1 /* 2 * OneNAND flash memories emulation. 3 * 4 * Copyright (C) 2008 Nokia Corporation 5 * Written by Andrzej Zaborowski <andrew@openedhand.com> 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License as 9 * published by the Free Software Foundation; either version 2 or 10 * (at your option) version 3 of the License. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License along 18 * with this program; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 #include "qemu/osdep.h" 22 #include "qapi/error.h" 23 #include "qemu-common.h" 24 #include "hw/hw.h" 25 #include "hw/block/flash.h" 26 #include "hw/irq.h" 27 #include "sysemu/block-backend.h" 28 #include "sysemu/blockdev.h" 29 #include "exec/memory.h" 30 #include "exec/address-spaces.h" 31 #include "hw/sysbus.h" 32 #include "qemu/error-report.h" 33 34 /* 11 for 2kB-page OneNAND ("2nd generation") and 10 for 1kB-page chips */ 35 #define PAGE_SHIFT 11 36 37 /* Fixed */ 38 #define BLOCK_SHIFT (PAGE_SHIFT + 6) 39 40 #define TYPE_ONE_NAND "onenand" 41 #define ONE_NAND(obj) OBJECT_CHECK(OneNANDState, (obj), TYPE_ONE_NAND) 42 43 typedef struct OneNANDState { 44 SysBusDevice parent_obj; 45 46 struct { 47 uint16_t man; 48 uint16_t dev; 49 uint16_t ver; 50 } id; 51 int shift; 52 hwaddr base; 53 qemu_irq intr; 54 qemu_irq rdy; 55 BlockBackend *blk; 56 BlockBackend *blk_cur; 57 uint8_t *image; 58 uint8_t *otp; 59 uint8_t *current; 60 MemoryRegion ram; 61 MemoryRegion mapped_ram; 62 uint8_t current_direction; 63 uint8_t *boot[2]; 64 uint8_t *data[2][2]; 65 MemoryRegion iomem; 66 MemoryRegion container; 67 int cycle; 68 int otpmode; 69 70 uint16_t addr[8]; 71 uint16_t unladdr[8]; 72 int bufaddr; 73 int count; 74 uint16_t command; 75 uint16_t config[2]; 76 uint16_t status; 77 uint16_t intstatus; 78 uint16_t wpstatus; 79 80 ECCState ecc; 81 82 int density_mask; 83 int secs; 84 int secs_cur; 85 int blocks; 86 uint8_t *blockwp; 87 } OneNANDState; 88 89 enum { 90 ONEN_BUF_BLOCK = 0, 91 ONEN_BUF_BLOCK2 = 1, 92 ONEN_BUF_DEST_BLOCK = 2, 93 ONEN_BUF_DEST_PAGE = 3, 94 ONEN_BUF_PAGE = 7, 95 }; 96 97 enum { 98 ONEN_ERR_CMD = 1 << 10, 99 ONEN_ERR_ERASE = 1 << 11, 100 ONEN_ERR_PROG = 1 << 12, 101 ONEN_ERR_LOAD = 1 << 13, 102 }; 103 104 enum { 105 ONEN_INT_RESET = 1 << 4, 106 ONEN_INT_ERASE = 1 << 5, 107 ONEN_INT_PROG = 1 << 6, 108 ONEN_INT_LOAD = 1 << 7, 109 ONEN_INT = 1 << 15, 110 }; 111 112 enum { 113 ONEN_LOCK_LOCKTIGHTEN = 1 << 0, 114 ONEN_LOCK_LOCKED = 1 << 1, 115 ONEN_LOCK_UNLOCKED = 1 << 2, 116 }; 117 118 static void onenand_mem_setup(OneNANDState *s) 119 { 120 /* XXX: We should use IO_MEM_ROMD but we broke it earlier... 121 * Both 0x0000 ... 0x01ff and 0x8000 ... 