hbitmap: add assertion on hbitmap_iter_init
[qemu/ar7.git] / hw / m25p80.c
blobd39265632bb50cc09a8d18d0e0ffc24a006d236f
1 /*
2 * ST M25P80 emulator. Emulate all SPI flash devices based on the m25p80 command
3 * set. Known devices table current as of Jun/2012 and taken from linux.
4 * See drivers/mtd/devices/m25p80.c.
6 * Copyright (C) 2011 Edgar E. Iglesias <edgar.iglesias@gmail.com>
7 * Copyright (C) 2012 Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
8 * Copyright (C) 2012 PetaLogix
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License as
12 * published by the Free Software Foundation; either version 2 or
13 * (at your option) a later version of the License.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, see <http://www.gnu.org/licenses/>.
24 #include "hw.h"
25 #include "sysemu/blockdev.h"
26 #include "ssi.h"
27 #include "devices.h"
29 #ifdef M25P80_ERR_DEBUG
30 #define DB_PRINT(...) do { \
31 fprintf(stderr, ": %s: ", __func__); \
32 fprintf(stderr, ## __VA_ARGS__); \
33 } while (0);
34 #else
35 #define DB_PRINT(...)
36 #endif
38 /* Fields for FlashPartInfo->flags */
40 /* erase capabilities */
41 #define ER_4K 1
42 #define ER_32K 2
43 /* set to allow the page program command to write 0s back to 1. Useful for
44 * modelling EEPROM with SPI flash command set
46 #define WR_1 0x100
48 typedef struct FlashPartInfo {
49 const char *part_name;
50 /* jedec code. (jedec >> 16) & 0xff is the 1st byte, >> 8 the 2nd etc */
51 uint32_t jedec;
52 /* extended jedec code */
53 uint16_t ext_jedec;
54 /* there is confusion between manufacturers as to what a sector is. In this
55 * device model, a "sector" is the size that is erased by the ERASE_SECTOR
56 * command (opcode 0xd8).
58 uint32_t sector_size;
59 uint32_t n_sectors;
60 uint32_t page_size;
61 uint8_t flags;
62 } FlashPartInfo;
64 /* adapted from linux */
66 #define INFO(_part_name, _jedec, _ext_jedec, _sector_size, _n_sectors, _flags)\
67 .part_name = (_part_name),\
68 .jedec = (_jedec),\
69 .ext_jedec = (_ext_jedec),\
70 .sector_size = (_sector_size),\
71 .n_sectors = (_n_sectors),\
72 .page_size = 256,\
73 .flags = (_flags),\
75 #define JEDEC_NUMONYX 0x20
76 #define JEDEC_WINBOND 0xEF
77 #define JEDEC_SPANSION 0x01
79 static const FlashPartInfo known_devices[] = {
80 /* Atmel -- some are (confusingly) marketed as "DataFlash" */
81 { INFO("at25fs010", 0x1f6601, 0, 32 << 10, 4, ER_4K) },
82 { INFO("at25fs040", 0x1f6604, 0, 64 << 10, 8, ER_4K) },
84 { INFO("at25df041a", 0x1f4401, 0, 64 << 10, 8, ER_4K) },
85 { INFO("at25df321a", 0x1f4701, 0, 64 << 10, 64, ER_4K) },
86 { INFO("at25df641", 0x1f4800, 0, 64 << 10, 128, ER_4K) },
88 { INFO("at26f004", 0x1f0400, 0, 64 << 10, 8, ER_4K) },
89 { INFO("at26df081a", 0x1f4501, 0, 64 << 10, 16, ER_4K) },
90 { INFO("at26df161a", 0x1f4601, 0, 64 << 10, 32, ER_4K) },
