xref: /openbmc/qemu/hw/block/pflash_cfi01.c (revision fcf5ef2a)
1 /*
2  *  CFI parallel flash with Intel command set emulation
3  *
4  *  Copyright (c) 2006 Thorsten Zitterell
5  *  Copyright (c) 2005 Jocelyn Mayer
6  *
7  * This library is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation; either
10  * version 2 of the License, or (at your option) any later version.
11  *
12  * This library is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19  */
20 
21 /*
22  * For now, this code can emulate flashes of 1, 2 or 4 bytes width.
23  * Supported commands/modes are:
24  * - flash read
25  * - flash write
26  * - flash ID read
27  * - sector erase
28  * - CFI queries
29  *
30  * It does not support timings
31  * It does not support flash interleaving
32  * It does not implement software data protection as found in many real chips
33  * It does not implement erase suspend/resume commands
34  * It does not implement multiple sectors erase
35  *
36  * It does not implement much more ...
37  */
38 
39 #include "qemu/osdep.h"
40 #include "hw/hw.h"
41 #include "hw/block/flash.h"
42 #include "sysemu/block-backend.h"
43 #include "qapi/error.h"
44 #include "qemu/timer.h"
45 #include "qemu/bitops.h"
46 #include "exec/address-spaces.h"
47 #include "qemu/host-utils.h"
48 #include "qemu/log.h"
49 #include "hw/sysbus.h"
50 #include "sysemu/sysemu.h"
51 
52 #define PFLASH_BUG(fmt, ...) \
53 do { \
54     fprintf(stderr, "PFLASH: Possible BUG - " fmt, ## __VA_ARGS__); \
55     exit(1); \
56 } while(0)
57 
58 /* #define PFLASH_DEBUG */
59 #ifdef PFLASH_DEBUG
60 #define DPRINTF(fmt, ...)                                   \
61 do {                                                        \
62     fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__);       \
63 } while (0)
64 #else
65 #define DPRINTF(fmt, ...) do { } while (0)
66 #endif
67 
68 #define CFI_PFLASH01(obj) OBJECT_CHECK(pflash_t, (obj), TYPE_CFI_PFLASH01)
69 
70 #define PFLASH_BE          0
71 #define PFLASH_SECURE      1
72 
73 struct pflash_t {
74     /*< private >*/
75     SysBusDevice parent_obj;
76     /*< public >*/
77 
78     BlockBackend *blk;
79     uint32_t nb_blocs;
80     uint64_t sector_len;
81     uint8_t bank_width;
82     uint8_t device_width; /* If 0, device width not specified. */
83     uint8_t max_device_width;  /* max device width in bytes */
84     uint32_t features;
85     uint8_t wcycle; /* if 0, the flash is read normally */
86     int ro;
87     uint8_t cmd;
88     uint8_t status;
89     uint16_t ident0;
90     uint16_t ident1;
91     uint16_t ident2;
92     uint16_t ident3;
93     uint8_t cfi_len;
94     uint8_t cfi_table[0x52];
95     uint64_t counter;
96     unsigned int writeblock_size;
97     QEMUTimer *timer;
98     MemoryRegion mem;
99     char *name;
100     void *storage;
101     VMChangeStateEntry *vmstate;
102 };
103 
104 static int pflash_post_load(void *opaque, int version_id);
105 
106 static const VMStateDescription vmstate_pflash = {
107     .name = "pflash_cfi01",
108     .version_id = 1,
109     .minimum_version_id = 1,
110     .post_load = pflash_post_load,
111     .fields = (VMStateField[]) {
112         VMSTATE_UINT8(wcycle, pflash_t),
113         VMSTATE_UINT8(cmd, pflash_t),
114         VMSTATE_UINT8(status, pflash_t),
115         VMSTATE_UINT64(counter, pflash_t),
116         VMSTATE_END_OF_LIST()
117     }
118 };
119 
120 static void pflash_timer (void *opaque)
121 {
122     pflash_t *pfl = opaque;
123 
124     DPRINTF("%s: command %02x done\n", __func__, pfl->cmd);
125     /* Reset flash */
126     pfl->status ^= 0x80;
127     memory_region_rom_device_set_romd(&pfl->mem, true);
128     pfl->wcycle = 0;
129     pfl->cmd = 0;
130 }
131 
132 /* Perform a CFI query based on the bank width of the flash.
