]> git.proxmox.com Git - mirror_qemu.git/blame - hw/block/pflash_cfi01.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
sysbus: Convert to sysbus_realize() etc. with Coccinelle
[mirror_qemu.git] / hw / block / pflash_cfi01.c
CommitLineData
05ee37eb
AZ		 1/*
2 * CFI parallel flash with Intel command set emulation
3 *
4 * Copyright (c) 2006 Thorsten Zitterell
5 * Copyright (c) 2005 Jocelyn Mayer
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
8167ee88 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
05ee37eb
AZ		 19 */
20
21/*
22 * For now, this code can emulate flashes of 1, 2 or 4 bytes width.
23 * Supported commands/modes are:
24 * - flash read
25 * - flash write
26 * - flash ID read
27 * - sector erase
28 * - CFI queries
29 *
30 * It does not support timings
31 * It does not support flash interleaving
32 * It does not implement software data protection as found in many real chips
33 * It does not implement erase suspend/resume commands
34 * It does not implement multiple sectors erase
35 *
36 * It does not implement much more ...
37 */
38
80c71a24 39#include "qemu/osdep.h"
06f15217 40#include "hw/block/block.h"
0d09e41a 41#include "hw/block/flash.h"
a27bd6c7 42#include "hw/qdev-properties.h"
4be74634 43#include "sysemu/block-backend.h"
da34e65c 44#include "qapi/error.h"
1857b9db 45#include "qemu/error-report.h"
1997b485 46#include "qemu/bitops.h"
2d731dbd 47#include "qemu/error-report.h"
1de7afc9 48#include "qemu/host-utils.h"
03dd024f 49#include "qemu/log.h"
0b8fa32f 50#include "qemu/module.h"
2d731dbd 51#include "qemu/option.h"
83c9f4ca 52#include "hw/sysbus.h"
d6454270 53#include "migration/vmstate.h"
2d731dbd 54#include "sysemu/blockdev.h"
54d31236 55#include "sysemu/runstate.h"
13019f1f 56#include "trace.h"
05ee37eb 57
05ee37eb
AZ		 58/* #define PFLASH_DEBUG */
59#ifdef PFLASH_DEBUG
ec9ea489
PC		 60#define DPRINTF(fmt, ...) \
61do { \
62 fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \
05ee37eb
AZ		 63} while (0)
64#else
001faf32 65#define DPRINTF(fmt, ...) do { } while (0)
05ee37eb
AZ		 66#endif
67
e9809422 68#define PFLASH_BE 0
f71e42a5 69#define PFLASH_SECURE 1
e9809422 70
16434065 71struct PFlashCFI01 {
f1b44f0e
HT		 72 /*< private >*/
73 SysBusDevice parent_obj;
74 /*< public >*/
75
4be74634 76 BlockBackend *blk;
368a354f
PC		 77 uint32_t nb_blocs;
78 uint64_t sector_len;
4b6fedca 79 uint8_t bank_width;
1997b485 80 uint8_t device_width; /* If 0, device width not specified. */
fa21a7b1 81 uint8_t max_device_width; /* max device width in bytes */
e9809422 82 uint32_t features;
d8d24fb7 83 uint8_t wcycle; /* if 0, the flash is read normally */
05ee37eb
AZ		 84 int ro;
85 uint8_t cmd;
86 uint8_t status;
368a354f
PC		 87 uint16_t ident0;
88 uint16_t ident1;
89 uint16_t ident2;
90 uint16_t ident3;
05ee37eb 91 uint8_t cfi_table[0x52];
d8d24fb7 92 uint64_t counter;
b4bf0a9a 93 unsigned int writeblock_size;
cfe5f011 94 MemoryRegion mem;
368a354f 95 char *name;
05ee37eb 96 void *storage;
90c647db 97 VMChangeStateEntry *vmstate;
feb0b1aa 98 bool old_multiple_chip_handling;
05ee37eb
AZ		 99};
100
4c0cfc72
LE		 101static int pflash_post_load(void *opaque, int version_id);
102
d8d24fb7
PM		 103static const VMStateDescription vmstate_pflash = {
104 .name = "pflash_cfi01",
105 .version_id = 1,
106 .minimum_version_id = 1,
4c0cfc72 107 .post_load = pflash_post_load,
d8d24fb7 108 .fields = (VMStateField[]) {
16434065
MA		 109 VMSTATE_UINT8(wcycle, PFlashCFI01),
110 VMSTATE_UINT8(cmd, PFlashCFI01),
111 VMSTATE_UINT8(status, PFlashCFI01),
112 VMSTATE_UINT64(counter, PFlashCFI01),
d8d24fb7
PM		 113 VMSTATE_END_OF_LIST()
114 }
115};
116
4433e660
RF		 117/* Perform a CFI query based on the bank width of the flash.
118 * If this code is called we know we have a device_width set for
119 * this flash.
120 */
16434065 121static uint32_t pflash_cfi_query(PFlashCFI01 *pfl, hwaddr offset)
4433e660
RF		 122{
123 int i;
124 uint32_t resp = 0;
125 hwaddr boff;
126
127 /* Adjust incoming offset to match expected device-width
128 * addressing. CFI query addresses are always specified in terms of
129 * the maximum supported width of the device. This means that x8
130 * devices and x8/x16 devices in x8 mode behave differently. For
131 * devices that are not used at their max width, we will be
132 * provided with addresses that use higher address bits than
133 * expected (based on the max width), so we will shift them lower
134 * so that they will match the addresses used when
135 * device_width==max_device_width.
