1 /*
2 * drivers/sbus/char/jsflash.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds (drivers/char/mem.c)
5 * Copyright (C) 1997 Eddie C. Dost (drivers/sbus/char/flash.c)
6 * Copyright (C) 1997-2000 Pavel Machek <pavel@ucw.cz> (drivers/block/nbd.c)
7 * Copyright (C) 1999-2000 Pete Zaitcev
8 *
9 * This driver is used to program OS into a Flash SIMM on
10 * Krups and Espresso platforms.
11 *
12 * TODO: do not allow erase/programming if file systems are mounted.
13 * TODO: Erase/program both banks of a 8MB SIMM.
14 *
15 * It is anticipated that programming an OS Flash will be a routine
16 * procedure. In the same time it is exceedingly dangerous because
17 * a user can program its OBP flash with OS image and effectively
18 * kill the machine.
19 *
20 * This driver uses an interface different from Eddie's flash.c
21 * as a silly safeguard.
22 *
23 * XXX The flash.c manipulates page caching characteristics in a certain
24 * dubious way; also it assumes that remap_pfn_range() can remap
25 * PCI bus locations, which may be false. ioremap() must be used
26 * instead. We should discuss this.
27 */
28
29 #include <linux/module.h>
30 #include <linux/mutex.h>
31 #include <linux/types.h>
32 #include <linux/errno.h>
33 #include <linux/miscdevice.h>
34 #include <linux/fcntl.h>
35 #include <linux/poll.h>
36 #include <linux/init.h>
37 #include <linux/string.h>
38 #include <linux/genhd.h>
39 #include <linux/blkdev.h>
40 #include <linux/uaccess.h>
41 #include <asm/pgtable.h>
42 #include <asm/io.h>
43 #include <asm/pcic.h>
44 #include <asm/oplib.h>
45
46 #include <asm/jsflash.h> /* ioctl arguments. <linux/> ?? */
47 #define JSFIDSZ (sizeof(struct jsflash_ident_arg))
48 #define JSFPRGSZ (sizeof(struct jsflash_program_arg))
49
50 /*
51 * Our device numbers have no business in system headers.
52 * The only thing a user knows is the device name /dev/jsflash.
53 *
54 * Block devices are laid out like this:
55 * minor+0 - Bootstrap, for 8MB SIMM 0x20400000[0x800000]
56 * minor+1 - Filesystem to mount, normally 0x20400400[0x7ffc00]
57 * minor+2 - Whole flash area for any case... 0x20000000[0x01000000]
58 * Total 3 minors per flash device.
59 *
60 * It is easier to have static size vectors, so we define
61 * a total minor range JSF_MAX, which must cover all minors.
62 */
63 /* character device */
64 #define JSF_MINOR 178 /* 178 is registered with hpa */
65 /* block device */
66 #define JSF_MAX 3 /* 3 minors wasted total so far. */
67 #define JSF_NPART 3 /* 3 minors per flash device */
68 #define JSF_PART_BITS 2 /* 2 bits of minors to cover JSF_NPART */
69 #define JSF_PART_MASK 0x3 /* 2 bits mask */
70
71 static DEFINE_MUTEX(jsf_mutex);
72
73 /*
74 * Access functions.
75 * We could ioremap(), but it's easier this way.
76 */
jsf_inl(unsigned long addr)77 static unsigned int jsf_inl(unsigned long addr)
78 {
79 unsigned long retval;
80
81 __asm__ __volatile__("lda [%1] %2, %0\n\t" :
82 "=r" (retval) :
83 "r" (addr), "i" (ASI_M_BYPASS));
84 return retval;
85 }
86
jsf_outl(unsigned long addr,__u32 data)87 static void jsf_outl(unsigned long addr, __u32 data)
88 {
89
90 __asm__ __volatile__("sta %0, [%1] %2\n\t" : :
91 "r" (data), "r" (addr), "i" (ASI_M_BYPASS) :
92 "memory");
93 }
94
95 /*
96 * soft carrier
97 */
98
99 struct jsfd_part {
100 unsigned long dbase;
101 unsigned long dsize;
102 };
103
104 struct jsflash {
105 unsigned long base;
106 unsigned long size;
107 unsigned long busy; /* In use? */
108 struct jsflash_ident_arg id;
109 /* int mbase; */ /* Minor base, typically zero */
110 struct jsfd_part dv[JSF_NPART];
111 };
112
113 /*
114 * We do not map normal memory or obio as a safety precaution.
115 * But offsets are real, for ease of userland programming.
