1 /* 2 * CFI parallel flash with Intel command set emulation 3 * 4 * Copyright (c) 2006 Thorsten Zitterell 5 * Copyright (c) 2005 Jocelyn Mayer 6 * 7 * This library is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation; either 10 * version 2.1 of the License, or (at your option) any later version. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 /* 22 * For now, this code can emulate flashes of 1, 2 or 4 bytes width. 23 * Supported commands/modes are: 24 * - flash read 25 * - flash write 26 * - flash ID read 27 * - sector erase 28 * - CFI queries 29 * 30 * It does not support timings 31 * It does not support flash interleaving 32 * It does not implement software data protection as found in many real chips 33 * It does not implement erase suspend/resume commands 34 * It does not implement multiple sectors erase 35 * 36 * It does not implement much more ... 37 */ 38 39 #include "qemu/osdep.h" 40 #include "hw/block/block.h" 41 #include "hw/block/flash.h" 42 #include "hw/qdev-properties.h" 43 #include "hw/qdev-properties-system.h" 44 #include "sysemu/block-backend.h" 45 #include "qapi/error.h" 46 #include "qemu/error-report.h" 47 #include "qemu/bitops.h" 48 #include "qemu/host-utils.h" 49 #include "qemu/log.h" 50 #include "qemu/option.h" 51 #include "hw/sysbus.h" 52 #include "migration/vmstate.h" 53 #include "sysemu/blockdev.h" 54 #include "sysemu/runstate.h" 55 #include "trace.h" 56 57 #define PFLASH_BE 0 58 #define PFLASH_SECURE 1 59 60 struct PFlashCFI01 { 61 /*< private >*/ 62 SysBusDevice parent_obj; 63 /*< public >*/ 64 65 BlockBackend *blk; 66 uint32_t nb_blocs; 67 uint64_t sector_len; 68 uint8_t bank_width; 69 uint8_t device_width; /* If 0, device width not specified. */ 70 uint8_t max_device_width; /* max device width in bytes */ 71 uint32_t features; 72 uint8_t wcycle; /* if 0, the flash is read normally */ 73 bool ro; 74 uint8_t cmd; 75 uint8_t status; 76 uint16_t ident0; 77 uint16_t ident1; 78 uint16_t ident2; 79 uint16_t ident3; 80 uint8_t cfi_table[0x52]; 81 uint64_t counter; 82 uint32_t writeblock_size; 83 MemoryRegion mem; 84 char *name; 85 void *storage; 86 VMChangeStateEntry *vmstate; 87 bool old_multiple_chip_handling; 88 89 /* block update buffer */ 90 unsigned char *blk_bytes; 91 uint32_t blk_offset; 92 }; 93 94 static int pflash_post_load(void *opaque, int version_id); 95 96 static bool pflash_blk_write_state_needed(void *opaque) 97 { 98 PFlashCFI01 *pfl = opaque; 99 100 return (pfl->blk_offset != -1); 101 } 102 103 static const VMStateDescription vmstate_pflash_blk_write = { 104 .name = "pflash_cfi01_blk_write", 105 .version_id = 1, 106 .minimum_version_id = 1, 107 .needed = pflash_blk_write_state_needed, 108 .fields = (const VMStateField[]) { 109 VMSTATE_VBUFFER_UINT32(blk_bytes, PFlashCFI01, 0, NULL, writeblock_size), 110 VMSTATE_UINT32(blk_offset, PFlashCFI01), 111 VMSTATE_END_OF_LIST() 112 } 113 }; 114 115 static const VMStateDescription vmstate_pflash = { 116 .name = "pflash_cfi01", 117 .version_id = 1, 118 .minimum_version_id = 1, 119 .post_load = pflash_post_load, 120 .fields = (const VMStateField[]) { 121 VMSTATE_UINT8(wcycle, PFlashCFI01), 122 VMSTATE_UINT8(cmd, PFlashCFI01), 123 VMSTATE_UINT8(status, PFlashCFI01), 124 VMSTATE_UINT64(counter, PFlashCFI01), 125 VMSTATE_END_OF_LIST() 126 }, 127 .subsections = (const VMStateDescription * const []) { 128 &vmstate_pflash_blk_write, 129 NULL 130 } 131 }; 132 133 /* 134 * Perform a CFI query based on the bank width of the flash. 135 * If this code is called we know we have a device_width set for 136 * this flash. 