1 /* 2 * OneNAND flash memories emulation. 3 * 4 * Copyright (C) 2008 Nokia Corporation 5 * Written by Andrzej Zaborowski <andrew@openedhand.com> 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License as 9 * published by the Free Software Foundation; either version 2 or 10 * (at your option) version 3 of the License. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License along 18 * with this program; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 #include "qemu/osdep.h" 22 #include "qapi/error.h" 23 #include "qemu-common.h" 24 #include "hw/hw.h" 25 #include "hw/block/flash.h" 26 #include "hw/irq.h" 27 #include "sysemu/block-backend.h" 28 #include "exec/memory.h" 29 #include "hw/sysbus.h" 30 #include "qemu/error-report.h" 31 32 /* 11 for 2kB-page OneNAND ("2nd generation") and 10 for 1kB-page chips */ 33 #define PAGE_SHIFT 11 34 35 /* Fixed */ 36 #define BLOCK_SHIFT (PAGE_SHIFT + 6) 37 38 #define TYPE_ONE_NAND "onenand" 39 #define ONE_NAND(obj) OBJECT_CHECK(OneNANDState, (obj), TYPE_ONE_NAND) 40 41 typedef struct OneNANDState { 42 SysBusDevice parent_obj; 43 44 struct { 45 uint16_t man; 46 uint16_t dev; 47 uint16_t ver; 48 } id; 49 int shift; 50 hwaddr base; 51 qemu_irq intr; 52 qemu_irq rdy; 53 BlockBackend *blk; 54 BlockBackend *blk_cur; 55 uint8_t *image; 56 uint8_t *otp; 57 uint8_t *current; 58 MemoryRegion ram; 59 MemoryRegion mapped_ram; 60 uint8_t current_direction; 61 uint8_t *boot[2]; 62 uint8_t *data[2][2]; 63 MemoryRegion iomem; 64 MemoryRegion container; 65 int cycle; 66 int otpmode; 67 68 uint16_t addr[8]; 69 uint16_t unladdr[8]; 70 int bufaddr; 71 int count; 72 uint16_t command; 73 uint16_t config[2]; 74 uint16_t status; 75 uint16_t intstatus; 76 uint16_t wpstatus; 77 78 ECCState ecc; 79 80 int density_mask; 81 int secs; 82 int secs_cur; 83 int blocks; 84 uint8_t *blockwp; 85 } OneNANDState; 86 87 enum { 88 ONEN_BUF_BLOCK = 0, 89 ONEN_BUF_BLOCK2 = 1, 90 ONEN_BUF_DEST_BLOCK = 2, 91 ONEN_BUF_DEST_PAGE = 3, 92 ONEN_BUF_PAGE = 7, 93 }; 94 95 enum { 96 ONEN_ERR_CMD = 1 << 10, 97 ONEN_ERR_ERASE = 1 << 11, 98 ONEN_ERR_PROG = 1 << 12, 99 ONEN_ERR_LOAD = 1 << 13, 100 }; 101 102 enum { 103 ONEN_INT_RESET = 1 << 4, 104 ONEN_INT_ERASE = 1 << 5, 105 ONEN_INT_PROG = 1 << 6, 106 ONEN_INT_LOAD = 1 << 7, 107 ONEN_INT = 1 << 15, 108 }; 109 110 enum { 111 ONEN_LOCK_LOCKTIGHTEN = 1 << 0, 112 ONEN_LOCK_LOCKED = 1 << 1, 113 ONEN_LOCK_UNLOCKED = 1 << 2, 114 }; 115 116 static void onenand_mem_setup(OneNANDState *s) 117 { 118 /* XXX: We should use IO_MEM_ROMD but we broke it earlier... 119 * Both 0x0000 ... 0x01ff and 0x8000 ... 