jsflash.c revision 54074d59320581a6d7e4f4dd405e8cac1d174b75 
1/*
2 * drivers/sbus/char/jsflash.c
3 *
4 *  Copyright (C) 1991, 1992  Linus Torvalds	(drivers/char/mem.c)
5 *  Copyright (C) 1997  Eddie C. Dost		(drivers/sbus/char/flash.c)
6 *  Copyright (C) 1997-2000 Pavel Machek <pavel@ucw.cz>   (drivers/block/nbd.c)
7 *  Copyright (C) 1999-2000 Pete Zaitcev
8 *
9 * This driver is used to program OS into a Flash SIMM on
10 * Krups and Espresso platforms.
11 *
12 * TODO: do not allow erase/programming if file systems are mounted.
13 * TODO: Erase/program both banks of a 8MB SIMM.
14 *
15 * It is anticipated that programming an OS Flash will be a routine
16 * procedure. In the same time it is exeedingly dangerous because
17 * a user can program its OBP flash with OS image and effectively
18 * kill the machine.
19 *
20 * This driver uses an interface different from Eddie's flash.c
21 * as a silly safeguard.
22 *
23 * XXX The flash.c manipulates page caching characteristics in a certain
24 * dubious way; also it assumes that remap_pfn_range() can remap
25 * PCI bus locations, which may be false. ioremap() must be used
26 * instead. We should discuss this.
27 */
28
29#include <linux/module.h>
30#include <linux/smp_lock.h>
31#include <linux/types.h>
32#include <linux/errno.h>
33#include <linux/miscdevice.h>
34#include <linux/slab.h>
35#include <linux/fcntl.h>
36#include <linux/poll.h>
37#include <linux/init.h>
38#include <linux/string.h>
39#include <linux/genhd.h>
40#include <linux/blkdev.h>
41
42#define MAJOR_NR	JSFD_MAJOR
43
44#include <asm/uaccess.h>
45#include <asm/pgtable.h>
46#include <asm/io.h>
47#include <asm/pcic.h>
48#include <asm/oplib.h>
49
50#include <asm/jsflash.h>		/* ioctl arguments. <linux/> ?? */
51#define JSFIDSZ		(sizeof(struct jsflash_ident_arg))
52#define JSFPRGSZ	(sizeof(struct jsflash_program_arg))
53
54/*
55 * Our device numbers have no business in system headers.
56 * The only thing a user knows is the device name /dev/jsflash.
57 *
58 * Block devices are laid out like this:
59 *   minor+0	- Bootstrap, for 8MB SIMM 0x20400000[0x800000]
60 *   minor+1	- Filesystem to mount, normally 0x20400400[0x7ffc00]
61 *   minor+2	- Whole flash area for any case... 0x20000000[0x01000000]
62 * Total 3 minors per flash device.
63 *
64 * It is easier to have static size vectors, so we define
65 * a total minor range JSF_MAX, which must cover all minors.
66 */
67/* character device */
68#define JSF_MINOR	178	/* 178 is registered with hpa */
69/* block device */
70#define JSF_MAX		 3	/* 3 minors wasted total so far. */
71#define JSF_NPART	 3	/* 3 minors per flash device */
72#define JSF_PART_BITS	 2	/* 2 bits of minors to cover JSF_NPART */
73#define JSF_PART_MASK	 0x3	/* 2 bits mask */
74
75/*
76 * Access functions.
77 * We could ioremap(), but it's easier this way.
78 */
79static unsigned int jsf_inl(unsigned long addr)
80{
81	unsigned long retval;
82
83	__asm__ __volatile__("lda [%1] %2, %0\n\t" :
84				"=r" (retval) :
85				"r" (addr), "i" (ASI_M_BYPASS));
86        return retval;
87}
88
89static void jsf_outl(unsigned long addr, __u32 data)
90{
91
92	__asm__ __volatile__("sta %0, [%1] %2\n\t" : :
93				"r" (data), "r" (addr), "i" (ASI_M_BYPASS) :
94				"memory");
95}
96
97/*
98 * soft carrier
99 */
100
101struct jsfd_part {
102	unsigned long dbase;
103	unsigned long dsize;
104};
105
106struct jsflash {
107	unsigned long base;
108	unsigned long size;
109	unsigned long busy;		/* In use? */
110	struct jsflash_ident_arg id;
111	/* int mbase; */		/* Minor base, typically zero */
112	struct jsfd_part dv[JSF_NPART];
113};
114
115/*
116 * We do not map normal memory or obio as a safety precaution.
