Commit 59b356ff ("mtd: m25p80: restore the status of SPI flash when
exiting") is the latest from a long history of attempts to add reboot
handling to handle stateful addressing modes on SPI flash. Some prior
mostly-related discussions:

http://lists.infradead.org/pipermail/linux-mtd/2013-March/046343.html
[PATCH 1/3] mtd: m25p80: utilize dedicated 4-byte addressing commands

http://lists.infradead.org/pipermail/barebox/2014-September/020682.html
[RFC] MTD m25p80 3-byte addressing and boot problem

http://lists.infradead.org/pipermail/linux-mtd/2015-February/057683.html
[PATCH 2/2] m25p80: if supported put chip to deep power down if not used

Previously, attempts to add reboot-time software reset handling were
rejected, but the latest attempt was not.

Quick summary of the problem:
Some systems (e.g., boot ROM or bootloader) assume that they can read
initial boot code from their SPI flash using 3-byte addressing. If the
flash is left in 4-byte mode after reset, these systems won't boot. The
above patch provided a shutdown/remove hook to attempt to reset the
addressing mode before we reboot. Notably, this patch misses out on
huge classes of unexpected reboots (e.g., crashes, watchdog resets).

Unfortunately, it is essentially impossible to solve this problem 100%:
if your system doesn't know how to reset the SPI flash to power-on
defaults at initialization time, no amount of software can really rescue
you -- there will always be a chance of some unexpected reset that
leaves your flash in an addressing mode that your boot sequence didn't
expect.

While it is not directly harmful to perform hacks like the
aforementioned commit on all 4-byte addressing flash, a
properly-designed system should not need the hack -- and in fact,
providing this hack may mask the fact that a given system is indeed
broken. So this patch attempts to apply this unsound hack more narrowly,
providing a strong suggestion to developers and system designers that
this is truly a hack. With luck, system designers can catch their errors
early on in their development cycle, rather than applying this hack long
term. But apparently enough systems are out in the wild that we still
have to provide this hack.

Document a new device tree property to denote systems that do not have a
proper hardware (or software) reset mechanism, and apply the hack (with
a loud warning) only in this case.
Signed-off-by: NBrian Norris <computersforpeace@gmail.com>
Reviewed-by: NGuenter Roeck <linux@roeck-us.net>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

wait_for_completion_timeout returns an unsigned long not an int, so
let's check its return value directly instead of storing it in ret,
and avoid checking for negative values since this cannot happen.
Signed-off-by: NNicholas Mc Guire <hofrat@osadl.org>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

GPIO consumers now include <linux/gpio/consumer.h> instead of
<linux/gpio.h> if they can.
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

This driver doesn't specify parsers so it can use that little helper.
Signed-off-by: NRafał Miłecki <rafal@milecki.pl>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

The format specifier "%p" can leak kernel addresses.
Use "%pK" instead.
Signed-off-by: NBenjamin Gaignard <benjamin.gaignard@st.com>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

Implement suspend/resume hooks.
Signed-off-by: NClaudiu Beznea <claudiu.beznea@microchip.com>
Reviewed-by: NTudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

Sometimes when writing large size files to flash in direct/memory mapped
mode, it is seen that flash write enable command times out with error:
[  503.146293] cadence-qspi 47040000.ospi: Flash command execution timed out.

This is because, we need to make sure previous direct write operation
is complete by polling for IDLE bit in CONFIG_REG before starting the
next operation.

Fix this by polling for IDLE bit after memory mapped write.

Fixes: a27f2eaf ("mtd: spi-nor: cadence-quadspi: Add support for direct access mode")
Cc: stable@vger.kernel.org
Signed-off-by: NVignesh R <vigneshr@ti.com>
Reviewed-by: NMarek Vasut <marek.vasut@gmail.com>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

nxp_spifi_probe() increments refcnt of SPI flash device node by
of_get_next_available_child() and leaves it undecremented on both
successful and error paths.

Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: NAlexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

Replaces open-coded struct size calculations with struct_size() for
devm_*, f2fs_*, and sock_* allocations. Automatically generated (and
manually adjusted) from the following Coccinelle script:

// Direct reference to struct field.
@@
identifier alloc =~ "devm_kmalloc|devm_kzalloc|sock_kmalloc|f2fs_kmalloc|f2fs_kzalloc";
expression HANDLE;
expression GFP;
identifier VAR, ELEMENT;
expression COUNT;
@@

- alloc(HANDLE, sizeof(*VAR) + COUNT * sizeof(*VAR->ELEMENT), GFP)
+ alloc(HANDLE, struct_size(VAR, ELEMENT, COUNT), GFP)

// mr = kzalloc(sizeof(*mr) + m * sizeof(mr->map[0]), GFP_KERNEL);
@@
identifier alloc =~ "devm_kmalloc|devm_kzalloc|sock_kmalloc|f2fs_kmalloc|f2fs_kzalloc";
expression HANDLE;
expression GFP;
identifier VAR, ELEMENT;
expression COUNT;
@@

- alloc(HANDLE, sizeof(*VAR) + COUNT * sizeof(VAR->ELEMENT[0]), GFP)
+ alloc(HANDLE, struct_size(VAR, ELEMENT, COUNT), GFP)

// Same pattern, but can't trivially locate the trailing element name,
// or variable name.
@@
identifier alloc =~ "devm_kmalloc|devm_kzalloc|sock_kmalloc|f2fs_kmalloc|f2fs_kzalloc";
expression HANDLE;
expression GFP;
expression SOMETHING, COUNT, ELEMENT;
@@

- alloc(HANDLE, sizeof(SOMETHING) + COUNT * sizeof(ELEMENT), GFP)
+ alloc(HANDLE, CHECKME_struct_size(&SOMETHING, ELEMENT, COUNT), GFP)
Signed-off-by: NKees Cook <keescook@chromium.org>

Add support for Eon en25qh32 spi nor flash.
Signed-off-by: NYuheiOKAWA <tochiro.srchack@gmail.com>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

Added support for is25wp032, is25wp064 and is25wp128.
Signed-off-by: NKimmo Rautkoski <ext-kimmo.rautkoski@vaisala.com>
Reviewed-by: NMarek Vasut <marek.vasut@gmail.com>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

Datasheet:
https://www.winbond.com/resource-files/w25q32jv%20dtr%20revf%2002242017.pdf

Minimal testing done with fw_printenv/fw_setenv, test board did not
support dual or quad access.
Signed-off-by: NStephen Douthit <stephend@silicom-usa.com>
Tested-by: NStephen Douthit <stephend@silicom-usa.com>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

LS2080a/LS1088a supports Freescale Quad SPI controller.
Add fsl-quadspi driver support for ls2080a and ls1088a chip.
Signed-off-by: NSuresh Gupta <suresh.gupta@nxp.com>
Signed-off-by: NYogesh Gaur <yogeshnarayan.gaur@nxp.com>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

Commit a53e35db ("reset: Ensure drivers are explicit when requesting
reset lines") started to transition the reset control request API calls
to explicitly state whether the driver needs exclusive or shared reset
control behavior. Convert all drivers requesting exclusive resets to the
explicit API call so the temporary transition helpers can be removed.

No functional changes.

Cc: Cyrille Pitchen <cyrille.pitchen@wedev4u.fr>
Cc: Marek Vasut <marek.vasut@gmail.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Brian Norris <computersforpeace@gmail.com>
Cc: Boris Brezillon <boris.brezillon@free-electrons.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Maxime Coquelin <mcoquelin.stm32@gmail.com>
Cc: Alexandre Torgue <alexandre.torgue@st.com>
Cc: linux-mtd@lists.infradead.org
Signed-off-by: NPhilipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

The overall poll time here is INTEL_SPI_TIMEOUT * 1000 which is
5000 * 1000 - so 5seconds and it is coded as a tight loop here delay_us
to readl_poll_timeout() is set to 0. As this is never called in an atomic
context sleeping should be no issue and there is no reasons for the
tight-loop here.
Signed-off-by: NNicholas Mc Guire <der.herr@hofr.at>
Acked-by: NMika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

Fix api naming typo _init_ahb_read
fsl_qspi_init_abh_read --> fsl_qspi_init_ahb_read
Signed-off-by: NYogesh Gaur <yogeshnarayan.gaur@nxp.com>
Acked-by: NHan Xu <han.xu@nxp.com>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

The driver is not meant for normal users at all but instead such users
who really know what they are doing and are able to build their own
kernel to enable it. Mark both driver Kconfig entries as dangerous to
make sure the driver is not accidentally enabled without understanding
possible consequences in doing so.
Signed-off-by: NMika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

On many older systems using SW sequencer the PREOP_OPTYPE register
contains two preopcodes as following:

  PREOP_OPTYPE=0xf2785006

The last two bytes are the opcodes decoded to:

