Antonio Borneo [Fri, 7 May 2010 05:50:42 +0000 (13:50 +0800)]
NOR/CFI: use bus_width for memory access in cfi_write()
During cfi_write(), head and tail of destination area
could be not aligned to bus_width.
Since write operation must be at bus_width size, source
buffer size is extended and buffer padded with current
values read from flash.
Force using bus_width to read current value from flash.
Do not use cfi_add_byte() anymore, to allow removing this
function later on.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Antonio Borneo [Fri, 23 Apr 2010 04:07:53 +0000 (12:07 +0800)]
NOR/CFI: use bus_width for memory access on flash ID.
NOR flash structure requires each access to be bus_width wide.
Fix read of flash ID accordingly to rule above.
Add case (chip_width == 4), allowed by CFI spec and coherent
with current value of CFI_MAX_CHIP_WIDTH but currently not
used by any target.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Antonio Borneo [Tue, 20 Apr 2010 04:15:49 +0000 (12:15 +0800)]
NOR/CFI: identify memory accesses not using "bus_width".
Since NOR flash devices does not handle "byte enable lanes",
each read/write access involves the whole "chip_width".
When multiple devices are in parallel, usually all chips are
enabled during each access.
All such cases are compatible with flash accesses at
"bus_width" size.
Access at "bus_width" size is mandatory for write access to
avoid transferring of garbage values to flash.
During read access the flash controller should take care,
and discard unneeded bytes. Anyway, it is good practice to
use "bus_width" size also for read.
Every memory access that does not respect "bus_width" size
is marked with a "FIXME" comment.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Antonio Borneo [Mon, 19 Apr 2010 08:40:08 +0000 (16:40 +0800)]
NOR/CFI: simplify bufferwsize computation
Review and simplify computation of bufferwsize.
Add comments about variables' meaning.
The same code is present 3 times in the file.
Current patch updates all the 3 instances.
Step 1)
Replace "switch(bank->chip_width) {...}".
Illegal values of bank->chip_width are already dropped.
For legal values, the code is equivalent to:
bufferwsize = buffersize / bank->chip_width;
Step 2)
The above code replacement plus the following line:
bufferwsize /= (bank->bus_width / bank->chip_width);
is merged in a single formula:
bufferwsize = (buffersize / bank->chip_width) /
(bank->bus_width / bank->chip_width);
and simplified as:
bufferwsize = buffersize / bank->bus_width;
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Antonio Borneo [Thu, 15 Apr 2010 17:17:01 +0000 (01:17 +0800)]
NOR/CFI: check "flash bank" command arguments
Arguments chip_width and bus_width of command "flash bank" are
not fully checked.
While bus_width is later on redundantly checked in several other
parts (e.g. in cfi_command_val()) and generates run-time error,
chip_width is never checked, nor related to actual bus_width
value.
Added check to avoid:
- (chip_width == 0), that would mean no memory chip at all,
avoiding also division by zero e.g. in cfi_get_u8();
- (bus_width == 0), that would mean no bus at all;
- unsupported cases of chip_width or bus_width value not power
of 2;
- unsupported case of chip width wider than bus.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Jon Povey [Thu, 13 May 2010 09:31:41 +0000 (18:31 +0900)]
NAND: fix off-by-one error in erase command argument range
The last_block argument to nand_erase() is checked against nand->num_blocks,
but the highest valid block number is (total - 1), the test for invalid should
be ">=" rather than ">".
Signed-off-by: Jon Povey <jon.povey@racelogic.co.uk> Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Karl Kurbjun [Tue, 11 May 2010 04:18:24 +0000 (22:18 -0600)]
Fujitsu MBM29SL800TE flash support
Hi,
This is my first post to the list. First, I would like to thank
everyone for their work on OpenOCD, it is a great tool to work with. I
have been using it to debug code on hardware for the Rockbox project
(www.rockbox.org).
The target that I primarily work with has a Spansion/Fujitsu NOR flash
(MBM29SL800TE). I attached a patch that adds support for this flash. I
hope it can be included in the main repository. If there is something
that needs to be changed with the patch before inclusion please let me
know.
