Code Review / openocd.git / blob
? search:


e647bba13649c99d9a27b3fb359ea84ca570090e
[openocd.git] / src / target / aarch64.c
1 /***************************************************************************
2 * Copyright (C) 2015 by David Ung *
3 * *
4 * This program is free software; you can redistribute it and/or modify *
5 * it under the terms of the GNU General Public License as published by *
6 * the Free Software Foundation; either version 2 of the License, or *
7 * (at your option) any later version. *
8 * *
9 * This program is distributed in the hope that it will be useful, *
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
12 * GNU General Public License for more details. *
13 * *
14 * You should have received a copy of the GNU General Public License *
15 * along with this program; if not, write to the *
16 * Free Software Foundation, Inc., *
17 * *
18 ***************************************************************************/
19
20 #ifdef HAVE_CONFIG_H
21 #include "config.h"
22 #endif
23
24 #include "breakpoints.h"
25 #include "aarch64.h"
26 #include "register.h"
27 #include "target_request.h"
28 #include "target_type.h"
29 #include "armv8_opcodes.h"
30 #include "armv8_cache.h"
31 #include <helper/time_support.h>
32
33 #define __unused __attribute((unused))
34
35 enum restart_mode {
36 RESTART_LAZY,
37 RESTART_SYNC,
38 };
39
40 enum halt_mode {
41 HALT_LAZY,
42 HALT_SYNC,
43 };
44
45 static int aarch64_poll(struct target *target);
46 static int aarch64_debug_entry(struct target *target);
47 static int aarch64_restore_context(struct target *target, bool bpwp);
48 static int aarch64_set_breakpoint(struct target *target,
49 struct breakpoint *breakpoint, uint8_t matchmode);
50 static int aarch64_set_context_breakpoint(struct target *target,
51 struct breakpoint *breakpoint, uint8_t matchmode);
52 static int aarch64_set_hybrid_breakpoint(struct target *target,
53 struct breakpoint *breakpoint);
54 static int aarch64_unset_breakpoint(struct target *target,
55 struct breakpoint *breakpoint);
56 static int aarch64_mmu(struct target *target, int *enabled);
57 static int aarch64_virt2phys(struct target *target,
58 target_addr_t virt, target_addr_t *phys);
59 static int aarch64_read_apb_ap_memory(struct target *target,
60 uint64_t address, uint32_t size, uint32_t count, uint8_t *buffer);
61
62 #define foreach_smp_target(pos, head) \
63 for (pos = head; (pos != NULL); pos = pos->next)
64
65 static int aarch64_restore_system_control_reg(struct target *target)
66 {
67 enum arm_mode target_mode = ARM_MODE_ANY;
68 int retval = ERROR_OK;
69 uint32_t instr;
70
71 struct aarch64_common *aarch64 = target_to_aarch64(target);
72 struct armv8_common *armv8 = target_to_armv8(target);
73
74 if (aarch64->system_control_reg != aarch64->system_control_reg_curr) {
75 aarch64->system_control_reg_curr = aarch64->system_control_reg;
76 /* LOG_INFO("cp15_control_reg: %8.8" PRIx32, cortex_v8->cp15_control_reg); */
77
78 switch (armv8->arm.core_mode) {
79 case ARMV8_64_EL0T:
80 target_mode = ARMV8_64_EL1H;
81 /* fall through */
82 case ARMV8_64_EL1T:
83 case ARMV8_64_EL1H:
84 instr = ARMV8_MSR_GP(SYSTEM_SCTLR_EL1, 0);
85 break;
86 case ARMV8_64_EL2T:
87 case ARMV8_64_EL2H:
88 instr = ARMV8_MSR_GP(SYSTEM_SCTLR_EL2, 0);
89 break;
90 case ARMV8_64_EL3H:
91 case ARMV8_64_EL3T:
92 instr = ARMV8_MSR_GP(SYSTEM_SCTLR_EL3, 0);
93 break;
94
95 case ARM_MODE_SVC:
96 case ARM_MODE_ABT:
97 case ARM_MODE_FIQ:
98 case ARM_MODE_IRQ:
99 instr = ARMV4_5_MCR(15, 0, 0, 1, 0, 0);
100 break;
101
102 default:
103 LOG_INFO("cannot read system control register in this mode");
104 return ERROR_FAIL;
105 }
106
107 if (target_mode != ARM_MODE_ANY)
108 armv8_dpm_modeswitch(&armv8->dpm, target_mode);
109
110 retval = armv8->dpm.instr_write_data_r0(&armv8->dpm, instr, aarch64->system_control_reg);
111 if (retval != ERROR_OK)
112 return retval;
113
114 if (target_mode != ARM_MODE_ANY)
115 armv8_dpm_modeswitch(&armv8->dpm, ARM_MODE_ANY);
116 }
117
118 return retval;
119 }
120
121 /* modify system_control_reg in order to enable or disable mmu for :
122 * - virt2phys address conversion
123 * - read or write memory in phys or virt address */
124 static int aarch64_mmu_modify(struct target *target, int enable)
125 {
126 struct aarch64_common *aarch64 = target_to_aarch64(target);
127 struct armv8_common *armv8 = &aarch64->armv8_common;
128 int retval = ERROR_OK;
129 uint32_t instr = 0;
130
131 if (enable) {
132 /* if mmu enabled at target stop and mmu not enable */
133 if (!(aarch64->system_control_reg & 0x1U)) {
134 LOG_ERROR("trying to enable mmu on target stopped with mmu disable");
135 return ERROR_FAIL;
136 }
137 if (!(aarch64->system_control_reg_curr & 0x1U))
138 aarch64->system_control_reg_curr |= 0x1U;
139 } else {
140 if (aarch64->system_control_reg_curr & 0x4U) {
141 /* data cache is active */
142 aarch64->system_control_reg_curr &= ~0x4U;
143 /* flush data cache armv8 function to be called */
144 if (armv8->armv8_mmu.armv8_cache.flush_all_data_cache)
145 armv8->armv8_mmu.armv8_cache.flush_all_data_cache(target);
146 }
147 if ((aarch64->system_control_reg_curr & 0x1U)) {
148 aarch64->system_control_reg_curr &= ~0x1U;
149 }
150 }
151
152 switch (armv8->arm.core_mode) {
153 case ARMV8_64_EL0T:
154 case ARMV8_64_EL1T:
155 case ARMV8_64_EL1H:
156 instr = ARMV8_MSR_GP(SYSTEM_SCTLR_EL1, 0);
157 break;
158 case ARMV8_64_EL2T:
159 case ARMV8_64_EL2H:
160 instr = ARMV8_MSR_GP(SYSTEM_SCTLR_EL2, 0);
161 break;
162 case ARMV8_64_EL3H:
163 case ARMV8_64_EL3T:
164 instr = ARMV8_MSR_GP(SYSTEM_SCTLR_EL3, 0);
165 break;
166 default:
167 LOG_DEBUG("unknown cpu state 0x%x" PRIx32, armv8->arm.core_state);
168 break;
169 }
170
171 retval = armv8->dpm.instr_write_data_r0(&armv8->dpm, instr,
172 aarch64->system_control_reg_curr);
173 return retval;
174 }
175
176 /*
177 * Basic debug access, very low level assumes state is saved
178 */
179 static int aarch64_init_debug_access(struct target *target)
180 {
181 struct armv8_common *armv8 = target_to_armv8(target);
182 int retval;
183 uint32_t dummy;
184
185 LOG_DEBUG(" ");
186
187 retval = mem_ap_write_atomic_u32(armv8->debug_ap,
188 armv8->debug_base + CPUV8_DBG_OSLAR, 0);
189 if (retval != ERROR_OK) {
190 LOG_DEBUG("Examine %s failed", "oslock");
191 return retval;
192 }
193
194 /* Clear Sticky Power Down status Bit in PRSR to enable access to
195 the registers in the Core Power Domain */
196 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
197 armv8->debug_base + CPUV8_DBG_PRSR, &dummy);
198 if (retval != ERROR_OK)
199 return retval;
200
201 /*
202 * Static CTI configuration:
203 * Channel 0 -> trigger outputs HALT request to PE
204 * Channel 1 -> trigger outputs Resume request to PE
205 * Gate all channel trigger events from entering the CTM
206 */
207
208 /* Enable CTI */
209 retval = arm_cti_enable(armv8->cti, true);
210 /* By default, gate all channel events to and from the CTM */
211 if (retval == ERROR_OK)
212 retval = arm_cti_write_reg(armv8->cti, CTI_GATE, 0);
213 /* output halt requests to PE on channel 0 event */
214 if (retval == ERROR_OK)
215 retval = arm_cti_write_reg(armv8->cti, CTI_OUTEN0, CTI_CHNL(0));
216 /* output restart requests to PE on channel 1 event */
217 if (retval == ERROR_OK)
218 retval = arm_cti_write_reg(armv8->cti, CTI_OUTEN1, CTI_CHNL(1));
219 if (retval != ERROR_OK)
220 return retval;
221
222 /* Resync breakpoint registers */
223
224 return ERROR_OK;
225 }
226
227 /* Write to memory mapped registers directly with no cache or mmu handling */
228 static int aarch64_dap_write_memap_register_u32(struct target *target,
229 uint32_t address,
230 uint32_t value)
231 {
232 int retval;
233 struct armv8_common *armv8 = target_to_armv8(target);
234
235 retval = mem_ap_write_atomic_u32(armv8->debug_ap, address, value);
236
237 return retval;
238 }
239
240 static int aarch64_dpm_setup(struct aarch64_common *a8, uint64_t debug)
241 {
242 struct arm_dpm *dpm = &a8->armv8_common.dpm;
243 int retval;
244
245 dpm->arm = &a8->armv8_common.arm;
246 dpm->didr = debug;
247
248 retval = armv8_dpm_setup(dpm);
249 if (retval == ERROR_OK)
250 retval = armv8_dpm_initialize(dpm);
251
252 return retval;
253 }
254
255 static int aarch64_set_dscr_bits(struct target *target, unsigned long bit_mask, unsigned long value)
256 {
257 struct armv8_common *armv8 = target_to_armv8(target);
258 return armv8_set_dbgreg_bits(armv8, CPUV8_DBG_DSCR, bit_mask, value);
259 }
260
261 static int aarch64_check_state_one(struct target *target,
262 uint32_t mask, uint32_t val, int *p_result, uint32_t *p_prsr)
263 {
264 struct armv8_common *armv8 = target_to_armv8(target);
265 uint32_t prsr;
266 int retval;
267
268 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
269 armv8->debug_base + CPUV8_DBG_PRSR, &prsr);
270 if (retval != ERROR_OK)
271 return retval;
272
273 if (p_prsr)
274 *p_prsr = prsr;
275
276 if (p_result)
277 *p_result = (prsr & mask) == (val & mask);
278
279 return ERROR_OK;
280 }
281
282 static int aarch64_wait_halt_one(struct target *target)
283 {
284 int retval = ERROR_OK;
285 uint32_t prsr;
286
287 int64_t then = timeval_ms();
288 for (;;) {
289 int halted;