0x800f can be used to 122 * write boot commands. Also take note of the BWPS bit. */ 123 memory_region_init(&s->container, OBJECT(s), "onenand", 124 0x10000 << s->shift); 125 memory_region_add_subregion(&s->container, 0, &s->iomem); 126 memory_region_init_alias(&s->mapped_ram, OBJECT(s), "onenand-mapped-ram", 127 &s->ram, 0x0200 << s->shift, 128 0xbe00 << s->shift); 129 memory_region_add_subregion_overlap(&s->container, 130 0x0200 << s->shift, 131 &s->mapped_ram, 132 1); 133 } 134 135 static void onenand_intr_update(OneNANDState *s) 136 { 137 qemu_set_irq(s->intr, ((s->intstatus >> 15) ^ (~s->config[0] >> 6)) & 1); 138 } 139 140 static void onenand_pre_save(void *opaque) 141 { 142 OneNANDState *s = opaque; 143 if (s->current == s->otp) { 144 s->current_direction = 1; 145 } else if (s->current == s->image) { 146 s->current_direction = 2; 147 } else { 148 s->current_direction = 0; 149 } 150 } 151 152 static int onenand_post_load(void *opaque, int version_id) 153 { 154 OneNANDState *s = opaque; 155 switch (s->current_direction) { 156 case 0: 157 break; 158 case 1: 159 s->current = s->otp; 160 break; 161 case 2: 162 s->current = s->image; 163 break; 164 default: 165 return -1; 166 } 167 onenand_intr_update(s); 168 return 0; 169 } 170 171 static const VMStateDescription vmstate_onenand = { 172 .name = "onenand", 173 .version_id = 1, 174 .minimum_version_id = 1, 175 .pre_save = onenand_pre_save, 176 .post_load = onenand_post_load, 177 .fields = (VMStateField[]) { 178 VMSTATE_UINT8(current_direction, OneNANDState), 179 VMSTATE_INT32(cycle, OneNANDState), 180 VMSTATE_INT32(otpmode, OneNANDState), 181 VMSTATE_UINT16_ARRAY(addr, OneNANDState, 8), 182 VMSTATE_UINT16_ARRAY(unladdr, OneNANDState, 8), 183 VMSTATE_INT32(bufaddr, OneNANDState), 184 VMSTATE_INT32(count, OneNANDState), 185 VMSTATE_UINT16(command, OneNANDState), 186 VMSTATE_UINT16_ARRAY(config, OneNANDState, 2), 187 VMSTATE_UINT16(status, OneNANDState), 188 VMSTATE_UINT16(intstatus, OneNANDState), 189 VMSTATE_UINT16(wpstatus, OneNANDState), 190 VMSTATE_INT32(secs_cur, OneNANDState), 191 VMSTATE_PARTIAL_VBUFFER(blockwp, OneNANDState, blocks), 192 VMSTATE_UINT8(ecc.cp, OneNANDState), 193 VMSTATE_UINT16_ARRAY(ecc.lp, OneNANDState, 2), 194 VMSTATE_UINT16(ecc.count, OneNANDState), 195 VMSTATE_BUFFER_POINTER_UNSAFE(otp, OneNANDState, 0, 196 ((64 + 2) << PAGE_SHIFT)), 197 VMSTATE_END_OF_LIST() 198 } 199 }; 200 201 /* Hot reset (Reset OneNAND command) or warm reset (RP pin low) */ 202 static void onenand_reset(OneNANDState *s, int cold) 203 { 204 memset(&s->addr, 0, sizeof(s->addr)); 205 s->command = 0; 206 s->count = 1; 207 s->bufaddr = 0; 208 s->config[0] = 0x40c0; 209 s->config[1] = 0x0000; 210 onenand_intr_update(s); 211 qemu_irq_raise(s->rdy); 212 s->status = 0x0000; 213 s->intstatus = cold ? 0x8080 : 0x8010; 214 s->unladdr[0] = 0; 215 s->unladdr[1] = 0; 216 s->wpstatus = 0x0002; 217 s->cycle = 0; 218 s->otpmode = 0; 219 s->blk_cur = s->blk; 220 s->current = s->image; 221 s->secs_cur = s->secs; 222 223 if (cold) { 224 /* Lock the whole flash */ 225 memset(s->blockwp, ONEN_LOCK_LOCKED, s->blocks); 226 227 if (s->blk_cur && blk_pread(s->blk_cur, 0, s->boot[0], 228 8 << BDRV_SECTOR_BITS) < 0) { 229 hw_error("%s: Loading the BootRAM failed.