]>
Commit | Line | Data |
---|---|---|
05ee37eb AZ |
1 | /* |
2 | * CFI parallel flash with Intel command set emulation | |
3 | * | |
4 | * Copyright (c) 2006 Thorsten Zitterell | |
5 | * Copyright (c) 2005 Jocelyn Mayer | |
6 | * | |
7 | * This library is free software; you can redistribute it and/or | |
8 | * modify it under the terms of the GNU Lesser General Public | |
9 | * License as published by the Free Software Foundation; either | |
10 | * version 2 of the License, or (at your option) any later version. | |
11 | * | |
12 | * This library is distributed in the hope that it will be useful, | |
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | * Lesser General Public License for more details. | |
16 | * | |
17 | * You should have received a copy of the GNU Lesser General Public | |
8167ee88 | 18 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. |
05ee37eb AZ |
19 | */ |
20 | ||
21 | /* | |
22 | * For now, this code can emulate flashes of 1, 2 or 4 bytes width. | |
23 | * Supported commands/modes are: | |
24 | * - flash read | |
25 | * - flash write | |
26 | * - flash ID read | |
27 | * - sector erase | |
28 | * - CFI queries | |
29 | * | |
30 | * It does not support timings | |
31 | * It does not support flash interleaving | |
32 | * It does not implement software data protection as found in many real chips | |
33 | * It does not implement erase suspend/resume commands | |
34 | * It does not implement multiple sectors erase | |
35 | * | |
36 | * It does not implement much more ... | |
37 | */ | |
38 | ||
80c71a24 | 39 | #include "qemu/osdep.h" |
83c9f4ca | 40 | #include "hw/hw.h" |
0d09e41a | 41 | #include "hw/block/flash.h" |
4be74634 | 42 | #include "sysemu/block-backend.h" |
1de7afc9 | 43 | #include "qemu/timer.h" |
1997b485 | 44 | #include "qemu/bitops.h" |
022c62cb | 45 | #include "exec/address-spaces.h" |
1de7afc9 | 46 | #include "qemu/host-utils.h" |
83c9f4ca | 47 | #include "hw/sysbus.h" |
05ee37eb | 48 | |
001faf32 | 49 | #define PFLASH_BUG(fmt, ...) \ |
05ee37eb | 50 | do { \ |
ec9ea489 | 51 | fprintf(stderr, "PFLASH: Possible BUG - " fmt, ## __VA_ARGS__); \ |
05ee37eb AZ |
52 | exit(1); \ |
53 | } while(0) | |
54 | ||
55 | /* #define PFLASH_DEBUG */ | |
56 | #ifdef PFLASH_DEBUG | |
ec9ea489 PC |
57 | #define DPRINTF(fmt, ...) \ |
58 | do { \ | |
59 | fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \ | |
05ee37eb AZ |
60 | } while (0) |
61 | #else | |
001faf32 | 62 | #define DPRINTF(fmt, ...) do { } while (0) |
05ee37eb AZ |
63 | #endif |
64 | ||
f1b44f0e HT |
65 | #define TYPE_CFI_PFLASH01 "cfi.pflash01" |
66 | #define CFI_PFLASH01(obj) OBJECT_CHECK(pflash_t, (obj), TYPE_CFI_PFLASH01) | |
67 | ||
e9809422 | 68 | #define PFLASH_BE 0 |
f71e42a5 | 69 | #define PFLASH_SECURE 1 |
e9809422 | 70 | |
c227f099 | 71 | struct pflash_t { |
f1b44f0e HT |
72 | /*< private >*/ |
73 | SysBusDevice parent_obj; | |
74 | /*< public >*/ | |
75 | ||
4be74634 | 76 | BlockBackend *blk; |
368a354f PC |
77 | uint32_t nb_blocs; |
78 | uint64_t sector_len; | |
4b6fedca | 79 | uint8_t bank_width; |
1997b485 | 80 | uint8_t device_width; /* If 0, device width not specified. */ |
fa21a7b1 | 81 | uint8_t max_device_width; /* max device width in bytes */ |
e9809422 | 82 | uint32_t features; |
d8d24fb7 | 83 | uint8_t wcycle; /* if 0, the flash is read normally */ |
05ee37eb AZ |
84 | int ro; |
85 | uint8_t cmd; | |
86 | uint8_t status; | |
368a354f PC |
87 | uint16_t ident0; |
88 | uint16_t ident1; | |
89 | uint16_t ident2; | |
90 | uint16_t ident3; | |
05ee37eb AZ |
91 | uint8_t cfi_len; |
92 | uint8_t cfi_table[0x52]; | |
d8d24fb7 | 93 | uint64_t counter; |
b4bf0a9a | 94 | unsigned int writeblock_size; |
05ee37eb | 95 | QEMUTimer *timer; |
cfe5f011 | 96 | MemoryRegion mem; |
368a354f | 97 | char *name; |
05ee37eb AZ |
98 | void *storage; |
99 | }; | |
100 | ||
4c0cfc72 LE |
101 | static int pflash_post_load(void *opaque, int version_id); |
102 | ||
d8d24fb7 PM |
103 | static const VMStateDescription vmstate_pflash = { |
104 | .name = "pflash_cfi01", | |
105 | .version_id = 1, | |
106 | .minimum_version_id = 1, | |
4c0cfc72 | 107 | .post_load = pflash_post_load, |
d8d24fb7 PM |
108 | .fields = (VMStateField[]) { |
109 | VMSTATE_UINT8(wcycle, pflash_t), | |
110 | VMSTATE_UINT8(cmd, pflash_t), | |
111 | VMSTATE_UINT8(status, pflash_t), | |
112 | VMSTATE_UINT64(counter, pflash_t), | |
113 | VMSTATE_END_OF_LIST() | |
114 | } | |
115 | }; | |
116 | ||
05ee37eb AZ |
117 | static void pflash_timer (void *opaque) |
118 | { | |
c227f099 | 119 | pflash_t *pfl = opaque; |
05ee37eb AZ |
120 | |
