2 /***************************************************************************
3 * Copyright (C) 2005 by Dominic Rath *
4 * Dominic.Rath@gmx.de *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the *
18 * Free Software Foundation, Inc., *
19 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
20 ***************************************************************************/
26 #include <helper/time_support.h>
27 #include "target_type.h"
29 #include "arm_opcodes.h"
33 * For information about the ARM920T, see ARM DDI 0151C especially
34 * Chapter 9 about debug support, which shows how to manipulate each
35 * of the different scan chains:
37 * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
38 * 1 ... debugging; watchpoint and breakpoint status, etc; also
39 * MMU and cache access in conjunction with scan chain 15
41 * 3 ... external boundary scan (SoC-specific, unused here)
42 * 4 ... access to cache tag RAM
44 * 15 ... access coprocessor 15, "physical" or "interpreted" modes
45 * "interpreted" works with a few actual MRC/MCR instructions
46 * "physical" provides register-like behaviors. Section 9.6.7
47 * covers these details.
49 * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
53 #define _DEBUG_INSTRUCTION_EXECUTION_
56 /* Table 9-8 shows scan chain 15 format during physical access mode, using a
57 * dedicated 6-bit address space (encoded in bits 33:38). Writes use one
58 * JTAG scan, while reads use two.
60 * Table 9-9 lists the thirteen registers which support physical access.
61 * ARM920T_CP15_PHYS_ADDR() constructs the 6-bit reg_addr parameter passed
62 * to arm920t_read_cp15_physical() and arm920t_write_cp15_physical().
68 #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
70 /* Registers supporting physical Read access (from table 9-9) */
71 #define CP15PHYS_CACHETYPE ARM920T_CP15_PHYS_ADDR(0, 0x0, 1)
72 #define CP15PHYS_ICACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xd, 1)
73 #define CP15PHYS_DCACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xe, 1)
74 /* NOTE: several more registers support only physical read access */
76 /* Registers supporting physical Read/Write access (from table 9-9) */
77 #define CP15PHYS_CTRL ARM920T_CP15_PHYS_ADDR(0, 0x1, 0)
78 #define CP15PHYS_PID ARM920T_CP15_PHYS_ADDR(0, 0xd, 0)
79 #define CP15PHYS_TESTSTATE ARM920T_CP15_PHYS_ADDR(0, 0xf, 0)
80 #define CP15PHYS_ICACHE ARM920T_CP15_PHYS_ADDR(1, 0x1, 1)
81 #define CP15PHYS_DCACHE ARM920T_CP15_PHYS_ADDR(1, 0x2, 1)
83 static int arm920t_read_cp15_physical(struct target
*target
,
84 int reg_addr
, uint32_t *value
)
86 struct arm920t_common
*arm920t
= target_to_arm920(target
);
87 struct arm_jtag
*jtag_info
;
88 struct scan_field fields
[4];
89 uint8_t access_type_buf
= 1;
90 uint8_t reg_addr_buf
= reg_addr
& 0x3f;
94 jtag_info
= &arm920t
->arm7_9_common
.jtag_info
;
96 retval
= arm_jtag_scann(jtag_info
, 0xf, TAP_IDLE
);
97 if (retval
!= ERROR_OK
)
99 retval
= arm_jtag_set_instr(jtag_info
, jtag_info
->intest_instr
, NULL
, TAP_IDLE
);
100 if (retval
!= ERROR_OK
)
103 fields
[0].num_bits
= 1;
104 fields
[0].out_value
= &access_type_buf
;
105 fields
[0].in_value
= NULL
;
107 fields
[1].num_bits
= 32;
108 fields
[1].out_value
= NULL
;
109 fields
[1].in_value
= NULL
;
111 fields
[2].num_bits
= 6;
112 fields
[2].out_value
= ®_addr_buf
;
113 fields
[2].in_value
= NULL
;
115 fields
[3].num_bits
= 1;
116 fields
[3].out_value
= &nr_w_buf
;
117 fields
[3].in_value
= NULL
;
119 jtag_add_dr_scan(jtag_info
->tap
, 4, fields
, TAP_IDLE
);
121 fields
[1].in_value
= (uint8_t *)value
;
123 jtag_add_dr_scan(jtag_info
->tap
, 4, fields
, TAP_IDLE
);
125 jtag_add_callback(arm_le_to_h_u32
, (jtag_callback_data_t
)value
);
127 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
128 jtag_execute_queue();
129 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr
, *value
);
135 static int arm920t_write_cp15_physical(struct target
*target
,
136 int reg_addr
, uint32_t value
)
138 struct arm920t_common
*arm920t
= target_to_arm920(target
);
139 struct arm_jtag
*jtag_info
;
140 struct scan_field fields
[4];
141 uint8_t access_type_buf
= 1;
142 uint8_t reg_addr_buf
= reg_addr
& 0x3f;
143 uint8_t nr_w_buf
= 1;
144 uint8_t value_buf
[4];
147 jtag_info
= &arm920t
->arm7_9_common
.jtag_info
;
149 buf_set_u32(value_buf
, 0, 32, value
);
151 retval
= arm_jtag_scann(jtag_info
, 0xf, TAP_IDLE
);
152 if (retval
!= ERROR_OK
)
154 retval
= arm_jtag_set_instr(jtag_info
, jtag_info
->intest_instr
, NULL
, TAP_IDLE
);
155 if (retval
!= ERROR_OK
)
158 fields
[0].num_bits
= 1;
159 fields
[0].out_value
= &access_type_buf
;
160 fields
[0].in_value
= NULL
;
162 fields
[1].num_bits
= 32;
163 fields
[1].out_value
= value_buf
;
164 fields
[1].in_value
= NULL
;
166 fields
[2].num_bits
= 6;
167 fields
[2].out_value
= ®_addr_buf
;
168 fields
[2].in_value
= NULL
;
170 fields
[3].num_bits
= 1;
171 fields
[3].out_value
= &nr_w_buf
;
172 fields
[3].in_value
= NULL
;
174 jtag_add_dr_scan(jtag_info
->tap
, 4, fields
, TAP_IDLE
);
176 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
177 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr
, value
);
183 /* See table 9-10 for scan chain 15 format during interpreted access mode.
184 * If the TESTSTATE register is set for interpreted access, certain CP15
185 * MRC and MCR instructions may be executed through scan chain 15.
187 * Tables 9-11, 9-12, and 9-13 show which MRC and MCR instructions can be
188 * executed using scan chain 15 interpreted mode.
