2 * Flash NAND memory emulation. Based on "16M x 8 Bit NAND Flash
3 * Memory" datasheet for the KM29U128AT / K9F2808U0A chips from
6 * Copyright (c) 2006 Openedhand Ltd.
9 * This code is licensed under the GNU GPL v2.
16 # include "blockdev.h"
17 /* FIXME: Pass block device as an argument. */
19 # define NAND_CMD_READ0 0x00
20 # define NAND_CMD_READ1 0x01
21 # define NAND_CMD_READ2 0x50
22 # define NAND_CMD_LPREAD2 0x30
23 # define NAND_CMD_NOSERIALREAD2 0x35
24 # define NAND_CMD_RANDOMREAD1 0x05
25 # define NAND_CMD_RANDOMREAD2 0xe0
26 # define NAND_CMD_READID 0x90
27 # define NAND_CMD_RESET 0xff
28 # define NAND_CMD_PAGEPROGRAM1 0x80
29 # define NAND_CMD_PAGEPROGRAM2 0x10
30 # define NAND_CMD_CACHEPROGRAM2 0x15
31 # define NAND_CMD_BLOCKERASE1 0x60
32 # define NAND_CMD_BLOCKERASE2 0xd0
33 # define NAND_CMD_READSTATUS 0x70
34 # define NAND_CMD_COPYBACKPRG1 0x85
36 # define NAND_IOSTATUS_ERROR (1 << 0)
37 # define NAND_IOSTATUS_PLANE0 (1 << 1)
38 # define NAND_IOSTATUS_PLANE1 (1 << 2)
39 # define NAND_IOSTATUS_PLANE2 (1 << 3)
40 # define NAND_IOSTATUS_PLANE3 (1 << 4)
41 # define NAND_IOSTATUS_BUSY (1 << 6)
42 # define NAND_IOSTATUS_UNPROTCT (1 << 7)
44 # define MAX_PAGE 0x800
47 struct NANDFlashState {
48 uint8_t manf_id, chip_id;
50 int page_shift, oob_shift, erase_shift, addr_shift;
52 BlockDriverState *bdrv;
55 int cle, ale, ce, wp, gnd;
57 uint8_t io[MAX_PAGE + MAX_OOB + 0x400];
66 void (*blk_write)(NANDFlashState *s);
67 void (*blk_erase)(NANDFlashState *s);
68 void (*blk_load)(NANDFlashState *s, uint32_t addr, int offset);
71 # define NAND_NO_AUTOINCR 0x00000001
72 # define NAND_BUSWIDTH_16 0x00000002
73 # define NAND_NO_PADDING 0x00000004
74 # define NAND_CACHEPRG 0x00000008
75 # define NAND_COPYBACK 0x00000010
76 # define NAND_IS_AND 0x00000020
77 # define NAND_4PAGE_ARRAY 0x00000040
78 # define NAND_NO_READRDY 0x00000100
79 # define NAND_SAMSUNG_LP (NAND_NO_PADDING | NAND_COPYBACK)
83 # define PAGE(addr) ((addr) >> ADDR_SHIFT)
84 # define PAGE_START(page) (PAGE(page) * (PAGE_SIZE + OOB_SIZE))
85 # define PAGE_MASK ((1 << ADDR_SHIFT) - 1)
86 # define OOB_SHIFT (PAGE_SHIFT - 5)
87 # define OOB_SIZE (1 << OOB_SHIFT)
88 # define SECTOR(addr) ((addr) >> (9 + ADDR_SHIFT - PAGE_SHIFT))
89 # define SECTOR_OFFSET(addr) ((addr) & ((511 >> PAGE_SHIFT) << 8))
91 # define PAGE_SIZE 256
93 # define PAGE_SECTORS 1
96 # define PAGE_SIZE 512
98 # define PAGE_SECTORS 1
101 # define PAGE_SIZE 2048
102 # define PAGE_SHIFT 11
103 # define PAGE_SECTORS 4
104 # define ADDR_SHIFT 16
107 /* Information based on Linux drivers/mtd/nand/nand_ids.c */
