1 /* 2 * CFI parallel flash with Intel command set emulation 3 * 4 * Copyright (c) 2006 Thorsten Zitterell 5 * Copyright (c) 2005 Jocelyn Mayer 6 * 7 * This library is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation; either 10 * version 2 of the License, or (at your option) any later version. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 /* 22 * For now, this code can emulate flashes of 1, 2 or 4 bytes width. 23 * Supported commands/modes are: 24 * - flash read 25 * - flash write 26 * - flash ID read 27 * - sector erase 28 * - CFI queries 29 * 30 * It does not support timings 31 * It does not support flash interleaving 32 * It does not implement software data protection as found in many real chips 33 * It does not implement erase suspend/resume commands 34 * It does not implement multiple sectors erase 35 * 36 * It does not implement much more ... 37 */ 38 39 #include "qemu/osdep.h" 40 #include "hw/hw.h" 41 #include "hw/block/block.h" 42 #include "hw/block/flash.h" 43 #include "sysemu/block-backend.h" 44 #include "qapi/error.h" 45 #include "qemu/timer.h" 46 #include "qemu/bitops.h" 47 #include "qemu/error-report.h" 48 #include "qemu/host-utils.h" 49 #include "qemu/log.h" 50 #include "qemu/option.h" 51 #include "hw/sysbus.h" 52 #include "sysemu/blockdev.h" 53 #include "sysemu/sysemu.h" 54 #include "trace.h" 55 56 /* #define PFLASH_DEBUG */ 57 #ifdef PFLASH_DEBUG 58 #define DPRINTF(fmt, ...) \ 59 do { \ 60 fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \ 61 } while (0) 62 #else 63 #define DPRINTF(fmt, ...) do { } while (0) 64 #endif 65 66 #define PFLASH_BE 0 67 #define PFLASH_SECURE 1 68 69 struct PFlashCFI01 { 70 /*< private >*/ 71 SysBusDevice parent_obj; 72 /*< public >*/ 73 74 BlockBackend *blk; 75 uint32_t nb_blocs; 76 uint64_t sector_len; 77 uint8_t bank_width; 78 uint8_t device_width; /* If 0, device width not specified. */ 79 uint8_t max_device_width; /* max device width in bytes */ 80 uint32_t features; 81 uint8_t wcycle; /* if 0, the flash is read normally */ 82 int ro; 83 uint8_t cmd; 84 uint8_t status; 85 uint16_t ident0; 86 uint16_t ident1; 87 uint16_t ident2; 88 uint16_t ident3; 89 uint8_t cfi_table[0x52]; 90 uint64_t counter; 91 unsigned int writeblock_size; 92 QEMUTimer *timer; 93 MemoryRegion mem; 94 char *name; 95 void *storage; 96 VMChangeStateEntry *vmstate; 97 bool old_multiple_chip_handling; 98 }; 99 100 static int pflash_post_load(void *opaque, int version_id); 101 102 static const VMStateDescription vmstate_pflash = { 103 .name = "pflash_cfi01", 104 .version_id = 1, 105 .minimum_version_id = 1, 106 .post_load = pflash_post_load, 107 .fields = (VMStateField[]) { 108 VMSTATE_UINT8(wcycle, PFlashCFI01), 109 VMSTATE_UINT8(cmd, PFlashCFI01), 110 VMSTATE_UINT8(status, PFlashCFI01), 111 VMSTATE_UINT64(counter, PFlashCFI01), 112 VMSTATE_END_OF_LIST() 113 } 114 }; 115 116 static void pflash_timer (void *opaque) 117 { 118 PFlashCFI01 *pfl = opaque; 119 120 trace_pflash_timer_expired(pfl->cmd); 121 /* Reset flash */ 122 pfl->status ^= 0x80; 123 memory_region_rom_device_set_romd(&pfl->mem, true); 124 pfl->wcycle = 0; 125 pfl->cmd = 0; 126 } 127 128 /* Perform a CFI query based on the bank width of the flash. 129 * If this code is called we know we have a device_width set for 130 * this flash. 131 */ 132 static uint32_t pflash_cfi_query(PFlashCFI01 *pfl, hwaddr offset) 133 { 134 int i; 135 uint32_t resp = 0; 136 hwaddr boff; 137 138 /* Adjust incoming offset to match expected device-width 139 * addressing. CFI query addresses are always specified in terms of 140 * the maximum supported width of the device. This means that x8 141 * devices and x8/x16 devices in x8 mode behave differently. For 142 * devices that are not used at their max width, we will be 143 * provided with addresses that use higher address bits than 144 * expected (based on the max width), so we will shift them lower 145 * so that they will match the addresses used when 146 * device_width==max_device_width. 