1 /* 2 * ST M25P80 emulator. Emulate all SPI flash devices based on the m25p80 command 3 * set. Known devices table current as of Jun/2012 and taken from linux. 4 * See drivers/mtd/devices/m25p80.c. 5 * 6 * Copyright (C) 2011 Edgar E. Iglesias <edgar.iglesias@gmail.com> 7 * Copyright (C) 2012 Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com> 8 * Copyright (C) 2012 PetaLogix 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License as 12 * published by the Free Software Foundation; either version 2 or 13 * (at your option) a later version of the License. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License along 21 * with this program; if not, see <http://www.gnu.org/licenses/>. 22 */ 23 24 #include "qemu/osdep.h" 25 #include "hw/hw.h" 26 #include "sysemu/block-backend.h" 27 #include "sysemu/blockdev.h" 28 #include "hw/ssi/ssi.h" 29 #include "qemu/bitops.h" 30 31 #ifndef M25P80_ERR_DEBUG 32 #define M25P80_ERR_DEBUG 0 33 #endif 34 35 #define DB_PRINT_L(level, ...) do { \ 36 if (M25P80_ERR_DEBUG > (level)) { \ 37 fprintf(stderr, ": %s: ", __func__); \ 38 fprintf(stderr, ## __VA_ARGS__); \ 39 } \ 40 } while (0); 41 42 /* Fields for FlashPartInfo->flags */ 43 44 /* erase capabilities */ 45 #define ER_4K 1 46 #define ER_32K 2 47 /* set to allow the page program command to write 0s back to 1. Useful for 48 * modelling EEPROM with SPI flash command set 49 */ 50 #define EEPROM 0x100 51 52 /* 16 MiB max in 3 byte address mode */ 53 #define MAX_3BYTES_SIZE 0x1000000 54 55 typedef struct FlashPartInfo { 56 const char *part_name; 57 /* jedec code. (jedec >> 16) & 0xff is the 1st byte, >> 8 the 2nd etc */ 58 uint32_t jedec; 59 /* extended jedec code */ 60 uint16_t ext_jedec; 61 /* there is confusion between manufacturers as to what a sector is. In this 62 * device model, a "sector" is the size that is erased by the ERASE_SECTOR 63 * command (opcode 0xd8). 64 */ 65 uint32_t sector_size; 66 uint32_t n_sectors; 67 uint32_t page_size; 68 uint16_t flags; 69 } FlashPartInfo; 70 71 /* adapted from linux */ 72 73 #define INFO(_part_name, _jedec, _ext_jedec, _sector_size, _n_sectors, _flags)\ 74 .part_name = (_part_name),\ 75 .jedec = (_jedec),\ 76 .ext_jedec = (_ext_jedec),\ 77 .sector_size = (_sector_size),\ 78 .n_sectors = (_n_sectors),\ 79 .page_size = 256,\ 80 .flags = (_flags),\ 81 82 #define JEDEC_NUMONYX 0x20 83 #define JEDEC_WINBOND 0xEF 84 #define JEDEC_SPANSION 0x01 85 86 /* Numonyx (Micron) Configuration register macros */ 87 #define VCFG_DUMMY 0x1 88 #define VCFG_WRAP_SEQUENTIAL 0x2 89 #define NVCFG_XIP_MODE_DISABLED (7 << 9) 90 #define NVCFG_XIP_MODE_MASK (7 << 9) 91 #define VCFG_XIP_MODE_ENABLED (1 << 3) 92 #define CFG_DUMMY_CLK_LEN 4 93 #define NVCFG_DUMMY_CLK_POS 12 94 #define VCFG_DUMMY_CLK_POS 4 95 #define EVCFG_OUT_DRIVER_STRENGHT_DEF 7 96 #define EVCFG_VPP_ACCELERATOR (1 << 3) 97 #define EVCFG_RESET_HOLD_ENABLED (1 << 4) 98 #define NVCFG_DUAL_IO_MASK (1 << 2) 99 #define EVCFG_DUAL_IO_ENABLED (1 << 6) 100 #define NVCFG_QUAD_IO_MASK (1 << 3) 101 #define EVCFG_QUAD_IO_ENABLED (1 << 7) 102 #define NVCFG_4BYTE_ADDR_MASK (1 << 0) 103 #define NVCFG_LOWER_SEGMENT_MASK (1 << 1) 104 #define CFG_UPPER_128MB_SEG_ENABLED 0x3 105 106 /* Numonyx (Micron) Flag Status Register macros */ 107 #define FSR_4BYTE_ADDR_MODE_ENABLED 0x1 108 #define FSR_FLASH_READY (1 << 7) 109 110 static const FlashPartInfo known_devices[] = { 111 /* Atmel -- some are (confusingly) marketed as "DataFlash" */ 112 { INFO("at25fs010", 0x1f6601, 0, 32 << 