1 /* 2 * CFI parallel flash with Intel command set emulation 3 * 4 * Copyright (c) 2006 Thorsten Zitterell 5 * Copyright (c) 2005 Jocelyn Mayer 6 * 7 * This library is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation; either 10 * version 2 of the License, or (at your option) any later version. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 /* 22 * For now, this code can emulate flashes of 1, 2 or 4 bytes width. 23 * Supported commands/modes are: 24 * - flash read 25 * - flash write 26 * - flash ID read 27 * - sector erase 28 * - CFI queries 29 * 30 * It does not support timings 31 * It does not support flash interleaving 32 * It does not implement software data protection as found in many real chips 33 * It does not implement erase suspend/resume commands 34 * It does not implement multiple sectors erase 35 * 36 * It does not implement much more ... 37 */ 38 39 #include "qemu/osdep.h" 40 #include "hw/hw.h" 41 #include "hw/block/flash.h" 42 #include "sysemu/block-backend.h" 43 #include "qapi/error.h" 44 #include "qemu/timer.h" 45 #include "qemu/bitops.h" 46 #include "exec/address-spaces.h" 47 #include "qemu/host-utils.h" 48 #include "qemu/log.h" 49 #include "hw/sysbus.h" 50 #include "sysemu/sysemu.h" 51 52 #define PFLASH_BUG(fmt, ...) \ 53 do { \ 54 fprintf(stderr, "PFLASH: Possible BUG - " fmt, ## __VA_ARGS__); \ 55 exit(1); \ 56 } while(0) 57 58 /* #define PFLASH_DEBUG */ 59 #ifdef PFLASH_DEBUG 60 #define DPRINTF(fmt, ...) \ 61 do { \ 62 fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \ 63 } while (0) 64 #else 65 #define DPRINTF(fmt, ...) do { } while (0) 66 #endif 67 68 #define TYPE_CFI_PFLASH01 "cfi.pflash01" 69 #define CFI_PFLASH01(obj) OBJECT_CHECK(pflash_t, (obj), TYPE_CFI_PFLASH01) 70 71 #define PFLASH_BE 0 72 #define PFLASH_SECURE 1 73 74 struct pflash_t { 75 /*< private >*/ 76 SysBusDevice parent_obj; 77 /*< public >*/ 78 79 BlockBackend *blk; 80 uint32_t nb_blocs; 81 uint64_t sector_len; 82 uint8_t bank_width; 83 uint8_t device_width; /* If 0, device width not specified. */ 84 uint8_t max_device_width; /* max device width in bytes */ 85 uint32_t features; 86 uint8_t wcycle; /* if 0, the flash is read normally */ 87 int ro; 88 uint8_t cmd; 89 uint8_t status; 90 uint16_t ident0; 91 uint16_t ident1; 92 uint16_t ident2; 93 uint16_t ident3; 94 uint8_t cfi_len; 95 uint8_t cfi_table[0x52]; 96 uint64_t counter; 97 unsigned int writeblock_size; 98 QEMUTimer *timer; 99 MemoryRegion mem; 100 char *name; 101 void *storage; 102 VMChangeStateEntry *vmstate; 103 }; 104 105 static int pflash_post_load(void *opaque, int version_id); 106 107 static const VMStateDescription vmstate_pflash = { 108 .name = "pflash_cfi01", 109 .version_id = 1, 110 .minimum_version_id = 1, 111 .post_load = pflash_post_load, 112 .fields = (VMStateField[]) { 113 VMSTATE_UINT8(wcycle, pflash_t), 114 VMSTATE_UINT8(cmd, pflash_t), 115 VMSTATE_UINT8(status, pflash_t), 116 VMSTATE_UINT64(counter, pflash_t), 117 VMSTATE_END_OF_LIST() 118 } 119 }; 120 121 static void pflash_timer (void *opaque) 122 { 123 pflash_t *pfl = opaque; 124 125 DPRINTF("%s: command %02x done\n", __func__, pfl->cmd); 126 /* Reset flash */ 127 pfl->status ^= 0x80; 128 memory_region_rom_device_set_romd(&pfl->mem, true); 129 pfl->wcycle = 0; 130 pfl->cmd = 0; 131 } 132 133 /* Perform a CFI query based on the bank width of the flash. 134 * If this code is called we know we have a device_width set for 135 * this flash. 