1 /* 2 * ST M25P80 emulator. Emulate all SPI flash devices based on the m25p80 command 3 * set. Known devices table current as of Jun/2012 and taken from linux. 4 * See drivers/mtd/devices/m25p80.c. 5 * 6 * Copyright (C) 2011 Edgar E. Iglesias <edgar.iglesias@gmail.com> 7 * Copyright (C) 2012 Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com> 8 * Copyright (C) 2012 PetaLogix 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License as 12 * published by the Free Software Foundation; either version 2 or 13 * (at your option) a later version of the License. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License along 21 * with this program; if not, see <http://www.gnu.org/licenses/>. 22 */ 23 24 #include "qemu/osdep.h" 25 #include "qemu/units.h" 26 #include "hw/hw.h" 27 #include "sysemu/block-backend.h" 28 #include "hw/ssi/ssi.h" 29 #include "qemu/bitops.h" 30 #include "qemu/log.h" 31 #include "qemu/module.h" 32 #include "qemu/error-report.h" 33 #include "qapi/error.h" 34 35 #ifndef M25P80_ERR_DEBUG 36 #define M25P80_ERR_DEBUG 0 37 #endif 38 39 #define DB_PRINT_L(level, ...) do { \ 40 if (M25P80_ERR_DEBUG > (level)) { \ 41 fprintf(stderr, ": %s: ", __func__); \ 42 fprintf(stderr, ## __VA_ARGS__); \ 43 } \ 44 } while (0) 45 46 /* Fields for FlashPartInfo->flags */ 47 48 /* erase capabilities */ 49 #define ER_4K 1 50 #define ER_32K 2 51 /* set to allow the page program command to write 0s back to 1. Useful for 52 * modelling EEPROM with SPI flash command set 53 */ 54 #define EEPROM 0x100 55 56 /* 16 MiB max in 3 byte address mode */ 57 #define MAX_3BYTES_SIZE 0x1000000 58 59 #define SPI_NOR_MAX_ID_LEN 6 60 61 typedef struct FlashPartInfo { 62 const char *part_name; 63 /* 64 * This array stores the ID bytes. 65 * The first three bytes are the JEDIC ID. 66 * JEDEC ID zero means "no ID" (mostly older chips). 67 */ 68 uint8_t id[SPI_NOR_MAX_ID_LEN]; 69 uint8_t id_len; 70 /* there is confusion between manufacturers as to what a sector is. In this 71 * device model, a "sector" is the size that is erased by the ERASE_SECTOR 72 * command (opcode 0xd8). 73 */ 74 uint32_t sector_size; 75 uint32_t n_sectors; 76 uint32_t page_size; 77 uint16_t flags; 78 /* 79 * Big sized spi nor are often stacked devices, thus sometime 80 * replace chip erase with die erase. 81 * This field inform how many die is in the chip. 82 */ 83 uint8_t die_cnt; 84 } FlashPartInfo; 85 86 /* adapted from linux */ 87 /* Used when the "_ext_id" is two bytes at most */ 88 #define INFO(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors, _flags)\ 89 .part_name = _part_name,\ 90 .id = {\ 91 ((_jedec_id) >> 16) & 0xff,\ 92 ((_jedec_id) >> 8) & 0xff,\ 93 (_jedec_id) & 0xff,\ 94 ((_ext_id) >> 8) & 0xff,\ 95 (_ext_id) & 0xff,\ 96 },\ 97 .id_len = (!(_jedec_id) ? 0 : (3 + ((_ext_id) ? 2 : 0))),\ 98 .sector_size = (_sector_size),\ 99 .n_sectors = (_n_sectors),\ 100 .page_size = 256,\ 101 .flags = (_flags),\ 102 .die_cnt = 0 103 104 #define INFO6(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors, _flags)\ 105 .part_name = _part_name,\ 106 .id = {\ 107 ((_jedec_id) >> 16) & 0xff,\ 108 ((_jedec_id) >> 8) & 0xff,\ 109 (_jedec_id) & 0xff,\ 110 ((_ext_id) >> 16) & 0xff,\ 111 ((_ext_id) >> 8) & 0xff,\ 112 (_ext_id) & 0xff,\ 113 },\ 114 .id_len = 6,\ 115 .sector_size = (_sector_size),\ 116 .n_sectors = (_n_sectors),\ 117 .page_size = 256,\ 118 .flags = (_flags),\ 119 .die_cnt = 0 120 121 #define INFO_STACKED(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors,\ 122 _flags, _die_cnt)\ 123 .part_name = _part_name,\ 124 .id = {\ 125 ((_jedec_id) >> 16) & 0xff,\ 126 ((_jedec_id) >> 8) & 0xff,\ 127 (_jedec_id) & 0xff,\ 128 ((_ext_id) >> 8) & 0xff,\ 129 (_ext_id) & 0xff,\ 130 },\ 131 .id_len = (!(_jedec_id) ? 0 : (3 + ((_ext_id) ? 2 : 0))),\ 132 .sector_size = (_sector_size),\ 133 .n_sectors = (_n_sectors),\ 134 .page_size = 256,\ 135 .flags = (_flags),\ 136 .die_cnt = _die_cnt 137 138 #define JEDEC_NUMONYX 0x20 139 #define JEDEC_WINBOND 0xEF 140 #define JEDEC_SPANSION 0x01 141 142 /* Numonyx (Micron) Configuration register macros */ 143 #define VCFG_DUMMY 0x1 144 #define VCFG_WRAP_SEQUENTIAL 0x2 145 #define NVCFG_XIP_MODE_DISABLED (7 << 9) 146 #define NVCFG_XIP_MODE_MASK (7 << 9) 147 #define VCFG_XIP_MODE_ENABLED (1 << 3) 148 #define CFG_DUMMY_CLK_LEN 4 149 #define NVCFG_DUMMY_CLK_POS 12 150 #define VCFG_DUMMY_CLK_POS 4 151 #define EVCFG_OUT_DRIVER_STRENGTH_DEF 7 152 #define EVCFG_VPP_ACCELERATOR (1 << 3) 153 #define EVCFG_RESET_HOLD_ENABLED (1 << 4) 154 #define NVCFG_DUAL_IO_MASK (1 << 2) 155 #define EVCFG_DUAL_IO_ENABLED (1 << 6) 156 #define NVCFG_QUAD_IO_MASK (1 << 3) 157 #define EVCFG_QUAD_IO_ENABLED (1 << 7) 158 #define NVCFG_4BYTE_ADDR_MASK (1 << 0) 159 #define NVCFG_LOWER_SEGMENT_MASK (1 << 1) 160 161 /* Numonyx (Micron) Flag Status Register macros */ 162 #define FSR_4BYTE_ADDR_MODE_ENABLED 0x1 163 #define FSR_FLASH_READY (1 << 7) 164 165 /* Spansion configuration registers macros. */ 166 #define SPANSION_QUAD_CFG_POS 0 167 #define SPANSION_QUAD_CFG_LEN 1 168 #define SPANSION_DUMMY_CLK_POS 0 169 #define SPANSION_DUMMY_CLK_LEN 4 170 #define SPANSION_ADDR_LEN_POS 7 171 #define SPANSION_ADDR_LEN_LEN 1 172 173 /* 174 * Spansion read mode command length in bytes, 175 * the mode is currently not supported. 