0x800f can be used to 120 * write boot commands. Also take note of the BWPS bit. */ 121 memory_region_init(&s->container, OBJECT(s), "onenand", 122 0x10000 << s->shift); 123 memory_region_add_subregion(&s->container, 0, &s->iomem); 124 memory_region_init_alias(&s->mapped_ram, OBJECT(s), "onenand-mapped-ram", 125 &s->ram, 0x0200 << s->shift, 126 0xbe00 << s->shift); 127 memory_region_add_subregion_overlap(&s->container, 128 0x0200 << s->shift, 129 &s->mapped_ram, 130 1); 131 } 132 133 static void onenand_intr_update(OneNANDState *s) 134 { 135 qemu_set_irq(s->intr, ((s->intstatus >> 15) ^ (~s->config[0] >> 6)) & 1); 136 } 137 138 static int onenand_pre_save(void *opaque) 139 { 140 OneNANDState *s = opaque; 141 if (s->current == s->otp) { 142 s->current_direction = 1; 143 } else if (s->current == s->image) { 144 s->current_direction = 2; 145 } else { 146 s->current_direction = 0; 147 } 148 149 return 0; 150 } 151 152 static int onenand_post_load(void *opaque, int version_id) 153 { 154 OneNANDState *s = opaque; 155 switch (s->current_direction) { 156 case 0: 157 break; 158 case 1: 159 s->current = s->otp; 160 break; 161 case 2: 162 s->current = s->image; 163 break; 164 default: 165 return -1; 166 } 167 onenand_intr_update(s); 168 return 0; 169 } 170 171 static const VMStateDescription vmstate_onenand = { 172 .name = "onenand", 173 .version_id = 1, 174 .minimum_version_id = 1, 175 .pre_save = onenand_pre_save, 176 .post_load = onenand_post_load, 177 .fields = (VMStateField[]) { 178 VMSTATE_UINT8(current_direction, OneNANDState), 179 VMSTATE_INT32(cycle, OneNANDState), 180 VMSTATE_INT32(otpmode, OneNANDState), 181 VMSTATE_UINT16_ARRAY(addr, OneNANDState, 8), 182 VMSTATE_UINT16_ARRAY(unladdr, OneNANDState, 8), 183 VMSTATE_INT32(bufaddr, OneNANDState), 184 VMSTATE_INT32(count, OneNANDState), 185 VMSTATE_UINT16(command, OneNANDState), 186 VMSTATE_UINT16_ARRAY(config, OneNANDState, 2), 187 VMSTATE_UINT16(status, OneNANDState), 188 VMSTATE_UINT16(intstatus, OneNANDState), 189 VMSTATE_UINT16(wpstatus, OneNANDState), 190 VMSTATE_INT32(secs_cur, OneNANDState), 191 VMSTATE_PARTIAL_VBUFFER(blockwp, OneNANDState, blocks), 192 VMSTATE_UINT8(ecc.cp, OneNANDState), 193 VMSTATE_UINT16_ARRAY(ecc.lp, OneNANDState, 2), 194 VMSTATE_UINT16(ecc.count, OneNANDState), 195 VMSTATE_BUFFER_POINTER_UNSAFE(otp, OneNANDState, 0, 196 ((64 + 2) << PAGE_SHIFT)), 197 VMSTATE_END_OF_LIST() 198 } 199 }; 200 201 /* Hot reset (Reset OneNAND command) or warm reset (RP pin low) */ 202 static void onenand_reset(OneNANDState *s, int cold) 203 { 204 memset(&s->addr, 0, sizeof(s->addr)); 205 s->command = 0; 206 s->count = 1; 207 s->bufaddr = 0; 208 s->config[0] = 0x40c0; 209 s->config[1] = 0x0000; 210 onenand_intr_update(s); 211 qemu_irq_raise(s->rdy); 212 s->status = 0x0000; 213 s->intstatus = cold ? 0x8080 : 0x8010; 214 s->unladdr[0] = 0; 215 s->unladdr[1] = 0; 216 s->wpstatus = 0x0002; 217 s->cycle = 0; 218 s->otpmode = 0; 219 s->blk_cur = s->blk; 220 s->current = s->image; 221 s->secs_cur = s->secs; 222 223 if (cold) { 224 /* Lock the whole flash */ 225 memset(s->blockwp, ONEN_LOCK_LOCKED, s->blocks); 226 227 if (s->blk_cur && blk_pread(s->blk_cur, 0, s->boot[0], 228 8 << BDRV_SECTOR_BITS) < 0) { 229 hw_error("%s: Loading the BootRAM failed.