1 /***************************************************************************
2 * Copyright (C) 2015 by David Ung *
4 * This program is free software; you can redistribute it and/or modify *
5 * it under the terms of the GNU General Public License as published by *
6 * the Free Software Foundation; either version 2 of the License, or *
7 * (at your option) any later version. *
9 * This program is distributed in the hope that it will be useful, *
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
12 * GNU General Public License for more details. *
14 * You should have received a copy of the GNU General Public License *
15 * along with this program; if not, write to the *
16 * Free Software Foundation, Inc., *
18 ***************************************************************************/
24 #include "breakpoints.h"
27 #include "target_request.h"
28 #include "target_type.h"
29 #include "armv8_opcodes.h"
30 #include "armv8_cache.h"
31 #include "arm_semihosting.h"
32 #include "jtag/interface.h"
34 #include <helper/time_support.h>
46 struct aarch64_private_config
{
47 struct adiv5_private_config adiv5_config
;
51 static int aarch64_poll(struct target
*target
);
52 static int aarch64_debug_entry(struct target
*target
);
53 static int aarch64_restore_context(struct target
*target
, bool bpwp
);
54 static int aarch64_set_breakpoint(struct target
*target
,
55 struct breakpoint
*breakpoint
, uint8_t matchmode
);
56 static int aarch64_set_context_breakpoint(struct target
*target
,
57 struct breakpoint
*breakpoint
, uint8_t matchmode
);
58 static int aarch64_set_hybrid_breakpoint(struct target
*target
,
59 struct breakpoint
*breakpoint
);
60 static int aarch64_unset_breakpoint(struct target
*target
,
61 struct breakpoint
*breakpoint
);
62 static int aarch64_mmu(struct target
*target
, int *enabled
);
63 static int aarch64_virt2phys(struct target
*target
,
64 target_addr_t virt
, target_addr_t
*phys
);
65 static int aarch64_read_cpu_memory(struct target
*target
,
66 uint64_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
);
68 static int aarch64_restore_system_control_reg(struct target
*target
)
70 enum arm_mode target_mode
= ARM_MODE_ANY
;
71 int retval
= ERROR_OK
;
74 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
75 struct armv8_common
*armv8
= target_to_armv8(target
);
77 if (aarch64
->system_control_reg
!= aarch64
->system_control_reg_curr
) {
78 aarch64
->system_control_reg_curr
= aarch64
->system_control_reg
;
79 /* LOG_INFO("cp15_control_reg: %8.8" PRIx32, cortex_v8->cp15_control_reg); */
81 switch (armv8
->arm
.core_mode
) {
83 target_mode
= ARMV8_64_EL1H
;
87 instr
= ARMV8_MSR_GP(SYSTEM_SCTLR_EL1
, 0);
91 instr
= ARMV8_MSR_GP(SYSTEM_SCTLR_EL2
, 0);
95 instr
= ARMV8_MSR_GP(SYSTEM_SCTLR_EL3
, 0);
103 instr
= ARMV4_5_MCR(15, 0, 0, 1, 0, 0);
107 LOG_INFO("cannot read system control register in this mode");
111 if (target_mode
!= ARM_MODE_ANY
)
112 armv8_dpm_modeswitch(&armv8
->dpm
, target_mode
);
114 retval
= armv8
->dpm
.instr_write_data_r0(&armv8
->dpm
, instr
, aarch64
->system_control_reg
);
115 if (retval
!= ERROR_OK
)
118 if (target_mode
!= ARM_MODE_ANY
)
119 armv8_dpm_modeswitch(&armv8
->dpm
, ARM_MODE_ANY
);
125 /* modify system_control_reg in order to enable or disable mmu for :
126 * - virt2phys address conversion
127 * - read or write memory in phys or virt address */
128 static int aarch64_mmu_modify(struct target
*target
, int enable
)
130 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
131 struct armv8_common
*armv8
= &aarch64
->armv8_common
;
132 int retval
= ERROR_OK
;
136 /* if mmu enabled at target stop and mmu not enable */
137 if (!(aarch64
->system_control_reg
& 0x1U
)) {
138 LOG_ERROR("trying to enable mmu on target stopped with mmu disable");
141 if (!(aarch64
->system_control_reg_curr
& 0x1U
))
142 aarch64
->system_control_reg_curr
|= 0x1U
;
144 if (aarch64
->system_control_reg_curr
& 0x4U
) {
145 /* data cache is active */
146 aarch64
->system_control_reg_curr
&= ~0x4U
;
147 /* flush data cache armv8 function to be called */
148 if (armv8
->armv8_mmu
.armv8_cache
.flush_all_data_cache
)
149 armv8
->armv8_mmu
.armv8_cache
.flush_all_data_cache(target
);
151 if ((aarch64
->system_control_reg_curr
& 0x1U
)) {
152 aarch64
->system_control_reg_curr
&= ~0x1U
;
156 switch (armv8
->arm
.core_mode
) {
160 instr
= ARMV8_MSR_GP(SYSTEM_SCTLR_EL1
, 0);
164 instr
= ARMV8_MSR_GP(SYSTEM_SCTLR_EL2
, 0);
168 instr
= ARMV8_MSR_GP(SYSTEM_SCTLR_EL3
, 0);
176 instr
= ARMV4_5_MCR(15, 0, 0, 1, 0, 0);
180 LOG_DEBUG("unknown cpu state 0x%" PRIx32
, armv8
->arm
.core_mode
);
184 retval
= armv8
->dpm
.instr_write_data_r0(&armv8
->dpm
, instr
,
185 aarch64
->system_control_reg_curr
);
190 * Basic debug access, very low level assumes state is saved
192 static int aarch64_init_debug_access(struct target
*target
)
194 struct armv8_common
*armv8
= target_to_armv8(target
);
198 LOG_DEBUG("%s", target_name(target
));
200 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
201 armv8
->debug_base
+ CPUV8_DBG_OSLAR
, 0);
202 if (retval
!= ERROR_OK
) {
203 LOG_DEBUG("Examine %s failed", "oslock");
207 /* Clear Sticky Power Down status Bit in PRSR to enable access to
208 the registers in the Core Power Domain */
209 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
210 armv8
->debug_base
+ CPUV8_DBG_PRSR
, &dummy
);
211 if (retval
!= ERROR_OK
)
215 * Static CTI configuration:
216 * Channel 0 -> trigger outputs HALT request to PE
217 * Channel 1 -> trigger outputs Resume request to PE
218 * Gate all channel trigger events from entering the CTM
222 retval
= arm_cti_enable(armv8
->cti
, true);
223 /* By default, gate all channel events to and from the CTM */
224 if (retval
== ERROR_OK
)
225 retval
= arm_cti_write_reg(armv8
->cti
, CTI_GATE
, 0);
226 /* output halt requests to PE on channel 0 event */
227 if (retval
== ERROR_OK
)
228 retval
= arm_cti_write_reg(armv8
->cti
, CTI_OUTEN0
, CTI_CHNL(0));
229 /* output restart requests to PE on channel 1 event */
230 if (retval
== ERROR_OK
)
231 retval
= arm_cti_write_reg(armv8
->cti
, CTI_OUTEN1
, CTI_CHNL(1));
232 if (retval
!= ERROR_OK
)
235 /* Resync breakpoint registers */
240 /* Write to memory mapped registers directly with no cache or mmu handling */
241 static int aarch64_dap_write_memap_register_u32(struct target
*target
,
246 struct armv8_common
*armv8
= target_to_armv8(target
);
248 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
, address
, value
);
253 static int aarch64_dpm_setup(struct aarch64_common
*a8
, uint64_t debug
)
255 struct arm_dpm
*dpm
= &a8
->armv8_common
.dpm
;
258 dpm
->arm
= &a8
->armv8_common
.arm
;
261 retval
= armv8_dpm_setup(dpm
);
262 if (retval
== ERROR_OK
)
263 retval
= armv8_dpm_initialize(dpm
);
268 static int aarch64_set_dscr_bits(struct target
*target
, unsigned long bit_mask
, unsigned long value
)
270 struct armv8_common
*armv8
= target_to_armv8(target
);
271 return armv8_set_dbgreg_bits(armv8
, CPUV8_DBG_DSCR
, bit_mask
, value
);
274 static int aarch64_check_state_one(struct target
*target
,
275 uint32_t mask
, uint32_t val
, int *p_result
, uint32_t *p_prsr
)
277 struct armv8_common
*armv8
= target_to_armv8(target
);
281 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
282 armv8
->debug_base
+ CPUV8_DBG_PRSR
, &prsr
);
283 if (retval
!= ERROR_OK
)
290 *p_result
= (prsr
& mask
) == (val
& mask
);
295 static int aarch64_wait_halt_one(struct target
*target
)
297 int retval
= ERROR_OK
;
300 int64_t then
= timeval_ms();
304 retval
= aarch64_check_state_one(target
, PRSR_HALT
, PRSR_HALT
, &halted
, &prsr
);
305 if (retval
!= ERROR_OK
|| halted
)
308 if (timeval_ms() > then
+ 1000) {
309 retval
= ERROR_TARGET_TIMEOUT
;
310 LOG_DEBUG("target %s timeout, prsr=0x%08"PRIx32
, target_name(target
), prsr
);
317 static int aarch64_prepare_halt_smp(struct target
*target
, bool exc_target
, struct target
**p_first
)
319 int retval
= ERROR_OK
;
320 struct target_list
*head
= target
->head
;
321 struct target
*first
= NULL
;
323 LOG_DEBUG("target %s exc %i", target_name(target
), exc_target
);
325 while (head
!= NULL
) {
326 struct target
*curr
= head
->target
;
327 struct armv8_common
*armv8
= target_to_armv8(curr
);
330 if (exc_target
&& curr
== target
)
332 if (!target_was_examined(curr
))
334 if (curr
->state
!= TARGET_RUNNING
)
337 /* HACK: mark this target as prepared for halting */
338 curr
->debug_reason
= DBG_REASON_DBGRQ
;
340 /* open the gate for channel 0 to let HALT requests pass to the CTM */
341 retval
= arm_cti_ungate_channel(armv8
->cti
, 0);
342 if (retval
== ERROR_OK
)
343 retval
= aarch64_set_dscr_bits(curr
, DSCR_HDE
, DSCR_HDE
);
344 if (retval
!= ERROR_OK
)
347 LOG_DEBUG("target %s prepared", target_name(curr
));
354 if (exc_target
&& first
)
363 static int aarch64_halt_one(struct target
*target
, enum halt_mode mode
)
365 int retval
= ERROR_OK
;
366 struct armv8_common
*armv8
= target_to_armv8(target
);
368 LOG_DEBUG("%s", target_name(target
));
370 /* allow Halting Debug Mode */
371 retval
= aarch64_set_dscr_bits(target
, DSCR_HDE
, DSCR_HDE
);
372 if (retval
!= ERROR_OK
)
375 /* trigger an event on channel 0, this outputs a halt request to the PE */
376 retval
= arm_cti_pulse_channel(armv8
->cti
, 0);
377 if (retval
!= ERROR_OK
)
380 if (mode
== HALT_SYNC
) {
381 retval
= aarch64_wait_halt_one(target
);
382 if (retval
!= ERROR_OK
) {
383 if (retval
== ERROR_TARGET_TIMEOUT
)
384 LOG_ERROR("Timeout waiting for target %s halt", target_name(target
));
392 static int aarch64_halt_smp(struct target
*target
, bool exc_target
)
394 struct target
*next
= target
;
397 /* prepare halt on all PEs of the group */
398 retval
= aarch64_prepare_halt_smp(target
, exc_target
, &next
);
400 if (exc_target
&& next
== target
)
403 /* halt the target PE */
404 if (retval
== ERROR_OK
)
405 retval
= aarch64_halt_one(next
, HALT_LAZY
);
407 if (retval
!= ERROR_OK
)
410 /* wait for all PEs to halt */
411 int64_t then
= timeval_ms();
413 bool all_halted
= true;
414 struct target_list
*head
;
417 foreach_smp_target(head
, target
->head
) {
422 if (!target_was_examined(curr
))
425 retval
= aarch64_check_state_one(curr
, PRSR_HALT
, PRSR_HALT
, &halted
, NULL
);
426 if (retval
!= ERROR_OK
|| !halted
) {
435 if (timeval_ms() > then
+ 1000) {
436 retval
= ERROR_TARGET_TIMEOUT
;
441 * HACK: on Hi6220 there are 8 cores organized in 2 clusters
442 * and it looks like the CTI's are not connected by a common
443 * trigger matrix. It seems that we need to halt one core in each
444 * cluster explicitly. So if we find that a core has not halted
445 * yet, we trigger an explicit halt for the second cluster.
