1 /* 2 * CFI parallel flash with Intel command set emulation 3 * 4 * Copyright (c) 2006 Thorsten Zitterell 5 * Copyright (c) 2005 Jocelyn Mayer 6 * 7 * This library is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation; either 10 * version 2.1 of the License, or (at your option) any later version. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 /* 22 * For now, this code can emulate flashes of 1, 2 or 4 bytes width. 23 * Supported commands/modes are: 24 * - flash read 25 * - flash write 26 * - flash ID read 27 * - sector erase 28 * - CFI queries 29 * 30 * It does not support timings 31 * It does not support flash interleaving 32 * It does not implement software data protection as found in many real chips 33 * It does not implement erase suspend/resume commands 34 * It does not implement multiple sectors erase 35 * 36 * It does not implement much more ... 37 */ 38 39 #include "qemu/osdep.h" 40 #include "hw/block/block.h" 41 #include "hw/block/flash.h" 42 #include "hw/qdev-properties.h" 43 #include "hw/qdev-properties-system.h" 44 #include "sysemu/block-backend.h" 45 #include "qapi/error.h" 46 #include "qemu/error-report.h" 47 #include "qemu/bitops.h" 48 #include "qemu/host-utils.h" 49 #include "qemu/log.h" 50 #include "qemu/module.h" 51 #include "qemu/option.h" 52 #include "hw/sysbus.h" 53 #include "migration/vmstate.h" 54 #include "sysemu/blockdev.h" 55 #include "sysemu/runstate.h" 56 #include "trace.h" 57 58 #define PFLASH_BE 0 59 #define PFLASH_SECURE 1 60 61 struct PFlashCFI01 { 62 /*< private >*/ 63 SysBusDevice parent_obj; 64 /*< public >*/ 65 66 BlockBackend *blk; 67 uint32_t nb_blocs; 68 uint64_t sector_len; 69 uint8_t bank_width; 70 uint8_t device_width; /* If 0, device width not specified. */ 71 uint8_t max_device_width; /* max device width in bytes */ 72 uint32_t features; 73 uint8_t wcycle; /* if 0, the flash is read normally */ 74 bool ro; 75 uint8_t cmd; 76 uint8_t status; 77 uint16_t ident0; 78 uint16_t ident1; 79 uint16_t ident2; 80 uint16_t ident3; 81 uint8_t cfi_table[0x52]; 82 uint64_t counter; 83 unsigned int writeblock_size; 84 MemoryRegion mem; 85 char *name; 86 void *storage; 87 VMChangeStateEntry *vmstate; 88 bool old_multiple_chip_handling; 89 }; 90 91 static int pflash_post_load(void *opaque, int version_id); 92 93 static const VMStateDescription vmstate_pflash = { 94 .name = "pflash_cfi01", 95 .version_id = 1, 96 .minimum_version_id = 1, 97 .post_load = pflash_post_load, 98 .fields = (VMStateField[]) { 99 VMSTATE_UINT8(wcycle, PFlashCFI01), 100 VMSTATE_UINT8(cmd, PFlashCFI01), 101 VMSTATE_UINT8(status, PFlashCFI01), 102 VMSTATE_UINT64(counter, PFlashCFI01), 103 VMSTATE_END_OF_LIST() 104 } 105 }; 106 107 /* 108 * Perform a CFI query based on the bank width of the flash. 109 * If this code is called we know we have a device_width set for 110 * this flash. 111 */ 112 static uint32_t pflash_cfi_query(PFlashCFI01 *pfl, hwaddr offset) 113 { 114 int i; 115 uint32_t resp = 0; 116 hwaddr boff; 117 118 /* 119 * Adjust incoming offset to match expected device-width 120 * addressing. CFI query addresses are always specified in terms of 121 * the maximum supported width of the device. This means that x8 122 * devices and x8/x16 devices in x8 mode behave differently. For 123 * devices that are not used at their max width, we will be 124 * provided with addresses that use higher address bits than 125 * expected (based on the max width), so we will shift them lower 126 * so that they will match the addresses used when 127 * device_width==max_device_width. 128 */ 129 boff = offset >> (ctz32(pfl->bank_width) + 130 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 131 132 if (boff >= sizeof(pfl->cfi_table)) { 133 return 0; 134 } 135 /* 136 * Now we will construct the CFI response generated by a single 137 * device, then replicate that for all devices that make up the 138 * bus. For wide parts used in x8 mode, CFI query responses 139 * are different than native byte-wide parts. 