10, 4, ER_4K) }, 113 { INFO("at25fs040", 0x1f6604, 0, 64 << 10, 8, ER_4K) }, 114 115 { INFO("at25df041a", 0x1f4401, 0, 64 << 10, 8, ER_4K) }, 116 { INFO("at25df321a", 0x1f4701, 0, 64 << 10, 64, ER_4K) }, 117 { INFO("at25df641", 0x1f4800, 0, 64 << 10, 128, ER_4K) }, 118 119 { INFO("at26f004", 0x1f0400, 0, 64 << 10, 8, ER_4K) }, 120 { INFO("at26df081a", 0x1f4501, 0, 64 << 10, 16, ER_4K) }, 121 { INFO("at26df161a", 0x1f4601, 0, 64 << 10, 32, ER_4K) }, 122 { INFO("at26df321", 0x1f4700, 0, 64 << 10, 64, ER_4K) }, 123 124 { INFO("at45db081d", 0x1f2500, 0, 64 << 10, 16, ER_4K) }, 125 126 /* Atmel EEPROMS - it is assumed, that don't care bit in command 127 * is set to 0. Block protection is not supported. 128 */ 129 { INFO("at25128a-nonjedec", 0x0, 0, 1, 131072, EEPROM) }, 130 { INFO("at25256a-nonjedec", 0x0, 0, 1, 262144, EEPROM) }, 131 132 /* EON -- en25xxx */ 133 { INFO("en25f32", 0x1c3116, 0, 64 << 10, 64, ER_4K) }, 134 { INFO("en25p32", 0x1c2016, 0, 64 << 10, 64, 0) }, 135 { INFO("en25q32b", 0x1c3016, 0, 64 << 10, 64, 0) }, 136 { INFO("en25p64", 0x1c2017, 0, 64 << 10, 128, 0) }, 137 { INFO("en25q64", 0x1c3017, 0, 64 << 10, 128, ER_4K) }, 138 139 /* GigaDevice */ 140 { INFO("gd25q32", 0xc84016, 0, 64 << 10, 64, ER_4K) }, 141 { INFO("gd25q64", 0xc84017, 0, 64 << 10, 128, ER_4K) }, 142 143 /* Intel/Numonyx -- xxxs33b */ 144 { INFO("160s33b", 0x898911, 0, 64 << 10, 32, 0) }, 145 { INFO("320s33b", 0x898912, 0, 64 << 10, 64, 0) }, 146 { INFO("640s33b", 0x898913, 0, 64 << 10, 128, 0) }, 147 { INFO("n25q064", 0x20ba17, 0, 64 << 10, 128, 0) }, 148 149 /* Macronix */ 150 { INFO("mx25l2005a", 0xc22012, 0, 64 << 10, 4, ER_4K) }, 151 { INFO("mx25l4005a", 0xc22013, 0, 64 << 10, 8, ER_4K) }, 152 { INFO("mx25l8005", 0xc22014, 0, 64 << 10, 16, 0) }, 153 { INFO("mx25l1606e", 0xc22015, 0, 64 << 10, 32, ER_4K) }, 154 { INFO("mx25l3205d", 0xc22016, 0, 64 << 10, 64, 0) }, 155 { INFO("mx25l6405d", 0xc22017, 0, 64 << 10, 128, 0) }, 156 { INFO("mx25l12805d", 0xc22018, 0, 64 << 10, 256, 0) }, 157 { INFO("mx25l12855e", 0xc22618, 0, 64 << 10, 256, 0) }, 158 { INFO("mx25l25635e", 0xc22019, 0, 64 << 10, 512, 0) }, 159 { INFO("mx25l25655e", 0xc22619, 0, 64 << 10, 512, 0) }, 160 161 /* Micron */ 162 { INFO("n25q032a11", 0x20bb16, 0, 64 << 10, 64, ER_4K) }, 163 { INFO("n25q032a13", 0x20ba16, 0, 64 << 10, 64, ER_4K) }, 164 { INFO("n25q064a11", 0x20bb17, 0, 64 << 10, 128, ER_4K) }, 165 { INFO("n25q064a13", 0x20ba17, 0, 64 << 10, 128, ER_4K) }, 166 { INFO("n25q128a11", 0x20bb18, 0, 64 << 10, 256, ER_4K) }, 167 { INFO("n25q128a13", 0x20ba18, 0, 64 << 10, 256, ER_4K) }, 168 { INFO("n25q256a11", 0x20bb19, 0, 64 << 10, 512, ER_4K) }, 169 { INFO("n25q256a13", 0x20ba19, 0, 64 << 10, 512, ER_4K) }, 170 171 /* Spansion -- single (large) sector size only, at least 172 * for the chips listed here (without boot sectors). 173 */ 174 { INFO("s25sl032p", 0x010215, 0x4d00, 64 << 10, 64, ER_4K) }, 175 { INFO("s25sl064p", 0x010216, 0x4d00, 64 << 10, 128, ER_4K) }, 176 { INFO("s25fl256s0", 0x010219, 0x4d00, 256 << 10, 128, 0) }, 177 { INFO("s25fl256s1", 0x010219, 0x4d01, 64 << 10, 512, 0) }, 178 { INFO("s25fl512s", 0x010220, 0x4d00, 256 << 10, 256, 0) }, 179 { INFO("s70fl01gs", 0x010221, 0x4d00, 256 << 10, 256, 0) }, 180 { INFO("s25sl12800", 0x012018, 0x0300, 256 << 10, 64, 0) }, 181 { INFO("s25sl12801", 0x012018, 0x0301, 64 << 10, 256, 0) }, 182 { INFO("s25fl129p0", 0x012018, 0x4d00, 256 << 10, 64, 0) }, 183 { INFO("s25fl129p1", 0x012018, 0x4d01, 64 << 10, 256, 0) }, 184 { INFO("s25sl004a", 0x010212, 0, 64 << 10, 8, 0) }, 185 { INFO("s25sl008a", 0x010213, 0, 64 << 10, 16, 0) }, 186 { INFO("s25sl016a", 0x010214, 0, 64 << 10, 32, 0) }, 187 { INFO("s25sl032a", 0x010215, 0, 64 << 10, 64, 0) }, 188 { INFO("s25sl064a", 0x010216, 0, 64 << 10, 128, 0) }, 189 { INFO("s25fl016k", 0xef4015, 0, 64 << 10, 32, ER_4K | ER_32K) }, 190 { INFO("s25fl064k", 0xef4017, 0, 64 << 10, 128, ER_4K | ER_32K) }, 191 192 /* SST -- large erase sizes are "overlays", "sectors" are 4<< 10 */ 193 { INFO("sst25vf040b", 0xbf258d, 0, 64 << 10, 8, ER_4K) }, 194 { INFO("sst25vf080b", 0xbf258e, 0, 64 << 10, 16, ER_4K) }, 195 { INFO("sst25vf016b", 0xbf2541, 0, 64 << 10, 32, ER_4K) }, 196 { INFO("sst25vf032b", 0xbf254a, 0, 64 << 10, 64, ER_4K) }, 197 { INFO("sst25wf512", 0xbf2501, 0, 64 << 10, 1, ER_4K) }, 198 { INFO("sst25wf010", 0xbf2502, 0, 64 << 10, 2, ER_4K) }, 199 { INFO("sst25wf020", 0xbf2503, 0, 64 << 10, 4, ER_4K) }, 200 { INFO("sst25wf040", 0xbf2504, 0, 64 << 10, 8, ER_4K) }, 201 { INFO("sst25wf080", 0xbf2505, 0, 64 << 10, 16, ER_4K) }, 202 203 /* ST Microelectronics -- newer production may have feature updates */ 204 { INFO("m25p05", 0x202010, 0, 32 << 10, 2, 0) }, 205 { INFO("m25p10", 0x202011, 0, 32 << 10, 4, 0) }, 206 { INFO("m25p20", 0x202012, 0, 64 << 10, 4, 0) }, 207 { INFO("m25p40", 0x202013, 0, 64 << 10, 8, 0) }, 208 { INFO("m25p80", 0x202014, 0, 64 << 10, 16, 0) }, 209 { INFO("m25p16", 0x202015, 0, 64 << 10, 32, 0) }, 210 { INFO("m25p32", 0x202016, 0, 64 << 10, 64, 0) }, 211 { INFO("m25p64", 0x202017, 0, 64 << 10, 128, 0) }, 212 { INFO("m25p128", 0x202018, 0, 256 << 10, 64, 0) }, 213 { INFO("n25q032", 0x20ba16, 0, 64 << 10, 64, 0) }, 214 215 { INFO("m45pe10", 0x204011, 0, 64 << 10, 2, 0) }, 216 { INFO("m45pe80", 0x204014, 0, 64 << 10, 16, 0) }, 217 { INFO("m45pe16", 0x204015, 0, 64 << 10, 32, 0) }, 218 219 { INFO("m25pe20", 0x208012, 0, 64 << 10, 4, 0) }, 220 { INFO("m25pe80", 0x208014, 0, 64 << 10, 16, 0) }, 221 { INFO("m25pe16", 0x208015, 0, 64 << 10, 32, ER_4K) }, 222 223 { INFO("m25px32", 0x207116, 0, 64 << 10, 64, ER_4K) }, 224 { INFO("m25px32-s0", 0x207316, 0, 64 << 10, 64, ER_4K) }, 225 { INFO("m25px32-s1", 0x206316, 0, 64 << 10, 64, ER_4K) }, 226 { INFO("m25px64", 0x207117, 0, 64 << 10, 128, 0) }, 227 228 /* Winbond -- w25x "blocks" are 64k, "sectors" are 4KiB */ 229 { INFO("w25x10", 0xef3011, 0, 64 << 10, 2, ER_4K) }, 230 { INFO("w25x20", 0xef3012, 0, 64 << 10, 4, ER_4K) }, 231 { INFO("w25x40", 0xef3013, 0, 64 << 10, 8, ER_4K) }, 232 { INFO("w25x80", 0xef3014, 0, 64 << 10, 16, ER_4K) }, 233 { INFO("w25x16", 0xef3015, 0, 64 << 10, 32, ER_4K) }, 234 { INFO("w25x32", 0xef3016, 0, 64 << 10, 64, ER_4K) }, 235 { INFO("w25q32", 0xef4016, 0, 64 << 10, 64, ER_4K) }, 236 { INFO("w25q32dw", 0xef6016, 0, 64 << 10, 64, ER_4K) }, 237 { INFO("w25x64", 0xef3017, 0, 64 << 10, 128, ER_4K) }, 238 { INFO("w25q64", 0xef4017, 0, 64 << 10, 128, ER_4K) }, 239 { INFO("w25q80", 0xef5014, 0, 64 << 10, 16, ER_4K) }, 240 { INFO("w25q80bl", 0xef4014, 0, 64 << 10, 16, ER_4K) }, 241 { INFO("w25q256", 0xef4019, 0, 64 << 10, 512, ER_4K) }, 242 243 { INFO("n25q128", 0x20ba18, 0, 64 << 10, 256, 0) }, 244 { INFO("n25q256a", 0x20ba19, 0, 64 << 10, 512, ER_4K) }, 245 { INFO("n25q512a", 0x20ba20, 0, 64 << 10, 1024, ER_4K) }, 246 }; 247 248 typedef enum { 249 NOP = 0, 250 WRSR = 0x1, 251 WRDI = 0x4, 252 RDSR = 0x5, 253 WREN = 0x6, 254 JEDEC_READ = 0x9f, 255 BULK_ERASE = 0xc7, 256 READ_FSR = 0x70, 257 258 READ = 0x03, 259 READ4 = 0x13, 260 FAST_READ = 