]>
Commit | Line | Data |
---|---|---|
05ee37eb AZ |
1 | /* |
2 | * CFI parallel flash with Intel command set emulation | |
3 | * | |
4 | * Copyright (c) 2006 Thorsten Zitterell | |
5 | * Copyright (c) 2005 Jocelyn Mayer | |
6 | * | |
7 | * This library is free software; you can redistribute it and/or | |
8 | * modify it under the terms of the GNU Lesser General Public | |
9 | * License as published by the Free Software Foundation; either | |
10 | * version 2 of the License, or (at your option) any later version. | |
11 | * | |
12 | * This library is distributed in the hope that it will be useful, | |
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | * Lesser General Public License for more details. | |
16 | * | |
17 | * You should have received a copy of the GNU Lesser General Public | |
8167ee88 | 18 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. |
05ee37eb AZ |
19 | */ |
20 | ||
21 | /* | |
22 | * For now, this code can emulate flashes of 1, 2 or 4 bytes width. | |
23 | * Supported commands/modes are: | |
24 | * - flash read | |
25 | * - flash write | |
26 | * - flash ID read | |
27 | * - sector erase | |
28 | * - CFI queries | |
29 | * | |
30 | * It does not support timings | |
31 | * It does not support flash interleaving | |
32 | * It does not implement software data protection as found in many real chips | |
33 | * It does not implement erase suspend/resume commands | |
34 | * It does not implement multiple sectors erase | |
35 | * | |
36 | * It does not implement much more ... | |
37 | */ | |
38 | ||
80c71a24 | 39 | #include "qemu/osdep.h" |
83c9f4ca | 40 | #include "hw/hw.h" |
0d09e41a | 41 | #include "hw/block/flash.h" |
4be74634 | 42 | #include "sysemu/block-backend.h" |
da34e65c | 43 | #include "qapi/error.h" |
1de7afc9 | 44 | #include "qemu/timer.h" |
1997b485 | 45 | #include "qemu/bitops.h" |
022c62cb | 46 | #include "exec/address-spaces.h" |
1de7afc9 | 47 | #include "qemu/host-utils.h" |
83c9f4ca | 48 | #include "hw/sysbus.h" |
05ee37eb | 49 | |
001faf32 | 50 | #define PFLASH_BUG(fmt, ...) \ |
05ee37eb | 51 | do { \ |
ec9ea489 | 52 | fprintf(stderr, "PFLASH: Possible BUG - " fmt, ## __VA_ARGS__); \ |
05ee37eb AZ |
53 | exit(1); \ |
54 | } while(0) | |
55 | ||
56 | /* #define PFLASH_DEBUG */ | |
57 | #ifdef PFLASH_DEBUG | |
ec9ea489 PC |
58 | #define DPRINTF(fmt, ...) \ |
59 | do { \ | |
60 | fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \ | |
05ee37eb AZ |
61 | } while (0) |
62 | #else | |
001faf32 | 63 | #define DPRINTF(fmt, ...) do { } while (0) |
05ee37eb AZ |
64 | #endif |
65 | ||
f1b44f0e HT |
66 | #define TYPE_CFI_PFLASH01 "cfi.pflash01" |
67 | #define CFI_PFLASH01(obj) OBJECT_CHECK(pflash_t, (obj), TYPE_CFI_PFLASH01) | |
68 | ||
e9809422 | 69 | #define PFLASH_BE 0 |
f71e42a5 | 70 | #define PFLASH_SECURE 1 |
e9809422 | 71 | |
c227f099 | 72 | struct pflash_t { |
f1b44f0e HT |
73 | /*< private >*/ |
74 | SysBusDevice parent_obj; | |
75 | /*< public >*/ | |
76 | ||
4be74634 | 77 | BlockBackend *blk; |
368a354f PC |
78 | uint32_t nb_blocs; |
79 | uint64_t sector_len; | |
4b6fedca | 80 | uint8_t bank_width; |
1997b485 | 81 | uint8_t device_width; /* If 0, device width not specified. */ |
fa21a7b1 | 82 | uint8_t max_device_width; /* max device width in bytes */ |
e9809422 | 83 | uint32_t features; |
d8d24fb7 | 84 | uint8_t wcycle; /* if 0, the flash is read normally */ |
05ee37eb AZ |
85 | int ro; |
86 | uint8_t cmd; | |
87 | uint8_t status; | |
368a354f PC |
88 | uint16_t ident0; |
89 | uint16_t ident1; | |
90 | uint16_t ident2; | |
91 | uint16_t ident3; | |
05ee37eb AZ |
92 | uint8_t cfi_len; |
93 | uint8_t cfi_table[0x52]; | |
d8d24fb7 | 94 | uint64_t counter; |
b4bf0a9a | 95 | unsigned int writeblock_size; |
05ee37eb | 96 | QEMUTimer *timer; |
cfe5f011 | 97 | MemoryRegion mem; |
368a354f | 98 | char *name; |
05ee37eb AZ |
99 | void *storage; |
100 | }; | |
101 | ||
4c0cfc72 LE |
102 | static int pflash_post_load(void *opaque, int version_id); |
103 | ||
d8d24fb7 PM |
104 | static const VMStateDescription vmstate_pflash = { |
105 | .name = "pflash_cfi01", | |
106 | .version_id = 1, | |
107 | .minimum_version_id = 1, | |
4c0cfc72 | 108 | .post_load = pflash_post_load, |
d8d24fb7 PM |
109 | .fields = (VMStateField[]) { |
110 | VMSTATE_UINT8(wcycle, pflash_t), | |
111 | VMSTATE_UINT8(cmd, pflash_t), | |
112 | VMSTATE_UINT8(status, pflash_t), | |
113 | VMSTATE_UINT64(counter, pflash_t), | |
114 | VMSTATE_END_OF_LIST() | |
115 | } | |
116 | }; | |
117 | ||
05ee37eb AZ |
118 | static void pflash_timer (void *opaque) |
119 | { | |
c227f099 | 120 | pflash_t *pfl = opaque; |
