xref: /openbmc/qemu/hw/block/nand.c (revision 354908ce)
1 /*
2  * Flash NAND memory emulation.  Based on "16M x 8 Bit NAND Flash
3  * Memory" datasheet for the KM29U128AT / K9F2808U0A chips from
4  * Samsung Electronic.
5  *
6  * Copyright (c) 2006 Openedhand Ltd.
7  * Written by Andrzej Zaborowski <balrog@zabor.org>
8  *
9  * Support for additional features based on "MT29F2G16ABCWP 2Gx16"
10  * datasheet from Micron Technology and "NAND02G-B2C" datasheet
11  * from ST Microelectronics.
12  *
13  * This code is licensed under the GNU GPL v2.
14  *
15  * Contributions after 2012-01-13 are licensed under the terms of the
16  * GNU GPL, version 2 or (at your option) any later version.
17  */
18 
19 #ifndef NAND_IO
20 
21 #include "qemu/osdep.h"
22 #include "hw/hw.h"
23 #include "hw/qdev-properties.h"
24 #include "hw/block/flash.h"
25 #include "sysemu/block-backend.h"
26 #include "migration/vmstate.h"
27 #include "qapi/error.h"
28 #include "qemu/error-report.h"
29 #include "qemu/module.h"
30 
31 # define NAND_CMD_READ0		0x00
32 # define NAND_CMD_READ1		0x01
33 # define NAND_CMD_READ2		0x50
34 # define NAND_CMD_LPREAD2	0x30
35 # define NAND_CMD_NOSERIALREAD2	0x35
36 # define NAND_CMD_RANDOMREAD1	0x05
37 # define NAND_CMD_RANDOMREAD2	0xe0
38 # define NAND_CMD_READID	0x90
39 # define NAND_CMD_RESET		0xff
40 # define NAND_CMD_PAGEPROGRAM1	0x80
41 # define NAND_CMD_PAGEPROGRAM2	0x10
42 # define NAND_CMD_CACHEPROGRAM2	0x15
43 # define NAND_CMD_BLOCKERASE1	0x60
44 # define NAND_CMD_BLOCKERASE2	0xd0
45 # define NAND_CMD_READSTATUS	0x70
46 # define NAND_CMD_COPYBACKPRG1	0x85
47 
48 # define NAND_IOSTATUS_ERROR	(1 << 0)
49 # define NAND_IOSTATUS_PLANE0	(1 << 1)
50 # define NAND_IOSTATUS_PLANE1	(1 << 2)
51 # define NAND_IOSTATUS_PLANE2	(1 << 3)
52 # define NAND_IOSTATUS_PLANE3	(1 << 4)
53 # define NAND_IOSTATUS_READY    (1 << 6)
54 # define NAND_IOSTATUS_UNPROTCT	(1 << 7)
55 
56 # define MAX_PAGE		0x800
57 # define MAX_OOB		0x40
58 
59 typedef struct NANDFlashState NANDFlashState;
60 struct NANDFlashState {
61     DeviceState parent_obj;
62 
63     uint8_t manf_id, chip_id;
64     uint8_t buswidth; /* in BYTES */
65     int size, pages;
66     int page_shift, oob_shift, erase_shift, addr_shift;
67     uint8_t *storage;
68     BlockBackend *blk;
69     int mem_oob;
70 
71     uint8_t cle, ale, ce, wp, gnd;
72 
73     uint8_t io[MAX_PAGE + MAX_OOB + 0x400];
74     uint8_t *ioaddr;
75     int iolen;
76 
77     uint32_t cmd;
78     uint64_t addr;
79     int addrlen;
80     int status;
81     int offset;
82 
83     void (*blk_write)(NANDFlashState *s);
84     void (*blk_erase)(NANDFlashState *s);
85     void (*blk_load)(NANDFlashState *s, uint64_t addr, int offset);
86 
87     uint32_t ioaddr_vmstate;
88 };
89 
90 #define TYPE_NAND "nand"
91 
92 #define NAND(obj) \
93     OBJECT_CHECK(NANDFlashState, (obj), TYPE_NAND)
94 
95 static void mem_and(uint8_t *dest, const uint8_t *src, size_t n)
96 {
