pflash_cfi01.c 34 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052
  1. /*
  2. * CFI parallel flash with Intel command set emulation
  3. *
  4. * Copyright (c) 2006 Thorsten Zitterell
  5. * Copyright (c) 2005 Jocelyn Mayer
  6. *
  7. * This library is free software; you can redistribute it and/or
  8. * modify it under the terms of the GNU Lesser General Public
  9. * License as published by the Free Software Foundation; either
  10. * version 2.1 of the License, or (at your option) any later version.
  11. *
  12. * This library is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  15. * Lesser General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU Lesser General Public
  18. * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  19. */
  20. /*
  21. * For now, this code can emulate flashes of 1, 2 or 4 bytes width.
  22. * Supported commands/modes are:
  23. * - flash read
  24. * - flash write
  25. * - flash ID read
  26. * - sector erase
  27. * - CFI queries
  28. *
  29. * It does not support timings
  30. * It does not support flash interleaving
  31. * It does not implement software data protection as found in many real chips
  32. * It does not implement erase suspend/resume commands
  33. * It does not implement multiple sectors erase
  34. *
  35. * It does not implement much more ...
  36. */
  37. #include "qemu/osdep.h"
  38. #include "hw/block/block.h"
  39. #include "hw/block/flash.h"
  40. #include "hw/qdev-properties.h"
  41. #include "hw/qdev-properties-system.h"
  42. #include "sysemu/block-backend.h"
  43. #include "qapi/error.h"
  44. #include "qemu/error-report.h"
  45. #include "qemu/bitops.h"
  46. #include "qemu/host-utils.h"
  47. #include "qemu/log.h"
  48. #include "qemu/module.h"
  49. #include "qemu/option.h"
  50. #include "hw/sysbus.h"
  51. #include "migration/vmstate.h"
  52. #include "sysemu/blockdev.h"
  53. #include "sysemu/runstate.h"
  54. #include "trace.h"
  55. #define PFLASH_BE 0
  56. #define PFLASH_SECURE 1
  57. struct PFlashCFI01 {
  58. /*< private >*/
  59. SysBusDevice parent_obj;
  60. /*< public >*/
  61. BlockBackend *blk;
  62. uint32_t nb_blocs;
  63. uint64_t sector_len;
  64. uint8_t bank_width;
  65. uint8_t device_width; /* If 0, device width not specified. */
  66. uint8_t max_device_width; /* max device width in bytes */
  67. uint32_t features;
  68. uint8_t wcycle; /* if 0, the flash is read normally */
  69. bool ro;
  70. uint8_t cmd;
  71. uint8_t status;
  72. uint16_t ident0;
  73. uint16_t ident1;
  74. uint16_t ident2;
  75. uint16_t ident3;
  76. uint8_t cfi_table[0x52];
  77. uint64_t counter;
  78. uint32_t writeblock_size;
  79. MemoryRegion mem;
  80. char *name;
  81. void *storage;
  82. VMChangeStateEntry *vmstate;
  83. bool old_multiple_chip_handling;
  84. /* block update buffer */
  85. unsigned char *blk_bytes;
  86. uint32_t blk_offset;
  87. };
  88. static int pflash_post_load(void *opaque, int version_id);
  89. static bool pflash_blk_write_state_needed(void *opaque)
  90. {
  91. PFlashCFI01 *pfl = opaque;
  92. return (pfl->blk_offset != -1);
  93. }
  94. static const VMStateDescription vmstate_pflash_blk_write = {
  95. .name = "pflash_cfi01_blk_write",
  96. .version_id = 1,
  97. .minimum_version_id = 1,
  98. .needed = pflash_blk_write_state_needed,
  99. .fields = (const VMStateField[]) {
  100. VMSTATE_VBUFFER_UINT32(blk_bytes, PFlashCFI01, 0, NULL, writeblock_size),
  101. VMSTATE_UINT32(blk_offset, PFlashCFI01),
  102. VMSTATE_END_OF_LIST()
  103. }
  104. };
  105. static const VMStateDescription vmstate_pflash = {
  106. .name = "pflash_cfi01",
  107. .version_id = 1,
  108. .minimum_version_id = 1,
  109. .post_load = pflash_post_load,
  110. .fields = (const VMStateField[]) {
  111. VMSTATE_UINT8(wcycle, PFlashCFI01),
  112. VMSTATE_UINT8(cmd, PFlashCFI01),
  113. VMSTATE_UINT8(status, PFlashCFI01),
  114. VMSTATE_UINT64(counter, PFlashCFI01),
  115. VMSTATE_END_OF_LIST()
  116. },
  117. .subsections = (const VMStateDescription * const []) {
  118. &vmstate_pflash_blk_write,
  119. NULL
  120. }
  121. };
  122. /*
  123. * Perform a CFI query based on the bank width of the flash.
  124. * If this code is called we know we have a device_width set for
  125. * this flash.