Spencer Oliver [Mon, 10 May 2010 11:23:41 +0000 (12:23 +0100)]
cfi: add Numonyx M29W128G reset workaround
The ST/Numonix M29W128G has an issue when a 0xff cmd is sent,
it cause an internal undefined state. The workaround according
to the Numonyx is to send another 0xf0 reset cmd
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
Øyvind Harboe [Tue, 4 May 2010 11:26:52 +0000 (13:26 +0200)]
gdb: connect will now fail if flash autoprobe fails
This stops GDB from launching with an empty memory map,
making gdb load w/flashing fail for no obvious reason.
The error message points in the direction of the gdb-attach
event that can be set up to issue a halt or "reset init"
which will put GDB in a well defined stated upon attach
and thus have a robust flash autoprobe.
Øyvind Harboe [Mon, 3 May 2010 15:01:53 +0000 (17:01 +0200)]
command context: fix errors when running certain commands on startup
Various commands, e.g. "arm mcr xxxx" would fail if invoked upon startup
since it there was no command context defined for the jim interpreter
in that case.
A Jim interpreter is now associated with a command context(telnet,
gdb server's) or the default global command context.
The current timeout for STM32 flash block erase and flash mass erase is
10 (ms), which is too tight, and fails around 50% of the time for me.
The data sheet for STM32F107VC specifies a maximum erase time of 40 ms
(for both operations).
I'd also consider it a bug that the code does not detect a timeout, but
just assumes that the operation has completed. The attached patch does
not address this bug.
The attached patch increases the timeouts from 10 to 100 ms. Please apply.
Mike Dunn [Wed, 21 Apr 2010 17:40:51 +0000 (13:40 -0400)]
xscale: add support for length arg to wp command
This patch adds support for the length argument to the xscale implementation of
the wp command. Per discussion with David, the length argument specifies the
range of addresses over which a memory access should generate a debug exception.
This patch utilizes the "mask" feature of the xscale debug hardware to implement
the correct functionality of the length argument. Some limitations imposed by
the hardware are:
- The length must be a power of two, with a minumum of 4.
- Two data breakpoint registers are available, allowing for two watchpoints.
However, if the length of a watchpoint is greater than four, both registers
are used (the second for a mask value), limiting the number of watchpoints
to one.
This patch also removes a useless call to xscale_get_reg(dbcon) in
xscale_set_watchpoint() (value had already been read from the register cache,
and the same previously read value is then modified and written back).
I have been using and testing this patch for a couple days.
Questions, corrections, criticisms of course gratefully received.
If the flash has not yet been probed and GDB connects while the target is
running, the flash probe triggered by GDB's memory map read will fail. In
that case the returned memory map will be empty, causing a subsequent load
from within GDB to fail. There's not much you can do from GDB to recover,
other than a restart; a 'mon reset init' and manual 'mon flash probe' won't
help since GDB has already made up its mind about the memory map.
It seems there's no reason to require the target to be halted when probing
the flash. Remove the check to let a valid memory map be provided to GDB
even when connecting to a running target.
Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
David Brownell [Fri, 16 Apr 2010 02:48:55 +0000 (19:48 -0700)]
NOR/core bugfix: restore invariants
The The patch labeled "CFI CORE: bug-fix protect single sector" was merged
rged without some requested bugfixes. Most significantly it broke invariants
in the code, invalidating descriptions and changing the calling convention
for underlying drivers. (It (Also wasn't CFI-specific...)
Fix that, and Include an update from Antonio Borneo for the degenerate
"nothing to do" case, (although that's still in the wrong location. which
is presumably why that is it was working in some cases but not all.)
Antonio Borneo [Wed, 14 Apr 2010 08:32:30 +0000 (16:32 +0800)]
NOR/CFI: fix order of arguments check
Syntax of "flash bank" command requires:
- chip_width as CMD_ARGV[3]
- bus_width as CMD_ARGV[4]
Actual code swaps the arguments.
