jsflash.c revision 165125e1e480f9510a5ffcfbfee4e3ee38c05f23 
1/*
2 * drivers/sbus/char/jsflash.c
3 *
4 *  Copyright (C) 1991, 1992  Linus Torvalds	(drivers/char/mem.c)
5 *  Copyright (C) 1997  Eddie C. Dost		(drivers/sbus/char/flash.c)
6 *  Copyright (C) 1997-2000 Pavel Machek <pavel@ucw.cz>   (drivers/block/nbd.c)
7 *  Copyright (C) 1999-2000 Pete Zaitcev
8 *
9 * This driver is used to program OS into a Flash SIMM on
10 * Krups and Espresso platforms.
11 *
12 * TODO: do not allow erase/programming if file systems are mounted.
13 * TODO: Erase/program both banks of a 8MB SIMM.
14 *
15 * It is anticipated that programming an OS Flash will be a routine
16 * procedure. In the same time it is exeedingly dangerous because
17 * a user can program its OBP flash with OS image and effectively
18 * kill the machine.
19 *
20 * This driver uses an interface different from Eddie's flash.c
21 * as a silly safeguard.
22 *
23 * XXX The flash.c manipulates page caching characteristics in a certain
24 * dubious way; also it assumes that remap_pfn_range() can remap
25 * PCI bus locations, which may be false. ioremap() must be used
26 * instead. We should discuss this.
27 */
28
29#include <linux/module.h>
30#include <linux/types.h>
31#include <linux/errno.h>
32#include <linux/miscdevice.h>
33#include <linux/slab.h>
34#include <linux/fcntl.h>
35#include <linux/poll.h>
36#include <linux/init.h>
37#include <linux/string.h>
38#include <linux/smp_lock.h>
39#include <linux/genhd.h>
40#include <linux/blkdev.h>
41
42#define MAJOR_NR	JSFD_MAJOR
43
44#include <asm/uaccess.h>
45#include <asm/pgtable.h>
46#include <asm/io.h>
47#include <asm/pcic.h>
48#include <asm/oplib.h>
49
50#include <asm/jsflash.h>		/* ioctl arguments. <linux/> ?? */
51#define JSFIDSZ		(sizeof(struct jsflash_ident_arg))
52#define JSFPRGSZ	(sizeof(struct jsflash_program_arg))
53
54/*
55 * Our device numbers have no business in system headers.
56 * The only thing a user knows is the device name /dev/jsflash.
57 *
58 * Block devices are laid out like this:
59 *   minor+0	- Bootstrap, for 8MB SIMM 0x20400000[0x800000]
60 *   minor+1	- Filesystem to mount, normally 0x20400400[0x7ffc00]
61 *   minor+2	- Whole flash area for any case... 0x20000000[0x01000000]
62 * Total 3 minors per flash device.
63 *
64 * It is easier to have static size vectors, so we define
65 * a total minor range JSF_MAX, which must cover all minors.
66 */
67/* character device */
68#define JSF_MINOR	178	/* 178 is registered with hpa */
69/* block device */
70#define JSF_MAX		 3	/* 3 minors wasted total so far. */
71#define JSF_NPART	 3	/* 3 minors per flash device */
72#define JSF_PART_BITS	 2	/* 2 bits of minors to cover JSF_NPART */
73#define JSF_PART_MASK	 0x3	/* 2 bits mask */
74
75/*
76 * Access functions.
77 * We could ioremap(), but it's easier this way.
78 */
79static unsigned int jsf_inl(unsigned long addr)
80{
81	unsigned long retval;
82
83	__asm__ __volatile__("lda [%1] %2, %0\n\t" :
84				"=r" (retval) :
85				"r" (addr), "i" (ASI_M_BYPASS));
86        return retval;
87}
88
89static void jsf_outl(unsigned long addr, __u32 data)
90{
91
92	__asm__ __volatile__("sta %0, [%1] %2\n\t" : :
93				"r" (data), "r" (addr), "i" (ASI_M_BYPASS) :
94				"memory");
95}
96
97/*
98 * soft carrier
99 */
100
101struct jsfd_part {
102	unsigned long dbase;
103	unsigned long dsize;
104};
105
106struct jsflash {
107	unsigned long base;
108	unsigned long size;
109	unsigned long busy;		/* In use? */
110	struct jsflash_ident_arg id;
111	/* int mbase; */		/* Minor base, typically zero */
112	struct jsfd_part dv[JSF_NPART];
113};
114
115/*
116 * We do not map normal memory or obio as a safety precaution.
