jsflash.c revision 1011c1b9f2e45ce7c6e38888d2b83936aec38771
1/* 2 * drivers/sbus/char/jsflash.c 3 * 4 * Copyright (C) 1991, 1992 Linus Torvalds (drivers/char/mem.c) 5 * Copyright (C) 1997 Eddie C. Dost (drivers/sbus/char/flash.c) 6 * Copyright (C) 1997-2000 Pavel Machek <pavel@ucw.cz> (drivers/block/nbd.c) 7 * Copyright (C) 1999-2000 Pete Zaitcev 8 * 9 * This driver is used to program OS into a Flash SIMM on 10 * Krups and Espresso platforms. 11 * 12 * TODO: do not allow erase/programming if file systems are mounted. 13 * TODO: Erase/program both banks of a 8MB SIMM. 14 * 15 * It is anticipated that programming an OS Flash will be a routine 16 * procedure. In the same time it is exeedingly dangerous because 17 * a user can program its OBP flash with OS image and effectively 18 * kill the machine. 19 * 20 * This driver uses an interface different from Eddie's flash.c 21 * as a silly safeguard. 22 * 23 * XXX The flash.c manipulates page caching characteristics in a certain 24 * dubious way; also it assumes that remap_pfn_range() can remap 25 * PCI bus locations, which may be false. ioremap() must be used 26 * instead. We should discuss this. 27 */ 28 29#include <linux/module.h> 30#include <linux/smp_lock.h> 31#include <linux/types.h> 32#include <linux/errno.h> 33#include <linux/miscdevice.h> 34#include <linux/slab.h> 35#include <linux/fcntl.h> 36#include <linux/poll.h> 37#include <linux/init.h> 38#include <linux/string.h> 39#include <linux/genhd.h> 40#include <linux/blkdev.h> 41#include <asm/uaccess.h> 42#include <asm/pgtable.h> 43#include <asm/io.h> 44#include <asm/pcic.h> 45#include <asm/oplib.h> 46 47#include <asm/jsflash.h> /* ioctl arguments. <linux/> ?? */ 48#define JSFIDSZ (sizeof(struct jsflash_ident_arg)) 49#define JSFPRGSZ (sizeof(struct jsflash_program_arg)) 50 51/* 52 * Our device numbers have no business in system headers. 53 * The only thing a user knows is the device name /dev/jsflash. 54 * 55 * Block devices are laid out like this: 56 * minor+0 - Bootstrap, for 8MB SIMM 0x20400000[0x800000] 57 * minor+1 - Filesystem to mount, normally 0x20400400[0x7ffc00] 58 * minor+2 - Whole flash area for any case... 0x20000000[0x01000000] 59 * Total 3 minors per flash device. 60 * 61 * It is easier to have static size vectors, so we define 62 * a total minor range JSF_MAX, which must cover all minors. 63 */ 64/* character device */ 65#define JSF_MINOR 178 /* 178 is registered with hpa */ 66/* block device */ 67#define JSF_MAX 3 /* 3 minors wasted total so far. */ 68#define JSF_NPART 3 /* 3 minors per flash device */ 69#define JSF_PART_BITS 2 /* 2 bits of minors to cover JSF_NPART */ 70#define JSF_PART_MASK 0x3 /* 2 bits mask */ 71 72/* 73 * Access functions. 74 * We could ioremap(), but it's easier this way. 75 */ 76static unsigned int jsf_inl(unsigned long addr) 77{ 78 unsigned long retval; 79 80 __asm__ __volatile__("lda [%1] %2, %0\n\t" : 81 "=r" (retval) : 82 "r" (addr), "i" (ASI_M_BYPASS)); 83 return retval; 84} 85 86static void jsf_outl(unsigned long addr, __u32 data) 87{ 88 89 __asm__ __volatile__("sta %0, [%1] %2\n\t" : : 90 "r" (data), "r" (addr), "i" (ASI_M_BYPASS) : 91 "memory"); 92} 93 94/* 95 * soft carrier 96 */ 97 98struct jsfd_part { 99 unsigned long dbase; 100 unsigned long dsize; 101}; 102 103struct jsflash { 104 unsigned long base; 105 unsigned long size; 106 unsigned long busy; /* In use? */ 107 struct jsflash_ident_arg id; 108 /* int mbase; */ /* Minor base, typically zero */ 109 struct jsfd_part dv[JSF_NPART]; 110}; 111 112/* 113 * We do not map normal memory or obio as a safety precaution. 