1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24#include "qemu/osdep.h"
25#include "qemu/units.h"
26#include "sysemu/block-backend.h"
27#include "hw/qdev-properties.h"
28#include "hw/qdev-properties-system.h"
29#include "hw/ssi/ssi.h"
30#include "migration/vmstate.h"
31#include "qemu/bitops.h"
32#include "qemu/log.h"
33#include "qemu/module.h"
34#include "qemu/error-report.h"
35#include "qapi/error.h"
36#include "trace.h"
37#include "qom/object.h"
38
39
40
41
42#define ER_4K 1
43#define ER_32K 2
44
45
46
47#define EEPROM 0x100
48
49
50#define MAX_3BYTES_SIZE 0x1000000
51
52#define SPI_NOR_MAX_ID_LEN 6
53
54typedef struct FlashPartInfo {
55 const char *part_name;
56
57
58
59
60
61 uint8_t id[SPI_NOR_MAX_ID_LEN];
62 uint8_t id_len;
63
64
65
66
67 uint32_t sector_size;
68 uint32_t n_sectors;
69 uint32_t page_size;
70 uint16_t flags;
71
72
73
74
75
76 uint8_t die_cnt;
77} FlashPartInfo;
78
79
80
81#define INFO(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors, _flags)\
82 .part_name = _part_name,\
83 .id = {\
84 ((_jedec_id) >> 16) & 0xff,\
85 ((_jedec_id) >> 8) & 0xff,\
86 (_jedec_id) & 0xff,\
87 ((_ext_id) >> 8) & 0xff,\
88 (_ext_id) & 0xff,\
89 },\
90 .id_len = (!(_jedec_id) ? 0 : (3 + ((_ext_id) ? 2 : 0))),\
91 .sector_size = (_sector_size),\
92 .n_sectors = (_n_sectors),\
93 .page_size = 256,\
94 .flags = (_flags),\
95 .die_cnt = 0
96
97#define INFO6(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors, _flags)\
98 .part_name = _part_name,\
99 .id = {\
100 ((_jedec_id) >> 16) & 0xff,\
101 ((_jedec_id) >> 8) & 0xff,\
102 (_jedec_id) & 0xff,\
103 ((_ext_id) >> 16) & 0xff,\
104 ((_ext_id) >> 8) & 0xff,\
105 (_ext_id) & 0xff,\
106 },\
107 .id_len = 6,\
108 .sector_size = (_sector_size),\
109 .n_sectors = (_n_sectors),\
110 .page_size = 256,\
111 .flags = (_flags),\
112 .die_cnt = 0
113
114#define INFO_STACKED(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors,\
115 _flags, _die_cnt)\
116 .part_name = _part_name,\
117 .id = {\
118 ((_jedec_id) >> 16) & 0xff,\
119 ((_jedec_id) >> 8) & 0xff,\
120 (_jedec_id) & 0xff,\
121 ((_ext_id) >> 8) & 0xff,\
122 (_ext_id) & 0xff,\
123 },\
124 .id_len = (!(_jedec_id) ? 0 : (3 + ((_ext_id) ? 2 : 0))),\
125 .sector_size = (_sector_size),\
126 .n_sectors = (_n_sectors),\
127 .page_size = 256,\
128 .flags = (_flags),\
129 .die_cnt = _die_cnt
130
131#define JEDEC_NUMONYX 0x20
132#define JEDEC_WINBOND 0xEF
133#define JEDEC_SPANSION 0x01
134
135
136#define VCFG_DUMMY 0x1
137#define VCFG_WRAP_SEQUENTIAL 0x2
138#define NVCFG_XIP_MODE_DISABLED (7 << 9)
139#define NVCFG_XIP_MODE_MASK (7 << 9)
140#define VCFG_XIP_MODE_DISABLED (1 << 3)
141#define CFG_DUMMY_CLK_LEN 4
142#define NVCFG_DUMMY_CLK_POS 12
143#define VCFG_DUMMY_CLK_POS 4
144#define EVCFG_OUT_DRIVER_STRENGTH_DEF 7
145#define EVCFG_VPP_ACCELERATOR (1 << 3)
146#define EVCFG_RESET_HOLD_ENABLED (1 << 4)
147#define NVCFG_DUAL_IO_MASK (1 << 2)
148#define EVCFG_DUAL_IO_DISABLED (1 << 6)
149#define NVCFG_QUAD_IO_MASK (1 << 3)
150#define EVCFG_QUAD_IO_DISABLED (1 << 7)
151#define NVCFG_4BYTE_ADDR_MASK (1 << 0)
152#define NVCFG_LOWER_SEGMENT_MASK (1 << 1)
153
154
155#define FSR_4BYTE_ADDR_MODE_ENABLED 0x1
156#define FSR_FLASH_READY (1 << 7)
157
158
159#define SPANSION_QUAD_CFG_POS 0
160#define SPANSION_QUAD_CFG_LEN 1
161#define SPANSION_DUMMY_CLK_POS 0
162#define SPANSION_DUMMY_CLK_LEN 4
163#define SPANSION_ADDR_LEN_POS 7
164#define SPANSION_ADDR_LEN_LEN 1
165
166
167
168
169
170
171#define SPANSION_CONTINUOUS_READ_MODE_CMD_LEN 1
172#define WINBOND_CONTINUOUS_READ_MODE_CMD_LEN 1
173
174static const FlashPartInfo known_devices[] = {
175
176 { INFO("at25fs010", 0x1f6601, 0, 32 << 10, 4, ER_4K) },
177 { INFO("at25fs040", 0x1f6604, 0, 64 << 10, 8, ER_4K) },
178
179 { INFO("at25df041a", 0x1f4401, 0, 64 << 10, 8, ER_4K) },
180 { INFO("at25df321a", 0x1f4701, 0, 64 << 10, 64, ER_4K) },
181 { INFO("at25df641", 0x1f4800, 0, 64 << 10, 128, ER_4K) },
182
183 { INFO("at26f004", 0x1f0400, 0, 64 << 10, 8, ER_4K) },
184 { INFO("at26df081a", 0x1f4501, 0, 64 << 10, 16, ER_4K) },
185 { INFO("at26df161a", 0x1f4601, 0, 64 << 10, 32, ER_4K) },
186 { INFO("at26df321", 0x1f4700, 0, 64 << 10, 64, ER_4K) },
187
188 { INFO("at45db081d", 0x1f2500, 0, 64 << 10, 16, ER_4K) },
189
190
191
192
193 { INFO("at25128a-nonjedec", 0x0, 0, 1, 131072, EEPROM) },
194 { INFO("at25256a-nonjedec", 0x0, 0, 1, 262144, EEPROM) },
195
196
197 { INFO("en25f32", 0x1c3116, 0, 64 << 10, 64, ER_4K) },
198 { INFO("en25p32", 0x1c2016, 0, 64 << 10, 64, 0) },
199 { INFO("en25q32b", 0x1c3016, 0, 64 << 10, 64, 0) },
200 { INFO("en25p64", 0x1c2017, 0, 64 << 10, 128, 0) },
201 { INFO("en25q64", 0x1c3017, 0, 64 << 10, 128, ER_4K) },
202
203
204 { INFO("gd25q32", 0xc84016, 0, 64 << 10, 64, ER_4K) },
205 { INFO("gd25q64", 0xc84017, 0, 64 << 10, 128, ER_4K) },
206
207
208 { INFO("160s33b", 0x898911, 0, 64 << 10, 32, 0) },
209 { INFO("320s33b", 0x898912, 0, 64 << 10, 64, 0) },
210 { INFO("640s33b", 0x898913, 0, 64 << 10, 128, 0) },
211 { INFO("n25q064", 0x20ba17, 0, 64 << 10, 128, 0) },
212
213
214 { INFO("is25lq040b", 0x9d4013, 0, 64 << 10, 8, ER_4K) },
215 { INFO("is25lp080d", 0x9d6014, 0, 64 << 10, 16, ER_4K) },
216 { INFO("is25lp016d", 0x9d6015, 0, 64 << 10, 32, ER_4K) },
217 { INFO("is25lp032", 0x9d6016, 0, 64 << 10, 64, ER_4K) },