176 */ 177 178 #define SPANSION_CONTINUOUS_READ_MODE_CMD_LEN 1 179 #define WINBOND_CONTINUOUS_READ_MODE_CMD_LEN 1 180 181 static const FlashPartInfo known_devices[] = { 182 /* Atmel -- some are (confusingly) marketed as "DataFlash" */ 183 { INFO("at25fs010", 0x1f6601, 0, 32 << 10, 4, ER_4K) }, 184 { INFO("at25fs040", 0x1f6604, 0, 64 << 10, 8, ER_4K) }, 185 186 { INFO("at25df041a", 0x1f4401, 0, 64 << 10, 8, ER_4K) }, 187 { INFO("at25df321a", 0x1f4701, 0, 64 << 10, 64, ER_4K) }, 188 { INFO("at25df641", 0x1f4800, 0, 64 << 10, 128, ER_4K) }, 189 190 { INFO("at26f004", 0x1f0400, 0, 64 << 10, 8, ER_4K) }, 191 { INFO("at26df081a", 0x1f4501, 0, 64 << 10, 16, ER_4K) }, 192 { INFO("at26df161a", 0x1f4601, 0, 64 << 10, 32, ER_4K) }, 193 { INFO("at26df321", 0x1f4700, 0, 64 << 10, 64, ER_4K) }, 194 195 { INFO("at45db081d", 0x1f2500, 0, 64 << 10, 16, ER_4K) }, 196 197 /* Atmel EEPROMS - it is assumed, that don't care bit in command 198 * is set to 0. Block protection is not supported. 199 */ 200 { INFO("at25128a-nonjedec", 0x0, 0, 1, 131072, EEPROM) }, 201 { INFO("at25256a-nonjedec", 0x0, 0, 1, 262144, EEPROM) }, 202 203 /* EON -- en25xxx */ 204 { INFO("en25f32", 0x1c3116, 0, 64 << 10, 64, ER_4K) }, 205 { INFO("en25p32", 0x1c2016, 0, 64 << 10, 64, 0) }, 206 { INFO("en25q32b", 0x1c3016, 0, 64 << 10, 64, 0) }, 207 { INFO("en25p64", 0x1c2017, 0, 64 << 10, 128, 0) }, 208 { INFO("en25q64", 0x1c3017, 0, 64 << 10, 128, ER_4K) }, 209 210 /* GigaDevice */ 211 { INFO("gd25q32", 0xc84016, 0, 64 << 10, 64, ER_4K) }, 212 { INFO("gd25q64", 0xc84017, 0, 64 << 10, 128, ER_4K) }, 213 214 /* Intel/Numonyx -- xxxs33b */ 215 { INFO("160s33b", 0x898911, 0, 64 << 10, 32, 0) }, 216 { INFO("320s33b", 0x898912, 0, 64 << 10, 64, 0) }, 217 { INFO("640s33b", 0x898913, 0, 64 << 10, 128, 0) }, 218 { INFO("n25q064", 0x20ba17, 0, 64 << 10, 128, 0) }, 219 220 /* Macronix */ 221 { INFO("mx25l2005a", 0xc22012, 0, 64 << 10, 4, ER_4K) }, 222 { INFO("mx25l4005a", 0xc22013, 0, 64 << 10, 8, ER_4K) }, 223 { INFO("mx25l8005", 0xc22014, 0, 64 << 10, 16, 0) }, 224 { INFO("mx25l1606e", 0xc22015, 0, 64 << 10, 32, ER_4K) }, 225 { INFO("mx25l3205d", 0xc22016, 0, 64 << 10, 64, 0) }, 226 { INFO("mx25l6405d", 0xc22017, 0, 64 << 10, 128, 0) }, 227 { INFO("mx25l12805d", 0xc22018, 0, 64 << 10, 256, 0) }, 228 { INFO("mx25l12855e", 0xc22618, 0, 64 << 10, 256, 0) }, 229 { INFO("mx25l25635e", 0xc22019, 0, 64 << 10, 512, 0) }, 230 { INFO("mx25l25655e", 0xc22619, 0, 64 << 10, 512, 0) }, 231 { INFO("mx66u51235f", 0xc2253a, 0, 64 << 10, 1024, ER_4K | ER_32K) }, 232 { INFO("mx66u1g45g", 0xc2253b, 0, 64 << 10, 2048, ER_4K | ER_32K) }, 233 { INFO("mx66l1g45g", 0xc2201b, 0, 64 << 10, 2048, ER_4K | ER_32K) }, 234 235 /* Micron */ 236 { INFO("n25q032a11", 0x20bb16, 0, 64 << 10, 64, ER_4K) }, 237 { INFO("n25q032a13", 0x20ba16, 0, 64 << 10, 64, ER_4K) }, 238 { INFO("n25q064a11", 0x20bb17, 0, 64 << 10, 128, ER_4K) }, 239 { INFO("n25q064a13", 0x20ba17, 0, 64 << 10, 128, ER_4K) }, 240 { INFO("n25q128a11", 0x20bb18, 0, 64 << 10, 256, ER_4K) }, 241 { INFO("n25q128a13", 0x20ba18, 0, 64 << 10, 256, ER_4K) }, 242 { INFO("n25q256a11", 0x20bb19, 0, 64 << 10, 512, ER_4K) }, 243 { INFO("n25q256a13", 0x20ba19, 0, 64 << 10, 512, ER_4K) }, 244 { INFO("n25q512a11", 0x20bb20, 0, 64 << 10, 1024, ER_4K) }, 245 { INFO("n25q512a13", 0x20ba20, 0, 64 << 10, 1024, ER_4K) }, 246 { INFO("n25q128", 0x20ba18, 0, 64 << 10, 256, 0) }, 247 { INFO("n25q256a", 0x20ba19, 0, 64 << 10, 512, ER_4K) }, 248 { INFO("n25q512a", 0x20ba20, 0, 64 << 10, 1024, ER_4K) }, 249 { INFO_STACKED("n25q00", 0x20ba21, 0x1000, 64 << 10, 2048, ER_4K, 4) }, 250 { INFO_STACKED("n25q00a", 0x20bb21, 0x1000, 64 << 10, 2048, ER_4K, 4) }, 251 { INFO_STACKED("mt25ql01g", 0x20ba21, 0x1040, 64 << 10, 2048, ER_4K, 2) }, 252 { INFO_STACKED("mt25qu01g", 0x20bb21, 0x1040, 64 << 10, 2048, ER_4K, 2) }, 253 254 /* Spansion -- single (large) sector size only, at least 255 * for the chips listed here (without boot sectors). 