]> git.proxmox.com Git - mirror_qemu.git/blame - hw/block/pflash_cfi01.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix CFI query responses for NOR flash
[mirror_qemu.git] / hw / block / pflash_cfi01.c
CommitLineData
05ee37eb
AZ		 1/*
2 * CFI parallel flash with Intel command set emulation
3 *
4 * Copyright (c) 2006 Thorsten Zitterell
5 * Copyright (c) 2005 Jocelyn Mayer
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
8167ee88 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
05ee37eb
AZ		 19 */
20
21/*
22 * For now, this code can emulate flashes of 1, 2 or 4 bytes width.
23 * Supported commands/modes are:
24 * - flash read
25 * - flash write
26 * - flash ID read
27 * - sector erase
28 * - CFI queries
29 *
30 * It does not support timings
31 * It does not support flash interleaving
32 * It does not implement software data protection as found in many real chips
33 * It does not implement erase suspend/resume commands
34 * It does not implement multiple sectors erase
35 *
36 * It does not implement much more ...
37 */
38
83c9f4ca 39#include "hw/hw.h"
0d09e41a 40#include "hw/block/flash.h"
737e150e 41#include "block/block.h"
1de7afc9 42#include "qemu/timer.h"
1997b485 43#include "qemu/bitops.h"
022c62cb 44#include "exec/address-spaces.h"
1de7afc9 45#include "qemu/host-utils.h"
83c9f4ca 46#include "hw/sysbus.h"
05ee37eb 47
001faf32 48#define PFLASH_BUG(fmt, ...) \
05ee37eb 49do { \
ec9ea489 50 fprintf(stderr, "PFLASH: Possible BUG - " fmt, ## __VA_ARGS__); \
05ee37eb
AZ		 51 exit(1); \
52} while(0)
53
54/* #define PFLASH_DEBUG */
55#ifdef PFLASH_DEBUG
ec9ea489
PC		 56#define DPRINTF(fmt, ...) \
57do { \
58 fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \
05ee37eb
AZ		 59} while (0)
60#else
001faf32 61#define DPRINTF(fmt, ...) do { } while (0)
05ee37eb
AZ		 62#endif
63
f1b44f0e
HT		 64#define TYPE_CFI_PFLASH01 "cfi.pflash01"
65#define CFI_PFLASH01(obj) OBJECT_CHECK(pflash_t, (obj), TYPE_CFI_PFLASH01)
66
c227f099 67struct pflash_t {
f1b44f0e
HT		 68 /*< private >*/
69 SysBusDevice parent_obj;
70 /*< public >*/
71
05ee37eb 72 BlockDriverState *bs;
368a354f
PC		 73 uint32_t nb_blocs;
74 uint64_t sector_len;
4b6fedca 75 uint8_t bank_width;
1997b485 76 uint8_t device_width; /* If 0, device width not specified. */
fa21a7b1 77 uint8_t max_device_width; /* max device width in bytes */
368a354f 78 uint8_t be;
d8d24fb7 79 uint8_t wcycle; /* if 0, the flash is read normally */
05ee37eb
AZ		 80 int ro;
81 uint8_t cmd;
82 uint8_t status;
368a354f
PC		 83 uint16_t ident0;
84 uint16_t ident1;
85 uint16_t ident2;
86 uint16_t ident3;
05ee37eb
AZ		 87 uint8_t cfi_len;
88 uint8_t cfi_table[0x52];
d8d24fb7 89 uint64_t counter;
b4bf0a9a 90 unsigned int writeblock_size;
05ee37eb 91 QEMUTimer *timer;
cfe5f011 92 MemoryRegion mem;
368a354f 93 char *name;
05ee37eb
AZ		 94 void *storage;
95};
96
d8d24fb7
PM		 97static const VMStateDescription vmstate_pflash = {
98 .name = "pflash_cfi01",
99 .version_id = 1,
100 .minimum_version_id = 1,
101 .fields = (VMStateField[]) {
102 VMSTATE_UINT8(wcycle, pflash_t),
103 VMSTATE_UINT8(cmd, pflash_t),
104 VMSTATE_UINT8(status, pflash_t),
105 VMSTATE_UINT64(counter, pflash_t),
106 VMSTATE_END_OF_LIST()
107 }
108};
109
05ee37eb
AZ		 110static void pflash_timer (void *opaque)
111{
c227f099 112 pflash_t *pfl = opaque;
05ee37eb
AZ		 113
114 DPRINTF("%s: command %02x done\n", __func__, pfl->cmd);
115 /* Reset flash */
116 pfl->status ^= 0x80;
5f9a5ea1 117 memory_region_rom_device_set_romd(&pfl->mem, true);
5d79b80b 118 pfl->wcycle = 0;
05ee37eb
AZ		 119 pfl->cmd = 0;
120}
121
4433e660
RF		 122/* Perform a CFI query based on the bank width of the flash.
