1 /* 2 * ST M25P80 emulator. Emulate all SPI flash devices based on the m25p80 command 3 * set. Known devices table current as of Jun/2012 and taken from linux. 4 * See drivers/mtd/devices/m25p80.c. 5 * 6 * Copyright (C) 2011 Edgar E. Iglesias <edgar.iglesias@gmail.com> 7 * Copyright (C) 2012 Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com> 8 * Copyright (C) 2012 PetaLogix 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License as 12 * published by the Free Software Foundation; either version 2 or 13 * (at your option) a later version of the License. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License along 21 * with this program; if not, see <http://www.gnu.org/licenses/>. 22 */ 23 24 #include "qemu/osdep.h" 25 #include "qemu/units.h" 26 #include "sysemu/block-backend.h" 27 #include "hw/block/block.h" 28 #include "hw/block/flash.h" 29 #include "hw/qdev-properties.h" 30 #include "hw/qdev-properties-system.h" 31 #include "hw/ssi/ssi.h" 32 #include "migration/vmstate.h" 33 #include "qemu/bitops.h" 34 #include "qemu/log.h" 35 #include "qemu/module.h" 36 #include "qemu/error-report.h" 37 #include "qapi/error.h" 38 #include "trace.h" 39 #include "qom/object.h" 40 #include "m25p80_sfdp.h" 41 42 /* 16 MiB max in 3 byte address mode */ 43 #define MAX_3BYTES_SIZE 0x1000000 44 #define SPI_NOR_MAX_ID_LEN 6 45 46 /* Fields for FlashPartInfo->flags */ 47 enum spi_flash_option_flags { 48 ER_4K = BIT(0), 49 ER_32K = BIT(1), 50 EEPROM = BIT(2), 51 HAS_SR_TB = BIT(3), 52 HAS_SR_BP3_BIT6 = BIT(4), 53 }; 54 55 typedef struct FlashPartInfo { 56 const char *part_name; 57 /* 58 * This array stores the ID bytes. 59 * The first three bytes are the JEDIC ID. 60 * JEDEC ID zero means "no ID" (mostly older chips). 61 */ 62 uint8_t id[SPI_NOR_MAX_ID_LEN]; 63 uint8_t id_len; 64 /* there is confusion between manufacturers as to what a sector is. In this 65 * device model, a "sector" is the size that is erased by the ERASE_SECTOR 66 * command (opcode 0xd8). 67 */ 68 uint32_t sector_size; 69 uint32_t n_sectors; 70 uint32_t page_size; 71 uint16_t flags; 72 /* 73 * Big sized spi nor are often stacked devices, thus sometime 74 * replace chip erase with die erase. 75 * This field inform how many die is in the chip. 76 */ 77 uint8_t die_cnt; 78 uint8_t (*sfdp_read)(uint32_t sfdp_addr); 79 } FlashPartInfo; 80 81 /* adapted from linux */ 82 /* Used when the "_ext_id" is two bytes at most */ 83 #define INFO(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors, _flags)\ 84 .part_name = _part_name,\ 85 .id = {\ 86 ((_jedec_id) >> 16) & 0xff,\ 87 ((_jedec_id) >> 8) & 0xff,\ 88 (_jedec_id) & 0xff,\ 89 ((_ext_id) >> 8) & 0xff,\ 90 (_ext_id) & 0xff,\ 91 },\ 92 .id_len = (!(_jedec_id) ? 0 : (3 + ((_ext_id) ? 2 : 0))),\ 93 .sector_size = (_sector_size),\ 94 .n_sectors = (_n_sectors),\ 95 .page_size = 256,\ 96 .flags = (_flags),\ 97 .die_cnt = 0 98 99 #define INFO6(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors, _flags)\ 100 .part_name = _part_name,\ 101 .id = {\ 102 ((_jedec_id) >> 16) & 0xff,\ 103 ((_jedec_id) >> 8) & 0xff,\ 104 (_jedec_id) & 0xff,\ 105 ((_ext_id) >> 16) & 0xff,\ 106 ((_ext_id) >> 8) & 0xff,\ 107 (_ext_id) & 0xff,\ 108 },\ 109 .id_len = 6,\ 110 .sector_size = (_sector_size),\ 111 .n_sectors = (_n_sectors),\ 112 .page_size = 256,\ 113 .flags = (_flags),\ 114 .die_cnt = 0 115 116 #define INFO_STACKED(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors,\ 117 _flags, _die_cnt)\ 118 .part_name = _part_name,\ 119 .id = {\ 120 ((_jedec_id) >> 16) & 0xff,\ 121 ((_jedec_id) >> 8) & 0xff,\ 122 (_jedec_id) & 0xff,\ 123 ((_ext_id) >> 8) & 0xff,\ 124 (_ext_id) & 0xff,\ 125 },\ 126 .id_len = (!(_jedec_id) ? 0 : (3 + ((_ext_id) ? 2 : 0))),\ 127 .sector_size = (_sector_size),\ 128 .n_sectors = (_n_sectors),\ 129 .page_size = 256,\ 130 .flags = (_flags),\ 131 .die_cnt = _die_cnt 132 133 #define JEDEC_NUMONYX 0x20 134 #define JEDEC_WINBOND 0xEF 135 #define JEDEC_SPANSION 0x01 136 137 /* Numonyx (Micron) Configuration register macros */ 138 #define VCFG_DUMMY 0x1 139 #define VCFG_WRAP_SEQUENTIAL 0x2 140 #define NVCFG_XIP_MODE_DISABLED (7 << 9) 141 #define NVCFG_XIP_MODE_MASK (7 << 9) 142 #define VCFG_XIP_MODE_DISABLED (1 << 3) 143 #define CFG_DUMMY_CLK_LEN 4 144 #define NVCFG_DUMMY_CLK_POS 12 145 #define VCFG_DUMMY_CLK_POS 4 146 #define EVCFG_OUT_DRIVER_STRENGTH_DEF 7 147 #define EVCFG_VPP_ACCELERATOR (1 << 3) 148 #define EVCFG_RESET_HOLD_ENABLED (1 << 4) 149 #define NVCFG_DUAL_IO_MASK (1 << 2) 150 #define EVCFG_DUAL_IO_DISABLED (1 << 6) 151 #define NVCFG_QUAD_IO_MASK (1 << 3) 152 #define EVCFG_QUAD_IO_DISABLED (1 << 7) 153 #define NVCFG_4BYTE_ADDR_MASK (1 << 0) 154 #define NVCFG_LOWER_SEGMENT_MASK (1 << 1) 155 156 /* Numonyx (Micron) Flag Status Register macros */ 157 #define FSR_4BYTE_ADDR_MODE_ENABLED 0x1 158 #define FSR_FLASH_READY (1 << 7) 159 160 /* Spansion configuration registers macros. */ 161 #define SPANSION_QUAD_CFG_POS 0 162 #define SPANSION_QUAD_CFG_LEN 1 163 #define SPANSION_DUMMY_CLK_POS 0 164 #define SPANSION_DUMMY_CLK_LEN 4 165 #define SPANSION_ADDR_LEN_POS 7 166 #define SPANSION_ADDR_LEN_LEN 1 167 168 /* 169 * Spansion read mode command length in bytes, 170 * the mode is currently not supported. 171 */ 172 173 #define SPANSION_CONTINUOUS_READ_MODE_CMD_LEN 1 174 #define WINBOND_CONTINUOUS_READ_MODE_CMD_LEN 1 175 176 static const FlashPartInfo known_devices[] = { 177 /* Atmel -- some are (confusingly) marketed as "DataFlash" */ 178 { INFO("at25fs010", 0x1f6601, 0, 32 << 10, 4, ER_4K) }, 179 { INFO("at25fs040", 0x1f6604, 0, 64 << 10, 8, ER_4K) }, 180 181 { INFO("at25df041a", 0x1f4401, 0, 64 << 10, 8, ER_4K) }, 182 { INFO("at25df321a", 0x1f4701, 0, 64 << 10, 64, ER_4K) }, 183 { INFO("at25df641", 0x1f4800, 0, 64 << 10, 128, ER_4K) }, 184 185 { INFO("at26f004", 0x1f0400, 0, 64 << 10, 8, ER_4K) }, 186 { INFO("at26df081a", 0x1f4501, 0, 64 << 10, 16, ER_4K) }, 187 { INFO("at26df161a", 0x1f4601, 0, 64 << 10, 32, ER_4K) }, 188 { INFO("at26df321", 0x1f4700, 0, 64 << 10, 64, ER_4K) }, 189 190 { INFO("at45db081d", 0x1f2500, 0, 64 << 10, 16, ER_4K) }, 191 192 /* Atmel EEPROMS - it is assumed, that don't care bit in command 193 * is set to 0. Block protection is not supported. 