1 /* 2 * CFI parallel flash with Intel command set emulation 3 * 4 * Copyright (c) 2006 Thorsten Zitterell 5 * Copyright (c) 2005 Jocelyn Mayer 6 * 7 * This library is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation; either 10 * version 2 of the License, or (at your option) any later version. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 /* 22 * For now, this code can emulate flashes of 1, 2 or 4 bytes width. 23 * Supported commands/modes are: 24 * - flash read 25 * - flash write 26 * - flash ID read 27 * - sector erase 28 * - CFI queries 29 * 30 * It does not support timings 31 * It does not support flash interleaving 32 * It does not implement software data protection as found in many real chips 33 * It does not implement erase suspend/resume commands 34 * It does not implement multiple sectors erase 35 * 36 * It does not implement much more ... 37 */ 38 39 #include "qemu/osdep.h" 40 #include "hw/hw.h" 41 #include "hw/block/flash.h" 42 #include "sysemu/block-backend.h" 43 #include "qapi/error.h" 44 #include "qemu/timer.h" 45 #include "qemu/bitops.h" 46 #include "exec/address-spaces.h" 47 #include "qemu/host-utils.h" 48 #include "hw/sysbus.h" 49 50 #define PFLASH_BUG(fmt, ...) \ 51 do { \ 52 fprintf(stderr, "PFLASH: Possible BUG - " fmt, ## __VA_ARGS__); \ 53 exit(1); \ 54 } while(0) 55 56 /* #define PFLASH_DEBUG */ 57 #ifdef PFLASH_DEBUG 58 #define DPRINTF(fmt, ...) \ 59 do { \ 60 fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \ 61 } while (0) 62 #else 63 #define DPRINTF(fmt, ...) do { } while (0) 64 #endif 65 66 #define TYPE_CFI_PFLASH01 "cfi.pflash01" 67 #define CFI_PFLASH01(obj) OBJECT_CHECK(pflash_t, (obj), TYPE_CFI_PFLASH01) 68 69 #define PFLASH_BE 0 70 #define PFLASH_SECURE 1 71 72 struct pflash_t { 73 /*< private >*/ 74 SysBusDevice parent_obj; 75 /*< public >*/ 76 77 BlockBackend *blk; 78 uint32_t nb_blocs; 79 uint64_t sector_len; 80 uint8_t bank_width; 81 uint8_t device_width; /* If 0, device width not specified. */ 82 uint8_t max_device_width; /* max device width in bytes */ 83 uint32_t features; 84 uint8_t wcycle; /* if 0, the flash is read normally */ 85 int ro; 86 uint8_t cmd; 87 uint8_t status; 88 uint16_t ident0; 89 uint16_t ident1; 90 uint16_t ident2; 91 uint16_t ident3; 92 uint8_t cfi_len; 93 uint8_t cfi_table[0x52]; 94 uint64_t counter; 95 unsigned int writeblock_size; 96 QEMUTimer *timer; 97 MemoryRegion mem; 98 char *name; 99 void *storage; 100 }; 101 102 static int pflash_post_load(void *opaque, int version_id); 103 104 static const VMStateDescription vmstate_pflash = { 105 .name = "pflash_cfi01", 106 .version_id = 1, 107 .minimum_version_id = 1, 108 .post_load = pflash_post_load, 109 .fields = (VMStateField[]) { 110 VMSTATE_UINT8(wcycle, pflash_t), 111 VMSTATE_UINT8(cmd, pflash_t), 112 VMSTATE_UINT8(status, pflash_t), 113 VMSTATE_UINT64(counter, pflash_t), 114 VMSTATE_END_OF_LIST() 115 } 116 }; 117 118 static void pflash_timer (void *opaque) 119 { 120 pflash_t *pfl = opaque; 121 122 DPRINTF("%s: command %02x done\n", __func__, pfl->cmd); 123 /* Reset flash */ 124 pfl->status ^= 0x80; 125 memory_region_rom_device_set_romd(&pfl->mem, true); 126 pfl->wcycle = 0; 127 pfl->cmd = 0; 128 } 129 130 /* Perform a CFI query based on the bank width of the flash. 131 * If this code is called we know we have a device_width set for 132 * this flash. 