]> git.proxmox.com Git - mirror_qemu.git/blame - hw/block/pflash_cfi01.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
include/qemu/osdep.h: Don't include qapi/error.h
[mirror_qemu.git] / hw / block / pflash_cfi01.c
CommitLineData
05ee37eb
AZ		 1/*
2 * CFI parallel flash with Intel command set emulation
3 *
4 * Copyright (c) 2006 Thorsten Zitterell
5 * Copyright (c) 2005 Jocelyn Mayer
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
8167ee88 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
05ee37eb
AZ		 19 */
20
21/*
22 * For now, this code can emulate flashes of 1, 2 or 4 bytes width.
23 * Supported commands/modes are:
24 * - flash read
25 * - flash write
26 * - flash ID read
27 * - sector erase
28 * - CFI queries
29 *
30 * It does not support timings
31 * It does not support flash interleaving
32 * It does not implement software data protection as found in many real chips
33 * It does not implement erase suspend/resume commands
34 * It does not implement multiple sectors erase
35 *
36 * It does not implement much more ...
37 */
38
80c71a24 39#include "qemu/osdep.h"
83c9f4ca 40#include "hw/hw.h"
0d09e41a 41#include "hw/block/flash.h"
4be74634 42#include "sysemu/block-backend.h"
da34e65c 43#include "qapi/error.h"
1de7afc9 44#include "qemu/timer.h"
1997b485 45#include "qemu/bitops.h"
022c62cb 46#include "exec/address-spaces.h"
1de7afc9 47#include "qemu/host-utils.h"
83c9f4ca 48#include "hw/sysbus.h"
05ee37eb 49
001faf32 50#define PFLASH_BUG(fmt, ...) \
05ee37eb 51do { \
ec9ea489 52 fprintf(stderr, "PFLASH: Possible BUG - " fmt, ## __VA_ARGS__); \
05ee37eb
AZ		 53 exit(1); \
54} while(0)
55
56/* #define PFLASH_DEBUG */
57#ifdef PFLASH_DEBUG
ec9ea489
PC		 58#define DPRINTF(fmt, ...) \
59do { \
60 fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \
05ee37eb
AZ		 61} while (0)
62#else
001faf32 63#define DPRINTF(fmt, ...) do { } while (0)
05ee37eb
AZ		 64#endif
65
f1b44f0e
HT		 66#define TYPE_CFI_PFLASH01 "cfi.pflash01"
67#define CFI_PFLASH01(obj) OBJECT_CHECK(pflash_t, (obj), TYPE_CFI_PFLASH01)
68
e9809422 69#define PFLASH_BE 0
f71e42a5 70#define PFLASH_SECURE 1
e9809422 71
c227f099 72struct pflash_t {
f1b44f0e
HT		 73 /*< private >*/
74 SysBusDevice parent_obj;
75 /*< public >*/
76
4be74634 77 BlockBackend *blk;
368a354f
PC		 78 uint32_t nb_blocs;
79 uint64_t sector_len;
4b6fedca 80 uint8_t bank_width;
1997b485 81 uint8_t device_width; /* If 0, device width not specified. */
fa21a7b1 82 uint8_t max_device_width; /* max device width in bytes */
e9809422 83 uint32_t features;
d8d24fb7 84 uint8_t wcycle; /* if 0, the flash is read normally */
05ee37eb
AZ		 85 int ro;
86 uint8_t cmd;
87 uint8_t status;
368a354f
PC		 88 uint16_t ident0;
89 uint16_t ident1;
90 uint16_t ident2;
91 uint16_t ident3;
05ee37eb
AZ		 92 uint8_t cfi_len;
93 uint8_t cfi_table[0x52];
d8d24fb7 94 uint64_t counter;
b4bf0a9a 95 unsigned int writeblock_size;
05ee37eb 96 QEMUTimer *timer;
cfe5f011 97 MemoryRegion mem;
368a354f 98 char *name;
05ee37eb
AZ		 99 void *storage;
100};
101
4c0cfc72
LE		 102static int pflash_post_load(void *opaque, int version_id);
103
d8d24fb7
PM		 104static const VMStateDescription vmstate_pflash = {
105 .name = "pflash_cfi01",
106 .version_id = 1,
107 .minimum_version_id = 1,
4c0cfc72 108 .post_load = pflash_post_load,
d8d24fb7
PM		 109 .fields = (VMStateField[]) {
110 VMSTATE_UINT8(wcycle, pflash_t),
111 VMSTATE_UINT8(cmd, pflash_t),
112 VMSTATE_UINT8(status, pflash_t),
113 VMSTATE_UINT64(counter, pflash_t),
114 VMSTATE_END_OF_LIST()
115 }
116};
117
05ee37eb
AZ		 118static void pflash_timer (void *opaque)
119{
c227f099 120 pflash_t *pfl = opaque;
05ee37eb
AZ		 121
122 DPRINTF("%s: command %02x done\n", __func__, pfl->cmd);
123 /* Reset flash */
124 pfl->status ^= 0x80;
5f9a5ea1 125 memory_region_rom_device_set_romd(&pfl->mem, true);
5d79b80b 126 pfl->wcycle = 0;
05ee37eb
AZ		 127 pfl->cmd = 0;
128}
129
4433e660
RF		 130/* Perform a CFI query based on the bank width of the flash.
