xref: /openbmc/qemu/hw/block/nand.c (revision 6683d7bc)
1 /*
2  * Flash NAND memory emulation.  Based on "16M x 8 Bit NAND Flash
3  * Memory" datasheet for the KM29U128AT / K9F2808U0A chips from
4  * Samsung Electronic.
5  *
6  * Copyright (c) 2006 Openedhand Ltd.
7  * Written by Andrzej Zaborowski <balrog@zabor.org>
8  *
9  * Support for additional features based on "MT29F2G16ABCWP 2Gx16"
10  * datasheet from Micron Technology and "NAND02G-B2C" datasheet
11  * from ST Microelectronics.
12  *
13  * This code is licensed under the GNU GPL v2.
14  *
15  * Contributions after 2012-01-13 are licensed under the terms of the
16  * GNU GPL, version 2 or (at your option) any later version.
17  */
18 
19 #ifndef NAND_IO
20 
21 # include "hw/hw.h"
22 # include "hw/block/flash.h"
23 # include "sysemu/blockdev.h"
24 # include "hw/sysbus.h"
25 #include "qemu/error-report.h"
26 
27 # define NAND_CMD_READ0		0x00
28 # define NAND_CMD_READ1		0x01
29 # define NAND_CMD_READ2		0x50
30 # define NAND_CMD_LPREAD2	0x30
31 # define NAND_CMD_NOSERIALREAD2	0x35
32 # define NAND_CMD_RANDOMREAD1	0x05
33 # define NAND_CMD_RANDOMREAD2	0xe0
34 # define NAND_CMD_READID	0x90
35 # define NAND_CMD_RESET		0xff
36 # define NAND_CMD_PAGEPROGRAM1	0x80
37 # define NAND_CMD_PAGEPROGRAM2	0x10
38 # define NAND_CMD_CACHEPROGRAM2	0x15
39 # define NAND_CMD_BLOCKERASE1	0x60
40 # define NAND_CMD_BLOCKERASE2	0xd0
41 # define NAND_CMD_READSTATUS	0x70
42 # define NAND_CMD_COPYBACKPRG1	0x85
43 
44 # define NAND_IOSTATUS_ERROR	(1 << 0)
45 # define NAND_IOSTATUS_PLANE0	(1 << 1)
46 # define NAND_IOSTATUS_PLANE1	(1 << 2)
47 # define NAND_IOSTATUS_PLANE2	(1 << 3)
48 # define NAND_IOSTATUS_PLANE3	(1 << 4)
49 # define NAND_IOSTATUS_READY    (1 << 6)
50 # define NAND_IOSTATUS_UNPROTCT	(1 << 7)
51 
52 # define MAX_PAGE		0x800
53 # define MAX_OOB		0x40
54 
55 typedef struct NANDFlashState NANDFlashState;
56 struct NANDFlashState {
57     SysBusDevice busdev;
58     uint8_t manf_id, chip_id;
59     uint8_t buswidth; /* in BYTES */
60     int size, pages;
61     int page_shift, oob_shift, erase_shift, addr_shift;
62     uint8_t *storage;
63     BlockDriverState *bdrv;
64     int mem_oob;
65 
66     uint8_t cle, ale, ce, wp, gnd;
67 
68     uint8_t io[MAX_PAGE + MAX_OOB + 0x400];
69     uint8_t *ioaddr;
70     int iolen;
71 
72     uint32_t cmd;
73     uint64_t addr;
74     int addrlen;
75     int status;
76     int offset;
77 
78     void (*blk_write)(NANDFlashState *s);
79     void (*blk_erase)(NANDFlashState *s);
80     void (*blk_load)(NANDFlashState *s, uint64_t addr, int offset);
81 
82     uint32_t ioaddr_vmstate;
83 };
84 
85 static void mem_and(uint8_t *dest, const uint8_t *src, size_t n)
86 {
87     /* Like memcpy() but we logical-AND the data into the destination */
88     int i;
89     for (i = 0; i < n; i++) {
90         dest[i] &= src[i];
91     }
92 }
93 
94 # define NAND_NO_AUTOINCR	0x00000001