117 * But offsets are real, for ease of userland programming.
118 */
119#define JSF_BASE_TOP	0x30000000
120#define JSF_BASE_ALL	0x20000000
121
122#define JSF_BASE_JK	0x20400000
123
124/*
125 */
126static struct gendisk *jsfd_disk[JSF_MAX];
127
128/*
129 * Let's pretend we may have several of these...
130 */
131static struct jsflash jsf0;
132
133/*
134 * Wait for AMD to finish its embedded algorithm.
135 * We use the Toggle bit DQ6 (0x40) because it does not
136 * depend on the data value as /DATA bit DQ7 does.
137 *
138 * XXX Do we need any timeout here? So far it never hanged, beware broken hw.
139 */
140static void jsf_wait(unsigned long p) {
141	unsigned int x1, x2;
142
143	for (;;) {
144		x1 = jsf_inl(p);
145		x2 = jsf_inl(p);
146		if ((x1 & 0x40404040) == (x2 & 0x40404040)) return;
147	}
148}
149
150/*
151 * Programming will only work if Flash is clean,
152 * we leave it to the programmer application.
153 *
154 * AMD must be programmed one byte at a time;
155 * thus, Simple Tech SIMM must be written 4 bytes at a time.
156 *
157 * Write waits for the chip to become ready after the write
158 * was finished. This is done so that application would read
159 * consistent data after the write is done.
160 */
161static void jsf_write4(unsigned long fa, u32 data) {
162
163	jsf_outl(fa, 0xAAAAAAAA);		/* Unlock 1 Write 1 */
164	jsf_outl(fa, 0x55555555);		/* Unlock 1 Write 2 */
165	jsf_outl(fa, 0xA0A0A0A0);		/* Byte Program */
166	jsf_outl(fa, data);
167
168	jsf_wait(fa);
169}
170
171/*
172 */
173static void jsfd_read(char *buf, unsigned long p, size_t togo) {
174	union byte4 {
175		char s[4];
176		unsigned int n;
177	} b;
178
179	while (togo >= 4) {
180		togo -= 4;
181		b.n = jsf_inl(p);
182		memcpy(buf, b.s, 4);
183		p += 4;
184		buf += 4;
185	}
186}
187
188static void jsfd_do_request(struct request_queue *q)
189{
190	struct request *req;
191
192	while ((req = elv_next_request(q)) != NULL) {
193		struct jsfd_part *jdp = req->rq_disk->private_data;
194		unsigned long offset = req->sector << 9;
195		size_t len = req->current_nr_sectors << 9;
196
197		if ((offset + len) > jdp->dsize) {
198               		end_request(req, 0);
199			continue;
200		}
201
202		if (rq_data_dir(req) != READ) {
203			printk(KERN_ERR "jsfd: write\n");
204			end_request(req, 0);
205			continue;
206		}
207
208		if ((jdp->dbase & 0xff000000) != 0x20000000) {
209			printk(KERN_ERR "jsfd: bad base %x\n", (int)jdp->dbase);
210			end_request(req, 0);
211			continue;
212		}
213
214		jsfd_read(req->buffer, jdp->dbase + offset, len);
215
216		end_request(req, 1);
217	}
218}
219
220/*
221 * The memory devices use the full 32/64 bits of the offset, and so we cannot
222 * check against negative addresses: they are ok. The return value is weird,
223 * though, in that case (0).
224 *
225 * also note that seeking relative to the "end of file" isn't supported:
226 * it has no meaning, so it returns -EINVAL.
227 */
228static loff_t jsf_lseek(struct file * file, loff_t offset, int orig)
229{
230	loff_t ret;
231
232	lock_kernel();
233	switch (orig) {
234		case 0:
235			file->f_pos = offset;
236			ret = file->f_pos;
237			break;
238		case 1:
239			file->f_pos += offset;
240			ret = file->f_pos;
241			break;
242		default:
243			ret = -EINVAL;
244	}
245	unlock_kernel();
246	return ret;
247}
248
249/*
250 * OS SIMM Cannot be read in other size but a 32bits word.
