]> git.proxmox.com Git - mirror_qemu.git/blame - hw/block/pflash_cfi01.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
block: Clean up includes
[mirror_qemu.git] / hw / block / pflash_cfi01.c
CommitLineData
05ee37eb
AZ		 1/*
2 * CFI parallel flash with Intel command set emulation
3 *
4 * Copyright (c) 2006 Thorsten Zitterell
5 * Copyright (c) 2005 Jocelyn Mayer
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
8167ee88 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
05ee37eb
AZ		 19 */
20
21/*
22 * For now, this code can emulate flashes of 1, 2 or 4 bytes width.
23 * Supported commands/modes are:
24 * - flash read
25 * - flash write
26 * - flash ID read
27 * - sector erase
28 * - CFI queries
29 *
30 * It does not support timings
31 * It does not support flash interleaving
32 * It does not implement software data protection as found in many real chips
33 * It does not implement erase suspend/resume commands
34 * It does not implement multiple sectors erase
35 *
36 * It does not implement much more ...
37 */
38
80c71a24 39#include "qemu/osdep.h"
83c9f4ca 40#include "hw/hw.h"
0d09e41a 41#include "hw/block/flash.h"
4be74634 42#include "sysemu/block-backend.h"
1de7afc9 43#include "qemu/timer.h"
1997b485 44#include "qemu/bitops.h"
022c62cb 45#include "exec/address-spaces.h"
1de7afc9 46#include "qemu/host-utils.h"
83c9f4ca 47#include "hw/sysbus.h"
05ee37eb 48
001faf32 49#define PFLASH_BUG(fmt, ...) \
05ee37eb 50do { \
ec9ea489 51 fprintf(stderr, "PFLASH: Possible BUG - " fmt, ## __VA_ARGS__); \
05ee37eb
AZ		 52 exit(1); \
53} while(0)
54
55/* #define PFLASH_DEBUG */
56#ifdef PFLASH_DEBUG
ec9ea489
PC		 57#define DPRINTF(fmt, ...) \
58do { \
59 fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \
05ee37eb
AZ		 60} while (0)
61#else
001faf32 62#define DPRINTF(fmt, ...) do { } while (0)
05ee37eb
AZ		 63#endif
64
f1b44f0e
HT		 65#define TYPE_CFI_PFLASH01 "cfi.pflash01"
66#define CFI_PFLASH01(obj) OBJECT_CHECK(pflash_t, (obj), TYPE_CFI_PFLASH01)
67
e9809422 68#define PFLASH_BE 0
f71e42a5 69#define PFLASH_SECURE 1
e9809422 70
c227f099 71struct pflash_t {
f1b44f0e
HT		 72 /*< private >*/
73 SysBusDevice parent_obj;
74 /*< public >*/
75
4be74634 76 BlockBackend *blk;
368a354f
PC		 77 uint32_t nb_blocs;
78 uint64_t sector_len;
4b6fedca 79 uint8_t bank_width;
1997b485 80 uint8_t device_width; /* If 0, device width not specified. */
fa21a7b1 81 uint8_t max_device_width; /* max device width in bytes */
e9809422 82 uint32_t features;
d8d24fb7 83 uint8_t wcycle; /* if 0, the flash is read normally */
05ee37eb
AZ		 84 int ro;
85 uint8_t cmd;
86 uint8_t status;
368a354f
PC		 87 uint16_t ident0;
88 uint16_t ident1;
89 uint16_t ident2;
90 uint16_t ident3;
05ee37eb
AZ		 91 uint8_t cfi_len;
92 uint8_t cfi_table[0x52];
d8d24fb7 93 uint64_t counter;
b4bf0a9a 94 unsigned int writeblock_size;
05ee37eb 95 QEMUTimer *timer;
cfe5f011 96 MemoryRegion mem;
368a354f 97 char *name;
05ee37eb
AZ		 98 void *storage;
99};
100
4c0cfc72
LE		 101static int pflash_post_load(void *opaque, int version_id);
102
d8d24fb7
PM		 103static const VMStateDescription vmstate_pflash = {
104 .name = "pflash_cfi01",
105 .version_id = 1,
106 .minimum_version_id = 1,
4c0cfc72 107 .post_load = pflash_post_load,
d8d24fb7
PM		 108 .fields = (VMStateField[]) {
109 VMSTATE_UINT8(wcycle, pflash_t),
110 VMSTATE_UINT8(cmd, pflash_t),
111 VMSTATE_UINT8(status, pflash_t),
112 VMSTATE_UINT64(counter, pflash_t),
113 VMSTATE_END_OF_LIST()
114 }
115};
116
05ee37eb
AZ		 117static void pflash_timer (void *opaque)
118{
c227f099 119 pflash_t *pfl = opaque;
05ee37eb
AZ		 120
121 DPRINTF("%s: command %02x done\n", __func__, pfl->cmd);
122 /* Reset flash */
123 pfl->status ^= 0x80;
5f9a5ea1 124 memory_region_rom_device_set_romd(&pfl->mem, true);
5d79b80b 125 pfl->wcycle = 0;
05ee37eb
AZ		 126 pfl->cmd = 0;
127}
128
4433e660
RF		 129/* Perform a CFI query based on the bank width of the flash.
