| blob | fc84c83a764254e4daedd7bdf76e9018fe691068 |
1 /*
2 * This file is part of Cleanflight and Betaflight.
3 *
4 * Cleanflight and Betaflight are free software. You can redistribute
5 * this software and/or modify this software under the terms of the
6 * GNU General Public License as published by the Free Software
7 * Foundation, either version 3 of the License, or (at your option)
8 * any later version.
9 *
10 * Cleanflight and Betaflight are distributed in the hope that they
11 * will be useful, but WITHOUT ANY WARRANTY; without even the implied
12 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13 * See the GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this software.
17 *
18 * If not, see <http://www.gnu.org/licenses/>.
19 */
21 /**
22 * This provides a stream interface to a flash chip if one is present.
23 *
24 * On statup, call flashfsInit() after initialising the flash chip in order to init the filesystem. This will
25 * result in the file pointer being pointed at the first free block found, or at the end of the device if the
26 * flash chip is full.
27 *
28 * Note that bits can only be set to 0 when writing, not back to 1 from 0. You must erase sectors in order
29 * to bring bits back to 1 again.
30 *
31 * In future, we can add support for multiple different flash chips by adding a flash device driver vtable
32 * and make calls through that, at the moment flashfs just calls m25p16_* routines explicitly.
33 */
35 #include <stdint.h>
36 #include <stdbool.h>
37 #include <string.h>
41 #if defined(USE_FLASHFS)
52 FLASHFS_IDLE,
53 FLASHFS_ERASING,
64 /* The position of our head and tail in the circular flash write buffer.
65 *
66 * The head is the index that a byte would be inserted into on writing, while the tail is the index of the
67 * oldest byte that has yet to be written to flash.
68 *
69 * When the circular buffer is empty, head == tail
70 *
71 * The tail is advanced once a write is complete up to the location behind head. The tail is advanced
72 * by a callback from the FLASH write routine. This prevents data being overwritten whilst a write is in progress.
73 */
77 /* Track if there is new data to write. Until the contents of the buffer have been completely
78 * written flashfsFlushAsync() will be repeatedly called. The tail pointer is only updated
79 * once an asynchronous write has completed. To do so any earlier could result in data being
80 * overwritten in the ring buffer. This routine checks that flashfsFlushAsync() should attempt
81 * to write new data and avoids it writing old data during the race condition that occurs if
82 * its called again before the previous write to FLASH has completed.
83 */
86 // The position of the buffer's tail in the overall flash address space:
89 #ifdef USE_FLASH_TEST_PRBS
90 // Write an incrementing sequence of bytes instead of the requested data and verify
99 {
105 }
107 // Called from blackboxSetState() to start/stop writing of pseudo-random data to FLASH
109 {
114 }
117 {
123 // Verify the data written since flashfsSeekAbs() last called
127 // Don't read over a page boundary
128 checkLen = MIN(checkLen, flashGeometry->pageSize - (checkFlashPtr & (flashGeometry->pageSize - 1)));
136 }
137 }
141 }
146 }
147 #endif
150 {
152 }
155 {
157 }
160 {
162 }
165 {
167 // if there's a single FLASHFS partition and it uses the entire flash then do a full erase
168 const bool doFullErase = (flashPartitionCount() == 1) && (FLASH_PARTITION_SECTOR_COUNT(flashPartition) == flashGeometry->sectors);
172 // start asynchronous erase of all sectors
175 }
176 }
181 }
183 /**
184 * Start and end must lie on sector boundaries, or they will be rounded out to sector boundaries such that
185 * all the bytes in the range [start...end) are erased.
186 */
188 {
192 // Round the start down to a sector boundary
195 // And the end upward
200 endSector++;
201 }
206 }
207 }
209 /**
210 * Return true if the flash is not currently occupied with an operation.
211 */
213 {
214 // Check for flash chip existence first, then check if idle and ready.
217 }
220 {
222 }
225 {
227 }
230 {
235 }
237 /**
238 * Get the size of the largest single write that flashfs could ever accept without blocking or data loss.
239 */
241 {
243 }
245 /**
246 * Get the number of bytes that can currently be written to flashfs without any blocking or data loss.
247 */
249 {
251 }
253 /**
254 * Called after bytes have been written from the buffer to advance the position of the tail by the given amount.
255 */
257 {
260 // Wrap tail around the end of the buffer
263 }
264 }
266 /**
267 * Write the given buffers to flash sequentially at the current tail address, advancing the tail address after
268 * each write.
269 *
270 * In synchronous mode, waits for the flash to become ready before writing so that every byte requested can be written.
271 *
272 * In asynchronous mode, if the flash is busy, then the write is aborted and the routine returns immediately.
273 * In this case the returned number of bytes written will be less than the total amount requested.
274 *
275 * Modifies the supplied buffer pointers and sizes to reflect how many bytes remain in each of them.
276 *
277 * bufferCount: the number of buffers provided
278 * buffers: an array of pointers to the beginning of buffers
279 * bufferSizes: an array of the sizes of those buffers
280 * sync: true if we should wait for the device to be idle before writes, otherwise if the device is busy the
281 * write will be aborted and this routine will return immediately.