121 | DPRINTF("%s: command %02x done\n", __func__, pfl->cmd); | |
122 | /* Reset flash */ | |
123 | pfl->status ^= 0x80; | |
5f9a5ea1 | 124 | memory_region_rom_device_set_romd(&pfl->mem, true); |
5d79b80b | 125 | pfl->wcycle = 0; |
05ee37eb AZ |
126 | pfl->cmd = 0; |
127 | } | |
128 | ||
4433e660 RF |
129 | /* Perform a CFI query based on the bank width of the flash. |
130 | * If this code is called we know we have a device_width set for | |
131 | * this flash. | |
132 | */ | |
133 | static uint32_t pflash_cfi_query(pflash_t *pfl, hwaddr offset) | |
134 | { | |
135 | int i; | |
136 | uint32_t resp = 0; | |
137 | hwaddr boff; | |
138 | ||
139 | /* Adjust incoming offset to match expected device-width | |
140 | * addressing. CFI query addresses are always specified in terms of | |
141 | * the maximum supported width of the device. This means that x8 | |
142 | * devices and x8/x16 devices in x8 mode behave differently. For | |
143 | * devices that are not used at their max width, we will be | |
144 | * provided with addresses that use higher address bits than | |
145 | * expected (based on the max width), so we will shift them lower | |
146 | * so that they will match the addresses used when | |
147 | * device_width==max_device_width. | |
148 | */ | |
149 | boff = offset >> (ctz32(pfl->bank_width) + | |
150 | ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); | |
151 | ||
152 | if (boff > pfl->cfi_len) { | |
153 | return 0; | |
154 | } | |
155 | /* Now we will construct the CFI response generated by a single | |
156 | * device, then replicate that for all devices that make up the | |
157 | * bus. For wide parts used in x8 mode, CFI query responses | |
158 | * are different than native byte-wide parts. | |
159 | */ | |
160 | resp = pfl->cfi_table[boff]; | |
161 | if (pfl->device_width != pfl->max_device_width) { | |
162 | /* The only case currently supported is x8 mode for a | |
163 | * wider part. | |
164 | */ | |
165 | if (pfl->device_width != 1 || pfl->bank_width > 4) { | |
166 | DPRINTF("%s: Unsupported device configuration: " | |
167 | "device_width=%d, max_device_width=%d\n", | |
168 | __func__, pfl->device_width, | |
169 | pfl->max_device_width); | |
170 | return 0; | |
171 | } | |
172 | /* CFI query data is repeated, rather than zero padded for | |
173 | * wide devices used in x8 mode. | |
174 | */ | |
175 | for (i = 1; i < pfl->max_device_width; i++) { | |
176 | resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]); | |
177 | } | |
178 | } | |
179 | /* Replicate responses for each device in bank. */ | |
180 | if (pfl->device_width < pfl->bank_width) { | |
181 | for (i = pfl->device_width; | |
182 | i < pfl->bank_width; i += pfl->device_width) { | |
183 | resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); | |
184 | } | |
185 | } | |
186 | ||
187 | return resp; | |
188 | } | |
189 | ||
0163a2dc RF |
190 | |
191 | ||
192 | /* Perform a device id query based on the bank width of the flash. */ | |
193 | static uint32_t pflash_devid_query(pflash_t *pfl, hwaddr offset) | |
194 | { | |
195 | int i; | |
196 | uint32_t resp; | |
197 | hwaddr boff; | |
198 | ||
199 | /* Adjust incoming offset to match expected device-width | |
200 | * addressing. Device ID read addresses are always specified in | |
201 | * terms of the maximum supported width of the device. This means | |
202 | * that x8 devices and x8/x16 devices in x8 mode behave | |
203 | * differently. For devices that are not used at their max width, | |
204 | * we will be provided with addresses that use higher address bits | |
205 | * than expected (based on the max width), so we will shift them | |
206 | * lower so that they will match the addresses used when | |
207 | * device_width==max_device_width. | |
208 | */ | |
209 | boff = offset >> (ctz32(pfl->bank_width) + | |
210 | ctz32(pfl->max_device_width) - ctz32(pfl->device_width)); | |
211 | ||
212 | /* Mask off upper bits which may be used in to query block | |
213 | * or sector lock status at other addresses. | |
214 | * Offsets 2/3 are block lock status, is not emulated. | |
215 | */ | |
216 | switch (boff & 0xFF) { | |
217 | case 0: | |
218 | resp = pfl->ident0; | |
afeb25f9 | 219 | DPRINTF("%s: Manufacturer Code %04x\n", __func__, resp); |
0163a2dc RF |
220 | break; |
221 | case 1: | |
222 | resp = pfl->ident1; | |
afeb25f9 | 223 | DPRINTF("%s: Device ID Code %04x\n", __func__, resp); |
0163a2dc RF |
224 | break; |
225 | default: | |
226 | DPRINTF("%s: Read Device Information offset=%x\n", __func__, | |
227 | (unsigned)offset); | |
228 | return 0; | |
229 | break; | |