123 * If this code is called we know we have a device_width set for
124 * this flash.
125 */
126static uint32_t pflash_cfi_query(pflash_t *pfl, hwaddr offset)
127{
128 int i;
129 uint32_t resp = 0;
130 hwaddr boff;
131
132 /* Adjust incoming offset to match expected device-width
133 * addressing. CFI query addresses are always specified in terms of
134 * the maximum supported width of the device. This means that x8
135 * devices and x8/x16 devices in x8 mode behave differently. For
136 * devices that are not used at their max width, we will be
137 * provided with addresses that use higher address bits than
138 * expected (based on the max width), so we will shift them lower
139 * so that they will match the addresses used when
140 * device_width==max_device_width.
141 */
142 boff = offset >> (ctz32(pfl->bank_width) +
143 ctz32(pfl->max_device_width) - ctz32(pfl->device_width));
144
145 if (boff > pfl->cfi_len) {
146 return 0;
147 }
148 /* Now we will construct the CFI response generated by a single
149 * device, then replicate that for all devices that make up the
150 * bus. For wide parts used in x8 mode, CFI query responses
151 * are different than native byte-wide parts.
152 */
153 resp = pfl->cfi_table[boff];
154 if (pfl->device_width != pfl->max_device_width) {
155 /* The only case currently supported is x8 mode for a
156 * wider part.
157 */
158 if (pfl->device_width != 1 || pfl->bank_width > 4) {
159 DPRINTF("%s: Unsupported device configuration: "
160 "device_width=%d, max_device_width=%d\n",
161 __func__, pfl->device_width,
162 pfl->max_device_width);
163 return 0;
164 }
165 /* CFI query data is repeated, rather than zero padded for
166 * wide devices used in x8 mode.
167 */
168 for (i = 1; i < pfl->max_device_width; i++) {
169 resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]);
170 }
171 }
172 /* Replicate responses for each device in bank. */
173 if (pfl->device_width < pfl->bank_width) {
174 for (i = pfl->device_width;
175 i < pfl->bank_width; i += pfl->device_width) {
176 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp);
177 }
178 }
179
180 return resp;
181}
182
a8170e5e 183static uint32_t pflash_read (pflash_t *pfl, hwaddr offset,
3d08ff69 184 int width, int be)
05ee37eb 185{
a8170e5e 186 hwaddr boff;
05ee37eb
AZ		 187 uint32_t ret;
188 uint8_t *p;
189
190 ret = -1;
05ee37eb 191
fad8c772
EI		 192#if 0
193 DPRINTF("%s: reading offset " TARGET_FMT_plx " under cmd %02x width %d\n",
06adb549 194 __func__, offset, pfl->cmd, width);
fad8c772 195#endif
05ee37eb 196 switch (pfl->cmd) {
1be97bf2
PM		 197 default:
198 /* This should never happen : reset state & treat it as a read */
199 DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd);
200 pfl->wcycle = 0;
201 pfl->cmd = 0;
202 /* fall through to read code */
05ee37eb
AZ		 203 case 0x00:
204 /* Flash area read */
205 p = pfl->storage;
206 switch (width) {
207 case 1:
208 ret = p[offset];
fad8c772 209 DPRINTF("%s: data offset " TARGET_FMT_plx " %02x\n",
c8b153d7 210 __func__, offset, ret);
05ee37eb
AZ		 211 break;
212 case 2:
3d08ff69
BS		 213 if (be) {
214 ret = p[offset] << 8;
215 ret |= p[offset + 1];
216 } else {
217 ret = p[offset];
218 ret |= p[offset + 1] << 8;
219 }
fad8c772 220 DPRINTF("%s: data offset " TARGET_FMT_plx " %04x\n",
c8b153d7 221 __func__, offset, ret);
05ee37eb
AZ		 222 break;
223 case 4:
3d08ff69
BS		 224 if (be) {
225 ret = p[offset] << 24;
226 ret |= p[offset + 1] << 16;
227 ret |= p[offset + 2] << 8;
228 ret |= p[offset + 3];
229 } else {
230 ret = p[offset];
231 ret |= p[offset + 1] << 8;
3d08ff69
BS		 232 ret |= p[offset + 2] << 16;
233 ret |= p[offset + 3] << 24;
234 }
fad8c772 235 DPRINTF("%s: data offset " TARGET_FMT_plx " %08x\n",
c8b153d7 236 __func__, offset, ret);
05ee37eb
AZ		 237 break;
238 default:
239 DPRINTF("BUG in %s\n", __func__);
240 }
241
242 break;
6e392787 243 case 0x10: /* Single byte program */
05ee37eb 244 case 0x20: /* Block erase */
6e392787
PM		 245 case 0x28: /* Block erase */
246 case 0x40: /* single byte program */
05ee37eb
AZ		 247 case 0x50: /* Clear status register */
248 case 0x60: /* Block /un)lock */
249 case 0x70: /* Status Register */
250 case 0xe8: /* Write block */
2003889f
RF		 251 /* Status register read. Return status from each device in
252 * bank.
