jsflash.c revision 165125e1e480f9510a5ffcfbfee4e3ee38c05f23
1/* 2 * drivers/sbus/char/jsflash.c 3 * 4 * Copyright (C) 1991, 1992 Linus Torvalds (drivers/char/mem.c) 5 * Copyright (C) 1997 Eddie C. Dost (drivers/sbus/char/flash.c) 6 * Copyright (C) 1997-2000 Pavel Machek <pavel@ucw.cz> (drivers/block/nbd.c) 7 * Copyright (C) 1999-2000 Pete Zaitcev 8 * 9 * This driver is used to program OS into a Flash SIMM on 10 * Krups and Espresso platforms. 11 * 12 * TODO: do not allow erase/programming if file systems are mounted. 13 * TODO: Erase/program both banks of a 8MB SIMM. 14 * 15 * It is anticipated that programming an OS Flash will be a routine 16 * procedure. In the same time it is exeedingly dangerous because 17 * a user can program its OBP flash with OS image and effectively 18 * kill the machine. 19 * 20 * This driver uses an interface different from Eddie's flash.c 21 * as a silly safeguard. 22 * 23 * XXX The flash.c manipulates page caching characteristics in a certain 24 * dubious way; also it assumes that remap_pfn_range() can remap 25 * PCI bus locations, which may be false. ioremap() must be used 26 * instead. We should discuss this. 27 */ 28 29#include <linux/module.h> 30#include <linux/types.h> 31#include <linux/errno.h> 32#include <linux/miscdevice.h> 33#include <linux/slab.h> 34#include <linux/fcntl.h> 35#include <linux/poll.h> 36#include <linux/init.h> 37#include <linux/string.h> 38#include <linux/smp_lock.h> 39#include <linux/genhd.h> 40#include <linux/blkdev.h> 41 42#define MAJOR_NR JSFD_MAJOR 43 44#include <asm/uaccess.h> 45#include <asm/pgtable.h> 46#include <asm/io.h> 47#include <asm/pcic.h> 48#include <asm/oplib.h> 49 50#include <asm/jsflash.h> /* ioctl arguments. <linux/> ?? */ 51#define JSFIDSZ (sizeof(struct jsflash_ident_arg)) 52#define JSFPRGSZ (sizeof(struct jsflash_program_arg)) 53 54/* 55 * Our device numbers have no business in system headers. 56 * The only thing a user knows is the device name /dev/jsflash. 57 * 58 * Block devices are laid out like this: 59 * minor+0 - Bootstrap, for 8MB SIMM 0x20400000[0x800000] 60 * minor+1 - Filesystem to mount, normally 0x20400400[0x7ffc00] 61 * minor+2 - Whole flash area for any case... 0x20000000[0x01000000] 62 * Total 3 minors per flash device. 63 * 64 * It is easier to have static size vectors, so we define 65 * a total minor range JSF_MAX, which must cover all minors. 66 */ 67/* character device */ 68#define JSF_MINOR 178 /* 178 is registered with hpa */ 69/* block device */ 70#define JSF_MAX 3 /* 3 minors wasted total so far. */ 71#define JSF_NPART 3 /* 3 minors per flash device */ 72#define JSF_PART_BITS 2 /* 2 bits of minors to cover JSF_NPART */ 73#define JSF_PART_MASK 0x3 /* 2 bits mask */ 74 75/* 76 * Access functions. 