194 */ 195 { INFO("at25128a-nonjedec", 0x0, 0, 1, 131072, EEPROM) }, 196 { INFO("at25256a-nonjedec", 0x0, 0, 1, 262144, EEPROM) }, 197 198 /* EON -- en25xxx */ 199 { INFO("en25f32", 0x1c3116, 0, 64 << 10, 64, ER_4K) }, 200 { INFO("en25p32", 0x1c2016, 0, 64 << 10, 64, 0) }, 201 { INFO("en25q32b", 0x1c3016, 0, 64 << 10, 64, 0) }, 202 { INFO("en25p64", 0x1c2017, 0, 64 << 10, 128, 0) }, 203 { INFO("en25q64", 0x1c3017, 0, 64 << 10, 128, ER_4K) }, 204 205 /* GigaDevice */ 206 { INFO("gd25q32", 0xc84016, 0, 64 << 10, 64, ER_4K) }, 207 { INFO("gd25q64", 0xc84017, 0, 64 << 10, 128, ER_4K) }, 208 209 /* Intel/Numonyx -- xxxs33b */ 210 { INFO("160s33b", 0x898911, 0, 64 << 10, 32, 0) }, 211 { INFO("320s33b", 0x898912, 0, 64 << 10, 64, 0) }, 212 { INFO("640s33b", 0x898913, 0, 64 << 10, 128, 0) }, 213 { INFO("n25q064", 0x20ba17, 0, 64 << 10, 128, 0) }, 214 215 /* ISSI */ 216 { INFO("is25lq040b", 0x9d4013, 0, 64 << 10, 8, ER_4K) }, 217 { INFO("is25lp080d", 0x9d6014, 0, 64 << 10, 16, ER_4K) }, 218 { INFO("is25lp016d", 0x9d6015, 0, 64 << 10, 32, ER_4K) }, 219 { INFO("is25lp032", 0x9d6016, 0, 64 << 10, 64, ER_4K) }, 220 { INFO("is25lp064", 0x9d6017, 0, 64 << 10, 128, ER_4K) }, 221 { INFO("is25lp128", 0x9d6018, 0, 64 << 10, 256, ER_4K) }, 222 { INFO("is25lp256", 0x9d6019, 0, 64 << 10, 512, ER_4K) }, 223 { INFO("is25wp032", 0x9d7016, 0, 64 << 10, 64, ER_4K) }, 224 { INFO("is25wp064", 0x9d7017, 0, 64 << 10, 128, ER_4K) }, 225 { INFO("is25wp128", 0x9d7018, 0, 64 << 10, 256, ER_4K) }, 226 { INFO("is25wp256", 0x9d7019, 0, 64 << 10, 512, ER_4K), 227 .sfdp_read = m25p80_sfdp_is25wp256 }, 228 229 /* Macronix */ 230 { INFO("mx25l2005a", 0xc22012, 0, 64 << 10, 4, ER_4K) }, 231 { INFO("mx25l4005a", 0xc22013, 0, 64 << 10, 8, ER_4K) }, 232 { INFO("mx25l8005", 0xc22014, 0, 64 << 10, 16, 0) }, 233 { INFO("mx25l1606e", 0xc22015, 0, 64 << 10, 32, ER_4K) }, 234 { INFO("mx25l3205d", 0xc22016, 0, 64 << 10, 64, 0) }, 235 { INFO("mx25l6405d", 0xc22017, 0, 64 << 10, 128, 0) }, 236 { INFO("mx25l12805d", 0xc22018, 0, 64 << 10, 256, 0) }, 237 { INFO("mx25l12855e", 0xc22618, 0, 64 << 10, 256, 0) }, 238 { INFO6("mx25l25635e", 0xc22019, 0xc22019, 64 << 10, 512, 239 ER_4K | ER_32K), .sfdp_read = m25p80_sfdp_mx25l25635e }, 240 { INFO6("mx25l25635f", 0xc22019, 0xc22019, 64 << 10, 512, 241 ER_4K | ER_32K), .sfdp_read = m25p80_sfdp_mx25l25635f }, 242 { INFO("mx25l25655e", 0xc22619, 0, 64 << 10, 512, 0) }, 243 { INFO("mx66l51235f", 0xc2201a, 0, 64 << 10, 1024, ER_4K | ER_32K) }, 244 { INFO("mx66u51235f", 0xc2253a, 0, 64 << 10, 1024, ER_4K | ER_32K) }, 245 { INFO("mx66u1g45g", 0xc2253b, 0, 64 << 10, 2048, ER_4K | ER_32K) }, 246 { INFO("mx66l1g45g", 0xc2201b, 0, 64 << 10, 2048, ER_4K | ER_32K), 247 .sfdp_read = m25p80_sfdp_mx66l1g45g }, 248 249 /* Micron */ 250 { INFO("n25q032a11", 0x20bb16, 0, 64 << 10, 64, ER_4K) }, 251 { INFO("n25q032a13", 0x20ba16, 0, 64 << 10, 64, ER_4K) }, 252 { INFO("n25q064a11", 0x20bb17, 0, 64 << 10, 128, ER_4K) }, 253 { INFO("n25q064a13", 0x20ba17, 0, 64 << 10, 128, ER_4K) }, 254 { INFO("n25q128a11", 0x20bb18, 0, 64 << 10, 256, ER_4K) }, 255 { INFO("n25q128a13", 0x20ba18, 0, 64 << 10, 256, ER_4K) }, 256 { INFO("n25q256a11", 0x20bb19, 0, 64 << 10, 512, ER_4K) }, 257 { INFO("n25q256a13", 0x20ba19, 0, 64 << 10, 512, ER_4K), 258 .sfdp_read = m25p80_sfdp_n25q256a }, 259 { INFO("n25q512a11", 0x20bb20, 0, 64 << 10, 1024, ER_4K) }, 260 { INFO("n25q512a13", 0x20ba20, 0, 64 << 10, 1024, ER_4K) }, 261 { INFO("n25q128", 0x20ba18, 0, 64 << 10, 256, 0) }, 262 { INFO("n25q256a", 0x20ba19, 0, 64 << 10, 512, 263 ER_4K | HAS_SR_BP3_BIT6 | HAS_SR_TB), 264 .sfdp_read = m25p80_sfdp_n25q256a }, 265 { INFO("n25q512a", 0x20ba20, 0, 64 << 10, 1024, ER_4K) }, 266 { INFO("n25q512ax3", 0x20ba20, 0x1000, 64 << 10, 1024, ER_4K) }, 267 { INFO("mt25ql512ab", 0x20ba20, 0x1044, 64 << 10, 1024, ER_4K | ER_32K) }, 268 { INFO_STACKED("mt35xu01g", 0x2c5b1b, 0x104100, 128 << 10, 1024, 269 ER_4K | ER_32K, 2) }, 270 { INFO_STACKED("mt35xu02gbba", 0x2c5b1c, 0x104100, 128 << 10, 2048, 271 ER_4K | ER_32K, 4), 272 .sfdp_read = m25p80_sfdp_mt35xu02g }, 273 { INFO_STACKED("n25q00", 0x20ba21, 0x1000, 64 << 10, 2048, ER_4K, 4) }, 274 { INFO_STACKED("n25q00a", 0x20bb21, 0x1000, 64 << 10, 2048, ER_4K, 4) }, 275 { INFO_STACKED("mt25ql01g", 0x20ba21, 0x1040, 64 << 10, 2048, ER_4K, 2) }, 276 { INFO_STACKED("mt25qu01g", 0x20bb21, 0x1040, 64 << 10, 2048, ER_4K, 2) }, 277 { INFO_STACKED("mt25ql02g", 0x20ba22, 0x1040, 64 << 10, 4096, ER_4K | ER_32K, 2) }, 278 { INFO_STACKED("mt25qu02g", 0x20bb22, 0x1040, 64 << 10, 4096, ER_4K | ER_32K, 2) }, 279 280 /* Spansion -- single (large) sector size only, at least 281 * for the chips listed here (without boot sectors). 282 */ 283 { INFO("s25sl032p", 0x010215, 0x4d00, 64 << 10, 64, ER_4K) }, 284 { INFO("s25sl064p", 0x010216, 0x4d00, 64 << 10, 128, ER_4K) }, 285 { INFO("s25fl256s0", 0x010219, 0x4d00, 256 << 10, 128, 0) }, 286 { INFO("s25fl256s1", 0x010219, 0x4d01, 64 << 10, 512, 0) }, 287 { INFO6("s25fl512s", 0x010220, 0x4d0080, 256 << 10, 256, 0) }, 288 { INFO6("s70fl01gs", 0x010221, 0x4d0080, 256 << 10, 512, 0) }, 289 { INFO("s25sl12800", 0x012018, 0x0300, 256 << 10, 64, 0) }, 290 { INFO("s25sl12801", 0x012018, 0x0301, 64 << 10, 256, 0) }, 291 { INFO("s25fl129p0", 0x012018, 0x4d00, 256 << 10, 64, 0) }, 292 { INFO("s25fl129p1", 0x012018, 0x4d01, 64 << 10, 256, 0) }, 293 { INFO("s25sl004a", 0x010212, 0, 64 << 10, 8, 0) }, 294 { INFO("s25sl008a", 0x010213, 0, 64 << 10, 16, 0) }, 295 { INFO("s25sl016a", 0x010214, 0, 64 << 10, 32, 0) }, 296 { INFO("s25sl032a", 0x010215, 0, 64 << 10, 64, 0) }, 297 { INFO("s25sl064a", 0x010216, 0, 64 << 10, 128, 0) }, 298 { INFO("s25fl016k", 0xef4015, 0, 64 << 10, 32, ER_4K | ER_32K) }, 299 { INFO("s25fl064k", 0xef4017, 0, 64 << 10, 128, ER_4K | ER_32K) }, 300 301 /* Spansion -- boot sectors support */ 302 { INFO6("s25fs512s", 0x010220, 0x4d0081, 256 << 10, 256, 0) }, 303 { INFO6("s70fs01gs", 0x010221, 0x4d0081, 256 << 10, 512, 0) }, 304 305 /* SST -- large erase sizes are "overlays", "sectors" are 4<< 10 */ 306 { INFO("sst25vf040b", 0xbf258d, 0, 64 << 10, 8, ER_4K) }, 307 { INFO("sst25vf080b", 0xbf258e, 0, 64 << 10, 16, ER_4K) }, 308 { INFO("sst25vf016b", 0xbf2541, 0, 64 << 10, 32, ER_4K) }, 309 { INFO("sst25vf032b", 0xbf254a, 0, 64 << 10, 64, ER_4K) }, 310 { INFO("sst25wf512", 0xbf2501, 0, 64 << 10, 1, ER_4K) }, 311 { INFO("sst25wf010", 0xbf2502, 0, 64 << 10, 2, ER_4K) }, 312 { INFO("sst25wf020", 0xbf2503, 0, 64 << 10, 4, ER_4K) }, 313 { INFO("sst25wf040", 0xbf2504, 0, 64 << 10, 8, ER_4K) }, 314 { INFO("sst25wf080", 0xbf2505, 0, 64 << 10, 16, ER_4K) }, 315 316 /* ST Microelectronics -- newer production may have feature updates */ 317 { INFO("m25p05", 0x202010, 0, 32 << 10, 2, 0) }, 318 { INFO("m25p10", 0x202011, 0, 32 << 10, 4, 0) }, 319 { INFO("m25p20", 0x202012, 0, 64 << 10, 4, 0) }, 320 { INFO("m25p40", 0x202013, 0, 64 << 10, 8, 0) }, 321 { INFO("m25p80", 0x202014, 0, 64 << 10, 16, 0) }, 322 { INFO("m25p16", 0x202015, 0, 64 << 10, 32, 0) }, 323 { INFO("m25p32", 0x202016, 0, 64 << 10, 