1 /* 2 * CFI parallel flash with Intel command set emulation 3 * 4 * Copyright (c) 2006 Thorsten Zitterell 5 * Copyright (c) 2005 Jocelyn Mayer 6 * 7 * This library is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation; either 10 * version 2 of the License, or (at your option) any later version. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 /* 22 * For now, this code can emulate flashes of 1, 2 or 4 bytes width. 23 * Supported commands/modes are: 24 * - flash read 25 * - flash write 26 * - flash ID read 27 * - sector erase 28 * - CFI queries 29 * 30 * It does not support timings 31 * It does not support flash interleaving 32 * It does not implement software data protection as found in many real chips 33 * It does not implement erase suspend/resume commands 34 * It does not implement multiple sectors erase 35 * 36 * It does not implement much more ... 37 */ 38 39 #include "qemu/osdep.h" 40 #include "hw/hw.h" 41 #include "hw/block/flash.h" 42 #include "sysemu/block-backend.h" 43 #include "qapi/error.h" 44 #include "qemu/timer.h" 45 #include "qemu/bitops.h" 46 #include "qemu/host-utils.h" 47 #include "qemu/log.h" 48 #include "hw/sysbus.h" 49 #include "sysemu/sysemu.h" 50 #include "trace.h" 51 52 #define PFLASH_BUG(fmt, ...) \ 53 do { \ 54 fprintf(stderr, "PFLASH: Possible BUG - " fmt, ## __VA_ARGS__); \ 55 exit(1); \ 56 } while(0) 57 58 /* #define PFLASH_DEBUG */ 59 #ifdef PFLASH_DEBUG 60 #define DPRINTF(fmt, ...) \ 61 do { \ 62 fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \ 63 } while (0) 64 #else 65 #define DPRINTF(fmt, ...) do { } while (0) 66 #endif 67 68 #define CFI_PFLASH01(obj) OBJECT_CHECK(pflash_t, (obj), TYPE_CFI_PFLASH01) 69 70 #define PFLASH_BE 0 71 #define PFLASH_SECURE 1 72 73 struct pflash_t { 74 /*< private >*/ 75 SysBusDevice parent_obj; 76 /*< public >*/ 77 78 BlockBackend *blk; 79 uint32_t nb_blocs; 80 uint64_t sector_len; 81 uint8_t bank_width; 82 uint8_t device_width; /* If 0, device width not specified. */ 83 uint8_t max_device_width; /* max device width in bytes */ 84 uint32_t features; 85 uint8_t wcycle; /* if 0, the flash is read normally */ 86 int ro; 87 uint8_t cmd; 88 uint8_t status; 89 uint16_t ident0; 90 uint16_t ident1; 91 uint16_t ident2; 92 uint16_t ident3; 93 uint8_t cfi_table[0x52]; 94 uint64_t counter; 95 unsigned int writeblock_size; 96 QEMUTimer *timer; 97 MemoryRegion mem; 98 char *name; 99 void *storage; 100 VMChangeStateEntry *vmstate; 101 bool old_multiple_chip_handling; 102 }; 103 104 static int pflash_post_load(void *opaque, int version_id); 105 106 static const VMStateDescription vmstate_pflash = { 107 .name = "pflash_cfi01", 108 .version_id = 1, 109 .minimum_version_id = 1, 110 .post_load = pflash_post_load, 111 .fields = (VMStateField[]) { 112 VMSTATE_UINT8(wcycle, pflash_t), 113 VMSTATE_UINT8(cmd, pflash_t), 114 VMSTATE_UINT8(status, pflash_t), 115 VMSTATE_UINT64(counter, pflash_t), 116 VMSTATE_END_OF_LIST() 117 } 118 }; 119 120 static void pflash_timer (void *opaque) 121 { 122 pflash_t *pfl = opaque; 123 124 trace_pflash_timer_expired(pfl->cmd); 125 /* Reset flash */ 126 pfl->status ^= 0x80; 127 memory_region_rom_device_set_romd(&pfl->mem, true); 128 pfl->wcycle = 0; 129 pfl->cmd = 0; 130 } 131 132 /* Perform a CFI query based on the bank width of the flash. 133 * If this code is called we know we have a device_width set for 134 * this flash. 