]> Git Repo - qemu.git/blame - hw/block/pflash_cfi01.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
mips: move CP0 functions out of cpu.h
[qemu.git] / hw / block / pflash_cfi01.c
CommitLineData
05ee37eb
AZ		 1/*
2 * CFI parallel flash with Intel command set emulation
3 *
4 * Copyright (c) 2006 Thorsten Zitterell
5 * Copyright (c) 2005 Jocelyn Mayer
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
8167ee88 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
05ee37eb
AZ		 19 */
20
21/*
22 * For now, this code can emulate flashes of 1, 2 or 4 bytes width.
23 * Supported commands/modes are:
24 * - flash read
25 * - flash write
26 * - flash ID read
27 * - sector erase
28 * - CFI queries
29 *
30 * It does not support timings
31 * It does not support flash interleaving
32 * It does not implement software data protection as found in many real chips
33 * It does not implement erase suspend/resume commands
34 * It does not implement multiple sectors erase
35 *
36 * It does not implement much more ...
37 */
38
80c71a24 39#include "qemu/osdep.h"
83c9f4ca 40#include "hw/hw.h"
0d09e41a 41#include "hw/block/flash.h"
4be74634 42#include "sysemu/block-backend.h"
da34e65c 43#include "qapi/error.h"
1de7afc9 44#include "qemu/timer.h"
1997b485 45#include "qemu/bitops.h"
022c62cb 46#include "exec/address-spaces.h"
1de7afc9 47#include "qemu/host-utils.h"
83c9f4ca 48#include "hw/sysbus.h"
90c647db 49#include "sysemu/sysemu.h"
05ee37eb 50
001faf32 51#define PFLASH_BUG(fmt, ...) \
05ee37eb 52do { \
ec9ea489 53 fprintf(stderr, "PFLASH: Possible BUG - " fmt, ## __VA_ARGS__); \
05ee37eb
AZ		 54 exit(1); \
55} while(0)
56
57/* #define PFLASH_DEBUG */
58#ifdef PFLASH_DEBUG
ec9ea489
PC		 59#define DPRINTF(fmt, ...) \
60do { \
61 fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \
05ee37eb
AZ		 62} while (0)
63#else
001faf32 64#define DPRINTF(fmt, ...) do { } while (0)
05ee37eb
AZ		 65#endif
66
f1b44f0e
HT		 67#define TYPE_CFI_PFLASH01 "cfi.pflash01"
68#define CFI_PFLASH01(obj) OBJECT_CHECK(pflash_t, (obj), TYPE_CFI_PFLASH01)
69
e9809422 70#define PFLASH_BE 0
f71e42a5 71#define PFLASH_SECURE 1
e9809422 72
c227f099 73struct pflash_t {
f1b44f0e
HT		 74 /*< private >*/
75 SysBusDevice parent_obj;
76 /*< public >*/
77
4be74634 78 BlockBackend *blk;
368a354f
PC		 79 uint32_t nb_blocs;
80 uint64_t sector_len;
4b6fedca 81 uint8_t bank_width;
1997b485 82 uint8_t device_width; /* If 0, device width not specified. */
fa21a7b1 83 uint8_t max_device_width; /* max device width in bytes */
e9809422 84 uint32_t features;
d8d24fb7 85 uint8_t wcycle; /* if 0, the flash is read normally */
05ee37eb
AZ		 86 int ro;
87 uint8_t cmd;
88 uint8_t status;
368a354f
PC		 89 uint16_t ident0;
90 uint16_t ident1;
91 uint16_t ident2;
92 uint16_t ident3;
05ee37eb
AZ		 93 uint8_t cfi_len;
94 uint8_t cfi_table[0x52];
d8d24fb7 95 uint64_t counter;
b4bf0a9a 96 unsigned int writeblock_size;
05ee37eb 97 QEMUTimer *timer;
cfe5f011 98 MemoryRegion mem;
368a354f 99 char *name;
05ee37eb 100 void *storage;
90c647db 101 VMChangeStateEntry *vmstate;
05ee37eb
AZ		 102};
103
4c0cfc72
LE		 104static int pflash_post_load(void *opaque, int version_id);
105
d8d24fb7
PM		 106static const VMStateDescription vmstate_pflash = {
107 .name = "pflash_cfi01",
108 .version_id = 1,
109 .minimum_version_id = 1,
4c0cfc72 110 .post_load = pflash_post_load,
d8d24fb7
PM		 111 .fields = (VMStateField[]) {
112 VMSTATE_UINT8(wcycle, pflash_t),
113 VMSTATE_UINT8(cmd, pflash_t),
114 VMSTATE_UINT8(status, pflash_t),
115 VMSTATE_UINT64(counter, pflash_t),
116 VMSTATE_END_OF_LIST()
117 }
118};
119
05ee37eb
AZ		 120static void pflash_timer (void *opaque)
121{
c227f099 122 pflash_t *pfl = opaque;
05ee37eb
AZ		 123
124 DPRINTF("%s: command %02x done\n", __func__, pfl->cmd);
125 /* Reset flash */
126 pfl->status ^= 0x80;
5f9a5ea1 127 memory_region_rom_device_set_romd(&pfl->mem, true);
5d79b80b 128 pfl->wcycle = 0;
05ee37eb
AZ		 129 pfl->cmd = 0;
130}
131
4433e660
RF		 132/* Perform a CFI query based on the bank width of the flash.
