1 /* 2 * CFI parallel flash with Intel command set emulation 3 * 4 * Copyright (c) 2006 Thorsten Zitterell 5 * Copyright (c) 2005 Jocelyn Mayer 6 * 7 * This library is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation; either 10 * version 2 of the License, or (at your option) any later version. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 /* 22 * For now, this code can emulate flashes of 1, 2 or 4 bytes width. 23 * Supported commands/modes are: 24 * - flash read 25 * - flash write 26 * - flash ID read 27 * - sector erase 28 * - CFI queries 29 * 30 * It does not support timings 31 * It does not support flash interleaving 32 * It does not implement software data protection as found in many real chips 33 * It does not implement erase suspend/resume commands 34 * It does not implement multiple sectors erase 35 * 36 * It does not implement much more ... 37 */ 38 39 #include "qemu/osdep.h" 40 #include "hw/hw.h" 41 #include "hw/block/flash.h" 42 #include "sysemu/block-backend.h" 43 #include "qapi/error.h" 44 #include "qemu/timer.h" 45 #include "qemu/bitops.h" 46 #include "exec/address-spaces.h" 47 #include "qemu/host-utils.h" 48 #include "qemu/log.h" 49 #include "hw/sysbus.h" 50 #include "sysemu/sysemu.h" 51 52 #define PFLASH_BUG(fmt, ...) \ 53 do { \ 54 fprintf(stderr, "PFLASH: Possible BUG - " fmt, ## __VA_ARGS__); \ 55 exit(1); \ 56 } while(0) 57 58 /* #define PFLASH_DEBUG */ 59 #ifdef PFLASH_DEBUG 60 #define DPRINTF(fmt, ...) \ 61 do { \ 62 fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \ 63 } while (0) 64 #else 65 #define DPRINTF(fmt, ...) do { } while (0) 66 #endif 67 68 #define CFI_PFLASH01(obj) OBJECT_CHECK(pflash_t, (obj), TYPE_CFI_PFLASH01) 69 70 #define PFLASH_BE 0 71 #define PFLASH_SECURE 1 72 73 struct pflash_t { 74 /*< private >*/ 75 SysBusDevice parent_obj; 76 /*< public >*/ 77 78 BlockBackend *blk; 79 uint32_t nb_blocs; 80 uint64_t sector_len; 81 uint8_t bank_width; 82 uint8_t device_width; /* If 0, device width not specified. */ 83 uint8_t max_device_width; /* max device width in bytes */ 84 uint32_t features; 85 uint8_t wcycle; /* if 0, the flash is read normally */ 86 int ro; 87 uint8_t cmd; 88 uint8_t status; 89 uint16_t ident0; 90 uint16_t ident1; 91 uint16_t ident2; 92 uint16_t ident3; 93 uint8_t cfi_len; 94 uint8_t cfi_table[0x52]; 95 uint64_t counter; 96 unsigned int writeblock_size; 97 QEMUTimer *timer; 98 MemoryRegion mem; 99 char *name; 100 void *storage; 101 VMChangeStateEntry *vmstate; 102 }; 103 104 static int pflash_post_load(void *opaque, int version_id); 105 106 static const VMStateDescription vmstate_pflash = { 107 .name = "pflash_cfi01", 108 .version_id = 1, 109 .minimum_version_id = 1, 110 .post_load = pflash_post_load, 111 .fields = (VMStateField[]) { 112 VMSTATE_UINT8(wcycle, pflash_t), 113 VMSTATE_UINT8(cmd, pflash_t), 114 VMSTATE_UINT8(status, pflash_t), 115 VMSTATE_UINT64(counter, pflash_t), 116 VMSTATE_END_OF_LIST() 117 } 118 }; 119 120 static void pflash_timer (void *opaque) 121 { 122 pflash_t *pfl = opaque; 123 124 DPRINTF("%s: command %02x done\n", __func__, pfl->cmd); 125 /* Reset flash */ 126 pfl->status ^= 0x80; 127 memory_region_rom_device_set_romd(&pfl->mem, true); 128 pfl->wcycle = 0; 129 pfl->cmd = 0; 130 } 131 132 /* Perform a CFI query based on the bank width of the flash. 133 * If this code is called we know we have a device_width set for 134 * this flash. 