1/*
2 * OneNAND flash memories emulation.
3 *
4 * Copyright (C) 2008 Nokia Corporation
5 * Written by Andrzej Zaborowski <andrew@openedhand.com>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License as
9 * published by the Free Software Foundation; either version 2 or
10 * (at your option) version 3 of the License.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21#include "qemu/osdep.h"
22#include "qapi/error.h"
23#include "hw/hw.h"
24#include "hw/block/flash.h"
25#include "hw/irq.h"
26#include "hw/qdev-properties.h"
27#include "sysemu/block-backend.h"
28#include "exec/memory.h"
29#include "hw/sysbus.h"
30#include "migration/vmstate.h"
31#include "qemu/error-report.h"
32#include "qemu/log.h"
33#include "qemu/module.h"
34
35/* 11 for 2kB-page OneNAND ("2nd generation") and 10 for 1kB-page chips */
36#define PAGE_SHIFT 11
37
38/* Fixed */
39#define BLOCK_SHIFT (PAGE_SHIFT + 6)
40
41#define TYPE_ONE_NAND "onenand"
42#define ONE_NAND(obj) OBJECT_CHECK(OneNANDState, (obj), TYPE_ONE_NAND)
43
44typedef struct OneNANDState {
45 SysBusDevice parent_obj;
46
47 struct {
48 uint16_t man;
49 uint16_t dev;
50 uint16_t ver;
51 } id;
52 int shift;
53 hwaddr base;
54 qemu_irq intr;
55 qemu_irq rdy;
56 BlockBackend *blk;
57 BlockBackend *blk_cur;
58 uint8_t *image;
59 uint8_t *otp;
60 uint8_t *current;
61 MemoryRegion ram;
62 MemoryRegion mapped_ram;
63 uint8_t current_direction;
64 uint8_t *boot[2];
65 uint8_t *data[2][2];
66 MemoryRegion iomem;
67 MemoryRegion container;
68 int cycle;
69 int otpmode;
70
71 uint16_t addr[8];
72 uint16_t unladdr[8];
73 int bufaddr;
74 int count;
75 uint16_t command;
76 uint16_t config[2];
77 uint16_t status;
78 uint16_t intstatus;
79 uint16_t wpstatus;
80
81 ECCState ecc;
82
83 int density_mask;
84 int secs;
85 int secs_cur;
86 int blocks;
87 uint8_t *blockwp;
88} OneNANDState;
89
90enum {
91 ONEN_BUF_BLOCK = 0,
92 ONEN_BUF_BLOCK2 = 1,
93 ONEN_BUF_DEST_BLOCK = 2,
94 ONEN_BUF_DEST_PAGE = 3,
95 ONEN_BUF_PAGE = 7,
96};
97
98enum {
99 ONEN_ERR_CMD = 1 << 10,
100 ONEN_ERR_ERASE = 1 << 11,
101 ONEN_ERR_PROG = 1 << 12,
102 ONEN_ERR_LOAD = 1 << 13,
103};
104
105enum {
106 ONEN_INT_RESET = 1 << 4,
107 ONEN_INT_ERASE = 1 << 5,
108 ONEN_INT_PROG = 1 << 6,
109 ONEN_INT_LOAD = 1 << 7,
110 ONEN_INT = 1 << 15,
111};
112
113enum {
114 ONEN_LOCK_LOCKTIGHTEN = 1 << 0,
115 ONEN_LOCK_LOCKED = 1 << 1,
116 ONEN_LOCK_UNLOCKED = 1 << 2,
117};
118
119static void onenand_mem_setup(OneNANDState *s)
120{
121 /* XXX: We should use IO_MEM_ROMD but we broke it earlier...
