1 /* 2 * OneNAND flash memories emulation. 3 * 4 * Copyright (C) 2008 Nokia Corporation 5 * Written by Andrzej Zaborowski <andrew@openedhand.com> 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License as 9 * published by the Free Software Foundation; either version 2 or 10 * (at your option) version 3 of the License. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License along 18 * with this program; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 #include "qemu/osdep.h" 22 #include "qapi/error.h" 23 #include "hw/hw.h" 24 #include "hw/block/flash.h" 25 #include "hw/irq.h" 26 #include "hw/qdev-properties.h" 27 #include "sysemu/block-backend.h" 28 #include "exec/memory.h" 29 #include "hw/sysbus.h" 30 #include "migration/vmstate.h" 31 #include "qemu/error-report.h" 32 #include "qemu/log.h" 33 #include "qemu/module.h" 34 #include "qom/object.h" 35 36 /* 11 for 2kB-page OneNAND ("2nd generation") and 10 for 1kB-page chips */ 37 #define PAGE_SHIFT 11 38 39 /* Fixed */ 40 #define BLOCK_SHIFT (PAGE_SHIFT + 6) 41 42 #define TYPE_ONE_NAND "onenand" 43 typedef struct OneNANDState OneNANDState; 44 DECLARE_INSTANCE_CHECKER(OneNANDState, ONE_NAND, 45 TYPE_ONE_NAND) 46 47 struct OneNANDState { 48 SysBusDevice parent_obj; 49 50 struct { 51 uint16_t man; 52 uint16_t dev; 53 uint16_t ver; 54 } id; 55 int shift; 56 hwaddr base; 57 qemu_irq intr; 58 qemu_irq rdy; 59 BlockBackend *blk; 60 BlockBackend *blk_cur; 61 uint8_t *image; 62 uint8_t *otp; 63 uint8_t *current; 64 MemoryRegion ram; 65 MemoryRegion mapped_ram; 66 uint8_t current_direction; 67 uint8_t *boot[2]; 68 uint8_t *data[2][2]; 69 MemoryRegion iomem; 70 MemoryRegion container; 71 int cycle; 72 int otpmode; 73 74 uint16_t addr[8]; 75 uint16_t unladdr[8]; 76 int bufaddr; 77 int count; 78 uint16_t command; 79 uint16_t config[2]; 80 uint16_t status; 81 uint16_t intstatus; 82 uint16_t wpstatus; 83 84 ECCState ecc; 85 86 int density_mask; 87 int secs; 88 int secs_cur; 89 int blocks; 90 uint8_t *blockwp; 91 }; 92 93 enum { 94 ONEN_BUF_BLOCK = 0, 95 ONEN_BUF_BLOCK2 = 1, 96 ONEN_BUF_DEST_BLOCK = 2, 97 ONEN_BUF_DEST_PAGE = 3, 98 ONEN_BUF_PAGE = 7, 99 }; 100 101 enum { 102 ONEN_ERR_CMD = 1 << 10, 103 ONEN_ERR_ERASE = 1 << 11, 104 ONEN_ERR_PROG = 1 << 12, 105 ONEN_ERR_LOAD = 1 << 13, 106 }; 107 108 enum { 109 ONEN_INT_RESET = 1 << 4, 110 ONEN_INT_ERASE = 1 << 5, 111 ONEN_INT_PROG = 1 << 6, 112 ONEN_INT_LOAD = 1 << 7, 113 ONEN_INT = 1 << 15, 114 }; 115 116 enum { 117 ONEN_LOCK_LOCKTIGHTEN = 1 << 0, 118 ONEN_LOCK_LOCKED = 1 << 1, 119 ONEN_LOCK_UNLOCKED = 1 << 2, 120 }; 121 122 static void onenand_mem_setup(OneNANDState *s) 123 { 124 /* XXX: We should use IO_MEM_ROMD but we broke it earlier... 125 * Both 0x0000 ... 0x01ff and 0x8000 ... 