\n", __func__); 230 } 231 } 232 } 233 234 static void onenand_system_reset(DeviceState *dev) 235 { 236 OneNANDState *s = ONE_NAND(dev); 237 238 onenand_reset(s, 1); 239 } 240 241 static inline int onenand_load_main(OneNANDState *s, int sec, int secn, 242 void *dest) 243 { 244 assert(UINT32_MAX >> BDRV_SECTOR_BITS > sec); 245 assert(UINT32_MAX >> BDRV_SECTOR_BITS > secn); 246 if (s->blk_cur) { 247 return blk_pread(s->blk_cur, sec << BDRV_SECTOR_BITS, dest, 248 secn << BDRV_SECTOR_BITS) < 0; 249 } else if (sec + secn > s->secs_cur) { 250 return 1; 251 } 252 253 memcpy(dest, s->current + (sec << 9), secn << 9); 254 255 return 0; 256 } 257 258 static inline int onenand_prog_main(OneNANDState *s, int sec, int secn, 259 void *src) 260 { 261 int result = 0; 262 263 if (secn > 0) { 264 uint32_t size = secn << BDRV_SECTOR_BITS; 265 uint32_t offset = sec << BDRV_SECTOR_BITS; 266 assert(UINT32_MAX >> BDRV_SECTOR_BITS > sec); 267 assert(UINT32_MAX >> BDRV_SECTOR_BITS > secn); 268 const uint8_t *sp = (const uint8_t *)src; 269 uint8_t *dp = 0; 270 if (s->blk_cur) { 271 dp = g_malloc(size); 272 if (!dp || blk_pread(s->blk_cur, offset, dp, size) < 0) { 273 result = 1; 274 } 275 } else { 276 if (sec + secn > s->secs_cur) { 277 result = 1; 278 } else { 279 dp = (uint8_t *)s->current + offset; 280 } 281 } 282 if (!result) { 283 uint32_t i; 284 for (i = 0; i < size; i++) { 285 dp[i] &= sp[i]; 286 } 287 if (s->blk_cur) { 288 result = blk_pwrite(s->blk_cur, offset, dp, size, 0) < 0; 289 } 290 } 291 if (dp && s->blk_cur) { 292 g_free(dp); 293 } 294 } 295 296 return result; 297 } 298 299 static inline int onenand_load_spare(OneNANDState *s, int sec, int secn, 300 void *dest) 301 { 302 uint8_t buf[512]; 303 304 if (s->blk_cur) { 305 uint32_t offset = (s->secs_cur + (sec >> 5)) << BDRV_SECTOR_BITS; 306 if (blk_pread(s->blk_cur, offset, buf, BDRV_SECTOR_SIZE) < 0) { 307 return 1; 308 } 309 memcpy(dest, buf + ((sec & 31) << 4), secn << 4); 310 } else if (sec + secn > s->secs_cur) { 311 return 1; 312 } else { 313 memcpy(dest, s->current + (s->secs_cur << 9) + (sec << 4), secn << 4); 314 } 315 316 return 0; 317 } 318 319 static inline int onenand_prog_spare(OneNANDState *s, int sec, int secn, 320 void *src) 321 { 322 int result = 0; 323 if (secn > 0) { 324 const uint8_t *sp = (const uint8_t *)src; 325 uint8_t *dp = 0, *dpp = 0; 326 uint32_t offset = (s->secs_cur + (sec >> 5)) << BDRV_SECTOR_BITS; 327 assert(UINT32_MAX >> BDRV_SECTOR_BITS > s->secs_cur + (sec >> 5)); 328 if (s->blk_cur) { 329 dp = g_malloc(512); 330 if (!dp 331 || blk_pread(s->blk_cur, offset, dp, BDRV_SECTOR_SIZE) < 0) { 332 result = 1; 333 } else { 334 dpp = dp + ((sec & 31) << 4); 335 } 336 } else { 337 if (sec + secn > s->secs_cur) { 338 result = 1; 339 } else { 340 dpp = s->current + (s->secs_cur << 9) + (sec << 4); 341 } 342 } 343 if (!result) { 344 uint32_t i; 345 for (i = 0; i < (secn << 4); i++) { 346 dpp[i] &= sp[i]; 347 } 348 if (s->blk_cur) { 349 result = blk_pwrite(s->blk_cur, offset, dp, 350 BDRV_SECTOR_SIZE, 0) < 0; 351 } 352 } 353 g_free(dp); 354 } 355 return result; 356 } 357 358 static inline int onenand_erase(OneNANDState *s, int sec, int