135 */ 136 static uint32_t pflash_cfi_query(pflash_t *pfl, hwaddr offset) 137 { 138 int i; 139 uint32_t resp = 0; 140 hwaddr boff; 141 142 /* Adjust incoming offset to match expected device-width 143 * addressing. CFI query addresses are always specified in terms of 144 * the maximum supported width of the device. This means that x8 145 * devices and x8/x16 devices in x8 mode behave differently. For 146 * devices that are not used at their max width, we will be 147 * provided with addresses that use higher address bits than 148 * expected (based on the max width), so we will shift them lower 149 * so that they will match the addresses used when 150 * device_width==max_device_width. 151 */ 152 boff = offset >> (ctz32(pfl->bank_width) + 153 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 154 155 if (boff > pfl->cfi_len) { 156 return 0; 157 } 158 /* Now we will construct the CFI response generated by a single 159 * device, then replicate that for all devices that make up the 160 * bus. For wide parts used in x8 mode, CFI query responses 161 * are different than native byte-wide parts. 162 */ 163 resp = pfl->cfi_table[boff]; 164 if (pfl->device_width != pfl->max_device_width) { 165 /* The only case currently supported is x8 mode for a 166 * wider part. 167 */ 168 if (pfl->device_width != 1 || pfl->bank_width > 4) { 169 DPRINTF("%s: Unsupported device configuration: " 170 "device_width=%d, max_device_width=%d\n", 171 __func__, pfl->device_width, 172 pfl->max_device_width); 173 return 0; 174 } 175 /* CFI query data is repeated, rather than zero padded for 176 * wide devices used in x8 mode. 177 */ 178 for (i = 1; i < pfl->max_device_width; i++) { 179 resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]); 180 } 181 } 182 /* Replicate responses for each device in bank. */ 183 if (pfl->device_width < pfl->bank_width) { 184 for (i = pfl->device_width; 185 i < pfl->bank_width; i += pfl->device_width) { 186 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 187 } 188 } 189 190 return resp; 191 } 192 193 194 195 /* Perform a device id query based on the bank width of the flash. */ 196 static uint32_t pflash_devid_query(pflash_t *pfl, hwaddr offset) 197 { 198 int i; 199 uint32_t resp; 200 hwaddr boff; 201 202 /* Adjust incoming offset to match expected device-width 203 * addressing. Device ID read addresses are always specified in 204 * terms of the maximum supported width of the device. This means 205 * that x8 devices and x8/x16 devices in x8 mode behave 206 * differently. For devices that are not used at their max width, 207 * we will be provided with addresses that use higher address bits 208 * than expected (based on the max width), so we will shift them 209 * lower so that they will match the addresses used when 210 * device_width==max_device_width. 211 */ 212 boff = offset >> (ctz32(pfl->bank_width) + 213 ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); 214 215 /* Mask off upper bits which may be used in to query block 216 * or sector lock status at other addresses. 217 * Offsets 2/3 are block lock status, is not emulated. 218 */ 219 switch (boff & 0xFF) { 220 case 0: 221 resp = pfl->ident0; 222 DPRINTF("%s: Manufacturer Code %04x\n", __func__, resp); 223 break; 224 case 1: 225 resp = pfl->ident1; 226 DPRINTF("%s: Device ID Code %04x\n", __func__, resp); 227 break; 228 default: 229 DPRINTF("%s: Read Device Information offset=%x\n", __func__, 230 (unsigned)offset); 231 return 0; 232 break; 233 } 234 /* Replicate responses for each device in bank. */ 235 if (pfl->device_width < pfl->bank_width) { 236 for (i = pfl->device_width; 237 i < pfl->bank_width; i += pfl->device_width) { 238 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); 239 } 240 } 241 242 return resp; 243 } 244 245 static uint32_t pflash_data_read(pflash_t *pfl, hwaddr offset, 246 int width, int be) 247 { 248 uint8_t *p; 249 uint32_t ret; 250 251 p = pfl->storage; 252 switch (width) { 253 case 1: 254 ret = p[offset]; 255 DPRINTF("%s: data offset " TARGET_FMT_plx " %02x\n", 256 __func__, offset, ret); 257 break; 258 case 2: 259 if (be) { 260 ret = p[offset] << 8; 261 ret |= p[offset + 1]; 262 } else { 263 ret = p[offset]; 264 ret |= p[offset + 1] << 8; 265 } 266 DPRINTF("%s: data offset " TARGET_FMT_plx " %04x\n", 267 __func__, offset, ret); 268 break; 269 case 4: 270 if (be) { 271 ret = p[offset] << 24; 272 ret |= p[offset + 1] << 16; 273 ret |= p[offset + 2] << 8; 274 ret |= p[offset + 3]; 275 } else { 276 ret = p[offset]; 277 ret |= p[offset + 1] << 8; 278 ret |= p[offset + 2] << 16; 279 ret |= p[offset + 3] << 24; 280 } 281 DPRINTF("%s: data offset " TARGET_FMT_plx " %08x\n", 282 __func__, offset, ret); 283 break; 284 default: 285 DPRINTF("BUG in %s\n", __func__); 286 abort(); 287 } 288 return ret; 289 } 290 291 static uint32_t pflash_read (pflash_t *pfl, hwaddr offset, 292 int width, int be) 293 { 294 hwaddr boff; 295 uint32_t ret; 296 297 ret = -1; 298 299 #if 0 300 DPRINTF("%s: reading offset " TARGET_FMT_plx " under cmd %02x width %d\n", 301 __func__, offset, pfl->cmd, width); 302 #endif 303 switch (pfl->cmd) { 304 default: 305 /* This should never happen : reset state & treat it as a read */ 306 DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd); 307 pfl->wcycle = 0; 308 pfl->cmd = 0; 309 /* fall through to read code */ 310 case 0x00: 311 /* Flash area read */ 312 ret = pflash_data_read(pfl, offset, width, be); 313 break; 314 case 0x10: /* Single byte program */ 315 case 0x20: /* Block erase */ 316 case 0x28: /* Block erase */ 317 case 0x40: /* single byte program */ 318 case 0x50: /* Clear status register */ 319 case 0x60: /* Block /un)lock */ 320 case 0x70: /* Status Register */ 321 case 0xe8: /* Write block */ 322 /* Status register read. Return status from each device in 323 * bank. 324 */ 325 ret = pfl->status; 326 if (pfl->device_width && width > pfl->device_width) { 327 int shift = pfl->device_width * 8; 328 while (shift + pfl->device_width * 8 <= width * 8) { 329 ret |= pfl->status << shift; 330 shift += pfl->device_width * 8; 331 } 332 } else if (!pfl->device_width && width > 2) { 333 /* Handle 32 bit flash cases where device width is not 334 * set. (Existing behavior before device width added.) 335 */ 336 ret |= pfl->status << 16; 337 } 338 DPRINTF("%s: status %x\n", __func__, ret); 339 break; 340 case 0x90: 341 if (!pfl->device_width) { 342 /* Preserve old behavior if device width not specified */ 343 boff = offset & 0xFF; 344 if (pfl->bank_width == 2) { 345 boff = boff >> 1; 346 } else if (pfl->bank_width == 4) { 347 boff = boff >> 2; 348 } 349 350 switch (boff) { 351 case 0: 352 ret = pfl->ident0 << 8 | pfl->ident1; 353 DPRINTF("%s: Manufacturer Code %04x\n", __func__, ret); 354 break; 355 case 1: 356 ret = pfl->ident2 << 8 | pfl->ident3; 357 DPRINTF("%s: Device ID Code %04x\n", __func__, ret); 358 break; 359 default: 360 DPRINTF("%s: Read Device Information boff=%x\n", __func__, 361 (unsigned)boff); 362 ret = 0; 363 break; 364 } 365 } else { 366 /* If we have a read larger than the bank_width, combine multiple 367 * manufacturer/device ID queries into a single response. 