0x800f can be used to 126 * write boot commands. Also take note of the BWPS bit. */ 127 memory_region_init(&s->container, OBJECT(s), "onenand", 128 0x10000 << s->shift); 129 memory_region_add_subregion(&s->container, 0, &s->iomem); 130 memory_region_init_alias(&s->mapped_ram, OBJECT(s), "onenand-mapped-ram", 131 &s->ram, 0x0200 << s->shift, 132 0xbe00 << s->shift); 133 memory_region_add_subregion_overlap(&s->container, 134 0x0200 << s->shift, 135 &s->mapped_ram, 136 1); 137 } 138 139 static void onenand_intr_update(OneNANDState *s) 140 { 141 qemu_set_irq(s->intr, ((s->intstatus >> 15) ^ (~s->config[0] >> 6)) & 1); 142 } 143 144 static int onenand_pre_save(void *opaque) 145 { 146 OneNANDState *s = opaque; 147 if (s->current == s->otp) { 148 s->current_direction = 1; 149 } else if (s->current == s->image) { 150 s->current_direction = 2; 151 } else { 152 s->current_direction = 0; 153 } 154 155 return 0; 156 } 157 158 static int onenand_post_load(void *opaque, int version_id) 159 { 160 OneNANDState *s = opaque; 161 switch (s->current_direction) { 162 case 0: 163 break; 164 case 1: 165 s->current = s->otp; 166 break; 167 case 2: 168 s->current = s->image; 169 break; 170 default: 171 return -1; 172 } 173 onenand_intr_update(s); 174 return 0; 175 } 176 177 static const VMStateDescription vmstate_onenand = { 178 .name = "onenand", 179 .version_id = 1, 180 .minimum_version_id = 1, 181 .pre_save = onenand_pre_save, 182 .post_load = onenand_post_load, 183 .fields = (VMStateField[]) { 184 VMSTATE_UINT8(current_direction, OneNANDState), 185 VMSTATE_INT32(cycle, OneNANDState), 186 VMSTATE_INT32(otpmode, OneNANDState), 187 VMSTATE_UINT16_ARRAY(addr, OneNANDState, 8), 188 VMSTATE_UINT16_ARRAY(unladdr, OneNANDState, 8), 189 VMSTATE_INT32(bufaddr, OneNANDState), 190 VMSTATE_INT32(count, OneNANDState), 191 VMSTATE_UINT16(command, OneNANDState), 192 VMSTATE_UINT16_ARRAY(config, OneNANDState, 2), 193 VMSTATE_UINT16(status, OneNANDState), 194 VMSTATE_UINT16(intstatus, OneNANDState), 195 VMSTATE_UINT16(wpstatus, OneNANDState), 196 VMSTATE_INT32(secs_cur, OneNANDState), 197 VMSTATE_PARTIAL_VBUFFER(blockwp, OneNANDState, blocks), 198 VMSTATE_UINT8(ecc.cp, OneNANDState), 199 VMSTATE_UINT16_ARRAY(ecc.lp, OneNANDState, 2), 200 VMSTATE_UINT16(ecc.count, OneNANDState), 201 VMSTATE_BUFFER_POINTER_UNSAFE(otp, OneNANDState, 0, 202 ((64 + 2) << PAGE_SHIFT)), 203 VMSTATE_END_OF_LIST() 204 } 205 }; 206 207 /* Hot reset (Reset OneNAND command) or warm reset (RP pin low) */ 208 static void onenand_reset(OneNANDState *s, int cold) 209 { 210 memset(&s->addr, 0, sizeof(s->addr)); 211 s->command = 0; 212 s->count = 1; 213 s->bufaddr = 0; 214 s->config[0] = 0x40c0; 215 s->config[1] = 0x0000; 216 onenand_intr_update(s); 217 qemu_irq_raise(s->rdy); 218 s->status = 0x0000; 219 s->intstatus = cold ? 0x8080 : 0x8010; 220 s->unladdr[0] = 0; 221 s->unladdr[1] = 0; 222 s->wpstatus = 0x0002; 223 s->cycle = 0; 224 s->otpmode = 0; 225 s->blk_cur = s->blk; 226 s->current = s->image; 227 s->secs_cur = s->secs; 228 229 if (cold) { 230 /* Lock the whole flash */ 231 memset(s->blockwp, ONEN_LOCK_LOCKED, s->blocks); 232 233 if (s->blk_cur && blk_pread(s->blk_cur, 0, s->boot[0], 234 8 << BDRV_SECTOR_BITS) < 0) { 235 hw_error("%s: Loading the BootRAM failed.