xref: /openbmc/qemu/hw/block/nand.c (revision cd2bc889e5b30c69926fc1511b6522e7cb4c705d)
1 /*
2  * Flash NAND memory emulation.  Based on "16M x 8 Bit NAND Flash
3  * Memory" datasheet for the KM29U128AT / K9F2808U0A chips from
4  * Samsung Electronic.
5  *
6  * Copyright (c) 2006 Openedhand Ltd.
7  * Written by Andrzej Zaborowski <balrog@zabor.org>
8  *
9  * Support for additional features based on "MT29F2G16ABCWP 2Gx16"
10  * datasheet from Micron Technology and "NAND02G-B2C" datasheet
11  * from ST Microelectronics.
12  *
13  * This code is licensed under the GNU GPL v2.
14  *
15  * Contributions after 2012-01-13 are licensed under the terms of the
16  * GNU GPL, version 2 or (at your option) any later version.
17  */
18 
19 #ifndef NAND_IO
20 
21 # include "hw/hw.h"
22 # include "hw/block/flash.h"
23 #include "sysemu/block-backend.h"
24 #include "hw/qdev.h"
25 #include "qemu/error-report.h"
26 
27 # define NAND_CMD_READ0		0x00
28 # define NAND_CMD_READ1		0x01
29 # define NAND_CMD_READ2		0x50
30 # define NAND_CMD_LPREAD2	0x30
31 # define NAND_CMD_NOSERIALREAD2	0x35
32 # define NAND_CMD_RANDOMREAD1	0x05
33 # define NAND_CMD_RANDOMREAD2	0xe0
34 # define NAND_CMD_READID	0x90
35 # define NAND_CMD_RESET		0xff
36 # define NAND_CMD_PAGEPROGRAM1	0x80
37 # define NAND_CMD_PAGEPROGRAM2	0x10
38 # define NAND_CMD_CACHEPROGRAM2	0x15
39 # define NAND_CMD_BLOCKERASE1	0x60
40 # define NAND_CMD_BLOCKERASE2	0xd0
41 # define NAND_CMD_READSTATUS	0x70
42 # define NAND_CMD_COPYBACKPRG1	0x85
43 
44 # define NAND_IOSTATUS_ERROR	(1 << 0)
45 # define NAND_IOSTATUS_PLANE0	(1 << 1)
46 # define NAND_IOSTATUS_PLANE1	(1 << 2)
47 # define NAND_IOSTATUS_PLANE2	(1 << 3)
48 # define NAND_IOSTATUS_PLANE3	(1 << 4)
49 # define NAND_IOSTATUS_READY    (1 << 6)
50 # define NAND_IOSTATUS_UNPROTCT	(1 << 7)
51 
52 # define MAX_PAGE		0x800
53 # define MAX_OOB		0x40
54 
55 typedef struct NANDFlashState NANDFlashState;
56 struct NANDFlashState {
57     DeviceState parent_obj;
58 
59     uint8_t manf_id, chip_id;
60     uint8_t buswidth; /* in BYTES */
61     int size, pages;
62     int page_shift, oob_shift, erase_shift, addr_shift;
63     uint8_t *storage;
64     BlockBackend *blk;
65     int mem_oob;
66 
67     uint8_t cle, ale, ce, wp, gnd;
68 
69     uint8_t io[MAX_PAGE + MAX_OOB + 0x400];
70     uint8_t *ioaddr;
71     int iolen;
72 
73     uint32_t cmd;
74     uint64_t addr;
75     int addrlen;
76     int status;
77     int offset;
78 
79     void (*blk_write)(NANDFlashState *s);
80     void (*blk_erase)(NANDFlashState *s);
81     void (*blk_load)(NANDFlashState *s, uint64_t addr, int offset);
82 
83     uint32_t ioaddr_vmstate;
84 };
85 
86 #define TYPE_NAND "nand"
87 
88 #define NAND(obj) \
89     OBJECT_CHECK(NANDFlashState, (obj), TYPE_NAND)
90 
91 static void mem_and(uint8_t *dest, const uint8_t *src, size_t n)
92 {
93     /* Like memcpy() but we logical-AND the data into the destination */
94     int i;