447 retval
= aarch64_halt_one(curr
, HALT_LAZY
);
448 if (retval
!= ERROR_OK
)
455 static int update_halt_gdb(struct target
*target
, enum target_debug_reason debug_reason
)
457 struct target
*gdb_target
= NULL
;
458 struct target_list
*head
;
461 if (debug_reason
== DBG_REASON_NOTHALTED
) {
462 LOG_DEBUG("Halting remaining targets in SMP group");
463 aarch64_halt_smp(target
, true);
466 /* poll all targets in the group, but skip the target that serves GDB */
467 foreach_smp_target(head
, target
->head
) {
469 /* skip calling context */
472 if (!target_was_examined(curr
))
474 /* skip targets that were already halted */
475 if (curr
->state
== TARGET_HALTED
)
477 /* remember the gdb_service->target */
478 if (curr
->gdb_service
!= NULL
)
479 gdb_target
= curr
->gdb_service
->target
;
481 if (curr
== gdb_target
)
484 /* avoid recursion in aarch64_poll() */
490 /* after all targets were updated, poll the gdb serving target */
491 if (gdb_target
!= NULL
&& gdb_target
!= target
)
492 aarch64_poll(gdb_target
);
498 * Aarch64 Run control
501 static int aarch64_poll(struct target
*target
)
503 enum target_state prev_target_state
;
504 int retval
= ERROR_OK
;
507 retval
= aarch64_check_state_one(target
,
508 PRSR_HALT
, PRSR_HALT
, &halted
, NULL
);
509 if (retval
!= ERROR_OK
)
513 prev_target_state
= target
->state
;
514 if (prev_target_state
!= TARGET_HALTED
) {
515 enum target_debug_reason debug_reason
= target
->debug_reason
;
517 /* We have a halting debug event */
518 target
->state
= TARGET_HALTED
;
519 LOG_DEBUG("Target %s halted", target_name(target
));
520 retval
= aarch64_debug_entry(target
);
521 if (retval
!= ERROR_OK
)
525 update_halt_gdb(target
, debug_reason
);
527 if (arm_semihosting(target
, &retval
) != 0)
530 switch (prev_target_state
) {
534 target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
536 case TARGET_DEBUG_RUNNING
:
537 target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_HALTED
);
544 target
->state
= TARGET_RUNNING
;
549 static int aarch64_halt(struct target
*target
)
551 struct armv8_common
*armv8
= target_to_armv8(target
);
552 armv8
->last_run_control_op
= ARMV8_RUNCONTROL_HALT
;
555 return aarch64_halt_smp(target
, false);
557 return aarch64_halt_one(target
, HALT_SYNC
);
560 static int aarch64_restore_one(struct target
*target
, int current
,
561 uint64_t *address
, int handle_breakpoints
, int debug_execution
)
563 struct armv8_common
*armv8
= target_to_armv8(target
);
564 struct arm
*arm
= &armv8
->arm
;
568 LOG_DEBUG("%s", target_name(target
));
570 if (!debug_execution
)
571 target_free_all_working_areas(target
);
573 /* current = 1: continue on current pc, otherwise continue at <address> */
574 resume_pc
= buf_get_u64(arm
->pc
->value
, 0, 64);
576 resume_pc
= *address
;
578 *address
= resume_pc
;
580 /* Make sure that the Armv7 gdb thumb fixups does not
581 * kill the return address
583 switch (arm
->core_state
) {
585 resume_pc
&= 0xFFFFFFFC;
587 case ARM_STATE_AARCH64
:
588 resume_pc
&= 0xFFFFFFFFFFFFFFFC;
590 case ARM_STATE_THUMB
:
591 case ARM_STATE_THUMB_EE
:
592 /* When the return address is loaded into PC
593 * bit 0 must be 1 to stay in Thumb state
597 case ARM_STATE_JAZELLE
:
598 LOG_ERROR("How do I resume into Jazelle state??");
601 LOG_DEBUG("resume pc = 0x%016" PRIx64
, resume_pc
);
602 buf_set_u64(arm
->pc
->value
, 0, 64, resume_pc
);
603 arm
->pc
->dirty
= true;
604 arm
->pc
->valid
= true;
606 /* called it now before restoring context because it uses cpu
607 * register r0 for restoring system control register */
608 retval
= aarch64_restore_system_control_reg(target
);
609 if (retval
== ERROR_OK
)
610 retval
= aarch64_restore_context(target
, handle_breakpoints
);
616 * prepare single target for restart
620 static int aarch64_prepare_restart_one(struct target
*target
)
622 struct armv8_common
*armv8
= target_to_armv8(target
);
627 LOG_DEBUG("%s", target_name(target
));
629 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
630 armv8
->debug_base
+ CPUV8_DBG_DSCR
, &dscr
);
631 if (retval
!= ERROR_OK
)
634 if ((dscr
& DSCR_ITE
) == 0)
635 LOG_ERROR("DSCR.ITE must be set before leaving debug!");
636 if ((dscr
& DSCR_ERR
) != 0)
637 LOG_ERROR("DSCR.ERR must be cleared before leaving debug!");
639 /* acknowledge a pending CTI halt event */
640 retval
= arm_cti_ack_events(armv8
->cti
, CTI_TRIG(HALT
));
642 * open the CTI gate for channel 1 so that the restart events
643 * get passed along to all PEs. Also close gate for channel 0
644 * to isolate the PE from halt events.
646 if (retval
== ERROR_OK
)
647 retval
= arm_cti_ungate_channel(armv8
->cti
, 1);
648 if (retval
== ERROR_OK
)
649 retval
= arm_cti_gate_channel(armv8
->cti
, 0);
651 /* make sure that DSCR.HDE is set */
652 if (retval
== ERROR_OK
) {
654 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
655 armv8
->debug_base
+ CPUV8_DBG_DSCR
, dscr
);
658 if (retval
== ERROR_OK
) {
659 /* clear sticky bits in PRSR, SDR is now 0 */
660 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
661 armv8
->debug_base
+ CPUV8_DBG_PRSR
, &tmp
);
667 static int aarch64_do_restart_one(struct target
*target
, enum restart_mode mode
)
669 struct armv8_common
*armv8
= target_to_armv8(target
);
672 LOG_DEBUG("%s", target_name(target
));
674 /* trigger an event on channel 1, generates a restart request to the PE */
675 retval
= arm_cti_pulse_channel(armv8
->cti
, 1);
676 if (retval
!= ERROR_OK
)
679 if (mode
== RESTART_SYNC
) {
680 int64_t then
= timeval_ms();
684 * if PRSR.SDR is set now, the target did restart, even
685 * if it's now already halted again (e.g. due to breakpoint)
687 retval
= aarch64_check_state_one(target
,
688 PRSR_SDR
, PRSR_SDR
, &resumed
, NULL
);
689 if (retval
!= ERROR_OK
|| resumed
)
692 if (timeval_ms() > then
+ 1000) {
693 LOG_ERROR("%s: Timeout waiting for resume"PRIx32
, target_name(target
));
694 retval
= ERROR_TARGET_TIMEOUT
;
700 if (retval
!= ERROR_OK
)
703 target
->debug_reason
= DBG_REASON_NOTHALTED
;
704 target
->state
= TARGET_RUNNING
;
709 static int aarch64_restart_one(struct target
*target
, enum restart_mode mode
)
713 LOG_DEBUG("%s", target_name(target
));
715 retval
= aarch64_prepare_restart_one(target
);
716 if (retval
== ERROR_OK
)
717 retval
= aarch64_do_restart_one(target
, mode
);
723 * prepare all but the current target for restart
725 static int aarch64_prep_restart_smp(struct target
*target
, int handle_breakpoints
, struct target
**p_first
)
727 int retval
= ERROR_OK
;
728 struct target_list
*head
;
729 struct target
*first
= NULL
;
732 foreach_smp_target(head
, target
->head
) {
733 struct target
*curr
= head
->target
;
735 /* skip calling target */
738 if (!target_was_examined(curr
))
740 if (curr
->state
!= TARGET_HALTED
)
743 /* resume at current address, not in step mode */
744 retval
= aarch64_restore_one(curr
, 1, &address
, handle_breakpoints
, 0);
745 if (retval
== ERROR_OK
)
746 retval
= aarch64_prepare_restart_one(curr
);
747 if (retval
!= ERROR_OK
) {
748 LOG_ERROR("failed to restore target %s", target_name(curr
));
751 /* remember the first valid target in the group */
763 static int aarch64_step_restart_smp(struct target
*target
)
765 int retval
= ERROR_OK
;
766 struct target_list
*head
;
767 struct target
*first
= NULL
;
769 LOG_DEBUG("%s", target_name(target
));
771 retval
= aarch64_prep_restart_smp(target
, 0, &first
);
772 if (retval
!= ERROR_OK
)
776 retval
= aarch64_do_restart_one(first
, RESTART_LAZY
);
777 if (retval
!= ERROR_OK
) {
778 LOG_DEBUG("error restarting target %s", target_name(first
));
782 int64_t then
= timeval_ms();
784 struct target
*curr
= target
;
785 bool all_resumed
= true;
787 foreach_smp_target(head
, target
->head
) {
796 if (!target_was_examined(curr
))
799 retval
= aarch64_check_state_one(curr
,
800 PRSR_SDR
, PRSR_SDR
, &resumed
, &prsr
);
801 if (retval
!= ERROR_OK
|| (!resumed
&& (prsr
& PRSR_HALT
))) {
806 if (curr
->state
!= TARGET_RUNNING
) {
807 curr
->state
= TARGET_RUNNING
;
808 curr
->debug_reason
= DBG_REASON_NOTHALTED
;
809 target_call_event_callbacks(curr
, TARGET_EVENT_RESUMED
);
816 if (timeval_ms() > then
+ 1000) {
817 LOG_ERROR("%s: timeout waiting for target resume", __func__
);
818 retval
= ERROR_TARGET_TIMEOUT
;
822 * HACK: on Hi6220 there are 8 cores organized in 2 clusters
823 * and it looks like the CTI's are not connected by a common
824 * trigger matrix. It seems that we need to halt one core in each
825 * cluster explicitly. So if we find that a core has not halted
826 * yet, we trigger an explicit resume for the second cluster.