95 # define NAND_BUSWIDTH_16	0x00000002
96 # define NAND_NO_PADDING	0x00000004
97 # define NAND_CACHEPRG		0x00000008
98 # define NAND_COPYBACK		0x00000010
99 # define NAND_IS_AND		0x00000020
100 # define NAND_4PAGE_ARRAY	0x00000040
101 # define NAND_NO_READRDY	0x00000100
102 # define NAND_SAMSUNG_LP	(NAND_NO_PADDING | NAND_COPYBACK)
103 
104 # define NAND_IO
105 
106 # define PAGE(addr)		((addr) >> ADDR_SHIFT)
107 # define PAGE_START(page)	(PAGE(page) * (PAGE_SIZE + OOB_SIZE))
108 # define PAGE_MASK		((1 << ADDR_SHIFT) - 1)
109 # define OOB_SHIFT		(PAGE_SHIFT - 5)
110 # define OOB_SIZE		(1 << OOB_SHIFT)
111 # define SECTOR(addr)		((addr) >> (9 + ADDR_SHIFT - PAGE_SHIFT))
112 # define SECTOR_OFFSET(addr)	((addr) & ((511 >> PAGE_SHIFT) << 8))
113 
114 # define PAGE_SIZE		256
115 # define PAGE_SHIFT		8
116 # define PAGE_SECTORS		1
117 # define ADDR_SHIFT		8
118 # include "nand.c"
119 # define PAGE_SIZE		512
120 # define PAGE_SHIFT		9
121 # define PAGE_SECTORS		1
122 # define ADDR_SHIFT		8
123 # include "nand.c"
124 # define PAGE_SIZE		2048
125 # define PAGE_SHIFT		11
126 # define PAGE_SECTORS		4
127 # define ADDR_SHIFT		16
128 # include "nand.c"
129 
130 /* Information based on Linux drivers/mtd/nand/nand_ids.c */
131 static const struct {
132     int size;
133     int width;
134     int page_shift;
135     int erase_shift;
136     uint32_t options;
137 } nand_flash_ids[0x100] = {
138     [0 ... 0xff] = { 0 },
139 
140     [0x6e] = { 1,	8,	8, 4, 0 },
141     [0x64] = { 2,	8,	8, 4, 0 },
142     [0x6b] = { 4,	8,	9, 4, 0 },
143     [0xe8] = { 1,	8,	8, 4, 0 },
144     [0xec] = { 1,	8,	8, 4, 0 },
145     [0xea] = { 2,	8,	8, 4, 0 },
146     [0xd5] = { 4,	8,	9, 4, 0 },
147     [0xe3] = { 4,	8,	9, 4, 0 },
148     [0xe5] = { 4,	8,	9, 4, 0 },
149     [0xd6] = { 8,	8,	9, 4, 0 },
150 
151     [0x39] = { 8,	8,	9, 4, 0 },
152     [0xe6] = { 8,	8,	9, 4, 0 },
153     [0x49] = { 8,	16,	9, 4, NAND_BUSWIDTH_16 },
154     [0x59] = { 8,	16,	9, 4, NAND_BUSWIDTH_16 },
155 
156     [0x33] = { 16,	8,	9, 5, 0 },
157     [0x73] = { 16,	8,	9, 5, 0 },
158     [0x43] = { 16,	16,	9, 5, NAND_BUSWIDTH_16 },
159     [0x53] = { 16,	16,	9, 5, NAND_BUSWIDTH_16 },
160 
161     [0x35] = { 32,	8,	9, 5, 0 },
162     [0x75] = { 32,	8,	9, 5, 0 },
163     [0x45] = { 32,	16,	9, 5, NAND_BUSWIDTH_16 },
164     [0x55] = { 32,	16,	9, 5, NAND_BUSWIDTH_16 },
165 
166     [0x36] = { 64,	8,	9, 5, 0 },
167     [0x76] = { 64,	8,	9, 5, 0 },
168     [0x46] = { 64,	16,	9, 5, NAND_BUSWIDTH_16 },
169     [0x56] = { 64,	16,	9, 5, NAND_BUSWIDTH_16 },
170 
171     [0x78] = { 128,	8,	9, 5, 0 },
172     [0x39] = { 128,	8,	9, 5, 0 },
173     [0x79] = { 128,	8,	9, 5, 0 },
174     [0x72] = { 128,	16,	9, 5, NAND_BUSWIDTH_16 },
175     [0x49] = { 128,	16,	9, 5, NAND_BUSWIDTH_16 },
176     [0x74] = { 128,	16,	9, 5, NAND_BUSWIDTH_16 },
177     [0x59] = { 128,	16,	9, 5, NAND_BUSWIDTH_16 },
178 