290
291 retval = aarch64_check_state_one(target, PRSR_HALT, PRSR_HALT, &halted, &prsr);
292 if (retval != ERROR_OK || halted)
293 break;
294
295 if (timeval_ms() > then + 1000) {
296 retval = ERROR_TARGET_TIMEOUT;
297 LOG_DEBUG("target %s timeout, prsr=0x%08"PRIx32, target_name(target), prsr);
298 break;
299 }
300 }
301 return retval;
302 }
303
304 static int aarch64_prepare_halt_smp(struct target *target, bool exc_target, struct target **p_first)
305 {
306 int retval = ERROR_OK;
307 struct target_list *head = target->head;
308 struct target *first = NULL;
309
310 LOG_DEBUG("target %s exc %i", target_name(target), exc_target);
311
312 while (head != NULL) {
313 struct target *curr = head->target;
314 struct armv8_common *armv8 = target_to_armv8(curr);
315 head = head->next;
316
317 if (exc_target && curr == target)
318 continue;
319 if (!target_was_examined(curr))
320 continue;
321 if (curr->state != TARGET_RUNNING)
322 continue;
323
324 /* HACK: mark this target as prepared for halting */
325 curr->debug_reason = DBG_REASON_DBGRQ;
326
327 /* open the gate for channel 0 to let HALT requests pass to the CTM */
328 retval = arm_cti_ungate_channel(armv8->cti, 0);
329 if (retval == ERROR_OK)
330 retval = aarch64_set_dscr_bits(curr, DSCR_HDE, DSCR_HDE);
331 if (retval != ERROR_OK)
332 break;
333
334 LOG_DEBUG("target %s prepared", target_name(curr));
335
336 if (first == NULL)
337 first = curr;
338 }
339
340 if (p_first) {
341 if (exc_target && first)
342 *p_first = first;
343 else
344 *p_first = target;
345 }
346
347 return retval;
348 }
349
350 static int aarch64_halt_one(struct target *target, enum halt_mode mode)
351 {
352 int retval = ERROR_OK;
353 struct armv8_common *armv8 = target_to_armv8(target);
354
355 LOG_DEBUG("%s", target_name(target));
356
357 /* allow Halting Debug Mode */
358 retval = aarch64_set_dscr_bits(target, DSCR_HDE, DSCR_HDE);
359 if (retval != ERROR_OK)
360 return retval;
361
362 /* trigger an event on channel 0, this outputs a halt request to the PE */
363 retval = arm_cti_pulse_channel(armv8->cti, 0);
364 if (retval != ERROR_OK)
365 return retval;
366
367 if (mode == HALT_SYNC) {
368 retval = aarch64_wait_halt_one(target);
369 if (retval != ERROR_OK) {
370 if (retval == ERROR_TARGET_TIMEOUT)
371 LOG_ERROR("Timeout waiting for target %s halt", target_name(target));
372 return retval;
373 }
374 }
375
376 return ERROR_OK;
377 }
378
379 static int aarch64_halt_smp(struct target *target, bool exc_target)
380 {
381 struct target *next = target;
382 int retval;
383
384 /* prepare halt on all PEs of the group */
385 retval = aarch64_prepare_halt_smp(target, exc_target, &next);
386
387 if (exc_target && next == target)
388 return retval;
389
390 /* halt the target PE */
391 if (retval == ERROR_OK)
392 retval = aarch64_halt_one(next, HALT_LAZY);
393
394 if (retval != ERROR_OK)
395 return retval;
396
397 /* wait for all PEs to halt */
398 int64_t then = timeval_ms();
399 for (;;) {
400 bool all_halted = true;
401 struct target_list *head;
402 struct target *curr;
403
404 foreach_smp_target(head, target->head) {
405 int halted;
406
407 curr = head->target;
408
409 if (!target_was_examined(curr))
410 continue;
411
412 retval = aarch64_check_state_one(curr, PRSR_HALT, PRSR_HALT, &halted, NULL);
413 if (retval != ERROR_OK || !halted) {
414 all_halted = false;
415 break;
416 }
417 }
418
419 if (all_halted)
420 break;
421
422 if (timeval_ms() > then + 1000) {
423 retval = ERROR_TARGET_TIMEOUT;
424 break;
425 }
426
427 /*
428 * HACK: on Hi6220 there are 8 cores organized in 2 clusters
429 * and it looks like the CTI's are not connected by a common
430 * trigger matrix. It seems that we need to halt one core in each
431 * cluster explicitly. So if we find that a core has not halted
432 * yet, we trigger an explicit halt for the second cluster.
433 */
434 retval = aarch64_halt_one(curr, HALT_LAZY);
435 if (retval != ERROR_OK)
436 break;
437 }
438
439 return retval;
440 }
441
442 static int update_halt_gdb(struct target *target, enum target_debug_reason debug_reason)
443 {
444 struct target *gdb_target = NULL;
445 struct target_list *head;
446 struct target *curr;
447
448 if (debug_reason == DBG_REASON_NOTHALTED) {
449 LOG_INFO("Halting remaining targets in SMP group");
450 aarch64_halt_smp(target, true);
451 }
452
453 /* poll all targets in the group, but skip the target that serves GDB */
454 foreach_smp_target(head, target->head) {
455 curr = head->target;
456 /* skip calling context */
457 if (curr == target)
458 continue;
459 if (!target_was_examined(curr))
460 continue;
461 /* skip targets that were already halted */
462 if (curr->state == TARGET_HALTED)
463 continue;
464 /* remember the gdb_service->target */
465 if (curr->gdb_service != NULL)
466 gdb_target = curr->gdb_service->target;
467 /* skip it */
468 if (curr == gdb_target)
469 continue;
470
471 /* avoid recursion in aarch64_poll() */
472 curr->smp = 0;
473 aarch64_poll(curr);
474 curr->smp = 1;
475 }
476
477 /* after all targets were updated, poll the gdb serving target */
478 if (gdb_target != NULL && gdb_target != target)
479 aarch64_poll(gdb_target);
480
481 return ERROR_OK;
482 }
483
484 /*
485 * Aarch64 Run control
486 */
487
488 static int aarch64_poll(struct target *target)
489 {
490 enum target_state prev_target_state;
491 int retval = ERROR_OK;
492 int halted;
493
494 retval = aarch64_check_state_one(target,
495 PRSR_HALT, PRSR_HALT, &halted, NULL);
496 if (retval != ERROR_OK)
497 return retval;
498
499 if (halted) {
500 prev_target_state = target->state;
501 if (prev_target_state != TARGET_HALTED) {
502 enum target_debug_reason debug_reason = target->debug_reason;
503
504 /* We have a halting debug event */
505 target->state = TARGET_HALTED;
506 LOG_DEBUG("Target %s halted", target_name(target));
507 retval = aarch64_debug_entry(target);
508 if (retval != ERROR_OK)
509 return retval;
510
511 if (target->smp)
512 update_halt_gdb(target, debug_reason);
513
514 switch (prev_target_state) {
515 case TARGET_RUNNING:
516 case TARGET_UNKNOWN:
517 case TARGET_RESET:
518 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
519 break;
520 case TARGET_DEBUG_RUNNING:
521 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
522 break;
523 default:
524 break;
525 }
526 }
527 } else
528 target->state = TARGET_RUNNING;
529
530 return retval;
531 }
532
533 static int aarch64_halt(struct target *target)
534 {
535 if (target->smp)
536 return aarch64_halt_smp(target, false);
537
538 return aarch64_halt_one(target, HALT_SYNC);
539 }
540
541 static int aarch64_restore_one(struct target *target, int current,
542 uint64_t *address, int handle_breakpoints, int debug_execution)
543 {
544 struct armv8_common *armv8 = target_to_armv8(target);
545 struct arm *arm = &armv8->arm;
546 int retval;
547 uint64_t resume_pc;
548
549 LOG_DEBUG("%s", target_name(target));
550
551 if (!debug_execution)
552 target_free_all_working_areas(target);
553
554 /* current = 1: continue on current pc, otherwise continue at <address> */
555 resume_pc = buf_get_u64(arm->pc->value, 0, 64);
556 if (!current)
557 resume_pc = *address;
558 else
559 *address = resume_pc;
560
561 /* Make sure that the Armv7 gdb thumb fixups does not
562 * kill the return address
563 */
564 switch (arm->core_state) {
565 case ARM_STATE_ARM:
566 resume_pc &= 0xFFFFFFFC;
567 break;
568 case ARM_STATE_AARCH64:
569 resume_pc &= 0xFFFFFFFFFFFFFFFC;
570 break;
571 case ARM_STATE_THUMB:
572 case ARM_STATE_THUMB_EE:
573 /* When the return address is loaded into PC
574 * bit 0 must be 1 to stay in Thumb state
575 */
576 resume_pc |= 0x1;
577 break;
578 case ARM_STATE_JAZELLE:
579 LOG_ERROR("How do I resume into Jazelle state??");
580 return ERROR_FAIL;
581 }
582 LOG_DEBUG("resume pc = 0x%016" PRIx64, resume_pc);
583 buf_set_u64(arm->pc->value, 0, 64, resume_pc);
584 arm->pc->dirty = 1;
585 arm->pc->valid = 1;
586
587 /* called it now before restoring context because it uses cpu
588 * register r0 for restoring system control register */
589 retval = aarch64_restore_system_control_reg(target);
590 if (retval == ERROR_OK)
591 retval = aarch64_restore_context(target, handle_breakpoints);
592
593 return retval;
594 }
595
596 /**
597 * prepare single target for restart
598 *
599 *
600 */
601 static int aarch64_prepare_restart_one(struct target *target)
602 {
603 struct armv8_common *armv8 = target_to_armv8(target);
604 int retval;
605 uint32_t dscr;
606 uint32_t tmp;
607
608 LOG_DEBUG("%s", target_name(target));
609
610 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
611 armv8->debug_base + CPUV8_DBG_DSCR, &dscr);
612 if (retval != ERROR_OK)
613 return retval;
614
615 if ((dscr & DSCR_ITE) == 0)
616 LOG_ERROR("DSCR.ITE must be set before leaving debug!");
617 if ((dscr & DSCR_ERR) != 0)
618 LOG_ERROR("DSCR.ERR must be cleared before leaving debug!");
619
620 /* acknowledge a pending CTI halt event */
621 retval = arm_cti_ack_events(armv8->cti, CTI_TRIG(HALT));
622 /*
623 * open the CTI gate for channel 1 so that the restart events
624 * get passed along to all PEs. Also close gate for channel 0
625 * to isolate the PE from halt events.
