OpenE2K
/
qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity

Implement the following AMD command-set parallel flash functionality: 

- nonuniform sector sizes;
 - erase suspend/resume commands; and
 - multi-sector erase.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJdGqtJAAoJEOPjLCzercDeGd0QANou9wpaLn7qVFw+wn611YWZ
 gHK51tl1AxA9eRMnYxpLAJAva/WfTsbMxhEwzombfM6AjC359cgB34j8DSDKFybz
 9kDippnc/YmG0DOF/7IGeds51zsVzTzaAePYnrcvUtFC5Tb9SxBOeEiX7LJ2bXjB
 HHFJO6rYfXdaHrzRyCa+2Af8yQvL8vyUVhbB/9QZVIeyMoQ7BT8sy5XgQiMamyr2
 cSW38fDJzBXD7u+QxvsNxJ2xACrmE4CMGatME7wrLP3WHciZSV6H7jrzuMDuzcig
 GnPZ0+2jQw0S9zH8mKYDEYPuSDb7vgyy+rKAjrC8E6OxHTPyFTR6s8Qe2AVmMHfp
 noDrhrB5roi/DufVvR8aN6ZZV6indzy1LGQYJ2mu7PPO8eKfMzRtFA9Jh7aegbUb
 uRgecQZkf7iuPiMCDU902frswtd7TcXDBi4BPwJo6HyPiCOH/6T3lkVzuD6Hlf75
 GjVmHfXjw2JNxk0vATokKNx+S1IjhPzROuUx/oiSvccHul5v3hU9cw7cMtBZEeIa
 OuDdUEn+roiVO/oEWPkwlpxSBzRyEzbTSatgHbEn2OOiWR7q2F99Uj8dm3XEBili
 SZNIgQ6XSHUbjKJ2IAyVHq8p946QisI5zi1T4I6P5e+vkYa2sdt8Ic3h6EiS2UG5
 nbL7XsKtdmWZglo/NpGn
 =3gnR
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd-gitlab/tags/pflash-next-20190701' into staging

Implement the following AMD command-set parallel flash functionality:
- nonuniform sector sizes;
- erase suspend/resume commands; and
- multi-sector erase.

# gpg: Signature made Tue 02 Jul 2019 01:54:33 BST
# gpg:                using RSA key E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd-gitlab/tags/pflash-next-20190701: (27 commits)
  hw/block/pflash_cfi02: Reduce I/O accesses to 16-bit
  hw/block/pflash_cfi02: Document commands
  hw/block/pflash_cfi02: Use chip erase time specified in the CFI table
  hw/block/pflash_cfi02: Implement erase suspend/resume
  hw/block/pflash_cfi02: Implement multi-sector erase
  hw/block/pflash_cfi02: Fix reset command not ignored during erase
  hw/block/pflash_cfi02: Fix CFI in autoselect mode
  hw/block/pflash_cfi02: Split if() condition
  hw/block/pflash_cfi02: Extract pflash_regions_count()
  hw/block/pflash_cfi02: Implement nonuniform sector sizes
  hw/block/pflash_cfi02: Document 'Page Mode' operations are not supported
  hw/block/pflash_cfi02: Hold the PRI table offset in a variable
  hw/block/pflash_cfi02: Document the current CFI values
  hw/block/pflash_cfi02: Remove pointless local variable
  tests/pflash-cfi02: Refactor to support testing multiple configurations
  hw/block/pflash_cfi02: Fix command address comparison
  hw/block/pflash_cfi02: Unify the MemoryRegionOps
  hw/block/pflash_cfi02: Extract the pflash_data_read() function
  hw/block/pflash_cfi02: Use the ldst API in pflash_read()
  hw/block/pflash_cfi02: Use the ldst API in pflash_write()
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Peter Maydell 2019-07-02 18:22:17 +01:00
parent bf1b9edeb0 3ae0343db6
commit efa85a4d1a
5 changed files with 1172 additions and 233 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
hw/block/pflash_cfi01.c
View File

@ -248,7 +248,6 @@ static uint32_t pflash_data_read(PFlashCFI01 *pfl, hwaddr offset,
switch (width) {
case 1:
ret = p[offset];
trace_pflash_data_read8(offset, ret);
break;
case 2:
if (be) {
@ -258,7 +257,6 @@ static uint32_t pflash_data_read(PFlashCFI01 *pfl, hwaddr offset,
ret = p[offset];
ret |= p[offset + 1] << 8;
}
trace_pflash_data_read16(offset, ret);
break;
case 4:
if (be) {
@ -272,12 +270,12 @@ static uint32_t pflash_data_read(PFlashCFI01 *pfl, hwaddr offset,
ret |= p[offset + 2] << 16;
ret |= p[offset + 3] << 24;
}
trace_pflash_data_read32(offset, ret);
break;
default:
DPRINTF("BUG in %s\n", __func__);
abort();
}
trace_pflash_data_read(offset, width << 1, ret);
return ret;
}
@ -288,7 +286,6 @@ static uint32_t pflash_read(PFlashCFI01 *pfl, hwaddr offset,
uint32_t ret;
ret = -1;
trace_pflash_read(offset, pfl->cmd, width, pfl->wcycle);
switch (pfl->cmd) {
default:
/* This should never happen : reset state & treat it as a read */
@ -391,6 +388,8 @@ static uint32_t pflash_read(PFlashCFI01 *pfl, hwaddr offset,
break;
}
trace_pflash_io_read(offset, width, width << 1, ret, pfl->cmd, pfl->wcycle);
return ret;
}
@ -414,7 +413,7 @@ static inline void pflash_data_write(PFlashCFI01 *pfl, hwaddr offset,
{
uint8_t *p = pfl->storage;
trace_pflash_data_write(offset, value, width, pfl->counter);
trace_pflash_data_write(offset, width << 1, value, pfl->counter);
switch (width) {
case 1:
p[offset] = value;
@ -453,7 +452,7 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
cmd = value;
trace_pflash_write(offset, value, width, pfl->wcycle);
trace_pflash_io_write(offset, width, width << 1, value, pfl->wcycle);
if (!pfl->wcycle) {
/* Set the device in I/O access mode */
memory_region_rom_device_set_romd(&pfl->mem, false);

701
hw/block/pflash_cfi02.c
View File

@ -29,10 +29,7 @@
* - CFI queries
*
* It does not support flash interleaving.
* It does not implement boot blocs with reduced size
* It does not implement software data protection as found in many real chips
* It does not implement erase suspend/resume commands
* It does not implement multiple sectors erase
*/
#include "qemu/osdep.h"
@ -40,6 +37,7 @@
#include "hw/block/block.h"
#include "hw/block/flash.h"
#include "qapi/error.h"
#include "qemu/bitmap.h"
#include "qemu/timer.h"
#include "sysemu/block-backend.h"
#include "qemu/host-utils.h"
@ -47,26 +45,40 @@
#include "hw/sysbus.h"
#include "trace.h"
//#define PFLASH_DEBUG
#ifdef PFLASH_DEBUG
#define PFLASH_DEBUG false
#define DPRINTF(fmt, ...) \
do { \
fprintf(stderr, "PFLASH: " fmt , ## __VA_ARGS__); \
if (PFLASH_DEBUG) { \
fprintf(stderr, "PFLASH: " fmt, ## __VA_ARGS__); \
} \
} while (0)
#else
#define DPRINTF(fmt, ...) do { } while (0)
#endif
#define PFLASH_LAZY_ROMD_THRESHOLD 42
/*
* The size of the cfi_table indirectly depends on this and the start of the
* PRI table directly depends on it. 4 is the maximum size (and also what
* seems common) without changing the PRT table address.
*/
#define PFLASH_MAX_ERASE_REGIONS 4
/* Special write cycles for CFI queries. */
enum {
WCYCLE_CFI = 7,
WCYCLE_AUTOSELECT_CFI = 8,
};
struct PFlashCFI02 {
/*< private >*/
SysBusDevice parent_obj;
/*< public >*/
BlockBackend *blk;
uint32_t sector_len;
uint32_t nb_blocs;
uint32_t uniform_nb_blocs;
uint32_t uniform_sector_len;
uint32_t total_sectors;
uint32_t nb_blocs[PFLASH_MAX_ERASE_REGIONS];
uint32_t sector_len[PFLASH_MAX_ERASE_REGIONS];
uint32_t chip_len;
uint8_t mappings;
uint8_t width;
@ -83,7 +95,7 @@ struct PFlashCFI02 {
uint16_t ident3;
uint16_t unlock_addr0;
uint16_t unlock_addr1;
uint8_t cfi_table[0x52];
uint8_t cfi_table[0x4d];
QEMUTimer timer;
/* The device replicates the flash memory across its memory space. Emulate
* that by having a container (.mem) filled with an array of aliases
@ -94,10 +106,62 @@ struct PFlashCFI02 {
MemoryRegion orig_mem;
int rom_mode;
int read_counter; /* used for lazy switch-back to rom mode */
int sectors_to_erase;
uint64_t erase_time_remaining;
unsigned long *sector_erase_map;
char *name;
void *storage;
};
/*
* Toggle status bit DQ7.
