1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24#include "qemu/osdep.h"
25#include "hw/hw.h"
26#include "sysemu/block-backend.h"
27#include "sysemu/blockdev.h"
28#include "hw/ssi/ssi.h"
29#include "qemu/bitops.h"
30#include "qemu/log.h"
31
32#ifndef M25P80_ERR_DEBUG
33#define M25P80_ERR_DEBUG 0
34#endif
35
36#define DB_PRINT_L(level, ...) do { \
37 if (M25P80_ERR_DEBUG > (level)) { \
38 qemu_log(": %s: ", __func__); \
39 qemu_log(__VA_ARGS__); \
40 } \
41} while (0);
42
43
44
45
46#define ER_4K 1
47#define ER_32K 2
48
49
50
51#define EEPROM 0x100
52
53
54#define MAX_3BYTES_SIZE 0x1000000
55
56#define WR_1 0x100
57
58#define BAR_7_4_BYTE_ADDR (1<<7)
59
60typedef struct FlashPartInfo {
61 const char *part_name;
62
63 uint32_t jedec;
64
65 uint16_t ext_jedec;
66
67
68
69
70 uint32_t sector_size;
71 uint32_t n_sectors;
72 uint32_t page_size;
73 uint16_t flags;
74
75 uint8_t manf_id;
76 uint8_t dev_id;
77} FlashPartInfo;
78
79
80
81#define INFO(_part_name, _jedec, _ext_jedec, _manf_id, _dev_id, _sector_size, _n_sectors, _flags)\
82 .part_name = (_part_name),\
83 .jedec = (_jedec),\
84 .ext_jedec = (_ext_jedec),\
85 .manf_id = (_manf_id), \
86 .dev_id = (_dev_id), \
87 .sector_size = (_sector_size),\
88 .n_sectors = (_n_sectors),\
89 .page_size = 256,\
90 .flags = (_flags),\
91
92#define JEDEC_NUMONYX 0x20
93#define JEDEC_WINBOND 0xEF
94#define JEDEC_SPANSION 0x01
95
96
97#define VCFG_DUMMY 0x1
98#define VCFG_WRAP_SEQUENTIAL 0x2
99#define NVCFG_XIP_MODE_DISABLED (7 << 9)
100#define NVCFG_XIP_MODE_MASK (7 << 9)
101#define VCFG_XIP_MODE_ENABLED (1 << 3)
102#define CFG_DUMMY_CLK_LEN 4
103#define NVCFG_DUMMY_CLK_POS 12
104#define VCFG_DUMMY_CLK_POS 4
105#define EVCFG_OUT_DRIVER_STRENGHT_DEF 7
106#define EVCFG_VPP_ACCELERATOR (1 << 3)
107#define EVCFG_RESET_HOLD_ENABLED (1 << 4)
108#define NVCFG_DUAL_IO_MASK (1 << 2)
109#define EVCFG_DUAL_IO_ENABLED (1 << 6)
110#define NVCFG_QUAD_IO_MASK (1 << 3)
111#define EVCFG_QUAD_IO_ENABLED (1 << 7)
112#define NVCFG_4BYTE_ADDR_MASK (1 << 0)
113#define NVCFG_LOWER_SEGMENT_MASK (1 << 1)
114#define CFG_UPPER_128MB_SEG_ENABLED 0x3
115
116
117#define FSR_4BYTE_ADDR_MODE_ENABLED 0x1
118#define FSR_FLASH_READY (1 << 7)
119
120static const FlashPartInfo known_devices[] = {
121
122 { INFO("at25fs010", 0x1f6601, 0, 0x00, 0x00, 32 << 10, 4, ER_4K) },
123 { INFO("at25fs040", 0x1f6604, 0, 0x00, 0x00, 64 << 10, 8, ER_4K) },
124
125 { INFO("at25df041a", 0x1f4401, 0, 0x00, 0x00, 64 << 10, 8, ER_4K) },
126 { INFO("at25df321a", 0x1f4701, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
127 { INFO("at25df641", 0x1f4800, 0, 0x00, 0x00, 64 << 10, 128, ER_4K) },
128
129 { INFO("at26f004", 0x1f0400, 0, 0x00, 0x00, 64 << 10, 8, ER_4K) },
130 { INFO("at26df081a", 0x1f4501, 0, 0x00, 0x00, 64 << 10, 16, ER_4K) },
131 { INFO("at26df161a", 0x1f4601, 0, 0x00, 0x00, 64 << 10, 32, ER_4K) },
132 { INFO("at26df321", 0x1f4700, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
133
134 { INFO("at45db081d", 0x1f2500, 0, 0x00, 0x00, 64 << 10, 16, ER_4K) },
135
136
137 { INFO("en25f32", 0x1c3116, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
138 { INFO("en25p32", 0x1c2016, 0, 0x00, 0x00, 64 << 10, 64, 0) },
139 { INFO("en25q32b", 0x1c3016, 0, 0x00, 0x00, 64 << 10, 64, 0) },
140 { INFO("en25p64", 0x1c2017, 0, 0x00, 0x00, 64 << 10, 128, 0) },
141 { INFO("en25q64", 0x1c3017, 0, 0x00, 0x00, 64 << 10, 128, ER_4K) },
142
143
144 { INFO("gd25q32", 0xc84016, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
145 { INFO("gd25q64", 0xc84017, 0, 0x00, 0x00, 64 << 10, 128, ER_4K) },
146
147
148 { INFO("160s33b", 0x898911, 0, 0x00, 0x00, 64 << 10, 32, 0) },
149 { INFO("320s33b", 0x898912, 0, 0x00, 0x00, 64 << 10, 64, 0) },
150 { INFO("640s33b", 0x898913, 0, 0x00, 0x00, 64 << 10, 128, 0) },
151 { INFO("n25q064", 0x20ba17, 0, 0x00, 0x00, 64 << 10, 128, 0) },