135 */ 136 static uint32_t pflash_cfi_query(pflash_t *pfl, hwaddr offset) 137 { 138 int i; 139 uint32_t resp = 0; 140 hwaddr boff; 141 142 /* Adjust incoming offset to match expected device-width 143 * addressing. CFI query addresses are always specified in terms of 144 * the maximum supported width of the device. This means that x8 145 * devices and x8/x16 devices in x8 mode behave differently. For 146 * devices that are not used at their max width, we will be 147 * provided with addresses that use higher address bits than 148 * expected (based on the max width), so we will shift them lower 149 * so that they will match the addresses used when 150 * device_width==max_device_width. 151 */ 152 boff = offset >> (ctz32(pfl->bank_width) + 153 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 154 155 if (boff >= sizeof(pfl->cfi_table)) { 156 return 0; 157 } 158 /* Now we will construct the CFI response generated by a single 159 * device, then replicate that for all devices that make up the 160 * bus. For wide parts used in x8 mode, CFI query responses 161 * are different than native byte-wide parts. 162 */ 163 resp = pfl->cfi_table[boff]; 164 if (pfl->device_width != pfl->max_device_width) { 165 /* The only case currently supported is x8 mode for a 166 * wider part. 167 */ 168 if (pfl->device_width != 1 || pfl->bank_width > 4) { 169 DPRINTF("%s: Unsupported device configuration: " 170 "device_width=%d, max_device_width=%d\n", 171 __func__, pfl->device_width, 172 pfl->max_device_width); 173 return 0; 174 } 175 /* CFI query data is repeated, rather than zero padded for 176 * wide devices used in x8 mode. 177 */ 178 for (i = 1; i < pfl->max_device_width; i++) { 179 resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]); 180 } 181 } 182 /* Replicate responses for each device in bank. */ 183 if (pfl->device_width < pfl->bank_width) { 184 for (i = pfl->device_width; 185 i < pfl->bank_width; i += pfl->device_width) { 186 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 187 } 188 } 189 190 return resp; 191 } 192 193 194 195 /* Perform a device id query based on the bank width of the flash. */ 196 static uint32_t pflash_devid_query(pflash_t *pfl, hwaddr offset) 197 { 198 int i; 199 uint32_t resp; 200 hwaddr boff; 201 202 /* Adjust incoming offset to match expected device-width 203 * addressing. Device ID read addresses are always specified in 204 * terms of the maximum supported width of the device. This means 205 * that x8 devices and x8/x16 devices in x8 mode behave 206 * differently. For devices that are not used at their max width, 207 * we will be provided with addresses that use higher address bits 208 * than expected (based on the max width), so we will shift them 209 * lower so that they will match the addresses used when 210 * device_width==max_device_width. 211 */ 212 boff = offset >> (ctz32(pfl->bank_width) + 213 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 214 215 /* Mask off upper bits which may be used in to query block 216 * or sector lock status at other addresses. 217 * Offsets 2/3 are block lock status, is not emulated. 218 */ 219 switch (boff & 0xFF) { 220 case 0: 221 resp = pfl->ident0; 222 trace_pflash_manufacturer_id(resp); 223 break; 224 case 1: 225 resp = pfl->ident1; 226 trace_pflash_device_id(resp); 227 break; 228 default: 229 trace_pflash_device_info(offset); 230 return 0; 231 break; 232 } 233 /* Replicate responses for each device in bank. */ 234 if (pfl->device_width < pfl->bank_width) { 235 for (i = pfl->device_width; 236 i < pfl->bank_width; i += pfl->device_width) { 237 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 238 } 239 } 240 241 return resp; 242 } 243 244 static uint32_t pflash_data_read(pflash_t *pfl, hwaddr offset, 245 int width, int be) 