117 * But offsets are real, for ease of userland programming.
118 */
119#define JSF_BASE_TOP	0x30000000
120#define JSF_BASE_ALL	0x20000000
121
122#define JSF_BASE_JK	0x20400000
123
124/*
125 */
126static struct gendisk *jsfd_disk[JSF_MAX];
127
128/*
129 * Let's pretend we may have several of these...
130 */
131static struct jsflash jsf0;
132
133/*
134 * Wait for AMD to finish its embedded algorithm.
135 * We use the Toggle bit DQ6 (0x40) because it does not
136 * depend on the data value as /DATA bit DQ7 does.
137 *
138 * XXX Do we need any timeout here? So far it never hanged, beware broken hw.
139 */
140static void jsf_wait(unsigned long p) {
141	unsigned int x1, x2;
142
143	for (;;) {
144		x1 = jsf_inl(p);
145		x2 = jsf_inl(p);
146		if ((x1 & 0x40404040) == (x2 & 0x40404040)) return;
147	}
148}
149
150/*
151 * Programming will only work if Flash is clean,
152 * we leave it to the programmer application.
153 *
154 * AMD must be programmed one byte at a time;
155 * thus, Simple Tech SIMM must be written 4 bytes at a time.
156 *
157 * Write waits for the chip to become ready after the write
158 * was finished. This is done so that application would read
159 * consistent data after the write is done.
160 */
161static void jsf_write4(unsigned long fa, u32 data) {
162
163	jsf_outl(fa, 0xAAAAAAAA);		/* Unlock 1 Write 1 */
164	jsf_outl(fa, 0x55555555);		/* Unlock 1 Write 2 */
165	jsf_outl(fa, 0xA0A0A0A0);		/* Byte Program */
166	jsf_outl(fa, data);
167
168	jsf_wait(fa);
169}
170
171/*
172 */
173static void jsfd_read(char *buf, unsigned long p, size_t togo) {
174	union byte4 {
175		char s[4];
176		unsigned int n;
177	} b;
178
179	while (togo >= 4) {
180		togo -= 4;
181		b.n = jsf_inl(p);
182		memcpy(buf, b.s, 4);
183		p += 4;
184		buf += 4;
185	}
186}
187
188static void jsfd_do_request(struct request_queue *q)
189{
190	struct request *req;
191
192	while ((req = elv_next_request(q)) != NULL) {
193		struct jsfd_part *jdp = req->rq_disk->private_data;
194		unsigned long offset = req->sector << 9;
195		size_t len = req->current_nr_sectors << 9;
196
197		if ((offset + len) > jdp->dsize) {
198               		end_request(req, 0);
199			continue;
200		}
201
202		if (rq_data_dir(req) != READ) {
203			printk(KERN_ERR "jsfd: write\n");
204			end_request(req, 0);
205			continue;
206		}
207
208		if ((jdp->dbase & 0xff000000) != 0x20000000) {
209			printk(KERN_ERR "jsfd: bad base %x\n", (int)jdp->dbase);
210			end_request(req, 0);
211			continue;
212		}
213
214		jsfd_read(req->buffer, jdp->dbase + offset, len);
215
216		end_request(req, 1);
217	}
218}
219
220/*
221 * The memory devices use the full 32/64 bits of the offset, and so we cannot
222 * check against negative addresses: they are ok. The return value is weird,
223 * though, in that case (0).
224 *
225 * also note that seeking relative to the "end of file" isn't supported:
226 * it has no meaning, so it returns -EINVAL.
227 */
228static loff_t jsf_lseek(struct file * file, loff_t offset, int orig)
229{
230	loff_t ret;
231
232	lock_kernel();
233	switch (orig) {
234		case 0:
235			file->f_pos = offset;
236			ret = file->f_pos;
237			break;
238		case 1:
239			file->f_pos += offset;
240			ret = file->f_pos;
241			break;
242		default:
243			ret = -EINVAL;
244	}
245	unlock_kernel();
246	return ret;
247}
248
249/*
250 * OS SIMM Cannot be read in other size but a 32bits word.