152
153
154 { INFO("mx25l2005a", 0xc22012, 0, 0x00, 0x00, 64 << 10, 4, ER_4K) },
155 { INFO("mx25l4005a", 0xc22013, 0, 0x00, 0x00, 64 << 10, 8, ER_4K) },
156 { INFO("mx25l8005", 0xc22014, 0, 0x00, 0x00, 64 << 10, 16, 0) },
157 { INFO("mx25l1606e", 0xc22015, 0, 0x00, 0x00, 64 << 10, 32, ER_4K) },
158 { INFO("mx25l3205d", 0xc22016, 0, 0x00, 0x00, 64 << 10, 64, 0) },
159 { INFO("mx25l6405d", 0xc22017, 0, 0x00, 0x00, 64 << 10, 128, 0) },
160 { INFO("mx25l12805d", 0xc22018, 0, 0x00, 0x00, 64 << 10, 256, 0) },
161 { INFO("mx25l12855e", 0xc22618, 0, 0x00, 0x00, 64 << 10, 256, 0) },
162 { INFO("mx25l25635e", 0xc22019, 0, 0x00, 0x00, 64 << 10, 512, 0) },
163 { INFO("mx25l25655e", 0xc22619, 0, 0x00, 0x00, 64 << 10, 512, 0) },
164
165
166 { INFO("n25q032a11", 0x20bb16, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
167 { INFO("n25q032a13", 0x20ba16, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
168 { INFO("n25q064a11", 0x20bb17, 0, 0x00, 0x00, 64 << 10, 128, ER_4K) },
169 { INFO("n25q064a13", 0x20ba17, 0, 0x00, 0x00, 64 << 10, 128, ER_4K) },
170 { INFO("n25q128a11", 0x20bb18, 0, 0x00, 0x00, 64 << 10, 256, ER_4K) },
171 { INFO("n25q128a13", 0x20ba18, 0, 0x00, 0x00, 64 << 10, 256, ER_4K) },
172 { INFO("n25q256a11", 0x20bb19, 0, 0x00, 0x00, 64 << 10, 512, ER_4K) },
173 { INFO("n25q256a13", 0x20ba19, 0, 0x00, 0x00, 64 << 10, 512, ER_4K) },
174 { INFO("n25q512a11", 0x20bb20, 0, 0x00, 0x00, 64 << 10, 1024, ER_4K) },
175 { INFO("n25q512a13", 0x20ba20, 0, 0x00, 0x00, 64 << 10, 1024, ER_4K) },
176
177
178
179
180 { INFO("s25sl032p", 0x010215, 0x4d00, 0x00, 0x00, 64 << 10, 64, ER_4K) },
181 { INFO("s25sl064p", 0x010216, 0x4d00, 0x00, 0x00, 64 << 10, 128, ER_4K) },
182 { INFO("s25fl256s0", 0x010219, 0x4d00, 0x00, 0x00, 256 << 10, 128, 0) },
183 { INFO("s25fl256s1", 0x010219, 0x4d01, 0x00, 0x00, 64 << 10, 512, 0) },
184 { INFO("s25fl512s", 0x010220, 0x4d00, 0x00, 0x00, 256 << 10, 256, 0) },
185 { INFO("s70fl01gs", 0x010221, 0x4d00, 0x00, 0x00, 256 << 10, 256, 0) },
186 { INFO("s25sl12800", 0x012018, 0x0300, 0x00, 0x00, 256 << 10, 64, 0) },
187 { INFO("s25sl12801", 0x012018, 0x0301, 0x00, 0x00, 64 << 10, 256, 0) },
188 { INFO("s25fl129p0", 0x012018, 0x4d00, 0x00, 0x00, 256 << 10, 64, 0) },
189 { INFO("s25fl129p1", 0x012018, 0x4d01, 0x00, 0x00, 64 << 10, 256, 0) },
190 { INFO("s25sl004a", 0x010212, 0, 0x00, 0x00, 64 << 10, 8, 0) },
191 { INFO("s25sl008a", 0x010213, 0, 0x00, 0x00, 64 << 10, 16, 0) },
192 { INFO("s25sl016a", 0x010214, 0, 0x00, 0x00, 64 << 10, 32, 0) },
193 { INFO("s25sl032a", 0x010215, 0, 0x00, 0x00, 64 << 10, 64, 0) },
194 { INFO("s25sl064a", 0x010216, 0, 0x00, 0x00, 64 << 10, 128, 0) },
195 { INFO("s25fl016k", 0xef4015, 0, 0x00, 0x00, 64 << 10, 32, ER_4K | ER_32K) },
196 { INFO("s25fl064k", 0xef4017, 0, 0x00, 0x00, 64 << 10, 128, ER_4K | ER_32K) },
197
198
199 { INFO("sst25vf040b", 0xbf258d, 0, 0x00, 0x00, 64 << 10, 8, ER_4K) },
200 { INFO("sst25vf080b", 0xbf258e, 0, 0x00, 0x00, 64 << 10, 16, ER_4K) },
201 { INFO("sst25vf016b", 0xbf2541, 0, 0x00, 0x00, 64 << 10, 32, ER_4K) },
202 { INFO("sst25vf032b", 0xbf254a, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
203 { INFO("sst25wf512", 0xbf2501, 0, 0x00, 0x00, 64 << 10, 1, ER_4K) },
204 { INFO("sst25wf010", 0xbf2502, 0, 0x00, 0x00, 64 << 10, 2, ER_4K) },
205 { INFO("sst25wf020", 0xbf2503, 0, 0x00, 0x00, 64 << 10, 4, ER_4K) },
206 { INFO("sst25wf040", 0xbf2504, 0, 0x00, 0x00, 64 << 10, 8, ER_4K) },
207 { INFO("sst25wf080", 0xbf2505, 0, 0xbf, 0x05, 64 << 10, 16, ER_4K) },
208
209
210 { INFO("m25p05", 0x202010, 0, 0x00, 0x00, 32 << 10, 2, 0) },
211 { INFO("m25p10", 0x202011, 0, 0x00, 0x00, 32 << 10, 4, 0) },
212 { INFO("m25p20", 0x202012, 0, 0x00, 0x00, 64 << 10, 4, 0) },
213 { INFO("m25p40", 0x202013, 0, 0x00, 0x00, 64 << 10, 8, 0) },
214 { INFO("m25p80", 0x202014, 0, 0x00, 0x00, 64 << 10, 16, 0) },
