1 /* 2 * CFI parallel flash with Intel command set emulation 3 * 4 * Copyright (c) 2006 Thorsten Zitterell 5 * Copyright (c) 2005 Jocelyn Mayer 6 * 7 * This library is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation; either 10 * version 2 of the License, or (at your option) any later version. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 /* 22 * For now, this code can emulate flashes of 1, 2 or 4 bytes width. 23 * Supported commands/modes are: 24 * - flash read 25 * - flash write 26 * - flash ID read 27 * - sector erase 28 * - CFI queries 29 * 30 * It does not support timings 31 * It does not support flash interleaving 32 * It does not implement software data protection as found in many real chips 33 * It does not implement erase suspend/resume commands 34 * It does not implement multiple sectors erase 35 * 36 * It does not implement much more ... 37 */ 38 39 #include "qemu/osdep.h" 40 #include "hw/block/block.h" 41 #include "hw/block/flash.h" 42 #include "hw/qdev-properties.h" 43 #include "sysemu/block-backend.h" 44 #include "qapi/error.h" 45 #include "qemu/error-report.h" 46 #include "qemu/bitops.h" 47 #include "qemu/error-report.h" 48 #include "qemu/host-utils.h" 49 #include "qemu/log.h" 50 #include "qemu/module.h" 51 #include "qemu/option.h" 52 #include "hw/sysbus.h" 53 #include "migration/vmstate.h" 54 #include "sysemu/blockdev.h" 55 #include "sysemu/runstate.h" 56 #include "trace.h" 57 58 /* #define PFLASH_DEBUG */ 59 #ifdef PFLASH_DEBUG 60 #define DPRINTF(fmt, ...) \ 61 do { \ 62 fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \ 63 } while (0) 64 #else 65 #define DPRINTF(fmt, ...) do { } while (0) 66 #endif 67 68 #define PFLASH_BE 0 69 #define PFLASH_SECURE 1 70 71 struct PFlashCFI01 { 72 /*< private >*/ 73 SysBusDevice parent_obj; 74 /*< public >*/ 75 76 BlockBackend *blk; 77 uint32_t nb_blocs; 78 uint64_t sector_len; 79 uint8_t bank_width; 80 uint8_t device_width; /* If 0, device width not specified. */ 81 uint8_t max_device_width; /* max device width in bytes */ 82 uint32_t features; 83 uint8_t wcycle; /* if 0, the flash is read normally */ 84 int ro; 85 uint8_t cmd; 86 uint8_t status; 87 uint16_t ident0; 88 uint16_t ident1; 89 uint16_t ident2; 90 uint16_t ident3; 91 uint8_t cfi_table[0x52]; 92 uint64_t counter; 93 unsigned int writeblock_size; 94 MemoryRegion mem; 95 char *name; 96 void *storage; 97 VMChangeStateEntry *vmstate; 98 bool old_multiple_chip_handling; 99 }; 100 101 static int pflash_post_load(void *opaque, int version_id); 102 103 static const VMStateDescription vmstate_pflash = { 104 .name = "pflash_cfi01", 105 .version_id = 1, 106 .minimum_version_id = 1, 107 .post_load = pflash_post_load, 108 .fields = (VMStateField[]) { 109 VMSTATE_UINT8(wcycle, PFlashCFI01), 110 VMSTATE_UINT8(cmd, PFlashCFI01), 111 VMSTATE_UINT8(status, PFlashCFI01), 112 VMSTATE_UINT64(counter, PFlashCFI01), 113 VMSTATE_END_OF_LIST() 114 } 115 }; 116 117 /* Perform a CFI query based on the bank width of the flash. 118 * If this code is called we know we have a device_width set for 119 * this flash. 120 */ 121 static uint32_t pflash_cfi_query(PFlashCFI01 *pfl, hwaddr offset) 122 { 123 int i; 124 uint32_t resp = 0; 125 hwaddr boff; 126 127 /* Adjust incoming offset to match expected device-width 128 * addressing. CFI query addresses are always specified in terms of 129 * the maximum supported width of the device. This means that x8 130 * devices and x8/x16 devices in x8 mode behave differently. For 131 * devices that are not used at their max width, we will be 132 * provided with addresses that use higher address bits than 133 * expected (based on the max width), so we will shift them lower 134 * so that they will match the addresses used when 135 * device_width==max_device_width. 