97     /* Like memcpy() but we logical-AND the data into the destination */
98     int i;
99     for (i = 0; i < n; i++) {
100         dest[i] &= src[i];
101     }
102 }
103 
104 # define NAND_NO_AUTOINCR	0x00000001
105 # define NAND_BUSWIDTH_16	0x00000002
106 # define NAND_NO_PADDING	0x00000004
107 # define NAND_CACHEPRG		0x00000008
108 # define NAND_COPYBACK		0x00000010
109 # define NAND_IS_AND		0x00000020
110 # define NAND_4PAGE_ARRAY	0x00000040
111 # define NAND_NO_READRDY	0x00000100
112 # define NAND_SAMSUNG_LP	(NAND_NO_PADDING | NAND_COPYBACK)
113 
114 # define NAND_IO
115 
116 # define PAGE(addr)		((addr) >> ADDR_SHIFT)
117 # define PAGE_START(page)	(PAGE(page) * (PAGE_SIZE + OOB_SIZE))
118 # define PAGE_MASK		((1 << ADDR_SHIFT) - 1)
119 # define OOB_SHIFT		(PAGE_SHIFT - 5)
120 # define OOB_SIZE		(1 << OOB_SHIFT)
121 # define SECTOR(addr)		((addr) >> (9 + ADDR_SHIFT - PAGE_SHIFT))
122 # define SECTOR_OFFSET(addr)	((addr) & ((511 >> PAGE_SHIFT) << 8))
123 
124 # define PAGE_SIZE		256
125 # define PAGE_SHIFT		8
126 # define PAGE_SECTORS		1
127 # define ADDR_SHIFT		8
128 # include "nand.c"
129 # define PAGE_SIZE		512
130 # define PAGE_SHIFT		9
131 # define PAGE_SECTORS		1
132 # define ADDR_SHIFT		8
133 # include "nand.c"
134 # define PAGE_SIZE		2048
135 # define PAGE_SHIFT		11
136 # define PAGE_SECTORS		4
137 # define ADDR_SHIFT		16
138 # include "nand.c"
139 
140 /* Information based on Linux drivers/mtd/nand/nand_ids.c */
141 static const struct {
142     int size;
143     int width;
144     int page_shift;
145     int erase_shift;
146     uint32_t options;
147 } nand_flash_ids[0x100] = {
148     [0 ... 0xff] = { 0 },
149 
150     [0x6e] = { 1,	8,	8, 4, 0 },
151     [0x64] = { 2,	8,	8, 4, 0 },
152     [0x6b] = { 4,	8,	9, 4, 0 },
153     [0xe8] = { 1,	8,	8, 4, 0 },
154     [0xec] = { 1,	8,	8, 4, 0 },
155     [0xea] = { 2,	8,	8, 4, 0 },
156     [0xd5] = { 4,	8,	9, 4, 0 },
157     [0xe3] = { 4,	8,	9, 4, 0 },
158     [0xe5] = { 4,	8,	9, 4, 0 },
159     [0xd6] = { 8,	8,	9, 4, 0 },
160 
161     [0x39] = { 8,	8,	9, 4, 0 },
162     [0xe6] = { 8,	8,	9, 4, 0 },
163     [0x49] = { 8,	16,	9, 4, NAND_BUSWIDTH_16 },
164     [0x59] = { 8,	16,	9, 4, NAND_BUSWIDTH_16 },
165 
166     [0x33] = { 16,	8,	9, 5, 0 },
167     [0x73] = { 16,	8,	9, 5, 0 },
168     [0x43] = { 16,	16,	9, 5, NAND_BUSWIDTH_16 },
169     [0x53] = { 16,	16,	9, 5, NAND_BUSWIDTH_16 },
170 
171     [0x35] = { 32,	8,	9, 5, 0 },
172     [0x75] = { 32,	8,	9, 5, 0 },
173     [0x45] = { 32,	16,	9, 5, NAND_BUSWIDTH_16 },
174     [0x55] = { 32,	16,	9, 5, NAND_BUSWIDTH_16 },
175 
176     [0x36] = { 64,	8,	9, 5, 0 },
177     [0x76] = { 64,	8,	9, 5, 0 },
178     [0x46] = { 64,	16,	9, 5, NAND_BUSWIDTH_16 },
179     [0x56] = { 64,	16,	9, 5, NAND_BUSWIDTH_16 },
180 
181     [0x78] = { 128,	8,	9, 5, 0 },
182     [0x39] = { 128,	8,	9, 5, 0 },
183     [0x79] = { 128,	8,	9, 5, 0 },
184     [0x72] = { 128,	16,	9, 5, NAND_BUSWIDTH_16 },
185     [0x49] = { 128,	16,	9, 5, NAND_BUSWIDTH_16 },