  126. */
  127. static uint32_t pflash_cfi_query(PFlashCFI01 *pfl, hwaddr offset)
  128. {
  129. int i;
  130. uint32_t resp = 0;
  131. hwaddr boff;
  132. /*
  133. * Adjust incoming offset to match expected device-width
  134. * addressing. CFI query addresses are always specified in terms of
  135. * the maximum supported width of the device. This means that x8
  136. * devices and x8/x16 devices in x8 mode behave differently. For
  137. * devices that are not used at their max width, we will be
  138. * provided with addresses that use higher address bits than
  139. * expected (based on the max width), so we will shift them lower
  140. * so that they will match the addresses used when
  141. * device_width==max_device_width.
  142. */
  143. boff = offset >> (ctz32(pfl->bank_width) +
  144. ctz32(pfl->max_device_width) - ctz32(pfl->device_width));
  145. if (boff >= sizeof(pfl->cfi_table)) {
  146. return 0;
  147. }
  148. /*
  149. * Now we will construct the CFI response generated by a single
  150. * device, then replicate that for all devices that make up the
  151. * bus. For wide parts used in x8 mode, CFI query responses
  152. * are different than native byte-wide parts.
  153. */
  154. resp = pfl->cfi_table[boff];
  155. if (pfl->device_width != pfl->max_device_width) {
  156. /* The only case currently supported is x8 mode for a
  157. * wider part.
  158. */
  159. if (pfl->device_width != 1 || pfl->bank_width > 4) {
  160. trace_pflash_unsupported_device_configuration(pfl->name,
  161. pfl->device_width, pfl->max_device_width);
  162. return 0;
  163. }
  164. /* CFI query data is repeated, rather than zero padded for
  165. * wide devices used in x8 mode.
  166. */
  167. for (i = 1; i < pfl->max_device_width; i++) {
  168. resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]);
  169. }
  170. }
  171. /* Replicate responses for each device in bank. */
  172. if (pfl->device_width < pfl->bank_width) {
  173. for (i = pfl->device_width;
  174. i < pfl->bank_width; i += pfl->device_width) {
  175. resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp);
  176. }
  177. }
  178. return resp;
  179. }
  180. /* Perform a device id query based on the bank width of the flash. */
  181. static uint32_t pflash_devid_query(PFlashCFI01 *pfl, hwaddr offset)
  182. {
  183. int i;
  184. uint32_t resp;
  185. hwaddr boff;
  186. /*
  187. * Adjust incoming offset to match expected device-width
  188. * addressing. Device ID read addresses are always specified in
  189. * terms of the maximum supported width of the device. This means
  190. * that x8 devices and x8/x16 devices in x8 mode behave
  191. * differently. For devices that are not used at their max width,
  192. * we will be provided with addresses that use higher address bits
  193. * than expected (based on the max width), so we will shift them
  194. * lower so that they will match the addresses used when
  195. * device_width==max_device_width.
  196. */
  197. boff = offset >> (ctz32(pfl->bank_width) +
  198. ctz32(pfl->max_device_width) - ctz32(pfl->device_width));
  199. /*
  200. * Mask off upper bits which may be used in to query block
  201. * or sector lock status at other addresses.
  202. * Offsets 2/3 are block lock status, is not emulated.
  203. */
  204. switch (boff & 0xFF) {
  205. case 0:
  206. resp = pfl->ident0;
  207. trace_pflash_manufacturer_id(pfl->name, resp);
  208. break;
  209. case 1:
  210. resp = pfl->ident1;
  211. trace_pflash_device_id(pfl->name, resp);
  212. break;
  213. default:
  214. trace_pflash_device_info(pfl->name, offset);
  215. return 0;
  216. }
  217. /* Replicate responses for each device in bank. */
  218. if (pfl->device_width < pfl->bank_width) {
  219. for (i = pfl->device_width;
  220. i < pfl->bank_width; i += pfl->device_width) {
  221. resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp);
  222. }
  223. }
  224. return resp;
  225. }
  226. static uint32_t pflash_data_read(PFlashCFI01 *pfl, hwaddr offset,
  227. int width, int be)
  228. {
  229. uint8_t *p;
  230. uint32_t ret;
  231. p = pfl->storage;
  232. if (be) {
  233. ret = ldn_be_p(p + offset, width);
  234. } else {
  235. ret = ldn_le_p(p + offset, width);
  236. }
  237. trace_pflash_data_read(pfl->name, offset, width, ret);
  238. return ret;
  239. }
  240. static uint32_t pflash_read(PFlashCFI01 *pfl, hwaddr offset,
  241. int width, int be)
  242. {
  243. hwaddr boff;
  244. uint32_t ret;
  245. ret = -1;
  246. switch (pfl->cmd) {
  247. default:
  248. /* This should never happen : reset state & treat it as a read */
  249. trace_pflash_read_unknown_state(pfl->name, pfl->cmd);
  250. pfl->wcycle = 0;
  251. /*
  252. * The command 0x00 is not assigned by the CFI open standard,
  253. * but QEMU historically uses it for the READ_ARRAY command (0xff).
