1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24#include "qemu/osdep.h"
25#include "hw/hw.h"
26#include "sysemu/block-backend.h"
27#include "sysemu/blockdev.h"
28#include "hw/ssi/ssi.h"
29#include "qemu/bitops.h"
30#include "qemu/log.h"
31
32#ifndef M25P80_ERR_DEBUG
33#define M25P80_ERR_DEBUG 0
34#endif
35
36#define DB_PRINT_L(level, ...) do { \
37 if (M25P80_ERR_DEBUG > (level)) { \
38 qemu_log(": %s: ", __func__); \
39 qemu_log(__VA_ARGS__); \
40 } \
41} while (0);
42
43
44
45
46#define ER_4K 1
47#define ER_32K 2
48
49
50
51#define EEPROM 0x100
52
53
54#define MAX_3BYTES_SIZE 0x1000000
55
56#define WR_1 0x100
57
58#define BAR_7_4_BYTE_ADDR (1<<7)
59
60typedef struct FlashPartInfo {
61 const char *part_name;
62
63 uint32_t jedec;
64
65 uint16_t ext_jedec;
66
67
68
69
70 uint32_t sector_size;
71 uint32_t n_sectors;
72 uint32_t page_size;
73 uint16_t flags;
74
75 uint8_t manf_id;
76 uint8_t dev_id;
77} FlashPartInfo;
78
79
80
81#define INFO(_part_name, _jedec, _ext_jedec, _manf_id, _dev_id, _sector_size, _n_sectors, _flags)\
82 .part_name = (_part_name),\
83 .jedec = (_jedec),\
84 .ext_jedec = (_ext_jedec),\
85 .manf_id = (_manf_id), \
86 .dev_id = (_dev_id), \
87 .sector_size = (_sector_size),\
88 .n_sectors = (_n_sectors),\
89 .page_size = 256,\
90 .flags = (_flags),\
91
92#define JEDEC_NUMONYX 0x20
93#define JEDEC_WINBOND 0xEF
94#define JEDEC_SPANSION 0x01
95
96
97#define VCFG_DUMMY 0x1
98#define VCFG_WRAP_SEQUENTIAL 0x2
99#define NVCFG_XIP_MODE_DISABLED (7 << 9)
100#define NVCFG_XIP_MODE_MASK (7 << 9)
101#define VCFG_XIP_MODE_ENABLED (1 << 3)
102#define CFG_DUMMY_CLK_LEN 4
103#define NVCFG_DUMMY_CLK_POS 12
104#define VCFG_DUMMY_CLK_POS 4
105#define EVCFG_OUT_DRIVER_STRENGHT_DEF 7
106#define EVCFG_VPP_ACCELERATOR (1 << 3)
107#define EVCFG_RESET_HOLD_ENABLED (1 << 4)
108#define NVCFG_DUAL_IO_MASK (1 << 2)
109#define EVCFG_DUAL_IO_ENABLED (1 << 6)
110#define NVCFG_QUAD_IO_MASK (1 << 3)
111#define EVCFG_QUAD_IO_ENABLED (1 << 7)
112#define NVCFG_4BYTE_ADDR_MASK (1 << 0)
113#define NVCFG_LOWER_SEGMENT_MASK (1 << 1)
114#define CFG_UPPER_128MB_SEG_ENABLED 0x3
115
116
117#define FSR_4BYTE_ADDR_MODE_ENABLED 0x1
118#define FSR_FLASH_READY (1 << 7)
119
120static const FlashPartInfo known_devices[] = {
121
122 { INFO("at25fs010", 0x1f6601, 0, 0x00, 0x00, 32 << 10, 4, ER_4K) },
123 { INFO("at25fs040", 0x1f6604, 0, 0x00, 0x00, 64 << 10, 8, ER_4K) },
124
125 { INFO("at25df041a", 0x1f4401, 0, 0x00, 0x00, 64 << 10, 8, ER_4K) },
126 { INFO("at25df321a", 0x1f4701, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
127 { INFO("at25df641", 0x1f4800, 0, 0x00, 0x00, 64 << 10, 128, ER_4K) },
128
129 { INFO("at26f004", 0x1f0400, 0, 0x00, 0x00, 64 << 10, 8, ER_4K) },
130 { INFO("at26df081a", 0x1f4501, 0, 0x00, 0x00, 64 << 10, 16, ER_4K) },
131 { INFO("at26df161a", 0x1f4601, 0, 0x00, 0x00, 64 << 10, 32, ER_4K) },
132 { INFO("at26df321", 0x1f4700, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
133
134 { INFO("at45db081d", 0x1f2500, 0, 0x00, 0x00, 64 << 10, 16, ER_4K) },
135
136
137 { INFO("en25f32", 0x1c3116, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
138 { INFO("en25p32", 0x1c2016, 0, 0x00, 0x00, 64 << 10, 64, 0) },
139 { INFO("en25q32b", 0x1c3016, 0, 0x00, 0x00, 64 << 10, 64, 0) },
140 { INFO("en25p64", 0x1c2017, 0, 0x00, 0x00, 64 << 10, 128, 0) },
141 { INFO("en25q64", 0x1c3017, 0, 0x00, 0x00, 64 << 10, 128, ER_4K) },
142
143
144 { INFO("gd25q32", 0xc84016, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
145 { INFO("gd25q64", 0xc84017, 0, 0x00, 0x00, 64 << 10, 128, ER_4K) },
146
147
148 { INFO("160s33b", 0x898911, 0, 0x00, 0x00, 64 << 10, 32, 0) },
149 { INFO("320s33b", 0x898912, 0, 0x00, 0x00, 64 << 10, 64, 0) },
150 { INFO("640s33b", 0x898913, 0, 0x00, 0x00, 64 << 10, 128, 0) },
151 { INFO("n25q064", 0x20ba17, 0, 0x00, 0x00, 64 << 10, 128, 0) },
152
153