131 * If this code is called we know we have a device_width set for
132 * this flash.
133 */
134static uint32_t pflash_cfi_query(pflash_t *pfl, hwaddr offset)
135{
136 int i;
137 uint32_t resp = 0;
138 hwaddr boff;
139
140 /* Adjust incoming offset to match expected device-width
141 * addressing. CFI query addresses are always specified in terms of
142 * the maximum supported width of the device. This means that x8
143 * devices and x8/x16 devices in x8 mode behave differently. For
144 * devices that are not used at their max width, we will be
145 * provided with addresses that use higher address bits than
146 * expected (based on the max width), so we will shift them lower
147 * so that they will match the addresses used when
148 * device_width==max_device_width.
149 */
150 boff = offset >> (ctz32(pfl->bank_width) +
151 ctz32(pfl->max_device_width) - ctz32(pfl->device_width));
152
153 if (boff > pfl->cfi_len) {
154 return 0;
155 }
156 /* Now we will construct the CFI response generated by a single
157 * device, then replicate that for all devices that make up the
158 * bus. For wide parts used in x8 mode, CFI query responses
159 * are different than native byte-wide parts.
160 */
161 resp = pfl->cfi_table[boff];
162 if (pfl->device_width != pfl->max_device_width) {
163 /* The only case currently supported is x8 mode for a
164 * wider part.
165 */
166 if (pfl->device_width != 1 || pfl->bank_width > 4) {
167 DPRINTF("%s: Unsupported device configuration: "
168 "device_width=%d, max_device_width=%d\n",
169 __func__, pfl->device_width,
170 pfl->max_device_width);
171 return 0;
172 }
173 /* CFI query data is repeated, rather than zero padded for
174 * wide devices used in x8 mode.
175 */
176 for (i = 1; i < pfl->max_device_width; i++) {
177 resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]);
178 }
179 }
180 /* Replicate responses for each device in bank. */
181 if (pfl->device_width < pfl->bank_width) {
182 for (i = pfl->device_width;
183 i < pfl->bank_width; i += pfl->device_width) {
184 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp);
185 }
186 }
187
188 return resp;
189}
190
0163a2dc
RF		 191
192
193/* Perform a device id query based on the bank width of the flash. */
194static uint32_t pflash_devid_query(pflash_t *pfl, hwaddr offset)
195{
196 int i;
197 uint32_t resp;
198 hwaddr boff;
199
200 /* Adjust incoming offset to match expected device-width
201 * addressing. Device ID read addresses are always specified in
202 * terms of the maximum supported width of the device. This means
203 * that x8 devices and x8/x16 devices in x8 mode behave
204 * differently. For devices that are not used at their max width,
205 * we will be provided with addresses that use higher address bits
206 * than expected (based on the max width), so we will shift them
207 * lower so that they will match the addresses used when
208 * device_width==max_device_width.
209 */
210 boff = offset >> (ctz32(pfl->bank_width) +
211 ctz32(pfl->max_device_width) - ctz32(pfl->device_width));
212
213 /* Mask off upper bits which may be used in to query block
214 * or sector lock status at other addresses.
215 * Offsets 2/3 are block lock status, is not emulated.
