1 /* 2 * ST M25P80 emulator. Emulate all SPI flash devices based on the m25p80 command 3 * set. Known devices table current as of Jun/2012 and taken from linux. 4 * See drivers/mtd/devices/m25p80.c. 5 * 6 * Copyright (C) 2011 Edgar E. Iglesias <edgar.iglesias@gmail.com> 7 * Copyright (C) 2012 Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com> 8 * Copyright (C) 2012 PetaLogix 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License as 12 * published by the Free Software Foundation; either version 2 or 13 * (at your option) a later version of the License. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License along 21 * with this program; if not, see <http://www.gnu.org/licenses/>. 22 */ 23 24 #include "qemu/osdep.h" 25 #include "qemu/units.h" 26 #include "sysemu/block-backend.h" 27 #include "hw/qdev-properties.h" 28 #include "hw/ssi/ssi.h" 29 #include "migration/vmstate.h" 30 #include "qemu/bitops.h" 31 #include "qemu/log.h" 32 #include "qemu/module.h" 33 #include "qemu/error-report.h" 34 #include "qapi/error.h" 35 36 #ifndef M25P80_ERR_DEBUG 37 #define M25P80_ERR_DEBUG 0 38 #endif 39 40 #define DB_PRINT_L(level, ...) do { \ 41 if (M25P80_ERR_DEBUG > (level)) { \ 42 fprintf(stderr, ": %s: ", __func__); \ 43 fprintf(stderr, ## __VA_ARGS__); \ 44 } \ 45 } while (0) 46 47 /* Fields for FlashPartInfo->flags */ 48 49 /* erase capabilities */ 50 #define ER_4K 1 51 #define ER_32K 2 52 /* set to allow the page program command to write 0s back to 1. Useful for 53 * modelling EEPROM with SPI flash command set 54 */ 55 #define EEPROM 0x100 56 57 /* 16 MiB max in 3 byte address mode */ 58 #define MAX_3BYTES_SIZE 0x1000000 59 60 #define SPI_NOR_MAX_ID_LEN 6 61 62 typedef struct FlashPartInfo { 63 const char *part_name; 64 /* 65 * This array stores the ID bytes. 66 * The first three bytes are the JEDIC ID. 67 * JEDEC ID zero means "no ID" (mostly older chips). 68 */ 69 uint8_t id[SPI_NOR_MAX_ID_LEN]; 70 uint8_t id_len; 71 /* there is confusion between manufacturers as to what a sector is. In this 72 * device model, a "sector" is the size that is erased by the ERASE_SECTOR 73 * command (opcode 0xd8). 74 */ 75 uint32_t sector_size; 76 uint32_t n_sectors; 77 uint32_t page_size; 78 uint16_t flags; 79 /* 80 * Big sized spi nor are often stacked devices, thus sometime 81 * replace chip erase with die erase. 82 * This field inform how many die is in the chip. 83 */ 84 uint8_t die_cnt; 85 } FlashPartInfo; 86 87 /* adapted from linux */ 88 /* Used when the "_ext_id" is two bytes at most */ 89 #define INFO(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors, _flags)\ 90 .part_name = _part_name,\ 91 .id = {\ 92 ((_jedec_id) >> 16) & 0xff,\ 93 ((_jedec_id) >> 8) & 0xff,\ 94 (_jedec_id) & 0xff,\ 95 ((_ext_id) >> 8) & 0xff,\ 96 (_ext_id) & 0xff,\ 97 },\ 98 .id_len = (!(_jedec_id) ? 0 : (3 + ((_ext_id) ? 2 : 0))),\ 99 .sector_size = (_sector_size),\ 100 .n_sectors = (_n_sectors),\ 101 .page_size = 256,\ 102 .flags = (_flags),\ 103 .die_cnt = 0 104 105 #define INFO6(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors, _flags)\ 106 .part_name = _part_name,\ 107 .id = {\ 108 ((_jedec_id) >> 16) & 0xff,\ 109 ((_jedec_id) >> 8) & 0xff,\ 110 (_jedec_id) & 0xff,\ 111 ((_ext_id) >> 16) & 0xff,\ 112 ((_ext_id) >> 8) & 0xff,\ 113 (_ext_id) & 0xff,\ 114 },\ 115 .id_len = 6,\ 116 .sector_size = (_sector_size),\ 117 .n_sectors = (_n_sectors),\ 118 .page_size = 256,\ 119 .flags = (_flags),\ 120 .die_cnt = 0 121 122 #define INFO_STACKED(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors,\ 123 _flags, _die_cnt)\ 124 .part_name = _part_name,\ 125 .id = {\ 126 ((_jedec_id) >> 16) & 0xff,\ 127 ((_jedec_id) >> 8) & 0xff,\ 128 (_jedec_id) & 0xff,\ 129 ((_ext_id) >> 8) & 0xff,\ 130 (_ext_id) & 0xff,\ 131 },\ 132 .id_len = (!(_jedec_id) ? 0 : (3 + ((_ext_id) ? 2 : 0))),\ 133 .sector_size = (_sector_size),\ 134 .n_sectors = (_n_sectors),\ 135 .page_size = 256,\ 136 .flags = (_flags),\ 137 .die_cnt = _die_cnt 138 139 #define JEDEC_NUMONYX 0x20 140 #define JEDEC_WINBOND 0xEF 141 #define JEDEC_SPANSION 0x01 142 143 /* Numonyx (Micron) Configuration register macros */ 144 #define VCFG_DUMMY 0x1 145 #define VCFG_WRAP_SEQUENTIAL 0x2 146 #define NVCFG_XIP_MODE_DISABLED (7 << 9) 147 #define NVCFG_XIP_MODE_MASK (7 << 9) 148 #define VCFG_XIP_MODE_ENABLED (1 << 3) 149 #define CFG_DUMMY_CLK_LEN 4 150 #define NVCFG_DUMMY_CLK_POS 12 151 #define VCFG_DUMMY_CLK_POS 4 152 #define EVCFG_OUT_DRIVER_STRENGTH_DEF 7 153 #define EVCFG_VPP_ACCELERATOR (1 << 3) 154 #define EVCFG_RESET_HOLD_ENABLED (1 << 4) 155 #define NVCFG_DUAL_IO_MASK (1 << 2) 156 #define EVCFG_DUAL_IO_ENABLED (1 << 6) 157 #define NVCFG_QUAD_IO_MASK (1 << 3) 158 #define EVCFG_QUAD_IO_ENABLED (1 << 7) 159 #define NVCFG_4BYTE_ADDR_MASK (1 << 0) 160 #define NVCFG_LOWER_SEGMENT_MASK (1 << 1) 161 162 /* Numonyx (Micron) Flag Status Register macros */ 163 #define FSR_4BYTE_ADDR_MODE_ENABLED 0x1 164 #define FSR_FLASH_READY (1 << 7) 165 166 /* Spansion configuration registers macros. */ 167 #define SPANSION_QUAD_CFG_POS 0 168 #define SPANSION_QUAD_CFG_LEN 1 169 #define SPANSION_DUMMY_CLK_POS 0 170 #define SPANSION_DUMMY_CLK_LEN 4 171 #define SPANSION_ADDR_LEN_POS 7 172 #define SPANSION_ADDR_LEN_LEN 1 173 174 /* 175 * Spansion read mode command length in bytes, 176 * the mode is currently not supported. 