qemu/hw/i2c/smbus_eeprom.c
Markus Armbruster 32c82f0eaf smbus: Fix spd_data_generate() for number of banks > 2
spd_data_generate() splits @ram_size bytes into @nbanks RAM banks of
1 << sz_log2 MiB each, like this:

    size = ram_size >> 20; /* work in terms of megabytes */
    [...]
    nbanks = 1;
    while (sz_log2 > max_log2 && nbanks < 8) {
        sz_log2--;
        nbanks++;
    }

Each iteration halves the size of a bank, and increments the number of
banks.  Wrong: it should double the number of banks.

The bug goes back all the way to commit b296b664ab "smbus: Add a
helper to generate SPD EEPROM data".

It can't bite because spd_data_generate()'s current users pass only
@ram_size that result in *zero* iterations:

    machine     RAM size    #banks  type    bank size
    fulong2e     256 MiB         1   DDR      256 MiB
    sam460ex    2048 MiB         1   DDR2    2048 MiB
                1024 MiB         1   DDR2    1024 MiB
                 512 MiB         1   DDR2     512 MiB
                 256 MiB         1   DDR2     256 MiB
                 128 MiB         1   SDR      128 MiB
                  64 MiB         1   SDR       64 MiB
                  32 MiB         1   SDR       32 MiB

Apply the obvious, minimal fix.  I admit I'm tempted to rip out the
unused (and obviously untested) feature instead, because YAGNI.

Note that this is not the final result, as spd_data_generate() next
increases #banks from 1 to 2 if possible.  This is done "to avoid a
bug in MIPS Malta firmware".  We don't even use this function with
machine type malta.  *Shrug*

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200422134815.1584-5-armbru@redhat.com>
2020-04-29 08:01:52 +02:00