190 static int arm920t_execute_cp15(struct target
*target
, uint32_t cp15_opcode
,
194 struct arm920t_common
*arm920t
= target_to_arm920(target
);
195 struct arm_jtag
*jtag_info
;
196 struct scan_field fields
[4];
197 uint8_t access_type_buf
= 0; /* interpreted access */
198 uint8_t reg_addr_buf
= 0x0;
199 uint8_t nr_w_buf
= 0;
200 uint8_t cp15_opcode_buf
[4];
202 jtag_info
= &arm920t
->arm7_9_common
.jtag_info
;
204 retval
= arm_jtag_scann(jtag_info
, 0xf, TAP_IDLE
);
205 if (retval
!= ERROR_OK
)
207 retval
= arm_jtag_set_instr(jtag_info
, jtag_info
->intest_instr
, NULL
, TAP_IDLE
);
208 if (retval
!= ERROR_OK
)
211 buf_set_u32(cp15_opcode_buf
, 0, 32, cp15_opcode
);
213 fields
[0].num_bits
= 1;
214 fields
[0].out_value
= &access_type_buf
;
215 fields
[0].in_value
= NULL
;
217 fields
[1].num_bits
= 32;
218 fields
[1].out_value
= cp15_opcode_buf
;
219 fields
[1].in_value
= NULL
;
221 fields
[2].num_bits
= 6;
222 fields
[2].out_value
= ®_addr_buf
;
223 fields
[2].in_value
= NULL
;
225 fields
[3].num_bits
= 1;
226 fields
[3].out_value
= &nr_w_buf
;
227 fields
[3].in_value
= NULL
;
229 jtag_add_dr_scan(jtag_info
->tap
, 4, fields
, TAP_IDLE
);
231 arm9tdmi_clock_out(jtag_info
, arm_opcode
, 0, NULL
, 0);
232 arm9tdmi_clock_out(jtag_info
, ARMV4_5_NOP
, 0, NULL
, 1);
233 retval
= arm7_9_execute_sys_speed(target
);
234 if (retval
!= ERROR_OK
)
237 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
239 LOG_ERROR("failed executing JTAG queue");
246 static int arm920t_read_cp15_interpreted(struct target
*target
,
247 uint32_t cp15_opcode
, uint32_t address
, uint32_t *value
)
249 struct arm
*armv4_5
= target_to_arm(target
);
252 uint32_t cp15c15
= 0x0;
253 struct reg
*r
= armv4_5
->core_cache
->reg_list
;
255 /* load address into R1 */
257 arm9tdmi_write_core_regs(target
, 0x2, regs
);
259 /* read-modify-write CP15 test state register
260 * to enable interpreted access mode */
261 arm920t_read_cp15_physical(target
, CP15PHYS_TESTSTATE
, &cp15c15
);
262 jtag_execute_queue();
263 cp15c15
|= 1; /* set interpret mode */
264 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
266 /* execute CP15 instruction and ARM load (reading from coprocessor) */
267 arm920t_execute_cp15(target
, cp15_opcode
, ARMV4_5_LDR(0, 1));
269 /* disable interpreted access mode */
270 cp15c15
&= ~1U; /* clear interpret mode */
271 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
273 /* retrieve value from R0 */
275 arm9tdmi_read_core_regs(target
, 0x1, regs_p
);
276 jtag_execute_queue();
278 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
279 LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x",
280 cp15_opcode
, address
, *value
);
283 if (!is_arm_mode(armv4_5
->core_mode
))
285 LOG_ERROR("not a valid arm core mode - communication failure?");
296 int arm920t_write_cp15_interpreted(struct target
*target
,
297 uint32_t cp15_opcode
, uint32_t value
, uint32_t address
)
299 uint32_t cp15c15
= 0x0;
300 struct arm
*armv4_5
= target_to_arm(target
);
302 struct reg
*r
= armv4_5
->core_cache
->reg_list
;
304 /* load value, address into R0, R1 */
307 arm9tdmi_write_core_regs(target
, 0x3, regs
);
309 /* read-modify-write CP15 test state register
310 * to enable interpreted access mode */
311 arm920t_read_cp15_physical(target
, CP15PHYS_TESTSTATE
, &cp15c15
);
312 jtag_execute_queue();
313 cp15c15
|= 1; /* set interpret mode */
314 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
316 /* execute CP15 instruction and ARM store (writing to coprocessor) */
317 arm920t_execute_cp15(target
, cp15_opcode
, ARMV4_5_STR(0, 1));
319 /* disable interpreted access mode */
320 cp15c15
&= ~1U; /* set interpret mode */
321 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
323 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
324 LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x",
325 cp15_opcode
, value
, address
);
328 if (!is_arm_mode(armv4_5
->core_mode
))
330 LOG_ERROR("not a valid arm core mode - communication failure?");
341 int arm920t_get_ttb(struct target
*target
, uint32_t *result
)
346 if ((retval
= arm920t_read_cp15_interpreted(target
,
347 /* FIXME use opcode macro */
348 0xeebf0f51, 0x0, &ttb
)) != ERROR_OK
)
356 int arm920t_disable_mmu_caches(struct target
*target
, int mmu
,
357 int d_u_cache
, int i_cache
)
359 uint32_t cp15_control
;
362 /* read cp15 control register */
363 retval
= arm920t_read_cp15_physical(target
, CP15PHYS_CTRL
, &cp15_control
);
364 if (retval
!= ERROR_OK
)
366 retval
= jtag_execute_queue();
367 if (retval
!= ERROR_OK
)
371 cp15_control
&= ~0x1U
;
374 cp15_control
&= ~0x4U
;
377 cp15_control
&= ~0x1000U
;
379 retval
= arm920t_write_cp15_physical(target
, CP15PHYS_CTRL
, cp15_control
);
384 int arm920t_enable_mmu_caches(struct target
*target
, int mmu
,
385 int d_u_cache
, int i_cache
)
387 uint32_t cp15_control
;
390 /* read cp15 control register */
391 retval
= arm920t_read_cp15_physical(target
, CP15PHYS_CTRL
, &cp15_control
);
392 if (retval
!= ERROR_OK
)
394 retval
= jtag_execute_queue();
395 if (retval
!= ERROR_OK
)
399 cp15_control
|= 0x1U
;
402 cp15_control
|= 0x4U
;
405 cp15_control
|= 0x1000U
;
407 retval
= arm920t_write_cp15_physical(target
, CP15PHYS_CTRL
, cp15_control
);
412 int arm920t_post_debug_entry(struct target
*target
)
415 struct arm920t_common
*arm920t
= target_to_arm920(target
);
418 /* examine cp15 control reg */
419 retval
= arm920t_read_cp15_physical(target
,
420 CP15PHYS_CTRL
, &arm920t
->cp15_control_reg
);
421 if (retval
!= ERROR_OK
)
423 retval
= jtag_execute_queue();
424 if (retval
!= ERROR_OK
)
426 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32
, arm920t
->cp15_control_reg
);
428 if (arm920t
->armv4_5_mmu
.armv4_5_cache
.ctype
== -1)
