X-Git-Url: https://review.openocd.org/gitweb?p=openocd.git;a=blobdiff_plain;f=src%2Fflash%2Fnor%2Fcore.c;h=18012c650b55d0f03603e24f9094bbe6dd12b6a8;hp=2dbf1142fed2ef6b3b793b4d1fde777624e53b16;hb=300f0f53c54fab5dd994a8bc42edbdc6115ef7b9;hpb=04ee41de52065f648752c13652b3428260f1ac2a diff --git a/src/flash/nor/core.c b/src/flash/nor/core.c index 2dbf1142fe..18012c650b 100644 --- a/src/flash/nor/core.c +++ b/src/flash/nor/core.c @@ -1,4 +1,7 @@ /*************************************************************************** + * Copyright (C) 2005 by Dominic Rath * + * Copyright (C) 2007,2008 Øyvind Harboe * + * Copyright (C) 2008 by Spencer Oliver * * Copyright (C) 2009 Zachary T Welch * * * * This program is free software; you can redistribute it and/or modify * @@ -20,23 +23,20 @@ #ifdef HAVE_CONFIG_H #include #endif -#include +#include +#include #include #include -// in flash.c, to be moved here -extern struct flash_driver *flash_drivers[]; -extern struct flash_bank *flash_banks; -struct flash_driver *flash_driver_find_by_name(const char *name) -{ - for (unsigned i = 0; flash_drivers[i]; i++) - { - if (strcmp(name, flash_drivers[i]->name) == 0) - return flash_drivers[i]; - } - return NULL; -} +/** + * @file + * Upper level of NOR flash framework. + * The lower level interfaces are to drivers. These upper level ones + * primarily support access from Tcl scripts or from GDB. + */ + +static struct flash_bank *flash_banks; int flash_driver_erase(struct flash_bank *bank, int first, int last) { @@ -54,6 +54,63 @@ int flash_driver_erase(struct flash_bank *bank, int first, int last) int flash_driver_protect(struct flash_bank *bank, int set, int first, int last) { int retval; + bool updated = false; + + /* NOTE: "first == last" means protect just that sector */ + + /* callers may not supply illegal parameters ... */ + if (first < 0 || first > last || last >= bank->num_sectors) + return ERROR_FAIL; + + /* force "set" to 0/1 */ + set = !!set; + + /* + * Filter out what trivial nonsense we can, so drivers don't have to. + * + * Don't tell drivers to change to the current state... it's needless, + * and reducing the amount of work to be done (potentially to nothing) + * speeds at least some things up. + */ +scan: + for (int i = first; i <= last; i++) { + struct flash_sector *sector = bank->sectors + i; + + /* Only filter requests to protect the already-protected, or + * to unprotect the already-unprotected. Changing from the + * unknown state (-1) to a known one is unwise but allowed; + * protection status is best checked first. + */ + if (sector->is_protected != set) + continue; + + /* Shrink this range of sectors from the start; don't overrun + * the end. Also shrink from the end; don't overun the start. + * + * REVISIT we could handle discontiguous regions by issuing + * more than one driver request. How much would that matter? + */ + if (i == first) { + updated = true; + first++; + } else if (i == last) { + updated = true; + last--; + } + } + + /* updating the range affects the tests in the scan loop above; so + * re-scan, to make sure we didn't miss anything. + */ + if (updated) { + updated = false; + goto scan; + } + + /* Single sector, already protected? Nothing to do! */ + if (first > last) + return ERROR_OK; + retval = bank->driver->protect(bank, set, first, last); if (retval != ERROR_OK) @@ -79,7 +136,6 @@ int flash_driver_write(struct flash_bank *bank, return retval; } - void flash_bank_add(struct flash_bank *bank) { /* put flash bank in linked list */ @@ -107,11 +163,207 @@ struct flash_bank *flash_bank_list(void) return flash_banks; } -/* erase given flash region, selects proper bank according to target and address */ -static int flash_iterate_address_range(struct target *target, uint32_t addr, uint32_t length, +struct flash_bank *get_flash_bank_by_num_noprobe(int num) +{ + struct flash_bank *p; + int i = 0; + + for (p = flash_banks; p; p = p->next) + { + if (i++ == num) + { + return p; + } + } + LOG_ERROR("flash bank %d does not exist", num); + return NULL; +} + +int flash_get_bank_count(void) +{ + struct flash_bank *p; + int i = 0; + for (p = flash_banks; p; p = p->next) + { + i++; + } + return i; +} + +struct flash_bank *get_flash_bank_by_name(const char *name) +{ + unsigned requested = get_flash_name_index(name); + unsigned found = 0; + + struct flash_bank *bank; + for (bank = flash_banks; NULL != bank; bank = bank->next) + { + if (strcmp(bank->name, name) == 0) + return bank; + if (!flash_driver_name_matches(bank->driver->name, name)) + continue; + if (++found < requested) + continue; + return bank; + } + return NULL; +} + +struct flash_bank *get_flash_bank_by_num(int num) +{ + struct flash_bank *p = get_flash_bank_by_num_noprobe(num); + int retval; + + if (p == NULL) + return NULL; + + retval = p->driver->auto_probe(p); + + if (retval != ERROR_OK) + { + LOG_ERROR("auto_probe failed %d\n", retval); + return NULL; + } + return p; +} + +/* lookup flash bank by address */ +struct flash_bank *get_flash_bank_by_addr(struct target *target, uint32_t addr) +{ + struct flash_bank *c; + + /* cycle through bank list */ + for (c = flash_banks; c; c = c->next) + { + int retval; + retval = c->driver->auto_probe(c); + + if (retval != ERROR_OK) + { + LOG_ERROR("auto_probe failed %d\n", retval); + return NULL; + } + /* check whether address belongs to this flash bank */ + if ((addr >= c->base) && (addr <= c->base + (c->size - 1)) && target == c->target) + return c; + } + LOG_ERROR("No flash at address 0x%08" PRIx32 "\n", addr); + return NULL; +} + +int default_flash_mem_blank_check(struct flash_bank *bank) +{ + struct target *target = bank->target; + const int buffer_size = 1024; + int i; + uint32_t nBytes; + int retval = ERROR_OK; + + if (bank->target->state != TARGET_HALTED) + { + LOG_ERROR("Target not halted"); + return ERROR_TARGET_NOT_HALTED; + } + + uint8_t *buffer = malloc(buffer_size); + + for (i = 0; i < bank->num_sectors; i++) + { + uint32_t j; + bank->sectors[i].is_erased = 1; + + for (j = 0; j < bank->sectors[i].size; j += buffer_size) + { + uint32_t chunk; + chunk = buffer_size; + if (chunk > (j - bank->sectors[i].size)) + { + chunk = (j - bank->sectors[i].size); + } + + retval = target_read_memory(target, bank->base + bank->sectors[i].offset + j, 4, chunk/4, buffer); + if (retval != ERROR_OK) + { + goto done; + } + + for (nBytes = 0; nBytes < chunk; nBytes++) + { + if (buffer[nBytes] != 0xFF) + { + bank->sectors[i].is_erased = 0; + break; + } + } + } + } + + done: + free(buffer); + + return retval; +} + +int default_flash_blank_check(struct flash_bank *bank) +{ + struct target *target = bank->target; + int i; + int retval; + int fast_check = 0; + uint32_t blank; + + if (bank->target->state != TARGET_HALTED) + { + LOG_ERROR("Target not halted"); + return ERROR_TARGET_NOT_HALTED; + } + + for (i = 0; i < bank->num_sectors; i++) + { + uint32_t address = bank->base + bank->sectors[i].offset; + uint32_t size = bank->sectors[i].size; + + if ((retval = target_blank_check_memory(target, address, size, &blank)) != ERROR_OK) + { + fast_check = 0; + break; + } + if (blank == 0xFF) + bank->sectors[i].is_erased = 1; + else + bank->sectors[i].is_erased = 0; + fast_check = 1; + } + + if (!fast_check) + { + LOG_USER("Running slow fallback erase check - add working memory"); + return default_flash_mem_blank_check(bank); + } + + return ERROR_OK; +} + +/* Manipulate given flash region, selecting the bank according to target + * and address. Maps an address range to a set of sectors, and issues + * the callback() on that set ... e.g. to erase or unprotect its members. + * + * (Note a current bad assumption: that protection operates on the same + * size sectors as erase operations use.) + * + * The "pad_reason" parameter is a kind of boolean: when it's NULL, the + * range must fit those sectors exactly. This is clearly safe; it can't + * erase data which the caller said to leave alone, for example. If it's + * non-NULL, rather than failing, extra data in the first and/or last + * sectors will be added to the range, and that reason string is used when + * warning about those additions. + */ +static int flash_iterate_address_range(struct target *target, + char *pad_reason, uint32_t addr, uint32_t length, int (*callback)(struct flash_bank *bank, int first, int last)) { struct flash_bank *c; + uint32_t last_addr = addr + length; /* first address AFTER end */ int first = -1; int last = -1; int i; @@ -129,37 +381,105 @@ static int