2 * ST M25P80 emulator. Emulate all SPI flash devices based on the m25p80 command
3 * set. Known devices table current as of Jun/2012 and taken from linux.
4 * See drivers/mtd/devices/m25p80.c.
6 * Copyright (C) 2011 Edgar E. Iglesias <edgar.iglesias@gmail.com>
7 * Copyright (C) 2012 Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
8 * Copyright (C) 2012 PetaLogix
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License as
12 * published by the Free Software Foundation; either version 2 or
13 * (at your option) a later version of the License.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, see <http://www.gnu.org/licenses/>.
24 #include "qemu/osdep.h"
26 #include "sysemu/block-backend.h"
27 #include "sysemu/blockdev.h"
28 #include "hw/ssi/ssi.h"
30 #ifndef M25P80_ERR_DEBUG
31 #define M25P80_ERR_DEBUG 0
34 #define DB_PRINT_L(level, ...) do { \
35 if (M25P80_ERR_DEBUG > (level)) { \
36 fprintf(stderr, ": %s: ", __func__); \
37 fprintf(stderr, ## __VA_ARGS__); \
41 /* Fields for FlashPartInfo->flags */
43 /* erase capabilities */
46 /* set to allow the page program command to write 0s back to 1. Useful for
47 * modelling EEPROM with SPI flash command set
51 typedef struct FlashPartInfo
{
52 const char *part_name
;
53 /* jedec code. (jedec >> 16) & 0xff is the 1st byte, >> 8 the 2nd etc */
55 /* extended jedec code */
57 /* there is confusion between manufacturers as to what a sector is. In this
58 * device model, a "sector" is the size that is erased by the ERASE_SECTOR
59 * command (opcode 0xd8).
67 /* adapted from linux */
69 #define INFO(_part_name, _jedec, _ext_jedec, _sector_size, _n_sectors, _flags)\
70 .part_name = (_part_name),\
72 .ext_jedec = (_ext_jedec),\
73 .sector_size = (_sector_size),\
74 .n_sectors = (_n_sectors),\
78 #define JEDEC_NUMONYX 0x20
79 #define JEDEC_WINBOND 0xEF
80 #define JEDEC_SPANSION 0x01
82 static const FlashPartInfo known_devices
[] = {
83 /* Atmel -- some are (confusingly) marketed as "DataFlash" */
84 { INFO("at25fs010", 0x1f6601, 0, 32 << 10, 4, ER_4K
) },
85 { INFO("at25fs040", 0x1f6604, 0, 64 << 10, 8, ER_4K
) },
87 { INFO("at25df041a", 0x1f4401, 0, 64 << 10, 8, ER_4K
) },
88 { INFO("at25df321a", 0x1f4701, 0, 64 << 10, 64, ER_4K
) },
89 { INFO("at25df641", 0x1f4800, 0, 64 << 10, 128, ER_4K
) },
91 { INFO("at26f004", 0x1f0400, 0, 64 << 10, 8, ER_4K
) },
92 { INFO("at26df081a", 0x1f4501, 0, 64 << 10, 16, ER_4K
) },
93 { INFO("at26df161a", 0x1f4601, 0, 64 << 10, 32, ER_4K
) },
94 { INFO("at26df321", 0x1f4700, 0, 64 << 10, 64, ER_4K
) },
96 { INFO("at45db081d", 0x1f2500, 0, 64 << 10, 16, ER_4K
) },
99 { INFO("en25f32", 0x1c3116, 0, 64 << 10, 64, ER_4K
) },
100 { INFO("en25p32", 0x1c2016, 0, 64 << 10, 64, 0) },
