1 /* 2 * CFI parallel flash with Intel command set emulation 3 * 4 * Copyright (c) 2006 Thorsten Zitterell 5 * Copyright (c) 2005 Jocelyn Mayer 6 * 7 * This library is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation; either 10 * version 2 of the License, or (at your option) any later version. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 /* 22 * For now, this code can emulate flashes of 1, 2 or 4 bytes width. 23 * Supported commands/modes are: 24 * - flash read 25 * - flash write 26 * - flash ID read 27 * - sector erase 28 * - CFI queries 29 * 30 * It does not support timings 31 * It does not support flash interleaving 32 * It does not implement software data protection as found in many real chips 33 * It does not implement erase suspend/resume commands 34 * It does not implement multiple sectors erase 35 * 36 * It does not implement much more ... 37 */ 38 39 #include "qemu/osdep.h" 40 #include "hw/hw.h" 41 #include "hw/block/flash.h" 42 #include "sysemu/block-backend.h" 43 #include "qapi/error.h" 44 #include "qemu/timer.h" 45 #include "qemu/bitops.h" 46 #include "qemu/host-utils.h" 47 #include "qemu/log.h" 48 #include "hw/sysbus.h" 49 #include "sysemu/sysemu.h" 50 #include "trace.h" 51 52 /* #define PFLASH_DEBUG */ 53 #ifdef PFLASH_DEBUG 54 #define DPRINTF(fmt, ...) \ 55 do { \ 56 fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \ 57 } while (0) 58 #else 59 #define DPRINTF(fmt, ...) do { } while (0) 60 #endif 61 62 #define PFLASH_BE 0 63 #define PFLASH_SECURE 1 64 65 struct PFlashCFI01 { 66 /*< private >*/ 67 SysBusDevice parent_obj; 68 /*< public >*/ 69 70 BlockBackend *blk; 71 uint32_t nb_blocs; 72 uint64_t sector_len; 73 uint8_t bank_width; 74 uint8_t device_width; /* If 0, device width not specified. */ 75 uint8_t max_device_width; /* max device width in bytes */ 76 uint32_t features; 77 uint8_t wcycle; /* if 0, the flash is read normally */ 78 int ro; 79 uint8_t cmd; 80 uint8_t status; 81 uint16_t ident0; 82 uint16_t ident1; 83 uint16_t ident2; 84 uint16_t ident3; 85 uint8_t cfi_table[0x52]; 86 uint64_t counter; 87 unsigned int writeblock_size; 88 QEMUTimer *timer; 89 MemoryRegion mem; 90 char *name; 91 void *storage; 92 VMChangeStateEntry *vmstate; 93 bool old_multiple_chip_handling; 94 }; 95 96 static int pflash_post_load(void *opaque, int version_id); 97 98 static const VMStateDescription vmstate_pflash = { 99 .name = "pflash_cfi01", 100 .version_id = 1, 101 .minimum_version_id = 1, 102 .post_load = pflash_post_load, 103 .fields = (VMStateField[]) { 104 VMSTATE_UINT8(wcycle, PFlashCFI01), 105 VMSTATE_UINT8(cmd, PFlashCFI01), 106 VMSTATE_UINT8(status, PFlashCFI01), 107 VMSTATE_UINT64(counter, PFlashCFI01), 108 VMSTATE_END_OF_LIST() 109 } 110 }; 111 112 static void pflash_timer (void *opaque) 113 { 114 PFlashCFI01 *pfl = opaque; 115 116 trace_pflash_timer_expired(pfl->cmd); 117 /* Reset flash */ 118 pfl->status ^= 0x80; 119 memory_region_rom_device_set_romd(&pfl->mem, true); 120 pfl->wcycle = 0; 121 pfl->cmd = 0; 122 } 123 124 /* Perform a CFI query based on the bank width of the flash. 125 * If this code is called we know we have a device_width set for 126 * this flash. 127 */ 128 static uint32_t pflash_cfi_query(PFlashCFI01 *pfl, hwaddr offset) 129 { 130 int i; 131 uint32_t resp = 0; 132 hwaddr boff; 133 134 /* Adjust incoming offset to match expected device-width 135 * addressing. CFI query addresses are always specified in terms of 136 * the maximum supported width of the device. This means that x8 137 * devices and x8/x16 devices in x8 mode behave differently. For 138 * devices that are not used at their max width, we will be 139 * provided with addresses that use higher address bits than 140 * expected (based on the max width), so we will shift them lower 141 * so that they will match the addresses used when 142 * device_width==max_device_width. 