\n", __func__); 236 } 237 } 238 } 239 240 static void onenand_system_reset(DeviceState *dev) 241 { 242 OneNANDState *s = ONE_NAND(dev); 243 244 onenand_reset(s, 1); 245 } 246 247 static inline int onenand_load_main(OneNANDState *s, int sec, int secn, 248 void *dest) 249 { 250 assert(UINT32_MAX >> BDRV_SECTOR_BITS > sec); 251 assert(UINT32_MAX >> BDRV_SECTOR_BITS > secn); 252 if (s->blk_cur) { 253 return blk_pread(s->blk_cur, sec << BDRV_SECTOR_BITS, dest, 254 secn << BDRV_SECTOR_BITS) < 0; 255 } else if (sec + secn > s->secs_cur) { 256 return 1; 257 } 258 259 memcpy(dest, s->current + (sec << 9), secn << 9); 260 261 return 0; 262 } 263 264 static inline int onenand_prog_main(OneNANDState *s, int sec, int secn, 265 void *src) 266 { 267 int result = 0; 268 269 if (secn > 0) { 270 uint32_t size = secn << BDRV_SECTOR_BITS; 271 uint32_t offset = sec << BDRV_SECTOR_BITS; 272 assert(UINT32_MAX >> BDRV_SECTOR_BITS > sec); 273 assert(UINT32_MAX >> BDRV_SECTOR_BITS > secn); 274 const uint8_t *sp = (const uint8_t *)src; 275 uint8_t *dp = 0; 276 if (s->blk_cur) { 277 dp = g_malloc(size); 278 if (!dp || blk_pread(s->blk_cur, offset, dp, size) < 0) { 279 result = 1; 280 } 281 } else { 282 if (sec + secn > s->secs_cur) { 283 result = 1; 284 } else { 285 dp = (uint8_t *)s->current + offset; 286 } 287 } 288 if (!result) { 289 uint32_t i; 290 for (i = 0; i < size; i++) { 291 dp[i] &= sp[i]; 292 } 293 if (s->blk_cur) { 294 result = blk_pwrite(s->blk_cur, offset, dp, size, 0) < 0; 295 } 296 } 297 if (dp && s->blk_cur) { 298 g_free(dp); 299 } 300 } 301 302 return result; 303 } 304 305 static inline int onenand_load_spare(OneNANDState *s, int sec, int secn, 306 void *dest) 307 { 308 uint8_t buf[512]; 309 310 if (s->blk_cur) { 311 uint32_t offset = (s->secs_cur + (sec >> 5)) << BDRV_SECTOR_BITS; 312 if (blk_pread(s->blk_cur, offset, buf, BDRV_SECTOR_SIZE) < 0) { 313 return 1; 314 } 315 memcpy(dest, buf + ((sec & 31) << 4), secn << 4); 316 } else if (sec + secn > s->secs_cur) { 317 return 1; 318 } else { 319 memcpy(dest, s->current + (s->secs_cur << 9) + (sec << 4), secn << 4); 320 } 321 322 return 0; 323 } 324 325 static inline int onenand_prog_spare(OneNANDState *s, int sec, int secn, 326 void *src) 327 { 328 int result = 0; 329 if (secn > 0) { 330 const uint8_t *sp = (const uint8_t *)src; 331 uint8_t *dp = 0, *dpp = 0; 332 uint32_t offset = (s->secs_cur + (sec >> 5)) << BDRV_SECTOR_BITS; 333 assert(UINT32_MAX >> BDRV_SECTOR_BITS > s->secs_cur + (sec >> 5)); 334 if (s->blk_cur) { 335 dp = g_malloc(512); 336 if (!dp 337 || blk_pread(s->blk_cur, offset, dp, BDRV_SECTOR_SIZE) < 0) { 338 result = 1; 339 } else { 340 dpp = dp + ((sec & 31) << 4); 341 } 342 } else { 343 if (sec + secn > s->secs_cur) { 344 result = 1; 345 } else { 346 dpp = s->current + (s->secs_cur << 9) + (sec << 4); 347 } 348 } 349 if (!result) { 350 uint32_t i; 351 for (i = 0; i < (secn << 4); i++) { 352 dpp[i] &= sp[i]; 353 } 354 if (s->blk_cur) { 355 result = blk_pwrite(s->blk_cur, offset, dp, 356 BDRV_SECTOR_SIZE, 0) < 0; 357 } 358 } 359 g_free(dp); 360 } 361 return result; 362 } 363 364 static inline int onenand_erase(OneNANDState *s, int sec, int num) 365 { 366 uint8_t *blankbuf, *tmpbuf; 367 368 blankbuf = g_malloc(512); 369 tmpbuf = g_malloc(512); 370 memset(blankbuf, 0xff, 512); 371 for (; num > 0; num--, sec++) { 372 if (s->blk_cur) { 373 int erasesec = s->secs_cur + (sec >> 5); 374 if (blk_pwrite(s->blk_cur, sec << BDRV_SECTOR_BITS, blankbuf, 375 BDRV_SECTOR_SIZE, 0) < 0) { 376 goto fail; 377 } 378 if (blk_pread(s->blk_cur, erasesec << BDRV_SECTOR_BITS, tmpbuf, 379 BDRV_SECTOR_SIZE) < 0) { 380 goto fail; 381 } 382 memcpy(tmpbuf + ((sec & 31) << 4), blankbuf, 1 << 4); 383 if (blk_pwrite(s->blk_cur, erasesec << BDRV_SECTOR_BITS, tmpbuf, 384 BDRV_SECTOR_SIZE, 0) < 0) { 385 goto fail; 386 } 387 } else { 388 if (sec + 1 > s->secs_cur) { 389 goto fail; 390 } 391 memcpy(s->current + (sec << 9), blankbuf, 512); 392 memcpy(s->current + (s->secs_cur << 9) + (sec << 4), 393 blankbuf, 1 << 4); 394 } 395 } 396 397 g_free(tmpbuf); 398 g_free(blankbuf); 399 return 0; 400 401 fail: 402 g_free(tmpbuf); 403 g_free(blankbuf); 404 return 1; 405 } 406 407 static void onenand_command(OneNANDState *s) 408 { 409 int b; 410 int sec; 411 void *buf; 412 #define SETADDR(block, page) \ 413 sec = (s->addr[page] & 3) + \ 414 ((((s->addr[page] >> 2) & 0x3f) + \ 415 (((s->addr[block] & 0xfff) | \ 416 (s->addr[block] >> 15 ? \ 417 s->density_mask : 0)) << 6)) << (PAGE_SHIFT - 9)); 418 #define SETBUF_M() \ 419 buf = (s->bufaddr & 8) ? \ 420 s->data[(s->bufaddr >> 2) & 1][0] : s->boot[0]; \ 421 buf += (s->bufaddr & 3) << 9; 422 #define SETBUF_S() \ 423 buf = (s->bufaddr & 8) ? \ 424 s->data[(s->bufaddr >> 2) & 1][1] : s->boot[1]; \ 425 buf += (s->bufaddr & 3) << 4; 426 427 switch (s->command) { 428 case 0x00: /* Load single/multiple sector data unit into buffer */ 429 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 430 431 SETBUF_M() 432 if (onenand_load_main(s, sec, s->count, buf)) 433 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 434 435 #if 0 436 SETBUF_S() 437 if (onenand_load_spare(s, sec, s->count, buf)) 438 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 439 #endif 440 441 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 442 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 443 * then we need two split the read/write into two chunks. 444 */ 445 s->intstatus |= ONEN_INT | ONEN_INT_LOAD; 446 break; 447 case 0x13: /* Load single/multiple spare sector into buffer */ 448 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 449 450 SETBUF_S() 451 if (onenand_load_spare(s, sec, s->count, buf)) 452 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 453 454 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 455 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 456 * then we need two split the read/write into two chunks. 