154 { INFO("mx25l2005a", 0xc22012, 0, 0x00, 0x00, 64 << 10, 4, ER_4K) },
155 { INFO("mx25l4005a", 0xc22013, 0, 0x00, 0x00, 64 << 10, 8, ER_4K) },
156 { INFO("mx25l8005", 0xc22014, 0, 0x00, 0x00, 64 << 10, 16, 0) },
157 { INFO("mx25l1606e", 0xc22015, 0, 0x00, 0x00, 64 << 10, 32, ER_4K) },
158 { INFO("mx25l3205d", 0xc22016, 0, 0x00, 0x00, 64 << 10, 64, 0) },
159 { INFO("mx25l6405d", 0xc22017, 0, 0x00, 0x00, 64 << 10, 128, 0) },
160 { INFO("mx25l12805d", 0xc22018, 0, 0x00, 0x00, 64 << 10, 256, 0) },
161 { INFO("mx25l12855e", 0xc22618, 0, 0x00, 0x00, 64 << 10, 256, 0) },
162 { INFO("mx25l25635e", 0xc22019, 0, 0x00, 0x00, 64 << 10, 512, 0) },
163 { INFO("mx25l25655e", 0xc22619, 0, 0x00, 0x00, 64 << 10, 512, 0) },
164 { INFO("mx66l1g55g", 0xc2261b, 0, 0x00, 0x00, 64 << 10, 2048, ER_4K) },
165
166
167 { INFO("n25q032a11", 0x20bb16, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
168 { INFO("n25q032a13", 0x20ba16, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
169 { INFO("n25q064a11", 0x20bb17, 0, 0x00, 0x00, 64 << 10, 128, ER_4K) },
170 { INFO("n25q064a13", 0x20ba17, 0, 0x00, 0x00, 64 << 10, 128, ER_4K) },
171 { INFO("n25q128a11", 0x20bb18, 0, 0x00, 0x00, 64 << 10, 256, ER_4K) },
172 { INFO("n25q128a13", 0x20ba18, 0, 0x00, 0x00, 64 << 10, 256, ER_4K) },
173 { INFO("n25q256a11", 0x20bb19, 0, 0x00, 0x00, 64 << 10, 512, ER_4K) },
174 { INFO("n25q256a13", 0x20ba19, 0, 0x00, 0x00, 64 << 10, 512, ER_4K) },
175 { INFO("n25q512a11", 0x20bb20, 0, 0x00, 0x00, 64 << 10, 1024, ER_4K) },
176 { INFO("n25q512a13", 0x20ba20, 0, 0x00, 0x00, 64 << 10, 1024, ER_4K) },
177 { INFO("m25qu02gcbb", 0x22bb20, 0, 0x00, 0x00, 64 << 10, 4096, ER_4K) },
178
179
180
181
182 { INFO("s25sl032p", 0x010215, 0x4d00, 0x00, 0x00, 64 << 10, 64, ER_4K) },
183 { INFO("s25sl064p", 0x010216, 0x4d00, 0x00, 0x00, 64 << 10, 128, ER_4K) },
184 { INFO("s25fl256s0", 0x010219, 0x4d00, 0x00, 0x00, 256 << 10, 128, 0) },
185 { INFO("s25fl256s1", 0x010219, 0x4d01, 0x00, 0x00, 64 << 10, 512, 0) },
186 { INFO("s25fl512s", 0x010220, 0x4d00, 0x00, 0x00, 256 << 10, 256, 0) },
187 { INFO("s70fl01gs", 0x010221, 0x4d00, 0x00, 0x00, 256 << 10, 256, 0) },
188 { INFO("s25sl12800", 0x012018, 0x0300, 0x00, 0x00, 256 << 10, 64, 0) },
189 { INFO("s25sl12801", 0x012018, 0x0301, 0x00, 0x00, 64 << 10, 256, 0) },
190 { INFO("s25fl129p0", 0x012018, 0x4d00, 0x00, 0x00, 256 << 10, 64, 0) },
191 { INFO("s25fl129p1", 0x012018, 0x4d01, 0x00, 0x00, 64 << 10, 256, 0) },
192 { INFO("s25sl004a", 0x010212, 0, 0x00, 0x00, 64 << 10, 8, 0) },
193 { INFO("s25sl008a", 0x010213, 0, 0x00, 0x00, 64 << 10, 16, 0) },
194 { INFO("s25sl016a", 0x010214, 0, 0x00, 0x00, 64 << 10, 32, 0) },
195 { INFO("s25sl032a", 0x010215, 0, 0x00, 0x00, 64 << 10, 64, 0) },
196 { INFO("s25sl064a", 0x010216, 0, 0x00, 0x00, 64 << 10, 128, 0) },
197 { INFO("s25fl016k", 0xef4015, 0, 0x00, 0x00, 64 << 10, 32, ER_4K | ER_32K) },
198 { INFO("s25fl064k", 0xef4017, 0, 0x00, 0x00, 64 << 10, 128, ER_4K | ER_32K) },
199
200
201 { INFO("sst25vf040b", 0xbf258d, 0, 0x00, 0x00, 64 << 10, 8, ER_4K) },
202 { INFO("sst25vf080b", 0xbf258e, 0, 0x00, 0x00, 64 << 10, 16, ER_4K) },
203 { INFO("sst25vf016b", 0xbf2541, 0, 0x00, 0x00, 64 << 10, 32, ER_4K) },
204 { INFO("sst25vf032b", 0xbf254a, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
205 { INFO("sst25wf512", 0xbf2501, 0, 0x00, 0x00, 64 << 10, 1, ER_4K) },
206 { INFO("sst25wf010", 0xbf2502, 0, 0x00, 0x00, 64 << 10, 2, ER_4K) },
207 { INFO("sst25wf020", 0xbf2503, 0, 0x00, 0x00, 64 << 10, 4, ER_4K) },
208 { INFO("sst25wf040", 0xbf2504, 0, 0x00, 0x00, 64 << 10, 8, ER_4K) },
209 { INFO("sst25wf080", 0xbf2505, 0, 0xbf, 0x05, 64 << 10, 16, ER_4K) },
210
211
212 { INFO("m25p05", 0x202010, 0, 0x00, 0x00, 32 << 10, 2, 0) },
213 { INFO("m25p10", 0x202011, 0, 0x00, 0x00, 32 << 10, 4, 0) },
214 { INFO("m25p20", 0x202012, 0, 0x00, 0x00, 64 << 10, 4, 0) },