108 static const struct {
114 } nand_flash_ids[0x100] = {
115 [0 ... 0xff] = { 0 },
117 [0x6e] = { 1, 8, 8, 4, 0 },
118 [0x64] = { 2, 8, 8, 4, 0 },
119 [0x6b] = { 4, 8, 9, 4, 0 },
120 [0xe8] = { 1, 8, 8, 4, 0 },
121 [0xec] = { 1, 8, 8, 4, 0 },
122 [0xea] = { 2, 8, 8, 4, 0 },
123 [0xd5] = { 4, 8, 9, 4, 0 },
124 [0xe3] = { 4, 8, 9, 4, 0 },
125 [0xe5] = { 4, 8, 9, 4, 0 },
126 [0xd6] = { 8, 8, 9, 4, 0 },
128 [0x39] = { 8, 8, 9, 4, 0 },
129 [0xe6] = { 8, 8, 9, 4, 0 },
130 [0x49] = { 8, 16, 9, 4, NAND_BUSWIDTH_16 },
131 [0x59] = { 8, 16, 9, 4, NAND_BUSWIDTH_16 },
133 [0x33] = { 16, 8, 9, 5, 0 },
134 [0x73] = { 16, 8, 9, 5, 0 },
135 [0x43] = { 16, 16, 9, 5, NAND_BUSWIDTH_16 },
136 [0x53] = { 16, 16, 9, 5, NAND_BUSWIDTH_16 },
138 [0x35] = { 32, 8, 9, 5, 0 },
139 [0x75] = { 32, 8, 9, 5, 0 },
140 [0x45] = { 32, 16, 9, 5, NAND_BUSWIDTH_16 },
141 [0x55] = { 32, 16, 9, 5, NAND_BUSWIDTH_16 },
143 [0x36] = { 64, 8, 9, 5, 0 },
144 [0x76] = { 64, 8, 9, 5, 0 },
145 [0x46] = { 64, 16, 9, 5, NAND_BUSWIDTH_16 },
146 [0x56] = { 64, 16, 9, 5, NAND_BUSWIDTH_16 },
148 [0x78] = { 128, 8, 9, 5, 0 },
149 [0x39] = { 128, 8, 9, 5, 0 },
150 [0x79] = { 128, 8, 9, 5, 0 },
151 [0x72] = { 128, 16, 9, 5, NAND_BUSWIDTH_16 },
152 [0x49] = { 128, 16, 9, 5, NAND_BUSWIDTH_16 },
153 [0x74] = { 128, 16, 9, 5, NAND_BUSWIDTH_16 },
154 [0x59] = { 128, 16, 9, 5, NAND_BUSWIDTH_16 },
156 [0x71] = { 256, 8, 9, 5, 0 },
159 * These are the new chips with large page size. The pagesize and the
160 * erasesize is determined from the extended id bytes
162 # define LP_OPTIONS (NAND_SAMSUNG_LP | NAND_NO_READRDY | NAND_NO_AUTOINCR)
163 # define LP_OPTIONS16 (LP_OPTIONS | NAND_BUSWIDTH_16)
166 [0xa2] = { 64, 8, 0, 0, LP_OPTIONS },
167 [0xf2] = { 64, 8, 0, 0, LP_OPTIONS },
168 [0xb2] = { 64, 16, 0, 0, LP_OPTIONS16 },
169 [0xc2] = { 64, 16, 0, 0, LP_OPTIONS16 },
172 [0xa1] = { 128, 8, 0, 0, LP_OPTIONS },
173 [0xf1] = { 128, 8, 0, 0, LP_OPTIONS },
174 [0xb1] = { 128, 16, 0, 0, LP_OPTIONS16 },
175 [0xc1] = { 128, 16, 0, 0, LP_OPTIONS16 },
178 [0xaa] = { 256, 8, 0, 0, LP_OPTIONS },
179 [0xda] = { 256, 8, 0, 0, LP_OPTIONS },
180 [0xba] = { 256, 16, 0, 0, LP_OPTIONS16 },
181 [0xca] = { 256, 16, 0, 0, LP_OPTIONS16 },
184 [0xac] = { 512, 8, 0, 0, LP_OPTIONS },
185 [0xdc] = { 512, 8, 0, 0, LP_OPTIONS },
186 [0xbc] = { 512, 16, 0, 0, LP_OPTIONS16 },
187 [0xcc] = { 512, 16, 0, 0, LP_OPTIONS16 },
190 [0xa3] = { 1024, 8, 0, 0, LP_OPTIONS },
191 [0xd3] = { 1024, 8, 0, 0, LP_OPTIONS },
192 [0xb3] = { 1024, 16, 0, 0, LP_OPTIONS16 },
193 [0xc3] = { 1024, 16, 0, 0, LP_OPTIONS16 },
196 [0xa5] = { 2048, 8, 0, 0, LP_OPTIONS },