179     [0x71] = { 256,	8,	9, 5, 0 },
180 
181     /*
182      * These are the new chips with large page size. The pagesize and the
183      * erasesize is determined from the extended id bytes
184      */
185 # define LP_OPTIONS	(NAND_SAMSUNG_LP | NAND_NO_READRDY | NAND_NO_AUTOINCR)
186 # define LP_OPTIONS16	(LP_OPTIONS | NAND_BUSWIDTH_16)
187 
188     /* 512 Megabit */
189     [0xa2] = { 64,	8,	0, 0, LP_OPTIONS },
190     [0xf2] = { 64,	8,	0, 0, LP_OPTIONS },
191     [0xb2] = { 64,	16,	0, 0, LP_OPTIONS16 },
192     [0xc2] = { 64,	16,	0, 0, LP_OPTIONS16 },
193 
194     /* 1 Gigabit */
195     [0xa1] = { 128,	8,	0, 0, LP_OPTIONS },
196     [0xf1] = { 128,	8,	0, 0, LP_OPTIONS },
197     [0xb1] = { 128,	16,	0, 0, LP_OPTIONS16 },
198     [0xc1] = { 128,	16,	0, 0, LP_OPTIONS16 },
199 
200     /* 2 Gigabit */
201     [0xaa] = { 256,	8,	0, 0, LP_OPTIONS },
202     [0xda] = { 256,	8,	0, 0, LP_OPTIONS },
203     [0xba] = { 256,	16,	0, 0, LP_OPTIONS16 },
204     [0xca] = { 256,	16,	0, 0, LP_OPTIONS16 },
205 
206     /* 4 Gigabit */
207     [0xac] = { 512,	8,	0, 0, LP_OPTIONS },
208     [0xdc] = { 512,	8,	0, 0, LP_OPTIONS },
209     [0xbc] = { 512,	16,	0, 0, LP_OPTIONS16 },
210     [0xcc] = { 512,	16,	0, 0, LP_OPTIONS16 },
211 
212     /* 8 Gigabit */
213     [0xa3] = { 1024,	8,	0, 0, LP_OPTIONS },
214     [0xd3] = { 1024,	8,	0, 0, LP_OPTIONS },
215     [0xb3] = { 1024,	16,	0, 0, LP_OPTIONS16 },
216     [0xc3] = { 1024,	16,	0, 0, LP_OPTIONS16 },
217 
218     /* 16 Gigabit */
219     [0xa5] = { 2048,	8,	0, 0, LP_OPTIONS },
220     [0xd5] = { 2048,	8,	0, 0, LP_OPTIONS },
221     [0xb5] = { 2048,	16,	0, 0, LP_OPTIONS16 },
222     [0xc5] = { 2048,	16,	0, 0, LP_OPTIONS16 },
223 };
224 
225 static void nand_reset(DeviceState *dev)
226 {
227     NANDFlashState *s = FROM_SYSBUS(NANDFlashState, SYS_BUS_DEVICE(dev));
228     s->cmd = NAND_CMD_READ0;
229     s->addr = 0;
230     s->addrlen = 0;
231     s->iolen = 0;
232     s->offset = 0;
233     s->status &= NAND_IOSTATUS_UNPROTCT;
234     s->status |= NAND_IOSTATUS_READY;
235 }
236 
237 static inline void nand_pushio_byte(NANDFlashState *s, uint8_t value)
238 {
239     s->ioaddr[s->iolen++] = value;
240     for (value = s->buswidth; --value;) {
241         s->ioaddr[s->iolen++] = 0;
242     }
243 }
244 
245 static void nand_command(NANDFlashState *s)
246 {
247     unsigned int offset;
248     switch (s->cmd) {
249     case NAND_CMD_READ0:
250         s->iolen = 0;
251         break;
252 
253     case NAND_CMD_READID:
254         s->ioaddr = s->io;
255         s->iolen = 0;
256         nand_pushio_byte(s, s->manf_id);
257         nand_pushio_byte(s, s->chip_id);
258         nand_pushio_byte(s, 'Q'); /* Don't-care byte (often 0xa5) */
259         if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) {
260             /* Page Size, Block Size, Spare Size; bit 6 indicates
261              * 8 vs 16 bit width NAND.
