149ab747fSPaolo Bonzini /* 249ab747fSPaolo Bonzini * CFI parallel flash with AMD command set emulation 349ab747fSPaolo Bonzini * 449ab747fSPaolo Bonzini * Copyright (c) 2005 Jocelyn Mayer 549ab747fSPaolo Bonzini * 649ab747fSPaolo Bonzini * This library is free software; you can redistribute it and/or 749ab747fSPaolo Bonzini * modify it under the terms of the GNU Lesser General Public 849ab747fSPaolo Bonzini * License as published by the Free Software Foundation; either 949ab747fSPaolo Bonzini * version 2 of the License, or (at your option) any later version. 1049ab747fSPaolo Bonzini * 1149ab747fSPaolo Bonzini * This library is distributed in the hope that it will be useful, 1249ab747fSPaolo Bonzini * but WITHOUT ANY WARRANTY; without even the implied warranty of 1349ab747fSPaolo Bonzini * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 1449ab747fSPaolo Bonzini * Lesser General Public License for more details. 1549ab747fSPaolo Bonzini * 1649ab747fSPaolo Bonzini * You should have received a copy of the GNU Lesser General Public 1749ab747fSPaolo Bonzini * License along with this library; if not, see <http://www.gnu.org/licenses/>. 1849ab747fSPaolo Bonzini */ 1949ab747fSPaolo Bonzini 2049ab747fSPaolo Bonzini /* 2149ab747fSPaolo Bonzini * For now, this code can emulate flashes of 1, 2 or 4 bytes width. 2249ab747fSPaolo Bonzini * Supported commands/modes are: 2349ab747fSPaolo Bonzini * - flash read 2449ab747fSPaolo Bonzini * - flash write 2549ab747fSPaolo Bonzini * - flash ID read 2649ab747fSPaolo Bonzini * - sector erase 2749ab747fSPaolo Bonzini * - chip erase 2849ab747fSPaolo Bonzini * - unlock bypass command 2949ab747fSPaolo Bonzini * - CFI queries 3049ab747fSPaolo Bonzini * 3149ab747fSPaolo Bonzini * It does not support flash interleaving. 3249ab747fSPaolo Bonzini * It does not implement software data protection as found in many real chips 3349ab747fSPaolo Bonzini */ 3449ab747fSPaolo Bonzini 3580c71a24SPeter Maydell #include "qemu/osdep.h" 3649ab747fSPaolo Bonzini #include "hw/hw.h" 3706f15217SMarkus Armbruster #include "hw/block/block.h" 3849ab747fSPaolo Bonzini #include "hw/block/flash.h" 39da34e65cSMarkus Armbruster #include "qapi/error.h" 40*ddb6f225SStephen Checkoway #include "qemu/bitmap.h" 4149ab747fSPaolo Bonzini #include "qemu/timer.h" 424be74634SMarkus Armbruster #include "sysemu/block-backend.h" 4349ab747fSPaolo Bonzini #include "qemu/host-utils.h" 440b8fa32fSMarkus Armbruster #include "qemu/module.h" 4549ab747fSPaolo Bonzini #include "hw/sysbus.h" 4613019f1fSPhilippe Mathieu-Daudé #include "trace.h" 4749ab747fSPaolo Bonzini 486536987fSPhilippe Mathieu-Daudé #define PFLASH_DEBUG false 4949ab747fSPaolo Bonzini #define DPRINTF(fmt, ...) \ 5049ab747fSPaolo Bonzini do { \ 516536987fSPhilippe Mathieu-Daudé if (PFLASH_DEBUG) { \ 5256f99ea1SAntony Pavlov fprintf(stderr, "PFLASH: " fmt, ## __VA_ARGS__); \ 536536987fSPhilippe Mathieu-Daudé } \ 5449ab747fSPaolo Bonzini } while (0) 5549ab747fSPaolo Bonzini 5649ab747fSPaolo Bonzini #define PFLASH_LAZY_ROMD_THRESHOLD 42 5749ab747fSPaolo Bonzini 5864659053SStephen Checkoway /* 5964659053SStephen Checkoway * The size of the cfi_table indirectly depends on this and the start of the 6064659053SStephen Checkoway * PRI table directly depends on it. 4 is the maximum size (and also what 6164659053SStephen Checkoway * seems common) without changing the PRT table address. 6264659053SStephen Checkoway */ 6364659053SStephen Checkoway #define PFLASH_MAX_ERASE_REGIONS 4 6464659053SStephen Checkoway 65aeaf6c20SPhilippe Mathieu-Daudé /* Special write cycles for CFI queries. */ 66aeaf6c20SPhilippe Mathieu-Daudé enum { 67aeaf6c20SPhilippe Mathieu-Daudé WCYCLE_CFI = 7, 6846fb7809SStephen Checkoway WCYCLE_AUTOSELECT_CFI = 8, 69aeaf6c20SPhilippe Mathieu-Daudé }; 70aeaf6c20SPhilippe Mathieu-Daudé 7116434065SMarkus Armbruster struct PFlashCFI02 { 723509c396SHu Tao /*< private >*/ 733509c396SHu Tao SysBusDevice parent_obj; 743509c396SHu Tao /*< public >*/ 753509c396SHu Tao 764be74634SMarkus Armbruster BlockBackend *blk; 7764659053SStephen Checkoway uint32_t uniform_nb_blocs; 7864659053SStephen Checkoway uint32_t uniform_sector_len; 79*ddb6f225SStephen Checkoway uint32_t total_sectors; 8064659053SStephen Checkoway uint32_t nb_blocs[PFLASH_MAX_ERASE_REGIONS]; 8164659053SStephen Checkoway uint32_t sector_len[PFLASH_MAX_ERASE_REGIONS]; 8249ab747fSPaolo Bonzini uint32_t chip_len; 8349ab747fSPaolo Bonzini uint8_t mappings; 8449ab747fSPaolo Bonzini uint8_t width; 8549ab747fSPaolo Bonzini uint8_t be; 8649ab747fSPaolo Bonzini int wcycle; /* if 0, the flash is read normally */ 8749ab747fSPaolo Bonzini int bypass; 8849ab747fSPaolo Bonzini int ro; 8949ab747fSPaolo Bonzini uint8_t cmd; 9049ab747fSPaolo Bonzini uint8_t status; 9149ab747fSPaolo Bonzini /* FIXME: implement array device properties */ 9249ab747fSPaolo Bonzini uint16_t ident0; 9349ab747fSPaolo Bonzini uint16_t ident1; 9449ab747fSPaolo Bonzini uint16_t ident2; 9549ab747fSPaolo Bonzini uint16_t ident3; 9649ab747fSPaolo Bonzini uint16_t unlock_addr0; 9749ab747fSPaolo Bonzini uint16_t unlock_addr1; 9864659053SStephen Checkoway uint8_t cfi_table[0x4d]; 99d80cf1ebSStephen Checkoway QEMUTimer timer; 10049ab747fSPaolo Bonzini /* The device replicates the flash memory across its memory space. Emulate 10149ab747fSPaolo Bonzini * that by having a container (.mem) filled with an array of aliases 10249ab747fSPaolo Bonzini * (.mem_mappings) pointing to the flash memory (.orig_mem). 10349ab747fSPaolo Bonzini */ 10449ab747fSPaolo Bonzini MemoryRegion mem; 10549ab747fSPaolo Bonzini MemoryRegion *mem_mappings; /* array; one per mapping */ 10649ab747fSPaolo Bonzini MemoryRegion orig_mem; 10749ab747fSPaolo Bonzini int rom_mode; 10849ab747fSPaolo Bonzini int read_counter; /* used for lazy switch-back to rom mode */ 109a50547acSStephen Checkoway int sectors_to_erase; 110*ddb6f225SStephen Checkoway uint64_t erase_time_remaining; 111*ddb6f225SStephen Checkoway unsigned long *sector_erase_map; 11249ab747fSPaolo Bonzini char *name; 11349ab747fSPaolo Bonzini void *storage; 11449ab747fSPaolo Bonzini }; 11549ab747fSPaolo Bonzini 11649ab747fSPaolo Bonzini /* 1171d311e73SPhilippe Mathieu-Daudé * Toggle status bit DQ7. 1181d311e73SPhilippe Mathieu-Daudé */ 1191d311e73SPhilippe Mathieu-Daudé static inline void toggle_dq7(PFlashCFI02 *pfl) 1201d311e73SPhilippe Mathieu-Daudé { 1211d311e73SPhilippe Mathieu-Daudé pfl->status ^= 0x80; 1221d311e73SPhilippe Mathieu-Daudé } 1231d311e73SPhilippe Mathieu-Daudé 1241d311e73SPhilippe Mathieu-Daudé /* 1251d311e73SPhilippe Mathieu-Daudé * Set status bit DQ7 to bit 7 of value. 1261d311e73SPhilippe Mathieu-Daudé */ 1271d311e73SPhilippe Mathieu-Daudé static inline void set_dq7(PFlashCFI02 *pfl, uint8_t value) 1281d311e73SPhilippe Mathieu-Daudé { 1291d311e73SPhilippe Mathieu-Daudé pfl->status &= 0x7F; 1301d311e73SPhilippe Mathieu-Daudé pfl->status |= value & 0x80; 1311d311e73SPhilippe Mathieu-Daudé } 1321d311e73SPhilippe Mathieu-Daudé 1331d311e73SPhilippe Mathieu-Daudé /* 1341d311e73SPhilippe Mathieu-Daudé * Toggle status bit DQ6. 