186     [0x74] = { 128,	16,	9, 5, NAND_BUSWIDTH_16 },
187     [0x59] = { 128,	16,	9, 5, NAND_BUSWIDTH_16 },
188 
189     [0x71] = { 256,	8,	9, 5, 0 },
190 
191     /*
192      * These are the new chips with large page size. The pagesize and the
193      * erasesize is determined from the extended id bytes
194      */
195 # define LP_OPTIONS	(NAND_SAMSUNG_LP | NAND_NO_READRDY | NAND_NO_AUTOINCR)
196 # define LP_OPTIONS16	(LP_OPTIONS | NAND_BUSWIDTH_16)
197 
198     /* 512 Megabit */
199     [0xa2] = { 64,	8,	0, 0, LP_OPTIONS },
200     [0xf2] = { 64,	8,	0, 0, LP_OPTIONS },
201     [0xb2] = { 64,	16,	0, 0, LP_OPTIONS16 },
202     [0xc2] = { 64,	16,	0, 0, LP_OPTIONS16 },
203 
204     /* 1 Gigabit */
205     [0xa1] = { 128,	8,	0, 0, LP_OPTIONS },
206     [0xf1] = { 128,	8,	0, 0, LP_OPTIONS },
207     [0xb1] = { 128,	16,	0, 0, LP_OPTIONS16 },
208     [0xc1] = { 128,	16,	0, 0, LP_OPTIONS16 },
209 
210     /* 2 Gigabit */
211     [0xaa] = { 256,	8,	0, 0, LP_OPTIONS },
212     [0xda] = { 256,	8,	0, 0, LP_OPTIONS },
213     [0xba] = { 256,	16,	0, 0, LP_OPTIONS16 },
214     [0xca] = { 256,	16,	0, 0, LP_OPTIONS16 },
215 
216     /* 4 Gigabit */
217     [0xac] = { 512,	8,	0, 0, LP_OPTIONS },
218     [0xdc] = { 512,	8,	0, 0, LP_OPTIONS },
219     [0xbc] = { 512,	16,	0, 0, LP_OPTIONS16 },
220     [0xcc] = { 512,	16,	0, 0, LP_OPTIONS16 },
221 
222     /* 8 Gigabit */
223     [0xa3] = { 1024,	8,	0, 0, LP_OPTIONS },
224     [0xd3] = { 1024,	8,	0, 0, LP_OPTIONS },
225     [0xb3] = { 1024,	16,	0, 0, LP_OPTIONS16 },
226     [0xc3] = { 1024,	16,	0, 0, LP_OPTIONS16 },
227 
228     /* 16 Gigabit */
229     [0xa5] = { 2048,	8,	0, 0, LP_OPTIONS },
230     [0xd5] = { 2048,	8,	0, 0, LP_OPTIONS },
231     [0xb5] = { 2048,	16,	0, 0, LP_OPTIONS16 },
232     [0xc5] = { 2048,	16,	0, 0, LP_OPTIONS16 },
233 };
234 
235 static void nand_reset(DeviceState *dev)
236 {
237     NANDFlashState *s = NAND(dev);
238     s->cmd = NAND_CMD_READ0;
239     s->addr = 0;
240     s->addrlen = 0;
241     s->iolen = 0;
242     s->offset = 0;
243     s->status &= NAND_IOSTATUS_UNPROTCT;
244     s->status |= NAND_IOSTATUS_READY;
245 }
246 
247 static inline void nand_pushio_byte(NANDFlashState *s, uint8_t value)
248 {
249     s->ioaddr[s->iolen++] = value;
250     for (value = s->buswidth; --value;) {
251         s->ioaddr[s->iolen++] = 0;
252     }
253 }
254 
255 static void nand_command(NANDFlashState *s)
256 {
257     unsigned int offset;
258     switch (s->cmd) {
259     case NAND_CMD_READ0:
260         s->iolen = 0;
261         break;
262 
263     case NAND_CMD_READID:
264         s->ioaddr = s->io;
265         s->iolen = 0;
266         nand_pushio_byte(s, s->manf_id);
267         nand_pushio_byte(s, s->chip_id);
268         nand_pushio_byte(s, 'Q'); /* Don't-care byte (often 0xa5) */
269         if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) {
270             /* Page Size, Block Size, Spare Size; bit 6 indicates
271              * 8 vs 16 bit width NAND.