368 */ 369 int i; 370 for (i = 0; i < width; i += pfl->bank_width) { 371 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 372 pflash_devid_query(pfl, 373 offset + i * pfl->bank_width)); 374 } 375 } 376 break; 377 case 0x98: /* Query mode */ 378 if (!pfl->device_width) { 379 /* Preserve old behavior if device width not specified */ 380 boff = offset & 0xFF; 381 if (pfl->bank_width == 2) { 382 boff = boff >> 1; 383 } else if (pfl->bank_width == 4) { 384 boff = boff >> 2; 385 } 386 387 if (boff > pfl->cfi_len) { 388 ret = 0; 389 } else { 390 ret = pfl->cfi_table[boff]; 391 } 392 } else { 393 /* If we have a read larger than the bank_width, combine multiple 394 * CFI queries into a single response. 395 */ 396 int i; 397 for (i = 0; i < width; i += pfl->bank_width) { 398 ret = deposit32(ret, i * 8, pfl->bank_width * 8, 399 pflash_cfi_query(pfl, 400 offset + i * pfl->bank_width)); 401 } 402 } 403 404 break; 405 } 406 return ret; 407 } 408 409 /* update flash content on disk */ 410 static void pflash_update(pflash_t *pfl, int offset, 411 int size) 412 { 413 int offset_end; 414 if (pfl->blk) { 415 offset_end = offset + size; 416 /* widen to sector boundaries */ 417 offset = QEMU_ALIGN_DOWN(offset, BDRV_SECTOR_SIZE); 418 offset_end = QEMU_ALIGN_UP(offset_end, BDRV_SECTOR_SIZE); 419 blk_pwrite(pfl->blk, offset, pfl->storage + offset, 420 offset_end - offset, 0); 421 } 422 } 423 424 static inline void pflash_data_write(pflash_t *pfl, hwaddr offset, 425 uint32_t value, int width, int be) 426 { 427 uint8_t *p = pfl->storage; 428 429 DPRINTF("%s: block write offset " TARGET_FMT_plx 430 " value %x counter %016" PRIx64 "\n", 431 __func__, offset, value, pfl->counter); 432 switch (width) { 433 case 1: 434 p[offset] = value; 435 break; 436 case 2: 437 if (be) { 438 p[offset] = value >> 8; 439 p[offset + 1] = value; 440 } else { 441 p[offset] = value; 442 p[offset + 1] = value >> 8; 443 } 444 break; 445 case 4: 446 if (be) { 447 p[offset] = value >> 24; 448 p[offset + 1] = value >> 16; 449 p[offset + 2] = value >> 8; 450 p[offset + 3] = value; 451 } else { 452 p[offset] = value; 453 p[offset + 1] = value >> 8; 454 p[offset + 2] = value >> 16; 455 p[offset + 3] = value >> 24; 456 } 457 break; 458 } 459 460 } 461 462 static void pflash_write(pflash_t *pfl, hwaddr offset, 463 uint32_t value, int width, int be) 464 { 465 uint8_t *p; 466 uint8_t cmd; 467 468 cmd = value; 469 470 DPRINTF("%s: writing offset " TARGET_FMT_plx " value %08x width %d wcycle 0x%x\n", 471 __func__, offset, value, width, pfl->wcycle); 472 473 if (!pfl->wcycle) { 474 /* Set the device in I/O access mode */ 475 memory_region_rom_device_set_romd(&pfl->mem, false); 476 } 477 478 switch (pfl->wcycle) { 479 case 0: 480 /* read mode */ 481 switch (cmd) { 482 case 0x00: /* ??? */ 483 goto reset_flash; 484 case 0x10: /* Single Byte Program */ 485 case 0x40: /* Single Byte Program */ 486 DPRINTF("%s: Single Byte Program\n", __func__); 487 break; 488 case 0x20: /* Block erase */ 489 p = pfl->storage; 490 offset &= ~(pfl->sector_len - 1); 491 492 DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n", 493 __func__, offset, (unsigned)pfl->sector_len); 494 495 if (!pfl->ro) { 496 memset(p + offset, 0xff, pfl->sector_len); 497 pflash_update(pfl, offset, pfl->sector_len); 498 } else { 499 pfl->status |= 0x20; /* Block erase error */ 500 } 501 pfl->status |= 0x80; /* Ready! */ 502 break; 503 case 0x50: /* Clear status bits */ 504 DPRINTF("%s: Clear status bits\n", __func__); 505 pfl->status = 0x0; 506 goto reset_flash; 507 case 0x60: /* Block (un)lock */ 508 