flash_iterate_address_range(struct target *target, uint32_t addr, uin { /* special case, erase whole bank when length is zero */ if (addr != c->base) + { + LOG_ERROR("Whole bank access must start at beginning of bank."); return ERROR_FLASH_DST_BREAKS_ALIGNMENT; + } return callback(c, 0, c->num_sectors - 1); } - /* check whether it fits */ + /* check whether it all fits in this bank */ if (addr + length - 1 > c->base + c->size - 1) + { + LOG_ERROR("Flash access does not fit into bank."); return ERROR_FLASH_DST_BREAKS_ALIGNMENT; + } + + /** @todo: handle erasures that cross into adjacent banks */ addr -= c->base; + last_addr -= c->base; for (i = 0; i < c->num_sectors; i++) { - /* check whether sector overlaps with the given range and is not yet erased */ - if (addr < c->sectors[i].offset + c->sectors[i].size && addr + length > c->sectors[i].offset && c->sectors[i].is_erased != 1) { - /* if first is not set yet then this is the first sector */ - if (first == -1) + struct flash_sector *f = c->sectors + i; + uint32_t end = f->offset + f->size; + + /* start only on a sector boundary */ + if (first < 0) { + /* scanned past the first sector? */ + if (addr < f->offset) + break; + + /* is this the first sector? */ + if (addr == f->offset) first = i; - last = i; /* and it is the last one so far in any case */ + + /* Does this need head-padding? If so, pad and warn; + * or else force an error. + * + * Such padding can make trouble, since *WE* can't + * ever know if that data was in use. The warning + * should help users sort out messes later. + */ + else if (addr < end && pad_reason) { + /* FIXME say how many bytes (e.g. 80 KB) */ + LOG_WARNING("Adding extra %s range, " + "%#8.8x to %#8.8x", + pad_reason, + (unsigned) f->offset, + (unsigned) addr - 1); + first = i; + } else + continue; + } + + /* is this (also?) the last sector? */ + if (last_addr == end) { + last = i; + break; + } + + /* Does this need tail-padding? If so, pad and warn; + * or else force an error. + */ + if (last_addr < end && pad_reason) { + /* FIXME say how many bytes (e.g. 80 KB) */ + LOG_WARNING("Adding extra %s range, " + "%#8.8x to %#8.8x", + pad_reason, + (unsigned) last_addr, + (unsigned) end - 1); + last = i; + break; } + + /* MUST finish on a sector boundary */ + if (last_addr <= f->offset) + break; } - if (first == -1 || last == -1) - return ERROR_OK; + /* invalid start or end address? */ + if (first == -1 || last == -1) { + LOG_ERROR("address range 0x%8.8x .. 0x%8.8x " + "is not sector-aligned", + (unsigned) (c->base + addr), + (unsigned) (c->base + last_addr - 1)); + return ERROR_FLASH_DST_BREAKS_ALIGNMENT; + } + /* The NOR driver may trim this range down, based on what + * sectors are already erased/unprotected. GDB currently + * blocks such optimizations. + */ return callback(c, first, last); } -int flash_erase_address_range(struct target *target, uint32_t addr, uint32_t length) +int flash_erase_address_range(struct target *target, + bool pad, uint32_t addr, uint32_t length) { - return flash_iterate_address_range(target, + return flash_iterate_address_range(target, pad ? "erase" : NULL, addr, length, &flash_driver_erase); } @@ -170,7 +490,11 @@ static int flash_driver_unprotect(struct flash_bank *bank, int first, int last) static int flash_unlock_address_range(struct target *target, uint32_t addr, uint32_t length) { - return flash_iterate_address_range(target, + /* By default, pad to sector boundaries ... the real issue here + * is that our (only) caller *permanently* removes protection, + * and doesn't restore it. + */ + return flash_iterate_address_range(target, "unprotect", addr, length, &flash_driver_unprotect); } @@ -184,6 +508,12 @@ int flash_write_unlock(struct target *target, struct image *image, struct flash_bank *c; int *padding; + /* REVISIT do_pad should perhaps just be another parameter. + * GDB wouldn't ever need it, since it erases separately. + * But "flash write_image" commands might want that option. + */ + bool do_pad = false; + section = 0; section_offset = 0; @@ -199,7 +529,7 @@ int flash_write_unlock(struct target *target, struct image *image, } /* allocate padding array */ - padding = malloc(image->num_sections * sizeof(padding)); + padding = calloc(image->num_sections, sizeof(*padding)); /* loop