116 */
117 #define JSF_BASE_TOP 0x30000000
118 #define JSF_BASE_ALL 0x20000000
119
120 #define JSF_BASE_JK 0x20400000
121
122 /*
123 */
124 static struct gendisk *jsfd_disk[JSF_MAX];
125
126 /*
127 * Let's pretend we may have several of these...
128 */
129 static struct jsflash jsf0;
130
131 /*
132 * Wait for AMD to finish its embedded algorithm.
133 * We use the Toggle bit DQ6 (0x40) because it does not
134 * depend on the data value as /DATA bit DQ7 does.
135 *
136 * XXX Do we need any timeout here? So far it never hanged, beware broken hw.
137 */
jsf_wait(unsigned long p)138 static void jsf_wait(unsigned long p) {
139 unsigned int x1, x2;
140
141 for (;;) {
142 x1 = jsf_inl(p);
143 x2 = jsf_inl(p);
144 if ((x1 & 0x40404040) == (x2 & 0x40404040)) return;
145 }
146 }
147
148 /*
149 * Programming will only work if Flash is clean,
150 * we leave it to the programmer application.
151 *
152 * AMD must be programmed one byte at a time;
153 * thus, Simple Tech SIMM must be written 4 bytes at a time.
154 *
155 * Write waits for the chip to become ready after the write
156 * was finished. This is done so that application would read
157 * consistent data after the write is done.
158 */
jsf_write4(unsigned long fa,u32 data)159 static void jsf_write4(unsigned long fa, u32 data) {
160
161 jsf_outl(fa, 0xAAAAAAAA); /* Unlock 1 Write 1 */
162 jsf_outl(fa, 0x55555555); /* Unlock 1 Write 2 */
163 jsf_outl(fa, 0xA0A0A0A0); /* Byte Program */
164 jsf_outl(fa, data);
165
166 jsf_wait(fa);
167 }
168
169 /*
170 */
jsfd_read(char * buf,unsigned long p,size_t togo)171 static void jsfd_read(char *buf, unsigned long p, size_t togo) {
172 union byte4 {
173 char s[4];
174 unsigned int n;
175 } b;
176
177 while (togo >= 4) {
178 togo -= 4;
179 b.n = jsf_inl(p);
180 memcpy(buf, b.s, 4);
181 p += 4;
182 buf += 4;
183 }
184 }
185
186 static int jsfd_queue;
187
jsfd_next_request(void)188 static struct request *jsfd_next_request(void)
189 {
190 struct request_queue *q;
191 struct request *rq;
192 int old_pos = jsfd_queue;
193
194 do {
195 q = jsfd_disk[jsfd_queue]->queue;
196 if (++jsfd_queue == JSF_MAX)
197 jsfd_queue = 0;
198 if (q) {
199 rq = blk_fetch_request(q);
200 if (rq)
201 return rq;
202 }
203 } while (jsfd_queue != old_pos);
204
205 return NULL;
206 }
207
jsfd_request(void)208 static void jsfd_request(void)
209 {
210 struct request *req;
211
212 req = jsfd_next_request();
213 while (req) {
214 struct jsfd_part *jdp = req->rq_disk->private_data;
215 unsigned long offset = blk_rq_pos(req) << 9;
216 size_t len = blk_rq_cur_bytes(req);
217 blk_status_t err = BLK_STS_IOERR;
218
219 if ((offset + len) > jdp->dsize)
220 goto end;
221
222 if (rq_data_dir(req) != READ) {
223 printk(KERN_ERR "jsfd: write\n");
224 goto end;
225 }
226
227 if ((jdp->dbase & 0xff000000) != 0x20000000) {
228 printk(KERN_ERR "jsfd: bad base %x\n", (int)jdp->dbase);
229 goto end;
230 }
231
232 jsfd_read(bio_data(req->bio), jdp->dbase + offset, len);
233 err = BLK_STS_OK;
234 end:
235 if (!__blk_end_request_cur(req, err))
236 req = jsfd_next_request();
237 }
238 }
239
jsfd_do_request(struct request_queue * q)240 static void jsfd_do_request(struct request_queue *q)
241 {
242 jsfd_request();
243 }
244
245 /*
246 * The memory devices use the full 32/64 bits of the offset, and so we cannot
247 * check against negative addresses: they are ok. The return value is weird,
248 * though, in that case (0).
249 *
250 * also note that seeking relative to the "end of file" isn't supported:
251 * it has no meaning, so it returns -EINVAL.
