1 /* 2 * CFI parallel flash with Intel command set emulation 3 * 4 * Copyright (c) 2006 Thorsten Zitterell 5 * Copyright (c) 2005 Jocelyn Mayer 6 * 7 * This library is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation; either 10 * version 2 of the License, or (at your option) any later version. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 /* 22 * For now, this code can emulate flashes of 1, 2 or 4 bytes width. 23 * Supported commands/modes are: 24 * - flash read 25 * - flash write 26 * - flash ID read 27 * - sector erase 28 * - CFI queries 29 * 30 * It does not support timings 31 * It does not support flash interleaving 32 * It does not implement software data protection as found in many real chips 33 * It does not implement erase suspend/resume commands 34 * It does not implement multiple sectors erase 35 * 36 * It does not implement much more ... 37 */ 38 39 #include "hw/hw.h" 40 #include "hw/block/flash.h" 41 #include "sysemu/block-backend.h" 42 #include "qemu/timer.h" 43 #include "qemu/bitops.h" 44 #include "exec/address-spaces.h" 45 #include "qemu/host-utils.h" 46 #include "hw/sysbus.h" 47 48 #define PFLASH_BUG(fmt, ...) \ 49 do { \ 50 fprintf(stderr, "PFLASH: Possible BUG - " fmt, ## __VA_ARGS__); \ 51 exit(1); \ 52 } while(0) 53 54 /* #define PFLASH_DEBUG */ 55 #ifdef PFLASH_DEBUG 56 #define DPRINTF(fmt, ...) \ 57 do { \ 58 fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \ 59 } while (0) 60 #else 61 #define DPRINTF(fmt, ...) do { } while (0) 62 #endif 63 64 #define TYPE_CFI_PFLASH01 "cfi.pflash01" 65 #define CFI_PFLASH01(obj) OBJECT_CHECK(pflash_t, (obj), TYPE_CFI_PFLASH01) 66 67 #define PFLASH_BE 0 68 #define PFLASH_SECURE 1 69 70 struct pflash_t { 71 /*< private >*/ 72 SysBusDevice parent_obj; 73 /*< public >*/ 74 75 BlockBackend *blk; 76 uint32_t nb_blocs; 77 uint64_t sector_len; 78 uint8_t bank_width; 79 uint8_t device_width; /* If 0, device width not specified. */ 80 uint8_t max_device_width; /* max device width in bytes */ 81 uint32_t features; 82 uint8_t wcycle; /* if 0, the flash is read normally */ 83 int ro; 84 uint8_t cmd; 85 uint8_t status; 86 uint16_t ident0; 87 uint16_t ident1; 88 uint16_t ident2; 89 uint16_t ident3; 90 uint8_t cfi_len; 91 uint8_t cfi_table[0x52]; 92 uint64_t counter; 93 unsigned int writeblock_size; 94 QEMUTimer *timer; 95 MemoryRegion mem; 96 char *name; 97 void *storage; 98 }; 99 100 static int pflash_post_load(void *opaque, int version_id); 101 102 static const VMStateDescription vmstate_pflash = { 103 .name = "pflash_cfi01", 104 .version_id = 1, 105 .minimum_version_id = 1, 106 .post_load = pflash_post_load, 107 .fields = (VMStateField[]) { 108 VMSTATE_UINT8(wcycle, pflash_t), 109 VMSTATE_UINT8(cmd, pflash_t), 110 VMSTATE_UINT8(status, pflash_t), 111 VMSTATE_UINT64(counter, pflash_t), 112 VMSTATE_END_OF_LIST() 113 } 114 }; 115 116 static void pflash_timer (void *opaque) 117 { 118 pflash_t *pfl = opaque; 119 120 DPRINTF("%s: command %02x done\n", __func__, pfl->cmd); 121 /* Reset flash */ 122 pfl->status ^= 0x80; 123 memory_region_rom_device_set_romd(&pfl->mem, true); 124 pfl->wcycle = 0; 125 pfl->cmd = 0; 126 } 127 128 /* Perform a CFI query based on the bank width of the flash. 129 * If this code is called we know we have a device_width set for 130 * this flash. 