xref: /openbmc/qemu/hw/block/onenand.c (revision 56c4bfb3)
1 /*
2  * OneNAND flash memories emulation.
3  *
4  * Copyright (C) 2008 Nokia Corporation
5  * Written by Andrzej Zaborowski <andrew@openedhand.com>
6  *
7  * This program is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU General Public License as
9  * published by the Free Software Foundation; either version 2 or
10  * (at your option) version 3 of the License.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License along
18  * with this program; if not, see <http://www.gnu.org/licenses/>.
19  */
20 
21 #include "qemu-common.h"
22 #include "hw/hw.h"
23 #include "hw/block/flash.h"
24 #include "hw/irq.h"
25 #include "sysemu/blockdev.h"
26 #include "exec/memory.h"
27 #include "exec/address-spaces.h"
28 #include "hw/sysbus.h"
29 #include "qemu/error-report.h"
30 
31 /* 11 for 2kB-page OneNAND ("2nd generation") and 10 for 1kB-page chips */
32 #define PAGE_SHIFT	11
33 
34 /* Fixed */
35 #define BLOCK_SHIFT	(PAGE_SHIFT + 6)
36 
37 #define TYPE_ONE_NAND "onenand"
38 #define ONE_NAND(obj) OBJECT_CHECK(OneNANDState, (obj), TYPE_ONE_NAND)
39 
40 typedef struct OneNANDState {
41     SysBusDevice parent_obj;
42 
43     struct {
44         uint16_t man;
45         uint16_t dev;
46         uint16_t ver;
47     } id;
48     int shift;
49     hwaddr base;
50     qemu_irq intr;
51     qemu_irq rdy;
52     BlockDriverState *bdrv;
53     BlockDriverState *bdrv_cur;
54     uint8_t *image;
55     uint8_t *otp;
56     uint8_t *current;
57     MemoryRegion ram;
58     MemoryRegion mapped_ram;
59     uint8_t current_direction;
60     uint8_t *boot[2];
61     uint8_t *data[2][2];
62     MemoryRegion iomem;
63     MemoryRegion container;
64     int cycle;
65     int otpmode;
66 
67     uint16_t addr[8];
68     uint16_t unladdr[8];
69     int bufaddr;
70     int count;
71     uint16_t command;
72     uint16_t config[2];
73     uint16_t status;
74     uint16_t intstatus;
75     uint16_t wpstatus;
76 
77     ECCState ecc;
78 
79     int density_mask;
80     int secs;
81     int secs_cur;
82     int blocks;
83     uint8_t *blockwp;
84 } OneNANDState;
85 
86 enum {
87     ONEN_BUF_BLOCK = 0,
88     ONEN_BUF_BLOCK2 = 1,
89     ONEN_BUF_DEST_BLOCK = 2,
90     ONEN_BUF_DEST_PAGE = 3,
91     ONEN_BUF_PAGE = 7,
92 };
93 
94 enum {
95     ONEN_ERR_CMD = 1 << 10,
96     ONEN_ERR_ERASE = 1 << 11,
97     ONEN_ERR_PROG = 1 << 12,
98     ONEN_ERR_LOAD = 1 << 13,
99 };
100 
101 enum {
102     ONEN_INT_RESET = 1 << 4,
103     ONEN_INT_ERASE = 1 << 5,
104     ONEN_INT_PROG = 1 << 6,
105     ONEN_INT_LOAD = 1 << 7,
106     ONEN_INT = 1 << 15,
107 };
108 
109 enum {
110     ONEN_LOCK_LOCKTIGHTEN = 1 << 0,
111     ONEN_LOCK_LOCKED = 1 << 1,
112     ONEN_LOCK_UNLOCKED = 1 << 2,
113 };
114 
115 static void onenand_mem_setup(OneNANDState *s)
116 {
117     /* XXX: We should use IO_MEM_ROMD but we broke it earlier...