215 { INFO("m25p40", 0x202013, 0, 0x00, 0x00, 64 << 10, 8, 0) },
216 { INFO("m25p80", 0x202014, 0, 0x00, 0x00, 64 << 10, 16, 0) },
217 { INFO("m25p16", 0x202015, 0, 0x00, 0x00, 64 << 10, 32, 0) },
218 { INFO("m25p32", 0x202016, 0, 0x00, 0x00, 64 << 10, 64, 0) },
219 { INFO("m25p64", 0x202017, 0, 0x00, 0x00, 64 << 10, 128, 0) },
220 { INFO("m25p128", 0x202018, 0, 0x00, 0x00, 256 << 10, 64, 0) },
221 { INFO("n25q032", 0x20ba16, 0, 0x00, 0x00, 64 << 10, 64, 0) },
222
223 { INFO("m45pe10", 0x204011, 0, 0x00, 0x00, 64 << 10, 2, 0) },
224 { INFO("m45pe80", 0x204014, 0, 0x00, 0x00, 64 << 10, 16, 0) },
225 { INFO("m45pe16", 0x204015, 0, 0x00, 0x00, 64 << 10, 32, 0) },
226
227 { INFO("m25pe20", 0x208012, 0, 0x00, 0x00, 64 << 10, 4, 0) },
228 { INFO("m25pe80", 0x208014, 0, 0x00, 0x00, 64 << 10, 16, 0) },
229 { INFO("m25pe16", 0x208015, 0, 0x00, 0x00, 64 << 10, 32, ER_4K) },
230
231 { INFO("m25px32", 0x207116, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
232 { INFO("m25px32-s0", 0x207316, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
233 { INFO("m25px32-s1", 0x206316, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
234 { INFO("m25px64", 0x207117, 0, 0x00, 0x00, 64 << 10, 128, 0) },
235
236
237 { INFO("w25x10", 0xef3011, 0, 0x00, 0x00, 64 << 10, 2, ER_4K) },
238 { INFO("w25x20", 0xef3012, 0, 0x00, 0x00, 64 << 10, 4, ER_4K) },
239 { INFO("w25x40", 0xef3013, 0, 0x00, 0x00, 64 << 10, 8, ER_4K) },
240 { INFO("w25x80", 0xef3014, 0, 0x00, 0x00, 64 << 10, 16, ER_4K) },
241 { INFO("w25x16", 0xef3015, 0, 0x00, 0x00, 64 << 10, 32, ER_4K) },
242 { INFO("w25x32", 0xef3016, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
243 { INFO("w25q32", 0xef4016, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
244 { INFO("w25q32dw", 0xef6016, 0, 0x00, 0x00, 64 << 10, 64, ER_4K) },
245 { INFO("w25x64", 0xef3017, 0, 0x00, 0x00, 64 << 10, 128, ER_4K) },
246 { INFO("w25q64", 0xef4017, 0, 0x00, 0x00, 64 << 10, 128, ER_4K) },
247 { INFO("w25q80", 0xef5014, 0, 0x00, 0x00, 64 << 10, 16, ER_4K) },
248 { INFO("w25q80bl", 0xef4014, 0, 0x00, 0x00, 64 << 10, 16, ER_4K) },
249 { INFO("w25q256", 0xef4019, 0, 0x00, 0x00, 64 << 10, 512, ER_4K) },
250
251
252 { INFO("n25q128", 0x20ba18, 0, 0x00, 0x00, 64 << 10, 256, 0) },
253};
254
255typedef enum {
256 NOP = 0,
257 WRSR = 0x1,
258 WRDI = 0x4,
259 RDSR = 0x5,
260 RDFSR = 0x70,
261 WREN = 0x6,
262 BRRD = 0x16,
263 BRWR = 0x17,
264 JEDEC_READ = 0x9f,
265 BULK_ERASE = 0xc7,
266 READ_FSR = 0x70,
267
268 READ = 0x03,
269 READ4 = 0x13,
270 FAST_READ = 0x0b,
271 FAST_READ4 = 0x0c,
272 DOR = 0x3b,
273 DOR4 = 0x3c,
274 QOR = 0x6b,
275 QOR4 = 0x6c,
276 DIOR = 0xbb,
277 DIOR4 = 0xbc,
278 QIOR = 0xeb,
279 QIOR4 = 0xec,
280
281 PP = 0x02,
282 PP4 = 0x12,
283 DPP = 0xa2,
284 QPP = 0x32,
285 QPP4 = 0x34,
286 RDID_90 = 0x90,
287 RDID_AB = 0xab,
288 AAI = 0xad,
289
290 ERASE_4K = 0x20,
291 ERASE4_4K = 0x21,
292 ERASE_32K = 0x52,
293 ERASE_SECTOR = 0xd8,
294 ERASE4_SECTOR = 0xdc,
295
296 EN_4BYTE_ADDR = 0xB7,
297 EX_4BYTE_ADDR = 0xE9,
298
299 BULK_ERASE_C7 = 0xc7,
300 BULK_ERASE_60 = 0x60,
301
302 EXTEND_ADDR_READ = 0xC8,
303 EXTEND_ADDR_WRITE = 0xC5,
304
305 RESET_ENABLE = 0x66,
306 RESET_MEMORY = 0x99,
307
308 RNVCR = 0xB5,
309 WNVCR = 0xB1,
310
311 RVCR = 0x85,
312 WVCR = 0x81,
313
314 REVCR = 0x65,
315 WEVCR = 0x61,
316} FlashCMD;
317
318typedef enum {
319 STATE_IDLE,
320 STATE_PAGE_PROGRAM,
321 STATE_READ,
322 STATE_COLLECTING_DATA,
323 STATE_READING_DATA,
324 DUMMY_CYCLE_WAIT,
325} CMDState;
326
327typedef struct Flash {
328 SSISlave parent_obj;
329
330 uint32_t r;
331
332 BlockBackend *blk;
333
334 uint8_t *storage;
335 uint32_t size;
336 int page_size;
337
338 uint8_t state;
339 uint8_t data[16];
340 uint32_t len;
341 uint32_t pos;
342 bool data_read_loop;
343 uint8_t needed_bytes;
344 uint8_t cmd_in_progress;
345 uint64_t cur_addr;
346 uint32_t nonvolatile_cfg;
347 uint32_t volatile_cfg;
