1 /* 2 * OneNAND flash memories emulation. 3 * 4 * Copyright (C) 2008 Nokia Corporation 5 * Written by Andrzej Zaborowski <andrew@openedhand.com> 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License as 9 * published by the Free Software Foundation; either version 2 or 10 * (at your option) version 3 of the License. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License along 18 * with this program; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 #include "qemu/osdep.h" 22 #include "qemu-common.h" 23 #include "hw/hw.h" 24 #include "hw/block/flash.h" 25 #include "hw/irq.h" 26 #include "sysemu/block-backend.h" 27 #include "sysemu/blockdev.h" 28 #include "exec/memory.h" 29 #include "exec/address-spaces.h" 30 #include "hw/sysbus.h" 31 #include "qemu/error-report.h" 32 33 /* 11 for 2kB-page OneNAND ("2nd generation") and 10 for 1kB-page chips */ 34 #define PAGE_SHIFT 11 35 36 /* Fixed */ 37 #define BLOCK_SHIFT (PAGE_SHIFT + 6) 38 39 #define TYPE_ONE_NAND "onenand" 40 #define ONE_NAND(obj) OBJECT_CHECK(OneNANDState, (obj), TYPE_ONE_NAND) 41 42 typedef struct OneNANDState { 43 SysBusDevice parent_obj; 44 45 struct { 46 uint16_t man; 47 uint16_t dev; 48 uint16_t ver; 49 } id; 50 int shift; 51 hwaddr base; 52 qemu_irq intr; 53 qemu_irq rdy; 54 BlockBackend *blk; 55 BlockBackend *blk_cur; 56 uint8_t *image; 57 uint8_t *otp; 58 uint8_t *current; 59 MemoryRegion ram; 60 MemoryRegion mapped_ram; 61 uint8_t current_direction; 62 uint8_t *boot[2]; 63 uint8_t *data[2][2]; 64 MemoryRegion iomem; 65 MemoryRegion container; 66 int cycle; 67 int otpmode; 68 69 uint16_t addr[8]; 70 uint16_t unladdr[8]; 71 int bufaddr; 72 int count; 73 uint16_t command; 74 uint16_t config[2]; 75 uint16_t status; 76 uint16_t intstatus; 77 uint16_t wpstatus; 78 79 ECCState ecc; 80 81 int density_mask; 82 int secs; 83 int secs_cur; 84 int blocks; 85 uint8_t *blockwp; 86 } OneNANDState; 87 88 enum { 89 ONEN_BUF_BLOCK = 0, 90 ONEN_BUF_BLOCK2 = 1, 91 ONEN_BUF_DEST_BLOCK = 2, 92 ONEN_BUF_DEST_PAGE = 3, 93 ONEN_BUF_PAGE = 7, 94 }; 95 96 enum { 97 ONEN_ERR_CMD = 1 << 10, 98 ONEN_ERR_ERASE = 1 << 11, 99 ONEN_ERR_PROG = 1 << 12, 100 ONEN_ERR_LOAD = 1 << 13, 101 }; 102 103 enum { 104 ONEN_INT_RESET = 1 << 4, 105 ONEN_INT_ERASE = 1 << 5, 106 ONEN_INT_PROG = 1 << 6, 107 ONEN_INT_LOAD = 1 << 7, 108 ONEN_INT = 1 << 15, 109 }; 110 111 enum { 112 ONEN_LOCK_LOCKTIGHTEN = 1 << 0, 113 ONEN_LOCK_LOCKED = 1 << 1, 114 ONEN_LOCK_UNLOCKED = 1 << 2, 115 }; 116 117 static void onenand_mem_setup(OneNANDState *s) 118 { 119 /* XXX: We should use IO_MEM_ROMD but we broke it earlier... 120 * Both 0x0000 ... 0x01ff and 0x8000 ... 0x800f can be used to 121 * write boot commands. Also take note of the BWPS bit. */ 122 memory_region_init(&s->container, OBJECT(s), "onenand", 123 0x10000 << s->shift); 124 memory_region_add_subregion(&s->container, 0, &s->iomem); 125 memory_region_init_alias(&s->mapped_ram, OBJECT(s), "onenand-mapped-ram", 126 &s->ram, 0x0200 << s->shift, 127 0xbe00 << s->shift); 128 memory_region_add_subregion_overlap(&s->container, 129 0x0200 << s->shift, 130 &s->mapped_ram, 131 1); 132 } 133 134 static void onenand_intr_update(OneNANDState *s) 135 { 136 qemu_set_irq(s->intr, ((s->intstatus >> 15) ^ (~s->config[0] >> 6)) & 1); 137 } 138 139 static void onenand_pre_save(void *opaque) 140 { 141 