search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'qemu/master'
[qemu/ar7.git] / hw / block / m25p80.c
blob906b71257ecfd154f9694d7270bb34c78738681b
1 /*
2 * ST M25P80 emulator. Emulate all SPI flash devices based on the m25p80 command
3 * set. Known devices table current as of Jun/2012 and taken from linux.
4 * See drivers/mtd/devices/m25p80.c.
5 *
6 * Copyright (C) 2011 Edgar E. Iglesias <edgar.iglesias@gmail.com>
7 * Copyright (C) 2012 Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
8 * Copyright (C) 2012 PetaLogix
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License as
12 * published by the Free Software Foundation; either version 2 or
13 * (at your option) a later version of the License.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "qemu/osdep.h"
25 #include "hw/hw.h"
26 #include "sysemu/block-backend.h"
27 #include "sysemu/blockdev.h"
28 #include "hw/ssi/ssi.h"
29 #include "qemu/bitops.h"
30
31 #ifndef M25P80_ERR_DEBUG
32 #define M25P80_ERR_DEBUG 0
33 #endif
34
35 #define DB_PRINT_L(level, ...) do { \
36 if (M25P80_ERR_DEBUG > (level)) { \
37 fprintf(stderr, ": %s: ", __func__); \
38 fprintf(stderr, ## __VA_ARGS__); \
39 } \
40 } while (0);
41
42 /* Fields for FlashPartInfo->flags */
43
44 /* erase capabilities */
45 #define ER_4K 1
46 #define ER_32K 2
47 /* set to allow the page program command to write 0s back to 1. Useful for
48 * modelling EEPROM with SPI flash command set
49 */
50 #define EEPROM 0x100
51
52 /* 16 MiB max in 3 byte address mode */
53 #define MAX_3BYTES_SIZE 0x1000000
54
55 typedef struct FlashPartInfo {
56 const char *part_name;
57 /* jedec code. (jedec >> 16) & 0xff is the 1st byte, >> 8 the 2nd etc */
58 uint32_t jedec;
59 /* extended jedec code */
60 uint16_t ext_jedec;
61 /* there is confusion between manufacturers as to what a sector is. In this
62 * device model, a "sector" is the size that is erased by the ERASE_SECTOR
63 * command (opcode 0xd8).
64 */
65 uint32_t sector_size;
66 uint32_t n_sectors;
67 uint32_t page_size;
68 uint16_t flags;
69 } FlashPartInfo;
70
71 /* adapted from linux */
72
73 #define INFO(_part_name, _jedec, _ext_jedec, _sector_size, _n_sectors, _flags)\
74 .part_name = (_part_name),\
75 .jedec = (_jedec),\
76 .ext_jedec = (_ext_jedec),\
77 .sector_size = (_sector_size),\
78 .n_sectors = (_n_sectors),\
79 .page_size = 256,\
80 .flags = (_flags),\
81
82 #define JEDEC_NUMONYX 0x20
83 #define JEDEC_WINBOND 0xEF
84 #define JEDEC_SPANSION 0x01
85
86 /* Numonyx (Micron) Configuration register macros */
87 #define VCFG_DUMMY 0x1
88 #define VCFG_WRAP_SEQUENTIAL 0x2
89 #define NVCFG_XIP_MODE_DISABLED (7 << 9)
90 #define NVCFG_XIP_MODE_MASK (7 << 9)
91 #define VCFG_XIP_MODE_ENABLED (1 << 3)
92 #define CFG_DUMMY_CLK_LEN 4
93 #define NVCFG_DUMMY_CLK_POS 12
94 #define VCFG_DUMMY_CLK_POS 4
95 #define EVCFG_OUT_DRIVER_STRENGHT_DEF 7
96 #define EVCFG_VPP_ACCELERATOR (1 << 3)
97 #define EVCFG_RESET_HOLD_ENABLED (1 << 4)
98 #define NVCFG_DUAL_IO_MASK (1 << 2)
99 #define EVCFG_DUAL_IO_ENABLED (1 << 6)
100 #define NVCFG_QUAD_IO_MASK (1 << 3)
101 #define EVCFG_QUAD_IO_ENABLED (1 << 7)
102 #define NVCFG_4BYTE_ADDR_MASK (1 << 0)
103 #define NVCFG_LOWER_SEGMENT_MASK (1 << 1)
104 #define CFG_UPPER_128MB_SEG_ENABLED 0x3
105
106 /* Numonyx (Micron) Flag Status Register macros */
107 #define FSR_4BYTE_ADDR_MODE_ENABLED 0x1
108 #define FSR_FLASH_READY (1 << 7)
109
110 static const FlashPartInfo known_devices[] = {
111 /* Atmel -- some are (confusingly) marketed as "DataFlash" */
112 { INFO("at25fs010", 0x1f6601, 0, 32 << 10, 4, ER_4K) },
113 { INFO("at25fs040", 0x1f6604, 0, 64 << 10, 8, ER_4K) },
114
115 { INFO("at25df041a", 0x1f4401, 0, 64 << 10, 8, ER_4K) },
116 { INFO("at25df321a", 0x1f4701, 0, 64 << 10, 64, ER_4K) },
117 { INFO("at25df641", 0x1f4800, 0, 64 << 10, 128, ER_4K) },
118
119 { INFO("at26f004", 0x1f0400, 0, 64 << 10, 8, ER_4K) },
120 { INFO("at26df081a", 0x1f4501, 0, 64 << 10, 16, ER_4K) },
121 { INFO("at26df161a", 0x1f4601, 0, 64 << 10, 32, ER_4K) },
122 { INFO("at26df321", 0x1f4700, 0, 64 << 10, 64, ER_4K) },
123
124 { INFO("at45db081d", 0x1f2500, 0, 64 << 10, 16, ER_4K) },
125
126 /* Atmel EEPROMS - it is assumed, that don't care bit in command
127 * is set to 0. Block protection is not supported.