215 { INFO("m25p16", 0x202015, 0, 0x00, 0x00, 64 << 10, 32, 0) },
216 { INFO("m25p32", 0x202016, 0, 0x00, 0x00, 64 << 10, 64, 0) },
217 { INFO("m25p64", 0x202017, 0, 0x00, 0x00, 64 << 10, 128, 0) },
218 { INFO("m25p128", 0x202018, 0, 0x00, 0x00, 256 << 10, 64, 0) },
219 { INFO("n25q032", 0x20ba16, 0, 0x00, 0x00, 64 << 10, 64, 0) },
220
221 { INFO("m45pe10", 0x204011, 0, 0x00, 0x00, 64 << 10, 2, 0) },
222 { INFO("m45pe80", 0x204014, 0, 0x00, 0x00, 64 << 10, 16, 0) },
223 { INFO("m45pe16", 0x204015, 0, 0x00, 0x00, 64 << 10, 32, 0) },
224
225 { INFO("m25pe20", 0x208012, 0, 0x00, 0x00, 64 << 10, 4, 0) },
226 { INFO("m25pe80", 0x208014, 0, 0x00, 0x00, 64 << 10, 16, 0) },
227 { INFO("m25pe16", 0x208015, 0, 0x00, 0x00, 64 << 10, 32, ER_4K) },
228
229 { INFO("m25px32", 0x207116, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
230 { INFO("m25px32-s0", 0x207316, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
231 { INFO("m25px32-s1", 0x206316, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
232 { INFO("m25px64", 0x207117, 0, 0x00, 0x00, 64 << 10, 128, 0) },
233
234
235 { INFO("w25x10", 0xef3011, 0, 0x00, 0x00, 64 << 10, 2, ER_4K) },
236 { INFO("w25x20", 0xef3012, 0, 0x00, 0x00, 64 << 10, 4, ER_4K) },
237 { INFO("w25x40", 0xef3013, 0, 0x00, 0x00, 64 << 10, 8, ER_4K) },
238 { INFO("w25x80", 0xef3014, 0, 0x00, 0x00, 64 << 10, 16, ER_4K) },
239 { INFO("w25x16", 0xef3015, 0, 0x00, 0x00, 64 << 10, 32, ER_4K) },
240 { INFO("w25x32", 0xef3016, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
241 { INFO("w25q32", 0xef4016, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
242 { INFO("w25q32dw", 0xef6016, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
243 { INFO("w25x64", 0xef3017, 0, 0x00, 0x00, 64 << 10, 128, ER_4K) },
244 { INFO("w25q64", 0xef4017, 0, 0x00, 0x00, 64 << 10, 128, ER_4K) },
245 { INFO("w25q80", 0xef5014, 0, 0x00, 0x00, 64 << 10, 16, ER_4K) },
246 { INFO("w25q80bl", 0xef4014, 0, 0x00, 0x00, 64 << 10, 16, ER_4K) },
247 { INFO("w25q256", 0xef4019, 0, 0x00, 0x00, 64 << 10, 512, ER_4K) },
248
249
250 { INFO("n25q128", 0x20ba18, 0, 0x00, 0x00, 64 << 10, 256, 0) },
251};
252
253typedef enum {
254 NOP = 0,
255 WRSR = 0x1,
256 WRDI = 0x4,
257 RDSR = 0x5,
258 RDFSR = 0x70,
259 WREN = 0x6,
260 BRRD = 0x16,
261 BRWR = 0x17,
262 JEDEC_READ = 0x9f,
263 BULK_ERASE = 0xc7,
264 READ_FSR = 0x70,
265
266 READ = 0x03,
267 READ4 = 0x13,
268 FAST_READ = 0x0b,
269 FAST_READ4 = 0x0c,
270 DOR = 0x3b,
271 DOR4 = 0x3c,
272 QOR = 0x6b,
273 QOR4 = 0x6c,
274 DIOR = 0xbb,
275 DIOR4 = 0xbc,
276 QIOR = 0xeb,
277 QIOR4 = 0xec,
278
279 PP = 0x02,
280 PP4 = 0x12,
281 DPP = 0xa2,
282 QPP = 0x32,
283 QPP4 = 0x34,
284 RDID_90 = 0x90,
285 RDID_AB = 0xab,
286 AAI = 0xad,
287
288 ERASE_4K = 0x20,
289 ERASE4_4K = 0x21,
290 ERASE_32K = 0x52,
291 ERASE_SECTOR = 0xd8,
292 ERASE4_SECTOR = 0xdc,
293
294 EN_4BYTE_ADDR = 0xB7,
295 EX_4BYTE_ADDR = 0xE9,
296
297 BULK_ERASE_C7 = 0xc7,
298 BULK_ERASE_60 = 0x60,
299
300 EXTEND_ADDR_READ = 0xC8,
301 EXTEND_ADDR_WRITE = 0xC5,
302
303 RESET_ENABLE = 0x66,
304 RESET_MEMORY = 0x99,
305
306 RNVCR = 0xB5,
307 WNVCR = 0xB1,
308
309 RVCR = 0x85,
310 WVCR = 0x81,
311
312 REVCR = 0x65,
313 WEVCR = 0x61,
314} FlashCMD;
315
316typedef enum {
317 STATE_IDLE,
318 STATE_PAGE_PROGRAM,
319 STATE_READ,
320 STATE_COLLECTING_DATA,
321 STATE_READING_DATA,
322 DUMMY_CYCLE_WAIT,
323} CMDState;
324
325typedef struct Flash {
326 SSISlave parent_obj;
327
328 uint32_t r;
329
330 BlockBackend *blk;
331
332 uint8_t *storage;
333 uint32_t size;
334 int page_size;
335
336 uint8_t state;
337 uint8_t data[16];
338 uint32_t len;
339 uint32_t pos;
340 bool data_read_loop;
341 uint8_t needed_bytes;
342 uint8_t cmd_in_progress;
343 uint64_t cur_addr;
344 uint32_t nonvolatile_cfg;
345 uint32_t volatile_cfg;
346 uint32_t enh_volatile_cfg;