DPRINTF("%s: Block unlock\n", __func__); 509 break; 510 case 0x70: /* Status Register */ 511 DPRINTF("%s: Read status register\n", __func__); 512 pfl->cmd = cmd; 513 return; 514 case 0x90: /* Read Device ID */ 515 DPRINTF("%s: Read Device information\n", __func__); 516 pfl->cmd = cmd; 517 return; 518 case 0x98: /* CFI query */ 519 DPRINTF("%s: CFI query\n", __func__); 520 break; 521 case 0xe8: /* Write to buffer */ 522 DPRINTF("%s: Write to buffer\n", __func__); 523 pfl->status |= 0x80; /* Ready! */ 524 break; 525 case 0xf0: /* Probe for AMD flash */ 526 DPRINTF("%s: Probe for AMD flash\n", __func__); 527 goto reset_flash; 528 case 0xff: /* Read array mode */ 529 DPRINTF("%s: Read array mode\n", __func__); 530 goto reset_flash; 531 default: 532 goto error_flash; 533 } 534 pfl->wcycle++; 535 pfl->cmd = cmd; 536 break; 537 case 1: 538 switch (pfl->cmd) { 539 case 0x10: /* Single Byte Program */ 540 case 0x40: /* Single Byte Program */ 541 DPRINTF("%s: Single Byte Program\n", __func__); 542 if (!pfl->ro) { 543 pflash_data_write(pfl, offset, value, width, be); 544 pflash_update(pfl, offset, width); 545 } else { 546 pfl->status |= 0x10; /* Programming error */ 547 } 548 pfl->status |= 0x80; /* Ready! */ 549 pfl->wcycle = 0; 550 break; 551 case 0x20: /* Block erase */ 552 case 0x28: 553 if (cmd == 0xd0) { /* confirm */ 554 pfl->wcycle = 0; 555 pfl->status |= 0x80; 556 } else if (cmd == 0xff) { /* read array mode */ 557 goto reset_flash; 558 } else 559 goto error_flash; 560 561 break; 562 case 0xe8: 563 /* Mask writeblock size based on device width, or bank width if 564 * device width not specified. 565 */ 566 if (pfl->device_width) { 567 value = extract32(value, 0, pfl->device_width * 8); 568 } else { 569 value = extract32(value, 0, pfl->bank_width * 8); 570 } 571 DPRINTF("%s: block write of %x bytes\n", __func__, value); 572 pfl->counter = value; 573 pfl->wcycle++; 574 break; 575 case 0x60: 576 if (cmd == 0xd0) { 577 pfl->wcycle = 0; 578 pfl->status |= 0x80; 579 } else if (cmd == 0x01) { 580 pfl->wcycle = 0; 581 pfl->status |= 0x80; 582 } else if (cmd == 0xff) { 583 goto reset_flash; 584 } else { 585 DPRINTF("%s: Unknown (un)locking command\n", __func__); 586 goto reset_flash; 587 } 588 break; 589 case 0x98: 590 if (cmd == 0xff) { 591 goto reset_flash; 592 } else { 593 DPRINTF("%s: leaving query mode\n", __func__); 594 } 595 break; 596 default: 597 goto error_flash; 598 } 599 break; 600 case 2: 601 switch (pfl->cmd) { 602 case 0xe8: /* Block write */ 603 if (!pfl->ro) { 604 pflash_data_write(pfl, offset, value, width, be); 605 } else { 606 pfl->status |= 0x10; /* Programming error */ 607 } 608 609 pfl->status |= 0x80; 610 611 if (!pfl->counter) { 612 hwaddr mask = pfl->writeblock_size - 1; 613 mask = ~mask; 614 615 DPRINTF("%s: block write finished\n", __func__); 616 pfl->wcycle++; 617 if (!pfl->ro) { 618 /* Flush the entire write buffer onto backing storage. */ 619 pflash_update(pfl, offset & mask, pfl->writeblock_size); 620 } else { 621 pfl->status |= 0x10; /* Programming error */ 622 } 623 } 624 625 pfl->counter--; 626 break; 627 default: 628 goto error_flash; 629 } 630 break; 631 case 3: /* Confirm mode */ 632 switch (pfl->cmd) { 633 case 0xe8: /* Block write */ 634 if (cmd == 0xd0) { 635 pfl->wcycle = 0; 636 pfl->status |= 0x80; 637 } else { 638 DPRINTF("%s: unknown command for \"write block\"\n", __func__); 639 PFLASH_BUG("Write block confirm"); 640 goto reset_flash; 641 } 642 break; 643 default: 644 goto error_flash; 645 } 646 break; 647 default: 648 /* Should never happen */ 649 DPRINTF("%s: invalid write state\n", __func__); 650 goto reset_flash; 651 } 652 return; 653 654 error_flash: 655 qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence " 656 "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)" 657 "\n", __func__, offset, pfl->wcycle, pfl->cmd, value); 658 659 reset_flash: 660 memory_region_rom_device_set_romd(&pfl->mem, true); 661 662 pfl->wcycle = 0; 663 pfl->cmd = 0; 664 } 665 666 667 static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value, 668 unsigned len, MemTxAttrs attrs) 669 { 670 pflash_t *pfl = opaque; 671 bool be = !!(pfl->features & (1 << PFLASH_BE)); 672 673 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 674 *value = pflash_data_read(opaque, addr, len, be); 675 } else { 676 *value = pflash_read(opaque, addr, len, be); 677 } 678 return MEMTX_OK; 679 } 680 681 static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value, 682 unsigned len, MemTxAttrs attrs) 683 { 684 pflash_t *pfl = opaque; 685 bool be = !!(pfl->features & (1 << PFLASH_BE)); 686 687 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { 688 return MEMTX_ERROR; 689 } else { 690 pflash_write(opaque, addr, value, len, be); 691 return MEMTX_OK; 692 } 693 } 694 695 static const MemoryRegionOps pflash_cfi01_ops = { 696 .read_with_attrs = pflash_mem_read_with_attrs, 697 .write_with_attrs = pflash_mem_write_with_attrs, 698 .endianness = DEVICE_NATIVE_ENDIAN, 699 }; 700 701 static void pflash_cfi01_realize(DeviceState *dev, Error **errp) 702 { 703 pflash_t *pfl = CFI_PFLASH01(dev); 704 uint64_t total_len; 705 int ret; 706 uint64_t blocks_per_device, device_len; 707 int num_devices; 708 Error *local_err = NULL; 709 710 total_len = pfl->sector_len * pfl->nb_blocs; 711 712 /* These are only used to expose the parameters of each device 713 * in the cfi_table[]. 714 */ 715 num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1; 716 blocks_per_device = pfl->nb_blocs / num_devices; 717 device_len = pfl->sector_len * blocks_per_device; 718 719 /* XXX: to be fixed */ 720 #if 0 721 if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) && 722 total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024)) 723 return NULL; 724 #endif 725 726 memory_region_init_rom_device( 727 &pfl->mem, OBJECT(dev), 728 &pflash_cfi01_ops, 729 pfl, 730 pfl->name, total_len, &local_err); 731 if (local_err) { 732 error_propagate(errp, local_err); 733 return; 734 } 735 736 vmstate_register_ram(&pfl->mem, DEVICE(pfl)); 737 pfl->storage = memory_region_get_ram_ptr(&pfl->mem); 738 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem); 739 740 if (pfl->blk) { 741 /* read the initial flash content */ 742 ret = blk_pread(pfl->blk, 0, pfl->storage, total_len); 743 744 if (ret < 0) { 745 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl)); 746 error_setg(errp, "failed to read the initial flash content"); 747 return; 748 } 749 } 750 751 if (pfl->blk) { 752 pfl->ro = blk_is_read_only(pfl->blk); 753 } else { 754 pfl->ro = 0; 755 } 756 757 /* Default to devices being used at their maximum device width. This was 758 * assumed before the device_width support was added. 