From 1695854b371cdd4d17835a406675245a8dfe6cff Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Wed, 23 Dec 2020 10:00:24 +0800 Subject: hw/block: m25p80: Don't write to flash if write is disabled MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When write is disabled, the write to flash should be avoided in flash_write8(). Fixes: 82a2499011a7 ("m25p80: Initial implementation of SPI flash device") Signed-off-by: Bin Meng Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Francisco Iglesias Message-id: 1608688825-81519-1-git-send-email-bmeng.cn@gmail.com Signed-off-by: Alistair Francis --- hw/block/m25p80.c | 1 + 1 file changed, 1 insertion(+) (limited to 'hw') diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c index 1b3f2405a1..63278cbda5 100644 --- a/hw/block/m25p80.c +++ b/hw/block/m25p80.c @@ -601,6 +601,7 @@ void flash_write8(Flash *s, uint32_t addr, uint8_t data) if (!s->write_enable) { qemu_log_mask(LOG_GUEST_ERROR, "M25P80: write with write protect!\n"); + return; } if ((prev ^ data) & data) { -- cgit v1.2.3 From 465ef47abe3fd0722cf50a6073ccd9520bdbee95 Mon Sep 17 00:00:00 2001 From: Xuzhou Cheng Date: Wed, 23 Dec 2020 10:00:25 +0800 Subject: hw/block: m25p80: Implement AAI-WP command support for SST flashes Auto Address Increment (AAI) Word-Program is a special command of SST flashes. AAI-WP allows multiple bytes of data to be programmed without re-issuing the next sequential address location. Signed-off-by: Xuzhou Cheng Signed-off-by: Bin Meng Reviewed-by: Francisco Iglesias Message-id: 1608688825-81519-2-git-send-email-bmeng.cn@gmail.com Signed-off-by: Alistair Francis --- hw/block/m25p80.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) (limited to 'hw') diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c index 63278cbda5..b744a58d1c 100644 --- a/hw/block/m25p80.c +++ b/hw/block/m25p80.c @@ -360,6 +360,7 @@ typedef enum { QPP_4 = 0x34, RDID_90 = 0x90, RDID_AB = 0xab, + AAI_WP = 0xad, ERASE_4K = 0x20, ERASE4_4K = 0x21, @@ -456,6 +457,7 @@ struct Flash { bool four_bytes_address_mode; bool reset_enable; bool quad_enable; + bool aai_enable; uint8_t ear; int64_t dirty_page; @@ -671,6 +673,11 @@ static void complete_collecting_data(Flash *s) case PP4_4: s->state = STATE_PAGE_PROGRAM; break; + case AAI_WP: + /* AAI programming starts from the even address */ + s->cur_addr &= ~BIT(0); + s->state = STATE_PAGE_PROGRAM; + break; case READ: case READ4: case FAST_READ: @@ -769,6 +776,7 @@ static void reset_memory(Flash *s) s->write_enable = false; s->reset_enable = false; s->quad_enable = false; + s->aai_enable = false; switch (get_man(s)) { case MAN_NUMONYX: @@ -974,6 +982,11 @@ static void decode_qio_read_cmd(Flash *s) s->state = STATE_COLLECTING_DATA; } +static bool is_valid_aai_cmd(uint32_t cmd) +{ + return cmd == AAI_WP || cmd == WRDI || cmd == RDSR; +} + static void decode_new_cmd(Flash *s, uint32_t value) { int i; @@ -985,6 +998,11 @@ static void decode_new_cmd(Flash *s, uint32_t value) s->reset_enable = false; } + if (get_man(s) == MAN_SST && s->aai_enable && !is_valid_aai_cmd(value)) { + qemu_log_mask(LOG_GUEST_ERROR, + "M25P80: Invalid cmd within AAI programming sequence"); + } + switch (value) { case ERASE_4K: @@ -1104,6 +1122,9 @@ static void decode_new_cmd(Flash *s, uint32_t value) case WRDI: s->write_enable = false; + if (get_man(s) == MAN_SST) { + s->aai_enable = false; + } break; case WREN: s->write_enable = true; @@ -1114,6 +1135,10 @@ static void decode_new_cmd(Flash *s, uint32_t value) if (get_man(s) == MAN_MACRONIX) { s->data[0] |= (!!s->quad_enable) << 