348 uint32_t enh_volatile_cfg;
349 bool write_enable;
350 bool four_bytes_address_mode;
351 bool reset_enable;
352 uint8_t ear;
353
354 bool aai_in_progress;
355 int64_t dirty_page;
356
357 uint8_t bar;
358 uint8_t n_datalines;
359 uint8_t n_dummy_cycles;
360 uint8_t dummy_count;
361 const FlashPartInfo *pi;
362} Flash;
363
364typedef struct M25P80Class {
365 SSISlaveClass parent_class;
366 FlashPartInfo *pi;
367} M25P80Class;
368
369#define TYPE_M25P80 "m25p80-generic"
370#define M25P80(obj) \
371 OBJECT_CHECK(Flash, (obj), TYPE_M25P80)
372#define M25P80_CLASS(klass) \
373 OBJECT_CLASS_CHECK(M25P80Class, (klass), TYPE_M25P80)
374#define M25P80_GET_CLASS(obj) \
375 OBJECT_GET_CLASS(M25P80Class, (obj), TYPE_M25P80)
376
377static void blk_sync_complete(void *opaque, int ret)
378{
379 QEMUIOVector *iov = opaque;
380
381 qemu_iovec_destroy(iov);
382 g_free(iov);
383
384
385
386
387}
388
389static void flash_sync_page(Flash *s, int page)
390{
391 QEMUIOVector *iov;
392
393 if (!s->blk || blk_is_read_only(s->blk)) {
394 return;
395 }
396
397 iov = g_new(QEMUIOVector, 1);
398 qemu_iovec_init(iov, 1);
399 qemu_iovec_add(iov, s->storage + page * s->pi->page_size,
400 s->pi->page_size);
401 blk_aio_pwritev(s->blk, page * s->pi->page_size, iov, 0,
402 blk_sync_complete, iov);
403}
404
405static inline void flash_sync_area(Flash *s, int64_t off, int64_t len)
406{
407 QEMUIOVector *iov;
408
409 if (!s->blk || blk_is_read_only(s->blk)) {
410 return;
411 }
412
413 assert(!(len % BDRV_SECTOR_SIZE));
414 iov = g_new(QEMUIOVector, 1);
415 qemu_iovec_init(iov, 1);
416 qemu_iovec_add(iov, s->storage + off, len);
417 blk_aio_pwritev(s->blk, off, iov, 0, blk_sync_complete, iov);
418}
419
420static void flash_erase(Flash *s, int offset, FlashCMD cmd)
421{
422 uint32_t len;
423 uint8_t capa_to_assert = 0;
424
425 switch (cmd) {
426 case ERASE_4K:
427 len = 4 << 10;
428 capa_to_assert = ER_4K;
429 break;
430 case ERASE_32K:
431 len = 32 << 10;
432 capa_to_assert = ER_32K;
433 break;
434 case ERASE_SECTOR:
435 case ERASE4_SECTOR:
436 len = s->pi->sector_size;
437 break;
438 case BULK_ERASE:
439 len = s->size;
440 break;
441 default:
442 abort();
443 }
444
445 DB_PRINT_L(0, "offset = %#x, len = %d\n", offset, len);
446 if ((s->pi->flags & capa_to_assert) != capa_to_assert) {
447 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: %d erase size not supported by"
448 " device\n", len);
449 }
450
451 if (!s->write_enable) {
452 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: erase with write protect!\n");
453 return;
454 }
455 memset(s->storage + offset, 0xff, len);
456 flash_sync_area(s, offset, len);
457}
458
459static inline void flash_sync_dirty(Flash *s, int64_t newpage)
460{
461 if (s->dirty_page >= 0 && s->dirty_page != newpage) {
462 flash_sync_page(s, s->dirty_page);
463 s->dirty_page = newpage;
464 }
465}
466
467static inline
468void flash_write8(Flash *s, uint64_t addr, uint8_t data)
469{
470 int64_t page = addr / s->pi->page_size;
471 uint8_t prev = s->storage[s->cur_addr];
472
473 if (!s->write_enable) {
474 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: write with write protect!\n");
475 }
476
477 if ((prev ^ data) & data) {
478 DB_PRINT_L(1, "programming zero to one! addr=%" PRIx64 " %" PRIx8
479 " -> %" PRIx8 "\n", addr, prev, data);
480 }
481
482 if (s->pi->flags & EEPROM) {
483 s->storage[s->cur_addr] = data;
484 } else {
485 s->storage[s->cur_addr] &= data;
486 }
487
488 flash_sync_dirty(s, page);
489 s->dirty_page = page;
490}
491
492static inline int get_addr_length(Flash *s)
493{
494
495 if (s->pi->flags == EEPROM) {
496 return 2;
497 }
498
499 switch (s->cmd_in_progress) {
500 case PP4:
501 case READ4:
502 case QIOR4:
503 case ERASE4_4K:
504 case ERASE4_SECTOR:
505 case FAST_READ4:
506 case DOR4:
507 case QOR4:
508 case DIOR4:
509 return 4;
510 default:
511 return s->four_bytes_address_mode ? 4 : 3;
512 }
513}
514
515static inline void flash_write(Flash *s, uint8_t data, int num_bits)
516{
517 int64_t page = (s->cur_addr >> 3) / s->pi->page_size;
518 uint8_t prev = s->storage[s->cur_addr >> 3];
519 uint32_t data_mask = ((1ul << num_bits) - 1) <<
520 (8 - (s->cur_addr & 0x7) - num_bits);
521
522 assert(!(data_mask & ~0xfful));
523 data <<= 8 - (s->cur_addr & 0x7) - num_bits;
524
525 if (!s->write_enable) {
526 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: write with write protect!\n");
527 }
528
529 if (s->pi->flags & WR_1) {
530 s->storage[s->cur_addr >> 3] = (prev & ~data_mask) | (data & data_mask);
531 } else {
532 if ((prev ^ data) & data & data_mask) {
533 DB_PRINT_L(1, "programming zero to one! addr=%" PRIx64 " %" PRIx8
534 " -> %" PRIx8 ", mask = %" PRIx32 "\n",
535 s->cur_addr >> 3, prev, data, data_mask);
536 }
537 s->storage[s->cur_addr >> 3] &= data | ~data_mask;
538 }
539
540 flash_sync_dirty(s, page);
541 s->dirty_page = page;
542}
543
544static inline bool set_dummy_cycles(Flash *s, uint8_t num)
545{
546 if (s->dummy_count == 0) {
547
548 s->n_dummy_cycles = num * s->n_datalines;
549 return true;
550 } else {
551
552 s->dummy_count = 0;
553 return false;
554 }
555}
556
557static void complete_collecting_data(Flash *s)
558{
559 int i;
560 bool dummy_state = false;
561
562 s->cur_addr = 0;
563
564 for (i = 0; i < get_addr_length(s); ++i) {
565 s->cur_addr <<= 8;
566 s->cur_addr |= s->data[i];
567 }
568
569 if (get_addr_length(s) == 3) {
570 s->cur_addr += (s->ear & 0x3) * MAX_3BYTES_SIZE;
571 }
572
573 s->state = STATE_IDLE;
574
575 switch (s->cmd_in_progress) {
576 case DPP:
577 case QPP:
578 case AAI:
579 case PP:
580 s->state = STATE_PAGE_PROGRAM;
581 break;
582 case QPP4:
583 case PP4:
584 s->state = STATE_PAGE_PROGRAM;
585 break;
586 case FAST_READ:
587 case DOR:
588 case QOR:
589 case DIOR:
590 case QIOR:
591
592 dummy_state = set_dummy_cycles(s, 1);
593 case READ:
594 if (dummy_state == true) {
595 s->state = DUMMY_CYCLE_WAIT;
596 } else {
597 s->state = STATE_READ;
598 }
599 break;
600 case FAST_READ4:
601 case DOR4:
602 case QOR4:
603 case DIOR4:
604 case QIOR4:
605
606 dummy_state = set_dummy_cycles(s, 1);
607 case READ4:
608 if (dummy_state == false) {
609 s->state = STATE_READ;
610 } else {
611 s->state = DUMMY_CYCLE_WAIT;
612 }
613 break;
614 case ERASE_SECTOR:
615 case ERASE_4K:
616 case ERASE_32K:
617 flash_erase(s, s->cur_addr, s->cmd_in_progress);
618 break;
619 case ERASE4_SECTOR:
620 flash_erase(s, s->cur_addr, s->cmd_in_progress);
621 break;
622 case WRSR:
623 if (s->write_enable) {
624 s->write_enable = false;
625 }
626 break;
627 case EXTEND_ADDR_WRITE:
628 s->ear = s->data[0];
629 break;
630 case WNVCR:
631 s->nonvolatile_cfg = s->data[0] | (s->data[1] << 8);
632 break;
633 case WVCR:
634 s->volatile_cfg = s->data[0];
635 break;
636 case WEVCR:
637 s->enh_volatile_cfg = s->data[0];
638 break;
639 case BRWR:
640 s->bar = s->data[0];
641 break;
642 default:
643 break;
644 }
645
646 s->cur_addr <<= 3;
647}
648
649static void reset_memory(Flash *s)
650{
651 s->cmd_in_progress = NOP;
652 s->cur_addr = 0;
653 s->ear = 0;
654 s->four_bytes_address_mode = false;
655 s->len = 0;
656 s->needed_bytes = 0;
657 s->pos = 0;
658 s->state = STATE_IDLE;
659 s->write_enable = false;
660 s->reset_enable = false;
661
662 if (((s->pi->jedec >> 16) & 0xFF) == JEDEC_NUMONYX) {
663 s->volatile_cfg = 0;
664 s->volatile_cfg |= VCFG_DUMMY;
665 s->volatile_cfg |= VCFG_WRAP_SEQUENTIAL;
666 if ((s->nonvolatile_cfg & NVCFG_XIP_MODE_MASK)
667 != NVCFG_XIP_MODE_DISABLED) {
668 s->volatile_cfg |= VCFG_XIP_MODE_ENABLED;
669 }
670 s->volatile_cfg |= deposit32(s->volatile_cfg,
671 VCFG_DUMMY_CLK_POS,
672 CFG_DUMMY_CLK_LEN,
673 extract32(s->nonvolatile_cfg,
674 NVCFG_DUMMY_CLK_POS,
675 CFG_DUMMY_CLK_LEN)
676 );
677
678 s->enh_volatile_cfg = 0;
