jsflash.c revision 1011c1b9f2e45ce7c6e38888d2b83936aec38771 
1/*
2 * drivers/sbus/char/jsflash.c
3 *
4 *  Copyright (C) 1991, 1992  Linus Torvalds	(drivers/char/mem.c)
5 *  Copyright (C) 1997  Eddie C. Dost		(drivers/sbus/char/flash.c)
6 *  Copyright (C) 1997-2000 Pavel Machek <pavel@ucw.cz>   (drivers/block/nbd.c)
7 *  Copyright (C) 1999-2000 Pete Zaitcev
8 *
9 * This driver is used to program OS into a Flash SIMM on
10 * Krups and Espresso platforms.
11 *
12 * TODO: do not allow erase/programming if file systems are mounted.
13 * TODO: Erase/program both banks of a 8MB SIMM.
14 *
15 * It is anticipated that programming an OS Flash will be a routine
16 * procedure. In the same time it is exeedingly dangerous because
17 * a user can program its OBP flash with OS image and effectively
18 * kill the machine.
19 *
20 * This driver uses an interface different from Eddie's flash.c
21 * as a silly safeguard.
22 *
23 * XXX The flash.c manipulates page caching characteristics in a certain
24 * dubious way; also it assumes that remap_pfn_range() can remap
25 * PCI bus locations, which may be false. ioremap() must be used
26 * instead. We should discuss this.
27 */
28
29#include <linux/module.h>
30#include <linux/smp_lock.h>
31#include <linux/types.h>
32#include <linux/errno.h>
33#include <linux/miscdevice.h>
34#include <linux/slab.h>
35#include <linux/fcntl.h>
36#include <linux/poll.h>
37#include <linux/init.h>
38#include <linux/string.h>
39#include <linux/genhd.h>
40#include <linux/blkdev.h>
41#include <asm/uaccess.h>
42#include <asm/pgtable.h>
43#include <asm/io.h>
44#include <asm/pcic.h>
45#include <asm/oplib.h>
46
47#include <asm/jsflash.h>		/* ioctl arguments. <linux/> ?? */
48#define JSFIDSZ		(sizeof(struct jsflash_ident_arg))
49#define JSFPRGSZ	(sizeof(struct jsflash_program_arg))
50
51/*
52 * Our device numbers have no business in system headers.
53 * The only thing a user knows is the device name /dev/jsflash.
54 *
55 * Block devices are laid out like this:
56 *   minor+0	- Bootstrap, for 8MB SIMM 0x20400000[0x800000]
57 *   minor+1	- Filesystem to mount, normally 0x20400400[0x7ffc00]
58 *   minor+2	- Whole flash area for any case... 0x20000000[0x01000000]
59 * Total 3 minors per flash device.
60 *
61 * It is easier to have static size vectors, so we define
62 * a total minor range JSF_MAX, which must cover all minors.
63 */
64/* character device */
65#define JSF_MINOR	178	/* 178 is registered with hpa */
66/* block device */
67#define JSF_MAX		 3	/* 3 minors wasted total so far. */
68#define JSF_NPART	 3	/* 3 minors per flash device */
69#define JSF_PART_BITS	 2	/* 2 bits of minors to cover JSF_NPART */
70#define JSF_PART_MASK	 0x3	/* 2 bits mask */
71
72/*
73 * Access functions.
74 * We could ioremap(), but it's easier this way.
75 */
76static unsigned int jsf_inl(unsigned long addr)
77{
78	unsigned long retval;
79
80	__asm__ __volatile__("lda [%1] %2, %0\n\t" :
81				"=r" (retval) :
82				"r" (addr), "i" (ASI_M_BYPASS));
83        return retval;
84}
85
86static void jsf_outl(unsigned long addr, __u32 data)
87{
88
89	__asm__ __volatile__("sta %0, [%1] %2\n\t" : :
90				"r" (data), "r" (addr), "i" (ASI_M_BYPASS) :
91				"memory");
92}
93
94/*
95 * soft carrier
96 */
97
98struct jsfd_part {
99	unsigned long dbase;
100	unsigned long dsize;
101};
102
103struct jsflash {
104	unsigned long base;
105	unsigned long size;
106	unsigned long busy;		/* In use? */
107	struct jsflash_ident_arg id;
108	/* int mbase; */		/* Minor base, typically zero */
109	struct jsfd_part dv[JSF_NPART];
110};
111
112/*
113 * We do not map normal memory or obio as a safety precaution.