  0x50 - Write enable for volatile status register
  0x06 - Write enable

The former is used to modify volatile bits in the status register. For
non-volatile bits the latter is needed. Preopcodes are used in SW
sequencer to send one command "atomically" without anything else
interfering the transfer. The sequence that gets executed is:

  - Send preopcode (write enable) from PREOP_OPTYPE register
  - Send the actual SPI command
  - Poll busy bit in the status register (0x05, RDSR)

Commit 8c473dd6 ("spi-nor: intel-spi: Don't assume OPMENU0/1 to be
programmed by BIOS") enabled atomic sequence handling but because both
preopcodes are programmed, the following happens:

  if (preop >> 8)
  	val |= SSFSTS_CTL_SPOP;

Since on these systems preop >> 8 == 0x50 we end up picking volatile
write enable instead. Because of this the actual write command is pretty
much NOP unless there is a WREN latched in the chip already.

Furthermore we should not really just assume that WREN was issued in
previous call to intel_spi_write_reg() because that might not be the
case.

This updates driver to first check that the opcode is actually available
in PREOP_OPTYPE register and if not return error back to the spi-nor
core (if the controller is not locked we program it now). In addition we
save the opcode to ispi->atomic_preopcode field which is checked in next
call to intel_spi_sw_cycle() to actually enable atomic sequence using
the requested preopcode.

Fixes: 8c473dd6 ("spi-nor: intel-spi: Don't assume OPMENU0/1 to be programmed by BIOS")
Signed-off-by: NMika Westerberg <mika.westerberg@linux.intel.com>
Cc: stable@vger.kernel.org
Reviewed-by: NMarek Vasut <marek.vasut@gmail.com>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

The current Cadence QSPI driver caused a kernel panic when loading
a Root Filesystem from QSPI. The problem was caused by reading more
bytes than needed because the QSPI operated on 4 bytes at a time.
<snip>
[    7.947754] spi_nor_read[1048]:from 0x037cad74, len 1 [bfe07fff]
[    7.956247] cqspi_read[910]:offset 0x58502516, buffer=bfe07fff
[    7.956247]
[    7.966046] Unable to handle kernel paging request at virtual
address bfe08002
[    7.973239] pgd = eebfc000
[    7.975931] [bfe08002] *pgd=2fffb811, *pte=00000000, *ppte=00000000
</snip>
Notice above how only 1 byte needed to be read but by reading 4 bytes
into the end of a mapped page, an unrecoverable page fault occurred.

This patch uses a temporary buffer to hold the 4 bytes read and then
copies only the bytes required into the buffer. A min() function is
used to limit the length to prevent buffer overflows.

Request testing of this patch on other platforms. This was tested
on the Intel Arria10 SoCFPGA DevKit.

Fixes: 0cf17256 ("mtd: spi-nor: cqspi: Fix build on arches missing readsl/writesl")
Signed-off-by: NThor Thayer <thor.thayer@linux.intel.com>
Cc: <stable@vger.kernel.org>
Reviewed-by: NMarek Vasut <marek.vasut@gmail.com>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

Remove dependencies on HAS_DMA where a Kconfig symbol depends on another
symbol that implies HAS_DMA, and, optionally, on "|| COMPILE_TEST".
In most cases this other symbol is an architecture or platform specific
symbol, or PCI.

Generic symbols and drivers without platform dependencies keep their
dependencies on HAS_DMA, to prevent compiling subsystems or drivers that
cannot work anyway.

This simplifies the dependencies, and allows to improve compile-testing.
Signed-off-by: NGeert Uytterhoeven <geert@linux-m68k.org>
Reviewed-by: NMark Brown <broonie@kernel.org>
Acked-by: NRobin Murphy <robin.murphy@arm.com>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

Winbond spi-nor flash 32MB and larger have an 'Extended Address
Register' as one option for addressing beyond 16MB (Macronix
has the same concept, Spansion has EXTADD bits in the Bank Address
Register).

According to section
   8.2.7 Write Extended Address Register (C5h)

of the Winbond W25Q256FV data sheet (256M-BIT SPI flash)

   The Extended Address Register is only effective when the device is
   in the 3-Byte Address Mode.  When the device operates in the 4-Byte
   Address Mode (ADS=1), any command with address input of A31-A24
   will replace the Extended Address Register values. It is
   recommended to check and update the Extended Address Register if
   necessary when the device is switched from 4-Byte to 3-Byte Address
   Mode.

