diff options
Diffstat (limited to 'hw')
| -rw-r--r-- | hw/arm/Kconfig | 1 | ||||
| -rw-r--r-- | hw/arm/sbsa-ref.c | 2 | ||||
| -rw-r--r-- | hw/arm/xilinx_zynq.c | 55 | ||||
| -rw-r--r-- | hw/intc/arm_gic.c | 12 | ||||
| -rw-r--r-- | hw/intc/riscv_aplic.c | 8 | ||||
| -rw-r--r-- | hw/riscv/boot.c | 4 | ||||
| -rw-r--r-- | hw/ufs/trace-events | 17 | ||||
| -rw-r--r-- | hw/ufs/ufs.c | 475 | ||||
| -rw-r--r-- | hw/ufs/ufs.h | 98 | ||||
| -rw-r--r-- | hw/usb/hcd-ohci.c | 5 | ||||
| -rw-r--r-- | hw/usb/trace-events | 1 |
11 files changed, 630 insertions, 48 deletions
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig index 8b97683a45..1ad60da7aa 100644 --- a/hw/arm/Kconfig +++ b/hw/arm/Kconfig @@ -370,6 +370,7 @@ config ZYNQ select A9MPCORE select CADENCE # UART select PFLASH_CFI02 + select PL310 # cache controller select PL330 select SDHCI select SSI_M25P80 diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c index 57c337fd92..e884692f07 100644 --- a/hw/arm/sbsa-ref.c +++ b/hw/arm/sbsa-ref.c @@ -891,7 +891,7 @@ static void sbsa_ref_class_init(ObjectClass *oc, void *data) mc->init = sbsa_ref_init; mc->desc = "QEMU 'SBSA Reference' ARM Virtual Machine"; - mc->default_cpu_type = ARM_CPU_TYPE_NAME("neoverse-n1"); + mc->default_cpu_type = ARM_CPU_TYPE_NAME("neoverse-n2"); mc->valid_cpu_types = valid_cpu_types; mc->max_cpus = 512; mc->pci_allow_0_address = true; diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c index fc3abcbe88..7f7a3d23fb 100644 --- a/hw/arm/xilinx_zynq.c +++ b/hw/arm/xilinx_zynq.c @@ -84,9 +84,12 @@ static const int dma_irqs[8] = { 0xe3401000 + ARMV7_IMM16(extract32((val), 16, 16)), /* movt r1 ... */ \ 0xe5801000 + (addr) +#define ZYNQ_MAX_CPUS 2 + struct ZynqMachineState { MachineState parent; Clock *ps_clk; + ARMCPU *cpu[ZYNQ_MAX_CPUS]; }; static void zynq_write_board_setup(ARMCPU *cpu, @@ -176,13 +179,13 @@ static inline int zynq_init_spi_flashes(uint32_t base_addr, qemu_irq irq, static void zynq_init(MachineState *machine) { ZynqMachineState *zynq_machine = ZYNQ_MACHINE(machine); - ARMCPU *cpu; MemoryRegion *address_space_mem = get_system_memory(); MemoryRegion *ocm_ram = g_new(MemoryRegion, 1); DeviceState *dev, *slcr; SysBusDevice *busdev; qemu_irq pic[64]; int n; + unsigned int smp_cpus = machine->smp.cpus; /* max 2GB ram */ if (machine->ram_size > 2 * GiB) { @@ -190,21 +193,26 @@ static void zynq_init(MachineState *machine) exit(EXIT_FAILURE); } - cpu = ARM_CPU(object_new(machine->cpu_type)); + for (n = 0; n < smp_cpus; n++) { + Object *cpuobj = object_new(machine->cpu_type); - /* By default A9 CPUs have EL3 enabled. This board does not - * currently support EL3 so the CPU EL3 property is disabled before - * realization. - */ - if (object_property_find(OBJECT(cpu), "has_el3")) { - object_property_set_bool(OBJECT(cpu), "has_el3", false, &error_fatal); - } + /* + * By default A9 CPUs have EL3 enabled. This board does not currently + * support EL3 so the CPU EL3 property is disabled before realization. + */ + if (object_property_find(cpuobj, "has_el3")) { + object_property_set_bool(cpuobj, "has_el3", false, &error_fatal); + } - object_property_set_int(OBJECT(cpu), "midr", ZYNQ_BOARD_MIDR, - &error_fatal); - object_property_set_int(OBJECT(cpu), "reset-cbar", MPCORE_PERIPHBASE, - &error_fatal); - qdev_realize(DEVICE(cpu), NULL, &error_fatal); + object_property_set_int(cpuobj, "midr", ZYNQ_BOARD_MIDR, + &error_fatal); + object_property_set_int(cpuobj, "reset-cbar", MPCORE_PERIPHBASE, + &error_fatal); + + qdev_realize(DEVICE(cpuobj), NULL, &error_fatal); + + zynq_machine->cpu[n] = ARM_CPU(cpuobj); + } /* DDR remapped to address zero. */ memory_region_add_subregion(address_space_mem, 0, machine->ram); @@ -237,14 +245,19 @@ static void zynq_init(MachineState *machine) sysbus_mmio_map(SYS_BUS_DEVICE(slcr), 0, 0xF8000000); dev = qdev_new(TYPE_A9MPCORE_PRIV); - qdev_prop_set_uint32(dev, "num-cpu", 1); + qdev_prop_set_uint32(dev, "num-cpu", smp_cpus); busdev = SYS_BUS_DEVICE(dev); sysbus_realize_and_unref(busdev, &error_fatal); sysbus_mmio_map(busdev, 0, MPCORE_PERIPHBASE); - sysbus_connect_irq(busdev, 0, - qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_IRQ)); - sysbus_connect_irq(busdev, 1, - qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_FIQ)); + zynq_binfo.gic_cpu_if_addr = MPCORE_PERIPHBASE + 0x100; + sysbus_create_varargs("l2x0", MPCORE_PERIPHBASE + 0x2000, NULL); + for (n = 0; n < smp_cpus; n++) { + DeviceState *cpudev = DEVICE(zynq_machine->cpu[n]); + sysbus_connect_irq(busdev, (2 * n) + 0, + qdev_get_gpio_in(cpudev, ARM_CPU_IRQ)); + sysbus_connect_irq(busdev, (2 * n) + 1, + qdev_get_gpio_in(cpudev, ARM_CPU_FIQ)); + } for (n = 0; n < 64; n++) { pic[n] = qdev_get_gpio_in(dev, n); @@ -349,7 +362,7 @@ static void zynq_init(MachineState *machine) zynq_binfo.board_setup_addr = BOARD_SETUP_ADDR; zynq_binfo.write_board_setup = zynq_write_board_setup; - arm_load_kernel(cpu, machine, &zynq_binfo); + arm_load_kernel(zynq_machine->cpu[0], machine, &zynq_binfo); } static void zynq_machine_class_init(ObjectClass *oc, void *data) @@ -361,7 +374,7 @@ static void zynq_machine_class_init(ObjectClass *oc, void *data) MachineClass *mc = MACHINE_CLASS(oc); mc->desc = "Xilinx Zynq Platform Baseboard for Cortex-A9"; mc->init = zynq_init; - mc->max_cpus = 1; + mc->max_cpus = ZYNQ_MAX_CPUS; mc->no_sdcard = 1; mc->ignore_memory_transaction_failures = true; mc->valid_cpu_types = valid_cpu_types; diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c index e4b8437f8b..806832439b 100644 --- a/hw/intc/arm_gic.c +++ b/hw/intc/arm_gic.c @@ -1308,12 +1308,15 @@ static void gic_dist_writeb(void *opaque, hwaddr offset, for (i = 0; i < 8; i++) { if (value & (1 << i)) { + int mask = (irq < GIC_INTERNAL) ? (1 << cpu) + : GIC_DIST_TARGET(irq + i); + if (s->security_extn && !attrs.secure && !GIC_DIST_TEST_GROUP(irq + i, 1 << cpu)) { continue; /* Ignore Non-secure access of Group0 IRQ */ } - GIC_DIST_SET_PENDING(irq + i, GIC_DIST_TARGET(irq + i)); + GIC_DIST_SET_PENDING(irq + i, mask); } } } else if (offset < 0x300) { @@ -1407,6 +1410,13 @@ static void gic_dist_writeb(void *opaque, hwaddr offset, value = ALL_CPU_MASK; } s->irq_target[irq] = value & ALL_CPU_MASK; + if (irq >= GIC_INTERNAL && s->irq_state[irq].pending) { + /* + * Changing the target of an interrupt that is currently + * pending updates the set of CPUs it is pending on. + */ + s->irq_state[irq].pending = value & ALL_CPU_MASK; + } } } else if (offset < 0xf00) { /* Interrupt Configuration. */ diff --git a/hw/intc/riscv_aplic.c b/hw/intc/riscv_aplic.c index fc5df0d598..32edd6d07b 100644 --- a/hw/intc/riscv_aplic.c +++ b/hw/intc/riscv_aplic.c @@ -1000,16 +1000,16 @@ DeviceState *riscv_aplic_create(hwaddr addr, hwaddr size, qdev_prop_set_bit(dev, "msimode", msimode); qdev_prop_set_bit(dev, "mmode", mmode); + if (parent) { + riscv_aplic_add_child(parent, dev); + } + sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal); if (!is_kvm_aia(msimode)) { sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, addr); } - if (parent) { - riscv_aplic_add_child(parent, dev); - } - if (!msimode) { for (i = 0; i < num_harts; i++) { CPUState *cpu = cpu_by_arch_id(hartid_base + i); diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c index 09878e722c..47281ca853 100644 --- a/hw/riscv/boot.c +++ b/hw/riscv/boot.c @@ -209,8 +209,8 @@ static void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry) /* Some RISC-V machines (e.g. opentitan) don't have a fdt. */ if (fdt) { end = start + size; - qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-start", start); - qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-end", end); + qemu_fdt_setprop_u64(fdt, "/chosen", "linux,initrd-start", start); + qemu_fdt_setprop_u64(fdt, "/chosen", "linux,initrd-end", end); } } diff --git a/hw/ufs/trace-events b/hw/ufs/trace-events index 665e1a942b..531dcfc686 100644 --- a/hw/ufs/trace-events +++ b/hw/ufs/trace-events @@ -11,13 +11,18 @@ ufs_exec_nop_cmd(uint32_t slot) "UTRLDBR slot %"PRIu32"" ufs_exec_scsi_cmd(uint32_t slot, uint8_t lun, uint8_t opcode) "slot %"PRIu32", lun 0x%"PRIx8", opcode 0x%"PRIx8"" ufs_exec_query_cmd(uint32_t slot, uint8_t opcode) "slot %"PRIu32", opcode 0x%"PRIx8"" ufs_process_uiccmd(uint32_t uiccmd, uint32_t ucmdarg1, uint32_t ucmdarg2, uint32_t ucmdarg3) "uiccmd 0x%"PRIx32", ucmdarg1 0x%"PRIx32", ucmdarg2 0x%"PRIx32", ucmdarg3 0x%"PRIx32"" +ufs_mcq_complete_req(uint8_t qid) "sqid %"PRIu8"" +ufs_mcq_create_sq(uint8_t sqid, uint8_t cqid, uint64_t addr, uint16_t size) "mcq create sq sqid %"PRIu8", cqid %"PRIu8", addr 0x%"PRIx64", size %"PRIu16"" +ufs_mcq_create_cq(uint8_t cqid, uint64_t addr, uint16_t size) "mcq create cq cqid %"PRIu8", addr 0x%"PRIx64", size %"PRIu16"" # error condition ufs_err_dma_read_utrd(uint32_t slot, uint64_t addr) "failed to read utrd. UTRLDBR slot %"PRIu32", UTRD dma addr %"PRIu64"" ufs_err_dma_read_req_upiu(uint32_t slot, uint64_t addr) "failed to read req upiu. UTRLDBR slot %"PRIu32", request upiu addr %"PRIu64"" ufs_err_dma_read_prdt(uint32_t slot, uint64_t addr) "failed to read prdt. UTRLDBR slot %"PRIu32", prdt addr %"PRIu64"" +ufs_err_dma_read_sq(uint8_t sqid, uint64_t addr) "failed to read sq entry. sqid %"PRIu8", hwaddr %"PRIu64"" ufs_err_dma_write_utrd(uint32_t slot, uint64_t addr) "failed to write utrd. UTRLDBR slot %"PRIu32", UTRD dma addr %"PRIu64"" ufs_err_dma_write_rsp_upiu(uint32_t slot, uint64_t addr) "failed to write rsp upiu. UTRLDBR slot %"PRIu32", response upiu addr %"PRIu64"" +ufs_err_dma_write_cq(uint8_t cqid, uint64_t addr) "failed to write cq entry. cqid %"PRIu8", hwaddr %"PRIu64"" ufs_err_utrl_slot_error(uint32_t slot) "UTRLDBR slot %"PRIu32" is in error" ufs_err_utrl_slot_busy(uint32_t slot) "UTRLDBR slot %"PRIu32" is busy" ufs_err_unsupport_register_offset(uint32_t offset) "Register offset 0x%"PRIx32" is not yet supported" @@ -31,3 +36,15 @@ ufs_err_query_invalid_opcode(uint8_t opcode) "query request has invalid opcode. ufs_err_query_invalid_idn(uint8_t opcode, uint8_t idn) "query request has invalid idn. opcode: 0x%"PRIx8", idn 0x%"PRIx8"" ufs_err_query_invalid_index(uint8_t opcode, uint8_t index) "query request has invalid index. opcode: 0x%"PRIx8", index 0x%"PRIx8"" ufs_err_invalid_trans_code(uint32_t slot, uint8_t trans_code) "request upiu has invalid transaction code. slot: %"PRIu32", trans_code: 0x%"PRIx8"" +ufs_err_mcq_db_wr_invalid_sqid(uint8_t qid) "invalid mcq sqid %"PRIu8"" +ufs_err_mcq_db_wr_invalid_db(uint8_t qid, uint32_t db) "invalid mcq doorbell sqid %"PRIu8", db %"PRIu32"" +ufs_err_mcq_create_sq_invalid_sqid(uint8_t qid) "invalid mcq sqid %"PRIu8"" +ufs_err_mcq_create_sq_invalid_cqid(uint8_t qid) "invalid mcq cqid %"PRIu8"" +ufs_err_mcq_create_sq_already_exists(uint8_t qid) "mcq sqid %"PRIu8 "already exists" +ufs_err_mcq_delete_sq_invalid_sqid(uint8_t qid) "invalid mcq sqid %"PRIu8"" +ufs_err_mcq_delete_sq_not_exists(uint8_t qid) "mcq sqid %"PRIu8 "not exists" +ufs_err_mcq_create_cq_invalid_cqid(uint8_t qid) "invalid mcq cqid %"PRIu8"" +ufs_err_mcq_create_cq_already_exists(uint8_t qid) "mcq cqid %"PRIu8 "already exists" +ufs_err_mcq_delete_cq_invalid_cqid(uint8_t qid) "invalid mcq cqid %"PRIu8"" +ufs_err_mcq_delete_cq_not_exists(uint8_t qid) "mcq cqid %"PRIu8 "not exists" +ufs_err_mcq_delete_cq_sq_not_deleted(uint8_t sqid, uint8_t cqid) "mcq sq %"PRIu8" still has cq %"PRIu8"" diff --git a/hw/ufs/ufs.c b/hw/ufs/ufs.c index bac78a32bb..71a88d221c 100644 --- a/hw/ufs/ufs.c +++ b/hw/ufs/ufs.c @@ -9,7 +9,7 @@ */ /** - * Reference Specs: https://www.jedec.org/, 3.1 + * Reference Specs: https://www.jedec.org/, 