95     for (i = 0; i < n; i++) {
96         dest[i] &= src[i];
97     }
98 }
99 
100 # define NAND_NO_AUTOINCR	0x00000001
101 # define NAND_BUSWIDTH_16	0x00000002
102 # define NAND_NO_PADDING	0x00000004
103 # define NAND_CACHEPRG		0x00000008
104 # define NAND_COPYBACK		0x00000010
105 # define NAND_IS_AND		0x00000020
106 # define NAND_4PAGE_ARRAY	0x00000040
107 # define NAND_NO_READRDY	0x00000100
108 # define NAND_SAMSUNG_LP	(NAND_NO_PADDING | NAND_COPYBACK)
109 
110 # define NAND_IO
111 
112 # define PAGE(addr)		((addr) >> ADDR_SHIFT)
113 # define PAGE_START(page)	(PAGE(page) * (PAGE_SIZE + OOB_SIZE))
114 # define PAGE_MASK		((1 << ADDR_SHIFT) - 1)
115 # define OOB_SHIFT		(PAGE_SHIFT - 5)
116 # define OOB_SIZE		(1 << OOB_SHIFT)
117 # define SECTOR(addr)		((addr) >> (9 + ADDR_SHIFT - PAGE_SHIFT))
118 # define SECTOR_OFFSET(addr)	((addr) & ((511 >> PAGE_SHIFT) << 8))
119 
120 # define PAGE_SIZE		256
121 # define PAGE_SHIFT		8
122 # define PAGE_SECTORS		1
123 # define ADDR_SHIFT		8
124 # include "nand.c"
125 # define PAGE_SIZE		512
126 # define PAGE_SHIFT		9
127 # define PAGE_SECTORS		1
128 # define ADDR_SHIFT		8
129 # include "nand.c"
130 # define PAGE_SIZE		2048
131 # define PAGE_SHIFT		11
132 # define PAGE_SECTORS		4
133 # define ADDR_SHIFT		16
134 # include "nand.c"
135 
136 /* Information based on Linux drivers/mtd/nand/nand_ids.c */
137 static const struct {
138     int size;
139     int width;
140     int page_shift;
141     int erase_shift;
142     uint32_t options;
143 } nand_flash_ids[0x100] = {
144     [0 ... 0xff] = { 0 },
145 
146     [0x6e] = { 1,	8,	8, 4, 0 },
147     [0x64] = { 2,	8,	8, 4, 0 },
148     [0x6b] = { 4,	8,	9, 4, 0 },
149     [0xe8] = { 1,	8,	8, 4, 0 },
150     [0xec] = { 1,	8,	8, 4, 0 },
151     [0xea] = { 2,	8,	8, 4, 0 },
152     [0xd5] = { 4,	8,	9, 4, 0 },
153     [0xe3] = { 4,	8,	9, 4, 0 },
154     [0xe5] = { 4,	8,	9, 4, 0 },
155     [0xd6] = { 8,	8,	9, 4, 0 },
156 
157     [0x39] = { 8,	8,	9, 4, 0 },
158     [0xe6] = { 8,	8,	9, 4, 0 },
159     [0x49] = { 8,	16,	9, 4, NAND_BUSWIDTH_16 },
160     [0x59] = { 8,	16,	9, 4, NAND_BUSWIDTH_16 },
161 
162     [0x33] = { 16,	8,	9, 5, 0 },
163     [0x73] = { 16,	8,	9, 5, 0 },
164     [0x43] = { 16,	16,	9, 5, NAND_BUSWIDTH_16 },
165     [0x53] = { 16,	16,	9, 5, NAND_BUSWIDTH_16 },
166 
167     [0x35] = { 32,	8,	9, 5, 0 },
168     [0x75] = { 32,	8,	9, 5, 0 },
169     [0x45] = { 32,	16,	9, 5, NAND_BUSWIDTH_16 },
170     [0x55] = { 32,	16,	9, 5, NAND_BUSWIDTH_16 },
171 
172     [0x36] = { 64,	8,	9, 5, 0 },
173     [0x76] = { 64,	8,	9, 5, 0 },
174     [0x46] = { 64,	16,	9, 5, NAND_BUSWIDTH_16 },
175     [0x56] = { 64,	16,	9, 5, NAND_BUSWIDTH_16 },
176 
177     [0x78] = { 128,	8,	9, 5, 0 },
178     [0x39] = { 128,	8,	9, 5, 0 },
179     [0x79] = { 128,	8,	9, 5, 0 },
180     [0x72] = { 128,	16,	9, 5, NAND_BUSWIDTH_16 },
181     [0x49] = { 128,	16,	9, 5, NAND_BUSWIDTH_16 },
182     [0x74] = { 128,	16,	9, 5, NAND_BUSWIDTH_16 },