0x0b, 261 FAST_READ4 = 0x0c, 262 DOR = 0x3b, 263 DOR4 = 0x3c, 264 QOR = 0x6b, 265 QOR4 = 0x6c, 266 DIOR = 0xbb, 267 DIOR4 = 0xbc, 268 QIOR = 0xeb, 269 QIOR4 = 0xec, 270 271 PP = 0x02, 272 PP4 = 0x12, 273 DPP = 0xa2, 274 QPP = 0x32, 275 276 ERASE_4K = 0x20, 277 ERASE4_4K = 0x21, 278 ERASE_32K = 0x52, 279 ERASE_SECTOR = 0xd8, 280 ERASE4_SECTOR = 0xdc, 281 282 EN_4BYTE_ADDR = 0xB7, 283 EX_4BYTE_ADDR = 0xE9, 284 285 EXTEND_ADDR_READ = 0xC8, 286 EXTEND_ADDR_WRITE = 0xC5, 287 288 RESET_ENABLE = 0x66, 289 RESET_MEMORY = 0x99, 290 291 RNVCR = 0xB5, 292 WNVCR = 0xB1, 293 294 RVCR = 0x85, 295 WVCR = 0x81, 296 297 REVCR = 0x65, 298 WEVCR = 0x61, 299 } FlashCMD; 300 301 typedef enum { 302 STATE_IDLE, 303 STATE_PAGE_PROGRAM, 304 STATE_READ, 305 STATE_COLLECTING_DATA, 306 STATE_READING_DATA, 307 } CMDState; 308 309 typedef struct Flash { 310 SSISlave parent_obj; 311 312 BlockBackend *blk; 313 314 uint8_t *storage; 315 uint32_t size; 316 int page_size; 317 318 uint8_t state; 319 uint8_t data[16]; 320 uint32_t len; 321 uint32_t pos; 322 uint8_t needed_bytes; 323 uint8_t cmd_in_progress; 324 uint64_t cur_addr; 325 uint32_t nonvolatile_cfg; 326 uint32_t volatile_cfg; 327 uint32_t enh_volatile_cfg; 328 bool write_enable; 329 bool four_bytes_address_mode; 330 bool reset_enable; 331 uint8_t ear; 332 333 int64_t dirty_page; 334 335 const FlashPartInfo *pi; 336 337 } Flash; 338 339 typedef struct M25P80Class { 340 SSISlaveClass parent_class; 341 FlashPartInfo *pi; 342 } M25P80Class; 343 344 #define TYPE_M25P80 "m25p80-generic" 345 #define M25P80(obj) \ 346 OBJECT_CHECK(Flash, (obj), TYPE_M25P80) 347 #define M25P80_CLASS(klass) \ 348 OBJECT_CLASS_CHECK(M25P80Class, (klass), TYPE_M25P80) 349 #define M25P80_GET_CLASS(obj) \ 350 OBJECT_GET_CLASS(M25P80Class, (obj), TYPE_M25P80) 351 352 static void blk_sync_complete(void *opaque, int ret) 353 { 354 /* do nothing. Masters do not directly interact with the backing store, 355 * only the working copy so no mutexing required. 356 */ 357 } 358 359 static void flash_sync_page(Flash *s, int page) 360 { 361 int blk_sector, nb_sectors; 362 QEMUIOVector iov; 363 364 if (!s->blk || blk_is_read_only(s->blk)) { 365 return; 366 } 367 368 blk_sector = (page * s->pi->page_size) / BDRV_SECTOR_SIZE; 369 nb_sectors = DIV_ROUND_UP(s->pi->page_size, BDRV_SECTOR_SIZE); 370 qemu_iovec_init(&iov, 1); 371 qemu_iovec_add(&iov, s->storage + blk_sector * BDRV_SECTOR_SIZE, 372 nb_sectors * BDRV_SECTOR_SIZE); 373 blk_aio_writev(s->blk, blk_sector, &iov, nb_sectors, blk_sync_complete, 374 NULL); 375 } 376 377 static inline void flash_sync_area(Flash *s, int64_t off, int64_t len) 378 { 379 int64_t start, end, nb_sectors; 380 QEMUIOVector iov; 381 382 if (!s->blk || blk_is_read_only(s->blk)) { 383 return; 384 } 385 386 assert(!(len % BDRV_SECTOR_SIZE)); 387 start = off / BDRV_SECTOR_SIZE; 388 end = (off + len) / BDRV_SECTOR_SIZE; 389 nb_sectors = end - start; 390 qemu_iovec_init(&iov, 1); 391 qemu_iovec_add(&iov, s->storage + (start * BDRV_SECTOR_SIZE), 392 nb_sectors * BDRV_SECTOR_SIZE); 393 blk_aio_writev(s->blk, start, &iov, nb_sectors, blk_sync_complete, NULL); 394 } 395 396 static void flash_erase(Flash *s, int offset, FlashCMD cmd) 397 { 398 uint32_t len; 399 uint8_t capa_to_assert = 0; 400 401 switch (cmd) { 402 case ERASE_4K: 403 case ERASE4_4K: 404 len = 4 << 10; 405 capa_to_assert = ER_4K; 406 break; 407 case ERASE_32K: 408 len = 32 << 10; 409 capa_to_assert = ER_32K; 410 break; 411 case ERASE_SECTOR: 412 case ERASE4_SECTOR: 413 len = s->pi->sector_size; 414 break; 415 case BULK_ERASE: 416 len = s->size; 417 break; 418 default: 419 abort(); 420 } 421 422 DB_PRINT_L(0, "offset = %#x, len = %d\n", offset, len); 423 if ((s->pi->flags & capa_to_assert) != capa_to_assert) { 424 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: %d erase size not supported by" 425 " device\n", len); 426 } 427 428 if (!s->write_enable) { 429 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: erase with write protect!