1 /* 2 * CFI parallel flash with Intel command set emulation 3 * 4 * Copyright (c) 2006 Thorsten Zitterell 5 * Copyright (c) 2005 Jocelyn Mayer 6 * 7 * This library is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation; either 10 * version 2 of the License, or (at your option) any later version. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 /* 22 * For now, this code can emulate flashes of 1, 2 or 4 bytes width. 23 * Supported commands/modes are: 24 * - flash read 25 * - flash write 26 * - flash ID read 27 * - sector erase 28 * - CFI queries 29 * 30 * It does not support timings 31 * It does not support flash interleaving 32 * It does not implement software data protection as found in many real chips 33 * It does not implement erase suspend/resume commands 34 * It does not implement multiple sectors erase 35 * 36 * It does not implement much more ... 37 */ 38 39 #include "hw/hw.h" 40 #include "hw/block/flash.h" 41 #include "sysemu/block-backend.h" 42 #include "qemu/timer.h" 43 #include "qemu/bitops.h" 44 #include "exec/address-spaces.h" 45 #include "qemu/host-utils.h" 46 #include "hw/sysbus.h" 47 48 #define PFLASH_BUG(fmt, ...) \ 49 do { \ 50 fprintf(stderr, "PFLASH: Possible BUG - " fmt, ## __VA_ARGS__); \ 51 exit(1); \ 52 } while(0) 53 54 /* #define PFLASH_DEBUG */ 55 #ifdef PFLASH_DEBUG 56 #define DPRINTF(fmt, ...) \ 57 do { \ 58 fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \ 59 } while (0) 60 #else 61 #define DPRINTF(fmt, ...) do { } while (0) 62 #endif 63 64 #define TYPE_CFI_PFLASH01 "cfi.pflash01" 65 #define CFI_PFLASH01(obj) OBJECT_CHECK(pflash_t, (obj), TYPE_CFI_PFLASH01) 66 67 struct pflash_t { 68 /*< private >*/ 69 SysBusDevice parent_obj; 70 /*< public >*/ 71 72 BlockBackend *blk; 73 uint32_t nb_blocs; 74 uint64_t sector_len; 75 uint8_t bank_width; 76 uint8_t device_width; /* If 0, device width not specified. */ 77 uint8_t max_device_width; /* max device width in bytes */ 78 uint8_t be; 79 uint8_t wcycle; /* if 0, the flash is read normally */ 80 int ro; 81 uint8_t cmd; 82 uint8_t status; 83 uint16_t ident0; 84 uint16_t ident1; 85 uint16_t ident2; 86 uint16_t ident3; 87 uint8_t cfi_len; 88 uint8_t cfi_table[0x52]; 89 uint64_t counter; 90 unsigned int writeblock_size; 91 QEMUTimer *timer; 92 MemoryRegion mem; 93 char *name; 94 void *storage; 95 }; 96 97 static int pflash_post_load(void *opaque, int version_id); 98 99 static const VMStateDescription vmstate_pflash = { 100 .name = "pflash_cfi01", 101 .version_id = 1, 102 .minimum_version_id = 1, 103 .post_load = pflash_post_load, 104 .fields = (VMStateField[]) { 105 VMSTATE_UINT8(wcycle, pflash_t), 106 VMSTATE_UINT8(cmd, pflash_t), 107 VMSTATE_UINT8(status, pflash_t), 108 VMSTATE_UINT64(counter, pflash_t), 109 VMSTATE_END_OF_LIST() 110 } 111 }; 112 113 static void pflash_timer (void *opaque) 114 { 115 pflash_t *pfl = opaque; 116 117 DPRINTF("%s: command %02x done\n", __func__, pfl->cmd); 118 /* Reset flash */ 119 pfl->status ^= 0x80; 120 memory_region_rom_device_set_romd(&pfl->mem, true); 121 pfl->wcycle = 0; 122 pfl->cmd = 0; 123 } 124 125 /* Perform a CFI query based on the bank width of the flash. 126 * If this code is called we know we have a device_width set for 127 * this flash. 128 */ 129 static uint32_t pflash_cfi_query(pflash_t *pfl, hwaddr offset) 130 { 131 int i; 132 uint32_t resp = 0; 133 hwaddr boff; 134 135 /* Adjust incoming offset to match expected device-width 136 * addressing. CFI query addresses are always specified in terms of 137 * the maximum supported width of the device. This means that x8 138 * devices and x8/x16 devices in x8 mode behave differently. For 139 * devices that are not used at their max width, we will be 140 * provided with addresses that use higher address bits than 141 * expected (based on the max width), so we will shift them lower 142 * so that they will match the addresses used when 143 * device_width==max_device_width. 