  254. */
  255. pfl->cmd = 0x00;
  256. /* fall through to read code */
  257. case 0x00: /* This model reset value for READ_ARRAY (not CFI compliant) */
  258. /* Flash area read */
  259. ret = pflash_data_read(pfl, offset, width, be);
  260. break;
  261. case 0x10: /* Single byte program */
  262. case 0x20: /* Block erase */
  263. case 0x28: /* Block erase */
  264. case 0x40: /* single byte program */
  265. case 0x50: /* Clear status register */
  266. case 0x60: /* Block /un)lock */
  267. case 0x70: /* Status Register */
  268. case 0xe8: /* Write block */
  269. /*
  270. * Status register read. Return status from each device in
  271. * bank.
  272. */
  273. ret = pfl->status;
  274. if (pfl->device_width && width > pfl->device_width) {
  275. int shift = pfl->device_width * 8;
  276. while (shift + pfl->device_width * 8 <= width * 8) {
  277. ret |= pfl->status << shift;
  278. shift += pfl->device_width * 8;
  279. }
  280. } else if (!pfl->device_width && width > 2) {
  281. /*
  282. * Handle 32 bit flash cases where device width is not
  283. * set. (Existing behavior before device width added.)
  284. */
  285. ret |= pfl->status << 16;
  286. }
  287. trace_pflash_read_status(pfl->name, ret);
  288. break;
  289. case 0x90:
  290. if (!pfl->device_width) {
  291. /* Preserve old behavior if device width not specified */
  292. boff = offset & 0xFF;
  293. if (pfl->bank_width == 2) {
  294. boff = boff >> 1;
  295. } else if (pfl->bank_width == 4) {
  296. boff = boff >> 2;
  297. }
  298. switch (boff) {
  299. case 0:
  300. ret = pfl->ident0 << 8 | pfl->ident1;
  301. trace_pflash_manufacturer_id(pfl->name, ret);
  302. break;
  303. case 1:
  304. ret = pfl->ident2 << 8 | pfl->ident3;
  305. trace_pflash_device_id(pfl->name, ret);
  306. break;
  307. default:
  308. trace_pflash_device_info(pfl->name, boff);
  309. ret = 0;
  310. break;
  311. }
  312. } else {
  313. /*
  314. * If we have a read larger than the bank_width, combine multiple
  315. * manufacturer/device ID queries into a single response.
  316. */
  317. int i;
  318. for (i = 0; i < width; i += pfl->bank_width) {
  319. ret = deposit32(ret, i * 8, pfl->bank_width * 8,
  320. pflash_devid_query(pfl,
  321. offset + i * pfl->bank_width));
  322. }
  323. }
  324. break;
  325. case 0x98: /* Query mode */
  326. if (!pfl->device_width) {
  327. /* Preserve old behavior if device width not specified */
  328. boff = offset & 0xFF;
  329. if (pfl->bank_width == 2) {
  330. boff = boff >> 1;
  331. } else if (pfl->bank_width == 4) {
  332. boff = boff >> 2;
  333. }
  334. if (boff < sizeof(pfl->cfi_table)) {
  335. ret = pfl->cfi_table[boff];
  336. } else {
  337. ret = 0;
  338. }
  339. } else {
  340. /*
  341. * If we have a read larger than the bank_width, combine multiple
  342. * CFI queries into a single response.
  343. */
  344. int i;
  345. for (i = 0; i < width; i += pfl->bank_width) {
  346. ret = deposit32(ret, i * 8, pfl->bank_width * 8,
  347. pflash_cfi_query(pfl,
  348. offset + i * pfl->bank_width));
  349. }
  350. }
  351. break;
  352. }
  353. trace_pflash_io_read(pfl->name, offset, width, ret, pfl->cmd, pfl->wcycle);
  354. return ret;
  355. }
  356. /* update flash content on disk */
  357. static void pflash_update(PFlashCFI01 *pfl, int offset,
  358. int size)
  359. {
  360. int offset_end;
  361. int ret;
  362. if (pfl->blk) {
  363. offset_end = offset + size;
  364. /* widen to sector boundaries */
  365. offset = QEMU_ALIGN_DOWN(offset, BDRV_SECTOR_SIZE);
  366. offset_end = QEMU_ALIGN_UP(offset_end, BDRV_SECTOR_SIZE);
  367. ret = blk_pwrite(pfl->blk, offset, offset_end - offset,
  368. pfl->storage + offset, 0);
  369. if (ret < 0) {
  370. /* TODO set error bit in status */
  371. error_report("Could not update PFLASH: %s", strerror(-ret));
  372. }
  373. }
  374. }
  375. /* copy current flash content to block update buffer */
  376. static void pflash_blk_write_start(PFlashCFI01 *pfl, hwaddr offset)
  377. {
  378. hwaddr mask = ~(pfl->writeblock_size - 1);
  379. trace_pflash_write_block_start(pfl->name, pfl->counter);
  380. pfl->blk_offset = offset & mask;
  381. memcpy(pfl->blk_bytes, pfl->storage + pfl->blk_offset,
  382. pfl->writeblock_size);
  383. }
  384. /* commit block update buffer changes */
  385. static void pflash_blk_write_flush(PFlashCFI01 *pfl)
  386. {
  387. g_assert(pfl->blk_offset != -1);
  388. trace_pflash_write_block_flush(pfl->name);