347 bool write_enable;
348 bool four_bytes_address_mode;
349 bool reset_enable;
350 uint8_t ear;
351
352 bool aai_in_progress;
353 int64_t dirty_page;
354
355 uint8_t bar;
356 uint8_t n_datalines;
357 uint8_t n_dummy_cycles;
358 uint8_t dummy_count;
359 const FlashPartInfo *pi;
360} Flash;
361
362typedef struct M25P80Class {
363 SSISlaveClass parent_class;
364 FlashPartInfo *pi;
365} M25P80Class;
366
367#define TYPE_M25P80 "m25p80-generic"
368#define M25P80(obj) \
369 OBJECT_CHECK(Flash, (obj), TYPE_M25P80)
370#define M25P80_CLASS(klass) \
371 OBJECT_CLASS_CHECK(M25P80Class, (klass), TYPE_M25P80)
372#define M25P80_GET_CLASS(obj) \
373 OBJECT_GET_CLASS(M25P80Class, (obj), TYPE_M25P80)
374
375static void blk_sync_complete(void *opaque, int ret)
376{
377
378
379
380}
381
382static void flash_sync_page(Flash *s, int page)
383{
384 QEMUIOVector iov;
385
386 if (!s->blk || blk_is_read_only(s->blk)) {
387 return;
388 }
389
390 qemu_iovec_init(&iov, 1);
391 qemu_iovec_add(&iov, s->storage + page * s->pi->page_size,
392 s->pi->page_size);
393 blk_aio_writev(s->blk, page * s->pi->page_size, &iov, 0,
394 blk_sync_complete, NULL);
395}
396
397static inline void flash_sync_area(Flash *s, int64_t off, int64_t len)
398{
399 QEMUIOVector iov;
400
401 if (!s->blk || blk_is_read_only(s->blk)) {
402 return;
403 }
404
405 assert(!(len % BDRV_SECTOR_SIZE));
406 qemu_iovec_init(&iov, 1);
407 qemu_iovec_add(&iov, s->storage + off, len);
408 blk_aio_writev(s->blk, off, &iov, 0, blk_sync_complete, NULL);
409}
410
411static void flash_erase(Flash *s, int offset, FlashCMD cmd)
412{
413 uint32_t len;
414 uint8_t capa_to_assert = 0;
415
416 switch (cmd) {
417 case ERASE_4K:
418 len = 4 << 10;
419 capa_to_assert = ER_4K;
420 break;
421 case ERASE_32K:
422 len = 32 << 10;
423 capa_to_assert = ER_32K;
424 break;
425 case ERASE_SECTOR:
426 case ERASE4_SECTOR:
427 len = s->pi->sector_size;
428 break;
429 case BULK_ERASE:
430 len = s->size;
431 break;
432 default:
433 abort();
434 }
435
436 DB_PRINT_L(0, "offset = %#x, len = %d\n", offset, len);
437 if ((s->pi->flags & capa_to_assert) != capa_to_assert) {
438 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: %d erase size not supported by"
439 " device\n", len);
440 }
441
442 if (!s->write_enable) {
443 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: erase with write protect!\n");
444 return;
445 }
446 memset(s->storage + offset, 0xff, len);
447 flash_sync_area(s, offset, len);
448}
449
450static inline void flash_sync_dirty(Flash *s, int64_t newpage)
451{
452 if (s->dirty_page >= 0 && s->dirty_page != newpage) {
453 flash_sync_page(s, s->dirty_page);
454 s->dirty_page = newpage;
455 }
456}
457
458static inline
459void flash_write8(Flash *s, uint64_t addr, uint8_t data)
460{
461 int64_t page = addr / s->pi->page_size;
462 uint8_t prev = s->storage[s->cur_addr];
463
464 if (!s->write_enable) {
465 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: write with write protect!\n");
466 }
467
468 if ((prev ^ data) & data) {
469 DB_PRINT_L(1, "programming zero to one! addr=%" PRIx64 " %" PRIx8
470 " -> %" PRIx8 "\n", addr, prev, data);
471 }
472
473 if (s->pi->flags & EEPROM) {
474 s->storage[s->cur_addr] = data;
475 } else {
476 s->storage[s->cur_addr] &= data;
477 }
478
479 flash_sync_dirty(s, page);
480 s->dirty_page = page;
481}
482
483static inline int get_addr_length(Flash *s)
484{
485
486 if (s->pi->flags == EEPROM) {
487 return 2;
488 }
489
490 switch (s->cmd_in_progress) {
491 case PP4:
492 case READ4:
493 case QIOR4:
494 case ERASE4_4K:
495 case ERASE4_SECTOR:
496 case FAST_READ4:
497 case DOR4:
498 case QOR4:
499 case DIOR4:
500 return 4;
501 default:
502 return s->four_bytes_address_mode ? 4 : 3;
503 }
504}
505
506static inline void flash_write(Flash *s, uint8_t data, int num_bits)
507{