136 */ 137 static uint32_t pflash_cfi_query(pflash_t *pfl, hwaddr offset) 138 { 139 int i; 140 uint32_t resp = 0; 141 hwaddr boff; 142 143 /* Adjust incoming offset to match expected device-width 144 * addressing. CFI query addresses are always specified in terms of 145 * the maximum supported width of the device. This means that x8 146 * devices and x8/x16 devices in x8 mode behave differently. For 147 * devices that are not used at their max width, we will be 148 * provided with addresses that use higher address bits than 149 * expected (based on the max width), so we will shift them lower 150 * so that they will match the addresses used when 151 * device_width==max_device_width. 152 */ 153 boff = offset >> (ctz32(pfl->bank_width) + 154 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 155 156 if (boff > pfl->cfi_len) { 157 return 0; 158 } 159 /* Now we will construct the CFI response generated by a single 160 * device, then replicate that for all devices that make up the 161 * bus. For wide parts used in x8 mode, CFI query responses 162 * are different than native byte-wide parts. 163 */ 164 resp = pfl->cfi_table[boff]; 165 if (pfl->device_width != pfl->max_device_width) { 166 /* The only case currently supported is x8 mode for a 167 * wider part. 168 */ 169 if (pfl->device_width != 1 || pfl->bank_width > 4) { 170 DPRINTF("%s: Unsupported device configuration: " 171 "device_width=%d, max_device_width=%d\n", 172 __func__, pfl->device_width, 173 pfl->max_device_width); 174 return 0; 175 } 176 /* CFI query data is repeated, rather than zero padded for 177 * wide devices used in x8 mode. 178 */ 179 for (i = 1; i < pfl->max_device_width; i++) { 180 resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]); 181 } 182 } 183 /* Replicate responses for each device in bank. */ 184 if (pfl->device_width < pfl->bank_width) { 185 for (i = pfl->device_width; 186 i < pfl->bank_width; i += pfl->device_width) { 187 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 188 } 189 } 190 191 return resp; 192 } 193 194 195 196 /* Perform a device id query based on the bank width of the flash. */ 197 static uint32_t pflash_devid_query(pflash_t *pfl, hwaddr offset) 198 { 199 int i; 200 uint32_t resp; 201 hwaddr boff; 202 203 /* Adjust incoming offset to match expected device-width 204 * addressing. Device ID read addresses are always specified in 205 * terms of the maximum supported width of the device. This means 206 * that x8 devices and x8/x16 devices in x8 mode behave 207 * differently. For devices that are not used at their max width, 208 * we will be provided with addresses that use higher address bits 209 * than expected (based on the max width), so we will shift them 210 * lower so that they will match the addresses used when 211 * device_width==max_device_width. 212 */ 213 boff = offset >> (ctz32(pfl->bank_width) + 214 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 215 216 /* Mask off upper bits which may be used in to query block 217 * or sector lock status at other addresses. 218 * Offsets 2/3 are block lock status, is not emulated. 