457 */ 458 s->intstatus |= ONEN_INT | ONEN_INT_LOAD; 459 break; 460 case 0x80: /* Program single/multiple sector data unit from buffer */ 461 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 462 463 SETBUF_M() 464 if (onenand_prog_main(s, sec, s->count, buf)) 465 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 466 467 #if 0 468 SETBUF_S() 469 if (onenand_prog_spare(s, sec, s->count, buf)) 470 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 471 #endif 472 473 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 474 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 475 * then we need two split the read/write into two chunks. 476 */ 477 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 478 break; 479 case 0x1a: /* Program single/multiple spare area sector from buffer */ 480 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 481 482 SETBUF_S() 483 if (onenand_prog_spare(s, sec, s->count, buf)) 484 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 485 486 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 487 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 488 * then we need two split the read/write into two chunks. 489 */ 490 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 491 break; 492 case 0x1b: /* Copy-back program */ 493 SETBUF_S() 494 495 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 496 if (onenand_load_main(s, sec, s->count, buf)) 497 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 498 499 SETADDR(ONEN_BUF_DEST_BLOCK, ONEN_BUF_DEST_PAGE) 500 if (onenand_prog_main(s, sec, s->count, buf)) 501 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 502 503 /* TODO: spare areas */ 504 505 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 506 break; 507 508 case 0x23: /* Unlock NAND array block(s) */ 509 s->intstatus |= ONEN_INT; 510 511 /* XXX the previous (?) area should be locked automatically */ 512 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 513 if (b >= s->blocks) { 514 s->status |= ONEN_ERR_CMD; 515 break; 516 } 517 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 518 break; 519 520 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED; 521 } 522 break; 523 case 0x27: /* Unlock All NAND array blocks */ 524 s->intstatus |= ONEN_INT; 525 526 for (b = 0; b < s->blocks; b ++) { 527 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 528 break; 529 530 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED; 531 } 532 break; 533 534 case 0x2a: /* Lock NAND array block(s) */ 535 s->intstatus |= ONEN_INT; 536 537 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 538 if (b >= s->blocks) { 539 s->status |= ONEN_ERR_CMD; 540 break; 541 } 542 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 543 break; 544 545 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKED; 546 } 547 break; 548 case 0x2c: /* Lock-tight NAND array block(s) */ 549 s->intstatus |= ONEN_INT; 550 551 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 552 if (b >= s->blocks) { 553 s->status |= ONEN_ERR_CMD; 554 break; 555 } 556 if (s->blockwp[b] == ONEN_LOCK_UNLOCKED) 557 continue; 558 559 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKTIGHTEN; 560 } 561 break; 562 563 case 0x71: /* Erase-Verify-Read */ 564 