1 /* 2 * OneNAND flash memories emulation. 3 * 4 * Copyright (C) 2008 Nokia Corporation 5 * Written by Andrzej Zaborowski <andrew@openedhand.com> 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License as 9 * published by the Free Software Foundation; either version 2 or 10 * (at your option) version 3 of the License. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License along 18 * with this program; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 #include "qemu/osdep.h" 22 #include "qapi/error.h" 23 #include "hw/hw.h" 24 #include "hw/block/flash.h" 25 #include "hw/irq.h" 26 #include "hw/qdev-properties.h" 27 #include "sysemu/block-backend.h" 28 #include "exec/memory.h" 29 #include "hw/sysbus.h" 30 #include "migration/vmstate.h" 31 #include "qemu/error-report.h" 32 #include "qemu/log.h" 33 #include "qemu/module.h" 34 35 /* 11 for 2kB-page OneNAND ("2nd generation") and 10 for 1kB-page chips */ 36 #define PAGE_SHIFT 11 37 38 /* Fixed */ 39 #define BLOCK_SHIFT (PAGE_SHIFT + 6) 40 41 #define TYPE_ONE_NAND "onenand" 42 #define ONE_NAND(obj) OBJECT_CHECK(OneNANDState, (obj), TYPE_ONE_NAND) 43 44 typedef struct OneNANDState { 45 SysBusDevice parent_obj; 46 47 struct { 48 uint16_t man; 49 uint16_t dev; 50 uint16_t ver; 51 } id; 52 int shift; 53 hwaddr base; 54 qemu_irq intr; 55 qemu_irq rdy; 56 BlockBackend *blk; 57 BlockBackend *blk_cur; 58 uint8_t *image; 59 uint8_t *otp; 60 uint8_t *current; 61 MemoryRegion ram; 62 MemoryRegion mapped_ram; 63 uint8_t current_direction; 64 uint8_t *boot[2]; 65 uint8_t *data[2][2]; 66 MemoryRegion iomem; 67 MemoryRegion container; 68 int cycle; 69 int otpmode; 70 71 uint16_t addr[8]; 72 uint16_t unladdr[8]; 73 int bufaddr; 74 int count; 75 uint16_t command; 76 uint16_t config[2]; 77 uint16_t status; 78 uint16_t intstatus; 79 uint16_t wpstatus; 80 81 ECCState ecc; 82 83 int density_mask; 84 int secs; 85 int secs_cur; 86 int blocks; 87 uint8_t *blockwp; 88 } OneNANDState; 89 90 enum { 91 ONEN_BUF_BLOCK = 0, 92 ONEN_BUF_BLOCK2 = 1, 93 ONEN_BUF_DEST_BLOCK = 2, 94 ONEN_BUF_DEST_PAGE = 3, 95 ONEN_BUF_PAGE = 7, 96 }; 97 98 enum { 99 ONEN_ERR_CMD = 1 << 10, 100 ONEN_ERR_ERASE = 1 << 11, 101 ONEN_ERR_PROG = 1 << 12, 102 ONEN_ERR_LOAD = 1 << 13, 103 }; 104 105 enum { 106 ONEN_INT_RESET = 1 << 4, 107 ONEN_INT_ERASE = 1 << 5, 108 ONEN_INT_PROG = 1 << 6, 109 ONEN_INT_LOAD = 1 << 7, 110 ONEN_INT = 1 << 15, 111 }; 112 113 enum { 114 ONEN_LOCK_LOCKTIGHTEN = 1 << 0, 115 ONEN_LOCK_LOCKED = 1 << 1, 116 ONEN_LOCK_UNLOCKED = 1 << 2, 117 }; 118 119 static void onenand_mem_setup(OneNANDState *s) 120 { 121 /* XXX: We should use IO_MEM_ROMD but we broke it earlier... 122 * Both 0x0000 ... 0x01ff and 0x8000 ... 