1 /*
2 * drivers/sbus/char/jsflash.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds (drivers/char/mem.c)
5 * Copyright (C) 1997 Eddie C. Dost (drivers/sbus/char/flash.c)
6 * Copyright (C) 1997-2000 Pavel Machek <pavel@ucw.cz> (drivers/block/nbd.c)
7 * Copyright (C) 1999-2000 Pete Zaitcev
8 *
9 * This driver is used to program OS into a Flash SIMM on
10 * Krups and Espresso platforms.
11 *
12 * TODO: do not allow erase/programming if file systems are mounted.
13 * TODO: Erase/program both banks of a 8MB SIMM.
14 *
15 * It is anticipated that programming an OS Flash will be a routine
16 * procedure. In the same time it is exeedingly dangerous because
17 * a user can program its OBP flash with OS image and effectively
18 * kill the machine.
19 *
20 * This driver uses an interface different from Eddie's flash.c
21 * as a silly safeguard.
22 *
23 * XXX The flash.c manipulates page caching characteristics in a certain
24 * dubious way; also it assumes that remap_page_range() can remap
25 * PCI bus locations, which may be false. ioremap() must be used
26 * instead. We should discuss this.
27 */
28
29 #include <linux/module.h>
30 #include <linux/types.h>
31 #include <linux/errno.h>
32 #include <linux/miscdevice.h>
33 #include <linux/slab.h>
34 #include <linux/fcntl.h>
35 #include <linux/poll.h>
36 #include <linux/init.h>
37 #include <linux/string.h>
38 #include <linux/smp_lock.h>
39
40 /*
41 * <linux/blk.h> is controlled from the outside with these definitions.
42 */
43 #define MAJOR_NR JSFD_MAJOR
44
45 #define DEVICE_NAME "jsfd"
46 #define DEVICE_REQUEST jsfd_do_request
47 #define DEVICE_NR(device) (MINOR(device))
48 #define DEVICE_ON(device)
49 #define DEVICE_OFF(device)
50 #define DEVICE_NO_RANDOM
51
52 #include <linux/blk.h>
53
54
55 #include <asm/uaccess.h>
56 #include <asm/pgtable.h>
57 #include <asm/io.h>
58 #include <asm/pcic.h>
59 #include <asm/oplib.h>
60
61 #include <asm/jsflash.h> /* ioctl arguments. <linux/> ?? */
62 #define JSFIDSZ (sizeof(struct jsflash_ident_arg))
63 #define JSFPRGSZ (sizeof(struct jsflash_program_arg))
64
65 /*
66 * Our device numbers have no business in system headers.
67 * The only thing a user knows is the device name /dev/jsflash.
68 *
69 * Block devices are laid out like this:
70 * minor+0 - Bootstrap, for 8MB SIMM 0x20400000[0x800000]
71 * minor+1 - Filesystem to mount, normally 0x20400400[0x7ffc00]
72 * minor+2 - Whole flash area for any case... 0x20000000[0x01000000]
73 * Total 3 minors per flash device.
74 *
75 * It is easier to have static size vectors, so we define
76 * a total minor range JSF_MAX, which must cover all minors.
77 */
78 /* character device */
79 #define JSF_MINOR 178 /* 178 is registered with hpa */
80 /* block device */
81 #define JSF_MAX 3 /* 3 minors wasted total so far. */
82 #define JSF_NPART 3 /* 3 minors per flash device */
83 #define JSF_PART_BITS 2 /* 2 bits of minors to cover JSF_NPART */
84 #define JSF_PART_MASK 0x3 /* 2 bits mask */
85
86 /*
87 * Access functions.
88 * We could ioremap(), but it's easier this way.
