]> git.proxmox.com Git - mirror_qemu.git/blame - hw/onenand.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
hw/nand: reject read-only drives
[mirror_qemu.git] / hw / onenand.c
CommitLineData
7e7c5e4c
AZ		 1/*
2 * OneNAND flash memories emulation.
3 *
4 * Copyright (C) 2008 Nokia Corporation
5 * Written by Andrzej Zaborowski <andrew@openedhand.com>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License as
9 * published by the Free Software Foundation; either version 2 or
10 * (at your option) version 3 of the License.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
fad6cb1a 17 * You should have received a copy of the GNU General Public License along
8167ee88 18 * with this program; if not, see <http://www.gnu.org/licenses/>.
7e7c5e4c
AZ		 19 */
20
21#include "qemu-common.h"
34f9f0b5 22#include "hw.h"
7e7c5e4c
AZ		 23#include "flash.h"
24#include "irq.h"
666daa68 25#include "blockdev.h"
689a1921
AK		 26#include "memory.h"
27#include "exec-memory.h"
500954e3 28#include "sysbus.h"
7e7c5e4c
AZ		 29
30/* 11 for 2kB-page OneNAND ("2nd generation") and 10 for 1kB-page chips */
31#define PAGE_SHIFT 11
32
33/* Fixed */
34#define BLOCK_SHIFT (PAGE_SHIFT + 6)
35
bc24a225 36typedef struct {
500954e3 37 SysBusDevice busdev;
5923ba42
JR		 38 struct {
39 uint16_t man;
40 uint16_t dev;
41 uint16_t ver;
42 } id;
7e7c5e4c 43 int shift;
c227f099 44 target_phys_addr_t base;
7e7c5e4c
AZ		 45 qemu_irq intr;
46 qemu_irq rdy;
47 BlockDriverState *bdrv;
48 BlockDriverState *bdrv_cur;
49 uint8_t *image;
50 uint8_t *otp;
51 uint8_t *current;
689a1921
AK		 52 MemoryRegion ram;
53 MemoryRegion mapped_ram;
500954e3 54 uint8_t current_direction;
7e7c5e4c
AZ		 55 uint8_t *boot[2];
56 uint8_t *data[2][2];
689a1921
AK		 57 MemoryRegion iomem;
58 MemoryRegion container;
7e7c5e4c
AZ		 59 int cycle;
60 int otpmode;
61
62 uint16_t addr[8];
63 uint16_t unladdr[8];
64 int bufaddr;
65 int count;
66 uint16_t command;
67 uint16_t config[2];
68 uint16_t status;
69 uint16_t intstatus;
70 uint16_t wpstatus;
71
bc24a225 72 ECCState ecc;
7e7c5e4c
AZ		 73
74 int density_mask;
75 int secs;
76 int secs_cur;
77 int blocks;
78 uint8_t *blockwp;
bc24a225 79} OneNANDState;
7e7c5e4c
AZ		 80
81enum {
82 ONEN_BUF_BLOCK = 0,
83 ONEN_BUF_BLOCK2 = 1,
84 ONEN_BUF_DEST_BLOCK = 2,
85 ONEN_BUF_DEST_PAGE = 3,
86 ONEN_BUF_PAGE = 7,
87};
88
89enum {
90 ONEN_ERR_CMD = 1 << 10,
91 ONEN_ERR_ERASE = 1 << 11,
92 ONEN_ERR_PROG = 1 << 12,
93 ONEN_ERR_LOAD = 1 << 13,
94};
95
96enum {
97 ONEN_INT_RESET = 1 << 4,
98 ONEN_INT_ERASE = 1 << 5,
99 ONEN_INT_PROG = 1 << 6,
100 ONEN_INT_LOAD = 1 << 7,
101 ONEN_INT = 1 << 15,
102};
103
104enum {
105 ONEN_LOCK_LOCKTIGHTEN = 1 << 0,
106 ONEN_LOCK_LOCKED = 1 << 1,
107 ONEN_LOCK_UNLOCKED = 1 << 2,
108};
109
689a1921
AK		 110static void onenand_mem_setup(OneNANDState *s)
111{
112 /* XXX: We should use IO_MEM_ROMD but we broke it earlier...