101 { INFO("en25q32b", 0x1c3016, 0, 64 << 10, 64, 0) },
102 { INFO("en25p64", 0x1c2017, 0, 64 << 10, 128, 0) },
103 { INFO("en25q64", 0x1c3017, 0, 64 << 10, 128, ER_4K
) },
106 { INFO("gd25q32", 0xc84016, 0, 64 << 10, 64, ER_4K
) },
107 { INFO("gd25q64", 0xc84017, 0, 64 << 10, 128, ER_4K
) },
109 /* Intel/Numonyx -- xxxs33b */
110 { INFO("160s33b", 0x898911, 0, 64 << 10, 32, 0) },
111 { INFO("320s33b", 0x898912, 0, 64 << 10, 64, 0) },
112 { INFO("640s33b", 0x898913, 0, 64 << 10, 128, 0) },
113 { INFO("n25q064", 0x20ba17, 0, 64 << 10, 128, 0) },
116 { INFO("mx25l2005a", 0xc22012, 0, 64 << 10, 4, ER_4K
) },
117 { INFO("mx25l4005a", 0xc22013, 0, 64 << 10, 8, ER_4K
) },
118 { INFO("mx25l8005", 0xc22014, 0, 64 << 10, 16, 0) },
119 { INFO("mx25l1606e", 0xc22015, 0, 64 << 10, 32, ER_4K
) },
120 { INFO("mx25l3205d", 0xc22016, 0, 64 << 10, 64, 0) },
121 { INFO("mx25l6405d", 0xc22017, 0, 64 << 10, 128, 0) },
122 { INFO("mx25l12805d", 0xc22018, 0, 64 << 10, 256, 0) },
123 { INFO("mx25l12855e", 0xc22618, 0, 64 << 10, 256, 0) },
124 { INFO("mx25l25635e", 0xc22019, 0, 64 << 10, 512, 0) },
125 { INFO("mx25l25655e", 0xc22619, 0, 64 << 10, 512, 0) },
128 { INFO("n25q032a11", 0x20bb16, 0, 64 << 10, 64, ER_4K
) },
129 { INFO("n25q032a13", 0x20ba16, 0, 64 << 10, 64, ER_4K
) },
130 { INFO("n25q064a11", 0x20bb17, 0, 64 << 10, 128, ER_4K
) },
131 { INFO("n25q064a13", 0x20ba17, 0, 64 << 10, 128, ER_4K
) },
132 { INFO("n25q128a11", 0x20bb18, 0, 64 << 10, 256, ER_4K
) },
133 { INFO("n25q128a13", 0x20ba18, 0, 64 << 10, 256, ER_4K
) },
134 { INFO("n25q256a11", 0x20bb19, 0, 64 << 10, 512, ER_4K
) },
135 { INFO("n25q256a13", 0x20ba19, 0, 64 << 10, 512, ER_4K
) },
137 /* Spansion -- single (large) sector size only, at least
138 * for the chips listed here (without boot sectors).
140 { INFO("s25sl032p", 0x010215, 0x4d00, 64 << 10, 64, ER_4K
) },
141 { INFO("s25sl064p", 0x010216, 0x4d00, 64 << 10, 128, ER_4K
) },
142 { INFO("s25fl256s0", 0x010219, 0x4d00, 256 << 10, 128, 0) },
143 { INFO("s25fl256s1", 0x010219, 0x4d01, 64 << 10, 512, 0) },
144 { INFO("s25fl512s", 0x010220, 0x4d00, 256 << 10, 256, 0) },
145 { INFO("s70fl01gs", 0x010221, 0x4d00, 256 << 10, 256, 0) },
146 { INFO("s25sl12800", 0x012018, 0x0300, 256 << 10, 64, 0) },
147 { INFO("s25sl12801", 0x012018, 0x0301, 64 << 10, 256, 0) },
148 { INFO("s25fl129p0", 0x012018, 0x4d00, 256 << 10, 64, 0) },
149 { INFO("s25fl129p1", 0x012018, 0x4d01, 64 << 10, 256, 0) },
150 { INFO("s25sl004a", 0x010212, 0, 64 << 10, 8, 0) },
151 { INFO("s25sl008a", 0x010213, 0, 64 << 10, 16, 0) },
152 { INFO("s25sl016a", 0x010214, 0, 64 << 10, 32, 0) },
153 { INFO("s25sl032a", 0x010215, 0, 64 << 10, 64, 0) },
154 { INFO("s25sl064a", 0x010216, 0, 64 << 10, 128, 0) },
