1 /* 2 * ST M25P80 emulator. Emulate all SPI flash devices based on the m25p80 command 3 * set. Known devices table current as of Jun/2012 and taken from linux. 4 * See drivers/mtd/devices/m25p80.c. 5 * 6 * Copyright (C) 2011 Edgar E. Iglesias <edgar.iglesias@gmail.com> 7 * Copyright (C) 2012 Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com> 8 * Copyright (C) 2012 PetaLogix 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License as 12 * published by the Free Software Foundation; either version 2 or 13 * (at your option) a later version of the License. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License along 21 * with this program; if not, see <http://www.gnu.org/licenses/>. 22 */ 23 24 #include "qemu/osdep.h" 25 #include "hw/hw.h" 26 #include "sysemu/block-backend.h" 27 #include "sysemu/blockdev.h" 28 #include "hw/ssi/ssi.h" 29 #include "qemu/bitops.h" 30 #include "qemu/log.h" 31 32 #ifndef M25P80_ERR_DEBUG 33 #define M25P80_ERR_DEBUG 0 34 #endif 35 36 #define DB_PRINT_L(level, ...) do { \ 37 if (M25P80_ERR_DEBUG > (level)) { \ 38 fprintf(stderr, ": %s: ", __func__); \ 39 fprintf(stderr, ## __VA_ARGS__); \ 40 } \ 41 } while (0); 42 43 /* Fields for FlashPartInfo->flags */ 44 45 /* erase capabilities */ 46 #define ER_4K 1 47 #define ER_32K 2 48 /* set to allow the page program command to write 0s back to 1. Useful for 49 * modelling EEPROM with SPI flash command set 50 */ 51 #define EEPROM 0x100 52 53 /* 16 MiB max in 3 byte address mode */ 54 #define MAX_3BYTES_SIZE 0x1000000 55 56 typedef struct FlashPartInfo { 57 const char *part_name; 58 /* jedec code. (jedec >> 16) & 0xff is the 1st byte, >> 8 the 2nd etc */ 59 uint32_t jedec; 60 /* extended jedec code */ 61 uint16_t ext_jedec; 62 /* there is confusion between manufacturers as to what a sector is. In this 63 * device model, a "sector" is the size that is erased by the ERASE_SECTOR 64 * command (opcode 0xd8). 65 */ 66 uint32_t sector_size; 67 uint32_t n_sectors; 68 uint32_t page_size; 69 uint16_t flags; 70 } FlashPartInfo; 71 72 /* adapted from linux */ 73 74 #define INFO(_part_name, _jedec, _ext_jedec, _sector_size, _n_sectors, _flags)\ 75 .part_name = (_part_name),\ 76 .jedec = (_jedec),\ 77 .ext_jedec = (_ext_jedec),\ 78 .sector_size = (_sector_size),\ 79 .n_sectors = (_n_sectors),\ 80 .page_size = 256,\ 81 .flags = (_flags),\ 82 83 #define JEDEC_NUMONYX 0x20 84 #define JEDEC_WINBOND 0xEF 85 #define JEDEC_SPANSION 0x01 86 87 /* Numonyx (Micron) Configuration register macros */ 88 #define VCFG_DUMMY 0x1 89 #define VCFG_WRAP_SEQUENTIAL 0x2 90 #define NVCFG_XIP_MODE_DISABLED (7 << 9) 91 #define NVCFG_XIP_MODE_MASK (7 << 9) 92 #define VCFG_XIP_MODE_ENABLED (1 << 3) 93 #define CFG_DUMMY_CLK_LEN 4 94 #define NVCFG_DUMMY_CLK_POS 12 95 #define VCFG_DUMMY_CLK_POS 4 96 #define EVCFG_OUT_DRIVER_STRENGHT_DEF 7 97 #define EVCFG_VPP_ACCELERATOR (1 << 3) 98 #define EVCFG_RESET_HOLD_ENABLED (1 << 4) 99 #define NVCFG_DUAL_IO_MASK (1 << 2) 100 #define EVCFG_DUAL_IO_ENABLED (1 << 6) 101 #define NVCFG_QUAD_IO_MASK (1 << 3) 102 #define EVCFG_QUAD_IO_ENABLED (1 << 7) 103 #define NVCFG_4BYTE_ADDR_MASK (1 << 0) 104 #define NVCFG_LOWER_SEGMENT_MASK (1 << 1) 105 #define CFG_UPPER_128MB_SEG_ENABLED 0x3 106 107 /* Numonyx (Micron) Flag Status Register macros */ 108 #define FSR_4BYTE_ADDR_MODE_ENABLED 0x1 109 #define FSR_FLASH_READY (1 << 7) 110 111 static const FlashPartInfo known_devices[] = { 112 /* Atmel -- some are (confusingly) marketed as "DataFlash" */ 113 { INFO("at25fs010", 0x1f6601, 0, 32 << 10, 4, ER_4K) }, 114 { INFO("at25fs040", 0x1f6604, 0, 64 << 10, 8, ER_4K) }, 115 116 { INFO("at25df041a", 0x1f4401, 0, 64 << 10, 8, ER_4K) }, 117 { INFO("at25df321a", 0x1f4701, 0, 64 << 10, 64, ER_4K) }, 118 { INFO("at25df641", 0x1f4800, 0, 64 << 10, 128, ER_4K) }, 119 120 { INFO("at26f004", 0x1f0400, 0, 64 << 10, 8, ER_4K) }, 121 { INFO("at26df081a", 0x1f4501, 0, 64 << 10, 16, ER_4K) }, 122 { INFO("at26df161a", 0x1f4601, 0, 64 << 10, 32, ER_4K) }, 123 { INFO("at26df321", 0x1f4700, 0, 64 << 10, 64, ER_4K) }, 124 125 { INFO("at45db081d", 0x1f2500, 0, 64 << 10, 16, ER_4K) }, 126 127 /* Atmel EEPROMS - it is assumed, that don't care bit in command 128 * is set to 0. Block protection is not supported. 129 */ 130 { INFO("at25128a-nonjedec", 0x0, 0, 1, 131072, EEPROM) }, 131 { INFO("at25256a-nonjedec", 0x0, 0, 1, 262144, EEPROM) }, 132 133 /* EON -- en25xxx */ 134 { INFO("en25f32", 0x1c3116, 0, 64 << 10, 64, ER_4K) }, 135 { INFO("en25p32", 0x1c2016, 0, 64 << 10, 64, 0) }, 136 { INFO("en25q32b", 0x1c3016, 0, 64 << 10, 64, 0) }, 137 { INFO("en25p64", 0x1c2017, 0, 64 << 10, 128, 0) }, 138 { INFO("en25q64", 0x1c3017, 0, 64 << 10, 128, ER_4K) }, 139 140 /* GigaDevice */ 141 { INFO("gd25q32", 0xc84016, 0, 64 << 10, 64, ER_4K) }, 142 { INFO("gd25q64", 0xc84017, 0, 64 << 10, 128, ER_4K) }, 143 144 /* Intel/Numonyx -- xxxs33b */ 145 { INFO("160s33b", 0x898911, 0, 64 << 10, 32, 0) }, 146 { INFO("320s33b", 0x898912, 0, 64 << 10, 64, 0) }, 147 { INFO("640s33b", 0x898913, 0, 64 << 10, 128, 0) }, 148 { INFO("n25q064", 0x20ba17, 0, 64 << 10, 128, 0) }, 149 150 /* Macronix */ 151 { INFO("mx25l2005a", 0xc22012, 0, 64 << 10, 4, ER_4K) }, 152 { INFO("mx25l4005a", 0xc22013, 0, 64 << 10, 8, ER_4K) }, 153 { INFO("mx25l8005", 0xc22014, 0, 64 << 10, 16, 0) }, 154 { INFO("mx25l1606e", 0xc22015, 0, 64 << 10, 32, ER_4K) }, 155 { INFO("mx25l3205d", 0xc22016, 0, 64 << 10, 64, 0) }, 156 { INFO("mx25l6405d", 0xc22017, 0, 64 << 10, 128, 0) }, 157 { INFO("mx25l12805d", 0xc22018, 0, 64 << 10, 256, 0) }, 158 { INFO("mx25l12855e", 0xc22618, 0, 64 << 10, 256, 0) }, 159 { INFO("mx25l25635e", 0xc22019, 0, 64 << 10, 512, 0) }, 160 { INFO("mx25l25655e", 0xc22619, 0, 64 << 10, 512, 0) }, 161 162 /* Micron */ 163 { INFO("n25q032a11", 0x20bb16, 0, 64 << 10, 64, ER_4K) }, 164 { INFO("n25q032a13", 0x20ba16, 0, 64 << 10, 64, ER_4K) }, 165 { INFO("n25q064a11", 0x20bb17, 0, 64 << 10, 128, ER_4K) }, 166 { INFO("n25q064a13", 0x20ba17, 0, 64 << 10, 128, ER_4K) }, 167 { INFO("n25q128a11", 0x20bb18, 0, 64 << 10, 256, ER_4K) }, 168 { INFO("n25q128a13", 0x20ba18, 0, 64 << 10, 256, ER_4K) }, 169 { INFO("n25q256a11", 0x20bb19, 0, 64 << 10, 512, ER_4K) }, 170 { INFO("n25q256a13", 0x20ba19, 0, 64 << 10, 512, ER_4K) }, 171 172 /* Spansion -- single (large) sector size only, at least 173 * for the chips listed here (without boot sectors). 174 */ 175 { INFO("s25sl032p", 0x010215, 0x4d00, 64 << 10, 64, ER_4K) }, 176 { INFO("s25sl064p", 0x010216, 0x4d00, 64 << 10, 128, ER_4K) }, 177 { INFO("s25fl256s0", 0x010219, 0x4d00, 256 << 10, 128, 0) }, 178 { INFO("s25fl256s1", 0x010219, 0x4d01, 64 << 10, 512, 0) }, 179 { INFO("s25fl512s", 0x010220, 0x4d00, 256 << 10, 256, 0) }, 180 { INFO("s70fl01gs", 0x010221, 0x4d00, 256 << 10, 256, 0) }, 181 { INFO("s25sl12800", 0x012018, 0x0300, 256 << 10, 64, 0) }, 182 { INFO("s25sl12801", 0x012018, 0x0301, 64 << 10, 256, 0) }, 183 { INFO("s25fl129p0", 