OneNANDState *s = opaque; 142 if (s->current == s->otp) { 143 s->current_direction = 1; 144 } else if (s->current == s->image) { 145 s->current_direction = 2; 146 } else { 147 s->current_direction = 0; 148 } 149 } 150 151 static int onenand_post_load(void *opaque, int version_id) 152 { 153 OneNANDState *s = opaque; 154 switch (s->current_direction) { 155 case 0: 156 break; 157 case 1: 158 s->current = s->otp; 159 break; 160 case 2: 161 s->current = s->image; 162 break; 163 default: 164 return -1; 165 } 166 onenand_intr_update(s); 167 return 0; 168 } 169 170 static const VMStateDescription vmstate_onenand = { 171 .name = "onenand", 172 .version_id = 1, 173 .minimum_version_id = 1, 174 .pre_save = onenand_pre_save, 175 .post_load = onenand_post_load, 176 .fields = (VMStateField[]) { 177 VMSTATE_UINT8(current_direction, OneNANDState), 178 VMSTATE_INT32(cycle, OneNANDState), 179 VMSTATE_INT32(otpmode, OneNANDState), 180 VMSTATE_UINT16_ARRAY(addr, OneNANDState, 8), 181 VMSTATE_UINT16_ARRAY(unladdr, OneNANDState, 8), 182 VMSTATE_INT32(bufaddr, OneNANDState), 183 VMSTATE_INT32(count, OneNANDState), 184 VMSTATE_UINT16(command, OneNANDState), 185 VMSTATE_UINT16_ARRAY(config, OneNANDState, 2), 186 VMSTATE_UINT16(status, OneNANDState), 187 VMSTATE_UINT16(intstatus, OneNANDState), 188 VMSTATE_UINT16(wpstatus, OneNANDState), 189 VMSTATE_INT32(secs_cur, OneNANDState), 190 VMSTATE_PARTIAL_VBUFFER(blockwp, OneNANDState, blocks), 191 VMSTATE_UINT8(ecc.cp, OneNANDState), 192 VMSTATE_UINT16_ARRAY(ecc.lp, OneNANDState, 2), 193 VMSTATE_UINT16(ecc.count, OneNANDState), 194 VMSTATE_BUFFER_POINTER_UNSAFE(otp, OneNANDState, 0, 195 ((64 + 2) << PAGE_SHIFT)), 196 VMSTATE_END_OF_LIST() 197 } 198 }; 199 200 /* Hot reset (Reset OneNAND command) or warm reset (RP pin low) */ 201 static void onenand_reset(OneNANDState *s, int cold) 202 { 203 memset(&s->addr, 0, sizeof(s->addr)); 204 s->command = 0; 205 s->count = 1; 206 s->bufaddr = 0; 207 s->config[0] = 0x40c0; 208 s->config[1] = 0x0000; 209 onenand_intr_update(s); 210 qemu_irq_raise(s->rdy); 211 s->status = 0x0000; 212 s->intstatus = cold ? 0x8080 : 0x8010; 213 s->unladdr[0] = 0; 214 s->unladdr[1] = 0; 215 s->wpstatus = 0x0002; 216 s->cycle = 0; 217 s->otpmode = 0; 218 s->blk_cur = s->blk; 219 s->current = s->image; 220 s->secs_cur = s->secs; 221 222 if (cold) { 223 /* Lock the whole flash */ 224 memset(s->blockwp, ONEN_LOCK_LOCKED, s->blocks); 225 226 if (s->blk_cur && blk_read(s->blk_cur, 0, s->boot[0], 8) < 0) { 227 hw_error("%s: Loading the BootRAM failed.\n", __func__); 228 } 229 } 230 } 231 232 static void onenand_system_reset(DeviceState *dev) 233 { 234 OneNANDState *s = ONE_NAND(dev); 235 236 onenand_reset(s, 1); 237 } 238 239 static inline int onenand_load_main(OneNANDState *s, int sec, int secn, 240 void *dest) 241 { 242 if (s->blk_cur) { 243 return blk_read(s->blk_cur, sec, dest, secn) < 0; 244 } else if (sec + secn > s->secs_cur) { 245 return 1; 246 } 247 248 memcpy(dest, s->current + (sec << 9), secn << 9); 249 250 return 0; 251 } 252 253 static inline int onenand_prog_main(OneNANDState *s, int sec, int secn, 254 void *src) 255 { 256 int result = 0; 257 258 if (secn > 0) { 259 uint32_t size = (uint32_t)secn * 512; 260 const uint8_t *sp = (const uint8_t *)src; 261 uint8_t *dp = 0; 262 if (s->blk_cur) { 263 dp = g_malloc(size); 