1 /* 2 * OneNAND flash memories emulation. 3 * 4 * Copyright (C) 2008 Nokia Corporation 5 * Written by Andrzej Zaborowski <andrew@openedhand.com> 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License as 9 * published by the Free Software Foundation; either version 2 or 10 * (at your option) version 3 of the License. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License along 18 * with this program; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 #include "qemu/osdep.h" 22 #include "qapi/error.h" 23 #include "hw/hw.h" 24 #include "hw/block/flash.h" 25 #include "hw/irq.h" 26 #include "hw/qdev-properties.h" 27 #include "sysemu/block-backend.h" 28 #include "exec/memory.h" 29 #include "hw/sysbus.h" 30 #include "migration/vmstate.h" 31 #include "qemu/error-report.h" 32 #include "qemu/log.h" 33 #include "qemu/module.h" 34 #include "qom/object.h" 35 36 /* 11 for 2kB-page OneNAND ("2nd generation") and 10 for 1kB-page chips */ 37 #define PAGE_SHIFT 11 38 39 /* Fixed */ 40 #define BLOCK_SHIFT (PAGE_SHIFT + 6) 41 42 #define TYPE_ONE_NAND "onenand" 43 OBJECT_DECLARE_SIMPLE_TYPE(OneNANDState, ONE_NAND) 44 45 struct OneNANDState { 46 SysBusDevice parent_obj; 47 48 struct { 49 uint16_t man; 50 uint16_t dev; 51 uint16_t ver; 52 } id; 53 int shift; 54 hwaddr base; 55 qemu_irq intr; 56 qemu_irq rdy; 57 BlockBackend *blk; 58 BlockBackend *blk_cur; 59 uint8_t *image; 60 uint8_t *otp; 61 uint8_t *current; 62 MemoryRegion ram; 63 MemoryRegion mapped_ram; 64 uint8_t current_direction; 65 uint8_t *boot[2]; 66 uint8_t *data[2][2]; 67 MemoryRegion iomem; 68 MemoryRegion container; 69 int cycle; 70 int otpmode; 71 72 uint16_t addr[8]; 73 uint16_t unladdr[8]; 74 int bufaddr; 75 int count; 76 uint16_t command; 77 uint16_t config[2]; 78 uint16_t status; 79 uint16_t intstatus; 80 uint16_t wpstatus; 81 82 ECCState ecc; 83 84 int density_mask; 85 int secs; 86 int secs_cur; 87 int blocks; 88 uint8_t *blockwp; 89 }; 90 91 enum { 92 ONEN_BUF_BLOCK = 0, 93 ONEN_BUF_BLOCK2 = 1, 94 ONEN_BUF_DEST_BLOCK = 2, 95 ONEN_BUF_DEST_PAGE = 3, 96 ONEN_BUF_PAGE = 7, 97 }; 98 99 enum { 100 ONEN_ERR_CMD = 1 << 10, 101 ONEN_ERR_ERASE = 1 << 11, 102 ONEN_ERR_PROG = 1 << 12, 103 ONEN_ERR_LOAD = 1 << 13, 104 }; 105 106 enum { 107 ONEN_INT_RESET = 1 << 4, 108 ONEN_INT_ERASE = 1 << 5, 109 ONEN_INT_PROG = 1 << 6, 110 ONEN_INT_LOAD = 1 << 7, 111 ONEN_INT = 1 << 15, 112 }; 113 114 enum { 115 ONEN_LOCK_LOCKTIGHTEN = 1 << 0, 116 ONEN_LOCK_LOCKED = 1 << 1, 117 ONEN_LOCK_UNLOCKED = 1 << 2, 118 }; 119 120 static void onenand_mem_setup(OneNANDState *s) 121 { 122 /* XXX: We should use IO_MEM_ROMD but we broke it earlier... 123 * Both 0x0000 ... 0x01ff and 0x8000 ... 