#include <target/image.h>
+/**
+ * @file
+ * Upper level of NOR flash framework.
+ * The lower level interfaces are to drivers. These upper level ones
+ * primarily support access from Tcl scripts or from GDB.
+ */
+
struct flash_bank *flash_banks;
int flash_driver_erase(struct flash_bank *bank, int first, int last)
return ERROR_OK;
}
-/* erase given flash region, selects proper bank according to target and address */
-static int flash_iterate_address_range(struct target *target, uint32_t addr, uint32_t length,
+
+/* Manipulate given flash region, selecting the bank according to target
+ * and address. Maps an address range to a set of sectors, and issues
+ * the callback() on that set ... e.g. to erase or unprotect its members.
+ *
+ * (Note a current bad assumption: that protection operates on the same
+ * size sectors as erase operations use.)
+ *
+ * The "pad_reason" parameter is a kind of boolean: when it's NULL, the
+ * range must fit those sectors exactly. This is clearly safe; it can't
+ * erase data which the caller said to leave alone, for example. If it's
+ * non-NULL, rather than failing, extra data in the first and/or last
+ * sectors will be added to the range, and that reason string is used when
+ * warning about those additions.
+ */
+static int flash_iterate_address_range(struct target *target,
+ char *pad_reason, uint32_t addr, uint32_t length,
int (*callback)(struct flash_bank *bank, int first, int last))
{
struct flash_bank *c;
+ uint32_t last_addr = addr + length; /* first address AFTER end */
int first = -1;
int last = -1;
int i;
{
/* special case, erase whole bank when length is zero */
if (addr != c->base)
+ {
+ LOG_ERROR("Whole bank access must start at beginning of bank.");
return ERROR_FLASH_DST_BREAKS_ALIGNMENT;
+ }
return callback(c, 0, c->num_sectors - 1);
}
- /* check whether it fits */
+ /* check whether it all fits in this bank */
if (addr + length - 1 > c->base + c->size - 1)
+ {
+ LOG_ERROR("Flash access does not fit into bank.");
return ERROR_FLASH_DST_BREAKS_ALIGNMENT;
+ }
+
+ /** @todo: handle erasures that cross into adjacent banks */
addr -= c->base;
+ last_addr -= c->base;
for (i = 0; i < c->num_sectors; i++)
{
- /* check whether sector overlaps with the given range and is not yet erased */
- if (addr < c->sectors[i].offset + c->sectors[i].size && addr + length > c->sectors[i].offset && c->sectors[i].is_erased != 1) {
- /* if first is not set yet then this is the first sector */
- if (first == -1)
+ struct flash_sector *f = c->sectors + i;
+ uint32_t end = f->offset + f->size;
+
+ /* start only on a sector boundary */
+ if (first < 0) {
+ /* scanned past the first sector? */
+ if (addr < f->offset)
+ break;
+
+ /* is this the first sector? */
+ if (addr == f->offset)
first = i;
- last = i; /* and it is the last one so far in any case */
+
+ /* Does this need head-padding? If so, pad and warn;
+ * or else force an error.
+ *
+ * Such padding can make trouble, since *WE* can't
+ * ever know if that data was in use. The warning
+ * should help users sort out messes later.
+ */
+ else if (addr < end && pad_reason) {
+ /* FIXME say how many bytes (e.g. 80 KB) */
+ LOG_WARNING("Adding extra %s range, "
+ "%#8.8x to %#8.8x",
+ pad_reason,
+ (unsigned) f->offset,
+ (unsigned) addr - 1);
+ first = i;
+ } else
+ continue;
+ }
+
+ /* is this (also?) the last sector? */
+ if (last_addr == end) {
+ last = i;
+ break;
}
+
+ /* Does this need tail-padding? If so, pad and warn;
+ * or else force an error.
+ */
+ if (last_addr < end && pad_reason) {
+ /* FIXME say how many bytes (e.g. 80 KB) */
+ LOG_WARNING("Adding extra %s range, "
+ "%#8.8x to %#8.8x",
+ pad_reason,
+ (unsigned) last_addr,
+ (unsigned) end - 1);
+ last = i;
+ break;
+ }
+
+ /* MUST finish on a sector boundary */
+ if (last_addr <= f->offset)
+ break;
}
- if (first == -1 || last == -1)
- return ERROR_OK;
+ /* invalid start or end address? */
+ if (first == -1 || last == -1) {
+ LOG_ERROR("address range 0x%8.8x .. 0x%8.8x "
+ "is not sector-aligned",
+ (unsigned) (c->base + addr),
+ (unsigned) (c->base + last_addr - 1));
+ return ERROR_FLASH_DST_BREAKS_ALIGNMENT;
+ }
+ /* The NOR driver may trim this range down, based on what
+ * sectors are already erased/unprotected. GDB currently
+ * blocks such optimizations.
