From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:46859) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZWL78-0005Er-1h for qemu-devel@nongnu.org; Mon, 31 Aug 2015 05:10:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZWL73-0007Qn-BJ for qemu-devel@nongnu.org; Mon, 31 Aug 2015 05:10:53 -0400 Received: from mx1.redhat.com ([209.132.183.28]:35962) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZWL73-0007Qg-4j for qemu-devel@nongnu.org; Mon, 31 Aug 2015 05:10:49 -0400 From: =?UTF-8?q?Marc=20Mar=C3=AD?= Date: Mon, 31 Aug 2015 11:10:14 +0200 Message-Id: <1441012217-8213-3-git-send-email-markmb@redhat.com> In-Reply-To: <1441012217-8213-1-git-send-email-markmb@redhat.com> References: <1441012133-8154-1-git-send-email-markmb@redhat.com> <1441012217-8213-1-git-send-email-markmb@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: [Qemu-devel] [PATCH v2 2/5] fw_cfg DMA interface documentation List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Drew , Stefan Hajnoczi , Kevin O'Connor , Gerd Hoffmann , =?UTF-8?q?Marc=20Mar=C3=AD?= , Laszlo Add fw_cfg DMA interface specification in the documentation. Based on Gerd Hoffman's initial implementation. Signed-off-by: Marc Mar=C3=AD --- docs/specs/fw_cfg.txt | 68 +++++++++++++++++++++++++++++++++++++++++++++= +++--- 1 file changed, 64 insertions(+), 4 deletions(-) diff --git a/docs/specs/fw_cfg.txt b/docs/specs/fw_cfg.txt index 5bc7b96..06302f6 100644 --- a/docs/specs/fw_cfg.txt +++ b/docs/specs/fw_cfg.txt @@ -76,6 +76,13 @@ increasing address order, similar to memcpy(). =20 Selector Register IOport: 0x510 Data Register IOport: 0x511 +DMA Address IOport: 0x514 + +=3D=3D=3D ARM Register Locations =3D=3D=3D + +Selector Register address: 0x09020000 +Data Register address: 0x09020008 +DMA Address address: 0x0902000c =20 =3D=3D Firmware Configuration Items =3D=3D =20 @@ -86,11 +93,12 @@ by selecting the "signature" item using key 0x0000 (F= W_CFG_SIGNATURE), and reading four bytes from the data register. If the fw_cfg device is present, the four bytes read will contain the characters "QEMU". =20 -=3D=3D=3D Revision (Key 0x0001, FW_CFG_ID) =3D=3D=3D +=3D=3D=3D Revision / feature bitmap (Key 0x0001, FW_CFG_ID) =3D=3D=3D =20 -A 32-bit little-endian unsigned int, this item is used as an interface -revision number, and is currently set to 1 by QEMU when fw_cfg is -initialized. +A 32-bit little-endian unsigned int, this item is used to check for enab= led +features. + - Bit 0: traditional interface. Always set. + - Bit 1: DMA interface. =20 =3D=3D=3D File Directory (Key 0x0019, FW_CFG_FILE_DIR) =3D=3D=3D =20 @@ -132,6 +140,58 @@ Selector Reg. Range Usage In practice, the number of allowed firmware configuration items is given by the value of FW_CFG_MAX_ENTRY (see fw_cfg.h). =20 +=3D Guest-side DMA Interface =3D + +If bit 1 of the feature bitmap is set, the DMA interface is present. Thi= s does +not replace the existing fw_cfg interface, it is an add-on. This interfa= ce +can be used through the 64-bit wide address register. + +The address register, as the selector register, is in little-endian form= at +when using IOports, and in big-endian format when using MMIO. The value = for +the register is 0 at startup and after an operation. A write to the lowe= r +half triggers an operation. This means, that operations with 32-bit addr= esses +can be triggered with just one write, whereas operations with 64-bit add= resses +can be triggered with one 64-bit write or two 32-bit writes, starting wi= th the +higher part. + +In this register, a physical RAM address to a FWCfgDmaAccess structure s= hould +be written. This is the format of the FWCfgDmaAccess structure: + +typedef struct FWCfgDmaAccess { + uint32_t control; + uint32_t length; + uint64_t address; +} FWCfgDmaAccess; + +The fields of the structure are in big endian mode, and the field at the= lowest +address is the "control" field. + +The "control" field has the following bits: + - Bit 0: Error + - Bit 1: Read + - Bit 2: Skip + +When an operation is triggered, if the "control" field has bit 1 set, a = read +operation will be performed. "length" bytes for the current selector and +offset will be copied into the address specified by the "address" field. + +If the control field has only bit 2 set, a skip operation will be perfom= ed. +The offset for the current selector will be advanced "length" bytes. + +To check result, read the "control" field: + error bit set -> something went wrong. + all bits cleared -> transfer finished successfully. + otherwise -> transfer still in progress (doesn't happen + today due to implementation not being async, + but may in the future). + +Target address goes up and transfer length goes down as the transfer hap= pens, +so after a successful transfer the length field is zero and the address = field +points right after the memory block written. + +If a partial transfer happened before an error occured the address and +length registers indicate how much data has been transfered successfully= . + =3D Host-side API =3D =20 The following functions are available to the QEMU programmer for adding --=20 2.4.3