m25p80.c (50607B)
1/* 2 * ST M25P80 emulator. Emulate all SPI flash devices based on the m25p80 command 3 * set. Known devices table current as of Jun/2012 and taken from linux. 4 * See drivers/mtd/devices/m25p80.c. 5 * 6 * Copyright (C) 2011 Edgar E. Iglesias <edgar.iglesias@gmail.com> 7 * Copyright (C) 2012 Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com> 8 * Copyright (C) 2012 PetaLogix 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License as 12 * published by the Free Software Foundation; either version 2 or 13 * (at your option) a later version of the License. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License along 21 * with this program; if not, see <http://www.gnu.org/licenses/>. 22 */ 23 24#include "qemu/osdep.h" 25#include "qemu/units.h" 26#include "sysemu/block-backend.h" 27#include "hw/qdev-properties.h" 28#include "hw/qdev-properties-system.h" 29#include "hw/ssi/ssi.h" 30#include "migration/vmstate.h" 31#include "qemu/bitops.h" 32#include "qemu/log.h" 33#include "qemu/module.h" 34#include "qemu/error-report.h" 35#include "qapi/error.h" 36#include "trace.h" 37#include "qom/object.h" 38 39/* Fields for FlashPartInfo->flags */ 40 41/* erase capabilities */ 42#define ER_4K 1 43#define ER_32K 2 44/* set to allow the page program command to write 0s back to 1. Useful for 45 * modelling EEPROM with SPI flash command set 46 */ 47#define EEPROM 0x100 48 49/* 16 MiB max in 3 byte address mode */ 50#define MAX_3BYTES_SIZE 0x1000000 51 52#define SPI_NOR_MAX_ID_LEN 6 53 54typedef struct FlashPartInfo { 55 const char *part_name; 56 /* 57 * This array stores the ID bytes. 58 * The first three bytes are the JEDIC ID. 59 * JEDEC ID zero means "no ID" (mostly older chips). 60 */ 61 uint8_t id[SPI_NOR_MAX_ID_LEN]; 62 uint8_t id_len; 63 /* there is confusion between manufacturers as to what a sector is. In this 64 * device model, a "sector" is the size that is erased by the ERASE_SECTOR 65 * command (opcode 0xd8). 66 */ 67 uint32_t sector_size; 68 uint32_t n_sectors; 69 uint32_t page_size; 70 uint16_t flags; 71 /* 72 * Big sized spi nor are often stacked devices, thus sometime 73 * replace chip erase with die erase. 74 * This field inform how many die is in the chip. 75 */ 76 uint8_t die_cnt; 77} FlashPartInfo; 78 79/* adapted from linux */ 80/* Used when the "_ext_id" is two bytes at most */ 81#define INFO(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors, _flags)\ 82 .part_name = _part_name,\ 83 .id = {\ 84 ((_jedec_id) >> 16) & 0xff,\ 85 ((_jedec_id) >> 8) & 0xff,\ 86 (_jedec_id) & 0xff,\ 87 ((_ext_id) >> 8) & 0xff,\ 88 (_ext_id) & 0xff,\ 89 },\ 90 .id_len = (!(_jedec_id) ? 0 : (3 + ((_ext_id) ? 2 : 0))),\ 91 .sector_size = (_sector_size),\ 92 .n_sectors = (_n_sectors),\ 93 .page_size = 256,\ 94 .flags = (_flags),\ 95 .die_cnt = 0 96 97#define INFO6(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors, _flags)\ 98 .part_name = _part_name,\ 99 .id = {\ 100 ((_jedec_id) >> 16) & 0xff,\ 101 ((_jedec_id) >> 8) & 0xff,\ 102 (_jedec_id) & 0xff,\ 103 ((_ext_id) >> 16) & 0xff,\ 104 ((_ext_id) >> 8) & 0xff,\ 105 (_ext_id) & 0xff,\ 106 },\ 107 .id_len = 6,\ 108 .sector_size = (_sector_size),\ 109 .n_sectors = (_n_sectors),\ 110 .page_size = 256,\ 111 .flags = (_flags),\ 112 .die_cnt = 0 113 114#define INFO_STACKED(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors,\ 115 _flags, _die_cnt)\ 116 .part_name = _part_name,\ 117 .id = {\ 118 ((_jedec_id) >> 16) & 0xff,\ 119 ((_jedec_id) >> 8) & 0xff,\ 120 (_jedec_id) & 0xff,\ 121 ((_ext_id) >> 8) & 0xff,\ 122 (_ext_id) & 0xff,\ 123 },\ 124 .id_len = (!(_jedec_id) ? 0 : (3 + ((_ext_id) ? 2 : 0))),\ 125 .sector_size = (_sector_size),\ 126 .n_sectors = (_n_sectors),\ 127 .page_size = 256,\ 128 .flags = (_flags),\ 129 .die_cnt = _die_cnt 130 131#define JEDEC_NUMONYX 0x20 132#define JEDEC_WINBOND 0xEF 133#define JEDEC_SPANSION 0x01 134 135/* Numonyx (Micron) Configuration register macros */ 136#define VCFG_DUMMY 0x1 137#define VCFG_WRAP_SEQUENTIAL 0x2 138#define NVCFG_XIP_MODE_DISABLED (7 << 9) 139#define NVCFG_XIP_MODE_MASK (7 << 9) 140#define VCFG_XIP_MODE_DISABLED (1 << 3) 141#define CFG_DUMMY_CLK_LEN 4 142#define NVCFG_DUMMY_CLK_POS 12 143#define VCFG_DUMMY_CLK_POS 4 144#define EVCFG_OUT_DRIVER_STRENGTH_DEF 7 145#define EVCFG_VPP_ACCELERATOR (1 << 3) 146#define EVCFG_RESET_HOLD_ENABLED (1 << 4) 147#define NVCFG_DUAL_IO_MASK (1 << 2) 148#define EVCFG_DUAL_IO_DISABLED (1 << 6) 149#define NVCFG_QUAD_IO_MASK (1 << 3) 150#define EVCFG_QUAD_IO_DISABLED (1 << 7) 151#define NVCFG_4BYTE_ADDR_MASK (1 << 0) 152#define NVCFG_LOWER_SEGMENT_MASK (1 << 1) 153 154/* Numonyx (Micron) Flag Status Register macros */ 155#define FSR_4BYTE_ADDR_MODE_ENABLED 0x1 156#define FSR_FLASH_READY (1 << 7) 157 158/* Spansion configuration registers macros. */ 159#define SPANSION_QUAD_CFG_POS 0 160#define SPANSION_QUAD_CFG_LEN 1 161#define SPANSION_DUMMY_CLK_POS 0 162#define SPANSION_DUMMY_CLK_LEN 4 163#define SPANSION_ADDR_LEN_POS 7 164#define SPANSION_ADDR_LEN_LEN 1 165 166/* 167 * Spansion read mode command length in bytes, 168 * the mode is currently not supported. 169*/ 170 171#define SPANSION_CONTINUOUS_READ_MODE_CMD_LEN 1 172#define WINBOND_CONTINUOUS_READ_MODE_CMD_LEN 1 173 174static const FlashPartInfo known_devices[] = { 175 /* Atmel -- some are (confusingly) marketed as "DataFlash" */ 176 { INFO("at25fs010", 0x1f6601, 0, 32 << 10, 4, ER_4K) }, 177 { INFO("at25fs040", 0x1f6604, 0, 64 << 10, 8, ER_4K) }, 178 179 { INFO("at25df041a", 0x1f4401, 0, 64 << 10, 8, ER_4K) }, 180 { INFO("at25df321a", 0x1f4701, 0, 64 << 10, 64, ER_4K) }, 181 { INFO("at25df641", 0x1f4800, 0, 64 << 10, 128, ER_4K) }, 182 183 { INFO("at26f004", 0x1f0400, 0, 64 << 10, 8, ER_4K) }, 184 { INFO("at26df081a", 0x1f4501, 0, 64 << 10, 16, ER_4K) }, 185 { INFO("at26df161a", 0x1f4601, 0, 64 << 10, 32, ER_4K) }, 186 { INFO("at26df321", 0x1f4700, 0, 64 << 10, 64, ER_4K) }, 187 188 { INFO("at45db081d", 0x1f2500, 0, 64 << 10, 16, ER_4K) }, 189 190 /* Atmel EEPROMS - it is assumed, that don't care bit in command 191 * is set to 0. Block protection is not supported. 