2 * OneNAND flash memories emulation.
4 * Copyright (C) 2008 Nokia Corporation
5 * Written by Andrzej Zaborowski <andrew@openedhand.com>
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License as
9 * published by the Free Software Foundation; either version 2 or
10 * (at your option) version 3 of the License.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 #include "qemu-common.h"
29 /* 11 for 2kB-page OneNAND ("2nd generation") and 10 for 1kB-page chips */
33 #define BLOCK_SHIFT (PAGE_SHIFT + 6)
38 target_phys_addr_t base;
41 BlockDriverState *bdrv;
42 BlockDriverState *bdrv_cur;
75 ONEN_BUF_DEST_BLOCK = 2,
76 ONEN_BUF_DEST_PAGE = 3,
81 ONEN_ERR_CMD = 1 << 10,
82 ONEN_ERR_ERASE = 1 << 11,
83 ONEN_ERR_PROG = 1 << 12,
84 ONEN_ERR_LOAD = 1 << 13,
88 ONEN_INT_RESET = 1 << 4,
89 ONEN_INT_ERASE = 1 << 5,
90 ONEN_INT_PROG = 1 << 6,
91 ONEN_INT_LOAD = 1 << 7,
96 ONEN_LOCK_LOCKTIGHTEN = 1 << 0,
97 ONEN_LOCK_LOCKED = 1 << 1,
98 ONEN_LOCK_UNLOCKED = 1 << 2,
101 void onenand_base_update(void *opaque, target_phys_addr_t new)
103 OneNANDState *s = (OneNANDState *) opaque;
107 /* XXX: We should use IO_MEM_ROMD but we broke it earlier...
108 * Both 0x0000 ... 0x01ff and 0x8000 ... 0x800f can be used to
109 * write boot commands. Also take note of the BWPS bit. */
110 cpu_register_physical_memory(s->base + (0x0000 << s->shift),
111 0x0200 << s->shift, s->iomemtype);
112 cpu_register_physical_memory(s->base + (0x0200 << s->shift),
114 (s->ram +(0x0200 << s->shift)) | IO_MEM_RAM);
116 cpu_register_physical_memory_offset(s->base + (0xc000 << s->shift),
117 0x4000 << s->shift, s->iomemtype, (0xc000 << s->shift));
120 void onenand_base_unmap(void *opaque)
122 OneNANDState *s = (OneNANDState *) opaque;
124 cpu_register_physical_memory(s->base,
125 0x10000 << s->shift, IO_MEM_UNASSIGNED);
128 static void onenand_intr_update(OneNANDState *s)
130 qemu_set_irq(s->intr, ((s->intstatus >> 15) ^ (~s->config[0] >> 6)) & 1);
133 static void onenand_save_state(QEMUFile *f, void *opaque)
135 OneNANDState *s = (OneNANDState *)opaque;
138 if (s->current == s->otp)
140 else if (s->current == s->image)
144 qemu_put_sbe32(f, s->cycle);
145 qemu_put_sbe32(f, s->otpmode);
146 for (i = 0; i < 8; i++) {
147 qemu_put_be16(f, s->addr[i]);
148 qemu_put_be16(f, s->unladdr[i]);
150 qemu_put_sbe32(f, s->bufaddr);
151 qemu_put_sbe32(f, s->count);
152 qemu_put_be16(f, s->command);
153 qemu_put_be16(f, s->config[0]);
154 qemu_put_be16(f, s->config[1]);
155 qemu_put_be16(f, s->status);
156 qemu_put_be16(f, s->intstatus);
157 qemu_put_be16(f, s->wpstatus);
158 qemu_put_sbe32(f, s->secs_cur);
159 qemu_put_buffer(f, s->blockwp, s->blocks);
160 qemu_put_byte(f, s->ecc.cp);
161 qemu_put_be16(f, s->ecc.lp[0]);
162 qemu_put_be16(f, s->ecc.lp[1]);
163 qemu_put_be16(f, s->ecc.count);
164 qemu_put_buffer(f, s->otp, (64 + 2) << PAGE_SHIFT);
167 static int onenand_load_state(QEMUFile *f, void *opaque, int version_id)
169 OneNANDState *s = (OneNANDState *)opaque;
175 switch (qemu_get_byte(f)) {
180 s->current = s->image;
185 s->cycle = qemu_get_sbe32(f);
186 s->otpmode = qemu_get_sbe32(f);
187 for (i = 0; i < 8; i++) {
188 s->addr[i] = qemu_get_be16(f);
189 s->unladdr[i] = qemu_get_be16(f);
191 s->bufaddr = qemu_get_sbe32(f);
192 s->count = qemu_get_sbe32(f);
193 s->command = qemu_get_be16(f);
194 s->config[0] = qemu_get_be16(f);
195 s->config[1] = qemu_get_be16(f);
196 s->status = qemu_get_be16(f);
197 s->intstatus = qemu_get_be16(f);