118      * Both 0x0000 ... 0x01ff and 0x8000 ... 0x800f can be used to
119      * write boot commands.  Also take note of the BWPS bit.  */
120     memory_region_init(&s->container, OBJECT(s), "onenand",
121                        0x10000 << s->shift);
122     memory_region_add_subregion(&s->container, 0, &s->iomem);
123     memory_region_init_alias(&s->mapped_ram, OBJECT(s), "onenand-mapped-ram",
124                              &s->ram, 0x0200 << s->shift,
125                              0xbe00 << s->shift);
126     memory_region_add_subregion_overlap(&s->container,
127                                         0x0200 << s->shift,
128                                         &s->mapped_ram,
129                                         1);
130 }
131 
132 static void onenand_intr_update(OneNANDState *s)
133 {
134     qemu_set_irq(s->intr, ((s->intstatus >> 15) ^ (~s->config[0] >> 6)) & 1);
135 }
136 
137 static void onenand_pre_save(void *opaque)
138 {
139     OneNANDState *s = opaque;
140     if (s->current == s->otp) {
141         s->current_direction = 1;
142     } else if (s->current == s->image) {
143         s->current_direction = 2;
144     } else {
145         s->current_direction = 0;
146     }
147 }
148 
149 static int onenand_post_load(void *opaque, int version_id)
150 {
151     OneNANDState *s = opaque;
152     switch (s->current_direction) {
153     case 0:
154         break;
155     case 1:
156         s->current = s->otp;
157         break;
158     case 2:
159         s->current = s->image;
160         break;
161     default:
162         return -1;
163     }
164     onenand_intr_update(s);
165     return 0;
166 }
167 
168 static const VMStateDescription vmstate_onenand = {
169     .name = "onenand",
170     .version_id = 1,
171     .minimum_version_id = 1,
172     .minimum_version_id_old = 1,
173     .pre_save = onenand_pre_save,
174     .post_load = onenand_post_load,
175     .fields = (VMStateField[]) {
176         VMSTATE_UINT8(current_direction, OneNANDState),
177         VMSTATE_INT32(cycle, OneNANDState),
178         VMSTATE_INT32(otpmode, OneNANDState),
179         VMSTATE_UINT16_ARRAY(addr, OneNANDState, 8),
180         VMSTATE_UINT16_ARRAY(unladdr, OneNANDState, 8),
181         VMSTATE_INT32(bufaddr, OneNANDState),
182         VMSTATE_INT32(count, OneNANDState),
183         VMSTATE_UINT16(command, OneNANDState),
184         VMSTATE_UINT16_ARRAY(config, OneNANDState, 2),
185         VMSTATE_UINT16(status, OneNANDState),
186         VMSTATE_UINT16(intstatus, OneNANDState),
187         VMSTATE_UINT16(wpstatus, OneNANDState),
188         VMSTATE_INT32(secs_cur, OneNANDState),
189         VMSTATE_PARTIAL_VBUFFER(blockwp, OneNANDState, blocks),
190         VMSTATE_UINT8(ecc.cp, OneNANDState),
191         VMSTATE_UINT16_ARRAY(ecc.lp, OneNANDState, 2),
192         VMSTATE_UINT16(ecc.count, OneNANDState),
193         VMSTATE_BUFFER_POINTER_UNSAFE(otp, OneNANDState, 0,
194             ((64 + 2) << PAGE_SHIFT)),
195         VMSTATE_END_OF_LIST()
196     }
197 };
198 
199 /* Hot reset (Reset OneNAND command) or warm reset (RP pin low) */
200 static void onenand_reset(OneNANDState *s, int cold)
201 {
202     memset(&s->addr, 0, sizeof(s->addr));
203     s->command = 0;
204     s->count = 1;
205     s->bufaddr = 0;
206     s->config[0] = 0x40c0;
207     s->config[1] = 0x0000;
208     onenand_intr_update(s);
209     qemu_irq_raise(s->rdy);
210     s->status = 0x0000;
211     s->intstatus = cold ? 0x8080 : 0x8010;
212     s->unladdr[0] = 0;
213     s->unladdr[1] = 0;
214     s->wpstatus = 0x0002;
215     s->cycle = 0;
216     s->otpmode = 0;
217     s->bdrv_cur = s->bdrv;
218     s->current = s->image;
