bcm2835_mbox.c (9769B)
1/* 2 * Raspberry Pi emulation (c) 2012 Gregory Estrade 3 * 4 * This file models the system mailboxes, which are used for 5 * communication with low-bandwidth GPU peripherals. Refs: 6 * https://github.com/raspberrypi/firmware/wiki/Mailboxes 7 * https://github.com/raspberrypi/firmware/wiki/Accessing-mailboxes 8 * 9 * This work is licensed under the terms of the GNU GPL, version 2 or later. 10 * See the COPYING file in the top-level directory. 11 */ 12 13#include "qemu/osdep.h" 14#include "qapi/error.h" 15#include "hw/irq.h" 16#include "hw/misc/bcm2835_mbox.h" 17#include "migration/vmstate.h" 18#include "qemu/log.h" 19#include "qemu/module.h" 20#include "trace.h" 21 22#define MAIL0_PEEK 0x90 23#define MAIL0_SENDER 0x94 24#define MAIL1_STATUS 0xb8 25 26/* Mailbox status register */ 27#define MAIL0_STATUS 0x98 28#define ARM_MS_FULL 0x80000000 29#define ARM_MS_EMPTY 0x40000000 30#define ARM_MS_LEVEL 0x400000FF /* Max. value depends on mailbox depth */ 31 32/* MAILBOX config/status register */ 33#define MAIL0_CONFIG 0x9c 34/* ANY write to this register clears the error bits! */ 35#define ARM_MC_IHAVEDATAIRQEN 0x00000001 /* mbox irq enable: has data */ 36#define ARM_MC_IHAVESPACEIRQEN 0x00000002 /* mbox irq enable: has space */ 37#define ARM_MC_OPPISEMPTYIRQEN 0x00000004 /* mbox irq enable: Opp is empty */ 38#define ARM_MC_MAIL_CLEAR 0x00000008 /* mbox clear write 1, then 0 */ 39#define ARM_MC_IHAVEDATAIRQPEND 0x00000010 /* mbox irq pending: has space */ 40#define ARM_MC_IHAVESPACEIRQPEND 0x00000020 /* mbox irq pending: Opp is empty */ 41#define ARM_MC_OPPISEMPTYIRQPEND 0x00000040 /* mbox irq pending */ 42/* Bit 7 is unused */ 43#define ARM_MC_ERRNOOWN 0x00000100 /* error : none owner read from mailbox */ 44#define ARM_MC_ERROVERFLW 0x00000200 /* error : write to fill mailbox */ 45#define ARM_MC_ERRUNDRFLW 0x00000400 /* error : read from empty mailbox */ 46 47static void mbox_update_status(BCM2835Mbox *mb) 48{ 49 mb->status &= ~(ARM_MS_EMPTY | ARM_MS_FULL); 50 if (mb->count == 0) { 51 mb->status |= ARM_MS_EMPTY; 52 } else if (mb->count == MBOX_SIZE) { 53 mb->status |= ARM_MS_FULL; 54 } 55} 56 57static void mbox_reset(BCM2835Mbox *mb) 58{ 59 int n; 60 61 mb->count = 0; 62 mb->config = 0; 63 for (n = 0; n < MBOX_SIZE; n++) { 64 mb->reg[n] = MBOX_INVALID_DATA; 65 } 66 mbox_update_status(mb); 67} 68 69static uint32_t mbox_pull(BCM2835Mbox *mb, int index) 70{ 71 int n; 72 uint32_t val; 73 74 assert(mb->count > 0); 75 assert(index < mb->count); 76 77 val = mb->reg[index]; 78 for (n = index + 1; n < mb->count; n++) { 79 mb->reg[n - 1] = mb->reg[n]; 80 } 81 mb->count--; 82 mb->reg[mb->count] = MBOX_INVALID_DATA; 83 84 mbox_update_status(mb); 85 86 return val; 87} 88 89static void mbox_push(BCM2835Mbox *mb, uint32_t val) 90{ 91 assert(mb->count < MBOX_SIZE); 92 mb->reg[mb->count++] = val; 93 mbox_update_status(mb); 94} 95 96static void bcm2835_mbox_update(BCM2835MboxState *s) 97{ 98 uint32_t value; 99 bool set; 100 int n; 101 102 s->mbox_irq_disabled = true; 103 104 /* Get pending responses and put them in the vc->arm mbox, 105 * as long as it's not full 106 */ 107 for (n = 0; n < MBOX_CHAN_COUNT; n++) { 108 while (s->available[n] && !