jsflash.c revision 54074d59320581a6d7e4f4dd405e8cac1d174b75
1/* 2 * drivers/sbus/char/jsflash.c 3 * 4 * Copyright (C) 1991, 1992 Linus Torvalds (drivers/char/mem.c) 5 * Copyright (C) 1997 Eddie C. Dost (drivers/sbus/char/flash.c) 6 * Copyright (C) 1997-2000 Pavel Machek <pavel@ucw.cz> (drivers/block/nbd.c) 7 * Copyright (C) 1999-2000 Pete Zaitcev 8 * 9 * This driver is used to program OS into a Flash SIMM on 10 * Krups and Espresso platforms. 11 * 12 * TODO: do not allow erase/programming if file systems are mounted. 13 * TODO: Erase/program both banks of a 8MB SIMM. 14 * 15 * It is anticipated that programming an OS Flash will be a routine 16 * procedure. In the same time it is exeedingly dangerous because 17 * a user can program its OBP flash with OS image and effectively 18 * kill the machine. 19 * 20 * This driver uses an interface different from Eddie's flash.c 21 * as a silly safeguard. 22 * 23 * XXX The flash.c manipulates page caching characteristics in a certain 24 * dubious way; also it assumes that remap_pfn_range() can remap 25 * PCI bus locations, which may be false. ioremap() must be used 26 * instead. We should discuss this. 27 */ 28 29#include <linux/module.h> 30#include <linux/smp_lock.h> 31#include <linux/types.h> 32#include <linux/errno.h> 33#include <linux/miscdevice.h> 34#include <linux/slab.h> 35#include <linux/fcntl.h> 36#include <linux/poll.h> 37#include <linux/init.h> 38#include <linux/string.h> 39#include <linux/genhd.h> 40#include <linux/blkdev.h> 41 42#define MAJOR_NR JSFD_MAJOR 43 44#include <asm/uaccess.h> 45#include <asm/pgtable.h> 46#include <asm/io.h> 47#include <asm/pcic.h> 48#include <asm/oplib.h> 49 50#include <asm/jsflash.h> /* ioctl arguments. <linux/> ?? */ 51#define JSFIDSZ (sizeof(struct jsflash_ident_arg)) 52#define JSFPRGSZ (sizeof(struct jsflash_program_arg)) 53 54/* 55 * Our device numbers have no business in system headers. 56 * The only thing a user knows is the device name /dev/jsflash. 57 * 58 * Block devices are laid out like this: 59 * minor+0 - Bootstrap, for 8MB SIMM 0x20400000[0x800000] 60 * minor+1 - Filesystem to mount, normally 0x20400400[0x7ffc00] 61 * minor+2 - Whole flash area for any case... 0x20000000[0x01000000] 62 * Total 3 minors per flash device. 63 * 64 * It is easier to have static size vectors, so we define 65 * a total minor range JSF_MAX, which must cover all minors. 66 */ 67/* character device */ 68#define JSF_MINOR 178 /* 178 is registered with hpa */ 69/* block device */ 70#define JSF_MAX 3 /* 3 minors wasted total so far. */ 71#define JSF_NPART 3 /* 3 minors per flash device */ 72#define JSF_PART_BITS 2 /* 2 bits of minors to cover JSF_NPART */ 73#define JSF_PART_MASK 0x3 /* 2 bits mask */ 74 75/* 76 * Access functions. 