1351d311e73SPhilippe Mathieu-Daudé */ 1361d311e73SPhilippe Mathieu-Daudé static inline void toggle_dq6(PFlashCFI02 *pfl) 1371d311e73SPhilippe Mathieu-Daudé { 1381d311e73SPhilippe Mathieu-Daudé pfl->status ^= 0x40; 1391d311e73SPhilippe Mathieu-Daudé } 1401d311e73SPhilippe Mathieu-Daudé 1411d311e73SPhilippe Mathieu-Daudé /* 142a50547acSStephen Checkoway * Turn on DQ3. 143a50547acSStephen Checkoway */ 144a50547acSStephen Checkoway static inline void assert_dq3(PFlashCFI02 *pfl) 145a50547acSStephen Checkoway { 146a50547acSStephen Checkoway pfl->status |= 0x08; 147a50547acSStephen Checkoway } 148a50547acSStephen Checkoway 149a50547acSStephen Checkoway /* 150a50547acSStephen Checkoway * Turn off DQ3. 151a50547acSStephen Checkoway */ 152a50547acSStephen Checkoway static inline void reset_dq3(PFlashCFI02 *pfl) 153a50547acSStephen Checkoway { 154a50547acSStephen Checkoway pfl->status &= ~0x08; 155a50547acSStephen Checkoway } 156a50547acSStephen Checkoway 157a50547acSStephen Checkoway /* 158*ddb6f225SStephen Checkoway * Toggle status bit DQ2. 159*ddb6f225SStephen Checkoway */ 160*ddb6f225SStephen Checkoway static inline void toggle_dq2(PFlashCFI02 *pfl) 161*ddb6f225SStephen Checkoway { 162*ddb6f225SStephen Checkoway pfl->status ^= 0x04; 163*ddb6f225SStephen Checkoway } 164*ddb6f225SStephen Checkoway 165*ddb6f225SStephen Checkoway /* 16649ab747fSPaolo Bonzini * Set up replicated mappings of the same region. 16749ab747fSPaolo Bonzini */ 16816434065SMarkus Armbruster static void pflash_setup_mappings(PFlashCFI02 *pfl) 16949ab747fSPaolo Bonzini { 17049ab747fSPaolo Bonzini unsigned i; 17149ab747fSPaolo Bonzini hwaddr size = memory_region_size(&pfl->orig_mem); 17249ab747fSPaolo Bonzini 1732d256e6fSPaolo Bonzini memory_region_init(&pfl->mem, OBJECT(pfl), "pflash", pfl->mappings * size); 17449ab747fSPaolo Bonzini pfl->mem_mappings = g_new(MemoryRegion, pfl->mappings); 17549ab747fSPaolo Bonzini for (i = 0; i < pfl->mappings; ++i) { 1762d256e6fSPaolo Bonzini memory_region_init_alias(&pfl->mem_mappings[i], OBJECT(pfl), 1772d256e6fSPaolo Bonzini "pflash-alias", &pfl->orig_mem, 0, size); 17849ab747fSPaolo Bonzini memory_region_add_subregion(&pfl->mem, i * size, &pfl->mem_mappings[i]); 17949ab747fSPaolo Bonzini } 18049ab747fSPaolo Bonzini } 18149ab747fSPaolo Bonzini 18216434065SMarkus Armbruster static void pflash_register_memory(PFlashCFI02 *pfl, int rom_mode) 18349ab747fSPaolo Bonzini { 1845f9a5ea1SJan Kiszka memory_region_rom_device_set_romd(&pfl->orig_mem, rom_mode); 18549ab747fSPaolo Bonzini pfl->rom_mode = rom_mode; 18649ab747fSPaolo Bonzini } 18749ab747fSPaolo Bonzini 188102f0f79SPhilippe Mathieu-Daudé static size_t pflash_regions_count(PFlashCFI02 *pfl) 189102f0f79SPhilippe Mathieu-Daudé { 190102f0f79SPhilippe Mathieu-Daudé return pfl->cfi_table[0x2c]; 191102f0f79SPhilippe Mathieu-Daudé } 192102f0f79SPhilippe Mathieu-Daudé 193*ddb6f225SStephen Checkoway /* 194*ddb6f225SStephen Checkoway * Returns the time it takes to erase the number of sectors scheduled for 195*ddb6f225SStephen Checkoway * erasure based on CFI address 0x21 which is "Typical timeout per individual 196*ddb6f225SStephen Checkoway * block erase 2^N ms." 197*ddb6f225SStephen Checkoway */ 198*ddb6f225SStephen Checkoway static uint64_t pflash_erase_time(PFlashCFI02 *pfl) 199*ddb6f225SStephen Checkoway { 200*ddb6f225SStephen Checkoway /* 201*ddb6f225SStephen Checkoway * If there are no sectors to erase (which can happen if all of the sectors 202*ddb6f225SStephen Checkoway * to be erased are protected), then erase takes 100 us. Protected sectors 203*ddb6f225SStephen Checkoway * aren't supported so this should never happen. 204*ddb6f225SStephen Checkoway */ 205*ddb6f225SStephen Checkoway return ((1ULL << pfl->cfi_table[0x21]) * pfl->sectors_to_erase) * SCALE_US; 206*ddb6f225SStephen Checkoway } 207*ddb6f225SStephen Checkoway 208*ddb6f225SStephen Checkoway /* 209*ddb6f225SStephen Checkoway * Returns true if the device is currently in erase suspend mode. 210*ddb6f225SStephen Checkoway */ 211*ddb6f225SStephen Checkoway static inline bool pflash_erase_suspend_mode(PFlashCFI02 *pfl) 212*ddb6f225SStephen Checkoway { 213*ddb6f225SStephen Checkoway return pfl->erase_time_remaining > 0; 214*ddb6f225SStephen Checkoway } 215*ddb6f225SStephen Checkoway 21649ab747fSPaolo Bonzini static void pflash_timer(void *opaque) 21749ab747fSPaolo Bonzini { 21816434065SMarkus Armbruster PFlashCFI02 *pfl = opaque; 21949ab747fSPaolo Bonzini 22013019f1fSPhilippe Mathieu-Daudé trace_pflash_timer_expired(pfl->cmd); 221a50547acSStephen Checkoway if (pfl->cmd == 0x30) { 222a50547acSStephen Checkoway /* 223a50547acSStephen Checkoway * Sector erase. If DQ3 is 0 when the timer expires, then the 50 224a50547acSStephen Checkoway * us erase timeout has expired so we need to start the timer for the 225a50547acSStephen Checkoway * sector erase algorithm. Otherwise, the erase completed and we should 226a50547acSStephen Checkoway * go back to read array mode. 227a50547acSStephen Checkoway */ 228a50547acSStephen Checkoway if ((pfl->status & 0x08) == 0) { 229a50547acSStephen Checkoway assert_dq3(pfl); 230*ddb6f225SStephen Checkoway uint64_t timeout = pflash_erase_time(pfl); 231a50547acSStephen Checkoway timer_mod(&pfl->timer, 232a50547acSStephen Checkoway qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + timeout); 233a50547acSStephen Checkoway DPRINTF("%s: erase timeout fired; erasing %d sectors\n", 234a50547acSStephen Checkoway __func__, pfl->sectors_to_erase); 235a50547acSStephen Checkoway return; 236a50547acSStephen Checkoway } 237a50547acSStephen Checkoway DPRINTF("%s: sector erase complete\n", __func__); 238*ddb6f225SStephen Checkoway bitmap_zero(pfl->sector_erase_map, pfl->total_sectors); 239a50547acSStephen Checkoway pfl->sectors_to_erase = 0; 240a50547acSStephen Checkoway reset_dq3(pfl); 241a50547acSStephen Checkoway } 242a50547acSStephen Checkoway 24349ab747fSPaolo Bonzini /* Reset flash */ 2441d311e73SPhilippe Mathieu-Daudé toggle_dq7(pfl); 24549ab747fSPaolo Bonzini if (pfl->bypass) { 24649ab747fSPaolo Bonzini pfl->wcycle = 2; 24749ab747fSPaolo Bonzini } else { 24849ab747fSPaolo Bonzini pflash_register_memory(pfl, 1); 24949ab747fSPaolo Bonzini pfl->wcycle = 0; 25049ab747fSPaolo Bonzini } 25149ab747fSPaolo Bonzini pfl->cmd = 0; 25249ab747fSPaolo Bonzini } 25349ab747fSPaolo Bonzini 25406e8b8e3SPhilippe Mathieu-Daudé /* 25506e8b8e3SPhilippe Mathieu-Daudé * Read data from flash. 