1 /* 2 * CFI parallel flash with Intel command set emulation 3 * 4 * Copyright (c) 2006 Thorsten Zitterell 5 * Copyright (c) 2005 Jocelyn Mayer 6 * 7 * This library is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation; either 10 * version 2 of the License, or (at your option) any later version. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 /* 22 * For now, this code can emulate flashes of 1, 2 or 4 bytes width. 23 * Supported commands/modes are: 24 * - flash read 25 * - flash write 26 * - flash ID read 27 * - sector erase 28 * - CFI queries 29 * 30 * It does not support timings 31 * It does not support flash interleaving 32 * It does not implement software data protection as found in many real chips 33 * It does not implement erase suspend/resume commands 34 * It does not implement multiple sectors erase 35 * 36 * It does not implement much more ... 37 */ 38 39 #include "qemu/osdep.h" 40 #include "hw/hw.h" 41 #include "hw/block/flash.h" 42 #include "sysemu/block-backend.h" 43 #include "qemu/timer.h" 44 #include "qemu/bitops.h" 45 #include "exec/address-spaces.h" 46 #include "qemu/host-utils.h" 47 #include "hw/sysbus.h" 48 49 #define PFLASH_BUG(fmt, ...) \ 50 do { \ 51 fprintf(stderr, "PFLASH: Possible BUG - " fmt, ## __VA_ARGS__); \ 52 exit(1); \ 53 } while(0) 54 55 /* #define PFLASH_DEBUG */ 56 #ifdef PFLASH_DEBUG 57 #define DPRINTF(fmt, ...) \ 58 do { \ 59 fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \ 60 } while (0) 61 #else 62 #define DPRINTF(fmt, ...) do { } while (0) 63 #endif 64 65 #define TYPE_CFI_PFLASH01 "cfi.pflash01" 66 #define CFI_PFLASH01(obj) OBJECT_CHECK(pflash_t, (obj), TYPE_CFI_PFLASH01) 67 68 #define PFLASH_BE 0 69 #define PFLASH_SECURE 1 70 71 struct pflash_t { 72 /*< private >*/ 73 SysBusDevice parent_obj; 74 /*< public >*/ 75 76 BlockBackend *blk; 77 uint32_t nb_blocs; 78 uint64_t sector_len; 79 uint8_t bank_width; 80 uint8_t device_width; /* If 0, device width not specified. */ 81 uint8_t max_device_width; /* max device width in bytes */ 82 uint32_t features; 83 uint8_t wcycle; /* if 0, the flash is read normally */ 84 int ro; 85 uint8_t cmd; 86 uint8_t status; 87 uint16_t ident0; 88 uint16_t ident1; 89 uint16_t ident2; 90 uint16_t ident3; 91 uint8_t cfi_len; 92 uint8_t cfi_table[0x52]; 93 uint64_t counter; 94 unsigned int writeblock_size; 95 QEMUTimer *timer; 96 MemoryRegion mem; 97 char *name; 98 void *storage; 99 }; 100 101 static int pflash_post_load(void *opaque, int version_id); 102 103 static const VMStateDescription vmstate_pflash = { 104 .name = "pflash_cfi01", 105 .version_id = 1, 106 .minimum_version_id = 1, 107 .post_load = pflash_post_load, 108 .fields = (VMStateField[]) { 109 VMSTATE_UINT8(wcycle, pflash_t), 110 VMSTATE_UINT8(cmd, pflash_t), 111 VMSTATE_UINT8(status, pflash_t), 112 VMSTATE_UINT64(counter, pflash_t), 113 VMSTATE_END_OF_LIST() 114 } 115 }; 116 117 static void pflash_timer (void *opaque) 118 { 119 pflash_t *pfl = opaque; 120 121 DPRINTF("%s: command %02x done\n", __func__, pfl->cmd); 122 /* Reset flash */ 123 pfl->status ^= 0x80; 124 memory_region_rom_device_set_romd(&pfl->mem, true); 125 pfl->wcycle = 0; 126 pfl->cmd = 0; 127 } 128 129 /* Perform a CFI query based on the bank width of the flash. 130 * If this code is called we know we have a device_width set for 131 * this flash. 