1 /* 2 * OneNAND flash memories emulation. 3 * 4 * Copyright (C) 2008 Nokia Corporation 5 * Written by Andrzej Zaborowski <andrew@openedhand.com> 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License as 9 * published by the Free Software Foundation; either version 2 or 10 * (at your option) version 3 of the License. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License along 18 * with this program; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 #include "qemu/osdep.h" 22 #include "qapi/error.h" 23 #include "qemu-common.h" 24 #include "hw/hw.h" 25 #include "hw/block/flash.h" 26 #include "hw/irq.h" 27 #include "sysemu/block-backend.h" 28 #include "sysemu/blockdev.h" 29 #include "exec/memory.h" 30 #include "exec/address-spaces.h" 31 #include "hw/sysbus.h" 32 #include "qemu/error-report.h" 33 34 /* 11 for 2kB-page OneNAND ("2nd generation") and 10 for 1kB-page chips */ 35 #define PAGE_SHIFT 11 36 37 /* Fixed */ 38 #define BLOCK_SHIFT (PAGE_SHIFT + 6) 39 40 #define TYPE_ONE_NAND "onenand" 41 #define ONE_NAND(obj) OBJECT_CHECK(OneNANDState, (obj), TYPE_ONE_NAND) 42 43 typedef struct OneNANDState { 44 SysBusDevice parent_obj; 45 46 struct { 47 uint16_t man; 48 uint16_t dev; 49 uint16_t ver; 50 } id; 51 int shift; 52 hwaddr base; 53 qemu_irq intr; 54 qemu_irq rdy; 55 BlockBackend *blk; 56 BlockBackend *blk_cur; 57 uint8_t *image; 58 uint8_t *otp; 59 uint8_t *current; 60 MemoryRegion ram; 61 MemoryRegion mapped_ram; 62 uint8_t current_direction; 63 uint8_t *boot[2]; 64 uint8_t *data[2][2]; 65 MemoryRegion iomem; 66 MemoryRegion container; 67 int cycle; 68 int otpmode; 69 70 uint16_t addr[8]; 71 uint16_t unladdr[8]; 72 int bufaddr; 73 int count; 74 uint16_t command; 75 uint16_t config[2]; 76 uint16_t status; 77 uint16_t intstatus; 78 uint16_t wpstatus; 79 80 ECCState ecc; 81 82 int density_mask; 83 int secs; 84 int secs_cur; 85 int blocks; 86 uint8_t *blockwp; 87 } OneNANDState; 88 89 enum { 90 ONEN_BUF_BLOCK = 0, 91 ONEN_BUF_BLOCK2 = 1, 92 ONEN_BUF_DEST_BLOCK = 2, 93 ONEN_BUF_DEST_PAGE = 3, 94 ONEN_BUF_PAGE = 7, 95 }; 96 97 enum { 98 ONEN_ERR_CMD = 1 << 10, 99 ONEN_ERR_ERASE = 1 << 11, 100 ONEN_ERR_PROG = 1 << 12, 101 ONEN_ERR_LOAD = 1 << 13, 102 }; 103 104 enum { 105 ONEN_INT_RESET = 1 << 4, 106 ONEN_INT_ERASE = 1 << 5, 107 ONEN_INT_PROG = 1 << 6, 108 ONEN_INT_LOAD = 1 << 7, 109 ONEN_INT = 1 << 15, 110 }; 111 112 enum { 113 ONEN_LOCK_LOCKTIGHTEN = 1 << 0, 114 ONEN_LOCK_LOCKED = 1 << 1, 115 ONEN_LOCK_UNLOCKED = 1 << 2, 116 }; 117 118 static void onenand_mem_setup(OneNANDState *s) 119 { 120 /* XXX: We should use IO_MEM_ROMD but we broke it earlier... 121 * Both 0x0000 ... 0x01ff and 0x8000 ... 