]> git.proxmox.com Git - mirror_qemu.git/blob - tests/pflash-cfi02-test.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
hw/block/pflash_cfi02: Implement multi-sector erase
[mirror_qemu.git] / tests / pflash-cfi02-test.c
1 /*
2 * QTest testcase for parallel flash with AMD command set
3 *
4 * Copyright (c) 2019 Stephen Checkoway
5 *
6 * This work is licensed under the terms of the GNU GPL, version 2 or later.
7 * See the COPYING file in the top-level directory.
8 */
9
10 #include "qemu/osdep.h"
11 #include "libqtest.h"
12
13 /*
14 * To test the pflash_cfi02 device, we run QEMU with the musicpal machine with
15 * a pflash drive. This enables us to test some flash configurations, but not
16 * all. In particular, we're limited to a 16-bit wide flash device.
17 */
18
19 #define MP_FLASH_SIZE_MAX (32 * 1024 * 1024)
20 #define BASE_ADDR (0x100000000ULL - MP_FLASH_SIZE_MAX)
21
22 #define UNIFORM_FLASH_SIZE (8 * 1024 * 1024)
23 #define UNIFORM_FLASH_SECTOR_SIZE (64 * 1024)
24
25 /* Use a newtype to keep flash addresses separate from byte addresses. */
26 typedef struct {
27 uint64_t addr;
28 } faddr;
29 #define FLASH_ADDR(x) ((faddr) { .addr = (x) })
30
31 #define CFI_ADDR FLASH_ADDR(0x55)
32 #define UNLOCK0_ADDR FLASH_ADDR(0x555)
33 #define UNLOCK1_ADDR FLASH_ADDR(0x2AA)
34
35 #define CFI_CMD 0x98
36 #define UNLOCK0_CMD 0xAA
37 #define UNLOCK1_CMD 0x55
38 #define SECOND_UNLOCK_CMD 0x80
39 #define AUTOSELECT_CMD 0x90
40 #define RESET_CMD 0xF0
41 #define PROGRAM_CMD 0xA0
42 #define SECTOR_ERASE_CMD 0x30
43 #define CHIP_ERASE_CMD 0x10
44 #define UNLOCK_BYPASS_CMD 0x20
45 #define UNLOCK_BYPASS_RESET_CMD 0x00
46
47 typedef struct {
48 int bank_width;
49
50 /* Nonuniform block size. */
51 int nb_blocs[4];
52 int sector_len[4];
53
54 QTestState *qtest;
55 } FlashConfig;
56
57 static char image_path[] = "/tmp/qtest.XXXXXX";
58
59 /*
60 * The pflash implementation allows some parameters to be unspecified. We want
61 * to test those configurations but we also need to know the real values in
62 * our testing code. So after we launch qemu, we'll need a new FlashConfig
63 * with the correct values filled in.
64 */
65 static FlashConfig expand_config_defaults(const FlashConfig *c)
66 {
67 FlashConfig ret = *c;
68
69 if (ret.bank_width == 0) {
70 ret.bank_width = 2;
71 }
72 if (ret.nb_blocs[0] == 0 && ret.sector_len[0] == 0) {
73 ret.sector_len[0] = UNIFORM_FLASH_SECTOR_SIZE;
74 ret.nb_blocs[0] = UNIFORM_FLASH_SIZE / UNIFORM_FLASH_SECTOR_SIZE;
75 }
76
77 /* XXX: Limitations of test harness. */
78 assert(ret.bank_width == 2);
79 return ret;
80 }
81
82 /*
83 * Return a bit mask suitable for extracting the least significant
84 * status/query response from an interleaved response.
85 */
86 static inline uint64_t device_mask(const FlashConfig *c)
87 {
88 return (uint64_t)-1;
89 }
90
91 /*
92 * Return a bit mask exactly as long as the bank_width.