144 */ 145 boff = offset >> (ctz32(pfl->bank_width) + 146 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 147 148 if (boff > pfl->cfi_len) { 149 return 0; 150 } 151 /* Now we will construct the CFI response generated by a single 152 * device, then replicate that for all devices that make up the 153 * bus. For wide parts used in x8 mode, CFI query responses 154 * are different than native byte-wide parts. 155 */ 156 resp = pfl->cfi_table[boff]; 157 if (pfl->device_width != pfl->max_device_width) { 158 /* The only case currently supported is x8 mode for a 159 * wider part. 160 */ 161 if (pfl->device_width != 1 || pfl->bank_width > 4) { 162 DPRINTF("%s: Unsupported device configuration: " 163 "device_width=%d, max_device_width=%d\n", 164 __func__, pfl->device_width, 165 pfl->max_device_width); 166 return 0; 167 } 168 /* CFI query data is repeated, rather than zero padded for 169 * wide devices used in x8 mode. 170 */ 171 for (i = 1; i < pfl->max_device_width; i++) { 172 resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]); 173 } 174 } 175 /* Replicate responses for each device in bank. */ 176 if (pfl->device_width < pfl->bank_width) { 177 for (i = pfl->device_width; 178 i < pfl->bank_width; i += pfl->device_width) { 179 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 180 } 181 } 182 183 return resp; 184 } 185 186 187 188 /* Perform a device id query based on the bank width of the flash. */ 189 static uint32_t pflash_devid_query(pflash_t *pfl, hwaddr offset) 190 { 191 int i; 192 uint32_t resp; 193 hwaddr boff; 194 195 /* Adjust incoming offset to match expected device-width 196 * addressing. Device ID read addresses are always specified in 197 * terms of the maximum supported width of the device. This means 198 * that x8 devices and x8/x16 devices in x8 mode behave 199 * differently. For devices that are not used at their max width, 200 * we will be provided with addresses that use higher address bits 201 * than expected (based on the max width), so we will shift them 202 * lower so that they will match the addresses used when 203 * device_width==max_device_width. 204 */ 205 boff = offset >> (ctz32(pfl->bank_width) + 206 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 207 208 /* Mask off upper bits which may be used in to query block 209 * or sector lock status at other addresses. 210 * Offsets 2/3 are block lock status, is not emulated. 211 */ 212 switch (boff & 0xFF) { 213 case 0: 214 resp = pfl->ident0; 215 DPRINTF("%s: Manufacturer Code %04x\n", __func__, resp); 216 break; 217 case 1: 218 resp = pfl->ident1; 219 DPRINTF("%s: Device ID Code %04x\n", __func__, resp); 220 break; 221 default: 222 DPRINTF("%s: Read Device Information offset=%x\n", __func__, 223 (unsigned)offset); 224 return 0; 225 break; 226 } 227 /* Replicate responses for each device in bank. */ 228 if (pfl->device_width < pfl->bank_width) { 229 for (i = pfl->device_width; 230 i < pfl->bank_width; i += pfl->device_width) { 231 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 232 } 233 } 234 235 return resp; 236 } 237 238 static uint32_t pflash_read (pflash_t *pfl, hwaddr offset, 239 int width, int be) 240 { 241 hwaddr boff; 242 uint32_t ret; 243 uint8_t *p; 244 245 ret = -1; 246 247 #if 0 248 DPRINTF("%s: reading offset " TARGET_FMT_plx " under cmd %02x width %d\n", 249 __func__, offset, pfl->cmd, width); 250 #endif 251 switch (pfl->cmd) { 252 default: 253 /* This should never happen : reset state & treat it as a read */ 254 DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd); 255 pfl->wcycle = 0; 256 pfl->cmd = 0; 257 /* fall through to read code */ 258 case 0x00: 259 /* Flash area read */ 260 p = pfl->storage; 261 switch (width) { 262 case 1: 263 ret = p[offset]; 264 DPRINTF("%s: data offset " TARGET_FMT_plx " %02x\n", 265 __func__, offset, ret); 266 break; 267 case 2: 268 if (be) { 269 ret = p[offset] << 8; 270 ret |= p[offset + 1]; 271 } else { 272 ret = p[offset]; 273 ret |= p[offset + 1] << 8; 274 } 275 DPRINTF("%s: data offset " TARGET_FMT_plx " %04x\n", 276 __func__, offset, ret); 277 break; 278 case 4: 279 if (be) { 280 ret = p[offset] << 24; 281 ret |= p[offset + 1] << 16; 282 ret |= p[offset + 2] << 8; 283 ret |= p[offset + 3]; 284 } else { 285 ret = p[offset]; 286 ret |= p[offset + 1] << 8; 287 ret |= p[offset + 2] << 16; 288 ret |= p[offset + 3] << 24; 289 } 290 DPRINTF("%s: data offset " TARGET_FMT_plx " %08x\n", 291 __func__, offset, ret); 292 break; 293 default: 294 DPRINTF("BUG in %s\n", __func__); 295 } 296 297 break; 298 case 0x10: /* Single byte program */ 299 case 0x20: /* Block erase */ 300 case 0x28: /* Block erase */ 301 case 0x40: /* single byte program */ 302 case 0x50: /* Clear status register */ 303 case 0x60: /* Block /un)lock */ 304 case 0x70: /* Status Register */ 305 case 0xe8: /* Write block */ 306 /* Status register read. Return status from each device in 307 * bank. 308 */ 309 ret = pfl->status; 310 if (pfl->device_width && width > pfl->device_width) { 311 int shift = pfl->device_width * 8; 312 while (shift + pfl->device_width * 8 <= width * 8) { 313 ret |= pfl->status << shift; 314 shift += pfl->device_width * 8; 315 } 316 } else if (!pfl->device_width && width > 2) { 317 /* Handle 32 bit flash cases where device width is not 318 * set. (Existing behavior before device width added.) 319 */ 320 ret |= pfl->status << 16; 321 } 322 DPRINTF("%s: status %x\n", __func__, ret); 323 break; 324 case 0x90: 325 if (!pfl->device_width) { 326 /* Preserve old behavior if device width not specified */ 327 boff = offset & 0xFF; 328 if (pfl->bank_width == 2) { 329 boff = boff >> 1; 330 } else if (pfl->bank_width == 4) { 331 boff = boff >> 2; 332 } 333 334 switch (boff) { 335 case 0: 336 ret = pfl->ident0 << 8 | pfl->ident1; 337 DPRINTF("%s: Manufacturer Code %04x\n", __func__, ret); 338 break; 339 case 1: 340 ret = pfl->ident2 << 8 | pfl->ident3; 341 DPRINTF("%s: Device ID Code %04x\n", __func__, ret); 342 break; 343 default: 344 DPRINTF("%s: Read Device Information boff=%x\n", __func__, 345 (unsigned)boff); 346 ret = 0; 347 break; 348 } 349 } else { 350 /* If we have a read larger than the bank_width, combine multiple 351 * manufacturer/device ID queries into a single response. 352 */ 353 int i; 354 for (i = 0; i < width; i += pfl->bank_width) { 355 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 356 pflash_devid_query(pfl, 357 offset + i * pfl->bank_width)); 358 } 359 } 360 break; 361 case 0x98: /* Query mode */ 362 if (!pfl->device_width) { 363 /* Preserve old behavior if device width not specified */ 364 boff = offset & 0xFF; 365 if (pfl->bank_width == 2) { 366 boff = boff >> 1; 367 } else if (pfl->bank_width == 4) { 368 boff = boff >> 2; 369 } 370 371 if (boff > pfl->cfi_len) { 372 ret = 0; 373 } else { 374 ret = pfl->cfi_table[boff]; 375 } 376 } else { 377 /* If we have a read larger than the bank_width, combine multiple 378 * CFI queries into a single response. 