272              */
273             nand_pushio_byte(s, (s->buswidth == 2) ? 0x55 : 0x15);
274         } else {
275             nand_pushio_byte(s, 0xc0); /* Multi-plane */
276         }
277         break;
278 
279     case NAND_CMD_RANDOMREAD2:
280     case NAND_CMD_NOSERIALREAD2:
281         if (!(nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP))
282             break;
283         offset = s->addr & ((1 << s->addr_shift) - 1);
284         s->blk_load(s, s->addr, offset);
285         if (s->gnd)
286             s->iolen = (1 << s->page_shift) - offset;
287         else
288             s->iolen = (1 << s->page_shift) + (1 << s->oob_shift) - offset;
289         break;
290 
291     case NAND_CMD_RESET:
292         nand_reset(DEVICE(s));
293         break;
294 
295     case NAND_CMD_PAGEPROGRAM1:
296         s->ioaddr = s->io;
297         s->iolen = 0;
298         break;
299 
300     case NAND_CMD_PAGEPROGRAM2:
301         if (s->wp) {
302             s->blk_write(s);
303         }
304         break;
305 
306     case NAND_CMD_BLOCKERASE1:
307         break;
308 
309     case NAND_CMD_BLOCKERASE2:
310         s->addr &= (1ull << s->addrlen * 8) - 1;
311         s->addr <<= nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP ?
312                                                                     16 : 8;
313 
314         if (s->wp) {
315             s->blk_erase(s);
316         }
317         break;
318 
319     case NAND_CMD_READSTATUS:
320         s->ioaddr = s->io;
321         s->iolen = 0;
322         nand_pushio_byte(s, s->status);
323         break;
324 
325     default:
326         printf("%s: Unknown NAND command 0x%02x\n", __func__, s->cmd);
327     }
328 }
329 
330 static int nand_pre_save(void *opaque)
331 {
332     NANDFlashState *s = NAND(opaque);
333 
334     s->ioaddr_vmstate = s->ioaddr - s->io;
335 
336     return 0;
337 }
338 
339 static int nand_post_load(void *opaque, int version_id)
340 {
341     NANDFlashState *s = NAND(opaque);
342 
343     if (s->ioaddr_vmstate > sizeof(s->io)) {
344         return -EINVAL;
345     }
346     s->ioaddr = s->io + s->ioaddr_vmstate;
347 
348     return 0;
349 }
350 
351 static const VMStateDescription vmstate_nand = {
352     .name = "nand",
353     .version_id = 1,
354     .minimum_version_id = 1,
355     .pre_save = nand_pre_save,
356     .post_load = nand_post_load,
357     .fields = (VMStateField[]) {
358         VMSTATE_UINT8(cle, NANDFlashState),
359         VMSTATE_UINT8(ale, NANDFlashState),
360         VMSTATE_UINT8(ce, NANDFlashState),
361         VMSTATE_UINT8(wp, NANDFlashState),
362         VMSTATE_UINT8(gnd, NANDFlashState),
363         VMSTATE_BUFFER(io, NANDFlashState),
364         VMSTATE_UINT32(ioaddr_vmstate, NANDFlashState),
365         VMSTATE_INT32(iolen, NANDFlashState),
366         VMSTATE_UINT32(cmd, NANDFlashState),
367         VMSTATE_UINT64(addr, NANDFlashState),
368         VMSTATE_INT32(addrlen, NANDFlashState),
369         VMSTATE_INT32(status, NANDFlashState),
370         VMSTATE_INT32(offset, NANDFlashState),
371         /* XXX: do we want to save s->storage too? */
372         VMSTATE_END_OF_LIST()
373     }
374 };
375 
376 static void nand_realize(DeviceState *dev, Error **errp)
377 {
378     int pagesize;
379     NANDFlashState *s = NAND(dev);
380     int ret;
381 
382 
383     s->buswidth = nand_flash_ids[s->chip_id].width >> 3;
384     s->size = nand_flash_ids[s->chip_id].size << 20;
385     if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) {
386         s->page_shift = 11;
387         s->erase_shift = 6;
388     } else {
389         s->page_shift = nand_flash_ids[s->chip_id].page_shift;
390         s->erase_shift = nand_flash_ids[s->chip_id].erase_shift;
391     }
392 
393     switch (1 << s->page_shift) {
394     case 256:
395         nand_init_256(s);
