check_constraints(u, errp)) { 1703 return; 1704 } 1705 1706 qbus_init(&u->bus, sizeof(UfsBus), TYPE_UFS_BUS, &pci_dev->qdev, 1707 u->parent_obj.qdev.id); 1708 1709 ufs_init_state(u); 1710 ufs_init_hc(u); 1711 ufs_init_pci(u, pci_dev); 1712 1713 ufs_init_wlu(&u->report_wlu, UFS_UPIU_REPORT_LUNS_WLUN); 1714 ufs_init_wlu(&u->dev_wlu, UFS_UPIU_UFS_DEVICE_WLUN); 1715 ufs_init_wlu(&u->boot_wlu, UFS_UPIU_BOOT_WLUN); 1716 ufs_init_wlu(&u->rpmb_wlu, UFS_UPIU_RPMB_WLUN); 1717 } 1718 1719 static void ufs_exit(PCIDevice *pci_dev) 1720 { 1721 UfsHc *u = UFS(pci_dev); 1722 1723 qemu_bh_delete(u->doorbell_bh); 1724 qemu_bh_delete(u->complete_bh); 1725 1726 for (int i = 0; i < u->params.nutrs; i++) { 1727 ufs_clear_req(&u->req_list[i]); 1728 } 1729 g_free(u->req_list); 1730 1731 for (int i = 0; i < ARRAY_SIZE(u->sq); i++) { 1732 if (u->sq[i]) { 1733 ufs_mcq_delete_sq(u, i); 1734 } 1735 } 1736 for (int i = 0; i < ARRAY_SIZE(u->cq); i++) { 1737 if (u->cq[i]) { 1738 ufs_mcq_delete_cq(u, i); 1739 } 1740 } 1741 } 1742 1743 static Property ufs_props[] = { 1744 DEFINE_PROP_STRING("serial", UfsHc, params.serial), 1745 DEFINE_PROP_UINT8("nutrs", UfsHc, params.nutrs, 32), 1746 DEFINE_PROP_UINT8("nutmrs", UfsHc, params.nutmrs, 8), 1747 DEFINE_PROP_BOOL("mcq", UfsHc, params.mcq, false), 1748 DEFINE_PROP_UINT8("mcq-maxq", UfsHc, params.mcq_maxq, 2), 1749 DEFINE_PROP_END_OF_LIST(), 1750 }; 1751 1752 static const VMStateDescription ufs_vmstate = { 1753 .name = "ufs", 1754 .unmigratable = 1, 1755 }; 1756 1757 static void ufs_class_init(ObjectClass *oc, void *data) 1758 { 1759 DeviceClass *dc = DEVICE_CLASS(oc); 1760 PCIDeviceClass *pc = PCI_DEVICE_CLASS(oc); 1761 1762 pc->realize = ufs_realize; 1763 pc->exit = ufs_exit; 1764 pc->vendor_id = PCI_VENDOR_ID_REDHAT; 1765 pc->device_id = PCI_DEVICE_ID_REDHAT_UFS; 1766 pc->class_id = PCI_CLASS_STORAGE_UFS; 1767 1768 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 1769 dc->desc = "Universal Flash Storage"; 1770 device_class_set_props(dc, ufs_props); 1771 dc->vmsd = &ufs_vmstate; 1772 } 1773 1774 static bool ufs_bus_check_address(BusState *qbus, DeviceState *qdev, 1775 Error **errp) 1776 { 1777 if (strcmp(object_get_typename(OBJECT(qdev)), TYPE_UFS_LU) != 0) { 1778 error_setg(errp, "%s cannot be connected to ufs-bus", 1779 object_get_typename(OBJECT(qdev))); 1780 return false; 1781 } 1782 1783 return true; 1784 } 1785 1786 static char *ufs_bus_get_dev_path(DeviceState *dev) 1787 { 1788 BusState *bus = qdev_get_parent_bus(dev); 1789 1790 return qdev_get_dev_path(bus->parent); 1791 } 1792 1793 static void ufs_bus_class_init(ObjectClass *class, void *data) 1794 { 1795 BusClass *bc = BUS_CLASS(class); 1796 bc->get_dev_path = ufs_bus_get_dev_path; 1797 bc->check_address = ufs_bus_check_address; 1798 } 1799 1800 static const TypeInfo ufs_info = { 1801 .name = TYPE_UFS, 1802 .parent = TYPE_PCI_DEVICE, 1803 .class_init = ufs_class_init, 1804 .instance_size = sizeof(UfsHc), 1805 .interfaces = (InterfaceInfo[]){ { INTERFACE_PCIE_DEVICE }, {} }, 1806 }; 1807 1808 static const TypeInfo ufs_bus_info = { 1809 .name = TYPE_UFS_BUS, 1810 .parent = TYPE_BUS, 1811 .class_init = ufs_bus_class_init, 1812 .class_size = sizeof(UfsBusClass), 1813 .instance_size = sizeof(UfsBus), 1814 }; 1815 1816 static void ufs_register_types(void) 1817 { 1818 type_register_static(&ufs_info); 1819 type_register_static(&ufs_bus_info); 1820 } 1821 1822 type_init(ufs_register_types) 1823