155 { INFO("s25fl016k", 0xef4015, 0, 64 << 10, 32, ER_4K
| ER_32K
) },
156 { INFO("s25fl064k", 0xef4017, 0, 64 << 10, 128, ER_4K
| ER_32K
) },
158 /* SST -- large erase sizes are "overlays", "sectors" are 4<< 10 */
159 { INFO("sst25vf040b", 0xbf258d, 0, 64 << 10, 8, ER_4K
) },
160 { INFO("sst25vf080b", 0xbf258e, 0, 64 << 10, 16, ER_4K
) },
161 { INFO("sst25vf016b", 0xbf2541, 0, 64 << 10, 32, ER_4K
) },
162 { INFO("sst25vf032b", 0xbf254a, 0, 64 << 10, 64, ER_4K
) },
163 { INFO("sst25wf512", 0xbf2501, 0, 64 << 10, 1, ER_4K
) },
164 { INFO("sst25wf010", 0xbf2502, 0, 64 << 10, 2, ER_4K
) },
165 { INFO("sst25wf020", 0xbf2503, 0, 64 << 10, 4, ER_4K
) },
166 { INFO("sst25wf040", 0xbf2504, 0, 64 << 10, 8, ER_4K
) },
167 { INFO("sst25wf080", 0xbf2505, 0, 64 << 10, 16, ER_4K
) },
169 /* ST Microelectronics -- newer production may have feature updates */
170 { INFO("m25p05", 0x202010, 0, 32 << 10, 2, 0) },
171 { INFO("m25p10", 0x202011, 0, 32 << 10, 4, 0) },
172 { INFO("m25p20", 0x202012, 0, 64 << 10, 4, 0) },
173 { INFO("m25p40", 0x202013, 0, 64 << 10, 8, 0) },
174 { INFO("m25p80", 0x202014, 0, 64 << 10, 16, 0) },
175 { INFO("m25p16", 0x202015, 0, 64 << 10, 32, 0) },
176 { INFO("m25p32", 0x202016, 0, 64 << 10, 64, 0) },
177 { INFO("m25p64", 0x202017, 0, 64 << 10, 128, 0) },
178 { INFO("m25p128", 0x202018, 0, 256 << 10, 64, 0) },
179 { INFO("n25q032", 0x20ba16, 0, 64 << 10, 64, 0) },
181 { INFO("m45pe10", 0x204011, 0, 64 << 10, 2, 0) },
182 { INFO("m45pe80", 0x204014, 0, 64 << 10, 16, 0) },
183 { INFO("m45pe16", 0x204015, 0, 64 << 10, 32, 0) },
185 { INFO("m25pe20", 0x208012, 0, 64 << 10, 4, 0) },
186 { INFO("m25pe80", 0x208014, 0, 64 << 10, 16, 0) },
187 { INFO("m25pe16", 0x208015, 0, 64 << 10, 32, ER_4K
) },
189 { INFO("m25px32", 0x207116, 0, 64 << 10, 64, ER_4K
) },
190 { INFO("m25px32-s0", 0x207316, 0, 64 << 10, 64, ER_4K
) },
191 { INFO("m25px32-s1", 0x206316, 0, 64 << 10, 64, ER_4K
) },
192 { INFO("m25px64", 0x207117, 0, 64 << 10, 128, 0) },
194 /* Winbond -- w25x "blocks" are 64k, "sectors" are 4KiB */
195 { INFO("w25x10", 0xef3011, 0, 64 << 10, 2, ER_4K
) },
196 { INFO("w25x20", 0xef3012, 0, 64 << 10, 4, ER_4K
) },
197 { INFO("w25x40", 0xef3013, 0, 64 << 10, 8, ER_4K
) },
198 { INFO("w25x80", 0xef3014, 0, 64 << 10, 16, ER_4K
) },
199 { INFO("w25x16", 0xef3015, 0, 64 << 10, 32, ER_4K
) },
200 { INFO("w25x32", 0xef3016, 0, 64 << 10, 64, ER_4K
) },
201 { INFO("w25q32", 0xef4016, 0, 64 << 10, 64, ER_4K
) },
202 { INFO("w25q32dw", 0xef6016, 0, 64 << 10, 64, ER_4K
) },
203 { INFO("w25x64", 0xef3017, 0, 64 << 10, 128, ER_4K
) },
204 { INFO("w25q64", 0xef4017, 0, 64 << 10, 128, ER_4K
) },
205 { INFO("w25q80", 0xef5014, 0, 64 << 10, 16, ER_4K
) },