136 */
137 boff = offset >> (ctz32(pfl->bank_width) +
138 ctz32(pfl->max_device_width) - ctz32(pfl->device_width));
139
07c13a71 140 if (boff >= sizeof(pfl->cfi_table)) {
4433e660
RF		 141 return 0;
142 }
143 /* Now we will construct the CFI response generated by a single
144 * device, then replicate that for all devices that make up the
145 * bus. For wide parts used in x8 mode, CFI query responses
146 * are different than native byte-wide parts.
147 */
148 resp = pfl->cfi_table[boff];
149 if (pfl->device_width != pfl->max_device_width) {
150 /* The only case currently supported is x8 mode for a
151 * wider part.
152 */
153 if (pfl->device_width != 1 || pfl->bank_width > 4) {
154 DPRINTF("%s: Unsupported device configuration: "
155 "device_width=%d, max_device_width=%d\n",
156 __func__, pfl->device_width,
157 pfl->max_device_width);
158 return 0;
159 }
160 /* CFI query data is repeated, rather than zero padded for
161 * wide devices used in x8 mode.
162 */
163 for (i = 1; i < pfl->max_device_width; i++) {
164 resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]);
165 }
166 }
167 /* Replicate responses for each device in bank. */
168 if (pfl->device_width < pfl->bank_width) {
169 for (i = pfl->device_width;
170 i < pfl->bank_width; i += pfl->device_width) {
171 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp);
172 }
173 }
174
175 return resp;
176}
177
0163a2dc
RF		 178
179
180/* Perform a device id query based on the bank width of the flash. */
16434065 181static uint32_t pflash_devid_query(PFlashCFI01 *pfl, hwaddr offset)
0163a2dc
RF		 182{
183 int i;
184 uint32_t resp;
185 hwaddr boff;
186
187 /* Adjust incoming offset to match expected device-width
188 * addressing. Device ID read addresses are always specified in
189 * terms of the maximum supported width of the device. This means
190 * that x8 devices and x8/x16 devices in x8 mode behave
191 * differently. For devices that are not used at their max width,
192 * we will be provided with addresses that use higher address bits
193 * than expected (based on the max width), so we will shift them
194 * lower so that they will match the addresses used when
195 * device_width==max_device_width.
196 */
197 boff = offset >> (ctz32(pfl->bank_width) +
198 ctz32(pfl->max_device_width) - ctz32(pfl->device_width));
199
200 /* Mask off upper bits which may be used in to query block
201 * or sector lock status at other addresses.
202 * Offsets 2/3 are block lock status, is not emulated.
203 */
204 switch (boff & 0xFF) {
205 case 0:
206 resp = pfl->ident0;
13019f1f 207 trace_pflash_manufacturer_id(resp);
0163a2dc
RF		 208 break;
209 case 1:
210 resp = pfl->ident1;
13019f1f 211 trace_pflash_device_id(resp);
0163a2dc
RF		 212 break;
213 default:
13019f1f 214 trace_pflash_device_info(offset);
0163a2dc
RF		 215 return 0;
216 break;
217 }
218 /* Replicate responses for each device in bank. */
219 if (pfl->device_width < pfl->bank_width) {
220 for (i = pfl->device_width;
221 i < pfl->bank_width; i += pfl->device_width) {
222 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp);
223 }
224 }
225
226 return resp;
227}
228
16434065 229static uint32_t pflash_data_read(PFlashCFI01 *pfl, hwaddr offset,
f71e42a5
PB		 230 int width, int be)
231{
232 uint8_t *p;
233 uint32_t ret;
234
235 p = pfl->storage;
236 switch (width) {
237 case 1:
238 ret = p[offset];
f71e42a5
PB		 239 break;
240 case 2:
241 if (be) {
242 ret = p[offset] << 8;
243 ret |= p[offset + 1];
244 } else {
245 ret = p[offset];
246 ret |= p[offset + 1] << 8;
247 }
f71e42a5
PB		 248 break;
249 case 4:
250 if (be) {
251 ret = p[offset] << 24;
252 ret |= p[offset + 1] << 16;
253 ret |= p[offset + 2] << 8;
254 ret |= p[offset + 3];
255 } else {
256 ret = p[offset];
257 ret |= p[offset + 1] << 8;
258 ret |= p[offset + 2] << 16;
259 ret |= p[offset + 3] << 24;
260 }
f71e42a5
PB		 261 break;
262 default:
263 DPRINTF("BUG in %s\n", __func__);
264 abort();
265 }
10f9f1fb 266 trace_pflash_data_read(offset, width, ret);
f71e42a5
PB		 267 return ret;
268}
269
16434065
MA		 270static uint32_t pflash_read(PFlashCFI01 *pfl, hwaddr offset,
271 int width, int be)
05ee37eb 272{
a8170e5e 273 hwaddr boff;
05ee37eb 274 uint32_t ret;
05ee37eb
AZ		 275
276 ret = -1;
05ee37eb 277 switch (pfl->cmd) {
1be97bf2
PM		 278 default:
279 /* This should never happen : reset state & treat it as a read */
280 DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd);
281 pfl->wcycle = 0;
aba53a12
PMD		 282 /*
283 * The command 0x00 is not assigned by the CFI open standard,
284 * but QEMU historically uses it for the READ_ARRAY command (0xff).