122 * Both 0x0000 ... 0x01ff and 0x8000 ... 0x800f can be used to
123 * write boot commands. Also take note of the BWPS bit. */
124 memory_region_init(&s->container, OBJECT(s), "onenand",
125 0x10000 << s->shift);
126 memory_region_add_subregion(&s->container, 0, &s->iomem);
127 memory_region_init_alias(&s->mapped_ram, OBJECT(s), "onenand-mapped-ram",
128 &s->ram, 0x0200 << s->shift,
129 0xbe00 << s->shift);
130 memory_region_add_subregion_overlap(&s->container,
131 0x0200 << s->shift,
132 &s->mapped_ram,
133 1);
134}
135
136static void onenand_intr_update(OneNANDState *s)
137{
138 qemu_set_irq(s->intr, ((s->intstatus >> 15) ^ (~s->config[0] >> 6)) & 1);
139}
140
141static int onenand_pre_save(void *opaque)
142{
143 OneNANDState *s = opaque;
144 if (s->current == s->otp) {
145 s->current_direction = 1;
146 } else if (s->current == s->image) {
147 s->current_direction = 2;
148 } else {
149 s->current_direction = 0;
150 }
151
152 return 0;
153}
154
155static int onenand_post_load(void *opaque, int version_id)
156{
157 OneNANDState *s = opaque;
158 switch (s->current_direction) {
159 case 0:
160 break;
161 case 1:
162 s->current = s->otp;
163 break;
164 case 2:
165 s->current = s->image;
166 break;
167 default:
168 return -1;
169 }
170 onenand_intr_update(s);
171 return 0;
172}
173
174static const VMStateDescription vmstate_onenand = {
175 .name = "onenand",
176 .version_id = 1,
177 .minimum_version_id = 1,
178 .pre_save = onenand_pre_save,
179 .post_load = onenand_post_load,
180 .fields = (VMStateField[]) {
181 VMSTATE_UINT8(current_direction, OneNANDState),
182 VMSTATE_INT32(cycle, OneNANDState),
183 VMSTATE_INT32(otpmode, OneNANDState),
184 VMSTATE_UINT16_ARRAY(addr, OneNANDState, 8),
185 VMSTATE_UINT16_ARRAY(unladdr, OneNANDState, 8),
186 VMSTATE_INT32(bufaddr, OneNANDState),
187 VMSTATE_INT32(count, OneNANDState),
188 VMSTATE_UINT16(command, OneNANDState),
189 VMSTATE_UINT16_ARRAY(config, OneNANDState, 2),
190 VMSTATE_UINT16(status, OneNANDState),
191 VMSTATE_UINT16(intstatus, OneNANDState),
192 VMSTATE_UINT16(wpstatus, OneNANDState),
193 VMSTATE_INT32(secs_cur, OneNANDState),
194 VMSTATE_PARTIAL_VBUFFER(blockwp, OneNANDState, blocks),
195 VMSTATE_UINT8(ecc.cp, OneNANDState),
196 VMSTATE_UINT16_ARRAY(ecc.lp, OneNANDState, 2),
197 VMSTATE_UINT16(ecc.count, OneNANDState),
198 VMSTATE_BUFFER_POINTER_UNSAFE(otp, OneNANDState, 0,
199 ((64 + 2) << PAGE_SHIFT)),
200 VMSTATE_END_OF_LIST()
201 }
202};
203
204/* Hot reset (Reset OneNAND command) or warm reset (RP pin low) */
205static void onenand_reset(OneNANDState *s, int cold)
206{
207 memset(&s->addr, 0, sizeof(s->addr));
208 s->command = 0;
209 s->count = 1;
210 s->bufaddr = 0;
211 s->config[0] = 0x40c0;
212 s->config[1] = 0x0000;
213 onenand_intr_update(s);
214 qemu_irq_raise(s->rdy);
215 s->status = 0x0000;
216 s->intstatus = cold ? 0x8080 : 0x8010;
217 s->unladdr[0] = 0;
