"Fossies" - the Fresh Open Source Software Archive

Member "qemu-5.1.0/hw/block/m25p80.c" (11 Aug 2020, 42165 Bytes) of package /linux/misc/qemu-5.1.0.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file.

    1 /*
    2  * ST M25P80 emulator. Emulate all SPI flash devices based on the m25p80 command
    3  * set. Known devices table current as of Jun/2012 and taken from linux.
    4  * See drivers/mtd/devices/m25p80.c.
    5  *
    6  * Copyright (C) 2011 Edgar E. Iglesias <edgar.iglesias@gmail.com>
    7  * Copyright (C) 2012 Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
    8  * Copyright (C) 2012 PetaLogix
    9  *
   10  * This program is free software; you can redistribute it and/or
   11  * modify it under the terms of the GNU General Public License as
   12  * published by the Free Software Foundation; either version 2 or
   13  * (at your option) a later version of the License.
   14  *
   15  * This program is distributed in the hope that it will be useful,
   16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   18  * GNU General Public License for more details.
   19  *
   20  * You should have received a copy of the GNU General Public License along
   21  * with this program; if not, see <http://www.gnu.org/licenses/>.
   22  */
   23 
   24 #include "qemu/osdep.h"
   25 #include "qemu/units.h"
   26 #include "sysemu/block-backend.h"
   27 #include "hw/qdev-properties.h"
   28 #include "hw/ssi/ssi.h"
   29 #include "migration/vmstate.h"
   30 #include "qemu/bitops.h"
   31 #include "qemu/log.h"
   32 #include "qemu/module.h"
   33 #include "qemu/error-report.h"
   34 #include "qapi/error.h"
   35 #include "trace.h"
   36 
   37 /* Fields for FlashPartInfo->flags */
   38 
   39 /* erase capabilities */
   40 #define ER_4K 1
   41 #define ER_32K 2
   42 /* set to allow the page program command to write 0s back to 1. Useful for
   43  * modelling EEPROM with SPI flash command set
   44  */
   45 #define EEPROM 0x100
   46 
   47 /* 16 MiB max in 3 byte address mode */
   48 #define MAX_3BYTES_SIZE 0x1000000
   49 
   50 #define SPI_NOR_MAX_ID_LEN 6
   51 
   52 typedef struct FlashPartInfo {
   53     const char *part_name;
   54     /*
   55      * This array stores the ID bytes.
   56      * The first three bytes are the JEDIC ID.
   57      * JEDEC ID zero means "no ID" (mostly older chips).
   58      */
   59     uint8_t id[SPI_NOR_MAX_ID_LEN];
   60     uint8_t id_len;
   61     /* there is confusion between manufacturers as to what a sector is. In this
   62      * device model, a "sector" is the size that is erased by the ERASE_SECTOR
   63      * command (opcode 0xd8).
   64      */
   65     uint32_t sector_size;
   66     uint32_t n_sectors;
   67     uint32_t page_size;
   68     uint16_t flags;
   69     /*
   70      * Big sized spi nor are often stacked devices, thus sometime
   71      * replace chip erase with die erase.
   72      * This field inform how many die is in the chip.
   73      */
   74     uint8_t die_cnt;
   75 } FlashPartInfo;
   76 
   77 /* adapted from linux */
   78 /* Used when the "_ext_id" is two bytes at most */
   79 #define INFO(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors, _flags)\
   80     .part_name = _part_name,\
   81     .id = {\
   82         ((_jedec_id) >> 16) & 0xff,\
   83         ((_jedec_id) >> 8) & 0xff,\
   84         (_jedec_id) & 0xff,\
   85         ((_ext_id) >> 8) & 0xff,\
   86         (_ext_id) & 0xff,\
   87           },\
   88     .id_len = (!(_jedec_id) ? 0 : (3 + ((_ext_id) ? 2 : 0))),\
   89     .sector_size = (_sector_size),\
   90     .n_sectors = (_n_sectors),\
   91     .page_size = 256,\
   92     .flags = (_flags),\
   93     .die_cnt = 0
   94 
   95 #define INFO6(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors, _flags)\
   96     .part_name = _part_name,\
   97     .id = {\
   98         ((_jedec_id) >> 16) & 0xff,\
   99         ((_jedec_id) >> 8) & 0xff,\
  100         (_jedec_id) & 0xff,\
  101         ((_ext_id) >> 16) & 0xff,\
  102         ((_ext_id) >> 8) & 0xff,\
  103         (_ext_id) & 0xff,\
  104           },\
  105     .id_len = 6,\
  106     .sector_size = (_sector_size),\
  107     .n_sectors = (_n_sectors),\
  108     .page_size = 256,\
  109     .flags = (_flags),\
  110     .die_cnt = 0
  111 
  112 #define INFO_STACKED(_part_name, _jedec_id, _ext_id, _sector_size, _n_sectors,\
  113                     _flags, _die_cnt)\
  114     .part_name = _part_name,\
  115     .id = {\
  116         ((_jedec_id) >> 16) & 0xff,\
  117         ((_jedec_id) >> 8) & 0xff,\
  118         (_jedec_id) & 0xff,\
  119         ((_ext_id) >> 8) & 0xff,\
  120         (_ext_id) & 0xff,\
  121           },\
  122     .id_len = (!(_jedec_id) ? 0 : (3 + ((_ext_id) ? 2 : 0))),\
  123     .sector_size = (_sector_size),\
  124     .n_sectors = (_n_sectors),\
  125     .page_size = 256,\
  126     .flags = (_flags),\
  127     .die_cnt = _die_cnt
  128 
  129 #define JEDEC_NUMONYX 0x20
  130 #define JEDEC_WINBOND 0xEF
  131 #define JEDEC_SPANSION 0x01
  132 
  133 /* Numonyx (Micron) Configuration register macros */
  134 #define VCFG_DUMMY 0x1
  135 #define VCFG_WRAP_SEQUENTIAL 0x2
  136 #define NVCFG_XIP_MODE_DISABLED (7 << 9)
  137 #define NVCFG_XIP_MODE_MASK (7 << 9)
  138 #define VCFG_XIP_MODE_ENABLED (1 << 3)
  139 #define CFG_DUMMY_CLK_LEN 4
  140 #define NVCFG_DUMMY_CLK_POS 12
  141 #define VCFG_DUMMY_CLK_POS 4
  142 #define EVCFG_OUT_DRIVER_STRENGTH_DEF 7
  143 #define EVCFG_VPP_ACCELERATOR (1 << 3)
  144 #define EVCFG_RESET_HOLD_ENABLED (1 << 4)
  145 #define NVCFG_DUAL_IO_MASK (1 << 2)
  146 #define EVCFG_DUAL_IO_ENABLED (1 << 6)
  147 #define NVCFG_QUAD_IO_MASK (1 << 3)
  148 #define EVCFG_QUAD_IO_ENABLED (1 << 7)
  149 #define NVCFG_4BYTE_ADDR_MASK (1 << 0)
  150 #define NVCFG_LOWER_SEGMENT_MASK (1 << 1)
  151 
  152 /* Numonyx (Micron) Flag Status Register macros */
  153 #define FSR_4BYTE_ADDR_MODE_ENABLED 0x1
  154 #define FSR_FLASH_READY (1 << 7)
  155 
  156 /* Spansion configuration registers macros. */
  157 #define SPANSION_QUAD_CFG_POS 0
  158 #define SPANSION_QUAD_CFG_LEN 1
  159 #define SPANSION_DUMMY_CLK_POS 0
  160 #define SPANSION_DUMMY_CLK_LEN 4
  161 #define SPANSION_ADDR_LEN_POS 7
  162 #define SPANSION_ADDR_LEN_LEN 1
  163 
  164 /*
  165  * Spansion read mode command length in bytes,
  166  * the mode is currently not supported.