137 */ 138 static uint32_t pflash_cfi_query(PFlashCFI01 *pfl, hwaddr offset) 139 { 140 int i; 141 uint32_t resp = 0; 142 hwaddr boff; 143 144 /* 145 * Adjust incoming offset to match expected device-width 146 * addressing. CFI query addresses are always specified in terms of 147 * the maximum supported width of the device. This means that x8 148 * devices and x8/x16 devices in x8 mode behave differently. For 149 * devices that are not used at their max width, we will be 150 * provided with addresses that use higher address bits than 151 * expected (based on the max width), so we will shift them lower 152 * so that they will match the addresses used when 153 * device_width==max_device_width. 154 */ 155 boff = offset >> (ctz32(pfl->bank_width) + 156 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 157 158 if (boff >= sizeof(pfl->cfi_table)) { 159 return 0; 160 } 161 /* 162 * Now we will construct the CFI response generated by a single 163 * device, then replicate that for all devices that make up the 164 * bus. For wide parts used in x8 mode, CFI query responses 165 * are different than native byte-wide parts. 166 */ 167 resp = pfl->cfi_table[boff]; 168 if (pfl->device_width != pfl->max_device_width) { 169 /* The only case currently supported is x8 mode for a 170 * wider part. 171 */ 172 if (pfl->device_width != 1 || pfl->bank_width > 4) { 173 trace_pflash_unsupported_device_configuration(pfl->name, 174 pfl->device_width, pfl->max_device_width); 175 return 0; 176 } 177 /* CFI query data is repeated, rather than zero padded for 178 * wide devices used in x8 mode. 179 */ 180 for (i = 1; i < pfl->max_device_width; i++) { 181 resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]); 182 } 183 } 184 /* Replicate responses for each device in bank. */ 185 if (pfl->device_width < pfl->bank_width) { 186 for (i = pfl->device_width; 187 i < pfl->bank_width; i += pfl->device_width) { 188 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 189 } 190 } 191 192 return resp; 193 } 194 195 196 197 /* Perform a device id query based on the bank width of the flash. */ 198 static uint32_t pflash_devid_query(PFlashCFI01 *pfl, hwaddr offset) 199 { 200 int i; 201 uint32_t resp; 202 hwaddr boff; 203 204 /* 205 * Adjust incoming offset to match expected device-width 206 * addressing. Device ID read addresses are always specified in 207 * terms of the maximum supported width of the device. This means 208 * that x8 devices and x8/x16 devices in x8 mode behave 209 * differently. For devices that are not used at their max width, 210 * we will be provided with addresses that use higher address bits 211 * than expected (based on the max width), so we will shift them 212 * lower so that they will match the addresses used when 213 * device_width==max_device_width. 214 */ 215 boff = offset >> (ctz32(pfl->bank_width) + 216 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 217 218 /* 219 * Mask off upper bits which may be used in to query block 220 * or sector lock status at other addresses. 221 * Offsets 2/3 are block lock status, is not emulated. 222 */ 223 switch (boff & 0xFF) { 224 case 0: 225 resp = pfl->ident0; 226 trace_pflash_manufacturer_id(pfl->name, resp); 227 break; 228 case 1: 229 resp = pfl->ident1; 230 trace_pflash_device_id(pfl->name, resp); 231 break; 232 default: 233 trace_pflash_device_info(pfl->name, offset); 234 return 0; 235 } 236 /* Replicate responses for each device in bank. */ 237 if (pfl->device_width < pfl->bank_width) { 238 for (i = pfl->device_width; 239 i < pfl->bank_width; i += pfl->device_width) { 240 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 241 } 242 } 243 244 return resp; 245 } 246 247 static uint32_t pflash_data_read(PFlashCFI01 *pfl, hwaddr offset, 248 int width, int be) 249 { 250 uint8_t *p; 251 uint32_t ret; 252 253 p = pfl->storage; 254 if (be) { 255 ret = ldn_be_p(p + offset, width); 256 } else { 257 ret = ldn_le_p(p + offset, width); 258 } 259 trace_pflash_data_read(pfl->name, offset, width, ret); 260 return ret; 261 } 262 263 static uint32_t pflash_read(PFlashCFI01 *pfl, hwaddr offset, 264 int width, int be) 265 { 266 hwaddr boff; 267 uint32_t ret; 268 269 ret = -1; 270 switch (pfl->cmd) { 271 default: 272 /* This should never happen : reset state & treat it as a read */ 273 trace_pflash_read_unknown_state(pfl->name, pfl->cmd); 274 pfl->wcycle = 0; 275 /* 276 * The command 0x00 is not assigned by the CFI open standard, 277 * but QEMU historically uses it for the READ_ARRAY command (0xff). 