828 retval
= aarch64_do_restart_one(curr
, RESTART_LAZY
);
829 if (retval
!= ERROR_OK
)
836 static int aarch64_resume(struct target
*target
, int current
,
837 target_addr_t address
, int handle_breakpoints
, int debug_execution
)
840 uint64_t addr
= address
;
842 struct armv8_common
*armv8
= target_to_armv8(target
);
843 armv8
->last_run_control_op
= ARMV8_RUNCONTROL_RESUME
;
845 if (target
->state
!= TARGET_HALTED
)
846 return ERROR_TARGET_NOT_HALTED
;
849 * If this target is part of a SMP group, prepare the others
850 * targets for resuming. This involves restoring the complete
851 * target register context and setting up CTI gates to accept
852 * resume events from the trigger matrix.
855 retval
= aarch64_prep_restart_smp(target
, handle_breakpoints
, NULL
);
856 if (retval
!= ERROR_OK
)
860 /* all targets prepared, restore and restart the current target */
861 retval
= aarch64_restore_one(target
, current
, &addr
, handle_breakpoints
,
863 if (retval
== ERROR_OK
)
864 retval
= aarch64_restart_one(target
, RESTART_SYNC
);
865 if (retval
!= ERROR_OK
)
869 int64_t then
= timeval_ms();
871 struct target
*curr
= target
;
872 struct target_list
*head
;
873 bool all_resumed
= true;
875 foreach_smp_target(head
, target
->head
) {
882 if (!target_was_examined(curr
))
885 retval
= aarch64_check_state_one(curr
,
886 PRSR_SDR
, PRSR_SDR
, &resumed
, &prsr
);
887 if (retval
!= ERROR_OK
|| (!resumed
&& (prsr
& PRSR_HALT
))) {
892 if (curr
->state
!= TARGET_RUNNING
) {
893 curr
->state
= TARGET_RUNNING
;
894 curr
->debug_reason
= DBG_REASON_NOTHALTED
;
895 target_call_event_callbacks(curr
, TARGET_EVENT_RESUMED
);
902 if (timeval_ms() > then
+ 1000) {
903 LOG_ERROR("%s: timeout waiting for target %s to resume", __func__
, target_name(curr
));
904 retval
= ERROR_TARGET_TIMEOUT
;
909 * HACK: on Hi6220 there are 8 cores organized in 2 clusters
910 * and it looks like the CTI's are not connected by a common
911 * trigger matrix. It seems that we need to halt one core in each
912 * cluster explicitly. So if we find that a core has not halted
913 * yet, we trigger an explicit resume for the second cluster.
915 retval
= aarch64_do_restart_one(curr
, RESTART_LAZY
);
916 if (retval
!= ERROR_OK
)
921 if (retval
!= ERROR_OK
)
924 target
->debug_reason
= DBG_REASON_NOTHALTED
;
926 if (!debug_execution
) {
927 target
->state
= TARGET_RUNNING
;
928 target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
);
929 LOG_DEBUG("target resumed at 0x%" PRIx64
, addr
);
931 target
->state
= TARGET_DEBUG_RUNNING
;
932 target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_RESUMED
);
933 LOG_DEBUG("target debug resumed at 0x%" PRIx64
, addr
);
939 static int aarch64_debug_entry(struct target
*target
)
941 int retval
= ERROR_OK
;
942 struct armv8_common
*armv8
= target_to_armv8(target
);
943 struct arm_dpm
*dpm
= &armv8
->dpm
;
944 enum arm_state core_state
;
947 /* make sure to clear all sticky errors */
948 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
949 armv8
->debug_base
+ CPUV8_DBG_DRCR
, DRCR_CSE
);
950 if (retval
== ERROR_OK
)
951 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
952 armv8
->debug_base
+ CPUV8_DBG_DSCR
, &dscr
);
953 if (retval
== ERROR_OK
)
954 retval
= arm_cti_ack_events(armv8
->cti
, CTI_TRIG(HALT
));
956 if (retval
!= ERROR_OK
)
959 LOG_DEBUG("%s dscr = 0x%08" PRIx32
, target_name(target
), dscr
);
962 core_state
= armv8_dpm_get_core_state(dpm
);
963 armv8_select_opcodes(armv8
, core_state
== ARM_STATE_AARCH64
);
964 armv8_select_reg_access(armv8
, core_state
== ARM_STATE_AARCH64
);
966 /* close the CTI gate for all events */
967 if (retval
== ERROR_OK
)
968 retval
= arm_cti_write_reg(armv8
->cti
, CTI_GATE
, 0);
969 /* discard async exceptions */
970 if (retval
== ERROR_OK
)
971 retval
= dpm
->instr_cpsr_sync(dpm
);
972 if (retval
!= ERROR_OK
)
975 /* Examine debug reason */
976 armv8_dpm_report_dscr(dpm
, dscr
);
978 /* save address of instruction that triggered the watchpoint? */
979 if (target
->debug_reason
== DBG_REASON_WATCHPOINT
) {
983 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
984 armv8
->debug_base
+ CPUV8_DBG_WFAR1
,
986 if (retval
!= ERROR_OK
)
990 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
991 armv8
->debug_base
+ CPUV8_DBG_WFAR0
,
993 if (retval
!= ERROR_OK
)
996 armv8_dpm_report_wfar(&armv8
->dpm
, wfar
);
999 retval
= armv8_dpm_read_current_registers(&armv8
->dpm
);
1001 if (retval
== ERROR_OK
&& armv8
->post_debug_entry
)
1002 retval
= armv8
->post_debug_entry(target
);
1007 static int aarch64_post_debug_entry(struct target
*target
)
1009 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
1010 struct armv8_common
*armv8
= &aarch64
->armv8_common
;
1012 enum arm_mode target_mode
= ARM_MODE_ANY
;
1015 switch (armv8
->arm
.core_mode
) {
1017 target_mode
= ARMV8_64_EL1H
;
1021 instr
= ARMV8_MRS(SYSTEM_SCTLR_EL1
, 0);
1025 instr
= ARMV8_MRS(SYSTEM_SCTLR_EL2
, 0);
1029 instr
= ARMV8_MRS(SYSTEM_SCTLR_EL3
, 0);
1037 instr
= ARMV4_5_MRC(15, 0, 0, 1, 0, 0);
1041 LOG_INFO("cannot read system control register in this mode");
1045 if (target_mode
!= ARM_MODE_ANY
)
1046 armv8_dpm_modeswitch(&armv8
->dpm
, target_mode
);
1048 retval
= armv8
->dpm
.instr_read_data_r0(&armv8
->dpm
, instr
, &aarch64
->system_control_reg
);
1049 if (retval
!= ERROR_OK
)
1052 if (target_mode
!= ARM_MODE_ANY
)
1053 armv8_dpm_modeswitch(&armv8
->dpm
, ARM_MODE_ANY
);
1055 LOG_DEBUG("System_register: %8.8" PRIx32
, aarch64
->system_control_reg
);
1056 aarch64
->system_control_reg_curr
= aarch64
->system_control_reg
;
1058 if (armv8
->armv8_mmu
.armv8_cache
.info
== -1) {
1059 armv8_identify_cache(armv8
);
1060 armv8_read_mpidr(armv8
);
1063 armv8
->armv8_mmu
.mmu_enabled
=
1064 (aarch64
->system_control_reg
& 0x1U
) ? 1 : 0;
1065 armv8
->armv8_mmu
.armv8_cache
.d_u_cache_enabled
=
1066 (aarch64
->system_control_reg
& 0x4U
) ? 1 : 0;
1067 armv8
->armv8_mmu
.armv8_cache
.i_cache_enabled
=
1068 (aarch64
->system_control_reg
& 0x1000U
) ? 1 : 0;
1073 * single-step a target
1075 static int aarch64_step(struct target
*target
, int current
, target_addr_t address
,
1076 int handle_breakpoints
)
1078 struct armv8_common
*armv8
= target_to_armv8(target
);
1079 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
1080 int saved_retval
= ERROR_OK
;
1084 armv8
->last_run_control_op
= ARMV8_RUNCONTROL_STEP
;
1086 if (target
->state
!= TARGET_HALTED
) {
1087 LOG_WARNING("target not halted");
1088 return ERROR_TARGET_NOT_HALTED
;
1091 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
1092 armv8
->debug_base
+ CPUV8_DBG_EDECR
, &edecr
);
1093 /* make sure EDECR.SS is not set when restoring the register */
1095 if (retval
== ERROR_OK
) {
1097 /* set EDECR.SS to enter hardware step mode */
1098 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
1099 armv8
->debug_base
+ CPUV8_DBG_EDECR
, (edecr
|0x4));
1101 /* disable interrupts while stepping */
1102 if (retval
== ERROR_OK
&& aarch64
->isrmasking_mode
== AARCH64_ISRMASK_ON
)
1103 retval
= aarch64_set_dscr_bits(target
, 0x3 << 22, 0x3 << 22);
1104 /* bail out if stepping setup has failed */
1105 if (retval
!= ERROR_OK
)
1108 if (target
->smp
&& (current
== 1)) {
1110 * isolate current target so that it doesn't get resumed
1111 * together with the others
1113 retval
= arm_cti_gate_channel(armv8
->cti
, 1);
1114 /* resume all other targets in the group */
1115 if (retval
== ERROR_OK
)
1116 retval
= aarch64_step_restart_smp(target
);
1117 if (retval
!= ERROR_OK
) {
1118 LOG_ERROR("Failed to restart non-stepping targets in SMP group");
1121 LOG_DEBUG("Restarted all non-stepping targets in SMP group");
1124 /* all other targets running, restore and restart the current target */
1125 retval
= aarch64_restore_one(target
, current
, &address
, 0, 0);
1126 if (retval
== ERROR_OK
)
1127 retval
= aarch64_restart_one(target
, RESTART_LAZY
);
1129 if (retval
!= ERROR_OK
)
1132 LOG_DEBUG("target step-resumed at 0x%" PRIx64
, address
);
1133 if (!handle_breakpoints
)
1134 target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
);
1136 int64_t then
= timeval_ms();
1141 retval
= aarch64_check_state_one(target
,
1142 PRSR_SDR
|PRSR_HALT
, PRSR_SDR
|PRSR_HALT
, &stepped
, &prsr
);
1143 if (retval
!= ERROR_OK
|| stepped
)
1146 if (timeval_ms() > then
+ 100) {
1147 LOG_ERROR("timeout waiting for target %s halt after step",
1148 target_name(target
));
1149 retval
= ERROR_TARGET_TIMEOUT
;
1155 * At least on one SoC (Renesas R8A7795) stepping over a WFI instruction
1156 * causes a timeout. The core takes the step but doesn't complete it and so
1157 * debug state is never entered. However, you can manually halt the core
1158 * as an external debug even is also a WFI wakeup event.