177 */ 178 179 #define SPANSION_CONTINUOUS_READ_MODE_CMD_LEN 1 180 #define WINBOND_CONTINUOUS_READ_MODE_CMD_LEN 1 181 182 static const FlashPartInfo known_devices[] = { 183 /* Atmel -- some are (confusingly) marketed as "DataFlash" */ 184 { INFO("at25fs010", 0x1f6601, 0, 32 << 10, 4, ER_4K) }, 185 { INFO("at25fs040", 0x1f6604, 0, 64 << 10, 8, ER_4K) }, 186 187 { INFO("at25df041a", 0x1f4401, 0, 64 << 10, 8, ER_4K) }, 188 { INFO("at25df321a", 0x1f4701, 0, 64 << 10, 64, ER_4K) }, 189 { INFO("at25df641", 0x1f4800, 0, 64 << 10, 128, ER_4K) }, 190 191 { INFO("at26f004", 0x1f0400, 0, 64 << 10, 8, ER_4K) }, 192 { INFO("at26df081a", 0x1f4501, 0, 64 << 10, 16, ER_4K) }, 193 { INFO("at26df161a", 0x1f4601, 0, 64 << 10, 32, ER_4K) }, 194 { INFO("at26df321", 0x1f4700, 0, 64 << 10, 64, ER_4K) }, 195 196 { INFO("at45db081d", 0x1f2500, 0, 64 << 10, 16, ER_4K) }, 197 198 /* Atmel EEPROMS - it is assumed, that don't care bit in command 199 * is set to 0. Block protection is not supported. 200 */ 201 { INFO("at25128a-nonjedec", 0x0, 0, 1, 131072, EEPROM) }, 202 { INFO("at25256a-nonjedec", 0x0, 0, 1, 262144, EEPROM) }, 203 204 /* EON -- en25xxx */ 205 { INFO("en25f32", 0x1c3116, 0, 64 << 10, 64, ER_4K) }, 206 { INFO("en25p32", 0x1c2016, 0, 64 << 10, 64, 0) }, 207 { INFO("en25q32b", 0x1c3016, 0, 64 << 10, 64, 0) }, 208 { INFO("en25p64", 0x1c2017, 0, 64 << 10, 128, 0) }, 209 { INFO("en25q64", 0x1c3017, 0, 64 << 10, 128, ER_4K) }, 210 211 /* GigaDevice */ 212 { INFO("gd25q32", 0xc84016, 0, 64 << 10, 64, ER_4K) }, 213 { INFO("gd25q64", 0xc84017, 0, 64 << 10, 128, ER_4K) }, 214 215 /* Intel/Numonyx -- xxxs33b */ 216 { INFO("160s33b", 0x898911, 0, 64 << 10, 32, 0) }, 217 { INFO("320s33b", 0x898912, 0, 64 << 10, 64, 0) }, 218 { INFO("640s33b", 0x898913, 0, 64 << 10, 128, 0) }, 219 { INFO("n25q064", 0x20ba17, 0, 64 << 10, 128, 0) }, 220 221 /* Macronix */ 222 { INFO("mx25l2005a", 0xc22012, 0, 64 << 10, 4, ER_4K) }, 223 { INFO("mx25l4005a", 0xc22013, 0, 64 << 10, 8, ER_4K) }, 224 { INFO("mx25l8005", 0xc22014, 0, 64 << 10, 16, 0) }, 225 { INFO("mx25l1606e", 0xc22015, 0, 64 << 10, 32, ER_4K) }, 226 { INFO("mx25l3205d", 0xc22016, 0, 64 << 10, 64, 0) }, 227 { INFO("mx25l6405d", 0xc22017, 0, 64 << 10, 128, 0) }, 228 { INFO("mx25l12805d", 0xc22018, 0, 64 << 10, 256, 0) }, 229 { INFO("mx25l12855e", 0xc22618, 0, 64 << 10, 256, 0) }, 230 { INFO("mx25l25635e", 0xc22019, 0, 64 << 10, 512, 0) }, 231 { INFO("mx25l25655e", 0xc22619, 0, 64 << 10, 512, 0) }, 232 { INFO("mx66u51235f", 0xc2253a, 0, 64 << 10, 1024, ER_4K | ER_32K) }, 233 { INFO("mx66u1g45g", 0xc2253b, 0, 64 << 10, 2048, ER_4K | ER_32K) }, 234 { INFO("mx66l1g45g", 0xc2201b, 0, 64 << 10, 2048, ER_4K | ER_32K) }, 235 236 /* Micron */ 237 { INFO("n25q032a11", 0x20bb16, 0, 64 << 10, 64, ER_4K) }, 238 { INFO("n25q032a13", 0x20ba16, 0, 64 << 10, 64, ER_4K) }, 239 { INFO("n25q064a11", 0x20bb17, 0, 64 << 10, 128, ER_4K) }, 240 { INFO("n25q064a13", 0x20ba17, 0, 64 << 10, 128, ER_4K) }, 241 { INFO("n25q128a11", 0x20bb18, 0, 64 << 10, 256, ER_4K) }, 242 { INFO("n25q128a13", 0x20ba18, 0, 64 << 10, 256, ER_4K) }, 243 { INFO("n25q256a11", 0x20bb19, 0, 64 << 10, 512, ER_4K) }, 244 { INFO("n25q256a13", 0x20ba19, 0, 64 << 10, 512, ER_4K) }, 245 { INFO("n25q512a11", 0x20bb20, 0, 64 << 10, 1024, ER_4K) }, 246 { INFO("n25q512a13", 0x20ba20, 0, 64 << 10, 1024, ER_4K) }, 247 { INFO("n25q128", 0x20ba18, 0, 64 << 10, 256, 0) }, 248 { INFO("n25q256a", 0x20ba19, 0, 64 << 10, 512, ER_4K) }, 249 { INFO("n25q512a", 0x20ba20, 0, 64 << 10, 1024, ER_4K) }, 250 { INFO_STACKED("n25q00", 0x20ba21, 0x1000, 64 << 10, 2048, ER_4K, 4) }, 251 { INFO_STACKED("n25q00a", 0x20bb21, 0x1000, 64 << 10, 2048, ER_4K, 4) }, 252 { INFO_STACKED("mt25ql01g", 0x20ba21, 0x1040, 64 << 10, 2048, ER_4K, 2) }, 253 { INFO_STACKED("mt25qu01g", 0x20bb21, 0x1040, 64 << 10, 2048, ER_4K, 2) }, 254 255 /* Spansion -- single (large) sector size only, at least 256 * for the chips listed here (without boot sectors). 