]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * CFI parallel flash with Intel command set emulation | |
3 | * | |
4 | * Copyright (c) 2006 Thorsten Zitterell | |
5 | * Copyright (c) 2005 Jocelyn Mayer | |
6 | * | |
7 | * This library is free software; you can redistribute it and/or | |
8 | * modify it under the terms of the GNU Lesser General Public | |
9 | * License as published by the Free Software Foundation; either | |
10 | * version 2 of the License, or (at your option) any later version. | |
11 | * | |
12 | * This library is distributed in the hope that it will be useful, | |
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | * Lesser General Public License for more details. | |
16 | * | |
17 | * You should have received a copy of the GNU Lesser General Public | |
18 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. | |
19 | */ | |
20 | ||
21 | /* | |
22 | * For now, this code can emulate flashes of 1, 2 or 4 bytes width. | |
23 | * Supported commands/modes are: | |
24 | * - flash read | |
25 | * - flash write | |
26 | * - flash ID read | |
27 | * - sector erase | |
28 | * - CFI queries | |
29 | * | |
30 | * It does not support timings | |
31 | * It does not support flash interleaving | |
32 | * It does not implement software data protection as found in many real chips | |
33 | * It does not implement erase suspend/resume commands | |
34 | * It does not implement multiple sectors erase | |
35 | * | |
36 | * It does not implement much more ... | |
37 | */ | |
38 | ||
39 | #include "qemu/osdep.h" | |
40 | #include "hw/hw.h" | |
41 | #include "hw/block/flash.h" | |
42 | #include "sysemu/block-backend.h" | |
43 | #include "qemu/timer.h" | |
44 | #include "qemu/bitops.h" | |
45 | #include "exec/address-spaces.h" | |
46 | #include "qemu/host-utils.h" | |
47 | #include "hw/sysbus.h" | |
48 | ||
49 | #define PFLASH_BUG(fmt, ...) \ | |
50 | do { \ | |
51 | fprintf(stderr, "PFLASH: Possible BUG - " fmt, ## __VA_ARGS__); \ | |
52 | exit(1); \ | |
53 | } while(0) | |
54 | ||
55 | /* #define PFLASH_DEBUG */ | |
56 | #ifdef PFLASH_DEBUG | |
57 | #define DPRINTF(fmt, ...) \ | |
58 | do { \ | |
59 | fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \ | |
60 | } while (0) | |
61 | #else | |
62 | #define DPRINTF(fmt, ...) do { } while (0) | |
63 | #endif | |
64 | ||
65 | #define TYPE_CFI_PFLASH01 "cfi.pflash01" | |
66 | #define CFI_PFLASH01(obj) OBJECT_CHECK(pflash_t, (obj), TYPE_CFI_PFLASH01) | |
67 | ||
68 | #define PFLASH_BE 0 | |
69 | #define PFLASH_SECURE 1 | |
70 | ||
71 | struct pflash_t { | |
72 | /*< private >*/ | |
73 | SysBusDevice parent_obj; | |
74 | /*< public >*/ | |
75 | ||
76 | BlockBackend *blk; | |
77 | uint32_t nb_blocs; | |
78 | uint64_t sector_len; | |
79 | uint8_t bank_width; | |
80 | uint8_t device_width; /* If 0, device width not specified. */ | |
81 | uint8_t max_device_width; /* max device width in bytes */ | |
82 | uint32_t features; | |
83 | uint8_t wcycle; /* if 0, the flash is read normally */ | |
84 | int ro; | |
85 | uint8_t cmd; | |
86 | uint8_t status; | |
87 | uint16_t ident0; | |
88 | uint16_t ident1; | |
89 | uint16_t ident2; | |
90 | uint16_t ident3; | |
91 | uint8_t cfi_len; | |
92 | uint8_t cfi_table[0x52]; | |
93 | uint64_t counter; | |
94 | unsigned int writeblock_size; | |
95 | QEMUTimer *timer; | |
96 | MemoryRegion mem; | |
97 | char *name; | |
98 | void *storage; | |
99 | }; | |
100 | ||
101 | static int pflash_post_load(void *opaque, int version_id); | |
102 | ||
103 | static const VMStateDescription vmstate_pflash = { | |
104 | .name = "pflash_cfi01", | |
105 | .version_id = 1, | |
106 | .minimum_version_id = 1, | |
107 | .post_load = pflash_post_load, | |
108 | .fields = (VMStateField[]) { | |
109 | VMSTATE_UINT8(wcycle, pflash_t), | |
110 | VMSTATE_UINT8(cmd, pflash_t), | |
111 | VMSTATE_UINT8(status, pflash_t), | |
112 | VMSTATE_UINT64(counter, pflash_t), | |
113 | VMSTATE_END_OF_LIST() | |
114 | } | |
115 | }; | |
116 | ||
117 | static void pflash_timer (void *opaque) | |
118 | { | |
119 | pflash_t *pfl = opaque; | |
120 | ||
121 | DPRINTF("%s: command %02x done\n", __func__, pfl->cmd); | |
122 | /* Reset flash */ | |
123 | pfl->status ^= 0x80; | |