198 s->wpstatus = qemu_get_be16(f);
199 s->secs_cur = qemu_get_sbe32(f);
200 qemu_get_buffer(f, s->blockwp, s->blocks);
201 s->ecc.cp = qemu_get_byte(f);
202 s->ecc.lp[0] = qemu_get_be16(f);
203 s->ecc.lp[1] = qemu_get_be16(f);
204 s->ecc.count = qemu_get_be16(f);
205 qemu_get_buffer(f, s->otp, (64 + 2) << PAGE_SHIFT);
207 onenand_intr_update(s);
212 /* Hot reset (Reset OneNAND command) or warm reset (RP pin low) */
213 static void onenand_reset(OneNANDState *s, int cold)
215 memset(&s->addr, 0, sizeof(s->addr));
219 s->config[0] = 0x40c0;
220 s->config[1] = 0x0000;
221 onenand_intr_update(s);
222 qemu_irq_raise(s->rdy);
224 s->intstatus = cold ? 0x8080 : 0x8010;
227 s->wpstatus = 0x0002;
230 s->bdrv_cur = s->bdrv;
231 s->current = s->image;
232 s->secs_cur = s->secs;
235 /* Lock the whole flash */
236 memset(s->blockwp, ONEN_LOCK_LOCKED, s->blocks);
238 if (s->bdrv && bdrv_read(s->bdrv, 0, s->boot[0], 8) < 0)
239 hw_error("%s: Loading the BootRAM failed.\n", __FUNCTION__);
243 static inline int onenand_load_main(OneNANDState *s, int sec, int secn,
247 return bdrv_read(s->bdrv_cur, sec, dest, secn) < 0;
248 else if (sec + secn > s->secs_cur)
251 memcpy(dest, s->current + (sec << 9), secn << 9);
256 static inline int onenand_prog_main(OneNANDState *s, int sec, int secn,
260 return bdrv_write(s->bdrv_cur, sec, src, secn) < 0;
261 else if (sec + secn > s->secs_cur)
264 memcpy(s->current + (sec << 9), src, secn << 9);
269 static inline int onenand_load_spare(OneNANDState *s, int sec, int secn,
275 if (bdrv_read(s->bdrv_cur, s->secs_cur + (sec >> 5), buf, 1) < 0)
277 memcpy(dest, buf + ((sec & 31) << 4), secn << 4);
278 } else if (sec + secn > s->secs_cur)
281 memcpy(dest, s->current + (s->secs_cur << 9) + (sec << 4), secn << 4);
286 static inline int onenand_prog_spare(OneNANDState *s, int sec, int secn,
292 if (bdrv_read(s->bdrv_cur, s->secs_cur + (sec >> 5), buf, 1) < 0)
294 memcpy(buf + ((sec & 31) << 4), src, secn << 4);
295 return bdrv_write(s->bdrv_cur, s->secs_cur + (sec >> 5), buf, 1) < 0;
296 } else if (sec + secn > s->secs_cur)
299 memcpy(s->current + (s->secs_cur << 9) + (sec << 4), src, secn << 4);
304 static inline int onenand_erase(OneNANDState *s, int sec, int num)
309 memset(buf, 0xff, sizeof(buf));
310 for (; num > 0; num --, sec ++) {
311 if (onenand_prog_main(s, sec, 1, buf))
313 if (onenand_prog_spare(s, sec, 1, buf))
320 static void onenand_command(OneNANDState *s, int cmd)
325 #define SETADDR(block, page) \
326 sec = (s->addr[page] & 3) + \
327 ((((s->addr[page] >> 2) & 0x3f) + \
328 (((s->addr[block] & 0xfff) | \
329 (s->addr[block] >> 15 ? \
330 s->density_mask : 0)) << 6)) << (PAGE_SHIFT - 9));
332 buf = (s->bufaddr & 8) ? \
333 s->data[(s->bufaddr >> 2) & 1][0] : s->boot[0]; \
334 buf += (s->bufaddr & 3) << 9;
336 buf = (s->bufaddr & 8) ? \
337 s->data[(s->bufaddr >> 2) & 1][1] : s->boot[1]; \
338 buf += (s->bufaddr & 3) << 4;
341 case 0x00: /* Load single/multiple sector data unit into buffer */
342 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
345 if (onenand_load_main(s, sec, s->count, buf))
346 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
350 if (onenand_load_spare(s, sec, s->count, buf))
351 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
354 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
355 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
356 * then we need two split the read/write into two chunks.