*/
static inline void toggle_dq7(PFlashCFI02 *pfl)
{
pfl->status ^= 0x80;
}
/*
* Set status bit DQ7 to bit 7 of value.
*/
static inline void set_dq7(PFlashCFI02 *pfl, uint8_t value)
{
pfl->status &= 0x7F;
pfl->status |= value & 0x80;
}
/*
* Toggle status bit DQ6.
*/
static inline void toggle_dq6(PFlashCFI02 *pfl)
{
pfl->status ^= 0x40;
}
/*
* Turn on DQ3.
*/
static inline void assert_dq3(PFlashCFI02 *pfl)
{
pfl->status |= 0x08;
}
/*
* Turn off DQ3.
*/
static inline void reset_dq3(PFlashCFI02 *pfl)
{
pfl->status &= ~0x08;
}
/*
* Toggle status bit DQ2.
*/
static inline void toggle_dq2(PFlashCFI02 *pfl)
{
pfl->status ^= 0x04;
}
/*
* Set up replicated mappings of the same region.
*/
@ -121,13 +185,63 @@ static void pflash_register_memory(PFlashCFI02 *pfl, int rom_mode)
pfl->rom_mode = rom_mode;
}
static void pflash_timer (void *opaque)
static size_t pflash_regions_count(PFlashCFI02 *pfl)
{
return pfl->cfi_table[0x2c];
}
/*
* Returns the time it takes to erase the number of sectors scheduled for
* erasure based on CFI address 0x21 which is "Typical timeout per individual
* block erase 2^N ms."
*/
static uint64_t pflash_erase_time(PFlashCFI02 *pfl)
{
/*
* If there are no sectors to erase (which can happen if all of the sectors
* to be erased are protected), then erase takes 100 us. Protected sectors
* aren't supported so this should never happen.
*/
return ((1ULL << pfl->cfi_table[0x21]) * pfl->sectors_to_erase) * SCALE_US;
}
/*
* Returns true if the device is currently in erase suspend mode.
*/
static inline bool pflash_erase_suspend_mode(PFlashCFI02 *pfl)
{
return pfl->erase_time_remaining > 0;
}
static void pflash_timer(void *opaque)
{
PFlashCFI02 *pfl = opaque;
trace_pflash_timer_expired(pfl->cmd);
if (pfl->cmd == 0x30) {
/*
* Sector erase. If DQ3 is 0 when the timer expires, then the 50
* us erase timeout has expired so we need to start the timer for the
* sector erase algorithm. Otherwise, the erase completed and we should
* go back to read array mode.
*/
if ((pfl->status & 0x08) == 0) {
assert_dq3(pfl);
uint64_t timeout = pflash_erase_time(pfl);
timer_mod(&pfl->timer,
qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + timeout);
DPRINTF("%s: erase timeout fired; erasing %d sectors\n",
__func__, pfl->sectors_to_erase);
return;
}
DPRINTF("%s: sector erase complete\n", __func__);
bitmap_zero(pfl->sector_erase_map, pfl->total_sectors);
pfl->sectors_to_erase = 0;
reset_dq3(pfl);
}
/* Reset flash */
pfl->status ^= 0x80;
toggle_dq7(pfl);
if (pfl->bypass) {
pfl->wcycle = 2;
} else {
@ -137,15 +251,63 @@ static void pflash_timer (void *opaque)
pfl->cmd = 0;
}
static uint32_t pflash_read(PFlashCFI02 *pfl, hwaddr offset,
int width, int be)
/*
* Read data from flash.
*/
static uint64_t pflash_data_read(PFlashCFI02 *pfl, hwaddr offset,
unsigned int width)
{
uint8_t *p = (uint8_t *)pfl->storage + offset;
uint64_t ret = pfl->be ? ldn_be_p(p, width) : ldn_le_p(p, width);
trace_pflash_data_read(offset, width << 1, ret);
return ret;
}
typedef struct {
uint32_t len;
uint32_t num;
} SectorInfo;
/*
* offset should be a byte offset of the QEMU device and _not_ a device
* offset.
*/
static SectorInfo pflash_sector_info(PFlashCFI02 *pfl, hwaddr offset)
{
assert(offset < pfl->chip_len);
hwaddr addr = 0;
uint32_t sector_num = 0;
for (int i = 0; i < pflash_regions_count(pfl); ++i) {
uint64_t region_size = (uint64_t)pfl->nb_blocs[i] * pfl->sector_len[i];
if (addr <= offset && offset < addr + region_size) {
return (SectorInfo) {
.len = pfl->sector_len[i],
.num = sector_num + (offset - addr) / pfl->sector_len[i],
};
}
sector_num += pfl->nb_blocs[i];
addr += region_size;
}
abort();
}
/*
* Returns true if the offset refers to a flash sector that is currently being
* erased.
*/
static bool pflash_sector_is_erasing(PFlashCFI02 *pfl, hwaddr offset)
{
long sector_num = pflash_sector_info(pfl, offset).num;
return test_bit(sector_num, pfl->sector_erase_map);
}
static uint64_t pflash_read(void *opaque, hwaddr offset, unsigned int width)
{
PFlashCFI02 *pfl = opaque;
hwaddr boff;
uint32_t ret;
uint8_t *p;
uint64_t ret;
ret = -1;
trace_pflash_read(offset, pfl->cmd, width, pfl->wcycle);
/* Lazy reset to ROMD mode after a certain amount of read accesses */
if (!pfl->rom_mode && pfl->wcycle == 0 &&
++pfl->read_counter > PFLASH_LAZY_ROMD_THRESHOLD) {
@ -153,10 +315,9 @@ static uint32_t pflash_read(PFlashCFI02 *pfl, hwaddr offset,
}
offset &= pfl->chip_len - 1;
boff = offset & 0xFF;
if (pfl->width == 2)
if (pfl->width == 2) {
boff = boff >> 1;
else if (pfl->width == 4)
boff = boff >> 2;
}
switch (pfl->cmd) {
default:
/* This should never happen : reset state & treat it as a read*/
@ -164,45 +325,22 @@ static uint32_t pflash_read(PFlashCFI02 *pfl, hwaddr offset,
pfl->wcycle = 0;
pfl->cmd = 0;
/* fall through to the read code */
case 0x80:
case 0x80: /* Erase (unlock) */
/* We accept reads during second unlock sequence... */
case 0x00:
flash_read:
/* Flash area read */
p = pfl->storage;
switch (width) {
case 1:
ret = p[offset];
trace_pflash_data_read8(offset, ret);
break;
case 2:
if (be) {
ret = p[offset] << 8;
ret |= p[offset + 1];
} else {
ret = p[offset];
ret |= p[offset + 1] << 8;
}
trace_pflash_data_read16(offset, ret);
break;
case 4:
if (be) {
ret = p[offset] << 24;
ret |= p[offset + 1] << 16;
ret |= p[offset + 2] << 8;
ret |= p[offset + 3];
} else {
ret = p[offset];
ret |= p[offset + 1] << 8;
ret |= p[offset + 2] << 16;
ret |= p[offset + 3] << 24;
}
trace_pflash_data_read32(offset, ret);
if (pflash_erase_suspend_mode(pfl) &&
pflash_sector_is_erasing(pfl, offset)) {
/* Toggle bit 2, but not 6. */
toggle_dq2(pfl);
/* Status register read */
ret = pfl->status;
DPRINTF("%s: status %" PRIx64 "\n", __func__, ret);
break;
}
/* Flash area read */
ret = pflash_data_read(pfl, offset, width);
break;
case 0x90:
/* flash ID read */
case 0x90: /* flash ID read */
switch (boff) {
case 0x00:
case 0x01:
@ -214,23 +352,25 @@ static uint32_t pflash_read(PFlashCFI02 *pfl, hwaddr offset,
case 0x0E:
case 0x0F:
ret = boff & 0x01 ? pfl->ident3 : pfl->ident2;
if (ret == (uint8_t)-1) {
goto flash_read;
if (ret != (uint8_t)-1) {
break;
}
break;
/* Fall through to data read. */
default:
goto flash_read;
ret = pflash_data_read(pfl, offset, width);
}
DPRINTF("%s: ID " TARGET_FMT_plx " %x\n", __func__, boff, ret);
DPRINTF("%s: ID " TARGET_FMT_plx " %" PRIx64 "\n", __func__, boff, ret);
break;
case 0xA0:
case 0x10:
case 0x30:
case 0x10: /* Chip Erase */
case 0x30: /* Sector Erase */
/* Toggle bit 2 during erase, but not program. */
toggle_dq2(pfl);
case 0xA0: /* Program */
/* Toggle bit 6 */
toggle_dq6(pfl);
/* Status register read */
ret = pfl->status;
DPRINTF("%s: status %x\n", __func__, ret);
/* Toggle bit 6 */
pfl->status ^= 0x40;
DPRINTF("%s: status %" PRIx64 "\n", __func__, ret);
break;
case 0x98:
/* CFI query mode */
@ -241,13 +381,13 @@ static uint32_t pflash_read(PFlashCFI02 *pfl, hwaddr offset,
}
break;
}
trace_pflash_io_read(offset, width, width << 1, ret, pfl->cmd, pfl->wcycle);
return ret;
}
/* update flash content on disk */
static void pflash_update(PFlashCFI02 *pfl, int offset,
int size)
static void pflash_update(PFlashCFI02 *pfl, int offset, int size)
{
int offset_end;
if (pfl->blk) {
@ -260,31 +400,56 @@ static void pflash_update(PFlashCFI02 *pfl, int offset,
}
}
static void pflash_write(PFlashCFI02 *pfl, hwaddr offset,
uint32_t value, int width, int be)
static void pflash_sector_erase(PFlashCFI02 *pfl, hwaddr offset)
{
SectorInfo sector_info = pflash_sector_info(pfl, offset);
uint64_t sector_len = sector_info.len;
offset &= ~(sector_len - 1);
DPRINTF("%s: start sector erase at %0*" PRIx64 "-%0*" PRIx64 "\n",
