首頁 探索 說明
註冊 登入
FangSoftSoft
/
qemu
镜像来自 https://github.com/utmapp/qemu.git
2
0
複刻 0
檔案 問題管理 0 Wiki
目錄樹: 82bdce7b94
分支列表 標籤列表
qemu
/
hw
/
block
/
m25p80.c

m25p80.c 57 KB
文件歷史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907 
  1. /*
    2. 

  2.  * ST M25P80 emulator. Emulate all SPI flash devices based on the m25p80 command
    3. 

  3.  * set. Known devices table current as of Jun/2012 and taken from linux.
    4. 

  4.  * See drivers/mtd/devices/m25p80.c.
    5. 

  5.  *
    6. 

  6.  * Copyright (C) 2011 Edgar E. Iglesias <edgar.iglesias@gmail.com>
    7. 

  7.  * Copyright (C) 2012 Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
    8. 

  8.  * Copyright (C) 2012 PetaLogix
    9. 

  9.  *
    10. 

  10.  * This program is free software; you can redistribute it and/or
    11. 

  11.  * modify it under the terms of the GNU General Public License as
    12. 

  12.  * published by the Free Software Foundation; either version 2 or
    13. 

  13.  * (at your option) a later version of the License.
    14. 

  14.  *
    15. 

  15.  * This program is distributed in the hope that it will be useful,
    16. 

  16.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    17. 

  17.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    18. 

  18.  * GNU General Public License for more details.
    19. 

  19.  *
    20. 

  20.  * You should have received a copy of the GNU General Public License along
    21. 

  21.  * with this program; if not, see <http://www.gnu.org/licenses/>.
    22. 

  22.  */
    23. 

  23. 

  24. #include "qemu/osdep.h"
    25. 

  25. #include "qemu/units.h"
    26. 

  26. #include "system/block-backend.h"
    27. 

  27. #include "hw/block/block.h"
    28. 

  28. #include "hw/block/flash.h"
    29. 

  29. #include "hw/qdev-properties.h"
    30. 

  30. #include "hw/qdev-properties-system.h"
    31. 

  31. #include "hw/ssi/ssi.h"
    32. 

  32. #include "migration/vmstate.h"
    33. 

  33. #include "qemu/bitops.h"
    34. 

  34. #include "qemu/log.h"
    35. 

  35. #include "qemu/module.h"
    36. 

  36. #include "qemu/error-report.h"
    37. 

  37. #include "qapi/error.h"
    38. 

  38. #include "trace.h"
    39. 

  39. #include "qom/object.h"
    40. 

  40. #include "m25p80_sfdp.h"
    41. 

  41. 

  42. /* 16 MiB max in 3 byte address mode */
    43. 

  43. #define MAX_3BYTES_SIZE 0x1000000
    44. 

  44. #define SPI_NOR_MAX_ID_LEN 6
    45. 

  45. 

  46. /* Fields for FlashPartInfo->flags */
    47. 

  47. enum spi_flash_option_flags {
    48. 

  48.     ER_4K                  = BIT(0),
    49. 

  49.     ER_32K                 = BIT(1),
    50. 

  50.     EEPROM                 = BIT(2),
    51. 

  51.     HAS_SR_TB              = BIT(3),
    52. 

  52.     HAS_SR_BP3_BIT6        = BIT(4),
    53. 

  53. };
    54. 

  54. 

  55. typedef struct FlashPartInfo {
    56. 

  56.     const char *part_name;
    57. 

  57.     /*
    58. 

  58.      * This array stores the ID bytes.
    59. 

  59.      * The first three bytes are the JEDIC ID.
    60. 

  60.      * JEDEC ID zero means "no ID" (mostly older chips).
    61. 

  61.      */
    62. 

  62.     uint8_t id[SPI_NOR_MAX_ID_LEN];
    63. 

  63.     uint8_t id_len;
    64. 

  64.     /*
    65. 

  65.      * there is confusion between manufacturers as to what a sector is. In this
    66. 

  66.      * device model, a "sector" is the size that is erased by the ERASE_SECTOR
    67. 

  67.      * command (opcode 0xd8).
    68. 

  68.      */
    69. 

  69.     uint32_t sector_size;
    70. 

  70.     uint32_t n_sectors;
    71. 

  71.     uint32_t page_size;
    72. 

  72.     uint16_t flags;
    73. 

  73.     /*
    74. 

  74.      * Big sized spi nor are often stacked devices, thus sometime
    75. 

  75.      * replace chip erase with die erase.
    76. 

  76.      * This field inform how many die is in the chip.
    77. 

  77.      */
    78. 

  78.     uint8_t die_cnt;
    79. 

  79.     uint8_t (*sfdp_read)(uint32_t sfdp_addr);
    80. 

  80. } FlashPartInfo;
    81. 

  81. 

  82. /* adapted from linux */
    83. 

  83. /* Used when the "_ext_id" is two bytes at most */
    84. 

  84. #define INFO(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors, _flags)\
    85. 

  85.     .part_name = _part_name,\
    86. 

  86.     .id = {\
    87. 

  87.         ((_jedec_id) >> 16) & 0xff,\
    88. 

  88.         ((_jedec_id) >> 8) & 0xff,\
    89. 

  89.         (_jedec_id) & 0xff,\
    90. 

  90.         ((_ext_id) >> 8) & 0xff,\
    91. 

  91.         (_ext_id) & 0xff,\
    92. 

  92.           },\
    93. 

  93.     .id_len = (!(_jedec_id) ? 0 : (3 + ((_ext_id) ? 2 : 0))),\
    94. 

  94.     .sector_size = (_sector_size),\
    95. 

  95.     .n_sectors = (_n_sectors),\
    96. 

  96.     .page_size = 256,\
    97. 

  97.     .flags = (_flags),\
    98. 

  98.     .die_cnt = 0
    99. 

  99. 

  100. #define INFO6(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors, _flags)\
    101. 

  101.     .part_name = _part_name,\
    102. 

  102.     .id = {\
    103. 

  103.         ((_jedec_id) >> 16) & 0xff,\
    104. 

  104.         ((_jedec_id) >> 8) & 0xff,\
    105. 

  105.         (_jedec_id) & 0xff,\
    106. 

  106.         ((_ext_id) >> 16) & 0xff,\
    107. 

  107.         ((_ext_id) >> 8) & 0xff,\
    108. 

  108.         (_ext_id) & 0xff,\
    109. 

  109.           },\
    110. 

  110.     .id_len = 6,\
    111. 

  111.     .sector_size = (_sector_size),\
    112. 

  112.     .n_sectors = (_n_sectors),\
    113. 

  113.     .page_size = 256,\
    114. 

  114.     .flags = (_flags),\
    115. 

  115.     .die_cnt = 0
    116. 

  116. 

  117. #define INFO_STACKED(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors,\
    118. 

  118.                     _flags, _die_cnt)\
    119. 

  119.     .part_name = _part_name,\
    120. 

  120.     .id = {\
    121. 

  121.         ((_jedec_id) >> 16) & 0xff,\
    122. 

  122.         ((_jedec_id) >> 8) & 0xff,\
    123. 

  123.         (_jedec_id) & 0xff,\
    124. 

  124.         ((_ext_id) >> 8) & 0xff,\
    125. 

  125.         (_ext_id) & 0xff,\
    126. 

  126.           },\
    127. 

  127.     .id_len = (!(_jedec_id) ? 0 : (3 + ((_ext_id) ? 2 : 0))),\
    128. 

  128.     .sector_size = (_sector_size),\
    129. 

  129.     .n_sectors = (_n_sectors),\
    130. 

  130.     .page_size = 256,\
    131. 

  131.     .flags = (_flags),\
    132. 

  132.     .die_cnt = _die_cnt
    133. 

  133. 

  134. #define JEDEC_NUMONYX 0x20
    135. 

  135. #define JEDEC_WINBOND 0xEF
    136. 

  136. #define JEDEC_SPANSION 0x01
    137. 

  137. 

  138. /* Numonyx (Micron) Configuration register macros */
    139. 

  139. #define VCFG_DUMMY 0x1
    140. 

  140. #define VCFG_WRAP_SEQUENTIAL 0x2
    141. 

  141. #define NVCFG_XIP_MODE_DISABLED (7 << 9)
    142. 

  142. #define NVCFG_XIP_MODE_MASK (7 << 9)
    143. 

  143. #define VCFG_XIP_MODE_DISABLED (1 << 3)
    144. 

  144. #define CFG_DUMMY_CLK_LEN 4
    145. 

  145. #define NVCFG_DUMMY_CLK_POS 12
    146. 

  146. #define VCFG_DUMMY_CLK_POS 4
    147. 

  147. #define EVCFG_OUT_DRIVER_STRENGTH_DEF 7
    148. 

  148. #define EVCFG_VPP_ACCELERATOR (1 << 3)
    149. 

  149. #define EVCFG_RESET_HOLD_ENABLED (1 << 4)
    150. 

  150. #define NVCFG_DUAL_IO_MASK (1 << 2)
    151. 

  151. #define EVCFG_DUAL_IO_DISABLED (1 << 6)
    152. 

  152. #define NVCFG_QUAD_IO_MASK (1 << 3)
    153. 

  153. #define EVCFG_QUAD_IO_DISABLED (1 << 7)
    154. 

  154. #define NVCFG_4BYTE_ADDR_MASK (1 << 0)
    155. 

  155. #define NVCFG_LOWER_SEGMENT_MASK (1 << 1)
    156. 

  156. 

  157. /* Numonyx (Micron) Flag Status Register macros */
    158. 

  158. #define FSR_4BYTE_ADDR_MODE_ENABLED 0x1
    159. 

  159. #define FSR_FLASH_READY (1 << 7)
    160. 

  160. 

  161. /* Spansion configuration registers macros. */
    162. 

  162. #define SPANSION_QUAD_CFG_POS 0
    163. 

  163. #define SPANSION_QUAD_CFG_LEN 1
    164. 

  164. #define SPANSION_DUMMY_CLK_POS 0
    165. 

  165. #define SPANSION_DUMMY_CLK_LEN 4
    166. 

  166. #define SPANSION_ADDR_LEN_POS 7
    167. 

  167. #define SPANSION_ADDR_LEN_LEN 1
    168. 

  168. 

  169. /*
    170. 

  170.  * Spansion read mode command length in bytes,
    171. 

  171.  * the mode is currently not supported.
    172. 

  172.  */
    173. 

  173. 

  174. #define SPANSION_CONTINUOUS_READ_MODE_CMD_LEN 1
    175. 

  175. #define WINBOND_CONTINUOUS_READ_MODE_CMD_LEN 1
    176. 

  176. 

  177. static const FlashPartInfo known_devices[] = {
    178. 

  178.     /* Atmel -- some are (confusingly) marketed as "DataFlash" */
    179. 

  179.     { INFO("at25fs010",   0x1f6601,      0,  32 << 10,   4, ER_4K) },
    180. 

  180.     { INFO("at25fs040",   0x1f6604,      0,  64 << 10,   8, ER_4K) },
    181. 

  181. 

  182.     { INFO("at25df041a",  0x1f4401,      0,  64 << 10,   8, ER_4K) },
    183. 

  183.     { INFO("at25df321a",  0x1f4701,      0,  64 << 10,  64, ER_4K) },
    184. 

  184.     { INFO("at25df641",   0x1f4800,      0,  64 << 10, 128, ER_4K) },
    185. 

  185. 

  186.     { INFO("at26f004",    0x1f0400,      0,  64 << 10,   8, ER_4K) },
    187. 

  187.     { INFO("at26df081a",  0x1f4501,      0,  64 << 10,  16, ER_4K) },
    188. 

  188.     { INFO("at26df161a",  0x1f4601,      0,  64 << 10,  32, ER_4K) },
    189. 

  189.     { INFO("at26df321",   0x1f4700,      0,  64 << 10,  64, ER_4K) },
    190. 

  190. 

  191.     { INFO("at45db081d",  0x1f2500,      0,  64 << 10,  16, ER_4K) },
    192. 

  192. 

  193.     /*
    194. 

  194.      * Atmel EEPROMS - it is assumed, that don't care bit in command
    195. 

  195.      * is set to 0. Block protection is not supported.
    196. 

  196.      */
    197. 

  197.     { INFO("at25128a-nonjedec", 0x0,     0,         1, 131072, EEPROM) },
    198. 

  198.     { INFO("at25256a-nonjedec", 0x0,     0,         1, 262144, EEPROM) },
    199. 

  199. 

  200.     /* EON -- en25xxx */
    201. 

  201.     { INFO("en25f32",     0x1c3116,      0,  64 << 10,  64, ER_4K) },
    202. 

  202.     { INFO("en25p32",     0x1c2016,      0,  64 << 10,  64, 0) },
    203. 

  203.     { INFO("en25q32b",    0x1c3016,      0,  64 << 10,  64, 0) },
    204. 

  204.     { INFO("en25p64",     0x1c2017,      0,  64 << 10, 128, 0) },
    205. 

  205.     { INFO("en25q64",     0x1c3017,      0,  64 << 10, 128, ER_4K) },
    206. 

  206. 

  207.     /* GigaDevice */
    208. 

  208.     { INFO("gd25q32",     0xc84016,      0,  64 << 10,  64, ER_4K) },
    209. 

  209.     { INFO("gd25q64",     0xc84017,      0,  64 << 10, 128, ER_4K) },
    210. 

  210. 

  211.     /* Intel/Numonyx -- xxxs33b */
    212. 

  212.     { INFO("160s33b",     0x898911,      0,  64 << 10,  32, 0) },
    213. 

  213.     { INFO("320s33b",     0x898912,      0,  64 << 10,  64, 0) },
    214. 

  214.     { INFO("640s33b",     0x898913,      0,  64 << 10, 128, 0) },
    215. 