219     s->secs_cur = s->secs;
220 
221     if (cold) {
222         /* Lock the whole flash */
223         memset(s->blockwp, ONEN_LOCK_LOCKED, s->blocks);
224 
225         if (s->bdrv_cur && bdrv_read(s->bdrv_cur, 0, s->boot[0], 8) < 0) {
226             hw_error("%s: Loading the BootRAM failed.\n", __func__);
227         }
228     }
229 }
230 
231 static void onenand_system_reset(DeviceState *dev)
232 {
233     OneNANDState *s = ONE_NAND(dev);
234 
235     onenand_reset(s, 1);
236 }
237 
238 static inline int onenand_load_main(OneNANDState *s, int sec, int secn,
239                 void *dest)
240 {
241     if (s->bdrv_cur)
242         return bdrv_read(s->bdrv_cur, sec, dest, secn) < 0;
243     else if (sec + secn > s->secs_cur)
244         return 1;
245 
246     memcpy(dest, s->current + (sec << 9), secn << 9);
247 
248     return 0;
249 }
250 
251 static inline int onenand_prog_main(OneNANDState *s, int sec, int secn,
252                 void *src)
253 {
254     int result = 0;
255 
256     if (secn > 0) {
257         uint32_t size = (uint32_t)secn * 512;
258         const uint8_t *sp = (const uint8_t *)src;
259         uint8_t *dp = 0;
260         if (s->bdrv_cur) {
261             dp = g_malloc(size);
262             if (!dp || bdrv_read(s->bdrv_cur, sec, dp, secn) < 0) {
263                 result = 1;
264             }
265         } else {
266             if (sec + secn > s->secs_cur) {
267                 result = 1;
268             } else {
269                 dp = (uint8_t *)s->current + (sec << 9);
270             }
271         }
272         if (!result) {
273             uint32_t i;
274             for (i = 0; i < size; i++) {
275                 dp[i] &= sp[i];
276             }
277             if (s->bdrv_cur) {
278                 result = bdrv_write(s->bdrv_cur, sec, dp, secn) < 0;
279             }
280         }
281         if (dp && s->bdrv_cur) {
282             g_free(dp);
283         }
284     }
285 
286     return result;
287 }
288 
289 static inline int onenand_load_spare(OneNANDState *s, int sec, int secn,
290                 void *dest)
291 {
292     uint8_t buf[512];
293 
294     if (s->bdrv_cur) {
295         if (bdrv_read(s->bdrv_cur, s->secs_cur + (sec >> 5), buf, 1) < 0)
296             return 1;
297         memcpy(dest, buf + ((sec & 31) << 4), secn << 4);
298     } else if (sec + secn > s->secs_cur)
299         return 1;
300     else
301         memcpy(dest, s->current + (s->secs_cur << 9) + (sec << 4), secn << 4);
302 
303     return 0;
304 }
305 
306 static inline int onenand_prog_spare(OneNANDState *s, int sec, int secn,
307                 void *src)
308 {
309     int result = 0;
310     if (secn > 0) {
311         const uint8_t *sp = (const uint8_t *)src;
312         uint8_t *dp = 0, *dpp = 0;
313         if (s->bdrv_cur) {
314             dp = g_malloc(512);
315             if (!dp || bdrv_read(s->bdrv_cur,
316                                  s->secs_cur + (sec >> 5),
317                                  dp, 1) < 0) {
318                 result = 1;
319             } else {
320                 dpp = dp + ((sec & 31) << 4);
321             }
322         } else {
323             if (sec + secn > s->secs_cur) {
324                 result = 1;
325             } else {
326                 dpp = s->current + (s->secs_cur << 9) + (sec << 4);
327             }
328         }
329         if (!result) {
330             uint32_t i;
331             for (i = 0; i < (secn << 4); i++) {
332                 dpp[i] &= sp[i];
333             }
334             if (s->bdrv_cur) {
335                 result = bdrv_write(s->bdrv_cur, s->secs_cur + (sec >> 5),