05ee37eb AZ |
121 | |
122 | DPRINTF("%s: command %02x done\n", __func__, pfl->cmd); | |
123 | /* Reset flash */ | |
124 | pfl->status ^= 0x80; | |
5f9a5ea1 | 125 | memory_region_rom_device_set_romd(&pfl->mem, true); |
5d79b80b | 126 | pfl->wcycle = 0; |
05ee37eb AZ |
127 | pfl->cmd = 0; |
128 | } | |
129 | ||
4433e660 RF |
130 | /* Perform a CFI query based on the bank width of the flash. |
131 | * If this code is called we know we have a device_width set for | |
132 | * this flash. | |
133 | */ | |
134 | static uint32_t pflash_cfi_query(pflash_t *pfl, hwaddr offset) | |
135 | { | |
136 | int i; | |
137 | uint32_t resp = 0; | |
138 | hwaddr boff; | |
139 | ||
140 | /* Adjust incoming offset to match expected device-width | |
141 | * addressing. CFI query addresses are always specified in terms of | |
142 | * the maximum supported width of the device. This means that x8 | |
143 | * devices and x8/x16 devices in x8 mode behave differently. For | |
144 | * devices that are not used at their max width, we will be | |
145 | * provided with addresses that use higher address bits than | |
146 | * expected (based on the max width), so we will shift them lower | |
147 | * so that they will match the addresses used when | |
148 | * device_width==max_device_width. | |
149 | */ | |
150 | boff = offset >> (ctz32(pfl->bank_width) + | |
151 | ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); | |
152 | ||
153 | if (boff > pfl->cfi_len) { | |
154 | return 0; | |
155 | } | |
156 | /* Now we will construct the CFI response generated by a single | |
157 | * device, then replicate that for all devices that make up the | |
158 | * bus. For wide parts used in x8 mode, CFI query responses | |
159 | * are different than native byte-wide parts. | |
160 | */ | |
161 | resp = pfl->cfi_table[boff]; | |
162 | if (pfl->device_width != pfl->max_device_width) { | |
163 | /* The only case currently supported is x8 mode for a | |
164 | * wider part. | |
165 | */ | |
166 | if (pfl->device_width != 1 || pfl->bank_width > 4) { | |
167 | DPRINTF("%s: Unsupported device configuration: " | |
168 | "device_width=%d, max_device_width=%d\n", | |
169 | __func__, pfl->device_width, | |
170 | pfl->max_device_width); | |
171 | return 0; | |
172 | } | |
173 | /* CFI query data is repeated, rather than zero padded for | |
174 | * wide devices used in x8 mode. | |
175 | */ | |
176 | for (i = 1; i < pfl->max_device_width; i++) { | |
177 | resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]); | |
178 | } | |
179 | } | |
180 | /* Replicate responses for each device in bank. */ | |
181 | if (pfl->device_width < pfl->bank_width) { | |
182 | for (i = pfl->device_width; | |
183 | i < pfl->bank_width; i += pfl->device_width) { | |
184 | resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); | |
185 | } | |
186 | } | |
187 | ||
188 | return resp; | |
189 | } | |
190 | ||
0163a2dc RF |
191 | |
192 | ||
193 | /* Perform a device id query based on the bank width of the flash. */ | |
194 | static uint32_t pflash_devid_query(pflash_t *pfl, hwaddr offset) | |
195 | { | |
196 | int i; | |
197 | uint32_t resp; | |
198 | hwaddr boff; | |
199 | ||
200 | /* Adjust incoming offset to match expected device-width | |
201 | * addressing. Device ID read addresses are always specified in | |
202 | * terms of the maximum supported width of the device. This means | |
203 | * that x8 devices and x8/x16 devices in x8 mode behave | |
204 | * differently. For devices that are not used at their max width, | |
205 | * we will be provided with addresses that use higher address bits | |
206 | * than expected (based on the max width), so we will shift them | |
207 | * lower so that they will match the addresses used when | |
208 | * device_width==max_device_width. | |
209 | */ | |
210 | boff = offset >> (ctz32(pfl->bank_width) + | |
211 | ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); | |
212 | ||
213 | /* Mask off upper bits which may be used in to query block | |
214 | * or sector lock status at other addresses. | |
215 | * Offsets 2/3 are block lock status, is not emulated. | |
216 | */ | |
217 | switch (boff & 0xFF) { | |
218 | case 0: | |
219 | resp = pfl->ident0; | |
afeb25f9 | 220 | DPRINTF("%s: Manufacturer Code %04x\n", __func__, resp); |
0163a2dc RF |
221 | break; |
222 | case 1: | |
223 | resp = pfl->ident1; | |
afeb25f9 | 224 | DPRINTF("%s: Device ID Code %04x\n", __func__, resp); |
0163a2dc RF |
225 | break; |
226 | default: | |
227 | DPRINTF("%s: Read Device Information offset=%x\n", __func__, | |
228 | (unsigned)offset); | |
229 | return 0; | |