1160 if (retval
== ERROR_TARGET_TIMEOUT
)
1161 saved_retval
= aarch64_halt_one(target
, HALT_SYNC
);
1164 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
1165 armv8
->debug_base
+ CPUV8_DBG_EDECR
, edecr
);
1166 if (retval
!= ERROR_OK
)
1169 /* restore interrupts */
1170 if (aarch64
->isrmasking_mode
== AARCH64_ISRMASK_ON
) {
1171 retval
= aarch64_set_dscr_bits(target
, 0x3 << 22, 0);
1172 if (retval
!= ERROR_OK
)
1176 if (saved_retval
!= ERROR_OK
)
1177 return saved_retval
;
1179 return aarch64_poll(target
);
1182 static int aarch64_restore_context(struct target
*target
, bool bpwp
)
1184 struct armv8_common
*armv8
= target_to_armv8(target
);
1185 struct arm
*arm
= &armv8
->arm
;
1189 LOG_DEBUG("%s", target_name(target
));
1191 if (armv8
->pre_restore_context
)
1192 armv8
->pre_restore_context(target
);
1194 retval
= armv8_dpm_write_dirty_registers(&armv8
->dpm
, bpwp
);
1195 if (retval
== ERROR_OK
) {
1196 /* registers are now invalid */
1197 register_cache_invalidate(arm
->core_cache
);
1198 register_cache_invalidate(arm
->core_cache
->next
);
1205 * Cortex-A8 Breakpoint and watchpoint functions
1208 /* Setup hardware Breakpoint Register Pair */
1209 static int aarch64_set_breakpoint(struct target
*target
,
1210 struct breakpoint
*breakpoint
, uint8_t matchmode
)
1215 uint8_t byte_addr_select
= 0x0F;
1216 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
1217 struct armv8_common
*armv8
= &aarch64
->armv8_common
;
1218 struct aarch64_brp
*brp_list
= aarch64
->brp_list
;
1220 if (breakpoint
->set
) {
1221 LOG_WARNING("breakpoint already set");
1225 if (breakpoint
->type
== BKPT_HARD
) {
1227 while (brp_list
[brp_i
].used
&& (brp_i
< aarch64
->brp_num
))
1229 if (brp_i
>= aarch64
->brp_num
) {
1230 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1231 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1233 breakpoint
->set
= brp_i
+ 1;
1234 if (breakpoint
->length
== 2)
1235 byte_addr_select
= (3 << (breakpoint
->address
& 0x02));
1236 control
= ((matchmode
& 0x7) << 20)
1238 | (byte_addr_select
<< 5)
1240 brp_list
[brp_i
].used
= 1;
1241 brp_list
[brp_i
].value
= breakpoint
->address
& 0xFFFFFFFFFFFFFFFC;
1242 brp_list
[brp_i
].control
= control
;
1243 bpt_value
= brp_list
[brp_i
].value
;
1245 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1246 + CPUV8_DBG_BVR_BASE
+ 16 * brp_list
[brp_i
].BRPn
,
1247 (uint32_t)(bpt_value
& 0xFFFFFFFF));
1248 if (retval
!= ERROR_OK
)
1250 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1251 + CPUV8_DBG_BVR_BASE
+ 4 + 16 * brp_list
[brp_i
].BRPn
,
1252 (uint32_t)(bpt_value
>> 32));
1253 if (retval
!= ERROR_OK
)
1256 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1257 + CPUV8_DBG_BCR_BASE
+ 16 * brp_list
[brp_i
].BRPn
,
1258 brp_list
[brp_i
].control
);
1259 if (retval
!= ERROR_OK
)
1261 LOG_DEBUG("brp %i control 0x%0" PRIx32
" value 0x%" TARGET_PRIxADDR
, brp_i
,
1262 brp_list
[brp_i
].control
,
1263 brp_list
[brp_i
].value
);
1265 } else if (breakpoint
->type
== BKPT_SOFT
) {
1268 buf_set_u32(code
, 0, 32, armv8_opcode(armv8
, ARMV8_OPC_HLT
));
1269 retval
= target_read_memory(target
,
1270 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1271 breakpoint
->length
, 1,
1272 breakpoint
->orig_instr
);
1273 if (retval
!= ERROR_OK
)
1276 armv8_cache_d_inner_flush_virt(armv8
,
1277 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1278 breakpoint
->length
);
1280 retval
= target_write_memory(target
,
1281 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1282 breakpoint
->length
, 1, code
);
1283 if (retval
!= ERROR_OK
)
1286 armv8_cache_d_inner_flush_virt(armv8
,
1287 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1288 breakpoint
->length
);
1290 armv8_cache_i_inner_inval_virt(armv8
,
1291 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1292 breakpoint
->length
);
1294 breakpoint
->set
= 0x11; /* Any nice value but 0 */
1297 /* Ensure that halting debug mode is enable */
1298 retval
= aarch64_set_dscr_bits(target
, DSCR_HDE
, DSCR_HDE
);
1299 if (retval
!= ERROR_OK
) {
1300 LOG_DEBUG("Failed to set DSCR.HDE");
1307 static int aarch64_set_context_breakpoint(struct target
*target
,
1308 struct breakpoint
*breakpoint
, uint8_t matchmode
)
1310 int retval
= ERROR_FAIL
;
1313 uint8_t byte_addr_select
= 0x0F;
1314 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
1315 struct armv8_common
*armv8
= &aarch64
->armv8_common
;
1316 struct aarch64_brp
*brp_list
= aarch64
->brp_list
;
1318 if (breakpoint
->set
) {
1319 LOG_WARNING("breakpoint already set");
1322 /*check available context BRPs*/
1323 while ((brp_list
[brp_i
].used
||
1324 (brp_list
[brp_i
].type
!= BRP_CONTEXT
)) && (brp_i
< aarch64
->brp_num
))
1327 if (brp_i
>= aarch64
->brp_num
) {
1328 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1332 breakpoint
->set
= brp_i
+ 1;
1333 control
= ((matchmode
& 0x7) << 20)
1335 | (byte_addr_select
<< 5)
1337 brp_list
[brp_i
].used
= 1;
1338 brp_list
[brp_i
].value
= (breakpoint
->asid
);
1339 brp_list
[brp_i
].control
= control
;
1340 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1341 + CPUV8_DBG_BVR_BASE
+ 16 * brp_list
[brp_i
].BRPn
,
1342 brp_list
[brp_i
].value
);
1343 if (retval
!= ERROR_OK
)
1345 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1346 + CPUV8_DBG_BCR_BASE
+ 16 * brp_list
[brp_i
].BRPn
,
1347 brp_list
[brp_i
].control
);
1348 if (retval
!= ERROR_OK
)
1350 LOG_DEBUG("brp %i control 0x%0" PRIx32
" value 0x%" TARGET_PRIxADDR
, brp_i
,
1351 brp_list
[brp_i
].control
,
1352 brp_list
[brp_i
].value
);
1357 static int aarch64_set_hybrid_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
1359 int retval
= ERROR_FAIL
;
1360 int brp_1
= 0; /* holds the contextID pair */
1361 int brp_2
= 0; /* holds the IVA pair */
1362 uint32_t control_CTX
, control_IVA
;
1363 uint8_t CTX_byte_addr_select
= 0x0F;
1364 uint8_t IVA_byte_addr_select
= 0x0F;
1365 uint8_t CTX_machmode
= 0x03;
1366 uint8_t IVA_machmode
= 0x01;
1367 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
1368 struct armv8_common
*armv8
= &aarch64
->armv8_common
;
1369 struct aarch64_brp
*brp_list
= aarch64
->brp_list
;
1371 if (breakpoint
->set
) {
1372 LOG_WARNING("breakpoint already set");
1375 /*check available context BRPs*/
1376 while ((brp_list
[brp_1
].used
||
1377 (brp_list
[brp_1
].type
!= BRP_CONTEXT
)) && (brp_1
< aarch64
->brp_num
))
1380 printf("brp(CTX) found num: %d\n", brp_1
);
1381 if (brp_1
>= aarch64
->brp_num
) {
1382 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1386 while ((brp_list
[brp_2
].used
||
1387 (brp_list
[brp_2
].type
!= BRP_NORMAL
)) && (brp_2
< aarch64
->brp_num
))
1390 printf("brp(IVA) found num: %d\n", brp_2
);
1391 if (brp_2
>= aarch64
->brp_num
) {
1392 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1396 breakpoint
->set
= brp_1
+ 1;
1397 breakpoint
->linked_BRP
= brp_2
;
1398 control_CTX
= ((CTX_machmode
& 0x7) << 20)
1401 | (CTX_byte_addr_select
<< 5)
1403 brp_list
[brp_1
].used
= 1;
1404 brp_list
[brp_1
].value
= (breakpoint
->asid
);
1405 brp_list
[brp_1
].control
= control_CTX
;
1406 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1407 + CPUV8_DBG_BVR_BASE
+ 16 * brp_list
[brp_1
].BRPn
,
1408 brp_list
[brp_1
].value
);
1409 if (retval
!= ERROR_OK
)
1411 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1412 + CPUV8_DBG_BCR_BASE
+ 16 * brp_list
[brp_1
].BRPn
,
1413 brp_list
[brp_1
].control
);
1414 if (retval
!= ERROR_OK
)
1417 control_IVA
= ((IVA_machmode
& 0x7) << 20)
1420 | (IVA_byte_addr_select
<< 5)
1422 brp_list
[brp_2
].used
= 1;
1423 brp_list
[brp_2
].value
= breakpoint
->address
& 0xFFFFFFFFFFFFFFFC;
1424 brp_list
[brp_2
].control
= control_IVA
;
1425 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1426 + CPUV8_DBG_BVR_BASE
+ 16 * brp_list
[brp_2
].BRPn
,
1427 brp_list
[brp_2
].value
& 0xFFFFFFFF);
1428 if (retval
!= ERROR_OK
)
1430 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1431 + CPUV8_DBG_BVR_BASE
+ 4 + 16 * brp_list
[brp_2
].BRPn
,
1432 brp_list
[brp_2
].value
>> 32);
1433 if (retval
!= ERROR_OK
)
1435 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1436 + CPUV8_DBG_BCR_BASE
+ 16 * brp_list
[brp_2
].BRPn
,
1437 brp_list
[brp_2
].control
);
1438 if (retval
!= ERROR_OK
)
1444 static int aarch64_unset_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
1447 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
1448 struct armv8_common
*armv8
= &aarch64
->armv8_common
;
1449 struct aarch64_brp
*brp_list
= aarch64
->brp_list
;
1451 if (!breakpoint
->set
) {
1452 LOG_WARNING("breakpoint not set");
1456 if (breakpoint
->type
== BKPT_HARD
) {
1457 if ((breakpoint
->address
!= 0) && (breakpoint
->asid
!= 0)) {
1458 int brp_i
= breakpoint
->set
- 1;
1459 int brp_j
= breakpoint
->linked_BRP
;
1460 if ((brp_i
< 0) || (brp_i
>= aarch64
->brp_num
)) {
1461 LOG_DEBUG("Invalid BRP number in breakpoint");
1464 LOG_DEBUG("rbp %i control 0x%0" PRIx32
" value 0x%" TARGET_PRIxADDR
, brp_i
,
1465 brp_list
[brp_i
].control
, brp_list
[brp_i
].value
);
1466 brp_list
[brp_i
].used
= 0;
1467 brp_list
[brp_i
].value
= 0;
1468 brp_list
[brp_i
].control
= 0;
1469 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1470 + CPUV8_DBG_BCR_BASE
+ 16 * brp_list
[brp_i
].BRPn
,
1471 brp_list
[brp_i
].control
);
1472 if (retval
!= ERROR_OK
)
1474 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1475 + CPUV8_DBG_BVR_BASE