133  * If this code is called we know we have a device_width set for
134  * this flash.
135  */
136 static uint32_t pflash_cfi_query(pflash_t *pfl, hwaddr offset)
137 {
138     int i;
139     uint32_t resp = 0;
140     hwaddr boff;
141 
142     /* Adjust incoming offset to match expected device-width
143      * addressing. CFI query addresses are always specified in terms of
144      * the maximum supported width of the device.  This means that x8
145      * devices and x8/x16 devices in x8 mode behave differently.  For
146      * devices that are not used at their max width, we will be
147      * provided with addresses that use higher address bits than
148      * expected (based on the max width), so we will shift them lower
149      * so that they will match the addresses used when
150      * device_width==max_device_width.
151      */
152     boff = offset >> (ctz32(pfl->bank_width) +
153                       ctz32(pfl->max_device_width) - ctz32(pfl->device_width));
154 
155     if (boff > pfl->cfi_len) {
156         return 0;
157     }
158     /* Now we will construct the CFI response generated by a single
159      * device, then replicate that for all devices that make up the
160      * bus.  For wide parts used in x8 mode, CFI query responses
161      * are different than native byte-wide parts.
162      */
163     resp = pfl->cfi_table[boff];
164     if (pfl->device_width != pfl->max_device_width) {
165         /* The only case currently supported is x8 mode for a
166          * wider part.
167          */
168         if (pfl->device_width != 1 || pfl->bank_width > 4) {
169             DPRINTF("%s: Unsupported device configuration: "
170                     "device_width=%d, max_device_width=%d\n",
171                     __func__, pfl->device_width,
172                     pfl->max_device_width);
173             return 0;
174         }
175         /* CFI query data is repeated, rather than zero padded for
176          * wide devices used in x8 mode.
177          */
178         for (i = 1; i < pfl->max_device_width; i++) {
179             resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]);
180         }
181     }
182     /* Replicate responses for each device in bank. */
183     if (pfl->device_width < pfl->bank_width) {
184         for (i = pfl->device_width;
185              i < pfl->bank_width; i += pfl->device_width) {
186             resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp);
187         }
188     }
189 
190     return resp;
191 }
192 
193 
194 
195 /* Perform a device id query based on the bank width of the flash. */
196 static uint32_t pflash_devid_query(pflash_t *pfl, hwaddr offset)
197 {
198     int i;
199     uint32_t resp;
200     hwaddr boff;
201 
202     /* Adjust incoming offset to match expected device-width
203      * addressing. Device ID read addresses are always specified in
204      * terms of the maximum supported width of the device.  This means
205      * that x8 devices and x8/x16 devices in x8 mode behave
206      * differently. For devices that are not used at their max width,
207      * we will be provided with addresses that use higher address bits
208      * than expected (based on the max width), so we will shift them
209      * lower so that they will match the addresses used when
210      * device_width==max_device_width.
211      */
212     boff = offset >> (ctz32(pfl->bank_width) +
213                       ctz32(pfl->max_device_width) - ctz32(pfl->device_width));
214 
215     /* Mask off upper bits which may be used in to query block
216      * or sector lock status at other addresses.
217      * Offsets 2/3 are block lock status, is not emulated.