  167 */
  168 
  169 #define SPANSION_CONTINUOUS_READ_MODE_CMD_LEN 1
  170 #define WINBOND_CONTINUOUS_READ_MODE_CMD_LEN 1
  171 
  172 static const FlashPartInfo known_devices[] = {
  173     /* Atmel -- some are (confusingly) marketed as "DataFlash" */
  174     { INFO("at25fs010",   0x1f6601,      0,  32 << 10,   4, ER_4K) },
  175     { INFO("at25fs040",   0x1f6604,      0,  64 << 10,   8, ER_4K) },
  176 
  177     { INFO("at25df041a",  0x1f4401,      0,  64 << 10,   8, ER_4K) },
  178     { INFO("at25df321a",  0x1f4701,      0,  64 << 10,  64, ER_4K) },
  179     { INFO("at25df641",   0x1f4800,      0,  64 << 10, 128, ER_4K) },
  180 
  181     { INFO("at26f004",    0x1f0400,      0,  64 << 10,   8, ER_4K) },
  182     { INFO("at26df081a",  0x1f4501,      0,  64 << 10,  16, ER_4K) },
  183     { INFO("at26df161a",  0x1f4601,      0,  64 << 10,  32, ER_4K) },
  184     { INFO("at26df321",   0x1f4700,      0,  64 << 10,  64, ER_4K) },
  185 
  186     { INFO("at45db081d",  0x1f2500,      0,  64 << 10,  16, ER_4K) },
  187 
  188     /* Atmel EEPROMS - it is assumed, that don't care bit in command
  189      * is set to 0. Block protection is not supported.
  190      */
  191     { INFO("at25128a-nonjedec", 0x0,     0,         1, 131072, EEPROM) },
  192     { INFO("at25256a-nonjedec", 0x0,     0,         1, 262144, EEPROM) },
  193 
  194     /* EON -- en25xxx */
  195     { INFO("en25f32",     0x1c3116,      0,  64 << 10,  64, ER_4K) },
  196     { INFO("en25p32",     0x1c2016,      0,  64 << 10,  64, 0) },
  197     { INFO("en25q32b",    0x1c3016,      0,  64 << 10,  64, 0) },
  198     { INFO("en25p64",     0x1c2017,      0,  64 << 10, 128, 0) },
  199     { INFO("en25q64",     0x1c3017,      0,  64 << 10, 128, ER_4K) },
  200 
  201     /* GigaDevice */
  202     { INFO("gd25q32",     0xc84016,      0,  64 << 10,  64, ER_4K) },
  203     { INFO("gd25q64",     0xc84017,      0,  64 << 10, 128, ER_4K) },
  204 
  205     /* Intel/Numonyx -- xxxs33b */
  206     { INFO("160s33b",     0x898911,      0,  64 << 10,  32, 0) },
  207     { INFO("320s33b",     0x898912,      0,  64 << 10,  64, 0) },
  208     { INFO("640s33b",     0x898913,      0,  64 << 10, 128, 0) },
  209     { INFO("n25q064",     0x20ba17,      0,  64 << 10, 128, 0) },
  210 
  211     /* Macronix */
  212     { INFO("mx25l2005a",  0xc22012,      0,  64 << 10,   4, ER_4K) },
  213     { INFO("mx25l4005a",  0xc22013,      0,  64 << 10,   8, ER_4K) },
  214     { INFO("mx25l8005",   0xc22014,      0,  64 << 10,  16, 0) },
  215     { INFO("mx25l1606e",  0xc22015,      0,  64 << 10,  32, ER_4K) },
  216     { INFO("mx25l3205d",  0xc22016,      0,  64 << 10,  64, 0) },
  217     { INFO("mx25l6405d",  0xc22017,      0,  64 << 10, 128, 0) },
  218     { INFO("mx25l12805d", 0xc22018,      0,  64 << 10, 256, 0) },
  219     { INFO("mx25l12855e", 0xc22618,      0,  64 << 10, 256, 0) },
  220     { INFO("mx25l25635e", 0xc22019,      0,  64 << 10, 512, 0) },
  221     { INFO("mx25l25655e", 0xc22619,      0,  64 << 10, 512, 0) },
  222     { INFO("mx66u51235f", 0xc2253a,      0,  64 << 10, 1024, ER_4K | ER_32K) },
  223     { INFO("mx66u1g45g",  0xc2253b,      0,  64 << 10, 2048, ER_4K | ER_32K) },
  224     { INFO("mx66l1g45g",  0xc2201b,      0,  64 << 10, 2048, ER_4K | ER_32K) },
  225 
  226     /* Micron */
  227     { INFO("n25q032a11",  0x20bb16,      0,  64 << 10,  64, ER_4K) },
  228     { INFO("n25q032a13",  0x20ba16,      0,  64 << 10,  64, ER_4K) },
  229     { INFO("n25q064a11",  0x20bb17,      0,  64 << 10, 128, ER_4K) },
  230     { INFO("n25q064a13",  0x20ba17,      0,  64 << 10, 128, ER_4K) },
  231     { INFO("n25q128a11",  0x20bb18,      0,  64 << 10, 256, ER_4K) },
  232     { INFO("n25q128a13",  0x20ba18,      0,  64 << 10, 256, ER_4K) },
  233     { INFO("n25q256a11",  0x20bb19,      0,  64 << 10, 512, ER_4K) },
  234     { INFO("n25q256a13",  0x20ba19,      0,  64 << 10, 512, ER_4K) },
  235     { INFO("n25q512a11",  0x20bb20,      0,  64 << 10, 1024, ER_4K) },
  236     { INFO("n25q512a13",  0x20ba20,      0,  64 << 10, 1024, ER_4K) },
  237     { INFO("n25q128",     0x20ba18,      0,  64 << 10, 256, 0) },
  238     { INFO("n25q256a",    0x20ba19,      0,  64 << 10, 512, ER_4K) },
  239     { INFO("n25q512a",    0x20ba20,      0,  64 << 10, 1024, ER_4K) },
  240     { INFO_STACKED("n25q00",    0x20ba21, 0x1000, 64 << 10, 2048, ER_4K, 4) },
  241     { INFO_STACKED("n25q00a",   0x20bb21, 0x1000, 64 << 10, 2048, ER_4K, 4) },
  242     { INFO_STACKED("mt25ql01g", 0x20ba21, 0x1040, 64 << 10, 2048, ER_4K, 2) },
  243     { INFO_STACKED("mt25qu01g", 0x20bb21, 0x1040, 64 << 10, 2048, ER_4K, 2) },
  244 
  245     /* Spansion -- single (large) sector size only, at least
  246      * for the chips listed here (without boot sectors).
