1 /*
2 * ST M25P80 emulator. Emulate all SPI flash devices based on the m25p80 command
3 * set. Known devices table current as of Jun/2012 and taken from linux.
4 * See drivers/mtd/devices/m25p80.c.
5 *
6 * Copyright (C) 2011 Edgar E. Iglesias <edgar.iglesias@gmail.com>
7 * Copyright (C) 2012 Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
8 * Copyright (C) 2012 PetaLogix
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License as
12 * published by the Free Software Foundation; either version 2 or
13 * (at your option) a later version of the License.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "qemu/osdep.h"
25 #include "qemu/units.h"
26 #include "sysemu/block-backend.h"
27 #include "hw/block/block.h"
28 #include "hw/block/flash.h"
29 #include "hw/qdev-properties.h"
30 #include "hw/qdev-properties-system.h"
31 #include "hw/ssi/ssi.h"
32 #include "migration/vmstate.h"
33 #include "qemu/bitops.h"
34 #include "qemu/log.h"
35 #include "qemu/module.h"
36 #include "qemu/error-report.h"
37 #include "qapi/error.h"
38 #include "trace.h"
39 #include "qom/object.h"
40 #include "m25p80_sfdp.h"
41
42 /* 16 MiB max in 3 byte address mode */
43 #define MAX_3BYTES_SIZE 0x1000000
44 #define SPI_NOR_MAX_ID_LEN 6
45
46 /* Fields for FlashPartInfo->flags */
47 enum spi_flash_option_flags {
48 ER_4K = BIT(0),
49 ER_32K = BIT(1),
50 EEPROM = BIT(2),
51 HAS_SR_TB = BIT(3),
52 HAS_SR_BP3_BIT6 = BIT(4),
53 };
54
55 typedef struct FlashPartInfo {
56 const char *part_name;
57 /*
58 * This array stores the ID bytes.
59 * The first three bytes are the JEDIC ID.
60 * JEDEC ID zero means "no ID" (mostly older chips).
61 */
62 uint8_t id[SPI_NOR_MAX_ID_LEN];
63 uint8_t id_len;
64 /* there is confusion between manufacturers as to what a sector is. In this
65 * device model, a "sector" is the size that is erased by the ERASE_SECTOR
66 * command (opcode 0xd8).
67 */
68 uint32_t sector_size;
69 uint32_t n_sectors;
70 uint32_t page_size;
71 uint16_t flags;
72 /*
73 * Big sized spi nor are often stacked devices, thus sometime
74 * replace chip erase with die erase.
75 * This field inform how many die is in the chip.
76 */
77 uint8_t die_cnt;
78 uint8_t (*sfdp_read)(uint32_t sfdp_addr);
79 } FlashPartInfo;
80
81 /* adapted from linux */
82 /* Used when the "_ext_id" is two bytes at most */
83 #define INFO(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors, _flags)\
84 .part_name = _part_name,\
85 .id = {\
86 ((_jedec_id) >> 16) & 0xff,\
87 ((_jedec_id) >> 8) & 0xff,\
88 (_jedec_id) & 0xff,\
89 ((_ext_id) >> 8) & 0xff,\
90 (_ext_id) & 0xff,\
91 },\
92 .id_len = (!(_jedec_id) ? 0 : (3 + ((_ext_id) ? 2 : 0))),\
93 .sector_size = (_sector_size),\
94 .n_sectors = (_n_sectors),\
95 .page_size = 256,\
96 .flags = (_flags),\
97 .die_cnt = 0
98
99 #define INFO6(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors, _flags)\
100 .part_name = _part_name,\
101 .id = {\
102 ((_jedec_id) >> 16) & 0xff,\
103 ((_jedec_id) >> 8) & 0xff,\
104 (_jedec_id) & 0xff,\
105 ((_ext_id) >> 16) & 0xff,\
106 ((_ext_id) >> 8) & 0xff,\
107 (_ext_id) & 0xff,\
108 },\
109 .id_len = 6,\
110 .sector_size = (_sector_size),\
111 .n_sectors = (_n_sectors),\
112 .page_size = 256,\
113 .flags = (_flags),\
114 .die_cnt = 0
115
116 #define INFO_STACKED(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors,\
117 _flags, _die_cnt)\
118 .part_name = _part_name,\
119 .id = {\
120 ((_jedec_id) >> 16) & 0xff,\
121 ((_jedec_id) >> 8) & 0xff,\
122 (_jedec_id) & 0xff,\
123 ((_ext_id) >> 8) & 0xff,\
124 (_ext_id) & 0xff,\
125 },\
126 .id_len = (!(_jedec_id) ? 0 : (3 + ((_ext_id) ? 2 : 0))),\
127 .sector_size = (_sector_size),\
128 .n_sectors = (_n_sectors),\
129 .page_size = 256,\
130 .flags = (_flags),\
131 .die_cnt = _die_cnt
132
133 #define JEDEC_NUMONYX 0x20
134 #define JEDEC_WINBOND 0xEF
135 #define JEDEC_SPANSION 0x01
136
137 /* Numonyx (Micron) Configuration register macros */
138 #define VCFG_DUMMY 0x1
139 #define VCFG_WRAP_SEQUENTIAL 0x2
140 #define NVCFG_XIP_MODE_DISABLED (7 << 9)
141 #define NVCFG_XIP_MODE_MASK (7 << 9)
142 #define VCFG_XIP_MODE_DISABLED (1 << 3)
143 #define CFG_DUMMY_CLK_LEN 4
144 #define NVCFG_DUMMY_CLK_POS 12
145 #define VCFG_DUMMY_CLK_POS 4
146 #define EVCFG_OUT_DRIVER_STRENGTH_DEF 7
147 #define EVCFG_VPP_ACCELERATOR (1 << 3)
148 #define EVCFG_RESET_HOLD_ENABLED (1 << 4)
149 #define NVCFG_DUAL_IO_MASK (1 << 2)
150 #define EVCFG_DUAL_IO_DISABLED (1 << 6)
151 #define NVCFG_QUAD_IO_MASK (1 << 3)
152 #define EVCFG_QUAD_IO_DISABLED (1 << 7)
153 #define NVCFG_4BYTE_ADDR_MASK (1 << 0)
154 #define NVCFG_LOWER_SEGMENT_MASK (1 << 1)
155
156 /* Numonyx (Micron) Flag Status Register macros */
157 #define FSR_4BYTE_ADDR_MODE_ENABLED 0x1
158 #define FSR_FLASH_READY (1 << 7)
159
160 /* Spansion configuration registers macros. */
161 #define SPANSION_QUAD_CFG_POS 0
162 #define SPANSION_QUAD_CFG_LEN 1
163 #define SPANSION_DUMMY_CLK_POS 0
164 #define SPANSION_DUMMY_CLK_LEN 4
165 #define SPANSION_ADDR_LEN_POS 7
166 #define SPANSION_ADDR_LEN_LEN 1
167
168 /*
169 * Spansion read mode command length in bytes,
170 * the mode is currently not supported.
171 */
172
173 #define SPANSION_CONTINUOUS_READ_MODE_CMD_LEN 1
174 #define WINBOND_CONTINUOUS_READ_MODE_CMD_LEN 1
175
176 static const FlashPartInfo known_devices[] = {
177 /* Atmel -- some are (confusingly) marketed as "DataFlash" */
178 { INFO("at25fs010", 0x1f6601, 0, 32 << 10, 4, ER_4K) },
179 { INFO("at25fs040", 0x1f6604, 0, 64 << 10, 8, ER_4K) },
180
181 { INFO("at25df041a", 0x1f4401, 0, 64 << 10, 8, ER_4K) },
182 { INFO("at25df321a", 0x1f4701, 0, 64 << 10, 64, ER_4K) },
183 { INFO("at25df641", 0x1f4800, 0, 64 << 10, 128, ER_4K) },
184
185 { INFO("at26f004", 0x1f0400, 0, 64 << 10, 8, ER_4K) },
186 { INFO("at26df081a", 0x1f4501, 0, 64 << 10, 16, ER_4K) },
187 { INFO("at26df161a", 0x1f4601, 0, 64 << 10, 32, ER_4K) },
188 { INFO("at26df321", 0x1f4700, 0, 64 << 10, 64, ER_4K) },
189
190 { INFO("at45db081d", 0x1f2500, 0, 64 << 10, 16, ER_4K) },
191
192 /* Atmel EEPROMS - it is assumed, that don't care bit in command
193 * is set to 0. Block protection is not supported.