128 */
129 { INFO("at25128a-nonjedec", 0x0, 0, 1, 131072, EEPROM) },
130 { INFO("at25256a-nonjedec", 0x0, 0, 1, 262144, EEPROM) },
131
132 /* EON -- en25xxx */
133 { INFO("en25f32", 0x1c3116, 0, 64 << 10, 64, ER_4K) },
134 { INFO("en25p32", 0x1c2016, 0, 64 << 10, 64, 0) },
135 { INFO("en25q32b", 0x1c3016, 0, 64 << 10, 64, 0) },
136 { INFO("en25p64", 0x1c2017, 0, 64 << 10, 128, 0) },
137 { INFO("en25q64", 0x1c3017, 0, 64 << 10, 128, ER_4K) },
138
139 /* GigaDevice */
140 { INFO("gd25q32", 0xc84016, 0, 64 << 10, 64, ER_4K) },
141 { INFO("gd25q64", 0xc84017, 0, 64 << 10, 128, ER_4K) },
142
143 /* Intel/Numonyx -- xxxs33b */
144 { INFO("160s33b", 0x898911, 0, 64 << 10, 32, 0) },
145 { INFO("320s33b", 0x898912, 0, 64 << 10, 64, 0) },
146 { INFO("640s33b", 0x898913, 0, 64 << 10, 128, 0) },
147 { INFO("n25q064", 0x20ba17, 0, 64 << 10, 128, 0) },
148
149 /* Macronix */
150 { INFO("mx25l2005a", 0xc22012, 0, 64 << 10, 4, ER_4K) },
151 { INFO("mx25l4005a", 0xc22013, 0, 64 << 10, 8, ER_4K) },
152 { INFO("mx25l8005", 0xc22014, 0, 64 << 10, 16, 0) },
153 { INFO("mx25l1606e", 0xc22015, 0, 64 << 10, 32, ER_4K) },
154 { INFO("mx25l3205d", 0xc22016, 0, 64 << 10, 64, 0) },
155 { INFO("mx25l6405d", 0xc22017, 0, 64 << 10, 128, 0) },
156 { INFO("mx25l12805d", 0xc22018, 0, 64 << 10, 256, 0) },
157 { INFO("mx25l12855e", 0xc22618, 0, 64 << 10, 256, 0) },
158 { INFO("mx25l25635e", 0xc22019, 0, 64 << 10, 512, 0) },
159 { INFO("mx25l25655e", 0xc22619, 0, 64 << 10, 512, 0) },
160
161 /* Micron */
162 { INFO("n25q032a11", 0x20bb16, 0, 64 << 10, 64, ER_4K) },
163 { INFO("n25q032a13", 0x20ba16, 0, 64 << 10, 64, ER_4K) },
164 { INFO("n25q064a11", 0x20bb17, 0, 64 << 10, 128, ER_4K) },
165 { INFO("n25q064a13", 0x20ba17, 0, 64 << 10, 128, ER_4K) },
166 { INFO("n25q128a11", 0x20bb18, 0, 64 << 10, 256, ER_4K) },
167 { INFO("n25q128a13", 0x20ba18, 0, 64 << 10, 256, ER_4K) },
168 { INFO("n25q256a11", 0x20bb19, 0, 64 << 10, 512, ER_4K) },
169 { INFO("n25q256a13", 0x20ba19, 0, 64 << 10, 512, ER_4K) },
170
171 /* Spansion -- single (large) sector size only, at least
172 * for the chips listed here (without boot sectors).