301 lines
9.1 KiB
C

/*
* QEMU SMBus EEPROM device
*
* Copyright (c) 2007 Arastra, Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
#include "qemu/osdep.h"
#include "qemu/units.h"
#include "qapi/error.h"
#include "hw/boards.h"
#include "hw/i2c/i2c.h"
#include "hw/i2c/smbus_slave.h"
#include "hw/qdev-properties.h"
#include "migration/vmstate.h"
#include "hw/i2c/smbus_eeprom.h"
//#define DEBUG
#define TYPE_SMBUS_EEPROM "smbus-eeprom"
#define SMBUS_EEPROM(obj) \
OBJECT_CHECK(SMBusEEPROMDevice, (obj), TYPE_SMBUS_EEPROM)
#define SMBUS_EEPROM_SIZE 256
typedef struct SMBusEEPROMDevice {
SMBusDevice smbusdev;
uint8_t data[SMBUS_EEPROM_SIZE];
uint8_t *init_data;
uint8_t offset;
bool accessed;
} SMBusEEPROMDevice;
static uint8_t eeprom_receive_byte(SMBusDevice *dev)
{
SMBusEEPROMDevice *eeprom = SMBUS_EEPROM(dev);
uint8_t *data = eeprom->data;
uint8_t val = data[eeprom->offset++];
eeprom->accessed = true;
#ifdef DEBUG
printf("eeprom_receive_byte: addr=0x%02x val=0x%02x\n",
dev->i2c.address, val);
#endif
return val;
}
static int eeprom_write_data(SMBusDevice *dev, uint8_t *buf, uint8_t len)
{
SMBusEEPROMDevice *eeprom = SMBUS_EEPROM(dev);
uint8_t *data = eeprom->data;
eeprom->accessed = true;
#ifdef DEBUG
printf("eeprom_write_byte: addr=0x%02x cmd=0x%02x val=0x%02x\n",
dev->i2c.address, buf[0], buf[1]);
#endif
/* len is guaranteed to be > 0 */
eeprom->offset = buf[0];
buf++;
len--;
for (; len > 0; len--) {
data[eeprom->offset] = *buf++;
eeprom->offset = (eeprom->offset + 1) % SMBUS_EEPROM_SIZE;
}
return 0;
}
static bool smbus_eeprom_vmstate_needed(void *opaque)
{
MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
SMBusEEPROMDevice *eeprom = opaque;
return (eeprom->accessed || smbus_vmstate_needed(&eeprom->smbusdev)) &&
!mc->smbus_no_migration_support;
}
static const VMStateDescription vmstate_smbus_eeprom = {
.name = "smbus-eeprom",
.version_id = 1,
.minimum_version_id = 1,
.needed = smbus_eeprom_vmstate_needed,
.fields = (VMStateField[]) {
VMSTATE_SMBUS_DEVICE(smbusdev, SMBusEEPROMDevice),
VMSTATE_UINT8_ARRAY(data, SMBusEEPROMDevice, SMBUS_EEPROM_SIZE),
VMSTATE_UINT8(offset, SMBusEEPROMDevice),
VMSTATE_BOOL(accessed, SMBusEEPROMDevice),
VMSTATE_END_OF_LIST()
}
};
/*
* Reset the EEPROM contents to the initial state on a reset. This
* isn't really how an EEPROM works, of course, but the general
* principle of QEMU is to restore function on reset to what it would
* be if QEMU was stopped and started.
*
* The proper thing to do would be to have a backing blockdev to hold
* the contents and restore that on startup, and not do this on reset.
* But until that time, act as if we had been stopped and restarted.
*/
static void smbus_eeprom_reset(DeviceState *dev)
{
SMBusEEPROMDevice *eeprom = SMBUS_EEPROM(dev);
memcpy(eeprom->data, eeprom->init_data, SMBUS_EEPROM_SIZE);
eeprom->offset = 0;
}
static void smbus_eeprom_realize(DeviceState *dev, Error **errp)
{
SMBusEEPROMDevice *eeprom = SMBUS_EEPROM(dev);
smbus_eeprom_reset(dev);
if (eeprom->init_data == NULL) {
error_setg(errp, "init_data cannot be NULL");
}
}
static void smbus_eeprom_class_initfn(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
SMBusDeviceClass *sc = SMBUS_DEVICE_CLASS(klass);
dc->realize = smbus_eeprom_realize;
dc->reset = smbus_eeprom_reset;
sc->receive_byte = eeprom_receive_byte;
sc->write_data = eeprom_write_data;
dc->vmsd = &vmstate_smbus_eeprom;
/* Reason: init_data */
dc->user_creatable = false;
}
static const TypeInfo smbus_eeprom_info = {
.name = TYPE_SMBUS_EEPROM,
.parent = TYPE_SMBUS_DEVICE,
.instance_size = sizeof(SMBusEEPROMDevice),
.class_init = smbus_eeprom_class_initfn,
};
static void smbus_eeprom_register_types(void)
{
type_register_static(&smbus_eeprom_info);
}
type_init(smbus_eeprom_register_types)
void smbus_eeprom_init_one(I2CBus *smbus, uint8_t address, uint8_t *eeprom_buf)
{
DeviceState *dev;
dev = qdev_create((BusState *) smbus, TYPE_SMBUS_EEPROM);
qdev_prop_set_uint8(dev, "address", address);
/* FIXME: use an array of byte or block backend property? */
SMBUS_EEPROM(dev)->init_data = eeprom_buf;
qdev_init_nofail(dev);
}
void smbus_eeprom_init(I2CBus *smbus, int nb_eeprom,
const uint8_t *eeprom_spd, int eeprom_spd_size)
{
int i;
/* XXX: make this persistent */
assert(nb_eeprom <= 8);
uint8_t *eeprom_buf = g_malloc0(8 * SMBUS_EEPROM_SIZE);
if (eeprom_spd_size > 0) {
memcpy(eeprom_buf, eeprom_spd, eeprom_spd_size);
}
for (i = 0; i < nb_eeprom; i++) {
smbus_eeprom_init_one(smbus, 0x50 + i,
eeprom_buf + (i * SMBUS_EEPROM_SIZE));
}
}
/* Generate SDRAM SPD EEPROM data describing a module of type and size */
uint8_t *spd_data_generate(enum sdram_type type, ram_addr_t ram_size)
{
uint8_t *spd;
uint8_t nbanks;
uint16_t density;
uint32_t size;
int min_log2, max_log2, sz_log2;
int i;
switch (type) {
case SDR:
min_log2 = 2;
max_log2 = 9;
break;
case DDR:
min_log2 = 5;
max_log2 = 12;
break;
case DDR2:
min_log2 = 7;
max_log2 = 14;
break;
default:
g_assert_not_reached();
}
size = ram_size >> 20; /* work in terms of megabytes */
sz_log2 = 31 - clz32(size);
size = 1U << sz_log2;
assert(ram_size == size * MiB);
assert(sz_log2 >= min_log2);
nbanks = 1;
while (sz_log2 > max_log2 && nbanks < 8) {
sz_log2--;
nbanks *= 2;
}
assert(size == (1ULL << sz_log2) * nbanks);
/* split to 2 banks if possible to avoid a bug in MIPS Malta firmware */
if (nbanks == 1 && sz_log2 > min_log2) {
sz_log2--;
nbanks++;
}
density = 1ULL << (sz_log2 - 2);
switch (type) {
case DDR2:
density = (density & 0xe0) | (density >> 8 & 0x1f);
break;
case DDR:
density = (density & 0xf8) | (density >> 8 & 0x07);
break;
case SDR:
default:
density &= 0xff;
break;
}
spd = g_malloc0(256);
spd[0] = 128; /* data bytes in EEPROM */
spd[1] = 8; /* log2 size of EEPROM */
spd[2] = type;
spd[3] = 13; /* row address bits */
spd[4] = 10; /* column address bits */
spd[5] = (type == DDR2 ? nbanks - 1 : nbanks);
spd[6] = 64; /* module data width */
/* reserved / data width high */
spd[8] = 4; /* interface voltage level */
spd[9] = 0x25; /* highest CAS latency */
spd[10] = 1; /* access time */
/* DIMM configuration 0 = non-ECC */
spd[12] = 0x82; /* refresh requirements */
spd[13] = 8; /* primary SDRAM width */
/* ECC SDRAM width */
spd[15] = (type == DDR2 ? 0 : 1); /* reserved / delay for random col rd */
spd[16] = 12; /* burst lengths supported */
spd[17] = 4; /* banks per SDRAM device */
spd[18] = 12; /* ~CAS latencies supported */
spd[19] = (type == DDR2 ? 0 : 1); /* reserved / ~CS latencies supported */
spd[20] = 2; /* DIMM type / ~WE latencies */
/* module features */
/* memory chip features */
spd[23] = 0x12; /* clock cycle time @ medium CAS latency */
/* data access time */
/* clock cycle time @ short CAS latency */
/* data access time */
spd[27] = 20; /* min. row precharge time */
spd[28] = 15; /* min. row active row delay */
spd[29] = 20; /* min. ~RAS to ~CAS delay */
spd[30] = 45; /* min. active to precharge time */
spd[31] = density;
spd[32] = 20; /* addr/cmd setup time */
spd[33] = 8; /* addr/cmd hold time */
spd[34] = 20; /* data input setup time */
spd[35] = 8; /* data input hold time */
/* checksum */
for (i = 0; i < 63; i++) {
spd[63] += spd[i];
}
return spd;
}