251 */
252static ssize_t jsf_read(struct file * file, char __user * buf,
253    size_t togo, loff_t *ppos)
254{
255	unsigned long p = *ppos;
256	char __user *tmp = buf;
257
258	union byte4 {
259		char s[4];
260		unsigned int n;
261	} b;
262
263	if (p < JSF_BASE_ALL || p >= JSF_BASE_TOP) {
264		return 0;
265	}
266
267	if ((p + togo) < p	/* wrap */
268	   || (p + togo) >= JSF_BASE_TOP) {
269		togo = JSF_BASE_TOP - p;
270	}
271
272	if (p < JSF_BASE_ALL && togo != 0) {
273#if 0 /* __bzero XXX */
274		size_t x = JSF_BASE_ALL - p;
275		if (x > togo) x = togo;
276		clear_user(tmp, x);
277		tmp += x;
278		p += x;
279		togo -= x;
280#else
281		/*
282		 * Implementation of clear_user() calls __bzero
283		 * without regard to modversions,
284		 * so we cannot build a module.
285		 */
286		return 0;
287#endif
288	}
289
290	while (togo >= 4) {
291		togo -= 4;
292		b.n = jsf_inl(p);
293		if (copy_to_user(tmp, b.s, 4))
294			return -EFAULT;
295		tmp += 4;
296		p += 4;
297	}
298
299	/*
300	 * XXX Small togo may remain if 1 byte is ordered.
301	 * It would be nice if we did a word size read and unpacked it.
302	 */
303
304	*ppos = p;
305	return tmp-buf;
306}
307
308static ssize_t jsf_write(struct file * file, const char __user * buf,
309    size_t count, loff_t *ppos)
310{
311	return -ENOSPC;
312}
313
314/*
315 */
316static int jsf_ioctl_erase(unsigned long arg)
317{
318	unsigned long p;
319
320	/* p = jsf0.base;	hits wrong bank */
321	p = 0x20400000;
322
323	jsf_outl(p, 0xAAAAAAAA);		/* Unlock 1 Write 1 */
324	jsf_outl(p, 0x55555555);		/* Unlock 1 Write 2 */
325	jsf_outl(p, 0x80808080);		/* Erase setup */
326	jsf_outl(p, 0xAAAAAAAA);		/* Unlock 2 Write 1 */
327	jsf_outl(p, 0x55555555);		/* Unlock 2 Write 2 */
328	jsf_outl(p, 0x10101010);		/* Chip erase */
329
330#if 0
331	/*
332	 * This code is ok, except that counter based timeout
333	 * has no place in this world. Let's just drop timeouts...
334	 */
335	{
336		int i;
337		__u32 x;
338		for (i = 0; i < 1000000; i++) {
339			x = jsf_inl(p);
340			if ((x & 0x80808080) == 0x80808080) break;
341		}
342		if ((x & 0x80808080) != 0x80808080) {
343			printk("jsf0: erase timeout with 0x%08x\n", x);
344		} else {
345			printk("jsf0: erase done with 0x%08x\n", x);
346		}
347	}
348#else
349	jsf_wait(p);
350#endif
351
352	return 0;
353}
354
355/*
356 * Program a block of flash.
357 * Very simple because we can do it byte by byte anyway.