So the documentation suggests clearing the EAR after switching to
3-byte mode.  Experimentation shows that the EAR is *always* one after
the switch to 3-byte mode, so clearing the EAR is mandatory at
shutdown for a subsequent 3-byte-addressed reboot to work.

Note that some SOCs (e.g. MT7621) do not assert a reset line at normal
reboot, so we cannot rely on hardware reset.  The MT7621 does assert a
reset line at watchdog-reset.
Acked-by: NMarek Vasut <marek.vasut@gmail.com>
Signed-off-by: NNeilBrown <neil@brown.name>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

These devices are produced by Wuhan Xinxin Semiconductor Manufacturing
Corp. (XMC) and found on some routers from Chinese manufactures.

The data sheets can be found here:
http://www.xmcwh.com/Uploads/2018-03-01/5a9799e4cb355.pdf
http://www.xmcwh.com/Uploads/2018-02-05/5a77e6dbe968b.pdfSigned-off-by: NHauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: NMarek Vasut <marek.vasut@gmail.com>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

Using generic names such as get_if_type() is frowned
upon: it suggests a core function (which is not),
and then it makes code navigation harder.

Given drivers are often used as starting point
to write other drivers, generic names tend to spread
like the flu. Cure the problem.
Signed-off-by: NEzequiel Garcia <ezequiel@collabora.com>
Reviewed-by: NMarek Vasut <marek.vasut@gmail.com>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

Add support to use DMA over memory mapped reads in direct mode. This
helps in reducing CPU usage from ~100% to ~10% when reading data from
flash. For non-DMA'able/vmalloc'd buffers, driver just falls back to CPU
based memcpy.
Signed-off-by: NVignesh R <vigneshr@ti.com>
Reviewed-by: NMarek Vasut <marek.vasut@gmail.com>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

Add support for ISSI is25lp256 spi nor flash.
Signed-off-by: NMarek Vasut <marex@denx.de>
Cc: Angelo Dureghello <angelo@sysam.it>
Cc: Boris Brezillon <boris.brezillon@free-electrons.com>
Cc: Cyrille Pitchen <cyrille.pitchen@wedev4u.fr>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

Add support for a new Micron 2Gb Flash memory part.
Datasheet is available: mt25q_qlkt_l_02g_cbb_0.pdf

Testing was done on a Stratix10 SoCFPGA Development Kit.
Reported-by: NSujith Chidurala <sujith.chakra.chidurala@intel.com>
Tested-by: NPaul Kim <paul.kim@intel.com>
Signed-off-by: NThor Thayer <thor.thayer@linux.intel.com>
Acked-by: NMarek Vasut <marek.vasut@gmail.com>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

Currently on a imx6sx-sdb board, which has two SPI NOR chips connected
to QSPI2 the following output from /proc/mtd is seen:

dev:    size   erasesize  name
mtd0: 01000000 00010000 "21e4000.qspi"
mtd1: 01000000 00010000 "21e4000.qspi"

Attempts to partition them on the kernel command line result in both
chips with identical (and identically named) partitions, which is
an inconvenient behavior.

Assign a different mtd->name for each mtd device to avoid this problem.

After this change the output from /proc/mtd becomes:

dev:    size   erasesize  name
mtd0: 01000000 00010000 "21e4000.qspi-0"
mtd1: 01000000 00010000 "21e4000.qspi-1"

In order to keep mtdparts compatibility keep the mtd->name
unchanged when a single SPI NOR is present.
Reported-by: NDavid Wolfe <david.wolfe@nxp.com>
Signed-off-by: NFabio Estevam <fabio.estevam@nxp.com>
Reviewed-by: NBoris Brezillon <boris.brezillon@free-electrons.com>
Acked-by: NHan Xu <han.xu@nxp.com>
Signed-off-by: NCyrille Pitchen <cyrille.pitchen@wedev4u.fr>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>

platform_driver_register() takes care of assigning driver->bus
to &platform_bus_type, no need to explicitly assign it in the driver.
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>
Acked-by: NHan Xu <han.xu@nxp.com>
Signed-off-by: NCyrille Pitchen <cyrille.pitchen@wedev4u.fr>

MTD users are no longer checking erase_info->state to determine if the
erase operation failed or succeeded. Moreover, mtd_erase_callback() is
now a NOP.