183     [0x59] = { 128,	16,	9, 5, NAND_BUSWIDTH_16 },
184 
185     [0x71] = { 256,	8,	9, 5, 0 },
186 
187     /*
188      * These are the new chips with large page size. The pagesize and the
189      * erasesize is determined from the extended id bytes
190      */
191 # define LP_OPTIONS	(NAND_SAMSUNG_LP | NAND_NO_READRDY | NAND_NO_AUTOINCR)
192 # define LP_OPTIONS16	(LP_OPTIONS | NAND_BUSWIDTH_16)
193 
194     /* 512 Megabit */
195     [0xa2] = { 64,	8,	0, 0, LP_OPTIONS },
196     [0xf2] = { 64,	8,	0, 0, LP_OPTIONS },
197     [0xb2] = { 64,	16,	0, 0, LP_OPTIONS16 },
198     [0xc2] = { 64,	16,	0, 0, LP_OPTIONS16 },
199 
200     /* 1 Gigabit */
201     [0xa1] = { 128,	8,	0, 0, LP_OPTIONS },
202     [0xf1] = { 128,	8,	0, 0, LP_OPTIONS },
203     [0xb1] = { 128,	16,	0, 0, LP_OPTIONS16 },
204     [0xc1] = { 128,	16,	0, 0, LP_OPTIONS16 },
205 
206     /* 2 Gigabit */
207     [0xaa] = { 256,	8,	0, 0, LP_OPTIONS },
208     [0xda] = { 256,	8,	0, 0, LP_OPTIONS },
209     [0xba] = { 256,	16,	0, 0, LP_OPTIONS16 },
210     [0xca] = { 256,	16,	0, 0, LP_OPTIONS16 },
211 
212     /* 4 Gigabit */
213     [0xac] = { 512,	8,	0, 0, LP_OPTIONS },
214     [0xdc] = { 512,	8,	0, 0, LP_OPTIONS },
215     [0xbc] = { 512,	16,	0, 0, LP_OPTIONS16 },
216     [0xcc] = { 512,	16,	0, 0, LP_OPTIONS16 },
217 
218     /* 8 Gigabit */
219     [0xa3] = { 1024,	8,	0, 0, LP_OPTIONS },
220     [0xd3] = { 1024,	8,	0, 0, LP_OPTIONS },
221     [0xb3] = { 1024,	16,	0, 0, LP_OPTIONS16 },
222     [0xc3] = { 1024,	16,	0, 0, LP_OPTIONS16 },
223 
224     /* 16 Gigabit */
225     [0xa5] = { 2048,	8,	0, 0, LP_OPTIONS },
226     [0xd5] = { 2048,	8,	0, 0, LP_OPTIONS },
227     [0xb5] = { 2048,	16,	0, 0, LP_OPTIONS16 },
228     [0xc5] = { 2048,	16,	0, 0, LP_OPTIONS16 },
229 };
230 
231 static void nand_reset(DeviceState *dev)
232 {
233     NANDFlashState *s = NAND(dev);
234     s->cmd = NAND_CMD_READ0;
235     s->addr = 0;
236     s->addrlen = 0;
237     s->iolen = 0;
238     s->offset = 0;
239     s->status &= NAND_IOSTATUS_UNPROTCT;
240     s->status |= NAND_IOSTATUS_READY;
241 }
242 
243 static inline void nand_pushio_byte(NANDFlashState *s, uint8_t value)
244 {
245     s->ioaddr[s->iolen++] = value;
246     for (value = s->buswidth; --value;) {
247         s->ioaddr[s->iolen++] = 0;
248     }
249 }
250 
251 static void nand_command(NANDFlashState *s)
252 {
253     unsigned int offset;
254     switch (s->cmd) {
255     case NAND_CMD_READ0:
256         s->iolen = 0;
257         break;
258 
259     case NAND_CMD_READID:
260         s->ioaddr = s->io;
261         s->iolen = 0;
262         nand_pushio_byte(s, s->manf_id);
263         nand_pushio_byte(s, s->chip_id);
264         nand_pushio_byte(s, 'Q'); /* Don't-care byte (often 0xa5) */
265         if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) {
266             /* Page Size, Block Size, Spare Size; bit 6 indicates
267              * 8 vs 16 bit width NAND.