until we reach end of the image */ while (section < image->num_sections) @@ -237,10 +567,31 @@ int flash_write_unlock(struct target *target, struct image *image, { if (image->sections[section_last + 1].base_address < (run_address + run_size)) { - LOG_DEBUG("section %d out of order(very slightly surprising, but supported)", section_last + 1); + LOG_DEBUG("section %d out of order " + "(surprising, but supported)", + section_last + 1); + /* REVISIT this can break with autoerase ... + * clobbering data after it's written. + */ break; } - /* if we have multiple sections within our image, flash programming could fail due to alignment issues + + /* FIXME This needlessly touches sectors BETWEEN the + * sections it's writing. Without auto erase, it just + * writes ones. That WILL INVALIDATE data in cases + * like Stellaris Tempest chips, corrupting internal + * ECC codes; and at least FreeScale suggests issues + * with that approach (in HC11 documentation). + * + * With auto erase enabled, data in those sectors will + * be needlessly destroyed; and some of the limited + * number of flash erase cycles will be wasted... + * + * In both cases, the extra writes slow things down. + */ + + /* if we have multiple sections within our image, + * flash programming could fail due to alignment issues * attempt to rebuild a consecutive buffer for the flash loader */ pad_bytes = (image->sections[section_last + 1].base_address) - (run_address + run_size); if ((run_address + run_size + pad_bytes) > (c->base + c->size)) @@ -248,7 +599,6 @@ int flash_write_unlock(struct target *target, struct image *image, padding[section_last] = pad_bytes; run_size += image->sections[++section_last].size; run_size += pad_bytes; - padding[section_last] = 0; LOG_INFO("Padding image section %d with %d bytes", section_last-1, pad_bytes); } @@ -256,11 +606,35 @@ int flash_write_unlock(struct target *target, struct image *image, /* fit the run into bank constraints */ if (run_address + run_size - 1 > c->base + c->size - 1) { + /* REVISIT isn't this superfluous, given the while() + * loop conditions above?? + */ LOG_WARNING("writing %d bytes only - as image section is %d bytes and bank is only %d bytes", \ (int)(c->base + c->size - run_address), (int)(run_size), (int)(c->size)); run_size = c->base + c->size - run_address; } + /* If we're applying any sector automagic, then pad this + * (maybe-combined) segment to the end of its last sector. + */ + if (unlock || erase) { + int sector; + uint32_t offset_start = run_address - c->base; + uint32_t offset_end = offset_start + run_size; + uint32_t end = offset_end, delta; + + for (sector = 0; sector < c->num_sectors; sector++) { + end = c->sectors[sector].offset + + c->sectors[sector].size; + if (offset_end <= end) + break; + } + + delta = end - offset_end; + padding[section_last] += delta; + run_size += delta; + } + /* allocate buffer */ buffer = malloc(run_size); buffer_size = 0; @@ -307,7 +681,8 @@ int flash_write_unlock(struct target *target, struct image *image, if (erase) { /* calculate and erase sectors */ - retval = flash_erase_address_range(target, run_address, run_size); + retval = flash_erase_address_range(target, + do_pad, run_address, run_size); } } @@ -339,3 +714,34 @@ int flash_write(struct target *target, struct image *image, { return flash_write_unlock(target, image, written, erase, false); } + +/** + * Invalidates cached flash state which a target can change as it runs. + * + * @param target The target being resumed + * + * OpenOCD caches some flash state for brief periods. For example, a sector + * that is protected must be unprotected before OpenOCD tries to write it, + * Also, a sector that's not erased must be erased before it's written. + * + * As a rule, OpenOCD and target firmware can both modify the flash, so when + * a target starts running, OpenOCD needs to invalidate its cached state. + */ +void nor_resume(struct target *target) +{ + struct flash_bank *bank; + + for (bank = flash_banks; bank; bank = bank->next) { + int i; + + if (bank->target != target) + continue; + + for (i = 0; i < bank->num_sectors; i++) { + struct flash_sector *sector = bank->sectors + i; + + sector->is_erased = -1; + sector->is_protected = -1; + } + } +}