508 int64_t page = (s->cur_addr >> 3) / s->pi->page_size;
509 uint8_t prev = s->storage[s->cur_addr >> 3];
510 uint32_t data_mask = ((1ul << num_bits) - 1) <<
511 (8 - (s->cur_addr & 0x7) - num_bits);
512
513 assert(!(data_mask & ~0xfful));
514 data <<= 8 - (s->cur_addr & 0x7) - num_bits;
515
516 if (!s->write_enable) {
517 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: write with write protect!\n");
518 }
519
520 if (s->pi->flags & WR_1) {
521 s->storage[s->cur_addr >> 3] = (prev & ~data_mask) | (data & data_mask);
522 } else {
523 if ((prev ^ data) & data & data_mask) {
524 DB_PRINT_L(1, "programming zero to one! addr=%" PRIx64 " %" PRIx8
525 " -> %" PRIx8 ", mask = %" PRIx32 "\n",
526 s->cur_addr >> 3, prev, data, data_mask);
527 }
528 s->storage[s->cur_addr >> 3] &= data | ~data_mask;
529 }
530
531 flash_sync_dirty(s, page);
532 s->dirty_page = page;
533}
534
535static inline bool set_dummy_cycles(Flash *s, uint8_t num)
536{
537 if (s->dummy_count == 0) {
538
539 s->n_dummy_cycles = num * s->n_datalines;
540 return true;
541 } else {
542
543 s->dummy_count = 0;
544 return false;
545 }
546}
547
548static void complete_collecting_data(Flash *s)
549{
550 int i;
551 bool dummy_state = false;
552
553 s->cur_addr = 0;
554
555 for (i = 0; i < get_addr_length(s); ++i) {
556 s->cur_addr <<= 8;
557 s->cur_addr |= s->data[i];
558 }
559
560 if (get_addr_length(s) == 3) {
561 s->cur_addr += (s->ear & 0x3) * MAX_3BYTES_SIZE;
562 }
563
564 s->state = STATE_IDLE;
565
566 switch (s->cmd_in_progress) {
567 case DPP:
568 case QPP:
569 case AAI:
570 case PP:
571 s->state = STATE_PAGE_PROGRAM;
572 break;
573 case QPP4:
574 case PP4:
575 s->state = STATE_PAGE_PROGRAM;
576 break;
577 case FAST_READ:
578 case DOR:
579 case QOR:
580 case DIOR:
581 case QIOR:
582
583 dummy_state = set_dummy_cycles(s, 1);
584 case READ:
585 if (dummy_state == true) {
586 s->state = DUMMY_CYCLE_WAIT;
587 } else {
588 s->state = STATE_READ;
589 }
590 break;
591 case FAST_READ4:
592 case DOR4:
593 case QOR4:
594 case DIOR4:
595 case QIOR4:
596
597 dummy_state = set_dummy_cycles(s, 1);
598 case READ4:
599 if (dummy_state == false) {
600 s->state = STATE_READ;
601 } else {
602 s->state = DUMMY_CYCLE_WAIT;
603 }
604 break;
605 case ERASE_SECTOR:
606 case ERASE_4K:
607 case ERASE_32K:
608 flash_erase(s, s->cur_addr, s->cmd_in_progress);
609 break;
610 case ERASE4_SECTOR:
611 flash_erase(s, s->cur_addr, s->cmd_in_progress);
612 break;
613 case WRSR:
614 if (s->write_enable) {
615 s->write_enable = false;
616 }
617 break;
618 case EXTEND_ADDR_WRITE:
619 s->ear = s->data[0];
620 break;
621 case WNVCR:
622 s->nonvolatile_cfg = s->data[0] | (s->data[1] << 8);
623 break;
624 case WVCR:
625 s->volatile_cfg = s->data[0];
626 break;
627 case WEVCR:
628 s->enh_volatile_cfg = s->data[0];
629 break;
630 case BRWR:
631 s->bar = s->data[0];
632 break;
633 default:
634 break;
635 }
636
637 s->cur_addr <<= 3;
638}
639
640static void reset_memory(Flash *s)
641{
642 s->cmd_in_progress = NOP;
643 s->cur_addr = 0;
644 s->ear = 0;
645 s->four_bytes_address_mode = false;
646 s->len = 0;
647 s->needed_bytes = 0;
648 s->pos = 0;
649 s->state = STATE_IDLE;
650 s->write_enable = false;
651 s->reset_enable = false;
652
653 if (((s->pi->jedec >> 16) & 0xFF) == JEDEC_NUMONYX) {
654 s->volatile_cfg = 0;
655 s->volatile_cfg |= VCFG_DUMMY;
656 s->volatile_cfg |= VCFG_WRAP_SEQUENTIAL;
657 if ((s->nonvolatile_cfg & NVCFG_XIP_MODE_MASK)
658 != NVCFG_XIP_MODE_DISABLED) {
659 s->volatile_cfg |= VCFG_XIP_MODE_ENABLED;
660 }
661 s->volatile_cfg |= deposit32(s->volatile_cfg,
662 VCFG_DUMMY_CLK_POS,
663 CFG_DUMMY_CLK_LEN,
664 extract32(s->nonvolatile_cfg,
665 NVCFG_DUMMY_CLK_POS,
666 CFG_DUMMY_CLK_LEN)
667 );
668
669 s->enh_volatile_cfg = 0;
670 s->enh_volatile_cfg |= EVCFG_OUT_DRIVER_STRENGHT_DEF;
671 s->enh_volatile_cfg |= EVCFG_VPP_ACCELERATOR;