143 */ 144 boff = offset >> (ctz32(pfl->bank_width) + 145 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 146 147 if (boff >= sizeof(pfl->cfi_table)) { 148 return 0; 149 } 150 /* Now we will construct the CFI response generated by a single 151 * device, then replicate that for all devices that make up the 152 * bus. For wide parts used in x8 mode, CFI query responses 153 * are different than native byte-wide parts. 154 */ 155 resp = pfl->cfi_table[boff]; 156 if (pfl->device_width != pfl->max_device_width) { 157 /* The only case currently supported is x8 mode for a 158 * wider part. 159 */ 160 if (pfl->device_width != 1 || pfl->bank_width > 4) { 161 DPRINTF("%s: Unsupported device configuration: " 162 "device_width=%d, max_device_width=%d\n", 163 __func__, pfl->device_width, 164 pfl->max_device_width); 165 return 0; 166 } 167 /* CFI query data is repeated, rather than zero padded for 168 * wide devices used in x8 mode. 169 */ 170 for (i = 1; i < pfl->max_device_width; i++) { 171 resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]); 172 } 173 } 174 /* Replicate responses for each device in bank. */ 175 if (pfl->device_width < pfl->bank_width) { 176 for (i = pfl->device_width; 177 i < pfl->bank_width; i += pfl->device_width) { 178 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 179 } 180 } 181 182 return resp; 183 } 184 185 186 187 /* Perform a device id query based on the bank width of the flash. */ 188 static uint32_t pflash_devid_query(PFlashCFI01 *pfl, hwaddr offset) 189 { 190 int i; 191 uint32_t resp; 192 hwaddr boff; 193 194 /* Adjust incoming offset to match expected device-width 195 * addressing. Device ID read addresses are always specified in 196 * terms of the maximum supported width of the device. This means 197 * that x8 devices and x8/x16 devices in x8 mode behave 198 * differently. For devices that are not used at their max width, 199 * we will be provided with addresses that use higher address bits 200 * than expected (based on the max width), so we will shift them 201 * lower so that they will match the addresses used when 202 * device_width==max_device_width. 203 */ 204 boff = offset >> (ctz32(pfl->bank_width) + 205 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 206 207 /* Mask off upper bits which may be used in to query block 208 * or sector lock status at other addresses. 209 * Offsets 2/3 are block lock status, is not emulated. 210 */ 211 switch (boff & 0xFF) { 212 case 0: 213 resp = pfl->ident0; 214 trace_pflash_manufacturer_id(resp); 215 break; 216 case 1: 217 resp = pfl->ident1; 218 trace_pflash_device_id(resp); 219 break; 220 default: 221 trace_pflash_device_info(offset); 222 return 0; 223 break; 224 } 225 /* Replicate responses for each device in bank. */ 226 if (pfl->device_width < pfl->bank_width) { 227 for (i = pfl->device_width; 228 i < pfl->bank_width; i += pfl->device_width) { 229 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 230 } 231 } 232 233 return resp; 234 } 235 236 static uint32_t pflash_data_read(PFlashCFI01 *pfl, hwaddr offset, 237 int width, int be) 238 { 239 uint8_t *p; 240 uint32_t ret; 241 242 p = pfl->storage; 243 switch (width) { 244 case 1: 245 ret = p[offset]; 246 trace_pflash_data_read8(offset, ret); 247 break; 248 case 2: 249 if (be) { 250 ret = p[offset] << 8; 251 ret |= p[offset + 1]; 252 } else { 253 ret = p[offset]; 254 ret |= p[offset + 1] << 8; 