218      */
219     switch (boff & 0xFF) {
220     case 0:
221         resp = pfl->ident0;
222         DPRINTF("%s: Manufacturer Code %04x\n", __func__, resp);
223         break;
224     case 1:
225         resp = pfl->ident1;
226         DPRINTF("%s: Device ID Code %04x\n", __func__, resp);
227         break;
228     default:
229         DPRINTF("%s: Read Device Information offset=%x\n", __func__,
230                 (unsigned)offset);
231         return 0;
232         break;
233     }
234     /* Replicate responses for each device in bank. */
235     if (pfl->device_width < pfl->bank_width) {
236         for (i = pfl->device_width;
237               i < pfl->bank_width; i += pfl->device_width) {
238             resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp);
239         }
240     }
241 
242     return resp;
243 }
244 
245 static uint32_t pflash_data_read(pflash_t *pfl, hwaddr offset,
246                                  int width, int be)
247 {
248     uint8_t *p;
249     uint32_t ret;
250 
251     p = pfl->storage;
252     switch (width) {
253     case 1:
254         ret = p[offset];
255         DPRINTF("%s: data offset " TARGET_FMT_plx " %02x\n",
256                 __func__, offset, ret);
257         break;
258     case 2:
259         if (be) {
260             ret = p[offset] << 8;
261             ret |= p[offset + 1];
262         } else {
263             ret = p[offset];
264             ret |= p[offset + 1] << 8;
265         }
266         DPRINTF("%s: data offset " TARGET_FMT_plx " %04x\n",
267                 __func__, offset, ret);
268         break;
269     case 4:
270         if (be) {
271             ret = p[offset] << 24;
272             ret |= p[offset + 1] << 16;
273             ret |= p[offset + 2] << 8;
274             ret |= p[offset + 3];
275         } else {
276             ret = p[offset];
277             ret |= p[offset + 1] << 8;
278             ret |= p[offset + 2] << 16;
279             ret |= p[offset + 3] << 24;
280         }
281         DPRINTF("%s: data offset " TARGET_FMT_plx " %08x\n",
282                 __func__, offset, ret);
283         break;
284     default:
285         DPRINTF("BUG in %s\n", __func__);
286         abort();
287     }
288     return ret;
289 }
290 
291 static uint32_t pflash_read (pflash_t *pfl, hwaddr offset,
292                              int width, int be)
293 {
294     hwaddr boff;
295     uint32_t ret;
296 
297     ret = -1;
298 
299 #if 0
300     DPRINTF("%s: reading offset " TARGET_FMT_plx " under cmd %02x width %d\n",
301             __func__, offset, pfl->cmd, width);
302 #endif
303     switch (pfl->cmd) {
304     default:
305         /* This should never happen : reset state & treat it as a read */
306         DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd);
307         pfl->wcycle = 0;
308         pfl->cmd = 0;
309         /* fall through to read code */
310     case 0x00:
311         /* Flash area read */
312         ret = pflash_data_read(pfl, offset, width, be);
313         break;
314     case 0x10: /* Single byte program */
315     case 0x20: /* Block erase */
316     case 0x28: /* Block erase */
317     case 0x40: /* single byte program */
318     case 0x50: /* Clear status register */
319     case 0x60: /* Block /un)lock */
320     case 0x70: /* Status Register */
321     case 0xe8: /* Write block */
322         /* Status register read.  Return status from each device in
323          * bank.
324          */
325         ret = pfl->status;
326         if (pfl->device_width && width > pfl->device_width) {
327             int shift = pfl->device_width * 8;
328             while (shift + pfl->device_width * 8 <= width * 8) {
329                 ret |= pfl->status << shift;
330                 shift += pfl->device_width * 8;
331             }
332         } else if (!pfl->device_width && width > 2) {
333             /* Handle 32 bit flash cases where device width is not
334              * set. (Existing behavior before device width added.)
335              */
336             ret |= pfl->status << 16;
337         }
338         DPRINTF("%s: status %x\n", __func__, ret);
339         break;
340     case 0x90:
341         if (!pfl->device_width) {
342             /* Preserve old behavior if device width not specified */
343             boff = offset & 0xFF;
344             if (pfl->bank_width == 2) {
345                 boff = boff >> 1;
346             } else if (pfl->bank_width == 4) {
347                 boff = boff >> 2;
348             }
349 
350             switch (boff) {
351             case 0:
352                 ret = pfl->ident0 << 8 | pfl->ident1;
353                 DPRINTF("%s: Manufacturer Code %04x\n", __func__, ret);
354                 break;
355             case 1:
356                 ret = pfl->ident2 << 8 | pfl->ident3;
357                 DPRINTF("%s: Device ID Code %04x\n", __func__, ret);
358                 break;
359             default:
360                 DPRINTF("%s: Read Device Information boff=%x\n", __func__,
361                         (unsigned)boff);
362                 ret = 0;
363                 break;
364             }
365         } else {
366             /* If we have a read larger than the bank_width, combine multiple
367              * manufacturer/device ID queries into a single response.