278 */ 279 pfl->cmd = 0x00; 280 /* fall through to read code */ 281 case 0x00: /* This model reset value for READ_ARRAY (not CFI compliant) */ 282 /* Flash area read */ 283 ret = pflash_data_read(pfl, offset, width, be); 284 break; 285 case 0x10: /* Single byte program */ 286 case 0x20: /* Block erase */ 287 case 0x28: /* Block erase */ 288 case 0x40: /* single byte program */ 289 case 0x50: /* Clear status register */ 290 case 0x60: /* Block /un)lock */ 291 case 0x70: /* Status Register */ 292 case 0xe8: /* Write block */ 293 /* 294 * Status register read. Return status from each device in 295 * bank. 296 */ 297 ret = pfl->status; 298 if (pfl->device_width && width > pfl->device_width) { 299 int shift = pfl->device_width * 8; 300 while (shift + pfl->device_width * 8 <= width * 8) { 301 ret |= pfl->status << shift; 302 shift += pfl->device_width * 8; 303 } 304 } else if (!pfl->device_width && width > 2) { 305 /* 306 * Handle 32 bit flash cases where device width is not 307 * set. (Existing behavior before device width added.) 308 */ 309 ret |= pfl->status << 16; 310 } 311 trace_pflash_read_status(pfl->name, ret); 312 break; 313 case 0x90: 314 if (!pfl->device_width) { 315 /* Preserve old behavior if device width not specified */ 316 boff = offset & 0xFF; 317 if (pfl->bank_width == 2) { 318 boff = boff >> 1; 319 } else if (pfl->bank_width == 4) { 320 boff = boff >> 2; 321 } 322 323 switch (boff) { 324 case 0: 325 ret = pfl->ident0 << 8 | pfl->ident1; 326 trace_pflash_manufacturer_id(pfl->name, ret); 327 break; 328 case 1: 329 ret = pfl->ident2 << 8 | pfl->ident3; 330 trace_pflash_device_id(pfl->name, ret); 331 break; 332 default: 333 trace_pflash_device_info(pfl->name, boff); 334 ret = 0; 335 break; 336 } 337 } else { 338 /* 339 * If we have a read larger than the bank_width, combine multiple 340 * manufacturer/device ID queries into a single response. 341 */ 342 int i; 343 for (i = 0; i < width; i += pfl->bank_width) { 344 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 345 pflash_devid_query(pfl, 346 offset + i * pfl->bank_width)); 347 } 348 } 349 break; 350 case 0x98: /* Query mode */ 351 if (!pfl->device_width) { 352 /* Preserve old behavior if device width not specified */ 353 boff = offset & 0xFF; 354 if (pfl->bank_width == 2) { 355 boff = boff >> 1; 356 } else if (pfl->bank_width == 4) { 357 boff = boff >> 2; 358 } 359 360 if (boff < sizeof(pfl->cfi_table)) { 361 ret = pfl->cfi_table[boff]; 362 } else { 363 ret = 0; 364 } 365 } else { 366 /* 367 * If we have a read larger than the bank_width, combine multiple 368 * CFI queries into a single response. 369 */ 370 int i; 371 for (i = 0; i < width; i += pfl->bank_width) { 372 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 373 pflash_cfi_query(pfl, 374 offset + i * pfl->bank_width)); 375 } 376 } 377 378 break; 379 } 380 trace_pflash_io_read(pfl->name, offset, width, ret, pfl->cmd, pfl->wcycle); 381 382 return ret; 383 } 384 385 /* update flash content on disk */ 386 static void pflash_update(PFlashCFI01 *pfl, int offset, 387 int size) 388 { 389 int offset_end; 390 int ret; 391 if (pfl->blk) { 392 offset_end = offset + size; 393 /* widen to sector boundaries */ 394 offset = QEMU_ALIGN_DOWN(offset, BDRV_SECTOR_SIZE); 395 offset_end = QEMU_ALIGN_UP(offset_end, BDRV_SECTOR_SIZE); 396 ret = blk_pwrite(pfl->blk, offset, offset_end - offset, 397 pfl->storage + offset, 0); 398 if (ret < 0) { 399 /* TODO set error bit in status */ 400 error_report("Could not update PFLASH: %s", strerror(-ret)); 401 } 402 } 403 } 404 405 /* copy current flash content to block update buffer */ 406 static void pflash_blk_write_start(PFlashCFI01 *pfl, hwaddr offset) 407 { 408 hwaddr mask = ~(pfl->writeblock_size - 1); 409 410 trace_pflash_write_block_start(pfl->name, pfl->counter); 411 pfl->blk_offset = offset & mask; 412 memcpy(pfl->blk_bytes, pfl->storage + pfl->blk_offset, 413 pfl->writeblock_size); 414 } 415 416 /* commit block update buffer changes */ 417 static void pflash_blk_write_flush(PFlashCFI01 *pfl) 418 { 419 g_assert(pfl->blk_offset != -1); 420 trace_pflash_write_block_flush(pfl->name); 421 memcpy(pfl->storage + pfl->blk_offset, pfl->blk_bytes, 422 pfl->writeblock_size); 423 pflash_update(pfl, pfl->blk_offset, pfl->writeblock_size); 424 pfl->blk_offset = -1; 425 } 426 427 /* discard block update buffer changes */ 428 static void pflash_blk_write_abort(PFlashCFI01 *pfl) 429 { 430 trace_pflash_write_block_abort(pfl->name); 431 pfl->blk_offset = -1; 432 } 433 434 static inline void pflash_data_write(PFlashCFI01 *pfl, hwaddr offset, 435 uint32_t value, int width, int be) 436 { 437 uint8_t *p; 438 439 if (pfl->blk_offset != -1) { 440 /* block write: redirect writes to block update buffer */ 441 if ((offset < pfl->blk_offset) || 442 (offset + width > pfl->blk_offset + pfl->writeblock_size)) { 443 pfl->status |= 0x10; /* Programming error */ 444 return; 445 } 446 trace_pflash_data_write_block(pfl->name, offset, width, value, 447 pfl->counter); 448 p = pfl->blk_bytes + (offset - pfl->blk_offset); 449 } else { 450 /* write directly to storage */ 451 trace_pflash_data_write(pfl->name, offset, width, value); 452 p = pfl->storage + offset; 453 } 454 455 if (be) { 456 stn_be_p(p, width, value); 457 } else { 458 stn_le_p(p, width, value); 459 } 460 } 461 462 static void pflash_write(PFlashCFI01 *pfl, hwaddr offset, 463 uint32_t value, int width, int be) 464 { 465 uint8_t *p; 466 uint8_t cmd; 467 468 cmd = value; 469 470 trace_pflash_io_write(pfl->name, offset, width, value, pfl->wcycle); 471 if (!pfl->wcycle) { 472 /* Set the device in I/O access mode */ 473 memory_region_rom_device_set_romd(&pfl->mem, false); 474 } 475 476 switch (pfl->wcycle) { 477 case 0: 478 /* read mode */ 479 switch (cmd) { 480 case 0x00: /* This model reset value for READ_ARRAY (not CFI) */ 481 goto mode_read_array; 482 case 0x10: /* Single Byte Program */ 483 case 0x40: /* Single Byte Program */ 484 trace_pflash_write(pfl->name, "single byte program (0)"); 485 break; 486 case 0x20: /* Block erase */ 487 p = pfl->storage; 488 offset &= ~(pfl->sector_len - 1); 489 490 trace_pflash_write_block_erase(pfl->name, offset, pfl->sector_len); 491 492 if (!pfl->ro) { 493 memset(p + offset, 0xff, pfl->sector_len); 494 pflash_update(pfl, offset, pfl->sector_len); 495 } else { 496 pfl->status |= 0x20; /* Block erase error */ 497 } 498 pfl->status |= 0x80; /* Ready! */ 499 break; 500 case 0x50: /* Clear status bits */ 501 trace_pflash_write(pfl->name, "clear status bits"); 502 pfl->status = 0x0; 503 goto mode_read_array; 504 case 0x60: /* Block (un)lock */ 505 trace_pflash_write(pfl->name, "block unlock"); 506 break; 507 case 0x70: /* Status Register */ 508 trace_pflash_write(pfl->name, "read status register"); 509 pfl->cmd = cmd; 510 return; 511 case 0x90: /* Read Device ID */ 512 trace_pflash_write(pfl->name, "read device information"); 513 pfl->cmd = cmd; 514 return; 515 case 0x98: /* CFI query */ 516 trace_pflash_write(pfl->name, "CFI query"); 517 break; 518 case 0xe8: /* Write to buffer */ 519 trace_pflash_write(pfl->name, "write to buffer"); 520 pfl->status |= 0x80; /* Ready! */ 521 break; 522 case 0xf0: /* Probe for AMD flash */ 523 trace_pflash_write(pfl->name, "probe for AMD flash"); 524 goto mode_read_array; 525 case 0xff: /* Read Array */ 526 trace_pflash_write(pfl->name, "read array mode"); 527 goto mode_read_array; 528 default: 529 goto error_flash; 530 } 531 pfl->wcycle++; 532 pfl->cmd = cmd; 533 break; 534 case 1: 535 switch (pfl->cmd) { 536 case 0x10: /* Single Byte Program */ 537 case 0x40: /* Single Byte Program */ 538 trace_pflash_write(pfl->name, "single byte program (1)"); 539 if (!pfl->ro) { 540 pflash_data_write(pfl, offset, value, width, be); 541 pflash_update(pfl, offset, width); 542 } else { 543 pfl->status |= 0x10; /* Programming error */ 544 } 545 pfl->status |= 0x80; /* Ready! */ 546 pfl->wcycle = 0; 547 break; 548 case 0x20: /* Block erase */ 549 case 0x28: 550 if (cmd == 0xd0) { /* confirm */ 551 pfl->wcycle = 0; 552 pfl->status |= 0x80; 553 } else if (cmd == 0xff) { /* Read Array */ 554 goto mode_read_array; 555 } else 556 goto error_flash; 557 558 break; 559 case 0xe8: 560 /* 561 * Mask writeblock size based on device width, or bank width if 562 * device width not specified. 563 */ 564 /* FIXME check @offset, @width */ 565 if (pfl->device_width) { 566 value = extract32(value, 0, pfl->device_width * 8); 567 } else { 568 value = extract32(value, 0, pfl->bank_width * 8); 569 } 570 pfl->counter = value; 571 pfl->wcycle++; 572 break; 573 case 0x60: 574 if (cmd == 0xd0) { 575 pfl->wcycle = 0; 576 pfl->status |= 0x80; 577 } else if (cmd == 0x01) { 578 pfl->wcycle = 0; 579 pfl->status |= 0x80; 580 } else if (cmd == 0xff) { /* Read Array */ 581 goto mode_read_array; 582 } else { 583 trace_pflash_write(pfl->name, "unknown (un)locking command"); 584 goto mode_read_array; 585 } 586 break; 587 case 0x98: 588 if (cmd == 0xff) { /* Read Array */ 589 goto mode_read_array; 590 } else { 591 trace_pflash_write(pfl->name, "leaving query mode"); 592 } 593 break; 594 default: 595 goto error_flash; 596 } 597 break; 598 case 2: 599 switch (pfl->cmd) { 600 case 0xe8: /* Block write */ 601 /* FIXME check @offset, @width */ 602 if (pfl->blk_offset == -1 && pfl->counter) { 603 pflash_blk_write_start(pfl, offset); 604 } 605 if (!pfl->ro && (pfl->blk_offset != -1)) { 606 pflash_data_write(pfl, offset, value, width, be); 607 } else { 608 pfl->status |= 0x10; /* Programming error */ 609 } 610 611 pfl->status |= 0x80; 612 613 if (!pfl->counter) { 614 trace_pflash_write(pfl->name, "block write finished"); 615 pfl->wcycle++; 616 break; 617 } 618 619 pfl->counter--; 620 break; 621 default: 622 goto error_flash; 623 } 624 break; 625 case 3: /* Confirm mode */ 626 switch (pfl->cmd) { 627 case 0xe8: /* Block write */ 628 if ((cmd == 0xd0) && !(pfl->status & 0x10)) { 629 pflash_blk_write_flush(pfl); 630 pfl->wcycle = 0; 631 pfl->status |= 0x80; 632 } else { 633 pflash_blk_write_abort(pfl); 634 goto mode_read_array; 635 } 636 break; 637 default: 638 pflash_blk_write_abort(pfl); 639 goto error_flash; 640 } 641 break; 642 default: 643 /* Should never happen */ 644 trace_pflash_write(pfl->name, "invalid write state"); 645 goto mode_read_array; 646 } 647 return; 648 649 error_flash: 650 qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence " 651 "(offset " HWADDR_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)" 652 "\n", __func__, offset, pfl->wcycle, pfl->cmd, value); 653 654 mode_read_array: 655 trace_pflash_mode_read_array(pfl->name); 656 memory_region_rom_device_set_romd(&pfl->mem, true); 657 pfl->wcycle = 0; 658 pfl->cmd = 0x00; /* This model reset value for READ_ARRAY (not CFI) */ 659 } 660 661 662 static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value, 663 unsigned len, MemTxAttrs attrs) 664 { 665 PFlashCFI01 *pfl = opaque; 666 bool be = !!(pfl->features & (1 << PFLASH_BE)); 667 668 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 669 *value = pflash_data_read(opaque, addr, len, be); 670 } else { 671 *value = pflash_read(opaque, addr, len, be); 672 } 673 return MEMTX_OK; 674 } 675 676 static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value, 677 unsigned len, MemTxAttrs attrs) 678 { 679 PFlashCFI01 *pfl = opaque; 680 bool be = !!