430 uint32_t cache_type_reg
;
431 /* identify caches */
432 retval
= arm920t_read_cp15_physical(target
,
433 CP15PHYS_CACHETYPE
, &cache_type_reg
);
434 if (retval
!= ERROR_OK
)
436 retval
= jtag_execute_queue();
437 if (retval
!= ERROR_OK
)
439 armv4_5_identify_cache(cache_type_reg
,
440 &arm920t
->armv4_5_mmu
.armv4_5_cache
);
443 arm920t
->armv4_5_mmu
.mmu_enabled
=
444 (arm920t
->cp15_control_reg
& 0x1U
) ? 1 : 0;
445 arm920t
->armv4_5_mmu
.armv4_5_cache
.d_u_cache_enabled
=
446 (arm920t
->cp15_control_reg
& 0x4U
) ? 1 : 0;
447 arm920t
->armv4_5_mmu
.armv4_5_cache
.i_cache_enabled
=
448 (arm920t
->cp15_control_reg
& 0x1000U
) ? 1 : 0;
450 /* save i/d fault status and address register */
451 /* FIXME use opcode macros */
452 retval
= arm920t_read_cp15_interpreted(target
, 0xee150f10, 0x0, &arm920t
->d_fsr
);
453 if (retval
!= ERROR_OK
)
455 retval
= arm920t_read_cp15_interpreted(target
, 0xee150f30, 0x0, &arm920t
->i_fsr
);
456 if (retval
!= ERROR_OK
)
458 retval
= arm920t_read_cp15_interpreted(target
, 0xee160f10, 0x0, &arm920t
->d_far
);
459 if (retval
!= ERROR_OK
)
461 retval
= arm920t_read_cp15_interpreted(target
, 0xee160f30, 0x0, &arm920t
->i_far
);
462 if (retval
!= ERROR_OK
)
465 LOG_DEBUG("D FSR: 0x%8.8" PRIx32
", D FAR: 0x%8.8" PRIx32
466 ", I FSR: 0x%8.8" PRIx32
", I FAR: 0x%8.8" PRIx32
,
467 arm920t
->d_fsr
, arm920t
->d_far
, arm920t
->i_fsr
, arm920t
->i_far
);
469 if (arm920t
->preserve_cache
)
471 /* read-modify-write CP15 test state register
472 * to disable I/D-cache linefills */
473 retval
= arm920t_read_cp15_physical(target
,
474 CP15PHYS_TESTSTATE
, &cp15c15
);
475 if (retval
!= ERROR_OK
)
477 retval
= jtag_execute_queue();
478 if (retval
!= ERROR_OK
)
481 retval
= arm920t_write_cp15_physical(target
,
482 CP15PHYS_TESTSTATE
, cp15c15
);
483 if (retval
!= ERROR_OK
)
490 void arm920t_pre_restore_context(struct target
*target
)
493 struct arm920t_common
*arm920t
= target_to_arm920(target
);
495 /* restore i/d fault status and address register */
496 arm920t_write_cp15_interpreted(target
, 0xee050f10, arm920t
->d_fsr
, 0x0);
497 arm920t_write_cp15_interpreted(target
, 0xee050f30, arm920t
->i_fsr
, 0x0);
498 arm920t_write_cp15_interpreted(target
, 0xee060f10, arm920t
->d_far
, 0x0);
499 arm920t_write_cp15_interpreted(target
, 0xee060f30, arm920t
->i_far
, 0x0);
501 /* read-modify-write CP15 test state register
502 * to reenable I/D-cache linefills */
503 if (arm920t
->preserve_cache
)
505 arm920t_read_cp15_physical(target
,
506 CP15PHYS_TESTSTATE
, &cp15c15
);
507 jtag_execute_queue();
509 arm920t_write_cp15_physical(target
,
510 CP15PHYS_TESTSTATE
, cp15c15
);
514 static const char arm920_not
[] = "target is not an ARM920";
516 static int arm920t_verify_pointer(struct command_context
*cmd_ctx
,
517 struct arm920t_common
*arm920t
)
519 if (arm920t
->common_magic
!= ARM920T_COMMON_MAGIC
) {
520 command_print(cmd_ctx
, arm920_not
);
521 return ERROR_TARGET_INVALID
;
527 /** Logs summary of ARM920 state for a halted target. */
528 int arm920t_arch_state(struct target
*target
)
530 static const char *state
[] =
532 "disabled", "enabled"
535 struct arm920t_common
*arm920t
= target_to_arm920(target
);
537 if (arm920t
->common_magic
!= ARM920T_COMMON_MAGIC
)
539 LOG_ERROR("BUG: %s", arm920_not
);
540 return ERROR_TARGET_INVALID
;
543 arm_arch_state(target
);
544 LOG_USER("MMU: %s, D-Cache: %s, I-Cache: %s",
545 state
[arm920t
->armv4_5_mmu
.mmu_enabled
],
546 state
[arm920t
->armv4_5_mmu
.armv4_5_cache
.d_u_cache_enabled
],
547 state
[arm920t
->armv4_5_mmu
.armv4_5_cache
.i_cache_enabled
]);
552 static int arm920_mmu(struct target
*target
, int *enabled
)
554 if (target
->state
!= TARGET_HALTED
) {
555 LOG_ERROR("%s: target not halted", __func__
);
556 return ERROR_TARGET_INVALID
;
559 *enabled
= target_to_arm920(target
)->armv4_5_mmu
.mmu_enabled
;
563 static int arm920_virt2phys(struct target
*target
,
564 uint32_t virt
, uint32_t *phys
)
567 struct arm920t_common
*arm920t
= target_to_arm920(target
);
570 int retval
= armv4_5_mmu_translate_va(target
,
571 &arm920t
->armv4_5_mmu
, virt
, &cb
, &ret
);
572 if (retval
!= ERROR_OK
)
578 /** Reads a buffer, in the specified word size, with current MMU settings. */
579 int arm920t_read_memory(struct target
*target
, uint32_t address
,
580 uint32_t size
, uint32_t count
, uint8_t *buffer
)
584 retval
= arm7_9_read_memory(target
, address
, size
, count
, buffer
);
590 static int arm920t_read_phys_memory(struct target
*target
,
591 uint32_t address
, uint32_t size
,
592 uint32_t count
, uint8_t *buffer
)
594 struct arm920t_common
*arm920t
= target_to_arm920(target
);
596 return armv4_5_mmu_read_physical(target
, &arm920t
->armv4_5_mmu
,
597 address
, size
, count
, buffer
);
600 static int arm920t_write_phys_memory(struct target
*target
,
601 uint32_t address
, uint32_t size
,
602 uint32_t count
, const uint8_t *buffer
)
604 struct arm920t_common
*arm920t
= target_to_arm920(target
);
606 return armv4_5_mmu_write_physical(target
, &arm920t
->armv4_5_mmu
,
607 address
, size
, count
, buffer
);
611 /** Writes a buffer, in the specified word size, with current MMU settings. */
612 int arm920t_write_memory(struct target
*target
, uint32_t address
,
613 uint32_t size
, uint32_t count
, const uint8_t *buffer
)
616 const uint32_t cache_mask
= ~0x1f; /* cache line size : 32 byte */
617 struct arm920t_common
*arm920t
= target_to_arm920(target
);
619 /* FIX!!!! this should be cleaned up and made much more general. The
620 * plan is to write up and test on arm920t specifically and
621 * then generalize and clean up afterwards.
623 * Also it should be moved to the callbacks that handle breakpoints
624 * specifically and not the generic memory write fn's. See XScale code.