396         break;
397     case 512:
398         nand_init_512(s);
399         break;
400     case 2048:
401         nand_init_2048(s);
402         break;
403     default:
404         error_setg(errp, "Unsupported NAND block size %#x",
405                    1 << s->page_shift);
406         return;
407     }
408 
409     pagesize = 1 << s->oob_shift;
410     s->mem_oob = 1;
411     if (s->blk) {
412         if (blk_is_read_only(s->blk)) {
413             error_setg(errp, "Can't use a read-only drive");
414             return;
415         }
416         ret = blk_set_perm(s->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
417                            BLK_PERM_ALL, errp);
418         if (ret < 0) {
419             return;
420         }
421         if (blk_getlength(s->blk) >=
422                 (s->pages << s->page_shift) + (s->pages << s->oob_shift)) {
423             pagesize = 0;
424             s->mem_oob = 0;
425         }
426     } else {
427         pagesize += 1 << s->page_shift;
428     }
429     if (pagesize) {
430         s->storage = (uint8_t *) memset(g_malloc(s->pages * pagesize),
431                         0xff, s->pages * pagesize);
432     }
433     /* Give s->ioaddr a sane value in case we save state before it is used. */
434     s->ioaddr = s->io;
435 }
436 
437 static Property nand_properties[] = {
438     DEFINE_PROP_UINT8("manufacturer_id", NANDFlashState, manf_id, 0),
439     DEFINE_PROP_UINT8("chip_id", NANDFlashState, chip_id, 0),
440     DEFINE_PROP_DRIVE("drive", NANDFlashState, blk),
441     DEFINE_PROP_END_OF_LIST(),
442 };
443 
444 static void nand_class_init(ObjectClass *klass, void *data)
445 {
446     DeviceClass *dc = DEVICE_CLASS(klass);
447 
448     dc->realize = nand_realize;
449     dc->reset = nand_reset;
450     dc->vmsd = &vmstate_nand;
451     device_class_set_props(dc, nand_properties);
452 }
453 
454 static const TypeInfo nand_info = {
455     .name          = TYPE_NAND,
456     .parent        = TYPE_DEVICE,
457     .instance_size = sizeof(NANDFlashState),
458     .class_init    = nand_class_init,
459 };
460 
461 static void nand_register_types(void)
462 {
463     type_register_static(&nand_info);
464 }
465 
466 /*
467  * Chip inputs are CLE, ALE, CE, WP, GND and eight I/O pins.  Chip
468  * outputs are R/B and eight I/O pins.
469  *
470  * CE, WP and R/B are active low.
471  */
472 void nand_setpins(DeviceState *dev, uint8_t cle, uint8_t ale,
473                   uint8_t ce, uint8_t wp, uint8_t gnd)
474 {
475     NANDFlashState *s = NAND(dev);
476 
477     s->cle = cle;
478     s->ale = ale;
479     s->ce = ce;
480     s->wp = wp;
481     s->gnd = gnd;
482     if (wp) {
483         s->status |= NAND_IOSTATUS_UNPROTCT;
484     } else {
485         s->status &= ~NAND_IOSTATUS_UNPROTCT;
486     }
487 }
488 
489 void nand_getpins(DeviceState *dev, int *rb)
490 {
491     *rb = 1;
492 }
493 
494 void nand_setio(DeviceState *dev, uint32_t value)
495 {
496     int i;
497     NANDFlashState *s = NAND(dev);
498 
499     if (!s->ce && s->cle) {
500         if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) {
501             if (s->cmd == NAND_CMD_READ0 && value == NAND_CMD_LPREAD2)
502                 return;
503             if (value == NAND_CMD_RANDOMREAD1) {
504                 s->addr &= ~((1 << s->addr_shift) - 1);
505                 s->addrlen = 0;
506                 return;
507             }
508         }
509         if (value == NAND_CMD_READ0) {
510             s->offset = 0;
511         } else if (value == NAND_CMD_READ1) {
512             s->offset = 0x100;
513             value = NAND_CMD_READ0;
514         } else if (value == NAND_CMD_READ2) {
515             s->offset = 1 << s->page_shift;
516             value = NAND_CMD_READ0;
517         }
518 
519         s->cmd = value;
520 
521         if (s->cmd == NAND_CMD_READSTATUS ||