77 * We could ioremap(), but it's easier this way. 78 */ 79static unsigned int jsf_inl(unsigned long addr) 80{ 81 unsigned long retval; 82 83 __asm__ __volatile__("lda [%1] %2, %0\n\t" : 84 "=r" (retval) : 85 "r" (addr), "i" (ASI_M_BYPASS)); 86 return retval; 87} 88 89static void jsf_outl(unsigned long addr, __u32 data) 90{ 91 92 __asm__ __volatile__("sta %0, [%1] %2\n\t" : : 93 "r" (data), "r" (addr), "i" (ASI_M_BYPASS) : 94 "memory"); 95} 96 97/* 98 * soft carrier 99 */ 100 101struct jsfd_part { 102 unsigned long dbase; 103 unsigned long dsize; 104}; 105 106struct jsflash { 107 unsigned long base; 108 unsigned long size; 109 unsigned long busy; /* In use? */ 110 struct jsflash_ident_arg id; 111 /* int mbase; */ /* Minor base, typically zero */ 112 struct jsfd_part dv[JSF_NPART]; 113}; 114 115/* 116 * We do not map normal memory or obio as a safety precaution. 117 * But offsets are real, for ease of userland programming. 118 */ 119#define JSF_BASE_TOP 0x30000000 120#define JSF_BASE_ALL 0x20000000 121 122#define JSF_BASE_JK 0x20400000 123 124/* 125 */ 126static struct gendisk *jsfd_disk[JSF_MAX]; 127 128/* 129 * Let's pretend we may have several of these... 130 */ 131static struct jsflash jsf0; 132 133/* 134 * Wait for AMD to finish its embedded algorithm. 135 * We use the Toggle bit DQ6 (0x40) because it does not 136 * depend on the data value as /DATA bit DQ7 does. 137 * 138 * XXX Do we need any timeout here? So far it never hanged, beware broken hw. 139 */ 140static void jsf_wait(unsigned long p) { 141 unsigned int x1, x2; 142 143 for (;;) { 144 x1 = jsf_inl(p); 145 x2 = jsf_inl(p); 146 if ((x1 & 0x40404040) == (x2 & 0x40404040)) return; 147 } 148} 149 150/* 151 * Programming will only work if Flash is clean, 152 * we leave it to the programmer application. 153 * 154 * AMD must be programmed one byte at a time; 155 * thus, Simple Tech SIMM must be written 4 bytes at a time. 156 * 157 * Write waits for the chip to become ready after the write 158 * was finished. This is done so that application would read 159 * consistent data after the write is done. 160 */ 161static void jsf_write4(unsigned long fa, u32 data) { 162 163 jsf_outl(fa, 0xAAAAAAAA); /* Unlock 1 Write 1 */ 164 jsf_outl(fa, 0x55555555); /* Unlock 1 Write 2 */ 165 jsf_outl(fa, 0xA0A0A0A0); /* Byte Program */ 166 jsf_outl(fa, data); 167 168 jsf_wait(fa); 169} 170 171/* 172 */ 173static void jsfd_read(char *buf, unsigned long p, size_t togo) { 174 union byte4 { 175 char s[4]; 176 unsigned int n; 177 } b; 178 179 while (togo >= 4) { 180 togo -= 4; 181 b.n = jsf_inl(p); 182 memcpy(buf, b.s, 4); 183 p += 4; 184 buf += 4; 185 } 186} 187 188static void jsfd_do_request(struct request_queue *q) 189{ 190 struct request *req; 191 192 while ((req = elv_next_request(q)) != NULL) { 193 struct jsfd_part *jdp = req->rq_disk->private_data; 194 unsigned long offset = req->sector << 9; 195 size_t len = req->current_nr_sectors << 9; 196 197 if ((offset + len) > jdp->dsize) { 198 end_request(req, 0); 199 continue; 200 } 201 202 if (rq_data_dir(req) != READ) { 203 printk(KERN_ERR "jsfd: write\n"); 204 end_request(req, 0); 205 continue; 206 } 207 208 if ((jdp->dbase & 0xff000000) != 0x20000000) { 209 printk(KERN_ERR "jsfd: bad base %x\n", (int)jdp->dbase); 210 end_request(req, 0); 211 continue; 212 } 213 214 jsfd_read(req->buffer, jdp->dbase + offset, len); 215 216 end_request(req, 1); 217 } 218} 219 220/* 221 * The memory devices use the full 32/64 bits of the offset, and so we cannot 222 * check against negative addresses: they are ok. The return value is weird, 223 * though, in that case (0). 