133 */ 134 static uint32_t pflash_cfi_query(pflash_t *pfl, hwaddr offset) 135 { 136 int i; 137 uint32_t resp = 0; 138 hwaddr boff; 139 140 /* Adjust incoming offset to match expected device-width 141 * addressing. CFI query addresses are always specified in terms of 142 * the maximum supported width of the device. This means that x8 143 * devices and x8/x16 devices in x8 mode behave differently. For 144 * devices that are not used at their max width, we will be 145 * provided with addresses that use higher address bits than 146 * expected (based on the max width), so we will shift them lower 147 * so that they will match the addresses used when 148 * device_width==max_device_width. 149 */ 150 boff = offset >> (ctz32(pfl->bank_width) + 151 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 152 153 if (boff > pfl->cfi_len) { 154 return 0; 155 } 156 /* Now we will construct the CFI response generated by a single 157 * device, then replicate that for all devices that make up the 158 * bus. For wide parts used in x8 mode, CFI query responses 159 * are different than native byte-wide parts. 160 */ 161 resp = pfl->cfi_table[boff]; 162 if (pfl->device_width != pfl->max_device_width) { 163 /* The only case currently supported is x8 mode for a 164 * wider part. 165 */ 166 if (pfl->device_width != 1 || pfl->bank_width > 4) { 167 DPRINTF("%s: Unsupported device configuration: " 168 "device_width=%d, max_device_width=%d\n", 169 __func__, pfl->device_width, 170 pfl->max_device_width); 171 return 0; 172 } 173 /* CFI query data is repeated, rather than zero padded for 174 * wide devices used in x8 mode. 175 */ 176 for (i = 1; i < pfl->max_device_width; i++) { 177 resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]); 178 } 179 } 180 /* Replicate responses for each device in bank. */ 181 if (pfl->device_width < pfl->bank_width) { 182 for (i = pfl->device_width; 183 i < pfl->bank_width; i += pfl->device_width) { 184 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 185 } 186 } 187 188 return resp; 189 } 190 191 192 193 /* Perform a device id query based on the bank width of the flash. */ 194 static uint32_t pflash_devid_query(pflash_t *pfl, hwaddr offset) 195 { 196 int i; 197 uint32_t resp; 198 hwaddr boff; 199 200 /* Adjust incoming offset to match expected device-width 201 * addressing. Device ID read addresses are always specified in 202 * terms of the maximum supported width of the device. This means 203 * that x8 devices and x8/x16 devices in x8 mode behave 204 * differently. For devices that are not used at their max width, 205 * we will be provided with addresses that use higher address bits 206 * than expected (based on the max width), so we will shift them 207 * lower so that they will match the addresses used when 208 * device_width==max_device_width. 209 */ 210 boff = offset >> (ctz32(pfl->bank_width) + 211 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 212 213 /* Mask off upper bits which may be used in to query block 214 * or sector lock status at other addresses. 215 * Offsets 2/3 are block lock status, is not emulated. 