255 } 256 trace_pflash_data_read16(offset, ret); 257 break; 258 case 4: 259 if (be) { 260 ret = p[offset] << 24; 261 ret |= p[offset + 1] << 16; 262 ret |= p[offset + 2] << 8; 263 ret |= p[offset + 3]; 264 } else { 265 ret = p[offset]; 266 ret |= p[offset + 1] << 8; 267 ret |= p[offset + 2] << 16; 268 ret |= p[offset + 3] << 24; 269 } 270 trace_pflash_data_read32(offset, ret); 271 break; 272 default: 273 DPRINTF("BUG in %s\n", __func__); 274 abort(); 275 } 276 return ret; 277 } 278 279 static uint32_t pflash_read(PFlashCFI01 *pfl, hwaddr offset, 280 int width, int be) 281 { 282 hwaddr boff; 283 uint32_t ret; 284 285 ret = -1; 286 trace_pflash_read(offset, pfl->cmd, width, pfl->wcycle); 287 switch (pfl->cmd) { 288 default: 289 /* This should never happen : reset state & treat it as a read */ 290 DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd); 291 pfl->wcycle = 0; 292 pfl->cmd = 0; 293 /* fall through to read code */ 294 case 0x00: 295 /* Flash area read */ 296 ret = pflash_data_read(pfl, offset, width, be); 297 break; 298 case 0x10: /* Single byte program */ 299 case 0x20: /* Block erase */ 300 case 0x28: /* Block erase */ 301 case 0x40: /* single byte program */ 302 case 0x50: /* Clear status register */ 303 case 0x60: /* Block /un)lock */ 304 case 0x70: /* Status Register */ 305 case 0xe8: /* Write block */ 306 /* Status register read. Return status from each device in 307 * bank. 308 */ 309 ret = pfl->status; 310 if (pfl->device_width && width > pfl->device_width) { 311 int shift = pfl->device_width * 8; 312 while (shift + pfl->device_width * 8 <= width * 8) { 313 ret |= pfl->status << shift; 314 shift += pfl->device_width * 8; 315 } 316 } else if (!pfl->device_width && width > 2) { 317 /* Handle 32 bit flash cases where device width is not 318 * set. (Existing behavior before device width added.) 319 */ 320 ret |= pfl->status << 16; 321 } 322 DPRINTF("%s: status %x\n", __func__, ret); 323 break; 324 case 0x90: 325 if (!pfl->device_width) { 326 /* Preserve old behavior if device width not specified */ 327 boff = offset & 0xFF; 328 if (pfl->bank_width == 2) { 329 boff = boff >> 1; 330 } else if (pfl->bank_width == 4) { 331 boff = boff >> 2; 332 } 333 334 switch (boff) { 335 case 0: 336 ret = pfl->ident0 << 8 | pfl->ident1; 337 trace_pflash_manufacturer_id(ret); 338 break; 339 case 1: 340 ret = pfl->ident2 << 8 | pfl->ident3; 341 trace_pflash_device_id(ret); 342 break; 343 default: 344 trace_pflash_device_info(boff); 345 ret = 0; 346 break; 347 } 348 } else { 349 /* If we have a read larger than the bank_width, combine multiple 350 * manufacturer/device ID queries into a single response. 351 */ 352 int i; 353 for (i = 0; i < width; i += pfl->bank_width) { 354 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 355 pflash_devid_query(pfl, 356 offset + i * pfl->bank_width)); 357 } 358 } 359 break; 360 case 0x98: /* Query mode */ 361 if (!pfl->device_width) { 362 /* Preserve old behavior if device width not specified */ 363 boff = offset & 0xFF; 364 if (pfl->bank_width == 2) { 365 boff = boff >> 1; 366 } else if (pfl->bank_width == 4) { 367 boff = boff >> 2; 368 } 369 370 if (boff < sizeof(pfl->cfi_table)) { 371 ret = pfl->cfi_table[boff]; 372 } else { 373 ret = 0; 374 } 375 } else { 376 /* If we have a read larger than the bank_width, combine multiple 377 * CFI queries into a single response. 