285 */
286 pfl->cmd = 0x00;
1be97bf2 287 /* fall through to read code */
aba53a12 288 case 0x00: /* This model reset value for READ_ARRAY (not CFI compliant) */
05ee37eb 289 /* Flash area read */
f71e42a5 290 ret = pflash_data_read(pfl, offset, width, be);
05ee37eb 291 break;
6e392787 292 case 0x10: /* Single byte program */
05ee37eb 293 case 0x20: /* Block erase */
6e392787
PM		 294 case 0x28: /* Block erase */
295 case 0x40: /* single byte program */
05ee37eb
AZ		 296 case 0x50: /* Clear status register */
297 case 0x60: /* Block /un)lock */
298 case 0x70: /* Status Register */
299 case 0xe8: /* Write block */
2003889f
RF		 300 /* Status register read. Return status from each device in
301 * bank.
302 */
05ee37eb 303 ret = pfl->status;
2003889f
RF		 304 if (pfl->device_width && width > pfl->device_width) {
305 int shift = pfl->device_width * 8;
306 while (shift + pfl->device_width * 8 <= width * 8) {
307 ret |= pfl->status << shift;
308 shift += pfl->device_width * 8;
309 }
310 } else if (!pfl->device_width && width > 2) {
311 /* Handle 32 bit flash cases where device width is not
312 * set. (Existing behavior before device width added.)
313 */
ea0a4f34
PB		 314 ret |= pfl->status << 16;
315 }
05ee37eb
AZ		 316 DPRINTF("%s: status %x\n", __func__, ret);
317 break;
0b2ec6fc 318 case 0x90:
0163a2dc
RF		 319 if (!pfl->device_width) {
320 /* Preserve old behavior if device width not specified */
321 boff = offset & 0xFF;
322 if (pfl->bank_width == 2) {
323 boff = boff >> 1;
324 } else if (pfl->bank_width == 4) {
325 boff = boff >> 2;
326 }
4433e660 327
0163a2dc
RF		 328 switch (boff) {
329 case 0:
330 ret = pfl->ident0 << 8 | pfl->ident1;
13019f1f 331 trace_pflash_manufacturer_id(ret);
0163a2dc
RF		 332 break;
333 case 1:
334 ret = pfl->ident2 << 8 | pfl->ident3;
13019f1f 335 trace_pflash_device_id(ret);
0163a2dc
RF		 336 break;
337 default:
13019f1f 338 trace_pflash_device_info(boff);
0163a2dc
RF		 339 ret = 0;
340 break;
341 }
342 } else {
343 /* If we have a read larger than the bank_width, combine multiple
344 * manufacturer/device ID queries into a single response.
345 */
346 int i;
347 for (i = 0; i < width; i += pfl->bank_width) {
348 ret = deposit32(ret, i * 8, pfl->bank_width * 8,
349 pflash_devid_query(pfl,
350 offset + i * pfl->bank_width));
351 }
0b2ec6fc
MW		 352 }
353 break;
05ee37eb 354 case 0x98: /* Query mode */
4433e660
RF		 355 if (!pfl->device_width) {
356 /* Preserve old behavior if device width not specified */
357 boff = offset & 0xFF;
358 if (pfl->bank_width == 2) {
359 boff = boff >> 1;
360 } else if (pfl->bank_width == 4) {
361 boff = boff >> 2;
362 }
363
07c13a71 364 if (boff < sizeof(pfl->cfi_table)) {
4433e660 365 ret = pfl->cfi_table[boff];
07c13a71
PMD		 366 } else {
367 ret = 0;
4433e660
RF		 368 }
369 } else {
370 /* If we have a read larger than the bank_width, combine multiple
371 * CFI queries into a single response.
372 */
373 int i;
374 for (i = 0; i < width; i += pfl->bank_width) {
375 ret = deposit32(ret, i * 8, pfl->bank_width * 8,
376 pflash_cfi_query(pfl,
377 offset + i * pfl->bank_width));
378 }
379 }
380
05ee37eb 381 break;
05ee37eb 382 }
10f9f1fb 383 trace_pflash_io_read(offset, width, ret, pfl->cmd, pfl->wcycle);
e8aa2d95 384
05ee37eb
AZ		 385 return ret;
386}
387
388/* update flash content on disk */
16434065 389static void pflash_update(PFlashCFI01 *pfl, int offset,
05ee37eb
AZ		 390 int size)
391{
392 int offset_end;
1857b9db 393 int ret;
4be74634 394 if (pfl->blk) {
05ee37eb 395 offset_end = offset + size;
098e732d
EB		 396 /* widen to sector boundaries */
397 offset = QEMU_ALIGN_DOWN(offset, BDRV_SECTOR_SIZE);
398 offset_end = QEMU_ALIGN_UP(offset_end, BDRV_SECTOR_SIZE);
1857b9db 399 ret = blk_pwrite(pfl->blk, offset, pfl->storage + offset,
098e732d 400 offset_end - offset, 0);
1857b9db
MA		 401 if (ret < 0) {
402 /* TODO set error bit in status */
403 error_report("Could not update PFLASH: %s", strerror(-ret));
404 }
05ee37eb
AZ		 405 }
406}
407
16434065 408static inline void pflash_data_write(PFlashCFI01 *pfl, hwaddr offset,
3d08ff69 409 uint32_t value, int width, int be)
d361be25
AZ		 410{
411 uint8_t *p = pfl->storage;
412
10f9f1fb 413 trace_pflash_data_write(offset, width, value, pfl->counter);