133 * If this code is called we know we have a device_width set for
134 * this flash.
135 */
136static uint32_t pflash_cfi_query(pflash_t *pfl, hwaddr offset)
137{
138 int i;
139 uint32_t resp = 0;
140 hwaddr boff;
141
142 /* Adjust incoming offset to match expected device-width
143 * addressing. CFI query addresses are always specified in terms of
144 * the maximum supported width of the device. This means that x8
145 * devices and x8/x16 devices in x8 mode behave differently. For
146 * devices that are not used at their max width, we will be
147 * provided with addresses that use higher address bits than
148 * expected (based on the max width), so we will shift them lower
149 * so that they will match the addresses used when
150 * device_width==max_device_width.
151 */
152 boff = offset >> (ctz32(pfl->bank_width) +
153 ctz32(pfl->max_device_width) - ctz32(pfl->device_width));
154
155 if (boff > pfl->cfi_len) {
156 return 0;
157 }
158 /* Now we will construct the CFI response generated by a single
159 * device, then replicate that for all devices that make up the
160 * bus. For wide parts used in x8 mode, CFI query responses
161 * are different than native byte-wide parts.
162 */
163 resp = pfl->cfi_table[boff];
164 if (pfl->device_width != pfl->max_device_width) {
165 /* The only case currently supported is x8 mode for a
166 * wider part.
167 */
168 if (pfl->device_width != 1 || pfl->bank_width > 4) {
169 DPRINTF("%s: Unsupported device configuration: "
170 "device_width=%d, max_device_width=%d\n",
171 __func__, pfl->device_width,
172 pfl->max_device_width);
173 return 0;
174 }
175 /* CFI query data is repeated, rather than zero padded for
176 * wide devices used in x8 mode.
177 */
178 for (i = 1; i < pfl->max_device_width; i++) {
179 resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]);
180 }
181 }
182 /* Replicate responses for each device in bank. */
183 if (pfl->device_width < pfl->bank_width) {
184 for (i = pfl->device_width;
185 i < pfl->bank_width; i += pfl->device_width) {
186 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp);
187 }
188 }
189
190 return resp;
191}
192
0163a2dc
RF		 193
194
195/* Perform a device id query based on the bank width of the flash. */
196static uint32_t pflash_devid_query(pflash_t *pfl, hwaddr offset)
197{
198 int i;
199 uint32_t resp;
200 hwaddr boff;
201
202 /* Adjust incoming offset to match expected device-width
203 * addressing. Device ID read addresses are always specified in
204 * terms of the maximum supported width of the device. This means
205 * that x8 devices and x8/x16 devices in x8 mode behave
206 * differently. For devices that are not used at their max width,
207 * we will be provided with addresses that use higher address bits
208 * than expected (based on the max width), so we will shift them
209 * lower so that they will match the addresses used when
210 * device_width==max_device_width.
211 */
212 boff = offset >> (ctz32(pfl->bank_width) +
213 ctz32(pfl->max_device_width) - ctz32(pfl->device_width));
214
215 /* Mask off upper bits which may be used in to query block
216 * or sector lock status at other addresses.
217 * Offsets 2/3 are block lock status, is not emulated.