0x012018, 0x4d00, 256 << 10, 64, 0) }, 184 { INFO("s25fl129p1", 0x012018, 0x4d01, 64 << 10, 256, 0) }, 185 { INFO("s25sl004a", 0x010212, 0, 64 << 10, 8, 0) }, 186 { INFO("s25sl008a", 0x010213, 0, 64 << 10, 16, 0) }, 187 { INFO("s25sl016a", 0x010214, 0, 64 << 10, 32, 0) }, 188 { INFO("s25sl032a", 0x010215, 0, 64 << 10, 64, 0) }, 189 { INFO("s25sl064a", 0x010216, 0, 64 << 10, 128, 0) }, 190 { INFO("s25fl016k", 0xef4015, 0, 64 << 10, 32, ER_4K | ER_32K) }, 191 { INFO("s25fl064k", 0xef4017, 0, 64 << 10, 128, ER_4K | ER_32K) }, 192 193 /* SST -- large erase sizes are "overlays", "sectors" are 4<< 10 */ 194 { INFO("sst25vf040b", 0xbf258d, 0, 64 << 10, 8, ER_4K) }, 195 { INFO("sst25vf080b", 0xbf258e, 0, 64 << 10, 16, ER_4K) }, 196 { INFO("sst25vf016b", 0xbf2541, 0, 64 << 10, 32, ER_4K) }, 197 { INFO("sst25vf032b", 0xbf254a, 0, 64 << 10, 64, ER_4K) }, 198 { INFO("sst25wf512", 0xbf2501, 0, 64 << 10, 1, ER_4K) }, 199 { INFO("sst25wf010", 0xbf2502, 0, 64 << 10, 2, ER_4K) }, 200 { INFO("sst25wf020", 0xbf2503, 0, 64 << 10, 4, ER_4K) }, 201 { INFO("sst25wf040", 0xbf2504, 0, 64 << 10, 8, ER_4K) }, 202 { INFO("sst25wf080", 0xbf2505, 0, 64 << 10, 16, ER_4K) }, 203 204 /* ST Microelectronics -- newer production may have feature updates */ 205 { INFO("m25p05", 0x202010, 0, 32 << 10, 2, 0) }, 206 { INFO("m25p10", 0x202011, 0, 32 << 10, 4, 0) }, 207 { INFO("m25p20", 0x202012, 0, 64 << 10, 4, 0) }, 208 { INFO("m25p40", 0x202013, 0, 64 << 10, 8, 0) }, 209 { INFO("m25p80", 0x202014, 0, 64 << 10, 16, 0) }, 210 { INFO("m25p16", 0x202015, 0, 64 << 10, 32, 0) }, 211 { INFO("m25p32", 0x202016, 0, 64 << 10, 64, 0) }, 212 { INFO("m25p64", 0x202017, 0, 64 << 10, 128, 0) }, 213 { INFO("m25p128", 0x202018, 0, 256 << 10, 64, 0) }, 214 { INFO("n25q032", 0x20ba16, 0, 64 << 10, 64, 0) }, 215 216 { INFO("m45pe10", 0x204011, 0, 64 << 10, 2, 0) }, 217 { INFO("m45pe80", 0x204014, 0, 64 << 10, 16, 0) }, 218 { INFO("m45pe16", 0x204015, 0, 64 << 10, 32, 0) }, 219 220 { INFO("m25pe20", 0x208012, 0, 64 << 10, 4, 0) }, 221 { INFO("m25pe80", 0x208014, 0, 64 << 10, 16, 0) }, 222 { INFO("m25pe16", 0x208015, 0, 64 << 10, 32, ER_4K) }, 223 224 { INFO("m25px32", 0x207116, 0, 64 << 10, 64, ER_4K) }, 225 { INFO("m25px32-s0", 0x207316, 0, 64 << 10, 64, ER_4K) }, 226 { INFO("m25px32-s1", 0x206316, 0, 64 << 10, 64, ER_4K) }, 227 { INFO("m25px64", 0x207117, 0, 64 << 10, 128, 0) }, 228 229 /* Winbond -- w25x "blocks" are 64k, "sectors" are 4KiB */ 230 { INFO("w25x10", 0xef3011, 0, 64 << 10, 2, ER_4K) }, 231 { INFO("w25x20", 0xef3012, 0, 64 << 10, 4, ER_4K) }, 232 { INFO("w25x40", 0xef3013, 0, 64 << 10, 8, ER_4K) }, 233 { INFO("w25x80", 0xef3014, 0, 64 << 10, 16, ER_4K) }, 234 { INFO("w25x16", 0xef3015, 0, 64 << 10, 32, ER_4K) }, 235 { INFO("w25x32", 0xef3016, 0, 64 << 10, 64, ER_4K) }, 236 { INFO("w25q32", 0xef4016, 0, 64 << 10, 64, ER_4K) }, 237 { INFO("w25q32dw", 0xef6016, 0, 64 << 10, 64, ER_4K) }, 238 { INFO("w25x64", 0xef3017, 0, 64 << 10, 128, ER_4K) }, 239 { INFO("w25q64", 0xef4017, 0, 64 << 10, 128, ER_4K) }, 240 { INFO("w25q80", 0xef5014, 0, 64 << 10, 16, ER_4K) }, 241 { INFO("w25q80bl", 0xef4014, 0, 64 << 10, 16, ER_4K) }, 242 { INFO("w25q256", 0xef4019, 0, 64 << 10, 512, ER_4K) }, 243 244 { INFO("n25q128", 0x20ba18, 0, 64 << 10, 256, 0) }, 245 { INFO("n25q256a", 0x20ba19, 0, 64 << 10, 512, ER_4K) }, 246 { INFO("n25q512a", 0x20ba20, 0, 64 << 10, 1024, ER_4K) }, 247 }; 248 249 typedef enum { 250 NOP = 0, 251 WRSR = 