246 { 247 uint8_t *p; 248 uint32_t ret; 249 250 p = pfl->storage; 251 switch (width) { 252 case 1: 253 ret = p[offset]; 254 trace_pflash_data_read8(offset, ret); 255 break; 256 case 2: 257 if (be) { 258 ret = p[offset] << 8; 259 ret |= p[offset + 1]; 260 } else { 261 ret = p[offset]; 262 ret |= p[offset + 1] << 8; 263 } 264 trace_pflash_data_read16(offset, ret); 265 break; 266 case 4: 267 if (be) { 268 ret = p[offset] << 24; 269 ret |= p[offset + 1] << 16; 270 ret |= p[offset + 2] << 8; 271 ret |= p[offset + 3]; 272 } else { 273 ret = p[offset]; 274 ret |= p[offset + 1] << 8; 275 ret |= p[offset + 2] << 16; 276 ret |= p[offset + 3] << 24; 277 } 278 trace_pflash_data_read32(offset, ret); 279 break; 280 default: 281 DPRINTF("BUG in %s\n", __func__); 282 abort(); 283 } 284 return ret; 285 } 286 287 static uint32_t pflash_read (pflash_t *pfl, hwaddr offset, 288 int width, int be) 289 { 290 hwaddr boff; 291 uint32_t ret; 292 293 ret = -1; 294 trace_pflash_read(offset, pfl->cmd, width, pfl->wcycle); 295 switch (pfl->cmd) { 296 default: 297 /* This should never happen : reset state & treat it as a read */ 298 DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd); 299 pfl->wcycle = 0; 300 pfl->cmd = 0; 301 /* fall through to read code */ 302 case 0x00: 303 /* Flash area read */ 304 ret = pflash_data_read(pfl, offset, width, be); 305 break; 306 case 0x10: /* Single byte program */ 307 case 0x20: /* Block erase */ 308 case 0x28: /* Block erase */ 309 case 0x40: /* single byte program */ 310 case 0x50: /* Clear status register */ 311 case 0x60: /* Block /un)lock */ 312 case 0x70: /* Status Register */ 313 case 0xe8: /* Write block */ 314 /* Status register read. Return status from each device in 315 * bank. 316 */ 317 ret = pfl->status; 318 if (pfl->device_width && width > pfl->device_width) { 319 int shift = pfl->device_width * 8; 320 while (shift + pfl->device_width * 8 <= width * 8) { 321 ret |= pfl->status << shift; 322 shift += pfl->device_width * 8; 323 } 324 } else if (!pfl->device_width && width > 2) { 325 /* Handle 32 bit flash cases where device width is not 326 * set. (Existing behavior before device width added.) 327 */ 328 ret |= pfl->status << 16; 329 } 330 DPRINTF("%s: status %x\n", __func__, ret); 331 break; 332 case 0x90: 333 if (!pfl->device_width) { 334 /* Preserve old behavior if device width not specified */ 335 boff = offset & 0xFF; 336 if (pfl->bank_width == 2) { 337 boff = boff >> 1; 338 } else if (pfl->bank_width == 4) { 339 boff = boff >> 2; 340 } 341 342 switch (boff) { 343 case 0: 344 ret = pfl->ident0 << 8 | pfl->ident1; 345 trace_pflash_manufacturer_id(ret); 346 break; 347 case 1: 348 ret = pfl->ident2 << 8 | pfl->ident3; 349 trace_pflash_device_id(ret); 350 break; 351 default: 352 trace_pflash_device_info(boff); 353 ret = 0; 354 break; 355 } 356 } else { 357 /* If we have a read larger than the bank_width, combine multiple 358 * manufacturer/device ID queries into a single response. 359 */ 360 int i; 361 for (i = 0; i < width; i += pfl->bank_width) { 362 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 363 pflash_devid_query(pfl, 364 offset + i * pfl->bank_width)); 365 } 366 } 367 break; 368 case 0x98: /* Query mode */ 369 if (!pfl->device_width) { 370 /* Preserve old behavior if device width not specified */ 371 boff = offset & 0xFF; 372 if (pfl->bank_width == 2) { 373 boff = boff >> 1; 374 } else if (pfl->bank_width == 4) { 375 boff = boff >> 2; 376 } 377 378 if (boff < sizeof(pfl->cfi_table)) { 379 ret = pfl->cfi_table[boff]; 380 } else { 381 ret = 0; 382 } 383 } else { 384 /* If we have a read larger than the bank_width, combine multiple 385 * CFI queries into a single response. 