192 */ 193 { INFO("at25128a-nonjedec", 0x0, 0, 1, 131072, EEPROM) }, 194 { INFO("at25256a-nonjedec", 0x0, 0, 1, 262144, EEPROM) }, 195 196 /* EON -- en25xxx */ 197 { INFO("en25f32", 0x1c3116, 0, 64 << 10, 64, ER_4K) }, 198 { INFO("en25p32", 0x1c2016, 0, 64 << 10, 64, 0) }, 199 { INFO("en25q32b", 0x1c3016, 0, 64 << 10, 64, 0) }, 200 { INFO("en25p64", 0x1c2017, 0, 64 << 10, 128, 0) }, 201 { INFO("en25q64", 0x1c3017, 0, 64 << 10, 128, ER_4K) }, 202 203 /* GigaDevice */ 204 { INFO("gd25q32", 0xc84016, 0, 64 << 10, 64, ER_4K) }, 205 { INFO("gd25q64", 0xc84017, 0, 64 << 10, 128, ER_4K) }, 206 207 /* Intel/Numonyx -- xxxs33b */ 208 { INFO("160s33b", 0x898911, 0, 64 << 10, 32, 0) }, 209 { INFO("320s33b", 0x898912, 0, 64 << 10, 64, 0) }, 210 { INFO("640s33b", 0x898913, 0, 64 << 10, 128, 0) }, 211 { INFO("n25q064", 0x20ba17, 0, 64 << 10, 128, 0) }, 212 213 /* ISSI */ 214 { INFO("is25lq040b", 0x9d4013, 0, 64 << 10, 8, ER_4K) }, 215 { INFO("is25lp080d", 0x9d6014, 0, 64 << 10, 16, ER_4K) }, 216 { INFO("is25lp016d", 0x9d6015, 0, 64 << 10, 32, ER_4K) }, 217 { INFO("is25lp032", 0x9d6016, 0, 64 << 10, 64, ER_4K) }, 218 { INFO("is25lp064", 0x9d6017, 0, 64 << 10, 128, ER_4K) }, 219 { INFO("is25lp128", 0x9d6018, 0, 64 << 10, 256, ER_4K) }, 220 { INFO("is25lp256", 0x9d6019, 0, 64 << 10, 512, ER_4K) }, 221 { INFO("is25wp032", 0x9d7016, 0, 64 << 10, 64, ER_4K) }, 222 { INFO("is25wp064", 0x9d7017, 0, 64 << 10, 128, ER_4K) }, 223 { INFO("is25wp128", 0x9d7018, 0, 64 << 10, 256, ER_4K) }, 224 { INFO("is25wp256", 0x9d7019, 0, 64 << 10, 512, ER_4K) }, 225 226 /* Macronix */ 227 { INFO("mx25l2005a", 0xc22012, 0, 64 << 10, 4, ER_4K) }, 228 { INFO("mx25l4005a", 0xc22013, 0, 64 << 10, 8, ER_4K) }, 229 { INFO("mx25l8005", 0xc22014, 0, 64 << 10, 16, 0) }, 230 { INFO("mx25l1606e", 0xc22015, 0, 64 << 10, 32, ER_4K) }, 231 { INFO("mx25l3205d", 0xc22016, 0, 64 << 10, 64, 0) }, 232 { INFO("mx25l6405d", 0xc22017, 0, 64 << 10, 128, 0) }, 233 { INFO("mx25l12805d", 0xc22018, 0, 64 << 10, 256, 0) }, 234 { INFO("mx25l12855e", 0xc22618, 0, 64 << 10, 256, 0) }, 235 { INFO6("mx25l25635e", 0xc22019, 0xc22019, 64 << 10, 512, 0) }, 236 { INFO("mx25l25655e", 0xc22619, 0, 64 << 10, 512, 0) }, 237 { INFO("mx66l51235f", 0xc2201a, 0, 64 << 10, 1024, ER_4K | ER_32K) }, 238 { INFO("mx66u51235f", 0xc2253a, 0, 64 << 10, 1024, ER_4K | ER_32K) }, 239 { INFO("mx66u1g45g", 0xc2253b, 0, 64 << 10, 2048, ER_4K | ER_32K) }, 240 { INFO("mx66l1g45g", 0xc2201b, 0, 64 << 10, 2048, ER_4K | ER_32K) }, 241 242 /* Micron */ 243 { INFO("n25q032a11", 0x20bb16, 0, 64 << 10, 64, ER_4K) }, 244 { INFO("n25q032a13", 0x20ba16, 0, 64 << 10, 64, ER_4K) }, 245 { INFO("n25q064a11", 0x20bb17, 0, 64 << 10, 128, ER_4K) }, 246 { INFO("n25q064a13", 0x20ba17, 0, 64 << 10, 128, ER_4K) }, 247 { INFO("n25q128a11", 0x20bb18, 0, 64 << 10, 256, ER_4K) }, 248 { INFO("n25q128a13", 0x20ba18, 0, 64 << 10, 256, ER_4K) }, 249 { INFO("n25q256a11", 0x20bb19, 0, 64 << 10, 512, ER_4K) }, 250 { INFO("n25q256a13", 0x20ba19, 0, 64 << 10, 512, ER_4K) }, 251 { INFO("n25q512a11", 0x20bb20, 0, 64 << 10, 1024, ER_4K) }, 252 { INFO("n25q512a13", 0x20ba20, 0, 64 << 10, 1024, ER_4K) }, 253 { INFO("n25q128", 0x20ba18, 0, 64 << 10, 256, 0) }, 254 { INFO("n25q256a", 0x20ba19, 0, 64 << 10, 512, ER_4K) }, 255 { INFO("n25q512a", 0x20ba20, 0, 64 << 10, 1024, ER_4K) }, 256 { INFO("n25q512ax3", 0x20ba20, 0x1000, 64 << 10, 1024, ER_4K) }, 257 { INFO("mt25ql512ab", 0x20ba20, 0x1044, 64 << 10, 1024, ER_4K | ER_32K) }, 258 { INFO_STACKED("n25q00", 0x20ba21, 0x1000, 64 << 10, 2048, ER_4K, 4) }, 259 { INFO_STACKED("n25q00a", 0x20bb21, 0x1000, 64 << 10, 2048, ER_4K, 4) }, 260 { INFO_STACKED("mt25ql01g", 0x20ba21, 0x1040, 64 << 10, 2048, ER_4K, 2) }, 261 { INFO_STACKED("mt25qu01g", 0x20bb21, 0x1040, 64 << 10, 2048, ER_4K, 2) }, 262 { INFO_STACKED("mt25ql02g", 0x20ba22, 0x1040, 64 << 10, 4096, ER_4K | ER_32K, 2) }, 263 { INFO_STACKED("mt25qu02g", 0x20bb22, 0x1040, 64 << 10, 4096, ER_4K | ER_32K, 2) }, 264 265 /* Spansion -- single (large) sector size only, at least 266 * for the chips listed here (without boot sectors). 267 */ 268 { INFO("s25sl032p", 0x010215, 0x4d00, 64 << 10, 64, ER_4K) }, 269 { INFO("s25sl064p", 0x010216, 0x4d00, 64 << 10, 128, ER_4K) }, 270 { INFO("s25fl256s0", 0x010219, 0x4d00, 256 << 10, 128, 0) }, 271 { INFO("s25fl256s1", 0x010219, 0x4d01, 64 << 10, 512, 0) }, 272 { INFO6("s25fl512s", 0x010220, 0x4d0080, 256 << 10, 256, 0) }, 273 { INFO6("s70fl01gs", 0x010221, 0x4d0080, 256 << 10, 512, 0) }, 274 { INFO("s25sl12800", 0x012018, 0x0300, 256 << 10, 64, 0) }, 275 { INFO("s25sl12801", 0x012018, 0x0301, 64 << 10, 256, 0) }, 276 { INFO("s25fl129p0", 0x012018, 0x4d00, 256 << 10, 64, 0) }, 277 { INFO("s25fl129p1", 0x012018, 0x4d01, 64 << 10, 256, 0) }, 278 { INFO("s25sl004a", 0x010212, 0, 64 << 10, 8, 0) }, 279 { INFO("s25sl008a", 0x010213, 0, 64 << 10, 16, 0) }, 280 { INFO("s25sl016a", 0x010214, 0, 64 << 10, 32, 0) }, 281 { INFO("s25sl032a", 0x010215, 0, 64 << 10, 64, 0) }, 282 { INFO("s25sl064a", 0x010216, 0, 64 << 10, 128, 0) }, 283 { INFO("s25fl016k", 0xef4015, 0, 64 << 10, 32, ER_4K | ER_32K) }, 284 { INFO("s25fl064k", 0xef4017, 0, 64 << 10, 128, ER_4K | ER_32K) }, 285 286 /* Spansion -- boot sectors support */ 287 { INFO6("s25fs512s", 0x010220, 0x4d0081, 256 << 10, 256, 0) }, 288 { INFO6("s70fs01gs", 0x010221, 0x4d0081, 256 << 10, 512, 0) }, 289 290 /* SST -- large erase sizes are "overlays", "sectors" are 4<< 10 */ 291 { INFO("sst25vf040b", 0xbf258d, 0, 64 << 10, 8, ER_4K) }, 292 { INFO("sst25vf080b", 0xbf258e, 