147 */ 148 boff = offset >> (ctz32(pfl->bank_width) + 149 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 150 151 if (boff >= sizeof(pfl->cfi_table)) { 152 return 0; 153 } 154 /* Now we will construct the CFI response generated by a single 155 * device, then replicate that for all devices that make up the 156 * bus. For wide parts used in x8 mode, CFI query responses 157 * are different than native byte-wide parts. 158 */ 159 resp = pfl->cfi_table[boff]; 160 if (pfl->device_width != pfl->max_device_width) { 161 /* The only case currently supported is x8 mode for a 162 * wider part. 163 */ 164 if (pfl->device_width != 1 || pfl->bank_width > 4) { 165 DPRINTF("%s: Unsupported device configuration: " 166 "device_width=%d, max_device_width=%d\n", 167 __func__, pfl->device_width, 168 pfl->max_device_width); 169 return 0; 170 } 171 /* CFI query data is repeated, rather than zero padded for 172 * wide devices used in x8 mode. 173 */ 174 for (i = 1; i < pfl->max_device_width; i++) { 175 resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]); 176 } 177 } 178 /* Replicate responses for each device in bank. */ 179 if (pfl->device_width < pfl->bank_width) { 180 for (i = pfl->device_width; 181 i < pfl->bank_width; i += pfl->device_width) { 182 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 183 } 184 } 185 186 return resp; 187 } 188 189 190 191 /* Perform a device id query based on the bank width of the flash. */ 192 static uint32_t pflash_devid_query(PFlashCFI01 *pfl, hwaddr offset) 193 { 194 int i; 195 uint32_t resp; 196 hwaddr boff; 197 198 /* Adjust incoming offset to match expected device-width 199 * addressing. Device ID read addresses are always specified in 200 * terms of the maximum supported width of the device. This means 201 * that x8 devices and x8/x16 devices in x8 mode behave 202 * differently. For devices that are not used at their max width, 203 * we will be provided with addresses that use higher address bits 204 * than expected (based on the max width), so we will shift them 205 * lower so that they will match the addresses used when 206 * device_width==max_device_width. 207 */ 208 boff = offset >> (ctz32(pfl->bank_width) + 209 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 210 211 /* Mask off upper bits which may be used in to query block 212 * or sector lock status at other addresses. 213 * Offsets 2/3 are block lock status, is not emulated. 214 */ 215 switch (boff & 0xFF) { 216 case 0: 217 resp = pfl->ident0; 218 trace_pflash_manufacturer_id(resp); 219 break; 220 case 1: 221 resp = pfl->ident1; 222 trace_pflash_device_id(resp); 223 break; 224 default: 225 trace_pflash_device_info(offset); 226 return 0; 227 break; 228 } 229 /* Replicate responses for each device in bank. */ 230 if (pfl->device_width < pfl->bank_width) { 231 for (i = pfl->device_width; 232 i < pfl->bank_width; i += pfl->device_width) { 233 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 234 } 235 } 236 237 return resp; 238 } 239 240 static uint32_t pflash_data_read(PFlashCFI01 *pfl, hwaddr offset, 241 int width, int be) 242 { 243 uint8_t *p; 244 uint32_t ret; 245 246 p = pfl->storage; 247 switch (width) { 248 case 1: 249 ret = p[offset]; 250 trace_pflash_data_read8(offset, ret); 251 break; 252 case 2: 253 if (be) { 254 ret = p[offset] << 8; 255 ret |= p[offset + 1]; 256 } else { 257 ret = p[offset]; 258 ret |= p[offset + 