131 */ 132 static uint32_t pflash_cfi_query(pflash_t *pfl, hwaddr offset) 133 { 134 int i; 135 uint32_t resp = 0; 136 hwaddr boff; 137 138 /* Adjust incoming offset to match expected device-width 139 * addressing. CFI query addresses are always specified in terms of 140 * the maximum supported width of the device. This means that x8 141 * devices and x8/x16 devices in x8 mode behave differently. For 142 * devices that are not used at their max width, we will be 143 * provided with addresses that use higher address bits than 144 * expected (based on the max width), so we will shift them lower 145 * so that they will match the addresses used when 146 * device_width==max_device_width. 147 */ 148 boff = offset >> (ctz32(pfl->bank_width) + 149 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 150 151 if (boff > pfl->cfi_len) { 152 return 0; 153 } 154 /* Now we will construct the CFI response generated by a single 155 * device, then replicate that for all devices that make up the 156 * bus. For wide parts used in x8 mode, CFI query responses 157 * are different than native byte-wide parts. 158 */ 159 resp = pfl->cfi_table[boff]; 160 if (pfl->device_width != pfl->max_device_width) { 161 /* The only case currently supported is x8 mode for a 162 * wider part. 163 */ 164 if (pfl->device_width != 1 || pfl->bank_width > 4) { 165 DPRINTF("%s: Unsupported device configuration: " 166 "device_width=%d, max_device_width=%d\n", 167 __func__, pfl->device_width, 168 pfl->max_device_width); 169 return 0; 170 } 171 /* CFI query data is repeated, rather than zero padded for 172 * wide devices used in x8 mode. 173 */ 174 for (i = 1; i < pfl->max_device_width; i++) { 175 resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]); 176 } 177 } 178 /* Replicate responses for each device in bank. */ 179 if (pfl->device_width < pfl->bank_width) { 180 for (i = pfl->device_width; 181 i < pfl->bank_width; i += pfl->device_width) { 182 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 183 } 184 } 185 186 return resp; 187 } 188 189 190 191 /* Perform a device id query based on the bank width of the flash. */ 192 static uint32_t pflash_devid_query(pflash_t *pfl, hwaddr offset) 193 { 194 int i; 195 uint32_t resp; 196 hwaddr boff; 197 198 /* Adjust incoming offset to match expected device-width 199 * addressing. Device ID read addresses are always specified in 200 * terms of the maximum supported width of the device. This means 201 * that x8 devices and x8/x16 devices in x8 mode behave 202 * differently. For devices that are not used at their max width, 203 * we will be provided with addresses that use higher address bits 204 * than expected (based on the max width), so we will shift them 205 * lower so that they will match the addresses used when 206 * device_width==max_device_width. 207 */ 208 boff = offset >> (ctz32(pfl->bank_width) + 209 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 210 211 /* Mask off upper bits which may be used in to query block 212 * or sector lock status at other addresses. 213 * Offsets 2/3 are block lock status, is not emulated. 214 */ 215 switch (boff & 0xFF) { 216 case 0: 217 resp = pfl->ident0; 218 DPRINTF("%s: Manufacturer Code %04x\n", __func__, resp); 219 break; 220 case 1: 221 resp = pfl->ident1; 222 DPRINTF("%s: Device ID Code %04x\n", __func__, resp); 223 break; 224 default: 225 DPRINTF("%s: Read Device Information offset=%x\n", __func__, 226 (unsigned)offset); 227 return 0; 228 break; 229 } 230 /* Replicate responses for each device in bank. */ 231 if (pfl->device_width < pfl->bank_width) { 232 for (i = pfl->device_width; 233 i < pfl->bank_width; i += pfl->device_width) { 234 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 235 } 236 } 237 238 return resp; 239 } 240 241 static uint32_t pflash_data_read(pflash_t *pfl, hwaddr offset, 242 int width, int be) 243 { 244 uint8_t *p; 245 uint32_t ret; 246 247 p = pfl->storage; 248 switch (width) { 249 case 1: 250 ret = p[offset]; 251 DPRINTF("%s: data offset " TARGET_FMT_plx " %02x\n", 252 __func__, offset, ret); 253 break; 254 case 2: 255 if (be) { 256 ret = p[offset] << 8; 257 ret |= p[offset + 1]; 258 } else { 259 ret = p[offset]; 260 ret |= p[offset + 1] << 8; 261 } 262 DPRINTF("%s: data offset " TARGET_FMT_plx " %04x\n", 263 __func__, offset, ret); 264 break; 265 case 4: 266 if (be) { 267 ret = p[offset] << 24; 268 ret |= p[offset + 1] << 16; 269 ret |= p[offset + 2] << 8; 270 ret |= p[offset + 3]; 271 } else { 272 ret = p[offset]; 273 ret |= p[offset + 1] << 8; 274 ret |= p[offset + 2] << 16; 275 ret |= p[offset + 3] << 24; 276 } 277 DPRINTF("%s: data offset " TARGET_FMT_plx " %08x\n", 278 __func__, offset, ret); 279 break; 280 default: 281 DPRINTF("BUG in %s\n", __func__); 282 abort(); 283 } 284 return ret; 285 } 286 287 static uint32_t pflash_read (pflash_t *pfl, hwaddr offset, 288 int width, int be) 289 { 290 hwaddr boff; 291 uint32_t ret; 292 293 ret = -1; 294 295 #if 0 296 DPRINTF("%s: reading offset " TARGET_FMT_plx " under cmd %02x width %d\n", 297 __func__, offset, pfl->cmd, width); 298 #endif 299 switch (pfl->cmd) { 300 default: 301 /* This should never happen : reset state & treat it as a read */ 302 DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd); 303 pfl->wcycle = 0; 304 pfl->cmd = 0; 305 /* fall through to read code */ 306 case 0x00: 307 /* Flash area read */ 308 ret = pflash_data_read(pfl, offset, width, be); 309 break; 310 case 0x10: /* Single byte program */ 311 case 0x20: /* Block erase */ 312 case 0x28: /* Block erase */ 313 case 0x40: /* single byte program */ 314 case 0x50: /* Clear status register */ 315 case 0x60: /* Block /un)lock */ 316 case 0x70: /* Status Register */ 317 case 0xe8: /* Write block */ 318 /* Status register read. Return status from each device in 319 * bank. 320 */ 321 ret = pfl->status; 322 if (pfl->device_width && width > pfl->device_width) { 323 int shift = pfl->device_width * 8; 324 while (shift + pfl->device_width * 8 <= width * 8) { 325 ret |= pfl->status << shift; 326 shift += pfl->device_width * 8; 327 } 328 } else if (!pfl->device_width && width > 2) { 329 /* Handle 32 bit flash cases where device width is not 330 * set. (Existing behavior before device width added.) 331 */ 332 ret |= pfl->status << 16; 333 } 334 DPRINTF("%s: status %x\n", __func__, ret); 335 break; 336 case 0x90: 337 if (!pfl->device_width) { 338 /* Preserve old behavior if device width not specified */ 339 boff = offset & 0xFF; 340 if (pfl->bank_width == 2) { 341 boff = boff >> 1; 342 } else if (pfl->bank_width == 4) { 343 boff = boff >> 2; 344 } 345 346 switch (boff) { 347 case 0: 348 ret = pfl->ident0 << 8 | pfl->ident1; 349 DPRINTF("%s: Manufacturer Code %04x\n", __func__, ret); 350 break; 351 case 1: 352 ret = pfl->ident2 << 8 | pfl->ident3; 353 DPRINTF("%s: Device ID Code %04x\n", __func__, ret); 354 break; 355 default: 356 DPRINTF("%s: Read Device Information boff=%x\n", __func__, 357 (unsigned)boff); 358 ret = 0; 359 break; 360 } 361 } else { 362 /* If we have a read larger than the bank_width, combine multiple 363 * manufacturer/device ID queries into a single response. 