77 * We could ioremap(), but it's easier this way. 78 */ 79static unsigned int jsf_inl(unsigned long addr) 80{ 81 unsigned long retval; 82 83 __asm__ __volatile__("lda [%1] %2, %0\n\t" : 84 "=r" (retval) : 85 "r" (addr), "i" (ASI_M_BYPASS)); 86 return retval; 87} 88 89static void jsf_outl(unsigned long addr, __u32 data) 90{ 91 92 __asm__ __volatile__("sta %0, [%1] %2\n\t" : : 93 "r" (data), "r" (addr), "i" (ASI_M_BYPASS) : 94 "memory"); 95} 96 97/* 98 * soft carrier 99 */ 100 101struct jsfd_part { 102 unsigned long dbase; 103 unsigned long dsize; 104}; 105 106struct jsflash { 107 unsigned long base; 108 unsigned long size; 109 unsigned long busy; /* In use? */ 110 struct jsflash_ident_arg id; 111 /* int mbase; */ /* Minor base, typically zero */ 112 struct jsfd_part dv[JSF_NPART]; 113}; 114 115/* 116 * We do not map normal memory or obio as a safety precaution. 117 * But offsets are real, for ease of userland programming. 118 */ 119#define JSF_BASE_TOP 0x30000000 120#define JSF_BASE_ALL 0x20000000 121 122#define JSF_BASE_JK 0x20400000 123 124/* 125 */ 126static struct gendisk *jsfd_disk[JSF_MAX]; 127 128/* 129 * Let's pretend we may have several of these... 130 */ 131static struct jsflash jsf0; 132 133/* 134 * Wait for AMD to finish its embedded algorithm. 135 * We use the Toggle bit DQ6 (0x40) because it does not 136 * depend on the data value as /DATA bit DQ7 does. 137 * 138 * XXX Do we need any timeout here? So far it never hanged, beware broken hw. 139 */ 140static void jsf_wait(unsigned long p) { 141 unsigned int x1, x2; 142 143 for (;;) { 144 x1 = jsf_inl(p); 145 x2 = jsf_inl(p); 146 if ((x1 & 0x40404040) == (x2 & 0x40404040)) return; 147 } 148} 149 150/* 151 * Programming will only work if Flash is clean, 152 * we leave it to the programmer application. 153 * 154 * AMD must be programmed one byte at a time; 155 * thus, Simple Tech SIMM must be written 4 bytes at a time. 156 * 157 * Write waits for the chip to become ready after the write 158 * was finished. This is done so that application would read 159 * consistent data after the write is done. 160 */ 161static void jsf_write4(unsigned long fa, u32 data) { 162 163 jsf_outl(fa, 0xAAAAAAAA); /* Unlock 1 Write 1 */ 164 jsf_outl(fa, 0x55555555); /* Unlock 1 Write 2 */ 165 jsf_outl(fa, 0xA0A0A0A0); /* Byte Program */ 166 jsf_outl(fa, data); 167 168 jsf_wait(fa); 169} 170 171/* 172 */ 173static void jsfd_read(char *buf, unsigned long p, size_t togo) { 174 union byte4 { 175 char s[4]; 176 unsigned int n; 177 } b; 178 179 while (togo >= 4) { 180 togo -= 4; 181 b.n = jsf_inl(p); 182 memcpy(buf, b.s, 4); 183 p += 4; 184 buf += 4; 185 } 186} 187 188static void jsfd_do_request(struct request_queue *q) 189{ 190 struct request *req; 191 192 while ((req = elv_next_request(q)) != NULL) { 193 struct jsfd_part *jdp = req->rq_disk->private_data; 194 unsigned long offset = req->sector << 9; 195 size_t len = req->current_nr_sectors << 9; 196 197 if ((offset + len) > jdp->dsize) { 198 end_request(req, 0); 199 continue; 200 } 201 202 if (rq_data_dir(req) != READ) { 203 printk(KERN_ERR "jsfd: write\n"); 204 end_request(req, 0); 205 continue; 206 } 207 208 if ((jdp->dbase & 0xff000000) != 0x20000000) { 209 printk(KERN_ERR "jsfd: bad base %x\n", (int)jdp->dbase); 210 end_request(req, 0); 211 continue; 212 } 213 214 jsfd_read(req->buffer, jdp->dbase + offset, len); 215 216 end_request(req, 1); 217 } 218} 219 220/* 221 * The memory devices use the full 32/64 bits of the offset, and so we cannot 222 * check against negative addresses: they are ok. The return value is weird, 223 * though, in that case (0). 