679 s->enh_volatile_cfg |= EVCFG_OUT_DRIVER_STRENGHT_DEF;
680 s->enh_volatile_cfg |= EVCFG_VPP_ACCELERATOR;
681 s->enh_volatile_cfg |= EVCFG_RESET_HOLD_ENABLED;
682 if (s->nonvolatile_cfg & NVCFG_DUAL_IO_MASK) {
683 s->enh_volatile_cfg |= EVCFG_DUAL_IO_ENABLED;
684 }
685 if (s->nonvolatile_cfg & NVCFG_QUAD_IO_MASK) {
686 s->enh_volatile_cfg |= EVCFG_QUAD_IO_ENABLED;
687 }
688 if (!(s->nonvolatile_cfg & NVCFG_4BYTE_ADDR_MASK)) {
689 s->four_bytes_address_mode = true;
690 }
691 if (!(s->nonvolatile_cfg & NVCFG_LOWER_SEGMENT_MASK)) {
692 s->ear = CFG_UPPER_128MB_SEG_ENABLED;
693 }
694 }
695
696 DB_PRINT_L(0, "Reset done.\n");
697}
698
699static void decode_new_cmd(Flash *s, uint32_t value)
700{
701 s->cmd_in_progress = value;
702 DB_PRINT_L(0, "decoded new command:%x\n", value);
703
704 if (value != RESET_MEMORY) {
705 s->reset_enable = false;
706 }
707
708 s->needed_bytes = 0;
709
710 switch (value) {
711
712 case READ4:
713 case ERASE4_SECTOR:
714 case QPP4:
715 case PP4:
716 if (s->four_bytes_address_mode == false) {
717 s->needed_bytes += 1;
718 }
719 case ERASE_4K:
720 case ERASE_32K:
721 case ERASE_SECTOR:
722 case READ:
723 case DPP:
724 case QPP:
725 case PP:
726 case QOR:
727 case FAST_READ:
728 case DOR:
729 if (s->four_bytes_address_mode) {
730 s->needed_bytes += 1;
731 }
732 s->needed_bytes += 3;
733 s->pos = 0;
734 s->len = 0;
735 s->state = STATE_COLLECTING_DATA;
736 break;
737
738 case AAI:
739 if (!s->aai_in_progress) {
740 s->aai_in_progress = true;
741 s->needed_bytes += 3;
742 s->pos = 0;
743 s->len = 0;
744 s->state = STATE_COLLECTING_DATA;
745 } else {
746 s->state = STATE_PAGE_PROGRAM;
747 }
748 break;
749 case FAST_READ4:
750 case DOR4:
751 case QOR4:
752 s->needed_bytes += 4;
753 s->pos = 0;
754 s->len = 0;
755 s->state = STATE_COLLECTING_DATA;
756 break;
757
758 case DIOR4:
759 s->needed_bytes += 1;
760 case DIOR:
761 switch ((s->pi->jedec >> 16) & 0xFF) {
762 case JEDEC_WINBOND:
763 case JEDEC_SPANSION:
764 s->needed_bytes += 4;
765 break;
766 case JEDEC_NUMONYX:
767 default:
768 s->needed_bytes += 5;
769 }
770 s->pos = 0;
771 s->len = 0;
772 s->state = STATE_COLLECTING_DATA;
773 break;
774
775 case QIOR4:
776 s->needed_bytes += 1;
777 case QIOR:
778 switch ((s->pi->jedec >> 16) & 0xFF) {
779 case JEDEC_WINBOND:
780 case JEDEC_SPANSION:
781 s->needed_bytes += 6;
782 break;
783 case JEDEC_NUMONYX:
784 default:
785 s->needed_bytes += 8;
786 }
787 s->pos = 0;
788 s->len = 0;
789 s->state = STATE_COLLECTING_DATA;
790 break;
791
792 case WRSR:
793 if (s->write_enable) {
794 s->needed_bytes = 1;
795 s->pos = 0;
796 s->len = 0;
797 s->state = STATE_COLLECTING_DATA;
798 }
799 break;
800
801 case BRWR:
802 if (s->write_enable) {
803 s->needed_bytes = 1;
804 s->pos = 0;
805 s->len = 0;
806 s->state = STATE_COLLECTING_DATA;
807 }
808 break;
809
810 case WRDI:
811 s->write_enable = false;
812 s->aai_in_progress = false;
813 break;
814 case WREN:
815 s->write_enable = true;
816 break;
817
818 case RDSR:
819 s->data[0] = (!!s->write_enable) << 1;
820 s->pos = 0;
821 s->len = 1;
822 s->data_read_loop = true;
823 s->state = STATE_READING_DATA;
824 break;
825
826 case RDFSR:
827 s->data[0] = 1 << 7;
828 s->pos = 0;
829 s->len = 1;
830 s->data_read_loop = true;
831 s->state = STATE_READING_DATA;
832 break;
833
834
835 case BRRD:
836 s->data[0] = s->bar;
837 s->pos = 0;
838 s->len = 1;
839 s->data_read_loop = false;
840 s->state = STATE_READING_DATA;
841 break;
842
843 case JEDEC_READ:
844 DB_PRINT_L(0, "populated jedec code\n");
845 s->data[0] = (s->pi->jedec >> 16) & 0xff;
846 s->data[1] = (s->pi->jedec >> 8) & 0xff;
847 s->data[2] = s->pi->jedec & 0xff;
848 if (s->pi->ext_jedec) {
849 s->data[3] = (s->pi->ext_jedec >> 8) & 0xff;
850 s->data[4] = s->pi->ext_jedec & 0xff;
851 s->len = 5;
852 } else {
853 s->len = 3;
854 }
855 s->pos = 0;
856 s->data_read_loop = false;
