fix #96 - can now flash via bbf on attached USB (#103)

Author: vintagepc

hw/arm/prusa/stm32_chips/stm32f407xx.h

@@ -110,7 +110,7 @@ static const stm32_soc_cfg_t stm32f407xx_cfg =
 		),
 	PER_LNIV(eth, "stm32f4xx-ethernet", P_UNDEFINED, 0x40028000, F4xx_ETH_IRQ, F4xx_ETH_WKUP_IRQ),
 	PER_LNI(rcc, TYPE_STM32F2xx_RCC, P_RCC, 0x40023800, F4xx_RCC_IRQ),
-	PER_LNI(flash_if, TYPE_STM32F2XX_FINT, P_FSMC, 0x40023C00, F4xx_FLASH_IRQ),
+	PER_LNI(flash_if, TYPE_STM32F4xx_FINT, P_FINT, 0x40023C00, F4xx_FLASH_IRQ),
 	PER_LN(iwdg, TYPE_STM32F4XX_IWDG, P_IWDG, 0x40003000),
 	PER_LN(crc, TYPE_STM32F2XX_CRC, P_CRC, 0x40023000),
 	PER_LN(rtc, TYPE_STM32F2XX_RTC, P_RTC, 0x40002800),

hw/arm/prusa/stm32_common/stm32_shared.h

@@ -91,6 +91,7 @@ enum {
     STM32_P_EXTI,
     STM32_P_SDIO,
     STM32_P_FSMC,
+    STM32_P_FINT,
     STM32_P_RTC,
     STM32_P_CRC,
 	STM32_P_DMAMUX,

hw/arm/prusa/stm32_common/stm32_types.h

@@ -31,6 +31,8 @@
 #define TYPE_STM32F2xx_RCC _STM_F2xx_PART(rcc)
 #define TYPE_STM32F4xx_RCC _STM_F4xx_PART(rcc)
 
+#define TYPE_STM32F4xx_FINT _STM_F4xx_PART(fint)
+
 #define TYPE_STM32F2xx_DMA _STM_F2xx_PART(dma)
 #define TYPE_STM32F4xx_DMA _STM_F4xx_PART(dma)
 

hw/arm/prusa/stm32f407/stm32f2xx_flashint.c

@@ -25,61 +25,154 @@
 #include "migration/vmstate.h"
 #include "qemu/log.h"
 
-//#define DEBUG_STM32_FINT
-#ifdef DEBUG_STM32_FINT
-// NOTE: The usleep() helps the MacOS stdout from freezing when we have a lot of print out
-#define DPRINTF(fmt, ...)                                       \
-    do { printf("STM32F2XX_FINT: " fmt , ## __VA_ARGS__); \
-         usleep(100); \
-    } while (0)
-#else
-#define DPRINTF(fmt, ...)
-#endif
+enum RegIndex{
+    RI_ACR, 
+    RI_KEYR, 
+    RI_OPTKEYR, 
+    RI_SR, 
+    RI_CR, 
+    RI_OPTCR, 
+    RI_END
+};
 
+enum wp_state
+{
+    LOCKED, 
+    KEY1_OK,
+    UNLOCKED
+};
+
+static stm32_reginfo_t stm32f4xx_flashif_reginfo[RI_END] = {
+    [RI_ACR] = {.mask = 0x1F07, .unimp_mask = 0x1F07},
+    [RI_KEYR] = {.mask = UINT32_MAX},
+    [RI_OPTKEYR] = {.unimp_mask = UINT32_MAX },
+    [RI_SR]  = {.mask = 0x100F3, .unimp_mask = 0x100F3},
+    [RI_CR] = {.mask = 0x8101037F, .unimp_mask = 0x1010304},
+    [RI_OPTCR] = {.unimp_mask = UINT32_MAX, .reset_val =0x0FFFAAED },
+};
+
+#define KEY1 0x45670123UL
+#define KEY2 0xCDEF89ABUL
+
+#define OPTKEY1 0x08192A3BUL
+#define OPTKEY2 0x4C5D6E7FUL
+
+static uint32_t sector_boundaries[][2] =
+{
+    { 0U*KiB, ( 16U*KiB)-1U},
+    { 16U*KiB, ( 32U*KiB)-1U},
+    { 32U*KiB, ( 48U*KiB)-1U},
+    { 48U*KiB, ( 64U*KiB)-1U},
+    { 64U*KiB, (128U*KiB)-1U},
+    {128U*KiB, (256U*KiB)-1U},
+    {256U*KiB, (384U*KiB)-1U},
+    {384U*KiB, (512U*KiB)-1U},
+    {512U*KiB, (640U*KiB)-1U},
+    {640U*KiB, (768U*KiB)-1U},
+    {768U*KiB, (896U*KiB)-1U},
+    {896U*KiB, (1U*MiB)-1U},
+};
+
+
+QEMU_BUILD_BUG_MSG(RI_END != STM32_FINT_MAX, "Register index misaligned in " __FILE__);
 
 static uint64_t
 stm32f2xx_fint_read(void *arg, hwaddr offset, unsigned int size)
 {
-    stm32f2xx_fint *s = arg;
+    STM32F4XX_STRUCT_NAME(FlashIF) *s = arg;
     uint32_t r;
 
