1 /* 2 * CFI parallel flash with Intel command set emulation 3 * 4 * Copyright (c) 2006 Thorsten Zitterell 5 * Copyright (c) 2005 Jocelyn Mayer 6 * 7 * This library is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation; either 10 * version 2 of the License, or (at your option) any later version. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 /* 22 * For now, this code can emulate flashes of 1, 2 or 4 bytes width. 23 * Supported commands/modes are: 24 * - flash read 25 * - flash write 26 * - flash ID read 27 * - sector erase 28 * - CFI queries 29 * 30 * It does not support timings 31 * It does not support flash interleaving 32 * It does not implement software data protection as found in many real chips 33 * It does not implement erase suspend/resume commands 34 * It does not implement multiple sectors erase 35 * 36 * It does not implement much more ... 37 */ 38 39 #include "qemu/osdep.h" 40 #include "hw/hw.h" 41 #include "hw/block/block.h" 42 #include "hw/block/flash.h" 43 #include "sysemu/block-backend.h" 44 #include "qapi/error.h" 45 #include "qemu/timer.h" 46 #include "qemu/bitops.h" 47 #include "qemu/error-report.h" 48 #include "qemu/host-utils.h" 49 #include "qemu/log.h" 50 #include "qemu/module.h" 51 #include "qemu/option.h" 52 #include "hw/sysbus.h" 53 #include "sysemu/blockdev.h" 54 #include "sysemu/sysemu.h" 55 #include "trace.h" 56 57 /* #define PFLASH_DEBUG */ 58 #ifdef PFLASH_DEBUG 59 #define DPRINTF(fmt, ...) \ 60 do { \ 61 fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \ 62 } while (0) 63 #else 64 #define DPRINTF(fmt, ...) do { } while (0) 65 #endif 66 67 #define PFLASH_BE 0 68 #define PFLASH_SECURE 1 69 70 struct PFlashCFI01 { 71 /*< private >*/ 72 SysBusDevice parent_obj; 73 /*< public >*/ 74 75 BlockBackend *blk; 76 uint32_t nb_blocs; 77 uint64_t sector_len; 78 uint8_t bank_width; 79 uint8_t device_width; /* If 0, device width not specified. */ 80 uint8_t max_device_width; /* max device width in bytes */ 81 uint32_t features; 82 uint8_t wcycle; /* if 0, the flash is read normally */ 83 int ro; 84 uint8_t cmd; 85 uint8_t status; 86 uint16_t ident0; 87 uint16_t ident1; 88 uint16_t ident2; 89 uint16_t ident3; 90 uint8_t cfi_table[0x52]; 91 uint64_t counter; 92 unsigned int writeblock_size; 93 QEMUTimer *timer; 94 MemoryRegion mem; 95 char *name; 96 void *storage; 97 VMChangeStateEntry *vmstate; 98 bool old_multiple_chip_handling; 99 }; 100 101 static int pflash_post_load(void *opaque, int version_id); 102 103 static const VMStateDescription vmstate_pflash = { 104 .name = "pflash_cfi01", 105 .version_id = 1, 106 .minimum_version_id = 1, 107 .post_load = pflash_post_load, 108 .fields = (VMStateField[]) { 109 VMSTATE_UINT8(wcycle, PFlashCFI01), 110 VMSTATE_UINT8(cmd, PFlashCFI01), 111 VMSTATE_UINT8(status, PFlashCFI01), 112 VMSTATE_UINT64(counter, PFlashCFI01), 113 VMSTATE_END_OF_LIST() 114 } 115 }; 116 117 static void pflash_timer (void *opaque) 118 { 119 PFlashCFI01 *pfl = opaque; 120 121 trace_pflash_timer_expired(pfl->cmd); 122 /* Reset flash */ 123 pfl->status ^= 0x80; 124 memory_region_rom_device_set_romd(&pfl->mem, true); 125 pfl->wcycle = 0; 126 pfl->cmd = 0; 127 } 128 129 /* Perform a CFI query based on the bank width of the flash. 130 * If this code is called we know we have a device_width set for 131 * this flash. 132 */ 133 static uint32_t pflash_cfi_query(PFlashCFI01 *pfl, hwaddr offset) 134 { 135 int i; 136 uint32_t resp = 0; 137 hwaddr boff; 138 139 /* Adjust incoming offset to match expected device-width 140 * addressing. CFI query addresses are always specified in terms of 141 * the maximum supported width of the device. This means that x8 142 * devices and x8/x16 devices in x8 mode behave differently. For 143 * devices that are not used at their max width, we will be 144 * provided with addresses that use higher address bits than 145 * expected (based on the max width), so we will shift them lower 146 * so that they will match the addresses used when 147 * device_width==max_device_width. 