  247      */
  248     { INFO("s25sl032p",   0x010215, 0x4d00,  64 << 10,  64, ER_4K) },
  249     { INFO("s25sl064p",   0x010216, 0x4d00,  64 << 10, 128, ER_4K) },
  250     { INFO("s25fl256s0",  0x010219, 0x4d00, 256 << 10, 128, 0) },
  251     { INFO("s25fl256s1",  0x010219, 0x4d01,  64 << 10, 512, 0) },
  252     { INFO6("s25fl512s",  0x010220, 0x4d0080, 256 << 10, 256, 0) },
  253     { INFO6("s70fl01gs",  0x010221, 0x4d0080, 256 << 10, 512, 0) },
  254     { INFO("s25sl12800",  0x012018, 0x0300, 256 << 10,  64, 0) },
  255     { INFO("s25sl12801",  0x012018, 0x0301,  64 << 10, 256, 0) },
  256     { INFO("s25fl129p0",  0x012018, 0x4d00, 256 << 10,  64, 0) },
  257     { INFO("s25fl129p1",  0x012018, 0x4d01,  64 << 10, 256, 0) },
  258     { INFO("s25sl004a",   0x010212,      0,  64 << 10,   8, 0) },
  259     { INFO("s25sl008a",   0x010213,      0,  64 << 10,  16, 0) },
  260     { INFO("s25sl016a",   0x010214,      0,  64 << 10,  32, 0) },
  261     { INFO("s25sl032a",   0x010215,      0,  64 << 10,  64, 0) },
  262     { INFO("s25sl064a",   0x010216,      0,  64 << 10, 128, 0) },
  263     { INFO("s25fl016k",   0xef4015,      0,  64 << 10,  32, ER_4K | ER_32K) },
  264     { INFO("s25fl064k",   0xef4017,      0,  64 << 10, 128, ER_4K | ER_32K) },
  265 
  266     /* Spansion --  boot sectors support  */
  267     { INFO6("s25fs512s",    0x010220, 0x4d0081, 256 << 10, 256, 0) },
  268     { INFO6("s70fs01gs",    0x010221, 0x4d0081, 256 << 10, 512, 0) },
  269 
  270     /* SST -- large erase sizes are "overlays", "sectors" are 4<< 10 */
  271     { INFO("sst25vf040b", 0xbf258d,      0,  64 << 10,   8, ER_4K) },
  272     { INFO("sst25vf080b", 0xbf258e,      0,  64 << 10,  16, ER_4K) },
  273     { INFO("sst25vf016b", 0xbf2541,      0,  64 << 10,  32, ER_4K) },
  274     { INFO("sst25vf032b", 0xbf254a,      0,  64 << 10,  64, ER_4K) },
  275     { INFO("sst25wf512",  0xbf2501,      0,  64 << 10,   1, ER_4K) },
  276     { INFO("sst25wf010",  0xbf2502,      0,  64 << 10,   2, ER_4K) },
  277     { INFO("sst25wf020",  0xbf2503,      0,  64 << 10,   4, ER_4K) },
  278     { INFO("sst25wf040",  0xbf2504,      0,  64 << 10,   8, ER_4K) },
  279     { INFO("sst25wf080",  0xbf2505,      0,  64 << 10,  16, ER_4K) },
  280 
  281     /* ST Microelectronics -- newer production may have feature updates */
  282     { INFO("m25p05",      0x202010,      0,  32 << 10,   2, 0) },
  283     { INFO("m25p10",      0x202011,      0,  32 << 10,   4, 0) },
  284     { INFO("m25p20",      0x202012,      0,  64 << 10,   4, 0) },
  285     { INFO("m25p40",      0x202013,      0,  64 << 10,   8, 0) },
  286     { INFO("m25p80",      0x202014,      0,  64 << 10,  16, 0) },
  287     { INFO("m25p16",      0x202015,      0,  64 << 10,  32, 0) },
  288     { INFO("m25p32",      0x202016,      0,  64 << 10,  64, 0) },
  289     { INFO("m25p64",      0x202017,      0,  64 << 10, 128, 0) },
  290     { INFO("m25p128",     0x202018,      0, 256 << 10,  64, 0) },
  291     { INFO("n25q032",     0x20ba16,      0,  64 << 10,  64, 0) },
  292 
  293     { INFO("m45pe10",     0x204011,      0,  64 << 10,   2, 0) },
  294     { INFO("m45pe80",     0x204014,      0,  64 << 10,  16, 0) },
  295     { INFO("m45pe16",     0x204015,      0,  64 << 10,  32, 0) },
  296 
  297     { INFO("m25pe20",     0x208012,      0,  64 << 10,   4, 0) },
  298     { INFO("m25pe80",     0x208014,      0,  64 << 10,  16, 0) },
  299     { INFO("m25pe16",     0x208015,      0,  64 << 10,  32, ER_4K) },
  300 
  301     { INFO("m25px32",     0x207116,      0,  64 << 10,  64, ER_4K) },
  302     { INFO("m25px32-s0",  0x207316,      0,  64 << 10,  64, ER_4K) },
  303     { INFO("m25px32-s1",  0x206316,      0,  64 << 10,  64, ER_4K) },
  304     { INFO("m25px64",     0x207117,      0,  64 << 10, 128, 0) },
  305 
  306     /* Winbond -- w25x "blocks" are 64k, "sectors" are 4KiB */
  307     { INFO("w25x10",      0xef3011,      0,  64 << 10,   2, ER_4K) },
  308     { INFO("w25x20",      0xef3012,      0,  64 << 10,   4, ER_4K) },
  309     { INFO("w25x40",      0xef3013,      0,  64 << 10,   8, ER_4K) },
  310     { INFO("w25x80",      0xef3014,      0,  64 << 10,  16, ER_4K) },
  311     { INFO("w25x16",      0xef3015,      0,  64 << 10,  32, ER_4K) },
  312     { INFO("w25x32",      0xef3016,      0,  64 << 10,  64, ER_4K) },
  313     { INFO("w25q32",      0xef4016,      0,  64 << 10,  64, ER_4K) },
  314     { INFO("w25q32dw",    0xef6016,      0,  64 << 10,  64, ER_4K) },
  315     { INFO("w25x64",      0xef3017,      0,  64 << 10, 128, ER_4K) },
  316     { INFO("w25q64",      0xef4017,      0,  64 << 10, 128, ER_4K) },
  317     { INFO("w25q80",      0xef5014,      0,  64 << 10,  16, ER_4K) },
  318     { INFO("w25q80bl",    0xef4014,      0,  64 << 10,  16, ER_4K) },
  319     { INFO("w25q256",     0xef4019,      0,  64 << 10, 512, ER_4K) },
  320     { INFO("w25q512jv",   0xef4020,      0,  64 << 10, 1024, ER_4K) },
  321 };
  322 
  323 typedef enum {
  324     NOP = 0,
  325     WRSR = 0x1,
  326     WRDI = 0x4,
  327     RDSR = 0x5,
  328     WREN = 0x6,
  329     BRRD = 0x16,
  330     BRWR = 0x17,
  331     JEDEC_READ = 0x9f,
  332     BULK_ERASE_60 = 0x60,
  333     BULK_ERASE = 0xc7,
  334     READ_FSR = 0x70,
  335     RDCR = 0x15,
  336 
  337     READ = 0x03,
  338     READ4 = 0x13,
  339     FAST_READ = 0x0b,
  340     FAST_READ4 = 0x0c,
  341     DOR = 0x3b,
  342     DOR4 = 0x3c,
  343     QOR = 0x6b,
  344     QOR4 = 0x6c,
  345     DIOR = 0xbb,
  346     DIOR4 = 0xbc,
  347     QIOR = 0xeb,
  348     QIOR4 = 0xec,
  349 
  350     PP = 0x02,
  351     PP4 = 0x12,
  352     PP4_4 = 0x3e,
  353     DPP = 0xa2,
  354     QPP = 0x32,
  355     QPP_4 = 0x34,
  356     RDID_90 = 0x90,
  357     RDID_AB = 0xab,
  358 
  359     ERASE_4K = 0x20,
  360     ERASE4_4K = 0x21,
  361     ERASE_32K = 0x52,
  362     ERASE4_32K = 0x5c,
  363     ERASE_SECTOR = 0xd8,
  364     ERASE4_SECTOR = 0xdc,
  365 
  366     EN_4BYTE_ADDR = 0xB7,
  367     EX_4BYTE_ADDR = 0xE9,
  368 
  369     EXTEND_ADDR_READ = 0xC8,
  370     EXTEND_ADDR_WRITE = 0xC5,
  371 
  372     RESET_ENABLE = 0x66,
  373     RESET_MEMORY = 0x99,
  374 
  375     /*
  376      * Micron: 0x35 - enable QPI
  377      * Spansion: 0x35 - read control register
  378      */
  379     RDCR_EQIO = 0x35,
  380     RSTQIO = 0xf5,
  381 
  382     RNVCR = 0xB5,
  383     WNVCR = 0xB1,
  384 
  385     RVCR = 0x85,
  386     WVCR = 0x81,
  387 
  388     REVCR = 0x65,
  389     WEVCR = 0x61,
  390 
  391     DIE_ERASE = 0xC4,
  392 } FlashCMD;
  393 
  394 typedef enum {