0, 64 << 10, 16, ER_4K) }, 293 { INFO("sst25vf016b", 0xbf2541, 0, 64 << 10, 32, ER_4K) }, 294 { INFO("sst25vf032b", 0xbf254a, 0, 64 << 10, 64, ER_4K) }, 295 { INFO("sst25wf512", 0xbf2501, 0, 64 << 10, 1, ER_4K) }, 296 { INFO("sst25wf010", 0xbf2502, 0, 64 << 10, 2, ER_4K) }, 297 { INFO("sst25wf020", 0xbf2503, 0, 64 << 10, 4, ER_4K) }, 298 { INFO("sst25wf040", 0xbf2504, 0, 64 << 10, 8, ER_4K) }, 299 { INFO("sst25wf080", 0xbf2505, 0, 64 << 10, 16, ER_4K) }, 300 301 /* ST Microelectronics -- newer production may have feature updates */ 302 { INFO("m25p05", 0x202010, 0, 32 << 10, 2, 0) }, 303 { INFO("m25p10", 0x202011, 0, 32 << 10, 4, 0) }, 304 { INFO("m25p20", 0x202012, 0, 64 << 10, 4, 0) }, 305 { INFO("m25p40", 0x202013, 0, 64 << 10, 8, 0) }, 306 { INFO("m25p80", 0x202014, 0, 64 << 10, 16, 0) }, 307 { INFO("m25p16", 0x202015, 0, 64 << 10, 32, 0) }, 308 { INFO("m25p32", 0x202016, 0, 64 << 10, 64, 0) }, 309 { INFO("m25p64", 0x202017, 0, 64 << 10, 128, 0) }, 310 { INFO("m25p128", 0x202018, 0, 256 << 10, 64, 0) }, 311 { INFO("n25q032", 0x20ba16, 0, 64 << 10, 64, 0) }, 312 313 { INFO("m45pe10", 0x204011, 0, 64 << 10, 2, 0) }, 314 { INFO("m45pe80", 0x204014, 0, 64 << 10, 16, 0) }, 315 { INFO("m45pe16", 0x204015, 0, 64 << 10, 32, 0) }, 316 317 { INFO("m25pe20", 0x208012, 0, 64 << 10, 4, 0) }, 318 { INFO("m25pe80", 0x208014, 0, 64 << 10, 16, 0) }, 319 { INFO("m25pe16", 0x208015, 0, 64 << 10, 32, ER_4K) }, 320 321 { INFO("m25px32", 0x207116, 0, 64 << 10, 64, ER_4K) }, 322 { INFO("m25px32-s0", 0x207316, 0, 64 << 10, 64, ER_4K) }, 323 { INFO("m25px32-s1", 0x206316, 0, 64 << 10, 64, ER_4K) }, 324 { INFO("m25px64", 0x207117, 0, 64 << 10, 128, 0) }, 325 326 /* Winbond -- w25x "blocks" are 64k, "sectors" are 4KiB */ 327 { INFO("w25x10", 0xef3011, 0, 64 << 10, 2, ER_4K) }, 328 { INFO("w25x20", 0xef3012, 0, 64 << 10, 4, ER_4K) }, 329 { INFO("w25x40", 0xef3013, 0, 64 << 10, 8, ER_4K) }, 330 { INFO("w25x80", 0xef3014, 0, 64 << 10, 16, ER_4K) }, 331 { INFO("w25x16", 0xef3015, 0, 64 << 10, 32, ER_4K) }, 332 { INFO("w25x32", 0xef3016, 0, 64 << 10, 64, ER_4K) }, 333 { INFO("w25q32", 0xef4016, 0, 64 << 10, 64, ER_4K) }, 334 { INFO("w25q32dw", 0xef6016, 0, 64 << 10, 64, ER_4K) }, 335 { INFO("w25x64", 0xef3017, 0, 64 << 10, 128, ER_4K) }, 336 { INFO("w25q64", 0xef4017, 0, 64 << 10, 128, ER_4K) }, 337 { INFO("w25q80", 0xef5014, 0, 64 << 10, 16, ER_4K) }, 338 { INFO("w25q80bl", 0xef4014, 0, 64 << 10, 16, ER_4K) }, 339 { INFO("w25q256", 0xef4019, 0, 64 << 10, 512, ER_4K) }, 340 { INFO("w25q512jv", 0xef4020, 0, 64 << 10, 1024, ER_4K) }, 341}; 342 343typedef enum { 344 NOP = 0, 345 WRSR = 0x1, 346 WRDI = 0x4, 347 RDSR = 0x5, 348 WREN = 0x6, 349 BRRD = 0x16, 350 BRWR = 0x17, 351 JEDEC_READ = 0x9f, 352 BULK_ERASE_60 = 0x60, 353 BULK_ERASE = 0xc7, 354 READ_FSR = 0x70, 355 RDCR = 0x15, 356 357 READ = 0x03, 358 READ4 = 0x13, 359 FAST_READ = 0x0b, 360 FAST_READ4 = 0x0c, 361 DOR = 0x3b, 362 DOR4 = 0x3c, 363 QOR = 0x6b, 364 QOR4 = 0x6c, 365 DIOR = 0xbb, 366 DIOR4 = 0xbc, 367 QIOR = 0xeb, 368 QIOR4 = 0xec, 369 370 PP = 0x02, 371 PP4 = 0x12, 372 PP4_4 = 0x3e, 373 DPP = 0xa2, 374 QPP = 0x32, 375 QPP_4 = 0x34, 376 RDID_90 = 0x90, 377 RDID_AB = 0xab, 378 AAI_WP = 0xad, 379 380 ERASE_4K = 0x20, 381 ERASE4_4K = 0x21, 382 ERASE_32K = 0x52, 383 ERASE4_32K = 0x5c, 384 ERASE_SECTOR = 0xd8, 385 ERASE4_SECTOR = 0xdc, 386 387 EN_4BYTE_ADDR = 0xB7, 388 EX_4BYTE_ADDR = 0xE9, 389 390 EXTEND_ADDR_READ = 0xC8, 391 EXTEND_ADDR_WRITE = 0xC5, 392 393 RESET_ENABLE = 0x66, 394 RESET_MEMORY = 0x99, 395 396 /* 397 * Micron: 0x35 - enable QPI 398 * Spansion: 0x35 - read control register 399 */ 400 RDCR_EQIO = 0x35, 401 RSTQIO = 0xf5, 402 403 RNVCR = 0xB5, 404 WNVCR = 0xB1, 405 406 RVCR = 0x85, 407 WVCR = 0x81, 408 409 REVCR = 0x65, 410 WEVCR = 0x61, 411 412 DIE_ERASE = 0xC4, 413} FlashCMD; 414 415typedef enum { 416 STATE_IDLE, 417 STATE_PAGE_PROGRAM, 418 STATE_READ, 419 STATE_COLLECTING_DATA, 420 STATE_COLLECTING_VAR_LEN_DATA, 421 STATE_READING_DATA, 422} CMDState; 423 424typedef enum { 425 MAN_SPANSION, 426 MAN_MACRONIX, 427 MAN_NUMONYX, 428 MAN_WINBOND, 429 MAN_SST, 430 MAN_ISSI, 431 MAN_GENERIC, 432} Manufacturer; 433 434typedef enum { 435 MODE_STD = 0, 436 MODE_DIO = 1, 437 MODE_QIO = 2 438} SPIMode; 439 440#define M25P80_INTERNAL_DATA_BUFFER_SZ 16 441 442struct Flash { 443 SSIPeripheral parent_obj; 444 445 BlockBackend *blk; 446 447 uint8_t *storage; 448 uint32_t size; 449 int page_size; 450 451 uint8_t state; 452 uint8_t data[M25P80_INTERNAL_DATA_BUFFER_SZ]; 453 uint32_t len; 454 uint32_t pos; 455 bool data_read_loop; 456 uint8_t needed_bytes; 457 uint8_t cmd_in_progress; 458 uint32_t cur_addr; 459 uint32_t nonvolatile_cfg; 460 /* Configuration register for Macronix */ 461 uint32_t volatile_cfg; 462 uint32_t enh_volatile_cfg; 463 /* Spansion cfg registers. */ 464 uint8_t spansion_cr1nv; 465 uint8_t spansion_cr2nv; 466 uint8_t spansion_cr3nv; 467 uint8_t spansion_cr4nv; 468 uint8_t spansion_cr1v; 469 uint8_t spansion_cr2v; 470 uint8_t spansion_cr3v; 471 uint8_t spansion_cr4v; 472 bool write_enable; 473 bool four_bytes_address_mode; 474 bool reset_enable; 475 bool quad_enable; 476 bool aai_enable; 477 uint8_t ear; 478 479 int64_t dirty_page; 480 481 const FlashPartInfo *pi; 482 483}; 484 485struct M25P80Class { 486 SSIPeripheralClass parent_class; 487 FlashPartInfo *pi; 488}; 489 490#define TYPE_M25P80 "m25p80-generic" 491OBJECT_DECLARE_TYPE(Flash, M25P80Class, M25P80) 492 493static inline Manufacturer get_man(Flash *s) 494{ 495 switch (s->pi->id[0]) { 496 case 0x20: 497 return MAN_NUMONYX; 498 case 0xEF: 499 return MAN_WINBOND; 500 case 0x01: 501 return MAN_SPANSION; 502 case 0xC2: 503 return MAN_MACRONIX; 504 case 0xBF: 505 return MAN_SST; 506 case 0x9D: 507 return MAN_ISSI; 508 default: 509 return MAN_GENERIC; 510 } 511} 512 513static void blk_sync_complete(void *opaque, int ret) 514{ 515 QEMUIOVector *iov = opaque; 516 517 qemu_iovec_destroy(iov); 518 g_free(iov); 519 520 /* do nothing. Masters do not directly interact with the backing store, 521 * only the working copy so no mutexing required. 