136 */ 137 boff = offset >> (ctz32(pfl->bank_width) + 138 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 139 140 if (boff >= sizeof(pfl->cfi_table)) { 141 return 0; 142 } 143 /* Now we will construct the CFI response generated by a single 144 * device, then replicate that for all devices that make up the 145 * bus. For wide parts used in x8 mode, CFI query responses 146 * are different than native byte-wide parts. 147 */ 148 resp = pfl->cfi_table[boff]; 149 if (pfl->device_width != pfl->max_device_width) { 150 /* The only case currently supported is x8 mode for a 151 * wider part. 152 */ 153 if (pfl->device_width != 1 || pfl->bank_width > 4) { 154 DPRINTF("%s: Unsupported device configuration: " 155 "device_width=%d, max_device_width=%d\n", 156 __func__, pfl->device_width, 157 pfl->max_device_width); 158 return 0; 159 } 160 /* CFI query data is repeated, rather than zero padded for 161 * wide devices used in x8 mode. 162 */ 163 for (i = 1; i < pfl->max_device_width; i++) { 164 resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]); 165 } 166 } 167 /* Replicate responses for each device in bank. */ 168 if (pfl->device_width < pfl->bank_width) { 169 for (i = pfl->device_width; 170 i < pfl->bank_width; i += pfl->device_width) { 171 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 172 } 173 } 174 175 return resp; 176 } 177 178 179 180 /* Perform a device id query based on the bank width of the flash. */ 181 static uint32_t pflash_devid_query(PFlashCFI01 *pfl, hwaddr offset) 182 { 183 int i; 184 uint32_t resp; 185 hwaddr boff; 186 187 /* Adjust incoming offset to match expected device-width 188 * addressing. Device ID read addresses are always specified in 189 * terms of the maximum supported width of the device. This means 190 * that x8 devices and x8/x16 devices in x8 mode behave 191 * differently. For devices that are not used at their max width, 192 * we will be provided with addresses that use higher address bits 193 * than expected (based on the max width), so we will shift them 194 * lower so that they will match the addresses used when 195 * device_width==max_device_width. 196 */ 197 boff = offset >> (ctz32(pfl->bank_width) + 198 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 199 200 /* Mask off upper bits which may be used in to query block 201 * or sector lock status at other addresses. 202 * Offsets 2/3 are block lock status, is not emulated. 203 */ 204 switch (boff & 0xFF) { 205 case 0: 206 resp = pfl->ident0; 207 trace_pflash_manufacturer_id(resp); 208 break; 209 case 1: 210 resp = pfl->ident1; 211 trace_pflash_device_id(resp); 212 break; 213 default: 214 trace_pflash_device_info(offset); 215 return 0; 216 } 217 /* Replicate responses for each device in bank. */ 218 if (pfl->device_width < pfl->bank_width) { 219 for (i = pfl->device_width; 220 i < pfl->bank_width; i += pfl->device_width) { 221 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 222 } 223 } 224 225 return resp; 226 } 227 228 static uint32_t pflash_data_read(PFlashCFI01 *pfl, hwaddr offset, 229 int width, int be) 230 { 231 uint8_t *p; 232 uint32_t ret; 233 234 p = pfl->storage; 235 switch (width) { 236 case 1: 237 ret = p[offset]; 238 break; 239 case 2: 240 if (be) { 241 ret = p[offset] << 8; 242 ret |= p[offset + 1]; 243 } else { 244 ret = p[offset]; 245 ret |= p[offset + 1] << 8; 246 } 247 break; 248 case 4: 249 if (be) { 250 ret = p[offset] << 24; 251 ret |= p[offset + 1] << 16; 252 ret |= p[offset + 2] << 8; 253 ret |= p[offset + 3]; 254 } else { 255 ret = p[offset]; 256 ret |= p[offset + 1] << 8; 257 ret |= p[offset + 2] << 16; 258 ret |= p[offset + 3] << 24; 259 } 260 break; 261 default: 262 DPRINTF("BUG in %s\n", __func__); 263 abort(); 264 } 265 trace_pflash_data_read(offset, width, ret); 266 return ret; 267 } 268 269 static uint32_t pflash_read(PFlashCFI01 *pfl, hwaddr offset, 270 int width, int be) 271 { 272 hwaddr boff; 273 uint32_t ret; 274 275 ret = -1; 276 switch (pfl->cmd) { 277 default: 278 /* This should never happen : reset state & treat it as a read */ 279 DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd); 280 pfl->wcycle = 0; 281 /* 282 * The command 0x00 is not assigned by the CFI open standard, 283 * but QEMU historically uses it for the READ_ARRAY command (0xff). 