1 /***************************************************************************
2 * Copyright (C) 2015 by David Ung *
4 * This program is free software; you can redistribute it and/or modify *
5 * it under the terms of the GNU General Public License as published by *
6 * the Free Software Foundation; either version 2 of the License, or *
7 * (at your option) any later version. *
9 * This program is distributed in the hope that it will be useful, *
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
12 * GNU General Public License for more details. *
14 * You should have received a copy of the GNU General Public License *
15 * along with this program; if not, write to the *
16 * Free Software Foundation, Inc., *
18 ***************************************************************************/
24 #include "breakpoints.h"
27 #include "target_request.h"
28 #include "target_type.h"
29 #include "armv8_opcodes.h"
30 #include "armv8_cache.h"
31 #include <helper/time_support.h>
33 #define __unused __attribute((unused))
45 static int aarch64_poll(struct target
*target
);
46 static int aarch64_debug_entry(struct target
*target
);
47 static int aarch64_restore_context(struct target
*target
, bool bpwp
);
48 static int aarch64_set_breakpoint(struct target
*target
,
49 struct breakpoint
*breakpoint
, uint8_t matchmode
);
50 static int aarch64_set_context_breakpoint(struct target
*target
,
51 struct breakpoint
*breakpoint
, uint8_t matchmode
);
52 static int aarch64_set_hybrid_breakpoint(struct target
*target
,
53 struct breakpoint
*breakpoint
);
54 static int aarch64_unset_breakpoint(struct target
*target
,
55 struct breakpoint
*breakpoint
);
56 static int aarch64_mmu(struct target
*target
, int *enabled
);
57 static int aarch64_virt2phys(struct target
*target
,
58 target_addr_t virt
, target_addr_t
*phys
);
59 static int aarch64_read_apb_ap_memory(struct target
*target
,
60 uint64_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
);
62 #define foreach_smp_target(pos, head) \
63 for (pos = head; (pos != NULL); pos = pos->next)
65 static int aarch64_restore_system_control_reg(struct target
*target
)
67 enum arm_mode target_mode
= ARM_MODE_ANY
;
68 int retval
= ERROR_OK
;
71 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
72 struct armv8_common
*armv8
= target_to_armv8(target
);
74 if (aarch64
->system_control_reg
!= aarch64
->system_control_reg_curr
) {
75 aarch64
->system_control_reg_curr
= aarch64
->system_control_reg
;
76 /* LOG_INFO("cp15_control_reg: %8.8" PRIx32, cortex_v8->cp15_control_reg); */
78 switch (armv8
->arm
.core_mode
) {
80 target_mode
= ARMV8_64_EL1H
;
84 instr
= ARMV8_MSR_GP(SYSTEM_SCTLR_EL1
, 0);
88 instr
= ARMV8_MSR_GP(SYSTEM_SCTLR_EL2
, 0);
92 instr
= ARMV8_MSR_GP(SYSTEM_SCTLR_EL3
, 0);
99 instr
= ARMV4_5_MCR(15, 0, 0, 1, 0, 0);
103 LOG_INFO("cannot read system control register in this mode");
107 if (target_mode
!= ARM_MODE_ANY
)
108 armv8_dpm_modeswitch(&armv8
->dpm
, target_mode
);
110 retval
= armv8
->dpm
.instr_write_data_r0(&armv8
->dpm
, instr
, aarch64
->system_control_reg
);
111 if (retval
!= ERROR_OK
)
114 if (target_mode
!= ARM_MODE_ANY
)
115 armv8_dpm_modeswitch(&armv8
->dpm
, ARM_MODE_ANY
);
121 /* modify system_control_reg in order to enable or disable mmu for :
122 * - virt2phys address conversion
123 * - read or write memory in phys or virt address */
124 static int aarch64_mmu_modify(struct target
*target
, int enable
)
126 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
127 struct armv8_common
*armv8
= &aarch64
->armv8_common
;
128 int retval
= ERROR_OK
;
132 /* if mmu enabled at target stop and mmu not enable */
133 if (!(aarch64
->system_control_reg
& 0x1U
)) {
134 LOG_ERROR("trying to enable mmu on target stopped with mmu disable");
137 if (!(aarch64
->system_control_reg_curr
& 0x1U
))
138 aarch64
->system_control_reg_curr
|= 0x1U
;
140 if (aarch64
->system_control_reg_curr
& 0x4U
) {
141 /* data cache is active */
142 aarch64
->system_control_reg_curr
&= ~0x4U
;
143 /* flush data cache armv8 function to be called */
144 if (armv8
->armv8_mmu
.armv8_cache
.flush_all_data_cache
)
145 armv8
->armv8_mmu
.armv8_cache
.flush_all_data_cache(target
);
147 if ((aarch64
->system_control_reg_curr
& 0x1U
)) {
148 aarch64
->system_control_reg_curr
&= ~0x1U
;
152 switch (armv8
->arm
.core_mode
) {
156 instr
= ARMV8_MSR_GP(SYSTEM_SCTLR_EL1
, 0);
160 instr
= ARMV8_MSR_GP(SYSTEM_SCTLR_EL2
, 0);
164 instr
= ARMV8_MSR_GP(SYSTEM_SCTLR_EL3
, 0);
167 LOG_DEBUG("unknown cpu state 0x%x" PRIx32
, armv8
->arm
.core_state
);
171 retval
= armv8
->dpm
.instr_write_data_r0(&armv8
->dpm
, instr
,
172 aarch64
->system_control_reg_curr
);
177 * Basic debug access, very low level assumes state is saved
179 static int aarch64_init_debug_access(struct target
*target
)
181 struct armv8_common
*armv8
= target_to_armv8(target
);
187 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
188 armv8
->debug_base
+ CPUV8_DBG_OSLAR
, 0);
189 if (retval
!= ERROR_OK
) {
190 LOG_DEBUG("Examine %s failed", "oslock");
194 /* Clear Sticky Power Down status Bit in PRSR to enable access to
195 the registers in the Core Power Domain */
196 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
197 armv8
->debug_base
+ CPUV8_DBG_PRSR
, &dummy
);
198 if (retval
!= ERROR_OK
)
202 * Static CTI configuration:
203 * Channel 0 -> trigger outputs HALT request to PE
204 * Channel 1 -> trigger outputs Resume request to PE
205 * Gate all channel trigger events from entering the CTM
209 retval
= arm_cti_enable(armv8
->cti
, true);
210 /* By default, gate all channel events to and from the CTM */
211 if (retval
== ERROR_OK
)
212 retval
= arm_cti_write_reg(armv8
->cti
, CTI_GATE
, 0);
213 /* output halt requests to PE on channel 0 event */
214 if (retval
== ERROR_OK
)
215 retval
= arm_cti_write_reg(armv8
->cti
, CTI_OUTEN0
, CTI_CHNL(0));
216 /* output restart requests to PE on channel 1 event */
217 if (retval
== ERROR_OK
)
218 retval
= arm_cti_write_reg(armv8
->cti
, CTI_OUTEN1
, CTI_CHNL(1));
219 if (retval
!= ERROR_OK
)
222 /* Resync breakpoint registers */
227 /* Write to memory mapped registers directly with no cache or mmu handling */
228 static int aarch64_dap_write_memap_register_u32(struct target
*target
,
233 struct armv8_common
*armv8
= target_to_armv8(target
);
235 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
, address
, value
);
240 static int aarch64_dpm_setup(struct aarch64_common
*a8
, uint64_t debug
)
242 struct arm_dpm
*dpm
= &a8
->armv8_common
.dpm
;
245 dpm
->arm
= &a8
->armv8_common
.arm
;
248 retval
= armv8_dpm_setup(dpm
);
249 if (retval
== ERROR_OK
)
250 retval
= armv8_dpm_initialize(dpm
);
255 static int aarch64_set_dscr_bits(struct target
*target
, unsigned long bit_mask
, unsigned long value
)
257 struct armv8_common
*armv8
= target_to_armv8(target
);
258 return armv8_set_dbgreg_bits(armv8
, CPUV8_DBG_DSCR
, bit_mask
, value
);
261 static int aarch64_check_state_one(struct target
*target
,
262 uint32_t mask
, uint32_t val
, int *p_result
, uint32_t *p_prsr
)
264 struct armv8_common
*armv8
= target_to_armv8(target
);
268 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
269 armv8
->debug_base
+ CPUV8_DBG_PRSR
, &prsr
);
270 if (retval
!= ERROR_OK
)
277 *p_result
= (prsr
& mask
) == (val
& mask
);
282 static int aarch64_wait_halt_one(struct target
*target
)
284 int retval
= ERROR_OK
;
287 int64_t then
= timeval_ms();
291 retval
= aarch64_check_state_one(target
, PRSR_HALT
, PRSR_HALT
, &halted
, &prsr
);
292 if (retval
!= ERROR_OK
|| halted
)
295 if (timeval_ms() > then
+ 1000) {
296 retval
= ERROR_TARGET_TIMEOUT
;
297 LOG_DEBUG("target %s timeout, prsr=0x%08"PRIx32
, target_name(target
), prsr
);
304 static int aarch64_prepare_halt_smp(struct target
*target
, bool exc_target
, struct target
**p_first
)
306 int retval
= ERROR_OK
;
307 struct target_list
*head
= target
->head
;
308 struct target
*first
= NULL
;
310 LOG_DEBUG("target %s exc %i", target_name(target
), exc_target
);
312 while (head
!= NULL
) {
313 struct target
*curr
= head
->target
;
314 struct armv8_common
*armv8
= target_to_armv8(curr
);
317 if (exc_target
&& curr
== target
)
319 if (!target_was_examined(curr
))
321 if (curr
->state
!= TARGET_RUNNING
)
324 /* HACK: mark this target as prepared for halting */
325 curr
->debug_reason
= DBG_REASON_DBGRQ
;
327 /* open the gate for channel 0 to let HALT requests pass to the CTM */
328 retval
= arm_cti_ungate_channel(armv8
->cti
, 0);
329 if (retval
== ERROR_OK
)
330 retval
= aarch64_set_dscr_bits(curr
, DSCR_HDE
, DSCR_HDE
);
331 if (retval
!= ERROR_OK
)
334 LOG_DEBUG("target %s prepared", target_name(curr
));
341 if (exc_target
&& first
)
350 static int aarch64_halt_one(struct target
*target
, enum halt_mode mode
)
352 int retval
= ERROR_OK
;
353 struct armv8_common
*armv8
= target_to_armv8(target
);
355 LOG_DEBUG("%s", target_name(target
));
357 /* allow Halting Debug Mode */
358 retval
= aarch64_set_dscr_bits(target
, DSCR_HDE
, DSCR_HDE
);
359 if (retval
!= ERROR_OK
)
362 /* trigger an event on channel 0, this outputs a halt request to the PE */
363 retval
= arm_cti_pulse_channel(armv8
->cti
, 0);
364 if (retval
!= ERROR_OK
)
367 if (mode
== HALT_SYNC
) {
368 retval
= aarch64_wait_halt_one(target
);
369 if (retval
!= ERROR_OK
) {
370 if (retval
== ERROR_TARGET_TIMEOUT
)
371 LOG_ERROR("Timeout waiting for target %s halt", target_name(target
));
379 static int aarch64_halt_smp(struct target
*target
, bool exc_target
)
381 struct target
*next
= target
;
384 /* prepare halt on all PEs of the group */
385 retval
= aarch64_prepare_halt_smp(target
, exc_target
, &next
);
387 if (exc_target
&& next
== target
)
390 /* halt the target PE */
391 if (retval
== ERROR_OK
)
392 retval
= aarch64_halt_one(next
, HALT_LAZY
);
394 if (retval
!= ERROR_OK
)
397 /* wait for all PEs to halt */
398 int64_t then
= timeval_ms();
400 bool all_halted
= true;
401 struct target_list
*head
;
404 foreach_smp_target(head
, target
->head
) {
409 if (!target_was_examined(curr
))
412 retval
= aarch64_check_state_one(curr
, PRSR_HALT
, PRSR_HALT
, &halted
, NULL
);
413 if (retval
!= ERROR_OK
|| !halted
) {
422 if (timeval_ms() > then
+ 1000) {
423 retval
= ERROR_TARGET_TIMEOUT
;
428 * HACK: on Hi6220 there are 8 cores organized in 2 clusters
429 * and it looks like the CTI's are not connected by a common
430 * trigger matrix. It seems that we need to halt one core in each
431 * cluster explicitly. So if we find that a core has not halted
432 * yet, we trigger an explicit halt for the second cluster.