253 */
05ee37eb 254 ret = pfl->status;
2003889f
RF		 255 if (pfl->device_width && width > pfl->device_width) {
256 int shift = pfl->device_width * 8;
257 while (shift + pfl->device_width * 8 <= width * 8) {
258 ret |= pfl->status << shift;
259 shift += pfl->device_width * 8;
260 }
261 } else if (!pfl->device_width && width > 2) {
262 /* Handle 32 bit flash cases where device width is not
263 * set. (Existing behavior before device width added.)
264 */
ea0a4f34
PB		 265 ret |= pfl->status << 16;
266 }
05ee37eb
AZ		 267 DPRINTF("%s: status %x\n", __func__, ret);
268 break;
0b2ec6fc 269 case 0x90:
4433e660
RF		 270 boff = offset & 0xFF;
271 if (pfl->bank_width == 2) {
272 boff = boff >> 1;
273 } else if (pfl->bank_width == 4) {
274 boff = boff >> 2;
275 }
276
0b2ec6fc
MW		 277 switch (boff) {
278 case 0:
368a354f 279 ret = pfl->ident0 << 8 | pfl->ident1;
0b2ec6fc
MW		 280 DPRINTF("%s: Manufacturer Code %04x\n", __func__, ret);
281 break;
282 case 1:
368a354f 283 ret = pfl->ident2 << 8 | pfl->ident3;
0b2ec6fc
MW		 284 DPRINTF("%s: Device ID Code %04x\n", __func__, ret);
285 break;
286 default:
fc5b64d0
PC		 287 DPRINTF("%s: Read Device Information boff=%x\n", __func__,
288 (unsigned)boff);
0b2ec6fc
MW		 289 ret = 0;
290 break;
291 }
292 break;
05ee37eb 293 case 0x98: /* Query mode */
4433e660
RF		 294 if (!pfl->device_width) {
295 /* Preserve old behavior if device width not specified */
296 boff = offset & 0xFF;
297 if (pfl->bank_width == 2) {
298 boff = boff >> 1;
299 } else if (pfl->bank_width == 4) {
300 boff = boff >> 2;
301 }
302
303 if (boff > pfl->cfi_len) {
304 ret = 0;
305 } else {
306 ret = pfl->cfi_table[boff];
307 }
308 } else {
309 /* If we have a read larger than the bank_width, combine multiple
310 * CFI queries into a single response.
311 */
312 int i;
313 for (i = 0; i < width; i += pfl->bank_width) {
314 ret = deposit32(ret, i * 8, pfl->bank_width * 8,
315 pflash_cfi_query(pfl,
316 offset + i * pfl->bank_width));
317 }
318 }
319
05ee37eb 320 break;
05ee37eb
AZ		 321 }
322 return ret;
323}
324
325/* update flash content on disk */
c227f099 326static void pflash_update(pflash_t *pfl, int offset,
05ee37eb
AZ		 327 int size)
328{
329 int offset_end;
330 if (pfl->bs) {
331 offset_end = offset + size;
332 /* round to sectors */
333 offset = offset >> 9;
334 offset_end = (offset_end + 511) >> 9;
335 bdrv_write(pfl->bs, offset, pfl->storage + (offset << 9),
336 offset_end - offset);
337 }
338}
339
a8170e5e 340static inline void pflash_data_write(pflash_t *pfl, hwaddr offset,
3d08ff69 341 uint32_t value, int width, int be)
d361be25
AZ		 342{
343 uint8_t *p = pfl->storage;
344
fad8c772 345 DPRINTF("%s: block write offset " TARGET_FMT_plx
d8d24fb7 346 " value %x counter %016" PRIx64 "\n",
d361be25
AZ		 347 __func__, offset, value, pfl->counter);
348 switch (width) {
349 case 1:
350 p[offset] = value;
d361be25
AZ		 351 break;
352 case 2:
3d08ff69
BS		 353 if (be) {
354 p[offset] = value >> 8;
355 p[offset + 1] = value;
356 } else {
357 p[offset] = value;
358 p[offset + 1] = value >> 8;
359 }
d361be25
AZ		 360 break;
361 case 4:
3d08ff69
BS		 362 if (be) {
363 p[offset] = value >> 24;
364 p[offset + 1] = value >> 16;
365 p[offset + 2] = value >> 8;
366 p[offset + 3] = value;
367 } else {
368 p[offset] = value;
369 p[offset + 1] = value >> 8;
370 p[offset + 2] = value >> 16;
371 p[offset + 3] = value >> 24;
372 }
d361be25