251 */
252static ssize_t jsf_read(struct file * file, char __user * buf,
253    size_t togo, loff_t *ppos)
254{
255	unsigned long p = *ppos;
256	char __user *tmp = buf;
257
258	union byte4 {
259		char s[4];
260		unsigned int n;
261	} b;
262
263	if (p < JSF_BASE_ALL || p >= JSF_BASE_TOP) {
264		return 0;
265	}
266
267	if ((p + togo) < p	/* wrap */
268	   || (p + togo) >= JSF_BASE_TOP) {
269		togo = JSF_BASE_TOP - p;
270	}
271
272	if (p < JSF_BASE_ALL && togo != 0) {
273#if 0 /* __bzero XXX */
274		size_t x = JSF_BASE_ALL - p;
275		if (x > togo) x = togo;
276		clear_user(tmp, x);
277		tmp += x;
278		p += x;
279		togo -= x;
280#else
281		/*
282		 * Implementation of clear_user() calls __bzero
283		 * without regard to modversions,
284		 * so we cannot build a module.
285		 */
286		return 0;
287#endif
288	}
289
290	while (togo >= 4) {
291		togo -= 4;
292		b.n = jsf_inl(p);
293		if (copy_to_user(tmp, b.s, 4))
294			return -EFAULT;
295		tmp += 4;
296		p += 4;
297	}
298
299	/*
300	 * XXX Small togo may remain if 1 byte is ordered.
301	 * It would be nice if we did a word size read and unpacked it.
302	 */
303
304	*ppos = p;
305	return tmp-buf;
306}
307
308static ssize_t jsf_write(struct file * file, const char __user * buf,
309    size_t count, loff_t *ppos)
310{
311	return -ENOSPC;
312}
313
314/*
315 */
316static int jsf_ioctl_erase(unsigned long arg)
317{
318	unsigned long p;
319
320	/* p = jsf0.base;	hits wrong bank */
321	p = 0x20400000;
322
323	jsf_outl(p, 0xAAAAAAAA);		/* Unlock 1 Write 1 */
324	jsf_outl(p, 0x55555555);		/* Unlock 1 Write 2 */
325	jsf_outl(p, 0x80808080);		/* Erase setup */
326	jsf_outl(p, 0xAAAAAAAA);		/* Unlock 2 Write 1 */
327	jsf_outl(p, 0x55555555);		/* Unlock 2 Write 2 */
328	jsf_outl(p, 0x10101010);		/* Chip erase */
329
330#if 0
331	/*
332	 * This code is ok, except that counter based timeout
333	 * has no place in this world. Let's just drop timeouts...
334	 */
335	{
336		int i;
337		__u32 x;
338		for (i = 0; i < 1000000; i++) {
339			x = jsf_inl(p);
340			if ((x & 0x80808080) == 0x80808080) break;
341		}
342		if ((x & 0x80808080) != 0x80808080) {
343			printk("jsf0: erase timeout with 0x%08x\n", x);
344		} else {
345			printk("jsf0: erase done with 0x%08x\n", x);
346		}
347	}
348#else
349	jsf_wait(p);
350#endif
351
352	return 0;
353}
354
355/*
356 * Program a block of flash.
357 * Very simple because we can do it byte by byte anyway.