148 */ 149 boff = offset >> (ctz32(pfl->bank_width) + 150 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 151 152 if (boff >= sizeof(pfl->cfi_table)) { 153 return 0; 154 } 155 /* Now we will construct the CFI response generated by a single 156 * device, then replicate that for all devices that make up the 157 * bus. For wide parts used in x8 mode, CFI query responses 158 * are different than native byte-wide parts. 159 */ 160 resp = pfl->cfi_table[boff]; 161 if (pfl->device_width != pfl->max_device_width) { 162 /* The only case currently supported is x8 mode for a 163 * wider part. 164 */ 165 if (pfl->device_width != 1 || pfl->bank_width > 4) { 166 DPRINTF("%s: Unsupported device configuration: " 167 "device_width=%d, max_device_width=%d\n", 168 __func__, pfl->device_width, 169 pfl->max_device_width); 170 return 0; 171 } 172 /* CFI query data is repeated, rather than zero padded for 173 * wide devices used in x8 mode. 174 */ 175 for (i = 1; i < pfl->max_device_width; i++) { 176 resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]); 177 } 178 } 179 /* Replicate responses for each device in bank. */ 180 if (pfl->device_width < pfl->bank_width) { 181 for (i = pfl->device_width; 182 i < pfl->bank_width; i += pfl->device_width) { 183 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 184 } 185 } 186 187 return resp; 188 } 189 190 191 192 /* Perform a device id query based on the bank width of the flash. */ 193 static uint32_t pflash_devid_query(PFlashCFI01 *pfl, hwaddr offset) 194 { 195 int i; 196 uint32_t resp; 197 hwaddr boff; 198 199 /* Adjust incoming offset to match expected device-width 200 * addressing. Device ID read addresses are always specified in 201 * terms of the maximum supported width of the device. This means 202 * that x8 devices and x8/x16 devices in x8 mode behave 203 * differently. For devices that are not used at their max width, 204 * we will be provided with addresses that use higher address bits 205 * than expected (based on the max width), so we will shift them 206 * lower so that they will match the addresses used when 207 * device_width==max_device_width. 208 */ 209 boff = offset >> (ctz32(pfl->bank_width) + 210 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 211 212 /* Mask off upper bits which may be used in to query block 213 * or sector lock status at other addresses. 214 * Offsets 2/3 are block lock status, is not emulated. 215 */ 216 switch (boff & 0xFF) { 217 case 0: 218 resp = pfl->ident0; 219 trace_pflash_manufacturer_id(resp); 220 break; 221 case 1: 222 resp = pfl->ident1; 223 trace_pflash_device_id(resp); 224 break; 225 default: 226 trace_pflash_device_info(offset); 227 return 0; 228 break; 229 } 230 /* Replicate responses for each device in bank. */ 231 if (pfl->device_width < pfl->bank_width) { 232 for (i = pfl->device_width; 233 i < pfl->bank_width; i += pfl->device_width) { 234 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 235 } 236 } 237 238 return resp; 239 } 240 241 static uint32_t pflash_data_read(PFlashCFI01 *pfl, hwaddr offset, 242 int width, int be) 243 { 244 uint8_t *p; 245 uint32_t ret; 246 247 p = pfl->storage; 248 switch (width) { 249 case 1: 250 ret = p[offset]; 251 trace_pflash_data_read8(offset, ret); 252 break; 253 case 2: 254 if (be) { 255 ret = p[offset] << 8; 256 ret |= p[offset + 1]; 257 } else { 258 ret = p[offset]; 