AZ		 373 break;
374 }
375
376}
377
a8170e5e 378static void pflash_write(pflash_t *pfl, hwaddr offset,
3d08ff69 379 uint32_t value, int width, int be)
05ee37eb 380{
05ee37eb
AZ		 381 uint8_t *p;
382 uint8_t cmd;
383
05ee37eb 384 cmd = value;
05ee37eb 385
fad8c772 386 DPRINTF("%s: writing offset " TARGET_FMT_plx " value %08x width %d wcycle 0x%x\n",
c8b153d7 387 __func__, offset, value, width, pfl->wcycle);
05ee37eb 388
e9cbbcac
EI		 389 if (!pfl->wcycle) {
390 /* Set the device in I/O access mode */
5f9a5ea1 391 memory_region_rom_device_set_romd(&pfl->mem, false);
e9cbbcac 392 }
05ee37eb
AZ		 393
394 switch (pfl->wcycle) {
395 case 0:
396 /* read mode */
397 switch (cmd) {
398 case 0x00: /* ??? */
399 goto reset_flash;
d361be25
AZ		 400 case 0x10: /* Single Byte Program */
401 case 0x40: /* Single Byte Program */
fad8c772 402 DPRINTF("%s: Single Byte Program\n", __func__);
d361be25 403 break;
05ee37eb
AZ		 404 case 0x20: /* Block erase */
405 p = pfl->storage;
406 offset &= ~(pfl->sector_len - 1);
407
368a354f
PC		 408 DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n",
409 __func__, offset, (unsigned)pfl->sector_len);
05ee37eb 410
de8efe8f
JJ		 411 if (!pfl->ro) {
412 memset(p + offset, 0xff, pfl->sector_len);
413 pflash_update(pfl, offset, pfl->sector_len);
414 } else {
415 pfl->status |= 0x20; /* Block erase error */
416 }
05ee37eb
AZ		 417 pfl->status |= 0x80; /* Ready! */
418 break;
419 case 0x50: /* Clear status bits */
420 DPRINTF("%s: Clear status bits\n", __func__);
421 pfl->status = 0x0;
422 goto reset_flash;
423 case 0x60: /* Block (un)lock */
424 DPRINTF("%s: Block unlock\n", __func__);
425 break;
426 case 0x70: /* Status Register */
427 DPRINTF("%s: Read status register\n", __func__);
428 pfl->cmd = cmd;
429 return;
0b2ec6fc
MW		 430 case 0x90: /* Read Device ID */
431 DPRINTF("%s: Read Device information\n", __func__);
432 pfl->cmd = cmd;
433 return;
05ee37eb
AZ		 434 case 0x98: /* CFI query */
435 DPRINTF("%s: CFI query\n", __func__);
436 break;
437 case 0xe8: /* Write to buffer */
438 DPRINTF("%s: Write to buffer\n", __func__);
439 pfl->status |= 0x80; /* Ready! */
440 break;
5928023c
SW		 441 case 0xf0: /* Probe for AMD flash */
442 DPRINTF("%s: Probe for AMD flash\n", __func__);
443 goto reset_flash;
05ee37eb
AZ		 444 case 0xff: /* Read array mode */
445 DPRINTF("%s: Read array mode\n", __func__);
446 goto reset_flash;
447 default:
448 goto error_flash;
449 }
450 pfl->wcycle++;
451 pfl->cmd = cmd;
12dabc79 452 break;
05ee37eb
AZ		 453 case 1:
454 switch (pfl->cmd) {
d361be25
AZ		 455 case 0x10: /* Single Byte Program */
456 case 0x40: /* Single Byte Program */
457 DPRINTF("%s: Single Byte Program\n", __func__);
de8efe8f
JJ		 458 if (!pfl->ro) {
459 pflash_data_write(pfl, offset, value, width, be);
460 pflash_update(pfl, offset, width);
461 } else {
462 pfl->status |= 0x10; /* Programming error */
463 }
d361be25
AZ		 464 pfl->status |= 0x80; /* Ready! */
465 pfl->wcycle = 0;
466 break;
05ee37eb
AZ		 467 case 0x20: /* Block erase */
468 case 0x28:
469 if (cmd == 0xd0) { /* confirm */
3656744c 470 pfl->wcycle = 0;
05ee37eb 471 pfl->status |= 0x80;
9248f413 472 } else if (cmd == 0xff) { /* read array mode */
05ee37eb
AZ		 473 goto reset_flash;
474 } else
475 goto error_flash;
476
477 break;
478 case 0xe8:
1997b485
RF		 479 /* Mask writeblock size based on device width, or bank width if
480 * device width not specified.