0x800f can be used to 123 * write boot commands. Also take note of the BWPS bit. */ 124 memory_region_init(&s->container, OBJECT(s), "onenand", 125 0x10000 << s->shift); 126 memory_region_add_subregion(&s->container, 0, &s->iomem); 127 memory_region_init_alias(&s->mapped_ram, OBJECT(s), "onenand-mapped-ram", 128 &s->ram, 0x0200 << s->shift, 129 0xbe00 << s->shift); 130 memory_region_add_subregion_overlap(&s->container, 131 0x0200 << s->shift, 132 &s->mapped_ram, 133 1); 134 } 135 136 static void onenand_intr_update(OneNANDState *s) 137 { 138 qemu_set_irq(s->intr, ((s->intstatus >> 15) ^ (~s->config[0] >> 6)) & 1); 139 } 140 141 static int onenand_pre_save(void *opaque) 142 { 143 OneNANDState *s = opaque; 144 if (s->current == s->otp) { 145 s->current_direction = 1; 146 } else if (s->current == s->image) { 147 s->current_direction = 2; 148 } else { 149 s->current_direction = 0; 150 } 151 152 return 0; 153 } 154 155 static int onenand_post_load(void *opaque, int version_id) 156 { 157 OneNANDState *s = opaque; 158 switch (s->current_direction) { 159 case 0: 160 break; 161 case 1: 162 s->current = s->otp; 163 break; 164 case 2: 165 s->current = s->image; 166 break; 167 default: 168 return -1; 169 } 170 onenand_intr_update(s); 171 return 0; 172 } 173 174 static const VMStateDescription vmstate_onenand = { 175 .name = "onenand", 176 .version_id = 1, 177 .minimum_version_id = 1, 178 .pre_save = onenand_pre_save, 179 .post_load = onenand_post_load, 180 .fields = (VMStateField[]) { 181 VMSTATE_UINT8(current_direction, OneNANDState), 182 VMSTATE_INT32(cycle, OneNANDState), 183 VMSTATE_INT32(otpmode, OneNANDState), 184 VMSTATE_UINT16_ARRAY(addr, OneNANDState, 8), 185 VMSTATE_UINT16_ARRAY(unladdr, OneNANDState, 8), 186 VMSTATE_INT32(bufaddr, OneNANDState), 187 VMSTATE_INT32(count, OneNANDState), 188 VMSTATE_UINT16(command, OneNANDState), 189 VMSTATE_UINT16_ARRAY(config, OneNANDState, 2), 190 VMSTATE_UINT16(status, OneNANDState), 191 VMSTATE_UINT16(intstatus, OneNANDState), 192 VMSTATE_UINT16(wpstatus, OneNANDState), 193 VMSTATE_INT32(secs_cur, OneNANDState), 194 VMSTATE_PARTIAL_VBUFFER(blockwp, OneNANDState, blocks), 195 VMSTATE_UINT8(ecc.cp, OneNANDState), 196 VMSTATE_UINT16_ARRAY(ecc.lp, OneNANDState, 2), 197 VMSTATE_UINT16(ecc.count, OneNANDState), 198 VMSTATE_BUFFER_POINTER_UNSAFE(otp, OneNANDState, 0, 199 ((64 + 2) << PAGE_SHIFT)), 200 VMSTATE_END_OF_LIST() 201 } 202 }; 203 204 /* Hot reset (Reset OneNAND command) or warm reset (RP pin low) */ 205 static void onenand_reset(OneNANDState *s, int cold) 206 { 207 memset(&s->addr, 0, sizeof(s->addr)); 208 s->command = 0; 209 s->count = 1; 210 s->bufaddr = 0; 211 s->config[0] = 0x40c0; 212 s->config[1] = 0x0000; 213 onenand_intr_update(s); 214 qemu_irq_raise(s->rdy); 215 s->status = 0x0000; 216 s->intstatus = cold ? 0x8080 : 0x8010; 217 s->unladdr[0] = 0; 218 s->unladdr[1] = 0; 219 s->wpstatus = 0x0002; 220 s->cycle = 0; 221 s->otpmode = 0; 222 s->blk_cur = s->blk; 223 s->current = s->image; 224 s->secs_cur = s->secs; 225 226 if (cold) { 227 /* Lock the whole flash */ 228 memset(s->blockwp, ONEN_LOCK_LOCKED, s->blocks); 229 230 if (s->blk_cur && blk_pread(s->blk_cur, 0, s->boot[0], 231 8 << BDRV_SECTOR_BITS) < 0) { 232 hw_error("%s: Loading the BootRAM failed.