216 */ 217 switch (boff & 0xFF) { 218 case 0: 219 resp = pfl->ident0; 220 DPRINTF("%s: Manufacturer Code %04x\n", __func__, resp); 221 break; 222 case 1: 223 resp = pfl->ident1; 224 DPRINTF("%s: Device ID Code %04x\n", __func__, resp); 225 break; 226 default: 227 DPRINTF("%s: Read Device Information offset=%x\n", __func__, 228 (unsigned)offset); 229 return 0; 230 break; 231 } 232 /* Replicate responses for each device in bank. */ 233 if (pfl->device_width < pfl->bank_width) { 234 for (i = pfl->device_width; 235 i < pfl->bank_width; i += pfl->device_width) { 236 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 237 } 238 } 239 240 return resp; 241 } 242 243 static uint32_t pflash_data_read(pflash_t *pfl, hwaddr offset, 244 int width, int be) 245 { 246 uint8_t *p; 247 uint32_t ret; 248 249 p = pfl->storage; 250 switch (width) { 251 case 1: 252 ret = p[offset]; 253 DPRINTF("%s: data offset " TARGET_FMT_plx " %02x\n", 254 __func__, offset, ret); 255 break; 256 case 2: 257 if (be) { 258 ret = p[offset] << 8; 259 ret |= p[offset + 1]; 260 } else { 261 ret = p[offset]; 262 ret |= p[offset + 1] << 8; 263 } 264 DPRINTF("%s: data offset " TARGET_FMT_plx " %04x\n", 265 __func__, offset, ret); 266 break; 267 case 4: 268 if (be) { 269 ret = p[offset] << 24; 270 ret |= p[offset + 1] << 16; 271 ret |= p[offset + 2] << 8; 272 ret |= p[offset + 3]; 273 } else { 274 ret = p[offset]; 275 ret |= p[offset + 1] << 8; 276 ret |= p[offset + 2] << 16; 277 ret |= p[offset + 3] << 24; 278 } 279 DPRINTF("%s: data offset " TARGET_FMT_plx " %08x\n", 280 __func__, offset, ret); 281 break; 282 default: 283 DPRINTF("BUG in %s\n", __func__); 284 abort(); 285 } 286 return ret; 287 } 288 289 static uint32_t pflash_read (pflash_t *pfl, hwaddr offset, 290 int width, int be) 291 { 292 hwaddr boff; 293 uint32_t ret; 294 295 ret = -1; 296 297 #if 0 298 DPRINTF("%s: reading offset " TARGET_FMT_plx " under cmd %02x width %d\n", 299 __func__, offset, pfl->cmd, width); 300 #endif 301 switch (pfl->cmd) { 302 default: 303 /* This should never happen : reset state & treat it as a read */ 304 DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd); 305 pfl->wcycle = 0; 306 pfl->cmd = 0; 307 /* fall through to read code */ 308 case 0x00: 309 /* Flash area read */ 310 ret = pflash_data_read(pfl, offset, width, be); 311 break; 312 case 0x10: /* Single byte program */ 313 case 0x20: /* Block erase */ 314 case 0x28: /* Block erase */ 315 case 0x40: /* single byte program */ 316 case 0x50: /* Clear status register */ 317 case 0x60: /* Block /un)lock */ 318 case 0x70: /* Status Register */ 319 case 0xe8: /* Write block */ 320 /* Status register read. Return status from each device in 321 * bank. 322 */ 323 ret = pfl->status; 324 if (pfl->device_width && width > pfl->device_width) { 325 int shift = pfl->device_width * 8; 326 while (shift + pfl->device_width * 8 <= width * 8) { 327 ret |= pfl->status << shift; 328 shift += pfl->device_width * 8; 329 } 330 } else if (!pfl->device_width && width > 2) { 331 /* Handle 32 bit flash cases where device width is not 332 * set. (Existing behavior before device width added.) 333 */ 334 ret |= pfl->status << 16; 335 } 336 DPRINTF("%s: status %x\n", __func__, ret); 337 break; 338 case 0x90: 339 if (!pfl->device_width) { 340 /* Preserve old behavior if device width not specified */ 341 boff = offset & 0xFF; 342 if (pfl->bank_width == 2) { 343 boff = boff >> 1; 344 } else if (pfl->bank_width == 4) { 345 boff = boff >> 2; 346 } 347 348 switch (boff) { 349 case 0: 350 ret = pfl->ident0 << 8 | pfl->ident1; 351 DPRINTF("%s: Manufacturer Code %04x\n", __func__, ret); 352 break; 353 case 1: 354 ret = pfl->ident2 << 8 | pfl->ident3; 355 DPRINTF("%s: Device ID Code %04x\n", __func__, ret); 356 break; 357 default: 358 DPRINTF("%s: Read Device Information boff=%x\n", __func__, 359 (unsigned)boff); 360 ret = 0; 361 break; 362 } 363 } else { 364 /* If we have a read larger than the bank_width, combine multiple 365 * manufacturer/device ID queries into a single response. 