(pfl->features & (1 << PFLASH_BE)); 681 682 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 683 return MEMTX_ERROR; 684 } else { 685 pflash_write(opaque, addr, value, len, be); 686 return MEMTX_OK; 687 } 688 } 689 690 static const MemoryRegionOps pflash_cfi01_ops = { 691 .read_with_attrs = pflash_mem_read_with_attrs, 692 .write_with_attrs = pflash_mem_write_with_attrs, 693 .endianness = DEVICE_NATIVE_ENDIAN, 694 }; 695 696 static void pflash_cfi01_fill_cfi_table(PFlashCFI01 *pfl) 697 { 698 uint64_t blocks_per_device, sector_len_per_device, device_len; 699 int num_devices; 700 701 /* 702 * These are only used to expose the parameters of each device 703 * in the cfi_table[]. 704 */ 705 num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1; 706 if (pfl->old_multiple_chip_handling) { 707 blocks_per_device = pfl->nb_blocs / num_devices; 708 sector_len_per_device = pfl->sector_len; 709 } else { 710 blocks_per_device = pfl->nb_blocs; 711 sector_len_per_device = pfl->sector_len / num_devices; 712 } 713 device_len = sector_len_per_device * blocks_per_device; 714 715 /* Hardcoded CFI table */ 716 /* Standard "QRY" string */ 717 pfl->cfi_table[0x10] = 'Q'; 718 pfl->cfi_table[0x11] = 'R'; 719 pfl->cfi_table[0x12] = 'Y'; 720 /* Command set (Intel) */ 721 pfl->cfi_table[0x13] = 0x01; 722 pfl->cfi_table[0x14] = 0x00; 723 /* Primary extended table address (none) */ 724 pfl->cfi_table[0x15] = 0x31; 725 pfl->cfi_table[0x16] = 0x00; 726 /* Alternate command set (none) */ 727 pfl->cfi_table[0x17] = 0x00; 728 pfl->cfi_table[0x18] = 0x00; 729 /* Alternate extended table (none) */ 730 pfl->cfi_table[0x19] = 0x00; 731 pfl->cfi_table[0x1A] = 0x00; 732 /* Vcc min */ 733 pfl->cfi_table[0x1B] = 0x45; 734 /* Vcc max */ 735 pfl->cfi_table[0x1C] = 0x55; 736 /* Vpp min (no Vpp pin) */ 737 pfl->cfi_table[0x1D] = 0x00; 738 /* Vpp max (no Vpp pin) */ 739 pfl->cfi_table[0x1E] = 0x00; 740 /* Reserved */ 741 pfl->cfi_table[0x1F] = 0x07; 742 /* Timeout for min size buffer write */ 743 pfl->cfi_table[0x20] = 0x07; 744 /* Typical timeout for block erase */ 745 pfl->cfi_table[0x21] = 0x0a; 746 /* Typical timeout for full chip erase (4096 ms) */ 747 pfl->cfi_table[0x22] = 0x00; 748 /* Reserved */ 749 pfl->cfi_table[0x23] = 0x04; 750 /* Max timeout for buffer write */ 751 pfl->cfi_table[0x24] = 0x04; 752 /* Max timeout for block erase */ 753 pfl->cfi_table[0x25] = 0x04; 754 /* Max timeout for chip erase */ 755 pfl->cfi_table[0x26] = 0x00; 756 /* Device size */ 757 pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */ 758 /* Flash device interface (8 & 16 bits) */ 759 pfl->cfi_table[0x28] = 0x02; 760 pfl->cfi_table[0x29] = 0x00; 761 /* Max number of bytes in multi-bytes write */ 762 if (pfl->bank_width == 1) { 763 pfl->cfi_table[0x2A] = 0x08; 764 } else { 765 pfl->cfi_table[0x2A] = 0x0B; 766 } 767 pfl->writeblock_size = 1 << pfl->cfi_table[0x2A]; 768 if (!pfl->old_multiple_chip_handling && num_devices > 1) { 769 pfl->writeblock_size *= num_devices; 770 } 771 772 pfl->cfi_table[0x2B] = 0x00; 773 /* Number of erase block regions (uniform) */ 774 pfl->cfi_table[0x2C] = 0x01; 775 /* Erase block region 1 */ 776 pfl->cfi_table[0x2D] = blocks_per_device - 1; 777 pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8; 778 pfl->cfi_table[0x2F] = sector_len_per_device >> 8; 779 pfl->cfi_table[0x30] = sector_len_per_device >> 16; 780 781 /* Extended */ 782 pfl->cfi_table[0x31] = 'P'; 783 pfl->cfi_table[0x32] = 'R'; 784 pfl->cfi_table[0x33] = 'I'; 785 786 pfl->cfi_table[0x34] = '1'; 787 pfl->cfi_table[0x35] = '0'; 788 789 pfl->cfi_table[0x36] = 0x00; 790 pfl->cfi_table[0x37] = 0x00; 791 pfl->cfi_table[0x38] = 0x00; 792 pfl->cfi_table[0x39] = 0x00; 793 794 pfl->cfi_table[0x3a] = 0x00; 795 796 pfl->cfi_table[0x3b] = 0x00; 797 pfl->cfi_table[0x3c] = 0x00; 798 799 pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */ 800 } 801 802 static void pflash_cfi01_realize(DeviceState *dev, Error **errp) 803 { 804 ERRP_GUARD(); 805 PFlashCFI01 *pfl = PFLASH_CFI01(dev); 