25606e8b8e3SPhilippe Mathieu-Daudé */ 25706e8b8e3SPhilippe Mathieu-Daudé static uint64_t pflash_data_read(PFlashCFI02 *pfl, hwaddr offset, 25806e8b8e3SPhilippe Mathieu-Daudé unsigned int width) 25906e8b8e3SPhilippe Mathieu-Daudé { 26006e8b8e3SPhilippe Mathieu-Daudé uint8_t *p = (uint8_t *)pfl->storage + offset; 26106e8b8e3SPhilippe Mathieu-Daudé uint64_t ret = pfl->be ? ldn_be_p(p, width) : ldn_le_p(p, width); 26206e8b8e3SPhilippe Mathieu-Daudé trace_pflash_data_read(offset, width << 1, ret); 26306e8b8e3SPhilippe Mathieu-Daudé return ret; 26406e8b8e3SPhilippe Mathieu-Daudé } 26506e8b8e3SPhilippe Mathieu-Daudé 266*ddb6f225SStephen Checkoway typedef struct { 267*ddb6f225SStephen Checkoway uint32_t len; 268*ddb6f225SStephen Checkoway uint32_t num; 269*ddb6f225SStephen Checkoway } SectorInfo; 270*ddb6f225SStephen Checkoway 27164659053SStephen Checkoway /* 27264659053SStephen Checkoway * offset should be a byte offset of the QEMU device and _not_ a device 27364659053SStephen Checkoway * offset. 27464659053SStephen Checkoway */ 275*ddb6f225SStephen Checkoway static SectorInfo pflash_sector_info(PFlashCFI02 *pfl, hwaddr offset) 27664659053SStephen Checkoway { 27764659053SStephen Checkoway assert(offset < pfl->chip_len); 27864659053SStephen Checkoway hwaddr addr = 0; 279*ddb6f225SStephen Checkoway uint32_t sector_num = 0; 280102f0f79SPhilippe Mathieu-Daudé for (int i = 0; i < pflash_regions_count(pfl); ++i) { 28164659053SStephen Checkoway uint64_t region_size = (uint64_t)pfl->nb_blocs[i] * pfl->sector_len[i]; 28264659053SStephen Checkoway if (addr <= offset && offset < addr + region_size) { 283*ddb6f225SStephen Checkoway return (SectorInfo) { 284*ddb6f225SStephen Checkoway .len = pfl->sector_len[i], 285*ddb6f225SStephen Checkoway .num = sector_num + (offset - addr) / pfl->sector_len[i], 286*ddb6f225SStephen Checkoway }; 28764659053SStephen Checkoway } 288*ddb6f225SStephen Checkoway sector_num += pfl->nb_blocs[i]; 28964659053SStephen Checkoway addr += region_size; 29064659053SStephen Checkoway } 29164659053SStephen Checkoway abort(); 29264659053SStephen Checkoway } 29364659053SStephen Checkoway 294*ddb6f225SStephen Checkoway /* 295*ddb6f225SStephen Checkoway * Returns true if the offset refers to a flash sector that is currently being 296*ddb6f225SStephen Checkoway * erased. 297*ddb6f225SStephen Checkoway */ 298*ddb6f225SStephen Checkoway static bool pflash_sector_is_erasing(PFlashCFI02 *pfl, hwaddr offset) 299*ddb6f225SStephen Checkoway { 300*ddb6f225SStephen Checkoway long sector_num = pflash_sector_info(pfl, offset).num; 301*ddb6f225SStephen Checkoway return test_bit(sector_num, pfl->sector_erase_map); 302*ddb6f225SStephen Checkoway } 303*ddb6f225SStephen Checkoway 304aff498cfSPhilippe Mathieu-Daudé static uint64_t pflash_read(void *opaque, hwaddr offset, unsigned int width) 30549ab747fSPaolo Bonzini { 306aff498cfSPhilippe Mathieu-Daudé PFlashCFI02 *pfl = opaque; 30749ab747fSPaolo Bonzini hwaddr boff; 308aff498cfSPhilippe Mathieu-Daudé uint64_t ret; 30949ab747fSPaolo Bonzini 31049ab747fSPaolo Bonzini ret = -1; 31149ab747fSPaolo Bonzini /* Lazy reset to ROMD mode after a certain amount of read accesses */ 31249ab747fSPaolo Bonzini if (!pfl->rom_mode && pfl->wcycle == 0 && 31349ab747fSPaolo Bonzini ++pfl->read_counter > PFLASH_LAZY_ROMD_THRESHOLD) { 31449ab747fSPaolo Bonzini pflash_register_memory(pfl, 1); 31549ab747fSPaolo Bonzini } 31649ab747fSPaolo Bonzini offset &= pfl->chip_len - 1; 31749ab747fSPaolo Bonzini boff = offset & 0xFF; 31864659053SStephen Checkoway if (pfl->width == 2) { 31949ab747fSPaolo Bonzini boff = boff >> 1; 32064659053SStephen Checkoway } else if (pfl->width == 4) { 32149ab747fSPaolo Bonzini boff = boff >> 2; 32264659053SStephen Checkoway } 32349ab747fSPaolo Bonzini switch (pfl->cmd) { 32449ab747fSPaolo Bonzini default: 32549ab747fSPaolo Bonzini /* This should never happen : reset state & treat it as a read*/ 32649ab747fSPaolo Bonzini DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd); 32749ab747fSPaolo Bonzini pfl->wcycle = 0; 32849ab747fSPaolo Bonzini pfl->cmd = 0; 32949ab747fSPaolo Bonzini /* fall through to the read code */ 33049ab747fSPaolo Bonzini case 0x80: 33149ab747fSPaolo Bonzini /* We accept reads during second unlock sequence... */ 33249ab747fSPaolo Bonzini case 0x00: 333*ddb6f225SStephen Checkoway if (pflash_erase_suspend_mode(pfl) && 334*ddb6f225SStephen Checkoway pflash_sector_is_erasing(pfl, offset)) { 335*ddb6f225SStephen Checkoway /* Toggle bit 2, but not 6. */ 336*ddb6f225SStephen Checkoway toggle_dq2(pfl); 337*ddb6f225SStephen Checkoway /* Status register read */ 338*ddb6f225SStephen Checkoway ret = pfl->status; 339*ddb6f225SStephen Checkoway DPRINTF("%s: status %" PRIx64 "\n", __func__, ret); 340*ddb6f225SStephen Checkoway break; 341*ddb6f225SStephen Checkoway } 34249ab747fSPaolo Bonzini /* Flash area read */ 34306e8b8e3SPhilippe Mathieu-Daudé ret = pflash_data_read(pfl, offset, width); 34449ab747fSPaolo Bonzini break; 34549ab747fSPaolo Bonzini case 0x90: 34649ab747fSPaolo Bonzini /* flash ID read */ 34749ab747fSPaolo Bonzini switch (boff) { 34849ab747fSPaolo Bonzini case 0x00: 34949ab747fSPaolo Bonzini case 0x01: 35049ab747fSPaolo Bonzini ret = boff & 0x01 ? pfl->ident1 : pfl->ident0; 35149ab747fSPaolo Bonzini break; 35249ab747fSPaolo Bonzini case 0x02: 35349ab747fSPaolo Bonzini ret = 0x00; /* Pretend all sectors are unprotected */ 35449ab747fSPaolo Bonzini break; 35549ab747fSPaolo Bonzini case 0x0E: 35649ab747fSPaolo Bonzini case 0x0F: 35749ab747fSPaolo Bonzini ret = boff & 0x01 ? pfl->ident3 : pfl->ident2; 3587f7bdcafSPhilippe Mathieu-Daudé if (ret != (uint8_t)-1) { 35949ab747fSPaolo Bonzini break; 3607f7bdcafSPhilippe Mathieu-Daudé } 3617f7bdcafSPhilippe Mathieu-Daudé /* Fall through to data read. */ 36249ab747fSPaolo Bonzini default: 36306e8b8e3SPhilippe Mathieu-Daudé ret = pflash_data_read(pfl, offset, width); 36449ab747fSPaolo Bonzini } 365aff498cfSPhilippe Mathieu-Daudé DPRINTF("%s: ID " TARGET_FMT_plx " %" PRIx64 "\n", __func__, boff, ret); 36649ab747fSPaolo Bonzini break; 36749ab747fSPaolo Bonzini case 0x10: 36849ab747fSPaolo Bonzini case 0x30: 369*ddb6f225SStephen Checkoway /* Toggle bit 2 during erase, but not program. */ 370*ddb6f225SStephen Checkoway toggle_dq2(pfl); 371*ddb6f225SStephen Checkoway case 0xA0: 372*ddb6f225SStephen Checkoway /* Toggle bit 6 */ 373*ddb6f225SStephen Checkoway toggle_dq6(pfl); 37449ab747fSPaolo Bonzini /* Status register read */ 37549ab747fSPaolo Bonzini ret = pfl->status; 376aff498cfSPhilippe Mathieu-Daudé DPRINTF("%s: status %" PRIx64 "\n", __func__, ret); 37749ab747fSPaolo Bonzini break; 37849ab747fSPaolo Bonzini case 0x98: 37949ab747fSPaolo Bonzini /* CFI query mode */ 38007c13a71SPhilippe Mathieu-Daudé if (boff < sizeof(pfl->cfi_table)) { 38149ab747fSPaolo Bonzini ret = pfl->cfi_table[boff]; 38207c13a71SPhilippe Mathieu-Daudé } else { 38307c13a71SPhilippe Mathieu-Daudé ret = 0; 38407c13a71SPhilippe Mathieu-Daudé } 38549ab747fSPaolo Bonzini break; 38649ab747fSPaolo Bonzini } 387e8aa2d95SPhilippe Mathieu-Daudé trace_pflash_io_read(offset, width, width << 1, ret, pfl->cmd, pfl->wcycle); 38849ab747fSPaolo Bonzini 38949ab747fSPaolo Bonzini return ret; 39049ab747fSPaolo Bonzini } 39149ab747fSPaolo Bonzini 39249ab747fSPaolo Bonzini /* update flash content on disk */ 393aff498cfSPhilippe Mathieu-Daudé static void pflash_update(PFlashCFI02 *pfl, int