\n", __func__); 233 } 234 } 235 } 236 237 static void onenand_system_reset(DeviceState *dev) 238 { 239 OneNANDState *s = ONE_NAND(dev); 240 241 onenand_reset(s, 1); 242 } 243 244 static inline int onenand_load_main(OneNANDState *s, int sec, int secn, 245 void *dest) 246 { 247 assert(UINT32_MAX >> BDRV_SECTOR_BITS > sec); 248 assert(UINT32_MAX >> BDRV_SECTOR_BITS > secn); 249 if (s->blk_cur) { 250 return blk_pread(s->blk_cur, sec << BDRV_SECTOR_BITS, dest, 251 secn << BDRV_SECTOR_BITS) < 0; 252 } else if (sec + secn > s->secs_cur) { 253 return 1; 254 } 255 256 memcpy(dest, s->current + (sec << 9), secn << 9); 257 258 return 0; 259 } 260 261 static inline int onenand_prog_main(OneNANDState *s, int sec, int secn, 262 void *src) 263 { 264 int result = 0; 265 266 if (secn > 0) { 267 uint32_t size = secn << BDRV_SECTOR_BITS; 268 uint32_t offset = sec << BDRV_SECTOR_BITS; 269 assert(UINT32_MAX >> BDRV_SECTOR_BITS > sec); 270 assert(UINT32_MAX >> BDRV_SECTOR_BITS > secn); 271 const uint8_t *sp = (const uint8_t *)src; 272 uint8_t *dp = 0; 273 if (s->blk_cur) { 274 dp = g_malloc(size); 275 if (!dp || blk_pread(s->blk_cur, offset, dp, size) < 0) { 276 result = 1; 277 } 278 } else { 279 if (sec + secn > s->secs_cur) { 280 result = 1; 281 } else { 282 dp = (uint8_t *)s->current + offset; 283 } 284 } 285 if (!result) { 286 uint32_t i; 287 for (i = 0; i < size; i++) { 288 dp[i] &= sp[i]; 289 } 290 if (s->blk_cur) { 291 result = blk_pwrite(s->blk_cur, offset, dp, size, 0) < 0; 292 } 293 } 294 if (dp && s->blk_cur) { 295 g_free(dp); 296 } 297 } 298 299 return result; 300 } 301 302 static inline int onenand_load_spare(OneNANDState *s, int sec, int secn, 303 void *dest) 304 { 305 uint8_t buf[512]; 306 307 if (s->blk_cur) { 308 uint32_t offset = (s->secs_cur + (sec >> 5)) << BDRV_SECTOR_BITS; 309 if (blk_pread(s->blk_cur, offset, buf, BDRV_SECTOR_SIZE) < 0) { 310 return 1; 311 } 312 memcpy(dest, buf + ((sec & 31) << 4), secn << 4); 313 } else if (sec + secn > s->secs_cur) { 314 return 1; 315 } else { 316 memcpy(dest, s->current + (s->secs_cur << 9) + (sec << 4), secn << 4); 317 } 318 319 return 0; 320 } 321 322 static inline int onenand_prog_spare(OneNANDState *s, int sec, int secn, 323 void *src) 324 { 325 int result = 0; 326 if (secn > 0) { 327 const uint8_t *sp = (const uint8_t *)src; 328 uint8_t *dp = 0, *dpp = 0; 329 uint32_t offset = (s->secs_cur + (sec >> 5)) << BDRV_SECTOR_BITS; 330 assert(UINT32_MAX >> BDRV_SECTOR_BITS > s->secs_cur + (sec >> 5)); 331 if (s->blk_cur) { 332 dp = g_malloc(512); 333 if (!dp 334 || blk_pread(s->blk_cur, offset, dp, BDRV_SECTOR_SIZE) < 0) { 335 result = 1; 336 } else { 337 dpp = dp + ((sec & 31) << 4); 338 } 339 } else { 340 if (sec + secn > s->secs_cur) { 341 result = 1; 342 } else { 343 dpp = s->current + (s->secs_cur << 9) + (sec << 4); 344 } 345 } 346 if (!result) { 347 uint32_t i; 348 for (i = 0; i < (secn << 4); i++) { 349 dpp[i] &= sp[i]; 350 } 351 if (s->blk_cur) { 352 result = blk_pwrite(s->blk_cur, offset, dp, 353 BDRV_SECTOR_SIZE, 0) < 0; 354 } 355 } 356 g_free(dp); 357 } 358 return result; 359 } 360 361 static inline int