358 s->intstatus |= ONEN_INT | ONEN_INT_LOAD;
360 case 0x13: /* Load single/multiple spare sector into buffer */
361 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
364 if (onenand_load_spare(s, sec, s->count, buf))
365 s->status |= ONEN_ERR_CMD | ONEN_ERR_LOAD;
367 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
368 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
369 * then we need two split the read/write into two chunks.
371 s->intstatus |= ONEN_INT | ONEN_INT_LOAD;
373 case 0x80: /* Program single/multiple sector data unit from buffer */
374 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
377 if (onenand_prog_main(s, sec, s->count, buf))
378 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
382 if (onenand_prog_spare(s, sec, s->count, buf))
383 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
386 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
387 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
388 * then we need two split the read/write into two chunks.
390 s->intstatus |= ONEN_INT | ONEN_INT_PROG;
392 case 0x1a: /* Program single/multiple spare area sector from buffer */
393 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
396 if (onenand_prog_spare(s, sec, s->count, buf))
397 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
399 /* TODO: if (s->bufaddr & 3) + s->count was > 4 (2k-pages)
400 * or if (s->bufaddr & 1) + s->count was > 2 (1k-pages)
401 * then we need two split the read/write into two chunks.
403 s->intstatus |= ONEN_INT | ONEN_INT_PROG;
405 case 0x1b: /* Copy-back program */
408 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
409 if (onenand_load_main(s, sec, s->count, buf))
410 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
412 SETADDR(ONEN_BUF_DEST_BLOCK, ONEN_BUF_DEST_PAGE)
413 if (onenand_prog_main(s, sec, s->count, buf))
414 s->status |= ONEN_ERR_CMD | ONEN_ERR_PROG;
416 /* TODO: spare areas */
418 s->intstatus |= ONEN_INT | ONEN_INT_PROG;
421 case 0x23: /* Unlock NAND array block(s) */
422 s->intstatus |= ONEN_INT;
424 /* XXX the previous (?) area should be locked automatically */
425 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
426 if (b >= s->blocks) {
427 s->status |= ONEN_ERR_CMD;
430 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
433 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED;
436 case 0x27: /* Unlock All NAND array blocks */
437 s->intstatus |= ONEN_INT;
439 for (b = 0; b < s->blocks; b ++) {
440 if (b >= s->blocks) {
441 s->status |= ONEN_ERR_CMD;
444 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
447 s->wpstatus = s->blockwp[b] = ONEN_LOCK_UNLOCKED;
451 case 0x2a: /* Lock NAND array block(s) */
452 s->intstatus |= ONEN_INT;
454 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
455 if (b >= s->blocks) {
456 s->status |= ONEN_ERR_CMD;
459 if (s->blockwp[b] == ONEN_LOCK_LOCKTIGHTEN)
462 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKED;
465 case 0x2c: /* Lock-tight NAND array block(s) */
466 s->intstatus |= ONEN_INT;
468 for (b = s->unladdr[0]; b <= s->unladdr[1]; b ++) {
469 if (b >= s->blocks) {
470 s->status |= ONEN_ERR_CMD;
473 if (s->blockwp[b] == ONEN_LOCK_UNLOCKED)