230 | } | |
231 | /* Replicate responses for each device in bank. */ | |
232 | if (pfl->device_width < pfl->bank_width) { | |
233 | for (i = pfl->device_width; | |
234 | i < pfl->bank_width; i += pfl->device_width) { | |
235 | resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp); | |
236 | } | |
237 | } | |
238 | ||
239 | return resp; | |
240 | } | |
241 | ||
f71e42a5 PB |
242 | static uint32_t pflash_data_read(pflash_t *pfl, hwaddr offset, |
243 | int width, int be) | |
244 | { | |
245 | uint8_t *p; | |
246 | uint32_t ret; | |
247 | ||
248 | p = pfl->storage; | |
249 | switch (width) { | |
250 | case 1: | |
251 | ret = p[offset]; | |
252 | DPRINTF("%s: data offset " TARGET_FMT_plx " %02x\n", | |
253 | __func__, offset, ret); | |
254 | break; | |
255 | case 2: | |
256 | if (be) { | |
257 | ret = p[offset] << 8; | |
258 | ret |= p[offset + 1]; | |
259 | } else { | |
260 | ret = p[offset]; | |
261 | ret |= p[offset + 1] << 8; | |
262 | } | |
263 | DPRINTF("%s: data offset " TARGET_FMT_plx " %04x\n", | |
264 | __func__, offset, ret); | |
265 | break; | |
266 | case 4: | |
267 | if (be) { | |
268 | ret = p[offset] << 24; | |
269 | ret |= p[offset + 1] << 16; | |
270 | ret |= p[offset + 2] << 8; | |
271 | ret |= p[offset + 3]; | |
272 | } else { | |
273 | ret = p[offset]; | |
274 | ret |= p[offset + 1] << 8; | |
275 | ret |= p[offset + 2] << 16; | |
276 | ret |= p[offset + 3] << 24; | |
277 | } | |
278 | DPRINTF("%s: data offset " TARGET_FMT_plx " %08x\n", | |
279 | __func__, offset, ret); | |
280 | break; | |
281 | default: | |
282 | DPRINTF("BUG in %s\n", __func__); | |
283 | abort(); | |
284 | } | |
285 | return ret; | |
286 | } | |
287 | ||
a8170e5e | 288 | static uint32_t pflash_read (pflash_t *pfl, hwaddr offset, |
3d08ff69 | 289 | int width, int be) |
05ee37eb | 290 | { |
a8170e5e | 291 | hwaddr boff; |
05ee37eb | 292 | uint32_t ret; |
05ee37eb AZ |
293 | |
294 | ret = -1; | |
05ee37eb | 295 | |
fad8c772 EI |
296 | #if 0 |
297 | DPRINTF("%s: reading offset " TARGET_FMT_plx " under cmd %02x width %d\n", | |
06adb549 | 298 | __func__, offset, pfl->cmd, width); |
fad8c772 | 299 | #endif |
05ee37eb | 300 | switch (pfl->cmd) { |
1be97bf2 PM |
301 | default: |
302 | /* This should never happen : reset state & treat it as a read */ | |
303 | DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd); | |
304 | pfl->wcycle = 0; | |
305 | pfl->cmd = 0; | |
306 | /* fall through to read code */ | |
05ee37eb AZ |
307 | case 0x00: |
308 | /* Flash area read */ | |
f71e42a5 | 309 | ret = pflash_data_read(pfl, offset, width, be); |
05ee37eb | 310 | break; |
6e392787 | 311 | case 0x10: /* Single byte program */ |
05ee37eb | 312 | case 0x20: /* Block erase */ |
6e392787 PM |
313 | case 0x28: /* Block erase */ |
314 | case 0x40: /* single byte program */ | |
05ee37eb AZ |
315 | case 0x50: /* Clear status register */ |
316 | case 0x60: /* Block /un)lock */ | |
317 | case 0x70: /* Status Register */ | |
318 | case 0xe8: /* Write block */ | |
2003889f RF |
319 | /* Status register read. Return status from each device in |
320 | * bank. | |
321 | */ | |
05ee37eb | 322 | ret = pfl->status; |
2003889f RF |
323 | if (pfl->device_width && width > pfl->device_width) { |
324 | int shift = pfl->device_width * 8; | |
325 | while (shift + pfl->device_width * 8 <= width * 8) { | |
326 | ret |= pfl->status << shift; | |
327 | shift += pfl->device_width * 8; | |
328 | } | |
329 | } else if (!pfl->device_width && width > 2) { | |
330 | /* Handle 32 bit flash cases where device width is not | |
331 | * set. (Existing behavior before device width added.) | |
332 | */ | |
ea0a4f34 PB |
333 | ret |= pfl->status << 16; |
334 | } | |
05ee37eb AZ |
335 | DPRINTF("%s: status %x\n", __func__, ret); |
336 | break; | |
0b2ec6fc | 337 | case 0x90: |
0163a2dc RF |
338 | if (!pfl->device_width) { |
339 | /* Preserve old behavior if device width not specified */ | |
340 | boff = offset & 0xFF; | |
341 | if (pfl->bank_width == 2) { | |
342 | boff = boff >> 1; | |
343 | } else if (pfl->bank_width == 4) { | |
344 | boff = boff >> 2; | |
345 | } | |
4433e660 | 346 | |
0163a2dc RF |
347 | switch (boff) { |
348 | case 0: | |
349 | ret = pfl->ident0 << 8 | pfl->ident1; | |
350 | DPRINTF("%s: Manufacturer Code %04x\n", __func__, ret); | |
351 | break; | |
352 | case 1: | |
353 | ret = pfl->ident2 << 8 | pfl->ident3; | |
354 | DPRINTF("%s: Device ID Code %04x\n", __func__, ret); | |
355 | break; | |
356 | default: | |
357 | DPRINTF("%s: Read Device Information boff=%x\n", __func__, | |
358 | (unsigned)boff); | |
359 | ret = 0; | |
360 | break; | |