onenand_erase(OneNANDState *s, int sec, int num) 362 { 363 uint8_t *blankbuf, *tmpbuf; 364 365 blankbuf = g_malloc(512); 366 tmpbuf = g_malloc(512); 367 memset(blankbuf, 0xff, 512); 368 for (; num > 0; num--, sec++) { 369 if (s->blk_cur) { 370 int erasesec = s->secs_cur + (sec >> 5); 371 if (blk_pwrite(s->blk_cur, sec << BDRV_SECTOR_BITS, blankbuf, 372 BDRV_SECTOR_SIZE, 0) < 0) { 373 goto fail; 374 } 375 if (blk_pread(s->blk_cur, erasesec << BDRV_SECTOR_BITS, tmpbuf, 376 BDRV_SECTOR_SIZE) < 0) { 377 goto fail; 378 } 379 memcpy(tmpbuf + ((sec & 31) << 4), blankbuf, 1 << 4); 380 if (blk_pwrite(s->blk_cur, erasesec << BDRV_SECTOR_BITS, tmpbuf, 381 BDRV_SECTOR_SIZE, 0) < 0) { 382 goto fail; 383 } 384 } else { 385 if (sec + 1 > s->secs_cur) { 386 goto fail; 387 } 388 memcpy(s->current + (sec << 9), blankbuf, 512); 389 memcpy(s->current + (s->secs_cur << 9) + (sec << 4), 390 blankbuf, 1 << 4); 391 } 392 } 393 394 g_free(tmpbuf); 395 g_free(blankbuf); 396 return 0; 397 398 fail: 399 g_free(tmpbuf); 400 g_free(blankbuf); 401 return 1; 402 } 403 404 static void onenand_command(OneNANDState *s) 405 { 406 int b; 407 int sec; 408 void *buf; 409 #define SETADDR(block, page) \ 410 sec = (s->addr[page] & 3) + \ 411 ((((s->addr[page] >> 2) & 0x3f) + \ 412 (((s->addr[block] & 0xfff) | \ 413 (s->addr[block] >> 15 ? \ 414 s->density_mask : 0)) << 6)) << (PAGE_SHIFT - 9)); 415 #define SETBUF_M() \ 416 buf = (s->bufaddr & 8) ? \ 417 s->data[(s->bufaddr >> 2) & 1][0] : s->boot[0]; \ 418 buf += (s->bufaddr & 3) << 9; 419 #define SETBUF_S() \ 420 buf = (s->bufaddr & 8) ? \ 421 s->data[(s->bufaddr >> 2) & 1][1] : s->boot[1]; \ 422 buf += (s->bufaddr & 3) << 4; 423 424 switch (s->command) { 425 case 0x00: /* Load single/multiple sector data unit into buffer */ 426 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 427 428 SETBUF_M() 429 if (onenand_load_main(s, sec, s->count, buf)) 430 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 431 432 #if 0 433 SETBUF_S() 434 if (onenand_load_spare(s, sec, s->count, buf)) 435 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 436 #endif 437 438 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 439 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 440 * then we need two split the read/write into two chunks. 441 */ 442 s->intstatus |= ONEN_INT | ONEN_INT_LOAD; 443 break; 444 case 0x13: /* Load single/multiple spare sector into buffer */ 445 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 446 447 SETBUF_S() 448 if (onenand_load_spare(s, sec, s->count, buf)) 449 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 450 451 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 452 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 453 * then we need two split the read/write into two chunks. 