336                                     dp, 1) < 0;
337             }
338         }
339         if (dp) {
340             g_free(dp);
341         }
342     }
343     return result;
344 }
345 
346 static inline int onenand_erase(OneNANDState *s, int sec, int num)
347 {
348     uint8_t *blankbuf, *tmpbuf;
349     blankbuf = g_malloc(512);
350     if (!blankbuf) {
351         return 1;
352     }
353     tmpbuf = g_malloc(512);
354     if (!tmpbuf) {
355         g_free(blankbuf);
356         return 1;
357     }
358     memset(blankbuf, 0xff, 512);
359     for (; num > 0; num--, sec++) {
360         if (s->bdrv_cur) {
361             int erasesec = s->secs_cur + (sec >> 5);
362             if (bdrv_write(s->bdrv_cur, sec, blankbuf, 1) < 0) {
363                 goto fail;
364             }
365             if (bdrv_read(s->bdrv_cur, erasesec, tmpbuf, 1) < 0) {
366                 goto fail;
367             }
368             memcpy(tmpbuf + ((sec & 31) << 4), blankbuf, 1 << 4);
369             if (bdrv_write(s->bdrv_cur, erasesec, tmpbuf, 1) < 0) {
370                 goto fail;
371             }
372         } else {
373             if (sec + 1 > s->secs_cur) {
374                 goto fail;
375             }
376             memcpy(s->current + (sec << 9), blankbuf, 512);
377             memcpy(s->current + (s->secs_cur << 9) + (sec << 4),
378                    blankbuf, 1 << 4);
379         }
380     }
381 
382     g_free(tmpbuf);
383     g_free(blankbuf);
384     return 0;
385 
386 fail:
387     g_free(tmpbuf);
388     g_free(blankbuf);
389     return 1;
390 }
391 
392 static void onenand_command(OneNANDState *s)
393 {
394     int b;
395     int sec;
396     void *buf;
397 #define SETADDR(block, page)			\
398     sec = (s->addr[page] & 3) +			\
399             ((((s->addr[page] >> 2) & 0x3f) +	\
400               (((s->addr[block] & 0xfff) |	\
401                 (s->addr[block] >> 15 ?		\
402                  s->density_mask : 0)) << 6)) << (PAGE_SHIFT - 9));
403 #define SETBUF_M()				\
404     buf = (s->bufaddr & 8) ?			\
405             s->data[(s->bufaddr >> 2) & 1][0] : s->boot[0];	\
406     buf += (s->bufaddr & 3) << 9;
407 #define SETBUF_S()				\
408     buf = (s->bufaddr & 8) ?			\
409             s->data[(s->bufaddr >> 2) & 1][1] : s->boot[1];	\
410     buf += (s->bufaddr & 3) << 4;
411 
412     switch (s->command) {
413     case 0x00:	/* Load single/multiple sector data unit into buffer */
414         SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
415 
416         SETBUF_M()
417         if (onenand_load_main(s, sec, s->count, buf))
418             s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
419 
420 #if 0
421         SETBUF_S()
422         if (onenand_load_spare(s, sec, s->count, buf))
423             s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
424 #endif
425 
426         /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
427          * or    if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
428          * then we need two split the read/write into two chunks.
429          */
430         s->intstatus |= ONEN_INT | ONEN_INT_LOAD;
431         break;
432     case 0x13:	/* Load single/multiple spare sector into buffer */
433         SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
434 
435         SETBUF_S()
436         if (onenand_load_spare(s, sec, s->count, buf))
437             s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
438 
439         /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
440          * or    if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
441          * then we need two split the read/write into two chunks.