130 * If this code is called we know we have a device_width set for
131 * this flash.
132 */
133static uint32_t pflash_cfi_query(pflash_t *pfl, hwaddr offset)
134{
135 int i;
136 uint32_t resp = 0;
137 hwaddr boff;
138
139 /* Adjust incoming offset to match expected device-width
140 * addressing. CFI query addresses are always specified in terms of
141 * the maximum supported width of the device. This means that x8
142 * devices and x8/x16 devices in x8 mode behave differently. For
143 * devices that are not used at their max width, we will be
144 * provided with addresses that use higher address bits than
145 * expected (based on the max width), so we will shift them lower
146 * so that they will match the addresses used when
147 * device_width==max_device_width.
148 */
149 boff = offset >> (ctz32(pfl->bank_width) +
150 ctz32(pfl->max_device_width) - ctz32(pfl->device_width));
151
152 if (boff > pfl->cfi_len) {
153 return 0;
154 }
155 /* Now we will construct the CFI response generated by a single
156 * device, then replicate that for all devices that make up the
157 * bus. For wide parts used in x8 mode, CFI query responses
158 * are different than native byte-wide parts.
159 */
160 resp = pfl->cfi_table[boff];
161 if (pfl->device_width != pfl->max_device_width) {
162 /* The only case currently supported is x8 mode for a
163 * wider part.
164 */
165 if (pfl->device_width != 1 || pfl->bank_width > 4) {
166 DPRINTF("%s: Unsupported device configuration: "
167 "device_width=%d, max_device_width=%d\n",
168 __func__, pfl->device_width,
169 pfl->max_device_width);
170 return 0;
171 }
172 /* CFI query data is repeated, rather than zero padded for
173 * wide devices used in x8 mode.
174 */
175 for (i = 1; i < pfl->max_device_width; i++) {
176 resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]);
177 }
178 }
179 /* Replicate responses for each device in bank. */
180 if (pfl->device_width < pfl->bank_width) {
181 for (i = pfl->device_width;
182 i < pfl->bank_width; i += pfl->device_width) {
183 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp);
184 }
185 }
186
187 return resp;
188}
189
0163a2dc
RF		 190
191
192/* Perform a device id query based on the bank width of the flash. */
193static uint32_t pflash_devid_query(pflash_t *pfl, hwaddr offset)
194{
195 int i;
196 uint32_t resp;
197 hwaddr boff;
198
199 /* Adjust incoming offset to match expected device-width
200 * addressing. Device ID read addresses are always specified in
201 * terms of the maximum supported width of the device. This means
202 * that x8 devices and x8/x16 devices in x8 mode behave
203 * differently. For devices that are not used at their max width,
204 * we will be provided with addresses that use higher address bits
205 * than expected (based on the max width), so we will shift them
206 * lower so that they will match the addresses used when
207 * device_width==max_device_width.
208 */
209 boff = offset >> (ctz32(pfl->bank_width) +
210 ctz32(pfl->max_device_width) - ctz32(pfl->device_width));
211
212 /* Mask off upper bits which may be used in to query block
213 * or sector lock status at other addresses.
214 * Offsets 2/3 are block lock status, is not emulated.