218 { INFO("is25lp064", 0x9d6017, 0, 64 << 10, 128, ER_4K) },
219 { INFO("is25lp128", 0x9d6018, 0, 64 << 10, 256, ER_4K) },
220 { INFO("is25lp256", 0x9d6019, 0, 64 << 10, 512, ER_4K) },
221 { INFO("is25wp032", 0x9d7016, 0, 64 << 10, 64, ER_4K) },
222 { INFO("is25wp064", 0x9d7017, 0, 64 << 10, 128, ER_4K) },
223 { INFO("is25wp128", 0x9d7018, 0, 64 << 10, 256, ER_4K) },
224 { INFO("is25wp256", 0x9d7019, 0, 64 << 10, 512, ER_4K) },
225
226
227 { INFO("mx25l2005a", 0xc22012, 0, 64 << 10, 4, ER_4K) },
228 { INFO("mx25l4005a", 0xc22013, 0, 64 << 10, 8, ER_4K) },
229 { INFO("mx25l8005", 0xc22014, 0, 64 << 10, 16, 0) },
230 { INFO("mx25l1606e", 0xc22015, 0, 64 << 10, 32, ER_4K) },
231 { INFO("mx25l3205d", 0xc22016, 0, 64 << 10, 64, 0) },
232 { INFO("mx25l6405d", 0xc22017, 0, 64 << 10, 128, 0) },
233 { INFO("mx25l12805d", 0xc22018, 0, 64 << 10, 256, 0) },
234 { INFO("mx25l12855e", 0xc22618, 0, 64 << 10, 256, 0) },
235 { INFO6("mx25l25635e", 0xc22019, 0xc22019, 64 << 10, 512, 0) },
236 { INFO("mx25l25655e", 0xc22619, 0, 64 << 10, 512, 0) },
237 { INFO("mx66l51235f", 0xc2201a, 0, 64 << 10, 1024, ER_4K | ER_32K) },
238 { INFO("mx66u51235f", 0xc2253a, 0, 64 << 10, 1024, ER_4K | ER_32K) },
239 { INFO("mx66u1g45g", 0xc2253b, 0, 64 << 10, 2048, ER_4K | ER_32K) },
240 { INFO("mx66l1g45g", 0xc2201b, 0, 64 << 10, 2048, ER_4K | ER_32K) },
241
242
243 { INFO("n25q032a11", 0x20bb16, 0, 64 << 10, 64, ER_4K) },
244 { INFO("n25q032a13", 0x20ba16, 0, 64 << 10, 64, ER_4K) },
245 { INFO("n25q064a11", 0x20bb17, 0, 64 << 10, 128, ER_4K) },
246 { INFO("n25q064a13", 0x20ba17, 0, 64 << 10, 128, ER_4K) },
247 { INFO("n25q128a11", 0x20bb18, 0, 64 << 10, 256, ER_4K) },
248 { INFO("n25q128a13", 0x20ba18, 0, 64 << 10, 256, ER_4K) },
249 { INFO("n25q256a11", 0x20bb19, 0, 64 << 10, 512, ER_4K) },
250 { INFO("n25q256a13", 0x20ba19, 0, 64 << 10, 512, ER_4K) },
251 { INFO("n25q512a11", 0x20bb20, 0, 64 << 10, 1024, ER_4K) },
252 { INFO("n25q512a13", 0x20ba20, 0, 64 << 10, 1024, ER_4K) },
253 { INFO("n25q128", 0x20ba18, 0, 64 << 10, 256, 0) },
254 { INFO("n25q256a", 0x20ba19, 0, 64 << 10, 512, ER_4K) },
255 { INFO("n25q512a", 0x20ba20, 0, 64 << 10, 1024, ER_4K) },
256 { INFO("n25q512ax3", 0x20ba20, 0x1000, 64 << 10, 1024, ER_4K) },
257 { INFO("mt25ql512ab", 0x20ba20, 0x1044, 64 << 10, 1024, ER_4K | ER_32K) },
258 { INFO_STACKED("n25q00", 0x20ba21, 0x1000, 64 << 10, 2048, ER_4K, 4) },
259 { INFO_STACKED("n25q00a", 0x20bb21, 0x1000, 64 << 10, 2048, ER_4K, 4) },
260 { INFO_STACKED("mt25ql01g", 0x20ba21, 0x1040, 64 << 10, 2048, ER_4K, 2) },
261 { INFO_STACKED("mt25qu01g", 0x20bb21, 0x1040, 64 << 10, 2048, ER_4K, 2) },
262 { INFO_STACKED("mt25ql02g", 0x20ba22, 0x1040, 64 << 10, 4096, ER_4K | ER_32K, 2) },
263 { INFO_STACKED("mt25qu02g", 0x20bb22, 0x1040, 64 << 10, 4096, ER_4K | ER_32K, 2) },
264
265
266
267
268 { INFO("s25sl032p", 0x010215, 0x4d00, 64 << 10, 64, ER_4K) },
269 { INFO("s25sl064p", 0x010216, 0x4d00, 64 << 10, 128, ER_4K) },
270 { INFO("s25fl256s0", 0x010219, 0x4d00, 256 << 10, 128, 0) },
271 { INFO("s25fl256s1", 0x010219, 0x4d01, 64 << 10, 512, 0) },
272 { INFO6("s25fl512s", 0x010220, 0x4d0080, 256 << 10, 256, 0) },
273 { INFO6("s70fl01gs", 0x010221, 0x4d0080, 256 << 10, 512, 0) },
274 { INFO("s25sl12800", 0x012018, 0x0300, 256 << 10, 64, 0) },
275 { INFO("s25sl12801", 0x012018, 0x0301, 64 << 10, 256, 0) },
276 { INFO("s25fl129p0", 0x012018, 0x4d00, 256 << 10, 64, 0) },
277 { INFO("s25fl129p1", 0x012018, 0x4d01, 64 << 10, 256, 0) },
278 { INFO("s25sl004a", 0x010212, 0, 64 << 10, 8, 0) },
279 { INFO("s25sl008a", 0x010213, 0, 64 << 10, 16, 0) },
280 { INFO("s25sl016a", 0x010214, 0, 64 << 10, 32, 0) },
281 { INFO("s25sl032a", 0x010215, 0, 64 << 10, 64, 0) },
282 { INFO("s25sl064a", 0x010216, 0, 64 << 10, 128, 0) },
283 { INFO("s25fl016k", 0xef4015, 0, 64 << 10, 32, ER_4K | ER_32K) },
284 { INFO("s25fl064k", 0xef4017, 0, 64 << 10, 128, ER_4K | ER_32K) },
285
286
287 { INFO6("s25fs512s", 0x010220, 0x4d0081, 256 << 10, 256, 0) },
288 { INFO6("s70fs01gs", 0x010221, 0x4d0081, 256 << 10, 512, 0) },
289
290
291 { INFO("sst25vf040b", 0xbf258d, 0, 64 << 10, 8, ER_4K) },
292 { INFO("sst25vf080b", 0xbf258e, 0, 64 << 10, 16, ER_4K) },
293 { INFO("sst25vf016b", 0xbf2541, 0, 64 << 10, 32, ER_4K) },
294 { INFO("sst25vf032b", 0xbf254a, 0, 64 << 10, 64, ER_4K) },
295 { INFO("sst25wf512", 0xbf2501, 0, 64 << 10, 1, ER_4K) },
296 { INFO("sst25wf010", 0xbf2502, 0, 64 << 10, 2, ER_4K) },
297 { INFO("sst25wf020", 0xbf2503, 0, 64 << 10, 4, ER_4K) },
298 { INFO("sst25wf040", 0xbf2504, 0, 64 << 10, 8, ER_4K) },
299 { INFO("sst25wf080", 0xbf2505, 0, 64 << 10, 16, ER_4K) },
300
301
302 { INFO("m25p05", 0x202010, 0, 32 << 10, 2, 0) },
303 { INFO("m25p10", 0x202011, 0, 32 << 10, 4, 0) },
304 { INFO("m25p20", 0x202012, 0, 64 << 10, 4, 0) },
305 { INFO("m25p40", 0x202013, 0, 64 << 10, 8, 0) },
306 { INFO("m25p80", 0x202014, 0, 64 << 10, 16, 0) },
307 { INFO("m25p16", 0x202015, 0, 64 << 10, 32, 0) },
308 { INFO("m25p32", 0x202016, 0, 64 << 10, 64, 0) },
309 { INFO("m25p64", 0x202017, 0, 64 << 10, 128, 0) },
310 { INFO("m25p128", 0x202018, 0, 256 << 10, 64, 0) },
311 { INFO("n25q032", 0x20ba16, 0, 64 << 10, 64, 0) },
312
313 { INFO("m45pe10", 0x204011, 0, 64 << 10, 2, 0) },
314 { INFO("m45pe80", 0x204014, 0, 64 << 10, 16, 0) },
315 { INFO("m45pe16", 0x204015, 0, 64 << 10, 32, 0) },