140 */ 141 resp = pfl->cfi_table[boff]; 142 if (pfl->device_width != pfl->max_device_width) { 143 /* The only case currently supported is x8 mode for a 144 * wider part. 145 */ 146 if (pfl->device_width != 1 || pfl->bank_width > 4) { 147 trace_pflash_unsupported_device_configuration(pfl->name, 148 pfl->device_width, pfl->max_device_width); 149 return 0; 150 } 151 /* CFI query data is repeated, rather than zero padded for 152 * wide devices used in x8 mode. 153 */ 154 for (i = 1; i < pfl->max_device_width; i++) { 155 resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]); 156 } 157 } 158 /* Replicate responses for each device in bank. */ 159 if (pfl->device_width < pfl->bank_width) { 160 for (i = pfl->device_width; 161 i < pfl->bank_width; i += pfl->device_width) { 162 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 163 } 164 } 165 166 return resp; 167 } 168 169 170 171 /* Perform a device id query based on the bank width of the flash. */ 172 static uint32_t pflash_devid_query(PFlashCFI01 *pfl, hwaddr offset) 173 { 174 int i; 175 uint32_t resp; 176 hwaddr boff; 177 178 /* 179 * Adjust incoming offset to match expected device-width 180 * addressing. Device ID read addresses are always specified in 181 * terms of the maximum supported width of the device. This means 182 * that x8 devices and x8/x16 devices in x8 mode behave 183 * differently. For devices that are not used at their max width, 184 * we will be provided with addresses that use higher address bits 185 * than expected (based on the max width), so we will shift them 186 * lower so that they will match the addresses used when 187 * device_width==max_device_width. 188 */ 189 boff = offset >> (ctz32(pfl->bank_width) + 190 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 191 192 /* 193 * Mask off upper bits which may be used in to query block 194 * or sector lock status at other addresses. 195 * Offsets 2/3 are block lock status, is not emulated. 196 */ 197 switch (boff & 0xFF) { 198 case 0: 199 resp = pfl->ident0; 200 trace_pflash_manufacturer_id(pfl->name, resp); 201 break; 202 case 1: 203 resp = pfl->ident1; 204 trace_pflash_device_id(pfl->name, resp); 205 break; 206 default: 207 trace_pflash_device_info(pfl->name, offset); 208 return 0; 209 } 210 /* Replicate responses for each device in bank. */ 211 if (pfl->device_width < pfl->bank_width) { 212 for (i = pfl->device_width; 213 i < pfl->bank_width; i += pfl->device_width) { 214 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 215 } 216 } 217 218 return resp; 219 } 220 221 static uint32_t pflash_data_read(PFlashCFI01 *pfl, hwaddr offset, 222 int width, int be) 223 { 224 uint8_t *p; 225 uint32_t ret; 226 227 p = pfl->storage; 228 switch (width) { 229 case 1: 230 ret = p[offset]; 231 break; 232 case 2: 233 if (be) { 234 ret = p[offset] << 8; 235 ret |= p[offset + 1]; 236 } else { 237 ret = p[offset]; 238 ret |= p[offset + 1] << 8; 239 } 240 break; 241 case 4: 242 if (be) { 243 ret = p[offset] << 24; 244 ret |= p[offset + 1] << 16; 245 ret |= p[offset + 2] << 8; 246 ret |= p[offset + 3]; 247 } else { 248 ret = p[offset]; 249 ret |= p[offset + 1] << 8; 250 ret |= p[offset + 2] << 16; 251 ret |= p[offset + 3] << 24; 252 } 253 break; 254 default: 255 abort(); 256 } 257 trace_pflash_data_read(pfl->name, offset, width, ret); 258 return ret; 259 } 260 261 static uint32_t pflash_read(PFlashCFI01 *pfl, hwaddr offset, 262 int width, int be) 263 { 264 hwaddr boff; 265 uint32_t ret; 266 267 ret = -1; 268 switch (pfl->cmd) { 269 default: 270 /* This should never happen : reset state & treat it as a read */ 271 trace_pflash_read_unknown_state(pfl->name, pfl->cmd); 272 pfl->wcycle = 0; 273 /* 274 * The command 0x00 is not assigned by the CFI open standard, 275 * but QEMU historically uses it for the READ_ARRAY command (0xff). 