268              */
269             nand_pushio_byte(s, (s->buswidth == 2) ? 0x55 : 0x15);
270         } else {
271             nand_pushio_byte(s, 0xc0); /* Multi-plane */
272         }
273         break;
274 
275     case NAND_CMD_RANDOMREAD2:
276     case NAND_CMD_NOSERIALREAD2:
277         if (!(nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP))
278             break;
279         offset = s->addr & ((1 << s->addr_shift) - 1);
280         s->blk_load(s, s->addr, offset);
281         if (s->gnd)
282             s->iolen = (1 << s->page_shift) - offset;
283         else
284             s->iolen = (1 << s->page_shift) + (1 << s->oob_shift) - offset;
285         break;
286 
287     case NAND_CMD_RESET:
288         nand_reset(DEVICE(s));
289         break;
290 
291     case NAND_CMD_PAGEPROGRAM1:
292         s->ioaddr = s->io;
293         s->iolen = 0;
294         break;
295 
296     case NAND_CMD_PAGEPROGRAM2:
297         if (s->wp) {
298             s->blk_write(s);
299         }
300         break;
301 
302     case NAND_CMD_BLOCKERASE1:
303         break;
304 
305     case NAND_CMD_BLOCKERASE2:
306         s->addr &= (1ull << s->addrlen * 8) - 1;
307         s->addr <<= nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP ?
308                                                                     16 : 8;
309 
310         if (s->wp) {
311             s->blk_erase(s);
312         }
313         break;
314 
315     case NAND_CMD_READSTATUS:
316         s->ioaddr = s->io;
317         s->iolen = 0;
318         nand_pushio_byte(s, s->status);
319         break;
320 
321     default:
322         printf("%s: Unknown NAND command 0x%02x\n", __FUNCTION__, s->cmd);
323     }
324 }
325 
326 static void nand_pre_save(void *opaque)
327 {
328     NANDFlashState *s = NAND(opaque);
329 
330     s->ioaddr_vmstate = s->ioaddr - s->io;
331 }
332 
333 static int nand_post_load(void *opaque, int version_id)
334 {
335     NANDFlashState *s = NAND(opaque);
336 
337     if (s->ioaddr_vmstate > sizeof(s->io)) {
338         return -EINVAL;
339     }
340     s->ioaddr = s->io + s->ioaddr_vmstate;
341 
342     return 0;
343 }
344 
345 static const VMStateDescription vmstate_nand = {
346     .name = "nand",
347     .version_id = 1,
348     .minimum_version_id = 1,
349     .pre_save = nand_pre_save,
350     .post_load = nand_post_load,
351     .fields = (VMStateField[]) {
352         VMSTATE_UINT8(cle, NANDFlashState),
353         VMSTATE_UINT8(ale, NANDFlashState),
354         VMSTATE_UINT8(ce, NANDFlashState),
355         VMSTATE_UINT8(wp, NANDFlashState),
356         VMSTATE_UINT8(gnd, NANDFlashState),
357         VMSTATE_BUFFER(io, NANDFlashState),
358         VMSTATE_UINT32(ioaddr_vmstate, NANDFlashState),
359         VMSTATE_INT32(iolen, NANDFlashState),
360         VMSTATE_UINT32(cmd, NANDFlashState),
361         VMSTATE_UINT64(addr, NANDFlashState),
362         VMSTATE_INT32(addrlen, NANDFlashState),
363         VMSTATE_INT32(status, NANDFlashState),
364         VMSTATE_INT32(offset, NANDFlashState),
365         /* XXX: do we want to save s->storage too? */
366         VMSTATE_END_OF_LIST()
367     }
368 };
369 
370 static void nand_realize(DeviceState *dev, Error **errp)
371 {
372     int pagesize;
373     NANDFlashState *s = NAND(dev);
374 
375     s->buswidth = nand_flash_ids[s->chip_id].width >> 3;
376     s->size = nand_flash_ids[s->chip_id].size << 20;
377     if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) {
378         s->page_shift = 11;
379         s->erase_shift = 6;
380     } else {
381         s->page_shift = nand_flash_ids[s->chip_id].page_shift;