284 */ 285 pfl->cmd = 0x00; 286 /* fall through to read code */ 287 case 0x00: /* This model reset value for READ_ARRAY (not CFI compliant) */ 288 /* Flash area read */ 289 ret = pflash_data_read(pfl, offset, width, be); 290 break; 291 case 0x10: /* Single byte program */ 292 case 0x20: /* Block erase */ 293 case 0x28: /* Block erase */ 294 case 0x40: /* single byte program */ 295 case 0x50: /* Clear status register */ 296 case 0x60: /* Block /un)lock */ 297 case 0x70: /* Status Register */ 298 case 0xe8: /* Write block */ 299 /* Status register read. Return status from each device in 300 * bank. 301 */ 302 ret = pfl->status; 303 if (pfl->device_width && width > pfl->device_width) { 304 int shift = pfl->device_width * 8; 305 while (shift + pfl->device_width * 8 <= width * 8) { 306 ret |= pfl->status << shift; 307 shift += pfl->device_width * 8; 308 } 309 } else if (!pfl->device_width && width > 2) { 310 /* Handle 32 bit flash cases where device width is not 311 * set. (Existing behavior before device width added.) 312 */ 313 ret |= pfl->status << 16; 314 } 315 DPRINTF("%s: status %x\n", __func__, ret); 316 break; 317 case 0x90: 318 if (!pfl->device_width) { 319 /* Preserve old behavior if device width not specified */ 320 boff = offset & 0xFF; 321 if (pfl->bank_width == 2) { 322 boff = boff >> 1; 323 } else if (pfl->bank_width == 4) { 324 boff = boff >> 2; 325 } 326 327 switch (boff) { 328 case 0: 329 ret = pfl->ident0 << 8 | pfl->ident1; 330 trace_pflash_manufacturer_id(ret); 331 break; 332 case 1: 333 ret = pfl->ident2 << 8 | pfl->ident3; 334 trace_pflash_device_id(ret); 335 break; 336 default: 337 trace_pflash_device_info(boff); 338 ret = 0; 339 break; 340 } 341 } else { 342 /* If we have a read larger than the bank_width, combine multiple 343 * manufacturer/device ID queries into a single response. 344 */ 345 int i; 346 for (i = 0; i < width; i += pfl->bank_width) { 347 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 348 pflash_devid_query(pfl, 349 offset + i * pfl->bank_width)); 350 } 351 } 352 break; 353 case 0x98: /* Query mode */ 354 if (!pfl->device_width) { 355 /* Preserve old behavior if device width not specified */ 356 boff = offset & 0xFF; 357 if (pfl->bank_width == 2) { 358 boff = boff >> 1; 359 } else if (pfl->bank_width == 4) { 360 boff = boff >> 2; 361 } 362 363 if (boff < sizeof(pfl->cfi_table)) { 364 ret = pfl->cfi_table[boff]; 365 } else { 366 ret = 0; 367 } 368 } else { 369 /* If we have a read larger than the bank_width, combine multiple 370 * CFI queries into a single response. 371 */ 372 int i; 373 for (i = 0; i < width; i += pfl->bank_width) { 374 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 375 pflash_cfi_query(pfl, 376 offset + i * pfl->bank_width)); 377 } 378 } 379 380 break; 381 } 382 trace_pflash_io_read(offset, width, ret, pfl->cmd, pfl->wcycle); 383 384 return ret; 385 } 386 387 /* update flash content on disk */ 388 static void pflash_update(PFlashCFI01 *pfl, int offset, 389 int size) 390 { 391 int offset_end; 392 int ret; 393 if (pfl->blk) { 394 offset_end = offset + size; 395 /* widen to sector boundaries */ 396 offset = QEMU_ALIGN_DOWN(offset, BDRV_SECTOR_SIZE); 397 offset_end = QEMU_ALIGN_UP(offset_end, BDRV_SECTOR_SIZE); 398 ret = blk_pwrite(pfl->blk, offset, pfl->storage + offset, 399 offset_end - offset, 0); 400 if (ret < 0) { 401 /* TODO set