4.0 * * Usage * ----- @@ -28,10 +28,45 @@ #include "trace.h" #include "ufs.h" -/* The QEMU-UFS device follows spec version 3.1 */ -#define UFS_SPEC_VER 0x0310 +/* The QEMU-UFS device follows spec version 4.0 */ +#define UFS_SPEC_VER 0x0400 #define UFS_MAX_NUTRS 32 #define UFS_MAX_NUTMRS 8 +#define UFS_MCQ_QCFGPTR 2 + +static void ufs_exec_req(UfsRequest *req); +static void ufs_clear_req(UfsRequest *req); + +static inline uint64_t ufs_mcq_reg_addr(UfsHc *u, int qid) +{ + /* Submission Queue MCQ Registers offset (400h) */ + return (UFS_MCQ_QCFGPTR * 0x200) + qid * 0x40; +} + +static inline uint64_t ufs_mcq_op_reg_addr(UfsHc *u, int qid) +{ + /* MCQ Operation & Runtime Registers offset (1000h) */ + return UFS_MCQ_OPR_START + qid * 48; +} + +static inline uint64_t ufs_reg_size(UfsHc *u) +{ + /* Total UFS HCI Register size in bytes */ + return ufs_mcq_op_reg_addr(u, 0) + sizeof(u->mcq_op_reg); +} + +static inline bool ufs_is_mcq_reg(UfsHc *u, uint64_t addr) +{ + uint64_t mcq_reg_addr = ufs_mcq_reg_addr(u, 0); + return addr >= mcq_reg_addr && addr < mcq_reg_addr + sizeof(u->mcq_reg); +} + +static inline bool ufs_is_mcq_op_reg(UfsHc *u, uint64_t addr) +{ + uint64_t mcq_op_reg_addr = ufs_mcq_op_reg_addr(u, 0); + return (addr >= mcq_op_reg_addr && + addr < mcq_op_reg_addr + sizeof(u->mcq_op_reg)); +} static MemTxResult ufs_addr_read(UfsHc *u, hwaddr addr, void *buf, int size) { @@ -181,9 +216,14 @@ static MemTxResult ufs_dma_read_upiu(UfsRequest *req) { MemTxResult ret; - ret = ufs_dma_read_utrd(req); - if (ret) { - return ret; + /* + * In case of MCQ, UTRD has already been read from a SQ, so skip it. + */ + if (!ufs_mcq_req(req)) { + ret = ufs_dma_read_utrd(req); + if (ret) { + return ret; + } } ret = ufs_dma_read_req_upiu(req); @@ -335,6 +375,219 @@ static void ufs_process_uiccmd(UfsHc *u, uint32_t val) ufs_irq_check(u); } +static void ufs_mcq_init_req(UfsHc *u, UfsRequest *req, UfsSq *sq) +{ + memset(req, 0, sizeof(*req)); + + req->hc = u; + req->state = UFS_REQUEST_IDLE; + req->slot = UFS_INVALID_SLOT; + req->sq = sq; +} + +static void ufs_mcq_process_sq(void *opaque) +{ + UfsSq *sq = opaque; + UfsHc *u = sq->u; + UfsSqEntry sqe; + UfsRequest *req; + hwaddr addr; + uint16_t head = ufs_mcq_sq_head(u, sq->sqid); + int err; + + while (!(ufs_mcq_sq_empty(u, sq->sqid) || QTAILQ_EMPTY(&sq->req_list))) { + addr = sq->addr + head; + err = ufs_addr_read(sq->u, addr, (void *)&sqe, sizeof(sqe)); + if (err) { + trace_ufs_err_dma_read_sq(sq->sqid, addr); + return; + } + + head = (head + sizeof(sqe)) % (sq->size * sizeof(sqe)); + ufs_mcq_update_sq_head(u, sq->sqid, head); + + req = QTAILQ_FIRST(&sq->req_list); + QTAILQ_REMOVE(&sq->req_list, req, entry); + + ufs_mcq_init_req(sq->u, req, sq); + memcpy(&req->utrd, &sqe, sizeof(req->utrd)); + + req->state = UFS_REQUEST_RUNNING; + ufs_exec_req(req); + } +} + +static void ufs_mcq_process_cq(void *opaque) +{ + UfsCq *cq = opaque; + UfsHc *u = cq->u; + UfsRequest *req, *next; + MemTxResult ret; + uint32_t tail = ufs_mcq_cq_tail(u, cq->cqid); + + QTAILQ_FOREACH_SAFE(req, &cq->req_list, entry, next) + { + ufs_dma_write_rsp_upiu(req); + + req->cqe.utp_addr = + ((uint64_t)req->utrd.command_desc_base_addr_hi << 32ULL) | + req->utrd.command_desc_base_addr_lo; + req->cqe.utp_addr |= req->sq->sqid; + req->cqe.resp_len = req->utrd.response_upiu_length; + req->cqe.resp_off = req->utrd.response_upiu_offset; + req->cqe.prdt_len = req->utrd.prd_table_length; + req->cqe.prdt_off = req->utrd.prd_table_offset; + req->cqe.status = req->utrd.header.dword_2 & 0xf; + req->cqe.error = 0; + + ret = ufs_addr_write(u, cq->addr + tail, &req->cqe, sizeof(req->cqe)); + if (ret) { + trace_ufs_err_dma_write_cq(cq->cqid, cq->addr + tail); + } + QTAILQ_REMOVE(&cq->req_list, req, entry); + + tail = (tail + sizeof(req->cqe)) % (cq->size * sizeof(req->cqe)); + ufs_mcq_update_cq_tail(u, cq->cqid, tail); + + ufs_clear_req(req); + QTAILQ_INSERT_TAIL(&req->sq->req_list, req, entry); + } + + if (!ufs_mcq_cq_empty(u, cq->cqid)) { + u->mcq_op_reg[cq->cqid].cq_int.is = + FIELD_DP32(u->mcq_op_reg[cq->cqid].cq_int.is, CQIS, TEPS, 1); + + u->reg.is = FIELD_DP32(u->reg.is, IS, CQES, 1); + ufs_irq_check(u); + } +} + +static bool ufs_mcq_create_sq(UfsHc *u, uint8_t qid, uint32_t attr) +{ + UfsMcqReg *reg = &u->mcq_reg[qid]; + UfsSq *sq; + uint8_t cqid = FIELD_EX32(attr, SQATTR, CQID); + + if (qid >= u->params.mcq_maxq) { + trace_ufs_err_mcq_create_sq_invalid_sqid(qid); + return false; + } + + if (u->sq[qid]) { + trace_ufs_err_mcq_create_sq_already_exists(qid); + return false; + } + + if (!u->cq[cqid]) { + trace_ufs_err_mcq_create_sq_invalid_cqid(qid); + return false; + } + + sq = g_malloc0(sizeof(*sq)); + sq->u = u; + sq->sqid = qid; + sq->cq = u->cq[cqid]; + sq->addr = ((uint64_t)reg->squba << 32) | reg->sqlba; + sq->size = ((FIELD_EX32(attr, SQATTR, SIZE) + 1) << 2) / sizeof(UfsSqEntry); + + sq->bh = qemu_bh_new_guarded(ufs_mcq_process_sq, sq, + &DEVICE(u)->mem_reentrancy_guard); + sq->req = g_new0(UfsRequest, sq->size); + QTAILQ_INIT(&sq->req_list); + for (int i = 0; i < sq->size; i++) { + ufs_mcq_init_req(u, &sq->req[i], sq); + QTAILQ_INSERT_TAIL(&sq->req_list, &sq->req[i], entry); + } + + u->sq[qid] = sq; + + trace_ufs_mcq_create_sq(sq->sqid, sq->cq->cqid, sq->addr, sq->size); + return true; +} + +static bool ufs_mcq_delete_sq(UfsHc *u, uint8_t qid) +{ + UfsSq *sq; + + if (qid >= u->params.mcq_maxq) { + trace_ufs_err_mcq_delete_sq_invalid_sqid(qid); + return false; + } + + if (!u->sq[qid]) { + trace_ufs_err_mcq_delete_sq_not_exists(qid); + return false; + } + + sq = u->sq[qid]; + + qemu_bh_delete(sq->bh); + g_free(sq->req); + g_free(sq); + u->sq[qid] = NULL; + return true; +} + +static bool ufs_mcq_create_cq(UfsHc *u, uint8_t qid, uint32_t attr) +{ + UfsMcqReg *reg = &u->mcq_reg[qid]; + UfsCq *cq; + + if (qid >= u->params.mcq_maxq) { + trace_ufs_err_mcq_create_cq_invalid_cqid(qid); + return false; + } + + if (u->cq[qid]) { + trace_ufs_err_mcq_create_cq_already_exists(qid); + return false; + } + + cq = g_malloc0(sizeof(*cq)); + cq->u = u; + cq->cqid = qid; + cq->addr = ((uint64_t)reg->cquba << 32) | reg->cqlba; + cq->size = ((FIELD_EX32(attr, CQATTR, SIZE) + 1) << 2) / sizeof(UfsCqEntry); + + cq->bh = qemu_bh_new_guarded(ufs_mcq_process_cq, cq, + &DEVICE(u)->mem_reentrancy_guard); + QTAILQ_INIT(&cq->req_list); + + u->cq[qid] = cq; + + trace_ufs_mcq_create_cq(cq->cqid, cq->addr, cq->size); + return true; +} + +static bool ufs_mcq_delete_cq(UfsHc *u, uint8_t qid) +{ + UfsCq *cq; + + if (qid >= u->params.mcq_maxq) { + trace_ufs_err_mcq_delete_cq_invalid_cqid(qid); + return false; + } + + if (!u->cq[qid]) { + trace_ufs_err_mcq_delete_cq_not_exists(qid); + return false; + } + + for (int i = 0; i < ARRAY_SIZE(u->sq); i++) { + if (u->sq[i] && u->sq[i]->cq->cqid == qid) { + trace_ufs_err_mcq_delete_cq_sq_not_deleted(i, qid); + return false; + } + } + + cq = u->cq[qid]; + + qemu_bh_delete(cq->bh); + g_free(cq); + u->cq[qid] = NULL; + return true; +} + static void ufs_write_reg(UfsHc *u, hwaddr offset, uint32_t data, unsigned size) { switch (offset) { @@ -390,6 +643,12 @@ static void ufs_write_reg(UfsHc *u, hwaddr offset, uint32_t data, unsigned size) case A_UCMDARG3: u->reg.ucmdarg3 = data; break; + case A_CONFIG: + u->reg.config = data; + break; + case A_MCQCONFIG: + u->reg.mcqconfig = data; + break; case A_UTRLCLR: case A_UTMRLDBR: case A_UTMRLCLR: @@ -402,18 +661,138 @@ static void ufs_write_reg(UfsHc *u, hwaddr offset, uint32_t data, unsigned size) } } +static void ufs_write_mcq_reg(UfsHc *u, hwaddr offset, uint32_t data, + unsigned size) +{ + int qid = offset / sizeof(UfsMcqReg); + UfsMcqReg *reg = &u->mcq_reg[qid]; + + switch (offset % sizeof(UfsMcqReg)) { + case A_SQATTR: + if (!FIELD_EX32(reg->sqattr, SQATTR, SQEN) && + FIELD_EX32(data, SQATTR, SQEN)) { + if (!ufs_mcq_create_sq(u, qid, data)) { + break; + } + } else if (FIELD_EX32(reg->sqattr, SQATTR, SQEN) && + !FIELD_EX32(data, SQATTR, SQEN)) { + if (!ufs_mcq_delete_sq(u, qid)) { + break; + } + } + reg->sqattr = data; + break; + case A_SQLBA: + reg->sqlba = data; + break; + case A_SQUBA: + reg->squba = data; + break; + case A_SQCFG: + reg->sqcfg = data; + break; + case A_CQATTR: + if (!FIELD_EX32(reg->cqattr, CQATTR, CQEN) && + FIELD_EX32(data, CQATTR, CQEN)) { + if (!ufs_mcq_create_cq(u, qid, data)) { + break; + } + } else if (FIELD_EX32(reg->cqattr, CQATTR, CQEN) && + !FIELD_EX32(data, CQATTR, CQEN)) { + if (!ufs_mcq_delete_cq(u, qid)) { + break; + } + } + reg->cqattr = data; + break; + case A_CQLBA: + reg->cqlba = data; + break; + case A_CQUBA: + reg->cquba = data; + break; + case A_CQCFG: + reg->cqcfg = data; + break; + case A_SQDAO: + case A_SQISAO: + case A_CQDAO: + case A_CQISAO: + trace_ufs_err_unsupport_register_offset(offset); + break; + default: + trace_ufs_err_invalid_register_offset(offset); + break; + } +} + +static void ufs_mcq_process_db(UfsHc *u, uint8_t qid, uint32_t db) +{ + UfsSq *sq; + + if (qid >= u->params.mcq_maxq) { + trace_ufs_err_mcq_db_wr_invalid_sqid(qid); + return; + } + + sq = u->sq[qid]; + if (sq->size * sizeof(UfsSqEntry) <= db) { + trace_ufs_err_mcq_db_wr_invalid_db(qid, db); + return; + } + + ufs_mcq_update_sq_tail(u, sq->sqid, db); + qemu_bh_schedule(sq->bh); +} + +static void ufs_write_mcq_op_reg(UfsHc *u, hwaddr offset, uint32_t data, + unsigned size) +{ + int qid = offset / sizeof(UfsMcqOpReg); + UfsMcqOpReg *opr = &u->mcq_op_reg[qid]; + + switch (offset % sizeof(UfsMcqOpReg)) { + case offsetof(UfsMcqOpReg, sq.tp): + if (opr->sq.tp != data) { + ufs_mcq_process_db(u, qid, data); + } + opr->sq.tp = data; + break; + case offsetof(UfsMcqOpReg, cq.hp): + opr->cq.hp = data; + ufs_mcq_update_cq_head(u, qid, data); + break; + case offsetof(UfsMcqOpReg, cq_int.is): + opr->cq_int.is &= ~data; + break; + default: + trace_ufs_err_invalid_register_offset(offset); + break; + } +} + static uint64_t ufs_mmio_read(void *opaque, hwaddr addr, unsigned size) { UfsHc *u = (UfsHc *)opaque; - uint8_t *ptr = (uint8_t *)&u->reg; + uint8_t *ptr; uint64_t value; - - if (addr > sizeof(u->reg) - size) { + uint64_t offset; + + if (addr < sizeof(u->reg)) { + offset = addr; + ptr = (uint8_t *)&u->reg; + } else if (ufs_is_mcq_reg(u, addr)) { + offset = addr - ufs_mcq_reg_addr(u, 0); + ptr = (uint8_t *)&u->mcq_reg; + } else if (ufs_is_mcq_op_reg(u, addr)) { + offset = addr - ufs_mcq_op_reg_addr(u, 0); + ptr = (uint8_t *)&u->mcq_op_reg; + } else { trace_ufs_err_invalid_register_offset(addr); return 0; } - value = *(uint32_t *)(ptr + addr); + value = *(uint32_t *)(ptr + offset); trace_ufs_mmio_read(addr, value, size); return value; } @@ -423,13 +802,17 @@ static void ufs_mmio_write(void *opaque, hwaddr addr, uint64_t data, { UfsHc *u = (UfsHc *)opaque; - if (addr > sizeof(u->reg) - size) { + trace_ufs_mmio_write(addr, data, size); + + if (addr < sizeof(u->reg)) { + ufs_write_reg(u, addr, data, size); + } else if (ufs_is_mcq_reg(u, addr)) { + ufs_write_mcq_reg(u, addr - ufs_mcq_reg_addr(u, 0), data, size); + } else if (ufs_is_mcq_op_reg(u, addr)) { + ufs_write_mcq_op_reg(u, addr - ufs_mcq_op_reg_addr(u, 0), data, size); + } else { trace_ufs_err_invalid_register_offset(addr); - return; } - - trace_ufs_mmio_write(addr, data, size); - ufs_write_reg(u, addr, data, size); } static const MemoryRegionOps ufs_mmio_ops = { @@ -1086,9 +1469,16 @@ void ufs_complete_req(UfsRequest *req, UfsReqResult req_result) req->utrd.header.dword_2 = cpu_to_le32(UFS_OCS_INVALID_CMD_TABLE_ATTR); } - trace_ufs_complete_req(req->slot); req->state = UFS_REQUEST_COMPLETE; - qemu_bh_schedule(u->complete_bh); + + if (ufs_mcq_req(req)) { + trace_ufs_mcq_complete_req(req->sq->sqid); + QTAILQ_INSERT_TAIL(&req->sq->cq->req_list, req, entry); + qemu_bh_schedule(req->sq->cq->bh); + } else { + trace_ufs_complete_req(req->slot); + qemu_bh_schedule(u->complete_bh); + } } static void ufs_clear_req(UfsRequest *req) @@ -1158,6 +1548,11 @@ static bool ufs_check_constraints(UfsHc *u, Error **errp) return false; } + if (u->params.mcq_maxq >= UFS_MAX_MCQ_QNUM) { + error_setg(errp, "mcq-maxq must be less than %d", UFS_MAX_MCQ_QNUM); + return false; + } + return true; } @@ -1189,15 +1584,24 @@ static void ufs_init_state(UfsHc *u) &DEVICE(u)->mem_reentrancy_guard); u->complete_bh = qemu_bh_new_guarded(ufs_sendback_req, u, &DEVICE(u)->mem_reentrancy_guard); + + if (u->params.mcq) { + memset(u->sq, 0, sizeof(u->sq)); + memset(u->cq, 0, sizeof(u->cq)); + } } static void ufs_init_hc(UfsHc *u) { uint32_t cap = 0; + uint32_t mcqconfig = 0; + uint32_t mcqcap = 0; - u->reg_size = pow2ceil(sizeof(UfsReg)); + u->reg_size = pow2ceil(ufs_reg_size(u)); memset(&u->reg, 0, sizeof(u->reg)); + memset(&u->mcq_reg, 0, sizeof(u->mcq_reg)); + memset(&u->mcq_op_reg, 0, sizeof(u->mcq_op_reg)); cap = FIELD_DP32(cap, CAP, NUTRS, (u->params.nutrs - 1)); cap = FIELD_DP32(cap, CAP, RTT, 2); cap = FIELD_DP32(cap, CAP, NUTMRS, (u->params.nutmrs - 1)); @@ -1206,7 +1610,29 @@ static void ufs_init_hc(UfsHc *u) cap = FIELD_DP32(cap, CAP, OODDS, 0); cap = FIELD_DP32(cap, CAP, UICDMETMS, 0); cap = FIELD_DP32(cap, CAP, CS, 0); + cap = FIELD_DP32(cap, CAP, LSDBS, 1); + cap = FIELD_DP32(cap, CAP, MCQS, u->params.mcq); u->reg.cap = cap; + + if (u->params.mcq) { + mcqconfig = FIELD_DP32(mcqconfig, MCQCONFIG, MAC, 0x1f); + u->reg.mcqconfig = mcqconfig; + + mcqcap = FIELD_DP32(mcqcap, MCQCAP, MAXQ, u->params.mcq_maxq - 1); + mcqcap = FIELD_DP32(mcqcap, MCQCAP, RRP, 1); + mcqcap = FIELD_DP32(mcqcap, MCQCAP, QCFGPTR, UFS_MCQ_QCFGPTR); + u->reg.mcqcap = mcqcap; + + for (int i = 0; i < ARRAY_SIZE(u->mcq_reg); i++) { + uint64_t addr = ufs_mcq_op_reg_addr(u, i); + u->mcq_reg[i].sqdao = addr; + u->mcq_reg[i].sqisao = addr + sizeof(UfsMcqSqReg); + addr += sizeof(UfsMcqSqReg); + u->mcq_reg[i].cqdao = addr + sizeof(UfsMcqSqIntReg); + addr += sizeof(UfsMcqSqIntReg); + u->mcq_reg[i].cqisao = addr + sizeof(UfsMcqCqReg); + } + } u->reg.ver = UFS_SPEC_VER; memset(&u->device_desc, 0, sizeof(DeviceDescriptor)); @@ -1288,12 +1714,25 @@ static void ufs_exit(PCIDevice *pci_dev) ufs_clear_req(&u->req_list[i]); } g_free(u->req_list); + + for (int i = 0; i < ARRAY_SIZE(u->sq); i++) { + if (u->sq[i]) { + ufs_mcq_delete_sq(u, i); + } + } + for (int i = 0; i < ARRAY_SIZE(u->cq); i++) { + if (u->cq[i]) { + ufs_mcq_delete_cq(u, i); + } + } } static Property ufs_props[] = { DEFINE_PROP_STRING("serial", UfsHc, params.serial), DEFINE_PROP_UINT8("nutrs", UfsHc, params.nutrs, 32), DEFINE_PROP_UINT8("nutmrs", UfsHc, params.nutmrs, 8), + DEFINE_PROP_BOOL("mcq", UfsHc, params.mcq, false), + DEFINE_PROP_UINT8("mcq-maxq", UfsHc, params.mcq_maxq, 2), DEFINE_PROP_END_OF_LIST(), }; diff --git a/hw/ufs/ufs.h b/hw/ufs/ufs.h index 8fda94f4ef..6c9382cbc4 100644 --- a/hw/ufs/ufs.h +++ b/hw/ufs/ufs.h @@ -16,6 +16,7 @@ #include "block/ufs.h" #define UFS_MAX_LUS 32 +#define UFS_MAX_MCQ_QNUM 32 #define UFS_BLOCK_SIZE_SHIFT 12 #define UFS_BLOCK_SIZE (1 << UFS_BLOCK_SIZE_SHIFT) @@ -45,10 +46,11 @@ typedef enum UfsReqResult { UFS_REQUEST_NO_COMPLETE = 2, } UfsReqResult; +#define UFS_INVALID_SLOT (-1) typedef struct UfsRequest { struct UfsHc *hc; UfsRequestState state; - int slot; + int slot; /* -1 when it's a MCQ request */ UtpTransferReqDesc utrd; UtpUpiuReq req_upiu; @@ -57,8 +59,18 @@ typedef struct UfsRequest { /* for scsi command */ QEMUSGList *sg; uint32_t data_len; + + /* for MCQ */ + struct UfsSq *sq; + struct UfsCqEntry cqe; + QTAILQ_ENTRY(UfsRequest) entry; } UfsRequest; +static inline bool