1 /* 2 * CFI parallel flash with Intel command set emulation 3 * 4 * Copyright (c) 2006 Thorsten Zitterell 5 * Copyright (c) 2005 Jocelyn Mayer 6 * 7 * This library is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation; either 10 * version 2 of the License, or (at your option) any later version. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 /* 22 * For now, this code can emulate flashes of 1, 2 or 4 bytes width. 23 * Supported commands/modes are: 24 * - flash read 25 * - flash write 26 * - flash ID read 27 * - sector erase 28 * - CFI queries 29 * 30 * It does not support timings 31 * It does not support flash interleaving 32 * It does not implement software data protection as found in many real chips 33 * It does not implement erase suspend/resume commands 34 * It does not implement multiple sectors erase 35 * 36 * It does not implement much more ... 37 */ 38 39 #include "qemu/osdep.h" 40 #include "hw/hw.h" 41 #include "hw/block/block.h" 42 #include "hw/block/flash.h" 43 #include "sysemu/block-backend.h" 44 #include "qapi/error.h" 45 #include "qemu/timer.h" 46 #include "qemu/bitops.h" 47 #include "qemu/host-utils.h" 48 #include "qemu/log.h" 49 #include "hw/sysbus.h" 50 #include "sysemu/sysemu.h" 51 #include "trace.h" 52 53 /* #define PFLASH_DEBUG */ 54 #ifdef PFLASH_DEBUG 55 #define DPRINTF(fmt, ...) \ 56 do { \ 57 fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \ 58 } while (0) 59 #else 60 #define DPRINTF(fmt, ...) do { } while (0) 61 #endif 62 63 #define PFLASH_BE 0 64 #define PFLASH_SECURE 1 65 66 struct PFlashCFI01 { 67 /*< private >*/ 68 SysBusDevice parent_obj; 69 /*< public >*/ 70 71 BlockBackend *blk; 72 uint32_t nb_blocs; 73 uint64_t sector_len; 74 uint8_t bank_width; 75 uint8_t device_width; /* If 0, device width not specified. */ 76 uint8_t max_device_width; /* max device width in bytes */ 77 uint32_t features; 78 uint8_t wcycle; /* if 0, the flash is read normally */ 79 int ro; 80 uint8_t cmd; 81 uint8_t status; 82 uint16_t ident0; 83 uint16_t ident1; 84 uint16_t ident2; 85 uint16_t ident3; 86 uint8_t cfi_table[0x52]; 87 uint64_t counter; 88 unsigned int writeblock_size; 89 QEMUTimer *timer; 90 MemoryRegion mem; 91 char *name; 92 void *storage; 93 VMChangeStateEntry *vmstate; 94 bool old_multiple_chip_handling; 95 }; 96 97 static int pflash_post_load(void *opaque, int version_id); 98 99 static const VMStateDescription vmstate_pflash = { 100 .name = "pflash_cfi01", 101 .version_id = 1, 102 .minimum_version_id = 1, 103 .post_load = pflash_post_load, 104 .fields = (VMStateField[]) { 105 VMSTATE_UINT8(wcycle, PFlashCFI01), 106 VMSTATE_UINT8(cmd, PFlashCFI01), 107 VMSTATE_UINT8(status, PFlashCFI01), 108 VMSTATE_UINT64(counter, PFlashCFI01), 109 VMSTATE_END_OF_LIST() 110 } 111 }; 112 113 static void pflash_timer (void *opaque) 114 { 115 PFlashCFI01 *pfl = opaque; 116 117 trace_pflash_timer_expired(pfl->cmd); 118 /* Reset flash */ 119 pfl->status ^= 0x80; 120 memory_region_rom_device_set_romd(&pfl->mem, true); 121 pfl->wcycle = 0; 122 pfl->cmd = 0; 123 } 124 125 /* Perform a CFI query based on the bank width of the flash. 126 * If this code is called we know we have a device_width set for 127 * this flash. 128 */ 129 static uint32_t pflash_cfi_query(PFlashCFI01 *pfl, hwaddr offset) 130 { 131 int i; 132 uint32_t resp = 0; 133 hwaddr boff; 134 135 /* Adjust incoming offset to match expected device-width 136 * addressing. CFI query addresses are always specified in terms of 137 * the maximum supported width of the device. This means that x8 138 * devices and x8/x16 devices in x8 mode behave differently. For 139 * devices that are not used at their max width, we will be 140 * provided with addresses that use higher address bits than 141 * expected (based on the max width), so we will shift them lower 142 * so that they will match the addresses used when 143 * device_width==max_device_width. 