91 { INFO("at26df321", 0x1f4700, 0, 64 << 10, 64, ER_4K) },
93 /* EON -- en25xxx */
94 { INFO("en25f32", 0x1c3116, 0, 64 << 10, 64, ER_4K) },
95 { INFO("en25p32", 0x1c2016, 0, 64 << 10, 64, 0) },
96 { INFO("en25q32b", 0x1c3016, 0, 64 << 10, 64, 0) },
97 { INFO("en25p64", 0x1c2017, 0, 64 << 10, 128, 0) },
99 /* Intel/Numonyx -- xxxs33b */
100 { INFO("160s33b", 0x898911, 0, 64 << 10, 32, 0) },
101 { INFO("320s33b", 0x898912, 0, 64 << 10, 64, 0) },
102 { INFO("640s33b", 0x898913, 0, 64 << 10, 128, 0) },
104 /* Macronix */
105 { INFO("mx25l4005a", 0xc22013, 0, 64 << 10, 8, ER_4K) },
106 { INFO("mx25l8005", 0xc22014, 0, 64 << 10, 16, 0) },
107 { INFO("mx25l1606e", 0xc22015, 0, 64 << 10, 32, ER_4K) },
108 { INFO("mx25l3205d", 0xc22016, 0, 64 << 10, 64, 0) },
109 { INFO("mx25l6405d", 0xc22017, 0, 64 << 10, 128, 0) },
110 { INFO("mx25l12805d", 0xc22018, 0, 64 << 10, 256, 0) },
111 { INFO("mx25l12855e", 0xc22618, 0, 64 << 10, 256, 0) },
112 { INFO("mx25l25635e", 0xc22019, 0, 64 << 10, 512, 0) },
113 { INFO("mx25l25655e", 0xc22619, 0, 64 << 10, 512, 0) },
115 /* Spansion -- single (large) sector size only, at least
116 * for the chips listed here (without boot sectors).
118 { INFO("s25sl004a", 0x010212, 0, 64 << 10, 8, 0) },
119 { INFO("s25sl008a", 0x010213, 0, 64 << 10, 16, 0) },
120 { INFO("s25sl016a", 0x010214, 0, 64 << 10, 32, 0) },
121 { INFO("s25sl032a", 0x010215, 0, 64 << 10, 64, 0) },
122 { INFO("s25sl032p", 0x010215, 0x4d00, 64 << 10, 64, ER_4K) },
123 { INFO("s25sl064a", 0x010216, 0, 64 << 10, 128, 0) },
124 { INFO("s25fl256s0", 0x010219, 0x4d00, 256 << 10, 128, 0) },
125 { INFO("s25fl256s1", 0x010219, 0x4d01, 64 << 10, 512, 0) },
126 { INFO("s25fl512s", 0x010220, 0x4d00, 256 << 10, 256, 0) },
127 { INFO("s70fl01gs", 0x010221, 0x4d00, 256 << 10, 256, 0) },
128 { INFO("s25sl12800", 0x012018, 0x0300, 256 << 10, 64, 0) },
129 { INFO("s25sl12801", 0x012018, 0x0301, 64 << 10, 256, 0) },
130 { INFO("s25fl129p0", 0x012018, 0x4d00, 256 << 10, 64, 0) },
131 { INFO("s25fl129p1", 0x012018, 0x4d01, 64 << 10, 256, 0) },
132 { INFO("s25fl016k", 0xef4015, 0, 64 << 10, 32, ER_4K | ER_32K) },
133 { INFO("s25fl064k", 0xef4017, 0, 64 << 10, 128, ER_4K | ER_32K) },
135 /* SST -- large erase sizes are "overlays", "sectors" are 4<< 10 */
136 { INFO("sst25vf040b", 0xbf258d, 0, 64 << 10, 8, ER_4K) },
137 { INFO("sst25vf080b", 0xbf258e, 0, 64 << 10, 16, ER_4K) },
138 { INFO("sst25vf016b", 0xbf2541, 0, 64 << 10, 32, ER_4K) },
139 { INFO("sst25vf032b", 0xbf254a, 0, 64 << 10, 64, ER_4K) },
140 { INFO("sst25wf512", 0xbf2501, 0, 64 << 10, 1, ER_4K) },
141 { INFO("sst25wf010", 0xbf2502, 0, 64 << 10, 2, ER_4K) },
142 { INFO("sst25wf020", 0xbf2503, 0, 64 << 10, 4, ER_4K) },
143 { INFO("sst25wf040", 0xbf2504, 0, 64 << 10, 8, ER_4K) },
145 /* ST Microelectronics -- newer production may have feature updates */