-    offset >>= 2;
-    r = s->regs[offset];
+    uint32_t index = offset >> 2U;
+    offset&= 0x3;
+
+    switch (index)
+    {
+        case RI_CR:
+            s->regs.defs.CR.LOCK = (s->flash_state != UNLOCKED);
+            /* FALLTHRU */
+        default:
+            r = s->regs.raw[index];
+            break;
+    }
+    ADJUST_FOR_OFFSET_AND_SIZE_R(r, size, offset, 0b111);
 //printf("FINT unit %d reg %x return 0x%x\n", s->periph, (int)offset << 2, r);
     return r;
 }
 
+static void stm32f4xx_flashif_sector_erase(STM32F4XX_STRUCT_NAME(FlashIF) *s)
+{
+    if (s->regs.defs.CR.LOCK)
+    {
+        s->regs.defs.SR.WRPERR = 1;
+        return;
+    }
+    printf("Erasing flash sector %u\n", s->regs.defs.CR.SNB);
+    uint32_t (*p)[2] = &sector_boundaries[s->regs.defs.CR.SNB];
+    uint32_t buff = 0xFFFFFFFFU;
+    for (int i=(*p)[0]; i<=(*p)[1]; i+=4)
+    {
+        cpu_physical_memory_write(s->flash->addr +i, &buff, 4);
+    }
+}
+
 static void
 stm32f2xx_fint_write(void *arg, hwaddr addr, uint64_t data, unsigned int size)
 {
-    stm32f2xx_fint *s = arg;
+    STM32F4XX_STRUCT_NAME(FlashIF) *s = arg;
     int offset = addr & 0x03;
 
     addr >>= 2;
-    if (addr > STM32_FINT_MAX) {
-        qemu_log_mask(LOG_GUEST_ERROR, "invalid FINT write reg 0x%x\n",
-          (unsigned int)addr << 2);
-        return;
-    }
+    CHECK_BOUNDS_W(addr, data, RI_END, stm32f4xx_flashif_reginfo, "F4xx Flash IF");
+    ADJUST_FOR_OFFSET_AND_SIZE_W(stm32f2xx_fint_read(arg, addr<<2U, 4U), data, size, offset, 0b111)
+    CHECK_UNIMP_RESVD(data, stm32f4xx_flashif_reginfo, addr);
 
-    switch(size) {
-    case 1:
-        data = (s->regs[addr] & ~(0xff << (offset * 8))) | data << (offset * 8);
-        break;
-    case 2:
-        data = (s->regs[addr] & ~(0xffff << (offset * 8))) | data << (offset * 8);
-        break;
-    case 4:
-        break;
-    default:
-        abort();
+    if (s->flash_state == KEY1_OK && addr != RI_KEYR)
+    {
+        s->flash_state = LOCKED;
     }
 