144 */ 145 boff = offset >> (ctz32(pfl->bank_width) + 146 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 147 148 if (boff >= sizeof(pfl->cfi_table)) { 149 return 0; 150 } 151 /* Now we will construct the CFI response generated by a single 152 * device, then replicate that for all devices that make up the 153 * bus. For wide parts used in x8 mode, CFI query responses 154 * are different than native byte-wide parts. 155 */ 156 resp = pfl->cfi_table[boff]; 157 if (pfl->device_width != pfl->max_device_width) { 158 /* The only case currently supported is x8 mode for a 159 * wider part. 160 */ 161 if (pfl->device_width != 1 || pfl->bank_width > 4) { 162 DPRINTF("%s: Unsupported device configuration: " 163 "device_width=%d, max_device_width=%d\n", 164 __func__, pfl->device_width, 165 pfl->max_device_width); 166 return 0; 167 } 168 /* CFI query data is repeated, rather than zero padded for 169 * wide devices used in x8 mode. 170 */ 171 for (i = 1; i < pfl->max_device_width; i++) { 172 resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]); 173 } 174 } 175 /* Replicate responses for each device in bank. */ 176 if (pfl->device_width < pfl->bank_width) { 177 for (i = pfl->device_width; 178 i < pfl->bank_width; i += pfl->device_width) { 179 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 180 } 181 } 182 183 return resp; 184 } 185 186 187 188 /* Perform a device id query based on the bank width of the flash. */ 189 static uint32_t pflash_devid_query(PFlashCFI01 *pfl, hwaddr offset) 190 { 191 int i; 192 uint32_t resp; 193 hwaddr boff; 194 195 /* Adjust incoming offset to match expected device-width 196 * addressing. Device ID read addresses are always specified in 197 * terms of the maximum supported width of the device. This means 198 * that x8 devices and x8/x16 devices in x8 mode behave 199 * differently. For devices that are not used at their max width, 200 * we will be provided with addresses that use higher address bits 201 * than expected (based on the max width), so we will shift them 202 * lower so that they will match the addresses used when 203 * device_width==max_device_width. 204 */ 205 boff = offset >> (ctz32(pfl->bank_width) + 206 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 207 208 /* Mask off upper bits which may be used in to query block 209 * or sector lock status at other addresses. 210 * Offsets 2/3 are block lock status, is not emulated. 211 */ 212 switch (boff & 0xFF) { 213 case 0: 214 resp = pfl->ident0; 215 trace_pflash_manufacturer_id(resp); 216 break; 217 case 1: 218 resp = pfl->ident1; 219 trace_pflash_device_id(resp); 220 break; 221 default: 222 trace_pflash_device_info(offset); 223 return 0; 224 break; 225 } 226 /* Replicate responses for each device in bank. */ 227 if (pfl->device_width < pfl->bank_width) { 228 for (i = pfl->device_width; 229 i < pfl->bank_width; i += pfl->device_width) { 230 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 231 } 232 } 233 234 return resp; 235 } 236 237 static uint32_t pflash_data_read(PFlashCFI01 *pfl, hwaddr offset, 238 int width, int be) 239 { 240 uint8_t *p; 241 uint32_t ret; 242 243 p = pfl->storage; 244 switch (width) { 245 case 1: 246 ret = p[offset]; 247 trace_pflash_data_read8(offset, ret); 248 break; 249 case 2: 250 if (be) { 251 ret = p[offset] << 