230 | break; | |
231 | } | |
232 | /* Replicate responses for each device in bank. */ | |
233 | if (pfl->device_width < pfl->bank_width) { | |
234 | for (i = pfl->device_width; | |
235 | i < pfl->bank_width; i += pfl->device_width) { | |
236 | resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); | |
237 | } | |
238 | } | |
239 | ||
240 | return resp; | |
241 | } | |
242 | ||
f71e42a5 PB |
243 | static uint32_t pflash_data_read(pflash_t *pfl, hwaddr offset, |
244 | int width, int be) | |
245 | { | |
246 | uint8_t *p; | |
247 | uint32_t ret; | |
248 | ||
249 | p = pfl->storage; | |
250 | switch (width) { | |
251 | case 1: | |
252 | ret = p[offset]; | |
253 | DPRINTF("%s: data offset " TARGET_FMT_plx " %02x\n", | |
254 | __func__, offset, ret); | |
255 | break; | |
256 | case 2: | |
257 | if (be) { | |
258 | ret = p[offset] << 8; | |
259 | ret |= p[offset + 1]; | |
260 | } else { | |
261 | ret = p[offset]; | |
262 | ret |= p[offset + 1] << 8; | |
263 | } | |
264 | DPRINTF("%s: data offset " TARGET_FMT_plx " %04x\n", | |
265 | __func__, offset, ret); | |
266 | break; | |
267 | case 4: | |
268 | if (be) { | |
269 | ret = p[offset] << 24; | |
270 | ret |= p[offset + 1] << 16; | |
271 | ret |= p[offset + 2] << 8; | |
272 | ret |= p[offset + 3]; | |
273 | } else { | |
274 | ret = p[offset]; | |
275 | ret |= p[offset + 1] << 8; | |
276 | ret |= p[offset + 2] << 16; | |
277 | ret |= p[offset + 3] << 24; | |
278 | } | |
279 | DPRINTF("%s: data offset " TARGET_FMT_plx " %08x\n", | |
280 | __func__, offset, ret); | |
281 | break; | |
282 | default: | |
283 | DPRINTF("BUG in %s\n", __func__); | |
284 | abort(); | |
285 | } | |
286 | return ret; | |
287 | } | |
288 | ||
a8170e5e | 289 | static uint32_t pflash_read (pflash_t *pfl, hwaddr offset, |
3d08ff69 | 290 | int width, int be) |
05ee37eb | 291 | { |
a8170e5e | 292 | hwaddr boff; |
05ee37eb | 293 | uint32_t ret; |
05ee37eb AZ |
294 | |
295 | ret = -1; | |
05ee37eb | 296 | |
fad8c772 EI |
297 | #if 0 |
298 | DPRINTF("%s: reading offset " TARGET_FMT_plx " under cmd %02x width %d\n", | |
06adb549 | 299 | __func__, offset, pfl->cmd, width); |
fad8c772 | 300 | #endif |
05ee37eb | 301 | switch (pfl->cmd) { |
1be97bf2 PM |
302 | default: |
303 | /* This should never happen : reset state & treat it as a read */ | |
304 | DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd); | |
305 | pfl->wcycle = 0; | |
306 | pfl->cmd = 0; | |
307 | /* fall through to read code */ | |
05ee37eb AZ |
308 | case 0x00: |
309 | /* Flash area read */ | |
f71e42a5 | 310 | ret = pflash_data_read(pfl, offset, width, be); |
05ee37eb | 311 | break; |
6e392787 | 312 | case 0x10: /* Single byte program */ |
05ee37eb | 313 | case 0x20: /* Block erase */ |
6e392787 PM |
314 | case 0x28: /* Block erase */ |
315 | case 0x40: /* single byte program */ | |
05ee37eb AZ |
316 | case 0x50: /* Clear status register */ |
317 | case 0x60: /* Block /un)lock */ | |
318 | case 0x70: /* Status Register */ | |
319 | case 0xe8: /* Write block */ | |
2003889f RF |
320 | /* Status register read. Return status from each device in |
321 | * bank. | |
322 | */ | |
05ee37eb | 323 | ret = pfl->status; |
2003889f RF |
324 | if (pfl->device_width && width > pfl->device_width) { |
325 | int shift = pfl->device_width * 8; | |
326 | while (shift + pfl->device_width * 8 <= width * 8) { | |
327 | ret |= pfl->status << shift; | |
328 | shift += pfl->device_width * 8; | |
329 | } | |
330 | } else if (!pfl->device_width && width > 2) { | |
331 | /* Handle 32 bit flash cases where device width is not | |
332 | * set. (Existing behavior before device width added.) | |
333 | */ | |
ea0a4f34 PB |
334 | ret |= pfl->status << 16; |
335 | } | |
05ee37eb AZ |
336 | DPRINTF("%s: status %x\n", __func__, ret); |
337 | break; | |
0b2ec6fc | 338 | case 0x90: |
0163a2dc RF |
339 | if (!pfl->device_width) { |
340 | /* Preserve old behavior if device width not specified */ | |
341 | boff = offset & 0xFF; | |
342 | if (pfl->bank_width == 2) { | |
343 | boff = boff >> 1; | |
344 | } else if (pfl->bank_width == 4) { | |
345 | boff = boff >> 2; | |
346 | } | |
4433e660 | 347 | |
0163a2dc RF |
348 | switch (boff) { |
349 | case 0: | |
350 | ret = pfl->ident0 << 8 | pfl->ident1; | |
351 | DPRINTF("%s: Manufacturer Code %04x\n", __func__, ret); | |
352 | break; | |
353 | case 1: | |
354 | ret = pfl->ident2 << 8 | pfl->ident3; | |
355 | DPRINTF("%s: Device ID Code %04x\n", __func__, ret); | |
356 | break; | |
357 | default: | |
358 | DPRINTF("%s: Read Device Information boff=%x\n", __func__, | |
359 | (unsigned)boff); | |
360 | ret = 0; | |