  215.     { INFO("n25q064",     0x20ba17,      0,  64 << 10, 128, 0) },
    216. 

  216. 

  217.     /* ISSI */
    218. 

  218.     { INFO("is25lq040b",  0x9d4013,      0,  64 << 10,   8, ER_4K) },
    219. 

  219.     { INFO("is25lp080d",  0x9d6014,      0,  64 << 10,  16, ER_4K) },
    220. 

  220.     { INFO("is25lp016d",  0x9d6015,      0,  64 << 10,  32, ER_4K) },
    221. 

  221.     { INFO("is25lp032",   0x9d6016,      0,  64 << 10,  64, ER_4K) },
    222. 

  222.     { INFO("is25lp064",   0x9d6017,      0,  64 << 10, 128, ER_4K) },
    223. 

  223.     { INFO("is25lp128",   0x9d6018,      0,  64 << 10, 256, ER_4K) },
    224. 

  224.     { INFO("is25lp256",   0x9d6019,      0,  64 << 10, 512, ER_4K) },
    225. 

  225.     { INFO("is25wp032",   0x9d7016,      0,  64 << 10,  64, ER_4K) },
    226. 

  226.     { INFO("is25wp064",   0x9d7017,      0,  64 << 10, 128, ER_4K) },
    227. 

  227.     { INFO("is25wp128",   0x9d7018,      0,  64 << 10, 256, ER_4K) },
    228. 

  228.     { INFO("is25wp256",   0x9d7019,      0,  64 << 10, 512, ER_4K),
    229. 

  229.       .sfdp_read = m25p80_sfdp_is25wp256 },
    230. 

  230. 

  231.     /* Macronix */
    232. 

  232.     { INFO("mx25l2005a",  0xc22012,      0,  64 << 10,   4, ER_4K) },
    233. 

  233.     { INFO("mx25l4005a",  0xc22013,      0,  64 << 10,   8, ER_4K) },
    234. 

  234.     { INFO("mx25l8005",   0xc22014,      0,  64 << 10,  16, 0) },
    235. 

  235.     { INFO("mx25l1606e",  0xc22015,      0,  64 << 10,  32, ER_4K) },
    236. 

  236.     { INFO("mx25l3205d",  0xc22016,      0,  64 << 10,  64, 0) },
    237. 

  237.     { INFO("mx25l6405d",  0xc22017,      0,  64 << 10, 128, 0) },
    238. 

  238.     { INFO("mx25l12805d", 0xc22018,      0,  64 << 10, 256, 0) },
    239. 

  239.     { INFO("mx25l12855e", 0xc22618,      0,  64 << 10, 256, 0) },
    240. 

  240.     { INFO6("mx25l25635e", 0xc22019,     0xc22019,  64 << 10, 512,
    241. 

  241.             ER_4K | ER_32K), .sfdp_read = m25p80_sfdp_mx25l25635e },
    242. 

  242.     { INFO6("mx25l25635f", 0xc22019,     0xc22019,  64 << 10, 512,
    243. 

  243.             ER_4K | ER_32K), .sfdp_read = m25p80_sfdp_mx25l25635f },
    244. 

  244.     { INFO("mx25l25655e", 0xc22619,      0,  64 << 10, 512, 0) },
    245. 

  245.     { INFO("mx66l51235f", 0xc2201a,      0,  64 << 10, 1024, ER_4K | ER_32K) },
    246. 

  246.     { INFO("mx66u51235f", 0xc2253a,      0,  64 << 10, 1024, ER_4K | ER_32K) },
    247. 

  247.     { INFO("mx66u1g45g",  0xc2253b,      0,  64 << 10, 2048, ER_4K | ER_32K) },
    248. 

  248.     { INFO("mx66l1g45g",  0xc2201b,      0,  64 << 10, 2048, ER_4K | ER_32K),
    249. 

  249.       .sfdp_read = m25p80_sfdp_mx66l1g45g },
    250. 

  250. 

  251.     /* Micron */
    252. 

  252.     { INFO("n25q032a11",  0x20bb16,      0,  64 << 10,  64, ER_4K) },
    253. 

  253.     { INFO("n25q032a13",  0x20ba16,      0,  64 << 10,  64, ER_4K) },
    254. 

  254.     { INFO("n25q064a11",  0x20bb17,      0,  64 << 10, 128, ER_4K) },
    255. 

  255.     { INFO("n25q064a13",  0x20ba17,      0,  64 << 10, 128, ER_4K) },
    256. 

  256.     { INFO("n25q128a11",  0x20bb18,      0,  64 << 10, 256, ER_4K) },
    257. 

  257.     { INFO("n25q128a13",  0x20ba18,      0,  64 << 10, 256, ER_4K) },
    258. 

  258.     { INFO("n25q256a11",  0x20bb19,      0,  64 << 10, 512, ER_4K) },
    259. 

  259.     { INFO("n25q256a13",  0x20ba19,      0,  64 << 10, 512, ER_4K),
    260. 

  260.       .sfdp_read = m25p80_sfdp_n25q256a },
    261. 

  261.     { INFO("n25q512a11",  0x20bb20,      0,  64 << 10, 1024, ER_4K) },
    262. 

  262.     { INFO("n25q512a13",  0x20ba20,      0,  64 << 10, 1024, ER_4K) },
    263. 

  263.     { INFO("n25q128",     0x20ba18,      0,  64 << 10, 256, 0) },
    264. 

  264.     { INFO("n25q256a",    0x20ba19,      0,  64 << 10, 512,
    265. 

  265.            ER_4K | HAS_SR_BP3_BIT6 | HAS_SR_TB),
    266. 

  266.       .sfdp_read = m25p80_sfdp_n25q256a },
    267. 

  267.    { INFO("n25q512a",    0x20ba20,      0,  64 << 10, 1024, ER_4K) },
    268. 

  268.     { INFO("n25q512ax3",  0x20ba20,  0x1000,  64 << 10, 1024, ER_4K) },
    269. 

  269.     { INFO("mt25ql512ab", 0x20ba20, 0x1044, 64 << 10, 1024, ER_4K | ER_32K) },
    270. 

  270.     { INFO_STACKED("mt35xu01g", 0x2c5b1b, 0x104100, 128 << 10, 1024,
    271. 

  271.                    ER_4K | ER_32K, 2),
    272. 

  272.                    .sfdp_read = m25p80_sfdp_mt35xu01g },
    273. 

  273.     { INFO_STACKED("mt35xu02gbba", 0x2c5b1c, 0x104100, 128 << 10, 2048,
    274. 

  274.                    ER_4K | ER_32K, 4),
    275. 

  275.                    .sfdp_read = m25p80_sfdp_mt35xu02g },
    276. 

  276.     { INFO_STACKED("n25q00",    0x20ba21, 0x1000, 64 << 10, 2048, ER_4K, 4) },
    277. 

  277.     { INFO_STACKED("n25q00a",   0x20bb21, 0x1000, 64 << 10, 2048, ER_4K, 4) },
    278. 

  278.     { INFO_STACKED("mt25ql01g", 0x20ba21, 0x1040, 64 << 10, 2048, ER_4K, 2) },
    279. 

  279.     { INFO_STACKED("mt25qu01g", 0x20bb21, 0x1040, 64 << 10, 2048, ER_4K, 2) },
    280. 

  280.     { INFO_STACKED("mt25ql02g", 0x20ba22, 0x1040, 64 << 10, 4096,
    281. 

  281.                    ER_4K | ER_32K, 2) },
    282. 

  282.     { INFO_STACKED("mt25qu02g", 0x20bb22, 0x1040, 64 << 10, 4096,
    283. 

  283.                    ER_4K | ER_32K, 2) },
    284. 

  284. 

  285.     /*
    286. 

  286.      * Spansion -- single (large) sector size only, at least
    287. 

  287.      * for the chips listed here (without boot sectors).
    288. 

  288.      */
    289. 

  289.     { INFO("s25sl032p",   0x010215, 0x4d00,  64 << 10,  64, ER_4K) },
    290. 

  290.     { INFO("s25sl064p",   0x010216, 0x4d00,  64 << 10, 128, ER_4K) },
    291. 

  291.     { INFO("s25fl256s0",  0x010219, 0x4d00, 256 << 10, 128, 0) },
    292. 

  292.     { INFO("s25fl256s1",  0x010219, 0x4d01,  64 << 10, 512, 0) },
    293. 

  293.     { INFO6("s25fl512s",  0x010220, 0x4d0080, 256 << 10, 256, 0) },
    294. 

  294.     { INFO6("s70fl01gs",  0x010221, 0x4d0080, 256 << 10, 512, 0) },
    295. 

  295.     { INFO("s25sl12800",  0x012018, 0x0300, 256 << 10,  64, 0) },
    296. 

  296.     { INFO("s25sl12801",  0x012018, 0x0301,  64 << 10, 256, 0) },
    297. 

  297.     { INFO("s25fl129p0",  0x012018, 0x4d00, 256 << 10,  64, 0) },
    298. 

  298.     { INFO("s25fl129p1",  0x012018, 0x4d01,  64 << 10, 256, 0) },
    299. 

  299.     { INFO("s25sl004a",   0x010212,      0,  64 << 10,   8, 0) },
    300. 

  300.     { INFO("s25sl008a",   0x010213,      0,  64 << 10,  16, 0) },
    301. 

  301.     { INFO("s25sl016a",   0x010214,      0,  64 << 10,  32, 0) },
    302. 

  302.     { INFO("s25sl032a",   0x010215,      0,  64 << 10,  64, 0) },
    303. 

  303.     { INFO("s25sl064a",   0x010216,      0,  64 << 10, 128, 0) },
    304. 

  304.     { INFO("s25fl016k",   0xef4015,      0,  64 << 10,  32, ER_4K | ER_32K) },
    305. 

  305.     { INFO("s25fl064k",   0xef4017,      0,  64 << 10, 128, ER_4K | ER_32K) },
    306. 

  306. 

  307.     /* Spansion --  boot sectors support  */
    308. 

  308.     { INFO6("s25fs512s",    0x010220, 0x4d0081, 256 << 10, 256, 0) },
    309. 

  309.     { INFO6("s70fs01gs",    0x010221, 0x4d0081, 256 << 10, 512, 0) },
    310. 

  310. 

  311.     /* SST -- large erase sizes are "overlays", "sectors" are 4<< 10 */
    312. 

  312.     { INFO("sst25vf040b", 0xbf258d,      0,  64 << 10,   8, ER_4K) },
    313. 

  313.     { INFO("sst25vf080b", 0xbf258e,      0,  64 << 10,  16, ER_4K) },
    314. 

  314.     { INFO("sst25vf016b", 0xbf2541,      0,  64 << 10,  32, ER_4K) },
    315. 

  315.     { INFO("sst25vf032b", 0xbf254a,      0,  64 << 10,  64, ER_4K) },
    316. 

  316.     { INFO("sst25wf512",  0xbf2501,      0,  64 << 10,   1, ER_4K) },
    317. 

  317.     { INFO("sst25wf010",  0xbf2502,      0,  64 << 10,   2, ER_4K) },
    318. 

  318.     { INFO("sst25wf020",  0xbf2503,      0,  64 << 10,   4, ER_4K) },
    319. 

  319.     { INFO("sst25wf040",  0xbf2504,      0,  64 << 10,   8, ER_4K) },
    320. 

  320.     { INFO("sst25wf080",  0xbf2505,      0,  64 << 10,  16, ER_4K) },
    321. 

  321. 

  322.     /* ST Microelectronics -- newer production may have feature updates */
    323. 

  323.     { INFO("m25p05",      0x202010,      0,  32 << 10,   2, 0) },
    324. 

  324.     { INFO("m25p10",      0x202011,      0,  32 << 10,   4, 0) },
    325. 

  325.     { INFO("m25p20",      0x202012,      0,  64 << 10,   4, 0) },
    326. 

  326.     { INFO("m25p40",      0x202013,      0,  64 << 10,   8, 0) },
    327. 

  327.     { INFO("m25p80",      0x202014,      0,  64 << 10,  16, 0) },
    328. 

  328.     { INFO("m25p16",      0x202015,      0,  64 << 10,  32, 0) },
    329. 

  329.     { INFO("m25p32",      0x202016,      0,  64 << 10,  64, 0) },
    330. 

  330.     { INFO("m25p64",      0x202017,      0,  64 << 10, 128, 0) },
    331. 

  331.     { INFO("m25p128",     0x202018,      0, 256 << 10,  64, 0) },
    332. 

  332.     { INFO("n25q032",     0x20ba16,      0,  64 << 10,  64, 0) },
    333. 

  333. 

  334.     { INFO("m45pe10",     0x204011,      0,  64 << 10,   2, 0) },
    335. 

  335.     { INFO("m45pe80",     0x204014,      0,  64 << 10,  16, 0) },
    336. 

  336.     { INFO("m45pe16",     0x204015,      0,  64 << 10,  32, 0) },
    337. 

  337. 

  338.     { INFO("m25pe20",     0x208012,      0,  64 << 10,   4, 0) },
    339. 

  339.     { INFO("m25pe80",     0x208014,      0,  64 << 10,  16, 0) },
    340. 

  340.     { INFO("m25pe16",     0x208015,      0,  64 << 10,  32, ER_4K) },
    341. 

  341. 

  342.     { INFO("m25px32",     0x207116,      0,  64 << 10,  64, ER_4K) },
    343. 

  343.     { INFO("m25px32-s0",  0x207316,      0,  64 << 10,  64, ER_4K) },
    344. 

  344.     { INFO("m25px32-s1",  0x206316,      0,  64 << 10,  64, ER_4K) },
    345. 

  345.     { INFO("m25px64",     0x207117,      0,  64 << 10, 128, 0) },
    346. 

  346. 