522 */ 523} 524 525static void flash_sync_page(Flash *s, int page) 526{ 527 QEMUIOVector *iov; 528 529 if (!s->blk || !blk_is_writable(s->blk)) { 530 return; 531 } 532 533 iov = g_new(QEMUIOVector, 1); 534 qemu_iovec_init(iov, 1); 535 qemu_iovec_add(iov, s->storage + page * s->pi->page_size, 536 s->pi->page_size); 537 blk_aio_pwritev(s->blk, page * s->pi->page_size, iov, 0, 538 blk_sync_complete, iov); 539} 540 541static inline void flash_sync_area(Flash *s, int64_t off, int64_t len) 542{ 543 QEMUIOVector *iov; 544 545 if (!s->blk || !blk_is_writable(s->blk)) { 546 return; 547 } 548 549 assert(!(len % BDRV_SECTOR_SIZE)); 550 iov = g_new(QEMUIOVector, 1); 551 qemu_iovec_init(iov, 1); 552 qemu_iovec_add(iov, s->storage + off, len); 553 blk_aio_pwritev(s->blk, off, iov, 0, blk_sync_complete, iov); 554} 555 556static void flash_erase(Flash *s, int offset, FlashCMD cmd) 557{ 558 uint32_t len; 559 uint8_t capa_to_assert = 0; 560 561 switch (cmd) { 562 case ERASE_4K: 563 case ERASE4_4K: 564 len = 4 * KiB; 565 capa_to_assert = ER_4K; 566 break; 567 case ERASE_32K: 568 case ERASE4_32K: 569 len = 32 * KiB; 570 capa_to_assert = ER_32K; 571 break; 572 case ERASE_SECTOR: 573 case ERASE4_SECTOR: 574 len = s->pi->sector_size; 575 break; 576 case BULK_ERASE: 577 len = s->size; 578 break; 579 case DIE_ERASE: 580 if (s->pi->die_cnt) { 581 len = s->size / s->pi->die_cnt; 582 offset = offset & (~(len - 1)); 583 } else { 584 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: die erase is not supported" 585 " by device\n"); 586 return; 587 } 588 break; 589 default: 590 abort(); 591 } 592 593 trace_m25p80_flash_erase(s, offset, len); 594 595 if ((s->pi->flags & capa_to_assert) != capa_to_assert) { 596 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: %d erase size not supported by" 597 " device\n", len); 598 } 599 600 if (!s->write_enable) { 601 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: erase with write protect!\n"); 602 return; 603 } 604 memset(s->storage + offset, 0xff, len); 605 flash_sync_area(s, offset, len); 606} 607 608static inline void flash_sync_dirty(Flash *s, int64_t newpage) 609{ 610 if (s->dirty_page >= 0 && s->dirty_page != newpage) { 611 flash_sync_page(s, s->dirty_page); 612 s->dirty_page = newpage; 613 } 614} 615 616static inline 617void flash_write8(Flash *s, uint32_t addr, uint8_t data) 618{ 619 uint32_t page = addr / s->pi->page_size; 620 uint8_t prev = s->storage[s->cur_addr]; 621 622 if (!s->write_enable) { 623 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: write with write protect!\n"); 624 return; 625 } 626 627 if ((prev ^ data) & data) { 628 trace_m25p80_programming_zero_to_one(s, addr, prev, data); 629 } 630 631 if (s->pi->flags & EEPROM) { 632 s->storage[s->cur_addr] = data; 633 } else { 634 s->storage[s->cur_addr] &= data; 635 } 636 637 flash_sync_dirty(s, page); 638 s->dirty_page = page; 639} 640 641static inline int get_addr_length(Flash *s) 642{ 643 /* check if eeprom is in use */ 644 if (s->pi->flags == EEPROM) { 645 return 2; 646 } 647 648 switch (s->cmd_in_progress) { 649 case PP4: 650 case PP4_4: 651 case QPP_4: 652 case READ4: 653 case QIOR4: 654 case ERASE4_4K: 655 case ERASE4_32K: 656 case ERASE4_SECTOR: 657 case FAST_READ4: 658 case DOR4: 659 case QOR4: 660 case DIOR4: 661 return 4; 662 default: 663 return s->four_bytes_address_mode ? 4 : 3; 664 } 665} 666 667static void complete_collecting_data(Flash *s) 668{ 669 int i, n; 670 671 n = get_addr_length(s); 672 s->cur_addr = (n == 3 ? s->ear : 0); 673 for (i = 0; i < n; ++i) { 674 s->cur_addr <<= 8; 675 s->cur_addr |= s->data[i]; 676 } 677 678 s->cur_addr &= s->size - 1; 679 680 s->state = STATE_IDLE; 681 682 trace_m25p80_complete_collecting(s, s->cmd_in_progress, n, s->ear, 683 s->cur_addr); 684 685 switch (s->cmd_in_progress) { 686 case DPP: 687 case QPP: 688 case QPP_4: 689 case PP: 690 case PP4: 691 case PP4_4: 692 s->state = STATE_PAGE_PROGRAM; 693 break; 694 case AAI_WP: 695 /* AAI programming starts from the even address */ 696 s->cur_addr &= ~BIT(0); 697 s->state = STATE_PAGE_PROGRAM; 698 break; 699 case READ: 700 case READ4: 701 case FAST_READ: 702 case FAST_READ4: 703 case DOR: 704 case DOR4: 705 case QOR: 706 case QOR4: 707 case DIOR: 708 case DIOR4: 709 case QIOR: 710 case QIOR4: 711 s->state = STATE_READ; 712 break; 713 case ERASE_4K: 714 case ERASE4_4K: 715 case ERASE_32K: 716 case ERASE4_32K: 717 case ERASE_SECTOR: 718 case ERASE4_SECTOR: 719 case DIE_ERASE: 720 flash_erase(s, s->cur_addr, s->cmd_in_progress); 721 break; 722 case WRSR: 723 switch (get_man(s)) { 724 case MAN_SPANSION: 725 s->quad_enable = !!(s->data[1] & 0x02); 726 break; 727 case MAN_ISSI: 728 s->quad_enable = extract32(s->data[0], 6, 1); 729 break; 730 case MAN_MACRONIX: 731 s->quad_enable = extract32(s->data[0], 6, 1); 732 if (s->len > 1) { 733 s->volatile_cfg = s->data[1]; 734 s->four_bytes_address_mode = extract32(s->data[1], 5, 1); 735 } 736 break; 737 default: 738 break; 739 } 740 if (s->write_enable) { 741 s->write_enable = false; 742 } 743 break; 744 case BRWR: 745 case EXTEND_ADDR_WRITE: 746 s->ear = s->data[0]; 747 break; 748 case WNVCR: 749 s->nonvolatile_cfg = s->data[0] | (s->data[1] << 8); 750 break; 751 case WVCR: 752 s->volatile_cfg = s->data[0]; 753 break; 754 case WEVCR: 755 s->enh_volatile_cfg = s->data[0]; 756 break; 757 case RDID_90: 758 case RDID_AB: 759 if (get_man(s) == MAN_SST) { 760 if (s->cur_addr <= 1) { 761 if (s->cur_addr) { 762 s->data[0] = s->pi->id[2]; 763 s->data[1] = s->pi->id[0]; 764 } else { 765 s->data[0] = s->pi->id[0]; 