759 */ 760 if (!pfl->max_device_width) { 761 pfl->max_device_width = pfl->device_width; 762 } 763 764 pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl); 765 pfl->wcycle = 0; 766 pfl->cmd = 0; 767 pfl->status = 0; 768 /* Hardcoded CFI table */ 769 pfl->cfi_len = 0x52; 770 /* Standard "QRY" string */ 771 pfl->cfi_table[0x10] = 'Q'; 772 pfl->cfi_table[0x11] = 'R'; 773 pfl->cfi_table[0x12] = 'Y'; 774 /* Command set (Intel) */ 775 pfl->cfi_table[0x13] = 0x01; 776 pfl->cfi_table[0x14] = 0x00; 777 /* Primary extended table address (none) */ 778 pfl->cfi_table[0x15] = 0x31; 779 pfl->cfi_table[0x16] = 0x00; 780 /* Alternate command set (none) */ 781 pfl->cfi_table[0x17] = 0x00; 782 pfl->cfi_table[0x18] = 0x00; 783 /* Alternate extended table (none) */ 784 pfl->cfi_table[0x19] = 0x00; 785 pfl->cfi_table[0x1A] = 0x00; 786 /* Vcc min */ 787 pfl->cfi_table[0x1B] = 0x45; 788 /* Vcc max */ 789 pfl->cfi_table[0x1C] = 0x55; 790 /* Vpp min (no Vpp pin) */ 791 pfl->cfi_table[0x1D] = 0x00; 792 /* Vpp max (no Vpp pin) */ 793 pfl->cfi_table[0x1E] = 0x00; 794 /* Reserved */ 795 pfl->cfi_table[0x1F] = 0x07; 796 /* Timeout for min size buffer write */ 797 pfl->cfi_table[0x20] = 0x07; 798 /* Typical timeout for block erase */ 799 pfl->cfi_table[0x21] = 0x0a; 800 /* Typical timeout for full chip erase (4096 ms) */ 801 pfl->cfi_table[0x22] = 0x00; 802 /* Reserved */ 803 pfl->cfi_table[0x23] = 0x04; 804 /* Max timeout for buffer write */ 805 pfl->cfi_table[0x24] = 0x04; 806 /* Max timeout for block erase */ 807 pfl->cfi_table[0x25] = 0x04; 808 /* Max timeout for chip erase */ 809 pfl->cfi_table[0x26] = 0x00; 810 /* Device size */ 811 pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */ 812 /* Flash device interface (8 & 16 bits) */ 813 pfl->cfi_table[0x28] = 0x02; 814 pfl->cfi_table[0x29] = 0x00; 815 /* Max number of bytes in multi-bytes write */ 816 if (pfl->bank_width == 1) { 817 pfl->cfi_table[0x2A] = 0x08; 818 } else { 819 pfl->cfi_table[0x2A] = 0x0B; 820 } 821 pfl->writeblock_size = 1 << pfl->cfi_table[0x2A]; 822 823 pfl->cfi_table[0x2B] = 0x00; 824 /* Number of erase block regions (uniform) */ 825 pfl->cfi_table[0x2C] = 0x01; 826 /* Erase block region 1 */ 827 pfl->cfi_table[0x2D] = blocks_per_device - 1; 828 pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8; 829 pfl->cfi_table[0x2F] = pfl->sector_len >> 8; 830 pfl->cfi_table[0x30] = pfl->sector_len >> 16; 831 832 /* Extended */ 833 pfl->cfi_table[0x31] = 'P'; 834 pfl->cfi_table[0x32] = 'R'; 835 pfl->cfi_table[0x33] = 'I'; 836 837 pfl->cfi_table[0x34] = '1'; 838 pfl->cfi_table[0x35] = '0'; 839 840 pfl->cfi_table[0x36] = 0x00; 841 pfl->cfi_table[0x37] = 0x00; 842 pfl->cfi_table[0x38] = 0x00; 843 pfl->cfi_table[0x39] = 0x00; 844 845 pfl->cfi_table[0x3a] = 0x00; 846 847 pfl->cfi_table[0x3b] = 0x00; 848 pfl->cfi_table[0x3c] = 0x00; 849 850 pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */ 851 } 852 853 static Property pflash_cfi01_properties[] = { 854 DEFINE_PROP_DRIVE("drive", struct pflash_t, blk), 855 /* num-blocks is the number of blocks actually visible to the guest, 856 * ie the total size of the device divided by the sector length. 857 * If we're emulating flash devices wired in parallel the actual 858 * number of blocks per indvidual device will differ. 859 */ 860 DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0), 861 DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0), 862 /* width here is the overall width of this QEMU device in bytes. 863 * The QEMU device may be emulating a number of flash devices 864 * wired up in parallel; the width of each individual flash 865 * device should be specified via device-width. If the individual 866 * devices have a maximum width which is greater than the width 867 * they are being used for, this maximum width should be set via 868 * max-device-width (which otherwise defaults to device-width). 