  347.     /* Winbond -- w25x "blocks" are 64k, "sectors" are 4KiB */
    348. 

  348.     { INFO("w25x10",      0xef3011,      0,  64 << 10,   2, ER_4K) },
    349. 

  349.     { INFO("w25x20",      0xef3012,      0,  64 << 10,   4, ER_4K) },
    350. 

  350.     { INFO("w25x40",      0xef3013,      0,  64 << 10,   8, ER_4K) },
    351. 

  351.     { INFO("w25x80",      0xef3014,      0,  64 << 10,  16, ER_4K) },
    352. 

  352.     { INFO("w25x16",      0xef3015,      0,  64 << 10,  32, ER_4K) },
    353. 

  353.     { INFO("w25x32",      0xef3016,      0,  64 << 10,  64, ER_4K) },
    354. 

  354.     { INFO("w25q32",      0xef4016,      0,  64 << 10,  64, ER_4K) },
    355. 

  355.     { INFO("w25q32dw",    0xef6016,      0,  64 << 10,  64, ER_4K) },
    356. 

  356.     { INFO("w25x64",      0xef3017,      0,  64 << 10, 128, ER_4K) },
    357. 

  357.     { INFO("w25q64",      0xef4017,      0,  64 << 10, 128, ER_4K) },
    358. 

  358.     { INFO("w25q80",      0xef5014,      0,  64 << 10,  16, ER_4K) },
    359. 

  359.     { INFO("w25q80bl",    0xef4014,      0,  64 << 10,  16, ER_4K),
    360. 

  360.       .sfdp_read = m25p80_sfdp_w25q80bl },
    361. 

  361.     { INFO("w25q256",     0xef4019,      0,  64 << 10, 512, ER_4K),
    362. 

  362.       .sfdp_read = m25p80_sfdp_w25q256 },
    363. 

  363.     { INFO("w25q512jv",   0xef4020,      0,  64 << 10, 1024, ER_4K),
    364. 

  364.       .sfdp_read = m25p80_sfdp_w25q512jv },
    365. 

  365.     { INFO("w25q01jvq",   0xef4021,      0,  64 << 10, 2048, ER_4K),
    366. 

  366.       .sfdp_read = m25p80_sfdp_w25q01jvq },
    367. 

  367. 

  368.     /* Microchip */
    369. 

  369.     { INFO("25csm04",      0x29cc00,      0x100,  64 << 10,  8, 0) },
    370. 

  370. };
    371. 

  371. 

  372. typedef enum {
    373. 

  373.     NOP = 0,
    374. 

  374.     WRSR = 0x1,
    375. 

  375.     WRDI = 0x4,
    376. 

  376.     RDSR = 0x5,
    377. 

  377.     WREN = 0x6,
    378. 

  378.     BRRD = 0x16,
    379. 

  379.     BRWR = 0x17,
    380. 

  380.     JEDEC_READ = 0x9f,
    381. 

  381.     BULK_ERASE_60 = 0x60,
    382. 

  382.     BULK_ERASE = 0xc7,
    383. 

  383.     READ_FSR = 0x70,
    384. 

  384.     RDCR = 0x15,
    385. 

  385.     RDSFDP = 0x5a,
    386. 

  386. 

  387.     READ = 0x03,
    388. 

  388.     READ4 = 0x13,
    389. 

  389.     FAST_READ = 0x0b,
    390. 

  390.     FAST_READ4 = 0x0c,
    391. 

  391.     DOR = 0x3b,
    392. 

  392.     DOR4 = 0x3c,
    393. 

  393.     QOR = 0x6b,
    394. 

  394.     QOR4 = 0x6c,
    395. 

  395.     DIOR = 0xbb,
    396. 

  396.     DIOR4 = 0xbc,
    397. 

  397.     QIOR = 0xeb,
    398. 

  398.     QIOR4 = 0xec,
    399. 

  399. 

  400.     PP = 0x02,
    401. 

  401.     PP4 = 0x12,
    402. 

  402.     PP4_4 = 0x3e,
    403. 

  403.     DPP = 0xa2,
    404. 

  404.     QPP = 0x32,
    405. 

  405.     QPP_4 = 0x34,
    406. 

  406.     RDID_90 = 0x90,
    407. 

  407.     RDID_AB = 0xab,
    408. 

  408.     AAI_WP = 0xad,
    409. 

  409. 

  410.     ERASE_4K = 0x20,
    411. 

  411.     ERASE4_4K = 0x21,
    412. 

  412.     ERASE_32K = 0x52,
    413. 

  413.     ERASE4_32K = 0x5c,
    414. 

  414.     ERASE_SECTOR = 0xd8,
    415. 

  415.     ERASE4_SECTOR = 0xdc,
    416. 

  416. 

  417.     EN_4BYTE_ADDR = 0xB7,
    418. 

  418.     EX_4BYTE_ADDR = 0xE9,
    419. 

  419. 

  420.     EXTEND_ADDR_READ = 0xC8,
    421. 

  421.     EXTEND_ADDR_WRITE = 0xC5,
    422. 

  422. 

  423.     RESET_ENABLE = 0x66,
    424. 

  424.     RESET_MEMORY = 0x99,
    425. 

  425. 

  426.     /*
    427. 

  427.      * Micron: 0x35 - enable QPI
    428. 

  428.      * Spansion: 0x35 - read control register
    429. 

  429.      * Winbond: 0x35 - quad enable
    430. 

  430.      */
    431. 

  431.     RDCR_EQIO = 0x35,
    432. 

  432.     RSTQIO = 0xf5,
    433. 

  433. 

  434.     /*
    435. 

  435.      * Winbond: 0x31 - write status register 2
    436. 

  436.      */
    437. 

  437.     WRSR2 = 0x31,
    438. 

  438. 

  439.     RNVCR = 0xB5,
    440. 

  440.     WNVCR = 0xB1,
    441. 

  441. 

  442.     RVCR = 0x85,
    443. 

  443.     WVCR = 0x81,
    444. 

  444. 

  445.     REVCR = 0x65,
    446. 

  446.     WEVCR = 0x61,
    447. 

  447. 

  448.     DIE_ERASE = 0xC4,
    449. 

  449. } FlashCMD;
    450. 

  450. 

  451. typedef enum {
    452. 

  452.     STATE_IDLE,
    453. 

  453.     STATE_PAGE_PROGRAM,
    454. 

  454.     STATE_READ,
    455. 

  455.     STATE_COLLECTING_DATA,
    456. 

  456.     STATE_COLLECTING_VAR_LEN_DATA,
    457. 

  457.     STATE_READING_DATA,
    458. 

  458.     STATE_READING_SFDP,
    459. 

  459. } CMDState;
    460. 

  460. 

  461. typedef enum {
    462. 

  462.     MAN_SPANSION,
    463. 

  463.     MAN_MACRONIX,
    464. 

  464.     MAN_NUMONYX,
    465. 

  465.     MAN_WINBOND,
    466. 

  466.     MAN_SST,
    467. 

  467.     MAN_ISSI,
    468. 

  468.     MAN_GENERIC,
    469. 

  469. } Manufacturer;
    470. 

  470. 

  471. typedef enum {
    472. 

  472.     MODE_STD = 0,
    473. 

  473.     MODE_DIO = 1,
    474. 

  474.     MODE_QIO = 2
    475. 

  475. } SPIMode;
    476. 

  476. 

  477. #define M25P80_INTERNAL_DATA_BUFFER_SZ 16
    478. 

  478. 

  479. struct Flash {
    480. 

  480.     SSIPeripheral parent_obj;
    481. 

  481. 

  482.     BlockBackend *blk;
    483. 

  483. 

  484.     uint8_t *storage;
    485. 

  485.     uint32_t size;
    486. 

  486.     int page_size;
    487. 

  487. 

  488.     uint8_t state;
    489. 

  489.     uint8_t data[M25P80_INTERNAL_DATA_BUFFER_SZ];
    490. 

  490.     uint32_t len;
    491. 

  491.     uint32_t pos;
    492. 

  492.     bool data_read_loop;
    493. 

  493.     uint8_t needed_bytes;
    494. 

  494.     uint8_t cmd_in_progress;
    495. 

  495.     uint32_t cur_addr;
    496. 

  496.     uint32_t nonvolatile_cfg;
    497. 

  497.     /* Configuration register for Macronix */
    498. 

  498.     uint32_t volatile_cfg;
    499. 

  499.     uint32_t enh_volatile_cfg;
    500. 

  500.     /* Spansion cfg registers. */
    501. 

  501.     uint8_t spansion_cr1nv;
    502. 

  502.     uint8_t spansion_cr2nv;
    503. 

  503.     uint8_t spansion_cr3nv;
    504. 

  504.     uint8_t spansion_cr4nv;
    505. 

  505.     uint8_t spansion_cr1v;
    506. 

  506.     uint8_t spansion_cr2v;
    507. 

  507.     uint8_t spansion_cr3v;
    508. 

  508.     uint8_t spansion_cr4v;
    509. 

  509.     bool wp_level;
    510. 

  510.     bool write_enable;
    511. 

  511.     bool four_bytes_address_mode;
    512. 

  512.     bool reset_enable;
    513. 

  513.     bool quad_enable;
    514. 

  514.     bool aai_enable;
    515. 

  515.     bool block_protect0;
    516. 

  516.     bool block_protect1;
    517. 

  517.     bool block_protect2;
    518. 

  518.     bool block_protect3;
    519. 

  519.     bool top_bottom_bit;
    520. 

  520.     bool status_register_write_disabled;
    521. 

  521.     uint8_t ear;
    522. 

  522. 

  523.     int64_t dirty_page;
    524. 

  524. 

  525.     const FlashPartInfo *pi;
    526. 

  526. 

  527. };
    528. 

  528. 

  529. struct M25P80Class {
    530. 

  530.     SSIPeripheralClass parent_class;
    531. 

  531.     FlashPartInfo *pi;
    532. 

  532. };
    533. 

  533. 

  534. OBJECT_DECLARE_TYPE(Flash, M25P80Class, M25P80)
    535. 

  535. 

  536. static inline Manufacturer get_man(Flash *s)
    537. 

  537. {
    538. 

  538.     switch (s->pi->id[0]) {
    539. 

  539.     case 0x20:
    540. 

  540.         return MAN_NUMONYX;
    541. 

  541.     case 0xEF:
    542. 

  542.         return MAN_WINBOND;
    543. 

  543.     case 0x01:
    544. 

  544.         return MAN_SPANSION;
    545. 

  545.     case 0xC2:
    546. 

  546.         return MAN_MACRONIX;
    547. 

  547.     case 0xBF:
    548. 

  548.         return MAN_SST;
    549. 

  549.     case 0x9D:
    550. 

  550.         return MAN_ISSI;
    551. 

  551.     default:
    552. 

  552.         return MAN_GENERIC;
    553. 

  553.     }
    554. 

  554. }
    555. 

  555. 

  556. static void blk_sync_complete(void *opaque, int ret)
    557. 

  557. {
    558. 

  558.     QEMUIOVector *iov = opaque;
    559. 

  559. 

  560.     qemu_iovec_destroy(iov);
    561. 

  561.     g_free(iov);
    562. 

  562. 

  563.     /*
    564. 

  564.      * do nothing. Masters do not directly interact with the backing store,
    565. 

  565.      * only the working copy so no mutexing required.
    566. 

  566.      */
    567. 

  567. }
    568. 

  568. 

  569. static void flash_sync_page(Flash *s, int page)
    570. 

  570. {
    571. 

  571.     QEMUIOVector *iov;
    572. 

  572. 

  573.     if (!s->blk || !blk_is_writable(s->blk)) {
    574. 

  574.         return;
    575. 

  575.     }
    576. 

  576. 

  577.     iov = g_new(QEMUIOVector, 1);
    578. 

  578.     qemu_iovec_init(iov, 1);
    579. 

  579.     qemu_iovec_add(iov, s->storage + page * s->pi->page_size,
    580. 

  580.                    s->pi->page_size);
    581. 

  581.     blk_aio_pwritev(s->blk, page * s->pi->page_size, iov, 0,
    582. 

  582.                     blk_sync_complete, iov);
    583. 

  583. }
    584. 

  584. 

  585. static inline void flash_sync_area(Flash *s, int64_t off, int64_t len)
    586. 

  586. {
    587. 

  587.     QEMUIOVector *iov;
    588. 

  588. 

  589.     if (!s->blk || !blk_is_writable(s->blk)) {
    590. 

  590.         return;
    591. 

  591.     }
    592. 

  592. 

  593.     assert(!(len % BDRV_SECTOR_SIZE));
    594. 

  594.     iov = g_new(QEMUIOVector, 1);
    595. 

  595.     qemu_iovec_init(iov, 1);
    596. 

  596.     qemu_iovec_add(iov, s->storage + off, len);
    597. 

  597.     blk_aio_pwritev(s->blk, off, iov, 0, blk_sync_complete, iov);
    598. 

  598. }
    599. 

  599. 

  600. static void flash_erase(Flash *s, int offset, FlashCMD cmd)
    601. 

  601. {
    602. 

  602.     uint32_t len;
    603. 

  603.     uint8_t capa_to_assert = 0;
    604. 

  604. 

  605.     switch (cmd) {
    606. 

  606.     case ERASE_4K:
    607. 

  607.     case ERASE4_4K:
    608. 

  608.         len = 4 * KiB;
    609. 

  609.         capa_to_assert = ER_4K;
    610. 

  610.         break;
    611. 

  611.     case ERASE_32K:
    612. 

  612.     case ERASE4_32K:
    613. 

  613.         len = 32 * KiB;
    614. 

  614.         capa_to_assert = ER_32K;
    615. 

  615.         break;
    616. 

  616.     case ERASE_SECTOR:
    617. 