93 */
94 static inline uint64_t bank_mask(const FlashConfig *c)
95 {
96 if (c->bank_width == 8) {
97 return (uint64_t)-1;
98 }
99 return (1ULL << (c->bank_width * 8)) - 1ULL;
100 }
101
102 static inline void flash_write(const FlashConfig *c, uint64_t byte_addr,
103 uint64_t data)
104 {
105 /* Sanity check our tests. */
106 assert((data & ~bank_mask(c)) == 0);
107 uint64_t addr = BASE_ADDR + byte_addr;
108 switch (c->bank_width) {
109 case 1:
110 qtest_writeb(c->qtest, addr, data);
111 break;
112 case 2:
113 qtest_writew(c->qtest, addr, data);
114 break;
115 case 4:
116 qtest_writel(c->qtest, addr, data);
117 break;
118 case 8:
119 qtest_writeq(c->qtest, addr, data);
120 break;
121 default:
122 abort();
123 }
124 }
125
126 static inline uint64_t flash_read(const FlashConfig *c, uint64_t byte_addr)
127 {
128 uint64_t addr = BASE_ADDR + byte_addr;
129 switch (c->bank_width) {
130 case 1:
131 return qtest_readb(c->qtest, addr);
132 case 2:
133 return qtest_readw(c->qtest, addr);
134 case 4:
135 return qtest_readl(c->qtest, addr);
136 case 8:
137 return qtest_readq(c->qtest, addr);
138 default:
139 abort();
140 }
141 }
142
143 /*
144 * Convert a flash address expressed in the maximum width of the device as a
145 * byte address.
146 */
147 static inline uint64_t as_byte_addr(const FlashConfig *c, faddr flash_addr)
148 {
149 /*
150 * Command addresses are always given as addresses in the maximum
151 * supported bus size for the flash chip. So an x8/x16 chip in x8 mode
152 * uses addresses 0xAAA and 0x555 to unlock because the least significant
153 * bit is ignored. (0x555 rather than 0x554 is traditional.)
154 *
155 * In general we need to multiply by the maximum device width.
156 */
157 return flash_addr.addr * c->bank_width;
158 }
159
160 /*
161 * Return the command value or expected status replicated across all devices.
162 */
163 static inline uint64_t replicate(const FlashConfig *c, uint64_t data)
164 {
165 /* Sanity check our tests. */
166 assert((data & ~device_mask(c)) == 0);
167 return data;
168 }
169
170 static inline void flash_cmd(const FlashConfig *c, faddr cmd_addr,
171 uint8_t cmd)
172 {
173 flash_write(c, as_byte_addr(c, cmd_addr), replicate(c, cmd));
174 }
175
176 static inline uint64_t flash_query(const FlashConfig *c, faddr query_addr)
177 {
178 return flash_read(c, as_byte_addr(c, query_addr));
179 }
180
181 static inline uint64_t flash_query_1(const FlashConfig *c, faddr query_addr)
182 {
183 return flash_query(c, query_addr) & device_mask(c);
184 }
185
186 static void unlock(const FlashConfig *c)
187 {
188 flash_cmd(c, UNLOCK0_ADDR, UNLOCK0_CMD);
189 flash_cmd(c, UNLOCK1_ADDR, UNLOCK1_CMD);
190 }
191
192 static void reset(const FlashConfig *c)
193 {
194 flash_cmd(c, FLASH_ADDR(0), RESET_CMD);
195 }
196
197 static void sector_erase(const FlashConfig *c, uint64_t byte_addr)
198 {
199 unlock(c);
200 flash_cmd(c, UNLOCK0_ADDR, SECOND_UNLOCK_CMD);
201 unlock(c);
202 flash_write(c, byte_addr, replicate(c, SECTOR_ERASE_CMD));
203 }
204
205 static void wait_for_completion(const FlashConfig *c, uint64_t byte_addr)
206 {
207 /* If DQ6 is toggling, step the clock and ensure the toggle stops. */
208 const uint64_t dq6 = replicate(c, 0x40);
209 if ((flash_read(c, byte_addr) & dq6) ^ (flash_read(c, byte_addr) & dq6)) {
210 /* Wait for erase or program to finish. */
211 qtest_clock_step_next(c->qtest);
212 /* Ensure that DQ6 has stopped toggling. */
213 g_assert_cmphex(flash_read(c, byte_addr), ==, flash_read(c, byte_addr));
214 }
215 }
216
217 static void bypass_program(const FlashConfig *c, uint64_t byte_addr,
218 uint16_t data)
219 {
220 flash_cmd(c, UNLOCK0_ADDR, PROGRAM_CMD);
221 flash_write(c, byte_addr, data);
222 /*
223 * Data isn't valid until DQ6 stops toggling. We don't model this as
224 * writes are immediate, but if this changes in the future, we can wait
225 * until the program is complete.