626 */
627 if (retval == ERROR_OK)
628 retval = arm_cti_ungate_channel(armv8->cti, 1);
629 if (retval == ERROR_OK)
630 retval = arm_cti_gate_channel(armv8->cti, 0);
631
632 /* make sure that DSCR.HDE is set */
633 if (retval == ERROR_OK) {
634 dscr |= DSCR_HDE;
635 retval = mem_ap_write_atomic_u32(armv8->debug_ap,
636 armv8->debug_base + CPUV8_DBG_DSCR, dscr);
637 }
638
639 /* clear sticky bits in PRSR, SDR is now 0 */
640 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
641 armv8->debug_base + CPUV8_DBG_PRSR, &tmp);
642
643 return retval;
644 }
645
646 static int aarch64_do_restart_one(struct target *target, enum restart_mode mode)
647 {
648 struct armv8_common *armv8 = target_to_armv8(target);
649 int retval;
650
651 LOG_DEBUG("%s", target_name(target));
652
653 /* trigger an event on channel 1, generates a restart request to the PE */
654 retval = arm_cti_pulse_channel(armv8->cti, 1);
655 if (retval != ERROR_OK)
656 return retval;
657
658 if (mode == RESTART_SYNC) {
659 int64_t then = timeval_ms();
660 for (;;) {
661 int resumed;
662 /*
663 * if PRSR.SDR is set now, the target did restart, even
664 * if it's now already halted again (e.g. due to breakpoint)
665 */
666 retval = aarch64_check_state_one(target,
667 PRSR_SDR, PRSR_SDR, &resumed, NULL);
668 if (retval != ERROR_OK || resumed)
669 break;
670
671 if (timeval_ms() > then + 1000) {
672 LOG_ERROR("%s: Timeout waiting for resume"PRIx32, target_name(target));
673 retval = ERROR_TARGET_TIMEOUT;
674 break;
675 }
676 }
677 }
678
679 if (retval != ERROR_OK)
680 return retval;
681
682 target->debug_reason = DBG_REASON_NOTHALTED;
683 target->state = TARGET_RUNNING;
684
685 return ERROR_OK;
686 }
687
688 static int aarch64_restart_one(struct target *target, enum restart_mode mode)
689 {
690 int retval;
691
692 LOG_DEBUG("%s", target_name(target));
693
694 retval = aarch64_prepare_restart_one(target);
695 if (retval == ERROR_OK)
696 retval = aarch64_do_restart_one(target, mode);
697
698 return retval;
699 }
700
701 /*
702 * prepare all but the current target for restart
703 */
704 static int aarch64_prep_restart_smp(struct target *target, int handle_breakpoints, struct target **p_first)
705 {
706 int retval = ERROR_OK;
707 struct target_list *head;
708 struct target *first = NULL;
709 uint64_t address;
710
711 foreach_smp_target(head, target->head) {
712 struct target *curr = head->target;
713
714 /* skip calling target */
715 if (curr == target)
716 continue;
717 if (!target_was_examined(curr))
718 continue;
719 if (curr->state != TARGET_HALTED)
720 continue;
721
722 /* resume at current address, not in step mode */
723 retval = aarch64_restore_one(curr, 1, &address, handle_breakpoints, 0);
724 if (retval == ERROR_OK)
725 retval = aarch64_prepare_restart_one(curr);
726 if (retval != ERROR_OK) {
727 LOG_ERROR("failed to restore target %s", target_name(curr));
728 break;
729 }
730 /* remember the first valid target in the group */
731 if (first == NULL)
732 first = curr;
733 }
734
735 if (p_first)
736 *p_first = first;
737
738 return retval;
739 }
740
741
742 static int aarch64_step_restart_smp(struct target *target)
743 {
744 int retval = ERROR_OK;
745 struct target_list *head;
746 struct target *first = NULL;
747
748 LOG_DEBUG("%s", target_name(target));
749
750 retval = aarch64_prep_restart_smp(target, 0, &first);
751 if (retval != ERROR_OK)
752 return retval;
753
754 if (first != NULL)
755 retval = aarch64_do_restart_one(first, RESTART_LAZY);
756 if (retval != ERROR_OK) {
757 LOG_DEBUG("error restarting target %s", target_name(first));
758 return retval;
759 }
760
761 int64_t then = timeval_ms();
762 for (;;) {
763 struct target *curr = target;
764 bool all_resumed = true;
765
766 foreach_smp_target(head, target->head) {
767 uint32_t prsr;
768 int resumed;
769
770 curr = head->target;
771
772 if (curr == target)
773 continue;
774
775 retval = aarch64_check_state_one(curr,
776 PRSR_SDR, PRSR_SDR, &resumed, &prsr);
777 if (retval != ERROR_OK || (!resumed && (prsr & PRSR_HALT))) {
778 all_resumed = false;
779 break;
780 }
781
782 if (curr->state != TARGET_RUNNING) {
783 curr->state = TARGET_RUNNING;
784 curr->debug_reason = DBG_REASON_NOTHALTED;
785 target_call_event_callbacks(curr, TARGET_EVENT_RESUMED);
786 }
787 }
788
789 if (all_resumed)
790 break;
791
792 if (timeval_ms() > then + 1000) {
793 LOG_ERROR("%s: timeout waiting for target resume", __func__);
794 retval = ERROR_TARGET_TIMEOUT;
795 break;
796 }
797 /*
798 * HACK: on Hi6220 there are 8 cores organized in 2 clusters
799 * and it looks like the CTI's are not connected by a common
800 * trigger matrix. It seems that we need to halt one core in each
801 * cluster explicitly. So if we find that a core has not halted
802 * yet, we trigger an explicit resume for the second cluster.
803 */
804 retval = aarch64_do_restart_one(curr, RESTART_LAZY);
805 if (retval != ERROR_OK)
806 break;
807 }
808
809 return retval;
810 }
811
812 static int aarch64_resume(struct target *target, int current,
813 target_addr_t address, int handle_breakpoints, int debug_execution)
814 {
815 int retval = 0;
816 uint64_t addr = address;
817
818 if (target->state != TARGET_HALTED)
819 return ERROR_TARGET_NOT_HALTED;
820
821 /*
822 * If this target is part of a SMP group, prepare the others
823 * targets for resuming. This involves restoring the complete
824 * target register context and setting up CTI gates to accept
825 * resume events from the trigger matrix.
826 */
827 if (target->smp) {
828 retval = aarch64_prep_restart_smp(target, handle_breakpoints, NULL);
829 if (retval != ERROR_OK)
830 return retval;
831 }
832
833 /* all targets prepared, restore and restart the current target */
834 retval = aarch64_restore_one(target, current, &addr, handle_breakpoints,
835 debug_execution);
836 if (retval == ERROR_OK)
837 retval = aarch64_restart_one(target, RESTART_SYNC);
838 if (retval != ERROR_OK)
839 return retval;
840
841 if (target->smp) {
842 int64_t then = timeval_ms();
843 for (;;) {
844 struct target *curr = target;
845 struct target_list *head;
846 bool all_resumed = true;
847
848 foreach_smp_target(head, target->head) {
849 uint32_t prsr;
850 int resumed;
851
852 curr = head->target;
853 if (curr == target)
854 continue;
855 if (!target_was_examined(curr))
856 continue;
857
858 retval = aarch64_check_state_one(curr,
859 PRSR_SDR, PRSR_SDR, &resumed, &prsr);
860 if (retval != ERROR_OK || (!resumed && (prsr & PRSR_HALT))) {
861 all_resumed = false;
862 break;
863 }
864
865 if (curr->state != TARGET_RUNNING) {
866 curr->state = TARGET_RUNNING;
867 curr->debug_reason = DBG_REASON_NOTHALTED;
868 target_call_event_callbacks(curr, TARGET_EVENT_RESUMED);
869 }
870 }
871
872 if (all_resumed)
873 break;
874
875 if (timeval_ms() > then + 1000) {
876 LOG_ERROR("%s: timeout waiting for target %s to resume", __func__, target_name(curr));
877 retval = ERROR_TARGET_TIMEOUT;
878 break;
879 }
880
881 /*
882 * HACK: on Hi6220 there are 8 cores organized in 2 clusters
883 * and it looks like the CTI's are not connected by a common
884 * trigger matrix. It seems that we need to halt one core in each
885 * cluster explicitly. So if we find that a core has not halted
886 * yet, we trigger an explicit resume for the second cluster.
887 */
888 retval = aarch64_do_restart_one(curr, RESTART_LAZY);
889 if (retval != ERROR_OK)
890 break;
891 }
892 }
893
894 if (retval != ERROR_OK)
895 return retval;
896
897 target->debug_reason = DBG_REASON_NOTHALTED;
898
899 if (!debug_execution) {
900 target->state = TARGET_RUNNING;
901 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
902 LOG_DEBUG("target resumed at 0x%" PRIx64, addr);
903 } else {
904 target->state = TARGET_DEBUG_RUNNING;
905 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
906 LOG_DEBUG("target debug resumed at 0x%" PRIx64, addr);
907 }
908
909 return ERROR_OK;
910 }
911
912 static int aarch64_debug_entry(struct target *target)
913 {
914 int retval = ERROR_OK;
915 struct armv8_common *armv8 = target_to_armv8(target);
916 struct arm_dpm *dpm = &armv8->dpm;
917 enum arm_state core_state;
918 uint32_t dscr;
919
920 /* make sure to clear all sticky errors */
921 retval = mem_ap_write_atomic_u32(armv8->debug_ap,
922 armv8->debug_base + CPUV8_DBG_DRCR, DRCR_CSE);
923 if (retval == ERROR_OK)
924 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
925 armv8->debug_base + CPUV8_DBG_DSCR, &dscr);
926 if (retval == ERROR_OK)
927 retval = arm_cti_ack_events(armv8->cti, CTI_TRIG(HALT));
928
929 if (retval != ERROR_OK)
930 return retval;
931
932 LOG_DEBUG("%s dscr = 0x%08" PRIx32, target_name(target), dscr);
933
934 dpm->dscr = dscr;
935 core_state = armv8_dpm_get_core_state(dpm);
936 armv8_select_opcodes(armv8, core_state == ARM_STATE_AARCH64);
937 armv8_select_reg_access(armv8, core_state == ARM_STATE_AARCH64);
938
939 /* close the CTI gate for all events */
940 if (retval == ERROR_OK)
941 retval = arm_cti_write_reg(armv8->cti, CTI_GATE, 0);
942 /* discard async exceptions */
943 if (retval == ERROR_OK)
944 retval = dpm->instr_cpsr_sync(dpm);
945 if (retval != ERROR_OK)
946 return retval;
947
948 /* Examine debug reason */
949 armv8_dpm_report_dscr(dpm, dscr);
950
951 /* save address of instruction that triggered the watchpoint? */
952 if (target->debug_reason == DBG_REASON_WATCHPOINT) {
953 uint32_t tmp;
954 uint64_t wfar = 0;
955
956 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
957 armv8->debug_base + CPUV8_DBG_WFAR1,
958 &tmp);
959 if (retval != ERROR_OK)
960 return retval;
961 wfar = tmp;
962 wfar = (wfar << 32);
963 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
964 armv8->debug_base + CPUV8_DBG_WFAR0,
965 &tmp);
966 if (retval != ERROR_OK)
967 return retval;
968 wfar |= tmp;
969 armv8_dpm_report_wfar(&armv8->dpm, wfar);
970 }
971
972 retval = armv8_dpm_read_current_registers(&armv8->dpm);
973
974 if (retval == ERROR_OK && armv8->post_debug_entry)
975 retval = armv8->post_debug_entry(target);
976
977 return retval;
978 }
979
980 static int aarch64_post_debug_entry(struct target *target)
981 {
982 struct aarch64_common *aarch64 = target_to_aarch64(target);
983 struct armv8_common *armv8 = &aarch64->armv8_common;
984 int retval;
985 enum arm_mode target_mode = ARM_MODE_ANY;
986 uint32_t instr;
987
988 switch (armv8->arm.core_mode) {
989 case ARMV8_64_EL0T:
990 target_mode = ARMV8_64_EL1H;
991 /* fall through */
992 case ARMV8_64_EL1T:
993 case ARMV8_64_EL1H:
994 instr = ARMV8_MRS(SYSTEM_SCTLR_EL1, 0);
995 break;
996 case ARMV8_64_EL2T:
997 case ARMV8_64_EL2H:
998 instr = ARMV8_MRS(SYSTEM_SCTLR_EL2, 0);
999 break;
1000 case ARMV8_64_EL3H:
1001 case ARMV8_64_EL3T:
1002 instr = ARMV8_MRS(SYSTEM_SCTLR_EL3, 0);
1003 break;
1004
1005 case ARM_MODE_SVC:
1006 case ARM_MODE_ABT:
1007 case ARM_MODE_FIQ:
1008 case ARM_MODE_IRQ:
1009 instr = ARMV4_5_MRC(15, 0, 0, 1, 0, 0);
1010 break;
1011
1012 default:
1013 LOG_INFO("cannot read system control register in this mode");
1014 return ERROR_FAIL;
1015 }
1016
1017 if (target_mode != ARM_MODE_ANY)
1018 armv8_dpm_modeswitch(&armv8->dpm, target_mode);
1019
1020 retval = armv8->dpm.instr_read_data_r0(&armv8->dpm, instr, &aarch64->system_control_reg);
1021 if (retval != ERROR_OK)
1022 return retval;
1023
1024 if (target_mode != ARM_MODE_ANY)
1025 armv8_dpm_modeswitch(&armv8->dpm, ARM_MODE_ANY);
1026
1027 LOG_DEBUG("System_register: %8.8" PRIx32, aarch64->system_control_reg);
1028 aarch64->system_control_reg_curr = aarch64->system_control_reg;
1029
1030 if (armv8->armv8_mmu.armv8_cache.info == -1) {
1031 armv8_identify_cache(armv8);
1032 armv8_read_mpidr(armv8);
1033 }
1034
1035 armv8->armv8_mmu.mmu_enabled =
1036 (aarch64->system_control_reg & 0x1U) ? 1 : 0;
1037 armv8->armv8_mmu.armv8_cache.d_u_cache_enabled =
1038 (aarch64->system_control_reg & 0x4U) ? 1 : 0;
1039 armv8->armv8_mmu.armv8_cache.i_cache_enabled =
1040 (aarch64->system_control_reg & 0x1000U) ? 1 : 0;
1041 return ERROR_OK;
1042 }
1043
1044 /*
1045 * single-step a target
1046 */
1047 static int aarch64_step(struct target *target, int current, target_addr_t address,
1048 int handle_breakpoints)
1049 {
1050 struct armv8_common *armv8 = target_to_armv8(target);
1051 int saved_retval = ERROR_OK;
1052 int retval;
1053 uint32_t edecr;
1054
1055 if (target->state != TARGET_HALTED) {
1056 LOG_WARNING("target not halted");
1057 return ERROR_TARGET_NOT_HALTED;
1058 }
1059
1060 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
1061 armv8->debug_base + CPUV8_DBG_EDECR, &edecr);
1062 /* make sure EDECR.SS is not set when restoring the register */
1063
1064 if (retval == ERROR_OK) {
1065 edecr &= ~0x4;
1066 /* set EDECR.SS to enter hardware step mode */
1067 retval = mem_ap_write_atomic_u32(armv8->debug_ap,
1068 armv8->debug_base + CPUV8_DBG_EDECR, (edecr|0x4));
1069 }
1070 /* disable interrupts while stepping */
1071 if (retval == ERROR_OK)
1072 retval = aarch64_set_dscr_bits(target, 0x3 << 22, 0x3 << 22);
1073 /* bail out if stepping setup has failed */
1074 if (retval != ERROR_OK)
1075 return retval;
1076
1077 if (target->smp && !handle_breakpoints) {
1078 /*
1079 * isolate current target so that it doesn't get resumed
1080 * together with the others
1081 */
1082 retval = arm_cti_gate_channel(armv8->cti, 1);
1083 /* resume all other targets in the group */
1084 if (retval == ERROR_OK)
1085 retval = aarch64_step_restart_smp(target);
1086 if (retval != ERROR_OK) {
1087 LOG_ERROR("Failed to restart non-stepping targets in SMP group");
1088 return retval;
1089 }
1090 LOG_DEBUG("Restarted all non-stepping targets in SMP group");
1091 }
1092
1093 /* all other targets running, restore and restart the current target */
1094 retval = aarch64_restore_one(target, current, &address, 0, 0);
1095 if (retval == ERROR_OK)
1096 retval = aarch64_restart_one(target, RESTART_LAZY);
1097
1098 if (retval != ERROR_OK)
1099 return retval;
1100
1101 LOG_DEBUG("target step-resumed at 0x%" PRIx64, address);
1102 if (!handle_breakpoints)
1103 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1104
1105 int64_t then = timeval_ms();
1106 for (;;) {
1107 int stepped;
1108 uint32_t prsr;
1109
1110 retval = aarch64_check_state_one(target,
1111 PRSR_SDR|PRSR_HALT, PRSR_SDR|PRSR_HALT, &stepped, &prsr);
1112 if (retval != ERROR_OK || stepped)
1113 break;
1114
1115 if (timeval_ms() > then + 1000) {
1116 LOG_ERROR("timeout waiting for target %s halt after step",
1117 target_name(target));
1118 retval = ERROR_TARGET_TIMEOUT;
1119 break;
1120 }
1121 }
1122
1123 if (retval == ERROR_TARGET_TIMEOUT)
1124 saved_retval = retval;
1125
1126 /* restore EDECR */
1127 retval = mem_ap_write_atomic_u32(armv8->debug_ap,
1128 armv8->debug_base + CPUV8_DBG_EDECR, edecr);
1129 if (retval != ERROR_OK)
1130 return retval;
1131
1132 /* restore interrupts */
1133 retval = aarch64_set_dscr_bits(target, 0x3 << 22, 0);
1134 if (retval != ERROR_OK)
1135 return ERROR_OK;
1136
1137 if (saved_retval != ERROR_OK)
1138 return saved_retval;
1139
1140 return aarch64_poll(target);
1141 }
1142
1143 static int aarch64_restore_context(struct target *target, bool bpwp)
1144 {
1145 struct armv8_common *armv8 = target_to_armv8(target);
1146 struct arm *arm = &armv8->arm;
1147
1148 int retval;
1149
1150 LOG_DEBUG("%s", target_name(target));
1151
1152 if (armv8->pre_restore_context)
1153 armv8->pre_restore_context(target);
1154
1155 retval = armv8_dpm_write_dirty_registers(&armv8->dpm, bpwp);
1156 if (retval == ERROR_OK) {
1157 /* registers are now invalid */
1158 register_cache_invalidate(arm->core_cache);
1159 register_cache_invalidate(arm->core_cache->next);
1160 }
1161
1162 return retval;
1163 }
1164
1165 /*
1166 * Cortex-A8 Breakpoint and watchpoint functions
1167 */
1168
1169 /* Setup hardware Breakpoint Register Pair */
1170 static int aarch64_set_breakpoint(struct target *target,
1171 struct breakpoint *breakpoint, uint8_t matchmode)
1172 {
1173 int retval;
1174 int brp_i = 0;
1175 uint32_t control;
1176 uint8_t byte_addr_select = 0x0F;
1177 struct aarch64_common *aarch64 = target_to_aarch64(target);
1178 struct armv8_common *armv8 = &aarch64->armv8_common;
1179 struct aarch64_brp *brp_list = aarch64->brp_list;
1180
1181 if (breakpoint->set) {
1182 LOG_WARNING("breakpoint already set");
1183 return ERROR_OK;
1184 }
1185
1186 if (breakpoint->type == BKPT_HARD) {
1187 int64_t bpt_value;
1188 while (brp_list[brp_i].used && (brp_i < aarch64->brp_num))
1189 brp_i++;
1190 if (brp_i >= aarch64->brp_num) {
1191 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1192 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1193 }
1194 breakpoint->set = brp_i + 1;
1195 if (breakpoint->length == 2)
1196 byte_addr_select = (3 << (breakpoint->address & 0x02));
1197 control = ((matchmode & 0x7) << 20)
1198 | (1 << 13)
1199 | (byte_addr_select << 5)
1200 | (3 << 1) | 1;
1201 brp_list[brp_i].used = 1;
1202 brp_list[brp_i].value = breakpoint->address & 0xFFFFFFFFFFFFFFFC;
1203 brp_list[brp_i].control = control;
1204 bpt_value = brp_list[brp_i].value;
1205
1206 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1207 + CPUV8_DBG_BVR_BASE + 16 * brp_list[brp_i].BRPn,
1208 (uint32_t)(bpt_value & 0xFFFFFFFF));
1209 if (retval != ERROR_OK)
1210 return retval;
1211 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1212 + CPUV8_DBG_BVR_BASE + 4 + 16 * brp_list[brp_i].BRPn,
1213 (uint32_t)(bpt_value >> 32));
1214 if (retval != ERROR_OK)
1215 return retval;
1216
1217 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1218 + CPUV8_DBG_BCR_BASE + 16 * brp_list[brp_i].BRPn,
1219 brp_list[brp_i].control);
1220 if (retval != ERROR_OK)
1221 return retval;
1222 LOG_DEBUG("brp %i control 0x%0" PRIx32 " value 0x%" TARGET_PRIxADDR, brp_i,
1223 brp_list[brp_i].control,
1224 brp_list[brp_i].value);
1225
1226 } else if (breakpoint->type == BKPT_SOFT) {
1227 uint8_t code[4];
1228
1229 buf_set_u32(code, 0, 32, armv8_opcode(armv8, ARMV8_OPC_HLT));
1230 retval = target_read_memory(target,
1231 breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1232 breakpoint->length, 1,
1233 breakpoint->orig_instr);
1234 if (retval != ERROR_OK)
1235 return retval;
1236
1237 armv8_cache_d_inner_flush_virt(armv8,
1238 breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1239 breakpoint->length);
1240
1241 retval = target_write_memory(target,
1242 breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1243 breakpoint->length, 1, code);
1244 if (retval != ERROR_OK)
1245 return retval;
1246
1247 armv8_cache_d_inner_flush_virt(armv8,
1248 breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1249 breakpoint->length);
1250
1251 armv8_cache_i_inner_inval_virt(armv8,
1252 breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1253 breakpoint->length);
1254
1255 breakpoint->set = 0x11; /* Any nice value but 0 */
1256 }
1257
1258 /* Ensure that halting debug mode is enable */
1259 retval = aarch64_set_dscr_bits(target, DSCR_HDE, DSCR_HDE);
1260 if (retval != ERROR_OK) {
1261 LOG_DEBUG("Failed to set DSCR.HDE");
1262 return retval;
1263 }
1264
1265 return ERROR_OK;
1266 }
1267
1268 static int aarch64_set_context_breakpoint(struct target *target,
1269 struct breakpoint *breakpoint, uint8_t matchmode)
1270 {
1271 int retval = ERROR_FAIL;
1272 int brp_i = 0;
1273 uint32_t control;
1274 uint8_t byte_addr_select = 0x0F;
1275 struct aarch64_common *aarch64 = target_to_aarch64(target);
1276 struct armv8_common *armv8 = &aarch64->armv8_common;
1277 struct aarch64_brp *brp_list = aarch64->brp_list;
1278
1279 if (breakpoint->set) {
1280 LOG_WARNING("breakpoint already set");
1281 return retval;
1282 }
1283 /*check available context BRPs*/
1284 while ((brp_list[brp_i].used ||
1285 (brp_list[brp_i].type != BRP_CONTEXT)) && (brp_i < aarch64->brp_num))
1286 brp_i++;
1287
1288 if (brp_i >= aarch64->brp_num) {
1289 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1290 return ERROR_FAIL;
1291 }
1292
1293 breakpoint->set = brp_i + 1;
1294 control = ((matchmode & 0x7) << 20)
1295 | (1 << 13)
1296 | (byte_addr_select << 5)
1297 | (3 << 1) | 1;
1298 brp_list[brp_i].used = 1;
1299 brp_list[brp_i].value = (breakpoint->asid);
1300 brp_list[brp_i].control = control;
1301 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1302 + CPUV8_DBG_BVR_BASE + 16 * brp_list[brp_i].BRPn,
1303 brp_list[brp_i].value);
1304 if (retval != ERROR_OK)
1305 return retval;
1306 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1307 + CPUV8_DBG_BCR_BASE + 16 * brp_list[brp_i].BRPn,
1308 brp_list[brp_i].control);
1309 if (retval != ERROR_OK)
1310 return retval;
1311 LOG_DEBUG("brp %i control 0x%0" PRIx32 " value 0x%" TARGET_PRIxADDR, brp_i,
1312 brp_list[brp_i].control,
1313 brp_list[brp_i].value);
1314 return ERROR_OK;
1315
1316 }
1317
1318 static int aarch64_set_hybrid_breakpoint(struct target *target, struct breakpoint *breakpoint)
1319 {
1320 int retval = ERROR_FAIL;