0x800f can be used to 122 * write boot commands. Also take note of the BWPS bit. */ 123 memory_region_init(&s->container, OBJECT(s), "onenand", 124 0x10000 << s->shift); 125 memory_region_add_subregion(&s->container, 0, &s->iomem); 126 memory_region_init_alias(&s->mapped_ram, OBJECT(s), "onenand-mapped-ram", 127 &s->ram, 0x0200 << s->shift, 128 0xbe00 << s->shift); 129 memory_region_add_subregion_overlap(&s->container, 130 0x0200 << s->shift, 131 &s->mapped_ram, 132 1); 133 } 134 135 static void onenand_intr_update(OneNANDState *s) 136 { 137 qemu_set_irq(s->intr, ((s->intstatus >> 15) ^ (~s->config[0] >> 6)) & 1); 138 } 139 140 static int onenand_pre_save(void *opaque) 141 { 142 OneNANDState *s = opaque; 143 if (s->current == s->otp) { 144 s->current_direction = 1; 145 } else if (s->current == s->image) { 146 s->current_direction = 2; 147 } else { 148 s->current_direction = 0; 149 } 150 151 return 0; 152 } 153 154 static int onenand_post_load(void *opaque, int version_id) 155 { 156 OneNANDState *s = opaque; 157 switch (s->current_direction) { 158 case 0: 159 break; 160 case 1: 161 s->current = s->otp; 162 break; 163 case 2: 164 s->current = s->image; 165 break; 166 default: 167 return -1; 168 } 169 onenand_intr_update(s); 170 return 0; 171 } 172 173 static const VMStateDescription vmstate_onenand = { 174 .name = "onenand", 175 .version_id = 1, 176 .minimum_version_id = 1, 177 .pre_save = onenand_pre_save, 178 .post_load = onenand_post_load, 179 .fields = (VMStateField[]) { 180 VMSTATE_UINT8(current_direction, OneNANDState), 181 VMSTATE_INT32(cycle, OneNANDState), 182 VMSTATE_INT32(otpmode, OneNANDState), 183 VMSTATE_UINT16_ARRAY(addr, OneNANDState, 8), 184 VMSTATE_UINT16_ARRAY(unladdr, OneNANDState, 8), 185 VMSTATE_INT32(bufaddr, OneNANDState), 186 VMSTATE_INT32(count, OneNANDState), 187 VMSTATE_UINT16(command, OneNANDState), 188 VMSTATE_UINT16_ARRAY(config, OneNANDState, 2), 189 VMSTATE_UINT16(status, OneNANDState), 190 VMSTATE_UINT16(intstatus, OneNANDState), 191 VMSTATE_UINT16(wpstatus, OneNANDState), 192 VMSTATE_INT32(secs_cur, OneNANDState), 193 VMSTATE_PARTIAL_VBUFFER(blockwp, OneNANDState, blocks), 194 VMSTATE_UINT8(ecc.cp, OneNANDState), 195 VMSTATE_UINT16_ARRAY(ecc.lp, OneNANDState, 2), 196 VMSTATE_UINT16(ecc.count, OneNANDState), 197 VMSTATE_BUFFER_POINTER_UNSAFE(otp, OneNANDState, 0, 198 ((64 + 2) << PAGE_SHIFT)), 199 VMSTATE_END_OF_LIST() 200 } 201 }; 202 203 /* Hot reset (Reset OneNAND command) or warm reset (RP pin low) */ 204 static void onenand_reset(OneNANDState *s, int cold) 205 { 206 memset(&s->addr, 0, sizeof(s->addr)); 207 s->command = 0; 208 s->count = 1; 209 s->bufaddr = 0; 210 s->config[0] = 0x40c0; 211 s->config[1] = 0x0000; 212 onenand_intr_update(s); 213 qemu_irq_raise(s->rdy); 214 s->status = 0x0000; 215 s->intstatus = cold ? 0x8080 : 0x8010; 216 s->unladdr[0] = 0; 217 s->unladdr[1] = 0; 218 s->wpstatus = 0x0002; 219 s->cycle = 0; 220 s->otpmode = 0; 221 s->blk_cur = s->blk; 222 s->current = s->image; 223 s->secs_cur = s->secs; 224 225 if (cold) { 226 /* Lock the whole flash */ 227 memset(s->blockwp, ONEN_LOCK_LOCKED, s->blocks); 228 229 if (s->blk_cur && blk_pread(s->blk_cur, 0, s->boot[0], 230 8 << BDRV_SECTOR_BITS) < 0) { 231 hw_error("%s: Loading the BootRAM failed.