215 */
216 switch (boff & 0xFF) {
217 case 0:
218 resp = pfl->ident0;
afeb25f9 219 DPRINTF("%s: Manufacturer Code %04x\n", __func__, resp);
0163a2dc
RF		 220 break;
221 case 1:
222 resp = pfl->ident1;
afeb25f9 223 DPRINTF("%s: Device ID Code %04x\n", __func__, resp);
0163a2dc
RF		 224 break;
225 default:
226 DPRINTF("%s: Read Device Information offset=%x\n", __func__,
227 (unsigned)offset);
228 return 0;
229 break;
230 }
231 /* Replicate responses for each device in bank. */
232 if (pfl->device_width < pfl->bank_width) {
233 for (i = pfl->device_width;
234 i < pfl->bank_width; i += pfl->device_width) {
235 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp);
236 }
237 }
238
239 return resp;
240}
241
f71e42a5
PB		 242static uint32_t pflash_data_read(pflash_t *pfl, hwaddr offset,
243 int width, int be)
244{
245 uint8_t *p;
246 uint32_t ret;
247
248 p = pfl->storage;
249 switch (width) {
250 case 1:
251 ret = p[offset];
252 DPRINTF("%s: data offset " TARGET_FMT_plx " %02x\n",
253 __func__, offset, ret);
254 break;
255 case 2:
256 if (be) {
257 ret = p[offset] << 8;
258 ret |= p[offset + 1];
259 } else {
260 ret = p[offset];
261 ret |= p[offset + 1] << 8;
262 }
263 DPRINTF("%s: data offset " TARGET_FMT_plx " %04x\n",
264 __func__, offset, ret);
265 break;
266 case 4:
267 if (be) {
268 ret = p[offset] << 24;
269 ret |= p[offset + 1] << 16;
270 ret |= p[offset + 2] << 8;
271 ret |= p[offset + 3];
272 } else {
273 ret = p[offset];
274 ret |= p[offset + 1] << 8;
275 ret |= p[offset + 2] << 16;
276 ret |= p[offset + 3] << 24;
277 }
278 DPRINTF("%s: data offset " TARGET_FMT_plx " %08x\n",
279 __func__, offset, ret);
280 break;
281 default:
282 DPRINTF("BUG in %s\n", __func__);
283 abort();
284 }
285 return ret;
286}
287
a8170e5e 288static uint32_t pflash_read (pflash_t *pfl, hwaddr offset,
3d08ff69 289 int width, int be)
05ee37eb 290{
a8170e5e 291 hwaddr boff;
05ee37eb 292 uint32_t ret;
05ee37eb
AZ		 293
294 ret = -1;
05ee37eb 295
fad8c772
EI		 296#if 0
297 DPRINTF("%s: reading offset " TARGET_FMT_plx " under cmd %02x width %d\n",
06adb549 298 __func__, offset, pfl->cmd, width);
fad8c772 299#endif
05ee37eb 300 switch (pfl->cmd) {
1be97bf2
PM		 301 default:
302 /* This should never happen : reset state & treat it as a read */
303 DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd);
304 pfl->wcycle = 0;
305 pfl->cmd = 0;
306 /* fall through to read code */
05ee37eb
AZ		 307 case 0x00:
308 /* Flash area read */
f71e42a5 309 ret = pflash_data_read(pfl, offset, width, be);
05ee37eb 310 break;
6e392787 311 case 0x10: /* Single byte program */
05ee37eb 312 case 0x20: /* Block erase */
6e392787
PM		 313 case 0x28: /* Block erase */
314 case 0x40: /* single byte program */
05ee37eb
AZ		 315 case 0x50: /* Clear status register */
316 case 0x60: /* Block /un)lock */
317 case 0x70: /* Status Register */
318 case 0xe8: /* Write block */
2003889f
RF		 319 /* Status register read. Return status from each device in
320 * bank.
321 */
05ee37eb 322 ret = pfl->status;
2003889f
RF		 323 if (pfl->device_width && width > pfl->device_width) {
324 int shift = pfl->device_width * 8;
325 while (shift + pfl->device_width * 8 <= width * 8) {
326 ret |= pfl->status << shift;
327 shift += pfl->device_width * 8;
328 }
329 } else if (!pfl->device_width && width > 2) {
330 /* Handle 32 bit flash cases where device width is not
331 * set. (Existing behavior before device width added.)
332 */
ea0a4f34
PB		 333 ret |= pfl->status << 16;
334 }
05ee37eb
AZ		 335 DPRINTF("%s: status %x\n", __func__, ret);
336 break;
0b2ec6fc 337 case 0x90:
0163a2dc
RF		 338 if (!pfl->device_width) {
339 /* Preserve old behavior if device width not specified */
340 boff = offset & 0xFF;
341 if (pfl->bank_width == 2) {
342 boff = boff >> 1;
343 } else if (pfl->bank_width == 4) {
344 boff = boff >> 2;
345 }
4433e660 346
0163a2dc
RF		 347 switch (boff) {
348 case 0:
349 ret = pfl->ident0 << 8 | pfl->ident1;
350 DPRINTF("%s: Manufacturer Code %04x\n", __func__, ret);
351 break;
352 case 1:
353 ret = pfl->ident2 << 8 | pfl->ident3;
354 DPRINTF("%s: Device ID Code %04x\n", __func__, ret);
355 break;
356 default:
357 DPRINTF("%s: Read Device Information boff=%x\n", __func__,
358 (unsigned)boff);
359 ret = 0;
360 break;
361 }
362 } else {
363 /* If we have a read larger than the bank_width, combine multiple
364 * manufacturer/device ID queries into a single response.
365 */
366 int i;
367 for (i = 0; i < width; i += pfl->bank_width) {
368 ret = deposit32(ret, i * 8, pfl->bank_width * 8,
369 pflash_devid_query(pfl,
370 offset + i * pfl->bank_width));
371 }
0b2ec6fc
MW		 372 }
373 break;
05ee37eb 374 case 0x98: /* Query mode */
4433e660
RF		 375 if (!pfl->device_width) {
376 /* Preserve old behavior if device width not specified */
377 boff = offset & 0xFF;
378 if (pfl->bank_width == 2) {
379 boff = boff >> 1;
380 } else if (pfl->bank_width == 4) {
381 boff = boff >> 2;
382 }
383
384 if (boff > pfl->cfi_len) {
385 ret = 0;
386 } else {
387 ret = pfl->cfi_table[boff];
388 }
389 } else {
390 /* If we have a read larger than the bank_width, combine multiple
391 * CFI queries into a single response.