216 */
217 switch (boff & 0xFF) {
218 case 0:
219 resp = pfl->ident0;
afeb25f9 220 DPRINTF("%s: Manufacturer Code %04x\n", __func__, resp);
0163a2dc
RF		 221 break;
222 case 1:
223 resp = pfl->ident1;
afeb25f9 224 DPRINTF("%s: Device ID Code %04x\n", __func__, resp);
0163a2dc
RF		 225 break;
226 default:
227 DPRINTF("%s: Read Device Information offset=%x\n", __func__,
228 (unsigned)offset);
229 return 0;
230 break;
231 }
232 /* Replicate responses for each device in bank. */
233 if (pfl->device_width < pfl->bank_width) {
234 for (i = pfl->device_width;
235 i < pfl->bank_width; i += pfl->device_width) {
236 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp);
237 }
238 }
239
240 return resp;
241}
242
f71e42a5
PB		 243static uint32_t pflash_data_read(pflash_t *pfl, hwaddr offset,
244 int width, int be)
245{
246 uint8_t *p;
247 uint32_t ret;
248
249 p = pfl->storage;
250 switch (width) {
251 case 1:
252 ret = p[offset];
253 DPRINTF("%s: data offset " TARGET_FMT_plx " %02x\n",
254 __func__, offset, ret);
255 break;
256 case 2:
257 if (be) {
258 ret = p[offset] << 8;
259 ret |= p[offset + 1];
260 } else {
261 ret = p[offset];
262 ret |= p[offset + 1] << 8;
263 }
264 DPRINTF("%s: data offset " TARGET_FMT_plx " %04x\n",
265 __func__, offset, ret);
266 break;
267 case 4:
268 if (be) {
269 ret = p[offset] << 24;
270 ret |= p[offset + 1] << 16;
271 ret |= p[offset + 2] << 8;
272 ret |= p[offset + 3];
273 } else {
274 ret = p[offset];
275 ret |= p[offset + 1] << 8;
276 ret |= p[offset + 2] << 16;
277 ret |= p[offset + 3] << 24;
278 }
279 DPRINTF("%s: data offset " TARGET_FMT_plx " %08x\n",
280 __func__, offset, ret);
281 break;
282 default:
283 DPRINTF("BUG in %s\n", __func__);
284 abort();
285 }
286 return ret;
287}
288
a8170e5e 289static uint32_t pflash_read (pflash_t *pfl, hwaddr offset,
3d08ff69 290 int width, int be)
05ee37eb 291{
a8170e5e 292 hwaddr boff;
05ee37eb 293 uint32_t ret;
05ee37eb
AZ		 294
295 ret = -1;
05ee37eb 296
fad8c772
EI		 297#if 0
298 DPRINTF("%s: reading offset " TARGET_FMT_plx " under cmd %02x width %d\n",
06adb549 299 __func__, offset, pfl->cmd, width);
fad8c772 300#endif
05ee37eb 301 switch (pfl->cmd) {
1be97bf2
PM		 302 default:
303 /* This should never happen : reset state & treat it as a read */
304 DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd);
305 pfl->wcycle = 0;
306 pfl->cmd = 0;
307 /* fall through to read code */
05ee37eb
AZ		 308 case 0x00:
309 /* Flash area read */
f71e42a5 310 ret = pflash_data_read(pfl, offset, width, be);
05ee37eb 311 break;
6e392787 312 case 0x10: /* Single byte program */
05ee37eb 313 case 0x20: /* Block erase */
6e392787
PM		 314 case 0x28: /* Block erase */
315 case 0x40: /* single byte program */
05ee37eb
AZ		 316 case 0x50: /* Clear status register */
317 case 0x60: /* Block /un)lock */
318 case 0x70: /* Status Register */
319 case 0xe8: /* Write block */
2003889f
RF		 320 /* Status register read. Return status from each device in
321 * bank.
322 */
05ee37eb 323 ret = pfl->status;
2003889f
RF		 324 if (pfl->device_width && width > pfl->device_width) {
325 int shift = pfl->device_width * 8;
326 while (shift + pfl->device_width * 8 <= width * 8) {
327 ret |= pfl->status << shift;
328 shift += pfl->device_width * 8;
329 }
330 } else if (!pfl->device_width && width > 2) {
331 /* Handle 32 bit flash cases where device width is not
332 * set. (Existing behavior before device width added.)
333 */
ea0a4f34
PB		 334 ret |= pfl->status << 16;
335 }
05ee37eb
AZ		 336 DPRINTF("%s: status %x\n", __func__, ret);
337 break;
0b2ec6fc 338 case 0x90:
0163a2dc
RF		 339 if (!pfl->device_width) {
340 /* Preserve old behavior if device width not specified */
341 boff = offset & 0xFF;
342 if (pfl->bank_width == 2) {
343 boff = boff >> 1;
344 } else if (pfl->bank_width == 4) {
345 boff = boff >> 2;
346 }
4433e660 347
0163a2dc
RF		 348 switch (boff) {
349 case 0:
350 ret = pfl->ident0 << 8 | pfl->ident1;
351 DPRINTF("%s: Manufacturer Code %04x\n", __func__, ret);
352 break;
353 case 1:
354 ret = pfl->ident2 << 8 | pfl->ident3;
355 DPRINTF("%s: Device ID Code %04x\n", __func__, ret);
356 break;
357 default:
358 DPRINTF("%s: Read Device Information boff=%x\n", __func__,
359 (unsigned)boff);
360 ret = 0;
361 break;
362 }
363 } else {
364 /* If we have a read larger than the bank_width, combine multiple
365 * manufacturer/device ID queries into a single response.
366 */
367 int i;
368 for (i = 0; i < width; i += pfl->bank_width) {
369 ret = deposit32(ret, i * 8, pfl->bank_width * 8,
370 pflash_devid_query(pfl,
371 offset + i * pfl->bank_width));
372 }
0b2ec6fc
MW		 373 }
374 break;
05ee37eb 375 case 0x98: /* Query mode */
4433e660
RF		 376 if (!pfl->device_width) {
377 /* Preserve old behavior if device width not specified */
378 boff = offset & 0xFF;
379 if (pfl->bank_width == 2) {
380 boff = boff >> 1;
381 } else if (pfl->bank_width == 4) {
382 boff = boff >> 2;
383 }
384
385 if (boff > pfl->cfi_len) {
386 ret = 0;
387 } else {
388 ret = pfl->cfi_table[boff];
389 }
390 } else {
391 /* If we have a read larger than the bank_width, combine multiple
392 * CFI queries into a single response.