s->intstatus |= ONEN_INT; 565 break; 566 case 0x95: /* Multi-block erase */ 567 qemu_irq_pulse(s->intr); 568 /* Fall through. */ 569 case 0x94: /* Block erase */ 570 sec = ((s->addr[ONEN_BUF_BLOCK] & 0xfff) | 571 (s->addr[ONEN_BUF_BLOCK] >> 15 ? s->density_mask : 0)) 572 << (BLOCK_SHIFT - 9); 573 if (onenand_erase(s, sec, 1 << (BLOCK_SHIFT - 9))) 574 s->status |= ONEN_ERR_CMD | ONEN_ERR_ERASE; 575 576 s->intstatus |= ONEN_INT | ONEN_INT_ERASE; 577 break; 578 case 0xb0: /* Erase suspend */ 579 break; 580 case 0x30: /* Erase resume */ 581 s->intstatus |= ONEN_INT | ONEN_INT_ERASE; 582 break; 583 584 case 0xf0: /* Reset NAND Flash core */ 585 onenand_reset(s, 0); 586 break; 587 case 0xf3: /* Reset OneNAND */ 588 onenand_reset(s, 0); 589 break; 590 591 case 0x65: /* OTP Access */ 592 s->intstatus |= ONEN_INT; 593 s->blk_cur = NULL; 594 s->current = s->otp; 595 s->secs_cur = 1 << (BLOCK_SHIFT - 9); 596 s->addr[ONEN_BUF_BLOCK] = 0; 597 s->otpmode = 1; 598 break; 599 600 default: 601 s->status |= ONEN_ERR_CMD; 602 s->intstatus |= ONEN_INT; 603 qemu_log_mask(LOG_GUEST_ERROR, "unknown OneNAND command %x\n", 604 s->command); 605 } 606 607 onenand_intr_update(s); 608 } 609 610 static uint64_t onenand_read(void *opaque, hwaddr addr, 611 unsigned size) 612 { 613 OneNANDState *s = (OneNANDState *) opaque; 614 int offset = addr >> s->shift; 615 616 switch (offset) { 617 case 0x0000 ... 0xbffe: 618 return lduw_le_p(s->boot[0] + addr); 619 620 case 0xf000: /* Manufacturer ID */ 621 return s->id.man; 622 case 0xf001: /* Device ID */ 623 return s->id.dev; 624 case 0xf002: /* Version ID */ 625 return s->id.ver; 626 /* TODO: get the following values from a real chip! */ 627 case 0xf003: /* Data Buffer size */ 628 return 1 << PAGE_SHIFT; 629 case 0xf004: /* Boot Buffer size */ 630 return 0x200; 631 case 0xf005: /* Amount of buffers */ 632 return 1 | (2 << 8); 633 case 0xf006: /* Technology */ 634 return 0; 635 636 case 0xf100 ... 0xf107: /* Start addresses */ 637 return s->addr[offset - 0xf100]; 638 639 case 0xf200: /* Start buffer */ 640 return (s->bufaddr << 8) | ((s->count - 1) & (1 << (PAGE_SHIFT - 10))); 641 642 case 0xf220: /* Command */ 643 return s->command; 644 case 0xf221: /* System Configuration 1 */ 645 return s->config[0] & 0xffe0; 646 case 0xf222: /* System Configuration 2 */ 647 return s->config[1]; 648 649 case 0xf240: /* Controller Status */ 650 return s->status; 651 case 0xf241: /* Interrupt */ 652 return s->intstatus; 653 case 0xf24c: /* Unlock Start Block Address */ 654 return s->unladdr[0]; 655 case 0xf24d: /* Unlock End Block Address */ 656 return s->unladdr[1]; 657 case 0xf24e: /* Write Protection Status */ 658 return s->wpstatus; 659 660 case 0xff00: /* ECC Status */ 661 return 0x00; 662 case 0xff01: /* ECC Result of main area data */ 663 case 0xff02: /* ECC Result of spare area data */ 664 case 0xff03: /* ECC Result of main area data */ 665 case 0xff04: /* ECC Result of spare area data */ 666 qemu_log_mask(LOG_UNIMP, 667 "onenand: ECC result registers unimplemented\n"); 668 return 0x0000; 669 } 670 671 qemu_log_mask(LOG_GUEST_ERROR, "read of unknown OneNAND register 0x%x\n", 672 offset); 673 return 0; 674 } 675 676 static void onenand_write(void *opaque, hwaddr addr, 677 uint64_t value, unsigned size) 678 { 679 OneNANDState *s = (OneNANDState *) opaque; 680 int offset = addr >> s->shift; 681 int sec; 682 683 switch (offset) { 684 case 0x0000 ... 