ufs_mcq_req(UfsRequest *req) +{ + return req->sq != NULL; +} + struct UfsLu; typedef UfsReqResult (*UfsScsiOp)(struct UfsLu *, UfsRequest *); @@ -76,13 +88,43 @@ typedef struct UfsParams { char *serial; uint8_t nutrs; /* Number of UTP Transfer Request Slots */ uint8_t nutmrs; /* Number of UTP Task Management Request Slots */ + bool mcq; /* Multiple Command Queue support */ + uint8_t mcq_qcfgptr; /* MCQ Queue Configuration Pointer in MCQCAP */ + uint8_t mcq_maxq; /* MCQ Maximum number of Queues */ } UfsParams; +/* + * MCQ Properties + */ +typedef struct UfsSq { + struct UfsHc *u; + uint8_t sqid; + struct UfsCq *cq; + uint64_t addr; + uint16_t size; /* A number of entries (qdepth) */ + + QEMUBH *bh; /* Bottom half to process requests in async */ + UfsRequest *req; + QTAILQ_HEAD(, UfsRequest) req_list; /* Free request list */ +} UfsSq; + +typedef struct UfsCq { + struct UfsHc *u; + uint8_t cqid; + uint64_t addr; + uint16_t size; /* A number of entries (qdepth) */ + + QEMUBH *bh; + QTAILQ_HEAD(, UfsRequest) req_list; +} UfsCq; + typedef struct UfsHc { PCIDevice parent_obj; UfsBus bus; MemoryRegion iomem; UfsReg reg; + UfsMcqReg mcq_reg[UFS_MAX_MCQ_QNUM]; + UfsMcqOpReg mcq_op_reg[UFS_MAX_MCQ_QNUM]; UfsParams params; uint32_t reg_size; UfsRequest *req_list; @@ -100,8 +142,62 @@ typedef struct UfsHc { qemu_irq irq; QEMUBH *doorbell_bh; QEMUBH *complete_bh; + + /* MCQ properties */ + UfsSq *sq[UFS_MAX_MCQ_QNUM]; + UfsCq *cq[UFS_MAX_MCQ_QNUM]; } UfsHc; +static inline uint32_t ufs_mcq_sq_tail(UfsHc *u, uint32_t qid) +{ + return u->mcq_op_reg[qid].sq.tp; +} + +static inline void ufs_mcq_update_sq_tail(UfsHc *u, uint32_t qid, uint32_t db) +{ + u->mcq_op_reg[qid].sq.tp = db; +} + +static inline uint32_t ufs_mcq_sq_head(UfsHc *u, uint32_t qid) +{ + return u->mcq_op_reg[qid].sq.hp; +} + +static inline void ufs_mcq_update_sq_head(UfsHc *u, uint32_t qid, uint32_t db) +{ + u->mcq_op_reg[qid].sq.hp = db; +} + +static inline bool ufs_mcq_sq_empty(UfsHc *u, uint32_t qid) +{ + return ufs_mcq_sq_tail(u, qid) == ufs_mcq_sq_head(u, qid); +} + +static inline uint32_t ufs_mcq_cq_tail(UfsHc *u, uint32_t qid) +{ + return u->mcq_op_reg[qid].cq.tp; +} + +static inline void ufs_mcq_update_cq_tail(UfsHc *u, uint32_t qid, uint32_t db) +{ + u->mcq_op_reg[qid].cq.tp = db; +} + +static inline uint32_t ufs_mcq_cq_head(UfsHc *u, uint32_t qid) +{ + return u->mcq_op_reg[qid].cq.hp; +} + +static inline void ufs_mcq_update_cq_head(UfsHc *u, uint32_t qid, uint32_t db) +{ + u->mcq_op_reg[qid].cq.hp = db; +} + +static inline bool ufs_mcq_cq_empty(UfsHc *u, uint32_t qid) +{ + return ufs_mcq_cq_tail(u, qid) == ufs_mcq_cq_head(u, qid); +} + #define TYPE_UFS "ufs" #define UFS(obj) OBJECT_CHECK(UfsHc, (obj), TYPE_UFS) diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c index fc8fc91a1d..acd6016980 100644 --- a/hw/usb/hcd-ohci.c +++ b/hw/usb/hcd-ohci.c @@ -927,6 +927,11 @@ static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed) case OHCI_TD_DIR_SETUP: str = "setup"; pid = USB_TOKEN_SETUP; + if (OHCI_BM(ed->flags, ED_EN) > 0) { /* setup only allowed to ep 0 */ + trace_usb_ohci_td_bad_pid(str, ed->flags, td.flags); + ohci_die(ohci); + return 1; + } break; default: trace_usb_ohci_td_bad_direction(dir); diff --git a/hw/usb/trace-events b/hw/usb/trace-events index ed7dc210d3..fd7b90d70c 100644 --- a/hw/usb/trace-events +++ b/hw/usb/trace-events @@ -28,6 +28,7 @@ usb_ohci_iso_td_data_overrun(int ret, ssize_t len) "DataOverrun %d > %zu" usb_ohci_iso_td_data_underrun(int ret) "DataUnderrun %d" usb_ohci_iso_td_nak(int ret) "got NAK/STALL %d" usb_ohci_iso_td_bad_response(int ret) "Bad device response %d" +usb_ohci_td_bad_pid(const char *s, uint32_t edf, uint32_t tdf) "Bad pid %s: ed.flags 0x%x td.flags 0x%x" usb_ohci_port_attach(int index) "port #%d" usb_ohci_port_detach(int index) "port #%d" usb_ohci_port_wakeup(int index) "port #%d" |