224 * 225 * also note that seeking relative to the "end of file" isn't supported: 226 * it has no meaning, so it returns -EINVAL. 227 */ 228static loff_t jsf_lseek(struct file * file, loff_t offset, int orig) 229{ 230 loff_t ret; 231 232 lock_kernel(); 233 switch (orig) { 234 case 0: 235 file->f_pos = offset; 236 ret = file->f_pos; 237 break; 238 case 1: 239 file->f_pos += offset; 240 ret = file->f_pos; 241 break; 242 default: 243 ret = -EINVAL; 244 } 245 unlock_kernel(); 246 return ret; 247} 248 249/* 250 * OS SIMM Cannot be read in other size but a 32bits word. 251 */ 252static ssize_t jsf_read(struct file * file, char __user * buf, 253 size_t togo, loff_t *ppos) 254{ 255 unsigned long p = *ppos; 256 char __user *tmp = buf; 257 258 union byte4 { 259 char s[4]; 260 unsigned int n; 261 } b; 262 263 if (p < JSF_BASE_ALL || p >= JSF_BASE_TOP) { 264 return 0; 265 } 266 267 if ((p + togo) < p /* wrap */ 268 || (p + togo) >= JSF_BASE_TOP) { 269 togo = JSF_BASE_TOP - p; 270 } 271 272 if (p < JSF_BASE_ALL && togo != 0) { 273#if 0 /* __bzero XXX */ 274 size_t x = JSF_BASE_ALL - p; 275 if (x > togo) x = togo; 276 clear_user(tmp, x); 277 tmp += x; 278 p += x; 279 togo -= x; 280#else 281 /* 282 * Implementation of clear_user() calls __bzero 283 * without regard to modversions, 284 * so we cannot build a module. 285 */ 286 return 0; 287#endif 288 } 289 290 while (togo >= 4) { 291 togo -= 4; 292 b.n = jsf_inl(p); 293 if (copy_to_user(tmp, b.s, 4)) 294 return -EFAULT; 295 tmp += 4; 296 p += 4; 297 } 298 299 /* 300 * XXX Small togo may remain if 1 byte is ordered. 301 * It would be nice if we did a word size read and unpacked it. 302 */ 303 304 *ppos = p; 305 return tmp-buf; 306} 307 308static ssize_t jsf_write(struct file * file, const char __user * buf, 309 size_t count, loff_t *ppos) 310{ 311 return -ENOSPC; 312} 313 314/* 315 */ 316static int jsf_ioctl_erase(unsigned long arg) 317{ 318 unsigned long p; 319 320 /* p = jsf0.base; hits wrong bank */ 321 p = 0x20400000; 322 323 jsf_outl(p, 0xAAAAAAAA); /* Unlock 1 Write 1 */ 324 jsf_outl(p, 0x55555555); /* Unlock 1 Write 2 */ 325 jsf_outl(p, 0x80808080); /* Erase setup */ 326 jsf_outl(p, 0xAAAAAAAA); /* Unlock 2 Write 1 */ 327 jsf_outl(p, 0x55555555); /* Unlock 2 Write 2 */ 328 jsf_outl(p, 0x10101010); /* Chip erase */ 329 330#if 0 331 /* 332 * This code is ok, except that counter based timeout 333 * has no place in this world. Let's just drop timeouts... 334 */ 335 { 336 int i; 337 __u32 x; 338 for (i = 0; i < 1000000; i++) { 339 x = jsf_inl(p); 340 if ((x & 0x80808080) == 0x80808080) break; 341 } 342 if ((x & 0x80808080) != 0x80808080) { 343 printk("jsf0: erase timeout with 0x%08x\n", x); 344 } else { 345 printk("jsf0: erase done with 0x%08x\n", x); 346 } 347 } 348#else 349 jsf_wait(p); 350#endif 351 352 return 0; 353} 354 355/* 356 * Program a block of flash. 357 * Very simple because we can do it byte by byte anyway. 