218 */
219 switch (boff & 0xFF) {
220 case 0:
221 resp = pfl->ident0;
afeb25f9 222 DPRINTF("%s: Manufacturer Code %04x\n", __func__, resp);
0163a2dc
RF		 223 break;
224 case 1:
225 resp = pfl->ident1;
afeb25f9 226 DPRINTF("%s: Device ID Code %04x\n", __func__, resp);
0163a2dc
RF		 227 break;
228 default:
229 DPRINTF("%s: Read Device Information offset=%x\n", __func__,
230 (unsigned)offset);
231 return 0;
232 break;
233 }
234 /* Replicate responses for each device in bank. */
235 if (pfl->device_width < pfl->bank_width) {
236 for (i = pfl->device_width;
237 i < pfl->bank_width; i += pfl->device_width) {
238 resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp);
239 }
240 }
241
242 return resp;
243}
244
f71e42a5
PB		 245static uint32_t pflash_data_read(pflash_t *pfl, hwaddr offset,
246 int width, int be)
247{
248 uint8_t *p;
249 uint32_t ret;
250
251 p = pfl->storage;
252 switch (width) {
253 case 1:
254 ret = p[offset];
255 DPRINTF("%s: data offset " TARGET_FMT_plx " %02x\n",
256 __func__, offset, ret);
257 break;
258 case 2:
259 if (be) {
260 ret = p[offset] << 8;
261 ret |= p[offset + 1];
262 } else {
263 ret = p[offset];
264 ret |= p[offset + 1] << 8;
265 }
266 DPRINTF("%s: data offset " TARGET_FMT_plx " %04x\n",
267 __func__, offset, ret);
268 break;
269 case 4:
270 if (be) {
271 ret = p[offset] << 24;
272 ret |= p[offset + 1] << 16;
273 ret |= p[offset + 2] << 8;
274 ret |= p[offset + 3];
275 } else {
276 ret = p[offset];
277 ret |= p[offset + 1] << 8;
278 ret |= p[offset + 2] << 16;
279 ret |= p[offset + 3] << 24;
280 }
281 DPRINTF("%s: data offset " TARGET_FMT_plx " %08x\n",
282 __func__, offset, ret);
283 break;
284 default:
285 DPRINTF("BUG in %s\n", __func__);
286 abort();
287 }
288 return ret;
289}
290
a8170e5e 291static uint32_t pflash_read (pflash_t *pfl, hwaddr offset,
3d08ff69 292 int width, int be)
05ee37eb 293{
a8170e5e 294 hwaddr boff;
05ee37eb 295 uint32_t ret;
05ee37eb
AZ		 296
297 ret = -1;
05ee37eb 298
fad8c772
EI		 299#if 0
300 DPRINTF("%s: reading offset " TARGET_FMT_plx " under cmd %02x width %d\n",
06adb549 301 __func__, offset, pfl->cmd, width);
fad8c772 302#endif
05ee37eb 303 switch (pfl->cmd) {
1be97bf2
PM		 304 default:
305 /* This should never happen : reset state & treat it as a read */
306 DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd);
307 pfl->wcycle = 0;
308 pfl->cmd = 0;
309 /* fall through to read code */
05ee37eb
AZ		 310 case 0x00:
311 /* Flash area read */
f71e42a5 312 ret = pflash_data_read(pfl, offset, width, be);
05ee37eb 313 break;
6e392787 314 case 0x10: /* Single byte program */
05ee37eb 315 case 0x20: /* Block erase */
6e392787
PM		 316 case 0x28: /* Block erase */
317 case 0x40: /* single byte program */
05ee37eb
AZ		 318 case 0x50: /* Clear status register */
319 case 0x60: /* Block /un)lock */
320 case 0x70: /* Status Register */
321 case 0xe8: /* Write block */
2003889f
RF		 322 /* Status register read. Return status from each device in
323 * bank.
324 */
05ee37eb 325 ret = pfl->status;
2003889f
RF		 326 if (pfl->device_width && width > pfl->device_width) {
327 int shift = pfl->device_width * 8;
328 while (shift + pfl->device_width * 8 <= width * 8) {
329 ret |= pfl->status << shift;
330 shift += pfl->device_width * 8;
331 }
332 } else if (!pfl->device_width && width > 2) {
333 /* Handle 32 bit flash cases where device width is not
334 * set. (Existing behavior before device width added.)
335 */
ea0a4f34
PB		 336 ret |= pfl->status << 16;
337 }
05ee37eb
AZ		 338 DPRINTF("%s: status %x\n", __func__, ret);
339 break;
0b2ec6fc 340 case 0x90:
0163a2dc
RF		 341 if (!pfl->device_width) {
342 /* Preserve old behavior if device width not specified */
343 boff = offset & 0xFF;
344 if (pfl->bank_width == 2) {
345 boff = boff >> 1;
346 } else if (pfl->bank_width == 4) {
347 boff = boff >> 2;
348 }
4433e660 349
0163a2dc
RF		 350 switch (boff) {
351 case 0:
352 ret = pfl->ident0 << 8 | pfl->ident1;
353 DPRINTF("%s: Manufacturer Code %04x\n", __func__, ret);
354 break;
355 case 1:
356 ret = pfl->ident2 << 8 | pfl->ident3;
357 DPRINTF("%s: Device ID Code %04x\n", __func__, ret);
358 break;
359 default:
360 DPRINTF("%s: Read Device Information boff=%x\n", __func__,
361 (unsigned)boff);
362 ret = 0;
363 break;
364 }
365 } else {
366 /* If we have a read larger than the bank_width, combine multiple
367 * manufacturer/device ID queries into a single response.
368 */
369 int i;
370 for (i = 0; i < width; i += pfl->bank_width) {
371 ret = deposit32(ret, i * 8, pfl->bank_width * 8,
372 pflash_devid_query(pfl,
373 offset + i * pfl->bank_width));
374 }
0b2ec6fc
MW		 375 }
376 break;
05ee37eb 377 case 0x98: /* Query mode */
4433e660
RF		 378 if (!pfl->device_width) {
379 /* Preserve old behavior if device width not specified */
380 boff = offset & 0xFF;
381 if (pfl->bank_width == 2) {
382 boff = boff >> 1;
383 } else if (pfl->bank_width == 4) {
384 boff = boff >> 2;
385 }
386
387 if (boff > pfl->cfi_len) {
388 ret = 0;
389 } else {
390 ret = pfl->cfi_table[boff];
391 }
392 } else {
393 /* If we have a read larger than the bank_width, combine multiple
394 * CFI queries into a single response.