d361be25
AZ		 414 switch (width) {
415 case 1:
416 p[offset] = value;
d361be25
AZ		 417 break;
418 case 2:
3d08ff69
BS		 419 if (be) {
420 p[offset] = value >> 8;
421 p[offset + 1] = value;
422 } else {
423 p[offset] = value;
424 p[offset + 1] = value >> 8;
425 }
d361be25
AZ		 426 break;
427 case 4:
3d08ff69
BS		 428 if (be) {
429 p[offset] = value >> 24;
430 p[offset + 1] = value >> 16;
431 p[offset + 2] = value >> 8;
432 p[offset + 3] = value;
433 } else {
434 p[offset] = value;
435 p[offset + 1] = value >> 8;
436 p[offset + 2] = value >> 16;
437 p[offset + 3] = value >> 24;
438 }
d361be25
AZ		 439 break;
440 }
441
442}
443
16434065 444static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
3d08ff69 445 uint32_t value, int width, int be)
05ee37eb 446{
05ee37eb
AZ		 447 uint8_t *p;
448 uint8_t cmd;
449
05ee37eb 450 cmd = value;
05ee37eb 451
10f9f1fb 452 trace_pflash_io_write(offset, width, value, pfl->wcycle);
e9cbbcac
EI		 453 if (!pfl->wcycle) {
454 /* Set the device in I/O access mode */
5f9a5ea1 455 memory_region_rom_device_set_romd(&pfl->mem, false);
e9cbbcac 456 }
05ee37eb
AZ		 457
458 switch (pfl->wcycle) {
459 case 0:
460 /* read mode */
461 switch (cmd) {
aba53a12 462 case 0x00: /* This model reset value for READ_ARRAY (not CFI) */
3072182d 463 goto mode_read_array;
d361be25
AZ		 464 case 0x10: /* Single Byte Program */
465 case 0x40: /* Single Byte Program */
fad8c772 466 DPRINTF("%s: Single Byte Program\n", __func__);
d361be25 467 break;
05ee37eb
AZ		 468 case 0x20: /* Block erase */
469 p = pfl->storage;
470 offset &= ~(pfl->sector_len - 1);
471
368a354f
PC		 472 DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n",
473 __func__, offset, (unsigned)pfl->sector_len);
05ee37eb 474
de8efe8f
JJ		 475 if (!pfl->ro) {
476 memset(p + offset, 0xff, pfl->sector_len);
477 pflash_update(pfl, offset, pfl->sector_len);
478 } else {
479 pfl->status |= 0x20; /* Block erase error */
480 }
05ee37eb
AZ		 481 pfl->status |= 0x80; /* Ready! */
482 break;
483 case 0x50: /* Clear status bits */
484 DPRINTF("%s: Clear status bits\n", __func__);
485 pfl->status = 0x0;
3072182d 486 goto mode_read_array;
05ee37eb
AZ		 487 case 0x60: /* Block (un)lock */
488 DPRINTF("%s: Block unlock\n", __func__);
489 break;
490 case 0x70: /* Status Register */
491 DPRINTF("%s: Read status register\n", __func__);
492 pfl->cmd = cmd;
493 return;
0b2ec6fc
MW		 494 case 0x90: /* Read Device ID */
495 DPRINTF("%s: Read Device information\n", __func__);
496 pfl->cmd = cmd;
497 return;
05ee37eb
AZ		 498 case 0x98: /* CFI query */
499 DPRINTF("%s: CFI query\n", __func__);
500 break;
501 case 0xe8: /* Write to buffer */
502 DPRINTF("%s: Write to buffer\n", __func__);
4dbda935
MA		 503 /* FIXME should save @offset, @width for case 1+ */
504 qemu_log_mask(LOG_UNIMP,
505 "%s: Write to buffer emulation is flawed\n",
506 __func__);
05ee37eb
AZ		 507 pfl->status |= 0x80; /* Ready! */
508 break;
5928023c
SW		 509 case 0xf0: /* Probe for AMD flash */
510 DPRINTF("%s: Probe for AMD flash\n", __func__);
3072182d
PMD		 511 goto mode_read_array;
512 case 0xff: /* Read Array */
05ee37eb 513 DPRINTF("%s: Read array mode\n", __func__);
3072182d 514 goto mode_read_array;
05ee37eb
AZ		 515 default:
516 goto error_flash;
517 }
518 pfl->wcycle++;
519 pfl->cmd = cmd;
12dabc79 520 break;
05ee37eb
AZ		 521 case 1:
522 switch (pfl->cmd) {
d361be25
AZ		 523 case 0x10: /* Single Byte Program */
524 case 0x40: /* Single Byte Program */
525 DPRINTF("%s: Single Byte Program\n", __func__);
de8efe8f
JJ		 526 if (!pfl->ro) {
527 pflash_data_write(pfl, offset, value, width, be);
528 pflash_update(pfl, offset, width);
529 } else {
530 pfl->status |= 0x10; /* Programming error */
531 }
d361be25
AZ		 532 pfl->status |= 0x80; /* Ready! */
533 pfl->wcycle = 0;
534 break;
05ee37eb
AZ		 535 case 0x20: /* Block erase */
536 case 0x28:
537 if (cmd == 0xd0) { /* confirm */
3656744c 538 pfl->wcycle = 0;
05ee37eb 539 pfl->status |= 0x80;
3072182d
PMD		 540 } else if (cmd == 0xff) { /* Read Array */
541 goto mode_read_array;
05ee37eb
AZ		 542 } else
543 goto error_flash;
544
545 break;
546 case 0xe8:
1997b485
RF		 547 /* Mask writeblock size based on device width, or bank width if
548 * device width not specified.