382         s->erase_shift = nand_flash_ids[s->chip_id].erase_shift;
383     }
384 
385     switch (1 << s->page_shift) {
386     case 256:
387         nand_init_256(s);
388         break;
389     case 512:
390         nand_init_512(s);
391         break;
392     case 2048:
393         nand_init_2048(s);
394         break;
395     default:
396         error_setg(errp, "Unsupported NAND block size %#x",
397                    1 << s->page_shift);
398         return;
399     }
400 
401     pagesize = 1 << s->oob_shift;
402     s->mem_oob = 1;
403     if (s->blk) {
404         if (blk_is_read_only(s->blk)) {
405             error_setg(errp, "Can't use a read-only drive");
406             return;
407         }
408         if (blk_getlength(s->blk) >=
409                 (s->pages << s->page_shift) + (s->pages << s->oob_shift)) {
410             pagesize = 0;
411             s->mem_oob = 0;
412         }
413     } else {
414         pagesize += 1 << s->page_shift;
415     }
416     if (pagesize) {
417         s->storage = (uint8_t *) memset(g_malloc(s->pages * pagesize),
418                         0xff, s->pages * pagesize);
419     }
420     /* Give s->ioaddr a sane value in case we save state before it is used. */
421     s->ioaddr = s->io;
422 }
423 
424 static Property nand_properties[] = {
425     DEFINE_PROP_UINT8("manufacturer_id", NANDFlashState, manf_id, 0),
426     DEFINE_PROP_UINT8("chip_id", NANDFlashState, chip_id, 0),
427     DEFINE_PROP_DRIVE("drive", NANDFlashState, blk),
428     DEFINE_PROP_END_OF_LIST(),
429 };
430 
431 static void nand_class_init(ObjectClass *klass, void *data)
432 {
433     DeviceClass *dc = DEVICE_CLASS(klass);
434 
435     dc->realize = nand_realize;
436     dc->reset = nand_reset;
437     dc->vmsd = &vmstate_nand;
438     dc->props = nand_properties;
439 }
440 
441 static const TypeInfo nand_info = {
442     .name          = TYPE_NAND,
443     .parent        = TYPE_DEVICE,
444     .instance_size = sizeof(NANDFlashState),
445     .class_init    = nand_class_init,
446 };
447 
448 static void nand_register_types(void)
449 {
450     type_register_static(&nand_info);
451 }
452 
453 /*
454  * Chip inputs are CLE, ALE, CE, WP, GND and eight I/O pins.  Chip
455  * outputs are R/B and eight I/O pins.
456  *
457  * CE, WP and R/B are active low.
458  */
459 void nand_setpins(DeviceState *dev, uint8_t cle, uint8_t ale,
460                   uint8_t ce, uint8_t wp, uint8_t gnd)
461 {
462     NANDFlashState *s = NAND(dev);
463 
464     s->cle = cle;
465     s->ale = ale;
466     s->ce = ce;
467     s->wp = wp;
468     s->gnd = gnd;
469     if (wp) {
470         s->status |= NAND_IOSTATUS_UNPROTCT;
471     } else {
472         s->status &= ~NAND_IOSTATUS_UNPROTCT;
473     }
474 }
475 
476 void nand_getpins(DeviceState *dev, int *rb)
477 {
478     *rb = 1;
479 }
480 
481 void nand_setio(DeviceState *dev, uint32_t value)
482 {
483     int i;
484     NANDFlashState *s = NAND(dev);
485 
486     if (!s->ce && s->cle) {
487         if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) {
488             if (s->cmd == NAND_CMD_READ0 && value == NAND_CMD_LPREAD2)
489                 return;
490             if (value == NAND_CMD_RANDOMREAD1) {
491                 s->addr &= ~((1 << s->addr_shift) - 1);
492                 s->addrlen = 0;
493                 return;
494             }
495         }
496         if (value == NAND_CMD_READ0) {
497             s->offset = 0;
498         } else if (value == NAND_CMD_READ1) {
499             s->offset = 0x100;
500             value = NAND_CMD_READ0;
501         } else if (value == NAND_CMD_READ2) {
502             s->offset = 1 << s->page_shift;