219 */ 220 switch (boff & 0xFF) { 221 case 0: 222 resp = pfl->ident0; 223 DPRINTF("%s: Manufacturer Code %04x\n", __func__, resp); 224 break; 225 case 1: 226 resp = pfl->ident1; 227 DPRINTF("%s: Device ID Code %04x\n", __func__, resp); 228 break; 229 default: 230 DPRINTF("%s: Read Device Information offset=%x\n", __func__, 231 (unsigned)offset); 232 return 0; 233 break; 234 } 235 /* Replicate responses for each device in bank. */ 236 if (pfl->device_width < pfl->bank_width) { 237 for (i = pfl->device_width; 238 i < pfl->bank_width; i += pfl->device_width) { 239 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 240 } 241 } 242 243 return resp; 244 } 245 246 static uint32_t pflash_data_read(pflash_t *pfl, hwaddr offset, 247 int width, int be) 248 { 249 uint8_t *p; 250 uint32_t ret; 251 252 p = pfl->storage; 253 switch (width) { 254 case 1: 255 ret = p[offset]; 256 DPRINTF("%s: data offset " TARGET_FMT_plx " %02x\n", 257 __func__, offset, ret); 258 break; 259 case 2: 260 if (be) { 261 ret = p[offset] << 8; 262 ret |= p[offset + 1]; 263 } else { 264 ret = p[offset]; 265 ret |= p[offset + 1] << 8; 266 } 267 DPRINTF("%s: data offset " TARGET_FMT_plx " %04x\n", 268 __func__, offset, ret); 269 break; 270 case 4: 271 if (be) { 272 ret = p[offset] << 24; 273 ret |= p[offset + 1] << 16; 274 ret |= p[offset + 2] << 8; 275 ret |= p[offset + 3]; 276 } else { 277 ret = p[offset]; 278 ret |= p[offset + 1] << 8; 279 ret |= p[offset + 2] << 16; 280 ret |= p[offset + 3] << 24; 281 } 282 DPRINTF("%s: data offset " TARGET_FMT_plx " %08x\n", 283 __func__, offset, ret); 284 break; 285 default: 286 DPRINTF("BUG in %s\n", __func__); 287 abort(); 288 } 289 return ret; 290 } 291 292 static uint32_t pflash_read (pflash_t *pfl, hwaddr offset, 293 int width, int be) 294 { 295 hwaddr boff; 296 uint32_t ret; 297 298 ret = -1; 299 300 #if 0 301 DPRINTF("%s: reading offset " TARGET_FMT_plx " under cmd %02x width %d\n", 302 __func__, offset, pfl->cmd, width); 303 #endif 304 switch (pfl->cmd) { 305 default: 306 /* This should never happen : reset state & treat it as a read */ 307 DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd); 308 pfl->wcycle = 0; 309 pfl->cmd = 0; 310 /* fall through to read code */ 311 case 0x00: 312 /* Flash area read */ 313 ret = pflash_data_read(pfl, offset, width, be); 314 break; 315 case 0x10: /* Single byte program */ 316 case 0x20: /* Block erase */ 317 case 0x28: /* Block erase */ 318 case 0x40: /* single byte program */ 319 case 0x50: /* Clear status register */ 320 case 0x60: /* Block /un)lock */ 321 case 0x70: /* Status Register */ 322 case 0xe8: /* Write block */ 323 /* Status register read. Return status from each device in 324 * bank. 325 */ 326 ret = pfl->status; 327 if (pfl->device_width && width > pfl->device_width) { 328 int shift = pfl->device_width * 8; 329 while (shift + pfl->device_width * 8 <= width * 8) { 330 ret |= pfl->status << shift; 331 shift += pfl->device_width * 8; 332 } 333 } else if (!pfl->device_width && width > 2) { 334 /* Handle 32 bit flash cases where device width is not 335 * set. (Existing behavior before device width added.) 336 */ 337 ret |= pfl->status << 16; 338 } 339 DPRINTF("%s: status %x\n", __func__, ret); 340 break; 341 case 0x90: 342 if (!pfl->device_width) { 343 /* Preserve old behavior if device width not specified */ 344 boff = offset & 0xFF; 345 if (pfl->bank_width == 2) { 346 boff = boff >> 1; 347 } else if (pfl->bank_width == 4) { 348 boff = boff >> 2; 349 } 350 351 switch (boff) { 352 case 0: 353 ret = pfl->ident0 << 8 | pfl->ident1; 354 DPRINTF("%s: Manufacturer Code %04x\n", __func__, ret); 355 break; 356 case 1: 357 ret = pfl->ident2 << 8 | pfl->ident3; 358 DPRINTF("%s: Device ID Code %04x\n", __func__, ret); 359 break; 360 default: 361 DPRINTF("%s: Read Device Information boff=%x\n", __func__, 362 (unsigned)boff); 363 ret = 0; 364 break; 365 } 366 } else { 367 /* If we have a read larger than the bank_width, combine multiple 368 * manufacturer/device ID queries into a single response. 