766 s->data[1] = s->pi->id[2]; 767 } 768 s->pos = 0; 769 s->len = 2; 770 s->data_read_loop = true; 771 s->state = STATE_READING_DATA; 772 } else { 773 qemu_log_mask(LOG_GUEST_ERROR, 774 "M25P80: Invalid read id address\n"); 775 } 776 } else { 777 qemu_log_mask(LOG_GUEST_ERROR, 778 "M25P80: Read id (command 0x90/0xAB) is not supported" 779 " by device\n"); 780 } 781 break; 782 default: 783 break; 784 } 785} 786 787static void reset_memory(Flash *s) 788{ 789 s->cmd_in_progress = NOP; 790 s->cur_addr = 0; 791 s->ear = 0; 792 s->four_bytes_address_mode = false; 793 s->len = 0; 794 s->needed_bytes = 0; 795 s->pos = 0; 796 s->state = STATE_IDLE; 797 s->write_enable = false; 798 s->reset_enable = false; 799 s->quad_enable = false; 800 s->aai_enable = false; 801 802 switch (get_man(s)) { 803 case MAN_NUMONYX: 804 s->volatile_cfg = 0; 805 s->volatile_cfg |= VCFG_DUMMY; 806 s->volatile_cfg |= VCFG_WRAP_SEQUENTIAL; 807 if ((s->nonvolatile_cfg & NVCFG_XIP_MODE_MASK) 808 == NVCFG_XIP_MODE_DISABLED) { 809 s->volatile_cfg |= VCFG_XIP_MODE_DISABLED; 810 } 811 s->volatile_cfg |= deposit32(s->volatile_cfg, 812 VCFG_DUMMY_CLK_POS, 813 CFG_DUMMY_CLK_LEN, 814 extract32(s->nonvolatile_cfg, 815 NVCFG_DUMMY_CLK_POS, 816 CFG_DUMMY_CLK_LEN) 817 ); 818 819 s->enh_volatile_cfg = 0; 820 s->enh_volatile_cfg |= EVCFG_OUT_DRIVER_STRENGTH_DEF; 821 s->enh_volatile_cfg |= EVCFG_VPP_ACCELERATOR; 822 s->enh_volatile_cfg |= EVCFG_RESET_HOLD_ENABLED; 823 if (s->nonvolatile_cfg & NVCFG_DUAL_IO_MASK) { 824 s->enh_volatile_cfg |= EVCFG_DUAL_IO_DISABLED; 825 } 826 if (s->nonvolatile_cfg & NVCFG_QUAD_IO_MASK) { 827 s->enh_volatile_cfg |= EVCFG_QUAD_IO_DISABLED; 828 } 829 if (!(s->nonvolatile_cfg & NVCFG_4BYTE_ADDR_MASK)) { 830 s->four_bytes_address_mode = true; 831 } 832 if (!(s->nonvolatile_cfg & NVCFG_LOWER_SEGMENT_MASK)) { 833 s->ear = s->size / MAX_3BYTES_SIZE - 1; 834 } 835 break; 836 case MAN_MACRONIX: 837 s->volatile_cfg = 0x7; 838 break; 839 case MAN_SPANSION: 840 s->spansion_cr1v = s->spansion_cr1nv; 841 s->spansion_cr2v = s->spansion_cr2nv; 842 s->spansion_cr3v = s->spansion_cr3nv; 843 s->spansion_cr4v = s->spansion_cr4nv; 844 s->quad_enable = extract32(s->spansion_cr1v, 845 SPANSION_QUAD_CFG_POS, 846 SPANSION_QUAD_CFG_LEN 847 ); 848 s->four_bytes_address_mode = extract32(s->spansion_cr2v, 849 SPANSION_ADDR_LEN_POS, 850 SPANSION_ADDR_LEN_LEN 851 ); 852 break; 853 default: 854 break; 855 } 856 857 trace_m25p80_reset_done(s); 858} 859 860static uint8_t numonyx_mode(Flash *s) 861{ 862 if (!(s->enh_volatile_cfg & EVCFG_QUAD_IO_DISABLED)) { 863 return MODE_QIO; 864 } else if (!(s->enh_volatile_cfg & EVCFG_DUAL_IO_DISABLED)) { 865 return MODE_DIO; 866 } else { 867 return MODE_STD; 868 } 869} 870 871static uint8_t numonyx_extract_cfg_num_dummies(Flash *s) 872{ 873 uint8_t num_dummies; 874 uint8_t mode; 875 assert(get_man(s) == MAN_NUMONYX); 876 877 mode = numonyx_mode(s); 878 num_dummies = extract32(s->volatile_cfg, 4, 4); 879 880 if (num_dummies == 0x0 || num_dummies == 0xf) { 881 switch (s->cmd_in_progress) { 882 case QIOR: 883 case QIOR4: 884 num_dummies = 10; 885 break; 886 default: 887 num_dummies = (mode == MODE_QIO) ? 10 : 8; 888 break; 889 } 890 } 891 892 return num_dummies; 893} 894 895static void decode_fast_read_cmd(Flash *s) 896{ 897 s->needed_bytes = get_addr_length(s); 898 switch (get_man(s)) { 899 /* Dummy cycles - modeled with bytes writes instead of bits */ 900 case MAN_SST: 901 s->needed_bytes += 1; 902 break; 903 case MAN_WINBOND: 904 s->needed_bytes += 8; 905 break; 906 case MAN_NUMONYX: 907 s->needed_bytes += numonyx_extract_cfg_num_dummies(s); 908 break; 909 case MAN_MACRONIX: 910 if (extract32(s->volatile_cfg, 6, 2) == 1) { 911 s->needed_bytes += 6; 912 } else { 913 s->needed_bytes += 8; 914 } 915 break; 916 case MAN_SPANSION: 917 s->needed_bytes += extract32(s->spansion_cr2v, 918 SPANSION_DUMMY_CLK_POS, 919 SPANSION_DUMMY_CLK_LEN 920 ); 921 break; 922 case MAN_ISSI: 923 /* 924 * The Fast Read instruction code is followed by address bytes and 925 * dummy cycles, transmitted via the SI line. 926 * 927 * The number of dummy cycles is configurable but this is currently 928 * unmodeled, hence the default value 8 is used. 929 * 930 * QPI (Quad Peripheral Interface) mode has different default value 931 * of dummy cycles, but this is unsupported at the time being. 932 */ 933 s->needed_bytes += 1; 934 break; 935 default: 936 break; 937 } 938 s->pos = 0; 939 s->len = 0; 940 s->state = STATE_COLLECTING_DATA; 941} 942 943static void decode_dio_read_cmd(Flash *s) 944{ 945 s->needed_bytes = get_addr_length(s); 946 /* Dummy cycles modeled with bytes writes instead of bits */ 947 switch (get_man(s)) { 948 case MAN_WINBOND: 949 s->needed_bytes += WINBOND_CONTINUOUS_READ_MODE_CMD_LEN; 950 break; 951 case MAN_SPANSION: 952 s->needed_bytes += SPANSION_CONTINUOUS_READ_MODE_CMD_LEN; 953 s->needed_bytes += extract32(s->spansion_cr2v, 954 SPANSION_DUMMY_CLK_POS, 955 SPANSION_DUMMY_CLK_LEN 956 ); 957 break; 958 case MAN_NUMONYX: 959 s->needed_bytes += numonyx_extract_cfg_num_dummies(s); 960 break; 961 case MAN_MACRONIX: 962 switch (extract32(s->volatile_cfg, 6, 2)) { 963 case 1: 964 s->needed_bytes += 6; 965 break; 966 case 2: 967 s->needed_bytes += 8; 968 break; 969 default: 970 s->needed_bytes += 4; 971 break; 972 } 973 break; 974 case MAN_ISSI: 975 /* 976 * The Fast Read Dual I/O instruction code is followed by address bytes 977 * and dummy cycles, transmitted via the IO1 and IO0 line. 978 * 979 * The number of dummy cycles is configurable but this is currently 980 * unmodeled, hence the default value 4 is used. 981 */ 982 s->needed_bytes += 1; 983 break; 984 default: 985 break; 986 } 987 s->pos = 0; 988 s->len = 0; 989 s->state = STATE_COLLECTING_DATA; 990} 991 992static void decode_qio_read_cmd(Flash *s) 993{ 994 