/*
 * Nuvoton NPCM7xx Flash Interface Unit (FIU)
 *
 * Copyright 2020 Google LLC
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
 * for more details.
 */

#include "qemu/osdep.h"

#include "hw/irq.h"
#include "hw/qdev-properties.h"
#include "hw/ssi/npcm7xx_fiu.h"
#include "migration/vmstate.h"
#include "qapi/error.h"
#include "qemu/error-report.h"
#include "qemu/log.h"
#include "qemu/module.h"
#include "qemu/units.h"

#include "trace.h"

/* Up to 128 MiB of flash may be accessed directly as memory. */
#define NPCM7XX_FIU_FLASH_WINDOW_SIZE (128 * MiB)

/* Each module has 4 KiB of register space. Only a fraction of it is used. */
#define NPCM7XX_FIU_CTRL_REGS_SIZE (4 * KiB)

/* 32-bit FIU register indices. */
enum NPCM7xxFIURegister {
    NPCM7XX_FIU_DRD_CFG,
    NPCM7XX_FIU_DWR_CFG,
    NPCM7XX_FIU_UMA_CFG,
    NPCM7XX_FIU_UMA_CTS,
    NPCM7XX_FIU_UMA_CMD,
    NPCM7XX_FIU_UMA_ADDR,
    NPCM7XX_FIU_PRT_CFG,
    NPCM7XX_FIU_UMA_DW0 = 0x0020 / sizeof(uint32_t),
    NPCM7XX_FIU_UMA_DW1,
    NPCM7XX_FIU_UMA_DW2,
    NPCM7XX_FIU_UMA_DW3,
    NPCM7XX_FIU_UMA_DR0,
    NPCM7XX_FIU_UMA_DR1,
    NPCM7XX_FIU_UMA_DR2,
    NPCM7XX_FIU_UMA_DR3,
    NPCM7XX_FIU_PRT_CMD0,
    NPCM7XX_FIU_PRT_CMD1,
    NPCM7XX_FIU_PRT_CMD2,
    NPCM7XX_FIU_PRT_CMD3,
    NPCM7XX_FIU_PRT_CMD4,
    NPCM7XX_FIU_PRT_CMD5,
    NPCM7XX_FIU_PRT_CMD6,
    NPCM7XX_FIU_PRT_CMD7,
    NPCM7XX_FIU_PRT_CMD8,
    NPCM7XX_FIU_PRT_CMD9,
    NPCM7XX_FIU_CFG = 0x78 / sizeof(uint32_t),
    NPCM7XX_FIU_REGS_END,
};

/* FIU_{DRD,DWR,UMA,PTR}_CFG cannot be written when this bit is set. */
#define NPCM7XX_FIU_CFG_LCK BIT(31)

/* Direct Read configuration register fields. */
#define FIU_DRD_CFG_ADDSIZ(rv) extract32(rv, 16, 2)
#define FIU_ADDSIZ_3BYTES 0
#define FIU_ADDSIZ_4BYTES 1
#define FIU_DRD_CFG_DBW(rv) extract32(rv, 12, 2)
#define FIU_DRD_CFG_ACCTYPE(rv) extract32(rv, 8, 2)
#define FIU_DRD_CFG_RDCMD(rv) extract32(rv, 0, 8)

/* Direct Write configuration register fields. */
#define FIU_DWR_CFG_ADDSIZ(rv) extract32(rv, 16, 2)
#define FIU_DWR_CFG_WRCMD(rv) extract32(rv, 0, 8)

/* User-Mode Access register fields. */

/* Command Mode Lock and the bits protected by it. */
#define FIU_UMA_CFG_CMMLCK BIT(30)
#define FIU_UMA_CFG_CMMLCK_MASK 0x00000403

#define FIU_UMA_CFG_RDATSIZ(rv) extract32(rv, 24, 5)
#define FIU_UMA_CFG_DBSIZ(rv) extract32(rv, 21, 3)
#define FIU_UMA_CFG_WDATSIZ(rv) extract32(rv, 16, 5)
#define FIU_UMA_CFG_ADDSIZ(rv) extract32(rv, 11, 3)
#define FIU_UMA_CFG_CMDSIZ(rv) extract32(rv, 10, 1)
#define FIU_UMA_CFG_DBPCK(rv) extract32(rv, 6, 2)