393 */
394 int i;
395 for (i = 0; i < width; i += pfl->bank_width) {
396 ret = deposit32(ret, i * 8, pfl->bank_width * 8,
397 pflash_cfi_query(pfl,
398 offset + i * pfl->bank_width));
399 }
400 }
401
05ee37eb 402 break;
05ee37eb
AZ		 403 }
404 return ret;
405}
406
407/* update flash content on disk */
c227f099 408static void pflash_update(pflash_t *pfl, int offset,
05ee37eb
AZ		 409 int size)
410{
411 int offset_end;
4be74634 412 if (pfl->blk) {
05ee37eb
AZ		 413 offset_end = offset + size;
414 /* round to sectors */
415 offset = offset >> 9;
416 offset_end = (offset_end + 511) >> 9;
4be74634
MA		 417 blk_write(pfl->blk, offset, pfl->storage + (offset << 9),
418 offset_end - offset);
05ee37eb
AZ		 419 }
420}
421
a8170e5e 422static inline void pflash_data_write(pflash_t *pfl, hwaddr offset,
3d08ff69 423 uint32_t value, int width, int be)
d361be25
AZ		 424{
425 uint8_t *p = pfl->storage;
426
fad8c772 427 DPRINTF("%s: block write offset " TARGET_FMT_plx
d8d24fb7 428 " value %x counter %016" PRIx64 "\n",
d361be25
AZ		 429 __func__, offset, value, pfl->counter);
430 switch (width) {
431 case 1:
432 p[offset] = value;
d361be25
AZ		 433 break;
434 case 2:
3d08ff69
BS		 435 if (be) {
436 p[offset] = value >> 8;
437 p[offset + 1] = value;
438 } else {
439 p[offset] = value;
440 p[offset + 1] = value >> 8;
441 }
d361be25
AZ		 442 break;
443 case 4:
3d08ff69
BS		 444 if (be) {
445 p[offset] = value >> 24;
446 p[offset + 1] = value >> 16;
447 p[offset + 2] = value >> 8;
448 p[offset + 3] = value;
449 } else {
450 p[offset] = value;
451 p[offset + 1] = value >> 8;
452 p[offset + 2] = value >> 16;
453 p[offset + 3] = value >> 24;
454 }
d361be25
AZ		 455 break;
456 }
457
458}
459
a8170e5e 460static void pflash_write(pflash_t *pfl, hwaddr offset,
3d08ff69 461 uint32_t value, int width, int be)
05ee37eb 462{
05ee37eb
AZ		 463 uint8_t *p;
464 uint8_t cmd;
465
05ee37eb 466 cmd = value;
05ee37eb 467
fad8c772 468 DPRINTF("%s: writing offset " TARGET_FMT_plx " value %08x width %d wcycle 0x%x\n",
c8b153d7 469 __func__, offset, value, width, pfl->wcycle);
05ee37eb 470
e9cbbcac
EI		 471 if (!pfl->wcycle) {
472 /* Set the device in I/O access mode */
5f9a5ea1 473 memory_region_rom_device_set_romd(&pfl->mem, false);
e9cbbcac 474 }
05ee37eb
AZ		 475
476 switch (pfl->wcycle) {
477 case 0:
478 /* read mode */
479 switch (cmd) {
480 case 0x00: /* ??? */
481 goto reset_flash;
d361be25
AZ		 482 case 0x10: /* Single Byte Program */
483 case 0x40: /* Single Byte Program */
fad8c772 484 DPRINTF("%s: Single Byte Program\n", __func__);
d361be25 485 break;
05ee37eb
AZ		 486 case 0x20: /* Block erase */
487 p = pfl->storage;
488 offset &= ~(pfl->sector_len - 1);
489
368a354f
PC		 490 DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n",
491 __func__, offset, (unsigned)pfl->sector_len);
05ee37eb 492
de8efe8f
JJ		 493 if (!pfl->ro) {
494 memset(p + offset, 0xff, pfl->sector_len);
495 pflash_update(pfl, offset, pfl->sector_len);
496 } else {
497 pfl->status |= 0x20; /* Block erase error */
498 }
05ee37eb
AZ		 499 pfl->status |= 0x80; /* Ready! */
500 break;
501 case 0x50: /* Clear status bits */
502 DPRINTF("%s: Clear status bits\n", __func__);
503 pfl->status = 0x0;
504 goto reset_flash;
505 case 0x60: /* Block (un)lock */
506 DPRINTF("%s: Block unlock\n", __func__);
507 break;
508 case 0x70: /* Status Register */
509 DPRINTF("%s: Read status register\n", __func__);
510 pfl->cmd = cmd;
511 return;
0b2ec6fc
MW		 512 case 0x90: /* Read Device ID */
513 DPRINTF("%s: Read Device information\n", __func__);
514 pfl->cmd = cmd;
515 return;
05ee37eb
AZ		 516 case 0x98: /* CFI query */
517 DPRINTF("%s: CFI query\n", __func__);
518 break;