256 */ 257 { INFO("s25sl032p", 0x010215, 0x4d00, 64 << 10, 64, ER_4K) }, 258 { INFO("s25sl064p", 0x010216, 0x4d00, 64 << 10, 128, ER_4K) }, 259 { INFO("s25fl256s0", 0x010219, 0x4d00, 256 << 10, 128, 0) }, 260 { INFO("s25fl256s1", 0x010219, 0x4d01, 64 << 10, 512, 0) }, 261 { INFO6("s25fl512s", 0x010220, 0x4d0080, 256 << 10, 256, 0) }, 262 { INFO6("s70fl01gs", 0x010221, 0x4d0080, 256 << 10, 512, 0) }, 263 { INFO("s25sl12800", 0x012018, 0x0300, 256 << 10, 64, 0) }, 264 { INFO("s25sl12801", 0x012018, 0x0301, 64 << 10, 256, 0) }, 265 { INFO("s25fl129p0", 0x012018, 0x4d00, 256 << 10, 64, 0) }, 266 { INFO("s25fl129p1", 0x012018, 0x4d01, 64 << 10, 256, 0) }, 267 { INFO("s25sl004a", 0x010212, 0, 64 << 10, 8, 0) }, 268 { INFO("s25sl008a", 0x010213, 0, 64 << 10, 16, 0) }, 269 { INFO("s25sl016a", 0x010214, 0, 64 << 10, 32, 0) }, 270 { INFO("s25sl032a", 0x010215, 0, 64 << 10, 64, 0) }, 271 { INFO("s25sl064a", 0x010216, 0, 64 << 10, 128, 0) }, 272 { INFO("s25fl016k", 0xef4015, 0, 64 << 10, 32, ER_4K | ER_32K) }, 273 { INFO("s25fl064k", 0xef4017, 0, 64 << 10, 128, ER_4K | ER_32K) }, 274 275 /* Spansion -- boot sectors support */ 276 { INFO6("s25fs512s", 0x010220, 0x4d0081, 256 << 10, 256, 0) }, 277 { INFO6("s70fs01gs", 0x010221, 0x4d0081, 256 << 10, 512, 0) }, 278 279 /* SST -- large erase sizes are "overlays", "sectors" are 4<< 10 */ 280 { INFO("sst25vf040b", 0xbf258d, 0, 64 << 10, 8, ER_4K) }, 281 { INFO("sst25vf080b", 0xbf258e, 0, 64 << 10, 16, ER_4K) }, 282 { INFO("sst25vf016b", 0xbf2541, 0, 64 << 10, 32, ER_4K) }, 283 { INFO("sst25vf032b", 0xbf254a, 0, 64 << 10, 64, ER_4K) }, 284 { INFO("sst25wf512", 0xbf2501, 0, 64 << 10, 1, ER_4K) }, 285 { INFO("sst25wf010", 0xbf2502, 0, 64 << 10, 2, ER_4K) }, 286 { INFO("sst25wf020", 0xbf2503, 0, 64 << 10, 4, ER_4K) }, 287 { INFO("sst25wf040", 0xbf2504, 0, 64 << 10, 8, ER_4K) }, 288 { INFO("sst25wf080", 0xbf2505, 0, 64 << 10, 16, ER_4K) }, 289 290 /* ST Microelectronics -- newer production may have feature updates */ 291 { INFO("m25p05", 0x202010, 0, 32 << 10, 2, 0) }, 292 { INFO("m25p10", 0x202011, 0, 32 << 10, 4, 0) }, 293 { INFO("m25p20", 0x202012, 0, 64 << 10, 4, 0) }, 294 { INFO("m25p40", 0x202013, 0, 64 << 10, 8, 0) }, 295 { INFO("m25p80", 0x202014, 0, 64 << 10, 16, 0) }, 296 { INFO("m25p16", 0x202015, 0, 64 << 10, 32, 0) }, 297 { INFO("m25p32", 0x202016, 0, 64 << 10, 64, 0) }, 298 { INFO("m25p64", 0x202017, 0, 64 << 10, 128, 0) }, 299 { INFO("m25p128", 0x202018, 0, 256 << 10, 64, 0) }, 300 { INFO("n25q032", 0x20ba16, 0, 64 << 10, 64, 0) }, 301 302 { INFO("m45pe10", 0x204011, 0, 64 << 10, 2, 0) }, 303 { INFO("m45pe80", 0x204014, 0, 64 << 10, 16, 0) }, 304 { INFO("m45pe16", 0x204015, 0, 64 << 10, 32, 0) }, 305 306 { INFO("m25pe20", 0x208012, 0, 64 << 10, 4, 0) }, 307 { INFO("m25pe80", 0x208014, 0, 64 << 10, 16, 0) }, 308 { INFO("m25pe16", 0x208015, 0, 64 << 10, 32, ER_4K) }, 309 310 { INFO("m25px32", 0x207116, 0, 64 << 10, 64, ER_4K) }, 311 { INFO("m25px32-s0", 0x207316, 0, 64 << 10, 64, ER_4K) }, 312 { INFO("m25px32-s1", 0x206316, 0, 64 << 10, 64, ER_4K) }, 313 { INFO("m25px64", 0x207117, 0, 64 << 10, 128, 0) }, 314 315 /* Winbond -- w25x "blocks" are 64k, "sectors" are 4KiB */ 316 { INFO("w25x10", 0xef3011, 0, 64 << 10, 2, ER_4K) }, 317 { INFO("w25x20", 0xef3012, 0, 64 << 10, 4, ER_4K) }, 318 { INFO("w25x40", 0xef3013, 0, 64 << 10, 8, ER_4K) }, 319 { INFO("w25x80", 0xef3014, 0, 64 << 10, 16, ER_4K) }, 320 { INFO("w25x16", 0xef3015, 0, 64 << 10, 32, ER_4K) }, 321 { INFO("w25x32", 0xef3016, 0, 64 << 10, 64, ER_4K) }, 322 { INFO("w25q32", 0xef4016, 0, 64 << 10, 64, ER_4K) }, 323 { INFO("w25q32dw", 0xef6016, 0, 64 << 10, 64, ER_4K) }, 324 { INFO("w25x64", 0xef3017, 0, 64 << 10, 128, ER_4K) }, 325 { INFO("w25q64", 0xef4017, 0, 64 << 10, 128, ER_4K) }, 326 { INFO("w25q80", 0xef5014, 0, 64 << 10, 16, ER_4K) }, 327 { INFO("w25q80bl", 0xef4014, 0, 64 << 10, 16, ER_4K) }, 328 { INFO("w25q256", 0xef4019, 0, 64 << 10, 512, ER_4K) }, 329 }; 330 331 typedef enum { 332 NOP = 0, 333 WRSR = 0x1, 334 WRDI = 0x4, 335 RDSR = 0x5, 336 WREN = 0x6, 337 BRRD = 0x16, 338 BRWR = 0x17, 339 JEDEC_READ = 0x9f, 340 BULK_ERASE_60 = 0x60, 341 BULK_ERASE = 0xc7, 342 READ_FSR = 0x70, 343 RDCR = 0x15, 344 345 READ = 0x03, 346 READ4 = 0x13, 347 FAST_READ = 0x0b, 348 FAST_READ4 = 0x0c, 349 DOR = 0x3b, 350 DOR4 = 0x3c, 351 QOR = 0x6b, 352 QOR4 = 0x6c, 353 DIOR = 0xbb, 354 DIOR4 = 0xbc, 355 QIOR = 0xeb, 356 QIOR4 = 0xec, 357 358 PP = 0x02, 359 PP4 = 0x12, 360 PP4_4 = 0x3e, 361 DPP = 0xa2, 362 QPP = 0x32, 363 QPP_4 = 0x34, 364 RDID_90 = 0x90, 365 RDID_AB = 0xab, 366 367 ERASE_4K = 0x20, 368 ERASE4_4K = 0x21, 369 ERASE_32K = 0x52, 370 ERASE4_32K = 0x5c, 371 ERASE_SECTOR = 0xd8, 372 ERASE4_SECTOR = 0xdc, 373 374 EN_4BYTE_ADDR = 0xB7, 375 EX_4BYTE_ADDR = 0xE9, 376 377 EXTEND_ADDR_READ = 0xC8, 378 EXTEND_ADDR_WRITE = 0xC5, 379 380 RESET_ENABLE = 0x66, 381 RESET_MEMORY = 0x99, 382 383 /* 384 * Micron: 0x35 - enable QPI 385 * Spansion: 0x35 - read control register 386 */ 387 RDCR_EQIO = 0x35, 388 RSTQIO = 0xf5, 389 390 RNVCR = 0xB5, 391 WNVCR = 0xB1, 392 393 RVCR = 0x85, 394 WVCR = 0x81, 395 396 REVCR = 0x65, 397 WEVCR = 0x61, 398 399 DIE_ERASE = 0xC4, 400 } FlashCMD; 401 402 typedef enum { 403 STATE_IDLE, 404 STATE_PAGE_PROGRAM, 405 STATE_READ, 406 STATE_COLLECTING_DATA, 407 STATE_COLLECTING_VAR_LEN_DATA, 408 STATE_READING_DATA, 409 } CMDState; 410 411 typedef enum { 