194 */
195 { INFO("at25128a-nonjedec", 0x0, 0, 1, 131072, EEPROM) },
196 { INFO("at25256a-nonjedec", 0x0, 0, 1, 262144, EEPROM) },
197
198 /* EON -- en25xxx */
199 { INFO("en25f32", 0x1c3116, 0, 64 << 10, 64, ER_4K) },
200 { INFO("en25p32", 0x1c2016, 0, 64 << 10, 64, 0) },
201 { INFO("en25q32b", 0x1c3016, 0, 64 << 10, 64, 0) },
202 { INFO("en25p64", 0x1c2017, 0, 64 << 10, 128, 0) },
203 { INFO("en25q64", 0x1c3017, 0, 64 << 10, 128, ER_4K) },
204
205 /* GigaDevice */
206 { INFO("gd25q32", 0xc84016, 0, 64 << 10, 64, ER_4K) },
207 { INFO("gd25q64", 0xc84017, 0, 64 << 10, 128, ER_4K) },
208
209 /* Intel/Numonyx -- xxxs33b */
210 { INFO("160s33b", 0x898911, 0, 64 << 10, 32, 0) },
211 { INFO("320s33b", 0x898912, 0, 64 << 10, 64, 0) },
212 { INFO("640s33b", 0x898913, 0, 64 << 10, 128, 0) },
213 { INFO("n25q064", 0x20ba17, 0, 64 << 10, 128, 0) },
214
215 /* ISSI */
216 { INFO("is25lq040b", 0x9d4013, 0, 64 << 10, 8, ER_4K) },
217 { INFO("is25lp080d", 0x9d6014, 0, 64 << 10, 16, ER_4K) },
218 { INFO("is25lp016d", 0x9d6015, 0, 64 << 10, 32, ER_4K) },
219 { INFO("is25lp032", 0x9d6016, 0, 64 << 10, 64, ER_4K) },
220 { INFO("is25lp064", 0x9d6017, 0, 64 << 10, 128, ER_4K) },
221 { INFO("is25lp128", 0x9d6018, 0, 64 << 10, 256, ER_4K) },
222 { INFO("is25lp256", 0x9d6019, 0, 64 << 10, 512, ER_4K) },
223 { INFO("is25wp032", 0x9d7016, 0, 64 << 10, 64, ER_4K) },
224 { INFO("is25wp064", 0x9d7017, 0, 64 << 10, 128, ER_4K) },
225 { INFO("is25wp128", 0x9d7018, 0, 64 << 10, 256, ER_4K) },
226 { INFO("is25wp256", 0x9d7019, 0, 64 << 10, 512, ER_4K),
227 .sfdp_read = m25p80_sfdp_is25wp256 },
228
229 /* Macronix */
230 { INFO("mx25l2005a", 0xc22012, 0, 64 << 10, 4, ER_4K) },
231 { INFO("mx25l4005a", 0xc22013, 0, 64 << 10, 8, ER_4K) },
232 { INFO("mx25l8005", 0xc22014, 0, 64 << 10, 16, 0) },
233 { INFO("mx25l1606e", 0xc22015, 0, 64 << 10, 32, ER_4K) },
234 { INFO("mx25l3205d", 0xc22016, 0, 64 << 10, 64, 0) },
235 { INFO("mx25l6405d", 0xc22017, 0, 64 << 10, 128, 0) },
236 { INFO("mx25l12805d", 0xc22018, 0, 64 << 10, 256, 0) },
237 { INFO("mx25l12855e", 0xc22618, 0, 64 << 10, 256, 0) },
238 { INFO6("mx25l25635e", 0xc22019, 0xc22019, 64 << 10, 512,
239 ER_4K | ER_32K), .sfdp_read = m25p80_sfdp_mx25l25635e },
240 { INFO6("mx25l25635f", 0xc22019, 0xc22019, 64 << 10, 512,
241 ER_4K | ER_32K), .sfdp_read = m25p80_sfdp_mx25l25635f },
242 { INFO("mx25l25655e", 0xc22619, 0, 64 << 10, 512, 0) },
243 { INFO("mx66l51235f", 0xc2201a, 0, 64 << 10, 1024, ER_4K | ER_32K) },
244 { INFO("mx66u51235f", 0xc2253a, 0, 64 << 10, 1024, ER_4K | ER_32K) },
245 { INFO("mx66u1g45g", 0xc2253b, 0, 64 << 10, 2048, ER_4K | ER_32K) },
246 { INFO("mx66l1g45g", 0xc2201b, 0, 64 << 10, 2048, ER_4K | ER_32K),
247 .sfdp_read = m25p80_sfdp_mx66l1g45g },
248
249 /* Micron */
250 { INFO("n25q032a11", 0x20bb16, 0, 64 << 10, 64, ER_4K) },
251 { INFO("n25q032a13", 0x20ba16, 0, 64 << 10, 64, ER_4K) },
252 { INFO("n25q064a11", 0x20bb17, 0, 64 << 10, 128, ER_4K) },
253 { INFO("n25q064a13", 0x20ba17, 0, 64 << 10, 128, ER_4K) },
254 { INFO("n25q128a11", 0x20bb18, 0, 64 << 10, 256, ER_4K) },
255 { INFO("n25q128a13", 0x20ba18, 0, 64 << 10, 256, ER_4K) },
256 { INFO("n25q256a11", 0x20bb19, 0, 64 << 10, 512, ER_4K) },
257 { INFO("n25q256a13", 0x20ba19, 0, 64 << 10, 512, ER_4K),
258 .sfdp_read = m25p80_sfdp_n25q256a },
259 { INFO("n25q512a11", 0x20bb20, 0, 64 << 10, 1024, ER_4K) },
260 { INFO("n25q512a13", 0x20ba20, 0, 64 << 10, 1024, ER_4K) },
261 { INFO("n25q128", 0x20ba18, 0, 64 << 10, 256, 0) },
262 { INFO("n25q256a", 0x20ba19, 0, 64 << 10, 512,
263 ER_4K | HAS_SR_BP3_BIT6 | HAS_SR_TB),
264 .sfdp_read = m25p80_sfdp_n25q256a },
265 { INFO("n25q512a", 0x20ba20, 0, 64 << 10, 1024, ER_4K) },
266 { INFO("n25q512ax3", 0x20ba20, 0x1000, 64 << 10, 1024, ER_4K) },
267 { INFO("mt25ql512ab", 0x20ba20, 0x1044, 64 << 10, 1024, ER_4K | ER_32K) },
268 { INFO_STACKED("mt35xu01g", 0x2c5b1b, 0x104100, 128 << 10, 1024,
269 ER_4K | ER_32K, 2) },
270 { INFO_STACKED("mt35xu02gbba", 0x2c5b1c, 0x104100, 128 << 10, 2048,
271 ER_4K | ER_32K, 4),
272 .sfdp_read = m25p80_sfdp_mt35xu02g },
273 { INFO_STACKED("n25q00", 0x20ba21, 0x1000, 64 << 10, 2048, ER_4K, 4) },
274 { INFO_STACKED("n25q00a", 0x20bb21, 0x1000, 64 << 10, 2048, ER_4K, 4) },
275 { INFO_STACKED("mt25ql01g", 0x20ba21, 0x1040, 64 << 10, 2048, ER_4K, 2) },
276 { INFO_STACKED("mt25qu01g", 0x20bb21, 0x1040, 64 << 10, 2048, ER_4K, 2) },
277 { INFO_STACKED("mt25ql02g", 0x20ba22, 0x1040, 64 << 10, 4096, ER_4K | ER_32K, 2) },
278 { INFO_STACKED("mt25qu02g", 0x20bb22, 0x1040, 64 << 10, 4096, ER_4K | ER_32K, 2) },
279
280 /* Spansion -- single (large) sector size only, at least
281 * for the chips listed here (without boot sectors).
282 */
283 { INFO("s25sl032p", 0x010215, 0x4d00, 64 << 10, 64, ER_4K) },
284 { INFO("s25sl064p", 0x010216, 0x4d00, 64 << 10, 128, ER_4K) },
285 { INFO("s25fl256s0", 0x010219, 0x4d00, 256 << 10, 128, 0) },
286 { INFO("s25fl256s1", 0x010219, 0x4d01, 64 << 10, 512, 0) },
287 { INFO6("s25fl512s", 0x010220, 0x4d0080, 256 << 10, 256, 0) },
288 { INFO6("s70fl01gs", 0x010221, 0x4d0080, 256 << 10, 512, 0) },
289 { INFO("s25sl12800", 0x012018, 0x0300, 256 << 10, 64, 0) },
290 { INFO("s25sl12801", 0x012018, 0x0301, 64 << 10, 256, 0) },
291 { INFO("s25fl129p0", 0x012018, 0x4d00, 256 << 10, 64, 0) },
292 { INFO("s25fl129p1", 0x012018, 0x4d01, 64 << 10, 256, 0) },
293 { INFO("s25sl004a", 0x010212, 0, 64 << 10, 8, 0) },
294 { INFO("s25sl008a", 0x010213, 0, 64 << 10, 16, 0) },
295 { INFO("s25sl016a", 0x010214, 0, 64 << 10, 32, 0) },
296 { INFO("s25sl032a", 0x010215, 0, 64 << 10, 64, 0) },
297 { INFO("s25sl064a", 0x010216, 0, 64 << 10, 128, 0) },
298 { INFO("s25fl016k", 0xef4015, 0, 64 << 10, 32, ER_4K | ER_32K) },
299 { INFO("s25fl064k", 0xef4017, 0, 64 << 10, 128, ER_4K | ER_32K) },
300
301 /* Spansion -- boot sectors support */
302 { INFO6("s25fs512s", 0x010220, 0x4d0081, 256 << 10, 256, 0) },
303 { INFO6("s70fs01gs", 0x010221, 0x4d0081, 256 << 10, 512, 0) },
304
305 /* SST -- large erase sizes are "overlays", "sectors" are 4<< 10 */
306 { INFO("sst25vf040b", 0xbf258d, 0, 64 << 10, 8, ER_4K) },
307 { INFO("sst25vf080b", 0xbf258e, 0, 64 << 10, 16, ER_4K) },
308 { INFO("sst25vf016b", 0xbf2541, 0, 64 << 10, 32, ER_4K) },
309 { INFO("sst25vf032b", 0xbf254a, 0, 64 << 10, 64, ER_4K) },
310 { INFO("sst25wf512", 0xbf2501, 0, 64 << 10, 1, ER_4K) },
311 { INFO("sst25wf010", 0xbf2502, 0, 64 << 10, 2, ER_4K) },