378 */ 379 int i; 380 for (i = 0; i < width; i += pfl->bank_width) { 381 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 382 pflash_cfi_query(pfl, 383 offset + i * pfl->bank_width)); 384 } 385 } 386 387 break; 388 } 389 return ret; 390 } 391 392 /* update flash content on disk */ 393 static void pflash_update(PFlashCFI01 *pfl, int offset, 394 int size) 395 { 396 int offset_end; 397 if (pfl->blk) { 398 offset_end = offset + size; 399 /* widen to sector boundaries */ 400 offset = QEMU_ALIGN_DOWN(offset, BDRV_SECTOR_SIZE); 401 offset_end = QEMU_ALIGN_UP(offset_end, BDRV_SECTOR_SIZE); 402 blk_pwrite(pfl->blk, offset, pfl->storage + offset, 403 offset_end - offset, 0); 404 } 405 } 406 407 static inline void pflash_data_write(PFlashCFI01 *pfl, hwaddr offset, 408 uint32_t value, int width, int be) 409 { 410 uint8_t *p = pfl->storage; 411 412 trace_pflash_data_write(offset, value, width, pfl->counter); 413 switch (width) { 414 case 1: 415 p[offset] = value; 416 break; 417 case 2: 418 if (be) { 419 p[offset] = value >> 8; 420 p[offset + 1] = value; 421 } else { 422 p[offset] = value; 423 p[offset + 1] = value >> 8; 424 } 425 break; 426 case 4: 427 if (be) { 428 p[offset] = value >> 24; 429 p[offset + 1] = value >> 16; 430 p[offset + 2] = value >> 8; 431 p[offset + 3] = value; 432 } else { 433 p[offset] = value; 434 p[offset + 1] = value >> 8; 435 p[offset + 2] = value >> 16; 436 p[offset + 3] = value >> 24; 437 } 438 break; 439 } 440 441 } 442 443 static void pflash_write(PFlashCFI01 *pfl, hwaddr offset, 444 uint32_t value, int width, int be) 445 { 446 uint8_t *p; 447 uint8_t cmd; 448 449 cmd = value; 450 451 trace_pflash_write(offset, value, width, pfl->wcycle); 452 if (!pfl->wcycle) { 453 /* Set the device in I/O access mode */ 454 memory_region_rom_device_set_romd(&pfl->mem, false); 455 } 456 457 switch (pfl->wcycle) { 458 case 0: 459 /* read mode */ 460 switch (cmd) { 461 case 0x00: /* ??? */ 462 goto reset_flash; 463 case 0x10: /* Single Byte Program */ 464 case 0x40: /* Single Byte Program */ 465 DPRINTF("%s: Single Byte Program\n", __func__); 466 break; 467 case 0x20: /* Block erase */ 468 p = pfl->storage; 469 offset &= ~(pfl->sector_len - 1); 470 471 DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n", 472 __func__, offset, (unsigned)pfl->sector_len); 473 474 if (!pfl->ro) { 475 memset(p + offset, 0xff, pfl->sector_len); 476 pflash_update(pfl, offset, pfl->sector_len); 477 } else { 478 pfl->status |= 0x20; /* Block erase error */ 479 } 480 pfl->status |= 0x80; /* Ready! */ 481 break; 482 case 0x50: /* Clear status bits */ 483 DPRINTF("%s: Clear status bits\n", __func__); 484 pfl->status = 0x0; 485 goto reset_flash; 486 case 0x60: /* Block (un)lock */ 487 DPRINTF("%s: Block unlock\n", __func__); 488 break; 489 case 0x70: /* Status Register */ 490 DPRINTF("%s: Read status register\n", __func__); 491 pfl->cmd = cmd; 492 return; 493 case 0x90: /* Read Device ID */ 494 DPRINTF("%s: Read Device information\n", __func__); 495 pfl->cmd = cmd; 496 return; 497 case 0x98: /* CFI query */ 498 DPRINTF("%s: CFI query\n", __func__); 499 break; 500 case 0xe8: /* Write to buffer */ 501 DPRINTF("%s: Write to buffer\n", __func__); 502 /* FIXME should save @offset, @width for case 1+ */ 503 qemu_log_mask(LOG_UNIMP, 504 "%s: Write to buffer emulation is flawed\n", 505 __func__); 506 pfl->status |= 0x80; /* Ready! */ 507 break; 508 case 0xf0: /* Probe for AMD flash */ 509 DPRINTF("%s: Probe for AMD flash\n", __func__); 510 goto reset_flash; 511 case 0xff: /* Read array mode */ 512 DPRINTF("%s: Read array mode\n", __func__); 513 goto reset_flash; 514 default: 515 goto error_flash; 516 } 517 pfl->wcycle++; 518 pfl->cmd = cmd; 519 break; 520 case 1: 521 switch (pfl->cmd) { 522 case 0x10: /* Single Byte Program */ 523 case 0x40: /* Single Byte Program */ 524 DPRINTF("%s: Single Byte Program\n", __func__); 525 if (!pfl->ro) { 