#define FIU_UMA_CTS_RDYIE BIT(25)
#define FIU_UMA_CTS_RDYST BIT(24)
#define FIU_UMA_CTS_SW_CS BIT(16)
#define FIU_UMA_CTS_DEV_NUM(rv) extract32(rv, 8, 2)
#define FIU_UMA_CTS_EXEC_DONE BIT(0)

/*
 * Returns the index of flash in the fiu->flash array. This corresponds to the
 * chip select ID of the flash.
 */
static int npcm7xx_fiu_cs_index(NPCM7xxFIUState *fiu, NPCM7xxFIUFlash *flash)
{
    int index = flash - fiu->flash;

    g_assert(index >= 0 && index < fiu->cs_count);

    return index;
}

/* Assert the chip select specified in the UMA Control/Status Register. */
static void npcm7xx_fiu_select(NPCM7xxFIUState *s, int cs_id)
{
    trace_npcm7xx_fiu_select(DEVICE(s)->canonical_path, cs_id);

    if (cs_id < s->cs_count) {
        qemu_irq_lower(s->cs_lines[cs_id]);
    } else {
        qemu_log_mask(LOG_GUEST_ERROR,
                      "%s: UMA to CS%d; this module has only %d chip selects",
                      DEVICE(s)->canonical_path, cs_id, s->cs_count);
        cs_id = -1;
    }

    s->active_cs = cs_id;
}

/* Deassert the currently active chip select. */
static void npcm7xx_fiu_deselect(NPCM7xxFIUState *s)
{
    if (s->active_cs < 0) {
        return;
    }

    trace_npcm7xx_fiu_deselect(DEVICE(s)->canonical_path, s->active_cs);

    qemu_irq_raise(s->cs_lines[s->active_cs]);
    s->active_cs = -1;
}

/* Direct flash memory read handler. */
static uint64_t npcm7xx_fiu_flash_read(void *opaque, hwaddr addr,
                                       unsigned int size)
{
    NPCM7xxFIUFlash *f = opaque;
    NPCM7xxFIUState *fiu = f->fiu;
    uint64_t value = 0;
    uint32_t drd_cfg;
    int dummy_cycles;
    int i;

    if (fiu->active_cs != -1) {
        qemu_log_mask(LOG_GUEST_ERROR,
                      "%s: direct flash read with CS%d already active",
                      DEVICE(fiu)->canonical_path, fiu->active_cs);
    }

    npcm7xx_fiu_select(fiu, npcm7xx_fiu_cs_index(fiu, f));

    drd_cfg = fiu->regs[NPCM7XX_FIU_DRD_CFG];
    ssi_transfer(fiu->spi, FIU_DRD_CFG_RDCMD(drd_cfg));

    switch (FIU_DRD_CFG_ADDSIZ(drd_cfg)) {
    case FIU_ADDSIZ_4BYTES:
        ssi_transfer(fiu->spi, extract32(addr, 24, 8));
        /* fall through */
    case FIU_ADDSIZ_3BYTES:
        ssi_transfer(fiu->spi, extract32(addr, 16, 8));
        ssi_transfer(fiu->spi, extract32(addr, 8, 8));
        ssi_transfer(fiu->spi, extract32(addr, 0, 8));
        break;

    default:
        qemu_log_mask(LOG_GUEST_ERROR, "%s: bad address size %d\n",
                      DEVICE(fiu)->canonical_path, FIU_DRD_CFG_ADDSIZ(drd_cfg));
        break;
    }