386 */ 387 int i; 388 for (i = 0; i < width; i += pfl->bank_width) { 389 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 390 pflash_cfi_query(pfl, 391 offset + i * pfl->bank_width)); 392 } 393 } 394 395 break; 396 } 397 return ret; 398 } 399 400 /* update flash content on disk */ 401 static void pflash_update(pflash_t *pfl, int offset, 402 int size) 403 { 404 int offset_end; 405 if (pfl->blk) { 406 offset_end = offset + size; 407 /* widen to sector boundaries */ 408 offset = QEMU_ALIGN_DOWN(offset, BDRV_SECTOR_SIZE); 409 offset_end = QEMU_ALIGN_UP(offset_end, BDRV_SECTOR_SIZE); 410 blk_pwrite(pfl->blk, offset, pfl->storage + offset, 411 offset_end - offset, 0); 412 } 413 } 414 415 static inline void pflash_data_write(pflash_t *pfl, hwaddr offset, 416 uint32_t value, int width, int be) 417 { 418 uint8_t *p = pfl->storage; 419 420 trace_pflash_data_write(offset, value, width, pfl->counter); 421 switch (width) { 422 case 1: 423 p[offset] = value; 424 break; 425 case 2: 426 if (be) { 427 p[offset] = value >> 8; 428 p[offset + 1] = value; 429 } else { 430 p[offset] = value; 431 p[offset + 1] = value >> 8; 432 } 433 break; 434 case 4: 435 if (be) { 436 p[offset] = value >> 24; 437 p[offset + 1] = value >> 16; 438 p[offset + 2] = value >> 8; 439 p[offset + 3] = value; 440 } else { 441 p[offset] = value; 442 p[offset + 1] = value >> 8; 443 p[offset + 2] = value >> 16; 444 p[offset + 3] = value >> 24; 445 } 446 break; 447 } 448 449 } 450 451 static void pflash_write(pflash_t *pfl, hwaddr offset, 452 uint32_t value, int width, int be) 453 { 454 uint8_t *p; 455 uint8_t cmd; 456 457 cmd = value; 458 459 trace_pflash_write(offset, value, width, pfl->wcycle); 460 if (!pfl->wcycle) { 461 /* Set the device in I/O access mode */ 462 memory_region_rom_device_set_romd(&pfl->mem, false); 463 } 464 465 switch (pfl->wcycle) { 466 case 0: 467 /* read mode */ 468 switch (cmd) { 469 case 0x00: /* ??? */ 470 goto reset_flash; 471 case 0x10: /* Single Byte Program */ 472 case 0x40: /* Single Byte Program */ 473 DPRINTF("%s: Single Byte Program\n", __func__); 474 break; 475 case 0x20: /* Block erase */ 476 p = pfl->storage; 477 offset &= ~(pfl->sector_len - 1); 478 479 DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n", 480 __func__, offset, (unsigned)pfl->sector_len); 481 482 if (!pfl->ro) { 483 memset(p + offset, 0xff, pfl->sector_len); 484 pflash_update(pfl, offset, pfl->sector_len); 485 } else { 486 pfl->status |= 0x20; /* Block erase error */ 487 } 488 pfl->status |= 0x80; /* Ready! */ 489 break; 490 case 0x50: /* Clear status bits */ 491 DPRINTF("%s: Clear status bits\n", __func__); 492 pfl->status = 0x0; 493 goto reset_flash; 494 case 0x60: /* Block (un)lock */ 495 DPRINTF("%s: Block unlock\n", __func__); 496 break; 497 case 0x70: /* Status Register */ 498 DPRINTF("%s: Read status register\n", __func__); 499 pfl->cmd = cmd; 500 return; 501 case 0x90: /* Read Device ID */ 502 DPRINTF("%s: Read Device information\n", __func__); 503 pfl->cmd = cmd; 504 return; 505 case 0x98: /* CFI query */ 506 DPRINTF("%s: CFI query\n", __func__); 507 break; 508 case 0xe8: /* Write to buffer */ 509 DPRINTF("%s: Write to buffer\n", __func__); 510 pfl->status |= 0x80; /* Ready! */ 511 break; 512 case 0xf0: /* Probe for AMD flash */ 513 DPRINTF("%s: Probe for AMD flash\n", __func__); 514 goto reset_flash; 515 case 0xff: /* Read array mode */ 516 DPRINTF("%s: Read array mode\n", __func__); 517 goto reset_flash; 518 default: 