476 s->wpstatus = s->blockwp[b] = ONEN_LOCK_LOCKTIGHTEN;
480 case 0x71: /* Erase-Verify-Read */
481 s->intstatus |= ONEN_INT;
483 case 0x95: /* Multi-block erase */
484 qemu_irq_pulse(s->intr);
486 case 0x94: /* Block erase */
487 sec = ((s->addr[ONEN_BUF_BLOCK] & 0xfff) |
488 (s->addr[ONEN_BUF_BLOCK] >> 15 ? s->density_mask : 0))
489 << (BLOCK_SHIFT - 9);
490 if (onenand_erase(s, sec, 1 << (BLOCK_SHIFT - 9)))
491 s->status |= ONEN_ERR_CMD | ONEN_ERR_ERASE;
493 s->intstatus |= ONEN_INT | ONEN_INT_ERASE;
495 case 0xb0: /* Erase suspend */
497 case 0x30: /* Erase resume */
498 s->intstatus |= ONEN_INT | ONEN_INT_ERASE;
501 case 0xf0: /* Reset NAND Flash core */
504 case 0xf3: /* Reset OneNAND */
508 case 0x65: /* OTP Access */
509 s->intstatus |= ONEN_INT;
512 s->secs_cur = 1 << (BLOCK_SHIFT - 9);
513 s->addr[ONEN_BUF_BLOCK] = 0;
518 s->status |= ONEN_ERR_CMD;
519 s->intstatus |= ONEN_INT;
520 fprintf(stderr, "%s: unknown OneNAND command %x\n",
524 onenand_intr_update(s);
527 static uint32_t onenand_read(void *opaque, target_phys_addr_t addr)
529 OneNANDState *s = (OneNANDState *) opaque;
530 int offset = addr >> s->shift;
533 case 0x0000 ... 0xc000:
534 return lduw_le_p(s->boot[0] + addr);
536 case 0xf000: /* Manufacturer ID */
537 return (s->id >> 16) & 0xff;
538 case 0xf001: /* Device ID */
539 return (s->id >> 8) & 0xff;
540 /* TODO: get the following values from a real chip! */
541 case 0xf002: /* Version ID */
542 return (s->id >> 0) & 0xff;
543 case 0xf003: /* Data Buffer size */
544 return 1 << PAGE_SHIFT;
545 case 0xf004: /* Boot Buffer size */
547 case 0xf005: /* Amount of buffers */
549 case 0xf006: /* Technology */
552 case 0xf100 ... 0xf107: /* Start addresses */
553 return s->addr[offset - 0xf100];
555 case 0xf200: /* Start buffer */
556 return (s->bufaddr << 8) | ((s->count - 1) & (1 << (PAGE_SHIFT - 10)));
558 case 0xf220: /* Command */
560 case 0xf221: /* System Configuration 1 */
561 return s->config[0] & 0xffe0;
562 case 0xf222: /* System Configuration 2 */
565 case 0xf240: /* Controller Status */
567 case 0xf241: /* Interrupt */
569 case 0xf24c: /* Unlock Start Block Address */
570 return s->unladdr[0];
571 case 0xf24d: /* Unlock End Block Address */
572 return s->unladdr[1];
573 case 0xf24e: /* Write Protection Status */
576 case 0xff00: /* ECC Status */
578 case 0xff01: /* ECC Result of main area data */
579 case 0xff02: /* ECC Result of spare area data */
580 case 0xff03: /* ECC Result of main area data */
581 case 0xff04: /* ECC Result of spare area data */
582 hw_error("%s: imeplement ECC\n", __FUNCTION__);
586 fprintf(stderr, "%s: unknown OneNAND register %x\n",
587 __FUNCTION__, offset);
591 static void onenand_write(void *opaque, target_phys_addr_t addr,
594 OneNANDState *s = (OneNANDState *) opaque;
595 int offset = addr >> s->shift;
599 case 0x0000 ... 0x01ff:
600 case 0x8000 ... 0x800f:
604 if (value == 0x0000) {
605 SETADDR(ONEN_BUF_BLOCK, ONEN_BUF_PAGE)
606 onenand_load_main(s, sec,
607 1 << (PAGE_SHIFT - 9), s->data[0][0]);
608 s->addr[ONEN_BUF_PAGE] += 4;
609 s->addr[ONEN_BUF_PAGE] &= 0xff;
615 case 0x00f0: /* Reset OneNAND */
619 case 0x00e0: /* Load Data into Buffer */