114 * But offsets are real, for ease of userland programming. 115 */ 116#define JSF_BASE_TOP 0x30000000 117#define JSF_BASE_ALL 0x20000000 118 119#define JSF_BASE_JK 0x20400000 120 121/* 122 */ 123static struct gendisk *jsfd_disk[JSF_MAX]; 124 125/* 126 * Let's pretend we may have several of these... 127 */ 128static struct jsflash jsf0; 129 130/* 131 * Wait for AMD to finish its embedded algorithm. 132 * We use the Toggle bit DQ6 (0x40) because it does not 133 * depend on the data value as /DATA bit DQ7 does. 134 * 135 * XXX Do we need any timeout here? So far it never hanged, beware broken hw. 136 */ 137static void jsf_wait(unsigned long p) { 138 unsigned int x1, x2; 139 140 for (;;) { 141 x1 = jsf_inl(p); 142 x2 = jsf_inl(p); 143 if ((x1 & 0x40404040) == (x2 & 0x40404040)) return; 144 } 145} 146 147/* 148 * Programming will only work if Flash is clean, 149 * we leave it to the programmer application. 150 * 151 * AMD must be programmed one byte at a time; 152 * thus, Simple Tech SIMM must be written 4 bytes at a time. 153 * 154 * Write waits for the chip to become ready after the write 155 * was finished. This is done so that application would read 156 * consistent data after the write is done. 157 */ 158static void jsf_write4(unsigned long fa, u32 data) { 159 160 jsf_outl(fa, 0xAAAAAAAA); /* Unlock 1 Write 1 */ 161 jsf_outl(fa, 0x55555555); /* Unlock 1 Write 2 */ 162 jsf_outl(fa, 0xA0A0A0A0); /* Byte Program */ 163 jsf_outl(fa, data); 164 165 jsf_wait(fa); 166} 167 168/* 169 */ 170static void jsfd_read(char *buf, unsigned long p, size_t togo) { 171 union byte4 { 172 char s[4]; 173 unsigned int n; 174 } b; 175 176 while (togo >= 4) { 177 togo -= 4; 178 b.n = jsf_inl(p); 179 memcpy(buf, b.s, 4); 180 p += 4; 181 buf += 4; 182 } 183} 184 185static void jsfd_do_request(struct request_queue *q) 186{ 187 struct request *req; 188 189 while ((req = elv_next_request(q)) != NULL) { 190 struct jsfd_part *jdp = req->rq_disk->private_data; 191 unsigned long offset = blk_rq_pos(req) << 9; 192 size_t len = blk_rq_cur_bytes(req); 193 194 if ((offset + len) > jdp->dsize) { 195 __blk_end_request_cur(req, -EIO); 196 continue; 197 } 198 199 if (rq_data_dir(req) != READ) { 200 printk(KERN_ERR "jsfd: write\n"); 201 __blk_end_request_cur(req, -EIO); 202 continue; 203 } 204 205 if ((jdp->dbase & 0xff000000) != 0x20000000) { 206 printk(KERN_ERR "jsfd: bad base %x\n", (int)jdp->dbase); 207 __blk_end_request_cur(req, -EIO); 208 continue; 209 } 210 211 jsfd_read(req->buffer, jdp->dbase + offset, len); 212 213 __blk_end_request_cur(req, 0); 214 } 215} 216 217/* 218 * The memory devices use the full 32/64 bits of the offset, and so we cannot 219 * check against negative addresses: they are ok. The return value is weird, 220 * though, in that case (0). 