146 { INFO("m25p05", 0x202010, 0, 32 << 10, 2, 0) },
147 { INFO("m25p10", 0x202011, 0, 32 << 10, 4, 0) },
148 { INFO("m25p20", 0x202012, 0, 64 << 10, 4, 0) },
149 { INFO("m25p40", 0x202013, 0, 64 << 10, 8, 0) },
150 { INFO("m25p80", 0x202014, 0, 64 << 10, 16, 0) },
151 { INFO("m25p16", 0x202015, 0, 64 << 10, 32, 0) },
152 { INFO("m25p32", 0x202016, 0, 64 << 10, 64, 0) },
153 { INFO("m25p64", 0x202017, 0, 64 << 10, 128, 0) },
154 { INFO("m25p128", 0x202018, 0, 256 << 10, 64, 0) },
156 { INFO("m45pe10", 0x204011, 0, 64 << 10, 2, 0) },
157 { INFO("m45pe80", 0x204014, 0, 64 << 10, 16, 0) },
158 { INFO("m45pe16", 0x204015, 0, 64 << 10, 32, 0) },
160 { INFO("m25pe80", 0x208014, 0, 64 << 10, 16, 0) },
161 { INFO("m25pe16", 0x208015, 0, 64 << 10, 32, ER_4K) },
163 { INFO("m25px32", 0x207116, 0, 64 << 10, 64, ER_4K) },
164 { INFO("m25px32-s0", 0x207316, 0, 64 << 10, 64, ER_4K) },
165 { INFO("m25px32-s1", 0x206316, 0, 64 << 10, 64, ER_4K) },
166 { INFO("m25px64", 0x207117, 0, 64 << 10, 128, 0) },
168 /* Winbond -- w25x "blocks" are 64k, "sectors" are 4KiB */
169 { INFO("w25x10", 0xef3011, 0, 64 << 10, 2, ER_4K) },
170 { INFO("w25x20", 0xef3012, 0, 64 << 10, 4, ER_4K) },
171 { INFO("w25x40", 0xef3013, 0, 64 << 10, 8, ER_4K) },
172 { INFO("w25x80", 0xef3014, 0, 64 << 10, 16, ER_4K) },
173 { INFO("w25x16", 0xef3015, 0, 64 << 10, 32, ER_4K) },
174 { INFO("w25x32", 0xef3016, 0, 64 << 10, 64, ER_4K) },
175 { INFO("w25q32", 0xef4016, 0, 64 << 10, 64, ER_4K) },
176 { INFO("w25x64", 0xef3017, 0, 64 << 10, 128, ER_4K) },
177 { INFO("w25q64", 0xef4017, 0, 64 << 10, 128, ER_4K) },
179 /* Numonyx -- n25q128 */
180 { INFO("n25q128", 0x20ba18, 0, 64 << 10, 256, 0) },
182 { },
185 typedef enum {
186 NOP = 0,
187 WRDI = 0x4,
188 RDSR = 0x5,
189 WREN = 0x6,
190 JEDEC_READ = 0x9f,
191 BULK_ERASE = 0xc7,
193 READ = 0x3,
194 FAST_READ = 0xb,
195 DOR = 0x3b,
196 QOR = 0x6b,
197 DIOR = 0xbb,
198 QIOR = 0xeb,
200 PP = 0x2,
201 DPP = 0xa2,
202 QPP = 0x32,
204 ERASE_4K = 0x20,
205 ERASE_32K = 0x52,
206 ERASE_SECTOR = 0xd8,
207 } FlashCMD;
209 typedef enum {
210 STATE_IDLE,
211 STATE_PAGE_PROGRAM,
212 STATE_READ,
213 STATE_COLLECTING_DATA,
214 STATE_READING_DATA,
215 } CMDState;
217 typedef struct Flash {
218 SSISlave ssidev;
219 uint32_t r;
221 BlockDriverState *bdrv;
223 uint8_t *storage;
224 uint32_t size;
225 int page_size;
227 uint8_t state;
228 uint8_t data[16];
229 uint32_t len;
230 uint32_t pos;
231 uint8_t needed_bytes;
232 uint8_t cmd_in_progress;
233 uint64_t cur_addr;
234 bool write_enable;
236 int64_t dirty_page;
238 char *part_name;
239 const FlashPartInfo *pi;
241 } Flash;
243 static void bdrv_sync_complete(void *opaque, int ret)
245 /* do nothing. Masters do not directly interact with the backing store,
246 * only the working copy so no mutexing required.
