2 * OneNAND flash memories emulation.
4 * Copyright (C) 2008 Nokia Corporation
5 * Written by Andrzej Zaborowski <andrew@openedhand.com>
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License as
9 * published by the Free Software Foundation; either version 2 or
10 * (at your option) version 3 of the License.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 #include "qemu-common.h"
29 /* 11 for 2kB-page OneNAND ("2nd generation") and 10 for 1kB-page chips */
33 #define BLOCK_SHIFT (PAGE_SHIFT + 6)
38 target_phys_addr_t base;
41 BlockDriverState *bdrv;
42 BlockDriverState *bdrv_cur;
63 struct ecc_state_s ecc;
75 ONEN_BUF_DEST_BLOCK = 2,
76 ONEN_BUF_DEST_PAGE = 3,
81 ONEN_ERR_CMD = 1 << 10,
82 ONEN_ERR_ERASE = 1 << 11,
83 ONEN_ERR_PROG = 1 << 12,
84 ONEN_ERR_LOAD = 1 << 13,
88 ONEN_INT_RESET = 1 << 4,
89 ONEN_INT_ERASE = 1 << 5,
90 ONEN_INT_PROG = 1 << 6,
91 ONEN_INT_LOAD = 1 << 7,
96 ONEN_LOCK_LOCKTIGHTEN = 1 << 0,
97 ONEN_LOCK_LOCKED = 1 << 1,
98 ONEN_LOCK_UNLOCKED = 1 << 2,
101 void onenand_base_update(void *opaque, target_phys_addr_t new)
103 struct onenand_s *s = (struct onenand_s *) opaque;
107 /* XXX: We should use IO_MEM_ROMD but we broke it earlier...
108 * Both 0x0000 ... 0x01ff and 0x8000 ... 0x800f can be used to
109 * write boot commands. Also take note of the BWPS bit. */
110 cpu_register_physical_memory(s->base + (0x0000 << s->shift),
111 0x0200 << s->shift, s->iomemtype);
112 cpu_register_physical_memory(s->base + (0x0200 << s->shift),
114 (s->ram +(0x0200 << s->shift)) | IO_MEM_RAM);
116 cpu_register_physical_memory_offset(s->base + (0xc000 << s->shift),
117 0x4000 << s->shift, s->iomemtype, (0xc000 << s->shift));
120 void onenand_base_unmap(void *opaque)
122 struct onenand_s *s = (struct onenand_s *) opaque;
124 cpu_register_physical_memory(s->base,
125 0x10000 << s->shift, IO_MEM_UNASSIGNED);
128 static void onenand_intr_update(struct onenand_s *s)
130 qemu_set_irq(s->intr, ((s->intstatus >> 15) ^ (~s->config[0] >> 6)) & 1);
133 static void onenand_save_state(QEMUFile *f, void *opaque)
135 struct onenand_s *s = (struct onenand_s *)opaque;
138 if (s->current == s->otp)
140 else if (s->current == s->image)
144 qemu_put_sbe32(f, s->cycle);
145 qemu_put_sbe32(f, s->otpmode);
146 for (i = 0; i < 8; i++) {
147 qemu_put_be16(f, s->addr[i]);
148 qemu_put_be16(f, s->unladdr[i]);
150 qemu_put_sbe32(f, s->bufaddr);
151 qemu_put_sbe32(f, s->count);
152 qemu_put_be16(f, s->command);
153 qemu_put_be16(f, s->config[0]);
154 qemu_put_be16(f, s->config[1]);
155 qemu_put_be16(f, s->status);
156 qemu_put_be16(f, s->intstatus);
157 qemu_put_be16(f, s->wpstatus);
158 qemu_put_sbe32(f, s->secs_cur);
159 qemu_put_buffer(f, s->blockwp, s->blocks);
160 qemu_put_byte(f, s->ecc.cp);
161 qemu_put_be16(f, s->ecc.lp[0]);
162 qemu_put_be16(f, s->ecc.lp[1]);
163 qemu_put_be16(f, s->ecc.count);
164 qemu_put_buffer(f, s->otp, (64 + 2) << PAGE_SHIFT);
167 static int onenand_load_state(QEMUFile *f, void *opaque, int version_id)
169 struct onenand_s *s = (struct onenand_s *)opaque;
175 switch (qemu_get_byte(f)) {
180 s->current = s->image;
185 s->cycle = qemu_get_sbe32(f);
186 s->otpmode = qemu_get_sbe32(f);
187 for (i = 0; i < 8; i++) {
188 s->addr[i] = qemu_get_be16(f);
189 s->unladdr[i] = qemu_get_be16(f);
191 s->bufaddr = qemu_get_sbe32(f);
192 s->count = qemu_get_sbe32(f);
193 s->command = qemu_get_be16(f);
194 s->config[0] = qemu_get_be16(f);
195 s->config[1] = qemu_get_be16(f);
196 s->status = qemu_get_be16(f);