226 */
227 wait_for_completion(c, byte_addr);
228 }
229
230 static void program(const FlashConfig *c, uint64_t byte_addr, uint16_t data)
231 {
232 unlock(c);
233 bypass_program(c, byte_addr, data);
234 }
235
236 static void chip_erase(const FlashConfig *c)
237 {
238 unlock(c);
239 flash_cmd(c, UNLOCK0_ADDR, SECOND_UNLOCK_CMD);
240 unlock(c);
241 flash_cmd(c, UNLOCK0_ADDR, CHIP_ERASE_CMD);
242 }
243
244 /*
245 * Test flash commands with a variety of device geometry.
246 */
247 static void test_geometry(const void *opaque)
248 {
249 const FlashConfig *config = opaque;
250 QTestState *qtest;
251 qtest = qtest_initf("-M musicpal,accel=qtest"
252 " -drive if=pflash,file=%s,format=raw,copy-on-read"
253 /* Device geometry properties. */
254 " -global driver=cfi.pflash02,"
255 "property=num-blocks0,value=%d"
256 " -global driver=cfi.pflash02,"
257 "property=sector-length0,value=%d"
258 " -global driver=cfi.pflash02,"
259 "property=num-blocks1,value=%d"
260 " -global driver=cfi.pflash02,"
261 "property=sector-length1,value=%d"
262 " -global driver=cfi.pflash02,"
263 "property=num-blocks2,value=%d"
264 " -global driver=cfi.pflash02,"
265 "property=sector-length2,value=%d"
266 " -global driver=cfi.pflash02,"
267 "property=num-blocks3,value=%d"
268 " -global driver=cfi.pflash02,"
269 "property=sector-length3,value=%d",
270 image_path,
271 config->nb_blocs[0],
272 config->sector_len[0],
273 config->nb_blocs[1],
274 config->sector_len[1],
275 config->nb_blocs[2],
276 config->sector_len[2],
277 config->nb_blocs[3],
278 config->sector_len[3]);
279 FlashConfig explicit_config = expand_config_defaults(config);
280 explicit_config.qtest = qtest;
281 const FlashConfig *c = &explicit_config;
282
283 /* Check the IDs. */
284 unlock(c);
285 flash_cmd(c, UNLOCK0_ADDR, AUTOSELECT_CMD);
286 g_assert_cmphex(flash_query(c, FLASH_ADDR(0)), ==, replicate(c, 0xBF));
287 if (c->bank_width >= 2) {
288 /*
289 * XXX: The ID returned by the musicpal flash chip is 16 bits which
290 * wouldn't happen with an 8-bit device. It would probably be best to
291 * prohibit addresses larger than the device width in pflash_cfi02.c,
292 * but then we couldn't test smaller device widths at all.