412 MAN_SPANSION, 413 MAN_MACRONIX, 414 MAN_NUMONYX, 415 MAN_WINBOND, 416 MAN_SST, 417 MAN_GENERIC, 418 } Manufacturer; 419 420 #define M25P80_INTERNAL_DATA_BUFFER_SZ 16 421 422 typedef struct Flash { 423 SSISlave parent_obj; 424 425 BlockBackend *blk; 426 427 uint8_t *storage; 428 uint32_t size; 429 int page_size; 430 431 uint8_t state; 432 uint8_t data[M25P80_INTERNAL_DATA_BUFFER_SZ]; 433 uint32_t len; 434 uint32_t pos; 435 bool data_read_loop; 436 uint8_t needed_bytes; 437 uint8_t cmd_in_progress; 438 uint32_t cur_addr; 439 uint32_t nonvolatile_cfg; 440 /* Configuration register for Macronix */ 441 uint32_t volatile_cfg; 442 uint32_t enh_volatile_cfg; 443 /* Spansion cfg registers. */ 444 uint8_t spansion_cr1nv; 445 uint8_t spansion_cr2nv; 446 uint8_t spansion_cr3nv; 447 uint8_t spansion_cr4nv; 448 uint8_t spansion_cr1v; 449 uint8_t spansion_cr2v; 450 uint8_t spansion_cr3v; 451 uint8_t spansion_cr4v; 452 bool write_enable; 453 bool four_bytes_address_mode; 454 bool reset_enable; 455 bool quad_enable; 456 uint8_t ear; 457 458 int64_t dirty_page; 459 460 const FlashPartInfo *pi; 461 462 } Flash; 463 464 typedef struct M25P80Class { 465 SSISlaveClass parent_class; 466 FlashPartInfo *pi; 467 } M25P80Class; 468 469 #define TYPE_M25P80 "m25p80-generic" 470 #define M25P80(obj) \ 471 OBJECT_CHECK(Flash, (obj), TYPE_M25P80) 472 #define M25P80_CLASS(klass) \ 473 OBJECT_CLASS_CHECK(M25P80Class, (klass), TYPE_M25P80) 474 #define M25P80_GET_CLASS(obj) \ 475 OBJECT_GET_CLASS(M25P80Class, (obj), TYPE_M25P80) 476 477 static inline Manufacturer get_man(Flash *s) 478 { 479 switch (s->pi->id[0]) { 480 case 0x20: 481 return MAN_NUMONYX; 482 case 0xEF: 483 return MAN_WINBOND; 484 case 0x01: 485 return MAN_SPANSION; 486 case 0xC2: 487 return MAN_MACRONIX; 488 case 0xBF: 489 return MAN_SST; 490 default: 491 return MAN_GENERIC; 492 } 493 } 494 495 static void blk_sync_complete(void *opaque, int ret) 496 { 497 QEMUIOVector *iov = opaque; 498 499 qemu_iovec_destroy(iov); 500 g_free(iov); 501 502 /* do nothing. Masters do not directly interact with the backing store, 503 * only the working copy so no mutexing required. 504 */ 505 } 506 507 static void flash_sync_page(Flash *s, int page) 508 { 509 QEMUIOVector *iov; 510 511 if (!s->blk || blk_is_read_only(s->blk)) { 512 return; 513 } 514 515 iov = g_new(QEMUIOVector, 1); 516 qemu_iovec_init(iov, 1); 517 qemu_iovec_add(iov, s->storage + page * s->pi->page_size, 518 s->pi->page_size); 519 blk_aio_pwritev(s->blk, page * s->pi->page_size, iov, 0, 520 blk_sync_complete, iov); 521 } 522 523 static inline void flash_sync_area(Flash *s, int64_t off, int64_t len) 524 { 525 QEMUIOVector *iov; 526 527 if (!s->blk || blk_is_read_only(s->blk)) { 528 return; 529 } 530 531 assert(!(len % BDRV_SECTOR_SIZE)); 532 iov = g_new(QEMUIOVector, 1); 533 qemu_iovec_init(iov, 1); 534 qemu_iovec_add(iov, s->storage + off, len); 535 blk_aio_pwritev(s->blk, off, iov, 0, blk_sync_complete, iov); 536 } 537 538 static void flash_erase(Flash *s, int offset, FlashCMD cmd) 539 { 540 uint32_t len; 541 uint8_t capa_to_assert = 0; 542 543 switch (cmd) { 544 case ERASE_4K: 545 case ERASE4_4K: 546 len = 4 * KiB; 547 capa_to_assert = ER_4K; 548 break; 549 case ERASE_32K: 550 case ERASE4_32K: 551 len = 32 * KiB; 552 capa_to_assert = ER_32K; 553 break; 554 case ERASE_SECTOR: 555 case ERASE4_SECTOR: 556 len = s->pi->sector_size; 557 break; 558 case BULK_ERASE: 559 len = s->size; 560 break; 561 case DIE_ERASE: 562 if (s->pi->die_cnt) { 563 len = s->size / s->pi->die_cnt; 564 offset = offset & (~(len - 1)); 565 } else { 566 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: die erase is not supported" 567 " by device\n"); 568 return; 569 } 570 break; 571 default: 572 abort(); 573 } 574 575 DB_PRINT_L(0, "offset = %#x, len = %d\n", offset, len); 576 if ((s->pi->flags & capa_to_assert) != capa_to_assert) { 577 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: %d erase size not supported by" 578 " device\n", len); 579 } 580 581 if (!s->write_enable) { 582 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: erase with write protect!\n"); 583 return; 584 } 585 memset(s->storage + offset, 0xff, len); 586 flash_sync_area(s, offset, len); 587 } 588 589 static inline void flash_sync_dirty(Flash *s, int64_t newpage) 590 { 591 if (s->dirty_page >= 0 && s->dirty_page != newpage) { 592 flash_sync_page(s, s->dirty_page); 593 s->dirty_page = newpage; 594 } 595 } 596 597 static inline 598 void flash_write8(Flash *s, uint32_t addr, uint8_t data) 599 { 600 uint32_t page = addr / s->pi->page_size; 601 uint8_t prev = s->storage[s->cur_addr]; 602 603 if (!s->write_enable) { 604 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: write with write protect!