89 */
jsf_inl(unsigned long addr)90 static unsigned int jsf_inl(unsigned long addr)
91 {
92 unsigned long retval;
93
94 __asm__ __volatile__("lda [%1] %2, %0\n\t" :
95 "=r" (retval) :
96 "r" (addr), "i" (ASI_M_BYPASS));
97 return retval;
98 }
99
jsf_outl(unsigned long addr,__u32 data)100 static void jsf_outl(unsigned long addr, __u32 data)
101 {
102
103 __asm__ __volatile__("sta %0, [%1] %2\n\t" : :
104 "r" (data), "r" (addr), "i" (ASI_M_BYPASS) :
105 "memory");
106 }
107
108 /*
109 * soft carrier
110 */
111
112 struct jsfd_part {
113 unsigned long dbase;
114 unsigned long dsize;
115 int refcnt;
116 };
117
118 struct jsflash {
119 unsigned long base;
120 unsigned long size;
121 unsigned long busy; /* In use? */
122 struct jsflash_ident_arg id;
123 /* int mbase; */ /* Minor base, typically zero */
124 struct jsfd_part dv[JSF_NPART];
125 };
126
127 /*
128 * We do not map normal memory or obio as a safety precaution.
129 * But offsets are real, for ease of userland programming.
130 */
131 #define JSF_BASE_TOP 0x30000000
132 #define JSF_BASE_ALL 0x20000000
133
134 #define JSF_BASE_JK 0x20400000
135
136 /*
137 */
138 static int jsfd_blksizes[JSF_MAX];
139 static int jsfd_sizes[JSF_MAX];
140 static u64 jsfd_bytesizes[JSF_MAX];
141
142 /*
143 * Let's pretend we may have several of these...
144 */
145 static struct jsflash jsf0;
146
147 /*
148 * Wait for AMD to finish its embedded algorithm.
149 * We use the Toggle bit DQ6 (0x40) because it does not
150 * depend on the data value as /DATA bit DQ7 does.
151 *
152 * XXX Do we need any timeout here? So far it never hanged, beware broken hw.
153 */
jsf_wait(unsigned long p)154 static void jsf_wait(unsigned long p) {
155 unsigned int x1, x2;
156
157 for (;;) {
158 x1 = jsf_inl(p);
159 x2 = jsf_inl(p);
160 if ((x1 & 0x40404040) == (x2 & 0x40404040)) return;
161 }
162 }
163
164 /*
165 * Programming will only work if Flash is clean,
166 * we leave it to the programmer application.
167 *
168 * AMD must be programmed one byte at a time;
169 * thus, Simple Tech SIMM must be written 4 bytes at a time.
170 *
171 * Write waits for the chip to become ready after the write
172 * was finished. This is done so that application would read
173 * consistent data after the write is done.
174 */
jsf_write4(unsigned long fa,u32 data)175 static void jsf_write4(unsigned long fa, u32 data) {
176
177 jsf_outl(fa, 0xAAAAAAAA); /* Unlock 1 Write 1 */
178 jsf_outl(fa, 0x55555555); /* Unlock 1 Write 2 */
179 jsf_outl(fa, 0xA0A0A0A0); /* Byte Program */
180 jsf_outl(fa, data);
181
182 jsf_wait(fa);
183 }
184
185 /*
186 */
jsfd_read(char * buf,unsigned long p,size_t togo)187 static void jsfd_read(char *buf, unsigned long p, size_t togo) {
188 union byte4 {
189 char s[4];
190 unsigned int n;
191 } b;
192
193 while (togo >= 4) {
194 togo -= 4;
195 b.n = jsf_inl(p);
196 memcpy(buf, b.s, 4);
197 p += 4;
198 buf += 4;
199 }
200 }
201
jsfd_do_request(request_queue_t * q)202 static void jsfd_do_request(request_queue_t *q)
203 {
204 struct request *req;
205 int dev;
206 struct jsfd_part *jdp;
207 unsigned long offset;
208 size_t len;
209
210 for (;;) {
211 INIT_REQUEST; /* if (QUEUE_EMPTY) return; */
212 req = CURRENT;
213
214 dev = MINOR(req->rq_dev);
215 if (dev >= JSF_MAX || (dev & JSF_PART_MASK) >= JSF_NPART) {
216 end_request(0);
217 continue;
218 }
219 jdp = &jsf0.dv[dev & JSF_PART_MASK];
220
221 offset = req->sector << 9;
222 len = req->current_nr_sectors << 9;
223 if ((offset + len) > jdp->dsize) {
224 end_request(0);
225 continue;
226 }
227
228 if (req->cmd == WRITE) {
229 printk(KERN_ERR "jsfd: write\n");
230 end_request(0);
231 continue;
232 }
233 if (req->cmd != READ) {
234 printk(KERN_ERR "jsfd: bad req->cmd %d\n", req->cmd);
235 end_request(0);
236 continue;
237 }
238
239 if ((jdp->dbase & 0xff000000) != 0x20000000) {
240 printk(KERN_ERR "jsfd: bad base %x\n", (int)jdp->dbase);
241 end_request(0);
242 continue;
243 }
244
245 /* printk("jsfd%d: read buf %p off %x len %x\n", dev, req->buffer, (int)offset, (int)len); */ /* P3 */
246 jsfd_read(req->buffer, jdp->dbase + offset, len);
247
248 end_request(1);
249 }
250 }
251
252 /*
253 * The memory devices use the full 32/64 bits of the offset, and so we cannot
254 * check against negative addresses: they are ok. The return value is weird,
255 * though, in that case (0).