379 */ 380 int i; 381 for (i = 0; i < width; i += pfl->bank_width) { 382 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 383 pflash_cfi_query(pfl, 384 offset + i * pfl->bank_width)); 385 } 386 } 387 388 break; 389 } 390 return ret; 391 } 392 393 /* update flash content on disk */ 394 static void pflash_update(pflash_t *pfl, int offset, 395 int size) 396 { 397 int offset_end; 398 if (pfl->blk) { 399 offset_end = offset + size; 400 /* round to sectors */ 401 offset = offset >> 9; 402 offset_end = (offset_end + 511) >> 9; 403 blk_write(pfl->blk, offset, pfl->storage + (offset << 9), 404 offset_end - offset); 405 } 406 } 407 408 static inline void pflash_data_write(pflash_t *pfl, hwaddr offset, 409 uint32_t value, int width, int be) 410 { 411 uint8_t *p = pfl->storage; 412 413 DPRINTF("%s: block write offset " TARGET_FMT_plx 414 " value %x counter %016" PRIx64 "\n", 415 __func__, offset, value, pfl->counter); 416 switch (width) { 417 case 1: 418 p[offset] = value; 419 break; 420 case 2: 421 if (be) { 422 p[offset] = value >> 8; 423 p[offset + 1] = value; 424 } else { 425 p[offset] = value; 426 p[offset + 1] = value >> 8; 427 } 428 break; 429 case 4: 430 if (be) { 431 p[offset] = value >> 24; 432 p[offset + 1] = value >> 16; 433 p[offset + 2] = value >> 8; 434 p[offset + 3] = value; 435 } else { 436 p[offset] = value; 437 p[offset + 1] = value >> 8; 438 p[offset + 2] = value >> 16; 439 p[offset + 3] = value >> 24; 440 } 441 break; 442 } 443 444 } 445 446 static void pflash_write(pflash_t *pfl, hwaddr offset, 447 uint32_t value, int width, int be) 448 { 449 uint8_t *p; 450 uint8_t cmd; 451 452 cmd = value; 453 454 DPRINTF("%s: writing offset " TARGET_FMT_plx " value %08x width %d wcycle 0x%x\n", 455 __func__, offset, value, width, pfl->wcycle); 456 457 if (!pfl->wcycle) { 458 /* Set the device in I/O access mode */ 459 memory_region_rom_device_set_romd(&pfl->mem, false); 460 } 461 462 switch (pfl->wcycle) { 463 case 0: 464 /* read mode */ 465 switch (cmd) { 466 case 0x00: /* ??? */ 467 goto reset_flash; 468 case 0x10: /* Single Byte Program */ 469 case 0x40: /* Single Byte Program */ 470 DPRINTF("%s: Single Byte Program\n", __func__); 471 break; 472 case 0x20: /* Block erase */ 473 p = pfl->storage; 474 offset &= ~(pfl->sector_len - 1); 475 476 DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n", 477 __func__, offset, (unsigned)pfl->sector_len); 478 479 if (!pfl->ro) { 480 memset(p + offset, 0xff, pfl->sector_len); 481 pflash_update(pfl, offset, pfl->sector_len); 482 } else { 483 pfl->status |= 0x20; /* Block erase error */ 484 } 485 pfl->status |= 0x80; /* Ready! */ 486 break; 487 case 0x50: /* Clear status bits */ 488 DPRINTF("%s: Clear status bits\n", __func__); 489 pfl->status = 0x0; 490 goto reset_flash; 491 case 0x60: /* Block (un)lock */ 492 DPRINTF("%s: Block unlock\n", __func__); 493 break; 494 case 0x70: /* Status Register */ 495 DPRINTF("%s: Read status register\n", __func__); 496 pfl->cmd = cmd; 497 return; 498 case 0x90: /* Read Device ID */ 499 DPRINTF("%s: Read Device information\n", __func__); 500 pfl->cmd = cmd; 501 return; 502 case 0x98: /* CFI query */ 503 DPRINTF("%s: CFI query\n", __func__); 504 break; 505 case 0xe8: /* Write to buffer */ 506 DPRINTF("%s: Write to buffer\n", __func__); 507 pfl->status |= 0x80; /* Ready! */ 508 break; 509 case 0xf0: /* Probe for AMD flash */ 510 DPRINTF("%s: Probe for AMD flash\n", __func__); 511 goto reset_flash; 512 case 0xff: /* Read array mode */ 513 DPRINTF("%s: Read array