549 */
4dbda935 550 /* FIXME check @offset, @width */
1997b485
RF		 551 if (pfl->device_width) {
552 value = extract32(value, 0, pfl->device_width * 8);
553 } else {
554 value = extract32(value, 0, pfl->bank_width * 8);
555 }
71fb2348
AZ		 556 DPRINTF("%s: block write of %x bytes\n", __func__, value);
557 pfl->counter = value;
05ee37eb
AZ		 558 pfl->wcycle++;
559 break;
560 case 0x60:
561 if (cmd == 0xd0) {
562 pfl->wcycle = 0;
563 pfl->status |= 0x80;
564 } else if (cmd == 0x01) {
565 pfl->wcycle = 0;
566 pfl->status |= 0x80;
3072182d
PMD		 567 } else if (cmd == 0xff) { /* Read Array */
568 goto mode_read_array;
05ee37eb
AZ		 569 } else {
570 DPRINTF("%s: Unknown (un)locking command\n", __func__);
3072182d 571 goto mode_read_array;
05ee37eb
AZ		 572 }
573 break;
574 case 0x98:
3072182d
PMD		 575 if (cmd == 0xff) { /* Read Array */
576 goto mode_read_array;
05ee37eb
AZ		 577 } else {
578 DPRINTF("%s: leaving query mode\n", __func__);
579 }
580 break;
581 default:
582 goto error_flash;
583 }
12dabc79 584 break;
05ee37eb
AZ		 585 case 2:
586 switch (pfl->cmd) {
587 case 0xe8: /* Block write */
4dbda935 588 /* FIXME check @offset, @width */
de8efe8f 589 if (!pfl->ro) {
4dbda935
MA		 590 /*
591 * FIXME writing straight to memory is *wrong*. We
592 * should write to a buffer, and flush it to memory
593 * only on confirm command (see below).
594 */
de8efe8f
JJ		 595 pflash_data_write(pfl, offset, value, width, be);
596 } else {
597 pfl->status |= 0x10; /* Programming error */
598 }
05ee37eb
AZ		 599
600 pfl->status |= 0x80;
601
602 if (!pfl->counter) {
a8170e5e 603 hwaddr mask = pfl->writeblock_size - 1;
b4bf0a9a
EI		 604 mask = ~mask;
605
05ee37eb
AZ		 606 DPRINTF("%s: block write finished\n", __func__);
607 pfl->wcycle++;
de8efe8f
JJ		 608 if (!pfl->ro) {
609 /* Flush the entire write buffer onto backing storage. */
4dbda935 610 /* FIXME premature! */
de8efe8f
JJ		 611 pflash_update(pfl, offset & mask, pfl->writeblock_size);
612 } else {
613 pfl->status |= 0x10; /* Programming error */
614 }
05ee37eb
AZ		 615 }
616
617 pfl->counter--;
618 break;
7317b8ca
AZ		 619 default:
620 goto error_flash;
05ee37eb 621 }
12dabc79 622 break;
05ee37eb
AZ		 623 case 3: /* Confirm mode */
624 switch (pfl->cmd) {
625 case 0xe8: /* Block write */
626 if (cmd == 0xd0) {
4dbda935 627 /* FIXME this is where we should write out the buffer */
05ee37eb
AZ		 628 pfl->wcycle = 0;
629 pfl->status |= 0x80;
05ee37eb 630 } else {
2d93bebf
MA		 631 qemu_log_mask(LOG_UNIMP,
632 "%s: Aborting write to buffer not implemented,"
633 " the data is already written to storage!\n"
634 "Flash device reset into READ mode.\n",
635 __func__);
3072182d 636 goto mode_read_array;
05ee37eb 637 }
7317b8ca
AZ		 638 break;
639 default:
640 goto error_flash;
05ee37eb 641 }
12dabc79 642 break;
05ee37eb
AZ		 643 default:
644 /* Should never happen */
645 DPRINTF("%s: invalid write state\n", __func__);
3072182d 646 goto mode_read_array;
05ee37eb
AZ		 647 }
648 return;
649
650 error_flash:
d96fc51c
PC		 651 qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence "
652 "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)"
653 "\n", __func__, offset, pfl->wcycle, pfl->cmd, value);
05ee37eb 654
3072182d 655 mode_read_array:
13019f1f 656 trace_pflash_reset();
5f9a5ea1 657 memory_region_rom_device_set_romd(&pfl->mem, true);
05ee37eb 658 pfl->wcycle = 0;
aba53a12 659 pfl->cmd = 0x00; /* This model reset value for READ_ARRAY (not CFI) */
05ee37eb
AZ		 660}
661
662
f71e42a5
PB		 663static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value,
664 unsigned len, MemTxAttrs attrs)
3d08ff69 665{
16434065 666 PFlashCFI01 *pfl = opaque;
5aa113f0 667 bool be = !!(pfl->features & (1 << PFLASH_BE));
3d08ff69 668
f71e42a5
PB		 669 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) {
670 *value = pflash_data_read(opaque, addr, len, be);
671 } else {
672 *value = pflash_read(opaque, addr, len, be);
673 }
674 return MEMTX_OK;
3d08ff69
BS		 675}
676
f71e42a5
PB		 677static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value,
678 unsigned len, MemTxAttrs attrs)
05ee37eb 679{
16434065 680 PFlashCFI01 *pfl = opaque;