113 * Both 0x0000 ... 0x01ff and 0x8000 ... 0x800f can be used to
114 * write boot commands. Also take note of the BWPS bit. */
115 memory_region_init(&s->container, "onenand", 0x10000 << s->shift);
116 memory_region_add_subregion(&s->container, 0, &s->iomem);
117 memory_region_init_alias(&s->mapped_ram, "onenand-mapped-ram",
118 &s->ram, 0x0200 << s->shift,
119 0xbe00 << s->shift);
120 memory_region_add_subregion_overlap(&s->container,
121 0x0200 << s->shift,
122 &s->mapped_ram,
123 1);
124}
125
500954e3 126static void onenand_intr_update(OneNANDState *s)
7e7c5e4c 127{
500954e3 128 qemu_set_irq(s->intr, ((s->intstatus >> 15) ^ (~s->config[0] >> 6)) & 1);
7e7c5e4c
AZ		 129}
130
500954e3 131static void onenand_pre_save(void *opaque)
7e7c5e4c 132{
500954e3
JR		 133 OneNANDState *s = opaque;
134 if (s->current == s->otp) {
135 s->current_direction = 1;
136 } else if (s->current == s->image) {
137 s->current_direction = 2;
138 } else {
139 s->current_direction = 0;
140 }
7e7c5e4c
AZ		 141}
142
500954e3 143static int onenand_post_load(void *opaque, int version_id)
7e7c5e4c 144{
500954e3
JR		 145 OneNANDState *s = opaque;
146 switch (s->current_direction) {
147 case 0:
148 break;
149 case 1:
150 s->current = s->otp;
151 break;
152 case 2:
153 s->current = s->image;
154 break;
155 default:
156 return -1;
157 }
158 onenand_intr_update(s);
159 return 0;
7e7c5e4c
AZ		 160}
161
500954e3
JR		 162static const VMStateDescription vmstate_onenand = {
163 .name = "onenand",
164 .version_id = 1,
165 .minimum_version_id = 1,
166 .minimum_version_id_old = 1,
167 .pre_save = onenand_pre_save,
168 .post_load = onenand_post_load,
169 .fields = (VMStateField[]) {
170 VMSTATE_UINT8(current_direction, OneNANDState),
171 VMSTATE_INT32(cycle, OneNANDState),
172 VMSTATE_INT32(otpmode, OneNANDState),
173 VMSTATE_UINT16_ARRAY(addr, OneNANDState, 8),
174 VMSTATE_UINT16_ARRAY(unladdr, OneNANDState, 8),
175 VMSTATE_INT32(bufaddr, OneNANDState),
176 VMSTATE_INT32(count, OneNANDState),
177 VMSTATE_UINT16(command, OneNANDState),
178 VMSTATE_UINT16_ARRAY(config, OneNANDState, 2),
179 VMSTATE_UINT16(status, OneNANDState),
180 VMSTATE_UINT16(intstatus, OneNANDState),
181 VMSTATE_UINT16(wpstatus, OneNANDState),
182 VMSTATE_INT32(secs_cur, OneNANDState),
183 VMSTATE_PARTIAL_VBUFFER(blockwp, OneNANDState, blocks),
184 VMSTATE_UINT8(ecc.cp, OneNANDState),
185 VMSTATE_UINT16_ARRAY(ecc.lp, OneNANDState, 2),
186 VMSTATE_UINT16(ecc.count, OneNANDState),
187 VMSTATE_BUFFER_UNSAFE(otp, OneNANDState, 0, ((64 + 2) << PAGE_SHIFT)),
188 VMSTATE_END_OF_LIST()
189 }
190};
191
7e7c5e4c 192/* Hot reset (Reset OneNAND command) or warm reset (RP pin low) */
bc24a225 193static void onenand_reset(OneNANDState *s, int cold)
7e7c5e4c
AZ		 194{
195 memset(&s->addr, 0, sizeof(s->addr));
196 s->command = 0;
197 s->count = 1;
198 s->bufaddr = 0;
199 s->config[0] = 0x40c0;
200 s->config[1] = 0x0000;
201 onenand_intr_update(s);
202 qemu_irq_raise(s->rdy);
203 s->status = 0x0000;