316
317 { INFO("m25pe20", 0x208012, 0, 64 << 10, 4, 0) },
318 { INFO("m25pe80", 0x208014, 0, 64 << 10, 16, 0) },
319 { INFO("m25pe16", 0x208015, 0, 64 << 10, 32, ER_4K) },
320
321 { INFO("m25px32", 0x207116, 0, 64 << 10, 64, ER_4K) },
322 { INFO("m25px32-s0", 0x207316, 0, 64 << 10, 64, ER_4K) },
323 { INFO("m25px32-s1", 0x206316, 0, 64 << 10, 64, ER_4K) },
324 { INFO("m25px64", 0x207117, 0, 64 << 10, 128, 0) },
325
326
327 { INFO("w25x10", 0xef3011, 0, 64 << 10, 2, ER_4K) },
328 { INFO("w25x20", 0xef3012, 0, 64 << 10, 4, ER_4K) },
329 { INFO("w25x40", 0xef3013, 0, 64 << 10, 8, ER_4K) },
330 { INFO("w25x80", 0xef3014, 0, 64 << 10, 16, ER_4K) },
331 { INFO("w25x16", 0xef3015, 0, 64 << 10, 32, ER_4K) },
332 { INFO("w25x32", 0xef3016, 0, 64 << 10, 64, ER_4K) },
333 { INFO("w25q32", 0xef4016, 0, 64 << 10, 64, ER_4K) },
334 { INFO("w25q32dw", 0xef6016, 0, 64 << 10, 64, ER_4K) },
335 { INFO("w25x64", 0xef3017, 0, 64 << 10, 128, ER_4K) },
336 { INFO("w25q64", 0xef4017, 0, 64 << 10, 128, ER_4K) },
337 { INFO("w25q80", 0xef5014, 0, 64 << 10, 16, ER_4K) },
338 { INFO("w25q80bl", 0xef4014, 0, 64 << 10, 16, ER_4K) },
339 { INFO("w25q256", 0xef4019, 0, 64 << 10, 512, ER_4K) },
340 { INFO("w25q512jv", 0xef4020, 0, 64 << 10, 1024, ER_4K) },
341};
342
343typedef enum {
344 NOP = 0,
345 WRSR = 0x1,
346 WRDI = 0x4,
347 RDSR = 0x5,
348 WREN = 0x6,
349 BRRD = 0x16,
350 BRWR = 0x17,
351 JEDEC_READ = 0x9f,
352 BULK_ERASE_60 = 0x60,
353 BULK_ERASE = 0xc7,
354 READ_FSR = 0x70,
355 RDCR = 0x15,
356
357 READ = 0x03,
358 READ4 = 0x13,
359 FAST_READ = 0x0b,
360 FAST_READ4 = 0x0c,
361 DOR = 0x3b,
362 DOR4 = 0x3c,
363 QOR = 0x6b,
364 QOR4 = 0x6c,
365 DIOR = 0xbb,
366 DIOR4 = 0xbc,
367 QIOR = 0xeb,
368 QIOR4 = 0xec,
369
370 PP = 0x02,
371 PP4 = 0x12,
372 PP4_4 = 0x3e,
373 DPP = 0xa2,
374 QPP = 0x32,
375 QPP_4 = 0x34,
376 RDID_90 = 0x90,
377 RDID_AB = 0xab,
378 AAI_WP = 0xad,
379
380 ERASE_4K = 0x20,
381 ERASE4_4K = 0x21,
382 ERASE_32K = 0x52,
383 ERASE4_32K = 0x5c,
384 ERASE_SECTOR = 0xd8,
385 ERASE4_SECTOR = 0xdc,
386
387 EN_4BYTE_ADDR = 0xB7,
388 EX_4BYTE_ADDR = 0xE9,
389
390 EXTEND_ADDR_READ = 0xC8,
391 EXTEND_ADDR_WRITE = 0xC5,
392
393 RESET_ENABLE = 0x66,
394 RESET_MEMORY = 0x99,
395
396
397
398
399
400 RDCR_EQIO = 0x35,
401 RSTQIO = 0xf5,
402
403 RNVCR = 0xB5,
404 WNVCR = 0xB1,
405
406 RVCR = 0x85,
407 WVCR = 0x81,
408
409 REVCR = 0x65,
410 WEVCR = 0x61,
411
412 DIE_ERASE = 0xC4,
413} FlashCMD;
414
415typedef enum {
416 STATE_IDLE,
417 STATE_PAGE_PROGRAM,
418 STATE_READ,
419 STATE_COLLECTING_DATA,
420 STATE_COLLECTING_VAR_LEN_DATA,
421 STATE_READING_DATA,
422} CMDState;
423
424typedef enum {
425 MAN_SPANSION,
426 MAN_MACRONIX,
427 MAN_NUMONYX,
428 MAN_WINBOND,
429 MAN_SST,
430 MAN_ISSI,
431 MAN_GENERIC,
432} Manufacturer;
433
434typedef enum {
435 MODE_STD = 0,
436 MODE_DIO = 1,
437 MODE_QIO = 2
438} SPIMode;
439
440#define M25P80_INTERNAL_DATA_BUFFER_SZ 16
441
442struct Flash {
443 SSIPeripheral parent_obj;
444
445 BlockBackend *blk;
446
447 uint8_t *storage;
448 uint32_t size;
449 int page_size;
450
451 uint8_t state;
452 uint8_t data[M25P80_INTERNAL_DATA_BUFFER_SZ];
453 uint32_t len;
454 uint32_t pos;
455 bool data_read_loop;
456 uint8_t needed_bytes;
457 uint8_t cmd_in_progress;
458 uint32_t cur_addr;
459 uint32_t nonvolatile_cfg;
460
461 uint32_t volatile_cfg;
462 uint32_t enh_volatile_cfg;
463
464 uint8_t spansion_cr1nv;
465 uint8_t spansion_cr2nv;
466 uint8_t spansion_cr3nv;
467 uint8_t spansion_cr4nv;
468 uint8_t spansion_cr1v;
469 uint8_t spansion_cr2v;
470 uint8_t spansion_cr3v;
471 uint8_t spansion_cr4v;
472 bool write_enable;
473 bool four_bytes_address_mode;
474 bool reset_enable;
475 bool quad_enable;
476 bool aai_enable;
477 uint8_t ear;
478
479 int64_t dirty_page;
480
481 const FlashPartInfo *pi;
482
483};
484
485struct M25P80Class {
486 SSIPeripheralClass parent_class;
487 FlashPartInfo *pi;
488};
489
490#define TYPE_M25P80 "m25p80-generic"
491OBJECT_DECLARE_TYPE(Flash, M25P80Class, M25P80)
492
493static inline Manufacturer get_man(Flash *s)
494{
495 switch (s->pi->id[0]) {
496 case 0x20:
497 return MAN_NUMONYX;
498 case 0xEF:
499 return MAN_WINBOND;
500 case 0x01:
501 return MAN_SPANSION;
502 case 0xC2:
503 return MAN_MACRONIX;
504 case 0xBF:
505 return MAN_SST;
506 case 0x9D:
507 return MAN_ISSI;
508 default:
509 return MAN_GENERIC;
510 }
511}
512
513static void blk_sync_complete(void *opaque, int ret)
514{
515 QEMUIOVector *iov = opaque;
516
517 qemu_iovec_destroy(iov);
518 g_free(iov);
519
520
521
522
523}
524
525static void flash_sync_page(Flash *s, int page)
526{
527 QEMUIOVector *iov;
528
529 if (!s->blk || !blk_is_writable(s->blk)) {
530 return;
531 }
532
533 iov = g_new(QEMUIOVector, 1);
534 qemu_iovec_init(iov, 1);
535 qemu_iovec_add(iov, s->storage + page * s->pi->page_size,
536 s->pi->page_size);
537 blk_aio_pwritev(s->blk, page * s->pi->page_size, iov, 0,
538 blk_sync_complete, iov);
539}
540
541static inline void flash_sync_area(Flash *s, int64_t off, int64_t len)
542{
543 QEMUIOVector *iov;
544
545 if (!s->blk || !blk_is_writable(s->blk)) {
546 return;
547 }
548
549 assert(!(len % BDRV_SECTOR_SIZE));
550 iov = g_new(QEMUIOVector, 1);
551 qemu_iovec_init(iov, 1);
552 qemu_iovec_add(iov, s->storage + off, len);
553 blk_aio_pwritev(s->blk, off, iov, 0, blk_sync_complete, iov);