5aa113f0 681 bool be = !!(pfl->features & (1 << PFLASH_BE));
3d08ff69 682
f71e42a5
PB		 683 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) {
684 return MEMTX_ERROR;
685 } else {
686 pflash_write(opaque, addr, value, len, be);
687 return MEMTX_OK;
688 }
05ee37eb
AZ		 689}
690
5aa113f0 691static const MemoryRegionOps pflash_cfi01_ops = {
f71e42a5
PB		 692 .read_with_attrs = pflash_mem_read_with_attrs,
693 .write_with_attrs = pflash_mem_write_with_attrs,
cfe5f011 694 .endianness = DEVICE_NATIVE_ENDIAN,
05ee37eb
AZ		 695};
696
e40b5f3e 697static void pflash_cfi01_realize(DeviceState *dev, Error **errp)
05ee37eb 698{
e7b62741 699 PFlashCFI01 *pfl = PFLASH_CFI01(dev);
368a354f 700 uint64_t total_len;
d0e7605e 701 int ret;
feb0b1aa 702 uint64_t blocks_per_device, sector_len_per_device, device_len;
a0289b8a 703 int num_devices;
33e0eb52 704 Error *local_err = NULL;
05ee37eb 705
8929fc3a
ZY		 706 if (pfl->sector_len == 0) {
707 error_setg(errp, "attribute \"sector-length\" not specified or zero.");
708 return;
709 }
710 if (pfl->nb_blocs == 0) {
711 error_setg(errp, "attribute \"num-blocks\" not specified or zero.");
712 return;
713 }
714 if (pfl->name == NULL) {
715 error_setg(errp, "attribute \"name\" not specified.");
716 return;
717 }
718
368a354f 719 total_len = pfl->sector_len * pfl->nb_blocs;
05ee37eb 720
a0289b8a
PM		 721 /* These are only used to expose the parameters of each device
722 * in the cfi_table[].
723 */
724 num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1;
feb0b1aa
PM		 725 if (pfl->old_multiple_chip_handling) {
726 blocks_per_device = pfl->nb_blocs / num_devices;
727 sector_len_per_device = pfl->sector_len;
728 } else {
729 blocks_per_device = pfl->nb_blocs;
730 sector_len_per_device = pfl->sector_len / num_devices;
731 }
732 device_len = sector_len_per_device * blocks_per_device;
a0289b8a 733
bba3ddf7 734 memory_region_init_rom_device(
2d256e6f 735 &pfl->mem, OBJECT(dev),
5aa113f0 736 &pflash_cfi01_ops,
e9809422 737 pfl,
33e0eb52
HT		 738 pfl->name, total_len, &local_err);
739 if (local_err) {
740 error_propagate(errp, local_err);
741 return;
742 }
743
cfe5f011 744 pfl->storage = memory_region_get_ram_ptr(&pfl->mem);
e40b5f3e 745 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem);
05ee37eb 746
a17c17a2
KW		 747 if (pfl->blk) {
748 uint64_t perm;
749 pfl->ro = blk_is_read_only(pfl->blk);
750 perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE);
751 ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp);
752 if (ret < 0) {
753 return;
754 }
755 } else {
756 pfl->ro = 0;
757 }
758
4be74634 759 if (pfl->blk) {
06f15217
MA		 760 if (!blk_check_size_and_read_all(pfl->blk, pfl->storage, total_len,
761 errp)) {
368a354f 762 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl));
e40b5f3e 763 return;
d0e7605e 764 }
05ee37eb 765 }
de8efe8f 766
fa21a7b1
RF		 767 /* Default to devices being used at their maximum device width. This was
768 * assumed before the device_width support was added.
769 */
770 if (!pfl->max_device_width) {
771 pfl->max_device_width = pfl->device_width;
772 }
773
05ee37eb 774 pfl->wcycle = 0;
aba53a12
PMD		 775 /*
776 * The command 0x00 is not assigned by the CFI open standard,
777 * but QEMU historically uses it for the READ_ARRAY command (0xff).
778 */
779 pfl->cmd = 0x00;
611c749c 780 pfl->status = 0x80; /* WSM ready */
05ee37eb 781 /* Hardcoded CFI table */
05ee37eb
AZ		 782 /* Standard "QRY" string */
783 pfl->cfi_table[0x10] = 'Q';
784 pfl->cfi_table[0x11] = 'R';
785 pfl->cfi_table[0x12] = 'Y';
786 /* Command set (Intel) */
787 pfl->cfi_table[0x13] = 0x01;
788 pfl->cfi_table[0x14] = 0x00;
789 /* Primary extended table address (none) */
790 pfl->cfi_table[0x15] = 0x31;
791 pfl->cfi_table[0x16] = 0x00;
792 /* Alternate command set (none) */
793 pfl->cfi_table[0x17] = 0x00;
794 pfl->cfi_table[0x18] = 0x00;
795 /* Alternate extended table (none) */
796 pfl->cfi_table[0x19] = 0x00;
797 pfl->cfi_table[0x1A] = 0x00;
798 /* Vcc min */
799 pfl->cfi_table[0x1B] = 0x45;
800 /* Vcc max */
801 pfl->cfi_table[0x1C] = 0x55;
802 /* Vpp min (no Vpp pin) */
803 pfl->cfi_table[0x1D] = 0x00;
804 /* Vpp max (no Vpp pin) */
805 pfl->cfi_table[0x1E] = 0x00;