259 ret |= p[offset + 1] << 8; 260 } 261 trace_pflash_data_read16(offset, ret); 262 break; 263 case 4: 264 if (be) { 265 ret = p[offset] << 24; 266 ret |= p[offset + 1] << 16; 267 ret |= p[offset + 2] << 8; 268 ret |= p[offset + 3]; 269 } else { 270 ret = p[offset]; 271 ret |= p[offset + 1] << 8; 272 ret |= p[offset + 2] << 16; 273 ret |= p[offset + 3] << 24; 274 } 275 trace_pflash_data_read32(offset, ret); 276 break; 277 default: 278 DPRINTF("BUG in %s\n", __func__); 279 abort(); 280 } 281 return ret; 282 } 283 284 static uint32_t pflash_read(PFlashCFI01 *pfl, hwaddr offset, 285 int width, int be) 286 { 287 hwaddr boff; 288 uint32_t ret; 289 290 ret = -1; 291 trace_pflash_read(offset, pfl->cmd, width, pfl->wcycle); 292 switch (pfl->cmd) { 293 default: 294 /* This should never happen : reset state & treat it as a read */ 295 DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd); 296 pfl->wcycle = 0; 297 pfl->cmd = 0; 298 /* fall through to read code */ 299 case 0x00: 300 /* Flash area read */ 301 ret = pflash_data_read(pfl, offset, width, be); 302 break; 303 case 0x10: /* Single byte program */ 304 case 0x20: /* Block erase */ 305 case 0x28: /* Block erase */ 306 case 0x40: /* single byte program */ 307 case 0x50: /* Clear status register */ 308 case 0x60: /* Block /un)lock */ 309 case 0x70: /* Status Register */ 310 case 0xe8: /* Write block */ 311 /* Status register read. Return status from each device in 312 * bank. 313 */ 314 ret = pfl->status; 315 if (pfl->device_width && width > pfl->device_width) { 316 int shift = pfl->device_width * 8; 317 while (shift + pfl->device_width * 8 <= width * 8) { 318 ret |= pfl->status << shift; 319 shift += pfl->device_width * 8; 320 } 321 } else if (!pfl->device_width && width > 2) { 322 /* Handle 32 bit flash cases where device width is not 323 * set. (Existing behavior before device width added.) 324 */ 325 ret |= pfl->status << 16; 326 } 327 DPRINTF("%s: status %x\n", __func__, ret); 328 break; 329 case 0x90: 330 if (!pfl->device_width) { 331 /* Preserve old behavior if device width not specified */ 332 boff = offset & 0xFF; 333 if (pfl->bank_width == 2) { 334 boff = boff >> 1; 335 } else if (pfl->bank_width == 4) { 336 boff = boff >> 2; 337 } 338 339 switch (boff) { 340 case 0: 341 ret = pfl->ident0 << 8 | pfl->ident1; 342 trace_pflash_manufacturer_id(ret); 343 break; 344 case 1: 345 ret = pfl->ident2 << 8 | pfl->ident3; 346 trace_pflash_device_id(ret); 347 break; 348 default: 349 trace_pflash_device_info(boff); 350 ret = 0; 351 break; 352 } 353 } else { 354 /* If we have a read larger than the bank_width, combine multiple 355 * manufacturer/device ID queries into a single response. 356 */ 357 int i; 358 for (i = 0; i < width; i += pfl->bank_width) { 359 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 360 pflash_devid_query(pfl, 361 offset + i * pfl->bank_width)); 362 } 363 } 364 break; 365 case 0x98: /* Query mode */ 366 if (!pfl->device_width) { 367 /* Preserve old behavior if device width not specified */ 368 boff = offset & 0xFF; 369 if (pfl->bank_width == 2) { 370 boff = boff >> 1; 371 } else if (pfl->bank_width == 4) { 372 boff = boff >> 2; 373 } 374 375 if (boff < sizeof(pfl->cfi_table)) { 376 ret = pfl->cfi_table[boff]; 377 } else { 378 ret = 0; 379 } 380 } else { 381 /* If we have a read larger than the bank_width, combine multiple 382 * CFI queries into a single response. 