197 [0xd5] = { 2048, 8, 0, 0, LP_OPTIONS },
198 [0xb5] = { 2048, 16, 0, 0, LP_OPTIONS16 },
199 [0xc5] = { 2048, 16, 0, 0, LP_OPTIONS16 },
202 static void nand_reset(NANDFlashState *s)
204 s->cmd = NAND_CMD_READ0;
209 s->status &= NAND_IOSTATUS_UNPROTCT;
212 static void nand_command(NANDFlashState *s)
220 case NAND_CMD_READID:
221 s->io[0] = s->manf_id;
222 s->io[1] = s->chip_id;
223 s->io[2] = 'Q'; /* Don't-care byte (often 0xa5) */
224 if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP)
225 s->io[3] = 0x15; /* Page Size, Block Size, Spare Size.. */
227 s->io[3] = 0xc0; /* Multi-plane */
232 case NAND_CMD_RANDOMREAD2:
233 case NAND_CMD_NOSERIALREAD2:
234 if (!(nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP))
236 offset = s->addr & ((1 << s->addr_shift) - 1);
237 s->blk_load(s, s->addr, offset);
239 s->iolen = (1 << s->page_shift) - offset;
241 s->iolen = (1 << s->page_shift) + (1 << s->oob_shift) - offset;
248 case NAND_CMD_PAGEPROGRAM1:
253 case NAND_CMD_PAGEPROGRAM2:
259 case NAND_CMD_BLOCKERASE1:
262 case NAND_CMD_BLOCKERASE2:
263 if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP)
273 case NAND_CMD_READSTATUS:
274 s->io[0] = s->status;
280 printf("%s: Unknown NAND command 0x%02x\n", __FUNCTION__, s->cmd);
284 static void nand_save(QEMUFile *f, void *opaque)
286 NANDFlashState *s = (NANDFlashState *) opaque;
287 qemu_put_byte(f, s->cle);
288 qemu_put_byte(f, s->ale);
289 qemu_put_byte(f, s->ce);
290 qemu_put_byte(f, s->wp);
291 qemu_put_byte(f, s->gnd);
292 qemu_put_buffer(f, s->io, sizeof(s->io));
293 qemu_put_be32(f, s->ioaddr - s->io);
294 qemu_put_be32(f, s->iolen);
296 qemu_put_be32s(f, &s->cmd);
297 qemu_put_be32s(f, &s->addr);
298 qemu_put_be32(f, s->addrlen);
299 qemu_put_be32(f, s->status);
300 qemu_put_be32(f, s->offset);
301 /* XXX: do we want to save s->storage too? */
304 static int nand_load(QEMUFile *f, void *opaque, int version_id)
306 NANDFlashState *s = (NANDFlashState *) opaque;
307 s->cle = qemu_get_byte(f);
308 s->ale = qemu_get_byte(f);
309 s->ce = qemu_get_byte(f);
310 s->wp = qemu_get_byte(f);
311 s->gnd = qemu_get_byte(f);
312 qemu_get_buffer(f, s->io, sizeof(s->io));
313 s->ioaddr = s->io + qemu_get_be32(f);
314 s->iolen = qemu_get_be32(f);
315 if (s->ioaddr >= s->io + sizeof(s->io) || s->ioaddr < s->io)
318 qemu_get_be32s(f, &s->cmd);
319 qemu_get_be32s(f, &s->addr);
320 s->addrlen = qemu_get_be32(f);
321 s->status = qemu_get_be32(f);
322 s->offset = qemu_get_be32(f);
327 * Chip inputs are CLE, ALE, CE, WP, GND and eight I/O pins. Chip
328 * outputs are R/B and eight I/O pins.