806 uint64_t total_len; 807 int ret; 808 809 if (pfl->sector_len == 0) { 810 error_setg(errp, "attribute \"sector-length\" not specified or zero."); 811 return; 812 } 813 if (pfl->nb_blocs == 0) { 814 error_setg(errp, "attribute \"num-blocks\" not specified or zero."); 815 return; 816 } 817 if (pfl->name == NULL) { 818 error_setg(errp, "attribute \"name\" not specified."); 819 return; 820 } 821 822 total_len = pfl->sector_len * pfl->nb_blocs; 823 824 memory_region_init_rom_device( 825 &pfl->mem, OBJECT(dev), 826 &pflash_cfi01_ops, 827 pfl, 828 pfl->name, total_len, errp); 829 if (*errp) { 830 return; 831 } 832 833 pfl->storage = memory_region_get_ram_ptr(&pfl->mem); 834 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem); 835 836 if (pfl->blk) { 837 uint64_t perm; 838 pfl->ro = !blk_supports_write_perm(pfl->blk); 839 perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE); 840 ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp); 841 if (ret < 0) { 842 return; 843 } 844 } else { 845 pfl->ro = false; 846 } 847 848 if (pfl->blk) { 849 if (!blk_check_size_and_read_all(pfl->blk, dev, pfl->storage, 850 total_len, errp)) { 851 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl)); 852 return; 853 } 854 } 855 856 /* 857 * Default to devices being used at their maximum device width. This was 858 * assumed before the device_width support was added. 859 */ 860 if (!pfl->max_device_width) { 861 pfl->max_device_width = pfl->device_width; 862 } 863 864 pfl->wcycle = 0; 865 /* 866 * The command 0x00 is not assigned by the CFI open standard, 867 * but QEMU historically uses it for the READ_ARRAY command (0xff). 868 */ 869 pfl->cmd = 0x00; 870 pfl->status = 0x80; /* WSM ready */ 871 pflash_cfi01_fill_cfi_table(pfl); 872 873 pfl->blk_bytes = g_malloc(pfl->writeblock_size); 874 pfl->blk_offset = -1; 875 } 876 877 static void pflash_cfi01_system_reset(DeviceState *dev) 878 { 879 PFlashCFI01 *pfl = PFLASH_CFI01(dev); 880 881 trace_pflash_reset(pfl->name); 882 /* 883 * The command 0x00 is not assigned by the CFI open standard, 884 * but QEMU historically uses it for the READ_ARRAY command (0xff). 885 */ 886 pfl->cmd = 0x00; 887 pfl->wcycle = 0; 888 memory_region_rom_device_set_romd(&pfl->mem, true); 889 /* 890 * The WSM ready timer occurs at most 150ns after system reset. 891 * This model deliberately ignores this delay. 892 */ 893 pfl->status = 0x80; 894 895 pfl->blk_offset = -1; 896 } 897 898 static Property pflash_cfi01_properties[] = { 899 DEFINE_PROP_DRIVE("drive", PFlashCFI01, blk), 900 /* num-blocks is the number of blocks actually visible to the guest, 901 * ie the total size of the device divided by the sector length. 902 * If we're emulating flash devices wired in parallel the actual 903 * number of blocks per individual device will differ. 904 */ 905 DEFINE_PROP_UINT32("num-blocks", PFlashCFI01, nb_blocs, 0), 906 DEFINE_PROP_UINT64("sector-length", PFlashCFI01, sector_len, 0), 907 /* width here is the overall width of this QEMU device in bytes. 908 * The QEMU device may be emulating a number of flash devices 909 * wired up in parallel; the width of each individual flash 910 * device should be specified via device-width. If the individual 911 * devices have a maximum width which is greater than the width 912 * they are being used for, this maximum width should be set via 913 * max-device-width (which otherwise defaults to device-width). 914 * So for instance a 32-bit wide QEMU flash device made from four 915 * 16-bit flash devices used in 8-bit wide mode would be configured 916 * with width = 4, device-width = 1, max-device-width = 2. 917 * 918 * If device-width is not specified we default to backwards 919 * compatible behaviour which is a bad emulation of two 920 * 16 bit devices making up a 32 bit wide QEMU device. This 921 * is deprecated for new uses of this device. 