519 case 0xe8: /* Write to buffer */
520 DPRINTF("%s: Write to buffer\n", __func__);
521 pfl->status |= 0x80; /* Ready! */
522 break;
5928023c
SW		 523 case 0xf0: /* Probe for AMD flash */
524 DPRINTF("%s: Probe for AMD flash\n", __func__);
525 goto reset_flash;
05ee37eb
AZ		 526 case 0xff: /* Read array mode */
527 DPRINTF("%s: Read array mode\n", __func__);
528 goto reset_flash;
529 default:
530 goto error_flash;
531 }
532 pfl->wcycle++;
533 pfl->cmd = cmd;
12dabc79 534 break;
05ee37eb
AZ		 535 case 1:
536 switch (pfl->cmd) {
d361be25
AZ		 537 case 0x10: /* Single Byte Program */
538 case 0x40: /* Single Byte Program */
539 DPRINTF("%s: Single Byte Program\n", __func__);
de8efe8f
JJ		 540 if (!pfl->ro) {
541 pflash_data_write(pfl, offset, value, width, be);
542 pflash_update(pfl, offset, width);
543 } else {
544 pfl->status |= 0x10; /* Programming error */
545 }
d361be25
AZ		 546 pfl->status |= 0x80; /* Ready! */
547 pfl->wcycle = 0;
548 break;
05ee37eb
AZ		 549 case 0x20: /* Block erase */
550 case 0x28:
551 if (cmd == 0xd0) { /* confirm */
3656744c 552 pfl->wcycle = 0;
05ee37eb 553 pfl->status |= 0x80;
9248f413 554 } else if (cmd == 0xff) { /* read array mode */
05ee37eb
AZ		 555 goto reset_flash;
556 } else
557 goto error_flash;
558
559 break;
560 case 0xe8:
1997b485
RF		 561 /* Mask writeblock size based on device width, or bank width if
562 * device width not specified.
563 */
564 if (pfl->device_width) {
565 value = extract32(value, 0, pfl->device_width * 8);
566 } else {
567 value = extract32(value, 0, pfl->bank_width * 8);
568 }
71fb2348
AZ		 569 DPRINTF("%s: block write of %x bytes\n", __func__, value);
570 pfl->counter = value;
05ee37eb
AZ		 571 pfl->wcycle++;
572 break;
573 case 0x60:
574 if (cmd == 0xd0) {
575 pfl->wcycle = 0;
576 pfl->status |= 0x80;
577 } else if (cmd == 0x01) {
578 pfl->wcycle = 0;
579 pfl->status |= 0x80;
580 } else if (cmd == 0xff) {
581 goto reset_flash;
582 } else {
583 DPRINTF("%s: Unknown (un)locking command\n", __func__);
584 goto reset_flash;
585 }
586 break;
587 case 0x98:
588 if (cmd == 0xff) {
589 goto reset_flash;
590 } else {
591 DPRINTF("%s: leaving query mode\n", __func__);
592 }
593 break;
594 default:
595 goto error_flash;
596 }
12dabc79 597 break;
05ee37eb
AZ		 598 case 2:
599 switch (pfl->cmd) {
600 case 0xe8: /* Block write */
de8efe8f
JJ		 601 if (!pfl->ro) {
602 pflash_data_write(pfl, offset, value, width, be);
603 } else {
604 pfl->status |= 0x10; /* Programming error */
605 }
05ee37eb
AZ		 606
607 pfl->status |= 0x80;
608
609 if (!pfl->counter) {
a8170e5e 610 hwaddr mask = pfl->writeblock_size - 1;
b4bf0a9a
EI		 611 mask = ~mask;
612
05ee37eb
AZ		 613 DPRINTF("%s: block write finished\n", __func__);
614 pfl->wcycle++;
de8efe8f
JJ		 615 if (!pfl->ro) {
616 /* Flush the entire write buffer onto backing storage. */
617 pflash_update(pfl, offset & mask, pfl->writeblock_size);
618 } else {
619 pfl->status |= 0x10; /* Programming error */
620 }
05ee37eb
AZ		 621 }
622
623 pfl->counter--;
624 break;
7317b8ca
AZ		 625 default:
626 goto error_flash;
05ee37eb 627 }
12dabc79 628 break;
05ee37eb
AZ		 629 case 3: /* Confirm mode */
630 switch (pfl->cmd) {
631 case 0xe8: /* Block write */
632 if (cmd == 0xd0) {
633 pfl->wcycle = 0;
634 pfl->status |= 0x80;
05ee37eb
AZ		 635 } else {
636 DPRINTF("%s: unknown command for \"write block\"\n", __func__);
637 PFLASH_BUG("Write block confirm");
7317b8ca 638 goto reset_flash;
05ee37eb 639 }
7317b8ca
AZ		 640 break;
641 default:
642 goto error_flash;
05ee37eb 643 }
12dabc79 644 break;
05ee37eb
AZ		 645 default:
646 /* Should never happen */
647 DPRINTF("%s: invalid write state\n", __func__);
648 goto reset_flash;
649 }
650 return;
651