264 if (!dp || blk_read(s->blk_cur, sec, dp, secn) < 0) { 265 result = 1; 266 } 267 } else { 268 if (sec + secn > s->secs_cur) { 269 result = 1; 270 } else { 271 dp = (uint8_t *)s->current + (sec << 9); 272 } 273 } 274 if (!result) { 275 uint32_t i; 276 for (i = 0; i < size; i++) { 277 dp[i] &= sp[i]; 278 } 279 if (s->blk_cur) { 280 result = blk_write(s->blk_cur, sec, dp, secn) < 0; 281 } 282 } 283 if (dp && s->blk_cur) { 284 g_free(dp); 285 } 286 } 287 288 return result; 289 } 290 291 static inline int onenand_load_spare(OneNANDState *s, int sec, int secn, 292 void *dest) 293 { 294 uint8_t buf[512]; 295 296 if (s->blk_cur) { 297 if (blk_read(s->blk_cur, s->secs_cur + (sec >> 5), buf, 1) < 0) { 298 return 1; 299 } 300 memcpy(dest, buf + ((sec & 31) << 4), secn << 4); 301 } else if (sec + secn > s->secs_cur) { 302 return 1; 303 } else { 304 memcpy(dest, s->current + (s->secs_cur << 9) + (sec << 4), secn << 4); 305 } 306 307 return 0; 308 } 309 310 static inline int onenand_prog_spare(OneNANDState *s, int sec, int secn, 311 void *src) 312 { 313 int result = 0; 314 if (secn > 0) { 315 const uint8_t *sp = (const uint8_t *)src; 316 uint8_t *dp = 0, *dpp = 0; 317 if (s->blk_cur) { 318 dp = g_malloc(512); 319 if (!dp 320 || blk_read(s->blk_cur, s->secs_cur + (sec >> 5), dp, 1) < 0) { 321 result = 1; 322 } else { 323 dpp = dp + ((sec & 31) << 4); 324 } 325 } else { 326 if (sec + secn > s->secs_cur) { 327 result = 1; 328 } else { 329 dpp = s->current + (s->secs_cur << 9) + (sec << 4); 330 } 331 } 332 if (!result) { 333 uint32_t i; 334 for (i = 0; i < (secn << 4); i++) { 335 dpp[i] &= sp[i]; 336 } 337 if (s->blk_cur) { 338 result = blk_write(s->blk_cur, s->secs_cur + (sec >> 5), 339 dp, 1) < 0; 340 } 341 } 342 g_free(dp); 343 } 344 return result; 345 } 346 347 static inline int onenand_erase(OneNANDState *s, int sec, int num) 348 { 349 uint8_t *blankbuf, *tmpbuf; 350 351 blankbuf = g_malloc(512); 352 tmpbuf = g_malloc(512); 353 memset(blankbuf, 0xff, 512); 354 for (; num > 0; num--, sec++) { 355 if (s->blk_cur) { 356 int erasesec = s->secs_cur + (sec >> 5); 357 if (blk_write(s->blk_cur, sec, blankbuf, 1) < 0) { 358 goto fail; 359 } 360 if (blk_read(s->blk_cur, erasesec, tmpbuf, 1) < 0) { 361 goto fail; 362 } 363 memcpy(tmpbuf + ((sec & 31) << 4), blankbuf, 1 << 4); 364 if (blk_write(s->blk_cur, erasesec, tmpbuf, 1) < 0) { 365 goto fail; 366 } 367 } else { 368 if (sec + 1 > s->secs_cur) { 369 goto fail; 370 } 371 memcpy(s->current + (sec << 9), blankbuf, 512); 372 memcpy(s->current + (s->secs_cur << 9) + (sec << 4), 373 blankbuf, 1 << 4); 374 } 375 } 376 377 g_free(tmpbuf); 378 g_free(blankbuf); 379 return 0; 380 381 fail: 382 g_free(tmpbuf); 383 g_free(blankbuf); 384 return 1; 385 } 386 387 static void onenand_command(OneNANDState *s) 388 { 389 int b; 390 int sec; 391 void *buf; 392 #define SETADDR(block, page) \ 393 sec = (s->addr[page] & 3) + \ 394 ((((s->addr[page] >> 2) & 0x3f) + \ 395 (((s->addr[block] & 0xfff) | \ 396 (s->addr[block] >> 15 ? \ 397 s->density_mask : 0)) << 6)) << (PAGE_SHIFT - 9)); 398 #define SETBUF_M() \ 399 buf = (s->bufaddr & 8) ? \ 400 s->data[(s->bufaddr >> 2) & 1][0] : s->boot[0]; \ 401 buf += (s->bufaddr & 3) << 9; 402 #define SETBUF_S() \ 403 buf = (s->bufaddr & 8) ? \ 404 s->data[(s->bufaddr >> 2) & 1][1] : s->boot[1]; \ 