(s->mbox[0].status & ARM_MS_FULL)) { 109 value = ldl_le_phys(&s->mbox_as, n << MBOX_AS_CHAN_SHIFT); 110 assert(value != MBOX_INVALID_DATA); /* Pending interrupt but no data */ 111 mbox_push(&s->mbox[0], value); 112 } 113 } 114 115 /* TODO (?): Try to push pending requests from the arm->vc mbox */ 116 117 /* Re-enable calls from the IRQ routine */ 118 s->mbox_irq_disabled = false; 119 120 /* Update ARM IRQ status */ 121 set = false; 122 s->mbox[0].config &= ~ARM_MC_IHAVEDATAIRQPEND; 123 if (!(s->mbox[0].status & ARM_MS_EMPTY)) { 124 s->mbox[0].config |= ARM_MC_IHAVEDATAIRQPEND; 125 if (s->mbox[0].config & ARM_MC_IHAVEDATAIRQEN) { 126 set = true; 127 } 128 } 129 trace_bcm2835_mbox_irq(set); 130 qemu_set_irq(s->arm_irq, set); 131} 132 133static void bcm2835_mbox_set_irq(void *opaque, int irq, int level) 134{ 135 BCM2835MboxState *s = opaque; 136 137 s->available[irq] = level; 138 139 /* avoid recursively calling bcm2835_mbox_update when the interrupt 140 * status changes due to the ldl_phys call within that function 141 */ 142 if (!s->mbox_irq_disabled) { 143 bcm2835_mbox_update(s); 144 } 145} 146 147static uint64_t bcm2835_mbox_read(void *opaque, hwaddr offset, unsigned size) 148{ 149 BCM2835MboxState *s = opaque; 150 uint32_t res = 0; 151 152 offset &= 0xff; 153 154 switch (offset) { 155 case 0x80 ... 0x8c: /* MAIL0_READ */ 156 if (s->mbox[0].status & ARM_MS_EMPTY) { 157 res = MBOX_INVALID_DATA; 158 } else { 159 res = mbox_pull(&s->mbox[0], 0); 160 } 161 break; 162 163 case MAIL0_PEEK: 164 res = s->mbox[0].reg[0]; 165 break; 166 167 case MAIL0_SENDER: 168 break; 169 170 case MAIL0_STATUS: 171 res = s->mbox[0].status; 172 break; 173 174 case MAIL0_CONFIG: 175 res = s->mbox[0].config; 176 break; 177 178 case MAIL1_STATUS: 179 res = s->mbox[1].status; 180 break; 181 182 default: 183 qemu_log_mask(LOG_UNIMP, "%s: Unsupported offset 0x%"HWADDR_PRIx"\n", 184 __func__, offset); 185 trace_bcm2835_mbox_read(size, offset, res); 186 return 0; 187 } 188 trace_bcm2835_mbox_read(size, offset, res); 189 190 bcm2835_mbox_update(s); 191 192 return res; 193} 194 195static void bcm2835_mbox_write(void *opaque, hwaddr offset, 196 uint64_t value, unsigned size) 197{ 198 BCM2835MboxState *s = opaque; 199 hwaddr childaddr; 200 uint8_t ch; 201 202 offset &= 0xff; 203 204 trace_bcm2835_mbox_write(size, offset, value); 205 switch (offset) { 206 case MAIL0_SENDER: 207 break; 208 209 case MAIL0_CONFIG: 210 s->mbox[0].config &= ~ARM_MC_IHAVEDATAIRQEN; 211 s->mbox[0].config |= value & ARM_MC_IHAVEDATAIRQEN; 212 break; 213 214 case 0xa0 ... 0xac: /* MAIL1_WRITE */ 215 if (s->mbox[1].status & ARM_MS_FULL) { 216 /* Mailbox full */ 217 qemu_log_mask(LOG_GUEST_ERROR, "%s: mailbox full\n", __func__); 218 } else { 219 ch = value & 0xf; 220 if (ch < MBOX_CHAN_COUNT) { 221 childaddr = ch << MBOX_AS_CHAN_SHIFT; 222 if (ldl_le_phys(&s->mbox_as, childaddr + MBOX_AS_PENDING)) { 223 /* Child busy, push delayed. Push it in the arm->vc mbox */ 224 mbox_push(&s->mbox[1], value); 225 } else { 226 /* Push it directly to the child device */ 227 stl_le_phys(&s->mbox_as, childaddr, value); 228 } 229 } else { 230 /* Invalid