262              */
263             nand_pushio_byte(s, (s->buswidth == 2) ? 0x55 : 0x15);
264         } else {
265             nand_pushio_byte(s, 0xc0); /* Multi-plane */
266         }
267         break;
268 
269     case NAND_CMD_RANDOMREAD2:
270     case NAND_CMD_NOSERIALREAD2:
271         if (!(nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP))
272             break;
273         offset = s->addr & ((1 << s->addr_shift) - 1);
274         s->blk_load(s, s->addr, offset);
275         if (s->gnd)
276             s->iolen = (1 << s->page_shift) - offset;
277         else
278             s->iolen = (1 << s->page_shift) + (1 << s->oob_shift) - offset;
279         break;
280 
281     case NAND_CMD_RESET:
282         nand_reset(&s->busdev.qdev);
283         break;
284 
285     case NAND_CMD_PAGEPROGRAM1:
286         s->ioaddr = s->io;
287         s->iolen = 0;
288         break;
289 
290     case NAND_CMD_PAGEPROGRAM2:
291         if (s->wp) {
292             s->blk_write(s);
293         }
294         break;
295 
296     case NAND_CMD_BLOCKERASE1:
297         break;
298 
299     case NAND_CMD_BLOCKERASE2:
300         s->addr &= (1ull << s->addrlen * 8) - 1;
301         if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP)
302             s->addr <<= 16;
303         else
304             s->addr <<= 8;
305 
306         if (s->wp) {
307             s->blk_erase(s);
308         }
309         break;
310 
311     case NAND_CMD_READSTATUS:
312         s->ioaddr = s->io;
313         s->iolen = 0;
314         nand_pushio_byte(s, s->status);
315         break;
316 
317     default:
318         printf("%s: Unknown NAND command 0x%02x\n", __FUNCTION__, s->cmd);
319     }
320 }
321 
322 static void nand_pre_save(void *opaque)
323 {
324     NANDFlashState *s = opaque;
325 
326     s->ioaddr_vmstate = s->ioaddr - s->io;
327 }
328 
329 static int nand_post_load(void *opaque, int version_id)
330 {
331     NANDFlashState *s = opaque;
332 
333     if (s->ioaddr_vmstate > sizeof(s->io)) {
334         return -EINVAL;
335     }
336     s->ioaddr = s->io + s->ioaddr_vmstate;
337 
338     return 0;
339 }
340 
341 static const VMStateDescription vmstate_nand = {
342     .name = "nand",
343     .version_id = 1,
344     .minimum_version_id = 1,
345     .minimum_version_id_old = 1,
346     .pre_save = nand_pre_save,
347     .post_load = nand_post_load,
348     .fields      = (VMStateField[]) {
349         VMSTATE_UINT8(cle, NANDFlashState),
350         VMSTATE_UINT8(ale, NANDFlashState),
351         VMSTATE_UINT8(ce, NANDFlashState),
352         VMSTATE_UINT8(wp, NANDFlashState),
353         VMSTATE_UINT8(gnd, NANDFlashState),
354         VMSTATE_BUFFER(io, NANDFlashState),
355         VMSTATE_UINT32(ioaddr_vmstate, NANDFlashState),
356         VMSTATE_INT32(iolen, NANDFlashState),
357         VMSTATE_UINT32(cmd, NANDFlashState),
358         VMSTATE_UINT64(addr, NANDFlashState),
359         VMSTATE_INT32(addrlen, NANDFlashState),
360         VMSTATE_INT32(status, NANDFlashState),
361         VMSTATE_INT32(offset, NANDFlashState),
362         /* XXX: do we want to save s->storage too? */
363         VMSTATE_END_OF_LIST()
364     }
365 };
366 
367 static int nand_device_init(SysBusDevice *dev)
368 {
369     int pagesize;
370     NANDFlashState *s = FROM_SYSBUS(NANDFlashState, dev);
371 
372     s->buswidth = nand_flash_ids[s->chip_id].width >> 3;
373     s->size = nand_flash_ids[s->chip_id].size << 20;
374     if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) {
375         s->page_shift = 11;
376         s->erase_shift = 6;
377     } else {
378         s->page_shift = nand_flash_ids[s->chip_id].page_shift;