  395     STATE_IDLE,
  396     STATE_PAGE_PROGRAM,
  397     STATE_READ,
  398     STATE_COLLECTING_DATA,
  399     STATE_COLLECTING_VAR_LEN_DATA,
  400     STATE_READING_DATA,
  401 } CMDState;
  402 
  403 typedef enum {
  404     MAN_SPANSION,
  405     MAN_MACRONIX,
  406     MAN_NUMONYX,
  407     MAN_WINBOND,
  408     MAN_SST,
  409     MAN_GENERIC,
  410 } Manufacturer;
  411 
  412 #define M25P80_INTERNAL_DATA_BUFFER_SZ 16
  413 
  414 typedef struct Flash {
  415     SSISlave parent_obj;
  416 
  417     BlockBackend *blk;
  418 
  419     uint8_t *storage;
  420     uint32_t size;
  421     int page_size;
  422 
  423     uint8_t state;
  424     uint8_t data[M25P80_INTERNAL_DATA_BUFFER_SZ];
  425     uint32_t len;
  426     uint32_t pos;
  427     bool data_read_loop;
  428     uint8_t needed_bytes;
  429     uint8_t cmd_in_progress;
  430     uint32_t cur_addr;
  431     uint32_t nonvolatile_cfg;
  432     /* Configuration register for Macronix */
  433     uint32_t volatile_cfg;
  434     uint32_t enh_volatile_cfg;
  435     /* Spansion cfg registers. */
  436     uint8_t spansion_cr1nv;
  437     uint8_t spansion_cr2nv;
  438     uint8_t spansion_cr3nv;
  439     uint8_t spansion_cr4nv;
  440     uint8_t spansion_cr1v;
  441     uint8_t spansion_cr2v;
  442     uint8_t spansion_cr3v;
  443     uint8_t spansion_cr4v;
  444     bool write_enable;
  445     bool four_bytes_address_mode;
  446     bool reset_enable;
  447     bool quad_enable;
  448     uint8_t ear;
  449 
  450     int64_t dirty_page;
  451 
  452     const FlashPartInfo *pi;
  453 
  454 } Flash;
  455 
  456 typedef struct M25P80Class {
  457     SSISlaveClass parent_class;
  458     FlashPartInfo *pi;
  459 } M25P80Class;
  460 
  461 #define TYPE_M25P80 "m25p80-generic"
  462 #define M25P80(obj) \
  463      OBJECT_CHECK(Flash, (obj), TYPE_M25P80)
  464 #define M25P80_CLASS(klass) \
  465      OBJECT_CLASS_CHECK(M25P80Class, (klass), TYPE_M25P80)
  466 #define M25P80_GET_CLASS(obj) \
  467      OBJECT_GET_CLASS(M25P80Class, (obj), TYPE_M25P80)
  468 
  469 static inline Manufacturer get_man(Flash *s)
  470 {
  471     switch (s->pi->id[0]) {
  472     case 0x20:
  473         return MAN_NUMONYX;
  474     case 0xEF:
  475         return MAN_WINBOND;
  476     case 0x01:
  477         return MAN_SPANSION;
  478     case 0xC2:
  479         return MAN_MACRONIX;
  480     case 0xBF:
  481         return MAN_SST;
  482     default:
  483         return MAN_GENERIC;
  484     }
  485 }
  486 
  487 static void blk_sync_complete(void *opaque, int ret)
  488 {
  489     QEMUIOVector *iov = opaque;
  490 
  491     qemu_iovec_destroy(iov);
  492     g_free(iov);
  493 
  494     /* do nothing. Masters do not directly interact with the backing store,
  495      * only the working copy so no mutexing required.
  496      */
  497 }
  498 
  499 static void flash_sync_page(Flash *s, int page)
  500 {
  501     QEMUIOVector *iov;
  502 
  503     if (!s->blk || blk_is_read_only(s->blk)) {
  504         return;
  505     }
  506 
  507     iov = g_new(QEMUIOVector, 1);
  508     qemu_iovec_init(iov, 1);
  509     qemu_iovec_add(iov, s->storage + page * s->pi->page_size,
  510                    s->pi->page_size);
  511     blk_aio_pwritev(s->blk, page * s->pi->page_size, iov, 0,
  512                     blk_sync_complete, iov);
  513 }
  514 
  515 static inline void flash_sync_area(Flash *s, int64_t off, int64_t len)
  516 {
  517     QEMUIOVector *iov;
  518 
  519     if (!s->blk || blk_is_read_only(s->blk)) {
  520         return;
  521     }
  522 
  523     assert(!(len % BDRV_SECTOR_SIZE));
  524     iov = g_new(QEMUIOVector, 1);
  525     qemu_iovec_init(iov, 1);
  526     qemu_iovec_add(iov, s->storage + off, len);
  527     blk_aio_pwritev(s->blk, off, iov, 0, blk_sync_complete, iov);
  528 }
  529 
  530 static void flash_erase(Flash *s, int offset, FlashCMD cmd)
  531 {
  532     uint32_t len;
  533     uint8_t capa_to_assert = 0;
  534 
  535     switch (cmd) {
  536     case ERASE_4K:
  537     case ERASE4_4K:
  538         len = 4 * KiB;
  539         capa_to_assert = ER_4K;
  540         break;
  541     case ERASE_32K:
  542     case ERASE4_32K:
  543         len = 32 * KiB;
  544         capa_to_assert = ER_32K;
  545         break;
  546     case ERASE_SECTOR:
  547     case ERASE4_SECTOR:
  548         len = s->pi->sector_size;
  549         break;
  550     case BULK_ERASE:
  551         len = s->size;
  552         break;
  553     case DIE_ERASE:
  554         if (s->pi->die_cnt) {
  555             len = s->size / s->pi->die_cnt;
  556             offset = offset & (~(len - 1));
  557         } else {
  558             qemu_log_mask(LOG_GUEST_ERROR, "M25P80: die erase is not supported"
  559                           " by device\n");
  560             return;
  561         }
  562         break;
  563     default:
  564         abort();
  565     }
  566 
  567     trace_m25p80_flash_erase(s, offset, len);
  568 
  569     if ((s->pi->flags & capa_to_assert) != capa_to_assert) {
  570         qemu_log_mask(LOG_GUEST_ERROR, "M25P80: %d erase size not supported by"
  571                       " device\n", len);
  572     }
  573 
  574     if (!s->write_enable) {
  575         qemu_log_mask(LOG_GUEST_ERROR, "M25P80: erase with write protect!\n");
  576         return;
  577     }
  578     memset(s->storage + offset, 0xff, len);
  579     flash_sync_area(s, offset, len);
  580 }
  581 
  582 static inline void flash_sync_dirty(Flash *s, int64_t newpage)
  583 {
  584     if (s->dirty_page >= 0 && s->dirty_page != newpage) {
  585         flash_sync_page(s, s->dirty_page);
  586         s->dirty_page = newpage;
  587     }
  588 }
  589 
  590 static inline
  591 void flash_write8(Flash *s, uint32_t addr, uint8_t data)
  592 {
  593     uint32_t page = addr / s->pi->page_size;
  594     uint8_t prev = s->storage[s->cur_addr];
  595 
  596     if (!s->write_enable) {
  597         qemu_log_mask(LOG_GUEST_ERROR, "M25P80: write with write protect!\n");
  598     }
  599 
  600     if ((prev ^ data) & data) {
  601         trace_m25p80_programming_zero_to_one(s, addr, prev, data);
  602     }
  603 
  604     if (s->pi->flags & EEPROM) {
  605         s->storage[s->cur_addr] = data;
  606     } else {
  607         s->storage[s->cur_addr] &= data;
  608     }
  609 
  610     flash_sync_dirty(s, page);
  611     s->dirty_page = page;
  612 }
  613 
  614 static inline int get_addr_length(Flash *s)
  615 {
  616    /* check if eeprom is in use */
  617     if (s->pi->flags == EEPROM) {
  618         return 2;