8; 252 ret |= p[offset + 1]; 253 } else { 254 ret = p[offset]; 255 ret |= p[offset + 1] << 8; 256 } 257 trace_pflash_data_read16(offset, ret); 258 break; 259 case 4: 260 if (be) { 261 ret = p[offset] << 24; 262 ret |= p[offset + 1] << 16; 263 ret |= p[offset + 2] << 8; 264 ret |= p[offset + 3]; 265 } else { 266 ret = p[offset]; 267 ret |= p[offset + 1] << 8; 268 ret |= p[offset + 2] << 16; 269 ret |= p[offset + 3] << 24; 270 } 271 trace_pflash_data_read32(offset, ret); 272 break; 273 default: 274 DPRINTF("BUG in %s\n", __func__); 275 abort(); 276 } 277 return ret; 278 } 279 280 static uint32_t pflash_read(PFlashCFI01 *pfl, hwaddr offset, 281 int width, int be) 282 { 283 hwaddr boff; 284 uint32_t ret; 285 286 ret = -1; 287 trace_pflash_read(offset, pfl->cmd, width, pfl->wcycle); 288 switch (pfl->cmd) { 289 default: 290 /* This should never happen : reset state & treat it as a read */ 291 DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd); 292 pfl->wcycle = 0; 293 pfl->cmd = 0; 294 /* fall through to read code */ 295 case 0x00: 296 /* Flash area read */ 297 ret = pflash_data_read(pfl, offset, width, be); 298 break; 299 case 0x10: /* Single byte program */ 300 case 0x20: /* Block erase */ 301 case 0x28: /* Block erase */ 302 case 0x40: /* single byte program */ 303 case 0x50: /* Clear status register */ 304 case 0x60: /* Block /un)lock */ 305 case 0x70: /* Status Register */ 306 case 0xe8: /* Write block */ 307 /* Status register read. Return status from each device in 308 * bank. 309 */ 310 ret = pfl->status; 311 if (pfl->device_width && width > pfl->device_width) { 312 int shift = pfl->device_width * 8; 313 while (shift + pfl->device_width * 8 <= width * 8) { 314 ret |= pfl->status << shift; 315 shift += pfl->device_width * 8; 316 } 317 } else if (!pfl->device_width && width > 2) { 318 /* Handle 32 bit flash cases where device width is not 319 * set. (Existing behavior before device width added.) 320 */ 321 ret |= pfl->status << 16; 322 } 323 DPRINTF("%s: status %x\n", __func__, ret); 324 break; 325 case 0x90: 326 if (!pfl->device_width) { 327 /* Preserve old behavior if device width not specified */ 328 boff = offset & 0xFF; 329 if (pfl->bank_width == 2) { 330 boff = boff >> 1; 331 } else if (pfl->bank_width == 4) { 332 boff = boff >> 2; 333 } 334 335 switch (boff) { 336 case 0: 337 ret = pfl->ident0 << 8 | pfl->ident1; 338 trace_pflash_manufacturer_id(ret); 339 break; 340 case 1: 341 ret = pfl->ident2 << 8 | pfl->ident3; 342 trace_pflash_device_id(ret); 343 break; 344 default: 345 trace_pflash_device_info(boff); 346 ret = 0; 347 break; 348 } 349 } else { 350 /* If we have a read larger than the bank_width, combine multiple 351 * manufacturer/device ID queries into a single response. 352 */ 353 int i; 354 for (i = 0; i < width; i += pfl->bank_width) { 355 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 356 pflash_devid_query(pfl, 357 offset + i * pfl->bank_width)); 358 } 359 } 360 break; 361 case 0x98: /* Query mode */ 362 if (!pfl->device_width) { 363 /* Preserve old behavior if device width not specified */ 364 boff = offset & 0xFF; 365 if (pfl->bank_width == 2) { 366 boff = boff >> 1; 367 } else if (pfl->bank_width == 4) { 368 boff = boff >> 2; 369 } 370 371 if (boff < sizeof(pfl->cfi_table)) { 372 ret = pfl->cfi_table[boff]; 373 } else { 374 ret = 0; 375 } 376 } else { 377 /* If we have a read larger than the bank_width, combine multiple 378 * CFI queries into a single response. 