emds: Write emds data without using the flash driver

This commit allows EMDS to bypass the flash driver when writing emds
data to flash to ensure deterministic write time without being blocked
by mpsl.

It also allows to call emds_store from ISR, which was not possible with
the flash driver.

Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>

Author: PavelVPV

doc/nrf/libraries/others/emds.rst

@@ -48,7 +48,7 @@ When changing the :kconfig:option:`CONFIG_EMDS_FLASH_TIME_BASE_OVERHEAD_US` opti
 
 The application must call the :c:func:`emds_store` function to store all entries.
 This can only be done once, before the :c:func:`emds_prepare` function must be called again.
-When invoked, the :c:func:`emds_store` function triggers the emergency data store process in a separate thread, and then stores all the registered entries.
+When invoked, the :c:func:`emds_store` function stores all the registered entries.
 Invocation of this call should be performed when the application detects loss of power, or when a reboot is triggered.
 
 .. note::
@@ -82,7 +82,6 @@ The above described process is summarized in a message sequence diagram.
     ...;
     Application->Application  [ label = "Interrupt calling emds_store()" ];
     Application=>EMDS         [ label = "emds_store()" ];
-    EMDS box EMDS [ label = "Thread storing data executing" ];
     Application<<=EMDS        [ label = "emds_store_cb_t callback" ];
     Application->Application [ label = "Reboot/halt" ];
 

include/emds/emds.h

@@ -71,9 +71,12 @@ struct emds_dynamic_entry {
  * @brief Callback for application commands when storing has been executed.
  *
  * This can be used to perform other actions or execute busy-waiting until the
- * power supply is discharged. It will run in the thread of emds. Scheduler and
- * interrupts are unlocked before triggering this callback. Therefore, this
+ * power supply is discharged. It will be run by @ref emds_store,
+ * and called from the same context the @ref emds_store is called from.
+ * Interrupts are unlocked before triggering this callback. Therefore, this
  * callback may not be reached before available backup power runs out.
+ * If the application needs interrupts to be locked during this callback,
+ * application can do so by calling irq_lock before calling @ref emds_store.
  */
 typedef void (*emds_store_cb_t)(void);
 
@@ -112,9 +115,20 @@ int emds_entry_add(struct emds_dynamic_entry *entry);
  *
  * Triggers the process of storing all data registered to be stored. All data
  * registered either through @ref emds_entry_add function or the
- * @ref EMDS_STATIC_ENTRY_DEFINE macro is stored. Once the data storage is
- * completed, the data should not be changed, and the device should be halted.
+ * @ref EMDS_STATIC_ENTRY_DEFINE macro is stored. It locks all interrupts until
+ * the write is finished. Once the data storage is completed, the data should
+ * not be changed, and the device should be halted. The device must not be
+ * allowed to reboot when operating on a backup supply, since reboot will
+ * trigger data load from the EMDS storage and clear the storage area. The reboot
+ * should only be allowed when the main power supply is available.
+ *
  * This is a time-critical operation and will be processed as fast as possible.
+ * To achieve better time predictability, this function must be called from an
+ * interrupt context with the highest priority.
+ *
+ * When writing to flash, it bypasses the flash driver. Therefore, when running
+ * with MPSL, make sure to uninitialize the MPSL before this function is called.
+ * Otherwise, an assertion may be triggered by the exit of the function.
  *
  * @retval 0 Success
  * @retval -ERRNO errno code if error

subsys/emds/emds.c

@@ -14,68 +14,13 @@
 #include <zephyr/logging/log.h>
 LOG_MODULE_REGISTER(emds, CONFIG_EMDS_LOG_LEVEL);
 
-K_SEM_DEFINE(emds_sem, 0, 1);
 static bool emds_ready;
 static bool emds_initialized;
-static uint32_t store_key;
 
 static sys_slist_t emds_dynamic_entries;
 static struct emds_fs emds_flash;
 static emds_store_cb_t app_store_cb;
 