173 */
174 { INFO("s25sl032p", 0x010215, 0x4d00, 64 << 10, 64, ER_4K) },
175 { INFO("s25sl064p", 0x010216, 0x4d00, 64 << 10, 128, ER_4K) },
176 { INFO("s25fl256s0", 0x010219, 0x4d00, 256 << 10, 128, 0) },
177 { INFO("s25fl256s1", 0x010219, 0x4d01, 64 << 10, 512, 0) },
178 { INFO("s25fl512s", 0x010220, 0x4d00, 256 << 10, 256, 0) },
179 { INFO("s70fl01gs", 0x010221, 0x4d00, 256 << 10, 256, 0) },
180 { INFO("s25sl12800", 0x012018, 0x0300, 256 << 10, 64, 0) },
181 { INFO("s25sl12801", 0x012018, 0x0301, 64 << 10, 256, 0) },
182 { INFO("s25fl129p0", 0x012018, 0x4d00, 256 << 10, 64, 0) },
183 { INFO("s25fl129p1", 0x012018, 0x4d01, 64 << 10, 256, 0) },
184 { INFO("s25sl004a", 0x010212, 0, 64 << 10, 8, 0) },
185 { INFO("s25sl008a", 0x010213, 0, 64 << 10, 16, 0) },
186 { INFO("s25sl016a", 0x010214, 0, 64 << 10, 32, 0) },
187 { INFO("s25sl032a", 0x010215, 0, 64 << 10, 64, 0) },
188 { INFO("s25sl064a", 0x010216, 0, 64 << 10, 128, 0) },
189 { INFO("s25fl016k", 0xef4015, 0, 64 << 10, 32, ER_4K | ER_32K) },
190 { INFO("s25fl064k", 0xef4017, 0, 64 << 10, 128, ER_4K | ER_32K) },
191
192 /* SST -- large erase sizes are "overlays", "sectors" are 4<< 10 */
193 { INFO("sst25vf040b", 0xbf258d, 0, 64 << 10, 8, ER_4K) },
194 { INFO("sst25vf080b", 0xbf258e, 0, 64 << 10, 16, ER_4K) },
195 { INFO("sst25vf016b", 0xbf2541, 0, 64 << 10, 32, ER_4K) },
196 { INFO("sst25vf032b", 0xbf254a, 0, 64 << 10, 64, ER_4K) },
197 { INFO("sst25wf512", 0xbf2501, 0, 64 << 10, 1, ER_4K) },
198 { INFO("sst25wf010", 0xbf2502, 0, 64 << 10, 2, ER_4K) },
199 { INFO("sst25wf020", 0xbf2503, 0, 64 << 10, 4, ER_4K) },
200 { INFO("sst25wf040", 0xbf2504, 0, 64 << 10, 8, ER_4K) },
201 { INFO("sst25wf080", 0xbf2505, 0, 64 << 10, 16, ER_4K) },
202
203 /* ST Microelectronics -- newer production may have feature updates */
204 { INFO("m25p05", 0x202010, 0, 32 << 10, 2, 0) },
205 { INFO("m25p10", 0x202011, 0, 32 << 10, 4, 0) },
206 { INFO("m25p20", 0x202012, 0, 64 << 10, 4, 0) },
207 { INFO("m25p40", 0x202013, 0, 64 << 10, 8, 0) },
208 { INFO("m25p80", 0x202014, 0, 64 << 10, 16, 0) },
209 { INFO("m25p16", 0x202015, 0, 64 << 10, 32, 0) },
210 { INFO("m25p32", 0x202016, 0, 64 << 10, 64, 0) },
211 { INFO("m25p64", 0x202017, 0, 64 << 10, 128, 0) },
212 { INFO("m25p128", 0x202018, 0, 256 << 10, 64, 0) },
213 { INFO("n25q032", 0x20ba16, 0, 64 << 10, 64, 0) },
214
215 { INFO("m45pe10", 0x204011, 0, 64 << 10, 2, 0) },
216 { INFO("m45pe80", 0x204014, 0, 64 << 10, 16, 0) },
217 { INFO("m45pe16", 0x204015, 0, 64 << 10, 32, 0) },
218
219 { INFO("m25pe20", 0x208012, 0, 64 << 10, 4, 0) },
220 { INFO("m25pe80", 0x208014, 0, 64 << 10, 16, 0) },
221 { INFO("m25pe16", 0x208015, 0, 64 << 10, 32, ER_4K) },
222
223 { INFO("m25px32", 0x207116, 0, 64 << 10, 64, ER_4K) },
224 { INFO("m25px32-s0", 0x207316, 0, 64 << 10, 64, ER_4K) },
225 { INFO("m25px32-s1", 0x206316, 0, 64 << 10, 64, ER_4K) },
226 { INFO("m25px64", 0x207117, 0, 64 << 10, 128, 0) },
227
228 /* Winbond -- w25x "blocks" are 64k, "sectors" are 4KiB */
229 { INFO("w25x10", 0xef3011, 0, 64 << 10, 2, ER_4K) },