     switch (addr) {
+        case RI_KEYR:
+        {
+            if (data == KEY1)
+                s->flash_state = KEY1_OK;
+            else if (data == KEY2 && s->flash_state == KEY1_OK)
+            {
+                s->flash_state = UNLOCKED;
+                printf("FLASH unlocked!\n");
+                memory_region_set_readonly(s->flash, false);
+            }
+        }
+        break;
+        case RI_CR:
+        {
+            REGDEF_NAME(flashif, cr) r = {.raw = data};
+            if ( s->flash_state != UNLOCKED && !r.LOCK) 
+            {
+                qemu_log_mask(LOG_GUEST_ERROR, __FILE__":Guest tried to clear the set-only flask LOCK bit.");
+                r.LOCK = 1;
+    }
+            else if (s->flash_state == UNLOCKED && r.LOCK)
+            {
+                printf("FLASH LOCKED\n");
+                memory_region_set_readonly(s->flash, true);
+                s->flash_state = LOCKED;
+            }
+            s->regs.defs.CR.raw = r.raw;
+            s->regs.defs.CR.STRT = false;
+            if (r.STRT)
+            {
+                if (r.SER)
+                {
+                    stm32f4xx_flashif_sector_erase(s);
+                } //else if (r.PG)
+            }
+        }
+        break;
         default:
             qemu_log_mask(LOG_UNIMP, "f2xx FINT reg 0x%x:%d write (0x%x) unimplemented\n",
          (int)addr << 2, offset, (int)data);
-            s->regs[addr] = data;
+            s->regs.raw[addr] = data;
             break;
     }
 }
@@ -97,27 +190,34 @@ static const MemoryRegionOps stm32f2xx_fint_ops = {
 static void
 stm32f2xx_fint_reset(DeviceState *dev)
 {
-    stm32f2xx_fint *s = STM32F2XX_FINT(dev);
-    s->regs[STM32_FINT_CR] = 0x80000000;
-    s->regs[STM32_FINT_OPTCR] = 0x0FFFAAED;
+    STM32F4XX_STRUCT_NAME(FlashIF) *s = STM32F4xx_FINT(dev);
+    s->flash_state = LOCKED;
+    if (s->flash)
+    {
+        memory_region_set_readonly(s->flash, true);
+    }
+    for (int i=0; i<RI_END; i++)
+    {
+        s->regs.raw[i] = stm32f4xx_flashif_reginfo[i].reset_val;
+    }
 }
 
 static void
 stm32f2xx_fint_init(Object *obj)
 {
-    stm32f2xx_fint *s = STM32F2XX_FINT(obj);
-
-    memory_region_init_io(&s->iomem, obj, &stm32f2xx_fint_ops, s, "fint", 0x400);
+    STM32F4XX_STRUCT_NAME(FlashIF) *s = STM32F4xx_FINT(obj);
+    memory_region_init_io(&s->iomem, obj, &stm32f2xx_fint_ops, s, "flash_if", 1U *KiB);
     sysbus_init_mmio(SYS_BUS_DEVICE(obj), &s->iomem);
 	sysbus_init_irq(SYS_BUS_DEVICE(obj), &s->irq);
 }
 
 static const VMStateDescription vmstate_stm32f2xx_fint = {
-    .name = TYPE_STM32F2XX_FINT,
+    .name = TYPE_STM32F4xx_FINT,
     .version_id = 1,
     .minimum_version_id = 1,
     .fields = (VMStateField[]) {
-        VMSTATE_UINT32_ARRAY(regs, stm32f2xx_fint,STM32_FINT_MAX),
+        VMSTATE_UINT32_ARRAY(regs.raw, STM32F4XX_STRUCT_NAME(FlashIF),STM32_FINT_MAX),
+        VMSTATE_UINT8(flash_state, STM32F4XX_STRUCT_NAME(FlashIF)),
         VMSTATE_END_OF_LIST()
     }
 };
@@ -132,9 +232,9 @@ stm32f2xx_fint_class_init(ObjectClass *klass, void *data)
 }
 
 static const TypeInfo stm32f2xx_fint_info = {
-    .name = TYPE_STM32F2XX_FINT,
-    .parent = TYPE_SYS_BUS_DEVICE,
-    .instance_size = sizeof(stm32f2xx_fint),
+    .name = TYPE_STM32F4xx_FINT,
+    .parent = TYPE_STM32_PERIPHERAL,
+    .instance_size = sizeof(STM32F4XX_STRUCT_NAME(FlashIF)),
     .instance_init = stm32f2xx_fint_init,
     .class_init = stm32f2xx_fint_class_init
 };

hw/arm/prusa/stm32f407/stm32f2xx_flashint.h

@@ -1,7 +1,7 @@
 /*
     stm32f2xx_flashint.h - Flash I/F Configuration block for STM32
 
-	Copyright 2021 VintagePC <https://github.com/vintagepc/>
+	Copyright 2021-2022 VintagePC <https://github.com/vintagepc/>
 
  	This file is part of Mini404.
 