__func__, pfl->width * 2, offset,
pfl->width * 2, offset + sector_len - 1);
if (!pfl->ro) {
uint8_t *p = pfl->storage;
memset(p + offset, 0xff, sector_len);
pflash_update(pfl, offset, sector_len);
}
set_dq7(pfl, 0x00);
++pfl->sectors_to_erase;
set_bit(sector_info.num, pfl->sector_erase_map);
/* Set (or reset) the 50 us timer for additional erase commands. */
timer_mod(&pfl->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 50000);
}
static void pflash_write(void *opaque, hwaddr offset, uint64_t value,
unsigned int width)
{
PFlashCFI02 *pfl = opaque;
hwaddr boff;
uint8_t *p;
uint8_t cmd;
trace_pflash_io_write(offset, width, width << 1, value, pfl->wcycle);
cmd = value;
if (pfl->cmd != 0xA0 && cmd == 0xF0) {
#if 0
DPRINTF("%s: flash reset asked (%02x %02x)\n",
__func__, pfl->cmd, cmd);
#endif
goto reset_flash;
if (pfl->cmd != 0xA0) {
/* Reset does nothing during chip erase and sector erase. */
if (cmd == 0xF0 && pfl->cmd != 0x10 && pfl->cmd != 0x30) {
if (pfl->wcycle == WCYCLE_AUTOSELECT_CFI) {
/* Return to autoselect mode. */
pfl->wcycle = 3;
pfl->cmd = 0x90;
return;
}
goto reset_flash;
}
}
trace_pflash_write(offset, value, width, pfl->wcycle);
offset &= pfl->chip_len - 1;
DPRINTF("%s: offset " TARGET_FMT_plx " %08x %d\n", __func__,
offset, value, width);
boff = offset & (pfl->sector_len - 1);
if (pfl->width == 2)
boff = offset;
if (pfl->width == 2) {
boff = boff >> 1;
else if (pfl->width == 4)
boff = boff >> 2;
}
/* Only the least-significant 11 bits are used in most cases. */
boff &= 0x7FF;
switch (pfl->wcycle) {
case 0:
/* Set the device in I/O access mode if required */
@ -294,12 +459,30 @@ static void pflash_write(PFlashCFI02 *pfl, hwaddr offset,
/* We're in read mode */
check_unlock0:
if (boff == 0x55 && cmd == 0x98) {
enter_CFI_mode:
/* Enter CFI query mode */
pfl->wcycle = 7;
pfl->wcycle = WCYCLE_CFI;
pfl->cmd = 0x98;
return;
}
/* Handle erase resume in erase suspend mode, otherwise reset. */
if (cmd == 0x30) { /* Erase Resume */
if (pflash_erase_suspend_mode(pfl)) {
/* Resume the erase. */
timer_mod(&pfl->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
pfl->erase_time_remaining);
pfl->erase_time_remaining = 0;
pfl->wcycle = 6;
pfl->cmd = 0x30;
set_dq7(pfl, 0x00);
assert_dq3(pfl);
return;
}
goto reset_flash;
}
/* Ignore erase suspend. */
if (cmd == 0xB0) { /* Erase Suspend */
return;
}
if (boff != pfl->unlock_addr0 || cmd != 0xAA) {
DPRINTF("%s: unlock0 failed " TARGET_FMT_plx " %02x %04x\n",
__func__, boff, cmd, pfl->unlock_addr0);
@ -328,9 +511,9 @@ static void pflash_write(PFlashCFI02 *pfl, hwaddr offset,
case 0x20:
pfl->bypass = 1;
goto do_bypass;
case 0x80:
case 0x90:
case 0xA0:
case 0x80: /* Erase */
case 0x90: /* Autoselect */
case 0xA0: /* Program */
pfl->cmd = cmd;
DPRINTF("%s: starting command %02x\n", __func__, cmd);
break;
@ -341,57 +524,54 @@ static void pflash_write(PFlashCFI02 *pfl, hwaddr offset,
break;
case 3:
switch (pfl->cmd) {
case 0x80:
case 0x80: /* Erase */
/* We need another unlock sequence */
goto check_unlock0;
case 0xA0:
trace_pflash_data_write(offset, value, width, 0);
p = pfl->storage;
if (!pfl->ro) {
switch (width) {
case 1:
p[offset] &= value;
pflash_update(pfl, offset, 1);
break;
case 2:
if (be) {
p[offset] &= value >> 8;
p[offset + 1] &= value;
} else {
p[offset] &= value;
p[offset + 1] &= value >> 8;
}
pflash_update(pfl, offset, 2);
break;
case 4:
if (be) {
p[offset] &= value >> 24;
p[offset + 1] &= value >> 16;
p[offset + 2] &= value >> 8;
p[offset + 3] &= value;
} else {
p[offset] &= value;
p[offset + 1] &= value >> 8;
p[offset + 2] &= value >> 16;
p[offset + 3] &= value >> 24;
}
pflash_update(pfl, offset, 4);
break;
case 0xA0: /* Program */
if (pflash_erase_suspend_mode(pfl) &&
pflash_sector_is_erasing(pfl, offset)) {
/* Ignore writes to erasing sectors. */
if (pfl->bypass) {
goto do_bypass;
}
goto reset_flash;
}
pfl->status = 0x00 | ~(value & 0x80);
trace_pflash_data_write(offset, width << 1, value, 0);
if (!pfl->ro) {
p = (uint8_t *)pfl->storage + offset;
if (pfl->be) {
uint64_t current = ldn_be_p(p, width);
stn_be_p(p, width, current & value);
} else {
uint64_t current = ldn_le_p(p, width);
stn_le_p(p, width, current & value);
}
pflash_update(pfl, offset, width);
}
/*
* While programming, status bit DQ7 should hold the opposite
* value from how it was programmed.
*/
set_dq7(pfl, ~value);
/* Let's pretend write is immediate */
if (pfl->bypass)
goto do_bypass;
goto reset_flash;
case 0x90:
case 0x90: /* Autoselect */
if (pfl->bypass && cmd == 0x00) {
/* Unlock bypass reset */
goto reset_flash;
}
/* We can enter CFI query mode from autoselect mode */
if (boff == 0x55 && cmd == 0x98)
goto enter_CFI_mode;
/*
* We can enter CFI query mode from autoselect mode, but we must
* return to autoselect mode after a reset.
*/
if (boff == 0x55 && cmd == 0x98) {
/* Enter autoselect CFI query mode */
pfl->wcycle = WCYCLE_AUTOSELECT_CFI;
pfl->cmd = 0x98;
return;
}
/* No break here */
default:
DPRINTF("%s: invalid write for command %02x\n",
@ -400,11 +580,11 @@ static void pflash_write(PFlashCFI02 *pfl, hwaddr offset,
}
case 4:
switch (pfl->cmd) {
case 0xA0:
case 0xA0: /* Program */
/* Ignore writes while flash data write is occurring */
/* As we suppose write is immediate, this should never happen */
return;
case 0x80:
case 0x80: /* Erase */
goto check_unlock1;
default:
/* Should never happen */
@ -414,8 +594,12 @@ static void pflash_write(PFlashCFI02 *pfl, hwaddr offset,
}
break;
case 5:
if (pflash_erase_suspend_mode(pfl)) {
/* Erasing is not supported in erase suspend mode. */
goto reset_flash;
}
switch (cmd) {
case 0x10:
case 0x10: /* Chip Erase */
if (boff != pfl->unlock_addr0) {
DPRINTF("%s: chip erase: invalid address " TARGET_FMT_plx "\n",
__func__, offset);
@ -424,28 +608,16 @@ static void pflash_write(PFlashCFI02 *pfl, hwaddr offset,
/* Chip erase */
DPRINTF("%s: start chip erase\n", __func__);
if (!pfl->ro) {
memset(pfl->storage, 0xFF, pfl->chip_len);
memset(pfl->storage, 0xff, pfl->chip_len);
pflash_update(pfl, 0, pfl->chip_len);
}
pfl->status = 0x00;
/* Let's wait 5 seconds before chip erase is done */
set_dq7(pfl, 0x00);
/* Wait the time specified at CFI address 0x22. */
timer_mod(&pfl->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
(NANOSECONDS_PER_SECOND * 5));
(1ULL << pfl->cfi_table[0x22]) * SCALE_MS);
break;
case 0x30:
/* Sector erase */
p = pfl->storage;
offset &= ~(pfl->sector_len - 1);
DPRINTF("%s: start sector erase at " TARGET_FMT_plx "\n", __func__,
offset);
if (!pfl->ro) {
memset(p + offset, 0xFF, pfl->sector_len);
pflash_update(pfl, offset, pfl->sector_len);
}
pfl->status = 0x00;
/* Let's wait 1/2 second before sector erase is done */
timer_mod(&pfl->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
(NANOSECONDS_PER_SECOND / 2));
case 0x30: /* Sector erase */
pflash_sector_erase(pfl, offset);
break;
default:
DPRINTF("%s: invalid command %02x (wc 5)\n", __func__, cmd);
@ -455,11 +627,47 @@ static void pflash_write(PFlashCFI02 *pfl, hwaddr offset,
break;
case 6:
switch (pfl->cmd) {
case 0x10:
case 0x10: /* Chip Erase */
/* Ignore writes during chip erase */
return;
case 0x30:
/* Ignore writes during sector erase */
case 0x30: /* Sector erase */
if (cmd == 0xB0) {
/*
* If erase suspend happens during the erase timeout (so DQ3 is
* 0), then the device suspends erasing immediately. Set the
* remaining time to be the total time to erase. Otherwise,
* there is a maximum amount of time it can take to enter
* suspend mode. Let's ignore that and suspend immediately and
* set the remaining time to the actual time remaining on the
* timer.