\n", __func__); 232 } 233 } 234 } 235 236 static void onenand_system_reset(DeviceState *dev) 237 { 238 OneNANDState *s = ONE_NAND(dev); 239 240 onenand_reset(s, 1); 241 } 242 243 static inline int onenand_load_main(OneNANDState *s, int sec, int secn, 244 void *dest) 245 { 246 assert(UINT32_MAX >> BDRV_SECTOR_BITS > sec); 247 assert(UINT32_MAX >> BDRV_SECTOR_BITS > secn); 248 if (s->blk_cur) { 249 return blk_pread(s->blk_cur, sec << BDRV_SECTOR_BITS, dest, 250 secn << BDRV_SECTOR_BITS) < 0; 251 } else if (sec + secn > s->secs_cur) { 252 return 1; 253 } 254 255 memcpy(dest, s->current + (sec << 9), secn << 9); 256 257 return 0; 258 } 259 260 static inline int onenand_prog_main(OneNANDState *s, int sec, int secn, 261 void *src) 262 { 263 int result = 0; 264 265 if (secn > 0) { 266 uint32_t size = secn << BDRV_SECTOR_BITS; 267 uint32_t offset = sec << BDRV_SECTOR_BITS; 268 assert(UINT32_MAX >> BDRV_SECTOR_BITS > sec); 269 assert(UINT32_MAX >> BDRV_SECTOR_BITS > secn); 270 const uint8_t *sp = (const uint8_t *)src; 271 uint8_t *dp = 0; 272 if (s->blk_cur) { 273 dp = g_malloc(size); 274 if (!dp || blk_pread(s->blk_cur, offset, dp, size) < 0) { 275 result = 1; 276 } 277 } else { 278 if (sec + secn > s->secs_cur) { 279 result = 1; 280 } else { 281 dp = (uint8_t *)s->current + offset; 282 } 283 } 284 if (!result) { 285 uint32_t i; 286 for (i = 0; i < size; i++) { 287 dp[i] &= sp[i]; 288 } 289 if (s->blk_cur) { 290 result = blk_pwrite(s->blk_cur, offset, dp, size, 0) < 0; 291 } 292 } 293 if (dp && s->blk_cur) { 294 g_free(dp); 295 } 296 } 297 298 return result; 299 } 300 301 static inline int onenand_load_spare(OneNANDState *s, int sec, int secn, 302 void *dest) 303 { 304 uint8_t buf[512]; 305 306 if (s->blk_cur) { 307 uint32_t offset = (s->secs_cur + (sec >> 5)) << BDRV_SECTOR_BITS; 308 if (blk_pread(s->blk_cur, offset, buf, BDRV_SECTOR_SIZE) < 0) { 309 return 1; 310 } 311 memcpy(dest, buf + ((sec & 31) << 4), secn << 4); 312 } else if (sec + secn > s->secs_cur) { 313 return 1; 314 } else { 315 memcpy(dest, s->current + (s->secs_cur << 9) + (sec << 4), secn << 4); 316 } 317 318 return 0; 319 } 320 321 static inline int onenand_prog_spare(OneNANDState *s, int sec, int secn, 322 void *src) 323 { 324 int result = 0; 325 if (secn > 0) { 326 const uint8_t *sp = (const uint8_t *)src; 327 uint8_t *dp = 0, *dpp = 0; 328 uint32_t offset = (s->secs_cur + (sec >> 5)) << BDRV_SECTOR_BITS; 329 assert(UINT32_MAX >> BDRV_SECTOR_BITS > s->secs_cur + (sec >> 5)); 330 if (s->blk_cur) { 331 dp = g_malloc(512); 332 if (!dp 333 || blk_pread(s->blk_cur, offset, dp, BDRV_SECTOR_SIZE) < 0) { 334 result = 1; 335 } else { 336 dpp = dp + ((sec & 31) << 4); 337 } 338 } else { 339 if (sec + secn > s->secs_cur) { 340 result = 1; 341 } else { 342 dpp = s->current + (s->secs_cur << 9) + (sec << 4); 343 } 344 } 345 if (!result) { 346 uint32_t i; 347 for (i = 0; i < (secn << 4); i++) { 348 dpp[i] &= sp[i]; 349 } 350 if (s->blk_cur) { 351 result = blk_pwrite(s->blk_cur, offset, dp, 352 BDRV_SECTOR_SIZE, 0) < 0; 353 } 354 } 355 g_free(dp); 356 } 357 return result; 358 } 359 360 static inline