+ 16 * brp_list
[brp_i
].BRPn
,
1476 (uint32_t)brp_list
[brp_i
].value
);
1477 if (retval
!= ERROR_OK
)
1479 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1480 + CPUV8_DBG_BVR_BASE
+ 4 + 16 * brp_list
[brp_i
].BRPn
,
1481 (uint32_t)brp_list
[brp_i
].value
);
1482 if (retval
!= ERROR_OK
)
1484 if ((brp_j
< 0) || (brp_j
>= aarch64
->brp_num
)) {
1485 LOG_DEBUG("Invalid BRP number in breakpoint");
1488 LOG_DEBUG("rbp %i control 0x%0" PRIx32
" value 0x%0" PRIx64
, brp_j
,
1489 brp_list
[brp_j
].control
, brp_list
[brp_j
].value
);
1490 brp_list
[brp_j
].used
= 0;
1491 brp_list
[brp_j
].value
= 0;
1492 brp_list
[brp_j
].control
= 0;
1493 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1494 + CPUV8_DBG_BCR_BASE
+ 16 * brp_list
[brp_j
].BRPn
,
1495 brp_list
[brp_j
].control
);
1496 if (retval
!= ERROR_OK
)
1498 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1499 + CPUV8_DBG_BVR_BASE
+ 16 * brp_list
[brp_j
].BRPn
,
1500 (uint32_t)brp_list
[brp_j
].value
);
1501 if (retval
!= ERROR_OK
)
1503 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1504 + CPUV8_DBG_BVR_BASE
+ 4 + 16 * brp_list
[brp_j
].BRPn
,
1505 (uint32_t)brp_list
[brp_j
].value
);
1506 if (retval
!= ERROR_OK
)
1509 breakpoint
->linked_BRP
= 0;
1510 breakpoint
->set
= 0;
1514 int brp_i
= breakpoint
->set
- 1;
1515 if ((brp_i
< 0) || (brp_i
>= aarch64
->brp_num
)) {
1516 LOG_DEBUG("Invalid BRP number in breakpoint");
1519 LOG_DEBUG("rbp %i control 0x%0" PRIx32
" value 0x%0" PRIx64
, brp_i
,
1520 brp_list
[brp_i
].control
, brp_list
[brp_i
].value
);
1521 brp_list
[brp_i
].used
= 0;
1522 brp_list
[brp_i
].value
= 0;
1523 brp_list
[brp_i
].control
= 0;
1524 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1525 + CPUV8_DBG_BCR_BASE
+ 16 * brp_list
[brp_i
].BRPn
,
1526 brp_list
[brp_i
].control
);
1527 if (retval
!= ERROR_OK
)
1529 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1530 + CPUV8_DBG_BVR_BASE
+ 16 * brp_list
[brp_i
].BRPn
,
1531 brp_list
[brp_i
].value
);
1532 if (retval
!= ERROR_OK
)
1535 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1536 + CPUV8_DBG_BVR_BASE
+ 4 + 16 * brp_list
[brp_i
].BRPn
,
1537 (uint32_t)brp_list
[brp_i
].value
);
1538 if (retval
!= ERROR_OK
)
1540 breakpoint
->set
= 0;
1544 /* restore original instruction (kept in target endianness) */
1546 armv8_cache_d_inner_flush_virt(armv8
,
1547 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1548 breakpoint
->length
);
1550 if (breakpoint
->length
== 4) {
1551 retval
= target_write_memory(target
,
1552 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1553 4, 1, breakpoint
->orig_instr
);
1554 if (retval
!= ERROR_OK
)
1557 retval
= target_write_memory(target
,
1558 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1559 2, 1, breakpoint
->orig_instr
);
1560 if (retval
!= ERROR_OK
)
1564 armv8_cache_d_inner_flush_virt(armv8
,
1565 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1566 breakpoint
->length
);
1568 armv8_cache_i_inner_inval_virt(armv8
,
1569 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1570 breakpoint
->length
);
1572 breakpoint
->set
= 0;
1577 static int aarch64_add_breakpoint(struct target
*target
,
1578 struct breakpoint
*breakpoint
)
1580 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
1582 if ((breakpoint
->type
== BKPT_HARD
) && (aarch64
->brp_num_available
< 1)) {
1583 LOG_INFO("no hardware breakpoint available");
1584 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1587 if (breakpoint
->type
== BKPT_HARD
)
1588 aarch64
->brp_num_available
--;
1590 return aarch64_set_breakpoint(target
, breakpoint
, 0x00); /* Exact match */
1593 static int aarch64_add_context_breakpoint(struct target
*target
,
1594 struct breakpoint
*breakpoint
)
1596 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
1598 if ((breakpoint
->type
== BKPT_HARD
) && (aarch64
->brp_num_available
< 1)) {
1599 LOG_INFO("no hardware breakpoint available");
1600 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1603 if (breakpoint
->type
== BKPT_HARD
)
1604 aarch64
->brp_num_available
--;
1606 return aarch64_set_context_breakpoint(target
, breakpoint
, 0x02); /* asid match */
1609 static int aarch64_add_hybrid_breakpoint(struct target
*target
,
1610 struct breakpoint
*breakpoint
)
1612 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
1614 if ((breakpoint
->type
== BKPT_HARD
) && (aarch64
->brp_num_available
< 1)) {
1615 LOG_INFO("no hardware breakpoint available");
1616 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1619 if (breakpoint
->type
== BKPT_HARD
)
1620 aarch64
->brp_num_available
--;
1622 return aarch64_set_hybrid_breakpoint(target
, breakpoint
); /* ??? */
1626 static int aarch64_remove_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
1628 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
1631 /* It is perfectly possible to remove breakpoints while the target is running */
1632 if (target
->state
!= TARGET_HALTED
) {
1633 LOG_WARNING("target not halted");
1634 return ERROR_TARGET_NOT_HALTED
;
1638 if (breakpoint
->set
) {
1639 aarch64_unset_breakpoint(target
, breakpoint
);
1640 if (breakpoint
->type
== BKPT_HARD
)
1641 aarch64
->brp_num_available
++;
1648 * Cortex-A8 Reset functions
1651 static int aarch64_assert_reset(struct target
*target
)
1653 struct armv8_common
*armv8
= target_to_armv8(target
);
1657 /* FIXME when halt is requested, make it work somehow... */
1659 /* Issue some kind of warm reset. */
1660 if (target_has_event_action(target
, TARGET_EVENT_RESET_ASSERT
))
1661 target_handle_event(target
, TARGET_EVENT_RESET_ASSERT
);
1662 else if (jtag_get_reset_config() & RESET_HAS_SRST
) {
1663 /* REVISIT handle "pulls" cases, if there's
1664 * hardware that needs them to work.
1666 adapter_assert_reset();
1668 LOG_ERROR("%s: how to reset?", target_name(target
));
1672 /* registers are now invalid */
1673 if (target_was_examined(target
)) {
1674 register_cache_invalidate(armv8
->arm
.core_cache
);
1675 register_cache_invalidate(armv8
->arm
.core_cache
->next
);
1678 target
->state
= TARGET_RESET
;
1683 static int aarch64_deassert_reset(struct target
*target
)
1689 /* be certain SRST is off */
1690 adapter_deassert_reset();
1692 if (!target_was_examined(target
))
1695 retval
= aarch64_poll(target
);
1696 if (retval
!= ERROR_OK
)
1699 retval
= aarch64_init_debug_access(target
);
1700 if (retval
!= ERROR_OK
)
1703 if (target
->reset_halt
) {
1704 if (target
->state
!= TARGET_HALTED
) {
1705 LOG_WARNING("%s: ran after reset and before halt ...",
1706 target_name(target
));
1707 retval
= target_halt(target
);
1714 static int aarch64_write_cpu_memory_slow(struct target
*target
,
1715 uint32_t size
, uint32_t count
, const uint8_t *buffer
, uint32_t *dscr
)
1717 struct armv8_common
*armv8
= target_to_armv8(target
);
1718 struct arm_dpm
*dpm
= &armv8
->dpm
;
1719 struct arm
*arm
= &armv8
->arm
;
1722 armv8_reg_current(arm
, 1)->dirty
= true;
1724 /* change DCC to normal mode if necessary */
1725 if (*dscr
& DSCR_MA
) {
1727 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
1728 armv8
->debug_base
+ CPUV8_DBG_DSCR
, *dscr
);
1729 if (retval
!= ERROR_OK
)
1734 uint32_t data
, opcode
;
1736 /* write the data to store into DTRRX */
1740 data
= target_buffer_get_u16(target
, buffer
);
1742 data
= target_buffer_get_u32(target
, buffer
);
1743 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
1744 armv8
->debug_base
+ CPUV8_DBG_DTRRX
, data
);
1745 if (retval
!= ERROR_OK
)
1748 if (arm
->core_state
== ARM_STATE_AARCH64
)
1749 retval
= dpm
->instr_execute(dpm
, ARMV8_MRS(SYSTEM_DBG_DTRRX_EL0
, 1));
1751 retval
= dpm
->instr_execute(dpm
, ARMV4_5_MRC(14, 0, 1, 0, 5, 0));
1752 if (retval
!= ERROR_OK
)
1756 opcode
= armv8_opcode(armv8
, ARMV8_OPC_STRB_IP
);
1758 opcode
= armv8_opcode(armv8
, ARMV8_OPC_STRH_IP
);
1760 opcode
= armv8_opcode(armv8
, ARMV8_OPC_STRW_IP
);
1761 retval
= dpm
->instr_execute(dpm
, opcode
);
1762 if (retval
!= ERROR_OK
)
1773 static int aarch64_write_cpu_memory_fast(struct target
*target
,
1774 uint32_t count
, const uint8_t *buffer
, uint32_t *dscr
)
1776 struct armv8_common
*armv8
= target_to_armv8(target
);
1777 struct arm
*arm
= &armv8
->arm
;
1780 armv8_reg_current(arm
, 1)->dirty
= true;
1782 /* Step 1.d - Change DCC to memory mode */
1784 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
1785 armv8
->debug_base
+ CPUV8_DBG_DSCR
, *dscr
);
1786 if (retval
!= ERROR_OK
)
1790 /* Step 2.a - Do the write */
1791 retval
= mem_ap_write_buf_noincr(armv8
->debug_ap
,
1792 buffer
, 4, count
, armv8
->debug_base
+ CPUV8_DBG_DTRRX
);
1793 if (retval
!= ERROR_OK
)
1796 /* Step 3.a - Switch DTR mode back to Normal mode */
1798 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
1799 armv8
->debug_base
+ CPUV8_DBG_DSCR
, *dscr
);
1800 if (retval
!= ERROR_OK
)
1806 static int aarch64_write_cpu_memory(struct target
*target
,
1807 uint64_t address
, uint32_t size
,
1808 uint32_t count
, const uint8_t *buffer
)
1810 /* write memory through APB-AP */
1811 int retval
= ERROR_COMMAND_SYNTAX_ERROR
;
1812 struct armv8_common
*armv8
= target_to_armv8(target
);
1813 struct arm_dpm
*dpm
= &armv8
->dpm
;
1814 struct arm
*arm
= &armv8
->arm
;
1817 if (target
->state
!= TARGET_HALTED
) {
1818 LOG_WARNING("target not halted");
1819 return ERROR_TARGET_NOT_HALTED
;
1822 /* Mark register X0 as dirty, as it will be used
1823 * for transferring the data.