250 static void flash_sync_page(Flash *s, int page)
252 if (s->bdrv) {
253 int bdrv_sector, nb_sectors;
254 QEMUIOVector iov;
256 bdrv_sector = (page * s->pi->page_size) / BDRV_SECTOR_SIZE;
257 nb_sectors = DIV_ROUND_UP(s->pi->page_size, BDRV_SECTOR_SIZE);
258 qemu_iovec_init(&iov, 1);
259 qemu_iovec_add(&iov, s->storage + bdrv_sector * BDRV_SECTOR_SIZE,
260 nb_sectors * BDRV_SECTOR_SIZE);
261 bdrv_aio_writev(s->bdrv, bdrv_sector, &iov, nb_sectors,
262 bdrv_sync_complete, NULL);
266 static inline void flash_sync_area(Flash *s, int64_t off, int64_t len)
268 int64_t start, end, nb_sectors;
269 QEMUIOVector iov;
271 if (!s->bdrv) {
272 return;
275 assert(!(len % BDRV_SECTOR_SIZE));
276 start = off / BDRV_SECTOR_SIZE;
277 end = (off + len) / BDRV_SECTOR_SIZE;
278 nb_sectors = end - start;
279 qemu_iovec_init(&iov, 1);
280 qemu_iovec_add(&iov, s->storage + (start * BDRV_SECTOR_SIZE),
281 nb_sectors * BDRV_SECTOR_SIZE);
282 bdrv_aio_writev(s->bdrv, start, &iov, nb_sectors, bdrv_sync_complete, NULL);
285 static void flash_erase(Flash *s, int offset, FlashCMD cmd)
287 uint32_t len;
288 uint8_t capa_to_assert = 0;
290 switch (cmd) {
291 case ERASE_4K:
292 len = 4 << 10;
293 capa_to_assert = ER_4K;
294 break;
295 case ERASE_32K:
296 len = 32 << 10;
297 capa_to_assert = ER_32K;
298 break;
299 case ERASE_SECTOR:
300 len = s->pi->sector_size;
301 break;
302 case BULK_ERASE:
303 len = s->size;
304 break;
305 default:
306 abort();
309 DB_PRINT("offset = %#x, len = %d\n", offset, len);
310 if ((s->pi->flags & capa_to_assert) != capa_to_assert) {
311 hw_error("m25p80: %dk erase size not supported by device\n", len);
314 if (!s->write_enable) {
315 DB_PRINT("erase with write protect!\n");
316 return;
318 memset(s->storage + offset, 0xff, len);
319 flash_sync_area(s, offset, len);
322 static inline void flash_sync_dirty(Flash *s, int64_t newpage)
324 if (s->dirty_page >= 0 && s->dirty_page != newpage) {
325 flash_sync_page(s, s->dirty_page);
326 s->dirty_page = newpage;
330 static inline
331 void flash_write8(Flash *s, uint64_t addr, uint8_t data)
333 int64_t page = addr / s->pi->page_size;
334 uint8_t prev = s->storage[s->cur_addr];
336 if (!s->write_enable) {
337 DB_PRINT("write with write protect!\n");
340 if ((prev ^ data) & data) {
341 DB_PRINT("programming zero to one! addr=%lx %x -> %x\n",
342 addr, prev, data);
345 if (s->pi->flags & WR_1) {
346 s->storage[s->cur_addr] = data;
347 } else {
348 s->storage[s->cur_addr] &= data;
351 flash_sync_dirty(s, page);
352 s->dirty_page = page;
355 static void complete_collecting_data(Flash *s)
357 s->cur_addr = s->data[0] << 16;
358 s->cur_addr |= s->data[1] << 8;
359 s->cur_addr |= s->data[2];
361 switch (s->cmd_in_progress) {
362 case DPP:
363 case QPP:
364 case PP:
365 s->state = STATE_PAGE_PROGRAM;
366 break;
367 case READ:
368 case FAST_READ:
369 case DOR:
370 case QOR:
371 case DIOR:
372 case QIOR:
373 s->state = STATE_READ;