\n", __func__); 230 } 231 } 232 } 233 234 static void onenand_system_reset(DeviceState *dev) 235 { 236 OneNANDState *s = ONE_NAND(dev); 237 238 onenand_reset(s, 1); 239 } 240 241 static inline int onenand_load_main(OneNANDState *s, int sec, int secn, 242 void *dest) 243 { 244 assert(UINT32_MAX >> BDRV_SECTOR_BITS > sec); 245 assert(UINT32_MAX >> BDRV_SECTOR_BITS > secn); 246 if (s->blk_cur) { 247 return blk_pread(s->blk_cur, sec << BDRV_SECTOR_BITS, dest, 248 secn << BDRV_SECTOR_BITS) < 0; 249 } else if (sec + secn > s->secs_cur) { 250 return 1; 251 } 252 253 memcpy(dest, s->current + (sec << 9), secn << 9); 254 255 return 0; 256 } 257 258 static inline int onenand_prog_main(OneNANDState *s, int sec, int secn, 259 void *src) 260 { 261 int result = 0; 262 263 if (secn > 0) { 264 uint32_t size = secn << BDRV_SECTOR_BITS; 265 uint32_t offset = sec << BDRV_SECTOR_BITS; 266 assert(UINT32_MAX >> BDRV_SECTOR_BITS > sec); 267 assert(UINT32_MAX >> BDRV_SECTOR_BITS > secn); 268 const uint8_t *sp = (const uint8_t *)src; 269 uint8_t *dp = 0; 270 if (s->blk_cur) { 271 dp = g_malloc(size); 272 if (!dp || blk_pread(s->blk_cur, offset, dp, size) < 0) { 273 result = 1; 274 } 275 } else { 276 if (sec + secn > s->secs_cur) { 277 result = 1; 278 } else { 279 dp = (uint8_t *)s->current + offset; 280 } 281 } 282 if (!result) { 283 uint32_t i; 284 for (i = 0; i < size; i++) { 285 dp[i] &= sp[i]; 286 } 287 if (s->blk_cur) { 288 result = blk_pwrite(s->blk_cur, offset, dp, size, 0) < 0; 289 } 290 } 291 if (dp && s->blk_cur) { 292 g_free(dp); 293 } 294 } 295 296 return result; 297 } 298 299 static inline int onenand_load_spare(OneNANDState *s, int sec, int secn, 300 void *dest) 301 { 302 uint8_t buf[512]; 303 304 if (s->blk_cur) { 305 uint32_t offset = (s->secs_cur + (sec >> 5)) << BDRV_SECTOR_BITS; 306 if (blk_pread(s->blk_cur, offset, buf, BDRV_SECTOR_SIZE) < 0) { 307 return 1; 308 } 309 memcpy(dest, buf + ((sec & 31) << 4), secn << 4); 310 } else if (sec + secn > s->secs_cur) { 311 return 1; 312 } else { 313 memcpy(dest, s->current + (s->secs_cur << 9) + (sec << 4), secn << 4); 314 } 315 316 return 0; 317 } 318 319 static inline int onenand_prog_spare(OneNANDState *s, int sec, int secn, 320 void *src) 321 { 322 int result = 0; 323 if (secn > 0) { 324 const uint8_t *sp = (const uint8_t *)src; 325 uint8_t *dp = 0, *dpp = 0; 326 uint32_t offset = (s->secs_cur + (sec >> 5)) << BDRV_SECTOR_BITS; 327 assert(UINT32_MAX >> BDRV_SECTOR_BITS > s->secs_cur + (sec >> 5)); 328 if (s->blk_cur) { 329 dp = g_malloc(512); 330 if (!dp 331 || blk_pread(s->blk_cur, offset, dp, BDRV_SECTOR_SIZE) < 0) { 332 result = 1; 333 } else { 334 dpp = dp + ((sec & 31) << 4); 335 } 336 } else { 337 if (sec + secn > s->secs_cur) { 338 result = 1; 339 } else { 340 dpp = s->current + (s->secs_cur << 9) + (sec << 4); 341 } 342 } 343 if (!result) { 344 uint32_t i; 345 for (i = 0; i < (secn << 4); i++) { 346 dpp[i] &= sp[i]; 347 } 348 if (s->blk_cur) { 349 result = blk_pwrite(s->blk_cur, offset, dp, 350 BDRV_SECTOR_SIZE, 0) < 0; 351 } 352 } 353 g_free(dp); 354 } 355 return result; 356 } 357 358 static inline int onenand_erase(OneNANDState *s, int