0x1, 252 WRDI = 0x4, 253 RDSR = 0x5, 254 WREN = 0x6, 255 JEDEC_READ = 0x9f, 256 BULK_ERASE = 0xc7, 257 READ_FSR = 0x70, 258 259 READ = 0x03, 260 READ4 = 0x13, 261 FAST_READ = 0x0b, 262 FAST_READ4 = 0x0c, 263 DOR = 0x3b, 264 DOR4 = 0x3c, 265 QOR = 0x6b, 266 QOR4 = 0x6c, 267 DIOR = 0xbb, 268 DIOR4 = 0xbc, 269 QIOR = 0xeb, 270 QIOR4 = 0xec, 271 272 PP = 0x02, 273 PP4 = 0x12, 274 DPP = 0xa2, 275 QPP = 0x32, 276 277 ERASE_4K = 0x20, 278 ERASE4_4K = 0x21, 279 ERASE_32K = 0x52, 280 ERASE_SECTOR = 0xd8, 281 ERASE4_SECTOR = 0xdc, 282 283 EN_4BYTE_ADDR = 0xB7, 284 EX_4BYTE_ADDR = 0xE9, 285 286 EXTEND_ADDR_READ = 0xC8, 287 EXTEND_ADDR_WRITE = 0xC5, 288 289 RESET_ENABLE = 0x66, 290 RESET_MEMORY = 0x99, 291 292 RNVCR = 0xB5, 293 WNVCR = 0xB1, 294 295 RVCR = 0x85, 296 WVCR = 0x81, 297 298 REVCR = 0x65, 299 WEVCR = 0x61, 300 } FlashCMD; 301 302 typedef enum { 303 STATE_IDLE, 304 STATE_PAGE_PROGRAM, 305 STATE_READ, 306 STATE_COLLECTING_DATA, 307 STATE_READING_DATA, 308 } CMDState; 309 310 typedef struct Flash { 311 SSISlave parent_obj; 312 313 BlockBackend *blk; 314 315 uint8_t *storage; 316 uint32_t size; 317 int page_size; 318 319 uint8_t state; 320 uint8_t data[16]; 321 uint32_t len; 322 uint32_t pos; 323 uint8_t needed_bytes; 324 uint8_t cmd_in_progress; 325 uint64_t cur_addr; 326 uint32_t nonvolatile_cfg; 327 uint32_t volatile_cfg; 328 uint32_t enh_volatile_cfg; 329 bool write_enable; 330 bool four_bytes_address_mode; 331 bool reset_enable; 332 uint8_t ear; 333 334 int64_t dirty_page; 335 336 const FlashPartInfo *pi; 337 338 } Flash; 339 340 typedef struct M25P80Class { 341 SSISlaveClass parent_class; 342 FlashPartInfo *pi; 343 } M25P80Class; 344 345 #define TYPE_M25P80 "m25p80-generic" 346 #define M25P80(obj) \ 347 OBJECT_CHECK(Flash, (obj), TYPE_M25P80) 348 #define M25P80_CLASS(klass) \ 349 OBJECT_CLASS_CHECK(M25P80Class, (klass), TYPE_M25P80) 350 #define M25P80_GET_CLASS(obj) \ 351 OBJECT_GET_CLASS(M25P80Class, (obj), TYPE_M25P80) 352 353 static void blk_sync_complete(void *opaque, int ret) 354 { 355 /* do nothing. Masters do not directly interact with the backing store, 356 * only the working copy so no mutexing required. 357 */ 358 } 359 360 static void flash_sync_page(Flash *s, int page) 361 { 362 QEMUIOVector iov; 363 364 if (!s->blk || blk_is_read_only(s->blk)) { 365 return; 366 } 367 368 qemu_iovec_init(&iov, 1); 369 qemu_iovec_add(&iov, s->storage + page * s->pi->page_size, 370 s->pi->page_size); 371 blk_aio_pwritev(s->blk, page * s->pi->page_size, &iov, 0, 372 blk_sync_complete, NULL); 373 } 374 375 static inline void flash_sync_area(Flash *s, int64_t off, int64_t len) 376 { 377 QEMUIOVector iov; 378 379 if (!s->blk || blk_is_read_only(s->blk)) { 380 return; 381 } 382 383 assert(!(len % BDRV_SECTOR_SIZE)); 384 qemu_iovec_init(&iov, 1); 385 qemu_iovec_add(&iov, s->storage + off, len); 386 blk_aio_pwritev(s->blk, off, &iov, 0, blk_sync_complete, NULL); 387 } 388 389 static void flash_erase(Flash *s, int offset, FlashCMD cmd) 390 { 391 uint32_t len; 392 uint8_t capa_to_assert = 0; 393 394 switch (cmd) { 395 case ERASE_4K: 396 case ERASE4_4K: 397 len = 4 << 10; 398 capa_to_assert = ER_4K; 399 break; 400 case ERASE_32K: 401 len = 32 << 10; 402 capa_to_assert = ER_32K; 403 break; 404 case ERASE_SECTOR: 405 case ERASE4_SECTOR: 406 len = s->pi->sector_size; 407 break; 408 case BULK_ERASE: 409 len = s->size; 410 break; 411 default: 412 abort(); 413 } 414 415 DB_PRINT_L(0, "offset = %#x, len = %d\n", offset, len); 416 if ((s->pi->flags & capa_to_assert) != capa_to_assert) { 417 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: %d erase size not supported by" 418 " device\n", len); 419 } 420 421 if (!s->write_enable) { 422 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: erase with write protect!