\n"); 605 } 606 607 if ((prev ^ data) & data) { 608 DB_PRINT_L(1, "programming zero to one! addr=%" PRIx32 " %" PRIx8 609 " -> %" PRIx8 "\n", addr, prev, data); 610 } 611 612 if (s->pi->flags & EEPROM) { 613 s->storage[s->cur_addr] = data; 614 } else { 615 s->storage[s->cur_addr] &= data; 616 } 617 618 flash_sync_dirty(s, page); 619 s->dirty_page = page; 620 } 621 622 static inline int get_addr_length(Flash *s) 623 { 624 /* check if eeprom is in use */ 625 if (s->pi->flags == EEPROM) { 626 return 2; 627 } 628 629 switch (s->cmd_in_progress) { 630 case PP4: 631 case PP4_4: 632 case QPP_4: 633 case READ4: 634 case QIOR4: 635 case ERASE4_4K: 636 case ERASE4_32K: 637 case ERASE4_SECTOR: 638 case FAST_READ4: 639 case DOR4: 640 case QOR4: 641 case DIOR4: 642 return 4; 643 default: 644 return s->four_bytes_address_mode ? 4 : 3; 645 } 646 } 647 648 static void complete_collecting_data(Flash *s) 649 { 650 int i, n; 651 652 n = get_addr_length(s); 653 s->cur_addr = (n == 3 ? s->ear : 0); 654 for (i = 0; i < n; ++i) { 655 s->cur_addr <<= 8; 656 s->cur_addr |= s->data[i]; 657 } 658 659 s->cur_addr &= s->size - 1; 660 661 s->state = STATE_IDLE; 662 663 switch (s->cmd_in_progress) { 664 case DPP: 665 case QPP: 666 case QPP_4: 667 case PP: 668 case PP4: 669 case PP4_4: 670 s->state = STATE_PAGE_PROGRAM; 671 break; 672 case READ: 673 case READ4: 674 case FAST_READ: 675 case FAST_READ4: 676 case DOR: 677 case DOR4: 678 case QOR: 679 case QOR4: 680 case DIOR: 681 case DIOR4: 682 case QIOR: 683 case QIOR4: 684 s->state = STATE_READ; 685 break; 686 case ERASE_4K: 687 case ERASE4_4K: 688 case ERASE_32K: 689 case ERASE4_32K: 690 case ERASE_SECTOR: 691 case ERASE4_SECTOR: 692 case DIE_ERASE: 693 flash_erase(s, s->cur_addr, s->cmd_in_progress); 694 break; 695 case WRSR: 696 switch (get_man(s)) { 697 case MAN_SPANSION: 698 s->quad_enable = !!(s->data[1] & 0x02); 699 break; 700 case MAN_MACRONIX: 701 s->quad_enable = extract32(s->data[0], 6, 1); 702 if (s->len > 1) { 703 s->volatile_cfg = s->data[1]; 704 s->four_bytes_address_mode = extract32(s->data[1], 5, 1); 705 } 706 break; 707 default: 708 break; 709 } 710 if (s->write_enable) { 711 s->write_enable = false; 712 } 713 break; 714 case BRWR: 715 case EXTEND_ADDR_WRITE: 716 s->ear = s->data[0]; 717 break; 718 case WNVCR: 719 s->nonvolatile_cfg = s->data[0] | (s->data[1] << 8); 720 break; 721 case WVCR: 722 s->volatile_cfg = s->data[0]; 723 break; 724 case WEVCR: 725 s->enh_volatile_cfg = s->data[0]; 726 break; 727 case RDID_90: 728 case RDID_AB: 729 if (get_man(s) == MAN_SST) { 730 if (s->cur_addr <= 1) { 731 if (s->cur_addr) { 732 s->data[0] = s->pi->id[2]; 733 s->data[1] = s->pi->id[0]; 734 } else { 735 s->data[0] = s->pi->id[0]; 736 s->data[1] = s->pi->id[2]; 737 } 738 s->pos = 0; 739 s->len = 2; 740 s->data_read_loop = true; 741 s->state = STATE_READING_DATA; 742 } else { 743 qemu_log_mask(LOG_GUEST_ERROR, 744 "M25P80: Invalid read id address\n"); 745 } 746 } else { 747 qemu_log_mask(LOG_GUEST_ERROR, 748 "M25P80: Read id (command 0x90/0xAB) is not supported" 749 " by device\n"); 750 } 751 break; 752 default: 753 break; 754 } 755 } 756 757 static void reset_memory(Flash *s) 758 { 759 s->cmd_in_progress = NOP; 760 s->cur_addr = 0; 761 s->ear = 0; 762 s->four_bytes_address_mode = false; 763 s->len = 0; 764 s->needed_bytes = 0; 765 s->pos = 0; 766 s->state = STATE_IDLE; 767 s->write_enable = false; 768 s->reset_enable = false; 769 s->quad_enable = false; 770 771 switch (get_man(s)) { 772 case MAN_NUMONYX: 773 s->volatile_cfg = 0; 774 s->volatile_cfg |= VCFG_DUMMY; 775 s->volatile_cfg |= VCFG_WRAP_SEQUENTIAL; 776 if ((s->nonvolatile_cfg & NVCFG_XIP_MODE_MASK) 777 != NVCFG_XIP_MODE_DISABLED) { 778 s->volatile_cfg |= VCFG_XIP_MODE_ENABLED; 779 } 780 s->volatile_cfg |= deposit32(s->volatile_cfg, 781 VCFG_DUMMY_CLK_POS, 782 CFG_DUMMY_CLK_LEN, 783 extract32(s->nonvolatile_cfg, 784 NVCFG_DUMMY_CLK_POS, 785 CFG_DUMMY_CLK_LEN) 786 ); 787 788 s->enh_volatile_cfg = 0; 789 s->enh_volatile_cfg |= EVCFG_OUT_DRIVER_STRENGTH_DEF; 790 s->enh_volatile_cfg |= EVCFG_VPP_ACCELERATOR; 791 s->enh_volatile_cfg |= EVCFG_RESET_HOLD_ENABLED; 792 if (s->nonvolatile_cfg & NVCFG_DUAL_IO_MASK) { 793 s->enh_volatile_cfg |= EVCFG_DUAL_IO_ENABLED; 794 } 795 if (s->nonvolatile_cfg & NVCFG_QUAD_IO_MASK) { 796 s->enh_volatile_cfg |= EVCFG_QUAD_IO_ENABLED; 797 } 798 if (!(s->nonvolatile_cfg & NVCFG_4BYTE_ADDR_MASK)) { 799 s->four_bytes_address_mode = true; 800 } 801 if (!(s->nonvolatile_cfg & NVCFG_LOWER_SEGMENT_MASK)) { 802 s->ear = s->size / MAX_3BYTES_SIZE - 1; 803 } 804 break; 805 case MAN_MACRONIX: 806 s->volatile_cfg = 0x7; 807 break; 808 case MAN_SPANSION: 809 s->spansion_cr1v = s->spansion_cr1nv; 810 s->spansion_cr2v = s->spansion_cr2nv; 811 s->spansion_cr3v = s->spansion_cr3nv; 812 s->spansion_cr4v = s->spansion_cr4nv; 813 s->quad_enable = extract32(s->spansion_cr1v, 814 SPANSION_QUAD_CFG_POS, 815 SPANSION_QUAD_CFG_LEN 816 ); 817 s->four_bytes_address_mode = extract32(s->spansion_cr2v, 818 SPANSION_ADDR_LEN_POS, 819 SPANSION_ADDR_LEN_LEN 820 ); 821 break; 822 default: 823 break; 824 } 825 826 DB_PRINT_L(0, "Reset done.