114 * But offsets are real, for ease of userland programming.
115 */
116#define JSF_BASE_TOP	0x30000000
117#define JSF_BASE_ALL	0x20000000
118
119#define JSF_BASE_JK	0x20400000
120
121/*
122 */
123static struct gendisk *jsfd_disk[JSF_MAX];
124
125/*
126 * Let's pretend we may have several of these...
127 */
128static struct jsflash jsf0;
129
130/*
131 * Wait for AMD to finish its embedded algorithm.
132 * We use the Toggle bit DQ6 (0x40) because it does not
133 * depend on the data value as /DATA bit DQ7 does.
134 *
135 * XXX Do we need any timeout here? So far it never hanged, beware broken hw.
136 */
137static void jsf_wait(unsigned long p) {
138	unsigned int x1, x2;
139
140	for (;;) {
141		x1 = jsf_inl(p);
142		x2 = jsf_inl(p);
143		if ((x1 & 0x40404040) == (x2 & 0x40404040)) return;
144	}
145}
146
147/*
148 * Programming will only work if Flash is clean,
149 * we leave it to the programmer application.
150 *
151 * AMD must be programmed one byte at a time;
152 * thus, Simple Tech SIMM must be written 4 bytes at a time.
153 *
154 * Write waits for the chip to become ready after the write
155 * was finished. This is done so that application would read
156 * consistent data after the write is done.
157 */
158static void jsf_write4(unsigned long fa, u32 data) {
159
160	jsf_outl(fa, 0xAAAAAAAA);		/* Unlock 1 Write 1 */
161	jsf_outl(fa, 0x55555555);		/* Unlock 1 Write 2 */
162	jsf_outl(fa, 0xA0A0A0A0);		/* Byte Program */
163	jsf_outl(fa, data);
164
165	jsf_wait(fa);
166}
167
168/*
169 */
170static void jsfd_read(char *buf, unsigned long p, size_t togo) {
171	union byte4 {
172		char s[4];
173		unsigned int n;
174	} b;
175
176	while (togo >= 4) {
177		togo -= 4;
178		b.n = jsf_inl(p);
179		memcpy(buf, b.s, 4);
180		p += 4;
181		buf += 4;
182	}
183}
184
185static void jsfd_do_request(struct request_queue *q)
186{
187	struct request *req;
188
189	while ((req = elv_next_request(q)) != NULL) {
190		struct jsfd_part *jdp = req->rq_disk->private_data;
191		unsigned long offset = blk_rq_pos(req) << 9;
192		size_t len = blk_rq_cur_bytes(req);
193
194		if ((offset + len) > jdp->dsize) {
195			__blk_end_request_cur(req, -EIO);
196			continue;
197		}
198
199		if (rq_data_dir(req) != READ) {
200			printk(KERN_ERR "jsfd: write\n");
201			__blk_end_request_cur(req, -EIO);
202			continue;
203		}
204
205		if ((jdp->dbase & 0xff000000) != 0x20000000) {
206			printk(KERN_ERR "jsfd: bad base %x\n", (int)jdp->dbase);
207			__blk_end_request_cur(req, -EIO);
208			continue;
209		}
210
211		jsfd_read(req->buffer, jdp->dbase + offset, len);
212
213		__blk_end_request_cur(req, 0);
214	}
215}
216
217/*
218 * The memory devices use the full 32/64 bits of the offset, and so we cannot
219 * check against negative addresses: they are ok. The return value is weird,
220 * though, in that case (0).
221 *
222 * also note that seeking relative to the "end of file" isn't supported:
223 * it has no meaning, so it returns -EINVAL.
224 */
225static loff_t jsf_lseek(struct file * file, loff_t offset, int orig)
226{
227	loff_t ret;
228
229	lock_kernel();
230	switch (orig) {
231		case 0:
232			file->f_pos = offset;
233			ret = file->f_pos;
234			break;
235		case 1:
236			file->f_pos += offset;
237			ret = file->f_pos;
238			break;
239		default:
240			ret = -EINVAL;
241	}
242	unlock_kernel();
243	return ret;
244}
245
246/*
247 * OS SIMM Cannot be read in other size but a 32bits word.