124 | memory_region_rom_device_set_romd(&pfl->mem, true); | |
125 | pfl->wcycle = 0; | |
126 | pfl->cmd = 0; | |
127 | } | |
128 | ||
129 | /* Perform a CFI query based on the bank width of the flash. | |
130 | * If this code is called we know we have a device_width set for | |
131 | * this flash. | |
132 | */ | |
133 | static uint32_t pflash_cfi_query(pflash_t *pfl, hwaddr offset) | |
134 | { | |
135 | int i; | |
136 | uint32_t resp = 0; | |
137 | hwaddr boff; | |
138 | ||
139 | /* Adjust incoming offset to match expected device-width | |
140 | * addressing. CFI query addresses are always specified in terms of | |
141 | * the maximum supported width of the device. This means that x8 | |
142 | * devices and x8/x16 devices in x8 mode behave differently. For | |
143 | * devices that are not used at their max width, we will be | |
144 | * provided with addresses that use higher address bits than | |
145 | * expected (based on the max width), so we will shift them lower | |
146 | * so that they will match the addresses used when | |
147 | * device_width==max_device_width. | |
148 | */ | |
149 | boff = offset >> (ctz32(pfl->bank_width) + | |
150 | ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); | |
151 | ||
152 | if (boff > pfl->cfi_len) { | |
153 | return 0; | |
154 | } | |
155 | /* Now we will construct the CFI response generated by a single | |
156 | * device, then replicate that for all devices that make up the | |
157 | * bus. For wide parts used in x8 mode, CFI query responses | |
158 | * are different than native byte-wide parts. | |
159 | */ | |
160 | resp = pfl->cfi_table[boff]; | |
161 | if (pfl->device_width != pfl->max_device_width) { | |
162 | /* The only case currently supported is x8 mode for a | |
163 | * wider part. | |
164 | */ | |
165 | if (pfl->device_width != 1 || pfl->bank_width > 4) { | |
166 | DPRINTF("%s: Unsupported device configuration: " | |
167 | "device_width=%d, max_device_width=%d\n", | |
168 | __func__, pfl->device_width, | |
169 | pfl->max_device_width); | |
170 | return 0; | |
171 | } | |
172 | /* CFI query data is repeated, rather than zero padded for | |
173 | * wide devices used in x8 mode. | |
174 | */ | |
175 | for (i = 1; i < pfl->max_device_width; i++) { | |
176 | resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]); | |
177 | } | |
178 | } | |
179 | /* Replicate responses for each device in bank. */ | |
180 | if (pfl->device_width < pfl->bank_width) { | |
181 | for (i = pfl->device_width; | |
182 | i < pfl->bank_width; i += pfl->device_width) { | |
183 | resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); | |
184 | } | |
185 | } | |
186 | ||
187 | return resp; | |
188 | } | |
189 | ||
190 | ||
191 | ||
192 | /* Perform a device id query based on the bank width of the flash. */ | |
193 | static uint32_t pflash_devid_query(pflash_t *pfl, hwaddr offset) | |
194 | { | |
195 | int i; | |
196 | uint32_t resp; | |
197 | hwaddr boff; | |
198 | ||
199 | /* Adjust incoming offset to match expected device-width | |
200 | * addressing. Device ID read addresses are always specified in | |
201 | * terms of the maximum supported width of the device. This means | |
202 | * that x8 devices and x8/x16 devices in x8 mode behave | |
203 | * differently. For devices that are not used at their max width, | |
204 | * we will be provided with addresses that use higher address bits | |
205 | * than expected (based on the max width), so we will shift them | |
206 | * lower so that they will match the addresses used when | |
207 | * device_width==max_device_width. | |
208 | */ | |
209 | boff = offset >> (ctz32(pfl->bank_width) + | |
210 | ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); | |
211 | ||
212 | /* Mask off upper bits which may be used in to query block | |
213 | * or sector lock status at other addresses. | |
214 | * Offsets 2/3 are block lock status, is not emulated. | |
215 | */ | |
216 | switch (boff & 0xFF) { | |
217 | case 0: | |
218 | resp = pfl->ident0; | |
219 | DPRINTF("%s: Manufacturer Code %04x\n", __func__, resp); | |
220 | break; | |
221 | case 1: | |
222 | resp = pfl->ident1; | |
223 | DPRINTF("%s: Device ID Code %04x\n", __func__, resp); | |
224 | break; | |
225 | default: | |