218 s->unladdr[1] = 0;
219 s->wpstatus = 0x0002;
220 s->cycle = 0;
221 s->otpmode = 0;
222 s->blk_cur = s->blk;
223 s->current = s->image;
224 s->secs_cur = s->secs;
225
226 if (cold) {
227 /* Lock the whole flash */
228 memset(s->blockwp, ONEN_LOCK_LOCKED, s->blocks);
229
230 if (s->blk_cur && blk_pread(s->blk_cur, 0, s->boot[0],
231 8 << BDRV_SECTOR_BITS) < 0) {
232 hw_error("%s: Loading the BootRAM failed.\n", __func__);
233 }
234 }
235}
236
237static void onenand_system_reset(DeviceState *dev)
238{
239 OneNANDState *s = ONE_NAND(dev);
240
241 onenand_reset(s, 1);
242}
243
244static inline int onenand_load_main(OneNANDState *s, int sec, int secn,
245 void *dest)
246{
247 assert(UINT32_MAX >> BDRV_SECTOR_BITS > sec);
248 assert(UINT32_MAX >> BDRV_SECTOR_BITS > secn);
249 if (s->blk_cur) {
250 return blk_pread(s->blk_cur, sec << BDRV_SECTOR_BITS, dest,
251 secn << BDRV_SECTOR_BITS) < 0;
252 } else if (sec + secn > s->secs_cur) {
253 return 1;
254 }
255
256 memcpy(dest, s->current + (sec << 9), secn << 9);
257
258 return 0;
259}
260
261static inline int onenand_prog_main(OneNANDState *s, int sec, int secn,
262 void *src)
263{
264 int result = 0;
265
266 if (secn > 0) {
267 uint32_t size = secn << BDRV_SECTOR_BITS;
268 uint32_t offset = sec << BDRV_SECTOR_BITS;
269 assert(UINT32_MAX >> BDRV_SECTOR_BITS > sec);
270 assert(UINT32_MAX >> BDRV_SECTOR_BITS > secn);
271 const uint8_t *sp = (const uint8_t *)src;
272 uint8_t *dp = 0;
273 if (s->blk_cur) {
274 dp = g_malloc(size);
275 if (!dp || blk_pread(s->blk_cur, offset, dp, size) < 0) {
276 result = 1;
277 }
278 } else {
279 if (sec + secn > s->secs_cur) {
280 result = 1;
281 } else {
282 dp = (uint8_t *)s->current + offset;
283 }
284 }
285 if (!result) {
286 uint32_t i;
287 for (i = 0; i < size; i++) {
288 dp[i] &= sp[i];
289 }
290 if (s->blk_cur) {
291 result = blk_pwrite(s->blk_cur, offset, dp, size, 0) < 0;
292 }
293 }
294 if (dp && s->blk_cur) {
295 g_free(dp);
296 }
297 }
298
299 return result;
300}
301
302static inline int onenand_load_spare(OneNANDState *s, int sec, int secn,
303 void *dest)
304{
305 uint8_t buf[512];
306
307 if (s->blk_cur) {
308 uint32_t offset = (s->secs_cur + (sec >> 5)) << BDRV_SECTOR_BITS;
309 if (blk_pread(s->blk_cur, offset, buf, BDRV_SECTOR_SIZE) < 0) {
310 return 1;
311 }
312 memcpy(dest, buf + ((sec & 31) << 4), secn << 4);
313 } else if (sec + secn > s->secs_cur) {
314 return 1;
315 } else {
316 memcpy(dest, s->current + (s->secs_cur << 9) + (sec << 4), secn << 4);
317 }
318
319 return 0;
320}
321
322static inline int onenand_prog_spare(OneNANDState *s, int sec, int secn,
323 void *src)
324{
325 int result = 0;
326 if (secn > 0) {
327 const uint8_t *sp = (const uint8_t *)src;
328 uint8_t *dp = 0, *dpp = 0;
329 uint32_t offset = (s->secs_cur + (sec >> 5)) << BDRV_SECTOR_BITS;
330 assert(UINT32_MAX >> BDRV_SECTOR_BITS > s->secs_cur + (sec >> 5));
331 if (s->blk_cur) {