252 */
jsf_lseek(struct file * file,loff_t offset,int orig)253 static loff_t jsf_lseek(struct file * file, loff_t offset, int orig)
254 {
255 loff_t ret;
256
257 mutex_lock(&jsf_mutex);
258 switch (orig) {
259 case 0:
260 file->f_pos = offset;
261 ret = file->f_pos;
262 break;
263 case 1:
264 file->f_pos += offset;
265 ret = file->f_pos;
266 break;
267 default:
268 ret = -EINVAL;
269 }
270 mutex_unlock(&jsf_mutex);
271 return ret;
272 }
273
274 /*
275 * OS SIMM Cannot be read in other size but a 32bits word.
276 */
jsf_read(struct file * file,char __user * buf,size_t togo,loff_t * ppos)277 static ssize_t jsf_read(struct file * file, char __user * buf,
278 size_t togo, loff_t *ppos)
279 {
280 unsigned long p = *ppos;
281 char __user *tmp = buf;
282
283 union byte4 {
284 char s[4];
285 unsigned int n;
286 } b;
287
288 if (p < JSF_BASE_ALL || p >= JSF_BASE_TOP) {
289 return 0;
290 }
291
292 if ((p + togo) < p /* wrap */
293 || (p + togo) >= JSF_BASE_TOP) {
294 togo = JSF_BASE_TOP - p;
295 }
296
297 if (p < JSF_BASE_ALL && togo != 0) {
298 #if 0 /* __bzero XXX */
299 size_t x = JSF_BASE_ALL - p;
300 if (x > togo) x = togo;
301 clear_user(tmp, x);
302 tmp += x;
303 p += x;
304 togo -= x;
305 #else
306 /*
307 * Implementation of clear_user() calls __bzero
308 * without regard to modversions,
309 * so we cannot build a module.
310 */
311 return 0;
312 #endif
313 }
314
315 while (togo >= 4) {
316 togo -= 4;
317 b.n = jsf_inl(p);
318 if (copy_to_user(tmp, b.s, 4))
319 return -EFAULT;
320 tmp += 4;
321 p += 4;
322 }
323
324 /*
325 * XXX Small togo may remain if 1 byte is ordered.
326 * It would be nice if we did a word size read and unpacked it.
327 */
328
329 *ppos = p;
330 return tmp-buf;
331 }
332
jsf_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)333 static ssize_t jsf_write(struct file * file, const char __user * buf,
334 size_t count, loff_t *ppos)
335 {
336 return -ENOSPC;
337 }
338
339 /*
340 */
jsf_ioctl_erase(unsigned long arg)341 static int jsf_ioctl_erase(unsigned long arg)
342 {
343 unsigned long p;
344
345 /* p = jsf0.base; hits wrong bank */
346 p = 0x20400000;
347
348 jsf_outl(p, 0xAAAAAAAA); /* Unlock 1 Write 1 */
349 jsf_outl(p, 0x55555555); /* Unlock 1 Write 2 */
350 jsf_outl(p, 0x80808080); /* Erase setup */
351 jsf_outl(p, 0xAAAAAAAA); /* Unlock 2 Write 1 */
352 jsf_outl(p, 0x55555555); /* Unlock 2 Write 2 */
353 jsf_outl(p, 0x10101010); /* Chip erase */
354
355 #if 0
356 /*
357 * This code is ok, except that counter based timeout
358 * has no place in this world. Let's just drop timeouts...
359 */
360 {
361 int i;
362 __u32 x;
363 for (i = 0; i < 1000000; i++) {
364 x = jsf_inl(p);
365 if ((x & 0x80808080) == 0x80808080) break;
366 }
367 if ((x & 0x80808080) != 0x80808080) {
368 printk("jsf0: erase timeout with 0x%08x\n", x);
369 } else {
370 printk("jsf0: erase done with 0x%08x\n", x);
371 }
372 }
373 #else
374 jsf_wait(p);
375 #endif
376
377 return 0;
378 }
379
380 /*
381 * Program a block of flash.
382 * Very simple because we can do it byte by byte anyway.