*/
if ((pfl->status & 0x08) == 0) {
pfl->erase_time_remaining = pflash_erase_time(pfl);
} else {
int64_t delta = timer_expire_time_ns(&pfl->timer) -
qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
/* Make sure we have a positive time remaining. */
pfl->erase_time_remaining = delta <= 0 ? 1 : delta;
}
reset_dq3(pfl);
timer_del(&pfl->timer);
pfl->wcycle = 0;
pfl->cmd = 0;
return;
}
/*
* If DQ3 is 0, additional sector erase commands can be
* written and anything else (other than an erase suspend) resets
* the device.
*/
if ((pfl->status & 0x08) == 0) {
if (cmd == 0x30) {
pflash_sector_erase(pfl, offset);
} else {
goto reset_flash;
}
}
/* Ignore writes during the actual erase. */
return;
default:
/* Should never happen */
@ -468,7 +676,9 @@ static void pflash_write(PFlashCFI02 *pfl, hwaddr offset,
goto reset_flash;
}
break;
case 7: /* Special value for CFI queries */
/* Special values for CFI queries */
case WCYCLE_CFI:
case WCYCLE_AUTOSELECT_CFI:
DPRINTF("%s: invalid write in CFI query mode\n", __func__);
goto reset_flash;
default:
@ -493,39 +703,10 @@ static void pflash_write(PFlashCFI02 *pfl, hwaddr offset,
pfl->cmd = 0;
}
static uint64_t pflash_be_readfn(void *opaque, hwaddr addr, unsigned size)
{
return pflash_read(opaque, addr, size, 1);
}
static void pflash_be_writefn(void *opaque, hwaddr addr,
uint64_t value, unsigned size)
{
pflash_write(opaque, addr, value, size, 1);
}
static uint64_t pflash_le_readfn(void *opaque, hwaddr addr, unsigned size)
{
return pflash_read(opaque, addr, size, 0);
}
static void pflash_le_writefn(void *opaque, hwaddr addr,
uint64_t value, unsigned size)
{
pflash_write(opaque, addr, value, size, 0);
}
static const MemoryRegionOps pflash_cfi02_ops_be = {
.read = pflash_be_readfn,
.write = pflash_be_writefn,
.valid.min_access_size = 1,
.valid.max_access_size = 4,
.endianness = DEVICE_NATIVE_ENDIAN,
};
static const MemoryRegionOps pflash_cfi02_ops_le = {
.read = pflash_le_readfn,
.write = pflash_le_writefn,
static const MemoryRegionOps pflash_cfi02_ops = {
.read = pflash_read,
.write = pflash_write,
.impl.max_access_size = 2,
.valid.min_access_size = 1,
.valid.max_access_size = 4,
.endianness = DEVICE_NATIVE_ENDIAN,
@ -534,15 +715,14 @@ static const MemoryRegionOps pflash_cfi02_ops_le = {
static void pflash_cfi02_realize(DeviceState *dev, Error **errp)
{
PFlashCFI02 *pfl = PFLASH_CFI02(dev);
uint32_t chip_len;
int ret;
Error *local_err = NULL;
if (pfl->sector_len == 0) {
if (pfl->uniform_sector_len == 0 && pfl->sector_len[0] == 0) {
error_setg(errp, "attribute \"sector-length\" not specified or zero.");
return;
}
if (pfl->nb_blocs == 0) {
if (pfl->uniform_nb_blocs == 0 && pfl->nb_blocs[0] == 0) {
error_setg(errp, "attribute \"num-blocks\" not specified or zero.");
return;
}
@ -551,18 +731,64 @@ static void pflash_cfi02_realize(DeviceState *dev, Error **errp)
return;
}
chip_len = pfl->sector_len * pfl->nb_blocs;
int nb_regions;
pfl->chip_len = 0;
pfl->total_sectors = 0;
for (nb_regions = 0; nb_regions < PFLASH_MAX_ERASE_REGIONS; ++nb_regions) {
if (pfl->nb_blocs[nb_regions] == 0) {
break;
}
pfl->total_sectors += pfl->nb_blocs[nb_regions];
uint64_t sector_len_per_device = pfl->sector_len[nb_regions];
memory_region_init_rom_device(&pfl->orig_mem, OBJECT(pfl), pfl->be ?
&pflash_cfi02_ops_be : &pflash_cfi02_ops_le,
pfl, pfl->name, chip_len, &local_err);
/*
* The size of each flash sector must be a power of 2 and it must be
* aligned at the same power of 2.
*/
if (sector_len_per_device & 0xff ||
sector_len_per_device >= (1 << 24) ||
!is_power_of_2(sector_len_per_device))
{
error_setg(errp, "unsupported configuration: "
"sector length[%d] per device = %" PRIx64 ".",
nb_regions, sector_len_per_device);
return;
}
if (pfl->chip_len & (sector_len_per_device - 1)) {
error_setg(errp, "unsupported configuration: "
"flash region %d not correctly aligned.",
nb_regions);
return;
}
pfl->chip_len += (uint64_t)pfl->sector_len[nb_regions] *
pfl->nb_blocs[nb_regions];
}
uint64_t uniform_len = (uint64_t)pfl->uniform_nb_blocs *
pfl->uniform_sector_len;
if (nb_regions == 0) {
nb_regions = 1;
pfl->nb_blocs[0] = pfl->uniform_nb_blocs;
pfl->sector_len[0] = pfl->uniform_sector_len;
pfl->chip_len = uniform_len;
pfl->total_sectors = pfl->uniform_nb_blocs;
} else if (uniform_len != 0 && uniform_len != pfl->chip_len) {
error_setg(errp, "\"num-blocks\"*\"sector-length\" "
"different from \"num-blocks0\"*\'sector-length0\" + ... + "
"\"num-blocks3\"*\"sector-length3\"");
return;
}
memory_region_init_rom_device(&pfl->orig_mem, OBJECT(pfl),
&pflash_cfi02_ops, pfl, pfl->name,
pfl->chip_len, &local_err);
if (local_err) {
error_propagate(errp, local_err);
return;
}
pfl->storage = memory_region_get_ram_ptr(&pfl->orig_mem);
pfl->chip_len = chip_len;
if (pfl->blk) {
uint64_t perm;
@ -577,13 +803,20 @@ static void pflash_cfi02_realize(DeviceState *dev, Error **errp)
}
if (pfl->blk) {
if (!blk_check_size_and_read_all(pfl->blk, pfl->storage, chip_len,
errp)) {
if (!blk_check_size_and_read_all(pfl->blk, pfl->storage,
pfl->chip_len, errp)) {
vmstate_unregister_ram(&pfl->orig_mem, DEVICE(pfl));
return;
}
}
/* Only 11 bits are used in the comparison. */
pfl->unlock_addr0 &= 0x7FF;
pfl->unlock_addr1 &= 0x7FF;
/* Allocate memory for a bitmap for sectors being erased. */
pfl->sector_erase_map = bitmap_new(pfl->total_sectors);
pflash_setup_mappings(pfl);
pfl->rom_mode = 1;
sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem);
@ -592,7 +825,9 @@ static void pflash_cfi02_realize(DeviceState *dev, Error **errp)
pfl->wcycle = 0;
pfl->cmd = 0;
pfl->status = 0;
/* Hardcoded CFI table (mostly from SG29 Spansion flash) */
const uint16_t pri_ofs = 0x40;
/* Standard "QRY" string */
pfl->cfi_table[0x10] = 'Q';
pfl->cfi_table[0x11] = 'R';
@ -601,8 +836,8 @@ static void pflash_cfi02_realize(DeviceState *dev, Error **errp)
pfl->cfi_table[0x13] = 0x02;
pfl->cfi_table[0x14] = 0x00;
/* Primary extended table address */
pfl->cfi_table[0x15] = 0x31;
pfl->cfi_table[0x16] = 0x00;
pfl->cfi_table[0x15] = pri_ofs;
pfl->cfi_table[0x16] = pri_ofs >> 8;
/* Alternate command set (none) */
pfl->cfi_table[0x17] = 0x00;
pfl->cfi_table[0x18] = 0x00;
@ -617,7 +852,7 @@ static void pflash_cfi02_realize(DeviceState *dev, Error **errp)
pfl->cfi_table[0x1D] = 0x00;
/* Vpp max (no Vpp pin) */
pfl->cfi_table[0x1E] = 0x00;
/* Reserved */
/* Timeout per single byte/word write (128 ms) */
pfl->cfi_table[0x1F] = 0x07;
/* Timeout for min size buffer write (NA) */
pfl->cfi_table[0x20] = 0x00;
@ -634,7 +869,7 @@ static void pflash_cfi02_realize(DeviceState *dev, Error **errp)
/* Max timeout for chip erase */
pfl->cfi_table[0x26] = 0x0D;
/* Device size */
pfl->cfi_table[0x27] = ctz32(chip_len);
pfl->cfi_table[0x27] = ctz32(pfl->chip_len);