1] << 8; 259 } 260 trace_pflash_data_read16(offset, ret); 261 break; 262 case 4: 263 if (be) { 264 ret = p[offset] << 24; 265 ret |= p[offset + 1] << 16; 266 ret |= p[offset + 2] << 8; 267 ret |= p[offset + 3]; 268 } else { 269 ret = p[offset]; 270 ret |= p[offset + 1] << 8; 271 ret |= p[offset + 2] << 16; 272 ret |= p[offset + 3] << 24; 273 } 274 trace_pflash_data_read32(offset, ret); 275 break; 276 default: 277 DPRINTF("BUG in %s\n", __func__); 278 abort(); 279 } 280 return ret; 281 } 282 283 static uint32_t pflash_read(PFlashCFI01 *pfl, hwaddr offset, 284 int width, int be) 285 { 286 hwaddr boff; 287 uint32_t ret; 288 289 ret = -1; 290 trace_pflash_read(offset, pfl->cmd, width, pfl->wcycle); 291 switch (pfl->cmd) { 292 default: 293 /* This should never happen : reset state & treat it as a read */ 294 DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd); 295 pfl->wcycle = 0; 296 pfl->cmd = 0; 297 /* fall through to read code */ 298 case 0x00: 299 /* Flash area read */ 300 ret = pflash_data_read(pfl, offset, width, be); 301 break; 302 case 0x10: /* Single byte program */ 303 case 0x20: /* Block erase */ 304 case 0x28: /* Block erase */ 305 case 0x40: /* single byte program */ 306 case 0x50: /* Clear status register */ 307 case 0x60: /* Block /un)lock */ 308 case 0x70: /* Status Register */ 309 case 0xe8: /* Write block */ 310 /* Status register read. Return status from each device in 311 * bank. 312 */ 313 ret = pfl->status; 314 if (pfl->device_width && width > pfl->device_width) { 315 int shift = pfl->device_width * 8; 316 while (shift + pfl->device_width * 8 <= width * 8) { 317 ret |= pfl->status << shift; 318 shift += pfl->device_width * 8; 319 } 320 } else if (!pfl->device_width && width > 2) { 321 /* Handle 32 bit flash cases where device width is not 322 * set. (Existing behavior before device width added.) 323 */ 324 ret |= pfl->status << 16; 325 } 326 DPRINTF("%s: status %x\n", __func__, ret); 327 break; 328 case 0x90: 329 if (!pfl->device_width) { 330 /* Preserve old behavior if device width not specified */ 331 boff = offset & 0xFF; 332 if (pfl->bank_width == 2) { 333 boff = boff >> 1; 334 } else if (pfl->bank_width == 4) { 335 boff = boff >> 2; 336 } 337 338 switch (boff) { 339 case 0: 340 ret = pfl->ident0 << 8 | pfl->ident1; 341 trace_pflash_manufacturer_id(ret); 342 break; 343 case 1: 344 ret = pfl->ident2 << 8 | pfl->ident3; 345 trace_pflash_device_id(ret); 346 break; 347 default: 348 trace_pflash_device_info(boff); 349 ret = 0; 350 break; 351 } 352 } else { 353 /* If we have a read larger than the bank_width, combine multiple 354 * manufacturer/device ID queries into a single response. 355 */ 356 int i; 357 for (i = 0; i < width; i += pfl->bank_width) { 358 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 359 pflash_devid_query(pfl, 360 offset + i * pfl->bank_width)); 361 } 362 } 363 break; 364 case 0x98: /* Query mode */ 365 if (!pfl->device_width) { 366 /* Preserve old behavior if device width not specified */ 367 boff = offset & 0xFF; 368 if (pfl->bank_width == 2) { 369 boff = boff >> 1; 370 } else if (pfl->bank_width == 4) { 371 boff = boff >> 2; 372 } 373 374 if (boff < sizeof(pfl->cfi_table)) { 375 ret = pfl->cfi_table[boff]; 376 } else { 377 ret = 0; 378 } 379 } else { 380 /* If we have a read larger than the bank_width, combine multiple 381 * CFI queries into a single response. 