481 */
482 if (pfl->device_width) {
483 value = extract32(value, 0, pfl->device_width * 8);
484 } else {
485 value = extract32(value, 0, pfl->bank_width * 8);
486 }
71fb2348
AZ		 487 DPRINTF("%s: block write of %x bytes\n", __func__, value);
488 pfl->counter = value;
05ee37eb
AZ		 489 pfl->wcycle++;
490 break;
491 case 0x60:
492 if (cmd == 0xd0) {
493 pfl->wcycle = 0;
494 pfl->status |= 0x80;
495 } else if (cmd == 0x01) {
496 pfl->wcycle = 0;
497 pfl->status |= 0x80;
498 } else if (cmd == 0xff) {
499 goto reset_flash;
500 } else {
501 DPRINTF("%s: Unknown (un)locking command\n", __func__);
502 goto reset_flash;
503 }
504 break;
505 case 0x98:
506 if (cmd == 0xff) {
507 goto reset_flash;
508 } else {
509 DPRINTF("%s: leaving query mode\n", __func__);
510 }
511 break;
512 default:
513 goto error_flash;
514 }
12dabc79 515 break;
05ee37eb
AZ		 516 case 2:
517 switch (pfl->cmd) {
518 case 0xe8: /* Block write */
de8efe8f
JJ		 519 if (!pfl->ro) {
520 pflash_data_write(pfl, offset, value, width, be);
521 } else {
522 pfl->status |= 0x10; /* Programming error */
523 }
05ee37eb
AZ		 524
525 pfl->status |= 0x80;
526
527 if (!pfl->counter) {
a8170e5e 528 hwaddr mask = pfl->writeblock_size - 1;
b4bf0a9a
EI		 529 mask = ~mask;
530
05ee37eb
AZ		 531 DPRINTF("%s: block write finished\n", __func__);
532 pfl->wcycle++;
de8efe8f
JJ		 533 if (!pfl->ro) {
534 /* Flush the entire write buffer onto backing storage. */
535 pflash_update(pfl, offset & mask, pfl->writeblock_size);
536 } else {
537 pfl->status |= 0x10; /* Programming error */
538 }
05ee37eb
AZ		 539 }
540
541 pfl->counter--;
542 break;
7317b8ca
AZ		 543 default:
544 goto error_flash;
05ee37eb 545 }
12dabc79 546 break;
05ee37eb
AZ		 547 case 3: /* Confirm mode */
548 switch (pfl->cmd) {
549 case 0xe8: /* Block write */
550 if (cmd == 0xd0) {
551 pfl->wcycle = 0;
552 pfl->status |= 0x80;
05ee37eb
AZ		 553 } else {
554 DPRINTF("%s: unknown command for \"write block\"\n", __func__);
555 PFLASH_BUG("Write block confirm");
7317b8ca 556 goto reset_flash;
05ee37eb 557 }
7317b8ca
AZ		 558 break;
559 default:
560 goto error_flash;
05ee37eb 561 }
12dabc79 562 break;
05ee37eb
AZ		 563 default:
564 /* Should never happen */
565 DPRINTF("%s: invalid write state\n", __func__);
566 goto reset_flash;
567 }
568 return;
569
570 error_flash:
d96fc51c
PC		 571 qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence "
572 "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)"
573 "\n", __func__, offset, pfl->wcycle, pfl->cmd, value);
05ee37eb
AZ		 574
575 reset_flash:
5f9a5ea1 576 memory_region_rom_device_set_romd(&pfl->mem, true);
05ee37eb 577
05ee37eb
AZ		 578 pfl->wcycle = 0;
579 pfl->cmd = 0;
05ee37eb
AZ		 580}
581
582
a8170e5e 583static uint32_t pflash_readb_be(void *opaque, hwaddr addr)
3d08ff69
BS		 584{
585 return pflash_read(opaque, addr, 1, 1);
586}
587
a8170e5e 588static uint32_t pflash_readb_le(void *opaque, hwaddr addr)
3d08ff69
BS		 589{
590 return pflash_read(opaque, addr, 1, 0);
591}
592
a8170e5e 593static uint32_t pflash_readw_be(void *opaque, hwaddr addr)
3d08ff69
BS		 594{
595 pflash_t *pfl = opaque;
596
597 return pflash_read(pfl, addr, 2, 1);
598}
599
a8170e5e 600static uint32_t pflash_readw_le(void *opaque, hwaddr addr)
05ee37eb 601{
3d08ff69
BS		 602 pflash_t *pfl = opaque;
603
604 return pflash_read(pfl, addr, 2, 0);
05ee37eb
AZ		 605}
606
a8170e5e 607static uint32_t pflash_readl_be(void *opaque, hwaddr addr)
05ee37eb 608{
c227f099 609 pflash_t *pfl = opaque;
05ee37eb 610
3d08ff69 611 return pflash_read(pfl, addr, 4, 1);
05ee37eb
AZ		 612}
613
