1 /* 2 * OneNAND flash memories emulation. 3 * 4 * Copyright (C) 2008 Nokia Corporation 5 * Written by Andrzej Zaborowski <andrew@openedhand.com> 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License as 9 * published by the Free Software Foundation; either version 2 or 10 * (at your option) version 3 of the License. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License along 18 * with this program; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 #include "qemu/osdep.h" 22 #include "qapi/error.h" 23 #include "qemu-common.h" 24 #include "hw/hw.h" 25 #include "hw/block/flash.h" 26 #include "hw/irq.h" 27 #include "sysemu/block-backend.h" 28 #include "exec/memory.h" 29 #include "hw/sysbus.h" 30 #include "qemu/error-report.h" 31 #include "qemu/log.h" 32 33 /* 11 for 2kB-page OneNAND ("2nd generation") and 10 for 1kB-page chips */ 34 #define PAGE_SHIFT 11 35 36 /* Fixed */ 37 #define BLOCK_SHIFT (PAGE_SHIFT + 6) 38 39 #define TYPE_ONE_NAND "onenand" 40 #define ONE_NAND(obj) OBJECT_CHECK(OneNANDState, (obj), TYPE_ONE_NAND) 41 42 typedef struct OneNANDState { 43 SysBusDevice parent_obj; 44 45 struct { 46 uint16_t man; 47 uint16_t dev; 48 uint16_t ver; 49 } id; 50 int shift; 51 hwaddr base; 52 qemu_irq intr; 53 qemu_irq rdy; 54 BlockBackend *blk; 55 BlockBackend *blk_cur; 56 uint8_t *image; 57 uint8_t *otp; 58 uint8_t *current; 59 MemoryRegion ram; 60 MemoryRegion mapped_ram; 61 uint8_t current_direction; 62 uint8_t *boot[2]; 63 uint8_t *data[2][2]; 64 MemoryRegion iomem; 65 MemoryRegion container; 66 int cycle; 67 int otpmode; 68 69 uint16_t addr[8]; 70 uint16_t unladdr[8]; 71 int bufaddr; 72 int count; 73 uint16_t command; 74 uint16_t config[2]; 75 uint16_t status; 76 uint16_t intstatus; 77 uint16_t wpstatus; 78 79 ECCState ecc; 80 81 int density_mask; 82 int secs; 83 int secs_cur; 84 int blocks; 85 uint8_t *blockwp; 86 } OneNANDState; 87 88 enum { 89 ONEN_BUF_BLOCK = 0, 90 ONEN_BUF_BLOCK2 = 1, 91 ONEN_BUF_DEST_BLOCK = 2, 92 ONEN_BUF_DEST_PAGE = 3, 93 ONEN_BUF_PAGE = 7, 94 }; 95 96 enum { 97 ONEN_ERR_CMD = 1 << 10, 98 ONEN_ERR_ERASE = 1 << 11, 99 ONEN_ERR_PROG = 1 << 12, 100 ONEN_ERR_LOAD = 1 << 13, 101 }; 102 103 enum { 104 ONEN_INT_RESET = 1 << 4, 105 ONEN_INT_ERASE = 1 << 5, 106 ONEN_INT_PROG = 1 << 6, 107 ONEN_INT_LOAD = 1 << 7, 108 ONEN_INT = 1 << 15, 109 }; 110 111 enum { 112 ONEN_LOCK_LOCKTIGHTEN = 1 << 0, 113 ONEN_LOCK_LOCKED = 1 << 1, 114 ONEN_LOCK_UNLOCKED = 1 << 2, 115 }; 116 117 static void onenand_mem_setup(OneNANDState *s) 118 { 119 /* XXX: We should use IO_MEM_ROMD but we broke it earlier... 120 * Both 0x0000 ... 0x01ff and 0x8000 ... 