526 pflash_data_write(pfl, offset, value, width, be); 527 pflash_update(pfl, offset, width); 528 } else { 529 pfl->status |= 0x10; /* Programming error */ 530 } 531 pfl->status |= 0x80; /* Ready! */ 532 pfl->wcycle = 0; 533 break; 534 case 0x20: /* Block erase */ 535 case 0x28: 536 if (cmd == 0xd0) { /* confirm */ 537 pfl->wcycle = 0; 538 pfl->status |= 0x80; 539 } else if (cmd == 0xff) { /* read array mode */ 540 goto reset_flash; 541 } else 542 goto error_flash; 543 544 break; 545 case 0xe8: 546 /* Mask writeblock size based on device width, or bank width if 547 * device width not specified. 548 */ 549 /* FIXME check @offset, @width */ 550 if (pfl->device_width) { 551 value = extract32(value, 0, pfl->device_width * 8); 552 } else { 553 value = extract32(value, 0, pfl->bank_width * 8); 554 } 555 DPRINTF("%s: block write of %x bytes\n", __func__, value); 556 pfl->counter = value; 557 pfl->wcycle++; 558 break; 559 case 0x60: 560 if (cmd == 0xd0) { 561 pfl->wcycle = 0; 562 pfl->status |= 0x80; 563 } else if (cmd == 0x01) { 564 pfl->wcycle = 0; 565 pfl->status |= 0x80; 566 } else if (cmd == 0xff) { 567 goto reset_flash; 568 } else { 569 DPRINTF("%s: Unknown (un)locking command\n", __func__); 570 goto reset_flash; 571 } 572 break; 573 case 0x98: 574 if (cmd == 0xff) { 575 goto reset_flash; 576 } else { 577 DPRINTF("%s: leaving query mode\n", __func__); 578 } 579 break; 580 default: 581 goto error_flash; 582 } 583 break; 584 case 2: 585 switch (pfl->cmd) { 586 case 0xe8: /* Block write */ 587 /* FIXME check @offset, @width */ 588 if (!pfl->ro) { 589 /* 590 * FIXME writing straight to memory is *wrong*. We 591 * should write to a buffer, and flush it to memory 592 * only on confirm command (see below). 593 */ 594 pflash_data_write(pfl, offset, value, width, be); 595 } else { 596 pfl->status |= 0x10; /* Programming error */ 597 } 598 599 pfl->status |= 0x80; 600 601 if (!pfl->counter) { 602 hwaddr mask = pfl->writeblock_size - 1; 603 mask = ~mask; 604 605 DPRINTF("%s: block write finished\n", __func__); 606 pfl->wcycle++; 607 if (!pfl->ro) { 608 /* Flush the entire write buffer onto backing storage. */ 609 /* FIXME premature! */ 610 pflash_update(pfl, offset & mask, pfl->writeblock_size); 611 } else { 612 pfl->status |= 0x10; /* Programming error */ 613 } 614 } 615 616 pfl->counter--; 617 break; 618 default: 619 goto error_flash; 620 } 621 break; 622 case 3: /* Confirm mode */ 623 switch (pfl->cmd) { 624 case 0xe8: /* Block write */ 625 if (cmd == 0xd0) { 626 /* FIXME this is where we should write out the buffer */ 627 pfl->wcycle = 0; 628 pfl->status |= 0x80; 629 } else { 630 qemu_log_mask(LOG_UNIMP, 631 "%s: Aborting write to buffer not implemented," 632 " the data is already written to storage!\n" 633 "Flash device reset into READ mode.\n", 634 __func__); 635 goto reset_flash; 636 } 637 break; 638 default: 639 goto error_flash; 640 } 641 break; 642 default: 643 /* Should never happen */ 644 DPRINTF("%s: invalid write state\n", __func__); 645 goto reset_flash; 646 } 647 return; 648 649 error_flash: 650 qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence " 651 "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)" 652 "\n", __func__, offset, pfl->wcycle, pfl->cmd, value); 653 654 reset_flash: 655 trace_pflash_reset(); 656 memory_region_rom_device_set_romd(&pfl->mem, true); 657 pfl->wcycle = 0; 658 pfl->cmd = 0; 659 } 660 661 662 static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value, 663 unsigned len, MemTxAttrs attrs) 664 { 665 PFlashCFI01 *pfl = opaque; 666 bool be = !!