392 */
393 int i;
394 for (i = 0; i < width; i += pfl->bank_width) {
395 ret = deposit32(ret, i * 8, pfl->bank_width * 8,
396 pflash_cfi_query(pfl,
397 offset + i * pfl->bank_width));
398 }
399 }
400
05ee37eb 401 break;
05ee37eb
AZ		 402 }
403 return ret;
404}
405
406/* update flash content on disk */
c227f099 407static void pflash_update(pflash_t *pfl, int offset,
05ee37eb
AZ		 408 int size)
409{
410 int offset_end;
4be74634 411 if (pfl->blk) {
05ee37eb
AZ		 412 offset_end = offset + size;
413 /* round to sectors */
414 offset = offset >> 9;
415 offset_end = (offset_end + 511) >> 9;
4be74634
MA		 416 blk_write(pfl->blk, offset, pfl->storage + (offset << 9),
417 offset_end - offset);
05ee37eb
AZ		 418 }
419}
420
a8170e5e 421static inline void pflash_data_write(pflash_t *pfl, hwaddr offset,
3d08ff69 422 uint32_t value, int width, int be)
d361be25
AZ		 423{
424 uint8_t *p = pfl->storage;
425
fad8c772 426 DPRINTF("%s: block write offset " TARGET_FMT_plx
d8d24fb7 427 " value %x counter %016" PRIx64 "\n",
d361be25
AZ		 428 __func__, offset, value, pfl->counter);
429 switch (width) {
430 case 1:
431 p[offset] = value;
d361be25
AZ		 432 break;
433 case 2:
3d08ff69
BS		 434 if (be) {
435 p[offset] = value >> 8;
436 p[offset + 1] = value;
437 } else {
438 p[offset] = value;
439 p[offset + 1] = value >> 8;
440 }
d361be25
AZ		 441 break;
442 case 4:
3d08ff69
BS		 443 if (be) {
444 p[offset] = value >> 24;
445 p[offset + 1] = value >> 16;
446 p[offset + 2] = value >> 8;
447 p[offset + 3] = value;
448 } else {
449 p[offset] = value;
450 p[offset + 1] = value >> 8;
451 p[offset + 2] = value >> 16;
452 p[offset + 3] = value >> 24;
453 }
d361be25
AZ		 454 break;
455 }
456
457}
458
a8170e5e 459static void pflash_write(pflash_t *pfl, hwaddr offset,
3d08ff69 460 uint32_t value, int width, int be)
05ee37eb 461{
05ee37eb
AZ		 462 uint8_t *p;
463 uint8_t cmd;
464
05ee37eb 465 cmd = value;
05ee37eb 466
fad8c772 467 DPRINTF("%s: writing offset " TARGET_FMT_plx " value %08x width %d wcycle 0x%x\n",
c8b153d7 468 __func__, offset, value, width, pfl->wcycle);
05ee37eb 469
e9cbbcac
EI		 470 if (!pfl->wcycle) {
471 /* Set the device in I/O access mode */
5f9a5ea1 472 memory_region_rom_device_set_romd(&pfl->mem, false);
e9cbbcac 473 }
05ee37eb
AZ		 474
475 switch (pfl->wcycle) {
476 case 0:
477 /* read mode */
478 switch (cmd) {
479 case 0x00: /* ??? */
480 goto reset_flash;
d361be25
AZ		 481 case 0x10: /* Single Byte Program */
482 case 0x40: /* Single Byte Program */
fad8c772 483 DPRINTF("%s: Single Byte Program\n", __func__);
d361be25 484 break;
05ee37eb
AZ		 485 case 0x20: /* Block erase */
486 p = pfl->storage;
487 offset &= ~(pfl->sector_len - 1);
488
368a354f
PC		 489 DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n",
490 __func__, offset, (unsigned)pfl->sector_len);
05ee37eb 491
de8efe8f
JJ		 492 if (!pfl->ro) {
493 memset(p + offset, 0xff, pfl->sector_len);
494 pflash_update(pfl, offset, pfl->sector_len);
495 } else {
496 pfl->status |= 0x20; /* Block erase error */
497 }
05ee37eb
AZ		 498 pfl->status |= 0x80; /* Ready! */
499 break;
500 case 0x50: /* Clear status bits */
501 DPRINTF("%s: Clear status bits\n", __func__);
502 pfl->status = 0x0;
503 goto reset_flash;
504 case 0x60: /* Block (un)lock */
505 DPRINTF("%s: Block unlock\n", __func__);
506 break;
507 case 0x70: /* Status Register */
508 DPRINTF("%s: Read status register\n", __func__);
509 pfl->cmd = cmd;
510 return;
0b2ec6fc
MW		 511 case 0x90: /* Read Device ID */
512 DPRINTF("%s: Read Device information\n", __func__);
513 pfl->cmd = cmd;
514 return;
05ee37eb
AZ		 515 case 0x98: /* CFI query */
516 DPRINTF("%s: CFI query\n", __func__);
517 break;