442          */
443         s->intstatus |= ONEN_INT | ONEN_INT_LOAD;
444         break;
445     case 0x80:	/* Program single/multiple sector data unit from buffer */
446         SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
447 
448         SETBUF_M()
449         if (onenand_prog_main(s, sec, s->count, buf))
450             s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
451 
452 #if 0
453         SETBUF_S()
454         if (onenand_prog_spare(s, sec, s->count, buf))
455             s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
456 #endif
457 
458         /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
459          * or    if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
460          * then we need two split the read/write into two chunks.
461          */
462         s->intstatus |= ONEN_INT | ONEN_INT_PROG;
463         break;
464     case 0x1a:	/* Program single/multiple spare area sector from buffer */
465         SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
466 
467         SETBUF_S()
468         if (onenand_prog_spare(s, sec, s->count, buf))
469             s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
470 
471         /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
472          * or    if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
473          * then we need two split the read/write into two chunks.
474          */
475         s->intstatus |= ONEN_INT | ONEN_INT_PROG;
476         break;
477     case 0x1b:	/* Copy-back program */
478         SETBUF_S()
479 
480         SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
481         if (onenand_load_main(s, sec, s->count, buf))
482             s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
483 
484         SETADDR(ONEN_BUF_DEST_BLOCK, ONEN_BUF_DEST_PAGE)
485         if (onenand_prog_main(s, sec, s->count, buf))
486             s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
487 
488         /* TODO: spare areas */
489 
490         s->intstatus |= ONEN_INT | ONEN_INT_PROG;
491         break;
492 
493     case 0x23:	/* Unlock NAND array block(s) */
494         s->intstatus |= ONEN_INT;
495 
496         /* XXX the previous (?) area should be locked automatically */
497         for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
498             if (b >= s->blocks) {
499                 s->status |= ONEN_ERR_CMD;
500                 break;
501             }
502             if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
503                 break;
504 
505             s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED;
506         }
507         break;
508     case 0x27:	/* Unlock All NAND array blocks */
509         s->intstatus |= ONEN_INT;
510 
511         for (b = 0; b < s->blocks; b ++) {
512             if (b >= s->blocks) {
513                 s->status |= ONEN_ERR_CMD;
514                 break;
515             }
516             if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
517                 break;
518 
519             s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED;
520         }
521         break;
522 
523     case 0x2a:	/* Lock NAND array block(s) */
524         s->intstatus |= ONEN_INT;
525 
526         for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
527             if (b >= s->blocks) {
528                 s->status |= ONEN_ERR_CMD;
529                 break;
530             }
531             if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
532                 break;
533 
534             s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKED;
535         }
536         break;
537     case 0x2c:	/* Lock-tight NAND array block(s) */
538         s->intstatus |= ONEN_INT;