379         s->erase_shift = nand_flash_ids[s->chip_id].erase_shift;
380     }
381 
382     switch (1 << s->page_shift) {
383     case 256:
384         nand_init_256(s);
385         break;
386     case 512:
387         nand_init_512(s);
388         break;
389     case 2048:
390         nand_init_2048(s);
391         break;
392     default:
393         error_report("Unsupported NAND block size");
394         return -1;
395     }
396 
397     pagesize = 1 << s->oob_shift;
398     s->mem_oob = 1;
399     if (s->bdrv) {
400         if (bdrv_is_read_only(s->bdrv)) {
401             error_report("Can't use a read-only drive");
402             return -1;
403         }
404         if (bdrv_getlength(s->bdrv) >=
405                 (s->pages << s->page_shift) + (s->pages << s->oob_shift)) {
406             pagesize = 0;
407             s->mem_oob = 0;
408         }
409     } else {
410         pagesize += 1 << s->page_shift;
411     }
412     if (pagesize) {
413         s->storage = (uint8_t *) memset(g_malloc(s->pages * pagesize),
414                         0xff, s->pages * pagesize);
415     }
416     /* Give s->ioaddr a sane value in case we save state before it is used. */
417     s->ioaddr = s->io;
418 
419     return 0;
420 }
421 
422 static Property nand_properties[] = {
423     DEFINE_PROP_UINT8("manufacturer_id", NANDFlashState, manf_id, 0),
424     DEFINE_PROP_UINT8("chip_id", NANDFlashState, chip_id, 0),
425     DEFINE_PROP_DRIVE("drive", NANDFlashState, bdrv),
426     DEFINE_PROP_END_OF_LIST(),
427 };
428 
429 static void nand_class_init(ObjectClass *klass, void *data)
430 {
431     DeviceClass *dc = DEVICE_CLASS(klass);
432     SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
433 
434     k->init = nand_device_init;
435     dc->reset = nand_reset;
436     dc->vmsd = &vmstate_nand;
437     dc->props = nand_properties;
438 }
439 
440 static const TypeInfo nand_info = {
441     .name          = "nand",
442     .parent        = TYPE_SYS_BUS_DEVICE,
443     .instance_size = sizeof(NANDFlashState),
444     .class_init    = nand_class_init,
445 };
446 
447 static void nand_register_types(void)
448 {
449     type_register_static(&nand_info);
450 }
451 
452 /*
453  * Chip inputs are CLE, ALE, CE, WP, GND and eight I/O pins.  Chip
454  * outputs are R/B and eight I/O pins.
455  *
456  * CE, WP and R/B are active low.
457  */
458 void nand_setpins(DeviceState *dev, uint8_t cle, uint8_t ale,
459                   uint8_t ce, uint8_t wp, uint8_t gnd)
460 {
461     NANDFlashState *s = (NANDFlashState *) dev;
462     s->cle = cle;
463     s->ale = ale;
464     s->ce = ce;
465     s->wp = wp;
466     s->gnd = gnd;
467     if (wp)
468         s->status |= NAND_IOSTATUS_UNPROTCT;
469     else
470         s->status &= ~NAND_IOSTATUS_UNPROTCT;
471 }
472 
473 void nand_getpins(DeviceState *dev, int *rb)
474 {
475     *rb = 1;
476 }
477 
478 void nand_setio(DeviceState *dev, uint32_t value)
479 {
480     int i;
481     NANDFlashState *s = (NANDFlashState *) dev;
482     if (!s->ce && s->cle) {
483         if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) {
484             if (s->cmd == NAND_CMD_READ0 && value == NAND_CMD_LPREAD2)
485                 return;
486             if (value == NAND_CMD_RANDOMREAD1) {
487                 s->addr &= ~((1 << s->addr_shift) - 1);
488                 s->addrlen = 0;
489                 return;
490             }
491         }
492         if (value == NAND_CMD_READ0)
493             s->offset = 0;
494 	else if (value == NAND_CMD_READ1) {
495             s->offset = 0x100;
496             value = NAND_CMD_READ0;
497         }
498 	else if (value == NAND_CMD_READ2) {