364 */ 365 int i; 366 for (i = 0; i < width; i += pfl->bank_width) { 367 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 368 pflash_devid_query(pfl, 369 offset + i * pfl->bank_width)); 370 } 371 } 372 break; 373 case 0x98: /* Query mode */ 374 if (!pfl->device_width) { 375 /* Preserve old behavior if device width not specified */ 376 boff = offset & 0xFF; 377 if (pfl->bank_width == 2) { 378 boff = boff >> 1; 379 } else if (pfl->bank_width == 4) { 380 boff = boff >> 2; 381 } 382 383 if (boff > pfl->cfi_len) { 384 ret = 0; 385 } else { 386 ret = pfl->cfi_table[boff]; 387 } 388 } else { 389 /* If we have a read larger than the bank_width, combine multiple 390 * CFI queries into a single response. 391 */ 392 int i; 393 for (i = 0; i < width; i += pfl->bank_width) { 394 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 395 pflash_cfi_query(pfl, 396 offset + i * pfl->bank_width)); 397 } 398 } 399 400 break; 401 } 402 return ret; 403 } 404 405 /* update flash content on disk */ 406 static void pflash_update(pflash_t *pfl, int offset, 407 int size) 408 { 409 int offset_end; 410 if (pfl->blk) { 411 offset_end = offset + size; 412 /* round to sectors */ 413 offset = offset >> 9; 414 offset_end = (offset_end + 511) >> 9; 415 blk_write(pfl->blk, offset, pfl->storage + (offset << 9), 416 offset_end - offset); 417 } 418 } 419 420 static inline void pflash_data_write(pflash_t *pfl, hwaddr offset, 421 uint32_t value, int width, int be) 422 { 423 uint8_t *p = pfl->storage; 424 425 DPRINTF("%s: block write offset " TARGET_FMT_plx 426 " value %x counter %016" PRIx64 "\n", 427 __func__, offset, value, pfl->counter); 428 switch (width) { 429 case 1: 430 p[offset] = value; 431 break; 432 case 2: 433 if (be) { 434 p[offset] = value >> 8; 435 p[offset + 1] = value; 436 } else { 437 p[offset] = value; 438 p[offset + 1] = value >> 8; 439 } 440 break; 441 case 4: 442 if (be) { 443 p[offset] = value >> 24; 444 p[offset + 1] = value >> 16; 445 p[offset + 2] = value >> 8; 446 p[offset + 3] = value; 447 } else { 448 p[offset] = value; 449 p[offset + 1] = value >> 8; 450 p[offset + 2] = value >> 16; 451 p[offset + 3] = value >> 24; 452 } 453 break; 454 } 455 456 } 457 458 static void pflash_write(pflash_t *pfl, hwaddr offset, 459 uint32_t value, int width, int be) 460 { 461 uint8_t *p; 462 uint8_t cmd; 463 464 cmd = value; 465 466 DPRINTF("%s: writing offset " TARGET_FMT_plx " value %08x width %d wcycle 0x%x\n", 467 __func__, offset, value, width, pfl->wcycle); 468 469 if (!pfl->wcycle) { 470 /* Set the device in I/O access mode */ 471 memory_region_rom_device_set_romd(&pfl->mem, false); 472 } 473 474 switch (pfl->wcycle) { 475 case 0: 476 /* read mode */ 477 switch (cmd) { 478 case 0x00: /* ??? */ 479 goto reset_flash; 480 case 0x10: /* Single Byte Program */ 481 case 0x40: /* Single Byte Program */ 482 DPRINTF("%s: Single Byte Program\n", __func__); 483 break; 484 case 0x20: /* Block erase */ 485 p = pfl->storage; 486 offset &= ~(pfl->sector_len - 1); 487 488 DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n", 489 __func__, offset, (unsigned)pfl->sector_len); 490 491 if (!pfl->ro) { 492 memset(p + offset, 0xff, pfl->sector_len); 493 pflash_update(pfl, offset, pfl->sector_len); 494 } else { 495 pfl->status |= 0x20; /* Block erase error */ 496 } 497 pfl->status |= 0x80; /* Ready! */ 498 break; 499 case 0x50: /* Clear status bits */ 500 DPRINTF("%s: Clear status bits\n", __func__); 