369 */ 370 int i; 371 for (i = 0; i < width; i += pfl->bank_width) { 372 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 373 pflash_devid_query(pfl, 374 offset + i * pfl->bank_width)); 375 } 376 } 377 break; 378 case 0x98: /* Query mode */ 379 if (!pfl->device_width) { 380 /* Preserve old behavior if device width not specified */ 381 boff = offset & 0xFF; 382 if (pfl->bank_width == 2) { 383 boff = boff >> 1; 384 } else if (pfl->bank_width == 4) { 385 boff = boff >> 2; 386 } 387 388 if (boff > pfl->cfi_len) { 389 ret = 0; 390 } else { 391 ret = pfl->cfi_table[boff]; 392 } 393 } else { 394 /* If we have a read larger than the bank_width, combine multiple 395 * CFI queries into a single response. 396 */ 397 int i; 398 for (i = 0; i < width; i += pfl->bank_width) { 399 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 400 pflash_cfi_query(pfl, 401 offset + i * pfl->bank_width)); 402 } 403 } 404 405 break; 406 } 407 return ret; 408 } 409 410 /* update flash content on disk */ 411 static void pflash_update(pflash_t *pfl, int offset, 412 int size) 413 { 414 int offset_end; 415 if (pfl->blk) { 416 offset_end = offset + size; 417 /* widen to sector boundaries */ 418 offset = QEMU_ALIGN_DOWN(offset, BDRV_SECTOR_SIZE); 419 offset_end = QEMU_ALIGN_UP(offset_end, BDRV_SECTOR_SIZE); 420 blk_pwrite(pfl->blk, offset, pfl->storage + offset, 421 offset_end - offset, 0); 422 } 423 } 424 425 static inline void pflash_data_write(pflash_t *pfl, hwaddr offset, 426 uint32_t value, int width, int be) 427 { 428 uint8_t *p = pfl->storage; 429 430 DPRINTF("%s: block write offset " TARGET_FMT_plx 431 " value %x counter %016" PRIx64 "\n", 432 __func__, offset, value, pfl->counter); 433 switch (width) { 434 case 1: 435 p[offset] = value; 436 break; 437 case 2: 438 if (be) { 439 p[offset] = value >> 8; 440 p[offset + 1] = value; 441 } else { 442 p[offset] = value; 443 p[offset + 1] = value >> 8; 444 } 445 break; 446 case 4: 447 if (be) { 448 p[offset] = value >> 24; 449 p[offset + 1] = value >> 16; 450 p[offset + 2] = value >> 8; 451 p[offset + 3] = value; 452 } else { 453 p[offset] = value; 454 p[offset + 1] = value >> 8; 455 p[offset + 2] = value >> 16; 456 p[offset + 3] = value >> 24; 457 } 458 break; 459 } 460 461 } 462 463 static void pflash_write(pflash_t *pfl, hwaddr offset, 464 uint32_t value, int width, int be) 465 { 466 uint8_t *p; 467 uint8_t cmd; 468 469 cmd = value; 470 471 DPRINTF("%s: writing offset " TARGET_FMT_plx " value %08x width %d wcycle 0x%x\n", 472 __func__, offset, value, width, pfl->wcycle); 473 474 if (!pfl->wcycle) { 475 /* Set the device in I/O access mode */ 476 memory_region_rom_device_set_romd(&pfl->mem, false); 477 } 478 479 switch (pfl->wcycle) { 480 case 0: 481 /* read mode */ 482 switch (cmd) { 483 case 0x00: /* ??? */ 484 goto reset_flash; 485 case 0x10: /* Single Byte Program */ 486 case 0x40: /* Single Byte Program */ 487 DPRINTF("%s: Single Byte Program\n", __func__); 488 break; 489 case 0x20: /* Block erase */ 490 p = pfl->storage; 491 offset &= ~(pfl->sector_len - 1); 492 493 DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n", 494 __func__, offset, (unsigned)pfl->sector_len); 495 496 if (!pfl->ro) { 497 memset(p + offset, 0xff, pfl->sector_len); 498 pflash_update(pfl, offset, pfl->sector_len); 499 } else { 500 pfl->status |= 0x20; /* Block erase error */ 501 } 502 pfl->status |= 0x80; /* Ready! */ 503 break; 504 case 0x50: /* Clear status bits */ 505 DPRINTF("%s: Clear status bits\n", __func__); 506 pfl->status = 0x0; 507 goto reset_flash; 508 case 0x60: /* Block (un)lock */ 509 DPRINTF("%s: Block unlock\n", __func__); 510 break; 511 case 0x70: /* Status Register */ 512 DPRINTF("%s: Read status register\n", __func__); 513 pfl->cmd = cmd; 514 return; 515 case 0x90: /* Read Device ID */ 516 DPRINTF("%s: Read Device information\n", __func__); 517 pfl->cmd = cmd; 518 return; 519 case 0x98: /* CFI query */ 520 DPRINTF("%s: CFI query\n", __func__); 521 break; 522 case 0xe8: /* Write to buffer */ 523 DPRINTF("%s: Write to buffer\n", __func__); 524 pfl->status |= 0x80; /* Ready! */ 525 break; 526 case 0xf0: /* Probe for AMD flash */ 527 DPRINTF("%s: Probe for AMD flash\n", __func__); 528 goto reset_flash; 529 case 0xff: /* Read array mode */ 530 DPRINTF("%s: Read array mode\n", __func__); 531 goto reset_flash; 532 default: 533 goto error_flash; 534 } 535 pfl->wcycle++; 536 pfl->cmd = cmd; 537 break; 538 case 1: 539 switch (pfl->cmd) { 540 case 0x10: /* Single Byte Program */ 541 case 0x40: /* Single Byte Program */ 542 DPRINTF("%s: Single Byte Program\n", __func__); 543 if (!pfl->ro) { 544 pflash_data_write(pfl, offset, value, width, be); 545 pflash_update(pfl, offset, width); 546 } else { 547 pfl->status |= 0x10; /* Programming error */ 548 } 549 pfl->status |= 0x80; /* Ready! */ 550 pfl->wcycle = 0; 551 break; 552 case 0x20: /* Block erase */ 553 case 0x28: 554 if (cmd == 0xd0) { /* confirm */ 555 pfl->wcycle = 0; 556 pfl->status |= 0x80; 557 } else if (cmd == 0xff) { /* read array mode */ 558 goto reset_flash; 559 } else 560 goto error_flash; 561 562 break; 563 case 0xe8: 564 /* Mask writeblock size based on device width, or bank width if 565 * device width not specified. 566 */ 567 if (pfl->device_width) { 568 value = extract32(value, 0, pfl->device_width * 8); 569 } else { 570 value = extract32(value, 0, pfl->bank_width * 8); 571 } 572 DPRINTF("%s: block write of %x bytes\n", __func__, value); 573 pfl->counter = value; 574 pfl->wcycle++; 575 break; 576 case 0x60: 577 if (cmd == 0xd0) { 578 pfl->wcycle = 0; 579 pfl->status |= 0x80; 580 } else if (cmd == 0x01) { 581 pfl->wcycle = 0; 582 pfl->status |= 0x80; 583 } else if (cmd == 0xff) { 584 goto reset_flash; 585 } else { 586 DPRINTF("%s: Unknown (un)locking command\n", __func__); 587 goto reset_flash; 588 } 589 break; 590 case 0x98: 591 if (cmd == 0xff) { 592 goto reset_flash; 593 } else { 594 DPRINTF("%s: leaving query mode\n", __func__); 595 } 596 break; 597 default: 598 goto error_flash; 599 } 600 break; 601 case 2: 602 switch (pfl->cmd) { 603 case 0xe8: /* Block write */ 604 if (!pfl->ro) { 605 pflash_data_write(pfl, offset, value, width, be); 606 } else { 607 pfl->status |= 0x10; /* Programming error */ 608 } 609 610 pfl->status |= 0x80; 611 612 if (!pfl->counter) { 613 hwaddr mask = pfl->writeblock_size - 1; 614 mask = ~mask; 615 616 DPRINTF("%s: block write finished\n", __func__); 617 pfl->wcycle++; 618 if (!pfl->ro) { 619 /* Flush the entire write buffer onto backing storage. */ 620 pflash_update(pfl, offset & mask, pfl->writeblock_size); 621 } else { 622 pfl->status |= 0x10; /* Programming error */ 623 } 624 } 625 626 pfl->counter--; 627 break; 628 default: 629 goto error_flash; 630 } 631 break; 632 case 3: /* Confirm mode */ 633 switch (pfl->cmd) { 634 case 0xe8: /* Block write */ 635 if (cmd == 0xd0) { 636 pfl->wcycle = 0; 637 pfl->status |= 0x80; 638 } else { 639 DPRINTF("%s: unknown command for \"write block\"\n", __func__); 640 PFLASH_BUG("Write block confirm"); 641 goto reset_flash; 642 } 643 break; 644 default: 645 goto error_flash; 646 } 647 break; 