0x800f can be used to 124 * write boot commands. Also take note of the BWPS bit. */ 125 memory_region_init(&s->container, OBJECT(s), "onenand", 126 0x10000 << s->shift); 127 memory_region_add_subregion(&s->container, 0, &s->iomem); 128 memory_region_init_alias(&s->mapped_ram, OBJECT(s), "onenand-mapped-ram", 129 &s->ram, 0x0200 << s->shift, 130 0xbe00 << s->shift); 131 memory_region_add_subregion_overlap(&s->container, 132 0x0200 << s->shift, 133 &s->mapped_ram, 134 1); 135 } 136 137 static void onenand_intr_update(OneNANDState *s) 138 { 139 qemu_set_irq(s->intr, ((s->intstatus >> 15) ^ (~s->config[0] >> 6)) & 1); 140 } 141 142 static int onenand_pre_save(void *opaque) 143 { 144 OneNANDState *s = opaque; 145 if (s->current == s->otp) { 146 s->current_direction = 1; 147 } else if (s->current == s->image) { 148 s->current_direction = 2; 149 } else { 150 s->current_direction = 0; 151 } 152 153 return 0; 154 } 155 156 static int onenand_post_load(void *opaque, int version_id) 157 { 158 OneNANDState *s = opaque; 159 switch (s->current_direction) { 160 case 0: 161 break; 162 case 1: 163 s->current = s->otp; 164 break; 165 case 2: 166 s->current = s->image; 167 break; 168 default: 169 return -1; 170 } 171 onenand_intr_update(s); 172 return 0; 173 } 174 175 static const VMStateDescription vmstate_onenand = { 176 .name = "onenand", 177 .version_id = 1, 178 .minimum_version_id = 1, 179 .pre_save = onenand_pre_save, 180 .post_load = onenand_post_load, 181 .fields = (VMStateField[]) { 182 VMSTATE_UINT8(current_direction, OneNANDState), 183 VMSTATE_INT32(cycle, OneNANDState), 184 VMSTATE_INT32(otpmode, OneNANDState), 185 VMSTATE_UINT16_ARRAY(addr, OneNANDState, 8), 186 VMSTATE_UINT16_ARRAY(unladdr, OneNANDState, 8), 187 VMSTATE_INT32(bufaddr, OneNANDState), 188 VMSTATE_INT32(count, OneNANDState), 189 VMSTATE_UINT16(command, OneNANDState), 190 VMSTATE_UINT16_ARRAY(config, OneNANDState, 2), 191 VMSTATE_UINT16(status, OneNANDState), 192 VMSTATE_UINT16(intstatus, OneNANDState), 193 VMSTATE_UINT16(wpstatus, OneNANDState), 194 VMSTATE_INT32(secs_cur, OneNANDState), 195 VMSTATE_PARTIAL_VBUFFER(blockwp, OneNANDState, blocks), 196 VMSTATE_UINT8(ecc.cp, OneNANDState), 197 VMSTATE_UINT16_ARRAY(ecc.lp, OneNANDState, 2), 198 VMSTATE_UINT16(ecc.count, OneNANDState), 199 VMSTATE_BUFFER_POINTER_UNSAFE(otp, OneNANDState, 0, 200 ((64 + 2) << PAGE_SHIFT)), 201 VMSTATE_END_OF_LIST() 202 } 203 }; 204 205 /* Hot reset (Reset OneNAND command) or warm reset (RP pin low) */ 206 static void onenand_reset(OneNANDState *s, int cold) 207 { 208 memset(&s->addr, 0, sizeof(s->addr)); 209 s->command = 0; 210 s->count = 1; 211 s->bufaddr = 0; 212 s->config[0] = 0x40c0; 213 s->config[1] = 0x0000; 214 onenand_intr_update(s); 215 qemu_irq_raise(s->rdy); 216 s->status = 0x0000; 217 s->intstatus = cold ? 0x8080 : 0x8010; 218 s->unladdr[0] = 0; 219 s->unladdr[1] = 0; 220 s->wpstatus = 0x0002; 221 s->cycle = 0; 222 s->otpmode = 0; 223 s->blk_cur = s->blk; 224 s->current = s->image; 225 s->secs_cur = s->secs; 226 227 if (cold) { 228 /* Lock the whole flash */ 229 memset(s->blockwp, ONEN_LOCK_LOCKED, s->blocks); 230 231 if (s->blk_cur && blk_pread(s->blk_cur, 0, s->boot[0], 232 8 << BDRV_SECTOR_BITS) < 0) { 233 hw_error("%s: Loading the BootRAM failed.