501 pfl->status = 0x0; 502 goto reset_flash; 503 case 0x60: /* Block (un)lock */ 504 DPRINTF("%s: Block unlock\n", __func__); 505 break; 506 case 0x70: /* Status Register */ 507 DPRINTF("%s: Read status register\n", __func__); 508 pfl->cmd = cmd; 509 return; 510 case 0x90: /* Read Device ID */ 511 DPRINTF("%s: Read Device information\n", __func__); 512 pfl->cmd = cmd; 513 return; 514 case 0x98: /* CFI query */ 515 DPRINTF("%s: CFI query\n", __func__); 516 break; 517 case 0xe8: /* Write to buffer */ 518 DPRINTF("%s: Write to buffer\n", __func__); 519 pfl->status |= 0x80; /* Ready! */ 520 break; 521 case 0xf0: /* Probe for AMD flash */ 522 DPRINTF("%s: Probe for AMD flash\n", __func__); 523 goto reset_flash; 524 case 0xff: /* Read array mode */ 525 DPRINTF("%s: Read array mode\n", __func__); 526 goto reset_flash; 527 default: 528 goto error_flash; 529 } 530 pfl->wcycle++; 531 pfl->cmd = cmd; 532 break; 533 case 1: 534 switch (pfl->cmd) { 535 case 0x10: /* Single Byte Program */ 536 case 0x40: /* Single Byte Program */ 537 DPRINTF("%s: Single Byte Program\n", __func__); 538 if (!pfl->ro) { 539 pflash_data_write(pfl, offset, value, width, be); 540 pflash_update(pfl, offset, width); 541 } else { 542 pfl->status |= 0x10; /* Programming error */ 543 } 544 pfl->status |= 0x80; /* Ready! */ 545 pfl->wcycle = 0; 546 break; 547 case 0x20: /* Block erase */ 548 case 0x28: 549 if (cmd == 0xd0) { /* confirm */ 550 pfl->wcycle = 0; 551 pfl->status |= 0x80; 552 } else if (cmd == 0xff) { /* read array mode */ 553 goto reset_flash; 554 } else 555 goto error_flash; 556 557 break; 558 case 0xe8: 559 /* Mask writeblock size based on device width, or bank width if 560 * device width not specified. 561 */ 562 if (pfl->device_width) { 563 value = extract32(value, 0, pfl->device_width * 8); 564 } else { 565 value = extract32(value, 0, pfl->bank_width * 8); 566 } 567 DPRINTF("%s: block write of %x bytes\n", __func__, value); 568 pfl->counter = value; 569 pfl->wcycle++; 570 break; 571 case 0x60: 572 if (cmd == 0xd0) { 573 pfl->wcycle = 0; 574 pfl->status |= 0x80; 575 } else if (cmd == 0x01) { 576 pfl->wcycle = 0; 577 pfl->status |= 0x80; 578 } else if (cmd == 0xff) { 579 goto reset_flash; 580 } else { 581 DPRINTF("%s: Unknown (un)locking command\n", __func__); 582 goto reset_flash; 583 } 584 break; 585 case 0x98: 586 if (cmd == 0xff) { 587 goto reset_flash; 588 } else { 589 DPRINTF("%s: leaving query mode\n", __func__); 590 } 591 break; 592 default: 593 goto error_flash; 594 } 595 break; 596 case 2: 597 switch (pfl->cmd) { 598 case 0xe8: /* Block write */ 599 if (!pfl->ro) { 600 pflash_data_write(pfl, offset, value, width, be); 601 } else { 602 pfl->status |= 0x10; /* Programming error */ 603 } 604 605 pfl->status |= 0x80; 606 607 if (!pfl->counter) { 608 hwaddr mask = pfl->writeblock_size - 1; 609 mask = ~mask; 610 611 DPRINTF("%s: block write finished\n", __func__); 612 pfl->wcycle++; 613 if (!pfl->ro) { 614 /* Flush the entire write buffer onto backing storage. */ 615 pflash_update(pfl, offset & mask, pfl->writeblock_size); 616 } else { 617 pfl->status |= 0x10; /* Programming error */ 618 } 619 } 620 621 pfl->counter--; 622 break; 623 default: 624 goto error_flash; 625 } 626 break; 627 case 3: /* Confirm mode */ 628 switch (pfl->cmd) { 629 case 0xe8: /* Block write */ 630 if (cmd == 0xd0) { 631 pfl->wcycle = 0; 632 pfl->status |= 0x80; 633 } else { 634 DPRINTF("%s: unknown command for \"write block\"\n", __func__); 