  619     }
  620 
  621    switch (s->cmd_in_progress) {
  622    case PP4:
  623    case PP4_4:
  624    case QPP_4:
  625    case READ4:
  626    case QIOR4:
  627    case ERASE4_4K:
  628    case ERASE4_32K:
  629    case ERASE4_SECTOR:
  630    case FAST_READ4:
  631    case DOR4:
  632    case QOR4:
  633    case DIOR4:
  634        return 4;
  635    default:
  636        return s->four_bytes_address_mode ? 4 : 3;
  637    }
  638 }
  639 
  640 static void complete_collecting_data(Flash *s)
  641 {
  642     int i, n;
  643 
  644     n = get_addr_length(s);
  645     s->cur_addr = (n == 3 ? s->ear : 0);
  646     for (i = 0; i < n; ++i) {
  647         s->cur_addr <<= 8;
  648         s->cur_addr |= s->data[i];
  649     }
  650 
  651     s->cur_addr &= s->size - 1;
  652 
  653     s->state = STATE_IDLE;
  654 
  655     trace_m25p80_complete_collecting(s, s->cmd_in_progress, n, s->ear,
  656                                      s->cur_addr);
  657 
  658     switch (s->cmd_in_progress) {
  659     case DPP:
  660     case QPP:
  661     case QPP_4:
  662     case PP:
  663     case PP4:
  664     case PP4_4:
  665         s->state = STATE_PAGE_PROGRAM;
  666         break;
  667     case READ:
  668     case READ4:
  669     case FAST_READ:
  670     case FAST_READ4:
  671     case DOR:
  672     case DOR4:
  673     case QOR:
  674     case QOR4:
  675     case DIOR:
  676     case DIOR4:
  677     case QIOR:
  678     case QIOR4:
  679         s->state = STATE_READ;
  680         break;
  681     case ERASE_4K:
  682     case ERASE4_4K:
  683     case ERASE_32K:
  684     case ERASE4_32K:
  685     case ERASE_SECTOR:
  686     case ERASE4_SECTOR:
  687     case DIE_ERASE:
  688         flash_erase(s, s->cur_addr, s->cmd_in_progress);
  689         break;
  690     case WRSR:
  691         switch (get_man(s)) {
  692         case MAN_SPANSION:
  693             s->quad_enable = !!(s->data[1] & 0x02);
  694             break;
  695         case MAN_MACRONIX:
  696             s->quad_enable = extract32(s->data[0], 6, 1);
  697             if (s->len > 1) {
  698                 s->volatile_cfg = s->data[1];
  699                 s->four_bytes_address_mode = extract32(s->data[1], 5, 1);
  700             }
  701             break;
  702         default:
  703             break;
  704         }
  705         if (s->write_enable) {
  706             s->write_enable = false;
  707         }
  708         break;
  709     case BRWR:
  710     case EXTEND_ADDR_WRITE:
  711         s->ear = s->data[0];
  712         break;
  713     case WNVCR:
  714         s->nonvolatile_cfg = s->data[0] | (s->data[1] << 8);
  715         break;
  716     case WVCR:
  717         s->volatile_cfg = s->data[0];
  718         break;
  719     case WEVCR:
  720         s->enh_volatile_cfg = s->data[0];
  721         break;
  722     case RDID_90:
  723     case RDID_AB:
  724         if (get_man(s) == MAN_SST) {
  725             if (s->cur_addr <= 1) {
  726                 if (s->cur_addr) {
  727                     s->data[0] = s->pi->id[2];
  728                     s->data[1] = s->pi->id[0];
  729                 } else {
  730                     s->data[0] = s->pi->id[0];
  731                     s->data[1] = s->pi->id[2];
  732                 }
  733                 s->pos = 0;
  734                 s->len = 2;
  735                 s->data_read_loop = true;
  736                 s->state = STATE_READING_DATA;
  737             } else {
  738                 qemu_log_mask(LOG_GUEST_ERROR,
  739                               "M25P80: Invalid read id address\n");
  740             }
  741         } else {
  742             qemu_log_mask(LOG_GUEST_ERROR,
  743                           "M25P80: Read id (command 0x90/0xAB) is not supported"
  744                           " by device\n");
  745         }
  746         break;
  747     default:
  748         break;
  749     }
  750 }
  751 
  752 static void reset_memory(Flash *s)
  753 {
  754     s->cmd_in_progress = NOP;
  755     s->cur_addr = 0;
  756     s->ear = 0;
  757     s->four_bytes_address_mode = false;
  758     s->len = 0;
  759     s->needed_bytes = 0;
  760     s->pos = 0;
  761     s->state = STATE_IDLE;
  762     s->write_enable = false;
  763     s->reset_enable = false;
  764     s->quad_enable = false;
  765 
  766     switch (get_man(s)) {
  767     case MAN_NUMONYX:
  768         s->volatile_cfg = 0;
  769         s->volatile_cfg |= VCFG_DUMMY;
  770         s->volatile_cfg |= VCFG_WRAP_SEQUENTIAL;
  771         if ((s->nonvolatile_cfg & NVCFG_XIP_MODE_MASK)
  772                                 != NVCFG_XIP_MODE_DISABLED) {
  773             s->volatile_cfg |= VCFG_XIP_MODE_ENABLED;
  774         }
  775         s->volatile_cfg |= deposit32(s->volatile_cfg,
  776                             VCFG_DUMMY_CLK_POS,
  777                             CFG_DUMMY_CLK_LEN,
  778                             extract32(s->nonvolatile_cfg,
  779                                         NVCFG_DUMMY_CLK_POS,
  780                                         CFG_DUMMY_CLK_LEN)
  781                             );
  782 
  783         s->enh_volatile_cfg = 0;
  784         s->enh_volatile_cfg |= EVCFG_OUT_DRIVER_STRENGTH_DEF;
  785         s->enh_volatile_cfg |= EVCFG_VPP_ACCELERATOR;
  786         s->enh_volatile_cfg |= EVCFG_RESET_HOLD_ENABLED;
  787         if (s->nonvolatile_cfg & NVCFG_DUAL_IO_MASK) {
  788             s->enh_volatile_cfg |= EVCFG_DUAL_IO_ENABLED;
  789         }
  790         if (s->nonvolatile_cfg & NVCFG_QUAD_IO_MASK) {
  791             s->enh_volatile_cfg |= EVCFG_QUAD_IO_ENABLED;
  792         }
  793         if (!(s->nonvolatile_cfg & NVCFG_4BYTE_ADDR_MASK)) {
  794             s->four_bytes_address_mode = true;
  795         }
  796         if (!(s->nonvolatile_cfg & NVCFG_LOWER_SEGMENT_MASK)) {
  797             s->ear = s->size / MAX_3BYTES_SIZE - 1;
  798         }
  799         break;
  800     case MAN_MACRONIX:
  801         s->volatile_cfg = 0x7;
  802         break;
  803     case MAN_SPANSION:
  804         s->spansion_cr1v = s->spansion_cr1nv;
  805         s->spansion_cr2v = s->spansion_cr2nv;
  806         s->spansion_cr3v = s->spansion_cr3nv;
  807         s->spansion_cr4v = s->spansion_cr4nv;
  808         s->quad_enable = extract32(s->spansion_cr1v,
  809                                    SPANSION_QUAD_CFG_POS,
  810                                    SPANSION_QUAD_CFG_LEN
  811                                    );
  812         s->four_bytes_address_mode = extract32(s->spansion_cr2v,