    /* Flash chip model expects one transfer per dummy bit, not byte */
    dummy_cycles =
        (FIU_DRD_CFG_DBW(drd_cfg) * 8) >> FIU_DRD_CFG_ACCTYPE(drd_cfg);
    for (i = 0; i < dummy_cycles; i++) {
        ssi_transfer(fiu->spi, 0);
    }

    for (i = 0; i < size; i++) {
        value = deposit64(value, 8 * i, 8, ssi_transfer(fiu->spi, 0));
    }

    trace_npcm7xx_fiu_flash_read(DEVICE(fiu)->canonical_path, fiu->active_cs,
                                 addr, size, value);

    npcm7xx_fiu_deselect(fiu);

    return value;
}

/* Direct flash memory write handler. */
static void npcm7xx_fiu_flash_write(void *opaque, hwaddr addr, uint64_t v,
                                    unsigned int size)
{
    NPCM7xxFIUFlash *f = opaque;
    NPCM7xxFIUState *fiu = f->fiu;
    uint32_t dwr_cfg;
    int cs_id;
    int i;

    if (fiu->active_cs != -1) {
        qemu_log_mask(LOG_GUEST_ERROR,
                      "%s: direct flash write with CS%d already active",
                      DEVICE(fiu)->canonical_path, fiu->active_cs);
    }

    cs_id = npcm7xx_fiu_cs_index(fiu, f);
    trace_npcm7xx_fiu_flash_write(DEVICE(fiu)->canonical_path, cs_id, addr,
                                  size, v);
    npcm7xx_fiu_select(fiu, cs_id);

    dwr_cfg = fiu->regs[NPCM7XX_FIU_DWR_CFG];
    ssi_transfer(fiu->spi, FIU_DWR_CFG_WRCMD(dwr_cfg));

    switch (FIU_DWR_CFG_ADDSIZ(dwr_cfg)) {
    case FIU_ADDSIZ_4BYTES:
        ssi_transfer(fiu->spi, extract32(addr, 24, 8));
        /* fall through */
    case FIU_ADDSIZ_3BYTES:
        ssi_transfer(fiu->spi, extract32(addr, 16, 8));
        ssi_transfer(fiu->spi, extract32(addr, 8, 8));
        ssi_transfer(fiu->spi, extract32(addr, 0, 8));
        break;

    default:
        qemu_log_mask(LOG_GUEST_ERROR, "%s: bad address size %d\n",
                      DEVICE(fiu)->canonical_path, FIU_DWR_CFG_ADDSIZ(dwr_cfg));
        break;
    }

    for (i = 0; i < size; i++) {
        ssi_transfer(fiu->spi, extract64(v, i * 8, 8));
    }

    npcm7xx_fiu_deselect(fiu);
}

static const MemoryRegionOps npcm7xx_fiu_flash_ops = {
    .read = npcm7xx_fiu_flash_read,
    .write = npcm7xx_fiu_flash_write,
    .endianness = DEVICE_LITTLE_ENDIAN,
    .valid = {
        .min_access_size = 1,
        .max_access_size = 8,
        .unaligned = true,
    },
};

/* Control register read handler. */
static uint64_t npcm7xx_fiu_ctrl_read(void *opaque, hwaddr addr,
                                      unsigned int size)
{
    hwaddr reg = addr / sizeof(uint32_t);
    NPCM7xxFIUState *s = opaque;
    uint32_t value;

    if (reg < NPCM7XX_FIU_NR_REGS) {
        value = s->regs[reg];
    } else {
        qemu_log_mask(LOG_GUEST_ERROR,
                      "%s: read from invalid offset 0x%" PRIx64 "\n",
                      DEVICE(s)->canonical_path, addr);
        value = 0;
    }

    trace_npcm7xx_fiu_ctrl_read(DEVICE(s)->canonical_path, addr, value);

    return value;
}

/* Send the specified number of address bytes from the UMA address register. */
static void send_address(SSIBus *spi, unsigned int addsiz, uint32_t addr)
{
    switch (addsiz) {
    case 4:
        ssi_transfer(spi, extract32(addr, 24, 8));
        /* fall through */
    case 3:
        ssi_transfer(spi, extract32(addr, 16, 8));
        /* fall through */
    case 2:
        ssi_transfer(spi, extract32(addr, 8, 8));
        /* fall through */
    case 1:
        ssi_transfer(spi, extract32(addr, 0, 8));
        /* fall through */
    case 0:
        break;
    }
}