257 */ 258 { INFO("s25sl032p", 0x010215, 0x4d00, 64 << 10, 64, ER_4K) }, 259 { INFO("s25sl064p", 0x010216, 0x4d00, 64 << 10, 128, ER_4K) }, 260 { INFO("s25fl256s0", 0x010219, 0x4d00, 256 << 10, 128, 0) }, 261 { INFO("s25fl256s1", 0x010219, 0x4d01, 64 << 10, 512, 0) }, 262 { INFO6("s25fl512s", 0x010220, 0x4d0080, 256 << 10, 256, 0) }, 263 { INFO6("s70fl01gs", 0x010221, 0x4d0080, 256 << 10, 512, 0) }, 264 { INFO("s25sl12800", 0x012018, 0x0300, 256 << 10, 64, 0) }, 265 { INFO("s25sl12801", 0x012018, 0x0301, 64 << 10, 256, 0) }, 266 { INFO("s25fl129p0", 0x012018, 0x4d00, 256 << 10, 64, 0) }, 267 { INFO("s25fl129p1", 0x012018, 0x4d01, 64 << 10, 256, 0) }, 268 { INFO("s25sl004a", 0x010212, 0, 64 << 10, 8, 0) }, 269 { INFO("s25sl008a", 0x010213, 0, 64 << 10, 16, 0) }, 270 { INFO("s25sl016a", 0x010214, 0, 64 << 10, 32, 0) }, 271 { INFO("s25sl032a", 0x010215, 0, 64 << 10, 64, 0) }, 272 { INFO("s25sl064a", 0x010216, 0, 64 << 10, 128, 0) }, 273 { INFO("s25fl016k", 0xef4015, 0, 64 << 10, 32, ER_4K | ER_32K) }, 274 { INFO("s25fl064k", 0xef4017, 0, 64 << 10, 128, ER_4K | ER_32K) }, 275 276 /* Spansion -- boot sectors support */ 277 { INFO6("s25fs512s", 0x010220, 0x4d0081, 256 << 10, 256, 0) }, 278 { INFO6("s70fs01gs", 0x010221, 0x4d0081, 256 << 10, 512, 0) }, 279 280 /* SST -- large erase sizes are "overlays", "sectors" are 4<< 10 */ 281 { INFO("sst25vf040b", 0xbf258d, 0, 64 << 10, 8, ER_4K) }, 282 { INFO("sst25vf080b", 0xbf258e, 0, 64 << 10, 16, ER_4K) }, 283 { INFO("sst25vf016b", 0xbf2541, 0, 64 << 10, 32, ER_4K) }, 284 { INFO("sst25vf032b", 0xbf254a, 0, 64 << 10, 64, ER_4K) }, 285 { INFO("sst25wf512", 0xbf2501, 0, 64 << 10, 1, ER_4K) }, 286 { INFO("sst25wf010", 0xbf2502, 0, 64 << 10, 2, ER_4K) }, 287 { INFO("sst25wf020", 0xbf2503, 0, 64 << 10, 4, ER_4K) }, 288 { INFO("sst25wf040", 0xbf2504, 0, 64 << 10, 8, ER_4K) }, 289 { INFO("sst25wf080", 0xbf2505, 0, 64 << 10, 16, ER_4K) }, 290 291 /* ST Microelectronics -- newer production may have feature updates */ 292 { INFO("m25p05", 0x202010, 0, 32 << 10, 2, 0) }, 293 { INFO("m25p10", 0x202011, 0, 32 << 10, 4, 0) }, 294 { INFO("m25p20", 0x202012, 0, 64 << 10, 4, 0) }, 295 { INFO("m25p40", 0x202013, 0, 64 << 10, 8, 0) }, 296 { INFO("m25p80", 0x202014, 0, 64 << 10, 16, 0) }, 297 { INFO("m25p16", 0x202015, 0, 64 << 10, 32, 0) }, 298 { INFO("m25p32", 0x202016, 0, 64 << 10, 64, 0) }, 299 { INFO("m25p64", 0x202017, 0, 64 << 10, 128, 0) }, 300 { INFO("m25p128", 0x202018, 0, 256 << 10, 64, 0) }, 301 { INFO("n25q032", 0x20ba16, 0, 64 << 10, 64, 0) }, 302 303 { INFO("m45pe10", 0x204011, 0, 64 << 10, 2, 0) }, 304 { INFO("m45pe80", 0x204014, 0, 64 << 10, 16, 0) }, 305 { INFO("m45pe16", 0x204015, 0, 64 << 10, 32, 0) }, 306 307 { INFO("m25pe20", 0x208012, 0, 64 << 10, 4, 0) }, 308 { INFO("m25pe80", 0x208014, 0, 64 << 10, 16, 0) }, 309 { INFO("m25pe16", 0x208015, 0, 64 << 10, 32, ER_4K) }, 310 311 { INFO("m25px32", 0x207116, 0, 64 << 10, 64, ER_4K) }, 312 { INFO("m25px32-s0", 0x207316, 0, 64 << 10, 64, ER_4K) }, 313 { INFO("m25px32-s1", 0x206316, 0, 64 << 10, 64, ER_4K) }, 314 { INFO("m25px64", 0x207117, 0, 64 << 10, 128, 0) }, 315 316 /* Winbond -- w25x "blocks" are 64k, "sectors" are 4KiB */ 317 { INFO("w25x10", 0xef3011, 0, 64 << 10, 2, ER_4K) }, 318 { INFO("w25x20", 0xef3012, 0, 64 << 10, 4, ER_4K) }, 319 { INFO("w25x40", 0xef3013, 0, 64 << 10, 8, ER_4K) }, 320 { INFO("w25x80", 0xef3014, 0, 64 << 10, 16, ER_4K) }, 321 { INFO("w25x16", 0xef3015, 0, 64 << 10, 32, ER_4K) }, 322 { INFO("w25x32", 0xef3016, 0, 64 << 10, 64, ER_4K) }, 323 { INFO("w25q32", 0xef4016, 0, 64 << 10, 64, ER_4K) }, 324 { INFO("w25q32dw", 0xef6016, 0, 64 << 10, 64, ER_4K) }, 325 { INFO("w25x64", 0xef3017, 0, 64 << 10, 128, ER_4K) }, 326 { INFO("w25q64", 0xef4017, 0, 64 << 10, 128, ER_4K) }, 327 { INFO("w25q80", 0xef5014, 0, 64 << 10, 16, ER_4K) }, 328 { INFO("w25q80bl", 0xef4014, 0, 64 << 10, 16, ER_4K) }, 329 { INFO("w25q256", 0xef4019, 0, 64 << 10, 512, ER_4K) }, 330 { INFO("w25q512jv", 0xef4020, 0, 64 << 10, 1024, ER_4K) }, 331 }; 332 333 typedef enum { 334 NOP = 0, 335 WRSR = 0x1, 336 WRDI = 0x4, 337 RDSR = 0x5, 338 WREN = 0x6, 339 BRRD = 0x16, 340 BRWR = 0x17, 341 JEDEC_READ = 0x9f, 342 BULK_ERASE_60 = 0x60, 343 BULK_ERASE = 0xc7, 344 READ_FSR = 0x70, 345 RDCR = 0x15, 346 347 READ = 0x03, 348 READ4 = 0x13, 349 FAST_READ = 0x0b, 350 FAST_READ4 = 0x0c, 351 DOR = 0x3b, 352 DOR4 = 0x3c, 353 QOR = 0x6b, 354 QOR4 = 0x6c, 355 DIOR = 0xbb, 356 DIOR4 = 0xbc, 357 QIOR = 0xeb, 358 QIOR4 = 0xec, 359 360 PP = 0x02, 361 PP4 = 0x12, 362 PP4_4 = 0x3e, 363 DPP = 0xa2, 364 QPP = 0x32, 365 QPP_4 = 0x34, 366 RDID_90 = 0x90, 367 RDID_AB = 0xab, 368 369 ERASE_4K = 0x20, 370 ERASE4_4K = 0x21, 371 ERASE_32K = 0x52, 372 ERASE4_32K = 0x5c, 373 ERASE_SECTOR = 0xd8, 374 ERASE4_SECTOR = 0xdc, 375 376 EN_4BYTE_ADDR = 0xB7, 377 EX_4BYTE_ADDR = 0xE9, 378 379 EXTEND_ADDR_READ = 0xC8, 380 EXTEND_ADDR_WRITE = 0xC5, 381 382 RESET_ENABLE = 0x66, 383 RESET_MEMORY = 0x99, 384 385 /* 386 * Micron: 0x35 - enable QPI 387 * Spansion: 0x35 - read control register 388 */ 389 RDCR_EQIO = 0x35, 390 RSTQIO = 0xf5, 391 392 RNVCR = 0xB5, 393 WNVCR = 0xB1, 394 395 RVCR = 0x85, 396 WVCR = 0x81, 397 398 REVCR = 0x65, 399 WEVCR = 0x61, 400 401 DIE_ERASE = 0xC4, 402 } FlashCMD; 403 404 typedef enum { 405 STATE_IDLE, 406 STATE_PAGE_PROGRAM, 407 STATE_READ, 408 STATE_COLLECTING_DATA, 409 STATE_COLLECTING_VAR_LEN_DATA, 