226 | DPRINTF("%s: Read Device Information offset=%x\n", __func__, | |
227 | (unsigned)offset); | |
228 | return 0; | |
229 | break; | |
230 | } | |
231 | /* Replicate responses for each device in bank. */ | |
232 | if (pfl->device_width < pfl->bank_width) { | |
233 | for (i = pfl->device_width; | |
234 | i < pfl->bank_width; i += pfl->device_width) { | |
235 | resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); | |
236 | } | |
237 | } | |
238 | ||
239 | return resp; | |
240 | } | |
241 | ||
242 | static uint32_t pflash_data_read(pflash_t *pfl, hwaddr offset, | |
243 | int width, int be) | |
244 | { | |
245 | uint8_t *p; | |
246 | uint32_t ret; | |
247 | ||
248 | p = pfl->storage; | |
249 | switch (width) { | |
250 | case 1: | |
251 | ret = p[offset]; | |
252 | DPRINTF("%s: data offset " TARGET_FMT_plx " %02x\n", | |
253 | __func__, offset, ret); | |
254 | break; | |
255 | case 2: | |
256 | if (be) { | |
257 | ret = p[offset] << 8; | |
258 | ret |= p[offset + 1]; | |
259 | } else { | |
260 | ret = p[offset]; | |
261 | ret |= p[offset + 1] << 8; | |
262 | } | |
263 | DPRINTF("%s: data offset " TARGET_FMT_plx " %04x\n", | |
264 | __func__, offset, ret); | |
265 | break; | |
266 | case 4: | |
267 | if (be) { | |
268 | ret = p[offset] << 24; | |
269 | ret |= p[offset + 1] << 16; | |
270 | ret |= p[offset + 2] << 8; | |
271 | ret |= p[offset + 3]; | |
272 | } else { | |
273 | ret = p[offset]; | |
274 | ret |= p[offset + 1] << 8; | |
275 | ret |= p[offset + 2] << 16; | |
276 | ret |= p[offset + 3] << 24; | |
277 | } | |
278 | DPRINTF("%s: data offset " TARGET_FMT_plx " %08x\n", | |
279 | __func__, offset, ret); | |
280 | break; | |
281 | default: | |
282 | DPRINTF("BUG in %s\n", __func__); | |
283 | abort(); | |
284 | } | |
285 | return ret; | |
286 | } | |
287 | ||
288 | static uint32_t pflash_read (pflash_t *pfl, hwaddr offset, | |
289 | int width, int be) | |
290 | { | |
291 | hwaddr boff; | |
292 | uint32_t ret; | |
293 | ||
294 | ret = -1; | |
295 | ||
296 | #if 0 | |
297 | DPRINTF("%s: reading offset " TARGET_FMT_plx " under cmd %02x width %d\n", | |
298 | __func__, offset, pfl->cmd, width); | |
299 | #endif | |
300 | switch (pfl->cmd) { | |
301 | default: | |
302 | /* This should never happen : reset state & treat it as a read */ | |
303 | DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd); | |
304 | pfl->wcycle = 0; | |
305 | pfl->cmd = 0; | |
306 | /* fall through to read code */ | |
307 | case 0x00: | |
308 | /* Flash area read */ | |
309 | ret = pflash_data_read(pfl, offset, width, be); | |
310 | break; | |
311 | case 0x10: /* Single byte program */ | |
312 | case 0x20: /* Block erase */ | |
313 | case 0x28: /* Block erase */ | |
314 | case 0x40: /* single byte program */ | |
315 | case 0x50: /* Clear status register */ | |
316 | case 0x60: /* Block /un)lock */ | |
317 | case 0x70: /* Status Register */ | |
318 | case 0xe8: /* Write block */ | |
319 | /* Status register read. Return status from each device in | |
320 | * bank. | |
321 | */ | |
322 | ret = pfl->status; | |
323 | if (pfl->device_width && width > pfl->device_width) { | |
324 | int shift = pfl->device_width * 8; | |
325 | while (shift + pfl->device_width * 8 <= width * 8) { | |
326 | ret |= pfl->status << shift; | |
327 | shift += pfl->device_width * 8; | |
328 | } | |
329 | } else if (!pfl->device_width && width > 2) { | |
330 | /* Handle 32 bit flash cases where device width is not | |
331 | * set. (Existing behavior before device width added.) | |
332 | */ | |
333 | ret |= pfl->status << 16; | |
334 | } | |
335 | DPRINTF("%s: status %x\n", __func__, ret); | |
336 | break; | |
337 | case 0x90: | |
338 | if (!pfl->device_width) { | |
339 | /* Preserve old behavior if device width not specified */ | |
340 | boff = offset & 0xFF; | |
341 | if (pfl->bank_width == 2) { | |
342 | boff = boff >> 1; | |
343 | } else if (pfl->bank_width == 4) { | |
344 | boff = boff >> 2; | |
345 | } | |
346 | ||
347 | switch (boff) { | |
348 | case 0: | |
349 | ret = pfl->ident0 << 8 | pfl->ident1; | |
350 | DPRINTF("%s: Manufacturer Code %04x\n", __func__, ret); | |
351 | break; | |
352 | case 1: | |
353 | ret = pfl->ident2 << 8 | pfl->ident3; | |
354 | DPRINTF("%s: Device ID Code %04x\n", __func__, ret); | |