405 buf += (s->bufaddr & 3) << 4; 406 407 switch (s->command) { 408 case 0x00: /* Load single/multiple sector data unit into buffer */ 409 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 410 411 SETBUF_M() 412 if (onenand_load_main(s, sec, s->count, buf)) 413 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 414 415 #if 0 416 SETBUF_S() 417 if (onenand_load_spare(s, sec, s->count, buf)) 418 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 419 #endif 420 421 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 422 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 423 * then we need two split the read/write into two chunks. 424 */ 425 s->intstatus |= ONEN_INT | ONEN_INT_LOAD; 426 break; 427 case 0x13: /* Load single/multiple spare sector into buffer */ 428 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 429 430 SETBUF_S() 431 if (onenand_load_spare(s, sec, s->count, buf)) 432 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 433 434 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 435 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 436 * then we need two split the read/write into two chunks. 437 */ 438 s->intstatus |= ONEN_INT | ONEN_INT_LOAD; 439 break; 440 case 0x80: /* Program single/multiple sector data unit from buffer */ 441 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 442 443 SETBUF_M() 444 if (onenand_prog_main(s, sec, s->count, buf)) 445 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 446 447 #if 0 448 SETBUF_S() 449 if (onenand_prog_spare(s, sec, s->count, buf)) 450 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 451 #endif 452 453 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 454 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 455 * then we need two split the read/write into two chunks. 456 */ 457 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 458 break; 459 case 0x1a: /* Program single/multiple spare area sector from buffer */ 460 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 461 462 SETBUF_S() 463 if (onenand_prog_spare(s, sec, s->count, buf)) 464 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 465 466 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 467 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 468 * then we need two split the read/write into two chunks. 469 */ 470 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 471 break; 472 case 0x1b: /* Copy-back program */ 473 SETBUF_S() 474 475 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 476 if (onenand_load_main(s, sec, s->count, buf)) 477 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 478 479 SETADDR(ONEN_BUF_DEST_BLOCK, ONEN_BUF_DEST_PAGE) 480 if (onenand_prog_main(s, sec, s->count, buf)) 481 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 482 483 /* TODO: spare areas */ 484 485 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 486 break; 487 488 case 0x23: /* Unlock NAND array block(s) */ 489 s->intstatus |= ONEN_INT; 490 491 /* XXX the previous (?) area should be locked automatically */ 492 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 493 if (b >= s->blocks) { 494 s->status |= ONEN_ERR_CMD; 495 break; 496 } 497 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 498 break; 499 500 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED; 501 } 