\n", __func__); 234 } 235 } 236 } 237 238 static void onenand_system_reset(DeviceState *dev) 239 { 240 OneNANDState *s = ONE_NAND(dev); 241 242 onenand_reset(s, 1); 243 } 244 245 static inline int onenand_load_main(OneNANDState *s, int sec, int secn, 246 void *dest) 247 { 248 assert(UINT32_MAX >> BDRV_SECTOR_BITS > sec); 249 assert(UINT32_MAX >> BDRV_SECTOR_BITS > secn); 250 if (s->blk_cur) { 251 return blk_pread(s->blk_cur, sec << BDRV_SECTOR_BITS, dest, 252 secn << BDRV_SECTOR_BITS) < 0; 253 } else if (sec + secn > s->secs_cur) { 254 return 1; 255 } 256 257 memcpy(dest, s->current + (sec << 9), secn << 9); 258 259 return 0; 260 } 261 262 static inline int onenand_prog_main(OneNANDState *s, int sec, int secn, 263 void *src) 264 { 265 int result = 0; 266 267 if (secn > 0) { 268 uint32_t size = secn << BDRV_SECTOR_BITS; 269 uint32_t offset = sec << BDRV_SECTOR_BITS; 270 assert(UINT32_MAX >> BDRV_SECTOR_BITS > sec); 271 assert(UINT32_MAX >> BDRV_SECTOR_BITS > secn); 272 const uint8_t *sp = (const uint8_t *)src; 273 uint8_t *dp = 0; 274 if (s->blk_cur) { 275 dp = g_malloc(size); 276 if (!dp || blk_pread(s->blk_cur, offset, dp, size) < 0) { 277 result = 1; 278 } 279 } else { 280 if (sec + secn > s->secs_cur) { 281 result = 1; 282 } else { 283 dp = (uint8_t *)s->current + offset; 284 } 285 } 286 if (!result) { 287 uint32_t i; 288 for (i = 0; i < size; i++) { 289 dp[i] &= sp[i]; 290 } 291 if (s->blk_cur) { 292 result = blk_pwrite(s->blk_cur, offset, dp, size, 0) < 0; 293 } 294 } 295 if (dp && s->blk_cur) { 296 g_free(dp); 297 } 298 } 299 300 return result; 301 } 302 303 static inline int onenand_load_spare(OneNANDState *s, int sec, int secn, 304 void *dest) 305 { 306 uint8_t buf[512]; 307 308 if (s->blk_cur) { 309 uint32_t offset = (s->secs_cur + (sec >> 5)) << BDRV_SECTOR_BITS; 310 if (blk_pread(s->blk_cur, offset, buf, BDRV_SECTOR_SIZE) < 0) { 311 return 1; 312 } 313 memcpy(dest, buf + ((sec & 31) << 4), secn << 4); 314 } else if (sec + secn > s->secs_cur) { 315 return 1; 316 } else { 317 memcpy(dest, s->current + (s->secs_cur << 9) + (sec << 4), secn << 4); 318 } 319 320 return 0; 321 } 322 323 static inline int onenand_prog_spare(OneNANDState *s, int sec, int secn, 324 void *src) 325 { 326 int result = 0; 327 if (secn > 0) { 328 const uint8_t *sp = (const uint8_t *)src; 329 uint8_t *dp = 0, *dpp = 0; 330 uint32_t offset = (s->secs_cur + (sec >> 5)) << BDRV_SECTOR_BITS; 331 assert(UINT32_MAX >> BDRV_SECTOR_BITS > s->secs_cur + (sec >> 5)); 332 if (s->blk_cur) { 333 dp = g_malloc(512); 334 if (!dp 335 || blk_pread(s->blk_cur, offset, dp, BDRV_SECTOR_SIZE) < 0) { 336 result = 1; 337 } else { 338 dpp = dp + ((sec & 31) << 4); 339 } 340 } else { 341 if (sec + secn > s->secs_cur) { 342 result = 1; 343 } else { 344 dpp = s->current + (s->secs_cur << 9) + (sec << 4); 345 } 346 } 347 if (!result) { 348 uint32_t i; 349 for (i = 0; i < (secn << 4); i++) { 350 dpp[i] &= sp[i]; 351 } 352 if (s->blk_cur) { 353 result = blk_pwrite(s->blk_cur, offset, dp, 354 BDRV_SECTOR_SIZE, 0) < 0; 355 } 356 } 357 g_free(dp); 358 } 359 return result; 360 } 361 362 static inline int onenand_erase(OneNANDState *s, int sec, int num) 363 { 364 uint8_t *blankbuf, *tmpbuf; 365 366 blankbuf = g_malloc(512); 367 tmpbuf = g_malloc(512); 368 memset(blankbuf, 0xff, 512); 369 for (; num > 0; num--, sec++) { 370 if (s->blk_cur) { 371 int erasesec = s->secs_cur + (sec >> 5); 372 if (blk_pwrite(s->blk_cur, sec << BDRV_SECTOR_BITS, blankbuf, 373 BDRV_SECTOR_SIZE, 0) < 0) { 374 goto fail; 375 } 376 if (blk_pread(s->blk_cur, erasesec << BDRV_SECTOR_BITS, tmpbuf, 377 BDRV_SECTOR_SIZE) < 0) { 378 goto fail; 379 } 380 memcpy(tmpbuf + ((sec & 31) << 4), blankbuf, 1 << 4); 381 if (blk_pwrite(s->blk_cur, erasesec << BDRV_SECTOR_BITS, tmpbuf, 382 BDRV_SECTOR_SIZE, 0) < 0) { 383 goto fail; 384 } 385 } else { 386 if (sec + 1 > s->secs_cur) { 387 goto fail; 388 } 389 memcpy(s->current + (sec << 9), blankbuf, 512); 390 memcpy(s->current + (s->secs_cur << 9) + (sec << 4), 391 blankbuf, 1 << 4); 392 } 393 } 394 395 g_free(tmpbuf); 396 g_free(blankbuf); 397 return 0; 398 399 fail: 400 g_free(tmpbuf); 401 g_free(blankbuf); 402 return 1; 403 } 404 405 static void onenand_command(OneNANDState *s) 406 { 407 int b; 408 int sec; 409 void *buf; 410 #define SETADDR(block, page) \ 411 sec = (s->addr[page] & 3) + \ 412 ((((s->addr[page] >> 2) & 0x3f) + \ 413 (((s->addr[block] & 0xfff) | \ 414 (s->addr[block] >> 15 ? \ 415 s->density_mask : 0)) << 6)) << (PAGE_SHIFT - 9)); 416 #define SETBUF_M() \ 417 buf = (s->bufaddr & 8) ? \ 418 s->data[(s->bufaddr >> 2) & 1][0] : s->boot[0]; \ 419 buf += (s->bufaddr & 3) << 9; 420 #define SETBUF_S() \ 421 buf = (s->bufaddr & 8) ? \ 422 s->data[(s->bufaddr >> 2) & 1][1] : s->boot[1]; \ 423 buf += (s->bufaddr & 3) << 4; 424 425 switch (s->command) { 426 case 0x00: /* Load single/multiple sector data unit into buffer */ 427 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 428 429 SETBUF_M() 430 if (onenand_load_main(s, sec, s->count, buf)) 431 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 432 433 #if 0 434 SETBUF_S() 435 if (onenand_load_spare(s, sec, s->count, buf)) 436 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 437 #endif 438 439 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 440 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 441 * then we need two split the read/write into two chunks. 442 */ 443 s->intstatus |= ONEN_INT | ONEN_INT_LOAD; 444 break; 445 case 0x13: /* Load single/multiple spare sector into buffer */ 446 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 447 448 SETBUF_S() 449 if (onenand_load_spare(s, sec, s->count, buf)) 450 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD; 451 452 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 453 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 454 * then we need two split the read/write into two chunks. 