518 case 0xe8: /* Write to buffer */
519 DPRINTF("%s: Write to buffer\n", __func__);
520 pfl->status |= 0x80; /* Ready! */
521 break;
5928023c
SW		 522 case 0xf0: /* Probe for AMD flash */
523 DPRINTF("%s: Probe for AMD flash\n", __func__);
524 goto reset_flash;
05ee37eb
AZ		 525 case 0xff: /* Read array mode */
526 DPRINTF("%s: Read array mode\n", __func__);
527 goto reset_flash;
528 default:
529 goto error_flash;
530 }
531 pfl->wcycle++;
532 pfl->cmd = cmd;
12dabc79 533 break;
05ee37eb
AZ		 534 case 1:
535 switch (pfl->cmd) {
d361be25
AZ		 536 case 0x10: /* Single Byte Program */
537 case 0x40: /* Single Byte Program */
538 DPRINTF("%s: Single Byte Program\n", __func__);
de8efe8f
JJ		 539 if (!pfl->ro) {
540 pflash_data_write(pfl, offset, value, width, be);
541 pflash_update(pfl, offset, width);
542 } else {
543 pfl->status |= 0x10; /* Programming error */
544 }
d361be25
AZ		 545 pfl->status |= 0x80; /* Ready! */
546 pfl->wcycle = 0;
547 break;
05ee37eb
AZ		 548 case 0x20: /* Block erase */
549 case 0x28:
550 if (cmd == 0xd0) { /* confirm */
3656744c 551 pfl->wcycle = 0;
05ee37eb 552 pfl->status |= 0x80;
9248f413 553 } else if (cmd == 0xff) { /* read array mode */
05ee37eb
AZ		 554 goto reset_flash;
555 } else
556 goto error_flash;
557
558 break;
559 case 0xe8:
1997b485
RF		 560 /* Mask writeblock size based on device width, or bank width if
561 * device width not specified.
562 */
563 if (pfl->device_width) {
564 value = extract32(value, 0, pfl->device_width * 8);
565 } else {
566 value = extract32(value, 0, pfl->bank_width * 8);
567 }
71fb2348
AZ		 568 DPRINTF("%s: block write of %x bytes\n", __func__, value);
569 pfl->counter = value;
05ee37eb
AZ		 570 pfl->wcycle++;
571 break;
572 case 0x60:
573 if (cmd == 0xd0) {
574 pfl->wcycle = 0;
575 pfl->status |= 0x80;
576 } else if (cmd == 0x01) {
577 pfl->wcycle = 0;
578 pfl->status |= 0x80;
579 } else if (cmd == 0xff) {
580 goto reset_flash;
581 } else {
582 DPRINTF("%s: Unknown (un)locking command\n", __func__);
583 goto reset_flash;
584 }
585 break;
586 case 0x98:
587 if (cmd == 0xff) {
588 goto reset_flash;
589 } else {
590 DPRINTF("%s: leaving query mode\n", __func__);
591 }
592 break;
593 default:
594 goto error_flash;
595 }
12dabc79 596 break;
05ee37eb
AZ		 597 case 2:
598 switch (pfl->cmd) {
599 case 0xe8: /* Block write */
de8efe8f
JJ		 600 if (!pfl->ro) {
601 pflash_data_write(pfl, offset, value, width, be);
602 } else {
603 pfl->status |= 0x10; /* Programming error */
604 }
05ee37eb
AZ		 605
606 pfl->status |= 0x80;
607
608 if (!pfl->counter) {
a8170e5e 609 hwaddr mask = pfl->writeblock_size - 1;
b4bf0a9a
EI		 610 mask = ~mask;
611
05ee37eb
AZ		 612 DPRINTF("%s: block write finished\n", __func__);
613 pfl->wcycle++;
de8efe8f
JJ		 614 if (!pfl->ro) {
615 /* Flush the entire write buffer onto backing storage. */
616 pflash_update(pfl, offset & mask, pfl->writeblock_size);
617 } else {
618 pfl->status |= 0x10; /* Programming error */
619 }
05ee37eb
AZ		 620 }
621
622 pfl->counter--;
623 break;
7317b8ca
AZ		 624 default:
625 goto error_flash;
05ee37eb 626 }
12dabc79 627 break;
05ee37eb
AZ		 628 case 3: /* Confirm mode */
629 switch (pfl->cmd) {
630 case 0xe8: /* Block write */
631 if (cmd == 0xd0) {
632 pfl->wcycle = 0;
633 pfl->status |= 0x80;
05ee37eb
AZ		 634 } else {
635 DPRINTF("%s: unknown command for \"write block\"\n", __func__);
636 PFLASH_BUG("Write block confirm");
7317b8ca 637 goto reset_flash;
05ee37eb 638 }
7317b8ca
AZ		 639 break;
640 default:
641 goto error_flash;
05ee37eb 642 }
12dabc79 643 break;
05ee37eb
AZ		 644 default:
645 /* Should never happen */
646 DPRINTF("%s: invalid write state\n", __func__);
647 goto reset_flash;
648 }
649 return;
650