648 default: 649 /* Should never happen */ 650 DPRINTF("%s: invalid write state\n", __func__); 651 goto reset_flash; 652 } 653 return; 654 655 error_flash: 656 qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence " 657 "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)" 658 "\n", __func__, offset, pfl->wcycle, pfl->cmd, value); 659 660 reset_flash: 661 memory_region_rom_device_set_romd(&pfl->mem, true); 662 663 pfl->wcycle = 0; 664 pfl->cmd = 0; 665 } 666 667 668 static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value, 669 unsigned len, MemTxAttrs attrs) 670 { 671 pflash_t *pfl = opaque; 672 bool be = !!(pfl->features & (1 << PFLASH_BE)); 673 674 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 675 *value = pflash_data_read(opaque, addr, len, be); 676 } else { 677 *value = pflash_read(opaque, addr, len, be); 678 } 679 return MEMTX_OK; 680 } 681 682 static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value, 683 unsigned len, MemTxAttrs attrs) 684 { 685 pflash_t *pfl = opaque; 686 bool be = !!(pfl->features & (1 << PFLASH_BE)); 687 688 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 689 return MEMTX_ERROR; 690 } else { 691 pflash_write(opaque, addr, value, len, be); 692 return MEMTX_OK; 693 } 694 } 695 696 static const MemoryRegionOps pflash_cfi01_ops = { 697 .read_with_attrs = pflash_mem_read_with_attrs, 698 .write_with_attrs = pflash_mem_write_with_attrs, 699 .endianness = DEVICE_NATIVE_ENDIAN, 700 }; 701 702 static void pflash_cfi01_realize(DeviceState *dev, Error **errp) 703 { 704 pflash_t *pfl = CFI_PFLASH01(dev); 705 uint64_t total_len; 706 int ret; 707 uint64_t blocks_per_device, device_len; 708 int num_devices; 709 Error *local_err = NULL; 710 711 total_len = pfl->sector_len * pfl->nb_blocs; 712 713 /* These are only used to expose the parameters of each device 714 * in the cfi_table[]. 715 */ 716 num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1; 717 blocks_per_device = pfl->nb_blocs / num_devices; 718 device_len = pfl->sector_len * blocks_per_device; 719 720 /* XXX: to be fixed */ 721 #if 0 722 if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) && 723 total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024)) 724 return NULL; 725 #endif 726 727 memory_region_init_rom_device( 728 &pfl->mem, OBJECT(dev), 729 &pflash_cfi01_ops, 730 pfl, 731 pfl->name, total_len, &local_err); 732 if (local_err) { 733 error_propagate(errp, local_err); 734 return; 735 } 736 737 vmstate_register_ram(&pfl->mem, DEVICE(pfl)); 738 pfl->storage = memory_region_get_ram_ptr(&pfl->mem); 739 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem); 740 741 if (pfl->blk) { 742 /* read the initial flash content */ 743 ret = blk_pread(pfl->blk, 0, pfl->storage, total_len); 744 745 if (ret < 0) { 746 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl)); 747 error_setg(errp, "failed to read the initial flash content"); 748 return; 749 } 750 } 751 752 if (pfl->blk) { 753 pfl->ro = blk_is_read_only(pfl->blk); 754 } else { 755 pfl->ro = 0; 756 } 757 758 /* Default to devices being used at their maximum device width. This was 759 * assumed before the device_width support was added. 