522                 s->cmd == NAND_CMD_PAGEPROGRAM2 ||
523                 s->cmd == NAND_CMD_BLOCKERASE1 ||
524                 s->cmd == NAND_CMD_BLOCKERASE2 ||
525                 s->cmd == NAND_CMD_NOSERIALREAD2 ||
526                 s->cmd == NAND_CMD_RANDOMREAD2 ||
527                 s->cmd == NAND_CMD_RESET) {
528             nand_command(s);
529         }
530 
531         if (s->cmd != NAND_CMD_RANDOMREAD2) {
532             s->addrlen = 0;
533         }
534     }
535 
536     if (s->ale) {
537         unsigned int shift = s->addrlen * 8;
538         uint64_t mask = ~(0xffull << shift);
539         uint64_t v = (uint64_t)value << shift;
540 
541         s->addr = (s->addr & mask) | v;
542         s->addrlen ++;
543 
544         switch (s->addrlen) {
545         case 1:
546             if (s->cmd == NAND_CMD_READID) {
547                 nand_command(s);
548             }
549             break;
550         case 2: /* fix cache address as a byte address */
551             s->addr <<= (s->buswidth - 1);
552             break;
553         case 3:
554             if (!(nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) &&
555                     (s->cmd == NAND_CMD_READ0 ||
556                      s->cmd == NAND_CMD_PAGEPROGRAM1)) {
557                 nand_command(s);
558             }
559             break;
560         case 4:
561             if ((nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) &&
562                     nand_flash_ids[s->chip_id].size < 256 && /* 1Gb or less */
563                     (s->cmd == NAND_CMD_READ0 ||
564                      s->cmd == NAND_CMD_PAGEPROGRAM1)) {
565                 nand_command(s);
566             }
567             break;
568         case 5:
569             if ((nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) &&
570                     nand_flash_ids[s->chip_id].size >= 256 && /* 2Gb or more */
571                     (s->cmd == NAND_CMD_READ0 ||
572                      s->cmd == NAND_CMD_PAGEPROGRAM1)) {
573                 nand_command(s);
574             }
575             break;
576         default:
577             break;
578         }
579     }
580 
581     if (!s->cle && !s->ale && s->cmd == NAND_CMD_PAGEPROGRAM1) {
582         if (s->iolen < (1 << s->page_shift) + (1 << s->oob_shift)) {
583             for (i = s->buswidth; i--; value >>= 8) {
584                 s->io[s->iolen ++] = (uint8_t) (value & 0xff);
585             }
586         }
587     } else if (!s->cle && !s->ale && s->cmd == NAND_CMD_COPYBACKPRG1) {
588         if ((s->addr & ((1 << s->addr_shift) - 1)) <
589                 (1 << s->page_shift) + (1 << s->oob_shift)) {
590             for (i = s->buswidth; i--; s->addr++, value >>= 8) {
591                 s->io[s->iolen + (s->addr & ((1 << s->addr_shift) - 1))] =
592                     (uint8_t) (value & 0xff);
593             }
594         }
595     }
596 }
597 
598 uint32_t nand_getio(DeviceState *dev)
599 {
600     int offset;
601     uint32_t x = 0;
602     NANDFlashState *s = NAND(dev);
603 
604     /* Allow sequential reading */
605     if (!s->iolen && s->cmd == NAND_CMD_READ0) {
606         offset = (int) (s->addr & ((1 << s->addr_shift) - 1)) + s->offset;
607         s->offset = 0;
608 
609         s->blk_load(s, s->addr, offset);
610         if (s->gnd)
611             s->iolen = (1 << s->page_shift) - offset;
612         else
613             s->iolen = (1 << s->page_shift) + (1 << s->oob_shift) - offset;
614     }
615 
616     if (s->ce || s->iolen <= 0) {
617         return 0;
618     }
619 
620     for (offset = s->buswidth; offset--;) {
621         x |= s->ioaddr[offset] << (offset << 3);
622     }
623     /* after receiving READ STATUS command all subsequent reads will
624      * return the status register value until another command is issued