  813                 SPANSION_ADDR_LEN_POS,
  814                 SPANSION_ADDR_LEN_LEN
  815                 );
  816         break;
  817     default:
  818         break;
  819     }
  820 
  821     trace_m25p80_reset_done(s);
  822 }
  823 
  824 static void decode_fast_read_cmd(Flash *s)
  825 {
  826     s->needed_bytes = get_addr_length(s);
  827     switch (get_man(s)) {
  828     /* Dummy cycles - modeled with bytes writes instead of bits */
  829     case MAN_WINBOND:
  830         s->needed_bytes += 8;
  831         break;
  832     case MAN_NUMONYX:
  833         s->needed_bytes += extract32(s->volatile_cfg, 4, 4);
  834         break;
  835     case MAN_MACRONIX:
  836         if (extract32(s->volatile_cfg, 6, 2) == 1) {
  837             s->needed_bytes += 6;
  838         } else {
  839             s->needed_bytes += 8;
  840         }
  841         break;
  842     case MAN_SPANSION:
  843         s->needed_bytes += extract32(s->spansion_cr2v,
  844                                     SPANSION_DUMMY_CLK_POS,
  845                                     SPANSION_DUMMY_CLK_LEN
  846                                     );
  847         break;
  848     default:
  849         break;
  850     }
  851     s->pos = 0;
  852     s->len = 0;
  853     s->state = STATE_COLLECTING_DATA;
  854 }
  855 
  856 static void decode_dio_read_cmd(Flash *s)
  857 {
  858     s->needed_bytes = get_addr_length(s);
  859     /* Dummy cycles modeled with bytes writes instead of bits */
  860     switch (get_man(s)) {
  861     case MAN_WINBOND:
  862         s->needed_bytes += WINBOND_CONTINUOUS_READ_MODE_CMD_LEN;
  863         break;
  864     case MAN_SPANSION:
  865         s->needed_bytes += SPANSION_CONTINUOUS_READ_MODE_CMD_LEN;
  866         s->needed_bytes += extract32(s->spansion_cr2v,
  867                                     SPANSION_DUMMY_CLK_POS,
  868                                     SPANSION_DUMMY_CLK_LEN
  869                                     );
  870         break;
  871     case MAN_NUMONYX:
  872         s->needed_bytes += extract32(s->volatile_cfg, 4, 4);
  873         break;
  874     case MAN_MACRONIX:
  875         switch (extract32(s->volatile_cfg, 6, 2)) {
  876         case 1:
  877             s->needed_bytes += 6;
  878             break;
  879         case 2:
  880             s->needed_bytes += 8;
  881             break;
  882         default:
  883             s->needed_bytes += 4;
  884             break;
  885         }
  886         break;
  887     default:
  888         break;
  889     }
  890     s->pos = 0;
  891     s->len = 0;
  892     s->state = STATE_COLLECTING_DATA;
  893 }
  894 
  895 static void decode_qio_read_cmd(Flash *s)
  896 {
  897     s->needed_bytes = get_addr_length(s);
  898     /* Dummy cycles modeled with bytes writes instead of bits */
  899     switch (get_man(s)) {
  900     case MAN_WINBOND:
  901         s->needed_bytes += WINBOND_CONTINUOUS_READ_MODE_CMD_LEN;
  902         s->needed_bytes += 4;
  903         break;
  904     case MAN_SPANSION:
  905         s->needed_bytes += SPANSION_CONTINUOUS_READ_MODE_CMD_LEN;
  906         s->needed_bytes += extract32(s->spansion_cr2v,
  907                                     SPANSION_DUMMY_CLK_POS,
  908                                     SPANSION_DUMMY_CLK_LEN
  909                                     );
  910         break;
  911     case MAN_NUMONYX:
  912         s->needed_bytes += extract32(s->volatile_cfg, 4, 4);
  913         break;
  914     case MAN_MACRONIX:
  915         switch (extract32(s->volatile_cfg, 6, 2)) {
  916         case 1:
  917             s->needed_bytes += 4;
  918             break;
  919         case 2:
  920             s->needed_bytes += 8;
  921             break;
  922         default:
  923             s->needed_bytes += 6;
  924             break;
  925         }
  926         break;
  927     default:
  928         break;
  929     }
  930     s->pos = 0;
  931     s->len = 0;
  932     s->state = STATE_COLLECTING_DATA;
  933 }
  934 
  935 static void decode_new_cmd(Flash *s, uint32_t value)
  936 {
  937     int i;
  938 
  939     s->cmd_in_progress = value;
  940     trace_m25p80_command_decoded(s, value);
  941 
  942     if (value != RESET_MEMORY) {
  943         s->reset_enable = false;
  944     }
  945 
  946     switch (value) {
  947 
  948     case ERASE_4K:
  949     case ERASE4_4K:
  950     case ERASE_32K:
  951     case ERASE4_32K:
  952     case ERASE_SECTOR:
  953     case ERASE4_SECTOR:
  954     case READ:
  955     case READ4:
  956     case DPP:
  957     case QPP:
  958     case QPP_4:
  959     case PP:
  960     case PP4:
  961     case PP4_4:
  962     case DIE_ERASE:
  963     case RDID_90:
  964     case RDID_AB:
  965         s->needed_bytes = get_addr_length(s);
  966         s->pos = 0;
  967         s->len = 0;
  968         s->state = STATE_COLLECTING_DATA;
  969         break;
  970 
  971     case FAST_READ:
  972     case FAST_READ4:
  973     case DOR:
  974     case DOR4:
  975     case QOR:
  976     case QOR4:
  977         decode_fast_read_cmd(s);
  978         break;
  979 
  980     case DIOR:
  981     case DIOR4:
  982         decode_dio_read_cmd(s);
  983         break;
  984 
  985     case QIOR:
  986     case QIOR4:
  987         decode_qio_read_cmd(s);
  988         break;
  989 
  990     case WRSR:
  991         if (s->write_enable) {
  992             switch (get_man(s)) {
  993             case MAN_SPANSION:
  994                 s->needed_bytes = 2;
  995                 s->state = STATE_COLLECTING_DATA;
  996                 break;
  997             case MAN_MACRONIX:
  998                 s->needed_bytes = 2;
  999                 s->state = STATE_COLLECTING_VAR_LEN_DATA;
 1000                 break;
 1001             default:
 1002                 s->needed_bytes = 1;
 1003                 s->state = STATE_COLLECTING_DATA;
 1004             }
 1005             s->pos = 0;
 1006         }
 1007         break;
 1008 
 1009     case WRDI:
 1010         s->write_enable = false;
 1011         break;
 1012     case WREN:
 1013         s->write_enable = true;
 1014         break;
 1015 
 1016     case RDSR:
 1017         s->data[0] = (!!s->write_enable) << 1;
 1018         if (get_man(s) == MAN_MACRONIX) {
 1019             s->data[0] |= (!!s->quad_enable) << 6;
 1020         }
 1021         s->pos = 0;
 1022         s->len = 1;
 1023         s->data_read_loop = true;
 1024         s->state = STATE_READING_DATA;
 1025         break;
 1026 
 1027     case READ_FSR:
 1028         s->data[0] = FSR_FLASH_READY;