410 STATE_READING_DATA, 411 } CMDState; 412 413 typedef enum { 414 MAN_SPANSION, 415 MAN_MACRONIX, 416 MAN_NUMONYX, 417 MAN_WINBOND, 418 MAN_SST, 419 MAN_GENERIC, 420 } Manufacturer; 421 422 #define M25P80_INTERNAL_DATA_BUFFER_SZ 16 423 424 typedef struct Flash { 425 SSISlave parent_obj; 426 427 BlockBackend *blk; 428 429 uint8_t *storage; 430 uint32_t size; 431 int page_size; 432 433 uint8_t state; 434 uint8_t data[M25P80_INTERNAL_DATA_BUFFER_SZ]; 435 uint32_t len; 436 uint32_t pos; 437 bool data_read_loop; 438 uint8_t needed_bytes; 439 uint8_t cmd_in_progress; 440 uint32_t cur_addr; 441 uint32_t nonvolatile_cfg; 442 /* Configuration register for Macronix */ 443 uint32_t volatile_cfg; 444 uint32_t enh_volatile_cfg; 445 /* Spansion cfg registers. */ 446 uint8_t spansion_cr1nv; 447 uint8_t spansion_cr2nv; 448 uint8_t spansion_cr3nv; 449 uint8_t spansion_cr4nv; 450 uint8_t spansion_cr1v; 451 uint8_t spansion_cr2v; 452 uint8_t spansion_cr3v; 453 uint8_t spansion_cr4v; 454 bool write_enable; 455 bool four_bytes_address_mode; 456 bool reset_enable; 457 bool quad_enable; 458 uint8_t ear; 459 460 int64_t dirty_page; 461 462 const FlashPartInfo *pi; 463 464 } Flash; 465 466 typedef struct M25P80Class { 467 SSISlaveClass parent_class; 468 FlashPartInfo *pi; 469 } M25P80Class; 470 471 #define TYPE_M25P80 "m25p80-generic" 472 #define M25P80(obj) \ 473 OBJECT_CHECK(Flash, (obj), TYPE_M25P80) 474 #define M25P80_CLASS(klass) \ 475 OBJECT_CLASS_CHECK(M25P80Class, (klass), TYPE_M25P80) 476 #define M25P80_GET_CLASS(obj) \ 477 OBJECT_GET_CLASS(M25P80Class, (obj), TYPE_M25P80) 478 479 static inline Manufacturer get_man(Flash *s) 480 { 481 switch (s->pi->id[0]) { 482 case 0x20: 483 return MAN_NUMONYX; 484 case 0xEF: 485 return MAN_WINBOND; 486 case 0x01: 487 return MAN_SPANSION; 488 case 0xC2: 489 return MAN_MACRONIX; 490 case 0xBF: 491 return MAN_SST; 492 default: 493 return MAN_GENERIC; 494 } 495 } 496 497 static void blk_sync_complete(void *opaque, int ret) 498 { 499 QEMUIOVector *iov = opaque; 500 501 qemu_iovec_destroy(iov); 502 g_free(iov); 503 504 /* do nothing. Masters do not directly interact with the backing store, 505 * only the working copy so no mutexing required. 506 */ 507 } 508 509 static void flash_sync_page(Flash *s, int page) 510 { 511 QEMUIOVector *iov; 512 513 if (!s->blk || blk_is_read_only(s->blk)) { 514 return; 515 } 516 517 iov = g_new(QEMUIOVector, 1); 518 qemu_iovec_init(iov, 1); 519 qemu_iovec_add(iov, s->storage + page * s->pi->page_size, 520 s->pi->page_size); 521 blk_aio_pwritev(s->blk, page * s->pi->page_size, iov, 0, 522 blk_sync_complete, iov); 523 } 524 525 static inline void flash_sync_area(Flash *s, int64_t off, int64_t len) 526 { 527 QEMUIOVector *iov; 528 529 if (!s->blk || blk_is_read_only(s->blk)) { 530 return; 531 } 532 533 assert(!(len % BDRV_SECTOR_SIZE)); 534 iov = g_new(QEMUIOVector, 1); 535 qemu_iovec_init(iov, 1); 536 qemu_iovec_add(iov, s->storage + off, len); 537 blk_aio_pwritev(s->blk, off, iov, 0, blk_sync_complete, iov); 538 } 539 540 static void flash_erase(Flash *s, int offset, FlashCMD cmd) 541 { 542 uint32_t len; 543 uint8_t capa_to_assert = 0; 544 545 switch (cmd) { 546 case ERASE_4K: 547 case ERASE4_4K: 548 len = 4 * KiB; 549 capa_to_assert = ER_4K; 550 break; 551 case ERASE_32K: 552 case ERASE4_32K: 553 len = 32 * KiB; 554 capa_to_assert = ER_32K; 555 break; 556 case ERASE_SECTOR: 557 case ERASE4_SECTOR: 558 len = s->pi->sector_size; 559 break; 560 case BULK_ERASE: 561 len = s->size; 562 break; 563 case DIE_ERASE: 564 if (s->pi->die_cnt) { 565 len = s->size / s->pi->die_cnt; 566 offset = offset & (~(len - 1)); 567 } else { 568 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: die erase is not supported" 569 " by device\n"); 570 return; 571 } 572 break; 573 default: 574 abort(); 575 } 576 577 DB_PRINT_L(0, "offset = %#x, len = %d\n", offset, len); 578 if ((s->pi->flags & capa_to_assert) != capa_to_assert) { 579 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: %d erase size not supported by" 580 " device\n", len); 581 } 582 583 if (!s->write_enable) { 584 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: erase with write protect!\n"); 585 return; 586 } 587 memset(s->storage + offset, 0xff, len); 588 flash_sync_area(s, offset, len); 589 } 590 591 static inline void flash_sync_dirty(Flash *s, int64_t newpage) 592 { 593 if (s->dirty_page >= 0 && s->dirty_page != newpage) { 594 flash_sync_page(s, s->dirty_page); 595 s->dirty_page = newpage; 596 } 597 } 598 599 static inline 600 void flash_write8(Flash *s, uint32_t addr, uint8_t data) 601 { 602 uint32_t page = addr / s->pi->page_size; 603 uint8_t prev = s->storage[s->cur_addr]; 604 605 if (!s->write_enable) { 606 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: write with write protect!