626 if (arm920t
->armv4_5_mmu
.mmu_enabled
&& (count
== 1) &&
627 ((size
==2) || (size
==4)))
629 /* special case the handling of single word writes to
630 * bypass MMU, to allow implementation of breakpoints
631 * in memory marked read only
638 * We need physical address and cb
640 retval
= armv4_5_mmu_translate_va(target
, &arm920t
->armv4_5_mmu
,
642 if (retval
!= ERROR_OK
)
645 if (arm920t
->armv4_5_mmu
.armv4_5_cache
.d_u_cache_enabled
)
649 LOG_DEBUG("D-Cache buffered, "
650 "drain write buffer");
653 * Drain write buffer - MCR p15,0,Rd,c7,c10,4
656 retval
= arm920t_write_cp15_interpreted(target
,
657 ARMV4_5_MCR(15, 0, 0, 7, 10, 4),
659 if (retval
!= ERROR_OK
)
666 * Write back memory ? -> clean cache
668 * There is no way to clean cache lines using
669 * cp15 scan chain, so copy the full cache
670 * line from cache to physical memory.
674 LOG_DEBUG("D-Cache in 'write back' mode, "
677 retval
= target_read_memory(target
,
678 address
& cache_mask
, 1,
679 sizeof(data
), &data
[0]);
680 if (retval
!= ERROR_OK
)
683 retval
= armv4_5_mmu_write_physical(target
,
684 &arm920t
->armv4_5_mmu
,
686 sizeof(data
), &data
[0]);
687 if (retval
!= ERROR_OK
)
695 * Cached ? -> Invalidate data cache using MVA
697 * MCR p15,0,Rd,c7,c6,1
699 LOG_DEBUG("D-Cache enabled, "
700 "invalidate cache line");
702 retval
= arm920t_write_cp15_interpreted(target
,
703 ARMV4_5_MCR(15, 0, 0, 7, 6, 1), 0x0,
704 address
& cache_mask
);
705 if (retval
!= ERROR_OK
)
710 /* write directly to physical memory,
711 * bypassing any read only MMU bits, etc.
713 retval
= armv4_5_mmu_write_physical(target
,
714 &arm920t
->armv4_5_mmu
, pa
, size
,
716 if (retval
!= ERROR_OK
)
720 if ((retval
= arm7_9_write_memory(target
, address
,
721 size
, count
, buffer
)) != ERROR_OK
)
725 /* If ICache is enabled, we have to invalidate affected ICache lines
726 * the DCache is forced to write-through,
727 * so we don't have to clean it here
729 if (arm920t
->armv4_5_mmu
.armv4_5_cache
.i_cache_enabled
)
733 /* invalidate ICache single entry with MVA
734 * mcr 15, 0, r0, cr7, cr5, {1}
736 LOG_DEBUG("I-Cache enabled, "
737 "invalidating affected I-Cache line");
738 retval
= arm920t_write_cp15_interpreted(target
,
739 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
740 0x0, address
& cache_mask
);
741 if (retval
!= ERROR_OK
)
747 * mcr 15, 0, r0, cr7, cr5, {0}
749 retval
= arm920t_write_cp15_interpreted(target
,
750 ARMV4_5_MCR(15, 0, 0, 7, 5, 0),
752 if (retval
!= ERROR_OK
)
761 int arm920t_soft_reset_halt(struct target
*target
)
763 int retval
= ERROR_OK
;
764 struct arm920t_common
*arm920t
= target_to_arm920(target
);
765 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
766 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
767 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
769 if ((retval
= target_halt(target
)) != ERROR_OK
)
774 long long then
= timeval_ms();
776 while (!(timeout
= ((timeval_ms()-then
) > 1000)))
778 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1)
781 embeddedice_read_reg(dbg_stat
);
782 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
790 if (debug_level
>= 3)
792 /* do not eat all CPU, time out after 1 se*/
801 LOG_ERROR("Failed to halt CPU after 1 sec");
802 return ERROR_TARGET_TIMEOUT
;
805 target
->state
= TARGET_HALTED
;
807 /* SVC, ARM state, IRQ and FIQ disabled */
810 cpsr
= buf_get_u32(armv4_5
->cpsr
->value
, 0, 32);
813 arm_set_cpsr(armv4_5
, cpsr
);
814 armv4_5
->cpsr
->dirty
= 1;
816 /* start fetching from 0x0 */
817 buf_set_u32(armv4_5
->pc
->value
, 0, 32, 0x0);
818 armv4_5
->pc
->dirty
= 1;
819 armv4_5
->pc
->valid
= 1;
821 arm920t_disable_mmu_caches(target
, 1, 1, 1);
822 arm920t
->armv4_5_mmu
.mmu_enabled
= 0;
823 arm920t
->armv4_5_mmu
.armv4_5_cache
.d_u_cache_enabled
= 0;
824 arm920t
->armv4_5_mmu
.armv4_5_cache
.i_cache_enabled
= 0;
826 return target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
829 /* FIXME remove forward decls */
830 static int arm920t_mrc(struct target
*target
, int cpnum
,
831 uint32_t op1
, uint32_t op2
,
832 uint32_t CRn
, uint32_t CRm
,
834 static int arm920t_mcr(struct target
*target
, int cpnum
,
835 uint32_t op1
, uint32_t op2
,
836 uint32_t CRn
, uint32_t CRm
,
839 static int arm920t_init_arch_info(struct target
*target
,
840 struct arm920t_common
*arm920t
, struct jtag_tap
*tap
)
842 struct arm7_9_common
*arm7_9
= &arm920t
->arm7_9_common
;
844 arm7_9
->armv4_5_common
.mrc
= arm920t_mrc
;
845 arm7_9
->armv4_5_common
.mcr
= arm920t_mcr
;
847 /* initialize arm7/arm9 specific info (including armv4_5) */
848 arm9tdmi_init_arch_info(target
, arm7_9
, tap
);
850 arm920t
->common_magic
= ARM920T_COMMON_MAGIC
;
852 arm7_9
->post_debug_entry
= arm920t_post_debug_entry
;
853 arm7_9
->pre_restore_context
= arm920t_pre_restore_context
;
855 arm920t
->armv4_5_mmu
.armv4_5_cache
.ctype
= -1;
856 arm920t
->armv4_5_mmu
.get_ttb
= arm920t_get_ttb
;
857 arm920t
->armv4_5_mmu
.read_memory
= arm7_9_read_memory
;
858 arm920t
->armv4_5_mmu
.write_memory
= arm7_9_write_memory
;
859 arm920t
->armv4_5_mmu
.disable_mmu_caches
= arm920t_disable_mmu_caches
;
860 arm920t
->armv4_5_mmu
.enable_mmu_caches
= arm920t_enable_mmu_caches
;
861 arm920t
->armv4_5_mmu
.has_tiny_pages
= 1;
862 arm920t
->armv4_5_mmu
.mmu_enabled
= 0;
864 /* disabling linefills leads to lockups, so keep them enabled for now
865 * this doesn't affect correctness, but might affect timing issues, if
866 * important data is evicted from the cache during the debug session
868 arm920t
->preserve_cache