857 s->state = STATE_READING_DATA;
858 break;
859
860 case RDID_90:
861 case RDID_AB:
862 DB_PRINT_L(0, "populated manf/dev ID\n");
863 s->data[0] = s->pi->manf_id;
864 s->data[1] = s->pi->dev_id;
865 s->pos = 0;
866 s->len = 2;
867 s->data_read_loop = true;
868 s->state = STATE_READING_DATA;
869 break;
870
871 case BULK_ERASE_60:
872 case BULK_ERASE_C7:
873 if (s->write_enable) {
874 DB_PRINT_L(0, "chip erase\n");
875 flash_erase(s, 0, BULK_ERASE);
876 } else {
877 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: chip erase with write "
878 "protect!\n");
879 }
880 break;
881 case NOP:
882 break;
883 case EN_4BYTE_ADDR:
884 s->four_bytes_address_mode = true;
885 break;
886 case EX_4BYTE_ADDR:
887 s->four_bytes_address_mode = false;
888 break;
889 case EXTEND_ADDR_READ:
890 s->data[0] = s->ear;
891 s->pos = 0;
892 s->len = 1;
893 s->state = STATE_READING_DATA;
894 break;
895 case EXTEND_ADDR_WRITE:
896 if (s->write_enable) {
897 s->needed_bytes = 1;
898 s->pos = 0;
899 s->len = 0;
900 s->state = STATE_COLLECTING_DATA;
901 }
902 break;
903 case RNVCR:
904 s->data[0] = s->nonvolatile_cfg & 0xFF;
905 s->data[1] = (s->nonvolatile_cfg >> 8) & 0xFF;
906 s->pos = 0;
907 s->len = 2;
908 s->state = STATE_READING_DATA;
909 break;
910 case WNVCR:
911 if (s->write_enable) {
912 s->needed_bytes = 2;
913 s->pos = 0;
914 s->len = 0;
915 s->state = STATE_COLLECTING_DATA;
916 }
917 break;
918 case RVCR:
919 s->data[0] = s->volatile_cfg & 0xFF;
920 s->pos = 0;
921 s->len = 1;
922 s->state = STATE_READING_DATA;
923 break;
924 case WVCR:
925 if (s->write_enable) {
926 s->needed_bytes = 1;
927 s->pos = 0;
928 s->len = 0;
929 s->state = STATE_COLLECTING_DATA;
930 }
931 case REVCR:
932 s->data[0] = s->enh_volatile_cfg & 0xFF;
933 s->pos = 0;
934 s->len = 1;
935 s->state = STATE_READING_DATA;
936 break;
937 case WEVCR:
938 if (s->write_enable) {
939 s->needed_bytes = 1;
940 s->pos = 0;
941 s->len = 0;
942 s->state = STATE_COLLECTING_DATA;
943 }
944 break;
945 case RESET_ENABLE:
946 s->reset_enable = true;
947 break;
948 case RESET_MEMORY:
949 if (s->reset_enable) {
950 reset_memory(s);
951 }
952 break;
953 default:
954 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value);
955 break;
956 }
957}
958
959static int m25p80_cs(SSISlave *ss, bool select)
960{
961 Flash *s = M25P80(ss);
962
963 if (select) {
964 s->len = 0;
965 s->pos = 0;
966 s->state = STATE_IDLE;
967 flash_sync_dirty(s, -1);
968 }
969
970 DB_PRINT_L(0, "%sselect\n", select ? "de" : "");
971
972 return 0;
973}
974
975static void m25p80_num_datalines(SSISlave *ss, uint8_t lines)
976{
977 Flash *s = M25P80(ss);
978 lines = lines == 0 ? 1 : lines;
979 DB_PRINT_L(0, "Num of Data Lines change %d -> %d\n", s->n_datalines, lines);
980 if (s->n_dummy_cycles) {
981 s->n_dummy_cycles *= (lines / s->n_datalines);
982 }
983 s->n_datalines = lines;
984}
985
986static uint32_t m25p80_transfer(SSISlave *ss, uint32_t tx, int num_bits)
987{
988 Flash *s = M25P80(ss);
989 uint32_t r = 0;
990
991 if (!num_bits) {
992 num_bits = 8;
993 }
994
995 switch (s->state) {
996
997 case STATE_PAGE_PROGRAM:
998 DB_PRINT_L(1, "page program cur_addr=%#" PRIx64 " data=%" PRIx8 "\n",
999 s->cur_addr, (uint8_t)tx);
1000 flash_write(s, (uint8_t)tx, num_bits);
1001 s->cur_addr += num_bits;
1002 break;
1003
1004 case STATE_READ:
1005 assert((s->cur_addr & 0x7) + num_bits <= 8);
1006 r = s->storage[s->cur_addr >> 3] >>
1007 (8 - (s->cur_addr & 0x7) - num_bits);
1008 DB_PRINT_L(1, "READ 0x%" PRIx64 "=%" PRIx8 "\n", s->cur_addr,
1009 (uint8_t)r);
1010 s->cur_addr = (s->cur_addr + num_bits) % (s->size * 8);
1011 break;
1012
1013 case STATE_COLLECTING_DATA:
1014 assert(num_bits == 8);
1015 s->data[s->len] = (uint8_t)tx;
1016 s->len++;
1017
1018 if (s->len == s->needed_bytes) {
1019 complete_collecting_data(s);
1020 }
1021 break;
1022
1023 case STATE_READING_DATA:
1024 assert(num_bits == 8);