221 * 222 * also note that seeking relative to the "end of file" isn't supported: 223 * it has no meaning, so it returns -EINVAL. 224 */ 225static loff_t jsf_lseek(struct file * file, loff_t offset, int orig) 226{ 227 loff_t ret; 228 229 lock_kernel(); 230 switch (orig) { 231 case 0: 232 file->f_pos = offset; 233 ret = file->f_pos; 234 break; 235 case 1: 236 file->f_pos += offset; 237 ret = file->f_pos; 238 break; 239 default: 240 ret = -EINVAL; 241 } 242 unlock_kernel(); 243 return ret; 244} 245 246/* 247 * OS SIMM Cannot be read in other size but a 32bits word. 248 */ 249static ssize_t jsf_read(struct file * file, char __user * buf, 250 size_t togo, loff_t *ppos) 251{ 252 unsigned long p = *ppos; 253 char __user *tmp = buf; 254 255 union byte4 { 256 char s[4]; 257 unsigned int n; 258 } b; 259 260 if (p < JSF_BASE_ALL || p >= JSF_BASE_TOP) { 261 return 0; 262 } 263 264 if ((p + togo) < p /* wrap */ 265 || (p + togo) >= JSF_BASE_TOP) { 266 togo = JSF_BASE_TOP - p; 267 } 268 269 if (p < JSF_BASE_ALL && togo != 0) { 270#if 0 /* __bzero XXX */ 271 size_t x = JSF_BASE_ALL - p; 272 if (x > togo) x = togo; 273 clear_user(tmp, x); 274 tmp += x; 275 p += x; 276 togo -= x; 277#else 278 /* 279 * Implementation of clear_user() calls __bzero 280 * without regard to modversions, 281 * so we cannot build a module. 282 */ 283 return 0; 284#endif 285 } 286 287 while (togo >= 4) { 288 togo -= 4; 289 b.n = jsf_inl(p); 290 if (copy_to_user(tmp, b.s, 4)) 291 return -EFAULT; 292 tmp += 4; 293 p += 4; 294 } 295 296 /* 297 * XXX Small togo may remain if 1 byte is ordered. 298 * It would be nice if we did a word size read and unpacked it. 299 */ 300 301 *ppos = p; 302 return tmp-buf; 303} 304 305static ssize_t jsf_write(struct file * file, const char __user * buf, 306 size_t count, loff_t *ppos) 307{ 308 return -ENOSPC; 309} 310 311/* 312 */ 313static int jsf_ioctl_erase(unsigned long arg) 314{ 315 unsigned long p; 316 317 /* p = jsf0.base; hits wrong bank */ 318 p = 0x20400000; 319 320 jsf_outl(p, 0xAAAAAAAA); /* Unlock 1 Write 1 */ 321 jsf_outl(p, 0x55555555); /* Unlock 1 Write 2 */ 322 jsf_outl(p, 0x80808080); /* Erase setup */ 323 jsf_outl(p, 0xAAAAAAAA); /* Unlock 2 Write 1 */ 324 jsf_outl(p, 0x55555555); /* Unlock 2 Write 2 */ 325 jsf_outl(p, 0x10101010); /* Chip erase */ 326 327#if 0 328 /* 329 * This code is ok, except that counter based timeout 330 * has no place in this world. Let's just drop timeouts... 331 */ 332 { 333 int i; 334 __u32 x; 335 for (i = 0; i < 1000000; i++) { 336 x = jsf_inl(p); 337 if ((x & 0x80808080) == 0x80808080) break; 338 } 339 if ((x & 0x80808080) != 0x80808080) { 340 printk("jsf0: erase timeout with 0x%08x\n", x); 341 } else { 342 printk("jsf0: erase done with 0x%08x\n", x); 343 } 344 } 345#else 346 jsf_wait(p); 347#endif 348 349 return 0; 350} 351 352/* 353 * Program a block of flash. 354 * Very simple because we can do it byte by byte anyway. 