554}
555
556static void flash_erase(Flash *s, int offset, FlashCMD cmd)
557{
558 uint32_t len;
559 uint8_t capa_to_assert = 0;
560
561 switch (cmd) {
562 case ERASE_4K:
563 case ERASE4_4K:
564 len = 4 * KiB;
565 capa_to_assert = ER_4K;
566 break;
567 case ERASE_32K:
568 case ERASE4_32K:
569 len = 32 * KiB;
570 capa_to_assert = ER_32K;
571 break;
572 case ERASE_SECTOR:
573 case ERASE4_SECTOR:
574 len = s->pi->sector_size;
575 break;
576 case BULK_ERASE:
577 len = s->size;
578 break;
579 case DIE_ERASE:
580 if (s->pi->die_cnt) {
581 len = s->size / s->pi->die_cnt;
582 offset = offset & (~(len - 1));
583 } else {
584 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: die erase is not supported"
585 " by device\n");
586 return;
587 }
588 break;
589 default:
590 abort();
591 }
592
593 trace_m25p80_flash_erase(s, offset, len);
594
595 if ((s->pi->flags & capa_to_assert) != capa_to_assert) {
596 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: %d erase size not supported by"
597 " device\n", len);
598 }
599
600 if (!s->write_enable) {
601 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: erase with write protect!\n");
602 return;
603 }
604 memset(s->storage + offset, 0xff, len);
605 flash_sync_area(s, offset, len);
606}
607
608static inline void flash_sync_dirty(Flash *s, int64_t newpage)
609{
610 if (s->dirty_page >= 0 && s->dirty_page != newpage) {
611 flash_sync_page(s, s->dirty_page);
612 s->dirty_page = newpage;
613 }
614}
615
616static inline
617void flash_write8(Flash *s, uint32_t addr, uint8_t data)
618{
619 uint32_t page = addr / s->pi->page_size;
620 uint8_t prev = s->storage[s->cur_addr];
621
622 if (!s->write_enable) {
623 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: write with write protect!\n");
624 return;
625 }
626
627 if ((prev ^ data) & data) {
628 trace_m25p80_programming_zero_to_one(s, addr, prev, data);
629 }
630
631 if (s->pi->flags & EEPROM) {
632 s->storage[s->cur_addr] = data;
633 } else {
634 s->storage[s->cur_addr] &= data;
635 }
636
637 flash_sync_dirty(s, page);
638 s->dirty_page = page;
639}
640
641static inline int get_addr_length(Flash *s)
642{
643
644 if (s->pi->flags == EEPROM) {
645 return 2;
646 }
647
648 switch (s->cmd_in_progress) {
649 case PP4:
650 case PP4_4:
651 case QPP_4:
652 case READ4:
653 case QIOR4:
654 case ERASE4_4K:
655 case ERASE4_32K:
656 case ERASE4_SECTOR:
657 case FAST_READ4:
658 case DOR4:
659 case QOR4:
660 case DIOR4:
661 return 4;
662 default:
663 return s->four_bytes_address_mode ? 4 : 3;
664 }
665}
666
667static void complete_collecting_data(Flash *s)
668{
669 int i, n;
670
671 n = get_addr_length(s);
672 s->cur_addr = (n == 3 ? s->ear : 0);
673 for (i = 0; i < n; ++i) {
674 s->cur_addr <<= 8;
675 s->cur_addr |= s->data[i];
676 }
677
678 s->cur_addr &= s->size - 1;
679
680 s->state = STATE_IDLE;
681
682 trace_m25p80_complete_collecting(s, s->cmd_in_progress, n, s->ear,
683 s->cur_addr);
684
685 switch (s->cmd_in_progress) {
686 case DPP:
687 case QPP:
688 case QPP_4:
689 case PP:
690 case PP4:
691 case PP4_4:
692 s->state = STATE_PAGE_PROGRAM;
693 break;
694 case AAI_WP:
695
696 s->cur_addr &= ~BIT(0);
697 s->state = STATE_PAGE_PROGRAM;
698 break;
699 case READ:
700 case READ4:
701 case FAST_READ:
702 case FAST_READ4:
703 case DOR:
704 case DOR4:
705 case QOR:
706 case QOR4:
707 case DIOR:
708 case DIOR4:
709 case QIOR:
710 case QIOR4:
711 s->state = STATE_READ;
712 break;
713 case ERASE_4K:
714 case ERASE4_4K:
715 case ERASE_32K:
716 case ERASE4_32K:
717 case ERASE_SECTOR:
718 case ERASE4_SECTOR:
719 case DIE_ERASE:
720 flash_erase(s, s->cur_addr, s->cmd_in_progress);
721 break;
722 case WRSR:
723 switch (get_man(s)) {
724 case MAN_SPANSION:
725 s->quad_enable = !!(s->data[1] & 0x02);
726 break;
727 case MAN_ISSI:
728 s->quad_enable = extract32(s->data[0], 6, 1);
729 break;
730 case MAN_MACRONIX:
731 s->quad_enable = extract32(s->data[0], 6, 1);
732 if (s->len > 1) {
733 s->volatile_cfg = s->data[1];
734 s->four_bytes_address_mode = extract32(s->data[1], 5, 1);
735 }
736 break;
737 default:
738 break;
739 }
740 if (s->write_enable) {
741 s->write_enable = false;
742 }
743 break;
744 case BRWR:
745 case EXTEND_ADDR_WRITE:
746 s->ear = s->data[0];
747 break;
748 case WNVCR:
749 s->nonvolatile_cfg = s->data[0] | (s->data[1] << 8);
750 break;
751 case WVCR:
752 s->volatile_cfg = s->data[0];
753 break;
754 case WEVCR:
755 s->enh_volatile_cfg = s->data[0];
756 break;
757 case RDID_90:
758 case RDID_AB:
759 if (get_man(s) == MAN_SST) {
760 if (s->cur_addr <= 1) {
761 if (s->cur_addr) {
762 s->data[0] = s->pi->id[2];
763 s->data[1] = s->pi->id[0];
764 } else {
765 s->data[0] = s->pi->id[0];
766 s->data[1] = s->pi->id[2];
767 }
768 s->pos = 0;
769 s->len = 2;
770 s->data_read_loop = true;
771 s->state = STATE_READING_DATA;
772 } else {
773 qemu_log_mask(LOG_GUEST_ERROR,
774 "M25P80: Invalid read id address\n");
775 }
776 } else {
777 qemu_log_mask(LOG_GUEST_ERROR,
778 "M25P80: Read id (command 0x90/0xAB) is not supported"
779 " by device\n");
780 }
781 break;
782 default:
783 break;
784 }
785}
786
787static void reset_memory(Flash *s)
788{
789 s->cmd_in_progress = NOP;
790 s->cur_addr = 0;
791 s->ear = 0;
792 s->four_bytes_address_mode = false;
793 s->len = 0;
794 s->needed_bytes = 0;
795 s->pos = 0;