197 s->intstatus = qemu_get_be16(f);
198 s->wpstatus = qemu_get_be16(f);
199 s->secs_cur = qemu_get_sbe32(f);
200 qemu_get_buffer(f, s->blockwp, s->blocks);
201 s->ecc.cp = qemu_get_byte(f);
202 s->ecc.lp[0] = qemu_get_be16(f);
203 s->ecc.lp[1] = qemu_get_be16(f);
204 s->ecc.count = qemu_get_be16(f);
205 qemu_get_buffer(f, s->otp, (64 + 2) << PAGE_SHIFT);
207 onenand_intr_update(s);
212 /* Hot reset (Reset OneNAND command) or warm reset (RP pin low) */
213 static void onenand_reset(struct onenand_s *s, int cold)
215 memset(&s->addr, 0, sizeof(s->addr));
219 s->config[0] = 0x40c0;
220 s->config[1] = 0x0000;
221 onenand_intr_update(s);
222 qemu_irq_raise(s->rdy);
224 s->intstatus = cold ? 0x8080 : 0x8010;
227 s->wpstatus = 0x0002;
230 s->bdrv_cur = s->bdrv;
231 s->current = s->image;
232 s->secs_cur = s->secs;
235 /* Lock the whole flash */
236 memset(s->blockwp, ONEN_LOCK_LOCKED, s->blocks);
238 if (s->bdrv && bdrv_read(s->bdrv, 0, s->boot[0], 8) < 0)
239 cpu_abort(cpu_single_env, "%s: Loading the BootRAM failed.\n",
244 static inline int onenand_load_main(struct onenand_s *s, int sec, int secn,
248 return bdrv_read(s->bdrv_cur, sec, dest, secn) < 0;
249 else if (sec + secn > s->secs_cur)
252 memcpy(dest, s->current + (sec << 9), secn << 9);
257 static inline int onenand_prog_main(struct onenand_s *s, int sec, int secn,
261 return bdrv_write(s->bdrv_cur, sec, src, secn) < 0;
262 else if (sec + secn > s->secs_cur)
265 memcpy(s->current + (sec << 9), src, secn << 9);
270 static inline int onenand_load_spare(struct onenand_s *s, int sec, int secn,
276 if (bdrv_read(s->bdrv_cur, s->secs_cur + (sec >> 5), buf, 1) < 0)
278 memcpy(dest, buf + ((sec & 31) << 4), secn << 4);
279 } else if (sec + secn > s->secs_cur)
282 memcpy(dest, s->current + (s->secs_cur << 9) + (sec << 4), secn << 4);
287 static inline int onenand_prog_spare(struct onenand_s *s, int sec, int secn,
293 if (bdrv_read(s->bdrv_cur, s->secs_cur + (sec >> 5), buf, 1) < 0)
295 memcpy(buf + ((sec & 31) << 4), src, secn << 4);
296 return bdrv_write(s->bdrv_cur, s->secs_cur + (sec >> 5), buf, 1) < 0;
297 } else if (sec + secn > s->secs_cur)
300 memcpy(s->current + (s->secs_cur << 9) + (sec << 4), src, secn << 4);
305 static inline int onenand_erase(struct onenand_s *s, int sec, int num)
310 memset(buf, 0xff, sizeof(buf));
311 for (; num > 0; num --, sec ++) {
312 if (onenand_prog_main(s, sec, 1, buf))
314 if (onenand_prog_spare(s, sec, 1, buf))
321 static void onenand_command(struct onenand_s *s, int cmd)
326 #define SETADDR(block, page) \
327 sec = (s->addr[page] & 3) + \
328 ((((s->addr[page] >> 2) & 0x3f) + \
329 (((s->addr[block] & 0xfff) | \
330 (s->addr[block] >> 15 ? \
331 s->density_mask : 0)) << 6)) << (PAGE_SHIFT - 9));
333 buf = (s->bufaddr & 8) ? \
334 s->data[(s->bufaddr >> 2) & 1][0] : s->boot[0]; \
335 buf += (s->bufaddr & 3) << 9;
337 buf = (s->bufaddr & 8) ? \
338 s->data[(s->bufaddr >> 2) & 1][1] : s->boot[1]; \
339 buf += (s->bufaddr & 3) << 4;
342 case 0x00: /* Load single/multiple sector data unit into buffer */
343 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
346 if (onenand_load_main(s, sec, s->count, buf))
347 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
351 if (onenand_load_spare(s, sec, s->count, buf))
352 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
355 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
356 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
357 * then we need two split the read/write into two chunks.