635 PFLASH_BUG("Write block confirm"); 636 goto reset_flash; 637 } 638 break; 639 default: 640 goto error_flash; 641 } 642 break; 643 default: 644 /* Should never happen */ 645 DPRINTF("%s: invalid write state\n", __func__); 646 goto reset_flash; 647 } 648 return; 649 650 error_flash: 651 qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence " 652 "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)" 653 "\n", __func__, offset, pfl->wcycle, pfl->cmd, value); 654 655 reset_flash: 656 memory_region_rom_device_set_romd(&pfl->mem, true); 657 658 pfl->wcycle = 0; 659 pfl->cmd = 0; 660 } 661 662 663 static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value, 664 unsigned len, MemTxAttrs attrs) 665 { 666 pflash_t *pfl = opaque; 667 bool be = !!(pfl->features & (1 << PFLASH_BE)); 668 669 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 670 *value = pflash_data_read(opaque, addr, len, be); 671 } else { 672 *value = pflash_read(opaque, addr, len, be); 673 } 674 return MEMTX_OK; 675 } 676 677 static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value, 678 unsigned len, MemTxAttrs attrs) 679 { 680 pflash_t *pfl = opaque; 681 bool be = !!(pfl->features & (1 << PFLASH_BE)); 682 683 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 684 return MEMTX_ERROR; 685 } else { 686 pflash_write(opaque, addr, value, len, be); 687 return MEMTX_OK; 688 } 689 } 690 691 static const MemoryRegionOps pflash_cfi01_ops = { 692 .read_with_attrs = pflash_mem_read_with_attrs, 693 .write_with_attrs = pflash_mem_write_with_attrs, 694 .endianness = DEVICE_NATIVE_ENDIAN, 695 }; 696 697 static void pflash_cfi01_realize(DeviceState *dev, Error **errp) 698 { 699 pflash_t *pfl = CFI_PFLASH01(dev); 700 uint64_t total_len; 701 int ret; 702 uint64_t blocks_per_device, device_len; 703 int num_devices; 704 Error *local_err = NULL; 705 706 total_len = pfl->sector_len * pfl->nb_blocs; 707 708 /* These are only used to expose the parameters of each device 709 * in the cfi_table[]. 710 */ 711 num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1; 712 blocks_per_device = pfl->nb_blocs / num_devices; 713 device_len = pfl->sector_len * blocks_per_device; 714 715 /* XXX: to be fixed */ 716 #if 0 717 if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) && 718 total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024)) 719 return NULL; 720 #endif 721 722 memory_region_init_rom_device( 723 &pfl->mem, OBJECT(dev), 724 &pflash_cfi01_ops, 725 pfl, 726 pfl->name, total_len, &local_err); 727 if (local_err) { 728 error_propagate(errp, local_err); 729 return; 730 } 731 732 vmstate_register_ram(&pfl->mem, DEVICE(pfl)); 733 pfl->storage = memory_region_get_ram_ptr(&pfl->mem); 734 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem); 735 736 if (pfl->blk) { 737 /* read the initial flash content */ 738 ret = blk_read(pfl->blk, 0, pfl->storage, total_len >> 9); 739 740 if (ret < 0) { 741 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl)); 742 error_setg(errp, "failed to read the initial flash content"); 743 return; 744 } 745 } 746 747 if (pfl->blk) { 748 pfl->ro = blk_is_read_only(pfl->blk); 749 } else { 750 pfl->ro = 0; 751 } 752 753 /* Default to devices being used at their maximum device width. This was 754 * assumed before the device_width support was added. 