256 *
257 * also note that seeking relative to the "end of file" isn't supported:
258 * it has no meaning, so it returns -EINVAL.
259 */
jsf_lseek(struct file * file,loff_t offset,int orig)260 static loff_t jsf_lseek(struct file * file, loff_t offset, int orig)
261 {
262 switch (orig) {
263 case 0:
264 file->f_pos = offset;
265 return file->f_pos;
266 case 1:
267 file->f_pos += offset;
268 return file->f_pos;
269 default:
270 return -EINVAL;
271 }
272 }
273
274 /*
275 * OS SIMM Cannot be read in other size but a 32bits word.
276 */
jsf_read(struct file * file,char * buf,size_t togo,loff_t * ppos)277 static ssize_t jsf_read(struct file * file, char * buf,
278 size_t togo, loff_t *ppos)
279 {
280 unsigned long p = *ppos;
281 char *tmp = buf;
282
283 union byte4 {
284 char s[4];
285 unsigned int n;
286 } b;
287
288 if (verify_area(VERIFY_WRITE, buf, togo))
289 return -EFAULT;
290
291 if (p < JSF_BASE_ALL || p >= JSF_BASE_TOP) {
292 return 0;
293 }
294
295 if ((p + togo) < p /* wrap */
296 || (p + togo) >= JSF_BASE_TOP) {
297 togo = JSF_BASE_TOP - p;
298 }
299
300 if (p < JSF_BASE_ALL && togo != 0) {
301 #if 0 /* __bzero XXX */
302 size_t x = JSF_BASE_ALL - p;
303 if (x > togo) x = togo;
304 clear_user(tmp, x);
305 tmp += x;
306 p += x;
307 togo -= x;
308 #else
309 /*
310 * Implementation of clear_user() calls __bzero
311 * without regard to modversions,
312 * so we cannot build a module.
313 */
314 return 0;
315 #endif
316 }
317
318 while (togo >= 4) {
319 togo -= 4;
320 b.n = jsf_inl(p);
321 copy_to_user(tmp, b.s, 4);
322 tmp += 4;
323 p += 4;
324 }
325
326 /*
327 * XXX Small togo may remain if 1 byte is ordered.
328 * It would be nice if we did a word size read and unpacked it.
329 */
330
331 *ppos = p;
332 return tmp-buf;
333 }
334
jsf_write(struct file * file,const char * buf,size_t count,loff_t * ppos)335 static ssize_t jsf_write(struct file * file, const char * buf,
336 size_t count, loff_t *ppos)
337 {
338 return -ENOSPC;
339 }
340
341 /*
342 */
jsf_ioctl_erase(unsigned long arg)343 static int jsf_ioctl_erase(unsigned long arg)
344 {
345 unsigned long p;
346
347 /* p = jsf0.base; hits wrong bank */
348 p = 0x20400000;
349
350 jsf_outl(p, 0xAAAAAAAA); /* Unlock 1 Write 1 */
351 jsf_outl(p, 0x55555555); /* Unlock 1 Write 2 */
352 jsf_outl(p, 0x80808080); /* Erase setup */
353 jsf_outl(p, 0xAAAAAAAA); /* Unlock 2 Write 1 */
354 jsf_outl(p, 0x55555555); /* Unlock 2 Write 2 */
355 jsf_outl(p, 0x10101010); /* Chip erase */
356
357 #if 0
358 /*
359 * This code is ok, except that counter based timeout
360 * has no place in this world. Let's just drop timeouts...