error bit in status */ 402 error_report("Could not update PFLASH: %s", strerror(-ret)); 403 } 404 } 405 } 406 407 static inline void pflash_data_write(PFlashCFI01 *pfl, hwaddr offset, 408 uint32_t value, int width, int be) 409 { 410 uint8_t *p = pfl->storage; 411 412 trace_pflash_data_write(offset, width, value, pfl->counter); 413 switch (width) { 414 case 1: 415 p[offset] = value; 416 break; 417 case 2: 418 if (be) { 419 p[offset] = value >> 8; 420 p[offset + 1] = value; 421 } else { 422 p[offset] = value; 423 p[offset + 1] = value >> 8; 424 } 425 break; 426 case 4: 427 if (be) { 428 p[offset] = value >> 24; 429 p[offset + 1] = value >> 16; 430 p[offset + 2] = value >> 8; 431 p[offset + 3] = value; 432 } else { 433 p[offset] = value; 434 p[offset + 1] = value >> 8; 435 p[offset + 2] = value >> 16; 436 p[offset + 3] = value >> 24; 437 } 438 break; 439 } 440 441 } 442 443 static void pflash_write(PFlashCFI01 *pfl, hwaddr offset, 444 uint32_t value, int width, int be) 445 { 446 uint8_t *p; 447 uint8_t cmd; 448 449 cmd = value; 450 451 trace_pflash_io_write(offset, width, value, pfl->wcycle); 452 if (!pfl->wcycle) { 453 /* Set the device in I/O access mode */ 454 memory_region_rom_device_set_romd(&pfl->mem, false); 455 } 456 457 switch (pfl->wcycle) { 458 case 0: 459 /* read mode */ 460 switch (cmd) { 461 case 0x00: /* This model reset value for READ_ARRAY (not CFI) */ 462 goto mode_read_array; 463 case 0x10: /* Single Byte Program */ 464 case 0x40: /* Single Byte Program */ 465 DPRINTF("%s: Single Byte Program\n", __func__); 466 break; 467 case 0x20: /* Block erase */ 468 p = pfl->storage; 469 offset &= ~(pfl->sector_len - 1); 470 471 DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n", 472 __func__, offset, (unsigned)pfl->sector_len); 473 474 if (!pfl->ro) { 475 memset(p + offset, 0xff, pfl->sector_len); 476 pflash_update(pfl, offset, pfl->sector_len); 477 } else { 478 pfl->status |= 0x20; /* Block erase error */ 479 } 480 pfl->status |= 0x80; /* Ready! */ 481 break; 482 case 0x50: /* Clear status bits */ 483 DPRINTF("%s: Clear status bits\n", __func__); 484 pfl->status = 0x0; 485 goto mode_read_array; 486 case 0x60: /* Block (un)lock */ 487 DPRINTF("%s: Block unlock\n", __func__); 488 break; 489 case 0x70: /* Status Register */ 490 DPRINTF("%s: Read status register\n", __func__); 491 pfl->cmd = cmd; 492 return; 493 case 0x90: /* Read Device ID */ 494 DPRINTF("%s: Read Device information\n", __func__); 495 pfl->cmd = cmd; 496 return; 497 case 0x98: /* CFI query */ 498 DPRINTF("%s: CFI query\n", __func__); 499 break; 500 case 0xe8: /* Write to buffer */ 501 DPRINTF("%s: Write to buffer\n", __func__); 502 /* FIXME should save @offset, @width for case 1+ */ 503 qemu_log_mask(LOG_UNIMP, 504 "%s: Write to buffer emulation is flawed\n", 505 __func__); 506 pfl->status |= 0x80; /* Ready! */ 507 break; 508 case 0xf0: /* Probe for AMD flash */ 509 DPRINTF("%s: Probe for AMD flash\n", __func__); 510 goto mode_read_array; 511 case 0xff: /* Read Array */ 512 DPRINTF("%s: Read array mode\n", __func__); 513 goto mode_read_array; 514 default: 515 goto error_flash; 516 } 517 pfl->wcycle++; 518 pfl->cmd = cmd; 519 break; 520 case 1: 521 switch (pfl->cmd) { 522 case 0x10: /* Single Byte Program */ 523 case 0x40: /* Single Byte Program */ 524 DPRINTF("%s: Single Byte Program\n", __func__); 525 if (!pfl->ro) { 526 pflash_data_write(pfl, offset, value, width, be); 527 pflash_update(pfl, offset, width); 528 } else { 529 pfl->status |= 0x10; /* Programming error */ 530 } 531 pfl->status |= 0x80; /* Ready! */ 532 pfl->wcycle = 0; 533 break; 534 case 0x20: /* Block erase */ 535 case 0x28: 536 if (cmd == 0xd0) { /* confirm */ 537 pfl->wcycle = 0; 538 pfl->status |= 0x80; 539 } else if (cmd == 0xff) { /* Read Array */ 540 goto mode_read_array; 541 } else 542 goto error_flash; 543 544 break; 545 case 0xe8: 546 /* Mask writeblock size based on device width, or bank width if 547 * device width not specified. 