1321 int brp_1 = 0; /* holds the contextID pair */
1322 int brp_2 = 0; /* holds the IVA pair */
1323 uint32_t control_CTX, control_IVA;
1324 uint8_t CTX_byte_addr_select = 0x0F;
1325 uint8_t IVA_byte_addr_select = 0x0F;
1326 uint8_t CTX_machmode = 0x03;
1327 uint8_t IVA_machmode = 0x01;
1328 struct aarch64_common *aarch64 = target_to_aarch64(target);
1329 struct armv8_common *armv8 = &aarch64->armv8_common;
1330 struct aarch64_brp *brp_list = aarch64->brp_list;
1331
1332 if (breakpoint->set) {
1333 LOG_WARNING("breakpoint already set");
1334 return retval;
1335 }
1336 /*check available context BRPs*/
1337 while ((brp_list[brp_1].used ||
1338 (brp_list[brp_1].type != BRP_CONTEXT)) && (brp_1 < aarch64->brp_num))
1339 brp_1++;
1340
1341 printf("brp(CTX) found num: %d\n", brp_1);
1342 if (brp_1 >= aarch64->brp_num) {
1343 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1344 return ERROR_FAIL;
1345 }
1346
1347 while ((brp_list[brp_2].used ||
1348 (brp_list[brp_2].type != BRP_NORMAL)) && (brp_2 < aarch64->brp_num))
1349 brp_2++;
1350
1351 printf("brp(IVA) found num: %d\n", brp_2);
1352 if (brp_2 >= aarch64->brp_num) {
1353 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1354 return ERROR_FAIL;
1355 }
1356
1357 breakpoint->set = brp_1 + 1;
1358 breakpoint->linked_BRP = brp_2;
1359 control_CTX = ((CTX_machmode & 0x7) << 20)
1360 | (brp_2 << 16)
1361 | (0 << 14)
1362 | (CTX_byte_addr_select << 5)
1363 | (3 << 1) | 1;
1364 brp_list[brp_1].used = 1;
1365 brp_list[brp_1].value = (breakpoint->asid);
1366 brp_list[brp_1].control = control_CTX;
1367 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1368 + CPUV8_DBG_BVR_BASE + 16 * brp_list[brp_1].BRPn,
1369 brp_list[brp_1].value);
1370 if (retval != ERROR_OK)
1371 return retval;
1372 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1373 + CPUV8_DBG_BCR_BASE + 16 * brp_list[brp_1].BRPn,
1374 brp_list[brp_1].control);
1375 if (retval != ERROR_OK)
1376 return retval;
1377
1378 control_IVA = ((IVA_machmode & 0x7) << 20)
1379 | (brp_1 << 16)
1380 | (1 << 13)
1381 | (IVA_byte_addr_select << 5)
1382 | (3 << 1) | 1;
1383 brp_list[brp_2].used = 1;
1384 brp_list[brp_2].value = breakpoint->address & 0xFFFFFFFFFFFFFFFC;
1385 brp_list[brp_2].control = control_IVA;
1386 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1387 + CPUV8_DBG_BVR_BASE + 16 * brp_list[brp_2].BRPn,
1388 brp_list[brp_2].value & 0xFFFFFFFF);
1389 if (retval != ERROR_OK)
1390 return retval;
1391 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1392 + CPUV8_DBG_BVR_BASE + 4 + 16 * brp_list[brp_2].BRPn,
1393 brp_list[brp_2].value >> 32);
1394 if (retval != ERROR_OK)
1395 return retval;
1396 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1397 + CPUV8_DBG_BCR_BASE + 16 * brp_list[brp_2].BRPn,
1398 brp_list[brp_2].control);
1399 if (retval != ERROR_OK)
1400 return retval;
1401
1402 return ERROR_OK;
1403 }
1404
1405 static int aarch64_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
1406 {
1407 int retval;
1408 struct aarch64_common *aarch64 = target_to_aarch64(target);
1409 struct armv8_common *armv8 = &aarch64->armv8_common;
1410 struct aarch64_brp *brp_list = aarch64->brp_list;
1411
1412 if (!breakpoint->set) {
1413 LOG_WARNING("breakpoint not set");
1414 return ERROR_OK;
1415 }
1416
1417 if (breakpoint->type == BKPT_HARD) {
1418 if ((breakpoint->address != 0) && (breakpoint->asid != 0)) {
1419 int brp_i = breakpoint->set - 1;
1420 int brp_j = breakpoint->linked_BRP;
1421 if ((brp_i < 0) || (brp_i >= aarch64->brp_num)) {
1422 LOG_DEBUG("Invalid BRP number in breakpoint");
1423 return ERROR_OK;
1424 }
1425 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%" TARGET_PRIxADDR, brp_i,
1426 brp_list[brp_i].control, brp_list[brp_i].value);
1427 brp_list[brp_i].used = 0;
1428 brp_list[brp_i].value = 0;
1429 brp_list[brp_i].control = 0;
1430 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1431 + CPUV8_DBG_BCR_BASE + 16 * brp_list[brp_i].BRPn,
1432 brp_list[brp_i].control);
1433 if (retval != ERROR_OK)
1434 return retval;
1435 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1436 + CPUV8_DBG_BVR_BASE + 16 * brp_list[brp_i].BRPn,
1437 (uint32_t)brp_list[brp_i].value);
1438 if (retval != ERROR_OK)
1439 return retval;
1440 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1441 + CPUV8_DBG_BVR_BASE + 4 + 16 * brp_list[brp_i].BRPn,
1442 (uint32_t)brp_list[brp_i].value);
1443 if (retval != ERROR_OK)
1444 return retval;
1445 if ((brp_j < 0) || (brp_j >= aarch64->brp_num)) {
1446 LOG_DEBUG("Invalid BRP number in breakpoint");
1447 return ERROR_OK;
1448 }
1449 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx64, brp_j,
1450 brp_list[brp_j].control, brp_list[brp_j].value);
1451 brp_list[brp_j].used = 0;
1452 brp_list[brp_j].value = 0;
1453 brp_list[brp_j].control = 0;
1454 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1455 + CPUV8_DBG_BCR_BASE + 16 * brp_list[brp_j].BRPn,
1456 brp_list[brp_j].control);
1457 if (retval != ERROR_OK)
1458 return retval;
1459 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1460 + CPUV8_DBG_BVR_BASE + 16 * brp_list[brp_j].BRPn,
1461 (uint32_t)brp_list[brp_j].value);
1462 if (retval != ERROR_OK)
1463 return retval;
1464 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1465 + CPUV8_DBG_BVR_BASE + 4 + 16 * brp_list[brp_j].BRPn,
1466 (uint32_t)brp_list[brp_j].value);
1467 if (retval != ERROR_OK)
1468 return retval;
1469
1470 breakpoint->linked_BRP = 0;
1471 breakpoint->set = 0;
1472 return ERROR_OK;
1473
1474 } else {
1475 int brp_i = breakpoint->set - 1;
1476 if ((brp_i < 0) || (brp_i >= aarch64->brp_num)) {
1477 LOG_DEBUG("Invalid BRP number in breakpoint");
1478 return ERROR_OK;
1479 }
1480 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx64, brp_i,
1481 brp_list[brp_i].control, brp_list[brp_i].value);
1482 brp_list[brp_i].used = 0;
1483 brp_list[brp_i].value = 0;
1484 brp_list[brp_i].control = 0;
1485 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1486 + CPUV8_DBG_BCR_BASE + 16 * brp_list[brp_i].BRPn,
1487 brp_list[brp_i].control);
1488 if (retval != ERROR_OK)
1489 return retval;
1490 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1491 + CPUV8_DBG_BVR_BASE + 16 * brp_list[brp_i].BRPn,
1492 brp_list[brp_i].value);
1493 if (retval != ERROR_OK)
1494 return retval;
1495
1496 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1497 + CPUV8_DBG_BVR_BASE + 4 + 16 * brp_list[brp_i].BRPn,
1498 (uint32_t)brp_list[brp_i].value);
1499 if (retval != ERROR_OK)
1500 return retval;
1501 breakpoint->set = 0;
1502 return ERROR_OK;
1503 }
1504 } else {
1505 /* restore original instruction (kept in target endianness) */
1506
1507 armv8_cache_d_inner_flush_virt(armv8,
1508 breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1509 breakpoint->length);
1510
1511 if (breakpoint->length == 4) {
1512 retval = target_write_memory(target,
1513 breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1514 4, 1, breakpoint->orig_instr);
1515 if (retval != ERROR_OK)
1516 return retval;
1517 } else {
1518 retval = target_write_memory(target,
1519 breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1520 2, 1, breakpoint->orig_instr);
1521 if (retval != ERROR_OK)
1522 return retval;
1523 }
1524
1525 armv8_cache_d_inner_flush_virt(armv8,
1526 breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1527 breakpoint->length);
1528
1529 armv8_cache_i_inner_inval_virt(armv8,
1530 breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1531 breakpoint->length);
1532 }
1533 breakpoint->set = 0;
1534
1535 return ERROR_OK;
1536 }
1537
1538 static int aarch64_add_breakpoint(struct target *target,
1539 struct breakpoint *breakpoint)
1540 {
1541 struct aarch64_common *aarch64 = target_to_aarch64(target);
1542
1543 if ((breakpoint->type == BKPT_HARD) && (aarch64->brp_num_available < 1)) {
1544 LOG_INFO("no hardware breakpoint available");
1545 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1546 }
1547
1548 if (breakpoint->type == BKPT_HARD)
1549 aarch64->brp_num_available--;
1550
1551 return aarch64_set_breakpoint(target, breakpoint, 0x00); /* Exact match */
1552 }
1553
1554 static int aarch64_add_context_breakpoint(struct target *target,
1555 struct breakpoint *breakpoint)
1556 {
1557 struct aarch64_common *aarch64 = target_to_aarch64(target);
1558
1559 if ((breakpoint->type == BKPT_HARD) && (aarch64->brp_num_available < 1)) {
1560 LOG_INFO("no hardware breakpoint available");
1561 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1562 }
1563
1564 if (breakpoint->type == BKPT_HARD)
1565 aarch64->brp_num_available--;
1566
1567 return aarch64_set_context_breakpoint(target, breakpoint, 0x02); /* asid match */
1568 }
1569
1570 static int aarch64_add_hybrid_breakpoint(struct target *target,
1571 struct breakpoint *breakpoint)
1572 {
1573 struct aarch64_common *aarch64 = target_to_aarch64(target);
1574
1575 if ((breakpoint->type == BKPT_HARD) && (aarch64->brp_num_available < 1)) {
1576 LOG_INFO("no hardware breakpoint available");
1577 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1578 }
1579
1580 if (breakpoint->type == BKPT_HARD)
1581 aarch64->brp_num_available--;
1582
1583 return aarch64_set_hybrid_breakpoint(target, breakpoint); /* ??? */
1584 }
1585
1586
1587 static int aarch64_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
1588 {
1589 struct aarch64_common *aarch64 = target_to_aarch64(target);
1590
1591 #if 0
1592 /* It is perfectly possible to remove breakpoints while the target is running */
1593 if (target->state != TARGET_HALTED) {
1594 LOG_WARNING("target not halted");
1595 return ERROR_TARGET_NOT_HALTED;
1596 }
1597 #endif
1598
1599 if (breakpoint->set) {
1600 aarch64_unset_breakpoint(target, breakpoint);
1601 if (breakpoint->type == BKPT_HARD)
1602 aarch64->brp_num_available++;
1603 }
1604
1605 return ERROR_OK;
1606 }
1607
1608 /*
1609 * Cortex-A8 Reset functions
1610 */
1611
1612 static int aarch64_assert_reset(struct target *target)
1613 {
1614 struct armv8_common *armv8 = target_to_armv8(target);
1615
1616 LOG_DEBUG(" ");
1617
1618 /* FIXME when halt is requested, make it work somehow... */
1619
1620 /* Issue some kind of warm reset. */
1621 if (target_has_event_action(target, TARGET_EVENT_RESET_ASSERT))
1622 target_handle_event(target, TARGET_EVENT_RESET_ASSERT);
1623 else if (jtag_get_reset_config() & RESET_HAS_SRST) {
1624 /* REVISIT handle "pulls" cases, if there's
1625 * hardware that needs them to work.