358 */ 359static int jsf_ioctl_program(void __user *arg) 360{ 361 struct jsflash_program_arg abuf; 362 char __user *uptr; 363 unsigned long p; 364 unsigned int togo; 365 union { 366 unsigned int n; 367 char s[4]; 368 } b; 369 370 if (copy_from_user(&abuf, arg, JSFPRGSZ)) 371 return -EFAULT; 372 p = abuf.off; 373 togo = abuf.size; 374 if ((togo & 3) || (p & 3)) return -EINVAL; 375 376 uptr = (char __user *) (unsigned long) abuf.data; 377 while (togo != 0) { 378 togo -= 4; 379 if (copy_from_user(&b.s[0], uptr, 4)) 380 return -EFAULT; 381 jsf_write4(p, b.n); 382 p += 4; 383 uptr += 4; 384 } 385 386 return 0; 387} 388 389static int jsf_ioctl(struct inode *inode, struct file *f, unsigned int cmd, 390 unsigned long arg) 391{ 392 int error = -ENOTTY; 393 void __user *argp = (void __user *)arg; 394 395 if (!capable(CAP_SYS_ADMIN)) 396 return -EPERM; 397 switch (cmd) { 398 case JSFLASH_IDENT: 399 if (copy_to_user(argp, &jsf0.id, JSFIDSZ)) 400 return -EFAULT; 401 break; 402 case JSFLASH_ERASE: 403 error = jsf_ioctl_erase(arg); 404 break; 405 case JSFLASH_PROGRAM: 406 error = jsf_ioctl_program(argp); 407 break; 408 } 409 410 return error; 411} 412 413static int jsf_mmap(struct file * file, struct vm_area_struct * vma) 414{ 415 return -ENXIO; 416} 417 418static int jsf_open(struct inode * inode, struct file * filp) 419{ 420 421 if (jsf0.base == 0) return -ENXIO; 422 if (test_and_set_bit(0, (void *)&jsf0.busy) != 0) 423 return -EBUSY; 424 425 return 0; /* XXX What security? */ 426} 427 428static int jsf_release(struct inode *inode, struct file *file) 429{ 430 jsf0.busy = 0; 431 return 0; 432} 433 434static const struct file_operations jsf_fops = { 435 .owner = THIS_MODULE, 436 .llseek = jsf_lseek, 437 .read = jsf_read, 438 .write = jsf_write, 439 .ioctl = jsf_ioctl, 440 .mmap = jsf_mmap, 441 .open = jsf_open, 442 .release = jsf_release, 443}; 444 445static struct miscdevice jsf_dev = { JSF_MINOR, "jsflash", &jsf_fops }; 446 447static struct block_device_operations jsfd_fops = { 448 .owner = THIS_MODULE, 449}; 450 451static int jsflash_init(void) 452{ 453 int rc; 454 struct jsflash *jsf; 455 int node; 456 char banner[128]; 457 struct linux_prom_registers reg0; 458 459 node = prom_getchild(prom_root_node); 460 node = prom_searchsiblings(node, "flash-memory"); 461 if (node != 0 && node != -1) { 462 if (prom_getproperty(node, "reg", 463 (char *)®0, sizeof(reg0)) == -1) { 464 printk("jsflash: no \"reg\" property\n"); 465 return -ENXIO; 466 } 467 if (reg0.which_io != 0) { 468 printk("jsflash: bus number nonzero: 0x%x:%x\n", 469 reg0.which_io, reg0.phys_addr); 470 return -ENXIO; 471 } 472 /* 473 * Flash may be somewhere else, for instance on Ebus. 474 * So, don't do the following check for IIep flash space. 475 */ 476#if 0 477 if ((reg0.phys_addr >> 24) != 0x20) { 478 printk("jsflash: suspicious address: 0x%x:%x\n", 479 reg0.which_io, reg0.phys_addr); 480 return -ENXIO; 481 } 482#endif 483 if ((int)reg0.reg_size <= 0) { 484 printk("jsflash: bad size 0x%x\n", (int)reg0.reg_size); 485 return -ENXIO; 486 } 487 } else { 488 /* XXX Remove this code once PROLL ID12 got widespread */ 489 printk("jsflash: no /flash-memory node, use PROLL >= 12\n"); 490 prom_getproperty(prom_root_node, "banner-name", banner, 128); 491 if (strcmp (banner, "JavaStation-NC") != 0 && 492 strcmp (banner, "JavaStation-E") != 0) { 493 return -ENXIO; 