64, 0) }, 324 { INFO("m25p64", 0x202017, 0, 64 << 10, 128, 0) }, 325 { INFO("m25p128", 0x202018, 0, 256 << 10, 64, 0) }, 326 { INFO("n25q032", 0x20ba16, 0, 64 << 10, 64, 0) }, 327 328 { INFO("m45pe10", 0x204011, 0, 64 << 10, 2, 0) }, 329 { INFO("m45pe80", 0x204014, 0, 64 << 10, 16, 0) }, 330 { INFO("m45pe16", 0x204015, 0, 64 << 10, 32, 0) }, 331 332 { INFO("m25pe20", 0x208012, 0, 64 << 10, 4, 0) }, 333 { INFO("m25pe80", 0x208014, 0, 64 << 10, 16, 0) }, 334 { INFO("m25pe16", 0x208015, 0, 64 << 10, 32, ER_4K) }, 335 336 { INFO("m25px32", 0x207116, 0, 64 << 10, 64, ER_4K) }, 337 { INFO("m25px32-s0", 0x207316, 0, 64 << 10, 64, ER_4K) }, 338 { INFO("m25px32-s1", 0x206316, 0, 64 << 10, 64, ER_4K) }, 339 { INFO("m25px64", 0x207117, 0, 64 << 10, 128, 0) }, 340 341 /* Winbond -- w25x "blocks" are 64k, "sectors" are 4KiB */ 342 { INFO("w25x10", 0xef3011, 0, 64 << 10, 2, ER_4K) }, 343 { INFO("w25x20", 0xef3012, 0, 64 << 10, 4, ER_4K) }, 344 { INFO("w25x40", 0xef3013, 0, 64 << 10, 8, ER_4K) }, 345 { INFO("w25x80", 0xef3014, 0, 64 << 10, 16, ER_4K) }, 346 { INFO("w25x16", 0xef3015, 0, 64 << 10, 32, ER_4K) }, 347 { INFO("w25x32", 0xef3016, 0, 64 << 10, 64, ER_4K) }, 348 { INFO("w25q32", 0xef4016, 0, 64 << 10, 64, ER_4K) }, 349 { INFO("w25q32dw", 0xef6016, 0, 64 << 10, 64, ER_4K) }, 350 { INFO("w25x64", 0xef3017, 0, 64 << 10, 128, ER_4K) }, 351 { INFO("w25q64", 0xef4017, 0, 64 << 10, 128, ER_4K) }, 352 { INFO("w25q80", 0xef5014, 0, 64 << 10, 16, ER_4K) }, 353 { INFO("w25q80bl", 0xef4014, 0, 64 << 10, 16, ER_4K) }, 354 { INFO("w25q256", 0xef4019, 0, 64 << 10, 512, ER_4K), 355 .sfdp_read = m25p80_sfdp_w25q256 }, 356 { INFO("w25q512jv", 0xef4020, 0, 64 << 10, 1024, ER_4K), 357 .sfdp_read = m25p80_sfdp_w25q512jv }, 358 { INFO("w25q01jvq", 0xef4021, 0, 64 << 10, 2048, ER_4K), 359 .sfdp_read = m25p80_sfdp_w25q01jvq }, 360 361 /* Microchip */ 362 { INFO("25csm04", 0x29cc00, 0x100, 64 << 10, 8, 0) }, 363 }; 364 365 typedef enum { 366 NOP = 0, 367 WRSR = 0x1, 368 WRDI = 0x4, 369 RDSR = 0x5, 370 WREN = 0x6, 371 BRRD = 0x16, 372 BRWR = 0x17, 373 JEDEC_READ = 0x9f, 374 BULK_ERASE_60 = 0x60, 375 BULK_ERASE = 0xc7, 376 READ_FSR = 0x70, 377 RDCR = 0x15, 378 RDSFDP = 0x5a, 379 380 READ = 0x03, 381 READ4 = 0x13, 382 FAST_READ = 0x0b, 383 FAST_READ4 = 0x0c, 384 DOR = 0x3b, 385 DOR4 = 0x3c, 386 QOR = 0x6b, 387 QOR4 = 0x6c, 388 DIOR = 0xbb, 389 DIOR4 = 0xbc, 390 QIOR = 0xeb, 391 QIOR4 = 0xec, 392 393 PP = 0x02, 394 PP4 = 0x12, 395 PP4_4 = 0x3e, 396 DPP = 0xa2, 397 QPP = 0x32, 398 QPP_4 = 0x34, 399 RDID_90 = 0x90, 400 RDID_AB = 0xab, 401 AAI_WP = 0xad, 402 403 ERASE_4K = 0x20, 404 ERASE4_4K = 0x21, 405 ERASE_32K = 0x52, 406 ERASE4_32K = 0x5c, 407 ERASE_SECTOR = 0xd8, 408 ERASE4_SECTOR = 0xdc, 409 410 EN_4BYTE_ADDR = 0xB7, 411 EX_4BYTE_ADDR = 0xE9, 412 413 EXTEND_ADDR_READ = 0xC8, 414 EXTEND_ADDR_WRITE = 0xC5, 415 416 RESET_ENABLE = 0x66, 417 RESET_MEMORY = 0x99, 418 419 /* 420 * Micron: 0x35 - enable QPI 421 * Spansion: 0x35 - read control register 422 * Winbond: 0x35 - quad enable 423 */ 424 RDCR_EQIO = 0x35, 425 RSTQIO = 0xf5, 426 427 RNVCR = 0xB5, 428 WNVCR = 0xB1, 429 430 RVCR = 0x85, 431 WVCR = 0x81, 432 433 REVCR = 0x65, 434 WEVCR = 0x61, 435 436 DIE_ERASE = 0xC4, 437 } FlashCMD; 438 439 typedef enum { 440 STATE_IDLE, 441 STATE_PAGE_PROGRAM, 442 STATE_READ, 443 STATE_COLLECTING_DATA, 444 STATE_COLLECTING_VAR_LEN_DATA, 445 STATE_READING_DATA, 446 STATE_READING_SFDP, 447 } CMDState; 448 449 typedef enum { 450 MAN_SPANSION, 451 MAN_MACRONIX, 452 MAN_NUMONYX, 453 MAN_WINBOND, 454 MAN_SST, 455 MAN_ISSI, 456 MAN_GENERIC, 457 } Manufacturer; 458 459 typedef enum { 460 MODE_STD = 0, 461 MODE_DIO = 1, 462 MODE_QIO = 2 463 } SPIMode; 464 465 #define M25P80_INTERNAL_DATA_BUFFER_SZ 16 466 467 struct Flash { 468 SSIPeripheral parent_obj; 469 470 BlockBackend *blk; 471 472 uint8_t *storage; 473 uint32_t size; 474 int page_size; 475 476 uint8_t state; 477 uint8_t data[M25P80_INTERNAL_DATA_BUFFER_SZ]; 478 uint32_t len; 479 uint32_t pos; 480 bool data_read_loop; 481 uint8_t needed_bytes; 482 uint8_t cmd_in_progress; 483 uint32_t cur_addr; 484 uint32_t nonvolatile_cfg; 485 /* Configuration register for Macronix */ 486 uint32_t volatile_cfg; 487 uint32_t enh_volatile_cfg; 488 /* Spansion cfg registers. */ 489 uint8_t spansion_cr1nv; 490 uint8_t spansion_cr2nv; 491 uint8_t spansion_cr3nv; 492 uint8_t spansion_cr4nv; 493 uint8_t spansion_cr1v; 494 uint8_t spansion_cr2v; 495 uint8_t spansion_cr3v; 496 uint8_t spansion_cr4v; 497 bool wp_level; 498 bool write_enable; 499 bool four_bytes_address_mode; 500 bool reset_enable; 501 bool quad_enable; 502 bool aai_enable; 503 bool block_protect0; 504 bool block_protect1; 505 bool block_protect2; 506 bool block_protect3; 507 bool top_bottom_bit; 508 bool status_register_write_disabled; 509 uint8_t ear; 510 511 int64_t dirty_page; 512 513 const FlashPartInfo *pi; 514 515 }; 516 517 struct M25P80Class { 518 SSIPeripheralClass parent_class; 519 FlashPartInfo *pi; 520 }; 521 522 OBJECT_DECLARE_TYPE(Flash, M25P80Class, M25P80) 523 524 static inline Manufacturer get_man(Flash *s) 525 { 526 switch (s->pi->id[0]) { 527 case 0x20: 528 return MAN_NUMONYX; 529 case 0xEF: 530 return MAN_WINBOND; 531 case 0x01: 532 return MAN_SPANSION; 533 case 0xC2: 534 return MAN_MACRONIX; 535 case 0xBF: 536 return MAN_SST; 537 case 0x9D: 538 return MAN_ISSI; 539 default: 540 return MAN_GENERIC; 541 } 542 } 543 544 static void blk_sync_complete(void *opaque, int ret) 545 { 546 QEMUIOVector *iov = opaque; 547 548 qemu_iovec_destroy(iov); 549 g_free(iov); 550 551 /* do nothing. Masters do not directly interact with the backing store, 552 * only the working copy so no mutexing required. 553 */ 554 } 555 556 static void flash_sync_page(Flash *s, int page) 557 { 558 QEMUIOVector *iov; 559 560 if (!s->blk || !blk_is_writable(s->blk)) { 561 return; 562 } 563 564 iov = g_new(QEMUIOVector, 1); 565 qemu_iovec_init(iov, 1); 566 qemu_iovec_add(iov, s->storage + page * s->pi->page_size, 567 s->pi->page_size); 568 blk_aio_pwritev(s->blk, page * s->pi->page_size, iov, 0, 569 blk_sync_complete, iov); 570 } 571 572 static inline void flash_sync_area(Flash *s, int64_t off, int64_t len) 573 { 574 QEMUIOVector *iov; 575 576 if (!s->blk || !blk_is_writable(s->blk)) { 577 return; 578 } 579 580 assert(!