132 */ 133 static uint32_t pflash_cfi_query(pflash_t *pfl, hwaddr offset) 134 { 135 int i; 136 uint32_t resp = 0; 137 hwaddr boff; 138 139 /* Adjust incoming offset to match expected device-width 140 * addressing. CFI query addresses are always specified in terms of 141 * the maximum supported width of the device. This means that x8 142 * devices and x8/x16 devices in x8 mode behave differently. For 143 * devices that are not used at their max width, we will be 144 * provided with addresses that use higher address bits than 145 * expected (based on the max width), so we will shift them lower 146 * so that they will match the addresses used when 147 * device_width==max_device_width. 148 */ 149 boff = offset >> (ctz32(pfl->bank_width) + 150 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 151 152 if (boff > pfl->cfi_len) { 153 return 0; 154 } 155 /* Now we will construct the CFI response generated by a single 156 * device, then replicate that for all devices that make up the 157 * bus. For wide parts used in x8 mode, CFI query responses 158 * are different than native byte-wide parts. 159 */ 160 resp = pfl->cfi_table[boff]; 161 if (pfl->device_width != pfl->max_device_width) { 162 /* The only case currently supported is x8 mode for a 163 * wider part. 164 */ 165 if (pfl->device_width != 1 || pfl->bank_width > 4) { 166 DPRINTF("%s: Unsupported device configuration: " 167 "device_width=%d, max_device_width=%d\n", 168 __func__, pfl->device_width, 169 pfl->max_device_width); 170 return 0; 171 } 172 /* CFI query data is repeated, rather than zero padded for 173 * wide devices used in x8 mode. 174 */ 175 for (i = 1; i < pfl->max_device_width; i++) { 176 resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]); 177 } 178 } 179 /* Replicate responses for each device in bank. */ 180 if (pfl->device_width < pfl->bank_width) { 181 for (i = pfl->device_width; 182 i < pfl->bank_width; i += pfl->device_width) { 183 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 184 } 185 } 186 187 return resp; 188 } 189 190 191 192 /* Perform a device id query based on the bank width of the flash. */ 193 static uint32_t pflash_devid_query(pflash_t *pfl, hwaddr offset) 194 { 195 int i; 196 uint32_t resp; 197 hwaddr boff; 198 199 /* Adjust incoming offset to match expected device-width 200 * addressing. Device ID read addresses are always specified in 201 * terms of the maximum supported width of the device. This means 202 * that x8 devices and x8/x16 devices in x8 mode behave 203 * differently. For devices that are not used at their max width, 204 * we will be provided with addresses that use higher address bits 205 * than expected (based on the max width), so we will shift them 206 * lower so that they will match the addresses used when 207 * device_width==max_device_width. 208 */ 209 boff = offset >> (ctz32(pfl->bank_width) + 210 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 211 212 /* Mask off upper bits which may be used in to query block 213 * or sector lock status at other addresses. 214 * Offsets 2/3 are block lock status, is not emulated. 