672 s->enh_volatile_cfg |= EVCFG_RESET_HOLD_ENABLED;
673 if (s->nonvolatile_cfg & NVCFG_DUAL_IO_MASK) {
674 s->enh_volatile_cfg |= EVCFG_DUAL_IO_ENABLED;
675 }
676 if (s->nonvolatile_cfg & NVCFG_QUAD_IO_MASK) {
677 s->enh_volatile_cfg |= EVCFG_QUAD_IO_ENABLED;
678 }
679 if (!(s->nonvolatile_cfg & NVCFG_4BYTE_ADDR_MASK)) {
680 s->four_bytes_address_mode = true;
681 }
682 if (!(s->nonvolatile_cfg & NVCFG_LOWER_SEGMENT_MASK)) {
683 s->ear = CFG_UPPER_128MB_SEG_ENABLED;
684 }
685 }
686
687 DB_PRINT_L(0, "Reset done.\n");
688}
689
690static void decode_new_cmd(Flash *s, uint32_t value)
691{
692 s->cmd_in_progress = value;
693 DB_PRINT_L(0, "decoded new command:%x\n", value);
694
695 if (value != RESET_MEMORY) {
696 s->reset_enable = false;
697 }
698
699 s->needed_bytes = 0;
700
701 switch (value) {
702
703 case READ4:
704 case ERASE4_SECTOR:
705 case QPP4:
706 case PP4:
707 if (s->four_bytes_address_mode == false) {
708 s->needed_bytes += 1;
709 }
710 case ERASE_4K:
711 case ERASE_32K:
712 case ERASE_SECTOR:
713 case READ:
714 case DPP:
715 case QPP:
716 case PP:
717 case QOR:
718 case FAST_READ:
719 case DOR:
720 if (s->four_bytes_address_mode) {
721 s->needed_bytes += 1;
722 }
723 s->needed_bytes += 3;
724 s->pos = 0;
725 s->len = 0;
726 s->state = STATE_COLLECTING_DATA;
727 break;
728
729 case AAI:
730 if (!s->aai_in_progress) {
731 s->aai_in_progress = true;
732 s->needed_bytes += 3;
733 s->pos = 0;
734 s->len = 0;
735 s->state = STATE_COLLECTING_DATA;
736 } else {
737 s->state = STATE_PAGE_PROGRAM;
738 }
739 break;
740 case FAST_READ4:
741 case DOR4:
742 case QOR4:
743 s->needed_bytes += 4;
744 s->pos = 0;
745 s->len = 0;
746 s->state = STATE_COLLECTING_DATA;
747 break;
748
749 case DIOR4:
750 s->needed_bytes += 1;
751 case DIOR:
752 switch ((s->pi->jedec >> 16) & 0xFF) {
753 case JEDEC_WINBOND:
754 case JEDEC_SPANSION:
755 s->needed_bytes += 4;
756 break;
757 case JEDEC_NUMONYX:
758 default:
759 s->needed_bytes += 5;
760 }
761 s->pos = 0;
762 s->len = 0;
763 s->state = STATE_COLLECTING_DATA;
764 break;
765
766 case QIOR4:
767 s->needed_bytes += 1;
768 case QIOR:
769 switch ((s->pi->jedec >> 16) & 0xFF) {
770 case JEDEC_WINBOND:
771 case JEDEC_SPANSION:
772 s->needed_bytes += 6;
773 break;
774 case JEDEC_NUMONYX:
775 default:
776 s->needed_bytes += 8;
777 }
778 s->pos = 0;
779 s->len = 0;
780 s->state = STATE_COLLECTING_DATA;
781 break;
782
783 case WRSR:
784 if (s->write_enable) {
785 s->needed_bytes = 1;
786 s->pos = 0;
787 s->len = 0;
788 s->state = STATE_COLLECTING_DATA;
789 }
790 break;
791
792 case BRWR:
793 if (s->write_enable) {
794 s->needed_bytes = 1;
795 s->pos = 0;
796 s->len = 0;
797 s->state = STATE_COLLECTING_DATA;
798 }
799 break;
800
801 case WRDI:
802 s->write_enable = false;
803 s->aai_in_progress = false;
804 break;
805 case WREN:
806 s->write_enable = true;
807 break;
808
809 case RDSR:
810 s->data[0] = (!!s->write_enable) << 1;
811 s->pos = 0;
812 s->len = 1;
813 s->data_read_loop = true;
814 s->state = STATE_READING_DATA;
815 break;
816
817 case RDFSR:
818 s->data[0] = 1 << 7;
819 s->pos = 0;
820 s->len = 1;
821 s->data_read_loop = true;
822 s->state = STATE_READING_DATA;
823 break;
824
825
826 case BRRD:
827 s->data[0] = s->bar;
828 s->pos = 0;
829 s->len = 1;
830 s->data_read_loop = false;
831 s->state = STATE_READING_DATA;
832 break;
833
834 case JEDEC_READ:
835 DB_PRINT_L(0, "populated jedec code\n");
836 s->data[0] = (s->pi->jedec >> 16) & 0xff;
837 s->data[1] = (s->pi->jedec >> 8) & 0xff;
838 s->data[2] = s->pi->jedec & 0xff;
839 if (s->pi->ext_jedec) {
840 s->data[3] = (s->pi->ext_jedec >> 8) & 0xff;
841 s->data[4] = s->pi->ext_jedec & 0xff;
842 s->len = 5;
843 } else {
844 s->len = 3;
845 }
846 s->pos = 0;
847 s->data_read_loop = false;
848 s->state = STATE_READING_DATA;
849 break;
850
851 case RDID_90:
852 case RDID_AB:
853 DB_PRINT_L(0, "populated manf/dev ID\n");
854 s->data[0] = s->pi->manf_id;
855 s->data[1] = s->pi->dev_id;
856 s->pos = 0;
857 s->len = 2;
858 s->data_read_loop = true;
859 s->state = STATE_READING_DATA;
860 break;
861
862 case BULK_ERASE_60:
863 case BULK_ERASE_C7:
864 if (s->write_enable) {
865 DB_PRINT_L(0, "chip erase\n");
866 flash_erase(s, 0, BULK_ERASE);
867 } else {
868 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: chip erase with write "
869 "protect!\n");
870 }
871 break;
872 case NOP:
873 break;
874 case EN_4BYTE_ADDR:
875 s->four_bytes_address_mode = true;
876 break;
877 case EX_4BYTE_ADDR:
878 s->four_bytes_address_mode = false;
879 break;
880 case EXTEND_ADDR_READ:
881 s->data[0] = s->ear;
882 s->pos = 0;
883 s->len = 1;
884 s->state = STATE_READING_DATA;
885 break;
886 case EXTEND_ADDR_WRITE:
887 if (s->write_enable) {
888 s->needed_bytes = 1;
889 s->pos = 0;
890 s->len = 0;
891 s->state = STATE_COLLECTING_DATA;
892 }
893 break;
894 case RNVCR:
895 s->data[0] = s->nonvolatile_cfg & 0xFF;
896 s->data[1] = (s->nonvolatile_cfg >> 8) & 0xFF;
897 s->pos = 0;
898 s->len = 2;
899 s->state = STATE_READING_DATA;
900 break;
901 case WNVCR:
902 if (s->write_enable) {
903 s->needed_bytes = 2;
904 s->pos = 0;
905 s->len = 0;
906 s->state = STATE_COLLECTING_DATA;
907 }
908 break;
909 case RVCR:
910 s->data[0] = s->volatile_cfg & 0xFF;
911 s->pos = 0;
912 s->len = 1;
913 s->state = STATE_READING_DATA;
914 break;
915 case WVCR:
916 if (s->write_enable) {
917 s->needed_bytes = 1;
918 s->pos = 0;
919 s->len = 0;
920 s->state = STATE_COLLECTING_DATA;
921 }
922 case REVCR:
923 s->data[0] = s->enh_volatile_cfg & 0xFF;
924 s->pos = 0;
925 s->len = 1;
926 s->state = STATE_READING_DATA;
927 break;
928 case WEVCR:
929 if (s->write_enable) {
930 s->needed_bytes = 1;
931 s->pos = 0;
932 s->len = 0;
933 s->state = STATE_COLLECTING_DATA;
934 }
935 break;
936 case RESET_ENABLE:
937 s->reset_enable = true;
938 break;
939 case RESET_MEMORY:
940 if (s->reset_enable) {
941 reset_memory(s);
942 }
943 break;
944 default:
945 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value);
946 break;
947 }
948}
949
950static int m25p80_cs(SSISlave *ss, bool select)
951{
952 Flash *s = M25P80(ss);
953
954 if (select) {
955 s->len = 0;
956 s->pos = 0;
957 s->state = STATE_IDLE;
958 flash_sync_dirty(s, -1);
959 }
960
961 DB_PRINT_L(0, "%sselect\n", select ? "de" : "");
962
963 return 0;
964}
965
966static void m25p80_num_datalines(SSISlave *ss, uint8_t lines)
967{
968 Flash *s = M25P80(ss);
969 lines = lines == 0 ? 1 : lines;
970 DB_PRINT_L(0, "Num of Data Lines change %d -> %d\n", s->n_datalines, lines);
971 if (s->n_dummy_cycles) {
972 s->n_dummy_cycles *= (lines / s->n_datalines);
973 }
974 s->n_datalines = lines;
975}
976
977static uint32_t m25p80_transfer(SSISlave *ss, uint32_t tx, int num_bits)
978{
979 Flash *s = M25P80(ss);
980 uint32_t r = 0;
981
982 if (!num_bits) {
983 num_bits = 8;
984 }
985
986 switch (s->state) {
987
988 case STATE_PAGE_PROGRAM:
989 DB_PRINT_L(1, "page program cur_addr=%#" PRIx64 " data=%" PRIx8 "\n",
990 s->cur_addr, (uint8_t)tx);
991 flash_write(s, (uint8_t)tx, num_bits);
992 s->cur_addr += num_bits;
993 break;
994
995 case STATE_READ:
996 assert((s->cur_addr & 0x7) + num_bits <= 8);
997 r = s->storage[s->cur_addr >> 3] >>
998 (8 - (s->cur_addr & 0x7) - num_bits);
999 DB_PRINT_L(1, "READ 0x%" PRIx64 "=%" PRIx8 "\n", s->cur_addr,
1000 (uint8_t)r);
1001 s->cur_addr = (s->cur_addr + num_bits) % (s->size * 8);
1002 break;
1003
1004 case STATE_COLLECTING_DATA:
1005 assert(num_bits == 8);
1006 s->data[s->len] = (uint8_t)tx;
1007 s->len++;
1008
1009 if (s->len == s->needed_bytes) {
1010 complete_collecting_data(s);
1011 }
1012 break;
1013
1014 case STATE_READING_DATA:
1015 assert(num_bits == 8);
1016 r = s->data[s->pos];