Bug has no run time impact since wrong variables
are only used to check value and both are checked
against same constraint.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Mike Dunn [Tue, 13 Apr 2010 17:34:52 +0000 (13:34 -0400)]
xscale: fix analyze_trace for trace data collected in wrap mode
This patch fixes the xscale_analyze_trace() function. This function was
defective for a trace collected in 'fill' mode (hiccups with repeated
instructions) and completely broken when buffer overflowed in 'wrap' mode. The
reason for the latter case is that the checkpoint registers were interpreted
incorrectly when two checkpoints are present in the trace (which will be true in
'wrap' mode once the buffer fills). In this case, checkpoint1 register will
contain the older entry, and checkpoint0 the newer. The original code assumed
the opposite. I eventually gave up trying to understand all the logic of the
function, and rewrote it. I think it's much cleaner and understandable now. I
have been using and testing this for a few weeks now. I'm confident it hasn't
regressed in any way.
Also added capability to handle (as best as possible) the case where an
instruction can not be read from the loaded trace image; e.g., partial image.
This was a 'TODO' comment in the original xscale_analyze_trace().
Outside of xcsale_analyze_trace(), these (related) changes were made:
- Remove pc_ok and current_pc elements from struct xscale_trace. These elements
and associated logic are useless clutter because the very first entry placed
in the trace buffer is always an indirect jump to the address at which
execution resumed. This type of trace entry includes the literal address in
the trace buffer, so the initial address of the trace is immediately
determined from the trace buffer contents and does not need to be recorded
when trace is enabled.
- Added num_checkpoints to struct xscale_trace_data, which is necessary in order
to correctly interpret the checkpoint register contents.
- In xscale_read_trace()
- Fix potential array out-of-bounds condition.
- Eliminate partial address entries when parsing trace (can occur in wrap mode).
- Count and record number of checkpoints in trace.
- Added small, inlined utility function xscale_display_instruction() to help
make the code more concise and clear.
TODO:
- Save processor state (arm or thumb) in struct xscale_trace when trace is
enabled so that trace can be analyzed correctly (currently assumes arm mode).
- Add element to struct xscale_trace that records (when trace is enabled)
whether vector table is relocated high (to 0xffff0000) or not, so that a
branch to an exception vector is traced correctly (curently assumes vectors
at 0x0).
Anton Fedotov [Wed, 14 Apr 2010 05:36:08 +0000 (07:36 +0200)]
cortex-a8: more MMU support
+ virt2phys() can now convert virtual address to real
+ read_memory() and write_memory() are renamed to read_phys_memory()
and write_phys_memory()
+ new read_memory() and write_memory() try to resolve real address if
mmu is enambled than perform real address reading/writing
+ if address is bellow 0xc000000 than TTB0 is used for page table
dereference, if above - than TTB1. Linux style of user/kernel address
separation
+ if above fails (i.e address is unspecified) than mode is checked
whether it is Supervisor (than TTB1) or User (than TTB0)
- Software breakpoints doesn't work. You should invoke
"gdb_breakpoint_override hard" before you start debugging
+ cortex_a8_mmu(), cortex_a8_enable_mmu_caches(),
cortex_a8_disable_mmu_caches() are implemented
David Brownell [Sun, 4 Apr 2010 08:28:50 +0000 (01:28 -0700)]
Restore deleted '!' character
I'm not sure what caused this significant character to get deleted.
it may be related to intermittent Editor or terminal flakes I've
been seeing lately (sigh). This fix is trivial.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
David Brownell [Sun, 4 Apr 2010 07:42:05 +0000 (00:42 -0700)]
target: are we running algorithm code?
Fixing one bug can easily uncover another .... in this case,
making sure that we properly invalidate some cached NOR state when
resuming arbitrary target code turned up an issue when the code
wasn't quite arbitrary (and we couldn't know that, but some parts
of OpenOCD assumed the cache would not be invalidated.
Specifically: some flash drivers (like CFI) update that state in loops
with downloaded algorithms, thus invalidating the state as it's probed.
+ Add a new target state flag, to record whether the target is
running downloaded algorithm code.
+ Use that flag to add a special case: "trust" downloaded algorithms
not to corrupt that cached state, bypassing cache invalidation.
Also update some of the documentation to stipulate that this flavor of
trustworthiness is now *required* ... not just a fortuitous acident.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>