539 
540         for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
541             if (b >= s->blocks) {
542                 s->status |= ONEN_ERR_CMD;
543                 break;
544             }
545             if (s->blockwp[b] == ONEN_LOCK_UNLOCKED)
546                 continue;
547 
548             s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKTIGHTEN;
549         }
550         break;
551 
552     case 0x71:	/* Erase-Verify-Read */
553         s->intstatus |= ONEN_INT;
554         break;
555     case 0x95:	/* Multi-block erase */
556         qemu_irq_pulse(s->intr);
557         /* Fall through.  */
558     case 0x94:	/* Block erase */
559         sec = ((s->addr[ONEN_BUF_BLOCK] & 0xfff) |
560                         (s->addr[ONEN_BUF_BLOCK] >> 15 ? s->density_mask : 0))
561                 << (BLOCK_SHIFT - 9);
562         if (onenand_erase(s, sec, 1 << (BLOCK_SHIFT - 9)))
563             s->status |= ONEN_ERR_CMD | ONEN_ERR_ERASE;
564 
565         s->intstatus |= ONEN_INT | ONEN_INT_ERASE;
566         break;
567     case 0xb0:	/* Erase suspend */
568         break;
569     case 0x30:	/* Erase resume */
570         s->intstatus |= ONEN_INT | ONEN_INT_ERASE;
571         break;
572 
573     case 0xf0:	/* Reset NAND Flash core */
574         onenand_reset(s, 0);
575         break;
576     case 0xf3:	/* Reset OneNAND */
577         onenand_reset(s, 0);
578         break;
579 
580     case 0x65:	/* OTP Access */
581         s->intstatus |= ONEN_INT;
582         s->bdrv_cur = NULL;
583         s->current = s->otp;
584         s->secs_cur = 1 << (BLOCK_SHIFT - 9);
585         s->addr[ONEN_BUF_BLOCK] = 0;
586         s->otpmode = 1;
587         break;
588 
589     default:
590         s->status |= ONEN_ERR_CMD;
591         s->intstatus |= ONEN_INT;
592         fprintf(stderr, "%s: unknown OneNAND command %x\n",
593                         __func__, s->command);
594     }
595 
596     onenand_intr_update(s);
597 }
598 
599 static uint64_t onenand_read(void *opaque, hwaddr addr,
600                              unsigned size)
601 {
602     OneNANDState *s = (OneNANDState *) opaque;
603     int offset = addr >> s->shift;
604 
605     switch (offset) {
606     case 0x0000 ... 0xc000:
607         return lduw_le_p(s->boot[0] + addr);
608 
609     case 0xf000:	/* Manufacturer ID */
610         return s->id.man;
611     case 0xf001:	/* Device ID */
612         return s->id.dev;
613     case 0xf002:	/* Version ID */
614         return s->id.ver;
615     /* TODO: get the following values from a real chip!  */
616     case 0xf003:	/* Data Buffer size */
617         return 1 << PAGE_SHIFT;
618     case 0xf004:	/* Boot Buffer size */
619         return 0x200;
620     case 0xf005:	/* Amount of buffers */
621         return 1 | (2 << 8);
622     case 0xf006:	/* Technology */
623         return 0;
624 
625     case 0xf100 ... 0xf107:	/* Start addresses */
626         return s->addr[offset - 0xf100];
627 
628     case 0xf200:	/* Start buffer */
629         return (s->bufaddr << 8) | ((s->count - 1) & (1 << (PAGE_SHIFT - 10)));
630 
631     case 0xf220:	/* Command */
632         return s->command;
633     case 0xf221:	/* System Configuration 1 */
634         return s->config[0] & 0xffe0;
635     case 0xf222:	/* System Configuration 2 */
636         return s->config[1];
637 
638     case 0xf240:	/* Controller Status */
639         return s->status;
640     case 0xf241:	/* Interrupt */
641         return s->intstatus;
642     case 0xf24c:	/* Unlock Start Block Address */
643         return s->unladdr[0];
644     case 0xf24d:	/* Unlock End Block Address */
645         return s->unladdr[1];
646     case 0xf24e:	/* Write Protection Status */
647         return s->wpstatus;
648 