offset, int size) 39449ab747fSPaolo Bonzini { 39549ab747fSPaolo Bonzini int offset_end; 3964be74634SMarkus Armbruster if (pfl->blk) { 39749ab747fSPaolo Bonzini offset_end = offset + size; 398098e732dSEric Blake /* widen to sector boundaries */ 399098e732dSEric Blake offset = QEMU_ALIGN_DOWN(offset, BDRV_SECTOR_SIZE); 400098e732dSEric Blake offset_end = QEMU_ALIGN_UP(offset_end, BDRV_SECTOR_SIZE); 401098e732dSEric Blake blk_pwrite(pfl->blk, offset, pfl->storage + offset, 402098e732dSEric Blake offset_end - offset, 0); 40349ab747fSPaolo Bonzini } 40449ab747fSPaolo Bonzini } 40549ab747fSPaolo Bonzini 406a50547acSStephen Checkoway static void pflash_sector_erase(PFlashCFI02 *pfl, hwaddr offset) 407a50547acSStephen Checkoway { 408*ddb6f225SStephen Checkoway SectorInfo sector_info = pflash_sector_info(pfl, offset); 409*ddb6f225SStephen Checkoway uint64_t sector_len = sector_info.len; 410a50547acSStephen Checkoway offset &= ~(sector_len - 1); 411a50547acSStephen Checkoway DPRINTF("%s: start sector erase at %0*" PRIx64 "-%0*" PRIx64 "\n", 412a50547acSStephen Checkoway __func__, pfl->width * 2, offset, 413a50547acSStephen Checkoway pfl->width * 2, offset + sector_len - 1); 414a50547acSStephen Checkoway if (!pfl->ro) { 415a50547acSStephen Checkoway uint8_t *p = pfl->storage; 416a50547acSStephen Checkoway memset(p + offset, 0xff, sector_len); 417a50547acSStephen Checkoway pflash_update(pfl, offset, sector_len); 418a50547acSStephen Checkoway } 419a50547acSStephen Checkoway set_dq7(pfl, 0x00); 420a50547acSStephen Checkoway ++pfl->sectors_to_erase; 421*ddb6f225SStephen Checkoway set_bit(sector_info.num, pfl->sector_erase_map); 422a50547acSStephen Checkoway /* Set (or reset) the 50 us timer for additional erase commands. */ 423a50547acSStephen Checkoway timer_mod(&pfl->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 50000); 424a50547acSStephen Checkoway } 425a50547acSStephen Checkoway 426aff498cfSPhilippe Mathieu-Daudé static void pflash_write(void *opaque, hwaddr offset, uint64_t value, 427aff498cfSPhilippe Mathieu-Daudé unsigned int width) 42849ab747fSPaolo Bonzini { 429aff498cfSPhilippe Mathieu-Daudé PFlashCFI02 *pfl = opaque; 43049ab747fSPaolo Bonzini hwaddr boff; 43149ab747fSPaolo Bonzini uint8_t *p; 43249ab747fSPaolo Bonzini uint8_t cmd; 43349ab747fSPaolo Bonzini 434e8aa2d95SPhilippe Mathieu-Daudé trace_pflash_io_write(offset, width, width << 1, value, pfl->wcycle); 43549ab747fSPaolo Bonzini cmd = value; 4368a508e70SPhilippe Mathieu-Daudé if (pfl->cmd != 0xA0) { 437a9791042SStephen Checkoway /* Reset does nothing during chip erase and sector erase. */ 438a9791042SStephen Checkoway if (cmd == 0xF0 && pfl->cmd != 0x10 && pfl->cmd != 0x30) { 43946fb7809SStephen Checkoway if (pfl->wcycle == WCYCLE_AUTOSELECT_CFI) { 44046fb7809SStephen Checkoway /* Return to autoselect mode. */ 44146fb7809SStephen Checkoway pfl->wcycle = 3; 44246fb7809SStephen Checkoway pfl->cmd = 0x90; 44346fb7809SStephen Checkoway return; 44446fb7809SStephen Checkoway } 44549ab747fSPaolo Bonzini goto reset_flash; 44649ab747fSPaolo Bonzini } 4478a508e70SPhilippe Mathieu-Daudé } 44849ab747fSPaolo Bonzini offset &= pfl->chip_len - 1; 44949ab747fSPaolo Bonzini 4506682bc1eSStephen Checkoway boff = offset; 45164659053SStephen Checkoway if (pfl->width == 2) { 45249ab747fSPaolo Bonzini boff = boff >> 1; 45364659053SStephen Checkoway } else if (pfl->width == 4) { 45449ab747fSPaolo Bonzini boff = boff >> 2; 45564659053SStephen Checkoway } 4566682bc1eSStephen Checkoway /* Only the least-significant 11 bits are used in most cases. */ 4576682bc1eSStephen Checkoway boff &= 0x7FF; 45849ab747fSPaolo Bonzini switch (pfl->wcycle) { 45949ab747fSPaolo Bonzini case 0: 46049ab747fSPaolo Bonzini /* Set the device in I/O access mode if required */ 46149ab747fSPaolo Bonzini if (pfl->rom_mode) 46249ab747fSPaolo Bonzini pflash_register_memory(pfl, 0); 46349ab747fSPaolo Bonzini pfl->read_counter = 0; 46449ab747fSPaolo Bonzini /* We're in read mode */ 46549ab747fSPaolo Bonzini check_unlock0: 46649ab747fSPaolo Bonzini if (boff == 0x55 && cmd == 0x98) { 46749ab747fSPaolo Bonzini /* Enter CFI query mode */ 468aeaf6c20SPhilippe Mathieu-Daudé pfl->wcycle = WCYCLE_CFI; 46949ab747fSPaolo Bonzini pfl->cmd = 0x98; 47049ab747fSPaolo Bonzini return; 47149ab747fSPaolo Bonzini } 472*ddb6f225SStephen Checkoway /* Handle erase resume in erase suspend mode, otherwise reset. */ 473*ddb6f225SStephen Checkoway if (cmd == 0x30) { 474*ddb6f225SStephen Checkoway if (pflash_erase_suspend_mode(pfl)) { 475*ddb6f225SStephen Checkoway /* Resume the erase. */ 476*ddb6f225SStephen Checkoway timer_mod(&pfl->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 477*ddb6f225SStephen Checkoway pfl->erase_time_remaining); 478*ddb6f225SStephen Checkoway pfl->erase_time_remaining = 0; 479*ddb6f225SStephen Checkoway pfl->wcycle = 6; 480*ddb6f225SStephen Checkoway pfl->cmd = 0x30; 481*ddb6f225SStephen Checkoway set_dq7(pfl, 0x00); 482*ddb6f225SStephen Checkoway assert_dq3(pfl); 483*ddb6f225SStephen Checkoway return; 484*ddb6f225SStephen Checkoway } 485*ddb6f225SStephen Checkoway goto reset_flash; 486*ddb6f225SStephen Checkoway } 487*ddb6f225SStephen Checkoway /* Ignore erase suspend. */ 488*ddb6f225SStephen Checkoway if (cmd == 0xB0) { 489*ddb6f225SStephen Checkoway return; 490*ddb6f225SStephen Checkoway } 49149ab747fSPaolo Bonzini if (boff != pfl->unlock_addr0 || cmd != 0xAA) { 49249ab747fSPaolo Bonzini DPRINTF("%s: unlock0 failed " TARGET_FMT_plx " %02x %04x\n", 49349ab747fSPaolo Bonzini __func__, boff, cmd, pfl->unlock_addr0); 49449ab747fSPaolo Bonzini goto reset_flash; 49549ab747fSPaolo Bonzini } 49649ab747fSPaolo Bonzini DPRINTF("%s: unlock sequence started\n", __func__); 49749ab747fSPaolo Bonzini break; 49849ab747fSPaolo Bonzini case 1: 49949ab747fSPaolo Bonzini /* We started an unlock sequence */ 50049ab747fSPaolo Bonzini check_unlock1: 50149ab747fSPaolo Bonzini if (boff != pfl->unlock_addr1 || cmd != 0x55) { 50249ab747fSPaolo Bonzini DPRINTF("%s: unlock1 failed " TARGET_FMT_plx " %02x\n", __func__, 50349ab747fSPaolo Bonzini boff, cmd); 50449ab747fSPaolo Bonzini goto reset_flash; 50549ab747fSPaolo Bonzini } 50649ab747fSPaolo Bonzini DPRINTF("%s: unlock sequence done\n", __func__); 50749ab747fSPaolo Bonzini break; 50849ab747fSPaolo Bonzini case 2: 50949ab747fSPaolo Bonzini /* We finished an unlock sequence */ 51049ab747fSPaolo Bonzini if (!pfl->bypass && boff != pfl->unlock_addr0) { 51149ab747fSPaolo Bonzini DPRINTF("%s: command failed " TARGET_FMT_plx " %02x\n", __func__, 51249ab747fSPaolo Bonzini boff, cmd); 51349ab747fSPaolo Bonzini goto reset_flash; 51449ab747fSPaolo Bonzini } 51549ab747fSPaolo Bonzini switch (cmd) { 51649ab747fSPaolo Bonzini case 0x20: 51749ab747fSPaolo Bonzini pfl->bypass = 1; 51849ab747fSPaolo Bonzini goto do_bypass; 51949ab747fSPaolo Bonzini case 0x80: 52049ab747fSPaolo Bonzini case 0x90: 52149ab747fSPaolo Bonzini case 0xA0: 52249ab747fSPaolo Bonzini pfl->cmd = cmd; 52349ab747fSPaolo