519 goto error_flash; 520 } 521 pfl->wcycle++; 522 pfl->cmd = cmd; 523 break; 524 case 1: 525 switch (pfl->cmd) { 526 case 0x10: /* Single Byte Program */ 527 case 0x40: /* Single Byte Program */ 528 DPRINTF("%s: Single Byte Program\n", __func__); 529 if (!pfl->ro) { 530 pflash_data_write(pfl, offset, value, width, be); 531 pflash_update(pfl, offset, width); 532 } else { 533 pfl->status |= 0x10; /* Programming error */ 534 } 535 pfl->status |= 0x80; /* Ready! */ 536 pfl->wcycle = 0; 537 break; 538 case 0x20: /* Block erase */ 539 case 0x28: 540 if (cmd == 0xd0) { /* confirm */ 541 pfl->wcycle = 0; 542 pfl->status |= 0x80; 543 } else if (cmd == 0xff) { /* read array mode */ 544 goto reset_flash; 545 } else 546 goto error_flash; 547 548 break; 549 case 0xe8: 550 /* Mask writeblock size based on device width, or bank width if 551 * device width not specified. 552 */ 553 if (pfl->device_width) { 554 value = extract32(value, 0, pfl->device_width * 8); 555 } else { 556 value = extract32(value, 0, pfl->bank_width * 8); 557 } 558 DPRINTF("%s: block write of %x bytes\n", __func__, value); 559 pfl->counter = value; 560 pfl->wcycle++; 561 break; 562 case 0x60: 563 if (cmd == 0xd0) { 564 pfl->wcycle = 0; 565 pfl->status |= 0x80; 566 } else if (cmd == 0x01) { 567 pfl->wcycle = 0; 568 pfl->status |= 0x80; 569 } else if (cmd == 0xff) { 570 goto reset_flash; 571 } else { 572 DPRINTF("%s: Unknown (un)locking command\n", __func__); 573 goto reset_flash; 574 } 575 break; 576 case 0x98: 577 if (cmd == 0xff) { 578 goto reset_flash; 579 } else { 580 DPRINTF("%s: leaving query mode\n", __func__); 581 } 582 break; 583 default: 584 goto error_flash; 585 } 586 break; 587 case 2: 588 switch (pfl->cmd) { 589 case 0xe8: /* Block write */ 590 if (!pfl->ro) { 591 pflash_data_write(pfl, offset, value, width, be); 592 } else { 593 pfl->status |= 0x10; /* Programming error */ 594 } 595 596 pfl->status |= 0x80; 597 598 if (!pfl->counter) { 599 hwaddr mask = pfl->writeblock_size - 1; 600 mask = ~mask; 601 602 DPRINTF("%s: block write finished\n", __func__); 603 pfl->wcycle++; 604 if (!pfl->ro) { 605 /* Flush the entire write buffer onto backing storage. */ 606 pflash_update(pfl, offset & mask, pfl->writeblock_size); 607 } else { 608 pfl->status |= 0x10; /* Programming error */ 609 } 610 } 611 612 pfl->counter--; 613 break; 614 default: 615 goto error_flash; 616 } 617 break; 618 case 3: /* Confirm mode */ 619 switch (pfl->cmd) { 620 case 0xe8: /* Block write */ 621 if (cmd == 0xd0) { 622 pfl->wcycle = 0; 623 pfl->status |= 0x80; 624 } else { 625 DPRINTF("%s: unknown command for \"write block\"\n", __func__); 626 PFLASH_BUG("Write block confirm"); 627 goto reset_flash; 628 } 629 break; 630 default: 631 goto error_flash; 632 } 633 break; 634 default: 635 /* Should never happen */ 636 DPRINTF("%s: invalid write state\n", __func__); 637 goto reset_flash; 638 } 639 return; 640 641 error_flash: 642 qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence " 643 "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)" 644 "\n", __func__, offset, pfl->wcycle, pfl->cmd, value); 645 646 reset_flash: 647 trace_pflash_reset(); 648 memory_region_rom_device_set_romd(&pfl->mem, true); 649 pfl->wcycle = 0; 650 pfl->cmd = 0; 651 } 652 653 654 static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value, 655 unsigned len, MemTxAttrs attrs) 656 { 657 pflash_t *pfl = opaque; 658 bool be = !!