383 */ 384 int i; 385 for (i = 0; i < width; i += pfl->bank_width) { 386 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 387 pflash_cfi_query(pfl, 388 offset + i * pfl->bank_width)); 389 } 390 } 391 392 break; 393 } 394 return ret; 395 } 396 397 /* update flash content on disk */ 398 static void pflash_update(PFlashCFI01 *pfl, int offset, 399 int size) 400 { 401 int offset_end; 402 if (pfl->blk) { 403 offset_end = offset + size; 404 /* widen to sector boundaries */ 405 offset = QEMU_ALIGN_DOWN(offset, BDRV_SECTOR_SIZE); 406 offset_end = QEMU_ALIGN_UP(offset_end, BDRV_SECTOR_SIZE); 407 blk_pwrite(pfl->blk, offset, pfl->storage + offset, 408 offset_end - offset, 0); 409 } 410 } 411 412 static inline void pflash_data_write(PFlashCFI01 *pfl, hwaddr offset, 413 uint32_t value, int width, int be) 414 { 415 uint8_t *p = pfl->storage; 416 417 trace_pflash_data_write(offset, value, width, pfl->counter); 418 switch (width) { 419 case 1: 420 p[offset] = value; 421 break; 422 case 2: 423 if (be) { 424 p[offset] = value >> 8; 425 p[offset + 1] = value; 426 } else { 427 p[offset] = value; 428 p[offset + 1] = value >> 8; 429 } 430 break; 431 case 4: 432 if (be) { 433 p[offset] = value >> 24; 434 p[offset + 1] = value >> 16; 435 p[offset + 2] = value >> 8; 436 p[offset + 3] = value; 437 } else { 438 p[offset] = value; 439 p[offset + 1] = value >> 8; 440 p[offset + 2] = value >> 16; 441 p[offset + 3] = value >> 24; 442 } 443 break; 444 } 445 446 } 447 448 static void pflash_write(PFlashCFI01 *pfl, hwaddr offset, 449 uint32_t value, int width, int be) 450 { 451 uint8_t *p; 452 uint8_t cmd; 453 454 cmd = value; 455 456 trace_pflash_write(offset, value, width, pfl->wcycle); 457 if (!pfl->wcycle) { 458 /* Set the device in I/O access mode */ 459 memory_region_rom_device_set_romd(&pfl->mem, false); 460 } 461 462 switch (pfl->wcycle) { 463 case 0: 464 /* read mode */ 465 switch (cmd) { 466 case 0x00: /* ??? */ 467 goto reset_flash; 468 case 0x10: /* Single Byte Program */ 469 case 0x40: /* Single Byte Program */ 470 DPRINTF("%s: Single Byte Program\n", __func__); 471 break; 472 case 0x20: /* Block erase */ 473 p = pfl->storage; 474 offset &= ~(pfl->sector_len - 1); 475 476 DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n", 477 __func__, offset, (unsigned)pfl->sector_len); 478 479 if (!pfl->ro) { 480 memset(p + offset, 0xff, pfl->sector_len); 481 pflash_update(pfl, offset, pfl->sector_len); 482 } else { 483 pfl->status |= 0x20; /* Block erase error */ 484 } 485 pfl->status |= 0x80; /* Ready! */ 486 break; 487 case 0x50: /* Clear status bits */ 488 DPRINTF("%s: Clear status bits\n", __func__); 489 pfl->status = 0x0; 490 goto reset_flash; 491 case 0x60: /* Block (un)lock */ 492 DPRINTF("%s: Block unlock\n", __func__); 493 break; 494 case 0x70: /* Status Register */ 495 DPRINTF("%s: Read status register\n", __func__); 496 pfl->cmd = cmd; 497 return; 498 case 0x90: /* Read Device ID */ 499 DPRINTF("%s: Read Device information\n", __func__); 500 pfl->cmd = cmd; 501 return; 502 case 0x98: /* CFI query */ 503 DPRINTF("%s: CFI query\n", __func__); 504 break; 505 case 0xe8: /* Write to buffer */ 506 DPRINTF("%s: Write to buffer\n", __func__); 507 /* FIXME should save @offset, @width for case 1+ */ 508 qemu_log_mask(LOG_UNIMP, 509 "%s: Write to buffer emulation is flawed\n", 510 __func__); 511 pfl->status |= 0x80; /* Ready! */ 512 break; 513 case 0xf0: /* Probe for AMD flash */ 514 DPRINTF("%s: Probe for AMD flash\n", __func__); 515 goto reset_flash; 516 case 0xff: /* Read array mode */ 517 DPRINTF("%s: Read array mode\n", __func__); 518 goto reset_flash; 519 default: 520 goto error_flash; 521 } 522 pfl->wcycle++; 523 pfl->cmd = cmd; 524 break; 525 case 1: 526 switch (pfl->cmd) { 527 case 0x10: /* Single Byte Program */ 528 case 0x40: /* Single Byte Program */ 529 DPRINTF("%s: Single Byte Program\n", __func__); 530 if (!pfl->ro) { 531 pflash_data_write(pfl, offset, value, width, be); 532 pflash_update(pfl, offset, width); 533 } else { 534 pfl->status |= 0x10; /* Programming error */ 535 } 536 pfl->status |= 0x80; /* Ready! */ 537 pfl->wcycle = 0; 538 break; 539 case 0x20: /* Block erase */ 540 case 0x28: 541 if (cmd == 0xd0) { /* confirm */ 542 pfl->wcycle = 0; 543 pfl->status |= 0x80; 544 } else if (cmd == 0xff) { /* read array mode */ 545 goto reset_flash; 546 } else 547 goto error_flash; 548 549 break; 550 case 0xe8: 551 /* Mask writeblock size based on device width, or bank width if 552 * device width not specified. 