mode\n", __func__); 514 goto reset_flash; 515 default: 516 goto error_flash; 517 } 518 pfl->wcycle++; 519 pfl->cmd = cmd; 520 break; 521 case 1: 522 switch (pfl->cmd) { 523 case 0x10: /* Single Byte Program */ 524 case 0x40: /* Single Byte Program */ 525 DPRINTF("%s: Single Byte Program\n", __func__); 526 if (!pfl->ro) { 527 pflash_data_write(pfl, offset, value, width, be); 528 pflash_update(pfl, offset, width); 529 } else { 530 pfl->status |= 0x10; /* Programming error */ 531 } 532 pfl->status |= 0x80; /* Ready! */ 533 pfl->wcycle = 0; 534 break; 535 case 0x20: /* Block erase */ 536 case 0x28: 537 if (cmd == 0xd0) { /* confirm */ 538 pfl->wcycle = 0; 539 pfl->status |= 0x80; 540 } else if (cmd == 0xff) { /* read array mode */ 541 goto reset_flash; 542 } else 543 goto error_flash; 544 545 break; 546 case 0xe8: 547 /* Mask writeblock size based on device width, or bank width if 548 * device width not specified. 549 */ 550 if (pfl->device_width) { 551 value = extract32(value, 0, pfl->device_width * 8); 552 } else { 553 value = extract32(value, 0, pfl->bank_width * 8); 554 } 555 DPRINTF("%s: block write of %x bytes\n", __func__, value); 556 pfl->counter = value; 557 pfl->wcycle++; 558 break; 559 case 0x60: 560 if (cmd == 0xd0) { 561 pfl->wcycle = 0; 562 pfl->status |= 0x80; 563 } else if (cmd == 0x01) { 564 pfl->wcycle = 0; 565 pfl->status |= 0x80; 566 } else if (cmd == 0xff) { 567 goto reset_flash; 568 } else { 569 DPRINTF("%s: Unknown (un)locking command\n", __func__); 570 goto reset_flash; 571 } 572 break; 573 case 0x98: 574 if (cmd == 0xff) { 575 goto reset_flash; 576 } else { 577 DPRINTF("%s: leaving query mode\n", __func__); 578 } 579 break; 580 default: 581 goto error_flash; 582 } 583 break; 584 case 2: 585 switch (pfl->cmd) { 586 case 0xe8: /* Block write */ 587 if (!pfl->ro) { 588 pflash_data_write(pfl, offset, value, width, be); 589 } else { 590 pfl->status |= 0x10; /* Programming error */ 591 } 592 593 pfl->status |= 0x80; 594 595 if (!pfl->counter) { 596 hwaddr mask = pfl->writeblock_size - 1; 597 mask = ~mask; 598 599 DPRINTF("%s: block write finished\n", __func__); 600 pfl->wcycle++; 601 if (!pfl->ro) { 602 /* Flush the entire write buffer onto backing storage. */ 603 pflash_update(pfl, offset & mask, pfl->writeblock_size); 604 } else { 605 pfl->status |= 0x10; /* Programming error */ 606 } 607 } 608 609 pfl->counter--; 610 break; 611 default: 612 goto error_flash; 613 } 614 break; 615 case 3: /* Confirm mode */ 616 switch (pfl->cmd) { 617 case 0xe8: /* Block write */ 618 if (cmd == 0xd0) { 619 pfl->wcycle = 0; 620 pfl->status |= 0x80; 621 } else { 622 DPRINTF("%s: unknown command for \"write block\"\n", __func__); 623 PFLASH_BUG("Write block confirm"); 624 goto reset_flash; 625 } 626 break; 627 default: 628 goto error_flash; 629 } 630 break; 631 default: 632 /* Should never happen */ 633 DPRINTF("%s: invalid write state\n", __func__); 634 goto reset_flash; 635 } 636 return; 637 638 error_flash: 639 qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence " 640 "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)" 641 "\n", __func__, offset, pfl->wcycle, pfl->cmd, value); 642 643 reset_flash: 644 memory_region_rom_device_set_romd(&pfl->mem, true); 645 646 pfl->wcycle = 0; 647 pfl->cmd = 0; 648 } 649 650 651 static uint32_t pflash_readb_be(void *opaque, hwaddr addr) 652 { 653 return pflash_read(opaque, addr, 1, 1); 654 } 655 656 static uint32_t pflash_readb_le(void *opaque, hwaddr addr) 657 { 658 return pflash_read(opaque, addr, 1, 0); 659 } 660 661 static uint32_t pflash_readw_be(void *opaque, hwaddr addr) 662 { 663 pflash_t *pfl = opaque; 664 665 return pflash_read(pfl, addr, 2, 1); 666 } 667 668 static uint32_t pflash_readw_le(void *opaque, hwaddr addr) 669 { 670 pflash_t *pfl = opaque; 671 672 return pflash_read(pfl, addr, 2, 0); 673 } 674 675 static uint32_t pflash_readl_be(void *opaque, hwaddr addr) 676 { 677 pflash_t *pfl = opaque; 678 679 return pflash_read(pfl, addr, 4, 1); 680 } 681 682 static uint32_t pflash_readl_le(void *opaque, hwaddr addr) 683 { 684 pflash_t *pfl = opaque; 685 686 return pflash_read(pfl, addr, 4, 0); 687 } 688 689 static void pflash_writeb_be(void *opaque, hwaddr addr, 690 uint32_t value) 691 { 692 pflash_write(opaque, addr, value, 1, 1); 693 } 694 695 static void pflash_writeb_le(void *opaque, hwaddr addr, 696 uint32_t value) 697 { 698 pflash_write(opaque, addr, value, 1, 0); 699 } 700 701 static void pflash_writew_be(void *opaque, hwaddr addr, 702 uint32_t value) 703 { 704 pflash_t *pfl = opaque; 705 706 pflash_write(pfl, addr, value, 2, 1); 707 } 708 709 static void pflash_writew_le(void *opaque, hwaddr addr, 710 uint32_t value) 711 { 712 pflash_t *pfl = opaque; 713 714 pflash_write(pfl, addr, value, 2, 0); 715 } 716 717 static void pflash_writel_be(void *opaque, hwaddr addr, 718 uint32_t value) 719 { 720 pflash_t *pfl = opaque; 721 722 pflash_write(pfl, addr, value, 4, 1); 723 } 724 725 static void pflash_writel_le(void *opaque, hwaddr addr, 726 uint32_t value) 727 { 728 pflash_t *pfl = opaque; 729 730 pflash_write(pfl, addr, value, 4, 0); 731 } 732 733 static const MemoryRegionOps pflash_cfi01_ops_be = { 734 .old_mmio = { 735 .read = { pflash_readb_be, pflash_readw_be, pflash_readl_be, }, 736 .write = { pflash_writeb_be, pflash_writew_be, pflash_writel_be, }, 737 }, 738 .endianness = DEVICE_NATIVE_ENDIAN, 739 }; 740 741 static const MemoryRegionOps pflash_cfi01_ops_le = { 742 .old_mmio = { 743 .read = { pflash_readb_le, pflash_readw_le, pflash_readl_le, }, 744 .write = { pflash_writeb_le, pflash_writew_le, pflash_writel_le, }, 745 }, 746 .endianness = DEVICE_NATIVE_ENDIAN, 747 }; 748 749 static void pflash_cfi01_realize(DeviceState *dev, Error **errp) 750 { 751 pflash_t *pfl = CFI_PFLASH01(dev); 752 uint64_t total_len; 753 int ret; 754 uint64_t blocks_per_device, device_len; 755 int num_devices; 756 Error *local_err = NULL; 757 758 total_len = pfl->sector_len * pfl->nb_blocs; 759 760 /* These are only used to expose the parameters of each device 761 * in the cfi_table[]. 762 */ 763 num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1; 764 blocks_per_device = pfl->nb_blocs / num_devices; 765 device_len = pfl->sector_len * blocks_per_device; 766 767 /* XXX: to be fixed */ 768 #if 0 769 if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) && 770 total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024)) 771 return NULL; 772 #endif 773 774 memory_region_init_rom_device( 775 &pfl->mem, OBJECT(dev), 776 pfl->be ? &pflash_cfi01_ops_be : &pflash_cfi01_ops_le, pfl, 777 pfl->name, total_len, &local_err); 778 if (local_err) { 779 error_propagate(errp, local_err); 780 return; 781 } 782 783 vmstate_register_ram(&pfl->mem, DEVICE(pfl)); 784 pfl->storage = memory_region_get_ram_ptr(&pfl->mem); 785 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem); 786 787 if (pfl->blk) { 788 /* read the initial flash content */ 789 ret = blk_read(pfl->blk, 0, pfl->storage, total_len >> 9); 790 791 if (ret < 0) { 792 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl)); 793 error_setg(errp, "failed to read the initial flash content"); 794 return; 795 } 796 } 797 798 if (pfl->blk) { 799 pfl->ro = blk_is_read_only(pfl->blk); 800 } else { 801 pfl->ro = 0; 802 } 803 804 /* Default to devices being used at their maximum device width. This was 805 * assumed before the device_width support was added. 