\n"); 607 } 608 609 if ((prev ^ data) & data) { 610 DB_PRINT_L(1, "programming zero to one! addr=%" PRIx32 " %" PRIx8 611 " -> %" PRIx8 "\n", addr, prev, data); 612 } 613 614 if (s->pi->flags & EEPROM) { 615 s->storage[s->cur_addr] = data; 616 } else { 617 s->storage[s->cur_addr] &= data; 618 } 619 620 flash_sync_dirty(s, page); 621 s->dirty_page = page; 622 } 623 624 static inline int get_addr_length(Flash *s) 625 { 626 /* check if eeprom is in use */ 627 if (s->pi->flags == EEPROM) { 628 return 2; 629 } 630 631 switch (s->cmd_in_progress) { 632 case PP4: 633 case PP4_4: 634 case QPP_4: 635 case READ4: 636 case QIOR4: 637 case ERASE4_4K: 638 case ERASE4_32K: 639 case ERASE4_SECTOR: 640 case FAST_READ4: 641 case DOR4: 642 case QOR4: 643 case DIOR4: 644 return 4; 645 default: 646 return s->four_bytes_address_mode ? 4 : 3; 647 } 648 } 649 650 static void complete_collecting_data(Flash *s) 651 { 652 int i, n; 653 654 n = get_addr_length(s); 655 s->cur_addr = (n == 3 ? s->ear : 0); 656 for (i = 0; i < n; ++i) { 657 s->cur_addr <<= 8; 658 s->cur_addr |= s->data[i]; 659 } 660 661 s->cur_addr &= s->size - 1; 662 663 s->state = STATE_IDLE; 664 665 switch (s->cmd_in_progress) { 666 case DPP: 667 case QPP: 668 case QPP_4: 669 case PP: 670 case PP4: 671 case PP4_4: 672 s->state = STATE_PAGE_PROGRAM; 673 break; 674 case READ: 675 case READ4: 676 case FAST_READ: 677 case FAST_READ4: 678 case DOR: 679 case DOR4: 680 case QOR: 681 case QOR4: 682 case DIOR: 683 case DIOR4: 684 case QIOR: 685 case QIOR4: 686 s->state = STATE_READ; 687 break; 688 case ERASE_4K: 689 case ERASE4_4K: 690 case ERASE_32K: 691 case ERASE4_32K: 692 case ERASE_SECTOR: 693 case ERASE4_SECTOR: 694 case DIE_ERASE: 695 flash_erase(s, s->cur_addr, s->cmd_in_progress); 696 break; 697 case WRSR: 698 switch (get_man(s)) { 699 case MAN_SPANSION: 700 s->quad_enable = !!(s->data[1] & 0x02); 701 break; 702 case MAN_MACRONIX: 703 s->quad_enable = extract32(s->data[0], 6, 1); 704 if (s->len > 1) { 705 s->volatile_cfg = s->data[1]; 706 s->four_bytes_address_mode = extract32(s->data[1], 5, 1); 707 } 708 break; 709 default: 710 break; 711 } 712 if (s->write_enable) { 713 s->write_enable = false; 714 } 715 break; 716 case BRWR: 717 case EXTEND_ADDR_WRITE: 718 s->ear = s->data[0]; 719 break; 720 case WNVCR: 721 s->nonvolatile_cfg = s->data[0] | (s->data[1] << 8); 722 break; 723 case WVCR: 724 s->volatile_cfg = s->data[0]; 725 break; 726 case WEVCR: 727 s->enh_volatile_cfg = s->data[0]; 728 break; 729 case RDID_90: 730 case RDID_AB: 731 if (get_man(s) == MAN_SST) { 732 if (s->cur_addr <= 1) { 733 if (s->cur_addr) { 734 s->data[0] = s->pi->id[2]; 735 s->data[1] = s->pi->id[0]; 736 } else { 737 s->data[0] = s->pi->id[0]; 738 s->data[1] = s->pi->id[2]; 739 } 740 s->pos = 0; 741 s->len = 2; 742 s->data_read_loop = true; 743 s->state = STATE_READING_DATA; 744 } else { 745 qemu_log_mask(LOG_GUEST_ERROR, 746 "M25P80: Invalid read id address\n"); 747 } 748 } else { 749 qemu_log_mask(LOG_GUEST_ERROR, 750 "M25P80: Read id (command 0x90/0xAB) is not supported" 751 " by device\n"); 752 } 753 break; 754 default: 755 break; 756 } 757 } 758 759 static void reset_memory(Flash *s) 760 { 761 s->cmd_in_progress = NOP; 762 s->cur_addr = 0; 763 s->ear = 0; 764 s->four_bytes_address_mode = false; 765 s->len = 0; 766 s->needed_bytes = 0; 767 s->pos = 0; 768 s->state = STATE_IDLE; 769 s->write_enable = false; 770 s->reset_enable = false; 771 s->quad_enable = false; 772 773 switch (get_man(s)) { 774 case MAN_NUMONYX: 775 s->volatile_cfg = 0; 776 s->volatile_cfg |= VCFG_DUMMY; 777 s->volatile_cfg |= VCFG_WRAP_SEQUENTIAL; 778 if ((s->nonvolatile_cfg & NVCFG_XIP_MODE_MASK) 779 != NVCFG_XIP_MODE_DISABLED) { 780 s->volatile_cfg |= VCFG_XIP_MODE_ENABLED; 781 } 782 s->volatile_cfg |= deposit32(s->volatile_cfg, 783 VCFG_DUMMY_CLK_POS, 784 CFG_DUMMY_CLK_LEN, 785 extract32(s->nonvolatile_cfg, 786 NVCFG_DUMMY_CLK_POS, 787 CFG_DUMMY_CLK_LEN) 788 ); 789 790 s->enh_volatile_cfg = 0; 791 s->enh_volatile_cfg |= EVCFG_OUT_DRIVER_STRENGTH_DEF; 792 s->enh_volatile_cfg |= EVCFG_VPP_ACCELERATOR; 793 s->enh_volatile_cfg |= EVCFG_RESET_HOLD_ENABLED; 794 if (s->nonvolatile_cfg & NVCFG_DUAL_IO_MASK) { 795 s->enh_volatile_cfg |= EVCFG_DUAL_IO_ENABLED; 796 } 797 if (s->nonvolatile_cfg & NVCFG_QUAD_IO_MASK) { 798 s->enh_volatile_cfg |= EVCFG_QUAD_IO_ENABLED; 799 } 800 if (!(s->nonvolatile_cfg & NVCFG_4BYTE_ADDR_MASK)) { 801 s->four_bytes_address_mode = true; 802 } 803 if (!(s->nonvolatile_cfg & NVCFG_LOWER_SEGMENT_MASK)) { 804 s->ear = s->size / MAX_3BYTES_SIZE - 1; 805 } 806 break; 807 case MAN_MACRONIX: 808 s->volatile_cfg = 0x7; 809 break; 810 case MAN_SPANSION: 811 s->spansion_cr1v = s->spansion_cr1nv; 812 s->spansion_cr2v = s->spansion_cr2nv; 813 s->spansion_cr3v = s->spansion_cr3nv; 814 s->spansion_cr4v = s->spansion_cr4nv; 815 s->quad_enable = extract32(s->spansion_cr1v, 816 SPANSION_QUAD_CFG_POS, 817 SPANSION_QUAD_CFG_LEN 818 ); 819 s->four_bytes_address_mode = extract32(s->spansion_cr2v, 820 SPANSION_ADDR_LEN_POS, 821 SPANSION_ADDR_LEN_LEN 822 ); 823 break; 824 default: 825 break; 826 } 827 828 DB_PRINT_L(0, "Reset done.