  389. memcpy(pfl->storage + pfl->blk_offset, pfl->blk_bytes,
  390. pfl->writeblock_size);
  391. pflash_update(pfl, pfl->blk_offset, pfl->writeblock_size);
  392. pfl->blk_offset = -1;
  393. }
  394. /* discard block update buffer changes */
  395. static void pflash_blk_write_abort(PFlashCFI01 *pfl)
  396. {
  397. trace_pflash_write_block_abort(pfl->name);
  398. pfl->blk_offset = -1;
  399. }
  400. static inline void pflash_data_write(PFlashCFI01 *pfl, hwaddr offset,
  401. uint32_t value, int width, int be)
  402. {
  403. uint8_t *p;
  404. if (pfl->blk_offset != -1) {
  405. /* block write: redirect writes to block update buffer */
  406. if ((offset < pfl->blk_offset) ||
  407. (offset + width > pfl->blk_offset + pfl->writeblock_size)) {
  408. pfl->status |= 0x10; /* Programming error */
  409. return;
  410. }
  411. trace_pflash_data_write_block(pfl->name, offset, width, value,
  412. pfl->counter);
  413. p = pfl->blk_bytes + (offset - pfl->blk_offset);
  414. } else {
  415. /* write directly to storage */
  416. trace_pflash_data_write(pfl->name, offset, width, value);
  417. p = pfl->storage + offset;
  418. }
  419. if (be) {
  420. stn_be_p(p, width, value);
  421. } else {
  422. stn_le_p(p, width, value);
  423. }
  424. }
  425. static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
  426. uint32_t value, int width, int be)
  427. {
  428. uint8_t *p;
  429. uint8_t cmd;
  430. cmd = value;
  431. trace_pflash_io_write(pfl->name, offset, width, value, pfl->wcycle);
  432. if (!pfl->wcycle) {
  433. /* Set the device in I/O access mode */
  434. memory_region_rom_device_set_romd(&pfl->mem, false);
  435. }
  436. switch (pfl->wcycle) {
  437. case 0:
  438. /* read mode */
  439. switch (cmd) {
  440. case 0x00: /* This model reset value for READ_ARRAY (not CFI) */
  441. goto mode_read_array;
  442. case 0x10: /* Single Byte Program */
  443. case 0x40: /* Single Byte Program */
  444. trace_pflash_write(pfl->name, "single byte program (0)");
  445. break;
  446. case 0x20: /* Block erase */
  447. p = pfl->storage;
  448. offset &= ~(pfl->sector_len - 1);
  449. trace_pflash_write_block_erase(pfl->name, offset, pfl->sector_len);
  450. if (!pfl->ro) {
  451. memset(p + offset, 0xff, pfl->sector_len);
  452. pflash_update(pfl, offset, pfl->sector_len);
  453. } else {
  454. pfl->status |= 0x20; /* Block erase error */
  455. }
  456. pfl->status |= 0x80; /* Ready! */
  457. break;
  458. case 0x50: /* Clear status bits */
  459. trace_pflash_write(pfl->name, "clear status bits");
  460. pfl->status = 0x0;
  461. goto mode_read_array;
  462. case 0x60: /* Block (un)lock */
  463. trace_pflash_write(pfl->name, "block unlock");
  464. break;
  465. case 0x70: /* Status Register */
  466. trace_pflash_write(pfl->name, "read status register");
  467. pfl->cmd = cmd;
  468. return;
  469. case 0x90: /* Read Device ID */
  470. trace_pflash_write(pfl->name, "read device information");
  471. pfl->cmd = cmd;
  472. return;
  473. case 0x98: /* CFI query */
  474. trace_pflash_write(pfl->name, "CFI query");
  475. break;
  476. case 0xe8: /* Write to buffer */
  477. trace_pflash_write(pfl->name, "write to buffer");
  478. pfl->status |= 0x80; /* Ready! */
  479. break;
  480. case 0xf0: /* Probe for AMD flash */
  481. trace_pflash_write(pfl->name, "probe for AMD flash");
  482. goto mode_read_array;
  483. case 0xff: /* Read Array */
  484. trace_pflash_write(pfl->name, "read array mode");
  485. goto mode_read_array;
  486. default:
  487. goto error_flash;
  488. }
  489. pfl->wcycle++;
  490. pfl->cmd = cmd;
  491. break;
  492. case 1:
  493. switch (pfl->cmd) {
  494. case 0x10: /* Single Byte Program */
  495. case 0x40: /* Single Byte Program */
  496. trace_pflash_write(pfl->name, "single byte program (1)");
  497. if (!pfl->ro) {
  498. pflash_data_write(pfl, offset, value, width, be);
  499. pflash_update(pfl, offset, width);
  500. } else {
  501. pfl->status |= 0x10; /* Programming error */
  502. }
  503. pfl->status |= 0x80; /* Ready! */
  504. pfl->wcycle = 0;
  505. break;
  506. case 0x20: /* Block erase */
  507. case 0x28:
  508. if (cmd == 0xd0) { /* confirm */
  509. pfl->wcycle = 0;
  510. pfl->status |= 0x80;
  511. } else if (cmd == 0xff) { /* Read Array */
  512. goto mode_read_array;
  513. } else
  514. goto error_flash;
  515. break;
  516. case 0xe8:
  517. /*
  518. * Mask writeblock size based on device width, or bank width if
  519. * device width not specified.