= 0;
870 /* override hw single-step capability from ARM9TDMI */
871 arm7_9
->has_single_step
= 1;
876 static int arm920t_target_create(struct target
*target
, Jim_Interp
*interp
)
878 struct arm920t_common
*arm920t
;
880 arm920t
= calloc(1,sizeof(struct arm920t_common
));
881 return arm920t_init_arch_info(target
, arm920t
, target
->tap
);
884 COMMAND_HANDLER(arm920t_handle_read_cache_command
)
886 int retval
= ERROR_OK
;
887 struct target
*target
= get_current_target(CMD_CTX
);
888 struct arm920t_common
*arm920t
= target_to_arm920(target
);
889 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
890 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
892 uint32_t cp15_ctrl
, cp15_ctrl_saved
;
894 uint32_t *regs_p
[16];
895 uint32_t C15_C_D_Ind
, C15_C_I_Ind
;
898 int segment
, index_t
;
901 retval
= arm920t_verify_pointer(CMD_CTX
, arm920t
);
902 if (retval
!= ERROR_OK
)
907 command_print(CMD_CTX
, "usage: arm920t read_cache <filename>");
911 if ((output
= fopen(CMD_ARGV
[0], "w")) == NULL
)
913 LOG_DEBUG("error opening cache content file");
917 for (i
= 0; i
< 16; i
++)
918 regs_p
[i
] = ®s
[i
];
920 /* disable MMU and Caches */
921 arm920t_read_cp15_physical(target
, CP15PHYS_CTRL
, &cp15_ctrl
);
922 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
926 cp15_ctrl_saved
= cp15_ctrl
;
927 cp15_ctrl
&= ~(ARMV4_5_MMU_ENABLED
928 | ARMV4_5_D_U_CACHE_ENABLED
| ARMV4_5_I_CACHE_ENABLED
);
929 arm920t_write_cp15_physical(target
, CP15PHYS_CTRL
, cp15_ctrl
);
931 /* read CP15 test state register */
932 arm920t_read_cp15_physical(target
, CP15PHYS_TESTSTATE
, &cp15c15
);
933 jtag_execute_queue();
935 /* read DCache content */
936 fprintf(output
, "DCache:\n");
938 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
940 segment
< arm920t
->armv4_5_mmu
.armv4_5_cache
.d_u_size
.nsets
;
943 fprintf(output
, "\nsegment: %i\n----------", segment
);
945 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
946 regs
[0] = 0x0 | (segment
<< 5);
947 arm9tdmi_write_core_regs(target
, 0x1, regs
);
949 /* set interpret mode */
951 arm920t_write_cp15_physical(target
,
952 CP15PHYS_TESTSTATE
, cp15c15
);
954 /* D CAM Read, loads current victim into C15.C.D.Ind */
955 arm920t_execute_cp15(target
,
956 ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(1, 0));
958 /* read current victim */
959 arm920t_read_cp15_physical(target
,
960 CP15PHYS_DCACHE_IDX
, &C15_C_D_Ind
);
962 /* clear interpret mode */
964 arm920t_write_cp15_physical(target
,
965 CP15PHYS_TESTSTATE
, cp15c15
);
967 for (index_t
= 0; index_t
< 64; index_t
++)
970 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
972 regs
[0] = 0x0 | (segment
<< 5) | (index_t
<< 26);
973 arm9tdmi_write_core_regs(target
, 0x1, regs
);
975 /* set interpret mode */
977 arm920t_write_cp15_physical(target
,
978 CP15PHYS_TESTSTATE
, cp15c15
);
980 /* Write DCache victim */
981 arm920t_execute_cp15(target
,
982 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
985 arm920t_execute_cp15(target
,
986 ARMV4_5_MCR(15,2,0,15,10,2),
987 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
990 arm920t_execute_cp15(target
,
991 ARMV4_5_MCR(15,2,0,15,6,2),
994 /* clear interpret mode */
996 arm920t_write_cp15_physical(target
,
997 CP15PHYS_TESTSTATE
, cp15c15
);
999 /* read D RAM and CAM content */
1000 arm9tdmi_read_core_regs(target
, 0x3fe, regs_p
);
1001 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1007 regs
[9] &= 0xfffffffe;
1008 fprintf(output
, "\nsegment: %i, index: %i, CAM: 0x%8.8"
1009 PRIx32
", content (%s):\n",
1010 segment
, index_t
, regs
[9],
1011 (regs
[9] & 0x10) ? "valid" : "invalid");
1013 for (i
= 1; i
< 9; i
++)
1015 fprintf(output
, "%i: 0x%8.8" PRIx32
"\n",
1021 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1022 regs
[0] = 0x0 | (segment
<< 5) | (C15_C_D_Ind
<< 26);
1023 arm9tdmi_write_core_regs(target
, 0x1, regs
);
1025 /* set interpret mode */
1027 arm920t_write_cp15_physical(target
,
1028 CP15PHYS_TESTSTATE
, cp15c15
);
1030 /* Write DCache victim */
1031 arm920t_execute_cp15(target
,
1032 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
1034 /* clear interpret mode */
1036 arm920t_write_cp15_physical(target
,
1037 CP15PHYS_TESTSTATE
, cp15c15
);
1040 /* read ICache content */
1041 fprintf(output
, "ICache:\n");
1043 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
1045 segment
< arm920t
->armv4_5_mmu
.armv4_5_cache
.d_u_size
.nsets
;
1048 fprintf(output
, "segment: %i\n----------", segment
);
1050 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
1051 regs
[0] = 0x0 | (segment
<< 5);
1052 arm9tdmi_write_core_regs(target
, 0x1, regs
);
1054 /* set interpret mode */
1056 arm920t_write_cp15_physical(target
,
1057 CP15PHYS_TESTSTATE
, cp15c15
);
1059 /* I CAM Read, loads current victim into C15.C.I.Ind */
1060 arm920t_execute_cp15(target
,
1061 ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(1, 0));
1063 /* read current victim */
1064 arm920t_read_cp15_physical(target
, CP15PHYS_ICACHE_IDX
,
1067 /* clear interpret mode */
1069 arm920t_write_cp15_physical(target
,
1070 CP15PHYS_TESTSTATE
, cp15c15
);
1072 for (index_t
= 0; index_t
< 64; index_t
++)
1075 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
1077 regs
[0] = 0x0 | (segment
<< 5) | (index_t
<< 26);
1078 arm9tdmi_write_core_regs(target
, 0x1, regs
);
1080 /* set interpret mode */
1082 arm920t_write_cp15_physical(target
,
1083 CP15PHYS_TESTSTATE
, cp15c15
);
1085 /* Write ICache victim */
1086 arm920t_execute_cp15(target
,