206 { INFO("w25q80bl", 0xef4014, 0, 64 << 10, 16, ER_4K
) },
207 { INFO("w25q256", 0xef4019, 0, 64 << 10, 512, ER_4K
) },
209 /* Numonyx -- n25q128 */
210 { INFO("n25q128", 0x20ba18, 0, 64 << 10, 256, 0) },
242 STATE_COLLECTING_DATA
,
246 typedef struct Flash
{
261 uint8_t needed_bytes
;
262 uint8_t cmd_in_progress
;
268 const FlashPartInfo
*pi
;
272 typedef struct M25P80Class
{
273 SSISlaveClass parent_class
;
277 #define TYPE_M25P80 "m25p80-generic"
278 #define M25P80(obj) \
279 OBJECT_CHECK(Flash, (obj), TYPE_M25P80)
280 #define M25P80_CLASS(klass) \
281 OBJECT_CLASS_CHECK(M25P80Class, (klass), TYPE_M25P80)
282 #define M25P80_GET_CLASS(obj) \
283 OBJECT_GET_CLASS(M25P80Class, (obj), TYPE_M25P80)
285 static void blk_sync_complete(void *opaque
, int ret
)
287 /* do nothing. Masters do not directly interact with the backing store,
288 * only the working copy so no mutexing required.
292 static void flash_sync_page(Flash
*s
, int page
)
294 int blk_sector
, nb_sectors
;
297 if (!s
->blk
|| blk_is_read_only(s
->blk
)) {
301 blk_sector
= (page
* s
->pi
->page_size
) / BDRV_SECTOR_SIZE
;
302 nb_sectors
= DIV_ROUND_UP(s
->pi
->page_size
, BDRV_SECTOR_SIZE
);
303 qemu_iovec_init(&iov
, 1);
304 qemu_iovec_add(&iov
, s
->storage
+ blk_sector
* BDRV_SECTOR_SIZE
,
305 nb_sectors
* BDRV_SECTOR_SIZE
);
306 blk_aio_writev(s
->blk
, blk_sector
, &iov
, nb_sectors
, blk_sync_complete
,
310 static inline void flash_sync_area(Flash
*s
, int64_t off
, int64_t len
)
312 int64_t start
, end
, nb_sectors
;
315 if (!s
->blk
|| blk_is_read_only(s
->blk
)) {
319 assert(!(len
% BDRV_SECTOR_SIZE
));
320 start
= off
/ BDRV_SECTOR_SIZE
;
321 end
= (off
+ len
) / BDRV_SECTOR_SIZE
;
322 nb_sectors
= end
- start
;
323 qemu_iovec_init(&iov
, 1);
324 qemu_iovec_add(&iov
, s
->storage
+ (start
* BDRV_SECTOR_SIZE
),
325 nb_sectors
* BDRV_SECTOR_SIZE
);
326 blk_aio_writev(s
->blk
, start
, &iov
, nb_sectors
, blk_sync_complete
, NULL
);
329 static void flash_erase(Flash
*s
, int offset
, FlashCMD cmd
)
332 uint8_t capa_to_assert
= 0;
337 capa_to_assert
= ER_4K
;
341 capa_to_assert
= ER_32K
;
344 len
= s
->pi
->sector_size
;
353 DB_PRINT_L(0, "offset = %#x, len = %d\n", offset
, len
);
354 if ((s
->pi
->flags
& capa_to_assert
) != capa_to_assert
) {
355 qemu_log_mask(LOG_GUEST_ERROR
, "M25P80: %d erase size not supported by"
359 if (!s
->write_enable
) {
360 qemu_log_mask(LOG_GUEST_ERROR
, "M25P80: erase with write protect!\n");
363 memset(s
->storage
+ offset
, 0xff, len
);
364 flash_sync_area(s
, offset
, len
);
367 static inline void flash_sync_dirty(Flash
*s
, int64_t newpage
)
369 if (s
->dirty_page
>= 0 && s
->dirty_page
!= newpage
) {
370 flash_sync_page(s
, s
->dirty_page
);
371 s