\n"); 430 return; 431 } 432 memset(s->storage + offset, 0xff, len); 433 flash_sync_area(s, offset, len); 434 } 435 436 static inline void flash_sync_dirty(Flash *s, int64_t newpage) 437 { 438 if (s->dirty_page >= 0 && s->dirty_page != newpage) { 439 flash_sync_page(s, s->dirty_page); 440 s->dirty_page = newpage; 441 } 442 } 443 444 static inline 445 void flash_write8(Flash *s, uint64_t addr, uint8_t data) 446 { 447 int64_t page = addr / s->pi->page_size; 448 uint8_t prev = s->storage[s->cur_addr]; 449 450 if (!s->write_enable) { 451 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: write with write protect!\n"); 452 } 453 454 if ((prev ^ data) & data) { 455 DB_PRINT_L(1, "programming zero to one! addr=%" PRIx64 " %" PRIx8 456 " -> %" PRIx8 "\n", addr, prev, data); 457 } 458 459 if (s->pi->flags & EEPROM) { 460 s->storage[s->cur_addr] = data; 461 } else { 462 s->storage[s->cur_addr] &= data; 463 } 464 465 flash_sync_dirty(s, page); 466 s->dirty_page = page; 467 } 468 469 static inline int get_addr_length(Flash *s) 470 { 471 /* check if eeprom is in use */ 472 if (s->pi->flags == EEPROM) { 473 return 2; 474 } 475 476 switch (s->cmd_in_progress) { 477 case PP4: 478 case READ4: 479 case QIOR4: 480 case ERASE4_4K: 481 case ERASE4_SECTOR: 482 case FAST_READ4: 483 case DOR4: 484 case QOR4: 485 case DIOR4: 486 return 4; 487 default: 488 return s->four_bytes_address_mode ? 4 : 3; 489 } 490 } 491 492 static void complete_collecting_data(Flash *s) 493 { 494 int i; 495 496 s->cur_addr = 0; 497 498 for (i = 0; i < get_addr_length(s); ++i) { 499 s->cur_addr <<= 8; 500 s->cur_addr |= s->data[i]; 501 } 502 503 if (get_addr_length(s) == 3) { 504 s->cur_addr += (s->ear & 0x3) * MAX_3BYTES_SIZE; 505 } 506 507 s->state = STATE_IDLE; 508 509 switch (s->cmd_in_progress) { 510 case DPP: 511 case QPP: 512 case PP: 513 case PP4: 514 s->state = STATE_PAGE_PROGRAM; 515 break; 516 case READ: 517 case READ4: 518 case FAST_READ: 519 case FAST_READ4: 520 case DOR: 521 case DOR4: 522 case QOR: 523 case QOR4: 524 case DIOR: 525 case DIOR4: 526 case QIOR: 527 case QIOR4: 528 s->state = STATE_READ; 529 break; 530 case ERASE_4K: 531 case ERASE4_4K: 532 case ERASE_32K: 533 case ERASE_SECTOR: 534 case ERASE4_SECTOR: 535 flash_erase(s, s->cur_addr, s->cmd_in_progress); 536 break; 537 case WRSR: 538 if (s->write_enable) { 539 s->write_enable = false; 540 } 541 break; 542 case EXTEND_ADDR_WRITE: 543 s->ear = s->data[0]; 544 break; 545 case WNVCR: 546 s->nonvolatile_cfg = s->data[0] | (s->data[1] << 8); 547 break; 548 case WVCR: 549 s->volatile_cfg = s->data[0]; 550 break; 551 case WEVCR: 552 s->enh_volatile_cfg = s->data[0]; 553 break; 554 default: 555 break; 556 } 557 } 558 559 static void reset_memory(Flash *s) 560 { 561 s->cmd_in_progress = NOP; 562 s->cur_addr = 0; 563 s->ear = 0; 564 s->four_bytes_address_mode = false; 565 s->len = 0; 566 s->needed_bytes = 0; 567 s->pos = 0; 568 s->state = STATE_IDLE; 569 s->write_enable = false; 570 s->reset_enable = false; 571 572 if (((s->pi->jedec >> 16) & 0xFF) == JEDEC_NUMONYX) { 573 s->volatile_cfg = 0; 574 s->volatile_cfg |= VCFG_DUMMY; 575 s->volatile_cfg |= VCFG_WRAP_SEQUENTIAL; 576 if ((s->nonvolatile_cfg & NVCFG_XIP_MODE_MASK) 577 != NVCFG_XIP_MODE_DISABLED) { 578 s->volatile_cfg |= VCFG_XIP_MODE_ENABLED; 579 } 580 s->volatile_cfg |= deposit32(s->volatile_cfg, 581 VCFG_DUMMY_CLK_POS, 582 CFG_DUMMY_CLK_LEN, 583 extract32(s->nonvolatile_cfg, 584 NVCFG_DUMMY_CLK_POS, 585 CFG_DUMMY_CLK_LEN) 586 ); 587 588 s->enh_volatile_cfg = 0; 589 s->enh_volatile_cfg |= EVCFG_OUT_DRIVER_STRENGHT_DEF; 590 s->enh_volatile_cfg |= EVCFG_VPP_ACCELERATOR; 591 s->enh_volatile_cfg |= EVCFG_RESET_HOLD_ENABLED; 592 if (s->nonvolatile_cfg & NVCFG_DUAL_IO_MASK) { 593 s->enh_volatile_cfg |= EVCFG_DUAL_IO_ENABLED; 594 } 595 if (s->nonvolatile_cfg & NVCFG_QUAD_IO_MASK) { 596 s->enh_volatile_cfg |= EVCFG_QUAD_IO_ENABLED; 597 } 598 if (!(s->nonvolatile_cfg & NVCFG_4BYTE_ADDR_MASK)) { 599 s->four_bytes_address_mode = true; 600 } 601 if (!(s->nonvolatile_cfg & NVCFG_LOWER_SEGMENT_MASK)) { 602 s->ear = CFG_UPPER_128MB_SEG_ENABLED; 603 } 604 } 605 606 DB_PRINT_L(0, "Reset done.\n"); 607 } 608 609 static void decode_new_cmd(Flash *s, uint32_t value) 610 { 611 s->cmd_in_progress = value; 612 DB_PRINT_L(0, "decoded new command:%x\n", value); 613 614 if (value != RESET_MEMORY) { 615 s->reset_enable = false; 616 } 617 618 switch (value) { 619 620 case ERASE_4K: 621 case ERASE4_4K: 622 case ERASE_32K: 623 case ERASE_SECTOR: 624 case ERASE4_SECTOR: 625 case READ: 626 case READ4: 627 case DPP: 628 case QPP: 629 case PP: 630 case PP4: 631 s->needed_bytes = get_addr_length(s); 632 s->pos = 0; 633 s->len = 0; 634 s->state = STATE_COLLECTING_DATA; 635 break; 636 637 case FAST_READ: 638 case FAST_READ4: 639 case DOR: 640 case DOR4: 641 case QOR: 642 case QOR4: 643 s->needed_bytes = get_addr_length(s); 644 if (((s->pi->jedec >> 16) & 0xFF) == JEDEC_NUMONYX) { 645 /* Dummy cycles modeled with bytes writes instead of bits */ 646 s->needed_bytes += extract32(s->volatile_cfg, 4, 4); 647 } 648 s->pos = 0; 649 s->len = 0; 650 s->state = STATE_COLLECTING_DATA; 651 break; 652 653 case DIOR: 654 case DIOR4: 655 switch ((s->pi->jedec >> 16) & 0xFF) { 656 case JEDEC_WINBOND: 657 case JEDEC_SPANSION: 658 s->needed_bytes = 4; 659 break; 660 default: 661 s->needed_bytes = get_addr_length(s); 662 /* Dummy cycles modeled with bytes writes instead of bits */ 663 s->needed_bytes += extract32(s->volatile_cfg, 4, 4); 664 } 665 s->pos = 0; 666 s->len = 0; 667 s->state = STATE_COLLECTING_DATA; 668 break; 669 670 case QIOR: 671 case QIOR4: 672 switch ((s->pi->jedec >> 16) & 0xFF) { 673 case JEDEC_WINBOND: 674 case JEDEC_SPANSION: 675 s->needed_bytes = 6; 676 break; 677 default: 678 s->needed_bytes = get_addr_length(s); 679 /* Dummy cycles modeled with bytes writes instead of bits */ 680 s->needed_bytes += extract32(s->volatile_cfg, 4, 4); 681 } 682 s->pos = 0; 683 s->len = 0; 684 s->state = STATE_COLLECTING_DATA; 685 break; 686 687 case WRSR: 688 if (s->write_enable) { 689 s->needed_bytes = 1; 690 s->pos = 0; 691 s->len = 0; 692 s->state = STATE_COLLECTING_DATA; 693 } 694 break; 695 696 case WRDI: 697 s->write_enable = false; 698 break; 699 case WREN: 700 s->write_enable = true; 701 break; 702 703 case RDSR: 704 s->data[0] = (!!s->write_enable) << 1; 705 s->pos = 0; 706 s->len = 1; 707 s->state = STATE_READING_DATA; 708 break; 709 710 case READ_FSR: 711 s->data[0] = FSR_FLASH_READY; 712 if (s->four_bytes_address_mode) { 713 