434 retval
= aarch64_halt_one(curr
, HALT_LAZY
);
435 if (retval
!= ERROR_OK
)
442 static int update_halt_gdb(struct target
*target
, enum target_debug_reason debug_reason
)
444 struct target
*gdb_target
= NULL
;
445 struct target_list
*head
;
448 if (debug_reason
== DBG_REASON_NOTHALTED
) {
449 LOG_INFO("Halting remaining targets in SMP group");
450 aarch64_halt_smp(target
, true);
453 /* poll all targets in the group, but skip the target that serves GDB */
454 foreach_smp_target(head
, target
->head
) {
456 /* skip calling context */
459 if (!target_was_examined(curr
))
461 /* skip targets that were already halted */
462 if (curr
->state
== TARGET_HALTED
)
464 /* remember the gdb_service->target */
465 if (curr
->gdb_service
!= NULL
)
466 gdb_target
= curr
->gdb_service
->target
;
468 if (curr
== gdb_target
)
471 /* avoid recursion in aarch64_poll() */
477 /* after all targets were updated, poll the gdb serving target */
478 if (gdb_target
!= NULL
&& gdb_target
!= target
)
479 aarch64_poll(gdb_target
);
485 * Aarch64 Run control
488 static int aarch64_poll(struct target
*target
)
490 enum target_state prev_target_state
;
491 int retval
= ERROR_OK
;
494 retval
= aarch64_check_state_one(target
,
495 PRSR_HALT
, PRSR_HALT
, &halted
, NULL
);
496 if (retval
!= ERROR_OK
)
500 prev_target_state
= target
->state
;
501 if (prev_target_state
!= TARGET_HALTED
) {
502 enum target_debug_reason debug_reason
= target
->debug_reason
;
504 /* We have a halting debug event */
505 target
->state
= TARGET_HALTED
;
506 LOG_DEBUG("Target %s halted", target_name(target
));
507 retval
= aarch64_debug_entry(target
);
508 if (retval
!= ERROR_OK
)
512 update_halt_gdb(target
, debug_reason
);
514 switch (prev_target_state
) {
518 target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
520 case TARGET_DEBUG_RUNNING
:
521 target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_HALTED
);
528 target
->state
= TARGET_RUNNING
;
533 static int aarch64_halt(struct target
*target
)
536 return aarch64_halt_smp(target
, false);
538 return aarch64_halt_one(target
, HALT_SYNC
);
541 static int aarch64_restore_one(struct target
*target
, int current
,
542 uint64_t *address
, int handle_breakpoints
, int debug_execution
)
544 struct armv8_common
*armv8
= target_to_armv8(target
);
545 struct arm
*arm
= &armv8
->arm
;
549 LOG_DEBUG("%s", target_name(target
));
551 if (!debug_execution
)
552 target_free_all_working_areas(target
);
554 /* current = 1: continue on current pc, otherwise continue at <address> */
555 resume_pc
= buf_get_u64(arm
->pc
->value
, 0, 64);
557 resume_pc
= *address
;
559 *address
= resume_pc
;
561 /* Make sure that the Armv7 gdb thumb fixups does not
562 * kill the return address
564 switch (arm
->core_state
) {
566 resume_pc
&= 0xFFFFFFFC;
568 case ARM_STATE_AARCH64
:
569 resume_pc
&= 0xFFFFFFFFFFFFFFFC;
571 case ARM_STATE_THUMB
:
572 case ARM_STATE_THUMB_EE
:
573 /* When the return address is loaded into PC
574 * bit 0 must be 1 to stay in Thumb state
578 case ARM_STATE_JAZELLE
:
579 LOG_ERROR("How do I resume into Jazelle state??");
582 LOG_DEBUG("resume pc = 0x%016" PRIx64
, resume_pc
);
583 buf_set_u64(arm
->pc
->value
, 0, 64, resume_pc
);
587 /* called it now before restoring context because it uses cpu
588 * register r0 for restoring system control register */
589 retval
= aarch64_restore_system_control_reg(target
);
590 if (retval
== ERROR_OK
)
591 retval
= aarch64_restore_context(target
, handle_breakpoints
);
597 * prepare single target for restart
601 static int aarch64_prepare_restart_one(struct target
*target
)
603 struct armv8_common
*armv8
= target_to_armv8(target
);
608 LOG_DEBUG("%s", target_name(target
));
610 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
611 armv8
->debug_base
+ CPUV8_DBG_DSCR
, &dscr
);
612 if (retval
!= ERROR_OK
)
615 if ((dscr
& DSCR_ITE
) == 0)
616 LOG_ERROR("DSCR.ITE must be set before leaving debug!");
617 if ((dscr
& DSCR_ERR
) != 0)
618 LOG_ERROR("DSCR.ERR must be cleared before leaving debug!");
620 /* acknowledge a pending CTI halt event */
621 retval
= arm_cti_ack_events(armv8
->cti
, CTI_TRIG(HALT
));
623 * open the CTI gate for channel 1 so that the restart events
624 * get passed along to all PEs. Also close gate for channel 0
625 * to isolate the PE from halt events.
627 if (retval
== ERROR_OK
)
628 retval
= arm_cti_ungate_channel(armv8
->cti
, 1);
629 if (retval
== ERROR_OK
)
630 retval
= arm_cti_gate_channel(armv8
->cti
, 0);
632 /* make sure that DSCR.HDE is set */
633 if (retval
== ERROR_OK
) {
635 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
636 armv8
->debug_base
+ CPUV8_DBG_DSCR
, dscr
);
639 /* clear sticky bits in PRSR, SDR is now 0 */
640 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
641 armv8
->debug_base
+ CPUV8_DBG_PRSR
, &tmp
);
646 static int aarch64_do_restart_one(struct target
*target
, enum restart_mode mode
)
648 struct armv8_common
*armv8
= target_to_armv8(target
);
651 LOG_DEBUG("%s", target_name(target
));
653 /* trigger an event on channel 1, generates a restart request to the PE */
654 retval
= arm_cti_pulse_channel(armv8
->cti
, 1);
655 if (retval
!= ERROR_OK
)
658 if (mode
== RESTART_SYNC
) {
659 int64_t then
= timeval_ms();
663 * if PRSR.SDR is set now, the target did restart, even
664 * if it's now already halted again (e.g. due to breakpoint)
666 retval
= aarch64_check_state_one(target
,
667 PRSR_SDR
, PRSR_SDR
, &resumed
, NULL
);
668 if (retval
!= ERROR_OK
|| resumed
)
671 if (timeval_ms() > then
+ 1000) {
672 LOG_ERROR("%s: Timeout waiting for resume"PRIx32
, target_name(target
));
673 retval
= ERROR_TARGET_TIMEOUT
;
679 if (retval
!= ERROR_OK
)
682 target
->debug_reason
= DBG_REASON_NOTHALTED
;
683 target
->state
= TARGET_RUNNING
;
688 static int aarch64_restart_one(struct target
*target
, enum restart_mode mode
)
692 LOG_DEBUG("%s", target_name(target
));
694 retval
= aarch64_prepare_restart_one(target
);
695 if (retval
== ERROR_OK
)
696 retval
= aarch64_do_restart_one(target
, mode
);
702 * prepare all but the current target for restart
704 static int aarch64_prep_restart_smp(struct target
*target
, int handle_breakpoints
, struct target
**p_first
)
706 int retval
= ERROR_OK
;
707 struct target_list
*head
;
708 struct target
*first
= NULL
;
711 foreach_smp_target(head
, target
->head
) {
712 struct target
*curr
= head
->target
;
714 /* skip calling target */
717 if (!target_was_examined(curr
))
719 if (curr
->state
!= TARGET_HALTED
)
722 /* resume at current address, not in step mode */
723 retval
= aarch64_restore_one(curr
, 1, &address
, handle_breakpoints
, 0);
724 if (retval
== ERROR_OK
)
725 retval
= aarch64_prepare_restart_one(curr
);
726 if (retval
!= ERROR_OK
) {
727 LOG_ERROR("failed to restore target %s", target_name(curr
));
730 /* remember the first valid target in the group */
742 static int aarch64_step_restart_smp(struct target
*target
)
744 int retval
= ERROR_OK
;
745 struct target_list
*head
;
746 struct target
*first
= NULL
;
748 LOG_DEBUG("%s", target_name(target
));
750 retval
= aarch64_prep_restart_smp(target
, 0, &first
);
751 if (retval
!= ERROR_OK
)
755 retval
= aarch64_do_restart_one(first
, RESTART_LAZY
);
756 if (retval
!= ERROR_OK
) {
757 LOG_DEBUG("error restarting target %s", target_name(first
));
761 int64_t then
= timeval_ms();
763 struct target
*curr
= target
;
764 bool all_resumed
= true;
766 foreach_smp_target(head
, target
->head
) {
775 retval
= aarch64_check_state_one(curr
,
776 PRSR_SDR
, PRSR_SDR
, &resumed
, &prsr
);
777 if (retval
!= ERROR_OK
|| (!resumed
&& (prsr
& PRSR_HALT
))) {
782 if (curr
->state
!= TARGET_RUNNING
) {
783 curr
->state
= TARGET_RUNNING
;
784 curr
->debug_reason
= DBG_REASON_NOTHALTED
;
785 target_call_event_callbacks(curr
, TARGET_EVENT_RESUMED
);
792 if (timeval_ms() > then
+ 1000) {
793 LOG_ERROR("%s: timeout waiting for target resume", __func__
);
794 retval
= ERROR_TARGET_TIMEOUT
;
798 * HACK: on Hi6220 there are 8 cores organized in 2 clusters
799 * and it looks like the CTI's are not connected by a common
800 * trigger matrix. It seems that we need to halt one core in each
801 * cluster explicitly. So if we find that a core has not halted
802 * yet, we trigger an explicit resume for the second cluster.