355 | break; | |
356 | default: | |
357 | DPRINTF("%s: Read Device Information boff=%x\n", __func__, | |
358 | (unsigned)boff); | |
359 | ret = 0; | |
360 | break; | |
361 | } | |
362 | } else { | |
363 | /* If we have a read larger than the bank_width, combine multiple | |
364 | * manufacturer/device ID queries into a single response. | |
365 | */ | |
366 | int i; | |
367 | for (i = 0; i < width; i += pfl->bank_width) { | |
368 | ret = deposit32(ret, i * 8, pfl->bank_width * 8, | |
369 | pflash_devid_query(pfl, | |
370 | offset + i * pfl->bank_width)); | |
371 | } | |
372 | } | |
373 | break; | |
374 | case 0x98: /* Query mode */ | |
375 | if (!pfl->device_width) { | |
376 | /* Preserve old behavior if device width not specified */ | |
377 | boff = offset & 0xFF; | |
378 | if (pfl->bank_width == 2) { | |
379 | boff = boff >> 1; | |
380 | } else if (pfl->bank_width == 4) { | |
381 | boff = boff >> 2; | |
382 | } | |
383 | ||
384 | if (boff > pfl->cfi_len) { | |
385 | ret = 0; | |
386 | } else { | |
387 | ret = pfl->cfi_table[boff]; | |
388 | } | |
389 | } else { | |
390 | /* If we have a read larger than the bank_width, combine multiple | |
391 | * CFI queries into a single response. | |
392 | */ | |
393 | int i; | |
394 | for (i = 0; i < width; i += pfl->bank_width) { | |
395 | ret = deposit32(ret, i * 8, pfl->bank_width * 8, | |
396 | pflash_cfi_query(pfl, | |
397 | offset + i * pfl->bank_width)); | |
398 | } | |
399 | } | |
400 | ||
401 | break; | |
402 | } | |
403 | return ret; | |
404 | } | |
405 | ||
406 | /* update flash content on disk */ | |
407 | static void pflash_update(pflash_t *pfl, int offset, | |
408 | int size) | |
409 | { | |
410 | int offset_end; | |
411 | if (pfl->blk) { | |
412 | offset_end = offset + size; | |
413 | /* round to sectors */ | |
414 | offset = offset >> 9; | |
415 | offset_end = (offset_end + 511) >> 9; | |
416 | blk_write(pfl->blk, offset, pfl->storage + (offset << 9), | |
417 | offset_end - offset); | |
418 | } | |
419 | } | |
420 | ||
421 | static inline void pflash_data_write(pflash_t *pfl, hwaddr offset, | |
422 | uint32_t value, int width, int be) | |
423 | { | |
424 | uint8_t *p = pfl->storage; | |
425 | ||
426 | DPRINTF("%s: block write offset " TARGET_FMT_plx | |
427 | " value %x counter %016" PRIx64 "\n", | |
428 | __func__, offset, value, pfl->counter); | |
429 | switch (width) { | |
430 | case 1: | |
431 | p[offset] = value; | |
432 | break; | |
433 | case 2: | |
434 | if (be) { | |
435 | p[offset] = value >> 8; | |
436 | p[offset + 1] = value; | |
437 | } else { | |
438 | p[offset] = value; | |
439 | p[offset + 1] = value >> 8; | |
440 | } | |
441 | break; | |
442 | case 4: | |
443 | if (be) { | |
444 | p[offset] = value >> 24; | |
445 | p[offset + 1] = value >> 16; | |
446 | p[offset + 2] = value >> 8; | |
447 | p[offset + 3] = value; | |
448 | } else { | |
449 | p[offset] = value; | |
450 | p[offset + 1] = value >> 8; | |
451 | p[offset + 2] = value >> 16; | |
452 | p[offset + 3] = value >> 24; | |
453 | } | |
454 | break; | |
455 | } | |
456 | ||
457 | } | |
458 | ||
459 | static void pflash_write(pflash_t *pfl, hwaddr offset, | |
460 | uint32_t value, int width, int be) | |
461 | { | |
462 | uint8_t *p; | |
463 | uint8_t cmd; | |
464 | ||
465 | cmd = value; | |
466 | ||
467 | DPRINTF("%s: writing offset " TARGET_FMT_plx " value %08x width %d wcycle 0x%x\n", | |
468 | __func__, offset, value, width, pfl->wcycle); | |
469 | ||
470 | if (!pfl->wcycle) { | |
471 | /* Set the device in I/O access mode */ | |
472 | memory_region_rom_device_set_romd(&pfl->mem, false); | |
473 | } | |
474 | ||
475 | switch (pfl->wcycle) { | |
476 | case 0: | |
477 | /* read mode */ | |
478 | switch (cmd) { | |
479 | case 0x00: /* ??? */ | |
480 | goto reset_flash; | |
481 | case 0x10: /* Single Byte Program */ | |
482 | case 0x40: /* Single Byte Program */ | |
483 | DPRINTF("%s: Single Byte Program\n", __func__); | |
484 | break; | |
485 | case 0x20: /* Block erase */ | |
486 | p = pfl->storage; | |
487 | offset &= ~(pfl->sector_len - 1); | |
488 | ||
489 | DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n", | |
490 | __func__, offset, (unsigned)pfl->sector_len); | |
491 | ||