358 */
359static int jsf_ioctl_program(void __user *arg)
360{
361	struct jsflash_program_arg abuf;
362	char __user *uptr;
363	unsigned long p;
364	unsigned int togo;
365	union {
366		unsigned int n;
367		char s[4];
368	} b;
369
370	if (copy_from_user(&abuf, arg, JSFPRGSZ))
371		return -EFAULT;
372	p = abuf.off;
373	togo = abuf.size;
374	if ((togo & 3) || (p & 3)) return -EINVAL;
375
376	uptr = (char __user *) (unsigned long) abuf.data;
377	while (togo != 0) {
378		togo -= 4;
379		if (copy_from_user(&b.s[0], uptr, 4))
380			return -EFAULT;
381		jsf_write4(p, b.n);
382		p += 4;
383		uptr += 4;
384	}
385
386	return 0;
387}
388
389static int jsf_ioctl(struct inode *inode, struct file *f, unsigned int cmd,
390    unsigned long arg)
391{
392	int error = -ENOTTY;
393	void __user *argp = (void __user *)arg;
394
395	if (!capable(CAP_SYS_ADMIN))
396		return -EPERM;
397	switch (cmd) {
398	case JSFLASH_IDENT:
399		if (copy_to_user(argp, &jsf0.id, JSFIDSZ))
400			return -EFAULT;
401		break;
402	case JSFLASH_ERASE:
403		error = jsf_ioctl_erase(arg);
404		break;
405	case JSFLASH_PROGRAM:
406		error = jsf_ioctl_program(argp);
407		break;
408	}
409
410	return error;
411}
412
413static int jsf_mmap(struct file * file, struct vm_area_struct * vma)
414{
415	return -ENXIO;
416}
417
418static int jsf_open(struct inode * inode, struct file * filp)
419{
420
421	if (jsf0.base == 0) return -ENXIO;
422	if (test_and_set_bit(0, (void *)&jsf0.busy) != 0)
423		return -EBUSY;
424
425	return 0;	/* XXX What security? */
426}
427
428static int jsf_release(struct inode *inode, struct file *file)
429{
430	jsf0.busy = 0;
431	return 0;
432}
433
434static const struct file_operations jsf_fops = {
435	.owner =	THIS_MODULE,
436	.llseek =	jsf_lseek,
437	.read =		jsf_read,
438	.write =	jsf_write,
439	.ioctl =	jsf_ioctl,
440	.mmap =		jsf_mmap,
441	.open =		jsf_open,
442	.release =	jsf_release,
443};
444
445static struct miscdevice jsf_dev = { JSF_MINOR, "jsflash", &jsf_fops };
446
447static struct block_device_operations jsfd_fops = {
448	.owner =	THIS_MODULE,
449};
450
451static int jsflash_init(void)
452{
453	int rc;
454	struct jsflash *jsf;
455	int node;
456	char banner[128];
457	struct linux_prom_registers reg0;
458
459	node = prom_getchild(prom_root_node);
460	node = prom_searchsiblings(node, "flash-memory");
461	if (node != 0 && node != -1) {
462		if (prom_getproperty(node, "reg",
463		    (char *)&reg0, sizeof(reg0)) == -1) {
464			printk("jsflash: no \"reg\" property\n");
465			return -ENXIO;
466		}
467		if (reg0.which_io != 0) {
468			printk("jsflash: bus number nonzero: 0x%x:%x\n",
469			    reg0.which_io, reg0.phys_addr);
470			return -ENXIO;
471		}
472		/*
473		 * Flash may be somewhere else, for instance on Ebus.
474		 * So, don't do the following check for IIep flash space.
475		 */
476#if 0
477		if ((reg0.phys_addr >> 24) != 0x20) {
478			printk("jsflash: suspicious address: 0x%x:%x\n",
479			    reg0.which_io, reg0.phys_addr);
480			return -ENXIO;
481		}
482#endif
483		if ((int)reg0.reg_size <= 0) {
484			printk("jsflash: bad size 0x%x\n", (int)reg0.reg_size);
485			return -ENXIO;
486		}
487	} else {
488		/* XXX Remove this code once PROLL ID12 got widespread */
489		printk("jsflash: no /flash-memory node, use PROLL >= 12\n");
490		prom_getproperty(prom_root_node, "banner-name", banner, 128);