796 s->state = STATE_IDLE;
797 s->write_enable = false;
798 s->reset_enable = false;
799 s->quad_enable = false;
800 s->aai_enable = false;
801
802 switch (get_man(s)) {
803 case MAN_NUMONYX:
804 s->volatile_cfg = 0;
805 s->volatile_cfg |= VCFG_DUMMY;
806 s->volatile_cfg |= VCFG_WRAP_SEQUENTIAL;
807 if ((s->nonvolatile_cfg & NVCFG_XIP_MODE_MASK)
808 == NVCFG_XIP_MODE_DISABLED) {
809 s->volatile_cfg |= VCFG_XIP_MODE_DISABLED;
810 }
811 s->volatile_cfg |= deposit32(s->volatile_cfg,
812 VCFG_DUMMY_CLK_POS,
813 CFG_DUMMY_CLK_LEN,
814 extract32(s->nonvolatile_cfg,
815 NVCFG_DUMMY_CLK_POS,
816 CFG_DUMMY_CLK_LEN)
817 );
818
819 s->enh_volatile_cfg = 0;
820 s->enh_volatile_cfg |= EVCFG_OUT_DRIVER_STRENGTH_DEF;
821 s->enh_volatile_cfg |= EVCFG_VPP_ACCELERATOR;
822 s->enh_volatile_cfg |= EVCFG_RESET_HOLD_ENABLED;
823 if (s->nonvolatile_cfg & NVCFG_DUAL_IO_MASK) {
824 s->enh_volatile_cfg |= EVCFG_DUAL_IO_DISABLED;
825 }
826 if (s->nonvolatile_cfg & NVCFG_QUAD_IO_MASK) {
827 s->enh_volatile_cfg |= EVCFG_QUAD_IO_DISABLED;
828 }
829 if (!(s->nonvolatile_cfg & NVCFG_4BYTE_ADDR_MASK)) {
830 s->four_bytes_address_mode = true;
831 }
832 if (!(s->nonvolatile_cfg & NVCFG_LOWER_SEGMENT_MASK)) {
833 s->ear = s->size / MAX_3BYTES_SIZE - 1;
834 }
835 break;
836 case MAN_MACRONIX:
837 s->volatile_cfg = 0x7;
838 break;
839 case MAN_SPANSION:
840 s->spansion_cr1v = s->spansion_cr1nv;
841 s->spansion_cr2v = s->spansion_cr2nv;
842 s->spansion_cr3v = s->spansion_cr3nv;
843 s->spansion_cr4v = s->spansion_cr4nv;
844 s->quad_enable = extract32(s->spansion_cr1v,
845 SPANSION_QUAD_CFG_POS,
846 SPANSION_QUAD_CFG_LEN
847 );
848 s->four_bytes_address_mode = extract32(s->spansion_cr2v,
849 SPANSION_ADDR_LEN_POS,
850 SPANSION_ADDR_LEN_LEN
851 );
852 break;
853 default:
854 break;
855 }
856
857 trace_m25p80_reset_done(s);
858}
859
860static uint8_t numonyx_mode(Flash *s)
861{
862 if (!(s->enh_volatile_cfg & EVCFG_QUAD_IO_DISABLED)) {
863 return MODE_QIO;
864 } else if (!(s->enh_volatile_cfg & EVCFG_DUAL_IO_DISABLED)) {
865 return MODE_DIO;
866 } else {
867 return MODE_STD;
868 }
869}
870
871static uint8_t numonyx_extract_cfg_num_dummies(Flash *s)
872{
873 uint8_t num_dummies;
874 uint8_t mode;
875 assert(get_man(s) == MAN_NUMONYX);
876
877 mode = numonyx_mode(s);
878 num_dummies = extract32(s->volatile_cfg, 4, 4);
879
880 if (num_dummies == 0x0 || num_dummies == 0xf) {
881 switch (s->cmd_in_progress) {
882 case QIOR:
883 case QIOR4:
884 num_dummies = 10;
885 break;
886 default:
887 num_dummies = (mode == MODE_QIO) ? 10 : 8;
888 break;
889 }
890 }
891
892 return num_dummies;
893}
894
895static void decode_fast_read_cmd(Flash *s)
896{
897 s->needed_bytes = get_addr_length(s);
898 switch (get_man(s)) {
899
900 case MAN_SST:
901 s->needed_bytes += 1;
902 break;
903 case MAN_WINBOND:
904 s->needed_bytes += 8;
905 break;
906 case MAN_NUMONYX:
907 s->needed_bytes += numonyx_extract_cfg_num_dummies(s);
908 break;
909 case MAN_MACRONIX:
910 if (extract32(s->volatile_cfg, 6, 2) == 1) {
911 s->needed_bytes += 6;
912 } else {
913 s->needed_bytes += 8;
914 }
915 break;
916 case MAN_SPANSION:
917 s->needed_bytes += extract32(s->spansion_cr2v,
918 SPANSION_DUMMY_CLK_POS,
919 SPANSION_DUMMY_CLK_LEN
920 );
921 break;
922 case MAN_ISSI:
923
924
925
926
927
928
929
930
931
932
933 s->needed_bytes += 1;
934 break;
935 default:
936 break;
937 }
938 s->pos = 0;
939 s->len = 0;
940 s->state = STATE_COLLECTING_DATA;
941}
942
943static void decode_dio_read_cmd(Flash *s)
944{
945 s->needed_bytes = get_addr_length(s);
946
947 switch (get_man(s)) {
948 case MAN_WINBOND:
949 s->needed_bytes += WINBOND_CONTINUOUS_READ_MODE_CMD_LEN;
950 break;
951 case MAN_SPANSION:
952 s->needed_bytes += SPANSION_CONTINUOUS_READ_MODE_CMD_LEN;
953 s->needed_bytes += extract32(s->spansion_cr2v,
954 SPANSION_DUMMY_CLK_POS,
955 SPANSION_DUMMY_CLK_LEN
956 );
957 break;
958 case MAN_NUMONYX:
959 s->needed_bytes += numonyx_extract_cfg_num_dummies(s);
960 break;
961 case MAN_MACRONIX:
962 switch (extract32(s->volatile_cfg, 6, 2)) {
963 case 1:
964 s->needed_bytes += 6;
965 break;
966 case 2:
967 s->needed_bytes += 8;
968 break;
969 default:
970 s->needed_bytes += 4;
971 break;
972 }
973 break;
974 case MAN_ISSI:
975
976
977
978
979
980
981
982 s->needed_bytes += 1;
983 break;
984 default:
985 break;
986 }
987 s->pos = 0;
988 s->len = 0;
989 s->state = STATE_COLLECTING_DATA;
990}
991
992static void decode_qio_read_cmd(Flash *s)
993{
994 s->needed_bytes = get_addr_length(s);
995
996 switch (get_man(s)) {
997 case MAN_WINBOND:
998 s->needed_bytes += WINBOND_CONTINUOUS_READ_MODE_CMD_LEN;
999 s->needed_bytes += 4;
1000 break;
1001 case MAN_SPANSION:
1002 s->needed_bytes += SPANSION_CONTINUOUS_READ_MODE_CMD_LEN;
1003 s->needed_bytes += extract32(s->spansion_cr2v,
1004 SPANSION_DUMMY_CLK_POS,
1005 SPANSION_DUMMY_CLK_LEN
1006 );
1007 break;
1008 case MAN_NUMONYX:
1009 s->needed_bytes += numonyx_extract_cfg_num_dummies(s);
1010 break;
1011 case MAN_MACRONIX:
1012 switch (extract32(s->volatile_cfg, 6, 2)) {
1013 case 1:
1014 s->needed_bytes += 4;
1015 break;
1016 case 2:
1017 s->needed_bytes += 8;
1018 break;
1019 default:
1020 s->needed_bytes += 6;
1021 break;
1022 }
1023 break;
1024 case MAN_ISSI:
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035 s->needed_bytes += 3;