\n"); 423 return; 424 } 425 memset(s->storage + offset, 0xff, len); 426 flash_sync_area(s, offset, len); 427 } 428 429 static inline void flash_sync_dirty(Flash *s, int64_t newpage) 430 { 431 if (s->dirty_page >= 0 && s->dirty_page != newpage) { 432 flash_sync_page(s, s->dirty_page); 433 s->dirty_page = newpage; 434 } 435 } 436 437 static inline 438 void flash_write8(Flash *s, uint64_t addr, uint8_t data) 439 { 440 int64_t page = addr / s->pi->page_size; 441 uint8_t prev = s->storage[s->cur_addr]; 442 443 if (!s->write_enable) { 444 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: write with write protect!\n"); 445 } 446 447 if ((prev ^ data) & data) { 448 DB_PRINT_L(1, "programming zero to one! addr=%" PRIx64 " %" PRIx8 449 " -> %" PRIx8 "\n", addr, prev, data); 450 } 451 452 if (s->pi->flags & EEPROM) { 453 s->storage[s->cur_addr] = data; 454 } else { 455 s->storage[s->cur_addr] &= data; 456 } 457 458 flash_sync_dirty(s, page); 459 s->dirty_page = page; 460 } 461 462 static inline int get_addr_length(Flash *s) 463 { 464 /* check if eeprom is in use */ 465 if (s->pi->flags == EEPROM) { 466 return 2; 467 } 468 469 switch (s->cmd_in_progress) { 470 case PP4: 471 case READ4: 472 case QIOR4: 473 case ERASE4_4K: 474 case ERASE4_SECTOR: 475 case FAST_READ4: 476 case DOR4: 477 case QOR4: 478 case DIOR4: 479 return 4; 480 default: 481 return s->four_bytes_address_mode ? 4 : 3; 482 } 483 } 484 485 static void complete_collecting_data(Flash *s) 486 { 487 int i; 488 489 s->cur_addr = 0; 490 491 for (i = 0; i < get_addr_length(s); ++i) { 492 s->cur_addr <<= 8; 493 s->cur_addr |= s->data[i]; 494 } 495 496 if (get_addr_length(s) == 3) { 497 s->cur_addr += (s->ear & 0x3) * MAX_3BYTES_SIZE; 498 } 499 500 s->state = STATE_IDLE; 501 502 switch (s->cmd_in_progress) { 503 case DPP: 504 case QPP: 505 case PP: 506 case PP4: 507 s->state = STATE_PAGE_PROGRAM; 508 break; 509 case READ: 510 case READ4: 511 case FAST_READ: 512 case FAST_READ4: 513 case DOR: 514 case DOR4: 515 case QOR: 516 case QOR4: 517 case DIOR: 518 case DIOR4: 519 case QIOR: 520 case QIOR4: 521 s->state = STATE_READ; 522 break; 523 case ERASE_4K: 524 case ERASE4_4K: 525 case ERASE_32K: 526 case ERASE_SECTOR: 527 case ERASE4_SECTOR: 528 flash_erase(s, s->cur_addr, s->cmd_in_progress); 529 break; 530 case WRSR: 531 if (s->write_enable) { 532 s->write_enable = false; 533 } 534 break; 535 case EXTEND_ADDR_WRITE: 536 s->ear = s->data[0]; 537 break; 538 case WNVCR: 539 s->nonvolatile_cfg = s->data[0] | (s->data[1] << 8); 540 break; 541 case WVCR: 542 s->volatile_cfg = s->data[0]; 543 break; 544 case WEVCR: 545 s->enh_volatile_cfg = s->data[0]; 546 break; 547 default: 548 break; 549 } 550 } 551 552 static void reset_memory(Flash *s) 553 { 554 s->cmd_in_progress = NOP; 555 s->cur_addr = 0; 556 s->ear = 0; 557 s->four_bytes_address_mode = false; 558 s->len = 0; 559 s->needed_bytes = 0; 560 s->pos = 0; 561 s->state = STATE_IDLE; 562 s->write_enable = false; 563 s->reset_enable = false; 564 565 if (((s->pi->jedec >> 16) & 0xFF) == JEDEC_NUMONYX) { 566 s->volatile_cfg = 0; 567 s->volatile_cfg |= VCFG_DUMMY; 568 