312 { INFO("sst25wf020", 0xbf2503, 0, 64 << 10, 4, ER_4K) },
313 { INFO("sst25wf040", 0xbf2504, 0, 64 << 10, 8, ER_4K) },
314 { INFO("sst25wf080", 0xbf2505, 0, 64 << 10, 16, ER_4K) },
315
316 /* ST Microelectronics -- newer production may have feature updates */
317 { INFO("m25p05", 0x202010, 0, 32 << 10, 2, 0) },
318 { INFO("m25p10", 0x202011, 0, 32 << 10, 4, 0) },
319 { INFO("m25p20", 0x202012, 0, 64 << 10, 4, 0) },
320 { INFO("m25p40", 0x202013, 0, 64 << 10, 8, 0) },
321 { INFO("m25p80", 0x202014, 0, 64 << 10, 16, 0) },
322 { INFO("m25p16", 0x202015, 0, 64 << 10, 32, 0) },
323 { INFO("m25p32", 0x202016, 0, 64 << 10, 64, 0) },
324 { INFO("m25p64", 0x202017, 0, 64 << 10, 128, 0) },
325 { INFO("m25p128", 0x202018, 0, 256 << 10, 64, 0) },
326 { INFO("n25q032", 0x20ba16, 0, 64 << 10, 64, 0) },
327
328 { INFO("m45pe10", 0x204011, 0, 64 << 10, 2, 0) },
329 { INFO("m45pe80", 0x204014, 0, 64 << 10, 16, 0) },
330 { INFO("m45pe16", 0x204015, 0, 64 << 10, 32, 0) },
331
332 { INFO("m25pe20", 0x208012, 0, 64 << 10, 4, 0) },
333 { INFO("m25pe80", 0x208014, 0, 64 << 10, 16, 0) },
334 { INFO("m25pe16", 0x208015, 0, 64 << 10, 32, ER_4K) },
335
336 { INFO("m25px32", 0x207116, 0, 64 << 10, 64, ER_4K) },
337 { INFO("m25px32-s0", 0x207316, 0, 64 << 10, 64, ER_4K) },
338 { INFO("m25px32-s1", 0x206316, 0, 64 << 10, 64, ER_4K) },
339 { INFO("m25px64", 0x207117, 0, 64 << 10, 128, 0) },
340
341 /* Winbond -- w25x "blocks" are 64k, "sectors" are 4KiB */
342 { INFO("w25x10", 0xef3011, 0, 64 << 10, 2, ER_4K) },
343 { INFO("w25x20", 0xef3012, 0, 64 << 10, 4, ER_4K) },
344 { INFO("w25x40", 0xef3013, 0, 64 << 10, 8, ER_4K) },
345 { INFO("w25x80", 0xef3014, 0, 64 << 10, 16, ER_4K) },
346 { INFO("w25x16", 0xef3015, 0, 64 << 10, 32, ER_4K) },
347 { INFO("w25x32", 0xef3016, 0, 64 << 10, 64, ER_4K) },
348 { INFO("w25q32", 0xef4016, 0, 64 << 10, 64, ER_4K) },
349 { INFO("w25q32dw", 0xef6016, 0, 64 << 10, 64, ER_4K) },
350 { INFO("w25x64", 0xef3017, 0, 64 << 10, 128, ER_4K) },
351 { INFO("w25q64", 0xef4017, 0, 64 << 10, 128, ER_4K) },
352 { INFO("w25q80", 0xef5014, 0, 64 << 10, 16, ER_4K) },
353 { INFO("w25q80bl", 0xef4014, 0, 64 << 10, 16, ER_4K) },
354 { INFO("w25q256", 0xef4019, 0, 64 << 10, 512, ER_4K),
355 .sfdp_read = m25p80_sfdp_w25q256 },
356 { INFO("w25q512jv", 0xef4020, 0, 64 << 10, 1024, ER_4K),
357 .sfdp_read = m25p80_sfdp_w25q512jv },
358 { INFO("w25q01jvq", 0xef4021, 0, 64 << 10, 2048, ER_4K),
359 .sfdp_read = m25p80_sfdp_w25q01jvq },
360
361 /* Microchip */
362 { INFO("25csm04", 0x29cc00, 0x100, 64 << 10, 8, 0) },
363 };
364
365 typedef enum {
366 NOP = 0,
367 WRSR = 0x1,
368 WRDI = 0x4,
369 RDSR = 0x5,
370 WREN = 0x6,
371 BRRD = 0x16,
372 BRWR = 0x17,
373 JEDEC_READ = 0x9f,
374 BULK_ERASE_60 = 0x60,
375 BULK_ERASE = 0xc7,
376 READ_FSR = 0x70,
377 RDCR = 0x15,
378 RDSFDP = 0x5a,
379
380 READ = 0x03,
381 READ4 = 0x13,
382 FAST_READ = 0x0b,
383 FAST_READ4 = 0x0c,
384 DOR = 0x3b,
385 DOR4 = 0x3c,
386 QOR = 0x6b,
387 QOR4 = 0x6c,
388 DIOR = 0xbb,
389 DIOR4 = 0xbc,
390 QIOR = 0xeb,
391 QIOR4 = 0xec,
392
393 PP = 0x02,
394 PP4 = 0x12,
395 PP4_4 = 0x3e,
396 DPP = 0xa2,
397 QPP = 0x32,
398 QPP_4 = 0x34,
399 RDID_90 = 0x90,
400 RDID_AB = 0xab,
401 AAI_WP = 0xad,
402
403 ERASE_4K = 0x20,
404 ERASE4_4K = 0x21,
405 ERASE_32K = 0x52,
406 ERASE4_32K = 0x5c,
407 ERASE_SECTOR = 0xd8,
408 ERASE4_SECTOR = 0xdc,
409
410 EN_4BYTE_ADDR = 0xB7,
411 EX_4BYTE_ADDR = 0xE9,
412
413 EXTEND_ADDR_READ = 0xC8,
414 EXTEND_ADDR_WRITE = 0xC5,
415
416 RESET_ENABLE = 0x66,
417 RESET_MEMORY = 0x99,
418
419 /*
420 * Micron: 0x35 - enable QPI
421 * Spansion: 0x35 - read control register
422 * Winbond: 0x35 - quad enable
423 */
424 RDCR_EQIO = 0x35,
425 RSTQIO = 0xf5,
426
427 RNVCR = 0xB5,
428 WNVCR = 0xB1,
429
430 RVCR = 0x85,
431 WVCR = 0x81,
432
433 REVCR = 0x65,
434 WEVCR = 0x61,
435
436 DIE_ERASE = 0xC4,
437 } FlashCMD;
438
439 typedef enum {
440 STATE_IDLE,
441 STATE_PAGE_PROGRAM,
442 STATE_READ,
443 STATE_COLLECTING_DATA,
444 STATE_COLLECTING_VAR_LEN_DATA,
445 STATE_READING_DATA,
446 STATE_READING_SFDP,
447 } CMDState;
448
449 typedef enum {
450 MAN_SPANSION,
451 MAN_MACRONIX,
452 MAN_NUMONYX,
453 MAN_WINBOND,
454 MAN_SST,
455 MAN_ISSI,
456 MAN_GENERIC,
457 } Manufacturer;
458
459 typedef enum {
460 MODE_STD = 0,
461 MODE_DIO = 1,
462 MODE_QIO = 2
463 } SPIMode;
464
465 #define M25P80_INTERNAL_DATA_BUFFER_SZ 16
466
467 struct Flash {
468 SSIPeripheral parent_obj;
469
470 BlockBackend *blk;
471
472 uint8_t *storage;
473 uint32_t size;
474 int page_size;
475
476 uint8_t state;
477 uint8_t data[M25P80_INTERNAL_DATA_BUFFER_SZ];
478 uint32_t len;
479 uint32_t pos;
480 bool data_read_loop;
481 uint8_t needed_bytes;
482 uint8_t cmd_in_progress;
483 uint32_t cur_addr;
484 uint32_t nonvolatile_cfg;
485 /* Configuration register for Macronix */
486 uint32_t volatile_cfg;
487 uint32_t enh_volatile_cfg;
488 /* Spansion cfg registers. */
489 uint8_t spansion_cr1nv;
490 uint8_t spansion_cr2nv;
491 uint8_t spansion_cr3nv;
492 uint8_t spansion_cr4nv;
493 uint8_t spansion_cr1v;
494 uint8_t spansion_cr2v;
495 uint8_t spansion_cr3v;
496 uint8_t spansion_cr4v;
497 bool wp_level;
498 bool write_enable;
499 bool four_bytes_address_mode;
500 bool reset_enable;
501 bool quad_enable;
502 bool aai_enable;
503 bool block_protect0;
504 bool block_protect1;
505 bool block_protect2;
506 bool block_protect3;
507 bool top_bottom_bit;
508 bool status_register_write_disabled;
509 uint8_t ear;
510
511 int64_t dirty_page;
512
513 const FlashPartInfo *pi;
514
515 };
516
517 struct M25P80Class {
518 SSIPeripheralClass parent_class;
519 FlashPartInfo *pi;
520 };
521
OBJECT_DECLARE_TYPE(Flash,M25P80Class,M25P80)522 OBJECT_DECLARE_TYPE(Flash, M25P80Class, M25P80)
523
524 static inline Manufacturer get_man(Flash *s)
525 {
526 switch (s->pi->id[0]) {
527 case 0x20:
528 return MAN_NUMONYX;
529 case 0xEF:
530 return MAN_WINBOND;
531 case 0x01:
532 return MAN_SPANSION;
533 case 0xC2:
534 return MAN_MACRONIX;
535 case 0xBF:
536 return MAN_SST;
537 case 0x9D:
538 return MAN_ISSI;
539 default:
540 return MAN_GENERIC;
541 }
542 }
543
blk_sync_complete(void * opaque,int ret)544 static void blk_sync_complete(void *opaque, int ret)
545 {
546 QEMUIOVector *iov = opaque;
547
548 qemu_iovec_destroy(iov);
549 g_free(iov);
550
551 /* do nothing. Masters do not directly interact with the backing store,
552 * only the working copy so no mutexing required.