  520. */
  521. /* FIXME check @offset, @width */
  522. if (pfl->device_width) {
  523. value = extract32(value, 0, pfl->device_width * 8);
  524. } else {
  525. value = extract32(value, 0, pfl->bank_width * 8);
  526. }
  527. pfl->counter = value;
  528. pfl->wcycle++;
  529. break;
  530. case 0x60:
  531. if (cmd == 0xd0) {
  532. pfl->wcycle = 0;
  533. pfl->status |= 0x80;
  534. } else if (cmd == 0x01) {
  535. pfl->wcycle = 0;
  536. pfl->status |= 0x80;
  537. } else if (cmd == 0xff) { /* Read Array */
  538. goto mode_read_array;
  539. } else {
  540. trace_pflash_write(pfl->name, "unknown (un)locking command");
  541. goto mode_read_array;
  542. }
  543. break;
  544. case 0x98:
  545. if (cmd == 0xff) { /* Read Array */
  546. goto mode_read_array;
  547. } else {
  548. trace_pflash_write(pfl->name, "leaving query mode");
  549. }
  550. break;
  551. default:
  552. goto error_flash;
  553. }
  554. break;
  555. case 2:
  556. switch (pfl->cmd) {
  557. case 0xe8: /* Block write */
  558. /* FIXME check @offset, @width */
  559. if (pfl->blk_offset == -1 && pfl->counter) {
  560. pflash_blk_write_start(pfl, offset);
  561. }
  562. if (!pfl->ro && (pfl->blk_offset != -1)) {
  563. pflash_data_write(pfl, offset, value, width, be);
  564. } else {
  565. pfl->status |= 0x10; /* Programming error */
  566. }
  567. pfl->status |= 0x80;
  568. if (!pfl->counter) {
  569. trace_pflash_write(pfl->name, "block write finished");
  570. pfl->wcycle++;
  571. break;
  572. }
  573. pfl->counter--;
  574. break;
  575. default:
  576. goto error_flash;
  577. }
  578. break;
  579. case 3: /* Confirm mode */
  580. switch (pfl->cmd) {
  581. case 0xe8: /* Block write */
  582. if ((cmd == 0xd0) && !(pfl->status & 0x10)) {
  583. pflash_blk_write_flush(pfl);
  584. pfl->wcycle = 0;
  585. pfl->status |= 0x80;
  586. } else {
  587. pflash_blk_write_abort(pfl);
  588. goto mode_read_array;
  589. }
  590. break;
  591. default:
  592. pflash_blk_write_abort(pfl);
  593. goto error_flash;
  594. }
  595. break;
  596. default:
  597. /* Should never happen */
  598. trace_pflash_write(pfl->name, "invalid write state");
  599. goto mode_read_array;
  600. }
  601. return;
  602. error_flash:
  603. qemu_log_mask(LOG_UNIMP, "%s: Unimplemented flash cmd sequence "
  604. "(offset " HWADDR_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)"
  605. "\n", __func__, offset, pfl->wcycle, pfl->cmd, value);
  606. mode_read_array:
  607. trace_pflash_mode_read_array(pfl->name);
  608. memory_region_rom_device_set_romd(&pfl->mem, true);
  609. pfl->wcycle = 0;
  610. pfl->cmd = 0x00; /* This model reset value for READ_ARRAY (not CFI) */
  611. }
  612. static MemTxResult pflash_mem_read_with_attrs(void *opaque, hwaddr addr, uint64_t *value,
  613. unsigned len, MemTxAttrs attrs)
  614. {
  615. PFlashCFI01 *pfl = opaque;
  616. bool be = !!(pfl->features & (1 << PFLASH_BE));
  617. if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) {
  618. *value = pflash_data_read(opaque, addr, len, be);
  619. } else {
  620. *value = pflash_read(opaque, addr, len, be);
  621. }
  622. return MEMTX_OK;
  623. }
  624. static MemTxResult pflash_mem_write_with_attrs(void *opaque, hwaddr addr, uint64_t value,
  625. unsigned len, MemTxAttrs attrs)
  626. {
  627. PFlashCFI01 *pfl = opaque;
  628. bool be = !!(pfl->features & (1 << PFLASH_BE));
  629. if ((pfl->features & (1 << PFLASH_SECURE)) && !attrs.secure) {
  630. return MEMTX_ERROR;
  631. } else {
  632. pflash_write(opaque, addr, value, len, be);
  633. return MEMTX_OK;
  634. }
  635. }
  636. static const MemoryRegionOps pflash_cfi01_ops = {
  637. .read_with_attrs = pflash_mem_read_with_attrs,
  638. .write_with_attrs = pflash_mem_write_with_attrs,
  639. .endianness = DEVICE_NATIVE_ENDIAN,
  640. };
  641. static void pflash_cfi01_fill_cfi_table(PFlashCFI01 *pfl)
  642. {
  643. uint64_t blocks_per_device, sector_len_per_device, device_len;
  644. int num_devices;
  645. /*
  646. * These are only used to expose the parameters of each device
  647. * in the cfi_table[].