361 | } | |
362 | } else { | |
363 | /* If we have a read larger than the bank_width, combine multiple | |
364 | * manufacturer/device ID queries into a single response. | |
365 | */ | |
366 | int i; | |
367 | for (i = 0; i < width; i += pfl->bank_width) { | |
368 | ret = deposit32(ret, i * 8, pfl->bank_width * 8, | |
369 | pflash_devid_query(pfl, | |
370 | offset + i * pfl->bank_width)); | |
371 | } | |
0b2ec6fc MW |
372 | } |
373 | break; | |
05ee37eb | 374 | case 0x98: /* Query mode */ |
4433e660 RF |
375 | if (!pfl->device_width) { |
376 | /* Preserve old behavior if device width not specified */ | |
377 | boff = offset & 0xFF; | |
378 | if (pfl->bank_width == 2) { | |
379 | boff = boff >> 1; | |
380 | } else if (pfl->bank_width == 4) { | |
381 | boff = boff >> 2; | |
382 | } | |
383 | ||
384 | if (boff > pfl->cfi_len) { | |
385 | ret = 0; | |
386 | } else { | |
387 | ret = pfl->cfi_table[boff]; | |
388 | } | |
389 | } else { | |
390 | /* If we have a read larger than the bank_width, combine multiple | |
391 | * CFI queries into a single response. | |
392 | */ | |
393 | int i; | |
394 | for (i = 0; i < width; i += pfl->bank_width) { | |
395 | ret = deposit32(ret, i * 8, pfl->bank_width * 8, | |
396 | pflash_cfi_query(pfl, | |
397 | offset + i * pfl->bank_width)); | |
398 | } | |
399 | } | |
400 | ||
05ee37eb | 401 | break; |
05ee37eb AZ |
402 | } |
403 | return ret; | |
404 | } | |
405 | ||
406 | /* update flash content on disk */ | |
c227f099 | 407 | static void pflash_update(pflash_t *pfl, int offset, |
05ee37eb AZ |
408 | int size) |
409 | { | |
410 | int offset_end; | |
4be74634 | 411 | if (pfl->blk) { |
05ee37eb AZ |
412 | offset_end = offset + size; |
413 | /* round to sectors */ | |
414 | offset = offset >> 9; | |
415 | offset_end = (offset_end + 511) >> 9; | |
4be74634 MA |
416 | blk_write(pfl->blk, offset, pfl->storage + (offset << 9), |
417 | offset_end - offset); | |
05ee37eb AZ |
418 | } |
419 | } | |
420 | ||
a8170e5e | 421 | static inline void pflash_data_write(pflash_t *pfl, hwaddr offset, |
3d08ff69 | 422 | uint32_t value, int width, int be) |
d361be25 AZ |
423 | { |
424 | uint8_t *p = pfl->storage; | |
425 | ||
fad8c772 | 426 | DPRINTF("%s: block write offset " TARGET_FMT_plx |
d8d24fb7 | 427 | " value %x counter %016" PRIx64 "\n", |
d361be25 AZ |
428 | __func__, offset, value, pfl->counter); |
429 | switch (width) { | |
430 | case 1: | |
431 | p[offset] = value; | |
d361be25 AZ |
432 | break; |
433 | case 2: | |
3d08ff69 BS |
434 | if (be) { |
435 | p[offset] = value >> 8; | |
436 | p[offset + 1] = value; | |
437 | } else { | |
438 | p[offset] = value; | |
439 | p[offset + 1] = value >> 8; | |
440 | } | |
d361be25 AZ |
441 | break; |
442 | case 4: | |
3d08ff69 BS |
443 | if (be) { |
444 | p[offset] = value >> 24; | |
445 | p[offset + 1] = value >> 16; | |
446 | p[offset + 2] = value >> 8; | |
447 | p[offset + 3] = value; | |
448 | } else { | |
449 | p[offset] = value; | |
450 | p[offset + 1] = value >> 8; | |
451 | p[offset + 2] = value >> 16; | |
452 | p[offset + 3] = value >> 24; | |
453 | } | |
d361be25 AZ |
454 | break; |
455 | } | |
456 | ||
457 | } | |
458 | ||
a8170e5e | 459 | static void pflash_write(pflash_t *pfl, hwaddr offset, |
3d08ff69 | 460 | uint32_t value, int width, int be) |
05ee37eb | 461 | { |
05ee37eb AZ |
462 | uint8_t *p; |
463 | uint8_t cmd; | |
464 | ||
05ee37eb | 465 | cmd = value; |
05ee37eb | 466 | |
fad8c772 | 467 | DPRINTF("%s: writing offset " TARGET_FMT_plx " value %08x width %d wcycle 0x%x\n", |
c8b153d7 | 468 | __func__, offset, value, width, pfl->wcycle); |
05ee37eb | 469 | |
e9cbbcac EI |
470 | if (!pfl->wcycle) { |
471 | /* Set the device in I/O access mode */ | |
5f9a5ea1 | 472 | memory_region_rom_device_set_romd(&pfl->mem, false); |
e9cbbcac | 473 | } |
05ee37eb AZ |
474 | |
475 | switch (pfl->wcycle) { | |
476 | case 0: | |
477 | /* read mode */ | |
478 | switch (cmd) { | |
479 | case 0x00: /* ??? */ | |
480 | goto reset_flash; | |
d361be25 AZ |
481 | case 0x10: /* Single Byte Program */ |
482 | case 0x40: /* Single Byte Program */ | |
fad8c772 | 483 | DPRINTF("%s: Single Byte Program\n", __func__); |
d361be25 | 484 | break; |
05ee37eb AZ |
485 | case 0x20: /* Block erase */ |
486 | p = pfl->storage; | |
487 | offset &= ~(pfl->sector_len - 1); | |
488 | ||
368a354f PC |
489 | DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n", |
490 | __func__, offset, (unsigned)pfl->sector_len); | |
05ee37eb | 491 | |
de8efe8f JJ |
492 | if (!pfl->ro) { |
493 | memset(p + offset, 0xff, pfl->sector_len); | |
494 | pflash_update(pfl, offset, pfl->sector_len); | |