(pfl->features & (1 << PFLASH_BE)); 667 668 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 669 *value = pflash_data_read(opaque, addr, len, be); 670 } else { 671 *value = pflash_read(opaque, addr, len, be); 672 } 673 return MEMTX_OK; 674 } 675 676 static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value, 677 unsigned len, MemTxAttrs attrs) 678 { 679 PFlashCFI01 *pfl = opaque; 680 bool be = !!(pfl->features & (1 << PFLASH_BE)); 681 682 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 683 return MEMTX_ERROR; 684 } else { 685 pflash_write(opaque, addr, value, len, be); 686 return MEMTX_OK; 687 } 688 } 689 690 static const MemoryRegionOps pflash_cfi01_ops = { 691 .read_with_attrs = pflash_mem_read_with_attrs, 692 .write_with_attrs = pflash_mem_write_with_attrs, 693 .endianness = DEVICE_NATIVE_ENDIAN, 694 }; 695 696 static void pflash_cfi01_realize(DeviceState *dev, Error **errp) 697 { 698 PFlashCFI01 *pfl = PFLASH_CFI01(dev); 699 uint64_t total_len; 700 int ret; 701 uint64_t blocks_per_device, sector_len_per_device, device_len; 702 int num_devices; 703 Error *local_err = NULL; 704 705 if (pfl->sector_len == 0) { 706 error_setg(errp, "attribute \"sector-length\" not specified or zero."); 707 return; 708 } 709 if (pfl->nb_blocs == 0) { 710 error_setg(errp, "attribute \"num-blocks\" not specified or zero."); 711 return; 712 } 713 if (pfl->name == NULL) { 714 error_setg(errp, "attribute \"name\" not specified."); 715 return; 716 } 717 718 total_len = pfl->sector_len * pfl->nb_blocs; 719 720 /* These are only used to expose the parameters of each device 721 * in the cfi_table[]. 722 */ 723 num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1; 724 if (pfl->old_multiple_chip_handling) { 725 blocks_per_device = pfl->nb_blocs / num_devices; 726 sector_len_per_device = pfl->sector_len; 727 } else { 728 blocks_per_device = pfl->nb_blocs; 729 sector_len_per_device = pfl->sector_len / num_devices; 730 } 731 device_len = sector_len_per_device * blocks_per_device; 732 733 /* XXX: to be fixed */ 734 #if 0 735 if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) && 736 total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024)) 737 return NULL; 738 #endif 739 740 memory_region_init_rom_device( 741 &pfl->mem, OBJECT(dev), 742 &pflash_cfi01_ops, 743 pfl, 744 pfl->name, total_len, &local_err); 745 if (local_err) { 746 error_propagate(errp, local_err); 747 return; 748 } 749 750 pfl->storage = memory_region_get_ram_ptr(&pfl->mem); 751 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem); 752 753 if (pfl->blk) { 754 uint64_t perm; 755 pfl->ro = blk_is_read_only(pfl->blk); 756 perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE); 757 ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp); 758 if (ret < 0) { 759 return; 760 } 761 } else { 762 pfl->ro = 0; 763 } 764 765 if (pfl->blk) { 766 /* read the initial flash content */ 767 ret = blk_pread(pfl->blk, 0, pfl->storage, total_len); 768 769 if (ret < 0) { 770 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl)); 771 error_setg(errp, "failed to read the initial flash content"); 772 return; 773 } 774 } 775 776 /* Default to devices being used at their maximum device width. This was 777 * assumed before the device_width support was added. 