-static void emds_handler(void)
-{
-	while (true) {
-		k_sem_reset(&emds_sem);
-		k_sem_take(&emds_sem, K_FOREVER);
-
-		k_sched_lock();
-
-		LOG_DBG("Emergency Data Storeage released");
-
-		STRUCT_SECTION_FOREACH(emds_entry, ch) {
-			ssize_t len = emds_flash_write(&emds_flash,
-						       ch->id, ch->data, ch->len);
-			if (len < 0) {
-				LOG_ERR("Write static entry: (%d) error (%d)",
-					ch->id, len);
-			} else if (len != ch->len) {
-				LOG_ERR("Write static entry: (%d) failed (%d:%d)",
-					ch->id, ch->len, len);
-			}
-		}
-
-		struct emds_dynamic_entry *ch;
-
-		SYS_SLIST_FOR_EACH_CONTAINER(&emds_dynamic_entries, ch, node) {
-			ssize_t len = emds_flash_write(&emds_flash,
-						       ch->entry.id, ch->entry.data, ch->entry.len);
-			if (len < 0) {
-				LOG_ERR("Write dynamic entry: (%d) error (%d).",
-					ch->entry.id, len);
-			}
-			if (len != ch->entry.len) {
-				LOG_ERR("Write dynamic entry: (%d) failed (%d:%d).",
-					ch->entry.id, ch->entry.len, len);
-			}
-		}
-
-		emds_ready = false;
-
-		k_sched_unlock();
-
-		/* Unlock all interrupts */
-		irq_unlock(store_key);
-
-		if (app_store_cb) {
-			app_store_cb();
-		}
-	}
-}
-
-K_THREAD_DEFINE(emds_tid, CONFIG_EMDS_THREAD_STACK_SIZE, emds_handler, NULL,
-		NULL, NULL, K_PRIO_COOP(CONFIG_EMDS_THREAD_PRIORITY), 0, 0);
-
 static int emds_fs_init(void)
 {
 	int rc;
@@ -194,6 +139,8 @@ int emds_entry_add(struct emds_dynamic_entry *entry)
 
 int emds_store(void)
 {
+	uint32_t store_key;
+
 	if (!emds_ready) {
 		return -ECANCELED;
 	}
@@ -202,7 +149,43 @@ int emds_store(void)
 	store_key = irq_lock();
 
 	/* Start the emergency data storage process. */
-	k_sem_give(&emds_sem);
+	LOG_DBG("Emergency Data Storeage released");
+
+	STRUCT_SECTION_FOREACH(emds_entry, ch) {
+		ssize_t len = emds_flash_write(&emds_flash,
+					       ch->id, ch->data, ch->len);
+		if (len < 0) {
+			LOG_ERR("Write static entry: (%d) error (%d)",
+				ch->id, len);
+		} else if (len != ch->len) {
+			LOG_ERR("Write static entry: (%d) failed (%d:%d)",
+				ch->id, ch->len, len);
+		}
+	}
+
+	struct emds_dynamic_entry *ch;
+
+	SYS_SLIST_FOR_EACH_CONTAINER(&emds_dynamic_entries, ch, node) {
+		ssize_t len = emds_flash_write(&emds_flash,
+					       ch->entry.id, ch->entry.data, ch->entry.len);
+		if (len < 0) {
+			LOG_ERR("Write dynamic entry: (%d) error (%d).",
+				ch->entry.id, len);
+		}
+		if (len != ch->entry.len) {
+			LOG_ERR("Write dynamic entry: (%d) failed (%d:%d).",
+				ch->entry.id, ch->entry.len, len);
+		}
+	}
+
+	emds_ready = false;
+
+	/* Unlock all interrupts */
+	irq_unlock(store_key);
+
+	if (app_store_cb) {
+		app_store_cb();
+	}
 
 	return 0;
 }

subsys/emds/emds_flash.c

@@ -11,6 +11,8 @@
 #include <zephyr/sys/crc.h>
 #include <zephyr/logging/log.h>
 #include "emds_flash.h"
+#include <nrfx_nvmc.h>
+#include <nrf_erratas.h>
 
 LOG_MODULE_REGISTER(emds_flash, CONFIG_EMDS_LOG_LEVEL);
 
@@ -36,6 +38,124 @@ enum ate_type {
 BUILD_ASSERT(offsetof(struct emds_ate, crc8) == sizeof(struct emds_ate) - sizeof(uint8_t),
 	     "crc8 must be the last member");
 