/* Flash device interface (8 & 16 bits) */
pfl->cfi_table[0x28] = 0x02;
pfl->cfi_table[0x29] = 0x00;
@ -643,37 +878,60 @@ static void pflash_cfi02_realize(DeviceState *dev, Error **errp)
// pfl->cfi_table[0x2A] = 0x05;
pfl->cfi_table[0x2A] = 0x00;
pfl->cfi_table[0x2B] = 0x00;
/* Number of erase block regions (uniform) */
pfl->cfi_table[0x2C] = 0x01;
/* Erase block region 1 */
pfl->cfi_table[0x2D] = pfl->nb_blocs - 1;
pfl->cfi_table[0x2E] = (pfl->nb_blocs - 1) >> 8;
pfl->cfi_table[0x2F] = pfl->sector_len >> 8;
pfl->cfi_table[0x30] = pfl->sector_len >> 16;
/* Number of erase block regions */
pfl->cfi_table[0x2c] = nb_regions;
/* Erase block regions */
for (int i = 0; i < nb_regions; ++i) {
uint32_t sector_len_per_device = pfl->sector_len[i];
pfl->cfi_table[0x2d + 4 * i] = pfl->nb_blocs[i] - 1;
pfl->cfi_table[0x2e + 4 * i] = (pfl->nb_blocs[i] - 1) >> 8;
pfl->cfi_table[0x2f + 4 * i] = sector_len_per_device >> 8;
pfl->cfi_table[0x30 + 4 * i] = sector_len_per_device >> 16;
}
assert(0x2c + 4 * nb_regions < pri_ofs);
/* Extended */
pfl->cfi_table[0x31] = 'P';
pfl->cfi_table[0x32] = 'R';
pfl->cfi_table[0x33] = 'I';
pfl->cfi_table[0x00 + pri_ofs] = 'P';
pfl->cfi_table[0x01 + pri_ofs] = 'R';
pfl->cfi_table[0x02 + pri_ofs] = 'I';
pfl->cfi_table[0x34] = '1';
pfl->cfi_table[0x35] = '0';
/* Extended version 1.0 */
pfl->cfi_table[0x03 + pri_ofs] = '1';
pfl->cfi_table[0x04 + pri_ofs] = '0';
pfl->cfi_table[0x36] = 0x00;
pfl->cfi_table[0x37] = 0x00;
pfl->cfi_table[0x38] = 0x00;
pfl->cfi_table[0x39] = 0x00;
/* Address sensitive unlock required. */
pfl->cfi_table[0x05 + pri_ofs] = 0x00;
/* Erase suspend to read/write. */
pfl->cfi_table[0x06 + pri_ofs] = 0x02;
/* Sector protect not supported. */
pfl->cfi_table[0x07 + pri_ofs] = 0x00;
/* Temporary sector unprotect not supported. */
pfl->cfi_table[0x08 + pri_ofs] = 0x00;
pfl->cfi_table[0x3a] = 0x00;
/* Sector protect/unprotect scheme. */
pfl->cfi_table[0x09 + pri_ofs] = 0x00;
pfl->cfi_table[0x3b] = 0x00;
pfl->cfi_table[0x3c] = 0x00;
/* Simultaneous operation not supported. */
pfl->cfi_table[0x0a + pri_ofs] = 0x00;
/* Burst mode not supported. */
pfl->cfi_table[0x0b + pri_ofs] = 0x00;
/* Page mode not supported. */
pfl->cfi_table[0x0c + pri_ofs] = 0x00;
assert(0x0c + pri_ofs < ARRAY_SIZE(pfl->cfi_table));
}
static Property pflash_cfi02_properties[] = {
DEFINE_PROP_DRIVE("drive", PFlashCFI02, blk),
DEFINE_PROP_UINT32("num-blocks", PFlashCFI02, nb_blocs, 0),
DEFINE_PROP_UINT32("sector-length", PFlashCFI02, sector_len, 0),
DEFINE_PROP_UINT32("num-blocks", PFlashCFI02, uniform_nb_blocs, 0),
DEFINE_PROP_UINT32("sector-length", PFlashCFI02, uniform_sector_len, 0),
DEFINE_PROP_UINT32("num-blocks0", PFlashCFI02, nb_blocs[0], 0),
DEFINE_PROP_UINT32("sector-length0", PFlashCFI02, sector_len[0], 0),
DEFINE_PROP_UINT32("num-blocks1", PFlashCFI02, nb_blocs[1], 0),
DEFINE_PROP_UINT32("sector-length1", PFlashCFI02, sector_len[1], 0),
DEFINE_PROP_UINT32("num-blocks2", PFlashCFI02, nb_blocs[2], 0),
DEFINE_PROP_UINT32("sector-length2", PFlashCFI02, sector_len[2], 0),
DEFINE_PROP_UINT32("num-blocks3", PFlashCFI02, nb_blocs[3], 0),
DEFINE_PROP_UINT32("sector-length3", PFlashCFI02, sector_len[3], 0),
DEFINE_PROP_UINT8("width", PFlashCFI02, width, 0),
DEFINE_PROP_UINT8("mappings", PFlashCFI02, mappings, 0),
DEFINE_PROP_UINT8("big-endian", PFlashCFI02, be, 0),
@ -691,6 +949,7 @@ static void pflash_cfi02_unrealize(DeviceState *dev, Error **errp)
{
PFlashCFI02 *pfl = PFLASH_CFI02(dev);
timer_del(&pfl->timer);
g_free(pfl->sector_erase_map);
}
static void pflash_cfi02_class_init(ObjectClass *klass, void *data)

10
hw/block/trace-events
View File

@ -7,13 +7,11 @@ fdc_ioport_write(uint8_t reg, uint8_t value) "write reg 0x%02x val 0x%02x"
# pflash_cfi02.c
# pflash_cfi01.c
pflash_reset(void) "reset"
pflash_read(uint64_t offset, uint8_t cmd, int width, uint8_t wcycle) "offset:0x%04"PRIx64" cmd:0x%02x width:%d wcycle:%u"
pflash_write(uint64_t offset, uint32_t value, int width, uint8_t wcycle) "offset:0x%04"PRIx64" value:0x%03x width:%d wcycle:%u"
pflash_timer_expired(uint8_t cmd) "command 0x%02x done"
pflash_data_read8(uint64_t offset, uint32_t value) "data offset:0x%04"PRIx64" value:0x%02x"
pflash_data_read16(uint64_t offset, uint32_t value) "data offset:0x%04"PRIx64" value:0x%04x"
pflash_data_read32(uint64_t offset, uint32_t value) "data offset:0x%04"PRIx64" value:0x%08x"
pflash_data_write(uint64_t offset, uint32_t value, int width, uint64_t counter) "data offset:0x%04"PRIx64" value:0x%08x width:%d counter:0x%016"PRIx64
pflash_io_read(uint64_t offset, int width, int fmt_width, uint32_t value, uint8_t cmd, uint8_t wcycle) "offset:0x%04"PRIx64" width:%d value:0x%0*x cmd:0x%02x wcycle:%u"
pflash_io_write(uint64_t offset, int width, int fmt_width, uint32_t value, uint8_t wcycle) "offset:0x%04"PRIx64" width:%d value:0x%0*x wcycle:%u"
pflash_data_read(uint64_t offset, int width, uint32_t value) "data offset:0x%04"PRIx64" value:0x%0*x"
pflash_data_write(uint64_t offset, int width, uint32_t value, uint64_t counter) "data offset:0x%04"PRIx64" value:0x%0*x counter:0x%016"PRIx64
pflash_manufacturer_id(uint16_t id) "Read Manufacturer ID: 0x%04x"
pflash_device_id(uint16_t id) "Read Device ID: 0x%04x"
pflash_device_info(uint64_t offset) "Read Device Information offset:0x%04"PRIx64

2
tests/Makefile.include
View File

@ -260,6 +260,7 @@ check-qtest-arm-y += tests/m25p80-test$(EXESUF)
check-qtest-arm-y += tests/test-arm-mptimer$(EXESUF)
check-qtest-arm-y += tests/boot-serial-test$(EXESUF)
check-qtest-arm-y += tests/hexloader-test$(EXESUF)
check-qtest-arm-$(CONFIG_PFLASH_CFI02) += tests/pflash-cfi02-test$(EXESUF)
check-qtest-aarch64-y = tests/numa-test$(EXESUF)
check-qtest-aarch64-y += tests/boot-serial-test$(EXESUF)
@ -767,6 +768,7 @@ tests/device-introspect-test$(EXESUF): tests/device-introspect-test.o
tests/rtc-test$(EXESUF): tests/rtc-test.o
tests/m48t59-test$(EXESUF): tests/m48t59-test.o
tests/hexloader-test$(EXESUF): tests/hexloader-test.o
tests/pflash-cfi02$(EXESUF): tests/pflash-cfi02-test.o
tests/endianness-test$(EXESUF): tests/endianness-test.o
tests/prom-env-test$(EXESUF): tests/prom-env-test.o $(libqos-obj-y)
tests/rtas-test$(EXESUF): tests/rtas-test.o $(libqos-spapr-obj-y)

681
tests/pflash-cfi02-test.c Normal file
View File

@ -0,0 +1,681 @@
/*
* QTest testcase for parallel flash with AMD command set
*
* Copyright (c) 2019 Stephen Checkoway
*
* This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*/
#include "qemu/osdep.h"
#include "libqtest.h"
/*
* To test the pflash_cfi02 device, we run QEMU with the musicpal machine with
* a pflash drive. This enables us to test some flash configurations, but not
* all. In particular, we're limited to a 16-bit wide flash device.