a8170e5e 614static uint32_t pflash_readl_le(void *opaque, hwaddr addr)
05ee37eb 615{
c227f099 616 pflash_t *pfl = opaque;
05ee37eb 617
3d08ff69 618 return pflash_read(pfl, addr, 4, 0);
05ee37eb
AZ		 619}
620
a8170e5e 621static void pflash_writeb_be(void *opaque, hwaddr addr,
3d08ff69 622 uint32_t value)
05ee37eb 623{
3d08ff69 624 pflash_write(opaque, addr, value, 1, 1);
05ee37eb
AZ		 625}
626
a8170e5e 627static void pflash_writeb_le(void *opaque, hwaddr addr,
3d08ff69
BS		 628 uint32_t value)
629{
630 pflash_write(opaque, addr, value, 1, 0);
631}
632
a8170e5e 633static void pflash_writew_be(void *opaque, hwaddr addr,
3d08ff69 634 uint32_t value)
05ee37eb 635{
c227f099 636 pflash_t *pfl = opaque;
05ee37eb 637
3d08ff69 638 pflash_write(pfl, addr, value, 2, 1);
05ee37eb
AZ		 639}
640
a8170e5e 641static void pflash_writew_le(void *opaque, hwaddr addr,
3d08ff69 642 uint32_t value)
05ee37eb 643{
c227f099 644 pflash_t *pfl = opaque;
05ee37eb 645
3d08ff69 646 pflash_write(pfl, addr, value, 2, 0);
05ee37eb
AZ		 647}
648
a8170e5e 649static void pflash_writel_be(void *opaque, hwaddr addr,
3d08ff69
BS		 650 uint32_t value)
651{
652 pflash_t *pfl = opaque;
653
654 pflash_write(pfl, addr, value, 4, 1);
655}
656
a8170e5e 657static void pflash_writel_le(void *opaque, hwaddr addr,
3d08ff69
BS		 658 uint32_t value)
659{
660 pflash_t *pfl = opaque;
661
662 pflash_write(pfl, addr, value, 4, 0);
663}
664
cfe5f011
AK		 665static const MemoryRegionOps pflash_cfi01_ops_be = {
666 .old_mmio = {
667 .read = { pflash_readb_be, pflash_readw_be, pflash_readl_be, },
668 .write = { pflash_writeb_be, pflash_writew_be, pflash_writel_be, },
669 },
670 .endianness = DEVICE_NATIVE_ENDIAN,
05ee37eb
AZ		 671};
672
cfe5f011
AK		 673static const MemoryRegionOps pflash_cfi01_ops_le = {
674 .old_mmio = {
675 .read = { pflash_readb_le, pflash_readw_le, pflash_readl_le, },
676 .write = { pflash_writeb_le, pflash_writew_le, pflash_writel_le, },
677 },
678 .endianness = DEVICE_NATIVE_ENDIAN,
05ee37eb
AZ		 679};
680
e40b5f3e 681static void pflash_cfi01_realize(DeviceState *dev, Error **errp)
05ee37eb 682{
f1b44f0e 683 pflash_t *pfl = CFI_PFLASH01(dev);
368a354f 684 uint64_t total_len;
d0e7605e 685 int ret;
05ee37eb 686
368a354f 687 total_len = pfl->sector_len * pfl->nb_blocs;
05ee37eb
AZ		 688
689 /* XXX: to be fixed */
c8b153d7 690#if 0
05ee37eb
AZ		 691 if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) &&
692 total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024))
693 return NULL;
c8b153d7 694#endif
05ee37eb 695
cfe5f011 696 memory_region_init_rom_device(
2d256e6f 697 &pfl->mem, OBJECT(dev),
2c9b15ca 698 pfl->be ? &pflash_cfi01_ops_be : &pflash_cfi01_ops_le, pfl,
368a354f
PC		 699 pfl->name, total_len);
700 vmstate_register_ram(&pfl->mem, DEVICE(pfl));
cfe5f011 701 pfl->storage = memory_region_get_ram_ptr(&pfl->mem);
e40b5f3e 702 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem);
05ee37eb 703
05ee37eb
AZ		 704 if (pfl->bs) {
705 /* read the initial flash content */
d0e7605e 706 ret = bdrv_read(pfl->bs, 0, pfl->storage, total_len >> 9);
368a354f 707
d0e7605e 708 if (ret < 0) {
368a354f 709 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl));
cfe5f011 710 memory_region_destroy(&pfl->mem);
e40b5f3e
HT		 711 error_setg(errp, "failed to read the initial flash content");
712 return;
d0e7605e 713 }
05ee37eb 714 }
de8efe8f
JJ		 715
716 if (pfl->bs) {
717 pfl->ro = bdrv_is_read_only(pfl->bs);
718 } else {
719 pfl->ro = 0;
720 }
721
fa21a7b1
RF		 722 /* Default to devices being used at their maximum device width. This was
723 * assumed before the device_width support was added.