1036 break;
1037 default:
1038 break;
1039 }
1040 s->pos = 0;
1041 s->len = 0;
1042 s->state = STATE_COLLECTING_DATA;
1043}
1044
1045static bool is_valid_aai_cmd(uint32_t cmd)
1046{
1047 return cmd == AAI_WP || cmd == WRDI || cmd == RDSR;
1048}
1049
1050static void decode_new_cmd(Flash *s, uint32_t value)
1051{
1052 int i;
1053
1054 s->cmd_in_progress = value;
1055 trace_m25p80_command_decoded(s, value);
1056
1057 if (value != RESET_MEMORY) {
1058 s->reset_enable = false;
1059 }
1060
1061 if (get_man(s) == MAN_SST && s->aai_enable && !is_valid_aai_cmd(value)) {
1062 qemu_log_mask(LOG_GUEST_ERROR,
1063 "M25P80: Invalid cmd within AAI programming sequence");
1064 }
1065
1066 switch (value) {
1067
1068 case ERASE_4K:
1069 case ERASE4_4K:
1070 case ERASE_32K:
1071 case ERASE4_32K:
1072 case ERASE_SECTOR:
1073 case ERASE4_SECTOR:
1074 case PP:
1075 case PP4:
1076 case DIE_ERASE:
1077 case RDID_90:
1078 case RDID_AB:
1079 s->needed_bytes = get_addr_length(s);
1080 s->pos = 0;
1081 s->len = 0;
1082 s->state = STATE_COLLECTING_DATA;
1083 break;
1084 case READ:
1085 case READ4:
1086 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) == MODE_STD) {
1087 s->needed_bytes = get_addr_length(s);
1088 s->pos = 0;
1089 s->len = 0;
1090 s->state = STATE_COLLECTING_DATA;
1091 } else {
1092 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
1093 "DIO or QIO mode\n", s->cmd_in_progress);
1094 }
1095 break;
1096 case DPP:
1097 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_QIO) {
1098 s->needed_bytes = get_addr_length(s);
1099 s->pos = 0;
1100 s->len = 0;
1101 s->state = STATE_COLLECTING_DATA;
1102 } else {
1103 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
1104 "QIO mode\n", s->cmd_in_progress);
1105 }
1106 break;
1107 case QPP:
1108 case QPP_4:
1109 case PP4_4:
1110 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_DIO) {
1111 s->needed_bytes = get_addr_length(s);
1112 s->pos = 0;
1113 s->len = 0;
1114 s->state = STATE_COLLECTING_DATA;
1115 } else {
1116 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
1117 "DIO mode\n", s->cmd_in_progress);
1118 }
1119 break;
1120
1121 case FAST_READ:
1122 case FAST_READ4:
1123 decode_fast_read_cmd(s);
1124 break;
1125 case DOR:
1126 case DOR4:
1127 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_QIO) {
1128 decode_fast_read_cmd(s);
1129 } else {
1130 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
1131 "QIO mode\n", s->cmd_in_progress);
1132 }
1133 break;
1134 case QOR:
1135 case QOR4:
1136 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_DIO) {
1137 decode_fast_read_cmd(s);
1138 } else {
1139 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
1140 "DIO mode\n", s->cmd_in_progress);
1141 }
1142 break;
1143
1144 case DIOR:
1145 case DIOR4:
1146 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_QIO) {
1147 decode_dio_read_cmd(s);
1148 } else {
1149 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
1150 "QIO mode\n", s->cmd_in_progress);
1151 }
1152 break;
1153
1154 case QIOR:
1155 case QIOR4:
1156 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) != MODE_DIO) {
1157 decode_qio_read_cmd(s);
1158 } else {
1159 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute cmd %x in "
1160 "DIO mode\n", s->cmd_in_progress);
1161 }
1162 break;
1163
1164 case WRSR:
1165 if (s->write_enable) {
1166 switch (get_man(s)) {
1167 case MAN_SPANSION:
1168 s->needed_bytes = 2;
1169 s->state = STATE_COLLECTING_DATA;
1170 break;
1171 case MAN_MACRONIX:
1172 s->needed_bytes = 2;
1173 s->state = STATE_COLLECTING_VAR_LEN_DATA;
1174 break;
1175 default:
1176 s->needed_bytes = 1;
1177 s->state = STATE_COLLECTING_DATA;
1178 }
1179 s->pos = 0;
1180 }
1181 break;
1182
1183 case WRDI:
1184 s->write_enable = false;
1185 if (get_man(s) == MAN_SST) {
1186 s->aai_enable = false;
1187 }
1188 break;
1189 case WREN:
1190 s->write_enable = true;
1191 break;
1192
1193 case RDSR:
1194 s->data[0] = (!!s->write_enable) << 1;
1195 if (get_man(s) == MAN_MACRONIX || get_man(s) == MAN_ISSI) {
1196 s->data[0] |= (!!s->quad_enable) << 6;
1197 }
1198 if (get_man(s) == MAN_SST) {
1199 s->data[0] |= (!!s->aai_enable) << 6;
1200 }
1201
1202 s->pos = 0;
1203 s->len = 1;
1204 s->data_read_loop = true;
1205 s->state = STATE_READING_DATA;
1206 break;
1207
1208 case READ_FSR:
1209 s->data[0] = FSR_FLASH_READY;
1210 if (s->four_bytes_address_mode) {
1211 s->data[0] |= FSR_4BYTE_ADDR_MODE_ENABLED;
1212 }
1213 s->pos = 0;
1214 s->len = 1;
1215 s->data_read_loop = true;
1216 s->state = STATE_READING_DATA;
1217 break;
1218
1219 case JEDEC_READ:
1220 if (get_man(s) != MAN_NUMONYX || numonyx_mode(s) == MODE_STD) {
1221 trace_m25p80_populated_jedec(s);
1222 for (i = 0; i < s->pi->id_len; i++) {
1223 s->data[i] = s->pi->id[i];
1224 }
1225 for (; i < SPI_NOR_MAX_ID_LEN; i++) {
1226 s->data[i] = 0;
1227 }
1228
1229 s->len = SPI_NOR_MAX_ID_LEN;
1230 s->pos = 0;
1231 s->state = STATE_READING_DATA;
1232 } else {
1233 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Cannot execute JEDEC read "
1234 "in DIO or QIO mode\n");
1235 }
1236 break;
1237
1238 case RDCR:
1239 s->data[0] = s->volatile_cfg & 0xFF;
1240 s->data[0] |= (!!s->four_bytes_address_mode) << 5;
1241 s->pos = 0;
1242 s->len = 1;
1243 s->state = STATE_READING_DATA;
1244 break;
1245
1246 case BULK_ERASE_60:
1247 case BULK_ERASE:
1248 if (s->write_enable) {
1249 trace_m25p80_chip_erase(s);
1250 flash_erase(s, 0, BULK_ERASE);
1251 } else {
1252 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: chip erase with write "
1253 "protect!\n");
1254 }
1255 break;
1256 case NOP:
1257 break;
1258 case EN_4BYTE_ADDR:
1259 s->four_bytes_address_mode = true;
1260 break;
1261 case EX_4BYTE_ADDR:
1262 s->four_bytes_address_mode = false;
1263 break;
1264 case BRRD:
1265 case EXTEND_ADDR_READ:
1266 s->data[0] = s->ear;
1267 s->pos = 0;
1268 s->len = 1;
1269 s->state = STATE_READING_DATA;
1270 break;
1271 case BRWR:
1272 case EXTEND_ADDR_WRITE:
1273 if (s->write_enable) {
1274 s->needed_bytes = 1;
1275 s->pos = 0;
1276 s->len = 0;
1277 s->state = STATE_COLLECTING_DATA;
1278 }
1279 break;
1280 case RNVCR:
1281 s->data[0] = s->nonvolatile_cfg & 0xFF;
1282 s->data[1] = (s->nonvolatile_cfg >> 8) & 0xFF;
1283 s->pos = 0;
1284 s->len = 2;
1285 s->state = STATE_READING_DATA;
1286 break;
1287 case WNVCR:
1288 if (s->write_enable && get_man(s) == MAN_NUMONYX) {
1289 s->needed_bytes = 2;
1290 s->pos = 0;
1291 s->len = 0;
1292 s->state = STATE_COLLECTING_DATA;
1293 }
1294 break;
1295 case RVCR:
1296 s->data[0] = s->volatile_cfg & 0xFF;
1297 s->pos = 0;
1298 s->len = 1;
1299 s->state = STATE_READING_DATA;
1300 break;
1301 case WVCR:
1302 if (s->write_enable) {
1303 s->needed_bytes = 1;
1304 s->pos = 0;
1305 s->len = 0;
1306 s->state = STATE_COLLECTING_DATA;
1307 }
1308 break;
1309 case REVCR:
1310 s->data[0] = s->enh_volatile_cfg & 0xFF;
1311 s->pos = 0;
1312 s->len = 1;
1313 s->state = STATE_READING_DATA;
1314 break;
1315 case WEVCR:
1316 if (s->write_enable) {
1317 s->needed_bytes = 1;
1318 s->pos = 0;
1319 s->len = 0;
1320 s->state = STATE_COLLECTING_DATA;
1321 }
1322 break;
1323 case RESET_ENABLE:
1324 s->reset_enable = true;
1325 break;
1326 case RESET_MEMORY:
1327 if (s->reset_enable) {
1328 reset_memory(s);
1329 }
1330 break;
1331 case RDCR_EQIO:
1332 switch (get_man(s)) {
1333 case MAN_SPANSION:
1334 s->data[0] = (!!s->quad_enable) << 1;
1335 s->pos = 0;
1336 s->len = 1;
1337 s->state = STATE_READING_DATA;
1338 break;
1339 case MAN_MACRONIX:
1340 s->quad_enable = true;
1341 break;
1342 default:
1343 break;
1344 }
1345 break;
1346 case RSTQIO:
1347 s->quad_enable = false;
1348 break;
1349 case AAI_WP:
1350 if (get_man(s) == MAN_SST) {
1351 if (s->write_enable) {
1352 if (s->aai_enable) {
1353 s->state = STATE_PAGE_PROGRAM;
1354 } else {
1355 s->aai_enable = true;
1356 s->needed_bytes = get_addr_length(s);
1357 s->state = STATE_COLLECTING_DATA;
1358 }
1359 } else {
1360 qemu_log_mask(LOG_GUEST_ERROR,
1361 "M25P80: AAI_WP with write protect\n");
1362 }
1363 } else {
1364 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value);
1365 }
1366 break;
1367 default:
1368 s->pos = 0;
1369 s->len = 1;
1370 s->state = STATE_READING_DATA;
1371 s->data_read_loop = true;
1372 s->data[0] = 0;
1373 qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value);
1374 break;
1375 }
1376}
1377
1378static int m25p80_cs(SSIPeripheral *ss, bool select)
1379{
1380 Flash *s = M25P80(ss);
1381
1382 if (select) {
1383 if (s->state == STATE_COLLECTING_VAR_LEN_DATA) {
1384 complete_collecting_data(s);
1385 }
1386 s->len = 0;
1387 s->pos = 0;
1388 s->state = STATE_IDLE;
1389 flash_sync_dirty(s, -1);
1390 s->data_read_loop = false;
1391 }
1392
1393 trace_m25p80_select(s, select ? "de" : "");
1394
1395 return 0;
1396}
1397
1398static uint32_t m25p80_transfer8(SSIPeripheral *ss, uint32_t tx)
1399{
1400 Flash *s = M25P80(ss);
1401 uint32_t r = 0;
1402
1403 trace_m25p80_transfer(s, s->state, s->len, s->needed_bytes, s->pos,
1404 s->cur_addr, (uint8_t)tx);
1405
1406 switch (s->state) {
1407
1408 case STATE_PAGE_PROGRAM:
1409 trace_m25p80_page_program(s, s->cur_addr, (uint8_t)tx);
1410 flash_write8(s, s->cur_addr, (uint8_t)tx);
1411 s->cur_addr = (s->cur_addr + 1) & (s->size - 1);
1412
1413 if (get_man(s) == MAN_SST && s->aai_enable && s->cur_addr == 0) {
1414
1415
1416
1417
1418
1419 s->write_enable = false;
1420 s->aai_enable = false;
1421 }
1422
1423 break;
1424
1425 case STATE_READ:
1426 r = s->storage[s->cur_addr];
1427 trace_m25p80_read_byte(s, s->cur_addr, (uint8_t)r);
1428 s->cur_addr = (s->cur_addr + 1) & (s->size - 1);
1429 break;
1430
1431 case STATE_COLLECTING_DATA:
1432 case STATE_COLLECTING_VAR_LEN_DATA:
1433
1434 if (s->len >= M25P80_INTERNAL_DATA_BUFFER_SZ) {
1435 qemu_log_mask(LOG_GUEST_ERROR,
1436 "M25P80: Write overrun internal data buffer. "
1437 "SPI controller (QEMU emulator or guest driver) "
1438 "is misbehaving\n");
1439 s->len = s->pos = 0;
1440 s->state = STATE_IDLE;
1441 break;
1442 }
1443
1444 s->data[s->len] = (uint8_t)tx;
1445 s->len++;
1446
1447 if (s->len == s->needed_bytes) {
1448 complete_collecting_data(s);
1449 }
1450 break;
1451
1452 case STATE_READING_DATA:
1453
1454 if (s->pos >= M25P80_INTERNAL_DATA_BUFFER_SZ) {
1455 qemu_log_mask(LOG_GUEST_ERROR,
1456 "M25P80: Read overrun internal data buffer. "
1457 "SPI controller (QEMU emulator or guest driver) "
1458 "is misbehaving\n");
1459 s->len = s->pos = 0;
1460 s->state = STATE_IDLE;
1461 break;
1462 }
1463
1464 r = s->data[s->pos];
1465 trace_m25p80_read_data(s, s->pos, (uint8_t)r);
1466 s->pos++;
1467 if (s->pos == s->len) {
1468 s->pos = 0;