*/
#define MP_FLASH_SIZE_MAX (32 * 1024 * 1024)
#define BASE_ADDR (0x100000000ULL - MP_FLASH_SIZE_MAX)
#define UNIFORM_FLASH_SIZE (8 * 1024 * 1024)
#define UNIFORM_FLASH_SECTOR_SIZE (64 * 1024)
/* Use a newtype to keep flash addresses separate from byte addresses. */
typedef struct {
uint64_t addr;
} faddr;
#define FLASH_ADDR(x) ((faddr) { .addr = (x) })
#define CFI_ADDR FLASH_ADDR(0x55)
#define UNLOCK0_ADDR FLASH_ADDR(0x555)
#define UNLOCK1_ADDR FLASH_ADDR(0x2AA)
#define CFI_CMD 0x98
#define UNLOCK0_CMD 0xAA
#define UNLOCK1_CMD 0x55
#define SECOND_UNLOCK_CMD 0x80
#define AUTOSELECT_CMD 0x90
#define RESET_CMD 0xF0
#define PROGRAM_CMD 0xA0
#define SECTOR_ERASE_CMD 0x30
#define CHIP_ERASE_CMD 0x10
#define UNLOCK_BYPASS_CMD 0x20
#define UNLOCK_BYPASS_RESET_CMD 0x00
#define ERASE_SUSPEND_CMD 0xB0
#define ERASE_RESUME_CMD SECTOR_ERASE_CMD
typedef struct {
int bank_width;
/* Nonuniform block size. */
int nb_blocs[4];
int sector_len[4];
QTestState *qtest;
} FlashConfig;
static char image_path[] = "/tmp/qtest.XXXXXX";
/*
* The pflash implementation allows some parameters to be unspecified. We want
* to test those configurations but we also need to know the real values in
* our testing code. So after we launch qemu, we'll need a new FlashConfig
* with the correct values filled in.
*/
static FlashConfig expand_config_defaults(const FlashConfig *c)
{
FlashConfig ret = *c;
if (ret.bank_width == 0) {
ret.bank_width = 2;
}
if (ret.nb_blocs[0] == 0 && ret.sector_len[0] == 0) {
ret.sector_len[0] = UNIFORM_FLASH_SECTOR_SIZE;
ret.nb_blocs[0] = UNIFORM_FLASH_SIZE / UNIFORM_FLASH_SECTOR_SIZE;
}
/* XXX: Limitations of test harness. */
assert(ret.bank_width == 2);
return ret;
}
/*
* Return a bit mask suitable for extracting the least significant
* status/query response from an interleaved response.
*/
static inline uint64_t device_mask(const FlashConfig *c)
{
return (uint64_t)-1;
}
/*
* Return a bit mask exactly as long as the bank_width.
*/
static inline uint64_t bank_mask(const FlashConfig *c)
{
if (c->bank_width == 8) {
return (uint64_t)-1;
}
return (1ULL << (c->bank_width * 8)) - 1ULL;
}
static inline void flash_write(const FlashConfig *c, uint64_t byte_addr,
uint64_t data)
{
/* Sanity check our tests. */
assert((data & ~bank_mask(c)) == 0);
uint64_t addr = BASE_ADDR + byte_addr;
switch (c->bank_width) {
case 1:
qtest_writeb(c->qtest, addr, data);
break;
case 2:
qtest_writew(c->qtest, addr, data);
break;
case 4:
qtest_writel(c->qtest, addr, data);
break;
case 8:
qtest_writeq(c->qtest, addr, data);
break;
default:
abort();
}
}
static inline uint64_t flash_read(const FlashConfig *c, uint64_t byte_addr)
{
uint64_t addr = BASE_ADDR + byte_addr;
switch (c->bank_width) {
case 1:
return qtest_readb(c->qtest, addr);
case 2:
return qtest_readw(c->qtest, addr);
case 4:
return qtest_readl(c->qtest, addr);
case 8:
return qtest_readq(c->qtest, addr);
default:
abort();
}
}
/*
* Convert a flash address expressed in the maximum width of the device as a
* byte address.
*/
static inline uint64_t as_byte_addr(const FlashConfig *c, faddr flash_addr)
{
/*
* Command addresses are always given as addresses in the maximum
* supported bus size for the flash chip. So an x8/x16 chip in x8 mode
* uses addresses 0xAAA and 0x555 to unlock because the least significant
* bit is ignored. (0x555 rather than 0x554 is traditional.)
*
* In general we need to multiply by the maximum device width.
*/
return flash_addr.addr * c->bank_width;
}
/*
* Return the command value or expected status replicated across all devices.
*/
static inline uint64_t replicate(const FlashConfig *c, uint64_t data)
{
/* Sanity check our tests. */
assert((data & ~device_mask(c)) == 0);
return data;
}
static inline void flash_cmd(const FlashConfig *c, faddr cmd_addr,
uint8_t cmd)
{
flash_write(c, as_byte_addr(c, cmd_addr), replicate(c, cmd));
}
static inline uint64_t flash_query(const FlashConfig *c, faddr query_addr)
{
return flash_read(c, as_byte_addr(c, query_addr));
}
static inline uint64_t flash_query_1(const FlashConfig *c, faddr query_addr)
{
return flash_query(c, query_addr) & device_mask(c);
}
static void unlock(const FlashConfig *c)
{
flash_cmd(c, UNLOCK0_ADDR, UNLOCK0_CMD);
flash_cmd(c, UNLOCK1_ADDR, UNLOCK1_CMD);
}
static void reset(const FlashConfig *c)
{
flash_cmd(c, FLASH_ADDR(0), RESET_CMD);
}
static void sector_erase(const FlashConfig *c, uint64_t byte_addr)
{
unlock(c);
flash_cmd(c, UNLOCK0_ADDR, SECOND_UNLOCK_CMD);
unlock(c);
flash_write(c, byte_addr, replicate(c, SECTOR_ERASE_CMD));
}
static void wait_for_completion(const FlashConfig *c, uint64_t byte_addr)
{
/* If DQ6 is toggling, step the clock and ensure the toggle stops. */
const uint64_t dq6 = replicate(c, 0x40);
if ((flash_read(c, byte_addr) & dq6) ^ (flash_read(c, byte_addr) & dq6)) {
/* Wait for erase or program to finish. */
qtest_clock_step_next(c->qtest);
/* Ensure that DQ6 has stopped toggling. */
g_assert_cmphex(flash_read(c, byte_addr), ==, flash_read(c, byte_addr));
}
}
static void bypass_program(const FlashConfig *c, uint64_t byte_addr,
uint16_t data)
{
flash_cmd(c, UNLOCK0_ADDR, PROGRAM_CMD);
flash_write(c, byte_addr, data);
/*
* Data isn't valid until DQ6 stops toggling. We don't model this as
* writes are immediate, but if this changes in the future, we can wait
* until the program is complete.
*/
wait_for_completion(c, byte_addr);
}
static void program(const FlashConfig *c, uint64_t byte_addr, uint16_t data)
{
unlock(c);
bypass_program(c, byte_addr, data);
}
static void chip_erase(const FlashConfig *c)
{
unlock(c);
flash_cmd(c, UNLOCK0_ADDR, SECOND_UNLOCK_CMD);
unlock(c);
flash_cmd(c, UNLOCK0_ADDR, CHIP_ERASE_CMD);
}
static void erase_suspend(const FlashConfig *c)
{
flash_cmd(c, FLASH_ADDR(0), ERASE_SUSPEND_CMD);
}
static void erase_resume(const FlashConfig *c)
{
flash_cmd(c, FLASH_ADDR(0), ERASE_RESUME_CMD);
}
/*
* Test flash commands with a variety of device geometry.