332 dp = g_malloc(512);
333 if (!dp
334 || blk_pread(s->blk_cur, offset, dp, BDRV_SECTOR_SIZE) < 0) {
335 result = 1;
336 } else {
337 dpp = dp + ((sec & 31) << 4);
338 }
339 } else {
340 if (sec + secn > s->secs_cur) {
341 result = 1;
342 } else {
343 dpp = s->current + (s->secs_cur << 9) + (sec << 4);
344 }
345 }
346 if (!result) {
347 uint32_t i;
348 for (i = 0; i < (secn << 4); i++) {
349 dpp[i] &= sp[i];
350 }
351 if (s->blk_cur) {
352 result = blk_pwrite(s->blk_cur, offset, dp,
353 BDRV_SECTOR_SIZE, 0) < 0;
354 }
355 }
356 g_free(dp);
357 }
358 return result;
359}
360
361static inline int onenand_erase(OneNANDState *s, int sec, int num)
362{
363 uint8_t *blankbuf, *tmpbuf;
364
365 blankbuf = g_malloc(512);
366 tmpbuf = g_malloc(512);
367 memset(blankbuf, 0xff, 512);
368 for (; num > 0; num--, sec++) {
369 if (s->blk_cur) {
370 int erasesec = s->secs_cur + (sec >> 5);
371 if (blk_pwrite(s->blk_cur, sec << BDRV_SECTOR_BITS, blankbuf,
372 BDRV_SECTOR_SIZE, 0) < 0) {
373 goto fail;
374 }
375 if (blk_pread(s->blk_cur, erasesec << BDRV_SECTOR_BITS, tmpbuf,
376 BDRV_SECTOR_SIZE) < 0) {
377 goto fail;
378 }
379 memcpy(tmpbuf + ((sec & 31) << 4), blankbuf, 1 << 4);
380 if (blk_pwrite(s->blk_cur, erasesec << BDRV_SECTOR_BITS, tmpbuf,
381 BDRV_SECTOR_SIZE, 0) < 0) {
382 goto fail;
383 }
384 } else {
385 if (sec + 1 > s->secs_cur) {
386 goto fail;
387 }
388 memcpy(s->current + (sec << 9), blankbuf, 512);
389 memcpy(s->current + (s->secs_cur << 9) + (sec << 4),
390 blankbuf, 1 << 4);
391 }
392 }
393
394 g_free(tmpbuf);
395 g_free(blankbuf);
396 return 0;
397
398fail:
399 g_free(tmpbuf);
400 g_free(blankbuf);
401 return 1;
402}
403
404static void onenand_command(OneNANDState *s)
405{
406 int b;
407 int sec;
408 void *buf;
409#define SETADDR(block, page) \
410 sec = (s->addr[page] & 3) + \
411 ((((s->addr[page] >> 2) & 0x3f) + \
412 (((s->addr[block] & 0xfff) | \
413 (s->addr[block] >> 15 ? \
414 s->density_mask : 0)) << 6)) << (PAGE_SHIFT - 9));
415#define SETBUF_M() \
416 buf = (s->bufaddr & 8) ? \
417 s->data[(s->bufaddr >> 2) & 1][0] : s->boot[0]; \
418 buf += (s->bufaddr & 3) << 9;
419#define SETBUF_S() \
420 buf = (s->bufaddr & 8) ? \
421 s->data[(s->bufaddr >> 2) & 1][1] : s->boot[1]; \
422 buf += (s->bufaddr & 3) << 4;
423
424 switch (s->command) {
425 case 0x00: /* Load single/multiple sector data unit into buffer */
426 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
427
428 SETBUF_M()
429 if (onenand_load_main(s, sec, s->count, buf))
430 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
431
432#if 0
433 SETBUF_S()
434 if (onenand_load_spare(s, sec, s->count, buf))
435 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
436#endif
437
438 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
439 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
440 * then we need two split the read/write into two chunks.