1626 */
1627 jtag_add_reset(0, 1);
1628 } else {
1629 LOG_ERROR("%s: how to reset?", target_name(target));
1630 return ERROR_FAIL;
1631 }
1632
1633 /* registers are now invalid */
1634 if (target_was_examined(target)) {
1635 register_cache_invalidate(armv8->arm.core_cache);
1636 register_cache_invalidate(armv8->arm.core_cache->next);
1637 }
1638
1639 target->state = TARGET_RESET;
1640
1641 return ERROR_OK;
1642 }
1643
1644 static int aarch64_deassert_reset(struct target *target)
1645 {
1646 int retval;
1647
1648 LOG_DEBUG(" ");
1649
1650 /* be certain SRST is off */
1651 jtag_add_reset(0, 0);
1652
1653 if (!target_was_examined(target))
1654 return ERROR_OK;
1655
1656 retval = aarch64_poll(target);
1657 if (retval != ERROR_OK)
1658 return retval;
1659
1660 if (target->reset_halt) {
1661 if (target->state != TARGET_HALTED) {
1662 LOG_WARNING("%s: ran after reset and before halt ...",
1663 target_name(target));
1664 retval = target_halt(target);
1665 if (retval != ERROR_OK)
1666 return retval;
1667 }
1668 }
1669
1670 return aarch64_init_debug_access(target);
1671 }
1672
1673 static int aarch64_write_apb_ap_memory(struct target *target,
1674 uint64_t address, uint32_t size,
1675 uint32_t count, const uint8_t *buffer)
1676 {
1677 /* write memory through APB-AP */
1678 int retval = ERROR_COMMAND_SYNTAX_ERROR;
1679 struct armv8_common *armv8 = target_to_armv8(target);
1680 struct arm_dpm *dpm = &armv8->dpm;
1681 struct arm *arm = &armv8->arm;
1682 int total_bytes = count * size;
1683 int total_u32;
1684 int start_byte = address & 0x3;
1685 int end_byte = (address + total_bytes) & 0x3;
1686 struct reg *reg;
1687 uint32_t dscr;
1688 uint8_t *tmp_buff = NULL;
1689
1690 if (target->state != TARGET_HALTED) {
1691 LOG_WARNING("target not halted");
1692 return ERROR_TARGET_NOT_HALTED;
1693 }
1694
1695 total_u32 = DIV_ROUND_UP((address & 3) + total_bytes, 4);
1696
1697 /* Mark register R0 as dirty, as it will be used
1698 * for transferring the data.
1699 * It will be restored automatically when exiting
1700 * debug mode
1701 */
1702 reg = armv8_reg_current(arm, 1);
1703 reg->dirty = true;
1704
1705 reg = armv8_reg_current(arm, 0);
1706 reg->dirty = true;
1707
1708 /* This algorithm comes from DDI0487A.g, chapter J9.1 */
1709
1710 /* The algorithm only copies 32 bit words, so the buffer
1711 * should be expanded to include the words at either end.
1712 * The first and last words will be read first to avoid
1713 * corruption if needed.
1714 */
1715 tmp_buff = malloc(total_u32 * 4);
1716
1717 if ((start_byte != 0) && (total_u32 > 1)) {
1718 /* First bytes not aligned - read the 32 bit word to avoid corrupting
1719 * the other bytes in the word.
1720 */
1721 retval = aarch64_read_apb_ap_memory(target, (address & ~0x3), 4, 1, tmp_buff);
1722 if (retval != ERROR_OK)
1723 goto error_free_buff_w;
1724 }
1725
1726 /* If end of write is not aligned, or the write is less than 4 bytes */
1727 if ((end_byte != 0) ||
1728 ((total_u32 == 1) && (total_bytes != 4))) {
1729
1730 /* Read the last word to avoid corruption during 32 bit write */
1731 int mem_offset = (total_u32-1) * 4;
1732 retval = aarch64_read_apb_ap_memory(target, (address & ~0x3) + mem_offset, 4, 1, &tmp_buff[mem_offset]);
1733 if (retval != ERROR_OK)
1734 goto error_free_buff_w;
1735 }
1736
1737 /* Copy the write buffer over the top of the temporary buffer */
1738 memcpy(&tmp_buff[start_byte], buffer, total_bytes);
1739
1740 /* We now have a 32 bit aligned buffer that can be written */
1741
1742 /* Read DSCR */
1743 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
1744 armv8->debug_base + CPUV8_DBG_DSCR, &dscr);
1745 if (retval != ERROR_OK)
1746 goto error_free_buff_w;
1747
1748 /* Set Normal access mode */
1749 dscr = (dscr & ~DSCR_MA);
1750 retval = mem_ap_write_atomic_u32(armv8->debug_ap,
1751 armv8->debug_base + CPUV8_DBG_DSCR, dscr);
1752
1753 if (arm->core_state == ARM_STATE_AARCH64) {
1754 /* Write X0 with value 'address' using write procedure */
1755 /* Step 1.a+b - Write the address for read access into DBGDTR_EL0 */
1756 /* Step 1.c - Copy value from DTR to R0 using instruction mrs DBGDTR_EL0, x0 */
1757 retval = dpm->instr_write_data_dcc_64(dpm,
1758 ARMV8_MRS(SYSTEM_DBG_DBGDTR_EL0, 0), address & ~0x3ULL);
1759 } else {
1760 /* Write R0 with value 'address' using write procedure */
1761 /* Step 1.a+b - Write the address for read access into DBGDTRRX */
1762 /* Step 1.c - Copy value from DTR to R0 using instruction mrc DBGDTRTXint, r0 */
1763 dpm->instr_write_data_dcc(dpm,
1764 ARMV4_5_MRC(14, 0, 0, 0, 5, 0), address & ~0x3ULL);
1765
1766 }
1767 /* Step 1.d - Change DCC to memory mode */
1768 dscr = dscr | DSCR_MA;
1769 retval += mem_ap_write_atomic_u32(armv8->debug_ap,
1770 armv8->debug_base + CPUV8_DBG_DSCR, dscr);
1771 if (retval != ERROR_OK)
1772 goto error_unset_dtr_w;
1773
1774
1775 /* Step 2.a - Do the write */
1776 retval = mem_ap_write_buf_noincr(armv8->debug_ap,
1777 tmp_buff, 4, total_u32, armv8->debug_base + CPUV8_DBG_DTRRX);
1778 if (retval != ERROR_OK)
1779 goto error_unset_dtr_w;
1780
1781 /* Step 3.a - Switch DTR mode back to Normal mode */
1782 dscr = (dscr & ~DSCR_MA);
1783 retval = mem_ap_write_atomic_u32(armv8->debug_ap,
1784 armv8->debug_base + CPUV8_DBG_DSCR, dscr);
1785 if (retval != ERROR_OK)
1786 goto error_unset_dtr_w;
1787
1788 /* Check for sticky abort flags in the DSCR */
1789 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
1790 armv8->debug_base + CPUV8_DBG_DSCR, &dscr);
1791 if (retval != ERROR_OK)
1792 goto error_free_buff_w;
1793
1794 dpm->dscr = dscr;
1795 if (dscr & (DSCR_ERR | DSCR_SYS_ERROR_PEND)) {
1796 /* Abort occurred - clear it and exit */
1797 LOG_ERROR("abort occurred - dscr = 0x%08" PRIx32, dscr);
1798 armv8_dpm_handle_exception(dpm);
1799 goto error_free_buff_w;
1800 }
1801
1802 /* Done */
1803 free(tmp_buff);
1804 return ERROR_OK;
1805
1806 error_unset_dtr_w:
1807 /* Unset DTR mode */
1808 mem_ap_read_atomic_u32(armv8->debug_ap,
1809 armv8->debug_base + CPUV8_DBG_DSCR, &dscr);
1810 dscr = (dscr & ~DSCR_MA);
1811 mem_ap_write_atomic_u32(armv8->debug_ap,
1812 armv8->debug_base + CPUV8_DBG_DSCR, dscr);
1813 error_free_buff_w:
1814 LOG_ERROR("error");
1815 free(tmp_buff);
1816 return ERROR_FAIL;
1817 }
1818
1819 static int aarch64_read_apb_ap_memory(struct target *target,
1820 target_addr_t address, uint32_t size,
1821 uint32_t count, uint8_t *buffer)
1822 {
1823 /* read memory through APB-AP */
1824 int retval = ERROR_COMMAND_SYNTAX_ERROR;
1825 struct armv8_common *armv8 = target_to_armv8(target);
1826 struct arm_dpm *dpm = &armv8->dpm;
1827 struct arm *arm = &armv8->arm;
1828 int total_bytes = count * size;
1829 int total_u32;
1830 int start_byte = address & 0x3;
1831 int end_byte = (address + total_bytes) & 0x3;
1832 struct reg *reg;
1833 uint32_t dscr;
1834 uint8_t *tmp_buff = NULL;
1835 uint8_t *u8buf_ptr;
1836 uint32_t value;
1837
1838 if (target->state != TARGET_HALTED) {
1839 LOG_WARNING("target not halted");
1840 return ERROR_TARGET_NOT_HALTED;
1841 }
1842
1843 total_u32 = DIV_ROUND_UP((address & 3) + total_bytes, 4);
1844 /* Mark register X0, X1 as dirty, as it will be used
1845 * for transferring the data.