\n"); 829 } 830 831 static void decode_fast_read_cmd(Flash *s) 832 { 833 s->needed_bytes = get_addr_length(s); 834 switch (get_man(s)) { 835 /* Dummy cycles - modeled with bytes writes instead of bits */ 836 case MAN_WINBOND: 837 s->needed_bytes += 8; 838 break; 839 case MAN_NUMONYX: 840 s->needed_bytes += extract32(s->volatile_cfg, 4, 4); 841 break; 842 case MAN_MACRONIX: 843 if (extract32(s->volatile_cfg, 6, 2) == 1) { 844 s->needed_bytes += 6; 845 } else { 846 s->needed_bytes += 8; 847 } 848 break; 849 case MAN_SPANSION: 850 s->needed_bytes += extract32(s->spansion_cr2v, 851 SPANSION_DUMMY_CLK_POS, 852 SPANSION_DUMMY_CLK_LEN 853 ); 854 break; 855 default: 856 break; 857 } 858 s->pos = 0; 859 s->len = 0; 860 s->state = STATE_COLLECTING_DATA; 861 } 862 863 static void decode_dio_read_cmd(Flash *s) 864 { 865 s->needed_bytes = get_addr_length(s); 866 /* Dummy cycles modeled with bytes writes instead of bits */ 867 switch (get_man(s)) { 868 case MAN_WINBOND: 869 s->needed_bytes += WINBOND_CONTINUOUS_READ_MODE_CMD_LEN; 870 break; 871 case MAN_SPANSION: 872 s->needed_bytes += SPANSION_CONTINUOUS_READ_MODE_CMD_LEN; 873 s->needed_bytes += extract32(s->spansion_cr2v, 874 SPANSION_DUMMY_CLK_POS, 875 SPANSION_DUMMY_CLK_LEN 876 ); 877 break; 878 case MAN_NUMONYX: 879 s->needed_bytes += extract32(s->volatile_cfg, 4, 4); 880 break; 881 case MAN_MACRONIX: 882 switch (extract32(s->volatile_cfg, 6, 2)) { 883 case 1: 884 s->needed_bytes += 6; 885 break; 886 case 2: 887 s->needed_bytes += 8; 888 break; 889 default: 890 s->needed_bytes += 4; 891 break; 892 } 893 break; 894 default: 895 break; 896 } 897 s->pos = 0; 898 s->len = 0; 899 s->state = STATE_COLLECTING_DATA; 900 } 901 902 static void decode_qio_read_cmd(Flash *s) 903 { 904 s->needed_bytes = get_addr_length(s); 905 /* Dummy cycles modeled with bytes writes instead of bits */ 906 switch (get_man(s)) { 907 case MAN_WINBOND: 908 s->needed_bytes += WINBOND_CONTINUOUS_READ_MODE_CMD_LEN; 909 s->needed_bytes += 4; 910 break; 911 case MAN_SPANSION: 912 s->needed_bytes += SPANSION_CONTINUOUS_READ_MODE_CMD_LEN; 913 s->needed_bytes += extract32(s->spansion_cr2v, 914 SPANSION_DUMMY_CLK_POS, 915 SPANSION_DUMMY_CLK_LEN 916 ); 917 break; 918 case MAN_NUMONYX: 919 s->needed_bytes += extract32(s->volatile_cfg, 4, 4); 920 break; 921 case MAN_MACRONIX: 922 switch (extract32(s->volatile_cfg, 6, 2)) { 923 case 1: 924 s->needed_bytes += 4; 925 break; 926 case 2: 927 s->needed_bytes += 8; 928 break; 929 default: 930 s->needed_bytes += 6; 931 break; 932 } 933 break; 934 default: 935 break; 936 } 937 s->pos = 0; 938 s->len = 0; 939 s->state = STATE_COLLECTING_DATA; 940 } 941 942 static void decode_new_cmd(Flash *s, uint32_t value) 943 { 944 s->cmd_in_progress = value; 945 int i; 946 DB_PRINT_L(0, "decoded new command:%x\n", value); 947 948 if (value != RESET_MEMORY) { 949 s->reset_enable = false; 950 } 951 952 switch (value) { 953 954 case ERASE_4K: 955 case ERASE4_4K: 956 case ERASE_32K: 957 case ERASE4_32K: 958 case ERASE_SECTOR: 959 case ERASE4_SECTOR: 960 case READ: 961 case READ4: 962 case DPP: 963 case QPP: 964 case QPP_4: 965 case PP: 966 case PP4: 967 case PP4_4: 968 case DIE_ERASE: 969 case RDID_90: 970 case RDID_AB: 971 s->needed_bytes = get_addr_length(s); 972 s->pos = 0; 973 s->len = 0; 974 s->state = STATE_COLLECTING_DATA; 975 break; 976 977 case FAST_READ: 978 case FAST_READ4: 979 case DOR: 980 case DOR4: 981 case QOR: 982 case QOR4: 983 decode_fast_read_cmd(s); 984 break; 985 986 case DIOR: 987 case DIOR4: 988 decode_dio_read_cmd(s); 989 break; 990 991 case QIOR: 992 case QIOR4: 993 decode_qio_read_cmd(s); 994 break; 995 996 case WRSR: 997 if (s->write_enable) { 998 switch (get_man(s)) { 999 case MAN_SPANSION: 1000 s->needed_bytes = 2; 1001 s->state = STATE_COLLECTING_DATA; 1002 break; 1003 case MAN_MACRONIX: 1004 s->needed_bytes = 2; 1005 s->state = STATE_COLLECTING_VAR_LEN_DATA; 1006 break; 1007 default: 1008 s->needed_bytes = 1; 1009 s->state = STATE_COLLECTING_DATA; 1010 } 1011 s->pos = 0; 1012 } 1013 break; 1014 1015 case WRDI: 1016 s->write_enable = false; 1017 break; 1018 case WREN: 1019 s->write_enable = true; 1020 break; 1021 1022 case RDSR: 1023 s->data[0] = (!!s->write_enable) << 1; 1024 if (get_man(s) == MAN_MACRONIX) { 1025 s->data[0] |= (!!s->quad_enable) << 6; 1026 } 1027 s->pos = 0; 1028 s->len = 1; 1029 s->data_read_loop = true; 1030 s->state = STATE_READING_DATA; 1031 break; 1032 1033 case READ_FSR: 1034 s->data[0] = FSR_FLASH_READY; 1035 if (s->four_bytes_address_mode) { 1036 s->data[0] |= FSR_4BYTE_ADDR_MODE_ENABLED; 1037 } 1038 s->pos = 0; 1039 s->len = 1; 1040 s->data_read_loop = true; 1041 s->state = STATE_READING_DATA; 1042 break; 1043 1044 case JEDEC_READ: 1045 DB_PRINT_L(0, "populated jedec code\n"); 1046 for (i = 0; i < s->pi->id_len; i++) { 1047 s->data[i] = s->pi->id[i]; 1048 } 1049 1050 s->len = s->pi->id_len; 1051 s->pos = 0; 1052 s->state = STATE_READING_DATA; 1053 break; 1054 1055 case RDCR: 1056 s->data[0] = s->volatile_cfg & 0xFF; 1057 s->data[0] |= (!!s->four_bytes_address_mode) << 5; 1058 s->pos = 0; 1059 s->len = 1; 1060 s->state = STATE_READING_DATA; 1061 break; 1062 1063 case BULK_ERASE_60: 1064 case BULK_ERASE: 1065 if (s->write_enable) { 1066 DB_PRINT_L(0, "chip erase\n"); 1067 flash_erase(s, 0, BULK_ERASE); 1068 } else { 1069 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: chip erase with write " 1070 "protect!