(len % BDRV_SECTOR_SIZE)); 581 iov = g_new(QEMUIOVector, 1); 582 qemu_iovec_init(iov, 1); 583 qemu_iovec_add(iov, s->storage + off, len); 584 blk_aio_pwritev(s->blk, off, iov, 0, blk_sync_complete, iov); 585 } 586 587 static void flash_erase(Flash *s, int offset, FlashCMD cmd) 588 { 589 uint32_t len; 590 uint8_t capa_to_assert = 0; 591 592 switch (cmd) { 593 case ERASE_4K: 594 case ERASE4_4K: 595 len = 4 * KiB; 596 capa_to_assert = ER_4K; 597 break; 598 case ERASE_32K: 599 case ERASE4_32K: 600 len = 32 * KiB; 601 capa_to_assert = ER_32K; 602 break; 603 case ERASE_SECTOR: 604 case ERASE4_SECTOR: 605 len = s->pi->sector_size; 606 break; 607 case BULK_ERASE: 608 len = s->size; 609 break; 610 case DIE_ERASE: 611 if (s->pi->die_cnt) { 612 len = s->size / s->pi->die_cnt; 613 offset = offset & (~(len - 1)); 614 } else { 615 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: die erase is not supported" 616 " by device\n"); 617 return; 618 } 619 break; 620 default: 621 abort(); 622 } 623 624 trace_m25p80_flash_erase(s, offset, len); 625 626 if ((s->pi->flags & capa_to_assert) != capa_to_assert) { 627 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: %d erase size not supported by" 628 " device\n", len); 629 } 630 631 if (!s->write_enable) { 632 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: erase with write protect!\n"); 633 return; 634 } 635 memset(s->storage + offset, 0xff, len); 636 flash_sync_area(s, offset, len); 637 } 638 639 static inline void flash_sync_dirty(Flash *s, int64_t newpage) 640 { 641 if (s->dirty_page >= 0 && s->dirty_page != newpage) { 642 flash_sync_page(s, s->dirty_page); 643 s->dirty_page = newpage; 644 } 645 } 646 647 static inline 648 void flash_write8(Flash *s, uint32_t addr, uint8_t data) 649 { 650 uint32_t page = addr / s->pi->page_size; 651 uint8_t prev = s->storage[s->cur_addr]; 652 uint32_t block_protect_value = (s->block_protect3 << 3) | 653 (s->block_protect2 << 2) | 654 (s->block_protect1 << 1) | 655 (s->block_protect0 << 0); 656 657 if (!s->write_enable) { 658 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: write with write protect!\n"); 659 return; 660 } 661 662 if (block_protect_value > 0) { 663 uint32_t num_protected_sectors = 1 << (block_protect_value - 1); 664 uint32_t sector = addr / s->pi->sector_size; 665 666 /* top_bottom_bit == 0 means TOP */ 667 if (!s->top_bottom_bit) { 668 if (s->pi->n_sectors <= sector + num_protected_sectors) { 669 qemu_log_mask(LOG_GUEST_ERROR, 670 "M25P80: write with write protect!\n"); 671 return; 672 } 673 } else { 674 if (sector < num_protected_sectors) { 675 qemu_log_mask(LOG_GUEST_ERROR, 676 "M25P80: write with write protect!\n"); 677 return; 678 } 679 } 680 } 681 682 if ((prev ^ data) & data) { 683 trace_m25p80_programming_zero_to_one(s, addr, prev, data); 684 } 685 686 if (s->pi->flags & EEPROM) { 687 s->storage[s->cur_addr] = data; 688 } else { 689 s->storage[s->cur_addr] &= data; 690 } 691 692 flash_sync_dirty(s, page); 693 s->dirty_page = page; 694 } 695 696 static inline int get_addr_length(Flash *s) 697 { 698 /* check if eeprom is in use */ 699 if (s->pi->flags == EEPROM) { 700 return 2; 701 } 702 703 switch (s->cmd_in_progress) { 704 case RDSFDP: 705 return 3; 706 case PP4: 707 case PP4_4: 708 case QPP_4: 709 case READ4: 710 case QIOR4: 711 case ERASE4_4K: 712 case ERASE4_32K: 713 case ERASE4_SECTOR: 714 case FAST_READ4: 715 case DOR4: 716 case QOR4: 717 case DIOR4: 718 return 4; 719 default: 720 return s->four_bytes_address_mode ? 4 : 3; 721 } 722 } 723 724 static void complete_collecting_data(Flash *s) 725 { 726 int i, n; 727 728 n = get_addr_length(s); 729 s->cur_addr = (n == 3 ? s->ear : 0); 730 for (i = 0; i < n; ++i) { 731 s->cur_addr <<= 8; 732 s->cur_addr |= s->data[i]; 733 } 734 735 s->cur_addr &= s->size - 1; 736 737 s->state = STATE_IDLE; 738 739 trace_m25p80_complete_collecting(s, s->cmd_in_progress, n, s->ear, 740 s->cur_addr); 741 742 switch (s->cmd_in_progress) { 743 case DPP: 744 case QPP: 745 case QPP_4: 746 case PP: 747 case PP4: 748 case PP4_4: 749 s->state = STATE_PAGE_PROGRAM; 750 break; 751 case AAI_WP: 752 /* AAI programming starts from the even address */ 753 s->cur_addr &= ~BIT(0); 754 s->state = STATE_PAGE_PROGRAM; 755 break; 756 case READ: 757 case READ4: 758 case FAST_READ: 759 case FAST_READ4: 760 case DOR: 761 case DOR4: 762 case QOR: 763 case QOR4: 764 case DIOR: 765 case DIOR4: 766 case QIOR: 767 case QIOR4: 768 s->state = STATE_READ; 769 break; 770 case ERASE_4K: 771 case ERASE4_4K: 772 case ERASE_32K: 773 case ERASE4_32K: 774 case ERASE_SECTOR: 775 case ERASE4_SECTOR: 776 case DIE_ERASE: 777 flash_erase(s, s->cur_addr, s->cmd_in_progress); 778 break; 779 case WRSR: 780 s->status_register_write_disabled = extract32(s->data[0], 7, 1); 781 s->block_protect0 = extract32(s->data[0], 2, 1); 782 s->block_protect1 = extract32(s->data[0], 3, 1); 783 s->block_protect2 = extract32(s->data[0], 4, 1); 784 if (s->pi->flags & HAS_SR_TB) { 785 s->top_bottom_bit = extract32(s->data[0], 5, 1); 786 } 787 if (s->pi->flags & HAS_SR_BP3_BIT6) { 788 s->block_protect3 = extract32(s->data[0], 6, 1); 789 } 790 791 switch (get_man(s)) { 792 case MAN_SPANSION: 793 s->quad_enable = !!(s->data[1] & 0x02); 794 break; 795 case MAN_ISSI: 796 s->quad_enable = extract32(s->data[0], 6, 1); 797 break; 798 case MAN_MACRONIX: 799 s->quad_enable = extract32(s->data[0], 6, 1); 800 if (s->len > 1) { 801 s->volatile_cfg = s->data[1]; 802 s->four_bytes_address_mode = extract32(s->data[1], 5, 1); 803 } 804 break; 805 case MAN_WINBOND: 806 if (s->len > 1) { 807 s->quad_enable = !!(s->data[1] & 0x02); 808 } 809 break; 810 default: 811 break; 812 } 813 if (s->write_enable) { 814 s->write_enable = false; 815 } 816 break; 817 case BRWR: 818 case EXTEND_ADDR_WRITE: 819 s->ear = s->data[0]; 820 break; 821 case WNVCR: 822 s->nonvolatile_cfg = s->data[0] | (s->data[1] << 8); 823 break; 824 case WVCR: 825 s->volatile_cfg = s->data[0]; 826 break; 827 case WEVCR: 828 s->enh_volatile_cfg = s->data[0]; 829 break; 830 case RDID_90: 831 case RDID_AB: 832 if (get_man(s) == MAN_SST) { 833 if (s->cur_addr <= 1) { 834 if (s->cur_addr) { 835 s->data[0] = s->pi->id[2]; 836 s->data[1] = s->pi->id[0]; 837 } else { 838 s->data[0] = s->pi->id[0]; 839 s->data[1] = s->pi->id[2]; 840 } 841 s->pos = 0; 842 s->len = 2; 843 s->data_read_loop = true; 844 s->state = STATE_READING_DATA; 845 } else { 846 qemu_log_mask(LOG_GUEST_ERROR, 847 "M25P80: Invalid read id address\n"); 848 } 849 } else { 850 qemu_log_mask(LOG_GUEST_ERROR, 851 "M25P80: Read id (command 0x90/0xAB) is not supported" 852 " by device\n"); 853 } 854 break; 855 856 case RDSFDP: 857 s->state = STATE_READING_SFDP; 858 break; 859 860 default: 861 break; 862 } 863 } 864 865 static void reset_memory(Flash *s) 866 { 867 s->cmd_in_progress = NOP; 868 s->cur_addr = 0; 869 s->ear = 0; 870 s->four_bytes_address_mode = false; 871 s->len = 0; 872 s->needed_bytes = 0; 873 s->pos = 0; 874 s->state = STATE_IDLE; 875 s->write_enable = false; 876 s->reset_enable = false; 877 s->quad_enable = false; 878 s->aai_enable = false; 879 880 switch (get_man(s)) { 881 case MAN_NUMONYX: 882 s->volatile_cfg = 0; 883 s->volatile_cfg |= VCFG_DUMMY; 884 s->volatile_cfg |= VCFG_WRAP_SEQUENTIAL; 885 if ((s->nonvolatile_cfg & NVCFG_XIP_MODE_MASK) 886 == NVCFG_XIP_MODE_DISABLED) { 887 s->volatile_cfg |= VCFG_XIP_MODE_DISABLED; 888 } 889 s->volatile_cfg |= deposit32(s->volatile_cfg, 890 VCFG_DUMMY_CLK_POS, 891 CFG_DUMMY_CLK_LEN, 892 extract32(s->nonvolatile_cfg, 893 NVCFG_DUMMY_CLK_POS, 894 CFG_DUMMY_CLK_LEN) 895 ); 896 897 s->enh_volatile_cfg = 0; 898 s->enh_volatile_cfg |= EVCFG_OUT_DRIVER_STRENGTH_DEF; 899 s->enh_volatile_cfg |= EVCFG_VPP_ACCELERATOR; 900 s->enh_volatile_cfg |= EVCFG_RESET_HOLD_ENABLED; 901 if (s->nonvolatile_cfg & NVCFG_DUAL_IO_MASK) { 902 s->enh_volatile_cfg |= EVCFG_DUAL_IO_DISABLED; 903 } 904 if (s->nonvolatile_cfg & NVCFG_QUAD_IO_MASK) { 905 s->enh_volatile_cfg |= EVCFG_QUAD_IO_DISABLED; 906 } 907 if (!(s->nonvolatile_cfg & NVCFG_4BYTE_ADDR_MASK)) { 908 s->four_bytes_address_mode = true; 909 } 910 if (!(s->nonvolatile_cfg & NVCFG_LOWER_SEGMENT_MASK)) { 911 s->ear = s->size / MAX_3BYTES_SIZE - 1; 912 } 913 break; 914 case MAN_MACRONIX: 915 s->volatile_cfg = 0x7; 916 break; 917 case MAN_SPANSION: 918 s->spansion_cr1v = s->spansion_cr1nv; 919 s->spansion_cr2v = s->spansion_cr2nv; 920 s->spansion_cr3v = s->spansion_cr3nv; 921 s->spansion_cr4v = s->spansion_cr4nv; 922 s->quad_enable = extract32(s->spansion_cr1v, 923 SPANSION_QUAD_CFG_POS, 924 SPANSION_QUAD_CFG_LEN 925 ); 926 s->four_bytes_address_mode = extract32(s->spansion_cr2v, 927 SPANSION_ADDR_LEN_POS, 928 SPANSION_ADDR_LEN_LEN 929 ); 930 break; 931 default: 932 break; 933 } 934 935 trace_m25p80_reset_done(s); 936 } 937 938 static uint8_t numonyx_mode(Flash *s) 939 { 940 if (!(s->enh_volatile_cfg & EVCFG_QUAD_IO_DISABLED)) { 941 return MODE_QIO; 942 } else if (!(s->enh_volatile_cfg & EVCFG_DUAL_IO_DISABLED)) { 943 return MODE_DIO; 944 } else { 945 return MODE_STD; 946 } 947 } 948 949 static uint8_t numonyx_extract_cfg_num_dummies(Flash *s) 950 { 951 uint8_t num_dummies; 952 uint8_t mode; 953 assert(get_man(s) == MAN_NUMONYX); 954 955 mode = numonyx_mode(s); 956 num_dummies = extract32(s->volatile_cfg, 4, 4); 957 958 if (num_dummies == 0x0 || num_dummies == 0xf) { 959 switch (s->cmd_in_progress) { 960 case QIOR: 961 case QIOR4: 962 num_dummies = 10; 963 break; 964 default: 965 num_dummies = (mode == MODE_QIO) ? 10 : 8; 966 break; 967 } 968 } 969 970 return num_dummies; 971 } 972 973 static void decode_fast_read_cmd(Flash *s) 974 { 975 s->needed_bytes = get_addr_length(s); 976 switch (get_man(s)) { 977 /* Dummy cycles - modeled with bytes writes instead of bits */ 978 case MAN_SST: 979 s->needed_bytes += 1; 980 break; 981 case MAN_WINBOND: 982 s->needed_bytes += 8; 983 break; 984 case MAN_NUMONYX: 985 s->needed_bytes += numonyx_extract_cfg_num_dummies(s); 986 break; 987 case MAN_MACRONIX: 988 if (extract32(s->volatile_cfg, 6, 2) == 1) { 989 s->needed_bytes += 6; 990 } else { 991 s->needed_bytes += 8; 992 } 993 break; 994 case MAN_SPANSION: 995 s->needed_bytes += extract32(s->spansion_cr2v, 996 SPANSION_DUMMY_CLK_POS, 997 SPANSION_DUMMY_CLK_LEN 998 ); 999 break; 1000 case MAN_ISSI: 1001 /* 1002 * The Fast Read instruction code is followed by address bytes and 1003 * dummy cycles, transmitted via the SI line. 1004 * 1005 * The number of dummy cycles is configurable but this is currently 1006 * unmodeled, hence the default value 8 is used. 1007 * 1008 * QPI (Quad Peripheral Interface) mode has different default value 1009 * of dummy cycles, but this is unsupported at the time being. 1010 */ 1011 s->needed_bytes += 1; 1012 break; 1013 default: 1014 break; 1015 } 1016 s->pos = 0; 1017 s->len = 0; 1018 s->state = STATE_COLLECTING_DATA; 1019 } 1020 1021 static void decode_dio_read_cmd(Flash *s) 1022 { 1023 s->needed_bytes = get_addr_length(s); 1024 /* Dummy cycles modeled with bytes writes instead of bits */ 1025 switch (get_man(s)) { 1026 case MAN_WINBOND: 1027 s->needed_bytes += WINBOND_CONTINUOUS_READ_MODE_CMD_LEN; 1028 break; 1029 case MAN_SPANSION: 1030 s->needed_bytes += SPANSION_CONTINUOUS_READ_MODE_CMD_LEN; 1031 s->needed_bytes += extract32(s->spansion_cr2v, 1032 SPANSION_DUMMY_CLK_POS, 1033 SPANSION_DUMMY_CLK_LEN 1034 ); 1035 break; 1036 case MAN_NUMONYX: 1037 s->needed_bytes += numonyx_extract_cfg_num_dummies(s); 1038 break; 1039 case MAN_MACRONIX: 1040 switch (extract32(s->volatile_cfg, 6, 2)) { 1041 case 1: 1042 s->needed_bytes += 6; 1043 break; 1044 case 2: 1045 s->needed_bytes += 8; 1046 break; 1047 default: 1048 s->needed_bytes += 4; 1049 break; 1050 } 1051 break; 1052 case MAN_ISSI: 1053 /* 1054 * The Fast Read Dual I/O instruction code is followed by address bytes 1055 * and dummy cycles, transmitted via the IO1 and IO0 line. 1056 * 1057 * The number of dummy cycles is configurable but this is currently 1058 * unmodeled, hence the default value 4 is used. 1059 */ 1060 s->needed_bytes += 1; 1061 break; 1062 default: 1063 break; 1064 } 1065 s->pos = 0; 1066 s->len = 0; 1067 s->state = STATE_COLLECTING_DATA; 1068 } 1069 1070 static void decode_qio_read_cmd(Flash *s) 1071 { 1072 s->needed_bytes = get_addr_length(s); 1073 /* Dummy cycles modeled with bytes writes instead of bits */ 1074 switch (get_man(s)) { 1075 case MAN_WINBOND: 1076 s->needed_bytes += WINBOND_CONTINUOUS_READ_MODE_CMD_LEN; 1077 s->needed_bytes += 4; 1078 break; 1079 case MAN_SPANSION: 1080 s->needed_bytes += SPANSION_CONTINUOUS_READ_MODE_CMD_LEN; 1081 s->needed_bytes += extract32(s->spansion_cr2v, 1082 SPANSION_DUMMY_CLK_POS, 1083 SPANSION_DUMMY_CLK_LEN 1084 ); 1085 break; 1086 case MAN_NUMONYX: 1087 s->needed_bytes += numonyx_extract_cfg_num_dummies(s); 1088 break; 1089 case MAN_MACRONIX: 1090 switch (extract32(s->volatile_cfg, 6, 2)) { 1091 case 1: 1092 s->needed_bytes += 4; 1093 break; 1094 case 2: 1095 s->needed_bytes += 8; 1096 break; 1097 default: 1098 s->needed_bytes += 6; 1099 break; 1100 } 1101 break; 1102 case MAN_ISSI: 1103 /* 1104 * The Fast Read Quad I/O instruction code is followed by address bytes 1105 * and dummy cycles, transmitted via the IO3, IO2, IO1 and IO0 line. 1106 * 1107 * The number of dummy cycles is configurable but this is currently 1108 * unmodeled, hence the default value 6 is used. 1109 * 1110 * QPI (Quad Peripheral Interface) mode has different default value 1111 * of dummy cycles, but this is unsupported at the time being. 