215 */ 216 switch (boff & 0xFF) { 217 case 0: 218 resp = pfl->ident0; 219 DPRINTF("%s: Manufacturer Code %04x\n", __func__, resp); 220 break; 221 case 1: 222 resp = pfl->ident1; 223 DPRINTF("%s: Device ID Code %04x\n", __func__, resp); 224 break; 225 default: 226 DPRINTF("%s: Read Device Information offset=%x\n", __func__, 227 (unsigned)offset); 228 return 0; 229 break; 230 } 231 /* Replicate responses for each device in bank. */ 232 if (pfl->device_width < pfl->bank_width) { 233 for (i = pfl->device_width; 234 i < pfl->bank_width; i += pfl->device_width) { 235 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 236 } 237 } 238 239 return resp; 240 } 241 242 static uint32_t pflash_data_read(pflash_t *pfl, hwaddr offset, 243 int width, int be) 244 { 245 uint8_t *p; 246 uint32_t ret; 247 248 p = pfl->storage; 249 switch (width) { 250 case 1: 251 ret = p[offset]; 252 DPRINTF("%s: data offset " TARGET_FMT_plx " %02x\n", 253 __func__, offset, ret); 254 break; 255 case 2: 256 if (be) { 257 ret = p[offset] << 8; 258 ret |= p[offset + 1]; 259 } else { 260 ret = p[offset]; 261 ret |= p[offset + 1] << 8; 262 } 263 DPRINTF("%s: data offset " TARGET_FMT_plx " %04x\n", 264 __func__, offset, ret); 265 break; 266 case 4: 267 if (be) { 268 ret = p[offset] << 24; 269 ret |= p[offset + 1] << 16; 270 ret |= p[offset + 2] << 8; 271 ret |= p[offset + 3]; 272 } else { 273 ret = p[offset]; 274 ret |= p[offset + 1] << 8; 275 ret |= p[offset + 2] << 16; 276 ret |= p[offset + 3] << 24; 277 } 278 DPRINTF("%s: data offset " TARGET_FMT_plx " %08x\n", 279 __func__, offset, ret); 280 break; 281 default: 282 DPRINTF("BUG in %s\n", __func__); 283 abort(); 284 } 285 return ret; 286 } 287 288 static uint32_t pflash_read (pflash_t *pfl, hwaddr offset, 289 int width, int be) 290 { 291 hwaddr boff; 292 uint32_t ret; 293 294 ret = -1; 295 296 #if 0 297 DPRINTF("%s: reading offset " TARGET_FMT_plx " under cmd %02x width %d\n", 298 __func__, offset, pfl->cmd, width); 299 #endif 300 switch (pfl->cmd) { 301 default: 302 /* This should never happen : reset state & treat it as a read */ 303 DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd); 304 pfl->wcycle = 0; 305 pfl->cmd = 0; 306 /* fall through to read code */ 307 case 0x00: 308 /* Flash area read */ 309 ret = pflash_data_read(pfl, offset, width, be); 310 break; 311 case 0x10: /* Single byte program */ 312 case 0x20: /* Block erase */ 313 case 0x28: /* Block erase */ 314 case 0x40: /* single byte program */ 315 case 0x50: /* Clear status register */ 316 case 0x60: /* Block /un)lock */ 317 case 0x70: /* Status Register */ 318 case 0xe8: /* Write block */ 319 /* Status register read. Return status from each device in 320 * bank. 321 */ 322 ret = pfl->status; 323 if (pfl->device_width && width > pfl->device_width) { 324 int shift = pfl->device_width * 8; 325 while (shift + pfl->device_width * 8 <= width * 8) { 326 ret |= pfl->status << shift; 327 shift += pfl->device_width * 8; 328 } 329 } else if (!pfl->device_width && width > 2) { 330 /* Handle 32 bit flash cases where device width is not 331 * set. (Existing behavior before device width added.) 332 */ 333 ret |= pfl->status << 16; 334 } 335 DPRINTF("%s: status %x\n", __func__, ret); 336 break; 337 case 0x90: 338 if (!pfl->device_width) { 339 /* Preserve old behavior if device width not specified */ 340 boff = offset & 0xFF; 341 if (pfl->bank_width == 2) { 342 boff = boff >> 1; 343 } else if (pfl->bank_width == 4) { 344 boff = boff >> 2; 345 } 346 347 switch (boff) { 348 case 0: 349 ret = pfl->ident0 << 8 | pfl->ident1; 350 DPRINTF("%s: Manufacturer Code %04x\n", __func__, ret); 351 break; 352 case 1: 353 ret = pfl->ident2 << 8 | pfl->ident3; 354 DPRINTF("%s: Device ID Code %04x\n", __func__, ret); 355 break; 356 default: 357 DPRINTF("%s: Read Device Information boff=%x\n", __func__, 358 (unsigned)boff); 359 ret = 0; 360 break; 361 } 362 } else { 363 /* If we have a read larger than the bank_width, combine multiple 364 * manufacturer/device ID queries into a single response. 