248 */
249static ssize_t jsf_read(struct file * file, char __user * buf,
250    size_t togo, loff_t *ppos)
251{
252	unsigned long p = *ppos;
253	char __user *tmp = buf;
254
255	union byte4 {
256		char s[4];
257		unsigned int n;
258	} b;
259
260	if (p < JSF_BASE_ALL || p >= JSF_BASE_TOP) {
261		return 0;
262	}
263
264	if ((p + togo) < p	/* wrap */
265	   || (p + togo) >= JSF_BASE_TOP) {
266		togo = JSF_BASE_TOP - p;
267	}
268
269	if (p < JSF_BASE_ALL && togo != 0) {
270#if 0 /* __bzero XXX */
271		size_t x = JSF_BASE_ALL - p;
272		if (x > togo) x = togo;
273		clear_user(tmp, x);
274		tmp += x;
275		p += x;
276		togo -= x;
277#else
278		/*
279		 * Implementation of clear_user() calls __bzero
280		 * without regard to modversions,
281		 * so we cannot build a module.
282		 */
283		return 0;
284#endif
285	}
286
287	while (togo >= 4) {
288		togo -= 4;
289		b.n = jsf_inl(p);
290		if (copy_to_user(tmp, b.s, 4))
291			return -EFAULT;
292		tmp += 4;
293		p += 4;
294	}
295
296	/*
297	 * XXX Small togo may remain if 1 byte is ordered.
298	 * It would be nice if we did a word size read and unpacked it.
299	 */
300
301	*ppos = p;
302	return tmp-buf;
303}
304
305static ssize_t jsf_write(struct file * file, const char __user * buf,
306    size_t count, loff_t *ppos)
307{
308	return -ENOSPC;
309}
310
311/*
312 */
313static int jsf_ioctl_erase(unsigned long arg)
314{
315	unsigned long p;
316
317	/* p = jsf0.base;	hits wrong bank */
318	p = 0x20400000;
319
320	jsf_outl(p, 0xAAAAAAAA);		/* Unlock 1 Write 1 */
321	jsf_outl(p, 0x55555555);		/* Unlock 1 Write 2 */
322	jsf_outl(p, 0x80808080);		/* Erase setup */
323	jsf_outl(p, 0xAAAAAAAA);		/* Unlock 2 Write 1 */
324	jsf_outl(p, 0x55555555);		/* Unlock 2 Write 2 */
325	jsf_outl(p, 0x10101010);		/* Chip erase */
326
327#if 0
328	/*
329	 * This code is ok, except that counter based timeout
330	 * has no place in this world. Let's just drop timeouts...
331	 */
332	{
333		int i;
334		__u32 x;
335		for (i = 0; i < 1000000; i++) {
336			x = jsf_inl(p);
337			if ((x & 0x80808080) == 0x80808080) break;
338		}
339		if ((x & 0x80808080) != 0x80808080) {
340			printk("jsf0: erase timeout with 0x%08x\n", x);
341		} else {
342			printk("jsf0: erase done with 0x%08x\n", x);
343		}
344	}
345#else
346	jsf_wait(p);
347#endif
348
349	return 0;
350}
351
352/*
353 * Program a block of flash.
354 * Very simple because we can do it byte by byte anyway.