454 */ 455 s->intstatus |= ONEN_INT | ONEN_INT_LOAD; 456 break; 457 case 0x80: /* Program single/multiple sector data unit from buffer */ 458 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 459 460 SETBUF_M() 461 if (onenand_prog_main(s, sec, s->count, buf)) 462 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 463 464 #if 0 465 SETBUF_S() 466 if (onenand_prog_spare(s, sec, s->count, buf)) 467 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 468 #endif 469 470 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 471 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 472 * then we need two split the read/write into two chunks. 473 */ 474 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 475 break; 476 case 0x1a: /* Program single/multiple spare area sector from buffer */ 477 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 478 479 SETBUF_S() 480 if (onenand_prog_spare(s, sec, s->count, buf)) 481 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 482 483 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 484 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 485 * then we need two split the read/write into two chunks. 486 */ 487 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 488 break; 489 case 0x1b: /* Copy-back program */ 490 SETBUF_S() 491 492 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 493 if (onenand_load_main(s, sec, s->count, buf)) 494 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 495 496 SETADDR(ONEN_BUF_DEST_BLOCK, ONEN_BUF_DEST_PAGE) 497 if (onenand_prog_main(s, sec, s->count, buf)) 498 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 499 500 /* TODO: spare areas */ 501 502 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 503 break; 504 505 case 0x23: /* Unlock NAND array block(s) */ 506 s->intstatus |= ONEN_INT; 507 508 /* XXX the previous (?) area should be locked automatically */ 509 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 510 if (b >= s->blocks) { 511 s->status |= ONEN_ERR_CMD; 512 break; 513 } 514 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 515 break; 516 517 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED; 518 } 519 break; 520 case 0x27: /* Unlock All NAND array blocks */ 521 s->intstatus |= ONEN_INT; 522 523 for (b = 0; b < s->blocks; b ++) { 524 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 525 break; 526 527 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED; 528 } 529 break; 530 531 case 0x2a: /* Lock NAND array block(s) */ 532 s->intstatus |= ONEN_INT; 533 534 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 535 if (b >= s->blocks) { 536 s->status |= ONEN_ERR_CMD; 537 break; 538 } 539 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 540 break; 541 542 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKED; 543 } 544 break; 545 case 0x2c: /* Lock-tight NAND array block(s) */ 546 s->intstatus |= ONEN_INT; 547 548 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 549 if (b >= s->blocks) { 550 s->status |= ONEN_ERR_CMD; 551 break; 552 } 553 if (s->blockwp[b] == ONEN_LOCK_UNLOCKED) 554 continue; 555 556 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKTIGHTEN; 557 } 558 break; 559 560 case 0x71: /* Erase-Verify-Read */ 561 s->intstatus |= ONEN_INT; 