494 } 495 reg0.which_io = 0; 496 reg0.phys_addr = 0x20400000; 497 reg0.reg_size = 0x00800000; 498 } 499 500 /* Let us be really paranoid for modifications to probing code. */ 501 /* extern enum sparc_cpu sparc_cpu_model; */ /* in <asm/system.h> */ 502 if (sparc_cpu_model != sun4m) { 503 /* We must be on sun4m because we use MMU Bypass ASI. */ 504 return -ENXIO; 505 } 506 507 if (jsf0.base == 0) { 508 jsf = &jsf0; 509 510 jsf->base = reg0.phys_addr; 511 jsf->size = reg0.reg_size; 512 513 /* XXX Redo the userland interface. */ 514 jsf->id.off = JSF_BASE_ALL; 515 jsf->id.size = 0x01000000; /* 16M - all segments */ 516 strcpy(jsf->id.name, "Krups_all"); 517 518 jsf->dv[0].dbase = jsf->base; 519 jsf->dv[0].dsize = jsf->size; 520 jsf->dv[1].dbase = jsf->base + 1024; 521 jsf->dv[1].dsize = jsf->size - 1024; 522 jsf->dv[2].dbase = JSF_BASE_ALL; 523 jsf->dv[2].dsize = 0x01000000; 524 525 printk("Espresso Flash @0x%lx [%d MB]\n", jsf->base, 526 (int) (jsf->size / (1024*1024))); 527 } 528 529 if ((rc = misc_register(&jsf_dev)) != 0) { 530 printk(KERN_ERR "jsf: unable to get misc minor %d\n", 531 JSF_MINOR); 532 jsf0.base = 0; 533 return rc; 534 } 535 536 return 0; 537} 538 539static struct request_queue *jsf_queue; 540 541static int jsfd_init(void) 542{ 543 static DEFINE_SPINLOCK(lock); 544 struct jsflash *jsf; 545 struct jsfd_part *jdp; 546 int err; 547 int i; 548 549 if (jsf0.base == 0) 550 return -ENXIO; 551 552 err = -ENOMEM; 553 for (i = 0; i < JSF_MAX; i++) { 554 struct gendisk *disk = alloc_disk(1); 555 if (!disk) 556 goto out; 557 jsfd_disk[i] = disk; 558 } 559 560 if (register_blkdev(JSFD_MAJOR, "jsfd")) { 561 err = -EIO; 562 goto out; 563 } 564 565 jsf_queue = blk_init_queue(jsfd_do_request, &lock); 566 if (!jsf_queue) { 567 err = -ENOMEM; 568 unregister_blkdev(JSFD_MAJOR, "jsfd"); 569 goto out; 570 } 571 572 for (i = 0; i < JSF_MAX; i++) { 573 struct gendisk *disk = jsfd_disk[i]; 574 if ((i & JSF_PART_MASK) >= JSF_NPART) continue; 575 jsf = &jsf0; /* actually, &jsfv[i >> JSF_PART_BITS] */ 576 jdp = &jsf->dv[i&JSF_PART_MASK]; 577 578 disk->major = JSFD_MAJOR; 579 disk->first_minor = i; 580 sprintf(disk->disk_name, "jsfd%d", i); 581 disk->fops = &jsfd_fops; 582 set_capacity(disk, jdp->dsize >> 9); 583 disk->private_data = jdp; 584 disk->queue = jsf_queue; 585 add_disk(disk); 586 set_disk_ro(disk, 1); 587 } 588 return 0; 589out: 590 while (i--) 591 put_disk(jsfd_disk[i]); 592 return err; 593} 594 595MODULE_LICENSE("GPL"); 596 597static int __init jsflash_init_module(void) { 598 int rc; 599 600 if ((rc = jsflash_init()) == 0) { 601 jsfd_init(); 602 return 0; 603 } 604 return rc; 605} 606 607static void __exit jsflash_cleanup_module(void) 608{ 609 int i; 610 611 for (i = 0; i < JSF_MAX; i++) { 612 if ((i & JSF_PART_MASK) >= JSF_NPART) continue; 613 del_gendisk(jsfd_disk[i]); 614 put_disk(jsfd_disk[i]); 615 } 616 if (jsf0.busy) 617 printk("jsf0: cleaning busy unit\n"); 618 jsf0.base = 0; 619 jsf0.busy = 0; 620 621 misc_deregister(&jsf_dev); 622 unregister_blkdev(JSFD_MAJOR, "jsfd"); 623 blk_cleanup_queue(jsf_queue); 624} 625 626module_init(jsflash_init_module); 627module_exit(jsflash_cleanup_module); 628