365 */ 366 int i; 367 for (i = 0; i < width; i += pfl->bank_width) { 368 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 369 pflash_devid_query(pfl, 370 offset + i * pfl->bank_width)); 371 } 372 } 373 break; 374 case 0x98: /* Query mode */ 375 if (!pfl->device_width) { 376 /* Preserve old behavior if device width not specified */ 377 boff = offset & 0xFF; 378 if (pfl->bank_width == 2) { 379 boff = boff >> 1; 380 } else if (pfl->bank_width == 4) { 381 boff = boff >> 2; 382 } 383 384 if (boff > pfl->cfi_len) { 385 ret = 0; 386 } else { 387 ret = pfl->cfi_table[boff]; 388 } 389 } else { 390 /* If we have a read larger than the bank_width, combine multiple 391 * CFI queries into a single response. 392 */ 393 int i; 394 for (i = 0; i < width; i += pfl->bank_width) { 395 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 396 pflash_cfi_query(pfl, 397 offset + i * pfl->bank_width)); 398 } 399 } 400 401 break; 402 } 403 return ret; 404 } 405 406 /* update flash content on disk */ 407 static void pflash_update(pflash_t *pfl, int offset, 408 int size) 409 { 410 int offset_end; 411 if (pfl->blk) { 412 offset_end = offset + size; 413 /* round to sectors */ 414 offset = offset >> 9; 415 offset_end = (offset_end + 511) >> 9; 416 blk_write(pfl->blk, offset, pfl->storage + (offset << 9), 417 offset_end - offset); 418 } 419 } 420 421 static inline void pflash_data_write(pflash_t *pfl, hwaddr offset, 422 uint32_t value, int width, int be) 423 { 424 uint8_t *p = pfl->storage; 425 426 DPRINTF("%s: block write offset " TARGET_FMT_plx 427 " value %x counter %016" PRIx64 "\n", 428 __func__, offset, value, pfl->counter); 429 switch (width) { 430 case 1: 431 p[offset] = value; 432 break; 433 case 2: 434 if (be) { 435 p[offset] = value >> 8; 436 p[offset + 1] = value; 437 } else { 438 p[offset] = value; 439 p[offset + 1] = value >> 8; 440 } 441 break; 442 case 4: 443 if (be) { 444 p[offset] = value >> 24; 445 p[offset + 1] = value >> 16; 446 p[offset + 2] = value >> 8; 447 p[offset + 3] = value; 448 } else { 449 p[offset] = value; 450 p[offset + 1] = value >> 8; 451 p[offset + 2] = value >> 16; 452 p[offset + 3] = value >> 24; 453 } 454 break; 455 } 456 457 } 458 459 static void pflash_write(pflash_t *pfl, hwaddr offset, 460 uint32_t value, int width, int be) 461 { 462 uint8_t *p; 463 uint8_t cmd; 464 465 cmd = value; 466 467 DPRINTF("%s: writing offset " TARGET_FMT_plx " value %08x width %d wcycle 0x%x\n", 468 __func__, offset, value, width, pfl->wcycle); 469 470 if (!pfl->wcycle) { 471 /* Set the device in I/O access mode */ 472 memory_region_rom_device_set_romd(&pfl->mem, false); 473 } 474 475 switch (pfl->wcycle) { 476 case 0: 477 /* read mode */ 478 switch (cmd) { 479 case 0x00: /* ??? */ 480 goto reset_flash; 481 case 0x10: /* Single Byte Program */ 482 case 0x40: /* Single Byte Program */ 483 DPRINTF("%s: Single Byte Program\n", __func__); 484 break; 485 case 0x20: /* Block erase */ 486 p = pfl->storage; 487 offset &= ~(pfl->sector_len - 1); 488 489 DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n", 490 __func__, offset, (unsigned)pfl->sector_len); 491 492 if (!pfl->ro) { 493 memset(p + offset, 0xff, pfl->sector_len); 494 pflash_update(pfl, offset, pfl->sector_len); 495 } else { 496 pfl->status |= 0x20; /* Block erase error */ 497 } 498 pfl->status |= 0x80; /* Ready! */ 499 break; 500 case 0x50: /* Clear status bits */ 501 DPRINTF("%s: Clear status