652 error_flash:
d96fc51c
PC		 653 qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence "
654 "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)"
655 "\n", __func__, offset, pfl->wcycle, pfl->cmd, value);
05ee37eb
AZ		 656
657 reset_flash:
5f9a5ea1 658 memory_region_rom_device_set_romd(&pfl->mem, true);
05ee37eb 659
05ee37eb
AZ		 660 pfl->wcycle = 0;
661 pfl->cmd = 0;
05ee37eb
AZ		 662}
663
664
f71e42a5
PB		 665static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value,
666 unsigned len, MemTxAttrs attrs)
3d08ff69
BS		 667{
668 pflash_t *pfl = opaque;
5aa113f0 669 bool be = !!(pfl->features & (1 << PFLASH_BE));
3d08ff69 670
f71e42a5
PB		 671 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) {
672 *value = pflash_data_read(opaque, addr, len, be);
673 } else {
674 *value = pflash_read(opaque, addr, len, be);
675 }
676 return MEMTX_OK;
3d08ff69
BS		 677}
678
f71e42a5
PB		 679static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value,
680 unsigned len, MemTxAttrs attrs)
05ee37eb 681{
3d08ff69 682 pflash_t *pfl = opaque;
5aa113f0 683 bool be = !!(pfl->features & (1 << PFLASH_BE));
3d08ff69 684
f71e42a5
PB		 685 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) {
686 return MEMTX_ERROR;
687 } else {
688 pflash_write(opaque, addr, value, len, be);
689 return MEMTX_OK;
690 }
05ee37eb
AZ		 691}
692
5aa113f0 693static const MemoryRegionOps pflash_cfi01_ops = {
f71e42a5
PB		 694 .read_with_attrs = pflash_mem_read_with_attrs,
695 .write_with_attrs = pflash_mem_write_with_attrs,
cfe5f011 696 .endianness = DEVICE_NATIVE_ENDIAN,
05ee37eb
AZ		 697};
698
e40b5f3e 699static void pflash_cfi01_realize(DeviceState *dev, Error **errp)
05ee37eb 700{
f1b44f0e 701 pflash_t *pfl = CFI_PFLASH01(dev);
368a354f 702 uint64_t total_len;
d0e7605e 703 int ret;
a0289b8a
PM		 704 uint64_t blocks_per_device, device_len;
705 int num_devices;
33e0eb52 706 Error *local_err = NULL;
05ee37eb 707
368a354f 708 total_len = pfl->sector_len * pfl->nb_blocs;
05ee37eb 709
a0289b8a
PM		 710 /* These are only used to expose the parameters of each device
711 * in the cfi_table[].
712 */
713 num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1;
714 blocks_per_device = pfl->nb_blocs / num_devices;
715 device_len = pfl->sector_len * blocks_per_device;
716
05ee37eb 717 /* XXX: to be fixed */
c8b153d7 718#if 0
05ee37eb
AZ		 719 if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) &&
720 total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024))
721 return NULL;
c8b153d7 722#endif
05ee37eb 723
cfe5f011 724 memory_region_init_rom_device(
2d256e6f 725 &pfl->mem, OBJECT(dev),
5aa113f0 726 &pflash_cfi01_ops,
e9809422 727 pfl,
33e0eb52
HT		 728 pfl->name, total_len, &local_err);
729 if (local_err) {
730 error_propagate(errp, local_err);
731 return;
732 }
733
368a354f 734 vmstate_register_ram(&pfl->mem, DEVICE(pfl));
cfe5f011 735 pfl->storage = memory_region_get_ram_ptr(&pfl->mem);
e40b5f3e 736 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem);
05ee37eb 737
4be74634 738 if (pfl->blk) {
05ee37eb 739 /* read the initial flash content */
4be74634 740 ret = blk_read(pfl->blk, 0, pfl->storage, total_len >> 9);
368a354f 741
d0e7605e 742 if (ret < 0) {
368a354f 743 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl));
e40b5f3e
HT		 744 error_setg(errp, "failed to read the initial flash content");
745 return;
d0e7605e 746 }
05ee37eb 747 }
de8efe8f 748
4be74634
MA		 749 if (pfl->blk) {
750 pfl->ro = blk_is_read_only(pfl->blk);
de8efe8f
JJ		 751 } else {
752 pfl->ro = 0;
753 }
754
fa21a7b1
RF		 755 /* Default to devices being used at their maximum device width. This was
756 * assumed before the device_width support was added.