455 */ 456 s->intstatus |= ONEN_INT | ONEN_INT_LOAD; 457 break; 458 case 0x80: /* Program single/multiple sector data unit from buffer */ 459 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 460 461 SETBUF_M() 462 if (onenand_prog_main(s, sec, s->count, buf)) 463 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 464 465 #if 0 466 SETBUF_S() 467 if (onenand_prog_spare(s, sec, s->count, buf)) 468 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 469 #endif 470 471 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 472 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 473 * then we need two split the read/write into two chunks. 474 */ 475 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 476 break; 477 case 0x1a: /* Program single/multiple spare area sector from buffer */ 478 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 479 480 SETBUF_S() 481 if (onenand_prog_spare(s, sec, s->count, buf)) 482 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 483 484 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages) 485 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages) 486 * then we need two split the read/write into two chunks. 487 */ 488 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 489 break; 490 case 0x1b: /* Copy-back program */ 491 SETBUF_S() 492 493 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 494 if (onenand_load_main(s, sec, s->count, buf)) 495 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 496 497 SETADDR(ONEN_BUF_DEST_BLOCK, ONEN_BUF_DEST_PAGE) 498 if (onenand_prog_main(s, sec, s->count, buf)) 499 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG; 500 501 /* TODO: spare areas */ 502 503 s->intstatus |= ONEN_INT | ONEN_INT_PROG; 504 break; 505 506 case 0x23: /* Unlock NAND array block(s) */ 507 s->intstatus |= ONEN_INT; 508 509 /* XXX the previous (?) area should be locked automatically */ 510 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 511 if (b >= s->blocks) { 512 s->status |= ONEN_ERR_CMD; 513 break; 514 } 515 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 516 break; 517 518 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED; 519 } 520 break; 521 case 0x27: /* Unlock All NAND array blocks */ 522 s->intstatus |= ONEN_INT; 523 524 for (b = 0; b < s->blocks; b ++) { 525 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 526 break; 527 528 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED; 529 } 530 break; 531 532 case 0x2a: /* Lock NAND array block(s) */ 533 s->intstatus |= ONEN_INT; 534 535 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 536 if (b >= s->blocks) { 537 s->status |= ONEN_ERR_CMD; 538 break; 539 } 540 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN) 541 break; 542 543 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKED; 544 } 545 break; 546 case 0x2c: /* Lock-tight NAND array block(s) */ 547 s->intstatus |= ONEN_INT; 548 549 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) { 550 if (b >= s->blocks) { 551 s->status |= ONEN_ERR_CMD; 552 break; 553 } 554 if (s->blockwp[b] == ONEN_LOCK_UNLOCKED) 555 continue; 556 557 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKTIGHTEN; 558 } 559 break; 560 561 case 0x71: /* Erase-Verify-Read */ 562 s->intstatus |= ONEN_INT; 