548 */ 549 /* FIXME check @offset, @width */ 550 if (pfl->device_width) { 551 value = extract32(value, 0, pfl->device_width * 8); 552 } else { 553 value = extract32(value, 0, pfl->bank_width * 8); 554 } 555 DPRINTF("%s: block write of %x bytes\n", __func__, value); 556 pfl->counter = value; 557 pfl->wcycle++; 558 break; 559 case 0x60: 560 if (cmd == 0xd0) { 561 pfl->wcycle = 0; 562 pfl->status |= 0x80; 563 } else if (cmd == 0x01) { 564 pfl->wcycle = 0; 565 pfl->status |= 0x80; 566 } else if (cmd == 0xff) { /* Read Array */ 567 goto mode_read_array; 568 } else { 569 DPRINTF("%s: Unknown (un)locking command\n", __func__); 570 goto mode_read_array; 571 } 572 break; 573 case 0x98: 574 if (cmd == 0xff) { /* Read Array */ 575 goto mode_read_array; 576 } else { 577 DPRINTF("%s: leaving query mode\n", __func__); 578 } 579 break; 580 default: 581 goto error_flash; 582 } 583 break; 584 case 2: 585 switch (pfl->cmd) { 586 case 0xe8: /* Block write */ 587 /* FIXME check @offset, @width */ 588 if (!pfl->ro) { 589 /* 590 * FIXME writing straight to memory is *wrong*. We 591 * should write to a buffer, and flush it to memory 592 * only on confirm command (see below). 593 */ 594 pflash_data_write(pfl, offset, value, width, be); 595 } else { 596 pfl->status |= 0x10; /* Programming error */ 597 } 598 599 pfl->status |= 0x80; 600 601 if (!pfl->counter) { 602 hwaddr mask = pfl->writeblock_size - 1; 603 mask = ~mask; 604 605 DPRINTF("%s: block write finished\n", __func__); 606 pfl->wcycle++; 607 if (!pfl->ro) { 608 /* Flush the entire write buffer onto backing storage. */ 609 /* FIXME premature! */ 610 pflash_update(pfl, offset & mask, pfl->writeblock_size); 611 } else { 612 pfl->status |= 0x10; /* Programming error */ 613 } 614 } 615 616 pfl->counter--; 617 break; 618 default: 619 goto error_flash; 620 } 621 break; 622 case 3: /* Confirm mode */ 623 switch (pfl->cmd) { 624 case 0xe8: /* Block write */ 625 if (cmd == 0xd0) { 626 /* FIXME this is where we should write out the buffer */ 627 pfl->wcycle = 0; 628 pfl->status |= 0x80; 629 } else { 630 qemu_log_mask(LOG_UNIMP, 631 "%s: Aborting write to buffer not implemented," 632 " the data is already written to storage!\n" 633 "Flash device reset into READ mode.\n", 634 __func__); 635 goto mode_read_array; 636 } 637 break; 638 default: 639 goto error_flash; 640 } 641 break; 642 default: 643 /* Should never happen */ 644 DPRINTF("%s: invalid write state\n", __func__); 645 goto mode_read_array; 646 } 647 return; 648 649 error_flash: 650 qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence " 651 "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)" 652 "\n", __func__, offset, pfl->wcycle, pfl->cmd, value); 653 654 mode_read_array: 655 trace_pflash_reset(); 656 memory_region_rom_device_set_romd(&pfl->mem, true); 657 pfl->wcycle = 0; 658 pfl->cmd = 0x00; /* This model reset value for READ_ARRAY (not CFI) */ 659 } 660 661 662 static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value, 663 unsigned len, MemTxAttrs attrs) 664 { 665 PFlashCFI01 *pfl = opaque; 666 bool be = !!(pfl->features & (1 << PFLASH_BE)); 667 668 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 669 *value = pflash_data_read(opaque, addr, len, be); 670 } else { 671 *value = pflash_read(opaque, addr, len, be); 672 } 673 return MEMTX_OK; 674 } 675 676 static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value, 677 unsigned len, MemTxAttrs attrs) 678 { 679 PFlashCFI01 *pfl = opaque; 680 bool be = !!