s->volatile_cfg |= VCFG_WRAP_SEQUENTIAL; 569 if ((s->nonvolatile_cfg & NVCFG_XIP_MODE_MASK) 570 != NVCFG_XIP_MODE_DISABLED) { 571 s->volatile_cfg |= VCFG_XIP_MODE_ENABLED; 572 } 573 s->volatile_cfg |= deposit32(s->volatile_cfg, 574 VCFG_DUMMY_CLK_POS, 575 CFG_DUMMY_CLK_LEN, 576 extract32(s->nonvolatile_cfg, 577 NVCFG_DUMMY_CLK_POS, 578 CFG_DUMMY_CLK_LEN) 579 ); 580 581 s->enh_volatile_cfg = 0; 582 s->enh_volatile_cfg |= EVCFG_OUT_DRIVER_STRENGHT_DEF; 583 s->enh_volatile_cfg |= EVCFG_VPP_ACCELERATOR; 584 s->enh_volatile_cfg |= EVCFG_RESET_HOLD_ENABLED; 585 if (s->nonvolatile_cfg & NVCFG_DUAL_IO_MASK) { 586 s->enh_volatile_cfg |= EVCFG_DUAL_IO_ENABLED; 587 } 588 if (s->nonvolatile_cfg & NVCFG_QUAD_IO_MASK) { 589 s->enh_volatile_cfg |= EVCFG_QUAD_IO_ENABLED; 590 } 591 if (!(s->nonvolatile_cfg & NVCFG_4BYTE_ADDR_MASK)) { 592 s->four_bytes_address_mode = true; 593 } 594 if (!(s->nonvolatile_cfg & NVCFG_LOWER_SEGMENT_MASK)) { 595 s->ear = CFG_UPPER_128MB_SEG_ENABLED; 596 } 597 } 598 599 DB_PRINT_L(0, "Reset done.\n"); 600 } 601 602 static void decode_new_cmd(Flash *s, uint32_t value) 603 { 604 s->cmd_in_progress = value; 605 DB_PRINT_L(0, "decoded new command:%x\n", value); 606 607 if (value != RESET_MEMORY) { 608 s->reset_enable = false; 609 } 610 611 switch (value) { 612 613 case ERASE_4K: 614 case ERASE4_4K: 615 case ERASE_32K: 616 case ERASE_SECTOR: 617 case ERASE4_SECTOR: 618 case READ: 619 case READ4: 620 case DPP: 621 case QPP: 622 case PP: 623 case PP4: 624 s->needed_bytes = get_addr_length(s); 625 s->pos = 0; 626 s->len = 0; 627 s->state = STATE_COLLECTING_DATA; 628 break; 629 630 case FAST_READ: 631 case FAST_READ4: 632 case DOR: 633 case DOR4: 634 case QOR: 635 case QOR4: 636 s->needed_bytes = get_addr_length(s); 637 if (((s->pi->jedec >> 16) & 0xFF) == JEDEC_NUMONYX) { 638 /* Dummy cycles modeled with bytes writes instead of bits */ 639 s->needed_bytes += extract32(s->volatile_cfg, 4, 4); 640 } 641 s->pos = 0; 642 s->len = 0; 643 s->state = STATE_COLLECTING_DATA; 644 break; 645 646 case DIOR: 647 case DIOR4: 648 switch ((s->pi->jedec >> 16) & 0xFF) { 649 case JEDEC_WINBOND: 650 case JEDEC_SPANSION: 651 s->needed_bytes = 4; 652 break; 653 default: 654 s->needed_bytes = get_addr_length(s); 655 /* Dummy cycles modeled with bytes writes instead of bits */ 656 s->needed_bytes += extract32(s->volatile_cfg, 4, 4); 657 } 658 s->pos = 0; 659 s->len = 0; 660 s->state = STATE_COLLECTING_DATA; 661 break; 662 663 case QIOR: 664 case QIOR4: 665 switch ((s->pi->jedec >> 16) & 0xFF) { 666 case JEDEC_WINBOND: 667 case JEDEC_SPANSION: 668 s->needed_bytes = 6; 669 break; 670 default: 671 s->needed_bytes = get_addr_length(s); 672 /* Dummy cycles modeled with bytes writes instead of bits */ 673 s->needed_bytes += extract32(s->volatile_cfg, 4, 4); 674 } 675 s->pos = 0; 676 s->len = 0; 677 s->state = STATE_COLLECTING_DATA; 678 break; 679 680 case WRSR: 681 if (s->write_enable) { 682 s->needed_bytes = 1; 683 s->pos = 0; 684 s->len = 0; 685 s->state = STATE_COLLECTING_DATA; 686 } 687 break; 688 689 case WRDI: 690 s->write_enable = false; 691 break; 692 case WREN: 693 s->write_enable = true; 694 break; 695 696 case RDSR: 697 s->data[0] = (!!s->write_enable) << 1; 698 s->pos = 0; 699 s->len = 1; 700 s->state = STATE_READING_DATA; 701 break; 702 703 case READ_FSR: 704 s->data[0] = FSR_FLASH_READY; 705 if (s->four_bytes_address_mode) { 706 s->data[0] |= FSR_4BYTE_ADDR_MODE_ENABLED; 707 } 708 s->pos = 0; 709 