230 { INFO("w25x20", 0xef3012, 0, 64 << 10, 4, ER_4K) },
231 { INFO("w25x40", 0xef3013, 0, 64 << 10, 8, ER_4K) },
232 { INFO("w25x80", 0xef3014, 0, 64 << 10, 16, ER_4K) },
233 { INFO("w25x16", 0xef3015, 0, 64 << 10, 32, ER_4K) },
234 { INFO("w25x32", 0xef3016, 0, 64 << 10, 64, ER_4K) },
235 { INFO("w25q32", 0xef4016, 0, 64 << 10, 64, ER_4K) },
236 { INFO("w25q32dw", 0xef6016, 0, 64 << 10, 64, ER_4K) },
237 { INFO("w25x64", 0xef3017, 0, 64 << 10, 128, ER_4K) },
238 { INFO("w25q64", 0xef4017, 0, 64 << 10, 128, ER_4K) },
239 { INFO("w25q80", 0xef5014, 0, 64 << 10, 16, ER_4K) },
240 { INFO("w25q80bl", 0xef4014, 0, 64 << 10, 16, ER_4K) },
241 { INFO("w25q256", 0xef4019, 0, 64 << 10, 512, ER_4K) },
242
243 { INFO("n25q128", 0x20ba18, 0, 64 << 10, 256, 0) },
244 { INFO("n25q256a", 0x20ba19, 0, 64 << 10, 512, ER_4K) },
245 { INFO("n25q512a", 0x20ba20, 0, 64 << 10, 1024, ER_4K) },
246 };
247
248 typedef enum {
249 NOP = 0,
250 WRSR = 0x1,
251 WRDI = 0x4,
252 RDSR = 0x5,
253 WREN = 0x6,
254 JEDEC_READ = 0x9f,
255 BULK_ERASE = 0xc7,
256 READ_FSR = 0x70,
257
258 READ = 0x03,
259 READ4 = 0x13,
260 FAST_READ = 0x0b,
261 FAST_READ4 = 0x0c,
262 DOR = 0x3b,
263 DOR4 = 0x3c,
264 QOR = 0x6b,
265 QOR4 = 0x6c,
266 DIOR = 0xbb,
267 DIOR4 = 0xbc,
268 QIOR = 0xeb,
269 QIOR4 = 0xec,
270
271 PP = 0x02,
272 PP4 = 0x12,
273 DPP = 0xa2,
274 QPP = 0x32,
275
276 ERASE_4K = 0x20,
277 ERASE4_4K = 0x21,
278 ERASE_32K = 0x52,
279 ERASE_SECTOR = 0xd8,
280 ERASE4_SECTOR = 0xdc,
281
282 EN_4BYTE_ADDR = 0xB7,
283 EX_4BYTE_ADDR = 0xE9,
284
285 EXTEND_ADDR_READ = 0xC8,
286 EXTEND_ADDR_WRITE = 0xC5,
287
288 RESET_ENABLE = 0x66,
289 RESET_MEMORY = 0x99,
290
291 RNVCR = 0xB5,
292 WNVCR = 0xB1,
293
294 RVCR = 0x85,
295 WVCR = 0x81,
296
297 REVCR = 0x65,
298 WEVCR = 0x61,
299 } FlashCMD;
300
301 typedef enum {
302 STATE_IDLE,
303 STATE_PAGE_PROGRAM,
304 STATE_READ,
305 STATE_COLLECTING_DATA,
306 STATE_READING_DATA,
307 } CMDState;
308
309 typedef struct Flash {
310 SSISlave parent_obj;
311
312 BlockBackend *blk;
313
314 uint8_t *storage;
315 uint32_t size;
316 int page_size;
317
318 uint8_t state;
319 uint8_t data[16];
320 uint32_t len;
321 uint32_t pos;
322 uint8_t needed_bytes;
323 uint8_t cmd_in_progress;
324 uint64_t cur_addr;
325 uint32_t nonvolatile_cfg;
326 uint32_t volatile_cfg;
327 uint32_t enh_volatile_cfg;
328 bool write_enable;
329 bool four_bytes_address_mode;
330 bool reset_enable;
331 uint8_t ear;
332
333 int64_t dirty_page;
334
335 const FlashPartInfo *pi;
336
337 } Flash;
338
339 typedef struct M25P80Class {
340 SSISlaveClass parent_class;
341 FlashPartInfo *pi;
342 } M25P80Class;
343
344 #define TYPE_M25P80 "m25p80-generic"
345 #define M25P80(obj) \
346 OBJECT_CHECK(Flash, (obj), TYPE_M25P80)
347 #define M25P80_CLASS(klass) \
348 OBJECT_CLASS_CHECK(M25P80Class, (klass), TYPE_M25P80)
349 #define M25P80_GET_CLASS(obj) \
350 OBJECT_GET_CLASS(M25P80Class, (obj), TYPE_M25P80)
351
352 static void blk_sync_complete(void *opaque, int ret)
353 {
354 /* do nothing. Masters do not directly interact with the backing store,
355 * only the working copy so no mutexing required.