562 break; 563 case 0x95: /* Multi-block erase */ 564 qemu_irq_pulse(s->intr); 565 /* Fall through. */ 566 case 0x94: /* Block erase */ 567 sec = ((s->addr[ONEN_BUF_BLOCK] & 0xfff) | 568 (s->addr[ONEN_BUF_BLOCK] >> 15 ? s->density_mask : 0)) 569 << (BLOCK_SHIFT - 9); 570 if (onenand_erase(s, sec, 1 << (BLOCK_SHIFT - 9))) 571 s->status |= ONEN_ERR_CMD | ONEN_ERR_ERASE; 572 573 s->intstatus |= ONEN_INT | ONEN_INT_ERASE; 574 break; 575 case 0xb0: /* Erase suspend */ 576 break; 577 case 0x30: /* Erase resume */ 578 s->intstatus |= ONEN_INT | ONEN_INT_ERASE; 579 break; 580 581 case 0xf0: /* Reset NAND Flash core */ 582 onenand_reset(s, 0); 583 break; 584 case 0xf3: /* Reset OneNAND */ 585 onenand_reset(s, 0); 586 break; 587 588 case 0x65: /* OTP Access */ 589 s->intstatus |= ONEN_INT; 590 s->blk_cur = NULL; 591 s->current = s->otp; 592 s->secs_cur = 1 << (BLOCK_SHIFT - 9); 593 s->addr[ONEN_BUF_BLOCK] = 0; 594 s->otpmode = 1; 595 break; 596 597 default: 598 s->status |= ONEN_ERR_CMD; 599 s->intstatus |= ONEN_INT; 600 qemu_log_mask(LOG_GUEST_ERROR, "unknown OneNAND command %x\n", 601 s->command); 602 } 603 604 onenand_intr_update(s); 605 } 606 607 static uint64_t onenand_read(void *opaque, hwaddr addr, 608 unsigned size) 609 { 610 OneNANDState *s = (OneNANDState *) opaque; 611 int offset = addr >> s->shift; 612 613 switch (offset) { 614 case 0x0000 ... 0xbffe: 615 return lduw_le_p(s->boot[0] + addr); 616 617 case 0xf000: /* Manufacturer ID */ 618 return s->id.man; 619 case 0xf001: /* Device ID */ 620 return s->id.dev; 621 case 0xf002: /* Version ID */ 622 return s->id.ver; 623 /* TODO: get the following values from a real chip! */ 624 case 0xf003: /* Data Buffer size */ 625 return 1 << PAGE_SHIFT; 626 case 0xf004: /* Boot Buffer size */ 627 return 0x200; 628 case 0xf005: /* Amount of buffers */ 629 return 1 | (2 << 8); 630 case 0xf006: /* Technology */ 631 return 0; 632 633 case 0xf100 ... 0xf107: /* Start addresses */ 634 return s->addr[offset - 0xf100]; 635 636 case 0xf200: /* Start buffer */ 637 return (s->bufaddr << 8) | ((s->count - 1) & (1 << (PAGE_SHIFT - 10))); 638 639 case 0xf220: /* Command */ 640 return s->command; 641 case 0xf221: /* System Configuration 1 */ 642 return s->config[0] & 0xffe0; 643 case 0xf222: /* System Configuration 2 */ 644 return s->config[1]; 645 646 case 0xf240: /* Controller Status */ 647 return s->status; 648 case 0xf241: /* Interrupt */ 649 return s->intstatus; 650 case 0xf24c: /* Unlock Start Block Address */ 651 return s->unladdr[0]; 652 case 0xf24d: /* Unlock End Block Address */ 653 return s->unladdr[1]; 654 case 0xf24e: /* Write Protection Status */ 655 return s->wpstatus; 656 657 case 0xff00: /* ECC Status */ 658 return 0x00; 659 case 0xff01: /* ECC Result of main area data */ 660 case 0xff02: /* ECC Result of spare area data */ 661 case 0xff03: /* ECC Result of main area data */ 662 case 0xff04: /* ECC Result of spare area data */ 663 qemu_log_mask(LOG_UNIMP, 664 "onenand: ECC result registers unimplemented\n"); 665 return 0x0000; 666 } 667 668 qemu_log_mask(LOG_GUEST_ERROR, "read of unknown OneNAND register 0x%x\n", 669 offset); 670 return 0; 671 } 672 673 static void onenand_write(void *opaque, hwaddr addr, 674 uint64_t value, unsigned size) 675 { 676 OneNANDState *s = (OneNANDState *) opaque; 677 int offset = addr >> s->shift; 678 int sec; 679 680 switch (offset) { 681 case 0x0000 ... 