bits\n", __func__); 502 pfl->status = 0x0; 503 goto reset_flash; 504 case 0x60: /* Block (un)lock */ 505 DPRINTF("%s: Block unlock\n", __func__); 506 break; 507 case 0x70: /* Status Register */ 508 DPRINTF("%s: Read status register\n", __func__); 509 pfl->cmd = cmd; 510 return; 511 case 0x90: /* Read Device ID */ 512 DPRINTF("%s: Read Device information\n", __func__); 513 pfl->cmd = cmd; 514 return; 515 case 0x98: /* CFI query */ 516 DPRINTF("%s: CFI query\n", __func__); 517 break; 518 case 0xe8: /* Write to buffer */ 519 DPRINTF("%s: Write to buffer\n", __func__); 520 pfl->status |= 0x80; /* Ready! */ 521 break; 522 case 0xf0: /* Probe for AMD flash */ 523 DPRINTF("%s: Probe for AMD flash\n", __func__); 524 goto reset_flash; 525 case 0xff: /* Read array mode */ 526 DPRINTF("%s: Read array mode\n", __func__); 527 goto reset_flash; 528 default: 529 goto error_flash; 530 } 531 pfl->wcycle++; 532 pfl->cmd = cmd; 533 break; 534 case 1: 535 switch (pfl->cmd) { 536 case 0x10: /* Single Byte Program */ 537 case 0x40: /* Single Byte Program */ 538 DPRINTF("%s: Single Byte Program\n", __func__); 539 if (!pfl->ro) { 540 pflash_data_write(pfl, offset, value, width, be); 541 pflash_update(pfl, offset, width); 542 } else { 543 pfl->status |= 0x10; /* Programming error */ 544 } 545 pfl->status |= 0x80; /* Ready! */ 546 pfl->wcycle = 0; 547 break; 548 case 0x20: /* Block erase */ 549 case 0x28: 550 if (cmd == 0xd0) { /* confirm */ 551 pfl->wcycle = 0; 552 pfl->status |= 0x80; 553 } else if (cmd == 0xff) { /* read array mode */ 554 goto reset_flash; 555 } else 556 goto error_flash; 557 558 break; 559 case 0xe8: 560 /* Mask writeblock size based on device width, or bank width if 561 * device width not specified. 562 */ 563 if (pfl->device_width) { 564 value = extract32(value, 0, pfl->device_width * 8); 565 } else { 566 value = extract32(value, 0, pfl->bank_width * 8); 567 } 568 DPRINTF("%s: block write of %x bytes\n", __func__, value); 569 pfl->counter = value; 570 pfl->wcycle++; 571 break; 572 case 0x60: 573 if (cmd == 0xd0) { 574 pfl->wcycle = 0; 575 pfl->status |= 0x80; 576 } else if (cmd == 0x01) { 577 pfl->wcycle = 0; 578 pfl->status |= 0x80; 579 } else if (cmd == 0xff) { 580 goto reset_flash; 581 } else { 582 DPRINTF("%s: Unknown (un)locking command\n", __func__); 583 goto reset_flash; 584 } 585 break; 586 case 0x98: 587 if (cmd == 0xff) { 588 goto reset_flash; 589 } else { 590 DPRINTF("%s: leaving query mode\n", __func__); 591 } 592 break; 593 default: 594 goto error_flash; 595 } 596 break; 597 case 2: 598 switch (pfl->cmd) { 599 case 0xe8: /* Block write */ 600 if (!pfl->ro) { 601 pflash_data_write(pfl, offset, value, width, be); 602 } else { 603 pfl->status |= 0x10; /* Programming error */ 604 } 605 606 pfl->status |= 0x80; 607 608 if (!pfl->counter) { 609 hwaddr mask = pfl->writeblock_size - 1; 610 mask = ~mask; 611 612 DPRINTF("%s: block write finished\n", __func__); 613 pfl->wcycle++; 614 if (!pfl->ro) { 615 /* Flush the entire write buffer onto backing storage. */ 616 pflash_update(pfl, offset & mask, pfl->writeblock_size); 617 } else { 618 pfl->status |= 0x10; /* Programming error */ 619 } 620 } 621 622 pfl->counter--; 623 break; 624 default: 625 goto error_flash; 626 } 627 break; 628 case 3: /* Confirm mode */ 629 switch (pfl->cmd) { 630 case 0xe8: /* Block write */ 631 if (cmd == 0xd0) { 632 pfl->wcycle = 0; 633 pfl->status |= 0x80; 634 } else { 635 DPRINTF("%s: unknown command for \"write