757 */
758 if (!pfl->max_device_width) {
759 pfl->max_device_width = pfl->device_width;
760 }
761
bc72ad67 762 pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl);
05ee37eb
AZ		 763 pfl->wcycle = 0;
764 pfl->cmd = 0;
765 pfl->status = 0;
05ee37eb
AZ		 766 /* Hardcoded CFI table */
767 pfl->cfi_len = 0x52;
768 /* Standard "QRY" string */
769 pfl->cfi_table[0x10] = 'Q';
770 pfl->cfi_table[0x11] = 'R';
771 pfl->cfi_table[0x12] = 'Y';
772 /* Command set (Intel) */
773 pfl->cfi_table[0x13] = 0x01;
774 pfl->cfi_table[0x14] = 0x00;
775 /* Primary extended table address (none) */
776 pfl->cfi_table[0x15] = 0x31;
777 pfl->cfi_table[0x16] = 0x00;
778 /* Alternate command set (none) */
779 pfl->cfi_table[0x17] = 0x00;
780 pfl->cfi_table[0x18] = 0x00;
781 /* Alternate extended table (none) */
782 pfl->cfi_table[0x19] = 0x00;
783 pfl->cfi_table[0x1A] = 0x00;
784 /* Vcc min */
785 pfl->cfi_table[0x1B] = 0x45;
786 /* Vcc max */
787 pfl->cfi_table[0x1C] = 0x55;
788 /* Vpp min (no Vpp pin) */
789 pfl->cfi_table[0x1D] = 0x00;
790 /* Vpp max (no Vpp pin) */
791 pfl->cfi_table[0x1E] = 0x00;
792 /* Reserved */
793 pfl->cfi_table[0x1F] = 0x07;
794 /* Timeout for min size buffer write */
795 pfl->cfi_table[0x20] = 0x07;
796 /* Typical timeout for block erase */
797 pfl->cfi_table[0x21] = 0x0a;
798 /* Typical timeout for full chip erase (4096 ms) */
799 pfl->cfi_table[0x22] = 0x00;
800 /* Reserved */
801 pfl->cfi_table[0x23] = 0x04;
802 /* Max timeout for buffer write */
803 pfl->cfi_table[0x24] = 0x04;
804 /* Max timeout for block erase */
805 pfl->cfi_table[0x25] = 0x04;
806 /* Max timeout for chip erase */
807 pfl->cfi_table[0x26] = 0x00;
808 /* Device size */
a0289b8a 809 pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */
05ee37eb
AZ		 810 /* Flash device interface (8 & 16 bits) */
811 pfl->cfi_table[0x28] = 0x02;
812 pfl->cfi_table[0x29] = 0x00;
813 /* Max number of bytes in multi-bytes write */
4b6fedca 814 if (pfl->bank_width == 1) {
4737fa26
EI		 815 pfl->cfi_table[0x2A] = 0x08;
816 } else {
817 pfl->cfi_table[0x2A] = 0x0B;
818 }
b4bf0a9a
EI		 819 pfl->writeblock_size = 1 << pfl->cfi_table[0x2A];
820
05ee37eb
AZ		 821 pfl->cfi_table[0x2B] = 0x00;
822 /* Number of erase block regions (uniform) */
823 pfl->cfi_table[0x2C] = 0x01;
824 /* Erase block region 1 */
a0289b8a
PM		 825 pfl->cfi_table[0x2D] = blocks_per_device - 1;
826 pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8;
368a354f
PC		 827 pfl->cfi_table[0x2F] = pfl->sector_len >> 8;
828 pfl->cfi_table[0x30] = pfl->sector_len >> 16;
05ee37eb
AZ		 829
830 /* Extended */
831 pfl->cfi_table[0x31] = 'P';
832 pfl->cfi_table[0x32] = 'R';
833 pfl->cfi_table[0x33] = 'I';
834
835 pfl->cfi_table[0x34] = '1';
262e1eaa 836 pfl->cfi_table[0x35] = '0';
05ee37eb
AZ		 837
838 pfl->cfi_table[0x36] = 0x00;
839 pfl->cfi_table[0x37] = 0x00;
840 pfl->cfi_table[0x38] = 0x00;
841 pfl->cfi_table[0x39] = 0x00;
842
843 pfl->cfi_table[0x3a] = 0x00;
844
845 pfl->cfi_table[0x3b] = 0x00;
846 pfl->cfi_table[0x3c] = 0x00;
847
262e1eaa 848 pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */
368a354f
PC		 849}
850
851static Property pflash_cfi01_properties[] = {
4be74634 852 DEFINE_PROP_DRIVE("drive", struct pflash_t, blk),
a0289b8a
PM		 853 /* num-blocks is the number of blocks actually visible to the guest,
854 * ie the total size of the device divided by the sector length.