  617.     case ERASE4_SECTOR:
    618. 

  618.         len = s->pi->sector_size;
    619. 

  619.         break;
    620. 

  620.     case BULK_ERASE:
    621. 

  621.         len = s->size;
    622. 

  622.         break;
    623. 

  623.     case DIE_ERASE:
    624. 

  624.         if (s->pi->die_cnt) {
    625. 

  625.             len = s->size / s->pi->die_cnt;
    626. 

  626.             offset = offset & (~(len - 1));
    627. 

  627.         } else {
    628. 

  628.             qemu_log_mask(LOG_GUEST_ERROR, "M25P80: die erase is not supported"
    629. 

  629.                           " by device\n");
    630. 

  630.             return;
    631. 

  631.         }
    632. 

  632.         break;
    633. 

  633.     default:
    634. 

  634.         abort();
    635. 

  635.     }
    636. 

  636. 

  637.     trace_m25p80_flash_erase(s, offset, len);
    638. 

  638. 

  639.     if ((s->pi->flags & capa_to_assert) != capa_to_assert) {
    640. 

  640.         qemu_log_mask(LOG_GUEST_ERROR, "M25P80: %d erase size not supported by"
    641. 

  641.                       " device\n", len);
    642. 

  642.     }
    643. 

  643. 

  644.     if (!s->write_enable) {
    645. 

  645.         qemu_log_mask(LOG_GUEST_ERROR, "M25P80: erase with write protect!\n");
    646. 

  646.         return;
    647. 

  647.     }
    648. 

  648.     memset(s->storage + offset, 0xff, len);
    649. 

  649.     flash_sync_area(s, offset, len);
    650. 

  650. }
    651. 

  651. 

  652. static inline void flash_sync_dirty(Flash *s, int64_t newpage)
    653. 

  653. {
    654. 

  654.     if (s->dirty_page >= 0 && s->dirty_page != newpage) {
    655. 

  655.         flash_sync_page(s, s->dirty_page);
    656. 

  656.         s->dirty_page = newpage;
    657. 

  657.     }
    658. 

  658. }
    659. 

  659. 

  660. static inline
    661. 

  661. void flash_write8(Flash *s, uint32_t addr, uint8_t data)
    662. 

  662. {
    663. 

  663.     uint32_t page = addr / s->pi->page_size;
    664. 

  664.     uint8_t prev = s->storage[s->cur_addr];
    665. 

  665.     uint32_t block_protect_value = (s->block_protect3 << 3) |
    666. 

  666.                                    (s->block_protect2 << 2) |
    667. 

  667.                                    (s->block_protect1 << 1) |
    668. 

  668.                                    (s->block_protect0 << 0);
    669. 

  669. 

  670.     if (!s->write_enable) {
    671. 

  671.         qemu_log_mask(LOG_GUEST_ERROR, "M25P80: write with write protect!\n");
    672. 

  672.         return;
    673. 

  673.     }
    674. 

  674. 

  675.     if (block_protect_value > 0) {
    676. 

  676.         uint32_t num_protected_sectors = 1 << (block_protect_value - 1);
    677. 

  677.         uint32_t sector = addr / s->pi->sector_size;
    678. 

  678. 

  679.         /* top_bottom_bit == 0 means TOP */
    680. 

  680.         if (!s->top_bottom_bit) {
    681. 

  681.             if (s->pi->n_sectors <= sector + num_protected_sectors) {
    682. 

  682.                 qemu_log_mask(LOG_GUEST_ERROR,
    683. 

  683.                               "M25P80: write with write protect!\n");
    684. 

  684.                 return;
    685. 

  685.             }
    686. 

  686.         } else {
    687. 

  687.             if (sector < num_protected_sectors) {
    688. 

  688.                 qemu_log_mask(LOG_GUEST_ERROR,
    689. 

  689.                               "M25P80: write with write protect!\n");
    690. 

  690.                 return;
    691. 

  691.             }
    692. 

  692.         }
    693. 

  693.     }
    694. 

  694. 

  695.     if ((prev ^ data) & data) {
    696. 

  696.         trace_m25p80_programming_zero_to_one(s, addr, prev, data);
    697. 

  697.     }
    698. 

  698. 

  699.     if (s->pi->flags & EEPROM) {
    700. 

  700.         s->storage[s->cur_addr] = data;
    701. 

  701.     } else {
    702. 

  702.         s->storage[s->cur_addr] &= data;
    703. 

  703.     }
    704. 

  704. 

  705.     flash_sync_dirty(s, page);
    706. 

  706.     s->dirty_page = page;
    707. 

  707. }
    708. 

  708. 

  709. static inline int get_addr_length(Flash *s)
    710. 

  710. {
    711. 

  711.    /* check if eeprom is in use */
    712. 

  712.     if (s->pi->flags == EEPROM) {
    713. 

  713.         return 2;
    714. 

  714.     }
    715. 

  715. 

  716.    switch (s->cmd_in_progress) {
    717. 

  717.    case RDSFDP:
    718. 

  718.        return 3;
    719. 

  719.    case PP4:
    720. 

  720.    case PP4_4:
    721. 

  721.    case QPP_4:
    722. 

  722.    case READ4:
    723. 

  723.    case QIOR4:
    724. 

  724.    case ERASE4_4K:
    725. 

  725.    case ERASE4_32K:
    726. 

  726.    case ERASE4_SECTOR:
    727. 

  727.    case FAST_READ4:
    728. 

  728.    case DOR4:
    729. 

  729.    case QOR4:
    730. 

  730.    case DIOR4:
    731. 

  731.        return 4;
    732. 

  732.    default:
    733. 

  733.        return s->four_bytes_address_mode ? 4 : 3;
    734. 

  734.    }
    735. 

  735. }
    736. 

  736. 

  737. static void complete_collecting_data(Flash *s)
    738. 

  738. {
    739. 

  739.     int i, n;
    740. 

  740. 

  741.     n = get_addr_length(s);
    742. 

  742.     s->cur_addr = (n == 3 ? s->ear : 0);
    743. 

  743.     for (i = 0; i < n; ++i) {
    744. 

  744.         s->cur_addr <<= 8;
    745. 

  745.         s->cur_addr |= s->data[i];
    746. 

  746.     }
    747. 

  747. 

  748.     s->cur_addr &= s->size - 1;
    749. 

  749. 

  750.     s->state = STATE_IDLE;
    751. 

  751. 

  752.     trace_m25p80_complete_collecting(s, s->cmd_in_progress, n, s->ear,
    753. 

  753.                                      s->cur_addr);
    754. 

  754. 

  755.     switch (s->cmd_in_progress) {
    756. 

  756.     case DPP:
    757. 

  757.     case QPP:
    758. 

  758.     case QPP_4:
    759. 

  759.     case PP:
    760. 

  760.     case PP4:
    761. 

  761.     case PP4_4:
    762. 

  762.         s->state = STATE_PAGE_PROGRAM;
    763. 

  763.         break;
    764. 

  764.     case AAI_WP:
    765. 

  765.         /* AAI programming starts from the even address */
    766. 

  766.         s->cur_addr &= ~BIT(0);
    767. 

  767.         s->state = STATE_PAGE_PROGRAM;
    768. 

  768.         break;
    769. 

  769.     case READ:
    770. 

  770.     case READ4:
    771. 

  771.     case FAST_READ:
    772. 

  772.     case FAST_READ4:
    773. 

  773.     case DOR:
    774. 

  774.     case DOR4:
    775. 

  775.     case QOR:
    776. 

  776.     case QOR4:
    777. 

  777.     case DIOR:
    778. 

  778.     case DIOR4:
    779. 

  779.     case QIOR:
    780. 

  780.     case QIOR4:
    781. 

  781.         s->state = STATE_READ;
    782. 

  782.         break;
    783. 

  783.     case ERASE_4K:
    784. 

  784.     case ERASE4_4K:
    785. 

  785.     case ERASE_32K:
    786. 

  786.     case ERASE4_32K:
    787. 

  787.     case ERASE_SECTOR:
    788. 

  788.     case ERASE4_SECTOR:
    789. 

  789.     case DIE_ERASE:
    790. 

  790.         flash_erase(s, s->cur_addr, s->cmd_in_progress);
    791. 

  791.         break;
    792. 

  792.     case WRSR:
    793. 

  793.         s->status_register_write_disabled = extract32(s->data[0], 7, 1);
    794. 

  794.         s->block_protect0 = extract32(s->data[0], 2, 1);
    795. 

  795.         s->block_protect1 = extract32(s->data[0], 3, 1);
    796. 

  796.         s->block_protect2 = extract32(s->data[0], 4, 1);
    797. 

  797.         if (s->pi->flags & HAS_SR_TB) {
    798. 

  798.             s->top_bottom_bit = extract32(s->data[0], 5, 1);
    799. 

  799.         }
    800. 

  800.         if (s->pi->flags & HAS_SR_BP3_BIT6) {
    801. 

  801.             s->block_protect3 = extract32(s->data[0], 6, 1);
    802. 

  802.         }
    803. 

  803. 

  804.         switch (get_man(s)) {
    805. 

  805.         case MAN_SPANSION:
    806. 

  806.             s->quad_enable = !!(s->data[1] & 0x02);
    807. 

  807.             break;
    808. 

  808.         case MAN_ISSI:
    809. 

  809.             s->quad_enable = extract32(s->data[0], 6, 1);
    810. 

  810.             break;
    811. 

  811.         case MAN_MACRONIX:
    812. 

  812.             s->quad_enable = extract32(s->data[0], 6, 1);
    813. 

  813.             if (s->len > 1) {
    814. 

  814.                 s->volatile_cfg = s->data[1];
    815. 

  815.                 s->four_bytes_address_mode = extract32(s->data[1], 5, 1);
    816. 

  816.             }
    817. 

  817.             break;
    818. 

  818.         case MAN_WINBOND:
    819. 

  819.             if (s->len > 1) {
    820. 

  820.                 s->quad_enable = !!(s->data[1] & 0x02);
    821. 

  821.             }
    822. 

  822.             break;
    823. 

  823.         default:
    824. 

  824.             break;
    825. 

  825.         }
    826. 

  826.         if (s->write_enable) {
    827. 

  827.             s->write_enable = false;
    828. 

  828.         }
    829. 

  829.         break;
    830. 

  830.     case WRSR2:
    831. 

  831.         switch (get_man(s)) {
    832. 

  832.         case MAN_WINBOND:
    833. 

  833.             s->quad_enable = !!(s->data[0] & 0x02);
    834. 

  834.             break;
    835. 

  835.         default:
    836. 

  836.             break;
    837. 

  837.         }
    838. 

  838.         break;
    839. 

  839.     case BRWR:
    840. 

  840.     case EXTEND_ADDR_WRITE:
    841. 

  841.         s->ear = s->data[0];
    842. 

  842.         break;
    843. 

  843.     case WNVCR:
    844. 

  844.         s->nonvolatile_cfg = s->data[0] | (s->data[1] << 8);
    845. 

  845.         break;
    846. 

  846.     case WVCR:
    847. 

  847.         s->volatile_cfg = s->data[0];
    848. 

  848.         break;
    849. 

  849.     case WEVCR:
    850. 

  850.         s->enh_volatile_cfg = s->data[0];
    851. 

  851.         break;
    852. 

  852.     case RDID_90:
    853. 

  853.     case RDID_AB:
    854. 

  854.         if (get_man(s) == MAN_SST) {
    855. 

  855.             if (s->cur_addr <= 1) {
    856. 

  856.                 if (s->cur_addr) {
    857. 

  857.                     s->data[0] = s->pi->id[2];
    858. 

  858.                     s->data[1] = s->pi->id[0];
    859. 

  859.                 } else {
    860. 

  860.                     s->data[0] = s->pi->id[0];
    861. 

  861.                     s->data[1] = s->pi->id[2];
    862. 

  862.                 }
    863. 

  863.                 s->pos = 0;
    864. 

  864.                 s->len = 2;
    865. 

  865.                 s->data_read_loop = true;
    866. 

  866.                 s->state = STATE_READING_DATA;
    867. 

  867.             } else {
    868. 

  868.                 qemu_log_mask(LOG_GUEST_ERROR,
    869. 

  869.                               "M25P80: Invalid read id address\n");
    870. 

  870.             }
    871. 

  871.         } else {
    872. 

  872.             qemu_log_mask(LOG_GUEST_ERROR,
    873. 

  873.                           "M25P80: Read id (command 0x90/0xAB) is not supported"
    874. 

  874.                           " by device\n");
    875. 

  875.         }
    876. 

  876.         break;
    877. 

  877. 

  878.     case RDSFDP:
    879. 

  879.         s->state = STATE_READING_SFDP;
    880. 

  880.         break;
    881. 

  881. 

  882.     default:
    883. 

  883.         break;
    884. 

  884.     }
    885. 

  885. }
    886. 

  886. 

  887. static void reset_memory(Flash *s)
    888. 

  888. {
    889. 

  889.     s->cmd_in_progress = NOP;
    890. 

  890.     s->cur_addr = 0;
    891. 

  891.     s->ear = 0;
    892. 

  892.     s->four_bytes_address_mode = false;
    893. 

  893.     s->len = 0;
    894. 

  894.     s->needed_bytes = 0;
    895. 

  895.     s->pos = 0;
    896. 

  896.     s->state = STATE_IDLE;
    897. 

  897.     s->write_enable = false;
    898. 

  898.     s->reset_enable = false;
    899. 

  899.     s->quad_enable = false;
    900. 

  900.     s->aai_enable = false;
    901. 

  901. 

  902.     switch (get_man(s)) {
    903. 

  903.     case MAN_NUMONYX:
    904. 

  904.         s->volatile_cfg = 0;
    905. 

  905.         s->volatile_cfg |= VCFG_DUMMY;
    906. 