int onenand_erase(OneNANDState *s, int sec, int num) 361 { 362 uint8_t *blankbuf, *tmpbuf; 363 364 blankbuf = g_malloc(512); 365 tmpbuf = g_malloc(512); 366 memset(blankbuf, 0xff, 512); 367 for (; num > 0; num--, sec++) { 368 if (s->blk_cur) { 369 int erasesec = s->secs_cur + (sec >> 5); 370 if (blk_pwrite(s->blk_cur, sec << BDRV_SECTOR_BITS, blankbuf, 371 BDRV_SECTOR_SIZE, 0) < 0) { 372 goto fail; 373 } 374 if (blk_pread(s->blk_cur, erasesec << BDRV_SECTOR_BITS, tmpbuf, 375 BDRV_SECTOR_SIZE) < 0) { 376 goto fail; 377 } 378 memcpy(tmpbuf + ((sec & 31) << 4), blankbuf, 1 << 4); 379 if (blk_pwrite(s->blk_cur, erasesec << BDRV_SECTOR_BITS, tmpbuf, 380 BDRV_SECTOR_SIZE, 0) < 0) { 381 goto fail; 382 } 383 } else { 384 if (sec + 1 > s->secs_cur) { 385 goto fail; 386 } 387 memcpy(s->current + (sec << 9), blankbuf, 512); 388 memcpy(s->current + (s->secs_cur << 9) + (sec << 4), 389 blankbuf, 1 << 4); 390 } 391 } 392 393 g_free(tmpbuf); 394 g_free(blankbuf); 395 return 0; 396 397 fail: 398 g_free(tmpbuf); 399 g_free(blankbuf); 400 return 1; 401 } 402 403 static void onenand_command(OneNANDState *s) 404 { 405 int b; 406 int sec; 407 void *buf; 408 #define SETADDR(block, page) \ 409 sec = (s->addr[page] & 3) + \ 410 ((((s->addr[page] >> 2) & 0x3f) + \ 411 (((s->addr[block] & 0xfff) | \ 412 (s->addr[block] >> 15 ? \ 413 s->density_mask : 0)) << 6)) << (PAGE_SHIFT - 9)); 414 #define SETBUF_M() \ 415 buf = (s->bufaddr & 8) ? \ 416 s->data[(s->bufaddr >> 2) & 1][0] : s->boot[0]; \ 417 buf += (s->bufaddr & 3) << 9; 418 #define SETBUF_S() \ 419 buf = (s->bufaddr & 8) ? \ 420 s->data[(s->bufaddr >> 2) & 1][1] : s->boot[1]; \ 421 buf += (s->bufaddr & 3) << 4; 422 423 switch (s->command) { 424 case 0x00: /* Load single/multiple sector data unit into buffer */ 425 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 426 427 SETBUF_M() 428 if (onenand_load_main(s, sec, s->count, buf)) 429 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 430 431 #if 0 432 SETBUF_S() 433 if (onenand_load_spare(s, sec, s->count, buf)) 434 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 435 #endif 436 437 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 438 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 439 * then we need two split the read/write into two chunks. 440 */ 441 s->intstatus |= ONEN_INT | ONEN_INT_LOAD; 442 break; 443 case 0x13: /* Load single/multiple spare sector into buffer */ 444 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 445 446 SETBUF_S() 447 if (onenand_load_spare(s, sec, s->count, buf)) 448 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 449 450 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 451 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 452 * then we need two split the read/write into two chunks. 