276 */ 277 pfl->cmd = 0x00; 278 /* fall through to read code */ 279 case 0x00: /* This model reset value for READ_ARRAY (not CFI compliant) */ 280 /* Flash area read */ 281 ret = pflash_data_read(pfl, offset, width, be); 282 break; 283 case 0x10: /* Single byte program */ 284 case 0x20: /* Block erase */ 285 case 0x28: /* Block erase */ 286 case 0x40: /* single byte program */ 287 case 0x50: /* Clear status register */ 288 case 0x60: /* Block /un)lock */ 289 case 0x70: /* Status Register */ 290 case 0xe8: /* Write block */ 291 /* 292 * Status register read. Return status from each device in 293 * bank. 294 */ 295 ret = pfl->status; 296 if (pfl->device_width && width > pfl->device_width) { 297 int shift = pfl->device_width * 8; 298 while (shift + pfl->device_width * 8 <= width * 8) { 299 ret |= pfl->status << shift; 300 shift += pfl->device_width * 8; 301 } 302 } else if (!pfl->device_width && width > 2) { 303 /* 304 * Handle 32 bit flash cases where device width is not 305 * set. (Existing behavior before device width added.) 306 */ 307 ret |= pfl->status << 16; 308 } 309 trace_pflash_read_status(pfl->name, ret); 310 break; 311 case 0x90: 312 if (!pfl->device_width) { 313 /* Preserve old behavior if device width not specified */ 314 boff = offset & 0xFF; 315 if (pfl->bank_width == 2) { 316 boff = boff >> 1; 317 } else if (pfl->bank_width == 4) { 318 boff = boff >> 2; 319 } 320 321 switch (boff) { 322 case 0: 323 ret = pfl->ident0 << 8 | pfl->ident1; 324 trace_pflash_manufacturer_id(pfl->name, ret); 325 break; 326 case 1: 327 ret = pfl->ident2 << 8 | pfl->ident3; 328 trace_pflash_device_id(pfl->name, ret); 329 break; 330 default: 331 trace_pflash_device_info(pfl->name, boff); 332 ret = 0; 333 break; 334 } 335 } else { 336 /* 337 * If we have a read larger than the bank_width, combine multiple 338 * manufacturer/device ID queries into a single response. 339 */ 340 int i; 341 for (i = 0; i < width; i += pfl->bank_width) { 342 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 343 pflash_devid_query(pfl, 344 offset + i * pfl->bank_width)); 345 } 346 } 347 break; 348 case 0x98: /* Query mode */ 349 if (!pfl->device_width) { 350 /* Preserve old behavior if device width not specified */ 351 boff = offset & 0xFF; 352 if (pfl->bank_width == 2) { 353 boff = boff >> 1; 354 } else if (pfl->bank_width == 4) { 355 boff = boff >> 2; 356 } 357 358 if (boff < sizeof(pfl->cfi_table)) { 359 ret = pfl->cfi_table[boff]; 360 } else { 361 ret = 0; 362 } 363 } else { 364 /* 365 * If we have a read larger than the bank_width, combine multiple 366 * CFI queries into a single response. 367 */ 368 int i; 369 for (i = 0; i < width; i += pfl->bank_width) { 370 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 371 pflash_cfi_query(pfl, 372 offset + i * pfl->bank_width)); 373 } 374 } 375 376 break; 377 } 378 trace_pflash_io_read(pfl->name, offset, width, ret, pfl->cmd, pfl->wcycle); 379 380 return ret; 381 } 382 383 /* update flash content on disk */ 384 static void pflash_update(PFlashCFI01 *pfl, int offset, 385 int size) 386 { 387 int offset_end; 388 int ret; 389 if (pfl->blk) { 390 offset_end = offset + size; 391 /* widen to sector boundaries */ 392 offset = QEMU_ALIGN_DOWN(offset, BDRV_SECTOR_SIZE); 393 offset_end = QEMU_ALIGN_UP(offset_end, BDRV_SECTOR_SIZE); 394 ret = blk_pwrite(pfl->blk, offset, offset_end - offset, 395 pfl->storage + offset, 0); 396 if (ret < 0) { 397 /* TODO set error bit in status */ 398 error_report("Could not update PFLASH: %s", strerror(-ret)); 399 } 400 } 401 } 402 403 static inline void pflash_data_write(PFlashCFI01 *pfl, hwaddr offset, 404 uint32_t value, int