sec, int num) 359 { 360 uint8_t *blankbuf, *tmpbuf; 361 362 blankbuf = g_malloc(512); 363 tmpbuf = g_malloc(512); 364 memset(blankbuf, 0xff, 512); 365 for (; num > 0; num--, sec++) { 366 if (s->blk_cur) { 367 int erasesec = s->secs_cur + (sec >> 5); 368 if (blk_pwrite(s->blk_cur, sec << BDRV_SECTOR_BITS, blankbuf, 369 BDRV_SECTOR_SIZE, 0) < 0) { 370 goto fail; 371 } 372 if (blk_pread(s->blk_cur, erasesec << BDRV_SECTOR_BITS, tmpbuf, 373 BDRV_SECTOR_SIZE) < 0) { 374 goto fail; 375 } 376 memcpy(tmpbuf + ((sec & 31) << 4), blankbuf, 1 << 4); 377 if (blk_pwrite(s->blk_cur, erasesec << BDRV_SECTOR_BITS, tmpbuf, 378 BDRV_SECTOR_SIZE, 0) < 0) { 379 goto fail; 380 } 381 } else { 382 if (sec + 1 > s->secs_cur) { 383 goto fail; 384 } 385 memcpy(s->current + (sec << 9), blankbuf, 512); 386 memcpy(s->current + (s->secs_cur << 9) + (sec << 4), 387 blankbuf, 1 << 4); 388 } 389 } 390 391 g_free(tmpbuf); 392 g_free(blankbuf); 393 return 0; 394 395 fail: 396 g_free(tmpbuf); 397 g_free(blankbuf); 398 return 1; 399 } 400 401 static void onenand_command(OneNANDState *s) 402 { 403 int b; 404 int sec; 405 void *buf; 406 #define SETADDR(block, page) \ 407 sec = (s->addr[page] & 3) + \ 408 ((((s->addr[page] >> 2) & 0x3f) + \ 409 (((s->addr[block] & 0xfff) | \ 410 (s->addr[block] >> 15 ? \ 411 s->density_mask : 0)) << 6)) << (PAGE_SHIFT - 9)); 412 #define SETBUF_M() \ 413 buf = (s->bufaddr & 8) ? \ 414 s->data[(s->bufaddr >> 2) & 1][0] : s->boot[0]; \ 415 buf += (s->bufaddr & 3) << 9; 416 #define SETBUF_S() \ 417 buf = (s->bufaddr & 8) ? \ 418 s->data[(s->bufaddr >> 2) & 1][1] : s->boot[1]; \ 419 buf += (s->bufaddr & 3) << 4; 420 421 switch (s->command) { 422 case 0x00: /* Load single/multiple sector data unit into buffer */ 423 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 424 425 SETBUF_M() 426 if (onenand_load_main(s, sec, s->count, buf)) 427 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 428 429 #if 0 430 SETBUF_S() 431 if (onenand_load_spare(s, sec, s->count, buf)) 432 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 433 #endif 434 435 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 436 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 437 * then we need two split the read/write into two chunks. 438 */ 439 s->intstatus |= ONEN_INT | ONEN_INT_LOAD; 440 break; 441 case 0x13: /* Load single/multiple spare sector into buffer */ 442 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 443 444 SETBUF_S() 445 if (onenand_load_spare(s, sec, s->count, buf)) 446 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 447 448 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 449 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 450 * then we need two split the read/write into two chunks. 