204 s->intstatus = cold ? 0x8080 : 0x8010;
205 s->unladdr[0] = 0;
206 s->unladdr[1] = 0;
207 s->wpstatus = 0x0002;
208 s->cycle = 0;
209 s->otpmode = 0;
210 s->bdrv_cur = s->bdrv;
211 s->current = s->image;
212 s->secs_cur = s->secs;
213
214 if (cold) {
215 /* Lock the whole flash */
216 memset(s->blockwp, ONEN_LOCK_LOCKED, s->blocks);
217
500954e3
JR		 218 if (s->bdrv_cur && bdrv_read(s->bdrv_cur, 0, s->boot[0], 8) < 0) {
219 hw_error("%s: Loading the BootRAM failed.\n", __func__);
220 }
7e7c5e4c
AZ		 221 }
222}
223
500954e3
JR		 224static void onenand_system_reset(DeviceState *dev)
225{
226 onenand_reset(FROM_SYSBUS(OneNANDState, sysbus_from_qdev(dev)), 1);
227}
228
bc24a225 229static inline int onenand_load_main(OneNANDState *s, int sec, int secn,
7e7c5e4c
AZ		 230 void *dest)
231{
232 if (s->bdrv_cur)
233 return bdrv_read(s->bdrv_cur, sec, dest, secn) < 0;
234 else if (sec + secn > s->secs_cur)
235 return 1;
236
237 memcpy(dest, s->current + (sec << 9), secn << 9);
238
239 return 0;
240}
241
bc24a225 242static inline int onenand_prog_main(OneNANDState *s, int sec, int secn,
7e7c5e4c
AZ		 243 void *src)
244{
f1588dd2
JR		 245 int result = 0;
246
247 if (secn > 0) {
7c00b9de
JR		 248 uint32_t size = (uint32_t)secn * 512;
249 const uint8_t *sp = (const uint8_t *)src;
f1588dd2
JR		 250 uint8_t *dp = 0;
251 if (s->bdrv_cur) {
7267c094 252 dp = g_malloc(size);
f1588dd2
JR		 253 if (!dp || bdrv_read(s->bdrv_cur, sec, dp, secn) < 0) {
254 result = 1;
255 }
256 } else {
257 if (sec + secn > s->secs_cur) {
258 result = 1;
259 } else {
7c00b9de 260 dp = (uint8_t *)s->current + (sec << 9);
f1588dd2
JR		 261 }
262 }
263 if (!result) {
264 uint32_t i;
265 for (i = 0; i < size; i++) {
266 dp[i] &= sp[i];
267 }
268 if (s->bdrv_cur) {
269 result = bdrv_write(s->bdrv_cur, sec, dp, secn) < 0;
270 }
271 }
272 if (dp && s->bdrv_cur) {
7267c094 273 g_free(dp);
f1588dd2
JR		 274 }
275 }
7e7c5e4c 276
f1588dd2 277 return result;
7e7c5e4c
AZ		 278}
279
bc24a225 280static inline int onenand_load_spare(OneNANDState *s, int sec, int secn,
7e7c5e4c
AZ		 281 void *dest)
282{
283 uint8_t buf[512];
284
285 if (s->bdrv_cur) {
286 if (bdrv_read(s->bdrv_cur, s->secs_cur + (sec >> 5), buf, 1) < 0)
287 return 1;
288 memcpy(dest, buf + ((sec & 31) << 4), secn << 4);
289 } else if (sec + secn > s->secs_cur)
290 return 1;
291 else
292 memcpy(dest, s->current + (s->secs_cur << 9) + (sec << 4), secn << 4);
293
294 return 0;
295}
296
bc24a225 297static inline int onenand_prog_spare(OneNANDState *s, int sec, int secn,
7e7c5e4c
AZ		 298 void *src)
299{
f1588dd2
JR		 300 int result = 0;
301 if (secn > 0) {
7c00b9de 302 const uint8_t *sp = (const uint8_t *)src;
f1588dd2
JR		 303 uint8_t *dp = 0, *dpp = 0;
304 if (s->bdrv_cur) {
7267c094 305 dp = g_malloc(512);
f1588dd2 306 if (!dp || bdrv_read(s->bdrv_cur,
7c00b9de
JR		 307 s->secs_cur + (sec >> 5),
308 dp, 1) < 0) {
f1588dd2
JR		 309 result = 1;
310 } else {
311 dpp = dp + ((sec & 31) << 4);
312 }
313 } else {