1846 * It will be restored automatically when exiting
1847 * debug mode
1848 */
1849 reg = armv8_reg_current(arm, 1);
1850 reg->dirty = true;
1851
1852 reg = armv8_reg_current(arm, 0);
1853 reg->dirty = true;
1854
1855 /* Read DSCR */
1856 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
1857 armv8->debug_base + CPUV8_DBG_DSCR, &dscr);
1858
1859 /* This algorithm comes from DDI0487A.g, chapter J9.1 */
1860
1861 /* Set Normal access mode */
1862 dscr = (dscr & ~DSCR_MA);
1863 retval += mem_ap_write_atomic_u32(armv8->debug_ap,
1864 armv8->debug_base + CPUV8_DBG_DSCR, dscr);
1865
1866 if (arm->core_state == ARM_STATE_AARCH64) {
1867 /* Write X0 with value 'address' using write procedure */
1868 /* Step 1.a+b - Write the address for read access into DBGDTR_EL0 */
1869 /* Step 1.c - Copy value from DTR to R0 using instruction mrs DBGDTR_EL0, x0 */
1870 retval += dpm->instr_write_data_dcc_64(dpm,
1871 ARMV8_MRS(SYSTEM_DBG_DBGDTR_EL0, 0), address & ~0x3ULL);
1872 /* Step 1.d - Dummy operation to ensure EDSCR.Txfull == 1 */
1873 retval += dpm->instr_execute(dpm, ARMV8_MSR_GP(SYSTEM_DBG_DBGDTR_EL0, 0));
1874 /* Step 1.e - Change DCC to memory mode */
1875 dscr = dscr | DSCR_MA;
1876 retval += mem_ap_write_atomic_u32(armv8->debug_ap,
1877 armv8->debug_base + CPUV8_DBG_DSCR, dscr);
1878 /* Step 1.f - read DBGDTRTX and discard the value */
1879 retval += mem_ap_read_atomic_u32(armv8->debug_ap,
1880 armv8->debug_base + CPUV8_DBG_DTRTX, &value);
1881 } else {
1882 /* Write R0 with value 'address' using write procedure */
1883 /* Step 1.a+b - Write the address for read access into DBGDTRRXint */
1884 /* Step 1.c - Copy value from DTR to R0 using instruction mrc DBGDTRTXint, r0 */
1885 retval += dpm->instr_write_data_dcc(dpm,
1886 ARMV4_5_MRC(14, 0, 0, 0, 5, 0), address & ~0x3ULL);
1887 /* Step 1.d - Dummy operation to ensure EDSCR.Txfull == 1 */
1888 retval += dpm->instr_execute(dpm, ARMV4_5_MCR(14, 0, 0, 0, 5, 0));
1889 /* Step 1.e - Change DCC to memory mode */
1890 dscr = dscr | DSCR_MA;
1891 retval += mem_ap_write_atomic_u32(armv8->debug_ap,
1892 armv8->debug_base + CPUV8_DBG_DSCR, dscr);
1893 /* Step 1.f - read DBGDTRTX and discard the value */
1894 retval += mem_ap_read_atomic_u32(armv8->debug_ap,
1895 armv8->debug_base + CPUV8_DBG_DTRTX, &value);
1896
1897 }
1898 if (retval != ERROR_OK)
1899 goto error_unset_dtr_r;
1900
1901 /* Optimize the read as much as we can, either way we read in a single pass */
1902 if ((start_byte) || (end_byte)) {
1903 /* The algorithm only copies 32 bit words, so the buffer
1904 * should be expanded to include the words at either end.
1905 * The first and last words will be read into a temp buffer
1906 * to avoid corruption
1907 */
1908 tmp_buff = malloc(total_u32 * 4);
1909 if (!tmp_buff)
1910 goto error_unset_dtr_r;
1911
1912 /* use the tmp buffer to read the entire data */
1913 u8buf_ptr = tmp_buff;
1914 } else
1915 /* address and read length are aligned so read directly into the passed buffer */
1916 u8buf_ptr = buffer;
1917
1918 /* Read the data - Each read of the DTRTX register causes the instruction to be reissued
1919 * Abort flags are sticky, so can be read at end of transactions
1920 *
1921 * This data is read in aligned to 32 bit boundary.
1922 */
1923
1924 /* Step 2.a - Loop n-1 times, each read of DBGDTRTX reads the data from [X0] and
1925 * increments X0 by 4. */
1926 retval = mem_ap_read_buf_noincr(armv8->debug_ap, u8buf_ptr, 4, total_u32-1,
1927 armv8->debug_base + CPUV8_DBG_DTRTX);
1928 if (retval != ERROR_OK)
1929 goto error_unset_dtr_r;
1930
1931 /* Step 3.a - set DTR access mode back to Normal mode */
1932 dscr = (dscr & ~DSCR_MA);
1933 retval = mem_ap_write_atomic_u32(armv8->debug_ap,
1934 armv8->debug_base + CPUV8_DBG_DSCR, dscr);
1935 if (retval != ERROR_OK)
1936 goto error_free_buff_r;
1937
1938 /* Step 3.b - read DBGDTRTX for the final value */
1939 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
1940 armv8->debug_base + CPUV8_DBG_DTRTX, &value);
1941 memcpy(u8buf_ptr + (total_u32-1) * 4, &value, 4);
1942
1943 /* Check for sticky abort flags in the DSCR */
1944 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
1945 armv8->debug_base + CPUV8_DBG_DSCR, &dscr);
1946 if (retval != ERROR_OK)
1947 goto error_free_buff_r;
1948
1949 dpm->dscr = dscr;
1950
1951 if (dscr & (DSCR_ERR | DSCR_SYS_ERROR_PEND)) {
1952 /* Abort occurred - clear it and exit */
1953 LOG_ERROR("abort occurred - dscr = 0x%08" PRIx32, dscr);
1954 armv8_dpm_handle_exception(dpm);
1955 goto error_free_buff_r;
1956 }
1957
1958 /* check if we need to copy aligned data by applying any shift necessary */
1959 if (tmp_buff) {
1960 memcpy(buffer, tmp_buff + start_byte, total_bytes);
1961 free(tmp_buff);
1962 }
1963
1964 /* Done */
1965 return ERROR_OK;
1966
1967 error_unset_dtr_r:
1968 /* Unset DTR mode */
1969 mem_ap_read_atomic_u32(armv8->debug_ap,
1970 armv8->debug_base + CPUV8_DBG_DSCR, &dscr);
1971 dscr = (dscr & ~DSCR_MA);
1972 mem_ap_write_atomic_u32(armv8->debug_ap,
1973 armv8->debug_base + CPUV8_DBG_DSCR, dscr);
1974 error_free_buff_r:
1975 LOG_ERROR("error");
1976 free(tmp_buff);
1977 return ERROR_FAIL;
1978 }
1979
1980 static int aarch64_read_phys_memory(struct target *target,
1981 target_addr_t address, uint32_t size,
1982 uint32_t count, uint8_t *buffer)
1983 {
1984 int retval = ERROR_COMMAND_SYNTAX_ERROR;
1985
1986 if (count && buffer) {
1987 /* read memory through APB-AP */
1988 retval = aarch64_mmu_modify(target, 0);
1989 if (retval != ERROR_OK)
1990 return retval;
1991 retval = aarch64_read_apb_ap_memory(target, address, size, count, buffer);
1992 }
1993 return retval;
1994 }
1995
1996 static int aarch64_read_memory(struct target *target, target_addr_t address,
1997 uint32_t size, uint32_t count, uint8_t *buffer)
1998 {
1999 int mmu_enabled = 0;
2000 int retval;
2001
2002 /* determine if MMU was enabled on target stop */
2003 retval = aarch64_mmu(target, &mmu_enabled);
2004 if (retval != ERROR_OK)
2005 return retval;
2006
2007 if (mmu_enabled) {
2008 /* enable MMU as we could have disabled it for phys access */
2009 retval = aarch64_mmu_modify(target, 1);
2010 if (retval != ERROR_OK)
2011 return retval;
2012 }
2013 return aarch64_read_apb_ap_memory(target, address, size, count, buffer);
2014 }
2015
2016 static int aarch64_write_phys_memory(struct target *target,
2017 target_addr_t address, uint32_t size,
2018 uint32_t count, const uint8_t *buffer)
2019 {
2020 int retval = ERROR_COMMAND_SYNTAX_ERROR;
2021
2022 if (count && buffer) {
2023 /* write memory through APB-AP */
2024 retval = aarch64_mmu_modify(target, 0);
2025 if (retval != ERROR_OK)
2026 return retval;
2027 return aarch64_write_apb_ap_memory(target, address, size, count, buffer);
2028 }
2029
2030 return retval;
2031 }
2032
2033 static int aarch64_write_memory(struct target *target, target_addr_t address,
2034 uint32_t size, uint32_t count, const uint8_t *buffer)
2035 {
2036 int mmu_enabled = 0;
2037 int retval;
2038
2039 /* determine if MMU was enabled on target stop */
2040 retval = aarch64_mmu(target, &mmu_enabled);
2041 if (retval != ERROR_OK)
2042 return retval;
2043
2044 if (mmu_enabled) {
2045 /* enable MMU as we could have disabled it for phys access */
2046 retval = aarch64_mmu_modify(target, 1);
2047 if (retval != ERROR_OK)
2048 return retval;
2049 }
2050 return aarch64_write_apb_ap_memory(target, address, size, count, buffer);
2051 }
2052
2053 static int aarch64_handle_target_request(void *priv)
2054 {
2055 struct target *target = priv;
2056 struct armv8_common *armv8 = target_to_armv8(target);
2057 int retval;
2058
2059 if (!target_was_examined(target))
2060 return ERROR_OK;
2061 if (!target->dbg_msg_enabled)
2062 return ERROR_OK;
2063
2064 if (target->state == TARGET_RUNNING) {
2065 uint32_t request;
2066 uint32_t dscr;
2067 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
2068 armv8->debug_base + CPUV8_DBG_DSCR, &dscr);
2069
2070 /* check if we have data */
2071 while ((dscr & DSCR_DTR_TX_FULL) && (retval == ERROR_OK)) {
2072 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
2073 armv8->debug_base + CPUV8_DBG_DTRTX, &request);
2074 if (retval == ERROR_OK) {
2075 target_request(target, request);
2076 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
2077 armv8->debug_base + CPUV8_DBG_DSCR, &dscr);
2078 }
2079 }
2080 }
2081
2082 return ERROR_OK;
2083 }
2084
2085 static int aarch64_examine_first(struct target *target)
2086 {
2087 struct aarch64_common *aarch64 = target_to_aarch64(target);
2088 struct armv8_common *armv8 = &aarch64->armv8_common;
2089 struct adiv5_dap *swjdp = armv8->arm.dap;
2090 uint32_t cti_base;
2091 int i;
2092 int retval = ERROR_OK;
2093 uint64_t debug, ttypr;
2094 uint32_t cpuid;
2095 uint32_t tmp0, tmp1;
2096 debug = ttypr = cpuid = 0;
2097
2098 retval = dap_dp_init(swjdp);
2099 if (retval != ERROR_OK)
2100 return retval;
2101
2102 /* Search for the APB-AB - it is needed for access to debug registers */
2103 retval = dap_find_ap(swjdp, AP_TYPE_APB_AP, &armv8->debug_ap);
2104 if (retval != ERROR_OK) {
2105 LOG_ERROR("Could not find APB-AP for debug access");
2106 return retval;
2107 }
2108
2109 retval = mem_ap_init(armv8->debug_ap);
2110 if (retval != ERROR_OK) {
2111 LOG_ERROR("Could not initialize the APB-AP");
2112 return retval;
2113 }
2114
2115 armv8->debug_ap->memaccess_tck = 10;
2116
2117 if (!target->dbgbase_set) {
2118 uint32_t dbgbase;
2119 /* Get ROM Table base */
2120 uint32_t apid;
2121 int32_t coreidx = target->coreid;
2122 retval = dap_get_debugbase(armv8->debug_ap, &dbgbase, &apid);
2123 if (retval != ERROR_OK)
2124 return retval;
2125 /* Lookup 0x15 -- Processor DAP */
2126 retval = dap_lookup_cs_component(armv8->debug_ap, dbgbase, 0x15,
2127 &armv8->debug_base, &coreidx);
2128 if (retval != ERROR_OK)
2129 return retval;
2130 LOG_DEBUG("Detected core %" PRId32 " dbgbase: %08" PRIx32