374 break;
375 case ERASE_4K:
376 case ERASE_32K:
377 case ERASE_SECTOR:
378 flash_erase(s, s->cur_addr, s->cmd_in_progress);
379 break;
380 default:
381 break;
385 static void decode_new_cmd(Flash *s, uint32_t value)
387 s->cmd_in_progress = value;
388 DB_PRINT("decoded new command:%x\n", value);
390 switch (value) {
392 case ERASE_4K:
393 case ERASE_32K:
394 case ERASE_SECTOR:
395 case READ:
396 case DPP:
397 case QPP:
398 case PP:
399 s->needed_bytes = 3;
400 s->pos = 0;
401 s->len = 0;
402 s->state = STATE_COLLECTING_DATA;
403 break;
405 case FAST_READ:
406 case DOR:
407 case QOR:
408 s->needed_bytes = 4;
409 s->pos = 0;
410 s->len = 0;
411 s->state = STATE_COLLECTING_DATA;
412 break;
414 case DIOR:
415 switch ((s->pi->jedec >> 16) & 0xFF) {
416 case JEDEC_WINBOND:
417 case JEDEC_SPANSION:
418 s->needed_bytes = 4;
419 break;
420 case JEDEC_NUMONYX:
421 default:
422 s->needed_bytes = 5;
424 s->pos = 0;
425 s->len = 0;
426 s->state = STATE_COLLECTING_DATA;
427 break;
429 case QIOR:
430 switch ((s->pi->jedec >> 16) & 0xFF) {
431 case JEDEC_WINBOND:
432 case JEDEC_SPANSION:
433 s->needed_bytes = 6;
434 break;
435 case JEDEC_NUMONYX:
436 default:
437 s->needed_bytes = 8;
439 s->pos = 0;
440 s->len = 0;
441 s->state = STATE_COLLECTING_DATA;
442 break;
444 case WRDI:
445 s->write_enable = false;
446 break;
447 case WREN:
448 s->write_enable = true;
449 break;
451 case RDSR:
452 s->data[0] = (!!s->write_enable) << 1;
453 s->pos = 0;
454 s->len = 1;
455 s->state = STATE_READING_DATA;
456 break;
458 case JEDEC_READ:
459 DB_PRINT("populated jedec code\n");
460 s->data[0] = (s->pi->jedec >> 16) & 0xff;
461 s->data[1] = (s->pi->jedec >> 8) & 0xff;
462 s->data[2] = s->pi->jedec & 0xff;
463 if (s->pi->ext_jedec) {
464 s->data[3] = (s->pi->ext_jedec >> 8) & 0xff;
465 s->data[4] = s->pi->ext_jedec & 0xff;
466 s->len = 5;
467 } else {
468 s->len = 3;
470 s->pos = 0;
471 s->state = STATE_READING_DATA;
472 break;
474 case BULK_ERASE:
475 if (s->write_enable) {
476 DB_PRINT("chip erase\n");
477 flash_erase(s, 0, BULK_ERASE);
478 } else {
479 DB_PRINT("chip erase with write protect!\n");
481 break;
482 case NOP:
483 break;
484 default:
485 DB_PRINT("Unknown cmd %x\n", value);
486 break;
490 static int m25p80_cs(SSISlave *ss, bool select)
492 Flash *s = FROM_SSI_SLAVE(Flash, ss);
494 if (select) {
495 s->len = 0;
496 s->pos = 0;
497 s->state = STATE_IDLE;
498 flash_sync_dirty(s, -1);
501 DB_PRINT("%sselect\n", select ? "de" : "");
503 return 0;
506 static uint32_t m25p80_transfer8(SSISlave *ss, uint32_t tx)
508 Flash *s = FROM_SSI_SLAVE(Flash, ss);
509 uint32_t r = 0;
511 switch (s->state) {
513 case STATE_PAGE_PROGRAM:
514 DB_PRINT("page program cur_addr=%lx data=%x\n", s->cur_addr,
515 (uint8_t)tx);
516 flash_write8(s, s->cur_addr, (uint8_t)tx);
517 s->cur_addr++;
518 break;
520 case STATE_READ:
521 r = s->storage[s->cur_addr];
522 DB_PRINT("READ 0x%lx=%x\n", s->cur_addr, r);