355 */
356static int jsf_ioctl_program(void __user *arg)
357{
358	struct jsflash_program_arg abuf;
359	char __user *uptr;
360	unsigned long p;
361	unsigned int togo;
362	union {
363		unsigned int n;
364		char s[4];
365	} b;
366
367	if (copy_from_user(&abuf, arg, JSFPRGSZ))
368		return -EFAULT;
369	p = abuf.off;
370	togo = abuf.size;
371	if ((togo & 3) || (p & 3)) return -EINVAL;
372
373	uptr = (char __user *) (unsigned long) abuf.data;
374	while (togo != 0) {
375		togo -= 4;
376		if (copy_from_user(&b.s[0], uptr, 4))
377			return -EFAULT;
378		jsf_write4(p, b.n);
379		p += 4;
380		uptr += 4;
381	}
382
383	return 0;
384}
385
386static long jsf_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
387{
388	lock_kernel();
389	int error = -ENOTTY;
390	void __user *argp = (void __user *)arg;
391
392	if (!capable(CAP_SYS_ADMIN)) {
393		unlock_kernel();
394		return -EPERM;
395	}
396	switch (cmd) {
397	case JSFLASH_IDENT:
398		if (copy_to_user(argp, &jsf0.id, JSFIDSZ)) {
399			unlock_kernel();
400			return -EFAULT;
401		}
402		break;
403	case JSFLASH_ERASE:
404		error = jsf_ioctl_erase(arg);
405		break;
406	case JSFLASH_PROGRAM:
407		error = jsf_ioctl_program(argp);
408		break;
409	}
410
411	unlock_kernel();
412	return error;
413}
414
415static int jsf_mmap(struct file * file, struct vm_area_struct * vma)
416{
417	return -ENXIO;
418}
419
420static int jsf_open(struct inode * inode, struct file * filp)
421{
422	lock_kernel();
423	if (jsf0.base == 0) {
424		unlock_kernel();
425		return -ENXIO;
426	}
427	if (test_and_set_bit(0, (void *)&jsf0.busy) != 0) {
428		unlock_kernel();
429		return -EBUSY;
430	}
431
432	unlock_kernel();
433	return 0;	/* XXX What security? */
434}
435
436static int jsf_release(struct inode *inode, struct file *file)
437{
438	jsf0.busy = 0;
439	return 0;
440}
441
442static const struct file_operations jsf_fops = {
443	.owner =	THIS_MODULE,
444	.llseek =	jsf_lseek,
445	.read =		jsf_read,
446	.write =	jsf_write,
447	.unlocked_ioctl =	jsf_ioctl,
448	.mmap =		jsf_mmap,
449	.open =		jsf_open,
450	.release =	jsf_release,
451};
452
453static struct miscdevice jsf_dev = { JSF_MINOR, "jsflash", &jsf_fops };
454
455static struct block_device_operations jsfd_fops = {
456	.owner =	THIS_MODULE,
457};
458
459static int jsflash_init(void)
460{
461	int rc;
462	struct jsflash *jsf;
463	int node;
464	char banner[128];
465	struct linux_prom_registers reg0;
466
467	node = prom_getchild(prom_root_node);
468	node = prom_searchsiblings(node, "flash-memory");
469	if (node != 0 && node != -1) {
470		if (prom_getproperty(node, "reg",
471		    (char *)&reg0, sizeof(reg0)) == -1) {
472			printk("jsflash: no \"reg\" property\n");
473			return -ENXIO;
474		}
475		if (reg0.which_io != 0) {
476			printk("jsflash: bus number nonzero: 0x%x:%x\n",
477			    reg0.which_io, reg0.phys_addr);
478			return -ENXIO;
479		}
480		/*
481		 * Flash may be somewhere else, for instance on Ebus.
482		 * So, don't do the following check for IIep flash space.