330 * CE, WP and R/B are active low.
332 void nand_setpins(NANDFlashState *s,
333 int cle, int ale, int ce, int wp, int gnd)
341 s->status |= NAND_IOSTATUS_UNPROTCT;
343 s->status &= ~NAND_IOSTATUS_UNPROTCT;
346 void nand_getpins(NANDFlashState *s, int *rb)
351 void nand_setio(NANDFlashState *s, uint8_t value)
353 if (!s->ce && s->cle) {
354 if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) {
355 if (s->cmd == NAND_CMD_READ0 && value == NAND_CMD_LPREAD2)
357 if (value == NAND_CMD_RANDOMREAD1) {
358 s->addr &= ~((1 << s->addr_shift) - 1);
363 if (value == NAND_CMD_READ0)
365 else if (value == NAND_CMD_READ1) {
367 value = NAND_CMD_READ0;
369 else if (value == NAND_CMD_READ2) {
370 s->offset = 1 << s->page_shift;
371 value = NAND_CMD_READ0;
376 if (s->cmd == NAND_CMD_READSTATUS ||
377 s->cmd == NAND_CMD_PAGEPROGRAM2 ||
378 s->cmd == NAND_CMD_BLOCKERASE1 ||
379 s->cmd == NAND_CMD_BLOCKERASE2 ||
380 s->cmd == NAND_CMD_NOSERIALREAD2 ||
381 s->cmd == NAND_CMD_RANDOMREAD2 ||
382 s->cmd == NAND_CMD_RESET)
385 if (s->cmd != NAND_CMD_RANDOMREAD2) {
391 unsigned int shift = s->addrlen * 8;
392 unsigned int mask = ~(0xff << shift);
393 unsigned int v = value << shift;
395 s->addr = (s->addr & mask) | v;
398 if (s->addrlen == 1 && s->cmd == NAND_CMD_READID)
401 if (!(nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) &&
403 s->cmd == NAND_CMD_READ0 ||
404 s->cmd == NAND_CMD_PAGEPROGRAM1))
406 if ((nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) &&
408 s->cmd == NAND_CMD_READ0 ||
409 s->cmd == NAND_CMD_PAGEPROGRAM1))
413 if (!s->cle && !s->ale && s->cmd == NAND_CMD_PAGEPROGRAM1) {
414 if (s->iolen < (1 << s->page_shift) + (1 << s->oob_shift))
415 s->io[s->iolen ++] = value;
416 } else if (!s->cle && !s->ale && s->cmd == NAND_CMD_COPYBACKPRG1) {
417 if ((s->addr & ((1 << s->addr_shift) - 1)) <
418 (1 << s->page_shift) + (1 << s->oob_shift)) {
419 s->io[s->iolen + (s->addr & ((1 << s->addr_shift) - 1))] = value;
425 uint8_t nand_getio(NANDFlashState *s)
429 /* Allow sequential reading */
430 if (!s->iolen && s->cmd == NAND_CMD_READ0) {
431 offset = (s->addr & ((1 << s->addr_shift) - 1)) + s->offset;
434 s->blk_load(s, s->addr, offset);
436 s->iolen = (1 << s->page_shift) - offset;
438 s->iolen = (1 << s->page_shift) + (1 << s->oob_shift) - offset;
441 if (s->ce || s->iolen <= 0)
446 return *(s->ioaddr ++);
449 NANDFlashState *nand_init(int manf_id, int chip_id)
455 if (nand_flash_ids[chip_id].size == 0) {
456 hw_error("%s: Unsupported NAND chip ID.\n", __FUNCTION__);