\n"); 1071 } 1072 break; 1073 case NOP: 1074 break; 1075 case EN_4BYTE_ADDR: 1076 s->four_bytes_address_mode = true; 1077 break; 1078 case EX_4BYTE_ADDR: 1079 s->four_bytes_address_mode = false; 1080 break; 1081 case BRRD: 1082 case EXTEND_ADDR_READ: 1083 s->data[0] = s->ear; 1084 s->pos = 0; 1085 s->len = 1; 1086 s->state = STATE_READING_DATA; 1087 break; 1088 case BRWR: 1089 case EXTEND_ADDR_WRITE: 1090 if (s->write_enable) { 1091 s->needed_bytes = 1; 1092 s->pos = 0; 1093 s->len = 0; 1094 s->state = STATE_COLLECTING_DATA; 1095 } 1096 break; 1097 case RNVCR: 1098 s->data[0] = s->nonvolatile_cfg & 0xFF; 1099 s->data[1] = (s->nonvolatile_cfg >> 8) & 0xFF; 1100 s->pos = 0; 1101 s->len = 2; 1102 s->state = STATE_READING_DATA; 1103 break; 1104 case WNVCR: 1105 if (s->write_enable && get_man(s) == MAN_NUMONYX) { 1106 s->needed_bytes = 2; 1107 s->pos = 0; 1108 s->len = 0; 1109 s->state = STATE_COLLECTING_DATA; 1110 } 1111 break; 1112 case RVCR: 1113 s->data[0] = s->volatile_cfg & 0xFF; 1114 s->pos = 0; 1115 s->len = 1; 1116 s->state = STATE_READING_DATA; 1117 break; 1118 case WVCR: 1119 if (s->write_enable) { 1120 s->needed_bytes = 1; 1121 s->pos = 0; 1122 s->len = 0; 1123 s->state = STATE_COLLECTING_DATA; 1124 } 1125 break; 1126 case REVCR: 1127 s->data[0] = s->enh_volatile_cfg & 0xFF; 1128 s->pos = 0; 1129 s->len = 1; 1130 s->state = STATE_READING_DATA; 1131 break; 1132 case WEVCR: 1133 if (s->write_enable) { 1134 s->needed_bytes = 1; 1135 s->pos = 0; 1136 s->len = 0; 1137 s->state = STATE_COLLECTING_DATA; 1138 } 1139 break; 1140 case RESET_ENABLE: 1141 s->reset_enable = true; 1142 break; 1143 case RESET_MEMORY: 1144 if (s->reset_enable) { 1145 reset_memory(s); 1146 } 1147 break; 1148 case RDCR_EQIO: 1149 switch (get_man(s)) { 1150 case MAN_SPANSION: 1151 s->data[0] = (!!s->quad_enable) << 1; 1152 s->pos = 0; 1153 s->len = 1; 1154 s->state = STATE_READING_DATA; 1155 break; 1156 case MAN_MACRONIX: 1157 s->quad_enable = true; 1158 break; 1159 default: 1160 break; 1161 } 1162 break; 1163 case RSTQIO: 1164 s->quad_enable = false; 1165 break; 1166 default: 1167 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value); 1168 break; 1169 } 1170 } 1171 1172 static int m25p80_cs(SSISlave *ss, bool select) 1173 { 1174 Flash *s = M25P80(ss); 1175 1176 if (select) { 1177 if (s->state == STATE_COLLECTING_VAR_LEN_DATA) { 1178 complete_collecting_data(s); 1179 } 1180 s->len = 0; 1181 s->pos = 0; 1182 s->state = STATE_IDLE; 1183 flash_sync_dirty(s, -1); 1184 s->data_read_loop = false; 1185 } 1186 1187 DB_PRINT_L(0, "%sselect\n", select ? "de" : ""); 1188 1189 return 0; 1190 } 1191 1192 static uint32_t m25p80_transfer8(SSISlave *ss, uint32_t tx) 1193 { 1194 Flash *s = M25P80(ss); 1195 uint32_t r = 0; 1196 1197 switch (s->state) { 1198 1199 case STATE_PAGE_PROGRAM: 1200 DB_PRINT_L(1, "page program cur_addr=%#" PRIx32 " data=%" PRIx8 "\n", 1201 s->cur_addr, (uint8_t)tx); 1202 flash_write8(s, s->cur_addr, (uint8_t)tx); 1203 s->cur_addr = (s->cur_addr + 1) & (s->size - 1); 1204 break; 1205 1206 case STATE_READ: 1207 r = s->storage[s->cur_addr]; 1208 DB_PRINT_L(1, "READ 0x%" PRIx32 "=%" PRIx8 "\n", s->cur_addr, 1209 (uint8_t)r); 1210 s->cur_addr = (s->cur_addr + 1) & (s->size - 1); 1211 break; 1212 1213 case STATE_COLLECTING_DATA: 1214 case STATE_COLLECTING_VAR_LEN_DATA: 1215 1216 if (s->len >= M25P80_INTERNAL_DATA_BUFFER_SZ) { 1217 qemu_log_mask(LOG_GUEST_ERROR, 1218 "M25P80: Write overrun internal data buffer. " 1219 "SPI controller (QEMU emulator or guest driver) " 1220 "is misbehaving\n"); 1221 s->len = s->pos = 0; 1222 s->state = STATE_IDLE; 1223 break; 1224 } 1225 1226 s->data[s->len] = (uint8_t)tx; 1227 s->len++; 1228 1229 if (s->len == s->needed_bytes) { 1230 complete_collecting_data(s); 1231 } 1232 break; 1233 1234 case STATE_READING_DATA: 1235 1236 if (s->pos >= M25P80_INTERNAL_DATA_BUFFER_SZ) { 1237 qemu_log_mask(LOG_GUEST_ERROR, 1238 "M25P80: Read overrun internal data buffer. " 1239 "SPI controller (QEMU emulator or guest driver) " 1240 "is misbehaving\n"); 1241 s->len = s->pos = 0; 1242 s->state = STATE_IDLE; 1243 break; 1244 } 1245 1246 r = s->data[s->pos]; 1247 s->pos++; 1248 if (s->pos == s->len) { 1249 s->pos = 0; 1250 if (!s->data_read_loop) { 1251 s->state = STATE_IDLE; 1252 } 1253 } 1254 break; 1255 1256 default: 1257 case STATE_IDLE: 1258 decode_new_cmd(s, (uint8_t)tx); 1259 break; 1260 } 1261 1262 return r; 1263 } 1264 1265 static void m25p80_realize(SSISlave *ss, Error **errp) 1266 { 1267 Flash *s = M25P80(ss); 1268 M25P80Class *mc = M25P80_GET_CLASS(s); 1269 int ret; 1270 1271 s->pi = mc->pi; 1272 1273 s->size = s->pi->sector_size * s->pi->n_sectors; 1274 s->dirty_page = -1; 1275 1276 if (s->blk) { 1277 uint64_t perm = BLK_PERM_CONSISTENT_READ | 1278 (blk_is_read_only(s->blk) ? 