382 */ 383 int i; 384 for (i = 0; i < width; i += pfl->bank_width) { 385 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 386 pflash_cfi_query(pfl, 387 offset + i * pfl->bank_width)); 388 } 389 } 390 391 break; 392 } 393 return ret; 394 } 395 396 /* update flash content on disk */ 397 static void pflash_update(PFlashCFI01 *pfl, int offset, 398 int size) 399 { 400 int offset_end; 401 if (pfl->blk) { 402 offset_end = offset + size; 403 /* widen to sector boundaries */ 404 offset = QEMU_ALIGN_DOWN(offset, BDRV_SECTOR_SIZE); 405 offset_end = QEMU_ALIGN_UP(offset_end, BDRV_SECTOR_SIZE); 406 blk_pwrite(pfl->blk, offset, pfl->storage + offset, 407 offset_end - offset, 0); 408 } 409 } 410 411 static inline void pflash_data_write(PFlashCFI01 *pfl, hwaddr offset, 412 uint32_t value, int width, int be) 413 { 414 uint8_t *p = pfl->storage; 415 416 trace_pflash_data_write(offset, value, width, pfl->counter); 417 switch (width) { 418 case 1: 419 p[offset] = value; 420 break; 421 case 2: 422 if (be) { 423 p[offset] = value >> 8; 424 p[offset + 1] = value; 425 } else { 426 p[offset] = value; 427 p[offset + 1] = value >> 8; 428 } 429 break; 430 case 4: 431 if (be) { 432 p[offset] = value >> 24; 433 p[offset + 1] = value >> 16; 434 p[offset + 2] = value >> 8; 435 p[offset + 3] = value; 436 } else { 437 p[offset] = value; 438 p[offset + 1] = value >> 8; 439 p[offset + 2] = value >> 16; 440 p[offset + 3] = value >> 24; 441 } 442 break; 443 } 444 445 } 446 447 static void pflash_write(PFlashCFI01 *pfl, hwaddr offset, 448 uint32_t value, int width, int be) 449 { 450 uint8_t *p; 451 uint8_t cmd; 452 453 cmd = value; 454 455 trace_pflash_write(offset, value, width, pfl->wcycle); 456 if (!pfl->wcycle) { 457 /* Set the device in I/O access mode */ 458 memory_region_rom_device_set_romd(&pfl->mem, false); 459 } 460 461 switch (pfl->wcycle) { 462 case 0: 463 /* read mode */ 464 switch (cmd) { 465 case 0x00: /* ??? */ 466 goto reset_flash; 467 case 0x10: /* Single Byte Program */ 468 case 0x40: /* Single Byte Program */ 469 DPRINTF("%s: Single Byte Program\n", __func__); 470 break; 471 case 0x20: /* Block erase */ 472 p = pfl->storage; 473 offset &= ~(pfl->sector_len - 1); 474 475 DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n", 476 __func__, offset, (unsigned)pfl->sector_len); 477 478 if (!pfl->ro) { 479 memset(p + offset, 0xff, pfl->sector_len); 480 pflash_update(pfl, offset, pfl->sector_len); 481 } else { 482 pfl->status |= 0x20; /* Block erase error */ 483 } 484 pfl->status |= 0x80; /* Ready! */ 485 break; 486 case 0x50: /* Clear status bits */ 487 DPRINTF("%s: Clear status bits\n", __func__); 488 pfl->status = 0x0; 489 goto reset_flash; 490 case 0x60: /* Block (un)lock */ 491 DPRINTF("%s: Block unlock\n", __func__); 492 break; 493 case 0x70: /* Status Register */ 494 DPRINTF("%s: Read status register\n", __func__); 495 pfl->cmd = cmd; 496 return; 497 case 0x90: /* Read Device ID */ 498 DPRINTF("%s: Read Device information\n", __func__); 499 pfl->cmd = cmd; 500 return; 501 case 0x98: /* CFI query */ 502 DPRINTF("%s: CFI query\n", __func__); 503 break; 504 case 0xe8: /* Write to buffer */ 505 DPRINTF("%s: Write to buffer\n", __func__); 506 /* FIXME should save @offset, @width for case 1+ */ 507 qemu_log_mask(LOG_UNIMP, 508 "%s: Write to buffer emulation is flawed\n", 509 __func__); 510 pfl->status |= 0x80; /* Ready! */ 511 break; 512 case 0xf0: /* Probe for AMD flash */ 513 DPRINTF("%s: Probe for AMD flash\n", __func__); 514 goto reset_flash; 515 case 0xff: /* Read array mode */ 516 DPRINTF("%s: Read array mode\n", __func__); 517 goto reset_flash; 518 default: 519 goto error_flash; 520 } 521 pfl->wcycle++; 522 pfl->cmd = cmd; 523 break; 524 case 1: 525 switch (pfl->cmd) { 526 case 0x10: /* Single Byte Program */ 527 case 0x40: /* Single Byte Program */ 528 DPRINTF("%s: Single Byte Program\n", __func__); 529 if (!pfl->ro) { 530 pflash_data_write(pfl, offset, value, width, be); 531 pflash_update(pfl, offset, width); 532 } else { 533 pfl->status |= 0x10; /* Programming error */ 534 } 535 pfl->status |= 0x80; /* Ready! */ 536 pfl->wcycle = 0; 537 break; 538 case 0x20: /* Block erase */ 539 case 0x28: 540 if (cmd == 0xd0) { /* confirm */ 541 pfl->wcycle = 0; 542 pfl->status |= 0x80; 543 } else if (cmd == 0xff) { /* read array mode */ 544 goto reset_flash; 545 } else 546 goto error_flash; 547 548 break; 549 case 0xe8: 550 /* Mask writeblock size based on device width, or bank width if 551 * device width not specified. 