block\"\n", __func__); 636 PFLASH_BUG("Write block confirm"); 637 goto reset_flash; 638 } 639 break; 640 default: 641 goto error_flash; 642 } 643 break; 644 default: 645 /* Should never happen */ 646 DPRINTF("%s: invalid write state\n", __func__); 647 goto reset_flash; 648 } 649 return; 650 651 error_flash: 652 qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence " 653 "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)" 654 "\n", __func__, offset, pfl->wcycle, pfl->cmd, value); 655 656 reset_flash: 657 memory_region_rom_device_set_romd(&pfl->mem, true); 658 659 pfl->wcycle = 0; 660 pfl->cmd = 0; 661 } 662 663 664 static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value, 665 unsigned len, MemTxAttrs attrs) 666 { 667 pflash_t *pfl = opaque; 668 bool be = !!(pfl->features & (1 << PFLASH_BE)); 669 670 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 671 *value = pflash_data_read(opaque, addr, len, be); 672 } else { 673 *value = pflash_read(opaque, addr, len, be); 674 } 675 return MEMTX_OK; 676 } 677 678 static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value, 679 unsigned len, MemTxAttrs attrs) 680 { 681 pflash_t *pfl = opaque; 682 bool be = !!(pfl->features & (1 << PFLASH_BE)); 683 684 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 685 return MEMTX_ERROR; 686 } else { 687 pflash_write(opaque, addr, value, len, be); 688 return MEMTX_OK; 689 } 690 } 691 692 static const MemoryRegionOps pflash_cfi01_ops = { 693 .read_with_attrs = pflash_mem_read_with_attrs, 694 .write_with_attrs = pflash_mem_write_with_attrs, 695 .endianness = DEVICE_NATIVE_ENDIAN, 696 }; 697 698 static void pflash_cfi01_realize(DeviceState *dev, Error **errp) 699 { 700 pflash_t *pfl = CFI_PFLASH01(dev); 701 uint64_t total_len; 702 int ret; 703 uint64_t blocks_per_device, device_len; 704 int num_devices; 705 Error *local_err = NULL; 706 707 total_len = pfl->sector_len * pfl->nb_blocs; 708 709 /* These are only used to expose the parameters of each device 710 * in the cfi_table[]. 711 */ 712 num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1; 713 blocks_per_device = pfl->nb_blocs / num_devices; 714 device_len = pfl->sector_len * blocks_per_device; 715 716 /* XXX: to be fixed */ 717 #if 0 718 if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) && 719 total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024)) 720 return NULL; 721 #endif 722 723 memory_region_init_rom_device( 724 &pfl->mem, OBJECT(dev), 725 &pflash_cfi01_ops, 726 pfl, 727 pfl->name, total_len, &local_err); 728 if (local_err) { 729 error_propagate(errp, local_err); 730 return; 731 } 732 733 vmstate_register_ram(&pfl->mem, DEVICE(pfl)); 734 pfl->storage = memory_region_get_ram_ptr(&pfl->mem); 735 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem); 736 737 if (pfl->blk) { 738 /* read the initial flash content */ 739 ret = blk_read(pfl->blk, 0, pfl->storage, total_len >> 9); 740 741 if (ret < 0) { 742 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl)); 743 error_setg(errp, "failed to read the initial flash content"); 744 return; 745 } 746 } 747 748 if (pfl->blk) { 749 pfl->ro = blk_is_read_only(pfl->blk); 750 } else { 751 pfl->ro = 0; 752 } 753 754 /* Default to devices being used at their maximum device width. This was 755 * assumed before the device_width support was added. 