num) 359 { 360 uint8_t *blankbuf, *tmpbuf; 361 362 blankbuf = g_malloc(512); 363 tmpbuf = g_malloc(512); 364 memset(blankbuf, 0xff, 512); 365 for (; num > 0; num--, sec++) { 366 if (s->blk_cur) { 367 int erasesec = s->secs_cur + (sec >> 5); 368 if (blk_pwrite(s->blk_cur, sec << BDRV_SECTOR_BITS, blankbuf, 369 BDRV_SECTOR_SIZE, 0) < 0) { 370 goto fail; 371 } 372 if (blk_pread(s->blk_cur, erasesec << BDRV_SECTOR_BITS, tmpbuf, 373 BDRV_SECTOR_SIZE) < 0) { 374 goto fail; 375 } 376 memcpy(tmpbuf + ((sec & 31) << 4), blankbuf, 1 << 4); 377 if (blk_pwrite(s->blk_cur, erasesec << BDRV_SECTOR_BITS, tmpbuf, 378 BDRV_SECTOR_SIZE, 0) < 0) { 379 goto fail; 380 } 381 } else { 382 if (sec + 1 > s->secs_cur) { 383 goto fail; 384 } 385 memcpy(s->current + (sec << 9), blankbuf, 512); 386 memcpy(s->current + (s->secs_cur << 9) + (sec << 4), 387 blankbuf, 1 << 4); 388 } 389 } 390 391 g_free(tmpbuf); 392 g_free(blankbuf); 393 return 0; 394 395 fail: 396 g_free(tmpbuf); 397 g_free(blankbuf); 398 return 1; 399 } 400 401 static void onenand_command(OneNANDState *s) 402 { 403 int b; 404 int sec; 405 void *buf; 406 #define SETADDR(block, page) \ 407 sec = (s->addr[page] & 3) + \ 408 ((((s->addr[page] >> 2) & 0x3f) + \ 409 (((s->addr[block] & 0xfff) | \ 410 (s->addr[block] >> 15 ? \ 411 s->density_mask : 0)) << 6)) << (PAGE_SHIFT - 9)); 412 #define SETBUF_M() \ 413 buf = (s->bufaddr & 8) ? \ 414 s->data[(s->bufaddr >> 2) & 1][0] : s->boot[0]; \ 415 buf += (s->bufaddr & 3) << 9; 416 #define SETBUF_S() \ 417 buf = (s->bufaddr & 8) ? \ 418 s->data[(s->bufaddr >> 2) & 1][1] : s->boot[1]; \ 419 buf += (s->bufaddr & 3) << 4; 420 421 switch (s->command) { 422 case 0x00: /* Load single/multiple sector data unit into buffer */ 423 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 424 425 SETBUF_M() 426 if (onenand_load_main(s, sec, s->count, buf)) 427 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 428 429 #if 0 430 SETBUF_S() 431 if (onenand_load_spare(s, sec, s->count, buf)) 432 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 433 #endif 434 435 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 436 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 437 * then we need two split the read/write into two chunks. 438 */ 439 s->intstatus |= ONEN_INT | ONEN_INT_LOAD; 440 break; 441 case 0x13: /* Load single/multiple spare sector into buffer */ 442 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 443 444 SETBUF_S() 445 if (onenand_load_spare(s, sec, s->count, buf)) 446 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 447 448 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 449 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 450 * then we need two split the read/write into two chunks. 