368              */
369             int i;
370             for (i = 0; i < width; i += pfl->bank_width) {
371                 ret = deposit32(ret, i * 8, pfl->bank_width * 8,
372                                 pflash_devid_query(pfl,
373                                                  offset + i * pfl->bank_width));
374             }
375         }
376         break;
377     case 0x98: /* Query mode */
378         if (!pfl->device_width) {
379             /* Preserve old behavior if device width not specified */
380             boff = offset & 0xFF;
381             if (pfl->bank_width == 2) {
382                 boff = boff >> 1;
383             } else if (pfl->bank_width == 4) {
384                 boff = boff >> 2;
385             }
386 
387             if (boff > pfl->cfi_len) {
388                 ret = 0;
389             } else {
390                 ret = pfl->cfi_table[boff];
391             }
392         } else {
393             /* If we have a read larger than the bank_width, combine multiple
394              * CFI queries into a single response.
395              */
396             int i;
397             for (i = 0; i < width; i += pfl->bank_width) {
398                 ret = deposit32(ret, i * 8, pfl->bank_width * 8,
399                                 pflash_cfi_query(pfl,
400                                                  offset + i * pfl->bank_width));
401             }
402         }
403 
404         break;
405     }
406     return ret;
407 }
408 
409 /* update flash content on disk */
410 static void pflash_update(pflash_t *pfl, int offset,
411                           int size)
412 {
413     int offset_end;
414     if (pfl->blk) {
415         offset_end = offset + size;
416         /* widen to sector boundaries */
417         offset = QEMU_ALIGN_DOWN(offset, BDRV_SECTOR_SIZE);
418         offset_end = QEMU_ALIGN_UP(offset_end, BDRV_SECTOR_SIZE);
419         blk_pwrite(pfl->blk, offset, pfl->storage + offset,
420                    offset_end - offset, 0);
421     }
422 }
423 
424 static inline void pflash_data_write(pflash_t *pfl, hwaddr offset,
425                                      uint32_t value, int width, int be)
426 {
427     uint8_t *p = pfl->storage;
428 
429     DPRINTF("%s: block write offset " TARGET_FMT_plx
430             " value %x counter %016" PRIx64 "\n",
431             __func__, offset, value, pfl->counter);
432     switch (width) {
433     case 1:
434         p[offset] = value;
435         break;
436     case 2:
437         if (be) {
438             p[offset] = value >> 8;
439             p[offset + 1] = value;
440         } else {
441             p[offset] = value;
442             p[offset + 1] = value >> 8;
443         }
444         break;
445     case 4:
446         if (be) {
447             p[offset] = value >> 24;
448             p[offset + 1] = value >> 16;
449             p[offset + 2] = value >> 8;
450             p[offset + 3] = value;
451         } else {
452             p[offset] = value;
453             p[offset + 1] = value >> 8;
454             p[offset + 2] = value >> 16;
455             p[offset + 3] = value >> 24;
456         }
457         break;
458     }
459 
460 }
461 
462 static void pflash_write(pflash_t *pfl, hwaddr offset,
463                          uint32_t value, int width, int be)
464 {
465     uint8_t *p;
466     uint8_t cmd;
467 
468     cmd = value;
469 
470     DPRINTF("%s: writing offset " TARGET_FMT_plx " value %08x width %d wcycle 0x%x\n",
471             __func__, offset, value, width, pfl->wcycle);
472 
473     if (!pfl->wcycle) {
474         /* Set the device in I/O access mode */
475         memory_region_rom_device_set_romd(&pfl->mem, false);
476     }
477 
478     switch (pfl->wcycle) {
479     case 0:
480         /* read mode */
481         switch (cmd) {
482         case 0x00: /* ??? */
483             goto reset_flash;
484         case 0x10: /* Single Byte Program */
485         case 0x40: /* Single Byte Program */
486             DPRINTF("%s: Single Byte Program\n", __func__);
487             break;
488         case 0x20: /* Block erase */
489             p = pfl->storage;
490             offset &= ~(pfl->sector_len - 1);
491 
492             DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n",
493                     __func__, offset, (unsigned)pfl->sector_len);
494 
495             if (!pfl->ro) {
496                 memset(p + offset, 0xff, pfl->sector_len);
497                 pflash_update(pfl, offset, pfl->sector_len);
498             } else {
499                 pfl->status |= 0x20; /* Block erase error */