441 */
442 s->intstatus |= ONEN_INT | ONEN_INT_LOAD;
443 break;
444 case 0x13: /* Load single/multiple spare sector into buffer */
445 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
446
447 SETBUF_S()
448 if (onenand_load_spare(s, sec, s->count, buf))
449 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
450
451 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
452 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
453 * then we need two split the read/write into two chunks.
454 */
455 s->intstatus |= ONEN_INT | ONEN_INT_LOAD;
456 break;
457 case 0x80: /* Program single/multiple sector data unit from buffer */
458 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
459
460 SETBUF_M()
461 if (onenand_prog_main(s, sec, s->count, buf))
462 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
463
464#if 0
465 SETBUF_S()
466 if (onenand_prog_spare(s, sec, s->count, buf))
467 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
468#endif
469
470 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
471 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
472 * then we need two split the read/write into two chunks.
473 */
474 s->intstatus |= ONEN_INT | ONEN_INT_PROG;
475 break;
476 case 0x1a: /* Program single/multiple spare area sector from buffer */
477 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
478
479 SETBUF_S()
480 if (onenand_prog_spare(s, sec, s->count, buf))
481 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
482
483 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
484 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
485 * then we need two split the read/write into two chunks.
486 */
487 s->intstatus |= ONEN_INT | ONEN_INT_PROG;
488 break;
489 case 0x1b: /* Copy-back program */
490 SETBUF_S()
491
492 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
493 if (onenand_load_main(s, sec, s->count, buf))
494 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
495
496 SETADDR(ONEN_BUF_DEST_BLOCK, ONEN_BUF_DEST_PAGE)
497 if (onenand_prog_main(s, sec, s->count, buf))
498 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
499
500 /* TODO: spare areas */
501
502 s->intstatus |= ONEN_INT | ONEN_INT_PROG;
503 break;
504
505 case 0x23: /* Unlock NAND array block(s) */
506 s->intstatus |= ONEN_INT;
507
508 /* XXX the previous (?) area should be locked automatically */
509 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
510 if (b >= s->blocks) {
511 s->status |= ONEN_ERR_CMD;
512 break;
513 }
514 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
515 break;
516
517 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED;
518 }
519 break;
520 case 0x27: /* Unlock All NAND array blocks */
521 s->intstatus |= ONEN_INT;
522
523 for (b = 0; b < s->blocks; b ++) {
524 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
525 break;
526
527 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED;
528 }
529 break;
530
531 case 0x2a: /* Lock NAND array block(s) */
532 s->intstatus |= ONEN_INT;
533
534 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
535 if (b >= s->blocks) {
536 s->status |= ONEN_ERR_CMD;
537 break;
538 }
539 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