499             s->offset = 1 << s->page_shift;
500             value = NAND_CMD_READ0;
501         }
502 
503         s->cmd = value;
504 
505         if (s->cmd == NAND_CMD_READSTATUS ||
506                 s->cmd == NAND_CMD_PAGEPROGRAM2 ||
507                 s->cmd == NAND_CMD_BLOCKERASE1 ||
508                 s->cmd == NAND_CMD_BLOCKERASE2 ||
509                 s->cmd == NAND_CMD_NOSERIALREAD2 ||
510                 s->cmd == NAND_CMD_RANDOMREAD2 ||
511                 s->cmd == NAND_CMD_RESET)
512             nand_command(s);
513 
514         if (s->cmd != NAND_CMD_RANDOMREAD2) {
515             s->addrlen = 0;
516         }
517     }
518 
519     if (s->ale) {
520         unsigned int shift = s->addrlen * 8;
521         unsigned int mask = ~(0xff << shift);
522         unsigned int v = value << shift;
523 
524         s->addr = (s->addr & mask) | v;
525         s->addrlen ++;
526 
527         switch (s->addrlen) {
528         case 1:
529             if (s->cmd == NAND_CMD_READID) {
530                 nand_command(s);
531             }
532             break;
533         case 2: /* fix cache address as a byte address */
534             s->addr <<= (s->buswidth - 1);
535             break;
536         case 3:
537             if (!(nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) &&
538                     (s->cmd == NAND_CMD_READ0 ||
539                      s->cmd == NAND_CMD_PAGEPROGRAM1)) {
540                 nand_command(s);
541             }
542             break;
543         case 4:
544             if ((nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) &&
545                     nand_flash_ids[s->chip_id].size < 256 && /* 1Gb or less */
546                     (s->cmd == NAND_CMD_READ0 ||
547                      s->cmd == NAND_CMD_PAGEPROGRAM1)) {
548                 nand_command(s);
549             }
550             break;
551         case 5:
552             if ((nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) &&
553                     nand_flash_ids[s->chip_id].size >= 256 && /* 2Gb or more */
554                     (s->cmd == NAND_CMD_READ0 ||
555                      s->cmd == NAND_CMD_PAGEPROGRAM1)) {
556                 nand_command(s);
557             }
558             break;
559         default:
560             break;
561         }
562     }
563 
564     if (!s->cle && !s->ale && s->cmd == NAND_CMD_PAGEPROGRAM1) {
565         if (s->iolen < (1 << s->page_shift) + (1 << s->oob_shift)) {
566             for (i = s->buswidth; i--; value >>= 8) {
567                 s->io[s->iolen ++] = (uint8_t) (value & 0xff);
568             }
569         }
570     } else if (!s->cle && !s->ale && s->cmd == NAND_CMD_COPYBACKPRG1) {
571         if ((s->addr & ((1 << s->addr_shift) - 1)) <
572                 (1 << s->page_shift) + (1 << s->oob_shift)) {
573             for (i = s->buswidth; i--; s->addr++, value >>= 8) {
574                 s->io[s->iolen + (s->addr & ((1 << s->addr_shift) - 1))] =
575                     (uint8_t) (value & 0xff);
576             }
577         }
578     }
579 }
580 
581 uint32_t nand_getio(DeviceState *dev)
582 {
583     int offset;
584     uint32_t x = 0;
585     NANDFlashState *s = (NANDFlashState *) dev;
586 
587     /* Allow sequential reading */
588     if (!s->iolen && s->cmd == NAND_CMD_READ0) {
589         offset = (int) (s->addr & ((1 << s->addr_shift) - 1)) + s->offset;
590         s->offset = 0;
591 
592         s->blk_load(s, s->addr, offset);
593         if (s->gnd)
594             s->iolen = (1 << s->page_shift) - offset;
595         else
596             s->iolen = (1 << s->page_shift) + (1 << s->oob_shift) - offset;