492 | if (!pfl->ro) { | |
493 | memset(p + offset, 0xff, pfl->sector_len); | |
494 | pflash_update(pfl, offset, pfl->sector_len); | |
495 | } else { | |
496 | pfl->status |= 0x20; /* Block erase error */ | |
497 | } | |
498 | pfl->status |= 0x80; /* Ready! */ | |
499 | break; | |
500 | case 0x50: /* Clear status bits */ | |
501 | DPRINTF("%s: Clear status bits\n", __func__); | |
502 | pfl->status = 0x0; | |
503 | goto reset_flash; | |
504 | case 0x60: /* Block (un)lock */ | |
505 | DPRINTF("%s: Block unlock\n", __func__); | |
506 | break; | |
507 | case 0x70: /* Status Register */ | |
508 | DPRINTF("%s: Read status register\n", __func__); | |
509 | pfl->cmd = cmd; | |
510 | return; | |
511 | case 0x90: /* Read Device ID */ | |
512 | DPRINTF("%s: Read Device information\n", __func__); | |
513 | pfl->cmd = cmd; | |
514 | return; | |
515 | case 0x98: /* CFI query */ | |
516 | DPRINTF("%s: CFI query\n", __func__); | |
517 | break; | |
518 | case 0xe8: /* Write to buffer */ | |
519 | DPRINTF("%s: Write to buffer\n", __func__); | |
520 | pfl->status |= 0x80; /* Ready! */ | |
521 | break; | |
522 | case 0xf0: /* Probe for AMD flash */ | |
523 | DPRINTF("%s: Probe for AMD flash\n", __func__); | |
524 | goto reset_flash; | |
525 | case 0xff: /* Read array mode */ | |
526 | DPRINTF("%s: Read array mode\n", __func__); | |
527 | goto reset_flash; | |
528 | default: | |
529 | goto error_flash; | |
530 | } | |
531 | pfl->wcycle++; | |
532 | pfl->cmd = cmd; | |
533 | break; | |
534 | case 1: | |
535 | switch (pfl->cmd) { | |
536 | case 0x10: /* Single Byte Program */ | |
537 | case 0x40: /* Single Byte Program */ | |
538 | DPRINTF("%s: Single Byte Program\n", __func__); | |
539 | if (!pfl->ro) { | |
540 | pflash_data_write(pfl, offset, value, width, be); | |
541 | pflash_update(pfl, offset, width); | |
542 | } else { | |
543 | pfl->status |= 0x10; /* Programming error */ | |
544 | } | |
545 | pfl->status |= 0x80; /* Ready! */ | |
546 | pfl->wcycle = 0; | |
547 | break; | |
548 | case 0x20: /* Block erase */ | |
549 | case 0x28: | |
550 | if (cmd == 0xd0) { /* confirm */ | |
551 | pfl->wcycle = 0; | |
552 | pfl->status |= 0x80; | |
553 | } else if (cmd == 0xff) { /* read array mode */ | |
554 | goto reset_flash; | |
555 | } else | |
556 | goto error_flash; | |
557 | ||
558 | break; | |
559 | case 0xe8: | |
560 | /* Mask writeblock size based on device width, or bank width if | |
561 | * device width not specified. | |
562 | */ | |
563 | if (pfl->device_width) { | |
564 | value = extract32(value, 0, pfl->device_width * 8); | |
565 | } else { | |
566 | value = extract32(value, 0, pfl->bank_width * 8); | |
567 | } | |
568 | DPRINTF("%s: block write of %x bytes\n", __func__, value); | |
569 | pfl->counter = value; | |
570 | pfl->wcycle++; | |
571 | break; | |
572 | case 0x60: | |
573 | if (cmd == 0xd0) { | |
574 | pfl->wcycle = 0; | |
575 | pfl->status |= 0x80; | |
576 | } else if (cmd == 0x01) { | |
577 | pfl->wcycle = 0; | |
578 | pfl->status |= 0x80; | |
579 | } else if (cmd == 0xff) { | |
580 | goto reset_flash; | |
581 | } else { | |
582 | DPRINTF("%s: Unknown (un)locking command\n", __func__); | |
583 | goto reset_flash; | |
584 | } | |
585 | break; | |
586 | case 0x98: | |
587 | if (cmd == 0xff) { | |
588 | goto reset_flash; | |
589 | } else { | |
590 | DPRINTF("%s: leaving query mode\n", __func__); | |
591 | } | |
592 | break; | |
593 | default: | |
594 | goto error_flash; | |
595 | } | |
596 | break; | |
597 | case 2: | |
598 | switch (pfl->cmd) { | |
599 | case 0xe8: /* Block write */ | |
600 | if (!pfl->ro) { | |
601 | pflash_data_write(pfl, offset, value, width, be); | |
602 | } else { | |
603 | pfl->status |= 0x10; /* Programming error */ | |
604 | } | |
605 | ||
606 | pfl->status |= 0x80; | |
607 | ||
608 | if (!pfl->counter) { | |
609 | hwaddr mask = pfl->writeblock_size - 1; | |
610 | mask = ~mask; | |
611 | ||
612 | DPRINTF("%s: block write finished\n", __func__); | |
613 | pfl->wcycle++; | |
614 | if (!pfl->ro) { | |
615 | /* Flush the entire write buffer onto backing storage. */ | |
616 | pflash_update(pfl, offset & mask, pfl->writeblock_size); | |
617 | } else { | |
618 | pfl->status |= 0x10; /* Programming error */ | |
619 | } | |
620 | } | |