806 /* Reserved */
807 pfl->cfi_table[0x1F] = 0x07;
808 /* Timeout for min size buffer write */
809 pfl->cfi_table[0x20] = 0x07;
810 /* Typical timeout for block erase */
811 pfl->cfi_table[0x21] = 0x0a;
812 /* Typical timeout for full chip erase (4096 ms) */
813 pfl->cfi_table[0x22] = 0x00;
814 /* Reserved */
815 pfl->cfi_table[0x23] = 0x04;
816 /* Max timeout for buffer write */
817 pfl->cfi_table[0x24] = 0x04;
818 /* Max timeout for block erase */
819 pfl->cfi_table[0x25] = 0x04;
820 /* Max timeout for chip erase */
821 pfl->cfi_table[0x26] = 0x00;
822 /* Device size */
a0289b8a 823 pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */
05ee37eb
AZ		 824 /* Flash device interface (8 & 16 bits) */
825 pfl->cfi_table[0x28] = 0x02;
826 pfl->cfi_table[0x29] = 0x00;
827 /* Max number of bytes in multi-bytes write */
4b6fedca 828 if (pfl->bank_width == 1) {
4737fa26
EI		 829 pfl->cfi_table[0x2A] = 0x08;
830 } else {
831 pfl->cfi_table[0x2A] = 0x0B;
832 }
b4bf0a9a 833 pfl->writeblock_size = 1 << pfl->cfi_table[0x2A];
feb0b1aa
PM		 834 if (!pfl->old_multiple_chip_handling && num_devices > 1) {
835 pfl->writeblock_size *= num_devices;
836 }
b4bf0a9a 837
05ee37eb
AZ		 838 pfl->cfi_table[0x2B] = 0x00;
839 /* Number of erase block regions (uniform) */
840 pfl->cfi_table[0x2C] = 0x01;
841 /* Erase block region 1 */
a0289b8a
PM		 842 pfl->cfi_table[0x2D] = blocks_per_device - 1;
843 pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8;
feb0b1aa
PM		 844 pfl->cfi_table[0x2F] = sector_len_per_device >> 8;
845 pfl->cfi_table[0x30] = sector_len_per_device >> 16;
05ee37eb
AZ		 846
847 /* Extended */
848 pfl->cfi_table[0x31] = 'P';
849 pfl->cfi_table[0x32] = 'R';
850 pfl->cfi_table[0x33] = 'I';
851
852 pfl->cfi_table[0x34] = '1';
262e1eaa 853 pfl->cfi_table[0x35] = '0';
05ee37eb
AZ		 854
855 pfl->cfi_table[0x36] = 0x00;
856 pfl->cfi_table[0x37] = 0x00;
857 pfl->cfi_table[0x38] = 0x00;
858 pfl->cfi_table[0x39] = 0x00;
859
860 pfl->cfi_table[0x3a] = 0x00;
861
862 pfl->cfi_table[0x3b] = 0x00;
863 pfl->cfi_table[0x3c] = 0x00;
864
262e1eaa 865 pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */
368a354f
PC		 866}
867
3a283507
PMD		 868static void pflash_cfi01_system_reset(DeviceState *dev)
869{
870 PFlashCFI01 *pfl = PFLASH_CFI01(dev);
871
872 /*
873 * The command 0x00 is not assigned by the CFI open standard,
874 * but QEMU historically uses it for the READ_ARRAY command (0xff).
875 */
876 pfl->cmd = 0x00;
877 pfl->wcycle = 0;
878 memory_region_rom_device_set_romd(&pfl->mem, true);
879 /*
880 * The WSM ready timer occurs at most 150ns after system reset.
881 * This model deliberately ignores this delay.
882 */
883 pfl->status = 0x80;
884}
885
368a354f 886static Property pflash_cfi01_properties[] = {
16434065 887 DEFINE_PROP_DRIVE("drive", PFlashCFI01, blk),
a0289b8a
PM		 888 /* num-blocks is the number of blocks actually visible to the guest,
889 * ie the total size of the device divided by the sector length.
890 * If we're emulating flash devices wired in parallel the actual
891 * number of blocks per indvidual device will differ.
892 */
16434065
MA		 893 DEFINE_PROP_UINT32("num-blocks", PFlashCFI01, nb_blocs, 0),
894 DEFINE_PROP_UINT64("sector-length", PFlashCFI01, sector_len, 0),
fa21a7b1
RF		 895 /* width here is the overall width of this QEMU device in bytes.
896 * The QEMU device may be emulating a number of flash devices
897 * wired up in parallel; the width of each individual flash
898 * device should be specified via device-width. If the individual
899 * devices have a maximum width which is greater than the width
900 * they are being used for, this maximum width should be set via
901 * max-device-width (which otherwise defaults to device-width).
902 * So for instance a 32-bit wide QEMU flash device made from four
903 * 16-bit flash devices used in 8-bit wide mode would be configured
904 * with width = 4, device-width = 1, max-device-width = 2.
905 *
906 * If device-width is not specified we default to backwards
907 * compatible behaviour which is a bad emulation of two
908 * 16 bit devices making up a 32 bit wide QEMU device. This
909 * is deprecated for new uses of this device.