361 | break; | |
362 | } | |
363 | } else { | |
364 | /* If we have a read larger than the bank_width, combine multiple | |
365 | * manufacturer/device ID queries into a single response. | |
366 | */ | |
367 | int i; | |
368 | for (i = 0; i < width; i += pfl->bank_width) { | |
369 | ret = deposit32(ret, i * 8, pfl->bank_width * 8, | |
370 | pflash_devid_query(pfl, | |
371 | offset + i * pfl->bank_width)); | |
372 | } | |
0b2ec6fc MW |
373 | } |
374 | break; | |
05ee37eb | 375 | case 0x98: /* Query mode */ |
4433e660 RF |
376 | if (!pfl->device_width) { |
377 | /* Preserve old behavior if device width not specified */ | |
378 | boff = offset & 0xFF; | |
379 | if (pfl->bank_width == 2) { | |
380 | boff = boff >> 1; | |
381 | } else if (pfl->bank_width == 4) { | |
382 | boff = boff >> 2; | |
383 | } | |
384 | ||
385 | if (boff > pfl->cfi_len) { | |
386 | ret = 0; | |
387 | } else { | |
388 | ret = pfl->cfi_table[boff]; | |
389 | } | |
390 | } else { | |
391 | /* If we have a read larger than the bank_width, combine multiple | |
392 | * CFI queries into a single response. | |
393 | */ | |
394 | int i; | |
395 | for (i = 0; i < width; i += pfl->bank_width) { | |
396 | ret = deposit32(ret, i * 8, pfl->bank_width * 8, | |
397 | pflash_cfi_query(pfl, | |
398 | offset + i * pfl->bank_width)); | |
399 | } | |
400 | } | |
401 | ||
05ee37eb | 402 | break; |
05ee37eb AZ |
403 | } |
404 | return ret; | |
405 | } | |
406 | ||
407 | /* update flash content on disk */ | |
c227f099 | 408 | static void pflash_update(pflash_t *pfl, int offset, |
05ee37eb AZ |
409 | int size) |
410 | { | |
411 | int offset_end; | |
4be74634 | 412 | if (pfl->blk) { |
05ee37eb AZ |
413 | offset_end = offset + size; |
414 | /* round to sectors */ | |
415 | offset = offset >> 9; | |
416 | offset_end = (offset_end + 511) >> 9; | |
4be74634 MA |
417 | blk_write(pfl->blk, offset, pfl->storage + (offset << 9), |
418 | offset_end - offset); | |
05ee37eb AZ |
419 | } |
420 | } | |
421 | ||
a8170e5e | 422 | static inline void pflash_data_write(pflash_t *pfl, hwaddr offset, |
3d08ff69 | 423 | uint32_t value, int width, int be) |
d361be25 AZ |
424 | { |
425 | uint8_t *p = pfl->storage; | |
426 | ||
fad8c772 | 427 | DPRINTF("%s: block write offset " TARGET_FMT_plx |
d8d24fb7 | 428 | " value %x counter %016" PRIx64 "\n", |
d361be25 AZ |
429 | __func__, offset, value, pfl->counter); |
430 | switch (width) { | |
431 | case 1: | |
432 | p[offset] = value; | |
d361be25 AZ |
433 | break; |
434 | case 2: | |
3d08ff69 BS |
435 | if (be) { |
436 | p[offset] = value >> 8; | |
437 | p[offset + 1] = value; | |
438 | } else { | |
439 | p[offset] = value; | |
440 | p[offset + 1] = value >> 8; | |
441 | } | |
d361be25 AZ |
442 | break; |
443 | case 4: | |
3d08ff69 BS |
444 | if (be) { |
445 | p[offset] = value >> 24; | |
446 | p[offset + 1] = value >> 16; | |
447 | p[offset + 2] = value >> 8; | |
448 | p[offset + 3] = value; | |
449 | } else { | |
450 | p[offset] = value; | |
451 | p[offset + 1] = value >> 8; | |
452 | p[offset + 2] = value >> 16; | |
453 | p[offset + 3] = value >> 24; | |
454 | } | |
d361be25 AZ |
455 | break; |
456 | } | |
457 | ||
458 | } | |
459 | ||
a8170e5e | 460 | static void pflash_write(pflash_t *pfl, hwaddr offset, |
3d08ff69 | 461 | uint32_t value, int width, int be) |
05ee37eb | 462 | { |
05ee37eb AZ |
463 | uint8_t *p; |
464 | uint8_t cmd; | |
465 | ||
05ee37eb | 466 | cmd = value; |
05ee37eb | 467 | |
fad8c772 | 468 | DPRINTF("%s: writing offset " TARGET_FMT_plx " value %08x width %d wcycle 0x%x\n", |
c8b153d7 | 469 | __func__, offset, value, width, pfl->wcycle); |
05ee37eb | 470 | |
e9cbbcac EI |
471 | if (!pfl->wcycle) { |
472 | /* Set the device in I/O access mode */ | |
5f9a5ea1 | 473 | memory_region_rom_device_set_romd(&pfl->mem, false); |
e9cbbcac | 474 | } |
05ee37eb AZ |
475 | |
476 | switch (pfl->wcycle) { | |
477 | case 0: | |
478 | /* read mode */ | |
479 | switch (cmd) { | |
480 | case 0x00: /* ??? */ | |
481 | goto reset_flash; | |
d361be25 AZ |
482 | case 0x10: /* Single Byte Program */ |
483 | case 0x40: /* Single Byte Program */ | |
fad8c772 | 484 | DPRINTF("%s: Single Byte Program\n", __func__); |
d361be25 | 485 | break; |
05ee37eb AZ |
486 | case 0x20: /* Block erase */ |
487 | p = pfl->storage; | |
488 | offset &= ~(pfl->sector_len - 1); | |
489 | ||
368a354f PC |
490 | DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n", |
491 | __func__, offset, (unsigned)pfl->sector_len); | |
05ee37eb | 492 | |
de8efe8f JJ |
493 | if (!pfl->ro) { |
494 | memset(p + offset, 0xff, pfl->sector_len); | |