503             value = NAND_CMD_READ0;
504         }
505 
506         s->cmd = value;
507 
508         if (s->cmd == NAND_CMD_READSTATUS ||
509                 s->cmd == NAND_CMD_PAGEPROGRAM2 ||
510                 s->cmd == NAND_CMD_BLOCKERASE1 ||
511                 s->cmd == NAND_CMD_BLOCKERASE2 ||
512                 s->cmd == NAND_CMD_NOSERIALREAD2 ||
513                 s->cmd == NAND_CMD_RANDOMREAD2 ||
514                 s->cmd == NAND_CMD_RESET) {
515             nand_command(s);
516         }
517 
518         if (s->cmd != NAND_CMD_RANDOMREAD2) {
519             s->addrlen = 0;
520         }
521     }
522 
523     if (s->ale) {
524         unsigned int shift = s->addrlen * 8;
525         unsigned int mask = ~(0xff << shift);
526         unsigned int v = value << shift;
527 
528         s->addr = (s->addr & mask) | v;
529         s->addrlen ++;
530 
531         switch (s->addrlen) {
532         case 1:
533             if (s->cmd == NAND_CMD_READID) {
534                 nand_command(s);
535             }
536             break;
537         case 2: /* fix cache address as a byte address */
538             s->addr <<= (s->buswidth - 1);
539             break;
540         case 3:
541             if (!(nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) &&
542                     (s->cmd == NAND_CMD_READ0 ||
543                      s->cmd == NAND_CMD_PAGEPROGRAM1)) {
544                 nand_command(s);
545             }
546             break;
547         case 4:
548             if ((nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) &&
549                     nand_flash_ids[s->chip_id].size < 256 && /* 1Gb or less */
550                     (s->cmd == NAND_CMD_READ0 ||
551                      s->cmd == NAND_CMD_PAGEPROGRAM1)) {
552                 nand_command(s);
553             }
554             break;
555         case 5:
556             if ((nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) &&
557                     nand_flash_ids[s->chip_id].size >= 256 && /* 2Gb or more */
558                     (s->cmd == NAND_CMD_READ0 ||
559                      s->cmd == NAND_CMD_PAGEPROGRAM1)) {
560                 nand_command(s);
561             }
562             break;
563         default:
564             break;
565         }
566     }
567 
568     if (!s->cle && !s->ale && s->cmd == NAND_CMD_PAGEPROGRAM1) {
569         if (s->iolen < (1 << s->page_shift) + (1 << s->oob_shift)) {
570             for (i = s->buswidth; i--; value >>= 8) {
571                 s->io[s->iolen ++] = (uint8_t) (value & 0xff);
572             }
573         }
574     } else if (!s->cle && !s->ale && s->cmd == NAND_CMD_COPYBACKPRG1) {
575         if ((s->addr & ((1 << s->addr_shift) - 1)) <
576                 (1 << s->page_shift) + (1 << s->oob_shift)) {
577             for (i = s->buswidth; i--; s->addr++, value >>= 8) {
578                 s->io[s->iolen + (s->addr & ((1 << s->addr_shift) - 1))] =
579                     (uint8_t) (value & 0xff);
580             }
581         }
582     }
583 }
584 
585 uint32_t nand_getio(DeviceState *dev)
586 {
587     int offset;
588     uint32_t x = 0;
589     NANDFlashState *s = NAND(dev);
590 
591     /* Allow sequential reading */
592     if (!s->iolen && s->cmd == NAND_CMD_READ0) {
593         offset = (int) (s->addr & ((1 << s->addr_shift) - 1)) + s->offset;
594         s->offset = 0;
595 
596         s->blk_load(s, s->addr, offset);
597         if (s->gnd)
598             s->iolen = (1 << s->page_shift) - offset;
599         else
600             s->iolen = (1 << s->page_shift) + (1 << s->oob_shift) - offset;
601     }
602 