553 */
554 }
555
flash_sync_page(Flash * s,int page)556 static void flash_sync_page(Flash *s, int page)
557 {
558 QEMUIOVector *iov;
559
560 if (!s->blk || !blk_is_writable(s->blk)) {
561 return;
562 }
563
564 iov = g_new(QEMUIOVector, 1);
565 qemu_iovec_init(iov, 1);
566 qemu_iovec_add(iov, s->storage + page * s->pi->page_size,
567 s->pi->page_size);
568 blk_aio_pwritev(s->blk, page * s->pi->page_size, iov, 0,
569 blk_sync_complete, iov);
570 }
571
flash_sync_area(Flash * s,int64_t off,int64_t len)572 static inline void flash_sync_area(Flash *s, int64_t off, int64_t len)
573 {
574 QEMUIOVector *iov;
575
576 if (!s->blk || !blk_is_writable(s->blk)) {
577 return;
578 }
579
580 assert(!(len % BDRV_SECTOR_SIZE));
581 iov = g_new(QEMUIOVector, 1);
582 qemu_iovec_init(iov, 1);
583 qemu_iovec_add(iov, s->storage + off, len);
584 blk_aio_pwritev(s->blk, off, iov, 0, blk_sync_complete, iov);
585 }
586
flash_erase(Flash * s,int offset,FlashCMD cmd)587 static void flash_erase(Flash *s, int offset, FlashCMD cmd)
588 {
589 uint32_t len;
590 uint8_t capa_to_assert = 0;
591
592 switch (cmd) {
593 case ERASE_4K:
594 case ERASE4_4K:
595 len = 4 * KiB;
596 capa_to_assert = ER_4K;
597 break;
598 case ERASE_32K:
599 case ERASE4_32K:
600 len = 32 * KiB;
601 capa_to_assert = ER_32K;
602 break;
603 case ERASE_SECTOR:
604 case ERASE4_SECTOR:
605 len = s->pi->sector_size;
606 break;
607 case BULK_ERASE:
608 len = s->size;
609 break;
610 case DIE_ERASE:
611 if (s->pi->die_cnt) {
612 len = s->size / s->pi->die_cnt;
613 offset = offset & (~(len - 1));
614 } else {
615 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: die erase is not supported"
616 " by device\n");
617 return;
618 }
619 break;
620 default:
621 abort();
622 }
623
624 trace_m25p80_flash_erase(s, offset, len);
625
626 if ((s->pi->flags & capa_to_assert) != capa_to_assert) {
627 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: %d erase size not supported by"
628 " device\n", len);
629 }
630
631 if (!s->write_enable) {
632 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: erase with write protect!\n");
633 return;
634 }
635 memset(s->storage + offset, 0xff, len);
636 flash_sync_area(s, offset, len);
637 }
638
flash_sync_dirty(Flash * s,int64_t newpage)639 static inline void flash_sync_dirty(Flash *s, int64_t newpage)
640 {
641 if (s->dirty_page >= 0 && s->dirty_page != newpage) {
642 flash_sync_page(s, s->dirty_page);
643 s->dirty_page = newpage;
644 }
645 }
646
647 static inline
flash_write8(Flash * s,uint32_t addr,uint8_t data)648 void flash_write8(Flash *s, uint32_t addr, uint8_t data)
649 {
650 uint32_t page = addr / s->pi->page_size;
651 uint8_t prev = s->storage[s->cur_addr];
652 uint32_t block_protect_value = (s->block_protect3 << 3) |
653 (s->block_protect2 << 2) |
654 (s->block_protect1 << 1) |
655 (s->block_protect0 << 0);
656
657 if (!s->write_enable) {
658 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: write with write protect!\n");
659 return;
660 }
661
662 if (block_protect_value > 0) {
663 uint32_t num_protected_sectors = 1 << (block_protect_value - 1);
664 uint32_t sector = addr / s->pi->sector_size;
665
666 /* top_bottom_bit == 0 means TOP */
667 if (!s->top_bottom_bit) {
668 if (s->pi->n_sectors <= sector + num_protected_sectors) {
669 qemu_log_mask(LOG_GUEST_ERROR,
670 "M25P80: write with write protect!\n");
671 return;
672 }
673 } else {
674 if (sector < num_protected_sectors) {
675 qemu_log_mask(LOG_GUEST_ERROR,
676 "M25P80: write with write protect!\n");
677 return;
678 }
679 }
680 }
681
682 if ((prev ^ data) & data) {
683 trace_m25p80_programming_zero_to_one(s, addr, prev, data);
684 }
685
686 if (s->pi->flags & EEPROM) {
687 s->storage[s->cur_addr] = data;
688 } else {
689 s->storage[s->cur_addr] &= data;
690 }
691
692 flash_sync_dirty(s, page);
693 s->dirty_page = page;
694 }
695
get_addr_length(Flash * s)696 static inline int get_addr_length(Flash *s)
697 {
698 /* check if eeprom is in use */
699 if (s->pi->flags == EEPROM) {
700 return 2;
701 }
702
703 switch (s->cmd_in_progress) {
704 case RDSFDP:
705 return 3;
706 case PP4:
707 case PP4_4:
708 case QPP_4:
709 case READ4:
710 case QIOR4:
711 case ERASE4_4K:
712 case ERASE4_32K:
713 case ERASE4_SECTOR:
714 case FAST_READ4:
715 case DOR4:
716 case QOR4:
717 case DIOR4:
718 return 4;
719 default:
720 return s->four_bytes_address_mode ? 4 : 3;
721 }
722 }
723
complete_collecting_data(Flash * s)724 static void complete_collecting_data(Flash *s)
725 {
726 int i, n;
727
728 n = get_addr_length(s);
729 s->cur_addr = (n == 3 ? s->ear : 0);
730 for (i = 0; i < n; ++i) {
731 s->cur_addr <<= 8;
732 s->cur_addr |= s->data[i];
733 }
734
735 s->cur_addr &= s->size - 1;
736
737 s->state = STATE_IDLE;
738
739 trace_m25p80_complete_collecting(s, s->cmd_in_progress, n, s->ear,
740 s->cur_addr);
741
742 switch (s->cmd_in_progress) {
743 case DPP:
744 case QPP:
745 case QPP_4:
746 case PP:
747 case PP4:
748 case PP4_4:
749 s->state = STATE_PAGE_PROGRAM;
750 break;
751 case AAI_WP:
752 /* AAI programming starts from the even address */
753 s->cur_addr &= ~BIT(0);
754 s->state = STATE_PAGE_PROGRAM;
755 break;
756 case READ:
757 case READ4:
758 case FAST_READ:
759 case FAST_READ4:
760 case DOR:
761 case DOR4:
762 case QOR:
763 case QOR4:
764 case DIOR:
765 case DIOR4:
766 case QIOR:
767 case QIOR4:
768 s->state = STATE_READ;
769 break;
770 case ERASE_4K:
771 case ERASE4_4K:
772 case ERASE_32K:
773 case ERASE4_32K:
774 case ERASE_SECTOR:
775 case ERASE4_SECTOR:
776 case DIE_ERASE:
777 flash_erase(s, s->cur_addr, s->cmd_in_progress);
778 break;
779 case WRSR:
780 s->status_register_write_disabled = extract32(s->data[0], 7, 1);
781 s->block_protect0 = extract32(s->data[0], 2, 1);
782 s->block_protect1 = extract32(s->data[0], 3, 1);
783 s->block_protect2 = extract32(s->data[0], 4, 1);
784 if (s->pi->flags & HAS_SR_TB) {
785 s->top_bottom_bit = extract32(s->data[0], 5, 1);
786 }
787 if (s->pi->flags & HAS_SR_BP3_BIT6) {
788 s->block_protect3 = extract32(s->data[0], 6, 1);
789 }
790
791 switch (get_man(s)) {
792 case MAN_SPANSION:
793 s->quad_enable = !!(s->data[1] & 0x02);
794 break;
795 case MAN_ISSI:
796 s->quad_enable = extract32(s->data[0], 6, 1);
797 break;
798 case MAN_MACRONIX:
799 s->quad_enable = extract32(s->data[0], 6, 1);
800 if (s->len > 1) {
801 s->volatile_cfg = s->data[1];
802 s->four_bytes_address_mode = extract32(s->data[1], 5, 1);
803 }
804 break;
805 case MAN_WINBOND:
806 if (s->len > 1) {
807 s->quad_enable = !!(s->data[1] & 0x02);
808 }
809 break;
810 default:
811 break;
812 }
813 if (s->write_enable) {
814 s->write_enable = false;
815 }
816 break;
817 case BRWR:
818 case EXTEND_ADDR_WRITE:
819 s->ear = s->data[0];
820 break;
821 case WNVCR:
822 s->nonvolatile_cfg = s->data[0] | (s->data[1] << 8);
823 break;
824 case WVCR:
825 s->volatile_cfg = s->data[0];
826 break;
827 case WEVCR:
828 s->enh_volatile_cfg = s->data[0];
829 break;
830 case RDID_90:
831 case RDID_AB:
832 if (get_man(s) == MAN_SST) {
833 if (s->cur_addr <= 1) {
834 if (s->cur_addr) {
835 s->data[0] = s->pi->id[2];
836 s->data[1] = s->pi->id[0];
837 } else {
838 s->data[0] = s->pi->id[0];
