| blob | 3359a2b42b78f0efe8964d7bbd2056192182604b |
1 /*
2 * This file is part of Cleanflight and Betaflight.
3 *
4 * Cleanflight and Betaflight are free software. You can redistribute
5 * this software and/or modify this software under the terms of the
6 * GNU General Public License as published by the Free Software
7 * Foundation, either version 3 of the License, or (at your option)
8 * any later version.
9 *
10 * Cleanflight and Betaflight are distributed in the hope that they
11 * will be useful, but WITHOUT ANY WARRANTY; without even the implied
12 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13 * See the GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this software.
17 *
18 * If not, see <http://www.gnu.org/licenses/>.
19 */
21 /**
22 * This provides a stream interface to a flash chip if one is present.
23 *
24 * On statup, call flashfsInit() after initialising the flash chip in order to init the filesystem. This will
25 * result in the file pointer being pointed at the first free block found, or at the end of the device if the
26 * flash chip is full.
27 *
28 * Note that bits can only be set to 0 when writing, not back to 1 from 0. You must erase sectors in order
29 * to bring bits back to 1 again.
30 *
31 * In future, we can add support for multiple different flash chips by adding a flash device driver vtable
32 * and make calls through that, at the moment flashfs just calls m25p16_* routines explicitly.
33 */
35 #include <stdint.h>
36 #include <stdbool.h>
37 #include <string.h>
41 #if defined(USE_FLASHFS)
52 FLASHFS_IDLE,
53 FLASHFS_ERASING,
64 /* The position of our head and tail in the circular flash write buffer.
65 *
66 * The head is the index that a byte would be inserted into on writing, while the tail is the index of the
67 * oldest byte that has yet to be written to flash.
68 *
69 * When the circular buffer is empty, head == tail
70 *
71 * The tail is advanced once a write is complete up to the location behind head. The tail is advanced
72 * by a callback from the FLASH write routine. This prevents data being overwritten whilst a write is in progress.
73 */
77 /* Track if there is new data to write. Until the contents of the buffer have been completely
78 * written flashfsFlushAsync() will be repeatedly called. The tail pointer is only updated
79 * once an asynchronous write has completed. To do so any earlier could result in data being
80 * overwritten in the ring buffer. This routine checks that flashfsFlushAsync() should attempt
81 * to write new data and avoids it writing old data during the race condition that occurs if
82 * its called again before the previous write to FLASH has completed.
83 */
86 // The position of the buffer's tail in the overall flash address space:
90 #ifdef USE_FLASH_TEST_PRBS
91 // Write an incrementing sequence of bytes instead of the requested data and verify
100 {
106 }
108 // Called from blackboxSetState() to start/stop writing of pseudo-random data to FLASH
110 {
115 }
118 {
124 // Verify the data written since flashfsSeekAbs() last called
128 // Don't read over a page boundary
129 checkLen = MIN(checkLen, flashGeometry->pageSize - (checkFlashPtr & (flashGeometry->pageSize - 1)));
137 }
138 }
142 }
147 }
148 #endif
151 {
153 }
156 {
158 }
161 {
163 }
166 {
168 // if there's a single FLASHFS partition and it uses the entire flash then do a full erase
169 const bool doFullErase = (flashPartitionCount() == 1) && (FLASH_PARTITION_SECTOR_COUNT(flashPartition) == flashGeometry->sectors);
173 // start asynchronous erase of all sectors
176 }
177 }
182 }
184 /**
185 * Start and end must lie on sector boundaries, or they will be rounded out to sector boundaries such that
186 * all the bytes in the range [start...end) are erased.
187 */
189 {
193 // Round the start down to a sector boundary
196 // And the end upward
201 endSector++;
202 }
207 }
208 }
210 /**
211 * Return true if the flash is not currently occupied with an operation.
212 */
214 {
215 // Check for flash chip existence first, then check if idle and ready.
218 }
221 {
223 }
226 {
228 }
231 {
236 }
238 /**
239 * Get the size of the largest single write that flashfs could ever accept without blocking or data loss.
240 */
242 {
244 }
246 /**
247 * Get the number of bytes that can currently be written to flashfs without any blocking or data loss.
248 */
250 {
252 }
254 /**
255 * Called after bytes have been written from the buffer to advance the position of the tail by the given amount.
256 */
258 {
261 // Wrap tail around the end of the buffer
264 }
265 }
267 /**
268 * Write the given buffers to flash sequentially at the current tail address, advancing the tail address after
269 * each write.
270 *
271 * In synchronous mode, waits for the flash to become ready before writing so that every byte requested can be written.
272 *
273 * In asynchronous mode, if the flash is busy, then the write is aborted and the routine returns immediately.
274 * In this case the returned number of bytes written will be less than the total amount requested.
275 *
276 * Modifies the supplied buffer pointers and sizes to reflect how many bytes remain in each of them.
277 *
278 * bufferCount: the number of buffers provided
279 * buffers: an array of pointers to the beginning of buffers
280 * bufferSizes: an array of the sizes of those buffers
281 * sync: true if we should wait for the device to be idle before writes, otherwise if the device is busy the
282 * write will be aborted and this routine will return immediately.