651 error_flash:
d96fc51c
PC		 652 qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence "
653 "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)"
654 "\n", __func__, offset, pfl->wcycle, pfl->cmd, value);
05ee37eb
AZ		 655
656 reset_flash:
5f9a5ea1 657 memory_region_rom_device_set_romd(&pfl->mem, true);
05ee37eb 658
05ee37eb
AZ		 659 pfl->wcycle = 0;
660 pfl->cmd = 0;
05ee37eb
AZ		 661}
662
663
f71e42a5
PB		 664static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value,
665 unsigned len, MemTxAttrs attrs)
3d08ff69
BS		 666{
667 pflash_t *pfl = opaque;
5aa113f0 668 bool be = !!(pfl->features & (1 << PFLASH_BE));
3d08ff69 669
f71e42a5
PB		 670 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) {
671 *value = pflash_data_read(opaque, addr, len, be);
672 } else {
673 *value = pflash_read(opaque, addr, len, be);
674 }
675 return MEMTX_OK;
3d08ff69
BS		 676}
677
f71e42a5
PB		 678static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value,
679 unsigned len, MemTxAttrs attrs)
05ee37eb 680{
3d08ff69 681 pflash_t *pfl = opaque;
5aa113f0 682 bool be = !!(pfl->features & (1 << PFLASH_BE));
3d08ff69 683
f71e42a5
PB		 684 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) {
685 return MEMTX_ERROR;
686 } else {
687 pflash_write(opaque, addr, value, len, be);
688 return MEMTX_OK;
689 }
05ee37eb
AZ		 690}
691
5aa113f0 692static const MemoryRegionOps pflash_cfi01_ops = {
f71e42a5
PB		 693 .read_with_attrs = pflash_mem_read_with_attrs,
694 .write_with_attrs = pflash_mem_write_with_attrs,
cfe5f011 695 .endianness = DEVICE_NATIVE_ENDIAN,
05ee37eb
AZ		 696};
697
e40b5f3e 698static void pflash_cfi01_realize(DeviceState *dev, Error **errp)
05ee37eb 699{
f1b44f0e 700 pflash_t *pfl = CFI_PFLASH01(dev);
368a354f 701 uint64_t total_len;
d0e7605e 702 int ret;
a0289b8a
PM		 703 uint64_t blocks_per_device, device_len;
704 int num_devices;
33e0eb52 705 Error *local_err = NULL;
05ee37eb 706
368a354f 707 total_len = pfl->sector_len * pfl->nb_blocs;
05ee37eb 708
a0289b8a
PM		 709 /* These are only used to expose the parameters of each device
710 * in the cfi_table[].
711 */
712 num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1;
713 blocks_per_device = pfl->nb_blocs / num_devices;
714 device_len = pfl->sector_len * blocks_per_device;
715
05ee37eb 716 /* XXX: to be fixed */
c8b153d7 717#if 0
05ee37eb
AZ		 718 if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) &&
719 total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024))
720 return NULL;
c8b153d7 721#endif
05ee37eb 722
cfe5f011 723 memory_region_init_rom_device(
2d256e6f 724 &pfl->mem, OBJECT(dev),
5aa113f0 725 &pflash_cfi01_ops,
e9809422 726 pfl,
33e0eb52
HT		 727 pfl->name, total_len, &local_err);
728 if (local_err) {
729 error_propagate(errp, local_err);
730 return;
731 }
732
368a354f 733 vmstate_register_ram(&pfl->mem, DEVICE(pfl));
cfe5f011 734 pfl->storage = memory_region_get_ram_ptr(&pfl->mem);
e40b5f3e 735 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem);
05ee37eb 736
4be74634 737 if (pfl->blk) {
05ee37eb 738 /* read the initial flash content */
4be74634 739 ret = blk_read(pfl->blk, 0, pfl->storage, total_len >> 9);
368a354f 740
d0e7605e 741 if (ret < 0) {
368a354f 742 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl));
e40b5f3e
HT		 743 error_setg(errp, "failed to read the initial flash content");
744 return;
d0e7605e 745 }
05ee37eb 746 }
de8efe8f 747
4be74634
MA		 748 if (pfl->blk) {
749 pfl->ro = blk_is_read_only(pfl->blk);
de8efe8f
JJ		 750 } else {
751 pfl->ro = 0;
752 }
753
fa21a7b1
RF		 754 /* Default to devices being used at their maximum device width. This was
755 * assumed before the device_width support was added.