2131 " apid: %08" PRIx32, coreidx, armv8->debug_base, apid);
2132 } else
2133 armv8->debug_base = target->dbgbase;
2134
2135 uint32_t prsr;
2136 int64_t then = timeval_ms();
2137 do {
2138 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
2139 armv8->debug_base + CPUV8_DBG_PRSR, &prsr);
2140 if (retval == ERROR_OK) {
2141 retval = mem_ap_write_atomic_u32(armv8->debug_ap,
2142 armv8->debug_base + CPUV8_DBG_PRCR, PRCR_COREPURQ|PRCR_CORENPDRQ);
2143 if (retval != ERROR_OK) {
2144 LOG_DEBUG("write to PRCR failed");
2145 break;
2146 }
2147 }
2148
2149 if (timeval_ms() > then + 1000) {
2150 retval = ERROR_TARGET_TIMEOUT;
2151 break;
2152 }
2153
2154 } while ((prsr & PRSR_PU) == 0);
2155
2156 if (retval != ERROR_OK) {
2157 LOG_ERROR("target %s: failed to set power state of the core.", target_name(target));
2158 return retval;
2159 }
2160
2161 retval = mem_ap_write_atomic_u32(armv8->debug_ap,
2162 armv8->debug_base + CPUV8_DBG_OSLAR, 0);
2163 if (retval != ERROR_OK) {
2164 LOG_DEBUG("Examine %s failed", "oslock");
2165 return retval;
2166 }
2167
2168 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
2169 armv8->debug_base + CPUV8_DBG_MAINID0, &cpuid);
2170 if (retval != ERROR_OK) {
2171 LOG_DEBUG("Examine %s failed", "CPUID");
2172 return retval;
2173 }
2174
2175 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
2176 armv8->debug_base + CPUV8_DBG_MEMFEATURE0, &tmp0);
2177 retval += mem_ap_read_atomic_u32(armv8->debug_ap,
2178 armv8->debug_base + CPUV8_DBG_MEMFEATURE0 + 4, &tmp1);
2179 if (retval != ERROR_OK) {
2180 LOG_DEBUG("Examine %s failed", "Memory Model Type");
2181 return retval;
2182 }
2183 ttypr |= tmp1;
2184 ttypr = (ttypr << 32) | tmp0;
2185
2186 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
2187 armv8->debug_base + CPUV8_DBG_DBGFEATURE0, &tmp0);
2188 retval += mem_ap_read_atomic_u32(armv8->debug_ap,
2189 armv8->debug_base + CPUV8_DBG_DBGFEATURE0 + 4, &tmp1);
2190 if (retval != ERROR_OK) {
2191 LOG_DEBUG("Examine %s failed", "ID_AA64DFR0_EL1");
2192 return retval;
2193 }
2194 debug |= tmp1;
2195 debug = (debug << 32) | tmp0;
2196
2197 LOG_DEBUG("cpuid = 0x%08" PRIx32, cpuid);
2198 LOG_DEBUG("ttypr = 0x%08" PRIx64, ttypr);
2199 LOG_DEBUG("debug = 0x%08" PRIx64, debug);
2200
2201 if (target->ctibase == 0) {
2202 /* assume a v8 rom table layout */
2203 cti_base = armv8->debug_base + 0x10000;
2204 LOG_INFO("Target ctibase is not set, assuming 0x%0" PRIx32, cti_base);
2205 } else
2206 cti_base = target->ctibase;
2207
2208 armv8->cti = arm_cti_create(armv8->debug_ap, cti_base);
2209 if (armv8->cti == NULL)
2210 return ERROR_FAIL;
2211
2212 retval = aarch64_dpm_setup(aarch64, debug);
2213 if (retval != ERROR_OK)
2214 return retval;
2215
2216 /* Setup Breakpoint Register Pairs */
2217 aarch64->brp_num = (uint32_t)((debug >> 12) & 0x0F) + 1;
2218 aarch64->brp_num_context = (uint32_t)((debug >> 28) & 0x0F) + 1;
2219 aarch64->brp_num_available = aarch64->brp_num;
2220 aarch64->brp_list = calloc(aarch64->brp_num, sizeof(struct aarch64_brp));
2221 for (i = 0; i < aarch64->brp_num; i++) {
2222 aarch64->brp_list[i].used = 0;
2223 if (i < (aarch64->brp_num-aarch64->brp_num_context))
2224 aarch64->brp_list[i].type = BRP_NORMAL;
2225 else
2226 aarch64->brp_list[i].type = BRP_CONTEXT;
2227 aarch64->brp_list[i].value = 0;
2228 aarch64->brp_list[i].control = 0;
2229 aarch64->brp_list[i].BRPn = i;
2230 }
2231
2232 LOG_DEBUG("Configured %i hw breakpoints", aarch64->brp_num);
2233
2234 target->state = TARGET_RUNNING;
2235 target->debug_reason = DBG_REASON_NOTHALTED;
2236
2237 target_set_examined(target);
2238 return ERROR_OK;
2239 }
2240
2241 static int aarch64_examine(struct target *target)
2242 {
2243 int retval = ERROR_OK;
2244
2245 /* don't re-probe hardware after each reset */
2246 if (!target_was_examined(target))
2247 retval = aarch64_examine_first(target);
2248
2249 /* Configure core debug access */
2250 if (retval == ERROR_OK)
2251 retval = aarch64_init_debug_access(target);
2252
2253 return retval;
2254 }
2255
2256 /*
2257 * Cortex-A8 target creation and initialization
2258 */
2259
2260 static int aarch64_init_target(struct command_context *cmd_ctx,
2261 struct target *target)
2262 {
2263 /* examine_first() does a bunch of this */
2264 return ERROR_OK;
2265 }
2266
2267 static int aarch64_init_arch_info(struct target *target,
2268 struct aarch64_common *aarch64, struct jtag_tap *tap)
2269 {
2270 struct armv8_common *armv8 = &aarch64->armv8_common;
2271
2272 /* Setup struct aarch64_common */
2273 aarch64->common_magic = AARCH64_COMMON_MAGIC;
2274 /* tap has no dap initialized */
2275 if (!tap->dap) {
2276 tap->dap = dap_init();
2277 tap->dap->tap = tap;
2278 }
2279 armv8->arm.dap = tap->dap;
2280
2281 /* register arch-specific functions */
2282 armv8->examine_debug_reason = NULL;
2283 armv8->post_debug_entry = aarch64_post_debug_entry;
2284 armv8->pre_restore_context = NULL;
2285 armv8->armv8_mmu.read_physical_memory = aarch64_read_phys_memory;
2286
2287 armv8_init_arch_info(target, armv8);
2288 target_register_timer_callback(aarch64_handle_target_request, 1, 1, target);
2289
2290 return ERROR_OK;
2291 }
2292
2293 static int aarch64_target_create(struct target *target, Jim_Interp *interp)
2294 {
2295 struct aarch64_common *aarch64 = calloc(1, sizeof(struct aarch64_common));
2296
2297 return aarch64_init_arch_info(target, aarch64, target->tap);
2298 }
2299
2300 static int aarch64_mmu(struct target *target, int *enabled)
2301 {
2302 if (target->state != TARGET_HALTED) {
2303 LOG_ERROR("%s: target %s not halted", __func__, target_name(target));
2304 return ERROR_TARGET_INVALID;
2305 }
2306
2307 *enabled = target_to_aarch64(target)->armv8_common.armv8_mmu.mmu_enabled;
2308 return ERROR_OK;
2309 }
2310
2311 static int aarch64_virt2phys(struct target *target, target_addr_t virt,
2312 target_addr_t *phys)
2313 {
2314 return armv8_mmu_translate_va_pa(target, virt, phys, 1);
2315 }
2316
2317 COMMAND_HANDLER(aarch64_handle_cache_info_command)
2318 {
2319 struct target *target = get_current_target(CMD_CTX);
2320 struct armv8_common *armv8 = target_to_armv8(target);
2321
2322 return armv8_handle_cache_info_command(CMD_CTX,
2323 &armv8->armv8_mmu.armv8_cache);
2324 }
2325
2326
2327 COMMAND_HANDLER(aarch64_handle_dbginit_command)
2328 {
2329 struct target *target = get_current_target(CMD_CTX);
2330 if (!target_was_examined(target)) {
2331 LOG_ERROR("target not examined yet");
2332 return ERROR_FAIL;
2333 }
2334
2335 return aarch64_init_debug_access(target);
2336 }
2337 COMMAND_HANDLER(aarch64_handle_smp_off_command)
2338 {
2339 struct target *target = get_current_target(CMD_CTX);
2340 /* check target is an smp target */
2341 struct target_list *head;
2342 struct target *curr;
2343 head = target->head;
2344 target->smp = 0;
2345 if (head != (struct target_list *)NULL) {
2346 while (head != (struct target_list *)NULL) {
2347 curr = head->target;
2348 curr->smp = 0;
2349 head = head->next;
2350 }
2351 /* fixes the target display to the debugger */
2352 target->gdb_service->target = target;
2353 }
2354 return ERROR_OK;
2355 }
2356
2357 COMMAND_HANDLER(aarch64_handle_smp_on_command)
2358 {
2359 struct target *target = get_current_target(CMD_CTX);
2360 struct target_list *head;
2361 struct target *curr;
2362 head = target->head;
2363 if (head != (struct target_list *)NULL) {
2364 target->smp = 1;
2365 while (head != (struct target_list *)NULL) {
2366 curr = head->target;
2367 curr->smp = 1;
2368 head = head->next;
2369 }
2370 }
2371 return ERROR_OK;
2372 }
2373
2374 static const struct command_registration aarch64_exec_command_handlers[] = {
2375 {
2376 .name = "cache_info",
2377 .handler = aarch64_handle_cache_info_command,
2378 .mode = COMMAND_EXEC,
2379 .help = "display information about target caches",
2380 .usage = "",
2381 },
2382 {
2383 .name = "dbginit",
2384 .handler = aarch64_handle_dbginit_command,
2385 .mode = COMMAND_EXEC,
2386 .help = "Initialize core debug",
2387 .usage = "",
2388 },
2389 { .name = "smp_off",
2390 .handler = aarch64_handle_smp_off_command,
2391 .mode = COMMAND_EXEC,
2392 .help = "Stop smp handling",
2393 .usage = "",
2394 },
2395 {
2396 .name = "smp_on",
2397 .handler = aarch64_handle_smp_on_command,
2398 .mode = COMMAND_EXEC,
2399 .help = "Restart smp handling",
2400 .usage = "",
2401 },
2402
2403 COMMAND_REGISTRATION_DONE
2404 };
2405 static const struct command_registration aarch64_command_handlers[] = {
2406 {
2407 .chain = armv8_command_handlers,
2408 },
2409 {
2410 .name = "aarch64",
2411 .mode = COMMAND_ANY,
2412 .help = "Aarch64 command group",
2413 .usage = "",
2414 .chain = aarch64_exec_command_handlers,
2415 },
2416 COMMAND_REGISTRATION_DONE
2417 };
2418
2419 struct target_type aarch64_target = {
2420 .name = "aarch64",
2421
2422 .poll = aarch64_poll,
2423 .arch_state = armv8_arch_state,
2424
2425 .halt = aarch64_halt,
2426 .resume = aarch64_resume,
2427 .step = aarch64_step,
2428
2429 .assert_reset = aarch64_assert_reset,
2430 .deassert_reset = aarch64_deassert_reset,
2431
2432 /* REVISIT allow exporting VFP3 registers ... */
2433 .get_gdb_reg_list = armv8_get_gdb_reg_list,
2434
2435 .read_memory = aarch64_read_memory,
2436 .write_memory = aarch64_write_memory,
2437
2438 .add_breakpoint = aarch64_add_breakpoint,
2439 .add_context_breakpoint = aarch64_add_context_breakpoint,
2440 .add_hybrid_breakpoint = aarch64_add_hybrid_breakpoint,
2441 .remove_breakpoint = aarch64_remove_breakpoint,
2442 .add_watchpoint = NULL,
2443 .remove_watchpoint = NULL,
2444
2445 .commands = aarch64_command_handlers,
2446 .target_create = aarch64_target_create,
2447 .init_target = aarch64_init_target,
2448 .examine = aarch64_examine,
2449
2450 .read_phys_memory = aarch64_read_phys_memory,
2451 .write_phys_memory = aarch64_write_phys_memory,
2452 .mmu = aarch64_mmu,
2453 .virt2phys = aarch64_virt2phys,
2454 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)