563 break; 564 case 0x95: /* Multi-block erase */ 565 qemu_irq_pulse(s->intr); 566 /* Fall through. */ 567 case 0x94: /* Block erase */ 568 sec = ((s->addr[ONEN_BUF_BLOCK] & 0xfff) | 569 (s->addr[ONEN_BUF_BLOCK] >> 15 ? s->density_mask : 0)) 570 << (BLOCK_SHIFT - 9); 571 if (onenand_erase(s, sec, 1 << (BLOCK_SHIFT - 9))) 572 s->status |= ONEN_ERR_CMD | ONEN_ERR_ERASE; 573 574 s->intstatus |= ONEN_INT | ONEN_INT_ERASE; 575 break; 576 case 0xb0: /* Erase suspend */ 577 break; 578 case 0x30: /* Erase resume */ 579 s->intstatus |= ONEN_INT | ONEN_INT_ERASE; 580 break; 581 582 case 0xf0: /* Reset NAND Flash core */ 583 onenand_reset(s, 0); 584 break; 585 case 0xf3: /* Reset OneNAND */ 586 onenand_reset(s, 0); 587 break; 588 589 case 0x65: /* OTP Access */ 590 s->intstatus |= ONEN_INT; 591 s->blk_cur = NULL; 592 s->current = s->otp; 593 s->secs_cur = 1 << (BLOCK_SHIFT - 9); 594 s->addr[ONEN_BUF_BLOCK] = 0; 595 s->otpmode = 1; 596 break; 597 598 default: 599 s->status |= ONEN_ERR_CMD; 600 s->intstatus |= ONEN_INT; 601 qemu_log_mask(LOG_GUEST_ERROR, "unknown OneNAND command %x\n", 602 s->command); 603 } 604 605 onenand_intr_update(s); 606 } 607 608 static uint64_t onenand_read(void *opaque, hwaddr addr, 609 unsigned size) 610 { 611 OneNANDState *s = (OneNANDState *) opaque; 612 int offset = addr >> s->shift; 613 614 switch (offset) { 615 case 0x0000 ... 0xbffe: 616 return lduw_le_p(s->boot[0] + addr); 617 618 case 0xf000: /* Manufacturer ID */ 619 return s->id.man; 620 case 0xf001: /* Device ID */ 621 return s->id.dev; 622 case 0xf002: /* Version ID */ 623 return s->id.ver; 624 /* TODO: get the following values from a real chip! */ 625 case 0xf003: /* Data Buffer size */ 626 return 1 << PAGE_SHIFT; 627 case 0xf004: /* Boot Buffer size */ 628 return 0x200; 629 case 0xf005: /* Amount of buffers */ 630 return 1 | (2 << 8); 631 case 0xf006: /* Technology */ 632 return 0; 633 634 case 0xf100 ... 0xf107: /* Start addresses */ 635 return s->addr[offset - 0xf100]; 636 637 case 0xf200: /* Start buffer */ 638 return (s->bufaddr << 8) | ((s->count - 1) & (1 << (PAGE_SHIFT - 10))); 639 640 case 0xf220: /* Command */ 641 return s->command; 642 case 0xf221: /* System Configuration 1 */ 643 return s->config[0] & 0xffe0; 644 case 0xf222: /* System Configuration 2 */ 645 return s->config[1]; 646 647 case 0xf240: /* Controller Status */ 648 return s->status; 649 case 0xf241: /* Interrupt */ 650 return s->intstatus; 651 case 0xf24c: /* Unlock Start Block Address */ 652 return s->unladdr[0]; 653 case 0xf24d: /* Unlock End Block Address */ 654 return s->unladdr[1]; 655 case 0xf24e: /* Write Protection Status */ 656 return s->wpstatus; 657 658 case 0xff00: /* ECC Status */ 659 return 0x00; 660 case 0xff01: /* ECC Result of main area data */ 661 case 0xff02: /* ECC Result of spare area data */ 662 case 0xff03: /* ECC Result of main area data */ 663 case 0xff04: /* ECC Result of spare area data */ 664 qemu_log_mask(LOG_UNIMP, 665 "onenand: ECC result registers unimplemented\n"); 666 return 0x0000; 667 } 668 669 qemu_log_mask(LOG_GUEST_ERROR, "read of unknown OneNAND register 0x%x\n", 670 offset); 671 return 0; 672 } 673 674 static void onenand_write(void *opaque, hwaddr addr, 675 uint64_t value, unsigned size) 676 { 677 OneNANDState *s = (OneNANDState *) opaque; 678 int offset = addr >> s->shift; 679 int sec; 680 681 switch (offset) { 682 case 0x0000 ... 