804 retval
= aarch64_do_restart_one(curr
, RESTART_LAZY
);
805 if (retval
!= ERROR_OK
)
812 static int aarch64_resume(struct target
*target
, int current
,
813 target_addr_t address
, int handle_breakpoints
, int debug_execution
)
816 uint64_t addr
= address
;
818 if (target
->state
!= TARGET_HALTED
)
819 return ERROR_TARGET_NOT_HALTED
;
822 * If this target is part of a SMP group, prepare the others
823 * targets for resuming. This involves restoring the complete
824 * target register context and setting up CTI gates to accept
825 * resume events from the trigger matrix.
828 retval
= aarch64_prep_restart_smp(target
, handle_breakpoints
, NULL
);
829 if (retval
!= ERROR_OK
)
833 /* all targets prepared, restore and restart the current target */
834 retval
= aarch64_restore_one(target
, current
, &addr
, handle_breakpoints
,
836 if (retval
== ERROR_OK
)
837 retval
= aarch64_restart_one(target
, RESTART_SYNC
);
838 if (retval
!= ERROR_OK
)
842 int64_t then
= timeval_ms();
844 struct target
*curr
= target
;
845 struct target_list
*head
;
846 bool all_resumed
= true;
848 foreach_smp_target(head
, target
->head
) {
855 if (!target_was_examined(curr
))
858 retval
= aarch64_check_state_one(curr
,
859 PRSR_SDR
, PRSR_SDR
, &resumed
, &prsr
);
860 if (retval
!= ERROR_OK
|| (!resumed
&& (prsr
& PRSR_HALT
))) {
865 if (curr
->state
!= TARGET_RUNNING
) {
866 curr
->state
= TARGET_RUNNING
;
867 curr
->debug_reason
= DBG_REASON_NOTHALTED
;
868 target_call_event_callbacks(curr
, TARGET_EVENT_RESUMED
);
875 if (timeval_ms() > then
+ 1000) {
876 LOG_ERROR("%s: timeout waiting for target %s to resume", __func__
, target_name(curr
));
877 retval
= ERROR_TARGET_TIMEOUT
;
882 * HACK: on Hi6220 there are 8 cores organized in 2 clusters
883 * and it looks like the CTI's are not connected by a common
884 * trigger matrix. It seems that we need to halt one core in each
885 * cluster explicitly. So if we find that a core has not halted
886 * yet, we trigger an explicit resume for the second cluster.
888 retval
= aarch64_do_restart_one(curr
, RESTART_LAZY
);
889 if (retval
!= ERROR_OK
)
894 if (retval
!= ERROR_OK
)
897 target
->debug_reason
= DBG_REASON_NOTHALTED
;
899 if (!debug_execution
) {
900 target
->state
= TARGET_RUNNING
;
901 target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
);
902 LOG_DEBUG("target resumed at 0x%" PRIx64
, addr
);
904 target
->state
= TARGET_DEBUG_RUNNING
;
905 target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_RESUMED
);
906 LOG_DEBUG("target debug resumed at 0x%" PRIx64
, addr
);
912 static int aarch64_debug_entry(struct target
*target
)
914 int retval
= ERROR_OK
;
915 struct armv8_common
*armv8
= target_to_armv8(target
);
916 struct arm_dpm
*dpm
= &armv8
->dpm
;
917 enum arm_state core_state
;
920 /* make sure to clear all sticky errors */
921 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
922 armv8
->debug_base
+ CPUV8_DBG_DRCR
, DRCR_CSE
);
923 if (retval
== ERROR_OK
)
924 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
925 armv8
->debug_base
+ CPUV8_DBG_DSCR
, &dscr
);
927 if (retval
!= ERROR_OK
)
930 LOG_DEBUG("%s dscr = 0x%08" PRIx32
, target_name(target
), dscr
);
933 core_state
= armv8_dpm_get_core_state(dpm
);
934 armv8_select_opcodes(armv8
, core_state
== ARM_STATE_AARCH64
);
935 armv8_select_reg_access(armv8
, core_state
== ARM_STATE_AARCH64
);
937 /* close the CTI gate for all events */
938 if (retval
== ERROR_OK
)
939 retval
= arm_cti_write_reg(armv8
->cti
, CTI_GATE
, 0);
940 /* discard async exceptions */
941 if (retval
== ERROR_OK
)
942 retval
= dpm
->instr_cpsr_sync(dpm
);
943 if (retval
!= ERROR_OK
)
946 /* Examine debug reason */
947 armv8_dpm_report_dscr(dpm
, dscr
);
949 /* save address of instruction that triggered the watchpoint? */
950 if (target
->debug_reason
== DBG_REASON_WATCHPOINT
) {
954 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
955 armv8
->debug_base
+ CPUV8_DBG_WFAR1
,
957 if (retval
!= ERROR_OK
)
961 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
962 armv8
->debug_base
+ CPUV8_DBG_WFAR0
,
964 if (retval
!= ERROR_OK
)
967 armv8_dpm_report_wfar(&armv8
->dpm
, wfar
);
970 retval
= armv8_dpm_read_current_registers(&armv8
->dpm
);
972 if (retval
== ERROR_OK
&& armv8
->post_debug_entry
)
973 retval
= armv8
->post_debug_entry(target
);
978 static int aarch64_post_debug_entry(struct target
*target
)
980 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
981 struct armv8_common
*armv8
= &aarch64
->armv8_common
;
983 enum arm_mode target_mode
= ARM_MODE_ANY
;
986 switch (armv8
->arm
.core_mode
) {
988 target_mode
= ARMV8_64_EL1H
;
992 instr
= ARMV8_MRS(SYSTEM_SCTLR_EL1
, 0);
996 instr
= ARMV8_MRS(SYSTEM_SCTLR_EL2
, 0);
1000 instr
= ARMV8_MRS(SYSTEM_SCTLR_EL3
, 0);
1007 instr
= ARMV4_5_MRC(15, 0, 0, 1, 0, 0);
1011 LOG_INFO("cannot read system control register in this mode");
1015 if (target_mode
!= ARM_MODE_ANY
)
1016 armv8_dpm_modeswitch(&armv8
->dpm
, target_mode
);
1018 retval
= armv8
->dpm
.instr_read_data_r0(&armv8
->dpm
, instr
, &aarch64
->system_control_reg
);
1019 if (retval
!= ERROR_OK
)
1022 if (target_mode
!= ARM_MODE_ANY
)
1023 armv8_dpm_modeswitch(&armv8
->dpm
, ARM_MODE_ANY
);
1025 LOG_DEBUG("System_register: %8.8" PRIx32
, aarch64
->system_control_reg
);
1026 aarch64
->system_control_reg_curr
= aarch64
->system_control_reg
;
1028 if (armv8
->armv8_mmu
.armv8_cache
.info
== -1) {
1029 armv8_identify_cache(armv8
);
1030 armv8_read_mpidr(armv8
);
1033 armv8
->armv8_mmu
.mmu_enabled
=
1034 (aarch64
->system_control_reg
& 0x1U
) ? 1 : 0;
1035 armv8
->armv8_mmu
.armv8_cache
.d_u_cache_enabled
=
1036 (aarch64
->system_control_reg
& 0x4U
) ? 1 : 0;
1037 armv8
->armv8_mmu
.armv8_cache
.i_cache_enabled
=
1038 (aarch64
->system_control_reg
& 0x1000U
) ? 1 : 0;
1043 * single-step a target
1045 static int aarch64_step(struct target
*target
, int current
, target_addr_t address
,
1046 int handle_breakpoints
)
1048 struct armv8_common
*armv8
= target_to_armv8(target
);
1049 int saved_retval
= ERROR_OK
;
1053 if (target
->state
!= TARGET_HALTED
) {
1054 LOG_WARNING("target not halted");
1055 return ERROR_TARGET_NOT_HALTED
;
1058 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
1059 armv8
->debug_base
+ CPUV8_DBG_EDECR
, &edecr
);
1060 /* make sure EDECR.SS is not set when restoring the register */
1062 if (retval
== ERROR_OK
) {
1064 /* set EDECR.SS to enter hardware step mode */
1065 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
1066 armv8
->debug_base
+ CPUV8_DBG_EDECR
, (edecr
|0x4));
1068 /* disable interrupts while stepping */
1069 if (retval
== ERROR_OK
)
1070 retval
= aarch64_set_dscr_bits(target
, 0x3 << 22, 0x3 << 22);
1071 /* bail out if stepping setup has failed */
1072 if (retval
!= ERROR_OK
)
1075 if (target
->smp
&& !handle_breakpoints
) {
1077 * isolate current target so that it doesn't get resumed
1078 * together with the others
1080 retval
= arm_cti_gate_channel(armv8
->cti
, 1);
1081 /* resume all other targets in the group */
1082 if (retval
== ERROR_OK
)
1083 retval
= aarch64_step_restart_smp(target
);
1084 if (retval
!= ERROR_OK
) {
1085 LOG_ERROR("Failed to restart non-stepping targets in SMP group");
1088 LOG_DEBUG("Restarted all non-stepping targets in SMP group");
1091 /* all other targets running, restore and restart the current target */
1092 retval
= aarch64_restore_one(target
, current
, &address
, 0, 0);
1093 if (retval
== ERROR_OK
)
1094 retval
= aarch64_restart_one(target
, RESTART_LAZY
);
1096 if (retval
!= ERROR_OK
)
1099 LOG_DEBUG("target step-resumed at 0x%" PRIx64
, address
);
1100 if (!handle_breakpoints
)
1101 target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
);