  648. */
  649. num_devices = pfl->device_width ? (pfl->bank_width / pfl->device_width) : 1;
  650. if (pfl->old_multiple_chip_handling) {
  651. blocks_per_device = pfl->nb_blocs / num_devices;
  652. sector_len_per_device = pfl->sector_len;
  653. } else {
  654. blocks_per_device = pfl->nb_blocs;
  655. sector_len_per_device = pfl->sector_len / num_devices;
  656. }
  657. device_len = sector_len_per_device * blocks_per_device;
  658. /* Hardcoded CFI table */
  659. /* Standard "QRY" string */
  660. pfl->cfi_table[0x10] = 'Q';
  661. pfl->cfi_table[0x11] = 'R';
  662. pfl->cfi_table[0x12] = 'Y';
  663. /* Command set (Intel) */
  664. pfl->cfi_table[0x13] = 0x01;
  665. pfl->cfi_table[0x14] = 0x00;
  666. /* Primary extended table address (none) */
  667. pfl->cfi_table[0x15] = 0x31;
  668. pfl->cfi_table[0x16] = 0x00;
  669. /* Alternate command set (none) */
  670. pfl->cfi_table[0x17] = 0x00;
  671. pfl->cfi_table[0x18] = 0x00;
  672. /* Alternate extended table (none) */
  673. pfl->cfi_table[0x19] = 0x00;
  674. pfl->cfi_table[0x1A] = 0x00;
  675. /* Vcc min */
  676. pfl->cfi_table[0x1B] = 0x45;
  677. /* Vcc max */
  678. pfl->cfi_table[0x1C] = 0x55;
  679. /* Vpp min (no Vpp pin) */
  680. pfl->cfi_table[0x1D] = 0x00;
  681. /* Vpp max (no Vpp pin) */
  682. pfl->cfi_table[0x1E] = 0x00;
  683. /* Reserved */
  684. pfl->cfi_table[0x1F] = 0x07;
  685. /* Timeout for min size buffer write */
  686. pfl->cfi_table[0x20] = 0x07;
  687. /* Typical timeout for block erase */
  688. pfl->cfi_table[0x21] = 0x0a;
  689. /* Typical timeout for full chip erase (4096 ms) */
  690. pfl->cfi_table[0x22] = 0x00;
  691. /* Reserved */
  692. pfl->cfi_table[0x23] = 0x04;
  693. /* Max timeout for buffer write */
  694. pfl->cfi_table[0x24] = 0x04;
  695. /* Max timeout for block erase */
  696. pfl->cfi_table[0x25] = 0x04;
  697. /* Max timeout for chip erase */
  698. pfl->cfi_table[0x26] = 0x00;
  699. /* Device size */
  700. pfl->cfi_table[0x27] = ctz32(device_len); /* + 1; */
  701. /* Flash device interface (8 & 16 bits) */
  702. pfl->cfi_table[0x28] = 0x02;
  703. pfl->cfi_table[0x29] = 0x00;
  704. /* Max number of bytes in multi-bytes write */
  705. if (pfl->bank_width == 1) {
  706. pfl->cfi_table[0x2A] = 0x08;
  707. } else {
  708. pfl->cfi_table[0x2A] = 0x0B;
  709. }
  710. pfl->writeblock_size = 1 << pfl->cfi_table[0x2A];
  711. if (!pfl->old_multiple_chip_handling && num_devices > 1) {
  712. pfl->writeblock_size *= num_devices;
  713. }
  714. pfl->cfi_table[0x2B] = 0x00;
  715. /* Number of erase block regions (uniform) */
  716. pfl->cfi_table[0x2C] = 0x01;
  717. /* Erase block region 1 */
  718. pfl->cfi_table[0x2D] = blocks_per_device - 1;
  719. pfl->cfi_table[0x2E] = (blocks_per_device - 1) >> 8;
  720. pfl->cfi_table[0x2F] = sector_len_per_device >> 8;
  721. pfl->cfi_table[0x30] = sector_len_per_device >> 16;
  722. /* Extended */
  723. pfl->cfi_table[0x31] = 'P';
  724. pfl->cfi_table[0x32] = 'R';
  725. pfl->cfi_table[0x33] = 'I';
  726. pfl->cfi_table[0x34] = '1';
  727. pfl->cfi_table[0x35] = '0';
  728. pfl->cfi_table[0x36] = 0x00;
  729. pfl->cfi_table[0x37] = 0x00;
  730. pfl->cfi_table[0x38] = 0x00;
  731. pfl->cfi_table[0x39] = 0x00;
  732. pfl->cfi_table[0x3a] = 0x00;
  733. pfl->cfi_table[0x3b] = 0x00;
  734. pfl->cfi_table[0x3c] = 0x00;
  735. pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */
  736. }
  737. static void pflash_cfi01_realize(DeviceState *dev, Error **errp)
  738. {
  739. ERRP_GUARD();
  740. PFlashCFI01 *pfl = PFLASH_CFI01(dev);
  741. uint64_t total_len;
  742. int ret;
  743. if (pfl->sector_len == 0) {
  744. error_setg(errp, "attribute \"sector-length\" not specified or zero.");
  745. return;
  746. }
  747. if (pfl->nb_blocs == 0) {
  748. error_setg(errp, "attribute \"num-blocks\" not specified or zero.");