*/
static void test_geometry(const void *opaque)
{
const FlashConfig *config = opaque;
QTestState *qtest;
qtest = qtest_initf("-M musicpal,accel=qtest"
" -drive if=pflash,file=%s,format=raw,copy-on-read"
/* Device geometry properties. */
" -global driver=cfi.pflash02,"
"property=num-blocks0,value=%d"
" -global driver=cfi.pflash02,"
"property=sector-length0,value=%d"
" -global driver=cfi.pflash02,"
"property=num-blocks1,value=%d"
" -global driver=cfi.pflash02,"
"property=sector-length1,value=%d"
" -global driver=cfi.pflash02,"
"property=num-blocks2,value=%d"
" -global driver=cfi.pflash02,"
"property=sector-length2,value=%d"
" -global driver=cfi.pflash02,"
"property=num-blocks3,value=%d"
" -global driver=cfi.pflash02,"
"property=sector-length3,value=%d",
image_path,
config->nb_blocs[0],
config->sector_len[0],
config->nb_blocs[1],
config->sector_len[1],
config->nb_blocs[2],
config->sector_len[2],
config->nb_blocs[3],
config->sector_len[3]);
FlashConfig explicit_config = expand_config_defaults(config);
explicit_config.qtest = qtest;
const FlashConfig *c = &explicit_config;
/* Check the IDs. */
unlock(c);
flash_cmd(c, UNLOCK0_ADDR, AUTOSELECT_CMD);
g_assert_cmphex(flash_query(c, FLASH_ADDR(0)), ==, replicate(c, 0xBF));
if (c->bank_width >= 2) {
/*
* XXX: The ID returned by the musicpal flash chip is 16 bits which
* wouldn't happen with an 8-bit device. It would probably be best to
* prohibit addresses larger than the device width in pflash_cfi02.c,
* but then we couldn't test smaller device widths at all.
*/
g_assert_cmphex(flash_query(c, FLASH_ADDR(1)), ==,
replicate(c, 0x236D));
}
reset(c);
/* Check the erase blocks. */
flash_cmd(c, CFI_ADDR, CFI_CMD);
g_assert_cmphex(flash_query(c, FLASH_ADDR(0x10)), ==, replicate(c, 'Q'));
g_assert_cmphex(flash_query(c, FLASH_ADDR(0x11)), ==, replicate(c, 'R'));
g_assert_cmphex(flash_query(c, FLASH_ADDR(0x12)), ==, replicate(c, 'Y'));
/* Num erase regions. */
int nb_erase_regions = flash_query_1(c, FLASH_ADDR(0x2C));
g_assert_cmphex(nb_erase_regions, ==,
!!c->nb_blocs[0] + !!c->nb_blocs[1] + !!c->nb_blocs[2] +
!!c->nb_blocs[3]);
/* Check device length. */
uint32_t device_len = 1 << flash_query_1(c, FLASH_ADDR(0x27));
g_assert_cmphex(device_len, ==, UNIFORM_FLASH_SIZE);
/* Check that erase suspend to read/write is supported. */
uint16_t pri = flash_query_1(c, FLASH_ADDR(0x15)) +
(flash_query_1(c, FLASH_ADDR(0x16)) << 8);
g_assert_cmpint(pri, >=, 0x2D + 4 * nb_erase_regions);
g_assert_cmpint(flash_query(c, FLASH_ADDR(pri + 0)), ==, replicate(c, 'P'));
g_assert_cmpint(flash_query(c, FLASH_ADDR(pri + 1)), ==, replicate(c, 'R'));
g_assert_cmpint(flash_query(c, FLASH_ADDR(pri + 2)), ==, replicate(c, 'I'));
g_assert_cmpint(flash_query_1(c, FLASH_ADDR(pri + 6)), ==, 2); /* R/W */
reset(c);
const uint64_t dq7 = replicate(c, 0x80);
const uint64_t dq6 = replicate(c, 0x40);
const uint64_t dq3 = replicate(c, 0x08);
const uint64_t dq2 = replicate(c, 0x04);
uint64_t byte_addr = 0;
for (int region = 0; region < nb_erase_regions; ++region) {
uint64_t base = 0x2D + 4 * region;
flash_cmd(c, CFI_ADDR, CFI_CMD);
uint32_t nb_sectors = flash_query_1(c, FLASH_ADDR(base + 0)) +
(flash_query_1(c, FLASH_ADDR(base + 1)) << 8) + 1;
uint32_t sector_len = (flash_query_1(c, FLASH_ADDR(base + 2)) << 8) +
(flash_query_1(c, FLASH_ADDR(base + 3)) << 16);
g_assert_cmphex(nb_sectors, ==, c->nb_blocs[region]);
g_assert_cmphex(sector_len, ==, c->sector_len[region]);
reset(c);
/* Erase and program sector. */
for (uint32_t i = 0; i < nb_sectors; ++i) {
sector_erase(c, byte_addr);
/* Check that DQ3 is 0. */
g_assert_cmphex(flash_read(c, byte_addr) & dq3, ==, 0);
qtest_clock_step_next(c->qtest); /* Step over the 50 us timeout. */
/* Check that DQ3 is 1. */
uint64_t status0 = flash_read(c, byte_addr);
g_assert_cmphex(status0 & dq3, ==, dq3);
/* DQ7 is 0 during an erase. */
g_assert_cmphex(status0 & dq7, ==, 0);
uint64_t status1 = flash_read(c, byte_addr);
/* DQ6 toggles during an erase. */
g_assert_cmphex(status0 & dq6, ==, ~status1 & dq6);
/* Wait for erase to complete. */
wait_for_completion(c, byte_addr);
/* Ensure DQ6 has stopped toggling. */
g_assert_cmphex(flash_read(c, byte_addr), ==,
flash_read(c, byte_addr));
/* Now the data should be valid. */
g_assert_cmphex(flash_read(c, byte_addr), ==, bank_mask(c));
/* Program a bit pattern. */
program(c, byte_addr, 0x55);
g_assert_cmphex(flash_read(c, byte_addr) & 0xFF, ==, 0x55);
program(c, byte_addr, 0xA5);
g_assert_cmphex(flash_read(c, byte_addr) & 0xFF, ==, 0x05);
byte_addr += sector_len;
}
}
/* Erase the chip. */
chip_erase(c);
/* Read toggle. */
uint64_t status0 = flash_read(c, 0);
/* DQ7 is 0 during an erase. */
g_assert_cmphex(status0 & dq7, ==, 0);
uint64_t status1 = flash_read(c, 0);
/* DQ6 toggles during an erase. */
g_assert_cmphex(status0 & dq6, ==, ~status1 & dq6);
/* Wait for erase to complete. */
qtest_clock_step_next(c->qtest);
/* Ensure DQ6 has stopped toggling. */
g_assert_cmphex(flash_read(c, 0), ==, flash_read(c, 0));
/* Now the data should be valid. */
for (int region = 0; region < nb_erase_regions; ++region) {
for (uint32_t i = 0; i < c->nb_blocs[region]; ++i) {
uint64_t byte_addr = i * c->sector_len[region];
g_assert_cmphex(flash_read(c, byte_addr), ==, bank_mask(c));
}
}
/* Unlock bypass */
unlock(c);
flash_cmd(c, UNLOCK0_ADDR, UNLOCK_BYPASS_CMD);
bypass_program(c, 0 * c->bank_width, 0x01);
bypass_program(c, 1 * c->bank_width, 0x23);
bypass_program(c, 2 * c->bank_width, 0x45);
/*
* Test that bypass programming, unlike normal programming can use any
* address for the PROGRAM_CMD.
*/
flash_cmd(c, FLASH_ADDR(3 * c->bank_width), PROGRAM_CMD);
flash_write(c, 3 * c->bank_width, 0x67);
wait_for_completion(c, 3 * c->bank_width);
flash_cmd(c, FLASH_ADDR(0), UNLOCK_BYPASS_RESET_CMD);
bypass_program(c, 4 * c->bank_width, 0x89); /* Should fail. */
g_assert_cmphex(flash_read(c, 0 * c->bank_width), ==, 0x01);
g_assert_cmphex(flash_read(c, 1 * c->bank_width), ==, 0x23);
g_assert_cmphex(flash_read(c, 2 * c->bank_width), ==, 0x45);
g_assert_cmphex(flash_read(c, 3 * c->bank_width), ==, 0x67);
g_assert_cmphex(flash_read(c, 4 * c->bank_width), ==, bank_mask(c));
/* Test ignored high order bits of address. */
flash_cmd(c, FLASH_ADDR(0x5555), UNLOCK0_CMD);
flash_cmd(c, FLASH_ADDR(0x2AAA), UNLOCK1_CMD);
flash_cmd(c, FLASH_ADDR(0x5555), AUTOSELECT_CMD);
g_assert_cmphex(flash_query(c, FLASH_ADDR(0)), ==, replicate(c, 0xBF));
reset(c);
/*
* Program a word on each sector, erase one or two sectors per region, and
* verify that all of those, and only those, are erased.