224 * 225 * also note that seeking relative to the "end of file" isn't supported: 226 * it has no meaning, so it returns -EINVAL. 227 */ 228static loff_t jsf_lseek(struct file * file, loff_t offset, int orig) 229{ 230 loff_t ret; 231 232 lock_kernel(); 233 switch (orig) { 234 case 0: 235 file->f_pos = offset; 236 ret = file->f_pos; 237 break; 238 case 1: 239 file->f_pos += offset; 240 ret = file->f_pos; 241 break; 242 default: 243 ret = -EINVAL; 244 } 245 unlock_kernel(); 246 return ret; 247} 248 249/* 250 * OS SIMM Cannot be read in other size but a 32bits word. 251 */ 252static ssize_t jsf_read(struct file * file, char __user * buf, 253 size_t togo, loff_t *ppos) 254{ 255 unsigned long p = *ppos; 256 char __user *tmp = buf; 257 258 union byte4 { 259 char s[4]; 260 unsigned int n; 261 } b; 262 263 if (p < JSF_BASE_ALL || p >= JSF_BASE_TOP) { 264 return 0; 265 } 266 267 if ((p + togo) < p /* wrap */ 268 || (p + togo) >= JSF_BASE_TOP) { 269 togo = JSF_BASE_TOP - p; 270 } 271 272 if (p < JSF_BASE_ALL && togo != 0) { 273#if 0 /* __bzero XXX */ 274 size_t x = JSF_BASE_ALL - p; 275 if (x > togo) x = togo; 276 clear_user(tmp, x); 277 tmp += x; 278 p += x; 279 togo -= x; 280#else 281 /* 282 * Implementation of clear_user() calls __bzero 283 * without regard to modversions, 284 * so we cannot build a module. 285 */ 286 return 0; 287#endif 288 } 289 290 while (togo >= 4) { 291 togo -= 4; 292 b.n = jsf_inl(p); 293 if (copy_to_user(tmp, b.s, 4)) 294 return -EFAULT; 295 tmp += 4; 296 p += 4; 297 } 298 299 /* 300 * XXX Small togo may remain if 1 byte is ordered. 301 * It would be nice if we did a word size read and unpacked it. 302 */ 303 304 *ppos = p; 305 return tmp-buf; 306} 307 308static ssize_t jsf_write(struct file * file, const char __user * buf, 309 size_t count, loff_t *ppos) 310{ 311 return -ENOSPC; 312} 313 314/* 315 */ 316static int jsf_ioctl_erase(unsigned long arg) 317{ 318 unsigned long p; 319 320 /* p = jsf0.base; hits wrong bank */ 321 p = 0x20400000; 322 323 jsf_outl(p, 0xAAAAAAAA); /* Unlock 1 Write 1 */ 324 jsf_outl(p, 0x55555555); /* Unlock 1 Write 2 */ 325 jsf_outl(p, 0x80808080); /* Erase setup */ 326 jsf_outl(p, 0xAAAAAAAA); /* Unlock 2 Write 1 */ 327 jsf_outl(p, 0x55555555); /* Unlock 2 Write 2 */ 328 jsf_outl(p, 0x10101010); /* Chip erase */ 329 330#if 0 331 /* 332 * This code is ok, except that counter based timeout 333 * has no place in this world. Let's just drop timeouts... 334 */ 335 { 336 int i; 337 __u32 x; 338 for (i = 0; i < 1000000; i++) { 339 x = jsf_inl(p); 340 if ((x & 0x80808080) == 0x80808080) break; 341 } 342 if ((x & 0x80808080) != 0x80808080) { 343 printk("jsf0: erase timeout with 0x%08x\n", x); 344 } else { 345 printk("jsf0: erase done with 0x%08x\n", x); 346 } 347 } 348#else 349 jsf_wait(p); 350#endif 351 352 return 0; 353} 354 355/* 356 * Program a block of flash. 357 * Very simple because we can do it byte by byte anyway. 