1103 int64_t then
= timeval_ms();
1108 retval
= aarch64_check_state_one(target
,
1109 PRSR_SDR
|PRSR_HALT
, PRSR_SDR
|PRSR_HALT
, &stepped
, &prsr
);
1110 if (retval
!= ERROR_OK
|| stepped
)
1113 if (timeval_ms() > then
+ 1000) {
1114 LOG_ERROR("timeout waiting for target %s halt after step",
1115 target_name(target
));
1116 retval
= ERROR_TARGET_TIMEOUT
;
1121 if (retval
== ERROR_TARGET_TIMEOUT
)
1122 saved_retval
= retval
;
1125 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
1126 armv8
->debug_base
+ CPUV8_DBG_EDECR
, edecr
);
1127 if (retval
!= ERROR_OK
)
1130 /* restore interrupts */
1131 retval
= aarch64_set_dscr_bits(target
, 0x3 << 22, 0);
1132 if (retval
!= ERROR_OK
)
1135 if (saved_retval
!= ERROR_OK
)
1136 return saved_retval
;
1138 return aarch64_poll(target
);
1141 static int aarch64_restore_context(struct target
*target
, bool bpwp
)
1143 struct armv8_common
*armv8
= target_to_armv8(target
);
1144 struct arm
*arm
= &armv8
->arm
;
1148 LOG_DEBUG("%s", target_name(target
));
1150 if (armv8
->pre_restore_context
)
1151 armv8
->pre_restore_context(target
);
1153 retval
= armv8_dpm_write_dirty_registers(&armv8
->dpm
, bpwp
);
1154 if (retval
== ERROR_OK
) {
1155 /* registers are now invalid */
1156 register_cache_invalidate(arm
->core_cache
);
1157 register_cache_invalidate(arm
->core_cache
->next
);
1164 * Cortex-A8 Breakpoint and watchpoint functions
1167 /* Setup hardware Breakpoint Register Pair */
1168 static int aarch64_set_breakpoint(struct target
*target
,
1169 struct breakpoint
*breakpoint
, uint8_t matchmode
)
1174 uint8_t byte_addr_select
= 0x0F;
1175 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
1176 struct armv8_common
*armv8
= &aarch64
->armv8_common
;
1177 struct aarch64_brp
*brp_list
= aarch64
->brp_list
;
1179 if (breakpoint
->set
) {
1180 LOG_WARNING("breakpoint already set");
1184 if (breakpoint
->type
== BKPT_HARD
) {
1186 while (brp_list
[brp_i
].used
&& (brp_i
< aarch64
->brp_num
))
1188 if (brp_i
>= aarch64
->brp_num
) {
1189 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1190 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1192 breakpoint
->set
= brp_i
+ 1;
1193 if (breakpoint
->length
== 2)
1194 byte_addr_select
= (3 << (breakpoint
->address
& 0x02));
1195 control
= ((matchmode
& 0x7) << 20)
1197 | (byte_addr_select
<< 5)
1199 brp_list
[brp_i
].used
= 1;
1200 brp_list
[brp_i
].value
= breakpoint
->address
& 0xFFFFFFFFFFFFFFFC;
1201 brp_list
[brp_i
].control
= control
;
1202 bpt_value
= brp_list
[brp_i
].value
;
1204 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1205 + CPUV8_DBG_BVR_BASE
+ 16 * brp_list
[brp_i
].BRPn
,
1206 (uint32_t)(bpt_value
& 0xFFFFFFFF));
1207 if (retval
!= ERROR_OK
)
1209 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1210 + CPUV8_DBG_BVR_BASE
+ 4 + 16 * brp_list
[brp_i
].BRPn
,
1211 (uint32_t)(bpt_value
>> 32));
1212 if (retval
!= ERROR_OK
)
1215 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1216 + CPUV8_DBG_BCR_BASE
+ 16 * brp_list
[brp_i
].BRPn
,
1217 brp_list
[brp_i
].control
);
1218 if (retval
!= ERROR_OK
)
1220 LOG_DEBUG("brp %i control 0x%0" PRIx32
" value 0x%" TARGET_PRIxADDR
, brp_i
,
1221 brp_list
[brp_i
].control
,
1222 brp_list
[brp_i
].value
);
1224 } else if (breakpoint
->type
== BKPT_SOFT
) {
1227 buf_set_u32(code
, 0, 32, armv8_opcode(armv8
, ARMV8_OPC_HLT
));
1228 retval
= target_read_memory(target
,
1229 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1230 breakpoint
->length
, 1,
1231 breakpoint
->orig_instr
);
1232 if (retval
!= ERROR_OK
)
1235 armv8_cache_d_inner_flush_virt(armv8
,
1236 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1237 breakpoint
->length
);
1239 retval
= target_write_memory(target
,
1240 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1241 breakpoint
->length
, 1, code
);
1242 if (retval
!= ERROR_OK
)
1245 armv8_cache_d_inner_flush_virt(armv8
,
1246 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1247 breakpoint
->length
);
1249 armv8_cache_i_inner_inval_virt(armv8
,
1250 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1251 breakpoint
->length
);
1253 breakpoint
->set
= 0x11; /* Any nice value but 0 */
1256 /* Ensure that halting debug mode is enable */
1257 retval
= aarch64_set_dscr_bits(target
, DSCR_HDE
, DSCR_HDE
);
1258 if (retval
!= ERROR_OK
) {
1259 LOG_DEBUG("Failed to set DSCR.HDE");
1266 static int aarch64_set_context_breakpoint(struct target
*target
,
1267 struct breakpoint
*breakpoint
, uint8_t matchmode
)
1269 int retval
= ERROR_FAIL
;
1272 uint8_t byte_addr_select
= 0x0F;
1273 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
1274 struct armv8_common
*armv8
= &aarch64
->armv8_common
;
1275 struct aarch64_brp
*brp_list
= aarch64
->brp_list
;
1277 if (breakpoint
->set
) {
1278 LOG_WARNING("breakpoint already set");
1281 /*check available context BRPs*/
1282 while ((brp_list
[brp_i
].used
||
1283 (brp_list
[brp_i
].type
!= BRP_CONTEXT
)) && (brp_i
< aarch64
->brp_num
))
1286 if (brp_i
>= aarch64
->brp_num
) {
1287 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1291 breakpoint
->set
= brp_i
+ 1;
1292 control
= ((matchmode
& 0x7) << 20)
1294 | (byte_addr_select
<< 5)
1296 brp_list
[brp_i
].used
= 1;
1297 brp_list
[brp_i
].value
= (breakpoint
->asid
);
1298 brp_list
[brp_i
].control
= control
;
1299 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1300 + CPUV8_DBG_BVR_BASE
+ 16 * brp_list
[brp_i
].BRPn
,
1301 brp_list
[brp_i
].value
);
1302 if (retval
!= ERROR_OK
)
1304 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1305 + CPUV8_DBG_BCR_BASE
+ 16 * brp_list
[brp_i
].BRPn
,
1306 brp_list
[brp_i
].control
);
1307 if (retval
!= ERROR_OK
)
1309 LOG_DEBUG("brp %i control 0x%0" PRIx32
" value 0x%" TARGET_PRIxADDR
, brp_i
,
1310 brp_list
[brp_i
].control
,
1311 brp_list
[brp_i
].value
);
1316 static int aarch64_set_hybrid_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
1318 int retval
= ERROR_FAIL
;
1319 int brp_1
= 0; /* holds the contextID pair */
1320 int brp_2
= 0; /* holds the IVA pair */
1321 uint32_t control_CTX
, control_IVA
;
1322 uint8_t CTX_byte_addr_select
= 0x0F;
1323 uint8_t IVA_byte_addr_select
= 0x0F;
1324 uint8_t CTX_machmode
= 0x03;
1325 uint8_t IVA_machmode
= 0x01;
1326 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
1327 struct armv8_common
*armv8
= &aarch64
->armv8_common
;
1328 struct aarch64_brp
*brp_list
= aarch64
->brp_list
;
1330 if (breakpoint
->set
) {
1331 LOG_WARNING("breakpoint already set");
1334 /*check available context BRPs*/
1335 while ((brp_list
[brp_1
].used
||
1336 (brp_list
[brp_1
].type
!= BRP_CONTEXT
)) && (brp_1
< aarch64
->brp_num
))
1339 printf("brp(CTX) found num: %d\n", brp_1
);
1340 if (brp_1
>= aarch64
->brp_num
) {
1341 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1345 while ((brp_list
[brp_2
].used
||
1346 (brp_list
[brp_2
].type
!= BRP_NORMAL
)) && (brp_2
< aarch64
->brp_num
))
1349 printf("brp(IVA) found num: %d\n", brp_2
);
1350 if (brp_2
>= aarch64
->brp_num
) {
1351 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1355 breakpoint
->set
= brp_1
+ 1;
1356 breakpoint
->linked_BRP
= brp_2
;
1357 control_CTX
= ((CTX_machmode
& 0x7) << 20)
1360 | (CTX_byte_addr_select
<< 5)
1362 brp_list
[brp_1
].used
= 1;
1363 brp_list
[brp_1
].value
= (breakpoint
->asid
);
1364 brp_list
[brp_1
].control
= control_CTX
;
1365 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1366 + CPUV8_DBG_BVR_BASE
+ 16 * brp_list
[brp_1
].BRPn
,
1367 brp_list
[brp_1
].value
);
1368 if (retval
!= ERROR_OK
)
1370 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1371 + CPUV8_DBG_BCR_BASE
+ 16 * brp_list
[brp_1
].BRPn
,
1372 brp_list
[brp_1
].control
);
1373 if (retval
!= ERROR_OK