Bonzini DPRINTF("%s: starting command %02x\n", __func__, cmd); 52449ab747fSPaolo Bonzini break; 52549ab747fSPaolo Bonzini default: 52649ab747fSPaolo Bonzini DPRINTF("%s: unknown command %02x\n", __func__, cmd); 52749ab747fSPaolo Bonzini goto reset_flash; 52849ab747fSPaolo Bonzini } 52949ab747fSPaolo Bonzini break; 53049ab747fSPaolo Bonzini case 3: 53149ab747fSPaolo Bonzini switch (pfl->cmd) { 53249ab747fSPaolo Bonzini case 0x80: 53349ab747fSPaolo Bonzini /* We need another unlock sequence */ 53449ab747fSPaolo Bonzini goto check_unlock0; 53549ab747fSPaolo Bonzini case 0xA0: 536*ddb6f225SStephen Checkoway if (pflash_erase_suspend_mode(pfl) && 537*ddb6f225SStephen Checkoway pflash_sector_is_erasing(pfl, offset)) { 538*ddb6f225SStephen Checkoway /* Ignore writes to erasing sectors. */ 539*ddb6f225SStephen Checkoway if (pfl->bypass) { 540*ddb6f225SStephen Checkoway goto do_bypass; 541*ddb6f225SStephen Checkoway } 542*ddb6f225SStephen Checkoway goto reset_flash; 543*ddb6f225SStephen Checkoway } 544c1474acdSPhilippe Mathieu-Daudé trace_pflash_data_write(offset, width << 1, value, 0); 54549ab747fSPaolo Bonzini if (!pfl->ro) { 546c3d25271SPhilippe Mathieu-Daudé p = (uint8_t *)pfl->storage + offset; 547c3d25271SPhilippe Mathieu-Daudé if (pfl->be) { 548c3d25271SPhilippe Mathieu-Daudé uint64_t current = ldn_be_p(p, width); 549c3d25271SPhilippe Mathieu-Daudé stn_be_p(p, width, current & value); 55049ab747fSPaolo Bonzini } else { 551c3d25271SPhilippe Mathieu-Daudé uint64_t current = ldn_le_p(p, width); 552c3d25271SPhilippe Mathieu-Daudé stn_le_p(p, width, current & value); 55349ab747fSPaolo Bonzini } 554c3d25271SPhilippe Mathieu-Daudé pflash_update(pfl, offset, width); 55549ab747fSPaolo Bonzini } 5561d311e73SPhilippe Mathieu-Daudé /* 5571d311e73SPhilippe Mathieu-Daudé * While programming, status bit DQ7 should hold the opposite 5581d311e73SPhilippe Mathieu-Daudé * value from how it was programmed. 5591d311e73SPhilippe Mathieu-Daudé */ 5601d311e73SPhilippe Mathieu-Daudé set_dq7(pfl, ~value); 56149ab747fSPaolo Bonzini /* Let's pretend write is immediate */ 56249ab747fSPaolo Bonzini if (pfl->bypass) 56349ab747fSPaolo Bonzini goto do_bypass; 56449ab747fSPaolo Bonzini goto reset_flash; 56549ab747fSPaolo Bonzini case 0x90: 56649ab747fSPaolo Bonzini if (pfl->bypass && cmd == 0x00) { 56749ab747fSPaolo Bonzini /* Unlock bypass reset */ 56849ab747fSPaolo Bonzini goto reset_flash; 56949ab747fSPaolo Bonzini } 57046fb7809SStephen Checkoway /* 57146fb7809SStephen Checkoway * We can enter CFI query mode from autoselect mode, but we must 57246fb7809SStephen Checkoway * return to autoselect mode after a reset. 57346fb7809SStephen Checkoway */ 57446fb7809SStephen Checkoway if (boff == 0x55 && cmd == 0x98) { 57546fb7809SStephen Checkoway /* Enter autoselect CFI query mode */ 57646fb7809SStephen Checkoway pfl->wcycle = WCYCLE_AUTOSELECT_CFI; 57746fb7809SStephen Checkoway pfl->cmd = 0x98; 57846fb7809SStephen Checkoway return; 57946fb7809SStephen Checkoway } 58049ab747fSPaolo Bonzini /* No break here */ 58149ab747fSPaolo Bonzini default: 58249ab747fSPaolo Bonzini DPRINTF("%s: invalid write for command %02x\n", 58349ab747fSPaolo Bonzini __func__, pfl->cmd); 58449ab747fSPaolo Bonzini goto reset_flash; 58549ab747fSPaolo Bonzini } 58649ab747fSPaolo Bonzini case 4: 58749ab747fSPaolo Bonzini switch (pfl->cmd) { 58849ab747fSPaolo Bonzini case 0xA0: 58949ab747fSPaolo Bonzini /* Ignore writes while flash data write is occurring */ 59049ab747fSPaolo Bonzini /* As we suppose write is immediate, this should never happen */ 59149ab747fSPaolo Bonzini return; 59249ab747fSPaolo Bonzini case 0x80: 59349ab747fSPaolo Bonzini goto check_unlock1; 59449ab747fSPaolo Bonzini default: 59549ab747fSPaolo Bonzini /* Should never happen */ 59649ab747fSPaolo Bonzini DPRINTF("%s: invalid command state %02x (wc 4)\n", 59749ab747fSPaolo Bonzini __func__, pfl->cmd); 59849ab747fSPaolo Bonzini goto reset_flash; 59949ab747fSPaolo Bonzini } 60049ab747fSPaolo Bonzini break; 60149ab747fSPaolo Bonzini case 5: 602*ddb6f225SStephen Checkoway if (pflash_erase_suspend_mode(pfl)) { 603*ddb6f225SStephen Checkoway /* Erasing is not supported in erase suspend mode. */ 604*ddb6f225SStephen Checkoway goto reset_flash; 605*ddb6f225SStephen Checkoway } 60649ab747fSPaolo Bonzini switch (cmd) { 60749ab747fSPaolo Bonzini case 0x10: 60849ab747fSPaolo Bonzini if (boff != pfl->unlock_addr0) { 60949ab747fSPaolo Bonzini DPRINTF("%s: chip erase: invalid address " TARGET_FMT_plx "\n", 61049ab747fSPaolo Bonzini __func__, offset); 61149ab747fSPaolo Bonzini goto reset_flash; 61249ab747fSPaolo Bonzini } 61349ab747fSPaolo Bonzini /* Chip erase */ 61449ab747fSPaolo Bonzini DPRINTF("%s: start chip erase\n", __func__); 61549ab747fSPaolo Bonzini if (!pfl->ro) { 6161eb27d69SPhilippe Mathieu-Daudé memset(pfl->storage, 0xff, pfl->chip_len); 61749ab747fSPaolo Bonzini pflash_update(pfl, 0, pfl->chip_len); 61849ab747fSPaolo Bonzini } 6191d311e73SPhilippe Mathieu-Daudé set_dq7(pfl, 0x00); 62049ab747fSPaolo Bonzini /* Let's wait 5 seconds before chip erase is done */ 621d80cf1ebSStephen Checkoway timer_mod(&pfl->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 62273bcb24dSRutuja Shah (NANOSECONDS_PER_SECOND * 5)); 62349ab747fSPaolo Bonzini break; 62449ab747fSPaolo Bonzini case 0x30: 62549ab747fSPaolo Bonzini /* Sector erase */ 626a50547acSStephen Checkoway pflash_sector_erase(pfl, offset); 62749ab747fSPaolo Bonzini break; 62849ab747fSPaolo Bonzini default: 62949ab747fSPaolo Bonzini DPRINTF("%s: invalid command %02x (wc 5)\n", __func__, cmd); 63049ab747fSPaolo Bonzini goto reset_flash; 63149ab747fSPaolo Bonzini } 63249ab747fSPaolo Bonzini pfl->cmd = cmd; 63349ab747fSPaolo Bonzini break; 63449ab747fSPaolo Bonzini case 6: 63549ab747fSPaolo Bonzini switch (pfl->cmd) { 63649ab747fSPaolo Bonzini case 0x10: 63749ab747fSPaolo Bonzini /* Ignore writes during chip erase */ 63849ab747fSPaolo Bonzini return; 63949ab747fSPaolo Bonzini case 0x30: 640*ddb6f225SStephen Checkoway if (cmd == 0xB0) { 641*ddb6f225SStephen Checkoway /* 642*ddb6f225SStephen Checkoway * If erase suspend happens during the erase timeout (so DQ3 is 643*ddb6f225SStephen Checkoway * 0), then the device suspends erasing immediately. Set the 644*ddb6f225SStephen Checkoway * remaining time to be the total time to erase. Otherwise, 645*ddb6f225SStephen Checkoway * there is a maximum amount of time it can take to enter 646*ddb6f225SStephen Checkoway * suspend mode. Let's ignore that and suspend immediately and 647*ddb6f225SStephen Checkoway * set the remaining time to the actual time remaining on the 648*ddb6f225SStephen Checkoway * timer. 649*ddb6f225SStephen Checkoway */ 650*ddb6f225SStephen Checkoway if ((pfl->status & 0x08) == 0) { 651*ddb6f225SStephen Checkoway pfl->erase_time_remaining = pflash_erase_time(pfl); 652*ddb6f225SStephen Checkoway } else { 653*ddb6f225SStephen Checkoway int64_t delta = timer_expire_time_ns(&pfl->timer) - 654*ddb6f225SStephen Checkoway qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 655*ddb6f225SStephen Checkoway /* Make sure we have a positive time remaining. */ 656*ddb6f225SStephen Checkoway pfl->erase_time_remaining = delta <= 0 ? 