1087 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1090 arm920t_execute_cp15(target
,
1091 ARMV4_5_MCR(15,2,0,15,9,2),
1092 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
1095 arm920t_execute_cp15(target
,
1096 ARMV4_5_MCR(15,2,0,15,5,2),
1099 /* clear interpret mode */
1101 arm920t_write_cp15_physical(target
,
1102 CP15PHYS_TESTSTATE
, cp15c15
);
1104 /* read I RAM and CAM content */
1105 arm9tdmi_read_core_regs(target
, 0x3fe, regs_p
);
1106 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1112 regs
[9] &= 0xfffffffe;
1113 fprintf(output
, "\nsegment: %i, index: %i, "
1114 "CAM: 0x%8.8" PRIx32
", content (%s):\n",
1115 segment
, index_t
, regs
[9],
1116 (regs
[9] & 0x10) ? "valid" : "invalid");
1118 for (i
= 1; i
< 9; i
++)
1120 fprintf(output
, "%i: 0x%8.8" PRIx32
"\n",
1125 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1126 regs
[0] = 0x0 | (segment
<< 5) | (C15_C_D_Ind
<< 26);
1127 arm9tdmi_write_core_regs(target
, 0x1, regs
);
1129 /* set interpret mode */
1131 arm920t_write_cp15_physical(target
,
1132 CP15PHYS_TESTSTATE
, cp15c15
);
1134 /* Write ICache victim */
1135 arm920t_execute_cp15(target
,
1136 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1138 /* clear interpret mode */
1140 arm920t_write_cp15_physical(target
,
1141 CP15PHYS_TESTSTATE
, cp15c15
);
1144 /* restore CP15 MMU and Cache settings */
1145 arm920t_write_cp15_physical(target
, CP15PHYS_CTRL
, cp15_ctrl_saved
);
1147 command_print(CMD_CTX
, "cache content successfully output to %s",
1152 if (!is_arm_mode(armv4_5
->core_mode
))
1154 LOG_ERROR("not a valid arm core mode - communication failure?");
1158 /* force writeback of the valid data */
1159 r
= armv4_5
->core_cache
->reg_list
;
1160 r
[0].dirty
= r
[0].valid
;
1161 r
[1].dirty
= r
[1].valid
;
1162 r
[2].dirty
= r
[2].valid
;
1163 r
[3].dirty
= r
[3].valid
;
1164 r
[4].dirty
= r
[4].valid
;
1165 r
[5].dirty
= r
[5].valid
;
1166 r
[6].dirty
= r
[6].valid
;
1167 r
[7].dirty
= r
[7].valid
;
1169 r
= arm_reg_current(armv4_5
, 8);
1170 r
->dirty
= r
->valid
;
1172 r
= arm_reg_current(armv4_5
, 9);
1173 r
->dirty
= r
->valid
;
1178 COMMAND_HANDLER(arm920t_handle_read_mmu_command
)
1180 int retval
= ERROR_OK
;
1181 struct target
*target
= get_current_target(CMD_CTX
);
1182 struct arm920t_common
*arm920t
= target_to_arm920(target
);
1183 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1184 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1186 uint32_t cp15_ctrl
, cp15_ctrl_saved
;
1188 uint32_t *regs_p
[16];
1191 uint32_t Dlockdown
, Ilockdown
;
1192 struct arm920t_tlb_entry d_tlb
[64], i_tlb
[64];
1196 retval
= arm920t_verify_pointer(CMD_CTX
, arm920t
);
1197 if (retval
!= ERROR_OK
)
1202 command_print(CMD_CTX
, "usage: arm920t read_mmu <filename>");
1206 if ((output
= fopen(CMD_ARGV
[0], "w")) == NULL
)
1208 LOG_DEBUG("error opening mmu content file");
1212 for (i
= 0; i
< 16; i
++)
1213 regs_p
[i
] = ®s
[i
];
1215 /* disable MMU and Caches */
1216 arm920t_read_cp15_physical(target
, CP15PHYS_CTRL
, &cp15_ctrl
);
1217 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1221 cp15_ctrl_saved
= cp15_ctrl
;
1222 cp15_ctrl
&= ~(ARMV4_5_MMU_ENABLED
1223 | ARMV4_5_D_U_CACHE_ENABLED
| ARMV4_5_I_CACHE_ENABLED
);
1224 arm920t_write_cp15_physical(target
, CP15PHYS_CTRL
, cp15_ctrl
);
1226 /* read CP15 test state register */
1227 arm920t_read_cp15_physical(target
, CP15PHYS_TESTSTATE
, &cp15c15
);
1228 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1233 /* prepare reading D TLB content
1236 /* set interpret mode */
1238 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
1240 /* Read D TLB lockdown */
1241 arm920t_execute_cp15(target
,
1242 ARMV4_5_MRC(15,0,0,10,0,0), ARMV4_5_LDR(1, 0));
1244 /* clear interpret mode */
1246 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
1248 /* read D TLB lockdown stored to r1 */
1249 arm9tdmi_read_core_regs(target
, 0x2, regs_p
);
1250 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1254 Dlockdown
= regs
[1];
1256 for (victim
= 0; victim
< 64; victim
+= 8)
1258 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1259 * base remains unchanged, victim goes through entries 0 to 63
1261 regs
[1] = (Dlockdown
& 0xfc000000) | (victim
<< 20);
1262 arm9tdmi_write_core_regs(target
, 0x2, regs
);
1264 /* set interpret mode */
1266 arm920t_write_cp15_physical(target
,
1267 CP15PHYS_TESTSTATE
, cp15c15
);
1269 /* Write D TLB lockdown */
1270 arm920t_execute_cp15(target
,
1271 ARMV4_5_MCR(15,0,0,10,0,0),
1274 /* Read D TLB CAM */
1275 arm920t_execute_cp15(target
,
1276 ARMV4_5_MCR(15,4,0,15,6,4),
1277 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1279 /* clear interpret mode */
1281 arm920t_write_cp15_physical(target
,
1282 CP15PHYS_TESTSTATE
, cp15c15
);
1284 /* read D TLB CAM content stored to r2-r9 */
1285 arm9tdmi_read_core_regs(target
, 0x3fc, regs_p
);
1286 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1291 for (i
= 0; i
< 8; i
++)
1292 d_tlb
[victim
+ i
].cam
= regs
[i
+ 2];
1295 for (victim
= 0; victim
< 64; victim
++)
1297 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1298 * base remains unchanged, victim goes through entries 0 to 63
1300 regs
[1] = (Dlockdown
& 0xfc000000) | (victim
<< 20);
1301 arm9tdmi_write_core_regs(target
, 0x2, regs
);
1303 /* set interpret mode */
1305 arm920t_write_cp15_physical(target
,
1306 CP15PHYS_TESTSTATE
, cp15c15
);
1308 /* Write D TLB lockdown */
1309 arm920t_execute_cp15(target
,
1310 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1312 /* Read D TLB RAM1 */