495 | } else { | |
496 | pfl->status |= 0x20; /* Block erase error */ | |
497 | } | |
05ee37eb AZ |
498 | pfl->status |= 0x80; /* Ready! */ |
499 | break; | |
500 | case 0x50: /* Clear status bits */ | |
501 | DPRINTF("%s: Clear status bits\n", __func__); | |
502 | pfl->status = 0x0; | |
503 | goto reset_flash; | |
504 | case 0x60: /* Block (un)lock */ | |
505 | DPRINTF("%s: Block unlock\n", __func__); | |
506 | break; | |
507 | case 0x70: /* Status Register */ | |
508 | DPRINTF("%s: Read status register\n", __func__); | |
509 | pfl->cmd = cmd; | |
510 | return; | |
0b2ec6fc MW |
511 | case 0x90: /* Read Device ID */ |
512 | DPRINTF("%s: Read Device information\n", __func__); | |
513 | pfl->cmd = cmd; | |
514 | return; | |
05ee37eb AZ |
515 | case 0x98: /* CFI query */ |
516 | DPRINTF("%s: CFI query\n", __func__); | |
517 | break; | |
518 | case 0xe8: /* Write to buffer */ | |
519 | DPRINTF("%s: Write to buffer\n", __func__); | |
520 | pfl->status |= 0x80; /* Ready! */ | |
521 | break; | |
5928023c SW |
522 | case 0xf0: /* Probe for AMD flash */ |
523 | DPRINTF("%s: Probe for AMD flash\n", __func__); | |
524 | goto reset_flash; | |
05ee37eb AZ |
525 | case 0xff: /* Read array mode */ |
526 | DPRINTF("%s: Read array mode\n", __func__); | |
527 | goto reset_flash; | |
528 | default: | |
529 | goto error_flash; | |
530 | } | |
531 | pfl->wcycle++; | |
532 | pfl->cmd = cmd; | |
12dabc79 | 533 | break; |
05ee37eb AZ |
534 | case 1: |
535 | switch (pfl->cmd) { | |
d361be25 AZ |
536 | case 0x10: /* Single Byte Program */ |
537 | case 0x40: /* Single Byte Program */ | |
538 | DPRINTF("%s: Single Byte Program\n", __func__); | |
de8efe8f JJ |
539 | if (!pfl->ro) { |
540 | pflash_data_write(pfl, offset, value, width, be); | |
541 | pflash_update(pfl, offset, width); | |
542 | } else { | |
543 | pfl->status |= 0x10; /* Programming error */ | |
544 | } | |
d361be25 AZ |
545 | pfl->status |= 0x80; /* Ready! */ |
546 | pfl->wcycle = 0; | |
547 | break; | |
05ee37eb AZ |
548 | case 0x20: /* Block erase */ |
549 | case 0x28: | |
550 | if (cmd == 0xd0) { /* confirm */ | |
3656744c | 551 | pfl->wcycle = 0; |
05ee37eb | 552 | pfl->status |= 0x80; |
9248f413 | 553 | } else if (cmd == 0xff) { /* read array mode */ |
05ee37eb AZ |
554 | goto reset_flash; |
555 | } else | |
556 | goto error_flash; | |
557 | ||
558 | break; | |
559 | case 0xe8: | |
1997b485 RF |
560 | /* Mask writeblock size based on device width, or bank width if |
561 | * device width not specified. | |
562 | */ | |
563 | if (pfl->device_width) { | |
564 | value = extract32(value, 0, pfl->device_width * 8); | |
565 | } else { | |
566 | value = extract32(value, 0, pfl->bank_width * 8); | |
567 | } | |
71fb2348 AZ |
568 | DPRINTF("%s: block write of %x bytes\n", __func__, value); |
569 | pfl->counter = value; | |
05ee37eb AZ |
570 | pfl->wcycle++; |
571 | break; | |
572 | case 0x60: | |
573 | if (cmd == 0xd0) { | |
574 | pfl->wcycle = 0; | |
575 | pfl->status |= 0x80; | |
576 | } else if (cmd == 0x01) { | |
577 | pfl->wcycle = 0; | |
578 | pfl->status |= 0x80; | |
579 | } else if (cmd == 0xff) { | |
580 | goto reset_flash; | |
581 | } else { | |
582 | DPRINTF("%s: Unknown (un)locking command\n", __func__); | |
583 | goto reset_flash; | |
584 | } | |
585 | break; | |
586 | case 0x98: | |
587 | if (cmd == 0xff) { | |
588 | goto reset_flash; | |
589 | } else { | |
590 | DPRINTF("%s: leaving query mode\n", __func__); | |
591 | } | |
592 | break; | |
593 | default: | |
594 | goto error_flash; | |
595 | } | |
12dabc79 | 596 | break; |
05ee37eb AZ |
597 | case 2: |
598 | switch (pfl->cmd) { | |
599 | case 0xe8: /* Block write */ | |
de8efe8f JJ |
600 | if (!pfl->ro) { |
601 | pflash_data_write(pfl, offset, value, width, be); | |
602 | } else { | |
603 | pfl->status |= 0x10; /* Programming error */ | |
604 | } | |
05ee37eb AZ |
605 | |
606 | pfl->status |= 0x80; | |
607 | ||
608 | if (!pfl->counter) { | |
a8170e5e | 609 | hwaddr mask = pfl->writeblock_size - 1; |
b4bf0a9a EI |
610 | mask = ~mask; |
611 | ||
05ee37eb AZ |
612 | DPRINTF("%s: block write finished\n", __func__); |
613 | pfl->wcycle++; | |
de8efe8f JJ |
614 | if (!pfl->ro) { |
615 | /* Flush the entire write buffer onto backing storage. */ | |
616 | pflash_update(pfl, offset & mask, pfl->writeblock_size); | |
617 | } else { | |
618 | pfl->status |= 0x10; /* Programming error */ | |
619 | } | |
05ee37eb AZ |
620 | } |
621 | ||
622 | pfl->counter--; | |
623 | break; | |
7317b8ca AZ |
624 | default: |
625 | goto error_flash; | |
05ee37eb | 626 | } |
12dabc79 | 627 | break; |