6; } + if (get_man(s) == MAN_SST) { + s->data[0] |= (!!s->aai_enable) << 6; + } + s->pos = 0; s->len = 1; s->data_read_loop = true; @@ -1261,6 +1286,24 @@ static void decode_new_cmd(Flash *s, uint32_t value) case RSTQIO: s->quad_enable = false; break; + case AAI_WP: + if (get_man(s) == MAN_SST) { + if (s->write_enable) { + if (s->aai_enable) { + s->state = STATE_PAGE_PROGRAM; + } else { + s->aai_enable = true; + s->needed_bytes = get_addr_length(s); + s->state = STATE_COLLECTING_DATA; + } + } else { + qemu_log_mask(LOG_GUEST_ERROR, + "M25P80: AAI_WP with write protect\n"); + } + } else { + qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value); + } + break; default: s->pos = 0; s->len = 1; @@ -1306,6 +1349,17 @@ static uint32_t m25p80_transfer8(SSIPeripheral *ss, uint32_t tx) trace_m25p80_page_program(s, s->cur_addr, (uint8_t)tx); flash_write8(s, s->cur_addr, (uint8_t)tx); s->cur_addr = (s->cur_addr + 1) & (s->size - 1); + + if (get_man(s) == MAN_SST && s->aai_enable && s->cur_addr == 0) { + /* + * There is no wrap mode during AAI programming once the highest + * unprotected memory address is reached. The Write-Enable-Latch + * bit is automatically reset, and AAI programming mode aborts. + */ + s->write_enable = false; + s->aai_enable = false; + } + break; case STATE_READ: @@ -1451,6 +1505,24 @@ static const VMStateDescription vmstate_m25p80_data_read_loop = { } }; +static bool m25p80_aai_enable_needed(void *opaque) +{ + Flash *s = (Flash *)opaque; + + return s->aai_enable; +} + +static const VMStateDescription vmstate_m25p80_aai_enable = { + .name = "m25p80/aai_enable", + .version_id = 1, + .minimum_version_id = 1, + .needed = m25p80_aai_enable_needed, + .fields = (VMStateField[]) { + VMSTATE_BOOL(aai_enable, Flash), + VMSTATE_END_OF_LIST() + } +}; + static const VMStateDescription vmstate_m25p80 = { .name = "m25p80", .version_id = 0, @@ -1481,6 +1553,7 @@ static const VMStateDescription vmstate_m25p80 = { }, .subsections = (const VMStateDescription * []) { &vmstate_m25p80_data_read_loop, + &vmstate_m25p80_aai_enable, NULL } }; -- cgit v1.2.3 From 1a475d39ef5467ca432c91beb67e9009304bb0bc Mon Sep 17 00:00:00 2001 From: Atish Patra Date: Thu, 7 Jan 2021 01:11:27 -0800 Subject: RISC-V: Place DTB at 3GB boundary instead of 4GB Currently, we place the DTB at 2MB from 4GB or end of DRAM which ever is lesser. However, Linux kernel can address only 1GB of memory for RV32. Thus, it can not map anything beyond 3GB (assuming 2GB is the starting address). As a result, it can not process DT and panic if opensbi dynamic firmware is used. While at it, place the DTB further away to avoid in memory placement issues in future. Fix this by placing the DTB at 16MB from 3GB or end of DRAM whichever is lower. Fixes: 66b1205bc5ab ("RISC-V: Copy the fdt in dram instead of ROM") Reviewed-by: Bin Meng Tested-by: Bin Meng Signed-off-by: Atish Patra Message-id: 20210107091127.3407870-1-atish.patra@wdc.com Signed-off-by: Alistair Francis --- hw/riscv/boot.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'hw') diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c index 83586aef41..10a601b4dc 100644 --- a/hw/riscv/boot.c +++ b/hw/riscv/boot.c @@ -194,11 +194,11 @@ uint32_t riscv_load_fdt(hwaddr dram_base, uint64_t mem_size, void *fdt) /* * We should put fdt as far as possible to avoid kernel/initrd overwriting * its content. But it should be addressable by 32 bit system as well. - * Thus, put it at an aligned address that less than fdt size from end of - * dram or 4GB whichever is lesser. + * Thus, put it