(pfl->features & (1 << PFLASH_BE)); 681 682 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 683 return MEMTX_ERROR; 684 } else { 685 pflash_write(opaque, addr, value, len, be); 686 return MEMTX_OK; 687 } 688 } 689 690 static const MemoryRegionOps pflash_cfi01_ops = { 691 .read_with_attrs = pflash_mem_read_with_attrs, 692 .write_with_attrs = pflash_mem_write_with_attrs, 693 .endianness = DEVICE_NATIVE_ENDIAN, 694 }; 695 696 static void pflash_cfi01_realize(DeviceState *dev, Error **errp) 697 { 698 ERRP_GUARD(); 699 PFlashCFI01 *pfl = PFLASH_CFI01(dev); 700 uint64_t total_len; 701 int ret; 702 uint64_t blocks_per_device, sector_len_per_device, device_len; 703 int num_devices; 704 705 if (pfl->sector_len == 0) { 706 error_setg(errp, "attribute \"sector-length\" not specified or zero."); 707 return; 708 } 709 if (pfl->nb_blocs == 0) { 710 error_setg(errp, "attribute \"num-blocks\" not specified or zero."); 711 return; 712 } 713 if (pfl->name == NULL) { 714 error_setg(errp, "attribute \"name\" not specified."); 715 return; 716 } 717 718 total_len = pfl->sector_len * pfl->nb_blocs; 719 720 /* These are only used to expose the parameters of each device 721 * in the cfi_table[]. 722 */ 723 num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1; 724 if (pfl->old_multiple_chip_handling) { 725 blocks_per_device = pfl->nb_blocs / num_devices; 726 sector_len_per_device = pfl->sector_len; 727 } else { 728 blocks_per_device = pfl->nb_blocs; 729 sector_len_per_device = pfl->sector_len / num_devices; 730 } 731 device_len = sector_len_per_device * blocks_per_device; 732 733 memory_region_init_rom_device( 734 &pfl->mem, OBJECT(dev), 735 &pflash_cfi01_ops, 736 pfl, 737 pfl->name, total_len, errp); 738 if (*errp) { 739 return; 740 } 741 742 pfl->storage = memory_region_get_ram_ptr(&pfl->mem); 743 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem); 744 745 if (pfl->blk) { 746 uint64_t perm; 747 pfl->ro = blk_is_read_only(pfl->blk); 748 perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE); 749 ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp); 750 if (ret < 0) { 751 return; 752 } 753 } else { 754 pfl->ro = 0; 755 } 756 757 if (pfl->blk) { 758 if (!blk_check_size_and_read_all(pfl->blk, pfl->storage, total_len, 759 errp)) { 760 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl)); 761 return; 762 } 763 } 764 765 /* Default to devices being used at their maximum device width. This was 766 * assumed before the device_width support was added. 767 */ 768 if (!pfl->max_device_width) { 769 pfl->max_device_width = pfl->device_width; 770 } 771 772 pfl->wcycle = 0; 773 /* 774 * The command 0x00 is not assigned by the CFI open standard, 775 * but QEMU historically uses it for the READ_ARRAY command (0xff). 776 */ 777 pfl->cmd = 0x00; 778 pfl->status = 0x80; /* WSM ready */ 779 /* Hardcoded CFI table */ 780 /* Standard "QRY" string */ 781 pfl->cfi_table[0x10] = 'Q'; 782 pfl->cfi_table[0x11] = 'R'; 783 pfl->cfi_table[0x12] = 'Y'; 784 /* Command set (Intel) */ 785 pfl->cfi_table[0x13] = 0x01; 786 pfl->cfi_table[0x14] = 0x00; 787 /* Primary extended table address (none) */ 788 pfl->cfi_table[0x15] = 0x31; 789 pfl->cfi_table[0x16] = 0x00; 790 /* Alternate command set (none) */ 791 pfl->cfi_table[0x17] = 0x00; 792 pfl->cfi_table[0x18] = 0x00; 793 /* Alternate extended table (none) */ 794 pfl->cfi_table[0x19] = 0x00; 795 pfl->cfi_table[0x1A] = 0x00; 796 /* Vcc min */ 797 pfl->cfi_table[0x1B] = 0x45; 798 /* Vcc max */ 799 pfl->cfi_table[0x1C] = 0x55; 800 /* Vpp min (no Vpp pin) */ 801 pfl->cfi_table[0x1D] = 0x00; 802 /* Vpp max (no Vpp pin) */ 803 pfl->cfi_table[0x1E] = 0x00; 804 /* Reserved */ 805 pfl->cfi_table[0x1F] = 0x07; 806 /* Timeout for min size buffer write */ 807 pfl->cfi_table[0x20] = 0x07; 808 /* Typical timeout for block erase */ 809 pfl->cfi_table[0x21] = 0x0a; 810 /* Typical timeout for full chip erase (4096 ms) */ 811 pfl->cfi_table[0x22] = 0x00; 812 /* Reserved */ 813 pfl->cfi_table[0x23] = 