760 */ 761 if (!pfl->max_device_width) { 762 pfl->max_device_width = pfl->device_width; 763 } 764 765 pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl); 766 pfl->wcycle = 0; 767 pfl->cmd = 0; 768 pfl->status = 0; 769 /* Hardcoded CFI table */ 770 pfl->cfi_len = 0x52; 771 /* Standard "QRY" string */ 772 pfl->cfi_table[0x10] = 'Q'; 773 pfl->cfi_table[0x11] = 'R'; 774 pfl->cfi_table[0x12] = 'Y'; 775 /* Command set (Intel) */ 776 pfl->cfi_table[0x13] = 0x01; 777 pfl->cfi_table[0x14] = 0x00; 778 /* Primary extended table address (none) */ 779 pfl->cfi_table[0x15] = 0x31; 780 pfl->cfi_table[0x16] = 0x00; 781 /* Alternate command set (none) */ 782 pfl->cfi_table[0x17] = 0x00; 783 pfl->cfi_table[0x18] = 0x00; 784 /* Alternate extended table (none) */ 785 pfl->cfi_table[0x19] = 0x00; 786 pfl->cfi_table[0x1A] = 0x00; 787 /* Vcc min */ 788 pfl->cfi_table[0x1B] = 0x45; 789 /* Vcc max */ 790 pfl->cfi_table[0x1C] = 0x55; 791 /* Vpp min (no Vpp pin) */ 792 pfl->cfi_table[0x1D] = 0x00; 793 /* Vpp max (no Vpp pin) */ 794 pfl->cfi_table[0x1E] = 0x00; 795 /* Reserved */ 796 pfl->cfi_table[0x1F] = 0x07; 797 /* Timeout for min size buffer write */ 798 pfl->cfi_table[0x20] = 0x07; 799 /* Typical timeout for block erase */ 800 pfl->cfi_table[0x21] = 0x0a; 801 /* Typical timeout for full chip erase (4096 ms) */ 802 pfl->cfi_table[0x22] = 0x00; 803 /* Reserved */ 804 pfl->cfi_table[0x23] = 0x04; 805 /* Max timeout for buffer write */ 806 pfl->cfi_table[0x24] = 0x04; 807 /* Max timeout for block erase */ 808 pfl->cfi_table[0x25] = 0x04; 809 /* Max timeout for chip erase */ 810 pfl->cfi_table[0x26] = 0x00; 811 /* Device size */ 812 pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */ 813 /* Flash device interface (8 & 16 bits) */ 814 pfl->cfi_table[0x28] = 0x02; 815 pfl->cfi_table[0x29] = 0x00; 816 /* Max number of bytes in multi-bytes write */ 817 if (pfl->bank_width == 1) { 818 pfl->cfi_table[0x2A] = 0x08; 819 } else { 820 pfl->cfi_table[0x2A] = 0x0B; 821 } 822 pfl->writeblock_size = 1 << pfl->cfi_table[0x2A]; 823 824 pfl->cfi_table[0x2B] = 0x00; 825 /* Number of erase block regions (uniform) */ 826 pfl->cfi_table[0x2C] = 0x01; 827 /* Erase block region 1 */ 828 pfl->cfi_table[0x2D] = blocks_per_device - 1; 829 pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8; 830 pfl->cfi_table[0x2F] = pfl->sector_len >> 8; 831 pfl->cfi_table[0x30] = pfl->sector_len >> 16; 832 833 /* Extended */ 834 pfl->cfi_table[0x31] = 'P'; 835 pfl->cfi_table[0x32] = 'R'; 836 pfl->cfi_table[0x33] = 'I'; 837 838 pfl->cfi_table[0x34] = '1'; 839 pfl->cfi_table[0x35] = '0'; 840 841 pfl->cfi_table[0x36] = 0x00; 842 pfl->cfi_table[0x37] = 0x00; 843 pfl->cfi_table[0x38] = 0x00; 844 pfl->cfi_table[0x39] = 0x00; 845 846 pfl->cfi_table[0x3a] = 0x00; 847 848 pfl->cfi_table[0x3b] = 0x00; 849 pfl->cfi_table[0x3c] = 0x00; 850 851 pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */ 852 } 853 854 static Property pflash_cfi01_properties[] = { 855 DEFINE_PROP_DRIVE("drive", struct pflash_t, blk), 856 /* num-blocks is the number of blocks actually visible to the guest, 857 * ie the total size of the device divided by the sector length. 858 * If we're emulating flash devices wired in parallel the actual 859 * number of blocks per indvidual device will differ. 860 */ 861 DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0), 862 DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0), 863 /* width here is the overall width of this QEMU device in bytes. 864 * The QEMU device may be emulating a number of flash devices 865 * wired up in parallel; the width of each individual flash 866 * device should be specified via device-width. If the individual 867 * devices have a maximum width which is greater than the width 868 * they are being used for, this maximum width should be set via 869 * max-device-width (which otherwise defaults to device-width). 