s->len = 1; 710 s->state = STATE_READING_DATA; 711 break; 712 713 case JEDEC_READ: 714 DB_PRINT_L(0, "populated jedec code\n"); 715 s->data[0] = (s->pi->jedec >> 16) & 0xff; 716 s->data[1] = (s->pi->jedec >> 8) & 0xff; 717 s->data[2] = s->pi->jedec & 0xff; 718 if (s->pi->ext_jedec) { 719 s->data[3] = (s->pi->ext_jedec >> 8) & 0xff; 720 s->data[4] = s->pi->ext_jedec & 0xff; 721 s->len = 5; 722 } else { 723 s->len = 3; 724 } 725 s->pos = 0; 726 s->state = STATE_READING_DATA; 727 break; 728 729 case BULK_ERASE: 730 if (s->write_enable) { 731 DB_PRINT_L(0, "chip erase\n"); 732 flash_erase(s, 0, BULK_ERASE); 733 } else { 734 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: chip erase with write " 735 "protect!\n"); 736 } 737 break; 738 case NOP: 739 break; 740 case EN_4BYTE_ADDR: 741 s->four_bytes_address_mode = true; 742 break; 743 case EX_4BYTE_ADDR: 744 s->four_bytes_address_mode = false; 745 break; 746 case EXTEND_ADDR_READ: 747 s->data[0] = s->ear; 748 s->pos = 0; 749 s->len = 1; 750 s->state = STATE_READING_DATA; 751 break; 752 case EXTEND_ADDR_WRITE: 753 if (s->write_enable) { 754 s->needed_bytes = 1; 755 s->pos = 0; 756 s->len = 0; 757 s->state = STATE_COLLECTING_DATA; 758 } 759 break; 760 case RNVCR: 761 s->data[0] = s->nonvolatile_cfg & 0xFF; 762 s->data[1] = (s->nonvolatile_cfg >> 8) & 0xFF; 763 s->pos = 0; 764 s->len = 2; 765 s->state = STATE_READING_DATA; 766 break; 767 case WNVCR: 768 if (s->write_enable) { 769 s->needed_bytes = 2; 770 s->pos = 0; 771 s->len = 0; 772 s->state = STATE_COLLECTING_DATA; 773 } 774 break; 775 case RVCR: 776 s->data[0] = s->volatile_cfg & 0xFF; 777 s->pos = 0; 778 s->len = 1; 779 s->state = STATE_READING_DATA; 780 break; 781 case WVCR: 782 if (s->write_enable) { 783 s->needed_bytes = 1; 784 s->pos = 0; 785 s->len = 0; 786 s->state = STATE_COLLECTING_DATA; 787 } 788 break; 789 case REVCR: 790 s->data[0] = s->enh_volatile_cfg & 0xFF; 791 s->pos = 0; 792 s->len = 1; 793 s->state = STATE_READING_DATA; 794 break; 795 case WEVCR: 796 if (s->write_enable) { 797 s->needed_bytes = 1; 798 s->pos = 0; 799 s->len = 0; 800 s->state = STATE_COLLECTING_DATA; 801 } 802 break; 803 case RESET_ENABLE: 804 s->reset_enable = true; 805 break; 806 case RESET_MEMORY: 807 if (s->reset_enable) { 808 reset_memory(s); 809 } 810 break; 811 default: 812 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value); 813 break; 814 } 815 } 816 817 static int m25p80_cs(SSISlave *ss, bool select) 818 { 819 Flash *s = M25P80(ss); 820 821 if (select) { 822 s->len = 0; 823 s->pos = 0; 824 s->state = STATE_IDLE; 825 flash_sync_dirty(s, -1); 826 } 827 828 DB_PRINT_L(0, "%sselect\n", select ? "de" : ""); 829 830 return 0; 831 } 832 833 static uint32_t m25p80_transfer8(SSISlave *ss, uint32_t tx) 834 { 835 Flash *s = M25P80(ss); 836 uint32_t r = 0; 837 838 switch (s->state) { 839 840 case STATE_PAGE_PROGRAM: 841 DB_PRINT_L(1, "page program cur_addr=%#" PRIx64 " data=%" PRIx8 "\n", 842 s->cur_addr, (uint8_t)tx); 843 flash_write8(s, s->cur_addr, (uint8_t)tx); 844 s->cur_addr++; 845 break; 846 847 case STATE_READ: 848 r = s->storage[s->cur_addr]; 849 DB_PRINT_L(1, "READ 0x%" PRIx64 "=%" PRIx8 "\n", s->cur_addr, 850 (uint8_t)r); 851 s->cur_addr = (s->cur_addr + 1) % s->size; 852 break; 853 854 case STATE_COLLECTING_DATA: 855 s->data[s->len] = (uint8_t)tx; 856 s->len++; 857 858 if (s->len == s->needed_bytes) { 859 complete_collecting_data(s); 860 } 861 break; 862 863 case