qemu/ssi at master - qemu

You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

History

Jamin Lin 05d501a1ea aspeed/smc: Fix write incorrect data into flash in user mode According to the design of ASPEED SPI controllers user mode, users write the data to flash, the SPI drivers set the Control Register(0x10) bit 0 and 1 enter user mode. Then, SPI drivers send flash commands for writing data. Finally, SPI drivers set the Control Register (0x10) bit 2 to stop active control and restore bit 0 and 1. According to the design of ASPEED SMC model, firmware writes the Control Register and the "aspeed_smc_flash_update_ctrl" function is called. Then, this function verify Control Register(0x10) bit 0 and 1. If it set user mode, the value of s->snoop_index is SNOOP_START else SNOOP_OFF. If s->snoop_index is SNOOP_START, the "aspeed_smc_do_snoop" function verify the first incomming data is a new flash command and writes the corresponding dummy bytes if need. However, it did not check the current unselect status. If current unselect status is "false" and firmware set the IO MODE by Control Register bit 31:28, the value of s->snoop_index will be changed to SNOOP_START again and "aspeed_smc_do_snoop" misunderstand that the incomming data is the new flash command and it causes writing unexpected data into flash. Example: 1. Firmware set user mode by Control Register bit 0 and 1(0x03) 2. SMC model set s->snoop SNOOP_START 3. Firmware set Quad Page Program with 4-Byte Address command (0x34) 4. SMC model verify this flash command and it needs 4 dummy bytes. 5. Firmware send 4 bytes address. 6. SMC model receives 4 bytes address 7. Firmware set QPI IO MODE by Control Register bit 31. (0x80000003) 8. SMC model verify new user mode by Control Register bit 0 and 1. Then, set s->snoop SNOOP_START again. (It is the wrong behavior.) 9. Firmware send 0xebd8c134 data and it should be written into flash. However, SMC model misunderstand that the first incoming data, 0x34, is the new command because the value of s->snoop is changed to SNOOP_START. Finally, SMC sned the incorrect data to flash model. Introduce a new unselect attribute in AspeedSMCState to save the current unselect status for user mode and set it "true" by default. Update "aspeed_smc_flash_update_ctrl" function to check the previous unselect status. If both new unselect status and previous unselect status is different, update s->snoop_index value and call "aspeed_smc_flash_do_select". Increase VMStateDescription version. Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> [ clg: - Replaced VMSTATE_BOOL -> VMSTATE_BOOL_V ] Signed-off-by: Cédric Le Goater <clg@redhat.com>		1 month ago
..
allwinner-a10-spi.h	hw/ssi: Allwinner A10 SPI emulation	2 months ago
aspeed_smc.h	aspeed/smc: Fix write incorrect data into flash in user mode	1 month ago
bcm2835_spi.h	hw/ssi: Implement BCM2835 SPI Controller	10 months ago
ibex_spi_host.h	Do not include hw/hw.h if it is not necessary	2 years ago
imx_spi.h	hw/ssi: imx_spi: Use a macro for number of chip selects supported	4 years ago
mss-spi.h	Use OBJECT_DECLARE_SIMPLE_TYPE when possible	4 years ago
npcm7xx_fiu.h	hw/ssi: NPCM7xx Flash Interface Unit device model	4 years ago
npcm_pspi.h	hw/ssi: Add Nuvoton PSPI Module	2 years ago
pl022.h	arm: Update infocenter.arm.com URLs	4 years ago
pnv_spi.h	hw/ssi: Extend SPI model	4 months ago
pnv_spi_regs.h	hw/ssi: Extend SPI model	4 months ago
sifive_spi.h	include: Include headers where needed	2 years ago
ssi.h	hw/ssi: Introduce a ssi_get_cs() helper	1 year ago
stm32f2xx_spi.h	Use OBJECT_DECLARE_SIMPLE_TYPE when possible	4 years ago
xilinx_spips.h	hw/ssi/xilinx_spips: fix an out of bound access	1 year ago
xlnx-versal-ospi.h	hw/misc, hw/ssi: Fix some URLs for AMD / Xilinx models	1 year ago