  749. return;
  750. }
  751. if (pfl->name == NULL) {
  752. error_setg(errp, "attribute \"name\" not specified.");
  753. return;
  754. }
  755. total_len = pfl->sector_len * pfl->nb_blocs;
  756. memory_region_init_rom_device(
  757. &pfl->mem, OBJECT(dev),
  758. &pflash_cfi01_ops,
  759. pfl,
  760. pfl->name, total_len, errp);
  761. if (*errp) {
  762. return;
  763. }
  764. pfl->storage = memory_region_get_ram_ptr(&pfl->mem);
  765. sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem);
  766. if (pfl->blk) {
  767. uint64_t perm;
  768. pfl->ro = !blk_supports_write_perm(pfl->blk);
  769. perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE);
  770. ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp);
  771. if (ret < 0) {
  772. return;
  773. }
  774. } else {
  775. pfl->ro = false;
  776. }
  777. if (pfl->blk) {
  778. if (!blk_check_size_and_read_all(pfl->blk, dev, pfl->storage,
  779. total_len, errp)) {
  780. vmstate_unregister_ram(&pfl->mem, DEVICE(pfl));
  781. return;
  782. }
  783. }
  784. /*
  785. * Default to devices being used at their maximum device width. This was
  786. * assumed before the device_width support was added.
  787. */
  788. if (!pfl->max_device_width) {
  789. pfl->max_device_width = pfl->device_width;
  790. }
  791. pfl->wcycle = 0;
  792. /*
  793. * The command 0x00 is not assigned by the CFI open standard,
  794. * but QEMU historically uses it for the READ_ARRAY command (0xff).
  795. */
  796. pfl->cmd = 0x00;
  797. pfl->status = 0x80; /* WSM ready */
  798. pflash_cfi01_fill_cfi_table(pfl);
  799. pfl->blk_bytes = g_malloc(pfl->writeblock_size);
  800. pfl->blk_offset = -1;
  801. }
  802. static void pflash_cfi01_system_reset(DeviceState *dev)
  803. {
  804. PFlashCFI01 *pfl = PFLASH_CFI01(dev);
  805. trace_pflash_reset(pfl->name);
  806. /*
  807. * The command 0x00 is not assigned by the CFI open standard,
  808. * but QEMU historically uses it for the READ_ARRAY command (0xff).
  809. */
  810. pfl->cmd = 0x00;
  811. pfl->wcycle = 0;
  812. memory_region_rom_device_set_romd(&pfl->mem, true);
  813. /*
  814. * The WSM ready timer occurs at most 150ns after system reset.
  815. * This model deliberately ignores this delay.
  816. */
  817. pfl->status = 0x80;
  818. pfl->blk_offset = -1;
  819. }
  820. static Property pflash_cfi01_properties[] = {
  821. DEFINE_PROP_DRIVE("drive", PFlashCFI01, blk),
  822. /* num-blocks is the number of blocks actually visible to the guest,
  823. * ie the total size of the device divided by the sector length.
  824. * If we're emulating flash devices wired in parallel the actual
  825. * number of blocks per individual device will differ.
  826. */
  827. DEFINE_PROP_UINT32("num-blocks", PFlashCFI01, nb_blocs, 0),
  828. DEFINE_PROP_UINT64("sector-length", PFlashCFI01, sector_len, 0),
  829. /* width here is the overall width of this QEMU device in bytes.
  830. * The QEMU device may be emulating a number of flash devices
  831. * wired up in parallel; the width of each individual flash
  832. * device should be specified via device-width. If the individual
  833. * devices have a maximum width which is greater than the width
  834. * they are being used for, this maximum width should be set via
  835. * max-device-width (which otherwise defaults to device-width).
  836. * So for instance a 32-bit wide QEMU flash device made from four
  837. * 16-bit flash devices used in 8-bit wide mode would be configured
  838. * with width = 4, device-width = 1, max-device-width = 2.
  839. *
  840. * If device-width is not specified we default to backwards
  841. * compatible behaviour which is a bad emulation of two
  842. * 16 bit devices making up a 32 bit wide QEMU device. This
  843. * is deprecated for new uses of this device.