1 : delta; 657*ddb6f225SStephen Checkoway } 658*ddb6f225SStephen Checkoway reset_dq3(pfl); 659*ddb6f225SStephen Checkoway timer_del(&pfl->timer); 660*ddb6f225SStephen Checkoway pfl->wcycle = 0; 661*ddb6f225SStephen Checkoway pfl->cmd = 0; 662*ddb6f225SStephen Checkoway return; 663*ddb6f225SStephen Checkoway } 664a50547acSStephen Checkoway /* 665a50547acSStephen Checkoway * If DQ3 is 0, additional sector erase commands can be 666a50547acSStephen Checkoway * written and anything else (other than an erase suspend) resets 667a50547acSStephen Checkoway * the device. 668a50547acSStephen Checkoway */ 669a50547acSStephen Checkoway if ((pfl->status & 0x08) == 0) { 670a50547acSStephen Checkoway if (cmd == 0x30) { 671a50547acSStephen Checkoway pflash_sector_erase(pfl, offset); 672a50547acSStephen Checkoway } else { 673a50547acSStephen Checkoway goto reset_flash; 674a50547acSStephen Checkoway } 675a50547acSStephen Checkoway } 676a50547acSStephen Checkoway /* Ignore writes during the actual erase. */ 67749ab747fSPaolo Bonzini return; 67849ab747fSPaolo Bonzini default: 67949ab747fSPaolo Bonzini /* Should never happen */ 68049ab747fSPaolo Bonzini DPRINTF("%s: invalid command state %02x (wc 6)\n", 68149ab747fSPaolo Bonzini __func__, pfl->cmd); 68249ab747fSPaolo Bonzini goto reset_flash; 68349ab747fSPaolo Bonzini } 68449ab747fSPaolo Bonzini break; 685aeaf6c20SPhilippe Mathieu-Daudé /* Special values for CFI queries */ 686aeaf6c20SPhilippe Mathieu-Daudé case WCYCLE_CFI: 68746fb7809SStephen Checkoway case WCYCLE_AUTOSELECT_CFI: 68849ab747fSPaolo Bonzini DPRINTF("%s: invalid write in CFI query mode\n", __func__); 68949ab747fSPaolo Bonzini goto reset_flash; 69049ab747fSPaolo Bonzini default: 69149ab747fSPaolo Bonzini /* Should never happen */ 69249ab747fSPaolo Bonzini DPRINTF("%s: invalid write state (wc 7)\n", __func__); 69349ab747fSPaolo Bonzini goto reset_flash; 69449ab747fSPaolo Bonzini } 69549ab747fSPaolo Bonzini pfl->wcycle++; 69649ab747fSPaolo Bonzini 69749ab747fSPaolo Bonzini return; 69849ab747fSPaolo Bonzini 69949ab747fSPaolo Bonzini /* Reset flash */ 70049ab747fSPaolo Bonzini reset_flash: 70113019f1fSPhilippe Mathieu-Daudé trace_pflash_reset(); 70249ab747fSPaolo Bonzini pfl->bypass = 0; 70349ab747fSPaolo Bonzini pfl->wcycle = 0; 70449ab747fSPaolo Bonzini pfl->cmd = 0; 70549ab747fSPaolo Bonzini return; 70649ab747fSPaolo Bonzini 70749ab747fSPaolo Bonzini do_bypass: 70849ab747fSPaolo Bonzini pfl->wcycle = 2; 70949ab747fSPaolo Bonzini pfl->cmd = 0; 71049ab747fSPaolo Bonzini } 71149ab747fSPaolo Bonzini 712aff498cfSPhilippe Mathieu-Daudé static const MemoryRegionOps pflash_cfi02_ops = { 713aff498cfSPhilippe Mathieu-Daudé .read = pflash_read, 714aff498cfSPhilippe Mathieu-Daudé .write = pflash_write, 715a4afb28dSPeter Maydell .valid.min_access_size = 1, 716a4afb28dSPeter Maydell .valid.max_access_size = 4, 71749ab747fSPaolo Bonzini .endianness = DEVICE_NATIVE_ENDIAN, 71849ab747fSPaolo Bonzini }; 71949ab747fSPaolo Bonzini 720da3bd642SHu Tao static void pflash_cfi02_realize(DeviceState *dev, Error **errp) 72149ab747fSPaolo Bonzini { 722e7b62741SMarkus Armbruster PFlashCFI02 *pfl = PFLASH_CFI02(dev); 72349ab747fSPaolo Bonzini int ret; 72433e0eb52SHu Tao Error *local_err = NULL; 72549ab747fSPaolo Bonzini 72664659053SStephen Checkoway if (pfl->uniform_sector_len == 0 && pfl->sector_len[0] == 0) { 7278929fc3aSZiyue Yang error_setg(errp, "attribute \"sector-length\" not specified or zero."); 7288929fc3aSZiyue Yang return; 7298929fc3aSZiyue Yang } 73064659053SStephen Checkoway if (pfl->uniform_nb_blocs == 0 && pfl->nb_blocs[0] == 0) { 7318929fc3aSZiyue Yang error_setg(errp, "attribute \"num-blocks\" not specified or zero."); 7328929fc3aSZiyue Yang return; 7338929fc3aSZiyue Yang } 7348929fc3aSZiyue Yang if (pfl->name == NULL) { 7358929fc3aSZiyue Yang error_setg(errp, "attribute \"name\" not specified."); 7368929fc3aSZiyue Yang return; 7378929fc3aSZiyue Yang } 7388929fc3aSZiyue Yang 73964659053SStephen Checkoway int nb_regions; 74064659053SStephen Checkoway pfl->chip_len = 0; 741*ddb6f225SStephen Checkoway pfl->total_sectors = 0; 74264659053SStephen Checkoway for (nb_regions = 0; nb_regions < PFLASH_MAX_ERASE_REGIONS; ++nb_regions) { 74364659053SStephen Checkoway if (pfl->nb_blocs[nb_regions] == 0) { 74464659053SStephen Checkoway break; 74564659053SStephen Checkoway } 746*ddb6f225SStephen Checkoway pfl->total_sectors += pfl->nb_blocs[nb_regions]; 74764659053SStephen Checkoway uint64_t sector_len_per_device = pfl->sector_len[nb_regions]; 74864659053SStephen Checkoway 74964659053SStephen Checkoway /* 75064659053SStephen Checkoway * The size of each flash sector must be a power of 2 and it must be 75164659053SStephen Checkoway * aligned at the same power of 2. 75264659053SStephen Checkoway */ 75364659053SStephen Checkoway if (sector_len_per_device & 0xff || 75464659053SStephen Checkoway sector_len_per_device >= (1 << 24) || 75564659053SStephen Checkoway !is_power_of_2(sector_len_per_device)) 75664659053SStephen Checkoway { 75764659053SStephen Checkoway error_setg(errp, "unsupported configuration: " 75864659053SStephen Checkoway "sector length[%d] per device = %" PRIx64 ".", 75964659053SStephen Checkoway nb_regions, sector_len_per_device); 76064659053SStephen Checkoway return; 76164659053SStephen Checkoway } 76264659053SStephen Checkoway if (pfl->chip_len & (sector_len_per_device - 1)) { 76364659053SStephen Checkoway error_setg(errp, "unsupported configuration: " 76464659053SStephen Checkoway "flash region %d not correctly aligned.", 76564659053SStephen Checkoway nb_regions); 76664659053SStephen Checkoway return; 76764659053SStephen Checkoway } 76864659053SStephen Checkoway 76964659053SStephen Checkoway pfl->chip_len += (uint64_t)pfl->sector_len[nb_regions] * 77064659053SStephen Checkoway pfl->nb_blocs[nb_regions]; 77164659053SStephen Checkoway } 77264659053SStephen Checkoway 77364659053SStephen Checkoway uint64_t uniform_len = (uint64_t)pfl->uniform_nb_blocs * 77464659053SStephen Checkoway pfl->uniform_sector_len; 77564659053SStephen Checkoway if (nb_regions == 0) { 77664659053SStephen Checkoway nb_regions = 1; 77764659053SStephen Checkoway pfl->nb_blocs[0] = pfl->uniform_nb_blocs; 77864659053SStephen Checkoway pfl->sector_len[0] = pfl->uniform_sector_len; 77964659053SStephen Checkoway pfl->chip_len = uniform_len; 780*ddb6f225SStephen Checkoway pfl->total_sectors = pfl->uniform_nb_blocs; 78164659053SStephen Checkoway } else if (uniform_len != 0 && uniform_len != pfl->chip_len) { 78264659053SStephen Checkoway error_setg(errp, "\"num-blocks\"*\"sector-length\" " 78364659053SStephen Checkoway "different from \"num-blocks0\"*\'sector-length0\" + ... + " 78464659053SStephen Checkoway "\"num-blocks3\"*\"sector-length3\""); 78564659053SStephen