1313 arm920t_execute_cp15(target
,
1314 ARMV4_5_MCR(15,4,0,15,10,4), ARMV4_5_LDR(2,0));
1316 /* Read D TLB RAM2 */
1317 arm920t_execute_cp15(target
,
1318 ARMV4_5_MCR(15,4,0,15,2,5), ARMV4_5_LDR(3,0));
1320 /* clear interpret mode */
1322 arm920t_write_cp15_physical(target
,
1323 CP15PHYS_TESTSTATE
, cp15c15
);
1325 /* read D TLB RAM content stored to r2 and r3 */
1326 arm9tdmi_read_core_regs(target
, 0xc, regs_p
);
1327 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1332 d_tlb
[victim
].ram1
= regs
[2];
1333 d_tlb
[victim
].ram2
= regs
[3];
1336 /* restore D TLB lockdown */
1337 regs
[1] = Dlockdown
;
1338 arm9tdmi_write_core_regs(target
, 0x2, regs
);
1340 /* Write D TLB lockdown */
1341 arm920t_execute_cp15(target
,
1342 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1344 /* prepare reading I TLB content
1347 /* set interpret mode */
1349 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
1351 /* Read I TLB lockdown */
1352 arm920t_execute_cp15(target
,
1353 ARMV4_5_MRC(15,0,0,10,0,1), ARMV4_5_LDR(1, 0));
1355 /* clear interpret mode */
1357 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
1359 /* read I TLB lockdown stored to r1 */
1360 arm9tdmi_read_core_regs(target
, 0x2, regs_p
);
1361 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1365 Ilockdown
= regs
[1];
1367 for (victim
= 0; victim
< 64; victim
+= 8)
1369 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1370 * base remains unchanged, victim goes through entries 0 to 63
1372 regs
[1] = (Ilockdown
& 0xfc000000) | (victim
<< 20);
1373 arm9tdmi_write_core_regs(target
, 0x2, regs
);
1375 /* set interpret mode */
1377 arm920t_write_cp15_physical(target
,
1378 CP15PHYS_TESTSTATE
, cp15c15
);
1380 /* Write I TLB lockdown */
1381 arm920t_execute_cp15(target
,
1382 ARMV4_5_MCR(15,0,0,10,0,1),
1385 /* Read I TLB CAM */
1386 arm920t_execute_cp15(target
,
1387 ARMV4_5_MCR(15,4,0,15,5,4),
1388 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1390 /* clear interpret mode */
1392 arm920t_write_cp15_physical(target
,
1393 CP15PHYS_TESTSTATE
, cp15c15
);
1395 /* read I TLB CAM content stored to r2-r9 */
1396 arm9tdmi_read_core_regs(target
, 0x3fc, regs_p
);
1397 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1402 for (i
= 0; i
< 8; i
++)
1403 i_tlb
[i
+ victim
].cam
= regs
[i
+ 2];
1406 for (victim
= 0; victim
< 64; victim
++)
1408 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1409 * base remains unchanged, victim goes through entries 0 to 63
1411 regs
[1] = (Dlockdown
& 0xfc000000) | (victim
<< 20);
1412 arm9tdmi_write_core_regs(target
, 0x2, regs
);
1414 /* set interpret mode */
1416 arm920t_write_cp15_physical(target
,
1417 CP15PHYS_TESTSTATE
, cp15c15
);
1419 /* Write I TLB lockdown */
1420 arm920t_execute_cp15(target
,
1421 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1423 /* Read I TLB RAM1 */
1424 arm920t_execute_cp15(target
,
1425 ARMV4_5_MCR(15,4,0,15,9,4), ARMV4_5_LDR(2,0));
1427 /* Read I TLB RAM2 */
1428 arm920t_execute_cp15(target
,
1429 ARMV4_5_MCR(15,4,0,15,1,5), ARMV4_5_LDR(3,0));
1431 /* clear interpret mode */
1433 arm920t_write_cp15_physical(target
,
1434 CP15PHYS_TESTSTATE
, cp15c15
);
1436 /* read I TLB RAM content stored to r2 and r3 */
1437 arm9tdmi_read_core_regs(target
, 0xc, regs_p
);
1438 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1443 i_tlb
[victim
].ram1
= regs
[2];
1444 i_tlb
[victim
].ram2
= regs
[3];
1447 /* restore I TLB lockdown */
1448 regs
[1] = Ilockdown
;
1449 arm9tdmi_write_core_regs(target
, 0x2, regs
);
1451 /* Write I TLB lockdown */
1452 arm920t_execute_cp15(target
,
1453 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1455 /* restore CP15 MMU and Cache settings */
1456 arm920t_write_cp15_physical(target
, CP15PHYS_CTRL
, cp15_ctrl_saved
);
1458 /* output data to file */
1459 fprintf(output
, "D TLB content:\n");
1460 for (i
= 0; i
< 64; i
++)
1462 fprintf(output
, "%i: 0x%8.8" PRIx32
" 0x%8.8" PRIx32
1463 " 0x%8.8" PRIx32
" %s\n",
1464 i
, d_tlb
[i
].cam
, d_tlb
[i
].ram1
, d_tlb
[i
].ram2
,
1465 (d_tlb
[i
].cam
& 0x20) ? "(valid)" : "(invalid)");
1468 fprintf(output
, "\n\nI TLB content:\n");
1469 for (i
= 0; i
< 64; i
++)
1471 fprintf(output
, "%i: 0x%8.8" PRIx32
" 0x%8.8" PRIx32
1472 " 0x%8.8" PRIx32
" %s\n",
1473 i
, i_tlb
[i
].cam
, i_tlb
[i
].ram1
, i_tlb
[i
].ram2
,
1474 (i_tlb
[i
].cam
& 0x20) ? "(valid)" : "(invalid)");
1477 command_print(CMD_CTX
, "mmu content successfully output to %s",
1482 if (!is_arm_mode(armv4_5
->core_mode
))
1484 LOG_ERROR("not a valid arm core mode - communication failure?");
1488 /* force writeback of the valid data */
1489 r
= armv4_5
->core_cache
->reg_list
;
1490 r
[0].dirty
= r
[0].valid
;
1491 r
[1].dirty
= r
[1].valid
;
1492 r
[2].dirty
= r
[2].valid
;
1493 r
[3].dirty
= r
[3].valid
;
1494 r
[4].dirty
= r
[4].valid
;
1495 r
[5].dirty
= r
[5].valid
;
1496 r
[6].dirty
= r
[6].valid
;
1497 r
[7].dirty
= r
[7].valid
;
1499 r
= arm_reg_current(armv4_5
, 8);
1500 r
->dirty
= r
->valid
;
1502 r
= arm_reg_current(armv4_5
, 9);
1503 r
->dirty
= r
->valid
;
1508 COMMAND_HANDLER(arm920t_handle_cp15_command
)
1511 struct target
*target
= get_current_target(CMD_CTX
);
1512 struct arm920t_common
*arm920t
= target_to_arm920(target
);
1514 retval
= arm920t_verify_pointer(CMD_CTX
, arm920t
);
1515 if (retval
!= ERROR_OK
)
1518 if (target
->state
!= TARGET_HALTED
)
1520 command_print(CMD_CTX
, "target must be stopped for "
1521 "\"%s\" command", CMD_NAME
);
1525 /* one argument, read a register.
1526 * two arguments, write it.