1824 * It will be restored automatically when exiting
1827 armv8_reg_current(arm
, 0)->dirty
= true;
1829 /* This algorithm comes from DDI0487A.g, chapter J9.1 */
1832 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
1833 armv8
->debug_base
+ CPUV8_DBG_DSCR
, &dscr
);
1834 if (retval
!= ERROR_OK
)
1837 /* Set Normal access mode */
1838 dscr
= (dscr
& ~DSCR_MA
);
1839 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
1840 armv8
->debug_base
+ CPUV8_DBG_DSCR
, dscr
);
1841 if (retval
!= ERROR_OK
)
1844 if (arm
->core_state
== ARM_STATE_AARCH64
) {
1845 /* Write X0 with value 'address' using write procedure */
1846 /* Step 1.a+b - Write the address for read access into DBGDTR_EL0 */
1847 /* Step 1.c - Copy value from DTR to R0 using instruction mrs DBGDTR_EL0, x0 */
1848 retval
= dpm
->instr_write_data_dcc_64(dpm
,
1849 ARMV8_MRS(SYSTEM_DBG_DBGDTR_EL0
, 0), address
);
1851 /* Write R0 with value 'address' using write procedure */
1852 /* Step 1.a+b - Write the address for read access into DBGDTRRX */
1853 /* Step 1.c - Copy value from DTR to R0 using instruction mrc DBGDTRTXint, r0 */
1854 retval
= dpm
->instr_write_data_dcc(dpm
,
1855 ARMV4_5_MRC(14, 0, 0, 0, 5, 0), address
);
1858 if (retval
!= ERROR_OK
)
1861 if (size
== 4 && (address
% 4) == 0)
1862 retval
= aarch64_write_cpu_memory_fast(target
, count
, buffer
, &dscr
);
1864 retval
= aarch64_write_cpu_memory_slow(target
, size
, count
, buffer
, &dscr
);
1866 if (retval
!= ERROR_OK
) {
1867 /* Unset DTR mode */
1868 mem_ap_read_atomic_u32(armv8
->debug_ap
,
1869 armv8
->debug_base
+ CPUV8_DBG_DSCR
, &dscr
);
1871 mem_ap_write_atomic_u32(armv8
->debug_ap
,
1872 armv8
->debug_base
+ CPUV8_DBG_DSCR
, dscr
);
1875 /* Check for sticky abort flags in the DSCR */
1876 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
1877 armv8
->debug_base
+ CPUV8_DBG_DSCR
, &dscr
);
1878 if (retval
!= ERROR_OK
)
1882 if (dscr
& (DSCR_ERR
| DSCR_SYS_ERROR_PEND
)) {
1883 /* Abort occurred - clear it and exit */
1884 LOG_ERROR("abort occurred - dscr = 0x%08" PRIx32
, dscr
);
1885 armv8_dpm_handle_exception(dpm
, true);
1893 static int aarch64_read_cpu_memory_slow(struct target
*target
,
1894 uint32_t size
, uint32_t count
, uint8_t *buffer
, uint32_t *dscr
)
1896 struct armv8_common
*armv8
= target_to_armv8(target
);
1897 struct arm_dpm
*dpm
= &armv8
->dpm
;
1898 struct arm
*arm
= &armv8
->arm
;
1901 armv8_reg_current(arm
, 1)->dirty
= true;
1903 /* change DCC to normal mode (if necessary) */
1904 if (*dscr
& DSCR_MA
) {
1906 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
1907 armv8
->debug_base
+ CPUV8_DBG_DSCR
, *dscr
);
1908 if (retval
!= ERROR_OK
)
1913 uint32_t opcode
, data
;
1916 opcode
= armv8_opcode(armv8
, ARMV8_OPC_LDRB_IP
);
1918 opcode
= armv8_opcode(armv8
, ARMV8_OPC_LDRH_IP
);
1920 opcode
= armv8_opcode(armv8
, ARMV8_OPC_LDRW_IP
);
1921 retval
= dpm
->instr_execute(dpm
, opcode
);
1922 if (retval
!= ERROR_OK
)
1925 if (arm
->core_state
== ARM_STATE_AARCH64
)
1926 retval
= dpm
->instr_execute(dpm
, ARMV8_MSR_GP(SYSTEM_DBG_DTRTX_EL0
, 1));
1928 retval
= dpm
->instr_execute(dpm
, ARMV4_5_MCR(14, 0, 1, 0, 5, 0));
1929 if (retval
!= ERROR_OK
)
1932 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
1933 armv8
->debug_base
+ CPUV8_DBG_DTRTX
, &data
);
1934 if (retval
!= ERROR_OK
)
1938 *buffer
= (uint8_t)data
;
1940 target_buffer_set_u16(target
, buffer
, (uint16_t)data
);
1942 target_buffer_set_u32(target
, buffer
, data
);
1952 static int aarch64_read_cpu_memory_fast(struct target
*target
,
1953 uint32_t count
, uint8_t *buffer
, uint32_t *dscr
)
1955 struct armv8_common
*armv8
= target_to_armv8(target
);
1956 struct arm_dpm
*dpm
= &armv8
->dpm
;
1957 struct arm
*arm
= &armv8
->arm
;
1961 /* Mark X1 as dirty */
1962 armv8_reg_current(arm
, 1)->dirty
= true;
1964 if (arm
->core_state
== ARM_STATE_AARCH64
) {
1965 /* Step 1.d - Dummy operation to ensure EDSCR.Txfull == 1 */
1966 retval
= dpm
->instr_execute(dpm
, ARMV8_MSR_GP(SYSTEM_DBG_DBGDTR_EL0
, 0));
1968 /* Step 1.d - Dummy operation to ensure EDSCR.Txfull == 1 */
1969 retval
= dpm
->instr_execute(dpm
, ARMV4_5_MCR(14, 0, 0, 0, 5, 0));
1972 if (retval
!= ERROR_OK
)
1975 /* Step 1.e - Change DCC to memory mode */
1977 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
1978 armv8
->debug_base
+ CPUV8_DBG_DSCR
, *dscr
);
1979 if (retval
!= ERROR_OK
)
1982 /* Step 1.f - read DBGDTRTX and discard the value */
1983 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
1984 armv8
->debug_base
+ CPUV8_DBG_DTRTX
, &value
);
1985 if (retval
!= ERROR_OK
)
1989 /* Read the data - Each read of the DTRTX register causes the instruction to be reissued
1990 * Abort flags are sticky, so can be read at end of transactions
1992 * This data is read in aligned to 32 bit boundary.
1996 /* Step 2.a - Loop n-1 times, each read of DBGDTRTX reads the data from [X0] and
1997 * increments X0 by 4. */
1998 retval
= mem_ap_read_buf_noincr(armv8
->debug_ap
, buffer
, 4, count
,
1999 armv8
->debug_base
+ CPUV8_DBG_DTRTX
);
2000 if (retval
!= ERROR_OK
)
2004 /* Step 3.a - set DTR access mode back to Normal mode */
2006 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
2007 armv8
->debug_base
+ CPUV8_DBG_DSCR
, *dscr
);
2008 if (retval
!= ERROR_OK
)
2011 /* Step 3.b - read DBGDTRTX for the final value */
2012 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
2013 armv8
->debug_base
+ CPUV8_DBG_DTRTX
, &value
);
2014 if (retval
!= ERROR_OK
)
2017 target_buffer_set_u32(target
, buffer
+ count
* 4, value
);
2021 static int aarch64_read_cpu_memory(struct target
*target
,
2022 target_addr_t address
, uint32_t size
,
2023 uint32_t count
, uint8_t *buffer
)
2025 /* read memory through APB-AP */
2026 int retval
= ERROR_COMMAND_SYNTAX_ERROR
;
2027 struct armv8_common
*armv8
= target_to_armv8(target
);
2028 struct arm_dpm
*dpm
= &armv8
->dpm
;
2029 struct arm
*arm
= &armv8
->arm
;
2032 LOG_DEBUG("Reading CPU memory address 0x%016" PRIx64
" size %" PRIu32
" count %" PRIu32
,
2033 address
, size
, count
);
2035 if (target
->state
!= TARGET_HALTED
) {
2036 LOG_WARNING("target not halted");
2037 return ERROR_TARGET_NOT_HALTED
;
2040 /* Mark register X0 as dirty, as it will be used
2041 * for transferring the data.