649     case 0xff00:	/* ECC Status */
650         return 0x00;
651     case 0xff01:	/* ECC Result of main area data */
652     case 0xff02:	/* ECC Result of spare area data */
653     case 0xff03:	/* ECC Result of main area data */
654     case 0xff04:	/* ECC Result of spare area data */
655         hw_error("%s: imeplement ECC\n", __FUNCTION__);
656         return 0x0000;
657     }
658 
659     fprintf(stderr, "%s: unknown OneNAND register %x\n",
660                     __FUNCTION__, offset);
661     return 0;
662 }
663 
664 static void onenand_write(void *opaque, hwaddr addr,
665                           uint64_t value, unsigned size)
666 {
667     OneNANDState *s = (OneNANDState *) opaque;
668     int offset = addr >> s->shift;
669     int sec;
670 
671     switch (offset) {
672     case 0x0000 ... 0x01ff:
673     case 0x8000 ... 0x800f:
674         if (s->cycle) {
675             s->cycle = 0;
676 
677             if (value == 0x0000) {
678                 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
679                 onenand_load_main(s, sec,
680                                 1 << (PAGE_SHIFT - 9), s->data[0][0]);
681                 s->addr[ONEN_BUF_PAGE] += 4;
682                 s->addr[ONEN_BUF_PAGE] &= 0xff;
683             }
684             break;
685         }
686 
687         switch (value) {
688         case 0x00f0:	/* Reset OneNAND */
689             onenand_reset(s, 0);
690             break;
691 
692         case 0x00e0:	/* Load Data into Buffer */
693             s->cycle = 1;
694             break;
695 
696         case 0x0090:	/* Read Identification Data */
697             memset(s->boot[0], 0, 3 << s->shift);
698             s->boot[0][0 << s->shift] = s->id.man & 0xff;
699             s->boot[0][1 << s->shift] = s->id.dev & 0xff;
700             s->boot[0][2 << s->shift] = s->wpstatus & 0xff;
701             break;
702 
703         default:
704             fprintf(stderr, "%s: unknown OneNAND boot command %"PRIx64"\n",
705                             __FUNCTION__, value);
706         }
707         break;
708 
709     case 0xf100 ... 0xf107:	/* Start addresses */
710         s->addr[offset - 0xf100] = value;
711         break;
712 
713     case 0xf200:	/* Start buffer */
714         s->bufaddr = (value >> 8) & 0xf;
715         if (PAGE_SHIFT == 11)
716             s->count = (value & 3) ?: 4;
717         else if (PAGE_SHIFT == 10)
718             s->count = (value & 1) ?: 2;
719         break;
720 
721     case 0xf220:	/* Command */
722         if (s->intstatus & (1 << 15))
723             break;
724         s->command = value;
725         onenand_command(s);
726         break;
727     case 0xf221:	/* System Configuration 1 */
728         s->config[0] = value;
729         onenand_intr_update(s);
730         qemu_set_irq(s->rdy, (s->config[0] >> 7) & 1);
731         break;
732     case 0xf222:	/* System Configuration 2 */
733         s->config[1] = value;
734         break;
735 
736     case 0xf241:	/* Interrupt */
737         s->intstatus &= value;
738         if ((1 << 15) & ~s->intstatus)
739             s->status &= ~(ONEN_ERR_CMD | ONEN_ERR_ERASE |
740                             ONEN_ERR_PROG | ONEN_ERR_LOAD);
741         onenand_intr_update(s);
742         break;
743     case 0xf24c:	/* Unlock Start Block Address */
744         s->unladdr[0] = value & (s->blocks - 1);
745         /* For some reason we have to set the end address to by default
746          * be same as start because the software forgets to write anything
747          * in there.  */
748         s->unladdr[1] = value & (s->blocks - 1);
749         break;
750     case 0xf24d:	/* Unlock End Block Address */
751         s->unladdr[1] = value & (s->blocks - 1);