359 s->intstatus |= ONEN_INT | ONEN_INT_LOAD;
361 case 0x13: /* Load single/multiple spare sector into buffer */
362 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
365 if (onenand_load_spare(s, sec, s->count, buf))
366 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
368 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
369 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
370 * then we need two split the read/write into two chunks.
372 s->intstatus |= ONEN_INT | ONEN_INT_LOAD;
374 case 0x80: /* Program single/multiple sector data unit from buffer */
375 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
378 if (onenand_prog_main(s, sec, s->count, buf))
379 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
383 if (onenand_prog_spare(s, sec, s->count, buf))
384 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
387 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
388 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
389 * then we need two split the read/write into two chunks.
391 s->intstatus |= ONEN_INT | ONEN_INT_PROG;
393 case 0x1a: /* Program single/multiple spare area sector from buffer */
394 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
397 if (onenand_prog_spare(s, sec, s->count, buf))
398 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
400 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
401 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
402 * then we need two split the read/write into two chunks.
404 s->intstatus |= ONEN_INT | ONEN_INT_PROG;
406 case 0x1b: /* Copy-back program */
409 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
410 if (onenand_load_main(s, sec, s->count, buf))
411 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
413 SETADDR(ONEN_BUF_DEST_BLOCK, ONEN_BUF_DEST_PAGE)
414 if (onenand_prog_main(s, sec, s->count, buf))
415 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
417 /* TODO: spare areas */
419 s->intstatus |= ONEN_INT | ONEN_INT_PROG;
422 case 0x23: /* Unlock NAND array block(s) */
423 s->intstatus |= ONEN_INT;
425 /* XXX the previous (?) area should be locked automatically */
426 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
427 if (b >= s->blocks) {
428 s->status |= ONEN_ERR_CMD;
431 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
434 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED;
437 case 0x27: /* Unlock All NAND array blocks */
438 s->intstatus |= ONEN_INT;
440 for (b = 0; b < s->blocks; b ++) {
441 if (b >= s->blocks) {
442 s->status |= ONEN_ERR_CMD;
445 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
448 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED;
452 case 0x2a: /* Lock NAND array block(s) */
453 s->intstatus |= ONEN_INT;
455 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
456 if (b >= s->blocks) {
457 s->status |= ONEN_ERR_CMD;
460 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
463 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKED;
466 case 0x2c: /* Lock-tight NAND array block(s) */
467 s->intstatus |= ONEN_INT;
469 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
470 if (b >= s->blocks) {
471 s->status |= ONEN_ERR_CMD;
474 if (s->blockwp[b] == ONEN_LOCK_UNLOCKED)