500             }
501             pfl->status |= 0x80; /* Ready! */
502             break;
503         case 0x50: /* Clear status bits */
504             DPRINTF("%s: Clear status bits\n", __func__);
505             pfl->status = 0x0;
506             goto reset_flash;
507         case 0x60: /* Block (un)lock */
508             DPRINTF("%s: Block unlock\n", __func__);
509             break;
510         case 0x70: /* Status Register */
511             DPRINTF("%s: Read status register\n", __func__);
512             pfl->cmd = cmd;
513             return;
514         case 0x90: /* Read Device ID */
515             DPRINTF("%s: Read Device information\n", __func__);
516             pfl->cmd = cmd;
517             return;
518         case 0x98: /* CFI query */
519             DPRINTF("%s: CFI query\n", __func__);
520             break;
521         case 0xe8: /* Write to buffer */
522             DPRINTF("%s: Write to buffer\n", __func__);
523             pfl->status |= 0x80; /* Ready! */
524             break;
525         case 0xf0: /* Probe for AMD flash */
526             DPRINTF("%s: Probe for AMD flash\n", __func__);
527             goto reset_flash;
528         case 0xff: /* Read array mode */
529             DPRINTF("%s: Read array mode\n", __func__);
530             goto reset_flash;
531         default:
532             goto error_flash;
533         }
534         pfl->wcycle++;
535         pfl->cmd = cmd;
536         break;
537     case 1:
538         switch (pfl->cmd) {
539         case 0x10: /* Single Byte Program */
540         case 0x40: /* Single Byte Program */
541             DPRINTF("%s: Single Byte Program\n", __func__);
542             if (!pfl->ro) {
543                 pflash_data_write(pfl, offset, value, width, be);
544                 pflash_update(pfl, offset, width);
545             } else {
546                 pfl->status |= 0x10; /* Programming error */
547             }
548             pfl->status |= 0x80; /* Ready! */
549             pfl->wcycle = 0;
550         break;
551         case 0x20: /* Block erase */
552         case 0x28:
553             if (cmd == 0xd0) { /* confirm */
554                 pfl->wcycle = 0;
555                 pfl->status |= 0x80;
556             } else if (cmd == 0xff) { /* read array mode */
557                 goto reset_flash;
558             } else
559                 goto error_flash;
560 
561             break;
562         case 0xe8:
563             /* Mask writeblock size based on device width, or bank width if
564              * device width not specified.
565              */
566             if (pfl->device_width) {
567                 value = extract32(value, 0, pfl->device_width * 8);
568             } else {
569                 value = extract32(value, 0, pfl->bank_width * 8);
570             }
571             DPRINTF("%s: block write of %x bytes\n", __func__, value);
572             pfl->counter = value;
573             pfl->wcycle++;
574             break;
575         case 0x60:
576             if (cmd == 0xd0) {
577                 pfl->wcycle = 0;
578                 pfl->status |= 0x80;
579             } else if (cmd == 0x01) {
580                 pfl->wcycle = 0;
581                 pfl->status |= 0x80;
582             } else if (cmd == 0xff) {
583                 goto reset_flash;
584             } else {
585                 DPRINTF("%s: Unknown (un)locking command\n", __func__);
586                 goto reset_flash;
587             }
588             break;
589         case 0x98:
590             if (cmd == 0xff) {
591                 goto reset_flash;
592             } else {
593                 DPRINTF("%s: leaving query mode\n", __func__);
594             }
595             break;
596         default:
597             goto error_flash;
598         }
599         break;
600     case 2:
601         switch (pfl->cmd) {
602         case 0xe8: /* Block write */
603             if (!pfl->ro) {
604                 pflash_data_write(pfl, offset, value, width, be);
605             } else {
606                 pfl->status |= 0x10; /* Programming error */
607             }
608 
609             pfl->status |= 0x80;
610 
611             if (!pfl->counter) {
612                 hwaddr mask = pfl->writeblock_size - 1;
613                 mask = ~mask;
614 
615                 DPRINTF("%s: block write finished\n", __func__);
616                 pfl->wcycle++;
617                 if (!pfl->ro) {
618                     /* Flush the entire write buffer onto backing storage.  */
619                     pflash_update(pfl, offset & mask, pfl->writeblock_size);