  906.         s->volatile_cfg |= VCFG_WRAP_SEQUENTIAL;
    907. 

  907.         if ((s->nonvolatile_cfg & NVCFG_XIP_MODE_MASK)
    908. 

  908.                                 == NVCFG_XIP_MODE_DISABLED) {
    909. 

  909.             s->volatile_cfg |= VCFG_XIP_MODE_DISABLED;
    910. 

  910.         }
    911. 

  911.         s->volatile_cfg |= deposit32(s->volatile_cfg,
    912. 

  912.                             VCFG_DUMMY_CLK_POS,
    913. 

  913.                             CFG_DUMMY_CLK_LEN,
    914. 

  914.                             extract32(s->nonvolatile_cfg,
    915. 

  915.                                         NVCFG_DUMMY_CLK_POS,
    916. 

  916.                                         CFG_DUMMY_CLK_LEN)
    917. 

  917.                             );
    918. 

  918. 

  919.         s->enh_volatile_cfg = 0;
    920. 

  920.         s->enh_volatile_cfg |= EVCFG_OUT_DRIVER_STRENGTH_DEF;
    921. 

  921.         s->enh_volatile_cfg |= EVCFG_VPP_ACCELERATOR;
    922. 

  922.         s->enh_volatile_cfg |= EVCFG_RESET_HOLD_ENABLED;
    923. 

  923.         if (s->nonvolatile_cfg & NVCFG_DUAL_IO_MASK) {
    924. 

  924.             s->enh_volatile_cfg |= EVCFG_DUAL_IO_DISABLED;
    925. 

  925.         }
    926. 

  926.         if (s->nonvolatile_cfg & NVCFG_QUAD_IO_MASK) {
    927. 

  927.             s->enh_volatile_cfg |= EVCFG_QUAD_IO_DISABLED;
    928. 

  928.         }
    929. 

  929.         if (!(s->nonvolatile_cfg & NVCFG_4BYTE_ADDR_MASK)) {
    930. 

  930.             s->four_bytes_address_mode = true;
    931. 

  931.         }
    932. 

  932.         if (!(s->nonvolatile_cfg & NVCFG_LOWER_SEGMENT_MASK)) {
    933. 

  933.             s->ear = s->size / MAX_3BYTES_SIZE - 1;
    934. 

  934.         }
    935. 

  935.         break;
    936. 

  936.     case MAN_MACRONIX:
    937. 

  937.         s->volatile_cfg = 0x7;
    938. 

  938.         break;
    939. 

  939.     case MAN_SPANSION:
    940. 

  940.         s->spansion_cr1v = s->spansion_cr1nv;
    941. 

  941.         s->spansion_cr2v = s->spansion_cr2nv;
    942. 

  942.         s->spansion_cr3v = s->spansion_cr3nv;
    943. 

  943.         s->spansion_cr4v = s->spansion_cr4nv;
    944. 

  944.         s->quad_enable = extract32(s->spansion_cr1v,
    945. 

  945.                                    SPANSION_QUAD_CFG_POS,
    946. 

  946.                                    SPANSION_QUAD_CFG_LEN
    947. 

  947.                                    );
    948. 

  948.         s->four_bytes_address_mode = extract32(s->spansion_cr2v,
    949. 

  949.                 SPANSION_ADDR_LEN_POS,
    950. 

  950.                 SPANSION_ADDR_LEN_LEN
    951. 

  951.                 );
    952. 

  952.         break;
    953. 

  953.     default:
    954. 

  954.         break;
    955. 

  955.     }
    956. 

  956. 

  957.     trace_m25p80_reset_done(s);
    958. 

  958. }
    959. 

  959. 

  960. static uint8_t numonyx_mode(Flash *s)
    961. 

  961. {
    962. 

  962.     if (!(s->enh_volatile_cfg & EVCFG_QUAD_IO_DISABLED)) {
    963. 

  963.         return MODE_QIO;
    964. 

  964.     } else if (!(s->enh_volatile_cfg & EVCFG_DUAL_IO_DISABLED)) {
    965. 

  965.         return MODE_DIO;
    966. 

  966.     } else {
    967. 

  967.         return MODE_STD;
    968. 

  968.     }
    969. 

  969. }
    970. 

  970. 

  971. static uint8_t numonyx_extract_cfg_num_dummies(Flash *s)
    972. 

  972. {
    973. 

  973.     uint8_t num_dummies;
    974. 

  974.     uint8_t mode;
    975. 

  975.     assert(get_man(s) == MAN_NUMONYX);
    976. 

  976. 

  977.     mode = numonyx_mode(s);
    978. 

  978.     num_dummies = extract32(s->volatile_cfg, 4, 4);
    979. 

  979. 

  980.     if (num_dummies == 0x0 || num_dummies == 0xf) {
    981. 

  981.         switch (s->cmd_in_progress) {
    982. 

  982.         case QIOR:
    983. 

  983.         case QIOR4:
    984. 

  984.             num_dummies = 10;
    985. 

  985.             break;
    986. 

  986.         default:
    987. 

  987.             num_dummies = (mode == MODE_QIO) ? 10 : 8;
    988. 

  988.             break;
    989. 

  989.         }
    990. 

  990.     }
    991. 

  991. 

  992.     return num_dummies;
    993. 

  993. }
    994. 

  994. 

  995. static void decode_fast_read_cmd(Flash *s)
    996. 

  996. {
    997. 

  997.     s->needed_bytes = get_addr_length(s);
    998. 

  998.     switch (get_man(s)) {
    999. 

  999.     /* Dummy cycles - modeled with bytes writes instead of bits */
    1000. 

  1000.     case MAN_SST:
    1001. 

  1001.         s->needed_bytes += 1;
    1002. 

  1002.         break;
    1003. 

  1003.     case MAN_WINBOND:
    1004. 

  1004.         s->needed_bytes += 8;
    1005. 

  1005.         break;
    1006. 

  1006.     case MAN_NUMONYX:
    1007. 

  1007.         s->needed_bytes += numonyx_extract_cfg_num_dummies(s);
    1008. 

  1008.         break;
    1009. 

  1009.     case MAN_MACRONIX:
    1010. 

  1010.         if (extract32(s->volatile_cfg, 6, 2) == 1) {
    1011. 

  1011.             s->needed_bytes += 6;
    1012. 

  1012.         } else {
    1013. 

  1013.             s->needed_bytes += 8;
    1014. 

  1014.         }
    1015. 

  1015.         break;
    1016. 

  1016.     case MAN_SPANSION:
    1017. 

  1017.         s->needed_bytes += extract32(s->spansion_cr2v,
    1018. 

  1018.                                     SPANSION_DUMMY_CLK_POS,
    1019. 

  1019.                                     SPANSION_DUMMY_CLK_LEN
    1020. 

  1020.                                     );
    1021. 

  1021.         break;
    1022. 

  1022.     case MAN_ISSI:
    1023. 

  1023.         /*
    1024. 

  1024.          * The Fast Read instruction code is followed by address bytes and
    1025. 

  1025.          * dummy cycles, transmitted via the SI line.
    1026. 

  1026.          *
    1027. 

  1027.          * The number of dummy cycles is configurable but this is currently
    1028. 

  1028.          * unmodeled, hence the default value 8 is used.
    1029. 

  1029.          *
    1030. 

  1030.          * QPI (Quad Peripheral Interface) mode has different default value
    1031. 

  1031.          * of dummy cycles, but this is unsupported at the time being.
    1032. 

  1032.          */
    1033. 

  1033.         s->needed_bytes += 1;
    1034. 

  1034.         break;
    1035. 

  1035.     default:
    1036. 

  1036.         break;
    1037. 

  1037.     }
    1038. 

  1038.     s->pos = 0;
    1039. 

  1039.     s->len = 0;
    1040. 

  1040.     s->state = STATE_COLLECTING_DATA;
    1041. 

  1041. }
    1042. 

  1042. 

  1043. static void decode_dio_read_cmd(Flash *s)
    1044. 

  1044. {
    1045. 

  1045.     s->needed_bytes = get_addr_length(s);
    1046. 

  1046.     /* Dummy cycles modeled with bytes writes instead of bits */
    1047. 

  1047.     switch (get_man(s)) {
    1048. 

  1048.     case MAN_WINBOND:
    1049. 

  1049.         s->needed_bytes += WINBOND_CONTINUOUS_READ_MODE_CMD_LEN;
    1050. 

  1050.         break;
    1051. 

  1051.     case MAN_SPANSION:
    1052. 

  1052.         s->needed_bytes += SPANSION_CONTINUOUS_READ_MODE_CMD_LEN;
    1053. 

  1053.         s->needed_bytes += extract32(s->spansion_cr2v,
    1054. 

  1054.                                     SPANSION_DUMMY_CLK_POS,
    1055. 

  1055.                                     SPANSION_DUMMY_CLK_LEN
    1056. 

  1056.                                     );
    1057. 

  1057.         break;
    1058. 

  1058.     case MAN_NUMONYX:
    1059. 

  1059.         s->needed_bytes += numonyx_extract_cfg_num_dummies(s);
    1060. 

  1060.         break;
    1061. 

  1061.     case MAN_MACRONIX:
    1062. 

  1062.         switch (extract32(s->volatile_cfg, 6, 2)) {
    1063. 

  1063.         case 1:
    1064. 

  1064.             s->needed_bytes += 6;
    1065. 

  1065.             break;
    1066. 

  1066.         case 2:
    1067. 

  1067.             s->needed_bytes += 8;
    1068. 

  1068.             break;
    1069. 

  1069.         default:
    1070. 

  1070.             s->needed_bytes += 4;
    1071. 

  1071.             break;
    1072. 

  1072.         }
    1073. 

  1073.         break;
    1074. 

  1074.     case MAN_ISSI:
    1075. 

  1075.         /*
    1076. 

  1076.          * The Fast Read Dual I/O instruction code is followed by address bytes
    1077. 

  1077.          * and dummy cycles, transmitted via the IO1 and IO0 line.
    1078. 

  1078.          *
    1079. 

  1079.          * The number of dummy cycles is configurable but this is currently
    1080. 

  1080.          * unmodeled, hence the default value 4 is used.
    1081. 

  1081.          */
    1082. 

  1082.         s->needed_bytes += 1;
    1083. 

  1083.         break;
    1084. 

  1084.     default:
    1085. 

  1085.         break;
    1086. 

  1086.     }
    1087. 

  1087.     s->pos = 0;
    1088. 

  1088.     s->len = 0;
    1089. 

  1089.     s->state = STATE_COLLECTING_DATA;
    1090. 

  1090. }
    1091. 

  1091. 

  1092. static void decode_qio_read_cmd(Flash *s)
    1093. 

  1093. {
    1094. 

  1094.     s->needed_bytes = get_addr_length(s);
    1095. 

  1095.     /* Dummy cycles modeled with bytes writes instead of bits */
    1096. 

  1096.     switch (get_man(s)) {
    1097. 

  1097.     case MAN_WINBOND:
    1098. 

  1098.         s->needed_bytes += WINBOND_CONTINUOUS_READ_MODE_CMD_LEN;
    1099. 

  1099.         s->needed_bytes += 4;
    1100. 

  1100.         break;
    1101. 

  1101.     case MAN_SPANSION:
    1102. 

  1102.         s->needed_bytes += SPANSION_CONTINUOUS_READ_MODE_CMD_LEN;
    1103. 

  1103.         s->needed_bytes += extract32(s->spansion_cr2v,
    1104. 

  1104.                                     SPANSION_DUMMY_CLK_POS,
    1105. 

  1105.                                     SPANSION_DUMMY_CLK_LEN
    1106. 

  1106.                                     );
    1107. 

  1107.         break;
    1108. 

  1108.     case MAN_NUMONYX:
    1109. 

  1109.         s->needed_bytes += numonyx_extract_cfg_num_dummies(s);
    1110. 

  1110.         break;
    1111. 

  1111.     case MAN_MACRONIX:
    1112. 

  1112.         switch (extract32(s->volatile_cfg, 6, 2)) {
    1113. 

  1113.         case 1:
    1114. 

  1114.             s->needed_bytes += 4;
    1115. 

  1115.             break;
    1116. 

  1116.         case 2:
    1117. 

  1117.             s->needed_bytes += 8;
    1118. 

  1118.             break;
    1119. 

  1119.         default:
    1120. 

  1120.             s->needed_bytes += 6;
    1121. 

  1121.             break;
    1122. 

  1122.         }
    1123. 

  1123.         break;
    1124. 

  1124.     case MAN_ISSI:
    1125. 

  1125.         /*
    1126. 

  1126.          * The Fast Read Quad I/O instruction code is followed by address bytes
    1127. 

  1127.          * and dummy cycles, transmitted via the IO3, IO2, IO1 and IO0 line.
    1128. 

  1128.          *
    1129. 

  1129.          * The number of dummy cycles is configurable but this is currently
    1130. 

  1130.          * unmodeled, hence the default value 6 is used.
    1131. 

  1131.          *
    1132. 

  1132.          * QPI (Quad Peripheral Interface) mode has different default value
    1133. 

  1133.          * of dummy cycles, but this is unsupported at the time being.
    1134. 

  1134.          */
    1135. 

  1135.         s->needed_bytes += 3;
    1136. 

  1136.         break;
    1137. 

  1137.     default:
    1138. 

  1138.         break;
    1139. 

  1139.     }
    1140. 

  1140.     s->pos = 0;
    1141. 

  1141.     s->len = 0;
    1142. 

  1142.     s->state = STATE_COLLECTING_DATA;
    1143. 

  1143. }
    1144. 

  1144. 

  1145. static bool is_valid_aai_cmd(uint32_t cmd)
    1146. 

  1146. {
    1147. 