0x01ff: 685 case 0x8000 ... 0x800f: 686 if (s->cycle) { 687 s->cycle = 0; 688 689 if (value == 0x0000) { 690 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 691 onenand_load_main(s, sec, 692 1 << (PAGE_SHIFT - 9), s->data[0][0]); 693 s->addr[ONEN_BUF_PAGE] += 4; 694 s->addr[ONEN_BUF_PAGE] &= 0xff; 695 } 696 break; 697 } 698 699 switch (value) { 700 case 0x00f0: /* Reset OneNAND */ 701 onenand_reset(s, 0); 702 break; 703 704 case 0x00e0: /* Load Data into Buffer */ 705 s->cycle = 1; 706 break; 707 708 case 0x0090: /* Read Identification Data */ 709 memset(s->boot[0], 0, 3 << s->shift); 710 s->boot[0][0 << s->shift] = s->id.man & 0xff; 711 s->boot[0][1 << s->shift] = s->id.dev & 0xff; 712 s->boot[0][2 << s->shift] = s->wpstatus & 0xff; 713 break; 714 715 default: 716 qemu_log_mask(LOG_GUEST_ERROR, 717 "unknown OneNAND boot command %" PRIx64 "\n", 718 value); 719 } 720 break; 721 722 case 0xf100 ... 0xf107: /* Start addresses */ 723 s->addr[offset - 0xf100] = value; 724 break; 725 726 case 0xf200: /* Start buffer */ 727 s->bufaddr = (value >> 8) & 0xf; 728 if (PAGE_SHIFT == 11) 729 s->count = (value & 3) ?: 4; 730 else if (PAGE_SHIFT == 10) 731 s->count = (value & 1) ?: 2; 732 break; 733 734 case 0xf220: /* Command */ 735 if (s->intstatus & (1 << 15)) 736 break; 737 s->command = value; 738 onenand_command(s); 739 break; 740 case 0xf221: /* System Configuration 1 */ 741 s->config[0] = value; 742 onenand_intr_update(s); 743 qemu_set_irq(s->rdy, (s->config[0] >> 7) & 1); 744 break; 745 case 0xf222: /* System Configuration 2 */ 746 s->config[1] = value; 747 break; 748 749 case 0xf241: /* Interrupt */ 750 s->intstatus &= value; 751 if ((1 << 15) & ~s->intstatus) 752 s->status &= ~(ONEN_ERR_CMD | ONEN_ERR_ERASE | 753 ONEN_ERR_PROG | ONEN_ERR_LOAD); 754 onenand_intr_update(s); 755 break; 756 case 0xf24c: /* Unlock Start Block Address */ 757 s->unladdr[0] = value & (s->blocks - 1); 758 /* For some reason we have to set the end address to by default 759 * be same as start because the software forgets to write anything 760 * in there. */ 761 s->unladdr[1] = value & (s->blocks - 1); 762 break; 763 case 0xf24d: /* Unlock End Block Address */ 764 s->unladdr[1] = value & (s->blocks - 1); 765 break; 766 767 default: 768 qemu_log_mask(LOG_GUEST_ERROR, 769 "write to unknown OneNAND register 0x%x\n", 770 offset); 771 } 772 } 773 774 static const MemoryRegionOps onenand_ops = { 775 .read = onenand_read, 776 .write = onenand_write, 777 .endianness = DEVICE_NATIVE_ENDIAN, 778 }; 779 780 static void onenand_realize(DeviceState *dev, Error **errp) 781 { 782 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 