0x01ff: 683 case 0x8000 ... 0x800f: 684 if (s->cycle) { 685 s->cycle = 0; 686 687 if (value == 0x0000) { 688 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE) 689 onenand_load_main(s, sec, 690 1 << (PAGE_SHIFT - 9), s->data[0][0]); 691 s->addr[ONEN_BUF_PAGE] += 4; 692 s->addr[ONEN_BUF_PAGE] &= 0xff; 693 } 694 break; 695 } 696 697 switch (value) { 698 case 0x00f0: /* Reset OneNAND */ 699 onenand_reset(s, 0); 700 break; 701 702 case 0x00e0: /* Load Data into Buffer */ 703 s->cycle = 1; 704 break; 705 706 case 0x0090: /* Read Identification Data */ 707 memset(s->boot[0], 0, 3 << s->shift); 708 s->boot[0][0 << s->shift] = s->id.man & 0xff; 709 s->boot[0][1 << s->shift] = s->id.dev & 0xff; 710 s->boot[0][2 << s->shift] = s->wpstatus & 0xff; 711 break; 712 713 default: 714 qemu_log_mask(LOG_GUEST_ERROR, 715 "unknown OneNAND boot command %" PRIx64 "\n", 716 value); 717 } 718 break; 719 720 case 0xf100 ... 0xf107: /* Start addresses */ 721 s->addr[offset - 0xf100] = value; 722 break; 723 724 case 0xf200: /* Start buffer */ 725 s->bufaddr = (value >> 8) & 0xf; 726 if (PAGE_SHIFT == 11) 727 s->count = (value & 3) ?: 4; 728 else if (PAGE_SHIFT == 10) 729 s->count = (value & 1) ?: 2; 730 break; 731 732 case 0xf220: /* Command */ 733 if (s->intstatus & (1 << 15)) 734 break; 735 s->command = value; 736 onenand_command(s); 737 break; 738 case 0xf221: /* System Configuration 1 */ 739 s->config[0] = value; 740 onenand_intr_update(s); 741 qemu_set_irq(s->rdy, (s->config[0] >> 7) & 1); 742 break; 743 case 0xf222: /* System Configuration 2 */ 744 s->config[1] = value; 745 break; 746 747 case 0xf241: /* Interrupt */ 748 s->intstatus &= value; 749 if ((1 << 15) & ~s->intstatus) 750 s->status &= ~(ONEN_ERR_CMD | ONEN_ERR_ERASE | 751 ONEN_ERR_PROG | ONEN_ERR_LOAD); 752 onenand_intr_update(s); 753 break; 754 case 0xf24c: /* Unlock Start Block Address */ 755 s->unladdr[0] = value & (s->blocks - 1); 756 /* For some reason we have to set the end address to by default 757 * be same as start because the software forgets to write anything 758 * in there. */ 759 s->unladdr[1] = value & (s->blocks - 1); 760 break; 761 case 0xf24d: /* Unlock End Block Address */ 762 s->unladdr[1] = value & (s->blocks - 1); 763 break; 764 765 default: 766 qemu_log_mask(LOG_GUEST_ERROR, 767 "write to unknown OneNAND register 0x%x\n", 768 offset); 769 } 770 } 771 772 static const MemoryRegionOps onenand_ops = { 773 .read = onenand_read, 774 .write = onenand_write, 775 .endianness = DEVICE_NATIVE_ENDIAN, 776 }; 777 778 static void onenand_realize(DeviceState *dev, Error **errp) 779 { 780 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 781 