597     }
598 
599     if (s->ce || s->iolen <= 0)
600         return 0;
601 
602     for (offset = s->buswidth; offset--;) {
603         x |= s->ioaddr[offset] << (offset << 3);
604     }
605     /* after receiving READ STATUS command all subsequent reads will
606      * return the status register value until another command is issued
607      */
608     if (s->cmd != NAND_CMD_READSTATUS) {
609         s->addr   += s->buswidth;
610         s->ioaddr += s->buswidth;
611         s->iolen  -= s->buswidth;
612     }
613     return x;
614 }
615 
616 uint32_t nand_getbuswidth(DeviceState *dev)
617 {
618     NANDFlashState *s = (NANDFlashState *) dev;
619     return s->buswidth << 3;
620 }
621 
622 DeviceState *nand_init(BlockDriverState *bdrv, int manf_id, int chip_id)
623 {
624     DeviceState *dev;
625 
626     if (nand_flash_ids[chip_id].size == 0) {
627         hw_error("%s: Unsupported NAND chip ID.\n", __FUNCTION__);
628     }
629     dev = qdev_create(NULL, "nand");
630     qdev_prop_set_uint8(dev, "manufacturer_id", manf_id);
631     qdev_prop_set_uint8(dev, "chip_id", chip_id);
632     if (bdrv) {
633         qdev_prop_set_drive_nofail(dev, "drive", bdrv);
634     }
635 
636     qdev_init_nofail(dev);
637     return dev;
638 }
639 
640 type_init(nand_register_types)
641 
642 #else
643 
644 /* Program a single page */
645 static void glue(nand_blk_write_, PAGE_SIZE)(NANDFlashState *s)
646 {
647     uint64_t off, page, sector, soff;
648     uint8_t iobuf[(PAGE_SECTORS + 2) * 0x200];
649     if (PAGE(s->addr) >= s->pages)
650         return;
651 
652     if (!s->bdrv) {
653         mem_and(s->storage + PAGE_START(s->addr) + (s->addr & PAGE_MASK) +
654                         s->offset, s->io, s->iolen);
655     } else if (s->mem_oob) {
656         sector = SECTOR(s->addr);
657         off = (s->addr & PAGE_MASK) + s->offset;
658         soff = SECTOR_OFFSET(s->addr);
659         if (bdrv_read(s->bdrv, sector, iobuf, PAGE_SECTORS) < 0) {
660             printf("%s: read error in sector %" PRIu64 "\n", __func__, sector);
661             return;
662         }
663 
664         mem_and(iobuf + (soff | off), s->io, MIN(s->iolen, PAGE_SIZE - off));
665         if (off + s->iolen > PAGE_SIZE) {
666             page = PAGE(s->addr);
667             mem_and(s->storage + (page << OOB_SHIFT), s->io + PAGE_SIZE - off,
668                             MIN(OOB_SIZE, off + s->iolen - PAGE_SIZE));
669         }
670 
671         if (bdrv_write(s->bdrv, sector, iobuf, PAGE_SECTORS) < 0) {
672             printf("%s: write error in sector %" PRIu64 "\n", __func__, sector);
673         }
674     } else {
675         off = PAGE_START(s->addr) + (s->addr & PAGE_MASK) + s->offset;
676         sector = off >> 9;
677         soff = off & 0x1ff;
678         if (bdrv_read(s->bdrv, sector, iobuf, PAGE_SECTORS + 2) < 0) {
679             printf("%s: read error in sector %" PRIu64 "\n", __func__, sector);
680             return;
681         }
682 
683         mem_and(iobuf + soff, s->io, s->iolen);
684 
685         if (bdrv_write(s->bdrv, sector, iobuf, PAGE_SECTORS + 2) < 0) {
686             printf("%s: write error in sector %" PRIu64 "\n", __func__, sector);
687         }
688     }
689     s->offset = 0;
690 }
691 
692 /* Erase a single block */
693 static void glue(nand_blk_erase_, PAGE_SIZE)(NANDFlashState *s)
694 {
695     uint64_t i, page, addr;
696     uint8_t iobuf[0x200] = { [0 ... 0x1ff] = 0xff, };
697     addr = s->addr & ~((1 << (ADDR_SHIFT + s->erase_shift)) - 1);
698 
699     if (PAGE(addr) >= s->pages)
700         return;
701 
702     if (!s->bdrv) {
703         memset(s->storage + PAGE_START(addr),