356 */
357 }
358
359 static void flash_sync_page(Flash *s, int page)
360 {
361 int blk_sector, nb_sectors;
362 QEMUIOVector iov;
363
364 if (!s->blk || blk_is_read_only(s->blk)) {
365 return;
366 }
367
368 blk_sector = (page * s->pi->page_size) / BDRV_SECTOR_SIZE;
369 nb_sectors = DIV_ROUND_UP(s->pi->page_size, BDRV_SECTOR_SIZE);
370 qemu_iovec_init(&iov, 1);
371 qemu_iovec_add(&iov, s->storage + blk_sector * BDRV_SECTOR_SIZE,
372 nb_sectors * BDRV_SECTOR_SIZE);
373 blk_aio_writev(s->blk, blk_sector, &iov, nb_sectors, blk_sync_complete,
374 NULL);
375 }
376
377 static inline void flash_sync_area(Flash *s, int64_t off, int64_t len)
378 {
379 int64_t start, end, nb_sectors;
380 QEMUIOVector iov;
381
382 if (!s->blk || blk_is_read_only(s->blk)) {
383 return;
384 }
385
386 assert(!(len % BDRV_SECTOR_SIZE));
387 start = off / BDRV_SECTOR_SIZE;
388 end = (off + len) / BDRV_SECTOR_SIZE;
389 nb_sectors = end - start;
390 qemu_iovec_init(&iov, 1);
391 qemu_iovec_add(&iov, s->storage + (start * BDRV_SECTOR_SIZE),
392 nb_sectors * BDRV_SECTOR_SIZE);
393 blk_aio_writev(s->blk, start, &iov, nb_sectors, blk_sync_complete, NULL);
394 }
395
396 static void flash_erase(Flash *s, int offset, FlashCMD cmd)
397 {
398 uint32_t len;
399 uint8_t capa_to_assert = 0;
400
401 switch (cmd) {
402 case ERASE_4K:
403 case ERASE4_4K:
404 len = 4 << 10;
405 capa_to_assert = ER_4K;
406 break;
407 case ERASE_32K:
408 len = 32 << 10;
409 capa_to_assert = ER_32K;
410 break;
411 case ERASE_SECTOR:
412 case ERASE4_SECTOR:
413 len = s->pi->sector_size;
414 break;
415 case BULK_ERASE:
416 len = s->size;
417 break;
418 default:
419 abort();
420 }
421
422 DB_PRINT_L(0, "offset = %#x, len = %d\n", offset, len);
423 if ((s->pi->flags & capa_to_assert) != capa_to_assert) {
424 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: %d erase size not supported by"
425 " device\n", len);
426 }
427
428 if (!s->write_enable) {
429 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: erase with write protect!\n");
430 return;
431 }
432 memset(s->storage + offset, 0xff, len);
433 flash_sync_area(s, offset, len);
434 }
435
436 static inline void flash_sync_dirty(Flash *s, int64_t newpage)
437 {
438 if (s->dirty_page >= 0 && s->dirty_page != newpage) {
439 flash_sync_page(s, s->dirty_page);
440 s->dirty_page = newpage;
441 }
442 }
443
444 static inline
445 void flash_write8(Flash *s, uint64_t addr, uint8_t data)
446 {
447 int64_t page = addr / s->pi->page_size;
448 uint8_t prev = s->storage[s->cur_addr];
449
450 if (!s->write_enable) {
451 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: write with write protect!\n");
452 }
453
454 if ((prev ^ data) & data) {
455 DB_PRINT_L(1, "programming zero to one! addr=%" PRIx64 " %" PRIx8
456 " -> %" PRIx8 "\n", addr, prev, data);
457 }
458
459 if (s->pi->flags & EEPROM) {
460 s->storage[s->cur_addr] = data;
461 } else {
462 s->storage[s->cur_addr] &= data;
463 }
464
465 flash_sync_dirty(s, page);
466 s->dirty_page = page;
467 }
468
469 static inline int get_addr_length(Flash *s)
470 {
471 /* check if eeprom is in use */
472 if (s->pi->flags == EEPROM) {
473 return 2;
474 }
475
476 switch (s->cmd_in_progress) {
477 case PP4:
478 case READ4:
479 case QIOR4:
480 case ERASE4_4K:
481 case ERASE4_SECTOR:
482 case FAST_READ4:
483 case DOR4:
484 case QOR4:
485 case DIOR4:
486 return 4;
487 default:
488 return s->four_bytes_address_mode ? 4 : 3;
489 }
490 }
491
492 static void complete_collecting_data(Flash *s)
493 {
494 int i;
495
496 s->cur_addr = 0;
497
498 for (i = 0; i < get_addr_length(s); ++i) {
499 s->cur_addr <<= 8;
500 s->cur_addr |= s->data[i];
501 }
502
503 if (get_addr_length(s) == 3) {
504 s->cur_addr += (s->ear & 0x3) * MAX_3BYTES_SIZE;
505 }
506
507 s->state = STATE_IDLE;
508
509 switch (s->cmd_in_progress) {
510 case DPP:
511 case QPP:
512 case PP:
513 case PP4:
514 s->state = STATE_PAGE_PROGRAM;