783 OneNANDState *s = ONE_NAND(dev); 784 uint32_t size = 1 << (24 + ((s->id.dev >> 4) & 7)); 785 void *ram; 786 Error *local_err = NULL; 787 788 s->base = (hwaddr)-1; 789 s->rdy = NULL; 790 s->blocks = size >> BLOCK_SHIFT; 791 s->secs = size >> 9; 792 s->blockwp = g_malloc(s->blocks); 793 s->density_mask = (s->id.dev & 0x08) 794 ? (1 << (6 + ((s->id.dev >> 4) & 7))) : 0; 795 memory_region_init_io(&s->iomem, OBJECT(s), &onenand_ops, s, "onenand", 796 0x10000 << s->shift); 797 if (!s->blk) { 798 s->image = memset(g_malloc(size + (size >> 5)), 799 0xff, size + (size >> 5)); 800 } else { 801 if (blk_is_read_only(s->blk)) { 802 error_setg(errp, "Can't use a read-only drive"); 803 return; 804 } 805 blk_set_perm(s->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, 806 BLK_PERM_ALL, &local_err); 807 if (local_err) { 808 error_propagate(errp, local_err); 809 return; 810 } 811 s->blk_cur = s->blk; 812 } 813 s->otp = memset(g_malloc((64 + 2) << PAGE_SHIFT), 814 0xff, (64 + 2) << PAGE_SHIFT); 815 memory_region_init_ram_nomigrate(&s->ram, OBJECT(s), "onenand.ram", 816 0xc000 << s->shift, &error_fatal); 817 vmstate_register_ram_global(&s->ram); 818 ram = memory_region_get_ram_ptr(&s->ram); 819 s->boot[0] = ram + (0x0000 << s->shift); 820 s->boot[1] = ram + (0x8000 << s->shift); 821 s->data[0][0] = ram + ((0x0200 + (0 << (PAGE_SHIFT - 1))) << s->shift); 822 s->data[0][1] = ram + ((0x8010 + (0 << (PAGE_SHIFT - 6))) << s->shift); 823 s->data[1][0] = ram + ((0x0200 + (1 << (PAGE_SHIFT - 1))) << s->shift); 824 s->data[1][1] = ram + ((0x8010 + (1 << (PAGE_SHIFT - 6))) << s->shift); 825 onenand_mem_setup(s); 826 sysbus_init_irq(sbd, &s->intr); 827 sysbus_init_mmio(sbd, &s->container); 828 vmstate_register(VMSTATE_IF(dev), 829 ((s->shift & 0x7f) << 24) 830 | ((s->id.man & 0xff) << 16) 831 | ((s->id.dev & 0xff) << 8) 832 | (s->id.ver & 0xff), 833 &vmstate_onenand, s); 834 } 835 836 static Property onenand_properties[] = { 837 DEFINE_PROP_UINT16("manufacturer_id", OneNANDState, id.man, 0), 838 DEFINE_PROP_UINT16("device_id", OneNANDState, id.dev, 0), 839 DEFINE_PROP_UINT16("version_id", OneNANDState, id.ver, 0), 840 DEFINE_PROP_INT32("shift", OneNANDState, shift, 0), 841 DEFINE_PROP_DRIVE("drive", OneNANDState, blk), 842 DEFINE_PROP_END_OF_LIST(), 843 }; 844 845 static void onenand_class_init(ObjectClass *klass, void *data) 846 { 847 DeviceClass *dc = DEVICE_CLASS(klass); 848 849 dc->realize = onenand_realize; 850 dc->reset = onenand_system_reset; 851 device_class_set_props(dc, onenand_properties); 852 } 853 854 static const TypeInfo onenand_info = { 855 .name = TYPE_ONE_NAND, 856 .parent = TYPE_SYS_BUS_DEVICE, 857 .instance_size = sizeof(OneNANDState), 858 .class_init = onenand_class_init, 859 }; 860 861 static void onenand_register_types(void) 862 { 863 type_register_static(&onenand_info); 864 } 865 866 void *onenand_raw_otp(DeviceState *onenand_device) 867 { 868 OneNANDState *s = ONE_NAND(onenand_device); 869 870 return s->otp; 871 } 872 873 type_init(onenand_register_types) 874