)
1376 control_IVA
= ((IVA_machmode
& 0x7) << 20)
1379 | (IVA_byte_addr_select
<< 5)
1381 brp_list
[brp_2
].used
= 1;
1382 brp_list
[brp_2
].value
= breakpoint
->address
& 0xFFFFFFFFFFFFFFFC;
1383 brp_list
[brp_2
].control
= control_IVA
;
1384 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1385 + CPUV8_DBG_BVR_BASE
+ 16 * brp_list
[brp_2
].BRPn
,
1386 brp_list
[brp_2
].value
& 0xFFFFFFFF);
1387 if (retval
!= ERROR_OK
)
1389 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1390 + CPUV8_DBG_BVR_BASE
+ 4 + 16 * brp_list
[brp_2
].BRPn
,
1391 brp_list
[brp_2
].value
>> 32);
1392 if (retval
!= ERROR_OK
)
1394 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1395 + CPUV8_DBG_BCR_BASE
+ 16 * brp_list
[brp_2
].BRPn
,
1396 brp_list
[brp_2
].control
);
1397 if (retval
!= ERROR_OK
)
1403 static int aarch64_unset_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
1406 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
1407 struct armv8_common
*armv8
= &aarch64
->armv8_common
;
1408 struct aarch64_brp
*brp_list
= aarch64
->brp_list
;
1410 if (!breakpoint
->set
) {
1411 LOG_WARNING("breakpoint not set");
1415 if (breakpoint
->type
== BKPT_HARD
) {
1416 if ((breakpoint
->address
!= 0) && (breakpoint
->asid
!= 0)) {
1417 int brp_i
= breakpoint
->set
- 1;
1418 int brp_j
= breakpoint
->linked_BRP
;
1419 if ((brp_i
< 0) || (brp_i
>= aarch64
->brp_num
)) {
1420 LOG_DEBUG("Invalid BRP number in breakpoint");
1423 LOG_DEBUG("rbp %i control 0x%0" PRIx32
" value 0x%" TARGET_PRIxADDR
, brp_i
,
1424 brp_list
[brp_i
].control
, brp_list
[brp_i
].value
);
1425 brp_list
[brp_i
].used
= 0;
1426 brp_list
[brp_i
].value
= 0;
1427 brp_list
[brp_i
].control
= 0;
1428 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1429 + CPUV8_DBG_BCR_BASE
+ 16 * brp_list
[brp_i
].BRPn
,
1430 brp_list
[brp_i
].control
);
1431 if (retval
!= ERROR_OK
)
1433 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1434 + CPUV8_DBG_BVR_BASE
+ 16 * brp_list
[brp_i
].BRPn
,
1435 (uint32_t)brp_list
[brp_i
].value
);
1436 if (retval
!= ERROR_OK
)
1438 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1439 + CPUV8_DBG_BVR_BASE
+ 4 + 16 * brp_list
[brp_i
].BRPn
,
1440 (uint32_t)brp_list
[brp_i
].value
);
1441 if (retval
!= ERROR_OK
)
1443 if ((brp_j
< 0) || (brp_j
>= aarch64
->brp_num
)) {
1444 LOG_DEBUG("Invalid BRP number in breakpoint");
1447 LOG_DEBUG("rbp %i control 0x%0" PRIx32
" value 0x%0" PRIx64
, brp_j
,
1448 brp_list
[brp_j
].control
, brp_list
[brp_j
].value
);
1449 brp_list
[brp_j
].used
= 0;
1450 brp_list
[brp_j
].value
= 0;
1451 brp_list
[brp_j
].control
= 0;
1452 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1453 + CPUV8_DBG_BCR_BASE
+ 16 * brp_list
[brp_j
].BRPn
,
1454 brp_list
[brp_j
].control
);
1455 if (retval
!= ERROR_OK
)
1457 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1458 + CPUV8_DBG_BVR_BASE
+ 16 * brp_list
[brp_j
].BRPn
,
1459 (uint32_t)brp_list
[brp_j
].value
);
1460 if (retval
!= ERROR_OK
)
1462 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1463 + CPUV8_DBG_BVR_BASE
+ 4 + 16 * brp_list
[brp_j
].BRPn
,
1464 (uint32_t)brp_list
[brp_j
].value
);
1465 if (retval
!= ERROR_OK
)
1468 breakpoint
->linked_BRP
= 0;
1469 breakpoint
->set
= 0;
1473 int brp_i
= breakpoint
->set
- 1;
1474 if ((brp_i
< 0) || (brp_i
>= aarch64
->brp_num
)) {
1475 LOG_DEBUG("Invalid BRP number in breakpoint");
1478 LOG_DEBUG("rbp %i control 0x%0" PRIx32
" value 0x%0" PRIx64
, brp_i
,
1479 brp_list
[brp_i
].control
, brp_list
[brp_i
].value
);
1480 brp_list
[brp_i
].used
= 0;
1481 brp_list
[brp_i
].value
= 0;
1482 brp_list
[brp_i
].control
= 0;
1483 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1484 + CPUV8_DBG_BCR_BASE
+ 16 * brp_list
[brp_i
].BRPn
,
1485 brp_list
[brp_i
].control
);
1486 if (retval
!= ERROR_OK
)
1488 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1489 + CPUV8_DBG_BVR_BASE
+ 16 * brp_list
[brp_i
].BRPn
,
1490 brp_list
[brp_i
].value
);
1491 if (retval
!= ERROR_OK
)
1494 retval
= aarch64_dap_write_memap_register_u32(target
, armv8
->debug_base
1495 + CPUV8_DBG_BVR_BASE
+ 4 + 16 * brp_list
[brp_i
].BRPn
,
1496 (uint32_t)brp_list
[brp_i
].value
);
1497 if (retval
!= ERROR_OK
)
1499 breakpoint
->set
= 0;
1503 /* restore original instruction (kept in target endianness) */
1505 armv8_cache_d_inner_flush_virt(armv8
,
1506 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1507 breakpoint
->length
);
1509 if (breakpoint
->length
== 4) {
1510 retval
= target_write_memory(target
,
1511 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1512 4, 1, breakpoint
->orig_instr
);
1513 if (retval
!= ERROR_OK
)
1516 retval
= target_write_memory(target
,
1517 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1518 2, 1, breakpoint
->orig_instr
);
1519 if (retval
!= ERROR_OK
)
1523 armv8_cache_d_inner_flush_virt(armv8
,
1524 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1525 breakpoint
->length
);
1527 armv8_cache_i_inner_inval_virt(armv8
,
1528 breakpoint
->address
& 0xFFFFFFFFFFFFFFFE,
1529 breakpoint
->length
);
1531 breakpoint
->set
= 0;
1536 static int aarch64_add_breakpoint(struct target
*target
,
1537 struct breakpoint
*breakpoint
)
1539 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
1541 if ((breakpoint
->type
== BKPT_HARD
) && (aarch64
->brp_num_available
< 1)) {
1542 LOG_INFO("no hardware breakpoint available");
1543 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1546 if (breakpoint
->type
== BKPT_HARD
)
1547 aarch64
->brp_num_available
--;
1549 return aarch64_set_breakpoint(target
, breakpoint
, 0x00); /* Exact match */
1552 static int aarch64_add_context_breakpoint(struct target
*target
,
1553 struct breakpoint
*breakpoint
)
1555 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
1557 if ((breakpoint
->type
== BKPT_HARD
) && (aarch64
->brp_num_available
< 1)) {
1558 LOG_INFO("no hardware breakpoint available");
1559 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1562 if (breakpoint
->type
== BKPT_HARD
)
1563 aarch64
->brp_num_available
--;
1565 return aarch64_set_context_breakpoint(target
, breakpoint
, 0x02); /* asid match */
1568 static int aarch64_add_hybrid_breakpoint(struct target
*target
,
1569 struct breakpoint
*breakpoint
)
1571 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
1573 if ((breakpoint
->type
== BKPT_HARD
) && (aarch64
->brp_num_available
< 1)) {
1574 LOG_INFO("no hardware breakpoint available");
1575 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1578 if (breakpoint
->type
== BKPT_HARD
)
1579 aarch64
->brp_num_available
--;
1581 return aarch64_set_hybrid_breakpoint(target
, breakpoint
); /* ??? */
1585 static int aarch64_remove_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
1587 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
1590 /* It is perfectly possible to remove breakpoints while the target is running */
1591 if (target
->state
!= TARGET_HALTED
) {
1592 LOG_WARNING("target not halted");
1593 return ERROR_TARGET_NOT_HALTED
;
1597 if (breakpoint
->set
) {
1598 aarch64_unset_breakpoint(target
, breakpoint
);
1599 if (breakpoint
->type
== BKPT_HARD
)
1600 aarch64
->brp_num_available
++;
1607 * Cortex-A8 Reset functions
1610 static int aarch64_assert_reset(struct target
*target
)
1612 struct armv8_common
*armv8
= target_to_armv8(target
);
1616 /* FIXME when halt is requested, make it work somehow... */
1618 /* Issue some kind of warm reset. */
1619 if (target_has_event_action(target
, TARGET_EVENT_RESET_ASSERT
))
1620 target_handle_event(target
, TARGET_EVENT_RESET_ASSERT
);
1621 else if (jtag_get_reset_config() & RESET_HAS_SRST
) {
1622 /* REVISIT handle "pulls" cases, if there's
1623 * hardware that needs them to work.