724 */
725 if (!pfl->max_device_width) {
726 pfl->max_device_width = pfl->device_width;
727 }
728
bc72ad67 729 pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl);
05ee37eb
AZ		 730 pfl->wcycle = 0;
731 pfl->cmd = 0;
732 pfl->status = 0;
05ee37eb
AZ		 733 /* Hardcoded CFI table */
734 pfl->cfi_len = 0x52;
735 /* Standard "QRY" string */
736 pfl->cfi_table[0x10] = 'Q';
737 pfl->cfi_table[0x11] = 'R';
738 pfl->cfi_table[0x12] = 'Y';
739 /* Command set (Intel) */
740 pfl->cfi_table[0x13] = 0x01;
741 pfl->cfi_table[0x14] = 0x00;
742 /* Primary extended table address (none) */
743 pfl->cfi_table[0x15] = 0x31;
744 pfl->cfi_table[0x16] = 0x00;
745 /* Alternate command set (none) */
746 pfl->cfi_table[0x17] = 0x00;
747 pfl->cfi_table[0x18] = 0x00;
748 /* Alternate extended table (none) */
749 pfl->cfi_table[0x19] = 0x00;
750 pfl->cfi_table[0x1A] = 0x00;
751 /* Vcc min */
752 pfl->cfi_table[0x1B] = 0x45;
753 /* Vcc max */
754 pfl->cfi_table[0x1C] = 0x55;
755 /* Vpp min (no Vpp pin) */
756 pfl->cfi_table[0x1D] = 0x00;
757 /* Vpp max (no Vpp pin) */
758 pfl->cfi_table[0x1E] = 0x00;
759 /* Reserved */
760 pfl->cfi_table[0x1F] = 0x07;
761 /* Timeout for min size buffer write */
762 pfl->cfi_table[0x20] = 0x07;
763 /* Typical timeout for block erase */
764 pfl->cfi_table[0x21] = 0x0a;
765 /* Typical timeout for full chip erase (4096 ms) */
766 pfl->cfi_table[0x22] = 0x00;
767 /* Reserved */
768 pfl->cfi_table[0x23] = 0x04;
769 /* Max timeout for buffer write */
770 pfl->cfi_table[0x24] = 0x04;
771 /* Max timeout for block erase */
772 pfl->cfi_table[0x25] = 0x04;
773 /* Max timeout for chip erase */
774 pfl->cfi_table[0x26] = 0x00;
775 /* Device size */
776 pfl->cfi_table[0x27] = ctz32(total_len); // + 1;
777 /* Flash device interface (8 & 16 bits) */
778 pfl->cfi_table[0x28] = 0x02;
779 pfl->cfi_table[0x29] = 0x00;
780 /* Max number of bytes in multi-bytes write */
4b6fedca 781 if (pfl->bank_width == 1) {
4737fa26
EI		 782 pfl->cfi_table[0x2A] = 0x08;
783 } else {
784 pfl->cfi_table[0x2A] = 0x0B;
785 }
b4bf0a9a
EI		 786 pfl->writeblock_size = 1 << pfl->cfi_table[0x2A];
787
05ee37eb
AZ		 788 pfl->cfi_table[0x2B] = 0x00;
789 /* Number of erase block regions (uniform) */
790 pfl->cfi_table[0x2C] = 0x01;
791 /* Erase block region 1 */
368a354f
PC		 792 pfl->cfi_table[0x2D] = pfl->nb_blocs - 1;
793 pfl->cfi_table[0x2E] = (pfl->nb_blocs - 1) >> 8;
794 pfl->cfi_table[0x2F] = pfl->sector_len >> 8;
795 pfl->cfi_table[0x30] = pfl->sector_len >> 16;
05ee37eb
AZ		 796
797 /* Extended */
798 pfl->cfi_table[0x31] = 'P';
799 pfl->cfi_table[0x32] = 'R';
800 pfl->cfi_table[0x33] = 'I';
801
802 pfl->cfi_table[0x34] = '1';
262e1eaa 803 pfl->cfi_table[0x35] = '0';
05ee37eb
AZ		 804
805 pfl->cfi_table[0x36] = 0x00;
806 pfl->cfi_table[0x37] = 0x00;
807 pfl->cfi_table[0x38] = 0x00;
808 pfl->cfi_table[0x39] = 0x00;
809
810 pfl->cfi_table[0x3a] = 0x00;
811
812 pfl->cfi_table[0x3b] = 0x00;
813 pfl->cfi_table[0x3c] = 0x00;
814
262e1eaa 815 pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */
368a354f
PC		 816}
817
818static Property pflash_cfi01_properties[] = {
819 DEFINE_PROP_DRIVE("drive", struct pflash_t, bs),
820 DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0),
821 DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0),
fa21a7b1
RF		 822 /* width here is the overall width of this QEMU device in bytes.