0x04; 814 /* Max timeout for buffer write */ 815 pfl->cfi_table[0x24] = 0x04; 816 /* Max timeout for block erase */ 817 pfl->cfi_table[0x25] = 0x04; 818 /* Max timeout for chip erase */ 819 pfl->cfi_table[0x26] = 0x00; 820 /* Device size */ 821 pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */ 822 /* Flash device interface (8 & 16 bits) */ 823 pfl->cfi_table[0x28] = 0x02; 824 pfl->cfi_table[0x29] = 0x00; 825 /* Max number of bytes in multi-bytes write */ 826 if (pfl->bank_width == 1) { 827 pfl->cfi_table[0x2A] = 0x08; 828 } else { 829 pfl->cfi_table[0x2A] = 0x0B; 830 } 831 pfl->writeblock_size = 1 << pfl->cfi_table[0x2A]; 832 if (!pfl->old_multiple_chip_handling && num_devices > 1) { 833 pfl->writeblock_size *= num_devices; 834 } 835 836 pfl->cfi_table[0x2B] = 0x00; 837 /* Number of erase block regions (uniform) */ 838 pfl->cfi_table[0x2C] = 0x01; 839 /* Erase block region 1 */ 840 pfl->cfi_table[0x2D] = blocks_per_device - 1; 841 pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8; 842 pfl->cfi_table[0x2F] = sector_len_per_device >> 8; 843 pfl->cfi_table[0x30] = sector_len_per_device >> 16; 844 845 /* Extended */ 846 pfl->cfi_table[0x31] = 'P'; 847 pfl->cfi_table[0x32] = 'R'; 848 pfl->cfi_table[0x33] = 'I'; 849 850 pfl->cfi_table[0x34] = '1'; 851 pfl->cfi_table[0x35] = '0'; 852 853 pfl->cfi_table[0x36] = 0x00; 854 pfl->cfi_table[0x37] = 0x00; 855 pfl->cfi_table[0x38] = 0x00; 856 pfl->cfi_table[0x39] = 0x00; 857 858 pfl->cfi_table[0x3a] = 0x00; 859 860 pfl->cfi_table[0x3b] = 0x00; 861 pfl->cfi_table[0x3c] = 0x00; 862 863 pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */ 864 } 865 866 static void pflash_cfi01_system_reset(DeviceState *dev) 867 { 868 PFlashCFI01 *pfl = PFLASH_CFI01(dev); 869 870 /* 871 * The command 0x00 is not assigned by the CFI open standard, 872 * but QEMU historically uses it for the READ_ARRAY command (0xff). 873 */ 874 pfl->cmd = 0x00; 875 pfl->wcycle = 0; 876 memory_region_rom_device_set_romd(&pfl->mem, true); 877 /* 878 * The WSM ready timer occurs at most 150ns after system reset. 879 * This model deliberately ignores this delay. 880 */ 881 pfl->status = 0x80; 882 } 883 884 static Property pflash_cfi01_properties[] = { 885 DEFINE_PROP_DRIVE("drive", PFlashCFI01, blk), 886 /* num-blocks is the number of blocks actually visible to the guest, 887 * ie the total size of the device divided by the sector length. 888 * If we're emulating flash devices wired in parallel the actual 889 * number of blocks per indvidual device will differ. 890 */ 891 DEFINE_PROP_UINT32("num-blocks", PFlashCFI01, nb_blocs, 0), 892 DEFINE_PROP_UINT64("sector-length", PFlashCFI01, sector_len, 0), 893 /* width here is the overall width of this QEMU device in bytes. 894 * The QEMU device may be emulating a number of flash devices 895 * wired up in parallel; the width of each individual flash 896 * device should be specified via device-width. If the individual 897 * devices have a maximum width which is greater than the width 898 * they are being used for, this maximum width should be set via 899 * max-device-width (which otherwise defaults to device-width). 900 * So for instance a 32-bit wide QEMU flash device made from four 901 * 16-bit flash devices used in 8-bit wide mode would be configured 902 * with width = 4, device-width = 1, max-device-width = 2. 903 * 904 * If device-width is not specified we default to backwards 905 * compatible behaviour which is a bad emulation of two 906 * 16 bit devices making up a 32 bit wide QEMU device. This 907 * is deprecated for new uses of this device. 