540 break;
541
542 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKED;
543 }
544 break;
545 case 0x2c: /* Lock-tight NAND array block(s) */
546 s->intstatus |= ONEN_INT;
547
548 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
549 if (b >= s->blocks) {
550 s->status |= ONEN_ERR_CMD;
551 break;
552 }
553 if (s->blockwp[b] == ONEN_LOCK_UNLOCKED)
554 continue;
555
556 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKTIGHTEN;
557 }
558 break;
559
560 case 0x71: /* Erase-Verify-Read */
561 s->intstatus |= ONEN_INT;
562 break;
563 case 0x95: /* Multi-block erase */
564 qemu_irq_pulse(s->intr);
565 /* Fall through. */
566 case 0x94: /* Block erase */
567 sec = ((s->addr[ONEN_BUF_BLOCK] & 0xfff) |
568 (s->addr[ONEN_BUF_BLOCK] >> 15 ? s->density_mask : 0))
569 << (BLOCK_SHIFT - 9);
570 if (onenand_erase(s, sec, 1 << (BLOCK_SHIFT - 9)))
571 s->status |= ONEN_ERR_CMD | ONEN_ERR_ERASE;
572
573 s->intstatus |= ONEN_INT | ONEN_INT_ERASE;
574 break;
575 case 0xb0: /* Erase suspend */
576 break;
577 case 0x30: /* Erase resume */
578 s->intstatus |= ONEN_INT | ONEN_INT_ERASE;
579 break;
580
581 case 0xf0: /* Reset NAND Flash core */
582 onenand_reset(s, 0);
583 break;
584 case 0xf3: /* Reset OneNAND */
585 onenand_reset(s, 0);
586 break;
587
588 case 0x65: /* OTP Access */
589 s->intstatus |= ONEN_INT;
590 s->blk_cur = NULL;
591 s->current = s->otp;
592 s->secs_cur = 1 << (BLOCK_SHIFT - 9);
593 s->addr[ONEN_BUF_BLOCK] = 0;
594 s->otpmode = 1;
595 break;
596
597 default:
598 s->status |= ONEN_ERR_CMD;
599 s->intstatus |= ONEN_INT;
600 qemu_log_mask(LOG_GUEST_ERROR, "unknown OneNAND command %x\n",
601 s->command);
602 }
603
604 onenand_intr_update(s);
605}
606
607static uint64_t onenand_read(void *opaque, hwaddr addr,
608 unsigned size)
609{
610 OneNANDState *s = (OneNANDState *) opaque;
611 int offset = addr >> s->shift;
612
613 switch (offset) {
614 case 0x0000 ... 0xbffe:
615 return lduw_le_p(s->boot[0] + addr);
616
617 case 0xf000: /* Manufacturer ID */
618 return s->id.man;
619 case 0xf001: /* Device ID */
620 return s->id.dev;
621 case 0xf002: /* Version ID */
622 return s->id.ver;
623 /* TODO: get the following values from a real chip! */
624 case 0xf003: /* Data Buffer size */
625 return 1 << PAGE_SHIFT;
626 case 0xf004: /* Boot Buffer size */
627 return 0x200;
628 case 0xf005: /* Amount of buffers */
629 return 1 | (2 << 8);
630 case 0xf006: /* Technology */
631 return 0;
632
633 case 0xf100 ... 0xf107: /* Start addresses */
634 return s->addr[offset - 0xf100];
635
636 case 0xf200: /* Start buffer */
637 return (s->bufaddr << 8) | ((s->count - 1) & (1 << (PAGE_SHIFT - 10)));
638
639 case 0xf220: /* Command */
640 return s->command;
641 case 0xf221: /* System Configuration 1 */
642 return s->config[0] & 0xffe0;
643 case 0xf222: /* System Configuration 2 */
644 return s->config[1];
645
646 case 0xf240: /* Controller Status */
647 return s->status;
648 case 0xf241: /* Interrupt */
649 return s->intstatus;
650 case 0xf24c: /* Unlock Start Block Address */
651 return s->unladdr[0];
652 case 0xf24d: /* Unlock End Block Address */
653 return s->unladdr[1];
654 case 0xf24e: /* Write Protection Status */