379 */ 380 int i; 381 for (i = 0; i < width; i += pfl->bank_width) { 382 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 383 pflash_cfi_query(pfl, 384 offset + i * pfl->bank_width)); 385 } 386 } 387 388 break; 389 } 390 return ret; 391 } 392 393 /* update flash content on disk */ 394 static void pflash_update(PFlashCFI01 *pfl, int offset, 395 int size) 396 { 397 int offset_end; 398 if (pfl->blk) { 399 offset_end = offset + size; 400 /* widen to sector boundaries */ 401 offset = QEMU_ALIGN_DOWN(offset, BDRV_SECTOR_SIZE); 402 offset_end = QEMU_ALIGN_UP(offset_end, BDRV_SECTOR_SIZE); 403 blk_pwrite(pfl->blk, offset, pfl->storage + offset, 404 offset_end - offset, 0); 405 } 406 } 407 408 static inline void pflash_data_write(PFlashCFI01 *pfl, hwaddr offset, 409 uint32_t value, int width, int be) 410 { 411 uint8_t *p = pfl->storage; 412 413 trace_pflash_data_write(offset, value, width, pfl->counter); 414 switch (width) { 415 case 1: 416 p[offset] = value; 417 break; 418 case 2: 419 if (be) { 420 p[offset] = value >> 8; 421 p[offset + 1] = value; 422 } else { 423 p[offset] = value; 424 p[offset + 1] = value >> 8; 425 } 426 break; 427 case 4: 428 if (be) { 429 p[offset] = value >> 24; 430 p[offset + 1] = value >> 16; 431 p[offset + 2] = value >> 8; 432 p[offset + 3] = value; 433 } else { 434 p[offset] = value; 435 p[offset + 1] = value >> 8; 436 p[offset + 2] = value >> 16; 437 p[offset + 3] = value >> 24; 438 } 439 break; 440 } 441 442 } 443 444 static void pflash_write(PFlashCFI01 *pfl, hwaddr offset, 445 uint32_t value, int width, int be) 446 { 447 uint8_t *p; 448 uint8_t cmd; 449 450 cmd = value; 451 452 trace_pflash_write(offset, value, width, pfl->wcycle); 453 if (!pfl->wcycle) { 454 /* Set the device in I/O access mode */ 455 memory_region_rom_device_set_romd(&pfl->mem, false); 456 } 457 458 switch (pfl->wcycle) { 459 case 0: 460 /* read mode */ 461 switch (cmd) { 462 case 0x00: /* ??? */ 463 goto reset_flash; 464 case 0x10: /* Single Byte Program */ 465 case 0x40: /* Single Byte Program */ 466 DPRINTF("%s: Single Byte Program\n", __func__); 467 break; 468 case 0x20: /* Block erase */ 469 p = pfl->storage; 470 offset &= ~(pfl->sector_len - 1); 471 472 DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n", 473 __func__, offset, (unsigned)pfl->sector_len); 474 475 if (!pfl->ro) { 476 memset(p + offset, 0xff, pfl->sector_len); 477 pflash_update(pfl, offset, pfl->sector_len); 478 } else { 479 pfl->status |= 0x20; /* Block erase error */ 480 } 481 pfl->status |= 0x80; /* Ready! */ 482 break; 483 case 0x50: /* Clear status bits */ 484 DPRINTF("%s: Clear status bits\n", __func__); 485 pfl->status = 0x0; 486 goto reset_flash; 487 case 0x60: /* Block (un)lock */ 488 DPRINTF("%s: Block unlock\n", __func__); 489 break; 490 case 0x70: /* Status Register */ 491 DPRINTF("%s: Read status register\n", __func__); 492 pfl->cmd = cmd; 493 return; 494 case 0x90: /* Read Device ID */ 495 DPRINTF("%s: Read Device information\n", __func__); 496 pfl->cmd = cmd; 497 return; 498 case 0x98: /* CFI query */ 499 DPRINTF("%s: CFI query\n", __func__); 500 break; 501 case 0xe8: /* Write to buffer */ 502 DPRINTF("%s: Write to buffer\n", __func__); 503 /* FIXME should save @offset, @width for case 1+ */ 504 qemu_log_mask(LOG_UNIMP, 505 "%s: Write to buffer emulation is flawed\n", 506 __func__); 507 pfl->status |= 0x80; /* Ready! */ 508 break; 509 case 0xf0: /* Probe for AMD flash */ 510 DPRINTF("%s: Probe for AMD flash\n", __func__); 511 goto reset_flash; 512 case 0xff: /* Read array mode */ 513 DPRINTF("%s: Read array mode\n", __func__); 514 goto reset_flash; 515 default: 516 goto error_flash; 517 } 518 pfl->wcycle++; 519 pfl->cmd = cmd; 520 break; 521 case 1: 522 