@@ -25,27 +25,88 @@
 #define STM32F2XX_FINT_H
 
 #include "qemu/osdep.h"
-#include "hw/sysbus.h"
 #include "qemu-common.h"
+#include "../stm32_common/stm32_common.h"
 
-#define STM32_FINT_ACR     (0x00 / 4)
-#define STM32_FINT_KEYR    (0x04 / 4)
-#define STM32_FINT_OPTKEYR (0x08 / 4)
-#define STM32_FINT_SR      (0x0c / 4)
-#define STM32_FINT_CR     (0x10 / 4)
-#define STM32_FINT_OPTCR     (0x14 / 4)
 #define STM32_FINT_MAX     (0x18 / 4)
 
-#define TYPE_STM32F2XX_FINT "stm32f2xx-fint"
-OBJECT_DECLARE_SIMPLE_TYPE(stm32f2xx_fint, STM32F2XX_FINT)
+OBJECT_DECLARE_SIMPLE_TYPE(STM32F4XX_STRUCT_NAME(FlashIF), STM32F4xx_FINT)
 
-struct stm32f2xx_fint {
-    SysBusDevice busdev;
+REGDEF_BLOCK_BEGIN()
+    REG_K32(LATENCY, 3);
+    REG_R(5);
+    REG_B32(PRFTEN);
+    REG_B32(ICEN);
+    REG_B32(DCEN);
+    REG_B32(ICRST);
+    REG_B32(DCRST);
+REGDEF_BLOCK_END(flashif, acr);
+
+REGDEF_BLOCK_BEGIN()
+    REG_B32(EOP);
+    REG_B32(OPER);
+    REG_R(2);
+    REG_B32(WRPERR);
+    REG_B32(PGAERR);
+    REG_B32(PGPERR);
+    REG_B32(PGSERR);
+    REG_R(8);
+    REG_B32(BSY);
+    REG_R(15);
+REGDEF_BLOCK_END(flashif, sr);
+
+REGDEF_BLOCK_BEGIN()
+    REG_B32(PG);
+    REG_B32(SER);
+    REG_B32(MER);
+    REG_K32(SNB, 4);
+    REG_RB();
+    REG_K32(PSIZE,2);
+    REG_R(6);
+    REG_B32(STRT);
+    REG_R(7);
+    REG_B32(EOPIE);
+    REG_R(6);
+    REG_B32(LOCK);
+REGDEF_BLOCK_END(flashif, cr);
+
+REGDEF_BLOCK_BEGIN()
+    REG_B32(OPTLOCK);
+    REG_B32(OPTSTRT);
+    REG_K32(BOR_LEV,2);
+    REG_RB();
+    REG_B32(WDG_SW);
+    REG_B32(nRST_STOP);
+    REG_B32(nRST_STDBY);
+    REG_K32(RDP,8);
+    REG_K32(nWRP, 12);
+    REG_R(4);
+REGDEF_BLOCK_END(flashif, optcr);
+
+
+typedef struct STM32F4XX_STRUCT_NAME(FlashIF) {
+    STM32Peripheral parent;
     MemoryRegion iomem;
 
-    uint32_t regs[STM32_FINT_MAX];
+    union {
+        struct {
+			REGDEF_NAME(flashif, acr) ACR;
+            uint32_t KEYR;
+            uint32_t OPTKEYR; 
+            REGDEF_NAME(flashif, sr) SR;
+            REGDEF_NAME(flashif, cr) CR;
+            REGDEF_NAME(flashif, optcr) OPTCR;
+		} defs;
+        uint32_t raw[STM32_FINT_MAX];
+    } regs;
+
+
+    uint8_t flash_state;
+
+    MemoryRegion* flash;
+
+    qemu_irq irq;
 
-	qemu_irq irq;
-};
+} STM32F4XX_STRUCT_NAME(FlashIF);
 
 #endif //#ifndef STM32F2XX_FINT_H

hw/arm/prusa/stm32f407/stm32f2xx_rcc.c

@@ -299,16 +299,16 @@ static void stm32_rcc_RCC_CFGR_write(Stm32f2xxRcc *s, uint32_t new_value, bool i
 	REGDEF_NAME(rcc, cfgr) cfgr = {.raw = new_value};
     if(cfgr.PPRE2 < 0x4) {
         clktree_set_scale(&s->PCLK2, 1, 1);
-        clktree_set_scale(&s->TIMCLK2, 2, 1);
+        clktree_set_scale(&s->TIMCLK2, 1, 1);
     } else {
         clktree_set_scale(&s->PCLK2, 1, 2 * (cfgr.PPRE2 - 3));
-		clktree_set_scale(&s->TIMCLK2, 1, 1);
+		clktree_set_scale(&s->TIMCLK2, 2, 1);
     }
 
     /* PPRE1 */
     if(cfgr.PPRE1 < 4) {
         clktree_set_scale(&s->PCLK1, 1, 1);
-		clktree_set_scale(&s->TIMCLK1, 2, 1);
+		clktree_set_scale(&s->TIMCLK1, 1, 1);
     } else {
         clktree_set_scale(&s->PCLK1, 1, 2 * (cfgr.PPRE1 - 3));
 		clktree_set_scale(&s->TIMCLK1, 2, 1);