839 s->data[1] = s->pi->id[2];
840 }
841 s->pos = 0;
842 s->len = 2;
843 s->data_read_loop = true;
844 s->state = STATE_READING_DATA;
845 } else {
846 qemu_log_mask(LOG_GUEST_ERROR,
847 "M25P80: Invalid read id address\n");
848 }
849 } else {
850 qemu_log_mask(LOG_GUEST_ERROR,
851 "M25P80: Read id (command 0x90/0xAB) is not supported"
852 " by device\n");
853 }
854 break;
855
856 case RDSFDP:
857 s->state = STATE_READING_SFDP;
858 break;
859
860 default:
861 break;
862 }
863 }
864
reset_memory(Flash * s)865 static void reset_memory(Flash *s)
866 {
867 s->cmd_in_progress = NOP;
868 s->cur_addr = 0;
869 s->ear = 0;
870 s->four_bytes_address_mode = false;
871 s->len = 0;
872 s->needed_bytes = 0;
873 s->pos = 0;
874 s->state = STATE_IDLE;
875 s->write_enable = false;
876 s->reset_enable = false;
877 s->quad_enable = false;
878 s->aai_enable = false;
879
880 switch (get_man(s)) {
881 case MAN_NUMONYX:
882 s->volatile_cfg = 0;
883 s->volatile_cfg |= VCFG_DUMMY;
884 s->volatile_cfg |= VCFG_WRAP_SEQUENTIAL;
885 if ((s->nonvolatile_cfg & NVCFG_XIP_MODE_MASK)
886 == NVCFG_XIP_MODE_DISABLED) {
887 s->volatile_cfg |= VCFG_XIP_MODE_DISABLED;
888 }
889 s->volatile_cfg |= deposit32(s->volatile_cfg,
890 VCFG_DUMMY_CLK_POS,
891 CFG_DUMMY_CLK_LEN,
892 extract32(s->nonvolatile_cfg,
893 NVCFG_DUMMY_CLK_POS,
894 CFG_DUMMY_CLK_LEN)
895 );
896
897 s->enh_volatile_cfg = 0;
898 s->enh_volatile_cfg |= EVCFG_OUT_DRIVER_STRENGTH_DEF;
899 s->enh_volatile_cfg |= EVCFG_VPP_ACCELERATOR;
900 s->enh_volatile_cfg |= EVCFG_RESET_HOLD_ENABLED;
901 if (s->nonvolatile_cfg & NVCFG_DUAL_IO_MASK) {
902 s->enh_volatile_cfg |= EVCFG_DUAL_IO_DISABLED;
903 }
904 if (s->nonvolatile_cfg & NVCFG_QUAD_IO_MASK) {
905 s->enh_volatile_cfg |= EVCFG_QUAD_IO_DISABLED;
906 }
907 if (!(s->nonvolatile_cfg & NVCFG_4BYTE_ADDR_MASK)) {
908 s->four_bytes_address_mode = true;
909 }
910 if (!(s->nonvolatile_cfg & NVCFG_LOWER_SEGMENT_MASK)) {
911 s->ear = s->size / MAX_3BYTES_SIZE - 1;
912 }
913 break;
914 case MAN_MACRONIX:
915 s->volatile_cfg = 0x7;
916 break;
917 case MAN_SPANSION:
918 s->spansion_cr1v = s->spansion_cr1nv;
919 s->spansion_cr2v = s->spansion_cr2nv;
920 s->spansion_cr3v = s->spansion_cr3nv;
921 s->spansion_cr4v = s->spansion_cr4nv;
922 s->quad_enable = extract32(s->spansion_cr1v,
923 SPANSION_QUAD_CFG_POS,
924 SPANSION_QUAD_CFG_LEN
925 );
926 s->four_bytes_address_mode = extract32(s->spansion_cr2v,
927 SPANSION_ADDR_LEN_POS,
928 SPANSION_ADDR_LEN_LEN
929 );
930 break;
931 default:
932 break;
933 }
934
935 trace_m25p80_reset_done(s);
936 }
937
numonyx_mode(Flash * s)938 static uint8_t numonyx_mode(Flash *s)
939 {
940 if (!(s->enh_volatile_cfg & EVCFG_QUAD_IO_DISABLED)) {
941 return MODE_QIO;
942 } else if (!(s->enh_volatile_cfg & EVCFG_DUAL_IO_DISABLED)) {
943 return MODE_DIO;
944 } else {
945 return MODE_STD;
946 }
947 }
948
numonyx_extract_cfg_num_dummies(Flash * s)949 static uint8_t numonyx_extract_cfg_num_dummies(Flash *s)
950 {
951 uint8_t num_dummies;
952 uint8_t mode;
953 assert(get_man(s) == MAN_NUMONYX);
954
955 mode = numonyx_mode(s);
956 num_dummies = extract32(s->volatile_cfg, 4, 4);
957
958 if (num_dummies == 0x0 || num_dummies == 0xf) {
959 switch (s->cmd_in_progress) {
960 case QIOR:
961 case QIOR4:
962 num_dummies = 10;
963 break;
964 default:
965 num_dummies = (mode == MODE_QIO) ? 10 : 8;
966 break;
967 }
968 }
969
970 return num_dummies;
971 }
972
decode_fast_read_cmd(Flash * s)973 static void decode_fast_read_cmd(Flash *s)
974 {
975 s->needed_bytes = get_addr_length(s);
976 switch (get_man(s)) {
977 /* Dummy cycles - modeled with bytes writes instead of bits */
978 case MAN_SST:
979 s->needed_bytes += 1;
980 break;
981 case MAN_WINBOND:
982 s->needed_bytes += 8;
983 break;
984 case MAN_NUMONYX:
985 s->needed_bytes += numonyx_extract_cfg_num_dummies(s);
986 break;
987 case MAN_MACRONIX:
988 if (extract32(s->volatile_cfg, 6, 2) == 1) {
989 s->needed_bytes += 6;
990 } else {
991 s->needed_bytes += 8;
992 }
993 break;
994 case MAN_SPANSION:
995 s->needed_bytes += extract32(s->spansion_cr2v,
996 SPANSION_DUMMY_CLK_POS,
997 SPANSION_DUMMY_CLK_LEN
998 );
999 break;
1000 case MAN_ISSI:
1001 /*
1002 * The Fast Read instruction code is followed by address bytes and
1003 * dummy cycles, transmitted via the SI line.
1004 *
1005 * The number of dummy cycles is configurable but this is currently
1006 * unmodeled, hence the default value 8 is used.
1007 *
1008 * QPI (Quad Peripheral Interface) mode has different default value
1009 * of dummy cycles, but this is unsupported at the time being.
1010 */
1011 s->needed_bytes += 1;
1012 break;
1013 default:
1014 break;
1015 }
1016 s->pos = 0;
1017 s->len = 0;
1018 s->state = STATE_COLLECTING_DATA;
1019 }
1020
decode_dio_read_cmd(Flash * s)1021 static void decode_dio_read_cmd(Flash *s)
1022 {
1023 s->needed_bytes = get_addr_length(s);
1024 /* Dummy cycles modeled with bytes writes instead of bits */
1025 switch (get_man(s)) {
1026 case MAN_WINBOND:
1027 s->needed_bytes += WINBOND_CONTINUOUS_READ_MODE_CMD_LEN;
1028 break;
1029 case MAN_SPANSION:
1030 s->needed_bytes += SPANSION_CONTINUOUS_READ_MODE_CMD_LEN;
1031 s->needed_bytes += extract32(s->spansion_cr2v,
1032 SPANSION_DUMMY_CLK_POS,
1033 SPANSION_DUMMY_CLK_LEN
1034 );
1035 break;
1036 case MAN_NUMONYX:
1037 s->needed_bytes += numonyx_extract_cfg_num_dummies(s);
1038 break;
1039 case MAN_MACRONIX:
1040 switch (extract32(s->volatile_cfg, 6, 2)) {
1041 case 1:
1042 s->needed_bytes += 6;
1043 break;
1044 case 2:
1045 s->needed_bytes += 8;
1046 break;
1047 default:
1048 s->needed_bytes += 4;
1049 break;
1050 }
1051 break;
1052 case MAN_ISSI:
1053 /*
1054 * The Fast Read Dual I/O instruction code is followed by address bytes
1055 * and dummy cycles, transmitted via the IO1 and IO0 line.
1056 *
1057 * The number of dummy cycles is configurable but this is currently
1058 * unmodeled, hence the default value 4 is used.
1059 */
1060 s->needed_bytes += 1;
1061 break;
1062 default:
1063 break;
1064 }
1065 s->pos = 0;
1066 s->len = 0;
1067 s->state = STATE_COLLECTING_DATA;
1068 }
1069
decode_qio_read_cmd(Flash * s)1070 static void decode_qio_read_cmd(Flash *s)
1071 {
1072 s->needed_bytes = get_addr_length(s);
1073 /* Dummy cycles modeled with bytes writes instead of bits */
1074 switch (get_man(s)) {
1075 case MAN_WINBOND:
1076 s->needed_bytes += WINBOND_CONTINUOUS_READ_MODE_CMD_LEN;
1077 s->needed_bytes += 4;
1078 break;
1079 case MAN_SPANSION:
1080 s->needed_bytes += SPANSION_CONTINUOUS_READ_MODE_CMD_LEN;
1081 s->needed_bytes += extract32(s->spansion_cr2v,
1082 SPANSION_DUMMY_CLK_POS,
1083 SPANSION_DUMMY_CLK_LEN
1084 );
1085 break;
1086 case MAN_NUMONYX:
1087 s->needed_bytes += numonyx_extract_cfg_num_dummies(s);
1088 break;
1089 case MAN_MACRONIX:
1090 switch (extract32(s->volatile_cfg, 6, 2)) {
1091 case 1:
1092 s->needed_bytes += 4;
1093 break;
1094 case 2:
1095 s->needed_bytes += 8;
1096 break;
1097 default:
1098 s->needed_bytes += 6;
1099 break;
1100 }
1101 break;
1102 case MAN_ISSI:
1103 /*
1104 * The Fast Read Quad I/O instruction code is followed by address bytes
1105 * and dummy cycles, transmitted via the IO3, IO2, IO1 and IO0 line.