778 */ 779 if (!pfl->max_device_width) { 780 pfl->max_device_width = pfl->device_width; 781 } 782 783 pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl); 784 pfl->wcycle = 0; 785 pfl->cmd = 0; 786 pfl->status = 0; 787 /* Hardcoded CFI table */ 788 /* Standard "QRY" string */ 789 pfl->cfi_table[0x10] = 'Q'; 790 pfl->cfi_table[0x11] = 'R'; 791 pfl->cfi_table[0x12] = 'Y'; 792 /* Command set (Intel) */ 793 pfl->cfi_table[0x13] = 0x01; 794 pfl->cfi_table[0x14] = 0x00; 795 /* Primary extended table address (none) */ 796 pfl->cfi_table[0x15] = 0x31; 797 pfl->cfi_table[0x16] = 0x00; 798 /* Alternate command set (none) */ 799 pfl->cfi_table[0x17] = 0x00; 800 pfl->cfi_table[0x18] = 0x00; 801 /* Alternate extended table (none) */ 802 pfl->cfi_table[0x19] = 0x00; 803 pfl->cfi_table[0x1A] = 0x00; 804 /* Vcc min */ 805 pfl->cfi_table[0x1B] = 0x45; 806 /* Vcc max */ 807 pfl->cfi_table[0x1C] = 0x55; 808 /* Vpp min (no Vpp pin) */ 809 pfl->cfi_table[0x1D] = 0x00; 810 /* Vpp max (no Vpp pin) */ 811 pfl->cfi_table[0x1E] = 0x00; 812 /* Reserved */ 813 pfl->cfi_table[0x1F] = 0x07; 814 /* Timeout for min size buffer write */ 815 pfl->cfi_table[0x20] = 0x07; 816 /* Typical timeout for block erase */ 817 pfl->cfi_table[0x21] = 0x0a; 818 /* Typical timeout for full chip erase (4096 ms) */ 819 pfl->cfi_table[0x22] = 0x00; 820 /* Reserved */ 821 pfl->cfi_table[0x23] = 0x04; 822 /* Max timeout for buffer write */ 823 pfl->cfi_table[0x24] = 0x04; 824 /* Max timeout for block erase */ 825 pfl->cfi_table[0x25] = 0x04; 826 /* Max timeout for chip erase */ 827 pfl->cfi_table[0x26] = 0x00; 828 /* Device size */ 829 pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */ 830 /* Flash device interface (8 & 16 bits) */ 831 pfl->cfi_table[0x28] = 0x02; 832 pfl->cfi_table[0x29] = 0x00; 833 /* Max number of bytes in multi-bytes write */ 834 if (pfl->bank_width == 1) { 835 pfl->cfi_table[0x2A] = 0x08; 836 } else { 837 pfl->cfi_table[0x2A] = 0x0B; 838 } 839 pfl->writeblock_size = 1 << pfl->cfi_table[0x2A]; 840 if (!pfl->old_multiple_chip_handling && num_devices > 1) { 841 pfl->writeblock_size *= num_devices; 842 } 843 844 pfl->cfi_table[0x2B] = 0x00; 845 /* Number of erase block regions (uniform) */ 846 pfl->cfi_table[0x2C] = 0x01; 847 /* Erase block region 1 */ 848 pfl->cfi_table[0x2D] = blocks_per_device - 1; 849 pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8; 850 pfl->cfi_table[0x2F] = sector_len_per_device >> 8; 851 pfl->cfi_table[0x30] = sector_len_per_device >> 16; 852 853 /* Extended */ 854 pfl->cfi_table[0x31] = 'P'; 855 pfl->cfi_table[0x32] = 'R'; 856 pfl->cfi_table[0x33] = 'I'; 857 858 pfl->cfi_table[0x34] = '1'; 859 pfl->cfi_table[0x35] = '0'; 860 861 pfl->cfi_table[0x36] = 0x00; 862 pfl->cfi_table[0x37] = 0x00; 863 pfl->cfi_table[0x38] = 0x00; 864 pfl->cfi_table[0x39] = 0x00; 865 866 pfl->cfi_table[0x3a] = 0x00; 867 868 pfl->cfi_table[0x3b] = 0x00; 869 pfl->cfi_table[0x3c] = 0x00; 870 871 pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */ 872 } 873 874 static Property pflash_cfi01_properties[] = { 875 DEFINE_PROP_DRIVE("drive", PFlashCFI01, blk), 876 /* num-blocks is the number of blocks actually visible to the guest, 877 * ie the total size of the device divided by the sector length. 878 * If we're emulating flash devices wired in parallel the actual 879 * number of blocks per indvidual device will differ. 880 */ 881 DEFINE_PROP_UINT32("num-blocks", PFlashCFI01, nb_blocs, 0), 882 DEFINE_PROP_UINT64("sector-length", PFlashCFI01, sector_len, 0), 883 /* width here is the overall width of this QEMU device in bytes. 884 * The QEMU device may be emulating a number of flash devices 885 * wired up in parallel; the width of each individual flash 886 * device should be specified via device-width. If the individual 887 * devices have a maximum width which is greater than the width 888 * they are being used for, this maximum width should be set via 889 * max-device-width (which otherwise defaults to device-width). 