width, int be) 405 { 406 uint8_t *p = pfl->storage; 407 408 trace_pflash_data_write(pfl->name, offset, width, value, pfl->counter); 409 switch (width) { 410 case 1: 411 p[offset] = value; 412 break; 413 case 2: 414 if (be) { 415 p[offset] = value >> 8; 416 p[offset + 1] = value; 417 } else { 418 p[offset] = value; 419 p[offset + 1] = value >> 8; 420 } 421 break; 422 case 4: 423 if (be) { 424 p[offset] = value >> 24; 425 p[offset + 1] = value >> 16; 426 p[offset + 2] = value >> 8; 427 p[offset + 3] = value; 428 } else { 429 p[offset] = value; 430 p[offset + 1] = value >> 8; 431 p[offset + 2] = value >> 16; 432 p[offset + 3] = value >> 24; 433 } 434 break; 435 } 436 437 } 438 439 static void pflash_write(PFlashCFI01 *pfl, hwaddr offset, 440 uint32_t value, int width, int be) 441 { 442 uint8_t *p; 443 uint8_t cmd; 444 445 cmd = value; 446 447 trace_pflash_io_write(pfl->name, offset, width, value, pfl->wcycle); 448 if (!pfl->wcycle) { 449 /* Set the device in I/O access mode */ 450 memory_region_rom_device_set_romd(&pfl->mem, false); 451 } 452 453 switch (pfl->wcycle) { 454 case 0: 455 /* read mode */ 456 switch (cmd) { 457 case 0x00: /* This model reset value for READ_ARRAY (not CFI) */ 458 goto mode_read_array; 459 case 0x10: /* Single Byte Program */ 460 case 0x40: /* Single Byte Program */ 461 trace_pflash_write(pfl->name, "single byte program (0)"); 462 break; 463 case 0x20: /* Block erase */ 464 p = pfl->storage; 465 offset &= ~(pfl->sector_len - 1); 466 467 trace_pflash_write_block_erase(pfl->name, offset, pfl->sector_len); 468 469 if (!pfl->ro) { 470 memset(p + offset, 0xff, pfl->sector_len); 471 pflash_update(pfl, offset, pfl->sector_len); 472 } else { 473 pfl->status |= 0x20; /* Block erase error */ 474 } 475 pfl->status |= 0x80; /* Ready! */ 476 break; 477 case 0x50: /* Clear status bits */ 478 trace_pflash_write(pfl->name, "clear status bits"); 479 pfl->status = 0x0; 480 goto mode_read_array; 481 case 0x60: /* Block (un)lock */ 482 trace_pflash_write(pfl->name, "block unlock"); 483 break; 484 case 0x70: /* Status Register */ 485 trace_pflash_write(pfl->name, "read status register"); 486 pfl->cmd = cmd; 487 return; 488 case 0x90: /* Read Device ID */ 489 trace_pflash_write(pfl->name, "read device information"); 490 pfl->cmd = cmd; 491 return; 492 case 0x98: /* CFI query */ 493 trace_pflash_write(pfl->name, "CFI query"); 494 break; 495 case 0xe8: /* Write to buffer */ 496 trace_pflash_write(pfl->name, "write to buffer"); 497 /* FIXME should save @offset, @width for case 1+ */ 498 qemu_log_mask(LOG_UNIMP, 499 "%s: Write to buffer emulation is flawed\n", 500 __func__); 501 pfl->status |= 0x80; /* Ready! */ 502 break; 503 case 0xf0: /* Probe for AMD flash */ 504 trace_pflash_write(pfl->name, "probe for AMD flash"); 505 goto mode_read_array; 506 case 0xff: /* Read Array */ 507 trace_pflash_write(pfl->name, "read array mode"); 508 goto mode_read_array; 509 default: 510 goto error_flash; 511 } 512 pfl->wcycle++; 513 pfl->cmd = cmd; 514 break; 515 case 1: 516 switch (pfl->cmd) { 517 case 0x10: /* Single Byte Program */ 518 case 0x40: /* Single Byte Program */ 519 trace_pflash_write(pfl->name, "single byte program (1)"); 520 if (!pfl->ro) { 521 pflash_data_write(pfl, offset, value, width, be); 522 pflash_update(pfl, offset, width); 523 } else { 524 pfl->status |= 0x10; /* Programming error */ 525 } 526 pfl->status |= 0x80; /* Ready! */ 527 pfl->wcycle = 0; 528 break; 529 case 0x20: /* Block erase */ 530 case 0x28: 531 if (cmd == 0xd0) { /* confirm */ 532 pfl->wcycle = 0; 533 pfl->status |= 0x80; 534 } else if (cmd == 0xff) { /* Read Array */ 535 goto mode_read_array; 536 } else 537 goto error_flash; 538 539 break; 540 case 0xe8: 541 /* 542 * Mask writeblock size based on device width, or bank width if 543 * device width not specified. 