1106 *
1107 * The number of dummy cycles is configurable but this is currently
1108 * unmodeled, hence the default value 6 is used.
1109 *
1110 * QPI (Quad Peripheral Interface) mode has different default value
1111 * of dummy cycles, but this is unsupported at the time being.
1112 */
1113 s->needed_bytes += 3;
1114 break;
1115 default:
1116 break;
1117 }
1118 s->pos = 0;
1119 s->len = 0;
1120 s->state = STATE_COLLECTING_DATA;
1121 }
1122
is_valid_aai_cmd(uint32_t cmd)1123 static bool is_valid_aai_cmd(uint32_t cmd)
1124 {
1125 return cmd == AAI_WP || cmd == WRDI || cmd == RDSR;
1126 }
1127
decode_new_cmd(Flash * s,uint32_t value)1128 static void decode_new_cmd(Flash *s, uint32_t value)
1129 {
1130 int i;
1131
1132 s->cmd_in_progress = value;
1133 trace_m25p80_command_decoded(s, value);
1134
1135 if (value != RESET_MEMORY) {
1136 s->reset_enable = false;
1137 }
1138
1139 if (get_man(s) == MAN_SST && s->aai_enable && !is_valid_aai_cmd(value)) {
1140 qemu_log_mask(LOG_GUEST_ERROR,
1141 "M25P80: Invalid cmd within AAI programming sequence");
1142 }
1143
1144 switch (value) {
1145
1146 case ERASE_4K:
1147 case ERASE4_4K:
1148 case ERASE_32K:
1149 case ERASE4_32K:
1150 case ERASE_SECTOR:
1151 case ERASE4_SECTOR:
1152 case PP:
1153 case PP4:
1154 case DIE_ERASE:
1155 case RDID_90:
1156 case RDID_AB:
1157 s->needed_bytes = get_addr_length(s);
1158 s->pos = 0;
1159 s->len = 0;
1160 s->state = STATE_COLLECTING_DATA;
1161 break;
1162 case READ:
1163 case READ4:
1164 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) == MODE_STD) {
1165 s->needed_bytes = get_addr_length(s);
1166 s->pos = 0;
1167 s->len = 0;
1168 s->state = STATE_COLLECTING_DATA;
1169 } else {
1170 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
1171 "DIO or QIO mode\n", s->cmd_in_progress);
1172 }
1173 break;
1174 case DPP:
1175 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_QIO) {
1176 s->needed_bytes = get_addr_length(s);
1177 s->pos = 0;
1178 s->len = 0;
1179 s->state = STATE_COLLECTING_DATA;
1180 } else {
1181 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
1182 "QIO mode\n", s->cmd_in_progress);
1183 }
1184 break;
1185 case QPP:
1186 case QPP_4:
1187 case PP4_4:
1188 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_DIO) {
1189 s->needed_bytes = get_addr_length(s);
1190 s->pos = 0;
1191 s->len = 0;
1192 s->state = STATE_COLLECTING_DATA;
1193 } else {
1194 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
1195 "DIO mode\n", s->cmd_in_progress);
1196 }
1197 break;
1198
1199 case FAST_READ:
1200 case FAST_READ4:
1201 decode_fast_read_cmd(s);
1202 break;
1203 case DOR:
1204 case DOR4:
1205 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_QIO) {
1206 decode_fast_read_cmd(s);
1207 } else {
1208 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
1209 "QIO mode\n", s->cmd_in_progress);
1210 }
1211 break;
1212 case QOR:
1213 case QOR4:
1214 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_DIO) {
1215 decode_fast_read_cmd(s);
1216 } else {
1217 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
1218 "DIO mode\n", s->cmd_in_progress);
1219 }
1220 break;
1221
1222 case DIOR:
1223 case DIOR4:
1224 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_QIO) {
1225 decode_dio_read_cmd(s);
1226 } else {
1227 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
1228 "QIO mode\n", s->cmd_in_progress);
1229 }
1230 break;
1231
1232 case QIOR:
1233 case QIOR4:
1234 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_DIO) {
1235 decode_qio_read_cmd(s);
1236 } else {
1237 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
1238 "DIO mode\n", s->cmd_in_progress);
1239 }
1240 break;
1241
1242 case WRSR:
1243 /*
1244 * If WP# is low and status_register_write_disabled is high,
1245 * status register writes are disabled.
1246 * This is also called "hardware protected mode" (HPM). All other
1247 * combinations of the two states are called "software protected mode"
1248 * (SPM), and status register writes are permitted.
1249 */
1250 if ((s->wp_level == 0 && s->status_register_write_disabled)
1251 || !s->write_enable) {
1252 qemu_log_mask(LOG_GUEST_ERROR,
1253 "M25P80: Status register write is disabled!\n");
1254 break;
1255 }
1256
1257 switch (get_man(s)) {
1258 case MAN_SPANSION:
1259 s->needed_bytes = 2;
1260 s->state = STATE_COLLECTING_DATA;
1261 break;
1262 case MAN_MACRONIX:
1263 s->needed_bytes = 2;
1264 s->state = STATE_COLLECTING_VAR_LEN_DATA;
1265 break;
1266 case MAN_WINBOND:
1267 s->needed_bytes = 2;
1268 s->state = STATE_COLLECTING_VAR_LEN_DATA;
1269 break;
1270 default:
1271 s->needed_bytes = 1;
1272 s->state = STATE_COLLECTING_DATA;
1273 }
1274 s->pos = 0;
1275 break;
1276
1277 case WRDI:
1278 s->write_enable = false;
1279 if (get_man(s) == MAN_SST) {
1280 s->aai_enable = false;
1281 }
1282 break;
1283 case WREN:
1284 s->write_enable = true;
1285 break;
1286
1287 case RDSR:
1288 s->data[0] = (!!s->write_enable) << 1;
1289 s->data[0] |= (!!s->status_register_write_disabled) << 7;
1290 s->data[0] |= (!!s->block_protect0) << 2;
1291 s->data[0] |= (!!s->block_protect1) << 3;
1292 s->data[0] |= (!!s->block_protect2) << 4;
1293 if (s->pi->flags & HAS_SR_TB) {
1294 s->data[0] |= (!!s->top_bottom_bit) << 5;
1295 }
1296 if (s->pi->flags & HAS_SR_BP3_BIT6) {
1297 s->data[0] |= (!!s->block_protect3) << 6;
1298 }
1299
1300 if (get_man(s) == MAN_MACRONIX || get_man(s) == MAN_ISSI) {
1301 s->data[0] |= (!!s->quad_enable) << 6;
1302 }
1303 if (get_man(s) == MAN_SST) {
1304 s->data[0] |= (!!s->aai_enable) << 6;
1305 }
1306
1307 s->pos = 0;
1308 s->len = 1;
1309 s->data_read_loop = true;
1310 s->state = STATE_READING_DATA;
1311 break;
1312
1313 case READ_FSR:
1314 s->data[0] = FSR_FLASH_READY;
1315 if (s->four_bytes_address_mode) {
1316 s->data[0] |= FSR_4BYTE_ADDR_MODE_ENABLED;
1317 }
1318 s->pos = 0;
1319 s->len = 1;
1320 s->data_read_loop = true;
1321 s->state = STATE_READING_DATA;
1322 break;
1323
1324 case JEDEC_READ:
1325 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) == MODE_STD) {
1326 trace_m25p80_populated_jedec(s);
1327 for (i = 0; i < s->pi->id_len; i++) {
1328 s->data[i] = s->pi->id[i];
1329 }
1330 for (; i < SPI_NOR_MAX_ID_LEN; i++) {
1331 s->data[i] = 0;
1332 }
1333
1334 s->len = SPI_NOR_MAX_ID_LEN;
1335 s->pos = 0;
1336 s->state = STATE_READING_DATA;
1337 } else {
1338 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute JEDEC read "
1339 "in DIO or QIO mode\n");
1340 }
1341 break;
1342
1343 case RDCR:
1344 s->data[0] = s->volatile_cfg & 0xFF;
1345 s->data[0] |= (!!s->four_bytes_address_mode) << 5;
1346 s->pos = 0;
1347 s->len = 1;
1348 s->state = STATE_READING_DATA;
1349 break;
1350
1351 case BULK_ERASE_60:
1352 case BULK_ERASE:
1353 if (s->write_enable) {
1354 trace_m25p80_chip_erase(s);
1355 flash_erase(s, 0, BULK_ERASE);
1356 } else {
1357 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: chip erase with write "
1358 "protect!\n");
1359 }
1360 break;
1361 case NOP:
1362 break;