314 if (sec + secn > s->secs_cur) {
315 result = 1;
316 } else {
317 dpp = s->current + (s->secs_cur << 9) + (sec << 4);
318 }
319 }
320 if (!result) {
321 uint32_t i;
322 for (i = 0; i < (secn << 4); i++) {
323 dpp[i] &= sp[i];
324 }
325 if (s->bdrv_cur) {
326 result = bdrv_write(s->bdrv_cur, s->secs_cur + (sec >> 5),
7c00b9de 327 dp, 1) < 0;
f1588dd2
JR		 328 }
329 }
330 if (dp) {
7267c094 331 g_free(dp);
f1588dd2
JR		 332 }
333 }
334 return result;
7e7c5e4c
AZ		 335}
336
bc24a225 337static inline int onenand_erase(OneNANDState *s, int sec, int num)
7e7c5e4c 338{
f1588dd2 339 uint8_t *blankbuf, *tmpbuf;
7267c094 340 blankbuf = g_malloc(512);
f1588dd2
JR		 341 if (!blankbuf) {
342 return 1;
343 }
7267c094 344 tmpbuf = g_malloc(512);
f1588dd2 345 if (!tmpbuf) {
7267c094 346 g_free(blankbuf);
f1588dd2
JR		 347 return 1;
348 }
349 memset(blankbuf, 0xff, 512);
350 for (; num > 0; num--, sec++) {
351 if (s->bdrv_cur) {
352 int erasesec = s->secs_cur + (sec >> 5);
353 if (bdrv_write(s->bdrv_cur, sec, blankbuf, 1)) {
354 goto fail;
355 }
356 if (bdrv_read(s->bdrv_cur, erasesec, tmpbuf, 1) < 0) {
357 goto fail;
358 }
359 memcpy(tmpbuf + ((sec & 31) << 4), blankbuf, 1 << 4);
360 if (bdrv_write(s->bdrv_cur, erasesec, tmpbuf, 1) < 0) {
361 goto fail;
362 }
363 } else {
364 if (sec + 1 > s->secs_cur) {
365 goto fail;
366 }
367 memcpy(s->current + (sec << 9), blankbuf, 512);
368 memcpy(s->current + (s->secs_cur << 9) + (sec << 4),
369 blankbuf, 1 << 4);
370 }
7e7c5e4c
AZ		 371 }
372
7267c094
AL		 373 g_free(tmpbuf);
374 g_free(blankbuf);
7e7c5e4c 375 return 0;
f1588dd2
JR		 376
377fail:
7267c094
AL		 378 g_free(tmpbuf);
379 g_free(blankbuf);
f1588dd2 380 return 1;
7e7c5e4c
AZ		 381}
382
82866965 383static void onenand_command(OneNANDState *s)
7e7c5e4c
AZ		 384{
385 int b;
386 int sec;
387 void *buf;
388#define SETADDR(block, page) \
389 sec = (s->addr[page] & 3) + \
390 ((((s->addr[page] >> 2) & 0x3f) + \
391 (((s->addr[block] & 0xfff) | \
392 (s->addr[block] >> 15 ? \
393 s->density_mask : 0)) << 6)) << (PAGE_SHIFT - 9));
394#define SETBUF_M() \
395 buf = (s->bufaddr & 8) ? \
396 s->data[(s->bufaddr >> 2) & 1][0] : s->boot[0]; \
397 buf += (s->bufaddr & 3) << 9;
398#define SETBUF_S() \
399 buf = (s->bufaddr & 8) ? \
400 s->data[(s->bufaddr >> 2) & 1][1] : s->boot[1]; \
401 buf += (s->bufaddr & 3) << 4;
402
82866965 403 switch (s->command) {
7e7c5e4c
AZ		 404 case 0x00: /* Load single/multiple sector data unit into buffer */
405 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
406
407 SETBUF_M()
408 if (onenand_load_main(s, sec, s->count, buf))
409 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
410
411#if 0
412 SETBUF_S()
413 if (onenand_load_spare(s, sec, s->count, buf))
414 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
415#endif
416
417 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
418 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
419 * then we need two split the read/write into two chunks.