0x800f can be used to 121 * write boot commands. Also take note of the BWPS bit. */ 122 memory_region_init(&s->container, OBJECT(s), "onenand", 123 0x10000 << s->shift); 124 memory_region_add_subregion(&s->container, 0, &s->iomem); 125 memory_region_init_alias(&s->mapped_ram, OBJECT(s), "onenand-mapped-ram", 126 &s->ram, 0x0200 << s->shift, 127 0xbe00 << s->shift); 128 memory_region_add_subregion_overlap(&s->container, 129 0x0200 << s->shift, 130 &s->mapped_ram, 131 1); 132 } 133 134 static void onenand_intr_update(OneNANDState *s) 135 { 136 qemu_set_irq(s->intr, ((s->intstatus >> 15) ^ (~s->config[0] >> 6)) & 1); 137 } 138 139 static int onenand_pre_save(void *opaque) 140 { 141 OneNANDState *s = opaque; 142 if (s->current == s->otp) { 143 s->current_direction = 1; 144 } else if (s->current == s->image) { 145 s->current_direction = 2; 146 } else { 147 s->current_direction = 0; 148 } 149 150 return 0; 151 } 152 153 static int onenand_post_load(void *opaque, int version_id) 154 { 155 OneNANDState *s = opaque; 156 switch (s->current_direction) { 157 case 0: 158 break; 159 case 1: 160 s->current = s->otp; 161 break; 162 case 2: 163 s->current = s->image; 164 break; 165 default: 166 return -1; 167 } 168 onenand_intr_update(s); 169 return 0; 170 } 171 172 static const VMStateDescription vmstate_onenand = { 173 .name = "onenand", 174 .version_id = 1, 175 .minimum_version_id = 1, 176 .pre_save = onenand_pre_save, 177 .post_load = onenand_post_load, 178 .fields = (VMStateField[]) { 179 VMSTATE_UINT8(current_direction, OneNANDState), 180 VMSTATE_INT32(cycle, OneNANDState), 181 VMSTATE_INT32(otpmode, OneNANDState), 182 VMSTATE_UINT16_ARRAY(addr, OneNANDState, 8), 183 VMSTATE_UINT16_ARRAY(unladdr, OneNANDState, 8), 184 VMSTATE_INT32(bufaddr, OneNANDState), 185 VMSTATE_INT32(count, OneNANDState), 186 VMSTATE_UINT16(command, OneNANDState), 187 VMSTATE_UINT16_ARRAY(config, OneNANDState, 2), 188 VMSTATE_UINT16(status, OneNANDState), 189 VMSTATE_UINT16(intstatus, OneNANDState), 190 VMSTATE_UINT16(wpstatus, OneNANDState), 191 VMSTATE_INT32(secs_cur, OneNANDState), 192 VMSTATE_PARTIAL_VBUFFER(blockwp, OneNANDState, blocks), 193 VMSTATE_UINT8(ecc.cp, OneNANDState), 194 VMSTATE_UINT16_ARRAY(ecc.lp, OneNANDState, 2), 195 VMSTATE_UINT16(ecc.count, OneNANDState), 196 VMSTATE_BUFFER_POINTER_UNSAFE(otp, OneNANDState, 0, 197 ((64 + 2) << PAGE_SHIFT)), 198 VMSTATE_END_OF_LIST() 199 } 200 }; 201 202 /* Hot reset (Reset OneNAND command) or warm reset (RP pin low) */ 203 static void onenand_reset(OneNANDState *s, int cold) 204 { 205 memset(&s->addr, 0, sizeof(s->addr)); 206 s->command = 0; 207 s->count = 1; 208 s->bufaddr = 0; 209 s->config[0] = 0x40c0; 210 s->config[1] = 0x0000; 211 onenand_intr_update(s); 212 qemu_irq_raise(s->rdy); 213 s->status = 0x0000; 214 s->intstatus = cold ? 0x8080 : 0x8010; 215 s->unladdr[0] = 0; 216 s->unladdr[1] = 0; 217 s->wpstatus = 0x0002; 218 s->cycle = 0; 219 s->otpmode = 0; 220 s->blk_cur = s->blk; 221 s->current = s->image; 222 s->secs_cur = s->secs; 223 224 if (cold) { 225 /* Lock the whole flash */ 226 memset(s->blockwp, ONEN_LOCK_LOCKED, s->blocks); 227 228 if (s->blk_cur && blk_pread(s->blk_cur, 0, s->boot[0], 229 8 << BDRV_SECTOR_BITS) < 0) { 230 hw_error("%s: Loading the BootRAM failed.