806 */ 807 if (!pfl->max_device_width) { 808 pfl->max_device_width = pfl->device_width; 809 } 810 811 pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl); 812 pfl->wcycle = 0; 813 pfl->cmd = 0; 814 pfl->status = 0; 815 /* Hardcoded CFI table */ 816 pfl->cfi_len = 0x52; 817 /* Standard "QRY" string */ 818 pfl->cfi_table[0x10] = 'Q'; 819 pfl->cfi_table[0x11] = 'R'; 820 pfl->cfi_table[0x12] = 'Y'; 821 /* Command set (Intel) */ 822 pfl->cfi_table[0x13] = 0x01; 823 pfl->cfi_table[0x14] = 0x00; 824 /* Primary extended table address (none) */ 825 pfl->cfi_table[0x15] = 0x31; 826 pfl->cfi_table[0x16] = 0x00; 827 /* Alternate command set (none) */ 828 pfl->cfi_table[0x17] = 0x00; 829 pfl->cfi_table[0x18] = 0x00; 830 /* Alternate extended table (none) */ 831 pfl->cfi_table[0x19] = 0x00; 832 pfl->cfi_table[0x1A] = 0x00; 833 /* Vcc min */ 834 pfl->cfi_table[0x1B] = 0x45; 835 /* Vcc max */ 836 pfl->cfi_table[0x1C] = 0x55; 837 /* Vpp min (no Vpp pin) */ 838 pfl->cfi_table[0x1D] = 0x00; 839 /* Vpp max (no Vpp pin) */ 840 pfl->cfi_table[0x1E] = 0x00; 841 /* Reserved */ 842 pfl->cfi_table[0x1F] = 0x07; 843 /* Timeout for min size buffer write */ 844 pfl->cfi_table[0x20] = 0x07; 845 /* Typical timeout for block erase */ 846 pfl->cfi_table[0x21] = 0x0a; 847 /* Typical timeout for full chip erase (4096 ms) */ 848 pfl->cfi_table[0x22] = 0x00; 849 /* Reserved */ 850 pfl->cfi_table[0x23] = 0x04; 851 /* Max timeout for buffer write */ 852 pfl->cfi_table[0x24] = 0x04; 853 /* Max timeout for block erase */ 854 pfl->cfi_table[0x25] = 0x04; 855 /* Max timeout for chip erase */ 856 pfl->cfi_table[0x26] = 0x00; 857 /* Device size */ 858 pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */ 859 /* Flash device interface (8 & 16 bits) */ 860 pfl->cfi_table[0x28] = 0x02; 861 pfl->cfi_table[0x29] = 0x00; 862 /* Max number of bytes in multi-bytes write */ 863 if (pfl->bank_width == 1) { 864 pfl->cfi_table[0x2A] = 0x08; 865 } else { 866 pfl->cfi_table[0x2A] = 0x0B; 867 } 868 pfl->writeblock_size = 1 << pfl->cfi_table[0x2A]; 869 870 pfl->cfi_table[0x2B] = 0x00; 871 /* Number of erase block regions (uniform) */ 872 pfl->cfi_table[0x2C] = 0x01; 873 /* Erase block region 1 */ 874 pfl->cfi_table[0x2D] = blocks_per_device - 1; 875 pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8; 876 pfl->cfi_table[0x2F] = pfl->sector_len >> 8; 877 pfl->cfi_table[0x30] = pfl->sector_len >> 16; 878 879 /* Extended */ 880 pfl->cfi_table[0x31] = 'P'; 881 pfl->cfi_table[0x32] = 'R'; 882 pfl->cfi_table[0x33] = 'I'; 883 884 pfl->cfi_table[0x34] = '1'; 885 pfl->cfi_table[0x35] = '0'; 886 887 pfl->cfi_table[0x36] = 0x00; 888 pfl->cfi_table[0x37] = 0x00; 889 pfl->cfi_table[0x38] = 0x00; 890 pfl->cfi_table[0x39] = 0x00; 891 892 pfl->cfi_table[0x3a] = 0x00; 893 894 pfl->cfi_table[0x3b] = 0x00; 895 pfl->cfi_table[0x3c] = 0x00; 896 897 pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */ 898 } 899 900 static Property pflash_cfi01_properties[] = { 901 DEFINE_PROP_DRIVE("drive", struct pflash_t, blk), 902 /* num-blocks is the number of blocks actually visible to the guest, 903 * ie the total size of the device divided by the sector length. 904 * If we're emulating flash devices wired in parallel the actual 905 * number of blocks per indvidual device will differ. 906 */ 907 DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0), 908 DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0), 909 /* width here is the overall width of this QEMU device in bytes. 