s->data[0] |= FSR_4BYTE_ADDR_MODE_ENABLED; 714 } 715 s->pos = 0; 716 s->len = 1; 717 s->state = STATE_READING_DATA; 718 break; 719 720 case JEDEC_READ: 721 DB_PRINT_L(0, "populated jedec code\n"); 722 s->data[0] = (s->pi->jedec >> 16) & 0xff; 723 s->data[1] = (s->pi->jedec >> 8) & 0xff; 724 s->data[2] = s->pi->jedec & 0xff; 725 if (s->pi->ext_jedec) { 726 s->data[3] = (s->pi->ext_jedec >> 8) & 0xff; 727 s->data[4] = s->pi->ext_jedec & 0xff; 728 s->len = 5; 729 } else { 730 s->len = 3; 731 } 732 s->pos = 0; 733 s->state = STATE_READING_DATA; 734 break; 735 736 case BULK_ERASE: 737 if (s->write_enable) { 738 DB_PRINT_L(0, "chip erase\n"); 739 flash_erase(s, 0, BULK_ERASE); 740 } else { 741 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: chip erase with write " 742 "protect!\n"); 743 } 744 break; 745 case NOP: 746 break; 747 case EN_4BYTE_ADDR: 748 s->four_bytes_address_mode = true; 749 break; 750 case EX_4BYTE_ADDR: 751 s->four_bytes_address_mode = false; 752 break; 753 case EXTEND_ADDR_READ: 754 s->data[0] = s->ear; 755 s->pos = 0; 756 s->len = 1; 757 s->state = STATE_READING_DATA; 758 break; 759 case EXTEND_ADDR_WRITE: 760 if (s->write_enable) { 761 s->needed_bytes = 1; 762 s->pos = 0; 763 s->len = 0; 764 s->state = STATE_COLLECTING_DATA; 765 } 766 break; 767 case RNVCR: 768 s->data[0] = s->nonvolatile_cfg & 0xFF; 769 s->data[1] = (s->nonvolatile_cfg >> 8) & 0xFF; 770 s->pos = 0; 771 s->len = 2; 772 s->state = STATE_READING_DATA; 773 break; 774 case WNVCR: 775 if (s->write_enable) { 776 s->needed_bytes = 2; 777 s->pos = 0; 778 s->len = 0; 779 s->state = STATE_COLLECTING_DATA; 780 } 781 break; 782 case RVCR: 783 s->data[0] = s->volatile_cfg & 0xFF; 784 s->pos = 0; 785 s->len = 1; 786 s->state = STATE_READING_DATA; 787 break; 788 case WVCR: 789 if (s->write_enable) { 790 s->needed_bytes = 1; 791 s->pos = 0; 792 s->len = 0; 793 s->state = STATE_COLLECTING_DATA; 794 } 795 break; 796 case REVCR: 797 s->data[0] = s->enh_volatile_cfg & 0xFF; 798 s->pos = 0; 799 s->len = 1; 800 s->state = STATE_READING_DATA; 801 break; 802 case WEVCR: 803 if (s->write_enable) { 804 s->needed_bytes = 1; 805 s->pos = 0; 806 s->len = 0; 807 s->state = STATE_COLLECTING_DATA; 808 } 809 break; 810 case RESET_ENABLE: 811 s->reset_enable = true; 812 break; 813 case RESET_MEMORY: 814 if (s->reset_enable) { 815 reset_memory(s); 816 } 817 break; 818 default: 819 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value); 820 break; 821 } 822 } 823 824 static int m25p80_cs(SSISlave *ss, bool select) 825 { 826 Flash *s = M25P80(ss); 827 828 if (select) { 829 s->len = 0; 830 s->pos = 0; 831 s->state = STATE_IDLE; 832 flash_sync_dirty(s, -1); 833 } 834 835 DB_PRINT_L(0, "%sselect\n", select ? "de" : ""); 836 837 return 0; 838 } 839 840 static uint32_t m25p80_transfer8(SSISlave *ss, uint32_t tx) 841 { 842 Flash *s = M25P80(ss); 843 uint32_t r = 0; 844 845 switch (s->state) { 846 847 case STATE_PAGE_PROGRAM: 848 DB_PRINT_L(1, "page program cur_addr=%#" PRIx64 " data=%" PRIx8 "\n", 849 s->cur_addr, (uint8_t)tx); 850 flash_write8(s, s->cur_addr, (uint8_t)tx); 851 s->cur_addr++; 852 break; 853 854 case STATE_READ: 855 r = s->storage[s->cur_addr]; 856 DB_PRINT_L(1, "READ 0x%" PRIx64 "=%" PRIx8 "\n", s->cur_addr, 857 (uint8_t)r); 858 s->cur_addr = (s->cur_addr + 1) % s->size; 859 break; 860 861 case STATE_COLLECTING_DATA: 862 s->data[s->len] = (uint8_t)tx; 863 s->len++; 864 865 if (s->len == s->needed_bytes) { 866 complete_collecting_data(s); 867 } 868 break; 869 870 case