switch (pfl->cmd) { 523 case 0x10: /* Single Byte Program */ 524 case 0x40: /* Single Byte Program */ 525 DPRINTF("%s: Single Byte Program\n", __func__); 526 if (!pfl->ro) { 527 pflash_data_write(pfl, offset, value, width, be); 528 pflash_update(pfl, offset, width); 529 } else { 530 pfl->status |= 0x10; /* Programming error */ 531 } 532 pfl->status |= 0x80; /* Ready! */ 533 pfl->wcycle = 0; 534 break; 535 case 0x20: /* Block erase */ 536 case 0x28: 537 if (cmd == 0xd0) { /* confirm */ 538 pfl->wcycle = 0; 539 pfl->status |= 0x80; 540 } else if (cmd == 0xff) { /* read array mode */ 541 goto reset_flash; 542 } else 543 goto error_flash; 544 545 break; 546 case 0xe8: 547 /* Mask writeblock size based on device width, or bank width if 548 * device width not specified. 549 */ 550 /* FIXME check @offset, @width */ 551 if (pfl->device_width) { 552 value = extract32(value, 0, pfl->device_width * 8); 553 } else { 554 value = extract32(value, 0, pfl->bank_width * 8); 555 } 556 DPRINTF("%s: block write of %x bytes\n", __func__, value); 557 pfl->counter = value; 558 pfl->wcycle++; 559 break; 560 case 0x60: 561 if (cmd == 0xd0) { 562 pfl->wcycle = 0; 563 pfl->status |= 0x80; 564 } else if (cmd == 0x01) { 565 pfl->wcycle = 0; 566 pfl->status |= 0x80; 567 } else if (cmd == 0xff) { 568 goto reset_flash; 569 } else { 570 DPRINTF("%s: Unknown (un)locking command\n", __func__); 571 goto reset_flash; 572 } 573 break; 574 case 0x98: 575 if (cmd == 0xff) { 576 goto reset_flash; 577 } else { 578 DPRINTF("%s: leaving query mode\n", __func__); 579 } 580 break; 581 default: 582 goto error_flash; 583 } 584 break; 585 case 2: 586 switch (pfl->cmd) { 587 case 0xe8: /* Block write */ 588 /* FIXME check @offset, @width */ 589 if (!pfl->ro) { 590 /* 591 * FIXME writing straight to memory is *wrong*. We 592 * should write to a buffer, and flush it to memory 593 * only on confirm command (see below). 594 */ 595 pflash_data_write(pfl, offset, value, width, be); 596 } else { 597 pfl->status |= 0x10; /* Programming error */ 598 } 599 600 pfl->status |= 0x80; 601 602 if (!pfl->counter) { 603 hwaddr mask = pfl->writeblock_size - 1; 604 mask = ~mask; 605 606 DPRINTF("%s: block write finished\n", __func__); 607 pfl->wcycle++; 608 if (!pfl->ro) { 609 /* Flush the entire write buffer onto backing storage. */ 610 /* FIXME premature! */ 611 pflash_update(pfl, offset & mask, pfl->writeblock_size); 612 } else { 613 pfl->status |= 0x10; /* Programming error */ 614 } 615 } 616 617 pfl->counter--; 618 break; 619 default: 620 goto error_flash; 621 } 622 break; 623 case 3: /* Confirm mode */ 624 switch (pfl->cmd) { 625 case 0xe8: /* Block write */ 626 if (cmd == 0xd0) { 627 /* FIXME this is where we should write out the buffer */ 628 pfl->wcycle = 0; 629 pfl->status |= 0x80; 630 } else { 631 qemu_log_mask(LOG_UNIMP, 632 "%s: Aborting write to buffer not implemented," 633 " the data is already written to storage!\n" 634 "Flash device reset into READ mode.\n", 635 __func__); 636 goto reset_flash; 637 } 638 break; 639 default: 640 goto error_flash; 641 } 642 break; 643 default: 644 /* Should never happen */ 645 DPRINTF("%s: invalid write state\n", __func__); 646 goto reset_flash; 647 } 648 return; 649 650 error_flash: 651 qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence " 652 "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)" 653 "\n", __func__, offset, pfl->wcycle, pfl->cmd, value); 654 655 reset_flash: 656 trace_pflash_reset(); 657 memory_region_rom_device_set_romd(&pfl->mem, true); 658 pfl->wcycle = 0; 659 pfl->cmd = 0; 660 } 661 662 663 static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value, 664 unsigned len, MemTxAttrs attrs) 665 { 666 PFlashCFI01 *pfl = opaque; 667 bool be = !!