Checkoway return; 78664659053SStephen Checkoway } 78749ab747fSPaolo Bonzini 788aff498cfSPhilippe Mathieu-Daudé memory_region_init_rom_device(&pfl->orig_mem, OBJECT(pfl), 789aff498cfSPhilippe Mathieu-Daudé &pflash_cfi02_ops, pfl, pfl->name, 7901eb27d69SPhilippe Mathieu-Daudé pfl->chip_len, &local_err); 79133e0eb52SHu Tao if (local_err) { 79233e0eb52SHu Tao error_propagate(errp, local_err); 79333e0eb52SHu Tao return; 79433e0eb52SHu Tao } 79533e0eb52SHu Tao 79649ab747fSPaolo Bonzini pfl->storage = memory_region_get_ram_ptr(&pfl->orig_mem); 797a17c17a2SKevin Wolf 798a17c17a2SKevin Wolf if (pfl->blk) { 799a17c17a2SKevin Wolf uint64_t perm; 800a17c17a2SKevin Wolf pfl->ro = blk_is_read_only(pfl->blk); 801a17c17a2SKevin Wolf perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE); 802a17c17a2SKevin Wolf ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp); 803a17c17a2SKevin Wolf if (ret < 0) { 804a17c17a2SKevin Wolf return; 805a17c17a2SKevin Wolf } 806a17c17a2SKevin Wolf } else { 807a17c17a2SKevin Wolf pfl->ro = 0; 808a17c17a2SKevin Wolf } 809a17c17a2SKevin Wolf 8104be74634SMarkus Armbruster if (pfl->blk) { 8111eb27d69SPhilippe Mathieu-Daudé if (!blk_check_size_and_read_all(pfl->blk, pfl->storage, 8121eb27d69SPhilippe Mathieu-Daudé pfl->chip_len, errp)) { 813da3bd642SHu Tao vmstate_unregister_ram(&pfl->orig_mem, DEVICE(pfl)); 814da3bd642SHu Tao return; 81549ab747fSPaolo Bonzini } 81649ab747fSPaolo Bonzini } 81749ab747fSPaolo Bonzini 8186682bc1eSStephen Checkoway /* Only 11 bits are used in the comparison. */ 8196682bc1eSStephen Checkoway pfl->unlock_addr0 &= 0x7FF; 8206682bc1eSStephen Checkoway pfl->unlock_addr1 &= 0x7FF; 8216682bc1eSStephen Checkoway 822*ddb6f225SStephen Checkoway /* Allocate memory for a bitmap for sectors being erased. */ 823*ddb6f225SStephen Checkoway pfl->sector_erase_map = bitmap_new(pfl->total_sectors); 824*ddb6f225SStephen Checkoway 82549ab747fSPaolo Bonzini pflash_setup_mappings(pfl); 82649ab747fSPaolo Bonzini pfl->rom_mode = 1; 827da3bd642SHu Tao sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem); 82849ab747fSPaolo Bonzini 829d80cf1ebSStephen Checkoway timer_init_ns(&pfl->timer, QEMU_CLOCK_VIRTUAL, pflash_timer, pfl); 83049ab747fSPaolo Bonzini pfl->wcycle = 0; 83149ab747fSPaolo Bonzini pfl->cmd = 0; 83249ab747fSPaolo Bonzini pfl->status = 0; 8339ac45b88SPhilippe Mathieu-Daudé 83449ab747fSPaolo Bonzini /* Hardcoded CFI table (mostly from SG29 Spansion flash) */ 83564659053SStephen Checkoway const uint16_t pri_ofs = 0x40; 83649ab747fSPaolo Bonzini /* Standard "QRY" string */ 83749ab747fSPaolo Bonzini pfl->cfi_table[0x10] = 'Q'; 83849ab747fSPaolo Bonzini pfl->cfi_table[0x11] = 'R'; 83949ab747fSPaolo Bonzini pfl->cfi_table[0x12] = 'Y'; 84049ab747fSPaolo Bonzini /* Command set (AMD/Fujitsu) */ 84149ab747fSPaolo Bonzini pfl->cfi_table[0x13] = 0x02; 84249ab747fSPaolo Bonzini pfl->cfi_table[0x14] = 0x00; 84349ab747fSPaolo Bonzini /* Primary extended table address */ 844d6874c83SPhilippe Mathieu-Daudé pfl->cfi_table[0x15] = pri_ofs; 845d6874c83SPhilippe Mathieu-Daudé pfl->cfi_table[0x16] = pri_ofs >> 8; 84649ab747fSPaolo Bonzini /* Alternate command set (none) */ 84749ab747fSPaolo Bonzini pfl->cfi_table[0x17] = 0x00; 84849ab747fSPaolo Bonzini pfl->cfi_table[0x18] = 0x00; 84949ab747fSPaolo Bonzini /* Alternate extended table (none) */ 85049ab747fSPaolo Bonzini pfl->cfi_table[0x19] = 0x00; 85149ab747fSPaolo Bonzini pfl->cfi_table[0x1A] = 0x00; 85249ab747fSPaolo Bonzini /* Vcc min */ 85349ab747fSPaolo Bonzini pfl->cfi_table[0x1B] = 0x27; 85449ab747fSPaolo Bonzini /* Vcc max */ 85549ab747fSPaolo Bonzini pfl->cfi_table[0x1C] = 0x36; 85649ab747fSPaolo Bonzini /* Vpp min (no Vpp pin) */ 85749ab747fSPaolo Bonzini pfl->cfi_table[0x1D] = 0x00; 85849ab747fSPaolo Bonzini /* Vpp max (no Vpp pin) */ 85949ab747fSPaolo Bonzini pfl->cfi_table[0x1E] = 0x00; 8609ac45b88SPhilippe Mathieu-Daudé /* Timeout per single byte/word write (128 ms) */ 86149ab747fSPaolo Bonzini pfl->cfi_table[0x1F] = 0x07; 86249ab747fSPaolo Bonzini /* Timeout for min size buffer write (NA) */ 86349ab747fSPaolo Bonzini pfl->cfi_table[0x20] = 0x00; 86449ab747fSPaolo Bonzini /* Typical timeout for block erase (512 ms) */ 86549ab747fSPaolo Bonzini pfl->cfi_table[0x21] = 0x09; 86649ab747fSPaolo Bonzini /* Typical timeout for full chip erase (4096 ms) */ 86749ab747fSPaolo Bonzini pfl->cfi_table[0x22] = 0x0C; 86849ab747fSPaolo Bonzini /* Reserved */ 86949ab747fSPaolo Bonzini pfl->cfi_table[0x23] = 0x01; 87049ab747fSPaolo Bonzini /* Max timeout for buffer write (NA) */ 87149ab747fSPaolo Bonzini pfl->cfi_table[0x24] = 0x00; 87249ab747fSPaolo Bonzini /* Max timeout for block erase */ 87349ab747fSPaolo Bonzini pfl->cfi_table[0x25] = 0x0A; 87449ab747fSPaolo Bonzini /* Max timeout for chip erase */ 87549ab747fSPaolo Bonzini pfl->cfi_table[0x26] = 0x0D; 87649ab747fSPaolo Bonzini /* Device size */ 8771eb27d69SPhilippe Mathieu-Daudé pfl->cfi_table[0x27] = ctz32(pfl->chip_len); 87849ab747fSPaolo Bonzini /* Flash device interface (8 & 16 bits) */ 87949ab747fSPaolo Bonzini pfl->cfi_table[0x28] = 0x02; 88049ab747fSPaolo Bonzini pfl->cfi_table[0x29] = 0x00; 88149ab747fSPaolo Bonzini /* Max number of bytes in multi-bytes write */ 88249ab747fSPaolo Bonzini /* XXX: disable buffered write as it's not supported */ 88349ab747fSPaolo Bonzini // pfl->cfi_table[0x2A] = 0x05; 88449ab747fSPaolo Bonzini pfl->cfi_table[0x2A] = 0x00; 88549ab747fSPaolo Bonzini pfl->cfi_table[0x2B] = 0x00; 88664659053SStephen Checkoway /* Number of erase block regions */ 88764659053SStephen Checkoway pfl->cfi_table[0x2c] = nb_regions; 88864659053SStephen Checkoway /* Erase block regions */ 88964659053SStephen Checkoway for (int i = 0; i < nb_regions; ++i) { 89064659053SStephen Checkoway uint32_t sector_len_per_device = pfl->sector_len[i]; 89164659053SStephen Checkoway pfl->cfi_table[0x2d + 4 * i] = pfl->nb_blocs[i] - 1; 89264659053SStephen Checkoway pfl->cfi_table[0x2e + 4 * i] = (pfl->nb_blocs[i] - 1) >> 8; 89364659053SStephen Checkoway pfl->cfi_table[0x2f + 4 * i] = sector_len_per_device >> 8; 89464659053SStephen Checkoway pfl->cfi_table[0x30 + 4 * i] = sector_len_per_device >> 16; 89564659053SStephen Checkoway } 89664659053SStephen Checkoway assert(0x2c + 4 * nb_regions < pri_ofs); 89749ab747fSPaolo Bonzini 89849ab747fSPaolo Bonzini /* Extended */ 899d6874c83SPhilippe Mathieu-Daudé pfl->cfi_table[0x00 + pri_ofs] = 'P'; 900d6874c83SPhilippe Mathieu-Daudé pfl->cfi_table[0x01 + pri_ofs] = 'R'; 901d6874c83SPhilippe Mathieu-Daudé pfl->cfi_table[0x02 + pri_ofs] = 'I'; 90249ab747fSPaolo Bonzini 9039ac45b88SPhilippe Mathieu-Daudé /* Extended version 1.0 */ 904d6874c83SPhilippe Mathieu-Daudé pfl->cfi_table[0x03 + pri_ofs] = '1'; 905d6874c83SPhilippe Mathieu-Daudé pfl->cfi_table[0x04 + pri_ofs] = '0'; 90649ab747fSPaolo Bonzini 9079ac45b88SPhilippe Mathieu-Daudé /* Address sensitive unlock required. */ 908d6874c83SPhilippe Mathieu-Daudé pfl->cfi_table[0x05 + pri_ofs] = 0x00; 909*ddb6f225SStephen