383 */
jsf_ioctl_program(void __user * arg)384 static int jsf_ioctl_program(void __user *arg)
385 {
386 struct jsflash_program_arg abuf;
387 char __user *uptr;
388 unsigned long p;
389 unsigned int togo;
390 union {
391 unsigned int n;
392 char s[4];
393 } b;
394
395 if (copy_from_user(&abuf, arg, JSFPRGSZ))
396 return -EFAULT;
397 p = abuf.off;
398 togo = abuf.size;
399 if ((togo & 3) || (p & 3)) return -EINVAL;
400
401 uptr = (char __user *) (unsigned long) abuf.data;
402 while (togo != 0) {
403 togo -= 4;
404 if (copy_from_user(&b.s[0], uptr, 4))
405 return -EFAULT;
406 jsf_write4(p, b.n);
407 p += 4;
408 uptr += 4;
409 }
410
411 return 0;
412 }
413
jsf_ioctl(struct file * f,unsigned int cmd,unsigned long arg)414 static long jsf_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
415 {
416 mutex_lock(&jsf_mutex);
417 int error = -ENOTTY;
418 void __user *argp = (void __user *)arg;
419
420 if (!capable(CAP_SYS_ADMIN)) {
421 mutex_unlock(&jsf_mutex);
422 return -EPERM;
423 }
424 switch (cmd) {
425 case JSFLASH_IDENT:
426 if (copy_to_user(argp, &jsf0.id, JSFIDSZ)) {
427 mutex_unlock(&jsf_mutex);
428 return -EFAULT;
429 }
430 break;
431 case JSFLASH_ERASE:
432 error = jsf_ioctl_erase(arg);
433 break;
434 case JSFLASH_PROGRAM:
435 error = jsf_ioctl_program(argp);
436 break;
437 }
438
439 mutex_unlock(&jsf_mutex);
440 return error;
441 }
442
jsf_mmap(struct file * file,struct vm_area_struct * vma)443 static int jsf_mmap(struct file * file, struct vm_area_struct * vma)
444 {
445 return -ENXIO;
446 }
447
jsf_open(struct inode * inode,struct file * filp)448 static int jsf_open(struct inode * inode, struct file * filp)
449 {
450 mutex_lock(&jsf_mutex);
451 if (jsf0.base == 0) {
452 mutex_unlock(&jsf_mutex);
453 return -ENXIO;
454 }
455 if (test_and_set_bit(0, (void *)&jsf0.busy) != 0) {
456 mutex_unlock(&jsf_mutex);
457 return -EBUSY;
458 }
459
460 mutex_unlock(&jsf_mutex);
461 return 0; /* XXX What security? */
462 }
463
jsf_release(struct inode * inode,struct file * file)464 static int jsf_release(struct inode *inode, struct file *file)
465 {
466 jsf0.busy = 0;
467 return 0;
468 }
469
470 static const struct file_operations jsf_fops = {
471 .owner = THIS_MODULE,
472 .llseek = jsf_lseek,
473 .read = jsf_read,
474 .write = jsf_write,
475 .unlocked_ioctl = jsf_ioctl,
476 .mmap = jsf_mmap,
477 .open = jsf_open,
478 .release = jsf_release,
479 };
480
481 static struct miscdevice jsf_dev = { JSF_MINOR, "jsflash", &jsf_fops };
482
483 static const struct block_device_operations jsfd_fops = {
484 .owner = THIS_MODULE,
485 };
486
jsflash_init(void)487 static int jsflash_init(void)
488 {
489 int rc;
490 struct jsflash *jsf;
491 phandle node;
492 char banner[128];
493 struct linux_prom_registers reg0;
494
495 node = prom_getchild(prom_root_node);
496 node = prom_searchsiblings(node, "flash-memory");
497 if (node != 0 && (s32)node != -1) {
498 if (prom_getproperty(node, "reg",
499 (char *)®0, sizeof(reg0)) == -1) {
500 printk("jsflash: no \"reg\" property\n");
501 return -ENXIO;
502 }
503 if (reg0.which_io != 0) {
504 printk("jsflash: bus number nonzero: 0x%x:%x\n",
505 reg0.which_io, reg0.phys_addr);
506 return -ENXIO;
507 }
508 /*
509 * Flash may be somewhere else, for instance on Ebus.
510 * So, don't do the following check for IIep flash space.