922 */ 923 DEFINE_PROP_UINT8("width", PFlashCFI01, bank_width, 0), 924 DEFINE_PROP_UINT8("device-width", PFlashCFI01, device_width, 0), 925 DEFINE_PROP_UINT8("max-device-width", PFlashCFI01, max_device_width, 0), 926 DEFINE_PROP_BIT("big-endian", PFlashCFI01, features, PFLASH_BE, 0), 927 DEFINE_PROP_BIT("secure", PFlashCFI01, features, PFLASH_SECURE, 0), 928 DEFINE_PROP_UINT16("id0", PFlashCFI01, ident0, 0), 929 DEFINE_PROP_UINT16("id1", PFlashCFI01, ident1, 0), 930 DEFINE_PROP_UINT16("id2", PFlashCFI01, ident2, 0), 931 DEFINE_PROP_UINT16("id3", PFlashCFI01, ident3, 0), 932 DEFINE_PROP_STRING("name", PFlashCFI01, name), 933 DEFINE_PROP_BOOL("old-multiple-chip-handling", PFlashCFI01, 934 old_multiple_chip_handling, false), 935 DEFINE_PROP_END_OF_LIST(), 936 }; 937 938 static void pflash_cfi01_class_init(ObjectClass *klass, void *data) 939 { 940 DeviceClass *dc = DEVICE_CLASS(klass); 941 942 device_class_set_legacy_reset(dc, pflash_cfi01_system_reset); 943 dc->realize = pflash_cfi01_realize; 944 device_class_set_props(dc, pflash_cfi01_properties); 945 dc->vmsd = &vmstate_pflash; 946 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 947 } 948 949 static const TypeInfo pflash_cfi01_types[] = { 950 { 951 .name = TYPE_PFLASH_CFI01, 952 .parent = TYPE_SYS_BUS_DEVICE, 953 .instance_size = sizeof(PFlashCFI01), 954 .class_init = pflash_cfi01_class_init, 955 }, 956 }; 957 958 DEFINE_TYPES(pflash_cfi01_types) 959 960 PFlashCFI01 *pflash_cfi01_register(hwaddr base, 961 const char *name, 962 hwaddr size, 963 BlockBackend *blk, 964 uint32_t sector_len, 965 int bank_width, 966 uint16_t id0, uint16_t id1, 967 uint16_t id2, uint16_t id3, 968 int be) 969 { 970 DeviceState *dev = qdev_new(TYPE_PFLASH_CFI01); 971 972 if (blk) { 973 qdev_prop_set_drive(dev, "drive", blk); 974 } 975 assert(QEMU_IS_ALIGNED(size, sector_len)); 976 qdev_prop_set_uint32(dev, "num-blocks", size / sector_len); 977 qdev_prop_set_uint64(dev, "sector-length", sector_len); 978 qdev_prop_set_uint8(dev, "width", bank_width); 979 qdev_prop_set_bit(dev, "big-endian", !!be); 980 qdev_prop_set_uint16(dev, "id0", id0); 981 qdev_prop_set_uint16(dev, "id1", id1); 982 qdev_prop_set_uint16(dev, "id2", id2); 983 qdev_prop_set_uint16(dev, "id3", id3); 984 qdev_prop_set_string(dev, "name", name); 985 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal); 986 987 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); 988 return PFLASH_CFI01(dev); 989 } 990 991 BlockBackend *pflash_cfi01_get_blk(PFlashCFI01 *fl) 992 { 993 return fl->blk; 994 } 995 996 MemoryRegion *pflash_cfi01_get_memory(PFlashCFI01 *fl) 997 { 998 return &fl->mem; 999 } 1000 1001 /* 1002 * Handle -drive if=pflash for machines that use properties. 1003 * If @dinfo is null, do nothing. 1004 * Else if @fl's property "drive" is already set, fatal error. 1005 * Else set it to the BlockBackend with @dinfo. 1006 */ 1007 void pflash_cfi01_legacy_drive(PFlashCFI01 *fl, DriveInfo *dinfo) 1008 { 1009 Location loc; 1010 1011 if (!dinfo) { 1012 return; 1013 } 1014 1015 loc_push_none(&loc); 1016 qemu_opts_loc_restore(dinfo->opts); 1017 if (fl->blk) { 1018 error_report("clashes with -machine"); 1019 exit(1); 1020 } 1021 qdev_prop_set_drive_err(DEVICE(fl), "drive", blk_by_legacy_dinfo(dinfo), 1022 &error_fatal); 1023 loc_pop(&loc); 1024 } 1025 1026 static void postload_update_cb(void *opaque, bool running, RunState state) 1027 { 1028 PFlashCFI01 *pfl = opaque; 1029 1030 /* This is called after bdrv_activate_all. */ 1031 qemu_del_vm_change_state_handler(pfl->vmstate); 1032 pfl->vmstate = NULL; 1033 1034 trace_pflash_postload_cb(pfl->name); 1035 pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs); 1036 } 1037 1038 static int pflash_post_load(void *opaque, int version_id) 1039 { 1040 PFlashCFI01 *pfl = opaque; 1041 1042 if (!pfl->ro) { 1043 pfl->vmstate = qemu_add_vm_change_state_handler(postload_update_cb, 1044 pfl); 1045 } 1046 return 0; 1047 } 1048