361 */
362 {
363 int i;
364 __u32 x;
365 for (i = 0; i < 1000000; i++) {
366 x = jsf_inl(p);
367 if ((x & 0x80808080) == 0x80808080) break;
368 }
369 if ((x & 0x80808080) != 0x80808080) {
370 printk("jsf0: erase timeout with 0x%08x\n", x);
371 } else {
372 printk("jsf0: erase done with 0x%08x\n", x);
373 }
374 }
375 #else
376 jsf_wait(p);
377 #endif
378
379 return 0;
380 }
381
382 /*
383 * Program a block of flash.
384 * Very simple because we can do it byte by byte anyway.
385 */
jsf_ioctl_program(unsigned long arg)386 static int jsf_ioctl_program(unsigned long arg)
387 {
388 struct jsflash_program_arg abuf;
389 char *uptr;
390 unsigned long p;
391 unsigned int togo;
392 union {
393 unsigned int n;
394 char s[4];
395 } b;
396
397 if (verify_area(VERIFY_READ, (void *)arg, JSFPRGSZ))
398 return -EFAULT;
399 copy_from_user(&abuf, (char *)arg, JSFPRGSZ);
400 p = abuf.off;
401 togo = abuf.size;
402 if ((togo & 3) || (p & 3)) return -EINVAL;
403
404 uptr = (char *) (unsigned long) abuf.data;
405 if (verify_area(VERIFY_READ, uptr, togo))
406 return -EFAULT;
407 while (togo != 0) {
408 togo -= 4;
409 copy_from_user(&b.s[0], uptr, 4);
410 jsf_write4(p, b.n);
411 p += 4;
412 uptr += 4;
413 }
414
415 return 0;
416 }
417
jsf_ioctl(struct inode * inode,struct file * f,unsigned int cmd,unsigned long arg)418 static int jsf_ioctl(struct inode *inode, struct file *f, unsigned int cmd,
419 unsigned long arg)
420 {
421 int error = -ENOTTY;
422
423 if (!capable(CAP_SYS_ADMIN))
424 return -EPERM;
425 switch (cmd) {
426 case JSFLASH_IDENT:
427 if (verify_area(VERIFY_WRITE, (void *)arg, JSFIDSZ))
428 return -EFAULT;
429 copy_to_user(arg, &jsf0.id, JSFIDSZ);
430 error = 0;
431 break;
432 case JSFLASH_ERASE:
433 error = jsf_ioctl_erase(arg);
434 break;
435 case JSFLASH_PROGRAM:
436 error = jsf_ioctl_program(arg);
437 break;
438 }
439
440 return error;
441 }
442
jsfd_ioctl(struct inode * inode,struct file * file,unsigned int cmd,unsigned long arg)443 static int jsfd_ioctl(struct inode *inode, struct file *file,
444 unsigned int cmd, unsigned long arg)
445 {
446 int dev;
447
448 if (!capable(CAP_SYS_ADMIN))
449 return -EPERM;
450 if (!inode)
451 return -EINVAL;
452 if ((dev = MINOR(inode->i_rdev)) >= JSF_MAX) return -ENODEV;
453
454 switch (cmd) {
455 case BLKGETSIZE:
456 return put_user(jsfd_bytesizes[dev] >> 9, (unsigned long *) arg);
457 case BLKGETSIZE64:
458 return put_user(jsfd_bytesizes[dev], (u64 *) arg);
459
460 #if 0
461 case BLKROSET:
462 case BLKROGET:
463 case BLKSSZGET:
464 return blk_ioctl(inode->i_rdev, cmd, arg);
465 #endif
466
467 /* case BLKFLSBUF: */ /* Program, then read, what happens? Stale? */
468 default: ;
469 }
470 return -ENOTTY;
471 }
472
jsf_mmap(struct file * file,struct vm_area_struct * vma)473 static int jsf_mmap(struct file * file, struct vm_area_struct * vma)