623 case 0x0090: /* Read Identification Data */
624 memset(s->boot[0], 0, 3 << s->shift);
625 s->boot[0][0 << s->shift] = (s->id >> 16) & 0xff;
626 s->boot[0][1 << s->shift] = (s->id >> 8) & 0xff;
627 s->boot[0][2 << s->shift] = s->wpstatus & 0xff;
631 fprintf(stderr, "%s: unknown OneNAND boot command %x\n",
632 __FUNCTION__, value);
636 case 0xf100 ... 0xf107: /* Start addresses */
637 s->addr[offset - 0xf100] = value;
640 case 0xf200: /* Start buffer */
641 s->bufaddr = (value >> 8) & 0xf;
642 if (PAGE_SHIFT == 11)
643 s->count = (value & 3) ?: 4;
644 else if (PAGE_SHIFT == 10)
645 s->count = (value & 1) ?: 2;
648 case 0xf220: /* Command */
649 if (s->intstatus & (1 << 15))
652 onenand_command(s, s->command);
654 case 0xf221: /* System Configuration 1 */
655 s->config[0] = value;
656 onenand_intr_update(s);
657 qemu_set_irq(s->rdy, (s->config[0] >> 7) & 1);
659 case 0xf222: /* System Configuration 2 */
660 s->config[1] = value;
663 case 0xf241: /* Interrupt */
664 s->intstatus &= value;
665 if ((1 << 15) & ~s->intstatus)
666 s->status &= ~(ONEN_ERR_CMD | ONEN_ERR_ERASE |
667 ONEN_ERR_PROG | ONEN_ERR_LOAD);
668 onenand_intr_update(s);
670 case 0xf24c: /* Unlock Start Block Address */
671 s->unladdr[0] = value & (s->blocks - 1);
672 /* For some reason we have to set the end address to by default
673 * be same as start because the software forgets to write anything
675 s->unladdr[1] = value & (s->blocks - 1);
677 case 0xf24d: /* Unlock End Block Address */
678 s->unladdr[1] = value & (s->blocks - 1);
682 fprintf(stderr, "%s: unknown OneNAND register %x\n",
683 __FUNCTION__, offset);
687 static CPUReadMemoryFunc *onenand_readfn[] = {
688 onenand_read, /* TODO */
693 static CPUWriteMemoryFunc *onenand_writefn[] = {
694 onenand_write, /* TODO */
699 void *onenand_init(uint32_t id, int regshift, qemu_irq irq)
701 OneNANDState *s = (OneNANDState *) qemu_mallocz(sizeof(*s));
702 int bdrv_index = drive_get_index(IF_MTD, 0, 0);
703 uint32_t size = 1 << (24 + ((id >> 12) & 7));
710 s->blocks = size >> BLOCK_SHIFT;
712 s->blockwp = qemu_malloc(s->blocks);
713 s->density_mask = (id & (1 << 11)) ? (1 << (6 + ((id >> 12) & 7))) : 0;
714 s->iomemtype = cpu_register_io_memory(0, onenand_readfn,
716 if (bdrv_index == -1)
717 s->image = memset(qemu_malloc(size + (size >> 5)),
718 0xff, size + (size >> 5));
720 s->bdrv = drives_table[bdrv_index].bdrv;
721 s->otp = memset(qemu_malloc((64 + 2) << PAGE_SHIFT),
722 0xff, (64 + 2) << PAGE_SHIFT);
723 s->ram = qemu_ram_alloc(0xc000 << s->shift);
724 ram = qemu_get_ram_ptr(s->ram);
725 s->boot[0] = ram + (0x0000 << s->shift);
726 s->boot[1] = ram + (0x8000 << s->shift);
727 s->data[0][0] = ram + ((0x0200 + (0 << (PAGE_SHIFT - 1))) << s->shift);
728 s->data[0][1] = ram + ((0x8010 + (0 << (PAGE_SHIFT - 6))) << s->shift);
729 s->data[1][0] = ram + ((0x0200 + (1 << (PAGE_SHIFT - 1))) << s->shift);
730 s->data[1][1] = ram + ((0x8010 + (1 << (PAGE_SHIFT - 6))) << s->shift);
734 register_savevm("onenand", id | ((regshift & 0x7f) << 24), 0,
735 onenand_save_state, onenand_load_state, s);
740 void *onenand_raw_otp(void *opaque)
742 OneNANDState *s = (OneNANDState *) opaque;
projects / qemu / blob