\n"); 827 } 828 829 static void decode_fast_read_cmd(Flash *s) 830 { 831 s->needed_bytes = get_addr_length(s); 832 switch (get_man(s)) { 833 /* Dummy cycles - modeled with bytes writes instead of bits */ 834 case MAN_WINBOND: 835 s->needed_bytes += 8; 836 break; 837 case MAN_NUMONYX: 838 s->needed_bytes += extract32(s->volatile_cfg, 4, 4); 839 break; 840 case MAN_MACRONIX: 841 if (extract32(s->volatile_cfg, 6, 2) == 1) { 842 s->needed_bytes += 6; 843 } else { 844 s->needed_bytes += 8; 845 } 846 break; 847 case MAN_SPANSION: 848 s->needed_bytes += extract32(s->spansion_cr2v, 849 SPANSION_DUMMY_CLK_POS, 850 SPANSION_DUMMY_CLK_LEN 851 ); 852 break; 853 default: 854 break; 855 } 856 s->pos = 0; 857 s->len = 0; 858 s->state = STATE_COLLECTING_DATA; 859 } 860 861 static void decode_dio_read_cmd(Flash *s) 862 { 863 s->needed_bytes = get_addr_length(s); 864 /* Dummy cycles modeled with bytes writes instead of bits */ 865 switch (get_man(s)) { 866 case MAN_WINBOND: 867 s->needed_bytes += WINBOND_CONTINUOUS_READ_MODE_CMD_LEN; 868 break; 869 case MAN_SPANSION: 870 s->needed_bytes += SPANSION_CONTINUOUS_READ_MODE_CMD_LEN; 871 s->needed_bytes += extract32(s->spansion_cr2v, 872 SPANSION_DUMMY_CLK_POS, 873 SPANSION_DUMMY_CLK_LEN 874 ); 875 break; 876 case MAN_NUMONYX: 877 s->needed_bytes += extract32(s->volatile_cfg, 4, 4); 878 break; 879 case MAN_MACRONIX: 880 switch (extract32(s->volatile_cfg, 6, 2)) { 881 case 1: 882 s->needed_bytes += 6; 883 break; 884 case 2: 885 s->needed_bytes += 8; 886 break; 887 default: 888 s->needed_bytes += 4; 889 break; 890 } 891 break; 892 default: 893 break; 894 } 895 s->pos = 0; 896 s->len = 0; 897 s->state = STATE_COLLECTING_DATA; 898 } 899 900 static void decode_qio_read_cmd(Flash *s) 901 { 902 s->needed_bytes = get_addr_length(s); 903 /* Dummy cycles modeled with bytes writes instead of bits */ 904 switch (get_man(s)) { 905 case MAN_WINBOND: 906 s->needed_bytes += WINBOND_CONTINUOUS_READ_MODE_CMD_LEN; 907 s->needed_bytes += 4; 908 break; 909 case MAN_SPANSION: 910 s->needed_bytes += SPANSION_CONTINUOUS_READ_MODE_CMD_LEN; 911 s->needed_bytes += extract32(s->spansion_cr2v, 912 SPANSION_DUMMY_CLK_POS, 913 SPANSION_DUMMY_CLK_LEN 914 ); 915 break; 916 case MAN_NUMONYX: 917 s->needed_bytes += extract32(s->volatile_cfg, 4, 4); 918 break; 919 case MAN_MACRONIX: 920 switch (extract32(s->volatile_cfg, 6, 2)) { 921 case 1: 922 s->needed_bytes += 4; 923 break; 924 case 2: 925 s->needed_bytes += 8; 926 break; 927 default: 928 s->needed_bytes += 6; 929 break; 930 } 931 break; 932 default: 933 break; 934 } 935 s->pos = 0; 936 s->len = 0; 937 s->state = STATE_COLLECTING_DATA; 938 } 939 940 static void decode_new_cmd(Flash *s, uint32_t value) 941 { 942 s->cmd_in_progress = value; 943 int i; 944 DB_PRINT_L(0, "decoded new command:%x\n", value); 945 946 if (value != RESET_MEMORY) { 947 s->reset_enable = false; 948 } 949 950 switch (value) { 951 952 case ERASE_4K: 953 case ERASE4_4K: 954 case ERASE_32K: 955 case ERASE4_32K: 956 case ERASE_SECTOR: 957 case ERASE4_SECTOR: 958 case READ: 959 case READ4: 960 case DPP: 961 case QPP: 962 case QPP_4: 963 case PP: 964 case PP4: 965 case PP4_4: 966 case DIE_ERASE: 967 case RDID_90: 968 case RDID_AB: 969 s->needed_bytes = get_addr_length(s); 970 s->pos = 0; 971 s->len = 0; 972 s->state = STATE_COLLECTING_DATA; 973 break; 974 975 case FAST_READ: 976 case FAST_READ4: 977 case DOR: 978 case DOR4: 979 case QOR: 980 case QOR4: 981 decode_fast_read_cmd(s); 982 break; 983 984 case DIOR: 985 case DIOR4: 986 decode_dio_read_cmd(s); 987 break; 988 989 case QIOR: 990 case QIOR4: 991 decode_qio_read_cmd(s); 992 break; 993 994 case WRSR: 995 if (s->write_enable) { 996 switch (get_man(s)) { 997 case MAN_SPANSION: 998 s->needed_bytes = 2; 999 s->state = STATE_COLLECTING_DATA; 1000 break; 1001 case MAN_MACRONIX: 1002 s->needed_bytes = 2; 1003 s->state = STATE_COLLECTING_VAR_LEN_DATA; 1004 break; 1005 default: 1006 s->needed_bytes = 1; 1007 s->state = STATE_COLLECTING_DATA; 1008 } 1009 s->pos = 0; 1010 } 1011 break; 1012 1013 case WRDI: 1014 s->write_enable = false; 1015 break; 1016 case WREN: 1017 s->write_enable = true; 1018 break; 1019 1020 case RDSR: 1021 s->data[0] = (!!s->write_enable) << 1; 1022 if (get_man(s) == MAN_MACRONIX) { 1023 s->data[0] |= (!!s->quad_enable) << 6; 1024 } 1025 s->pos = 0; 1026 s->len = 1; 1027 s->data_read_loop = true; 1028 s->state = STATE_READING_DATA; 1029 break; 1030 1031 case READ_FSR: 1032 s->data[0] = FSR_FLASH_READY; 1033 if (s->four_bytes_address_mode) { 1034 s->data[0] |= FSR_4BYTE_ADDR_MODE_ENABLED; 1035 } 1036 s->pos = 0; 1037 s->len = 1; 1038 s->data_read_loop = true; 1039 s->state = STATE_READING_DATA; 1040 break; 1041 1042 case JEDEC_READ: 1043 DB_PRINT_L(0, "populated jedec code\n"); 1044 for (i = 0; i < s->pi->id_len; i++) { 1045 s->data[i] = s->pi->id[i]; 1046 } 1047 1048 s->len = s->pi->id_len; 1049 s->pos = 0; 1050 s->state = STATE_READING_DATA; 1051 break; 1052 1053 case RDCR: 1054 s->data[0] = s->volatile_cfg & 0xFF; 1055 s->data[0] |= (!!s->four_bytes_address_mode) << 5; 1056 s->pos = 0; 1057 s->len = 1; 1058 s->state = STATE_READING_DATA; 1059 break; 1060 1061 case BULK_ERASE_60: 1062 case BULK_ERASE: 1063 if (s->write_enable) { 1064 DB_PRINT_L(0, "chip erase\n"); 1065 flash_erase(s, 0, BULK_ERASE); 1066 } else { 1067 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: chip erase with write " 1068 "protect!