870 * So for instance a 32-bit wide QEMU flash device made from four 871 * 16-bit flash devices used in 8-bit wide mode would be configured 872 * with width = 4, device-width = 1, max-device-width = 2. 873 * 874 * If device-width is not specified we default to backwards 875 * compatible behaviour which is a bad emulation of two 876 * 16 bit devices making up a 32 bit wide QEMU device. This 877 * is deprecated for new uses of this device. 878 */ 879 DEFINE_PROP_UINT8("width", struct pflash_t, bank_width, 0), 880 DEFINE_PROP_UINT8("device-width", struct pflash_t, device_width, 0), 881 DEFINE_PROP_UINT8("max-device-width", struct pflash_t, max_device_width, 0), 882 DEFINE_PROP_BIT("big-endian", struct pflash_t, features, PFLASH_BE, 0), 883 DEFINE_PROP_BIT("secure", struct pflash_t, features, PFLASH_SECURE, 0), 884 DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0), 885 DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0), 886 DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0), 887 DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0), 888 DEFINE_PROP_STRING("name", struct pflash_t, name), 889 DEFINE_PROP_END_OF_LIST(), 890 }; 891 892 static void pflash_cfi01_class_init(ObjectClass *klass, void *data) 893 { 894 DeviceClass *dc = DEVICE_CLASS(klass); 895 896 dc->realize = pflash_cfi01_realize; 897 dc->props = pflash_cfi01_properties; 898 dc->vmsd = &vmstate_pflash; 899 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 900 } 901 902 903 static const TypeInfo pflash_cfi01_info = { 904 .name = TYPE_CFI_PFLASH01, 905 .parent = TYPE_SYS_BUS_DEVICE, 906 .instance_size = sizeof(struct pflash_t), 907 .class_init = pflash_cfi01_class_init, 908 }; 909 910 static void pflash_cfi01_register_types(void) 911 { 912 type_register_static(&pflash_cfi01_info); 913 } 914 915 type_init(pflash_cfi01_register_types) 916 917 pflash_t *pflash_cfi01_register(hwaddr base, 918 DeviceState *qdev, const char *name, 919 hwaddr size, 920 BlockBackend *blk, 921 uint32_t sector_len, int nb_blocs, 922 int bank_width, uint16_t id0, uint16_t id1, 923 uint16_t id2, uint16_t id3, int be) 924 { 925 DeviceState *dev = qdev_create(NULL, TYPE_CFI_PFLASH01); 926 927 if (blk) { 928 qdev_prop_set_drive(dev, "drive", blk, &error_abort); 929 } 930 qdev_prop_set_uint32(dev, "num-blocks", nb_blocs); 931 qdev_prop_set_uint64(dev, "sector-length", sector_len); 932 qdev_prop_set_uint8(dev, "width", bank_width); 933 qdev_prop_set_bit(dev, "big-endian", !!be); 934 qdev_prop_set_uint16(dev, "id0", id0); 935 qdev_prop_set_uint16(dev, "id1", id1); 936 qdev_prop_set_uint16(dev, "id2", id2); 937 qdev_prop_set_uint16(dev, "id3", id3); 938 qdev_prop_set_string(dev, "name", name); 939 qdev_init_nofail(dev); 940 941 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); 942 return CFI_PFLASH01(dev); 943 } 944 945 MemoryRegion *pflash_cfi01_get_memory(pflash_t *fl) 946 { 947 return &fl->mem; 948 } 949 950 static void postload_update_cb(void *opaque, int running, RunState state) 951 { 952 pflash_t *pfl = opaque; 953 954 /* This is called after bdrv_invalidate_cache_all. */ 955 qemu_del_vm_change_state_handler(pfl->vmstate); 956 pfl->vmstate = NULL; 957 958 DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name); 959 pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs); 960 } 961 962 static int pflash_post_load(void *opaque, int version_id) 963 { 964 pflash_t *pfl = opaque; 965 966 if (!pfl->ro) { 967 pfl->vmstate = qemu_add_vm_change_state_handler(postload_update_cb, 968 pfl); 969 } 970 return 0; 971 } 972