544 */ 545 /* FIXME check @offset, @width */ 546 if (pfl->device_width) { 547 value = extract32(value, 0, pfl->device_width * 8); 548 } else { 549 value = extract32(value, 0, pfl->bank_width * 8); 550 } 551 trace_pflash_write_block(pfl->name, value); 552 pfl->counter = value; 553 pfl->wcycle++; 554 break; 555 case 0x60: 556 if (cmd == 0xd0) { 557 pfl->wcycle = 0; 558 pfl->status |= 0x80; 559 } else if (cmd == 0x01) { 560 pfl->wcycle = 0; 561 pfl->status |= 0x80; 562 } else if (cmd == 0xff) { /* Read Array */ 563 goto mode_read_array; 564 } else { 565 trace_pflash_write(pfl->name, "unknown (un)locking command"); 566 goto mode_read_array; 567 } 568 break; 569 case 0x98: 570 if (cmd == 0xff) { /* Read Array */ 571 goto mode_read_array; 572 } else { 573 trace_pflash_write(pfl->name, "leaving query mode"); 574 } 575 break; 576 default: 577 goto error_flash; 578 } 579 break; 580 case 2: 581 switch (pfl->cmd) { 582 case 0xe8: /* Block write */ 583 /* FIXME check @offset, @width */ 584 if (!pfl->ro) { 585 /* 586 * FIXME writing straight to memory is *wrong*. We 587 * should write to a buffer, and flush it to memory 588 * only on confirm command (see below). 589 */ 590 pflash_data_write(pfl, offset, value, width, be); 591 } else { 592 pfl->status |= 0x10; /* Programming error */ 593 } 594 595 pfl->status |= 0x80; 596 597 if (!pfl->counter) { 598 hwaddr mask = pfl->writeblock_size - 1; 599 mask = ~mask; 600 601 trace_pflash_write(pfl->name, "block write finished"); 602 pfl->wcycle++; 603 if (!pfl->ro) { 604 /* Flush the entire write buffer onto backing storage. */ 605 /* FIXME premature! */ 606 pflash_update(pfl, offset & mask, pfl->writeblock_size); 607 } else { 608 pfl->status |= 0x10; /* Programming error */ 609 } 610 } 611 612 pfl->counter--; 613 break; 614 default: 615 goto error_flash; 616 } 617 break; 618 case 3: /* Confirm mode */ 619 switch (pfl->cmd) { 620 case 0xe8: /* Block write */ 621 if (cmd == 0xd0) { 622 /* FIXME this is where we should write out the buffer */ 623 pfl->wcycle = 0; 624 pfl->status |= 0x80; 625 } else { 626 qemu_log_mask(LOG_UNIMP, 627 "%s: Aborting write to buffer not implemented," 628 " the data is already written to storage!\n" 629 "Flash device reset into READ mode.\n", 630 __func__); 631 goto mode_read_array; 632 } 633 break; 634 default: 635 goto error_flash; 636 } 637 break; 638 default: 639 /* Should never happen */ 640 trace_pflash_write(pfl->name, "invalid write state"); 641 goto mode_read_array; 642 } 643 return; 644 645 error_flash: 646 qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence " 647 "(offset " HWADDR_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)" 648 "\n", __func__, offset, pfl->wcycle, pfl->cmd, value); 649 650 mode_read_array: 651 trace_pflash_mode_read_array(pfl->name); 652 memory_region_rom_device_set_romd(&pfl->mem, true); 653 pfl->wcycle = 0; 654 pfl->cmd = 0x00; /* This model reset value for READ_ARRAY (not CFI) */ 655 } 656 657 658 static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value, 659 unsigned len, MemTxAttrs attrs) 660 { 661 PFlashCFI01 *pfl = opaque; 662 bool be = !!(pfl->features & (1 << PFLASH_BE)); 663 664 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 665 *value = pflash_data_read(opaque, addr, len, be); 666 } else { 667 *value = pflash_read(opaque, addr, len, be); 668 } 669 return MEMTX_OK; 670 } 671 672 static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value, 673 unsigned len, MemTxAttrs attrs) 674 { 675 PFlashCFI01 *pfl = opaque; 676 bool be = !!