+#define SOC_NV_FLASH_NODE DT_INST(0, soc_nv_flash)
+
+#if NRF52_ERRATA_242_PRESENT
+#include <hal/nrf_power.h>
+/* Disable POFWARN by writing POFCON before a write or erase operation.
+ * Do not attempt to write or erase if EVENTS_POFWARN is already asserted.
+ */
+static bool pofcon_enabled;
+
+static int suspend_pofwarn(void)
+{
+	if (!nrf52_errata_242()) {
+		return 0;
+	}
+
+	bool enabled;
+	nrf_power_pof_thr_t pof_thr;
+
+	pof_thr = nrf_power_pofcon_get(NRF_POWER, &enabled);
+
+	if (enabled) {
+		nrf_power_pofcon_set(NRF_POWER, false, pof_thr);
+
+		/* This check need to be reworked once POFWARN event will be
+		 * served by zephyr.
+		 */
+		if (nrf_power_event_check(NRF_POWER, NRF_POWER_EVENT_POFWARN)) {
+			nrf_power_pofcon_set(NRF_POWER, true, pof_thr);
+			return -ECANCELED;
+		}
+	}
+
+	return 0;
+}
+
+static void restore_pofwarn(void)
+{
+	nrf_power_pof_thr_t pof_thr;
+
+	if (pofcon_enabled) {
+		pof_thr = nrf_power_pofcon_get(NRF_POWER, NULL);
+
+		nrf_power_pofcon_set(NRF_POWER, true, pof_thr);
+		pofcon_enabled = false;
+	}
+}
+
+#define SUSPEND_POFWARN() suspend_pofwarn()
+#define RESUME_POFWARN()  restore_pofwarn()
+#else
+#define SUSPEND_POFWARN() 0
+#define RESUME_POFWARN()
+#endif /* NRF52_ERRATA_242_PRESENT */
+
+static inline bool is_aligned_32(uint32_t data)
+{
+	return (data & 0x3) ? false : true;
+}
+
+static inline bool is_within_bounds(off_t addr, size_t len, off_t boundary_start,
+				    size_t boundary_size)
+{
+	return (addr >= boundary_start &&
+			(addr < (boundary_start + boundary_size)) &&
+			(len <= (boundary_start + boundary_size - addr)));
+}
+
+static inline bool is_regular_addr_valid(off_t addr, size_t len)
+{
+	return is_within_bounds(addr, len, 0, nrfx_nvmc_flash_size_get());
+}
+
+static void nvmc_wait_ready(void)
+{
+	while (!nrfx_nvmc_write_done_check()) {
+	}
+}
+
+static int flash_direct_write(const struct device *dev, off_t offset, const void *data, size_t len)
+{
+	uint32_t flash_addr = offset;
+	uint32_t data_addr = (uint32_t)data;
+
+	ARG_UNUSED(dev);
+
+	if (!is_regular_addr_valid(flash_addr, len)) {
+		return -EINVAL;
+	}
+
+	if (!is_aligned_32(flash_addr)) {
+		return -EINVAL;
+	}
+
+	if (len % sizeof(uint32_t)) {
+		return -EINVAL;
+	}
+
+	flash_addr += DT_REG_ADDR(SOC_NV_FLASH_NODE);
+
+	if (SUSPEND_POFWARN()) {
+		return -ECANCELED;
+	}
+
+	while (len >= sizeof(uint32_t)) {
+		nrfx_nvmc_word_write(flash_addr, UNALIGNED_GET((uint32_t *)data_addr));
+
+		flash_addr += sizeof(uint32_t);
+		data_addr += sizeof(uint32_t);
+		len -= sizeof(uint32_t);
+	}
+
+	RESUME_POFWARN();
+
+	nvmc_wait_ready();
+
+	return 0;
+}
+
 static size_t align_size(struct emds_fs *fs, size_t len)
 {
 	uint8_t write_block_size = fs->flash_params->write_block_size;
@@ -52,7 +172,7 @@ static int ate_wrt(struct emds_fs *fs, const struct emds_ate *entry)
 		return -EINVAL;
 	}
 
-	int rc = flash_write(fs->flash_dev, fs->ate_wra, entry, sizeof(struct emds_ate));
+	int rc = flash_direct_write(fs->flash_dev, fs->ate_wra, entry, sizeof(struct emds_ate));
 
 	if (rc) {
 		return rc;
@@ -82,7 +202,7 @@ static int data_wrt(struct emds_fs *fs, const void *data, size_t len)
 	blen = temp_len & ~(fs->flash_params->write_block_size - 1U);
 	/* Writes multiples of 4 bytes to flash */
 	if (blen > 0) {
-		rc = flash_write(fs->flash_dev, offset, data8, blen);
+		rc = flash_direct_write(fs->flash_dev, offset, data8, blen);
 		if (rc) {
 			return rc;
 		}
@@ -96,7 +216,8 @@ static int data_wrt(struct emds_fs *fs, const void *data, size_t len)
 		(void)memcpy(buf, data8, temp_len);
 		(void)memset(buf + temp_len, fs->flash_params->erase_value,
 			     fs->flash_params->write_block_size - temp_len);
-		rc = flash_write(fs->flash_dev, offset, buf, fs->flash_params->write_block_size);
+		rc = flash_direct_write(fs->flash_dev, offset, buf,
+					fs->flash_params->write_block_size);
 		if (rc) {
 			return rc;
 		}
@@ -344,15 +465,12 @@ ssize_t emds_flash_write(struct emds_fs *fs, uint16_t id, const void *data, size
 		return 0;
 	}
 
-	k_mutex_lock(&fs->emds_lock, K_FOREVER);
-
 	int rc = entry_wrt(fs, id, data, len);
 
 	if (rc) {
 		return rc;
 	}
 
-	k_mutex_unlock(&fs->emds_lock);
 	return len;
 }