1017 s->pos++;
1018 if (s->pos == s->len) {
1019 s->pos = 0;
1020 if (!s->data_read_loop) {
1021 s->state = STATE_IDLE;
1022 }
1023 }
1024 break;
1025
1026 case DUMMY_CYCLE_WAIT:
1027 s->dummy_count++;
1028 DB_PRINT_L(0, "Dummy Byte/Cycle %d\n", s->dummy_count);
1029 s->n_dummy_cycles--;
1030 if (!s->n_dummy_cycles) {
1031 complete_collecting_data(s);
1032 }
1033 break;
1034 default:
1035 case STATE_IDLE:
1036 assert(num_bits == 8);
1037 decode_new_cmd(s, (uint8_t)tx);
1038 break;
1039 }
1040
1041 return r;
1042}
1043
1044static int m25p80_init(SSISlave *ss)
1045{
1046 DriveInfo *dinfo;
1047 Flash *s = M25P80(ss);
1048 M25P80Class *mc = M25P80_GET_CLASS(s);
1049
1050
1051 s->n_datalines = 1;
1052
1053 s->pi = mc->pi;
1054
1055 s->size = s->pi->sector_size * s->pi->n_sectors;
1056 s->dirty_page = -1;
1057
1058
1059 dinfo = drive_get_next(IF_MTD);
1060
1061 if (dinfo) {
1062 DB_PRINT_L(0, "Binding to IF_MTD drive\n");
1063 s->blk = blk_by_legacy_dinfo(dinfo);
1064 blk_attach_dev_nofail(s->blk, s);
1065
1066 s->storage = blk_blockalign(s->blk, s->size);
1067
1068
1069 if (blk_pread(s->blk, 0, s->storage, s->size) != s->size) {
1070 fprintf(stderr, "Failed to initialize SPI flash!\n");
1071 return 1;
1072 }
1073 } else {
1074 DB_PRINT_L(0, "No BDRV - binding to RAM\n");
1075 s->storage = blk_blockalign(NULL, s->size);
1076 memset(s->storage, 0xFF, s->size);
1077 }
1078
1079 return 0;
1080}
1081
1082static void m25p80_reset(DeviceState *d)
1083{
1084 Flash *s = M25P80(d);
1085
1086 reset_memory(s);
1087}
1088
1089static void m25p80_pre_save(void *opaque)
1090{
1091 flash_sync_dirty((Flash *)opaque, -1);
1092}
1093
1094static Property m25p80_properties[] = {
1095 DEFINE_PROP_UINT32("nonvolatile-cfg", Flash, nonvolatile_cfg, 0x8FFF),
1096 DEFINE_PROP_END_OF_LIST(),
1097};
1098
1099static const VMStateDescription vmstate_m25p80 = {
1100 .name = "xilinx_spi",
1101 .version_id = 2,
1102 .minimum_version_id = 1,
1103 .pre_save = m25p80_pre_save,
1104 .fields = (VMStateField[]) {
1105 VMSTATE_UINT8(state, Flash),
1106 VMSTATE_UINT8_ARRAY(data, Flash, 16),
1107 VMSTATE_UINT32(len, Flash),
1108 VMSTATE_UINT32(pos, Flash),
1109 VMSTATE_UINT8(needed_bytes, Flash),
1110 VMSTATE_UINT8(cmd_in_progress, Flash),
1111 VMSTATE_UINT64(cur_addr, Flash),
1112 VMSTATE_BOOL(write_enable, Flash),
1113 VMSTATE_BOOL_V(reset_enable, Flash, 2),
1114 VMSTATE_UINT8_V(ear, Flash, 2),
1115 VMSTATE_BOOL_V(four_bytes_address_mode, Flash, 2),
1116 VMSTATE_UINT32_V(nonvolatile_cfg, Flash, 2),
1117 VMSTATE_UINT32_V(volatile_cfg, Flash, 2),
1118 VMSTATE_UINT32_V(enh_volatile_cfg, Flash, 2),
1119 VMSTATE_END_OF_LIST()
1120 }
1121};
1122
1123static void m25p80_class_init(ObjectClass *klass, void *data)
1124{
1125 DeviceClass *dc = DEVICE_CLASS(klass);
1126 SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
1127 M25P80Class *mc = M25P80_CLASS(klass);
1128
1129 k->init = m25p80_init;
1130 k->transfer_bits = m25p80_transfer;
1131 k->set_cs = m25p80_cs;
1132 k->set_data_lines = m25p80_num_datalines;
1133 k->cs_polarity = SSI_CS_LOW;
1134 dc->vmsd = &vmstate_m25p80;
1135 dc->props = m25p80_properties;
1136 dc->reset = m25p80_reset;
1137 mc->pi = data;
1138}
1139
1140static const TypeInfo m25p80_info = {
1141 .name = TYPE_M25P80,
1142 .parent = TYPE_SSI_SLAVE,
1143 .instance_size = sizeof(Flash),
1144 .class_size = sizeof(M25P80Class),
1145 .abstract = true,
1146};
1147
1148static void m25p80_register_types(void)
1149{
1150 int i;
1151
1152 type_register_static(&m25p80_info);
1153 for (i = 0; i < ARRAY_SIZE(known_devices); ++i) {
1154 TypeInfo ti = {
1155 .name = known_devices[i].part_name,
1156 .parent = TYPE_M25P80,
1157 .class_init = m25p80_class_init,
1158 .class_data = (void *)&known_devices[i],
1159 };
1160 type_register(&ti);
1161 }
1162}
1163
1164type_init(m25p80_register_types)
1165