  844. */
  845. DEFINE_PROP_UINT8("width", PFlashCFI01, bank_width, 0),
  846. DEFINE_PROP_UINT8("device-width", PFlashCFI01, device_width, 0),
  847. DEFINE_PROP_UINT8("max-device-width", PFlashCFI01, max_device_width, 0),
  848. DEFINE_PROP_BIT("big-endian", PFlashCFI01, features, PFLASH_BE, 0),
  849. DEFINE_PROP_BIT("secure", PFlashCFI01, features, PFLASH_SECURE, 0),
  850. DEFINE_PROP_UINT16("id0", PFlashCFI01, ident0, 0),
  851. DEFINE_PROP_UINT16("id1", PFlashCFI01, ident1, 0),
  852. DEFINE_PROP_UINT16("id2", PFlashCFI01, ident2, 0),
  853. DEFINE_PROP_UINT16("id3", PFlashCFI01, ident3, 0),
  854. DEFINE_PROP_STRING("name", PFlashCFI01, name),
  855. DEFINE_PROP_BOOL("old-multiple-chip-handling", PFlashCFI01,
  856. old_multiple_chip_handling, false),
  857. DEFINE_PROP_END_OF_LIST(),
  858. };
  859. static void pflash_cfi01_class_init(ObjectClass *klass, void *data)
  860. {
  861. DeviceClass *dc = DEVICE_CLASS(klass);
  862. device_class_set_legacy_reset(dc, pflash_cfi01_system_reset);
  863. dc->realize = pflash_cfi01_realize;
  864. device_class_set_props(dc, pflash_cfi01_properties);
  865. dc->vmsd = &vmstate_pflash;
  866. set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
  867. }
  868. static const TypeInfo pflash_cfi01_info = {
  869. .name = TYPE_PFLASH_CFI01,
  870. .parent = TYPE_SYS_BUS_DEVICE,
  871. .instance_size = sizeof(PFlashCFI01),
  872. .class_init = pflash_cfi01_class_init,
  873. };
  874. static void pflash_cfi01_register_types(void)
  875. {
  876. type_register_static(&pflash_cfi01_info);
  877. }
  878. type_init(pflash_cfi01_register_types)
  879. PFlashCFI01 *pflash_cfi01_register(hwaddr base,
  880. const char *name,
  881. hwaddr size,
  882. BlockBackend *blk,
  883. uint32_t sector_len,
  884. int bank_width,
  885. uint16_t id0, uint16_t id1,
  886. uint16_t id2, uint16_t id3,
  887. int be)
  888. {
  889. DeviceState *dev = qdev_new(TYPE_PFLASH_CFI01);
  890. if (blk) {
  891. qdev_prop_set_drive(dev, "drive", blk);
  892. }
  893. assert(QEMU_IS_ALIGNED(size, sector_len));
  894. qdev_prop_set_uint32(dev, "num-blocks", size / sector_len);
  895. qdev_prop_set_uint64(dev, "sector-length", sector_len);
  896. qdev_prop_set_uint8(dev, "width", bank_width);
  897. qdev_prop_set_bit(dev, "big-endian", !!be);
  898. qdev_prop_set_uint16(dev, "id0", id0);
  899. qdev_prop_set_uint16(dev, "id1", id1);
  900. qdev_prop_set_uint16(dev, "id2", id2);
  901. qdev_prop_set_uint16(dev, "id3", id3);
  902. qdev_prop_set_string(dev, "name", name);
  903. sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
  904. sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
  905. return PFLASH_CFI01(dev);
  906. }
  907. BlockBackend *pflash_cfi01_get_blk(PFlashCFI01 *fl)
  908. {
  909. return fl->blk;
  910. }
  911. MemoryRegion *pflash_cfi01_get_memory(PFlashCFI01 *fl)
  912. {
  913. return &fl->mem;
  914. }
  915. /*
  916. * Handle -drive if=pflash for machines that use properties.
  917. * If @dinfo is null, do nothing.
  918. * Else if @fl's property "drive" is already set, fatal error.
  919. * Else set it to the BlockBackend with @dinfo.
  920. */
  921. void pflash_cfi01_legacy_drive(PFlashCFI01 *fl, DriveInfo *dinfo)
  922. {
  923. Location loc;
  924. if (!dinfo) {
  925. return;
  926. }
  927. loc_push_none(&loc);
  928. qemu_opts_loc_restore(dinfo->opts);
  929. if (fl->blk) {
  930. error_report("clashes with -machine");
  931. exit(1);
  932. }
  933. qdev_prop_set_drive_err(DEVICE(fl), "drive", blk_by_legacy_dinfo(dinfo),
  934. &error_fatal);
  935. loc_pop(&loc);
  936. }
  937. static void postload_update_cb(void *opaque, bool running, RunState state)
  938. {
  939. PFlashCFI01 *pfl = opaque;
  940. /* This is called after bdrv_activate_all. */
  941. qemu_del_vm_change_state_handler(pfl->vmstate);
  942. pfl->vmstate = NULL;
  943. trace_pflash_postload_cb(pfl->name);
  944. pflash_update(pfl, 0, pfl->sector_len * pfl->nb_blocs);
  945. }
  946. static int pflash_post_load(void *opaque, int version_id)
  947. {
  948. PFlashCFI01 *pfl = opaque;
  949. if (!pfl->ro) {
  950. pfl->vmstate = qemu_add_vm_change_state_handler(postload_update_cb,
  951. pfl);
  952. }
  953. return 0;
  954. }