\n", __func__); 231 } 232 } 233 } 234 235 static void onenand_system_reset(DeviceState *dev) 236 { 237 OneNANDState *s = ONE_NAND(dev); 238 239 onenand_reset(s, 1); 240 } 241 242 static inline int onenand_load_main(OneNANDState *s, int sec, int secn, 243 void *dest) 244 { 245 assert(UINT32_MAX >> BDRV_SECTOR_BITS > sec); 246 assert(UINT32_MAX >> BDRV_SECTOR_BITS > secn); 247 if (s->blk_cur) { 248 return blk_pread(s->blk_cur, sec << BDRV_SECTOR_BITS, dest, 249 secn << BDRV_SECTOR_BITS) < 0; 250 } else if (sec + secn > s->secs_cur) { 251 return 1; 252 } 253 254 memcpy(dest, s->current + (sec << 9), secn << 9); 255 256 return 0; 257 } 258 259 static inline int onenand_prog_main(OneNANDState *s, int sec, int secn, 260 void *src) 261 { 262 int result = 0; 263 264 if (secn > 0) { 265 uint32_t size = secn << BDRV_SECTOR_BITS; 266 uint32_t offset = sec << BDRV_SECTOR_BITS; 267 assert(UINT32_MAX >> BDRV_SECTOR_BITS > sec); 268 assert(UINT32_MAX >> BDRV_SECTOR_BITS > secn); 269 const uint8_t *sp = (const uint8_t *)src; 270 uint8_t *dp = 0; 271 if (s->blk_cur) { 272 dp = g_malloc(size); 273 if (!dp || blk_pread(s->blk_cur, offset, dp, size) < 0) { 274 result = 1; 275 } 276 } else { 277 if (sec + secn > s->secs_cur) { 278 result = 1; 279 } else { 280 dp = (uint8_t *)s->current + offset; 281 } 282 } 283 if (!result) { 284 uint32_t i; 285 for (i = 0; i < size; i++) { 286 dp[i] &= sp[i]; 287 } 288 if (s->blk_cur) { 289 result = blk_pwrite(s->blk_cur, offset, dp, size, 0) < 0; 290 } 291 } 292 if (dp && s->blk_cur) { 293 g_free(dp); 294 } 295 } 296 297 return result; 298 } 299 300 static inline int onenand_load_spare(OneNANDState *s, int sec, int secn, 301 void *dest) 302 { 303 uint8_t buf[512]; 304 305 if (s->blk_cur) { 306 uint32_t offset = (s->secs_cur + (sec >> 5)) << BDRV_SECTOR_BITS; 307 if (blk_pread(s->blk_cur, offset, buf, BDRV_SECTOR_SIZE) < 0) { 308 return 1; 309 } 310 memcpy(dest, buf + ((sec & 31) << 4), secn << 4); 311 } else if (sec + secn > s->secs_cur) { 312 return 1; 313 } else { 314 memcpy(dest, s->current + (s->secs_cur << 9) + (sec << 4), secn << 4); 315 } 316 317 return 0; 318 } 319 320 static inline int onenand_prog_spare(OneNANDState *s, int sec, int secn, 321 void *src) 322 { 323 int result = 0; 324 if (secn > 0) { 325 const uint8_t *sp = (const uint8_t *)src; 326 uint8_t *dp = 0, *dpp = 0; 327 uint32_t offset = (s->secs_cur + (sec >> 5)) << BDRV_SECTOR_BITS; 328 assert(UINT32_MAX >> BDRV_SECTOR_BITS > s->secs_cur + (sec >> 5)); 329 if (s->blk_cur) { 330 dp = g_malloc(512); 331 if (!dp 332 || blk_pread(s->blk_cur, offset, dp, BDRV_SECTOR_SIZE) < 0) { 333 result = 1; 334 } else { 335 dpp = dp + ((sec & 31) << 4); 336 } 337 } else { 338 if (sec + secn > s->secs_cur) { 339 result = 1; 340 } else { 341 dpp = s->current + (s->secs_cur << 9) + (sec << 4); 342 } 343 } 344 if (!result) { 345 uint32_t i; 346 for (i = 0; i < (secn << 4); i++) { 347 dpp[i] &= sp[i]; 348 } 349 if (s->blk_cur) { 350 result = blk_pwrite(s->blk_cur, offset, dp, 351 BDRV_SECTOR_SIZE, 0) < 0; 352 } 353 } 354 g_free(dp); 355 } 356 return result; 357 } 358 359 static inline int onenand_erase(OneNANDState *s, int sec, int num) 