453 */ 454 s->intstatus |= ONEN_INT | ONEN_INT_LOAD; 455 break; 456 case 0x80: /* Program single/multiple sector data unit from buffer */ 457 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 458 459 SETBUF_M() 460 if (onenand_prog_main(s, sec, s->count, buf)) 461 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 462 463 #if 0 464 SETBUF_S() 465 if (onenand_prog_spare(s, sec, s->count, buf)) 466 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 467 #endif 468 469 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 470 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 471 * then we need two split the read/write into two chunks. 472 */ 473 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 474 break; 475 case 0x1a: /* Program single/multiple spare area sector from buffer */ 476 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 477 478 SETBUF_S() 479 if (onenand_prog_spare(s, sec, s->count, buf)) 480 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 481 482 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 483 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 484 * then we need two split the read/write into two chunks. 485 */ 486 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 487 break; 488 case 0x1b: /* Copy-back program */ 489 SETBUF_S() 490 491 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 492 if (onenand_load_main(s, sec, s->count, buf)) 493 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 494 495 SETADDR(ONEN_BUF_DEST_BLOCK, ONEN_BUF_DEST_PAGE) 496 if (onenand_prog_main(s, sec, s->count, buf)) 497 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 498 499 /* TODO: spare areas */ 500 501 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 502 break; 503 504 case 0x23: /* Unlock NAND array block(s) */ 505 s->intstatus |= ONEN_INT; 506 507 /* XXX the previous (?) area should be locked automatically */ 508 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 509 if (b >= s->blocks) { 510 s->status |= ONEN_ERR_CMD; 511 break; 512 } 513 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 514 break; 515 516 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED; 517 } 518 break; 519 case 0x27: /* Unlock All NAND array blocks */ 520 s->intstatus |= ONEN_INT; 521 522 for (b = 0; b < s->blocks; b ++) { 523 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 524 break; 525 526 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED; 527 } 528 break; 529 530 case 0x2a: /* Lock NAND array block(s) */ 531 s->intstatus |= ONEN_INT; 532 533 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 534 if (b >= s->blocks) { 535 s->status |= ONEN_ERR_CMD; 536 break; 537 } 538 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 539 break; 540 541 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKED; 542 } 543 break; 544 case 0x2c: /* Lock-tight NAND array block(s) */ 545 s->intstatus |= ONEN_INT; 546 547 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 548 if (b >= s->blocks) { 549 s->status |= ONEN_ERR_CMD; 550 break; 551 } 552 if (s->blockwp[b] == ONEN_LOCK_UNLOCKED) 553 continue; 554 555 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKTIGHTEN; 556 } 557 break; 558 559 case 0x71: /* Erase-Verify-Read */ 560 s->intstatus |= ONEN_INT; 561 break; 562 case 0x95: /* Multi-block erase */ 563 qemu_irq_pulse(s->intr); 564 /* Fall through. */ 565 case 0x94: /* Block erase */ 566 sec = ((s->addr[ONEN_BUF_BLOCK] & 0xfff) | 567 (s->addr[ONEN_BUF_BLOCK] >> 15 ? s->density_mask : 0)) 568 << (BLOCK_SHIFT - 9); 569 if (onenand_erase(s, sec, 1 << (BLOCK_SHIFT - 9))) 570 s->status |= ONEN_ERR_CMD | ONEN_ERR_ERASE; 571 572 s->intstatus |= ONEN_INT | ONEN_INT_ERASE; 573 break; 574 case 0xb0: /* Erase suspend */ 575 break; 576 case 0x30: /* Erase resume */ 577 s->intstatus |= ONEN_INT | ONEN_INT_ERASE; 578 break; 579 580 case 0xf0: /* Reset NAND Flash core */ 581 onenand_reset(s, 0); 582 break; 583 case 0xf3: /* Reset OneNAND */ 584 onenand_reset(s, 0); 585 break; 586 587 case 0x65: /* OTP Access */ 588 s->intstatus |= ONEN_INT; 589 s->blk_cur = NULL; 590 s->current = s->otp; 591 s->secs_cur = 1 << (BLOCK_SHIFT - 9); 592 s->addr[ONEN_BUF_BLOCK] = 0; 593 s->otpmode = 1; 594 break; 595 596 default: 597 s->status |= ONEN_ERR_CMD; 598 s->intstatus |= ONEN_INT; 599 fprintf(stderr, "%s: unknown OneNAND command %x\n", 600 __func__, s->command); 601 } 602 603 onenand_intr_update(s); 604 } 605 606 static uint64_t onenand_read(void *opaque, hwaddr addr, 607 unsigned size) 608 { 609 OneNANDState *s = (OneNANDState *) opaque; 610 int offset = addr >> s->shift; 611 612 switch (offset) { 613 case 0x0000 ... 0xc000: 614 return lduw_le_p(s->boot[0] + addr); 615 616 case 0xf000: /* Manufacturer ID */ 617 return s->id.man; 618 case 0xf001: /* Device ID */ 619 return s->id.dev; 620 case 0xf002: /* Version ID */ 621 return s->id.ver; 622 /* TODO: get the following values from a real chip! */ 623 case 0xf003: /* Data Buffer size */ 624 return 1 << PAGE_SHIFT; 625 case 0xf004: /* Boot Buffer size */ 626 return 0x200; 627 case 0xf005: /* Amount of buffers */ 628 return 1 | (2 << 8); 629 case 0xf006: /* Technology */ 630 return 0; 631 632 case 0xf100 ... 0xf107: /* Start addresses */ 633 return s->addr[offset - 0xf100]; 634 635 case 0xf200: /* Start buffer */ 636 return (s->bufaddr << 8) | ((s->count - 1) & (1 << (PAGE_SHIFT - 10))); 637 638 case 0xf220: /* Command */ 639 return s->command; 640 case 0xf221: /* System Configuration 1 */ 641 return s->config[0] & 0xffe0; 642 case 0xf222: /* System Configuration 2 */ 643 return s->config[1]; 644 645 case 0xf240: /* Controller Status */ 646 return s->status; 647 case 0xf241: /* Interrupt */ 648 return s->intstatus; 649 case 0xf24c: /* Unlock Start Block Address */ 650 return s->unladdr[0]; 651 case 0xf24d: /* Unlock End Block Address */ 652 return s->unladdr[1]; 653 case 0xf24e: /* Write Protection Status */ 654 return s->wpstatus; 655 656 case 0xff00: /* ECC Status */ 657 return 0x00; 658 case 0xff01: /* ECC Result of main area data */ 659 case 0xff02: /* ECC Result of spare area data */ 660 case 0xff03: /* ECC Result of main area data */ 661 case 0xff04: /* ECC Result of spare area data */ 662 hw_error("%s: implement ECC\n", __func__); 663 return 0x0000; 664 } 665 666 fprintf(stderr, "%s: unknown OneNAND register %x\n", 667 __func__, offset); 668 return 0; 669 } 670 671 static void onenand_write(void *opaque, hwaddr addr, 672 uint64_t value, unsigned size) 673 { 674 OneNANDState *s = (OneNANDState *) opaque; 675 int offset = addr >> s->shift; 676 int sec; 677 678 switch (offset) { 679 case 0x0000 ... 