755 */ 756 if (!pfl->max_device_width) { 757 pfl->max_device_width = pfl->device_width; 758 } 759 760 pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl); 761 pfl->wcycle = 0; 762 pfl->cmd = 0; 763 pfl->status = 0; 764 /* Hardcoded CFI table */ 765 pfl->cfi_len = 0x52; 766 /* Standard "QRY" string */ 767 pfl->cfi_table[0x10] = 'Q'; 768 pfl->cfi_table[0x11] = 'R'; 769 pfl->cfi_table[0x12] = 'Y'; 770 /* Command set (Intel) */ 771 pfl->cfi_table[0x13] = 0x01; 772 pfl->cfi_table[0x14] = 0x00; 773 /* Primary extended table address (none) */ 774 pfl->cfi_table[0x15] = 0x31; 775 pfl->cfi_table[0x16] = 0x00; 776 /* Alternate command set (none) */ 777 pfl->cfi_table[0x17] = 0x00; 778 pfl->cfi_table[0x18] = 0x00; 779 /* Alternate extended table (none) */ 780 pfl->cfi_table[0x19] = 0x00; 781 pfl->cfi_table[0x1A] = 0x00; 782 /* Vcc min */ 783 pfl->cfi_table[0x1B] = 0x45; 784 /* Vcc max */ 785 pfl->cfi_table[0x1C] = 0x55; 786 /* Vpp min (no Vpp pin) */ 787 pfl->cfi_table[0x1D] = 0x00; 788 /* Vpp max (no Vpp pin) */ 789 pfl->cfi_table[0x1E] = 0x00; 790 /* Reserved */ 791 pfl->cfi_table[0x1F] = 0x07; 792 /* Timeout for min size buffer write */ 793 pfl->cfi_table[0x20] = 0x07; 794 /* Typical timeout for block erase */ 795 pfl->cfi_table[0x21] = 0x0a; 796 /* Typical timeout for full chip erase (4096 ms) */ 797 pfl->cfi_table[0x22] = 0x00; 798 /* Reserved */ 799 pfl->cfi_table[0x23] = 0x04; 800 /* Max timeout for buffer write */ 801 pfl->cfi_table[0x24] = 0x04; 802 /* Max timeout for block erase */ 803 pfl->cfi_table[0x25] = 0x04; 804 /* Max timeout for chip erase */ 805 pfl->cfi_table[0x26] = 0x00; 806 /* Device size */ 807 pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */ 808 /* Flash device interface (8 & 16 bits) */ 809 pfl->cfi_table[0x28] = 0x02; 810 pfl->cfi_table[0x29] = 0x00; 811 /* Max number of bytes in multi-bytes write */ 812 if (pfl->bank_width == 1) { 813 pfl->cfi_table[0x2A] = 0x08; 814 } else { 815 pfl->cfi_table[0x2A] = 0x0B; 816 } 817 pfl->writeblock_size = 1 << pfl->cfi_table[0x2A]; 818 819 pfl->cfi_table[0x2B] = 0x00; 820 /* Number of erase block regions (uniform) */ 821 pfl->cfi_table[0x2C] = 0x01; 822 /* Erase block region 1 */ 823 pfl->cfi_table[0x2D] = blocks_per_device - 1; 824 pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8; 825 pfl->cfi_table[0x2F] = pfl->sector_len >> 8; 826 pfl->cfi_table[0x30] = pfl->sector_len >> 16; 827 828 /* Extended */ 829 pfl->cfi_table[0x31] = 'P'; 830 pfl->cfi_table[0x32] = 'R'; 831 pfl->cfi_table[0x33] = 'I'; 832 833 pfl->cfi_table[0x34] = '1'; 834 pfl->cfi_table[0x35] = '0'; 835 836 pfl->cfi_table[0x36] = 0x00; 837 pfl->cfi_table[0x37] = 0x00; 838 pfl->cfi_table[0x38] = 0x00; 839 pfl->cfi_table[0x39] = 0x00; 840 841 pfl->cfi_table[0x3a] = 0x00; 842 843 pfl->cfi_table[0x3b] = 0x00; 844 pfl->cfi_table[0x3c] = 0x00; 845 846 pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */ 847 } 848 849 static Property pflash_cfi01_properties[] = { 850 DEFINE_PROP_DRIVE("drive", struct pflash_t, blk), 851 /* num-blocks is the number of blocks actually visible to the guest, 852 * ie the total size of the device divided by the sector length. 853 * If we're emulating flash devices wired in parallel the actual 854 * number of blocks per indvidual device will differ. 855 */ 856 DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0), 857 DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0), 858 /* width here is the overall width of this QEMU device in bytes. 