395 */
396 int i;
397 for (i = 0; i < width; i += pfl->bank_width) {
398 ret = deposit32(ret, i * 8, pfl->bank_width * 8,
399 pflash_cfi_query(pfl,
400 offset + i * pfl->bank_width));
401 }
402 }
403
05ee37eb 404 break;
05ee37eb
AZ		 405 }
406 return ret;
407}
408
409/* update flash content on disk */
c227f099 410static void pflash_update(pflash_t *pfl, int offset,
05ee37eb
AZ		 411 int size)
412{
413 int offset_end;
4be74634 414 if (pfl->blk) {
05ee37eb 415 offset_end = offset + size;
098e732d
EB		 416 /* widen to sector boundaries */
417 offset = QEMU_ALIGN_DOWN(offset, BDRV_SECTOR_SIZE);
418 offset_end = QEMU_ALIGN_UP(offset_end, BDRV_SECTOR_SIZE);
419 blk_pwrite(pfl->blk, offset, pfl->storage + offset,
420 offset_end - offset, 0);
05ee37eb
AZ		 421 }
422}
423
a8170e5e 424static inline void pflash_data_write(pflash_t *pfl, hwaddr offset,
3d08ff69 425 uint32_t value, int width, int be)
d361be25
AZ		 426{
427 uint8_t *p = pfl->storage;
428
fad8c772 429 DPRINTF("%s: block write offset " TARGET_FMT_plx
d8d24fb7 430 " value %x counter %016" PRIx64 "\n",
d361be25
AZ		 431 __func__, offset, value, pfl->counter);
432 switch (width) {
433 case 1:
434 p[offset] = value;
d361be25
AZ		 435 break;
436 case 2:
3d08ff69
BS		 437 if (be) {
438 p[offset] = value >> 8;
439 p[offset + 1] = value;
440 } else {
441 p[offset] = value;
442 p[offset + 1] = value >> 8;
443 }
d361be25
AZ		 444 break;
445 case 4:
3d08ff69
BS		 446 if (be) {
447 p[offset] = value >> 24;
448 p[offset + 1] = value >> 16;
449 p[offset + 2] = value >> 8;
450 p[offset + 3] = value;
451 } else {
452 p[offset] = value;
453 p[offset + 1] = value >> 8;
454 p[offset + 2] = value >> 16;
455 p[offset + 3] = value >> 24;
456 }
d361be25
AZ		 457 break;
458 }
459
460}
461
a8170e5e 462static void pflash_write(pflash_t *pfl, hwaddr offset,
3d08ff69 463 uint32_t value, int width, int be)
05ee37eb 464{
05ee37eb
AZ		 465 uint8_t *p;
466 uint8_t cmd;
467
05ee37eb 468 cmd = value;
05ee37eb 469
fad8c772 470 DPRINTF("%s: writing offset " TARGET_FMT_plx " value %08x width %d wcycle 0x%x\n",
c8b153d7 471 __func__, offset, value, width, pfl->wcycle);
05ee37eb 472
e9cbbcac
EI		 473 if (!pfl->wcycle) {
474 /* Set the device in I/O access mode */
5f9a5ea1 475 memory_region_rom_device_set_romd(&pfl->mem, false);
e9cbbcac 476 }
05ee37eb
AZ		 477
478 switch (pfl->wcycle) {
479 case 0:
480 /* read mode */
481 switch (cmd) {
482 case 0x00: /* ??? */
483 goto reset_flash;
d361be25
AZ		 484 case 0x10: /* Single Byte Program */
485 case 0x40: /* Single Byte Program */
fad8c772 486 DPRINTF("%s: Single Byte Program\n", __func__);
d361be25 487 break;
05ee37eb
AZ		 488 case 0x20: /* Block erase */
489 p = pfl->storage;
490 offset &= ~(pfl->sector_len - 1);
491
368a354f
PC		 492 DPRINTF("%s: block erase at " TARGET_FMT_plx " bytes %x\n",
493 __func__, offset, (unsigned)pfl->sector_len);
05ee37eb 494
de8efe8f
JJ		 495 if (!pfl->ro) {
496 memset(p + offset, 0xff, pfl->sector_len);
497 pflash_update(pfl, offset, pfl->sector_len);
498 } else {
499 pfl->status |= 0x20; /* Block erase error */
500 }
05ee37eb
AZ		 501 pfl->status |= 0x80; /* Ready! */
502 break;
503 case 0x50: /* Clear status bits */
504 DPRINTF("%s: Clear status bits\n", __func__);
505 pfl->status = 0x0;
506 goto reset_flash;
507 case 0x60: /* Block (un)lock */
508 DPRINTF("%s: Block unlock\n", __func__);
509 break;
510 case 0x70: /* Status Register */
511 DPRINTF("%s: Read status register\n", __func__);
512 pfl->cmd = cmd;
513 return;
0b2ec6fc
MW		 514 case 0x90: /* Read Device ID */
515 DPRINTF("%s: Read Device information\n", __func__);
516 pfl->cmd = cmd;
517 return;
05ee37eb
AZ		 518 case 0x98: /* CFI query */
519 DPRINTF("%s: CFI query\n", __func__);