477 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKTIGHTEN;
481 case 0x71: /* Erase-Verify-Read */
482 s->intstatus |= ONEN_INT;
484 case 0x95: /* Multi-block erase */
485 qemu_irq_pulse(s->intr);
487 case 0x94: /* Block erase */
488 sec = ((s->addr[ONEN_BUF_BLOCK] & 0xfff) |
489 (s->addr[ONEN_BUF_BLOCK] >> 15 ? s->density_mask : 0))
490 << (BLOCK_SHIFT - 9);
491 if (onenand_erase(s, sec, 1 << (BLOCK_SHIFT - 9)))
492 s->status |= ONEN_ERR_CMD | ONEN_ERR_ERASE;
494 s->intstatus |= ONEN_INT | ONEN_INT_ERASE;
496 case 0xb0: /* Erase suspend */
498 case 0x30: /* Erase resume */
499 s->intstatus |= ONEN_INT | ONEN_INT_ERASE;
502 case 0xf0: /* Reset NAND Flash core */
505 case 0xf3: /* Reset OneNAND */
509 case 0x65: /* OTP Access */
510 s->intstatus |= ONEN_INT;
513 s->secs_cur = 1 << (BLOCK_SHIFT - 9);
514 s->addr[ONEN_BUF_BLOCK] = 0;
519 s->status |= ONEN_ERR_CMD;
520 s->intstatus |= ONEN_INT;
521 fprintf(stderr, "%s: unknown OneNAND command %x\n",
525 onenand_intr_update(s);
528 static uint32_t onenand_read(void *opaque, target_phys_addr_t addr)
530 struct onenand_s *s = (struct onenand_s *) opaque;
531 int offset = addr >> s->shift;
534 case 0x0000 ... 0xc000:
535 return lduw_le_p(s->boot[0] + addr);
537 case 0xf000: /* Manufacturer ID */
538 return (s->id >> 16) & 0xff;
539 case 0xf001: /* Device ID */
540 return (s->id >> 8) & 0xff;
541 /* TODO: get the following values from a real chip! */
542 case 0xf002: /* Version ID */
543 return (s->id >> 0) & 0xff;
544 case 0xf003: /* Data Buffer size */
545 return 1 << PAGE_SHIFT;
546 case 0xf004: /* Boot Buffer size */
548 case 0xf005: /* Amount of buffers */
550 case 0xf006: /* Technology */
553 case 0xf100 ... 0xf107: /* Start addresses */
554 return s->addr[offset - 0xf100];
556 case 0xf200: /* Start buffer */
557 return (s->bufaddr << 8) | ((s->count - 1) & (1 << (PAGE_SHIFT - 10)));
559 case 0xf220: /* Command */
561 case 0xf221: /* System Configuration 1 */
562 return s->config[0] & 0xffe0;
563 case 0xf222: /* System Configuration 2 */
566 case 0xf240: /* Controller Status */
568 case 0xf241: /* Interrupt */
570 case 0xf24c: /* Unlock Start Block Address */
571 return s->unladdr[0];
572 case 0xf24d: /* Unlock End Block Address */
573 return s->unladdr[1];
574 case 0xf24e: /* Write Protection Status */
577 case 0xff00: /* ECC Status */
579 case 0xff01: /* ECC Result of main area data */
580 case 0xff02: /* ECC Result of spare area data */
581 case 0xff03: /* ECC Result of main area data */
582 case 0xff04: /* ECC Result of spare area data */
583 cpu_abort(cpu_single_env, "%s: imeplement ECC\n", __FUNCTION__);
587 fprintf(stderr, "%s: unknown OneNAND register %x\n",
588 __FUNCTION__, offset);
592 static void onenand_write(void *opaque, target_phys_addr_t addr,
595 struct onenand_s *s = (struct onenand_s *) opaque;
596 int offset = addr >> s->shift;
600 case 0x0000 ... 0x01ff:
601 case 0x8000 ... 0x800f:
605 if (value == 0x0000) {
606 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
607 onenand_load_main(s, sec,
608 1 << (PAGE_SHIFT - 9), s->data[0][0]);
609 s->addr[ONEN_BUF_PAGE] += 4;
610 s->addr[ONEN_BUF_PAGE] &= 0xff;
616 case 0x00f0: /* Reset OneNAND */
620 case 0x00e0: /* Load Data into Buffer */