0x01ff: 682 case 0x8000 ... 0x800f: 683 if (s->cycle) { 684 s->cycle = 0; 685 686 if (value == 0x0000) { 687 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 688 onenand_load_main(s, sec, 689 1 << (PAGE_SHIFT - 9), s->data[0][0]); 690 s->addr[ONEN_BUF_PAGE] += 4; 691 s->addr[ONEN_BUF_PAGE] &= 0xff; 692 } 693 break; 694 } 695 696 switch (value) { 697 case 0x00f0: /* Reset OneNAND */ 698 onenand_reset(s, 0); 699 break; 700 701 case 0x00e0: /* Load Data into Buffer */ 702 s->cycle = 1; 703 break; 704 705 case 0x0090: /* Read Identification Data */ 706 memset(s->boot[0], 0, 3 << s->shift); 707 s->boot[0][0 << s->shift] = s->id.man & 0xff; 708 s->boot[0][1 << s->shift] = s->id.dev & 0xff; 709 s->boot[0][2 << s->shift] = s->wpstatus & 0xff; 710 break; 711 712 default: 713 qemu_log_mask(LOG_GUEST_ERROR, 714 "unknown OneNAND boot command %" PRIx64 "\n", 715 value); 716 } 717 break; 718 719 case 0xf100 ... 0xf107: /* Start addresses */ 720 s->addr[offset - 0xf100] = value; 721 break; 722 723 case 0xf200: /* Start buffer */ 724 s->bufaddr = (value >> 8) & 0xf; 725 if (PAGE_SHIFT == 11) 726 s->count = (value & 3) ?: 4; 727 else if (PAGE_SHIFT == 10) 728 s->count = (value & 1) ?: 2; 729 break; 730 731 case 0xf220: /* Command */ 732 if (s->intstatus & (1 << 15)) 733 break; 734 s->command = value; 735 onenand_command(s); 736 break; 737 case 0xf221: /* System Configuration 1 */ 738 s->config[0] = value; 739 onenand_intr_update(s); 740 qemu_set_irq(s->rdy, (s->config[0] >> 7) & 1); 741 break; 742 case 0xf222: /* System Configuration 2 */ 743 s->config[1] = value; 744 break; 745 746 case 0xf241: /* Interrupt */ 747 s->intstatus &= value; 748 if ((1 << 15) & ~s->intstatus) 749 s->status &= ~(ONEN_ERR_CMD | ONEN_ERR_ERASE | 750 ONEN_ERR_PROG | ONEN_ERR_LOAD); 751 onenand_intr_update(s); 752 break; 753 case 0xf24c: /* Unlock Start Block Address */ 754 s->unladdr[0] = value & (s->blocks - 1); 755 /* For some reason we have to set the end address to by default 756 * be same as start because the software forgets to write anything 757 * in there. */ 758 s->unladdr[1] = value & (s->blocks - 1); 759 break; 760 case 0xf24d: /* Unlock End Block Address */ 761 s->unladdr[1] = value & (s->blocks - 1); 762 break; 763 764 default: 765 qemu_log_mask(LOG_GUEST_ERROR, 766 "write to unknown OneNAND register 0x%x\n", 767 offset); 768 } 769 } 770 771 static const MemoryRegionOps onenand_ops = { 772 .read = onenand_read, 773 .write = onenand_write, 774 .endianness = DEVICE_NATIVE_ENDIAN, 775 }; 776 777 static void onenand_realize(DeviceState *dev, Error **errp) 778 { 779 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 780 