360 { 361 uint8_t *blankbuf, *tmpbuf; 362 363 blankbuf = g_malloc(512); 364 tmpbuf = g_malloc(512); 365 memset(blankbuf, 0xff, 512); 366 for (; num > 0; num--, sec++) { 367 if (s->blk_cur) { 368 int erasesec = s->secs_cur + (sec >> 5); 369 if (blk_pwrite(s->blk_cur, sec << BDRV_SECTOR_BITS, blankbuf, 370 BDRV_SECTOR_SIZE, 0) < 0) { 371 goto fail; 372 } 373 if (blk_pread(s->blk_cur, erasesec << BDRV_SECTOR_BITS, tmpbuf, 374 BDRV_SECTOR_SIZE) < 0) { 375 goto fail; 376 } 377 memcpy(tmpbuf + ((sec & 31) << 4), blankbuf, 1 << 4); 378 if (blk_pwrite(s->blk_cur, erasesec << BDRV_SECTOR_BITS, tmpbuf, 379 BDRV_SECTOR_SIZE, 0) < 0) { 380 goto fail; 381 } 382 } else { 383 if (sec + 1 > s->secs_cur) { 384 goto fail; 385 } 386 memcpy(s->current + (sec << 9), blankbuf, 512); 387 memcpy(s->current + (s->secs_cur << 9) + (sec << 4), 388 blankbuf, 1 << 4); 389 } 390 } 391 392 g_free(tmpbuf); 393 g_free(blankbuf); 394 return 0; 395 396 fail: 397 g_free(tmpbuf); 398 g_free(blankbuf); 399 return 1; 400 } 401 402 static void onenand_command(OneNANDState *s) 403 { 404 int b; 405 int sec; 406 void *buf; 407 #define SETADDR(block, page) \ 408 sec = (s->addr[page] & 3) + \ 409 ((((s->addr[page] >> 2) & 0x3f) + \ 410 (((s->addr[block] & 0xfff) | \ 411 (s->addr[block] >> 15 ? \ 412 s->density_mask : 0)) << 6)) << (PAGE_SHIFT - 9)); 413 #define SETBUF_M() \ 414 buf = (s->bufaddr & 8) ? \ 415 s->data[(s->bufaddr >> 2) & 1][0] : s->boot[0]; \ 416 buf += (s->bufaddr & 3) << 9; 417 #define SETBUF_S() \ 418 buf = (s->bufaddr & 8) ? \ 419 s->data[(s->bufaddr >> 2) & 1][1] : s->boot[1]; \ 420 buf += (s->bufaddr & 3) << 4; 421 422 switch (s->command) { 423 case 0x00: /* Load single/multiple sector data unit into buffer */ 424 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 425 426 SETBUF_M() 427 if (onenand_load_main(s, sec, s->count, buf)) 428 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 429 430 #if 0 431 SETBUF_S() 432 if (onenand_load_spare(s, sec, s->count, buf)) 433 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 434 #endif 435 436 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 437 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 438 * then we need two split the read/write into two chunks. 439 */ 440 s->intstatus |= ONEN_INT | ONEN_INT_LOAD; 441 break; 442 case 0x13: /* Load single/multiple spare sector into buffer */ 443 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 444 445 SETBUF_S() 446 if (onenand_load_spare(s, sec, s->count, buf)) 447 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 448 449 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 450 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 451 * then we need two split the read/write into two chunks. 