(pfl->features & (1 << PFLASH_BE)); 677 678 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 679 return MEMTX_ERROR; 680 } else { 681 pflash_write(opaque, addr, value, len, be); 682 return MEMTX_OK; 683 } 684 } 685 686 static const MemoryRegionOps pflash_cfi01_ops = { 687 .read_with_attrs = pflash_mem_read_with_attrs, 688 .write_with_attrs = pflash_mem_write_with_attrs, 689 .endianness = DEVICE_NATIVE_ENDIAN, 690 }; 691 692 static void pflash_cfi01_fill_cfi_table(PFlashCFI01 *pfl) 693 { 694 uint64_t blocks_per_device, sector_len_per_device, device_len; 695 int num_devices; 696 697 /* 698 * These are only used to expose the parameters of each device 699 * in the cfi_table[]. 700 */ 701 num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1; 702 if (pfl->old_multiple_chip_handling) { 703 blocks_per_device = pfl->nb_blocs / num_devices; 704 sector_len_per_device = pfl->sector_len; 705 } else { 706 blocks_per_device = pfl->nb_blocs; 707 sector_len_per_device = pfl->sector_len / num_devices; 708 } 709 device_len = sector_len_per_device * blocks_per_device; 710 711 /* Hardcoded CFI table */ 712 /* Standard "QRY" string */ 713 pfl->cfi_table[0x10] = 'Q'; 714 pfl->cfi_table[0x11] = 'R'; 715 pfl->cfi_table[0x12] = 'Y'; 716 /* Command set (Intel) */ 717 pfl->cfi_table[0x13] = 0x01; 718 pfl->cfi_table[0x14] = 0x00; 719 /* Primary extended table address (none) */ 720 pfl->cfi_table[0x15] = 0x31; 721 pfl->cfi_table[0x16] = 0x00; 722 /* Alternate command set (none) */ 723 pfl->cfi_table[0x17] = 0x00; 724 pfl->cfi_table[0x18] = 0x00; 725 /* Alternate extended table (none) */ 726 pfl->cfi_table[0x19] = 0x00; 727 pfl->cfi_table[0x1A] = 0x00; 728 /* Vcc min */ 729 pfl->cfi_table[0x1B] = 0x45; 730 /* Vcc max */ 731 pfl->cfi_table[0x1C] = 0x55; 732 /* Vpp min (no Vpp pin) */ 733 pfl->cfi_table[0x1D] = 0x00; 734 /* Vpp max (no Vpp pin) */ 735 pfl->cfi_table[0x1E] = 0x00; 736 /* Reserved */ 737 pfl->cfi_table[0x1F] = 0x07; 738 /* Timeout for min size buffer write */ 739 pfl->cfi_table[0x20] = 0x07; 740 /* Typical timeout for block erase */ 741 pfl->cfi_table[0x21] = 0x0a; 742 /* Typical timeout for full chip erase (4096 ms) */ 743 pfl->cfi_table[0x22] = 0x00; 744 /* Reserved */ 745 pfl->cfi_table[0x23] = 0x04; 746 /* Max timeout for buffer write */ 747 pfl->cfi_table[0x24] = 0x04; 748 /* Max timeout for block erase */ 749 pfl->cfi_table[0x25] = 0x04; 750 /* Max timeout for chip erase */ 751 pfl->cfi_table[0x26] = 0x00; 752 /* Device size */ 753 pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */ 754 /* Flash device interface (8 & 16 bits) */ 755 pfl->cfi_table[0x28] = 0x02; 756 pfl->cfi_table[0x29] = 0x00; 757 /* Max number of bytes in multi-bytes write */ 758 if (pfl->bank_width == 1) { 759 pfl->cfi_table[0x2A] = 0x08; 760 } else { 761 pfl->cfi_table[0x2A] = 0x0B; 762 } 763 pfl->writeblock_size = 1 << pfl->cfi_table[0x2A]; 764 if (!pfl->old_multiple_chip_handling && num_devices > 1) { 765 pfl->writeblock_size *= num_devices; 766 } 767 768 pfl->cfi_table[0x2B] = 0x00; 769 /* Number of erase block regions (uniform) */ 770 pfl->cfi_table[0x2C] = 0x01; 771 /* Erase block region 1 */ 772 pfl->cfi_table[0x2D] = blocks_per_device - 1; 773 pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8; 774 pfl->cfi_table[0x2F] = sector_len_per_device >> 8; 775 pfl->cfi_table[0x30] = sector_len_per_device >> 16; 776 777 /* Extended */ 778 pfl->cfi_table[0x31] = 'P'; 779 pfl->cfi_table[0x32] = 'R'; 780 pfl->cfi_table[0x33] = 'I'; 781 782 pfl->cfi_table[0x34] = '1'; 783 pfl->cfi_table[0x35] = '0'; 784 785 pfl->cfi_table[0x36] = 0x00; 786 pfl->cfi_table[0x37] = 0x00; 787 pfl->cfi_table[0x38] = 0x00; 788 pfl->cfi_table[0x39] = 0x00; 789 790 pfl->cfi_table[0x3a] = 0x00; 791 792 pfl->cfi_table[0x3b] = 0x00; 793 pfl->cfi_table[0x3c] = 0x00; 794 795 pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */ 796 } 797 798 static void pflash_cfi01_realize(DeviceState *dev, Error **errp) 799 { 800 ERRP_GUARD(); 801 PFlashCFI01 *pfl = PFLASH_CFI01(dev); 802 uint64_t total_len; 803 int ret; 804 805 if (pfl->sector_len == 0) { 806 error_setg(errp, "attribute \"sector-length\" not specified or zero."); 807 return; 808 } 809 if (pfl->nb_blocs == 0) { 810 error_setg(errp, "attribute \"num-blocks\" not specified or zero."); 811 return; 812 } 813 if (pfl->name == NULL) { 814 error_setg(errp, "attribute \"name\" not specified."); 815 return; 816 } 817 818 total_len = pfl->sector_len * pfl->nb_blocs; 819 820 memory_region_init_rom_device( 821 &pfl->mem, OBJECT(dev), 822 &pflash_cfi01_ops, 823 pfl, 824 pfl->name, total_len, errp); 825 if (*errp) { 826 return; 827 } 828 829 pfl->storage = memory_region_get_ram_ptr(&pfl->mem); 830 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem); 831 832 if (pfl->blk) { 833 uint64_t perm; 834 pfl->ro = !blk_supports_write_perm(pfl->blk); 835 perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE); 836 ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp); 837 if (ret < 0) { 838 return; 839 } 840 } else { 841 pfl->ro = false; 842 } 843 844 if (pfl->blk) { 845 if (!blk_check_size_and_read_all(pfl->blk, pfl->storage, total_len, 846 errp)) { 847 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl)); 848 return; 849 } 850 } 851 852 /* 853 * Default to devices being used at their maximum device width. This was 854 * assumed before the device_width support was added. 855 */ 856 if (!pfl->max_device_width) { 857 pfl->max_device_width = pfl->device_width; 858 } 859 860 pfl->wcycle = 0; 861 /* 862 * The command 0x00 is not assigned by the CFI open standard, 863 * but QEMU historically uses it for the READ_ARRAY command (0xff). 864 */ 865 pfl->cmd = 0x00; 866 pfl->status = 0x80; /* WSM ready */ 867 pflash_cfi01_fill_cfi_table(pfl); 868 } 869 870 static void pflash_cfi01_system_reset(DeviceState *dev) 871 { 872 PFlashCFI01 *pfl = PFLASH_CFI01(dev); 873 874 trace_pflash_reset(pfl->name); 875 /* 876 * The command 0x00 is not assigned by the CFI open standard, 877 * but QEMU historically uses it for the READ_ARRAY command (0xff). 878 */ 879 pfl->cmd = 0x00; 880 pfl->wcycle = 0; 881 memory_region_rom_device_set_romd(&pfl->mem, true); 882 /* 883 * The WSM ready timer occurs at most 150ns after system reset. 884 * This model deliberately ignores this delay. 885 */ 886 pfl->status = 0x80; 887 } 888 889 static Property pflash_cfi01_properties[] = { 890 DEFINE_PROP_DRIVE("drive", PFlashCFI01, blk), 891 /* num-blocks is the number of blocks actually visible to the guest, 892 * ie the total size of the device divided by the sector length. 893 * If we're emulating flash devices wired in parallel the actual 894 * number of blocks per indvidual device will differ. 895 */ 896 DEFINE_PROP_UINT32("num-blocks", PFlashCFI01, nb_blocs, 0), 897 DEFINE_PROP_UINT64("sector-length", PFlashCFI01, sector_len, 0), 898 /* width here is the overall width of this QEMU device in bytes. 899 * The QEMU device may be emulating a number of flash devices 900 * wired up in parallel; the width of each individual flash 901 * device should be specified via device-width. If the individual 902 * devices have a maximum width which is greater than the width 903 * they are being used for, this maximum width should be set via 904 * max-device-width (which otherwise defaults to device-width). 905 * So for instance a 32-bit wide QEMU flash device made from four 906 * 16-bit flash devices used in 8-bit wide mode would be configured 907 * with width = 4, device-width = 1, max-device-width = 2. 908 * 909 * If device-width is not specified we default to backwards 910 * compatible behaviour which is a bad emulation of two 911 * 16 bit devices making up a 32 bit wide QEMU device. This 912 * is deprecated for new uses of this device. 