STATE_READING_DATA: 864 r = s->data[s->pos]; 865 s->pos++; 866 if (s->pos == s->len) { 867 s->pos = 0; 868 s->state = STATE_IDLE; 869 } 870 break; 871 872 default: 873 case STATE_IDLE: 874 decode_new_cmd(s, (uint8_t)tx); 875 break; 876 } 877 878 return r; 879 } 880 881 static int m25p80_init(SSISlave *ss) 882 { 883 DriveInfo *dinfo; 884 Flash *s = M25P80(ss); 885 M25P80Class *mc = M25P80_GET_CLASS(s); 886 887 s->pi = mc->pi; 888 889 s->size = s->pi->sector_size * s->pi->n_sectors; 890 s->dirty_page = -1; 891 892 /* FIXME use a qdev drive property instead of drive_get_next() */ 893 dinfo = drive_get_next(IF_MTD); 894 895 if (dinfo) { 896 DB_PRINT_L(0, "Binding to IF_MTD drive\n"); 897 s->blk = blk_by_legacy_dinfo(dinfo); 898 blk_attach_dev_nofail(s->blk, s); 899 900 s->storage = blk_blockalign(s->blk, s->size); 901 902 /* FIXME: Move to late init */ 903 if (blk_pread(s->blk, 0, s->storage, s->size)) { 904 fprintf(stderr, "Failed to initialize SPI flash!\n"); 905 return 1; 906 } 907 } else { 908 DB_PRINT_L(0, "No BDRV - binding to RAM\n"); 909 s->storage = blk_blockalign(NULL, s->size); 910 memset(s->storage, 0xFF, s->size); 911 } 912 913 return 0; 914 } 915 916 static void m25p80_reset(DeviceState *d) 917 { 918 Flash *s = M25P80(d); 919 920 reset_memory(s); 921 } 922 923 static void m25p80_pre_save(void *opaque) 924 { 925 flash_sync_dirty((Flash *)opaque, -1); 926 } 927 928 static Property m25p80_properties[] = { 929 DEFINE_PROP_UINT32("nonvolatile-cfg", Flash, nonvolatile_cfg, 0x8FFF), 930 DEFINE_PROP_END_OF_LIST(), 931 }; 932 933 static const VMStateDescription vmstate_m25p80 = { 934 .name = "xilinx_spi", 935 .version_id = 2, 936 .minimum_version_id = 1, 937 .pre_save = m25p80_pre_save, 938 .fields = (VMStateField[]) { 939 VMSTATE_UINT8(state, Flash), 940 VMSTATE_UINT8_ARRAY(data, Flash, 16), 941 VMSTATE_UINT32(len, Flash), 942 VMSTATE_UINT32(pos, Flash), 943 VMSTATE_UINT8(needed_bytes, Flash), 944 VMSTATE_UINT8(cmd_in_progress, Flash), 945 VMSTATE_UINT64(cur_addr, Flash), 946 VMSTATE_BOOL(write_enable, Flash), 947 VMSTATE_BOOL_V(reset_enable, Flash, 2), 948 VMSTATE_UINT8_V(ear, Flash, 2), 949 VMSTATE_BOOL_V(four_bytes_address_mode, Flash, 2), 950 VMSTATE_UINT32_V(nonvolatile_cfg, Flash, 2), 951 VMSTATE_UINT32_V(volatile_cfg, Flash, 2), 952 VMSTATE_UINT32_V(enh_volatile_cfg, Flash, 2), 953 VMSTATE_END_OF_LIST() 954 } 955 }; 956 957 static void m25p80_class_init(ObjectClass *klass, void *data) 958 { 959 DeviceClass *dc = DEVICE_CLASS(klass); 960 SSISlaveClass *k = SSI_SLAVE_CLASS(klass); 961 M25P80Class *mc = M25P80_CLASS(klass); 962 963 k->init = m25p80_init; 964 k->transfer = m25p80_transfer8; 965 k->set_cs = m25p80_cs; 966 k->cs_polarity = SSI_CS_LOW; 967 dc->vmsd = &vmstate_m25p80; 968 dc->props = m25p80_properties; 969 dc->reset = m25p80_reset; 970 mc->pi = data; 971 } 972 973 static const TypeInfo m25p80_info = { 974 .name = TYPE_M25P80, 975 .parent = TYPE_SSI_SLAVE, 976 .instance_size = sizeof(Flash), 977 .class_size = sizeof(M25P80Class), 978 .abstract = true, 979 }; 980 981 static void m25p80_register_types(void) 982 { 983 int i; 984 985 type_register_static(&m25p80_info); 986 for (i = 0; i < ARRAY_SIZE(known_devices); ++i) { 987 TypeInfo ti = { 988 .name = known_devices[i].part_name, 989 .parent = TYPE_M25P80, 990 .class_init = m25p80_class_init, 991 .class_data = (void *)&known_devices[i], 992 }; 993 type_register(&ti); 994 } 995 } 996 997 type_init(m25p80_register_types) 998