We can safely get rid of all mtd_erase_callback() calls and all
erase_info->state assignments. While at it, get rid of the
erase_info->state field, all MTD_ERASE_XXX definitions and the
mtd_erase_callback() function.
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>
Reviewed-by: NRichard Weinberger <richard@nod.at>
Reviewed-by: NMiquel Raynal <miquel.raynal@bootlin.com>
Acked-by: NBert Kenward <bkenward@solarflare.com>
---
Changes in v2:
- Address a few coding style issues (reported by Miquel)
- Remove comments that are no longer valid (reported by Miquel)

Since more and more Mediatek's SoC can use this driver to
control spi-nor flash, functions' name with "mt8173_" is
no longer properly. Replacing "mt8173_" with "mtk_" will
be more accurate to describe these functions' usable scope.
Signed-off-by: NGuochun Mao <guochun.mao@mediatek.com>
Signed-off-by: NCyrille Pitchen <cyrille.pitchen@wedev4u.fr>

This field is not used in the driver anymore so remove it.
Signed-off-by: NMika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: NCyrille Pitchen <cyrille.pitchen@wedev4u.fr>

This driver creates a number of const structures that it stores in the
data field of an of_device_id array.

The data field of an of_device_id structure has type const void *, so
there is no need for a const-discarding cast when putting const values
into such a structure.

Done using Coccinelle.
Signed-off-by: NJulia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: NCyrille Pitchen <cyrille.pitchen@wedev4u.fr>

Cadence QSPI controller provides direct access mode through which flash
can be accessed in a memory-mapped IO mode. This enables read/write to
flash using memcpy*() functions. This mode provides higher throughput
for both read/write operations when compared to current indirect mode of
operation.

This patch therefore adds support to use QSPI in direct mode. If the
window reserved in SoC's memory map for MMIO access is less that of
flash size(like on most SoCFPGA variants), then the driver falls back
to indirect mode of operation.

On TI's 66AK2G SoC, with ARM running at 600MHz and QSPI at 96MHz
switching to direct mode improves read throughput from 3MB/s to 8MB/s.
Signed-off-by: NVignesh R <vigneshr@ti.com>
Signed-off-by: NCyrille Pitchen <cyrille.pitchen@wedev4u.fr>

Move configuring of indirect read/write start address to
cqspi_indirect_*_execute() function and rename cqspi_indirect_*_setup()
function. This will help to reuse cqspi_indirect_*_setup() function for
supporting direct access mode.
Signed-off-by: NVignesh R <vigneshr@ti.com>
Signed-off-by: NCyrille Pitchen <cyrille.pitchen@wedev4u.fr>

Add support for a new ISSI 1MB SPI NOR chip that was tested in our lab.
Datasheet is available at: http://www.issi.com/WW/pdf/25LP-WP080D.pdf

Testing was done only without the SPI_NOR_{DUAL,QUAD}_READ flags that
were added later, according to the datasheet.
Tested-by: NPascal Fabreges <pascal.fabreges@nokia.com>
Reviewed-by: NAlexander Sverdlin <alexander.sverdlin@nokia.com>
Signed-off-by: NRomain Porte <romain.porte@nokia.com>
Signed-off-by: NCyrille Pitchen <cyrille.pitchen@wedev4u.fr>

They are exactly the same as the s25fl064l but bigger.
Signed-off-by: NRafael Gago Castano <rgc@hms.se>
Signed-off-by: NCyrille Pitchen <cyrille.pitchen@wedev4u.fr>

Signed-off-by: NSean Nyekjaer <sean.nyekjaer@prevas.dk>
Signed-off-by: NCyrille Pitchen <cyrille.pitchen@wedev4u.fr>

Signed-off-by: NSean Nyekjaer <sean.nyekjaer@prevas.dk>
Signed-off-by: NCyrille Pitchen <cyrille.pitchen@wedev4u.fr>

Add this API to restore the status of SPI flash chip to the default
such as addressing mode, whenever detach the driver from device or
reboot the system.
Signed-off-by: NHou Zhiqiang <Zhiqiang.Hou@nxp.com>
Signed-off-by: NCyrille Pitchen <cyrille.pitchen@wedev4u.fr>

Previously, the lock and unlock functions returned success even if the
BP bits were not actually updated in the status register due to
hardware write protection. Introduce write_sr_and_check() to write and
read back the status register to ensure the desired BP bits are
actually set as requested.
Signed-off-by: NJoe Schultz <jschultz@xes-inc.com>
Signed-off-by: NAaron Sierra <asierra@xes-inc.com>
Signed-off-by: NCyrille Pitchen <cyrille.pitchen@wedev4u.fr>