0 : BLK_PERM_WRITE); 1279 ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp); 1280 if (ret < 0) { 1281 return; 1282 } 1283 1284 DB_PRINT_L(0, "Binding to IF_MTD drive\n"); 1285 s->storage = blk_blockalign(s->blk, s->size); 1286 1287 if (blk_pread(s->blk, 0, s->storage, s->size) != s->size) { 1288 error_setg(errp, "failed to read the initial flash content"); 1289 return; 1290 } 1291 } else { 1292 DB_PRINT_L(0, "No BDRV - binding to RAM\n"); 1293 s->storage = blk_blockalign(NULL, s->size); 1294 memset(s->storage, 0xFF, s->size); 1295 } 1296 } 1297 1298 static void m25p80_reset(DeviceState *d) 1299 { 1300 Flash *s = M25P80(d); 1301 1302 reset_memory(s); 1303 } 1304 1305 static int m25p80_pre_save(void *opaque) 1306 { 1307 flash_sync_dirty((Flash *)opaque, -1); 1308 1309 return 0; 1310 } 1311 1312 static Property m25p80_properties[] = { 1313 /* This is default value for Micron flash */ 1314 DEFINE_PROP_UINT32("nonvolatile-cfg", Flash, nonvolatile_cfg, 0x8FFF), 1315 DEFINE_PROP_UINT8("spansion-cr1nv", Flash, spansion_cr1nv, 0x0), 1316 DEFINE_PROP_UINT8("spansion-cr2nv", Flash, spansion_cr2nv, 0x8), 1317 DEFINE_PROP_UINT8("spansion-cr3nv", Flash, spansion_cr3nv, 0x2), 1318 DEFINE_PROP_UINT8("spansion-cr4nv", Flash, spansion_cr4nv, 0x10), 1319 DEFINE_PROP_DRIVE("drive", Flash, blk), 1320 DEFINE_PROP_END_OF_LIST(), 1321 }; 1322 1323 static int m25p80_pre_load(void *opaque) 1324 { 1325 Flash *s = (Flash *)opaque; 1326 1327 s->data_read_loop = false; 1328 return 0; 1329 } 1330 1331 static bool m25p80_data_read_loop_needed(void *opaque) 1332 { 1333 Flash *s = (Flash *)opaque; 1334 1335 return s->data_read_loop; 1336 } 1337 1338 static const VMStateDescription vmstate_m25p80_data_read_loop = { 1339 .name = "m25p80/data_read_loop", 1340 .version_id = 1, 1341 .minimum_version_id = 1, 1342 .needed = m25p80_data_read_loop_needed, 1343 .fields = (VMStateField[]) { 1344 VMSTATE_BOOL(data_read_loop, Flash), 1345 VMSTATE_END_OF_LIST() 1346 } 1347 }; 1348 1349 static const VMStateDescription vmstate_m25p80 = { 1350 .name = "m25p80", 1351 .version_id = 0, 1352 .minimum_version_id = 0, 1353 .pre_save = m25p80_pre_save, 1354 .pre_load = m25p80_pre_load, 1355 .fields = (VMStateField[]) { 1356 VMSTATE_UINT8(state, Flash), 1357 VMSTATE_UINT8_ARRAY(data, Flash, M25P80_INTERNAL_DATA_BUFFER_SZ), 1358 VMSTATE_UINT32(len, Flash), 1359 VMSTATE_UINT32(pos, Flash), 1360 VMSTATE_UINT8(needed_bytes, Flash), 1361 VMSTATE_UINT8(cmd_in_progress, Flash), 1362 VMSTATE_UINT32(cur_addr, Flash), 1363 VMSTATE_BOOL(write_enable, Flash), 1364 VMSTATE_BOOL(reset_enable, Flash), 1365 VMSTATE_UINT8(ear, Flash), 1366 VMSTATE_BOOL(four_bytes_address_mode, Flash), 1367 VMSTATE_UINT32(nonvolatile_cfg, Flash), 1368 VMSTATE_UINT32(volatile_cfg, Flash), 1369 VMSTATE_UINT32(enh_volatile_cfg, Flash), 1370 VMSTATE_BOOL(quad_enable, Flash), 1371 VMSTATE_UINT8(spansion_cr1nv, Flash), 1372 VMSTATE_UINT8(spansion_cr2nv, Flash), 1373 VMSTATE_UINT8(spansion_cr3nv, Flash), 1374 VMSTATE_UINT8(spansion_cr4nv, Flash), 1375 VMSTATE_END_OF_LIST() 1376 }, 1377 .subsections = (const VMStateDescription * []) { 1378 &vmstate_m25p80_data_read_loop, 1379 NULL 1380 } 1381 }; 1382 1383 static void m25p80_class_init(ObjectClass *klass, void *data) 1384 { 1385 DeviceClass *dc = DEVICE_CLASS(klass); 1386 SSISlaveClass *k = SSI_SLAVE_CLASS(klass); 1387 M25P80Class *mc = M25P80_CLASS(klass); 1388 1389 k->realize = m25p80_realize; 1390 k->transfer = m25p80_transfer8; 1391 k->set_cs = m25p80_cs; 1392 k->cs_polarity = SSI_CS_LOW; 1393 dc->vmsd = &vmstate_m25p80; 1394 device_class_set_props(dc, m25p80_properties); 1395 dc->reset = m25p80_reset; 1396 mc->pi = data; 1397 } 1398 1399 static const TypeInfo m25p80_info = { 1400 .name = TYPE_M25P80, 1401 .parent = TYPE_SSI_SLAVE, 1402 .instance_size = sizeof(Flash), 1403 .class_size = sizeof(M25P80Class), 1404 .abstract = true, 1405 }; 1406 1407 static void m25p80_register_types(void) 1408 { 1409 int i; 1410 1411 type_register_static(&m25p80_info); 1412 for (i = 0; i < ARRAY_SIZE(known_devices); ++i) { 1413 TypeInfo ti = { 1414 .name = known_devices[i].part_name, 1415 .parent = TYPE_M25P80, 1416 .class_init = m25p80_class_init, 1417 .class_data = (void *)&known_devices[i], 1418 }; 1419 type_register(&ti); 1420 } 1421 } 1422 1423 type_init(m25p80_register_types) 1424