452 */ 453 s->intstatus |= ONEN_INT | ONEN_INT_LOAD; 454 break; 455 case 0x80: /* Program single/multiple sector data unit from buffer */ 456 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 457 458 SETBUF_M() 459 if (onenand_prog_main(s, sec, s->count, buf)) 460 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 461 462 #if 0 463 SETBUF_S() 464 if (onenand_prog_spare(s, sec, s->count, buf)) 465 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 466 #endif 467 468 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 469 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 470 * then we need two split the read/write into two chunks. 471 */ 472 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 473 break; 474 case 0x1a: /* Program single/multiple spare area sector from buffer */ 475 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 476 477 SETBUF_S() 478 if (onenand_prog_spare(s, sec, s->count, buf)) 479 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 480 481 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 482 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 483 * then we need two split the read/write into two chunks. 484 */ 485 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 486 break; 487 case 0x1b: /* Copy-back program */ 488 SETBUF_S() 489 490 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 491 if (onenand_load_main(s, sec, s->count, buf)) 492 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 493 494 SETADDR(ONEN_BUF_DEST_BLOCK, ONEN_BUF_DEST_PAGE) 495 if (onenand_prog_main(s, sec, s->count, buf)) 496 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 497 498 /* TODO: spare areas */ 499 500 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 501 break; 502 503 case 0x23: /* Unlock NAND array block(s) */ 504 s->intstatus |= ONEN_INT; 505 506 /* XXX the previous (?) area should be locked automatically */ 507 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 508 if (b >= s->blocks) { 509 s->status |= ONEN_ERR_CMD; 510 break; 511 } 512 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 513 break; 514 515 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED; 516 } 517 break; 518 case 0x27: /* Unlock All NAND array blocks */ 519 s->intstatus |= ONEN_INT; 520 521 for (b = 0; b < s->blocks; b ++) { 522 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 523 break; 524 525 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED; 526 } 527 break; 528 529 case 0x2a: /* Lock NAND array block(s) */ 530 s->intstatus |= ONEN_INT; 531 532 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 533 if (b >= s->blocks) { 534 s->status |= ONEN_ERR_CMD; 535 break; 536 } 537 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 538 break; 539 540 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKED; 541 } 542 break; 543 case 0x2c: /* Lock-tight NAND array block(s) */ 544 s->intstatus |= ONEN_INT; 545 546 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 547 if (b >= s->blocks) { 548 s->status |= ONEN_ERR_CMD; 549 break; 550 } 551 if (s->blockwp[b] == ONEN_LOCK_UNLOCKED) 552 continue; 553 554 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKTIGHTEN; 555 } 556 break; 557 558 case 0x71: /* Erase-Verify-Read */ 559 s->intstatus |= ONEN_INT; 560 break; 561 case 0x95: /* Multi-block erase */ 562 qemu_irq_pulse(s->intr); 563 /* Fall through. */ 564 case 0x94: /* Block erase */ 565 sec = ((s->addr[ONEN_BUF_BLOCK] & 0xfff) | 566 (s->addr[ONEN_BUF_BLOCK] >> 15 ? s->density_mask : 0)) 567 << (BLOCK_SHIFT - 9); 568 if (onenand_erase(s, sec, 1 << (BLOCK_SHIFT - 9))) 569 s->status |= ONEN_ERR_CMD | ONEN_ERR_ERASE; 570 571 s->intstatus |= ONEN_INT | ONEN_INT_ERASE; 572 break; 573 case 0xb0: /* Erase suspend */ 574 break; 575 case 0x30: /* Erase resume */ 576 s->intstatus |= ONEN_INT | ONEN_INT_ERASE; 577 break; 578 579 case 0xf0: /* Reset NAND Flash core */ 580 onenand_reset(s, 0); 581 break; 582 case 0xf3: /* Reset OneNAND */ 583 onenand_reset(s, 0); 584 break; 585 586 case 0x65: /* OTP Access */ 587 s->intstatus |= ONEN_INT; 588 s->blk_cur = NULL; 589 s->current = s->otp; 590 s->secs_cur = 1 << (BLOCK_SHIFT - 9); 591 s->addr[ONEN_BUF_BLOCK] = 0; 592 s->otpmode = 1; 593 break; 594 595 default: 596 s->status |= ONEN_ERR_CMD; 597 s->intstatus |= ONEN_INT; 598 qemu_log_mask(LOG_GUEST_ERROR, "unknown OneNAND command %x\n", 599 s->command); 600 } 601 602 onenand_intr_update(s); 603 } 604 605 static uint64_t onenand_read(void *opaque, hwaddr addr, 606 unsigned size) 607 { 608 OneNANDState *s = (OneNANDState *) opaque; 609 int offset = addr >> s->shift; 610 611 switch (offset) { 612 case 0x0000 ... 0xbffe: 613 return lduw_le_p(s->boot[0] + addr); 614 615 case 0xf000: /* Manufacturer ID */ 616 return s->id.man; 617 case 0xf001: /* Device ID */ 618 return s->id.dev; 619 case 0xf002: /* Version ID */ 620 return s->id.ver; 621 /* TODO: get the following values from a real chip! */ 622 case 0xf003: /* Data Buffer size */ 623 return 1 << PAGE_SHIFT; 624 case 0xf004: /* Boot Buffer size */ 625 return 0x200; 626 case 0xf005: /* Amount of buffers */ 627 return 1 | (2 << 8); 628 case 0xf006: /* Technology */ 629 return 0; 630 631 case 0xf100 ... 0xf107: /* Start addresses */ 632 return s->addr[offset - 0xf100]; 633 634 case 0xf200: /* Start buffer */ 635 return (s->bufaddr << 8) | ((s->count - 1) & (1 << (PAGE_SHIFT - 10))); 636 637 case 0xf220: /* Command */ 638 return s->command; 639 case 0xf221: /* System Configuration 1 */ 640 return s->config[0] & 0xffe0; 641 case 0xf222: /* System Configuration 2 */ 642 return s->config[1]; 643 644 case 0xf240: /* Controller Status */ 645 return s->status; 646 case 0xf241: /* Interrupt */ 647 return s->intstatus; 648 case 0xf24c: /* Unlock Start Block Address */ 649 return s->unladdr[0]; 650 case 0xf24d: /* Unlock End Block Address */ 651 return s->unladdr[1]; 652 case 0xf24e: /* Write Protection Status */ 653 return s->wpstatus; 654 655 case 0xff00: /* ECC Status */ 656 return 0x00; 657 case 0xff01: /* ECC Result of main area data */ 658 case 0xff02: /* ECC Result of spare area data */ 659 case 0xff03: /* ECC Result of main area data */ 660 case 0xff04: /* ECC Result of spare area data */ 661 qemu_log_mask(LOG_UNIMP, 662 "onenand: ECC result registers unimplemented\n"); 663 return 0x0000; 664 } 665 666 qemu_log_mask(LOG_GUEST_ERROR, "read of unknown OneNAND register 0x%x\n", 667 offset); 668 return 0; 669 } 670 671 static void onenand_write(void *opaque, hwaddr addr, 672 uint64_t value, unsigned size) 673 { 674 OneNANDState *s = (OneNANDState *) opaque; 675 int offset = addr >> s->shift; 676 int sec; 677 678 switch (offset) { 679 case 0x0000 ... 