553 */ 554 /* FIXME check @offset, @width */ 555 if (pfl->device_width) { 556 value = extract32(value, 0, pfl->device_width * 8); 557 } else { 558 value = extract32(value, 0, pfl->bank_width * 8); 559 } 560 DPRINTF("%s: block write of %x bytes\n", __func__, value); 561 pfl->counter = value; 562 pfl->wcycle++; 563 break; 564 case 0x60: 565 if (cmd == 0xd0) { 566 pfl->wcycle = 0; 567 pfl->status |= 0x80; 568 } else if (cmd == 0x01) { 569 pfl->wcycle = 0; 570 pfl->status |= 0x80; 571 } else if (cmd == 0xff) { 572 goto reset_flash; 573 } else { 574 DPRINTF("%s: Unknown (un)locking command\n", __func__); 575 goto reset_flash; 576 } 577 break; 578 case 0x98: 579 if (cmd == 0xff) { 580 goto reset_flash; 581 } else { 582 DPRINTF("%s: leaving query mode\n", __func__); 583 } 584 break; 585 default: 586 goto error_flash; 587 } 588 break; 589 case 2: 590 switch (pfl->cmd) { 591 case 0xe8: /* Block write */ 592 /* FIXME check @offset, @width */ 593 if (!pfl->ro) { 594 /* 595 * FIXME writing straight to memory is *wrong*. We 596 * should write to a buffer, and flush it to memory 597 * only on confirm command (see below). 598 */ 599 pflash_data_write(pfl, offset, value, width, be); 600 } else { 601 pfl->status |= 0x10; /* Programming error */ 602 } 603 604 pfl->status |= 0x80; 605 606 if (!pfl->counter) { 607 hwaddr mask = pfl->writeblock_size - 1; 608 mask = ~mask; 609 610 DPRINTF("%s: block write finished\n", __func__); 611 pfl->wcycle++; 612 if (!pfl->ro) { 613 /* Flush the entire write buffer onto backing storage. */ 614 /* FIXME premature! */ 615 pflash_update(pfl, offset & mask, pfl->writeblock_size); 616 } else { 617 pfl->status |= 0x10; /* Programming error */ 618 } 619 } 620 621 pfl->counter--; 622 break; 623 default: 624 goto error_flash; 625 } 626 break; 627 case 3: /* Confirm mode */ 628 switch (pfl->cmd) { 629 case 0xe8: /* Block write */ 630 if (cmd == 0xd0) { 631 /* FIXME this is where we should write out the buffer */ 632 pfl->wcycle = 0; 633 pfl->status |= 0x80; 634 } else { 635 qemu_log_mask(LOG_UNIMP, 636 "%s: Aborting write to buffer not implemented," 637 " the data is already written to storage!\n" 638 "Flash device reset into READ mode.\n", 639 __func__); 640 goto reset_flash; 641 } 642 break; 643 default: 644 goto error_flash; 645 } 646 break; 647 default: 648 /* Should never happen */ 649 DPRINTF("%s: invalid write state\n", __func__); 650 goto reset_flash; 651 } 652 return; 653 654 error_flash: 655 qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence " 656 "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)" 657 "\n", __func__, offset, pfl->wcycle, pfl->cmd, value); 658 659 reset_flash: 660 trace_pflash_reset(); 661 memory_region_rom_device_set_romd(&pfl->mem, true); 662 pfl->wcycle = 0; 663 pfl->cmd = 0; 664 } 665 666 667 static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value, 668 unsigned len, MemTxAttrs attrs) 669 { 670 PFlashCFI01 *pfl = opaque; 671 bool be = !!(pfl->features & (1 << PFLASH_BE)); 672 673 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 674 *value = pflash_data_read(opaque, addr, len, be); 675 } else { 676 *value = pflash_read(opaque, addr, len, be); 677 } 678 return MEMTX_OK; 679 } 680 681 static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value, 682 unsigned len, MemTxAttrs attrs) 683 { 684 PFlashCFI01 *pfl = opaque; 685 bool be = !!