603     if (s->ce || s->iolen <= 0) {
604         return 0;
605     }
606 
607     for (offset = s->buswidth; offset--;) {
608         x |= s->ioaddr[offset] << (offset << 3);
609     }
610     /* after receiving READ STATUS command all subsequent reads will
611      * return the status register value until another command is issued
612      */
613     if (s->cmd != NAND_CMD_READSTATUS) {
614         s->addr   += s->buswidth;
615         s->ioaddr += s->buswidth;
616         s->iolen  -= s->buswidth;
617     }
618     return x;
619 }
620 
621 uint32_t nand_getbuswidth(DeviceState *dev)
622 {
623     NANDFlashState *s = (NANDFlashState *) dev;
624     return s->buswidth << 3;
625 }
626 
627 DeviceState *nand_init(BlockBackend *blk, int manf_id, int chip_id)
628 {
629     DeviceState *dev;
630 
631     if (nand_flash_ids[chip_id].size == 0) {
632         hw_error("%s: Unsupported NAND chip ID.\n", __FUNCTION__);
633     }
634     dev = DEVICE(object_new(TYPE_NAND));
635     qdev_prop_set_uint8(dev, "manufacturer_id", manf_id);
636     qdev_prop_set_uint8(dev, "chip_id", chip_id);
637     if (blk) {
638         qdev_prop_set_drive_nofail(dev, "drive", blk);
639     }
640 
641     qdev_init_nofail(dev);
642     return dev;
643 }
644 
645 type_init(nand_register_types)
646 
647 #else
648 
649 /* Program a single page */
650 static void glue(nand_blk_write_, PAGE_SIZE)(NANDFlashState *s)
651 {
652     uint64_t off, page, sector, soff;
653     uint8_t iobuf[(PAGE_SECTORS + 2) * 0x200];
654     if (PAGE(s->addr) >= s->pages)
655         return;
656 
657     if (!s->blk) {
658         mem_and(s->storage + PAGE_START(s->addr) + (s->addr & PAGE_MASK) +
659                         s->offset, s->io, s->iolen);
660     } else if (s->mem_oob) {
661         sector = SECTOR(s->addr);
662         off = (s->addr & PAGE_MASK) + s->offset;
663         soff = SECTOR_OFFSET(s->addr);
664         if (blk_read(s->blk, sector, iobuf, PAGE_SECTORS) < 0) {
665             printf("%s: read error in sector %" PRIu64 "\n", __func__, sector);
666             return;
667         }
668 
669         mem_and(iobuf + (soff | off), s->io, MIN(s->iolen, PAGE_SIZE - off));
670         if (off + s->iolen > PAGE_SIZE) {
671             page = PAGE(s->addr);
672             mem_and(s->storage + (page << OOB_SHIFT), s->io + PAGE_SIZE - off,
673                             MIN(OOB_SIZE, off + s->iolen - PAGE_SIZE));
674         }
675 
676         if (blk_write(s->blk, sector, iobuf, PAGE_SECTORS) < 0) {
677             printf("%s: write error in sector %" PRIu64 "\n", __func__, sector);
678         }
679     } else {
680         off = PAGE_START(s->addr) + (s->addr & PAGE_MASK) + s->offset;
681         sector = off >> 9;
682         soff = off & 0x1ff;
683         if (blk_read(s->blk, sector, iobuf, PAGE_SECTORS + 2) < 0) {
684             printf("%s: read error in sector %" PRIu64 "\n", __func__, sector);
685             return;
686         }
687 
688         mem_and(iobuf + soff, s->io, s->iolen);
689 
690         if (blk_write(s->blk, sector, iobuf, PAGE_SECTORS + 2) < 0) {
691             printf("%s: write error in sector %" PRIu64 "\n", __func__, sector);
692         }
693     }
694     s->offset = 0;
695 }
696 
697 /* Erase a single block */
698 static void glue(nand_blk_erase_, PAGE_SIZE)(NANDFlashState *s)
699 {
700     uint64_t i, page, addr;
701     uint8_t iobuf[0x200] = { [0 ... 0x1ff] = 0xff, };
702     addr = s->addr & ~((1 << (ADDR_SHIFT + s->erase_shift)) - 1);
703 
704     if (PAGE(addr) >= s->pages) {
705         return;
706     }
707 
708     if (!s->blk) {
709         memset(s->storage + PAGE_START(addr),