855 * If we're emulating flash devices wired in parallel the actual
856 * number of blocks per indvidual device will differ.
857 */
368a354f
PC		 858 DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0),
859 DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0),
fa21a7b1
RF		 860 /* width here is the overall width of this QEMU device in bytes.
861 * The QEMU device may be emulating a number of flash devices
862 * wired up in parallel; the width of each individual flash
863 * device should be specified via device-width. If the individual
864 * devices have a maximum width which is greater than the width
865 * they are being used for, this maximum width should be set via
866 * max-device-width (which otherwise defaults to device-width).
867 * So for instance a 32-bit wide QEMU flash device made from four
868 * 16-bit flash devices used in 8-bit wide mode would be configured
869 * with width = 4, device-width = 1, max-device-width = 2.
870 *
871 * If device-width is not specified we default to backwards
872 * compatible behaviour which is a bad emulation of two
873 * 16 bit devices making up a 32 bit wide QEMU device. This
874 * is deprecated for new uses of this device.
875 */
4b6fedca 876 DEFINE_PROP_UINT8("width", struct pflash_t, bank_width, 0),
1997b485 877 DEFINE_PROP_UINT8("device-width", struct pflash_t, device_width, 0),
fa21a7b1 878 DEFINE_PROP_UINT8("max-device-width", struct pflash_t, max_device_width, 0),
e9809422 879 DEFINE_PROP_BIT("big-endian", struct pflash_t, features, PFLASH_BE, 0),
f71e42a5 880 DEFINE_PROP_BIT("secure", struct pflash_t, features, PFLASH_SECURE, 0),
368a354f
PC		 881 DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0),
882 DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0),
883 DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0),
884 DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0),
885 DEFINE_PROP_STRING("name", struct pflash_t, name),
886 DEFINE_PROP_END_OF_LIST(),
887};
888
889static void pflash_cfi01_class_init(ObjectClass *klass, void *data)
890{
891 DeviceClass *dc = DEVICE_CLASS(klass);
368a354f 892
e40b5f3e 893 dc->realize = pflash_cfi01_realize;
368a354f 894 dc->props = pflash_cfi01_properties;
d8d24fb7 895 dc->vmsd = &vmstate_pflash;
125ee0ed 896 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
368a354f
PC		 897}
898
899
900static const TypeInfo pflash_cfi01_info = {
f1b44f0e 901 .name = TYPE_CFI_PFLASH01,
368a354f
PC		 902 .parent = TYPE_SYS_BUS_DEVICE,
903 .instance_size = sizeof(struct pflash_t),
904 .class_init = pflash_cfi01_class_init,
905};
906
907static void pflash_cfi01_register_types(void)
908{
909 type_register_static(&pflash_cfi01_info);
910}
911
912type_init(pflash_cfi01_register_types)
913
914pflash_t *pflash_cfi01_register(hwaddr base,
915 DeviceState *qdev, const char *name,
916 hwaddr size,
4be74634 917 BlockBackend *blk,
4b6fedca
RF		 918 uint32_t sector_len, int nb_blocs,
919 int bank_width, uint16_t id0, uint16_t id1,
368a354f
PC		 920 uint16_t id2, uint16_t id3, int be)
921{
f1b44f0e 922 DeviceState *dev = qdev_create(NULL, TYPE_CFI_PFLASH01);
368a354f 923
9b3d111a
MA		 924 if (blk) {
925 qdev_prop_set_drive(dev, "drive", blk, &error_abort);
368a354f
PC		 926 }
927 qdev_prop_set_uint32(dev, "num-blocks", nb_blocs);
928 qdev_prop_set_uint64(dev, "sector-length", sector_len);
4b6fedca 929 qdev_prop_set_uint8(dev, "width", bank_width);
e9809422 930 qdev_prop_set_bit(dev, "big-endian", !!be);
368a354f
PC		 931 qdev_prop_set_uint16(dev, "id0", id0);
932 qdev_prop_set_uint16(dev, "id1", id1);
933 qdev_prop_set_uint16(dev, "id2", id2);
934 qdev_prop_set_uint16(dev, "id3", id3);
935 qdev_prop_set_string(dev, "name", name);
936 qdev_init_nofail(dev);
937
f1b44f0e
HT		 938 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
939 return CFI_PFLASH01(dev);
05ee37eb 940}
cfe5f011
AK		 941
942MemoryRegion *pflash_cfi01_get_memory(pflash_t *fl)
943{
944 return &fl->mem;
945}
4c0cfc72
LE		 946
947static int pflash_post_load(void *opaque, int version_id)
948{
949 pflash_t *pfl = opaque;
950
951 if (!pfl->ro) {
952 DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name);
953 pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs);
954 }
955 return 0;
956}
QEMU mirror