502 break; 503 case 0x27: /* Unlock All NAND array blocks */ 504 s->intstatus |= ONEN_INT; 505 506 for (b = 0; b < s->blocks; b ++) { 507 if (b >= s->blocks) { 508 s->status |= ONEN_ERR_CMD; 509 break; 510 } 511 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 512 break; 513 514 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED; 515 } 516 break; 517 518 case 0x2a: /* Lock NAND array block(s) */ 519 s->intstatus |= ONEN_INT; 520 521 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 522 if (b >= s->blocks) { 523 s->status |= ONEN_ERR_CMD; 524 break; 525 } 526 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 527 break; 528 529 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKED; 530 } 531 break; 532 case 0x2c: /* Lock-tight NAND array block(s) */ 533 s->intstatus |= ONEN_INT; 534 535 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 536 if (b >= s->blocks) { 537 s->status |= ONEN_ERR_CMD; 538 break; 539 } 540 if (s->blockwp[b] == ONEN_LOCK_UNLOCKED) 541 continue; 542 543 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKTIGHTEN; 544 } 545 break; 546 547 case 0x71: /* Erase-Verify-Read */ 548 s->intstatus |= ONEN_INT; 549 break; 550 case 0x95: /* Multi-block erase */ 551 qemu_irq_pulse(s->intr); 552 /* Fall through. */ 553 case 0x94: /* Block erase */ 554 sec = ((s->addr[ONEN_BUF_BLOCK] & 0xfff) | 555 (s->addr[ONEN_BUF_BLOCK] >> 15 ? s->density_mask : 0)) 556 << (BLOCK_SHIFT - 9); 557 if (onenand_erase(s, sec, 1 << (BLOCK_SHIFT - 9))) 558 s->status |= ONEN_ERR_CMD | ONEN_ERR_ERASE; 559 560 s->intstatus |= ONEN_INT | ONEN_INT_ERASE; 561 break; 562 case 0xb0: /* Erase suspend */ 563 break; 564 case 0x30: /* Erase resume */ 565 s->intstatus |= ONEN_INT | ONEN_INT_ERASE; 566 break; 567 568 case 0xf0: /* Reset NAND Flash core */ 569 onenand_reset(s, 0); 570 break; 571 case 0xf3: /* Reset OneNAND */ 572 onenand_reset(s, 0); 573 break; 574 575 case 0x65: /* OTP Access */ 576 s->intstatus |= ONEN_INT; 577 s->blk_cur = NULL; 578 s->current = s->otp; 579 s->secs_cur = 1 << (BLOCK_SHIFT - 9); 580 s->addr[ONEN_BUF_BLOCK] = 0; 581 s->otpmode = 1; 582 break; 583 584 default: 585 s->status |= ONEN_ERR_CMD; 586 s->intstatus |= ONEN_INT; 587 fprintf(stderr, "%s: unknown OneNAND command %x\n", 588 __func__, s->command); 589 } 590 591 onenand_intr_update(s); 592 } 593 594 static uint64_t onenand_read(void *opaque, hwaddr addr, 595 unsigned size) 596 { 597 OneNANDState *s = (OneNANDState *) opaque; 598 int offset = addr >> s->shift; 599 600 switch (offset) { 601 case 0x0000 ... 0xc000: 602 return lduw_le_p(s->boot[0] + addr); 603 604 case 0xf000: /* Manufacturer ID */ 605 return s->id.man; 606 case 0xf001: /* Device ID */ 607 return s->id.dev; 608 case 0xf002: /* Version ID */ 609 return s->id.ver; 610 /* TODO: get the following values from a real chip! */ 611 case 0xf003: /* Data Buffer size */ 612 return 1 << PAGE_SHIFT; 613 case 0xf004: /* Boot Buffer size */ 614 return 0x200; 615 case 0xf005: /* Amount of buffers */ 616 return 1 | (2 << 8); 617 case 0xf006: /* Technology */ 618 return 0; 619 620 case 0xf100 ... 