859 * The QEMU device may be emulating a number of flash devices 860 * wired up in parallel; the width of each individual flash 861 * device should be specified via device-width. If the individual 862 * devices have a maximum width which is greater than the width 863 * they are being used for, this maximum width should be set via 864 * max-device-width (which otherwise defaults to device-width). 865 * So for instance a 32-bit wide QEMU flash device made from four 866 * 16-bit flash devices used in 8-bit wide mode would be configured 867 * with width = 4, device-width = 1, max-device-width = 2. 868 * 869 * If device-width is not specified we default to backwards 870 * compatible behaviour which is a bad emulation of two 871 * 16 bit devices making up a 32 bit wide QEMU device. This 872 * is deprecated for new uses of this device. 873 */ 874 DEFINE_PROP_UINT8("width", struct pflash_t, bank_width, 0), 875 DEFINE_PROP_UINT8("device-width", struct pflash_t, device_width, 0), 876 DEFINE_PROP_UINT8("max-device-width", struct pflash_t, max_device_width, 0), 877 DEFINE_PROP_BIT("big-endian", struct pflash_t, features, PFLASH_BE, 0), 878 DEFINE_PROP_BIT("secure", struct pflash_t, features, PFLASH_SECURE, 0), 879 DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0), 880 DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0), 881 DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0), 882 DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0), 883 DEFINE_PROP_STRING("name", struct pflash_t, name), 884 DEFINE_PROP_END_OF_LIST(), 885 }; 886 887 static void pflash_cfi01_class_init(ObjectClass *klass, void *data) 888 { 889 DeviceClass *dc = DEVICE_CLASS(klass); 890 891 dc->realize = pflash_cfi01_realize; 892 dc->props = pflash_cfi01_properties; 893 dc->vmsd = &vmstate_pflash; 894 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 895 } 896 897 898 static const TypeInfo pflash_cfi01_info = { 899 .name = TYPE_CFI_PFLASH01, 900 .parent = TYPE_SYS_BUS_DEVICE, 901 .instance_size = sizeof(struct pflash_t), 902 .class_init = pflash_cfi01_class_init, 903 }; 904 905 static void pflash_cfi01_register_types(void) 906 { 907 type_register_static(&pflash_cfi01_info); 908 } 909 910 type_init(pflash_cfi01_register_types) 911 912 pflash_t *pflash_cfi01_register(hwaddr base, 913 DeviceState *qdev, const char *name, 914 hwaddr size, 915 BlockBackend *blk, 916 uint32_t sector_len, int nb_blocs, 917 int bank_width, uint16_t id0, uint16_t id1, 918 uint16_t id2, uint16_t id3, int be) 919 { 920 DeviceState *dev = qdev_create(NULL, TYPE_CFI_PFLASH01); 921 922 if (blk) { 923 qdev_prop_set_drive(dev, "drive", blk, &error_abort); 924 } 925 qdev_prop_set_uint32(dev, "num-blocks", nb_blocs); 926 qdev_prop_set_uint64(dev, "sector-length", sector_len); 927 qdev_prop_set_uint8(dev, "width", bank_width); 928 qdev_prop_set_bit(dev, "big-endian", !!be); 929 qdev_prop_set_uint16(dev, "id0", id0); 930 qdev_prop_set_uint16(dev, "id1", id1); 931 qdev_prop_set_uint16(dev, "id2", id2); 932 qdev_prop_set_uint16(dev, "id3", id3); 933 qdev_prop_set_string(dev, "name", name); 934 qdev_init_nofail(dev); 935 936 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); 937 return CFI_PFLASH01(dev); 938 } 939 940 MemoryRegion *pflash_cfi01_get_memory(pflash_t *fl) 941 { 942 return &fl->mem; 943 } 944 945 static int pflash_post_load(void *opaque, int version_id) 946 { 947 pflash_t *pfl = opaque; 948 949 if (!pfl->ro) { 950 DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name); 951 pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs); 952 } 953 return 0; 954 } 955