523 s->cur_addr = (s->cur_addr + 1) % s->size;
524 break;
526 case STATE_COLLECTING_DATA:
527 s->data[s->len] = (uint8_t)tx;
528 s->len++;
530 if (s->len == s->needed_bytes) {
531 complete_collecting_data(s);
533 break;
535 case STATE_READING_DATA:
536 r = s->data[s->pos];
537 s->pos++;
538 if (s->pos == s->len) {
539 s->pos = 0;
540 s->state = STATE_IDLE;
542 break;
544 default:
545 case STATE_IDLE:
546 decode_new_cmd(s, (uint8_t)tx);
547 break;
550 return r;
553 static int m25p80_init(SSISlave *ss)
555 DriveInfo *dinfo;
556 Flash *s = FROM_SSI_SLAVE(Flash, ss);
557 const FlashPartInfo *i;
559 if (!s->part_name) { /* default to actual m25p80 if no partname given */
560 s->part_name = (char *)"m25p80";
563 i = known_devices;
564 for (i = known_devices;; i++) {
565 assert(i);
566 if (!i->part_name) {
567 fprintf(stderr, "Unknown SPI flash part: \"%s\"\n", s->part_name);
568 return 1;
569 } else if (!strcmp(i->part_name, s->part_name)) {
570 s->pi = i;
571 break;
575 s->size = s->pi->sector_size * s->pi->n_sectors;
576 s->dirty_page = -1;
577 s->storage = qemu_blockalign(s->bdrv, s->size);
579 dinfo = drive_get_next(IF_MTD);
581 if (dinfo && dinfo->bdrv) {
582 DB_PRINT("Binding to IF_MTD drive\n");
583 s->bdrv = dinfo->bdrv;
584 /* FIXME: Move to late init */
585 if (bdrv_read(s->bdrv, 0, s->storage, DIV_ROUND_UP(s->size,
586 BDRV_SECTOR_SIZE))) {
587 fprintf(stderr, "Failed to initialize SPI flash!\n");
588 return 1;
590 } else {
591 memset(s->storage, 0xFF, s->size);
594 return 0;
597 static void m25p80_pre_save(void *opaque)
599 flash_sync_dirty((Flash *)opaque, -1);
602 static const VMStateDescription vmstate_m25p80 = {
603 .name = "xilinx_spi",
604 .version_id = 1,
605 .minimum_version_id = 1,
606 .minimum_version_id_old = 1,
607 .pre_save = m25p80_pre_save,
608 .fields = (VMStateField[]) {
609 VMSTATE_UINT8(state, Flash),
610 VMSTATE_UINT8_ARRAY(data, Flash, 16),
611 VMSTATE_UINT32(len, Flash),
612 VMSTATE_UINT32(pos, Flash),
613 VMSTATE_UINT8(needed_bytes, Flash),
614 VMSTATE_UINT8(cmd_in_progress, Flash),
615 VMSTATE_UINT64(cur_addr, Flash),
616 VMSTATE_BOOL(write_enable, Flash),
617 VMSTATE_END_OF_LIST()
621 static Property m25p80_properties[] = {
622 DEFINE_PROP_STRING("partname", Flash, part_name),
623 DEFINE_PROP_END_OF_LIST(),
626 static void m25p80_class_init(ObjectClass *klass, void *data)
628 DeviceClass *dc = DEVICE_CLASS(klass);
629 SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
631 k->init = m25p80_init;
632 k->transfer = m25p80_transfer8;
633 k->set_cs = m25p80_cs;
634 k->cs_polarity = SSI_CS_LOW;
635 dc->props = m25p80_properties;
636 dc->vmsd = &vmstate_m25p80;
639 static const TypeInfo m25p80_info = {
640 .name = "m25p80",
641 .parent = TYPE_SSI_SLAVE,
642 .instance_size = sizeof(Flash),
643 .class_init = m25p80_class_init,
646 static void m25p80_register_types(void)
648 type_register_static(&m25p80_info);
651 type_init(m25p80_register_types)