05ee37eb AZ |
628 | case 3: /* Confirm mode */ |
629 | switch (pfl->cmd) { | |
630 | case 0xe8: /* Block write */ | |
631 | if (cmd == 0xd0) { | |
632 | pfl->wcycle = 0; | |
633 | pfl->status |= 0x80; | |
05ee37eb AZ |
634 | } else { |
635 | DPRINTF("%s: unknown command for \"write block\"\n", __func__); | |
636 | PFLASH_BUG("Write block confirm"); | |
7317b8ca | 637 | goto reset_flash; |
05ee37eb | 638 | } |
7317b8ca AZ |
639 | break; |
640 | default: | |
641 | goto error_flash; | |
05ee37eb | 642 | } |
12dabc79 | 643 | break; |
05ee37eb AZ |
644 | default: |
645 | /* Should never happen */ | |
646 | DPRINTF("%s: invalid write state\n", __func__); | |
647 | goto reset_flash; | |
648 | } | |
649 | return; | |
650 | ||
651 | error_flash: | |
d96fc51c PC |
652 | qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence " |
653 | "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)" | |
654 | "\n", __func__, offset, pfl->wcycle, pfl->cmd, value); | |
05ee37eb AZ |
655 | |
656 | reset_flash: | |
5f9a5ea1 | 657 | memory_region_rom_device_set_romd(&pfl->mem, true); |
05ee37eb | 658 | |
05ee37eb AZ |
659 | pfl->wcycle = 0; |
660 | pfl->cmd = 0; | |
05ee37eb AZ |
661 | } |
662 | ||
663 | ||
f71e42a5 PB |
664 | static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value, |
665 | unsigned len, MemTxAttrs attrs) | |
3d08ff69 BS |
666 | { |
667 | pflash_t *pfl = opaque; | |
5aa113f0 | 668 | bool be = !!(pfl->features & (1 << PFLASH_BE)); |
3d08ff69 | 669 | |
f71e42a5 PB |
670 | if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { |
671 | *value = pflash_data_read(opaque, addr, len, be); | |
672 | } else { | |
673 | *value = pflash_read(opaque, addr, len, be); | |
674 | } | |
675 | return MEMTX_OK; | |
3d08ff69 BS |
676 | } |
677 | ||
f71e42a5 PB |
678 | static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value, |
679 | unsigned len, MemTxAttrs attrs) | |
05ee37eb | 680 | { |
3d08ff69 | 681 | pflash_t *pfl = opaque; |
5aa113f0 | 682 | bool be = !!(pfl->features & (1 << PFLASH_BE)); |
3d08ff69 | 683 | |
f71e42a5 PB |
684 | if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) { |
685 | return MEMTX_ERROR; | |
686 | } else { | |
687 | pflash_write(opaque, addr, value, len, be); | |
688 | return MEMTX_OK; | |
689 | } | |
05ee37eb AZ |
690 | } |
691 | ||
5aa113f0 | 692 | static const MemoryRegionOps pflash_cfi01_ops = { |
f71e42a5 PB |
693 | .read_with_attrs = pflash_mem_read_with_attrs, |
694 | .write_with_attrs = pflash_mem_write_with_attrs, | |
cfe5f011 | 695 | .endianness = DEVICE_NATIVE_ENDIAN, |
05ee37eb AZ |
696 | }; |
697 | ||
e40b5f3e | 698 | static void pflash_cfi01_realize(DeviceState *dev, Error **errp) |
05ee37eb | 699 | { |
f1b44f0e | 700 | pflash_t *pfl = CFI_PFLASH01(dev); |
368a354f | 701 | uint64_t total_len; |
d0e7605e | 702 | int ret; |
a0289b8a PM |
703 | uint64_t blocks_per_device, device_len; |
704 | int num_devices; | |
33e0eb52 | 705 | Error *local_err = NULL; |
05ee37eb | 706 | |
368a354f | 707 | total_len = pfl->sector_len * pfl->nb_blocs; |
05ee37eb | 708 | |
a0289b8a PM |
709 | /* These are only used to expose the parameters of each device |
710 | * in the cfi_table[]. | |
711 | */ | |
712 | num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1; | |
713 | blocks_per_device = pfl->nb_blocs / num_devices; | |
714 | device_len = pfl->sector_len * blocks_per_device; | |
715 | ||
05ee37eb | 716 | /* XXX: to be fixed */ |
c8b153d7 | 717 | #if 0 |
05ee37eb AZ |
718 | if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) && |
719 | total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024)) | |
720 | return NULL; | |
c8b153d7 | 721 | #endif |
05ee37eb | 722 | |
cfe5f011 | 723 | memory_region_init_rom_device( |
2d256e6f | 724 | &pfl->mem, OBJECT(dev), |
5aa113f0 | 725 | &pflash_cfi01_ops, |
e9809422 | 726 | pfl, |
33e0eb52 HT |
727 | pfl->name, total_len, &local_err); |
728 | if (local_err) { | |
729 | error_propagate(errp, local_err); | |
730 | return; | |
731 | } | |
732 | ||
368a354f | 733 | vmstate_register_ram(&pfl->mem, DEVICE(pfl)); |
cfe5f011 | 734 | pfl->storage = memory_region_get_ram_ptr(&pfl->mem); |
e40b5f3e | 735 | sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem); |
05ee37eb | 736 | |
4be74634 | 737 | if (pfl->blk) { |
05ee37eb | 738 | /* read the initial flash content */ |
4be74634 | 739 | ret = blk_read(pfl->blk, 0, pfl->storage, total_len >> 9); |
368a354f | 740 | |
d0e7605e | 741 | if (ret < 0) { |
368a354f | 742 | vmstate_unregister_ram(&pfl->mem, DEVICE(pfl)); |
e40b5f3e HT |
743 | error_setg(errp, "failed to read the initial flash content"); |