511 */
512 #if 0
513 if ((reg0.phys_addr >> 24) != 0x20) {
514 printk("jsflash: suspicious address: 0x%x:%x\n",
515 reg0.which_io, reg0.phys_addr);
516 return -ENXIO;
517 }
518 #endif
519 if ((int)reg0.reg_size <= 0) {
520 printk("jsflash: bad size 0x%x\n", (int)reg0.reg_size);
521 return -ENXIO;
522 }
523 } else {
524 /* XXX Remove this code once PROLL ID12 got widespread */
525 printk("jsflash: no /flash-memory node, use PROLL >= 12\n");
526 prom_getproperty(prom_root_node, "banner-name", banner, 128);
527 if (strcmp (banner, "JavaStation-NC") != 0 &&
528 strcmp (banner, "JavaStation-E") != 0) {
529 return -ENXIO;
530 }
531 reg0.which_io = 0;
532 reg0.phys_addr = 0x20400000;
533 reg0.reg_size = 0x00800000;
534 }
535
536 /* Let us be really paranoid for modifications to probing code. */
537 if (sparc_cpu_model != sun4m) {
538 /* We must be on sun4m because we use MMU Bypass ASI. */
539 return -ENXIO;
540 }
541
542 if (jsf0.base == 0) {
543 jsf = &jsf0;
544
545 jsf->base = reg0.phys_addr;
546 jsf->size = reg0.reg_size;
547
548 /* XXX Redo the userland interface. */
549 jsf->id.off = JSF_BASE_ALL;
550 jsf->id.size = 0x01000000; /* 16M - all segments */
551 strcpy(jsf->id.name, "Krups_all");
552
553 jsf->dv[0].dbase = jsf->base;
554 jsf->dv[0].dsize = jsf->size;
555 jsf->dv[1].dbase = jsf->base + 1024;
556 jsf->dv[1].dsize = jsf->size - 1024;
557 jsf->dv[2].dbase = JSF_BASE_ALL;
558 jsf->dv[2].dsize = 0x01000000;
559
560 printk("Espresso Flash @0x%lx [%d MB]\n", jsf->base,
561 (int) (jsf->size / (1024*1024)));
562 }
563
564 if ((rc = misc_register(&jsf_dev)) != 0) {
565 printk(KERN_ERR "jsf: unable to get misc minor %d\n",
566 JSF_MINOR);
567 jsf0.base = 0;
568 return rc;
569 }
570
571 return 0;
572 }
573
jsfd_init(void)574 static int jsfd_init(void)
575 {
576 static DEFINE_SPINLOCK(lock);
577 struct jsflash *jsf;
578 struct jsfd_part *jdp;
579 int err;
580 int i;
581
582 if (jsf0.base == 0)
583 return -ENXIO;
584
585 err = -ENOMEM;
586 for (i = 0; i < JSF_MAX; i++) {
587 struct gendisk *disk = alloc_disk(1);
588 if (!disk)
589 goto out;
590 disk->queue = blk_init_queue(jsfd_do_request, &lock);
591 if (!disk->queue) {
592 put_disk(disk);
593 goto out;
594 }
595 blk_queue_bounce_limit(disk->queue, BLK_BOUNCE_HIGH);
596 jsfd_disk[i] = disk;
597 }
598
599 if (register_blkdev(JSFD_MAJOR, "jsfd")) {
600 err = -EIO;
601 goto out;
602 }
603
604 for (i = 0; i < JSF_MAX; i++) {
605 struct gendisk *disk = jsfd_disk[i];
606 if ((i & JSF_PART_MASK) >= JSF_NPART) continue;
607 jsf = &jsf0; /* actually, &jsfv[i >> JSF_PART_BITS] */
608 jdp = &jsf->dv[i&JSF_PART_MASK];
609
610 disk->major = JSFD_MAJOR;
611 disk->first_minor = i;
612 sprintf(disk->disk_name, "jsfd%d", i);
613 disk->fops = &jsfd_fops;
614 set_capacity(disk, jdp->dsize >> 9);
615 disk->private_data = jdp;
616 add_disk(disk);
617 set_disk_ro(disk, 1);
618 }
619 return 0;
620 out:
621 while (i--)
622 put_disk(jsfd_disk[i]);
623 return err;
624 }
625
626 MODULE_LICENSE("GPL");
627
jsflash_init_module(void)628 static int __init jsflash_init_module(void) {
629 int rc;
630
631 if ((rc = jsflash_init()) == 0) {
632 jsfd_init();
633 return 0;
634 }
635 return rc;
636 }
637
jsflash_cleanup_module(void)638 static void __exit jsflash_cleanup_module(void)
639 {
640 int i;
641
642 for (i = 0; i < JSF_MAX; i++) {
643 if ((i & JSF_PART_MASK) >= JSF_NPART) continue;
644 del_gendisk(jsfd_disk[i]);
645 blk_cleanup_queue(jsfd_disk[i]->queue);
646 put_disk(jsfd_disk[i]);
647 }
648 if (jsf0.busy)
649 printk("jsf0: cleaning busy unit\n");
650 jsf0.base = 0;
651 jsf0.busy = 0;
652
653 misc_deregister(&jsf_dev);
654 unregister_blkdev(JSFD_MAJOR, "jsfd");
655 }
656
657 module_init(jsflash_init_module);
658 module_exit(jsflash_cleanup_module);
659