552 */ 553 /* FIXME check @offset, @width */ 554 if (pfl->device_width) { 555 value = extract32(value, 0, pfl->device_width * 8); 556 } else { 557 value = extract32(value, 0, pfl->bank_width * 8); 558 } 559 DPRINTF("%s: block write of %x bytes\n", __func__, value); 560 pfl->counter = value; 561 pfl->wcycle++; 562 break; 563 case 0x60: 564 if (cmd == 0xd0) { 565 pfl->wcycle = 0; 566 pfl->status |= 0x80; 567 } else if (cmd == 0x01) { 568 pfl->wcycle = 0; 569 pfl->status |= 0x80; 570 } else if (cmd == 0xff) { 571 goto reset_flash; 572 } else { 573 DPRINTF("%s: Unknown (un)locking command\n", __func__); 574 goto reset_flash; 575 } 576 break; 577 case 0x98: 578 if (cmd == 0xff) { 579 goto reset_flash; 580 } else { 581 DPRINTF("%s: leaving query mode\n", __func__); 582 } 583 break; 584 default: 585 goto error_flash; 586 } 587 break; 588 case 2: 589 switch (pfl->cmd) { 590 case 0xe8: /* Block write */ 591 /* FIXME check @offset, @width */ 592 if (!pfl->ro) { 593 /* 594 * FIXME writing straight to memory is *wrong*. We 595 * should write to a buffer, and flush it to memory 596 * only on confirm command (see below). 597 */ 598 pflash_data_write(pfl, offset, value, width, be); 599 } else { 600 pfl->status |= 0x10; /* Programming error */ 601 } 602 603 pfl->status |= 0x80; 604 605 if (!pfl->counter) { 606 hwaddr mask = pfl->writeblock_size - 1; 607 mask = ~mask; 608 609 DPRINTF("%s: block write finished\n", __func__); 610 pfl->wcycle++; 611 if (!pfl->ro) { 612 /* Flush the entire write buffer onto backing storage. */ 613 /* FIXME premature! */ 614 pflash_update(pfl, offset & mask, pfl->writeblock_size); 615 } else { 616 pfl->status |= 0x10; /* Programming error */ 617 } 618 } 619 620 pfl->counter--; 621 break; 622 default: 623 goto error_flash; 624 } 625 break; 626 case 3: /* Confirm mode */ 627 switch (pfl->cmd) { 628 case 0xe8: /* Block write */ 629 if (cmd == 0xd0) { 630 /* FIXME this is where we should write out the buffer */ 631 pfl->wcycle = 0; 632 pfl->status |= 0x80; 633 } else { 634 qemu_log_mask(LOG_UNIMP, 635 "%s: Aborting write to buffer not implemented," 636 " the data is already written to storage!\n" 637 "Flash device reset into READ mode.\n", 638 __func__); 639 goto reset_flash; 640 } 641 break; 642 default: 643 goto error_flash; 644 } 645 break; 646 default: 647 /* Should never happen */ 648 DPRINTF("%s: invalid write state\n", __func__); 649 goto reset_flash; 650 } 651 return; 652 653 error_flash: 654 qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence " 655 "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)" 656 "\n", __func__, offset, pfl->wcycle, pfl->cmd, value); 657 658 reset_flash: 659 trace_pflash_reset(); 660 memory_region_rom_device_set_romd(&pfl->mem, true); 661 pfl->wcycle = 0; 662 pfl->cmd = 0; 663 } 664 665 666 static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value, 667 unsigned len, MemTxAttrs attrs) 668 { 669 PFlashCFI01 *pfl = opaque; 670 bool be = !!(pfl->features & (1 << PFLASH_BE)); 671 672 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 673 *value = pflash_data_read(opaque, addr, len, be); 674 } else { 675 *value = pflash_read(opaque, addr, len, be); 676 } 677 return MEMTX_OK; 678 } 679 680 static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value, 681 unsigned len, MemTxAttrs attrs) 682 { 683 PFlashCFI01 *pfl = opaque; 684 bool be = !!