913 */ 914 DEFINE_PROP_UINT8("width", PFlashCFI01, bank_width, 0), 915 DEFINE_PROP_UINT8("device-width", PFlashCFI01, device_width, 0), 916 DEFINE_PROP_UINT8("max-device-width", PFlashCFI01, max_device_width, 0), 917 DEFINE_PROP_BIT("big-endian", PFlashCFI01, features, PFLASH_BE, 0), 918 DEFINE_PROP_BIT("secure", PFlashCFI01, features, PFLASH_SECURE, 0), 919 DEFINE_PROP_UINT16("id0", PFlashCFI01, ident0, 0), 920 DEFINE_PROP_UINT16("id1", PFlashCFI01, ident1, 0), 921 DEFINE_PROP_UINT16("id2", PFlashCFI01, ident2, 0), 922 DEFINE_PROP_UINT16("id3", PFlashCFI01, ident3, 0), 923 DEFINE_PROP_STRING("name", PFlashCFI01, name), 924 DEFINE_PROP_BOOL("old-multiple-chip-handling", PFlashCFI01, 925 old_multiple_chip_handling, false), 926 DEFINE_PROP_END_OF_LIST(), 927 }; 928 929 static void pflash_cfi01_class_init(ObjectClass *klass, void *data) 930 { 931 DeviceClass *dc = DEVICE_CLASS(klass); 932 933 dc->reset = pflash_cfi01_system_reset; 934 dc->realize = pflash_cfi01_realize; 935 device_class_set_props(dc, pflash_cfi01_properties); 936 dc->vmsd = &vmstate_pflash; 937 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 938 } 939 940 941 static const TypeInfo pflash_cfi01_info = { 942 .name = TYPE_PFLASH_CFI01, 943 .parent = TYPE_SYS_BUS_DEVICE, 944 .instance_size = sizeof(PFlashCFI01), 945 .class_init = pflash_cfi01_class_init, 946 }; 947 948 static void pflash_cfi01_register_types(void) 949 { 950 type_register_static(&pflash_cfi01_info); 951 } 952 953 type_init(pflash_cfi01_register_types) 954 955 PFlashCFI01 *pflash_cfi01_register(hwaddr base, 956 const char *name, 957 hwaddr size, 958 BlockBackend *blk, 959 uint32_t sector_len, 960 int bank_width, 961 uint16_t id0, uint16_t id1, 962 uint16_t id2, uint16_t id3, 963 int be) 964 { 965 DeviceState *dev = qdev_new(TYPE_PFLASH_CFI01); 966 967 if (blk) { 968 qdev_prop_set_drive(dev, "drive", blk); 969 } 970 assert(QEMU_IS_ALIGNED(size, sector_len)); 971 qdev_prop_set_uint32(dev, "num-blocks", size / sector_len); 972 qdev_prop_set_uint64(dev, "sector-length", sector_len); 973 qdev_prop_set_uint8(dev, "width", bank_width); 974 qdev_prop_set_bit(dev, "big-endian", !!be); 975 qdev_prop_set_uint16(dev, "id0", id0); 976 qdev_prop_set_uint16(dev, "id1", id1); 977 qdev_prop_set_uint16(dev, "id2", id2); 978 qdev_prop_set_uint16(dev, "id3", id3); 979 qdev_prop_set_string(dev, "name", name); 980 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal); 981 982 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); 983 return PFLASH_CFI01(dev); 984 } 985 986 BlockBackend *pflash_cfi01_get_blk(PFlashCFI01 *fl) 987 { 988 return fl->blk; 989 } 990 991 MemoryRegion *pflash_cfi01_get_memory(PFlashCFI01 *fl) 992 { 993 return &fl->mem; 994 } 995 996 /* 997 * Handle -drive if=pflash for machines that use properties. 998 * If @dinfo is null, do nothing. 999 * Else if @fl's property "drive" is already set, fatal error. 1000 * Else set it to the BlockBackend with @dinfo. 1001 */ 1002 void pflash_cfi01_legacy_drive(PFlashCFI01 *fl, DriveInfo *dinfo) 1003 { 1004 Location loc; 1005 1006 if (!dinfo) { 1007 return; 1008 } 1009 1010 loc_push_none(&loc); 1011 qemu_opts_loc_restore(dinfo->opts); 1012 if (fl->blk) { 1013 error_report("clashes with -machine"); 1014 exit(1); 1015 } 1016 qdev_prop_set_drive_err(DEVICE(fl), "drive", blk_by_legacy_dinfo(dinfo), 1017 &error_fatal); 1018 loc_pop(&loc); 1019 } 1020 1021 static void postload_update_cb(void *opaque, bool running, RunState state) 1022 { 1023 PFlashCFI01 *pfl = opaque; 1024 1025 /* This is called after bdrv_activate_all. */ 1026 qemu_del_vm_change_state_handler(pfl->vmstate); 1027 pfl->vmstate = NULL; 1028 1029 trace_pflash_postload_cb(pfl->name); 1030 pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs); 1031 } 1032 1033 static int pflash_post_load(void *opaque, int version_id) 1034 { 1035 PFlashCFI01 *pfl = opaque; 1036 1037 if (!pfl->ro) { 1038 pfl->vmstate = qemu_add_vm_change_state_handler(postload_update_cb, 1039 pfl); 1040 } 1041 return 0; 1042 } 1043