520 break;
521 case 0xe8: /* Write to buffer */
522 DPRINTF("%s: Write to buffer\n", __func__);
523 pfl->status |= 0x80; /* Ready! */
524 break;
5928023c
SW		 525 case 0xf0: /* Probe for AMD flash */
526 DPRINTF("%s: Probe for AMD flash\n", __func__);
527 goto reset_flash;
05ee37eb
AZ		 528 case 0xff: /* Read array mode */
529 DPRINTF("%s: Read array mode\n", __func__);
530 goto reset_flash;
531 default:
532 goto error_flash;
533 }
534 pfl->wcycle++;
535 pfl->cmd = cmd;
12dabc79 536 break;
05ee37eb
AZ		 537 case 1:
538 switch (pfl->cmd) {
d361be25
AZ		 539 case 0x10: /* Single Byte Program */
540 case 0x40: /* Single Byte Program */
541 DPRINTF("%s: Single Byte Program\n", __func__);
de8efe8f
JJ		 542 if (!pfl->ro) {
543 pflash_data_write(pfl, offset, value, width, be);
544 pflash_update(pfl, offset, width);
545 } else {
546 pfl->status |= 0x10; /* Programming error */
547 }
d361be25
AZ		 548 pfl->status |= 0x80; /* Ready! */
549 pfl->wcycle = 0;
550 break;
05ee37eb
AZ		 551 case 0x20: /* Block erase */
552 case 0x28:
553 if (cmd == 0xd0) { /* confirm */
3656744c 554 pfl->wcycle = 0;
05ee37eb 555 pfl->status |= 0x80;
9248f413 556 } else if (cmd == 0xff) { /* read array mode */
05ee37eb
AZ		 557 goto reset_flash;
558 } else
559 goto error_flash;
560
561 break;
562 case 0xe8:
1997b485
RF		 563 /* Mask writeblock size based on device width, or bank width if
564 * device width not specified.
565 */
566 if (pfl->device_width) {
567 value = extract32(value, 0, pfl->device_width * 8);
568 } else {
569 value = extract32(value, 0, pfl->bank_width * 8);
570 }
71fb2348
AZ		 571 DPRINTF("%s: block write of %x bytes\n", __func__, value);
572 pfl->counter = value;
05ee37eb
AZ		 573 pfl->wcycle++;
574 break;
575 case 0x60:
576 if (cmd == 0xd0) {
577 pfl->wcycle = 0;
578 pfl->status |= 0x80;
579 } else if (cmd == 0x01) {
580 pfl->wcycle = 0;
581 pfl->status |= 0x80;
582 } else if (cmd == 0xff) {
583 goto reset_flash;
584 } else {
585 DPRINTF("%s: Unknown (un)locking command\n", __func__);
586 goto reset_flash;
587 }
588 break;
589 case 0x98:
590 if (cmd == 0xff) {
591 goto reset_flash;
592 } else {
593 DPRINTF("%s: leaving query mode\n", __func__);
594 }
595 break;
596 default:
597 goto error_flash;
598 }
12dabc79 599 break;
05ee37eb
AZ		 600 case 2:
601 switch (pfl->cmd) {
602 case 0xe8: /* Block write */
de8efe8f
JJ		 603 if (!pfl->ro) {
604 pflash_data_write(pfl, offset, value, width, be);
605 } else {
606 pfl->status |= 0x10; /* Programming error */
607 }
05ee37eb
AZ		 608
609 pfl->status |= 0x80;
610
611 if (!pfl->counter) {
a8170e5e 612 hwaddr mask = pfl->writeblock_size - 1;
b4bf0a9a
EI		 613 mask = ~mask;
614
05ee37eb
AZ		 615 DPRINTF("%s: block write finished\n", __func__);
616 pfl->wcycle++;
de8efe8f
JJ		 617 if (!pfl->ro) {
618 /* Flush the entire write buffer onto backing storage. */
619 pflash_update(pfl, offset & mask, pfl->writeblock_size);
620 } else {
621 pfl->status |= 0x10; /* Programming error */
622 }
05ee37eb
AZ		 623 }
624
625 pfl->counter--;
626 break;
7317b8ca
AZ		 627 default:
628 goto error_flash;
05ee37eb 629 }
12dabc79 630 break;
05ee37eb
AZ		 631 case 3: /* Confirm mode */
632 switch (pfl->cmd) {
633 case 0xe8: /* Block write */
634 if (cmd == 0xd0) {
635 pfl->wcycle = 0;
636 pfl->status |= 0x80;
05ee37eb
AZ		 637 } else {
638 DPRINTF("%s: unknown command for \"write block\"\n", __func__);
639 PFLASH_BUG("Write block confirm");
7317b8ca 640 goto reset_flash;
05ee37eb 641 }
7317b8ca
AZ		 642 break;
643 default:
644 goto error_flash;
05ee37eb 645 }
12dabc79 646 break;
05ee37eb
AZ		 647 default:
648 /* Should never happen */
649 DPRINTF("%s: invalid write state\n", __func__);
650 goto reset_flash;
651 }