2042 * It will be restored automatically when exiting
2045 armv8_reg_current(arm
, 0)->dirty
= true;
2048 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
2049 armv8
->debug_base
+ CPUV8_DBG_DSCR
, &dscr
);
2050 if (retval
!= ERROR_OK
)
2053 /* This algorithm comes from DDI0487A.g, chapter J9.1 */
2055 /* Set Normal access mode */
2057 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
2058 armv8
->debug_base
+ CPUV8_DBG_DSCR
, dscr
);
2059 if (retval
!= ERROR_OK
)
2062 if (arm
->core_state
== ARM_STATE_AARCH64
) {
2063 /* Write X0 with value 'address' using write procedure */
2064 /* Step 1.a+b - Write the address for read access into DBGDTR_EL0 */
2065 /* Step 1.c - Copy value from DTR to R0 using instruction mrs DBGDTR_EL0, x0 */
2066 retval
= dpm
->instr_write_data_dcc_64(dpm
,
2067 ARMV8_MRS(SYSTEM_DBG_DBGDTR_EL0
, 0), address
);
2069 /* Write R0 with value 'address' using write procedure */
2070 /* Step 1.a+b - Write the address for read access into DBGDTRRXint */
2071 /* Step 1.c - Copy value from DTR to R0 using instruction mrc DBGDTRTXint, r0 */
2072 retval
= dpm
->instr_write_data_dcc(dpm
,
2073 ARMV4_5_MRC(14, 0, 0, 0, 5, 0), address
);
2076 if (retval
!= ERROR_OK
)
2079 if (size
== 4 && (address
% 4) == 0)
2080 retval
= aarch64_read_cpu_memory_fast(target
, count
, buffer
, &dscr
);
2082 retval
= aarch64_read_cpu_memory_slow(target
, size
, count
, buffer
, &dscr
);
2084 if (dscr
& DSCR_MA
) {
2086 mem_ap_write_atomic_u32(armv8
->debug_ap
,
2087 armv8
->debug_base
+ CPUV8_DBG_DSCR
, dscr
);
2090 if (retval
!= ERROR_OK
)
2093 /* Check for sticky abort flags in the DSCR */
2094 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
2095 armv8
->debug_base
+ CPUV8_DBG_DSCR
, &dscr
);
2096 if (retval
!= ERROR_OK
)
2101 if (dscr
& (DSCR_ERR
| DSCR_SYS_ERROR_PEND
)) {
2102 /* Abort occurred - clear it and exit */
2103 LOG_ERROR("abort occurred - dscr = 0x%08" PRIx32
, dscr
);
2104 armv8_dpm_handle_exception(dpm
, true);
2112 static int aarch64_read_phys_memory(struct target
*target
,
2113 target_addr_t address
, uint32_t size
,
2114 uint32_t count
, uint8_t *buffer
)
2116 int retval
= ERROR_COMMAND_SYNTAX_ERROR
;
2118 if (count
&& buffer
) {
2119 /* read memory through APB-AP */
2120 retval
= aarch64_mmu_modify(target
, 0);
2121 if (retval
!= ERROR_OK
)
2123 retval
= aarch64_read_cpu_memory(target
, address
, size
, count
, buffer
);
2128 static int aarch64_read_memory(struct target
*target
, target_addr_t address
,
2129 uint32_t size
, uint32_t count
, uint8_t *buffer
)
2131 int mmu_enabled
= 0;
2134 /* determine if MMU was enabled on target stop */
2135 retval
= aarch64_mmu(target
, &mmu_enabled
);
2136 if (retval
!= ERROR_OK
)
2140 /* enable MMU as we could have disabled it for phys access */
2141 retval
= aarch64_mmu_modify(target
, 1);
2142 if (retval
!= ERROR_OK
)
2145 return aarch64_read_cpu_memory(target
, address
, size
, count
, buffer
);
2148 static int aarch64_write_phys_memory(struct target
*target
,
2149 target_addr_t address
, uint32_t size
,
2150 uint32_t count
, const uint8_t *buffer
)
2152 int retval
= ERROR_COMMAND_SYNTAX_ERROR
;
2154 if (count
&& buffer
) {
2155 /* write memory through APB-AP */
2156 retval
= aarch64_mmu_modify(target
, 0);
2157 if (retval
!= ERROR_OK
)
2159 return aarch64_write_cpu_memory(target
, address
, size
, count
, buffer
);
2165 static int aarch64_write_memory(struct target
*target
, target_addr_t address
,
2166 uint32_t size
, uint32_t count
, const uint8_t *buffer
)
2168 int mmu_enabled
= 0;
2171 /* determine if MMU was enabled on target stop */
2172 retval
= aarch64_mmu(target
, &mmu_enabled
);
2173 if (retval
!= ERROR_OK
)
2177 /* enable MMU as we could have disabled it for phys access */
2178 retval
= aarch64_mmu_modify(target
, 1);
2179 if (retval
!= ERROR_OK
)
2182 return aarch64_write_cpu_memory(target
, address
, size
, count
, buffer
);
2185 static int aarch64_handle_target_request(void *priv
)
2187 struct target
*target
= priv
;
2188 struct armv8_common
*armv8
= target_to_armv8(target
);
2191 if (!target_was_examined(target
))
2193 if (!target
->dbg_msg_enabled
)
2196 if (target
->state
== TARGET_RUNNING
) {
2199 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
2200 armv8
->debug_base
+ CPUV8_DBG_DSCR
, &dscr
);
2202 /* check if we have data */
2203 while ((dscr
& DSCR_DTR_TX_FULL
) && (retval
== ERROR_OK
)) {
2204 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
2205 armv8
->debug_base
+ CPUV8_DBG_DTRTX
, &request
);
2206 if (retval
== ERROR_OK
) {
2207 target_request(target
, request
);
2208 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
2209 armv8
->debug_base
+ CPUV8_DBG_DSCR
, &dscr
);
2217 static int aarch64_examine_first(struct target
*target
)
2219 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
2220 struct armv8_common
*armv8
= &aarch64
->armv8_common
;
2221 struct adiv5_dap
*swjdp
= armv8
->arm
.dap
;
2222 struct aarch64_private_config
*pc
;
2224 int retval
= ERROR_OK
;
2225 uint64_t debug
, ttypr
;
2227 uint32_t tmp0
, tmp1
, tmp2
, tmp3
;
2228 debug
= ttypr
= cpuid
= 0;
2230 /* Search for the APB-AB - it is needed for access to debug registers */
2231 retval
= dap_find_ap(swjdp
, AP_TYPE_APB_AP
, &armv8
->debug_ap
);
2232 if (retval
!= ERROR_OK
) {
2233 LOG_ERROR("Could not find APB-AP for debug access");
2237 retval
= mem_ap_init(armv8
->debug_ap
);
2238 if (retval
!= ERROR_OK
) {
2239 LOG_ERROR("Could not initialize the APB-AP");
2243 armv8
->debug_ap
->memaccess_tck
= 10;
2245 if (!target
->dbgbase_set
) {
2247 /* Get ROM Table base */
2249 int32_t coreidx
= target
->coreid
;
2250 retval
= dap_get_debugbase(armv8
->debug_ap
, &dbgbase
, &apid
);
2251 if (retval
!= ERROR_OK
)
2253 /* Lookup 0x15 -- Processor DAP */
2254 retval
= dap_lookup_cs_component(armv8
->debug_ap
, dbgbase
, 0x15,
2255 &armv8
->debug_base
, &coreidx
);
2256 if (retval
!= ERROR_OK
)
2258 LOG_DEBUG("Detected core %" PRId32
" dbgbase: %08" PRIx32
2259 " apid: %08" PRIx32
, coreidx
, armv8
->debug_base
, apid
);
2261 armv8
->debug_base
= target
->dbgbase
;
2263 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
2264 armv8
->debug_base
+ CPUV8_DBG_OSLAR
, 0);
2265 if (retval
!= ERROR_OK
) {
2266 LOG_DEBUG("Examine %s failed", "oslock");
2270 retval
= mem_ap_read_u32(armv8
->debug_ap
,
2271 armv8
->debug_base
+ CPUV8_DBG_MAINID0
, &cpuid
);
2272 if (retval
!= ERROR_OK
) {
2273 LOG_DEBUG("Examine %s failed", "CPUID");
2277 retval
= mem_ap_read_u32(armv8
->debug_ap
,
2278 armv8
->debug_base
+ CPUV8_DBG_MEMFEATURE0
, &tmp0
);
2279 retval
+= mem_ap_read_u32(armv8
->debug_ap
,
2280 armv8
->debug_base
+ CPUV8_DBG_MEMFEATURE0
+ 4, &tmp1
);
2281 if (retval
!= ERROR_OK
) {
2282 LOG_DEBUG("Examine %s failed", "Memory Model Type");
2285 retval
= mem_ap_read_u32(armv8
->debug_ap
,
2286 armv8
->debug_base
+ CPUV8_DBG_DBGFEATURE0
, &tmp2
);
2287 retval
+= mem_ap_read_u32(armv8
->debug_ap
,
2288 armv8
->debug_base
+ CPUV8_DBG_DBGFEATURE0
+ 4, &tmp3
);
2289 if (retval
!= ERROR_OK
) {
2290 LOG_DEBUG("Examine %s failed", "ID_AA64DFR0_EL1");
2294 retval
= dap_run(armv8
->debug_ap
->dap
);
2295 if (retval
!= ERROR_OK
) {
2296 LOG_ERROR("%s: examination failed\n", target_name(target
));
2301 ttypr
= (ttypr
<< 32) | tmp0
;
2303 debug
= (debug
<< 32) | tmp2
;
2305 LOG_DEBUG("cpuid = 0x%08" PRIx32
, cpuid
);
2306 LOG_DEBUG("ttypr = 0x%08" PRIx64
, ttypr
);
2307 LOG_DEBUG("debug = 0x%08" PRIx64
, debug
);
2309 if (target
->private_config
== NULL
)
2312 pc
= (struct aarch64_private_config
*)target
->private_config
;
2313 if (pc
->cti
== NULL
)
2316 armv8
->cti
= pc
->cti
;
2318 retval
= aarch64_dpm_setup(aarch64
, debug
);
2319 if (retval
!= ERROR_OK
)
2322 /* Setup Breakpoint Register Pairs */
2323 aarch64
->brp_num
= (uint32_t)((debug
>> 12) & 0x0F) + 1;
2324 aarch64
->brp_num_context
= (uint32_t)((debug
>> 28) & 0x0F) + 1;
2325 aarch64
->brp_num_available
= aarch64
->brp_num
;
2326 aarch64
->brp_list
= calloc(aarch64
->brp_num
, sizeof(struct aarch64_brp
));
2327 for (i
= 0; i
< aarch64
->brp_num
; i
++) {
2328 aarch64
->brp_list
[i
].used
= 0;
2329 if (i
< (aarch64
->brp_num
-aarch64
->brp_num_context
))
2330 aarch64
->brp_list
[i
].type
= BRP_NORMAL
;
2332 aarch64
->brp_list
[i
].type
= BRP_CONTEXT
;
2333 aarch64
->brp_list
[i
].value
= 0;
2334 aarch64
->brp_list
[i
].control
= 0;
2335 aarch64
->brp_list
[i
].BRPn
= i
;
2338 LOG_DEBUG("Configured %i hw breakpoints", aarch64
->brp_num
);
2340 target
->state
= TARGET_UNKNOWN
;
2341 target
->debug_reason
= DBG_REASON_NOTHALTED
;
2342 aarch64
->isrmasking_mode
= AARCH64_ISRMASK_ON
;
2343 target_set_examined(target
);
2347 static int aarch64_examine(struct target
*target
)
2349 int retval
= ERROR_OK
;
2351 /* don't re-probe hardware after each reset */
2352 if (!target_was_examined(target
))
2353 retval
= aarch64_examine_first(target
);
2355 /* Configure core debug access */
2356 if (retval
== ERROR_OK
)
2357 retval
= aarch64_init_debug_access(target
);
2363 * Cortex-A8 target creation and initialization
2366 static int aarch64_init_target(struct command_context
*cmd_ctx
,
2367 struct target
*target
)
2369 /* examine_first() does a bunch of this */
2370 arm_semihosting_init(target
);
2374 static int aarch64_init_arch_info(struct target
*target
,
2375 struct aarch64_common
*aarch64
, struct adiv5_dap
*dap
)
2377 struct armv8_common
*armv8
= &aarch64
->armv8_common
;
2379 /* Setup struct aarch64_common */
2380 aarch64
->common_magic
= AARCH64_COMMON_MAGIC
;
2381 armv8
->arm
.dap
= dap
;
2383 /* register arch-specific functions */
2384 armv8
->examine_debug_reason
= NULL
;
2385 armv8
->post_debug_entry
= aarch64_post_debug_entry
;
2386 armv8
->pre_restore_context
= NULL
;
2387 armv8
->armv8_mmu
.read_physical_memory
= aarch64_read_phys_memory
;
2389 armv8_init_arch_info(target
, armv8
);
2390 target_register_timer_callback(aarch64_handle_target_request
, 1,
2391 TARGET_TIMER_TYPE_PERIODIC
, target
);
2396 static int aarch64_target_create(struct target
*target
, Jim_Interp
*interp
)
2398 struct aarch64_private_config
*pc
= target
->private_config
;
2399 struct aarch64_common
*aarch64
;
2401 if (adiv5_verify_config(&pc
->adiv5_config
) != ERROR_OK
)
2404 aarch64
= calloc(1, sizeof(struct aarch64_common
));
2405 if (aarch64
== NULL
) {
2406 LOG_ERROR("Out of memory");
2410 return aarch64_init_arch_info(target
, aarch64
, pc
->adiv5_config
.dap
);
2413 static void aarch64_deinit_target(struct target
*target
)
2415 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
2416 struct armv8_common
*armv8
= &aarch64
->armv8_common
;
2417 struct arm_dpm
*dpm
= &armv8
->dpm
;
2419 armv8_free_reg_cache(target
);
2420 free(aarch64
->brp_list
);
2423 free(target
->private_config
);
2427 static int aarch64_mmu(struct target
*target
, int *enabled
)
2429 if (target
->state
!= TARGET_HALTED
) {
2430 LOG_ERROR("%s: target %s not halted", __func__
, target_name(target
));
2431 return ERROR_TARGET_INVALID
;
2434 *enabled
= target_to_aarch64(target
)->armv8_common
.armv8_mmu
.mmu_enabled
;
2438 static int aarch64_virt2phys(struct target
*target
, target_addr_t virt
,
2439 target_addr_t
*phys
)
2441 return armv8_mmu_translate_va_pa(target
, virt
, phys
, 1);
2445 * private target configuration items
2447 enum aarch64_cfg_param
{
2451 static const Jim_Nvp nvp_config_opts
[] = {
2452 { .name
= "-cti", .value
= CFG_CTI
},
2453 { .name
= NULL
, .value
= -1 }
2456 static int aarch64_jim_configure(struct target
*target
, Jim_GetOptInfo
*goi
)
2458 struct aarch64_private_config
*pc
;
2462 pc
= (struct aarch64_private_config
*)target
->private_config
;
2464 pc
= calloc(1, sizeof(struct aarch64_private_config
));
2465 target
->private_config
= pc
;
2469 * Call adiv5_jim_configure() to parse the common DAP options
2470 * It will return JIM_CONTINUE if it didn't find any known
2471 * options, JIM_OK if it correctly parsed the topmost option
2472 * and JIM_ERR if an error occured during parameter evaluation.