624 case 0x0090: /* Read Identification Data */
625 memset(s->boot[0], 0, 3 << s->shift);
626 s->boot[0][0 << s->shift] = (s->id >> 16) & 0xff;
627 s->boot[0][1 << s->shift] = (s->id >> 8) & 0xff;
628 s->boot[0][2 << s->shift] = s->wpstatus & 0xff;
632 fprintf(stderr, "%s: unknown OneNAND boot command %x\n",
633 __FUNCTION__, value);
637 case 0xf100 ... 0xf107: /* Start addresses */
638 s->addr[offset - 0xf100] = value;
641 case 0xf200: /* Start buffer */
642 s->bufaddr = (value >> 8) & 0xf;
643 if (PAGE_SHIFT == 11)
644 s->count = (value & 3) ?: 4;
645 else if (PAGE_SHIFT == 10)
646 s->count = (value & 1) ?: 2;
649 case 0xf220: /* Command */
650 if (s->intstatus & (1 << 15))
653 onenand_command(s, s->command);
655 case 0xf221: /* System Configuration 1 */
656 s->config[0] = value;
657 onenand_intr_update(s);
658 qemu_set_irq(s->rdy, (s->config[0] >> 7) & 1);
660 case 0xf222: /* System Configuration 2 */
661 s->config[1] = value;
664 case 0xf241: /* Interrupt */
665 s->intstatus &= value;
666 if ((1 << 15) & ~s->intstatus)
667 s->status &= ~(ONEN_ERR_CMD | ONEN_ERR_ERASE |
668 ONEN_ERR_PROG | ONEN_ERR_LOAD);
669 onenand_intr_update(s);
671 case 0xf24c: /* Unlock Start Block Address */
672 s->unladdr[0] = value & (s->blocks - 1);
673 /* For some reason we have to set the end address to by default
674 * be same as start because the software forgets to write anything
676 s->unladdr[1] = value & (s->blocks - 1);
678 case 0xf24d: /* Unlock End Block Address */
679 s->unladdr[1] = value & (s->blocks - 1);
683 fprintf(stderr, "%s: unknown OneNAND register %x\n",
684 __FUNCTION__, offset);
688 static CPUReadMemoryFunc *onenand_readfn[] = {
689 onenand_read, /* TODO */
694 static CPUWriteMemoryFunc *onenand_writefn[] = {
695 onenand_write, /* TODO */
700 void *onenand_init(uint32_t id, int regshift, qemu_irq irq)
702 struct onenand_s *s = (struct onenand_s *) qemu_mallocz(sizeof(*s));
703 int bdrv_index = drive_get_index(IF_MTD, 0, 0);
704 uint32_t size = 1 << (24 + ((id >> 12) & 7));
711 s->blocks = size >> BLOCK_SHIFT;
713 s->blockwp = qemu_malloc(s->blocks);
714 s->density_mask = (id & (1 << 11)) ? (1 << (6 + ((id >> 12) & 7))) : 0;
715 s->iomemtype = cpu_register_io_memory(0, onenand_readfn,
717 if (bdrv_index == -1)
718 s->image = memset(qemu_malloc(size + (size >> 5)),
719 0xff, size + (size >> 5));
721 s->bdrv = drives_table[bdrv_index].bdrv;
722 s->otp = memset(qemu_malloc((64 + 2) << PAGE_SHIFT),
723 0xff, (64 + 2) << PAGE_SHIFT);
724 s->ram = qemu_ram_alloc(0xc000 << s->shift);
725 ram = phys_ram_base + s->ram;
726 s->boot[0] = ram + (0x0000 << s->shift);
727 s->boot[1] = ram + (0x8000 << s->shift);
728 s->data[0][0] = ram + ((0x0200 + (0 << (PAGE_SHIFT - 1))) << s->shift);
729 s->data[0][1] = ram + ((0x8010 + (0 << (PAGE_SHIFT - 6))) << s->shift);
730 s->data[1][0] = ram + ((0x0200 + (1 << (PAGE_SHIFT - 1))) << s->shift);
731 s->data[1][1] = ram + ((0x8010 + (1 << (PAGE_SHIFT - 6))) << s->shift);
735 register_savevm("onenand", id | ((regshift & 0x7f) << 24), 0,
736 onenand_save_state, onenand_load_state, s);
741 void *onenand_raw_otp(void *opaque)
743 struct onenand_s *s = (struct onenand_s *) opaque;
projects / qemu / blob