*
* It does not support flash interleaving.
* It does not implement software data protection as found in many real chips
- * It does not implement erase suspend/resume commands
- * It does not implement multiple sectors erase
*/
#include "qemu/osdep.h"
#include "hw/block/block.h"
#include "hw/block/flash.h"
#include "qapi/error.h"
+#include "qemu/bitmap.h"
#include "qemu/timer.h"
#include "sysemu/block-backend.h"
#include "qemu/host-utils.h"
/* Special write cycles for CFI queries. */
enum {
WCYCLE_CFI = 7,
+ WCYCLE_AUTOSELECT_CFI = 8,
};
struct PFlashCFI02 {
BlockBackend *blk;
uint32_t uniform_nb_blocs;
uint32_t uniform_sector_len;
+ uint32_t total_sectors;
uint32_t nb_blocs[PFLASH_MAX_ERASE_REGIONS];
uint32_t sector_len[PFLASH_MAX_ERASE_REGIONS];
uint32_t chip_len;
MemoryRegion orig_mem;
int rom_mode;
int read_counter; /* used for lazy switch-back to rom mode */
+ int sectors_to_erase;
+ uint64_t erase_time_remaining;
+ unsigned long *sector_erase_map;
char *name;
void *storage;
};
pfl->status ^= 0x40;
}
+/*
+ * Turn on DQ3.
+ */
+static inline void assert_dq3(PFlashCFI02 *pfl)
+{
+ pfl->status |= 0x08;
+}
+
+/*
+ * Turn off DQ3.
+ */
+static inline void reset_dq3(PFlashCFI02 *pfl)
+{
+ pfl->status &= ~0x08;
+}
+
+/*
+ * Toggle status bit DQ2.
+ */
+static inline void toggle_dq2(PFlashCFI02 *pfl)
+{
+ pfl->status ^= 0x04;
+}
+
/*
* Set up replicated mappings of the same region.
*/
pfl->rom_mode = rom_mode;
}
-static void pflash_timer (void *opaque)
+static size_t pflash_regions_count(PFlashCFI02 *pfl)
+{
+ return pfl->cfi_table[0x2c];
+}
+
+/*
+ * Returns the time it takes to erase the number of sectors scheduled for
+ * erasure based on CFI address 0x21 which is "Typical timeout per individual
+ * block erase 2^N ms."
+ */
+static uint64_t pflash_erase_time(PFlashCFI02 *pfl)
+{
+ /*
+ * If there are no sectors to erase (which can happen if all of the sectors
+ * to be erased are protected), then erase takes 100 us. Protected sectors
+ * aren't supported so this should never happen.
+ */
+ return ((1ULL << pfl->cfi_table[0x21]) * pfl->sectors_to_erase) * SCALE_US;
+}
+
+/*
+ * Returns true if the device is currently in erase suspend mode.
+ */
+static inline bool pflash_erase_suspend_mode(PFlashCFI02 *pfl)
+{
+ return pfl->erase_time_remaining > 0;
+}
+
+static void pflash_timer(void *opaque)
{
PFlashCFI02 *pfl = opaque;
trace_pflash_timer_expired(pfl->cmd);
+ if (pfl->cmd == 0x30) {
+ /*
+ * Sector erase. If DQ3 is 0 when the timer expires, then the 50
+ * us erase timeout has expired so we need to start the timer for the
+ * sector erase algorithm. Otherwise, the erase completed and we should
+ * go back to read array mode.
+ */
+ if ((pfl->status & 0x08) == 0) {
+ assert_dq3(pfl);
+ uint64_t timeout = pflash_erase_time(pfl);
+ timer_mod(&pfl->timer,
+ qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + timeout);
+ DPRINTF("%s: erase timeout fired; erasing %d sectors\n",
+ __func__, pfl->sectors_to_erase);
+ return;
+ }
+ DPRINTF("%s: sector erase complete\n", __func__);
+ bitmap_zero(pfl->sector_erase_map, pfl->total_sectors);
+ pfl->sectors_to_erase = 0;
+ reset_dq3(pfl);
+ }
+
/* Reset flash */
toggle_dq7(pfl);
if (pfl->bypass) {
return ret;
}
+typedef struct {
+ uint32_t len;
+ uint32_t num;
+} SectorInfo;
+
/*
* offset should be a byte offset of the QEMU device and _not_ a device
* offset.