1625 jtag_add_reset(0, 1);
1627 LOG_ERROR("%s: how to reset?", target_name(target
));
1631 /* registers are now invalid */
1632 if (target_was_examined(target
)) {
1633 register_cache_invalidate(armv8
->arm
.core_cache
);
1634 register_cache_invalidate(armv8
->arm
.core_cache
->next
);
1637 target
->state
= TARGET_RESET
;
1642 static int aarch64_deassert_reset(struct target
*target
)
1648 /* be certain SRST is off */
1649 jtag_add_reset(0, 0);
1651 if (!target_was_examined(target
))
1654 retval
= aarch64_poll(target
);
1655 if (retval
!= ERROR_OK
)
1658 if (target
->reset_halt
) {
1659 if (target
->state
!= TARGET_HALTED
) {
1660 LOG_WARNING("%s: ran after reset and before halt ...",
1661 target_name(target
));
1662 retval
= target_halt(target
);
1663 if (retval
!= ERROR_OK
)
1668 return aarch64_init_debug_access(target
);
1671 static int aarch64_write_apb_ap_memory(struct target
*target
,
1672 uint64_t address
, uint32_t size
,
1673 uint32_t count
, const uint8_t *buffer
)
1675 /* write memory through APB-AP */
1676 int retval
= ERROR_COMMAND_SYNTAX_ERROR
;
1677 struct armv8_common
*armv8
= target_to_armv8(target
);
1678 struct arm_dpm
*dpm
= &armv8
->dpm
;
1679 struct arm
*arm
= &armv8
->arm
;
1680 int total_bytes
= count
* size
;
1682 int start_byte
= address
& 0x3;
1683 int end_byte
= (address
+ total_bytes
) & 0x3;
1686 uint8_t *tmp_buff
= NULL
;
1688 if (target
->state
!= TARGET_HALTED
) {
1689 LOG_WARNING("target not halted");
1690 return ERROR_TARGET_NOT_HALTED
;
1693 total_u32
= DIV_ROUND_UP((address
& 3) + total_bytes
, 4);
1695 /* Mark register R0 as dirty, as it will be used
1696 * for transferring the data.
1697 * It will be restored automatically when exiting
1700 reg
= armv8_reg_current(arm
, 1);
1703 reg
= armv8_reg_current(arm
, 0);
1706 /* This algorithm comes from DDI0487A.g, chapter J9.1 */
1708 /* The algorithm only copies 32 bit words, so the buffer
1709 * should be expanded to include the words at either end.
1710 * The first and last words will be read first to avoid
1711 * corruption if needed.
1713 tmp_buff
= malloc(total_u32
* 4);
1715 if ((start_byte
!= 0) && (total_u32
> 1)) {
1716 /* First bytes not aligned - read the 32 bit word to avoid corrupting
1717 * the other bytes in the word.
1719 retval
= aarch64_read_apb_ap_memory(target
, (address
& ~0x3), 4, 1, tmp_buff
);
1720 if (retval
!= ERROR_OK
)
1721 goto error_free_buff_w
;
1724 /* If end of write is not aligned, or the write is less than 4 bytes */
1725 if ((end_byte
!= 0) ||
1726 ((total_u32
== 1) && (total_bytes
!= 4))) {
1728 /* Read the last word to avoid corruption during 32 bit write */
1729 int mem_offset
= (total_u32
-1) * 4;
1730 retval
= aarch64_read_apb_ap_memory(target
, (address
& ~0x3) + mem_offset
, 4, 1, &tmp_buff
[mem_offset
]);
1731 if (retval
!= ERROR_OK
)
1732 goto error_free_buff_w
;
1735 /* Copy the write buffer over the top of the temporary buffer */
1736 memcpy(&tmp_buff
[start_byte
], buffer
, total_bytes
);
1738 /* We now have a 32 bit aligned buffer that can be written */
1741 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
1742 armv8
->debug_base
+ CPUV8_DBG_DSCR
, &dscr
);
1743 if (retval
!= ERROR_OK
)
1744 goto error_free_buff_w
;
1746 /* Set Normal access mode */
1747 dscr
= (dscr
& ~DSCR_MA
);
1748 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
1749 armv8
->debug_base
+ CPUV8_DBG_DSCR
, dscr
);
1751 if (arm
->core_state
== ARM_STATE_AARCH64
) {
1752 /* Write X0 with value 'address' using write procedure */
1753 /* Step 1.a+b - Write the address for read access into DBGDTR_EL0 */
1754 /* Step 1.c - Copy value from DTR to R0 using instruction mrs DBGDTR_EL0, x0 */
1755 retval
= dpm
->instr_write_data_dcc_64(dpm
,
1756 ARMV8_MRS(SYSTEM_DBG_DBGDTR_EL0
, 0), address
& ~0x3ULL
);
1758 /* Write R0 with value 'address' using write procedure */
1759 /* Step 1.a+b - Write the address for read access into DBGDTRRX */
1760 /* Step 1.c - Copy value from DTR to R0 using instruction mrc DBGDTRTXint, r0 */
1761 dpm
->instr_write_data_dcc(dpm
,
1762 ARMV4_5_MRC(14, 0, 0, 0, 5, 0), address
& ~0x3ULL
);
1765 /* Step 1.d - Change DCC to memory mode */
1766 dscr
= dscr
| DSCR_MA
;
1767 retval
+= mem_ap_write_atomic_u32(armv8
->debug_ap
,
1768 armv8
->debug_base
+ CPUV8_DBG_DSCR
, dscr
);
1769 if (retval
!= ERROR_OK
)
1770 goto error_unset_dtr_w
;
1773 /* Step 2.a - Do the write */
1774 retval
= mem_ap_write_buf_noincr(armv8
->debug_ap
,
1775 tmp_buff
, 4, total_u32
, armv8
->debug_base
+ CPUV8_DBG_DTRRX
);
1776 if (retval
!= ERROR_OK
)
1777 goto error_unset_dtr_w
;
1779 /* Step 3.a - Switch DTR mode back to Normal mode */
1780 dscr
= (dscr
& ~DSCR_MA
);
1781 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
1782 armv8
->debug_base
+ CPUV8_DBG_DSCR
, dscr
);
1783 if (retval
!= ERROR_OK
)
1784 goto error_unset_dtr_w
;
1786 /* Check for sticky abort flags in the DSCR */
1787 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
1788 armv8
->debug_base
+ CPUV8_DBG_DSCR
, &dscr
);
1789 if (retval
!= ERROR_OK
)
1790 goto error_free_buff_w
;
1793 if (dscr
& (DSCR_ERR
| DSCR_SYS_ERROR_PEND
)) {
1794 /* Abort occurred - clear it and exit */
1795 LOG_ERROR("abort occurred - dscr = 0x%08" PRIx32
, dscr
);
1796 armv8_dpm_handle_exception(dpm
);
1797 goto error_free_buff_w
;
1805 /* Unset DTR mode */
1806 mem_ap_read_atomic_u32(armv8
->debug_ap
,
1807 armv8
->debug_base
+ CPUV8_DBG_DSCR
, &dscr
);
1808 dscr
= (dscr
& ~DSCR_MA
);
1809 mem_ap_write_atomic_u32(armv8
->debug_ap
,
1810 armv8
->debug_base
+ CPUV8_DBG_DSCR
, dscr
);
1817 static int aarch64_read_apb_ap_memory(struct target
*target
,
1818 target_addr_t address
, uint32_t size
,
1819 uint32_t count
, uint8_t *buffer
)
1821 /* read memory through APB-AP */
1822 int retval
= ERROR_COMMAND_SYNTAX_ERROR
;
1823 struct armv8_common
*armv8
= target_to_armv8(target
);
1824 struct arm_dpm
*dpm
= &armv8
->dpm
;
1825 struct arm
*arm
= &armv8
->arm
;
1826 int total_bytes
= count
* size
;
1828 int start_byte
= address
& 0x3;
1829 int end_byte
= (address
+ total_bytes
) & 0x3;
1832 uint8_t *tmp_buff
= NULL
;
1836 if (target
->state
!= TARGET_HALTED
) {
1837 LOG_WARNING("target not halted");
1838 return ERROR_TARGET_NOT_HALTED
;
1841 total_u32
= DIV_ROUND_UP((address
& 3) + total_bytes
, 4);
1842 /* Mark register X0, X1 as dirty, as it will be used
1843 * for transferring the data.
1844 * It will be restored automatically when exiting
1847 reg
= armv8_reg_current(arm
, 1);
1850 reg
= armv8_reg_current(arm
, 0);
1854 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
1855 armv8
->debug_base
+ CPUV8_DBG_DSCR
, &dscr
);
1857 /* This algorithm comes from DDI0487A.g, chapter J9.1 */
1859 /* Set Normal access mode */
1860 dscr
= (dscr
& ~DSCR_MA
);
1861 retval
+= mem_ap_write_atomic_u32(armv8
->debug_ap
,
1862 armv8
->debug_base
+ CPUV8_DBG_DSCR
, dscr
);
1864 if (arm
->core_state
== ARM_STATE_AARCH64
) {
1865 /* Write X0 with value 'address' using write procedure */
1866 /* Step 1.a+b - Write the address for read access into DBGDTR_EL0 */
1867 /* Step 1.c - Copy value from DTR to R0 using instruction mrs DBGDTR_EL0, x0 */
1868 retval
+= dpm
->instr_write_data_dcc_64(dpm
,
1869 ARMV8_MRS(SYSTEM_DBG_DBGDTR_EL0
, 0), address
& ~0x3ULL
);
1870 /* Step 1.d - Dummy operation to ensure EDSCR.Txfull == 1 */
1871 retval
+= dpm
->instr_execute(dpm
, ARMV8_MSR_GP(SYSTEM_DBG_DBGDTR_EL0
, 0));
1872 /* Step 1.e - Change DCC to memory mode */
1873 dscr
= dscr
| DSCR_MA
;
1874 retval
+= mem_ap_write_atomic_u32(armv8
->debug_ap
,
1875 armv8
->debug_base
+ CPUV8_DBG_DSCR
, dscr
);
1876 /* Step 1.f - read DBGDTRTX and discard the value */
1877 retval
+= mem_ap_read_atomic_u32(armv8
->debug_ap
,
1878 armv8
->debug_base
+ CPUV8_DBG_DTRTX
, &value
);
1880 /* Write R0 with value 'address' using write procedure */
1881 /* Step 1.a+b - Write the address for read access into DBGDTRRXint */
1882 /* Step 1.c - Copy value from DTR to R0 using instruction mrc DBGDTRTXint, r0 */
1883 retval
+= dpm
->instr_write_data_dcc(dpm
,
1884 ARMV4_5_MRC(14, 0, 0, 0, 5, 0), address
& ~0x3ULL
);
1885 /* Step 1.d - Dummy operation to ensure EDSCR.Txfull == 1 */
1886 retval
+= dpm
->instr_execute(dpm
, ARMV4_5_MCR(14, 0, 0, 0, 5, 0));
1887 /* Step 1.e - Change DCC to memory mode */
1888 dscr
= dscr
| DSCR_MA
;
1889 retval
+= mem_ap_write_atomic_u32(armv8
->debug_ap
,
1890 armv8
->debug_base
+ CPUV8_DBG_DSCR
, dscr
);
1891 /* Step 1.f - read DBGDTRTX and discard the value */
1892 retval
+= mem_ap_read_atomic_u32(armv8
->debug_ap
,
1893 armv8
->debug_base
+ CPUV8_DBG_DTRTX
, &value
);
1896 if (retval
!= ERROR_OK
)
1897 goto error_unset_dtr_r
;
1899 /* Optimize the read as much as we can, either way we read in a single pass */
1900 if ((start_byte
) || (end_byte
)) {
1901 /* The algorithm only copies 32 bit words, so the buffer
1902 * should be expanded to include the words at either end.