at an 16MB aligned address that less than fdt size from the + * end of dram or 3GB whichever is lesser. */ - temp = MIN(dram_end, 4096 * MiB); - fdt_addr = QEMU_ALIGN_DOWN(temp - fdtsize, 2 * MiB); + temp = MIN(dram_end, 3072 * MiB); + fdt_addr = QEMU_ALIGN_DOWN(temp - fdtsize, 16 * MiB); fdt_pack(fdt); /* copy in the device tree */ -- cgit v1.2.3 From 1eaada8ae15f10f7a7f1e2505bd77dbb11a8be85 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sat, 9 Jan 2021 22:36:37 +0800 Subject: hw/riscv: sifive_u: Use SIFIVE_U_CPU for mc->default_cpu_type MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit SIFIVE_U_CPU is conditionally set to SIFIVE_U34 or SIFIVE_U54, hence there is no need to use #idef to set the mc->default_cpu_type. Signed-off-by: Bin Meng Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-id: 20210109143637.29645-1-bmeng.cn@gmail.com Signed-off-by: Alistair Francis --- hw/riscv/sifive_u.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'hw') diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c index f5c400dd44..e083510e0e 100644 --- a/hw/riscv/sifive_u.c +++ b/hw/riscv/sifive_u.c @@ -628,11 +628,7 @@ static void sifive_u_machine_class_init(ObjectClass *oc, void *data) mc->init = sifive_u_machine_init; mc->max_cpus = SIFIVE_U_MANAGEMENT_CPU_COUNT + SIFIVE_U_COMPUTE_CPU_COUNT; mc->min_cpus = SIFIVE_U_MANAGEMENT_CPU_COUNT + 1; -#if defined(TARGET_RISCV32) - mc->default_cpu_type = TYPE_RISCV_CPU_SIFIVE_U34; -#elif defined(TARGET_RISCV64) - mc->default_cpu_type = TYPE_RISCV_CPU_SIFIVE_U54; -#endif + mc->default_cpu_type = SIFIVE_U_CPU; mc->default_cpus = mc->min_cpus; object_class_property_add_bool(oc, "start-in-flash", -- cgit v1.2.3 From 29b5fe0dcd512f9829475e3eb3f6fdc5e293b8f0 Mon Sep 17 00:00:00 2001 From: Green Wan Date: Wed, 4 Nov 2020 17:29:00 +0800 Subject: hw/misc/sifive_u_otp: handling the fails of blk_pread and blk_pwrite Fix code coverage issues by checking return value and handling fail case of blk_pread() and blk_pwrite(). Return default value 0xff if read fails. Fixes: Coverity CID 1435959 Fixes: Coverity CID 1435960 Fixes: Coverity CID 1435961 Signed-off-by: Green Wan Reviewed-by: Alistair Francis Message-id: 20201104092900.21214-1-green.wan@sifive.com Signed-off-by: Alistair Francis --- hw/misc/sifive_u_otp.c | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) (limited to 'hw') diff --git a/hw/misc/sifive_u_otp.c b/hw/misc/sifive_u_otp.c index 4401787a5c..f921c67644 100644 --- a/hw/misc/sifive_u_otp.c +++ b/hw/misc/sifive_u_otp.c @@ -63,8 +63,13 @@ static uint64_t sifive_u_otp_read(void *opaque, hwaddr addr, unsigned int size) if (s->blk) { int32_t buf; - blk_pread(s->blk, s->pa * SIFIVE_U_OTP_FUSE_WORD, &buf, - SIFIVE_U_OTP_FUSE_WORD); + if (blk_pread(s->blk, s->pa * SIFIVE_U_OTP_FUSE_WORD, &buf, + SIFIVE_U_OTP_FUSE_WORD) < 0) { + qemu_log_mask(LOG_GUEST_ERROR, + "read error index<%d>\n", s->pa); + return 0xff; + } + return buf; } @@ -161,8 +166,12 @@ static void sifive_u_otp_write(void *opaque, hwaddr addr, /* write to backend */ if (s->blk) { - blk_pwrite(s->blk, s->pa * SIFIVE_U_OTP_FUSE_WORD, - &s->fuse[s->pa], SIFIVE_U_OTP_FUSE_WORD, 0); + if (blk_pwrite(s->blk, s->pa * SIFIVE_U_OTP_FUSE_WORD, + &s->fuse[s->pa], SIFIVE_U_OTP_FUSE_WORD, + 0) < 0) { + qemu_log_mask(LOG_GUEST_ERROR, + "write error index<%d>\n", s->pa); + } } /* update written bit */ @@ -249,12 +258,18 @@ static void sifive_u_otp_reset(DeviceState *dev) int index = SIFIVE_U_OTP_SERIAL_ADDR; serial_data = s->serial; - blk_pwrite(s->blk, index * SIFIVE_U_OTP_FUSE_WORD, - &serial_data, SIFIVE_U_OTP_FUSE_WORD, 