Checkoway /* Erase suspend to read/write. */ 910*ddb6f225SStephen Checkoway pfl->cfi_table[0x06 + pri_ofs] = 0x02; 9119ac45b88SPhilippe Mathieu-Daudé /* Sector protect not supported. */ 912d6874c83SPhilippe Mathieu-Daudé pfl->cfi_table[0x07 + pri_ofs] = 0x00; 9139ac45b88SPhilippe Mathieu-Daudé /* Temporary sector unprotect not supported. */ 914d6874c83SPhilippe Mathieu-Daudé pfl->cfi_table[0x08 + pri_ofs] = 0x00; 91549ab747fSPaolo Bonzini 9169ac45b88SPhilippe Mathieu-Daudé /* Sector protect/unprotect scheme. */ 917d6874c83SPhilippe Mathieu-Daudé pfl->cfi_table[0x09 + pri_ofs] = 0x00; 91849ab747fSPaolo Bonzini 9199ac45b88SPhilippe Mathieu-Daudé /* Simultaneous operation not supported. */ 920d6874c83SPhilippe Mathieu-Daudé pfl->cfi_table[0x0a + pri_ofs] = 0x00; 9219ac45b88SPhilippe Mathieu-Daudé /* Burst mode not supported. */ 922d6874c83SPhilippe Mathieu-Daudé pfl->cfi_table[0x0b + pri_ofs] = 0x00; 923c2c1bf44SPhilippe Mathieu-Daudé /* Page mode not supported. */ 924c2c1bf44SPhilippe Mathieu-Daudé pfl->cfi_table[0x0c + pri_ofs] = 0x00; 925c2c1bf44SPhilippe Mathieu-Daudé assert(0x0c + pri_ofs < ARRAY_SIZE(pfl->cfi_table)); 92649ab747fSPaolo Bonzini } 92749ab747fSPaolo Bonzini 92849ab747fSPaolo Bonzini static Property pflash_cfi02_properties[] = { 92916434065SMarkus Armbruster DEFINE_PROP_DRIVE("drive", PFlashCFI02, blk), 93064659053SStephen Checkoway DEFINE_PROP_UINT32("num-blocks", PFlashCFI02, uniform_nb_blocs, 0), 93164659053SStephen Checkoway DEFINE_PROP_UINT32("sector-length", PFlashCFI02, uniform_sector_len, 0), 93264659053SStephen Checkoway DEFINE_PROP_UINT32("num-blocks0", PFlashCFI02, nb_blocs[0], 0), 93364659053SStephen Checkoway DEFINE_PROP_UINT32("sector-length0", PFlashCFI02, sector_len[0], 0), 93464659053SStephen Checkoway DEFINE_PROP_UINT32("num-blocks1", PFlashCFI02, nb_blocs[1], 0), 93564659053SStephen Checkoway DEFINE_PROP_UINT32("sector-length1", PFlashCFI02, sector_len[1], 0), 93664659053SStephen Checkoway DEFINE_PROP_UINT32("num-blocks2", PFlashCFI02, nb_blocs[2], 0), 93764659053SStephen Checkoway DEFINE_PROP_UINT32("sector-length2", PFlashCFI02, sector_len[2], 0), 93864659053SStephen Checkoway DEFINE_PROP_UINT32("num-blocks3", PFlashCFI02, nb_blocs[3], 0), 93964659053SStephen Checkoway DEFINE_PROP_UINT32("sector-length3", PFlashCFI02, sector_len[3], 0), 94016434065SMarkus Armbruster DEFINE_PROP_UINT8("width", PFlashCFI02, width, 0), 94116434065SMarkus Armbruster DEFINE_PROP_UINT8("mappings", PFlashCFI02, mappings, 0), 94216434065SMarkus Armbruster DEFINE_PROP_UINT8("big-endian", PFlashCFI02, be, 0), 94316434065SMarkus Armbruster DEFINE_PROP_UINT16("id0", PFlashCFI02, ident0, 0), 94416434065SMarkus Armbruster DEFINE_PROP_UINT16("id1", PFlashCFI02, ident1, 0), 94516434065SMarkus Armbruster DEFINE_PROP_UINT16("id2", PFlashCFI02, ident2, 0), 94616434065SMarkus Armbruster DEFINE_PROP_UINT16("id3", PFlashCFI02, ident3, 0), 94716434065SMarkus Armbruster DEFINE_PROP_UINT16("unlock-addr0", PFlashCFI02, unlock_addr0, 0), 94816434065SMarkus Armbruster DEFINE_PROP_UINT16("unlock-addr1", PFlashCFI02, unlock_addr1, 0), 94916434065SMarkus Armbruster DEFINE_PROP_STRING("name", PFlashCFI02, name), 95049ab747fSPaolo Bonzini DEFINE_PROP_END_OF_LIST(), 95149ab747fSPaolo Bonzini }; 95249ab747fSPaolo Bonzini 953d80cf1ebSStephen Checkoway static void pflash_cfi02_unrealize(DeviceState *dev, Error **errp) 954d80cf1ebSStephen Checkoway { 955e7b62741SMarkus Armbruster PFlashCFI02 *pfl = PFLASH_CFI02(dev); 956d80cf1ebSStephen Checkoway timer_del(&pfl->timer); 957*ddb6f225SStephen Checkoway g_free(pfl->sector_erase_map); 958d80cf1ebSStephen Checkoway } 959d80cf1ebSStephen Checkoway 96049ab747fSPaolo Bonzini static void pflash_cfi02_class_init(ObjectClass *klass, void *data) 96149ab747fSPaolo Bonzini { 96249ab747fSPaolo Bonzini DeviceClass *dc = DEVICE_CLASS(klass); 96349ab747fSPaolo Bonzini 964da3bd642SHu Tao dc->realize = pflash_cfi02_realize; 965d80cf1ebSStephen Checkoway dc->unrealize = pflash_cfi02_unrealize; 96649ab747fSPaolo Bonzini dc->props = pflash_cfi02_properties; 967df6f9318SAntony Pavlov set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 96849ab747fSPaolo Bonzini } 96949ab747fSPaolo Bonzini 97049ab747fSPaolo Bonzini static const TypeInfo pflash_cfi02_info = { 971e7b62741SMarkus Armbruster .name = TYPE_PFLASH_CFI02, 97249ab747fSPaolo Bonzini .parent = TYPE_SYS_BUS_DEVICE, 97316434065SMarkus Armbruster .instance_size = sizeof(PFlashCFI02), 97449ab747fSPaolo Bonzini .class_init = pflash_cfi02_class_init, 97549ab747fSPaolo Bonzini }; 97649ab747fSPaolo Bonzini 97749ab747fSPaolo Bonzini static void pflash_cfi02_register_types(void) 97849ab747fSPaolo Bonzini { 97949ab747fSPaolo Bonzini type_register_static(&pflash_cfi02_info); 98049ab747fSPaolo Bonzini } 98149ab747fSPaolo Bonzini 98249ab747fSPaolo Bonzini type_init(pflash_cfi02_register_types) 98349ab747fSPaolo Bonzini 98416434065SMarkus Armbruster PFlashCFI02 *pflash_cfi02_register(hwaddr base, 985940d5b13SMarkus Armbruster const char *name, 98649ab747fSPaolo Bonzini hwaddr size, 98716434065SMarkus Armbruster BlockBackend *blk, 988ce14710fSMarkus Armbruster uint32_t sector_len, 98916434065SMarkus Armbruster int nb_mappings, int width, 99049ab747fSPaolo Bonzini uint16_t id0, uint16_t id1, 99149ab747fSPaolo Bonzini uint16_t id2, uint16_t id3, 99216434065SMarkus Armbruster uint16_t unlock_addr0, 99316434065SMarkus Armbruster uint16_t unlock_addr1, 99449ab747fSPaolo Bonzini int be) 99549ab747fSPaolo Bonzini { 996e7b62741SMarkus Armbruster DeviceState *dev = qdev_create(NULL, TYPE_PFLASH_CFI02); 99749ab747fSPaolo Bonzini 9989b3d111aSMarkus Armbruster if (blk) { 9999b3d111aSMarkus Armbruster qdev_prop_set_drive(dev, "drive", blk, &error_abort); 100049ab747fSPaolo Bonzini } 1001ce14710fSMarkus Armbruster assert(size % sector_len == 0); 1002ce14710fSMarkus Armbruster qdev_prop_set_uint32(dev, "num-blocks", size / sector_len); 100349ab747fSPaolo Bonzini qdev_prop_set_uint32(dev, "sector-length", sector_len); 100449ab747fSPaolo Bonzini qdev_prop_set_uint8(dev, "width", width); 100549ab747fSPaolo Bonzini qdev_prop_set_uint8(dev, "mappings", nb_mappings); 100649ab747fSPaolo Bonzini qdev_prop_set_uint8(dev, "big-endian", !!be); 100749ab747fSPaolo Bonzini qdev_prop_set_uint16(dev, "id0", id0); 100849ab747fSPaolo Bonzini qdev_prop_set_uint16(dev, "id1", id1); 100949ab747fSPaolo Bonzini qdev_prop_set_uint16(dev, "id2", id2); 101049ab747fSPaolo Bonzini qdev_prop_set_uint16(dev, "id3", id3); 101149ab747fSPaolo Bonzini qdev_prop_set_uint16(dev, "unlock-addr0", unlock_addr0); 101249ab747fSPaolo Bonzini qdev_prop_set_uint16(dev, "unlock-addr1", unlock_addr1); 101349ab747fSPaolo Bonzini qdev_prop_set_string(dev, "name", name); 101449ab747fSPaolo Bonzini qdev_init_nofail(dev); 101549ab747fSPaolo Bonzini 10163509c396SHu Tao sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); 1017e7b62741SMarkus Armbruster return PFLASH_CFI02(dev); 101849ab747fSPaolo Bonzini } 1019