  1147.     return cmd == AAI_WP || cmd == WRDI || cmd == RDSR;
    1148. 

  1148. }
    1149. 

  1149. 

  1150. static void decode_new_cmd(Flash *s, uint32_t value)
    1151. 

  1151. {
    1152. 

  1152.     int i;
    1153. 

  1153. 

  1154.     s->cmd_in_progress = value;
    1155. 

  1155.     trace_m25p80_command_decoded(s, value);
    1156. 

  1156. 

  1157.     if (value != RESET_MEMORY) {
    1158. 

  1158.         s->reset_enable = false;
    1159. 

  1159.     }
    1160. 

  1160. 

  1161.     if (get_man(s) == MAN_SST && s->aai_enable && !is_valid_aai_cmd(value)) {
    1162. 

  1162.         qemu_log_mask(LOG_GUEST_ERROR,
    1163. 

  1163.                       "M25P80: Invalid cmd within AAI programming sequence");
    1164. 

  1164.     }
    1165. 

  1165. 

  1166.     switch (value) {
    1167. 

  1167. 

  1168.     case ERASE_4K:
    1169. 

  1169.     case ERASE4_4K:
    1170. 

  1170.     case ERASE_32K:
    1171. 

  1171.     case ERASE4_32K:
    1172. 

  1172.     case ERASE_SECTOR:
    1173. 

  1173.     case ERASE4_SECTOR:
    1174. 

  1174.     case PP:
    1175. 

  1175.     case PP4:
    1176. 

  1176.     case DIE_ERASE:
    1177. 

  1177.     case RDID_90:
    1178. 

  1178.     case RDID_AB:
    1179. 

  1179.         s->needed_bytes = get_addr_length(s);
    1180. 

  1180.         s->pos = 0;
    1181. 

  1181.         s->len = 0;
    1182. 

  1182.         s->state = STATE_COLLECTING_DATA;
    1183. 

  1183.         break;
    1184. 

  1184.     case READ:
    1185. 

  1185.     case READ4:
    1186. 

  1186.         if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) == MODE_STD) {
    1187. 

  1187.             s->needed_bytes = get_addr_length(s);
    1188. 

  1188.             s->pos = 0;
    1189. 

  1189.             s->len = 0;
    1190. 

  1190.             s->state = STATE_COLLECTING_DATA;
    1191. 

  1191.         } else {
    1192. 

  1192.             qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
    1193. 

  1193.                           "DIO or QIO mode\n", s->cmd_in_progress);
    1194. 

  1194.         }
    1195. 

  1195.         break;
    1196. 

  1196.     case DPP:
    1197. 

  1197.         if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_QIO) {
    1198. 

  1198.             s->needed_bytes = get_addr_length(s);
    1199. 

  1199.             s->pos = 0;
    1200. 

  1200.             s->len = 0;
    1201. 

  1201.             s->state = STATE_COLLECTING_DATA;
    1202. 

  1202.         } else {
    1203. 

  1203.             qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
    1204. 

  1204.                           "QIO mode\n", s->cmd_in_progress);
    1205. 

  1205.         }
    1206. 

  1206.         break;
    1207. 

  1207.     case QPP:
    1208. 

  1208.     case QPP_4:
    1209. 

  1209.     case PP4_4:
    1210. 

  1210.         if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_DIO) {
    1211. 

  1211.             s->needed_bytes = get_addr_length(s);
    1212. 

  1212.             s->pos = 0;
    1213. 

  1213.             s->len = 0;
    1214. 

  1214.             s->state = STATE_COLLECTING_DATA;
    1215. 

  1215.         } else {
    1216. 

  1216.             qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
    1217. 

  1217.                           "DIO mode\n", s->cmd_in_progress);
    1218. 

  1218.         }
    1219. 

  1219.         break;
    1220. 

  1220. 

  1221.     case FAST_READ:
    1222. 

  1222.     case FAST_READ4:
    1223. 

  1223.         decode_fast_read_cmd(s);
    1224. 

  1224.         break;
    1225. 

  1225.     case DOR:
    1226. 

  1226.     case DOR4:
    1227. 

  1227.         if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_QIO) {
    1228. 

  1228.             decode_fast_read_cmd(s);
    1229. 

  1229.         } else {
    1230. 

  1230.             qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
    1231. 

  1231.                           "QIO mode\n", s->cmd_in_progress);
    1232. 

  1232.         }
    1233. 

  1233.         break;
    1234. 

  1234.     case QOR:
    1235. 

  1235.     case QOR4:
    1236. 

  1236.         if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_DIO) {
    1237. 

  1237.             decode_fast_read_cmd(s);
    1238. 

  1238.         } else {
    1239. 

  1239.             qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
    1240. 

  1240.                           "DIO mode\n", s->cmd_in_progress);
    1241. 

  1241.         }
    1242. 

  1242.         break;
    1243. 

  1243. 

  1244.     case DIOR:
    1245. 

  1245.     case DIOR4:
    1246. 

  1246.         if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_QIO) {
    1247. 

  1247.             decode_dio_read_cmd(s);
    1248. 

  1248.         } else {
    1249. 

  1249.             qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
    1250. 

  1250.                           "QIO mode\n", s->cmd_in_progress);
    1251. 

  1251.         }
    1252. 

  1252.         break;
    1253. 

  1253. 

  1254.     case QIOR:
    1255. 

  1255.     case QIOR4:
    1256. 

  1256.         if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_DIO) {
    1257. 

  1257.             decode_qio_read_cmd(s);
    1258. 

  1258.         } else {
    1259. 

  1259.             qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
    1260. 

  1260.                           "DIO mode\n", s->cmd_in_progress);
    1261. 

  1261.         }
    1262. 

  1262.         break;
    1263. 

  1263. 

  1264.     case WRSR:
    1265. 

  1265.         /*
    1266. 

  1266.          * If WP# is low and status_register_write_disabled is high,
    1267. 

  1267.          * status register writes are disabled.
    1268. 

  1268.          * This is also called "hardware protected mode" (HPM). All other
    1269. 

  1269.          * combinations of the two states are called "software protected mode"
    1270. 

  1270.          * (SPM), and status register writes are permitted.
    1271. 

  1271.          */
    1272. 

  1272.         if ((s->wp_level == 0 && s->status_register_write_disabled)
    1273. 

  1273.             || !s->write_enable) {
    1274. 

  1274.             qemu_log_mask(LOG_GUEST_ERROR,
    1275. 

  1275.                           "M25P80: Status register write is disabled!\n");
    1276. 

  1276.             break;
    1277. 

  1277.         }
    1278. 

  1278. 

  1279.         switch (get_man(s)) {
    1280. 

  1280.         case MAN_SPANSION:
    1281. 

  1281.             s->needed_bytes = 2;
    1282. 

  1282.             s->state = STATE_COLLECTING_DATA;
    1283. 

  1283.             break;
    1284. 

  1284.         case MAN_MACRONIX:
    1285. 

  1285.             s->needed_bytes = 2;
    1286. 

  1286.             s->state = STATE_COLLECTING_VAR_LEN_DATA;
    1287. 

  1287.             break;
    1288. 

  1288.         case MAN_WINBOND:
    1289. 

  1289.             s->needed_bytes = 2;
    1290. 

  1290.             s->state = STATE_COLLECTING_VAR_LEN_DATA;
    1291. 

  1291.             break;
    1292. 

  1292.         default:
    1293. 

  1293.             s->needed_bytes = 1;
    1294. 

  1294.             s->state = STATE_COLLECTING_DATA;
    1295. 

  1295.         }
    1296. 

  1296.         s->pos = 0;
    1297. 

  1297.         break;
    1298. 

  1298.     case WRSR2:
    1299. 

  1299.         /*
    1300. 

  1300.          * If WP# is low and status_register_write_disabled is high,
    1301. 

  1301.          * status register writes are disabled.
    1302. 

  1302.          * This is also called "hardware protected mode" (HPM). All other
    1303. 

  1303.          * combinations of the two states are called "software protected mode"
    1304. 

  1304.          * (SPM), and status register writes are permitted.
    1305. 

  1305.          */
    1306. 

  1306.         if ((s->wp_level == 0 && s->status_register_write_disabled)
    1307. 

  1307.             || !s->write_enable) {
    1308. 

  1308.             qemu_log_mask(LOG_GUEST_ERROR,
    1309. 

  1309.                           "M25P80: Status register 2 write is disabled!\n");
    1310. 

  1310.             break;
    1311. 

  1311.         }
    1312. 

  1312. 

  1313.         switch (get_man(s)) {
    1314. 

  1314.         case MAN_WINBOND:
    1315. 

  1315.             s->needed_bytes = 1;
    1316. 

  1316.             s->state = STATE_COLLECTING_DATA;
    1317. 

  1317.             s->pos = 0;
    1318. 

  1318.             break;
    1319. 

  1319.         default:
    1320. 

  1320.             break;
    1321. 

  1321.         }
    1322. 

  1322.         break;
    1323. 

  1323.     case WRDI:
    1324. 

  1324.         s->write_enable = false;
    1325. 

  1325.         if (get_man(s) == MAN_SST) {
    1326. 

  1326.             s->aai_enable = false;
    1327. 

  1327.         }
    1328. 

  1328.         break;
    1329. 

  1329.     case WREN:
    1330. 

  1330.         s->write_enable = true;
    1331. 

  1331.         break;
    1332. 

  1332. 

  1333.     case RDSR:
    1334. 

  1334.         s->data[0] = (!!s->write_enable) << 1;
    1335. 

  1335.         s->data[0] |= (!!s->status_register_write_disabled) << 7;
    1336. 

  1336.         s->data[0] |= (!!s->block_protect0) << 2;
    1337. 

  1337.         s->data[0] |= (!!s->block_protect1) << 3;
    1338. 

  1338.         s->data[0] |= (!!s->block_protect2) << 4;
    1339. 

  1339.         if (s->pi->flags & HAS_SR_TB) {
    1340. 

  1340.             s->data[0] |= (!!s->top_bottom_bit) << 5;
    1341. 

  1341.         }
    1342. 

  1342.         if (s->pi->flags & HAS_SR_BP3_BIT6) {
    1343. 

  1343.             s->data[0] |= (!!s->block_protect3) << 6;
    1344. 

  1344.         }
    1345. 

  1345. 

  1346.         if (get_man(s) == MAN_MACRONIX || get_man(s) == MAN_ISSI) {
    1347. 

  1347.             s->data[0] |= (!!s->quad_enable) << 6;
    1348. 

  1348.         }
    1349. 

  1349.         if (get_man(s) == MAN_SST) {
    1350. 

  1350.             s->data[0] |= (!!s->aai_enable) << 6;
    1351. 

  1351.         }
    1352. 

  1352. 

  1353.         s->pos = 0;
    1354. 

  1354.         s->len = 1;
    1355. 

  1355.         s->data_read_loop = true;
    1356. 

  1356.         s->state = STATE_READING_DATA;
    1357. 

  1357.         break;
    1358. 

  1358. 

  1359.     case READ_FSR:
    1360. 

  1360.         s->data[0] = FSR_FLASH_READY;
    1361. 

  1361.         if (s->four_bytes_address_mode) {
    1362. 

  1362.             s->data[0] |= FSR_4BYTE_ADDR_MODE_ENABLED;
    1363. 

  1363.         }
    1364. 

  1364.         s->pos = 0;
    1365. 

  1365.         s->len = 1;
    1366. 

  1366.         s->data_read_loop = true;
    1367. 

  1367.         s->state = STATE_READING_DATA;
    1368. 

  1368.         break;
    1369. 

  1369. 

  1370.     case JEDEC_READ:
    1371. 

  1371.         if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) == MODE_STD) {
    1372. 

  1372.             trace_m25p80_populated_jedec(s);
    1373. 

  1373.             for (i = 0; i < s->pi->id_len; i++) {
    1374. 

  1374.                 s->data[i] = s->pi->id[i];
    1375. 

  1375.             }
    1376. 

  1376.             for (; i < SPI_NOR_MAX_ID_LEN; i++) {
    1377. 

  1377.                 s->data[i] = 0;
    1378. 

  1378.             }
    1379. 

  1379. 

  1380.             s->len = SPI_NOR_MAX_ID_LEN;
    1381. 

  1381.             s->pos = 0;
    1382. 

  1382.             s->state = STATE_READING_DATA;
    1383. 

  1383.         } else {
    1384. 

  1384.             qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute JEDEC read "
    1385. 

  1385.                           "in DIO or QIO mode\n");
    1386. 

  1386.         }
    1387. 

  1387.         break;
    1388. 

  1388. 

  1389.     case RDCR:
    1390. 

  1390.         s->data[0] = s->volatile_cfg & 0xFF;
    1391. 

  1391.         s->data[0] |= (!!s->four_bytes_address_mode) << 5;
    1392. 

  1392.         s->pos = 0;
    1393. 

  1393.         s->len = 1;
    1394. 

  1394.         s->state = STATE_READING_DATA;
    1395. 

  1395.         break;
    1396. 

  1396. 

  1397.     case BULK_ERASE_60:
    1398. 

  1398.     case BULK_ERASE:
    1399. 

  1399.         if (s->write_enable) {
    1400. 

  1400.             trace_m25p80_chip_erase(s);
    1401. 

  1401.             flash_erase(s, 0, BULK_ERASE);
    1402. 

  1402.         } else {
    1403. 

  1403.             qemu_log_mask(LOG_GUEST_ERROR, "M25P80: chip erase with write "
    1404. 

  1404.                           "protect!\n");
    1405. 

  1405.         }
    1406. 

  1406.         break;
    1407. 

  1407.     case NOP:
    1408. 

  1408.         break;
    1409. 

  1409.     case EN_4BYTE_ADDR:
    1410. 

  1410.         s->four_bytes_address_mode = true;
    1411. 