495 | pflash_update(pfl, offset, pfl->sector_len); | |
496 | } else { | |
497 | pfl->status |= 0x20; /* Block erase error */ | |
498 | } | |
05ee37eb AZ |
499 | pfl->status |= 0x80; /* Ready! */ |
500 | break; | |
501 | case 0x50: /* Clear status bits */ | |
502 | DPRINTF("%s: Clear status bits\n", __func__); | |
503 | pfl->status = 0x0; | |
504 | goto reset_flash; | |
505 | case 0x60: /* Block (un)lock */ | |
506 | DPRINTF("%s: Block unlock\n", __func__); | |
507 | break; | |
508 | case 0x70: /* Status Register */ | |
509 | DPRINTF("%s: Read status register\n", __func__); | |
510 | pfl->cmd = cmd; | |
511 | return; | |
0b2ec6fc MW |
512 | case 0x90: /* Read Device ID */ |
513 | DPRINTF("%s: Read Device information\n", __func__); | |
514 | pfl->cmd = cmd; | |
515 | return; | |
05ee37eb AZ |
516 | case 0x98: /* CFI query */ |
517 | DPRINTF("%s: CFI query\n", __func__); | |
518 | break; | |
519 | case 0xe8: /* Write to buffer */ | |
520 | DPRINTF("%s: Write to buffer\n", __func__); | |
521 | pfl->status |= 0x80; /* Ready! */ | |
522 | break; | |
5928023c SW |
523 | case 0xf0: /* Probe for AMD flash */ |
524 | DPRINTF("%s: Probe for AMD flash\n", __func__); | |
525 | goto reset_flash; | |
05ee37eb AZ |
526 | case 0xff: /* Read array mode */ |
527 | DPRINTF("%s: Read array mode\n", __func__); | |
528 | goto reset_flash; | |
529 | default: | |
530 | goto error_flash; | |
531 | } | |
532 | pfl->wcycle++; | |
533 | pfl->cmd = cmd; | |
12dabc79 | 534 | break; |
05ee37eb AZ |
535 | case 1: |
536 | switch (pfl->cmd) { | |
d361be25 AZ |
537 | case 0x10: /* Single Byte Program */ |
538 | case 0x40: /* Single Byte Program */ | |
539 | DPRINTF("%s: Single Byte Program\n", __func__); | |
de8efe8f JJ |
540 | if (!pfl->ro) { |
541 | pflash_data_write(pfl, offset, value, width, be); | |
542 | pflash_update(pfl, offset, width); | |
543 | } else { | |
544 | pfl->status |= 0x10; /* Programming error */ | |
545 | } | |
d361be25 AZ |
546 | pfl->status |= 0x80; /* Ready! */ |
547 | pfl->wcycle = 0; | |
548 | break; | |
05ee37eb AZ |
549 | case 0x20: /* Block erase */ |
550 | case 0x28: | |
551 | if (cmd == 0xd0) { /* confirm */ | |
3656744c | 552 | pfl->wcycle = 0; |
05ee37eb | 553 | pfl->status |= 0x80; |
9248f413 | 554 | } else if (cmd == 0xff) { /* read array mode */ |
05ee37eb AZ |
555 | goto reset_flash; |
556 | } else | |
557 | goto error_flash; | |
558 | ||
559 | break; | |
560 | case 0xe8: | |
1997b485 RF |
561 | /* Mask writeblock size based on device width, or bank width if |
562 | * device width not specified. | |
563 | */ | |
564 | if (pfl->device_width) { | |
565 | value = extract32(value, 0, pfl->device_width * 8); | |
566 | } else { | |
567 | value = extract32(value, 0, pfl->bank_width * 8); | |
568 | } | |
71fb2348 AZ |
569 | DPRINTF("%s: block write of %x bytes\n", __func__, value); |
570 | pfl->counter = value; | |
05ee37eb AZ |
571 | pfl->wcycle++; |
572 | break; | |
573 | case 0x60: | |
574 | if (cmd == 0xd0) { | |
575 | pfl->wcycle = 0; | |
576 | pfl->status |= 0x80; | |
577 | } else if (cmd == 0x01) { | |
578 | pfl->wcycle = 0; | |
579 | pfl->status |= 0x80; | |
580 | } else if (cmd == 0xff) { | |
581 | goto reset_flash; | |
582 | } else { | |
583 | DPRINTF("%s: Unknown (un)locking command\n", __func__); | |
584 | goto reset_flash; | |
585 | } | |
586 | break; | |
587 | case 0x98: | |
588 | if (cmd == 0xff) { | |
589 | goto reset_flash; | |
590 | } else { | |
591 | DPRINTF("%s: leaving query mode\n", __func__); | |
592 | } | |
593 | break; | |
594 | default: | |
595 | goto error_flash; | |
596 | } | |
12dabc79 | 597 | break; |
05ee37eb AZ |
598 | case 2: |
599 | switch (pfl->cmd) { | |
600 | case 0xe8: /* Block write */ | |
de8efe8f JJ |
601 | if (!pfl->ro) { |
602 | pflash_data_write(pfl, offset, value, width, be); | |
603 | } else { | |
604 | pfl->status |= 0x10; /* Programming error */ | |
605 | } | |
05ee37eb AZ |
606 | |
607 | pfl->status |= 0x80; | |
608 | ||
609 | if (!pfl->counter) { | |
a8170e5e | 610 | hwaddr mask = pfl->writeblock_size - 1; |
b4bf0a9a EI |
611 | mask = ~mask; |
612 | ||
05ee37eb AZ |
613 | DPRINTF("%s: block write finished\n", __func__); |
614 | pfl->wcycle++; | |
de8efe8f JJ |
615 | if (!pfl->ro) { |
616 | /* Flush the entire write buffer onto backing storage. */ | |
617 | pflash_update(pfl, offset & mask, pfl->writeblock_size); | |
618 | } else { | |
619 | pfl->status |= 0x10; /* Programming error */ | |
620 | } | |
05ee37eb AZ |
621 | } |
622 | ||
623 | pfl->counter--; | |
624 | break; | |
7317b8ca AZ |
625 | default: |
626 | goto error_flash; | |
05ee37eb | 627 | } |
12dabc79 | 628 | break; |