420 */
421 s->intstatus |= ONEN_INT | ONEN_INT_LOAD;
422 break;
423 case 0x13: /* Load single/multiple spare sector into buffer */
424 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
425
426 SETBUF_S()
427 if (onenand_load_spare(s, sec, s->count, buf))
428 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
429
430 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
431 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
432 * then we need two split the read/write into two chunks.
433 */
434 s->intstatus |= ONEN_INT | ONEN_INT_LOAD;
435 break;
436 case 0x80: /* Program single/multiple sector data unit from buffer */
437 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
438
439 SETBUF_M()
440 if (onenand_prog_main(s, sec, s->count, buf))
441 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
442
443#if 0
444 SETBUF_S()
445 if (onenand_prog_spare(s, sec, s->count, buf))
446 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
447#endif
448
449 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
450 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
451 * then we need two split the read/write into two chunks.
452 */
453 s->intstatus |= ONEN_INT | ONEN_INT_PROG;
454 break;
455 case 0x1a: /* Program single/multiple spare area sector from buffer */
456 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
457
458 SETBUF_S()
459 if (onenand_prog_spare(s, sec, s->count, buf))
460 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
461
462 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
463 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
464 * then we need two split the read/write into two chunks.
465 */
466 s->intstatus |= ONEN_INT | ONEN_INT_PROG;
467 break;
468 case 0x1b: /* Copy-back program */
469 SETBUF_S()
470
471 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
472 if (onenand_load_main(s, sec, s->count, buf))
473 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
474
475 SETADDR(ONEN_BUF_DEST_BLOCK, ONEN_BUF_DEST_PAGE)
476 if (onenand_prog_main(s, sec, s->count, buf))
477 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
478
479 /* TODO: spare areas */
480
481 s->intstatus |= ONEN_INT | ONEN_INT_PROG;
482 break;
483
484 case 0x23: /* Unlock NAND array block(s) */
485 s->intstatus |= ONEN_INT;
486
487 /* XXX the previous (?) area should be locked automatically */
488 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
489 if (b >= s->blocks) {
490 s->status |= ONEN_ERR_CMD;
491 break;
492 }
493 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
494 break;
495
496 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED;
497 }
498 break;
89588a4b
AZ		 499 case 0x27: /* Unlock All NAND array blocks */
500 s->intstatus |= ONEN_INT;
501
502 for (b = 0; b < s->blocks; b ++) {
503 if (b >= s->blocks) {
504 s->status |= ONEN_ERR_CMD;
505 break;
506 }
507 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
508 break;
509
510 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED;
511 }
512 break;
513
7e7c5e4c
AZ		 514 case 0x2a: /* Lock NAND array block(s) */
515 s->intstatus |= ONEN_INT;
516
517 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
518 if (b >= s->blocks) {
519 s->status |= ONEN_ERR_CMD;