1112 */ 1113 s->needed_bytes += 3; 1114 break; 1115 default: 1116 break; 1117 } 1118 s->pos = 0; 1119 s->len = 0; 1120 s->state = STATE_COLLECTING_DATA; 1121 } 1122 1123 static bool is_valid_aai_cmd(uint32_t cmd) 1124 { 1125 return cmd == AAI_WP || cmd == WRDI || cmd == RDSR; 1126 } 1127 1128 static void decode_new_cmd(Flash *s, uint32_t value) 1129 { 1130 int i; 1131 1132 s->cmd_in_progress = value; 1133 trace_m25p80_command_decoded(s, value); 1134 1135 if (value != RESET_MEMORY) { 1136 s->reset_enable = false; 1137 } 1138 1139 if (get_man(s) == MAN_SST && s->aai_enable && !is_valid_aai_cmd(value)) { 1140 qemu_log_mask(LOG_GUEST_ERROR, 1141 "M25P80: Invalid cmd within AAI programming sequence"); 1142 } 1143 1144 switch (value) { 1145 1146 case ERASE_4K: 1147 case ERASE4_4K: 1148 case ERASE_32K: 1149 case ERASE4_32K: 1150 case ERASE_SECTOR: 1151 case ERASE4_SECTOR: 1152 case PP: 1153 case PP4: 1154 case DIE_ERASE: 1155 case RDID_90: 1156 case RDID_AB: 1157 s->needed_bytes = get_addr_length(s); 1158 s->pos = 0; 1159 s->len = 0; 1160 s->state = STATE_COLLECTING_DATA; 1161 break; 1162 case READ: 1163 case READ4: 1164 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) == MODE_STD) { 1165 s->needed_bytes = get_addr_length(s); 1166 s->pos = 0; 1167 s->len = 0; 1168 s->state = STATE_COLLECTING_DATA; 1169 } else { 1170 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in " 1171 "DIO or QIO mode\n", s->cmd_in_progress); 1172 } 1173 break; 1174 case DPP: 1175 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_QIO) { 1176 s->needed_bytes = get_addr_length(s); 1177 s->pos = 0; 1178 s->len = 0; 1179 s->state = STATE_COLLECTING_DATA; 1180 } else { 1181 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in " 1182 "QIO mode\n", s->cmd_in_progress); 1183 } 1184 break; 1185 case QPP: 1186 case QPP_4: 1187 case PP4_4: 1188 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_DIO) { 1189 s->needed_bytes = get_addr_length(s); 1190 s->pos = 0; 1191 s->len = 0; 1192 s->state = STATE_COLLECTING_DATA; 1193 } else { 1194 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in " 1195 "DIO mode\n", s->cmd_in_progress); 1196 } 1197 break; 1198 1199 case FAST_READ: 1200 case FAST_READ4: 1201 decode_fast_read_cmd(s); 1202 break; 1203 case DOR: 1204 case DOR4: 1205 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_QIO) { 1206 decode_fast_read_cmd(s); 1207 } else { 1208 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in " 1209 "QIO mode\n", s->cmd_in_progress); 1210 } 1211 break; 1212 case QOR: 1213 case QOR4: 1214 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_DIO) { 1215 decode_fast_read_cmd(s); 1216 } else { 1217 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in " 1218 "DIO mode\n", s->cmd_in_progress); 1219 } 1220 break; 1221 1222 case DIOR: 1223 case DIOR4: 1224 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_QIO) { 1225 decode_dio_read_cmd(s); 1226 } else { 1227 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in " 1228 "QIO mode\n", s->cmd_in_progress); 1229 } 1230 break; 1231 1232 case QIOR: 1233 case QIOR4: 1234 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_DIO) { 1235 decode_qio_read_cmd(s); 1236 } else { 1237 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in " 1238 "DIO mode\n", s->cmd_in_progress); 1239 } 1240 break; 1241 1242 case WRSR: 1243 /* 1244 * If WP# is low and status_register_write_disabled is high, 1245 * status register writes are disabled. 1246 * This is also called "hardware protected mode" (HPM). All other 1247 * combinations of the two states are called "software protected mode" 1248 * (SPM), and status register writes are permitted. 1249 */ 1250 if ((s->wp_level == 0 && s->status_register_write_disabled) 1251 || !s->write_enable) { 1252 qemu_log_mask(LOG_GUEST_ERROR, 1253 "M25P80: Status register write is disabled!\n"); 1254 break; 1255 } 1256 1257 switch (get_man(s)) { 1258 case MAN_SPANSION: 1259 s->needed_bytes = 2; 1260 s->state = STATE_COLLECTING_DATA; 1261 break; 1262 case MAN_MACRONIX: 1263 s->needed_bytes = 2; 1264 s->state = STATE_COLLECTING_VAR_LEN_DATA; 1265 break; 1266 case MAN_WINBOND: 1267 s->needed_bytes = 2; 1268 s->state = STATE_COLLECTING_VAR_LEN_DATA; 1269 break; 1270 default: 1271 s->needed_bytes = 1; 1272 s->state = STATE_COLLECTING_DATA; 1273 } 1274 s->pos = 0; 1275 break; 1276 1277 case WRDI: 1278 s->write_enable = false; 1279 if (get_man(s) == MAN_SST) { 1280 s->aai_enable = false; 1281 } 1282 break; 1283 case WREN: 1284 s->write_enable = true; 1285 break; 1286 1287 case RDSR: 1288 s->data[0] = (!!s->write_enable) << 1; 1289 s->data[0] |= (!!s->status_register_write_disabled) << 7; 1290 s->data[0] |= (!!s->block_protect0) << 2; 1291 s->data[0] |= (!!s->block_protect1) << 3; 1292 s->data[0] |= (!!s->block_protect2) << 4; 1293 if (s->pi->flags & HAS_SR_TB) { 1294 s->data[0] |= (!!s->top_bottom_bit) << 5; 1295 } 1296 if (s->pi->flags & HAS_SR_BP3_BIT6) { 1297 s->data[0] |= (!!s->block_protect3) << 6; 1298 } 1299 1300 if (get_man(s) == MAN_MACRONIX || get_man(s) == MAN_ISSI) { 1301 s->data[0] |= (!!s->quad_enable) << 6; 1302 } 1303 if (get_man(s) == MAN_SST) { 1304 s->data[0] |= (!!s->aai_enable) << 6; 1305 } 1306 1307 s->pos = 0; 1308 s->len = 1; 1309 s->data_read_loop = true; 1310 s->state = STATE_READING_DATA; 1311 break; 1312 1313 case READ_FSR: 1314 s->data[0] = FSR_FLASH_READY; 1315 if (s->four_bytes_address_mode) { 1316 s->data[0] |= FSR_4BYTE_ADDR_MODE_ENABLED; 1317 } 1318 s->pos = 0; 1319 s->len = 1; 1320 s->data_read_loop = true; 1321 s->state = STATE_READING_DATA; 1322 break; 1323 1324 case JEDEC_READ: 1325 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) == MODE_STD) { 1326 trace_m25p80_populated_jedec(s); 1327 for (i = 0; i < s->pi->id_len; i++) { 1328 s->data[i] = s->pi->id[i]; 1329 } 1330 for (; i < SPI_NOR_MAX_ID_LEN; i++) { 1331 s->data[i] = 0; 1332 } 1333 1334 s->len = SPI_NOR_MAX_ID_LEN; 1335 s->pos = 0; 1336 s->state = STATE_READING_DATA; 1337 } else { 1338 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute JEDEC read " 1339 "in DIO or QIO mode\n"); 1340 } 1341 break; 1342 1343 case RDCR: 1344 s->data[0] = s->volatile_cfg & 0xFF; 1345 s->data[0] |= (!!s->four_bytes_address_mode) << 5; 1346 s->pos = 0; 1347 s->len = 1; 1348 s->state = STATE_READING_DATA; 1349 break; 1350 1351 case BULK_ERASE_60: 1352 case BULK_ERASE: 1353 if (s->write_enable) { 1354 trace_m25p80_chip_erase(s); 1355 flash_erase(s, 0, BULK_ERASE); 1356 } else { 1357 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: chip erase with write " 1358 "protect!