(pfl->features & (1 << PFLASH_BE)); 686 687 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 688 return MEMTX_ERROR; 689 } else { 690 pflash_write(opaque, addr, value, len, be); 691 return MEMTX_OK; 692 } 693 } 694 695 static const MemoryRegionOps pflash_cfi01_ops = { 696 .read_with_attrs = pflash_mem_read_with_attrs, 697 .write_with_attrs = pflash_mem_write_with_attrs, 698 .endianness = DEVICE_NATIVE_ENDIAN, 699 }; 700 701 static void pflash_cfi01_realize(DeviceState *dev, Error **errp) 702 { 703 PFlashCFI01 *pfl = PFLASH_CFI01(dev); 704 uint64_t total_len; 705 int ret; 706 uint64_t blocks_per_device, sector_len_per_device, device_len; 707 int num_devices; 708 Error *local_err = NULL; 709 710 if (pfl->sector_len == 0) { 711 error_setg(errp, "attribute \"sector-length\" not specified or zero."); 712 return; 713 } 714 if (pfl->nb_blocs == 0) { 715 error_setg(errp, "attribute \"num-blocks\" not specified or zero."); 716 return; 717 } 718 if (pfl->name == NULL) { 719 error_setg(errp, "attribute \"name\" not specified."); 720 return; 721 } 722 723 total_len = pfl->sector_len * pfl->nb_blocs; 724 725 /* These are only used to expose the parameters of each device 726 * in the cfi_table[]. 727 */ 728 num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1; 729 if (pfl->old_multiple_chip_handling) { 730 blocks_per_device = pfl->nb_blocs / num_devices; 731 sector_len_per_device = pfl->sector_len; 732 } else { 733 blocks_per_device = pfl->nb_blocs; 734 sector_len_per_device = pfl->sector_len / num_devices; 735 } 736 device_len = sector_len_per_device * blocks_per_device; 737 738 memory_region_init_rom_device( 739 &pfl->mem, OBJECT(dev), 740 &pflash_cfi01_ops, 741 pfl, 742 pfl->name, total_len, &local_err); 743 if (local_err) { 744 error_propagate(errp, local_err); 745 return; 746 } 747 748 pfl->storage = memory_region_get_ram_ptr(&pfl->mem); 749 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem); 750 751 if (pfl->blk) { 752 uint64_t perm; 753 pfl->ro = blk_is_read_only(pfl->blk); 754 perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE); 755 ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp); 756 if (ret < 0) { 757 return; 758 } 759 } else { 760 pfl->ro = 0; 761 } 762 763 if (pfl->blk) { 764 if (!blk_check_size_and_read_all(pfl->blk, pfl->storage, total_len, 765 errp)) { 766 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl)); 767 return; 768 } 769 } 770 771 /* Default to devices being used at their maximum device width. This was 772 * assumed before the device_width support was added. 773 */ 774 if (!pfl->max_device_width) { 775 pfl->max_device_width = pfl->device_width; 776 } 777 778 pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl); 779 pfl->wcycle = 0; 780 pfl->cmd = 0; 781 pfl->status = 0; 782 /* Hardcoded CFI table */ 783 /* Standard "QRY" string */ 784 pfl->cfi_table[0x10] = 'Q'; 785 pfl->cfi_table[0x11] = 'R'; 786 pfl->cfi_table[0x12] = 'Y'; 787 /* Command set (Intel) */ 788 pfl->cfi_table[0x13] = 0x01; 789 pfl->cfi_table[0x14] = 0x00; 790 /* Primary extended table address (none) */ 791 pfl->cfi_table[0x15] = 0x31; 792 pfl->cfi_table[0x16] = 0x00; 793 /* Alternate command set (none) */ 794 pfl->cfi_table[0x17] = 0x00; 795 pfl->cfi_table[0x18] = 0x00; 796 /* Alternate extended table (none) */ 797 pfl->cfi_table[0x19] = 0x00; 798 pfl->cfi_table[0x1A] = 0x00; 799 /* Vcc min */ 800 pfl->cfi_table[0x1B] = 0x45; 801 /* Vcc max */ 802 pfl->cfi_table[0x1C] = 0x55; 803 /* Vpp min (no Vpp pin) */ 804 pfl->cfi_table[0x1D] = 