366 */ 367 int i; 368 for (i = 0; i < width; i += pfl->bank_width) { 369 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 370 pflash_devid_query(pfl, 371 offset + i * pfl->bank_width)); 372 } 373 } 374 break; 375 case 0x98: /* Query mode */ 376 if (!pfl->device_width) { 377 /* Preserve old behavior if device width not specified */ 378 boff = offset & 0xFF; 379 if (pfl->bank_width == 2) { 380 boff = boff >> 1; 381 } else if (pfl->bank_width == 4) { 382 boff = boff >> 2; 383 } 384 385 if (boff > pfl->cfi_len) { 386 ret = 0; 387 } else { 388 ret = pfl->cfi_table[boff]; 389 } 390 } else { 391 /* If we have a read larger than the bank_width, combine multiple 392 * CFI queries into a single response. 393 */ 394 int i; 395 for (i = 0; i < width; i += pfl->bank_width) { 396 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 397 pflash_cfi_query(pfl, 398 offset + i * pfl->bank_width)); 399 } 400 } 401 402 break; 403 } 404 return ret; 405 } 406 407 /* update flash content on disk */ 408 static void pflash_update(pflash_t *pfl, int offset, 409 int size) 410 { 411 int offset_end; 412 if (pfl->blk) { 413 offset_end = offset + size; 414 /* round to sectors */ 415 offset = offset >> 9; 416 offset_end = (offset_end + 511) >> 9; 417 blk_write(pfl->blk, offset, pfl->storage + (offset << 9), 418 offset_end - offset); 419 } 420 } 421 422 static inline void pflash_data_write(pflash_t *pfl, hwaddr offset, 423 uint32_t value, int width, int be) 424 { 425 uint8_t *p = pfl->storage; 426 427 DPRINTF("%s: block write offset " TARGET_FMT_plx 428 " value %x counter %016" PRIx64 "\n", 429 __func__, offset, value, pfl->counter); 430 switch (width) { 431 case 1: 432 p[offset] = value; 433 break; 434 case 2: 435 if (be) { 436 p[offset] = value >> 8; 437 p[offset + 1] = value; 438 } else { 439 p[offset] = value; 440 p[offset + 1] = value >> 8; 441 } 442 break; 443 case 4: 444 if (be) { 445 p[offset] = value >> 24; 446 p[offset + 1] = value >> 16; 447 p[offset + 2] = value >> 8; 448 p[offset + 3] = value; 449 } else { 450 p[offset] = value; 451 p[offset + 1] = value >> 8; 452 p[offset + 2] = value >> 16; 453 p[offset + 3] = value >> 24; 454 } 455 break; 456 } 457 458 } 459 460 static void pflash_write(pflash_t *pfl, hwaddr offset, 461 uint32_t value, int width, int be) 462 { 463 uint8_t *p; 464 uint8_t cmd; 465 466 cmd = value; 467 468 DPRINTF("%s: writing offset " TARGET_FMT_plx " value %08x width %d wcycle 0x%x\n", 469 __func__, offset, value, width, pfl->wcycle); 470 471 if (!pfl->wcycle) { 472 /* Set the device in I/O access mode */ 473 memory_region_rom_device_set_romd(&pfl->mem, false); 474 } 475 476 switch (pfl->wcycle) { 477 case 0: 478 /* read mode */ 479 switch (cmd) { 480 case 0x00: /* ??? */ 481 goto reset_flash; 482 case 0x10: /* Single Byte Program */ 483 case 0x40: /* Single Byte Program */ 484 DPRINTF("%s: Single Byte Program\n", __func__); 485 break; 486 case 0x20: /* Block erase */ 487 p = pfl->storage; 488 offset &= ~(pfl->sector_len - 1); 489 490 DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n", 491 __func__, offset, (unsigned)pfl->sector_len); 492 493 if (!pfl->ro) { 494 memset(p + offset, 0xff, pfl->sector_len); 495 pflash_update(pfl, offset, pfl->sector_len); 496 } else { 497 pfl->status |= 0x20; /* Block erase error */ 498 } 499 pfl->status |= 0x80; /* Ready! */ 500 break; 501 case 0x50: /* Clear status bits */ 502 DPRINTF("%s: Clear status bits\n", __func__); 503 pfl->status = 0x0; 504 goto reset_flash; 505 case 0x60: /* Block (un)lock */ 506 DPRINTF("%s: Block unlock\n", __func__); 507 break; 508 case 0x70: /* Status Register */ 509 DPRINTF("%s: Read status register\n", __func__); 510 pfl->cmd = cmd; 511 return; 512 case 0x90: /* Read Device ID */ 513 DPRINTF("%s: Read Device information\n", __func__); 514 pfl->cmd = cmd; 515 return; 516 case 0x98: /* CFI query */ 517 DPRINTF("%s: CFI query\n", __func__); 518 break; 519 case 0xe8: /* Write to buffer */ 520 DPRINTF("%s: Write to buffer\n", __func__); 521 pfl->status |= 0x80; /* Ready! */ 522 break; 523 case 0xf0: /* Probe for AMD flash */ 524 DPRINTF("%s: Probe for AMD flash\n", __func__); 525 goto reset_flash; 526 case 0xff: /* Read array mode */ 527 DPRINTF("%s: Read array mode\n", __func__); 528 goto reset_flash; 529 default: 530 goto error_flash; 531 } 532 pfl->wcycle++; 533 pfl->cmd = cmd; 534 break; 535 case 1: 536 switch (pfl->cmd) { 537 case 0x10: /* Single Byte Program */ 538 case 0x40: /* Single Byte Program */ 539 DPRINTF("%s: Single Byte Program\n", __func__); 540 if (!pfl->ro) { 541 pflash_data_write(pfl, offset, value, width, be); 542 pflash_update(pfl, offset, width); 543 } else { 544 pfl->status |= 0x10; /* Programming error */ 545 } 546 pfl->status |= 0x80; /* Ready! */ 547 pfl->wcycle = 0; 548 break; 549 case 0x20: /* Block erase */ 550 case 0x28: 551 if (cmd == 0xd0) { /* confirm */ 552 pfl->wcycle = 0; 553 pfl->status |= 0x80; 554 } else if (cmd == 0xff) { /* read array mode */ 555 goto reset_flash; 556 } else 557 goto error_flash; 558 559 break; 560 case 0xe8: 561 /* Mask writeblock size based on device width, or bank width if 562 * device width not specified. 563 */ 564 if (pfl->device_width) { 565 value = extract32(value, 0, pfl->device_width * 8); 566 } else { 567 value = extract32(value, 0, pfl->bank_width * 8); 568 } 569 DPRINTF("%s: block write of %x bytes\n", __func__, value); 570 pfl->counter = value; 571 pfl->wcycle++; 572 break; 573 case 0x60: 574 if (cmd == 0xd0) { 575 pfl->wcycle = 0; 576 pfl->status |= 0x80; 577 } else if (cmd == 0x01) { 578 pfl->wcycle = 0; 579 pfl->status |= 0x80; 580 } else if (cmd == 0xff) { 581 goto reset_flash; 582 } else { 583 DPRINTF("%s: Unknown (un)locking command\n", __func__); 584 goto reset_flash; 585 } 586 break; 587 case 0x98: 588 if (cmd == 0xff) { 589 goto reset_flash; 590 } else { 591 DPRINTF("%s: leaving query mode\n", __func__); 592 } 593 break; 594 default: 595 goto error_flash; 596 } 597 break; 598 case 2: 599 switch (pfl->cmd) { 600 case 0xe8: /* Block write */ 601 if (!pfl->ro) { 602 pflash_data_write(pfl, offset, value, width, be); 603 } else { 604 pfl->status |= 0x10; /* Programming error */ 605 } 606 607 pfl->status |= 0x80; 608 609 if (!pfl->counter) { 610 hwaddr mask = pfl->writeblock_size - 1; 611 mask = ~mask; 612 613 DPRINTF("%s: block write finished\n", __func__); 614 pfl->wcycle++; 615 if (!pfl->ro) { 616 /* Flush the entire write buffer onto backing storage. */ 617 pflash_update(pfl, offset & mask, pfl->writeblock_size); 618 } else { 619 pfl->status |= 0x10; /* Programming error */ 620 } 621 } 622 623 pfl->counter--; 624 break; 625 default: 626 goto error_flash; 627 } 628 break; 629 case 3: /* Confirm mode */ 630 switch (pfl->cmd) { 631 case 0xe8: /* Block write */ 632 if (cmd == 0xd0) { 633 pfl->wcycle = 0; 634 pfl->status |= 0x80; 635 } else { 636 DPRINTF("%s: unknown command for \"write block\"\n", __func__); 637 PFLASH_BUG("Write block confirm"); 638 goto reset_flash; 639 } 640 break; 641 default: 642 goto error_flash; 643 } 644 break; 645 default: 646 /* Should never happen */ 647 DPRINTF("%s: invalid write state\n", __func__); 648 goto reset_flash; 649 } 650 return; 651 652 error_flash: 653 qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence " 654 "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)" 655 "\n", __func__, offset, pfl->wcycle, pfl->cmd, value); 656 657 reset_flash: 658 memory_region_rom_device_set_romd(&pfl->mem, true); 659 660 pfl->wcycle = 0; 661 pfl->cmd = 0; 662 } 663 664 665 static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value, 666 unsigned len, MemTxAttrs attrs) 667 { 668 pflash_t *pfl = opaque; 669 bool be = !!(pfl->features & (1 << PFLASH_BE)); 670 671 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 672 *value = pflash_data_read(opaque, addr, len, be); 673 } else { 674 *value = pflash_read(opaque, addr, len, be); 675 } 676 return MEMTX_OK; 677 } 678 679 static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value, 680 unsigned len, MemTxAttrs attrs) 681 { 682 pflash_t *pfl = opaque; 683 bool be = !!(pfl->features & (1 << PFLASH_BE)); 684 685 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 686 return MEMTX_ERROR; 687 } else { 688 pflash_write(opaque, addr, value, len, be); 689 return MEMTX_OK; 690 } 691 } 692 693 static const MemoryRegionOps pflash_cfi01_ops = { 694 .read_with_attrs = pflash_mem_read_with_attrs, 695 .write_with_attrs = pflash_mem_write_with_attrs, 696 .endianness = DEVICE_NATIVE_ENDIAN, 697 }; 698 699 static void pflash_cfi01_realize(DeviceState *dev, Error **errp) 700 { 701 pflash_t *pfl = CFI_PFLASH01(dev); 702 uint64_t total_len; 703 int ret; 704 uint64_t blocks_per_device, device_len; 705 int num_devices; 706 Error *local_err = NULL; 707 708 total_len = pfl->sector_len * pfl->nb_blocs; 709 710 /* These are only used to expose the parameters of each device 711 * in the cfi_table[]. 712 */ 713 num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1; 714 blocks_per_device = pfl->nb_blocs / num_devices; 715 device_len = pfl->sector_len * blocks_per_device; 716 717 /* XXX: to be fixed */ 718 #if 0 719 if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) && 720 total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024)) 721 return NULL; 722 #endif 723 724 memory_region_init_rom_device( 725 &pfl->mem, OBJECT(dev), 726 &pflash_cfi01_ops, 727 pfl, 728 pfl->name, total_len, &local_err); 729 if (local_err) { 730 error_propagate(errp, local_err); 731 return; 732 } 733 734 vmstate_register_ram(&pfl->mem, DEVICE(pfl)); 735 pfl->storage = memory_region_get_ram_ptr(&pfl->mem); 736 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem); 737 738 if (pfl->blk) { 739 /* read the initial flash content */ 740 ret = blk_read(pfl->blk, 0, pfl->storage, total_len >> 9); 741 742 if (ret < 0) { 743 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl)); 744 error_setg(errp, "failed to read the initial flash content"); 745 return; 746 } 747 } 748 749 if (pfl->blk) { 750 pfl->ro = blk_is_read_only(pfl->blk); 751 } else { 752 pfl->ro = 0; 753 } 754 755 /* Default to devices being used at their maximum device width. This was 756 * assumed before the device_width support was added. 