293 */
294 g_assert_cmphex(flash_query(c, FLASH_ADDR(1)), ==,
295 replicate(c, 0x236D));
296 }
297 reset(c);
298
299 /* Check the erase blocks. */
300 flash_cmd(c, CFI_ADDR, CFI_CMD);
301 g_assert_cmphex(flash_query(c, FLASH_ADDR(0x10)), ==, replicate(c, 'Q'));
302 g_assert_cmphex(flash_query(c, FLASH_ADDR(0x11)), ==, replicate(c, 'R'));
303 g_assert_cmphex(flash_query(c, FLASH_ADDR(0x12)), ==, replicate(c, 'Y'));
304
305 /* Num erase regions. */
306 int nb_erase_regions = flash_query_1(c, FLASH_ADDR(0x2C));
307 g_assert_cmphex(nb_erase_regions, ==,
308 !!c->nb_blocs[0] + !!c->nb_blocs[1] + !!c->nb_blocs[2] +
309 !!c->nb_blocs[3]);
310
311 /* Check device length. */
312 uint32_t device_len = 1 << flash_query_1(c, FLASH_ADDR(0x27));
313 g_assert_cmphex(device_len, ==, UNIFORM_FLASH_SIZE);
314
315 reset(c);
316
317 const uint64_t dq7 = replicate(c, 0x80);
318 const uint64_t dq6 = replicate(c, 0x40);
319 const uint64_t dq3 = replicate(c, 0x08);
320
321 uint64_t byte_addr = 0;
322 for (int region = 0; region < nb_erase_regions; ++region) {
323 uint64_t base = 0x2D + 4 * region;
324 flash_cmd(c, CFI_ADDR, CFI_CMD);
325 uint32_t nb_sectors = flash_query_1(c, FLASH_ADDR(base + 0)) +
326 (flash_query_1(c, FLASH_ADDR(base + 1)) << 8) + 1;
327 uint32_t sector_len = (flash_query_1(c, FLASH_ADDR(base + 2)) << 8) +
328 (flash_query_1(c, FLASH_ADDR(base + 3)) << 16);
329 g_assert_cmphex(nb_sectors, ==, c->nb_blocs[region]);
330 g_assert_cmphex(sector_len, ==, c->sector_len[region]);
331 reset(c);
332
333 /* Erase and program sector. */
334 for (uint32_t i = 0; i < nb_sectors; ++i) {
335 sector_erase(c, byte_addr);
336
337 /* Check that DQ3 is 0. */
338 g_assert_cmphex(flash_read(c, byte_addr) & dq3, ==, 0);
339 qtest_clock_step_next(c->qtest); /* Step over the 50 us timeout. */
340
341 /* Check that DQ3 is 1. */
342 uint64_t status0 = flash_read(c, byte_addr);
343 g_assert_cmphex(status0 & dq3, ==, dq3);
344
345 /* DQ7 is 0 during an erase. */
346 g_assert_cmphex(status0 & dq7, ==, 0);
347 uint64_t status1 = flash_read(c, byte_addr);
348
349 /* DQ6 toggles during an erase. */
350 g_assert_cmphex(status0 & dq6, ==, ~status1 & dq6);
351
352 /* Wait for erase to complete. */
353 wait_for_completion(c, byte_addr);
354
355 /* Ensure DQ6 has stopped toggling. */
356 g_assert_cmphex(flash_read(c, byte_addr), ==,
357 flash_read(c, byte_addr));
358
359 /* Now the data should be valid. */
360 g_assert_cmphex(flash_read(c, byte_addr), ==, bank_mask(c));
361
362 /* Program a bit pattern. */
363 program(c, byte_addr, 0x55);
364 g_assert_cmphex(flash_read(c, byte_addr) & 0xFF, ==, 0x55);
365 program(c, byte_addr, 0xA5);
366 g_assert_cmphex(flash_read(c, byte_addr) & 0xFF, ==, 0x05);
367 byte_addr += sector_len;
368 }
369 }
370
371 /* Erase the chip. */
372 chip_erase(c);
373 /* Read toggle. */
374 uint64_t status0 = flash_read(c, 0);
375 /* DQ7 is 0 during an erase. */
376 g_assert_cmphex(status0 & dq7, ==, 0);
377 uint64_t status1 = flash_read(c, 0);
378 /* DQ6 toggles during an erase. */
379 g_assert_cmphex(status0 & dq6, ==, ~status1 & dq6);
380 /* Wait for erase to complete. */
381 qtest_clock_step_next(c->qtest);
382 /* Ensure DQ6 has stopped toggling. */
383 g_assert_cmphex(flash_read(c, 0), ==, flash_read(c, 0));
384 /* Now the data should be valid. */
385
386 for (int region = 0; region < nb_erase_regions; ++region) {
387 for (uint32_t i = 0; i < c->nb_blocs[region]; ++i) {
388 uint64_t byte_addr = i * c->sector_len[region];
389 g_assert_cmphex(flash_read(c, byte_addr), ==, bank_mask(c));
390 }
391 }
392
393 /* Unlock bypass */
394 unlock(c);
395 flash_cmd(c, UNLOCK0_ADDR, UNLOCK_BYPASS_CMD);
396 bypass_program(c, 0 * c->bank_width, 0x01);
397 bypass_program(c, 1 * c->bank_width, 0x23);
398 bypass_program(c, 2 * c->bank_width, 0x45);
399 /*
400 * Test that bypass programming, unlike normal programming can use any
401 * address for the PROGRAM_CMD.