OneNANDState *s = ONE_NAND(dev); 782 uint32_t size = 1 << (24 + ((s->id.dev >> 4) & 7)); 783 void *ram; 784 Error *local_err = NULL; 785 786 s->base = (hwaddr)-1; 787 s->rdy = NULL; 788 s->blocks = size >> BLOCK_SHIFT; 789 s->secs = size >> 9; 790 s->blockwp = g_malloc(s->blocks); 791 s->density_mask = (s->id.dev & 0x08) 792 ? (1 << (6 + ((s->id.dev >> 4) & 7))) : 0; 793 memory_region_init_io(&s->iomem, OBJECT(s), &onenand_ops, s, "onenand", 794 0x10000 << s->shift); 795 if (!s->blk) { 796 s->image = memset(g_malloc(size + (size >> 5)), 797 0xff, size + (size >> 5)); 798 } else { 799 if (blk_is_read_only(s->blk)) { 800 error_setg(errp, "Can't use a read-only drive"); 801 return; 802 } 803 blk_set_perm(s->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, 804 BLK_PERM_ALL, &local_err); 805 if (local_err) { 806 error_propagate(errp, local_err); 807 return; 808 } 809 s->blk_cur = s->blk; 810 } 811 s->otp = memset(g_malloc((64 + 2) << PAGE_SHIFT), 812 0xff, (64 + 2) << PAGE_SHIFT); 813 memory_region_init_ram_nomigrate(&s->ram, OBJECT(s), "onenand.ram", 814 0xc000 << s->shift, &error_fatal); 815 vmstate_register_ram_global(&s->ram); 816 ram = memory_region_get_ram_ptr(&s->ram); 817 s->boot[0] = ram + (0x0000 << s->shift); 818 s->boot[1] = ram + (0x8000 << s->shift); 819 s->data[0][0] = ram + ((0x0200 + (0 << (PAGE_SHIFT - 1))) << s->shift); 820 s->data[0][1] = ram + ((0x8010 + (0 << (PAGE_SHIFT - 6))) << s->shift); 821 s->data[1][0] = ram + ((0x0200 + (1 << (PAGE_SHIFT - 1))) << s->shift); 822 s->data[1][1] = ram + ((0x8010 + (1 << (PAGE_SHIFT - 6))) << s->shift); 823 onenand_mem_setup(s); 824 sysbus_init_irq(sbd, &s->intr); 825 sysbus_init_mmio(sbd, &s->container); 826 vmstate_register(VMSTATE_IF(dev), 827 ((s->shift & 0x7f) << 24) 828 | ((s->id.man & 0xff) << 16) 829 | ((s->id.dev & 0xff) << 8) 830 | (s->id.ver & 0xff), 831 &vmstate_onenand, s); 832 } 833 834 static Property onenand_properties[] = { 835 DEFINE_PROP_UINT16("manufacturer_id", OneNANDState, id.man, 0), 836 DEFINE_PROP_UINT16("device_id", OneNANDState, id.dev, 0), 837 DEFINE_PROP_UINT16("version_id", OneNANDState, id.ver, 0), 838 DEFINE_PROP_INT32("shift", OneNANDState, shift, 0), 839 DEFINE_PROP_DRIVE("drive", OneNANDState, blk), 840 DEFINE_PROP_END_OF_LIST(), 841 }; 842 843 static void onenand_class_init(ObjectClass *klass, void *data) 844 { 845 DeviceClass *dc = DEVICE_CLASS(klass); 846 847 dc->realize = onenand_realize; 848 dc->reset = onenand_system_reset; 849 device_class_set_props(dc, onenand_properties); 850 } 851 852 static const TypeInfo onenand_info = { 853 .name = TYPE_ONE_NAND, 854 .parent = TYPE_SYS_BUS_DEVICE, 855 .instance_size = sizeof(OneNANDState), 856 .class_init = onenand_class_init, 857 }; 858 859 static void onenand_register_types(void) 860 { 861 type_register_static(&onenand_info); 862 } 863 864 void *onenand_raw_otp(DeviceState *onenand_device) 865 { 866 OneNANDState *s = ONE_NAND(onenand_device); 867 868 return s->otp; 869 } 870 871 type_init(onenand_register_types) 872