0xf107: /* Start addresses */ 621 return s->addr[offset - 0xf100]; 622 623 case 0xf200: /* Start buffer */ 624 return (s->bufaddr << 8) | ((s->count - 1) & (1 << (PAGE_SHIFT - 10))); 625 626 case 0xf220: /* Command */ 627 return s->command; 628 case 0xf221: /* System Configuration 1 */ 629 return s->config[0] & 0xffe0; 630 case 0xf222: /* System Configuration 2 */ 631 return s->config[1]; 632 633 case 0xf240: /* Controller Status */ 634 return s->status; 635 case 0xf241: /* Interrupt */ 636 return s->intstatus; 637 case 0xf24c: /* Unlock Start Block Address */ 638 return s->unladdr[0]; 639 case 0xf24d: /* Unlock End Block Address */ 640 return s->unladdr[1]; 641 case 0xf24e: /* Write Protection Status */ 642 return s->wpstatus; 643 644 case 0xff00: /* ECC Status */ 645 return 0x00; 646 case 0xff01: /* ECC Result of main area data */ 647 case 0xff02: /* ECC Result of spare area data */ 648 case 0xff03: /* ECC Result of main area data */ 649 case 0xff04: /* ECC Result of spare area data */ 650 hw_error("%s: imeplement ECC\n", __FUNCTION__); 651 return 0x0000; 652 } 653 654 fprintf(stderr, "%s: unknown OneNAND register %x\n", 655 __FUNCTION__, offset); 656 return 0; 657 } 658 659 static void onenand_write(void *opaque, hwaddr addr, 660 uint64_t value, unsigned size) 661 { 662 OneNANDState *s = (OneNANDState *) opaque; 663 int offset = addr >> s->shift; 664 int sec; 665 666 switch (offset) { 667 case 0x0000 ... 0x01ff: 668 case 0x8000 ... 0x800f: 669 if (s->cycle) { 670 s->cycle = 0; 671 672 if (value == 0x0000) { 673 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 674 onenand_load_main(s, sec, 675 1 << (PAGE_SHIFT - 9), s->data[0][0]); 676 s->addr[ONEN_BUF_PAGE] += 4; 677 s->addr[ONEN_BUF_PAGE] &= 0xff; 678 } 679 break; 680 } 681 682 switch (value) { 683 case 0x00f0: /* Reset OneNAND */ 684 onenand_reset(s, 0); 685 break; 686 687 case 0x00e0: /* Load Data into Buffer */ 688 s->cycle = 1; 689 break; 690 691 case 0x0090: /* Read Identification Data */ 692 memset(s->boot[0], 0, 3 << s->shift); 693 s->boot[0][0 << s->shift] = s->id.man & 0xff; 694 s->boot[0][1 << s->shift] = s->id.dev & 0xff; 695 s->boot[0][2 << s->shift] = s->wpstatus & 0xff; 696 break; 697 698 default: 699 fprintf(stderr, "%s: unknown OneNAND boot command %"PRIx64"\n", 700 __FUNCTION__, value); 701 } 702 break; 703 704 case 0xf100 ... 0xf107: /* Start addresses */ 705 s->addr[offset - 0xf100] = value; 706 break; 707 708 case 0xf200: /* Start buffer */ 709 s->bufaddr = (value >> 8) & 0xf; 710 if (PAGE_SHIFT == 11) 711 s->count = (value & 3) ?: 4; 712 else if (PAGE_SHIFT == 10) 713 s->count = (value & 1) ?: 2; 714 break; 715 716 case 0xf220: /* Command */ 717 if (s->intstatus & (1 << 15)) 718 break; 719 s->command = value; 720 onenand_command(s); 721 break; 722 case 0xf221: /* System Configuration 1 */ 723 s->config[0] = value; 724 onenand_intr_update(s); 725 qemu_set_irq(s->rdy, (s->config[0] >> 7) & 1); 726 break; 727 case 0xf222: /* System Configuration 2 */ 728 s->config[1] = value; 729 break; 730 731 case 0xf241: /* Interrupt */ 732 s->intstatus &= value; 733 if ((1 << 15) & ~s->intstatus) 734 s->status &= ~(ONEN_ERR_CMD | ONEN_ERR_ERASE | 735 ONEN_ERR_PROG | ONEN_ERR_LOAD); 736 onenand_intr_update(s); 737 break; 738 case 0xf24c: /* Unlock Start Block Address */ 739 s->unladdr[0] = value & (s->blocks - 1); 740 /* For some reason we have to set the end address to by default 741 * be same as start because the software forgets to write anything 742 * in there. */ 743 s->unladdr[1] = value & (s->blocks - 1); 744 