402 */
403 flash_cmd(c, FLASH_ADDR(3 * c->bank_width), PROGRAM_CMD);
404 flash_write(c, 3 * c->bank_width, 0x67);
405 wait_for_completion(c, 3 * c->bank_width);
406 flash_cmd(c, FLASH_ADDR(0), UNLOCK_BYPASS_RESET_CMD);
407 bypass_program(c, 4 * c->bank_width, 0x89); /* Should fail. */
408 g_assert_cmphex(flash_read(c, 0 * c->bank_width), ==, 0x01);
409 g_assert_cmphex(flash_read(c, 1 * c->bank_width), ==, 0x23);
410 g_assert_cmphex(flash_read(c, 2 * c->bank_width), ==, 0x45);
411 g_assert_cmphex(flash_read(c, 3 * c->bank_width), ==, 0x67);
412 g_assert_cmphex(flash_read(c, 4 * c->bank_width), ==, bank_mask(c));
413
414 /* Test ignored high order bits of address. */
415 flash_cmd(c, FLASH_ADDR(0x5555), UNLOCK0_CMD);
416 flash_cmd(c, FLASH_ADDR(0x2AAA), UNLOCK1_CMD);
417 flash_cmd(c, FLASH_ADDR(0x5555), AUTOSELECT_CMD);
418 g_assert_cmphex(flash_query(c, FLASH_ADDR(0)), ==, replicate(c, 0xBF));
419 reset(c);
420
421 /*
422 * Program a word on each sector, erase one or two sectors per region, and
423 * verify that all of those, and only those, are erased.
424 */
425 byte_addr = 0;
426 for (int region = 0; region < nb_erase_regions; ++region) {
427 for (int i = 0; i < config->nb_blocs[region]; ++i) {
428 program(c, byte_addr, 0);
429 byte_addr += config->sector_len[region];
430 }
431 }
432 unlock(c);
433 flash_cmd(c, UNLOCK0_ADDR, SECOND_UNLOCK_CMD);
434 unlock(c);
435 byte_addr = 0;
436 const uint64_t erase_cmd = replicate(c, SECTOR_ERASE_CMD);
437 for (int region = 0; region < nb_erase_regions; ++region) {
438 flash_write(c, byte_addr, erase_cmd);
439 if (c->nb_blocs[region] > 1) {
440 flash_write(c, byte_addr + c->sector_len[region], erase_cmd);
441 }
442 byte_addr += c->sector_len[region] * c->nb_blocs[region];
443 }
444
445 qtest_clock_step_next(c->qtest); /* Step over the 50 us timeout. */
446 wait_for_completion(c, 0);
447 byte_addr = 0;
448 for (int region = 0; region < nb_erase_regions; ++region) {
449 for (int i = 0; i < config->nb_blocs[region]; ++i) {
450 if (i < 2) {
451 g_assert_cmphex(flash_read(c, byte_addr), ==, bank_mask(c));
452 } else {
453 g_assert_cmphex(flash_read(c, byte_addr), ==, 0);
454 }
455 byte_addr += config->sector_len[region];
456 }
457 }
458
459 qtest_quit(qtest);
460 }
461
462 /*
463 * Test that
464 * 1. enter autoselect mode;
465 * 2. enter CFI mode; and then
466 * 3. exit CFI mode
467 * leaves the flash device in autoselect mode.