483		 */
484#if 0
485		if ((reg0.phys_addr >> 24) != 0x20) {
486			printk("jsflash: suspicious address: 0x%x:%x\n",
487			    reg0.which_io, reg0.phys_addr);
488			return -ENXIO;
489		}
490#endif
491		if ((int)reg0.reg_size <= 0) {
492			printk("jsflash: bad size 0x%x\n", (int)reg0.reg_size);
493			return -ENXIO;
494		}
495	} else {
496		/* XXX Remove this code once PROLL ID12 got widespread */
497		printk("jsflash: no /flash-memory node, use PROLL >= 12\n");
498		prom_getproperty(prom_root_node, "banner-name", banner, 128);
499		if (strcmp (banner, "JavaStation-NC") != 0 &&
500		    strcmp (banner, "JavaStation-E") != 0) {
501			return -ENXIO;
502		}
503		reg0.which_io = 0;
504		reg0.phys_addr = 0x20400000;
505		reg0.reg_size  = 0x00800000;
506	}
507
508	/* Let us be really paranoid for modifications to probing code. */
509	/* extern enum sparc_cpu sparc_cpu_model; */ /* in <asm/system.h> */
510	if (sparc_cpu_model != sun4m) {
511		/* We must be on sun4m because we use MMU Bypass ASI. */
512		return -ENXIO;
513	}
514
515	if (jsf0.base == 0) {
516		jsf = &jsf0;
517
518		jsf->base = reg0.phys_addr;
519		jsf->size = reg0.reg_size;
520
521		/* XXX Redo the userland interface. */
522		jsf->id.off = JSF_BASE_ALL;
523		jsf->id.size = 0x01000000;	/* 16M - all segments */
524		strcpy(jsf->id.name, "Krups_all");
525
526		jsf->dv[0].dbase = jsf->base;
527		jsf->dv[0].dsize = jsf->size;
528		jsf->dv[1].dbase = jsf->base + 1024;
529		jsf->dv[1].dsize = jsf->size - 1024;
530		jsf->dv[2].dbase = JSF_BASE_ALL;
531		jsf->dv[2].dsize = 0x01000000;
532
533		printk("Espresso Flash @0x%lx [%d MB]\n", jsf->base,
534		    (int) (jsf->size / (1024*1024)));
535	}
536
537	if ((rc = misc_register(&jsf_dev)) != 0) {
538		printk(KERN_ERR "jsf: unable to get misc minor %d\n",
539		    JSF_MINOR);
540		jsf0.base = 0;
541		return rc;
542	}
543
544	return 0;
545}
546
547static struct request_queue *jsf_queue;
548
549static int jsfd_init(void)
550{
551	static DEFINE_SPINLOCK(lock);
552	struct jsflash *jsf;
553	struct jsfd_part *jdp;
554	int err;
555	int i;
556
557	if (jsf0.base == 0)
558		return -ENXIO;
559
560	err = -ENOMEM;
561	for (i = 0; i < JSF_MAX; i++) {
562		struct gendisk *disk = alloc_disk(1);
563		if (!disk)
564			goto out;
565		jsfd_disk[i] = disk;
566	}
567
568	if (register_blkdev(JSFD_MAJOR, "jsfd")) {
569		err = -EIO;
570		goto out;
571	}
572
573	jsf_queue = blk_init_queue(jsfd_do_request, &lock);
574	if (!jsf_queue) {
575		err = -ENOMEM;
576		unregister_blkdev(JSFD_MAJOR, "jsfd");
577		goto out;
578	}
579
580	for (i = 0; i < JSF_MAX; i++) {
581		struct gendisk *disk = jsfd_disk[i];
582		if ((i & JSF_PART_MASK) >= JSF_NPART) continue;
583		jsf = &jsf0;	/* actually, &jsfv[i >> JSF_PART_BITS] */
584		jdp = &jsf->dv[i&JSF_PART_MASK];
585
586		disk->major = JSFD_MAJOR;
587		disk->first_minor = i;
588		sprintf(disk->disk_name, "jsfd%d", i);
589		disk->fops = &jsfd_fops;
590		set_capacity(disk, jdp->dsize >> 9);
591		disk->private_data = jdp;
592		disk->queue = jsf_queue;
593		add_disk(disk);
594		set_disk_ro(disk, 1);
595	}
596	return 0;
597out:
598	while (i--)
599		put_disk(jsfd_disk[i]);
600	return err;
601}
602
603MODULE_LICENSE("GPL");
604
605static int __init jsflash_init_module(void) {
606	int rc;
607
608	if ((rc = jsflash_init()) == 0) {
609		jsfd_init();
610		return 0;
611	}
612	return rc;
613}
614
615static void __exit jsflash_cleanup_module(void)
616{
617	int i;
618
619	for (i = 0; i < JSF_MAX; i++) {
620		if ((i & JSF_PART_MASK) >= JSF_NPART) continue;
621		del_gendisk(jsfd_disk[i]);
622		put_disk(jsfd_disk[i]);
623	}
624	if (jsf0.busy)
625		printk("jsf0: cleaning busy unit\n");
626	jsf0.base = 0;
627	jsf0.busy = 0;
628
629	misc_deregister(&jsf_dev);
630	unregister_blkdev(JSFD_MAJOR, "jsfd");
631	blk_cleanup_queue(jsf_queue);
632}
633
634module_init(jsflash_init_module);
635module_exit(jsflash_cleanup_module);
636