/* Send the number of dummy bits specified in the UMA config register. */
static void send_dummy_bits(SSIBus *spi, uint32_t uma_cfg, uint32_t uma_cmd)
{
    unsigned int bits_per_clock = 1U << FIU_UMA_CFG_DBPCK(uma_cfg);
    unsigned int i;

    for (i = 0; i < FIU_UMA_CFG_DBSIZ(uma_cfg); i++) {
        /* Use bytes 0 and 1 first, then keep repeating byte 2 */
        unsigned int field = (i < 2) ? ((i + 1) * 8) : 24;
        unsigned int j;

        for (j = 0; j < 8; j += bits_per_clock) {
            ssi_transfer(spi, extract32(uma_cmd, field + j, bits_per_clock));
        }
    }
}

/* Perform a User-Mode Access transaction. */
static void npcm7xx_fiu_uma_transaction(NPCM7xxFIUState *s)
{
    uint32_t uma_cts = s->regs[NPCM7XX_FIU_UMA_CTS];
    uint32_t uma_cfg;
    unsigned int i;

    /* SW_CS means the CS is already forced low, so don't touch it. */
    if (uma_cts & FIU_UMA_CTS_SW_CS) {
        int cs_id = FIU_UMA_CTS_DEV_NUM(s->regs[NPCM7XX_FIU_UMA_CTS]);
        npcm7xx_fiu_select(s, cs_id);
    }

    /* Send command, if present. */
    uma_cfg = s->regs[NPCM7XX_FIU_UMA_CFG];
    if (FIU_UMA_CFG_CMDSIZ(uma_cfg) > 0) {
        ssi_transfer(s->spi, extract32(s->regs[NPCM7XX_FIU_UMA_CMD], 0, 8));
    }

    /* Send address, if present. */
    send_address(s->spi, FIU_UMA_CFG_ADDSIZ(uma_cfg),
                 s->regs[NPCM7XX_FIU_UMA_ADDR]);

    /* Write data, if present. */
    for (i = 0; i < FIU_UMA_CFG_WDATSIZ(uma_cfg); i++) {
        unsigned int reg =
            (i < 16) ? (NPCM7XX_FIU_UMA_DW0 + i / 4) : NPCM7XX_FIU_UMA_DW3;
        unsigned int field = (i % 4) * 8;

        ssi_transfer(s->spi, extract32(s->regs[reg], field, 8));
    }

    /* Send dummy bits, if present. */
    send_dummy_bits(s->spi, uma_cfg, s->regs[NPCM7XX_FIU_UMA_CMD]);

    /* Read data, if present. */
    for (i = 0; i < FIU_UMA_CFG_RDATSIZ(uma_cfg); i++) {
        unsigned int reg = NPCM7XX_FIU_UMA_DR0 + i / 4;
        unsigned int field = (i % 4) * 8;
        uint8_t c;

        c = ssi_transfer(s->spi, 0);
        if (reg <= NPCM7XX_FIU_UMA_DR3) {
            s->regs[reg] = deposit32(s->regs[reg], field, 8, c);
        }
    }

    /* Again, don't touch CS if the user is forcing it low. */
    if (uma_cts & FIU_UMA_CTS_SW_CS) {
        npcm7xx_fiu_deselect(s);
    }

    /* RDYST means a command has completed since it was cleared. */
    s->regs[NPCM7XX_FIU_UMA_CTS] |= FIU_UMA_CTS_RDYST;
    /* EXEC_DONE means Execute Command / Not Done, so clear it here. */
    s->regs[NPCM7XX_FIU_UMA_CTS] &= ~FIU_UMA_CTS_EXEC_DONE;
}