625      */
626     if (s->cmd != NAND_CMD_READSTATUS) {
627         s->addr   += s->buswidth;
628         s->ioaddr += s->buswidth;
629         s->iolen  -= s->buswidth;
630     }
631     return x;
632 }
633 
634 uint32_t nand_getbuswidth(DeviceState *dev)
635 {
636     NANDFlashState *s = (NANDFlashState *) dev;
637     return s->buswidth << 3;
638 }
639 
640 DeviceState *nand_init(BlockBackend *blk, int manf_id, int chip_id)
641 {
642     DeviceState *dev;
643 
644     if (nand_flash_ids[chip_id].size == 0) {
645         hw_error("%s: Unsupported NAND chip ID.\n", __func__);
646     }
647     dev = qdev_new(TYPE_NAND);
648     qdev_prop_set_uint8(dev, "manufacturer_id", manf_id);
649     qdev_prop_set_uint8(dev, "chip_id", chip_id);
650     if (blk) {
651         qdev_prop_set_drive(dev, "drive", blk, &error_fatal);
652     }
653 
654     qdev_realize(dev, NULL, &error_fatal);
655     return dev;
656 }
657 
658 type_init(nand_register_types)
659 
660 #else
661 
662 /* Program a single page */
663 static void glue(nand_blk_write_, PAGE_SIZE)(NANDFlashState *s)
664 {
665     uint64_t off, page, sector, soff;
666     uint8_t iobuf[(PAGE_SECTORS + 2) * 0x200];
667     if (PAGE(s->addr) >= s->pages)
668         return;
669 
670     if (!s->blk) {
671         mem_and(s->storage + PAGE_START(s->addr) + (s->addr & PAGE_MASK) +
672                         s->offset, s->io, s->iolen);
673     } else if (s->mem_oob) {
674         sector = SECTOR(s->addr);
675         off = (s->addr & PAGE_MASK) + s->offset;
676         soff = SECTOR_OFFSET(s->addr);
677         if (blk_pread(s->blk, sector << BDRV_SECTOR_BITS, iobuf,
678                       PAGE_SECTORS << BDRV_SECTOR_BITS) < 0) {
679             printf("%s: read error in sector %" PRIu64 "\n", __func__, sector);
680             return;
681         }
682 
683         mem_and(iobuf + (soff | off), s->io, MIN(s->iolen, PAGE_SIZE - off));
684         if (off + s->iolen > PAGE_SIZE) {
685             page = PAGE(s->addr);
686             mem_and(s->storage + (page << OOB_SHIFT), s->io + PAGE_SIZE - off,
687                             MIN(OOB_SIZE, off + s->iolen - PAGE_SIZE));
688         }
689 
690         if (blk_pwrite(s->blk, sector << BDRV_SECTOR_BITS, iobuf,
691                        PAGE_SECTORS << BDRV_SECTOR_BITS, 0) < 0) {
692             printf("%s: write error in sector %" PRIu64 "\n", __func__, sector);
693         }
694     } else {
695         off = PAGE_START(s->addr) + (s->addr & PAGE_MASK) + s->offset;
696         sector = off >> 9;
697         soff = off & 0x1ff;
698         if (blk_pread(s->blk, sector << BDRV_SECTOR_BITS, iobuf,
699                       (PAGE_SECTORS + 2) << BDRV_SECTOR_BITS) < 0) {
700             printf("%s: read error in sector %" PRIu64 "\n", __func__, sector);
701             return;
702         }
703 
704         mem_and(iobuf + soff, s->io, s->iolen);
705 
706         if (blk_pwrite(s->blk, sector << BDRV_SECTOR_BITS, iobuf,
707                        (PAGE_SECTORS + 2) << BDRV_SECTOR_BITS, 0) < 0) {
708             printf("%s: write error in sector %" PRIu64 "\n", __func__, sector);
709         }
710     }
711     s->offset = 0;
712 }
713 
714 /* Erase a single block */
715 static void glue(nand_blk_erase_, PAGE_SIZE)(NANDFlashState *s)
716 {
717     uint64_t i, page, addr;
718     uint8_t iobuf[0x200] = { [0 ... 0x1ff] = 0xff, };
719     addr = s->addr & ~((1 << (ADDR_SHIFT + s->erase_shift)) - 1);
720 
721     if (PAGE(addr) >= s->pages) {
722         return;
723     }
724 
725     if (!s->blk) {
726         memset(s->storage + PAGE_START(addr),
727                         0xff, (PAGE_SIZE + OOB_SIZE) << s->erase_shift);
728     } else if (s->mem_oob) {
729         memset(s->storage + (PAGE(addr) << OOB_SHIFT),
730                         0xff, OOB_SIZE << s->erase_shift);
