diff --git a/platforms/chibios/drivers/wear_leveling/wear_leveling_efl.c b/platforms/chibios/drivers/wear_leveling/wear_leveling_efl.c index 3e4f5ffb897..3d6ed52e5c0 100644 --- a/platforms/chibios/drivers/wear_leveling/wear_leveling_efl.c +++ b/platforms/chibios/drivers/wear_leveling/wear_leveling_efl.c @@ -17,6 +17,9 @@ static flash_sector_t first_sector = UINT16_MAX; static flash_sector_t sector_count = UINT16_MAX; static BaseFlash * flash; +static volatile bool is_issuing_read = false; +static volatile bool ecc_error_occurred = false; + // "Automatic" detection of the flash size -- ideally ChibiOS would have this already, but alas, it doesn't. static inline uint32_t detect_flash_size(void) { #if defined(WEAR_LEVELING_EFL_FLASH_SIZE) @@ -131,11 +134,38 @@ bool backing_store_lock(void) { return true; } +static backing_store_int_t backing_store_safe_read_from_location(backing_store_int_t *loc) { + backing_store_int_t value; + is_issuing_read = true; + ecc_error_occurred = false; + value = ~(*loc); + is_issuing_read = false; + return value; +} + bool backing_store_read(uint32_t address, backing_store_int_t *value) { uint32_t offset = (base_offset + address); backing_store_int_t *loc = (backing_store_int_t *)flashGetOffsetAddress(flash, offset); - *value = ~(*loc); + backing_store_int_t tmp = backing_store_safe_read_from_location(loc); + + if (ecc_error_occurred) { + bs_dprintf("Failed to read from backing store, ECC error detected\n"); + ecc_error_occurred = false; + *value = 0; + return false; + } + + *value = tmp; + bs_dprintf("Read "); wl_dump(offset, value, sizeof(backing_store_int_t)); return true; } + +bool backing_store_allow_ecc_errors(void) { + return is_issuing_read; +} + +void backing_store_signal_ecc_error(void) { + ecc_error_occurred = true; +} diff --git a/platforms/chibios/interrupt_handlers.c b/platforms/chibios/interrupt_handlers.c new file mode 100644 index 00000000000..4ba32d58e45 --- /dev/null +++ b/platforms/chibios/interrupt_handlers.c @@ -0,0 +1,45 @@ +// Copyright 2023 Nick Brassel (@tzarc) +// SPDX-License-Identifier: GPL-2.0-or-later + +/////////////////////////////////////////////////////////////////////////////// +// BEGIN: STM32 EFL Wear-leveling ECC fault handling +// +// Some STM32s have ECC checks for all flash memory access. Whenever there's an +// ECC failure, the MCU raises the NMI interrupt. Whenever we receive such an +// interrupt whilst reading the wear-leveling EEPROM area, we gracefully cater +// for it, signalling the wear-leveling code that a failure has occurred. +/////////////////////////////////////////////////////////////////////////////// + +#include +#include + +#ifdef WEAR_LEVELING_EMBEDDED_FLASH +# ifdef QMK_MCU_SERIES_STM32L4XX +# define ECC_ERRORS_TRIGGER_NMI_INTERRUPT +# define ECC_CHECK_REGISTER FLASH->ECCR +# define ECC_CHECK_FLAG FLASH_ECCR_ECCD +# endif // QMK_MCU_SERIES_STM32L4XX +#endif // WEAR_LEVELING_EMBEDDED_FLASH + +#ifdef ECC_ERRORS_TRIGGER_NMI_INTERRUPT + +extern bool backing_store_allow_ecc_errors(void); +extern void backing_store_signal_ecc_error(void); + +void NMI_Handler(void) { + if ((ECC_CHECK_REGISTER) & (ECC_CHECK_FLAG)) { + if (backing_store_allow_ecc_errors()) { + (ECC_CHECK_REGISTER) = (ECC_CHECK_FLAG); + backing_store_signal_ecc_error(); + return; + } + } + + chSysHalt("NMI"); +} + +#endif // ECC_ERRORS_TRIGGER_NMI_INTERRUPT + +/////////////////////////////////////////////////////////////////////////////// +// END: STM32 EFL Wear-leveling ECC fault handling +/////////////////////////////////////////////////////////////////////////////// diff --git a/platforms/chibios/platform.mk b/platforms/chibios/platform.mk index e42ecebdc54..f38a888012e 100644 --- a/platforms/chibios/platform.mk +++ b/platforms/chibios/platform.mk @@ -277,7 +277,8 @@ PLATFORM_SRC = \ $(CHIBIOS)/os/various/syscalls.c \ $(PLATFORM_COMMON_DIR)/syscall-fallbacks.c \ $(PLATFORM_COMMON_DIR)/wait.c \ - $(PLATFORM_COMMON_DIR)/synchronization_util.c + $(PLATFORM_COMMON_DIR)/synchronization_util.c \ + $(PLATFORM_COMMON_DIR)/interrupt_handlers.c # Ensure the ASM files are not subjected to LTO -- it'll strip out interrupt handlers otherwise. QUANTUM_LIB_SRC += $(STARTUPASM) $(PORTASM) $(OSALASM) $(PLATFORMASM)