890 * So for instance a 32-bit wide QEMU flash device made from four 891 * 16-bit flash devices used in 8-bit wide mode would be configured 892 * with width = 4, device-width = 1, max-device-width = 2. 893 * 894 * If device-width is not specified we default to backwards 895 * compatible behaviour which is a bad emulation of two 896 * 16 bit devices making up a 32 bit wide QEMU device. This 897 * is deprecated for new uses of this device. 898 */ 899 DEFINE_PROP_UINT8("width", PFlashCFI01, bank_width, 0), 900 DEFINE_PROP_UINT8("device-width", PFlashCFI01, device_width, 0), 901 DEFINE_PROP_UINT8("max-device-width", PFlashCFI01, max_device_width, 0), 902 DEFINE_PROP_BIT("big-endian", PFlashCFI01, features, PFLASH_BE, 0), 903 DEFINE_PROP_BIT("secure", PFlashCFI01, features, PFLASH_SECURE, 0), 904 DEFINE_PROP_UINT16("id0", PFlashCFI01, ident0, 0), 905 DEFINE_PROP_UINT16("id1", PFlashCFI01, ident1, 0), 906 DEFINE_PROP_UINT16("id2", PFlashCFI01, ident2, 0), 907 DEFINE_PROP_UINT16("id3", PFlashCFI01, ident3, 0), 908 DEFINE_PROP_STRING("name", PFlashCFI01, name), 909 DEFINE_PROP_BOOL("old-multiple-chip-handling", PFlashCFI01, 910 old_multiple_chip_handling, false), 911 DEFINE_PROP_END_OF_LIST(), 912 }; 913 914 static void pflash_cfi01_class_init(ObjectClass *klass, void *data) 915 { 916 DeviceClass *dc = DEVICE_CLASS(klass); 917 918 dc->realize = pflash_cfi01_realize; 919 dc->props = pflash_cfi01_properties; 920 dc->vmsd = &vmstate_pflash; 921 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 922 } 923 924 925 static const TypeInfo pflash_cfi01_info = { 926 .name = TYPE_PFLASH_CFI01, 927 .parent = TYPE_SYS_BUS_DEVICE, 928 .instance_size = sizeof(PFlashCFI01), 929 .class_init = pflash_cfi01_class_init, 930 }; 931 932 static void pflash_cfi01_register_types(void) 933 { 934 type_register_static(&pflash_cfi01_info); 935 } 936 937 type_init(pflash_cfi01_register_types) 938 939 PFlashCFI01 *pflash_cfi01_register(hwaddr base, 940 const char *name, 941 hwaddr size, 942 BlockBackend *blk, 943 uint32_t sector_len, 944 int bank_width, 945 uint16_t id0, uint16_t id1, 946 uint16_t id2, uint16_t id3, 947 int be) 948 { 949 DeviceState *dev = qdev_create(NULL, TYPE_PFLASH_CFI01); 950 951 if (blk) { 952 qdev_prop_set_drive(dev, "drive", blk, &error_abort); 953 } 954 assert(size % sector_len == 0); 955 qdev_prop_set_uint32(dev, "num-blocks", size / sector_len); 956 qdev_prop_set_uint64(dev, "sector-length", sector_len); 957 qdev_prop_set_uint8(dev, "width", bank_width); 958 qdev_prop_set_bit(dev, "big-endian", !!be); 959 qdev_prop_set_uint16(dev, "id0", id0); 960 qdev_prop_set_uint16(dev, "id1", id1); 961 qdev_prop_set_uint16(dev, "id2", id2); 962 qdev_prop_set_uint16(dev, "id3", id3); 963 qdev_prop_set_string(dev, "name", name); 964 qdev_init_nofail(dev); 965 966 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); 967 return PFLASH_CFI01(dev); 968 } 969 970 BlockBackend *pflash_cfi01_get_blk(PFlashCFI01 *fl) 971 { 972 return fl->blk; 973 } 974 975 MemoryRegion *pflash_cfi01_get_memory(PFlashCFI01 *fl) 976 { 977 return &fl->mem; 978 } 979 980 static void postload_update_cb(void *opaque, int running, RunState state) 981 { 982 PFlashCFI01 *pfl = opaque; 983 984 /* This is called after bdrv_invalidate_cache_all. */ 985 qemu_del_vm_change_state_handler(pfl->vmstate); 986 pfl->vmstate = NULL; 987 988 DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name); 989 pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs); 990 } 991 992 static int pflash_post_load(void *opaque, int version_id) 993 { 994 PFlashCFI01 *pfl = opaque; 995 996 if (!pfl->ro) { 997 pfl->vmstate = qemu_add_vm_change_state_handler(postload_update_cb, 998 pfl); 999 } 1000 return 0; 1001 } 1002