710                         0xff, (PAGE_SIZE + OOB_SIZE) << s->erase_shift);
711     } else if (s->mem_oob) {
712         memset(s->storage + (PAGE(addr) << OOB_SHIFT),
713                         0xff, OOB_SIZE << s->erase_shift);
714         i = SECTOR(addr);
715         page = SECTOR(addr + (ADDR_SHIFT + s->erase_shift));
716         for (; i < page; i ++)
717             if (blk_write(s->blk, i, iobuf, 1) < 0) {
718                 printf("%s: write error in sector %" PRIu64 "\n", __func__, i);
719             }
720     } else {
721         addr = PAGE_START(addr);
722         page = addr >> 9;
723         if (blk_read(s->blk, page, iobuf, 1) < 0) {
724             printf("%s: read error in sector %" PRIu64 "\n", __func__, page);
725         }
726         memset(iobuf + (addr & 0x1ff), 0xff, (~addr & 0x1ff) + 1);
727         if (blk_write(s->blk, page, iobuf, 1) < 0) {
728             printf("%s: write error in sector %" PRIu64 "\n", __func__, page);
729         }
730 
731         memset(iobuf, 0xff, 0x200);
732         i = (addr & ~0x1ff) + 0x200;
733         for (addr += ((PAGE_SIZE + OOB_SIZE) << s->erase_shift) - 0x200;
734                         i < addr; i += 0x200) {
735             if (blk_write(s->blk, i >> 9, iobuf, 1) < 0) {
736                 printf("%s: write error in sector %" PRIu64 "\n",
737                        __func__, i >> 9);
738             }
739         }
740 
741         page = i >> 9;
742         if (blk_read(s->blk, page, iobuf, 1) < 0) {
743             printf("%s: read error in sector %" PRIu64 "\n", __func__, page);
744         }
745         memset(iobuf, 0xff, ((addr - 1) & 0x1ff) + 1);
746         if (blk_write(s->blk, page, iobuf, 1) < 0) {
747             printf("%s: write error in sector %" PRIu64 "\n", __func__, page);
748         }
749     }
750 }
751 
752 static void glue(nand_blk_load_, PAGE_SIZE)(NANDFlashState *s,
753                 uint64_t addr, int offset)
754 {
755     if (PAGE(addr) >= s->pages) {
756         return;
757     }
758 
759     if (s->blk) {
760         if (s->mem_oob) {
761             if (blk_read(s->blk, SECTOR(addr), s->io, PAGE_SECTORS) < 0) {
762                 printf("%s: read error in sector %" PRIu64 "\n",
763                                 __func__, SECTOR(addr));
764             }
765             memcpy(s->io + SECTOR_OFFSET(s->addr) + PAGE_SIZE,
766                             s->storage + (PAGE(s->addr) << OOB_SHIFT),
767                             OOB_SIZE);
768             s->ioaddr = s->io + SECTOR_OFFSET(s->addr) + offset;
769         } else {
770             if (blk_read(s->blk, PAGE_START(addr) >> 9,
771                          s->io, (PAGE_SECTORS + 2)) < 0) {
772                 printf("%s: read error in sector %" PRIu64 "\n",
773                                 __func__, PAGE_START(addr) >> 9);
774             }
775             s->ioaddr = s->io + (PAGE_START(addr) & 0x1ff) + offset;
776         }
777     } else {
778         memcpy(s->io, s->storage + PAGE_START(s->addr) +
779                         offset, PAGE_SIZE + OOB_SIZE - offset);
780         s->ioaddr = s->io;
781     }
782 }
783 
784 static void glue(nand_init_, PAGE_SIZE)(NANDFlashState *s)
785 {
786     s->oob_shift = PAGE_SHIFT - 5;
787     s->pages = s->size >> PAGE_SHIFT;
788     s->addr_shift = ADDR_SHIFT;
789 
790     s->blk_erase = glue(nand_blk_erase_, PAGE_SIZE);
791     s->blk_write = glue(nand_blk_write_, PAGE_SIZE);
792     s->blk_load = glue(nand_blk_load_, PAGE_SIZE);
793 }
794 
795 # undef PAGE_SIZE
796 # undef PAGE_SHIFT
797 # undef PAGE_SECTORS
798 # undef ADDR_SHIFT
799 #endif	/* NAND_IO */
800