451 */ 452 s->intstatus |= ONEN_INT | ONEN_INT_LOAD; 453 break; 454 case 0x80: /* Program single/multiple sector data unit from buffer */ 455 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 456 457 SETBUF_M() 458 if (onenand_prog_main(s, sec, s->count, buf)) 459 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 460 461 #if 0 462 SETBUF_S() 463 if (onenand_prog_spare(s, sec, s->count, buf)) 464 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 465 #endif 466 467 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 468 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 469 * then we need two split the read/write into two chunks. 470 */ 471 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 472 break; 473 case 0x1a: /* Program single/multiple spare area sector from buffer */ 474 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 475 476 SETBUF_S() 477 if (onenand_prog_spare(s, sec, s->count, buf)) 478 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 479 480 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 481 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 482 * then we need two split the read/write into two chunks. 483 */ 484 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 485 break; 486 case 0x1b: /* Copy-back program */ 487 SETBUF_S() 488 489 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 490 if (onenand_load_main(s, sec, s->count, buf)) 491 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 492 493 SETADDR(ONEN_BUF_DEST_BLOCK, ONEN_BUF_DEST_PAGE) 494 if (onenand_prog_main(s, sec, s->count, buf)) 495 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 496 497 /* TODO: spare areas */ 498 499 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 500 break; 501 502 case 0x23: /* Unlock NAND array block(s) */ 503 s->intstatus |= ONEN_INT; 504 505 /* XXX the previous (?) area should be locked automatically */ 506 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 507 if (b >= s->blocks) { 508 s->status |= ONEN_ERR_CMD; 509 break; 510 } 511 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 512 break; 513 514 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED; 515 } 516 break; 517 case 0x27: /* Unlock All NAND array blocks */ 518 s->intstatus |= ONEN_INT; 519 520 for (b = 0; b < s->blocks; b ++) { 521 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 522 break; 523 524 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED; 525 } 526 break; 527 528 case 0x2a: /* Lock NAND array block(s) */ 529 s->intstatus |= ONEN_INT; 530 531 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 532 if (b >= s->blocks) { 533 s->status |= ONEN_ERR_CMD; 534 break; 535 } 536 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 537 break; 538 539 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKED; 540 } 541 break; 542 case 0x2c: /* Lock-tight NAND array block(s) */ 543 s->intstatus |= ONEN_INT; 544 545 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 546 if (b >= s->blocks) { 547 s->status |= ONEN_ERR_CMD; 548 break; 549 } 550 if (s->blockwp[b] == ONEN_LOCK_UNLOCKED) 551 continue; 552 553 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKTIGHTEN; 554 } 555 break; 556 557 case 0x71: /* Erase-Verify-Read */ 558 s->intstatus |= ONEN_INT; 559 break; 560 case 0x95: /* Multi-block erase */ 561 qemu_irq_pulse(s->intr); 562 /* Fall through. */ 563 case 0x94: /* Block erase */ 564 sec = ((s->addr[ONEN_BUF_BLOCK] & 0xfff) | 565 (s->addr[ONEN_BUF_BLOCK] >> 15 ? s->density_mask : 0)) 566 << (BLOCK_SHIFT - 9); 567 if (onenand_erase(s, sec, 1 << (BLOCK_SHIFT - 9))) 568 s->status |= ONEN_ERR_CMD | ONEN_ERR_ERASE; 569 570 s->intstatus |= ONEN_INT | ONEN_INT_ERASE; 571 break; 572 case 0xb0: /* Erase suspend */ 573 break; 574 case 0x30: /* Erase resume */ 575 s->intstatus |= ONEN_INT | ONEN_INT_ERASE; 576 break; 577 578 case 0xf0: /* Reset NAND Flash core */ 579 onenand_reset(s, 0); 580 break; 581 case 0xf3: /* Reset OneNAND */ 582 onenand_reset(s, 0); 583 break; 584 585 case 0x65: /* OTP Access */ 586 s->intstatus |= ONEN_INT; 587 s->blk_cur = NULL; 588 s->current = s->otp; 589 s->secs_cur = 1 << (BLOCK_SHIFT - 9); 590 s->addr[ONEN_BUF_BLOCK] = 0; 591 s->otpmode = 1; 592 break; 593 594 default: 595 s->status |= ONEN_ERR_CMD; 596 s->intstatus |= ONEN_INT; 597 fprintf(stderr, "%s: unknown OneNAND command %x\n", 598 __func__, s->command); 599 } 600 601 onenand_intr_update(s); 602 } 603 604 static uint64_t onenand_read(void *opaque, hwaddr addr, 605 unsigned size) 606 { 607 OneNANDState *s = (OneNANDState *) opaque; 608 int offset = addr >> s->shift; 609 610 switch (offset) { 611 case 0x0000 ... 0xc000: 612 return lduw_le_p(s->boot[0] + addr); 613 614 case 0xf000: /* Manufacturer ID */ 615 return s->id.man; 616 case 0xf001: /* Device ID */ 617 return s->id.dev; 618 case 0xf002: /* Version ID */ 619 return s->id.ver; 620 /* TODO: get the following values from a real chip! */ 621 case 0xf003: /* Data Buffer size */ 622 return 1 << PAGE_SHIFT; 623 case 0xf004: /* Boot Buffer size */ 624 return 0x200; 625 case 0xf005: /* Amount of buffers */ 626 return 1 | (2 << 8); 627 case 0xf006: /* Technology */ 628 return 0; 629 630 case 0xf100 ... 0xf107: /* Start addresses */ 631 return s->addr[offset - 0xf100]; 632 633 case 0xf200: /* Start buffer */ 634 return (s->bufaddr << 8) | ((s->count - 1) & (1 << (PAGE_SHIFT - 10))); 635 636 case 0xf220: /* Command */ 637 return s->command; 638 case 0xf221: /* System Configuration 1 */ 639 return s->config[0] & 0xffe0; 640 case 0xf222: /* System Configuration 2 */ 641 return s->config[1]; 642 643 case 0xf240: /* Controller Status */ 644 return s->status; 645 case 0xf241: /* Interrupt */ 646 return s->intstatus; 647 case 0xf24c: /* Unlock Start Block Address */ 648 return s->unladdr[0]; 649 case 0xf24d: /* Unlock End Block Address */ 650 return s->unladdr[1]; 651 case 0xf24e: /* Write Protection Status */ 652 return s->wpstatus; 653 654 case 0xff00: /* ECC Status */ 655 return 0x00; 656 case 0xff01: /* ECC Result of main area data */ 657 case 0xff02: /* ECC Result of spare area data */ 658 case 0xff03: /* ECC Result of main area data */ 659 case 0xff04: /* ECC Result of spare area data */ 660 hw_error("%s: implement ECC\n", __func__); 661 return 0x0000; 662 } 663 664 fprintf(stderr, "%s: unknown OneNAND register %x\n", 665 __func__, offset); 666 return 0; 667 } 668 669 static void onenand_write(void *opaque, hwaddr addr, 670 uint64_t value, unsigned size) 671 { 672 OneNANDState *s = (OneNANDState *) opaque; 673 int offset = addr >> s->shift; 674 int sec; 675 676 switch (offset) { 677 case 0x0000 ... 