1363 case EN_4BYTE_ADDR:
1364 s->four_bytes_address_mode = true;
1365 break;
1366 case EX_4BYTE_ADDR:
1367 s->four_bytes_address_mode = false;
1368 break;
1369 case BRRD:
1370 case EXTEND_ADDR_READ:
1371 s->data[0] = s->ear;
1372 s->pos = 0;
1373 s->len = 1;
1374 s->state = STATE_READING_DATA;
1375 break;
1376 case BRWR:
1377 case EXTEND_ADDR_WRITE:
1378 if (s->write_enable) {
1379 s->needed_bytes = 1;
1380 s->pos = 0;
1381 s->len = 0;
1382 s->state = STATE_COLLECTING_DATA;
1383 }
1384 break;
1385 case RNVCR:
1386 s->data[0] = s->nonvolatile_cfg & 0xFF;
1387 s->data[1] = (s->nonvolatile_cfg >> 8) & 0xFF;
1388 s->pos = 0;
1389 s->len = 2;
1390 s->state = STATE_READING_DATA;
1391 break;
1392 case WNVCR:
1393 if (s->write_enable && get_man(s) == MAN_NUMONYX) {
1394 s->needed_bytes = 2;
1395 s->pos = 0;
1396 s->len = 0;
1397 s->state = STATE_COLLECTING_DATA;
1398 }
1399 break;
1400 case RVCR:
1401 s->data[0] = s->volatile_cfg & 0xFF;
1402 s->pos = 0;
1403 s->len = 1;
1404 s->state = STATE_READING_DATA;
1405 break;
1406 case WVCR:
1407 if (s->write_enable) {
1408 s->needed_bytes = 1;
1409 s->pos = 0;
1410 s->len = 0;
1411 s->state = STATE_COLLECTING_DATA;
1412 }
1413 break;
1414 case REVCR:
1415 s->data[0] = s->enh_volatile_cfg & 0xFF;
1416 s->pos = 0;
1417 s->len = 1;
1418 s->state = STATE_READING_DATA;
1419 break;
1420 case WEVCR:
1421 if (s->write_enable) {
1422 s->needed_bytes = 1;
1423 s->pos = 0;
1424 s->len = 0;
1425 s->state = STATE_COLLECTING_DATA;
1426 }
1427 break;
1428 case RESET_ENABLE:
1429 s->reset_enable = true;
1430 break;
1431 case RESET_MEMORY:
1432 if (s->reset_enable) {
1433 reset_memory(s);
1434 }
1435 break;
1436 case RDCR_EQIO:
1437 switch (get_man(s)) {
1438 case MAN_SPANSION:
1439 s->data[0] = (!!s->quad_enable) << 1;
1440 s->pos = 0;
1441 s->len = 1;
1442 s->state = STATE_READING_DATA;
1443 break;
1444 case MAN_MACRONIX:
1445 s->quad_enable = true;
1446 break;
1447 case MAN_WINBOND:
1448 s->data[0] = (!!s->quad_enable) << 1;
1449 s->pos = 0;
1450 s->len = 1;
1451 s->state = STATE_READING_DATA;
1452 break;
1453 default:
1454 break;
1455 }
1456 break;
1457 case RSTQIO:
1458 s->quad_enable = false;
1459 break;
1460 case AAI_WP:
1461 if (get_man(s) == MAN_SST) {
1462 if (s->write_enable) {
1463 if (s->aai_enable) {
1464 s->state = STATE_PAGE_PROGRAM;
1465 } else {
1466 s->aai_enable = true;
1467 s->needed_bytes = get_addr_length(s);
1468 s->state = STATE_COLLECTING_DATA;
1469 }
1470 } else {
1471 qemu_log_mask(LOG_GUEST_ERROR,
1472 "M25P80: AAI_WP with write protect\n");
1473 }
1474 } else {
1475 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value);
1476 }
1477 break;
1478 case RDSFDP:
1479 if (s->pi->sfdp_read) {
1480 s->needed_bytes = get_addr_length(s) + 1; /* SFDP addr + dummy */
1481 s->pos = 0;
1482 s->len = 0;
1483 s->state = STATE_COLLECTING_DATA;
1484 break;
1485 }
1486 /* Fallthrough */
1487
1488 default:
1489 s->pos = 0;
1490 s->len = 1;
1491 s->state = STATE_READING_DATA;
1492 s->data_read_loop = true;
1493 s->data[0] = 0;
1494 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value);
1495 break;
1496 }
1497 }
1498
m25p80_cs(SSIPeripheral * ss,bool select)1499 static int m25p80_cs(SSIPeripheral *ss, bool select)
1500 {
1501 Flash *s = M25P80(ss);
1502
1503 if (select) {
1504 if (s->state == STATE_COLLECTING_VAR_LEN_DATA) {
1505 complete_collecting_data(s);
1506 }
1507 s->len = 0;
1508 s->pos = 0;
1509 s->state = STATE_IDLE;
1510 flash_sync_dirty(s, -1);
1511 s->data_read_loop = false;
1512 }
1513
1514 trace_m25p80_select(s, select ? "de" : "");
1515
1516 return 0;
1517 }
1518
m25p80_transfer8(SSIPeripheral * ss,uint32_t tx)1519 static uint32_t m25p80_transfer8(SSIPeripheral *ss, uint32_t tx)
1520 {
1521 Flash *s = M25P80(ss);
1522 uint32_t r = 0;
1523
1524 trace_m25p80_transfer(s, s->state, s->len, s->needed_bytes, s->pos,
1525 s->cur_addr, (uint8_t)tx);
1526
1527 switch (s->state) {
1528
1529 case STATE_PAGE_PROGRAM:
1530 trace_m25p80_page_program(s, s->cur_addr, (uint8_t)tx);
1531 flash_write8(s, s->cur_addr, (uint8_t)tx);
1532 s->cur_addr = (s->cur_addr + 1) & (s->size - 1);
1533
1534 if (get_man(s) == MAN_SST && s->aai_enable && s->cur_addr == 0) {
1535 /*
1536 * There is no wrap mode during AAI programming once the highest
1537 * unprotected memory address is reached. The Write-Enable-Latch
1538 * bit is automatically reset, and AAI programming mode aborts.
1539 */
1540 s->write_enable = false;
1541 s->aai_enable = false;
1542 }
1543
1544 break;
1545
1546 case STATE_READ:
1547 r = s->storage[s->cur_addr];
1548 trace_m25p80_read_byte(s, s->cur_addr, (uint8_t)r);
1549 s->cur_addr = (s->cur_addr + 1) & (s->size - 1);
1550 break;
1551
1552 case STATE_COLLECTING_DATA:
1553 case STATE_COLLECTING_VAR_LEN_DATA:
1554
1555 if (s->len >= M25P80_INTERNAL_DATA_BUFFER_SZ) {
1556 qemu_log_mask(LOG_GUEST_ERROR,
1557 "M25P80: Write overrun internal data buffer. "
1558 "SPI controller (QEMU emulator or guest driver) "
1559 "is misbehaving\n");
1560 s->len = s->pos = 0;
1561 s->state = STATE_IDLE;
1562 break;
1563 }
1564
1565 s->data[s->len] = (uint8_t)tx;
1566 s->len++;
1567
1568 if (s->len == s->needed_bytes) {
1569 complete_collecting_data(s);
1570 }
1571 break;
1572
1573 case STATE_READING_DATA:
1574
1575 if (s->pos >= M25P80_INTERNAL_DATA_BUFFER_SZ) {
1576 qemu_log_mask(LOG_GUEST_ERROR,
1577 "M25P80: Read overrun internal data buffer. "
1578 "SPI controller (QEMU emulator or guest driver) "
1579 "is misbehaving\n");
1580 s->len = s->pos = 0;
1581 s->state = STATE_IDLE;
1582 break;
1583 }
1584
1585 r = s->data[s->pos];
1586 trace_m25p80_read_data(s, s->pos, (uint8_t)r);
1587 s->pos++;
1588 if (s->pos == s->len) {
1589 s->pos = 0;
1590 if (!s->data_read_loop) {
1591 s->state = STATE_IDLE;
1592 }
1593 }
1594 break;
1595 case STATE_READING_SFDP:
1596 assert(s->pi->sfdp_read);
1597 r = s->pi->sfdp_read(s->cur_addr);
1598 trace_m25p80_read_sfdp(s, s->cur_addr, (uint8_t)r);
1599 s->cur_addr = (s->cur_addr + 1) & (M25P80_SFDP_MAX_SIZE - 1);
1600 break;
1601
1602 default:
1603 case STATE_IDLE:
1604 decode_new_cmd(s, (uint8_t)tx);
1605 break;
1606 }
1607
1608 return r;
1609 }
1610
m25p80_write_protect_pin_irq_handler(void * opaque,int n,int level)1611 static void m25p80_write_protect_pin_irq_handler(void *opaque, int n, int level)
1612 {
1613 Flash *s = M25P80(opaque);
1614 /* WP# is just a single pin. */
1615 assert(n == 0);
1616 s->wp_level = !!level;
1617 }
1618
m25p80_realize(SSIPeripheral * ss,Error ** errp)1619 static void m25p80_realize(SSIPeripheral *ss, Error **errp)
1620 {
1621 Flash *s = M25P80(ss);
1622 M25P80Class *mc = M25P80_GET_CLASS(s);
1623 int ret;
1624
1625 s->pi = mc->pi;
1626
1627 s->size = s->pi->sector_size * s->pi->n_sectors;
1628 s->dirty_page = -1;
1629
1630 if (s->blk) {
1631 uint64_t perm = BLK_PERM_CONSISTENT_READ |
1632 (blk_supports_write_perm(s->blk) ? BLK_PERM_WRITE : 0);
1633 ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp);