908 */ 909 DEFINE_PROP_UINT8("width", PFlashCFI01, bank_width, 0), 910 DEFINE_PROP_UINT8("device-width", PFlashCFI01, device_width, 0), 911 DEFINE_PROP_UINT8("max-device-width", PFlashCFI01, max_device_width, 0), 912 DEFINE_PROP_BIT("big-endian", PFlashCFI01, features, PFLASH_BE, 0), 913 DEFINE_PROP_BIT("secure", PFlashCFI01, features, PFLASH_SECURE, 0), 914 DEFINE_PROP_UINT16("id0", PFlashCFI01, ident0, 0), 915 DEFINE_PROP_UINT16("id1", PFlashCFI01, ident1, 0), 916 DEFINE_PROP_UINT16("id2", PFlashCFI01, ident2, 0), 917 DEFINE_PROP_UINT16("id3", PFlashCFI01, ident3, 0), 918 DEFINE_PROP_STRING("name", PFlashCFI01, name), 919 DEFINE_PROP_BOOL("old-multiple-chip-handling", PFlashCFI01, 920 old_multiple_chip_handling, false), 921 DEFINE_PROP_END_OF_LIST(), 922 }; 923 924 static void pflash_cfi01_class_init(ObjectClass *klass, void *data) 925 { 926 DeviceClass *dc = DEVICE_CLASS(klass); 927 928 dc->reset = pflash_cfi01_system_reset; 929 dc->realize = pflash_cfi01_realize; 930 device_class_set_props(dc, pflash_cfi01_properties); 931 dc->vmsd = &vmstate_pflash; 932 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 933 } 934 935 936 static const TypeInfo pflash_cfi01_info = { 937 .name = TYPE_PFLASH_CFI01, 938 .parent = TYPE_SYS_BUS_DEVICE, 939 .instance_size = sizeof(PFlashCFI01), 940 .class_init = pflash_cfi01_class_init, 941 }; 942 943 static void pflash_cfi01_register_types(void) 944 { 945 type_register_static(&pflash_cfi01_info); 946 } 947 948 type_init(pflash_cfi01_register_types) 949 950 PFlashCFI01 *pflash_cfi01_register(hwaddr base, 951 const char *name, 952 hwaddr size, 953 BlockBackend *blk, 954 uint32_t sector_len, 955 int bank_width, 956 uint16_t id0, uint16_t id1, 957 uint16_t id2, uint16_t id3, 958 int be) 959 { 960 DeviceState *dev = qdev_new(TYPE_PFLASH_CFI01); 961 962 if (blk) { 963 qdev_prop_set_drive(dev, "drive", blk); 964 } 965 assert(QEMU_IS_ALIGNED(size, sector_len)); 966 qdev_prop_set_uint32(dev, "num-blocks", size / sector_len); 967 qdev_prop_set_uint64(dev, "sector-length", sector_len); 968 qdev_prop_set_uint8(dev, "width", bank_width); 969 qdev_prop_set_bit(dev, "big-endian", !!be); 970 qdev_prop_set_uint16(dev, "id0", id0); 971 qdev_prop_set_uint16(dev, "id1", id1); 972 qdev_prop_set_uint16(dev, "id2", id2); 973 qdev_prop_set_uint16(dev, "id3", id3); 974 qdev_prop_set_string(dev, "name", name); 975 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal); 976 977 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); 978 return PFLASH_CFI01(dev); 979 } 980 981 BlockBackend *pflash_cfi01_get_blk(PFlashCFI01 *fl) 982 { 983 return fl->blk; 984 } 985 986 MemoryRegion *pflash_cfi01_get_memory(PFlashCFI01 *fl) 987 { 988 return &fl->mem; 989 } 990 991 /* 992 * Handle -drive if=pflash for machines that use properties. 993 * If @dinfo is null, do nothing. 994 * Else if @fl's property "drive" is already set, fatal error. 995 * Else set it to the BlockBackend with @dinfo. 996 */ 997 void pflash_cfi01_legacy_drive(PFlashCFI01 *fl, DriveInfo *dinfo) 998 { 999 Location loc; 1000 1001 if (!dinfo) { 1002 return; 1003 } 1004 1005 loc_push_none(&loc); 1006 qemu_opts_loc_restore(dinfo->opts); 1007 if (fl->blk) { 1008 error_report("clashes with -machine"); 1009 exit(1); 1010 } 1011 qdev_prop_set_drive_err(DEVICE(fl), "drive", blk_by_legacy_dinfo(dinfo), 1012 &error_fatal); 1013 loc_pop(&loc); 1014 } 1015 1016 static void postload_update_cb(void *opaque, int running, RunState state) 1017 { 1018 PFlashCFI01 *pfl = opaque; 1019 1020 /* This is called after bdrv_invalidate_cache_all. */ 1021 qemu_del_vm_change_state_handler(pfl->vmstate); 1022 pfl->vmstate = NULL; 1023 1024 DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name); 1025 pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs); 1026 } 1027 1028 static int pflash_post_load(void *opaque, int version_id) 1029 { 1030 PFlashCFI01 *pfl = opaque; 1031 1032 if (!pfl->ro) { 1033 pfl->vmstate = qemu_add_vm_change_state_handler(postload_update_cb, 1034 pfl); 1035 } 1036 return 0; 1037 } 1038