 1029         if (s->four_bytes_address_mode) {
 1030             s->data[0] |= FSR_4BYTE_ADDR_MODE_ENABLED;
 1031         }
 1032         s->pos = 0;
 1033         s->len = 1;
 1034         s->data_read_loop = true;
 1035         s->state = STATE_READING_DATA;
 1036         break;
 1037 
 1038     case JEDEC_READ:
 1039         trace_m25p80_populated_jedec(s);
 1040         for (i = 0; i < s->pi->id_len; i++) {
 1041             s->data[i] = s->pi->id[i];
 1042         }
 1043         for (; i < SPI_NOR_MAX_ID_LEN; i++) {
 1044             s->data[i] = 0;
 1045         }
 1046 
 1047         s->len = SPI_NOR_MAX_ID_LEN;
 1048         s->pos = 0;
 1049         s->state = STATE_READING_DATA;
 1050         break;
 1051 
 1052     case RDCR:
 1053         s->data[0] = s->volatile_cfg & 0xFF;
 1054         s->data[0] |= (!!s->four_bytes_address_mode) << 5;
 1055         s->pos = 0;
 1056         s->len = 1;
 1057         s->state = STATE_READING_DATA;
 1058         break;
 1059 
 1060     case BULK_ERASE_60:
 1061     case BULK_ERASE:
 1062         if (s->write_enable) {
 1063             trace_m25p80_chip_erase(s);
 1064             flash_erase(s, 0, BULK_ERASE);
 1065         } else {
 1066             qemu_log_mask(LOG_GUEST_ERROR, "M25P80: chip erase with write "
 1067                           "protect!\n");
 1068         }
 1069         break;
 1070     case NOP:
 1071         break;
 1072     case EN_4BYTE_ADDR:
 1073         s->four_bytes_address_mode = true;
 1074         break;
 1075     case EX_4BYTE_ADDR:
 1076         s->four_bytes_address_mode = false;
 1077         break;
 1078     case BRRD:
 1079     case EXTEND_ADDR_READ:
 1080         s->data[0] = s->ear;
 1081         s->pos = 0;
 1082         s->len = 1;
 1083         s->state = STATE_READING_DATA;
 1084         break;
 1085     case BRWR:
 1086     case EXTEND_ADDR_WRITE:
 1087         if (s->write_enable) {
 1088             s->needed_bytes = 1;
 1089             s->pos = 0;
 1090             s->len = 0;
 1091             s->state = STATE_COLLECTING_DATA;
 1092         }
 1093         break;
 1094     case RNVCR:
 1095         s->data[0] = s->nonvolatile_cfg & 0xFF;
 1096         s->data[1] = (s->nonvolatile_cfg >> 8) & 0xFF;
 1097         s->pos = 0;
 1098         s->len = 2;
 1099         s->state = STATE_READING_DATA;
 1100         break;
 1101     case WNVCR:
 1102         if (s->write_enable && get_man(s) == MAN_NUMONYX) {
 1103             s->needed_bytes = 2;
 1104             s->pos = 0;
 1105             s->len = 0;
 1106             s->state = STATE_COLLECTING_DATA;
 1107         }
 1108         break;
 1109     case RVCR:
 1110         s->data[0] = s->volatile_cfg & 0xFF;
 1111         s->pos = 0;
 1112         s->len = 1;
 1113         s->state = STATE_READING_DATA;
 1114         break;
 1115     case WVCR:
 1116         if (s->write_enable) {
 1117             s->needed_bytes = 1;
 1118             s->pos = 0;
 1119             s->len = 0;
 1120             s->state = STATE_COLLECTING_DATA;
 1121         }
 1122         break;
 1123     case REVCR:
 1124         s->data[0] = s->enh_volatile_cfg & 0xFF;
 1125         s->pos = 0;
 1126         s->len = 1;
 1127         s->state = STATE_READING_DATA;
 1128         break;
 1129     case WEVCR:
 1130         if (s->write_enable) {
 1131             s->needed_bytes = 1;
 1132             s->pos = 0;
 1133             s->len = 0;
 1134             s->state = STATE_COLLECTING_DATA;
 1135         }
 1136         break;
 1137     case RESET_ENABLE:
 1138         s->reset_enable = true;
 1139         break;
 1140     case RESET_MEMORY:
 1141         if (s->reset_enable) {
 1142             reset_memory(s);
 1143         }
 1144         break;
 1145     case RDCR_EQIO:
 1146         switch (get_man(s)) {
 1147         case MAN_SPANSION:
 1148             s->data[0] = (!!s->quad_enable) << 1;
 1149             s->pos = 0;
 1150             s->len = 1;
 1151             s->state = STATE_READING_DATA;
 1152             break;
 1153         case MAN_MACRONIX:
 1154             s->quad_enable = true;
 1155             break;
 1156         default:
 1157             break;
 1158         }
 1159         break;
 1160     case RSTQIO:
 1161         s->quad_enable = false;
 1162         break;
 1163     default:
 1164         s->pos = 0;
 1165         s->len = 1;
 1166         s->state = STATE_READING_DATA;
 1167         s->data_read_loop = true;
 1168         s->data[0] = 0;
 1169         qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value);
 1170         break;
 1171     }
 1172 }
 1173 
 1174 static int m25p80_cs(SSISlave *ss, bool select)
 1175 {
 1176     Flash *s = M25P80(ss);
 1177 
 1178     if (select) {
 1179         if (s->state == STATE_COLLECTING_VAR_LEN_DATA) {
 1180             complete_collecting_data(s);
 1181         }
 1182         s->len = 0;
 1183         s->pos = 0;
 1184         s->state = STATE_IDLE;
 1185         flash_sync_dirty(s, -1);
 1186         s->data_read_loop = false;
 1187     }
 1188 
 1189     trace_m25p80_select(s, select ? "de" : "");
 1190 
 1191     return 0;
 1192 }
 1193 
 1194 static uint32_t m25p80_transfer8(SSISlave *ss, uint32_t tx)
 1195 {
 1196     Flash *s = M25P80(ss);
 1197     uint32_t r = 0;
 1198 
 1199     trace_m25p80_transfer(s, s->state, s->len, s->needed_bytes, s->pos,
 1200                           s->cur_addr, (uint8_t)tx);
 1201 
 1202     switch (s->state) {
 1203 
 1204     case STATE_PAGE_PROGRAM:
 1205         trace_m25p80_page_program(s, s->cur_addr, (uint8_t)tx);
 1206         flash_write8(s, s->cur_addr, (uint8_t)tx);
 1207         s->cur_addr = (s->cur_addr + 1) & (s->size - 1);
 1208         break;
 1209 
 1210     case STATE_READ:
 1211         r = s->storage[s->cur_addr];
 1212         trace_m25p80_read_byte(s, s->cur_addr, (uint8_t)r);
 1213         s->cur_addr = (s->cur_addr + 1) & (s->size - 1);
 1214         break;
 1215 
 1216     case STATE_COLLECTING_DATA:
 1217     case STATE_COLLECTING_VAR_LEN_DATA:
 1218 
 1219         if (s->len >= M25P80_INTERNAL_DATA_BUFFER_SZ) {
 1220             qemu_log_mask(LOG_GUEST_ERROR,
 1221                           "M25P80: Write overrun internal data buffer. "
 1222                           "SPI controller (QEMU emulator or guest driver) "
 1223                           "is misbehaving\n");
 1224             s->len = s->pos = 0;
 1225             s->state = STATE_IDLE;
 1226             break;
 1227         }
 1228 
 1229         s->data[s->len] = (uint8_t)tx;
 1230         s->len++;
 1231 
 1232         if (s->len == s->needed_bytes) {