\n"); 1069 } 1070 break; 1071 case NOP: 1072 break; 1073 case EN_4BYTE_ADDR: 1074 s->four_bytes_address_mode = true; 1075 break; 1076 case EX_4BYTE_ADDR: 1077 s->four_bytes_address_mode = false; 1078 break; 1079 case BRRD: 1080 case EXTEND_ADDR_READ: 1081 s->data[0] = s->ear; 1082 s->pos = 0; 1083 s->len = 1; 1084 s->state = STATE_READING_DATA; 1085 break; 1086 case BRWR: 1087 case EXTEND_ADDR_WRITE: 1088 if (s->write_enable) { 1089 s->needed_bytes = 1; 1090 s->pos = 0; 1091 s->len = 0; 1092 s->state = STATE_COLLECTING_DATA; 1093 } 1094 break; 1095 case RNVCR: 1096 s->data[0] = s->nonvolatile_cfg & 0xFF; 1097 s->data[1] = (s->nonvolatile_cfg >> 8) & 0xFF; 1098 s->pos = 0; 1099 s->len = 2; 1100 s->state = STATE_READING_DATA; 1101 break; 1102 case WNVCR: 1103 if (s->write_enable && get_man(s) == MAN_NUMONYX) { 1104 s->needed_bytes = 2; 1105 s->pos = 0; 1106 s->len = 0; 1107 s->state = STATE_COLLECTING_DATA; 1108 } 1109 break; 1110 case RVCR: 1111 s->data[0] = s->volatile_cfg & 0xFF; 1112 s->pos = 0; 1113 s->len = 1; 1114 s->state = STATE_READING_DATA; 1115 break; 1116 case WVCR: 1117 if (s->write_enable) { 1118 s->needed_bytes = 1; 1119 s->pos = 0; 1120 s->len = 0; 1121 s->state = STATE_COLLECTING_DATA; 1122 } 1123 break; 1124 case REVCR: 1125 s->data[0] = s->enh_volatile_cfg & 0xFF; 1126 s->pos = 0; 1127 s->len = 1; 1128 s->state = STATE_READING_DATA; 1129 break; 1130 case WEVCR: 1131 if (s->write_enable) { 1132 s->needed_bytes = 1; 1133 s->pos = 0; 1134 s->len = 0; 1135 s->state = STATE_COLLECTING_DATA; 1136 } 1137 break; 1138 case RESET_ENABLE: 1139 s->reset_enable = true; 1140 break; 1141 case RESET_MEMORY: 1142 if (s->reset_enable) { 1143 reset_memory(s); 1144 } 1145 break; 1146 case RDCR_EQIO: 1147 switch (get_man(s)) { 1148 case MAN_SPANSION: 1149 s->data[0] = (!!s->quad_enable) << 1; 1150 s->pos = 0; 1151 s->len = 1; 1152 s->state = STATE_READING_DATA; 1153 break; 1154 case MAN_MACRONIX: 1155 s->quad_enable = true; 1156 break; 1157 default: 1158 break; 1159 } 1160 break; 1161 case RSTQIO: 1162 s->quad_enable = false; 1163 break; 1164 default: 1165 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value); 1166 break; 1167 } 1168 } 1169 1170 static int m25p80_cs(SSISlave *ss, bool select) 1171 { 1172 Flash *s = M25P80(ss); 1173 1174 if (select) { 1175 if (s->state == STATE_COLLECTING_VAR_LEN_DATA) { 1176 complete_collecting_data(s); 1177 } 1178 s->len = 0; 1179 s->pos = 0; 1180 s->state = STATE_IDLE; 1181 flash_sync_dirty(s, -1); 1182 s->data_read_loop = false; 1183 } 1184 1185 DB_PRINT_L(0, "%sselect\n", select ? "de" : ""); 1186 1187 return 0; 1188 } 1189 1190 static uint32_t m25p80_transfer8(SSISlave *ss, uint32_t tx) 1191 { 1192 Flash *s = M25P80(ss); 1193 uint32_t r = 0; 1194 1195 switch (s->state) { 1196 1197 case STATE_PAGE_PROGRAM: 1198 DB_PRINT_L(1, "page program cur_addr=%#" PRIx32 " data=%" PRIx8 "\n", 1199 s->cur_addr, (uint8_t)tx); 1200 flash_write8(s, s->cur_addr, (uint8_t)tx); 1201 s->cur_addr = (s->cur_addr + 1) & (s->size - 1); 1202 break; 1203 1204 case STATE_READ: 1205 r = s->storage[s->cur_addr]; 1206 DB_PRINT_L(1, "READ 0x%" PRIx32 "=%" PRIx8 "\n", s->cur_addr, 1207 (uint8_t)r); 1208 s->cur_addr = (s->cur_addr + 1) & (s->size - 1); 1209 break; 1210 1211 case STATE_COLLECTING_DATA: 1212 case STATE_COLLECTING_VAR_LEN_DATA: 1213 1214 if (s->len >= M25P80_INTERNAL_DATA_BUFFER_SZ) { 1215 qemu_log_mask(LOG_GUEST_ERROR, 1216 "M25P80: Write overrun internal data buffer. " 1217 "SPI controller (QEMU emulator or guest driver) " 1218 "is misbehaving\n"); 1219 s->len = s->pos = 0; 1220 s->state = STATE_IDLE; 1221 break; 1222 } 1223 1224 s->data[s->len] = (uint8_t)tx; 1225 s->len++; 1226 1227 if (s->len == s->needed_bytes) { 1228 complete_collecting_data(s); 1229 } 1230 break; 1231 1232 case STATE_READING_DATA: 1233 1234 if (s->pos >= M25P80_INTERNAL_DATA_BUFFER_SZ) { 1235 qemu_log_mask(LOG_GUEST_ERROR, 1236 "M25P80: Read overrun internal data buffer. " 1237 "SPI controller (QEMU emulator or guest driver) " 1238 "is misbehaving\n"); 1239 s->len = s->pos = 0; 1240 s->state = STATE_IDLE; 1241 break; 1242 } 1243 1244 r = s->data[s->pos]; 1245 s->pos++; 1246 if (s->pos == s->len) { 1247 s->pos = 0; 1248 if (!s->data_read_loop) { 1249 s->state = STATE_IDLE; 1250 } 1251 } 1252 break; 1253 1254 default: 1255 case STATE_IDLE: 1256 decode_new_cmd(s, (uint8_t)tx); 1257 break; 1258 } 1259 1260 return r; 1261 } 1262 1263 static void m25p80_realize(SSISlave *ss, Error **errp) 1264 { 1265 Flash *s = M25P80(ss); 1266 M25P80Class *mc = M25P80_GET_CLASS(s); 1267 int ret; 1268 1269 s->pi = mc->pi; 1270 1271 s->size = s->pi->sector_size * s->pi->n_sectors; 1272 s->dirty_page = -1; 1273 1274 if (s->blk) { 1275 uint64_t perm = BLK_PERM_CONSISTENT_READ | 1276 (blk_is_read_only(s->blk) ? 