(pfl->features & (1 << PFLASH_BE)); 685 686 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 687 return MEMTX_ERROR; 688 } else { 689 pflash_write(opaque, addr, value, len, be); 690 return MEMTX_OK; 691 } 692 } 693 694 static const MemoryRegionOps pflash_cfi01_ops = { 695 .read_with_attrs = pflash_mem_read_with_attrs, 696 .write_with_attrs = pflash_mem_write_with_attrs, 697 .endianness = DEVICE_NATIVE_ENDIAN, 698 }; 699 700 static void pflash_cfi01_realize(DeviceState *dev, Error **errp) 701 { 702 PFlashCFI01 *pfl = PFLASH_CFI01(dev); 703 uint64_t total_len; 704 int ret; 705 uint64_t blocks_per_device, sector_len_per_device, device_len; 706 int num_devices; 707 Error *local_err = NULL; 708 709 if (pfl->sector_len == 0) { 710 error_setg(errp, "attribute \"sector-length\" not specified or zero."); 711 return; 712 } 713 if (pfl->nb_blocs == 0) { 714 error_setg(errp, "attribute \"num-blocks\" not specified or zero."); 715 return; 716 } 717 if (pfl->name == NULL) { 718 error_setg(errp, "attribute \"name\" not specified."); 719 return; 720 } 721 722 total_len = pfl->sector_len * pfl->nb_blocs; 723 724 /* These are only used to expose the parameters of each device 725 * in the cfi_table[]. 726 */ 727 num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1; 728 if (pfl->old_multiple_chip_handling) { 729 blocks_per_device = pfl->nb_blocs / num_devices; 730 sector_len_per_device = pfl->sector_len; 731 } else { 732 blocks_per_device = pfl->nb_blocs; 733 sector_len_per_device = pfl->sector_len / num_devices; 734 } 735 device_len = sector_len_per_device * blocks_per_device; 736 737 memory_region_init_rom_device( 738 &pfl->mem, OBJECT(dev), 739 &pflash_cfi01_ops, 740 pfl, 741 pfl->name, total_len, &local_err); 742 if (local_err) { 743 error_propagate(errp, local_err); 744 return; 745 } 746 747 pfl->storage = memory_region_get_ram_ptr(&pfl->mem); 748 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem); 749 750 if (pfl->blk) { 751 uint64_t perm; 752 pfl->ro = blk_is_read_only(pfl->blk); 753 perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE); 754 ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp); 755 if (ret < 0) { 756 return; 757 } 758 } else { 759 pfl->ro = 0; 760 } 761 762 if (pfl->blk) { 763 if (!blk_check_size_and_read_all(pfl->blk, pfl->storage, total_len, 764 errp)) { 765 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl)); 766 return; 767 } 768 } 769 770 /* Default to devices being used at their maximum device width. This was 771 * assumed before the device_width support was added. 772 */ 773 if (!pfl->max_device_width) { 774 pfl->max_device_width = pfl->device_width; 775 } 776 777 pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl); 778 pfl->wcycle = 0; 779 pfl->cmd = 0; 780 pfl->status = 0; 781 /* Hardcoded CFI table */ 782 /* Standard "QRY" string */ 783 pfl->cfi_table[0x10] = 'Q'; 784 pfl->cfi_table[0x11] = 'R'; 785 pfl->cfi_table[0x12] = 'Y'; 786 /* Command set (Intel) */ 787 pfl->cfi_table[0x13] = 0x01; 788 pfl->cfi_table[0x14] = 0x00; 789 /* Primary extended table address (none) */ 790 pfl->cfi_table[0x15] = 0x31; 791 pfl->cfi_table[0x16] = 0x00; 792 /* Alternate command set (none) */ 793 pfl->cfi_table[0x17] = 0x00; 794 pfl->cfi_table[0x18] = 0x00; 795 /* Alternate extended table (none) */ 796 pfl->cfi_table[0x19] = 0x00; 797 pfl->cfi_table[0x1A] = 0x00; 798 /* Vcc min */ 799 pfl->cfi_table[0x1B] = 0x45; 800 /* Vcc max */ 801 pfl->cfi_table[0x1C] = 0x55; 802 /* Vpp min (no Vpp pin) */ 803 pfl->cfi_table[0x1D] = 0x00; 