520 break;
521 }
522 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
523 break;
524
525 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKED;
526 }
527 break;
528 case 0x2c: /* Lock-tight NAND array block(s) */
529 s->intstatus |= ONEN_INT;
530
531 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
532 if (b >= s->blocks) {
533 s->status |= ONEN_ERR_CMD;
534 break;
535 }
536 if (s->blockwp[b] == ONEN_LOCK_UNLOCKED)
537 continue;
538
539 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKTIGHTEN;
540 }
541 break;
542
543 case 0x71: /* Erase-Verify-Read */
544 s->intstatus |= ONEN_INT;
545 break;
546 case 0x95: /* Multi-block erase */
547 qemu_irq_pulse(s->intr);
548 /* Fall through. */
549 case 0x94: /* Block erase */
550 sec = ((s->addr[ONEN_BUF_BLOCK] & 0xfff) |
551 (s->addr[ONEN_BUF_BLOCK] >> 15 ? s->density_mask : 0))
552 << (BLOCK_SHIFT - 9);
553 if (onenand_erase(s, sec, 1 << (BLOCK_SHIFT - 9)))
554 s->status |= ONEN_ERR_CMD | ONEN_ERR_ERASE;
555
556 s->intstatus |= ONEN_INT | ONEN_INT_ERASE;
557 break;
558 case 0xb0: /* Erase suspend */
559 break;
560 case 0x30: /* Erase resume */
561 s->intstatus |= ONEN_INT | ONEN_INT_ERASE;
562 break;
563
564 case 0xf0: /* Reset NAND Flash core */
565 onenand_reset(s, 0);
566 break;
567 case 0xf3: /* Reset OneNAND */
568 onenand_reset(s, 0);
569 break;
570
571 case 0x65: /* OTP Access */
572 s->intstatus |= ONEN_INT;
b9d38e95 573 s->bdrv_cur = NULL;
7e7c5e4c
AZ		 574 s->current = s->otp;
575 s->secs_cur = 1 << (BLOCK_SHIFT - 9);
576 s->addr[ONEN_BUF_BLOCK] = 0;
577 s->otpmode = 1;
578 break;
579
580 default:
581 s->status |= ONEN_ERR_CMD;
582 s->intstatus |= ONEN_INT;
583 fprintf(stderr, "%s: unknown OneNAND command %x\n",
82866965 584 __func__, s->command);
7e7c5e4c
AZ		 585 }
586
587 onenand_intr_update(s);
588}
589
689a1921
AK		 590static uint64_t onenand_read(void *opaque, target_phys_addr_t addr,
591 unsigned size)
7e7c5e4c 592{
bc24a225 593 OneNANDState *s = (OneNANDState *) opaque;
8da3ff18 594 int offset = addr >> s->shift;
7e7c5e4c
AZ		 595
596 switch (offset) {
597 case 0x0000 ... 0xc000:
8da3ff18 598 return lduw_le_p(s->boot[0] + addr);
7e7c5e4c
AZ		 599
600 case 0xf000: /* Manufacturer ID */
5923ba42 601 return s->id.man;
7e7c5e4c 602 case 0xf001: /* Device ID */
5923ba42 603 return s->id.dev;
7e7c5e4c 604 case 0xf002: /* Version ID */
5923ba42
JR		 605 return s->id.ver;
606 /* TODO: get the following values from a real chip! */
7e7c5e4c
AZ		 607 case 0xf003: /* Data Buffer size */
608 return 1 << PAGE_SHIFT;
609 case 0xf004: /* Boot Buffer size */
610 return 0x200;
611 case 0xf005: /* Amount of buffers */
612 return 1 | (2 << 8);
613 case 0xf006: /* Technology */
614 return 0;
615
616 case 0xf100 ... 0xf107: /* Start addresses */
617 return s->addr[offset - 0xf100];
618
619 case 0xf200: /* Start buffer */
620 return (s->bufaddr << 8) | ((s->count - 1) & (1 << (PAGE_SHIFT - 10)));
621
622 case 0xf220: /* Command */
623 return s->command;
624 case 0xf221: /* System Configuration 1 */
625 return s->config[0] & 0xffe0;
626 case 0xf222: /* System Configuration 2 */
627 return s->config[1];
628
629 case 0xf240: /* Controller Status */
630 return s->status;