break; 745 case 0xf24d: /* Unlock End Block Address */ 746 s->unladdr[1] = value & (s->blocks - 1); 747 break; 748 749 default: 750 fprintf(stderr, "%s: unknown OneNAND register %x\n", 751 __FUNCTION__, offset); 752 } 753 } 754 755 static const MemoryRegionOps onenand_ops = { 756 .read = onenand_read, 757 .write = onenand_write, 758 .endianness = DEVICE_NATIVE_ENDIAN, 759 }; 760 761 static int onenand_initfn(SysBusDevice *sbd) 762 { 763 DeviceState *dev = DEVICE(sbd); 764 OneNANDState *s = ONE_NAND(dev); 765 uint32_t size = 1 << (24 + ((s->id.dev >> 4) & 7)); 766 void *ram; 767 768 s->base = (hwaddr)-1; 769 s->rdy = NULL; 770 s->blocks = size >> BLOCK_SHIFT; 771 s->secs = size >> 9; 772 s->blockwp = g_malloc(s->blocks); 773 s->density_mask = (s->id.dev & 0x08) 774 ? (1 << (6 + ((s->id.dev >> 4) & 7))) : 0; 775 memory_region_init_io(&s->iomem, OBJECT(s), &onenand_ops, s, "onenand", 776 0x10000 << s->shift); 777 if (!s->blk) { 778 s->image = memset(g_malloc(size + (size >> 5)), 779 0xff, size + (size >> 5)); 780 } else { 781 if (blk_is_read_only(s->blk)) { 782 error_report("Can't use a read-only drive"); 783 return -1; 784 } 785 s->blk_cur = s->blk; 786 } 787 s->otp = memset(g_malloc((64 + 2) << PAGE_SHIFT), 788 0xff, (64 + 2) << PAGE_SHIFT); 789 memory_region_init_ram(&s->ram, OBJECT(s), "onenand.ram", 790 0xc000 << s->shift, &error_fatal); 791 vmstate_register_ram_global(&s->ram); 792 ram = memory_region_get_ram_ptr(&s->ram); 793 s->boot[0] = ram + (0x0000 << s->shift); 794 s->boot[1] = ram + (0x8000 << s->shift); 795 s->data[0][0] = ram + ((0x0200 + (0 << (PAGE_SHIFT - 1))) << s->shift); 796 s->data[0][1] = ram + ((0x8010 + (0 << (PAGE_SHIFT - 6))) << s->shift); 797 s->data[1][0] = ram + ((0x0200 + (1 << (PAGE_SHIFT - 1))) << s->shift); 798 s->data[1][1] = ram + ((0x8010 + (1 << (PAGE_SHIFT - 6))) << s->shift); 799 onenand_mem_setup(s); 800 sysbus_init_irq(sbd, &s->intr); 801 sysbus_init_mmio(sbd, &s->container); 802 vmstate_register(dev, 803 ((s->shift & 0x7f) << 24) 804 | ((s->id.man & 0xff) << 16) 805 | ((s->id.dev & 0xff) << 8) 806 | (s->id.ver & 0xff), 807 &vmstate_onenand, s); 808 return 0; 809 } 810 811 static Property onenand_properties[] = { 812 DEFINE_PROP_UINT16("manufacturer_id", OneNANDState, id.man, 0), 813 DEFINE_PROP_UINT16("device_id", OneNANDState, id.dev, 0), 814 DEFINE_PROP_UINT16("version_id", OneNANDState, id.ver, 0), 815 DEFINE_PROP_INT32("shift", OneNANDState, shift, 0), 816 DEFINE_PROP_DRIVE("drive", OneNANDState, blk), 817 DEFINE_PROP_END_OF_LIST(), 818 }; 819 820 static void onenand_class_init(ObjectClass *klass, void *data) 821 { 822 DeviceClass *dc = DEVICE_CLASS(klass); 823 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass); 824 825 k->init = onenand_initfn; 826 dc->reset = onenand_system_reset; 827 dc->props = onenand_properties; 828 } 829 830 static const TypeInfo onenand_info = { 831 .name = TYPE_ONE_NAND, 832 .parent = TYPE_SYS_BUS_DEVICE, 833 .instance_size = sizeof(OneNANDState), 834 .class_init = onenand_class_init, 835 }; 836 837 static void onenand_register_types(void) 838 { 839 type_register_static(&onenand_info); 840 } 841 842 void *onenand_raw_otp(DeviceState *onenand_device) 843 { 844 OneNANDState *s = ONE_NAND(onenand_device); 845 846 return s->otp; 847 } 848 849 type_init(onenand_register_types) 850