1531 COMMAND_PARSE_NUMBER(int, CMD_ARGV
[0], address
);
1536 if ((retval
= arm920t_read_cp15_physical(target
,
1537 address
, &value
)) != ERROR_OK
)
1539 command_print(CMD_CTX
,
1540 "couldn't access reg %i", address
);
1543 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1548 command_print(CMD_CTX
, "%i: %8.8" PRIx32
,
1551 else if (CMD_ARGC
== 2)
1554 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[1], value
);
1555 retval
= arm920t_write_cp15_physical(target
,
1557 if (retval
!= ERROR_OK
)
1559 command_print(CMD_CTX
,
1560 "couldn't access reg %i", address
);
1561 /* REVISIT why lie? "return retval"? */
1564 command_print(CMD_CTX
, "%i: %8.8" PRIx32
,
1572 COMMAND_HANDLER(arm920t_handle_cp15i_command
)
1575 struct target
*target
= get_current_target(CMD_CTX
);
1576 struct arm920t_common
*arm920t
= target_to_arm920(target
);
1578 retval
= arm920t_verify_pointer(CMD_CTX
, arm920t
);
1579 if (retval
!= ERROR_OK
)
1583 if (target
->state
!= TARGET_HALTED
)
1585 command_print(CMD_CTX
, "target must be stopped for "
1586 "\"%s\" command", CMD_NAME
);
1590 /* one argument, read a register.
1591 * two arguments, write it.
1596 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[0], opcode
);
1601 retval
= arm920t_read_cp15_interpreted(target
,
1602 opcode
, 0x0, &value
);
1603 if (retval
!= ERROR_OK
)
1605 command_print(CMD_CTX
,
1606 "couldn't execute %8.8" PRIx32
,
1608 /* REVISIT why lie? "return retval"? */
1612 command_print(CMD_CTX
, "%8.8" PRIx32
": %8.8" PRIx32
,
1615 else if (CMD_ARGC
== 2)
1618 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[1], value
);
1619 retval
= arm920t_write_cp15_interpreted(target
,
1621 if (retval
!= ERROR_OK
)
1623 command_print(CMD_CTX
,
1624 "couldn't execute %8.8" PRIx32
,
1626 /* REVISIT why lie? "return retval"? */
1629 command_print(CMD_CTX
, "%8.8" PRIx32
": %8.8" PRIx32
,
1632 else if (CMD_ARGC
== 3)
1635 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[1], value
);
1637 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[2], address
);
1638 retval
= arm920t_write_cp15_interpreted(target
,
1639 opcode
, value
, address
);
1640 if (retval
!= ERROR_OK
)
1642 command_print(CMD_CTX
,
1643 "couldn't execute %8.8" PRIx32
, opcode
);
1644 /* REVISIT why lie? "return retval"? */
1647 command_print(CMD_CTX
, "%8.8" PRIx32
": %8.8" PRIx32
1648 " %8.8" PRIx32
, opcode
, value
, address
);
1653 command_print(CMD_CTX
,
1654 "usage: arm920t cp15i <opcode> [value] [address]");
1660 COMMAND_HANDLER(arm920t_handle_cache_info_command
)
1663 struct target
*target
= get_current_target(CMD_CTX
);
1664 struct arm920t_common
*arm920t
= target_to_arm920(target
);
1666 retval
= arm920t_verify_pointer(CMD_CTX
, arm920t
);
1667 if (retval
!= ERROR_OK
)
1670 return armv4_5_handle_cache_info_command(CMD_CTX
,
1671 &arm920t
->armv4_5_mmu
.armv4_5_cache
);
1675 static int arm920t_mrc(struct target
*target
, int cpnum
,
1676 uint32_t op1
, uint32_t op2
,
1677 uint32_t CRn
, uint32_t CRm
,
1682 LOG_ERROR("Only cp15 is supported");
1687 return arm920t_read_cp15_interpreted(target
,
1688 ARMV4_5_MRC(cpnum
, op1
, 0, CRn
, CRm
, op2
),
1692 static int arm920t_mcr(struct target
*target
, int cpnum
,
1693 uint32_t op1
, uint32_t op2
,
1694 uint32_t CRn
, uint32_t CRm
,
1699 LOG_ERROR("Only cp15 is supported");
1703 /* write "from" r0 */
1704 return arm920t_write_cp15_interpreted(target
,
1705 ARMV4_5_MCR(cpnum
, op1
, 0, CRn
, CRm
, op2
),
1709 static const struct command_registration arm920t_exec_command_handlers
[] = {
1712 .handler
= arm920t_handle_cp15_command
,
1713 .mode
= COMMAND_EXEC
,
1714 .help
= "display/modify cp15 register",
1715 .usage
= "regnum [value]",
1719 .handler
= arm920t_handle_cp15i_command
,
1720 .mode
= COMMAND_EXEC
,
1721 /* prefer using less error-prone "arm mcr" or "arm mrc" */
1722 .help
= "display/modify cp15 register using ARM opcode"
1724 .usage
= "instruction [value [address]]",
1727 .name
= "cache_info",
1728 .handler
= arm920t_handle_cache_info_command
,
1729 .mode
= COMMAND_EXEC
,
1730 .help
= "display information about target caches",
1733 .name
= "read_cache",
1734 .handler
= arm920t_handle_read_cache_command
,
1735 .mode
= COMMAND_EXEC
,
1736 .help
= "dump I/D cache content to file",
1737 .usage
= "filename",
1741 .handler
= arm920t_handle_read_mmu_command
,
1742 .mode
= COMMAND_EXEC
,
1743 .help
= "dump I/D mmu content to file",
1744 .usage
= "filename",
1746 COMMAND_REGISTRATION_DONE
1748 const struct command_registration arm920t_command_handlers
[] = {
1750 .chain
= arm9tdmi_command_handlers
,
1754 .mode
= COMMAND_ANY
,
1755 .help
= "arm920t command group",
1756 .chain
= arm920t_exec_command_handlers
,
1758 COMMAND_REGISTRATION_DONE
1761 /** Holds methods for ARM920 targets. */
1762 struct target_type arm920t_target
=
1766 .poll
= arm7_9_poll
,
1767 .arch_state
= arm920t_arch_state
,
1769 .target_request_data
= arm7_9_target_request_data
,
1771 .halt
= arm7_9_halt
,
1772 .resume
= arm7_9_resume
,
1773 .step
= arm7_9_step
,
1775 .assert_reset
= arm7_9_assert_reset
,
1776 .deassert_reset
= arm7_9_deassert_reset
,
1777 .soft_reset_halt
= arm920t_soft_reset_halt
,
1779 .get_gdb_reg_list
= arm_get_gdb_reg_list
,
1781 .read_memory
= arm920t_read_memory
,
1782 .write_memory
= arm920t_write_memory
,
1783 .read_phys_memory
= arm920t_read_phys_memory
,
1784 .write_phys_memory
= arm920t_write_phys_memory
,
1786 .virt2phys
= arm920_virt2phys
,
1788 .bulk_write_memory
= arm7_9_bulk_write_memory
,
1790 .checksum_memory
= arm_checksum_memory
,
1791 .blank_check_memory
= arm_blank_check_memory
,
1793 .run_algorithm
= armv4_5_run_algorithm
,
1795 .add_breakpoint
= arm7_9_add_breakpoint
,
1796 .remove_breakpoint
= arm7_9_remove_breakpoint
,
1797 .add_watchpoint
= arm7_9_add_watchpoint
,
1798 .remove_watchpoint
= arm7_9_remove_watchpoint
,
1800 .commands
= arm920t_command_handlers
,
1801 .target_create
= arm920t_target_create
,
1802 .init_target
= arm9tdmi_init_target
,
1803 .examine
= arm7_9_examine
,
1804 .check_reset
= arm7_9_check_reset
,
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)