621 | ||
622 | pfl->counter--; | |
623 | break; | |
624 | default: | |
625 | goto error_flash; | |
626 | } | |
627 | break; | |
628 | case 3: /* Confirm mode */ | |
629 | switch (pfl->cmd) { | |
630 | case 0xe8: /* Block write */ | |
631 | if (cmd == 0xd0) { | |
632 | pfl->wcycle = 0; | |
633 | pfl->status |= 0x80; | |
634 | } else { | |
635 | DPRINTF("%s: unknown command for \"write block\"\n", __func__); | |
636 | PFLASH_BUG("Write block confirm"); | |
637 | goto reset_flash; | |
638 | } | |
639 | break; | |
640 | default: | |
641 | goto error_flash; | |
642 | } | |
643 | break; | |
644 | default: | |
645 | /* Should never happen */ | |
646 | DPRINTF("%s: invalid write state\n", __func__); | |
647 | goto reset_flash; | |
648 | } | |
649 | return; | |
650 | ||
651 | error_flash: | |
652 | qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence " | |
653 | "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)" | |
654 | "\n", __func__, offset, pfl->wcycle, pfl->cmd, value); | |
655 | ||
656 | reset_flash: | |
657 | memory_region_rom_device_set_romd(&pfl->mem, true); | |
658 | ||
659 | pfl->wcycle = 0; | |
660 | pfl->cmd = 0; | |
661 | } | |
662 | ||
663 | ||
664 | static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value, | |
665 | unsigned len, MemTxAttrs attrs) | |
666 | { | |
667 | pflash_t *pfl = opaque; | |
668 | bool be = !!(pfl->features & (1 << PFLASH_BE)); | |
669 | ||
670 | if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { | |
671 | *value = pflash_data_read(opaque, addr, len, be); | |
672 | } else { | |
673 | *value = pflash_read(opaque, addr, len, be); | |
674 | } | |
675 | return MEMTX_OK; | |
676 | } | |
677 | ||
678 | static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value, | |
679 | unsigned len, MemTxAttrs attrs) | |
680 | { | |
681 | pflash_t *pfl = opaque; | |
682 | bool be = !!(pfl->features & (1 << PFLASH_BE)); | |
683 | ||
684 | if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { | |
685 | return MEMTX_ERROR; | |
686 | } else { | |
687 | pflash_write(opaque, addr, value, len, be); | |
688 | return MEMTX_OK; | |
689 | } | |
690 | } | |
691 | ||
692 | static const MemoryRegionOps pflash_cfi01_ops = { | |
693 | .read_with_attrs = pflash_mem_read_with_attrs, | |
694 | .write_with_attrs = pflash_mem_write_with_attrs, | |
695 | .endianness = DEVICE_NATIVE_ENDIAN, | |
696 | }; | |
697 | ||
698 | static void pflash_cfi01_realize(DeviceState *dev, Error **errp) | |
699 | { | |
700 | pflash_t *pfl = CFI_PFLASH01(dev); | |
701 | uint64_t total_len; | |
702 | int ret; | |
703 | uint64_t blocks_per_device, device_len; | |
704 | int num_devices; | |
705 | Error *local_err = NULL; | |
706 | ||
707 | total_len = pfl->sector_len * pfl->nb_blocs; | |
708 | ||
709 | /* These are only used to expose the parameters of each device | |
710 | * in the cfi_table[]. | |
711 | */ | |
712 | num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1; | |
713 | blocks_per_device = pfl->nb_blocs / num_devices; | |
714 | device_len = pfl->sector_len * blocks_per_device; | |
715 | ||
716 | /* XXX: to be fixed */ | |
717 | #if 0 | |
718 | if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) && | |
719 | total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024)) | |
720 | return NULL; | |
721 | #endif | |
722 | ||
723 | memory_region_init_rom_device( | |
724 | &pfl->mem, OBJECT(dev), | |
725 | &pflash_cfi01_ops, | |
726 | pfl, | |
727 | pfl->name, total_len, &local_err); | |
728 | if (local_err) { | |
729 | error_propagate(errp, local_err); | |
730 | return; | |
731 | } | |
732 | ||
733 | vmstate_register_ram(&pfl->mem, DEVICE(pfl)); | |
734 | pfl->storage = memory_region_get_ram_ptr(&pfl->mem); | |
735 | sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem); | |
736 | ||
737 | if (pfl->blk) { | |
738 | /* read the initial flash content */ | |
739 | ret = blk_read(pfl->blk, 0, pfl->storage, total_len >> 9); | |
740 | ||
741 | if (ret < 0) { | |
742 | vmstate_unregister_ram(&pfl->mem, DEVICE(pfl)); | |
743 | error_setg(errp, "failed to read the initial flash content"); | |
744 | return; | |
745 | } | |
746 | } | |
747 | ||
748 | if (pfl->blk) { | |
749 | pfl->ro = blk_is_read_only(pfl->blk); | |
750 | } else { | |