+ */
return callback(c, first, last);
}
-int flash_erase_address_range(struct target *target, uint32_t addr, uint32_t length)
+int flash_erase_address_range(struct target *target,
+ bool pad, uint32_t addr, uint32_t length)
{
- return flash_iterate_address_range(target,
+ return flash_iterate_address_range(target, pad ? "erase" : NULL,
addr, length, &flash_driver_erase);
}
static int flash_unlock_address_range(struct target *target, uint32_t addr, uint32_t length)
{
- return flash_iterate_address_range(target,
+ /* By default, pad to sector boundaries ... the real issue here
+ * is that our (only) caller *permanently* removes protection,
+ * and doesn't restore it.
+ */
+ return flash_iterate_address_range(target, "unprotect",
addr, length, &flash_driver_unprotect);
}
struct flash_bank *c;
int *padding;
+ /* REVISIT do_pad should perhaps just be another parameter.
+ * GDB wouldn't ever need it, since it erases separately.
+ * But "flash write_image" commands might want that option.
+ */
+ bool do_pad = false;
+
section = 0;
section_offset = 0;
}
/* allocate padding array */
- padding = malloc(image->num_sections * sizeof(padding));
+ padding = calloc(image->num_sections, sizeof(*padding));
/* loop until we reach end of the image */
while (section < image->num_sections)
{
if (image->sections[section_last + 1].base_address < (run_address + run_size))
{
- LOG_DEBUG("section %d out of order(very slightly surprising, but supported)", section_last + 1);
+ LOG_DEBUG("section %d out of order "
+ "(surprising, but supported)",
+ section_last + 1);
+ /* REVISIT this can break with autoerase ...
+ * clobbering data after it's written.
+ */
break;
}
- /* if we have multiple sections within our image, flash programming could fail due to alignment issues
+
+ /* FIXME This needlessly touches sectors BETWEEN the
+ * sections it's writing. Without auto erase, it just
+ * writes ones. That WILL INVALIDATE data in cases
+ * like Stellaris Tempest chips, corrupting internal
+ * ECC codes; and at least FreeScale suggests issues
+ * with that approach (in HC11 documentation).
+ *
+ * With auto erase enabled, data in those sectors will
+ * be needlessly destroyed; and some of the limited
+ * number of flash erase cycles will be wasted...
+ *
+ * In both cases, the extra writes slow things down.
+ */
+
+ /* if we have multiple sections within our image,
+ * flash programming could fail due to alignment issues
* attempt to rebuild a consecutive buffer for the flash loader */
pad_bytes = (image->sections[section_last + 1].base_address) - (run_address + run_size);
if ((run_address + run_size + pad_bytes) > (c->base + c->size))
padding[section_last] = pad_bytes;
run_size += image->sections[++section_last].size;
run_size += pad_bytes;
- padding[section_last] = 0;
LOG_INFO("Padding image section %d with %d bytes", section_last-1, pad_bytes);
}
/* fit the run into bank constraints */
if (run_address + run_size - 1 > c->base + c->size - 1)
{
+ /* REVISIT isn't this superfluous, given the while()
+ * loop conditions above??
+ */
LOG_WARNING("writing %d bytes only - as image section is %d bytes and bank is only %d bytes", \
(int)(c->base + c->size - run_address), (int)(run_size), (int)(c->size));
run_size = c->base + c->size - run_address;
}
+ /* If we're applying any sector automagic, then pad this
+ * (maybe-combined) segment to the end of its last sector.
+ */
+ if (unlock || erase) {
+ int sector;
+ uint32_t offset_start = run_address - c->base;
+ uint32_t offset_end = offset_start + run_size;
+ uint32_t end = offset_end, delta;
+
+ for (sector = 0; sector < c->num_sectors; sector++) {
+ end = c->sectors[sector].offset
+ + c->sectors[sector].size;
+ if (offset_end <= end)
+ break;
+ }
+
+ delta = end - offset_end;
+ padding[section_last] += delta;
+ run_size += delta;
+ }
+
/* allocate buffer */
buffer = malloc(run_size);
buffer_size = 0;
if (erase)
{
/* calculate and erase sectors */
- retval = flash_erase_address_range(target, run_address, run_size);
+ retval = flash_erase_address_range(target,
+ do_pad, run_address, run_size);
}
}
{
return flash_write_unlock(target, image, written, erase, false);
}
+
+/**
+ * Invalidates cached flash state which a target can change as it runs.
+ *
+ * @param target The target being resumed
+ *
+ * OpenOCD caches some flash state for brief periods. For example, a sector
+ * that is protected must be unprotected before OpenOCD tries to write it,
+ * Also, a sector that's not erased must be erased before it's written.
+ *
+ * As a rule, OpenOCD and target firmware can both modify the flash, so when
+ * a target starts running, OpenOCD needs to invalidate its cached state.
+ */
+void nor_resume(struct target *target)
+{
+ struct flash_bank *bank;
+
+ for (bank = flash_banks; bank; bank = bank->next) {
+ int i;
+
+ if (bank->target != target)
+ continue;
+
+ for (i = 0; i < bank->num_sectors; i++) {
+ struct flash_sector *sector = bank->sectors + i;
+
+ sector->is_erased = -1;
+ sector->is_protected = -1;
+ }
+ }
+}
projects / fw / openocd / blobdiff