channel number */ 231 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid channel %u\n", 232 __func__, ch); 233 } 234 } 235 break; 236 237 default: 238 qemu_log_mask(LOG_UNIMP, "%s: Unsupported offset 0x%"HWADDR_PRIx 239 " value 0x%"PRIx64"\n", 240 __func__, offset, value); 241 return; 242 } 243 244 bcm2835_mbox_update(s); 245} 246 247static const MemoryRegionOps bcm2835_mbox_ops = { 248 .read = bcm2835_mbox_read, 249 .write = bcm2835_mbox_write, 250 .endianness = DEVICE_NATIVE_ENDIAN, 251 .valid.min_access_size = 4, 252 .valid.max_access_size = 4, 253}; 254 255/* vmstate of a single mailbox */ 256static const VMStateDescription vmstate_bcm2835_mbox_box = { 257 .name = TYPE_BCM2835_MBOX "_box", 258 .version_id = 1, 259 .minimum_version_id = 1, 260 .fields = (VMStateField[]) { 261 VMSTATE_UINT32_ARRAY(reg, BCM2835Mbox, MBOX_SIZE), 262 VMSTATE_UINT32(count, BCM2835Mbox), 263 VMSTATE_UINT32(status, BCM2835Mbox), 264 VMSTATE_UINT32(config, BCM2835Mbox), 265 VMSTATE_END_OF_LIST() 266 } 267}; 268 269/* vmstate of the entire device */ 270static const VMStateDescription vmstate_bcm2835_mbox = { 271 .name = TYPE_BCM2835_MBOX, 272 .version_id = 1, 273 .minimum_version_id = 1, 274 .minimum_version_id_old = 1, 275 .fields = (VMStateField[]) { 276 VMSTATE_BOOL_ARRAY(available, BCM2835MboxState, MBOX_CHAN_COUNT), 277 VMSTATE_STRUCT_ARRAY(mbox, BCM2835MboxState, 2, 1, 278 vmstate_bcm2835_mbox_box, BCM2835Mbox), 279 VMSTATE_END_OF_LIST() 280 } 281}; 282 283static void bcm2835_mbox_init(Object *obj) 284{ 285 BCM2835MboxState *s = BCM2835_MBOX(obj); 286 287 memory_region_init_io(&s->iomem, obj, &bcm2835_mbox_ops, s, 288 TYPE_BCM2835_MBOX, 0x400); 289 sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem); 290 sysbus_init_irq(SYS_BUS_DEVICE(s), &s->arm_irq); 291 qdev_init_gpio_in(DEVICE(s), bcm2835_mbox_set_irq, MBOX_CHAN_COUNT); 292} 293 294static void bcm2835_mbox_reset(DeviceState *dev) 295{ 296 BCM2835MboxState *s = BCM2835_MBOX(dev); 297 int n; 298 299 mbox_reset(&s->mbox[0]); 300 mbox_reset(&s->mbox[1]); 301 s->mbox_irq_disabled = false; 302 for (n = 0; n < MBOX_CHAN_COUNT; n++) { 303 s->available[n] = false; 304 } 305} 306 307static void bcm2835_mbox_realize(DeviceState *dev, Error **errp) 308{ 309 BCM2835MboxState *s = BCM2835_MBOX(dev); 310 Object *obj; 311 312 obj = object_property_get_link(OBJECT(dev), "mbox-mr", &error_abort); 313 s->mbox_mr = MEMORY_REGION(obj); 314 address_space_init(&s->mbox_as, s->mbox_mr, TYPE_BCM2835_MBOX "-memory"); 315 bcm2835_mbox_reset(dev); 316} 317 318static void bcm2835_mbox_class_init(ObjectClass *klass, void *data) 319{ 320 DeviceClass *dc = DEVICE_CLASS(klass); 321 322 dc->realize = bcm2835_mbox_realize; 323 dc->reset = bcm2835_mbox_reset; 324 dc->vmsd = &vmstate_bcm2835_mbox; 325} 326 327static TypeInfo bcm2835_mbox_info = { 328 .name = TYPE_BCM2835_MBOX, 329 .parent = TYPE_SYS_BUS_DEVICE, 330 .instance_size = sizeof(BCM2835MboxState), 331 .class_init = bcm2835_mbox_class_init, 332 .instance_init = bcm2835_mbox_init, 333}; 334 335static void bcm2835_mbox_register_types(void) 336{ 337 type_register_static(&bcm2835_mbox_info); 338} 339 340type_init(bcm2835_mbox_register_types)