STATE_READING_DATA: 871 r = s->data[s->pos]; 872 s->pos++; 873 if (s->pos == s->len) { 874 s->pos = 0; 875 s->state = STATE_IDLE; 876 } 877 break; 878 879 default: 880 case STATE_IDLE: 881 decode_new_cmd(s, (uint8_t)tx); 882 break; 883 } 884 885 return r; 886 } 887 888 static int m25p80_init(SSISlave *ss) 889 { 890 DriveInfo *dinfo; 891 Flash *s = M25P80(ss); 892 M25P80Class *mc = M25P80_GET_CLASS(s); 893 894 s->pi = mc->pi; 895 896 s->size = s->pi->sector_size * s->pi->n_sectors; 897 s->dirty_page = -1; 898 899 /* FIXME use a qdev drive property instead of drive_get_next() */ 900 dinfo = drive_get_next(IF_MTD); 901 902 if (dinfo) { 903 DB_PRINT_L(0, "Binding to IF_MTD drive\n"); 904 s->blk = blk_by_legacy_dinfo(dinfo); 905 blk_attach_dev_nofail(s->blk, s); 906 907 s->storage = blk_blockalign(s->blk, s->size); 908 909 /* FIXME: Move to late init */ 910 if (blk_read(s->blk, 0, s->storage, 911 DIV_ROUND_UP(s->size, BDRV_SECTOR_SIZE))) { 912 fprintf(stderr, "Failed to initialize SPI flash!\n"); 913 return 1; 914 } 915 } else { 916 DB_PRINT_L(0, "No BDRV - binding to RAM\n"); 917 s->storage = blk_blockalign(NULL, s->size); 918 memset(s->storage, 0xFF, s->size); 919 } 920 921 return 0; 922 } 923 924 static void m25p80_reset(DeviceState *d) 925 { 926 Flash *s = M25P80(d); 927 928 reset_memory(s); 929 } 930 931 static void m25p80_pre_save(void *opaque) 932 { 933 flash_sync_dirty((Flash *)opaque, -1); 934 } 935 936 static Property m25p80_properties[] = { 937 DEFINE_PROP_UINT32("nonvolatile-cfg", Flash, nonvolatile_cfg, 0x8FFF), 938 DEFINE_PROP_END_OF_LIST(), 939 }; 940 941 static const VMStateDescription vmstate_m25p80 = { 942 .name = "xilinx_spi", 943 .version_id = 2, 944 .minimum_version_id = 1, 945 .pre_save = m25p80_pre_save, 946 .fields = (VMStateField[]) { 947 VMSTATE_UINT8(state, Flash), 948 VMSTATE_UINT8_ARRAY(data, Flash, 16), 949 VMSTATE_UINT32(len, Flash), 950 VMSTATE_UINT32(pos, Flash), 951 VMSTATE_UINT8(needed_bytes, Flash), 952 VMSTATE_UINT8(cmd_in_progress, Flash), 953 VMSTATE_UINT64(cur_addr, Flash), 954 VMSTATE_BOOL(write_enable, Flash), 955 VMSTATE_BOOL_V(reset_enable, Flash, 2), 956 VMSTATE_UINT8_V(ear, Flash, 2), 957 VMSTATE_BOOL_V(four_bytes_address_mode, Flash, 2), 958 VMSTATE_UINT32_V(nonvolatile_cfg, Flash, 2), 959 VMSTATE_UINT32_V(volatile_cfg, Flash, 2), 960 VMSTATE_UINT32_V(enh_volatile_cfg, Flash, 2), 961 VMSTATE_END_OF_LIST() 962 } 963 }; 964 965 static void m25p80_class_init(ObjectClass *klass, void *data) 966 { 967 DeviceClass *dc = DEVICE_CLASS(klass); 968 SSISlaveClass *k = SSI_SLAVE_CLASS(klass); 969 M25P80Class *mc = M25P80_CLASS(klass); 970 971 k->init = m25p80_init; 972 k->transfer = m25p80_transfer8; 973 k->set_cs = m25p80_cs; 974 k->cs_polarity = SSI_CS_LOW; 975 dc->vmsd = &vmstate_m25p80; 976 dc->props = m25p80_properties; 977 dc->reset = m25p80_reset; 978 mc->pi = data; 979 } 980 981 static const TypeInfo m25p80_info = { 982 .name = TYPE_M25P80, 983 .parent = TYPE_SSI_SLAVE, 984 .instance_size = sizeof(Flash), 985 .class_size = sizeof(M25P80Class), 986 .abstract = true, 987 }; 988 989 static void m25p80_register_types(void) 990 { 991 int i; 992 993 type_register_static(&m25p80_info); 994 for (i = 0; i < ARRAY_SIZE(known_devices); ++i) { 995 TypeInfo ti = { 996 .name = known_devices[i].part_name, 997 .parent = TYPE_M25P80, 998 .class_init = m25p80_class_init, 999 .class_data = (void *)&known_devices[i], 1000 }; 1001 type_register(&ti); 1002 } 1003 } 1004 1005 type_init(m25p80_register_types) 1006