0x00; 805 /* Vpp max (no Vpp pin) */ 806 pfl->cfi_table[0x1E] = 0x00; 807 /* Reserved */ 808 pfl->cfi_table[0x1F] = 0x07; 809 /* Timeout for min size buffer write */ 810 pfl->cfi_table[0x20] = 0x07; 811 /* Typical timeout for block erase */ 812 pfl->cfi_table[0x21] = 0x0a; 813 /* Typical timeout for full chip erase (4096 ms) */ 814 pfl->cfi_table[0x22] = 0x00; 815 /* Reserved */ 816 pfl->cfi_table[0x23] = 0x04; 817 /* Max timeout for buffer write */ 818 pfl->cfi_table[0x24] = 0x04; 819 /* Max timeout for block erase */ 820 pfl->cfi_table[0x25] = 0x04; 821 /* Max timeout for chip erase */ 822 pfl->cfi_table[0x26] = 0x00; 823 /* Device size */ 824 pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */ 825 /* Flash device interface (8 & 16 bits) */ 826 pfl->cfi_table[0x28] = 0x02; 827 pfl->cfi_table[0x29] = 0x00; 828 /* Max number of bytes in multi-bytes write */ 829 if (pfl->bank_width == 1) { 830 pfl->cfi_table[0x2A] = 0x08; 831 } else { 832 pfl->cfi_table[0x2A] = 0x0B; 833 } 834 pfl->writeblock_size = 1 << pfl->cfi_table[0x2A]; 835 if (!pfl->old_multiple_chip_handling && num_devices > 1) { 836 pfl->writeblock_size *= num_devices; 837 } 838 839 pfl->cfi_table[0x2B] = 0x00; 840 /* Number of erase block regions (uniform) */ 841 pfl->cfi_table[0x2C] = 0x01; 842 /* Erase block region 1 */ 843 pfl->cfi_table[0x2D] = blocks_per_device - 1; 844 pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8; 845 pfl->cfi_table[0x2F] = sector_len_per_device >> 8; 846 pfl->cfi_table[0x30] = sector_len_per_device >> 16; 847 848 /* Extended */ 849 pfl->cfi_table[0x31] = 'P'; 850 pfl->cfi_table[0x32] = 'R'; 851 pfl->cfi_table[0x33] = 'I'; 852 853 pfl->cfi_table[0x34] = '1'; 854 pfl->cfi_table[0x35] = '0'; 855 856 pfl->cfi_table[0x36] = 0x00; 857 pfl->cfi_table[0x37] = 0x00; 858 pfl->cfi_table[0x38] = 0x00; 859 pfl->cfi_table[0x39] = 0x00; 860 861 pfl->cfi_table[0x3a] = 0x00; 862 863 pfl->cfi_table[0x3b] = 0x00; 864 pfl->cfi_table[0x3c] = 0x00; 865 866 pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */ 867 } 868 869 static Property pflash_cfi01_properties[] = { 870 DEFINE_PROP_DRIVE("drive", PFlashCFI01, blk), 871 /* num-blocks is the number of blocks actually visible to the guest, 872 * ie the total size of the device divided by the sector length. 873 * If we're emulating flash devices wired in parallel the actual 874 * number of blocks per indvidual device will differ. 875 */ 876 DEFINE_PROP_UINT32("num-blocks", PFlashCFI01, nb_blocs, 0), 877 DEFINE_PROP_UINT64("sector-length", PFlashCFI01, sector_len, 0), 878 /* width here is the overall width of this QEMU device in bytes. 879 * The QEMU device may be emulating a number of flash devices 880 * wired up in parallel; the width of each individual flash 881 * device should be specified via device-width. If the individual 882 * devices have a maximum width which is greater than the width 883 * they are being used for, this maximum width should be set via 884 * max-device-width (which otherwise defaults to device-width). 885 * So for instance a 32-bit wide QEMU flash device made from four 886 * 16-bit flash devices used in 8-bit wide mode would be configured 887 * with width = 4, device-width = 1, max-device-width = 2. 888 * 889 * If device-width is not specified we default to backwards 890 * compatible behaviour which is a bad emulation of two 891 * 16 bit devices making up a 32 bit wide QEMU device. This 892 * is deprecated for new uses of this device. 