620                 } else {
621                     pfl->status |= 0x10; /* Programming error */
622                 }
623             }
624 
625             pfl->counter--;
626             break;
627         default:
628             goto error_flash;
629         }
630         break;
631     case 3: /* Confirm mode */
632         switch (pfl->cmd) {
633         case 0xe8: /* Block write */
634             if (cmd == 0xd0) {
635                 pfl->wcycle = 0;
636                 pfl->status |= 0x80;
637             } else {
638                 DPRINTF("%s: unknown command for \"write block\"\n", __func__);
639                 PFLASH_BUG("Write block confirm");
640                 goto reset_flash;
641             }
642             break;
643         default:
644             goto error_flash;
645         }
646         break;
647     default:
648         /* Should never happen */
649         DPRINTF("%s: invalid write state\n",  __func__);
650         goto reset_flash;
651     }
652     return;
653 
654  error_flash:
655     qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence "
656                   "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)"
657                   "\n", __func__, offset, pfl->wcycle, pfl->cmd, value);
658 
659  reset_flash:
660     memory_region_rom_device_set_romd(&pfl->mem, true);
661 
662     pfl->wcycle = 0;
663     pfl->cmd = 0;
664 }
665 
666 
667 static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value,
668                                               unsigned len, MemTxAttrs attrs)
669 {
670     pflash_t *pfl = opaque;
671     bool be = !!(pfl->features & (1 << PFLASH_BE));
672 
673     if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) {
674         *value = pflash_data_read(opaque, addr, len, be);
675     } else {
676         *value = pflash_read(opaque, addr, len, be);
677     }
678     return MEMTX_OK;
679 }
680 
681 static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value,
682                                                unsigned len, MemTxAttrs attrs)
683 {
684     pflash_t *pfl = opaque;
685     bool be = !!(pfl->features & (1 << PFLASH_BE));
686 
687     if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) {
688         return MEMTX_ERROR;
689     } else {
690         pflash_write(opaque, addr, value, len, be);
691         return MEMTX_OK;
692     }
693 }
694 
695 static const MemoryRegionOps pflash_cfi01_ops = {
696     .read_with_attrs = pflash_mem_read_with_attrs,
697     .write_with_attrs = pflash_mem_write_with_attrs,
698     .endianness = DEVICE_NATIVE_ENDIAN,
699 };
700 
701 static void pflash_cfi01_realize(DeviceState *dev, Error **errp)
702 {
703     pflash_t *pfl = CFI_PFLASH01(dev);
704     uint64_t total_len;
705     int ret;
706     uint64_t blocks_per_device, device_len;
707     int num_devices;
708     Error *local_err = NULL;
709 
710     total_len = pfl->sector_len * pfl->nb_blocs;
711 
712     /* These are only used to expose the parameters of each device
713      * in the cfi_table[].
714      */
715     num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1;
716     blocks_per_device = pfl->nb_blocs / num_devices;
717     device_len = pfl->sector_len * blocks_per_device;
718 
719     /* XXX: to be fixed */
720 #if 0
721     if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) &&
722         total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024))
723         return NULL;
724 #endif
725 
726     memory_region_init_rom_device(
727         &pfl->mem, OBJECT(dev),
728         &pflash_cfi01_ops,
729         pfl,
730         pfl->name, total_len, &local_err);
731     if (local_err) {
732         error_propagate(errp, local_err);
733         return;
734     }
735 
736     vmstate_register_ram(&pfl->mem, DEVICE(pfl));
737     pfl->storage = memory_region_get_ram_ptr(&pfl->mem);
738     sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem);
739 
740     if (pfl->blk) {
741         /* read the initial flash content */
742         ret = blk_pread(pfl->blk, 0, pfl->storage, total_len);
743 
744         if (ret < 0) {
745             vmstate_unregister_ram(&pfl->mem, DEVICE(pfl));
746             error_setg(errp, "failed to read the initial flash content");
747             return;
748         }
749     }
750 
751     if (pfl->blk) {
752         pfl->ro = blk_is_read_only(pfl->blk);
753     } else {
754         pfl->ro = 0;
755     }
756 
757     /* Default to devices being used at their maximum device width. This was
758      * assumed before the device_width support was added.