->dirty_page
= newpage
;
376 void flash_write8(Flash
*s
, uint64_t addr
, uint8_t data
)
378 int64_t page
= addr
/ s
->pi
->page_size
;
379 uint8_t prev
= s
->storage
[s
->cur_addr
];
381 if (!s
->write_enable
) {
382 qemu_log_mask(LOG_GUEST_ERROR
, "M25P80: write with write protect!\n");
385 if ((prev
^ data
) & data
) {
386 DB_PRINT_L(1, "programming zero to one! addr=%" PRIx64
" %" PRIx8
387 " -> %" PRIx8
"\n", addr
, prev
, data
);
390 if (s
->pi
->flags
& WR_1
) {
391 s
->storage
[s
->cur_addr
] = data
;
393 s
->storage
[s
->cur_addr
] &= data
;
396 flash_sync_dirty(s
, page
);
397 s
->dirty_page
= page
;
400 static void complete_collecting_data(Flash
*s
)
402 s
->cur_addr
= s
->data
[0] << 16;
403 s
->cur_addr
|= s
->data
[1] << 8;
404 s
->cur_addr
|= s
->data
[2];
406 s
->state
= STATE_IDLE
;
408 switch (s
->cmd_in_progress
) {
412 s
->state
= STATE_PAGE_PROGRAM
;
420 s
->state
= STATE_READ
;
425 flash_erase(s
, s
->cur_addr
, s
->cmd_in_progress
);
428 if (s
->write_enable
) {
429 s
->write_enable
= false;
437 static void decode_new_cmd(Flash
*s
, uint32_t value
)
439 s
->cmd_in_progress
= value
;
440 DB_PRINT_L(0, "decoded new command:%x\n", value
);
454 s
->state
= STATE_COLLECTING_DATA
;
463 s
->state
= STATE_COLLECTING_DATA
;
467 switch ((s
->pi
->jedec
>> 16) & 0xFF) {
478 s
->state
= STATE_COLLECTING_DATA
;
482 switch ((s
->pi
->jedec
>> 16) & 0xFF) {
493 s
->state
= STATE_COLLECTING_DATA
;
497 if (s
->write_enable
) {
501 s
->state
= STATE_COLLECTING_DATA
;
506 s
->write_enable
= false;
509 s
->write_enable
= true;
513 s
->data
[0] = (!!s
->write_enable
) << 1;
516 s
->state
= STATE_READING_DATA
;
520 DB_PRINT_L(0, "populated jedec code\n");
521 s
->data
[0] = (s
->pi
->jedec
>> 16) & 0xff;
522 s
->data
[1] = (s
->pi
->jedec
>> 8) & 0xff;
523 s
->data
[2] = s
->pi
->jedec
& 0xff;
524 if (s
->pi
->ext_jedec
) {
525 s
->data
[3] = (s
->pi
->ext_jedec
>> 8) & 0xff;
526 s
->data
[4] = s
->pi
->ext_jedec
& 0xff;
532 s
->state
= STATE_READING_DATA
;
536 if (s
->write_enable
) {
537 DB_PRINT_L(0, "chip erase\n");
538 flash_erase(s
, 0, BULK_ERASE
);
540 qemu_log_mask(LOG_GUEST_ERROR
, "M25P80: chip erase with write "
547 qemu_log_mask(LOG_GUEST_ERROR
, "M25P80: Unknown cmd %x\n", value
);
552 static int m25p80_cs(SSISlave
*ss
, bool select
)
554 Flash
*s
= M25P80(ss
);
559 s
->state
= STATE_IDLE
;
560 flash_sync_dirty(s
, -1);
563 DB_PRINT_L(0, "%sselect\n", select
? "de" : "");
568 static uint32_t m25p80_transfer8(SSISlave
*ss
, uint32_t tx
)
570 Flash
*s
= M25P80(ss
);
575 case STATE_PAGE_PROGRAM
:
576 DB_PRINT_L(1, "page program cur_addr=%#" PRIx64
" data=%" PRIx8
"\n",
577 s
->cur_addr
, (uint8_t)tx
);
578 flash_write8(s
, s
->cur_addr
, (uint8_t)tx