744 | return; | |
d0e7605e | 745 | } |
05ee37eb | 746 | } |
de8efe8f | 747 | |
4be74634 MA |
748 | if (pfl->blk) { |
749 | pfl->ro = blk_is_read_only(pfl->blk); | |
de8efe8f JJ |
750 | } else { |
751 | pfl->ro = 0; | |
752 | } | |
753 | ||
fa21a7b1 RF |
754 | /* Default to devices being used at their maximum device width. This was |
755 | * assumed before the device_width support was added. | |
756 | */ | |
757 | if (!pfl->max_device_width) { | |
758 | pfl->max_device_width = pfl->device_width; | |
759 | } | |
760 | ||
bc72ad67 | 761 | pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl); |
05ee37eb AZ |
762 | pfl->wcycle = 0; |
763 | pfl->cmd = 0; | |
764 | pfl->status = 0; | |
05ee37eb AZ |
765 | /* Hardcoded CFI table */ |
766 | pfl->cfi_len = 0x52; | |
767 | /* Standard "QRY" string */ | |
768 | pfl->cfi_table[0x10] = 'Q'; | |
769 | pfl->cfi_table[0x11] = 'R'; | |
770 | pfl->cfi_table[0x12] = 'Y'; | |
771 | /* Command set (Intel) */ | |
772 | pfl->cfi_table[0x13] = 0x01; | |
773 | pfl->cfi_table[0x14] = 0x00; | |
774 | /* Primary extended table address (none) */ | |
775 | pfl->cfi_table[0x15] = 0x31; | |
776 | pfl->cfi_table[0x16] = 0x00; | |
777 | /* Alternate command set (none) */ | |
778 | pfl->cfi_table[0x17] = 0x00; | |
779 | pfl->cfi_table[0x18] = 0x00; | |
780 | /* Alternate extended table (none) */ | |
781 | pfl->cfi_table[0x19] = 0x00; | |
782 | pfl->cfi_table[0x1A] = 0x00; | |
783 | /* Vcc min */ | |
784 | pfl->cfi_table[0x1B] = 0x45; | |
785 | /* Vcc max */ | |
786 | pfl->cfi_table[0x1C] = 0x55; | |
787 | /* Vpp min (no Vpp pin) */ | |
788 | pfl->cfi_table[0x1D] = 0x00; | |
789 | /* Vpp max (no Vpp pin) */ | |
790 | pfl->cfi_table[0x1E] = 0x00; | |
791 | /* Reserved */ | |
792 | pfl->cfi_table[0x1F] = 0x07; | |
793 | /* Timeout for min size buffer write */ | |
794 | pfl->cfi_table[0x20] = 0x07; | |
795 | /* Typical timeout for block erase */ | |
796 | pfl->cfi_table[0x21] = 0x0a; | |
797 | /* Typical timeout for full chip erase (4096 ms) */ | |
798 | pfl->cfi_table[0x22] = 0x00; | |
799 | /* Reserved */ | |
800 | pfl->cfi_table[0x23] = 0x04; | |
801 | /* Max timeout for buffer write */ | |
802 | pfl->cfi_table[0x24] = 0x04; | |
803 | /* Max timeout for block erase */ | |
804 | pfl->cfi_table[0x25] = 0x04; | |
805 | /* Max timeout for chip erase */ | |
806 | pfl->cfi_table[0x26] = 0x00; | |
807 | /* Device size */ | |
a0289b8a | 808 | pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */ |
05ee37eb AZ |
809 | /* Flash device interface (8 & 16 bits) */ |
810 | pfl->cfi_table[0x28] = 0x02; | |
811 | pfl->cfi_table[0x29] = 0x00; | |
812 | /* Max number of bytes in multi-bytes write */ | |
4b6fedca | 813 | if (pfl->bank_width == 1) { |
4737fa26 EI |
814 | pfl->cfi_table[0x2A] = 0x08; |
815 | } else { | |
816 | pfl->cfi_table[0x2A] = 0x0B; | |
817 | } | |
b4bf0a9a EI |
818 | pfl->writeblock_size = 1 << pfl->cfi_table[0x2A]; |
819 | ||
05ee37eb AZ |
820 | pfl->cfi_table[0x2B] = 0x00; |
821 | /* Number of erase block regions (uniform) */ | |
822 | pfl->cfi_table[0x2C] = 0x01; | |
823 | /* Erase block region 1 */ | |
a0289b8a PM |
824 | pfl->cfi_table[0x2D] = blocks_per_device - 1; |
825 | pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8; | |
368a354f PC |
826 | pfl->cfi_table[0x2F] = pfl->sector_len >> 8; |
827 | pfl->cfi_table[0x30] = pfl->sector_len >> 16; | |
05ee37eb AZ |
828 | |
829 | /* Extended */ | |
830 | pfl->cfi_table[0x31] = 'P'; | |
831 | pfl->cfi_table[0x32] = 'R'; | |
832 | pfl->cfi_table[0x33] = 'I'; | |
833 | ||
834 | pfl->cfi_table[0x34] = '1'; | |
262e1eaa | 835 | pfl->cfi_table[0x35] = '0'; |
05ee37eb AZ |
836 | |
837 | pfl->cfi_table[0x36] = 0x00; | |
838 | pfl->cfi_table[0x37] = 0x00; | |
839 | pfl->cfi_table[0x38] = 0x00; | |
840 | pfl->cfi_table[0x39] = 0x00; | |
841 | ||
842 | pfl->cfi_table[0x3a] = 0x00; | |
843 | ||
844 | pfl->cfi_table[0x3b] = 0x00; | |
845 | pfl->cfi_table[0x3c] = 0x00; | |
846 | ||
262e1eaa | 847 | pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */ |
368a354f PC |
848 | } |
849 | ||
850 | static Property pflash_cfi01_properties[] = { | |
4be74634 | 851 | DEFINE_PROP_DRIVE("drive", struct pflash_t, blk), |
a0289b8a PM |
852 | /* num-blocks is the number of blocks actually visible to the guest, |
853 | * ie the total size of the device divided by the sector length. | |
854 | * If we're emulating flash devices wired in parallel the actual | |
855 | * number of blocks per indvidual device will differ. | |
856 | */ | |
368a354f PC |
857 | DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0), |