752         break;
753 
754     default:
755         fprintf(stderr, "%s: unknown OneNAND register %x\n",
756                         __FUNCTION__, offset);
757     }
758 }
759 
760 static const MemoryRegionOps onenand_ops = {
761     .read = onenand_read,
762     .write = onenand_write,
763     .endianness = DEVICE_NATIVE_ENDIAN,
764 };
765 
766 static int onenand_initfn(SysBusDevice *sbd)
767 {
768     DeviceState *dev = DEVICE(sbd);
769     OneNANDState *s = ONE_NAND(dev);
770     uint32_t size = 1 << (24 + ((s->id.dev >> 4) & 7));
771     void *ram;
772 
773     s->base = (hwaddr)-1;
774     s->rdy = NULL;
775     s->blocks = size >> BLOCK_SHIFT;
776     s->secs = size >> 9;
777     s->blockwp = g_malloc(s->blocks);
778     s->density_mask = (s->id.dev & 0x08)
779         ? (1 << (6 + ((s->id.dev >> 4) & 7))) : 0;
780     memory_region_init_io(&s->iomem, OBJECT(s), &onenand_ops, s, "onenand",
781                           0x10000 << s->shift);
782     if (!s->bdrv) {
783         s->image = memset(g_malloc(size + (size >> 5)),
784                           0xff, size + (size >> 5));
785     } else {
786         if (bdrv_is_read_only(s->bdrv)) {
787             error_report("Can't use a read-only drive");
788             return -1;
789         }
790         s->bdrv_cur = s->bdrv;
791     }
792     s->otp = memset(g_malloc((64 + 2) << PAGE_SHIFT),
793                     0xff, (64 + 2) << PAGE_SHIFT);
794     memory_region_init_ram(&s->ram, OBJECT(s), "onenand.ram",
795                            0xc000 << s->shift);
796     vmstate_register_ram_global(&s->ram);
797     ram = memory_region_get_ram_ptr(&s->ram);
798     s->boot[0] = ram + (0x0000 << s->shift);
799     s->boot[1] = ram + (0x8000 << s->shift);
800     s->data[0][0] = ram + ((0x0200 + (0 << (PAGE_SHIFT - 1))) << s->shift);
801     s->data[0][1] = ram + ((0x8010 + (0 << (PAGE_SHIFT - 6))) << s->shift);
802     s->data[1][0] = ram + ((0x0200 + (1 << (PAGE_SHIFT - 1))) << s->shift);
803     s->data[1][1] = ram + ((0x8010 + (1 << (PAGE_SHIFT - 6))) << s->shift);
804     onenand_mem_setup(s);
805     sysbus_init_irq(sbd, &s->intr);
806     sysbus_init_mmio(sbd, &s->container);
807     vmstate_register(dev,
808                      ((s->shift & 0x7f) << 24)
809                      | ((s->id.man & 0xff) << 16)
810                      | ((s->id.dev & 0xff) << 8)
811                      | (s->id.ver & 0xff),
812                      &vmstate_onenand, s);
813     return 0;
814 }
815 
816 static Property onenand_properties[] = {
817     DEFINE_PROP_UINT16("manufacturer_id", OneNANDState, id.man, 0),
818     DEFINE_PROP_UINT16("device_id", OneNANDState, id.dev, 0),
819     DEFINE_PROP_UINT16("version_id", OneNANDState, id.ver, 0),
820     DEFINE_PROP_INT32("shift", OneNANDState, shift, 0),
821     DEFINE_PROP_DRIVE("drive", OneNANDState, bdrv),
822     DEFINE_PROP_END_OF_LIST(),
823 };
824 
825 static void onenand_class_init(ObjectClass *klass, void *data)
826 {
827     DeviceClass *dc = DEVICE_CLASS(klass);
828     SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
829 
830     k->init = onenand_initfn;
831     dc->reset = onenand_system_reset;
832     dc->props = onenand_properties;
833 }
834 
835 static const TypeInfo onenand_info = {
836     .name          = TYPE_ONE_NAND,
837     .parent        = TYPE_SYS_BUS_DEVICE,
838     .instance_size = sizeof(OneNANDState),
839     .class_init    = onenand_class_init,
840 };
841 
842 static void onenand_register_types(void)
843 {
844     type_register_static(&onenand_info);
845 }
846 
847 void *onenand_raw_otp(DeviceState *onenand_device)
848 {
849     OneNANDState *s = ONE_NAND(onenand_device);
850 
851     return s->otp;
852 }
853 
854 type_init(onenand_register_types)
855