(pfl->features & (1 << PFLASH_BE)); 659 660 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 661 *value = pflash_data_read(opaque, addr, len, be); 662 } else { 663 *value = pflash_read(opaque, addr, len, be); 664 } 665 return MEMTX_OK; 666 } 667 668 static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value, 669 unsigned len, MemTxAttrs attrs) 670 { 671 pflash_t *pfl = opaque; 672 bool be = !!(pfl->features & (1 << PFLASH_BE)); 673 674 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 675 return MEMTX_ERROR; 676 } else { 677 pflash_write(opaque, addr, value, len, be); 678 return MEMTX_OK; 679 } 680 } 681 682 static const MemoryRegionOps pflash_cfi01_ops = { 683 .read_with_attrs = pflash_mem_read_with_attrs, 684 .write_with_attrs = pflash_mem_write_with_attrs, 685 .endianness = DEVICE_NATIVE_ENDIAN, 686 }; 687 688 static void pflash_cfi01_realize(DeviceState *dev, Error **errp) 689 { 690 pflash_t *pfl = CFI_PFLASH01(dev); 691 uint64_t total_len; 692 int ret; 693 uint64_t blocks_per_device, sector_len_per_device, device_len; 694 int num_devices; 695 Error *local_err = NULL; 696 697 if (pfl->sector_len == 0) { 698 error_setg(errp, "attribute \"sector-length\" not specified or zero."); 699 return; 700 } 701 if (pfl->nb_blocs == 0) { 702 error_setg(errp, "attribute \"num-blocks\" not specified or zero."); 703 return; 704 } 705 if (pfl->name == NULL) { 706 error_setg(errp, "attribute \"name\" not specified."); 707 return; 708 } 709 710 total_len = pfl->sector_len * pfl->nb_blocs; 711 712 /* These are only used to expose the parameters of each device 713 * in the cfi_table[]. 714 */ 715 num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1; 716 if (pfl->old_multiple_chip_handling) { 717 blocks_per_device = pfl->nb_blocs / num_devices; 718 sector_len_per_device = pfl->sector_len; 719 } else { 720 blocks_per_device = pfl->nb_blocs; 721 sector_len_per_device = pfl->sector_len / num_devices; 722 } 723 device_len = sector_len_per_device * blocks_per_device; 724 725 /* XXX: to be fixed */ 726 #if 0 727 if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) && 728 total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024)) 729 return NULL; 730 #endif 731 732 memory_region_init_rom_device( 733 &pfl->mem, OBJECT(dev), 734 &pflash_cfi01_ops, 735 pfl, 736 pfl->name, total_len, &local_err); 737 if (local_err) { 738 error_propagate(errp, local_err); 739 return; 740 } 741 742 pfl->storage = memory_region_get_ram_ptr(&pfl->mem); 743 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem); 744 745 if (pfl->blk) { 746 uint64_t perm; 747 pfl->ro = blk_is_read_only(pfl->blk); 748 perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE); 749 ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp); 750 if (ret < 0) { 751 return; 752 } 753 } else { 754 pfl->ro = 0; 755 } 756 757 if (pfl->blk) { 758 /* read the initial flash content */ 759 ret = blk_pread(pfl->blk, 0, pfl->storage, total_len); 760 761 if (ret < 0) { 762 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl)); 763 error_setg(errp, "failed to read the initial flash content"); 764 return; 765 } 766 } 767 768 /* Default to devices being used at their maximum device width. This was 769 * assumed before the device_width support was added. 