451 */ 452 s->intstatus |= ONEN_INT | ONEN_INT_LOAD; 453 break; 454 case 0x80: /* Program single/multiple sector data unit from buffer */ 455 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 456 457 SETBUF_M() 458 if (onenand_prog_main(s, sec, s->count, buf)) 459 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 460 461 #if 0 462 SETBUF_S() 463 if (onenand_prog_spare(s, sec, s->count, buf)) 464 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 465 #endif 466 467 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 468 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 469 * then we need two split the read/write into two chunks. 470 */ 471 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 472 break; 473 case 0x1a: /* Program single/multiple spare area sector from buffer */ 474 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 475 476 SETBUF_S() 477 if (onenand_prog_spare(s, sec, s->count, buf)) 478 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 479 480 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 481 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 482 * then we need two split the read/write into two chunks. 483 */ 484 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 485 break; 486 case 0x1b: /* Copy-back program */ 487 SETBUF_S() 488 489 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 490 if (onenand_load_main(s, sec, s->count, buf)) 491 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 492 493 SETADDR(ONEN_BUF_DEST_BLOCK, ONEN_BUF_DEST_PAGE) 494 if (onenand_prog_main(s, sec, s->count, buf)) 495 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 496 497 /* TODO: spare areas */ 498 499 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 500 break; 501 502 case 0x23: /* Unlock NAND array block(s) */ 503 s->intstatus |= ONEN_INT; 504 505 /* XXX the previous (?) area should be locked automatically */ 506 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 507 if (b >= s->blocks) { 508 s->status |= ONEN_ERR_CMD; 509 break; 510 } 511 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 512 break; 513 514 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED; 515 } 516 break; 517 case 0x27: /* Unlock All NAND array blocks */ 518 s->intstatus |= ONEN_INT; 519 520 for (b = 0; b < s->blocks; b ++) { 521 if (b >= s->blocks) { 522 s->status |= ONEN_ERR_CMD; 523 break; 524 } 525 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 526 break; 527 528 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED; 529 } 530 break; 531 532 case 0x2a: /* Lock NAND array block(s) */ 533 s->intstatus |= ONEN_INT; 534 535 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 536 if (b >= s->blocks) { 537 s->status |= ONEN_ERR_CMD; 538 break; 539 } 540 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 541 break; 542 543 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKED; 544 } 545 break; 546 case 0x2c: /* Lock-tight NAND array block(s) */ 547 s->intstatus |= ONEN_INT; 548 549 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 550 if (b >= s->blocks) { 551 s->status |= ONEN_ERR_CMD; 552 break; 553 } 554 if (s->blockwp[b] == ONEN_LOCK_UNLOCKED) 555 continue; 556 557 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKTIGHTEN; 558 } 559 break; 560 561 case 0x71: /* Erase-Verify-Read */ 562 s->intstatus |= ONEN_INT; 563 break; 564 case 0x95: /* Multi-block erase */ 565 qemu_irq_pulse(s->intr); 566 /* Fall through. */ 567 case 0x94: /* Block erase */ 568 sec = ((s->addr[ONEN_BUF_BLOCK] & 0xfff) | 569 (s->addr[ONEN_BUF_BLOCK] >> 15 ? s->density_mask : 0)) 570 << (BLOCK_SHIFT - 9); 571 if (onenand_erase(s, sec, 1 << (BLOCK_SHIFT - 9))) 572 s->status |= ONEN_ERR_CMD | ONEN_ERR_ERASE; 573 574 s->intstatus |= ONEN_INT | ONEN_INT_ERASE; 575 break; 576 case 0xb0: /* Erase suspend */ 577 break; 578 case 0x30: /* Erase resume */ 579 s->intstatus |= ONEN_INT | ONEN_INT_ERASE; 580 break; 581 582 case 0xf0: /* Reset NAND Flash core */ 583 onenand_reset(s, 0); 584 break; 585 case 0xf3: /* Reset OneNAND */ 586 onenand_reset(s, 0); 587 break; 588 589 case 0x65: /* OTP Access */ 590 s->intstatus |= ONEN_INT; 591 s->blk_cur = NULL; 592 s->current = s->otp; 593 s->secs_cur = 1 << (BLOCK_SHIFT - 9); 594 s->addr[ONEN_BUF_BLOCK] = 0; 595 s->otpmode = 1; 596 break; 597 598 default: 599 s->status |= ONEN_ERR_CMD; 600 s->intstatus |= ONEN_INT; 601 fprintf(stderr, "%s: unknown OneNAND command %x\n", 602 __func__, s->command); 603 } 604 605 onenand_intr_update(s); 606 } 607 608 static uint64_t onenand_read(void *opaque, hwaddr addr, 609 unsigned size) 610 { 611 OneNANDState *s = (OneNANDState *) opaque; 612 int offset = addr >> s->shift; 613 614 switch (offset) { 615 case 0x0000 ... 0xc000: 616 return lduw_le_p(s->boot[0] + addr); 617 618 case 0xf000: /* Manufacturer ID */ 619 return s->id.man; 620 case 0xf001: /* Device ID */ 621 return s->id.dev; 622 case 0xf002: /* Version ID */ 623 return s->id.ver; 624 /* TODO: get the following values from a real chip! */ 625 case 0xf003: /* Data Buffer size */ 626 return 1 << PAGE_SHIFT; 627 case 0xf004: /* Boot Buffer size */ 628 return 0x200; 629 case 0xf005: /* Amount of buffers */ 630 return 1 | (2 << 8); 631 case 0xf006: /* Technology */ 632 return 0; 633 634 case 0xf100 ... 0xf107: /* Start addresses */ 635 return s->addr[offset - 0xf100]; 636 637 case 0xf200: /* Start buffer */ 638 return (s->bufaddr << 8) | ((s->count - 1) & (1 << (PAGE_SHIFT - 10))); 639 640 case 0xf220: /* Command */ 641 return s->command; 642 case 0xf221: /* System Configuration 1 */ 643 return s->config[0] & 0xffe0; 644 case 0xf222: /* System Configuration 2 */ 645 return s->config[1]; 646 647 case 0xf240: /* Controller Status */ 648 return s->status; 649 case 0xf241: /* Interrupt */ 650 return s->intstatus; 651 case 0xf24c: /* Unlock Start Block Address */ 652 return s->unladdr[0]; 653 case 0xf24d: /* Unlock End Block Address */ 654 return s->unladdr[1]; 655 case 0xf24e: /* Write Protection Status */ 656 return s->wpstatus; 657 658 case 0xff00: /* ECC Status */ 659 return 0x00; 660 case 0xff01: /* ECC Result of main area data */ 661 case 0xff02: /* ECC Result of spare area data */ 662 case 0xff03: /* ECC Result of main area data */ 663 case 0xff04: /* ECC Result of spare area data */ 664 hw_error("%s: imeplement ECC\n", __FUNCTION__); 665 return 0x0000; 666 } 667 668 fprintf(stderr, "%s: unknown OneNAND register %x\n", 669 __FUNCTION__, offset); 670 return 0; 671 } 672 673 static void onenand_write(void *opaque, hwaddr addr, 674 uint64_t value, unsigned size) 675 { 676 OneNANDState *s = (OneNANDState *) opaque; 677 int offset = addr >> s->shift; 678 int sec; 679 680 switch (offset) { 681 case 0x0000 ... 