757 */ 758 if (!pfl->max_device_width) { 759 pfl->max_device_width = pfl->device_width; 760 } 761 762 pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl); 763 pfl->wcycle = 0; 764 pfl->cmd = 0; 765 pfl->status = 0; 766 /* Hardcoded CFI table */ 767 pfl->cfi_len = 0x52; 768 /* Standard "QRY" string */ 769 pfl->cfi_table[0x10] = 'Q'; 770 pfl->cfi_table[0x11] = 'R'; 771 pfl->cfi_table[0x12] = 'Y'; 772 /* Command set (Intel) */ 773 pfl->cfi_table[0x13] = 0x01; 774 pfl->cfi_table[0x14] = 0x00; 775 /* Primary extended table address (none) */ 776 pfl->cfi_table[0x15] = 0x31; 777 pfl->cfi_table[0x16] = 0x00; 778 /* Alternate command set (none) */ 779 pfl->cfi_table[0x17] = 0x00; 780 pfl->cfi_table[0x18] = 0x00; 781 /* Alternate extended table (none) */ 782 pfl->cfi_table[0x19] = 0x00; 783 pfl->cfi_table[0x1A] = 0x00; 784 /* Vcc min */ 785 pfl->cfi_table[0x1B] = 0x45; 786 /* Vcc max */ 787 pfl->cfi_table[0x1C] = 0x55; 788 /* Vpp min (no Vpp pin) */ 789 pfl->cfi_table[0x1D] = 0x00; 790 /* Vpp max (no Vpp pin) */ 791 pfl->cfi_table[0x1E] = 0x00; 792 /* Reserved */ 793 pfl->cfi_table[0x1F] = 0x07; 794 /* Timeout for min size buffer write */ 795 pfl->cfi_table[0x20] = 0x07; 796 /* Typical timeout for block erase */ 797 pfl->cfi_table[0x21] = 0x0a; 798 /* Typical timeout for full chip erase (4096 ms) */ 799 pfl->cfi_table[0x22] = 0x00; 800 /* Reserved */ 801 pfl->cfi_table[0x23] = 0x04; 802 /* Max timeout for buffer write */ 803 pfl->cfi_table[0x24] = 0x04; 804 /* Max timeout for block erase */ 805 pfl->cfi_table[0x25] = 0x04; 806 /* Max timeout for chip erase */ 807 pfl->cfi_table[0x26] = 0x00; 808 /* Device size */ 809 pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */ 810 /* Flash device interface (8 & 16 bits) */ 811 pfl->cfi_table[0x28] = 0x02; 812 pfl->cfi_table[0x29] = 0x00; 813 /* Max number of bytes in multi-bytes write */ 814 if (pfl->bank_width == 1) { 815 pfl->cfi_table[0x2A] = 0x08; 816 } else { 817 pfl->cfi_table[0x2A] = 0x0B; 818 } 819 pfl->writeblock_size = 1 << pfl->cfi_table[0x2A]; 820 821 pfl->cfi_table[0x2B] = 0x00; 822 /* Number of erase block regions (uniform) */ 823 pfl->cfi_table[0x2C] = 0x01; 824 /* Erase block region 1 */ 825 pfl->cfi_table[0x2D] = blocks_per_device - 1; 826 pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8; 827 pfl->cfi_table[0x2F] = pfl->sector_len >> 8; 828 pfl->cfi_table[0x30] = pfl->sector_len >> 16; 829 830 /* Extended */ 831 pfl->cfi_table[0x31] = 'P'; 832 pfl->cfi_table[0x32] = 'R'; 833 pfl->cfi_table[0x33] = 'I'; 834 835 pfl->cfi_table[0x34] = '1'; 836 pfl->cfi_table[0x35] = '0'; 837 838 pfl->cfi_table[0x36] = 0x00; 839 pfl->cfi_table[0x37] = 0x00; 840 pfl->cfi_table[0x38] = 0x00; 841 pfl->cfi_table[0x39] = 0x00; 842 843 pfl->cfi_table[0x3a] = 0x00; 844 845 pfl->cfi_table[0x3b] = 0x00; 846 pfl->cfi_table[0x3c] = 0x00; 847 848 pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */ 849 } 850 851 static Property pflash_cfi01_properties[] = { 852 DEFINE_PROP_DRIVE("drive", struct pflash_t, blk), 853 /* num-blocks is the number of blocks actually visible to the guest, 854 * ie the total size of the device divided by the sector length. 855 * If we're emulating flash devices wired in parallel the actual 856 * number of blocks per indvidual device will differ. 857 */ 858 DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0), 859 DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0), 860 /* width here is the overall width of this QEMU device in bytes. 