751 | pfl->ro = 0; | |
752 | } | |
753 | ||
754 | /* Default to devices being used at their maximum device width. This was | |
755 | * assumed before the device_width support was added. | |
756 | */ | |
757 | if (!pfl->max_device_width) { | |
758 | pfl->max_device_width = pfl->device_width; | |
759 | } | |
760 | ||
761 | pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl); | |
762 | pfl->wcycle = 0; | |
763 | pfl->cmd = 0; | |
764 | pfl->status = 0; | |
765 | /* Hardcoded CFI table */ | |
766 | pfl->cfi_len = 0x52; | |
767 | /* Standard "QRY" string */ | |
768 | pfl->cfi_table[0x10] = 'Q'; | |
769 | pfl->cfi_table[0x11] = 'R'; | |
770 | pfl->cfi_table[0x12] = 'Y'; | |
771 | /* Command set (Intel) */ | |
772 | pfl->cfi_table[0x13] = 0x01; | |
773 | pfl->cfi_table[0x14] = 0x00; | |
774 | /* Primary extended table address (none) */ | |
775 | pfl->cfi_table[0x15] = 0x31; | |
776 | pfl->cfi_table[0x16] = 0x00; | |
777 | /* Alternate command set (none) */ | |
778 | pfl->cfi_table[0x17] = 0x00; | |
779 | pfl->cfi_table[0x18] = 0x00; | |
780 | /* Alternate extended table (none) */ | |
781 | pfl->cfi_table[0x19] = 0x00; | |
782 | pfl->cfi_table[0x1A] = 0x00; | |
783 | /* Vcc min */ | |
784 | pfl->cfi_table[0x1B] = 0x45; | |
785 | /* Vcc max */ | |
786 | pfl->cfi_table[0x1C] = 0x55; | |
787 | /* Vpp min (no Vpp pin) */ | |
788 | pfl->cfi_table[0x1D] = 0x00; | |
789 | /* Vpp max (no Vpp pin) */ | |
790 | pfl->cfi_table[0x1E] = 0x00; | |
791 | /* Reserved */ | |
792 | pfl->cfi_table[0x1F] = 0x07; | |
793 | /* Timeout for min size buffer write */ | |
794 | pfl->cfi_table[0x20] = 0x07; | |
795 | /* Typical timeout for block erase */ | |
796 | pfl->cfi_table[0x21] = 0x0a; | |
797 | /* Typical timeout for full chip erase (4096 ms) */ | |
798 | pfl->cfi_table[0x22] = 0x00; | |
799 | /* Reserved */ | |
800 | pfl->cfi_table[0x23] = 0x04; | |
801 | /* Max timeout for buffer write */ | |
802 | pfl->cfi_table[0x24] = 0x04; | |
803 | /* Max timeout for block erase */ | |
804 | pfl->cfi_table[0x25] = 0x04; | |
805 | /* Max timeout for chip erase */ | |
806 | pfl->cfi_table[0x26] = 0x00; | |
807 | /* Device size */ | |
808 | pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */ | |
809 | /* Flash device interface (8 & 16 bits) */ | |
810 | pfl->cfi_table[0x28] = 0x02; | |
811 | pfl->cfi_table[0x29] = 0x00; | |
812 | /* Max number of bytes in multi-bytes write */ | |
813 | if (pfl->bank_width == 1) { | |
814 | pfl->cfi_table[0x2A] = 0x08; | |
815 | } else { | |
816 | pfl->cfi_table[0x2A] = 0x0B; | |
817 | } | |
818 | pfl->writeblock_size = 1 << pfl->cfi_table[0x2A]; | |
819 | ||
820 | pfl->cfi_table[0x2B] = 0x00; | |
821 | /* Number of erase block regions (uniform) */ | |
822 | pfl->cfi_table[0x2C] = 0x01; | |
823 | /* Erase block region 1 */ | |
824 | pfl->cfi_table[0x2D] = blocks_per_device - 1; | |
825 | pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8; | |
826 | pfl->cfi_table[0x2F] = pfl->sector_len >> 8; | |
827 | pfl->cfi_table[0x30] = pfl->sector_len >> 16; | |
828 | ||
829 | /* Extended */ | |
830 | pfl->cfi_table[0x31] = 'P'; | |
831 | pfl->cfi_table[0x32] = 'R'; | |
832 | pfl->cfi_table[0x33] = 'I'; | |
833 | ||
834 | pfl->cfi_table[0x34] = '1'; | |
835 | pfl->cfi_table[0x35] = '0'; | |
836 | ||
837 | pfl->cfi_table[0x36] = 0x00; | |
838 | pfl->cfi_table[0x37] = 0x00; | |
839 | pfl->cfi_table[0x38] = 0x00; | |
840 | pfl->cfi_table[0x39] = 0x00; | |
841 | ||
842 | pfl->cfi_table[0x3a] = 0x00; | |
843 | ||
844 | pfl->cfi_table[0x3b] = 0x00; | |
845 | pfl->cfi_table[0x3c] = 0x00; | |
846 | ||
847 | pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */ | |
848 | } | |
849 | ||
850 | static Property pflash_cfi01_properties[] = { | |
851 | DEFINE_PROP_DRIVE("drive", struct pflash_t, blk), | |
852 | /* num-blocks is the number of blocks actually visible to the guest, | |
853 | * ie the total size of the device divided by the sector length. | |
854 | * If we're emulating flash devices wired in parallel the actual | |
855 | * number of blocks per indvidual device will differ. | |
856 | */ | |
857 | DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0), | |
858 | DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0), | |