770 */ 771 if (!pfl->max_device_width) { 772 pfl->max_device_width = pfl->device_width; 773 } 774 775 pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl); 776 pfl->wcycle = 0; 777 pfl->cmd = 0; 778 pfl->status = 0; 779 /* Hardcoded CFI table */ 780 /* Standard "QRY" string */ 781 pfl->cfi_table[0x10] = 'Q'; 782 pfl->cfi_table[0x11] = 'R'; 783 pfl->cfi_table[0x12] = 'Y'; 784 /* Command set (Intel) */ 785 pfl->cfi_table[0x13] = 0x01; 786 pfl->cfi_table[0x14] = 0x00; 787 /* Primary extended table address (none) */ 788 pfl->cfi_table[0x15] = 0x31; 789 pfl->cfi_table[0x16] = 0x00; 790 /* Alternate command set (none) */ 791 pfl->cfi_table[0x17] = 0x00; 792 pfl->cfi_table[0x18] = 0x00; 793 /* Alternate extended table (none) */ 794 pfl->cfi_table[0x19] = 0x00; 795 pfl->cfi_table[0x1A] = 0x00; 796 /* Vcc min */ 797 pfl->cfi_table[0x1B] = 0x45; 798 /* Vcc max */ 799 pfl->cfi_table[0x1C] = 0x55; 800 /* Vpp min (no Vpp pin) */ 801 pfl->cfi_table[0x1D] = 0x00; 802 /* Vpp max (no Vpp pin) */ 803 pfl->cfi_table[0x1E] = 0x00; 804 /* Reserved */ 805 pfl->cfi_table[0x1F] = 0x07; 806 /* Timeout for min size buffer write */ 807 pfl->cfi_table[0x20] = 0x07; 808 /* Typical timeout for block erase */ 809 pfl->cfi_table[0x21] = 0x0a; 810 /* Typical timeout for full chip erase (4096 ms) */ 811 pfl->cfi_table[0x22] = 0x00; 812 /* Reserved */ 813 pfl->cfi_table[0x23] = 0x04; 814 /* Max timeout for buffer write */ 815 pfl->cfi_table[0x24] = 0x04; 816 /* Max timeout for block erase */ 817 pfl->cfi_table[0x25] = 0x04; 818 /* Max timeout for chip erase */ 819 pfl->cfi_table[0x26] = 0x00; 820 /* Device size */ 821 pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */ 822 /* Flash device interface (8 & 16 bits) */ 823 pfl->cfi_table[0x28] = 0x02; 824 pfl->cfi_table[0x29] = 0x00; 825 /* Max number of bytes in multi-bytes write */ 826 if (pfl->bank_width == 1) { 827 pfl->cfi_table[0x2A] = 0x08; 828 } else { 829 pfl->cfi_table[0x2A] = 0x0B; 830 } 831 pfl->writeblock_size = 1 << pfl->cfi_table[0x2A]; 832 if (!pfl->old_multiple_chip_handling && num_devices > 1) { 833 pfl->writeblock_size *= num_devices; 834 } 835 836 pfl->cfi_table[0x2B] = 0x00; 837 /* Number of erase block regions (uniform) */ 838 pfl->cfi_table[0x2C] = 0x01; 839 /* Erase block region 1 */ 840 pfl->cfi_table[0x2D] = blocks_per_device - 1; 841 pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8; 842 pfl->cfi_table[0x2F] = sector_len_per_device >> 8; 843 pfl->cfi_table[0x30] = sector_len_per_device >> 16; 844 845 /* Extended */ 846 pfl->cfi_table[0x31] = 'P'; 847 pfl->cfi_table[0x32] = 'R'; 848 pfl->cfi_table[0x33] = 'I'; 849 850 pfl->cfi_table[0x34] = '1'; 851 pfl->cfi_table[0x35] = '0'; 852 853 pfl->cfi_table[0x36] = 0x00; 854 pfl->cfi_table[0x37] = 0x00; 855 pfl->cfi_table[0x38] = 0x00; 856 pfl->cfi_table[0x39] = 0x00; 857 858 pfl->cfi_table[0x3a] = 0x00; 859 860 pfl->cfi_table[0x3b] = 0x00; 861 pfl->cfi_table[0x3c] = 0x00; 862 863 pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */ 864 } 865 866 static Property pflash_cfi01_properties[] = { 867 DEFINE_PROP_DRIVE("drive", struct pflash_t, blk), 868 /* num-blocks is the number of blocks actually visible to the guest, 869 * ie the total size of the device divided by the sector length. 870 * If we're emulating flash devices wired in parallel the actual 871 * number of blocks per indvidual device will differ. 872 */ 873 DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0), 874 DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0), 875 /* width here is the overall width of this QEMU device in bytes. 876 * The QEMU device may be emulating a number of flash devices 877 * wired up in parallel; the width of each individual flash 878 * device should be specified via device-width. If the individual 879 * devices have a maximum width which is greater than the width 880 * they are being used for, this maximum width should be set via 881 * max-device-width (which otherwise defaults to device-width). 