355 */ 356static int jsf_ioctl_program(void __user *arg) 357{ 358 struct jsflash_program_arg abuf; 359 char __user *uptr; 360 unsigned long p; 361 unsigned int togo; 362 union { 363 unsigned int n; 364 char s[4]; 365 } b; 366 367 if (copy_from_user(&abuf, arg, JSFPRGSZ)) 368 return -EFAULT; 369 p = abuf.off; 370 togo = abuf.size; 371 if ((togo & 3) || (p & 3)) return -EINVAL; 372 373 uptr = (char __user *) (unsigned long) abuf.data; 374 while (togo != 0) { 375 togo -= 4; 376 if (copy_from_user(&b.s[0], uptr, 4)) 377 return -EFAULT; 378 jsf_write4(p, b.n); 379 p += 4; 380 uptr += 4; 381 } 382 383 return 0; 384} 385 386static long jsf_ioctl(struct file *f, unsigned int cmd, unsigned long arg) 387{ 388 lock_kernel(); 389 int error = -ENOTTY; 390 void __user *argp = (void __user *)arg; 391 392 if (!capable(CAP_SYS_ADMIN)) { 393 unlock_kernel(); 394 return -EPERM; 395 } 396 switch (cmd) { 397 case JSFLASH_IDENT: 398 if (copy_to_user(argp, &jsf0.id, JSFIDSZ)) { 399 unlock_kernel(); 400 return -EFAULT; 401 } 402 break; 403 case JSFLASH_ERASE: 404 error = jsf_ioctl_erase(arg); 405 break; 406 case JSFLASH_PROGRAM: 407 error = jsf_ioctl_program(argp); 408 break; 409 } 410 411 unlock_kernel(); 412 return error; 413} 414 415static int jsf_mmap(struct file * file, struct vm_area_struct * vma) 416{ 417 return -ENXIO; 418} 419 420static int jsf_open(struct inode * inode, struct file * filp) 421{ 422 lock_kernel(); 423 if (jsf0.base == 0) { 424 unlock_kernel(); 425 return -ENXIO; 426 } 427 if (test_and_set_bit(0, (void *)&jsf0.busy) != 0) { 428 unlock_kernel(); 429 return -EBUSY; 430 } 431 432 unlock_kernel(); 433 return 0; /* XXX What security? */ 434} 435 436static int jsf_release(struct inode *inode, struct file *file) 437{ 438 jsf0.busy = 0; 439 return 0; 440} 441 442static const struct file_operations jsf_fops = { 443 .owner = THIS_MODULE, 444 .llseek = jsf_lseek, 445 .read = jsf_read, 446 .write = jsf_write, 447 .unlocked_ioctl = jsf_ioctl, 448 .mmap = jsf_mmap, 449 .open = jsf_open, 450 .release = jsf_release, 451}; 452 453static struct miscdevice jsf_dev = { JSF_MINOR, "jsflash", &jsf_fops }; 454 455static struct block_device_operations jsfd_fops = { 456 .owner = THIS_MODULE, 457}; 458 459static int jsflash_init(void) 460{ 461 int rc; 462 struct jsflash *jsf; 463 int node; 464 char banner[128]; 465 struct linux_prom_registers reg0; 466 467 node = prom_getchild(prom_root_node); 468 node = prom_searchsiblings(node, "flash-memory"); 469 if (node != 0 && node != -1) { 470 if (prom_getproperty(node, "reg", 471 (char *)®0, sizeof(reg0)) == -1) { 472 printk("jsflash: no \"reg\" property\n"); 473 return -ENXIO; 474 } 475 if (reg0.which_io != 0) { 476 printk("jsflash: bus number nonzero: 0x%x:%x\n", 477 reg0.which_io, reg0.phys_addr); 478 return -ENXIO; 479 } 480 /* 481 * Flash may be somewhere else, for instance on Ebus. 482 * So, don't do the following check for IIep flash space. 483 */ 484#if 0 485 if ((reg0.phys_addr >> 24) != 0x20) { 486 printk("jsflash: suspicious address: 0x%x:%x\n", 487 reg0.which_io, reg0.phys_addr); 488 return -ENXIO; 489 } 490#endif 491 if ((int)reg0.reg_size <= 0) { 492 printk("jsflash: bad size 0x%x\n", (int)reg0.reg_size); 493 return -ENXIO; 494 } 495 } else { 496 /* XXX Remove this code once PROLL ID12 got widespread */ 497 printk("jsflash: no /flash-memory node, use PROLL >= 12\n"); 498 prom_getproperty(prom_root_node, "banner-name", banner, 128); 499 if (strcmp (banner, "JavaStation-NC") != 0 && 500 strcmp (banner, "JavaStation-E") != 