474 {
475 return -ENXIO;
476 }
477
jsf_open(struct inode * inode,struct file * filp)478 static int jsf_open(struct inode * inode, struct file * filp)
479 {
480
481 if (jsf0.base == 0) return -ENXIO;
482 if (test_and_set_bit(0, (void *)&jsf0.busy) != 0)
483 return -EBUSY;
484
485 return 0; /* XXX What security? */
486 }
487
jsfd_open(struct inode * inode,struct file * file)488 static int jsfd_open(struct inode *inode, struct file *file)
489 {
490 struct jsfd_part *jdp;
491 int dev;
492
493 if (!inode)
494 return -EINVAL;
495 dev = MINOR(inode->i_rdev);
496 if (dev >= JSF_MAX || (dev & JSF_PART_MASK) >= JSF_NPART) {
497 printk(KERN_ALERT "jsfd_open: illegal minor %d\n", dev);
498 return -ENODEV;
499 }
500
501 jdp = &jsf0.dv[dev];
502 jdp->refcnt++;
503
504 return 0;
505 }
506
jsf_release(struct inode * inode,struct file * file)507 static int jsf_release(struct inode *inode, struct file *file)
508 {
509 jsf0.busy = 0;
510 return 0;
511 }
512
jsfd_release(struct inode * inode,struct file * file)513 static int jsfd_release(struct inode *inode, struct file *file)
514 {
515 struct jsfd_part *jdp;
516 int dev;
517
518 if (!inode)
519 return -ENODEV;
520 dev = MINOR(inode->i_rdev);
521 if (dev >= JSF_MAX || (dev & JSF_PART_MASK) >= JSF_NPART) {
522 printk(KERN_ALERT "jsfd_release: illegal minor %d\n", dev);
523 return -ENODEV;
524 }
525
526 jdp = &jsf0.dv[dev];
527 if (jdp->refcnt <= 0) {
528 printk(KERN_ALERT "jsfd_release: bad ref on minor %d\n", dev);
529 } else {
530 --jdp->refcnt;
531 }
532 /* N.B. Doesn't lo->file need an fput?? */
533 return 0;
534 }
535
536 static struct file_operations jsf_fops = {
537 owner: THIS_MODULE,
538 llseek: jsf_lseek,
539 read: jsf_read,
540 write: jsf_write,
541 ioctl: jsf_ioctl,
542 mmap: jsf_mmap,
543 open: jsf_open,
544 release: jsf_release,
545 };
546
547 static struct miscdevice jsf_dev = { JSF_MINOR, "jsflash", &jsf_fops };
548
549 static struct block_device_operations jsfd_fops = {
550 owner: THIS_MODULE,
551 open: jsfd_open,
552 release: jsfd_release,
553 ioctl: jsfd_ioctl,
554 };
555
556 EXPORT_NO_SYMBOLS;
557
jsflash_init(void)558 int jsflash_init(void)
559 {
560 int rc;
561 struct jsflash *jsf;
562 int node;
563 char banner[128];
564 struct linux_prom_registers reg0;
565
566 node = prom_getchild(prom_root_node);
567 node = prom_searchsiblings(node, "flash-memory");
568 if (node != 0 && node != -1) {
569 if (prom_getproperty(node, "reg",
570 (char *)®0, sizeof(reg0)) == -1) {
571 printk("jsflash: no \"reg\" property\n");
572 return -ENXIO;
573 }
574 if (reg0.which_io != 0) {
575 printk("jsflash: bus number nonzero: 0x%x:%x\n",
576 reg0.which_io, reg0.phys_addr);
577 return -ENXIO;
578 }
579 /*
580 * Flash may be somewhere else, for instance on Ebus.
581 * So, don't do the following check for IIep flash space.