910 * The QEMU device may be emulating a number of flash devices 911 * wired up in parallel; the width of each individual flash 912 * device should be specified via device-width. If the individual 913 * devices have a maximum width which is greater than the width 914 * they are being used for, this maximum width should be set via 915 * max-device-width (which otherwise defaults to device-width). 916 * So for instance a 32-bit wide QEMU flash device made from four 917 * 16-bit flash devices used in 8-bit wide mode would be configured 918 * with width = 4, device-width = 1, max-device-width = 2. 919 * 920 * If device-width is not specified we default to backwards 921 * compatible behaviour which is a bad emulation of two 922 * 16 bit devices making up a 32 bit wide QEMU device. This 923 * is deprecated for new uses of this device. 924 */ 925 DEFINE_PROP_UINT8("width", struct pflash_t, bank_width, 0), 926 DEFINE_PROP_UINT8("device-width", struct pflash_t, device_width, 0), 927 DEFINE_PROP_UINT8("max-device-width", struct pflash_t, max_device_width, 0), 928 DEFINE_PROP_UINT8("big-endian", struct pflash_t, be, 0), 929 DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0), 930 DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0), 931 DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0), 932 DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0), 933 DEFINE_PROP_STRING("name", struct pflash_t, name), 934 DEFINE_PROP_END_OF_LIST(), 935 }; 936 937 static void pflash_cfi01_class_init(ObjectClass *klass, void *data) 938 { 939 DeviceClass *dc = DEVICE_CLASS(klass); 940 941 dc->realize = pflash_cfi01_realize; 942 dc->props = pflash_cfi01_properties; 943 dc->vmsd = &vmstate_pflash; 944 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 945 } 946 947 948 static const TypeInfo pflash_cfi01_info = { 949 .name = TYPE_CFI_PFLASH01, 950 .parent = TYPE_SYS_BUS_DEVICE, 951 .instance_size = sizeof(struct pflash_t), 952 .class_init = pflash_cfi01_class_init, 953 }; 954 955 static void pflash_cfi01_register_types(void) 956 { 957 type_register_static(&pflash_cfi01_info); 958 } 959 960 type_init(pflash_cfi01_register_types) 961 962 pflash_t *pflash_cfi01_register(hwaddr base, 963 DeviceState *qdev, const char *name, 964 hwaddr size, 965 BlockBackend *blk, 966 uint32_t sector_len, int nb_blocs, 967 int bank_width, uint16_t id0, uint16_t id1, 968 uint16_t id2, uint16_t id3, int be) 969 { 970 DeviceState *dev = qdev_create(NULL, TYPE_CFI_PFLASH01); 971 972 if (blk) { 973 qdev_prop_set_drive(dev, "drive", blk, &error_abort); 974 } 975 qdev_prop_set_uint32(dev, "num-blocks", nb_blocs); 976 qdev_prop_set_uint64(dev, "sector-length", sector_len); 977 qdev_prop_set_uint8(dev, "width", bank_width); 978 qdev_prop_set_uint8(dev, "big-endian", !!be); 979 qdev_prop_set_uint16(dev, "id0", id0); 980 qdev_prop_set_uint16(dev, "id1", id1); 981 qdev_prop_set_uint16(dev, "id2", id2); 982 qdev_prop_set_uint16(dev, "id3", id3); 983 qdev_prop_set_string(dev, "name", name); 984 qdev_init_nofail(dev); 985 986 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); 987 return CFI_PFLASH01(dev); 988 } 989 990 MemoryRegion *pflash_cfi01_get_memory(pflash_t *fl) 991 { 992 return &fl->mem; 993 } 994 995 static int pflash_post_load(void *opaque, int version_id) 996 { 997 pflash_t *pfl = opaque; 998 999 if (!pfl->ro) { 1000 DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name); 1001 pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs); 1002 } 1003 return 0; 1004 } 1005