804 /* Vpp max (no Vpp pin) */ 805 pfl->cfi_table[0x1E] = 0x00; 806 /* Reserved */ 807 pfl->cfi_table[0x1F] = 0x07; 808 /* Timeout for min size buffer write */ 809 pfl->cfi_table[0x20] = 0x07; 810 /* Typical timeout for block erase */ 811 pfl->cfi_table[0x21] = 0x0a; 812 /* Typical timeout for full chip erase (4096 ms) */ 813 pfl->cfi_table[0x22] = 0x00; 814 /* Reserved */ 815 pfl->cfi_table[0x23] = 0x04; 816 /* Max timeout for buffer write */ 817 pfl->cfi_table[0x24] = 0x04; 818 /* Max timeout for block erase */ 819 pfl->cfi_table[0x25] = 0x04; 820 /* Max timeout for chip erase */ 821 pfl->cfi_table[0x26] = 0x00; 822 /* Device size */ 823 pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */ 824 /* Flash device interface (8 & 16 bits) */ 825 pfl->cfi_table[0x28] = 0x02; 826 pfl->cfi_table[0x29] = 0x00; 827 /* Max number of bytes in multi-bytes write */ 828 if (pfl->bank_width == 1) { 829 pfl->cfi_table[0x2A] = 0x08; 830 } else { 831 pfl->cfi_table[0x2A] = 0x0B; 832 } 833 pfl->writeblock_size = 1 << pfl->cfi_table[0x2A]; 834 if (!pfl->old_multiple_chip_handling && num_devices > 1) { 835 pfl->writeblock_size *= num_devices; 836 } 837 838 pfl->cfi_table[0x2B] = 0x00; 839 /* Number of erase block regions (uniform) */ 840 pfl->cfi_table[0x2C] = 0x01; 841 /* Erase block region 1 */ 842 pfl->cfi_table[0x2D] = blocks_per_device - 1; 843 pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8; 844 pfl->cfi_table[0x2F] = sector_len_per_device >> 8; 845 pfl->cfi_table[0x30] = sector_len_per_device >> 16; 846 847 /* Extended */ 848 pfl->cfi_table[0x31] = 'P'; 849 pfl->cfi_table[0x32] = 'R'; 850 pfl->cfi_table[0x33] = 'I'; 851 852 pfl->cfi_table[0x34] = '1'; 853 pfl->cfi_table[0x35] = '0'; 854 855 pfl->cfi_table[0x36] = 0x00; 856 pfl->cfi_table[0x37] = 0x00; 857 pfl->cfi_table[0x38] = 0x00; 858 pfl->cfi_table[0x39] = 0x00; 859 860 pfl->cfi_table[0x3a] = 0x00; 861 862 pfl->cfi_table[0x3b] = 0x00; 863 pfl->cfi_table[0x3c] = 0x00; 864 865 pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */ 866 } 867 868 static Property pflash_cfi01_properties[] = { 869 DEFINE_PROP_DRIVE("drive", PFlashCFI01, blk), 870 /* num-blocks is the number of blocks actually visible to the guest, 871 * ie the total size of the device divided by the sector length. 872 * If we're emulating flash devices wired in parallel the actual 873 * number of blocks per indvidual device will differ. 874 */ 875 DEFINE_PROP_UINT32("num-blocks", PFlashCFI01, nb_blocs, 0), 876 DEFINE_PROP_UINT64("sector-length", PFlashCFI01, sector_len, 0), 877 /* width here is the overall width of this QEMU device in bytes. 878 * The QEMU device may be emulating a number of flash devices 879 * wired up in parallel; the width of each individual flash 880 * device should be specified via device-width. If the individual 881 * devices have a maximum width which is greater than the width 882 * they are being used for, this maximum width should be set via 883 * max-device-width (which otherwise defaults to device-width). 884 * So for instance a 32-bit wide QEMU flash device made from four 885 * 16-bit flash devices used in 8-bit wide mode would be configured 886 * with width = 4, device-width = 1, max-device-width = 2. 887 * 888 * If device-width is not specified we default to backwards 889 * compatible behaviour which is a bad emulation of two 890 * 16 bit devices making up a 32 bit wide QEMU device. This 891 * is deprecated for new uses of this device. 