0x01ff: 680 case 0x8000 ... 0x800f: 681 if (s->cycle) { 682 s->cycle = 0; 683 684 if (value == 0x0000) { 685 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 686 onenand_load_main(s, sec, 687 1 << (PAGE_SHIFT - 9), s->data[0][0]); 688 s->addr[ONEN_BUF_PAGE] += 4; 689 s->addr[ONEN_BUF_PAGE] &= 0xff; 690 } 691 break; 692 } 693 694 switch (value) { 695 case 0x00f0: /* Reset OneNAND */ 696 onenand_reset(s, 0); 697 break; 698 699 case 0x00e0: /* Load Data into Buffer */ 700 s->cycle = 1; 701 break; 702 703 case 0x0090: /* Read Identification Data */ 704 memset(s->boot[0], 0, 3 << s->shift); 705 s->boot[0][0 << s->shift] = s->id.man & 0xff; 706 s->boot[0][1 << s->shift] = s->id.dev & 0xff; 707 s->boot[0][2 << s->shift] = s->wpstatus & 0xff; 708 break; 709 710 default: 711 qemu_log_mask(LOG_GUEST_ERROR, 712 "unknown OneNAND boot command %" PRIx64 "\n", 713 value); 714 } 715 break; 716 717 case 0xf100 ... 0xf107: /* Start addresses */ 718 s->addr[offset - 0xf100] = value; 719 break; 720 721 case 0xf200: /* Start buffer */ 722 s->bufaddr = (value >> 8) & 0xf; 723 if (PAGE_SHIFT == 11) 724 s->count = (value & 3) ?: 4; 725 else if (PAGE_SHIFT == 10) 726 s->count = (value & 1) ?: 2; 727 break; 728 729 case 0xf220: /* Command */ 730 if (s->intstatus & (1 << 15)) 731 break; 732 s->command = value; 733 onenand_command(s); 734 break; 735 case 0xf221: /* System Configuration 1 */ 736 s->config[0] = value; 737 onenand_intr_update(s); 738 qemu_set_irq(s->rdy, (s->config[0] >> 7) & 1); 739 break; 740 case 0xf222: /* System Configuration 2 */ 741 s->config[1] = value; 742 break; 743 744 case 0xf241: /* Interrupt */ 745 s->intstatus &= value; 746 if ((1 << 15) & ~s->intstatus) 747 s->status &= ~(ONEN_ERR_CMD | ONEN_ERR_ERASE | 748 ONEN_ERR_PROG | ONEN_ERR_LOAD); 749 onenand_intr_update(s); 750 break; 751 case 0xf24c: /* Unlock Start Block Address */ 752 s->unladdr[0] = value & (s->blocks - 1); 753 /* For some reason we have to set the end address to by default 754 * be same as start because the software forgets to write anything 755 * in there. */ 756 s->unladdr[1] = value & (s->blocks - 1); 757 break; 758 case 0xf24d: /* Unlock End Block Address */ 759 s->unladdr[1] = value & (s->blocks - 1); 760 break; 761 762 default: 763 qemu_log_mask(LOG_GUEST_ERROR, 764 "write to unknown OneNAND register 0x%x\n", 765 offset); 766 } 767 } 768 769 static const MemoryRegionOps onenand_ops = { 770 .read = onenand_read, 771 .write = onenand_write, 772 .endianness = DEVICE_NATIVE_ENDIAN, 773 }; 774 775 static int onenand_initfn(SysBusDevice *sbd) 776 { 777 DeviceState *dev = DEVICE(sbd); 778 OneNANDState *s = ONE_NAND(dev); 779 uint32_t