\n"); 1359 } 1360 break; 1361 case NOP: 1362 break; 1363 case EN_4BYTE_ADDR: 1364 s->four_bytes_address_mode = true; 1365 break; 1366 case EX_4BYTE_ADDR: 1367 s->four_bytes_address_mode = false; 1368 break; 1369 case BRRD: 1370 case EXTEND_ADDR_READ: 1371 s->data[0] = s->ear; 1372 s->pos = 0; 1373 s->len = 1; 1374 s->state = STATE_READING_DATA; 1375 break; 1376 case BRWR: 1377 case EXTEND_ADDR_WRITE: 1378 if (s->write_enable) { 1379 s->needed_bytes = 1; 1380 s->pos = 0; 1381 s->len = 0; 1382 s->state = STATE_COLLECTING_DATA; 1383 } 1384 break; 1385 case RNVCR: 1386 s->data[0] = s->nonvolatile_cfg & 0xFF; 1387 s->data[1] = (s->nonvolatile_cfg >> 8) & 0xFF; 1388 s->pos = 0; 1389 s->len = 2; 1390 s->state = STATE_READING_DATA; 1391 break; 1392 case WNVCR: 1393 if (s->write_enable && get_man(s) == MAN_NUMONYX) { 1394 s->needed_bytes = 2; 1395 s->pos = 0; 1396 s->len = 0; 1397 s->state = STATE_COLLECTING_DATA; 1398 } 1399 break; 1400 case RVCR: 1401 s->data[0] = s->volatile_cfg & 0xFF; 1402 s->pos = 0; 1403 s->len = 1; 1404 s->state = STATE_READING_DATA; 1405 break; 1406 case WVCR: 1407 if (s->write_enable) { 1408 s->needed_bytes = 1; 1409 s->pos = 0; 1410 s->len = 0; 1411 s->state = STATE_COLLECTING_DATA; 1412 } 1413 break; 1414 case REVCR: 1415 s->data[0] = s->enh_volatile_cfg & 0xFF; 1416 s->pos = 0; 1417 s->len = 1; 1418 s->state = STATE_READING_DATA; 1419 break; 1420 case WEVCR: 1421 if (s->write_enable) { 1422 s->needed_bytes = 1; 1423 s->pos = 0; 1424 s->len = 0; 1425 s->state = STATE_COLLECTING_DATA; 1426 } 1427 break; 1428 case RESET_ENABLE: 1429 s->reset_enable = true; 1430 break; 1431 case RESET_MEMORY: 1432 if (s->reset_enable) { 1433 reset_memory(s); 1434 } 1435 break; 1436 case RDCR_EQIO: 1437 switch (get_man(s)) { 1438 case MAN_SPANSION: 1439 s->data[0] = (!!s->quad_enable) << 1; 1440 s->pos = 0; 1441 s->len = 1; 1442 s->state = STATE_READING_DATA; 1443 break; 1444 case MAN_MACRONIX: 1445 s->quad_enable = true; 1446 break; 1447 case MAN_WINBOND: 1448 s->data[0] = (!!s->quad_enable) << 1; 1449 s->pos = 0; 1450 s->len = 1; 1451 s->state = STATE_READING_DATA; 1452 break; 1453 default: 1454 break; 1455 } 1456 break; 1457 case RSTQIO: 1458 s->quad_enable = false; 1459 break; 1460 case AAI_WP: 1461 if (get_man(s) == MAN_SST) { 1462 if (s->write_enable) { 1463 if (s->aai_enable) { 1464 s->state = STATE_PAGE_PROGRAM; 1465 } else { 1466 s->aai_enable = true; 1467 s->needed_bytes = get_addr_length(s); 1468 s->state = STATE_COLLECTING_DATA; 1469 } 1470 } else { 1471 qemu_log_mask(LOG_GUEST_ERROR, 1472 "M25P80: AAI_WP with write protect\n"); 1473 } 1474 } else { 1475 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value); 1476 } 1477 break; 1478 case RDSFDP: 1479 if (s->pi->sfdp_read) { 1480 s->needed_bytes = get_addr_length(s) + 1; /* SFDP addr + dummy */ 1481 s->pos = 0; 1482 s->len = 0; 1483 s->state = STATE_COLLECTING_DATA; 1484 break; 1485 } 1486 /* Fallthrough */ 1487 1488 default: 1489 s->pos = 0; 1490 s->len = 1; 1491 s->state = STATE_READING_DATA; 1492 s->data_read_loop = true; 1493 s->data[0] = 0; 1494 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value); 1495 break; 1496 } 1497 } 1498 1499 static int m25p80_cs(SSIPeripheral *ss, bool select) 1500 { 1501 Flash *s = M25P80(ss); 1502 1503 if (select) { 1504 if (s->state == STATE_COLLECTING_VAR_LEN_DATA) { 1505 complete_collecting_data(s); 1506 } 1507 s->len = 0; 1508 s->pos = 0; 1509 s->state = STATE_IDLE; 1510 flash_sync_dirty(s, -1); 1511 s->data_read_loop = false; 1512 } 1513 1514 trace_m25p80_select(s, select ? "de" : ""); 1515 1516 return 0; 1517 } 1518 1519 static uint32_t m25p80_transfer8(SSIPeripheral *ss, uint32_t tx) 1520 { 1521 Flash *s = M25P80(ss); 1522 uint32_t r = 0; 1523 1524 trace_m25p80_transfer(s, s->state, s->len, s->needed_bytes, s->pos, 1525 s->cur_addr, (uint8_t)tx); 1526 1527 switch (s->state) { 1528 1529 case STATE_PAGE_PROGRAM: 1530 trace_m25p80_page_program(s, s->cur_addr, (uint8_t)tx); 1531 flash_write8(s, s->cur_addr, (uint8_t)tx); 1532 s->cur_addr = (s->cur_addr + 1) & (s->size - 1); 1533 1534 if (get_man(s) == MAN_SST && s->aai_enable && s->cur_addr == 0) { 1535 /* 1536 * There is no wrap mode during AAI programming once the highest 1537 * unprotected memory address is reached. The Write-Enable-Latch 1538 * bit is automatically reset, and AAI programming mode aborts. 1539 */ 1540 s->write_enable = false; 1541 s->aai_enable = false; 1542 } 1543 1544 break; 1545 1546 case STATE_READ: 1547 r = s->storage[s->cur_addr]; 1548 trace_m25p80_read_byte(s, s->cur_addr, (uint8_t)r); 1549 s->cur_addr = (s->cur_addr + 1) & (s->size - 1); 1550 break; 1551 1552 case STATE_COLLECTING_DATA: 1553 case STATE_COLLECTING_VAR_LEN_DATA: 1554 1555 if (s->len >= M25P80_INTERNAL_DATA_BUFFER_SZ) { 1556 qemu_log_mask(LOG_GUEST_ERROR, 1557 "M25P80: Write overrun internal data buffer. " 1558 "SPI controller (QEMU emulator or guest driver) " 1559 "is misbehaving\n"); 1560 s->len = s->pos = 0; 1561 s->state = STATE_IDLE; 1562 break; 1563 } 1564 1565 s->data[s->len] = (uint8_t)tx; 1566 s->len++; 1567 1568 if (s->len == s->needed_bytes) { 1569 complete_collecting_data(s); 1570 } 1571 break; 1572 1573 case STATE_READING_DATA: 1574 1575 if (s->pos >= M25P80_INTERNAL_DATA_BUFFER_SZ) { 1576 qemu_log_mask(LOG_GUEST_ERROR, 1577 "M25P80: Read overrun internal data buffer. " 1578 "SPI controller (QEMU emulator or guest driver) " 1579 "is misbehaving\n"); 1580 s->len = s->pos = 0; 1581 s->state = STATE_IDLE; 1582 break; 1583 } 1584 1585 r = s->data[s->pos]; 1586 trace_m25p80_read_data(s, s->pos, (uint8_t)r); 1587 s->pos++; 1588 if (s->pos == s->len) { 1589 s->pos = 0; 1590 if (!s->data_read_loop) { 1591 s->state = STATE_IDLE; 1592 } 1593 } 1594 break; 1595 case STATE_READING_SFDP: 1596 assert(s->pi->sfdp_read); 1597 r = s->pi->sfdp_read(s->cur_addr); 1598 trace_m25p80_read_sfdp(s, s->cur_addr, (uint8_t)r); 1599 s->cur_addr = (s->cur_addr + 1) & (M25P80_SFDP_MAX_SIZE - 1); 1600 break; 1601 1602 default: 1603 case STATE_IDLE: 1604 decode_new_cmd(s, (uint8_t)tx); 1605 break; 1606 } 1607 1608 return r; 1609 } 1610 1611 static void m25p80_write_protect_pin_irq_handler(void *opaque, int n, int level) 1612 { 1613 Flash *s = M25P80(opaque); 1614 /* WP# is just a single pin. */ 1615 assert(n == 0); 1616 s->wp_level = !!level; 1617 } 1618 1619 static void m25p80_realize(SSIPeripheral *ss, Error **errp) 1620 { 1621 Flash *s = M25P80(ss); 1622 M25P80Class *mc = M25P80_GET_CLASS(s); 1623 int ret; 1624 1625 s->pi = mc->pi; 1626 1627 s->size = s->pi->sector_size * s->pi->n_sectors; 1628 s->dirty_page = -1; 1629 1630 if (s->blk) { 1631 uint64_t perm = BLK_PERM_CONSISTENT_READ | 1632 (blk_supports_write_perm(s->blk) ? BLK_PERM_WRITE : 0); 1633 ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp); 1634 if (ret < 0) { 1635 return; 1636 } 1637 1638 trace_m25p80_binding(s); 1639 s->storage = blk_blockalign(s->blk, s->size); 1640 1641 if (!blk_check_size_and_read_all(s->blk, DEVICE(s), 1642 s->storage, s->size, errp)) { 1643 return; 1644 } 1645 } else { 1646 trace_m25p80_binding_no_bdrv(s); 1647 s->storage = blk_blockalign(NULL, s->size); 1648 memset(s->storage, 0xFF, s->size); 1649 } 1650 1651 qdev_init_gpio_in_named(DEVICE(s), 1652 m25p80_write_protect_pin_irq_handler, "WP#", 1); 1653 } 1654 1655 static void m25p80_reset(DeviceState *d) 1656 { 1657 Flash *s = M25P80(d); 1658 1659 s->wp_level = true; 1660 s->status_register_write_disabled = false; 1661 s->block_protect0 = false; 1662 s->block_protect1 = false; 1663 s->block_protect2 = false; 1664 s->block_protect3 = false; 1665 s->top_bottom_bit = false; 1666 1667 reset_memory(s); 1668 } 1669 1670 static int m25p80_pre_save(void *opaque) 1671 { 1672 flash_sync_dirty((Flash *)opaque, -1); 1673 1674 return 0; 1675 } 1676 1677 static Property m25p80_properties[] = { 1678 /* This is default value for Micron flash */ 1679 DEFINE_PROP_BOOL("write-enable", Flash, write_enable, false), 1680 DEFINE_PROP_UINT32("nonvolatile-cfg", Flash, nonvolatile_cfg, 0x8FFF), 1681 DEFINE_PROP_UINT8("spansion-cr1nv", Flash, spansion_cr1nv, 0x0), 1682 DEFINE_PROP_UINT8("spansion-cr2nv", Flash, spansion_cr2nv, 0x8), 1683 DEFINE_PROP_UINT8("spansion-cr3nv", Flash, spansion_cr3nv, 0x2), 1684 DEFINE_PROP_UINT8("spansion-cr4nv", Flash, spansion_cr4nv, 0x10), 1685 DEFINE_PROP_DRIVE("drive", Flash, blk), 1686 DEFINE_PROP_END_OF_LIST(), 1687 }; 1688 1689 static int m25p80_pre_load(void *opaque) 1690 { 1691 Flash *s = (Flash *)opaque; 1692 1693 s->data_read_loop = false; 1694 return 0; 1695 } 1696 1697 static bool m25p80_data_read_loop_needed(void *opaque) 1698 { 1699 Flash *s = (Flash *)opaque; 1700 1701 return s->data_read_loop; 1702 } 1703 1704 static const VMStateDescription vmstate_m25p80_data_read_loop = { 1705 .name = "m25p80/data_read_loop", 1706 .version_id = 1, 1707 .minimum_version_id = 1, 1708 .needed = m25p80_data_read_loop_needed, 1709 .fields = (const VMStateField[]) { 1710 VMSTATE_BOOL(data_read_loop, Flash), 1711 VMSTATE_END_OF_LIST() 1712 } 1713 }; 1714 1715 static bool m25p80_aai_enable_needed(void *opaque) 1716 { 1717 Flash *s = (Flash *)opaque; 1718 1719 return s->aai_enable; 1720 } 1721 1722 static const VMStateDescription vmstate_m25p80_aai_enable = { 1723 .name = "m25p80/aai_enable", 1724 .version_id = 1, 1725 .minimum_version_id = 1, 1726 .needed = m25p80_aai_enable_needed, 1727 .fields = (const VMStateField[]) { 1728 VMSTATE_BOOL(aai_enable, Flash), 1729 VMSTATE_END_OF_LIST() 1730 } 1731 }; 1732 1733 static bool m25p80_wp_level_srwd_needed(void *opaque) 1734 { 1735 Flash *s = (Flash *)opaque; 1736 1737 return !s->wp_level || s->status_register_write_disabled; 1738 } 1739 1740 static const VMStateDescription vmstate_m25p80_write_protect = { 1741 .name = "m25p80/write_protect", 1742 .version_id = 1, 1743 .minimum_version_id = 1, 1744 .needed = m25p80_wp_level_srwd_needed, 1745 .fields = (const VMStateField[]) { 1746 VMSTATE_BOOL(wp_level, Flash), 1747 VMSTATE_BOOL(status_register_write_disabled, Flash), 1748 VMSTATE_END_OF_LIST() 1749 } 1750 }; 1751 1752 static bool m25p80_block_protect_needed(void *opaque) 1753 { 1754 Flash *s = (Flash *)opaque; 1755 1756 return s->block_protect0 || 1757 s->block_protect1 || 1758 s->block_protect2 || 1759 s->block_protect3 || 1760 s->top_bottom_bit; 1761 } 1762 1763 static const VMStateDescription vmstate_m25p80_block_protect = { 1764 .name = "m25p80/block_protect", 1765 .version_id = 1, 1766 .minimum_version_id = 1, 1767 .needed = m25p80_block_protect_needed, 1768 .fields = (const VMStateField[]) { 1769 VMSTATE_BOOL(block_protect0, Flash), 1770 VMSTATE_BOOL(block_protect1, Flash), 1771 VMSTATE_BOOL(block_protect2, Flash), 1772 VMSTATE_BOOL(block_protect3, Flash), 1773 VMSTATE_BOOL(top_bottom_bit, Flash), 1774 VMSTATE_END_OF_LIST() 1775 } 1776 }; 1777 1778 static const VMStateDescription vmstate_m25p80 = { 1779 .name = "m25p80", 1780 .version_id = 0, 1781 .minimum_version_id = 0, 1782 .pre_save = m25p80_pre_save, 1783 .pre_load = m25p80_pre_load, 1784 .fields = (const VMStateField[]) { 1785 VMSTATE_UINT8(state, Flash), 1786 VMSTATE_UINT8_ARRAY(data, Flash, M25P80_INTERNAL_DATA_BUFFER_SZ), 1787 VMSTATE_UINT32(len, Flash), 1788 VMSTATE_UINT32(pos, Flash), 1789 VMSTATE_UINT8(needed_bytes, Flash), 1790 VMSTATE_UINT8(cmd_in_progress, Flash), 1791 VMSTATE_UINT32(cur_addr, Flash), 1792 VMSTATE_BOOL(write_enable, Flash), 1793 VMSTATE_BOOL(reset_enable, Flash), 1794 VMSTATE_UINT8(ear, Flash), 1795 VMSTATE_BOOL(four_bytes_address_mode, Flash), 1796 VMSTATE_UINT32(nonvolatile_cfg, Flash), 1797 VMSTATE_UINT32(volatile_cfg, Flash), 1798 VMSTATE_UINT32(enh_volatile_cfg, Flash), 1799 VMSTATE_BOOL(quad_enable, Flash), 1800 VMSTATE_UINT8(spansion_cr1nv, Flash), 1801 VMSTATE_UINT8(spansion_cr2nv, Flash), 1802 VMSTATE_UINT8(spansion_cr3nv, Flash), 1803 VMSTATE_UINT8(spansion_cr4nv, Flash), 1804 VMSTATE_END_OF_LIST() 1805 }, 1806 .subsections = (const VMStateDescription * const []) { 1807 &vmstate_m25p80_data_read_loop, 1808 &vmstate_m25p80_aai_enable, 1809 &vmstate_m25p80_write_protect, 1810 &vmstate_m25p80_block_protect, 1811 NULL 1812 } 1813 }; 1814 1815 static void m25p80_class_init(ObjectClass *klass, void *data) 1816 { 1817 DeviceClass *dc = DEVICE_CLASS(klass); 1818 SSIPeripheralClass *k = SSI_PERIPHERAL_CLASS(klass); 1819 M25P80Class *mc = M25P80_CLASS(klass); 1820 1821 k->realize = m25p80_realize; 1822 k->transfer = m25p80_transfer8; 1823 k->set_cs = m25p80_cs; 1824 k->cs_polarity = SSI_CS_LOW; 1825 dc->vmsd = &vmstate_m25p80; 1826 device_class_set_props(dc, m25p80_properties); 1827 dc->reset = m25p80_reset; 1828 mc->pi = data; 1829 } 1830 1831 static const TypeInfo m25p80_info = { 1832 .name = TYPE_M25P80, 1833 .parent = TYPE_SSI_PERIPHERAL, 1834 .instance_size = sizeof(Flash), 1835 .class_size = sizeof(M25P80Class), 1836 .abstract = true, 1837 }; 1838 1839 static void m25p80_register_types(void) 1840 { 1841 int i; 1842 1843 type_register_static(&m25p80_info); 1844 for (i = 0; i < ARRAY_SIZE(known_devices); ++i) { 1845 TypeInfo ti = { 1846 .name = known_devices[i].part_name, 1847 .parent = TYPE_M25P80, 1848 .class_init = m25p80_class_init, 1849 .class_data = (void *)&known_devices[i], 1850 }; 1851 type_register(&ti); 1852 } 1853 } 1854 1855 type_init(m25p80_register_types) 1856 1857 BlockBackend *m25p80_get_blk(DeviceState *dev) 1858 { 1859 return M25P80(dev)->blk; 1860 } 1861