1469 if (!s->data_read_loop) {
1470 s->state = STATE_IDLE;
1471 }
1472 }
1473 break;
1474
1475 default:
1476 case STATE_IDLE:
1477 decode_new_cmd(s, (uint8_t)tx);
1478 break;
1479 }
1480
1481 return r;
1482}
1483
1484static void m25p80_realize(SSIPeripheral *ss, Error **errp)
1485{
1486 Flash *s = M25P80(ss);
1487 M25P80Class *mc = M25P80_GET_CLASS(s);
1488 int ret;
1489
1490 s->pi = mc->pi;
1491
1492 s->size = s->pi->sector_size * s->pi->n_sectors;
1493 s->dirty_page = -1;
1494
1495 if (s->blk) {
1496 uint64_t perm = BLK_PERM_CONSISTENT_READ |
1497 (blk_supports_write_perm(s->blk) ? BLK_PERM_WRITE : 0);
1498 ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp);
1499 if (ret < 0) {
1500 return;
1501 }
1502
1503 trace_m25p80_binding(s);
1504 s->storage = blk_blockalign(s->blk, s->size);
1505
1506 if (blk_pread(s->blk, 0, s->storage, s->size) != s->size) {
1507 error_setg(errp, "failed to read the initial flash content");
1508 return;
1509 }
1510 } else {
1511 trace_m25p80_binding_no_bdrv(s);
1512 s->storage = blk_blockalign(NULL, s->size);
1513 memset(s->storage, 0xFF, s->size);
1514 }
1515}
1516
1517static void m25p80_reset(DeviceState *d)
1518{
1519 Flash *s = M25P80(d);
1520
1521 reset_memory(s);
1522}
1523
1524static int m25p80_pre_save(void *opaque)
1525{
1526 flash_sync_dirty((Flash *)opaque, -1);
1527
1528 return 0;
1529}
1530
1531static Property m25p80_properties[] = {
1532
1533 DEFINE_PROP_UINT32("nonvolatile-cfg", Flash, nonvolatile_cfg, 0x8FFF),
1534 DEFINE_PROP_UINT8("spansion-cr1nv", Flash, spansion_cr1nv, 0x0),
1535 DEFINE_PROP_UINT8("spansion-cr2nv", Flash, spansion_cr2nv, 0x8),
1536 DEFINE_PROP_UINT8("spansion-cr3nv", Flash, spansion_cr3nv, 0x2),
1537 DEFINE_PROP_UINT8("spansion-cr4nv", Flash, spansion_cr4nv, 0x10),
1538 DEFINE_PROP_DRIVE("drive", Flash, blk),
1539 DEFINE_PROP_END_OF_LIST(),
1540};
1541
1542static int m25p80_pre_load(void *opaque)
1543{
1544 Flash *s = (Flash *)opaque;
1545
1546 s->data_read_loop = false;
1547 return 0;
1548}
1549
1550static bool m25p80_data_read_loop_needed(void *opaque)
1551{
1552 Flash *s = (Flash *)opaque;
1553
1554 return s->data_read_loop;
1555}
1556
1557static const VMStateDescription vmstate_m25p80_data_read_loop = {
1558 .name = "m25p80/data_read_loop",
1559 .version_id = 1,
1560 .minimum_version_id = 1,
1561 .needed = m25p80_data_read_loop_needed,
1562 .fields = (VMStateField[]) {
1563 VMSTATE_BOOL(data_read_loop, Flash),
1564 VMSTATE_END_OF_LIST()
1565 }
1566};
1567
1568static bool m25p80_aai_enable_needed(void *opaque)
1569{
1570 Flash *s = (Flash *)opaque;
1571
1572 return s->aai_enable;
1573}
1574
1575static const VMStateDescription vmstate_m25p80_aai_enable = {
1576 .name = "m25p80/aai_enable",
1577 .version_id = 1,
1578 .minimum_version_id = 1,
1579 .needed = m25p80_aai_enable_needed,
1580 .fields = (VMStateField[]) {
1581 VMSTATE_BOOL(aai_enable, Flash),
1582 VMSTATE_END_OF_LIST()
1583 }
1584};
1585
1586static const VMStateDescription vmstate_m25p80 = {
1587 .name = "m25p80",
1588 .version_id = 0,
1589 .minimum_version_id = 0,
1590 .pre_save = m25p80_pre_save,
1591 .pre_load = m25p80_pre_load,
1592 .fields = (VMStateField[]) {
1593 VMSTATE_UINT8(state, Flash),
1594 VMSTATE_UINT8_ARRAY(data, Flash, M25P80_INTERNAL_DATA_BUFFER_SZ),
1595 VMSTATE_UINT32(len, Flash),
1596 VMSTATE_UINT32(pos, Flash),
1597 VMSTATE_UINT8(needed_bytes, Flash),
1598 VMSTATE_UINT8(cmd_in_progress, Flash),
1599 VMSTATE_UINT32(cur_addr, Flash),
1600 VMSTATE_BOOL(write_enable, Flash),
1601 VMSTATE_BOOL(reset_enable, Flash),
1602 VMSTATE_UINT8(ear, Flash),
1603 VMSTATE_BOOL(four_bytes_address_mode, Flash),
1604 VMSTATE_UINT32(nonvolatile_cfg, Flash),
1605 VMSTATE_UINT32(volatile_cfg, Flash),
1606 VMSTATE_UINT32(enh_volatile_cfg, Flash),
1607 VMSTATE_BOOL(quad_enable, Flash),
1608 VMSTATE_UINT8(spansion_cr1nv, Flash),
1609 VMSTATE_UINT8(spansion_cr2nv, Flash),
1610 VMSTATE_UINT8(spansion_cr3nv, Flash),
1611 VMSTATE_UINT8(spansion_cr4nv, Flash),
1612 VMSTATE_END_OF_LIST()
1613 },
1614 .subsections = (const VMStateDescription * []) {
1615 &vmstate_m25p80_data_read_loop,
1616 &vmstate_m25p80_aai_enable,
1617 NULL
1618 }
1619};
1620
1621static void m25p80_class_init(ObjectClass *klass, void *data)
1622{
1623 DeviceClass *dc = DEVICE_CLASS(klass);
1624 SSIPeripheralClass *k = SSI_PERIPHERAL_CLASS(klass);
1625 M25P80Class *mc = M25P80_CLASS(klass);
1626
1627 k->realize = m25p80_realize;
1628 k->transfer = m25p80_transfer8;
1629 k->set_cs = m25p80_cs;
1630 k->cs_polarity = SSI_CS_LOW;
1631 dc->vmsd = &vmstate_m25p80;
1632 device_class_set_props(dc, m25p80_properties);
1633 dc->reset = m25p80_reset;
1634 mc->pi = data;
1635}
1636
1637static const TypeInfo m25p80_info = {
1638 .name = TYPE_M25P80,
1639 .parent = TYPE_SSI_PERIPHERAL,
1640 .instance_size = sizeof(Flash),
1641 .class_size = sizeof(M25P80Class),
1642 .abstract = true,
1643};
1644
1645static void m25p80_register_types(void)
1646{
1647 int i;
1648
1649 type_register_static(&m25p80_info);
1650 for (i = 0; i < ARRAY_SIZE(known_devices); ++i) {
1651 TypeInfo ti = {
1652 .name = known_devices[i].part_name,
1653 .parent = TYPE_M25P80,
1654 .class_init = m25p80_class_init,
1655 .class_data = (void *)&known_devices[i],
1656 };
1657 type_register(&ti);
1658 }
1659}
1660
1661type_init(m25p80_register_types)
1662