0) { 501 return -ENXIO; 502 } 503 reg0.which_io = 0; 504 reg0.phys_addr = 0x20400000; 505 reg0.reg_size = 0x00800000; 506 } 507 508 /* Let us be really paranoid for modifications to probing code. */ 509 /* extern enum sparc_cpu sparc_cpu_model; */ /* in <asm/system.h> */ 510 if (sparc_cpu_model != sun4m) { 511 /* We must be on sun4m because we use MMU Bypass ASI. */ 512 return -ENXIO; 513 } 514 515 if (jsf0.base == 0) { 516 jsf = &jsf0; 517 518 jsf->base = reg0.phys_addr; 519 jsf->size = reg0.reg_size; 520 521 /* XXX Redo the userland interface. */ 522 jsf->id.off = JSF_BASE_ALL; 523 jsf->id.size = 0x01000000; /* 16M - all segments */ 524 strcpy(jsf->id.name, "Krups_all"); 525 526 jsf->dv[0].dbase = jsf->base; 527 jsf->dv[0].dsize = jsf->size; 528 jsf->dv[1].dbase = jsf->base + 1024; 529 jsf->dv[1].dsize = jsf->size - 1024; 530 jsf->dv[2].dbase = JSF_BASE_ALL; 531 jsf->dv[2].dsize = 0x01000000; 532 533 printk("Espresso Flash @0x%lx [%d MB]\n", jsf->base, 534 (int) (jsf->size / (1024*1024))); 535 } 536 537 if ((rc = misc_register(&jsf_dev)) != 0) { 538 printk(KERN_ERR "jsf: unable to get misc minor %d\n", 539 JSF_MINOR); 540 jsf0.base = 0; 541 return rc; 542 } 543 544 return 0; 545} 546 547static struct request_queue *jsf_queue; 548 549static int jsfd_init(void) 550{ 551 static DEFINE_SPINLOCK(lock); 552 struct jsflash *jsf; 553 struct jsfd_part *jdp; 554 int err; 555 int i; 556 557 if (jsf0.base == 0) 558 return -ENXIO; 559 560 err = -ENOMEM; 561 for (i = 0; i < JSF_MAX; i++) { 562 struct gendisk *disk = alloc_disk(1); 563 if (!disk) 564 goto out; 565 jsfd_disk[i] = disk; 566 } 567 568 if (register_blkdev(JSFD_MAJOR, "jsfd")) { 569 err = -EIO; 570 goto out; 571 } 572 573 jsf_queue = blk_init_queue(jsfd_do_request, &lock); 574 if (!jsf_queue) { 575 err = -ENOMEM; 576 unregister_blkdev(JSFD_MAJOR, "jsfd"); 577 goto out; 578 } 579 580 for (i = 0; i < JSF_MAX; i++) { 581 struct gendisk *disk = jsfd_disk[i]; 582 if ((i & JSF_PART_MASK) >= JSF_NPART) continue; 583 jsf = &jsf0; /* actually, &jsfv[i >> JSF_PART_BITS] */ 584 jdp = &jsf->dv[i&JSF_PART_MASK]; 585 586 disk->major = JSFD_MAJOR; 587 disk->first_minor = i; 588 sprintf(disk->disk_name, "jsfd%d", i); 589 disk->fops = &jsfd_fops; 590 set_capacity(disk, jdp->dsize >> 9); 591 disk->private_data = jdp; 592 disk->queue = jsf_queue; 593 add_disk(disk); 594 set_disk_ro(disk, 1); 595 } 596 return 0; 597out: 598 while (i--) 599 put_disk(jsfd_disk[i]); 600 return err; 601} 602 603MODULE_LICENSE("GPL"); 604 605static int __init jsflash_init_module(void) { 606 int rc; 607 608 if ((rc = jsflash_init()) == 0) { 609 jsfd_init(); 610 return 0; 611 } 612 return rc; 613} 614 615static void __exit jsflash_cleanup_module(void) 616{ 617 int i; 618 619 for (i = 0; i < JSF_MAX; i++) { 620 if ((i & JSF_PART_MASK) >= JSF_NPART) continue; 621 del_gendisk(jsfd_disk[i]); 622 put_disk(jsfd_disk[i]); 623 } 624 if (jsf0.busy) 625 printk("jsf0: cleaning busy unit\n"); 626 jsf0.base = 0; 627 jsf0.busy = 0; 628 629 misc_deregister(&jsf_dev); 630 unregister_blkdev(JSFD_MAJOR, "jsfd"); 631 blk_cleanup_queue(jsf_queue); 632} 633 634module_init(jsflash_init_module); 635module_exit(jsflash_cleanup_module); 636