0x01ff: 682 case 0x8000 ... 0x800f: 683 if (s->cycle) { 684 s->cycle = 0; 685 686 if (value == 0x0000) { 687 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 688 onenand_load_main(s, sec, 689 1 << (PAGE_SHIFT - 9), s->data[0][0]); 690 s->addr[ONEN_BUF_PAGE] += 4; 691 s->addr[ONEN_BUF_PAGE] &= 0xff; 692 } 693 break; 694 } 695 696 switch (value) { 697 case 0x00f0: /* Reset OneNAND */ 698 onenand_reset(s, 0); 699 break; 700 701 case 0x00e0: /* Load Data into Buffer */ 702 s->cycle = 1; 703 break; 704 705 case 0x0090: /* Read Identification Data */ 706 memset(s->boot[0], 0, 3 << s->shift); 707 s->boot[0][0 << s->shift] = s->id.man & 0xff; 708 s->boot[0][1 << s->shift] = s->id.dev & 0xff; 709 s->boot[0][2 << s->shift] = s->wpstatus & 0xff; 710 break; 711 712 default: 713 fprintf(stderr, "%s: unknown OneNAND boot command %"PRIx64"\n", 714 __FUNCTION__, value); 715 } 716 break; 717 718 case 0xf100 ... 0xf107: /* Start addresses */ 719 s->addr[offset - 0xf100] = value; 720 break; 721 722 case 0xf200: /* Start buffer */ 723 s->bufaddr = (value >> 8) & 0xf; 724 if (PAGE_SHIFT == 11) 725 s->count = (value & 3) ?: 4; 726 else if (PAGE_SHIFT == 10) 727 s->count = (value & 1) ?: 2; 728 break; 729 730 case 0xf220: /* Command */ 731 if (s->intstatus & (1 << 15)) 732 break; 733 s->command = value; 734 onenand_command(s); 735 break; 736 case 0xf221: /* System Configuration 1 */ 737 s->config[0] = value; 738 onenand_intr_update(s); 739 qemu_set_irq(s->rdy, (s->config[0] >> 7) & 1); 740 break; 741 case 0xf222: /* System Configuration 2 */ 742 s->config[1] = value; 743 break; 744 745 case 0xf241: /* Interrupt */ 746 s->intstatus &= value; 747 if ((1 << 15) & ~s->intstatus) 748 s->status &= ~(ONEN_ERR_CMD | ONEN_ERR_ERASE | 749 ONEN_ERR_PROG | ONEN_ERR_LOAD); 750 onenand_intr_update(s); 751 break; 752 case 0xf24c: /* Unlock Start Block Address */ 753 s->unladdr[0] = value & (s->blocks - 1); 754 /* For some reason we have to set the end address to by default 755 * be same as start because the software forgets to write anything 756 * in there. */ 757 s->unladdr[1] = value & (s->blocks - 1); 758 break; 759 case 0xf24d: /* Unlock End Block Address */ 760 s->unladdr[1] = value & (s->blocks - 1); 761 break; 762 763 default: 764 fprintf(stderr, "%s: unknown OneNAND register %x\n", 765 __FUNCTION__, offset); 766 } 767 } 768 769 static const MemoryRegionOps onenand_ops = { 770 .read = onenand_read, 771 .write = onenand_write, 772 .endianness = DEVICE_NATIVE_ENDIAN, 773 }; 774 775 static int onenand_initfn(SysBusDevice *sbd) 776 { 777 DeviceState *dev = DEVICE(sbd); 778 OneNANDState *s = ONE_NAND(dev); 779 uint32_t