283 *
284 * Returns the number of bytes written
285 */
287 {
288 // Advance the cursor in the file system to match the bytes we wrote
291 // Free bytes in the ring buffer
294 // Mark that data has been written from the buffer
296 }
298 static uint32_t flashfsWriteBuffers(uint8_t const **buffers, uint32_t *bufferSizes, int bufferCount, bool sync)
299 {
302 // It's OK to overwrite the buffer addresses/lengths being passed in
304 // If sync is true, block until the FLASH device is ready, otherwise return 0 if the device isn't ready
310 }
311 }
313 // Are we at EOF already? Abort.
316 }
320 /* Mark that data has yet to be written. There is no race condition as the DMA engine is known
321 * to be idle at this point
322 */
330 }
332 /*
333 * Since the buffered data might wrap around the end of the circular buffer, we can have two segments of data to write,
334 * an initial portion and a possible wrapped portion.
335 *
336 * This routine will fill the details of those buffers into the provided arrays, which must be at least 2 elements long.
337 */
339 {
354 }
355 }
361 }
365 {
367 }
370 /**
371 * Get the current offset of the file pointer within the volume.
372 */
374 {
378 // Dirty data in the buffers contributes to the offset
383 }
385 /**
386 * If the flash is ready to accept writes, flush the buffer to it.
387 *
388 * Returns true if all data in the buffer has been flushed to the device, or false if
389 * there is still data to be written (call flush again later).
390 */
392 {
399 }
402 // The previous write has yet to complete
404 }
411 }
414 }
416 /**
417 * Wait for the flash to become ready and begin flushing any buffered data to flash.
418 *
419 * The flash will still be busy some time after this sync completes, but space will
420 * be freed up to accept more writes in the write buffer.
421 */
423 {
430 }
435 }
438 }
440 /**
441 * Asynchronously erase the flash: Check if ready and then erase sector.
442 */
444 {
448 // Erase sector
451 eraseSectorCurrent++;
452 LED1_TOGGLE;
454 // Done erasing
456 LED1_OFF;
457 }
458 }
459 }
460 }
463 {
467 }
469 /**
470 * Write the given byte asynchronously to the flash. If the buffer overflows, data is silently discarded.
471 */
473 {
474 #ifdef USE_FLASH_TEST_PRBS
477 checkFlashLen++;
478 }
479 #endif
485 }
489 }
490 }
492 /**
493 * Write the given buffer to the flash either synchronously or asynchronously depending on the 'sync' parameter.
494 *
495 * If writing asynchronously, data will be silently discarded if the buffer overflows.
496 * If writing synchronously, the routine will block waiting for the flash to become ready so will never drop data.
497 */
499 {
505 // Buffer up the data the user supplied instead of writing it right away
508 }
510 // There could be two dirty buffers to write out already:
514 /*
515 * Would writing this data to our buffer cause our buffer to reach the flush threshold? If so try to write through
516 * to the flash now
517 */
520 }
521 }
523 /**
524 * Read `len` bytes from the given address into the supplied buffer.
525 *
526 * Returns the number of bytes actually read which may be less than that requested.
527 */
529 {
532 // Did caller try to read past the end of the volume?
534 // Truncate their request
536 }
538 // Don't read across a page boundary
541 // Since the read could overlap data in our dirty buffers, force a sync to clear those first
547 }
549 /**
550 * Find the offset of the start of the free space on the device (or the size of the device if it is full).
551 */
553 {
554 /* Find the start of the free space on the device by examining the beginning of blocks with a binary search,
555 * looking for ones that appear to be erased. We can achieve this with good accuracy because an erased block
556 * is all bits set to 1, which pretty much never appears in reasonable size substrings of blackbox logs.
557 *
558 * To do better we might write a volume header instead, which would mark how much free space remains. But keeping
559 * a header up to date while logging would incur more writes to the flash, which would consume precious write
560 * bandwidth and block more often.
561 */
564 /* We can choose whatever power of 2 size we like, which determines how much wastage of free space we'll have
565 * at the end of the last written data. But smaller blocksizes will require more searching.
566 */
567 FREE_BLOCK_SIZE = 2048, // XXX This can't be smaller than page size for underlying flash device.
569 /* We don't expect valid data to ever contain this many consecutive uint32_t's of all 1 bits: */
572 };
582 int right = flashfsSize / FREE_BLOCK_SIZE; // One past the largest block index in the search region
591 if (flashReadBytes(mid * FREE_BLOCK_SIZE, testBuffer.bytes, FREE_BLOCK_TEST_SIZE_BYTES) < FREE_BLOCK_TEST_SIZE_BYTES) {
592 // Unexpected timeout from flash, so bail early (reporting the device fuller than it really is)
594 }
596 // Checking the buffer 4 bytes at a time like this is probably faster than byte-by-byte, but I didn't benchmark it :)
602 }
603 }
606 /* This erased block might be the leftmost erased block in the volume, but we'll need to continue the
607 * search leftwards to find out:
608 */
614 }
615 }
618 }
620 /**
621 * Returns true if the file pointer is at the end of the device.
622 */
624 {
626 }
629 {
637 // Advance tailAddress to next page boundary.
642 }
643 }
645 /**
646 * Call after initializing the flash chip in order to set up the filesystem.
647 */
649 {
657 }
661 // Start the file pointer off at the beginning of free space so caller can start writing immediately
663 }
665 #ifdef USE_FLASH_TOOLS
667 {
682 LED0_TOGGLE;
683 }
684 // Don't overwrite the buffer if the FLASH is busy writing
686 }
702 verificationFailures++;
703 }
705 LED0_TOGGLE;
706 }
707 }
709 }