515 break;
516 case READ:
517 case READ4:
518 case FAST_READ:
519 case FAST_READ4:
520 case DOR:
521 case DOR4:
522 case QOR:
523 case QOR4:
524 case DIOR:
525 case DIOR4:
526 case QIOR:
527 case QIOR4:
528 s->state = STATE_READ;
529 break;
530 case ERASE_4K:
531 case ERASE4_4K:
532 case ERASE_32K:
533 case ERASE_SECTOR:
534 case ERASE4_SECTOR:
535 flash_erase(s, s->cur_addr, s->cmd_in_progress);
536 break;
537 case WRSR:
538 if (s->write_enable) {
539 s->write_enable = false;
540 }
541 break;
542 case EXTEND_ADDR_WRITE:
543 s->ear = s->data[0];
544 break;
545 case WNVCR:
546 s->nonvolatile_cfg = s->data[0] | (s->data[1] << 8);
547 break;
548 case WVCR:
549 s->volatile_cfg = s->data[0];
550 break;
551 case WEVCR:
552 s->enh_volatile_cfg = s->data[0];
553 break;
554 default:
555 break;
556 }
557 }
558
559 static void reset_memory(Flash *s)
560 {
561 s->cmd_in_progress = NOP;
562 s->cur_addr = 0;
563 s->ear = 0;
564 s->four_bytes_address_mode = false;
565 s->len = 0;
566 s->needed_bytes = 0;
567 s->pos = 0;
568 s->state = STATE_IDLE;
569 s->write_enable = false;
570 s->reset_enable = false;
571
572 if (((s->pi->jedec >> 16) & 0xFF) == JEDEC_NUMONYX) {
573 s->volatile_cfg = 0;
574 s->volatile_cfg |= VCFG_DUMMY;
575 s->volatile_cfg |= VCFG_WRAP_SEQUENTIAL;
576 if ((s->nonvolatile_cfg & NVCFG_XIP_MODE_MASK)
577 != NVCFG_XIP_MODE_DISABLED) {
578 s->volatile_cfg |= VCFG_XIP_MODE_ENABLED;
579 }
580 s->volatile_cfg |= deposit32(s->volatile_cfg,
581 VCFG_DUMMY_CLK_POS,
582 CFG_DUMMY_CLK_LEN,
583 extract32(s->nonvolatile_cfg,
584 NVCFG_DUMMY_CLK_POS,
585 CFG_DUMMY_CLK_LEN)
586 );
587
588 s->enh_volatile_cfg = 0;
589 s->enh_volatile_cfg |= EVCFG_OUT_DRIVER_STRENGHT_DEF;
590 s->enh_volatile_cfg |= EVCFG_VPP_ACCELERATOR;
591 s->enh_volatile_cfg |= EVCFG_RESET_HOLD_ENABLED;
592 if (s->nonvolatile_cfg & NVCFG_DUAL_IO_MASK) {
593 s->enh_volatile_cfg |= EVCFG_DUAL_IO_ENABLED;
594 }
595 if (s->nonvolatile_cfg & NVCFG_QUAD_IO_MASK) {
596 s->enh_volatile_cfg |= EVCFG_QUAD_IO_ENABLED;
597 }
598 if (!(s->nonvolatile_cfg & NVCFG_4BYTE_ADDR_MASK)) {
599 s->four_bytes_address_mode = true;
600 }
601 if (!(s->nonvolatile_cfg & NVCFG_LOWER_SEGMENT_MASK)) {
602 s->ear = CFG_UPPER_128MB_SEG_ENABLED;
603 }
604 }
605
606 DB_PRINT_L(0, "Reset done.\n");
607 }
608
609 static void decode_new_cmd(Flash *s, uint32_t value)
610 {
611 s->cmd_in_progress = value;
612 DB_PRINT_L(0, "decoded new command:%x\n", value);
613
614 if (value != RESET_MEMORY) {
615 s->reset_enable = false;
616 }
617
618 switch (value) {
619
620 case ERASE_4K:
621 case ERASE4_4K:
622 case ERASE_32K:
623 case ERASE_SECTOR:
624 case ERASE4_SECTOR:
625 case READ:
626 case READ4:
627 case DPP:
628 case QPP:
629 case PP:
630 case PP4:
631 s->needed_bytes = get_addr_length(s);
632 s->pos = 0;
633 s->len = 0;
634 s->state = STATE_COLLECTING_DATA;
635 break;
636
637 case FAST_READ:
638 case FAST_READ4:
639 case DOR:
640 case DOR4:
641 case QOR:
642 case QOR4:
643 s->needed_bytes = get_addr_length(s);
644 if (((s->pi->jedec >> 16) & 0xFF) == JEDEC_NUMONYX) {
645 /* Dummy cycles modeled with bytes writes instead of bits */
646 s->needed_bytes += extract32(s->volatile_cfg, 4, 4);
647 }
648 s->pos = 0;
649 s->len = 0;
650 s->state = STATE_COLLECTING_DATA;
651 break;
652
653 case DIOR:
654 case DIOR4:
655 switch ((s->pi->jedec >> 16) & 0xFF) {
656 case JEDEC_WINBOND:
657 case JEDEC_SPANSION:
658 s->needed_bytes = 4;
659 break;
660 default:
661 s->needed_bytes = get_addr_length(s);
662 /* Dummy cycles modeled with bytes writes instead of bits */
663 s->needed_bytes += extract32(s->volatile_cfg, 4, 4);
664 }
665 s->pos = 0;
666 s->len = 0;
667 s->state = STATE_COLLECTING_DATA;
668 break;
669
670 case QIOR:
671 case QIOR4:
672 switch ((s->pi->jedec >> 16) & 0xFF) {
673 case JEDEC_WINBOND:
674 case JEDEC_SPANSION:
675 s->needed_bytes = 6;
676 break;
677 default:
678 s->needed_bytes = get_addr_length(s);