  1411.         break;
    1412. 

  1412.     case EX_4BYTE_ADDR:
    1413. 

  1413.         s->four_bytes_address_mode = false;
    1414. 

  1414.         break;
    1415. 

  1415.     case BRRD:
    1416. 

  1416.     case EXTEND_ADDR_READ:
    1417. 

  1417.         s->data[0] = s->ear;
    1418. 

  1418.         s->pos = 0;
    1419. 

  1419.         s->len = 1;
    1420. 

  1420.         s->state = STATE_READING_DATA;
    1421. 

  1421.         break;
    1422. 

  1422.     case BRWR:
    1423. 

  1423.     case EXTEND_ADDR_WRITE:
    1424. 

  1424.         if (s->write_enable) {
    1425. 

  1425.             s->needed_bytes = 1;
    1426. 

  1426.             s->pos = 0;
    1427. 

  1427.             s->len = 0;
    1428. 

  1428.             s->state = STATE_COLLECTING_DATA;
    1429. 

  1429.         }
    1430. 

  1430.         break;
    1431. 

  1431.     case RNVCR:
    1432. 

  1432.         s->data[0] = s->nonvolatile_cfg & 0xFF;
    1433. 

  1433.         s->data[1] = (s->nonvolatile_cfg >> 8) & 0xFF;
    1434. 

  1434.         s->pos = 0;
    1435. 

  1435.         s->len = 2;
    1436. 

  1436.         s->state = STATE_READING_DATA;
    1437. 

  1437.         break;
    1438. 

  1438.     case WNVCR:
    1439. 

  1439.         if (s->write_enable && get_man(s) == MAN_NUMONYX) {
    1440. 

  1440.             s->needed_bytes = 2;
    1441. 

  1441.             s->pos = 0;
    1442. 

  1442.             s->len = 0;
    1443. 

  1443.             s->state = STATE_COLLECTING_DATA;
    1444. 

  1444.         }
    1445. 

  1445.         break;
    1446. 

  1446.     case RVCR:
    1447. 

  1447.         s->data[0] = s->volatile_cfg & 0xFF;
    1448. 

  1448.         s->pos = 0;
    1449. 

  1449.         s->len = 1;
    1450. 

  1450.         s->state = STATE_READING_DATA;
    1451. 

  1451.         break;
    1452. 

  1452.     case WVCR:
    1453. 

  1453.         if (s->write_enable) {
    1454. 

  1454.             s->needed_bytes = 1;
    1455. 

  1455.             s->pos = 0;
    1456. 

  1456.             s->len = 0;
    1457. 

  1457.             s->state = STATE_COLLECTING_DATA;
    1458. 

  1458.         }
    1459. 

  1459.         break;
    1460. 

  1460.     case REVCR:
    1461. 

  1461.         s->data[0] = s->enh_volatile_cfg & 0xFF;
    1462. 

  1462.         s->pos = 0;
    1463. 

  1463.         s->len = 1;
    1464. 

  1464.         s->state = STATE_READING_DATA;
    1465. 

  1465.         break;
    1466. 

  1466.     case WEVCR:
    1467. 

  1467.         if (s->write_enable) {
    1468. 

  1468.             s->needed_bytes = 1;
    1469. 

  1469.             s->pos = 0;
    1470. 

  1470.             s->len = 0;
    1471. 

  1471.             s->state = STATE_COLLECTING_DATA;
    1472. 

  1472.         }
    1473. 

  1473.         break;
    1474. 

  1474.     case RESET_ENABLE:
    1475. 

  1475.         s->reset_enable = true;
    1476. 

  1476.         break;
    1477. 

  1477.     case RESET_MEMORY:
    1478. 

  1478.         if (s->reset_enable) {
    1479. 

  1479.             reset_memory(s);
    1480. 

  1480.         }
    1481. 

  1481.         break;
    1482. 

  1482.     case RDCR_EQIO:
    1483. 

  1483.         switch (get_man(s)) {
    1484. 

  1484.         case MAN_SPANSION:
    1485. 

  1485.             s->data[0] = (!!s->quad_enable) << 1;
    1486. 

  1486.             s->pos = 0;
    1487. 

  1487.             s->len = 1;
    1488. 

  1488.             s->state = STATE_READING_DATA;
    1489. 

  1489.             break;
    1490. 

  1490.         case MAN_MACRONIX:
    1491. 

  1491.             s->quad_enable = true;
    1492. 

  1492.             break;
    1493. 

  1493.         case MAN_WINBOND:
    1494. 

  1494.             s->data[0] = (!!s->quad_enable) << 1;
    1495. 

  1495.             s->pos = 0;
    1496. 

  1496.             s->len = 1;
    1497. 

  1497.             s->state = STATE_READING_DATA;
    1498. 

  1498.             break;
    1499. 

  1499.         default:
    1500. 

  1500.             break;
    1501. 

  1501.         }
    1502. 

  1502.         break;
    1503. 

  1503.     case RSTQIO:
    1504. 

  1504.         s->quad_enable = false;
    1505. 

  1505.         break;
    1506. 

  1506.     case AAI_WP:
    1507. 

  1507.         if (get_man(s) == MAN_SST) {
    1508. 

  1508.             if (s->write_enable) {
    1509. 

  1509.                 if (s->aai_enable) {
    1510. 

  1510.                     s->state = STATE_PAGE_PROGRAM;
    1511. 

  1511.                 } else {
    1512. 

  1512.                     s->aai_enable = true;
    1513. 

  1513.                     s->needed_bytes = get_addr_length(s);
    1514. 

  1514.                     s->state = STATE_COLLECTING_DATA;
    1515. 

  1515.                 }
    1516. 

  1516.             } else {
    1517. 

  1517.                 qemu_log_mask(LOG_GUEST_ERROR,
    1518. 

  1518.                               "M25P80: AAI_WP with write protect\n");
    1519. 

  1519.             }
    1520. 

  1520.         } else {
    1521. 

  1521.             qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value);
    1522. 

  1522.         }
    1523. 

  1523.         break;
    1524. 

  1524.     case RDSFDP:
    1525. 

  1525.         if (s->pi->sfdp_read) {
    1526. 

  1526.             s->needed_bytes = get_addr_length(s) + 1; /* SFDP addr + dummy */
    1527. 

  1527.             s->pos = 0;
    1528. 

  1528.             s->len = 0;
    1529. 

  1529.             s->state = STATE_COLLECTING_DATA;
    1530. 

  1530.             break;
    1531. 

  1531.         }
    1532. 

  1532.         /* Fallthrough */
    1533. 

  1533. 

  1534.     default:
    1535. 

  1535.         s->pos = 0;
    1536. 

  1536.         s->len = 1;
    1537. 

  1537.         s->state = STATE_READING_DATA;
    1538. 

  1538.         s->data_read_loop = true;
    1539. 

  1539.         s->data[0] = 0;
    1540. 

  1540.         qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value);
    1541. 

  1541.         break;
    1542. 

  1542.     }
    1543. 

  1543. }
    1544. 

  1544. 

  1545. static int m25p80_cs(SSIPeripheral *ss, bool select)
    1546. 

  1546. {
    1547. 

  1547.     Flash *s = M25P80(ss);
    1548. 

  1548. 

  1549.     if (select) {
    1550. 

  1550.         if (s->state == STATE_COLLECTING_VAR_LEN_DATA) {
    1551. 

  1551.             complete_collecting_data(s);
    1552. 

  1552.         }
    1553. 

  1553.         s->len = 0;
    1554. 

  1554.         s->pos = 0;
    1555. 

  1555.         s->state = STATE_IDLE;
    1556. 

  1556.         flash_sync_dirty(s, -1);
    1557. 

  1557.         s->data_read_loop = false;
    1558. 

  1558.     }
    1559. 

  1559. 

  1560.     trace_m25p80_select(s, select ? "de" : "");
    1561. 

  1561. 

  1562.     return 0;
    1563. 

  1563. }
    1564. 

  1564. 

  1565. static uint32_t m25p80_transfer8(SSIPeripheral *ss, uint32_t tx)
    1566. 

  1566. {
    1567. 

  1567.     Flash *s = M25P80(ss);
    1568. 

  1568.     uint32_t r = 0;
    1569. 

  1569. 

  1570.     trace_m25p80_transfer(s, s->state, s->len, s->needed_bytes, s->pos,
    1571. 

  1571.                           s->cur_addr, (uint8_t)tx);
    1572. 

  1572. 

  1573.     switch (s->state) {
    1574. 

  1574. 

  1575.     case STATE_PAGE_PROGRAM:
    1576. 

  1576.         trace_m25p80_page_program(s, s->cur_addr, (uint8_t)tx);
    1577. 

  1577.         flash_write8(s, s->cur_addr, (uint8_t)tx);
    1578. 

  1578.         s->cur_addr = (s->cur_addr + 1) & (s->size - 1);
    1579. 

  1579. 

  1580.         if (get_man(s) == MAN_SST && s->aai_enable && s->cur_addr == 0) {
    1581. 

  1581.             /*
    1582. 

  1582.              * There is no wrap mode during AAI programming once the highest
    1583. 

  1583.              * unprotected memory address is reached. The Write-Enable-Latch
    1584. 

  1584.              * bit is automatically reset, and AAI programming mode aborts.
    1585. 

  1585.              */
    1586. 

  1586.             s->write_enable = false;
    1587. 

  1587.             s->aai_enable = false;
    1588. 

  1588.         }
    1589. 

  1589. 

  1590.         break;
    1591. 

  1591. 

  1592.     case STATE_READ:
    1593. 

  1593.         r = s->storage[s->cur_addr];
    1594. 

  1594.         trace_m25p80_read_byte(s, s->cur_addr, (uint8_t)r);
    1595. 

  1595.         s->cur_addr = (s->cur_addr + 1) & (s->size - 1);
    1596. 

  1596.         break;
    1597. 

  1597. 

  1598.     case STATE_COLLECTING_DATA:
    1599. 

  1599.     case STATE_COLLECTING_VAR_LEN_DATA:
    1600. 

  1600. 

  1601.         if (s->len >= M25P80_INTERNAL_DATA_BUFFER_SZ) {
    1602. 

  1602.             qemu_log_mask(LOG_GUEST_ERROR,
    1603. 

  1603.                           "M25P80: Write overrun internal data buffer. "
    1604. 

  1604.                           "SPI controller (QEMU emulator or guest driver) "
    1605. 

  1605.                           "is misbehaving\n");
    1606. 

  1606.             s->len = s->pos = 0;
    1607. 

  1607.             s->state = STATE_IDLE;
    1608. 

  1608.             break;
    1609. 

  1609.         }
    1610. 

  1610. 

  1611.         s->data[s->len] = (uint8_t)tx;
    1612. 

  1612.         s->len++;
    1613. 

  1613. 

  1614.         if (s->len == s->needed_bytes) {
    1615. 

  1615.             complete_collecting_data(s);
    1616. 

  1616.         }
    1617. 

  1617.         break;
    1618. 

  1618. 

  1619.     case STATE_READING_DATA:
    1620. 

  1620. 

  1621.         if (s->pos >= M25P80_INTERNAL_DATA_BUFFER_SZ) {
    1622. 

  1622.             qemu_log_mask(LOG_GUEST_ERROR,
    1623. 

  1623.                           "M25P80: Read overrun internal data buffer. "
    1624. 

  1624.                           "SPI controller (QEMU emulator or guest driver) "
    1625. 

  1625.                           "is misbehaving\n");
    1626. 

  1626.             s->len = s->pos = 0;
    1627. 

  1627.             s->state = STATE_IDLE;
    1628. 

  1628.             break;
    1629. 

  1629.         }
    1630. 

  1630. 

  1631.         r = s->data[s->pos];
    1632. 

  1632.         trace_m25p80_read_data(s, s->pos, (uint8_t)r);
    1633. 

  1633.         s->pos++;
    1634. 

  1634.         if (s->pos == s->len) {
    1635. 

  1635.             s->pos = 0;
    1636. 

  1636.             if (!s->data_read_loop) {
    1637. 

  1637.                 s->state = STATE_IDLE;
    1638. 

  1638.             }
    1639. 

  1639.         }
    1640. 

  1640.         break;
    1641. 

  1641.     case STATE_READING_SFDP:
    1642. 

  1642.         assert(s->pi->sfdp_read);
    1643. 

  1643.         r = s->pi->sfdp_read(s->cur_addr);
    1644. 

  1644.         trace_m25p80_read_sfdp(s, s->cur_addr, (uint8_t)r);
    1645. 

  1645.         s->cur_addr = (s->cur_addr + 1) & (M25P80_SFDP_MAX_SIZE - 1);
    1646. 

  1646.         break;
    1647. 

  1647. 

  1648.     default:
    1649. 

  1649.     case STATE_IDLE:
    1650. 

  1650.         decode_new_cmd(s, (uint8_t)tx);
    1651. 

  1651.         break;
    1652. 

  1652.     }
    1653. 

  1653. 

  1654.     return r;
    1655. 

  1655. }
    1656. 

  1656. 

  1657. static void m25p80_write_protect_pin_irq_handler(void *opaque, int n, int level)
    1658. 

  1658. {
    1659. 

  1659.     Flash *s = M25P80(opaque);
    1660. 

  1660.     /* WP# is just a single pin. */
    1661. 

  1661.     assert(n == 0);
    1662. 

  1662.     s->wp_level = !!level;
    1663. 

  1663. }
    1664. 

  1664. 

  1665. static void m25p80_realize(SSIPeripheral *ss, Error **errp)
    1666. 

  1666. {
    1667. 

  1667.     Flash *s = M25P80(ss);
    1668. 

  1668.     M25P80Class *mc = M25P80_GET_CLASS(s);
    1669. 

  1669.     int ret;
    1670. 

  1670. 