*/
-static uint32_t pflash_sector_len(PFlashCFI02 *pfl, hwaddr offset)
+static SectorInfo pflash_sector_info(PFlashCFI02 *pfl, hwaddr offset)
{
assert(offset < pfl->chip_len);
- int nb_regions = pfl->cfi_table[0x2C];
hwaddr addr = 0;
- for (int i = 0; i < nb_regions; ++i) {
+ uint32_t sector_num = 0;
+ for (int i = 0; i < pflash_regions_count(pfl); ++i) {
uint64_t region_size = (uint64_t)pfl->nb_blocs[i] * pfl->sector_len[i];
if (addr <= offset && offset < addr + region_size) {
- return pfl->sector_len[i];
+ return (SectorInfo) {
+ .len = pfl->sector_len[i],
+ .num = sector_num + (offset - addr) / pfl->sector_len[i],
+ };
}
+ sector_num += pfl->nb_blocs[i];
addr += region_size;
}
abort();
}
+/*
+ * Returns true if the offset refers to a flash sector that is currently being
+ * erased.
+ */
+static bool pflash_sector_is_erasing(PFlashCFI02 *pfl, hwaddr offset)
+{
+ long sector_num = pflash_sector_info(pfl, offset).num;
+ return test_bit(sector_num, pfl->sector_erase_map);
+}
+
static uint64_t pflash_read(void *opaque, hwaddr offset, unsigned int width)
{
PFlashCFI02 *pfl = opaque;
boff = offset & 0xFF;
if (pfl->width == 2) {
boff = boff >> 1;
- } else if (pfl->width == 4) {
- boff = boff >> 2;
}
switch (pfl->cmd) {
default:
pfl->wcycle = 0;
pfl->cmd = 0;
/* fall through to the read code */
- case 0x80:
+ case 0x80: /* Erase (unlock) */
/* We accept reads during second unlock sequence... */
case 0x00:
+ if (pflash_erase_suspend_mode(pfl) &&
+ pflash_sector_is_erasing(pfl, offset)) {
+ /* Toggle bit 2, but not 6. */
+ toggle_dq2(pfl);
+ /* Status register read */
+ ret = pfl->status;
+ DPRINTF("%s: status %" PRIx64 "\n", __func__, ret);
+ break;
+ }
/* Flash area read */
ret = pflash_data_read(pfl, offset, width);
break;
- case 0x90:
- /* flash ID read */
+ case 0x90: /* flash ID read */
switch (boff) {
case 0x00:
case 0x01:
}
DPRINTF("%s: ID " TARGET_FMT_plx " %" PRIx64 "\n", __func__, boff, ret);
break;
- case 0xA0:
- case 0x10:
- case 0x30:
+ case 0x10: /* Chip Erase */
+ case 0x30: /* Sector Erase */
+ /* Toggle bit 2 during erase, but not program. */
+ toggle_dq2(pfl);
+ case 0xA0: /* Program */
+ /* Toggle bit 6 */
+ toggle_dq6(pfl);
/* Status register read */
ret = pfl->status;
DPRINTF("%s: status %" PRIx64 "\n", __func__, ret);
- toggle_dq6(pfl);
break;
case 0x98:
/* CFI query mode */
}
}
+static void pflash_sector_erase(PFlashCFI02 *pfl, hwaddr offset)
+{
+ SectorInfo sector_info = pflash_sector_info(pfl, offset);
+ uint64_t sector_len = sector_info.len;
+ offset &= ~(sector_len - 1);
+ DPRINTF("%s: start sector erase at %0*" PRIx64 "-%0*" PRIx64 "\n",
+ __func__, pfl->width * 2, offset,
+ pfl->width * 2, offset + sector_len - 1);
+ if (!pfl->ro) {
+ uint8_t *p = pfl->storage;
+ memset(p + offset, 0xff, sector_len);
+ pflash_update(pfl, offset, sector_len);
+ }
+ set_dq7(pfl, 0x00);
+ ++pfl->sectors_to_erase;
+ set_bit(sector_info.num, pfl->sector_erase_map);
+ /* Set (or reset) the 50 us timer for additional erase commands. */
+ timer_mod(&pfl->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 50000);
+}
+
static void pflash_write(void *opaque, hwaddr offset, uint64_t value,
unsigned int width)
{
hwaddr boff;
uint8_t *p;
uint8_t cmd;
- uint32_t sector_len;
trace_pflash_io_write(offset, width, width << 1, value, pfl->wcycle);
cmd = value;
- if (pfl->cmd != 0xA0 && cmd == 0xF0) {
- goto reset_flash;
+ if (pfl->cmd != 0xA0) {
+ /* Reset does nothing during chip erase and sector erase. */
+ if (cmd == 0xF0 && pfl->cmd != 0x10 && pfl->cmd != 0x30) {
+ if (pfl->wcycle == WCYCLE_AUTOSELECT_CFI) {
+ /* Return to autoselect mode. */
+ pfl->wcycle = 3;
+ pfl->cmd = 0x90;
+ return;
+ }
+ goto reset_flash;
+ }
}
offset &= pfl->chip_len - 1;
boff = offset;
if (pfl->width == 2) {
boff = boff >> 1;
- } else if (pfl->width == 4) {
- boff = boff >> 2;
}
/* Only the least-significant 11 bits are used in most cases. */
boff &= 0x7FF;
/* We're in read mode */
check_unlock0:
if (boff == 0x55 && cmd == 0x98) {
- enter_CFI_mode:
/* Enter CFI query mode */
pfl->wcycle = WCYCLE_CFI;
pfl->cmd = 0x98;
return;
}
+ /* Handle erase resume in erase suspend mode, otherwise reset. */
+ if (cmd == 0x30) { /* Erase Resume */