(pfl->features & (1 << PFLASH_BE)); 668 669 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 670 *value = pflash_data_read(opaque, addr, len, be); 671 } else { 672 *value = pflash_read(opaque, addr, len, be); 673 } 674 return MEMTX_OK; 675 } 676 677 static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value, 678 unsigned len, MemTxAttrs attrs) 679 { 680 PFlashCFI01 *pfl = opaque; 681 bool be = !!(pfl->features & (1 << PFLASH_BE)); 682 683 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 684 return MEMTX_ERROR; 685 } else { 686 pflash_write(opaque, addr, value, len, be); 687 return MEMTX_OK; 688 } 689 } 690 691 static const MemoryRegionOps pflash_cfi01_ops = { 692 .read_with_attrs = pflash_mem_read_with_attrs, 693 .write_with_attrs = pflash_mem_write_with_attrs, 694 .endianness = DEVICE_NATIVE_ENDIAN, 695 }; 696 697 static void pflash_cfi01_realize(DeviceState *dev, Error **errp) 698 { 699 PFlashCFI01 *pfl = PFLASH_CFI01(dev); 700 uint64_t total_len; 701 int ret; 702 uint64_t blocks_per_device, sector_len_per_device, device_len; 703 int num_devices; 704 Error *local_err = NULL; 705 706 if (pfl->sector_len == 0) { 707 error_setg(errp, "attribute \"sector-length\" not specified or zero."); 708 return; 709 } 710 if (pfl->nb_blocs == 0) { 711 error_setg(errp, "attribute \"num-blocks\" not specified or zero."); 712 return; 713 } 714 if (pfl->name == NULL) { 715 error_setg(errp, "attribute \"name\" not specified."); 716 return; 717 } 718 719 total_len = pfl->sector_len * pfl->nb_blocs; 720 721 /* These are only used to expose the parameters of each device 722 * in the cfi_table[]. 723 */ 724 num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1; 725 if (pfl->old_multiple_chip_handling) { 726 blocks_per_device = pfl->nb_blocs / num_devices; 727 sector_len_per_device = pfl->sector_len; 728 } else { 729 blocks_per_device = pfl->nb_blocs; 730 sector_len_per_device = pfl->sector_len / num_devices; 731 } 732 device_len = sector_len_per_device * blocks_per_device; 733 734 memory_region_init_rom_device( 735 &pfl->mem, OBJECT(dev), 736 &pflash_cfi01_ops, 737 pfl, 738 pfl->name, total_len, &local_err); 739 if (local_err) { 740 error_propagate(errp, local_err); 741 return; 742 } 743 744 pfl->storage = memory_region_get_ram_ptr(&pfl->mem); 745 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem); 746 747 if (pfl->blk) { 748 uint64_t perm; 749 pfl->ro = blk_is_read_only(pfl->blk); 750 perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE); 751 ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp); 752 if (ret < 0) { 753 return; 754 } 755 } else { 756 pfl->ro = 0; 757 } 758 759 if (pfl->blk) { 760 if (!blk_check_size_and_read_all(pfl->blk, pfl->storage, total_len, 761 errp)) { 762 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl)); 763 return; 764 } 765 } 766 767 /* Default to devices being used at their maximum device width. This was 768 * assumed before the device_width support was added. 