858 | DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0), | |
fa21a7b1 RF |
859 | /* width here is the overall width of this QEMU device in bytes. |
860 | * The QEMU device may be emulating a number of flash devices | |
861 | * wired up in parallel; the width of each individual flash | |
862 | * device should be specified via device-width. If the individual | |
863 | * devices have a maximum width which is greater than the width | |
864 | * they are being used for, this maximum width should be set via | |
865 | * max-device-width (which otherwise defaults to device-width). | |
866 | * So for instance a 32-bit wide QEMU flash device made from four | |
867 | * 16-bit flash devices used in 8-bit wide mode would be configured | |
868 | * with width = 4, device-width = 1, max-device-width = 2. | |
869 | * | |
870 | * If device-width is not specified we default to backwards | |
871 | * compatible behaviour which is a bad emulation of two | |
872 | * 16 bit devices making up a 32 bit wide QEMU device. This | |
873 | * is deprecated for new uses of this device. | |
874 | */ | |
4b6fedca | 875 | DEFINE_PROP_UINT8("width", struct pflash_t, bank_width, 0), |
1997b485 | 876 | DEFINE_PROP_UINT8("device-width", struct pflash_t, device_width, 0), |
fa21a7b1 | 877 | DEFINE_PROP_UINT8("max-device-width", struct pflash_t, max_device_width, 0), |
e9809422 | 878 | DEFINE_PROP_BIT("big-endian", struct pflash_t, features, PFLASH_BE, 0), |
f71e42a5 | 879 | DEFINE_PROP_BIT("secure", struct pflash_t, features, PFLASH_SECURE, 0), |
368a354f PC |
880 | DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0), |
881 | DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0), | |
882 | DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0), | |
883 | DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0), | |
884 | DEFINE_PROP_STRING("name", struct pflash_t, name), | |
885 | DEFINE_PROP_END_OF_LIST(), | |
886 | }; | |
887 | ||
888 | static void pflash_cfi01_class_init(ObjectClass *klass, void *data) | |
889 | { | |
890 | DeviceClass *dc = DEVICE_CLASS(klass); | |
368a354f | 891 | |
e40b5f3e | 892 | dc->realize = pflash_cfi01_realize; |
368a354f | 893 | dc->props = pflash_cfi01_properties; |
d8d24fb7 | 894 | dc->vmsd = &vmstate_pflash; |
125ee0ed | 895 | set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); |
368a354f PC |
896 | } |
897 | ||
898 | ||
899 | static const TypeInfo pflash_cfi01_info = { | |
f1b44f0e | 900 | .name = TYPE_CFI_PFLASH01, |
368a354f PC |
901 | .parent = TYPE_SYS_BUS_DEVICE, |
902 | .instance_size = sizeof(struct pflash_t), | |
903 | .class_init = pflash_cfi01_class_init, | |
904 | }; | |
905 | ||
906 | static void pflash_cfi01_register_types(void) | |
907 | { | |
908 | type_register_static(&pflash_cfi01_info); | |
909 | } | |
910 | ||
911 | type_init(pflash_cfi01_register_types) | |
912 | ||
913 | pflash_t *pflash_cfi01_register(hwaddr base, | |
914 | DeviceState *qdev, const char *name, | |
915 | hwaddr size, | |
4be74634 | 916 | BlockBackend *blk, |
4b6fedca RF |
917 | uint32_t sector_len, int nb_blocs, |
918 | int bank_width, uint16_t id0, uint16_t id1, | |
368a354f PC |
919 | uint16_t id2, uint16_t id3, int be) |
920 | { | |
f1b44f0e | 921 | DeviceState *dev = qdev_create(NULL, TYPE_CFI_PFLASH01); |
368a354f | 922 | |
9b3d111a MA |
923 | if (blk) { |
924 | qdev_prop_set_drive(dev, "drive", blk, &error_abort); | |
368a354f PC |
925 | } |
926 | qdev_prop_set_uint32(dev, "num-blocks", nb_blocs); | |
927 | qdev_prop_set_uint64(dev, "sector-length", sector_len); | |
4b6fedca | 928 | qdev_prop_set_uint8(dev, "width", bank_width); |
e9809422 | 929 | qdev_prop_set_bit(dev, "big-endian", !!be); |
368a354f PC |
930 | qdev_prop_set_uint16(dev, "id0", id0); |
931 | qdev_prop_set_uint16(dev, "id1", id1); | |
932 | qdev_prop_set_uint16(dev, "id2", id2); | |
933 | qdev_prop_set_uint16(dev, "id3", id3); | |
934 | qdev_prop_set_string(dev, "name", name); | |
935 | qdev_init_nofail(dev); | |
936 | ||
f1b44f0e HT |
937 | sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); |
938 | return CFI_PFLASH01(dev); | |
05ee37eb | 939 | } |
cfe5f011 AK |
940 | |
941 | MemoryRegion *pflash_cfi01_get_memory(pflash_t *fl) | |
942 | { | |
943 | return &fl->mem; | |
944 | } | |
4c0cfc72 LE |
945 | |
946 | static int pflash_post_load(void *opaque, int version_id) | |
947 | { | |
948 | pflash_t *pfl = opaque; | |
949 | ||
950 | if (!pfl->ro) { | |
951 | DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name); | |
952 | pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs); | |
953 | } | |
954 | return 0; | |
955 | } |