861 * The QEMU device may be emulating a number of flash devices 862 * wired up in parallel; the width of each individual flash 863 * device should be specified via device-width. If the individual 864 * devices have a maximum width which is greater than the width 865 * they are being used for, this maximum width should be set via 866 * max-device-width (which otherwise defaults to device-width). 867 * So for instance a 32-bit wide QEMU flash device made from four 868 * 16-bit flash devices used in 8-bit wide mode would be configured 869 * with width = 4, device-width = 1, max-device-width = 2. 870 * 871 * If device-width is not specified we default to backwards 872 * compatible behaviour which is a bad emulation of two 873 * 16 bit devices making up a 32 bit wide QEMU device. This 874 * is deprecated for new uses of this device. 875 */ 876 DEFINE_PROP_UINT8("width", struct pflash_t, bank_width, 0), 877 DEFINE_PROP_UINT8("device-width", struct pflash_t, device_width, 0), 878 DEFINE_PROP_UINT8("max-device-width", struct pflash_t, max_device_width, 0), 879 DEFINE_PROP_BIT("big-endian", struct pflash_t, features, PFLASH_BE, 0), 880 DEFINE_PROP_BIT("secure", struct pflash_t, features, PFLASH_SECURE, 0), 881 DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0), 882 DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0), 883 DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0), 884 DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0), 885 DEFINE_PROP_STRING("name", struct pflash_t, name), 886 DEFINE_PROP_END_OF_LIST(), 887 }; 888 889 static void pflash_cfi01_class_init(ObjectClass *klass, void *data) 890 { 891 DeviceClass *dc = DEVICE_CLASS(klass); 892 893 dc->realize = pflash_cfi01_realize; 894 dc->props = pflash_cfi01_properties; 895 dc->vmsd = &vmstate_pflash; 896 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 897 } 898 899 900 static const TypeInfo pflash_cfi01_info = { 901 .name = TYPE_CFI_PFLASH01, 902 .parent = TYPE_SYS_BUS_DEVICE, 903 .instance_size = sizeof(struct pflash_t), 904 .class_init = pflash_cfi01_class_init, 905 }; 906 907 static void pflash_cfi01_register_types(void) 908 { 909 type_register_static(&pflash_cfi01_info); 910 } 911 912 type_init(pflash_cfi01_register_types) 913 914 pflash_t *pflash_cfi01_register(hwaddr base, 915 DeviceState *qdev, const char *name, 916 hwaddr size, 917 BlockBackend *blk, 918 uint32_t sector_len, int nb_blocs, 919 int bank_width, uint16_t id0, uint16_t id1, 920 uint16_t id2, uint16_t id3, int be) 921 { 922 DeviceState *dev = qdev_create(NULL, TYPE_CFI_PFLASH01); 923 924 if (blk) { 925 qdev_prop_set_drive(dev, "drive", blk, &error_abort); 926 } 927 qdev_prop_set_uint32(dev, "num-blocks", nb_blocs); 928 qdev_prop_set_uint64(dev, "sector-length", sector_len); 929 qdev_prop_set_uint8(dev, "width", bank_width); 930 qdev_prop_set_bit(dev, "big-endian", !!be); 931 qdev_prop_set_uint16(dev, "id0", id0); 932 qdev_prop_set_uint16(dev, "id1", id1); 933 qdev_prop_set_uint16(dev, "id2", id2); 934 qdev_prop_set_uint16(dev, "id3", id3); 935 qdev_prop_set_string(dev, "name", name); 936 qdev_init_nofail(dev); 937 938 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); 939 return CFI_PFLASH01(dev); 940 } 941 942 MemoryRegion *pflash_cfi01_get_memory(pflash_t *fl) 943 { 944 return &fl->mem; 945 } 946 947 static int pflash_post_load(void *opaque, int version_id) 948 { 949 pflash_t *pfl = opaque; 950 951 if (!pfl->ro) { 952 DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name); 953 pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs); 954 } 955 return 0; 956 } 957