size = 1 << (24 + ((s->id.dev >> 4) & 7)); 780 void *ram; 781 Error *local_err = NULL; 782 783 s->base = (hwaddr)-1; 784 s->rdy = NULL; 785 s->blocks = size >> BLOCK_SHIFT; 786 s->secs = size >> 9; 787 s->blockwp = g_malloc(s->blocks); 788 s->density_mask = (s->id.dev & 0x08) 789 ? (1 << (6 + ((s->id.dev >> 4) & 7))) : 0; 790 memory_region_init_io(&s->iomem, OBJECT(s), &onenand_ops, s, "onenand", 791 0x10000 << s->shift); 792 if (!s->blk) { 793 s->image = memset(g_malloc(size + (size >> 5)), 794 0xff, size + (size >> 5)); 795 } else { 796 if (blk_is_read_only(s->blk)) { 797 error_report("Can't use a read-only drive"); 798 return -1; 799 } 800 blk_set_perm(s->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, 801 BLK_PERM_ALL, &local_err); 802 if (local_err) { 803 error_report_err(local_err); 804 return -1; 805 } 806 s->blk_cur = s->blk; 807 } 808 s->otp = memset(g_malloc((64 + 2) << PAGE_SHIFT), 809 0xff, (64 + 2) << PAGE_SHIFT); 810 memory_region_init_ram_nomigrate(&s->ram, OBJECT(s), "onenand.ram", 811 0xc000 << s->shift, &error_fatal); 812 vmstate_register_ram_global(&s->ram); 813 ram = memory_region_get_ram_ptr(&s->ram); 814 s->boot[0] = ram + (0x0000 << s->shift); 815 s->boot[1] = ram + (0x8000 << s->shift); 816 s->data[0][0] = ram + ((0x0200 + (0 << (PAGE_SHIFT - 1))) << s->shift); 817 s->data[0][1] = ram + ((0x8010 + (0 << (PAGE_SHIFT - 6))) << s->shift); 818 s->data[1][0] = ram + ((0x0200 + (1 << (PAGE_SHIFT - 1))) << s->shift); 819 s->data[1][1] = ram + ((0x8010 + (1 << (PAGE_SHIFT - 6))) << s->shift); 820 onenand_mem_setup(s); 821 sysbus_init_irq(sbd, &s->intr); 822 sysbus_init_mmio(sbd, &s->container); 823 vmstate_register(dev, 824 ((s->shift & 0x7f) << 24) 825 | ((s->id.man & 0xff) << 16) 826 | ((s->id.dev & 0xff) << 8) 827 | (s->id.ver & 0xff), 828 &vmstate_onenand, s); 829 return 0; 830 } 831 832 static Property onenand_properties[] = { 833 DEFINE_PROP_UINT16("manufacturer_id", OneNANDState, id.man, 0), 834 DEFINE_PROP_UINT16("device_id", OneNANDState, id.dev, 0), 835 DEFINE_PROP_UINT16("version_id", OneNANDState, id.ver, 0), 836 DEFINE_PROP_INT32("shift", OneNANDState, shift, 0), 837 DEFINE_PROP_DRIVE("drive", OneNANDState, blk), 838 DEFINE_PROP_END_OF_LIST(), 839 }; 840 841 static void onenand_class_init(ObjectClass *klass, void *data) 842 { 843 DeviceClass *dc = DEVICE_CLASS(klass); 844 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass); 845 846 k->init = onenand_initfn; 847 dc->reset = onenand_system_reset; 848 dc->props = onenand_properties; 849 } 850 851 static const TypeInfo onenand_info = { 852 .name = TYPE_ONE_NAND, 853 .parent = TYPE_SYS_BUS_DEVICE, 854 .instance_size = sizeof(OneNANDState), 855 .class_init = onenand_class_init, 856 }; 857 858 static void onenand_register_types(void) 859 { 860 type_register_static(&onenand_info); 861 } 862 863 void *onenand_raw_otp(DeviceState *onenand_device) 864 { 865 OneNANDState *s = ONE_NAND(onenand_device); 866 867 return s->otp; 868 } 869 870 type_init(onenand_register_types) 871