OneNANDState *s = ONE_NAND(dev); 781 uint32_t size = 1 << (24 + ((s->id.dev >> 4) & 7)); 782 void *ram; 783 Error *local_err = NULL; 784 785 s->base = (hwaddr)-1; 786 s->rdy = NULL; 787 s->blocks = size >> BLOCK_SHIFT; 788 s->secs = size >> 9; 789 s->blockwp = g_malloc(s->blocks); 790 s->density_mask = (s->id.dev & 0x08) 791 ? (1 << (6 + ((s->id.dev >> 4) & 7))) : 0; 792 memory_region_init_io(&s->iomem, OBJECT(s), &onenand_ops, s, "onenand", 793 0x10000 << s->shift); 794 if (!s->blk) { 795 s->image = memset(g_malloc(size + (size >> 5)), 796 0xff, size + (size >> 5)); 797 } else { 798 if (blk_is_read_only(s->blk)) { 799 error_setg(errp, "Can't use a read-only drive"); 800 return; 801 } 802 blk_set_perm(s->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, 803 BLK_PERM_ALL, &local_err); 804 if (local_err) { 805 error_propagate(errp, local_err); 806 return; 807 } 808 s->blk_cur = s->blk; 809 } 810 s->otp = memset(g_malloc((64 + 2) << PAGE_SHIFT), 811 0xff, (64 + 2) << PAGE_SHIFT); 812 memory_region_init_ram_nomigrate(&s->ram, OBJECT(s), "onenand.ram", 813 0xc000 << s->shift, &error_fatal); 814 vmstate_register_ram_global(&s->ram); 815 ram = memory_region_get_ram_ptr(&s->ram); 816 s->boot[0] = ram + (0x0000 << s->shift); 817 s->boot[1] = ram + (0x8000 << s->shift); 818 s->data[0][0] = ram + ((0x0200 + (0 << (PAGE_SHIFT - 1))) << s->shift); 819 s->data[0][1] = ram + ((0x8010 + (0 << (PAGE_SHIFT - 6))) << s->shift); 820 s->data[1][0] = ram + ((0x0200 + (1 << (PAGE_SHIFT - 1))) << s->shift); 821 s->data[1][1] = ram + ((0x8010 + (1 << (PAGE_SHIFT - 6))) << s->shift); 822 onenand_mem_setup(s); 823 sysbus_init_irq(sbd, &s->intr); 824 sysbus_init_mmio(sbd, &s->container); 825 vmstate_register(VMSTATE_IF(dev), 826 ((s->shift & 0x7f) << 24) 827 | ((s->id.man & 0xff) << 16) 828 | ((s->id.dev & 0xff) << 8) 829 | (s->id.ver & 0xff), 830 &vmstate_onenand, s); 831 } 832 833 static Property onenand_properties[] = { 834 DEFINE_PROP_UINT16("manufacturer_id", OneNANDState, id.man, 0), 835 DEFINE_PROP_UINT16("device_id", OneNANDState, id.dev, 0), 836 DEFINE_PROP_UINT16("version_id", OneNANDState, id.ver, 0), 837 DEFINE_PROP_INT32("shift", OneNANDState, shift, 0), 838 DEFINE_PROP_DRIVE("drive", OneNANDState, blk), 839 DEFINE_PROP_END_OF_LIST(), 840 }; 841 842 static void onenand_class_init(ObjectClass *klass, void *data) 843 { 844 DeviceClass *dc = DEVICE_CLASS(klass); 845 846 dc->realize = onenand_realize; 847 dc->reset = onenand_system_reset; 848 device_class_set_props(dc, onenand_properties); 849 } 850 851 static const TypeInfo onenand_info = { 852 .name = TYPE_ONE_NAND, 853 .parent = TYPE_SYS_BUS_DEVICE, 854 .instance_size = sizeof(OneNANDState), 855 .class_init = onenand_class_init, 856 }; 857 858 static void onenand_register_types(void) 859 { 860 type_register_static(&onenand_info); 861 } 862 863 void *onenand_raw_otp(DeviceState *onenand_device) 864 { 865 OneNANDState *s = ONE_NAND(onenand_device); 866 867 return s->otp; 868 } 869 870 type_init(onenand_register_types) 871