756 */
757 if (!pfl->max_device_width) {
758 pfl->max_device_width = pfl->device_width;
759 }
760
bc72ad67 761 pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl);
05ee37eb
AZ		 762 pfl->wcycle = 0;
763 pfl->cmd = 0;
764 pfl->status = 0;
05ee37eb
AZ		 765 /* Hardcoded CFI table */
766 pfl->cfi_len = 0x52;
767 /* Standard "QRY" string */
768 pfl->cfi_table[0x10] = 'Q';
769 pfl->cfi_table[0x11] = 'R';
770 pfl->cfi_table[0x12] = 'Y';
771 /* Command set (Intel) */
772 pfl->cfi_table[0x13] = 0x01;
773 pfl->cfi_table[0x14] = 0x00;
774 /* Primary extended table address (none) */
775 pfl->cfi_table[0x15] = 0x31;
776 pfl->cfi_table[0x16] = 0x00;
777 /* Alternate command set (none) */
778 pfl->cfi_table[0x17] = 0x00;
779 pfl->cfi_table[0x18] = 0x00;
780 /* Alternate extended table (none) */
781 pfl->cfi_table[0x19] = 0x00;
782 pfl->cfi_table[0x1A] = 0x00;
783 /* Vcc min */
784 pfl->cfi_table[0x1B] = 0x45;
785 /* Vcc max */
786 pfl->cfi_table[0x1C] = 0x55;
787 /* Vpp min (no Vpp pin) */
788 pfl->cfi_table[0x1D] = 0x00;
789 /* Vpp max (no Vpp pin) */
790 pfl->cfi_table[0x1E] = 0x00;
791 /* Reserved */
792 pfl->cfi_table[0x1F] = 0x07;
793 /* Timeout for min size buffer write */
794 pfl->cfi_table[0x20] = 0x07;
795 /* Typical timeout for block erase */
796 pfl->cfi_table[0x21] = 0x0a;
797 /* Typical timeout for full chip erase (4096 ms) */
798 pfl->cfi_table[0x22] = 0x00;
799 /* Reserved */
800 pfl->cfi_table[0x23] = 0x04;
801 /* Max timeout for buffer write */
802 pfl->cfi_table[0x24] = 0x04;
803 /* Max timeout for block erase */
804 pfl->cfi_table[0x25] = 0x04;
805 /* Max timeout for chip erase */
806 pfl->cfi_table[0x26] = 0x00;
807 /* Device size */
a0289b8a 808 pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */
05ee37eb
AZ		 809 /* Flash device interface (8 & 16 bits) */
810 pfl->cfi_table[0x28] = 0x02;
811 pfl->cfi_table[0x29] = 0x00;
812 /* Max number of bytes in multi-bytes write */
4b6fedca 813 if (pfl->bank_width == 1) {
4737fa26
EI		 814 pfl->cfi_table[0x2A] = 0x08;
815 } else {
816 pfl->cfi_table[0x2A] = 0x0B;
817 }
b4bf0a9a
EI		 818 pfl->writeblock_size = 1 << pfl->cfi_table[0x2A];
819
05ee37eb
AZ		 820 pfl->cfi_table[0x2B] = 0x00;
821 /* Number of erase block regions (uniform) */
822 pfl->cfi_table[0x2C] = 0x01;
823 /* Erase block region 1 */
a0289b8a
PM		 824 pfl->cfi_table[0x2D] = blocks_per_device - 1;
825 pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8;
368a354f
PC		 826 pfl->cfi_table[0x2F] = pfl->sector_len >> 8;
827 pfl->cfi_table[0x30] = pfl->sector_len >> 16;
05ee37eb
AZ		 828
829 /* Extended */
830 pfl->cfi_table[0x31] = 'P';
831 pfl->cfi_table[0x32] = 'R';
832 pfl->cfi_table[0x33] = 'I';
833
834 pfl->cfi_table[0x34] = '1';
262e1eaa 835 pfl->cfi_table[0x35] = '0';
05ee37eb
AZ		 836
837 pfl->cfi_table[0x36] = 0x00;
838 pfl->cfi_table[0x37] = 0x00;
839 pfl->cfi_table[0x38] = 0x00;
840 pfl->cfi_table[0x39] = 0x00;
841
842 pfl->cfi_table[0x3a] = 0x00;
843
844 pfl->cfi_table[0x3b] = 0x00;
845 pfl->cfi_table[0x3c] = 0x00;
846
262e1eaa 847 pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */
368a354f
PC		 848}
849
850static Property pflash_cfi01_properties[] = {
4be74634 851 DEFINE_PROP_DRIVE("drive", struct pflash_t, blk),
a0289b8a
PM		 852 /* num-blocks is the number of blocks actually visible to the guest,
853 * ie the total size of the device divided by the sector length.