631 case 0xf241: /* Interrupt */
632 return s->intstatus;
633 case 0xf24c: /* Unlock Start Block Address */
634 return s->unladdr[0];
635 case 0xf24d: /* Unlock End Block Address */
636 return s->unladdr[1];
637 case 0xf24e: /* Write Protection Status */
638 return s->wpstatus;
639
640 case 0xff00: /* ECC Status */
641 return 0x00;
642 case 0xff01: /* ECC Result of main area data */
643 case 0xff02: /* ECC Result of spare area data */
644 case 0xff03: /* ECC Result of main area data */
645 case 0xff04: /* ECC Result of spare area data */
2ac71179 646 hw_error("%s: imeplement ECC\n", __FUNCTION__);
7e7c5e4c
AZ		 647 return 0x0000;
648 }
649
650 fprintf(stderr, "%s: unknown OneNAND register %x\n",
651 __FUNCTION__, offset);
652 return 0;
653}
654
c227f099 655static void onenand_write(void *opaque, target_phys_addr_t addr,
689a1921 656 uint64_t value, unsigned size)
7e7c5e4c 657{
bc24a225 658 OneNANDState *s = (OneNANDState *) opaque;
8da3ff18 659 int offset = addr >> s->shift;
7e7c5e4c
AZ		 660 int sec;
661
662 switch (offset) {
663 case 0x0000 ... 0x01ff:
664 case 0x8000 ... 0x800f:
665 if (s->cycle) {
666 s->cycle = 0;
667
668 if (value == 0x0000) {
669 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
670 onenand_load_main(s, sec,
671 1 << (PAGE_SHIFT - 9), s->data[0][0]);
672 s->addr[ONEN_BUF_PAGE] += 4;
673 s->addr[ONEN_BUF_PAGE] &= 0xff;
674 }
675 break;
676 }
677
678 switch (value) {
679 case 0x00f0: /* Reset OneNAND */
680 onenand_reset(s, 0);
681 break;
682
683 case 0x00e0: /* Load Data into Buffer */
684 s->cycle = 1;
685 break;
686
687 case 0x0090: /* Read Identification Data */
688 memset(s->boot[0], 0, 3 << s->shift);
5923ba42
JR		 689 s->boot[0][0 << s->shift] = s->id.man & 0xff;
690 s->boot[0][1 << s->shift] = s->id.dev & 0xff;
7e7c5e4c
AZ		 691 s->boot[0][2 << s->shift] = s->wpstatus & 0xff;
692 break;
693
694 default:
689a1921 695 fprintf(stderr, "%s: unknown OneNAND boot command %"PRIx64"\n",
7e7c5e4c
AZ		 696 __FUNCTION__, value);
697 }
698 break;
699
700 case 0xf100 ... 0xf107: /* Start addresses */
701 s->addr[offset - 0xf100] = value;
702 break;
703
704 case 0xf200: /* Start buffer */
705 s->bufaddr = (value >> 8) & 0xf;
706 if (PAGE_SHIFT == 11)
707 s->count = (value & 3) ?: 4;
708 else if (PAGE_SHIFT == 10)
709 s->count = (value & 1) ?: 2;
710 break;
711
712 case 0xf220: /* Command */
713 if (s->intstatus & (1 << 15))
714 break;
715 s->command = value;
82866965 716 onenand_command(s);
7e7c5e4c
AZ		 717 break;
718 case 0xf221: /* System Configuration 1 */
719 s->config[0] = value;
720 onenand_intr_update(s);
721 qemu_set_irq(s->rdy, (s->config[0] >> 7) & 1);
722 break;
723 case 0xf222: /* System Configuration 2 */
724 s->config[1] = value;
725 break;
726
727 case 0xf241: /* Interrupt */
728 s->intstatus &= value;
729 if ((1 << 15) & ~s->intstatus)
730 s->status &= ~(ONEN_ERR_CMD | ONEN_ERR_ERASE |
731 ONEN_ERR_PROG | ONEN_ERR_LOAD);
732 onenand_intr_update(s);
733 break;
734 case 0xf24c: /* Unlock Start Block Address */
735 s->unladdr[0] = value & (s->blocks - 1);
736 /* For some reason we have to set the end address to by default
737 * be same as start because the software forgets to write anything
738 * in there. */