0x01ff: 678 case 0x8000 ... 0x800f: 679 if (s->cycle) { 680 s->cycle = 0; 681 682 if (value == 0x0000) { 683 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 684 onenand_load_main(s, sec, 685 1 << (PAGE_SHIFT - 9), s->data[0][0]); 686 s->addr[ONEN_BUF_PAGE] += 4; 687 s->addr[ONEN_BUF_PAGE] &= 0xff; 688 } 689 break; 690 } 691 692 switch (value) { 693 case 0x00f0: /* Reset OneNAND */ 694 onenand_reset(s, 0); 695 break; 696 697 case 0x00e0: /* Load Data into Buffer */ 698 s->cycle = 1; 699 break; 700 701 case 0x0090: /* Read Identification Data */ 702 memset(s->boot[0], 0, 3 << s->shift); 703 s->boot[0][0 << s->shift] = s->id.man & 0xff; 704 s->boot[0][1 << s->shift] = s->id.dev & 0xff; 705 s->boot[0][2 << s->shift] = s->wpstatus & 0xff; 706 break; 707 708 default: 709 fprintf(stderr, "%s: unknown OneNAND boot command %"PRIx64"\n", 710 __func__, value); 711 } 712 break; 713 714 case 0xf100 ... 0xf107: /* Start addresses */ 715 s->addr[offset - 0xf100] = value; 716 break; 717 718 case 0xf200: /* Start buffer */ 719 s->bufaddr = (value >> 8) & 0xf; 720 if (PAGE_SHIFT == 11) 721 s->count = (value & 3) ?: 4; 722 else if (PAGE_SHIFT == 10) 723 s->count = (value & 1) ?: 2; 724 break; 725 726 case 0xf220: /* Command */ 727 if (s->intstatus & (1 << 15)) 728 break; 729 s->command = value; 730 onenand_command(s); 731 break; 732 case 0xf221: /* System Configuration 1 */ 733 s->config[0] = value; 734 onenand_intr_update(s); 735 qemu_set_irq(s->rdy, (s->config[0] >> 7) & 1); 736 break; 737 case 0xf222: /* System Configuration 2 */ 738 s->config[1] = value; 739 break; 740 741 case 0xf241: /* Interrupt */ 742 s->intstatus &= value; 743 if ((1 << 15) & ~s->intstatus) 744 s->status &= ~(ONEN_ERR_CMD | ONEN_ERR_ERASE | 745 ONEN_ERR_PROG | ONEN_ERR_LOAD); 746 onenand_intr_update(s); 747 break; 748 case 0xf24c: /* Unlock Start Block Address */ 749 s->unladdr[0] = value & (s->blocks - 1); 750 /* For some reason we have to set the end address to by default 751 * be same as start because the software forgets to write anything 752 * in there. */ 753 s->unladdr[1] = value & (s->blocks - 1); 754 break; 755 case 0xf24d: /* Unlock End Block Address */ 756 s->unladdr[1] = value & (s->blocks - 1); 757 break; 758 759 default: 760 fprintf(stderr, "%s: unknown OneNAND register %x\n", 761 __func__, offset); 762 } 763 } 764 765 static const MemoryRegionOps onenand_ops = { 766 .read = onenand_read, 767 .write = onenand_write, 768 .endianness = DEVICE_NATIVE_ENDIAN, 769 }; 770 771 static int onenand_initfn(SysBusDevice *sbd) 772 { 773 DeviceState *dev = DEVICE(sbd); 774 OneNANDState *s = ONE_NAND(dev); 775 uint32_t size = 1 << (24 + ((s->id.dev >> 4) & 7)); 776 void *ram; 777 Error *local_err = NULL; 778 779 s->base = (hwaddr)-1; 780 s->rdy = NULL; 781 s->blocks = size >> BLOCK_SHIFT; 782 s->secs = size >> 9; 783 s->blockwp = g_malloc(s->blocks); 784 s->density_mask = (s->id.dev & 0x08) 785 ? (1 << (6 + ((s->id.dev >> 4) & 7))) : 0; 786 memory_region_init_io(&s->iomem, OBJECT(s), &onenand_ops, s, "onenand", 787 0x10000 << s->shift); 788 if (!s->blk) { 789 s->image = memset(g_malloc(size + (size >> 5)), 790 0xff, size + (size >> 5)); 791 } else { 792 if (blk_is_read_only(s->blk)) { 793 error_report("Can't use a read-only drive"); 794 return -1; 795 } 796 blk_set_perm(s->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, 797 BLK_PERM_ALL, &local_err); 798 if (local_err) { 799 error_report_err(local_err); 800 return -1; 801 } 802 s->blk_cur = s->blk; 803 } 804 s->otp = memset(g_malloc((64 + 2) << PAGE_SHIFT), 805 0xff, (64 + 2) << PAGE_SHIFT); 806 memory_region_init_ram_nomigrate(&s->ram, OBJECT(s), "onenand.ram", 807 0xc000 << s->shift, &error_fatal); 808 vmstate_register_ram_global(&s->ram); 809 ram = memory_region_get_ram_ptr(&s->ram); 810 s->boot[0] = ram + (0x0000 << s->shift); 811 s->boot[1] = ram + (0x8000 << s->shift); 812 s->data[0][0] = ram + ((0x0200 + (0 << (PAGE_SHIFT - 1))) << s->shift); 813 s->data[0][1] = ram + ((0x8010 + (0 << (PAGE_SHIFT - 6))) << s->shift); 814 s->data[1][0] = ram + ((0x0200 + (1 << (PAGE_SHIFT - 1))) << s->shift); 815 s->data[1][1] = ram + ((0x8010 + (1 << (PAGE_SHIFT - 6))) << s->shift); 816 onenand_mem_setup(s); 817 sysbus_init_irq(sbd, &s->intr); 818 sysbus_init_mmio(sbd, &s->container); 819 vmstate_register(dev, 820 ((s->shift & 0x7f) << 24) 821 | ((s->id.man & 0xff) << 16) 822 | ((s->id.dev & 0xff) << 8) 823 | (s->id.ver & 0xff), 824 &vmstate_onenand, s); 825 return 0; 826 } 827 828 static Property onenand_properties[] = { 829 DEFINE_PROP_UINT16("manufacturer_id", OneNANDState, id.man, 0), 830 DEFINE_PROP_UINT16("device_id", OneNANDState, id.dev, 0), 831 DEFINE_PROP_UINT16("version_id", OneNANDState, id.ver, 0), 832 DEFINE_PROP_INT32("shift", OneNANDState, shift, 0), 833 DEFINE_PROP_DRIVE("drive", OneNANDState, blk), 834 DEFINE_PROP_END_OF_LIST(), 835 }; 836 837 static void onenand_class_init(ObjectClass *klass, void *data) 838 { 839 DeviceClass *dc = DEVICE_CLASS(klass); 840 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass); 841 842 k->init = onenand_initfn; 843 dc->reset = onenand_system_reset; 844 dc->props = onenand_properties; 845 } 846 847 static const TypeInfo onenand_info = { 848 .name = TYPE_ONE_NAND, 849 .parent = TYPE_SYS_BUS_DEVICE, 850 .instance_size = sizeof(OneNANDState), 851 .class_init = onenand_class_init, 852 }; 853 854 static void onenand_register_types(void) 855 { 856 type_register_static(&onenand_info); 857 } 858 859 void *onenand_raw_otp(DeviceState *onenand_device) 860 { 861 OneNANDState *s = ONE_NAND(onenand_device); 862 863 return s->otp; 864 } 865 866 type_init(onenand_register_types) 867