459 s = (NANDFlashState *) qemu_mallocz(sizeof(NANDFlashState));
460 dinfo = drive_get(IF_MTD, 0, 0);
462 s->bdrv = dinfo->bdrv;
463 s->manf_id = manf_id;
464 s->chip_id = chip_id;
465 s->size = nand_flash_ids[s->chip_id].size << 20;
466 if (nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP) {
470 s->page_shift = nand_flash_ids[s->chip_id].page_shift;
471 s->erase_shift = nand_flash_ids[s->chip_id].erase_shift;
474 switch (1 << s->page_shift) {
485 hw_error("%s: Unsupported NAND block size.\n", __FUNCTION__);
488 pagesize = 1 << s->oob_shift;
490 if (s->bdrv && bdrv_getlength(s->bdrv) >=
491 (s->pages << s->page_shift) + (s->pages << s->oob_shift)) {
497 pagesize += 1 << s->page_shift;
499 s->storage = (uint8_t *) memset(qemu_malloc(s->pages * pagesize),
500 0xff, s->pages * pagesize);
501 /* Give s->ioaddr a sane value in case we save state before it
505 register_savevm(NULL, "nand", -1, 0, nand_save, nand_load, s);
510 void nand_done(NANDFlashState *s)
514 bdrv_delete(s->bdrv);
517 if (!s->bdrv || s->mem_oob)
518 qemu_free(s->storage);
525 /* Program a single page */
526 static void glue(nand_blk_write_, PAGE_SIZE)(NANDFlashState *s)
528 uint32_t off, page, sector, soff;
529 uint8_t iobuf[(PAGE_SECTORS + 2) * 0x200];
530 if (PAGE(s->addr) >= s->pages)
534 memcpy(s->storage + PAGE_START(s->addr) + (s->addr & PAGE_MASK) +
535 s->offset, s->io, s->iolen);
536 } else if (s->mem_oob) {
537 sector = SECTOR(s->addr);
538 off = (s->addr & PAGE_MASK) + s->offset;
539 soff = SECTOR_OFFSET(s->addr);
540 if (bdrv_read(s->bdrv, sector, iobuf, PAGE_SECTORS) == -1) {
541 printf("%s: read error in sector %i\n", __FUNCTION__, sector);
545 memcpy(iobuf + (soff | off), s->io, MIN(s->iolen, PAGE_SIZE - off));
546 if (off + s->iolen > PAGE_SIZE) {
547 page = PAGE(s->addr);
548 memcpy(s->storage + (page << OOB_SHIFT), s->io + PAGE_SIZE - off,
549 MIN(OOB_SIZE, off + s->iolen - PAGE_SIZE));
552 if (bdrv_write(s->bdrv, sector, iobuf, PAGE_SECTORS) == -1)
553 printf("%s: write error in sector %i\n", __FUNCTION__, sector);
555 off = PAGE_START(s->addr) + (s->addr & PAGE_MASK) + s->offset;
558 if (bdrv_read(s->bdrv, sector, iobuf, PAGE_SECTORS + 2) == -1) {
559 printf("%s: read error in sector %i\n", __FUNCTION__, sector);
563 memcpy(iobuf + soff, s->io, s->iolen);
565 if (bdrv_write(s->bdrv, sector, iobuf, PAGE_SECTORS + 2) == -1)
566 printf("%s: write error in sector %i\n", __FUNCTION__, sector);
571 /* Erase a single block */
572 static void glue(nand_blk_erase_, PAGE_SIZE)(NANDFlashState *s)
574 uint32_t i, page, addr;