756 */ 757 if (!pfl->max_device_width) { 758 pfl->max_device_width = pfl->device_width; 759 } 760 761 pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl); 762 pfl->wcycle = 0; 763 pfl->cmd = 0; 764 pfl->status = 0; 765 /* Hardcoded CFI table */ 766 pfl->cfi_len = 0x52; 767 /* Standard "QRY" string */ 768 pfl->cfi_table[0x10] = 'Q'; 769 pfl->cfi_table[0x11] = 'R'; 770 pfl->cfi_table[0x12] = 'Y'; 771 /* Command set (Intel) */ 772 pfl->cfi_table[0x13] = 0x01; 773 pfl->cfi_table[0x14] = 0x00; 774 /* Primary extended table address (none) */ 775 pfl->cfi_table[0x15] = 0x31; 776 pfl->cfi_table[0x16] = 0x00; 777 /* Alternate command set (none) */ 778 pfl->cfi_table[0x17] = 0x00; 779 pfl->cfi_table[0x18] = 0x00; 780 /* Alternate extended table (none) */ 781 pfl->cfi_table[0x19] = 0x00; 782 pfl->cfi_table[0x1A] = 0x00; 783 /* Vcc min */ 784 pfl->cfi_table[0x1B] = 0x45; 785 /* Vcc max */ 786 pfl->cfi_table[0x1C] = 0x55; 787 /* Vpp min (no Vpp pin) */ 788 pfl->cfi_table[0x1D] = 0x00; 789 /* Vpp max (no Vpp pin) */ 790 pfl->cfi_table[0x1E] = 0x00; 791 /* Reserved */ 792 pfl->cfi_table[0x1F] = 0x07; 793 /* Timeout for min size buffer write */ 794 pfl->cfi_table[0x20] = 0x07; 795 /* Typical timeout for block erase */ 796 pfl->cfi_table[0x21] = 0x0a; 797 /* Typical timeout for full chip erase (4096 ms) */ 798 pfl->cfi_table[0x22] = 0x00; 799 /* Reserved */ 800 pfl->cfi_table[0x23] = 0x04; 801 /* Max timeout for buffer write */ 802 pfl->cfi_table[0x24] = 0x04; 803 /* Max timeout for block erase */ 804 pfl->cfi_table[0x25] = 0x04; 805 /* Max timeout for chip erase */ 806 pfl->cfi_table[0x26] = 0x00; 807 /* Device size */ 808 pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */ 809 /* Flash device interface (8 & 16 bits) */ 810 pfl->cfi_table[0x28] = 0x02; 811 pfl->cfi_table[0x29] = 0x00; 812 /* Max number of bytes in multi-bytes write */ 813 if (pfl->bank_width == 1) { 814 pfl->cfi_table[0x2A] = 0x08; 815 } else { 816 pfl->cfi_table[0x2A] = 0x0B; 817 } 818 pfl->writeblock_size = 1 << pfl->cfi_table[0x2A]; 819 820 pfl->cfi_table[0x2B] = 0x00; 821 /* Number of erase block regions (uniform) */ 822 pfl->cfi_table[0x2C] = 0x01; 823 /* Erase block region 1 */ 824 pfl->cfi_table[0x2D] = blocks_per_device - 1; 825 pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8; 826 pfl->cfi_table[0x2F] = pfl->sector_len >> 8; 827 pfl->cfi_table[0x30] = pfl->sector_len >> 16; 828 829 /* Extended */ 830 pfl->cfi_table[0x31] = 'P'; 831 pfl->cfi_table[0x32] = 'R'; 832 pfl->cfi_table[0x33] = 'I'; 833 834 pfl->cfi_table[0x34] = '1'; 835 pfl->cfi_table[0x35] = '0'; 836 837 pfl->cfi_table[0x36] = 0x00; 838 pfl->cfi_table[0x37] = 0x00; 839 pfl->cfi_table[0x38] = 0x00; 840 pfl->cfi_table[0x39] = 0x00; 841 842 pfl->cfi_table[0x3a] = 0x00; 843 844 pfl->cfi_table[0x3b] = 0x00; 845 pfl->cfi_table[0x3c] = 0x00; 846 847 pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */ 848 } 849 850 static Property pflash_cfi01_properties[] = { 851 DEFINE_PROP_DRIVE("drive", struct pflash_t, blk), 852 /* num-blocks is the number of blocks actually visible to the guest, 853 * ie the total size of the device divided by the sector length. 854 * If we're emulating flash devices wired in parallel the actual 855 * number of blocks per indvidual device will differ. 856 */ 857 DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0), 858 DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0), 859 /* width here is the overall width of this QEMU device in bytes. 