282 *
283 * Returns the number of bytes written
284 */
286 {
287 // Advance the cursor in the file system to match the bytes we wrote
290 // Free bytes in the ring buffer
293 // Mark that data has been written from the buffer
295 }
297 static uint32_t flashfsWriteBuffers(uint8_t const **buffers, uint32_t *bufferSizes, int bufferCount, bool sync)
298 {
301 // It's OK to overwrite the buffer addresses/lengths being passed in
303 // If sync is true, block until the FLASH device is ready, otherwise return 0 if the device isn't ready
309 }
310 }
312 // Are we at EOF already? Abort.
315 }
319 /* Mark that data has yet to be written. There is no race condition as the DMA engine is known
320 * to be idle at this point
321 */
329 }
331 /*
332 * Since the buffered data might wrap around the end of the circular buffer, we can have two segments of data to write,
333 * an initial portion and a possible wrapped portion.
334 *
335 * This routine will fill the details of those buffers into the provided arrays, which must be at least 2 elements long.
336 */
338 {
353 }
354 }
360 }
363 {
365 }
367 /**
368 * Get the current offset of the file pointer within the volume.
369 */
371 {
375 // Dirty data in the buffers contributes to the offset
380 }
382 /**
383 * If the flash is ready to accept writes, flush the buffer to it.
384 *
385 * Returns true if all data in the buffer has been flushed to the device, or false if
386 * there is still data to be written (call flush again later).
387 */
389 {
396 }
399 // The previous write has yet to complete
401 }
408 }
411 }
413 /**
414 * Wait for the flash to become ready and begin flushing any buffered data to flash.
415 *
416 * The flash will still be busy some time after this sync completes, but space will
417 * be freed up to accept more writes in the write buffer.
418 */
420 {
427 }
432 }
435 }
437 /**
438 * Asynchronously erase the flash: Check if ready and then erase sector.
439 */
441 {
445 // Erase sector
448 eraseSectorCurrent++;
449 LED1_TOGGLE;
451 // Done erasing
453 LED1_OFF;
454 }
455 }
456 }
457 }
460 {
464 }
466 /**
467 * Write the given byte asynchronously to the flash. If the buffer overflows, data is silently discarded.
468 */
470 {
471 #ifdef USE_FLASH_TEST_PRBS
474 checkFlashLen++;
475 }
476 #endif
482 }
486 }
487 }
489 /**
490 * Write the given buffer to the flash either synchronously or asynchronously depending on the 'sync' parameter.
491 *
492 * If writing asynchronously, data will be silently discarded if the buffer overflows.
493 * If writing synchronously, the routine will block waiting for the flash to become ready so will never drop data.
494 */
496 {
502 // Buffer up the data the user supplied instead of writing it right away
505 }
507 // There could be two dirty buffers to write out already:
511 /*
512 * Would writing this data to our buffer cause our buffer to reach the flush threshold? If so try to write through
513 * to the flash now
514 */
517 }
518 }
520 /**
521 * Read `len` bytes from the given address into the supplied buffer.
522 *
523 * Returns the number of bytes actually read which may be less than that requested.
524 */
526 {
529 // Did caller try to read past the end of the volume?
531 // Truncate their request
533 }
535 // Since the read could overlap data in our dirty buffers, force a sync to clear those first
541 }
543 /**
544 * Find the offset of the start of the free space on the device (or the size of the device if it is full).
545 */
547 {
548 /* Find the start of the free space on the device by examining the beginning of blocks with a binary search,
549 * looking for ones that appear to be erased. We can achieve this with good accuracy because an erased block
550 * is all bits set to 1, which pretty much never appears in reasonable size substrings of blackbox logs.
551 *
552 * To do better we might write a volume header instead, which would mark how much free space remains. But keeping
553 * a header up to date while logging would incur more writes to the flash, which would consume precious write
554 * bandwidth and block more often.
555 */
558 /* We can choose whatever power of 2 size we like, which determines how much wastage of free space we'll have
559 * at the end of the last written data. But smaller blocksizes will require more searching.
560 */
561 FREE_BLOCK_SIZE = 2048, // XXX This can't be smaller than page size for underlying flash device.
563 /* We don't expect valid data to ever contain this many consecutive uint32_t's of all 1 bits: */
566 };
576 int right = flashfsSize / FREE_BLOCK_SIZE; // One past the largest block index in the search region
585 if (flashReadBytes(mid * FREE_BLOCK_SIZE, testBuffer.bytes, FREE_BLOCK_TEST_SIZE_BYTES) < FREE_BLOCK_TEST_SIZE_BYTES) {
586 // Unexpected timeout from flash, so bail early (reporting the device fuller than it really is)
588 }
590 // Checking the buffer 4 bytes at a time like this is probably faster than byte-by-byte, but I didn't benchmark it :)
596 }
597 }
600 /* This erased block might be the leftmost erased block in the volume, but we'll need to continue the
601 * search leftwards to find out:
602 */
608 }
609 }
612 }
614 /**
615 * Returns true if the file pointer is at the end of the device.
616 */
618 {
620 }
623 {
631 // Advance tailAddress to next page boundary.
636 }
637 }
639 /**
640 * Call after initializing the flash chip in order to set up the filesystem.
641 */
643 {
651 }
655 // Start the file pointer off at the beginning of free space so caller can start writing immediately
657 }
659 #ifdef USE_FLASH_TOOLS
661 {
676 LED0_TOGGLE;
677 }
678 // Don't overwrite the buffer if the FLASH is busy writing
680 }
696 verificationFailures++;
697 }
699 LED0_TOGGLE;
700 }
701 }
703 }