759      */
760     if (!pfl->max_device_width) {
761         pfl->max_device_width = pfl->device_width;
762     }
763 
764     pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl);
765     pfl->wcycle = 0;
766     pfl->cmd = 0;
767     pfl->status = 0;
768     /* Hardcoded CFI table */
769     pfl->cfi_len = 0x52;
770     /* Standard "QRY" string */
771     pfl->cfi_table[0x10] = 'Q';
772     pfl->cfi_table[0x11] = 'R';
773     pfl->cfi_table[0x12] = 'Y';
774     /* Command set (Intel) */
775     pfl->cfi_table[0x13] = 0x01;
776     pfl->cfi_table[0x14] = 0x00;
777     /* Primary extended table address (none) */
778     pfl->cfi_table[0x15] = 0x31;
779     pfl->cfi_table[0x16] = 0x00;
780     /* Alternate command set (none) */
781     pfl->cfi_table[0x17] = 0x00;
782     pfl->cfi_table[0x18] = 0x00;
783     /* Alternate extended table (none) */
784     pfl->cfi_table[0x19] = 0x00;
785     pfl->cfi_table[0x1A] = 0x00;
786     /* Vcc min */
787     pfl->cfi_table[0x1B] = 0x45;
788     /* Vcc max */
789     pfl->cfi_table[0x1C] = 0x55;
790     /* Vpp min (no Vpp pin) */
791     pfl->cfi_table[0x1D] = 0x00;
792     /* Vpp max (no Vpp pin) */
793     pfl->cfi_table[0x1E] = 0x00;
794     /* Reserved */
795     pfl->cfi_table[0x1F] = 0x07;
796     /* Timeout for min size buffer write */
797     pfl->cfi_table[0x20] = 0x07;
798     /* Typical timeout for block erase */
799     pfl->cfi_table[0x21] = 0x0a;
800     /* Typical timeout for full chip erase (4096 ms) */
801     pfl->cfi_table[0x22] = 0x00;
802     /* Reserved */
803     pfl->cfi_table[0x23] = 0x04;
804     /* Max timeout for buffer write */
805     pfl->cfi_table[0x24] = 0x04;
806     /* Max timeout for block erase */
807     pfl->cfi_table[0x25] = 0x04;
808     /* Max timeout for chip erase */
809     pfl->cfi_table[0x26] = 0x00;
810     /* Device size */
811     pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */
812     /* Flash device interface (8 & 16 bits) */
813     pfl->cfi_table[0x28] = 0x02;
814     pfl->cfi_table[0x29] = 0x00;
815     /* Max number of bytes in multi-bytes write */
816     if (pfl->bank_width == 1) {
817         pfl->cfi_table[0x2A] = 0x08;
818     } else {
819         pfl->cfi_table[0x2A] = 0x0B;
820     }
821     pfl->writeblock_size = 1 << pfl->cfi_table[0x2A];
822 
823     pfl->cfi_table[0x2B] = 0x00;
824     /* Number of erase block regions (uniform) */
825     pfl->cfi_table[0x2C] = 0x01;
826     /* Erase block region 1 */
827     pfl->cfi_table[0x2D] = blocks_per_device - 1;
828     pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8;
829     pfl->cfi_table[0x2F] = pfl->sector_len >> 8;
830     pfl->cfi_table[0x30] = pfl->sector_len >> 16;
831 
832     /* Extended */
833     pfl->cfi_table[0x31] = 'P';
834     pfl->cfi_table[0x32] = 'R';
835     pfl->cfi_table[0x33] = 'I';
836 
837     pfl->cfi_table[0x34] = '1';
838     pfl->cfi_table[0x35] = '0';
839 
840     pfl->cfi_table[0x36] = 0x00;
841     pfl->cfi_table[0x37] = 0x00;
842     pfl->cfi_table[0x38] = 0x00;
843     pfl->cfi_table[0x39] = 0x00;
844 
845     pfl->cfi_table[0x3a] = 0x00;
846 
847     pfl->cfi_table[0x3b] = 0x00;
848     pfl->cfi_table[0x3c] = 0x00;
849 
850     pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */
851 }
852 
853 static Property pflash_cfi01_properties[] = {
854     DEFINE_PROP_DRIVE("drive", struct pflash_t, blk),
855     /* num-blocks is the number of blocks actually visible to the guest,
856      * ie the total size of the device divided by the sector length.
857      * If we're emulating flash devices wired in parallel the actual
858      * number of blocks per indvidual device will differ.
859      */
860     DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0),
861     DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0),
862     /* width here is the overall width of this QEMU device in bytes.
863      * The QEMU device may be emulating a number of flash devices
864      * wired up in parallel; the width of each individual flash
865      * device should be specified via device-width. If the individual
866      * devices have a maximum width which is greater than the width
867      * they are being used for, this maximum width should be set via
868      * max-device-width (which otherwise defaults to device-width).