582 */
583 #if 0
584 if ((reg0.phys_addr >> 24) != 0x20) {
585 printk("jsflash: suspicious address: 0x%x:%x\n",
586 reg0.which_io, reg0.phys_addr);
587 return -ENXIO;
588 }
589 #endif
590 if ((int)reg0.reg_size <= 0) {
591 printk("jsflash: bad size 0x%x\n", (int)reg0.reg_size);
592 return -ENXIO;
593 }
594 } else {
595 /* XXX Remove this code once PROLL ID12 got widespread */
596 printk("jsflash: no /flash-memory node, use PROLL >= 12\n");
597 prom_getproperty(prom_root_node, "banner-name", banner, 128);
598 if (strcmp (banner, "JavaStation-NC") != 0 &&
599 strcmp (banner, "JavaStation-E") != 0) {
600 return -ENXIO;
601 }
602 reg0.which_io = 0;
603 reg0.phys_addr = 0x20400000;
604 reg0.reg_size = 0x00800000;
605 }
606
607 /* Let us be really paranoid for modifications to probing code. */
608 /* extern enum sparc_cpu sparc_cpu_model; */ /* in <asm/system.h> */
609 if (sparc_cpu_model != sun4m) {
610 /* We must be on sun4m because we use MMU Bypass ASI. */
611 return -ENXIO;
612 }
613
614 if (jsf0.base == 0) {
615 jsf = &jsf0;
616
617 jsf->base = reg0.phys_addr;
618 jsf->size = reg0.reg_size;
619
620 /* XXX Redo the userland interface. */
621 jsf->id.off = JSF_BASE_ALL;
622 jsf->id.size = 0x01000000; /* 16M - all segments */
623 strcpy(jsf->id.name, "Krups_all");
624
625 jsf->dv[0].dbase = jsf->base;
626 jsf->dv[0].dsize = jsf->size;
627 jsf->dv[1].dbase = jsf->base + 1024;
628 jsf->dv[1].dsize = jsf->size - 1024;
629 jsf->dv[2].dbase = JSF_BASE_ALL;
630 jsf->dv[2].dsize = 0x01000000;
631
632 printk("Espresso Flash @0x%lx [%d MB]\n", jsf->base,
633 (int) (jsf->size / (1024*1024)));
634 }
635
636 if ((rc = misc_register(&jsf_dev)) != 0) {
637 printk(KERN_ERR "jsf: unable to get misc minor %d\n",
638 JSF_MINOR);
639 jsf0.base = 0;
640 return rc;
641 }
642
643 return 0;
644 }
645
jsfd_init(void)646 int jsfd_init(void) {
647 struct jsflash *jsf;
648 struct jsfd_part *jdp;
649 int i;
650
651 if (jsf0.base == 0) {
652 return -ENXIO;
653 }
654
655 if (register_blkdev(JSFD_MAJOR, "jsfd", &jsfd_fops)) {
656 printk("jsfd_init: unable to get major number %d\n",
657 JSFD_MAJOR);
658 return -EIO;
659 }
660
661 blksize_size[JSFD_MAJOR] = jsfd_blksizes;
662 blk_size[JSFD_MAJOR] = jsfd_sizes;
663
664 blk_init_queue(BLK_DEFAULT_QUEUE(MAJOR_NR), DEVICE_REQUEST);
665 /* blk_queue_headactive(BLK_DEFAULT_QUEUE(MAJOR_NR), 0); */
666 for (i = 0; i < JSF_MAX; i++) {
667 if ((i & JSF_PART_MASK) >= JSF_NPART) continue;
668 jsf = &jsf0; /* actually, &jsfv[i >> JSF_PART_BITS] */
669 jdp = &jsf->dv[i&JSF_PART_MASK];
670
671 jdp->refcnt = 0;
672
673 jsfd_blksizes[i] = 1024;
674 jsfd_bytesizes[i] = jdp->dsize;
675 jsfd_sizes[i] = jsfd_bytesizes[i] >> 10;
676 register_disk(NULL, MKDEV(JSFD_MAJOR, i), 1, &jsfd_fops,
677 jsfd_bytesizes[i] >> 9);
678 set_device_ro(MKDEV(JSFD_MAJOR, i), 1);
679 }
680 return 0;
681 }
682
683 #ifdef MODULE
684 MODULE_LICENSE("GPL");
685
init_module(void)686 int init_module(void) {
687 int rc;
688
689 if ((rc = jsflash_init()) == 0) {
690 jsfd_init();
691 return 0;
692 }
693 return rc;
694 }
695
cleanup_module(void)696 void cleanup_module(void) {
697
698 /* for (all probed units) { } */
699 if (jsf0.busy)
700 printk("jsf0: cleaning busy unit\n");
701 jsf0.base = 0;
702 jsf0.busy = 0;
703
704 misc_deregister(&jsf_dev);
705 if (unregister_blkdev(JSFD_MAJOR, "jsfd") != 0)
706 printk("jsfd: cleanup_module failed\n");
707 blk_cleanup_queue(BLK_DEFAULT_QUEUE(MAJOR_NR));
708 }
709 #endif
710