655 return s->wpstatus;
656
657 case 0xff00: /* ECC Status */
658 return 0x00;
659 case 0xff01: /* ECC Result of main area data */
660 case 0xff02: /* ECC Result of spare area data */
661 case 0xff03: /* ECC Result of main area data */
662 case 0xff04: /* ECC Result of spare area data */
663 qemu_log_mask(LOG_UNIMP,
664 "onenand: ECC result registers unimplemented\n");
665 return 0x0000;
666 }
667
668 qemu_log_mask(LOG_GUEST_ERROR, "read of unknown OneNAND register 0x%x\n",
669 offset);
670 return 0;
671}
672
673static void onenand_write(void *opaque, hwaddr addr,
674 uint64_t value, unsigned size)
675{
676 OneNANDState *s = (OneNANDState *) opaque;
677 int offset = addr >> s->shift;
678 int sec;
679
680 switch (offset) {
681 case 0x0000 ... 0x01ff:
682 case 0x8000 ... 0x800f:
683 if (s->cycle) {
684 s->cycle = 0;
685
686 if (value == 0x0000) {
687 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
688 onenand_load_main(s, sec,
689 1 << (PAGE_SHIFT - 9), s->data[0][0]);
690 s->addr[ONEN_BUF_PAGE] += 4;
691 s->addr[ONEN_BUF_PAGE] &= 0xff;
692 }
693 break;
694 }
695
696 switch (value) {
697 case 0x00f0: /* Reset OneNAND */
698 onenand_reset(s, 0);
699 break;
700
701 case 0x00e0: /* Load Data into Buffer */
702 s->cycle = 1;
703 break;
704
705 case 0x0090: /* Read Identification Data */
706 memset(s->boot[0], 0, 3 << s->shift);
707 s->boot[0][0 << s->shift] = s->id.man & 0xff;
708 s->boot[0][1 << s->shift] = s->id.dev & 0xff;
709 s->boot[0][2 << s->shift] = s->wpstatus & 0xff;
710 break;
711
712 default:
713 qemu_log_mask(LOG_GUEST_ERROR,
714 "unknown OneNAND boot command %" PRIx64 "\n",
715 value);
716 }
717 break;
718
719 case 0xf100 ... 0xf107: /* Start addresses */
720 s->addr[offset - 0xf100] = value;
721 break;
722
723 case 0xf200: /* Start buffer */
724 s->bufaddr = (value >> 8) & 0xf;
725 if (PAGE_SHIFT == 11)
726 s->count = (value & 3) ?: 4;
727 else if (PAGE_SHIFT == 10)
728 s->count = (value & 1) ?: 2;
729 break;
730
731 case 0xf220: /* Command */
732 if (s->intstatus & (1 << 15))
733 break;
734 s->command = value;
735 onenand_command(s);
736 break;
737 case 0xf221: /* System Configuration 1 */
738 s->config[0] = value;
739 onenand_intr_update(s);
740 qemu_set_irq(s->rdy, (s->config[0] >> 7) & 1);
741 break;
742 case 0xf222: /* System Configuration 2 */
743 s->config[1] = value;
744 break;
745
746 case 0xf241: /* Interrupt */
747 s->intstatus &= value;
748 if ((1 << 15) & ~s->intstatus)
749 s->status &= ~(ONEN_ERR_CMD | ONEN_ERR_ERASE |
750 ONEN_ERR_PROG | ONEN_ERR_LOAD);
751 onenand_intr_update(s);
752 break;
753 case 0xf24c: /* Unlock Start Block Address */
754 s->unladdr[0] = value & (s->blocks - 1);
755 /* For some reason we have to set the end address to by default
756 * be same as start because the software forgets to write anything
757 * in there. */
758 s->unladdr[1] = value & (s->blocks - 1);
759 break;
760 case 0xf24d: /* Unlock End Block Address */
761 s->unladdr[1] = value & (s->blocks - 1);
762 break;
763
764 default:
765 qemu_log_mask(LOG_GUEST_ERROR,
766 "write to unknown OneNAND register 0x%x\n",
767 offset);
768 }
769}
770
771static const MemoryRegionOps onenand_ops = {
772 .read = onenand_read,