05ee37eb AZ |
629 | case 3: /* Confirm mode */ |
630 | switch (pfl->cmd) { | |
631 | case 0xe8: /* Block write */ | |
632 | if (cmd == 0xd0) { | |
633 | pfl->wcycle = 0; | |
634 | pfl->status |= 0x80; | |
05ee37eb AZ |
635 | } else { |
636 | DPRINTF("%s: unknown command for \"write block\"\n", __func__); | |
637 | PFLASH_BUG("Write block confirm"); | |
7317b8ca | 638 | goto reset_flash; |
05ee37eb | 639 | } |
7317b8ca AZ |
640 | break; |
641 | default: | |
642 | goto error_flash; | |
05ee37eb | 643 | } |
12dabc79 | 644 | break; |
05ee37eb AZ |
645 | default: |
646 | /* Should never happen */ | |
647 | DPRINTF("%s: invalid write state\n", __func__); | |
648 | goto reset_flash; | |
649 | } | |
650 | return; | |
651 | ||
652 | error_flash: | |
d96fc51c PC |
653 | qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence " |
654 | "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)" | |
655 | "\n", __func__, offset, pfl->wcycle, pfl->cmd, value); | |
05ee37eb AZ |
656 | |
657 | reset_flash: | |
5f9a5ea1 | 658 | memory_region_rom_device_set_romd(&pfl->mem, true); |
05ee37eb | 659 | |
05ee37eb AZ |
660 | pfl->wcycle = 0; |
661 | pfl->cmd = 0; | |
05ee37eb AZ |
662 | } |
663 | ||
664 | ||
f71e42a5 PB |
665 | static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value, |
666 | unsigned len, MemTxAttrs attrs) | |
3d08ff69 BS |
667 | { |
668 | pflash_t *pfl = opaque; | |
5aa113f0 | 669 | bool be = !!(pfl->features & (1 << PFLASH_BE)); |
3d08ff69 | 670 | |
f71e42a5 PB |
671 | if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { |
672 | *value = pflash_data_read(opaque, addr, len, be); | |
673 | } else { | |
674 | *value = pflash_read(opaque, addr, len, be); | |
675 | } | |
676 | return MEMTX_OK; | |
3d08ff69 BS |
677 | } |
678 | ||
f71e42a5 PB |
679 | static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value, |
680 | unsigned len, MemTxAttrs attrs) | |
05ee37eb | 681 | { |
3d08ff69 | 682 | pflash_t *pfl = opaque; |
5aa113f0 | 683 | bool be = !!(pfl->features & (1 << PFLASH_BE)); |
3d08ff69 | 684 | |
f71e42a5 PB |
685 | if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { |
686 | return MEMTX_ERROR; | |
687 | } else { | |
688 | pflash_write(opaque, addr, value, len, be); | |
689 | return MEMTX_OK; | |
690 | } | |
05ee37eb AZ |
691 | } |
692 | ||
5aa113f0 | 693 | static const MemoryRegionOps pflash_cfi01_ops = { |
f71e42a5 PB |
694 | .read_with_attrs = pflash_mem_read_with_attrs, |
695 | .write_with_attrs = pflash_mem_write_with_attrs, | |
cfe5f011 | 696 | .endianness = DEVICE_NATIVE_ENDIAN, |
05ee37eb AZ |
697 | }; |
698 | ||
e40b5f3e | 699 | static void pflash_cfi01_realize(DeviceState *dev, Error **errp) |
05ee37eb | 700 | { |
f1b44f0e | 701 | pflash_t *pfl = CFI_PFLASH01(dev); |
368a354f | 702 | uint64_t total_len; |
d0e7605e | 703 | int ret; |
a0289b8a PM |
704 | uint64_t blocks_per_device, device_len; |
705 | int num_devices; | |
33e0eb52 | 706 | Error *local_err = NULL; |
05ee37eb | 707 | |
368a354f | 708 | total_len = pfl->sector_len * pfl->nb_blocs; |
05ee37eb | 709 | |
a0289b8a PM |
710 | /* These are only used to expose the parameters of each device |
711 | * in the cfi_table[]. | |
712 | */ | |
713 | num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1; | |
714 | blocks_per_device = pfl->nb_blocs / num_devices; | |
715 | device_len = pfl->sector_len * blocks_per_device; | |
716 | ||
05ee37eb | 717 | /* XXX: to be fixed */ |
c8b153d7 | 718 | #if 0 |
05ee37eb AZ |
719 | if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) && |
720 | total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024)) | |
721 | return NULL; | |
c8b153d7 | 722 | #endif |
05ee37eb | 723 | |
cfe5f011 | 724 | memory_region_init_rom_device( |
2d256e6f | 725 | &pfl->mem, OBJECT(dev), |
5aa113f0 | 726 | &pflash_cfi01_ops, |
e9809422 | 727 | pfl, |
33e0eb52 HT |
728 | pfl->name, total_len, &local_err); |
729 | if (local_err) { | |
730 | error_propagate(errp, local_err); | |
731 | return; | |
732 | } | |
733 | ||
368a354f | 734 | vmstate_register_ram(&pfl->mem, DEVICE(pfl)); |
cfe5f011 | 735 | pfl->storage = memory_region_get_ram_ptr(&pfl->mem); |
e40b5f3e | 736 | sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem); |
05ee37eb | 737 | |
4be74634 | 738 | if (pfl->blk) { |
05ee37eb | 739 | /* read the initial flash content */ |
4be74634 | 740 | ret = blk_read(pfl->blk, 0, pfl->storage, total_len >> 9); |
368a354f | 741 | |
d0e7605e | 742 | if (ret < 0) { |
368a354f | 743 | vmstate_unregister_ram(&pfl->mem, DEVICE(pfl)); |
e40b5f3e HT |
744 | error_setg(errp, "failed to read the initial flash content"); |