358 */ 359static int jsf_ioctl_program(void __user *arg) 360{ 361 struct jsflash_program_arg abuf; 362 char __user *uptr; 363 unsigned long p; 364 unsigned int togo; 365 union { 366 unsigned int n; 367 char s[4]; 368 } b; 369 370 if (copy_from_user(&abuf, arg, JSFPRGSZ)) 371 return -EFAULT; 372 p = abuf.off; 373 togo = abuf.size; 374 if ((togo & 3) || (p & 3)) return -EINVAL; 375 376 uptr = (char __user *) (unsigned long) abuf.data; 377 while (togo != 0) { 378 togo -= 4; 379 if (copy_from_user(&b.s[0], uptr, 4)) 380 return -EFAULT; 381 jsf_write4(p, b.n); 382 p += 4; 383 uptr += 4; 384 } 385 386 return 0; 387} 388 389static int jsf_ioctl(struct inode *inode, struct file *f, unsigned int cmd, 390 unsigned long arg) 391{ 392 int error = -ENOTTY; 393 void __user *argp = (void __user *)arg; 394 395 if (!capable(CAP_SYS_ADMIN)) 396 return -EPERM; 397 switch (cmd) { 398 case JSFLASH_IDENT: 399 if (copy_to_user(argp, &jsf0.id, JSFIDSZ)) 400 return -EFAULT; 401 break; 402 case JSFLASH_ERASE: 403 error = jsf_ioctl_erase(arg); 404 break; 405 case JSFLASH_PROGRAM: 406 error = jsf_ioctl_program(argp); 407 break; 408 } 409 410 return error; 411} 412 413static int jsf_mmap(struct file * file, struct vm_area_struct * vma) 414{ 415 return -ENXIO; 416} 417 418static int jsf_open(struct inode * inode, struct file * filp) 419{ 420 lock_kernel(); 421 if (jsf0.base == 0) { 422 unlock_kernel(); 423 return -ENXIO; 424 } 425 if (test_and_set_bit(0, (void *)&jsf0.busy) != 0) { 426 unlock_kernel(); 427 return -EBUSY; 428 } 429 430 unlock_kernel(); 431 return 0; /* XXX What security? */ 432} 433 434static int jsf_release(struct inode *inode, struct file *file) 435{ 436 jsf0.busy = 0; 437 return 0; 438} 439 440static const struct file_operations jsf_fops = { 441 .owner = THIS_MODULE, 442 .llseek = jsf_lseek, 443 .read = jsf_read, 444 .write = jsf_write, 445 .ioctl = jsf_ioctl, 446 .mmap = jsf_mmap, 447 .open = jsf_open, 448 .release = jsf_release, 449}; 450 451static struct miscdevice jsf_dev = { JSF_MINOR, "jsflash", &jsf_fops }; 452 453static struct block_device_operations jsfd_fops = { 454 .owner = THIS_MODULE, 455}; 456 457static int jsflash_init(void) 458{ 459 int rc; 460 struct jsflash *jsf; 461 int node; 462 char banner[128]; 463 struct linux_prom_registers reg0; 464 465 node = prom_getchild(prom_root_node); 466 node = prom_searchsiblings(node, "flash-memory"); 467 if (node != 0 && node != -1) { 468 if (prom_getproperty(node, "reg", 469 (char *)®0, sizeof(reg0)) == -1) { 470 printk("jsflash: no \"reg\" property\n"); 471 return -ENXIO; 472 } 473 if (reg0.which_io != 0) { 474 printk("jsflash: bus number nonzero: 0x%x:%x\n", 475 reg0.which_io, reg0.phys_addr); 476 return -ENXIO; 477 } 478 /* 479 * Flash may be somewhere else, for instance on Ebus. 480 * So, don't do the following check for IIep flash space. 481 */ 482#if 0 483 if ((reg0.phys_addr >> 24) != 0x20) { 484 printk("jsflash: suspicious address: 0x%x:%x\n", 485 reg0.which_io, reg0.phys_addr); 486 return -ENXIO; 487 } 488#endif 489 if ((int)reg0.reg_size <= 0) { 490 printk("jsflash: bad size 0x%x\n", (int)reg0.reg_size); 491 return -ENXIO; 492 } 493 } else { 494 /* XXX Remove this code once PROLL ID12 got widespread */ 495 printk("jsflash: no /flash-memory node, use PROLL >= 12\n"); 496 prom_getproperty(prom_root_node, "banner-name", banner, 128); 497 if (strcmp (banner, "JavaStation-NC") != 0 && 498 strcmp (banner, "JavaStation-E") != 0) { 