652 return;
653
654 error_flash:
d96fc51c
PC		 655 qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence "
656 "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)"
657 "\n", __func__, offset, pfl->wcycle, pfl->cmd, value);
05ee37eb
AZ		 658
659 reset_flash:
5f9a5ea1 660 memory_region_rom_device_set_romd(&pfl->mem, true);
05ee37eb 661
05ee37eb
AZ		 662 pfl->wcycle = 0;
663 pfl->cmd = 0;
05ee37eb
AZ		 664}
665
666
f71e42a5
PB		 667static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value,
668 unsigned len, MemTxAttrs attrs)
3d08ff69
BS		 669{
670 pflash_t *pfl = opaque;
5aa113f0 671 bool be = !!(pfl->features & (1 << PFLASH_BE));
3d08ff69 672
f71e42a5
PB		 673 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) {
674 *value = pflash_data_read(opaque, addr, len, be);
675 } else {
676 *value = pflash_read(opaque, addr, len, be);
677 }
678 return MEMTX_OK;
3d08ff69
BS		 679}
680
f71e42a5
PB		 681static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value,
682 unsigned len, MemTxAttrs attrs)
05ee37eb 683{
3d08ff69 684 pflash_t *pfl = opaque;
5aa113f0 685 bool be = !!(pfl->features & (1 << PFLASH_BE));
3d08ff69 686
f71e42a5
PB		 687 if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) {
688 return MEMTX_ERROR;
689 } else {
690 pflash_write(opaque, addr, value, len, be);
691 return MEMTX_OK;
692 }
05ee37eb
AZ		 693}
694
5aa113f0 695static const MemoryRegionOps pflash_cfi01_ops = {
f71e42a5
PB		 696 .read_with_attrs = pflash_mem_read_with_attrs,
697 .write_with_attrs = pflash_mem_write_with_attrs,
cfe5f011 698 .endianness = DEVICE_NATIVE_ENDIAN,
05ee37eb
AZ		 699};
700
e40b5f3e 701static void pflash_cfi01_realize(DeviceState *dev, Error **errp)
05ee37eb 702{
f1b44f0e 703 pflash_t *pfl = CFI_PFLASH01(dev);
368a354f 704 uint64_t total_len;
d0e7605e 705 int ret;
a0289b8a
PM		 706 uint64_t blocks_per_device, device_len;
707 int num_devices;
33e0eb52 708 Error *local_err = NULL;
05ee37eb 709
368a354f 710 total_len = pfl->sector_len * pfl->nb_blocs;
05ee37eb 711
a0289b8a
PM		 712 /* These are only used to expose the parameters of each device
713 * in the cfi_table[].
714 */
715 num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1;
716 blocks_per_device = pfl->nb_blocs / num_devices;
717 device_len = pfl->sector_len * blocks_per_device;
718
05ee37eb 719 /* XXX: to be fixed */
c8b153d7 720#if 0
05ee37eb
AZ		 721 if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) &&
722 total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024))
723 return NULL;
c8b153d7 724#endif
05ee37eb 725
cfe5f011 726 memory_region_init_rom_device(
2d256e6f 727 &pfl->mem, OBJECT(dev),
5aa113f0 728 &pflash_cfi01_ops,
e9809422 729 pfl,
33e0eb52
HT		 730 pfl->name, total_len, &local_err);
731 if (local_err) {
732 error_propagate(errp, local_err);
733 return;
734 }
735
368a354f 736 vmstate_register_ram(&pfl->mem, DEVICE(pfl));
cfe5f011 737 pfl->storage = memory_region_get_ram_ptr(&pfl->mem);
e40b5f3e 738 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem);
05ee37eb 739
4be74634 740 if (pfl->blk) {
05ee37eb 741 /* read the initial flash content */
098e732d 742 ret = blk_pread(pfl->blk, 0, pfl->storage, total_len);
368a354f 743
d0e7605e 744 if (ret < 0) {
368a354f 745 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl));
e40b5f3e
HT		 746 error_setg(errp, "failed to read the initial flash content");
747 return;
d0e7605e 748 }
05ee37eb 749 }
de8efe8f 750
4be74634
MA		 751 if (pfl->blk) {
752 pfl->ro = blk_is_read_only(pfl->blk);
de8efe8f
JJ		 753 } else {
754 pfl->ro = 0;
755 }
756
fa21a7b1
RF		 757 /* Default to devices being used at their maximum device width. This was
758 * assumed before the device_width support was added.