893 */ 894 DEFINE_PROP_UINT8("width", PFlashCFI01, bank_width, 0), 895 DEFINE_PROP_UINT8("device-width", PFlashCFI01, device_width, 0), 896 DEFINE_PROP_UINT8("max-device-width", PFlashCFI01, max_device_width, 0), 897 DEFINE_PROP_BIT("big-endian", PFlashCFI01, features, PFLASH_BE, 0), 898 DEFINE_PROP_BIT("secure", PFlashCFI01, features, PFLASH_SECURE, 0), 899 DEFINE_PROP_UINT16("id0", PFlashCFI01, ident0, 0), 900 DEFINE_PROP_UINT16("id1", PFlashCFI01, ident1, 0), 901 DEFINE_PROP_UINT16("id2", PFlashCFI01, ident2, 0), 902 DEFINE_PROP_UINT16("id3", PFlashCFI01, ident3, 0), 903 DEFINE_PROP_STRING("name", PFlashCFI01, name), 904 DEFINE_PROP_BOOL("old-multiple-chip-handling", PFlashCFI01, 905 old_multiple_chip_handling, false), 906 DEFINE_PROP_END_OF_LIST(), 907 }; 908 909 static void pflash_cfi01_class_init(ObjectClass *klass, void *data) 910 { 911 DeviceClass *dc = DEVICE_CLASS(klass); 912 913 dc->realize = pflash_cfi01_realize; 914 dc->props = pflash_cfi01_properties; 915 dc->vmsd = &vmstate_pflash; 916 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 917 } 918 919 920 static const TypeInfo pflash_cfi01_info = { 921 .name = TYPE_PFLASH_CFI01, 922 .parent = TYPE_SYS_BUS_DEVICE, 923 .instance_size = sizeof(PFlashCFI01), 924 .class_init = pflash_cfi01_class_init, 925 }; 926 927 static void pflash_cfi01_register_types(void) 928 { 929 type_register_static(&pflash_cfi01_info); 930 } 931 932 type_init(pflash_cfi01_register_types) 933 934 PFlashCFI01 *pflash_cfi01_register(hwaddr base, 935 const char *name, 936 hwaddr size, 937 BlockBackend *blk, 938 uint32_t sector_len, 939 int bank_width, 940 uint16_t id0, uint16_t id1, 941 uint16_t id2, uint16_t id3, 942 int be) 943 { 944 DeviceState *dev = qdev_create(NULL, TYPE_PFLASH_CFI01); 945 946 if (blk) { 947 qdev_prop_set_drive(dev, "drive", blk, &error_abort); 948 } 949 assert(size % sector_len == 0); 950 qdev_prop_set_uint32(dev, "num-blocks", size / sector_len); 951 qdev_prop_set_uint64(dev, "sector-length", sector_len); 952 qdev_prop_set_uint8(dev, "width", bank_width); 953 qdev_prop_set_bit(dev, "big-endian", !!be); 954 qdev_prop_set_uint16(dev, "id0", id0); 955 qdev_prop_set_uint16(dev, "id1", id1); 956 qdev_prop_set_uint16(dev, "id2", id2); 957 qdev_prop_set_uint16(dev, "id3", id3); 958 qdev_prop_set_string(dev, "name", name); 959 qdev_init_nofail(dev); 960 961 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); 962 return PFLASH_CFI01(dev); 963 } 964 965 BlockBackend *pflash_cfi01_get_blk(PFlashCFI01 *fl) 966 { 967 return fl->blk; 968 } 969 970 MemoryRegion *pflash_cfi01_get_memory(PFlashCFI01 *fl) 971 { 972 return &fl->mem; 973 } 974 975 /* 976 * Handle -drive if=pflash for machines that use properties. 977 * If @dinfo is null, do nothing. 978 * Else if @fl's property "drive" is already set, fatal error. 979 * Else set it to the BlockBackend with @dinfo. 980 */ 981 void pflash_cfi01_legacy_drive(PFlashCFI01 *fl, DriveInfo *dinfo) 982 { 983 Location loc; 984 985 if (!dinfo) { 986 return; 987 } 988 989 loc_push_none(&loc); 990 qemu_opts_loc_restore(dinfo->opts); 991 if (fl->blk) { 992 error_report("clashes with -machine"); 993 exit(1); 994 } 995 qdev_prop_set_drive(DEVICE(fl), "drive", 996 blk_by_legacy_dinfo(dinfo), &error_fatal); 997 loc_pop(&loc); 998 } 999 1000 static void postload_update_cb(void *opaque, int running, RunState state) 1001 { 1002 PFlashCFI01 *pfl = opaque; 1003 1004 /* This is called after bdrv_invalidate_cache_all. */ 1005 qemu_del_vm_change_state_handler(pfl->vmstate); 1006 pfl->vmstate = NULL; 1007 1008 DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name); 1009 pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs); 1010 } 1011 1012 static int pflash_post_load(void *opaque, int version_id) 1013 { 1014 PFlashCFI01 *pfl = opaque; 1015 1016 if (!pfl->ro) { 1017 pfl->vmstate = qemu_add_vm_change_state_handler(postload_update_cb, 1018 pfl); 1019 } 1020 return 0; 1021 } 1022