0 : BLK_PERM_WRITE); 1277 ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp); 1278 if (ret < 0) { 1279 return; 1280 } 1281 1282 DB_PRINT_L(0, "Binding to IF_MTD drive\n"); 1283 s->storage = blk_blockalign(s->blk, s->size); 1284 1285 if (blk_pread(s->blk, 0, s->storage, s->size) != s->size) { 1286 error_setg(errp, "failed to read the initial flash content"); 1287 return; 1288 } 1289 } else { 1290 DB_PRINT_L(0, "No BDRV - binding to RAM\n"); 1291 s->storage = blk_blockalign(NULL, s->size); 1292 memset(s->storage, 0xFF, s->size); 1293 } 1294 } 1295 1296 static void m25p80_reset(DeviceState *d) 1297 { 1298 Flash *s = M25P80(d); 1299 1300 reset_memory(s); 1301 } 1302 1303 static int m25p80_pre_save(void *opaque) 1304 { 1305 flash_sync_dirty((Flash *)opaque, -1); 1306 1307 return 0; 1308 } 1309 1310 static Property m25p80_properties[] = { 1311 /* This is default value for Micron flash */ 1312 DEFINE_PROP_UINT32("nonvolatile-cfg", Flash, nonvolatile_cfg, 0x8FFF), 1313 DEFINE_PROP_UINT8("spansion-cr1nv", Flash, spansion_cr1nv, 0x0), 1314 DEFINE_PROP_UINT8("spansion-cr2nv", Flash, spansion_cr2nv, 0x8), 1315 DEFINE_PROP_UINT8("spansion-cr3nv", Flash, spansion_cr3nv, 0x2), 1316 DEFINE_PROP_UINT8("spansion-cr4nv", Flash, spansion_cr4nv, 0x10), 1317 DEFINE_PROP_DRIVE("drive", Flash, blk), 1318 DEFINE_PROP_END_OF_LIST(), 1319 }; 1320 1321 static int m25p80_pre_load(void *opaque) 1322 { 1323 Flash *s = (Flash *)opaque; 1324 1325 s->data_read_loop = false; 1326 return 0; 1327 } 1328 1329 static bool m25p80_data_read_loop_needed(void *opaque) 1330 { 1331 Flash *s = (Flash *)opaque; 1332 1333 return s->data_read_loop; 1334 } 1335 1336 static const VMStateDescription vmstate_m25p80_data_read_loop = { 1337 .name = "m25p80/data_read_loop", 1338 .version_id = 1, 1339 .minimum_version_id = 1, 1340 .needed = m25p80_data_read_loop_needed, 1341 .fields = (VMStateField[]) { 1342 VMSTATE_BOOL(data_read_loop, Flash), 1343 VMSTATE_END_OF_LIST() 1344 } 1345 }; 1346 1347 static const VMStateDescription vmstate_m25p80 = { 1348 .name = "m25p80", 1349 .version_id = 0, 1350 .minimum_version_id = 0, 1351 .pre_save = m25p80_pre_save, 1352 .pre_load = m25p80_pre_load, 1353 .fields = (VMStateField[]) { 1354 VMSTATE_UINT8(state, Flash), 1355 VMSTATE_UINT8_ARRAY(data, Flash, M25P80_INTERNAL_DATA_BUFFER_SZ), 1356 VMSTATE_UINT32(len, Flash), 1357 VMSTATE_UINT32(pos, Flash), 1358 VMSTATE_UINT8(needed_bytes, Flash), 1359 VMSTATE_UINT8(cmd_in_progress, Flash), 1360 VMSTATE_UINT32(cur_addr, Flash), 1361 VMSTATE_BOOL(write_enable, Flash), 1362 VMSTATE_BOOL(reset_enable, Flash), 1363 VMSTATE_UINT8(ear, Flash), 1364 VMSTATE_BOOL(four_bytes_address_mode, Flash), 1365 VMSTATE_UINT32(nonvolatile_cfg, Flash), 1366 VMSTATE_UINT32(volatile_cfg, Flash), 1367 VMSTATE_UINT32(enh_volatile_cfg, Flash), 1368 VMSTATE_BOOL(quad_enable, Flash), 1369 VMSTATE_UINT8(spansion_cr1nv, Flash), 1370 VMSTATE_UINT8(spansion_cr2nv, Flash), 1371 VMSTATE_UINT8(spansion_cr3nv, Flash), 1372 VMSTATE_UINT8(spansion_cr4nv, Flash), 1373 VMSTATE_END_OF_LIST() 1374 }, 1375 .subsections = (const VMStateDescription * []) { 1376 &vmstate_m25p80_data_read_loop, 1377 NULL 1378 } 1379 }; 1380 1381 static void m25p80_class_init(ObjectClass *klass, void *data) 1382 { 1383 DeviceClass *dc = DEVICE_CLASS(klass); 1384 SSISlaveClass *k = SSI_SLAVE_CLASS(klass); 1385 M25P80Class *mc = M25P80_CLASS(klass); 1386 1387 k->realize = m25p80_realize; 1388 k->transfer = m25p80_transfer8; 1389 k->set_cs = m25p80_cs; 1390 k->cs_polarity = SSI_CS_LOW; 1391 dc->vmsd = &vmstate_m25p80; 1392 dc->props = m25p80_properties; 1393 dc->reset = m25p80_reset; 1394 mc->pi = data; 1395 } 1396 1397 static const TypeInfo m25p80_info = { 1398 .name = TYPE_M25P80, 1399 .parent = TYPE_SSI_SLAVE, 1400 .instance_size = sizeof(Flash), 1401 .class_size = sizeof(M25P80Class), 1402 .abstract = true, 1403 }; 1404 1405 static void m25p80_register_types(void) 1406 { 1407 int i; 1408 1409 type_register_static(&m25p80_info); 1410 for (i = 0; i < ARRAY_SIZE(known_devices); ++i) { 1411 TypeInfo ti = { 1412 .name = known_devices[i].part_name, 1413 .parent = TYPE_M25P80, 1414 .class_init = m25p80_class_init, 1415 .class_data = (void *)&known_devices[i], 1416 }; 1417 type_register(&ti); 1418 } 1419 } 1420 1421 type_init(m25p80_register_types) 1422