s->needed_bytes = get_addr_length(s); 995 /* Dummy cycles modeled with bytes writes instead of bits */ 996 switch (get_man(s)) { 997 case MAN_WINBOND: 998 s->needed_bytes += WINBOND_CONTINUOUS_READ_MODE_CMD_LEN; 999 s->needed_bytes += 4; 1000 break; 1001 case MAN_SPANSION: 1002 s->needed_bytes += SPANSION_CONTINUOUS_READ_MODE_CMD_LEN; 1003 s->needed_bytes += extract32(s->spansion_cr2v, 1004 SPANSION_DUMMY_CLK_POS, 1005 SPANSION_DUMMY_CLK_LEN 1006 ); 1007 break; 1008 case MAN_NUMONYX: 1009 s->needed_bytes += numonyx_extract_cfg_num_dummies(s); 1010 break; 1011 case MAN_MACRONIX: 1012 switch (extract32(s->volatile_cfg, 6, 2)) { 1013 case 1: 1014 s->needed_bytes += 4; 1015 break; 1016 case 2: 1017 s->needed_bytes += 8; 1018 break; 1019 default: 1020 s->needed_bytes += 6; 1021 break; 1022 } 1023 break; 1024 case MAN_ISSI: 1025 /* 1026 * The Fast Read Quad I/O instruction code is followed by address bytes 1027 * and dummy cycles, transmitted via the IO3, IO2, IO1 and IO0 line. 1028 * 1029 * The number of dummy cycles is configurable but this is currently 1030 * unmodeled, hence the default value 6 is used. 1031 * 1032 * QPI (Quad Peripheral Interface) mode has different default value 1033 * of dummy cycles, but this is unsupported at the time being. 1034 */ 1035 s->needed_bytes += 3; 1036 break; 1037 default: 1038 break; 1039 } 1040 s->pos = 0; 1041 s->len = 0; 1042 s->state = STATE_COLLECTING_DATA; 1043} 1044 1045static bool is_valid_aai_cmd(uint32_t cmd) 1046{ 1047 return cmd == AAI_WP || cmd == WRDI || cmd == RDSR; 1048} 1049 1050static void decode_new_cmd(Flash *s, uint32_t value) 1051{ 1052 int i; 1053 1054 s->cmd_in_progress = value; 1055 trace_m25p80_command_decoded(s, value); 1056 1057 if (value != RESET_MEMORY) { 1058 s->reset_enable = false; 1059 } 1060 1061 if (get_man(s) == MAN_SST && s->aai_enable && !is_valid_aai_cmd(value)) { 1062 qemu_log_mask(LOG_GUEST_ERROR, 1063 "M25P80: Invalid cmd within AAI programming sequence"); 1064 } 1065 1066 switch (value) { 1067 1068 case ERASE_4K: 1069 case ERASE4_4K: 1070 case ERASE_32K: 1071 case ERASE4_32K: 1072 case ERASE_SECTOR: 1073 case ERASE4_SECTOR: 1074 case PP: 1075 case PP4: 1076 case DIE_ERASE: 1077 case RDID_90: 1078 case RDID_AB: 1079 s->needed_bytes = get_addr_length(s); 1080 s->pos = 0; 1081 s->len = 0; 1082 s->state = STATE_COLLECTING_DATA; 1083 break; 1084 case READ: 1085 case READ4: 1086 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) == MODE_STD) { 1087 s->needed_bytes = get_addr_length(s); 1088 s->pos = 0; 1089 s->len = 0; 1090 s->state = STATE_COLLECTING_DATA; 1091 } else { 1092 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in " 1093 "DIO or QIO mode\n", s->cmd_in_progress); 1094 } 1095 break; 1096 case DPP: 1097 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_QIO) { 1098 s->needed_bytes = get_addr_length(s); 1099 s->pos = 0; 1100 s->len = 0; 1101 s->state = STATE_COLLECTING_DATA; 1102 } else { 1103 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in " 1104 "QIO mode\n", s->cmd_in_progress); 1105 } 1106 break; 1107 case QPP: 1108 case QPP_4: 1109 case PP4_4: 1110 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_DIO) { 1111 s->needed_bytes = get_addr_length(s); 1112 s->pos = 0; 1113 s->len = 0; 1114 s->state = STATE_COLLECTING_DATA; 1115 } else { 1116 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in " 1117 "DIO mode\n", s->cmd_in_progress); 1118 } 1119 break; 1120 1121 case FAST_READ: 1122 case FAST_READ4: 1123 decode_fast_read_cmd(s); 1124 break; 1125 case DOR: 1126 case DOR4: 1127 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_QIO) { 1128 decode_fast_read_cmd(s); 1129 } else { 1130 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in " 1131 "QIO mode\n", s->cmd_in_progress); 1132 } 1133 break; 1134 case QOR: 1135 case QOR4: 1136 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_DIO) { 1137 decode_fast_read_cmd(s); 1138 } else { 1139 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in " 1140 "DIO mode\n", s->cmd_in_progress); 1141 } 1142 break; 1143 1144 case DIOR: 1145 case DIOR4: 1146 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_QIO) { 1147 decode_dio_read_cmd(s); 1148 } else { 1149 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in " 1150 "QIO mode\n", s->cmd_in_progress); 1151 } 1152 break; 1153 1154 case QIOR: 1155 case QIOR4: 1156 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_DIO) { 1157 decode_qio_read_cmd(s); 1158 } else { 1159 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in " 1160 "DIO mode\n", s->cmd_in_progress); 1161 } 1162 break; 1163 1164 case WRSR: 1165 if (s->write_enable) { 1166 switch (get_man(s)) { 1167 case MAN_SPANSION: 1168 s->needed_bytes = 2; 1169 s->state = STATE_COLLECTING_DATA; 1170 break; 1171 case MAN_MACRONIX: 1172 s->needed_bytes = 2; 1173 s->state = STATE_COLLECTING_VAR_LEN_DATA; 1174 break; 1175 default: 1176 s->needed_bytes = 1; 1177 s->state = STATE_COLLECTING_DATA; 1178 } 1179 s->pos = 0; 1180 } 1181 break; 1182 1183 case WRDI: 1184 s->write_enable = false; 1185 if (get_man(s) == MAN_SST) { 1186 s->aai_enable = false; 1187 } 1188 break; 1189 case WREN: 1190 s->write_enable = true; 1191 break; 1192 1193 case RDSR: 1194 s->data[0] = (!!s->write_enable) << 1; 1195 if (get_man(s) == MAN_MACRONIX || get_man(s) == MAN_ISSI) { 1196 s->data[0] |= (!!s->quad_enable) << 6; 1197 } 1198 if (get_man(s) == MAN_SST) { 1199 s->data[0] |= (!!s->aai_enable) << 6; 1200 } 1201 1202 s->pos = 0; 1203 s->len = 1; 1204 s->data_read_loop = true; 1205 s->state = STATE_READING_DATA; 1206 break; 1207 1208 case READ_FSR: 1209 s->data[0] = FSR_FLASH_READY; 1210 if (s->four_bytes_address_mode) { 1211 s->data[0] |= FSR_4BYTE_ADDR_MODE_ENABLED; 1212 } 1213 s->pos = 0; 1214 s->len = 1; 1215 s->data_read_loop = true; 1216 s->state = STATE_READING_DATA; 1217 break; 1218 1219 case JEDEC_READ: 1220 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) == MODE_STD) { 1221 trace_m25p80_populated_jedec(s); 1222 for (i = 0; i < s->pi->id_len; i++) { 1223 s->data[i] = s->pi->id[i]; 1224 } 1225 for (; i < SPI_NOR_MAX_ID_LEN; i++) { 1226 s->data[i] = 0; 1227 } 1228 1229 s->len = SPI_NOR_MAX_ID_LEN; 1230 s->pos = 0; 1231 s->state = STATE_READING_DATA; 1232 } else { 1233 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute JEDEC read " 1234 "in DIO or QIO mode\n"); 1235 } 1236 break; 1237 1238 case RDCR: 1239 s->data[0] = s->volatile_cfg & 0xFF; 1240 s->data[0] |= (!!s->four_bytes_address_mode) << 5; 1241 s->pos = 0; 1242 s->len = 1; 1243 s->state = STATE_READING_DATA; 1244 break; 1245 1246 case BULK_ERASE_60: 1247 case BULK_ERASE: 1248 if (s->write_enable) { 1249 trace_m25p80_chip_erase(s); 1250 flash_erase(s, 0, BULK_ERASE); 1251 } else { 1252 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: chip erase with write " 1253 "protect!\n"); 1254 } 1255 break; 1256 case NOP: 1257 break; 1258 case EN_4BYTE_ADDR: 1259 s->four_bytes_address_mode = true; 1260 break; 1261 case EX_4BYTE_ADDR: 1262 s->four_bytes_address_mode = false; 1263 break; 1264 case BRRD: 1265 case EXTEND_ADDR_READ: 1266 s->data[0] = s->ear; 1267 s->pos = 0; 1268 s->len = 1; 1269 s->state = STATE_READING_DATA; 1270 break; 1271 case BRWR: 1272 case EXTEND_ADDR_WRITE: 1273 if (s->write_enable) { 1274 s->needed_bytes = 1; 1275 s->pos = 0; 1276 s->len = 0; 1277 s->state = STATE_COLLECTING_DATA; 1278 } 1279 break; 1280 case RNVCR: 1281 s->data[0] = s->nonvolatile_cfg & 0xFF; 1282 s->data[1] = (s->nonvolatile_cfg >> 8) & 0xFF; 1283 s->pos = 0; 1284 s->len = 2; 1285 s->state = STATE_READING_DATA; 1286 break; 1287 case WNVCR: 1288 if (s->write_enable && get_man(s) == MAN_NUMONYX) { 1289 s->needed_bytes = 2; 1290 s->pos = 0; 1291 s->len = 0; 1292 s->state = STATE_COLLECTING_DATA; 1293 } 1294 break; 1295 case RVCR: 1296 s->data[0] = s->volatile_cfg & 0xFF; 1297 s->pos = 0; 1298 s->len = 1; 1299 s->state = STATE_READING_DATA; 1300 break; 1301 case WVCR: 1302 if (s->write_enable) { 1303 s->needed_bytes = 1; 1304 s->pos = 0; 1305 s->len = 0; 1306 s->state = STATE_COLLECTING_DATA; 1307 } 1308 break; 1309 case REVCR: 1310 s->data[0] = s->enh_volatile_cfg & 0xFF; 1311 s->pos = 0; 1312 s->len = 1; 1313 s->state = STATE_READING_DATA; 1314 break; 1315 case WEVCR: 1316 if (s->write_enable) { 1317 s->needed_bytes = 1; 1318 s->pos = 0; 1319 s->len = 0; 1320 s->state = STATE_COLLECTING_DATA; 1321 } 1322 break; 1323 case RESET_ENABLE: 1324 s->reset_enable = true; 1325 break; 1326 case RESET_MEMORY: 1327 if (s->reset_enable) { 1328 reset_memory(s); 1329 } 1330 break; 1331 case RDCR_EQIO: 1332 switch (get_man(s)) { 1333 case MAN_SPANSION: 1334 s->data[0] = (!!s->quad_enable) << 1; 1335 s->pos = 0; 1336 s->len = 1; 1337 s->state = STATE_READING_DATA; 1338 break; 1339 case MAN_MACRONIX: 1340 s->quad_enable = true; 1341 break; 1342 default: 1343 break; 1344 } 1345 break; 1346 case RSTQIO: 1347 s->quad_enable = false; 1348 break; 1349 case AAI_WP: 1350 if (get_man(s) == MAN_SST) { 1351 if (s->write_enable) { 1352 if (s->aai_enable) { 1353 s->state = STATE_PAGE_PROGRAM; 1354 } else { 1355 s->aai_enable = true; 1356 s->needed_bytes = get_addr_length(s); 1357 s->state = STATE_COLLECTING_DATA; 1358 } 1359 } else { 1360 qemu_log_mask(LOG_GUEST_ERROR, 1361 "M25P80: AAI_WP with write protect\n"); 1362 } 1363 } else { 1364 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value); 1365 } 1366 break; 1367 default: 1368 s->pos = 0; 1369 s->len = 1; 1370 s->state = STATE_READING_DATA; 1371 s->data_read_loop = true; 1372 s->data[0] = 0; 1373 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value); 1374 break; 1375 } 1376} 1377 1378static int m25p80_cs(SSIPeripheral *ss, bool select) 1379{ 1380 Flash *s = M25P80(ss); 1381 1382 if (select) { 1383 if (s->state == STATE_COLLECTING_VAR_LEN_DATA) { 1384 complete_collecting_data(s); 1385 } 1386 s->len = 0; 1387 s->pos = 0; 1388 s->state = STATE_IDLE; 1389 flash_sync_dirty(s, -1); 1390 s->data_read_loop = false; 1391 } 1392 1393 trace_m25p80_select(s, select ? "de" : ""); 1394 1395 return 0; 1396} 1397 1398static uint32_t m25p80_transfer8(SSIPeripheral *ss, uint32_t tx) 1399{ 1400 Flash *s = M25P80(ss); 1401 uint32_t r = 0; 1402 1403 trace_m25p80_transfer(s, s->state, s->len, s->needed_bytes, s->pos, 1404 s->cur_addr, (uint8_t)tx); 1405 1406 switch (s->state) { 1407 1408 case STATE_PAGE_PROGRAM: 1409 trace_m25p80_page_program(s, s->cur_addr, (uint8_t)tx); 1410 flash_write8(s, s->cur_addr, (uint8_t)tx); 1411 s->cur_addr = (s->cur_addr + 1) & (s->size - 1); 1412 1413 if (get_man(s) == MAN_SST && s->aai_enable && s->cur_addr == 0) { 1414 /* 1415 * There is no wrap mode during AAI programming once the highest 1416 * unprotected memory address is reached. The Write-Enable-Latch 1417 * bit is automatically reset, and AAI programming mode aborts. 