499 return -ENXIO; 500 } 501 reg0.which_io = 0; 502 reg0.phys_addr = 0x20400000; 503 reg0.reg_size = 0x00800000; 504 } 505 506 /* Let us be really paranoid for modifications to probing code. */ 507 /* extern enum sparc_cpu sparc_cpu_model; */ /* in <asm/system.h> */ 508 if (sparc_cpu_model != sun4m) { 509 /* We must be on sun4m because we use MMU Bypass ASI. */ 510 return -ENXIO; 511 } 512 513 if (jsf0.base == 0) { 514 jsf = &jsf0; 515 516 jsf->base = reg0.phys_addr; 517 jsf->size = reg0.reg_size; 518 519 /* XXX Redo the userland interface. */ 520 jsf->id.off = JSF_BASE_ALL; 521 jsf->id.size = 0x01000000; /* 16M - all segments */ 522 strcpy(jsf->id.name, "Krups_all"); 523 524 jsf->dv[0].dbase = jsf->base; 525 jsf->dv[0].dsize = jsf->size; 526 jsf->dv[1].dbase = jsf->base + 1024; 527 jsf->dv[1].dsize = jsf->size - 1024; 528 jsf->dv[2].dbase = JSF_BASE_ALL; 529 jsf->dv[2].dsize = 0x01000000; 530 531 printk("Espresso Flash @0x%lx [%d MB]\n", jsf->base, 532 (int) (jsf->size / (1024*1024))); 533 } 534 535 if ((rc = misc_register(&jsf_dev)) != 0) { 536 printk(KERN_ERR "jsf: unable to get misc minor %d\n", 537 JSF_MINOR); 538 jsf0.base = 0; 539 return rc; 540 } 541 542 return 0; 543} 544 545static struct request_queue *jsf_queue; 546 547static int jsfd_init(void) 548{ 549 static DEFINE_SPINLOCK(lock); 550 struct jsflash *jsf; 551 struct jsfd_part *jdp; 552 int err; 553 int i; 554 555 if (jsf0.base == 0) 556 return -ENXIO; 557 558 err = -ENOMEM; 559 for (i = 0; i < JSF_MAX; i++) { 560 struct gendisk *disk = alloc_disk(1); 561 if (!disk) 562 goto out; 563 jsfd_disk[i] = disk; 564 } 565 566 if (register_blkdev(JSFD_MAJOR, "jsfd")) { 567 err = -EIO; 568 goto out; 569 } 570 571 jsf_queue = blk_init_queue(jsfd_do_request, &lock); 572 if (!jsf_queue) { 573 err = -ENOMEM; 574 unregister_blkdev(JSFD_MAJOR, "jsfd"); 575 goto out; 576 } 577 578 for (i = 0; i < JSF_MAX; i++) { 579 struct gendisk *disk = jsfd_disk[i]; 580 if ((i & JSF_PART_MASK) >= JSF_NPART) continue; 581 jsf = &jsf0; /* actually, &jsfv[i >> JSF_PART_BITS] */ 582 jdp = &jsf->dv[i&JSF_PART_MASK]; 583 584 disk->major = JSFD_MAJOR; 585 disk->first_minor = i; 586 sprintf(disk->disk_name, "jsfd%d", i); 587 disk->fops = &jsfd_fops; 588 set_capacity(disk, jdp->dsize >> 9); 589 disk->private_data = jdp; 590 disk->queue = jsf_queue; 591 add_disk(disk); 592 set_disk_ro(disk, 1); 593 } 594 return 0; 595out: 596 while (i--) 597 put_disk(jsfd_disk[i]); 598 return err; 599} 600 601MODULE_LICENSE("GPL"); 602 603static int __init jsflash_init_module(void) { 604 int rc; 605 606 if ((rc = jsflash_init()) == 0) { 607 jsfd_init(); 608 return 0; 609 } 610 return rc; 611} 612 613static void __exit jsflash_cleanup_module(void) 614{ 615 int i; 616 617 for (i = 0; i < JSF_MAX; i++) { 618 if ((i & JSF_PART_MASK) >= JSF_NPART) continue; 619 del_gendisk(jsfd_disk[i]); 620 put_disk(jsfd_disk[i]); 621 } 622 if (jsf0.busy) 623 printk("jsf0: cleaning busy unit\n"); 624 jsf0.base = 0; 625 jsf0.busy = 0; 626 627 misc_deregister(&jsf_dev); 628 unregister_blkdev(JSFD_MAJOR, "jsfd"); 629 blk_cleanup_queue(jsf_queue); 630} 631 632module_init(jsflash_init_module); 633module_exit(jsflash_cleanup_module); 634