size = 1 << (24 + ((s->id.dev >> 4) & 7)); 780 void *ram; 781 Error *local_err = NULL; 782 783 s->base = (hwaddr)-1; 784 s->rdy = NULL; 785 s->blocks = size >> BLOCK_SHIFT; 786 s->secs = size >> 9; 787 s->blockwp = g_malloc(s->blocks); 788 s->density_mask = (s->id.dev & 0x08) 789 ? (1 << (6 + ((s->id.dev >> 4) & 7))) : 0; 790 memory_region_init_io(&s->iomem, OBJECT(s), &onenand_ops, s, "onenand", 791 0x10000 << s->shift); 792 if (!s->blk) { 793 s->image = memset(g_malloc(size + (size >> 5)), 794 0xff, size + (size >> 5)); 795 } else { 796 if (blk_is_read_only(s->blk)) { 797 error_report("Can't use a read-only drive"); 798 return -1; 799 } 800 blk_set_perm(s->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, 801 BLK_PERM_ALL, &local_err); 802 if (local_err) { 803 error_report_err(local_err); 804 return -1; 805 } 806 s->blk_cur = s->blk; 807 } 808 s->otp = memset(g_malloc((64 + 2) << PAGE_SHIFT), 809 0xff, (64 + 2) << PAGE_SHIFT); 810 memory_region_init_ram_nomigrate(&s->ram, OBJECT(s), "onenand.ram", 811 0xc000 << s->shift, &error_fatal); 812 vmstate_register_ram_global(&s->ram); 813 ram = memory_region_get_ram_ptr(&s->ram); 814 s->boot[0] = ram + (0x0000 << s->shift); 815 s->boot[1] = ram + (0x8000 << s->shift); 816 s->data[0][0] = ram + ((0x0200 + (0 << (PAGE_SHIFT - 1))) << s->shift); 817 s->data[0][1] = ram + ((0x8010 + (0 << (PAGE_SHIFT - 6))) << s->shift); 818 s->data[1][0] = ram + ((0x0200 + (1 << (PAGE_SHIFT - 1))) << s->shift); 819 s->data[1][1] = ram + ((0x8010 + (1 << (PAGE_SHIFT - 6))) << s->shift); 820 onenand_mem_setup(s); 821 sysbus_init_irq(sbd, &s->intr); 822 sysbus_init_mmio(sbd, &s->container); 823 vmstate_register(dev, 824 ((s->shift & 0x7f) << 24) 825 | ((s->id.man & 0xff) << 16) 826 | ((s->id.dev & 0xff) << 8) 827 | (s->id.ver & 0xff), 828 &vmstate_onenand, s); 829 return 0; 830 } 831 832 static Property onenand_properties[] = { 833 DEFINE_PROP_UINT16("manufacturer_id", OneNANDState, id.man, 0), 834 DEFINE_PROP_UINT16("device_id", OneNANDState, id.dev, 0), 835 DEFINE_PROP_UINT16("version_id", OneNANDState, id.ver, 0), 836 DEFINE_PROP_INT32("shift", OneNANDState, shift, 0), 837 DEFINE_PROP_DRIVE("drive", OneNANDState, blk), 838 DEFINE_PROP_END_OF_LIST(), 839 }; 840 841 static void onenand_class_init(ObjectClass *klass, void *data) 842 { 843 DeviceClass *dc = DEVICE_CLASS(klass); 844 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass); 845 846 k->init = onenand_initfn; 847 dc->reset = onenand_system_reset; 848 dc->props = onenand_properties; 849 } 850 851 static const TypeInfo onenand_info = { 852 .name = TYPE_ONE_NAND, 853 .parent = TYPE_SYS_BUS_DEVICE, 854 .instance_size = sizeof(OneNANDState), 855 .class_init = onenand_class_init, 856 }; 857 858 static void onenand_register_types(void) 859 { 860 type_register_static(&onenand_info); 861 } 862 863 void *onenand_raw_otp(DeviceState *onenand_device) 864 { 865 OneNANDState *s = ONE_NAND(onenand_device); 866 867 return s->otp; 868 } 869 870 type_init(onenand_register_types) 871