823 * The QEMU device may be emulating a number of flash devices
824 * wired up in parallel; the width of each individual flash
825 * device should be specified via device-width. If the individual
826 * devices have a maximum width which is greater than the width
827 * they are being used for, this maximum width should be set via
828 * max-device-width (which otherwise defaults to device-width).
829 * So for instance a 32-bit wide QEMU flash device made from four
830 * 16-bit flash devices used in 8-bit wide mode would be configured
831 * with width = 4, device-width = 1, max-device-width = 2.
832 *
833 * If device-width is not specified we default to backwards
834 * compatible behaviour which is a bad emulation of two
835 * 16 bit devices making up a 32 bit wide QEMU device. This
836 * is deprecated for new uses of this device.
837 */
4b6fedca 838 DEFINE_PROP_UINT8("width", struct pflash_t, bank_width, 0),
1997b485 839 DEFINE_PROP_UINT8("device-width", struct pflash_t, device_width, 0),
fa21a7b1 840 DEFINE_PROP_UINT8("max-device-width", struct pflash_t, max_device_width, 0),
368a354f
PC		 841 DEFINE_PROP_UINT8("big-endian", struct pflash_t, be, 0),
842 DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0),
843 DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0),
844 DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0),
845 DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0),
846 DEFINE_PROP_STRING("name", struct pflash_t, name),
847 DEFINE_PROP_END_OF_LIST(),
848};
849
850static void pflash_cfi01_class_init(ObjectClass *klass, void *data)
851{
852 DeviceClass *dc = DEVICE_CLASS(klass);
368a354f 853
e40b5f3e 854 dc->realize = pflash_cfi01_realize;
368a354f 855 dc->props = pflash_cfi01_properties;
d8d24fb7 856 dc->vmsd = &vmstate_pflash;
125ee0ed 857 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
368a354f
PC		 858}
859
860
861static const TypeInfo pflash_cfi01_info = {
f1b44f0e 862 .name = TYPE_CFI_PFLASH01,
368a354f
PC		 863 .parent = TYPE_SYS_BUS_DEVICE,
864 .instance_size = sizeof(struct pflash_t),
865 .class_init = pflash_cfi01_class_init,
866};
867
868static void pflash_cfi01_register_types(void)
869{
870 type_register_static(&pflash_cfi01_info);
871}
872
873type_init(pflash_cfi01_register_types)
874
875pflash_t *pflash_cfi01_register(hwaddr base,
876 DeviceState *qdev, const char *name,
877 hwaddr size,
878 BlockDriverState *bs,
4b6fedca
RF		 879 uint32_t sector_len, int nb_blocs,
880 int bank_width, uint16_t id0, uint16_t id1,
368a354f
PC		 881 uint16_t id2, uint16_t id3, int be)
882{
f1b44f0e 883 DeviceState *dev = qdev_create(NULL, TYPE_CFI_PFLASH01);
368a354f
PC		 884
885 if (bs && qdev_prop_set_drive(dev, "drive", bs)) {
886 abort();
887 }
888 qdev_prop_set_uint32(dev, "num-blocks", nb_blocs);
889 qdev_prop_set_uint64(dev, "sector-length", sector_len);
4b6fedca 890 qdev_prop_set_uint8(dev, "width", bank_width);
368a354f
PC		 891 qdev_prop_set_uint8(dev, "big-endian", !!be);
892 qdev_prop_set_uint16(dev, "id0", id0);
893 qdev_prop_set_uint16(dev, "id1", id1);
894 qdev_prop_set_uint16(dev, "id2", id2);
895 qdev_prop_set_uint16(dev, "id3", id3);
896 qdev_prop_set_string(dev, "name", name);
897 qdev_init_nofail(dev);
898
f1b44f0e
HT		 899 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
900 return CFI_PFLASH01(dev);
05ee37eb 901}
cfe5f011
AK		 902
903MemoryRegion *pflash_cfi01_get_memory(pflash_t *fl)
904{
905 return &fl->mem;
906}
QEMU mirror