+ if (pflash_erase_suspend_mode(pfl)) {
+ /* Resume the erase. */
+ timer_mod(&pfl->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
+ pfl->erase_time_remaining);
+ pfl->erase_time_remaining = 0;
+ pfl->wcycle = 6;
+ pfl->cmd = 0x30;
+ set_dq7(pfl, 0x00);
+ assert_dq3(pfl);
+ return;
+ }
+ goto reset_flash;
+ }
+ /* Ignore erase suspend. */
+ if (cmd == 0xB0) { /* Erase Suspend */
+ return;
+ }
if (boff != pfl->unlock_addr0 || cmd != 0xAA) {
DPRINTF("%s: unlock0 failed " TARGET_FMT_plx " %02x %04x\n",
__func__, boff, cmd, pfl->unlock_addr0);
case 0x20:
pfl->bypass = 1;
goto do_bypass;
- case 0x80:
- case 0x90:
- case 0xA0:
+ case 0x80: /* Erase */
+ case 0x90: /* Autoselect */
+ case 0xA0: /* Program */
pfl->cmd = cmd;
DPRINTF("%s: starting command %02x\n", __func__, cmd);
break;
break;
case 3:
switch (pfl->cmd) {
- case 0x80:
+ case 0x80: /* Erase */
/* We need another unlock sequence */
goto check_unlock0;
- case 0xA0:
+ case 0xA0: /* Program */
+ if (pflash_erase_suspend_mode(pfl) &&
+ pflash_sector_is_erasing(pfl, offset)) {
+ /* Ignore writes to erasing sectors. */
+ if (pfl->bypass) {
+ goto do_bypass;
+ }
+ goto reset_flash;
+ }
trace_pflash_data_write(offset, width << 1, value, 0);
if (!pfl->ro) {
p = (uint8_t *)pfl->storage + offset;
if (pfl->bypass)
goto do_bypass;
goto reset_flash;
- case 0x90:
+ case 0x90: /* Autoselect */
if (pfl->bypass && cmd == 0x00) {
/* Unlock bypass reset */
goto reset_flash;
}
- /* We can enter CFI query mode from autoselect mode */
- if (boff == 0x55 && cmd == 0x98)
- goto enter_CFI_mode;
+ /*
+ * We can enter CFI query mode from autoselect mode, but we must
+ * return to autoselect mode after a reset.
+ */
+ if (boff == 0x55 && cmd == 0x98) {
+ /* Enter autoselect CFI query mode */
+ pfl->wcycle = WCYCLE_AUTOSELECT_CFI;
+ pfl->cmd = 0x98;
+ return;
+ }
/* No break here */
default:
DPRINTF("%s: invalid write for command %02x\n",
}
case 4:
switch (pfl->cmd) {
- case 0xA0:
+ case 0xA0: /* Program */
/* Ignore writes while flash data write is occurring */
/* As we suppose write is immediate, this should never happen */
return;
- case 0x80:
+ case 0x80: /* Erase */
goto check_unlock1;
default:
/* Should never happen */
}
break;
case 5:
+ if (pflash_erase_suspend_mode(pfl)) {
+ /* Erasing is not supported in erase suspend mode. */
+ goto reset_flash;
+ }
switch (cmd) {
- case 0x10:
+ case 0x10: /* Chip Erase */
if (boff != pfl->unlock_addr0) {
DPRINTF("%s: chip erase: invalid address " TARGET_FMT_plx "\n",
__func__, offset);
pflash_update(pfl, 0, pfl->chip_len);
}
set_dq7(pfl, 0x00);
- /* Let's wait 5 seconds before chip erase is done */
+ /* Wait the time specified at CFI address 0x22. */
timer_mod(&pfl->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
- (NANOSECONDS_PER_SECOND * 5));
+ (1ULL << pfl->cfi_table[0x22]) * SCALE_MS);
break;
- case 0x30:
- /* Sector erase */
- p = pfl->storage;
- sector_len = pflash_sector_len(pfl, offset);
- offset &= ~(sector_len - 1);
- DPRINTF("%s: start sector erase at %0*" PRIx64 "-%0*" PRIx64 "\n",
- __func__, pfl->width * 2, offset,
- pfl->width * 2, offset + sector_len - 1);
- if (!pfl->ro) {
- memset(p + offset, 0xff, sector_len);
- pflash_update(pfl, offset, sector_len);
- }
- set_dq7(pfl, 0x00);
- /* Let's wait 1/2 second before sector erase is done */
- timer_mod(&pfl->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
- (NANOSECONDS_PER_SECOND / 2));
+ case 0x30: /* Sector erase */
+ pflash_sector_erase(pfl, offset);
break;
default:
DPRINTF("%s: invalid command %02x (wc 5)\n", __func__, cmd);
break;
case 6:
switch (pfl->cmd) {
- case 0x10:
+ case 0x10: /* Chip Erase */
/* Ignore writes during chip erase */
return;
- case 0x30:
- /* Ignore writes during sector erase */
+ case 0x30: /* Sector erase */
+ if (cmd == 0xB0) {
+ /*
+ * If erase suspend happens during the erase timeout (so DQ3 is
+ * 0), then the device suspends erasing immediately. Set the
+ * remaining time to be the total time to erase. Otherwise,
+ * there is a maximum amount of time it can take to enter
+ * suspend mode. Let's ignore that and suspend immediately and
+ * set the remaining time to the actual time remaining on the
+ * timer.