1025 r = s->data[s->pos];
1026 s->pos++;
1027 if (s->pos == s->len) {
1028 s->pos = 0;
1029 if (!s->data_read_loop) {
1030 s->state = STATE_IDLE;
1031 }
1032 }
1033 break;
1034
1035 case DUMMY_CYCLE_WAIT:
1036 s->dummy_count++;
1037 DB_PRINT_L(0, "Dummy Byte/Cycle %d\n", s->dummy_count);
1038 s->n_dummy_cycles--;
1039 if (!s->n_dummy_cycles) {
1040 complete_collecting_data(s);
1041 }
1042 break;
1043 default:
1044 case STATE_IDLE:
1045 assert(num_bits == 8);
1046 decode_new_cmd(s, (uint8_t)tx);
1047 break;
1048 }
1049
1050 return r;
1051}
1052
1053static int m25p80_init(SSISlave *ss)
1054{
1055 DriveInfo *dinfo;
1056 Flash *s = M25P80(ss);
1057 M25P80Class *mc = M25P80_GET_CLASS(s);
1058
1059
1060 s->n_datalines = 1;
1061
1062 s->pi = mc->pi;
1063
1064 s->size = s->pi->sector_size * s->pi->n_sectors;
1065 s->dirty_page = -1;
1066
1067
1068 dinfo = drive_get_next(IF_MTD);
1069
1070 if (dinfo) {
1071 DB_PRINT_L(0, "Binding to IF_MTD drive\n");
1072 s->blk = blk_by_legacy_dinfo(dinfo);
1073 blk_attach_dev_nofail(s->blk, s);
1074
1075 s->storage = blk_blockalign(s->blk, s->size);
1076
1077
1078 if (blk_pread(s->blk, 0, s->storage, s->size) != s->size) {
1079 fprintf(stderr, "Failed to initialize SPI flash!\n");
1080 return 1;
1081 }
1082 } else {
1083 DB_PRINT_L(0, "No BDRV - binding to RAM\n");
1084 s->storage = blk_blockalign(NULL, s->size);
1085 memset(s->storage, 0xFF, s->size);
1086 }
1087
1088 return 0;
1089}
1090
1091static void m25p80_reset(DeviceState *d)
1092{
1093 Flash *s = M25P80(d);
1094
1095 reset_memory(s);
1096}
1097
1098static void m25p80_pre_save(void *opaque)
1099{
1100 flash_sync_dirty((Flash *)opaque, -1);
1101}
1102
1103static Property m25p80_properties[] = {
1104 DEFINE_PROP_UINT32("nonvolatile-cfg", Flash, nonvolatile_cfg, 0x8FFF),
1105 DEFINE_PROP_END_OF_LIST(),
1106};
1107
1108static const VMStateDescription vmstate_m25p80 = {
1109 .name = "xilinx_spi",
1110 .version_id = 2,
1111 .minimum_version_id = 1,
1112 .pre_save = m25p80_pre_save,
1113 .fields = (VMStateField[]) {
1114 VMSTATE_UINT8(state, Flash),
1115 VMSTATE_UINT8_ARRAY(data, Flash, 16),
1116 VMSTATE_UINT32(len, Flash),
1117 VMSTATE_UINT32(pos, Flash),
1118 VMSTATE_UINT8(needed_bytes, Flash),
1119 VMSTATE_UINT8(cmd_in_progress, Flash),
1120 VMSTATE_UINT64(cur_addr, Flash),
1121 VMSTATE_BOOL(write_enable, Flash),
1122 VMSTATE_BOOL_V(reset_enable, Flash, 2),
1123 VMSTATE_UINT8_V(ear, Flash, 2),
1124 VMSTATE_BOOL_V(four_bytes_address_mode, Flash, 2),
1125 VMSTATE_UINT32_V(nonvolatile_cfg, Flash, 2),
1126 VMSTATE_UINT32_V(volatile_cfg, Flash, 2),
1127 VMSTATE_UINT32_V(enh_volatile_cfg, Flash, 2),
1128 VMSTATE_END_OF_LIST()
1129 }
1130};
1131
1132static void m25p80_class_init(ObjectClass *klass, void *data)
1133{
1134 DeviceClass *dc = DEVICE_CLASS(klass);
1135 SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
1136 M25P80Class *mc = M25P80_CLASS(klass);
1137
1138 k->init = m25p80_init;
1139 k->transfer_bits = m25p80_transfer;
1140 k->set_cs = m25p80_cs;
1141 k->set_data_lines = m25p80_num_datalines;
1142 k->cs_polarity = SSI_CS_LOW;
1143 dc->vmsd = &vmstate_m25p80;
1144 dc->props = m25p80_properties;
1145 dc->reset = m25p80_reset;
1146 mc->pi = data;
1147}
1148
1149static const TypeInfo m25p80_info = {
1150 .name = TYPE_M25P80,
1151 .parent = TYPE_SSI_SLAVE,
1152 .instance_size = sizeof(Flash),
1153 .class_size = sizeof(M25P80Class),
1154 .abstract = true,
1155};
1156
1157static void m25p80_register_types(void)
1158{
1159 int i;
1160
1161 type_register_static(&m25p80_info);
1162 for (i = 0; i < ARRAY_SIZE(known_devices); ++i) {
1163 TypeInfo ti = {
1164 .name = known_devices[i].part_name,
1165 .parent = TYPE_M25P80,
1166 .class_init = m25p80_class_init,
1167 .class_data = (void *)&known_devices[i],
1168 };
1169 type_register(&ti);
1170 }
1171}
1172
1173type_init(m25p80_register_types)
1174