731         i = SECTOR(addr);
732         page = SECTOR(addr + (1 << (ADDR_SHIFT + s->erase_shift)));
733         for (; i < page; i ++)
734             if (blk_pwrite(s->blk, i << BDRV_SECTOR_BITS, iobuf,
735                            BDRV_SECTOR_SIZE, 0) < 0) {
736                 printf("%s: write error in sector %" PRIu64 "\n", __func__, i);
737             }
738     } else {
739         addr = PAGE_START(addr);
740         page = addr >> 9;
741         if (blk_pread(s->blk, page << BDRV_SECTOR_BITS, iobuf,
742                       BDRV_SECTOR_SIZE) < 0) {
743             printf("%s: read error in sector %" PRIu64 "\n", __func__, page);
744         }
745         memset(iobuf + (addr & 0x1ff), 0xff, (~addr & 0x1ff) + 1);
746         if (blk_pwrite(s->blk, page << BDRV_SECTOR_BITS, iobuf,
747                        BDRV_SECTOR_SIZE, 0) < 0) {
748             printf("%s: write error in sector %" PRIu64 "\n", __func__, page);
749         }
750 
751         memset(iobuf, 0xff, 0x200);
752         i = (addr & ~0x1ff) + 0x200;
753         for (addr += ((PAGE_SIZE + OOB_SIZE) << s->erase_shift) - 0x200;
754                         i < addr; i += 0x200) {
755             if (blk_pwrite(s->blk, i, iobuf, BDRV_SECTOR_SIZE, 0) < 0) {
756                 printf("%s: write error in sector %" PRIu64 "\n",
757                        __func__, i >> 9);
758             }
759         }
760 
761         page = i >> 9;
762         if (blk_pread(s->blk, page << BDRV_SECTOR_BITS, iobuf,
763                       BDRV_SECTOR_SIZE) < 0) {
764             printf("%s: read error in sector %" PRIu64 "\n", __func__, page);
765         }
766         memset(iobuf, 0xff, ((addr - 1) & 0x1ff) + 1);
767         if (blk_pwrite(s->blk, page << BDRV_SECTOR_BITS, iobuf,
768                        BDRV_SECTOR_SIZE, 0) < 0) {
769             printf("%s: write error in sector %" PRIu64 "\n", __func__, page);
770         }
771     }
772 }
773 
774 static void glue(nand_blk_load_, PAGE_SIZE)(NANDFlashState *s,
775                 uint64_t addr, int offset)
776 {
777     if (PAGE(addr) >= s->pages) {
778         return;
779     }
780 
781     if (s->blk) {
782         if (s->mem_oob) {
783             if (blk_pread(s->blk, SECTOR(addr) << BDRV_SECTOR_BITS, s->io,
784                           PAGE_SECTORS << BDRV_SECTOR_BITS) < 0) {
785                 printf("%s: read error in sector %" PRIu64 "\n",
786                                 __func__, SECTOR(addr));
787             }
788             memcpy(s->io + SECTOR_OFFSET(s->addr) + PAGE_SIZE,
789                             s->storage + (PAGE(s->addr) << OOB_SHIFT),
790                             OOB_SIZE);
791             s->ioaddr = s->io + SECTOR_OFFSET(s->addr) + offset;
792         } else {
793             if (blk_pread(s->blk, PAGE_START(addr), s->io,
794                           (PAGE_SECTORS + 2) << BDRV_SECTOR_BITS) < 0) {
795                 printf("%s: read error in sector %" PRIu64 "\n",
796                                 __func__, PAGE_START(addr) >> 9);
797             }
798             s->ioaddr = s->io + (PAGE_START(addr) & 0x1ff) + offset;
799         }
800     } else {
801         memcpy(s->io, s->storage + PAGE_START(s->addr) +
802                         offset, PAGE_SIZE + OOB_SIZE - offset);
803         s->ioaddr = s->io;
804     }
805 }
806 
807 static void glue(nand_init_, PAGE_SIZE)(NANDFlashState *s)
808 {
809     s->oob_shift = PAGE_SHIFT - 5;
810     s->pages = s->size >> PAGE_SHIFT;
811     s->addr_shift = ADDR_SHIFT;
812 
813     s->blk_erase = glue(nand_blk_erase_, PAGE_SIZE);
814     s->blk_write = glue(nand_blk_write_, PAGE_SIZE);
815     s->blk_load = glue(nand_blk_load_, PAGE_SIZE);
816 }
817 
818 # undef PAGE_SIZE
819 # undef PAGE_SHIFT
820 # undef PAGE_SECTORS
821 # undef ADDR_SHIFT
822 #endif	/* NAND_IO */
823