773 .write = onenand_write,
774 .endianness = DEVICE_NATIVE_ENDIAN,
775};
776
777static void onenand_realize(DeviceState *dev, Error **errp)
778{
779 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
780 OneNANDState *s = ONE_NAND(dev);
781 uint32_t size = 1 << (24 + ((s->id.dev >> 4) & 7));
782 void *ram;
783 Error *local_err = NULL;
784
785 s->base = (hwaddr)-1;
786 s->rdy = NULL;
787 s->blocks = size >> BLOCK_SHIFT;
788 s->secs = size >> 9;
789 s->blockwp = g_malloc(s->blocks);
790 s->density_mask = (s->id.dev & 0x08)
791 ? (1 << (6 + ((s->id.dev >> 4) & 7))) : 0;
792 memory_region_init_io(&s->iomem, OBJECT(s), &onenand_ops, s, "onenand",
793 0x10000 << s->shift);
794 if (!s->blk) {
795 s->image = memset(g_malloc(size + (size >> 5)),
796 0xff, size + (size >> 5));
797 } else {
798 if (blk_is_read_only(s->blk)) {
799 error_setg(errp, "Can't use a read-only drive");
800 return;
801 }
802 blk_set_perm(s->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
803 BLK_PERM_ALL, &local_err);
804 if (local_err) {
805 error_propagate(errp, local_err);
806 return;
807 }
808 s->blk_cur = s->blk;
809 }
810 s->otp = memset(g_malloc((64 + 2) << PAGE_SHIFT),
811 0xff, (64 + 2) << PAGE_SHIFT);
812 memory_region_init_ram_nomigrate(&s->ram, OBJECT(s), "onenand.ram",
813 0xc000 << s->shift, &error_fatal);
814 vmstate_register_ram_global(&s->ram);
815 ram = memory_region_get_ram_ptr(&s->ram);
816 s->boot[0] = ram + (0x0000 << s->shift);
817 s->boot[1] = ram + (0x8000 << s->shift);
818 s->data[0][0] = ram + ((0x0200 + (0 << (PAGE_SHIFT - 1))) << s->shift);
819 s->data[0][1] = ram + ((0x8010 + (0 << (PAGE_SHIFT - 6))) << s->shift);
820 s->data[1][0] = ram + ((0x0200 + (1 << (PAGE_SHIFT - 1))) << s->shift);
821 s->data[1][1] = ram + ((0x8010 + (1 << (PAGE_SHIFT - 6))) << s->shift);
822 onenand_mem_setup(s);
823 sysbus_init_irq(sbd, &s->intr);
824 sysbus_init_mmio(sbd, &s->container);
825 vmstate_register(dev,
826 ((s->shift & 0x7f) << 24)
827 | ((s->id.man & 0xff) << 16)
828 | ((s->id.dev & 0xff) << 8)
829 | (s->id.ver & 0xff),
830 &vmstate_onenand, s);
831}
832
833static Property onenand_properties[] = {
834 DEFINE_PROP_UINT16("manufacturer_id", OneNANDState, id.man, 0),
835 DEFINE_PROP_UINT16("device_id", OneNANDState, id.dev, 0),
836 DEFINE_PROP_UINT16("version_id", OneNANDState, id.ver, 0),
837 DEFINE_PROP_INT32("shift", OneNANDState, shift, 0),
838 DEFINE_PROP_DRIVE("drive", OneNANDState, blk),
839 DEFINE_PROP_END_OF_LIST(),
840};
841
842static void onenand_class_init(ObjectClass *klass, void *data)
843{
844 DeviceClass *dc = DEVICE_CLASS(klass);
845
846 dc->realize = onenand_realize;
847 dc->reset = onenand_system_reset;
848 dc->props = onenand_properties;
849}
850
851static const TypeInfo onenand_info = {
852 .name = TYPE_ONE_NAND,
853 .parent = TYPE_SYS_BUS_DEVICE,
854 .instance_size = sizeof(OneNANDState),
855 .class_init = onenand_class_init,
856};
857
858static void onenand_register_types(void)
859{
860 type_register_static(&onenand_info);
861}
862
863void *onenand_raw_otp(DeviceState *onenand_device)
864{
865 OneNANDState *s = ONE_NAND(onenand_device);
866
867 return s->otp;
868}
869
870type_init(onenand_register_types)
871