679 /* Dummy cycles modeled with bytes writes instead of bits */
680 s->needed_bytes += extract32(s->volatile_cfg, 4, 4);
681 }
682 s->pos = 0;
683 s->len = 0;
684 s->state = STATE_COLLECTING_DATA;
685 break;
686
687 case WRSR:
688 if (s->write_enable) {
689 s->needed_bytes = 1;
690 s->pos = 0;
691 s->len = 0;
692 s->state = STATE_COLLECTING_DATA;
693 }
694 break;
695
696 case WRDI:
697 s->write_enable = false;
698 break;
699 case WREN:
700 s->write_enable = true;
701 break;
702
703 case RDSR:
704 s->data[0] = (!!s->write_enable) << 1;
705 s->pos = 0;
706 s->len = 1;
707 s->state = STATE_READING_DATA;
708 break;
709
710 case READ_FSR:
711 s->data[0] = FSR_FLASH_READY;
712 if (s->four_bytes_address_mode) {
713 s->data[0] |= FSR_4BYTE_ADDR_MODE_ENABLED;
714 }
715 s->pos = 0;
716 s->len = 1;
717 s->state = STATE_READING_DATA;
718 break;
719
720 case JEDEC_READ:
721 DB_PRINT_L(0, "populated jedec code\n");
722 s->data[0] = (s->pi->jedec >> 16) & 0xff;
723 s->data[1] = (s->pi->jedec >> 8) & 0xff;
724 s->data[2] = s->pi->jedec & 0xff;
725 if (s->pi->ext_jedec) {
726 s->data[3] = (s->pi->ext_jedec >> 8) & 0xff;
727 s->data[4] = s->pi->ext_jedec & 0xff;
728 s->len = 5;
729 } else {
730 s->len = 3;
731 }
732 s->pos = 0;
733 s->state = STATE_READING_DATA;
734 break;
735
736 case BULK_ERASE:
737 if (s->write_enable) {
738 DB_PRINT_L(0, "chip erase\n");
739 flash_erase(s, 0, BULK_ERASE);
740 } else {
741 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: chip erase with write "
742 "protect!\n");
743 }
744 break;
745 case NOP:
746 break;
747 case EN_4BYTE_ADDR:
748 s->four_bytes_address_mode = true;
749 break;
750 case EX_4BYTE_ADDR:
751 s->four_bytes_address_mode = false;
752 break;
753 case EXTEND_ADDR_READ:
754 s->data[0] = s->ear;
755 s->pos = 0;
756 s->len = 1;
757 s->state = STATE_READING_DATA;
758 break;
759 case EXTEND_ADDR_WRITE:
760 if (s->write_enable) {
761 s->needed_bytes = 1;
762 s->pos = 0;
763 s->len = 0;
764 s->state = STATE_COLLECTING_DATA;
765 }
766 break;
767 case RNVCR:
768 s->data[0] = s->nonvolatile_cfg & 0xFF;
769 s->data[1] = (s->nonvolatile_cfg >> 8) & 0xFF;
770 s->pos = 0;
771 s->len = 2;
772 s->state = STATE_READING_DATA;
773 break;
774 case WNVCR:
775 if (s->write_enable) {
776 s->needed_bytes = 2;
777 s->pos = 0;
778 s->len = 0;
779 s->state = STATE_COLLECTING_DATA;
780 }
781 break;
782 case RVCR:
783 s->data[0] = s->volatile_cfg & 0xFF;
784 s->pos = 0;
785 s->len = 1;
786 s->state = STATE_READING_DATA;
787 break;
788 case WVCR:
789 if (s->write_enable) {
790 s->needed_bytes = 1;
791 s->pos = 0;
792 s->len = 0;
793 s->state = STATE_COLLECTING_DATA;
794 }
795 break;
796 case REVCR:
797 s->data[0] = s->enh_volatile_cfg & 0xFF;
798 s->pos = 0;
799 s->len = 1;
800 s->state = STATE_READING_DATA;
801 break;
802 case WEVCR:
803 if (s->write_enable) {
804 s->needed_bytes = 1;
805 s->pos = 0;
806 s->len = 0;
807 s->state = STATE_COLLECTING_DATA;
808 }
809 break;
810 case RESET_ENABLE:
811 s->reset_enable = true;
812 break;
813 case RESET_MEMORY:
814 if (s->reset_enable) {
815 reset_memory(s);
816 }
817 break;
818 default:
819 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value);
820 break;
821 }
822 }
823
824 static int m25p80_cs(SSISlave *ss, bool select)
825 {
826 Flash *s = M25P80(ss);
827
828 if (select) {
829 s->len = 0;
830 s->pos = 0;
831 s->state = STATE_IDLE;
832 flash_sync_dirty(s, -1);
833 }
834
835 DB_PRINT_L(0, "%sselect\n", select ? "de" : "");
836
837 return 0;
838 }
839
840 static uint32_t m25p80_transfer8(SSISlave *ss, uint32_t tx)
841 {
842 Flash *s = M25P80(ss);
843 uint32_t r = 0;
844
845 switch (s->state) {
846
847 case STATE_PAGE_PROGRAM:
848 DB_PRINT_L(1, "page program cur_addr=%#" PRIx64 " data=%" PRIx8 "\n",
849 s->cur_addr, (uint8_t)tx);
850 flash_write8(s, s->cur_addr, (uint8_t)tx);
851 s->cur_addr++;
852 break;
853
854 case STATE_READ:
855 r = s->storage[s->cur_addr];
856 DB_PRINT_L(1, "READ 0x%" PRIx64 "=%" PRIx8 "\n", s->cur_addr,
857 (uint8_t)r);
858 s->cur_addr = (s->cur_addr + 1) % s->size;
859 break;
860
861 case STATE_COLLECTING_DATA:
862 s->data[s->len] = (uint8_t)tx;
863 s->len++;
864
865 if (s->len == s->needed_bytes) {
866 complete_collecting_data(s);
867 }
868 break;
869
870 case STATE_READING_DATA:
871 r = s->data[s->pos];
872 s->pos++;
873 if (s->pos == s->len) {
874 s->pos = 0;
875 s->state = STATE_IDLE;
876 }
877 break;
878
879 default:
880 case STATE_IDLE:
881 decode_new_cmd(s, (uint8_t)tx);
882 break;
883 }
884
885 return r;
886 }
887
888 static int m25p80_init(SSISlave *ss)
889 {
890 DriveInfo *dinfo;
891 Flash *s = M25P80(ss);
892 M25P80Class *mc = M25P80_GET_CLASS(s);
893
894 s->pi = mc->pi;
895
896 s->size = s->pi->sector_size * s->pi->n_sectors;
897 s->dirty_page = -1;
898
899 /* FIXME use a qdev drive property instead of drive_get_next() */
900 dinfo = drive_get_next(IF_MTD);
901
902 if (dinfo) {
903 DB_PRINT_L(0, "Binding to IF_MTD drive\n");
904 s->blk = blk_by_legacy_dinfo(dinfo);
905 blk_attach_dev_nofail(s->blk, s);
906
907 s->storage = blk_blockalign(s->blk, s->size);
908
909 /* FIXME: Move to late init */
910 if (blk_read(s->blk, 0, s->storage,
911 DIV_ROUND_UP(s->size, BDRV_SECTOR_SIZE))) {
912 fprintf(stderr, "Failed to initialize SPI flash!\n");
913 return 1;
914 }
915 } else {
916 DB_PRINT_L(0, "No BDRV - binding to RAM\n");
917 s->storage = blk_blockalign(NULL, s->size);
918 memset(s->storage, 0xFF, s->size);
919 }
920
921 return 0;
922 }
923
924 static void m25p80_reset(DeviceState *d)
925 {
926 Flash *s = M25P80(d);
927
928 reset_memory(s);
929 }
930
931 static void m25p80_pre_save(void *opaque)
932 {
933 flash_sync_dirty((Flash *)opaque, -1);
934 }
935
936 static Property m25p80_properties[] = {
937 DEFINE_PROP_UINT32("nonvolatile-cfg", Flash, nonvolatile_cfg, 0x8FFF),
938 DEFINE_PROP_END_OF_LIST(),
939 };
940
941 static const VMStateDescription vmstate_m25p80 = {
942 .name = "xilinx_spi",
943 .version_id = 2,
944 .minimum_version_id = 1,
945 .pre_save = m25p80_pre_save,
946 .fields = (VMStateField[]) {
947 VMSTATE_UINT8(state, Flash),
948 VMSTATE_UINT8_ARRAY(data, Flash, 16),
949 VMSTATE_UINT32(len, Flash),
950 VMSTATE_UINT32(pos, Flash),
951 VMSTATE_UINT8(needed_bytes, Flash),
952 VMSTATE_UINT8(cmd_in_progress, Flash),
953 VMSTATE_UINT64(cur_addr, Flash),
954 VMSTATE_BOOL(write_enable, Flash),
955 VMSTATE_BOOL_V(reset_enable, Flash, 2),
956 VMSTATE_UINT8_V(ear, Flash, 2),
957 VMSTATE_BOOL_V(four_bytes_address_mode, Flash, 2),
958 VMSTATE_UINT32_V(nonvolatile_cfg, Flash, 2),
959 VMSTATE_UINT32_V(volatile_cfg, Flash, 2),
960 VMSTATE_UINT32_V(enh_volatile_cfg, Flash, 2),
961 VMSTATE_END_OF_LIST()
962 }
963 };
964
965 static void m25p80_class_init(ObjectClass *klass, void *data)
966 {
967 DeviceClass *dc = DEVICE_CLASS(klass);
968 SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
969 M25P80Class *mc = M25P80_CLASS(klass);
970
971 k->init = m25p80_init;
972 k->transfer = m25p80_transfer8;
973 k->set_cs = m25p80_cs;
974 k->cs_polarity = SSI_CS_LOW;
975 dc->vmsd = &vmstate_m25p80;
976 dc->props = m25p80_properties;
977 dc->reset = m25p80_reset;
978 mc->pi = data;
979 }
980
981 static const TypeInfo m25p80_info = {
982 .name = TYPE_M25P80,
983 .parent = TYPE_SSI_SLAVE,
984 .instance_size = sizeof(Flash),
985 .class_size = sizeof(M25P80Class),
986 .abstract = true,
987 };
988
989 static void m25p80_register_types(void)
990 {
991 int i;
992
993 type_register_static(&m25p80_info);
994 for (i = 0; i < ARRAY_SIZE(known_devices); ++i) {
995 TypeInfo ti = {
996 .name = known_devices[i].part_name,
997 .parent = TYPE_M25P80,
998 .class_init = m25p80_class_init,
999 .class_data = (void *)&known_devices[i],
1000 };
1001 type_register(&ti);
1002 }
1003 }
1004
1005 type_init(m25p80_register_types)
AR7 emulation for QEMU