1903 * The first and last words will be read into a temp buffer
1904 * to avoid corruption
1906 tmp_buff
= malloc(total_u32
* 4);
1908 goto error_unset_dtr_r
;
1910 /* use the tmp buffer to read the entire data */
1911 u8buf_ptr
= tmp_buff
;
1913 /* address and read length are aligned so read directly into the passed buffer */
1916 /* Read the data - Each read of the DTRTX register causes the instruction to be reissued
1917 * Abort flags are sticky, so can be read at end of transactions
1919 * This data is read in aligned to 32 bit boundary.
1922 /* Step 2.a - Loop n-1 times, each read of DBGDTRTX reads the data from [X0] and
1923 * increments X0 by 4. */
1924 retval
= mem_ap_read_buf_noincr(armv8
->debug_ap
, u8buf_ptr
, 4, total_u32
-1,
1925 armv8
->debug_base
+ CPUV8_DBG_DTRTX
);
1926 if (retval
!= ERROR_OK
)
1927 goto error_unset_dtr_r
;
1929 /* Step 3.a - set DTR access mode back to Normal mode */
1930 dscr
= (dscr
& ~DSCR_MA
);
1931 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
1932 armv8
->debug_base
+ CPUV8_DBG_DSCR
, dscr
);
1933 if (retval
!= ERROR_OK
)
1934 goto error_free_buff_r
;
1936 /* Step 3.b - read DBGDTRTX for the final value */
1937 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
1938 armv8
->debug_base
+ CPUV8_DBG_DTRTX
, &value
);
1939 memcpy(u8buf_ptr
+ (total_u32
-1) * 4, &value
, 4);
1941 /* Check for sticky abort flags in the DSCR */
1942 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
1943 armv8
->debug_base
+ CPUV8_DBG_DSCR
, &dscr
);
1944 if (retval
!= ERROR_OK
)
1945 goto error_free_buff_r
;
1949 if (dscr
& (DSCR_ERR
| DSCR_SYS_ERROR_PEND
)) {
1950 /* Abort occurred - clear it and exit */
1951 LOG_ERROR("abort occurred - dscr = 0x%08" PRIx32
, dscr
);
1952 armv8_dpm_handle_exception(dpm
);
1953 goto error_free_buff_r
;
1956 /* check if we need to copy aligned data by applying any shift necessary */
1958 memcpy(buffer
, tmp_buff
+ start_byte
, total_bytes
);
1966 /* Unset DTR mode */
1967 mem_ap_read_atomic_u32(armv8
->debug_ap
,
1968 armv8
->debug_base
+ CPUV8_DBG_DSCR
, &dscr
);
1969 dscr
= (dscr
& ~DSCR_MA
);
1970 mem_ap_write_atomic_u32(armv8
->debug_ap
,
1971 armv8
->debug_base
+ CPUV8_DBG_DSCR
, dscr
);
1978 static int aarch64_read_phys_memory(struct target
*target
,
1979 target_addr_t address
, uint32_t size
,
1980 uint32_t count
, uint8_t *buffer
)
1982 int retval
= ERROR_COMMAND_SYNTAX_ERROR
;
1984 if (count
&& buffer
) {
1985 /* read memory through APB-AP */
1986 retval
= aarch64_mmu_modify(target
, 0);
1987 if (retval
!= ERROR_OK
)
1989 retval
= aarch64_read_apb_ap_memory(target
, address
, size
, count
, buffer
);
1994 static int aarch64_read_memory(struct target
*target
, target_addr_t address
,
1995 uint32_t size
, uint32_t count
, uint8_t *buffer
)
1997 int mmu_enabled
= 0;
2000 /* determine if MMU was enabled on target stop */
2001 retval
= aarch64_mmu(target
, &mmu_enabled
);
2002 if (retval
!= ERROR_OK
)
2006 /* enable MMU as we could have disabled it for phys access */
2007 retval
= aarch64_mmu_modify(target
, 1);
2008 if (retval
!= ERROR_OK
)
2011 return aarch64_read_apb_ap_memory(target
, address
, size
, count
, buffer
);
2014 static int aarch64_write_phys_memory(struct target
*target
,
2015 target_addr_t address
, uint32_t size
,
2016 uint32_t count
, const uint8_t *buffer
)
2018 int retval
= ERROR_COMMAND_SYNTAX_ERROR
;
2020 if (count
&& buffer
) {
2021 /* write memory through APB-AP */
2022 retval
= aarch64_mmu_modify(target
, 0);
2023 if (retval
!= ERROR_OK
)
2025 return aarch64_write_apb_ap_memory(target
, address
, size
, count
, buffer
);
2031 static int aarch64_write_memory(struct target
*target
, target_addr_t address
,
2032 uint32_t size
, uint32_t count
, const uint8_t *buffer
)
2034 int mmu_enabled
= 0;
2037 /* determine if MMU was enabled on target stop */
2038 retval
= aarch64_mmu(target
, &mmu_enabled
);
2039 if (retval
!= ERROR_OK
)
2043 /* enable MMU as we could have disabled it for phys access */
2044 retval
= aarch64_mmu_modify(target
, 1);
2045 if (retval
!= ERROR_OK
)
2048 return aarch64_write_apb_ap_memory(target
, address
, size
, count
, buffer
);
2051 static int aarch64_handle_target_request(void *priv
)
2053 struct target
*target
= priv
;
2054 struct armv8_common
*armv8
= target_to_armv8(target
);
2057 if (!target_was_examined(target
))
2059 if (!target
->dbg_msg_enabled
)
2062 if (target
->state
== TARGET_RUNNING
) {
2065 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
2066 armv8
->debug_base
+ CPUV8_DBG_DSCR
, &dscr
);
2068 /* check if we have data */
2069 while ((dscr
& DSCR_DTR_TX_FULL
) && (retval
== ERROR_OK
)) {
2070 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
2071 armv8
->debug_base
+ CPUV8_DBG_DTRTX
, &request
);
2072 if (retval
== ERROR_OK
) {
2073 target_request(target
, request
);
2074 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
2075 armv8
->debug_base
+ CPUV8_DBG_DSCR
, &dscr
);
2083 static int aarch64_examine_first(struct target
*target
)
2085 struct aarch64_common
*aarch64
= target_to_aarch64(target
);
2086 struct armv8_common
*armv8
= &aarch64
->armv8_common
;
2087 struct adiv5_dap
*swjdp
= armv8
->arm
.dap
;
2090 int retval
= ERROR_OK
;
2091 uint64_t debug
, ttypr
;
2093 uint32_t tmp0
, tmp1
;
2094 debug
= ttypr
= cpuid
= 0;
2096 retval
= dap_dp_init(swjdp
);
2097 if (retval
!= ERROR_OK
)
2100 /* Search for the APB-AB - it is needed for access to debug registers */
2101 retval
= dap_find_ap(swjdp
, AP_TYPE_APB_AP
, &armv8
->debug_ap
);
2102 if (retval
!= ERROR_OK
) {
2103 LOG_ERROR("Could not find APB-AP for debug access");
2107 retval
= mem_ap_init(armv8
->debug_ap
);
2108 if (retval
!= ERROR_OK
) {
2109 LOG_ERROR("Could not initialize the APB-AP");
2113 armv8
->debug_ap
->memaccess_tck
= 10;
2115 if (!target
->dbgbase_set
) {
2117 /* Get ROM Table base */
2119 int32_t coreidx
= target
->coreid
;
2120 retval
= dap_get_debugbase(armv8
->debug_ap
, &dbgbase
, &apid
);
2121 if (retval
!= ERROR_OK
)
2123 /* Lookup 0x15 -- Processor DAP */
2124 retval
= dap_lookup_cs_component(armv8
->debug_ap
, dbgbase
, 0x15,
2125 &armv8
->debug_base
, &coreidx
);
2126 if (retval
!= ERROR_OK
)
2128 LOG_DEBUG("Detected core %" PRId32
" dbgbase: %08" PRIx32
2129 " apid: %08" PRIx32
, coreidx
, armv8
->debug_base
, apid
);
2131 armv8
->debug_base
= target
->dbgbase
;
2134 int64_t then
= timeval_ms();
2136 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
2137 armv8
->debug_base
+ CPUV8_DBG_PRSR
, &prsr
);
2138 if (retval
== ERROR_OK
) {
2139 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
2140 armv8
->debug_base
+ CPUV8_DBG_PRCR
, PRCR_COREPURQ
|PRCR_CORENPDRQ
);
2141 if (retval
!= ERROR_OK
) {
2142 LOG_DEBUG("write to PRCR failed");
2147 if (timeval_ms() > then
+ 1000) {
2148 retval
= ERROR_TARGET_TIMEOUT
;
2152 } while ((prsr
& PRSR_PU
) == 0);
2154 if (retval
!= ERROR_OK
) {
2155 LOG_ERROR("target %s: failed to set power state of the core.", target_name(target
));
2159 retval
= mem_ap_write_atomic_u32(armv8
->debug_ap
,
2160 armv8
->debug_base
+ CPUV8_DBG_OSLAR
, 0);
2161 if (retval
!= ERROR_OK
) {
2162 LOG_DEBUG("Examine %s failed", "oslock");
2166 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
2167 armv8
->debug_base
+ CPUV8_DBG_MAINID0
, &cpuid
);
2168 if (retval
!= ERROR_OK
) {
2169 LOG_DEBUG("Examine %s failed", "CPUID");
2173 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
2174 armv8
->debug_base
+ CPUV8_DBG_MEMFEATURE0
, &tmp0
);
2175 retval