0x01ff: 680 case 0x8000 ... 0x800f: 681 if (s->cycle) { 682 s->cycle = 0; 683 684 if (value == 0x0000) { 685 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 686 onenand_load_main(s, sec, 687 1 << (PAGE_SHIFT - 9), s->data[0][0]); 688 s->addr[ONEN_BUF_PAGE] += 4; 689 s->addr[ONEN_BUF_PAGE] &= 0xff; 690 } 691 break; 692 } 693 694 switch (value) { 695 case 0x00f0: /* Reset OneNAND */ 696 onenand_reset(s, 0); 697 break; 698 699 case 0x00e0: /* Load Data into Buffer */ 700 s->cycle = 1; 701 break; 702 703 case 0x0090: /* Read Identification Data */ 704 memset(s->boot[0], 0, 3 << s->shift); 705 s->boot[0][0 << s->shift] = s->id.man & 0xff; 706 s->boot[0][1 << s->shift] = s->id.dev & 0xff; 707 s->boot[0][2 << s->shift] = s->wpstatus & 0xff; 708 break; 709 710 default: 711 fprintf(stderr, "%s: unknown OneNAND boot command %"PRIx64"\n", 712 __func__, value); 713 } 714 break; 715 716 case 0xf100 ... 0xf107: /* Start addresses */ 717 s->addr[offset - 0xf100] = value; 718 break; 719 720 case 0xf200: /* Start buffer */ 721 s->bufaddr = (value >> 8) & 0xf; 722 if (PAGE_SHIFT == 11) 723 s->count = (value & 3) ?: 4; 724 else if (PAGE_SHIFT == 10) 725 s->count = (value & 1) ?: 2; 726 break; 727 728 case 0xf220: /* Command */ 729 if (s->intstatus & (1 << 15)) 730 break; 731 s->command = value; 732 onenand_command(s); 733 break; 734 case 0xf221: /* System Configuration 1 */ 735 s->config[0] = value; 736 onenand_intr_update(s); 737 qemu_set_irq(s->rdy, (s->config[0] >> 7) & 1); 738 break; 739 case 0xf222: /* System Configuration 2 */ 740 s->config[1] = value; 741 break; 742 743 case 0xf241: /* Interrupt */ 744 s->intstatus &= value; 745 if ((1 << 15) & ~s->intstatus) 746 s->status &= ~(ONEN_ERR_CMD | ONEN_ERR_ERASE | 747 ONEN_ERR_PROG | ONEN_ERR_LOAD); 748 onenand_intr_update(s); 749 break; 750 case 0xf24c: /* Unlock Start Block Address */ 751 s->unladdr[0] = value & (s->blocks - 1); 752 /* For some reason we have to set the end address to by default 753 * be same as start because the software forgets to write anything 754 * in there. */ 755 s->unladdr[1] = value & (s->blocks - 1); 756 break; 757 case 0xf24d: /* Unlock End Block Address */ 758 s->unladdr[1] = value & (s->blocks - 1); 759 break; 760 761 default: 762 fprintf(stderr, "%s: unknown OneNAND register %x\n", 763 __func__, offset); 764 } 765 } 766 767 static const MemoryRegionOps onenand_ops = { 768 .read = onenand_read, 769 .write = onenand_write, 770 .endianness = DEVICE_NATIVE_ENDIAN, 771 }; 772 773 static int onenand_initfn(SysBusDevice *sbd) 774 { 775 DeviceState *dev = DEVICE(sbd); 776 OneNANDState *s = ONE_NAND(dev); 777 uint32_t size = 1 << (24 + ((s->id.dev >> 4) & 7)); 778 void *ram; 779 Error *local_err = NULL; 780 781 s->base = (hwaddr)-1; 782 s->rdy = NULL; 783 s->blocks = size >> BLOCK_SHIFT; 784 s->secs = size >> 9; 785 s->blockwp = g_malloc(s->blocks); 786 s->density_mask = (s->id.dev & 0x08) 787 ? (1 << (6 + ((s->id.dev >> 4) & 7))) : 0; 788 memory_region_init_io(&s->iomem, OBJECT(s), &onenand_ops, s, "onenand", 789 0x10000 << s->shift); 790 if (!s->blk) { 791 s->image = memset(g_malloc(size + (size >> 5)), 792 0xff, size + (size >> 5)); 793 } else { 794 if (blk_is_read_only(s->blk)) { 795 error_report("Can't use a read-only drive"); 796 return -1; 797 } 798 blk_set_perm(s->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, 799 BLK_PERM_ALL, &local_err); 800 if (local_err) { 801 error_report_err(local_err); 802 return -1; 803 } 804 s->blk_cur = s->blk; 805 } 806 s->otp = memset(g_malloc((64 + 2) << PAGE_SHIFT), 807 0xff, (64 + 2) << PAGE_SHIFT); 808 memory_region_init_ram_nomigrate(&s->ram, OBJECT(s), "onenand.ram", 809 0xc000 << s->shift, &error_fatal); 810 vmstate_register_ram_global(&s->ram); 811 ram = memory_region_get_ram_ptr(&s->ram); 812 s->boot[0] = ram + (0x0000 << s->shift); 813 s->boot[1] = ram + (0x8000 << s->shift); 814 s->data[0][0] = ram + ((0x0200 + (0 << (PAGE_SHIFT - 1))) << s->shift); 815 s->data[0][1] = ram + ((0x8010 + (0 << (PAGE_SHIFT - 6))) << s->shift); 816 s->data[1][0] = ram + ((0x0200 + (1 << (PAGE_SHIFT - 1))) << s->shift); 817 s->data[1][1] = ram + ((0x8010 + (1 << (PAGE_SHIFT - 6))) << s->shift); 818 onenand_mem_setup(s); 819 sysbus_init_irq(sbd, &s->intr); 820 sysbus_init_mmio(sbd, &s->container); 821 vmstate_register(dev, 822 ((s->shift & 0x7f) << 24) 823 | ((s->id.man & 0xff) << 16) 824 | ((s->id.dev & 0xff) << 8) 825 | (s->id.ver & 0xff), 826 &vmstate_onenand, s); 827 return 0; 828 } 829 830 static Property onenand_properties[] = { 831 DEFINE_PROP_UINT16("manufacturer_id", OneNANDState, id.man, 0), 832 DEFINE_PROP_UINT16("device_id", OneNANDState, id.dev, 0), 833 DEFINE_PROP_UINT16("version_id", OneNANDState, id.ver, 0), 834 DEFINE_PROP_INT32("shift", OneNANDState, shift, 0), 835 DEFINE_PROP_DRIVE("drive", OneNANDState, blk), 836 DEFINE_PROP_END_OF_LIST(), 837 }; 838 839 static void onenand_class_init(ObjectClass *klass, void *data) 840 { 841 DeviceClass *dc = DEVICE_CLASS(klass); 842 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass); 843 844 k->init = onenand_initfn; 845 dc->reset = onenand_system_reset; 846 dc->props = onenand_properties; 847 } 848 849 static const TypeInfo onenand_info = { 850 .name = TYPE_ONE_NAND, 851 .parent = TYPE_SYS_BUS_DEVICE, 852 .instance_size = sizeof(OneNANDState), 853 .class_init = onenand_class_init, 854 }; 855 856 static void onenand_register_types(void) 857 { 858 type_register_static(&onenand_info); 859 } 860 861 void *onenand_raw_otp(DeviceState *onenand_device) 862 { 863 OneNANDState *s = ONE_NAND(onenand_device); 864 865 return s->otp; 866 } 867 868 type_init(onenand_register_types) 869