739 s->unladdr[1] = value & (s->blocks - 1);
740 break;
741 case 0xf24d: /* Unlock End Block Address */
742 s->unladdr[1] = value & (s->blocks - 1);
743 break;
744
745 default:
746 fprintf(stderr, "%s: unknown OneNAND register %x\n",
747 __FUNCTION__, offset);
748 }
749}
750
689a1921
AK		 751static const MemoryRegionOps onenand_ops = {
752 .read = onenand_read,
753 .write = onenand_write,
754 .endianness = DEVICE_NATIVE_ENDIAN,
7e7c5e4c
AZ		 755};
756
500954e3 757static int onenand_initfn(SysBusDevice *dev)
7e7c5e4c 758{
500954e3
JR		 759 OneNANDState *s = (OneNANDState *)dev;
760 uint32_t size = 1 << (24 + ((s->id.dev >> 4) & 7));
7e7c5e4c 761 void *ram;
500954e3 762 s->base = (target_phys_addr_t)-1;
b9d38e95 763 s->rdy = NULL;
7e7c5e4c
AZ		 764 s->blocks = size >> BLOCK_SHIFT;
765 s->secs = size >> 9;
7267c094 766 s->blockwp = g_malloc(s->blocks);
500954e3
JR		 767 s->density_mask = (s->id.dev & 0x08)
768 ? (1 << (6 + ((s->id.dev >> 4) & 7))) : 0;
689a1921
AK		 769 memory_region_init_io(&s->iomem, &onenand_ops, s, "onenand",
770 0x10000 << s->shift);
af5a75f4 771 if (!s->bdrv) {
7267c094 772 s->image = memset(g_malloc(size + (size >> 5)),
500954e3
JR		 773 0xff, size + (size >> 5));
774 } else {
775 s->bdrv_cur = s->bdrv;
63efb1d9 776 }
7267c094 777 s->otp = memset(g_malloc((64 + 2) << PAGE_SHIFT),
7e7c5e4c 778 0xff, (64 + 2) << PAGE_SHIFT);
689a1921
AK		 779 memory_region_init_ram(&s->ram, NULL, "onenand.ram", 0xc000 << s->shift);
780 ram = memory_region_get_ram_ptr(&s->ram);
7e7c5e4c
AZ		 781 s->boot[0] = ram + (0x0000 << s->shift);
782 s->boot[1] = ram + (0x8000 << s->shift);
783 s->data[0][0] = ram + ((0x0200 + (0 << (PAGE_SHIFT - 1))) << s->shift);
784 s->data[0][1] = ram + ((0x8010 + (0 << (PAGE_SHIFT - 6))) << s->shift);
785 s->data[1][0] = ram + ((0x0200 + (1 << (PAGE_SHIFT - 1))) << s->shift);
786 s->data[1][1] = ram + ((0x8010 + (1 << (PAGE_SHIFT - 6))) << s->shift);
689a1921 787 onenand_mem_setup(s);
500954e3
JR		 788 sysbus_init_irq(dev, &s->intr);
789 sysbus_init_mmio_region(dev, &s->container);
790 vmstate_register(&dev->qdev,
791 ((s->shift & 0x7f) << 24)
792 | ((s->id.man & 0xff) << 16)
793 | ((s->id.dev & 0xff) << 8)
794 | (s->id.ver & 0xff),
795 &vmstate_onenand, s);
796 return 0;
797}
7e7c5e4c 798
500954e3
JR		 799static SysBusDeviceInfo onenand_info = {
800 .init = onenand_initfn,
801 .qdev.name = "onenand",
802 .qdev.size = sizeof(OneNANDState),
803 .qdev.reset = onenand_system_reset,
804 .qdev.props = (Property[]) {
805 DEFINE_PROP_UINT16("manufacturer_id", OneNANDState, id.man, 0),
806 DEFINE_PROP_UINT16("device_id", OneNANDState, id.dev, 0),
807 DEFINE_PROP_UINT16("version_id", OneNANDState, id.ver, 0),
808 DEFINE_PROP_INT32("shift", OneNANDState, shift, 0),
809 DEFINE_PROP_DRIVE("drive", OneNANDState, bdrv),
810 DEFINE_PROP_END_OF_LIST()
811 }
812};
7e7c5e4c 813
500954e3
JR		 814static void onenand_register_device(void)
815{
816 sysbus_register_withprop(&onenand_info);
7e7c5e4c 817}
c580d92b 818
500954e3 819void *onenand_raw_otp(DeviceState *onenand_device)
c580d92b 820{
500954e3 821 return FROM_SYSBUS(OneNANDState, sysbus_from_qdev(onenand_device))->otp;
c580d92b 822}
500954e3
JR		 823
824device_init(onenand_register_device)
QEMU mirror