854 * If we're emulating flash devices wired in parallel the actual
855 * number of blocks per indvidual device will differ.
856 */
368a354f
PC		 857 DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0),
858 DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0),
fa21a7b1
RF		 859 /* width here is the overall width of this QEMU device in bytes.
860 * The QEMU device may be emulating a number of flash devices
861 * wired up in parallel; the width of each individual flash
862 * device should be specified via device-width. If the individual
863 * devices have a maximum width which is greater than the width
864 * they are being used for, this maximum width should be set via
865 * max-device-width (which otherwise defaults to device-width).
866 * So for instance a 32-bit wide QEMU flash device made from four
867 * 16-bit flash devices used in 8-bit wide mode would be configured
868 * with width = 4, device-width = 1, max-device-width = 2.
869 *
870 * If device-width is not specified we default to backwards
871 * compatible behaviour which is a bad emulation of two
872 * 16 bit devices making up a 32 bit wide QEMU device. This
873 * is deprecated for new uses of this device.
874 */
4b6fedca 875 DEFINE_PROP_UINT8("width", struct pflash_t, bank_width, 0),
1997b485 876 DEFINE_PROP_UINT8("device-width", struct pflash_t, device_width, 0),
fa21a7b1 877 DEFINE_PROP_UINT8("max-device-width", struct pflash_t, max_device_width, 0),
e9809422 878 DEFINE_PROP_BIT("big-endian", struct pflash_t, features, PFLASH_BE, 0),
f71e42a5 879 DEFINE_PROP_BIT("secure", struct pflash_t, features, PFLASH_SECURE, 0),
368a354f
PC		 880 DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0),
881 DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0),
882 DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0),
883 DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0),
884 DEFINE_PROP_STRING("name", struct pflash_t, name),
885 DEFINE_PROP_END_OF_LIST(),
886};
887
888static void pflash_cfi01_class_init(ObjectClass *klass, void *data)
889{
890 DeviceClass *dc = DEVICE_CLASS(klass);
368a354f 891
e40b5f3e 892 dc->realize = pflash_cfi01_realize;
368a354f 893 dc->props = pflash_cfi01_properties;
d8d24fb7 894 dc->vmsd = &vmstate_pflash;
125ee0ed 895 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
368a354f
PC		 896}
897
898
899static const TypeInfo pflash_cfi01_info = {
f1b44f0e 900 .name = TYPE_CFI_PFLASH01,
368a354f
PC		 901 .parent = TYPE_SYS_BUS_DEVICE,
902 .instance_size = sizeof(struct pflash_t),
903 .class_init = pflash_cfi01_class_init,
904};
905
906static void pflash_cfi01_register_types(void)
907{
908 type_register_static(&pflash_cfi01_info);
909}
910
911type_init(pflash_cfi01_register_types)
912
913pflash_t *pflash_cfi01_register(hwaddr base,
914 DeviceState *qdev, const char *name,
915 hwaddr size,
4be74634 916 BlockBackend *blk,
4b6fedca
RF		 917 uint32_t sector_len, int nb_blocs,
918 int bank_width, uint16_t id0, uint16_t id1,
368a354f
PC		 919 uint16_t id2, uint16_t id3, int be)
920{
f1b44f0e 921 DeviceState *dev = qdev_create(NULL, TYPE_CFI_PFLASH01);
368a354f 922
9b3d111a
MA		 923 if (blk) {
924 qdev_prop_set_drive(dev, "drive", blk, &error_abort);
368a354f
PC		 925 }
926 qdev_prop_set_uint32(dev, "num-blocks", nb_blocs);
927 qdev_prop_set_uint64(dev, "sector-length", sector_len);
4b6fedca 928 qdev_prop_set_uint8(dev, "width", bank_width);
e9809422 929 qdev_prop_set_bit(dev, "big-endian", !!be);
368a354f
PC		 930 qdev_prop_set_uint16(dev, "id0", id0);
931 qdev_prop_set_uint16(dev, "id1", id1);
932 qdev_prop_set_uint16(dev, "id2", id2);
933 qdev_prop_set_uint16(dev, "id3", id3);
934 qdev_prop_set_string(dev, "name", name);
935 qdev_init_nofail(dev);
936
f1b44f0e
HT		 937 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
938 return CFI_PFLASH01(dev);
05ee37eb 939}
cfe5f011
AK		 940
941MemoryRegion *pflash_cfi01_get_memory(pflash_t *fl)
942{
943 return &fl->mem;
944}
4c0cfc72
LE		 945
946static int pflash_post_load(void *opaque, int version_id)
947{
948 pflash_t *pfl = opaque;
949
950 if (!pfl->ro) {
951 DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name);
952 pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs);
953 }
954 return 0;
955}
QEMU mirror