/* Control register write handler. */
static void npcm7xx_fiu_ctrl_write(void *opaque, hwaddr addr, uint64_t v,
                                   unsigned int size)
{
    hwaddr reg = addr / sizeof(uint32_t);
    NPCM7xxFIUState *s = opaque;
    uint32_t value = v;

    trace_npcm7xx_fiu_ctrl_write(DEVICE(s)->canonical_path, addr, value);

    switch (reg) {
    case NPCM7XX_FIU_UMA_CFG:
        if (s->regs[reg] & FIU_UMA_CFG_CMMLCK) {
            value &= ~FIU_UMA_CFG_CMMLCK_MASK;
            value |= (s->regs[reg] & FIU_UMA_CFG_CMMLCK_MASK);
        }
        /* fall through */
    case NPCM7XX_FIU_DRD_CFG:
    case NPCM7XX_FIU_DWR_CFG:
        if (s->regs[reg] & NPCM7XX_FIU_CFG_LCK) {
            qemu_log_mask(LOG_GUEST_ERROR,
                          "%s: write to locked register @ 0x%" PRIx64 "\n",
                          DEVICE(s)->canonical_path, addr);
            return;
        }
        s->regs[reg] = value;
        break;

    case NPCM7XX_FIU_UMA_CTS:
        if (value & FIU_UMA_CTS_RDYST) {
            value &= ~FIU_UMA_CTS_RDYST;
        } else {
            value |= s->regs[reg] & FIU_UMA_CTS_RDYST;
        }
        if ((s->regs[reg] ^ value) & FIU_UMA_CTS_SW_CS) {
            if (value & FIU_UMA_CTS_SW_CS) {
                /*
                 * Don't drop CS if there's a transfer in progress, or we're
                 * about to start one.
                 */
                if (!((value | s->regs[reg]) & FIU_UMA_CTS_EXEC_DONE)) {
                    npcm7xx_fiu_deselect(s);
                }
            } else {
                int cs_id = FIU_UMA_CTS_DEV_NUM(s->regs[NPCM7XX_FIU_UMA_CTS]);
                npcm7xx_fiu_select(s, cs_id);
            }
        }
        s->regs[reg] = value | (s->regs[reg] & FIU_UMA_CTS_EXEC_DONE);
        if (value & FIU_UMA_CTS_EXEC_DONE) {
            npcm7xx_fiu_uma_transaction(s);
        }
        break;

    case NPCM7XX_FIU_UMA_DR0 ... NPCM7XX_FIU_UMA_DR3:
        qemu_log_mask(LOG_GUEST_ERROR,
                      "%s: write to read-only register @ 0x%" PRIx64 "\n",
                      DEVICE(s)->canonical_path, addr);
        return;

    case NPCM7XX_FIU_PRT_CFG:
    case NPCM7XX_FIU_PRT_CMD0 ... NPCM7XX_FIU_PRT_CMD9:
        qemu_log_mask(LOG_UNIMP, "%s: PRT is not implemented\n", __func__);
        break;

    case NPCM7XX_FIU_UMA_CMD:
    case NPCM7XX_FIU_UMA_ADDR:
    case NPCM7XX_FIU_UMA_DW0 ... NPCM7XX_FIU_UMA_DW3:
    case NPCM7XX_FIU_CFG:
        s->regs[reg] = value;
        break;

    default:
        qemu_log_mask(LOG_GUEST_ERROR,
                      "%s: write to invalid offset 0x%" PRIx64 "\n",
                      DEVICE(s)->canonical_path, addr);
        return;
    }
}

static const MemoryRegionOps npcm7xx_fiu_ctrl_ops = {
    .read = npcm7xx_fiu_ctrl_read,
    .write = npcm7xx_fiu_ctrl_write,
    .endianness = DEVICE_LITTLE_ENDIAN,
    .valid = {
        .min_access_size = 4,
        .max_access_size = 4,
        .unaligned = false,
    },
};

static void npcm7xx_fiu_enter_reset(Object *obj, ResetType type)
{
    NPCM7xxFIUState *s = NPCM7XX_FIU(obj);

    trace_npcm7xx_fiu_enter_reset(DEVICE(obj)->canonical_path, type);

    memset(s->regs, 0, sizeof(s->regs));

    s->regs[NPCM7XX_FIU_DRD_CFG] = 0x0300100b;
    s->regs[NPCM7XX_FIU_DWR_CFG] = 0x03000002;
    s->regs[NPCM7XX_FIU_UMA_CFG] = 0x00000400;
    s->regs[NPCM7XX_FIU_UMA_CTS] = 0x00010000;
    s->regs[NPCM7XX_FIU_UMA_CMD] = 0x0000000b;
    s->regs[NPCM7XX_FIU_PRT_CFG] = 0x00000400;
    s->regs[NPCM7XX_FIU_CFG] = 0x0000000b;
}