+= mem_ap_read_atomic_u32(armv8
->debug_ap
,
2176 armv8
->debug_base
+ CPUV8_DBG_MEMFEATURE0
+ 4, &tmp1
);
2177 if (retval
!= ERROR_OK
) {
2178 LOG_DEBUG("Examine %s failed", "Memory Model Type");
2182 ttypr
= (ttypr
<< 32) | tmp0
;
2184 retval
= mem_ap_read_atomic_u32(armv8
->debug_ap
,
2185 armv8
->debug_base
+ CPUV8_DBG_DBGFEATURE0
, &tmp0
);
2186 retval
+= mem_ap_read_atomic_u32(armv8
->debug_ap
,
2187 armv8
->debug_base
+ CPUV8_DBG_DBGFEATURE0
+ 4, &tmp1
);
2188 if (retval
!= ERROR_OK
) {
2189 LOG_DEBUG("Examine %s failed", "ID_AA64DFR0_EL1");
2193 debug
= (debug
<< 32) | tmp0
;
2195 LOG_DEBUG("cpuid = 0x%08" PRIx32
, cpuid
);
2196 LOG_DEBUG("ttypr = 0x%08" PRIx64
, ttypr
);
2197 LOG_DEBUG("debug = 0x%08" PRIx64
, debug
);
2199 if (target
->ctibase
== 0) {
2200 /* assume a v8 rom table layout */
2201 cti_base
= armv8
->debug_base
+ 0x10000;
2202 LOG_INFO("Target ctibase is not set, assuming 0x%0" PRIx32
, cti_base
);
2204 cti_base
= target
->ctibase
;
2206 armv8
->cti
= arm_cti_create(armv8
->debug_ap
, cti_base
);
2207 if (armv8
->cti
== NULL
)
2210 retval
= aarch64_dpm_setup(aarch64
, debug
);
2211 if (retval
!= ERROR_OK
)
2214 /* Setup Breakpoint Register Pairs */
2215 aarch64
->brp_num
= (uint32_t)((debug
>> 12) & 0x0F) + 1;
2216 aarch64
->brp_num_context
= (uint32_t)((debug
>> 28) & 0x0F) + 1;
2217 aarch64
->brp_num_available
= aarch64
->brp_num
;
2218 aarch64
->brp_list
= calloc(aarch64
->brp_num
, sizeof(struct aarch64_brp
));
2219 for (i
= 0; i
< aarch64
->brp_num
; i
++) {
2220 aarch64
->brp_list
[i
].used
= 0;
2221 if (i
< (aarch64
->brp_num
-aarch64
->brp_num_context
))
2222 aarch64
->brp_list
[i
].type
= BRP_NORMAL
;
2224 aarch64
->brp_list
[i
].type
= BRP_CONTEXT
;
2225 aarch64
->brp_list
[i
].value
= 0;
2226 aarch64
->brp_list
[i
].control
= 0;
2227 aarch64
->brp_list
[i
].BRPn
= i
;
2230 LOG_DEBUG("Configured %i hw breakpoints", aarch64
->brp_num
);
2232 target
->state
= TARGET_RUNNING
;
2233 target
->debug_reason
= DBG_REASON_NOTHALTED
;
2235 target_set_examined(target
);
2239 static int aarch64_examine(struct target
*target
)
2241 int retval
= ERROR_OK
;
2243 /* don't re-probe hardware after each reset */
2244 if (!target_was_examined(target
))
2245 retval
= aarch64_examine_first(target
);
2247 /* Configure core debug access */
2248 if (retval
== ERROR_OK
)
2249 retval
= aarch64_init_debug_access(target
);
2255 * Cortex-A8 target creation and initialization
2258 static int aarch64_init_target(struct command_context
*cmd_ctx
,
2259 struct target
*target
)
2261 /* examine_first() does a bunch of this */
2265 static int aarch64_init_arch_info(struct target
*target
,
2266 struct aarch64_common
*aarch64
, struct jtag_tap
*tap
)
2268 struct armv8_common
*armv8
= &aarch64
->armv8_common
;
2270 /* Setup struct aarch64_common */
2271 aarch64
->common_magic
= AARCH64_COMMON_MAGIC
;
2272 /* tap has no dap initialized */
2274 tap
->dap
= dap_init();
2275 tap
->dap
->tap
= tap
;
2277 armv8
->arm
.dap
= tap
->dap
;
2279 /* register arch-specific functions */
2280 armv8
->examine_debug_reason
= NULL
;
2281 armv8
->post_debug_entry
= aarch64_post_debug_entry
;
2282 armv8
->pre_restore_context
= NULL
;
2283 armv8
->armv8_mmu
.read_physical_memory
= aarch64_read_phys_memory
;
2285 armv8_init_arch_info(target
, armv8
);
2286 target_register_timer_callback(aarch64_handle_target_request
, 1, 1, target
);
2291 static int aarch64_target_create(struct target
*target
, Jim_Interp
*interp
)
2293 struct aarch64_common
*aarch64
= calloc(1, sizeof(struct aarch64_common
));
2295 return aarch64_init_arch_info(target
, aarch64
, target
->tap
);
2298 static int aarch64_mmu(struct target
*target
, int *enabled
)
2300 if (target
->state
!= TARGET_HALTED
) {
2301 LOG_ERROR("%s: target %s not halted", __func__
, target_name(target
));
2302 return ERROR_TARGET_INVALID
;
2305 *enabled
= target_to_aarch64(target
)->armv8_common
.armv8_mmu
.mmu_enabled
;
2309 static int aarch64_virt2phys(struct target
*target
, target_addr_t virt
,
2310 target_addr_t
*phys
)
2312 return armv8_mmu_translate_va_pa(target
, virt
, phys
, 1);
2315 COMMAND_HANDLER(aarch64_handle_cache_info_command
)
2317 struct target
*target
= get_current_target(CMD_CTX
);
2318 struct armv8_common
*armv8
= target_to_armv8(target
);
2320 return armv8_handle_cache_info_command(CMD_CTX
,
2321 &armv8
->armv8_mmu
.armv8_cache
);
2325 COMMAND_HANDLER(aarch64_handle_dbginit_command
)
2327 struct target
*target
= get_current_target(CMD_CTX
);
2328 if (!target_was_examined(target
)) {
2329 LOG_ERROR("target not examined yet");
2333 return aarch64_init_debug_access(target
);
2335 COMMAND_HANDLER(aarch64_handle_smp_off_command
)
2337 struct target
*target
= get_current_target(CMD_CTX
);
2338 /* check target is an smp target */
2339 struct target_list
*head
;
2340 struct target
*curr
;
2341 head
= target
->head
;
2343 if (head
!= (struct target_list
*)NULL
) {
2344 while (head
!= (struct target_list
*)NULL
) {
2345 curr
= head
->target
;
2349 /* fixes the target display to the debugger */
2350 target
->gdb_service
->target
= target
;
2355 COMMAND_HANDLER(aarch64_handle_smp_on_command
)
2357 struct target
*target
= get_current_target(CMD_CTX
);
2358 struct target_list
*head
;
2359 struct target
*curr
;
2360 head
= target
->head
;
2361 if (head
!= (struct target_list
*)NULL
) {
2363 while (head
!= (struct target_list
*)NULL
) {
2364 curr
= head
->target
;
2372 static const struct command_registration aarch64_exec_command_handlers
[] = {
2374 .name
= "cache_info",
2375 .handler
= aarch64_handle_cache_info_command
,
2376 .mode
= COMMAND_EXEC
,
2377 .help
= "display information about target caches",
2382 .handler
= aarch64_handle_dbginit_command
,
2383 .mode
= COMMAND_EXEC
,
2384 .help
= "Initialize core debug",
2387 { .name
= "smp_off",
2388 .handler
= aarch64_handle_smp_off_command
,
2389 .mode
= COMMAND_EXEC
,
2390 .help
= "Stop smp handling",
2395 .handler
= aarch64_handle_smp_on_command
,
2396 .mode
= COMMAND_EXEC
,
2397 .help
= "Restart smp handling",
2401 COMMAND_REGISTRATION_DONE
2403 static const struct command_registration aarch64_command_handlers
[] = {
2405 .chain
= armv8_command_handlers
,
2409 .mode
= COMMAND_ANY
,
2410 .help
= "Aarch64 command group",
2412 .chain
= aarch64_exec_command_handlers
,
2414 COMMAND_REGISTRATION_DONE
2417 struct target_type aarch64_target
= {
2420 .poll
= aarch64_poll
,
2421 .arch_state
= armv8_arch_state
,
2423 .halt
= aarch64_halt
,
2424 .resume
= aarch64_resume
,
2425 .step
= aarch64_step
,
2427 .assert_reset
= aarch64_assert_reset
,
2428 .deassert_reset
= aarch64_deassert_reset
,
2430 /* REVISIT allow exporting VFP3 registers ... */
2431 .get_gdb_reg_list
= armv8_get_gdb_reg_list
,
2433 .read_memory
= aarch64_read_memory
,
2434 .write_memory
= aarch64_write_memory
,
2436 .add_breakpoint
= aarch64_add_breakpoint
,
2437 .add_context_breakpoint
= aarch64_add_context_breakpoint
,
2438 .add_hybrid_breakpoint
= aarch64_add_hybrid_breakpoint
,
2439 .remove_breakpoint
= aarch64_remove_breakpoint
,
2440 .add_watchpoint
= NULL
,
2441 .remove_watchpoint
= NULL
,
2443 .commands
= aarch64_command_handlers
,
2444 .target_create
= aarch64_target_create
,
2445 .init_target
= aarch64_init_target
,
2446 .examine
= aarch64_examine
,
2448 .read_phys_memory
= aarch64_read_phys_memory
,
2449 .write_phys_memory
= aarch64_write_phys_memory
,
2451 .virt2phys
= aarch64_virt2phys
,
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)