575 uint8_t iobuf[0x200] = { [0 ... 0x1ff] = 0xff, };
576 addr = s->addr & ~((1 << (ADDR_SHIFT + s->erase_shift)) - 1);
578 if (PAGE(addr) >= s->pages)
582 memset(s->storage + PAGE_START(addr),
583 0xff, (PAGE_SIZE + OOB_SIZE) << s->erase_shift);
584 } else if (s->mem_oob) {
585 memset(s->storage + (PAGE(addr) << OOB_SHIFT),
586 0xff, OOB_SIZE << s->erase_shift);
588 page = SECTOR(addr + (ADDR_SHIFT + s->erase_shift));
589 for (; i < page; i ++)
590 if (bdrv_write(s->bdrv, i, iobuf, 1) == -1)
591 printf("%s: write error in sector %i\n", __FUNCTION__, i);
593 addr = PAGE_START(addr);
595 if (bdrv_read(s->bdrv, page, iobuf, 1) == -1)
596 printf("%s: read error in sector %i\n", __FUNCTION__, page);
597 memset(iobuf + (addr & 0x1ff), 0xff, (~addr & 0x1ff) + 1);
598 if (bdrv_write(s->bdrv, page, iobuf, 1) == -1)
599 printf("%s: write error in sector %i\n", __FUNCTION__, page);
601 memset(iobuf, 0xff, 0x200);
602 i = (addr & ~0x1ff) + 0x200;
603 for (addr += ((PAGE_SIZE + OOB_SIZE) << s->erase_shift) - 0x200;
604 i < addr; i += 0x200)
605 if (bdrv_write(s->bdrv, i >> 9, iobuf, 1) == -1)
606 printf("%s: write error in sector %i\n", __FUNCTION__, i >> 9);
609 if (bdrv_read(s->bdrv, page, iobuf, 1) == -1)
610 printf("%s: read error in sector %i\n", __FUNCTION__, page);
611 memset(iobuf, 0xff, ((addr - 1) & 0x1ff) + 1);
612 if (bdrv_write(s->bdrv, page, iobuf, 1) == -1)
613 printf("%s: write error in sector %i\n", __FUNCTION__, page);
617 static void glue(nand_blk_load_, PAGE_SIZE)(NANDFlashState *s,
618 uint32_t addr, int offset)
620 if (PAGE(addr) >= s->pages)
625 if (bdrv_read(s->bdrv, SECTOR(addr), s->io, PAGE_SECTORS) == -1)
626 printf("%s: read error in sector %i\n",
627 __FUNCTION__, SECTOR(addr));
628 memcpy(s->io + SECTOR_OFFSET(s->addr) + PAGE_SIZE,
629 s->storage + (PAGE(s->addr) << OOB_SHIFT),
631 s->ioaddr = s->io + SECTOR_OFFSET(s->addr) + offset;
633 if (bdrv_read(s->bdrv, PAGE_START(addr) >> 9,
634 s->io, (PAGE_SECTORS + 2)) == -1)
635 printf("%s: read error in sector %i\n",
636 __FUNCTION__, PAGE_START(addr) >> 9);
637 s->ioaddr = s->io + (PAGE_START(addr) & 0x1ff) + offset;
640 memcpy(s->io, s->storage + PAGE_START(s->addr) +
641 offset, PAGE_SIZE + OOB_SIZE - offset);
646 static void glue(nand_init_, PAGE_SIZE)(NANDFlashState *s)
648 s->oob_shift = PAGE_SHIFT - 5;
649 s->pages = s->size >> PAGE_SHIFT;
650 s->addr_shift = ADDR_SHIFT;
652 s->blk_erase = glue(nand_blk_erase_, PAGE_SIZE);
653 s->blk_write = glue(nand_blk_write_, PAGE_SIZE);
654 s->blk_load = glue(nand_blk_load_, PAGE_SIZE);
projects / qemu.git / blob