910 */
16434065
MA		 911 DEFINE_PROP_UINT8("width", PFlashCFI01, bank_width, 0),
912 DEFINE_PROP_UINT8("device-width", PFlashCFI01, device_width, 0),
913 DEFINE_PROP_UINT8("max-device-width", PFlashCFI01, max_device_width, 0),
914 DEFINE_PROP_BIT("big-endian", PFlashCFI01, features, PFLASH_BE, 0),
915 DEFINE_PROP_BIT("secure", PFlashCFI01, features, PFLASH_SECURE, 0),
916 DEFINE_PROP_UINT16("id0", PFlashCFI01, ident0, 0),
917 DEFINE_PROP_UINT16("id1", PFlashCFI01, ident1, 0),
918 DEFINE_PROP_UINT16("id2", PFlashCFI01, ident2, 0),
919 DEFINE_PROP_UINT16("id3", PFlashCFI01, ident3, 0),
920 DEFINE_PROP_STRING("name", PFlashCFI01, name),
921 DEFINE_PROP_BOOL("old-multiple-chip-handling", PFlashCFI01,
feb0b1aa 922 old_multiple_chip_handling, false),
368a354f
PC		 923 DEFINE_PROP_END_OF_LIST(),
924};
925
926static void pflash_cfi01_class_init(ObjectClass *klass, void *data)
927{
928 DeviceClass *dc = DEVICE_CLASS(klass);
368a354f 929
3a283507 930 dc->reset = pflash_cfi01_system_reset;
e40b5f3e 931 dc->realize = pflash_cfi01_realize;
4f67d30b 932 device_class_set_props(dc, pflash_cfi01_properties);
d8d24fb7 933 dc->vmsd = &vmstate_pflash;
125ee0ed 934 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
368a354f
PC		 935}
936
937
938static const TypeInfo pflash_cfi01_info = {
e7b62741 939 .name = TYPE_PFLASH_CFI01,
368a354f 940 .parent = TYPE_SYS_BUS_DEVICE,
16434065 941 .instance_size = sizeof(PFlashCFI01),
368a354f
PC		 942 .class_init = pflash_cfi01_class_init,
943};
944
945static void pflash_cfi01_register_types(void)
946{
947 type_register_static(&pflash_cfi01_info);
948}
949
950type_init(pflash_cfi01_register_types)
951
16434065 952PFlashCFI01 *pflash_cfi01_register(hwaddr base,
940d5b13 953 const char *name,
16434065
MA		 954 hwaddr size,
955 BlockBackend *blk,
ce14710f 956 uint32_t sector_len,
16434065
MA		 957 int bank_width,
958 uint16_t id0, uint16_t id1,
959 uint16_t id2, uint16_t id3,
960 int be)
368a354f 961{
3e80f690 962 DeviceState *dev = qdev_new(TYPE_PFLASH_CFI01);
368a354f 963
9b3d111a
MA		 964 if (blk) {
965 qdev_prop_set_drive(dev, "drive", blk, &error_abort);
368a354f 966 }
4cdd0a77 967 assert(QEMU_IS_ALIGNED(size, sector_len));
ce14710f 968 qdev_prop_set_uint32(dev, "num-blocks", size / sector_len);
368a354f 969 qdev_prop_set_uint64(dev, "sector-length", sector_len);
4b6fedca 970 qdev_prop_set_uint8(dev, "width", bank_width);
e9809422 971 qdev_prop_set_bit(dev, "big-endian", !!be);
368a354f
PC		 972 qdev_prop_set_uint16(dev, "id0", id0);
973 qdev_prop_set_uint16(dev, "id1", id1);
974 qdev_prop_set_uint16(dev, "id2", id2);
975 qdev_prop_set_uint16(dev, "id3", id3);
976 qdev_prop_set_string(dev, "name", name);
3c6ef471 977 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
368a354f 978
f1b44f0e 979 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
e7b62741 980 return PFLASH_CFI01(dev);
05ee37eb 981}
cfe5f011 982
e60cf765
PMD		 983BlockBackend *pflash_cfi01_get_blk(PFlashCFI01 *fl)
984{
985 return fl->blk;
986}
987
16434065 988MemoryRegion *pflash_cfi01_get_memory(PFlashCFI01 *fl)
cfe5f011
AK		 989{
990 return &fl->mem;
991}
4c0cfc72 992
2d731dbd
MA		 993/*
994 * Handle -drive if=pflash for machines that use properties.
995 * If @dinfo is null, do nothing.
996 * Else if @fl's property "drive" is already set, fatal error.
997 * Else set it to the BlockBackend with @dinfo.
998 */
999void pflash_cfi01_legacy_drive(PFlashCFI01 *fl, DriveInfo *dinfo)
1000{
1001 Location loc;
1002
1003 if (!dinfo) {
1004 return;
1005 }
1006
1007 loc_push_none(&loc);
1008 qemu_opts_loc_restore(dinfo->opts);
1009 if (fl->blk) {
1010 error_report("clashes with -machine");
1011 exit(1);
1012 }
1013 qdev_prop_set_drive(DEVICE(fl), "drive",
1014 blk_by_legacy_dinfo(dinfo), &error_fatal);
1015 loc_pop(&loc);
1016}
1017
90c647db
DDAG		 1018static void postload_update_cb(void *opaque, int running, RunState state)
1019{
16434065 1020 PFlashCFI01 *pfl = opaque;
90c647db
DDAG		 1021
1022 /* This is called after bdrv_invalidate_cache_all. */
1023 qemu_del_vm_change_state_handler(pfl->vmstate);
1024 pfl->vmstate = NULL;
1025
1026 DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name);
1027 pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs);
1028}
1029
4c0cfc72
LE		 1030static int pflash_post_load(void *opaque, int version_id)
1031{
16434065 1032 PFlashCFI01 *pfl = opaque;
4c0cfc72
LE		 1033
1034 if (!pfl->ro) {
90c647db
DDAG		 1035 pfl->vmstate = qemu_add_vm_change_state_handler(postload_update_cb,
1036 pfl);
4c0cfc72
LE		 1037 }
1038 return 0;
1039}
QEMU mirror