882 * So for instance a 32-bit wide QEMU flash device made from four 883 * 16-bit flash devices used in 8-bit wide mode would be configured 884 * with width = 4, device-width = 1, max-device-width = 2. 885 * 886 * If device-width is not specified we default to backwards 887 * compatible behaviour which is a bad emulation of two 888 * 16 bit devices making up a 32 bit wide QEMU device. This 889 * is deprecated for new uses of this device. 890 */ 891 DEFINE_PROP_UINT8("width", struct pflash_t, bank_width, 0), 892 DEFINE_PROP_UINT8("device-width", struct pflash_t, device_width, 0), 893 DEFINE_PROP_UINT8("max-device-width", struct pflash_t, max_device_width, 0), 894 DEFINE_PROP_BIT("big-endian", struct pflash_t, features, PFLASH_BE, 0), 895 DEFINE_PROP_BIT("secure", struct pflash_t, features, PFLASH_SECURE, 0), 896 DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0), 897 DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0), 898 DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0), 899 DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0), 900 DEFINE_PROP_STRING("name", struct pflash_t, name), 901 DEFINE_PROP_BOOL("old-multiple-chip-handling", struct pflash_t, 902 old_multiple_chip_handling, false), 903 DEFINE_PROP_END_OF_LIST(), 904 }; 905 906 static void pflash_cfi01_class_init(ObjectClass *klass, void *data) 907 { 908 DeviceClass *dc = DEVICE_CLASS(klass); 909 910 dc->realize = pflash_cfi01_realize; 911 dc->props = pflash_cfi01_properties; 912 dc->vmsd = &vmstate_pflash; 913 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 914 } 915 916 917 static const TypeInfo pflash_cfi01_info = { 918 .name = TYPE_CFI_PFLASH01, 919 .parent = TYPE_SYS_BUS_DEVICE, 920 .instance_size = sizeof(struct pflash_t), 921 .class_init = pflash_cfi01_class_init, 922 }; 923 924 static void pflash_cfi01_register_types(void) 925 { 926 type_register_static(&pflash_cfi01_info); 927 } 928 929 type_init(pflash_cfi01_register_types) 930 931 pflash_t *pflash_cfi01_register(hwaddr base, 932 DeviceState *qdev, const char *name, 933 hwaddr size, 934 BlockBackend *blk, 935 uint32_t sector_len, int nb_blocs, 936 int bank_width, uint16_t id0, uint16_t id1, 937 uint16_t id2, uint16_t id3, int be) 938 { 939 DeviceState *dev = qdev_create(NULL, TYPE_CFI_PFLASH01); 940 941 if (blk) { 942 qdev_prop_set_drive(dev, "drive", blk, &error_abort); 943 } 944 qdev_prop_set_uint32(dev, "num-blocks", nb_blocs); 945 qdev_prop_set_uint64(dev, "sector-length", sector_len); 946 qdev_prop_set_uint8(dev, "width", bank_width); 947 qdev_prop_set_bit(dev, "big-endian", !!be); 948 qdev_prop_set_uint16(dev, "id0", id0); 949 qdev_prop_set_uint16(dev, "id1", id1); 950 qdev_prop_set_uint16(dev, "id2", id2); 951 qdev_prop_set_uint16(dev, "id3", id3); 952 qdev_prop_set_string(dev, "name", name); 953 qdev_init_nofail(dev); 954 955 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); 956 return CFI_PFLASH01(dev); 957 } 958 959 MemoryRegion *pflash_cfi01_get_memory(pflash_t *fl) 960 { 961 return &fl->mem; 962 } 963 964 static void postload_update_cb(void *opaque, int running, RunState state) 965 { 966 pflash_t *pfl = opaque; 967 968 /* This is called after bdrv_invalidate_cache_all. */ 969 qemu_del_vm_change_state_handler(pfl->vmstate); 970 pfl->vmstate = NULL; 971 972 DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name); 973 pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs); 974 } 975 976 static int pflash_post_load(void *opaque, int version_id) 977 { 978 pflash_t *pfl = opaque; 979 980 if (!pfl->ro) { 981 pfl->vmstate = qemu_add_vm_change_state_handler(postload_update_cb, 982 pfl); 983 } 984 return 0; 985 } 986