869      * So for instance a 32-bit wide QEMU flash device made from four
870      * 16-bit flash devices used in 8-bit wide mode would be configured
871      * with width = 4, device-width = 1, max-device-width = 2.
872      *
873      * If device-width is not specified we default to backwards
874      * compatible behaviour which is a bad emulation of two
875      * 16 bit devices making up a 32 bit wide QEMU device. This
876      * is deprecated for new uses of this device.
877      */
878     DEFINE_PROP_UINT8("width", struct pflash_t, bank_width, 0),
879     DEFINE_PROP_UINT8("device-width", struct pflash_t, device_width, 0),
880     DEFINE_PROP_UINT8("max-device-width", struct pflash_t, max_device_width, 0),
881     DEFINE_PROP_BIT("big-endian", struct pflash_t, features, PFLASH_BE, 0),
882     DEFINE_PROP_BIT("secure", struct pflash_t, features, PFLASH_SECURE, 0),
883     DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0),
884     DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0),
885     DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0),
886     DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0),
887     DEFINE_PROP_STRING("name", struct pflash_t, name),
888     DEFINE_PROP_END_OF_LIST(),
889 };
890 
891 static void pflash_cfi01_class_init(ObjectClass *klass, void *data)
892 {
893     DeviceClass *dc = DEVICE_CLASS(klass);
894 
895     dc->realize = pflash_cfi01_realize;
896     dc->props = pflash_cfi01_properties;
897     dc->vmsd = &vmstate_pflash;
898     set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
899 }
900 
901 
902 static const TypeInfo pflash_cfi01_info = {
903     .name           = TYPE_CFI_PFLASH01,
904     .parent         = TYPE_SYS_BUS_DEVICE,
905     .instance_size  = sizeof(struct pflash_t),
906     .class_init     = pflash_cfi01_class_init,
907 };
908 
909 static void pflash_cfi01_register_types(void)
910 {
911     type_register_static(&pflash_cfi01_info);
912 }
913 
914 type_init(pflash_cfi01_register_types)
915 
916 pflash_t *pflash_cfi01_register(hwaddr base,
917                                 DeviceState *qdev, const char *name,
918                                 hwaddr size,
919                                 BlockBackend *blk,
920                                 uint32_t sector_len, int nb_blocs,
921                                 int bank_width, uint16_t id0, uint16_t id1,
922                                 uint16_t id2, uint16_t id3, int be)
923 {
924     DeviceState *dev = qdev_create(NULL, TYPE_CFI_PFLASH01);
925 
926     if (blk) {
927         qdev_prop_set_drive(dev, "drive", blk, &error_abort);
928     }
929     qdev_prop_set_uint32(dev, "num-blocks", nb_blocs);
930     qdev_prop_set_uint64(dev, "sector-length", sector_len);
931     qdev_prop_set_uint8(dev, "width", bank_width);
932     qdev_prop_set_bit(dev, "big-endian", !!be);
933     qdev_prop_set_uint16(dev, "id0", id0);
934     qdev_prop_set_uint16(dev, "id1", id1);
935     qdev_prop_set_uint16(dev, "id2", id2);
936     qdev_prop_set_uint16(dev, "id3", id3);
937     qdev_prop_set_string(dev, "name", name);
938     qdev_init_nofail(dev);
939 
940     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
941     return CFI_PFLASH01(dev);
942 }
943 
944 MemoryRegion *pflash_cfi01_get_memory(pflash_t *fl)
945 {
946     return &fl->mem;
947 }
948 
949 static void postload_update_cb(void *opaque, int running, RunState state)
950 {
951     pflash_t *pfl = opaque;
952 
953     /* This is called after bdrv_invalidate_cache_all.  */
954     qemu_del_vm_change_state_handler(pfl->vmstate);
955     pfl->vmstate = NULL;
956 
957     DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name);
958     pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs);
959 }
960 
961 static int pflash_post_load(void *opaque, int version_id)
962 {
963     pflash_t *pfl = opaque;
964 
965     if (!pfl->ro) {
966         pfl->vmstate = qemu_add_vm_change_state_handler(postload_update_cb,
967                                                         pfl);
968     }
969     return 0;
970 }
971