759 */
760 if (!pfl->max_device_width) {
761 pfl->max_device_width = pfl->device_width;
762 }
763
bc72ad67 764 pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl);
05ee37eb
AZ		 765 pfl->wcycle = 0;
766 pfl->cmd = 0;
767 pfl->status = 0;
05ee37eb
AZ		 768 /* Hardcoded CFI table */
769 pfl->cfi_len = 0x52;
770 /* Standard "QRY" string */
771 pfl->cfi_table[0x10] = 'Q';
772 pfl->cfi_table[0x11] = 'R';
773 pfl->cfi_table[0x12] = 'Y';
774 /* Command set (Intel) */
775 pfl->cfi_table[0x13] = 0x01;
776 pfl->cfi_table[0x14] = 0x00;
777 /* Primary extended table address (none) */
778 pfl->cfi_table[0x15] = 0x31;
779 pfl->cfi_table[0x16] = 0x00;
780 /* Alternate command set (none) */
781 pfl->cfi_table[0x17] = 0x00;
782 pfl->cfi_table[0x18] = 0x00;
783 /* Alternate extended table (none) */
784 pfl->cfi_table[0x19] = 0x00;
785 pfl->cfi_table[0x1A] = 0x00;
786 /* Vcc min */
787 pfl->cfi_table[0x1B] = 0x45;
788 /* Vcc max */
789 pfl->cfi_table[0x1C] = 0x55;
790 /* Vpp min (no Vpp pin) */
791 pfl->cfi_table[0x1D] = 0x00;
792 /* Vpp max (no Vpp pin) */
793 pfl->cfi_table[0x1E] = 0x00;
794 /* Reserved */
795 pfl->cfi_table[0x1F] = 0x07;
796 /* Timeout for min size buffer write */
797 pfl->cfi_table[0x20] = 0x07;
798 /* Typical timeout for block erase */
799 pfl->cfi_table[0x21] = 0x0a;
800 /* Typical timeout for full chip erase (4096 ms) */
801 pfl->cfi_table[0x22] = 0x00;
802 /* Reserved */
803 pfl->cfi_table[0x23] = 0x04;
804 /* Max timeout for buffer write */
805 pfl->cfi_table[0x24] = 0x04;
806 /* Max timeout for block erase */
807 pfl->cfi_table[0x25] = 0x04;
808 /* Max timeout for chip erase */
809 pfl->cfi_table[0x26] = 0x00;
810 /* Device size */
a0289b8a 811 pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */
05ee37eb
AZ		 812 /* Flash device interface (8 & 16 bits) */
813 pfl->cfi_table[0x28] = 0x02;
814 pfl->cfi_table[0x29] = 0x00;
815 /* Max number of bytes in multi-bytes write */
4b6fedca 816 if (pfl->bank_width == 1) {
4737fa26
EI		 817 pfl->cfi_table[0x2A] = 0x08;
818 } else {
819 pfl->cfi_table[0x2A] = 0x0B;
820 }
b4bf0a9a
EI		 821 pfl->writeblock_size = 1 << pfl->cfi_table[0x2A];
822
05ee37eb
AZ		 823 pfl->cfi_table[0x2B] = 0x00;
824 /* Number of erase block regions (uniform) */
825 pfl->cfi_table[0x2C] = 0x01;
826 /* Erase block region 1 */
a0289b8a
PM		 827 pfl->cfi_table[0x2D] = blocks_per_device - 1;
828 pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8;
368a354f
PC		 829 pfl->cfi_table[0x2F] = pfl->sector_len >> 8;
830 pfl->cfi_table[0x30] = pfl->sector_len >> 16;
05ee37eb
AZ		 831
832 /* Extended */
833 pfl->cfi_table[0x31] = 'P';
834 pfl->cfi_table[0x32] = 'R';
835 pfl->cfi_table[0x33] = 'I';
836
837 pfl->cfi_table[0x34] = '1';
262e1eaa 838 pfl->cfi_table[0x35] = '0';
05ee37eb
AZ		 839
840 pfl->cfi_table[0x36] = 0x00;
841 pfl->cfi_table[0x37] = 0x00;
842 pfl->cfi_table[0x38] = 0x00;
843 pfl->cfi_table[0x39] = 0x00;
844
845 pfl->cfi_table[0x3a] = 0x00;
846
847 pfl->cfi_table[0x3b] = 0x00;
848 pfl->cfi_table[0x3c] = 0x00;
849
262e1eaa 850 pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */
368a354f
PC		 851}
852
853static Property pflash_cfi01_properties[] = {
4be74634 854 DEFINE_PROP_DRIVE("drive", struct pflash_t, blk),
a0289b8a
PM		 855 /* num-blocks is the number of blocks actually visible to the guest,
856 * ie the total size of the device divided by the sector length.
857 * If we're emulating flash devices wired in parallel the actual
858 * number of blocks per indvidual device will differ.
859 */
368a354f
PC		 860 DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0),
861 DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0),
fa21a7b1
RF		 862 /* width here is the overall width of this QEMU device in bytes.
863 * The QEMU device may be emulating a number of flash devices
864 * wired up in parallel; the width of each individual flash
865 * device should be specified via device-width. If the individual
866 * devices have a maximum width which is greater than the width
867 * they are being used for, this maximum width should be set via
868 * max-device-width (which otherwise defaults to device-width).