745 | return; | |
d0e7605e | 746 | } |
05ee37eb | 747 | } |
de8efe8f | 748 | |
4be74634 MA |
749 | if (pfl->blk) { |
750 | pfl->ro = blk_is_read_only(pfl->blk); | |
de8efe8f JJ |
751 | } else { |
752 | pfl->ro = 0; | |
753 | } | |
754 | ||
fa21a7b1 RF |
755 | /* Default to devices being used at their maximum device width. This was |
756 | * assumed before the device_width support was added. | |
757 | */ | |
758 | if (!pfl->max_device_width) { | |
759 | pfl->max_device_width = pfl->device_width; | |
760 | } | |
761 | ||
bc72ad67 | 762 | pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl); |
05ee37eb AZ |
763 | pfl->wcycle = 0; |
764 | pfl->cmd = 0; | |
765 | pfl->status = 0; | |
05ee37eb AZ |
766 | /* Hardcoded CFI table */ |
767 | pfl->cfi_len = 0x52; | |
768 | /* Standard "QRY" string */ | |
769 | pfl->cfi_table[0x10] = 'Q'; | |
770 | pfl->cfi_table[0x11] = 'R'; | |
771 | pfl->cfi_table[0x12] = 'Y'; | |
772 | /* Command set (Intel) */ | |
773 | pfl->cfi_table[0x13] = 0x01; | |
774 | pfl->cfi_table[0x14] = 0x00; | |
775 | /* Primary extended table address (none) */ | |
776 | pfl->cfi_table[0x15] = 0x31; | |
777 | pfl->cfi_table[0x16] = 0x00; | |
778 | /* Alternate command set (none) */ | |
779 | pfl->cfi_table[0x17] = 0x00; | |
780 | pfl->cfi_table[0x18] = 0x00; | |
781 | /* Alternate extended table (none) */ | |
782 | pfl->cfi_table[0x19] = 0x00; | |
783 | pfl->cfi_table[0x1A] = 0x00; | |
784 | /* Vcc min */ | |
785 | pfl->cfi_table[0x1B] = 0x45; | |
786 | /* Vcc max */ | |
787 | pfl->cfi_table[0x1C] = 0x55; | |
788 | /* Vpp min (no Vpp pin) */ | |
789 | pfl->cfi_table[0x1D] = 0x00; | |
790 | /* Vpp max (no Vpp pin) */ | |
791 | pfl->cfi_table[0x1E] = 0x00; | |
792 | /* Reserved */ | |
793 | pfl->cfi_table[0x1F] = 0x07; | |
794 | /* Timeout for min size buffer write */ | |
795 | pfl->cfi_table[0x20] = 0x07; | |
796 | /* Typical timeout for block erase */ | |
797 | pfl->cfi_table[0x21] = 0x0a; | |
798 | /* Typical timeout for full chip erase (4096 ms) */ | |
799 | pfl->cfi_table[0x22] = 0x00; | |
800 | /* Reserved */ | |
801 | pfl->cfi_table[0x23] = 0x04; | |
802 | /* Max timeout for buffer write */ | |
803 | pfl->cfi_table[0x24] = 0x04; | |
804 | /* Max timeout for block erase */ | |
805 | pfl->cfi_table[0x25] = 0x04; | |
806 | /* Max timeout for chip erase */ | |
807 | pfl->cfi_table[0x26] = 0x00; | |
808 | /* Device size */ | |
a0289b8a | 809 | pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */ |
05ee37eb AZ |
810 | /* Flash device interface (8 & 16 bits) */ |
811 | pfl->cfi_table[0x28] = 0x02; | |
812 | pfl->cfi_table[0x29] = 0x00; | |
813 | /* Max number of bytes in multi-bytes write */ | |
4b6fedca | 814 | if (pfl->bank_width == 1) { |
4737fa26 EI |
815 | pfl->cfi_table[0x2A] = 0x08; |
816 | } else { | |
817 | pfl->cfi_table[0x2A] = 0x0B; | |
818 | } | |
b4bf0a9a EI |
819 | pfl->writeblock_size = 1 << pfl->cfi_table[0x2A]; |
820 | ||
05ee37eb AZ |
821 | pfl->cfi_table[0x2B] = 0x00; |
822 | /* Number of erase block regions (uniform) */ | |
823 | pfl->cfi_table[0x2C] = 0x01; | |
824 | /* Erase block region 1 */ | |
a0289b8a PM |
825 | pfl->cfi_table[0x2D] = blocks_per_device - 1; |
826 | pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8; | |
368a354f PC |
827 | pfl->cfi_table[0x2F] = pfl->sector_len >> 8; |
828 | pfl->cfi_table[0x30] = pfl->sector_len >> 16; | |
05ee37eb AZ |
829 | |
830 | /* Extended */ | |
831 | pfl->cfi_table[0x31] = 'P'; | |
832 | pfl->cfi_table[0x32] = 'R'; | |
833 | pfl->cfi_table[0x33] = 'I'; | |
834 | ||
835 | pfl->cfi_table[0x34] = '1'; | |
262e1eaa | 836 | pfl->cfi_table[0x35] = '0'; |
05ee37eb AZ |
837 | |
838 | pfl->cfi_table[0x36] = 0x00; | |
839 | pfl->cfi_table[0x37] = 0x00; | |
840 | pfl->cfi_table[0x38] = 0x00; | |
841 | pfl->cfi_table[0x39] = 0x00; | |
842 | ||
843 | pfl->cfi_table[0x3a] = 0x00; | |
844 | ||
845 | pfl->cfi_table[0x3b] = 0x00; | |
846 | pfl->cfi_table[0x3c] = 0x00; | |
847 | ||
262e1eaa | 848 | pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */ |
368a354f PC |
849 | } |
850 | ||
851 | static Property pflash_cfi01_properties[] = { | |
4be74634 | 852 | DEFINE_PROP_DRIVE("drive", struct pflash_t, blk), |
a0289b8a PM |
853 | /* num-blocks is the number of blocks actually visible to the guest, |
854 | * ie the total size of the device divided by the sector length. | |
855 | * If we're emulating flash devices wired in parallel the actual | |
856 | * number of blocks per indvidual device will differ. | |
857 | */ | |
368a354f PC |
858 | DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0), |