859 | /* width here is the overall width of this QEMU device in bytes. | |
860 | * The QEMU device may be emulating a number of flash devices | |
861 | * wired up in parallel; the width of each individual flash | |
862 | * device should be specified via device-width. If the individual | |
863 | * devices have a maximum width which is greater than the width | |
864 | * they are being used for, this maximum width should be set via | |
865 | * max-device-width (which otherwise defaults to device-width). | |
866 | * So for instance a 32-bit wide QEMU flash device made from four | |
867 | * 16-bit flash devices used in 8-bit wide mode would be configured | |
868 | * with width = 4, device-width = 1, max-device-width = 2. | |
869 | * | |
870 | * If device-width is not specified we default to backwards | |
871 | * compatible behaviour which is a bad emulation of two | |
872 | * 16 bit devices making up a 32 bit wide QEMU device. This | |
873 | * is deprecated for new uses of this device. | |
874 | */ | |
875 | DEFINE_PROP_UINT8("width", struct pflash_t, bank_width, 0), | |
876 | DEFINE_PROP_UINT8("device-width", struct pflash_t, device_width, 0), | |
877 | DEFINE_PROP_UINT8("max-device-width", struct pflash_t, max_device_width, 0), | |
878 | DEFINE_PROP_BIT("big-endian", struct pflash_t, features, PFLASH_BE, 0), | |
879 | DEFINE_PROP_BIT("secure", struct pflash_t, features, PFLASH_SECURE, 0), | |
880 | DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0), | |
881 | DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0), | |
882 | DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0), | |
883 | DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0), | |
884 | DEFINE_PROP_STRING("name", struct pflash_t, name), | |
885 | DEFINE_PROP_END_OF_LIST(), | |
886 | }; | |
887 | ||
888 | static void pflash_cfi01_class_init(ObjectClass *klass, void *data) | |
889 | { | |
890 | DeviceClass *dc = DEVICE_CLASS(klass); | |
891 | ||
892 | dc->realize = pflash_cfi01_realize; | |
893 | dc->props = pflash_cfi01_properties; | |
894 | dc->vmsd = &vmstate_pflash; | |
895 | set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); | |
896 | } | |
897 | ||
898 | ||
899 | static const TypeInfo pflash_cfi01_info = { | |
900 | .name = TYPE_CFI_PFLASH01, | |
901 | .parent = TYPE_SYS_BUS_DEVICE, | |
902 | .instance_size = sizeof(struct pflash_t), | |
903 | .class_init = pflash_cfi01_class_init, | |
904 | }; | |
905 | ||
906 | static void pflash_cfi01_register_types(void) | |
907 | { | |
908 | type_register_static(&pflash_cfi01_info); | |
909 | } | |
910 | ||
911 | type_init(pflash_cfi01_register_types) | |
912 | ||
913 | pflash_t *pflash_cfi01_register(hwaddr base, | |
914 | DeviceState *qdev, const char *name, | |
915 | hwaddr size, | |
916 | BlockBackend *blk, | |
917 | uint32_t sector_len, int nb_blocs, | |
918 | int bank_width, uint16_t id0, uint16_t id1, | |
919 | uint16_t id2, uint16_t id3, int be) | |
920 | { | |
921 | DeviceState *dev = qdev_create(NULL, TYPE_CFI_PFLASH01); | |
922 | ||
923 | if (blk) { | |
924 | qdev_prop_set_drive(dev, "drive", blk, &error_abort); | |
925 | } | |
926 | qdev_prop_set_uint32(dev, "num-blocks", nb_blocs); | |
927 | qdev_prop_set_uint64(dev, "sector-length", sector_len); | |
928 | qdev_prop_set_uint8(dev, "width", bank_width); | |
929 | qdev_prop_set_bit(dev, "big-endian", !!be); | |
930 | qdev_prop_set_uint16(dev, "id0", id0); | |
931 | qdev_prop_set_uint16(dev, "id1", id1); | |
932 | qdev_prop_set_uint16(dev, "id2", id2); | |
933 | qdev_prop_set_uint16(dev, "id3", id3); | |
934 | qdev_prop_set_string(dev, "name", name); | |
935 | qdev_init_nofail(dev); | |
936 | ||
937 | sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); | |
938 | return CFI_PFLASH01(dev); | |
939 | } | |
940 | ||
941 | MemoryRegion *pflash_cfi01_get_memory(pflash_t *fl) | |
942 | { | |
943 | return &fl->mem; | |
944 | } | |
945 | ||
946 | static int pflash_post_load(void *opaque, int version_id) | |
947 | { | |
948 | pflash_t *pfl = opaque; | |
949 | ||
950 | if (!pfl->ro) { | |
951 | DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name); | |
952 | pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs); | |
953 | } | |
954 | return 0; | |
955 | } |