1418 */ 1419 s->write_enable = false; 1420 s->aai_enable = false; 1421 } 1422 1423 break; 1424 1425 case STATE_READ: 1426 r = s->storage[s->cur_addr]; 1427 trace_m25p80_read_byte(s, s->cur_addr, (uint8_t)r); 1428 s->cur_addr = (s->cur_addr + 1) & (s->size - 1); 1429 break; 1430 1431 case STATE_COLLECTING_DATA: 1432 case STATE_COLLECTING_VAR_LEN_DATA: 1433 1434 if (s->len >= M25P80_INTERNAL_DATA_BUFFER_SZ) { 1435 qemu_log_mask(LOG_GUEST_ERROR, 1436 "M25P80: Write overrun internal data buffer. " 1437 "SPI controller (QEMU emulator or guest driver) " 1438 "is misbehaving\n"); 1439 s->len = s->pos = 0; 1440 s->state = STATE_IDLE; 1441 break; 1442 } 1443 1444 s->data[s->len] = (uint8_t)tx; 1445 s->len++; 1446 1447 if (s->len == s->needed_bytes) { 1448 complete_collecting_data(s); 1449 } 1450 break; 1451 1452 case STATE_READING_DATA: 1453 1454 if (s->pos >= M25P80_INTERNAL_DATA_BUFFER_SZ) { 1455 qemu_log_mask(LOG_GUEST_ERROR, 1456 "M25P80: Read overrun internal data buffer. " 1457 "SPI controller (QEMU emulator or guest driver) " 1458 "is misbehaving\n"); 1459 s->len = s->pos = 0; 1460 s->state = STATE_IDLE; 1461 break; 1462 } 1463 1464 r = s->data[s->pos]; 1465 trace_m25p80_read_data(s, s->pos, (uint8_t)r); 1466 s->pos++; 1467 if (s->pos == s->len) { 1468 s->pos = 0; 1469 if (!s->data_read_loop) { 1470 s->state = STATE_IDLE; 1471 } 1472 } 1473 break; 1474 1475 default: 1476 case STATE_IDLE: 1477 decode_new_cmd(s, (uint8_t)tx); 1478 break; 1479 } 1480 1481 return r; 1482} 1483 1484static void m25p80_realize(SSIPeripheral *ss, Error **errp) 1485{ 1486 Flash *s = M25P80(ss); 1487 M25P80Class *mc = M25P80_GET_CLASS(s); 1488 int ret; 1489 1490 s->pi = mc->pi; 1491 1492 s->size = s->pi->sector_size * s->pi->n_sectors; 1493 s->dirty_page = -1; 1494 1495 if (s->blk) { 1496 uint64_t perm = BLK_PERM_CONSISTENT_READ | 1497 (blk_supports_write_perm(s->blk) ? BLK_PERM_WRITE : 0); 1498 ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp); 1499 if (ret < 0) { 1500 return; 1501 } 1502 1503 trace_m25p80_binding(s); 1504 s->storage = blk_blockalign(s->blk, s->size); 1505 1506 if (blk_pread(s->blk, 0, s->storage, s->size) != s->size) { 1507 error_setg(errp, "failed to read the initial flash content"); 1508 return; 1509 } 1510 } else { 1511 trace_m25p80_binding_no_bdrv(s); 1512 s->storage = blk_blockalign(NULL, s->size); 1513 memset(s->storage, 0xFF, s->size); 1514 } 1515} 1516 1517static void m25p80_reset(DeviceState *d) 1518{ 1519 Flash *s = M25P80(d); 1520 1521 reset_memory(s); 1522} 1523 1524static int m25p80_pre_save(void *opaque) 1525{ 1526 flash_sync_dirty((Flash *)opaque, -1); 1527 1528 return 0; 1529} 1530 1531static Property m25p80_properties[] = { 1532 /* This is default value for Micron flash */ 1533 DEFINE_PROP_UINT32("nonvolatile-cfg", Flash, nonvolatile_cfg, 0x8FFF), 1534 DEFINE_PROP_UINT8("spansion-cr1nv", Flash, spansion_cr1nv, 0x0), 1535 DEFINE_PROP_UINT8("spansion-cr2nv", Flash, spansion_cr2nv, 0x8), 1536 DEFINE_PROP_UINT8("spansion-cr3nv", Flash, spansion_cr3nv, 0x2), 1537 DEFINE_PROP_UINT8("spansion-cr4nv", Flash, spansion_cr4nv, 0x10), 1538 DEFINE_PROP_DRIVE("drive", Flash, blk), 1539 DEFINE_PROP_END_OF_LIST(), 1540}; 1541 1542static int m25p80_pre_load(void *opaque) 1543{ 1544 Flash *s = (Flash *)opaque; 1545 1546 s->data_read_loop = false; 1547 return 0; 1548} 1549 1550static bool m25p80_data_read_loop_needed(void *opaque) 1551{ 1552 Flash *s = (Flash *)opaque; 1553 1554 return s->data_read_loop; 1555} 1556 1557static const VMStateDescription vmstate_m25p80_data_read_loop = { 1558 .name = "m25p80/data_read_loop", 1559 .version_id = 1, 1560 .minimum_version_id = 1, 1561 .needed = m25p80_data_read_loop_needed, 1562 .fields = (VMStateField[]) { 1563 VMSTATE_BOOL(data_read_loop, Flash), 1564 VMSTATE_END_OF_LIST() 1565 } 1566}; 1567 1568static bool m25p80_aai_enable_needed(void *opaque) 1569{ 1570 Flash *s = (Flash *)opaque; 1571 1572 return s->aai_enable; 1573} 1574 1575static const VMStateDescription vmstate_m25p80_aai_enable = { 1576 .name = "m25p80/aai_enable", 1577 .version_id = 1, 1578 .minimum_version_id = 1, 1579 .needed = m25p80_aai_enable_needed, 1580 .fields = (VMStateField[]) { 1581 VMSTATE_BOOL(aai_enable, Flash), 1582 VMSTATE_END_OF_LIST() 1583 } 1584}; 1585 1586static const VMStateDescription vmstate_m25p80 = { 1587 .name = "m25p80", 1588 .version_id = 0, 1589 .minimum_version_id = 0, 1590 .pre_save = m25p80_pre_save, 1591 .pre_load = m25p80_pre_load, 1592 .fields = (VMStateField[]) { 1593 VMSTATE_UINT8(state, Flash), 1594 VMSTATE_UINT8_ARRAY(data, Flash, M25P80_INTERNAL_DATA_BUFFER_SZ), 1595 VMSTATE_UINT32(len, Flash), 1596 VMSTATE_UINT32(pos, Flash), 1597 VMSTATE_UINT8(needed_bytes, Flash), 1598 VMSTATE_UINT8(cmd_in_progress, Flash), 1599 VMSTATE_UINT32(cur_addr, Flash), 1600 VMSTATE_BOOL(write_enable, Flash), 1601 VMSTATE_BOOL(reset_enable, Flash), 1602 VMSTATE_UINT8(ear, Flash), 1603 VMSTATE_BOOL(four_bytes_address_mode, Flash), 1604 VMSTATE_UINT32(nonvolatile_cfg, Flash), 1605 VMSTATE_UINT32(volatile_cfg, Flash), 1606 VMSTATE_UINT32(enh_volatile_cfg, Flash), 1607 VMSTATE_BOOL(quad_enable, Flash), 1608 VMSTATE_UINT8(spansion_cr1nv, Flash), 1609 VMSTATE_UINT8(spansion_cr2nv, Flash), 1610 VMSTATE_UINT8(spansion_cr3nv, Flash), 1611 VMSTATE_UINT8(spansion_cr4nv, Flash), 1612 VMSTATE_END_OF_LIST() 1613 }, 1614 .subsections = (const VMStateDescription * []) { 1615 &vmstate_m25p80_data_read_loop, 1616 &vmstate_m25p80_aai_enable, 1617 NULL 1618 } 1619}; 1620 1621static void m25p80_class_init(ObjectClass *klass, void *data) 1622{ 1623 DeviceClass *dc = DEVICE_CLASS(klass); 1624 SSIPeripheralClass *k = SSI_PERIPHERAL_CLASS(klass); 1625 M25P80Class *mc = M25P80_CLASS(klass); 1626 1627 k->realize = m25p80_realize; 1628 k->transfer = m25p80_transfer8; 1629 k->set_cs = m25p80_cs; 1630 k->cs_polarity = SSI_CS_LOW; 1631 dc->vmsd = &vmstate_m25p80; 1632 device_class_set_props(dc, m25p80_properties); 1633 dc->reset = m25p80_reset; 1634 mc->pi = data; 1635} 1636 1637static const TypeInfo m25p80_info = { 1638 .name = TYPE_M25P80, 1639 .parent = TYPE_SSI_PERIPHERAL, 1640 .instance_size = sizeof(Flash), 1641 .class_size = sizeof(M25P80Class), 1642 .abstract = true, 1643}; 1644 1645static void m25p80_register_types(void) 1646{ 1647 int i; 1648 1649 type_register_static(&m25p80_info); 1650 for (i = 0; i < ARRAY_SIZE(known_devices); ++i) { 1651 TypeInfo ti = { 1652 .name = known_devices[i].part_name, 1653 .parent = TYPE_M25P80, 1654 .class_init = m25p80_class_init, 1655 .class_data = (void *)&known_devices[i], 1656 }; 1657 type_register(&ti); 1658 } 1659} 1660 1661type_init(m25p80_register_types)