static void npcm7xx_fiu_hold_reset(Object *obj)
{
    NPCM7xxFIUState *s = NPCM7XX_FIU(obj);
    int i;

    trace_npcm7xx_fiu_hold_reset(DEVICE(obj)->canonical_path);

    for (i = 0; i < s->cs_count; i++) {
        qemu_irq_raise(s->cs_lines[i]);
    }
}

static void npcm7xx_fiu_realize(DeviceState *dev, Error **errp)
{
    NPCM7xxFIUState *s = NPCM7XX_FIU(dev);
    SysBusDevice *sbd = &s->parent;
    int i;

    if (s->cs_count <= 0) {
        error_setg(errp, "%s: %d chip selects specified, need at least one",
                   dev->canonical_path, s->cs_count);
        return;
    }

    s->spi = ssi_create_bus(dev, "spi");
    s->cs_lines = g_new0(qemu_irq, s->cs_count);
    qdev_init_gpio_out_named(DEVICE(s), s->cs_lines, "cs", s->cs_count);
    s->flash = g_new0(NPCM7xxFIUFlash, s->cs_count);

    /*
     * Register the control registers region first. It may be followed by one
     * or more direct flash access regions.
     */
    memory_region_init_io(&s->mmio, OBJECT(s), &npcm7xx_fiu_ctrl_ops, s, "ctrl",
                          NPCM7XX_FIU_CTRL_REGS_SIZE);
    sysbus_init_mmio(sbd, &s->mmio);

    for (i = 0; i < s->cs_count; i++) {
        NPCM7xxFIUFlash *flash = &s->flash[i];
        flash->fiu = s;
        memory_region_init_io(&flash->direct_access, OBJECT(s),
                              &npcm7xx_fiu_flash_ops, &s->flash[i], "flash",
                              NPCM7XX_FIU_FLASH_WINDOW_SIZE);
        sysbus_init_mmio(sbd, &flash->direct_access);
    }
}

static const VMStateDescription vmstate_npcm7xx_fiu = {
    .name = "npcm7xx-fiu",
    .version_id = 0,
    .minimum_version_id = 0,
    .fields = (VMStateField[]) {
        VMSTATE_INT32(active_cs, NPCM7xxFIUState),
        VMSTATE_UINT32_ARRAY(regs, NPCM7xxFIUState, NPCM7XX_FIU_NR_REGS),
        VMSTATE_END_OF_LIST(),
    },
};

static Property npcm7xx_fiu_properties[] = {
    DEFINE_PROP_INT32("cs-count", NPCM7xxFIUState, cs_count, 0),
    DEFINE_PROP_END_OF_LIST(),
};

static void npcm7xx_fiu_class_init(ObjectClass *klass, void *data)
{
    ResettableClass *rc = RESETTABLE_CLASS(klass);
    DeviceClass *dc = DEVICE_CLASS(klass);

    QEMU_BUILD_BUG_ON(NPCM7XX_FIU_REGS_END > NPCM7XX_FIU_NR_REGS);

    dc->desc = "NPCM7xx Flash Interface Unit";
    dc->realize = npcm7xx_fiu_realize;
    dc->vmsd = &vmstate_npcm7xx_fiu;
    rc->phases.enter = npcm7xx_fiu_enter_reset;
    rc->phases.hold = npcm7xx_fiu_hold_reset;
    device_class_set_props(dc, npcm7xx_fiu_properties);
}

static const TypeInfo npcm7xx_fiu_types[] = {
    {
        .name = TYPE_NPCM7XX_FIU,
        .parent = TYPE_SYS_BUS_DEVICE,
        .instance_size = sizeof(NPCM7xxFIUState),
        .class_init = npcm7xx_fiu_class_init,
    },
};
DEFINE_TYPES(npcm7xx_fiu_types);