869 * So for instance a 32-bit wide QEMU flash device made from four 870 * 16-bit flash devices used in 8-bit wide mode would be configured 871 * with width = 4, device-width = 1, max-device-width = 2. 872 * 873 * If device-width is not specified we default to backwards 874 * compatible behaviour which is a bad emulation of two 875 * 16 bit devices making up a 32 bit wide QEMU device. This 876 * is deprecated for new uses of this device. 877 */ 878 DEFINE_PROP_UINT8("width", struct pflash_t, bank_width, 0), 879 DEFINE_PROP_UINT8("device-width", struct pflash_t, device_width, 0), 880 DEFINE_PROP_UINT8("max-device-width", struct pflash_t, max_device_width, 0), 881 DEFINE_PROP_BIT("big-endian", struct pflash_t, features, PFLASH_BE, 0), 882 DEFINE_PROP_BIT("secure", struct pflash_t, features, PFLASH_SECURE, 0), 883 DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0), 884 DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0), 885 DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0), 886 DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0), 887 DEFINE_PROP_STRING("name", struct pflash_t, name), 888 DEFINE_PROP_END_OF_LIST(), 889 }; 890 891 static void pflash_cfi01_class_init(ObjectClass *klass, void *data) 892 { 893 DeviceClass *dc = DEVICE_CLASS(klass); 894 895 dc->realize = pflash_cfi01_realize; 896 dc->props = pflash_cfi01_properties; 897 dc->vmsd = &vmstate_pflash; 898 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 899 } 900 901 902 static const TypeInfo pflash_cfi01_info = { 903 .name = TYPE_CFI_PFLASH01, 904 .parent = TYPE_SYS_BUS_DEVICE, 905 .instance_size = sizeof(struct pflash_t), 906 .class_init = pflash_cfi01_class_init, 907 }; 908 909 static void pflash_cfi01_register_types(void) 910 { 911 type_register_static(&pflash_cfi01_info); 912 } 913 914 type_init(pflash_cfi01_register_types) 915 916 pflash_t *pflash_cfi01_register(hwaddr base, 917 DeviceState *qdev, const char *name, 918 hwaddr size, 919 BlockBackend *blk, 920 uint32_t sector_len, int nb_blocs, 921 int bank_width, uint16_t id0, uint16_t id1, 922 uint16_t id2, uint16_t id3, int be) 923 { 924 DeviceState *dev = qdev_create(NULL, TYPE_CFI_PFLASH01); 925 926 if (blk) { 927 qdev_prop_set_drive(dev, "drive", blk, &error_abort); 928 } 929 qdev_prop_set_uint32(dev, "num-blocks", nb_blocs); 930 qdev_prop_set_uint64(dev, "sector-length", sector_len); 931 qdev_prop_set_uint8(dev, "width", bank_width); 932 qdev_prop_set_bit(dev, "big-endian", !!be); 933 qdev_prop_set_uint16(dev, "id0", id0); 934 qdev_prop_set_uint16(dev, "id1", id1); 935 qdev_prop_set_uint16(dev, "id2", id2); 936 qdev_prop_set_uint16(dev, "id3", id3); 937 qdev_prop_set_string(dev, "name", name); 938 qdev_init_nofail(dev); 939 940 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); 941 return CFI_PFLASH01(dev); 942 } 943 944 MemoryRegion *pflash_cfi01_get_memory(pflash_t *fl) 945 { 946 return &fl->mem; 947 } 948 949 static void postload_update_cb(void *opaque, int running, RunState state) 950 { 951 pflash_t *pfl = opaque; 952 953 /* This is called after bdrv_invalidate_cache_all. */ 954 qemu_del_vm_change_state_handler(pfl->vmstate); 955 pfl->vmstate = NULL; 956 957 DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name); 958 pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs); 959 } 960 961 static int pflash_post_load(void *opaque, int version_id) 962 { 963 pflash_t *pfl = opaque; 964 965 if (!pfl->ro) { 966 pfl->vmstate = qemu_add_vm_change_state_handler(postload_update_cb, 967 pfl); 968 } 969 return 0; 970 } 971