 1233             complete_collecting_data(s);
 1234         }
 1235         break;
 1236 
 1237     case STATE_READING_DATA:
 1238 
 1239         if (s->pos >= M25P80_INTERNAL_DATA_BUFFER_SZ) {
 1240             qemu_log_mask(LOG_GUEST_ERROR,
 1241                           "M25P80: Read overrun internal data buffer. "
 1242                           "SPI controller (QEMU emulator or guest driver) "
 1243                           "is misbehaving\n");
 1244             s->len = s->pos = 0;
 1245             s->state = STATE_IDLE;
 1246             break;
 1247         }
 1248 
 1249         r = s->data[s->pos];
 1250         trace_m25p80_read_data(s, s->pos, (uint8_t)r);
 1251         s->pos++;
 1252         if (s->pos == s->len) {
 1253             s->pos = 0;
 1254             if (!s->data_read_loop) {
 1255                 s->state = STATE_IDLE;
 1256             }
 1257         }
 1258         break;
 1259 
 1260     default:
 1261     case STATE_IDLE:
 1262         decode_new_cmd(s, (uint8_t)tx);
 1263         break;
 1264     }
 1265 
 1266     return r;
 1267 }
 1268 
 1269 static void m25p80_realize(SSISlave *ss, Error **errp)
 1270 {
 1271     Flash *s = M25P80(ss);
 1272     M25P80Class *mc = M25P80_GET_CLASS(s);
 1273     int ret;
 1274 
 1275     s->pi = mc->pi;
 1276 
 1277     s->size = s->pi->sector_size * s->pi->n_sectors;
 1278     s->dirty_page = -1;
 1279 
 1280     if (s->blk) {
 1281         uint64_t perm = BLK_PERM_CONSISTENT_READ |
 1282                         (blk_is_read_only(s->blk) ? 0 : BLK_PERM_WRITE);
 1283         ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp);
 1284         if (ret < 0) {
 1285             return;
 1286         }
 1287 
 1288         trace_m25p80_binding(s);
 1289         s->storage = blk_blockalign(s->blk, s->size);
 1290 
 1291         if (blk_pread(s->blk, 0, s->storage, s->size) != s->size) {
 1292             error_setg(errp, "failed to read the initial flash content");
 1293             return;
 1294         }
 1295     } else {
 1296         trace_m25p80_binding_no_bdrv(s);
 1297         s->storage = blk_blockalign(NULL, s->size);
 1298         memset(s->storage, 0xFF, s->size);
 1299     }
 1300 }
 1301 
 1302 static void m25p80_reset(DeviceState *d)
 1303 {
 1304     Flash *s = M25P80(d);
 1305 
 1306     reset_memory(s);
 1307 }
 1308 
 1309 static int m25p80_pre_save(void *opaque)
 1310 {
 1311     flash_sync_dirty((Flash *)opaque, -1);
 1312 
 1313     return 0;
 1314 }
 1315 
 1316 static Property m25p80_properties[] = {
 1317     /* This is default value for Micron flash */
 1318     DEFINE_PROP_UINT32("nonvolatile-cfg", Flash, nonvolatile_cfg, 0x8FFF),
 1319     DEFINE_PROP_UINT8("spansion-cr1nv", Flash, spansion_cr1nv, 0x0),
 1320     DEFINE_PROP_UINT8("spansion-cr2nv", Flash, spansion_cr2nv, 0x8),
 1321     DEFINE_PROP_UINT8("spansion-cr3nv", Flash, spansion_cr3nv, 0x2),
 1322     DEFINE_PROP_UINT8("spansion-cr4nv", Flash, spansion_cr4nv, 0x10),
 1323     DEFINE_PROP_DRIVE("drive", Flash, blk),
 1324     DEFINE_PROP_END_OF_LIST(),
 1325 };
 1326 
 1327 static int m25p80_pre_load(void *opaque)
 1328 {
 1329     Flash *s = (Flash *)opaque;
 1330 
 1331     s->data_read_loop = false;
 1332     return 0;
 1333 }
 1334 
 1335 static bool m25p80_data_read_loop_needed(void *opaque)
 1336 {
 1337     Flash *s = (Flash *)opaque;
 1338 
 1339     return s->data_read_loop;
 1340 }
 1341 
 1342 static const VMStateDescription vmstate_m25p80_data_read_loop = {
 1343     .name = "m25p80/data_read_loop",
 1344     .version_id = 1,
 1345     .minimum_version_id = 1,
 1346     .needed = m25p80_data_read_loop_needed,
 1347     .fields = (VMStateField[]) {
 1348         VMSTATE_BOOL(data_read_loop, Flash),
 1349         VMSTATE_END_OF_LIST()
 1350     }
 1351 };
 1352 
 1353 static const VMStateDescription vmstate_m25p80 = {
 1354     .name = "m25p80",
 1355     .version_id = 0,
 1356     .minimum_version_id = 0,
 1357     .pre_save = m25p80_pre_save,
 1358     .pre_load = m25p80_pre_load,
 1359     .fields = (VMStateField[]) {
 1360         VMSTATE_UINT8(state, Flash),
 1361         VMSTATE_UINT8_ARRAY(data, Flash, M25P80_INTERNAL_DATA_BUFFER_SZ),
 1362         VMSTATE_UINT32(len, Flash),
 1363         VMSTATE_UINT32(pos, Flash),
 1364         VMSTATE_UINT8(needed_bytes, Flash),
 1365         VMSTATE_UINT8(cmd_in_progress, Flash),
 1366         VMSTATE_UINT32(cur_addr, Flash),
 1367         VMSTATE_BOOL(write_enable, Flash),
 1368         VMSTATE_BOOL(reset_enable, Flash),
 1369         VMSTATE_UINT8(ear, Flash),
 1370         VMSTATE_BOOL(four_bytes_address_mode, Flash),
 1371         VMSTATE_UINT32(nonvolatile_cfg, Flash),
 1372         VMSTATE_UINT32(volatile_cfg, Flash),
 1373         VMSTATE_UINT32(enh_volatile_cfg, Flash),
 1374         VMSTATE_BOOL(quad_enable, Flash),
 1375         VMSTATE_UINT8(spansion_cr1nv, Flash),
 1376         VMSTATE_UINT8(spansion_cr2nv, Flash),
 1377         VMSTATE_UINT8(spansion_cr3nv, Flash),
 1378         VMSTATE_UINT8(spansion_cr4nv, Flash),
 1379         VMSTATE_END_OF_LIST()
 1380     },
 1381     .subsections = (const VMStateDescription * []) {
 1382         &vmstate_m25p80_data_read_loop,
 1383         NULL
 1384     }
 1385 };
 1386 
 1387 static void m25p80_class_init(ObjectClass *klass, void *data)
 1388 {
 1389     DeviceClass *dc = DEVICE_CLASS(klass);
 1390     SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
 1391     M25P80Class *mc = M25P80_CLASS(klass);
 1392 
 1393     k->realize = m25p80_realize;
 1394     k->transfer = m25p80_transfer8;
 1395     k->set_cs = m25p80_cs;
 1396     k->cs_polarity = SSI_CS_LOW;
 1397     dc->vmsd = &vmstate_m25p80;
 1398     device_class_set_props(dc, m25p80_properties);
 1399     dc->reset = m25p80_reset;
 1400     mc->pi = data;
 1401 }
 1402 
 1403 static const TypeInfo m25p80_info = {
 1404     .name           = TYPE_M25P80,
 1405     .parent         = TYPE_SSI_SLAVE,
 1406     .instance_size  = sizeof(Flash),
 1407     .class_size     = sizeof(M25P80Class),
 1408     .abstract       = true,
 1409 };
 1410 
 1411 static void m25p80_register_types(void)
 1412 {
 1413     int i;
 1414 
 1415     type_register_static(&m25p80_info);
 1416     for (i = 0; i < ARRAY_SIZE(known_devices); ++i) {
 1417         TypeInfo ti = {
 1418             .name       = known_devices[i].part_name,
 1419             .parent     = TYPE_M25P80,
 1420             .class_init = m25p80_class_init,
 1421             .class_data = (void *)&known_devices[i],
 1422         };
 1423         type_register(&ti);
 1424     }
 1425 }
 1426 
 1427 type_init(m25p80_register_types)