869 * So for instance a 32-bit wide QEMU flash device made from four
870 * 16-bit flash devices used in 8-bit wide mode would be configured
871 * with width = 4, device-width = 1, max-device-width = 2.
872 *
873 * If device-width is not specified we default to backwards
874 * compatible behaviour which is a bad emulation of two
875 * 16 bit devices making up a 32 bit wide QEMU device. This
876 * is deprecated for new uses of this device.
877 */
4b6fedca 878 DEFINE_PROP_UINT8("width", struct pflash_t, bank_width, 0),
1997b485 879 DEFINE_PROP_UINT8("device-width", struct pflash_t, device_width, 0),
fa21a7b1 880 DEFINE_PROP_UINT8("max-device-width", struct pflash_t, max_device_width, 0),
e9809422 881 DEFINE_PROP_BIT("big-endian", struct pflash_t, features, PFLASH_BE, 0),
f71e42a5 882 DEFINE_PROP_BIT("secure", struct pflash_t, features, PFLASH_SECURE, 0),
368a354f
PC		 883 DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0),
884 DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0),
885 DEFINE_PROP_UINT16("id2", struct pflash_t, ident2, 0),
886 DEFINE_PROP_UINT16("id3", struct pflash_t, ident3, 0),
887 DEFINE_PROP_STRING("name", struct pflash_t, name),
888 DEFINE_PROP_END_OF_LIST(),
889};
890
891static void pflash_cfi01_class_init(ObjectClass *klass, void *data)
892{
893 DeviceClass *dc = DEVICE_CLASS(klass);
368a354f 894
e40b5f3e 895 dc->realize = pflash_cfi01_realize;
368a354f 896 dc->props = pflash_cfi01_properties;
d8d24fb7 897 dc->vmsd = &vmstate_pflash;
125ee0ed 898 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
368a354f
PC		 899}
900
901
902static const TypeInfo pflash_cfi01_info = {
f1b44f0e 903 .name = TYPE_CFI_PFLASH01,
368a354f
PC		 904 .parent = TYPE_SYS_BUS_DEVICE,
905 .instance_size = sizeof(struct pflash_t),
906 .class_init = pflash_cfi01_class_init,
907};
908
909static void pflash_cfi01_register_types(void)
910{
911 type_register_static(&pflash_cfi01_info);
912}
913
914type_init(pflash_cfi01_register_types)
915
916pflash_t *pflash_cfi01_register(hwaddr base,
917 DeviceState *qdev, const char *name,
918 hwaddr size,
4be74634 919 BlockBackend *blk,
4b6fedca
RF		 920 uint32_t sector_len, int nb_blocs,
921 int bank_width, uint16_t id0, uint16_t id1,
368a354f
PC		 922 uint16_t id2, uint16_t id3, int be)
923{
f1b44f0e 924 DeviceState *dev = qdev_create(NULL, TYPE_CFI_PFLASH01);
368a354f 925
9b3d111a
MA		 926 if (blk) {
927 qdev_prop_set_drive(dev, "drive", blk, &error_abort);
368a354f
PC		 928 }
929 qdev_prop_set_uint32(dev, "num-blocks", nb_blocs);
930 qdev_prop_set_uint64(dev, "sector-length", sector_len);
4b6fedca 931 qdev_prop_set_uint8(dev, "width", bank_width);
e9809422 932 qdev_prop_set_bit(dev, "big-endian", !!be);
368a354f
PC		 933 qdev_prop_set_uint16(dev, "id0", id0);
934 qdev_prop_set_uint16(dev, "id1", id1);
935 qdev_prop_set_uint16(dev, "id2", id2);
936 qdev_prop_set_uint16(dev, "id3", id3);
937 qdev_prop_set_string(dev, "name", name);
938 qdev_init_nofail(dev);
939
f1b44f0e
HT		 940 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
941 return CFI_PFLASH01(dev);
05ee37eb 942}
cfe5f011
AK		 943
944MemoryRegion *pflash_cfi01_get_memory(pflash_t *fl)
945{
946 return &fl->mem;
947}
4c0cfc72 948
90c647db
DDAG		 949static void postload_update_cb(void *opaque, int running, RunState state)
950{
951 pflash_t *pfl = opaque;
952
953 /* This is called after bdrv_invalidate_cache_all. */
954 qemu_del_vm_change_state_handler(pfl->vmstate);
955 pfl->vmstate = NULL;
956
957 DPRINTF("%s: updating bdrv for %s\n", __func__, pfl->name);
958 pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs);
959}
960
4c0cfc72
LE		 961static int pflash_post_load(void *opaque, int version_id)
962{
963 pflash_t *pfl = opaque;
964
965 if (!pfl->ro) {
90c647db
DDAG		 966 pfl->vmstate = qemu_add_vm_change_state_handler(postload_update_cb,
967 pfl);
4c0cfc72
LE		 968 }
969 return 0;
970}
Empty description
This page took 0.90267 seconds and 4 git commands to generate.