0); + if (blk_pwrite(s->blk, index * SIFIVE_U_OTP_FUSE_WORD, + &serial_data, SIFIVE_U_OTP_FUSE_WORD, 0) < 0) { + qemu_log_mask(LOG_GUEST_ERROR, + "write error index<%d>\n", index); + } serial_data = ~(s->serial); - blk_pwrite(s->blk, (index + 1) * SIFIVE_U_OTP_FUSE_WORD, - &serial_data, SIFIVE_U_OTP_FUSE_WORD, 0); + if (blk_pwrite(s->blk, (index + 1) * SIFIVE_U_OTP_FUSE_WORD, + &serial_data, SIFIVE_U_OTP_FUSE_WORD, 0) < 0) { + qemu_log_mask(LOG_GUEST_ERROR, + "write error index<%d>\n", index + 1); + } } /* Initialize write-once map */ -- cgit v1.2.3 From a8259b53230782f5e0a0d66013655c4ed5d71b7e Mon Sep 17 00:00:00 2001 From: Alistair Francis Date: Fri, 15 Jan 2021 15:00:27 -0800 Subject: riscv: Pass RISCVHartArrayState by pointer We were accidently passing RISCVHartArrayState by value instead of pointer. The type is 824 bytes long so let's correct that and pass it by pointer instead. Fixes: Coverity CID 1438099 Fixes: Coverity CID 1438100 Fixes: Coverity CID 1438101 Signed-off-by: Alistair Francis Reviewed-by: Palmer Dabbelt Reviewed-by: Bin Meng Message-id: f3e04424723e0e222769991896cc82308fd23f76.1610751609.git.alistair.francis@wdc.com --- hw/riscv/boot.c | 10 ++++------ hw/riscv/sifive_u.c | 10 +++++----- hw/riscv/spike.c | 8 ++++---- hw/riscv/virt.c | 8 ++++---- 4 files changed, 17 insertions(+), 19 deletions(-) (limited to 'hw') diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c index 10a601b4dc..0d38bb7426 100644 --- a/hw/riscv/boot.c +++ b/hw/riscv/boot.c @@ -33,14 +33,12 @@ #include -bool riscv_is_32bit(RISCVHartArrayState harts) +bool riscv_is_32bit(RISCVHartArrayState *harts) { - RISCVCPU hart = harts.harts[0]; - - return riscv_cpu_is_32bit(&hart.env); + return riscv_cpu_is_32bit(&harts->harts[0].env); } -target_ulong riscv_calc_kernel_start_addr(RISCVHartArrayState harts, +target_ulong riscv_calc_kernel_start_addr(RISCVHartArrayState *harts, target_ulong firmware_end_addr) { if (riscv_is_32bit(harts)) { return QEMU_ALIGN_UP(firmware_end_addr, 4 * MiB); @@ -247,7 +245,7 @@ void riscv_rom_copy_firmware_info(MachineState *machine, hwaddr rom_base, &address_space_memory); } -void riscv_setup_rom_reset_vec(MachineState *machine, RISCVHartArrayState harts, +void riscv_setup_rom_reset_vec(MachineState *machine, RISCVHartArrayState *harts, hwaddr start_addr, hwaddr rom_base, hwaddr rom_size, uint64_t kernel_entry, diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c index e083510e0e..59b61cea01 100644 --- a/hw/riscv/sifive_u.c +++ b/hw/riscv/sifive_u.c @@ -466,7 +466,7 @@ static void sifive_u_machine_init(MachineState *machine) /* create device tree */ create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline, - riscv_is_32bit(s->soc.u_cpus)); + riscv_is_32bit(&s->soc.u_cpus)); if (s->start_in_flash) { /* @@ -495,7 +495,7 @@ static void sifive_u_machine_init(MachineState *machine) break; } - if (riscv_is_32bit(s->soc.u_cpus)) { + if (riscv_is_32bit(&s->soc.u_cpus)) { firmware_end_addr = riscv_find_and_load_firmware(machine, "opensbi-riscv32-generic-fw_dynamic.bin", start_addr, NULL); @@ -506,7 +506,7 @@ static void sifive_u_machine_init(MachineState *machine) } if (machine->kernel_filename) { - kernel_start_addr = riscv_calc_kernel_start_addr(s->soc.u_cpus, + kernel_start_addr = riscv_calc_kernel_start_addr(&s->soc.u_cpus, firmware_end_addr); kernel_entry = riscv_load_kernel(machine->kernel_filename, @@ -533,7 +533,7 @@ static void sifive_u_machine_init(MachineState *machine) /* Compute the fdt load address in dram */ fdt_load_addr = riscv_load_fdt(memmap[SIFIVE_U_DEV_DRAM].base, machine->ram_size, s->fdt); - if (!riscv_is_32bit(s->soc.u_cpus)) { + if (!riscv_is_32bit(&s->soc.u_cpus)) { start_addr_hi32 = (uint64_t)start_addr >> 32; } @@ -552,7 +552,7 @@ static void sifive_u_machine_init(MachineState *machine) 0x00000000, /* fw_dyn: */ }; - if (riscv_is_32bit(s->soc.u_cpus)) { + if (riscv_is_32bit(&s->soc.u_cpus)) { reset_vec[4] = 0x0202a583; /* lw a1, 32(t0) */ reset_vec[5] = 0x0182a283; /* lw t0, 24(t0) */ } else { diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c index e723ca0ac9..56986ecfe0 100644 --- a/hw/riscv/spike.c +++ b/hw/riscv/spike.c @@ -244,7 +244,7 @@ static void spike_board_init(MachineState *machine) /* create device tree */ create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline, - riscv_is_32bit(s->soc[0])); + riscv_is_32bit(&s->soc[0])); /* boot rom */ memory_region_init_rom(mask_rom, NULL, "riscv.spike.mrom", @@ -257,7 +257,7 @@ static void spike_board_init(MachineState *machine) * keeping ELF files here was intentional because BIN files don't work * for the Spike machine as HTIF emulation depends on ELF parsing. */ - if (riscv_is_32bit(s->soc[0])) { + if (riscv_is_32bit(&s->soc[0])) { firmware_end_addr = riscv_find_and_load_firmware(machine, "opensbi-riscv32-generic-fw_dynamic.elf", memmap[SPIKE_DRAM].base, @@ -270,7 +270,7 @@ static void spike_board_init(MachineState *machine) } if (machine->kernel_filename) { - kernel_start_addr = riscv_calc_kernel_start_addr(s->soc[0], + kernel_start_addr = riscv_calc_kernel_start_addr(&s->soc[0], firmware_end_addr); kernel_entry = riscv_load_kernel(machine->kernel_filename, @@ -299,7 +299,7 @@ static void spike_board_init(MachineState *machine) fdt_load_addr = riscv_load_fdt(memmap[SPIKE_DRAM].base, machine->ram_size, s->fdt); /* load the reset vector */ - riscv_setup_rom_reset_vec(machine, s->soc[0], memmap[SPIKE_DRAM].base, + riscv_setup_rom_reset_vec(machine, &s->soc[0], memmap[SPIKE_DRAM].base, memmap[SPIKE_MROM].base, memmap[SPIKE_MROM].size, kernel_entry, fdt_load_addr, s->fdt); diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c index 8de4c35c9d..2299b3a6be 100644 --- a/hw/riscv/virt.c +++ b/hw/riscv/virt.c @@ -601,7 +601,7 @@ static void virt_machine_init(MachineState *machine) /* create device tree */ create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline, - riscv_is_32bit(s->soc[0])); + riscv_is_32bit(&s->soc[0])); /* boot rom */ memory_region_init_rom(mask_rom, NULL, "riscv_virt_board.mrom", @@ -609,7 +609,7 @@ static void virt_machine_init(MachineState *machine) memory_region_add_subregion(system_memory, memmap[VIRT_MROM].base, mask_rom); - if (riscv_is_32bit(s->soc[0])) { + if (riscv_is_32bit(&s->soc[0])) { firmware_end_addr = riscv_find_and_load_firmware(machine, "opensbi-riscv32-generic-fw_dynamic.bin", start_addr, NULL); @@ -620,7 +620,7 @@ static void virt_machine_init(MachineState *machine) } if (machine->kernel_filename) { - kernel_start_addr = riscv_calc_kernel_start_addr(s->soc[0], + kernel_start_addr = riscv_calc_kernel_start_addr(&s->soc[0], firmware_end_addr); kernel_entry = riscv_load_kernel(machine->kernel_filename, @@ -656,7 +656,7 @@ static void virt_machine_init(MachineState *machine) fdt_load_addr = riscv_load_fdt(memmap[VIRT_DRAM].base, machine->ram_size, s->fdt); /* load the reset vector */ - riscv_setup_rom_reset_vec(machine, s->soc[0], start_addr, + riscv_setup_rom_reset_vec(machine, &s->soc[0], start_addr, virt_memmap[VIRT_MROM].base, virt_memmap[VIRT_MROM].size, kernel_entry, fdt_load_addr, s->fdt); -- cgit v1.2.3