704                         0xff, (PAGE_SIZE + OOB_SIZE) << s->erase_shift);
705     } else if (s->mem_oob) {
706         memset(s->storage + (PAGE(addr) << OOB_SHIFT),
707                         0xff, OOB_SIZE << s->erase_shift);
708         i = SECTOR(addr);
709         page = SECTOR(addr + (ADDR_SHIFT + s->erase_shift));
710         for (; i < page; i ++)
711             if (bdrv_write(s->bdrv, i, iobuf, 1) < 0) {
712                 printf("%s: write error in sector %" PRIu64 "\n", __func__, i);
713             }
714     } else {
715         addr = PAGE_START(addr);
716         page = addr >> 9;
717         if (bdrv_read(s->bdrv, page, iobuf, 1) < 0) {
718             printf("%s: read error in sector %" PRIu64 "\n", __func__, page);
719         }
720         memset(iobuf + (addr & 0x1ff), 0xff, (~addr & 0x1ff) + 1);
721         if (bdrv_write(s->bdrv, page, iobuf, 1) < 0) {
722             printf("%s: write error in sector %" PRIu64 "\n", __func__, page);
723         }
724 
725         memset(iobuf, 0xff, 0x200);
726         i = (addr & ~0x1ff) + 0x200;
727         for (addr += ((PAGE_SIZE + OOB_SIZE) << s->erase_shift) - 0x200;
728                         i < addr; i += 0x200)
729             if (bdrv_write(s->bdrv, i >> 9, iobuf, 1) < 0) {
730                 printf("%s: write error in sector %" PRIu64 "\n",
731                        __func__, i >> 9);
732             }
733 
734         page = i >> 9;
735         if (bdrv_read(s->bdrv, page, iobuf, 1) < 0) {
736             printf("%s: read error in sector %" PRIu64 "\n", __func__, page);
737         }
738         memset(iobuf, 0xff, ((addr - 1) & 0x1ff) + 1);
739         if (bdrv_write(s->bdrv, page, iobuf, 1) < 0) {
740             printf("%s: write error in sector %" PRIu64 "\n", __func__, page);
741         }
742     }
743 }
744 
745 static void glue(nand_blk_load_, PAGE_SIZE)(NANDFlashState *s,
746                 uint64_t addr, int offset)
747 {
748     if (PAGE(addr) >= s->pages)
749         return;
750 
751     if (s->bdrv) {
752         if (s->mem_oob) {
753             if (bdrv_read(s->bdrv, SECTOR(addr), s->io, PAGE_SECTORS) < 0) {
754                 printf("%s: read error in sector %" PRIu64 "\n",
755                                 __func__, SECTOR(addr));
756             }
757             memcpy(s->io + SECTOR_OFFSET(s->addr) + PAGE_SIZE,
758                             s->storage + (PAGE(s->addr) << OOB_SHIFT),
759                             OOB_SIZE);
760             s->ioaddr = s->io + SECTOR_OFFSET(s->addr) + offset;
761         } else {
762             if (bdrv_read(s->bdrv, PAGE_START(addr) >> 9,
763                                     s->io, (PAGE_SECTORS + 2)) < 0) {
764                 printf("%s: read error in sector %" PRIu64 "\n",
765                                 __func__, PAGE_START(addr) >> 9);
766             }
767             s->ioaddr = s->io + (PAGE_START(addr) & 0x1ff) + offset;
768         }
769     } else {
770         memcpy(s->io, s->storage + PAGE_START(s->addr) +
771                         offset, PAGE_SIZE + OOB_SIZE - offset);
772         s->ioaddr = s->io;
773     }
774 }
775 
776 static void glue(nand_init_, PAGE_SIZE)(NANDFlashState *s)
777 {
778     s->oob_shift = PAGE_SHIFT - 5;
779     s->pages = s->size >> PAGE_SHIFT;
780     s->addr_shift = ADDR_SHIFT;
781 
782     s->blk_erase = glue(nand_blk_erase_, PAGE_SIZE);
783     s->blk_write = glue(nand_blk_write_, PAGE_SIZE);
784     s->blk_load = glue(nand_blk_load_, PAGE_SIZE);
785 }
786 
787 # undef PAGE_SIZE
788 # undef PAGE_SHIFT
789 # undef PAGE_SECTORS
790 # undef ADDR_SHIFT
791 #endif	/* NAND_IO */
792