859 | DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0), | |
fa21a7b1 RF |
860 | /* width here is the overall width of this QEMU device in bytes. |
861 | * The QEMU device may be emulating a number of flash devices | |
862 | * wired up in parallel; the width of each individual flash | |
863 | * device should be specified via device-width. If the individual | |
864 | * devices have a maximum width which is greater than the width | |
865 | * they are being used for, this maximum width should be set via | |
866 | * max-device-width (which otherwise defaults to device-width). | |
867 | * So for instance a 32-bit wide QEMU flash device made from four | |
868 | * 16-bit flash devices used in 8-bit wide mode would be configured | |
869 | * with width = 4, device-width = 1, max-device-width = 2. | |
870 | * | |
871 | * If device-width is not specified we default to backwards | |
872 | * compatible behaviour which is a bad emulation of two | |
873 | * 16 bit devices making up a 32 bit wide QEMU device. This | |
874 | * is deprecated for new uses of this device. | |
875 | */ | |
4b6fedca | 876 | DEFINE_PROP_UINT8("width", struct pflash_t, bank_width, 0), |
1997b485 | 877 | DEFINE_PROP_UINT8("device-width", struct pflash_t, device_width, 0), |
fa21a7b1 | 878 | DEFINE_PROP_UINT8("max-device-width", struct pflash_t, max_device_width, 0), |
e9809422 | 879 | DEFINE_PROP_BIT("big-endian", struct pflash_t, features, PFLASH_BE, 0), |
f71e42a5 | 880 | DEFINE_PROP_BIT("secure", struct pflash_t, features, PFLASH_SECURE, 0), |
368a354f PC |
881 | DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0), |
882 | DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0), | |
883 | DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0), | |
884 | DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0), | |
885 | DEFINE_PROP_STRING("name", struct pflash_t, name), | |
886 | DEFINE_PROP_END_OF_LIST(), | |
887 | }; | |
888 | ||
889 | static void pflash_cfi01_class_init(ObjectClass *klass, void *data) | |
890 | { | |
891 | DeviceClass *dc = DEVICE_CLASS(klass); | |
368a354f | 892 | |
e40b5f3e | 893 | dc->realize = pflash_cfi01_realize; |
368a354f | 894 | dc->props = pflash_cfi01_properties; |
d8d24fb7 | 895 | dc->vmsd = &vmstate_pflash; |
125ee0ed | 896 | set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); |
368a354f PC |
897 | } |
898 | ||
899 | ||
900 | static const TypeInfo pflash_cfi01_info = { | |
f1b44f0e | 901 | .name = TYPE_CFI_PFLASH01, |
368a354f PC |
902 | .parent = TYPE_SYS_BUS_DEVICE, |
903 | .instance_size = sizeof(struct pflash_t), | |
904 | .class_init = pflash_cfi01_class_init, | |
905 | }; | |
906 | ||
907 | static void pflash_cfi01_register_types(void) | |
908 | { | |
909 | type_register_static(&pflash_cfi01_info); | |
910 | } | |
911 | ||
912 | type_init(pflash_cfi01_register_types) | |
913 | ||
914 | pflash_t *pflash_cfi01_register(hwaddr base, | |
915 | DeviceState *qdev, const char *name, | |
916 | hwaddr size, | |
4be74634 | 917 | BlockBackend *blk, |
4b6fedca RF |
918 | uint32_t sector_len, int nb_blocs, |
919 | int bank_width, uint16_t id0, uint16_t id1, | |
368a354f PC |
920 | uint16_t id2, uint16_t id3, int be) |
921 | { | |
f1b44f0e | 922 | DeviceState *dev = qdev_create(NULL, TYPE_CFI_PFLASH01); |
368a354f | 923 | |
9b3d111a MA |
924 | if (blk) { |
925 | qdev_prop_set_drive(dev, "drive", blk, &error_abort); | |
368a354f PC |
926 | } |
927 | qdev_prop_set_uint32(dev, "num-blocks", nb_blocs); | |
928 | qdev_prop_set_uint64(dev, "sector-length", sector_len); | |
4b6fedca | 929 | qdev_prop_set_uint8(dev, "width", bank_width); |
e9809422 | 930 | qdev_prop_set_bit(dev, "big-endian", !!be); |
368a354f PC |
931 | qdev_prop_set_uint16(dev, "id0", id0); |
932 | qdev_prop_set_uint16(dev, "id1", id1); | |
933 | qdev_prop_set_uint16(dev, "id2", id2); | |
934 | qdev_prop_set_uint16(dev, "id3", id3); | |
935 | qdev_prop_set_string(dev, "name", name); | |
936 | qdev_init_nofail(dev); | |
937 | ||
f1b44f0e HT |
938 | sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); |
939 | return CFI_PFLASH01(dev); | |
05ee37eb | 940 | } |
cfe5f011 AK |
941 | |
942 | MemoryRegion *pflash_cfi01_get_memory(pflash_t *fl) | |
943 | { | |
944 | return &fl->mem; | |
945 | } | |
4c0cfc72 LE |
946 | |
947 | static int pflash_post_load(void *opaque, int version_id) | |
948 | { | |
949 | pflash_t *pfl = opaque; | |
950 | ||
951 | if (!pfl->ro) { | |
952 | DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name); | |
953 | pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs); | |
954 | } | |
955 | return 0; | |
956 | } |