1634 if (ret < 0) {
1635 return;
1636 }
1637
1638 trace_m25p80_binding(s);
1639 s->storage = blk_blockalign(s->blk, s->size);
1640
1641 if (!blk_check_size_and_read_all(s->blk, DEVICE(s),
1642 s->storage, s->size, errp)) {
1643 return;
1644 }
1645 } else {
1646 trace_m25p80_binding_no_bdrv(s);
1647 s->storage = blk_blockalign(NULL, s->size);
1648 memset(s->storage, 0xFF, s->size);
1649 }
1650
1651 qdev_init_gpio_in_named(DEVICE(s),
1652 m25p80_write_protect_pin_irq_handler, "WP#", 1);
1653 }
1654
m25p80_reset(DeviceState * d)1655 static void m25p80_reset(DeviceState *d)
1656 {
1657 Flash *s = M25P80(d);
1658
1659 s->wp_level = true;
1660 s->status_register_write_disabled = false;
1661 s->block_protect0 = false;
1662 s->block_protect1 = false;
1663 s->block_protect2 = false;
1664 s->block_protect3 = false;
1665 s->top_bottom_bit = false;
1666
1667 reset_memory(s);
1668 }
1669
m25p80_pre_save(void * opaque)1670 static int m25p80_pre_save(void *opaque)
1671 {
1672 flash_sync_dirty((Flash *)opaque, -1);
1673
1674 return 0;
1675 }
1676
1677 static Property m25p80_properties[] = {
1678 /* This is default value for Micron flash */
1679 DEFINE_PROP_BOOL("write-enable", Flash, write_enable, false),
1680 DEFINE_PROP_UINT32("nonvolatile-cfg", Flash, nonvolatile_cfg, 0x8FFF),
1681 DEFINE_PROP_UINT8("spansion-cr1nv", Flash, spansion_cr1nv, 0x0),
1682 DEFINE_PROP_UINT8("spansion-cr2nv", Flash, spansion_cr2nv, 0x8),
1683 DEFINE_PROP_UINT8("spansion-cr3nv", Flash, spansion_cr3nv, 0x2),
1684 DEFINE_PROP_UINT8("spansion-cr4nv", Flash, spansion_cr4nv, 0x10),
1685 DEFINE_PROP_DRIVE("drive", Flash, blk),
1686 DEFINE_PROP_END_OF_LIST(),
1687 };
1688
m25p80_pre_load(void * opaque)1689 static int m25p80_pre_load(void *opaque)
1690 {
1691 Flash *s = (Flash *)opaque;
1692
1693 s->data_read_loop = false;
1694 return 0;
1695 }
1696
m25p80_data_read_loop_needed(void * opaque)1697 static bool m25p80_data_read_loop_needed(void *opaque)
1698 {
1699 Flash *s = (Flash *)opaque;
1700
1701 return s->data_read_loop;
1702 }
1703
1704 static const VMStateDescription vmstate_m25p80_data_read_loop = {
1705 .name = "m25p80/data_read_loop",
1706 .version_id = 1,
1707 .minimum_version_id = 1,
1708 .needed = m25p80_data_read_loop_needed,
1709 .fields = (const VMStateField[]) {
1710 VMSTATE_BOOL(data_read_loop, Flash),
1711 VMSTATE_END_OF_LIST()
1712 }
1713 };
1714
m25p80_aai_enable_needed(void * opaque)1715 static bool m25p80_aai_enable_needed(void *opaque)
1716 {
1717 Flash *s = (Flash *)opaque;
1718
1719 return s->aai_enable;
1720 }
1721
1722 static const VMStateDescription vmstate_m25p80_aai_enable = {
1723 .name = "m25p80/aai_enable",
1724 .version_id = 1,
1725 .minimum_version_id = 1,
1726 .needed = m25p80_aai_enable_needed,
1727 .fields = (const VMStateField[]) {
1728 VMSTATE_BOOL(aai_enable, Flash),
1729 VMSTATE_END_OF_LIST()
1730 }
1731 };
1732
m25p80_wp_level_srwd_needed(void * opaque)1733 static bool m25p80_wp_level_srwd_needed(void *opaque)
1734 {
1735 Flash *s = (Flash *)opaque;
1736
1737 return !s->wp_level || s->status_register_write_disabled;
1738 }
1739
1740 static const VMStateDescription vmstate_m25p80_write_protect = {
1741 .name = "m25p80/write_protect",
1742 .version_id = 1,
1743 .minimum_version_id = 1,
1744 .needed = m25p80_wp_level_srwd_needed,
1745 .fields = (const VMStateField[]) {
1746 VMSTATE_BOOL(wp_level, Flash),
1747 VMSTATE_BOOL(status_register_write_disabled, Flash),
1748 VMSTATE_END_OF_LIST()
1749 }
1750 };
1751
m25p80_block_protect_needed(void * opaque)1752 static bool m25p80_block_protect_needed(void *opaque)
1753 {
1754 Flash *s = (Flash *)opaque;
1755
1756 return s->block_protect0 ||
1757 s->block_protect1 ||
1758 s->block_protect2 ||
1759 s->block_protect3 ||
1760 s->top_bottom_bit;
1761 }
1762
1763 static const VMStateDescription vmstate_m25p80_block_protect = {
1764 .name = "m25p80/block_protect",
1765 .version_id = 1,
1766 .minimum_version_id = 1,
1767 .needed = m25p80_block_protect_needed,
1768 .fields = (const VMStateField[]) {
1769 VMSTATE_BOOL(block_protect0, Flash),
1770 VMSTATE_BOOL(block_protect1, Flash),
1771 VMSTATE_BOOL(block_protect2, Flash),
1772 VMSTATE_BOOL(block_protect3, Flash),
1773 VMSTATE_BOOL(top_bottom_bit, Flash),
1774 VMSTATE_END_OF_LIST()
1775 }
1776 };
1777
1778 static const VMStateDescription vmstate_m25p80 = {
1779 .name = "m25p80",
1780 .version_id = 0,
1781 .minimum_version_id = 0,
1782 .pre_save = m25p80_pre_save,
1783 .pre_load = m25p80_pre_load,
1784 .fields = (const VMStateField[]) {
1785 VMSTATE_UINT8(state, Flash),
1786 VMSTATE_UINT8_ARRAY(data, Flash, M25P80_INTERNAL_DATA_BUFFER_SZ),
1787 VMSTATE_UINT32(len, Flash),
1788 VMSTATE_UINT32(pos, Flash),
1789 VMSTATE_UINT8(needed_bytes, Flash),
1790 VMSTATE_UINT8(cmd_in_progress, Flash),
1791 VMSTATE_UINT32(cur_addr, Flash),
1792 VMSTATE_BOOL(write_enable, Flash),
1793 VMSTATE_BOOL(reset_enable, Flash),
1794 VMSTATE_UINT8(ear, Flash),
1795 VMSTATE_BOOL(four_bytes_address_mode, Flash),
1796 VMSTATE_UINT32(nonvolatile_cfg, Flash),
1797 VMSTATE_UINT32(volatile_cfg, Flash),
1798 VMSTATE_UINT32(enh_volatile_cfg, Flash),
1799 VMSTATE_BOOL(quad_enable, Flash),
1800 VMSTATE_UINT8(spansion_cr1nv, Flash),
1801 VMSTATE_UINT8(spansion_cr2nv, Flash),
1802 VMSTATE_UINT8(spansion_cr3nv, Flash),
1803 VMSTATE_UINT8(spansion_cr4nv, Flash),
1804 VMSTATE_END_OF_LIST()
1805 },
1806 .subsections = (const VMStateDescription * const []) {
1807 &vmstate_m25p80_data_read_loop,
1808 &vmstate_m25p80_aai_enable,
1809 &vmstate_m25p80_write_protect,
1810 &vmstate_m25p80_block_protect,
1811 NULL
1812 }
1813 };
1814
m25p80_class_init(ObjectClass * klass,void * data)1815 static void m25p80_class_init(ObjectClass *klass, void *data)
1816 {
1817 DeviceClass *dc = DEVICE_CLASS(klass);
1818 SSIPeripheralClass *k = SSI_PERIPHERAL_CLASS(klass);
1819 M25P80Class *mc = M25P80_CLASS(klass);
1820
1821 k->realize = m25p80_realize;
1822 k->transfer = m25p80_transfer8;
1823 k->set_cs = m25p80_cs;
1824 k->cs_polarity = SSI_CS_LOW;
1825 dc->vmsd = &vmstate_m25p80;
1826 device_class_set_props(dc, m25p80_properties);
1827 dc->reset = m25p80_reset;
1828 mc->pi = data;
1829 }
1830
1831 static const TypeInfo m25p80_info = {
1832 .name = TYPE_M25P80,
1833 .parent = TYPE_SSI_PERIPHERAL,
1834 .instance_size = sizeof(Flash),
1835 .class_size = sizeof(M25P80Class),
1836 .abstract = true,
1837 };
1838
m25p80_register_types(void)1839 static void m25p80_register_types(void)
1840 {
1841 int i;
1842
1843 type_register_static(&m25p80_info);
1844 for (i = 0; i < ARRAY_SIZE(known_devices); ++i) {
1845 TypeInfo ti = {
1846 .name = known_devices[i].part_name,
1847 .parent = TYPE_M25P80,
1848 .class_init = m25p80_class_init,
1849 .class_data = (void *)&known_devices[i],
1850 };
1851 type_register(&ti);
1852 }
1853 }
1854
type_init(m25p80_register_types)1855 type_init(m25p80_register_types)
1856
1857 BlockBackend *m25p80_get_blk(DeviceState *dev)
1858 {
1859 return M25P80(dev)->blk;
1860 }
1861