892 */ 893 DEFINE_PROP_UINT8("width", PFlashCFI01, bank_width, 0), 894 DEFINE_PROP_UINT8("device-width", PFlashCFI01, device_width, 0), 895 DEFINE_PROP_UINT8("max-device-width", PFlashCFI01, max_device_width, 0), 896 DEFINE_PROP_BIT("big-endian", PFlashCFI01, features, PFLASH_BE, 0), 897 DEFINE_PROP_BIT("secure", PFlashCFI01, features, PFLASH_SECURE, 0), 898 DEFINE_PROP_UINT16("id0", PFlashCFI01, ident0, 0), 899 DEFINE_PROP_UINT16("id1", PFlashCFI01, ident1, 0), 900 DEFINE_PROP_UINT16("id2", PFlashCFI01, ident2, 0), 901 DEFINE_PROP_UINT16("id3", PFlashCFI01, ident3, 0), 902 DEFINE_PROP_STRING("name", PFlashCFI01, name), 903 DEFINE_PROP_BOOL("old-multiple-chip-handling", PFlashCFI01, 904 old_multiple_chip_handling, false), 905 DEFINE_PROP_END_OF_LIST(), 906 }; 907 908 static void pflash_cfi01_class_init(ObjectClass *klass, void *data) 909 { 910 DeviceClass *dc = DEVICE_CLASS(klass); 911 912 dc->realize = pflash_cfi01_realize; 913 dc->props = pflash_cfi01_properties; 914 dc->vmsd = &vmstate_pflash; 915 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 916 } 917 918 919 static const TypeInfo pflash_cfi01_info = { 920 .name = TYPE_PFLASH_CFI01, 921 .parent = TYPE_SYS_BUS_DEVICE, 922 .instance_size = sizeof(PFlashCFI01), 923 .class_init = pflash_cfi01_class_init, 924 }; 925 926 static void pflash_cfi01_register_types(void) 927 { 928 type_register_static(&pflash_cfi01_info); 929 } 930 931 type_init(pflash_cfi01_register_types) 932 933 PFlashCFI01 *pflash_cfi01_register(hwaddr base, 934 const char *name, 935 hwaddr size, 936 BlockBackend *blk, 937 uint32_t sector_len, 938 int bank_width, 939 uint16_t id0, uint16_t id1, 940 uint16_t id2, uint16_t id3, 941 int be) 942 { 943 DeviceState *dev = qdev_create(NULL, TYPE_PFLASH_CFI01); 944 945 if (blk) { 946 qdev_prop_set_drive(dev, "drive", blk, &error_abort); 947 } 948 assert(size % sector_len == 0); 949 qdev_prop_set_uint32(dev, "num-blocks", size / sector_len); 950 qdev_prop_set_uint64(dev, "sector-length", sector_len); 951 qdev_prop_set_uint8(dev, "width", bank_width); 952 qdev_prop_set_bit(dev, "big-endian", !!be); 953 qdev_prop_set_uint16(dev, "id0", id0); 954 qdev_prop_set_uint16(dev, "id1", id1); 955 qdev_prop_set_uint16(dev, "id2", id2); 956 qdev_prop_set_uint16(dev, "id3", id3); 957 qdev_prop_set_string(dev, "name", name); 958 qdev_init_nofail(dev); 959 960 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); 961 return PFLASH_CFI01(dev); 962 } 963 964 BlockBackend *pflash_cfi01_get_blk(PFlashCFI01 *fl) 965 { 966 return fl->blk; 967 } 968 969 MemoryRegion *pflash_cfi01_get_memory(PFlashCFI01 *fl) 970 { 971 return &fl->mem; 972 } 973 974 /* 975 * Handle -drive if=pflash for machines that use properties. 976 * If @dinfo is null, do nothing. 977 * Else if @fl's property "drive" is already set, fatal error. 978 * Else set it to the BlockBackend with @dinfo. 979 */ 980 void pflash_cfi01_legacy_drive(PFlashCFI01 *fl, DriveInfo *dinfo) 981 { 982 Location loc; 983 984 if (!dinfo) { 985 return; 986 } 987 988 loc_push_none(&loc); 989 qemu_opts_loc_restore(dinfo->opts); 990 if (fl->blk) { 991 error_report("clashes with -machine"); 992 exit(1); 993 } 994 qdev_prop_set_drive(DEVICE(fl), "drive", 995 blk_by_legacy_dinfo(dinfo), &error_fatal); 996 loc_pop(&loc); 997 } 998 999 static void postload_update_cb(void *opaque, int running, RunState state) 1000 { 1001 PFlashCFI01 *pfl = opaque; 1002 1003 /* This is called after bdrv_invalidate_cache_all. */ 1004 qemu_del_vm_change_state_handler(pfl->vmstate); 1005 pfl->vmstate = NULL; 1006 1007 DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name); 1008 pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs); 1009 } 1010 1011 static int pflash_post_load(void *opaque, int version_id) 1012 { 1013 PFlashCFI01 *pfl = opaque; 1014 1015 if (!pfl->ro) { 1016 pfl->vmstate = qemu_add_vm_change_state_handler(postload_update_cb, 1017 pfl); 1018 } 1019 return 0; 1020 } 1021