*/
byte_addr = 0;
for (int region = 0; region < nb_erase_regions; ++region) {
for (int i = 0; i < config->nb_blocs[region]; ++i) {
program(c, byte_addr, 0);
byte_addr += config->sector_len[region];
}
}
unlock(c);
flash_cmd(c, UNLOCK0_ADDR, SECOND_UNLOCK_CMD);
unlock(c);
byte_addr = 0;
const uint64_t erase_cmd = replicate(c, SECTOR_ERASE_CMD);
for (int region = 0; region < nb_erase_regions; ++region) {
flash_write(c, byte_addr, erase_cmd);
if (c->nb_blocs[region] > 1) {
flash_write(c, byte_addr + c->sector_len[region], erase_cmd);
}
byte_addr += c->sector_len[region] * c->nb_blocs[region];
}
qtest_clock_step_next(c->qtest); /* Step over the 50 us timeout. */
wait_for_completion(c, 0);
byte_addr = 0;
for (int region = 0; region < nb_erase_regions; ++region) {
for (int i = 0; i < config->nb_blocs[region]; ++i) {
if (i < 2) {
g_assert_cmphex(flash_read(c, byte_addr), ==, bank_mask(c));
} else {
g_assert_cmphex(flash_read(c, byte_addr), ==, 0);
}
byte_addr += config->sector_len[region];
}
}
/* Test erase suspend/resume during erase timeout. */
sector_erase(c, 0);
/*
* Check that DQ 3 is 0 and DQ6 and DQ2 are toggling in the sector being
* erased as well as in a sector not being erased.
*/
byte_addr = c->sector_len[0];
status0 = flash_read(c, 0);
status1 = flash_read(c, 0);
g_assert_cmpint(status0 & dq3, ==, 0);
g_assert_cmpint(status0 & dq6, ==, ~status1 & dq6);
g_assert_cmpint(status0 & dq2, ==, ~status1 & dq2);
status0 = flash_read(c, byte_addr);
status1 = flash_read(c, byte_addr);
g_assert_cmpint(status0 & dq3, ==, 0);
g_assert_cmpint(status0 & dq6, ==, ~status1 & dq6);
g_assert_cmpint(status0 & dq2, ==, ~status1 & dq2);
/*
* Check that after suspending, DQ6 does not toggle but DQ2 does toggle in
* an erase suspended sector but that neither toggle (we should be
* getting data) in a sector not being erased.
*/
erase_suspend(c);
status0 = flash_read(c, 0);
status1 = flash_read(c, 0);
g_assert_cmpint(status0 & dq6, ==, status1 & dq6);
g_assert_cmpint(status0 & dq2, ==, ~status1 & dq2);
g_assert_cmpint(flash_read(c, byte_addr), ==, flash_read(c, byte_addr));
/* Check that after resuming, DQ3 is 1 and DQ6 and DQ2 toggle. */
erase_resume(c);
status0 = flash_read(c, 0);
status1 = flash_read(c, 0);
g_assert_cmpint(status0 & dq3, ==, dq3);
g_assert_cmpint(status0 & dq6, ==, ~status1 & dq6);
g_assert_cmpint(status0 & dq2, ==, ~status1 & dq2);
status0 = flash_read(c, byte_addr);
status1 = flash_read(c, byte_addr);
g_assert_cmpint(status0 & dq3, ==, dq3);
g_assert_cmpint(status0 & dq6, ==, ~status1 & dq6);
g_assert_cmpint(status0 & dq2, ==, ~status1 & dq2);
wait_for_completion(c, 0);
/* Repeat this process but this time suspend after the timeout. */
sector_erase(c, 0);
qtest_clock_step_next(c->qtest);
/*
* Check that DQ 3 is 1 and DQ6 and DQ2 are toggling in the sector being
* erased as well as in a sector not being erased.
*/
byte_addr = c->sector_len[0];
status0 = flash_read(c, 0);
status1 = flash_read(c, 0);
g_assert_cmpint(status0 & dq3, ==, dq3);
g_assert_cmpint(status0 & dq6, ==, ~status1 & dq6);
g_assert_cmpint(status0 & dq2, ==, ~status1 & dq2);
status0 = flash_read(c, byte_addr);
status1 = flash_read(c, byte_addr);
g_assert_cmpint(status0 & dq3, ==, dq3);
g_assert_cmpint(status0 & dq6, ==, ~status1 & dq6);
g_assert_cmpint(status0 & dq2, ==, ~status1 & dq2);
/*
* Check that after suspending, DQ6 does not toggle but DQ2 does toggle in
* an erase suspended sector but that neither toggle (we should be
* getting data) in a sector not being erased.
*/
erase_suspend(c);
status0 = flash_read(c, 0);
status1 = flash_read(c, 0);
g_assert_cmpint(status0 & dq6, ==, status1 & dq6);
g_assert_cmpint(status0 & dq2, ==, ~status1 & dq2);
g_assert_cmpint(flash_read(c, byte_addr), ==, flash_read(c, byte_addr));
/* Check that after resuming, DQ3 is 1 and DQ6 and DQ2 toggle. */
erase_resume(c);
status0 = flash_read(c, 0);
status1 = flash_read(c, 0);
g_assert_cmpint(status0 & dq3, ==, dq3);
g_assert_cmpint(status0 & dq6, ==, ~status1 & dq6);
g_assert_cmpint(status0 & dq2, ==, ~status1 & dq2);
status0 = flash_read(c, byte_addr);
status1 = flash_read(c, byte_addr);
g_assert_cmpint(status0 & dq3, ==, dq3);
g_assert_cmpint(status0 & dq6, ==, ~status1 & dq6);
g_assert_cmpint(status0 & dq2, ==, ~status1 & dq2);
wait_for_completion(c, 0);
qtest_quit(qtest);
}
/*
* Test that
* 1. enter autoselect mode;
* 2. enter CFI mode; and then
* 3. exit CFI mode
* leaves the flash device in autoselect mode.
*/
static void test_cfi_in_autoselect(const void *opaque)
{
const FlashConfig *config = opaque;
QTestState *qtest;
qtest = qtest_initf("-M musicpal,accel=qtest"
" -drive if=pflash,file=%s,format=raw,copy-on-read",
image_path);
FlashConfig explicit_config = expand_config_defaults(config);
explicit_config.qtest = qtest;
const FlashConfig *c = &explicit_config;
/* 1. Enter autoselect. */
unlock(c);
flash_cmd(c, UNLOCK0_ADDR, AUTOSELECT_CMD);
g_assert_cmphex(flash_query(c, FLASH_ADDR(0)), ==, replicate(c, 0xBF));
/* 2. Enter CFI. */
flash_cmd(c, CFI_ADDR, CFI_CMD);
g_assert_cmphex(flash_query(c, FLASH_ADDR(0x10)), ==, replicate(c, 'Q'));
g_assert_cmphex(flash_query(c, FLASH_ADDR(0x11)), ==, replicate(c, 'R'));
g_assert_cmphex(flash_query(c, FLASH_ADDR(0x12)), ==, replicate(c, 'Y'));
/* 3. Exit CFI. */
reset(c);
g_assert_cmphex(flash_query(c, FLASH_ADDR(0)), ==, replicate(c, 0xBF));
qtest_quit(qtest);
}
static void cleanup(void *opaque)
{
unlink(image_path);
}
/*
* XXX: Tests are limited to bank_width = 2 for now because that's what
* hw/arm/musicpal.c has.
*/
static const FlashConfig configuration[] = {
/* One x16 device. */
{
.bank_width = 2,
},
/* Nonuniform sectors (top boot). */
{
.bank_width = 2,
.nb_blocs = { 127, 1, 2, 1 },
.sector_len = { 0x10000, 0x08000, 0x02000, 0x04000 },
},
/* Nonuniform sectors (bottom boot). */
{
.bank_width = 2,
.nb_blocs = { 1, 2, 1, 127 },
.sector_len = { 0x04000, 0x02000, 0x08000, 0x10000 },
},
};
int main(int argc, char **argv)
{
int fd = mkstemp(image_path);
if (fd == -1) {
g_printerr("Failed to create temporary file %s: %s\n", image_path,
strerror(errno));
exit(EXIT_FAILURE);
}
if (ftruncate(fd, UNIFORM_FLASH_SIZE) < 0) {
int error_code = errno;
close(fd);
unlink(image_path);
g_printerr("Failed to truncate file %s to %u MB: %s\n", image_path,
UNIFORM_FLASH_SIZE, strerror(error_code));
exit(EXIT_FAILURE);
}
close(fd);
qtest_add_abrt_handler(cleanup, NULL);
g_test_init(&argc, &argv, NULL);
size_t nb_configurations = sizeof configuration / sizeof configuration[0];
for (size_t i = 0; i < nb_configurations; ++i) {
const FlashConfig *config = &configuration[i];
char *path = g_strdup_printf("pflash-cfi02"
"/geometry/%dx%x-%dx%x-%dx%x-%dx%x"
"/%d",
config->nb_blocs[0],
config->sector_len[0],
config->nb_blocs[1],
config->sector_len[1],
config->nb_blocs[2],
config->sector_len[2],
config->nb_blocs[3],
config->sector_len[3],
config->bank_width);
qtest_add_data_func(path, config, test_geometry);
g_free(path);
}
qtest_add_data_func("pflash-cfi02/cfi-in-autoselect", &configuration[0],
test_cfi_in_autoselect);
int result = g_test_run();
cleanup(NULL);
return result;
}