468 */
469 static void test_cfi_in_autoselect(const void *opaque)
470 {
471 const FlashConfig *config = opaque;
472 QTestState *qtest;
473 qtest = qtest_initf("-M musicpal,accel=qtest"
474 " -drive if=pflash,file=%s,format=raw,copy-on-read",
475 image_path);
476 FlashConfig explicit_config = expand_config_defaults(config);
477 explicit_config.qtest = qtest;
478 const FlashConfig *c = &explicit_config;
479
480 /* 1. Enter autoselect. */
481 unlock(c);
482 flash_cmd(c, UNLOCK0_ADDR, AUTOSELECT_CMD);
483 g_assert_cmphex(flash_query(c, FLASH_ADDR(0)), ==, replicate(c, 0xBF));
484
485 /* 2. Enter CFI. */
486 flash_cmd(c, CFI_ADDR, CFI_CMD);
487 g_assert_cmphex(flash_query(c, FLASH_ADDR(0x10)), ==, replicate(c, 'Q'));
488 g_assert_cmphex(flash_query(c, FLASH_ADDR(0x11)), ==, replicate(c, 'R'));
489 g_assert_cmphex(flash_query(c, FLASH_ADDR(0x12)), ==, replicate(c, 'Y'));
490
491 /* 3. Exit CFI. */
492 reset(c);
493 g_assert_cmphex(flash_query(c, FLASH_ADDR(0)), ==, replicate(c, 0xBF));
494
495 qtest_quit(qtest);
496 }
497
498 static void cleanup(void *opaque)
499 {
500 unlink(image_path);
501 }
502
503 /*
504 * XXX: Tests are limited to bank_width = 2 for now because that's what
505 * hw/arm/musicpal.c has.
506 */
507 static const FlashConfig configuration[] = {
508 /* One x16 device. */
509 {
510 .bank_width = 2,
511 },
512 /* Nonuniform sectors (top boot). */
513 {
514 .bank_width = 2,
515 .nb_blocs = { 127, 1, 2, 1 },
516 .sector_len = { 0x10000, 0x08000, 0x02000, 0x04000 },
517 },
518 /* Nonuniform sectors (bottom boot). */
519 {
520 .bank_width = 2,
521 .nb_blocs = { 1, 2, 1, 127 },
522 .sector_len = { 0x04000, 0x02000, 0x08000, 0x10000 },
523 },
524 };
525
526 int main(int argc, char **argv)
527 {
528 int fd = mkstemp(image_path);
529 if (fd == -1) {
530 g_printerr("Failed to create temporary file %s: %s\n", image_path,
531 strerror(errno));
532 exit(EXIT_FAILURE);
533 }
534 if (ftruncate(fd, UNIFORM_FLASH_SIZE) < 0) {
535 int error_code = errno;
536 close(fd);
537 unlink(image_path);
538 g_printerr("Failed to truncate file %s to %u MB: %s\n", image_path,
539 UNIFORM_FLASH_SIZE, strerror(error_code));
540 exit(EXIT_FAILURE);
541 }
542 close(fd);
543
544 qtest_add_abrt_handler(cleanup, NULL);
545 g_test_init(&argc, &argv, NULL);
546
547 size_t nb_configurations = sizeof configuration / sizeof configuration[0];
548 for (size_t i = 0; i < nb_configurations; ++i) {
549 const FlashConfig *config = &configuration[i];
550 char *path = g_strdup_printf("pflash-cfi02"
551 "/geometry/%dx%x-%dx%x-%dx%x-%dx%x"
552 "/%d",
553 config->nb_blocs[0],
554 config->sector_len[0],
555 config->nb_blocs[1],
556 config->sector_len[1],
557 config->nb_blocs[2],
558 config->sector_len[2],
559 config->nb_blocs[3],
560 config->sector_len[3],
561 config->bank_width);
562 qtest_add_data_func(path, config, test_geometry);
563 g_free(path);
564 }
565
566 qtest_add_data_func("pflash-cfi02/cfi-in-autoselect", &configuration[0],
567 test_cfi_in_autoselect);
568 int result = g_test_run();
569 cleanup(NULL);
570 return result;
571 }
QEMU mirror