  1671.     s->pi = mc->pi;
    1672. 

  1672. 

  1673.     s->size = s->pi->sector_size * s->pi->n_sectors;
    1674. 

  1674.     s->dirty_page = -1;
    1675. 

  1675. 

  1676.     if (s->blk) {
    1677. 

  1677.         uint64_t perm = BLK_PERM_CONSISTENT_READ |
    1678. 

  1678.                         (blk_supports_write_perm(s->blk) ? BLK_PERM_WRITE : 0);
    1679. 

  1679.         ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp);
    1680. 

  1680.         if (ret < 0) {
    1681. 

  1681.             return;
    1682. 

  1682.         }
    1683. 

  1683. 

  1684.         trace_m25p80_binding(s);
    1685. 

  1685.         s->storage = blk_blockalign(s->blk, s->size);
    1686. 

  1686. 

  1687.         if (!blk_check_size_and_read_all(s->blk, DEVICE(s),
    1688. 

  1688.                                          s->storage, s->size, errp)) {
    1689. 

  1689.             return;
    1690. 

  1690.         }
    1691. 

  1691.     } else {
    1692. 

  1692.         trace_m25p80_binding_no_bdrv(s);
    1693. 

  1693.         s->storage = blk_blockalign(NULL, s->size);
    1694. 

  1694.         memset(s->storage, 0xFF, s->size);
    1695. 

  1695.     }
    1696. 

  1696. 

  1697.     qdev_init_gpio_in_named(DEVICE(s),
    1698. 

  1698.                             m25p80_write_protect_pin_irq_handler, "WP#", 1);
    1699. 

  1699. }
    1700. 

  1700. 

  1701. static void m25p80_reset(DeviceState *d)
    1702. 

  1702. {
    1703. 

  1703.     Flash *s = M25P80(d);
    1704. 

  1704. 

  1705.     s->wp_level = true;
    1706. 

  1706.     s->status_register_write_disabled = false;
    1707. 

  1707.     s->block_protect0 = false;
    1708. 

  1708.     s->block_protect1 = false;
    1709. 

  1709.     s->block_protect2 = false;
    1710. 

  1710.     s->block_protect3 = false;
    1711. 

  1711.     s->top_bottom_bit = false;
    1712. 

  1712. 

  1713.     reset_memory(s);
    1714. 

  1714. }
    1715. 

  1715. 

  1716. static int m25p80_pre_save(void *opaque)
    1717. 

  1717. {
    1718. 

  1718.     flash_sync_dirty((Flash *)opaque, -1);
    1719. 

  1719. 

  1720.     return 0;
    1721. 

  1721. }
    1722. 

  1722. 

  1723. static const Property m25p80_properties[] = {
    1724. 

  1724.     /* This is default value for Micron flash */
    1725. 

  1725.     DEFINE_PROP_BOOL("write-enable", Flash, write_enable, false),
    1726. 

  1726.     DEFINE_PROP_UINT32("nonvolatile-cfg", Flash, nonvolatile_cfg, 0x8FFF),
    1727. 

  1727.     DEFINE_PROP_UINT8("spansion-cr1nv", Flash, spansion_cr1nv, 0x0),
    1728. 

  1728.     DEFINE_PROP_UINT8("spansion-cr2nv", Flash, spansion_cr2nv, 0x8),
    1729. 

  1729.     DEFINE_PROP_UINT8("spansion-cr3nv", Flash, spansion_cr3nv, 0x2),
    1730. 

  1730.     DEFINE_PROP_UINT8("spansion-cr4nv", Flash, spansion_cr4nv, 0x10),
    1731. 

  1731.     DEFINE_PROP_DRIVE("drive", Flash, blk),
    1732. 

  1732. };
    1733. 

  1733. 

  1734. static int m25p80_pre_load(void *opaque)
    1735. 

  1735. {
    1736. 

  1736.     Flash *s = (Flash *)opaque;
    1737. 

  1737. 

  1738.     s->data_read_loop = false;
    1739. 

  1739.     return 0;
    1740. 

  1740. }
    1741. 

  1741. 

  1742. static bool m25p80_data_read_loop_needed(void *opaque)
    1743. 

  1743. {
    1744. 

  1744.     Flash *s = (Flash *)opaque;
    1745. 

  1745. 

  1746.     return s->data_read_loop;
    1747. 

  1747. }
    1748. 

  1748. 

  1749. static const VMStateDescription vmstate_m25p80_data_read_loop = {
    1750. 

  1750.     .name = "m25p80/data_read_loop",
    1751. 

  1751.     .version_id = 1,
    1752. 

  1752.     .minimum_version_id = 1,
    1753. 

  1753.     .needed = m25p80_data_read_loop_needed,
    1754. 

  1754.     .fields = (const VMStateField[]) {
    1755. 

  1755.         VMSTATE_BOOL(data_read_loop, Flash),
    1756. 

  1756.         VMSTATE_END_OF_LIST()
    1757. 

  1757.     }
    1758. 

  1758. };
    1759. 

  1759. 

  1760. static bool m25p80_aai_enable_needed(void *opaque)
    1761. 

  1761. {
    1762. 

  1762.     Flash *s = (Flash *)opaque;
    1763. 

  1763. 

  1764.     return s->aai_enable;
    1765. 

  1765. }
    1766. 

  1766. 

  1767. static const VMStateDescription vmstate_m25p80_aai_enable = {
    1768. 

  1768.     .name = "m25p80/aai_enable",
    1769. 

  1769.     .version_id = 1,
    1770. 

  1770.     .minimum_version_id = 1,
    1771. 

  1771.     .needed = m25p80_aai_enable_needed,
    1772. 

  1772.     .fields = (const VMStateField[]) {
    1773. 

  1773.         VMSTATE_BOOL(aai_enable, Flash),
    1774. 

  1774.         VMSTATE_END_OF_LIST()
    1775. 

  1775.     }
    1776. 

  1776. };
    1777. 

  1777. 

  1778. static bool m25p80_wp_level_srwd_needed(void *opaque)
    1779. 

  1779. {
    1780. 

  1780.     Flash *s = (Flash *)opaque;
    1781. 

  1781. 

  1782.     return !s->wp_level || s->status_register_write_disabled;
    1783. 

  1783. }
    1784. 

  1784. 

  1785. static const VMStateDescription vmstate_m25p80_write_protect = {
    1786. 

  1786.     .name = "m25p80/write_protect",
    1787. 

  1787.     .version_id = 1,
    1788. 

  1788.     .minimum_version_id = 1,
    1789. 

  1789.     .needed = m25p80_wp_level_srwd_needed,
    1790. 

  1790.     .fields = (const VMStateField[]) {
    1791. 

  1791.         VMSTATE_BOOL(wp_level, Flash),
    1792. 

  1792.         VMSTATE_BOOL(status_register_write_disabled, Flash),
    1793. 

  1793.         VMSTATE_END_OF_LIST()
    1794. 

  1794.     }
    1795. 

  1795. };
    1796. 

  1796. 

  1797. static bool m25p80_block_protect_needed(void *opaque)
    1798. 

  1798. {
    1799. 

  1799.     Flash *s = (Flash *)opaque;
    1800. 

  1800. 

  1801.     return s->block_protect0 ||
    1802. 

  1802.            s->block_protect1 ||
    1803. 

  1803.            s->block_protect2 ||
    1804. 

  1804.            s->block_protect3 ||
    1805. 

  1805.            s->top_bottom_bit;
    1806. 

  1806. }
    1807. 

  1807. 

  1808. static const VMStateDescription vmstate_m25p80_block_protect = {
    1809. 

  1809.     .name = "m25p80/block_protect",
    1810. 

  1810.     .version_id = 1,
    1811. 

  1811.     .minimum_version_id = 1,
    1812. 

  1812.     .needed = m25p80_block_protect_needed,
    1813. 

  1813.     .fields = (const VMStateField[]) {
    1814. 

  1814.         VMSTATE_BOOL(block_protect0, Flash),
    1815. 

  1815.         VMSTATE_BOOL(block_protect1, Flash),
    1816. 

  1816.         VMSTATE_BOOL(block_protect2, Flash),
    1817. 

  1817.         VMSTATE_BOOL(block_protect3, Flash),
    1818. 

  1818.         VMSTATE_BOOL(top_bottom_bit, Flash),
    1819. 

  1819.         VMSTATE_END_OF_LIST()
    1820. 

  1820.     }
    1821. 

  1821. };
    1822. 

  1822. 

  1823. static const VMStateDescription vmstate_m25p80 = {
    1824. 

  1824.     .name = "m25p80",
    1825. 

  1825.     .version_id = 0,
    1826. 

  1826.     .minimum_version_id = 0,
    1827. 

  1827.     .pre_save = m25p80_pre_save,
    1828. 

  1828.     .pre_load = m25p80_pre_load,
    1829. 

  1829.     .fields = (const VMStateField[]) {
    1830. 

  1830.         VMSTATE_UINT8(state, Flash),
    1831. 

  1831.         VMSTATE_UINT8_ARRAY(data, Flash, M25P80_INTERNAL_DATA_BUFFER_SZ),
    1832. 

  1832.         VMSTATE_UINT32(len, Flash),
    1833. 

  1833.         VMSTATE_UINT32(pos, Flash),
    1834. 

  1834.         VMSTATE_UINT8(needed_bytes, Flash),
    1835. 

  1835.         VMSTATE_UINT8(cmd_in_progress, Flash),
    1836. 

  1836.         VMSTATE_UINT32(cur_addr, Flash),
    1837. 

  1837.         VMSTATE_BOOL(write_enable, Flash),
    1838. 

  1838.         VMSTATE_BOOL(reset_enable, Flash),
    1839. 

  1839.         VMSTATE_UINT8(ear, Flash),
    1840. 

  1840.         VMSTATE_BOOL(four_bytes_address_mode, Flash),
    1841. 

  1841.         VMSTATE_UINT32(nonvolatile_cfg, Flash),
    1842. 

  1842.         VMSTATE_UINT32(volatile_cfg, Flash),
    1843. 

  1843.         VMSTATE_UINT32(enh_volatile_cfg, Flash),
    1844. 

  1844.         VMSTATE_BOOL(quad_enable, Flash),
    1845. 

  1845.         VMSTATE_UINT8(spansion_cr1nv, Flash),
    1846. 

  1846.         VMSTATE_UINT8(spansion_cr2nv, Flash),
    1847. 

  1847.         VMSTATE_UINT8(spansion_cr3nv, Flash),
    1848. 

  1848.         VMSTATE_UINT8(spansion_cr4nv, Flash),
    1849. 

  1849.         VMSTATE_END_OF_LIST()
    1850. 

  1850.     },
    1851. 

  1851.     .subsections = (const VMStateDescription * const []) {
    1852. 

  1852.         &vmstate_m25p80_data_read_loop,
    1853. 

  1853.         &vmstate_m25p80_aai_enable,
    1854. 

  1854.         &vmstate_m25p80_write_protect,
    1855. 

  1855.         &vmstate_m25p80_block_protect,
    1856. 

  1856.         NULL
    1857. 

  1857.     }
    1858. 

  1858. };
    1859. 

  1859. 

  1860. static void m25p80_class_init(ObjectClass *klass, void *data)
    1861. 

  1861. {
    1862. 

  1862.     DeviceClass *dc = DEVICE_CLASS(klass);
    1863. 

  1863.     SSIPeripheralClass *k = SSI_PERIPHERAL_CLASS(klass);
    1864. 

  1864.     M25P80Class *mc = M25P80_CLASS(klass);
    1865. 

  1865. 

  1866.     k->realize = m25p80_realize;
    1867. 

  1867.     k->transfer = m25p80_transfer8;
    1868. 

  1868.     k->set_cs = m25p80_cs;
    1869. 

  1869.     k->cs_polarity = SSI_CS_LOW;
    1870. 

  1870.     dc->vmsd = &vmstate_m25p80;
    1871. 

  1871.     device_class_set_props(dc, m25p80_properties);
    1872. 

  1872.     device_class_set_legacy_reset(dc, m25p80_reset);
    1873. 

  1873.     set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
    1874. 

  1874.     mc->pi = data;
    1875. 

  1875.     dc->desc = "Serial Flash";
    1876. 

  1876. }
    1877. 

  1877. 

  1878. static const TypeInfo m25p80_info = {
    1879. 

  1879.     .name           = TYPE_M25P80,
    1880. 

  1880.     .parent         = TYPE_SSI_PERIPHERAL,
    1881. 

  1881.     .instance_size  = sizeof(Flash),
    1882. 

  1882.     .class_size     = sizeof(M25P80Class),
    1883. 

  1883.     .abstract       = true,
    1884. 

  1884. };
    1885. 

  1885. 

  1886. static void m25p80_register_types(void)
    1887. 

  1887. {
    1888. 

  1888.     int i;
    1889. 

  1889. 

  1890.     type_register_static(&m25p80_info);
    1891. 

  1891.     for (i = 0; i < ARRAY_SIZE(known_devices); ++i) {
    1892. 

  1892.         const TypeInfo ti = {
    1893. 

  1893.             .name       = known_devices[i].part_name,
    1894. 

  1894.             .parent     = TYPE_M25P80,
    1895. 

  1895.             .class_init = m25p80_class_init,
    1896. 

  1896.             .class_data = (void *)&known_devices[i],
    1897. 

  1897.         };
    1898. 

  1898.         type_register_static(&ti);
    1899. 

  1899.     }
    1900. 

  1900. }
    1901. 

  1901. 

  1902. type_init(m25p80_register_types)
    1903. 

  1903. 

  1904. BlockBackend *m25p80_get_blk(DeviceState *dev)
    1905. 

  1905. {
    1906. 

  1906.     return M25P80(dev)->blk;
    1907. 

  1907. }
    1908.