);
583 r
= s
->storage
[s
->cur_addr
];
584 DB_PRINT_L(1, "READ 0x%" PRIx64
"=%" PRIx8
"\n", s
->cur_addr
,
586 s
->cur_addr
= (s
->cur_addr
+ 1) % s
->size
;
589 case STATE_COLLECTING_DATA
:
590 s
->data
[s
->len
] = (uint8_t)tx
;
593 if (s
->len
== s
->needed_bytes
) {
594 complete_collecting_data(s
);
598 case STATE_READING_DATA
:
601 if (s
->pos
== s
->len
) {
603 s
->state
= STATE_IDLE
;
609 decode_new_cmd(s
, (uint8_t)tx
);
616 static int m25p80_init(SSISlave
*ss
)
619 Flash
*s
= M25P80(ss
);
620 M25P80Class
*mc
= M25P80_GET_CLASS(s
);
624 s
->size
= s
->pi
->sector_size
* s
->pi
->n_sectors
;
627 /* FIXME use a qdev drive property instead of drive_get_next() */
628 dinfo
= drive_get_next(IF_MTD
);
631 DB_PRINT_L(0, "Binding to IF_MTD drive\n");
632 s
->blk
= blk_by_legacy_dinfo(dinfo
);
633 blk_attach_dev_nofail(s
->blk
, s
);
635 s
->storage
= blk_blockalign(s
->blk
, s
->size
);
637 /* FIXME: Move to late init */
638 if (blk_read(s
->blk
, 0, s
->storage
,
639 DIV_ROUND_UP(s
->size
, BDRV_SECTOR_SIZE
))) {
640 fprintf(stderr
, "Failed to initialize SPI flash!\n");
644 DB_PRINT_L(0, "No BDRV - binding to RAM\n");
645 s
->storage
= blk_blockalign(NULL
, s
->size
);
646 memset(s
->storage
, 0xFF, s
->size
);
652 static void m25p80_pre_save(void *opaque
)
654 flash_sync_dirty((Flash
*)opaque
, -1);
657 static const VMStateDescription vmstate_m25p80
= {
658 .name
= "xilinx_spi",
660 .minimum_version_id
= 1,
661 .pre_save
= m25p80_pre_save
,
662 .fields
= (VMStateField
[]) {
663 VMSTATE_UINT8(state
, Flash
),
664 VMSTATE_UINT8_ARRAY(data
, Flash
, 16),
665 VMSTATE_UINT32(len
, Flash
),
666 VMSTATE_UINT32(pos
, Flash
),
667 VMSTATE_UINT8(needed_bytes
, Flash
),
668 VMSTATE_UINT8(cmd_in_progress
, Flash
),
669 VMSTATE_UINT64(cur_addr
, Flash
),
670 VMSTATE_BOOL(write_enable
, Flash
),
671 VMSTATE_END_OF_LIST()
675 static void m25p80_class_init(ObjectClass
*klass
, void *data
)
677 DeviceClass
*dc
= DEVICE_CLASS(klass
);
678 SSISlaveClass
*k
= SSI_SLAVE_CLASS(klass
);
679 M25P80Class
*mc
= M25P80_CLASS(klass
);
681 k
->init
= m25p80_init
;
682 k
->transfer
= m25p80_transfer8
;
683 k
->set_cs
= m25p80_cs
;
684 k
->cs_polarity
= SSI_CS_LOW
;
685 dc
->vmsd
= &vmstate_m25p80
;
689 static const TypeInfo m25p80_info
= {
691 .parent
= TYPE_SSI_SLAVE
,
692 .instance_size
= sizeof(Flash
),
693 .class_size
= sizeof(M25P80Class
),
697 static void m25p80_register_types(void)
701 type_register_static(&m25p80_info
);
702 for (i
= 0; i
< ARRAY_SIZE(known_devices
); ++i
) {
704 .name
= known_devices
[i
].part_name
,
705 .parent
= TYPE_M25P80
,
706 .class_init
= m25p80_class_init
,
707 .class_data
= (void *)&known_devices
[i
],
713 type_init(m25p80_register_types
)