491		if (strcmp (banner, "JavaStation-NC") != 0 &&
492		    strcmp (banner, "JavaStation-E") != 0) {
493			return -ENXIO;
494		}
495		reg0.which_io = 0;
496		reg0.phys_addr = 0x20400000;
497		reg0.reg_size  = 0x00800000;
498	}
499
500	/* Let us be really paranoid for modifications to probing code. */
501	/* extern enum sparc_cpu sparc_cpu_model; */ /* in <asm/system.h> */
502	if (sparc_cpu_model != sun4m) {
503		/* We must be on sun4m because we use MMU Bypass ASI. */
504		return -ENXIO;
505	}
506
507	if (jsf0.base == 0) {
508		jsf = &jsf0;
509
510		jsf->base = reg0.phys_addr;
511		jsf->size = reg0.reg_size;
512
513		/* XXX Redo the userland interface. */
514		jsf->id.off = JSF_BASE_ALL;
515		jsf->id.size = 0x01000000;	/* 16M - all segments */
516		strcpy(jsf->id.name, "Krups_all");
517
518		jsf->dv[0].dbase = jsf->base;
519		jsf->dv[0].dsize = jsf->size;
520		jsf->dv[1].dbase = jsf->base + 1024;
521		jsf->dv[1].dsize = jsf->size - 1024;
522		jsf->dv[2].dbase = JSF_BASE_ALL;
523		jsf->dv[2].dsize = 0x01000000;
524
525		printk("Espresso Flash @0x%lx [%d MB]\n", jsf->base,
526		    (int) (jsf->size / (1024*1024)));
527	}
528
529	if ((rc = misc_register(&jsf_dev)) != 0) {
530		printk(KERN_ERR "jsf: unable to get misc minor %d\n",
531		    JSF_MINOR);
532		jsf0.base = 0;
533		return rc;
534	}
535
536	return 0;
537}
538
539static struct request_queue *jsf_queue;
540
541static int jsfd_init(void)
542{
543	static DEFINE_SPINLOCK(lock);
544	struct jsflash *jsf;
545	struct jsfd_part *jdp;
546	int err;
547	int i;
548
549	if (jsf0.base == 0)
550		return -ENXIO;
551
552	err = -ENOMEM;
553	for (i = 0; i < JSF_MAX; i++) {
554		struct gendisk *disk = alloc_disk(1);
555		if (!disk)
556			goto out;
557		jsfd_disk[i] = disk;
558	}
559
560	if (register_blkdev(JSFD_MAJOR, "jsfd")) {
561		err = -EIO;
562		goto out;
563	}
564
565	jsf_queue = blk_init_queue(jsfd_do_request, &lock);
566	if (!jsf_queue) {
567		err = -ENOMEM;
568		unregister_blkdev(JSFD_MAJOR, "jsfd");
569		goto out;
570	}
571
572	for (i = 0; i < JSF_MAX; i++) {
573		struct gendisk *disk = jsfd_disk[i];
574		if ((i & JSF_PART_MASK) >= JSF_NPART) continue;
575		jsf = &jsf0;	/* actually, &jsfv[i >> JSF_PART_BITS] */
576		jdp = &jsf->dv[i&JSF_PART_MASK];
577
578		disk->major = JSFD_MAJOR;
579		disk->first_minor = i;
580		sprintf(disk->disk_name, "jsfd%d", i);
581		disk->fops = &jsfd_fops;
582		set_capacity(disk, jdp->dsize >> 9);
583		disk->private_data = jdp;
584		disk->queue = jsf_queue;
585		add_disk(disk);
586		set_disk_ro(disk, 1);
587	}
588	return 0;
589out:
590	while (i--)
591		put_disk(jsfd_disk[i]);
592	return err;
593}
594
595MODULE_LICENSE("GPL");
596
597static int __init jsflash_init_module(void) {
598	int rc;
599
600	if ((rc = jsflash_init()) == 0) {
601		jsfd_init();
602		return 0;
603	}
604	return rc;
605}
606
607static void __exit jsflash_cleanup_module(void)
608{
609	int i;
610
611	for (i = 0; i < JSF_MAX; i++) {
612		if ((i & JSF_PART_MASK) >= JSF_NPART) continue;
613		del_gendisk(jsfd_disk[i]);
614		put_disk(jsfd_disk[i]);
615	}
616	if (jsf0.busy)
617		printk("jsf0: cleaning busy unit\n");
618	jsf0.base = 0;
619	jsf0.busy = 0;
620
621	misc_deregister(&jsf_dev);
622	unregister_blkdev(JSFD_MAJOR, "jsfd");
623	blk_cleanup_queue(jsf_queue);
624}
625
626module_init(jsflash_init_module);
627module_exit(jsflash_cleanup_module);
628