769 */ 770 if (!pfl->max_device_width) { 771 pfl->max_device_width = pfl->device_width; 772 } 773 774 pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl); 775 pfl->wcycle = 0; 776 pfl->cmd = 0; 777 pfl->status = 0; 778 /* Hardcoded CFI table */ 779 /* Standard "QRY" string */ 780 pfl->cfi_table[0x10] = 'Q'; 781 pfl->cfi_table[0x11] = 'R'; 782 pfl->cfi_table[0x12] = 'Y'; 783 /* Command set (Intel) */ 784 pfl->cfi_table[0x13] = 0x01; 785 pfl->cfi_table[0x14] = 0x00; 786 /* Primary extended table address (none) */ 787 pfl->cfi_table[0x15] = 0x31; 788 pfl->cfi_table[0x16] = 0x00; 789 /* Alternate command set (none) */ 790 pfl->cfi_table[0x17] = 0x00; 791 pfl->cfi_table[0x18] = 0x00; 792 /* Alternate extended table (none) */ 793 pfl->cfi_table[0x19] = 0x00; 794 pfl->cfi_table[0x1A] = 0x00; 795 /* Vcc min */ 796 pfl->cfi_table[0x1B] = 0x45; 797 /* Vcc max */ 798 pfl->cfi_table[0x1C] = 0x55; 799 /* Vpp min (no Vpp pin) */ 800 pfl->cfi_table[0x1D] = 0x00; 801 /* Vpp max (no Vpp pin) */ 802 pfl->cfi_table[0x1E] = 0x00; 803 /* Reserved */ 804 pfl->cfi_table[0x1F] = 0x07; 805 /* Timeout for min size buffer write */ 806 pfl->cfi_table[0x20] = 0x07; 807 /* Typical timeout for block erase */ 808 pfl->cfi_table[0x21] = 0x0a; 809 /* Typical timeout for full chip erase (4096 ms) */ 810 pfl->cfi_table[0x22] = 0x00; 811 /* Reserved */ 812 pfl->cfi_table[0x23] = 0x04; 813 /* Max timeout for buffer write */ 814 pfl->cfi_table[0x24] = 0x04; 815 /* Max timeout for block erase */ 816 pfl->cfi_table[0x25] = 0x04; 817 /* Max timeout for chip erase */ 818 pfl->cfi_table[0x26] = 0x00; 819 /* Device size */ 820 pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */ 821 /* Flash device interface (8 & 16 bits) */ 822 pfl->cfi_table[0x28] = 0x02; 823 pfl->cfi_table[0x29] = 0x00; 824 /* Max number of bytes in multi-bytes write */ 825 if (pfl->bank_width == 1) { 826 pfl->cfi_table[0x2A] = 0x08; 827 } else { 828 pfl->cfi_table[0x2A] = 0x0B; 829 } 830 pfl->writeblock_size = 1 << pfl->cfi_table[0x2A]; 831 if (!pfl->old_multiple_chip_handling && num_devices > 1) { 832 pfl->writeblock_size *= num_devices; 833 } 834 835 pfl->cfi_table[0x2B] = 0x00; 836 /* Number of erase block regions (uniform) */ 837 pfl->cfi_table[0x2C] = 0x01; 838 /* Erase block region 1 */ 839 pfl->cfi_table[0x2D] = blocks_per_device - 1; 840 pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8; 841 pfl->cfi_table[0x2F] = sector_len_per_device >> 8; 842 pfl->cfi_table[0x30] = sector_len_per_device >> 16; 843 844 /* Extended */ 845 pfl->cfi_table[0x31] = 'P'; 846 pfl->cfi_table[0x32] = 'R'; 847 pfl->cfi_table[0x33] = 'I'; 848 849 pfl->cfi_table[0x34] = '1'; 850 pfl->cfi_table[0x35] = '0'; 851 852 pfl->cfi_table[0x36] = 0x00; 853 pfl->cfi_table[0x37] = 0x00; 854 pfl->cfi_table[0x38] = 0x00; 855 pfl->cfi_table[0x39] = 0x00; 856 857 pfl->cfi_table[0x3a] = 0x00; 858 859 pfl->cfi_table[0x3b] = 0x00; 860 pfl->cfi_table[0x3c] = 0x00; 861 862 pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */ 863 } 864 865 static Property pflash_cfi01_properties[] = { 866 DEFINE_PROP_DRIVE("drive", PFlashCFI01, blk), 867 /* num-blocks is the number of blocks actually visible to the guest, 868 * ie the total size of the device divided by the sector length. 869 * If we're emulating flash devices wired in parallel the actual 870 * number of blocks per indvidual device will differ. 871 */ 872 DEFINE_PROP_UINT32("num-blocks", PFlashCFI01, nb_blocs, 0), 873 DEFINE_PROP_UINT64("sector-length", PFlashCFI01, sector_len, 0), 874 /* width here is the overall width of this QEMU device in bytes. 875 * The QEMU device may be emulating a number of flash devices 876 * wired up in parallel; the width of each individual flash 877 * device should be specified via device-width. If the individual 878 * devices have a maximum width which is greater than the width 879 * they are being used for, this maximum width should be set via 880 * max-device-width (which otherwise defaults to device-width). 881 * So for instance a 32-bit wide QEMU flash device made from four 882 * 16-bit flash devices used in 8-bit wide mode would be configured 883 * with width = 4, device-width = 1, max-device-width = 2. 