+ */
+ if ((pfl->status & 0x08) == 0) {
+ pfl->erase_time_remaining = pflash_erase_time(pfl);
+ } else {
+ int64_t delta = timer_expire_time_ns(&pfl->timer) -
+ qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
+ /* Make sure we have a positive time remaining. */
+ pfl->erase_time_remaining = delta <= 0 ? 1 : delta;
+ }
+ reset_dq3(pfl);
+ timer_del(&pfl->timer);
+ pfl->wcycle = 0;
+ pfl->cmd = 0;
+ return;
+ }
+ /*
+ * If DQ3 is 0, additional sector erase commands can be
+ * written and anything else (other than an erase suspend) resets
+ * the device.
+ */
+ if ((pfl->status & 0x08) == 0) {
+ if (cmd == 0x30) {
+ pflash_sector_erase(pfl, offset);
+ } else {
+ goto reset_flash;
+ }
+ }
+ /* Ignore writes during the actual erase. */
return;
default:
/* Should never happen */
break;
/* Special values for CFI queries */
case WCYCLE_CFI:
+ case WCYCLE_AUTOSELECT_CFI:
DPRINTF("%s: invalid write in CFI query mode\n", __func__);
goto reset_flash;
default:
static const MemoryRegionOps pflash_cfi02_ops = {
.read = pflash_read,
.write = pflash_write,
+ .impl.max_access_size = 2,
.valid.min_access_size = 1,
.valid.max_access_size = 4,
.endianness = DEVICE_NATIVE_ENDIAN,
int nb_regions;
pfl->chip_len = 0;
+ pfl->total_sectors = 0;
for (nb_regions = 0; nb_regions < PFLASH_MAX_ERASE_REGIONS; ++nb_regions) {
if (pfl->nb_blocs[nb_regions] == 0) {
break;
}
+ pfl->total_sectors += pfl->nb_blocs[nb_regions];
uint64_t sector_len_per_device = pfl->sector_len[nb_regions];
/*
pfl->nb_blocs[0] = pfl->uniform_nb_blocs;
pfl->sector_len[0] = pfl->uniform_sector_len;
pfl->chip_len = uniform_len;
+ pfl->total_sectors = pfl->uniform_nb_blocs;
} else if (uniform_len != 0 && uniform_len != pfl->chip_len) {
error_setg(errp, "\"num-blocks\"*\"sector-length\" "
"different from \"num-blocks0\"*\'sector-length0\" + ... + "
pfl->unlock_addr0 &= 0x7FF;
pfl->unlock_addr1 &= 0x7FF;
+ /* Allocate memory for a bitmap for sectors being erased. */
+ pfl->sector_erase_map = bitmap_new(pfl->total_sectors);
+
pflash_setup_mappings(pfl);
pfl->rom_mode = 1;
sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem);
/* Address sensitive unlock required. */
pfl->cfi_table[0x05 + pri_ofs] = 0x00;
- /* Erase suspend not supported. */
- pfl->cfi_table[0x06 + pri_ofs] = 0x00;
+ /* Erase suspend to read/write. */
+ pfl->cfi_table[0x06 + pri_ofs] = 0x02;
/* Sector protect not supported. */
pfl->cfi_table[0x07 + pri_ofs] = 0x00;
/* Temporary sector unprotect not supported. */
{
PFlashCFI02 *pfl = PFLASH_CFI02(dev);
timer_del(&pfl->timer);
+ g_free(pfl->sector_erase_map);
}
static void pflash_cfi02_class_init(ObjectClass *klass, void *data)
projects / mirror_qemu.git / blobdiff