2473 * For JIM_CONTINUE, we check our own params.
2475 e
= adiv5_jim_configure(target
, goi
);
2476 if (e
!= JIM_CONTINUE
)
2479 /* parse config or cget options ... */
2480 if (goi
->argc
> 0) {
2481 Jim_SetEmptyResult(goi
->interp
);
2483 /* check first if topmost item is for us */
2484 e
= Jim_Nvp_name2value_obj(goi
->interp
, nvp_config_opts
,
2487 return JIM_CONTINUE
;
2489 e
= Jim_GetOpt_Obj(goi
, NULL
);
2495 if (goi
->isconfigure
) {
2497 struct arm_cti
*cti
;
2498 e
= Jim_GetOpt_Obj(goi
, &o_cti
);
2501 cti
= cti_instance_by_jim_obj(goi
->interp
, o_cti
);
2503 Jim_SetResultString(goi
->interp
, "CTI name invalid!", -1);
2508 if (goi
->argc
!= 0) {
2509 Jim_WrongNumArgs(goi
->interp
,
2510 goi
->argc
, goi
->argv
,
2515 if (pc
== NULL
|| pc
->cti
== NULL
) {
2516 Jim_SetResultString(goi
->interp
, "CTI not configured", -1);
2519 Jim_SetResultString(goi
->interp
, arm_cti_name(pc
->cti
), -1);
2525 return JIM_CONTINUE
;
2532 COMMAND_HANDLER(aarch64_handle_cache_info_command
)
2534 struct target
*target
= get_current_target(CMD_CTX
);
2535 struct armv8_common
*armv8
= target_to_armv8(target
);
2537 return armv8_handle_cache_info_command(CMD
,
2538 &armv8
->armv8_mmu
.armv8_cache
);
2542 COMMAND_HANDLER(aarch64_handle_dbginit_command
)
2544 struct target
*target
= get_current_target(CMD_CTX
);
2545 if (!target_was_examined(target
)) {
2546 LOG_ERROR("target not examined yet");
2550 return aarch64_init_debug_access(target
);
2553 COMMAND_HANDLER(aarch64_mask_interrupts_command
)
2555 struct target
*target
= get_current_target(CMD_CTX
);
2556 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
2558 static const Jim_Nvp nvp_maskisr_modes
[] = {
2559 { .name
= "off", .value
= AARCH64_ISRMASK_OFF
},
2560 { .name
= "on", .value
= AARCH64_ISRMASK_ON
},
2561 { .name
= NULL
, .value
= -1 },
2566 n
= Jim_Nvp_name2value_simple(nvp_maskisr_modes
, CMD_ARGV
[0]);
2567 if (n
->name
== NULL
) {
2568 LOG_ERROR("Unknown parameter: %s - should be off or on", CMD_ARGV
[0]);
2569 return ERROR_COMMAND_SYNTAX_ERROR
;
2572 aarch64
->isrmasking_mode
= n
->value
;
2575 n
= Jim_Nvp_value2name_simple(nvp_maskisr_modes
, aarch64
->isrmasking_mode
);
2576 command_print(CMD
, "aarch64 interrupt mask %s", n
->name
);
2581 static int jim_mcrmrc(Jim_Interp
*interp
, int argc
, Jim_Obj
* const *argv
)
2583 struct command_context
*context
;
2584 struct target
*target
;
2587 bool is_mcr
= false;
2590 if (Jim_CompareStringImmediate(interp
, argv
[0], "mcr")) {
2597 context
= current_command_context(interp
);
2598 assert(context
!= NULL
);
2600 target
= get_current_target(context
);
2601 if (target
== NULL
) {
2602 LOG_ERROR("%s: no current target", __func__
);
2605 if (!target_was_examined(target
)) {
2606 LOG_ERROR("%s: not yet examined", target_name(target
));
2610 arm
= target_to_arm(target
);
2612 LOG_ERROR("%s: not an ARM", target_name(target
));
2616 if (target
->state
!= TARGET_HALTED
)
2617 return ERROR_TARGET_NOT_HALTED
;
2619 if (arm
->core_state
== ARM_STATE_AARCH64
) {
2620 LOG_ERROR("%s: not 32-bit arm target", target_name(target
));
2624 if (argc
!= arg_cnt
) {
2625 LOG_ERROR("%s: wrong number of arguments", __func__
);
2637 /* NOTE: parameter sequence matches ARM instruction set usage:
2638 * MCR pNUM, op1, rX, CRn, CRm, op2 ; write CP from rX
2639 * MRC pNUM, op1, rX, CRn, CRm, op2 ; read CP into rX
2640 * The "rX" is necessarily omitted; it uses Tcl mechanisms.
2642 retval
= Jim_GetLong(interp
, argv
[1], &l
);
2643 if (retval
!= JIM_OK
)
2646 LOG_ERROR("%s: %s %d out of range", __func__
,
2647 "coprocessor", (int) l
);
2652 retval
= Jim_GetLong(interp
, argv
[2], &l
);
2653 if (retval
!= JIM_OK
)
2656 LOG_ERROR("%s: %s %d out of range", __func__
,
2662 retval
= Jim_GetLong(interp
, argv
[3], &l
);
2663 if (retval
!= JIM_OK
)
2666 LOG_ERROR("%s: %s %d out of range", __func__
,
2672 retval
= Jim_GetLong(interp
, argv
[4], &l
);
2673 if (retval
!= JIM_OK
)
2676 LOG_ERROR("%s: %s %d out of range", __func__
,
2682 retval
= Jim_GetLong(interp
, argv
[5], &l
);
2683 if (retval
!= JIM_OK
)
2686 LOG_ERROR("%s: %s %d out of range", __func__
,
2694 if (is_mcr
== true) {
2695 retval
= Jim_GetLong(interp
, argv
[6], &l
);
2696 if (retval
!= JIM_OK
)
2700 /* NOTE: parameters reordered! */
2701 /* ARMV4_5_MCR(cpnum, op1, 0, CRn, CRm, op2) */
2702 retval
= arm
->mcr(target
, cpnum
, op1
, op2
, CRn
, CRm
, value
);
2703 if (retval
!= ERROR_OK
)
2706 /* NOTE: parameters reordered! */
2707 /* ARMV4_5_MRC(cpnum, op1, 0, CRn, CRm, op2) */
2708 retval
= arm
->mrc(target
, cpnum
, op1
, op2
, CRn
, CRm
, &value
);
2709 if (retval
!= ERROR_OK
)
2712 Jim_SetResult(interp
, Jim_NewIntObj(interp
, value
));
2718 static const struct command_registration aarch64_exec_command_handlers
[] = {
2720 .name
= "cache_info",
2721 .handler
= aarch64_handle_cache_info_command
,
2722 .mode
= COMMAND_EXEC
,
2723 .help
= "display information about target caches",
2728 .handler
= aarch64_handle_dbginit_command
,
2729 .mode
= COMMAND_EXEC
,
2730 .help
= "Initialize core debug",
2735 .handler
= aarch64_mask_interrupts_command
,
2736 .mode
= COMMAND_ANY
,
2737 .help
= "mask aarch64 interrupts during single-step",
2738 .usage
= "['on'|'off']",
2742 .mode
= COMMAND_EXEC
,
2743 .jim_handler
= jim_mcrmrc
,
2744 .help
= "write coprocessor register",
2745 .usage
= "cpnum op1 CRn CRm op2 value",
2749 .mode
= COMMAND_EXEC
,
2750 .jim_handler
= jim_mcrmrc
,
2751 .help
= "read coprocessor register",
2752 .usage
= "cpnum op1 CRn CRm op2",
2755 .chain
= smp_command_handlers
,
2759 COMMAND_REGISTRATION_DONE
2762 static const struct command_registration aarch64_command_handlers
[] = {
2764 .chain
= armv8_command_handlers
,
2768 .mode
= COMMAND_ANY
,
2769 .help
= "Aarch64 command group",
2771 .chain
= aarch64_exec_command_handlers
,
2773 COMMAND_REGISTRATION_DONE
2776 struct target_type aarch64_target
= {
2779 .poll
= aarch64_poll
,
2780 .arch_state
= armv8_arch_state
,
2782 .halt
= aarch64_halt
,
2783 .resume
= aarch64_resume
,
2784 .step
= aarch64_step
,
2786 .assert_reset
= aarch64_assert_reset
,
2787 .deassert_reset
= aarch64_deassert_reset
,
2789 /* REVISIT allow exporting VFP3 registers ... */
2790 .get_gdb_arch
= armv8_get_gdb_arch
,
2791 .get_gdb_reg_list
= armv8_get_gdb_reg_list
,
2793 .read_memory
= aarch64_read_memory
,
2794 .write_memory
= aarch64_write_memory
,
2796 .add_breakpoint
= aarch64_add_breakpoint
,
2797 .add_context_breakpoint
= aarch64_add_context_breakpoint
,
2798 .add_hybrid_breakpoint
= aarch64_add_hybrid_breakpoint
,
2799 .remove_breakpoint
= aarch64_remove_breakpoint
,
2800 .add_watchpoint
= NULL
,
2801 .remove_watchpoint
= NULL
,
2803 .commands
= aarch64_command_handlers
,
2804 .target_create
= aarch64_target_create
,
2805 .target_jim_configure
= aarch64_jim_configure
,
2806 .init_target
= aarch64_init_target
,
2807 .deinit_target
= aarch64_deinit_target
,
2808 .examine
= aarch64_examine
,
2810 .read_phys_memory
= aarch64_read_phys_memory
,
2811 .write_phys_memory
= aarch64_write_phys_memory
,
2813 .virt2phys
= aarch64_virt2phys
,
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)