358 */
359static int jsf_ioctl_program(void __user *arg)
360{
361	struct jsflash_program_arg abuf;
362	char __user *uptr;
363	unsigned long p;
364	unsigned int togo;
365	union {
366		unsigned int n;
367		char s[4];
368	} b;
369
370	if (copy_from_user(&abuf, arg, JSFPRGSZ))
371		return -EFAULT;
372	p = abuf.off;
373	togo = abuf.size;
374	if ((togo & 3) || (p & 3)) return -EINVAL;
375
376	uptr = (char __user *) (unsigned long) abuf.data;
377	while (togo != 0) {
378		togo -= 4;
379		if (copy_from_user(&b.s[0], uptr, 4))
380			return -EFAULT;
381		jsf_write4(p, b.n);
382		p += 4;
383		uptr += 4;
384	}
385
386	return 0;
387}
388
389static int jsf_ioctl(struct inode *inode, struct file *f, unsigned int cmd,
390    unsigned long arg)
391{
392	int error = -ENOTTY;
393	void __user *argp = (void __user *)arg;
394
395	if (!capable(CAP_SYS_ADMIN))
396		return -EPERM;
397	switch (cmd) {
398	case JSFLASH_IDENT:
399		if (copy_to_user(argp, &jsf0.id, JSFIDSZ))
400			return -EFAULT;
401		break;
402	case JSFLASH_ERASE:
403		error = jsf_ioctl_erase(arg);
404		break;
405	case JSFLASH_PROGRAM:
406		error = jsf_ioctl_program(argp);
407		break;
408	}
409
410	return error;
411}
412
413static int jsf_mmap(struct file * file, struct vm_area_struct * vma)
414{
415	return -ENXIO;
416}
417
418static int jsf_open(struct inode * inode, struct file * filp)
419{
420	lock_kernel();
421	if (jsf0.base == 0) {
422		unlock_kernel();
423		return -ENXIO;
424	}
425	if (test_and_set_bit(0, (void *)&jsf0.busy) != 0) {
426		unlock_kernel();
427		return -EBUSY;
428	}
429
430	unlock_kernel();
431	return 0;	/* XXX What security? */
432}
433
434static int jsf_release(struct inode *inode, struct file *file)
435{
436	jsf0.busy = 0;
437	return 0;
438}
439
440static const struct file_operations jsf_fops = {
441	.owner =	THIS_MODULE,
442	.llseek =	jsf_lseek,
443	.read =		jsf_read,
444	.write =	jsf_write,
445	.ioctl =	jsf_ioctl,
446	.mmap =		jsf_mmap,
447	.open =		jsf_open,
448	.release =	jsf_release,
449};
450
451static struct miscdevice jsf_dev = { JSF_MINOR, "jsflash", &jsf_fops };
452
453static struct block_device_operations jsfd_fops = {
454	.owner =	THIS_MODULE,
455};
456
457static int jsflash_init(void)
458{
459	int rc;
460	struct jsflash *jsf;
461	int node;
462	char banner[128];
463	struct linux_prom_registers reg0;
464
465	node = prom_getchild(prom_root_node);
466	node = prom_searchsiblings(node, "flash-memory");
467	if (node != 0 && node != -1) {
468		if (prom_getproperty(node, "reg",
469		    (char *)&reg0, sizeof(reg0)) == -1) {
470			printk("jsflash: no \"reg\" property\n");
471			return -ENXIO;
472		}
473		if (reg0.which_io != 0) {
474			printk("jsflash: bus number nonzero: 0x%x:%x\n",
475			    reg0.which_io, reg0.phys_addr);
476			return -ENXIO;
477		}
478		/*
479		 * Flash may be somewhere else, for instance on Ebus.
480		 * So, don't do the following check for IIep flash space.