884 * 885 * If device-width is not specified we default to backwards 886 * compatible behaviour which is a bad emulation of two 887 * 16 bit devices making up a 32 bit wide QEMU device. This 888 * is deprecated for new uses of this device. 889 */ 890 DEFINE_PROP_UINT8("width", PFlashCFI01, bank_width, 0), 891 DEFINE_PROP_UINT8("device-width", PFlashCFI01, device_width, 0), 892 DEFINE_PROP_UINT8("max-device-width", PFlashCFI01, max_device_width, 0), 893 DEFINE_PROP_BIT("big-endian", PFlashCFI01, features, PFLASH_BE, 0), 894 DEFINE_PROP_BIT("secure", PFlashCFI01, features, PFLASH_SECURE, 0), 895 DEFINE_PROP_UINT16("id0", PFlashCFI01, ident0, 0), 896 DEFINE_PROP_UINT16("id1", PFlashCFI01, ident1, 0), 897 DEFINE_PROP_UINT16("id2", PFlashCFI01, ident2, 0), 898 DEFINE_PROP_UINT16("id3", PFlashCFI01, ident3, 0), 899 DEFINE_PROP_STRING("name", PFlashCFI01, name), 900 DEFINE_PROP_BOOL("old-multiple-chip-handling", PFlashCFI01, 901 old_multiple_chip_handling, false), 902 DEFINE_PROP_END_OF_LIST(), 903 }; 904 905 static void pflash_cfi01_class_init(ObjectClass *klass, void *data) 906 { 907 DeviceClass *dc = DEVICE_CLASS(klass); 908 909 dc->realize = pflash_cfi01_realize; 910 dc->props = pflash_cfi01_properties; 911 dc->vmsd = &vmstate_pflash; 912 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 913 } 914 915 916 static const TypeInfo pflash_cfi01_info = { 917 .name = TYPE_PFLASH_CFI01, 918 .parent = TYPE_SYS_BUS_DEVICE, 919 .instance_size = sizeof(PFlashCFI01), 920 .class_init = pflash_cfi01_class_init, 921 }; 922 923 static void pflash_cfi01_register_types(void) 924 { 925 type_register_static(&pflash_cfi01_info); 926 } 927 928 type_init(pflash_cfi01_register_types) 929 930 PFlashCFI01 *pflash_cfi01_register(hwaddr base, 931 const char *name, 932 hwaddr size, 933 BlockBackend *blk, 934 uint32_t sector_len, 935 int bank_width, 936 uint16_t id0, uint16_t id1, 937 uint16_t id2, uint16_t id3, 938 int be) 939 { 940 DeviceState *dev = qdev_create(NULL, TYPE_PFLASH_CFI01); 941 942 if (blk) { 943 qdev_prop_set_drive(dev, "drive", blk, &error_abort); 944 } 945 assert(size % sector_len == 0); 946 qdev_prop_set_uint32(dev, "num-blocks", size / sector_len); 947 qdev_prop_set_uint64(dev, "sector-length", sector_len); 948 qdev_prop_set_uint8(dev, "width", bank_width); 949 qdev_prop_set_bit(dev, "big-endian", !!be); 950 qdev_prop_set_uint16(dev, "id0", id0); 951 qdev_prop_set_uint16(dev, "id1", id1); 952 qdev_prop_set_uint16(dev, "id2", id2); 953 qdev_prop_set_uint16(dev, "id3", id3); 954 qdev_prop_set_string(dev, "name", name); 955 qdev_init_nofail(dev); 956 957 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); 958 return PFLASH_CFI01(dev); 959 } 960 961 BlockBackend *pflash_cfi01_get_blk(PFlashCFI01 *fl) 962 { 963 return fl->blk; 964 } 965 966 MemoryRegion *pflash_cfi01_get_memory(PFlashCFI01 *fl) 967 { 968 return &fl->mem; 969 } 970 971 static void postload_update_cb(void *opaque, int running, RunState state) 972 { 973 PFlashCFI01 *pfl = opaque; 974 975 /* This is called after bdrv_invalidate_cache_all. */ 976 qemu_del_vm_change_state_handler(pfl->vmstate); 977 pfl->vmstate = NULL; 978 979 DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name); 980 pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs); 981 } 982 983 static int pflash_post_load(void *opaque, int version_id) 984 { 985 PFlashCFI01 *pfl = opaque; 986 987 if (!pfl->ro) { 988 pfl->vmstate = qemu_add_vm_change_state_handler(postload_update_cb, 989 pfl); 990 } 991 return 0; 992 } 993