860 * The QEMU device may be emulating a number of flash devices 861 * wired up in parallel; the width of each individual flash 862 * device should be specified via device-width. If the individual 863 * devices have a maximum width which is greater than the width 864 * they are being used for, this maximum width should be set via 865 * max-device-width (which otherwise defaults to device-width). 866 * So for instance a 32-bit wide QEMU flash device made from four 867 * 16-bit flash devices used in 8-bit wide mode would be configured 868 * with width = 4, device-width = 1, max-device-width = 2. 869 * 870 * If device-width is not specified we default to backwards 871 * compatible behaviour which is a bad emulation of two 872 * 16 bit devices making up a 32 bit wide QEMU device. This 873 * is deprecated for new uses of this device. 874 */ 875 DEFINE_PROP_UINT8("width", struct pflash_t, bank_width, 0), 876 DEFINE_PROP_UINT8("device-width", struct pflash_t, device_width, 0), 877 DEFINE_PROP_UINT8("max-device-width", struct pflash_t, max_device_width, 0), 878 DEFINE_PROP_BIT("big-endian", struct pflash_t, features, PFLASH_BE, 0), 879 DEFINE_PROP_BIT("secure", struct pflash_t, features, PFLASH_SECURE, 0), 880 DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0), 881 DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0), 882 DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0), 883 DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0), 884 DEFINE_PROP_STRING("name", struct pflash_t, name), 885 DEFINE_PROP_END_OF_LIST(), 886 }; 887 888 static void pflash_cfi01_class_init(ObjectClass *klass, void *data) 889 { 890 DeviceClass *dc = DEVICE_CLASS(klass); 891 892 dc->realize = pflash_cfi01_realize; 893 dc->props = pflash_cfi01_properties; 894 dc->vmsd = &vmstate_pflash; 895 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 896 } 897 898 899 static const TypeInfo pflash_cfi01_info = { 900 .name = TYPE_CFI_PFLASH01, 901 .parent = TYPE_SYS_BUS_DEVICE, 902 .instance_size = sizeof(struct pflash_t), 903 .class_init = pflash_cfi01_class_init, 904 }; 905 906 static void pflash_cfi01_register_types(void) 907 { 908 type_register_static(&pflash_cfi01_info); 909 } 910 911 type_init(pflash_cfi01_register_types) 912 913 pflash_t *pflash_cfi01_register(hwaddr base, 914 DeviceState *qdev, const char *name, 915 hwaddr size, 916 BlockBackend *blk, 917 uint32_t sector_len, int nb_blocs, 918 int bank_width, uint16_t id0, uint16_t id1, 919 uint16_t id2, uint16_t id3, int be) 920 { 921 DeviceState *dev = qdev_create(NULL, TYPE_CFI_PFLASH01); 922 923 if (blk) { 924 qdev_prop_set_drive(dev, "drive", blk, &error_abort); 925 } 926 qdev_prop_set_uint32(dev, "num-blocks", nb_blocs); 927 qdev_prop_set_uint64(dev, "sector-length", sector_len); 928 qdev_prop_set_uint8(dev, "width", bank_width); 929 qdev_prop_set_bit(dev, "big-endian", !!be); 930 qdev_prop_set_uint16(dev, "id0", id0); 931 qdev_prop_set_uint16(dev, "id1", id1); 932 qdev_prop_set_uint16(dev, "id2", id2); 933 qdev_prop_set_uint16(dev, "id3", id3); 934 qdev_prop_set_string(dev, "name", name); 935 qdev_init_nofail(dev); 936 937 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); 938 return CFI_PFLASH01(dev); 939 } 940 941 MemoryRegion *pflash_cfi01_get_memory(pflash_t *fl) 942 { 943 return &fl->mem; 944 } 945 946 static int pflash_post_load(void *opaque, int version_id) 947 { 948 pflash_t *pfl = opaque; 949 950 if (!pfl->ro) { 951 DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name); 952 pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs); 953 } 954 return 0; 955 } 956