481		 */
482#if 0
483		if ((reg0.phys_addr >> 24) != 0x20) {
484			printk("jsflash: suspicious address: 0x%x:%x\n",
485			    reg0.which_io, reg0.phys_addr);
486			return -ENXIO;
487		}
488#endif
489		if ((int)reg0.reg_size <= 0) {
490			printk("jsflash: bad size 0x%x\n", (int)reg0.reg_size);
491			return -ENXIO;
492		}
493	} else {
494		/* XXX Remove this code once PROLL ID12 got widespread */
495		printk("jsflash: no /flash-memory node, use PROLL >= 12\n");
496		prom_getproperty(prom_root_node, "banner-name", banner, 128);
497		if (strcmp (banner, "JavaStation-NC") != 0 &&
498		    strcmp (banner, "JavaStation-E") != 0) {
499			return -ENXIO;
500		}
501		reg0.which_io = 0;
502		reg0.phys_addr = 0x20400000;
503		reg0.reg_size  = 0x00800000;
504	}
505
506	/* Let us be really paranoid for modifications to probing code. */
507	/* extern enum sparc_cpu sparc_cpu_model; */ /* in <asm/system.h> */
508	if (sparc_cpu_model != sun4m) {
509		/* We must be on sun4m because we use MMU Bypass ASI. */
510		return -ENXIO;
511	}
512
513	if (jsf0.base == 0) {
514		jsf = &jsf0;
515
516		jsf->base = reg0.phys_addr;
517		jsf->size = reg0.reg_size;
518
519		/* XXX Redo the userland interface. */
520		jsf->id.off = JSF_BASE_ALL;
521		jsf->id.size = 0x01000000;	/* 16M - all segments */
522		strcpy(jsf->id.name, "Krups_all");
523
524		jsf->dv[0].dbase = jsf->base;
525		jsf->dv[0].dsize = jsf->size;
526		jsf->dv[1].dbase = jsf->base + 1024;
527		jsf->dv[1].dsize = jsf->size - 1024;
528		jsf->dv[2].dbase = JSF_BASE_ALL;
529		jsf->dv[2].dsize = 0x01000000;
530
531		printk("Espresso Flash @0x%lx [%d MB]\n", jsf->base,
532		    (int) (jsf->size / (1024*1024)));
533	}
534
535	if ((rc = misc_register(&jsf_dev)) != 0) {
536		printk(KERN_ERR "jsf: unable to get misc minor %d\n",
537		    JSF_MINOR);
538		jsf0.base = 0;
539		return rc;
540	}
541
542	return 0;
543}
544
545static struct request_queue *jsf_queue;
546
547static int jsfd_init(void)
548{
549	static DEFINE_SPINLOCK(lock);
550	struct jsflash *jsf;
551	struct jsfd_part *jdp;
552	int err;
553	int i;
554
555	if (jsf0.base == 0)
556		return -ENXIO;
557
558	err = -ENOMEM;
559	for (i = 0; i < JSF_MAX; i++) {
560		struct gendisk *disk = alloc_disk(1);
561		if (!disk)
562			goto out;
563		jsfd_disk[i] = disk;
564	}
565
566	if (register_blkdev(JSFD_MAJOR, "jsfd")) {
567		err = -EIO;
568		goto out;
569	}
570
571	jsf_queue = blk_init_queue(jsfd_do_request, &lock);
572	if (!jsf_queue) {
573		err = -ENOMEM;
574		unregister_blkdev(JSFD_MAJOR, "jsfd");
575		goto out;
576	}
577
578	for (i = 0; i < JSF_MAX; i++) {
579		struct gendisk *disk = jsfd_disk[i];
580		if ((i & JSF_PART_MASK) >= JSF_NPART) continue;
581		jsf = &jsf0;	/* actually, &jsfv[i >> JSF_PART_BITS] */
582		jdp = &jsf->dv[i&JSF_PART_MASK];
583
584		disk->major = JSFD_MAJOR;
585		disk->first_minor = i;
586		sprintf(disk->disk_name, "jsfd%d", i);
587		disk->fops = &jsfd_fops;
588		set_capacity(disk, jdp->dsize >> 9);
589		disk->private_data = jdp;
590		disk->queue = jsf_queue;
591		add_disk(disk);
592		set_disk_ro(disk, 1);
593	}
594	return 0;
595out:
596	while (i--)
597		put_disk(jsfd_disk[i]);
598	return err;
599}
600
601MODULE_LICENSE("GPL");
602
603static int __init jsflash_init_module(void) {
604	int rc;
605
606	if ((rc = jsflash_init()) == 0) {
607		jsfd_init();
608		return 0;
609	}
610	return rc;
611}
612
613static void __exit jsflash_cleanup_module(void)
614{
615	int i;
616
617	for (i = 0; i < JSF_MAX; i++) {
618		if ((i & JSF_PART_MASK) >= JSF_NPART) continue;
619		del_gendisk(jsfd_disk[i]);
620		put_disk(jsfd_disk[i]);
621	}
622	if (jsf0.busy)
623		printk("jsf0: cleaning busy unit\n");
624	jsf0.base = 0;
625	jsf0.busy = 0;
626
627	misc_deregister(&jsf_dev);
628	unregister_blkdev(JSFD_MAJOR, "jsfd");
629	blk_cleanup_queue(jsf_queue);
630}
631
632module_init(jsflash_init_module);
633module_exit(jsflash_cleanup_module);
634